Comment by yencabulator
15 hours ago
As far as I understand, by default your claude-shebang files inherit the permissions that have been previously granted in the current directory you're executing them in.
15 hours ago
As far as I understand, by default your claude-shebang files inherit the permissions that have been previously granted in the current directory you're executing them in.
The ability to execute code is not granted as part of the directory permissions. By default the scripts will not be able to execute code, only run analysis and text gen tasks. You need to explicitly add the flags for permissions to execute code. There is an example of this above and a few more in the repo README.
Why wouldn't Claude Code, called by you, do its normal .claude/settings.local.json processing?
The constraints work consistent with Claude’s -p mode. It is isolated from your regular Claude interactive sessions and settings on purpose. And that makes it safer by default because you have to explicitly add permissions.
You can try this out and you’ll see what I mean if you run a few simple examples. This approach was based on experimentation and trying to be consistent with Claude’s own philosophy here.
1 reply →