cc-permissions 0.1.2 → 0.1.11

package/README.md

@@ -2,228 +2,201 @@
 
 **Thoughtful permission configs for Claude Code without the container overhead.**
 
-## The Problem
+Claude Code users face a frustrating choice: run in a Docker sandbox with `--dangerously-skip-permissions` for convenience, or run natively and deal with constant permission prompts.
 
-Claude Code users face a frustrating choice:
+This tool offers a middle ground. Generate permission configurations tailored to your workflow, reducing prompt fatigue while maintaining control over what Claude Code can do.
 
-- **Docker sandbox + `--dangerously-skip-permissions`**: Safe and convenient, but requires container setup and deals with overhead
-- **Native execution**: No containers, but constant permission prompts interrupt your workflow
+> ⚠️ **Warning:** This approach is inherently less safe than a fully isolated environment. You're trading sandbox protection for convenience. ⚠️
 
-Neither option is ideal for users who want native performance with intentional control.
+## Getting started
 
-## Our Solution
+The fastest way to get going:
 
-A middle ground: generate thoughtful permission configurations that reduce prompt fatigue while maintaining deliberate control over what Claude Code can do.
+```bash
+npx cc-permissions apply
+```
 
-**Important**: This approach is inherently less safe than a fully isolated environment—there's no sandbox. Users accept this tradeoff in exchange for avoiding container overhead while having more control than `--dangerously-skip-permissions` alone.
+This analyzes your project, detects relevant templates, and applies permissions to `.claude/settings.json`.
 
-## Installation
+Want to see what would be applied first?
 
 ```bash
-# Run directly with npx (no install needed)
 npx cc-permissions
-
-# Or install globally
-npm install -g cc-permissions
 ```
 
-### Claude Code Plugin
+Or install globally to use without npx:
 
-Install as a Claude Code plugin for integrated commands:
-
-```
-/plugin install DanielCarmingham/cc-permissions
+```bash
+npm install -g cc-permissions
 ```
+Then run: `cc-permissions apply`
 
-Then use:
-- `/cc-permissions:analyze` - Scan project and recommend templates
-- `/cc-permissions:template nodejs,python` - Generate from specific templates
-- `/cc-permissions:list` - List available templates
-- `/cc-permissions:apply` - Apply permissions to settings
+Or use as slash command via a Claude Code plugin:
 
-## Usage
+```bash
+# Add the marketplace
+claude plugin marketplace add DanielCarmingham/cc-permissions
 
-### Quick Start
+# Install the plugin
+claude plugin install cc-permissions@DanielCarmingham-cc-permissions
 
-```bash
-# Analyze your project and apply recommended permissions
-cc-permissions --apply
+# Update to latest version
+claude plugin update cc-permissions@DanielCarmingham-cc-permissions
 
-# Or be more specific
-cc-permissions --apply --level permissive
+# Uninstall
+claude plugin uninstall cc-permissions@DanielCarmingham-cc-permissions
 ```
 
-### Generate Permissions from a Template
+Then use `/cc-permissions:analyze`, `/cc-permissions:apply`, and other slash commands directly in Claude Code.
 
-```bash
-# Generate standard web development permissions
-cc-permissions template nodejs --level standard
+Note: Third-party plugins don't auto-update by default. Run `claude plugin update` from your terminal to get new versions, or enable auto-update via `/plugin` → Marketplaces → select marketplace → Enable auto-update.
 
-# Combine multiple templates
-cc-permissions template nodejs,python --level standard
+## How it works
 
-# Apply directly to .claude/settings.json (creates backup)
-cc-permissions template nodejs --apply
-```
-
-### Analyze Your Project
+Permissions are organized into **templates** and **levels**.
 
-Scan your project and get template recommendations:
+**Templates** group commands by technology. Use `nodejs` for npm/yarn/pnpm commands, `python` for pip and pytest, `docker` for container operations, and so on. Combine them freely:
 
 ```bash
-cc-permissions analyze
-cc-permissions analyze ./path/to/project
+cc-permissions apply nodejs,python,docker
 ```
 
-### List Available Templates
+**Levels** control how permissive each template is:
 
-```bash
-cc-permissions list
-```
+| Level | What it allows |
+|-------|----------------|
+| `restrictive` | Read-only operations (list, status, info) |
+| `standard` | Development workflow (run, build, test) |
+| `permissive` | Broader access (install, publish, remove) |
 
-### Check Version
+Levels are cumulative. `standard` includes everything from `restrictive`, and `permissive` includes everything from `standard`.
 
 ```bash
-cc-permissions -v   # or --version
+# Safe exploration mode
+cc-permissions apply nodejs --level restrictive
+
+# Normal development (default)
+cc-permissions apply nodejs
+
+# Trusted project, full access
+cc-permissions apply nodejs --level permissive
 ```
 
-## Permission Levels
+## Templates
 
-Levels are cumulative—each level includes everything from the previous level:
+### General
 
-| Level | Description | Use Case |
-|-------|-------------|----------|
-| `restrictive` | Read-only operations (git status, npm list, etc.) | Code review, exploration |
-| `standard` | Dev workflow (+ git commit/push, npm run/build/test) | Day-to-day development |
-| `permissive` | Few guardrails (+ npm install, most commands except banned) | Trusted projects, greenfield |
+| Template | Description |
+|----------|-------------|
+| [shell](docs/templates/shell.md) | Basic shell and filesystem commands |
 
-## Available Templates
+### Version Control
 
 | Template | Description |
 |----------|-------------|
-| `shell` | Git and common CLI tools (ls, cat, grep, find, etc.) |
-| `nodejs` | Node.js, npm, and common frontend tooling |
-| `python` | pip, python, venv, pytest, and common data tools |
-| `dotnet` | dotnet CLI, NuGet, MSBuild |
+| [git](docs/templates/git.md) | Git version control |
+| [gitea](docs/templates/gitea.md) | Gitea CLI (tea) and MCP server for repository and workflow management |
+| [github](docs/templates/github.md) | GitHub CLI (gh) for repository and workflow management |
+| [gitlab](docs/templates/gitlab.md) | GitLab CLI (glab) and MCP server for repository and workflow management |
 
-Combine templates with commas: `cc-permissions template shell,nodejs,python`
+### Languages & Runtimes
 
-Run `cc-permissions list` to see all available templates.
+| Template | Description |
+|----------|-------------|
+| [dotnet](docs/templates/dotnet.md) | dotnet CLI, NuGet, MSBuild |
+| [go](docs/templates/go.md) | Go development and golangci-lint |
+| [java](docs/templates/java.md) | Maven, Gradle, Java, and JVM development |
+| [nodejs](docs/templates/nodejs.md) | Node.js, npm, pnpm, yarn, and bun |
+| [php](docs/templates/php.md) | PHP, Composer, and Laravel Artisan |
+| [python](docs/templates/python.md) | pip, python, venv, pytest, and common data tools |
+| [ruby](docs/templates/ruby.md) | Ruby, Bundler, Rails, and Rake |
+| [rust](docs/templates/rust.md) | Cargo, rustc, and rustup |
 
-## Apply Options
+### Cloud Providers
 
-Control where permissions are written with `--scope` or `--output`:
+| Template | Description |
+|----------|-------------|
+| [aws](docs/templates/aws.md) | AWS CLI, SAM, CDK, Amplify, and Elastic Beanstalk |
+| [azure](docs/templates/azure.md) | Azure CLI, Functions, Bicep, and Azure Developer CLI |
+| [gcp](docs/templates/gcp.md) | Google Cloud CLI, gsutil, Firebase, and BigQuery |
 
-```bash
-# Project settings (default) - .claude/settings.json
-cc-permissions --apply --scope project
+### Container & Infrastructure
 
-# User/global settings - ~/.claude/settings.json
-cc-permissions --apply --scope user
+| Template | Description |
+|----------|-------------|
+| [docker](docs/templates/docker.md) | Docker, Docker Compose, and Buildx |
+| [kubernetes](docs/templates/kubernetes.md) | kubectl, Helm, k9s, and Minikube |
+| [terraform](docs/templates/terraform.md) | Terraform, Terragrunt, and tflint |
 
-# Local settings (gitignored) - .claude/settings.local.json
-cc-permissions --apply --scope local
+### Testing
 
-# Custom file path
-cc-permissions --apply --output ./my-permissions.json
-```
+| Template | Description |
+|----------|-------------|
+| [playwright](docs/templates/playwright.md) | Playwright testing framework |
 
-| Scope | File | Use Case |
-|-------|------|----------|
-| `project` | `.claude/settings.json` | Shared team settings (commit to repo) |
-| `user` / `global` | `~/.claude/settings.json` | Personal defaults across all projects |
-| `local` | `.claude/settings.local.json` | Personal overrides (gitignored) |
+### Mobile Development
 
-**Tip:** Options support prefix matching—use `-l r` for `--level restrictive` or `-s u` for `--scope user`.
+| Template | Description |
+|----------|-------------|
+| [android](docs/templates/android.md) | Gradle, ADB, and Android development |
+| [flutter](docs/templates/flutter.md) | Flutter SDK and Dart development |
+| [ios](docs/templates/ios.md) | Xcode, Swift, CocoaPods, and iOS development |
 
-## Output Formats
+### Utilities
 
-```bash
-# JSON only (default) - pipe to .claude/settings.json
-cc-permissions template nodejs --format json
+| Template | Description |
+|----------|-------------|
+| [database](docs/templates/database.md) | PostgreSQL, MySQL, MongoDB, and Redis CLI tools |
 
-# Human-readable summary
-cc-permissions template nodejs --format summary
+Click any template to see the full list of commands at each level.
 
-# Both JSON and summary
-cc-permissions template nodejs --format both
-```
+## Where permissions are saved
 
-## Who This Is For
-
-- Developers who prefer native execution over containers
-- Users tired of repetitive permission prompts
-- Teams wanting consistent permission policies across projects
-
-## Contributing Templates
-
-Templates are located in the `templates/` directory.
-
-### Template Structure
-
-Each template is a `.jsonc` file with comments allowed:
-
-```jsonc
-{
-  "$schema": "./template.schema.json",
-  "name": "my-template",
-  "description": "Brief description of what this template covers",
-  "levels": {
-    "restrictive": [
-      // Read-only commands (exploration, status checks)
-      { "command": "mytool status", "description": "Check status" }
-    ],
-    "standard": [
-      // Dev workflow commands (builds, tests, commits)
-      { "command": "mytool build", "description": "Build project" }
-    ],
-    "permissive": [
-      // Commands with broader access (installs, publishes)
-      { "command": "mytool install *", "description": "Install packages" }
-    ]
-  }
-}
-```
+By default, permissions go to `.claude/settings.json` (project scope). You can change this:
 
-### Permission Level Guidelines
+```bash
+# Personal defaults across all projects
+cc-permissions apply --scope user
 
-| Level | Purpose | Examples |
-|-------|---------|----------|
-| `restrictive` | Read-only, safe to run anytime | `git status`, `npm list`, `cargo check` |
-| `standard` | Normal dev workflow | `git commit`, `npm test`, `cargo build` |
-| `permissive` | Broader access, use with caution | `npm install`, `cargo publish` |
+# Project-specific overrides (gitignored)
+cc-permissions apply --scope local
 
-Each level is cumulative—`standard` includes everything from `restrictive`, and `permissive` includes everything from `standard`.
+# Custom file
+cc-permissions apply --output ./my-permissions.json
+```
 
-## Safety
+| Scope | File | Use case |
+|-------|------|----------|
+| `project` | `.claude/settings.json` | Team settings, commit to repo |
+| `user` | `~/.claude/settings.json` | Personal defaults |
+| `local` | `.claude/settings.local.json` | Personal overrides, gitignored |
 
-All generated configs include a deny list of dangerous patterns:
-- `rm -rf` - Recursive force delete
-- `sudo` - Privilege escalation
-- `curl | bash` / `wget | sh` - Remote code execution
-- And more...
+## Safety
 
-## Publishing (for maintainers)
+All generated configs include a deny list blocking dangerous patterns like `rm -rf /`, `sudo`, and piped remote execution (`curl | bash`). You can still shoot yourself in the foot, but the obvious hazards are blocked.
 
-Version management is done through npm scripts:
+## Other commands
 
 ```bash
-npm run version:show         # Show current version
-npm run version:bump patch   # 0.1.0 → 0.1.1
-npm run version:bump minor   # 0.1.0 → 0.2.0
-npm run version:bump major   # 0.1.0 → 1.0.0
-npm run version:set 2.0.0    # Set exact version
-```
+# See what would be applied (same as cc-permissions analyze)
+cc-permissions
 
-To publish:
+# List available templates
+cc-permissions list
 
-```bash
-npm login                     # first time only
-npm run version:bump patch    # bump version (also: minor, major)
-npm publish                   # publishes to npm
+# View template permissions without applying
+cc-permissions template nodejs
+
+# Output as JSON only
+cc-permissions template nodejs --format json
+
+# Output with summary
+cc-permissions template nodejs --format both
 ```
 
-A prepublish check automatically prevents publishing a version that already exists on npm.
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for instructions on adding new templates and development setup.
 
 ## License
 

package/dist/analyze.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"analyze.d.ts","sourceRoot":"","sources":["../src/analyze.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAoC,MAAM,YAAY,CAAC;AA8HnF;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,CA8D5D;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,cAAc,GAAG,MAAM,CA8BnE"}
+{"version":3,"file":"analyze.d.ts","sourceRoot":"","sources":["../src/analyze.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,cAAc,EAAsE,MAAM,YAAY,CAAC;AAoWrH;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,CA4E5D;AAyDD;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,cAAc,GAAG,MAAM,CAyDnE"}