diff --git a/.claude/settings.json b/.claude/settings.json index f3e82c03..4107b35e 100644 --- a/.claude/settings.json +++ b/.claude/settings.json @@ -1,7 +1,7 @@ { "permissions": { "allow": [ - "Bash(:*)", + "Bash", "Read", "Edit", "Write", diff --git a/server/src/io/fs/scaffold/templates.rs b/server/src/io/fs/scaffold/templates.rs index bd0ba577..0dfe204b 100644 --- a/server/src/io/fs/scaffold/templates.rs +++ b/server/src/io/fs/scaffold/templates.rs @@ -70,7 +70,7 @@ setup wizard instructions and guide the user through it conversationally.\n"; pub(super) const STORY_KIT_CLAUDE_SETTINGS: &str = r#"{ "permissions": { "allow": [ - "Bash(:*)", + "Bash", "Read", "Edit", "Write", diff --git a/server/src/io/fs/scaffold/tests.rs b/server/src/io/fs/scaffold/tests.rs index 855a6378..42e7b76b 100644 --- a/server/src/io/fs/scaffold/tests.rs +++ b/server/src/io/fs/scaffold/tests.rs @@ -614,13 +614,15 @@ fn scaffold_story_kit_claude_settings_uses_canonical_bash_syntax() { ); } - // The wildcard `Bash(:*)` must be present — covers all bash commands. - // (Previously this asserted a curated per-command list; replaced with a - // single wildcard since coders kept hitting auto-deny on patterns the - // list missed, and the per-command gate offers no real safety in this - // trusted single-user deployment.) + // The unconstrained `Bash` rule must be present — covers all bash commands. + // (Previously this asserted a curated per-command list; replaced with the + // tool-only form since coders kept hitting auto-deny on patterns the list + // missed, and the per-command gate offers no real safety in this trusted + // single-user deployment. The earlier `Bash(:*)` form was tried and + // rejected by Claude Code — empty prefix before `:*` is invalid and + // silently skipped.) assert!( - settings.contains(r#""Bash(:*)""#), - "settings.json missing wildcard Bash allowlist: {settings}" + settings.contains(r#""Bash""#), + "settings.json missing unconstrained Bash allowlist: {settings}" ); }