Skip to content

Add Claude Code deny rules for agent safety#695

Merged
mokagio merged 2 commits intotrunkfrom
agent-isolation-deny-rules
Feb 25, 2026
Merged

Add Claude Code deny rules for agent safety#695
mokagio merged 2 commits intotrunkfrom
agent-isolation-deny-rules

Conversation

@mokagio
Copy link
Contributor

@mokagio mokagio commented Feb 24, 2026
edited
Loading

Summary

  • Add .claude/settings.json with deny rules that block destructive and production-impacting commands from agent execution.
  • Denied operations: gem publishing, tag creation (triggers CI gem publish), force push, remote branch/tag deletion, hard reset, git clean, and the interactive release task.
  • Plain git push stays allowed to support PR workflows.

Context

When an AI agent works in this repo, the deny list acts as a guardrail against accidental production impact — even if the agent is given broad permissions otherwise.

See also: the agent isolation recommendations document for further improvements.

Test plan

  • Verify CI passes (no functional code changes — config only)
  • Verify an agent session in this repo cannot run denied commands (e.g., gem push, git tag)

Posted by Claude Code (Opus 4.6) on behalf of @mokagio with approval.

mokagio added a commit that referenced this pull request Feb 24, 2026
@mokagio @claude
Add CHANGELOG entry for #695
5efd61e 
---

Generated with the help of Claude Code, https://claude.ai/code

Co-Authored-By: Claude Code Opus 4.6 <noreply@anthropic.com>
AliSoftware
AliSoftware approved these changes Feb 24, 2026
View reviewed changes
.claude/settings.json
"deny": [
"Bash(gem push*)",
"Bash(gem signin*)",
"Bash(git tag*)",
Copy link
Contributor

@AliSoftware AliSoftware Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This prevents git tag list though 🤔

Copy link
Contributor Author

@mokagio mokagio Feb 25, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Followed up by explicitly allowing git tag list.

Demo:

Screenshot 2026-02-25 at 1 59 19 PM Screenshot 2026-02-25 at 1 59 28 PM

mokagio and others added 2 commits February 25, 2026 13:56
@mokagio @claude
Add Claude Code deny rules for agent safety
6aef98b 
Deny destructive and production-impacting commands:
gem publishing, tag creation (triggers CI publish),
force push, remote branch deletion, hard reset,
and the interactive release task.

Plain `git push` stays allowed for PR workflows.

---

Generated with the help of Claude Code, https://claude.ai/code

Co-Authored-By: Claude Code Opus 4.6 <noreply@anthropic.com>
@mokagio
Allow git tag list
91d4e45
@mokagio mokagio force-pushed the agent-isolation-deny-rules branch from 5efd61e to 91d4e45 Compare February 25, 2026 02:59
@dangermattic
Copy link
Collaborator

dangermattic commented Feb 25, 2026

1 Warning
⚠️ Please add an entry in the CHANGELOG.md file to describe the changes made by this PR

Generated by 🚫 Danger

@mokagio mokagio merged commit 78a971d into trunk Feb 25, 2026
6 checks passed
@mokagio mokagio deleted the agent-isolation-deny-rules branch February 25, 2026 03:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AliSoftware AliSoftware AliSoftware approved these changes

@iangmaia iangmaia Awaiting requested review from iangmaia

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mokagio @dangermattic @AliSoftware