feat: add defensive settings.json with allow/deny permission lists

[jrenaldi79]

Scaffolds .claude/settings.json during setup with pre-approved commands
(test, lint, build, git) and a deny list blocking destructive operations
(rm -rf /, git push --force, pipe-to-shell, etc.). Normal file removal
still prompts for approval so users stay in control.

https://claude.ai/code/session_012hMekSRkdWfhdBKvpQYv7Z

Summary by CodeRabbit

• New Features

  • A permissions configuration is now automatically created during setup with pre-approved commands for common development tasks and a deny list protecting against destructive operations.

• Documentation

  • Setup documentation updated to describe the new permissions configuration and how it establishes safer defaults for command execution.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f4525036-32a6-472c-bfc9-7d8b5a741a1a

📥 Commits

Reviewing files that changed from the base of the PR and between 486296d and 8a5e20f.

📒 Files selected for processing (5)

• README.md
• skills/setup/SKILL.md
• skills/setup/scripts/install-enforcement.js
• skills/setup/templates/project-claude.md
• skills/setup/templates/settings.json

---

📝 Walkthrough

Walkthrough

These changes introduce a Claude permissions system by adding a new .claude/settings.json template that defines command allowlists and denylists for safer agent operation, alongside updates to documentation and installation scripts to integrate permissions setup during project initialization.

Changes

Cohort / File(s)	Summary
Documentation & Setup Instructions README.md, skills/setup/SKILL.md, skills/setup/templates/project-claude.md	Added documentation for the new Permissions step and .claude/settings.json configuration, including descriptions of allow/deny command lists and approval defaults.
Installation Script skills/setup/scripts/install-enforcement.js	Added SETTINGS_TEMPLATE constant and copySettings(targetDir) function to copy the settings template into the target project's .claude/settings.json during installation.
Settings Configuration Template skills/setup/templates/settings.json	New JSON template file defining command permissions with whitelisted patterns (test, lint, build, git operations, read-only utilities) and blacklisted destructive patterns (rm -rf variants, forced git operations, publish commands, shell piping to install).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

A settings file hops into place,
With permissions to keep the code safe,
Allow lists guard, denylists prevent,
Claude now knows where caution is lent! 🐰✨

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/evaluate-harness-system-Y3taF

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can disable poems in the walkthrough.

Disable the reviews.poem setting to disable the poems in the walkthrough.