Last active
July 25, 2025 18:04
-
-
Save jinsley8/b31d7dc369275207be32577d8bd86e94 to your computer and use it in GitHub Desktop.
Claude Code settings. Remove comments if you use it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "permissions": { | |
| // Only access projects in /Projects and /Local Sites folders | |
| "additionalDirectories": ["~/.claude", "~/Projects", "~/Local Sites"], | |
| "allow": [ | |
| "Edit(~/Projects/**)", | |
| "Edit(~/Local Sites/**)", | |
| "Grep(~/Projects/**)", | |
| "Grep(~/Local Sites/**)", | |
| "Read(~/Projects/**)", | |
| "Read(~/Local Sites/**)", | |
| "Glob(~/Projects/**)", | |
| "Glob(~/Local Sites/**)", | |
| "LS(~/Projects/**)", | |
| "LS(~/Local Sites/**)", | |
| "LS(~/.claude/**)", | |
| "WebSearch(**)", | |
| "Bash(ls:*)", | |
| "Bash(tree:*)", | |
| "Bash(pwd:*)", | |
| "Bash(which:*)", | |
| "Bash(find:~/Projects/**)", | |
| "Bash(find:~/Local Sites/**)", | |
| "mcp__ide__getDiagnostics" | |
| ], | |
| "deny": [ | |
| // System and sensitive directories | |
| "Read(~/.*)", | |
| "Edit(~/.*)", | |
| "Read(~/Library/**)", | |
| "Edit(~/Library/**)", | |
| "Read(~/Dropbox/**)", | |
| "Edit(~/Dropbox/**)", | |
| "Read(/etc/**)", | |
| "Edit(/etc/**)", | |
| "Read(/usr/**)", | |
| "Edit(/usr/**)", | |
| "Read(/bin/**)", | |
| "Edit(/bin/**)", | |
| "Read(/sbin/**)", | |
| "Edit(/sbin/**)", | |
| "Read(/var/**)", | |
| "Edit(/var/**)", | |
| "Read(/tmp/**)", | |
| "Edit(/tmp/**)", | |
| "Read(/System/**)", | |
| "Edit(/System/**)", | |
| "Read(/Applications/**)", | |
| "Edit(/Applications/**)", | |
| // Privilege escalation and system modification | |
| "Bash(su:*)", | |
| "Bash(sudo:*)", | |
| "Bash(doas:*)", | |
| "Bash(passwd:*)", | |
| "Bash(chown:*)", | |
| "Bash(chmod:*)", | |
| "Bash(chgrp:*)", | |
| "Bash(mount:*)", | |
| "Bash(umount:*)", | |
| "Bash(fdisk:*)", | |
| "Bash(mkfs:*)", | |
| "Bash(fsck:*)", | |
| // Environment and system info | |
| "Bash(env:*)", | |
| "Bash(printenv:*)", | |
| "Bash(export:*)", | |
| "Bash(set:*)", | |
| "Bash(history:*)", | |
| "Bash(ps:*)", | |
| "Bash(top:*)", | |
| "Bash(htop:*)", | |
| "Bash(kill:*)", | |
| "Bash(killall:*)", | |
| // Network and remote access | |
| "Bash(curl:*)", | |
| "Bash(wget:*)", | |
| "Bash(rsync:*)", | |
| "Bash(scp:*)", | |
| "Bash(sftp:*)", | |
| "Bash(socat:*)", | |
| "Bash(ssh:*)", | |
| "Bash(nc:*)", | |
| "Bash(ncat:*)", | |
| "Bash(netcat:*)", | |
| "Bash(nmap:*)", | |
| "Bash(ping:*)", | |
| "Bash(telnet:*)", | |
| "Bash(ftp:*)", | |
| // Git remote operations | |
| "Bash(git push:*)", | |
| "Bash(git pull:*)", | |
| "Bash(git fetch:*)", | |
| "Bash(git clone:*)", | |
| "Bash(git remote:*)", | |
| // Package managers (to prevent software installation) | |
| "Bash(brew:*)", | |
| "Bash(npm:*)", | |
| "Bash(pnpm:*)", | |
| "Bash(bun:*)", | |
| "Bash(pip:*)", | |
| "Bash(pip3:*)", | |
| "Bash(gem:*)", | |
| "Bash(yarn:*)", | |
| "Bash(apt:*)", | |
| "Bash(apt-get:*)", | |
| "Bash(yum:*)", | |
| "Bash(dnf:*)", | |
| // File operations outside allowed directories | |
| "Bash(rm:*)", | |
| "Bash(mv:*)", | |
| "Bash(cp:*)", | |
| "Bash(dd:*)", | |
| "Bash(tar:*)", | |
| "Bash(zip:*)", | |
| "Bash(unzip:*)", | |
| // Editors that could modify system files | |
| "Bash(vi:*)", | |
| "Bash(vim:*)", | |
| "Bash(nano:*)", | |
| "Bash(emacs:*)", | |
| // Wildcard operations outside project directories | |
| "Glob(/etc/**)", | |
| "Glob(/usr/**)", | |
| "Glob(/bin/**)", | |
| "Glob(/var/**)", | |
| "Glob(~/Library/**)", | |
| "LS(/etc/**)", | |
| "LS(/usr/**)", | |
| "LS(/bin/**)", | |
| "LS(/var/**)" | |
| ] | |
| }, | |
| "env": { | |
| "DISABLE_BUG_COMMAND": "1", | |
| "DISABLE_ERROR_REPORTING": "1", | |
| "DISABLE_TELEMETRY": "1", | |
| "CLAUDE_BASH_MAINTAIN_PROJECT_WORKING_DIR": "1" | |
| }, | |
| "includeCoAuthoredBy": false | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment