OpenSkillIndex← back to search
claude-codeautomation

Pro-workflow permission-tuner

Analyze permission denial patterns and generate optimized alwaysAllow and alwaysDeny rules. Use when permission prompts are slowing you down or after sessions with many denials.

install
source · Clone the upstream repo
git clone https://github.com/rohitg00/pro-workflow
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/rohitg00/pro-workflow "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/permission-tuner" ~/.claude/skills/rohitg00-pro-workflow-permission-tuner && rm -rf "$T"
manifest: skills/permission-tuner/SKILL.md
tags
#automation#security#permissions#rule-generation#workflow-optimization
source content

Permission Tuner

Reduce permission prompt fatigue by analyzing denial patterns and suggesting targeted rules.

Trigger

Use when:

  • Permission prompts interrupt flow repeatedly
  • Starting a new project and want to configure permissions
  • After a session with many manual approvals

Workflow

  1. Scan recent session data for permission patterns
  2. Identify frequently-approved tools and patterns
  3. Generate safe 
    alwaysAllow
    rules
  4. Present rules for approval before applying

Analysis

Step 1: Gather Permission Data

Check current permission rules:

cat .claude/settings.json 2>/dev/null | grep -A 20 "permissions"
cat ~/.claude/settings.json 2>/dev/null | grep -A 20 "permissions"

Step 2: Identify Safe Patterns

Auto-approve candidates (low risk):

  • Read
    — all file reads (read-only, no side effects)
  • Glob
    — file pattern matching (read-only)
  • Grep
    — content search (read-only)
  • Bash(git status)
    — read-only git commands
  • Bash(git diff*)
    — read-only git commands
  • Bash(git log*)
    — read-only git commands
  • Bash(npm test*)
    — test execution
  • Bash(npm run lint*)
    — linting
  • Bash(npm run typecheck*)
    — type checking

Ask candidates (medium risk — auto-approve only if user confirms):

  • Edit
    — file modifications
  • Write
    — new file creation
  • Bash(git add*)
    — staging changes
  • Bash(git commit*)
    — creating commits
  • Bash(npm install*)
    — dependency changes

Never auto-approve (high risk):

  • Bash(git push*)
    — affects remote
  • Bash(git reset --hard*)
    — destructive
  • Bash(rm -rf*)
    — destructive
  • Bash(curl*POST*)
    — external API calls
  • Any command with 
    --force
    or 
    --no-verify

Step 3: Generate Rules

{
  "permissions": {
    "allow": [
      "Read",
      "Glob",
      "Grep",
      "Bash(git status)",
      "Bash(git diff*)",
      "Bash(git log*)",
      "Bash(npm test*)",
      "Bash(npm run lint*)",
      "Bash(npm run typecheck*)"
    ],
    "deny": [
      "Bash(rm -rf *)",
      "Bash(git push --force*)",
      "Bash(git reset --hard*)"
    ]
  }
}

Output

PERMISSION TUNER REPORT

Current rules: [X] allow, [Y] deny, [Z] ask

Recommendations:
  Auto-approve (safe, read-only):
    + Read, Glob, Grep
    + Bash(git status), Bash(git diff*), Bash(git log*)

  Auto-approve (medium risk, frequently used):
    + Edit (approved X times this session)
    + Bash(npm test*) (approved X times)

  Keep asking:
    ~ Bash(git commit*) — verify commit messages
    ~ Write — verify new file creation

  Auto-deny (dangerous):
    - Bash(rm -rf *)
    - Bash(git push --force*)

Estimated prompts saved per session: ~[N]

Rules

  • Never auto-approve destructive operations
  • Always present rules for user approval before applying
  • Group rules by risk level (safe/medium/dangerous)
  • Include estimated prompt savings