// Browse all global and local Claude Code config files (settings.json, settings.local.json, CLAUDE.md), audit them for issues, percolate recurring local patterns into the global config, and review past session transcripts for tool calls denied by the sandbox or allow/deny rules to propose allowlist refinements.
| name | claude-config-self-tune |
| description | Browse all global and local Claude Code config files (settings.json, settings.local.json, CLAUDE.md), audit them for issues, percolate recurring local patterns into the global config, and review past session transcripts for tool calls denied by the sandbox or allow/deny rules to propose allowlist refinements. |
| allowed-tools | Bash, Read, Grep, Glob, Edit, Agent |
| argument-hint | [~/code or parent directory to scan] |
Scan all Claude Code configuration files across projects, audit them for issues, and promote recurring local patterns into the global config.
Claude Code configuration lives in several layers, loaded in this order (later wins):
| Scope | File | Purpose |
|---|---|---|
| Global user | ~/.claude/settings.json | Permissions, hooks, env vars, plugins |
| Global user local | ~/.claude/settings.local.json | Machine-specific overrides (not committed) |
| Global instructions | ~/.claude/CLAUDE.md | User-wide behavioral instructions |
| Project | <project>/.claude/settings.json | Project-level permissions and hooks |
| Project local | <project>/.claude/settings.local.json | Machine-specific project overrides |
| Project instructions | <project>/CLAUDE.md | Project-level behavioral instructions |
| Subdirectory instructions | <project>/<subdir>/CLAUDE.md | Scoped instructions for a subtree |
$ARGUMENTS is an optional parent directory to scan for projects. Defaults to ~/code.
Read the global config files:
~/.claude/settings.json~/.claude/settings.local.json~/.claude/CLAUDE.mdFind all projects under the scan directory. Use /usr/bin/find (not the shell alias) to locate:
*/.claude/settings.json*/.claude/settings.local.json*/CLAUDE.md*/**/CLAUDE.md (subdirectory instructions)Search up to 4 levels deep. Exclude node_modules, .git, __pycache__, and venv directories.
Build an inventory table of every config file found, grouped by project.
Read every config file discovered. For each, check:
allow entries that are already covered by a global allow rule (exact match or glob superset).allow entries that contradict a global deny rule, or vice versa.Bash(*) or similar wildcards that bypass the deny list.settings.local.json files for projects that no longer exist or haven't been opened recently.~/.claude/CLAUDE.md.@ includes pointing to files that don't exist.Identify patterns that appear across multiple projects and would benefit from promotion to the global config:
allow entry.~/.claude/settings.json.Scan past session transcripts to find tool calls that were denied by the sandbox or by the permission allow/deny rules, then propose allowlist refinements.
~/.claude/projects/<encoded-project-path>/<session-uuid>.jsonl: one JSONL file per session, sibling to a directory of the same UUID containing tool results./ with -, so /Users/kde/code/dotfiles becomes -Users-kde-code-dotfiles.Search transcripts for these markers in message.content[*].content and toolUseResult fields:
Permission to use <Tool> with command <X> has been denied.: user pressed "deny" on a permission prompt.requires approval, requires permission: tool call paused on the allowlist gate.Operation not permitted, sandbox, dangerouslyDisableSandbox: sandbox filesystem or network denial.EACCES, EPERM: surfaced when a sandboxed command hits a denied path.Use Grep with these patterns across ~/.claude/projects/**/*.jsonl. Default to the last 30 days; allow the user to widen the window.
For each denial, extract:
Bash(rm:*), Read(/Users/kde/.ssh/**), WebFetch(domain:example.com).Group denials by rule shape and count occurrences across sessions and projects.
Each recurring denial falls into one of three buckets, and the proposed change differs by bucket:
allow rule, scoped to the smallest pattern that covers the observed calls (prefer Bash(tool:*) over Bash(*)).deny rule so future calls fail fast without an interactive prompt, or propose a hook that rewrites the call.permissions.additionalDirectories or the host to the network allowlist, and never propose dangerouslyDisableSandbox as a fix.Skip one-off denials (single occurrence, no project recurrence): they are noise.
Add a "Session denials" section to the Phase 4 report with:
~/.claude/settings.json (or the project settings.json when the pattern is project-specific).additionalDirectories or network host entry, with the originating command for context.Present a structured report:
Table of all config files found:
| Project | settings.json | settings.local.json | CLAUDE.md | Subdirectory CLAUDE.md |
Use checkmarks for present, dashes for absent.
Group by severity:
For each issue, show the file path, the problematic entry, and why it's flagged.
For each candidate:
A numbered list of concrete changes, ordered by impact:
additionalDirectories or network host additions for recurring sandbox denialsAfter presenting the report, ask the user which actions to apply. Then:
~/.claude/settings.json to add promoted permissions.settings.local.json files without explicit user confirmation (they may contain machine-specific overrides)./usr/bin/find for file discovery — the shell may alias find to gfind.Bash(git *) covers Bash(git status *).settings.json is a symlink (common in dotfiles repos), follow it and report the real path.Orchestrate release preparation. Reconcile the changelog, code, and docs to the net release state, then commit, push, and babysit CI until the release PR is built and `main` is green. Stop before the merge. Review-gated in normal use, fully autonomous under `--dangerously-skip-permissions`.
Analyze a GitHub repository's issues and PRs to find unaddressed feature requests, dismissed ideas, maintenance signals, and opportunities relevant to the current project. Use when you want to scout a related or competing repo for gaps your project could fill.
Triage new issues and PRs on awesome-list repos by applying curation criteria distilled from past decisions.
Fill a web form using data extracted from local documents (PDFs, images, spreadsheets). Uses Claude Desktop (Cowork) with Chrome integration to read source documents and navigate/fill browser forms. Use when the user wants to automate filling an online form from document data.
Audit open PRs across multiple repos for duplicates, stale drafts, Renovate noise, and conflicts. Produces a unified priority report.
Rename documents and files (PDFs, images, screenshots, etc.) by reading their content to extract the effective/publication date, then renaming them with a "YYYY-MM-DD - Clear descriptive title.ext" format. Use when the user wants to organize files with date prefixes based on document content.