æš©éãèšå®ãã
ãã现ããæš©éã«ãŒã«ãã¢ãŒãã管çããªã·ãŒã䜿çšããŠãClaude Code ãã¢ã¯ã»ã¹ããŠå®è¡ã§ããå 容ãå¶åŸ¡ããŸãã
Claude Code ã¯ããšãŒãžã§ã³ããå®è¡ã§ããããšãšå®è¡ã§ããªãããšãæ£ç¢ºã«æå®ã§ããããã«ããããããã现ããæš©éããµããŒãããŠããŸããæš©éèšå®ã¯ããŒãžã§ã³ç®¡çã«ãã§ãã¯ã€ã³ã§ããçµç¹å ã®ãã¹ãŠã®éçºè ã«é åžã§ããã»ããåã ã®éçºè ãã«ã¹ã¿ãã€ãºã§ããŸãã
æš©éã·ã¹ãã
Claude Code ã¯ããã¯ãŒãšå®å šæ§ã®ãã©ã³ã¹ãåãããã«ã段éçãªæš©éã·ã¹ãã ã䜿çšããŠããŸãã
| ããŒã«ã¿ã€ã | äŸ | æ¿èªãå¿ èŠ | ãã¯ããä»åŸã¯èããªããã®åäœ |
|---|---|---|---|
| èªã¿åãå°çš | ãã¡ã€ã«èªã¿åããGrep | ããã | N/A |
| Bash ã³ãã³ã | ã·ã§ã«å®è¡ | ã¯ã | ãããžã§ã¯ããã£ã¬ã¯ããªãšã³ãã³ãããšã«æ°žç¶ç |
| ãã¡ã€ã«å€æŽ | Edit/Write ãã¡ã€ã« | ã¯ã | ã»ãã·ã§ã³çµäºãŸã§ |
æš©éã管çãã
/permissions ã䜿çšããŠãClaude Code ã®ããŒã«æš©éã衚瀺ããã³ç®¡çã§ããŸãããã® UI ã¯ããã¹ãŠã®æš©éã«ãŒã«ãšãããããååŸããã settings.json ãã¡ã€ã«ããªã¹ãããŸãã
- Allow ã«ãŒã«ã¯ãClaude Code ãæåæ¿èªãªãã§æå®ãããããŒã«ã䜿çšã§ããããã«ããŸãã
- Ask ã«ãŒã«ã¯ãClaude Code ãæå®ãããããŒã«ã䜿çšããããšãããã³ã«ç¢ºèªãä¿ããŸãã
- Deny ã«ãŒã«ã¯ãClaude Code ãæå®ãããããŒã«ã䜿çšããããšã鲿¢ããŸãã
ã«ãŒã«ã¯é åºã§è©äŸ¡ãããŸããdenyãaskãallow ã®é ã§ãããã®é åºã§ã®æåã®ããããã¢ãŠãã«ã ãæ±ºå®ããã«ãŒã«ã®ç¹ç°æ§ã¯é åºã倿ŽããŸãããBash(aws *) ã®ãããªåºã deny ã«ãŒã«ã¯ãBash(aws s3 ls) ã®ãããªããçã allow ã«ãŒã«ã«ããããããåŒã³åºããå«ããããããããã¹ãŠã®åŒã³åºãããããã¯ãããããdeny ã«ãŒã«ã¯ã¢ããŒãªã¹ãäŸå€ãå«ãããšã¯ã§ããŸãããask ãš allow ã®éã«ãåãåªå
é äœãé©çšãããŸããããããã ask ã«ãŒã«ã¯ãåãåŒã³åºãã«ãããããããå
·äœç㪠allow ã«ãŒã«ãããå Žåã§ããããã³ããã衚瀺ããŸãã
Deny ã«ãŒã«ã¯ãããŒã«åãæå®ããããããŒã«å
ã®ãã¿ãŒã³ãã¹ã³ãŒããããã«ãã£ãŠç°ãªãåäœãããŸããBash ã®ãããªãã¢ããŒã«åã¯ãããŒã«ã Claude ã®ã³ã³ããã¹ãããå®å
šã«åé€ãããããClaude ã¯ãããèŠãããšã¯ãããŸãããBash(rm *) ã®ãããªã¹ã³ãŒãä»ãã«ãŒã«ã¯ãããŒã«ãå©çšå¯èœãªãŸãŸã«ããClaude ã詊ã¿ããšãã«ãããããåŒã³åºãããããã¯ããŸãã
æš©éã«ãŒã«ã¯ Claude Code ã«ãã£ãŠå®è£
ãããŠãããã¢ãã«ã«ãã£ãŠã§ã¯ãããŸãããããã³ãããŸã㯠CLAUDE.md ã®æç€ºã¯ãClaude ãäœãããããšãããã圢äœããŸãããClaude Code ãèš±å¯ããå
容ã¯å€ãããŸãããã¢ã¯ã»ã¹ãä»äžãŸãã¯åãæ¶ãã«ã¯ã/permissionsãããã§èª¬æãããŠããã«ãŒã«ãpermission modeããŸã㯠PreToolUse hook ã䜿çšããŠãã ããã
æš©éã¢ãŒã
Claude Code ã¯ãããŒã«ã®æ¿èªæ¹æ³ãå¶åŸ¡ããããã€ãã®æš©éã¢ãŒãããµããŒãããŠããŸããæš©éã¢ãŒããåç
§ããŠãåã¢ãŒãããã€äœ¿çšãããã確èªããŠãã ãããèšå®ãã¡ã€ã«ã§ defaultMode ãèšå®ããŸãã
| ã¢ãŒã | 説æ |
|---|---|
default |
æšæºåäœãåããŒã«ã®æåã®äœ¿çšæã«æš©éãä¿ããŸã |
acceptEdits |
ãã¡ã€ã«ç·šéãšäžè¬çãªãã¡ã€ã«ã·ã¹ãã ã³ãã³ãïŒmkdirãtouchãmvãcp ãªã©ïŒããäœæ¥ãã£ã¬ã¯ããªãŸã㯠additionalDirectories å
ã®ãã¹ã«å¯ŸããŠèªåçã«åãå
¥ããŸã |
plan |
Plan ModeãClaude ã¯ãã¡ã€ã«ãèªã¿åããèªã¿åãå°çšã·ã§ã«ã³ãã³ããå®è¡ããŠæ¢çŽ¢ããŸããããœãŒã¹ãã¡ã€ã«ãç·šéããŸãã |
auto |
ããã¯ã°ã©ãŠã³ãå®å šãã§ãã¯ä»ãã§ããŒã«åŒã³åºããèªåæ¿èªããã¢ã¯ã·ã§ã³ããªã¯ãšã¹ããšäžèŽããããšã確èªããŸããçŸåšã¯ç ç©¶ãã¬ãã¥ãŒã§ã |
dontAsk |
/permissions ãŸã㯠permissions.allow ã«ãŒã«ã§äºåã«æ¿èªãããŠããªãéããããŒã«ãèªåçã«æåŠããŸã |
bypassPermissions |
ãã¹ãŠã®æš©éããã³ãããã¹ãããããŸãããã¡ã€ã«ã·ã¹ãã ã«ãŒããŸãã¯ããŒã ãã£ã¬ã¯ããªã®åé€ïŒrm -rf / ãªã©ïŒã¯åè·¯é®æåšãšããŠåŒãç¶ãããã³ããã衚瀺ããŸã |
bypassPermissions ã¢ãŒãã¯ãã¹ãŠã®æš©éããã³ãããã¹ãããããŸãã.gitã.config/gitã.claudeã.vscodeã.ideaã.huskyã.cargoã.devcontainerã.yarnã.mvn ãžã®æžã蟌ã¿ãå«ã¿ãŸãããã¡ã€ã«ã·ã¹ãã ã«ãŒããŸãã¯ããŒã ãã£ã¬ã¯ããªã察象ãšããåé€ïŒrm -rf / ã rm -rf ~ ãªã©ïŒã¯ãã¢ãã«ãšã©ãŒã«å¯Ÿããåè·¯é®æåšãšããŠåŒãç¶ãããã³ããã衚瀺ããŸãããã®ã¢ãŒãã¯ãClaude Code ãæå®³ãåŒãèµ·ãããªãã³ã³ããã VM ãªã©ã®éé¢ãããç°å¢ã§ã®ã¿äœ¿çšããŠãã ããã管çè
ã¯ã管çèšå®ã§ permissions.disableBypassPermissionsMode ã "disable" ã«èšå®ããããšã§ããã®ã¢ãŒãã鲿¢ã§ããŸãã
bypassPermissions ãŸã㯠auto ã¢ãŒãã䜿çšãããã®ãé²ãã«ã¯ãä»»æã®èšå®ãã¡ã€ã«ã§ permissions.disableBypassPermissionsMode ãŸã㯠permissions.disableAutoMode ã "disable" ã«èšå®ããŸãããããã¯ããªãŒããŒã©ã€ãã§ããªã管çèšå®ã§æãæçšã§ãã
æš©éã«ãŒã«æ§æ
æš©éã«ãŒã«ã¯ãTool ãŸã㯠Tool(specifier) ã®åœ¢åŒã«åŸããŸãã
ããŒã«ã®ãã¹ãŠã®äœ¿çšããããããã
ããŒã«ã®ãã¹ãŠã®äœ¿çšãããããããã«ã¯ãæ¬åŒ§ãªãã§ããŒã«åã䜿çšããŸãã
| ã«ãŒã« | 广 |
|---|---|
Bash |
ãã¹ãŠã® Bash ã³ãã³ããããããããŸã |
WebFetch |
ãã¹ãŠã®ãŠã§ããã§ãããªã¯ãšã¹ããããããããŸã |
Read |
ãã¹ãŠã®ãã¡ã€ã«èªã¿åããããããããŸã |
Bash(*) 㯠Bash ãšåçã§ããã¹ãŠã® Bash ã³ãã³ããããããããŸããæåŠã«ãŒã«ãšããŠãäž¡æ¹ã®åœ¢åŒã¯ Claude ã®ã³ã³ããã¹ãããããŒã«ãåé€ããŸãã
现ããå¶åŸ¡ã®ããã«ã¹ãã·ãã¡ã€ã¢ã䜿çšãã
æ¬åŒ§å ã«ã¹ãã·ãã¡ã€ã¢ã远å ããŠãç¹å®ã®ããŒã«äœ¿çšãããããããŸãã
| ã«ãŒã« | 广 |
|---|---|
Bash(npm run build) |
æ£ç¢ºãªã³ãã³ã npm run build ãããããããŸã |
Read(./.env) |
çŸåšã®ãã£ã¬ã¯ããªã® .env ãã¡ã€ã«ãèªã¿åãããšãããããããŸã |
WebFetch(domain:example.com) |
example.com ãžã®ãã§ãããªã¯ãšã¹ããããããããŸã |
å ¥åãã©ã¡ãŒã¿ã§ãããããã
æåŠã«ãŒã«ãšç¢ºèªã«ãŒã«ã¯ãTool(param:value) ã䜿çšããŠä»»æã®ããŒã«äžã®ãããã¬ãã«å
¥åãã©ã¡ãŒã¿ãããããããããšãã§ããŸããã«ãŒã«ã¯ Claude ããã®ãã©ã¡ãŒã¿ããã®æ£ç¢ºãªå€ã«èšå®ããŠããŒã«ãåŒã³åºããšãã«ãããããŸãããã®æ§æã¯æåŠã«ãŒã«ãšç¢ºèªã«ãŒã«çšã§ãã1 ã€ã®ãã©ã¡ãŒã¿å€ã«å¯Ÿããèš±å¯ã«ãŒã«ã¯ããã®åŒã³åºããå
šäœçã«å®å
šã§ããããšã確ç«ããªããããèš±å¯ã«ãŒã«ã¯åããŒã«ç¬èªã®ã¹ãã·ãã¡ã€ã¢æ§æã䜿çšãç¶ããŸããããã¯ããŒã«ãåãå
¥ããã¹ã«ã©ãŒãã©ã¡ãŒã¿ã§æ©èœããŸãã
| ã«ãŒã« | ããã |
|---|---|
Agent(model:opus) |
Opus ã¢ãã«ãã£ã¢ããªã¯ãšã¹ããã Agent åŒã³åºã |
Agent(isolation:worktree) |
git worktree ããªã¯ãšã¹ããã Agent åŒã³åºã |
Bash(run_in_background:true) |
ããã¯ã°ã©ãŠã³ãã§å®è¡ããã Bash åŒã³åºã |
ãã©ã¡ãŒã¿ãããã³ã°ã¯ä»¥äžã®ã«ãŒã«ã«åŸããŸãã
- ãã©ã¡ãŒã¿å㯠Agent ããŒã«äžã®
modelãªã©ãããŒã«ã®å ¥åã®çŽæ¥ãã£ãŒã«ãã§ããå¿ èŠããããŸãããªããžã§ã¯ããŸãã¯é åå ã«ãã¹ãããããã£ãŒã«ãã¯ãããå¯èœã§ã¯ãããŸãã - åã«ãŒã«ã¯ 1 ã€ã®ãã©ã¡ãŒã¿ã«ååãä»ããŸãã
modelãšisolationã®äž¡æ¹ã§ã²ãŒãããã«ã¯ã1 ã€ã®ã«ãŒã«ã§çµã¿åãããã®ã§ã¯ãªããAgent(model:opus)ãšAgent(isolation:worktree)ã® 2 ã€ã®ã«ãŒã«ãèšè¿°ããŸã - å€ã¯
*ãã¯ã€ã«ãã«ãŒããšããŠãµããŒãããä»»æã®æåã·ãŒã±ã³ã¹ã«ããããããããAgent(isolation:*)ã¯ä»»æã®æç€ºç㪠isolation å€ã«ãããããŸãã*ããªãå Žåããããã¯æ£ç¢ºã§ã - ã¢ãã«ãçç¥ãããã©ã¡ãŒã¿ã¯æ±ºããŠãããããªãããã
Agent(model:*)ã¯modelãèšå®ãããŠããªãåŒã³åºãã«ã¯ãããããŸãã - å€ã¯ Claude ãéä¿¡ãããªãã©ã«å
¥åãšæ¯èŒãããæ£èŠåã®åã§ãã
Agent(model:opus)ã¯å¥åopusã«ãããããŸãããå®å šãªã¢ãã« ID ã«ã¯ãããããŸããã--verboseã§å®è¡ããŠãåããŒã«åŒã³åºãã®æ£ç¢ºãªãã©ã¡ãŒã¿åãšå€ã確èªããŠãã ãã - ã³ãã³ã®åšãã®ãã¯ã€ãã¹ããŒã¹ã¯ç¡èŠãããŸã
ããŒã«ãç¬èªã®æ£èŠåã«ãŒã«ã§ããããããã£ãŒã«ãã¯ãã®æ¹æ³ã§ã¯ãããå¯èœã§ã¯ãããŸãããBash ãš PowerShell ã® commandãReadãEditãWrite ã® file_pathãGrep ãš Glob ã® pathãNotebookEdit ã® notebook_pathãWebFetch ã® url ã§ããBash(command:rm *) ã®ãããªã«ãŒã«ã¯ã³ã³ããŠã³ãã³ãã³ãã§ãã€ãã¹å¯èœã§ãããããClaude Code ã¯ãããç¡èŠããã¹ã¿ãŒãã¢ããèŠåãçºè¡ããŸãã代ããã« Bash(rm *)ãRead(./path)ããŸã㯠WebFetch(domain:host) ã䜿çšããŠãã ããã
ã¯ã€ã«ãã«ãŒããã¿ãŒã³
Bash ã«ãŒã«ã¯ * ã䜿çšããã°ãããã¿ãŒã³ããµããŒãããŠããŸããã¯ã€ã«ãã«ãŒãã¯ã³ãã³ãå
ã®ä»»æã®äœçœ®ã«è¡šç€ºã§ããŸãããã®èšå®ã«ãããnpm ããã³ git commit ã³ãã³ããèš±å¯ãããgit push ããããã¯ãããŸãã
{
"permissions": {
"allow": [
"Bash(npm run *)",
"Bash(git commit *)",
"Bash(git * main)",
"Bash(* --version)",
"Bash(* --help *)"
],
"deny": [
"Bash(git push *)"
]
}
}
* ã®åã®ã¹ããŒã¹ã¯éèŠã§ããBash(ls *) 㯠ls -la ã«ãããããŸãã lsof ã«ã¯ãããããŸãããäžæ¹ãBash(ls*) ã¯äž¡æ¹ã«ãããããŸãã:* ãµãã£ãã¯ã¹ã¯æ«å°Ÿã®ã¯ã€ã«ãã«ãŒããèšè¿°ããåçã®æ¹æ³ã§ãããããBash(ls:*) 㯠Bash(ls *) ãšåãã³ãã³ããããããããŸãã
æš©éãã€ã¢ãã°ã¯ãã³ãã³ããã¬ãã£ãã¯ã¹ã«å¯ŸããŠãã¯ããä»åŸã¯èããªãããéžæãããšãã¹ããŒã¹åºåã圢åŒãæžã蟌ã¿ãŸãã:* 圢åŒã¯ãã¿ãŒã³ã®æ«å°Ÿã§ã®ã¿èªèãããŸããBash(git:* push) ã®ãããªãã¿ãŒã³ã§ã¯ãã³ãã³ã¯ãªãã©ã«æåãšããŠæ±ãããgit ã³ãã³ãã«ã¯ãããããŸããã
ããŒã«åã¯ã€ã«ãã«ãŒã
æåŠã«ãŒã«ãšç¢ºèªã«ãŒã«ã¯ãããŒã«åã®äœçœ®ã§ãã°ãããã¿ãŒã³ãåãå
¥ããŸãããã¿ãŒã³ã¯ããŒã«åå
šäœã«ãããããå¿
èŠããããŸãã"*" ã¯ãã¹ãŠã®ããŒã«ã«ããããã"mcp__*" ã¯ãã¹ãŠã®ãµãŒããŒå
šäœã®ãã¹ãŠã® MCP ããŒã«ã«ãããããŸãããã¢ããŒã glob æåŠã«ãŒã«ã§ãããããããŒã«ã¯ Claude ã®ã³ã³ããã¹ãããåé€ãããŸããããã¯ãã¢ããŒã«åãšåãã§ãããã®èšå®ã¯ãã¹ãŠã® MCP ããŒã«ãæåŠããŸãã
{
"permissions": {
"deny": [
"mcp__*"
]
}
}
èš±å¯ã«ãŒã«ã¯ããªãã©ã« mcp__<server>__ ãã¬ãã£ãã¯ã¹ã®åŸã§ã®ã¿ããŒã«å glob ãåãå
¥ããŸãããµãŒããŒã»ã°ã¡ã³ã㯠glob ããªãŒã§ããå¿
èŠããããããã«ãŒã«ã¯èšå®ããç¹å®ã®ãµãŒããŒã«ååãä»ããŸããmcp__puppeteer__* 㯠puppeteer ãµãŒããŒããã®ãã¹ãŠã®ããŒã«ã«ãããããmcp__github__get_* ã¯ãã® get_ ããŒã«ã«ãããããŸãã"*"ã"B*"ããŸã㯠"mcp__*" ãªã©ã®ã¢ã³ã«ãŒãªãèš±å¯ glob ã¯èŠåãšãšãã«ã¹ããããããèªåæ¿èªãããŸããã
ããŒã«åããããããªãæ¢ç¥ã®ããŒã«ãæã€æåŠã«ãŒã«ãŸãã¯ç¢ºèªã«ãŒã«ã¯ãã¿ã€ããã¹ããã£ããããããã«ã¹ã¿ãŒãã¢ããèŠåãçæããŸãã_ ãŸã㯠* ãå«ãããŒã«åã¯ãã§ãã¯ããé€å€ãããŸãã
ãã©ã³ã¹ã¯ãªãããšæš©éãã€ã¢ãã°ã«è¡šç€ºãããããŒã«ã®ã©ãã«ã¯ããã®æ£èŠåãšç°ãªãå ŽåããããŸããããšãã°ããã©ã³ã¹ã¯ãªããã§ Stop Task ãšããã©ãã«ãä»ããŠããããŒã«ã®æ£èŠå㯠TaskStop ã§ããæš©éã«ãŒã«ãš hook ãããã£ãŒ ã¯æ£èŠåã®ã¿ããããããããããStop Task ãšããŠèšè¿°ãããã«ãŒã«ã¯ãããããŸãããæåŠã«ãŒã«ãšç¢ºèªã«ãŒã«ã®å Žåãäžèšã®ã¹ã¿ãŒãã¢ããèŠåããã¹ãããããã£ããããŸããããŒã«åç
§ ã«èšèŒãããŠããæ£èŠåã䜿çšããŠãã ããã
ããŒã«åºæã®æš©éã«ãŒã«
Bash
Bash æš©éã«ãŒã«ã¯ * ã䜿çšããã¯ã€ã«ãã«ãŒããããã³ã°ããµããŒãããŠããŸããã¯ã€ã«ãã«ãŒãã¯ãéå§ãäžå€®ãçµäºãå«ãã³ãã³ãå
ã®ä»»æã®äœçœ®ã«è¡šç€ºã§ããŸãã
Bash(npm run build)ã¯æ£ç¢ºãª Bash ã³ãã³ãnpm run buildãããããããŸãBash(npm run test *)ã¯npm run testã§å§ãŸã Bash ã³ãã³ããããããããŸãBash(npm *)ã¯npmã§å§ãŸãã³ãã³ããããããããŸãBash(* install)ã¯installã§çµããã³ãã³ããããããããŸãBash(git * main)ã¯git checkout mainãgit log --oneline mainãªã©ã®ã³ãã³ããããããããŸã
åäžã® * ã¯ãã¹ããŒã¹ãå«ãä»»æã®æåã·ãŒã±ã³ã¹ãããããããããã1 ã€ã®ã¯ã€ã«ãã«ãŒãã§è€æ°ã®åŒæ°ã«ãŸãããããšãã§ããŸããBash(git *) 㯠git log --oneline --all ãããããããBash(git * main) 㯠git push origin main ããã³ git merge main ãããããããŸãã
* ãæ«å°Ÿã«ã¹ããŒã¹ä»ãã§è¡šç€ºãããå ŽåïŒBash(ls *) ãªã©ïŒãåèªå¢çã匷å¶ãããã¬ãã£ãã¯ã¹ã®åŸã«ã¹ããŒã¹ãŸãã¯æååã®çµãããç¶ãå¿
èŠããããŸããããšãã°ãBash(ls *) 㯠ls -la ã«ãããããŸãã lsof ã«ã¯ãããããŸããã察ç
§çã«ãã¹ããŒã¹ãªãã® Bash(ls*) ã¯ãåèªå¢çå¶çŽããªããããls -la ãš lsof ã®äž¡æ¹ã«ãããããŸãã
è€åã³ãã³ã
Claude Code ã¯ã·ã§ã«ãªãã¬ãŒã¿ãèªèããŠãããããBash(safe-cmd *) ã®ãããªã«ãŒã«ã¯ãsafe-cmd && other-cmd ã³ãã³ããå®è¡ããæš©éãäžããŸãããèªèãããã³ãã³ãåºåãæå㯠&&ã||ã;ã|ã|&ã&ãããã³æ¹è¡ã§ããã«ãŒã«ã¯åãµãã³ãã³ããç¬ç«ããŠåå¥ã«ããããããå¿
èŠããããŸãã
ãã¯ããä»åŸã¯èããªããã§è€åã³ãã³ããæ¿èªãããšãClaude Code ã¯è€åæååå
šäœã®åäžã«ãŒã«ã§ã¯ãªããæ¿èªãå¿
èŠãªåãµãã³ãã³ãã®åå¥ã«ãŒã«ãä¿åããŸããããšãã°ãgit status && npm test ãæ¿èªãããšãnpm test ã®ã«ãŒã«ãä¿åããããããå°æ¥ã® npm test åŒã³åºã㯠&& ã®åã«äœããããã«é¢ä¿ãªãèªèãããŸããcd ããµããã£ã¬ã¯ããªã«ç§»åãããããªãµãã³ãã³ãã¯ããã®ãã¹ã®ç¬èªã® Read ã«ãŒã«ãçæããŸããåäžã®è€åã³ãã³ãã«å¯ŸããŠæå€§ 5 ã€ã®ã«ãŒã«ãä¿åãããå ŽåããããŸãã
ããã»ã¹ã©ãããŒ
Bash ã«ãŒã«ãããããããåã«ãClaude Code ã¯åºå®ãããããã»ã¹ã©ãããŒã»ãããã¹ããªãããããããBash(npm test *) ã®ãããªã«ãŒã«ã¯ timeout 30 npm test ãããããããŸããèªèãããã©ãããŒã¯ timeoutãtimeãniceãnohupãstdbuf ã§ãã
ã㢠xargs ãã¹ããªããããããããBash(grep *) 㯠xargs grep pattern ãããããããŸããã¹ããªãã㯠xargs ã«ãã©ã°ããªãå Žåã«ã®ã¿é©çšãããŸããxargs -n1 grep pattern ã®ãããªåŒã³åºã㯠xargs ã³ãã³ããšããŠãããããããããå
éšã³ãã³ãçšã«èšè¿°ãããã«ãŒã«ã¯ãããã«ããŒããŸããã
ãã®ã©ãããŒãªã¹ãã¯çµã¿èŸŒãŸããŠãããèšå®äžå¯èœã§ããdirenv execãdevbox runãmise execãnpxãdocker exec ãªã©ã®éçºç°å¢ã©ã³ããŒã¯ãªã¹ãã«å«ãŸããŠããŸããããããã®ããŒã«ã¯åŒæ°ãã³ãã³ããšããŠå®è¡ãããããBash(devbox run *) ã®ãããªã«ãŒã«ã¯ run ã®åŸã«ç¶ããã®ãããããããŸããããã«ã¯ devbox run rm -rf . ãå«ãŸããŸããç°å¢ã©ã³ããŒå
ã§ã®äœæ¥ãæ¿èªããã«ã¯ãã©ã³ããŒãšå
éšã³ãã³ãã®äž¡æ¹ãå«ãç¹å®ã®ã«ãŒã«ãèšè¿°ããŸããäŸãã° Bash(devbox run npm test)ãèš±å¯ããå
éšã³ãã³ãããšã« 1 ã€ã®ã«ãŒã«ã远å ããŸãã
watchãsetsidãioniceãflock ãªã©ã® Exec ã©ãããŒã¯åžžã«ããã³ããã衚瀺ããBash(watch *) ã®ãããªãã¬ãã£ãã¯ã¹ã«ãŒã«ã§èªåæ¿èªããããšã¯ã§ããŸãããåãããšã -exec ãŸã㯠-delete ã䜿çšãã find ã«ãé©çšãããŸããBash(find *) ã«ãŒã«ã¯ãããã®åœ¢åŒãã«ããŒããŸãããç¹å®ã®åŒã³åºããæ¿èªããã«ã¯ãå®å
šãªã³ãã³ãæååã®æ£ç¢ºäžèŽã«ãŒã«ãèšè¿°ããŸãã
èªã¿åãå°çšã³ãã³ã
Claude Code ã¯ãBash ã³ãã³ãã®çµã¿èŸŒã¿ã»ãããèªã¿åãå°çšãšããŠèªèãããã¹ãŠã®ã¢ãŒãã§æš©éããã³ãããªãã§å®è¡ããŸããããã«ã¯ lsãcatãechoãpwdãheadãtailãgrepãfindãwcãwhichãdiffãstatãduãcdãããã³ git ã®èªã¿åãå°çšåœ¢åŒãå«ãŸããŸããã»ããã¯èšå®äžå¯èœã§ãããããã®ã³ãã³ãã® 1 ã€ã«ããã³ãããèŠæ±ããã«ã¯ãããã«å¯Ÿã㊠ask ãŸã㯠deny ã«ãŒã«ã远å ããŸãã
ãã¹ãŠã®ãã©ã°ãèªã¿åãå°çšã§ããã³ãã³ãã«å¯ŸããŠã¯ãåŒçšç¬Šãªãã®ã°ãããã¿ãŒã³ãèš±å¯ããããããls *.ts ããã³ wc -l src/*.py ã¯ããã³ãããªãã§å®è¡ãããŸããfindãsortãsedãgit ãªã©ã®æžã蟌ã¿å¯èœãŸãã¯å®è¡å¯èœãªãã©ã°ãæã€ã³ãã³ãã¯ãã°ããã -delete ã®ãããªãã©ã°ã«å±éãããå¯èœæ§ããããããåŒçšç¬Šãªãã®ã°ãããååšããå Žåã§ãããã³ããã衚瀺ããŸãã
äœæ¥ãã£ã¬ã¯ããªãŸãã¯è¿œå ãã£ã¬ã¯ããªå
ã®ãã¹ãžã® cd ãèªã¿åãå°çšã§ããcd packages/api && ls ã®ãããªè€åã³ãã³ãã¯ãåéšåãç¬ç«ããŠé©æ Œã§ããå Žåãããã³ãããªãã§å®è¡ãããŸããè€åã³ãã³ãã§ cd ãš git ãçµã¿åããããšãã¿ãŒã²ãããã£ã¬ã¯ããªã«é¢ä¿ãªãåžžã«ããã³ããã衚瀺ãããŸãã
ã³ãã³ãåŒæ°ãå¶çŽããããšãã Bash æš©éãã¿ãŒã³ã¯è匱ã§ããããšãã°ãBash(curl http://github.com/ *) 㯠curl ã GitHub URL ã«å¶éããããšãæå³ããŠããŸãããæ¬¡ã®ãããªããªãšãŒã·ã§ã³ã«ã¯ãããããŸããã
- URL ã®åã®ãªãã·ã§ã³ïŒ
curl -X GET http://github.com/... - ç°ãªããããã³ã«ïŒ
curl https://github.com/... - ãªãã€ã¬ã¯ãïŒ
curl -L http://bit.ly/xyzïŒgithub ã«ãªãã€ã¬ã¯ãïŒ - 倿°ïŒ
URL=http://github.com && curl $URL - äœåãªã¹ããŒã¹ïŒ
curl http://github.com
ããä¿¡é Œæ§ã®é«ã URL ãã£ã«ã¿ãªã³ã°ã«ã€ããŠã¯ã以äžãæ€èšããŠãã ããã
- Bash ãããã¯ãŒã¯ããŒã«ãå¶éããïŒdeny ã«ãŒã«ã䜿çšããŠ
curlãwgetãªã©ã®ã³ãã³ãããããã¯ããèš±å¯ããããã¡ã€ã³ã«å¯ŸããŠWebFetch(domain:github.com)æš©éã§ WebFetch ããŒã«ã䜿çšããŸã - PreToolUse ããã¯ã䜿çšããïŒBash ã³ãã³ãã® URL ãæ€èšŒããèš±å¯ãããŠããªããã¡ã€ã³ããããã¯ããããã¯ãå®è£ ããŸã
- CLAUDE.md ã¬ã€ãã³ã¹ã远å ããïŒ
CLAUDE.mdã§ Claude Code ã«èš±å¯ããã curl ãã¿ãŒã³ã«ã€ããŠèª¬æããŸãããã㯠Claude ã詊ã¿ãããšã圢äœããŸãããå¢çã匷å¶ããªããããäžèšã®ãªãã·ã§ã³ã® 1 ã€ãšçµã¿åãããŠãã ãã
WebFetch ã®ã¿ã䜿çšããŠãããããã¯ãŒã¯ã¢ã¯ã»ã¹ã¯é²æ¢ãããŸãããBash ãèš±å¯ãããŠããå ŽåãClaude 㯠curlãwget ãŸãã¯ä»ã®ããŒã«ã䜿çšããŠä»»æã® URL ã«å°éã§ããŸãã
PowerShell
PowerShell æš©éã«ãŒã«ã¯ Bash ã«ãŒã«ãšåã圢åŒã䜿çšããŠããŸãã* ã䜿çšããã¯ã€ã«ãã«ãŒãã¯ä»»æã®äœçœ®ã§ããããã:* ãµãã£ãã¯ã¹ã¯æ«å°Ÿã® * ãšåçã§ãããã㢠PowerShell ãŸã㯠PowerShell(*) ã¯ãã¹ãŠã®ã³ãã³ããããããããŸãããã®èšå®ã«ãããGet-ChildItem ããã³ git commit ã³ãã³ããèš±å¯ãããRemove-Item ããããã¯ãããŸãã
{
"permissions": {
"allow": [
"PowerShell(Get-ChildItem *)",
"PowerShell(git commit *)"
],
"deny": [
"PowerShell(Remove-Item *)"
]
}
}
äžè¬çãªãšã€ãªã¢ã¹ã¯ãããã³ã°åã«æ£èŠåãããŸããã³ãã³ãã¬ããåçšã«èšè¿°ãããã«ãŒã«ã¯ãã®ãšã€ãªã¢ã¹ããããããããããPowerShell(Get-ChildItem *) 㯠gciãlsãdir ãããããããŸãããããã³ã°ã¯å€§æåãšå°æåãåºå¥ããŸããã
Claude Code 㯠PowerShell AST ãè§£æããè€åã³ãã³ãå
ã®åã³ãã³ããç¬ç«ããŠãã§ãã¯ããŸãããã€ããªãã¬ãŒã¿ |ãã¹ããŒãã¡ã³ãåºåãæå ;ãããã³ PowerShell 7 以éã®ãã§ãŒã³ãªãã¬ãŒã¿ && ãš || ã¯è€åã³ãã³ãããµãã³ãã³ãã«åå²ããŸããè€åã³ãã³ããèš±å¯ãããã«ã¯ãã«ãŒã«ããã¹ãŠã®ãµãã³ãã³ããããããããå¿
èŠããããŸãã
Read ãš Edit
Edit ã«ãŒã«ã¯ããã¡ã€ã«ãç·šéãããã¹ãŠã®çµã¿èŸŒã¿ããŒã«ã«é©çšãããŸããClaude ã¯ãGrep ã Glob ãªã©ã®ãã¡ã€ã«ãèªã¿åããã¹ãŠã®çµã¿èŸŒã¿ããŒã«ã« Read ã«ãŒã«ãé©çšããããã«ãã¹ããšãã©ãŒãã詊ã¿ãŸãããŸããããã³ããå
ã® @file ã¡ã³ã·ã§ã³ããæ¥ç¶ããã IDE ã Claude ãšå
±æããéžæããã³ãªãŒãã³ãã¡ã€ã«ã³ã³ããã¹ãã«ãé©çšããŸãã
Read ãš Edit deny ã«ãŒã«ã¯ Claude ã®çµã¿èŸŒã¿ãã¡ã€ã«ããŒã«ãšãBash ã§ Claude Code ãèªèãããã¡ã€ã«ã³ãã³ãïŒcatãheadãtailãsed ãªã©ïŒã«é©çšãããŸãããããã¯ãPython ãŸã㯠Node ã¹ã¯ãªããããã¡ã€ã«ãèªåã§éããããªããã¡ã€ã«ã鿥çã«èªã¿æžãããä»»æã®ãµãããã»ã¹ã«ã¯é©çšãããŸããããã¹ãžã®ãã¹ãŠã®ããã»ã¹ã®ã¢ã¯ã»ã¹ããããã¯ãã OS ã¬ãã«ã®åŒ·å¶ã«ã€ããŠã¯ããµã³ãããã¯ã¹ãæå¹ã«ããŠãã ããã
Read ãš Edit ã«ãŒã«ã®äž¡æ¹ã¯ãgitignore 仿§ã«åŸãã4 ã€ã®ç°ãªããã¿ãŒã³ã¿ã€ãããããŸãã
| ãã¿ãŒã³ | æå³ | äŸ | ããã |
|---|---|---|---|
//path |
ãã¡ã€ã«ã·ã¹ãã ã«ãŒãããã®çµ¶å¯Ÿãã¹ | Read(//Users/alice/secrets/**) |
/Users/alice/secrets/** |
~/path |
ããŒã ãã£ã¬ã¯ããªããã®ãã¹ | Read(~/Documents/*.pdf) |
/Users/alice/Documents/*.pdf |
/path |
ãããžã§ã¯ãã«ãŒãããã®çžå¯Ÿãã¹ | Edit(/src/**/*.ts) |
<project root>/src/**/*.ts |
path ãŸã㯠./path |
çŸåšã®ãã£ã¬ã¯ããªããã®çžå¯Ÿãã¹ | Read(*.env) |
<cwd>/*.env |
/Users/alice/file ã®ãããªãã¿ãŒã³ã¯çµ¶å¯Ÿãã¹ã§ã¯ãããŸããããããžã§ã¯ãã«ãŒãããã®çžå¯Ÿãã¹ã§ãã絶察ãã¹ã«ã¯ //Users/alice/file ã䜿çšããŠãã ããã
Windows ã§ã¯ããã¹ã¯ãããã³ã°åã« POSIX 圢åŒã«æ£èŠåãããŸããC:\Users\alice 㯠/c/Users/alice ã«ãªãããã//c/**/.env ã䜿çšããŠãã®ãã©ã€ãäžã® .env ãã¡ã€ã«ãããããããŸãããã¹ãŠã®ãã©ã€ãå
šäœã§ããããããã«ã¯ã//**/.env ã䜿çšããŸãã
äŸïŒ
Edit(/docs/**):<project>/docs/ã§ã®ç·šéïŒ/docs/ã§ã¯ãªãã<project>/.claude/docs/ã§ããããŸããïŒRead(~/.zshrc): ããŒã ãã£ã¬ã¯ããªã®.zshrcãèªã¿åããŸãEdit(//tmp/scratch.txt): 絶察ãã¹/tmp/scratch.txtãç·šéããŸãRead(src/**):<current-directory>/src/ããèªã¿åããŸã
ã«ãŒã«ã¯ãã®ã¢ã³ã«ãŒã®äžã®ãã¡ã€ã«ã®ã¿ããããããããããã¢ã³ã«ãŒã¯ deny ã«ãŒã«ãã©ããŸã§å°éããããæ±ºå®ããŸãããã¢ãã¡ã€ã«å㯠gitignore ã»ãã³ãã£ã¯ã¹ã«åŸããä»»æã®æ·±ãã§ããããããããRead(.env) ãš Read(**/.env) ã¯åçã§ãã
| Deny ã«ãŒã« | ããã㯠| ãããã¯ããªã |
|---|---|---|
Read(.env) ãŸã㯠Read(**/.env) |
çŸåšã®ãã£ã¬ã¯ããªä»¥äžã®ä»»æã® .env |
芪ãã£ã¬ã¯ããªãŸãã¯å¥ã®ãããžã§ã¯ãå
ã® .env |
Read(//**/.env) |
ãã¡ã€ã«ã·ã¹ãã äžã®ä»»æã®å Žæã® .env |
ãªããã«ãŒã«ã¯ãã¡ã€ã«ã·ã¹ãã ã«ãŒãã«ã¢ã³ã«ãŒãããŠããŸã |
gitignore ãã¿ãŒã³ã§ã¯ã* ã¯åäžã®ãã£ã¬ã¯ããªå
ã®ãã¡ã€ã«ããããããã** ã¯ãã£ã¬ã¯ããªå
šäœã§ååž°çã«ããããããŸãããã¹ãŠã®ãã¡ã€ã«ã¢ã¯ã»ã¹ãèš±å¯ããã«ã¯ãæ¬åŒ§ãªãã§ããŒã«åã䜿çšããŸããReadãEditããŸã㯠Writeã
Claude ãã·ã³ããªãã¯ãªã³ã¯ã«ã¢ã¯ã»ã¹ãããšããæš©éã«ãŒã«ã¯ 2 ã€ã®ãã¹ããã§ãã¯ããŸããã·ã³ããªãã¯ãªã³ã¯èªäœãšãããã解決ãããã¡ã€ã«ã§ããAllow ã«ãŒã«ãš deny ã«ãŒã«ã¯ãã®ãã¢ãç°ãªãæ¹æ³ã§æ±ããŸããallow ã«ãŒã«ã¯ããã³ããã«ãã©ãŒã«ããã¯ããdeny ã«ãŒã«ã¯å®å šã«ãããã¯ããŸãã
- Allow ã«ãŒã«ïŒã·ã³ããªãã¯ãªã³ã¯ãã¹ãšãã®ã¿ãŒã²ããã®äž¡æ¹ããããããå Žåã«ã®ã¿é©çšãããŸããèš±å¯ããããã£ã¬ã¯ããªå ã®ã·ã³ããªãã¯ãªã³ã¯ãããã®å€ãæããŠããå Žåã§ããããã³ããã衚瀺ãããŸãã
- Deny ã«ãŒã«ïŒã·ã³ããªãã¯ãªã³ã¯ãã¹ãŸãã¯ãã®ã¿ãŒã²ããã®ããããããããããå Žåã«é©çšãããŸããæåŠããããã¡ã€ã«ãæãã·ã³ããªãã¯ãªã³ã¯èªäœãæåŠãããŸãã
ããšãã°ãRead(./project/**) ãèš±å¯ãããRead(~/.ssh/**) ãæåŠãããŠããå Žåã./project/key ã«ããã·ã³ããªãã¯ãªã³ã¯ã ~/.ssh/id_rsa ãæããŠããå Žåãã¿ãŒã²ããã allow ã«ãŒã«ã«å€±æããdeny ã«ãŒã«ã«ãããããããããããã¯ãããŸãã
WebFetch
WebFetch ã«ãŒã«ã¯ domain: ãã¬ãã£ãã¯ã¹ã䜿çšãããªã¯ãšã¹ãããã URL ã®ãã¹ãåã«å¯ŸããŠãããããŸãããããã³ã°ã¯å€§æåãšå°æåãåºå¥ããã* ã¯ã€ã«ãã«ãŒãããµããŒãããã«ãŒã«ãšãã¹ãåã®äž¡æ¹ããæ«å°Ÿã® . ãã¹ããªãããããããexample.com. ãš example.com ã¯åããã®ãšããŠæ±ãããŸãã
WebFetch(domain:example.com)ã¯example.comãžã®ãªã¯ãšã¹ããããããããŸãWebFetch(domain:*.example.com)ã¯api.example.comãa.b.example.comãªã©ã®ä»»æã®æ·±ãã®ãµããã¡ã€ã³ãããããããŸãããexample.comèªäœã¯ããããããŸããWebFetch(domain:*)ã¯ãã¹ãŠã®ãã¡ã€ã³ããããããããã¢WebFetchã«ãŒã«ãšåçã§ã
å
é ã® *. ãŸãã¯å
šäœãã¿ãŒã³ãšããŠã®ã¿ã* 㯠. ãè¶ããŠãããããŸãããã以å€ã®å Žæã§ã¯ãã¯ã€ã«ãã«ãŒã㯠2 ã€ã®ãããéã®ããã¹ãã®ã¿ãããããããŸããWebFetch(domain:example.*) 㯠example.org ã«ãããããŸããããã§ * 㯠org ã«ãªããŸãããexample.evil.com ã«ã¯ãããããŸãããããã§ * 㯠evil.com ã«ãªããããããè¶ããŸããããã«ãããæ«å°Ÿã®ã¯ã€ã«ãã«ãŒããæ»æè
ãç»é²ã§ãããã¡ã€ã³ãããããããã®ãé²ããŸãã
MCP
mcp__puppeteerã¯puppeteerãµãŒããŒã«ãã£ãŠæäŸãããããŒã«ïŒClaude Code ã§èšå®ãããååïŒãããããããŸãmcp__puppeteer__*ã¯ã€ã«ãã«ãŒãæ§æã¯ãpuppeteerãµãŒããŒããã®ãã¹ãŠã®ããŒã«ãããããããŸãmcp__puppeteer__puppeteer_navigateã¯puppeteerãµãŒããŒã«ãã£ãŠæäŸãããpuppeteer_navigateããŒã«ãããããããŸã
AgentïŒsubagentsïŒ
Agent(AgentName) ã«ãŒã«ã䜿çšããŠãClaude ã䜿çšã§ãã subagents ãå¶åŸ¡ããŸãã
Agent(Explore)㯠Explore subagent ãããããããŸãAgent(Plan)㯠Plan subagent ãããããããŸãAgent(my-custom-agent)ã¯my-custom-agentãšããååã®ã«ã¹ã¿ã subagent ãããããããŸã
ãããã®ã«ãŒã«ãèšå®ã® deny é
åã«è¿œå ãããã--disallowedTools CLI ãã©ã°ã䜿çšããŠç¹å®ã®ãšãŒãžã§ã³ããç¡å¹ã«ããŸããExplore ãšãŒãžã§ã³ããç¡å¹ã«ããã«ã¯ïŒ
{
"permissions": {
"deny": ["Agent(Explore)"]
}
}
Cd
Cd ã«ãŒã«ã¯ã/cd ã³ãã³ããã»ãã·ã§ã³ãç§»åã§ãããã£ã¬ã¯ããªãå¶åŸ¡ããŸããCd ã¯ã¢ãã«åŒã³åºãå¯èœãªããŒã«ã§ã¯ãããŸãããClaude ã¯ãããåŒã³åºãããšã¯ã§ãããã«ãŒã«ã¯èªåã§ /cd ãå®è¡ããå Žåã«ã®ã¿é©çšãããŸãã
ã㢠Cd deny ã«ãŒã«ã¯ /cd ãå®å
šã«ç¡å¹ã«ããŸããCd(<path-pattern>) deny ã«ãŒã«ã¯ãããããã¿ãŒã²ããããããã¯ããŸããDeny ã«ãŒã«ã¯ã¿ãŒã²ããã®ãã¹ãŠã®ã¹ãã«ããã§ãã¯ããŸããããã«ã¯ãããã解決ããåã·ã³ããªãã¯ãªã³ã¯ããããå«ãŸããããã1 ã€ã®ãã¹çšã«èšè¿°ãããã«ãŒã«ã¯ãããã«è§£æ±ºããã¿ãŒã²ããããããã¯ããŸãã
ä»»æã® Cd allow ã«ãŒã«ã远å ãããšã/cd ããã¯ã€ããªã¹ãã¢ãŒãã«åãæ¿ããŸãã解決ãããã¿ãŒã²ãããã£ã¬ã¯ããªã¯ãallow ã«ãŒã«ã® 1 ã€ã«ãããããå¿
èŠããããŸããããã§ãªãå Žåã/cd ã¯æåŠããŸããCd ã«ãŒã«ãèšå®ãããŠããªãå Žåã/cd ã¯ããã©ã«ãåäœãä¿æããèŠæ
£ããªããã£ã¬ã¯ããªãä¿¡é Œããããã«ããã³ããã衚瀺ããŸãã
ãã¹ãã¿ãŒã³ã¯ Read ãš Edit ã«ãŒã«ãã //ã~/ã/ ã¢ã³ã«ãŒãå
±æããŸããããããã³ã°ã¯ãã£ã¬ã¯ããªãã¹å
šäœã«ã¢ã³ã«ãŒãããŸããgitignore ã¹ã¿ã€ã«ã§ã¯ãªãã* ã¯æ£ç¢ºã« 1 ã€ã®ãã¹ã»ã°ã¡ã³ãããããããã** ã¯ã»ã°ã¡ã³ãå
šäœã§ããããããŸããæ«å°Ÿã® /** ã¯ãã®ååä»ãã«ãŒããããããããŸãã
| ã«ãŒã« | ããã | ãããããªã |
|---|---|---|
Cd(~/code/*) |
~/code/app |
~/code/app/srcã~/code |
Cd(~/code/**) |
~/code ããã³ãã®äžã®ãã£ã¬ã¯ã㪠|
~/code ã®å€ã®ãã£ã¬ã¯ã㪠|
Cd(**/node_modules) |
ä»»æã®æ·±ãã®ä»»æã® node_modules ãã£ã¬ã¯ã㪠|
node_modules/pkg |
ããã¯ã§æš©éãæ¡åŒµãã
Claude Code ããã¯ã¯ãå®è¡æã«æš©éè©äŸ¡ãå®è¡ããã«ã¹ã¿ã ã·ã§ã«ã³ãã³ããç»é²ããæ¹æ³ãæäŸããŸããClaude Code ãããŒã«åŒã³åºããè¡ããšãPreToolUse ããã¯ã¯æš©éããã³ããã®åã«å®è¡ãããŸããããã¯åºåã¯ããŒã«åŒã³åºããæåŠããããã³ããã匷å¶ãããŸãã¯ããã³ãããã¹ãããããŠã³ãŒã«ãç¶è¡ãããããšãã§ããŸãã
ããã¯æ±ºå®ã¯æš©éã«ãŒã«ããã€ãã¹ããŸãããdeny ã«ãŒã«ãš ask ã«ãŒã«ã¯ãããã¯ãäœãè¿ããã«é¢ä¿ãªãè©äŸ¡ããããããããããã deny ã«ãŒã«ã¯ã³ãŒã«ããããã¯ããããããã ask ã«ãŒã«ã¯ããã¯ã "allow" ãŸã㯠"ask" ãè¿ããå Žåã§ãããã³ããã衚瀺ããŸããããã¯ãæš©éã管çããã§èª¬æãããŠãã deny åªå
ã®åªå
é äœãä¿æãã管çèšå®ã§èšå®ããã deny ã«ãŒã«ãå«ã¿ãŸãã
ããããã³ã°ããã¯ã¯ allow ã«ãŒã«ãããåªå
ãããŸããçµäºã³ãŒã 2 ã§çµäºããããã¯ã¯ãæš©éã«ãŒã«ãè©äŸ¡ãããåã«ããŒã«åŒã³åºãã忢ãããããallow ã«ãŒã«ãã³ãŒã«ãèš±å¯ããå Žåã§ããããã¯ãé©çšãããŸããããã³ãããªãã§ãã¹ãŠã® Bash ã³ãã³ããå®è¡ãããããã¯ãããå°æ°ã®ã³ãã³ããé€å€ããã«ã¯ãallow ãªã¹ãã« "Bash" ã远å ãããããã®ç¹å®ã®ã³ãã³ããæåŠãã PreToolUse ããã¯ãç»é²ããŸããé©å¿ã§ããããã¯ã¹ã¯ãªããã«ã€ããŠã¯ãä¿è·ããããã¡ã€ã«ãžã®ç·šéããããã¯ãããåç
§ããŠãã ããã
äœæ¥ãã£ã¬ã¯ããª
ããã©ã«ãã§ã¯ãClaude ã¯èµ·åããããã£ã¬ã¯ããªå ã®ãã¡ã€ã«ã«ã¢ã¯ã»ã¹ã§ããŸãããã®ã¢ã¯ã»ã¹ãæ¡åŒµã§ããŸãã
- èµ·åæïŒ
--add-dir <path>CLI åŒæ°ã䜿çšããŸã - ã»ãã·ã§ã³äžïŒ
/add-dirã³ãã³ãã䜿çšããŸã - æ°žç¶çãªèšå®ïŒèšå®ãã¡ã€ã«ã®
additionalDirectoriesã«è¿œå ããŸã
远å ãã£ã¬ã¯ããªå ã®ãã¡ã€ã«ã¯ãå ã®äœæ¥ãã£ã¬ã¯ããªãšåãæš©éã«ãŒã«ã«åŸããŸããããã³ãããªãã§èªã¿åãå¯èœã«ãªãããã¡ã€ã«ç·šéæš©éã¯çŸåšã®æš©éã¢ãŒãã«åŸããŸãã
ã»ãã·ã§ã³ã®äž»èŠãªäœæ¥ãã£ã¬ã¯ããªãå¥ã®ãã£ã¬ã¯ããªã远å ãã代ããã«å€æŽããã«ã¯ã/cdã䜿çšããŸãã/cd ã³ãã³ãã«ã¯ Claude Code v2.1.169 以éãå¿
èŠã§ãã/add-dir ãšã¯ç°ãªããã»ãã·ã§ã³ãåé
眮ããŸããæ°ãããã£ã¬ã¯ããªã® CLAUDE.md ãèªã¿èŸŒãŸãã--resume ã¯ããããã»ãã·ã§ã³ãæ€åºããŸãã
远å ãã£ã¬ã¯ããªã¯ãã¡ã€ã«ã¢ã¯ã»ã¹ãèš±å¯ããèšå®ã§ã¯ãããŸãã
ãã£ã¬ã¯ããªã远å ãããšãClaude ããã¡ã€ã«ãèªã¿åãããã³ç·šéã§ããå Žæãæ¡åŒµãããŸãããã®ãã£ã¬ã¯ããªãå®å
šãªèšå®ã«ãŒãã«ã¯ããŸãããã»ãšãã©ã® .claude/ èšå®ã¯è¿œå ãã£ã¬ã¯ããªããæ€åºãããŸããããããã€ãã®ã¿ã€ãã¯äŸå€ãšããŠèªã¿èŸŒãŸããŸãã
ãããã®äŸå€ã¯ã--add-dir ãã©ã°ãŸã㯠/add-dir ã³ãã³ãã§è¿œå ããããã£ã¬ã¯ããªã«ã®ã¿é©çšãããŸããèšå®ãã¡ã€ã«ã® permissions.additionalDirectories ã«ãªã¹ããããŠãããã£ã¬ã¯ããªã¯ããã¡ã€ã«ã¢ã¯ã»ã¹ã®ã¿ãèš±å¯ãã以äžã®èšå®ã¯èªã¿èŸŒã¿ãŸããã
次ã®èšå®ã¿ã€ã㯠--add-dir ãã£ã¬ã¯ããªããèªã¿èŸŒãŸããŸãã
| èšå® | --add-dir ããèªã¿èŸŒãŸããŸã |
|---|---|
.claude/skills/ ã® Skills |
ã¯ããã©ã€ããªããŒãä»ã |
.claude/agents/ ã® Subagents |
ã¯ã |
.claude/settings.json ã®ãã©ã°ã€ã³èšå® |
enabledPlugins ãš extraKnownMarketplaces ã®ã¿ |
CLAUDE.md ãã¡ã€ã«ã.claude/rules/ãããã³ CLAUDE.local.md |
CLAUDE_CODE_ADDITIONAL_DIRECTORIES_CLAUDE_MD=1 ãèšå®ãããŠããå Žåã®ã¿ãCLAUDE.local.md ã¯ããã« local èšå®ãœãŒã¹ãå¿
èŠã§ããããã¯ããã©ã«ãã§æå¹ã«ãªã£ãŠããŸã |
ã³ãã³ãããã³åºåã¹ã¿ã€ã«ã¯ãçŸåšã®äœæ¥ãã£ã¬ã¯ããªãšãã®èŠªã~/.claude/ ã®ãŠãŒã¶ãŒãã£ã¬ã¯ããªãããã³ç®¡çèšå®ããæ€åºãããŸããHooks ããã³ãã®ä»ã® settings.json ããŒã¯ãçŸåšã®äœæ¥ãã£ã¬ã¯ããªã® .claude/ ãã©ã«ããã芪ãã£ã¬ã¯ããªãžã®ãã©ãŒã«ããã¯ãªãã§èªã¿èŸŒãŸãããŠãŒã¶ãŒã® ~/.claude/settings.json ããã³ç®¡çèšå®ãšå
±ã«èªã¿èŸŒãŸããŸãããã®èšå®ããããžã§ã¯ãå
šäœã§å
±æããã«ã¯ã次ã®ããããã®ã¢ãããŒãã䜿çšããŸãã
- ãŠãŒã¶ãŒã¬ãã«ã®èšå®ïŒ
~/.claude/agents/ã~/.claude/output-styles/ããŸãã¯~/.claude/settings.jsonã«ãã¡ã€ã«ãé 眮ããŠããã¹ãŠã®ãããžã§ã¯ãã§å©çšå¯èœã«ããŸã - ãã©ã°ã€ã³ïŒèšå®ã ãã©ã°ã€ã³ãšããŠããã±ãŒãžåããã³é åžããããŒã ãã€ã³ã¹ããŒã«ã§ããããã«ããŸã
- èšå®ãã£ã¬ã¯ããªããèµ·åããïŒäœ¿çšãã
.claude/èšå®ãå«ããã£ã¬ã¯ããªãã Claude Code ãå®è¡ããŸã
æš©éããµã³ãããã¯ã¹ãšã©ã®ããã«çžäºäœçšããã
æš©éãšãµã³ãããã¯ã¹ã¯ãè£å®çãªã»ãã¥ãªãã£ã¬ã€ã€ãŒã§ãã
- æš©éã¯ãClaude Code ã䜿çšã§ããããŒã«ãããã³ã¢ã¯ã»ã¹ã§ãããã¡ã€ã«ãŸãã¯ãã¡ã€ã³ãå¶åŸ¡ããŸãããã¹ãŠã®ããŒã«ïŒBashãReadãEditãWebFetchãMCP ãªã©ïŒã«é©çšãããŸãã
- ãµã³ãããã¯ã¹ã¯ãBash ããŒã«ã®ãã¡ã€ã«ã·ã¹ãã ãšãããã¯ãŒã¯ã¢ã¯ã»ã¹ãå¶éãã OS ã¬ãã«ã®åŒ·å¶ãæäŸããŸããBash ã³ãã³ããšãã®åããã»ã¹ã«ã®ã¿é©çšãããŸãã
é²åŸ¡ãæ·±ãããããã«äž¡æ¹ã䜿çšããŸãã
- æš©é deny ã«ãŒã«ã¯ãClaude ãå¶éããããªãœãŒã¹ãžã®ã¢ã¯ã»ã¹ã詊ã¿ãããšãã鲿¢ããŸã
- ãµã³ãããã¯ã¹å¶éã¯ãããã³ããã€ã³ãžã§ã¯ã·ã§ã³ã Claude ã®æææ±ºå®ããã€ãã¹ããŠããBash ã³ãã³ããå®çŸ©ãããå¢çå€ã®ãªãœãŒã¹ã«å°éããããšã鲿¢ããŸã
- ãµã³ãããã¯ã¹å
ã®ãã¡ã€ã«ã·ã¹ãã å¶éã¯ã
sandbox.filesystemèšå®ãš Read ããã³ Edit deny ã«ãŒã«ãçµã¿åãããŸããäž¡æ¹ãæçµçãªãµã³ãããã¯ã¹å¢çã«ããŒãžãããŸã - ãããã¯ãŒã¯å¶éã¯ãWebFetch æš©éã«ãŒã«ãšãµã³ãããã¯ã¹ã®
allowedDomainsããã³deniedDomainsãªã¹ããçµã¿åãããŸã
ãµã³ãããã¯ã¹ã autoAllowBashIfSandboxed: true ã§æå¹ã«ãªã£ãŠããå ŽåïŒããã©ã«ãïŒããµã³ãããã¯ã¹åããã Bash ã³ãã³ãã¯ãæš©éã« bare Bash ask ã«ãŒã«ããŸãã¯åçã® Bash(*) 圢åŒãå«ãŸããŠããå Žåã§ãããã³ãããªãã§å®è¡ãããŸãããµã³ãããã¯ã¹å¢çã¯ããã®ããŒã«å
šäœã®ããã³ããã®ä»£ããã«ãªããŸããBash(git push *) ã®ãããªã³ã³ãã³ãã¹ã³ãŒã ask ã«ãŒã«ã¯ãåŒãç¶ãããã³ããã匷å¶ããæç€ºç㪠deny ã«ãŒã«ã¯åŒãç¶ãé©çšããã/ãããŒã ãã£ã¬ã¯ããªããŸãã¯ãã®ä»ã®éèŠãªã·ã¹ãã ãã¹ãã¿ãŒã²ãããšãã rm ãŸã㯠rmdir ã³ãã³ãã¯ãåŒãç¶ãããã³ãããããªã¬ãŒããŸããé€å€ãããã³ãã³ããªã©ããµã³ãããã¯ã¹åãããŠå®è¡ãããªãã³ãã³ãã¯ãéåžžã©ãã bare Bash ask ã«ãŒã«ãå°éããŸãããµã³ãããã¯ã¹ã¢ãŒããåç
§ããŠããã®åäœã倿ŽããŠãã ããã
管çèšå®
Claude Code èšå®ã®äžå çãªå¶åŸ¡ãå¿ èŠãªçµç¹ã®å Žåã管çè ã¯ãŠãŒã¶ãŒãŸãã¯ãããžã§ã¯ãèšå®ã§ãªãŒããŒã©ã€ãã§ããªã管çèšå®ããããã€ã§ããŸãããããã®ããªã·ãŒèšå®ã¯éåžžã®èšå®ãã¡ã€ã«ãšåã圢åŒã«åŸããMDM/OS ã¬ãã«ã®ããªã·ãŒã管çèšå®ãã¡ã€ã«ããŸãã¯ãµãŒããŒç®¡çèšå®ãéããŠé ä¿¡ã§ããŸããé ä¿¡ã¡ã«ããºã ãšãã¡ã€ã«ã®å Žæã«ã€ããŠã¯ãèšå®ãã¡ã€ã«ãåç §ããŠãã ããã
管çã®ã¿ã®èšå®
以äžã®èšå®ã¯ç®¡çèšå®ããã®ã¿èªã¿èŸŒãŸããŸãããŠãŒã¶ãŒãŸãã¯ãããžã§ã¯ãèšå®ãã¡ã€ã«ã«é 眮ããŠã广ããããŸããã
| èšå® | 説æ |
|---|---|
allowAllClaudeAiMcps |
true ã®å Žåãclaude.ai ã³ãã¯ã¿ã¯ãããã€ããã managed-mcp.json ãšäžŠè¡ããŠèªã¿èŸŒãŸãããã®æä»çãªå¶åŸ¡ã«ãã£ãŠæå¶ãããŸããã管ç MCP èšå®ãåç
§ããŠãã ãã |
allowedChannelPlugins |
ã¡ãã»ãŒãžãããã·ã¥ã§ãããã£ãã«ãã©ã°ã€ã³ã®ãã¯ã€ããªã¹ããèšå®ãããŠããå Žåãããã©ã«ãã® Anthropic ãã¯ã€ããªã¹ãã眮ãæããŸããchannelsEnabled: true ãå¿
èŠã§ãããã£ãã«ãã©ã°ã€ã³ã®å®è¡ãå¶éãããåç
§ããŠãã ãã |
allowManagedHooksOnly |
true ã®å Žåã管çããã¯ãSDK ããã¯ãããã³ç®¡çèšå® enabledPlugins ã§åŒ·å¶æå¹ã«ããããã©ã°ã€ã³ããã®ããã¯ã®ã¿ãèªã¿èŸŒãŸããŸãããŠãŒã¶ãŒããããžã§ã¯ããããã³ãã®ä»ãã¹ãŠã®ãã©ã°ã€ã³ããã¯ã¯ãããã¯ãããŸã |
allowManagedMcpServersOnly |
true ã®å Žåã管çèšå®ããã® allowedMcpServers ã®ã¿ãå°éãããŸããdeniedMcpServers ã¯ãã¹ãŠã®ãœãŒã¹ããããŒãžãããŸãã管ç MCP èšå®ãåç
§ããŠãã ãã |
allowManagedPermissionRulesOnly |
true ã®å ŽåããŠãŒã¶ãŒããã³ãããžã§ã¯ãèšå®ã allowãaskããŸã㯠deny æš©éã«ãŒã«ãå®çŸ©ããããšã鲿¢ããŸãã管çèšå®ã®ã«ãŒã«ã®ã¿ãé©çšãããŸããMCP ãµãŒããŒã®ãã¯ã€ããªã¹ãã«ã¯åœ±é¿ããŸããããã®å Žåã¯ãallowManagedMcpServersOnly ãèšå®ããŠãã ãã |
blockedMarketplaces |
ããŒã±ãããã¬ã€ã¹ãœãŒã¹ã®ãããã¯ãªã¹ãããããã¯ããããœãŒã¹ã¯ããŠã³ããŒãåã«ãã§ãã¯ãããããããã¡ã€ã«ã·ã¹ãã ã«è§Šããããšã¯ãããŸããã管çããŒã±ãããã¬ã€ã¹å¶éãåç §ããŠãã ãã |
channelsEnabled |
çµç¹ã®ãã£ãã«ãèš±å¯ããŸããåãã©ã³ã®ããã©ã«ãã«ã€ããŠã¯ããšã³ã¿ãŒãã©ã€ãºã³ã³ãããŒã«ãåç §ããŠãã ãã |
forceRemoteSettingsRefresh |
true ã®å Žåããªã¢ãŒã管çèšå®ãæ°ããååŸããããŸã§ CLI èµ·åããããã¯ããååŸã«å€±æããå Žåã¯çµäºããŸãããã§ã€ã«ã¯ããŒãºåŒ·å¶ãåç
§ããŠãã ãã |
pluginTrustMessage |
ã€ã³ã¹ããŒã«åã«è¡šç€ºããããã©ã°ã€ã³ä¿¡é ŒèŠåã«è¿œå ãããã«ã¹ã¿ã ã¡ãã»ãŒãž |
sandbox.filesystem.allowManagedReadPathsOnly |
true ã®å Žåã管çèšå®ããã® filesystem.allowRead ãã¹ã®ã¿ãå°éãããŸããdenyRead ã¯ãã¹ãŠã®ãœãŒã¹ããããŒãžãããŸã |
sandbox.network.allowManagedDomainsOnly |
true ã®å Žåã管çèšå®ããã® allowedDomains ãš WebFetch(domain:...) allow ã«ãŒã«ã®ã¿ãå°éãããŸããèš±å¯ãããŠããªããã¡ã€ã³ã¯ãŠãŒã¶ãŒã«ä¿ãããšãªãèªåçã«ãããã¯ãããŸããæåŠããããã¡ã€ã³ã¯ãã¹ãŠã®ãœãŒã¹ããããŒãžãããŸã |
strictKnownMarketplaces |
ãŠãŒã¶ãŒã远å ããã³ã€ã³ã¹ããŒã«ã§ãããã©ã°ã€ã³ããŒã±ãããã¬ã€ã¹ãœãŒã¹ãå¶åŸ¡ããŸãã管çããŒã±ãããã¬ã€ã¹å¶éãåç §ããŠãã ãã |
strictPluginOnlyCustomization |
ãŠãŒã¶ãŒããã³ãããžã§ã¯ããœãŒã¹ããã®ã¹ãã«ããšãŒãžã§ã³ããããã¯ãããã³ MCP ãµãŒããŒããããã¯ããŠããã©ã°ã€ã³ãŸãã¯ç®¡çèšå®ããã®ã¿ååŸã§ããããã«ããŸããtrue 㯠4 ã€ãã¹ãŠã®ãµãŒãã§ã¹ãããã¯ããŸãã["skills", "hooks"] ãªã©ã®é
åã¯ãæå®ããããã®ã ããããã¯ããŸããstrictPluginOnlyCustomizationãåç
§ããŠãã ãã |
wslInheritsWindowsSettings |
Windows HKLM ã¬ãžã¹ããªããŒãŸã㯠C:\Program Files\ClaudeCode\managed-settings.json ã§ true ã®å ŽåãWSL 㯠/etc/claude-code ã«å ã㊠Windows ããªã·ãŒãã§ãŒã³ãã管çèšå®ãèªã¿èŸŒã¿ãŸããèšå®ãã¡ã€ã«ãåç
§ããŠãã ãã |
disableBypassPermissionsMode ã¯éåžžãçµç¹ããªã·ãŒã匷å¶ããããã«ç®¡çèšå®ã«é
眮ãããŸãããä»»æã®ã¹ã³ãŒãããæ©èœããŸãããŠãŒã¶ãŒã¯ç¬èªã®èšå®ã§èšå®ããŠãèªåèªèº«ããã€ãã¹ã¢ãŒãããããã¯ã¢ãŠãã§ããŸãã
Team ããã³ Enterprise ãã©ã³ã§ã¯ã管çè
ã Claude Code 管çèšå®ã§ãªã¢ãŒãã³ã³ãããŒã«ãšãŠã§ãã»ãã·ã§ã³ãçµç¹å
šäœã§æå¹ãŸãã¯ç¡å¹ã«ããŸãããªã¢ãŒãã³ã³ãããŒã«ã¯ãdisableRemoteControl管çèšå®ã§ããã€ã¹ããšã«ç¡å¹ã«ããããšãã§ããŸãããŠã§ãã»ãã·ã§ã³ã«ã¯ããã€ã¹ããšã®ç®¡çèšå®ããŒã¯ãããŸããã
èšå®ã®åªå é äœ
æš©éã«ãŒã«ã¯ãä»ã®ãã¹ãŠã® Claude Code èšå®ãšåãèšå®åªå é äœã«åŸããŸãã
- 管çèšå®ïŒã³ãã³ãã©ã€ã³åŒæ°ãå«ãä»ã®ã¬ãã«ã§ãªãŒããŒã©ã€ãã§ããŸãã
- ã³ãã³ãã©ã€ã³åŒæ°ïŒäžæçãªã»ãã·ã§ã³ãªãŒããŒã©ã€ã
- ããŒã«ã«ãããžã§ã¯ãèšå®ïŒ
.claude/settings.local.jsonïŒ - å
±æãããžã§ã¯ãèšå®ïŒ
.claude/settings.jsonïŒ - ãŠãŒã¶ãŒèšå®ïŒ
~/.claude/settings.jsonïŒ
ããŒã«ãããããã®ã¬ãã«ã§æåŠãããŠããå Žåãä»ã®ã¬ãã«ã¯ãããèš±å¯ã§ããŸãããããšãã°ã管çèšå®ã® deny 㯠--allowedTools ã§ãªãŒããŒã©ã€ãã§ããã--disallowedTools ã¯ç®¡çèšå®ãå®çŸ©ããå
容ãè¶
ããŠå¶éã远å ã§ããŸãã
åã蟌ã¿ãã¹ãã¯ãparentSettingsBehaviorã "merge" ã«èšå®ãããŠããå ŽåãSDK ã® managedSettings ãªãã·ã§ã³ãä»ããŠè¿œå ã®ç®¡çããªã·ãŒãæäŸã§ããŸããåã蟌ã¿å
ã®å€ã¯ããªã·ãŒãå³ããã§ããŸãããç·©åããããšã¯ã§ããŸããã
ããšãã°ããŠãŒã¶ãŒèšå®ã§æš©éãèš±å¯ãããŠããããããžã§ã¯ãèšå®ã§æåŠãããŠããå ŽåãæåŠã«ãŒã«ãããããããã¯ããŸããéãåæ§ã§ãããŠãŒã¶ãŒã¬ãã«ã® deny ããããžã§ã¯ãã¬ãã«ã® allow ããããã¯ããŸããããã¯ãä»»æã®ã¹ã³ãŒãããã® deny ã«ãŒã«ã allow ã«ãŒã«ã®åã«è©äŸ¡ãããããã§ãã
èšå®äŸ
ãã®ãªããžããªã«ã¯ãäžè¬çãªãããã€ã¡ã³ãã·ããªãªã®ã¹ã¿ãŒã¿ãŒèšå®ãå«ãŸããŠããŸããããããåºçºç¹ãšããŠäœ¿çšããããŒãºã«åãããŠèª¿æŽããŠãã ããã
é¢é£é ç®
- èšå®ïŒæš©éèšå®ããŒãã«ãå«ãå®å šãªèšå®ãªãã¡ã¬ã³ã¹
- auto ã¢ãŒããèšå®ããïŒauto ã¢ãŒãåé¡åšãçµç¹ãä¿¡é Œããã€ã³ãã©ã¹ãã©ã¯ãã£ãäŒããŸã
- ãµã³ãããã¯ã¹ïŒBash ã³ãã³ãã® OS ã¬ãã«ã®ãã¡ã€ã«ã·ã¹ãã ãšãããã¯ãŒã¯åé¢
- èªèšŒïŒClaude Code ãžã®ãŠãŒã¶ãŒã¢ã¯ã»ã¹ãèšå®ããŸã
- ã»ãã¥ãªãã£ïŒã»ãã¥ãªãã£ä¿è·ãšãã¹ããã©ã¯ãã£ã¹
- ããã¯ïŒã¯ãŒã¯ãããŒãèªååããæš©éè©äŸ¡ãæ¡åŒµããŸã