$ recombobulate _
~/recombobulate $ tip --list --tag="security"

// 37 tips tagged "security"

0
Scan Pending Changes for Security Issues with /security-review

The /security-review command scans your uncommitted changes for injection vectors, auth gaps, hardcoded secrets, and other common vulnerabilities.

Workflows advanced productivity code-review git security
bagwaa @bagwaa · 24 minutes ago
0
Use Authentication Precedence to Debug Login Issues

Claude Code checks credentials in a specific order. A stale ANTHROPIC_API_KEY in your shell can shadow your subscription login without any obvious error.

Configuration advanced productivity debugging security configuration
bagwaa @bagwaa · 1 hour ago
0
Use otelHeadersHelper for Dynamic Auth Tokens in Telemetry

The otelHeadersHelper setting runs a script to generate fresh authentication headers for your OTel backend, refreshing automatically every 29 minutes.

Configuration advanced productivity automation security configuration
bagwaa @bagwaa · 1 hour ago
0
Export Claude Code Events with OpenTelemetry Logs

Claude Code exports detailed events via OpenTelemetry logs, giving you a full audit trail of every tool call, API request, and user prompt.

Configuration advanced productivity automation security configuration performance
bagwaa @bagwaa · 1 hour ago
0
Use Prompt Hooks to Let Claude Guard Its Own Tool Calls

Use prompt hooks to evaluate tool calls with an LLM instead of bash scripts, describing your safety policies in plain English rather than brittle regex patterns.

Configuration advanced productivity automation hooks security
bagwaa @bagwaa · 1 hour ago
0
Use --permission-prompt-tool for Custom Approval Flows in CI

Route Claude Code's permission prompts to a custom MCP tool in CI, so automated runs get programmatic approval instead of blanket allow-all or fail-on-prompt.

Configuration advanced productivity automation ci-cd security mcp-servers
bagwaa @bagwaa · 1 hour ago
0
Use --tools to Restrict Which Built-In Tools Claude Can Use

Define exactly which built-in tools Claude can access in a session, from full capabilities down to read-only or even no tools at all.

Configuration advanced productivity automation security configuration
bagwaa @bagwaa · 1 hour ago
0
Use Deny Rules to Block Access to Sensitive Files

Add deny rules to your project settings to prevent Claude Code from reading .env files, credentials, and other sensitive paths.

Configuration advanced productivity security configuration
bagwaa @bagwaa · 2 hours ago
0
Enable Sandbox Mode to Isolate Bash Commands

Enable sandbox mode to let Claude run bash commands freely within controlled filesystem and network boundaries.

Configuration advanced productivity automation security configuration
bagwaa @bagwaa · 2 hours ago
0
Use apiKeyHelper to Rotate Credentials Automatically

Point Claude Code at a script that returns a fresh API key from your vault, so you never hardcode credentials again.

Configuration advanced productivity automation security configuration
bagwaa @bagwaa · 2 hours ago
0
Lock Down MCP Servers with --strict-mcp-config

Use --strict-mcp-config to restrict Claude Code to only the MCP servers you explicitly provide, ignoring all other sources.

MCP Servers advanced productivity automation ci-cd security mcp-servers
bagwaa @bagwaa · 2 hours ago
0
Block Specific Tools with --disallowedTools

Remove tools entirely from Claude's context with --disallowedTools to enforce hard constraints like read-only analysis.

Configuration advanced productivity automation security configuration
bagwaa @bagwaa · 2 hours ago