Permissions in 📝Claude Code are granular allow / ask / deny rules declared in settings.json that control which tools, Bash commands, and MCP calls run without prompting the user for approval.
The permissions system distinguishes three states per rule: allow (the action runs automatically), ask (the user is prompted before each invocation, the default for sensitive operations), and deny (the action is blocked outright). Rules can be scoped to specific tool types (Bash, Edit, Write, WebFetch, mcp__*), to specific command shapes (Bash(git status:*) matches git status with any args), or to specific MCP tool paths (mcp__mythos__read_memo).
Permission rules layer across the same three 📝settings.json (Claude Code) locations as other config — global, project-shared, and project-local. Adding Bash(git diff:*) to global allow removes the approval prompt for every git diff invocation across every project; adding WebFetch(domain:example.com) permits fetching only that domain. Permission mode can also be set at session level via --permission-mode accept-edits for fully autonomous runs, or via --dangerously-skip-permissions to pre-approve every call.
A common practitioner pattern is to bootstrap a project by allowing all the safe read operations and letting Claude prompt only for writes and shell commands. The /fewer-permission-prompts skill scans conversation transcripts and proposes an allowlist tailored to the commands actually used.