personal-projects/leo-claude-mktplace
Template
0
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
47d2ef2e079f7f865b3db7f2a5e04619c30f2b0c
leo-claude-mktplace/plugins/claude-config-maintainer/commands/claude-config-optimize-settings.md
lmiranda 78429a709f fix(marketplace): correct stale hook references and migration guide errors 
- claude-config-audit-settings.md: update hook inventory to post-Decision #29 state
- maintainer.md: remove PostToolUse references, update to current hook types
- settings-optimization.md: update review layer table and hooks.json format
- claude-config-optimize-settings.md: fix stale doc-guardian PostToolUse reference
- project-hygiene/claude-md-integration.md: rewrite for manual /hygiene check
- doc-guardian: update doc-sync.md and sync-workflow.md hook references
- MIGRATION-v9.md: mark deleted commands as Removed, not renamed
- projman/task-sizing.md: PostToolUse → PreToolUse in example
- scripts/setup.sh: /labels-sync → /labels sync
- docs/CONFIGURATION.md: doc-guardian "Commands and hooks" → "Commands only"
- docs/prompts/INDEX.md: add prompt execution index

Version: 9.0.1

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 15:23:57 -05:00

6.2 KiB
Raw Blame History

name, description
name description
claude-config optimize-settings Optimize settings.local.json permissions based on audit recommendations

/claude-config optimize-settings

Optimize Claude Code settings.local.json permission patterns and apply named profiles.

Skills to Load

Before executing, load:

  • skills/visual-header.md
  • skills/settings-optimization.md
  • skills/pre-change-protocol.md

Visual Output

+-----------------------------------------------------------------+
|  CONFIG-MAINTAINER - Settings Optimization                       |
+-----------------------------------------------------------------+

Usage

/claude-config optimize-settings                    # Apply audit recommendations
/claude-config optimize-settings --dry-run          # Preview only, no changes
/claude-config optimize-settings --profile=reviewed # Apply named profile
/claude-config optimize-settings --consolidate-only # Only merge/dedupe, no new rules

Options

Option Description
--dry-run Preview changes without applying
--profile=NAME Apply named profile (conservative, reviewed, autonomous)
--consolidate-only Only deduplicate and merge patterns, don't add new rules
--no-backup Skip backup (not recommended)

Workflow

Step 1: Run Audit Analysis

Execute the same analysis as /claude-config audit-settings:

  1. Locate settings file
  2. Parse permission arrays
  3. Detect issues (duplicates, subsets, merge candidates, etc.)
  4. Verify active review layers
  5. Calculate current score

Step 2: Generate Optimization Plan

Based on audit results, create a change plan:

For --consolidate-only:

  • Remove exact duplicates
  • Remove subset patterns covered by broader patterns
  • Merge similar patterns (4+ threshold)
  • Remove stale patterns for non-existent paths
  • Remove conflicting allow entries that are already denied

For --profile=NAME:

  • Calculate diff between current permissions and target profile
  • Show additions and removals
  • Preserve any custom deny rules not in profile

For default (full optimization):

  • Apply all consolidation changes
  • Add recommended patterns based on verified review layers
  • Suggest profile alignment if appropriate

Step 3: Show Before/After Preview

MANDATORY: Always show preview before applying changes.

Current Settings:
  allow: [12 patterns]
  deny: [4 patterns]

Proposed Changes:

  REMOVE from allow (redundant):
    - Write(plugins/projman/*) [covered by Write(plugins/**)]
    - Write(plugins/git-flow/*) [covered by Write(plugins/**)]
    - Bash(git status) [covered by Bash(git *)]

  ADD to allow (recommended):
    + Bash(npm *) [2 review layers active]
    + Bash(pytest *) [2 review layers active]

  ADD to deny (security):
    + Bash(curl * | bash*) [missing safety rule]

After Optimization:
  allow: [10 patterns]
  deny: [5 patterns]

Score Impact: 67/100 → 85/100 (+18 points)

Step 4: Request User Approval

Ask for confirmation before proceeding:

Apply these changes to .claude/settings.local.json?
  [1] Yes, apply changes
  [2] No, cancel
  [3] Apply partial (select which changes)

Step 5: Create Backup

Before any write operation:

# Backup location
.claude/backups/settings.local.json.{YYYYMMDD-HHMMSS}

Create the .claude/backups/ directory if it doesn't exist.

Step 6: Apply Changes

Write the optimized settings.local.json file.

Step 7: Verify

Re-read the file and re-calculate the score to confirm improvement.

Optimization Complete!

Backup saved: .claude/backups/settings.local.json.20260202-143022

Settings Efficiency Score: 85/100 (+18 from 67)
  Redundancy:       25/25 (+8)
  Coverage:         22/25 (+5)
  Safety Alignment: 23/25 (+3)
  Profile Fit:      15/25 (+2)

Changes applied:
  - Removed 3 redundant patterns
  - Added 2 recommended patterns
  - Added 1 safety deny rule

Profile Application

When using --profile=NAME:

conservative

Switching to conservative profile...

This profile:
  - Allows: Read, Glob, Grep, LS, basic Bash commands
  - Allows: Write/Edit only for docs/
  - Denies: .env*, secrets/, rm -rf, sudo

All other Write/Edit operations will prompt for approval.

reviewed

Switching to reviewed profile...

Prerequisites verified:
  ✓ code-sentinel hook active (PreToolUse)
  ✓ git-flow hook active (PreToolUse)
  ✓ 2+ review layers detected

This profile:
  - Allows: All file operations (Edit, Write, MultiEdit)
  - Allows: Scoped Bash commands (git, npm, python, etc.)
  - Denies: .env*, secrets/, rm -rf, sudo, curl|bash

autonomous

⚠️  WARNING: Autonomous profile requested

This profile allows unscoped Bash execution.
Only use in fully sandboxed environments (CI, containers).

Confirm this is a sandboxed environment?
  [1] Yes, this is sandboxed - apply autonomous profile
  [2] No, cancel

Safety Rules

  1. ALWAYS backup before writing (unless --no-backup)
  2. NEVER remove deny rules without explicit confirmation
  3. NEVER add unscoped Bash to allow — always use scoped patterns
  4. Preview is MANDATORY before applying changes
  5. Verify review layers before recommending broad permissions

Output Format

Dry Run Output

+-----------------------------------------------------------------+
|  CONFIG-MAINTAINER - Settings Optimization                       |
+-----------------------------------------------------------------+

DRY RUN - No changes will be made

[... preview content ...]

To apply these changes, run:
  /claude-config optimize-settings

Applied Output

+-----------------------------------------------------------------+
|  CONFIG-MAINTAINER - Settings Optimization                       |
+-----------------------------------------------------------------+

Optimization Applied Successfully

Backup: .claude/backups/settings.local.json.20260202-143022

[... summary of changes ...]

Score: 67/100 → 85/100

DO NOT

  • Apply changes without showing preview
  • Remove deny rules silently
  • Add unscoped Bash permission
  • Skip backup without explicit --no-backup flag
  • Apply autonomous profile without sandbox confirmation
  • Recommend broad permissions without verifying review layers
Reference in New Issue View Git Blame Copy Permalink