Round out Chrome DevTools MCP allowlist in .claude/settings.json

[aram356]

Context

.claude/settings.json currently allows three Chrome DevTools MCP tools:

• new_page
• performance_stop_trace
• evaluate_script

The plugin exposes ~40 tools, and the current set looks like ad-hoc additions rather than a deliberate read-only allowlist. As a result, common observability operations (taking a screenshot, listing console messages, inspecting network requests) prompt every time even though they have no side effects worth gating.

Proposal

Add the following read-only / observability tools to permissions.allow:

• list_pages, select_page, navigate_page
• take_screenshot, take_snapshot
• list_console_messages, get_console_message
• list_network_requests, get_network_request
• wait_for
• performance_start_trace, performance_analyze_insight

Continue to require prompts for tools that mutate page state or are interactive:

• click, fill, fill_form, drag, hover, press_key, type_text, upload_file
• close_page, handle_dialog
• emulate, resize_page
• lighthouse_audit, take_memory_snapshot (heavy)

Why

Reduces friction during debugging sessions without expanding the agent's ability to take visible/destructive actions in the browser.

Tracked in PR fixing the trailing-comma JSON syntax error in the same file.