{
  "$schema": "https://json.schemastore.org/claude-code-settings.json",
  "permissions": {
    "allow": [
      "Bash(go *)",
      "Bash(make *)",
      "Bash(git status)",
      "Bash(git diff *)",
      "Bash(git log *)",
      "Bash(git branch *)",
      "Bash(git fetch *)",
      "Bash(git pull *)",
      "Bash(git remote -v)",
      "Bash(podman *)",
      "Bash(podman-compose *)",
      "Bash(docker *)",
      "Bash(docker-compose *)",
      "Bash(xmlstarlet *)",
      "Bash(jq *)",
      "Bash(ls *)",
      "Bash(cat *)",
      "Bash(grep *)",
      "Bash(find *)",
      "Bash(npm run *)",
      "Bash(npx *)",
      "Bash(./scripts/*)",
      "Bash(sudo dnf *)",
      "Bash(sudo rpm *)",
      "Bash(sudo tar *)",
      "Bash(sudo ln *)",
      "Bash(sudo mkdir *)",
      "Bash(sudo cp *)",
      "Bash(sudo mv *)",
      "Bash(sudo chmod *)",
      "Bash(sudo chown *)",
      "Bash(sudo systemctl *)",
      "Bash(sudo tee /etc/profile.d/*)",
      "Bash(sudo update-alternatives *)",
      "Bash(curl *)",
      "Bash(wget *)"
    ],
    "deny": [
      "Bash(rm -rf /*)",
      "Bash(rm -rf ~)",
      "Bash(rm -rf $HOME)",
      "Bash(sudo rm *)",
      "Bash(sudo dd *)",
      "Bash(sudo mkfs *)",
      "Bash(sudo passwd *)",
      "Bash(sudo userdel *)",
      "Bash(sudo usermod *)",
      "Bash(sudo visudo *)",
      "Bash(sudo su *)",
      "Bash(sudo -s)",
      "Bash(sudo -i)",
      "Bash(dd *)",
      "Bash(mkfs *)",
      "Bash(curl * | sh)",
      "Bash(curl * | bash)",
      "Bash(wget * | sh)",
      "Bash(wget * | bash)",
      "Read(/etc/cryptopro/**)",
      "Read(/var/cryptopro/**)",
      "Read(/etc/ipsec.d/**)",
      "Read(/root/**)",
      "Read(/home/admin/**)",
      "Write(/etc/**)",
      "Write(/var/**)",
      "Write(/root/**)",
      "Write(/home/admin/**)"
    ]
  }
}