Using Claude Code#

This project includes Claude Code configuration for AI-assisted development with safe autonomy guardrails.

Configuration#

.claude/settings.json defines three permission tiers:

Allow — runs without confirmation: : Read-only operations (git status, kubectl get, helm list, etc.), file editing, uv run, gh CLI, ansible-lint

Prompt — asks for confirmation each time: : Infrastructure mutations (ansible-playbook, kubectl apply/patch/delete, git push --force, git reset --hard)

Deny — blocked entirely: : Nothing is denied by default. Move commands here if you want to hard-block them.

AGENTS.md#

The AGENTS.md file at the repo root provides project-specific guidance to AI agents. It covers:

GitOps workflow (fix in the repo, not the cluster)
Ansible conventions (update roles, not ad-hoc commands)
Project structure and service directory layout
Ingress sub-chart toggles
OAuth2 architecture
Dual repo_branch synchronisation
Inventory conventions and playbook tags

Workflow#

Open the repo in the devcontainer (tools are installed automatically)
Launch Claude Code from the VS Code extension or CLI
The agent reads AGENTS.md and .claude/settings.json on startup
Safe read-only commands run automatically; infrastructure changes prompt for approval

Customising permissions#

Edit .claude/settings.json to adjust. Move entries between allow, prompt, and deny lists as needed. Patterns use glob syntax — Bash(kubectl get *) matches any kubectl get command.

Using Claude Code#

Configuration#

AGENTS.md#

Workflow#

Customising permissions#

This Page