Module dev_allowlist

Expand description

Common dev-command allowlist seeding for the supervisor.

Implements the dev-command-allowlist capability: write a curated preset of prefix patterns into .claude/settings.json::allowed_bash_prefixes so the supervisor does not hand-approve every dev-loop command variant.

The preset is split into two tiers (see design.md D2):

DEV_ALLOWLIST_PRESET — the universal set, hard-coded and always seeded. It contains only commands that are safe and useful in essentially any repository regardless of language or toolchain (non-destructive git verbs plus read-only find / grep / sed -n). It is the single source of truth for the universal tier — no other location may hard-code these patterns.
stack_preset / the named *_STACK_PRESET constants — curated, opt-in stack-specific bundles (rust / node / python / go). A repository opts in via [supervisor.common_dev_allowlist] stacks = ["rust", ...]; the seeder resolves the selected stacks to the union of the universal preset, each selected stack, and any extra patterns.

Users further extend the result through [supervisor.common_dev_allowlist] extra = [...]. The merge semantics are identical to crate::supervisor::curl_allowlist: existing entries are preserved, missing entries are appended, no duplicates are written, and the parent directory is created when missing.

Every seeded value is a command prefix (a verb, or verb plus subcommand) that subsumes all per-invocation argument variations — e.g. git diff (which prefix-matches git diff --stat HEAD~1), never a fully-argumented command line. A prefix grant collapses the infinite set of per-run argument variations into one approval.

Constants§

DEV_ALLOWLIST_PRESET: Universal dev-loop prefix patterns seeded into Claude’s allowed_bash_prefixes on supervisor start, independent of the repository’s language or toolchain.
GO_STACK_PRESET: Curated go stack preset (opt-in via stacks = ["go"]).
NODE_STACK_PRESET: Curated node stack preset (opt-in via stacks = ["node"]).
PYTHON_STACK_PRESET: Curated python stack preset (opt-in via stacks = ["python"]).
RUST_STACK_PRESET: Curated rust stack preset (opt-in via stacks = ["rust"]).

Functions§

effective_patterns: Returns the effective ordered pattern list: the universal preset, followed by each selected stack preset, followed by extra, de-duplicated.
seed_supervisor_session: Seeds the dev allowlist into every Claude settings target a supervisor session needs.
setup_dev_allowlist: Merges the dev-allowlist preset + extra patterns into the JSON file at settings_path.
stack_preset: Resolves a stack-preset name to its curated prefix list.