boma/docs/runbooks
sjat abb5c7a12f Make the Claude Code toolchain reproducible (TODO 10.7)
Reviewed the Claude Code config against boma's capabilities and committed a
reproducible, leaner toolchain:

- .claude/settings.json now declares extraKnownMarketplaces + enabledPlugins so a
  fresh clone prompts to install the active set: superpowers, context7, terraform
  (we use TF, ADR-006), claude-md-management (doc/ADR-heavy). Drops code-simplifier.
- Adds a conservative, read-only/verify permissions allowlist (git status/diff/log,
  make lint/test/check, pytest, rbw unlocked, ls/cat/rg/find) — mutations and
  outward/destructive commands stay gated, consistent with ADR-002.
- docs/runbooks/claude-code-setup.md: per-machine bootstrap, the deferred
  enable-when plugins (security-guidance/semgrep, playwright, hookify, skill-creator),
  rbw/venv prerequisites, and a note to keep the dangerous-mode prompt on.

Closes TODO 10.7. Plugin install remains a per-machine /plugin action (no native
auto-install).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-04 21:41:54 +02:00
..
claude-code-setup.md Make the Claude Code toolchain reproducible (TODO 10.7) 2026-06-04 21:41:54 +02:00
new-host.md Purge residual .vault_pass references (review R1-R5) 2026-05-30 19:17:25 +02:00
new-role.md Add per-service SECURITY.md convention; one role per service 2026-06-04 16:09:33 +02:00
rotate-secrets.md Source vault password from Vaultwarden via rbw; nest vault structure 2026-05-30 18:16:35 +02:00