Prune .claude/settings.local.json: drop accumulated one-off allows #12

Closed
opened 2026-05-26 05:04:18 +00:00 by coilysiren · 1 comment
Owner

Symptom

.claude/settings.local.json has 66 allow entries accumulated from one-off "Always allow" clicks. Many are dead allows that the coily PreToolUse hook denies anyway (Bash(pytest), Bash(python3), Bash(pip install:*), Bash(python -m pytest ...), bare Bash(.venv/bin/pytest ...)). Others are sed/perl one-shots with embedded conflict-marker strings (Bash(sed -i '' '/>>>>>>> worktree-agent-a813cb1f/d' ...)).

Why now

The PreToolUse hook (.claude/lockdown-deny.shcoily hook pre-tool-use) does authoritative enforcement on every Bash call. The Claude Code permissions.allow list is UX-only - it suppresses the "Allow this?" modal but does not grant capability beyond what the hook permits. Allowlist entries for bare python / pytest / pip are dead because the hook blocks them; they should route through coily exec test or uv run.

Plan

Rewrite .claude/settings.local.json keeping only repeating-pattern allows:

  • git add/commit/push/checkout/merge/stash/rm/mv:*
  • gh repo/api/search/pr:*
  • uv run/lock/sync/pip:*
  • docker compose:*
  • WebSearch, WebFetch(domain:github.com), WebFetch(domain:www.npmjs.com)
  • python3 -m json.tool

Drop ~49 entries: bare pytest / python3 / pip install:* (dead - hook blocks them), .venv/bin/* invocations (also bypass coily), python -c "<long blob>" one-shots, sed-with-conflict-marker pipelines, chmod +x specific-path one-shots, git -C /Users/kai/projects/coilysiren/flux-gate ... cross-repo one-shot.

Out of scope

  • Per-repo settings.json deny block prune (53 identical entries duplicating coily lockdown). Separate sweep, needs coily template change.
  • Generic git add/commit/push/... + gh repo/api/search/pr recurring across every coilysiren repo's local file should promote to the canonical lockdown template instead of being re-listed per repo. Separate issue.
  • Route gauntlet pytest/ruff/mypy through coily exec verbs so .venv/bin/* allowlist entries stop accumulating. Separate issue.
## Symptom `.claude/settings.local.json` has 66 allow entries accumulated from one-off "Always allow" clicks. Many are dead allows that the coily PreToolUse hook denies anyway (`Bash(pytest)`, `Bash(python3)`, `Bash(pip install:*)`, `Bash(python -m pytest ...)`, bare `Bash(.venv/bin/pytest ...)`). Others are sed/perl one-shots with embedded conflict-marker strings (`Bash(sed -i '' '/>>>>>>> worktree-agent-a813cb1f/d' ...)`). ## Why now The PreToolUse hook (`.claude/lockdown-deny.sh` → `coily hook pre-tool-use`) does authoritative enforcement on every Bash call. The Claude Code `permissions.allow` list is UX-only - it suppresses the "Allow this?" modal but does not grant capability beyond what the hook permits. Allowlist entries for bare `python` / `pytest` / `pip` are dead because the hook blocks them; they should route through `coily exec test` or `uv run`. ## Plan Rewrite `.claude/settings.local.json` keeping only repeating-pattern allows: - `git add/commit/push/checkout/merge/stash/rm/mv:*` - `gh repo/api/search/pr:*` - `uv run/lock/sync/pip:*` - `docker compose:*` - `WebSearch`, `WebFetch(domain:github.com)`, `WebFetch(domain:www.npmjs.com)` - `python3 -m json.tool` Drop ~49 entries: bare `pytest` / `python3` / `pip install:*` (dead - hook blocks them), `.venv/bin/*` invocations (also bypass coily), `python -c "<long blob>"` one-shots, sed-with-conflict-marker pipelines, `chmod +x specific-path` one-shots, `git -C /Users/kai/projects/coilysiren/flux-gate ...` cross-repo one-shot. ## Out of scope - Per-repo `settings.json` `deny` block prune (53 identical entries duplicating coily lockdown). Separate sweep, needs coily template change. - Generic `git add/commit/push/...` + `gh repo/api/search/pr` recurring across every coilysiren repo's local file should promote to the canonical lockdown template instead of being re-listed per repo. Separate issue. - Route gauntlet pytest/ruff/mypy through `coily exec` verbs so `.venv/bin/*` allowlist entries stop accumulating. Separate issue.
Author
Owner

Done. Rewrote .claude/settings.local.json from 66 entries to 21 (git add/commit/push/checkout/merge/stash/rm/mv, gh repo/api/search/pr, uv run/lock/sync/pip, docker compose, python3 -m json.tool, WebSearch, WebFetch github.com + npmjs.com). Dropped 45 entries: dead bare-python/pytest/pip allows the coily hook denies anyway, .venv/bin/* bypasses, sed-with-conflict-marker pipelines, python -c blobs. File is gitignored, closing manually.

Done. Rewrote .claude/settings.local.json from 66 entries to 21 (git add/commit/push/checkout/merge/stash/rm/mv, gh repo/api/search/pr, uv run/lock/sync/pip, docker compose, python3 -m json.tool, WebSearch, WebFetch github.com + npmjs.com). Dropped 45 entries: dead bare-python/pytest/pip allows the coily hook denies anyway, .venv/bin/* bypasses, sed-with-conflict-marker pipelines, python -c blobs. File is gitignored, closing manually.
Commenting is not possible because the repository is archived.
No description provided.