lazyperm
Auto-allow read-only Claude Code shell commands — no more permission prompts for git status, ls, tsc, or npx.
lazyperm installs a Claude Code PreToolUse hook that silently approves safe shell commands and blocks dangerous ones, so you only get interrupted when it actually matters.
Quick Start
Option A — VS Code Extension (this extension)
- Open the Command Palette (
Ctrl+Shift+P)
- Run
lazyperm: Install hook in this project
- Restart Claude Code
- Run
/hooks in Claude Code to confirm PreToolUse (1) is listed
Option B — CLI (npm)
# Install in the current project
npx lazyperm
# Install globally (applies to all projects)
npx lazyperm --global
How It Works
Every time Claude Code wants to run a shell command, lazyperm intercepts it before the permission prompt appears.
Claude wants to run: git status
│
▼
deny_patterns.json ──── match? ──→ BLOCK (permission denied)
│
no match
│
▼
safe_patterns.json ──── match? ──→ ALLOW (no prompt shown)
│
no match
│
▼
Claude Code default ──────────────→ PROMPT (normal behavior)
The result of every decision is written to .claude/hooks/decisions.log.
Commands
| Command |
Description |
lazyperm: Install hook in this project |
Copies hook files into .claude/hooks/ and patches .claude/settings.json |
lazyperm: Install hook globally |
Installs into ~/.claude/hooks/ for all projects |
lazyperm: Edit safe patterns |
Opens safe_patterns.json to customize auto-allowed commands |
lazyperm: Edit deny patterns |
Opens deny_patterns.json to customize blocked commands |
lazyperm: Open decisions log |
Opens decisions.log to audit every allow/deny decision |
Default Safe Patterns (auto-allowed)
These commands are allowed without prompting by default:
Git
git status, git diff, git log, git branch, git show, git remote -v
File system
ls, dir, cat, head, tail, grep, find, echo, wc, pwd
PowerShell read-only
Get-ChildItem, Get-Content, Get-Item, Test-Path, Get-Location, Select-Object, Where-Object, Sort-Object, Format-Table, Format-List
Node / TypeScript
npx tsc, tsc --noEmit, npm run lint, npm test, npm ls, npm info, npm outdated, npm audit
Python
By default, everything else is also allowed via a catch-all .* at the end of safe_patterns.json. Remove it to switch to an explicit allowlist mode.
Default Deny Patterns (always blocked)
These are blocked regardless of the safe list:
| Pattern |
Blocks |
rm, del, Remove-Item |
File deletion |
git push, git reset --hard, git clean |
Destructive git operations |
> file or >> file |
File overwrites/appends (but 2>&1 is allowed) |
Set-Content, Out-File, Move-Item |
File writes |
sudo |
Privilege escalation |
DROP, DELETE FROM |
Destructive SQL |
Invoke-Expression, iex |
Arbitrary code execution |
-X POST/PUT/DELETE/PATCH |
Mutating HTTP requests |
shutdown, Restart-Computer, Stop-Process |
System operations |
Set-ExecutionPolicy, Set-ItemProperty HKLM |
System config changes |
Customizing Patterns
Patterns are regular expressions. After installing, open the files with the Command Palette:
Add a safe pattern (lazyperm: Edit safe patterns):
[
"^my-custom-script\\b",
"^docker ps\\b",
".*"
]
Add a deny pattern (lazyperm: Edit deny patterns):
[
"^curl\\b",
"^wget\\b"
]
Deny patterns are checked first — if a command matches deny, it's blocked even if it also matches safe.
Files Installed
.claude/
hooks/
guard.py ← the hook script
safe_patterns.json ← commands to auto-allow
deny_patterns.json ← commands to always block
decisions.log ← audit log (created on first run)
settings.json ← patched to register the hook
For project installs, these are added to .gitignore automatically so hook files aren't committed.
Uninstalling
Delete .claude/hooks/ and remove the PreToolUse entry from .claude/settings.json, then restart Claude Code.
License
MIT — github.com/lahonsourav/lazyperm