Skip to content

v5.10.5 — Sharper permissions.deny guidance

Choose a tag to compare

View all tags
@alexgreensh alexgreensh released this 10 Jun 07:13
· 62 commits to main since this release
v5.10.5
cad4336

Refines the file-exclusion (permissions.deny) recommendations so they reliably save tokens:

  • Security vs. noise excludes are now separated. Security-critical paths (.env, secrets/, credentials) stay top-priority because Claude never reads them, so they are pure win. Convenience excludes (node_modules, build output) are now suggestions, recommended only as narrow, specific paths.
  • New token-cost guidance. Deny rules save tokens only when Claude never tries the path. A broad rule on a path Claude actively wants causes repeated permission-denied feedback that accumulates in context. The playbook, checklist, template, and audit now prefer narrow paths (Read(./logs/**)) over broad globs (Read(./**/*.log)).
  • Audit no longer over-prioritizes missing convenience excludes.

Doc-only change. No code or behavior changes. Thanks to a community user for surfacing the tradeoff.

Assets 2
Loading