Permission Rules: Syntax & Wildcards

⏱ Est. reading time: 3 min Updated on 5/8/2026

While modes set the baseline, rules allow you to fine-tune exactly what Claude can and cannot do.

Basic Syntax

Rules follow the format Tool or Tool(specifier).

Example Matches
Bash All Bash commands
Bash(npm run build) Exactly that command
Read(./.env) Reads the local .env file
WebFetch(domain:example.com) Web fetches for that domain

Wildcards

* can match one or more tokens.

  • Bash(npm run *): Matches any npm run command.
  • Bash(git * main): Matches git checkout main, git merge main, etc.
  • Bash(ls*): Matches ls, lsof, and ls -la.

Word Boundaries

Bash(ls *) vs Bash(ls*):

  • Bash(ls *) matches ls -la (note the space), but not lsof.
  • Bash(ls*) matches both.

Note: For Bash rules, Claude automatically strips process wrappers like timeout, nice, and nohup before matching.

Related Tools & Resources

Skill Marketplaces

A

Awesome Cyber Skills

A curated list of hacking environments for AI agent developers to train and practice cybersecurity skills, enhancing agent capabilities in defense and offense.

Recommended Plugins

🛡️

Security Guidance

Security reminder hook that monitors 9 security patterns including command injection, XSS, eval usage, dangerous HTML, pickle deserialization, and os.system calls.

Related Products

📦

claude-howto

Claude How To by luongnv89 is a structured, visual, and example-driven guide designed to help users master Claude Code's features efficiently. It offers 10 tutorial modules, copy-paste configuration templates, Mermaid diagrams, and a guided learning path. The guide transforms users from basic Claude Code interactions to orchestrating advanced agents, hooks, skills, and MCP servers, addressing the gap in official documentation regarding practical guidance and a clear learning roadmap.