Feature Suggestion: Enhance `/permissions` UI for Better Clarity and Granularity

Resolved 💬 3 comments Opened Aug 11, 2025 by coygeek Closed Jan 3, 2026

Title: Feature Suggestion: Enhance /permissions UI for Better Clarity and Granularity

Is this a BUG REPORT or a FEATURE REQUEST?
Feature Request

Description

First off, thank you for the new /permissions interface in v1.0.72! Consolidating allow, deny, and workspace rules into a single command is a great step forward. The tabbed UI is a clean representation of the underlying settings.json configuration.

However, after using it, I believe there's an opportunity to make the UI significantly clearer and more powerful, especially for users who are new to the feature or have complex permission setups.

Currently, the UI lists the tool category (e.g., Bash, Edit) but not the specific rule that applies to it. For example, my allow list shows Bash, but I have to remember or check my settings.json to know if that means Bash(*) or a more specific rule like Bash(npm run test:*). This lack of at-a-glance detail can make it difficult to quickly verify or debug permission configurations directly from the terminal.

Proposed Solution

I propose enhancing the /permissions UI to provide more granular detail and context about the active rules. Here are a few suggestions:

1. Display Full Permission Rules Instead of Just Categories

Instead of just showing the tool name, display the full glob/pattern from the settings file. This would provide immediate clarity.

_Current UI (Allow Tab):_

> 2. Bash
> 3. Edit

_Proposed UI (Allow Tab):_

> 2. Bash(*)
> 3. Edit(src/**/*.ts)
> 4. WebFetch(domain:example.com)

2. Indicate the Source of Each Permission Rule

It would be immensely helpful to know which configuration file a rule is coming from. This is crucial for debugging when settings are defined at multiple levels (user, project, enterprise). A simple tag next to each rule would be perfect.

_Proposed UI with Source Tags:_

❯ 1. Add a new rule…
  2. Bash(*)                              [user]
  3. Edit(docs/**)                        [project]
  4. WebFetch(domain:*.internal.com)      [enterprise]
  5. Read(secrets/**)                     [project]

3. Improve "Empty State" Text

When a tab like Deny is empty, the UI is very sparse. A more descriptive message would improve usability.

_Current UI (Deny Tab):_

❯ 1. Add a new rule…

_Proposed UI (Deny Tab):_

No tools are currently denied.
Add a rule to explicitly block tools or file paths.

❯ 1. Add a new rule…

4. (Advanced) Add a "Test Permission" or "Effective Permissions" View

As a more advanced feature, consider adding a fourth tab or a sub-command like /permissions test <command> that allows a user to see the effective permission for a specific action, taking into account the entire settings hierarchy.

_Example Usage:_
> /permissions test 'rm -rf /'

_Example Output:_

Tool Call: Bash(rm -rf /)
Effective Permission: DENIED
Reason: Matches deny rule 'Bash(rm*)' from [project] settings, which overrides allow rule 'Bash(*)' from [user] settings.

Why is this feature important?

  • Clarity: Users can see their exact permission setup without having to open settings.json files.
  • Debuggability: It becomes much easier to diagnose why a tool is being allowed or denied, especially with rule source indicators.
  • Security: Enhanced visibility empowers users and administrators to build and audit more robust security policies confidently.
  • Usability: Reduces the learning curve for one of Claude Code's most critical features.

Thank you for considering these suggestions and for all the work you do on this fantastic tool

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗