From 082b60608f2e8014f6aac007ba4c15796c94887d Mon Sep 17 00:00:00 2001 From: himkt Date: Sun, 15 Mar 2026 17:02:08 +0900 Subject: [PATCH 1/4] feat: consolidate bash command substitution rules into single file --- .../claude-code/files/rules/bash-command.md | 18 ++++++++++++++++++ home/modules/claude-code/files/settings.json | 1 + 2 files changed, 19 insertions(+) diff --git a/home/modules/claude-code/files/rules/bash-command.md b/home/modules/claude-code/files/rules/bash-command.md index b857c5b9..e4b85555 100644 --- a/home/modules/claude-code/files/rules/bash-command.md +++ b/home/modules/claude-code/files/rules/bash-command.md @@ -7,3 +7,21 @@ Using shell operators breaks pattern matching and triggers user approval prompts - NEVER use redirects (`>`, `>>`, `<`). Use the Write tool for file output - NEVER use command substitution (`$()` or backticks) unless absolutely unavoidable - When you need to work in a specific directory, run `cd /path/to/dir` as a separate Bash call FIRST, then run subsequent commands in separate Bash calls (the working directory persists between Bash calls) + +## Tool Substitution + +Use dedicated tools instead of the following Bash commands. These are denied in settings.json. + +| Prohibited Command | Use Instead | Notes | +|-------------------|-------------|-------| +| `find` | Glob | Pattern-based file search | +| `ls`, `tree` | Glob | For directory listing. Use Read to inspect a single directory when needed | +| `grep`, `rg` | Grep | Content search across files | +| `cat`, `head`, `tail` | Read | Read supports line offset and limit for partial reads | +| `sed`, `awk` | Edit | Exact string replacement in files | +| `mkdir`, `touch` | Write | Write auto-creates parent directories and can create empty files | +| `echo`, `printf` | Write (files) or direct text output (communication) | Never use shell output redirection | + +Additional guidance: +- Use Explore agent (Agent tool with subagent_type=Explore) for broader codebase navigation when simple Glob/Grep is insufficient +- Exception for `mkdir`/`touch`: `.keep` files for directories needed before a non-Write tool writes to them diff --git a/home/modules/claude-code/files/settings.json b/home/modules/claude-code/files/settings.json index e6deb901..61b915da 100644 --- a/home/modules/claude-code/files/settings.json +++ b/home/modules/claude-code/files/settings.json @@ -57,6 +57,7 @@ "mcp__pathfinder-python__definition" ], "deny": [ + "Bash(find *)", "Bash(ls *)", "Bash(mkdir *)", "Bash(touch *)", From 914663cb661236f34142f788ed21386e1174a9bc Mon Sep 17 00:00:00 2001 From: himkt Date: Sun, 15 Mar 2026 17:03:00 +0900 Subject: [PATCH 2/4] feat: add tool substitution commands to permissions.deny --- home/modules/claude-code/files/settings.json | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/home/modules/claude-code/files/settings.json b/home/modules/claude-code/files/settings.json index 61b915da..4e67be4b 100644 --- a/home/modules/claude-code/files/settings.json +++ b/home/modules/claude-code/files/settings.json @@ -57,9 +57,18 @@ "mcp__pathfinder-python__definition" ], "deny": [ + "Bash(awk *)", + "Bash(cat *)", + "Bash(echo *)", "Bash(find *)", + "Bash(grep *)", + "Bash(head *)", "Bash(ls *)", "Bash(mkdir *)", + "Bash(printf *)", + "Bash(rg *)", + "Bash(sed *)", + "Bash(tail *)", "Bash(touch *)", "Bash(tree *)" ] From 44dfbf9d9fa4afdd6a1b679f91ba4457c05336cd Mon Sep 17 00:00:00 2001 From: himkt Date: Sun, 15 Mar 2026 17:04:35 +0900 Subject: [PATCH 3/4] chore: delete obsolete source-navigation.md and directory-creation.md rule files --- home/modules/claude-code/files/rules/directory-creation.md | 5 ----- home/modules/claude-code/files/rules/source-navigation.md | 6 ------ 2 files changed, 11 deletions(-) delete mode 100644 home/modules/claude-code/files/rules/directory-creation.md delete mode 100644 home/modules/claude-code/files/rules/source-navigation.md diff --git a/home/modules/claude-code/files/rules/directory-creation.md b/home/modules/claude-code/files/rules/directory-creation.md deleted file mode 100644 index 27ae2ce8..00000000 --- a/home/modules/claude-code/files/rules/directory-creation.md +++ /dev/null @@ -1,5 +0,0 @@ -# Directory & File Creation - -- NEVER use `mkdir` or `touch` via Bash. Always use the Write tool instead -- Write auto-creates parent directories and can create empty files -- Only exception: `.keep` files for directories needed before a non-Write tool writes to them diff --git a/home/modules/claude-code/files/rules/source-navigation.md b/home/modules/claude-code/files/rules/source-navigation.md deleted file mode 100644 index cee771c5..00000000 --- a/home/modules/claude-code/files/rules/source-navigation.md +++ /dev/null @@ -1,6 +0,0 @@ -# Source Navigation - -- NEVER use `ls` or `tree` via Bash. These are denied in settings.json -- Use Glob tool for file/directory listing and pattern-based search -- Use Explore agent (Agent tool with subagent_type=Explore) for broader codebase navigation -- Use Read tool to inspect directory contents when needed From 2ac7988a3aa6c68b16c7ab4b17434f96066d18e7 Mon Sep 17 00:00:00 2001 From: himkt Date: Sun, 15 Mar 2026 17:48:53 +0900 Subject: [PATCH 4/4] chore: deny ls and tree (without options) --- home/modules/claude-code/files/settings.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/modules/claude-code/files/settings.json b/home/modules/claude-code/files/settings.json index 4e67be4b..9cc0d3e2 100644 --- a/home/modules/claude-code/files/settings.json +++ b/home/modules/claude-code/files/settings.json @@ -63,6 +63,7 @@ "Bash(find *)", "Bash(grep *)", "Bash(head *)", + "Bash(ls)", "Bash(ls *)", "Bash(mkdir *)", "Bash(printf *)", @@ -70,6 +71,7 @@ "Bash(sed *)", "Bash(tail *)", "Bash(touch *)", + "Bash(tree)", "Bash(tree *)" ] },