Skip to the content.

expressive-permissions

A robust, configurable, flexible and decidedly not annoying expressive permissions system for Claude Code. Easily allow everything that’s safe. Easily deny everything that’s dangerous. Prompt the user for everything else.

This is a plugin for Claude Code to handle permissions. You delegate all of Claude’s permission requests to this plugin and then it decides, through rules you have laid down in YAML configuration files, whether to allow or deny any particular tool use or command invocation.

It converts each tool call into an abstract syntax tree (AST), threads a simulated environment (cwd + env vars) through the tree, and runs your rules at every node. This gives you permissions that work even when commands are embedded in a variable-order pipeline, paths are buried in arguments, or the working directory and environment change mid-pipeline.

The project README covers installation, motivation, and a quick start. The pages below are the full documentation.

Documentation

License

MIT. See LICENSE.