Skills
skills/defrex/claude-code-permission-policy/permission-hook

permission-hook

SKILL.md

Set up the Claude Code permission hook that uses Haiku to auto-approve safe tool invocations based on a per-repo security policy.

Authentication: The hook automatically reuses your Claude Code login (OAuth).

Steps

Step 1 — Install hook script into project

The hook script is distributed with this skill. Copy it into the target project so it works without any global dependencies.

  1. Read the hook source from ~/.claude/skills/permission-hook/permission-hook.ts.
  2. Create .claude/hooks/ in the current project root if it doesn't exist.
  3. Write the contents to .claude/hooks/permission-hook.ts — always overwrite to ensure the latest version.
  4. Tell the user: "Hook script installed/updated at .claude/hooks/permission-hook.ts."

Step 2 — Create repo security policy

  1. Check if .claude/SECURITY_POLICY.md exists in the current project root.
  2. If it already exists, tell the user: "Security policy already exists at .claude/SECURITY_POLICY.md — skipping. Edit it to customize."
  3. If it doesn't exist, copy the contents of ~/.claude/skills/permission-hook/SECURITY_POLICY_TEMPLATE.md to .claude/SECURITY_POLICY.md in the current project root.
  4. Tell the user to customize the policy for their project.

Step 3 — Configure hook in settings

  1. Read .claude/settings.json in the current project root (or treat as {} if it doesn't exist).
  2. Merge the following hook configuration, preserving all existing settings:
{
  "hooks": {
    "PermissionRequest": [
      {
        "matcher": "Bash|Read|Write|Edit|Glob|Grep|WebFetch|WebSearch",
        "hooks": [
          {
            "type": "command",
            "command": "bun .claude/hooks/permission-hook.ts",
            "timeout": 60
          }
        ]
      }
    ]
  }
}
  1. If there's already a PermissionRequest hook entry whose matcher includes "Bash", replace it. Otherwise, add a new entry.
  2. Write the updated settings back.

Step 4 — Summary

Print a summary:

  • Hook script: .claude/hooks/permission-hook.ts (installed/updated)
  • Security policy: .claude/SECURITY_POLICY.md (newly created or already existed)
  • Settings: .claude/settings.json updated with hook config
  • Remind user: "The hook uses your Claude Code login automatically."
  • Remind user: "Re-run /permission-hook anytime to update the hook script to the latest version."
Weekly Installs
1
Repository
defrex/claude-c…n-policy
GitHub Stars
3
First Seen
Mar 3, 2026
Security Audits
Gen Agent Trust HubWarn
SocketPass
SnykFail
Installed on
amp1
cline1
opencode1
cursor1
kimi-cli1
codex1