A Claude Code plugin that reads your PRD or requirements document and automatically configures .claude/settings.local.json with the right permissions for your project — so Claude stops asking permission to run ls every thirty seconds like a golden retriever requesting belly rubs.
NO SUPPORT IS PROVIDED FOR THIS PLUGIN. USE AT YOUR OWN RISK.
This plugin is provided "as is" without warranty of any kind. If it misconfigures your permissions, nukes your settings, achieves sentience, or causes your laptop to file for emotional distress damages, that is entirely your problem. The author will not be answering emails, GitHub issues, carrier pigeon messages, or interpretive dance performances requesting assistance.
- Author: Christopher S. Penn
- Website: https://www.christopherspenn.com/
- Version: 1.0.0
- License: Apache-2.0
Every time you start a new project in Claude Code, it asks permission for everything. Can I run ls? Can I check git status? Can I cat this file? Is it okay if I breathe?
Yes. You can breathe. You can always breathe.
This plugin reads your PRD and figures out what your project actually needs — Python? Node? Docker? A deep existential commitment to PHP? — and generates a .claude/settings.local.json that pre-approves all the safe, read-only, non-destructive things Claude will do approximately 800 times per session. Destructive operations still require your blessing. Claude cannot drop your production database without asking first. Probably.
Via Claude Code plugin manager:
/plugins install https://github.com/cspenn/prd-permissionsManually:
git clone https://github.com/cspenn/prd-permissions \
~/.claude/plugins/marketplaces/local/plugins/prd-permissionsThen enable it in your Claude Code settings.
/setup-permissions [path-to-prd]
Run this in any project. Claude will:
- Find your PRD (or use the path you provide)
- Figure out what tech stack you're working with
- Select the appropriate permission groups from its reference library
- Generate any custom entries for project-specific tools
- Merge everything into
.claude/settings.local.json, preserving anything already there - Tell you what it did
Examples:
/setup-permissions # auto-discovers docs/prd.md, docs/requirements.md, README.md
/setup-permissions docs/spec.md # use a specific file
/setup-permissions docs/requirements.mdThe plugin includes a skill that activates when Claude notices you're in a project without configured permissions and a PRD exists. It will politely suggest running the command rather than letting you drown in permission prompts.
Every time you open a session, if the project has a PRD but no project-specific permissions configured, you'll see a tip. You can ignore it. We support your right to be prompted repeatedly. That's a lifestyle choice.
Every project gets these regardless of tech stack:
| Category | What's covered |
|---|---|
| File inspection | ls, cat, head, tail, stat, wc, file, strings, checksums |
| File search | find, fd, grep, rg, which, locate |
| Text processing | echo, sort, uniq, jq, awk, diff, sed and friends |
| System info | pwd, whoami, date, uname, env, ps, df, du |
| Network info | netstat, dig, curl, wget (read-only use) |
| Git (read) | git log, git status, git diff, git show, git branch, etc. |
| Package info | npm list, pip list, brew list and their informational cousins |
| Tools | WebSearch, WebFetch |
| Stack | Trigger signals in your PRD |
|---|---|
| Python | Python, Django, Flask, FastAPI, pip, pytest, ruff, mypy |
| Node.js | Node, npm, Express, TypeScript, package.json |
| React/Frontend | React, Next.js, Vite, Remix, Astro |
| PHP | PHP, Laravel, WordPress, Composer, Artisan |
| Ruby | Ruby, Rails, RSpec, Bundler, Rake |
| Go | Go, Golang, go mod |
| Rust | Rust, Cargo |
| Swift/iOS | Swift, Xcode, SwiftUI, iOS app, macOS app |
| R | R language, tidyverse, Rscript |
| Docker | Docker, Kubernetes, containers |
| Database | PostgreSQL, MySQL, SQLite |
| Git write ops | Only when PRD explicitly states Claude will commit/push autonomously |
| Make/Build | Makefile, CMake, Gradle, Maven |
- Adds new permissions on top of existing ones — never removes
- Preserves your
denyrules (deny always wins) - Deduplicates so you don't end up with 47 copies of
Bash(ls:*) - Validates paths — won't read files outside your project root
- Claude Code (any recent version)
- A PRD, requirements doc, or README that describes your project
- Willingness to run a single slash command
Apache License 2.0 — see LICENSE file.
This plugin is released into the wild with zero support, zero warranty, and zero guarantees. It is free, and you are getting exactly what you paid for. The author will not respond to:
- Bug reports
- Feature requests
- Questions about why it doesn't work on your machine
- Philosophical inquiries about the nature of permissions
- Interpretive readings of the source code
- Any form of communication whatsoever
Use at your own risk. Make backups. Don't blame us.
[Read in the style of a fast-talking pharmaceutical commercial announcer]
prd-permissions™ may help reduce permission prompts during Claude Code development sessions. Ask your AI assistant if prd-permissions™ is right for your project.
Side effects may include:
- Sudden, disconcerting silence where permission prompts used to be
- Existential confusion about what Claude is actually doing without asking
- Compulsive re-reading of
.claude/settings.local.jsonto make sure it's still there - False sense of security leading to 3am deployments you will regret
- Settings file achieving quantum superposition, simultaneously configured and not configured until observed
- Mysterious appearance of permissions you don't remember approving, probably fine
- Claude running
ls400 times because now it can and nobody's stopping it - Sudden urge to write more PRDs just to generate more permission files
- Complete inability to remember what you used to do before this existed
.claude/settings.local.jsondeveloping strong opinions about your tech stack choices- Permission grants multiplying overnight like gremlins fed after midnight
- All your
denyrules being preserved so scrupulously you feel faintly judged - Development velocity increasing to uncomfortable speeds
- Teammates asking "wait, when did Claude stop interrupting everything" and you having to explain plugins to them
- Hook script achieving enlightenment and refusing to fire because nothing is truly missing in this world
- PRD analysis concluding your project needs Docker when it's a static HTML page
Do not use prd-permissions™ if you:
- Enjoy being asked for permission to run
whoami - Have a philosophical objection to automation
- Are currently in an argument with your
.gitignorefile and cannot take on additional config relationships - Believe that requiring approval for
git logbuilds character - Have not written a PRD and are hoping the plugin will write it for you (it will not)
Tell your developer immediately if you experience:
.claude/settings.local.jsonwriting itself- Sudden understanding of wildcard syntax at cocktail parties
- The hook script outputting tips in a language you don't recognize
- Your project's tech stack changing after the permissions were generated, rendering them both correct and incorrect simultaneously
- Uncontrollable urge to add permissions manually "just a few more, just to be safe"
- Dreams where you are a permission entry and Claude is deciding whether to allow you
In rare cases, prd-permissions™ may cause:
- Claude to become so unimpeded it finishes your entire project before lunch
- Your PRD to retroactively become a better document because now it has to hold up to automated analysis
- The
denyarray preservation logic to be the most reliable relationship in your life - All future projects to feel underconfigured by comparison
- A mild superiority complex when other developers describe their permission setup
- Git write permissions to remain conspicuously absent because your PRD was not explicit enough about Claude's git autonomy, which is honestly fine and probably wise
- Your settings file to become longer than your actual codebase
prd-permissions™ is not responsible for:
- What Claude does with all those pre-approved permissions
- Your hosting bill if Claude gets enthusiastic about running
du -sh - The existential implications of a plugin that configures permissions to reduce friction for an AI assistant
- Any feelings you develop about the hook script
prd-permissions™ is not approved by the FDA, OSHA, or your company's security team. Results may vary based on PRD quality, phase of moon, and whether your requirements document describes your actual project or the project you wish you were building.
This plugin is provided "as-is" with absolutely no warranty, support, or promise that it won't decide your PHP project is secretly a Rust project because you mentioned "performance" once.
Use at your own risk. We believe in you. We just don't believe in warranties.
[Spoken impossibly fast] MaynotbecompatiblewithallversionsofClaudeCodeorPRDsthatarewrittenentirelyinbulletsayingnothingabouttechtechnology.Sideeffectsmayvarybasedonhowspecificyourrequirementsdocumentisandwhetherittreatsyourteamlikeadultsornot.Notresponsiblefordevelopmentvelocitythatexceedsyourabilitytoreviewnewfeatures.Ifyourpermissionsfilestartsupdatingitselfdiscontinueuseimmediatelyandcontactyourlocaldevrelexorcist.
prd-permissions™ — Because life is too short to click "Allow" on git status seventeen times before coffee.