Merge pull request #3332 from AtCoder-NoviSteps/#3331

chore: add sandbox and permission restrictions to Claude Code settings

Author: KATO-Hiro

.claude/settings.json

@@ -1,4 +1,26 @@
 {
+  "sandbox": {
+    "enabled": true,
+    "allowUnsandboxedCommands": false,
+    "filesystem": {
+      "denyRead": ["~/.ssh"]
+    }
+  },
+  "permissions": {
+    "deny": [
+      "Bash(rm -rf *)",
+      "Bash(curl *)",
+      "Bash(wget *)",
+      "Bash(git push *)",
+      "Bash(chmod 777 *)",
+      "Read(**/.env)",
+      "Read(**/.env.*)",
+      "Read(**/secrets/**)",
+      "Read(**/config/credentials.json)",
+      "Read(**/*.pem)",
+      "Read(**/*.key)"
+    ]
+  },
   "enabledPlugins": {
     "superpowers@superpowers-dev": true
   },