npm - @torka/claude-qol - Versions diffs - 0.1.0 - Mend

@torka/claude-qol 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/.claude-plugin/plugin.json +6 -0
package/LICENSE +21 -0
package/README.md +266 -0
package/commands/optimize-auto-approve-hook.md +406 -0
package/examples/settings.local.example.json +65 -0
package/hooks/auto_approve_safe.py +261 -0
package/hooks/auto_approve_safe.rules.json +135 -0
package/install.js +187 -0
package/package.json +34 -0
package/scripts/context-monitor.py +175 -0
package/uninstall.js +167 -0

package/.claude-plugin/plugin.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "name": "@torka/claude-qol",
+  "version": "0.1.0",
+  "description": "Claude Code quality-of-life improvements: auto-approve hooks and context monitoring",
+  "type": "hooks"
+}

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2024 Varun Torka
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,266 @@
+# @torka/claude-qol
+Claude Code quality-of-life improvements: auto-approve hooks, context monitoring, and workflow optimization.
+## Features
+| Feature | Description |
+|---------|-------------|
+| **Auto-Approve Hook** | Intelligent command auto-approval for solo dev workflows |
+| **Context Monitor** | Real-time context usage status line with visual indicators |
+| **Auto-Format Hook** | Run linters/formatters automatically after file edits |
+| **Completion Notifications** | Desktop notifications + sound when tasks complete |
+| **Optimize Command** | Analyze auto-approve decisions and refine rules |
+## Installation
+### Project-level (recommended)
+```bash
+npm install --save-dev @torka/claude-qol
+```
+### Global
+```bash
+npm install -g @torka/claude-qol
+```
+The installer automatically copies files to your `.claude/` directory:
+- **Project-level**: Files go to `<project>/.claude/`
+- **Global**: Files go to `~/.claude/`
+## Post-Installation Setup
+### 1. Configure Auto-Approve Hook (recommended)
+Add to your `.claude/settings.local.json`:
+```json
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash|Read|Grep|Glob|Write|Edit|MultiEdit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "python3 .claude/scripts/auto_approve_safe.py"
+          }
+        ]
+      }
+    ]
+  }
+}
+```
+### 2. Configure Status Line (optional)
+Add to your `.claude/settings.local.json`:
+```json
+{
+  "statusLine": {
+    "type": "command",
+    "command": "python3 .claude/scripts/context-monitor.py"
+  }
+}
+```
+This shows a real-time context usage bar with percentage and warnings.
+### 3. Auto-Format on Edit (optional)
+Auto-run linters and formatters after file edits:
+```json
+{
+  "hooks": {
+    "PostToolUse": [
+      {
+        "matcher": "Edit|MultiEdit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "if [[ \"$CLAUDE_TOOL_FILE_PATH\" == *.js || \"$CLAUDE_TOOL_FILE_PATH\" == *.ts || \"$CLAUDE_TOOL_FILE_PATH\" == *.jsx || \"$CLAUDE_TOOL_FILE_PATH\" == *.tsx ]]; then npx eslint \"$CLAUDE_TOOL_FILE_PATH\" --fix 2>/dev/null || true; elif [[ \"$CLAUDE_TOOL_FILE_PATH\" == *.py ]]; then pylint \"$CLAUDE_TOOL_FILE_PATH\" 2>/dev/null || true; fi"
+          },
+          {
+            "type": "command",
+            "command": "if [[ \"$CLAUDE_TOOL_FILE_PATH\" == *.js || \"$CLAUDE_TOOL_FILE_PATH\" == *.ts || \"$CLAUDE_TOOL_FILE_PATH\" == *.jsx || \"$CLAUDE_TOOL_FILE_PATH\" == *.tsx || \"$CLAUDE_TOOL_FILE_PATH\" == *.json || \"$CLAUDE_TOOL_FILE_PATH\" == *.css || \"$CLAUDE_TOOL_FILE_PATH\" == *.html ]]; then npx prettier --write \"$CLAUDE_TOOL_FILE_PATH\" 2>/dev/null || true; elif [[ \"$CLAUDE_TOOL_FILE_PATH\" == *.py ]]; then black \"$CLAUDE_TOOL_FILE_PATH\" 2>/dev/null || true; elif [[ \"$CLAUDE_TOOL_FILE_PATH\" == *.go ]]; then gofmt -w \"$CLAUDE_TOOL_FILE_PATH\" 2>/dev/null || true; fi"
+          }
+        ]
+      }
+    ]
+  }
+}
+```
+**Supported languages:**
+- JavaScript/TypeScript: ESLint + Prettier
+- Python: Pylint + Black
+- Go: gofmt
+- Rust: rustfmt
+- PHP: php-cs-fixer
+### 4. Completion Notifications (optional)
+Get notified when Claude Code finishes a task:
+```json
+{
+  "hooks": {
+    "Stop": [
+      {
+        "matcher": "*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "if command -v osascript >/dev/null 2>&1; then osascript -e 'display notification \"Tool: Operation completed\" with title \"Claude Code\"'; elif command -v notify-send >/dev/null 2>&1; then notify-send 'Claude Code' \"Tool: $CLAUDE_TOOL_NAME completed\"; fi"
+          },
+          {
+            "type": "command",
+            "command": "afplay /System/Library/Sounds/Glass.aiff"
+          }
+        ]
+      }
+    ]
+  }
+}
+```
+**Platform support:**
+- macOS: Native notifications via `osascript` + sound via `afplay`
+- Linux: Desktop notifications via `notify-send`
+## Components
+### Auto-Approve Hook
+PreToolUse hook that intelligently auto-approves safe commands:
+**Allowed by default:**
+- Read-only commands (`ls`, `cat`, `head`, `tail`, `tree`)
+- Git read operations (`git status`, `git diff`, `git log`, `git branch`)
+- Development commands (`npm test`, `npm run build`, `pnpm test`, `pytest`)
+- Search tools (`grep`, `rg`, `find`, `fd`, `jq`)
+- File system operations (`mkdir`, `touch`, `cp`, `mv`)
+- Git write operations (`git add`, `git commit`, `git push`)
+- GitHub CLI (`gh pr`, `gh issue`, `gh repo`)
+**Denied automatically:**
+- Dangerous commands (`sudo`, `rm -rf`, `mkfs`, `shutdown`)
+- System modifications (`chmod 777`, `chown :* /`)
+- Pipe to shell (`curl | bash`, `wget | sh`)
+- Fork bombs and kill commands
+**Prompted (normal permission system):**
+- Everything else defers to Claude Code's built-in permissions
+#### Customizing Rules
+Edit `.claude/scripts/auto_approve_safe.rules.json`:
+```json
+{
+  "allow_patterns": [
+    "^your-custom-safe-command"
+  ],
+  "deny_patterns": [
+    "^your-dangerous-command"
+  ],
+  "sensitive_paths": [
+    "\\.secret$"
+  ]
+}
+```
+### Context Monitor
+Status line script showing:
+- Current model name (e.g., `[Claude Opus 4]`)
+- Working directory
+- Git branch with visual indicator
+- Context usage bar with percentage
+- Color-coded warnings:
+  - 🟢 Green: < 50% usage
+  - 🟡 Yellow: 50-75% usage
+  - 🟠 Light red: 75-90% usage
+  - 🔴 Red: 90-95% usage
+  - 🔴 Blinking: > 95% usage (CRITICAL)
+### Optimize Command
+Run `/optimize-auto-approve-hook` to:
+1. Analyze the decision log (`.claude/auto_approve_safe.decisions.jsonl`)
+2. Validate existing ALLOW rules aren't too permissive
+3. Identify frequently-asked commands that could be safely auto-allowed
+4. Check for overly broad DENY patterns causing false positives
+5. Generate new regex patterns for safe commands
+6. Clean up and archive the decision log
+## Decision Logging
+When `ENABLE_DECISION_LOG = True` (default), the hook logs all decisions to:
+```
+.claude/auto_approve_safe.decisions.jsonl
+```
+Each entry includes:
+- Timestamp
+- Tool name
+- Decision (allow/deny/ask)
+- Reason for decision
+- Input summary
+Use `/optimize-auto-approve-hook` to analyze this log and improve your rules.
+## File Structure
+After installation, files are placed in:
+```
+.claude/
+├── scripts/
+│   ├── auto_approve_safe.py
+│   ├── auto_approve_safe.rules.json
+│   └── context-monitor.py
+└── commands/
+    └── optimize-auto-approve-hook.md
+```
+## Uninstallation
+```bash
+npm uninstall @torka/claude-qol
+```
+**Manual cleanup** (if files remain after uninstall):
+```bash
+rm -f .claude/scripts/auto_approve_safe.py \
+      .claude/scripts/auto_approve_safe.rules.json \
+      .claude/scripts/context-monitor.py \
+      .claude/commands/optimize-auto-approve-hook.md
+```
+**Note**: Your `settings.local.json` is not modified—you may want to manually remove hook/statusLine configurations.
+## Contributing
+1. Fork the repository
+2. Create a feature branch
+3. Make your changes
+4. Submit a pull request
+## License
+MIT License - see [LICENSE](LICENSE) for details.
+## Author
+Varun Torka
+## Links
+- [Claude Code Documentation](https://code.claude.com/docs)
+- [npm Package](https://www.npmjs.com/package/@torka/claude-qol)

package/commands/optimize-auto-approve-hook.md ADDED Viewed

@@ -0,0 +1,406 @@
+---
+description: 'Analyze auto-approve decisions to identify safe patterns for auto-allowing and validate existing rules'
+---
+# Auto-Approve Hook Optimizer
+You are a security-conscious CLI analyst. Analyze the auto-approve decision log to identify patterns that can be safely auto-allowed, validate existing rules, and maintain the log file.
+## Overview
+This command performs a comprehensive analysis of the auto-approve hook's decision log to:
+1. Validate that existing ALLOW rules aren't too permissive
+2. Identify frequently asked commands that could be safely auto-allowed
+3. Check for overly broad DENY patterns causing false positives
+4. Clean up the decision log after analysis
+## Files Involved
+| File | Purpose |
+|------|---------|
+| `.claude/auto_approve_safe.decisions.jsonl` | Decision log (read, then archive/clear) |
+| `.claude/scripts/auto_approve_safe.rules.json` | Rules config (read, then edit) |
+| `.claude/auto_approve_safe.decisions.archived.jsonl` | Archive file (create/append) |
+---
+## Workflow Phases
+<steps>
+### Phase 0: Pre-flight Checks
+1. **Read the decision log** at `.claude/auto_approve_safe.decisions.jsonl`
+   - If missing or empty: Stop with message "No decision log found. Run some operations first to generate decisions."
+2. **Read the rules file** at `.claude/scripts/auto_approve_safe.rules.json`
+   - If missing: Warn but continue (will create recommendations only)
+3. **Display summary to user:**
+   ```
+   Decision Log Summary
+   ====================
+   Total entries: {count}
+   Date range: {earliest} to {latest}
+   By decision type:
+   - ALLOW: {count} ({percentage}%)
+   - DENY:  {count} ({percentage}%)
+   - ASK:   {count} ({percentage}%)
+   By tool:
+   - Bash:  {count}
+   - Read:  {count}
+   - Write: {count}
+   - Edit:  {count}
+   - Other: {count}
+   ```
+### Phase 1: Parse and Categorize
+Parse all JSONL entries and group by decision type:
+**For Bash commands:**
+- Extract the `command` field from `input`
+- Normalize: collapse whitespace, extract base command and flags
+- Group similar commands (e.g., all `npm run *` together)
+**For File operations (Read/Write/Edit):**
+- Extract the `file_path` field from `input`
+- Identify path patterns (e.g., `src/**/*.ts`, `docs/*.md`)
+- Group by directory structure
+**Create internal data structures:**
+```
+allow_entries: [{ts, tool, input, reason}]
+deny_entries:  [{ts, tool, input, reason}]
+ask_entries:   [{ts, tool, input, reason}]
+```
+### Phase 2: Analyze ALLOW Decisions (Validate Safety)
+Review all ALLOW decisions and flag potentially unsafe patterns:
+| Red Flag | Detection Logic | Severity |
+|----------|-----------------|----------|
+| Outside project dir | Path contains `..` or absolute path not under cwd | HIGH |
+| Arbitrary code exec | `eval`, `exec`, backticks without known safe args | HIGH |
+| Network with dynamic URL | `curl`/`wget` with variable/constructed URLs | MEDIUM |
+| Dangerous flags | `--force`, `-f`, `--no-verify`, `--hard` | MEDIUM |
+| Recursive delete | `rm -r` or `rm -rf` (should be deny) | HIGH |
+| Pipe to shell | `| bash`, `| sh`, `| zsh` | HIGH |
+**Output format:**
+```
+POTENTIAL UNSAFE ALLOWS
+=======================
+[HIGH] Command: rm -rf node_modules
+       Reason: Matched "Matches safe allowlist" but contains recursive delete
+       Recommendation: Add to deny_patterns or remove from allow_patterns
+[MEDIUM] Command: curl https://example.com/script.sh
+         Reason: Network command allowed but URL could vary
+         Recommendation: Review if URL should be restricted
+```
+### Phase 3: Analyze DENY Decisions (Check for False Positives)
+Identify overly broad deny patterns that might block safe operations:
+**Look for:**
+- Non-recursive `rm` blocked by recursive pattern (e.g., `rm file.txt` blocked by `rm.*-rf`)
+- Safe paths incorrectly matching `sensitive_paths` (e.g., `src/utils/tokenizer.ts` matching `token`)
+- Common dev commands that should be allowed (e.g., `npm run build` blocked)
+**Output format:**
+```
+POTENTIAL FALSE POSITIVES
+=========================
+[ ] Pattern: "\\brm\\s+.*(-r|-rf)" may be too broad
+    Blocked: rm file.txt (no -r flag)
+    Suggestion: Use "\\brm\\s+.*\\s+(-r|-rf|--recursive)\\b" instead
+[ ] Pattern: "\\btoken" in sensitive_paths
+    Blocked: src/utils/tokenizer.ts
+    Suggestion: Use "\\btoken(?!izer)" or "\\btokens?\\b"
+```
+### Phase 4: Analyze ASK Decisions (Auto-Allow Candidates)
+**This is the most valuable optimization phase.**
+Identify commands that were asked repeatedly and could be safely auto-allowed.
+**Criteria for safe auto-allow:**
+| Criterion | Threshold | Rationale |
+|-----------|-----------|-----------|
+| Frequency | 3+ occurrences | Indicates common workflow |
+| Containment | All paths within project | No system-wide impact |
+| Predictable scope | No shell expansion, no `*` in dangerous positions | Bounded behavior |
+| Reversibility | File ops can be undone, commands are read-only or local | Low risk |
+| No dangerous flags | No `--force`, `-f` unless safe context | Explicit caution |
+**Process each unique ASK pattern:**
+1. Count occurrences
+2. Check all criteria
+3. If all pass, generate a specific regex pattern
+4. Include sample commands that would match
+**Pattern Generation Heuristics:**
+| Observed Pattern | Generated Regex | Notes |
+|-----------------|-----------------|-------|
+| `npx tsx script.ts` | `^npx\\s+tsx\\s+[^\\|;&]+$` | No pipes or chains |
+| `npm run custom-script` | `^npm\\s+run\\s+[\\w-]+$` | Word chars and hyphen only |
+| `cat package.json` | Already covered by existing rules | Skip |
+| `rm file.txt` (non-recursive) | `^rm\\s+(?!.*(-r\\|-rf))\\S+$` | Negative lookahead for -r |
+**Output format:**
+```
+AUTO-ALLOW CANDIDATES
+=====================
+[ ] 1. Pattern: "^npx\\s+tsx\\s+[^|;&]+$"
+       Matches: npx tsx script.ts, npx tsx src/test.ts
+       Occurrences: 4
+       Safety: All within project, no shell operators
+[ ] 2. Pattern: "^python3?\\s+[\\w/.-]+\\.py$"
+       Matches: python script.py, python3 src/tools/gen.py
+       Occurrences: 3
+       Safety: Simple script execution, no args could be dangerous
+```
+### Phase 5: Present Consolidated Recommendations
+Display a structured summary of all recommendations:
+```
+==============================================
+AUTO-APPROVE HOOK OPTIMIZATION RECOMMENDATIONS
+==============================================
+ALLOW PATTERNS TO ADD:
+[ ] 1. "^npx\\s+tsx\\s+[^|;&]+$"
+       Sample: npx tsx script.ts (4 occurrences)
+[ ] 2. "^python3?\\s+[\\w/.-]+\\.py$"
+       Sample: python script.py (3 occurrences)
+DENY PATTERNS TO FIX:
+[ ] 1. Current: "\\brm\\s+.*(-r|-rf)"
+       Replace: "\\brm\\s+.*\\s+(-r|-rf|--recursive)\\b"
+       Reason: Current pattern matches non-recursive rm
+SENSITIVE PATHS TO ADD:
+[ ] None identified
+WARNINGS (Manual Review Needed):
+! 2 potentially unsafe ALLOW decisions detected
+  See Phase 2 output for details
+```
+### Phase 6: User Confirmation
+Use `AskUserQuestion` tool with `multiSelect: true` to let user select changes:
+**Question 1: Pattern Selection**
+```
+header: "Patterns"
+question: "Which patterns would you like to add to the allow list?"
+options:
+  - label: "All recommended patterns"
+    description: "Add all {N} patterns identified as safe"
+  - label: "Select individually"
+    description: "Review and select patterns one by one"
+  - label: "None"
+    description: "Skip pattern changes"
+```
+If "Select individually" chosen, ask about each pattern.
+**Question 2: Log Cleanup**
+```
+header: "Log cleanup"
+question: "How should the decision log be handled after analysis?"
+options:
+  - label: "Archive"
+    description: "Move entries to .archived.jsonl file, clear active log"
+  - label: "Delete"
+    description: "Remove log file entirely (hook will recreate)"
+  - label: "Keep"
+    description: "Leave log unchanged for future analysis"
+```
+### Phase 7: Apply Changes
+Based on user selections:
+1. **Read current rules JSON** (if it exists)
+2. **For each approved pattern to add:**
+   - Append to the appropriate array (`allow_patterns`, `deny_patterns`, or `sensitive_paths`)
+   - Validate the regex is syntactically correct before adding
+3. **For each pattern to fix:**
+   - Find and replace the old pattern with the new one
+   - Verify the replacement was made
+4. **Write the updated JSON file**
+   - Use proper JSON formatting (2-space indent)
+   - Preserve comments if any (though JSON doesn't support them)
+5. **Validate the written file:**
+   - Read it back
+   - Parse as JSON to ensure validity
+   - If invalid, restore from backup and report error
+### Phase 8: Decision Log Cleanup
+Based on user's cleanup selection:
+**Archive:**
+```bash
+# Append current entries to archive
+cat .claude/auto_approve_safe.decisions.jsonl >> .claude/auto_approve_safe.decisions.archived.jsonl
+# Clear active log
+echo "" > .claude/auto_approve_safe.decisions.jsonl
+```
+**Delete:**
+```bash
+rm .claude/auto_approve_safe.decisions.jsonl
+# Hook will recreate on next decision
+```
+**Keep:**
+- No action taken
+- Log remains for future analysis
+### Phase 9: Summary Report
+Display final summary:
+```
+=================================
+AUTO-APPROVE OPTIMIZATION COMPLETE
+=================================
+Changes Applied:
+- Added {N} new allow patterns
+- Fixed {N} deny patterns
+- Added {N} sensitive paths
+Log Cleanup:
+- Action: {Archive|Delete|Keep}
+- Entries processed: {count}
+- Archive location: .claude/auto_approve_safe.decisions.archived.jsonl
+To Revert Changes:
+  git checkout .claude/scripts/auto_approve_safe.rules.json
+Next Steps:
+- Test the new patterns by running common commands
+- Re-run /optimize-auto-approve-hook after more usage data
+```
+</steps>
+---
+## Safety Rules
+**CRITICAL - These rules must NEVER be violated:**
+1. **NEVER auto-apply changes** - Always require explicit user confirmation via AskUserQuestion
+2. **NEVER remove deny patterns** without explicit warning that this could allow dangerous commands
+3. **NEVER add patterns that match outside the project directory**
+4. **Validate all regex patterns** before writing to ensure they're syntactically correct
+5. **Prefer specific patterns** over broad ones (e.g., `^npm run build$` over `^npm run .*$`)
+6. **Always provide revert instructions** so user can undo changes easily
+7. **Back up before modifying** - Read the file content before editing so it can be restored if needed
+---
+## Regex Pattern Guidelines
+When generating regex patterns for `allow_patterns`:
+| Goal | Pattern Technique | Example |
+|------|-------------------|---------|
+| Match exact command | Anchors `^...$` | `^npm run build$` |
+| Allow arguments | Character class `[^|;&]+` | `^npx tsx [^|;&]+$` |
+| Word boundary | `\\b` | `\\bgit\\b` prevents matching `digit` |
+| Exclude dangerous | Negative lookahead `(?!...)` | `^rm (?!.*-rf)` |
+| Optional spaces | `\\s+` or `\\s*` | `^npm\\s+run` |
+| Filename only | `[\\w.-]+` | `^cat [\\w.-]+$` |
+| Path characters | `[\\w/.@-]+` | `^cat [\\w/.@-]+$` |
+**Escape requirements in JSON:**
+- Single backslash in regex → double backslash in JSON string
+- `\s` → `\\s`
+- `\b` → `\\b`
+---
+## Error Handling
+| Scenario | Action |
+|----------|--------|
+| Decision log missing | Stop with helpful message |
+| Rules file missing | Continue with recommendations only |
+| Invalid JSON in rules | Report error, do not modify |
+| Regex syntax error | Skip that pattern, warn user |
+| Write permission denied | Report error with chmod suggestion |
+| Archive file locked | Report error, suggest manual cleanup |
+---
+## Example Session
+```
+User: /optimize-auto-approve-hook
+Claude: Analyzing auto-approve decision log...
+Decision Log Summary
+====================
+Total entries: 153
+Date range: 2026-01-15 to 2026-01-16
+By decision type:
+- ALLOW: 142 (92.8%)
+- DENY:  3 (2.0%)
+- ASK:   8 (5.2%)
+[Phase 2-4 analysis output...]
+AUTO-APPROVE HOOK OPTIMIZATION RECOMMENDATIONS
+==============================================
+ALLOW PATTERNS TO ADD:
+[1] "^npx\\s+tsx\\s+[^|;&]+$"
+    Sample: npx tsx _bmad-output/tmp/generate-theme.ts (4 occurrences)
+[Question] Which patterns would you like to add?
+> All recommended patterns
+[Question] How should the decision log be handled?
+> Archive
+Applying changes...
+AUTO-APPROVE OPTIMIZATION COMPLETE
+==================================
+Changes Applied:
+- Added 1 new allow pattern
+Log Cleanup:
+- Action: Archive
+- Entries processed: 153
+- Archive location: .claude/auto_approve_safe.decisions.archived.jsonl
+To Revert Changes:
+  git checkout .claude/scripts/auto_approve_safe.rules.json
+```