Permissions
npx machina-cli add skill oprogramadorreal/optimus-claude/permissions --openclawOptimus Permissions
Configure safe permission rules and a path-restriction hook so Claude Code agents can work autonomously inside the project without constant permission prompts, while blocking destructive operations outside the project.
Security Model
| Operation | Inside Project | Outside Project |
|---|---|---|
| Read/Search | Allow | Allow |
| Write/Edit | Allow | Ask user |
| Delete (rm/rmdir) | Allow | BLOCKED |
Step 1: Detect Existing Configuration
- Check if
.claude/settings.jsonexists. If so, read its full content — it will be preserved during merge. - Check if
.claude/hooks/restrict-paths.sh(orrestrict-paths.*) already exists. If so, skip hook installation in Step 3. - Check if
.mcp.jsonexists at the project root. If so, extract all MCP server names (top-level keys) for Step 4.
Print a brief detection summary to the user: what exists, what will be created/updated.
Step 2: Create Directory Structure
mkdir -p .claude/hooks
Step 3: Install Path-Restriction Hook
Skip if .claude/hooks/restrict-paths.* already exists.
Copy the hook template to the project:
- Source:
$CLAUDE_PLUGIN_ROOT/skills/permissions/templates/hooks/restrict-paths.sh - Destination:
.claude/hooks/restrict-paths.sh
Copy the file contents exactly — do not modify the template.
Step 4: Create or Update settings.json
Use the template from $CLAUDE_PLUGIN_ROOT/skills/permissions/templates/settings.json as the base configuration.
If .claude/settings.json does NOT exist
Create it from the template. If .mcp.json was found in Step 1, add mcp__<server-name> entries to the permissions.allow list for each server.
If .claude/settings.json already exists
Merge the template into the existing file:
- permissions.allow — add any entries from the template that are not already present. If
.mcp.jsonwas found, also addmcp__<server-name>entries. Never remove existing entries. - permissions.deny — add any entries from the template that are not already present. Never remove existing entries.
- hooks.PreToolUse — add the hook entry from the template. If a PreToolUse array already exists, append to it (avoid duplicates if an entry already references
restrict-paths.sh). - Preserve everything else — existing
hooks.PostToolUse, custom sections, and any other configuration must remain untouched.
Merge principles
- Never remove existing allow/deny entries or hooks
- Never overwrite the file — read, merge, write
- The result must be valid JSON
Step 5: Verify and Report
Run through this checklist. Fix any issues before reporting.
.claude/hooks/restrict-paths.shexists and contains the hook logic.claude/settings.jsonexists and contains:permissions.allowwith at least the 13 tool entries from the templatepermissions.denywith at least the 27 deny patterns from the templatehooks.PreToolUsewith an entry referencingrestrict-paths.sh
- If the file had existing PostToolUse hooks or other content, verify it is preserved
Report to the user:
- Files created or updated
- Number of tools in the allow list, number of deny patterns
- If MCP servers were detected, list them
- Brief security model reminder: writes outside project will prompt, deletes outside project are blocked, reads are unrestricted
- Trust model reminder: commands not on the deny list will execute without prompts inside the project (database operations, file deletions, network requests, etc.). See the skill's README for the full trust model
- Mention opt-in unversioned file protection: set
OPTIMUS_PROTECT_UNVERSIONED=1to prompt before modifying unversioned files
Source
git clone https://github.com/oprogramadorreal/optimus-claude/blob/master/skills/permissions/SKILL.mdView on GitHub Overview
Configure safe permission rules and a path-restriction hook so Claude Code agents can work autonomously inside the project without constant prompts, while blocking destructive operations outside the project. It creates or updates .claude/settings.json with allow/deny entries and installs the restrict-paths hook to enforce path restrictions.
How This Skill Works
The skill detects existing configuration, creates the .claude/hooks directory, installs the path-restriction hook from the template, and then creates or merges .claude/settings.json with the allow and deny lists. If an MCP file exists, it adds mcp__server-name entries to the allow list; the process preserves existing configuration and never removes user entries.
When to Use It
- When you want autonomous Claude Code actions restricted to the project
- To prevent destructive writes and deletes outside the project
- When updating an existing project with a preexisting settings.json
- When you want to install or update the path-restriction hook
- When MCP servers are present and should be allowed via mcp__<server> entries
Quick Start
- Step 1: Detect existing configuration (.claude/settings.json, .claude/hooks/restrict-paths.sh, and .mcp.json if present)
- Step 2: Create directory and install hook: mkdir -p .claude/hooks; copy template from $CLAUDE_PLUGIN_ROOT/skills/permissions/templates/hooks/restrict-paths.sh to .claude/hooks/restrict-paths.sh
- Step 3: Create or merge .claude/settings.json from the template and verify the merge (including any mcp__ entries) and the hook reference
Best Practices
- Back up existing settings.json before merging
- Review the template allow/deny lists and tailor them to your project
- Validate JSON after merge to ensure syntax correctness
- Verify .claude/hooks/restrict-paths.sh is present and executable
- Test with harmless operations inside the project before enabling broader automation
Example Use Cases
- Fresh project: no prior config, results in new .claude/settings.json and hook installation
- Merging with existing settings.json preserves user customizations while adding new entries
- Detects .mcp.json and adds mcp__server-name entries to the allow list
- Hook file is copied from the template to .claude/hooks/restrict-paths.sh
- Post-merge report lists created/updated files and the number of allowed tools
