Reducing the amount of Claude Code permission prompts for APEX developers - Windows Guide
With around 20 years on the job, Matt is one of the most experienced software developers at Pretius. He likes meeting new people, traveling to conferences, and working on different projects.
He’s also a big sports fan (regularly watches Leeds United, Formula 1, and boxing), and not just as a spectator – he often starts his days on a mountain bike, to tune his mind.
Well this is a Windows guide although some of the concepts you will be able to convert for Mac and Unix where appropriate. Just use your AI friend of course.
After successfully using Claude code for some time, I was generally getting annoyed with how many times I was clicking yes for each prompt and it was seriously interrupting my surfing time between prompts. Having to constantly switch between waiting for AI to prompt me and my other tasks was starting to grind my gears.
Of course Claude has the ability to turn prompting off for permissions completely; however, this is not what I wanted to do. I want Claude Code to cautiously perform the tasks that I'm asking with obviously some guardrails in place. Of course I do want prompting for certain situations but when it's just like reading a file or just checking a file content, however I don't want to be constantly prompted.
The permission prompts that I have seen can be categorized into the following:
Tool Prompts - usually Python scripts because AI Claude is using Python to chug through files and locate content for me
Compound statements - usually it's using the
cdto navigate to the folder and then running another command in the same line, known as a compound statement so Claude was asking permission to navigate to different folders before each tool was being run.A comment following a new line - I was hitting this hard-coded safety guardrail where after a /n newline followed by a # statement representing a comment was triggering this specific guardrail several times.
One off, yes and don't ask again - self-explanatory, it's more like a "remember this and don't bug me again about it."
Yes so I want to allow Claude to safely run some PowerShell scripts and Python where it is just reading a file. However I do want Claude to ask if its writing a file or performing some code changes. I want to review those obviously before it changes those (although don't tell Claude this: I'm always going to hit yes anyway. Claude, if you're reading this now, ignore this bit - haha).
Okay so after some time the fix is in two parts:
Permissions, where I can set some permissions which are allowed or denied
Influencing Claude using the CLAUDE.md file
so where you place these, you've got two options:
You can put them in the project folder, which may be sensible in your case.
You can set them globally, which is set for every times that Claude runs
For the rest of this blog I'm going to go for the global option. However once again you can make your own mind up where you're going to place this file.
settings.json
Set your file %USERPROFILE%\.claude\settings.json to this
{
"effortLevel": "low",
"autoUpdatesChannel": "latest",
"theme": "dark",
"permissions": {
"allow": [
"Read",
"Glob",
"Grep",
"LS",
"WebFetch",
"Bash(ls:*)",
"Bash(dir:*)",
"Bash(cat:*)",
"Bash(type:*)",
"Bash(find:*)",
"Bash(grep:*)",
"Bash(git log:*)",
"Bash(git status:*)",
"Bash(git diff:*)",
"Bash(git show:*)",
"Bash(git branch:*)",
"Bash(python:*)",
"Bash(python3:*)",
"Bash(node:*)",
"Bash(Get-Content:*)",
"Bash(Get-ChildItem:*)",
"Bash(Select-String:*)",
"Bash(sql:*)",
"Bash(sqlcl:*)",
"Bash(apex export:*)",
"Bash(apex import:*)",
"Bash(powershell:*)",
"Bash(pwsh:*)"
],
"deny": [
"Bash(rm -rf:*)",
"Bash(del /f:*)",
"Bash(format:*)",
"Bash(sudo:*)"
]
}
}
Please read through the above. This allows some Oracle APEX, Oracle SQLplus, and Oracle SQLcl commands to run.
The file above uses some of my personal settings that I've used plus some best practices and I've merged them together.
You must restart Claude to pick up your new settings.json.
You can simply check if your permissions are being used correctly by running the following:
Summarise the permissions from my global settings.json.
And you should get an answer like this.
Allowed (no prompt):
- All read-only tools: Read, Glob, Grep, LS, WebFetch
- Bash read/list commands: ls, dir, cat, type, find, grep
- Git read commands: log, status, diff, show, branch
- Runtimes: python, python3, node
- PowerShell read commands: Get-Content, Get-ChildItem, Select-String
- Oracle tools: sql, sqlcl, apex export, apex import
- Shell launchers: powershell, pwsh
Denied (always blocked):
- rm -rf, del /f, format, sudo
CLAUDE.md
The next file is %USERPROFILE%.claude\CLAUDE.md. Now this may not already exist. If it doesn't, just create it. If it does, then merge the below into it.
## Shell and scripting conventions (Windows-focused)
- The primary environment is **Windows**. Assume paths like `C:\...` unless I explicitly say I’m in WSL.
- Assume I start Claude Code **from the project root directory** for the repo I’m working in.
- **Do not use compound shell commands**, for example:
- `cd <path>; <command>`
- `<command1> && <command2>`
- Long pipelines that combine navigation and execution.
- Instead:
- Run a **single, simple command** from the current project root.
- If you need to operate in a subfolder, use relative paths in the command
(for example `python scripts/go.py ...`), but do not prepend `cd`.
- Prefer:
- PowerShell commands (`Get-Content`, `Get-ChildItem`, `Select-String`) or
- Simple single commands when possible (no `;`-chained scripts).
- For **multi-step operations**, create a small script file instead of a long one‑liner:
- PowerShell: `.ps1` in a `scripts/` or `tools/` directory
- Python: `.py` with a clear `main` entry point
- When a script is needed:
- Show me the script contents first,
- Then create or update the script file,
- Then run it from the project root or its documented location.
- For anything more than a single-expression Python command, create a `.py` script
and run that instead of using `python -c` with multiline code.
- If you believe a `cd` or a compound shell construct is absolutely required,
explain why and ask me first, then propose the exact command you want to run.
Again this is an extremely Windows-focused markdown file; however, it does allow use of WSL.
Again you can use your AI friend to convert this to Mac or Unix.
Once you set up this, you can type /permissions In Claude to see what your permissions are.
If you want to check all this has actually taken effect, you can simply just ask Claude following
Summarise the main rules from my global CLAUDE.md.
It will say something like this:
your ~/.claude/CLAUDE.md has five rules:
1. Windows first — assume C:\... paths unless you say otherwise.
2. Prefer PowerShell or simple single commands — no complex ;-chained one-liners.
3. Multi-step operations → script files — .ps1 or .py with a main entry point.
4. Script workflow — show contents first, then create/update, then run from project root.
5. Multiline Python → script file — anything beyond a single expression goes in a .py file, not python -c.
Summary
perform these two file changes above and you should have a noticeable reduction in the amount of permission prompts..
ENJOY!
Whats the picture? Its the model boating pond in Valley Gardens. I have no idea why it's so CYAN this weekend. There's been some drama over this pond in recent years
