chore(workflows): tighten claude lockdown in weekly-update (H4)

jdalton · jdalton · commit 0f17dd1d3829 · 2026-05-06T11:45:28.000-07:00
The two `claude --print` calls (haiku update, sonnet fix) carried only
`--allowedTools`. Per the programmatic-Claude rule in CLAUDE.md / the
locking-down-programmatic-claude skill, every callsite must set all
four flags: `--tools`, `--allowedTools`, `--disallowedTools`, and
`--permission-mode dontAsk`.

Tighten both invocations:
  - `--tools` declares the available surface (Bash, Read, Glob, Grep).
  - `--allowedTools` keeps the surgical Bash patterns + read-side tools.
  - `--disallowedTools` blocks Edit, Write, Agent, Task, NotebookEdit,
    WebFetch, WebSearch, plus Bash(rm|mv|curl|wget|sudo:*).
  - `--permission-mode dontAsk` so unmatched tools fail-closed rather
    than fall through to a missing canUseTool.
diff --git a/.github/workflows/weekly-update.yml b/.github/workflows/weekly-update.yml
@@ -82,7 +82,10 @@ jobs:
 
           set +e
           claude --print \
-            --allowedTools "Bash(pnpm:*)" "Bash(git add:*)" "Bash(git commit:*)" "Bash(git status:*)" "Bash(git diff:*)" "Bash(git log:*)" "Bash(git rev-parse:*)" "Read" "Write" "Edit" "Glob" "Grep" \
+            --tools "Bash" "Read" "Glob" "Grep" \
+            --allowedTools "Bash(pnpm:*)" "Bash(git add:*)" "Bash(git commit:*)" "Bash(git status:*)" "Bash(git diff:*)" "Bash(git log:*)" "Bash(git rev-parse:*)" "Read" "Glob" "Grep" \
+            --disallowedTools "Agent" "Task" "NotebookEdit" "WebFetch" "WebSearch" "Edit" "Write" "Bash(rm:*)" "Bash(mv:*)" "Bash(curl:*)" "Bash(wget:*)" "Bash(sudo:*)" \
+            --permission-mode dontAsk \
             --model haiku \
             --max-turns 15 \
             "$(cat <<'PROMPT'
@@ -181,7 +184,10 @@ jobs:
             process.stdout.write(tmpl);
           ')
           claude --print \
-            --allowedTools "Bash(pnpm:*)" "Bash(git add:*)" "Bash(git commit:*)" "Bash(git status:*)" "Bash(git diff:*)" "Bash(git log:*)" "Bash(git rev-parse:*)" "Read" "Write" "Edit" "Glob" "Grep" \
+            --tools "Bash" "Read" "Glob" "Grep" \
+            --allowedTools "Bash(pnpm:*)" "Bash(git add:*)" "Bash(git commit:*)" "Bash(git status:*)" "Bash(git diff:*)" "Bash(git log:*)" "Bash(git rev-parse:*)" "Read" "Glob" "Grep" \
+            --disallowedTools "Agent" "Task" "NotebookEdit" "WebFetch" "WebSearch" "Edit" "Write" "Bash(rm:*)" "Bash(mv:*)" "Bash(curl:*)" "Bash(wget:*)" "Bash(sudo:*)" \
+            --permission-mode dontAsk \
             --model sonnet \
             --max-turns 25 \
             "$PROMPT_BODY" \
