Expand .claude/settings.json with read-only permissions and schema reference

[Mpdreamz]

Why

The previous .claude/settings.json only pre-approved a handful of build commands, so every file read, search, web lookup, and common build step triggered an approval prompt. This creates friction during routine exploration and development — the most common things Claude does before and while making changes.

Read-only operations carry no risk of modifying the codebase, so requiring approval adds noise without adding safety. Common build/test commands are similarly low-risk and needed constantly during development.

What changed

Read-only exploration (no prompts):

• Read, Glob, Grep — file exploration tools
• WebSearch, WebFetch — web research (API docs, error messages, etc.)
• Bash(git log:*), git status, git diff, git show, git branch — read-only git inspection

Build & development workflow:

• Bash(./build.sh:*) — the main build wrapper covering all targets (compile, test, lint, format, watch)
• Bash(dotnet restore:*) — package restore
• Bash(dotnet test:*) — direct test runs
• Bash(dotnet run:*) — covers both dotnet run --project build and dotnet run --project src/tooling/docs-builder
• Bash(dotnet format:*) — formatting and lint checks
• Bash(dotnet watch:*) — watch mode development
• Bash(dotnet workload:*) — workload management (aspire etc.)
• Bash(npm ci:*), npm run lint, npm run fmt:*, npm run test:*, npm run watch:* — JS toolchain

Not pre-approved (still prompt): dotnet publish, container builds, docker — these have broader impact and are infrequent enough that a prompt is appropriate.

$schema added for IDE autocomplete and validation via SchemaStore.

🤖 Generated with Claude Code

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 7f4fc416-4dff-4d01-add5-75514a63c088

📥 Commits

Reviewing files that changed from the base of the PR and between 82ec5e3 and 75e8d90.

📒 Files selected for processing (1)

• .claude/settings.json

🚧 Files skipped from review as they are similar to previous changes (1)

• .claude/settings.json

---

📝 Walkthrough

Walkthrough

The .claude/settings.json file now includes a top-level "$schema" reference. The permissions.allow array was changed: removed Bash(find:*), Bash(wc:*), and the prior Bash(git grep:*); added capabilities Read, Glob, Grep, WebSearch, WebFetch; added specific Bash(git <subcommand>:*) patterns, Bash(./build.sh:*); broadened .NET (dotnet restore/test/run/format/watch/workload) and npm permissions (including Bash(npm ci:*) and more Bash(npm run ...) entries); retained Bash(npm exec:*), Bash(npm install:*), and Bash(npx tsc:*).

Suggested labels

enhancement

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main changes: expanding .claude/settings.json with read-only permissions and adding a schema reference.
Description check	✅ Passed	The description clearly explains the motivation, detailed changes made, and reasoning for the permission expansions, directly relating to the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch feature/claude-settings

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.claude/settings.json:
- Line 14: The current scope entry "Bash(git branch:*)" allows destructive git
branch flags; replace that entry with a read-only variant such as "Bash(git
branch --list:*)" (or simply "Bash(git branch --list)") so only branch listing
is permitted and flags like -d/-m or creation are disallowed; update the
settings JSON entry that currently contains "Bash(git branch:*)" to the safer
"Bash(git branch --list:*)" string.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 738c0032-7e48-45b6-9ecc-d77aa81795e6

📥 Commits

Reviewing files that changed from the base of the PR and between 1033c0d and 82ec5e3.

📒 Files selected for processing (1)

• .claude/settings.json