chore: 调整发布策略，移除SSH直连权限

改为本地开发 → push到Gitea → 手动SSH拉取的安全部署流程禁止Claude直接操作生产服务器 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-23 23:26:28 +08:00
parent a9a4f5f8e8
commit b22627a066
1 changed files with 22 additions and 35 deletions
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@@ -1,49 +1,36 @@
 {
  "permissions": {
    "allow": [
-      "Bash(if [ -d \".git\" ])",
-      "Bash(then echo \"Git repository exists\")",
-      "Bash(else echo \"No git repository\")",
-      "Bash(fi)",
-      "Bash(python:*)",
-      "Bash(python3:*)",
-      "Bash(py test_db.py:*)",
-      "Bash(where:*)",
-      "Bash(/c/Users/linha/AppData/Local/Microsoft/WindowsApps/python test_db.py)",
-      "Bash(pip install:*)",
-      "Bash(pip uninstall:*)",
-      "Bash(tasklist:*)",
-      "Bash(findstr:*)",
-      "Bash(dir:*)",
      "Bash(git init:*)",
      "Bash(git add:*)",
      "Bash(git commit:*)",
-      "Bash(curl:*)",
-      "WebFetch(domain:zjpb.net)",
-      "Bash(del import_bookmarks.py test_bookmark_parse.py test_simple_parse.py result.txt)",
+      "Bash(git push:*)",
+      "Bash(git pull:*)",
+      "Bash(git checkout:*)",
+      "Bash(git status:*)",
      "Bash(git tag:*)",
-      "Bash(if [ -f .env ])",
-      "Bash(then echo \"exists\")",
-      "Bash(else echo \"not exists\")",
-      "Bash(timeout /t 3 /nobreak)",
-      "Bash(ping:*)",
+      "Bash(git config:*)",
      "Bash(git diff-tree:*)",
      "Bash(git format-patch:*)",
-      "WebFetch(domain:bocha-ai.feishu.cn)",
+      "Bash(git log:*)",
+      "Bash(git diff:*)",
+      "Bash(python:*)",
+      "Bash(python3:*)",
+      "Bash(pip install:*)",
+      "Bash(pip uninstall:*)",
      "Bash(ls:*)",
-      "Bash(git pull:*)",
-      "Bash(del nul)",
-      "Bash(git checkout:*)",
-      "Bash(git push:*)",
-      "Bash(netstat:*)",
-      "Bash(git config:*)",
-      "Bash(taskkill:*)",
-      "Bash(cmd /c:*)",
-      "Bash(powershell:*)",
+      "Bash(dir:*)",
+      "WebFetch(domain:zjpb.net)",
+      "WebFetch(domain:bocha-ai.feishu.cn)"
+    ],
+    "deny": [
      "Bash(ssh:*)",
-      "Bash(start:*)",
-      "Bash(git status --porcelain=v1)",
-      "Bash(timeout 3 cmd:*)"
+      "Bash(scp:*)",
+      "Bash(sftp:*)",
+      "Bash(curl:*)",
+      "Bash(wget:*)",
+      "Bash(cmd /c:*)",
+      "Bash(powershell:*)"
    ]
  }
 }