Claude Code Guardrails
settings.json works if:
You're fine editing JSON and killing Claude Code sessions every time policy changes
Your security team is comfortable making PRs
You don't need to know what got blocked, when, or for whom
Basic pattern matching like Bash(rm:*) covers your use cases
Use this if:
Policy changes need to apply instantly across your team—no git pull, no restart
Security/compliance needs a clear audit trail of every blocked command
You need conditional logic: "allow rm -rf on node_modules , deny everywhere else"
... continue reading