chore: add Claude Code project permissions settings

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.claude/settings.json

@@ -0,0 +1,139 @@
+{
+  // Project-level Claude Code permissions for portfolio.
+  // This file is committed to git and applies to all contributors.
+  // For personal overrides use .claude/settings.local.json (gitignored).
+  //
+  // Rule evaluation order: deny > ask > allow (first match wins).
+
+  "permissions": {
+
+    "allow": [
+
+      // ─── FILESYSTEM ──────────────────────────────────────────────────────
+
+      "Read",
+      "Edit",
+      "Write",
+
+      // ─── GIT (local only) ────────────────────────────────────────────────
+
+      "Bash(git status*)",
+      "Bash(git log*)",
+      "Bash(git diff*)",
+      "Bash(git add*)",
+      "Bash(git commit*)",
+      "Bash(git checkout*)",
+      "Bash(git branch*)",
+      "Bash(git fetch*)",
+      "Bash(git stash*)",
+      "Bash(git -C:*)",
+
+      // ─── MAKE ────────────────────────────────────────────────────────────
+
+      "Bash(make*)",
+
+      // ─── PYTHON ──────────────────────────────────────────────────────────
+
+      "Bash(python3*)",
+      "Bash(python*)",
+      "Bash(pip show*)",
+      "Bash(pip list*)",
+      "Bash(pip install*)",
+
+      // ─── NODE / NPM ──────────────────────────────────────────────────────
+
+      "Bash(npm install*)",
+      "Bash(npm run*)",
+      "Bash(npx*)",
+
+      // ─── DOCKER ──────────────────────────────────────────────────────────
+
+      "Bash(docker pull*)",
+      "Bash(docker build*)",
+      "Bash(docker images*)",
+      "Bash(docker ps*)",
+      "Bash(docker inspect*)",
+      "Bash(docker logs*)",
+      "Bash(docker create*)",
+      "Bash(docker export*)",
+      "Bash(docker rm*)",
+      "Bash(docker rmi*)",
+      "Bash(docker stop*)",
+      "Bash(docker compose*)",
+      "Bash(docker-compose*)",
+      "Bash(docker container prune*)",
+
+      // ─── STANDARD UNIX TOOLS ─────────────────────────────────────────────
+
+      "Bash(grep*)",
+      "Bash(find*)",
+      "Bash(ls*)",
+      "Bash(cat*)",
+      "Bash(head*)",
+      "Bash(tail*)",
+      "Bash(wc*)",
+      "Bash(sort*)",
+      "Bash(tar*)",
+      "Bash(mkdir*)",
+      "Bash(cp*)",
+      "Bash(mv*)",
+      "Bash(jq*)",
+
+      // ─── WEB FETCH ───────────────────────────────────────────────────────
+
+      "WebSearch",
+      "WebFetch(domain:github.com)",
+      "WebFetch(domain:raw.githubusercontent.com)",
+      "WebFetch(domain:api.github.com)",
+      "WebFetch(domain:docs.docker.com)",
+      "WebFetch(domain:pypi.org)",
+      "WebFetch(domain:docs.cypress.io)",
+      "WebFetch(domain:flask.palletsprojects.com)"
+
+    ],
+
+    // ─── ALWAYS ASK ───────────────────────────────────────────────────────────
+
+    // docker run: root-equivalent without rootless Docker — ask to prevent
+    //   unintended privileged containers. Note: "make exec" already allows
+    //   shell access inside running containers via the Makefile.
+    // curl: unrestricted network access, can exfiltrate data or pipe remote
+    //   scripts to shell — WebFetch domain whitelist does NOT apply here.
+    "ask": [
+      "Bash(git push*)",
+      "Bash(docker run*)",
+      "Bash(curl*)"
+    ],
+
+    // ─── ALWAYS DENY ──────────────────────────────────────────────────────────
+
+    "deny": [
+      "Bash(git push --force*)",
+      "Bash(git reset --hard*)",
+      "Bash(rm -rf*)",
+      "Bash(sudo*)"
+    ]
+
+  },
+
+  // ─── SANDBOX ────────────────────────────────────────────────────────────────
+
+  "sandbox": {
+    "filesystem": {
+      // Allow writes within the project and common runtime directories
+      "allowWrite": [
+        ".",
+        "/tmp"
+      ],
+      // Protect sensitive paths outside the project
+      "denyRead": [
+        "~/.ssh",
+        "~/.gnupg",
+        "~/.kube",
+        "~/.aws",
+        "~/.config/gcloud"
+      ]
+    }
+  }
+
+}