From 8565dc09cd0b35bc39742b7fad4ced9b4ac0ed81 Mon Sep 17 00:00:00 2001 From: catlog22 Date: Fri, 31 Oct 2025 15:47:47 +0800 Subject: [PATCH] docs: clarify single-use explicit authorization for CLI tools MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add critical rule that each CLI execution requires explicit user command: - One command authorizes ONE execution only - Analysis does NOT authorize write operations - Previous authorization does NOT carry over - Applies to all CLI tools (Gemini/Qwen/Codex) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- .claude/workflows/intelligent-tools-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.claude/workflows/intelligent-tools-strategy.md b/.claude/workflows/intelligent-tools-strategy.md index 18d90ed1..9e1668d5 100644 --- a/.claude/workflows/intelligent-tools-strategy.md +++ b/.claude/workflows/intelligent-tools-strategy.md @@ -447,7 +447,7 @@ bash(codex -C directory --full-auto exec "task") # Complex implementation: 90-1 #### Write Operation Protection -**⚠️ WRITE PROTECTION**: Local codebase write/modify requires EXPLICIT user confirmation +**⚠️ CRITICAL: Single-Use Explicit Authorization**: Each CLI execution (Gemini/Qwen/Codex) requires explicit user command instruction - one command authorizes ONE execution only. Analysis does NOT authorize write operations. Previous authorization does NOT carry over to subsequent actions. Each operation needs NEW explicit user directive. **Mode Hierarchy**: - **Analysis Mode (default)**: Read-only, safe for auto-execution