f894399165
The agent service was running as User=erik, which meant: - Sessions polluted erik's ~/.claude/projects/ - erik's .claude/settings.local.json (months of accumulated dev permissions for docker/git/dotnet/etc.) was loaded by the production agent, defeating the --allowed-tools whitelist - Subscription rate quota mingled between human-erik's interactive Claude Code use and the production assistant - Theoretical access to /home/erik/.ssh, .bash_history, .gitconfig Now: - User=overlord-agent (system account, no shell, /var/lib/overlord-agent home) - HOME=/var/lib/overlord-agent — claude state fully isolated from erik - /home/erik/.claude permissions tightened to 0700 (was 0755) - group=overlord-agent on the repo + /etc/overlord/agent.env (read-only) Project settings: - New strict committed .claude/settings.json: deny Bash/Read/Write/Edit/ Glob/Grep/NotebookEdit/WebSearch; allow only WebFetch(domain:acpedia.org) - .claude/settings.local.json now gitignored (was leaking dev permissions to the server through the deploy)
19 lines
284 B
JSON
19 lines
284 B
JSON
{
|
|
"permissions": {
|
|
"allow": [
|
|
"WebFetch(domain:acpedia.org)"
|
|
],
|
|
"deny": [
|
|
"Bash",
|
|
"Write",
|
|
"Edit",
|
|
"Read",
|
|
"Glob",
|
|
"Grep",
|
|
"NotebookEdit",
|
|
"WebSearch"
|
|
],
|
|
"ask": []
|
|
},
|
|
"enableAllProjectMcpServers": true
|
|
}
|