Hacker News new | ask | show | jobs
Show HN: A police department for your Claude Code agents (github.com)
10 points by softie123 17 hours ago
3 comments
tomaytotomato 16 hours ago
Not a criticism, but why would I use this instead of locking down my Claude using the allow/deny permissions list?

    "permissions": {
    "allow": [
      "Bash(npm run lint)",
      "Bash(npm run test *)",
      "Read(~/.zshrc)"
    ],
    "deny": [
      "Bash(curl *)",
      "Read(./.env)",
      "Read(./.env.*)",
      "Read(./secrets/**)"
    ]
  },
link
softie123 14 hours ago
Idea is not to deny permissions to everything but just keep a log on what the agents are doing thats not in line with our permissions and also you have to know what they are bypassing so we can put them in deny list later. Very useful when you spawn many agents working in parallel. This is more of an observability tool.
link
tenuousemphasis 12 hours ago
Well at least you'll know why your data was exfiltrated or your systems compromised, even if you can't stop it...
link
softie123 10 hours ago
thats exactly what i went for. also I am keeping all the logs compressed so may be i can build something to build later
link
FishAngular12 16 hours ago
Where would one put this? In AGENTS.md?
link
abirch 15 hours ago
Your settings file: User settings are defined in ~/.claude/settings.json

or /permissions

https://code.claude.com/docs/en/permissions

link
AdmiralAsshat 17 hours ago
Probably needs a better metaphor than "police department", what with the most popular cop meme being:

https://www.reddit.com/media?url=https%3A%2F%2Fpreview.redd....

link
cosnenc 10 hours ago
ACAB
link