From 22a6a85438f364d3318721a4ed24ea450bf1e508 Mon Sep 17 00:00:00 2001
From: Xevion <xevion@xevion.dev>
Date: Sat, 20 Dec 2025 00:53:27 -0600
Subject: [PATCH] chore: update Claude Code permissions and workflow settings

- Add Glob, Read, Grep as allowed tools
- Expand allowed bash commands (gradlew, mise, jq, rsync, etc.)
- Add more allowed WebFetch domains for documentation sites
- Add MCP tool permissions for grep and linear
- Disable less frequently used workflow hooks
---
 home/claude-settings.json | 90 +++++++++++++++++++++++++++++----------
 1 file changed, 68 insertions(+), 22 deletions(-)

diff --git a/home/claude-settings.json b/home/claude-settings.json
index 27e6a6e..0cb6637 100644
--- a/home/claude-settings.json
+++ b/home/claude-settings.json
@@ -2,6 +2,9 @@
   "includeCoAuthoredBy": false,
   "permissions": {
     "allow": [
+      "Glob",
+      "Read",
+      "Grep",
       "WebSearch",
       "WebFetch(domain:github.com)",
       "WebFetch(domain:raw.githubusercontent.com)",
@@ -110,14 +113,57 @@
       "Bash(Select-Object:*)",
       "Bash(findstr:*)",
       "Bash(dir:*)",
-      "Bash(do)",
-      "Bash(then)",
-      "Bash(echo:*)",
-      "Bash(else)",
-      "Bash(fi)",
-      "Bash(done)",
+      "Bash(./gradlew spotlessApply:*)",
+      "Bash(./gradlew check:*)",
+      "Bash(./gradlew build:*)",
+      "Bash(mise install:*)",
       "Bash(mise exec actionlint:*)",
-      "mcp__linear-server__create_issue"
+      "Bash(claude mcp add:*)",
+      "mcp__grep__searchGitHub",
+      "WebFetch(domain:docs.github.com)",
+      "Bash(chmod:*)",
+      "Bash(./gradlew tasks:*)",
+      "Bash(./gradlew help:*)",
+      "Bash(gh pr comment:*)",
+      "Bash(./gradlew compileJava:*)",
+      "Bash(./gradlew spotlessCheck check:*)",
+      "mcp__linear-server__create_project",
+      "mcp__linear-server__create_issue",
+      "mcp__linear-server__get_issue",
+      "mcp__linear-server__list_issue_statuses",
+      "WebFetch(domain:fabricmc.net)",
+      "WebFetch(domain:wiki.vg)",
+      "Bash(jq:*)",
+      "Bash(./gradlew dependencies:*)",
+      "WebFetch(domain:logging.apache.org)",
+      "WebFetch(domain:stackoverflow.com)",
+      "Bash(./gradlew:*)",
+      "WebFetch(domain:jar-download.com)",
+      "Bash(git restore:*)",
+      "Bash(unzip:*)",
+      "WebFetch(domain:minecraft.fandom.com)",
+      "WebFetch(domain:docs.gradle.org)",
+      "WebFetch(domain:www.jetbrains.com)",
+      "WebFetch(domain:docs.architectury.dev)",
+      "Bash(rsync:*)",
+      "WebFetch(domain:modrinth.com)",
+      "WebFetch(domain:mvnrepository.com)",
+      "WebFetch(domain:gradleup.com)",
+      "Bash(wc:*)",
+      "Bash(javap:*)",
+      "Bash(tee:*)",
+      "Bash(git ls-tree:*)",
+      "WebFetch(domain:www.cs.unh.edu)",
+      "WebFetch(domain:www.cs.cmu.edu)",
+      "WebFetch(domain:theory.stanford.edu)",
+      "WebFetch(domain:gist.github.com)",
+      "WebFetch(domain:docs.neoforged.net)",
+      "WebFetch(domain:maven.fabricmc.net)",
+      "Bash(grep:*)",
+      "Bash(cd:*)",
+      "WebFetch(domain:acegikmo.com)",
+      "WebFetch(domain:commons.apache.org)",
+      "WebFetch(domain:bashtage.github.io)"
     ],
     "deny": [
       "Bash(git push --force:*)",
@@ -205,27 +251,27 @@
     "code-refactoring@claude-code-workflows": true,
     "dependency-management@claude-code-workflows": true,
     "error-debugging@claude-code-workflows": true,
-    "error-diagnostics@claude-code-workflows": true,
-    "deployment-strategies@claude-code-workflows": true,
-    "deployment-validation@claude-code-workflows": true,
+    "error-diagnostics@claude-code-workflows": false,
+    "deployment-strategies@claude-code-workflows": false,
+    "deployment-validation@claude-code-workflows": false,
     "cicd-automation@claude-code-workflows": true,
     "application-performance@claude-code-workflows": true,
     "comprehensive-review@claude-code-workflows": true,
-    "performance-testing-review@claude-code-workflows": true,
-    "framework-migration@claude-code-workflows": true,
+    "performance-testing-review@claude-code-workflows": false,
+    "framework-migration@claude-code-workflows": false,
     "codebase-cleanup@claude-code-workflows": true,
-    "database-design@claude-code-workflows": true,
-    "data-validation-suite@claude-code-workflows": true,
-    "api-scaffolding@claude-code-workflows": true,
-    "api-testing-observability@claude-code-workflows": true,
-    "documentation-generation@claude-code-workflows": true,
-    "game-development@claude-code-workflows": true,
-    "accessibility-compliance@claude-code-workflows": true,
+    "database-design@claude-code-workflows": false,
+    "data-validation-suite@claude-code-workflows": false,
+    "api-scaffolding@claude-code-workflows": false,
+    "api-testing-observability@claude-code-workflows": false,
+    "documentation-generation@claude-code-workflows": false,
+    "game-development@claude-code-workflows": false,
+    "accessibility-compliance@claude-code-workflows": false,
     "systems-programming@claude-code-workflows": true,
     "functional-programming@claude-code-workflows": true,
-    "shell-scripting@claude-code-workflows": true,
-    "observability-monitoring@claude-code-workflows": true,
-    "database-cloud-optimization@claude-code-workflows": true,
+    "shell-scripting@claude-code-workflows": false,
+    "observability-monitoring@claude-code-workflows": false,
+    "database-cloud-optimization@claude-code-workflows": false,
     "jvm-languages@claude-code-workflows": true
   },
   "alwaysThinkingEnabled": true