每次为 ls、cat 或 git status 点击"批准",你就要多等 3 秒。一天 50 次弹窗,代价不小。解决方法是一次性扫描:LingCode 读取你过去的对话记录,找出你反复批准的安全命令,并为你生成个性化白名单。
LingCode 在执行每条 Bash 命令前都会弹出提示,原因很充分:它无法事先区分 ls 和 rm -rf。默认策略必须保守,否则总有人会因此丢失工作成果。
但在真实使用一周之后,你实际上反复批准的命令其实只有少数几类:
ls、cat、head、tail、file、stat。git status、git diff、git log、git show、git branch。npm test、npm run lint、cargo check、swift build。which、node --version、echo $PATH。这些命令都不会改变系统状态,根本不需要弹窗确认。手动把它们一条条写进白名单太费心力,几乎没人真的去做——本教程用一次扫描代替这份苦差事。
LingCode 将对话记录以 JSON 文件的形式保存在本地,路径为 ~/.claude/projects/,按工作目录分命名空间。每个记录中都包含每次工具调用的完整参数,以及用户是否批准了该调用。
扫描会检查:
list、get、read、describe——通常是安全的候选项)。扫描不会触碰你的代码或任何敏感内容——只分析工具调用的元数据及其批准记录。
在聊天面板中,向 LingCode 提问:
Scan my recent transcripts for repeated safe Bash and MCP tool
calls. Build me a prioritized allowlist for this project's
.claude/settings.json. Show me the proposed diff before applying.LingCode 会遍历 ~/.claude/projects/ 中的记录,统计每条命令的批准次数,将其归类为安全类别(只读、构建检查、环境查看)或"需人工判断"类别(任何写入磁盘、网络或系统状态的操作),并提议向 permissions.allow 添加新条目。
输出大致如下:
Found 47 unique approved Bash patterns across 23 sessions.
Categorizing:
- read-only: 19 patterns, 312 total approvals
- build/test: 8 patterns, 94 approvals
- env inspection: 6 patterns, 41 approvals
- judgment call: 14 patterns (NOT proposing)
Top 12 by frequency:
Bash(ls:*) ........ 87 approvals
Bash(git status:*) ........ 54 approvals
Bash(cat:*) ........ 41 approvals
Bash(git diff:*) ........ 38 approvals
Bash(npm test:*) ........ 22 approvals
...
Proposed diff for <repo>/.claude/settings.json:
+ "Bash(ls:*)",
+ "Bash(cat:*)",
+ "Bash(head:*)",
...不要盲目接受 diff。像审查代码一样阅读它。需要检查三点:
Bash(git:*) 匹配 git status,但也匹配 git push --force。建议使用更精确的形式,例如将 Bash(git status:*)、Bash(git diff:*)、Bash(git log:*) 分别作为独立条目。curl、wget、npm install、git push,或任何带重定向的命令,请将其删除。这类命令应保持手动批准,以便你保持对它们的关注。Bash(ls:*) 适合放在用户级文件(~/.claude/settings.json),让所有项目都能受益。Bash(./scripts/build.sh:*) 则适合放在项目级文件中。扫描默认输出到项目文件——根据需要逐步将条目提升至用户级。curl https://example.com 这样看似无害的命令,如果 URL 是在运行时拼接而成的,也可能被利用。扫描默认过滤这类命令;如果你在提案列表中看到了它,说明 LingCode 无法确定其安全性——建议保留提示。
确认提案没问题后,告诉 LingCode:
Apply the cleaned-up allowlist to .claude/settings.json. Show the
final file when done.LingCode 会将新条目追加写入文件(不会删除现有条目),并打印最终结果。文件支持热重载——下次对话立即生效。
如果项目根目录下还没有 .claude/settings.json,LingCode 会自动创建一个标准骨架文件。如果你希望规则写入用户级文件,请明确说明:"apply to ~/.claude/settings.json instead of the project file."
真正的检验不是"文件有没有保存",而是"下次对话中提示是否变少了"。在同一个仓库中开启新对话,让 LingCode 做一件原本会触发提示的事:
Show me the most recently modified files in src/ and tell me
what they likely do.如果白名单生效,LingCode 运行 ls、stat、cat 等命令时不会弹出任何批准对话框。如果仍然出现提示,最常见的原因是白名单中的模式与 LingCode 实际执行的命令不匹配——详细的 glob 语法请参见自定义权限与环境变量。
工作流会随时间变化。新工具加入轮换,旧工具逐渐淘汰。每隔几周重新扫描一次,能让白名单保持与现实同步:
Re-scan transcripts since <date of last scan> and propose
additions to .claude/settings.json. Don't touch existing entries.扫描支持增量模式——给定一个起始日期,它只统计该日期之后的批准记录。这样可以避免白名单悄悄积累大量过时条目。
rm、mv、dd、shutdown、kill -9(即使你之前批准过)。sudo 或 doas 开头的命令。npm install、pip install、brew install、cargo install。这些命令会改变全局状态,并会拉取任意代码。git push、scp、向远端执行的 rsync、curl -X POST。curl ... | sh 模式。这类命令每次都应手动批准。扫描会倾向于保留这些命令的弹窗提示。如果你确实想把其中某条加入白名单,请手动添加——但务必将 glob 模式写得尽量精确。
扫描、分类、提案、审查、应用、重新扫描——这整套流程已被打包成一个 skill。将其放入 skills 文件夹,然后让 LingCode 执行"reduce my permission prompts"或"build me an allowlist"即可触发:
---
name: fewer-permission-prompts
description: Use to reduce permission-prompt fatigue. Scans Claude Code session transcripts for common read-only Bash and MCP tool calls (ls, cat, grep, git status, find, etc.), then adds a prioritized allowlist to project .claude/settings.json. Triggers: 'too many permission prompts', 'allowlist commands', 'stop asking permission', 'auto-approve safe commands', 'reduce prompts', 'allow X command'. Actions: scan transcripts, classify SAFE-READ vs JUDGMENT, append to permissions.allow, save the 3-second tax on every ls. Hard exclude: rm, sudo, package installs, network writes.
---
Reduce LingCode permission prompts by analyzing past transcripts and
proposing a personalized allowlist.
Steps:
1. Walk ~/.claude/projects/<cwd>/ JSON transcripts (or the
user-specified directory if asked). Count approved Bash and MCP
tool calls per pattern. If a date floor was given, only count
approvals after it.
2. Classify each pattern:
- SAFE-READ: inspection-only verbs (ls, cat, head, tail, file,
stat, pwd, which, git status, git diff, git log, git show, git
branch, cargo check, swift build, npm test, npm run lint, npx
tsc --noEmit, node --version, env, echo).
- JUDGMENT: anything writing to disk, network, or system state.
Do NOT propose these — leave them prompting.
3. Sort SAFE-READ by frequency. Drop one-offs (≤2 approvals).
Convert exact commands to prefix-glob "Bash(<verb>:*)" only
when the verb is universally safe; otherwise keep the literal.
4. Default target is <repo>/.claude/settings.json. Universal
patterns (ls, cat, git status, git diff) can be hoisted to
~/.claude/settings.json — note this as an option in the diff.
5. Show the diff first. Never modify settings.json until the user
approves. Preserve existing entries; only append.
6. After applying, suggest re-running the scan in 2 weeks with a
date floor of today.
Hard exclusions — never propose: rm, mv, dd, shutdown, kill, sudo,
doas, npm install, pip install, brew install, cargo install, git
push, scp, rsync to remotes, curl -X POST, curl|sh patterns.将其保存为 ~/.lingcode/skills/fewer-permission-prompts/SKILL.md——关于具体路径及 skill 的发现机制,请参见安装 skill。