Can I restrict Claude to only work within my project directory?

Yes, by using the 'path:$PROJECT_ROOT/**' pattern in your rules, you can ensure that commands like 'rm' or 'mv' only affect files within your specific project scope.

How does cc-allow handle conflicting rules?

It uses a specificity scoring system where more detailed rules (e.g., matching specific arguments or paths) take precedence over general command rules.

What is the purpose of the allow-rules skill?

It manages the cc-allow configuration, which acts as a security firewall for bash commands executed by Claude, ensuring the AI only performs authorized actions.

Where are the permission settings stored?

Settings are stored in TOML files located at ~/.config/cc-allow.toml for global defaults and .claude/cc-allow.toml for project-specific overrides.

Command Permission Manager (cc-allow)

Name: Command Permission Manager (cc-allow)
Author: dannycoates

bydannycoates

•

安全与测试

Manages fine-grained bash command permissions and security policies for Claude Code execution.

关于

The allow-rules skill enables Claude to interact with the cc-allow security framework, a robust system for governing which bash commands the AI is permitted to run. By managing cc-allow.toml configuration files, this skill allows users to define global or project-specific policies for allowing, denying, or prompting for confirmation before command execution. It supports sophisticated matching via glob patterns, regular expressions, and path resolution, ensuring that AI-driven terminal operations remain safe, predictable, and restricted to authorized scopes.

主要功能

Advanced argument matching using regex, globs, and flag detection
Specificity-based rule engine that resolves conflicting permissions intelligently
Granular command control with allow, deny, and ask (prompt) actions
Pipe and redirect monitoring to prevent dangerous data exfiltration or overwrites
1 GitHub stars
Path-based security restricting commands to $PROJECT_ROOT or $HOME

使用场景

Preventing the AI from executing destructive commands like 'rm' outside of specific build folders
Creating a 'golden path' for development by auto-allowing safe tools like git, ls, and npm
Implementing security guardrails that block piping sensitive data to external shells or scripts

关于

主要功能

Advanced argument matching using regex, globs, and flag detection
Specificity-based rule engine that resolves conflicting permissions intelligently
Granular command control with allow, deny, and ask (prompt) actions
Pipe and redirect monitoring to prevent dangerous data exfiltration or overwrites
1 GitHub stars
Path-based security restricting commands to $PROJECT_ROOT or $HOME

使用场景

Preventing the AI from executing destructive commands like 'rm' outside of specific build folders
Creating a 'golden path' for development by auto-allowing safe tools like git, ls, and npm
Implementing security guardrails that block piping sensitive data to external shells or scripts