| ▲ | tavavex 8 hours ago | |
Are there really no ways to control read/write permissions in a smart way? I've not had to do this yet, but is it really only capable of either being advisory with you implementing all the code, or it having full control over the repo where you just hope nothing important is changed? You could probably make a system-level restriction so the software physically can't modify certain files, but I'm not sure how well that's going to fly if the program fails to edit it and there's no feedback of the failure. | ||
| ▲ | mgrassotti 8 hours ago | parent [-] | |
You can use a Claude PreToolUse command hook to prevent write (or even read) access to specific files. With this approach you can enforce that Claude cannot access to specific files. It’s a guarantee and will always work, unlike a prompt or Claude.md which is just a suggestion that can be forgotten or ignored. This post has an example hook for blocking access to sensitive files: https://aiorg.dev/blog/claude-code-hooks#:~:text=Protect%20s... | ||