Sync Claude Config
Merge files from ~/.claude/ into this public repo, sanitizing private information.
Workflow
1. Locate Source and Target
SOURCE="$HOME/.claude" TARGET="<repo-root>" # detect from current working directory or user input
Confirm both paths with the user before proceeding.
2. Discover Syncable Files
Scan these directories/files in ~/.claude/:
| Source Path | Target Path | Notes |
|---|---|---|
CLAUDE.md | CLAUDE.md | Always sanitize |
CLAUDE_CodeMap.md | CLAUDE_CodeMap.md | Usually generic |
settings.json | settings.json | Sanitize permissions, paths |
mcp.json | mcp.json | Sanitize tokens |
statusline-command.sh | statusline-command.sh | Usually generic |
agentic_prompt_template.md | agentic_prompt_template.md | Usually generic |
agents/*.md | agents/*.md | Skip non-agent files |
agents/specs/*.md | agents/specs/*.md | Usually generic |
instructions/*.md | instructions/*.md | Sanitize infra details |
output-styles/*.md | output-styles/*.md | Usually generic |
skills/*/SKILL.md | skills/*/SKILL.md | Usually generic |
skills/*/references/* | skills/*/references/* | Usually generic |
Skip entirely: .credentials.json, history.jsonl, stats-cache.json, security_warnings_state_*, session-env/, file-history/, debug/, cache/, shell-snapshots/, todos/, tasks/, plans/, paste-cache/, plugins/, projects/, telemetry/, statsig/, downloads/, any *:Zone.Identifier files.
3. Compare and Identify Changes
For each syncable file:
- •Check if it exists in target repo
- •If it exists, diff source vs target to find meaningful changes
- •If it's new, flag as "NEW"
- •If content differs, flag as "CHANGED"
Present a summary table to the user:
Status | File --------|--------------------------- NEW | agents/security-auditor.md CHANGED | CLAUDE.md CHANGED | settings.json OK | agents/code-reviewer.md
Ask user which files to sync. Default: all NEW and CHANGED files.
4. Copy and Sanitize
For each file being synced, copy from source then apply sanitization rules. See references/sanitization-rules.md for the full rule set.
Sanitization priority:
- •Credentials/secrets - API keys, tokens, passwords (CRITICAL)
- •Personal identifiers - Real names, email addresses, usernames
- •Infrastructure - AWS account IDs, hostnames, IP addresses, database endpoints
- •Local paths - Home directories, project-specific absolute paths
- •Project-specific - Product names, company names, internal tool references
For each file:
- •Read the source file
- •Apply all matching sanitization rules from the rules reference
- •Write to target path
- •Verify no private patterns remain with a grep check
5. Post-Sync Verification
After all files are synced, run a final scan:
# Scan for any remaining private info grep -rn '<PATTERNS_FROM_RULES>' <TARGET>/
Report any findings and fix them before finishing.
6. Report
Present a summary:
Sync Complete ============= Synced: N files (X new, Y updated) Skipped: M files (unchanged) Sanitized: P replacements made Files synced: NEW agents/security-auditor.md UPDATED CLAUDE.md (3 sanitizations) UPDATED settings.json (12 sanitizations)
Special Handling
settings.json
- •Remove all project-specific
Bash(...)permission entries (keep only generic ones likeBash(ls:*),Bash(git log:*), etc.) - •Remove
trustedWorkspacesentries - •Remove
feedbackSurveyState - •Replace home directory paths with
<YOUR_USER>placeholder inRead()permissions - •Keep
enabledPluginsas-is (no private info) - •Keep
env,statusLine,alwaysThinkingEnabled,installMethod
CLAUDE.md
- •Replace personal names and contact info with placeholders
- •Replace absolute project paths with generic examples
- •Remove company-specific sections (or replace company name with placeholder)
- •Keep all workflow rules, conventions, and best practices intact
instructions/aws-*.md (or similar infra files)
- •These are typically too specific to sanitize. Recommend excluding or heavily redacting.
- •If user wants them included, replace ALL account IDs, hostnames, IPs, bucket names, function names, email addresses.
mcp.json
- •Token env vars using
${VAR_NAME}syntax are already safe - •Remove any hardcoded tokens or credentials
- •Keep server configurations as useful examples