Open2
.claude/settings.json -permissions
tomonr1984rmとgit
rmとgitを全部禁止していたが、流石に不便なので緩和
よく確認せずにyを押しそうなので-rfだけでなく-rも禁止する
/ ~/ ~など危険なpathを指定する例もみたが、他にも危険な場所はあるのでフォルダの削除を禁止する方向
gitはコマンドが多すぎて把握しきれないので、Claudeに相談して危険そうなものを列挙する
"deny": [
"Bash(rm -r:*)",
"Bash(rm -rf:*)",
"Bash(rm:*-r*)",
"Bash(rm:*-f*.*-r*)",
"Bash(rm:*-rf*)",
"Bash(git push:*--force*)",
"Bash(git push:*-f*)",
"Bash(git push:*--force-with-lease*)",
"Bash(git push:*--delete*)",
"Bash(git push:*:*)",
"Bash(git reset:*--hard*)",
"Bash(git reset:*HEAD~*)",
"Bash(git rebase:*)",
"Bash(git filter-branch:*)",
"Bash(git filter-repo:*)",
"Bash(git clean:*-fd*)",
"Bash(git clean:*-f*)",
"Bash(git remote set-url:*)",
"Bash(git config:*)",
"Bash(git branch:*-D*)",
"Bash(git commit:*--amend*)",
"Bash(git stash:*drop*)",
"Bash(git stash:*clear*)",
"Bash(git reflog:*delete*)"
]
AmazonQ developerみたいにtrust read-only commandsできればいいのに
❯ q chat
> /tools
| Tool | Permission |
|---|---|
execute_bash |
trust read-only commands |
fs_read |
trusted |
fs_write |
not trusted |
report_issue |
trusted |
use_aws |
trust read-only commands |