Safe Claude Code Settings

Here are a few commands I have in my Claude Code deny-list to prevent bad things from happening. I wish Claude shipped with these by default!

The following commands disallow Claude from force pushing and skipping pre-commit hooks.

{
  "permissions": {
    "deny": [
      "Bash(git push -f)",
      "Bash(git push --force)",
      "Bash(git commit:*-n:*)",
      "Bash(git commit:*--no-verify:*)"
    ]
  }
}

To be extra careful, I also have a pretty thorough gitignore that I install globally which includes common patterns for secret credentials.

*.key
*.pem
*.p12
*.pfx
*.cer
*.crt
**/secrets/**
**/credentials/**
.env
.env.*
**/config/secrets.toml