Seth Falco (e691bb13) at 16 Mar 08:21
chore: include aliases of npm create in deny as well
Seth Falco (627f451c) at 16 Mar 00:20
I typically revoke commands that can write to disk, but I decided mkdir could be an exception since it's in the realm of editing projects.
I wanted to make allow it to write the current working directory, but not allowed to write outside of the current working directory. It will default to ask, unless the user is in edit mode, in which case it'll auto-approve similarly to how editing files is auto-approved.
This should've been done separately, but whatever. I also refactored all hooks to share a "helpers.sh" file, which has some utilities and repetitive boiler plate.
I typically revoke commands that can write to disk, but I decided mkdir could be an exception since it's in the realm of editing projects.
I wanted to make allow it to write the current working directory, but not allowed to write outside of the current working directory. It will default to ask, unless the user is in edit mode, in which case it'll auto-approve similarly to how editing files is auto-approved.
This should've been done separately, but whatever. I also refactored all hooks to share a "helpers.sh" file, which has some utilities and repetitive boiler plate.
Seth Falco (627f451c) at 16 Mar 00:18
feat: add auto-allow/deny rules mkdir
Seth Falco (ca8206b7) at 15 Mar 17:37
chore: declare a CONTEXT var just for a bit of consistency
Seth Falco (ac1cb2ad) at 15 Mar 17:32
Read the commit body for details.
We had a problem where I only wanted to block installing new npm dependencies like npm install svgo or npm install --save-dev @sethfalco/eslint-config. However, this was actually blocking even the base npm install command before.
The reason is documented in the project README under Other Claude Quirks.
I fix this by creating a new hook for managing "advanced" use cases, which can handle this correctly. A perk to this approach is that we can also give reasons back in response, to Claude knows why it shouldn't. (Otherwise Claude is likely to simply try to work around it, like using npm --prefix . install svgo.)
We don't handle those workarounds, so they'll continue to go to ask instead of being responded to.
Read the commit body for details.
We had a problem where I only wanted to block installing new npm dependencies like npm install svgo or npm install --save-dev @sethfalco/eslint-config. However, this was actually blocking even the base npm install command before.
The reason is documented in the project README under Other Claude Quirks.
I fix this by creating a new hook for managing "advanced" use cases, which can handle this correctly. A perk to this approach is that we can also give reasons back in response, to Claude knows why it shouldn't. (Otherwise Claude is likely to simply try to work around it, like using npm --prefix . install svgo.)
We don't handle those workarounds, so they'll continue to go to ask instead of being responded to.
Seth Falco (ac1cb2ad) at 15 Mar 17:28
fix: allow npm install but block new deps
Seth Falco (27d077fe) at 15 Mar 16:46
chore: remove redundant permission rules
Seth Falco (d1111e20) at 15 Mar 16:45
chore: remove redundant permission rules
Seth Falco (546b4b2f) at 15 Mar 16:26
chore: forbid git init and npm create
Seth Falco (3660685a) at 15 Mar 12:33
chore: forbid npm install with new dependencies
... and 2 more commits
Seth Falco (3811b66b) at 12 Mar 19:52
chore: delete .github folder entirely
Seth Falco (856d75d8) at 12 Mar 19:48
chore: delete github pull request template
Seth Falco (5a14a7d9) at 12 Mar 13:07
chore: pair all read permissions with grep
Seth Falco (3132b195) at 11 Mar 19:22
chore: allow git status