From f7c3c32aa2a60a18f16990f27d31bd57ce9ca61c Mon Sep 17 00:00:00 2001
From: Markus Fritsche <mfritsche@reauktion.de>
Date: Tue, 12 May 2026 08:08:26 +0000
Subject: [PATCH] .claude: project-shared permission allowlist for read-only
 MCP/Bash
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds .claude/settings.json — 10 read-only entries (mcp__*__read_file,
mcp__hub-tools__remote_list_hosts, Bash(ping *), Bash(dig *)) auto-allowed
in any aish session, reducing per-call permission prompts during routine
file-reading and host probing. Generated via /fewer-permission-prompts.

settings.local.json stays user-private (per-user ad-hoc grants); .gitignore
now covers it so it doesn't accidentally land in commits.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .claude/settings.json | 16 ++++++++++++++++
 .gitignore            |  3 +++
 2 files changed, 19 insertions(+)
 create mode 100644 .claude/settings.json

diff --git a/.claude/settings.json b/.claude/settings.json
new file mode 100644
index 0000000..d3b3f74
--- /dev/null
+++ b/.claude/settings.json
@@ -0,0 +1,16 @@
+{
+  "permissions": {
+    "allow": [
+      "mcp__boltzmann-tools__read_file",
+      "Bash(ping *)",
+      "mcp__hub-tools__remote_list_hosts",
+      "mcp__hub-tools__remote_read_file",
+      "Bash(dig *)",
+      "mcp__ohm-tools__read_file",
+      "mcp__nc-tools__read_file",
+      "mcp__boltzmann-tools__list_dir",
+      "mcp__riemann-tools__search_files",
+      "mcp__ampere-tools__read_file"
+    ]
+  }
+}
diff --git a/.gitignore b/.gitignore
index da023c4..eb28800 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,6 +14,9 @@ memory.jsonl
 # Local config overrides (committed config.lua is the example/default)
 config.local.lua
 
+# Per-user Claude Code permission grants — settings.json is shared, .local is private
+.claude/settings.local.json
+
 # OS noise
 .DS_Store
 Thumbs.db