sjat/boma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
boma/.claude/settings.json

79 lines
2 KiB
JSON
Raw Permalink Normal View History

Add PreToolUse guard hooks: generated-file + rbw vault pre-flight Two project hooks (deny-only, fail open): block Write/Edit of generated inventories/<env>/hosts.yml, and block git commit when the rbw vault agent is locked. Both pipe-tested across all paths. Activate with a Claude Code restart (the watcher only tracks settings.json present at session start). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-30 22:14:40 +02:00
{
"$schema": "https://json.schemastore.org/claude-code-settings.json",
Make the Claude Code toolchain reproducible (TODO 10.7) Reviewed the Claude Code config against boma's capabilities and committed a reproducible, leaner toolchain: - .claude/settings.json now declares extraKnownMarketplaces + enabledPlugins so a fresh clone prompts to install the active set: superpowers, context7, terraform (we use TF, ADR-006), claude-md-management (doc/ADR-heavy). Drops code-simplifier. - Adds a conservative, read-only/verify permissions allowlist (git status/diff/log, make lint/test/check, pytest, rbw unlocked, ls/cat/rg/find) — mutations and outward/destructive commands stay gated, consistent with ADR-002. - docs/runbooks/claude-code-setup.md: per-machine bootstrap, the deferred enable-when plugins (security-guidance/semgrep, playwright, hookify, skill-creator), rbw/venv prerequisites, and a note to keep the dangerous-mode prompt on. Closes TODO 10.7. Plugin install remains a per-machine /plugin action (no native auto-install). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-04 21:41:54 +02:00
"extraKnownMarketplaces": {
"claude-plugins-official": {
"source": { "source": "github", "repo": "anthropics/claude-plugins-official" }
}
},
"enabledPlugins": {
"superpowers@claude-plugins-official": true,
"context7@claude-plugins-official": true,
"terraform@claude-plugins-official": true,
"claude-md-management@claude-plugins-official": true
},
"permissions": {
"allow": [
"Read",
"Grep",
"Glob",
"Bash(git status:*)",
"Bash(git diff:*)",
"Bash(git log:*)",
"Bash(git show:*)",
"Bash(git branch:*)",
"Bash(make lint:*)",
"Bash(make test:*)",
"Bash(make check:*)",
"Bash(python3 -m pytest:*)",
"Bash(rbw unlocked)",
"Bash(ls:*)",
"Bash(cat:*)",
"Bash(rg:*)",
"Bash(find:*)"
]
},
Add PreToolUse guard hooks: generated-file + rbw vault pre-flight Two project hooks (deny-only, fail open): block Write/Edit of generated inventories/<env>/hosts.yml, and block git commit when the rbw vault agent is locked. Both pipe-tested across all paths. Activate with a Claude Code restart (the watcher only tracks settings.json present at session start). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-30 22:14:40 +02:00
"hooks": {
"PreToolUse": [
{
"matcher": "Write|Edit",
"hooks": [
{
"type": "command",
"command": "bash \"${CLAUDE_PROJECT_DIR:-.}/.claude/hooks/guard-generated-files.sh\"",
"timeout": 10,
"statusMessage": "Checking generated-file guard"
}
]
},
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "bash \"${CLAUDE_PROJECT_DIR:-.}/.claude/hooks/guard-vault-preflight.sh\"",
"timeout": 10,
"statusMessage": "Checking rbw vault pre-flight"
}
]
}
feat(hooks): Stop guard blocking the execution-mode menu Mechanical fix for the 4×-recurring execution-mode menu ask (kaizen 2026-06-10). A Stop hook reads the transcript and, if the final assistant message presents the "subagent-driven vs inline — which approach?" menu, blocks the turn and tells the model to proceed subagent-driven (boma's standing preference). Fails open, respects stop_hook_active (no loop), tight match signature (no false positives on meta-discussion). Pipe-tested across 5 scenarios. Activates next session (settings watcher only tracks files present at session start). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-10 12:51:46 +02:00
],
"Stop": [
{
"hooks": [
{
"type": "command",
"command": "bash \"${CLAUDE_PROJECT_DIR:-.}/.claude/hooks/guard-execution-mode-menu.sh\"",
"timeout": 10,
"statusMessage": "Checking for execution-mode menu"
}
]
}
Add PreToolUse guard hooks: generated-file + rbw vault pre-flight Two project hooks (deny-only, fail open): block Write/Edit of generated inventories/<env>/hosts.yml, and block git commit when the rbw vault agent is locked. Both pipe-tested across all paths. Activate with a Claude Code restart (the watcher only tracks settings.json present at session start). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-30 22:14:40 +02:00
]
feat(statusline): show context-window usage % in the status line Adds .claude/statusline.sh (reads context_window.used_percentage + context_window_size straight from the statusLine JSON; green<70/yellow/red bar) and wires it via .claude/settings.json statusLine. Committed in-repo so it follows boma to any clone, matching how .claude/ already tracks hooks + plugins. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-17 17:35:47 +02:00
},
"statusLine": {
"type": "command",
"command": "bash \"${CLAUDE_PROJECT_DIR:-.}/.claude/statusline.sh\"",
"padding": 0
Add PreToolUse guard hooks: generated-file + rbw vault pre-flight Two project hooks (deny-only, fail open): block Write/Edit of generated inventories/<env>/hosts.yml, and block git commit when the rbw vault agent is locked. Both pipe-tested across all paths. Activate with a Claude Code restart (the watcher only tracks settings.json present at session start). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-30 22:14:40 +02:00
}
}
Reference in a new issue Copy permalink