egutierrez
cfdf515228
- .claude/CLAUDE.md - .claude/commands/subagentes.md - .claude/rules/INDEX.md - .mcp.json - bash/functions/cybersecurity/analyze_dns.md - bash/functions/cybersecurity/audit_http_headers.md - bash/functions/cybersecurity/audit_ssh_config.md - bash/functions/cybersecurity/check_firewall.md - bash/functions/cybersecurity/detect_suspicious_users.md - bash/functions/cybersecurity/encrypt_file.md - ... Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
41 lines
3.2 KiB
JSON
41 lines
3.2 KiB
JSON
{
|
|
"_": "Paths que fn-orquestador NUNCA debe modificar dentro del worktree auto/<issue>. Issue 0069.",
|
|
"_format": "Cada entry es una ruta o glob relativa al repo root. La regla puede ser exact|glob|prefix.",
|
|
"protected": [
|
|
{"rule": "prefix", "path": ".claude/agents/", "reason": "Self-modification prohibida; el orquestador no se modifica a si mismo ni a otros subagentes en la misma run."},
|
|
{"rule": "prefix", "path": ".claude/commands/", "reason": "Comandos definidos por humano."},
|
|
{"rule": "prefix", "path": ".claude/rules/", "reason": "Reglas operativas. Modificar requiere review humano."},
|
|
{"rule": "prefix", "path": ".claude/scripts/", "reason": "Hooks del repo."},
|
|
{"rule": "exact", "path": ".claude/CLAUDE.md", "reason": "Memoria del proyecto."},
|
|
{"rule": "exact", "path": ".claude/settings.json", "reason": "Config persistente."},
|
|
{"rule": "exact", "path": ".claude/settings.local.json", "reason": "Config local del PC."},
|
|
{"rule": "exact", "path": ".mcp.json", "reason": "Config MCP."},
|
|
{"rule": "prefix", "path": "dev/issues/", "reason": "Issues files. Excepcion: el issue del task actual (orquestador puede actualizar status/notas)."},
|
|
{"rule": "glob", "path": "**/.env*", "reason": "Secrets."},
|
|
{"rule": "glob", "path": "**/*.key", "reason": "Secrets."},
|
|
{"rule": "glob", "path": "**/*.pem", "reason": "Secrets."},
|
|
{"rule": "glob", "path": "**/credentials.json", "reason": "Secrets."},
|
|
{"rule": "glob", "path": "**/migrations/*.sql", "reason": "Migraciones existentes inmutables. Crear nuevas numeradas — no editar."},
|
|
{"rule": "exact", "path": "registry.db", "reason": "Indice regenerable, no fuente. Usar fn index."},
|
|
{"rule": "glob", "path": "**/operations.db", "reason": "Datos vivos. Acceso via fn ops o sqlite_api, no escritura directa de SQL."},
|
|
{"rule": "exact", "path": "go.mod", "reason": "Cambios de deps requieren review humano (riesgo CVE/licencias)."},
|
|
{"rule": "exact", "path": "go.sum", "reason": "Bloqueo de deps."},
|
|
{"rule": "glob", "path": "**/package.json", "reason": "Cambios de deps requieren review humano."},
|
|
{"rule": "glob", "path": "**/package-lock.json", "reason": "Bloqueo de deps npm."},
|
|
{"rule": "glob", "path": "**/pnpm-lock.yaml", "reason": "Bloqueo de deps pnpm."},
|
|
{"rule": "glob", "path": "**/pyproject.toml", "reason": "Cambios de deps Python."},
|
|
{"rule": "glob", "path": "**/uv.lock", "reason": "Bloqueo deps uv."},
|
|
{"rule": "exact", "path": ".git/", "reason": "git internals. Operar via git CLI, nunca tocar archivos directo."}
|
|
],
|
|
"exceptions": [
|
|
{
|
|
"rule": "Single-issue exception",
|
|
"description": "El orquestador PUEDE modificar dev/issues/<current_task_id>*.md para actualizar estado/notas del propio task. Cualquier otro issue file permanece protegido."
|
|
},
|
|
{
|
|
"rule": "Migrations aditivas",
|
|
"description": "El orquestador PUEDE crear archivos NUEVOS en cualquier migrations/ (NNN_*.sql) con numero superior al maximo existente. NUNCA editar migrations existentes."
|
|
}
|
|
]
|
|
}
|