Skip to content

How to control what Claude Code is allowed to do

Do this with Claude CodeCopy a prompt that links the cckit docs so Claude learns the CLI, then follows these steps.

What you’ll understand: cckit asks before it changes anything in a repo it hasn’t worked in before. This tutorial walks the permission gate — how consent is recorded, what always runs regardless, and what needs a separate confirmation — so you know exactly what an agent driving cckit can and can’t do on your behalf.

  1. Start read-only. In an unknown repo, cckit is read-only by default. Point it at the project and inspect state without granting anything:

    Terminal window
    cckit scan --llm # detect repo root, stack hints, and kit state — reads only
  2. Consent is recorded before the first mutation. The first time cckit is about to change something, it records your yes in .cckit/consent (gitignored) — so consent is explicit, local, and never committed.

  3. Destructive operations still ask every time. Force-push, repo creation, and history rewrites always require a separate, explicit confirmation — consent to mutate does not cover them.

cckit resolves its config by walking up from where you invoke it (nearest wins: $KIT_CONFIG, then cckit.config.json, then .claude/kit.config.json, then its own fallback) — no org, repo, or path is hardcoded. Everything it writes about you — consent, identity, your privacy denylist — lands in .cckit/, which is gitignored, so it never leaves your machine. Two things are not negotiable: the secret and privacy guard always runs before anything is committed, and consent never bypasses it.

cckit won’t mutate the repo. It hasn’t recorded consent yet. The first mutating operation prompts for it; approve once and it’s stored in .cckit/consent.

A destructive op keeps asking. By design — force-push, repo create, and history rewrite always require explicit confirmation, even after you’ve consented to ordinary mutations.

The guard blocked a commit even though I consented. Consent doesn’t bypass the secret/privacy guard — that always runs. See stop Claude committing secrets.

Independent, educational project — not affiliated with or endorsed by Anthropic. Claude and Claude Code are trademarks of Anthropic PBC. Disclaimer & trademarks ·

From Mexico with love by josegtz