FilterHN

Show HN: Mother May I? – Auto-approve safe Bash commands in Claude Code

3 points

by dgerlanc

1 hour ago

| past

| 0 comments

| github.com

| HN

Hi HN,

I built MMI (Mother May I?) with Claude Code to solve an annoying friction point: manually approving every single Bash command.

The Problem

Claude Code asks for permission before running any shell command. This is sensible from a security standpoint, but it means you're constantly hitting "approve" for commands like git status, pytest, or ls -la. It breaks flow and adds friction to every development session.

The Solution

MMI is a CLI hook that auto-approves known-safe commands while maintaining a fail-secure default. Unrecognized commands still require manual approval.

How it works:

1. Deny list checked first – Dangerous patterns (sudo, rm -rf /, chmod 777) are always rejected

2. Safe commands allowlisted – Read-only commands, test runners, linters, and build tools you configure

3. Proper shell parsing – Uses an AST-based parser (mvdan.cc/sh) to correctly handle pipes, chains, and quoted strings

4. Audit trail – Every decision logged to JSON-lines for debugging and compliance

Key design decisions:

- Fail-secure: Unknown commands require manual approval

- Command chains validated: "safe && dangerous" is rejected (ALL segments must be safe)

- Wrapper-aware: Strips timeout, env, .venv/bin/ before validation

- Heredoc-smart: Backticks inside quoted heredocs treated as literal text

Example config (TOML):

``` [safe] simple = ["ls", "pwd", "cat", "head", "tail"] subcommands.git = ["status", "log", "diff", "add", "commit", "push"] subcommands.cargo = ["build", "test", "check", "clippy"]

  [deny]
  simple = ["sudo", "su", "doas"]
  regex = ["rm\\s+(-[^\\s]*)?.*\\s+/($|\\s)"]

```

A note on security

Claude Code recently added built-in sandbox mode that restricts file system writes and network access. This is a great step toward secure defaults. However, MMI still provides value even with sandboxing:

- Audit trail – Every command decision logged for review and compliance

- Explicit allowlists – Know exactly what's approved rather than relying on implicit sandbox rules

- Deny patterns – Block specific dangerous patterns before they hit the sandbox

- Reduced interruptions – Sandbox mode can still prompt; MMI auto-approves known-safe commands

No allowlist can anticipate every attack vector. MMI is a convenience layer that reduces friction for common safe commands while maintaining defense-in-depth – it works alongside sandboxing, not as a replacement.

Why not just approve everything?

That defeats the purpose of Claude Code's permission system. MMI lets you define exactly which commands you trust, keeps a complete audit trail, and defaults to asking when uncertain.

The repo includes example configs for Python, Node, Rust, and a strict read-only mode.

GitHub: https://github.com/dgerlanc/mmi

Blog post with more details: https://dangerlanc.com/writing/mmi/

No one has commented on this post.