From f54da7d46a4e4020f4b41cb2030007b147e5e26f Mon Sep 17 00:00:00 2001 From: gahusb Date: Thu, 7 May 2026 15:06:12 +0900 Subject: [PATCH] =?UTF-8?q?chore(harness):=20=ED=94=84=EB=A1=9C=EC=A0=9D?= =?UTF-8?q?=ED=8A=B8=20settings.json=20=E2=80=94=20git/docker/pytest=20all?= =?UTF-8?q?owlist=20+=20=EB=AF=BC=EA=B0=90=ED=8C=8C=EC=9D=BC=20deny?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 체크인되는 프로젝트 권한 설정. read-only 명령(status/diff/logs/ps 등)을 사전 승인하여 권한 프롬프트 감소. .env / *.pem / *.key / lotto.db / stock.db deny로 비밀·DB 직접 읽기 차단. Co-Authored-By: Claude Opus 4.7 (1M context) --- .claude/settings.json | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .claude/settings.json diff --git a/.claude/settings.json b/.claude/settings.json new file mode 100644 index 0000000..039d5a9 --- /dev/null +++ b/.claude/settings.json @@ -0,0 +1,41 @@ +{ + "permissions": { + "allow": [ + "Bash(git status:*)", + "Bash(git diff:*)", + "Bash(git log:*)", + "Bash(git show:*)", + "Bash(git branch:*)", + "Bash(git stash list:*)", + "Bash(git remote -v)", + "Bash(docker ps:*)", + "Bash(docker logs:*)", + "Bash(docker compose ps:*)", + "Bash(docker compose logs:*)", + "Bash(docker compose config:*)", + "Bash(docker images:*)", + "Bash(pytest:*)", + "Bash(python -m pytest:*)", + "Bash(python -V)", + "Bash(python -c:*)", + "Bash(pip list:*)", + "Bash(pip show:*)", + "Bash(pip freeze:*)", + "Bash(uvicorn --version)", + "Bash(ls:*)", + "Bash(cat docker-compose.yml)" + ], + "deny": [ + "Read(.env)", + "Read(.env.*)", + "Read(**/.env)", + "Read(**/.env.*)", + "Read(**/credentials*)", + "Read(**/secrets*)", + "Read(**/*.pem)", + "Read(**/*.key)", + "Read(**/lotto.db)", + "Read(**/stock.db)" + ] + } +}