chore(claude): remove most permissions from settings.json

[nsrip-dd]

Claude (or any other LLM agent) should not have permission by default to
do anything, except possibly read files. Users typically allow Claude to
write code. If Claude then has permission to run make, Go, or bash
scripts, Claude can run arbitrary code on the host machine without
prompting the user. This leaves developers open to unwanted, destructive
behavior due to hallucinations and prompt injection attacks.
And with blanket gh and git permissions, the agent has the same access
to GitHub as the user running the agent. Additionally, any settings we commit
to this repo silently take precedence over user settings. This PR removes the
tool permissions. The MCP one seems okay for now.

It would be nice to leave a breadcrumb to remind devlopers to be mindful
about what they add to the shared configuration, but Claude's
configuration doesn't allow comments...

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 55.64%. Comparing base (6af22e4) to head (1b33307).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

see 371 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[pr-commenter]

Benchmarks

Benchmark execution time: 2026-02-20 18:26:59

Comparing candidate commit 1b33307 in PR branch nick.ripley/remove-claude-permissions with baseline commit 6af22e4 in branch main.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 156 metrics, 8 unstable metrics.

Explanation

This is an A/B test comparing a candidate commit's performance against that of a baseline commit. Performance changes are noted in the tables below as:

• 🟩 = significantly better candidate vs. baseline
• 🟥 = significantly worse candidate vs. baseline

We compute a confidence interval (CI) over the relative difference of means between metrics from the candidate and baseline commits, considering the baseline as the reference.

If the CI is entirely outside the configured SIGNIFICANT_IMPACT_THRESHOLD (or the deprecated UNCONFIDENCE_THRESHOLD), the change is considered significant.

Feel free to reach out to #apm-benchmarking-platform on Slack if you have any questions.

More details about the CI and significant changes

You can imagine this CI as a range of values that is likely to contain the true difference of means between the candidate and baseline commits.

CIs of the difference of means are often centered around 0%, because often changes are not that big:

---------------------------------(------|---^--------)-------------------------------->
                              -0.6%    0%  0.3%     +1.2%
                                 |          |        |
         lower bound of the CI --'          |        |
sample mean (center of the CI) -------------'        |
         upper bound of the CI ----------------------'

As described above, a change is considered significant if the CI is entirely outside the configured SIGNIFICANT_IMPACT_THRESHOLD (or the deprecated UNCONFIDENCE_THRESHOLD).

For instance, for an execution time metric, this confidence interval indicates a significantly worse performance:

----------------------------------------|---------|---(---------^---------)---------->
                                       0%        1%  1.3%      2.2%      3.1%
                                                  |   |         |         |
       significant impact threshold --------------'   |         |         |
                      lower bound of CI --------------'         |         |
       sample mean (center of the CI) --------------------------'         |
                      upper bound of CI ----------------------------------'

[darccio]

@nsrip-dd I'd add it to .gitignore, as it's going to change over each dev.

[nsrip-dd]

@nsrip-dd I'd add it to .gitignore, as it's going to change over each dev.

IIUC there are two settings files, settings.local.json and settings.json, that Claude can use in a repo/project. The "local" one is supposed to not be committed. But Claude docs claim that settings.json can/should be committed if there is useful configuration that applies to all developers in a project: https://code.claude.com/docs/en/settings#settings-files. After this change, we won't really have any shared configuration. But I could see us potentially having some in the future. Like more targeted command permissions, or hooks, or stuff like that.