Permissions Reference
34 allow | 4 ask | 30 deny | 16 environment variables
The ADLC framework configures Claude Code's permission system as the second line of defense (hooks are first). Permissions are enforced by the Claude Code runtime before hook scripts fire.
3-Tier Permission Model
Allow (34 entries) -- Auto-approved
Operations that are always safe and do not require user confirmation.
| Category | Permissions |
|---|---|
| File reading | Read(*), Glob(*), Grep(*) |
| Directory inspection | Bash(tree:*), Bash(ls:*), Bash(find:*) |
| Git read-only | git status, git log, git diff, git show, git branch, git remote |
| Task commands | Bash(task:*), task cdk:*, task terraform:*, task docs:*, task spec:* |
| Terraform read-only | terraform init/validate/fmt/version/providers/output/show/state list/state show/graph/test/terraform-docs |
| Security scanning | infracost:*, checkov:*, tflint:*, trivy:*, tfsec:* |
| Container | docker exec adlc-*:*, docker compose:* |
| Package inspection | npm outdated, npm audit, npm view, uv pip list, pip index, pip show |
| Testing | npm test, npx playwright:*, go test:*, go version:* |
| Utilities | jq:*, mkdir:*, cat:*, terragrunt:* |
Ask (4 entries) -- User prompted
Operations that are generally safe but benefit from human review before execution.
| Permission | Rationale |
|---|---|
Bash(terraform plan:*) | Shows infrastructure changes -- review before applying |
Bash(tofu plan:*) | OpenTofu equivalent |
Write(*) | Creating new files -- review content |
Edit(*) | Modifying existing files -- review changes |
Deny (30 entries) -- Permanently blocked
Operations that must never be performed by agents. These are blocked at the Claude Code runtime level.
| Category | Blocked Permissions |
|---|---|
| Sensitive file reading | .env, .env.*, secrets/**, *.pem, *.key, *.secret, kubeconfig, *credentials* |
| Destructive system | rm -rf:*, sudo:*, dd:*, mkfs:* |
| IaC mutations | terraform apply/destroy/state rm/import/taint, tofu apply/destroy, cdk deploy/destroy/bootstrap |
| Git mutations | git add/commit/push/merge/rebase/reset/revert/stash/cherry-pick/tag |
| Kubernetes destructive | kubectl delete:*, helm delete/uninstall:*, k3d cluster delete:* |
| Publishing | npm publish:*, docker push:* |
Environment Variables
16 variables configure ADLC enforcement behavior at runtime.
| Variable | Value | Purpose |
|---|---|---|
ADLC_VERSION | 3.4.0 | Framework version |
ADLC_CONSTITUTION_VERSION | 2.1.0 | Active constitution |
ADLC_ENFORCEMENT_MODE | BLOCKING | Hooks enforce (not advisory) |
ADLC_AGENT_AGREEMENT_THRESHOLD | 95 | Minimum PO+CA agreement % |
ADLC_STRICT_EVIDENCE | true | Evidence paths must resolve to files |
ADLC_NO_NATO | true | Completion claims require evidence |
ADLC_MAX_PDCA_CYCLES | 7 | HITL escalation trigger |
ADLC_MANDATORY_AGENTS | product-owner,cloud-architect | Required coordination agents |
ADLC_EVIDENCE_DIR | tmp/ | Root evidence directory |
ADLC_FRAMEWORK_DIR | framework/ | Framework source directory |
ADLC_INVEST_MIN_SCORE | 4 | Minimum INVEST score for features |
ADLC_PASS_RATE_THRESHOLD | 99.5 | Constitutional pass rate target |
ADLC_COVERAGE_THRESHOLD | 80 | Code coverage target % |
ADLC_VISUAL_DIFF_THRESHOLD | 1 | Visual regression pixel threshold |
ADLC_TRACK_ENFORCEMENT | true | Track classification enabled |
ADLC_TARGET_INDUSTRIES | FSI,Energy,Telecom,Aviation | Enterprise industry profiles |
Anti-Pattern Declarations
The settings.json declares 12 anti-patterns with BLOCKED status. These serve as documentation and configuration for enforcement hooks.
| Anti-Pattern | Status | Description |
|---|---|---|
STANDALONE_EXECUTION | BLOCKED | Specialist work without PO+CA approval |
RUBBER_STAMP_COORDINATION | BLOCKED | Background agent launch then proceed |
NATO_VIOLATION | BLOCKED | Claims without evidence paths |
LOCALSTACK_FOR_K8S | BLOCKED | Using LocalStack for K3D/K3S (0% value) |
SKIP_CONSUMER_E2E | BLOCKED | Publishing without consumer verification |
ROOT_FILE_POLLUTION | BLOCKED | Creating .md files at project root |
SSOT_BYPASS | BLOCKED | Editing derived docs instead of sources |
ENTERPRISE_CODE_LEAK | BLOCKED | Enterprise code in public rendering |
MISSING_TRACK_FIELD | BLOCKED | Marketplace components without track field |
CI_CONTAINER_EACCES | BLOCKED | Container job without --user 0 |
SUBMODULE_PAT_MISSING | BLOCKED | Checkout submodules without PAT token |
Agent Utilization Matrix
Recommended agent team composition by task type.
| Task Type | Agents |
|---|---|
| New feature | product-owner, cloud-architect, infrastructure-engineer |
| Bug fix | qa-engineer, infrastructure-engineer |
| Security audit | security-compliance-engineer, qa-engineer |
| Cost analysis | cloud-architect, observability-engineer |
| Deployment | cloud-architect, infrastructure-engineer, qa-engineer |
| npm release | qa-engineer, cloud-architect |
| Documentation | frontend-docs-engineer, product-owner |
| Framework extension | meta-engineering-expert, qa-engineer |
Mandatory Workflow Patterns
| Pattern | Enabled | Blocking | Description |
|---|---|---|---|
ENTERPRISE_FRAMEWORK | Yes | Yes | PO+CA must be invoked first |
PARALLEL_SPECIALIST | Yes | No | Specialists execute in parallel after coordination |
EVIDENCE_BASED_COMPLETION | Yes | Yes | Completions require artifacts in tmp/ |
PDCA_AUTONOMOUS | Yes | Escalation | Max 7 cycles, then HITL escalation |
TRACK_CLASSIFICATION | Yes | Yes | Marketplace components need track field |
Related Pages
- Hook Enforcement Reference - All 12 hooks with implementation details
- Governance Rules - Anti-patterns and content classification
- Components - All 7 component types