fix: address CodeRabbit round 2 feedback

- Move gh pr close from allow to ask (remote state change)
- Move git push from allow to ask (remote state change); force variants
  stay in deny as a hard block
- This prevents force-push bypass via flag ordering variants like
  git push --force-with-lease or git push -u -f

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

Author: stranma

.claude/settings.json

@@ -6,7 +6,7 @@
       "Bash(uv run pyright *)",
       "Bash(uv add *)", "Bash(uv pip *)", "Bash(uv venv *)",
       "Bash(uv lock *)", "Bash(uv tree *)", "Bash(uv export *)",
-      "Bash(git add *)", "Bash(git commit *)", "Bash(git push *)",
+      "Bash(git add *)", "Bash(git commit *)",
       "Bash(git fetch *)", "Bash(git pull *)", "Bash(git rebase *)",
       "Bash(git branch *)", "Bash(git checkout *)", "Bash(git status *)",
       "Bash(git diff *)", "Bash(git log *)", "Bash(git show *)",
@@ -19,7 +19,6 @@
       "Bash(git describe *)", "Bash(git shortlog *)", "Bash(git rev-list *)",
       "Bash(gh pr create *)", "Bash(gh pr view *)", "Bash(gh pr list *)",
       "Bash(gh pr checks *)", "Bash(gh pr diff *)", "Bash(gh pr edit *)",
-      "Bash(gh pr close *)",
       "Bash(gh run list *)", "Bash(gh run view *)", "Bash(gh run watch *)",
       "Bash(gh issue list *)", "Bash(gh issue view *)",
       "Bash(gh repo view *)", "Bash(gh release list *)", "Bash(gh release view *)",
@@ -41,12 +40,13 @@
     "ask": [
       "Bash(python *)", "Bash(uv run python *)",
       "Bash(docker *)", "Bash(docker-compose *)", "Bash(terraform *)",
-      "Bash(gh pr merge *)", "Bash(gh pr reopen *)", "Bash(gh pr comment *)",
+      "Bash(gh pr merge *)", "Bash(gh pr reopen *)", "Bash(gh pr close *)", "Bash(gh pr comment *)",
       "Bash(gh pr review *)", "Bash(gh pr ready *)", "Bash(gh workflow run *)",
       "Bash(gh workflow enable *)", "Bash(gh workflow disable *)",
       "Bash(gh api *)",
       "Bash(gh issue create *)", "Bash(gh issue comment *)",
       "Bash(gh issue close *)", "Bash(gh issue edit *)",
+      "Bash(git push *)",
       "Bash(git init *)", "Bash(git clone *)",
       "Bash(uv remove *)", "Bash(uv cache *)", "Bash(uv init *)",
       "WebFetch"

tests/test_permissions.py

@@ -416,9 +416,13 @@ def test_git_read_operations_are_allowed(self, settings: dict[str, Any]) -> None
             assert evaluate(f"Bash({cmd})", settings) == "allow", f"{cmd} should be allowed"
 
     def test_git_write_operations_are_allowed(self, settings: dict[str, Any]) -> None:
-        for cmd in ["git add .", 'git commit -m "msg"', "git push origin main"]:
+        for cmd in ["git add .", 'git commit -m "msg"']:
             assert evaluate(f"Bash({cmd})", settings) == "allow", f"{cmd} should be allowed"
 
+    def test_git_push_requires_confirmation(self, settings: dict[str, Any]) -> None:
+        """git push affects remote state -- requires confirmation."""
+        assert evaluate("Bash(git push origin main)", settings) == "ask"
+
     def test_testing_commands_are_allowed(self, settings: dict[str, Any]) -> None:
         for cmd in ["pytest tests/", "uv run pytest -v"]:
             assert evaluate(f"Bash({cmd})", settings) == "allow", f"{cmd} should be allowed"