diff --git a/home/modules/claude-code/files/rules/bash-command.md b/home/modules/claude-code/files/rules/bash-command.md
index b857c5b9..e4b85555 100644
--- a/home/modules/claude-code/files/rules/bash-command.md
+++ b/home/modules/claude-code/files/rules/bash-command.md
@@ -7,3 +7,21 @@ Using shell operators breaks pattern matching and triggers user approval prompts
 - NEVER use redirects (`>`, `>>`, `<`). Use the Write tool for file output
 - NEVER use command substitution (`$()` or backticks) unless absolutely unavoidable
 - When you need to work in a specific directory, run `cd /path/to/dir` as a separate Bash call FIRST, then run subsequent commands in separate Bash calls (the working directory persists between Bash calls)
+
+## Tool Substitution
+
+Use dedicated tools instead of the following Bash commands. These are denied in settings.json.
+
+| Prohibited Command | Use Instead | Notes |
+|-------------------|-------------|-------|
+| `find` | Glob | Pattern-based file search |
+| `ls`, `tree` | Glob | For directory listing. Use Read to inspect a single directory when needed |
+| `grep`, `rg` | Grep | Content search across files |
+| `cat`, `head`, `tail` | Read | Read supports line offset and limit for partial reads |
+| `sed`, `awk` | Edit | Exact string replacement in files |
+| `mkdir`, `touch` | Write | Write auto-creates parent directories and can create empty files |
+| `echo`, `printf` | Write (files) or direct text output (communication) | Never use shell output redirection |
+
+Additional guidance:
+- Use Explore agent (Agent tool with subagent_type=Explore) for broader codebase navigation when simple Glob/Grep is insufficient
+- Exception for `mkdir`/`touch`: `.keep` files for directories needed before a non-Write tool writes to them
diff --git a/home/modules/claude-code/files/rules/directory-creation.md b/home/modules/claude-code/files/rules/directory-creation.md
deleted file mode 100644
index 27ae2ce8..00000000
--- a/home/modules/claude-code/files/rules/directory-creation.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# Directory & File Creation
-
-- NEVER use `mkdir` or `touch` via Bash. Always use the Write tool instead
-- Write auto-creates parent directories and can create empty files
-- Only exception: `.keep` files for directories needed before a non-Write tool writes to them
diff --git a/home/modules/claude-code/files/rules/source-navigation.md b/home/modules/claude-code/files/rules/source-navigation.md
deleted file mode 100644
index cee771c5..00000000
--- a/home/modules/claude-code/files/rules/source-navigation.md
+++ /dev/null
@@ -1,6 +0,0 @@
-# Source Navigation
-
-- NEVER use `ls` or `tree` via Bash. These are denied in settings.json
-- Use Glob tool for file/directory listing and pattern-based search
-- Use Explore agent (Agent tool with subagent_type=Explore) for broader codebase navigation
-- Use Read tool to inspect directory contents when needed
diff --git a/home/modules/claude-code/files/settings.json b/home/modules/claude-code/files/settings.json
index e6deb901..9cc0d3e2 100644
--- a/home/modules/claude-code/files/settings.json
+++ b/home/modules/claude-code/files/settings.json
@@ -57,9 +57,21 @@
       "mcp__pathfinder-python__definition"
     ],
     "deny": [
+      "Bash(awk *)",
+      "Bash(cat *)",
+      "Bash(echo *)",
+      "Bash(find *)",
+      "Bash(grep *)",
+      "Bash(head *)",
+      "Bash(ls)",
       "Bash(ls *)",
       "Bash(mkdir *)",
+      "Bash(printf *)",
+      "Bash(rg *)",
+      "Bash(sed *)",
+      "Bash(tail *)",
       "Bash(touch *)",
+      "Bash(tree)",
       "Bash(tree *)"
     ]
   },