Hardening Cheatsheet for Claude Code's settings.json

Claude Code is remarkable. It runs shell commands, reads and writes files, connects to external services, and works autonomously toward your goals. Honestly, I can't go back to working without it. But then I caught myself. I was reflexively moving to "yes" and slamming ENTER on every permission prompt. When you're in the zone, you don't want to stop and read what it's asking. But what if that "yes" was for rm -rf ? Or git push --force ? Or worse — some abstract task that internally triggers a cascade of deletions or publications, and "undo" isn't an option? The Risks Are Real Claude Code doesn't have malicious intent. But it can hallucinate. It can take well-intentioned actions that go far beyond what you asked for — deleting files to "clean up," force-pushing to "fix" a branch, installing packages you never requested. Good intentions, excessive action. Then there's indirect prompt injection. The source code, documents, and web pages that Claude Code processes during normal work could