2026-05-30 22:14:40 +02:00
|
|
|
{
|
|
|
|
|
"$schema": "https://json.schemastore.org/claude-code-settings.json",
|
Make the Claude Code toolchain reproducible (TODO 10.7)
Reviewed the Claude Code config against boma's capabilities and committed a
reproducible, leaner toolchain:
- .claude/settings.json now declares extraKnownMarketplaces + enabledPlugins so a
fresh clone prompts to install the active set: superpowers, context7, terraform
(we use TF, ADR-006), claude-md-management (doc/ADR-heavy). Drops code-simplifier.
- Adds a conservative, read-only/verify permissions allowlist (git status/diff/log,
make lint/test/check, pytest, rbw unlocked, ls/cat/rg/find) — mutations and
outward/destructive commands stay gated, consistent with ADR-002.
- docs/runbooks/claude-code-setup.md: per-machine bootstrap, the deferred
enable-when plugins (security-guidance/semgrep, playwright, hookify, skill-creator),
rbw/venv prerequisites, and a note to keep the dangerous-mode prompt on.
Closes TODO 10.7. Plugin install remains a per-machine /plugin action (no native
auto-install).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-04 21:41:54 +02:00
|
|
|
"extraKnownMarketplaces": {
|
|
|
|
|
"claude-plugins-official": {
|
|
|
|
|
"source": { "source": "github", "repo": "anthropics/claude-plugins-official" }
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
"enabledPlugins": {
|
|
|
|
|
"superpowers@claude-plugins-official": true,
|
|
|
|
|
"context7@claude-plugins-official": true,
|
|
|
|
|
"terraform@claude-plugins-official": true,
|
|
|
|
|
"claude-md-management@claude-plugins-official": true
|
|
|
|
|
},
|
|
|
|
|
"permissions": {
|
|
|
|
|
"allow": [
|
|
|
|
|
"Read",
|
|
|
|
|
"Grep",
|
|
|
|
|
"Glob",
|
|
|
|
|
"Bash(git status:*)",
|
|
|
|
|
"Bash(git diff:*)",
|
|
|
|
|
"Bash(git log:*)",
|
|
|
|
|
"Bash(git show:*)",
|
|
|
|
|
"Bash(git branch:*)",
|
|
|
|
|
"Bash(make lint:*)",
|
|
|
|
|
"Bash(make test:*)",
|
|
|
|
|
"Bash(make check:*)",
|
|
|
|
|
"Bash(python3 -m pytest:*)",
|
|
|
|
|
"Bash(rbw unlocked)",
|
|
|
|
|
"Bash(ls:*)",
|
|
|
|
|
"Bash(cat:*)",
|
|
|
|
|
"Bash(rg:*)",
|
|
|
|
|
"Bash(find:*)"
|
|
|
|
|
]
|
|
|
|
|
},
|
2026-05-30 22:14:40 +02:00
|
|
|
"hooks": {
|
|
|
|
|
"PreToolUse": [
|
|
|
|
|
{
|
|
|
|
|
"matcher": "Write|Edit",
|
|
|
|
|
"hooks": [
|
|
|
|
|
{
|
|
|
|
|
"type": "command",
|
|
|
|
|
"command": "bash \"${CLAUDE_PROJECT_DIR:-.}/.claude/hooks/guard-generated-files.sh\"",
|
|
|
|
|
"timeout": 10,
|
|
|
|
|
"statusMessage": "Checking generated-file guard"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"matcher": "Bash",
|
|
|
|
|
"hooks": [
|
|
|
|
|
{
|
|
|
|
|
"type": "command",
|
|
|
|
|
"command": "bash \"${CLAUDE_PROJECT_DIR:-.}/.claude/hooks/guard-vault-preflight.sh\"",
|
|
|
|
|
"timeout": 10,
|
|
|
|
|
"statusMessage": "Checking rbw vault pre-flight"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
2026-06-10 12:51:46 +02:00
|
|
|
],
|
|
|
|
|
"Stop": [
|
|
|
|
|
{
|
|
|
|
|
"hooks": [
|
|
|
|
|
{
|
|
|
|
|
"type": "command",
|
|
|
|
|
"command": "bash \"${CLAUDE_PROJECT_DIR:-.}/.claude/hooks/guard-execution-mode-menu.sh\"",
|
|
|
|
|
"timeout": 10,
|
|
|
|
|
"statusMessage": "Checking for execution-mode menu"
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
2026-05-30 22:14:40 +02:00
|
|
|
]
|
2026-06-17 17:35:47 +02:00
|
|
|
},
|
|
|
|
|
"statusLine": {
|
|
|
|
|
"type": "command",
|
|
|
|
|
"command": "bash \"${CLAUDE_PROJECT_DIR:-.}/.claude/statusline.sh\"",
|
|
|
|
|
"padding": 0
|
2026-05-30 22:14:40 +02:00
|
|
|
}
|
|
|
|
|
}
|