Mining Claude Code's history to build a permission allowlist

Claude Code on Max plan doesn’t support auto mode yet. Every git status, every kubectl get pods, every go build, it asks for permission. Dozens of times per session. It breaks flow.

There’s a “dangerously skip permissions” toggle, but I don’t trust it yet. Giving blanket approval to everything an agent wants to run isn’t something I’m comfortable with. I’d rather be explicit about what’s safe.

So I went and looked at what Claude has actually been running. It stores full session transcripts as JSONL files under ~/.claude/projects/. Each tool call is a JSON entry with the tool name and input. I wrote a quick script to parse all of them and count command frequencies.

2,575 Bash calls across all my projects. The top commands: git status (64 times), git log --oneline -5 (53), git diff (45), kubectl get pods (a lot). Almost all read-only.

Claude Code does have a built-in “Yes, don’t ask again” on permission prompts. It persists permanently for Bash commands in .claude/settings.local.json. I already had decent per-project allowlists built up from clicking that over time. But it’s per-project only, with no way to promote a rule globally. Every new project starts from zero.

There’s a permissions.allow key in settings.json that takes glob patterns like Bash(git status*) or Bash(kubectl get *). Putting this in the global ~/.claude/settings.json applies it everywhere. So I mined the session history, split commands into safe and risky, and wrote about 40 patterns into the global config. Read-only git, kubectl reads, go build/test, hugo, gh CLI status checks, pnpm/bun, BigQuery. Everything else still prompts.

One way to automate this could be to run a scheduled job every week that parses new session files and proposes additions to the global allowlist. But that’s for another day.