Claude Code has a permission system: allow, ask, and deny. Rules live in settings.json, evaluated in order — deny wins first, then ask, then allow. Pattern matching supports wildcards like Bash(npm run *) or Read(/home/*).

A lot of people avoid --dangerously-skip-permissions because the name sounds scary. So instead they add Bash(*) to their allow list to skip the prompts. That’s the same thing. The flag just makes the risk visible; Bash(*) hides it in a config file.

The better move: figure out what you actually need. Add Bash(git *), Bash(npm run *), the specific commands your workflow uses. Put anything destructive in deny. Takes twenty minutes once, saves constant friction without opening everything up.