From 1e55b4862f9a93b16edc864f994b965a5e5bda0b Mon Sep 17 00:00:00 2001
From: Ryan Walters <ryan@walters.to>
Date: Mon, 3 Nov 2025 17:04:49 -0600
Subject: [PATCH] feat: add Claude settings symlink management

- Add claude-settings.json as source file in chezmoi repo
- Create symlink template for .claude/settings.json
- Update .chezmoiignore to prevent recursion
- Update TODO.md to track Claude configuration progress
---
 TODO.md                                    |   3 +-
 home/.chezmoiignore                        |   3 +-
 home/claude-settings.json                  | 217 +++++++++++++++++++++
 home/dot_claude/symlink_settings.json.tmpl |   1 +
 4 files changed, 222 insertions(+), 2 deletions(-)
 create mode 100644 home/claude-settings.json
 create mode 100644 home/dot_claude/symlink_settings.json.tmpl

diff --git a/TODO.md b/TODO.md
index fa8e419..4c802b5 100644
--- a/TODO.md
+++ b/TODO.md
@@ -18,6 +18,7 @@
 - [ ] Add step-by-step first-time setup guide
 - [ ] Document Doppler setup requirements
 - [ ] Create quick reference card for emergency recovery
+- [ ] Document proper process of adding symlinks (mention updating chemzoiignore, etc.)
 
 ### 2. Standardize Encryption & Authentication Workflow
 
@@ -297,4 +298,4 @@ These items were in the original TODO.md and need to be categorized/completed:
 - Some items have dependencies (e.g., documentation should reflect implemented changes)
 - Use `chezmoi cd` to navigate to source directory when working on configs
 - Test changes in WSL/Linux before applying to Windows (or vice versa)
-- Keep encrypted secrets out of git history - use age encryption or Doppler
\ No newline at end of file
+- Keep encrypted secrets out of git history - use age encryption or Doppler
diff --git a/home/.chezmoiignore b/home/.chezmoiignore
index 62476c8..06a7c9a 100644
--- a/home/.chezmoiignore
+++ b/home/.chezmoiignore
@@ -1,5 +1,6 @@
 hooks
 tool-versions
+claude-settings.json
 
 {{/* WSL Only Files */}}
 {{ if (not .wsl) }}
@@ -35,4 +36,4 @@ key.txt
 Documents/
 AppData/
 
-{{ end }}
\ No newline at end of file
+{{ end }}
diff --git a/home/claude-settings.json b/home/claude-settings.json
new file mode 100644
index 0000000..81c23de
--- /dev/null
+++ b/home/claude-settings.json
@@ -0,0 +1,217 @@
+{
+  "includeCoAuthoredBy": false,
+  "alwaysThinkingEnabled": true,
+  "enabledPlugins": {
+    "backend-development@claude-code-workflows": true,
+    "javascript-typescript@claude-code-workflows": true,
+    "security-guidance@claude-code-plugins": true,
+    "commit-commands@claude-code-plugins": true,
+    "feature-dev@claude-code-plugins": true,
+    "code-documentation@claude-code-workflows": true,
+    "debugging-toolkit@claude-code-workflows": true,
+    "git-pr-workflows@claude-code-workflows": true,
+    "full-stack-orchestration@claude-code-workflows": true,
+    "unit-testing@claude-code-workflows": true,
+    "tdd-workflows@claude-code-workflows": true,
+    "code-review-ai@claude-code-workflows": true,
+    "code-refactoring@claude-code-workflows": true,
+    "dependency-management@claude-code-workflows": true,
+    "error-debugging@claude-code-workflows": true,
+    "error-diagnostics@claude-code-workflows": true,
+    "deployment-strategies@claude-code-workflows": true,
+    "deployment-validation@claude-code-workflows": true,
+    "cicd-automation@claude-code-workflows": true,
+    "application-performance@claude-code-workflows": true,
+    "comprehensive-review@claude-code-workflows": true,
+    "performance-testing-review@claude-code-workflows": true,
+    "framework-migration@claude-code-workflows": true,
+    "codebase-cleanup@claude-code-workflows": true,
+    "database-design@claude-code-workflows": true,
+    "data-validation-suite@claude-code-workflows": true,
+    "api-scaffolding@claude-code-workflows": true,
+    "api-testing-observability@claude-code-workflows": true,
+    "documentation-generation@claude-code-workflows": true,
+    "game-development@claude-code-workflows": true,
+    "accessibility-compliance@claude-code-workflows": true,
+    "systems-programming@claude-code-workflows": true,
+    "functional-programming@claude-code-workflows": true,
+    "shell-scripting@claude-code-workflows": true,
+    "observability-monitoring@claude-code-workflows": true,
+    "database-cloud-optimization@claude-code-workflows": true
+  },
+  "permissions": {
+    "allow": [
+      "WebSearch",
+      "WebFetch(domain:github.com)",
+      "WebFetch(domain:raw.githubusercontent.com)",
+      "WebFetch(domain:gitlab.com)",
+      "WebFetch(domain:docs.rs)",
+      "WebFetch(domain:lib.rs)",
+      "WebFetch(domain:crates.io)",
+      "WebFetch(domain:npmjs.com)",
+      "WebFetch(domain:pypi.org)",
+      "WebFetch(domain:typst.app)",
+      "WebFetch(domain:pixijs.com)",
+      "WebFetch(domain:developers.cloudflare.com)",
+      "WebFetch(domain:aws.amazon.com)",
+      "WebFetch(domain:cloud.google.com)",
+      "WebFetch(domain:azure.microsoft.com)",
+      "WebFetch(domain:learn.microsoft.com)",
+      "WebFetch(domain:devblogs.microsoft.com)",
+      "WebFetch(domain:slowli.github.io)",
+      "mcp__context7__resolve-library-id",
+      "mcp__context7__get-library-docs",
+      "mcp__linear-server__list_issues",
+      "mcp__linear-server__list_issue_labels",
+      "mcp__linear-server__create_issue_label",
+      "mcp__linear-server__update_issue",
+      "mcp__linear-server__list_teams",
+      "mcp__linear-server__list_projects",
+      "Bash(cargo --version:*)",
+      "Bash(cargo build:*)",
+      "Bash(cargo check:*)",
+      "Bash(cargo clippy:*)",
+      "Bash(cargo test:*)",
+      "Bash(cargo nextest run:*)",
+      "Bash(cargo tree:*)",
+      "Bash(cargo doc:*)",
+      "Bash(cargo llvm-cov:*)",
+      "Bash(cargo add:*)",
+      "Bash(cargo machete:*)",
+      "Bash(cargo udeps:*)",
+      "Bash(cargo audit:*)",
+      "Bash(cargo deny:*)",
+      "Bash(cargo outdated:*)",
+      "Bash(rustc --version:*)",
+      "Bash(sccache --version:*)",
+      "Bash(node --version:*)",
+      "Bash(npm --version:*)",
+      "Bash(npm run:*)",
+      "Bash(npm audit:*)",
+      "Bash(pnpm --version:*)",
+      "Bash(pnpm run:*)",
+      "Bash(pnpm list:*)",
+      "Bash(pnpm exec:*)",
+      "Bash(pnpm audit:*)",
+      "Bash(pnpm outdated:*)",
+      "Bash(bun --version:*)",
+      "Bash(bun run:*)",
+      "Bash(bun:*)",
+      "Bash(just --version:*)",
+      "Bash(just:*)",
+      "Bash(make --version:*)",
+      "Bash(make run:*)",
+      "Bash(make build:*)",
+      "Bash(git --version:*)",
+      "Bash(git status:*)",
+      "Bash(git log:*)",
+      "Bash(git show:*)",
+      "Bash(git diff:*)",
+      "Bash(git fetch:*)",
+      "Bash(git add:*)",
+      "Bash(git commit:*)",
+      "Bash(git rm:*)",
+      "Bash(git mv:*)",
+      "Bash(gh --version:*)",
+      "Bash(gh run list:*)",
+      "Bash(gh run view:*)",
+      "Bash(gh pr list:*)",
+      "Bash(gh api:*)",
+      "Bash(docker --version:*)",
+      "Bash(docker ps:*)",
+      "Bash(docker logs:*)",
+      "Bash(docker inspect:*)",
+      "Bash(docker exec:*)",
+      "Bash(docker port:*)",
+      "Bash(docker build:*)",
+      "Bash(wrangler --version:*)",
+      "Bash(ls:*)",
+      "Bash(tree:*)",
+      "Bash(cat:*)",
+      "Bash(rg:*)",
+      "Bash(find:*)",
+      "Bash(mkdir:*)",
+      "Bash(cloc:*)",
+      "Bash(tokei:*)",
+      "Bash(curl:*)",
+      "Bash(netstat:*)",
+      "Bash(awk:*)",
+      "Bash(timeout:*)",
+      "Bash(wsl --list --verbose:*)",
+      "Bash(wsl dpkg:*)",
+      "Bash(wsl which:*)",
+      "Bash(wsl ps:*)",
+      "Bash(wsl find:*)",
+      "Bash(wsl ls:*)",
+      "Bash(wsl:*)",
+      "Bash(tasklist:*)",
+      "Bash(powershell \"Get-Process:*)",
+      "Bash(Select-String:*)",
+      "Bash(Select-Object:*)",
+      "Bash(findstr:*)",
+      "Bash(dir:*)"
+    ],
+    "ask": [
+      "Bash(cargo uninstall:*)",
+      "Bash(cargo update:*)",
+      "Bash(npm install:*)",
+      "Bash(npm update:*)",
+      "Bash(pnpm install:*)",
+      "Bash(pnpm add:*)",
+      "Bash(pnpm remove:*)",
+      "Bash(pnpm uninstall:*)",
+      "Bash(pnpm update:*)",
+      "Bash(pnpm store prune:*)",
+      "Bash(bun install:*)",
+      "Bash(bun add:*)",
+      "Bash(bun remove:*)",
+      "Bash(git checkout:*)",
+      "Bash(git pull:*)",
+      "Bash(git merge:*)",
+      "Bash(git merge --squash:*)",
+      "Bash(git branch -d:*)",
+      "Bash(git rebase:*)",
+      "Bash(git push:*)",
+      "Bash(gh pr close:*)",
+      "Bash(gh issue close:*)",
+      "Bash(gh run cancel:*)",
+      "Bash(wrangler publish:*)",
+      "Bash(wrangler deploy:*)",
+      "Bash(pnpm run deploy:*)",
+      "Bash(pnpm run build --production:*)",
+      "Bash(npm run deploy:*)",
+      "Bash(bun run deploy:*)",
+      "Bash(mv:*)",
+      "Bash(Move-Item:*)",
+      "Bash(rm:*)",
+      "Bash(del:*)"
+    ],
+    "deny": [
+      "Bash(git push --force:*)",
+      "Bash(git push -f:*)",
+      "Bash(git push --force-with-lease:*)",
+      "Bash(git reset --hard:*)",
+      "Bash(git branch -D:*)",
+      "Bash(git clean -fd:*)",
+      "Bash(git clean -f:*)",
+      "Bash(git filter-branch:*)",
+      "Bash(git push --delete:*)",
+      "Bash(git push origin --delete:*)",
+      "Bash(git push origin :*)",
+      "Bash(gh repo delete:*)",
+      "Bash(gh repo archive:*)",
+      "Bash(gh secret delete:*)",
+      "Bash(gh release delete:*)",
+      "Bash(cargo clean:*)",
+      "Bash(cargo yank:*)",
+      "Bash(cargo uninstall --all:*)",
+      "Bash(wrangler delete:*)",
+      "Bash(wrangler secret delete:*)",
+      "Bash(rm -rf:*)",
+      "Bash(rmdir /s:*)",
+      "Bash(rd /s:*)",
+      "Bash(Remove-Item -Recurse -Force:*)",
+      "Bash(del /s:*)"
+    ]
+  }
+}
diff --git a/home/dot_claude/symlink_settings.json.tmpl b/home/dot_claude/symlink_settings.json.tmpl
new file mode 100644
index 0000000..75c328f
--- /dev/null
+++ b/home/dot_claude/symlink_settings.json.tmpl
@@ -0,0 +1 @@
+{{ .chezmoi.sourceDir }}/claude-settings.json