cal/claude-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
claude-configs/tmp/permissions-audit.md
Cal Corum 9fd5539dc1 Sync: update plugins, settings, archive skills, add new sessions and marketplaces 
- plugins: update installed_plugins, known_marketplaces, install-counts-cache, blocklist; add agent-toolkit and cal-claude-plugins marketplaces
- settings.json: significant config changes (129 insertions, -129 deletions net)
- CLAUDE.md: minor update
- skills: remove json-pretty and save-doc (archived to _archive/save-doc)
- sessions: remove 2 old sessions, add 4 new sessions
- add command-permissions.json, permission-audit.jsonl, tmp/permissions-audit.md
2026-03-20 02:00:59 -05:00

157 lines
6.1 KiB
Markdown
Raw Permalink Blame History

# Claude Code Permissions Audit
**Date:** 2026-03-18
**Purpose:** Document current state before migrating to permission-manager plugin
## Current Approach
Flat allow/deny lists in `~/.claude/settings.json` with ~100+ individual entries.
No cmd-gate hook patterns. Bash is fully open.
---
## Allow-list: Tool Permissions
### Fully open (wildcard)
| Permission | Notes |
|---|---|
| `Bash` | No restrictions on any Bash command |
| `Read(*)` | All files |
| `Glob(*)`, `Grep(*)`, `LS(*)` | All search/list |
| `WebFetch(domain:*)` | All web domains |
| `WebSearch` | Unrestricted |
| `TodoWrite(*)`, `Task(*)` | All task operations |
| `Skill(*)`, `SlashCommand(*)` | All skills |
| `NotebookRead(*)`, `NotebookEdit(*)` | All notebooks |
| `MultiEdit(*)`, `ExitPlanMode(*)` | Unrestricted |
### MCP servers (full access)
| Permission | Server |
|---|---|
| `mcp__n8n-mcp__*` | n8n workflow automation |
| `mcp__gitea-mcp__*` | Gitea git hosting |
| `mcp__tui-driver__*` | TUI automation |
| `mcp__cognitive-memory__*` | Cognitive memory (DECOMMISSIONED) |
| `mcp__memorygraph__*` | Memory graph (DECOMMISSIONED) |
### MCP servers (specific tools)
| Permission | Notes |
|---|---|
| `mcp__notion__API-retrieve-a-page` | Read-only Notion |
| `mcp__notion__API-get-block-children` | Read-only Notion |
| `mcp__notion__API-post-database-query` | Read-only Notion |
| `mcp__notediscovery__get_notes_by_tag` | Note discovery |
| `mcp__docker-mcp-gateway__mcp-find` | Docker MCP gateway |
| `mcp__docker-mcp-gateway__mcp-config-set` | Docker MCP gateway |
| `mcp__docker-mcp-gateway__mcp-add` | Docker MCP gateway |
| `mcp__docker-mcp-gateway__mcp-exec` | Docker MCP gateway |
### Specific Bash commands
These were added before `Bash` was opened fully — now redundant:
- `Bash(git add:*)`
- `Bash(sudo systemctl status:*)`, `Bash(sudo journalctl:*)`
- `Bash(ping:*)`, `Bash(mkdir:*)`
- `Bash(podman exec tdarr-node-gpu ls:*)`, `Bash(podman exec tdarr-node-gpu tail:*)`
- `Bash(podman exec tdarr-node-gpu-unmapped ls:*)`, `Bash(podman exec tdarr-node-gpu-unmapped find:*)`
- `Bash(ssh tdarr "docker inspect":*)`
- `Bash(podman logs:*)`, `Bash(sudo podman logs:*)`, `Bash(sudo podman ps:*)`
### Specific WebFetch domains
All redundant given `WebFetch(domain:*)` wildcard:
- github.com, docs.tdarr.io, superuser.com, docs.podman.io
- platform.openai.com, docs.n8n.io, help.ko-fi.com, n8n.io
- custom-system-builder.gitlab.io, foundryvtt.com, 10.10.0.174
- docs.openclaw.ai, pve.proxmox.com, git.manticorum.com
- developers.cloudflare.com, uptime-kuma-api.readthedocs.io
- www.enworld.org, 2minutetabletop.com, www.forgotten-adventures.net
- www.doodlesanddragons.com, www.drivethrurpg.com, forums.rptools.net
- www.fantasygrounds.com, gmkeros.wordpress.com, inkwellideas.com
- itch.io, opengameart.org, store.paizo.com
- forum.gitea.com, docs.gitea.com, gitea.com, about.gitea.com
- docs.anthropic.com, raw.githubusercontent.com, ra-h.app, ollama.com
- community.teamspeak.com, docs.docker.com, forums.docker.com
### Specific Skills
- `Skill(youtube-transcriber)`, `Skill(proxmox)`, `Skill(mcp-manager)`, `Skill(notediscovery)`
- All redundant given `Skill(*)`
### Specific Read paths
- `Read(//home/cal/.claude/**)` — redundant given `Read(*)`
- `Read(//home/cal/.local/share/Steam/userdata/32759396/1144200/**)` — Ready or Not save data
---
## Deny-list
### Destructive disk operations (macOS — NOT APPLICABLE on Linux)
- `diskutil partitionDisk`, `eraseDisk`, `eraseVolume`, `reformat`, `zeroDisk`
- `diskutil appleRAID`, `randomDisk`, `coreStorage`, `cs`
- `diskutil disableJournal`, `resetFusion`, `disableOwnership`
- `diskutil apfs deleteContainer`, `eraseVolume`, `decryptVolume`
- `diskutil apfs changePassphrase`, `deleteVolume`, `deleteVolumeGroup`, `deleteSnapshot`
### Destructive Linux operations (KEEP)
- `rm -rf /`, `rm -rf /*`, `rm -rf ~`, `rm -rf $HOME`
- `rm -rf $PAI_HOME`, `rm -rf $PAI_DIR`
- `sudo rm -rf /`, `sudo rm -rf /*`
- `fork bomb`
- `dd if=/dev/zero of=/dev/sda`
- `mkfs.ext4 /dev/sda`
---
## Hooks
| Event | Matcher | Script | Status |
|---|---|---|---|
| PostToolUse | `Edit\|Write\|MultiEdit` | `~/.claude/hooks/format-code.sh` | Active |
| SubagentStop | (all) | `~/.claude/hooks/notify-subagent-done.sh` | Active |
| SessionEnd | (all) | `/mnt/NV2/Development/cognitive-memory/scripts/session_memory.py` | **REMOVE** (decommissioned) |
---
## Plugins
| Plugin | Source | Status |
|---|---|---|
| `permission-manager@agent-toolkit` | St0nefish/agent-toolkit | Installed, cmd-gate has no custom patterns |
| `session@agent-toolkit` | St0nefish/agent-toolkit | Installed |
| `format-on-save@agent-toolkit` | St0nefish/agent-toolkit | Installed (overlaps PostToolUse hook) |
| `playground@claude-plugins-official` | Official | Active |
| `claude-code-setup@claude-plugins-official` | Official | Active |
| `frontend-design@claude-plugins-official` | Official | Active |
| `rust-analyzer-lsp@claude-plugins-official` | Official | Active |
| `pyright-lsp@claude-plugins-official` | Official | Active |
---
## Additional Directories
- `/home/cal/.config/steamtinkerlaunch/`
- `/mnt/NV2/SteamLibrary/`
---
## Migration Recommendations
### Cleanup (do first)
1. Remove all `diskutil` deny entries — not on macOS
2. Remove all specific `Bash(...)` entries — redundant with `Bash` wildcard
3. Remove all specific `WebFetch(domain:...)` entries — redundant with `domain:*`
4. Remove all specific `Skill(...)` entries — redundant with `Skill(*)`
5. Remove specific `Read(...)` entries — redundant with `Read(*)`
6. Remove `mcp__cognitive-memory__*` and all individual cognitive-memory entries
7. Remove `mcp__memorygraph__*`
8. Remove `mcp__notediscovery__get_notes_by_tag` and `Skill(notediscovery)`
9. Remove `mcp__docker-mcp-gateway__*` if not actively used
10. Remove `SessionEnd` cognitive-memory hook
### Migration to cmd-gate (do second)
1. Remove `Bash` wildcard from allow-list
2. Define cmd-gate custom patterns for common safe operations
3. Replace `WebFetch(domain:*)` with explicit domain groups
4. Test workflow to ensure nothing breaks
### Hook deduplication
- `format-on-save@agent-toolkit` may overlap with existing `PostToolUse(Edit|Write|MultiEdit)``format-code.sh` hook — pick one
Reference in New Issue View Git Blame Copy Permalink