feat: optimise the claude settings for the project

.claude/settings.json

@@ -1,10 +1,8 @@
 {
   "permissions": {
     "allow": [
-      // ========== WEB FETCH ==========
       "WebFetch(*)",
 
-      // ========== FILE OPERATIONS (read-only & safe writes) ==========
       "Bash(ls:*)",
       "Bash(pwd:*)",
       "Bash(cat:*)",
@@ -25,25 +23,20 @@
       "Bash(du:*)",
       "Bash(df:*)",
 
-      // ========== NODE.JS / PACKAGE MANAGEMENT ==========
       "Bash(node:*)",
       "Bash(npm:*)",
       "Bash(npx:*)",
       "Bash(yarn:*)",
       "Bash(pnpm:*)",
 
-      // ========== TYPESCRIPT / BUILD ==========
       "Bash(tsc:*)",
       "Bash(ts-node:*)",
 
-      // ========== TESTING ==========
       "Bash(jest:*)",
 
-      // ========== LINTING / FORMATTING ==========
       "Bash(eslint:*)",
       "Bash(prettier:*)",
 
-      // ========== SAFE GIT OPERATIONS ==========
       "Bash(git status:*)",
       "Bash(git log:*)",
       "Bash(git diff:*)",
@@ -59,7 +52,6 @@
       "Bash(git merge:*)",
       "Bash(git rebase:*)",
 
-      // ========== TEXT PROCESSING & UTILITIES ==========
       "Bash(echo:*)",
       "Bash(printf:*)",
       "Bash(tr:*)",
@@ -68,13 +60,11 @@
       "Bash(jq:*)",
       "Bash(base64:*)",
 
-      // ========== PROCESS INFO (read-only) ==========
       "Bash(ps:*)",
       "Bash(whoami:*)",
       "Bash(which:*)",
       "Bash(where:*)",
 
-      // ========== MISC UTILITIES ==========
       "Bash(date:*)",
       "Bash(sleep:*)",
       "Bash(test:*)",
@@ -83,7 +73,6 @@
     ],
 
     "deny": [
-      // ========== DESTRUCTIVE FILESYSTEM OPERATIONS ==========
       "Bash(rm -rf /)",
       "Bash(rm -rf *)",
       "Bash(rm -rf ./*)",
@@ -92,7 +81,6 @@
       "Bash(mkfs.*)",
       "Bash(format:*)",
 
-      // ========== DESTRUCTIVE GIT OPERATIONS ==========
       "Bash(git push:*)",
       "Bash(git push --force:*)",
       "Bash(git push -f:*)",
@@ -103,52 +91,42 @@
       "Bash(git branch -D:*)",
       "Bash(git restore .:*)",
 
-      // ========== PRIVILEGE ESCALATION ==========
       "Bash(sudo:*)",
       "Bash(su:*)",
       "Bash(doas:*)",
 
-      // ========== FORK BOMBS ==========
       "Bash(:(){:|:&};:)",
 
-      // ========== REVERSE SHELLS ==========
       "Bash(/dev/tcp/*)",
       "Bash(/dev/udp/*)",
       "Bash(nc -e /bin/bash*)",
       "Bash(bash -c 'exec 1<>/dev/tcp/*')",
 
-      // ========== PIPE-EXEC FROM REMOTE ==========
       "Bash(curl * | bash*)",
       "Bash(curl * | sh*)",
       "Bash(wget * | bash*)",
       "Bash(wget * | sh*)",
       "Bash(source <(curl*)",
       "Bash(bash <(curl*)",
 
-      // ========== CREDENTIAL THEFT ==========
       "Bash(cat /etc/shadow*)",
       "Bash(cat /etc/passwd*)",
       "Bash(cat ~/.ssh/id_rsa*)",
       "Bash(cat ~/.aws/credentials*)",
       "Bash(cat ~/.docker/config.json*)",
       "Bash(cat ~/.kube/config*)",
 
-      // ========== PROCESS KILLING ==========
       "Bash(kill -9:*)",
       "Bash(killall:*)",
 
-      // ========== LOG & AUDIT DELETION ==========
       "Bash(history -c*)",
       "Bash(cat /dev/null > ~/.bash_history*)",
 
-      // ========== CLOUD METADATA EXPLOITS ==========
       "Bash(curl http://169.254.169.254/*)",
       "Bash(curl http://metadata.google.internal/*)",
 
-      // ========== DANGEROUS EVAL / INJECTION ==========
       "Bash(eval:*)",
 
-      // ========== KERNEL / SYSTEM MODIFICATION ==========
       "Bash(sysctl -w*)",
       "Bash(modprobe:*)",
       "Bash(insmod:*)",

.claudeignore

@@ -0,0 +1,25 @@
+# GIT repo
+.git/
+
+# Build artifacts
+dist/
+build/
+.next/
+.turbo/
+
+# Dependencies
+node_modules/
+vendor/
+
+# Large data files
+*.sql
+*.dump
+data/fixtures/
+
+# Generated code
+generated/
+__generated__/
+
+# Secrets
+.env*
+secrets/

CLAUDE.md

@@ -1,5 +1,58 @@
 # Claude Code Instructions
 
+## Project Overview
+
+This is the **Boson Protocol core-components** monorepo — a TypeScript SDK and tooling suite for building on top of the [Boson Protocol](https://bosonprotocol.io), a decentralised commerce protocol on Ethereum-compatible chains.
+
+The monorepo is managed with **Lerna** (independent versioning), **npm workspaces**, and **Turborepo** for task orchestration. All packages are under `packages/`, output dual ESM + CJS builds via TypeScript, and are tested with Jest.
+
+## Directory Map
+
+```
+packages/          ← Primary source code — start here for almost all tasks
+  common/          ← @bosonprotocol/common         — shared types, ABIs, interfaces, utilities
+  core-sdk/        ← @bosonprotocol/core-sdk        — main SDK (contracts + subgraph interactions)
+  ethers-sdk/      ← @bosonprotocol/ethers-sdk      — ethers.js Web3LibAdapter implementation
+  eth-connect-sdk/ ← @bosonprotocol/eth-connect-sdk — eth-connect Web3LibAdapter implementation
+  ipfs-storage/    ← @bosonprotocol/ipfs-storage    — IPFS metadata storage implementation
+  metadata/        ← @bosonprotocol/metadata        — offer metadata schemas, types, validators
+  metadata-storage/← @bosonprotocol/metadata-storage— metadata storage interface definitions
+  react-kit/       ← @bosonprotocol/react-kit       — React components and hooks
+  subgraph/        ← @bosonprotocol/subgraph        — The Graph subgraph (indexing protocol data)
+
+scripts/           ← One-off TypeScript utility scripts (ts-node); not published packages
+e2e/               ← End-to-end test suite (Jest, Docker services)
+data/              ← Static data: metadata templates, exchange policy rules
+docs/              ← Developer documentation (Markdown)
+
+contracts/         ← ⚠️  GIT SUBMODULE — see warning below
+```
+
+## ⚠️ contracts/ Is a Git Submodule — Avoid Unless Explicitly Needed
+
+`contracts/` is a **separate Git submodule** (`bosonprotocol/boson-protocol-contracts`) containing the Solidity smart contracts, Hardhat configuration, deployment scripts, and contract artifacts.
+
+**Do not explore or read files inside `contracts/` unless the task explicitly requires inspecting smart contract source code.**
+
+Reasons to stay out of `contracts/`:
+- It is not part of day-to-day SDK or UI development.
+- Its content is managed independently and is very large.
+- Contract ABIs consumed by the SDK are already exported as JSON into `packages/common/src/abis/` — use those instead.
+
+**Only enter `contracts/` when you need to:**
+- Read or modify Solidity source files (`.sol`)
+- Inspect Hardhat configuration or deployment scripts inside `contracts/`
+- Investigate a contract-level bug that cannot be understood from the ABI alone
+
+## Key Conventions
+
+- **Language**: TypeScript everywhere (strict mode via `tsconfig.base.json`)
+- **Build**: `npm run build` (Turborepo runs `tsc` + CJS build per package)
+- **Test**: `npm run test` (Jest, per-package configs)
+- **Lint**: ESLint + Prettier; `npm run lint:fix` auto-fixes issues
+- **Versioning**: Lerna independent (`lerna.json`); Conventional Commits enforced on PRs
+- **Commit/PR titles**: must follow Conventional Commits (see `.github/copilot-instructions.md`)
+
 ## Post-task linting
 
 After completing any task (once code and test changes have been functionally validated), always run: