Configure Claude Code for Maximum Power

Claude Code ships with six permission modes, protected paths, allow/deny rules, hooks, and a deprecated flag that still half-works. Most people never touch any of it. They either get prompted constantly or they set one flag and think they are done.

This is the complete setup for running Claude Code at maximum power. No prompts. Max effort. Zero friction. I debugged this on my own machine after allow: ["*"] was not doing what I thought it was doing.

The Setup: Two Files, One Alias

You need three things configured correctly. Miss one and you will still get prompted.

1. Global Settings

Create or edit ~/.claude/settings.json:

{
  "permissions": {
    "allow": ["*"],
    "deny": [],
    "defaultMode": "bypassPermissions"
  },
  "skipDangerousModePermissionPrompt": true,
  "alwaysThinkingEnabled": true,
  "effortLevel": "max"
}

2. Shell Alias

Add to your .zshrc (or .bashrc):

alias c="CLAUDE_CODE_NO_FLICKER=1 claude --permission-mode bypassPermissions --effort max"

Now c launches Claude Code in bypass mode with max thinking effort and the smooth terminal renderer.

3. Source Your Shell

source ~/.zshrc

That is it. From now on, c runs Claude Code with zero prompts.

Why You Need Both Settings AND the Flag

This is the part that tripped me up.

• defaultMode: "bypassPermissions" in settings means even launching with plain claude (no alias) starts in bypass mode
• --permission-mode bypassPermissions in the alias is belt-and-suspenders. Explicitly sets it for the aliased command.
• skipDangerousModePermissionPrompt: true skips the "are you sure?" warning when entering bypass mode
• allow: ["*"] is a blanket allow for all tools. But without defaultMode it only works within default mode rules, which still protect certain paths.

The key lesson: allow: ["*"] is NOT the same as bypassPermissions. The allow rule works within the current mode's framework. bypassPermissions skips the framework entirely. You need defaultMode: "bypassPermissions" to truly remove all prompts.

The Deprecated Flag Trap

If you are using this:

alias c="claude --dangerously-skip-permissions --effort max"

It still works. But --dangerously-skip-permissions is deprecated. The canonical flag is now --permission-mode bypassPermissions. Update your alias before the old flag stops working.

Protected Paths: Why allow: ["*"] Still Prompts

Even with allow: ["*"] in default mode, these paths always prompt:

• .git/, .vscode/, .idea/, .husky/ - editor and repo config
• .claude/ - Claude's own config (except commands, agents, skills, worktrees)
• .gitconfig, .gitmodules
• .bashrc, .bash_profile, .zshrc, .zprofile, .profile - shell configs
• .mcp.json, .claude.json

This is exactly what happened to me. I had allow: ["*"] and was still getting prompted for .claude/ edits. Adding defaultMode: "bypassPermissions" fixed it because bypass mode skips the protected paths check entirely.

The Six Permission Modes

• default - Most restrictive. Prompts for every non-read operation. Protected paths always prompt.
• acceptEdits - Auto-approves file reads and edits. Still prompts for Bash commands and network access.
• plan - Read-only. Claude can read and search but cannot edit or run commands.
• auto - AI classifier (Sonnet 4.6) reviews every action. Auto-approves safe actions, blocks dangerous ones. Requires Team/Enterprise/API plan.
• dontAsk - Pure allowlist. Anything in permissions.allow executes. Everything else is silently denied. For CI/CD.
• bypassPermissions - Skips the permission layer entirely. No rules checked, no prompts. Maximum speed.

Press Shift+Tab during a session to cycle: default, acceptEdits, plan (and bypass/auto if enabled). Note: dontAsk is startup-only and never appears in the cycle.

Allow/Deny Rules: The Fine-Grained Option

If you want something between "prompt everything" and "bypass everything," rules let you pre-approve specific tools.

{
  "permissions": {
    "defaultMode": "acceptEdits",
    "allow": [
      "Bash(git *)",
      "Bash(npm *)",
      "Bash(python3 *)",
      "WebFetch(domain:github.com)"
    ],
    "deny": [
      "Bash(rm -rf *)"
    ]
  }
}

Rules evaluate in order: deny > ask > allow. If a tool is denied at any level, no other level can allow it. Deny always wins.

Path rules use gitignore-style patterns. One gotcha: /path is relative to the project root. Use //path (double slash) for absolute filesystem paths.

Every Setting Explained

{
  "permissions": {
    "allow": ["*"],              // blanket allow all tools
    "deny": [],                  // block rules (always win)
    "defaultMode": "bypassPermissions"  // startup mode
  },
  "skipDangerousModePermissionPrompt": true,  // skip "are you sure?"
  "alwaysThinkingEnabled": true,   // extended thinking always on
  "effortLevel": "max"             // thinking effort: min/low/medium/high/max
}

Settings files load in priority order: managed (highest) > CLI flags > local project > shared project > user global (lowest). A deny at any level blocks everything below it.

The Mistakes I Made So You Do Not Have To

• Thinking allow: ["*"] = bypass mode. It is not. allow works within the mode's framework. Protected paths still prompt in default mode.
• Using --dangerously-skip-permissions. Deprecated. Use --permission-mode bypassPermissions.
• Missing defaultMode in settings. Without it, you start in default mode regardless of allow rules.
• Forgetting to uninstall the old npm binary. If you switched to the native installer, the old npm claude may still be in your PATH taking precedence. Run which -a claude to check.

The maximum power configuration is two files and one alias. The settings file tells Claude Code to start in bypass mode with max effort. The alias makes it a single-character command. Once it is set up, you stop thinking about permissions entirely and just work.

Related Reading

• How to Install Claude Code the Right Way in 2026
• One Env Variable That Makes Claude Code Smoother
• Claude Code Commands You Didn’t Know Existed
• Claude Code Skills: The Complete Guide