From 8b5a8dd87daf483e3903fda0e60793536aa76f3b Mon Sep 17 00:00:00 2001 From: promptadmin Date: Sat, 6 Jun 2026 20:35:43 +0000 Subject: [PATCH] Automated ingestion of prompt: Update Agent Permissions --- .../coding/update_agent_permissions_1388.md | 60 +++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 prompts/coding/update_agent_permissions_1388.md diff --git a/prompts/coding/update_agent_permissions_1388.md b/prompts/coding/update_agent_permissions_1388.md new file mode 100644 index 0000000..9c06dfa --- /dev/null +++ b/prompts/coding/update_agent_permissions_1388.md @@ -0,0 +1,60 @@ +--- +title: "Update Agent Permissions" +contributor: "@grantcarthew" +tags: #coding, #grantcarthew +--- + +# Task: Update Agent Permissions + +Please analyse our entire conversation and identify all specific commands used. + +Update permissions for both Claude Code and Gemini CLI. + +## Reference Files + +- Claude: ~/.claude/settings.json +- Gemini policy: ~/.gemini/policies/tool-permissions.toml +- Gemini settings: ~/.gemini/settings.json +- Gemini trusted folders: ~/.gemini/trustedFolders.json + +## Instructions + +1. Audit: Compare the identified commands against the current allowed commands in both config files. +2. Filter: Only include commands that provide read-only access to resources. +3. Restrict: Explicitly exclude any commands capable of modifying, deleting, or destroying data. +4. Update: Add only the missing read-only commands to both config files. +5. Constraint: Do not use wildcards. Each command must be listed individually for granular security. + +Show me the list of commands under two categories: Read-Only, and Write + +We are mostly interested in the read-only commands here that fall under the categories: Read, Get, Describe, View, or similar. + +Once I have approved the list, update both config files. + +## Claude Format + +File: ~/.claude/settings.json + +Claude uses a JSON permissions object with allow, deny, and ask arrays. + +Allow format: `Bash(command subcommand:*)` + +Insert new commands in alphabetical order within the allow array. + +## Gemini Format + +File: ~/.gemini/policies/tool-permissions.toml + +Gemini uses a TOML policy engine with rules at different priority levels. + +Rule types and priorities: +- `decision = "deny"` at `priority = 200` for destructive operations +- `decision = "ask_user"` at `priority = 150` for write operations needing confirmation +- `decision = "allow"` at `priority = 100` for read-only operations + +For allow rules, use `commandPrefix` (provides word-boundary matching). +For deny and ask rules, use `commandRegex` (catches flag variants). + +New read-only commands should be added to the appropriate existing `[[rule]]` block by category, or a new block if no category fits. + +Example allow rule: