@heart-of-gold/toolkit 0.1.13 → 0.1.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@heart-of-gold/toolkit",
3
- "version": "0.1.13",
3
+ "version": "0.1.14",
4
4
  "type": "module",
5
5
  "description": "Cross-platform installer for Heart of Gold skills — works with Codex, OpenCode, Pi, Claude Code, and more",
6
6
  "bin": {
@@ -59,6 +59,18 @@ Choose the permission mode based on what Claude Code needs to do:
59
59
  - `default` only when prompts are acceptable or when permissions are constrained with `--allowedTools`
60
60
  6. Run the command, capture stdout/stderr, and summarize the outcome for the user.
61
61
 
62
+ ## Codex Execution
63
+
64
+ When this skill is used from Codex, the skill cannot bypass Codex sandbox policy on its own. Instead, instruct Codex to choose the correct execution path:
65
+
66
+ - Run inside the sandbox first when the task is clearly local and read-only.
67
+ - If Claude Code needs network access, auth refresh, access outside the writable sandbox, or the in-sandbox run fails or hangs for likely sandbox reasons, rerun via `exec_command` with `sandbox_permissions: "require_escalated"`.
68
+ - Use a concise justification that tells the reviewer why Claude Code needs elevation, for example:
69
+ - "Do you want me to run Claude Code with network access so it can authenticate and complete this review?"
70
+ - "Do you want me to rerun Claude Code outside the sandbox because the in-sandbox headless run appears blocked by permissions?"
71
+ - Prefer a narrow approval request. Ask for elevation only for the Claude invocation that needs it, not unrelated commands.
72
+ - If the task is high-risk, restate the chosen Claude permission mode when asking for elevation.
73
+
62
74
  ## Best Practices
63
75
 
64
76
  - Use `--max-turns` for automation. It keeps review and implementation runs bounded.
@@ -189,5 +201,6 @@ claude -r latest -p \
189
201
  - Stop and report failures whenever `claude --version` or a `claude -p` command exits non-zero.
190
202
  - If Claude Code reports permission issues, choose the correct permission mode or constrain tools explicitly.
191
203
  - If a headless run gets stuck on permissions, either switch to `plan`, use `acceptEdits`, or provide `--allowedTools` / a permission prompt tool.
204
+ - In Codex, if the likely cause is sandboxing or network denial, rerun with reviewer-approved `require_escalated` execution instead of repeatedly retrying the same sandboxed command.
192
205
  - Do not use `bypassPermissions` unless the user explicitly approves it.
193
206
  - If debugging a failing wrapper invocation, fall back to the direct `claude` command first.
package/src/index.ts CHANGED
@@ -7,7 +7,7 @@ import { targetsCommand } from "./commands/targets";
7
7
  const main = defineCommand({
8
8
  meta: {
9
9
  name: "heart-of-gold",
10
- version: "0.1.13",
10
+ version: "0.1.14",
11
11
  description:
12
12
  "Cross-platform installer for Heart of Gold skills — Codex, OpenCode, Pi, Claude Code, and more",
13
13
  },