From 2d8185b7470e2e125159c55e6e14ed1f10541492 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Sat, 28 Mar 2026 23:16:29 +0100 Subject: [PATCH] chore: add Claude Code project permissions settings Co-Authored-By: Claude Sonnet 4.6 --- .claude/settings.json | 139 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 139 insertions(+) create mode 100644 .claude/settings.json diff --git a/.claude/settings.json b/.claude/settings.json new file mode 100644 index 0000000..90cca26 --- /dev/null +++ b/.claude/settings.json @@ -0,0 +1,139 @@ +{ + // Project-level Claude Code permissions for portfolio. + // This file is committed to git and applies to all contributors. + // For personal overrides use .claude/settings.local.json (gitignored). + // + // Rule evaluation order: deny > ask > allow (first match wins). + + "permissions": { + + "allow": [ + + // ─── FILESYSTEM ────────────────────────────────────────────────────── + + "Read", + "Edit", + "Write", + + // ─── GIT (local only) ──────────────────────────────────────────────── + + "Bash(git status*)", + "Bash(git log*)", + "Bash(git diff*)", + "Bash(git add*)", + "Bash(git commit*)", + "Bash(git checkout*)", + "Bash(git branch*)", + "Bash(git fetch*)", + "Bash(git stash*)", + "Bash(git -C:*)", + + // ─── MAKE ──────────────────────────────────────────────────────────── + + "Bash(make*)", + + // ─── PYTHON ────────────────────────────────────────────────────────── + + "Bash(python3*)", + "Bash(python*)", + "Bash(pip show*)", + "Bash(pip list*)", + "Bash(pip install*)", + + // ─── NODE / NPM ────────────────────────────────────────────────────── + + "Bash(npm install*)", + "Bash(npm run*)", + "Bash(npx*)", + + // ─── DOCKER ────────────────────────────────────────────────────────── + + "Bash(docker pull*)", + "Bash(docker build*)", + "Bash(docker images*)", + "Bash(docker ps*)", + "Bash(docker inspect*)", + "Bash(docker logs*)", + "Bash(docker create*)", + "Bash(docker export*)", + "Bash(docker rm*)", + "Bash(docker rmi*)", + "Bash(docker stop*)", + "Bash(docker compose*)", + "Bash(docker-compose*)", + "Bash(docker container prune*)", + + // ─── STANDARD UNIX TOOLS ───────────────────────────────────────────── + + "Bash(grep*)", + "Bash(find*)", + "Bash(ls*)", + "Bash(cat*)", + "Bash(head*)", + "Bash(tail*)", + "Bash(wc*)", + "Bash(sort*)", + "Bash(tar*)", + "Bash(mkdir*)", + "Bash(cp*)", + "Bash(mv*)", + "Bash(jq*)", + + // ─── WEB FETCH ─────────────────────────────────────────────────────── + + "WebSearch", + "WebFetch(domain:github.com)", + "WebFetch(domain:raw.githubusercontent.com)", + "WebFetch(domain:api.github.com)", + "WebFetch(domain:docs.docker.com)", + "WebFetch(domain:pypi.org)", + "WebFetch(domain:docs.cypress.io)", + "WebFetch(domain:flask.palletsprojects.com)" + + ], + + // ─── ALWAYS ASK ─────────────────────────────────────────────────────────── + + // docker run: root-equivalent without rootless Docker — ask to prevent + // unintended privileged containers. Note: "make exec" already allows + // shell access inside running containers via the Makefile. + // curl: unrestricted network access, can exfiltrate data or pipe remote + // scripts to shell — WebFetch domain whitelist does NOT apply here. + "ask": [ + "Bash(git push*)", + "Bash(docker run*)", + "Bash(curl*)" + ], + + // ─── ALWAYS DENY ────────────────────────────────────────────────────────── + + "deny": [ + "Bash(git push --force*)", + "Bash(git reset --hard*)", + "Bash(rm -rf*)", + "Bash(sudo*)" + ] + + }, + + // ─── SANDBOX ──────────────────────────────────────────────────────────────── + + "sandbox": { + "filesystem": { + // Allow writes within the project and common runtime directories + "allowWrite": [ + ".", + "/tmp" + ], + // Protect sensitive paths outside the project + "denyRead": [ + "~/.ssh", + "~/.gnupg", + "~/.kube", + "~/.aws", + "~/.config/gcloud" + ] + } + } + +}