audit-permissions

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Audit Permissions

权限审计

Analyze permission audit logs and recommend allow-list changes. Wraps the TypeScript analyzer in ai-env.

分析权限审计日志并推荐允许列表变更。将TypeScript分析器封装在ai-env中。

Args Routing

参数路由

No args / empty: run report (default)
Args contain "reset" or "clear": archive log and start fresh

无参数/空参数：运行报告（默认）
参数包含“reset”或“clear”：归档日志并重新开始记录

Report Mode (default)

报告模式（默认）

1. Generate Report

1. 生成报告

bash

node --import tsx /Users/patrickcamacho/projects/camacho/ai-env/src/tools/permission-analyzer.ts

Present the full markdown output to the user.

bash

node --import tsx /Users/patrickcamacho/projects/camacho/ai-env/src/tools/permission-analyzer.ts

向用户展示完整的Markdown输出。

2. Recommended Allow Rules

2. 推荐允许规则

If the section has entries:

Read

~/.claude/settings.json

, extract

permissions.allow

(default

[]

)

Compute new patterns not already present (case-sensitive exact match)
Show before/after diff of ONLY
```
permissions.allow
```
Ask: "Apply these N safe rules to settings.json?" (plain text y/n — works on all surfaces)
If approved: merge, deduplicate, sort alphabetically, write back with 2-space indent
Never touch keys outside
```
permissions.allow
```
. Never touch
```
permissions.deny
```
.
Confirm what was added

如果该部分存在条目：

读取

~/.claude/settings.json

，提取

permissions.allow

（默认值为

[]

）

计算尚不存在的新模式（区分大小写的精确匹配）
仅展示
```
permissions.allow
```
的变更前后对比
询问：“是否将这N条安全规则应用到settings.json？”（纯文本y/n——适用于所有场景）
若获得批准：合并、去重、按字母顺序排序，以2空格缩进写回文件
禁止修改
```
permissions.allow
```
之外的键，禁止修改
```
permissions.deny
```
确认已添加的内容

3. Security Warnings

3. 安全警告

If present: show each pattern with flags and sample commands. Ask: "Add any of these despite the flags? (list numbers, or 'none')"

如果存在安全警告：展示每个模式的标识和示例命令，询问：“尽管存在风险标识，是否要添加其中任意项？（输入编号，或输入'none'）”

4. Suppressed Recommendations

4. 被抑制的建议

List for awareness. Do NOT offer to add — these have danger-level flags.

列出供用户了解，不要提供添加选项——这些条目带有危险级标识。

Done

完成

Summarize: what was added, how many permission prompts should be reduced.

总结内容：已添加的规则，预计可减少的权限提示数量。

Reset Mode

重置模式

bash

/Users/patrickcamacho/projects/camacho/ai-env/.claude/hooks/audit-permissions-reset.sh

Fresh log starts automatically on next tool call.

bash

/Users/patrickcamacho/projects/camacho/ai-env/.claude/hooks/audit-permissions-reset.sh

下次调用工具时将自动启动新的日志记录。

Prerequisites

前置要求

Requirement	Check
ai-env repo	`/Users/patrickcamacho/projects/camacho/ai-env` exists (ai-env specific — other projects will see file-not-found errors)
Dependencies	`pnpm install` completed in ai-env
Audit hook	`permission-audit-log.sh` in `~/.claude/settings.json` PreToolUse

要求	检查项
ai-env仓库	`/Users/patrickcamacho/projects/camacho/ai-env` 路径存在（仅限ai-env使用——其他项目会报文件未找到错误）
依赖	已在ai-env目录下执行完 `pnpm install`
审计钩子	`~/.claude/settings.json` 的PreToolUse配置中包含 `permission-audit-log.sh`

Troubleshooting

故障排查

Symptom	Fix
"No audit data found"	Hook not installed or no un-allowed prompts recorded yet
Analyzer crashes	Run `pnpm install` in ai-env repo
Stale recommendations	`/audit-permissions reset` , accumulate fresh data, re-run
settings.json parse error	Validate: `jq . ~/.claude/settings.json`

症状	解决方法
“未找到审计数据”	未安装钩子，或尚未记录任何未被允许的提示
分析器崩溃	在ai-env仓库目录下运行 `pnpm install`
推荐内容过时	执行 `/audit-permissions reset` ，积累新数据后重新运行
settings.json解析错误	执行校验命令： `jq . ~/.claude/settings.json`