chore(claude): permissive project settings + gitignore local file

Team-wide Claude Code permissions for the dev workflows actually
used in this repo (cargo, npm, docker, psql, curl, git, gh, jq,
exploration commands, common env-var prefixes), plus a targeted
denylist for the destructive operations that warrant explicit
confirmation (force-push, push to main, branch -D, docker prune
variants, rm -rf outside the project tree, sudo / passwd / dd).

  * .claude/settings.json — checked-in team-wide config
    (125 allow rules, 55 deny rules)
  * .claude/settings.local.json — gitignored, kept as the
    holding pen for personal in-session grants
  * .gitignore — adds the .local.json exclusion

The permissive shape is "allow everything common, deny the
specifically destructive." Mid-pattern wildcards in Bash rules
aren't actually supported by the matcher; the deny list only
uses prefix patterns that the engine respects.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

.claude/settings.json

@@ -0,0 +1,209 @@
+{
+  "$schema": "https://json.schemastore.org/claude-code-settings.json",
+  "permissions": {
+    "allow": [
+      "Read",
+      "Edit",
+      "Write",
+
+      "Bash(cargo *)",
+      "Bash(rustc *)",
+      "Bash(rustup *)",
+      "Bash(rustfmt *)",
+
+      "Bash(npm *)",
+      "Bash(npx *)",
+      "Bash(node *)",
+
+      "Bash(git *)",
+      "Bash(gh *)",
+
+      "Bash(docker *)",
+      "Bash(docker compose *)",
+
+      "Bash(psql *)",
+      "Bash(pg_isready *)",
+      "Bash(pg_dump *)",
+      "Bash(pg_restore *)",
+      "Bash(createdb *)",
+      "Bash(dropdb *)",
+
+      "Bash(curl *)",
+      "Bash(wget *)",
+      "Bash(nc *)",
+      "Bash(ss *)",
+      "Bash(lsof *)",
+      "Bash(ping *)",
+      "Bash(dig *)",
+      "Bash(host *)",
+
+      "Bash(ls)",
+      "Bash(ls *)",
+      "Bash(pwd)",
+      "Bash(cd *)",
+      "Bash(find *)",
+      "Bash(grep *)",
+      "Bash(rg *)",
+      "Bash(fd *)",
+      "Bash(head *)",
+      "Bash(tail *)",
+      "Bash(wc *)",
+      "Bash(file *)",
+      "Bash(stat *)",
+      "Bash(du *)",
+      "Bash(df *)",
+      "Bash(tree *)",
+      "Bash(realpath *)",
+      "Bash(readlink *)",
+      "Bash(basename *)",
+      "Bash(dirname *)",
+
+      "Bash(mkdir *)",
+      "Bash(touch *)",
+      "Bash(cp *)",
+      "Bash(mv *)",
+      "Bash(ln *)",
+      "Bash(chmod *)",
+      "Bash(diff *)",
+
+      "Bash(echo *)",
+      "Bash(printf *)",
+      "Bash(jq *)",
+      "Bash(sed *)",
+      "Bash(awk *)",
+      "Bash(tr *)",
+      "Bash(cut *)",
+      "Bash(sort *)",
+      "Bash(uniq *)",
+      "Bash(xargs *)",
+      "Bash(tee *)",
+
+      "Bash(ps *)",
+      "Bash(pgrep *)",
+      "Bash(pkill *)",
+      "Bash(kill *)",
+      "Bash(sleep *)",
+      "Bash(timeout *)",
+      "Bash(time *)",
+
+      "Bash(env)",
+      "Bash(env *)",
+      "Bash(which *)",
+      "Bash(whoami)",
+      "Bash(hostname)",
+      "Bash(uname *)",
+      "Bash(date *)",
+      "Bash(true)",
+      "Bash(false)",
+      "Bash(set *)",
+      "Bash(export *)",
+
+      "Bash(python *)",
+      "Bash(python3 *)",
+      "Bash(pip *)",
+      "Bash(pip3 *)",
+
+      "Bash(tar *)",
+      "Bash(gzip *)",
+      "Bash(gunzip *)",
+      "Bash(zip *)",
+      "Bash(unzip *)",
+      "Bash(md5sum *)",
+      "Bash(sha256sum *)",
+      "Bash(openssl *)",
+      "Bash(base64 *)",
+
+      "Bash(PICLOUD_*)",
+      "Bash(POSTGRES_*)",
+      "Bash(DATABASE_URL=*)",
+      "Bash(RUST_LOG=*)",
+      "Bash(RUST_BACKTRACE=*)",
+      "Bash(PGPASSWORD=*)",
+      "Bash(PGHOST=*)",
+      "Bash(PGPORT=*)",
+      "Bash(PGUSER=*)",
+      "Bash(PGDATABASE=*)",
+      "Bash(NODE_ENV=*)",
+      "Bash(CI=*)",
+      "Bash(CARGO_*)",
+
+      "Bash(rm -rf target*)",
+      "Bash(rm -rf node_modules*)",
+      "Bash(rm -rf build*)",
+      "Bash(rm -rf .svelte-kit*)",
+      "Bash(rm -rf /tmp/picloud*)",
+      "Bash(rm /tmp/*)",
+      "Bash(rm -f /tmp/*)",
+
+      "Skill(simplify)",
+      "Skill(review)",
+      "Skill(security-review)",
+      "Skill(init)",
+      "Skill(update-config)",
+      "Skill(update-config:*)",
+      "Skill(fewer-permission-prompts)",
+      "Skill(claude-api)"
+    ],
+
+    "deny": [
+      "Bash(git push --force *)",
+      "Bash(git push -f *)",
+      "Bash(git push --force-with-lease *)",
+      "Bash(git push origin main)",
+      "Bash(git push origin main *)",
+      "Bash(git push origin master)",
+      "Bash(git push origin master *)",
+      "Bash(git push origin :main)",
+      "Bash(git push origin :master)",
+      "Bash(git push --delete *)",
+      "Bash(git push --mirror *)",
+      "Bash(git branch -D *)",
+      "Bash(git branch --force *)",
+      "Bash(git reset --hard *)",
+      "Bash(git clean -fd*)",
+      "Bash(git clean -fx*)",
+      "Bash(git filter-branch *)",
+      "Bash(git update-ref -d *)",
+      "Bash(git remote remove *)",
+
+      "Bash(docker system prune *)",
+      "Bash(docker volume rm *)",
+      "Bash(docker volume prune *)",
+      "Bash(docker image prune -a*)",
+      "Bash(docker network prune *)",
+      "Bash(docker builder prune *)",
+
+      "Bash(rm -rf /)",
+      "Bash(rm -rf /bin*)",
+      "Bash(rm -rf /boot*)",
+      "Bash(rm -rf /dev*)",
+      "Bash(rm -rf /etc*)",
+      "Bash(rm -rf /lib*)",
+      "Bash(rm -rf /opt*)",
+      "Bash(rm -rf /proc*)",
+      "Bash(rm -rf /root*)",
+      "Bash(rm -rf /sbin*)",
+      "Bash(rm -rf /srv*)",
+      "Bash(rm -rf /sys*)",
+      "Bash(rm -rf /usr*)",
+      "Bash(rm -rf /var*)",
+      "Bash(rm -rf /home/fabi)",
+      "Bash(rm -rf /home/fabi/.*)",
+      "Bash(rm -rf ~)",
+      "Bash(rm -rf ~/.*)",
+      "Bash(rm -rf $HOME*)",
+      "Bash(rm -rf ${HOME}*)",
+
+      "Bash(chmod -R 777 *)",
+      "Bash(chown -R *)",
+      "Bash(dd if=*)",
+      "Bash(mkfs *)",
+      "Bash(mkfs.*)",
+      "Bash(sudo *)",
+      "Bash(su *)",
+      "Bash(su)",
+      "Bash(passwd *)",
+      "Bash(passwd)"
+    ]
+  }
+}