Permissive Example

Here is reasonably permissive example of claude configuration (/.claude/settings.local.json).

It is of course not as safe as having separate docker image setup.

{
  "permissions": {
    "allow": [
      "Read(*)",
      "Search(*)",
      "Edit(*)",
      "Write(*)",
      "MultiEdit(*)",
      "WebSearch(*)",
      "Bash(ls:*)",
      "Bash(rm:*)",
      "Bash(find:*)",
      "Bash(pwd:*)",
      "Bash(cd:*)",
      "Bash(tree:*)",
      "Bash(mkdir:*)",
      "Bash(touch:*)",
      "Bash(rmdir:*)",
      "Bash(mv:*)",
      "Bash(cp:*)",
      "Bash(cat:*)",
      "Bash(head:*)",
      "Bash(tail:*)",
      "Bash(less:*)",
      "Bash(grep:*)",
      "Bash(rg:*)",
      "Bash(sed:*)",
      "Bash(awk:*)",
      "Bash(sort:*)",
      "Bash(uniq:*)",
      "Bash(wc:*)",
      "Bash(jq:*)",
      "Bash(yq:*)",
      "Bash(diff:*)",
      "Bash(patch:*)",
      "Bash(git:*)",
      "Bash(make:*)",
      "Bash(cmake:*)",
      "Bash(./gradlew:*)",
      "Bash(mvn:*)",
      "Bash(npm:*)",
      "Bash(npx:*)",
      "Bash(yarn:*)",
      "Bash(pnpm:*)",
      "Bash(pip:*)",
      "Bash(pip3:*)",
      "Bash(python:*)",
      "Bash(python3:*)",
      "Bash(poetry:*)",
      "Bash(rye:*)",
      "Bash(cargo:*)",
      "Bash(go:*)",
      "Bash(dotnet:*)",
      "Bash(tar:*)",
      "Bash(zip:*)",
      "Bash(unzip:*)",
      "Bash(gzip:*)",
      "Bash(gunzip:*)",
      "Bash(curl:*)",
      "Bash(wget:*)",
      "Bash(docker:*)",
      "Bash(docker-compose:*)",
      "Bash(terraform:*)",
      "Bash(echo:*)",
      "Bash(env:*)",
      "Bash(which:*)",
      "Bash(whoami:*)",
      "Bash(uname:*)",
      "Bash(test:*)"
    ],
    "deny": []
  }
}

Notice that the claude defined tool config like "Read(*)", have explicit * added to them as Without Star Default Tools Are Unsafe.