Open2
Claude Code settings.jsonのpermmissions.denyに追加すべき項目
dyoshikawagh
ghコマンドのwrite系操作。
例えば、意図せずprivateリポジトリをpublic変更される可能性がある。
AIにざっくりとghコマンドのreadとwriteの分類をさせた。
{
"read": [
"Bash(gh auth status:*)",
"Bash(gh browse:*)",
"Bash(gh codespace list:*)",
"Bash(gh codespace view:*)",
"Bash(gh codespace logs:*)",
"Bash(gh codespace ports:*)",
"Bash(gh gist list:*)",
"Bash(gh gist view:*)",
"Bash(gh issue list:*)",
"Bash(gh issue status:*)",
"Bash(gh issue view:*)",
"Bash(gh org list:*)",
"Bash(gh pr list:*)",
"Bash(gh pr status:*)",
"Bash(gh pr view:*)",
"Bash(gh pr diff:*)",
"Bash(gh pr checks:*)",
"Bash(gh project list:*)",
"Bash(gh project view:*)",
"Bash(gh project field-list:*)",
"Bash(gh project item-list:*)",
"Bash(gh release list:*)",
"Bash(gh release view:*)",
"Bash(gh release download:*)",
"Bash(gh repo list:*)",
"Bash(gh repo view:*)",
"Bash(gh repo gitignore:*)",
"Bash(gh repo license:*)",
"Bash(gh cache list:*)",
"Bash(gh run list:*)",
"Bash(gh run view:*)",
"Bash(gh run watch:*)",
"Bash(gh workflow list:*)",
"Bash(gh workflow view:*)",
"Bash(gh api:*)",
"Bash(gh search code:*)",
"Bash(gh search commits:*)",
"Bash(gh search issues:*)",
"Bash(gh search prs:*)",
"Bash(gh search repos:*)",
"Bash(gh secret list:*)",
"Bash(gh ssh-key list:*)",
"Bash(gh status:*)",
"Bash(gh variable list:*)",
"Bash(gh variable get:*)",
"Bash(gh alias list:*)",
"Bash(gh config get:*)",
"Bash(gh config list:*)",
"Bash(gh extension list:*)",
"Bash(gh extension browse:*)",
"Bash(gh extension search:*)",
"Bash(gh gpg-key list:*)",
"Bash(gh label list:*)",
"Bash(gh ruleset list:*)",
"Bash(gh ruleset view:*)",
"Bash(gh ruleset check:*)",
"Bash(gh attestation download:*)",
"Bash(gh attestation verify:*)",
"Bash(gh attestation trusted-root:*)",
"Bash(gh completion:*)",
"Bash(gh preview prompter:*)",
"Bash(gh auth token:*)"
],
"write": [
"Bash(gh auth login:*)",
"Bash(gh auth logout:*)",
"Bash(gh auth refresh:*)",
"Bash(gh auth setup-git:*)",
"Bash(gh auth switch:*)",
"Bash(gh codespace create:*)",
"Bash(gh codespace delete:*)",
"Bash(gh codespace edit:*)",
"Bash(gh codespace rebuild:*)",
"Bash(gh codespace stop:*)",
"Bash(gh codespace code:*)",
"Bash(gh codespace jupyter:*)",
"Bash(gh codespace ssh:*)",
"Bash(gh codespace cp:*)",
"Bash(gh gist create:*)",
"Bash(gh gist delete:*)",
"Bash(gh gist edit:*)",
"Bash(gh gist rename:*)",
"Bash(gh gist clone:*)",
"Bash(gh issue create:*)",
"Bash(gh issue close:*)",
"Bash(gh issue comment:*)",
"Bash(gh issue delete:*)",
"Bash(gh issue develop:*)",
"Bash(gh issue edit:*)",
"Bash(gh issue lock:*)",
"Bash(gh issue pin:*)",
"Bash(gh issue reopen:*)",
"Bash(gh issue transfer:*)",
"Bash(gh issue unlock:*)",
"Bash(gh issue unpin:*)",
"Bash(gh pr create:*)",
"Bash(gh pr checkout:*)",
"Bash(gh pr close:*)",
"Bash(gh pr comment:*)",
"Bash(gh pr edit:*)",
"Bash(gh pr lock:*)",
"Bash(gh pr merge:*)",
"Bash(gh pr ready:*)",
"Bash(gh pr reopen:*)",
"Bash(gh pr review:*)",
"Bash(gh pr unlock:*)",
"Bash(gh pr update-branch:*)",
"Bash(gh project create:*)",
"Bash(gh project delete:*)",
"Bash(gh project edit:*)",
"Bash(gh project close:*)",
"Bash(gh project copy:*)",
"Bash(gh project field-create:*)",
"Bash(gh project field-delete:*)",
"Bash(gh project item-add:*)",
"Bash(gh project item-archive:*)",
"Bash(gh project item-create:*)",
"Bash(gh project item-delete:*)",
"Bash(gh project item-edit:*)",
"Bash(gh project link:*)",
"Bash(gh project unlink:*)",
"Bash(gh project mark-template:*)",
"Bash(gh release create:*)",
"Bash(gh release delete:*)",
"Bash(gh release delete-asset:*)",
"Bash(gh release edit:*)",
"Bash(gh release upload:*)",
"Bash(gh repo create:*)",
"Bash(gh repo delete:*)",
"Bash(gh repo archive:*)",
"Bash(gh repo unarchive:*)",
"Bash(gh repo edit:*)",
"Bash(gh repo fork:*)",
"Bash(gh repo rename:*)",
"Bash(gh repo clone:*)",
"Bash(gh repo sync:*)",
"Bash(gh repo set-default:*)",
"Bash(gh repo autolink:*)",
"Bash(gh repo deploy-key:*)",
"Bash(gh cache delete:*)",
"Bash(gh run cancel:*)",
"Bash(gh run delete:*)",
"Bash(gh run rerun:*)",
"Bash(gh workflow disable:*)",
"Bash(gh workflow enable:*)",
"Bash(gh workflow run:*)",
"Bash(gh secret set:*)",
"Bash(gh secret delete:*)",
"Bash(gh ssh-key add:*)",
"Bash(gh ssh-key delete:*)",
"Bash(gh variable set:*)",
"Bash(gh variable delete:*)",
"Bash(gh alias set:*)",
"Bash(gh alias delete:*)",
"Bash(gh alias import:*)",
"Bash(gh config set:*)",
"Bash(gh config clear-cache:*)",
"Bash(gh extension install:*)",
"Bash(gh extension remove:*)",
"Bash(gh extension upgrade:*)",
"Bash(gh extension create:*)",
"Bash(gh extension exec:*)",
"Bash(gh gpg-key add:*)",
"Bash(gh gpg-key delete:*)",
"Bash(gh label create:*)",
"Bash(gh label delete:*)",
"Bash(gh label edit:*)",
"Bash(gh label clone:*)"
]
}
git
git remote 系コマンドは危険そう。
外部のremoteリポジトリを指定させられてpushされるリスクがある。
同じようにread/write分類:
{
"read": [
"Bash(git remote:*)",
"Bash(git remote -v:*)",
"Bash(git remote --verbose:*)",
"Bash(git remote show:*)",
"Bash(git remote get-url:*)"
],
"write": [
"Bash(git remote add:*)",
"Bash(git remote rename:*)",
"Bash(git remote remove:*)",
"Bash(git remote rm:*)",
"Bash(git remote set-head:*)",
"Bash(git remote set-branches:*)",
"Bash(git remote set-url:*)",
"Bash(git remote prune:*)",
"Bash(git remote update:*)"
]
}