Back to Details

permission-analyzer

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Permission Analyzer

权限分析工具

Generate permissions configuration based on actual tool usage from past sessions.
基于过往会话中的实际工具使用情况生成权限配置。

Workflow

工作流程

  1. Run the analysis script for the current project:
    bash
    ~/.claude/skills/permission-analyzer/scripts/analyze_permissions.py
  2. Review the generated permissions output
  3. Offer to merge into existing settings:
    • If 
      .claude/settings.json
      exists, merge the 
      permissions
      section
    • If not, create new file with generated config
    • Preserve existing settings (model, env, etc.)
  1. 为当前项目运行分析脚本:
    bash
    ~/.claude/skills/permission-analyzer/scripts/analyze_permissions.py
  2. 查看生成的权限输出结果
  3. 选择合并到现有设置中:
    • 若.claude/settings.json已存在,合并
      permissions
      字段
    • 若不存在,则使用生成的配置创建新文件
    • 保留现有设置(模型、环境变量等)

Script Output

脚本输出

The script outputs to stderr (summary) and stdout (JSON):
Analyzing: /path/to/project
Sessions analyzed: 42

Bash commands found:
  git: 150
  make: 80
  go: 45

MCP tools found:
  mcp__devtools__think

{
  "permissions": {
    "allow": ["Bash(git:*)", "Bash(go:*)", ...],
    "deny": [...],
    "defaultMode": "acceptEdits"
  }
}
脚本会将摘要输出到stderr,JSON内容输出到stdout:
Analyzing: /path/to/project
Sessions analyzed: 42

Bash commands found:
  git: 150
  make: 80
  go: 45

MCP tools found:
  mcp__devtools__think

{
  "permissions": {
    "allow": ["Bash(git:*)", "Bash(go:*)", ...],
    "deny": [...],
    "defaultMode": "acceptEdits"
  }
}

Generated Rules

生成的规则

Allow list includes:
  • Development commands used (git, make, go, npm, cargo, etc.)
  • Filesystem commands used (ls, mkdir, find, etc.)
  • MCP server wildcards for servers that were used
Deny list includes:
  • Dangerous gh operations (merge, delete, secrets, auth)
  • Sensitive file patterns (.env, secrets/, *.pem, *.key)
  • Destructive commands (rm -rf, sudo, chmod 777)
允许列表包含:
  • 实际使用的开发命令(git、make、go、npm、cargo等)
  • 实际使用的文件系统命令(ls、mkdir、find等)
  • 已使用服务对应的MCP服务通配符
拒绝列表包含:
  • 危险的gh操作(合并、删除、密钥、认证)
  • 敏感文件模式(.env、secrets/、.pem、.key)
  • 破坏性命令(rm -rf、sudo、chmod 777)

Merging Settings

合并设置

When 
.claude/settings.json
exists, merge only the 
permissions
key while preserving other settings. If user has custom allow/deny rules, ask whether to merge or replace.
当.claude/settings.json已存在时,仅合并
permissions
键,同时保留其他设置。若用户已有自定义的允许/拒绝规则,询问用户是合并还是替换。