claude/settings.json

{
  "cleanupPeriodDays": 30,
  "permissions": {
    "defaultMode": "default",
    "disableBypassPermissionsMode": "disable",
    "disableAutoMode": "disable",
    "deny": [
      "Bash(rm -rf *)",
      "Bash(rm -rf /*)",
      "Bash(rmdir *)",
      "Bash(git push --force*)",
      "Bash(git push -f*)",
      "Bash(git reset --hard*)",
      "Bash(git clean -fd*)",
      "Bash(sudo rm*)",
      "Bash(sudo chmod*)",
      "Bash(sudo chown*)",
      "Bash(sudo dd*)",
      "Bash(su *)",
      "Bash(curl * | bash)",
      "Bash(wget * | bash)",
      "Bash(curl * | sh)",
      "Bash(wget * | sh)",
      "Bash(chmod 777 *)",
      "Bash(chmod -R 777 *)",
      "Bash(ssh *)",
      "Bash(scp *)",
      "Bash(rsync *)",
      "Bash(nc *)",
      "Bash(netcat *)",
      "Bash(kill -9 *)",
      "Bash(killall *)",
      "Bash(pkill *)",
      "Bash(crontab *)",
      "Bash(systemctl *)",
      "Bash(service *)",
      "Bash(npm install -g *)",
      "Read(**/.env)",
      "Read(**/.env.*)",
      "Read(**/secrets/**)",
      "Read(**/*.pem)",
      "Read(**/*.key)",
      "Read(**/*.p12)",
      "Read(**/*.pfx)",
      "Read(**/id_rsa*)",
      "Read(**/id_ed25519*)",
      "Read(**/.ssh/**)",
      "Read(**/credentials)",
      "Read(**/credentials.json)",
      "Read(**/.aws/credentials)",
      "Read(**/.azure/**)",
      "Write(**/.env)",
      "Write(**/.env.*)",
      "Write(**/secrets/**)",
      "Write(**/*.pem)",
      "Write(**/*.key)",
      "Bash(bash -c *)",
      "Bash(eval *)",
      "Bash(exec *)",
      "Bash(find * -delete*)",
      "Bash(find * -exec rm*)",
      "Bash(find * -execdir rm*)",
      "Bash(perl -e *)",
      "Bash(ruby -e *)",
      "Bash(cat .env)",
      "Bash(cat .env.*)",
      "Bash(cat */.env)",
      "Bash(cat */.env.*)",
      "Bash(cat */secrets/*)",
      "Bash(cat */*.pem)",
      "Bash(cat */*.key)",
      "Bash(cat */id_rsa*)",
      "Bash(cat */id_ed25519*)",
      "Bash(cat */.aws/credentials)",
      "Bash(head .env)",
      "Bash(head .env.*)",
      "Bash(tail .env)",
      "Bash(tail .env.*)",
      "Bash(less .env)",
      "Bash(less .env.*)",
      "Bash(more .env)",
      "Bash(more .env.*)",
      "Bash(grep * .env)",
      "Bash(grep * .env.*)",
      "Bash(env)",
      "Bash(printenv)",
      "Bash(printenv *)",
      "Bash(export *)",
      "Bash(cp .env*)",
      "Bash(cp **/.env*)",
      "Bash(cp **/secrets/*)",
      "Bash(mv .env*)",
      "Bash(mv **/.env*)",
      "Bash(mv **/secrets/*)",
      "Bash(git add .env*)",
      "Bash(git add **/.env*)",
      "Bash(cp **/id_rsa*)",
      "Bash(cp **/id_ed25519*)",
      "Bash(cp **/.ssh/*)",
      "Bash(source /dev/stdin)",
      "Bash(mkfifo *)",
      "Bash(python3 -c *)",
      "Bash(node -e *)",
      "Bash(xargs * .env*)",
      "Bash(tar * .env*)",
      "Bash(zip * .env*)",
      "Bash(base64 .env*)"
    ],
    "ask": [
      "Bash(git push *)",
      "Bash(git push)",
      "Bash(docker run *)",
      "Bash(docker exec *)",
      "Bash(docker-compose up*)",
      "Bash(docker compose up*)",
      "Bash(brew install *)",
      "Bash(apt install *)",
      "Bash(apt-get install *)",
      "Bash(dnf install *)",
      "Bash(pacman -S *)",
      "WebSearch",
      "WebFetch",
      "Bash(xargs *)",
      "Bash(sed *)",
      "Bash(git stash pop*)",
      "Bash(git stash drop*)",
      "Bash(git stash clear)"
    ],
    "allow": [
      "Bash(git status)",
      "Bash(git log*)",
      "Bash(git diff*)",
      "Bash(git branch*)",
      "Bash(git fetch*)",
      "Bash(git pull*)",
      "Bash(git add *)",
      "Bash(git commit*)",
      "Bash(git checkout *)",
      "Bash(git switch *)",
      "Bash(git stash)",
      "Bash(git stash push*)",
      "Bash(git stash list*)",
      "Bash(git stash show*)",
      "Bash(git tag*)",
      "Bash(git show*)",
      "Bash(ls *)",
      "Bash(ls)",
      "Bash(find *)",
      "Bash(cat *)",
      "Bash(head *)",
      "Bash(tail *)",
      "Bash(grep *)",
      "Bash(rg *)",
      "Bash(fd *)",
      "Bash(wc *)",
      "Bash(echo *)",
      "Bash(pwd)",
      "Bash(which *)",
      "Bash(type *)",
      "Bash(whoami)",
      "Bash(uname *)",
      "Bash(mkdir -p *)",
      "Bash(touch *)",
      "Bash(cp *)",
      "Bash(mv *)",
      "Bash(jq *)",
      "Bash(yq *)",
      "Bash(awk *)",
      "Bash(sort *)",
      "Bash(uniq *)",
      "Bash(tr *)",
      "Bash(cut *)",
      "Bash(diff *)",
      "Read(**/*.md)",
      "Read(**/*.txt)",
      "Read(**/*.json)",
      "Read(**/*.yaml)",
      "Read(**/*.yml)",
      "Read(**/*.toml)",
      "Read(**/*.lock)",
      "Read(**/*.gitignore)",
      "Read(**/*.dockerignore)",
      "Read(**/.claudeignore)",
      "Read(**/Makefile)",
      "Read(**/Dockerfile*)",
      "Read(**/docker-compose*)"
    ],
    "additionalDirectories": []
  },
  "hooks": {
    "SessionStart": [
      {
        "hooks": [
          {
            "type": "command",
            "command": "bash ~/.claude/hooks/session-start.sh"
          }
        ]
      }
    ],
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": [
          {
            "type": "command",
            "command": "bash ~/.claude/hooks/rtk-rewrite.sh"
          }
        ]
      }
    ]
  },
  "extraKnownMarketplaces": {
    "claude-code-plugins": {
      "source": {
        "source": "github",
        "repo": "anthropics/claude-code"
      }
    },
    "superpowers-marketplace": {
      "source": {
        "source": "github",
        "repo": "obra/superpowers-marketplace"
      }
    },
    "ui-ux-pro-max-skill": {
      "source": {
        "source": "github",
        "repo": "nextlevelbuilder/ui-ux-pro-max-skill"
      }
    }
  },
  "model": "opus",
  "statusLine": {
    "type": "command",
    "command": "bash ~/.claude/hooks/statusline.sh"
  }
}