Skill

prep-permissions

Analyze the active task plan and .claude/.prove.json to configure .claude/settings.local.json with scoped permission rules. Use before orchestrator, autopilot, or implementation. Triggers on "prep permissions", "setup permissions", "configure permissions", "allow tools", "stop asking me".

From prove

Install

Run in your terminal

npx claudepluginhub mjmorales/claude-prove --plugin prove

Tool Access

This skill uses the workspace's default tool permissions.

Skill Content

Similar Skills

cache-components

Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.

cache-components

138.8k

claude-opus-4-5-migration

2 files

Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.

claude-opus-4-5-migration

83.2k

bmad-help

Analyzes BMad project state from catalog CSV, configs, artifacts, and query to recommend next skills or answer questions. Useful for help requests, 'what next', or starting BMad.

bmad-pro-skills

43.8k

Stats

Stars0

Forks0

Last CommitMar 29, 2026

Actions

View Source View Plugin View on GitHub View README

Prep Permissions

Configure .claude/settings.local.json with scoped tool permissions for the active task.

Phase 1: Gather Context

Read these files (skip missing ones):

.prove/TASK_PLAN.md — implementation steps, languages, tools
.prove/plans/plan_*/05_implementation_plan.md — file paths, commands
.claude/.prove.json — validator and reporter commands
.claude/settings.local.json — existing rules to preserve
Project root — check for go.mod, package.json, Cargo.toml, pyproject.toml, Makefile, project.godot

Phase 2: Build Permission Rules

Generate permissions.allow rules with the most specific patterns possible.

Baseline

Bash(git *)
Bash(mkdir *)
Edit
Write

From .claude/.prove.json

Each validator/reporter command becomes a Bash rule:

"command": "go build ./..." -> Bash(go build *)
"command": "./.prove/notify.sh" -> Bash(./.prove/notify.sh *)

From auto-detected toolchain (when no .prove.json)

Indicator	Rules
`go.mod`	`Bash(go build )`, `Bash(go test )`, `Bash(go vet )`, `Bash(go mod )`, `Bash(go run *)`
`package.json`	`Bash(npm )`, `Bash(npx )`
`Cargo.toml`	`Bash(cargo *)`
`pyproject.toml`	`Bash(python )`, `Bash(pip )`, `Bash(pytest )`, `Bash(mypy )`, `Bash(ruff *)`
`Makefile`	`Bash(make *)`
`project.godot`	`Bash(godot *)`

From task plan

Scan for mentioned tools:

Database migrations -> Bash(migrate *), Bash(goose *), etc.
Docker -> Bash(docker *), Bash(docker-compose *)
Scripts -> Bash(bash scripts/*), Bash(./scripts/*)

Orchestrator/full-auto mode

Bash(bash $PLUGIN_DIR/scripts/*) — prove helper scripts
Agent(principal-architect), Agent(general-purpose), Agent(Explore), Agent(Plan)

Require user approval (do not add to allow)

Bash(rm *), Bash(git push *), Bash(git reset *) — destructive ops
Bash(curl *), Bash(wget *) — network calls
Bash(sudo *) — elevated privileges
Anything touching .env, credentials, or secrets

Phase 3: Confirm with User

Present rules grouped by category (git, build/test, file ops, orchestrator, still-requires-approval). Use AskUserQuestion with header "Permissions": "Approve" / "Modify".

Phase 4: Write Configuration

Read existing .claude/settings.local.json if present
Merge new permissions.allow with existing rules (deduplicate)
Preserve existing permissions.deny or permissions.ask rules
Write the file (create .claude/ if needed). Only modify settings.local.json, not the shared settings.json.
Remind the user to restart Claude Code and confirm .claude/settings.local.json is in .gitignore