Claude Code
143fcef4e0
Allowlist approach for bash (curl, python3, tail, grep, pgrep, kill, scripts). Deny list blocks: file destruction (rm, mv, cp, chmod, chown, ln), remote access (ssh, scp, rsync), downloads (wget, curl -O), git mutations (push, commit, reset, checkout), package install (pip, apt), privilege escalation (sudo, nohup, crontab, systemctl), and shell injection (eval, exec, source, pipe to bash, redirect to /). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
54 lines
1.2 KiB
JSON
54 lines
1.2 KiB
JSON
{
|
|
"permissions": {
|
|
"allow": [
|
|
"Bash(curl*localhost:8500*)",
|
|
"Bash(curl*192.168.0.244*)",
|
|
"Bash(python3*)",
|
|
"Bash(tail*)",
|
|
"Bash(grep*)",
|
|
"Bash(cat*)",
|
|
"Bash(pgrep*)",
|
|
"Bash(kill*)",
|
|
"Bash(bash*/home/claude/bin/mortdecai-cli/scripts/*)",
|
|
"Read(*)",
|
|
"Write(/home/claude/bin/mortdecai-cli/data/*)",
|
|
"Glob(*)",
|
|
"Grep(*)"
|
|
],
|
|
"deny": [
|
|
"Write(/home/claude/bin/Mortdecai-2.0/*)",
|
|
"Edit(/home/claude/bin/Mortdecai-2.0/*)",
|
|
"Bash(rm *)",
|
|
"Bash(rmdir *)",
|
|
"Bash(mv *)",
|
|
"Bash(cp *)",
|
|
"Bash(chmod *)",
|
|
"Bash(chown *)",
|
|
"Bash(ln *)",
|
|
"Bash(ssh *)",
|
|
"Bash(scp *)",
|
|
"Bash(rsync *)",
|
|
"Bash(wget *)",
|
|
"Bash(curl -O*)",
|
|
"Bash(curl --output*)",
|
|
"Bash(git push*)",
|
|
"Bash(git commit*)",
|
|
"Bash(git reset*)",
|
|
"Bash(git checkout*)",
|
|
"Bash(pip *)",
|
|
"Bash(apt *)",
|
|
"Bash(sudo *)",
|
|
"Bash(nohup *)",
|
|
"Bash(crontab *)",
|
|
"Bash(systemctl *)",
|
|
"Bash(*> /*)",
|
|
"Bash(*>> /*)",
|
|
"Bash(*| bash*)",
|
|
"Bash(*| sh*)",
|
|
"Bash(eval *)",
|
|
"Bash(exec *)",
|
|
"Bash(source *)"
|
|
]
|
|
}
|
|
}
|