1.8 KiB
1.8 KiB
Check the current Claude Code permissions for .env files without attempting to read them.
Important: Project-level settings completely override user-level settings (they don't merge).
-
Check all three settings locations:
- User settings:
~/.claude/settings.json - Project settings:
./.claude/settings.json(if exists) - Local project settings:
./.claude/settings.local.json(if exists)
- User settings:
-
For each file that exists, parse the
permissionssection (bothallowanddenyarrays) -
Look for patterns related to .env files in each:
**/.env**/.env.***/.env.example**/.env.local- Any other .env-related patterns
-
Report findings clearly:
- Show what's in each settings file (user, project, local)
- Highlight which settings are actually active based on precedence:
- If
./.claude/settings.local.jsonexists → it takes precedence - Else if
./.claude/settings.jsonexists → it takes precedence - Else
~/.claude/settings.jsonis active
- If
- Show the effective permissions that will actually be enforced
- Explain if project settings are overriding user settings (especially important if project has empty/missing deny arrays)
-
Provide a summary like:
- "✓ Can read/write .env.example files"
- "✗ Cannot read/write .env files"
- "⚠️ Warning: Project settings override user settings and may allow .env access"
-
If project settings are missing .env protections, suggest:
- "💡 TIP: Run
/secure-env.applyto add secure .env deny rules to this project's settings" - Explain that this will merge the deny rules without overwriting existing project settings
- "💡 TIP: Run
Do NOT attempt to read, write, or access any actual .env files - only check the permissions configuration files.