Bypass policies and rate limits
Exceptions let Claude bypass validation blocks when there's a good reason. Each policy controls a specific error code - whether exceptions are allowed, whether a justification is required, and how many are permitted per hour or day.
All three presets include audit logging. The difference is how strict the requirements are.
See the exceptions guide for the full policy syntax and audit log format.
Standard exception workflow with rate limits and audit logging.
#:schema https://klaudiu.sh/schema/v1/config.json
# Basic
# Standard exception workflow with rate limits and audit logging.
[exceptions]
enabled = true
# GIT019: Direct push to protected branch
# Allows emergency pushes to main/master with justification
[exceptions.policies.GIT019]
enabled = true
allow_exception = true
require_reason = true
min_reason_length = 10
description = "Exception for direct push to protected branches"
# GIT022: Commit message format violation
# Allows occasional commits with non-standard messages
[exceptions.policies.GIT022]
enabled = true
allow_exception = true
require_reason = true
min_reason_length = 5
max_per_hour = 3
max_per_day = 10
description = "Exception for commit message format"
# SEC001: Secrets detected in file
# Allows test fixtures and mock data
[exceptions.policies.SEC001]
enabled = true
allow_exception = true
require_reason = true
valid_reasons = ["test fixture", "mock data", "example config", "documentation"]
description = "Exception for secrets in test files"
# Global rate limits
[exceptions.rate_limit]
enabled = true
max_per_hour = 10
max_per_day = 50
# Audit logging
[exceptions.audit]
enabled = true
max_size_mb = 10
max_age_days = 30
max_backups = 3Relaxed policies for development. No justification required.
#:schema https://klaudiu.sh/schema/v1/config.json
# Development
# Relaxed policies for development. No justification required.
[exceptions]
enabled = true
# GIT019: Direct push to protected branch
# More lenient for feature branches
[exceptions.policies.GIT019]
enabled = true
allow_exception = true
require_reason = false
max_per_hour = 10
max_per_day = 50
description = "Development push to protected branches"
# GIT022: Commit message format
# Allow WIP commits during development
[exceptions.policies.GIT022]
enabled = true
allow_exception = true
require_reason = false
description = "WIP commits allowed in development"
# SEC001: Secrets detected
# More lenient for test data
[exceptions.policies.SEC001]
enabled = true
allow_exception = true
require_reason = false
description = "Test fixtures allowed without reason"
# FILE005: Markdown formatting
# Allow flexibility during drafting
[exceptions.policies.FILE005]
enabled = true
allow_exception = true
require_reason = false
description = "Draft documentation allowed"
# Global rate limits - relaxed
[exceptions.rate_limit]
enabled = true
max_per_hour = 20
max_per_day = 100
# Audit logging - shorter retention
[exceptions.audit]
enabled = true
max_size_mb = 5
max_age_days = 7
max_backups = 1Production-grade policies. Every exception needs a reason.
#:schema https://klaudiu.sh/schema/v1/config.json
# Strict security
# Production-grade policies. Every exception needs a reason.
[exceptions]
enabled = true
token_prefix = "EXC"
# GIT019: Direct push to protected branch
# Strictly limited for emergency use only
[exceptions.policies.GIT019]
enabled = true
allow_exception = true
require_reason = true
min_reason_length = 20
valid_reasons = [
"critical security patch",
"production hotfix approved",
"emergency rollback",
"incident response"
]
max_per_hour = 1
max_per_day = 3
description = "Emergency push to protected branch (requires approval)"
# SEC001: Secrets detected
# Only allowed in test directories with specific reasons
[exceptions.policies.SEC001]
enabled = true
allow_exception = true
require_reason = true
valid_reasons = [
"test fixture",
"mock credentials",
"example configuration"
]
max_per_hour = 5
max_per_day = 20
description = "Secrets in test files only"
# SEC003: Private keys detected
# NEVER allow exceptions - too dangerous
[exceptions.policies.SEC003]
enabled = true
allow_exception = false
description = "Private keys - no exceptions allowed"
# GIT022: Commit message format
# Disabled - always require proper commit messages
[exceptions.policies.GIT022]
enabled = false
description = "Commit format violations not allowed"
# Global rate limits - very restrictive
[exceptions.rate_limit]
enabled = true
max_per_hour = 5
max_per_day = 15
state_file = "~/.klaudiush/exceptions/state.json"
# Audit logging - longer retention for compliance
[exceptions.audit]
enabled = true
log_file = "~/.klaudiush/exception_audit.jsonl"
max_size_mb = 50
max_age_days = 90
max_backups = 10