From forge-tlp
TLP file access control — RED/AMBER/GREEN/CLEAR classification, .tlp config, frontmatter overrides. USE WHEN accessing protected files or configuring file access policies.
npx claudepluginhub n4m3z/forge-tlpThis skill uses the workspace's default tool permissions.
TLP classifies files by sensitivity. A `.tlp` config at the directory root defines path-based defaults. First match wins. Unlisted files default to AMBER.
Provides data classification framework with sensitivity levels (Public to Top Secret), handling requirements for access, encryption, sharing, retention, disposal, and labeling.
Enforces tiered runtime guardrails on Claude Code agent actions: auto-approves reads/routines, notifies on writes/commits, requires approval for installs/emails/deletes, blocks credential leaks/sudo. Logs audits.
Implements enterprise security patterns for Claude Code: role-based permission hardening, secrets blocking scripts, Vault integration, audit hooks for SOC2, HIPAA, GDPR compliance.
Share bugs, ideas, or general feedback.
TLP classifies files by sensitivity. A .tlp config at the directory root defines path-based defaults. First match wins. Unlisted files default to AMBER.
| Level | Read | Edit/Write |
|---|---|---|
RED | Blocked entirely | Blocked entirely |
AMBER | Blocked — requires user approval, then use safe-read | Allowed (never output content verbatim). Edit/Write emit a warning. |
GREEN | Allowed | Allowed |
CLEAR | Allowed | Allowed |
The tlp-guard hook intercepts Read, Edit, and Write tool calls. It walks up from the file path to the nearest .tlp config, classifies the file, and enforces the level.
If the .tlp config file exists but cannot be read (e.g., corrupted or permission error), all files are treated as RED until fixed (fail-closed).
tlp-guard blocks (exit 2)safe-read commandsafe-read command via Bash (see /SafeRead skill)safe-read outputs the file with #tlp/red sections and secrets stripped.tlp Config FilePlace a .tlp file at the root of any directory tree to protect it. Patterns are glob-style against relative paths in a .yaml file
RED:
- "*.pdf"
- "Resources/Contacts/**"
AMBER:
- "Resources/Journals/**"
GREEN:
- "Topics/**"
- "Resources/Agents/**"
CLEAR:
- ".tlp"
- "CLAUDE.md"
Supported patterns:
*.ext — match files by extension anywheredir/** — match all files under a directory prefixexact/path.md — match a specific fileFiles can override their path-based classification with a tlp: field in YAML frontmatter:
---
tlp: RED
---
The effective level is the more restrictive of path-based and frontmatter-based classification. This means a file can escalate its protection (e.g., GREEN path + RED frontmatter = RED), but never downgrade it (e.g., AMBER path + GREEN frontmatter = AMBER).
Valid values: RED, AMBER, GREEN, CLEAR (case-insensitive). Unrecognized values are ignored.
Within AMBER files, #tlp/red marks the start of redacted content. Processed by safe-read (see /SafeRead skill).
#tlp/red alone on a line starts a multi-line redacted section, ended by #tlp/amber, #tlp/green, or #tlp/clear alone on a line:
Normal content visible to the AI.
#tlp/red
Private content the AI must not see.
#tlp/amber
Back to normal content.
Output: the entire section between markers is replaced with a single [REDACTED] line.
#tlp/red mid-line redacts from the marker to the next #tlp/* boundary tag on the same line, or to end of line:
Normal text #tlp/red secret text #tlp/amber more normal text.
Text with #tlp/red secret to end of line
Output:
Normal text [REDACTED] more normal text.
Text with [REDACTED]
#tlp/red redacts to end of file (block mode) or end of line (inline mode) — fail-safe[REDACTED] line[REDACTED] in place/SafeRead — runtime redaction tools (safe-read, blind-metadata)/SecretScan — commit-time secret scanning with gitleaks!dispatch skill-load forge-tlp