@blundergoat/goat-flow
Version:
AI coding agent harness and local dashboard for Claude Code, OpenAI Codex, Google Antigravity, and GitHub Copilot - setup audits, guardrails, structured skills, deny hooks, and persistent learning loops.
69 lines (68 loc) • 2.05 kB
JSON
{
"permissions": {
"allow": [
"Read(.env.example)",
"Read(**/.env.example)"
],
"deny": [
"Bash(*git commit*)",
"Bash(*git push*)",
"Bash(*sudo *)",
"Bash(*mkfs*)",
"Bash(*dd if=*)",
"Bash(*git reset --hard*)",
"Read(**/.env*)",
"Edit(**/.env*)",
"Write(**/.env*)",
"Read(**/secrets/**)",
"Read(**/*.pem)",
"Read(**/*.key)",
"Read(**/.ssh/**)",
"Read(**/.aws/**)",
"Read(**/.docker/config.json)",
"Read(**/.gnupg/**)",
"Read(**/.npmrc)",
"Read(**/.pypirc)",
"Read(**/*.pfx)",
"Read(**/credentials*)",
"Read(**/.kube/config)",
"Write(**/secrets/**)",
"Write(**/*.pem)",
"Write(**/*.key)",
"Write(**/.ssh/**)",
"Write(**/.aws/**)",
"Write(**/.docker/config.json)",
"Write(**/.gnupg/**)",
"Write(**/.npmrc)",
"Write(**/.pypirc)",
"Write(**/*.pfx)",
"Write(**/credentials*)",
"Write(**/.kube/config)",
"Edit(**/secrets/**)",
"Edit(**/*.pem)",
"Edit(**/*.key)",
"Edit(**/.ssh/**)",
"Edit(**/.aws/**)",
"Edit(**/.docker/config.json)",
"Edit(**/.gnupg/**)",
"Edit(**/.npmrc)",
"Edit(**/.pypirc)",
"Edit(**/*.pfx)",
"Edit(**/credentials*)",
"Edit(**/.kube/config)"
]
},
"hooks": {
"PreToolUse": [
{
"matcher": "Bash",
"hooks": [
{
"type": "command",
"command": "bash -c 'root=\"$(git rev-parse --show-toplevel 2>/dev/null || true)\"; [ -f \"$root/.goat-flow/hooks/deny-dangerous.sh\" ] || root=\"${CLAUDE_PROJECT_DIR:-}\"; [ -f \"$root/.goat-flow/hooks/deny-dangerous.sh\" ] || { printf '\\''BLOCKED: Policy hook unavailable: git repository root unavailable.\\n'\\'' >&2; exit 2; }; cd \"$root\" || { printf '\\''BLOCKED: Policy hook unavailable: git repository root unavailable.\\n'\\'' >&2; exit 2; }; bash \"$root/.goat-flow/hooks/deny-dangerous.sh\"'"
}
]
}
]
}
}