chore(claude): permissive project settings + gitignore local file
Team-wide Claude Code permissions for the dev workflows actually
used in this repo (cargo, npm, docker, psql, curl, git, gh, jq,
exploration commands, common env-var prefixes), plus a targeted
denylist for the destructive operations that warrant explicit
confirmation (force-push, push to main, branch -D, docker prune
variants, rm -rf outside the project tree, sudo / passwd / dd).
* .claude/settings.json — checked-in team-wide config
(125 allow rules, 55 deny rules)
* .claude/settings.local.json — gitignored, kept as the
holding pen for personal in-session grants
* .gitignore — adds the .local.json exclusion
The permissive shape is "allow everything common, deny the
specifically destructive." Mid-pattern wildcards in Bash rules
aren't actually supported by the matcher; the deny list only
uses prefix patterns that the engine respects.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
MechaCat02
4
.gitignore
vendored
4
.gitignore
vendored
@@ -10,6 +10,10 @@ Cargo.lock.bak
|
||||
*.swo
|
||||
.DS_Store
|
||||
|
||||
# Claude Code — team-wide settings go in .claude/settings.json (tracked);
|
||||
# personal grants from in-session prompts live in settings.local.json.
|
||||
.claude/settings.local.json
|
||||
|
||||
# Env / secrets
|
||||
.env
|
||||
.env.*
|
||||
|
||||
Reference in New Issue
Block a user