Skip to content
ATAI Today Brief
HomeNewsConceptsGuidesToolbox
AboutSubscribeUA
Subscribe

AI Today Brief

The daily AI-engineering brief. Built in public. EN · UA.

XTelegramLinkedInYouTubeRSS
NewsConceptsGuidesSubscribeAdvertiseAboutEditorial policyAI disclosurePrivacyTerms

© 2026 AI Today Brief. All rights reserved.

  1. Home/
  2. AI Toolbox/
  3. Free Claude Code settings.json Builder — Permissions & Hooks

AI Toolbox

Free Claude Code settings.json Builder — Permissions & Hooks

Choose the guardrails your project needs and produce deterministic settings.json scaffolding without sending repository details to a server.

100% client-side; your settings choices never leave this browser. This builder will output deterministic settings.json scaffolding from explicit choices, not a hidden score.

100% client-side; your settings choices never leave this browser.

This builder will output deterministic settings.json scaffolding from explicit choices, not a hidden score. Schema guardrails are enforced locally: permissions.defaultMode is nested, effortLevel is low|medium|high|xhigh only, and every recommendation is citation-backed.

Default permission mode

Emitted as permissions.defaultMode, never top-level defaultMode and never permissions.mode.

Safety permission presets

Hook recipes

Generated settings.json

Preview is deterministic and safe to copy. It includes the official JSON schema URL for editor validation.

{
  "$schema": "https://json.schemastore.org/claude-code-settings.json",
  "permissions": {
    "defaultMode": "acceptEdits",
    "deny": [
      "Bash(rm -rf *)",
      "Read(./.env*)"
    ],
    "ask": [
      "Edit(./.env*)"
    ]
  },
  "effortLevel": "high",
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Edit|Write",
        "hooks": [
          {
            "type": "command",
            "command": "npx prettier --write \"$CLAUDE_FILE_PATH\""
          }
        ]
      }
    ]
  }
}

Static citation catalog

Crawlable references for Claude Code permission grammar, hook recipes, and settings scope precedence.

Permission rule grammar

Bash(npm run test *)

Allow, deny, or ask for matching shell commands with Bash wildcards.

Citations

  • Claude Code permissions — Set the defaultMode in your settings files; deny rules are evaluated before ask and allow rules.
Bash

Bare tool rules affect the whole tool; scoped rules affect only matching calls.

Citations

  • Claude Code permissions — Set the defaultMode in your settings files; deny rules are evaluated before ask and allow rules.
Read(./src/**)

Project-relative file anchor for repository paths.

Citations

  • Claude Code permissions — Set the defaultMode in your settings files; deny rules are evaluated before ask and allow rules.
Read(~/notes/**)

Home-relative file anchor for user-local paths.

Citations

  • Claude Code permissions — Set the defaultMode in your settings files; deny rules are evaluated before ask and allow rules.
Read(/var/log/**)

Absolute path anchor for machine paths.

Citations

  • Claude Code permissions — Set the defaultMode in your settings files; deny rules are evaluated before ask and allow rules.
Read(//server/share/**)

Double-slash anchor for network-style roots where supported by the host.

Citations

  • Claude Code permissions — Set the defaultMode in your settings files; deny rules are evaluated before ask and allow rules.
WebFetch(domain:github.com)

Domain-scoped network access rule for WebFetch.

Citations

  • Claude Code permissions — Set the defaultMode in your settings files; deny rules are evaluated before ask and allow rules.
mcp__github__create_issue

MCP tool permission pattern for server and tool names.

Citations

  • Claude Code permissions — Set the defaultMode in your settings files; deny rules are evaluated before ask and allow rules.
Agent(Review)

Agent-scoped pattern for named subagents.

Citations

  • Claude Code permissions — Set the defaultMode in your settings files; deny rules are evaluated before ask and allow rules.

Hook recipes

format-on-write-prettier

Format edited files with Prettier

Run project formatting after file write/edit tools complete.

Event
PostToolUse
Matcher
Edit|Write
Tier
Info
npx prettier --write "$CLAUDE_FILE_PATH"

Keep command hooks deterministic and repository-local; review before enabling on large files.

Citations

  • Claude Code hooks reference — Hooks are defined in JSON settings files and include events such as PreToolUse, PostToolUse, Stop, Notification, and SubagentStop.

lint-after-write

Lint after edits

Surface lint failures quickly after code changes.

Event
PostToolUse
Matcher
Edit|Write
Tier
Warning
npm run lint -- --fix=false

Prefer fast linters here; long suites should run manually or in CI.

Citations

  • Claude Code hooks reference — Hooks are defined in JSON settings files and include events such as PreToolUse, PostToolUse, Stop, Notification, and SubagentStop.

secret-scan-before-bash

Screen Bash commands for secret patterns

Add a local safety check before shell commands execute.

Event
PreToolUse
Matcher
Bash
Tier
Critical
node scripts/check-command-for-secrets.mjs

Example command is a placeholder; wire it to a reviewed local script before use.

Citations

  • Claude Code hooks reference — Hooks are defined in JSON settings files and include events such as PreToolUse, PostToolUse, Stop, Notification, and SubagentStop.
  • Claude Code permissions — Set the defaultMode in your settings files; deny rules are evaluated before ask and allow rules.

notify-on-stop

Notify when a session stops

Emit a lightweight notification for long-running sessions.

Event
Stop
Matcher
any matcher
Tier
Info
printf "Claude Code session stopped\n"

Replace printf with your OS notifier or chat webhook only after reviewing privacy impact.

Citations

  • Claude Code hooks reference — Hooks are defined in JSON settings files and include events such as PreToolUse, PostToolUse, Stop, Notification, and SubagentStop.

capture-user-prompt-audit

Audit prompt metadata

Record prompt metadata for internal process audits without storing prompt text.

Event
UserPromptSubmit
Matcher
any matcher
Tier
Warning
node scripts/audit-prompt-metadata.mjs

Do not log raw prompts or secrets; keep audit payloads to counts and enums.

Citations

  • Claude Code hooks reference — Hooks are defined in JSON settings files and include events such as PreToolUse, PostToolUse, Stop, Notification, and SubagentStop.

env-check-session-start

Check environment on session start

Warn early when project prerequisites are missing.

Event
SessionStart
Matcher
any matcher
Tier
Info
node scripts/check-claude-env.mjs

Keep startup hooks fast so opening Claude Code stays responsive.

Citations

  • Claude Code hooks reference — Hooks are defined in JSON settings files and include events such as PreToolUse, PostToolUse, Stop, Notification, and SubagentStop.
  • Claude Code settings — settings.json is the official mechanism for configuring Claude Code through hierarchical settings; effortLevel accepts low, medium, high, or xhigh.

Settings scope precedence

#1 · managed

managed-settings.json

Organization policy; cannot be overridden by lower levels.

Citations

  • Claude Code settings — settings.json is the official mechanism for configuring Claude Code through hierarchical settings; effortLevel accepts low, medium, high, or xhigh.
  • Claude Code permissions — Set the defaultMode in your settings files; deny rules are evaluated before ask and allow rules.

#2 · cli

--settings / --permission-mode / --add-dir

Temporary command-line overrides for one session.

Citations

  • Claude Code settings — settings.json is the official mechanism for configuring Claude Code through hierarchical settings; effortLevel accepts low, medium, high, or xhigh.
  • Claude Code CLI reference — To persist additional working directories across sessions, set permissions.additionalDirectories in settings.

#3 · local

.claude/settings.local.json

Personal project-local overrides; normally gitignored.

Citations

  • Claude Code settings — settings.json is the official mechanism for configuring Claude Code through hierarchical settings; effortLevel accepts low, medium, high, or xhigh.

#4 · project

.claude/settings.json

Shared project settings that can be committed for a team.

Citations

  • Claude Code settings — settings.json is the official mechanism for configuring Claude Code through hierarchical settings; effortLevel accepts low, medium, high, or xhigh.
  • Claude Code permission modes — To make plan mode the default for a project, set defaultMode in .claude/settings.json under permissions.

#5 · user

~/.claude/settings.json

User-wide defaults; lowest precedence among persisted settings files.

Citations

  • Claude Code settings — settings.json is the official mechanism for configuring Claude Code through hierarchical settings; effortLevel accepts low, medium, high, or xhigh.