settings-invalid-permission

Permission rules must use valid tool names

Error

Rule Details

This rule validates that tool names used in the permissions.allow, permissions.deny, and permissions.ask arrays in settings.json are recognized Claude Code tools. Valid tools include Bash, Edit, Glob, Grep, Read, Write, and others, as well as MCP server references prefixed with mcp__. Using an invalid tool name means the permission rule will have no effect, which can leave unintended access open or block expected functionality.

Incorrect

Permission referencing a non-existent tool name

json

{
  "permissions": {
    "allow": ["Bassh(npm run build)"]
  }
}

Correct

Permission using valid tool names

json

{
  "permissions": {
    "allow": ["Bash(npm run build)", "Read", "mcp__myserver"]
  }
}

How To Fix

Check the tool name against the list of valid tools: Bash, Read, Write, Edit, Glob, Grep, Task, WebFetch, WebSearch, LSP, AskUserQuestion, EnterPlanMode, ExitPlanMode, Skill, TaskCreate, TaskUpdate, TaskGet, TaskList, TaskOutput, TaskStop, NotebookEdit. For MCP servers, use the mcp__ prefix followed by the server name.

Options

This rule does not have any configuration options.

settings-permission-invalid-rule

Resources

Version

Available since: v0.2.0

settings-invalid-permission ​

Rule Details ​

Incorrect ​

Correct ​

How To Fix ​

Options ​

Related Rules ​

Resources ​

Version ​