personal-projects/leo-claude-mktplace
Template
0
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
39556dbb5942f6ef668c18d52af5d5b6afffe36b
leo-claude-mktplace/plugins/claude-config-maintainer/commands/config-permissions-map.md
lmiranda 3012a7af68 feat(claude-config-maintainer): add settings.local.json audit feature v1.2.0 
Add 3 new commands for auditing and optimizing Claude Code permission
configurations, leveraging the marketplace's multi-layer review architecture.

New commands:
- /config-audit-settings - 100-point scoring across redundancy, coverage,
  safety alignment, and profile fit
- /config-optimize-settings - apply optimizations with dry-run, named
  profiles (conservative, reviewed, autonomous), consolidation modes
- /config-permissions-map - Mermaid diagram of review layer coverage

New skill:
- settings-optimization.md - 7 sections covering file formats, syntax
  reference, consolidation rules, review-layer-aware recommendations,
  named profiles, scoring criteria, and hook detection

Updated agent maintainer.md with new "Audit Settings Files" responsibility.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 15:54:15 -05:00

6.6 KiB
Raw Blame History

name, description
name description
config-permissions-map Generate visual map of review layers and permission coverage

/config-permissions-map

Generate a Mermaid diagram showing the relationship between file operations, review layers, and permission status.

Skills to Load

Before executing, load:

  • skills/visual-header.md
  • skills/settings-optimization.md

Also read: /mnt/skills/user/mermaid-diagrams/SKILL.md (for diagram requirements)

Visual Output

+-----------------------------------------------------------------+
|  CONFIG-MAINTAINER - Permissions Map                             |
+-----------------------------------------------------------------+

Usage

/config-permissions-map           # Generate and display diagram
/config-permissions-map --save    # Save diagram to .mermaid file

Workflow

Step 1: Detect Active Hooks

Read all plugin hooks from the marketplace:

plugins/code-sentinel/hooks/hooks.json
plugins/doc-guardian/hooks/hooks.json
plugins/project-hygiene/hooks/hooks.json
plugins/data-platform/hooks/hooks.json
plugins/contract-validator/hooks/hooks.json
plugins/cmdb-assistant/hooks/hooks.json

For each hook, extract:

  • Event type (PreToolUse, PostToolUse, SessionStart, etc.)
  • Tool matchers (Write, Edit, MultiEdit, Bash patterns)
  • Hook command/script

Step 2: Map Hooks to File Scopes

Create a mapping of which review layers cover which operations:

Operation PreToolUse Hooks PostToolUse Hooks Other Gates
Write code-sentinel doc-guardian, project-hygiene PR review
Edit code-sentinel doc-guardian, project-hygiene PR review
MultiEdit code-sentinel doc-guardian PR review
Bash(git *) git-flow

Step 3: Read Current Permissions

Load .claude/settings.local.json and parse:

  • allow array → auto-allowed operations
  • deny array → blocked operations
  • ask array → always-prompted operations

Step 4: Generate Mermaid Flowchart

Diagram requirements (from mermaid-diagrams skill):

  • Use classDef for styling
  • Maximum 3 colors (blue, green, amber/purple)
  • Semantic arrow labels
  • Left-to-right flow

Structure:

flowchart LR
    subgraph ops[File Operations]
        direction TB
        W[Write]
        E[Edit]
        ME[MultiEdit]
        BG[Bash git]
        BN[Bash npm]
        BO[Bash other]
    end

    subgraph pre[PreToolUse Hooks]
        direction TB
        CS[code-sentinel<br/>Security Scan]
        GF[git-flow<br/>Branch Check]
    end

    subgraph post[PostToolUse Hooks]
        direction TB
        DG[doc-guardian<br/>Drift Detection]
        PH[project-hygiene<br/>Cleanup]
        DP[data-platform<br/>Schema Diff]
    end

    subgraph perm[Permission Status]
        direction TB
        AA[Auto-Allowed]
        PR[Prompted]
        DN[Denied]
    end

    W -->|intercepted| CS
    W -->|tracked| DG
    E -->|intercepted| CS
    E -->|tracked| DG
    BG -->|checked| GF

    CS -->|passed| AA
    DG -->|logged| AA
    GF -->|valid| AA
    BO -->|no hook| PR

    classDef preHook fill:#e3f2fd,stroke:#1976d2
    classDef postHook fill:#e8f5e9,stroke:#388e3c
    classDef sprint fill:#fff3e0,stroke:#f57c00
    classDef prReview fill:#f3e5f5,stroke:#7b1fa2
    classDef allowed fill:#c8e6c9,stroke:#2e7d32
    classDef prompted fill:#fff9c4,stroke:#f9a825
    classDef denied fill:#ffcdd2,stroke:#c62828

    class CS,GF preHook
    class DG,PH,DP postHook
    class AA allowed
    class PR prompted
    class DN denied

Step 5: Generate Coverage Summary Table

Review Layer Coverage Summary
=============================

| Directory Scope          | Layers | Status          | Recommendation |
|--------------------------|--------|-----------------|----------------|
| plugins/*/commands/*.md  |   3    | ✓ Auto-allowed  | — |
| plugins/*/skills/*.md    |   2    | ✓ Auto-allowed  | — |
| mcp-servers/**/*.py      |   3    | ✓ Auto-allowed  | — |
| docs/**                  |   2    | ✓ Auto-allowed  | — |
| scripts/*.sh             |   2    | ⚠ Prompted      | Consider auto-allow |
| .env*                    |   0    | ✗ Denied        | Correct - secrets |
| Root directory           |   1    | ⚠ Prompted      | Keep prompted |

Legend:
  ✓ = Covered by ≥2 review layers, auto-allowed
  ⚠ = Fewer than 2 layers or not allowed
  ✗ = Explicitly denied

Step 6: Identify Gaps

Report any gaps in coverage:

Coverage Gaps Detected:
  1. Bash(npm *) — not in allow list, but npm operations are common
     → 2 review layers active, could be auto-allowed

  2. mcp__data-platform__* — MCP server configured but tools not allowed
     → Add to allow list to avoid prompts

  3. scripts/*.sh — 2 review layers but still prompted
     → Consider adding Write(scripts/**) to allow

Step 7: Output Diagram

Display the Mermaid diagram inline.

If --save flag is used:

  • Save to .claude/permissions-map.mermaid
  • Report the file path

Output Format

+-----------------------------------------------------------------+
|  CONFIG-MAINTAINER - Permissions Map                             |
+-----------------------------------------------------------------+

Review Layer Status
===================

PreToolUse Hooks (intercept before operation):
  ✓ code-sentinel — Write, Edit, MultiEdit
  ✓ git-flow — Bash(git checkout *), Bash(git commit *)

PostToolUse Hooks (track after operation):
  ✓ doc-guardian — Write, Edit, MultiEdit
  ✓ project-hygiene — Write, Edit
  ✗ data-platform — not detected

Other Review Gates:
  ✓ Sprint Approval (projman milestone workflow)
  ✓ PR Review (pr-review multi-agent)

Permissions Flow Diagram
========================

```mermaid
[diagram here]

Coverage Summary

[table here]

Gaps & Recommendations

[gaps list here]


## File Output (--save flag)

When `--save` is specified:

Diagram saved to: .claude/permissions-map.mermaid

To view:

  • Open in VS Code with Mermaid extension
  • Paste into https://mermaid.live
  • Include in documentation with ```mermaid code fence

## Color Scheme

| Element | Color | Hex |
|---------|-------|-----|
| PreToolUse hooks | Blue | #e3f2fd |
| PostToolUse hooks | Green | #e8f5e9 |
| Sprint/Planning gates | Amber | #fff3e0 |
| PR Review | Purple | #f3e5f5 |
| Auto-allowed | Light green | #c8e6c9 |
| Prompted | Light yellow | #fff9c4 |
| Denied | Light red | #ffcdd2 |

## DO NOT

- Generate diagrams without reading the mermaid-diagrams skill
- Use more than 3 primary colors in the diagram
- Skip the coverage summary table
- Fail to identify coverage gaps
Reference in New Issue View Git Blame Copy Permalink