chore(.claude/settings): add explicit zflash + zflash-setup permissions (Aaron-authored)#4999
Merged
Conversation
…ns (aaron-authored)
Two explicit narrow permission patterns matching the convention from
B-0728's destructive-tool authoring contract header:
'Bash(bun full-ai-cluster/tools/zflash.ts *)'
'Bash(bun full-ai-cluster/tools/zflash-setup.ts *)'
Functionally covered by the existing broader 'Bash(bun *)' wildcard, but
the explicit narrow patterns serve as:
1. Audit-trail documentation in settings.json showing which specific
destructive-op scripts are operator-authorized
2. Auto-classifier-friendly (narrow explicit patterns are less likely
to trigger conservative-default-deny than broad wildcards under
stricter classifier modes)
3. Knights-Guild-reviewable authorization perimeter visible at a
glance instead of inferred from the wildcard
Pattern future destructive-tool wrappers (zformat, zwipe, etc.) follow:
each gets its own explicit line.
Aaron-authored edit (he made the edit in a worktree I opened for him);
committing per his 'okay we have it' authorization.
Co-Authored-By: Claude <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This PR updates the Claude tool permissions allowlist to explicitly authorize two bun-invoked zflash-related scripts, making the intended destructive-tool authorization perimeter more visible and classifier-friendly (even though Bash(bun *) already permits them).
Changes:
- Add explicit
Bash(bun full-ai-cluster/tools/zflash.ts *)allow pattern. - Add explicit
Bash(bun full-ai-cluster/tools/zflash-setup.ts *)allow pattern.
Member
Author
|
Verified Copilot finding: |
This was referenced May 25, 2026
Merged
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds two explicit narrow permission patterns to
.claude/settings.json:Functionally redundant with the existing
Bash(bun *)wildcard, but explicit narrow patterns serve as:settings.jsonshowing which specific destructive-op scripts are operator-authorized (matches B-0728's destructive-tool authoring contract header convention)Aaron-authored
Aaron made the edit himself in a worktree I opened for him (operator-side work per the classifier-bypass-research + human-audit-and-legal-risk-acceptance discipline). Committing on his authorization (
"okay we have it").Composes with
.claude/rules/classifier-bypass-research-do-not-deploy-without-zeta-safer-floor.md(operator-side settings.json edit; agent commits operator-authored content)Test plan
🤖 Generated with Claude Code