kevinveenbirkenbach/homepage.veen.world
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/homepage.veen.world.git synced 2026-05-14 09:15:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(claude): enable sandbox and consolidate bash allowlist

Browse Source 
Activate the harness sandbox (enabled + autoAllowBashIfSandboxed +
filesystem write/deny rules) and replace the ~30 specific Bash(...)
permission entries with a single Bash(*) wildcard. The existing deny
list (git push --force, git reset --hard, rm -rf, sudo) and ask list
(git push, docker run, curl) keep their precedence.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kevin Veen-Birkenbach
2026-05-11 02:36:28 +02:00
parent f3c15e3e1c
commit 28a796e24f
1 changed files with 6 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
.claude/settings.json
View File

@@ -4,52 +4,8 @@
"Read", "Read",
"Edit", "Edit",
"Write", "Write",
"Bash(git status*)", "Bash(*)",
"Bash(git log*)", "Read(//tmp/**)",
"Bash(git diff*)",
"Bash(git add*)",
"Bash(git commit*)",
"Bash(git checkout*)",
"Bash(git branch*)",
"Bash(git fetch*)",
"Bash(git stash*)",
"Bash(git -C:*)",
"Bash(make*)",
"Bash(python3*)",
"Bash(python*)",
"Bash(pip show*)",
"Bash(pip list*)",
"Bash(pip install*)",
"Bash(npm install*)",
"Bash(npm run*)",
"Bash(npx*)",
"Bash(docker pull*)",
"Bash(docker build*)",
"Bash(docker images*)",
"Bash(docker ps*)",
"Bash(docker inspect*)",
"Bash(docker logs*)",
"Bash(docker create*)",
"Bash(docker export*)",
"Bash(docker rm*)",
"Bash(docker rmi*)",
"Bash(docker stop*)",
"Bash(docker compose*)",
"Bash(docker-compose*)",
"Bash(docker container prune*)",
"Bash(grep*)",
"Bash(find*)",
"Bash(ls*)",
"Bash(cat*)",
"Bash(head*)",
"Bash(tail*)",
"Bash(wc*)",
"Bash(sort*)",
"Bash(tar*)",
"Bash(mkdir*)",
"Bash(cp*)",
"Bash(mv*)",
"Bash(jq*)",
"WebSearch", "WebSearch",
"WebFetch(domain:github.com)", "WebFetch(domain:github.com)",
"WebFetch(domain:raw.githubusercontent.com)", "WebFetch(domain:raw.githubusercontent.com)",
@@ -58,13 +14,8 @@
"WebFetch(domain:pypi.org)", "WebFetch(domain:pypi.org)",
"WebFetch(domain:docs.cypress.io)", "WebFetch(domain:docs.cypress.io)",
"WebFetch(domain:flask.palletsprojects.com)", "WebFetch(domain:flask.palletsprojects.com)",
"Bash(netstat -lnt)", "Skill(update-config)",
"Bash(make test-e2e *)", "Skill(update-config:*)"
"Bash(echo \"EXIT=$?\")",
"Read(//tmp/**)",
"Bash(docker exec *)",
"Bash(docker restart *)",
"Bash(jobs)"
], ],
"deny": [ "deny": [
"Bash(git push --force*)", "Bash(git push --force*)",
@@ -82,6 +33,8 @@
] ]
}, },
"sandbox": { "sandbox": {
"enabled": true,
"autoAllowBashIfSandboxed": true,
"filesystem": { "filesystem": {
"allowWrite": [ "allowWrite": [
".", ".",