Stop Clicking "Allow" 300 Times a Day — Bulk-Manage Claude Code Permissions#

Published on March 6, 2026

Claude Code asks permission for every Bash command, MCP tool, and WebFetch domain you use. If you work across multiple projects, you're approving the same npm test, git add, and pnpm build hundreds of times. claude-commands-reviewer is an open-source CLI that scans your sessions, uses AI to group safe commands into wildcard patterns, and applies them to your global ~/.claude/settings.json — so you approve once and never again.

The Problem — Death by Permission Prompts#

Claude Code's permission model is secure by default. Every Bash command, MCP tool call, and web fetch needs explicit approval before it runs. That's good design — until you're a power user juggling 10-20+ projects every week.

The math gets ugly fast:

• 18 projects
• 349 sessions
• 308 unique commands pending approval

You're clicking "Allow" on npm run test, git status, and pnpm build in every single session. The friction doesn't add meaningful security — you already approved these exact same commands yesterday, and the day before that, and the day before that. It just slows you down.

Claude Code does support persistent permissions in settings.json via the allowedTools array, but manually writing wildcard patterns for hundreds of commands is tedious and error-prone. What you need is a tool that reads what you've already been approving and turns it into patterns automatically.

Understanding Claude Code Permissions#

Before diving into the solution, here's how Claude Code permissions work under the hood. Every tool invocation — whether it's a shell command, an MCP server tool, or a web fetch — goes through a permission check. Claude Code looks at your ~/.claude/settings.json for two arrays:

• allowedTools — patterns that are auto-approved without prompting
• deniedTools — patterns that are always blocked

If a command doesn't match either list, you get the "Allow" prompt. The problem is that these patterns need to be written by hand, and the syntax isn't obvious. For example, Bash(npm run:*) matches any npm run subcommand, but how would you know that without reading the source code?

This is exactly the gap that claude-commands-reviewer fills. It reads your actual usage history, groups commands intelligently using AI, and writes the patterns for you.

The Solution — claude-commands-reviewer#

Three commands. Five minutes. Done forever.

Step 1 — Collect and group with AI#

npx claude-commands-reviewer collect

This is the main command you'll use. It scans all your ~/.claude/ session data, extracts every command that's been requested across all projects, and sends the list to Claude (Opus) for intelligent grouping. Instead of 308 individual entries like Bash(npm run test), Bash(npm run build), Bash(npm run lint), you get one Bash(npm run:*) pattern.

The collect command also supports a --reset flag if you want to start fresh and rescan everything from scratch:

npx claude-commands-reviewer collect --reset

Cost: ~$0.05 per run using Claude Opus for the grouping step.

Step 2 — Review interactively#

npx claude-commands-reviewer review review-2026-03-06.json

An interactive TUI lets you go through each proposed pattern one by one:

• A — Approve (add to allowlist)
• D — Deny (add to denylist)
• S — Skip (decide later)

You stay in full control. The AI suggests groupings, but you decide what gets approved. Each pattern shows you exactly which commands it covers, so you can make informed decisions about what to wildcard and what to keep behind the permission prompt.

Step 3 — Apply to global settings#

npx claude-commands-reviewer apply review-2026-03-06.json

This writes your approved patterns into ~/.claude/settings.json. Before making any changes, it creates an automatic backup of your current settings file. It also deduplicates entries and sorts them alphabetically for easy scanning. The tool is forward-compatible — it preserves any unknown fields in your settings file, so it won't break anything even if Anthropic adds new config options.

After applying, every new Claude Code session across every project picks up your permissions immediately. No restart needed.

How Wildcard Patterns Work#

Claude Code's allowedTools supports wildcard patterns that match at the subcommand level. Here's what the reviewer generates:

The key insight: patterns use subcommand-level grouping. You get Bash(gh pr:*), not Bash(gh:*). This keeps the scope tight — approving gh pr commands doesn't also approve gh repo delete.

This granularity matters. A broad wildcard like Bash(gh:*) would match every GitHub CLI command including destructive ones like gh repo delete or gh release delete. By grouping at the subcommand level, the reviewer keeps your permissions precise and predictable.

Safety Framework#

The reviewer uses a 3-tier safety classification powered by the AI grouping step:

• SAFE_TO_WILDCARD — Read-only commands, build tools, test runners, and linters. These are auto-suggested for wildcarding because they can't cause harm. Examples: git status, npm test, eslint, tsc --noEmit.
• MAYBE_SAFE — Commands that modify state but are generally safe in development contexts. These get flagged for manual review so you can decide. Examples: git add, npm install, git commit.
• NEVER_WILDCARD — Hard-blocked commands that are never suggested for wildcarding, regardless of how often you've approved them:
  • rm and rmdir (file deletion)
  • chmod and chown (permission changes)
  • sudo (privilege escalation)
  • curl with outbound POST/PUT (data exfiltration risk)
  • kubectl delete (infrastructure destruction)

Additional safety measures built into the tool:

• Auto-backup before every write to settings.json
• Forward-compatible — preserves unknown settings.json fields so future Claude Code updates don't break
• Fully local — all data stays on your machine. Reads ~/.claude/ only, no external calls except the AI grouping step (which sends command names only, not your code)
• Reversible — restore from backup at any time if you change your mind

Real Results#

Here's what a real run looks like across a working development setup:

• 18 projects, 349 sessions scanned
• 308 unique commands collected
• AI grouped them into 16 patterns
• After interactive review: 12 approved, 4 skipped for later
• Total cost: ~$0.05
• Time: under 5 minutes

Those 12 patterns now cover hundreds of repetitive permission prompts. Every new session across every project starts clean — no more clicking "Allow" on git add, npm test, or pnpm build. The 4 skipped patterns were edge cases that needed more thought, and they'll be there next time you run review.

Get Started#

Install globally or run directly with npx:

npm install -g claude-commands-reviewer

Or just run it directly without installing:

npx claude-commands-reviewer collect

MIT licensed. Open source on GitHub: DreamTeamMobile/claude-commands-reviewer.

If you're tired of the permission dance, give it five minutes. Your future self will thank you.

Frequently Asked Questions#

Does it send my code or data externally?

No. The tool only reads your local ~/.claude/ directory. The only external call is the AI grouping step, which sends command names (like npm run test) to Claude for pattern suggestions — never your source code, file contents, or project data.

Can I undo changes if something goes wrong?

Yes. The tool creates an automatic backup of your ~/.claude/settings.json before every write. You can restore it at any time. The backup file is saved alongside your settings with a timestamp.

Will it approve dangerous commands like rm or sudo?

No. Commands classified as NEVER_WILDCARD are hard-blocked and will never be suggested for wildcarding, no matter how often you've approved them manually. This includes rm, sudo, chmod, curl with outbound writes, and kubectl delete.

How much does it cost to run?

About $0.05 per run. The AI grouping step uses Claude Opus to intelligently cluster your commands into wildcard patterns. For most users, a single run covers all their projects.