Setup permissions once.

l-mb · l-mb · commit fcc9f9718196 · 2026-03-02T16:59:58.000+01:00
Signed-off-by: Lars Marowsky-Bree &lt;lars@marowsky-bree.eu&gt;
diff --git a/skills/py-code-health/SKILL.md b/skills/py-code-health/SKILL.md
@@ -23,6 +23,8 @@ Remove dead code and consolidate duplication to keep codebase clean and maintain
 - **vulture**: AST-based dead code detection
 - **pylint**: Duplicate code detection
 
+**Permissions**: Run py-quality-setup first to configure `.claude/settings.local.json` with all needed tool permissions.
+
 ## Dead Code Detection
 
 ### Find Unused Code
diff --git a/skills/py-complexity/SKILL.md b/skills/py-complexity/SKILL.md
@@ -28,6 +28,8 @@ Effective use of context windows.
 - **xenon**: CI/CD threshold enforcement
 - **wily**: Track trends across git history
 
+**Permissions**: Run py-quality-setup first to configure `.claude/settings.local.json` with all needed tool permissions.
+
 ## Discovery Phase
 
 ### Measure Complexity
diff --git a/skills/py-git-hooks/SKILL.md b/skills/py-git-hooks/SKILL.md
@@ -25,6 +25,8 @@ Configure git pre-commit hooks using the pre-commit framework to enforce code qu
 - **mypy**: Standard Python type checker
 - **basedpyright**: Enhanced type analysis
 
+**Permissions**: Run py-quality-setup first to configure `.claude/settings.local.json` with all needed tool permissions.
+
 ## Setup Workflow
 
 ### Step 1: Check for Existing Hooks
diff --git a/skills/py-modernize/SKILL.md b/skills/py-modernize/SKILL.md
@@ -25,6 +25,8 @@ Upgrade Python projects to use modern tooling, syntax, and patterns following En
 - **pyupgrade**: Auto-upgrade syntax to newer Python
 - **ruff**: Modern linter with UP rules
 
+**Permissions**: Run py-quality-setup first to configure `.claude/settings.local.json` with all needed tool permissions.
+
 ## Package Manager: pip → uv
 
 ### Why uv?
diff --git a/skills/py-quality-setup/SKILL.md b/skills/py-quality-setup/SKILL.md
@@ -161,7 +161,55 @@ A.When using `pyrightconfig.json` for multi-package projects, REMOVE the `tool.b
    basedpyright .
    ```
 
-6. **Configure git hooks** (if requested)
+6. **Configure Claude Code permissions**
+
+   Write `.claude/settings.local.json` so all py-* skills can run without permission prompts. If the file already exists, merge new entries into the existing `allow` list without removing user entries.
+
+   ```json
+   {
+     "permissions": {
+       "allow": [
+         "Bash(ruff *)",
+         "Bash(mypy *)",
+         "Bash(basedpyright *)",
+         "Bash(pytest *)",
+         "Bash(vulture *)",
+         "Bash(pylint *)",
+         "Bash(radon *)",
+         "Bash(lizard *)",
+         "Bash(wily *)",
+         "Bash(bandit *)",
+         "Bash(mutmut *)",
+         "Bash(pyupgrade *)",
+         "Bash(scc *)",
+         "Bash(pre-commit *)",
+         "Bash(uv *)",
+         "Bash(pip *)",
+         "Bash(python3 *)",
+         "Bash(python *)",
+         "Bash(source *)",
+         "Bash(which *)",
+         "Bash(mkdir *)",
+         "Bash(chmod *)",
+         "Bash(ls *)",
+         "Bash(cp *)",
+         "Bash(git add *)",
+         "Bash(git diff *)",
+         "Bash(git status *)",
+         "Bash(git log *)",
+         "Bash(git ls-files *)",
+         "Bash(git checkout *)",
+         "Bash(git branch *)",
+         "Bash(git commit *)"
+       ],
+       "deny": []
+     }
+   }
+   ```
+
+   **Merge logic**: Read existing file, parse JSON, take union of `allow` lists, write back. Create `.claude/` directory if needed.
+
+7. **Configure git hooks** (if requested)
    - Set up pre-commit hook to run linters
    - See py-git-hooks skill
 
@@ -214,6 +262,7 @@ ignore_missing_imports = true
 - [ ] ruff check passes (or only expected errors)
 - [ ] mypy . passes (or only expected errors)
 - [ ] basedpyright . passes (or only expected errors)
+- [ ] `.claude/settings.local.json` exists with permissions for all quality tools
 
 ## Examples
 
diff --git a/skills/py-refactor/SKILL.md b/skills/py-refactor/SKILL.md
@@ -38,6 +38,7 @@ Follow this impact-based prioritization:
 ```
 1. If quality tools not configured (pyproject.toml):
    → Invoke: py-quality-setup
+   (also configures .claude/settings.local.json permissions for all tools)
 
 2. Add analysis tools to [dependency-groups] dev in pyproject.toml:
    "radon", "vulture", "pylint", "bandit", "lizard",
diff --git a/skills/py-security/SKILL.md b/skills/py-security/SKILL.md
@@ -24,6 +24,8 @@ Find and fix security vulnerabilities in Python code following Engineering Chart
 - **bandit**: AST-based security scanner
 - **ruff --select S**: Built-in Bandit rules (faster alternative)
 
+**Permissions**: Run py-quality-setup first to configure `.claude/settings.local.json` with all needed tool permissions.
+
 ## Discovery Phase
 
 ### Run Security Scanners
diff --git a/skills/py-test-quality/SKILL.md b/skills/py-test-quality/SKILL.md
@@ -25,6 +25,8 @@ Measure test coverage and verify test suite effectiveness using coverage analysi
 - **mutmut**: Mutation testing - verifies tests catch bugs
 - **cosmic-ray**: Advanced mutation testing (slower)
 
+**Permissions**: Run py-quality-setup first to configure `.claude/settings.local.json` with all needed tool permissions.
+
 ## Coverage Analysis
 
 ### Measure Coverage
