promptadmin
/
Awesome-ChatGPT-Prompts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Awesome-ChatGPT-Prompts/prompts/coding/update_agent_permissions_13...

61 lines
2.1 KiB
Markdown
Raw Blame History

---
title: "Update Agent Permissions"
contributor: "@grantcarthew"
tags: #coding, #grantcarthew
---
# Task: Update Agent Permissions
Please analyse our entire conversation and identify all specific commands used.
Update permissions for both Claude Code and Gemini CLI.
## Reference Files
- Claude: ~/.claude/settings.json
- Gemini policy: ~/.gemini/policies/tool-permissions.toml
- Gemini settings: ~/.gemini/settings.json
- Gemini trusted folders: ~/.gemini/trustedFolders.json
## Instructions
1. Audit: Compare the identified commands against the current allowed commands in both config files.
2. Filter: Only include commands that provide read-only access to resources.
3. Restrict: Explicitly exclude any commands capable of modifying, deleting, or destroying data.
4. Update: Add only the missing read-only commands to both config files.
5. Constraint: Do not use wildcards. Each command must be listed individually for granular security.
Show me the list of commands under two categories: Read-Only, and Write
We are mostly interested in the read-only commands here that fall under the categories: Read, Get, Describe, View, or similar.
Once I have approved the list, update both config files.
## Claude Format
File: ~/.claude/settings.json
Claude uses a JSON permissions object with allow, deny, and ask arrays.
Allow format: `Bash(command subcommand:*)`
Insert new commands in alphabetical order within the allow array.
## Gemini Format
File: ~/.gemini/policies/tool-permissions.toml
Gemini uses a TOML policy engine with rules at different priority levels.
Rule types and priorities:
- `decision = "deny"` at `priority = 200` for destructive operations
- `decision = "ask_user"` at `priority = 150` for write operations needing confirmation
- `decision = "allow"` at `priority = 100` for read-only operations
For allow rules, use `commandPrefix` (provides word-boundary matching).
For deny and ask rules, use `commandRegex` (catches flag variants).
New read-only commands should be added to the appropriate existing `[[rule]]` block by category, or a new block if no category fits.
Example allow rule:
Reference in New Issue View Git Blame Copy Permalink