marketing-shibata50/claude-code-ultimate-guide
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(docs): critical factual corrections v3.6.1

Browse source 
Major audit correcting misleading documentation about Claude Code behavior:

### Fixed
- `--add-dir`: permissions (not context loading)
- `excludePatterns` → `permissions.deny` (never existed)
- `.claudeignore` removed (not an official feature)
- "selective loading" myth → lazy loading reality
- Invented CLI flags (`--think`, `--headless`, `--learn`) → prompt keywords
- `@` file reference: "loads automatically" → "reads on-demand"

### Added
- Session Search Tool (`cs`) - zero-dep bash script for finding sessions
- Security section: Known limitations of permissions.deny

15 files modified, 516 insertions, 200 deletions

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Florian BRUNIAUX 2026-01-15 09:16:53 +01:00
parent 0552522030
commit 46c5862c4e
16 changed files with 687 additions and 200 deletions
Download patch file Download diff file Expand all files Collapse all files

44
guide/data-privacy.md
View file

@ -144,38 +144,30 @@ STRIPE_SECRET_KEY=sk_live_...
#### 4.2 Configure File Exclusions
In `.claude/settings.json`:
In `.claude/settings.json`, use `permissions.deny` to block access to sensitive files:
```json
{
"excludePatterns": [
".env",
".env.*",
"**/.env",
"**/.env.*",
"**/credentials*",
"**/secrets*",
"**/*.pem",
"**/*.key",
"**/service-account*.json"
]
"permissions": {
"deny": [
"Read(./.env*)",
"Edit(./.env*)",
"Write(./.env*)",
"Bash(cat .env*)",
"Bash(head .env*)",
"Read(./secrets/**)",
"Read(./**/credentials*)",
"Read(./**/*.pem)",
"Read(./**/*.key)",
"Read(./**/service-account*.json)"
]
}
}
```
Or create `.claudeignore` in project root:
> **Note**: The old `excludePatterns` and `ignorePatterns` settings were deprecated in October 2025. Use `permissions.deny` instead.
```gitignore
# Secrets
.env
.env.*
*.pem
*.key
credentials.json
secrets/
# Sensitive configs
**/config/production.*
```
> **Warning**: `permissions.deny` has [known limitations](./security-hardening.md#known-limitations-of-permissionsdeny). For defense-in-depth, combine with security hooks and external secrets management.
#### 4.3 Use Security Hooks
@ -277,7 +269,7 @@ claude /status
### Quick Checklist
- [ ] Training opt-out enabled at claude.ai/settings
- [ ] `.env*` files in excludePatterns or .claudeignore
- [ ] `.env*` files blocked via `permissions.deny` in settings.json
- [ ] No production database connections via MCP
- [ ] Security hooks installed for sensitive file access
- [ ] Team aware of data flow to Anthropic