203 lines
4.9 KiB
JSON
203 lines
4.9 KiB
JSON
{
|
|
"cleanupPeriodDays": 30,
|
|
"permissions": {
|
|
"defaultMode": "default",
|
|
"disableBypassPermissionsMode": "disable",
|
|
"disableAutoMode": "disable",
|
|
"deny": [
|
|
"Bash(rm -rf *)",
|
|
"Bash(rm -rf /*)",
|
|
"Bash(rmdir *)",
|
|
"Bash(git push --force*)",
|
|
"Bash(git push -f*)",
|
|
"Bash(git reset --hard*)",
|
|
"Bash(git clean -fd*)",
|
|
"Bash(sudo rm*)",
|
|
"Bash(sudo chmod*)",
|
|
"Bash(sudo chown*)",
|
|
"Bash(sudo dd*)",
|
|
"Bash(su *)",
|
|
"Bash(curl * | bash)",
|
|
"Bash(wget * | bash)",
|
|
"Bash(curl * | sh)",
|
|
"Bash(wget * | sh)",
|
|
"Bash(chmod 777 *)",
|
|
"Bash(chmod -R 777 *)",
|
|
"Bash(ssh *)",
|
|
"Bash(scp *)",
|
|
"Bash(rsync *)",
|
|
"Bash(nc *)",
|
|
"Bash(netcat *)",
|
|
"Bash(kill -9 *)",
|
|
"Bash(killall *)",
|
|
"Bash(pkill *)",
|
|
"Bash(crontab *)",
|
|
"Bash(systemctl *)",
|
|
"Bash(service *)",
|
|
"Bash(npm install -g *)",
|
|
"Read(**/.env)",
|
|
"Read(**/.env.*)",
|
|
"Read(**/secrets/**)",
|
|
"Read(**/*.pem)",
|
|
"Read(**/*.key)",
|
|
"Read(**/*.p12)",
|
|
"Read(**/*.pfx)",
|
|
"Read(**/id_rsa*)",
|
|
"Read(**/id_ed25519*)",
|
|
"Read(**/.ssh/**)",
|
|
"Read(**/credentials)",
|
|
"Read(**/credentials.json)",
|
|
"Read(**/.aws/credentials)",
|
|
"Read(**/.azure/**)",
|
|
"Write(**/.env)",
|
|
"Write(**/.env.*)",
|
|
"Write(**/secrets/**)",
|
|
"Write(**/*.pem)",
|
|
"Write(**/*.key)",
|
|
"Bash(bash -c *)",
|
|
"Bash(eval *)",
|
|
"Bash(exec *)",
|
|
"Bash(find * -delete*)",
|
|
"Bash(find * -exec rm*)",
|
|
"Bash(find * -execdir rm*)",
|
|
"Bash(perl -e *)",
|
|
"Bash(ruby -e *)",
|
|
"Bash(cat .env)",
|
|
"Bash(cat .env.*)",
|
|
"Bash(cat */.env)",
|
|
"Bash(cat */.env.*)",
|
|
"Bash(cat */secrets/*)",
|
|
"Bash(cat */*.pem)",
|
|
"Bash(cat */*.key)",
|
|
"Bash(cat */id_rsa*)",
|
|
"Bash(cat */id_ed25519*)",
|
|
"Bash(cat */.aws/credentials)",
|
|
"Bash(head .env)",
|
|
"Bash(head .env.*)",
|
|
"Bash(tail .env)",
|
|
"Bash(tail .env.*)",
|
|
"Bash(less .env)",
|
|
"Bash(less .env.*)",
|
|
"Bash(more .env)",
|
|
"Bash(more .env.*)",
|
|
"Bash(grep * .env)",
|
|
"Bash(grep * .env.*)",
|
|
"Bash(env)",
|
|
"Bash(printenv)",
|
|
"Bash(printenv *)",
|
|
"Bash(export *)",
|
|
"Bash(cp .env*)",
|
|
"Bash(cp **/.env*)",
|
|
"Bash(cp **/secrets/*)",
|
|
"Bash(mv .env*)",
|
|
"Bash(mv **/.env*)",
|
|
"Bash(mv **/secrets/*)",
|
|
"Bash(git add .env*)",
|
|
"Bash(git add **/.env*)",
|
|
"Bash(cp **/id_rsa*)",
|
|
"Bash(cp **/id_ed25519*)",
|
|
"Bash(cp **/.ssh/*)",
|
|
"Bash(source /dev/stdin)",
|
|
"Bash(mkfifo *)",
|
|
"Bash(python3 -c *)",
|
|
"Bash(node -e *)",
|
|
"Bash(xargs * .env*)",
|
|
"Bash(tar * .env*)",
|
|
"Bash(zip * .env*)",
|
|
"Bash(base64 .env*)"
|
|
],
|
|
"ask": [
|
|
"Bash(git push *)",
|
|
"Bash(git push)",
|
|
"Bash(docker run *)",
|
|
"Bash(docker exec *)",
|
|
"Bash(docker-compose up*)",
|
|
"Bash(docker compose up*)",
|
|
"Bash(brew install *)",
|
|
"Bash(apt install *)",
|
|
"Bash(apt-get install *)",
|
|
"Bash(dnf install *)",
|
|
"Bash(pacman -S *)",
|
|
"WebSearch",
|
|
"WebFetch",
|
|
"Bash(xargs *)",
|
|
"Bash(sed *)",
|
|
"Bash(git stash pop*)",
|
|
"Bash(git stash drop*)",
|
|
"Bash(git stash clear)"
|
|
],
|
|
"allow": [
|
|
"Bash(git status)",
|
|
"Bash(git log*)",
|
|
"Bash(git diff*)",
|
|
"Bash(git branch*)",
|
|
"Bash(git fetch*)",
|
|
"Bash(git pull*)",
|
|
"Bash(git add *)",
|
|
"Bash(git commit*)",
|
|
"Bash(git checkout *)",
|
|
"Bash(git switch *)",
|
|
"Bash(git stash)",
|
|
"Bash(git stash push*)",
|
|
"Bash(git stash list*)",
|
|
"Bash(git stash show*)",
|
|
"Bash(git tag*)",
|
|
"Bash(git show*)",
|
|
"Bash(ls *)",
|
|
"Bash(ls)",
|
|
"Bash(find *)",
|
|
"Bash(cat *)",
|
|
"Bash(head *)",
|
|
"Bash(tail *)",
|
|
"Bash(grep *)",
|
|
"Bash(rg *)",
|
|
"Bash(fd *)",
|
|
"Bash(wc *)",
|
|
"Bash(echo *)",
|
|
"Bash(pwd)",
|
|
"Bash(which *)",
|
|
"Bash(type *)",
|
|
"Bash(whoami)",
|
|
"Bash(uname *)",
|
|
"Bash(mkdir -p *)",
|
|
"Bash(touch *)",
|
|
"Bash(cp *)",
|
|
"Bash(mv *)",
|
|
"Bash(jq *)",
|
|
"Bash(yq *)",
|
|
"Bash(awk *)",
|
|
"Bash(sort *)",
|
|
"Bash(uniq *)",
|
|
"Bash(tr *)",
|
|
"Bash(cut *)",
|
|
"Bash(diff *)",
|
|
"Read(**/*.md)",
|
|
"Read(**/*.txt)",
|
|
"Read(**/*.json)",
|
|
"Read(**/*.yaml)",
|
|
"Read(**/*.yml)",
|
|
"Read(**/*.toml)",
|
|
"Read(**/*.lock)",
|
|
"Read(**/*.gitignore)",
|
|
"Read(**/*.dockerignore)",
|
|
"Read(**/.claudeignore)",
|
|
"Read(**/Makefile)",
|
|
"Read(**/Dockerfile*)",
|
|
"Read(**/docker-compose*)"
|
|
],
|
|
"additionalDirectories": []
|
|
},
|
|
"hooks": {
|
|
"SessionStart": [
|
|
{
|
|
"hooks": [
|
|
{
|
|
"type": "command",
|
|
"command": "bash ~/.claude/hooks/session-start.sh"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|