Security configuration for Claude Code using hooks and permissions.
- File Permissions: Blocks access to sensitive directories and files (.env, venv/, pycache, .pyc)
- Bash Validation Hook: Pre-execution validation for Bash commands to prevent access to restricted paths
- Context Token Savings: Blocked directories contain thousands of generated/cached files that waste context tokens if accidentally read
Settings defined in .claude/settings.local.json:
- Denied file patterns via permissions
- PreToolUse hook for Bash command validation
Validation script at .claude/scripts/validate-bash.sh blocks commands accessing:
- Environment files (.env)
- Build artifacts (build/, dist/) - often contain thousands of files
- Version control (.git/) - large binary objects
- Virtual environments (venv/) - thousands of dependency files
- Compiled files (.pyc)
- Cache directories (pycache)
- Data files (.csv, .log)
Copy .claude/ directory to your project to enforce similar security policies.