A fast, simple, deterministic Claude Code auto-allow mode, for the masses.
Turnstile lets Claude Code run the safe commands you'd never bother to confirm and stops the dangerous ones before they reach the model. It's a PreToolUse hook that returns allow, ask, or deny from a TOML ruleset in a couple of milliseconds.
Claude Code's built-in permissions block uses exact string matching and operates after the tool call reaches the harness. Turnstile runs at the PreToolUse hook stage with RE2 regular expressions, gives deny precedence over allow, supports scoped cd roots so directory traversal is blocked, and parses Bash commands segment-by-segment so pipelines, subshells, and redirections are validated independently. That makes it easy to express policies like "allow all git commands except those that modify remote state" or "block kubectl delete anywhere in a pipeline."
Install the binary:
go install github.com/rogvc/turnstile@latestWire it up:
turnstile installOr manually merge this into ~/.claude/settings.json (assuming turnstile is on your PATH):
{
"hooks": {
"PreToolUse": [
{
"hooks": [{ "type": "command", "command": "turnstile", "timeout": 1 }]
}
]
}
}Verify it's working:
turnstile --test 'git status'
# Expected: allow
turnstile --test 'sudo rm -rf /'
# Expected: denyFor everything else, see the docs directory:
- Usage covers managing rules, testing decisions, and the exit code contract.
- Configuration covers the config file format, recipes, environment-variable assignments, and path-qualified commands.
- How it works covers the hook protocol, decision reasons, performance, and the security model.
- Claude Skill covers installing the
/turnstileskill so Claude can manage rules from conversation.
PRs welcome. Please run make ci before submitting and ensure tests pass. For bugs, feature requests, or questions, open an issue in the GitHub tracker.
