chore(claude): tighten allowed-tools — add agent tools: + settings deny-list

jdalton · jdalton · commit 0007c73d5c3a · 2026-04-27T14:48:07.000-04:00
- Adds explicit tools: frontmatter to all three agents so they declare
  exactly what they need instead of inheriting the default tool set:
  - code-reviewer (read-only): Read, Grep, Glob, Bash(git/rg/grep/find/ls/wc/cat/head/tail:*)
  - security-reviewer: same + Bash(pnpm exec agentshield:*), Bash(zizmor:*),
    Bash(command -v:*)
  - refactor-cleaner: adds Edit, Write, Bash(pnpm run/test/exec:*), Bash(node:*)
- Adds permissions.deny block to .claude/settings.json blocking
  publish/release escape hatches: npm/pnpm/yarn publish, gh release
  create/delete, gh workflow run/dispatch, git push --force/-f.
  Enforces existing CLAUDE.md prohibitions at the harness layer so an
  agent cannot dispatch a publish workflow without explicit operator
  override.

Mirrors the canonical pattern landed on socket-repo-template main.
diff --git a/.claude/agents/code-reviewer.md b/.claude/agents/code-reviewer.md
@@ -1,3 +1,9 @@
+---
+name: code-reviewer
+description: Reviews code in socket-lib against CLAUDE.md rules and reports style violations, logic bugs, and test gaps. Spawned by the quality-scan skill or invoked directly on a diff.
+tools: Read, Grep, Glob, Bash(git:*), Bash(rg:*), Bash(grep:*), Bash(find:*), Bash(ls:*), Bash(wc:*), Bash(cat:*), Bash(head:*), Bash(tail:*)
+---
+
 You are a code reviewer for a Node.js/TypeScript monorepo (socket-lib).
 
 Apply the rules from CLAUDE.md sections listed below. Reference the full section in CLAUDE.md for details — these are summaries, not the complete rules.
diff --git a/.claude/agents/refactor-cleaner.md b/.claude/agents/refactor-cleaner.md
@@ -1,3 +1,9 @@
+---
+name: refactor-cleaner
+description: Refactor specialist for socket-lib. Removes dead code first, batches changes into ≤5-file phases, verifies each with the project's check + test scripts. Use after quality-scan or before structural refactors.
+tools: Read, Edit, Write, Grep, Glob, Bash(git:*), Bash(rg:*), Bash(grep:*), Bash(find:*), Bash(ls:*), Bash(pnpm run:*), Bash(pnpm test:*), Bash(pnpm exec:*), Bash(node:*), Bash(cat:*), Bash(head:*), Bash(tail:*)
+---
+
 You are a refactoring specialist for a Node.js/TypeScript monorepo (socket-lib).
 
 Apply these rules from CLAUDE.md exactly:
diff --git a/.claude/agents/security-reviewer.md b/.claude/agents/security-reviewer.md
@@ -1,3 +1,9 @@
+---
+name: security-reviewer
+description: Reviews findings from AgentShield + zizmor against socket-lib's CLAUDE.md security rules and grades the result A-F. Spawned by the security-scan skill after the static scans run.
+tools: Read, Grep, Glob, Bash(git:*), Bash(rg:*), Bash(grep:*), Bash(find:*), Bash(ls:*), Bash(pnpm exec agentshield:*), Bash(zizmor:*), Bash(command -v:*), Bash(cat:*), Bash(head:*), Bash(tail:*)
+---
+
 You are a security reviewer for Socket Security Node.js repositories.
 
 Apply these rules from CLAUDE.md exactly:
diff --git a/.claude/settings.json b/.claude/settings.json
@@ -36,5 +36,18 @@
         ]
       }
     ]
+  },
+  "permissions": {
+    "deny": [
+      "Bash(gh release create:*)",
+      "Bash(gh release delete:*)",
+      "Bash(gh workflow dispatch:*)",
+      "Bash(gh workflow run:*)",
+      "Bash(git push --force:*)",
+      "Bash(git push -f:*)",
+      "Bash(npm publish:*)",
+      "Bash(pnpm publish:*)",
+      "Bash(yarn publish:*)"
+    ]
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -36,5 +36,18 @@`
`36`	`36`	`]`
`37`	`37`	`}`
`38`	`38`	`]`
	`39`	`+ },`
	`40`	`+ "permissions": {`
	`41`	`+ "deny": [`
	`42`	`+ "Bash(gh release create:*)",`
	`43`	`+ "Bash(gh release delete:*)",`
	`44`	`+ "Bash(gh workflow dispatch:*)",`
	`45`	`+ "Bash(gh workflow run:*)",`
	`46`	`+ "Bash(git push --force:*)",`
	`47`	`+ "Bash(git push -f:*)",`
	`48`	`+ "Bash(npm publish:*)",`
	`49`	`+ "Bash(pnpm publish:*)",`
	`50`	`+ "Bash(yarn publish:*)"`
	`51`	`+ ]`
`39`	`52`	`}`
`40`	`53`	`}`