Package Exports
- cc-audit
- cc-audit/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (cc-audit) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
cc-audit
Audit and curate Claude Code permissions across settings layers.
Install
npm install -g cc-auditUsage
Audit permissions
cc-auditReads three settings layers and reports duplicates, sketchy patterns, broad wildcards, and contradictions:
- Global:
~/.claude/settings.json - Project:
.claude/settings.json - Local:
.claude/settings.local.json
Hoist permissions
Move permissions from settings.local.json to project or global settings with an interactive TUI:
cc-audit --hoist # local -> project settings.json
cc-audit --hoist-global # local -> ~/.claude/settings.jsonEach permission can be set to Allow, Deny, or Skip. The auditor pre-classifies entries: safe patterns default to Allow, sketchy/broad patterns default to Deny.
Use --yes to skip the TUI and apply auditor defaults:
cc-audit --hoist --yesClean local permissions
Strip all permissions from settings.local.json (preserves sandbox config):
cc-audit --cleanOptions
-r, --root <path> Project root directory (default: cwd)
-f, --format <fmt> Output format: console, json (default: console)
-y, --yes Skip interactive TUI, use auditor defaults
-q, --quiet Suppress non-essential outputWhat it detects
- Duplicates across layers (safe to remove from lower layer)
- Sketchy patterns like
rm -rf,sudo,curl | sh, authenticated CLIs (aws,gcloud,kubectl, etc.) - Broad wildcards like
Bash(*),Edit(*),Write(*) - Contradictions (same entry in both allow and deny)
License
MIT