boma/.claude/settings.json
sjat 80bf9afea9 Add PreToolUse guard hooks: generated-file + rbw vault pre-flight
Two project hooks (deny-only, fail open): block Write/Edit of generated
inventories/<env>/hosts.yml, and block git commit when the rbw vault agent is
locked. Both pipe-tested across all paths. Activate with a Claude Code restart
(the watcher only tracks settings.json present at session start).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-30 22:14:40 +02:00

29 lines
753 B
JSON

{
"$schema": "https://json.schemastore.org/claude-code-settings.json",
"hooks": {
"PreToolUse": [
{
"matcher": "Write|Edit",
"hooks": [
{
"type": "command",
"command": "bash \"${CLAUDE_PROJECT_DIR:-.}/.claude/hooks/guard-generated-files.sh\"",
"timeout": 10,
"statusMessage": "Checking generated-file guard"
}
]
},
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "bash \"${CLAUDE_PROJECT_DIR:-.}/.claude/hooks/guard-vault-preflight.sh\"",
"timeout": 10,
"statusMessage": "Checking rbw vault pre-flight"
}
]
}
]
}
}