deny-rules

How do I stop Claude Code from leaking my .env to a tool call?

Deny rules in .claude/settings.json catch Read(.env*) and the obvious Bash escape hatches (env, printenv, cat .env*, git diff*); a PreToolUse hook adds belt-and-suspenders. Allowlists are cleaner long-term. Auto mode is the place this leaks first.