Protected Paths - Claude Code
Auto-guarded directories like .git, .claude, and .vscode.
Protected paths are directories Claude Code refuses to modify without explicit, targeted approval - even in bypass mode.
What it does
.git, .claude, .vscode, and similar metadata directories are guarded by default. Edits or writes to anything inside them require a specific permission grant, not a blanket allow. It's a structural safety net - you can't accidentally rewrite your git history or clobber your Claude config by running a wide prompt.
When to use it
- Always. Protected paths are on by default and you should leave them on.
- Add your own sensitive paths to the guard list for project-specific safety.
- Pair with audit logging to catch attempts even when denied.
- Keep the guard in place even for trusted agents - the defense layers compound.
Gotchas
- Some legitimate workflows need to touch
.git(tools that rewrite hooks, for example). Grant tightly scoped rules for those. - Protected paths don't prevent reads. Claude can still see what's there.
- Custom protected paths live in settings. Changes apply on session restart.
Official docs: https://code.claude.com/docs/en/permission-modes.md#protected-paths
Technical content at the intersection of AI and development. Building with AI agents, Claude Code, and modern dev tools - then showing you exactly how it works.
Get the weekly deep dive
Tutorials on Claude Code, AI agents, and dev tools - delivered free every week.
Was this helpful?
