[audit] audit_file = "/tmp/chook-audit.json" # off | matched | all audit_level = "matched" # === DENY RULES (checked first) === [[deny]] tool = "Bash" command_regex = "^rm .*-rf" reason = "Recursive force-delete is blocked. Use rm on specific files, or ask the user to run this manually." [[deny]] tool = "Bash" command_regex = "^sudo " reason = "sudo is not allowed. Find an alternative that doesn't require elevated privileges." [[deny]] tool = "Read" file_path_regex = "\\.(env|secret|pem|key)$" reason = "Reading secrets/credentials is blocked. Use environment variables or ask the user to provide the needed values." [[deny]] tool = "Write" file_path_regex = "\\.(env|secret|pem|key)$" reason = "Writing secrets/credentials is blocked. Ask the user to create or update this file manually." # Block shell metacharacters in commands — run each command separately or use a package.json script [[deny]] tool = "Bash" command_regex = "&|;|\\||`|\\$\\(" reason = "BLOCKED: Command contains shell metacharacters (&, ;, |, `, $()). You MUST run exactly ONE command per Bash call. Do NOT chain commands with && or ;. Do NOT use pipes. Do NOT use subshells. Split into separate Bash calls instead." # === ALLOW RULES (checked after deny) === # Allow file ops within the cwd tree where Claude was started [[allow]] tool = "Read" restrict_to_cwd = true file_path_exclude_regex = "\\.\\." [[allow]] tool = "Write" restrict_to_cwd = true file_path_exclude_regex = "\\.\\." [[allow]] tool = "Edit" restrict_to_cwd = true file_path_exclude_regex = "\\.\\." [[allow]] tool = "Glob" restrict_to_cwd = true # Always allow /tmp access [[allow]] tool = "Read" file_path_regex = "^/tmp/" [[allow]] tool = "Write" file_path_regex = "^/tmp/" [[allow]] tool = "Edit" file_path_regex = "^/tmp/" [[allow]] tool = "Glob" file_path_regex = "^/tmp/" # Allow safe bash commands (no shell injection) [[allow]] tool = "Bash" command_regex = "^(git |npm |node |npx |bun |cargo |make |ls |cat |head |tail |wc |find |grep |rg |which |echo |pwd |mkdir |cp |mv |touch |chmod |brew |gh )" command_exclude_regex = "&|;|\\||`|\\$\\(" # Allow subagents [[allow]] tool = "Task" subagent_type = "Explore" [[allow]] tool = "Task" subagent_type = "Plan"