For full text search please use the '?' prefix. e.g. ? Onboarding

Without Star Default Tools Are Unsafe

Let's say we have the following permissions in /usr/local/workplace/project1/.claude/settings.local.json, for Claude Default Tools

{
  "permissions": {
    "allow": [
      "Read",
      "Search",
      "Edit",
      "Write"
    ]
  }
}

And we try to ask claude to create file outside our project

PWD: /usr/local/workplace/project1 (with above settings)

Prompt claude

create file /usr/local/workplace/another-project/hi-from-claude.txt that has content "hello from claude"
Result: Claude happily creates the file outside the project without any prompting 
> create file /usr/local/workplace/another-project/hi-from-claude.txt that has content "hello from claude"

⏺ I'll create the file at the specified path with the requested content.

⏺ Write(../another-project/hi-from-claude.txt)
  ⎿  Wrote 1 lines to ../another-project/hi-from-claude.txt
     hello from claude

⏺ Created the file with the content "hello from claude".

Now we if we add a * to the default tools that increases their safety level (should only allow actiohn within the project root without asking).

Safer

{
  "permissions": {
    "allow": [
      "Read(*)",
      "Search(*)",
      "Edit(*)",
      "Write(*)"
    ]
  }
}

And we try to ask claude to create file outside our project

PWD: /usr/local/workplace/project1 (with above settings)

Prompt claude

create file /usr/local/workplace/another-project/hi-from-claude-2.txt that has content "hello from claude"
Result: Claude requests permissions to modify the file outside the project 
> create file /usr/local/workplace/another-project/hi-from-claude-2.txt that has content "hello from claude"

⏺ I'll create the file with the specified content.

⏺ Write(../another-project/hi-from-claude-2.txt)

╭───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ Create file                                                                                                                                                                               │
│ ╭───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮ │
│ │ ../another-project/hi-from-claude-2.txt                                                                                                                                               │ │
│ │                                                                                                                                                                                       │ │
│ │ hello from claude                                                                                                                                                                     │ │
│ ╰───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯ │
│ Do you want to create hi-from-claude-2.txt?                                                                                                                                               │
│ ❯ 1. Yes                                                                                                                                                                                  │
│   2. No, and tell Claude what to do differently (esc)
Backlinks