The Permission Rules You Added for Safety Are Taxing Every Turn — Auditing the Ruleset Without Loosening It
Version 2.1.209 fixed the per-turn slowdown from large deny/ask rulesets, but the design debt in your rules is still yours. Here are the audit scripts, a shadowing detector, a turn-timing harness, and how to fold enumerated rules into prefix rules safely.
Give an Unattended Agent Only the MCP Tools It Needs — Enforcing a Deny-by-Default Policy
An unattended Claude Code agent can't lean on a permission prompt, so whatever a tool can reach becomes the blast radius. Here's how to lock MCP servers and tools down to deny-by-default and hand back only what the job needs, with managed-settings.json examples.
Stopping Claude Code Before It Runs a Destructive Command — a PreToolUse Screening Hook
How I wired a PreToolUse hook that screens every Bash command Claude Code is about to run: the settings.json setup, the Python screening script, what exit code 2 really does, and the false positives I tuned out over several weeks.
react-native-permissions vs Expo Permissions API — Claude Code
Should you use react-native-permissions or the Expo permissions API? This guide clarifies the decision criteria and shows practical iOS/Android implementation patterns using Claude Code, including common pitfalls and Privacy Manifest requirements.