I configure permission settings within projects.
replyhttps://code.claude.com/docs/en/settings#permission-settings
Ah yes - this is the way. Thanks.
replythis prevents claude from directly reading certain files, but doesn't prevent claude from running a command that dumps the file on stdout and then reading stdout... claude will just try to "cat" the file if it decides it wants to see it.
replyYeah - that’s kinda what I was thinking. Unless you’re doing quite granular approvals it gets tricky.
replyby putting secrets in your environment instead of in your files, and running AI tools in a dedicated environment that has its own set of limited and revocable secrets.
replyYes - separate secrets always - but you've still got local or dev secrets. Seems like the above permissions are the right way to go in the end. Thanks.
reply