From 7fff1f2a3bf3043525056fae1bc7064c3a1bea02 Mon Sep 17 00:00:00 2001 From: Claude Date: Sat, 30 May 2026 22:46:30 +0000 Subject: [PATCH] chore(config): add read-only Claude Code settings allowlist + refresh STATE.a2ml metadata MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Config update (no compiler/behaviour impact). .claude/settings.json (new): project-scoped permission allowlist of strictly read-only operations to cut permission prompts in repo sessions — Read/Glob/ Grep, read-only git (status/log/diff/branch/fetch/show/rev-parse/ls-files/ ls-tree/merge-base/remote -v), read-only shell (ls/cat/grep/wc/find/head/tail), the three read-only tools/check-*.sh guard scripts, and read-only GitHub MCP tools (issue_read/pull_request_read/list_*/get_*/search_*). Mutating operations (git push/commit/merge, Write/Edit, deletes) deliberately omitted — they keep prompting. No arbitrary-exec patterns (python3 -c / bash -n excluded). STATE.a2ml: refresh stale [metadata] header — version 0.1.0 → 0.1.1 (matches dune-project), last-updated 2026-05-23 → 2026-05-30. Content already current (DOC-16/17 session-note landed via #475); DOC-05 mirror keys preserved so the doc-truthing guard stays green. https://claude.ai/code/session_01E3R1oZhGUKfTYeTSVJVTcn --- .claude/settings.json | 59 ++++++++++++++++++++++++++++++++ .machine_readable/6a2/STATE.a2ml | 4 +-- 2 files changed, 61 insertions(+), 2 deletions(-) create mode 100644 .claude/settings.json diff --git a/.claude/settings.json b/.claude/settings.json new file mode 100644 index 00000000..e62980f1 --- /dev/null +++ b/.claude/settings.json @@ -0,0 +1,59 @@ +{ + "$schema": "https://json.schemastore.org/claude-code-settings.json", + "permissions": { + "allow": [ + "Read", + "Glob", + "Grep", + + "Bash(git status:*)", + "Bash(git log:*)", + "Bash(git diff:*)", + "Bash(git branch:*)", + "Bash(git fetch:*)", + "Bash(git show:*)", + "Bash(git rev-parse:*)", + "Bash(git ls-files:*)", + "Bash(git ls-tree:*)", + "Bash(git merge-base:*)", + "Bash(git remote -v)", + + "Bash(ls:*)", + "Bash(cat:*)", + "Bash(grep:*)", + "Bash(wc:*)", + "Bash(find:*)", + "Bash(head:*)", + "Bash(tail:*)", + + "Bash(./tools/check-no-extension-ts.sh)", + "Bash(./tools/check-doc-truthing.sh)", + + "mcp__github__get_me", + "mcp__github__get_commit", + "mcp__github__get_file_contents", + "mcp__github__get_latest_release", + "mcp__github__get_release_by_tag", + "mcp__github__get_tag", + "mcp__github__get_label", + "mcp__github__get_teams", + "mcp__github__get_team_members", + "mcp__github__issue_read", + "mcp__github__pull_request_read", + "mcp__github__list_branches", + "mcp__github__list_commits", + "mcp__github__list_issues", + "mcp__github__list_issue_types", + "mcp__github__list_pull_requests", + "mcp__github__list_releases", + "mcp__github__list_tags", + "mcp__github__list_repository_collaborators", + "mcp__github__search_code", + "mcp__github__search_commits", + "mcp__github__search_issues", + "mcp__github__search_pull_requests", + "mcp__github__search_repositories", + "mcp__github__search_users" + ] + } +} diff --git a/.machine_readable/6a2/STATE.a2ml b/.machine_readable/6a2/STATE.a2ml index 242235fb..d93170e2 100644 --- a/.machine_readable/6a2/STATE.a2ml +++ b/.machine_readable/6a2/STATE.a2ml @@ -3,8 +3,8 @@ [metadata] project = "affinescript" -version = "0.1.0" -last-updated = "2026-05-23" +version = "0.1.1" +last-updated = "2026-05-30" status = "active" authoritative-status-doc = "docs/CAPABILITY-MATRIX.adoc" drift-flag = "STALE as of 2026-05-23 PM: this file's [components]/[features]/[project-context] still predate landed PRs since 2026-05-19. It MIRRORS, it does not LEAD. Authoritative sources by topic — readiness: docs/CAPABILITY-MATRIX.adoc; spine + AS↔typed-wasm contract: docs/ECOSYSTEM.adoc; coordination ledger / critical path: docs/TECH-DEBT.adoc; test taxonomy + PR-level gates: docs/standards/TESTING.adoc (added 2026-05-23); panic-attack SOP: docs/standards/PANIC-ATTACK.adoc (added 2026-05-23). Gate baseline: CAPABILITY-MATRIX records 260/260 at 2026-05-19 reconstruction; subsequent borrow-checker work has lifted it (#240 → 263, return-escape → 271/274, &mut surface → 278/281). The exact live number for any given commit comes from `dune runtest --force` — do not hard-code it here. (DOC-05, issue #176.)"