chore: update Claude Code permissions and workflow settings

- Add Glob, Read, Grep as allowed tools - Expand allowed bash commands (gradlew, mise, jq, rsync, etc.) - Add more allowed WebFetch domains for documentation sites - Add MCP tool permissions for grep and linear - Disable less frequently used workflow hooks
2026-01-30 22:24:06 -06:00 · 2025-12-20 00:53:27 -06:00
parent 6f3faca5af
commit 22a6a85438
1 changed files with 68 additions and 22 deletions
@@ -2,6 +2,9 @@
  "includeCoAuthoredBy": false,
  "permissions": {
    "allow": [
+      "Glob",
+      "Read",
+      "Grep",
      "WebSearch",
      "WebFetch(domain:github.com)",
      "WebFetch(domain:raw.githubusercontent.com)",
@@ -110,14 +113,57 @@
      "Bash(Select-Object:*)",
      "Bash(findstr:*)",
      "Bash(dir:*)",
-      "Bash(do)",
-      "Bash(then)",
-      "Bash(echo:*)",
-      "Bash(else)",
-      "Bash(fi)",
-      "Bash(done)",
+      "Bash(./gradlew spotlessApply:*)",
+      "Bash(./gradlew check:*)",
+      "Bash(./gradlew build:*)",
+      "Bash(mise install:*)",
      "Bash(mise exec actionlint:*)",
-      "mcp__linear-server__create_issue"
+      "Bash(claude mcp add:*)",
+      "mcp__grep__searchGitHub",
+      "WebFetch(domain:docs.github.com)",
+      "Bash(chmod:*)",
+      "Bash(./gradlew tasks:*)",
+      "Bash(./gradlew help:*)",
+      "Bash(gh pr comment:*)",
+      "Bash(./gradlew compileJava:*)",
+      "Bash(./gradlew spotlessCheck check:*)",
+      "mcp__linear-server__create_project",
+      "mcp__linear-server__create_issue",
+      "mcp__linear-server__get_issue",
+      "mcp__linear-server__list_issue_statuses",
+      "WebFetch(domain:fabricmc.net)",
+      "WebFetch(domain:wiki.vg)",
+      "Bash(jq:*)",
+      "Bash(./gradlew dependencies:*)",
+      "WebFetch(domain:logging.apache.org)",
+      "WebFetch(domain:stackoverflow.com)",
+      "Bash(./gradlew:*)",
+      "WebFetch(domain:jar-download.com)",
+      "Bash(git restore:*)",
+      "Bash(unzip:*)",
+      "WebFetch(domain:minecraft.fandom.com)",
+      "WebFetch(domain:docs.gradle.org)",
+      "WebFetch(domain:www.jetbrains.com)",
+      "WebFetch(domain:docs.architectury.dev)",
+      "Bash(rsync:*)",
+      "WebFetch(domain:modrinth.com)",
+      "WebFetch(domain:mvnrepository.com)",
+      "WebFetch(domain:gradleup.com)",
+      "Bash(wc:*)",
+      "Bash(javap:*)",
+      "Bash(tee:*)",
+      "Bash(git ls-tree:*)",
+      "WebFetch(domain:www.cs.unh.edu)",
+      "WebFetch(domain:www.cs.cmu.edu)",
+      "WebFetch(domain:theory.stanford.edu)",
+      "WebFetch(domain:gist.github.com)",
+      "WebFetch(domain:docs.neoforged.net)",
+      "WebFetch(domain:maven.fabricmc.net)",
+      "Bash(grep:*)",
+      "Bash(cd:*)",
+      "WebFetch(domain:acegikmo.com)",
+      "WebFetch(domain:commons.apache.org)",
+      "WebFetch(domain:bashtage.github.io)"
    ],
    "deny": [
      "Bash(git push --force:*)",
@@ -205,27 +251,27 @@
    "code-refactoring@claude-code-workflows": true,
    "dependency-management@claude-code-workflows": true,
    "error-debugging@claude-code-workflows": true,
-    "error-diagnostics@claude-code-workflows": true,
-    "deployment-strategies@claude-code-workflows": true,
-    "deployment-validation@claude-code-workflows": true,
+    "error-diagnostics@claude-code-workflows": false,
+    "deployment-strategies@claude-code-workflows": false,
+    "deployment-validation@claude-code-workflows": false,
    "cicd-automation@claude-code-workflows": true,
    "application-performance@claude-code-workflows": true,
    "comprehensive-review@claude-code-workflows": true,
-    "performance-testing-review@claude-code-workflows": true,
-    "framework-migration@claude-code-workflows": true,
+    "performance-testing-review@claude-code-workflows": false,
+    "framework-migration@claude-code-workflows": false,
    "codebase-cleanup@claude-code-workflows": true,
-    "database-design@claude-code-workflows": true,
-    "data-validation-suite@claude-code-workflows": true,
-    "api-scaffolding@claude-code-workflows": true,
-    "api-testing-observability@claude-code-workflows": true,
-    "documentation-generation@claude-code-workflows": true,
-    "game-development@claude-code-workflows": true,
-    "accessibility-compliance@claude-code-workflows": true,
+    "database-design@claude-code-workflows": false,
+    "data-validation-suite@claude-code-workflows": false,
+    "api-scaffolding@claude-code-workflows": false,
+    "api-testing-observability@claude-code-workflows": false,
+    "documentation-generation@claude-code-workflows": false,
+    "game-development@claude-code-workflows": false,
+    "accessibility-compliance@claude-code-workflows": false,
    "systems-programming@claude-code-workflows": true,
    "functional-programming@claude-code-workflows": true,
-    "shell-scripting@claude-code-workflows": true,
-    "observability-monitoring@claude-code-workflows": true,
-    "database-cloud-optimization@claude-code-workflows": true,
+    "shell-scripting@claude-code-workflows": false,
+    "observability-monitoring@claude-code-workflows": false,
+    "database-cloud-optimization@claude-code-workflows": false,
    "jvm-languages@claude-code-workflows": true
  },
  "alwaysThinkingEnabled": true