claude-configs/tmp/permissions-audit.md

Claude Code Permissions Audit

Date: 2026-03-18 Purpose: Document current state before migrating to permission-manager plugin

Current Approach

Flat allow/deny lists in ~/.claude/settings.json with ~100+ individual entries. No cmd-gate hook patterns. Bash is fully open.

---

Allow-list: Tool Permissions

Fully open (wildcard)

Permission	Notes
Bash	No restrictions on any Bash command
Read(*)	All files
Glob(*), Grep(*), LS(*)	All search/list
WebFetch(domain:*)	All web domains
WebSearch	Unrestricted
TodoWrite(*), Task(*)	All task operations
Skill(*), SlashCommand(*)	All skills
NotebookRead(*), NotebookEdit(*)	All notebooks
MultiEdit(*), ExitPlanMode(*)	Unrestricted

MCP servers (full access)

Permission	Server
mcp__n8n-mcp__*	n8n workflow automation
mcp__gitea-mcp__*	Gitea git hosting
mcp__tui-driver__*	TUI automation
mcp__cognitive-memory__*	Cognitive memory (DECOMMISSIONED)
mcp__memorygraph__*	Memory graph (DECOMMISSIONED)

MCP servers (specific tools)

Permission	Notes
mcp__notion__API-retrieve-a-page	Read-only Notion
mcp__notion__API-get-block-children	Read-only Notion
mcp__notion__API-post-database-query	Read-only Notion
mcp__notediscovery__get_notes_by_tag	Note discovery
mcp__docker-mcp-gateway__mcp-find	Docker MCP gateway
mcp__docker-mcp-gateway__mcp-config-set	Docker MCP gateway
mcp__docker-mcp-gateway__mcp-add	Docker MCP gateway
mcp__docker-mcp-gateway__mcp-exec	Docker MCP gateway

Specific Bash commands

These were added before Bash was opened fully — now redundant:

• Bash(git add:*)
• Bash(sudo systemctl status:*), Bash(sudo journalctl:*)
• Bash(ping:*), Bash(mkdir:*)
• Bash(podman exec tdarr-node-gpu ls:*), Bash(podman exec tdarr-node-gpu tail:*)
• Bash(podman exec tdarr-node-gpu-unmapped ls:*), Bash(podman exec tdarr-node-gpu-unmapped find:*)
• Bash(ssh tdarr "docker inspect":*)
• Bash(podman logs:*), Bash(sudo podman logs:*), Bash(sudo podman ps:*)

Specific WebFetch domains

All redundant given WebFetch(domain:*) wildcard:

• github.com, docs.tdarr.io, superuser.com, docs.podman.io
• platform.openai.com, docs.n8n.io, help.ko-fi.com, n8n.io
• custom-system-builder.gitlab.io, foundryvtt.com, 10.10.0.174
• docs.openclaw.ai, pve.proxmox.com, git.manticorum.com
• developers.cloudflare.com, uptime-kuma-api.readthedocs.io
• www.enworld.org, 2minutetabletop.com, www.forgotten-adventures.net
• www.doodlesanddragons.com, www.drivethrurpg.com, forums.rptools.net
• www.fantasygrounds.com, gmkeros.wordpress.com, inkwellideas.com
• itch.io, opengameart.org, store.paizo.com
• forum.gitea.com, docs.gitea.com, gitea.com, about.gitea.com
• docs.anthropic.com, raw.githubusercontent.com, ra-h.app, ollama.com
• community.teamspeak.com, docs.docker.com, forums.docker.com

Specific Skills

• Skill(youtube-transcriber), Skill(proxmox), Skill(mcp-manager), Skill(notediscovery)
• All redundant given Skill(*)

Specific Read paths

• Read(//home/cal/.claude/**) — redundant given Read(*)
• Read(//home/cal/.local/share/Steam/userdata/32759396/1144200/**) — Ready or Not save data

---

Deny-list

Destructive disk operations (macOS — NOT APPLICABLE on Linux)

• diskutil partitionDisk, eraseDisk, eraseVolume, reformat, zeroDisk
• diskutil appleRAID, randomDisk, coreStorage, cs
• diskutil disableJournal, resetFusion, disableOwnership
• diskutil apfs deleteContainer, eraseVolume, decryptVolume
• diskutil apfs changePassphrase, deleteVolume, deleteVolumeGroup, deleteSnapshot

Destructive Linux operations (KEEP)

• rm -rf /, rm -rf /*, rm -rf ~, rm -rf $HOME
• rm -rf $PAI_HOME, rm -rf $PAI_DIR
• sudo rm -rf /, sudo rm -rf /*
• fork bomb
• dd if=/dev/zero of=/dev/sda
• mkfs.ext4 /dev/sda

---

Hooks

Event	Matcher	Script	Status
PostToolUse	Edit|Write|MultiEdit	~/.claude/hooks/format-code.sh	Active
SubagentStop	(all)	~/.claude/hooks/notify-subagent-done.sh	Active
SessionEnd	(all)	/mnt/NV2/Development/cognitive-memory/scripts/session_memory.py	REMOVE (decommissioned)

---

Plugins

Plugin	Source	Status
permission-manager@agent-toolkit	St0nefish/agent-toolkit	Installed, cmd-gate has no custom patterns
session@agent-toolkit	St0nefish/agent-toolkit	Installed
format-on-save@agent-toolkit	St0nefish/agent-toolkit	Installed (overlaps PostToolUse hook)
playground@claude-plugins-official	Official	Active
claude-code-setup@claude-plugins-official	Official	Active
frontend-design@claude-plugins-official	Official	Active
rust-analyzer-lsp@claude-plugins-official	Official	Active
pyright-lsp@claude-plugins-official	Official	Active

---

Additional Directories

• /home/cal/.config/steamtinkerlaunch/
• /mnt/NV2/SteamLibrary/

---

Migration Recommendations

Cleanup (do first)

1. Remove all diskutil deny entries — not on macOS
2. Remove all specific Bash(...) entries — redundant with Bash wildcard
3. Remove all specific WebFetch(domain:...) entries — redundant with domain:*
4. Remove all specific Skill(...) entries — redundant with Skill(*)
5. Remove specific Read(...) entries — redundant with Read(*)
6. Remove mcp__cognitive-memory__* and all individual cognitive-memory entries
7. Remove mcp__memorygraph__*
8. Remove mcp__notediscovery__get_notes_by_tag and Skill(notediscovery)
9. Remove mcp__docker-mcp-gateway__* if not actively used
10. Remove SessionEnd cognitive-memory hook

Migration to cmd-gate (do second)

1. Remove Bash wildcard from allow-list
2. Define cmd-gate custom patterns for common safe operations
3. Replace WebFetch(domain:*) with explicit domain groups
4. Test workflow to ensure nothing breaks

Hook deduplication

• format-on-save@agent-toolkit may overlap with existing PostToolUse(Edit|Write|MultiEdit) → format-code.sh hook — pick one