Skip to content

chore: add Claude Code safeguards and track CLAUDE.md#30

Merged
mikkeldamsgaard merged 2 commits into
mainfrom
claude/affectionate-wescoff
Mar 11, 2026
Merged

chore: add Claude Code safeguards and track CLAUDE.md#30
mikkeldamsgaard merged 2 commits into
mainfrom
claude/affectionate-wescoff

Conversation

@mikkeldamsgaard
Copy link
Copy Markdown
Contributor

@mikkeldamsgaard mikkeldamsgaard commented Feb 26, 2026

Summary

  • Add .claude/settings.json with layered permission rules enforcing safe defaults for all Claude Code sessions
  • Track CLAUDE.md (agent instructions) and .claude/settings.json in git so they apply to all collaborators and automated agents
  • Remove both from .gitignore

Permission model

  • Deny (hard blocks): PR approval/merge/close, force push, push to main/master, destructive git/shell commands, editing sensitive paths (~/.ssh, ~/.aws, etc.)
  • Allow (auto-approved): read-only tools, project file editing, cargo build/test/clippy/fmt, git workflow, --force-with-lease push to work branches, make, docker, harmless shell utilities
  • Ask (default): everything else prompts for confirmation (cargo publish, gh pr create, etc.)

How to verify

# Check settings are valid JSON
python3 -c "import json; json.load(open('.claude/settings.json'))"

# Verify both files are tracked
git ls-files CLAUDE.md .claude/settings.json

# Verify neither is gitignored
git check-ignore CLAUDE.md .claude/settings.json  # should produce no output

🤖 Generated with Claude Code

@mikkeldamsgaard @claude
chore: add Claude Code safeguards and track project config
c1bcb03 
- Add .claude/settings.json with permission rules:
  - Deny PR approval/merge/close, force push, push to main/master
  - Deny destructive commands (rm -rf, sudo, git reset --hard)
  - Deny editing sensitive paths (~/.ssh, ~/.aws, ~/.gnupg)
  - Allow non-destructive tools, cargo build/test, git workflow
  - Allow push --force-with-lease to work branches
  - Default "ask" mode for anything not explicitly allowed/denied
- Track CLAUDE.md and .claude/settings.json in git
- Remove CLAUDE.md and .claude/settings.json from .gitignore

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings February 26, 2026 22:00
Copilot AI reviewed Feb 26, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds agent safeguards and configuration for Claude Code sessions by introducing two new tracked files: CLAUDE.md (comprehensive AI agent instructions) and .claude/settings.json (permission rules). These files establish operating principles, quality gates, security constraints, and execution rules for AI agents working with this repository.

Changes:

  • Added CLAUDE.md with 20 operating principles covering code quality, testing, documentation, security, and change management
  • Added .claude/settings.json with layered permission rules (deny/allow/ask modes) for Claude Code sessions
  • Removed CLAUDE.md and .claude/settings.json from .gitignore to track them in version control

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 8 comments.

File Description
CLAUDE.md Comprehensive agent instructions covering operating principles, quality gates, robustness, security, change management, and execution constraints
.gitignore Removed entries for CLAUDE.md and .claude/settings.json to enable version tracking
.claude/settings.json Permission configuration with deny rules for dangerous operations, allow rules for safe operations, and default ask mode for everything else

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread CLAUDE.md Outdated
Comment thread .claude/settings.json Outdated
Comment thread CLAUDE.md Outdated
Comment thread CLAUDE.md Outdated
Comment thread CLAUDE.md Outdated
Comment thread .claude/settings.json
Comment thread .claude/settings.json
Comment thread CLAUDE.md Outdated
@mikkeldamsgaard @claude
fix: address PR #30 review comments
f6cd79d 
CLAUDE.md:
- Fix "seems" → "seem" (subject-verb agreement) + add missing period
- Add missing period on line 86
- Fix "Fetch the git origin" → "Fetch from origin"
- Fix "errors was" → "errors were" + "ooriginating" → "originating"

.claude/settings.json:
- Add comprehensive force push deny patterns (+branch, mid-command --force/-f)
- Simplify Edit/Write allow rules (deny rules take precedence for sensitive paths)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@mikkeldamsgaard mikkeldamsgaard merged commit c9ba912 into main Mar 11, 2026
4 of 5 checks passed
@mikkeldamsgaard mikkeldamsgaard deleted the claude/affectionate-wescoff branch March 11, 2026 22:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mikkeldamsgaard