chore: add Claude Code safeguards and track CLAUDE.md

[mikkeldamsgaard]

Summary

• Add .claude/settings.json with layered permission rules enforcing safe defaults for all Claude Code sessions
• Track CLAUDE.md (agent instructions) and .claude/settings.json in git so they apply to all collaborators and automated agents
• Remove both from .gitignore

Permission model

• Deny (hard blocks): PR approval/merge/close, force push, push to main/master, destructive git/shell commands, editing sensitive paths (~/.ssh, ~/.aws, etc.)
• Allow (auto-approved): read-only tools, project file editing, cargo build/test/clippy/fmt, git workflow, --force-with-lease push to work branches, make, docker, harmless shell utilities
• Ask (default): everything else prompts for confirmation (cargo publish, gh pr create, etc.)

How to verify

# Check settings are valid JSON
python3 -c "import json; json.load(open('.claude/settings.json'))"

# Verify both files are tracked
git ls-files CLAUDE.md .claude/settings.json

# Verify neither is gitignored
git check-ignore CLAUDE.md .claude/settings.json  # should produce no output

🤖 Generated with Claude Code

[Copilot]

Pull request overview

This PR adds agent safeguards and configuration for Claude Code sessions by introducing two new tracked files: CLAUDE.md (comprehensive AI agent instructions) and .claude/settings.json (permission rules). These files establish operating principles, quality gates, security constraints, and execution rules for AI agents working with this repository.

Changes:

• Added CLAUDE.md with 20 operating principles covering code quality, testing, documentation, security, and change management
• Added .claude/settings.json with layered permission rules (deny/allow/ask modes) for Claude Code sessions
• Removed CLAUDE.md and .claude/settings.json from .gitignore to track them in version control

Reviewed changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 8 comments.

File	Description
CLAUDE.md	Comprehensive agent instructions covering operating principles, quality gates, robustness, security, change management, and execution constraints
.gitignore	Removed entries for CLAUDE.md and .claude/settings.json to enable version tracking
.claude/settings.json	Permission configuration with deny rules for dangerous operations, allow rules for safe operations, and default ask mode for everything else

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

There is a grammatical error. "errors was found" should be "errors were found" for subject-verb agreement.

Suggested change

	- If during implementation, obvious errors was found in the ooriginating issue, also add a comment to the issue about the fix.
	- If during implementation, obvious errors were found in the ooriginating issue, also add a comment to the issue about the fix.

[Copilot]

The permission rules allow "Edit(/)" and "Write(/)" on lines 49-50, which could potentially allow editing or writing sensitive paths despite the specific deny rules on lines 32-39. Depending on how the permission system evaluates these rules (allow vs deny precedence), this could be a security issue. The broad allow rules may override the specific deny rules for sensitive directories. Consider clarifying the permission evaluation order or making the allow rules more specific to exclude sensitive paths.

[Copilot]

Line 86 is missing a period at the end, which is inconsistent with the formatting of other guideline statements in this document (e.g., lines 84, 81, etc.).

Suggested change

	20) Prefer bash commands/scripts to python3 when investigating
	20) Prefer bash commands/scripts to python3 when investigating.

[Copilot]

The phrase "Fetch the git origin" is unclear. It should be "Fetch from the git origin" or "Fetch from origin" to be more grammatically correct and clear.

Suggested change

	- Fetch the git origin
	- Fetch from origin

[Copilot]

This line has two issues: (1) "seems" should be "seem" for subject-verb agreement (files is plural), and (2) it's missing a period at the end, which is inconsistent with the formatting of other guideline statements in this document.

Suggested change

	- If issues arise where files seems unedited, alert the user before continuing
	- If issues arise where files seem unedited, alert the user before continuing.

[Copilot]

The permission rules allow "Bash(git push *)" on line 70, which could allow pushing to main/master branches despite the deny rules on lines 11-14. The deny rules use patterns like "Bash(git push * main)" which may not match all variations of push commands to main/master. Consider whether the deny rules are sufficient to block all push attempts to protected branches, or if the allow rule on line 70 should be more restrictive.

Suggested change

	"Bash(git push --force-with-lease *)",
	"Bash(git push *)",

[Copilot]

The deny rule "Bash(git push --force *)" on line 15 and "Bash(git push -f *)" on line 16 may not prevent all force push variations. For example, git push --force-with-lease is explicitly allowed on line 69, which is good, but other variations like git push -f --set-upstream origin branch might slip through depending on pattern matching behavior. Additionally, the patterns may not catch git push origin +branch which is another way to force push. Consider whether the deny patterns should be more comprehensive or if the current set is sufficient for the intended security model.

Suggested change

	"Bash(git push --force *)",
	"Bash(git push -f *)",
	"Bash(git push * --force *)",
	"Bash(git push * -f *)",
	"Bash(git push * +*)",

[Copilot]

There is a typo in "ooriginating" which should be "originating".

Suggested change

	- If during implementation, obvious errors was found in the ooriginating issue, also add a comment to the issue about the fix.
	- If during implementation, obvious errors was found in the originating issue, also add a comment to the issue about the fix.