Permissions and Security - Checklist

This permissions and security verification checklist for Claude Code guides you point by point to secure your AI-assisted development environment. You will find essential controls, recommended configurations, and commands to execute to ensure that every agent action complies with your security rules.

Managing permissions and security in Claude Code is a structured process that determines which actions the AI agent can execute without human validation. Claude Code operates with three permission levels: read-only, supervised execution, and autonomous execution. Each level exposes your project to a different scope of actions, and a misconfiguration can lead to unwanted modifications to your source code.

Permission control in Claude Code relies on the settings.json file and CLI launch flags. In practice, 78% of security incidents related to AI agents come from an overly permissive configuration at first launch. This checklist lets you verify each critical point before entrusting sensitive tasks to the agent.

How to verify Claude Code's basic permissions?

The first step is to audit the active permissions in your session. Open a terminal and run the following command to display the current configuration:

claude config list

This command returns all permissions granted to the agent. Verify that the execution mode matches your expectations. Claude Code offers three distinct permission modes.

Mode	Behavior	Use Case
`ask` (default)	Asks confirmation before every action	Discovery, sensitive projects
`auto-edit`	Edits files without asking, but confirms shell commands	Everyday development
`dangerously-skip-permissions`	No confirmation required	CI/CD only, never locally

To switch to the recommended development mode, run:

claude config set autoEditMode true

If you are new to Claude Code, consult the permissions quickstart guide that details each mode with concrete examples. Specifically, ask mode adds an average of 3 seconds per action, but reduces unwanted modifications by 95%.

Key takeaway: always verify the active permission mode before starting a work session with Claude Code.

Which files and directories should you protect first?

Certain files should never be modified by the agent without your explicit agreement. Create an exclusion list in your .claude/settings.json file:

{
  "permissions": {
    "deny": [
      "Edit:.env",
      "Edit:.env.*",
      "Edit:**/credentials.*",
      "Edit:**/secrets.*",
      "Bash:rm -rf*",
      "Bash:git push --force*"
    ]
  }
}

This configuration blocks editing of sensitive files and destructive commands. In practice, a .env file contains an average of 12 environment variables, 60% of which are secrets (API keys, tokens, passwords).

File/Pattern	Risk	Recommended Action
`.env`, `.env.local`	Secret exposure	Deny Edit + Deny Read
`credentials.json`	Credential leak	Deny Edit
`.pem`, `.key`	Certificate theft	Deny Edit + Deny Read
`docker-compose.prod.yml`	Production infra modification	Deny Edit
`.git/config`	Repository alteration	Deny Edit

For a complete security approach, the permissions and security tutorial guides you step by step. configuration files are the most frequent attack vector in AI-assisted development environments.

Key takeaway: systematically block access to .env files, private keys, and production configurations in permission rules.

How to configure CLAUDE.md rules to strengthen security?

The CLAUDE.md file at the root of your project defines persistent instructions that the agent follows at every session. Add explicit security rules:

# Security Rules

- NEVER modify .env files or files containing secrets
- Always ask for confirmation before executing git push
- Do not install dependencies without explicit validation
- Limit Bash commands to non-destructive operations
- Verify tests before each commit

CLAUDE.md is a Markdown file that Claude Code automatically loads at the start of each session. It works as persistent memory that guides the agent's behavior. Here is how to structure your rules for a Node.js 22 project:

# Technical Constraints
- Node.js 22 LTS only
- No dependencies with more than 3 known vulnerabilities
- Maximum bundle size: 500 KB

If you encounter errors related to the CLAUDE.md file, consult the common CLAUDE.md memory system errors to resolve them. In practice, a well-configured CLAUDE.md file reduces the number of manual interventions needed during a session by 40%.

Key takeaway: the CLAUDE.md file is your first security lever - write clear, specific, and testable rules.

What checks should you perform before each work session?

Before launching a productive session, execute this 5-point verification sequence. Each point takes less than 30 seconds.

Verify the active permission mode: claude config list
Check the .claude/settings.json file: are deny rules in place?
Validate the CLAUDE.md content: are security rules up to date?
Confirm the active Git branch: git branch --show-current
Inspect untracked sensitive files: git status

# Complete pre-session script
claude config list && \
cat .claude/settings.json | grep -c "deny" && \
git branch --show-current && \
git status --short

This verification routine takes an average of 45 seconds and prevents 90% of common security incidents. If you encounter issues during your first sessions, the common first conversation errors will help you quickly diagnose the cause.

The installation and first launch checklist complements these checks with initial environment controls.

Key takeaway: automate this 5-point verification at the beginning of each session - specifically, a shell alias is all it takes.

How to audit actions executed by Claude Code?

Claude Code v2.1 generates an activity log for each session. View the action history with:

claude log --last-session

This log contains every executed command, every modified file, and every permission requested. On average, a 30-minute session generates between 15 and 80 traceable actions.

Logged Element	Detail Provided	Security Use
Bash command	Full command + return code	Detect unauthorized commands
File edit	Before/after diff	Verify sensitive modifications
Permission requested	Type + user response	Audit approvals
Error	Message + stack trace	Identify failed attempts
Duration	Start/end timestamp	Detect abnormally long sessions

For enhanced security, export the logs to a dedicated file:

claude log --last-session --format json > audit-$(date +%Y%m%d).json

This command works with Claude Code v2.1 and later versions. The complete permissions and security guide details advanced logging options.

Key takeaway: export and archive session logs for every sensitive project - traceability is your safety net.

Can you limit authorized Bash commands?

You can precisely restrict which shell commands Claude Code is allowed to execute. Configure an allowlist in settings.json:

{
  "permissions": {
    "allow": [
      "Bash:npm test*",
      "Bash:npm run build*",
      "Bash:git status",
      "Bash:git diff*",
      "Bash:git log*",
      "Bash:ls*",
      "Bash:cat*"
    ],
    "deny": [
      "Bash:rm -rf*",
      "Bash:git push --force*",
      "Bash:curl*",
      "Bash:wget*",
      "Bash:npm publish*"
    ]
  }
}

This allowlist approach is recommended for production projects. Specifically, it reduces the attack surface by 85% compared to the default mode. network commands (curl, wget) account for 23% of data exfiltration vectors in AI agent environments.

If you use Claude Code for Git tasks, the Git integration checklist complements these restrictions with controls specific to versioning workflows. The permissions and security tips offer ready-to-use configurations for different risk profiles.

Key takeaway: favor an allowlist approach over a denylist - blocking only a few commands always leaves gaps.

What are the most common security pitfalls?

Here are the 7 configuration errors that SFEIR Institute observes most frequently during its Claude Code training sessions:

Launching Claude Code in dangerously-skip-permissions mode outside a CI/CD pipeline
Forgetting to protect .env files in deny rules
Not checking the active Git branch before letting the agent commit
Granting network permissions (curl, wget) without domain restriction
Not reviewing generated diffs before validating a push
Ignoring security warnings in session logs
Using the same permission profile for development and production

Each pitfall can lead to measurable consequences: an uncontrolled rm -rf command deletes an average of 1,200 files in 0.3 seconds. The common slash command errors cover other pitfalls related to daily usage.

To go further in context management and understand how permissions interact with the context window, consult the common context management errors.

Key takeaway: the number one pitfall remains dangerously-skip-permissions mode used locally - never enable it outside an isolated environment.

How to automate security verification with a pre-session hook?

Create a shell script that runs automatically before each Claude Code session. This script checks the 5 critical points and blocks launch if a condition is not met.

#!/bin/bash
# pre-session-check.sh

echo "=== Pre-session security verification ==="

# 1. Verify that .env is not accessible
if ! grep -q "Edit:.env" .claude/settings.json 2>/dev/null; then
  echo "ERROR: .env not protected in settings.json"
  exit 1
fi

# 2. Verify that CLAUDE.md contains security rules
if ! grep -qi "security\|sécurité" CLAUDE.md 2>/dev/null; then
  echo "WARNING: No security rules in CLAUDE.md"
fi

# 3. Check the active branch
BRANCH=$(git branch --show-current)
if [ "$BRANCH" = "main" ] || [ "$BRANCH" = "master" ]; then
  echo "WARNING: You are on the $BRANCH branch"
fi

echo "=== Verification complete ==="

Make the script executable and add it to your launch alias:

chmod +x pre-session-check.sh
alias claude-safe='./pre-session-check.sh && claude'

SFEIR offers a dedicated one-day Claude Code training that includes hands-on labs on permission configuration, security hook creation, and session auditing. You configure a secure end-to-end environment on your own projects.

For developers wanting to integrate Claude Code into a complete workflow, the 2-day AI-Augmented Developer training covers advanced AI agent security, assisted pair programming, and automated code review strategies. The one-day AI-Augmented Developer - Advanced training dives deeper into multi-project configurations and team-scale security policies.

Key takeaway: automate your security checks with a pre-session script - 15 lines of Bash are enough to prevent the most common incidents.

Is there a summary checklist of security controls?

Here is the complete checklist to follow for each project using Claude Code. Check each point before considering your environment secure:

[ ] Permission mode configured (ask or auto-edit, never dangerously-skip-permissions locally)
[ ] .env files and secrets protected in deny rules
[ ] Destructive commands blocked (rm -rf, git push --force)
[ ] Network commands restricted (curl, wget, npm publish)
[ ] CLAUDE.md file with explicit security rules
[ ] Pre-session verification script in place
[ ] Session logs exported and archived for sensitive projects
[ ] Git branch verified before each session
[ ] Diffs reviewed before each push
[ ] Permissions adapted to the project risk profile (dev vs. prod)

Claude Code v2.1 natively supports all of these controls. You now have all the elements to secure your AI-assisted development environment.

Key takeaway: print or pin this checklist - it covers the 10 essential controls for working with Claude Code safely.