personal-projects/leo-claude-mktplace
Template
0
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e824b18e441ba659fa56d60b9bdf663877383097
leo-claude-mktplace/plugins/claude-config-maintainer/commands/claude-config-audit-settings.md
lmiranda 78429a709f fix(marketplace): correct stale hook references and migration guide errors 
- claude-config-audit-settings.md: update hook inventory to post-Decision #29 state
- maintainer.md: remove PostToolUse references, update to current hook types
- settings-optimization.md: update review layer table and hooks.json format
- claude-config-optimize-settings.md: fix stale doc-guardian PostToolUse reference
- project-hygiene/claude-md-integration.md: rewrite for manual /hygiene check
- doc-guardian: update doc-sync.md and sync-workflow.md hook references
- MIGRATION-v9.md: mark deleted commands as Removed, not renamed
- projman/task-sizing.md: PostToolUse → PreToolUse in example
- scripts/setup.sh: /labels-sync → /labels sync
- docs/CONFIGURATION.md: doc-guardian "Commands and hooks" → "Commands only"
- docs/prompts/INDEX.md: add prompt execution index

Version: 9.0.1

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 15:23:57 -05:00

5.8 KiB
Raw Blame History

name, description
name description
claude-config audit-settings Audit settings.local.json for permission optimization opportunities

/claude-config audit-settings

Audit Claude Code settings.local.json permissions with 100-point scoring across redundancy, coverage, safety alignment, and profile fit.

Skills to Load

Before executing, load:

  • skills/visual-header.md
  • skills/settings-optimization.md

Visual Output

+-----------------------------------------------------------------+
|  CONFIG-MAINTAINER - Settings Audit                              |
+-----------------------------------------------------------------+

Usage

/claude-config audit-settings              # Full audit with recommendations
/claude-config audit-settings --diagram    # Include Mermaid diagram of review layer coverage

Workflow

Step 1: Locate Settings Files

Search in order:

  1. .claude/settings.local.json (primary target)
  2. .claude/settings.json (shared config)
  3. ~/.claude.json project entry (legacy)

Report which format is in use.

Step 2: Parse Permission Arrays

Extract and analyze:

  • permissions.allow array
  • permissions.deny array
  • permissions.ask array (if present)
  • Legacy allowedTools array (if legacy format)

Step 3: Run Pattern Consolidation Analysis

Using settings-optimization.md Section 3, detect:

Check Description
Duplicates Exact same pattern appearing multiple times
Subsets Narrower patterns covered by broader ones
Merge candidates 4+ similar patterns that could be consolidated
Overly broad Unscoped tool permissions (e.g., Bash without pattern)
Stale entries Patterns referencing non-existent paths
Conflicts Same pattern in both allow and deny

Step 4: Detect Active Marketplace Hooks

Read plugins/*/hooks/hooks.json files (post-Decision #29 — only PreToolUse safety hooks and UserPromptSubmit quality hooks exist):

# Check each plugin's hooks (exhaustive post-v8.1.0 inventory)
plugins/code-sentinel/hooks/hooks.json     # PreToolUse: Write|Edit|MultiEdit → security-check.sh
plugins/git-flow/hooks/hooks.json          # PreToolUse: Bash → branch-check.sh, commit-msg-check.sh
plugins/cmdb-assistant/hooks/hooks.json    # PreToolUse: MCP create/update → validate-input.sh
plugins/clarity-assist/hooks/hooks.json    # UserPromptSubmit → vagueness-check.sh

Parse each to identify:

  • Hook event type (PreToolUse or UserPromptSubmit only — no other types should exist)
  • Tool matchers (Write, Edit, MultiEdit, Bash, MCP patterns)
  • Whether hook is command type (must be — prompt type is forbidden)

Step 5: Map Review Layers to Directory Scopes

For each directory scope in settings-optimization.md Section 4:

  1. Count how many review layers are verified active
  2. Determine if auto-allow is justified (≥2 layers required)
  3. Note any scopes that lack coverage

Step 6: Compare Against Recommended Profile

Based on review layer count:

  • 0-1 layers: Recommend conservative profile
  • 2+ layers: Recommend reviewed profile
  • CI/sandboxed: May recommend autonomous profile

Calculate profile fit percentage.

Step 7: Generate Scored Report

Calculate scores using settings-optimization.md Section 6.

Output Format

Settings Efficiency Score: XX/100
  Redundancy:       XX/25
  Coverage:         XX/25
  Safety Alignment: XX/25
  Profile Fit:      XX/25

Current Profile: [closest match or "custom"]
Recommended Profile: [target based on review layers]

Issues Found:
  🔴 CRITICAL: [description]
  🟠 HIGH: [description]
  🟡 MEDIUM: [description]
  🔵 LOW: [description]

Active Review Layers Detected:
  ✓ code-sentinel (PreToolUse: Write|Edit|MultiEdit)
  ✓ git-flow (PreToolUse: Bash — branch naming + commit format)
  ✓ cmdb-assistant (PreToolUse: MCP create/update)
  ✓ clarity-assist (UserPromptSubmit: vagueness detection)

Recommendations:
  1. [specific action with pattern]
  2. [specific action with pattern]
  ...

Follow-Up Actions:
  1. Run /claude-config optimize-settings to apply recommendations
  2. Run /claude-config optimize-settings --dry-run to preview first
  3. Run /claude-config optimize-settings --profile=reviewed to apply profile

Diagram Output (--diagram flag)

When --diagram is specified, generate a Mermaid flowchart showing:

Before generating: Read /mnt/skills/user/mermaid-diagrams/SKILL.md for diagram requirements.

Diagram structure:

  • Left column: File operation types (Write, Edit, Bash)
  • Middle: Review layers that intercept each operation
  • Right column: Current permission status (auto-allowed, prompted, denied)

Color coding:

  • PreToolUse hooks: Blue
  • UserPromptSubmit hooks: Green
  • Sprint Approval: Amber
  • PR Review: Purple

Example structure:

flowchart LR
    subgraph Operations
        W[Write]
        E[Edit]
        B[Bash]
    end

    subgraph Review Layers
        CS[code-sentinel]
        GF[git-flow]
        PR[pr-review]
    end

    subgraph Permission
        A[Auto-allowed]
        P[Prompted]
        D[Denied]
    end

    W --> CS
    E --> CS
    B --> GF
    CS --> A
    GF --> A
    B --> P

    classDef preHook fill:#e3f2fd
    classDef userPrompt fill:#e8f5e9
    classDef prReview fill:#f3e5f5
    class CS preHook
    class GF preHook
    class PR prReview

Issue Severity Levels

Severity Icon Examples
CRITICAL 🔴 Unscoped Bash in allow, missing deny for secrets
HIGH 🟠 Overly broad patterns, missing MCP coverage
MEDIUM 🟡 Subset redundancy, merge candidates
LOW 🔵 Exact duplicates, minor optimizations

DO NOT

  • Modify any files (this is audit only)
  • Recommend autonomous profile unless explicitly sandboxed environment
  • Recommend auto-allow for scopes with <2 verified review layers
  • Skip hook verification before making recommendations
Reference in New Issue View Git Blame Copy Permalink