4c2226ae57
Important fixes: - Document config key resolution (allowed_executables -> executables.allowed, mcp_allowed_servers -> names from [[mcp.servers]]) - Clarify CLAUDE_PROJECT_DIR source (derived from payload cwd field) - MCP rules: regex match_any operates on serialized tool_input, not tool_name - Add with_args_matching semantics (joined argument string) Suggestions also addressed: - Fix launchd plist: use absolute paths, note install.sh expands placeholders - Fix launchd socket path: use $TMPDIR for per-user isolation - Rename SECURITY_HOOKS_CONFIG -> SECURITY_HOOKS_HOME (contains both rules/ and config/ subdirectories) - Document directory discovery via single env var Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>