johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(setup): auto-allowlist bd commands in Claude Code (#511)

Browse Source 
Add bd to Claude Code allowedTools when running `bd setup claude` so
that all bd commands (create, update, close, etc.) can run without
requiring per-command approval.

Changes:
- Add addAllowedTool() and removeAllowedTool() helper functions
- InstallClaude() now adds "Bash(bd:*)" to allowedTools
- RemoveClaude() cleans up the allowedTools entry
- Add tests for new functionality

Users who have already run `bd setup claude` can run it again to add
the missing allowedTools entry while keeping their existing hooks.

Fixes #511

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Steve Yegge
2025-12-13 09:42:52 +11:00
parent 4f44265f1d
commit 3d484587e3
2 changed files with 183 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
cmd/bd/setup/claude.go
View File

@@ -65,6 +65,11 @@ func InstallClaude(project bool, stealth bool) {
fmt.Println("✓ Registered PreCompact hook")
}
// Add bd to allowedTools so commands don't require per-command approval
if addAllowedTool(settings, "Bash(bd:*)") {
fmt.Println("✓ Added bd to allowedTools (no per-command approval needed)")
}
// Write back to file
data, err = json.MarshalIndent(settings, "", " ")
if err != nil {
@@ -149,6 +154,9 @@ func RemoveClaude(project bool) {
removeHookCommand(hooks, "SessionStart", "bd prime --stealth")
removeHookCommand(hooks, "PreCompact", "bd prime --stealth")
// Remove bd from allowedTools
removeAllowedTool(settings, "Bash(bd:*)")
// Write back
data, err = json.MarshalIndent(settings, "", " ")
if err != nil {
@@ -164,6 +172,49 @@ func RemoveClaude(project bool) {
fmt.Println("✓ Claude hooks removed")
}
// addAllowedTool adds a tool pattern to allowedTools if not already present
// Returns true if tool was added, false if already exists
func addAllowedTool(settings map[string]interface{}, tool string) bool {
// Get or create allowedTools array
allowedTools, ok := settings["allowedTools"].([]interface{})
if !ok {
allowedTools = []interface{}{}
}
// Check if tool already in list
for _, t := range allowedTools {
if t == tool {
fmt.Printf("✓ Tool already in allowedTools: %s\n", tool)
return false
}
}
// Add tool to array
allowedTools = append(allowedTools, tool)
settings["allowedTools"] = allowedTools
return true
}
// removeAllowedTool removes a tool pattern from allowedTools
func removeAllowedTool(settings map[string]interface{}, tool string) {
allowedTools, ok := settings["allowedTools"].([]interface{})
if !ok {
return
}
// Filter out the tool
var filtered []interface{}
for _, t := range allowedTools {
if t != tool {
filtered = append(filtered, t)
} else {
fmt.Printf("✓ Removed %s from allowedTools\n", tool)
}
}
settings["allowedTools"] = filtered
}
// addHookCommand adds a hook command to an event if not already present
// Returns true if hook was added, false if already exists
func addHookCommand(hooks map[string]interface{}, event, command string) bool {

132
cmd/bd/setup/claude_test.go
View File

@@ -406,3 +406,135 @@ func TestIdempotencyWithStealth(t *testing.T) {
t.Errorf("Expected 'bd prime --stealth', got %v", cmdMap["command"])
}
}
func TestAddAllowedTool(t *testing.T) {
tests := []struct {
name string
existingSettings map[string]interface{}
tool string
wantAdded bool
wantLen int
}{
{
name: "add tool to empty settings",
existingSettings: make(map[string]interface{}),
tool: "Bash(bd:*)",
wantAdded: true,
wantLen: 1,
},
{
name: "add tool to existing allowedTools",
existingSettings: map[string]interface{}{
"allowedTools": []interface{}{"Bash(git:*)"},
},
tool: "Bash(bd:*)",
wantAdded: true,
wantLen: 2,
},
{
name: "tool already exists",
existingSettings: map[string]interface{}{
"allowedTools": []interface{}{"Bash(bd:*)"},
},
tool: "Bash(bd:*)",
wantAdded: false,
wantLen: 1,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := addAllowedTool(tt.existingSettings, tt.tool)
if got != tt.wantAdded {
t.Errorf("addAllowedTool() = %v, want %v", got, tt.wantAdded)
}
allowedTools, ok := tt.existingSettings["allowedTools"].([]interface{})
if !ok {
t.Fatal("allowedTools not found")
}
if len(allowedTools) != tt.wantLen {
t.Errorf("Expected %d tools, got %d", tt.wantLen, len(allowedTools))
}
// Verify tool exists in list
found := false
for _, tool := range allowedTools {
if tool == tt.tool {
found = true
break
}
}
if !found {
t.Errorf("Tool %q not found in allowedTools", tt.tool)
}
})
}
}
func TestRemoveAllowedTool(t *testing.T) {
tests := []struct {
name string
existingSettings map[string]interface{}
tool string
wantLen int
}{
{
name: "remove only tool",
existingSettings: map[string]interface{}{
"allowedTools": []interface{}{"Bash(bd:*)"},
},
tool: "Bash(bd:*)",
wantLen: 0,
},
{
name: "remove one of multiple tools",
existingSettings: map[string]interface{}{
"allowedTools": []interface{}{"Bash(git:*)", "Bash(bd:*)", "Bash(npm:*)"},
},
tool: "Bash(bd:*)",
wantLen: 2,
},
{
name: "remove non-existent tool",
existingSettings: map[string]interface{}{
"allowedTools": []interface{}{"Bash(git:*)"},
},
tool: "Bash(bd:*)",
wantLen: 1,
},
{
name: "remove from empty settings",
existingSettings: make(map[string]interface{}),
tool: "Bash(bd:*)",
wantLen: 0,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
removeAllowedTool(tt.existingSettings, tt.tool)
allowedTools, ok := tt.existingSettings["allowedTools"].([]interface{})
if !ok {
// If allowedTools doesn't exist, treat as empty
if tt.wantLen != 0 {
t.Errorf("Expected %d tools, got 0 (allowedTools not found)", tt.wantLen)
}
return
}
if len(allowedTools) != tt.wantLen {
t.Errorf("Expected %d remaining tools, got %d", tt.wantLen, len(allowedTools))
}
// Verify tool is actually gone
for _, tool := range allowedTools {
if tool == tt.tool {
t.Errorf("Tool %q still present after removal", tt.tool)
}
}
})
}
}