claude-dev-env 1.41.0 → 1.43.0

package/_shared/pr-loop/scripts/grant_project_claude_permissions.py

@@ -9,43 +9,37 @@ the changes applied. No-op when the entries already exist.
 import sys
 from pathlib import Path
 
-parent_directory = str(Path(__file__).absolute().parent)
-try:
-    sys.path.remove(parent_directory)
-except ValueError:
-    pass
+parent_directory = str(Path(__file__).resolve().parent)
 if parent_directory not in sys.path:
     sys.path.insert(0, parent_directory)
 
-for each_cached_module_name in [
-    each_module_key
-    for each_module_key in list(sys.modules)
-    if each_module_key == "config"
-    or each_module_key.startswith("config.")
-    or each_module_key == "_claude_permissions_common"
-]:
-    sys.modules.pop(each_cached_module_name, None)
-
 from _claude_permissions_common import (  # noqa: E402
     append_if_missing,
+    build_agent_config_deny_rules,
     build_permission_rules,
     ensure_dict_section,
     ensure_list_entry,
     exit_with_error,
     get_current_project_path,
+    is_trust_entry_for_project,
     is_valid_project_root,
     load_settings,
+    remove_matching_entries_from_list,
     save_settings,
 )
-from config.claude_permissions_constants import (  # noqa: E402
+from pr_loop_shared_constants.claude_permissions_constants import (
+    ALL_AGENT_CONFIG_DENY_TOOLS,
+    ALL_AGENT_CONFIG_PATH_PATTERNS,
     ALL_PERMISSION_ALLOW_TOOLS,
+    AUTO_MODE_ENVIRONMENT_ENTRY_PREFIX,
     AUTO_MODE_ENVIRONMENT_ENTRY_TEMPLATE,
     get_claude_user_settings_path,
 )
-from config.claude_settings_keys_constants import (  # noqa: E402
+from pr_loop_shared_constants.claude_settings_keys_constants import (
     CLAUDE_SETTINGS_ADDITIONAL_DIRECTORIES_KEY,
     CLAUDE_SETTINGS_ALLOW_KEY,
     CLAUDE_SETTINGS_AUTO_MODE_KEY,
+    CLAUDE_SETTINGS_DENY_KEY,
     CLAUDE_SETTINGS_ENVIRONMENT_KEY,
     CLAUDE_SETTINGS_PERMISSIONS_KEY,
 )
@@ -76,6 +70,35 @@ def add_rules_to_allow_list(
     )
 
 
+def add_rules_to_deny_list(
+    all_settings: dict[str, object], all_rules_to_add: list[str]
+) -> int:
+    """Add permission rules to the settings deny list.
+
+    Deny rules take precedence over allow rules in Claude Code's permission
+    matching, so writing agent-config paths into the deny list forces a
+    per-edit user approval even when a broader allow rule would cover them.
+
+    Args:
+        all_settings: The parsed settings dictionary.
+        all_rules_to_add: Permission rule strings to append.
+
+    Returns:
+        Number of rules actually added (new entries).
+    """
+    permissions_section = ensure_dict_section(
+        all_settings, CLAUDE_SETTINGS_PERMISSIONS_KEY
+    )
+    existing_deny_list = ensure_list_entry(
+        permissions_section, CLAUDE_SETTINGS_DENY_KEY
+    )
+    return sum(
+        1
+        for each_rule in all_rules_to_add
+        if append_if_missing(existing_deny_list, each_rule)
+    )
+
+
 def add_directory_to_additional_directories(
     all_settings: dict[str, object], directory_path: str
 ) -> int:
@@ -122,11 +145,63 @@ def add_auto_mode_environment_entry(
     return 0
 
 
+def purge_stale_trust_entries(
+    all_settings: dict[str, object],
+    project_path: str,
+    prefix: str,
+    protected_entry: str | None = None,
+) -> int:
+    """Remove every prior trust entry for the project from autoMode.environment.
+
+    A trust entry is any string in autoMode.environment whose prefix matches
+    the trust-entry marker and that contains the project's .claude/** path.
+    Purging stale entries before adding the current template prevents
+    accumulation across template revisions. The optional protected_entry
+    survives the purge so an entry byte-identical to the one about to be
+    re-added is not removed and re-added on every invocation, preserving the
+    idempotency contract documented on grant_permissions_for_current_directory.
+
+    Args:
+        all_settings: The parsed settings dictionary.
+        project_path: The POSIX-style project root path.
+        prefix: The literal prefix that marks a trust entry.
+        protected_entry: Optional entry text that, when byte-equal to a
+            candidate, prevents removal. Pass the freshly-formatted current
+            template entry from grant to preserve idempotency. Revoke passes
+            None so every matching entry is removed.
+
+    Returns:
+        Number of stale entries removed.
+    """
+    auto_mode_section = all_settings.get(CLAUDE_SETTINGS_AUTO_MODE_KEY)
+    if not isinstance(auto_mode_section, dict):
+        return 0
+    existing_environment = auto_mode_section.get(CLAUDE_SETTINGS_ENVIRONMENT_KEY)
+    if not isinstance(existing_environment, list):
+        return 0
+
+    def _should_purge_candidate(candidate_entry: object) -> bool:
+        if not is_trust_entry_for_project(candidate_entry, project_path, prefix):
+            return False
+        if protected_entry is not None and candidate_entry == protected_entry:
+            return False
+        return True
+
+    return remove_matching_entries_from_list(
+        existing_environment,
+        _should_purge_candidate,
+    )
+
+
 def grant_permissions_for_current_directory() -> None:
     """Grant Edit/Write/Read permissions for the current project directory.
 
     Reads the current project path, constructs permission rules from config
-    constants, and writes them to ~/.claude/settings.json atomically.
+    constants, and writes them to ~/.claude/settings.json atomically. Adds
+    deny rules for agent-config paths so edits to settings, hooks, commands,
+    agents, skills, mcp.json, and CLAUDE.md still require per-edit user
+    approval. Purges any prior trust entries for this project before writing
+    the current template to prevent accumulation across template revisions.
 
     Raises:
         SystemExit: When the current directory is not a valid project root.
@@ -146,19 +221,37 @@ def grant_permissions_for_current_directory() -> None:
     all_permission_rules = build_permission_rules(
         project_path, ALL_PERMISSION_ALLOW_TOOLS
     )
+    all_agent_config_deny_rules = build_agent_config_deny_rules(
+        project_path,
+        ALL_AGENT_CONFIG_DENY_TOOLS,
+        ALL_AGENT_CONFIG_PATH_PATTERNS,
+    )
     environment_entry = AUTO_MODE_ENVIRONMENT_ENTRY_TEMPLATE.format(
         project_path=project_path
     )
     settings = load_settings(claude_user_settings_path)
-    rules_added_count = add_rules_to_allow_list(settings, all_permission_rules)
+    allow_rules_added_count = add_rules_to_allow_list(settings, all_permission_rules)
+    deny_rules_added_count = add_rules_to_deny_list(
+        settings, all_agent_config_deny_rules
+    )
     directories_added_count = add_directory_to_additional_directories(
         settings, project_path
     )
+    stale_trust_entries_purged_count = purge_stale_trust_entries(
+        settings,
+        project_path,
+        AUTO_MODE_ENVIRONMENT_ENTRY_PREFIX,
+        protected_entry=environment_entry,
+    )
     environment_entries_added_count = add_auto_mode_environment_entry(
         settings, environment_entry
     )
     total_changes_count = (
-        rules_added_count + directories_added_count + environment_entries_added_count
+        allow_rules_added_count
+        + deny_rules_added_count
+        + directories_added_count
+        + stale_trust_entries_purged_count
+        + environment_entries_added_count
     )
     if total_changes_count == 0:
         print(f"Project path: {project_path}")
@@ -168,8 +261,19 @@ def grant_permissions_for_current_directory() -> None:
     save_settings(claude_user_settings_path, settings)
     print(f"Project path: {project_path}")
     print(f"Settings file: {claude_user_settings_path}")
-    print(f"Allow rules added: {rules_added_count} of {len(all_permission_rules)}")
+    print(
+        f"Allow rules added: {allow_rules_added_count} of {len(all_permission_rules)}"
+    )
+    print(
+        f"Deny rules added: {deny_rules_added_count} of "
+        f"{len(all_agent_config_deny_rules)}"
+    )
     print(f"Additional directories added: {directories_added_count}")
+    if stale_trust_entries_purged_count > 0:
+        print(
+            f"Stale auto-mode environment entries purged: "
+            f"{stale_trust_entries_purged_count}"
+        )
     print(f"Auto-mode environment entries added: {environment_entries_added_count}")
 
 

package/_shared/pr-loop/scripts/post_audit_thread.py

@@ -32,11 +32,11 @@ import urllib.request
 from pathlib import Path
 from typing import NoReturn
 
-sys.modules.pop("config", None)
-if str(Path(__file__).absolute().parent) not in sys.path:
-    sys.path.insert(0, str(Path(__file__).absolute().parent))
+parent_directory = str(Path(__file__).resolve().parent)
+if parent_directory not in sys.path:
+    sys.path.insert(0, parent_directory)
 
-from config.post_audit_thread_constants import (
+from pr_loop_shared_constants.post_audit_thread_constants import (  # noqa: E402
     ALL_GH_API_COMMAND_PARTS,
     ALL_GH_API_USER_COMMAND_PARTS,
     ALL_GH_AUTH_STATUS_COMMAND_PARTS,

package/_shared/pr-loop/scripts/pr_loop_shared_constants/claude_permissions_constants.py

@@ -0,0 +1,90 @@
+"""Constants shared by grant_project_claude_permissions and revoke_project_claude_permissions."""
+
+from pathlib import Path
+
+from pr_loop_shared_constants.preflight_constants import GIT_DIRECTORY_NAME
+
+__all__ = (
+    "ALL_AGENT_CONFIG_DENY_TOOLS",
+    "ALL_AGENT_CONFIG_PATH_PATTERNS",
+    "ALL_PERMISSION_ALLOW_TOOLS",
+    "ALL_TRUST_ENTRY_PROJECT_PATH_BOUNDARY_QUOTE_CHARACTERS",
+    "AUTO_MODE_ENVIRONMENT_ENTRY_PREFIX",
+    "AUTO_MODE_ENVIRONMENT_ENTRY_TEMPLATE",
+    "CLAUDE_SETTINGS_DIRECTORY_NAME",
+    "CLAUDE_SETTINGS_FILENAME",
+    "GIT_DIRECTORY_NAME",
+    "TEXT_FILE_ENCODING",
+    "UNIQUE_TEMPORARY_SUFFIX_BYTE_LENGTH",
+    "get_claude_user_settings_path",
+)
+
+
+ALL_PERMISSION_ALLOW_TOOLS: tuple[str, ...] = ("Edit", "Write", "Read")
+
+ALL_AGENT_CONFIG_DENY_TOOLS: tuple[str, ...] = ("Edit", "Write", "Read", "Glob")
+
+ALL_AGENT_CONFIG_PATH_PATTERNS: tuple[str, ...] = (
+    "settings*.json",
+    "hooks/**",
+    "commands/**",
+    "agents/**",
+    "skills/**",
+    "mcp.json",
+    "CLAUDE.md",
+)
+
+AUTO_MODE_ENVIRONMENT_ENTRY_PREFIX: str = "Trusted local workspace:"
+
+
+def _describe_agent_config_pattern_for_humans(agent_config_path_pattern: str) -> str:
+    glob_suffix_under_directory = "/**"
+    file_name_for_special_phrasing = "mcp.json"
+    if agent_config_path_pattern.endswith(glob_suffix_under_directory):
+        directory_name = agent_config_path_pattern[
+            : -len(glob_suffix_under_directory)
+        ]
+        return f"anything under {directory_name}/"
+    if agent_config_path_pattern == file_name_for_special_phrasing:
+        return f"the {file_name_for_special_phrasing} file"
+    return agent_config_path_pattern
+
+
+def _build_agent_config_pattern_phrase(
+    all_agent_config_path_patterns: tuple[str, ...],
+) -> str:
+    all_described_patterns: list[str] = [
+        _describe_agent_config_pattern_for_humans(each_pattern)
+        for each_pattern in all_agent_config_path_patterns
+    ]
+    if len(all_described_patterns) <= 1:
+        return ", ".join(all_described_patterns)
+    leading_phrase_parts = ", ".join(all_described_patterns[:-1])
+    final_phrase_part = all_described_patterns[-1]
+    return f"{leading_phrase_parts}, and {final_phrase_part}"
+
+
+_AGENT_CONFIG_PATTERN_PHRASE: str = _build_agent_config_pattern_phrase(
+    ALL_AGENT_CONFIG_PATH_PATTERNS
+)
+
+AUTO_MODE_ENVIRONMENT_ENTRY_TEMPLATE: str = (
+    f"Trusted local workspace: Files under {{project_path}}/.claude/** inherit "
+    f"the workspace's trust for Edit, Write, Read, and Glob operations EXCEPT "
+    f"for agent-config files: {_AGENT_CONFIG_PATTERN_PHRASE}. Edits to those "
+    f"agent-config files always require explicit per-edit user approval."
+)
+
+ALL_TRUST_ENTRY_PROJECT_PATH_BOUNDARY_QUOTE_CHARACTERS: tuple[str, ...] = ('"', "'")
+
+CLAUDE_SETTINGS_DIRECTORY_NAME: str = ".claude"
+
+CLAUDE_SETTINGS_FILENAME: str = "settings.json"
+
+TEXT_FILE_ENCODING: str = "utf-8"
+
+UNIQUE_TEMPORARY_SUFFIX_BYTE_LENGTH: int = 8
+
+
+def get_claude_user_settings_path() -> Path:
+    return Path.home() / CLAUDE_SETTINGS_DIRECTORY_NAME / CLAUDE_SETTINGS_FILENAME

package/_shared/pr-loop/scripts/{config → pr_loop_shared_constants}/claude_settings_keys_constants.py

@@ -4,6 +4,8 @@ CLAUDE_SETTINGS_PERMISSIONS_KEY: str = "permissions"
 
 CLAUDE_SETTINGS_ALLOW_KEY: str = "allow"
 
+CLAUDE_SETTINGS_DENY_KEY: str = "deny"
+
 CLAUDE_SETTINGS_ADDITIONAL_DIRECTORIES_KEY: str = "additionalDirectories"
 
 CLAUDE_SETTINGS_AUTO_MODE_KEY: str = "autoMode"

package/_shared/pr-loop/scripts/preflight.py

@@ -4,38 +4,20 @@ import subprocess
 import sys
 from pathlib import Path
 
-sys.modules.pop("config", None)
-_script_directory_resolved = Path(__file__).resolve().parent
-_script_directory_absolute = Path(__file__).absolute().parent
-
+parent_directory = str(Path(__file__).resolve().parent)
+sys.path[:] = [
+    each_existing_entry
+    for each_existing_entry in sys.path
+    if not (
+        os.path.exists(each_existing_entry)
+        and os.path.samefile(each_existing_entry, parent_directory)
+    )
+]
+if parent_directory not in sys.path:
+    sys.path.insert(0, parent_directory)
 
-def _entry_points_at_preflight_script_directory(each_path_entry: str) -> bool:
-    if each_path_entry in (
-        str(_script_directory_resolved),
-        str(_script_directory_absolute),
-    ):
-        return True
-    try:
-        candidate_path = Path(each_path_entry)
-    except (OSError, ValueError):
-        return False
-    if candidate_path.exists():
-        try:
-            return os.path.samefile(candidate_path, _script_directory_resolved)
-        except OSError:
-            return False
-    return False
-
-
-for each_index in range(len(sys.path) - 1, -1, -1):
-    if _entry_points_at_preflight_script_directory(sys.path[each_index]):
-        sys.path.pop(each_index)
-_preflight_scripts_path_entry = str(_script_directory_absolute)
-if _preflight_scripts_path_entry not in sys.path:
-    sys.path.insert(0, _preflight_scripts_path_entry)
-
-from config.fix_hookspath_constants import HOOKS_PATH_VERIFICATION_SUFFIX
-from config.preflight_constants import (
+from pr_loop_shared_constants.fix_hookspath_constants import HOOKS_PATH_VERIFICATION_SUFFIX  # noqa: E402
+from pr_loop_shared_constants.preflight_constants import (
     ALL_GIT_CONFIG_GET_CORE_HOOKS_PATH_SUBCOMMAND,
     ALL_GIT_DIFF_NAME_ONLY_SUBCOMMAND,
     ALL_GIT_LS_FILES_TEST_DISCOVERY_SUBCOMMAND,

package/_shared/pr-loop/scripts/reviews_disabled.py

@@ -8,22 +8,8 @@ rules and disabled-token taxonomy live in exactly one place.
 from __future__ import annotations
 
 import os
-import sys
-from pathlib import Path
-
-for each_cached_module_name in [
-    each_module_key
-    for each_module_key in list(sys.modules)
-    if each_module_key == "config" or each_module_key.startswith("config.")
-]:
-    sys.modules.pop(each_cached_module_name, None)
-_shared_pr_loop_scripts_directory = str(Path(__file__).absolute().parent)
-while _shared_pr_loop_scripts_directory in sys.path:
-    sys.path.remove(_shared_pr_loop_scripts_directory)
-if _shared_pr_loop_scripts_directory not in sys.path:
-    sys.path.insert(0, _shared_pr_loop_scripts_directory)
-
-from config.reviews_disabled_constants import (
+
+from pr_loop_shared_constants.reviews_disabled_constants import (
     CLAUDE_REVIEWS_DISABLED_BUGTEAM_TOKEN,
     CLAUDE_REVIEWS_DISABLED_ENV_VAR_NAME,
     CLAUDE_REVIEWS_DISABLED_TOKEN_SEPARATOR,

package/_shared/pr-loop/scripts/revoke_project_claude_permissions.py

@@ -10,41 +10,34 @@ autoMode sections so repeated grant/revoke cycles leave no dead structure.
 import sys
 from pathlib import Path
 
-parent_directory = str(Path(__file__).absolute().parent)
-try:
-    sys.path.remove(parent_directory)
-except ValueError:
-    pass
+parent_directory = str(Path(__file__).resolve().parent)
 if parent_directory not in sys.path:
     sys.path.insert(0, parent_directory)
 
-for each_cached_module_name in [
-    each_module_key
-    for each_module_key in list(sys.modules)
-    if each_module_key == "config"
-    or each_module_key.startswith("config.")
-    or each_module_key == "_claude_permissions_common"
-]:
-    sys.modules.pop(each_cached_module_name, None)
-
 from _claude_permissions_common import (  # noqa: E402
+    build_agent_config_deny_rules,
     build_permission_rules,
     exit_with_error,
     get_current_project_path,
+    is_trust_entry_for_project,
     is_valid_project_root,
     load_settings,
     prune_empty_list_then_empty_section,
+    remove_matching_entries_from_list,
     save_settings,
 )
-from config.claude_permissions_constants import (  # noqa: E402
+from pr_loop_shared_constants.claude_permissions_constants import (
+    ALL_AGENT_CONFIG_DENY_TOOLS,
+    ALL_AGENT_CONFIG_PATH_PATTERNS,
     ALL_PERMISSION_ALLOW_TOOLS,
-    AUTO_MODE_ENVIRONMENT_ENTRY_TEMPLATE,
+    AUTO_MODE_ENVIRONMENT_ENTRY_PREFIX,
     get_claude_user_settings_path,
 )
-from config.claude_settings_keys_constants import (  # noqa: E402
+from pr_loop_shared_constants.claude_settings_keys_constants import (
     CLAUDE_SETTINGS_ADDITIONAL_DIRECTORIES_KEY,
     CLAUDE_SETTINGS_ALLOW_KEY,
     CLAUDE_SETTINGS_AUTO_MODE_KEY,
+    CLAUDE_SETTINGS_DENY_KEY,
     CLAUDE_SETTINGS_ENVIRONMENT_KEY,
     CLAUDE_SETTINGS_PERMISSIONS_KEY,
 )
@@ -92,6 +85,27 @@ def remove_rules_from_allow_list(
     return remove_values_from_list(existing_allow_list, set(all_rules_to_remove))
 
 
+def remove_rules_from_deny_list(
+    all_settings: dict[str, object], all_rules_to_remove: list[str]
+) -> int:
+    """Remove matching permission rules from the settings deny list.
+
+    Args:
+        all_settings: The parsed settings dictionary.
+        all_rules_to_remove: Permission rule strings to remove.
+
+    Returns:
+        Number of rules removed.
+    """
+    permissions_section = all_settings.get(CLAUDE_SETTINGS_PERMISSIONS_KEY)
+    if not isinstance(permissions_section, dict):
+        return 0
+    existing_deny_list = permissions_section.get(CLAUDE_SETTINGS_DENY_KEY)
+    if not isinstance(existing_deny_list, list):
+        return 0
+    return remove_values_from_list(existing_deny_list, set(all_rules_to_remove))
+
+
 def remove_directory_from_additional_directories(
     all_settings: dict[str, object], directory_path: str
 ) -> int:
@@ -115,17 +129,23 @@ def remove_directory_from_additional_directories(
     return remove_values_from_list(existing_directories, {directory_path})
 
 
-def remove_auto_mode_environment_entry(
-    all_settings: dict[str, object], entry_text: str
+def remove_trust_entries_for_project(
+    all_settings: dict[str, object], project_path: str, prefix: str
 ) -> int:
-    """Remove an auto-mode environment entry for the project.
+    """Remove every trust entry for the project from autoMode.environment.
+
+    Matches any string in autoMode.environment whose prefix matches the
+    trust-entry marker and that contains the project's .claude/** path.
+    The match is wording-agnostic so prior template revisions are removed
+    cleanly even when the current template differs.
 
     Args:
         all_settings: The parsed settings dictionary.
-        entry_text: The environment entry text to remove.
+        project_path: The POSIX-style project root path.
+        prefix: The literal prefix that marks a trust entry.
 
     Returns:
-        1 when the entry was removed, 0 when not found.
+        Number of entries removed.
     """
     auto_mode_section = all_settings.get(CLAUDE_SETTINGS_AUTO_MODE_KEY)
     if not isinstance(auto_mode_section, dict):
@@ -133,7 +153,12 @@ def remove_auto_mode_environment_entry(
     existing_environment = auto_mode_section.get(CLAUDE_SETTINGS_ENVIRONMENT_KEY)
     if not isinstance(existing_environment, list):
         return 0
-    return remove_values_from_list(existing_environment, {entry_text})
+    return remove_matching_entries_from_list(
+        existing_environment,
+        lambda candidate_entry: is_trust_entry_for_project(
+            candidate_entry, project_path, prefix
+        ),
+    )
 
 
 def prune_settings_after_revoke(all_settings: dict[str, object]) -> None:
@@ -147,6 +172,11 @@ def prune_settings_after_revoke(all_settings: dict[str, object]) -> None:
         CLAUDE_SETTINGS_PERMISSIONS_KEY,
         CLAUDE_SETTINGS_ALLOW_KEY,
     )
+    prune_empty_list_then_empty_section(
+        all_settings,
+        CLAUDE_SETTINGS_PERMISSIONS_KEY,
+        CLAUDE_SETTINGS_DENY_KEY,
+    )
     prune_empty_list_then_empty_section(
         all_settings,
         CLAUDE_SETTINGS_PERMISSIONS_KEY,
@@ -162,9 +192,10 @@ def prune_settings_after_revoke(all_settings: dict[str, object]) -> None:
 def revoke_permissions_for_current_directory() -> None:
     """Revoke permissions previously granted for the current project directory.
 
-    Reads the current project path, constructs the matching permission rules,
-    removes them from ~/.claude/settings.json, and prunes any newly empty
-    sections.
+    Reads the current project path, constructs the matching allow and deny
+    permission rules, removes them from ~/.claude/settings.json, removes
+    every trust entry for the project from autoMode.environment, and prunes
+    any newly empty sections.
 
     Raises:
         SystemExit: When the current directory is not a valid project root.
@@ -182,19 +213,25 @@ def revoke_permissions_for_current_directory() -> None:
         raise SystemExit(1)
     project_path = get_current_project_path()
     permission_rules = build_permission_rules(project_path, ALL_PERMISSION_ALLOW_TOOLS)
-    environment_entry = AUTO_MODE_ENVIRONMENT_ENTRY_TEMPLATE.format(
-        project_path=project_path
+    all_agent_config_deny_rules = build_agent_config_deny_rules(
+        project_path,
+        ALL_AGENT_CONFIG_DENY_TOOLS,
+        ALL_AGENT_CONFIG_PATH_PATTERNS,
     )
     settings = load_settings(claude_user_settings_path)
-    rules_removed_count = remove_rules_from_allow_list(settings, permission_rules)
+    allow_rules_removed_count = remove_rules_from_allow_list(settings, permission_rules)
+    deny_rules_removed_count = remove_rules_from_deny_list(
+        settings, all_agent_config_deny_rules
+    )
     directories_removed_count = remove_directory_from_additional_directories(
         settings, project_path
     )
-    environment_entries_removed_count = remove_auto_mode_environment_entry(
-        settings, environment_entry
+    environment_entries_removed_count = remove_trust_entries_for_project(
+        settings, project_path, AUTO_MODE_ENVIRONMENT_ENTRY_PREFIX
     )
     total_changes_count = (
-        rules_removed_count
+        allow_rules_removed_count
+        + deny_rules_removed_count
         + directories_removed_count
         + environment_entries_removed_count
     )
@@ -207,7 +244,13 @@ def revoke_permissions_for_current_directory() -> None:
     save_settings(claude_user_settings_path, settings)
     print(f"Project path: {project_path}")
     print(f"Settings file: {claude_user_settings_path}")
-    print(f"Allow rules removed: {rules_removed_count} of {len(permission_rules)}")
+    print(
+        f"Allow rules removed: {allow_rules_removed_count} of {len(permission_rules)}"
+    )
+    print(
+        f"Deny rules removed: {deny_rules_removed_count} of "
+        f"{len(all_agent_config_deny_rules)}"
+    )
     print(f"Additional directories removed: {directories_removed_count}")
     print(
         f"Auto-mode environment entries removed: {environment_entries_removed_count}"

package/_shared/pr-loop/scripts/tests/conftest.py

@@ -1,51 +1 @@
-"""Test fixtures for _shared/pr-loop/scripts/.
-
-Two unrelated Python packages live under the name ``config`` in this repo:
-  - ``_shared/pr-loop/scripts/config/`` (constants for grant/revoke/gate/preflight scripts)
-  - ``hooks/config/`` (constants for the code-rules enforcer and other hooks)
-
-When tests under this directory exercise the gate (which loads
-``hooks/blocking/code_rules_enforcer.py``) and also load the grant/revoke
-scripts in the same pytest process, ``sys.modules['config']`` and
-``sys.modules['config.<submodule>']`` cache entries from one package leak
-into the other. The next ``from config.<submodule> import ...`` then fails
-with ``ModuleNotFoundError`` because the cached parent package does not
-expose that submodule.
-
-Independently, several scripts in this folder do
-``Path(__file__).resolve()`` then prepend the resulting directory to
-``sys.path``. On Windows when the working tree lives under a mapped drive
-backed by a UNC share (``Y:`` -> ``\\\\server\\share\\...``), ``.resolve()``
-returns the UNC form, and Python's import machinery on this host cannot
-locate ``config`` packages from a UNC ``sys.path`` entry. The Y:-form entry
-gets pushed to a later index by subsequent inserts, making ``from
-config.<submodule> import ...`` fail.
-
-This autouse fixture restores both invariants before each test:
-  1. evict every ``config`` and ``config.*`` entry from ``sys.modules``
-  2. prepend the drive-letter (``.absolute()``) form of the scripts
-     directory to ``sys.path`` so package resolution always has a
-     non-UNC path to search first
-"""
-
-from __future__ import annotations
-
-import sys
-from pathlib import Path
-
-import pytest
-
-SCRIPTS_DIRECTORY_DRIVE_LETTER_FORM = str(Path(__file__).absolute().parent.parent)
-
-
-@pytest.fixture(autouse=True)
-def _evict_config_namespace_between_tests() -> None:
-    for each_module_name in [
-        each_key
-        for each_key in list(sys.modules)
-        if each_key == "config" or each_key.startswith("config.")
-    ]:
-        sys.modules.pop(each_module_name, None)
-    if SCRIPTS_DIRECTORY_DRIVE_LETTER_FORM in sys.path:
-        sys.path.remove(SCRIPTS_DIRECTORY_DRIVE_LETTER_FORM)
-    sys.path.insert(0, SCRIPTS_DIRECTORY_DRIVE_LETTER_FORM)
+"""Test fixtures for _shared/pr-loop/scripts/tests/."""