[AUTOMATION] fix(clawpatch): keep Claude settings artifacts private#249
Open
michiosw wants to merge 1 commit into
Open
[AUTOMATION] fix(clawpatch): keep Claude settings artifacts private#249michiosw wants to merge 1 commit into
michiosw wants to merge 1 commit into
Conversation
Greptile SummaryThis PR makes Claude settings artifacts private when Guard hooks are installed or removed. The main changes are:
Confidence Score: 5/5This looks safe to merge.
Important Files Changed
Reviews (1): Last reviewed commit: "fix(clawpatch): keep Claude settings art..." | Re-trigger Greptile |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Where We Are
Claude hook install and uninstall were writing backup and rewritten settings files with broader permissions than the original settings file. A user can start with
~/.claude/settings.jsonat0600and end up with backup artifacts readable by other local users.Where We Want To Go
Keep every Claude settings artifact private. Existing settings, rewritten settings, and generated backups should all stay at private file modes.
How do we get there
Preserve private permissions when backing up and rewriting Claude settings files, and default new settings files to
0600. Add focused CLI tests that assert the rewritten settings file and backup file are not group or world readable.Validation:
go test ./...go vet ./...npm exec --yes --package pnpm@10.0.0 -- pnpm install --frozen-lockfilenpm exec --yes --package pnpm@10.0.0 -- pnpm --dir web/guard-dashboard typecheckgit diff --check