codebyplan 1.5.1 → 1.8.0

package/templates/skills/cbp-build-cc-rule/SKILL.md

@@ -0,0 +1,176 @@
+---
+scope: org-shared
+name: cbp-build-cc-rule
+description: Build a path-scoped rule file at .claude/rules/{name}.md following the official memory/rules spec (paths globs, always-loaded vs on-demand, symlinks) plus CBP conventions (required scope field for structural classification (validate-structure-scope.sh), narrow-paths discipline; hook warns at 100 lines, blocks at 200).
+argument-hint: '[name] [--scope=project|user] [--paths="glob,glob"]'
+allowed-tools: Read, Write, Edit, Glob, Grep
+effort: xhigh
+---
+
+# Build Claude Code Rule
+
+Create a rule at `.claude/rules/{name}.md` per the official Claude Code memory spec (section: _Organize rules with .claude/rules/_). Rules are auto-loaded instructions — either at session start (unconditional) or when Claude reads files matching `paths:` (scoped).
+
+## Arguments
+
+`$ARGUMENTS` — rule name (kebab-case). Flags: `--scope=project|user` (default `project`), `--paths="apps/*/src/api/**/*.ts,supabase/migrations/**/*.sql"`.
+
+## When to Use
+
+- Instruction applies broadly and should be loaded every session → global rule
+- Instruction applies only to specific file types/directories → path-scoped rule
+- Instruction is short, factual, and behavioural
+
+**Do NOT use this skill for:**
+
+- Step-by-step workflows → use `/cbp-build-cc-skill` (loads on invoke, doesn't burn context)
+- Project-level facts always needed → CLAUDE.md (use `/cbp-build-cc-claude-file`)
+- Accumulating learnings → auto memory (use `/cbp-build-cc-memory`)
+
+## Instructions
+
+### Step 1 — Decide scope and path
+
+| Scope   | Path                        | Loaded for                        |
+| ------- | --------------------------- | --------------------------------- |
+| project | `.claude/rules/{name}.md`   | Everyone on the project (via git) |
+| user    | `~/.claude/rules/{name}.md` | You, across all projects          |
+
+User-level rules load _before_ project rules, so project rules override on conflict.
+
+### Step 2 — Decide scoping behaviour
+
+| Pattern                      | Behaviour                                                  |
+| ---------------------------- | ---------------------------------------------------------- |
+| No `paths:` frontmatter      | Rule loads at session start, unconditional — use sparingly |
+| `paths: ["src/api/**/*.ts"]` | Rule loads when Claude reads a matching file               |
+| Multiple patterns            | Comma-separated in array, supports brace expansion         |
+
+Scope every rule you reasonably can. Unscoped rules burn context for every file Claude touches.
+
+### Step 3 — Pick a glob pattern
+
+Read [reference/paths-patterns.md](reference/paths-patterns.md) for the full table.
+
+**Prefer narrow, directory-scoped patterns.** `**/*.ts` matches on every edit and burns context. Scope to the smallest directory that covers the rule's intent.
+
+Good — narrow:
+
+```yaml
+paths:
+  - "apps/*/src/app/api/**/*.ts" # API route handlers only
+  - "apps/*/src/components/**/*.tsx" # Component source
+  - "supabase/migrations/**/*.sql" # DB migrations only
+  - "packages/auth/src/**/*.ts" # One package's source
+  - "tests/e2e/**/*.test.ts" # E2E tests only
+```
+
+Avoid — too broad:
+
+```yaml
+paths:
+  - "**/*.ts" # bad — unscoped
+  - "src/**/*" # bad — everything under src
+  - "**/*.{ts,tsx}" # bad — language-wide
+```
+
+Unscoped rules (no `paths:`) belong only on truly universal constraints: git attribution, company secrets policy, file-naming conventions.
+
+### Step 4 — Required CBP Frontmatter
+
+Every rule MUST have **both** fields:
+
+```yaml
+---
+scope: org-shared # or: project-shared | repo-only:<repo-name>
+paths:
+  - "apps/*/src/app/api/**/*.ts"
+---
+```
+
+| Field    | Purpose                                                                                                                                                                 |
+| -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `scope:` | CBP structural marker — required by validators (`validate-structure-scope.sh`). NOT read by Claude Code. Values: `org-shared` \| `project-shared` \| `repo-only:<name>` |
+| `paths:` | File globs that trigger rule loading (Claude Code native)                                                                                                               |
+
+When propagating rules between repos, copy only rules where `scope: org-shared` OR `scope: repo-only:<target>`.
+
+### Step 5 — Write the rule
+
+Read `${CLAUDE_SKILL_DIR}/templates/rule.md` as the canonical template.
+
+Naming:
+
+- kebab-case: `api-validation.md`, `git-workflow.md`
+- one topic per file
+- filename matches the `# H1` title
+
+Body structure — tight; bullets and tables, not prose:
+
+```markdown
+# Rule title
+
+One-line purpose.
+
+## Rule
+
+- [Constraint 1 — specific + verifiable]
+- [Constraint 2]
+
+## Correct / Wrong
+
+Code examples only when the rule is non-obvious.
+
+## Why
+
+Short reason — past incident, design decision, external constraint.
+```
+
+**Recommended max 100 lines; hard limit 200** (enforced by `validate-structure-lengths.sh`). Rules load into context on every match and compete with the conversation for tokens. Split on topic as the warn threshold approaches.
+
+### Step 6 — Check for duplication (merge-first)
+
+```bash
+grep -lr "topic-keyword" .claude/rules/
+```
+
+| Situation                           | Action                                 |
+| ----------------------------------- | -------------------------------------- |
+| Existing rule covers the topic      | Update it — don't create a second file |
+| Related but distinct constraints    | Cross-reference, keep separate         |
+| Rule exists with different `paths:` | Merge the paths, keep one rule         |
+| Pattern seen once                   | Don't create yet — wait for recurrence |
+
+### Step 7 — (Optional) Share across projects via symlink
+
+```bash
+# Whole rules directory shared
+ln -s ~/shared-claude-rules .claude/rules/shared
+
+# Individual file shared
+ln -s ~/company-standards/security.md .claude/rules/security.md
+```
+
+Claude Code resolves symlinks normally. Circular symlinks are detected.
+
+### Step 8 — Verify loading
+
+Run `/memory` in a fresh Claude Code session to confirm the rule is listed. If path-scoped, open a file matching the glob to confirm it triggers.
+
+Use the `InstructionsLoaded` hook if you need to debug exactly when and why a rule loads.
+
+## Integration
+
+- **Triggered by**: user invocation
+- **Reads**: `${CLAUDE_SKILL_DIR}/templates/rule.md`, `${CLAUDE_SKILL_DIR}/reference/paths-patterns.md`
+- **Writes**: `.claude/rules/{name}.md` or `~/.claude/rules/{name}.md`
+- **Related skills**: `/cbp-build-cc-claude-file` (project facts), `/cbp-build-cc-skill` (workflows), `/cbp-build-cc-memory` (auto-learnings)
+
+## Key Rules
+
+- Every rule needs an intent — if removing it wouldn't change Claude's behaviour, delete it
+- Prefer path-scoped over unconditional — context is a finite budget
+- Missing `scope:` fails validation (validate-structure-scope.sh warns; validate-agent.sh / validate-skill.sh block); missing `paths:` loads the rule on every file read
+- Rules are stored in the CBP database; the authoritative copy is in the DB — commit changes you want to keep
+- Conflicting rules load in both — Claude picks arbitrarily. Remove or merge duplicates
+- Rules that restate the Claude Code spec add no value — point to the official spec instead

package/templates/skills/cbp-build-cc-rule/examples/global-rule.md

@@ -0,0 +1,19 @@
+---
+scope: org-shared
+---
+
+# Git Commit Attribution
+
+## Rule
+
+- Commit author is `<configured user>` — never add co-authors
+- Commit body must not mention "Claude", "AI", or any assistant by name
+- Trailers like `Co-Authored-By: Claude ...` are forbidden
+
+## Why
+
+Attribution policy set by the project owner. Applies to every commit regardless of file.
+
+## Notes
+
+This rule has no `paths:` and therefore loads at session start. Use unconditional rules sparingly — they consume context for every conversation.

package/templates/skills/cbp-build-cc-rule/examples/scoped-rule.md

@@ -0,0 +1,41 @@
+---
+scope: org-shared
+paths:
+  - "src/api/**/*.ts"
+  - "apps/*/src/app/api/**/*.ts"
+---
+
+# API Development Rules
+
+## Rule
+
+- All endpoints validate input with Zod before accessing the DB
+- Return the standard error envelope: `{ error: { code, message, details? } }`
+- Every handler has a matching `*.test.ts` with at least one failure case
+- Never catch-and-ignore — log with structured fields and re-throw or map to a typed error
+
+## Correct
+
+```ts
+import { z } from "zod";
+
+const Body = z.object({ email: z.string().email() });
+
+export async function POST(req: Request) {
+  const body = Body.parse(await req.json());
+  // ...
+}
+```
+
+## Wrong
+
+```ts
+export async function POST(req: Request) {
+  const body = await req.json();        // no validation
+  try { /* ... */ } catch (e) { /* swallow */ }  // silent failure
+}
+```
+
+## Why
+
+Unvalidated handlers caused the 2026-Q1 data-shape incident. Standard error envelope lets the client handle failures uniformly.

package/templates/skills/cbp-build-cc-rule/reference/paths-patterns.md

@@ -0,0 +1,48 @@
+# Path Glob Patterns Reference
+
+Source: official Claude Code memory spec (section *Path-specific rules*).
+
+## Syntax
+
+`paths:` accepts a YAML list of globs or a comma-separated string. Patterns match against file paths that Claude reads during the session. When any open file matches, the rule loads.
+
+## Common patterns
+
+Prefer narrow patterns. Anything matching `**/*.<ext>` alone is almost always too broad — it loads the rule on every edit to that language across dependencies, build output, and unrelated packages.
+
+| Pattern | Matches | Verdict |
+|---------|---------|---------|
+| `apps/*/src/app/api/**/*.ts` | Next.js API routes | good — narrow |
+| `apps/*/src/components/**/*.tsx` | Component source | good — narrow |
+| `supabase/migrations/**/*.sql` | DB migrations | good — narrow |
+| `packages/auth/src/**/*.ts` | One package | good — narrow |
+| `tests/e2e/**/*.test.ts` | E2E tests only | good — narrow |
+| `.git/**/*` | Git internals | good — unique location |
+| `**/*.ts` | All TS anywhere | bad — too broad |
+| `src/**/*` | Everything under src | bad — any file type |
+| `**/*.{ts,tsx}` | Language-wide | bad — too broad |
+
+## Multiple patterns
+
+```yaml
+paths:
+  - "src/**/*.{ts,tsx}"
+  - "lib/**/*.ts"
+  - "tests/**/*.test.ts"
+```
+
+A rule triggers if *any* pattern matches.
+
+## When rules trigger
+
+- Rule loads when Claude reads a file matching the pattern
+- Rule does NOT re-evaluate on every tool use — it's a file-open trigger
+- Once loaded in a session, the rule stays until session end
+
+## Unscoped rules
+
+A rule with no `paths:` loads at session start, unconditionally. Uses context for every conversation. Reserve for project-wide behavioural constraints.
+
+## Performance note
+
+Narrow patterns first. Prefer `apps/*/src/api/**/*.ts` over `**/*.ts` — the latter triggers on any TypeScript file in the repo including dependencies, build output, and unrelated packages.

package/templates/skills/cbp-build-cc-rule/templates/rule.md

@@ -0,0 +1,32 @@
+---
+scope: org-shared  # CBP sync: org-shared | project-shared | repo-only:<repo-name>
+paths:
+  # Narrow to the smallest directory that covers the rule's intent.
+  # Avoid "**/*.ts" — loads on every TS edit across the repo.
+  - "apps/*/src/app/api/**/*.ts"
+---
+
+# Rule title
+
+One-line statement of what this rule enforces.
+
+## Rule
+
+- [First constraint — specific and verifiable]
+- [Second constraint]
+
+## Correct
+
+```ts
+// Example showing what follows the rule
+```
+
+## Wrong
+
+```ts
+// Example violating the rule
+```
+
+## Why
+
+[Reason — often: past incident, design decision, external constraint]

package/templates/skills/cbp-build-cc-settings/SKILL.md

@@ -0,0 +1,220 @@
+---
+scope: org-shared
+name: cbp-build-cc-settings
+description: Create or update Claude Code settings.json / settings.local.json / managed-settings.json following the official settings spec — scopes, permissions, hooks, sandbox, attribution, plugins, env vars, JSON schema validation.
+argument-hint: "[action] [--scope=user|project|local|managed]"
+allowed-tools: Read, Write, Edit, Glob, Grep, Bash(jq *)
+effort: xhigh
+---
+
+# Build Claude Code Settings File
+
+Create or update a Claude Code settings file per the official Claude Code settings spec. Covers every scope and every documented key.
+
+**CBP conventions** (two-file synced/local model, what goes where, policy defaults, sync behaviour): read [reference/cbp-conventions.md](reference/cbp-conventions.md) before writing.
+
+## Arguments
+
+`$ARGUMENTS` — action: `create`, `add-permission`, `add-hook`, `add-env`, `audit`. Flag: `--scope=user|project|local|managed` (default `project`).
+
+## When to Use
+
+- Pre-approve common read-only Bash commands → add to `permissions.allow`
+- Block sensitive files → add to `permissions.deny`
+- Wire hook scripts (PreToolUse, PostToolUse, InstructionsLoaded, etc.) → add to `hooks`
+- Customize commit attribution → `attribution`
+- Enable sandbox → `sandbox.enabled`
+- Pin an auto-update channel → `autoUpdatesChannel`
+- Configure MCP servers
+
+## Instructions
+
+### Step 1 — Pick the scope
+
+Scopes stack in this precedence order (highest wins):
+
+| #   | Scope     | Path                                                     | Who it affects                                |
+| --- | --------- | -------------------------------------------------------- | --------------------------------------------- |
+| 1   | Managed   | `managed-settings.json` (OS-specific dir) / MDM / server | Everyone on the machine, cannot be overridden |
+| 2   | CLI flags | —                                                        | This session                                  |
+| 3   | Local     | `.claude/settings.local.json`                            | You, this project (gitignored)                |
+| 4   | Project   | `.claude/settings.json`                                  | Team, this project (committed)                |
+| 5   | User      | `~/.claude/settings.json`                                | You, all projects                             |
+
+Default scope: **project** (shared with team). Use **local** for personal prefs in a project. Use **user** for machine-wide personal prefs. Managed is IT-only.
+
+### Step 2 — Always include the `$schema` line
+
+```json
+{
+  "$schema": "https://json.schemastore.org/claude-code-settings.json",
+  ...
+}
+```
+
+Enables autocomplete and validation in VS Code, Cursor, etc. The published schema lags the CLI so a warning on a new field is not always invalid.
+
+### Step 3 — Pick the category
+
+Major categories (full reference: [reference/settings-fields.md](reference/settings-fields.md)):
+
+| Category    | Keys                                                                            | Use for                        |
+| ----------- | ------------------------------------------------------------------------------- | ------------------------------ |
+| Permissions | `permissions.allow\|ask\|deny`, `defaultMode`, `additionalDirectories`          | Tool gating                    |
+| Hooks       | `hooks`, `allowedHttpHookUrls`, `httpHookAllowedEnvVars`, `disableAllHooks`     | Lifecycle scripts              |
+| Sandbox     | `sandbox.*` (mac/linux/WSL2)                                                    | Filesystem + network isolation |
+| Env         | `env`                                                                           | Per-session env vars           |
+| Attribution | `attribution.commit`, `attribution.pr`                                          | Git commit/PR trailers         |
+| Plugins     | `enabledPlugins`, `extraKnownMarketplaces`                                      | Plugin control                 |
+| MCP         | `enableAllProjectMcpServers`, `enabledMcpjsonServers`, `disabledMcpjsonServers` | MCP gating                     |
+| Memory      | `autoMemoryEnabled`, `autoMemoryDirectory`, `claudeMdExcludes`                  | Memory control                 |
+| Look + feel | `statusLine`, `tui`, `spinnerVerbs`, `language`, `prefersReducedMotion`         | UX                             |
+
+### Step 4 — Write permissions with correct syntax
+
+Rules follow `Tool` or `Tool(specifier)`. Evaluated in order: **deny → ask → allow**. First matching rule wins.
+
+Full patterns: [reference/permission-rules.md](reference/permission-rules.md).
+
+Common examples:
+
+```json
+{
+  "permissions": {
+    "allow": [
+      "Bash(git diff *)",
+      "Bash(git status *)",
+      "Bash(npm run lint)",
+      "Bash(npm test *)"
+    ],
+    "ask": ["Bash(git push *)"],
+    "deny": [
+      "WebFetch",
+      "Bash(curl *)",
+      "Read(./.env)",
+      "Read(./.env.*)",
+      "Read(./secrets/**)"
+    ]
+  }
+}
+```
+
+See [examples/permissions-config.json](examples/permissions-config.json).
+
+### Step 5 — Write hooks with the right event
+
+Full hook events and schema: see the official Claude Code hooks spec. Common entries:
+
+```json
+{
+  "hooks": {
+    "PostToolUse": [
+      {
+        "matcher": "Edit|Write",
+        "hooks": [{ "type": "command", "command": "./.claude/hooks/format.sh" }]
+      }
+    ],
+    "SubagentStart": [
+      {
+        "matcher": "db-agent",
+        "hooks": [
+          { "type": "command", "command": "./.claude/hooks/setup-db.sh" }
+        ]
+      }
+    ]
+  }
+}
+```
+
+Matchers are regex on the tool name (or subagent name for subagent events). Full example: [examples/hooks-config.json](examples/hooks-config.json).
+
+### Step 6 — Sandbox (optional, advanced)
+
+Isolates Bash commands from filesystem and network. Mac/Linux/WSL2 only. Not on by default.
+
+```json
+{
+  "sandbox": {
+    "enabled": true,
+    "autoAllowBashIfSandboxed": true,
+    "excludedCommands": ["docker *"],
+    "filesystem": {
+      "allowWrite": ["/tmp/build", "~/.kube"],
+      "denyRead": ["~/.aws/credentials"]
+    },
+    "network": {
+      "allowedDomains": ["github.com", "*.npmjs.org"],
+      "allowLocalBinding": true
+    }
+  }
+}
+```
+
+Path prefix rules: `/path` = absolute, `~/path` = home, `./path` or no prefix = project root (for project settings) or `~/.claude` (for user settings). See [examples/sandbox-config.json](examples/sandbox-config.json).
+
+### Step 7 — Attribution (git commit/PR trailers)
+
+```json
+{
+  "attribution": {
+    "commit": "",
+    "pr": ""
+  }
+}
+```
+
+Empty string hides the trailer. Takes precedence over the deprecated `includeCoAuthoredBy`.
+
+### Step 8 — Env vars
+
+```json
+{
+  "env": {
+    "CLAUDE_CODE_ENABLE_TELEMETRY": "1",
+    "OTEL_METRICS_EXPORTER": "otlp"
+  }
+}
+```
+
+Applied to every session. Full env-var catalogue: the official Claude Code env-vars reference.
+
+### Step 9 — Validate and verify
+
+```bash
+# Pretty-print and validate JSON
+jq . .claude/settings.json
+
+# Ask Claude Code itself
+# (inside a session)
+/status   # shows which layers are active and their origin
+/doctor   # deeper diagnostics
+```
+
+The `$schema` line enables editor-level validation. For settings that arrays-merge across scopes (permissions, `allowWrite`, etc.), `/status` shows the merged result.
+
+### Step 10 — Precedence pitfalls
+
+| Array setting                                              | Merges across scopes?      |
+| ---------------------------------------------------------- | -------------------------- |
+| `permissions.allow` / `ask` / `deny`                       | Yes (concatenate + dedupe) |
+| `sandbox.filesystem.allowWrite` / `denyWrite` / `denyRead` | Yes                        |
+| `allowedHttpHookUrls`                                      | Yes                        |
+| `httpHookAllowedEnvVars`                                   | Yes                        |
+
+Scalar settings (e.g. `model`, `defaultMode`) follow precedence, not merge. Higher-priority scope wins outright.
+
+## Integration
+
+- **Triggered by**: user invocation, `update-config` bundled skill
+- **Reads**: `${CLAUDE_SKILL_DIR}/templates/*.json`, `${CLAUDE_SKILL_DIR}/examples/*.json`, `${CLAUDE_SKILL_DIR}/reference/*.md` (including `cbp-conventions.md`)
+- **Writes**: `.claude/settings.json`, `.claude/settings.local.json`, `~/.claude/settings.json`, or `managed-settings.json`
+- **Related skills**: `/cbp-build-cc-rule` / `/cbp-build-cc-claude-file` (non-JSON configuration)
+
+## Key Rules
+
+- `settings.local.json` is gitignored automatically when Claude Code creates it — never commit secrets here anyway
+- Arrays merge across scopes; scalars don't. Check [reference/scope-precedence.md](reference/scope-precedence.md) before assuming
+- Managed settings cannot be overridden. Don't put them in any other scope
+- `permissions.deny` takes precedence over `allow` and `ask` — use it for secrets
+- For path-style permission rules in `Read(...)` and `Edit(...)`: `//path` = absolute, `/path` = project-relative. Sandbox filesystem uses standard conventions (`/path` = absolute)
+- The deprecated `includeCoAuthoredBy` is superseded by `attribution` — migrate rather than both

package/templates/skills/cbp-build-cc-settings/examples/hooks-config.json

@@ -0,0 +1,64 @@
+{
+  "$schema": "https://json.schemastore.org/claude-code-settings.json",
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          { "type": "command", "command": "./.claude/hooks/validate-bash.sh" }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Edit|Write",
+        "hooks": [
+          { "type": "command", "command": "./.claude/hooks/lint-format-on-edit.sh" }
+        ]
+      }
+    ],
+    "UserPromptSubmit": [
+      {
+        "hooks": [
+          { "type": "command", "command": "./.claude/hooks/record-prompt.sh" }
+        ]
+      }
+    ],
+    "SubagentStart": [
+      {
+        "matcher": "db-agent",
+        "hooks": [
+          { "type": "command", "command": "./.claude/hooks/setup-db-connection.sh" }
+        ]
+      }
+    ],
+    "SubagentStop": [
+      {
+        "hooks": [
+          { "type": "command", "command": "./.claude/hooks/cleanup-agent.sh" }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "hooks": [
+          { "type": "command", "command": "./.claude/hooks/notify-on-stop.sh" }
+        ]
+      }
+    ],
+    "Notification": [
+      {
+        "hooks": [
+          { "type": "command", "command": "./.claude/hooks/terminal-bell.sh" }
+        ]
+      }
+    ]
+  },
+  "allowedHttpHookUrls": [
+    "https://hooks.example.com/*",
+    "http://localhost:*"
+  ],
+  "httpHookAllowedEnvVars": [
+    "HOOK_SECRET"
+  ]
+}

package/templates/skills/cbp-build-cc-settings/examples/permissions-config.json

@@ -0,0 +1,34 @@
+{
+  "$schema": "https://json.schemastore.org/claude-code-settings.json",
+  "permissions": {
+    "allow": [
+      "Bash(git status *)",
+      "Bash(git diff *)",
+      "Bash(git log *)",
+      "Bash(git show *)",
+      "Bash(git branch *)",
+      "Bash(pnpm run lint)",
+      "Bash(pnpm run test *)",
+      "Bash(pnpm -r build)",
+      "Read(~/.zshrc)",
+      "WebFetch(domain:docs.anthropic.com)",
+      "WebFetch(domain:code.claude.com)"
+    ],
+    "ask": [
+      "Bash(git push *)",
+      "Bash(git commit *)"
+    ],
+    "deny": [
+      "WebFetch",
+      "Bash(curl *)",
+      "Bash(wget *)",
+      "Read(./.env)",
+      "Read(./.env.*)",
+      "Read(./secrets/**)",
+      "Read(./**/*.pem)",
+      "Read(./**/credentials.json)"
+    ],
+    "additionalDirectories": [],
+    "defaultMode": "acceptEdits"
+  }
+}

package/templates/skills/cbp-build-cc-settings/examples/sandbox-config.json

@@ -0,0 +1,42 @@
+{
+  "$schema": "https://json.schemastore.org/claude-code-settings.json",
+  "sandbox": {
+    "enabled": true,
+    "autoAllowBashIfSandboxed": true,
+    "failIfUnavailable": false,
+    "excludedCommands": ["docker *", "kubectl *"],
+    "filesystem": {
+      "allowWrite": [
+        "/tmp/build",
+        "~/.kube",
+        "./dist",
+        "./coverage"
+      ],
+      "denyWrite": [
+        "/etc",
+        "/usr/local/bin"
+      ],
+      "denyRead": [
+        "~/.aws/credentials",
+        "~/.ssh/id_*"
+      ],
+      "allowRead": ["."]
+    },
+    "network": {
+      "allowedDomains": [
+        "github.com",
+        "*.npmjs.org",
+        "registry.yarnpkg.com",
+        "docs.anthropic.com",
+        "code.claude.com"
+      ],
+      "deniedDomains": [
+        "uploads.github.com"
+      ],
+      "allowUnixSockets": [
+        "/var/run/docker.sock"
+      ],
+      "allowLocalBinding": true
+    }
+  }
+}