b22627a066
改为本地开发 → push到Gitea → 手动SSH拉取的安全部署流程 禁止Claude直接操作生产服务器 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
37 lines
815 B
JSON
37 lines
815 B
JSON
{
|
|
"permissions": {
|
|
"allow": [
|
|
"Bash(git init:*)",
|
|
"Bash(git add:*)",
|
|
"Bash(git commit:*)",
|
|
"Bash(git push:*)",
|
|
"Bash(git pull:*)",
|
|
"Bash(git checkout:*)",
|
|
"Bash(git status:*)",
|
|
"Bash(git tag:*)",
|
|
"Bash(git config:*)",
|
|
"Bash(git diff-tree:*)",
|
|
"Bash(git format-patch:*)",
|
|
"Bash(git log:*)",
|
|
"Bash(git diff:*)",
|
|
"Bash(python:*)",
|
|
"Bash(python3:*)",
|
|
"Bash(pip install:*)",
|
|
"Bash(pip uninstall:*)",
|
|
"Bash(ls:*)",
|
|
"Bash(dir:*)",
|
|
"WebFetch(domain:zjpb.net)",
|
|
"WebFetch(domain:bocha-ai.feishu.cn)"
|
|
],
|
|
"deny": [
|
|
"Bash(ssh:*)",
|
|
"Bash(scp:*)",
|
|
"Bash(sftp:*)",
|
|
"Bash(curl:*)",
|
|
"Bash(wget:*)",
|
|
"Bash(cmd /c:*)",
|
|
"Bash(powershell:*)"
|
|
]
|
|
}
|
|
}
|