chore: add no-bash-file-writes rule to CLAUDE.md#968
Conversation
Subagents were using cat/echo/python to write plan files and configs instead of the Write/Edit tools, bypassing permission checks. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
📜 Recent review details⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
🧰 Additional context used🧠 Learnings (6)📚 Learning: 2026-03-21T11:08:01.542ZApplied to files:
📚 Learning: 2026-03-31T14:17:24.182ZApplied to files:
📚 Learning: 2026-04-01T17:54:44.448ZApplied to files:
📚 Learning: 2026-03-15T20:45:14.430ZApplied to files:
📚 Learning: 2026-03-30T16:36:33.495ZApplied to files:
📚 Learning: 2026-04-01T17:54:44.448ZApplied to files:
🔇 Additional comments (1)
WalkthroughAdded a new rule to CLAUDE.md prohibiting Bash from writing or modifying files. The prohibition explicitly covers shell redirection and here-doc patterns (e.g., cat >, cat << EOF), echo redirection, tee to files, in-place edits (e.g., sed -i), and one-off inline execution that writes files (e.g., python -c). The rule is defined to apply to all files, including plan/config/source code, and to all subagents. One line was added and no lines were deleted. 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Comment |
There was a problem hiding this comment.
Code Review
This pull request updates the shell usage guidelines in CLAUDE.md to prohibit using Bash for writing files, mandating the use of specific Write or Edit tools instead. The review feedback suggests expanding this prohibition to include appending and in-place modifications like 'sed -i', while also explicitly naming the 'write_file' and 'edit_file' tools for better clarity.
CLAUDE.md
Outdated
| ## Shell Usage | ||
|
|
||
| - **NEVER use `cd` in Bash commands** -- the working directory is already set to the project root. Use absolute paths or run commands directly. Do NOT prefix commands with `cd C:/Users/Aurelio/synthorg &&`. | ||
| - **NEVER use Bash to write files** -- use the Write or Edit tools. NEVER use `cat > file`, `cat << EOF`, `echo >`, `python -c`, or `tee` to write file contents. This includes plan files, config files, and all other files. This rule applies to all subagents. |
There was a problem hiding this comment.
The rule should explicitly prohibit appending (>>), in-place modifications (e.g., sed -i), and other shell-based file manipulations to prevent permission bypasses. Additionally, referencing the specific tool names write_file and edit_file provides clearer instructions for the agent.
| - **NEVER use Bash to write files** -- use the Write or Edit tools. NEVER use `cat > file`, `cat << EOF`, `echo >`, `python -c`, or `tee` to write file contents. This includes plan files, config files, and all other files. This rule applies to all subagents. | |
| - **NEVER use Bash to write or modify files** -- use the write_file or edit_file tools. NEVER use cat > file, cat << EOF, echo >, echo >>, sed -i, python -c, or tee to write or modify file contents. This includes plan files, config files, and all other files. This rule applies to all subagents. |
There was a problem hiding this comment.
Pull request overview
Adds a new Shell Usage rule to prevent agents/subagents from writing files via Bash redirection/commands, steering them to the sanctioned Write/Edit tooling to preserve permission checks and auditing.
Changes:
- Add an explicit prohibition on Bash-based file writes (e.g., redirection, heredocs,
tee, etc.) for all agents/subagents.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
CLAUDE.md
Outdated
| ## Shell Usage | ||
|
|
||
| - **NEVER use `cd` in Bash commands** -- the working directory is already set to the project root. Use absolute paths or run commands directly. Do NOT prefix commands with `cd C:/Users/Aurelio/synthorg &&`. | ||
| - **NEVER use Bash to write files** -- use the Write or Edit tools. NEVER use `cat > file`, `cat << EOF`, `echo >`, `python -c`, or `tee` to write file contents. This includes plan files, config files, and all other files. This rule applies to all subagents. |
There was a problem hiding this comment.
To avoid the examples being interpreted as an exhaustive allowlist, consider explicitly stating that the command list is non-exhaustive (e.g., “including but not limited to …”) and that the prohibition applies to any shell-based creation/modification of repo files (redirects like >/>>, heredocs, in-place editors, etc.). This would make the policy intent clearer for subagents.
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Snapshot WarningsEnsure that dependencies are being submitted on PR branches. Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice. Scanned FilesNone |
Add append (>>), in-place edit (sed -i) to the prohibition list and clarify the list is non-exhaustive with "includes but is not limited to". Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@CLAUDE.md`:
- Line 122: The rule currently bans commands like `python -c` unconditionally;
update the clause in CLAUDE.md so the prohibition only applies to Bash usage
that writes or modifies files. Edit the sentence that lists examples (`cat >`,
`cat << EOF`, `echo >`, `echo >>`, `sed -i`, `python -c`, `tee`) to clarify each
is banned only when used to create/modify files (e.g., “do not use X to write or
modify files”), and add a short parenthetical or phrase making explicit that
read-only/inspection uses (non-write `python -c`, piping to stdout, etc.) are
allowed. Ensure the revised text preserves the original intent and keeps the
example list but makes the file-writing condition explicit.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 12307ccf-bece-4c01-9c2b-7e55b9643d02
📒 Files selected for processing (1)
CLAUDE.md
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
- GitHub Check: Dependency Review
- GitHub Check: Analyze (python)
- GitHub Check: Analyze (go)
🧰 Additional context used
🧠 Learnings (7)
📚 Learning: 2026-03-21T11:08:01.542Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-21T11:08:01.542Z
Learning: NEVER use `cd` in Bash commands — the working directory is already set to the project root. Use absolute paths or run commands directly.
Applied to files:
CLAUDE.md
📚 Learning: 2026-03-31T14:17:24.182Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-31T14:17:24.182Z
Learning: NEVER use `cd` in Bash commands — working directory is already set to project root; use absolute paths or run commands directly
Applied to files:
CLAUDE.md
📚 Learning: 2026-04-01T17:54:44.448Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-01T17:54:44.448Z
Learning: Never use 'cd' in Bash commands. Working directory is already set to project root. Use absolute paths or run commands directly.
Applied to files:
CLAUDE.md
📚 Learning: 2026-03-15T20:45:14.430Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T20:45:14.430Z
Learning: Shell commands: for Go CLI work, cd cli is an exception because Go tooling requires working directory to be the module root. Go commands require `cd cli` for other work, never use `cd`.
Applied to files:
CLAUDE.md
📚 Learning: 2026-03-30T16:36:33.495Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: cli/CLAUDE.md:0-0
Timestamp: 2026-03-30T16:36:33.495Z
Learning: Applies to cli/**/*.{sh,bash} : Use `go -C cli` instead of `cd cli` to change directories for Go tooling - `go -C cli` changes directory internally without affecting the shell, whereas `cd cli` poisons the cwd for all subsequent Bash calls
Applied to files:
CLAUDE.md
📚 Learning: 2026-04-01T17:54:44.448Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-01T17:54:44.448Z
Learning: NEVER create a PR directly. ALWAYS use /pre-pr-review to create PRs. For trivial/docs-only changes, use /pre-pr-review quick to skip agents but still run automated checks.
Applied to files:
CLAUDE.md
📚 Learning: 2026-04-01T17:54:44.448Z
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-04-01T17:54:44.448Z
Learning: Use 'go -C cli' (never 'cd cli') when running Go CLI commands.
Applied to files:
CLAUDE.md
python -c and tee have legitimate read-only uses (inspection, piping to stdout). Narrow the prohibition to file-writing usage only. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
🤖 I have created a release *beep* *boop* --- ## [0.5.6](v0.5.5...v0.5.6) (2026-04-02) ### Features * calendar + hybrid ceremony scheduling strategies ([#985](#985)) ([59a9b84](59a9b84)), closes [#969](#969) [#970](#970) * landing page interactive components ([#984](#984)) ([49868cb](49868cb)) * log aggregation and shipping (syslog, HTTP, compression) ([#964](#964)) ([84be9f8](84be9f8)) * restructure builtin templates into inheritance tree ([#982](#982)) ([3794c12](3794c12)) * sprint ceremony runtime scheduler with pluggable strategies ([#983](#983)) ([43564a9](43564a9)) ### Maintenance * add no-bash-file-writes rule to CLAUDE.md ([#968](#968)) ([a854dcc](a854dcc)) * bump web dependencies (lodash, eslint-react v4, storybook, playwright, esbuild, codemirror) ([#987](#987)) ([c344dfb](c344dfb)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Summary
cat > file,echo >,python -c,tee) in favor of Write/Edit toolsTest plan
Review coverage: Quick mode (docs-only change, no agents run)
🤖 Generated with Claude Code