Show HN: Control Claude permissions using a cloud-based decision table UI

Show HN: Control Claude permissions using a cloud-based decision table UI(github.com)

14 points by sidgarimella 122 days ago | 11 comments

We’ve been building visual rule engines (clear spreadsheet interfaces -> API endpoints that map incoming data to a large number of potential outcomes), and had the fun idea lately to see what happens when we use our decision table UI with Claude’s PreToolUse hook.

The result is a surprisingly useful policy/gating layer– these tables let your team:

- Write conditional, exception-friendly policies beyond globs/prefixes (e.g. allow rm -rf only in */node_modules/*, deny / or $HOME, ask if --force or network call; gate kubectl delete / SQL DROP with a clear reason)

- Roll out policy changes instantly (mid-run, flip a risky operation from allow → ask; the next attempt across devs and agents is gated immediately– no git pull or agent restart required)

- Adopt lightweight governance that is somewhat agent agnostic and survives churn (MCP/skills/etc)- just add columns/rules as new tools and metadata show up

- Gain a central utility to understand which tools are being used, which tools get blocked most often, and why

leadfootdrums 73 days ago |

Cool idea to help with AI governance enforcement. I just wrote a white paper about how to figure out the AI governance rules your organization needs for any AI features it enables. This is totally free, doesn’t ask for your email. It’s a novel adoption of Kimball’s Data Governance approach that has 30 years of success behind it. Turns out AI governance is an extension of this methodology.

encephalon.net/whitepaper

bflesch 122 days ago |

It's hard for me to comprehend how ublock origin blocks a total of 10 different tracking scripts on your website https://rulebricks.com/ and all you can come up with is a small text in the bottom saying "This website may collect cookies to optimize your user experience".

"May collect cookies"? Do you think google makes money by collecting cookies? You are brazenly lying into my face and even using a dark pattern to hide this ridiculously formulated sentence at the bottom of the screen.

Why does your company decide to employ falsehoods and dark patterns at such an obvious place? It erodes any trust.

sidgarimella 122 days ago | |

The wording has been updated, and we’ll review our instrumentation. Appreciate your feedback.

threecheese 122 days ago |

I like the approach, I’ve been looking for something with a UI but not from a corp compliance perspective; as I scale usage of Claude I am finding permission checks to be a huge pain in the neck. In my circle, you can identify someone who uses the heck out of Claude Code by their use of —dangerously-skip-permissions (I did that with fat fingers but without typos, that’s how often I need it).

furyofantares 122 days ago | |

> I did that with fat fingers but without typos, that’s how often I need it

You mean you don't just have it aliased to "claude" ?

sidgarimella 122 days ago | |

Guilty as charged

Thoughts on /permissions from the CLI?

sidgarimella 122 days ago |

Curious to learn if/how folks are using the PreToolUse hook in their own setup

iqandjoke 122 days ago |

Missing a lot critical commands: like passwd, shutdown, etc

sidgarimella 122 days ago | |

Will extend the decision table template when we can

hrimfaxi 122 days ago |

I really find it disingenuous when Show HNs link to a github that is just a landing page to get you to create an account for their service. Multiple clicks to find that free only covers 100 rule evaluations.

sidgarimella 122 days ago | |

Appreciate the feedback.