TradingAgents/.claude/templates/settings.default.json

{
  "permissions": {
    "allow": [
      "Read(**)",
      "Write(**)",
      "Edit(**)",
      "Glob(**)",
      "Grep(**)",
      "Bash(git:*)",
      "Bash(python:*)",
      "Bash(python3:*)",
      "Bash(pytest:*)",
      "Bash(pip:*)",
      "Bash(pip3:*)",
      "Bash(gh:*)",
      "Bash(npm:*)",
      "Bash(ls:*)",
      "Bash(cat:*)",
      "Bash(head:*)",
      "Bash(tail:*)",
      "Bash(grep:*)",
      "Bash(find:*)",
      "Bash(which:*)",
      "Bash(pwd:*)",
      "Bash(echo:*)",
      "Bash(cd:*)",
      "Bash(mkdir:*)",
      "Bash(touch:*)",
      "Bash(cp:*)",
      "Bash(mv:*)",
      "Bash(black:*)",
      "Bash(mypy:*)",
      "Bash(ruff:*)",
      "Bash(isort:*)",
      "Task",
      "WebFetch",
      "WebSearch",
      "TodoWrite",
      "NotebookEdit"
    ],
    "deny": [
      "Bash(rm:-rf*)",
      "Bash(rm:-f*)",
      "Bash(shred:*)",
      "Bash(dd:*)",
      "Bash(mkfs:*)",
      "Bash(fdisk:*)",
      "Bash(parted:*)",
      "Bash(sudo:*)",
      "Bash(su:*)",
      "Bash(doas:*)",
      "Bash(eval:*)",
      "Bash(exec:*)",
      "Bash(source:*)",
      "Bash(.:*)",
      "Bash(chmod:*)",
      "Bash(chown:*)",
      "Bash(chgrp:*)",
      "Bash(nc:*)",
      "Bash(netcat:*)",
      "Bash(ncat:*)",
      "Bash(telnet:*)",
      "Bash(curl:*|*sh*)",
      "Bash(curl:*|*bash*)",
      "Bash(wget:*|*sh*)",
      "Bash(wget:*|*bash*)",
      "Bash(git:*--force*)",
      "Bash(git:*push*-f*)",
      "Bash(git:*reset*--hard*)",
      "Bash(git:*clean*-fd*)",
      "Bash(apt:*install*)",
      "Bash(apt:*remove*)",
      "Bash(yum:*install*)",
      "Bash(brew:*install*)",
      "Bash(npm:*install*-g*)",
      "Bash(npm:publish*)",
      "Bash(pip:upload*)",
      "Bash(twine:upload*)",
      "Bash(shutdown:*)",
      "Bash(reboot:*)",
      "Bash(halt:*)",
      "Bash(poweroff:*)",
      "Bash(kill:-9*-1*)",
      "Bash(killall:-9*)",
      "Bash(*|*sh*)",
      "Bash(*|*bash*)",
      "Bash(*$(rm*)",
      "Bash(*`rm*)",
      "Read(./.env)",
      "Read(./.env.*)",
      "Read(~/.ssh/**)",
      "Read(~/.aws/**)",
      "Read(~/.config/gh/**)",
      "Write(/etc/**)",
      "Write(/System/**)",
      "Write(/usr/**)",
      "Write(~/.ssh/**)"
    ]
  },
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "*",
        "hooks": [
          {
            "type": "command",
            "command": "MCP_AUTO_APPROVE=true python3 ~/.claude/hooks/unified_pre_tool.py",
            "timeout": 5
          }
        ]
      }
    ]
  },
  "generated_by": "autonomous-dev",
  "version": "1.0.0",
  "description": "Default settings template with portable hook paths (Issue #113) and comprehensive deny list"
}