How do I update Claude Code permissions?

Note the exact command string that triggered the prompt, e.g.:

./projects/ores.codegen/codegen.sh regenerate --component refdata-cpp --profile nats-handler

$EDITOR doc/llm/claude_code_settings.org

Find the relevant ** Section (e.g. ** Code generation) by searching for the script name. Each section has a #+begin_src json ... #+end_src block holding the allow entries and prose explaining the covered surface.

Add a line for the missing variant. For a ./ prefix gap:

"Bash(./projects/ores.codegen/codegen.sh *)",
"Bash(projects/ores.codegen/codegen.sh *)",

Keep both variants (with and without ./) — callers use both forms. Update the prose above the block to document the new variant. Update the #+updated: frontmatter date.

./compass.sh build --direct settings

This must run outside the sandbox (dangerouslyDisableSandbox: true). Expected output:

Tangled 1 code block from claude_code_settings.org
Settings deployed to …/.claude/settings.json

python3 -m json.tool .claude/settings.json | grep -A1 "codegen"

Confirm the new entry is present in the JSON.

Commit both the org source and the generated JSON together so the repo stays consistent:

git add doc/llm/claude_code_settings.org .claude/settings.json
git commit -m "[settings] Add ./prefix variant for <script>"