Permission auto-approve should separate read/write/delete operations

Open 💬 4 comments Opened Jun 18, 2026 by ndrone-winsupply

Problem

When Claude Code prompts for tool permission approval, the "always allow" option uses a wildcard that doesn't distinguish between read and write operations.

Example: Running git branch --show-current (a read-only command) offers git * as the auto-approve option. Accepting that would also auto-approve destructive commands like git push --force, git reset --hard, git clean -f, etc.

This makes the auto-approve option unusable for safety-conscious users — you have to deny every time because the granularity is too coarse.

Expected Behavior

The auto-approve options should separate by operation type. For example:

  • Read-only git: git branch *, git log *, git diff *, git status *, git rev-parse *, git show *
  • Write git: git add *, git commit *, git push *
  • Destructive git: git reset --hard *, git push --force *, git clean -f *, git branch -D *

This way users can auto-approve read operations without inadvertently allowing destructive ones.

Impact

Users who care about safety end up denying most auto-approve prompts, adding friction to every session. The current wildcard grouping defeats the purpose of having granular permissions.

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗