@jaguilar87/gaia-ops 3.2.0 → 3.2.2

package/CHANGELOG.md

@@ -5,6 +5,57 @@ All notable changes to the CLAUDE.md orchestrator instructions are documented in
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.2.2] - 2025-12-09
+
+### Enhanced Permissions System
+
+Complete overhaul of the permissions configuration to implement "permissive-with-guardrails" strategy.
+
+#### Changed
+- **Comprehensive allow[] rules**: 331 specific read-only patterns for shell, git, kubernetes, helm, flux, terraform, aws, gcp, docker commands
+- **Granular ask[] rules**: 162 modification operations that require user confirmation
+- **Strict deny[] rules**: 73 destructive operations that are completely blocked
+
+#### Fixed
+- Removed duplicate patterns (`uname:*`, `xargs:*`)
+- Fixed `gsutil rm -r:*::*` → `gsutil rm -r:*` (incorrect double colon)
+- Added missing `git branch:*` to allow[] for `git branch -a`
+
+#### Added
+- **New test suite**: `tests/permissions-validation/test_permissions_validation.py`
+  - Emulates Claude Code's actual permission matching behavior
+  - 114 test cases across 13 categories
+  - Tests prefix matching with `:*` wildcard
+  - Validates precedence: Deny → Allow → Ask
+
+#### Philosophy
+- **Allow**: Read-only commands execute automatically (no confirmation)
+- **Ask**: Modification commands require user approval (can be approved)
+- **Deny**: Destructive commands are blocked (cannot be approved)
+
+---
+
+## [3.2.1] - 2025-12-06
+
+### Security Fix - Permission Bypass Bug
+
+**Critical security fix** for permission enforcement in `settings.template.json`.
+
+#### Fixed
+- **Removed generic `"Bash"` from `allow[]`**: The generic `"Bash"` permission was bypassing all specific `ask[]` rules like `"Bash(git push:*)"`, allowing T3 operations (git push, git commit) to execute without user confirmation.
+- **Changed hook matcher from `"BashTool"` to `"Bash"`**: The PreToolUse and PostToolUse hooks were configured with matcher `"BashTool"` but Claude Code invokes the tool as `"Bash"`, causing hooks to never execute.
+
+#### Root Cause Analysis
+- See post-mortem: Generic permission `allow: ["Bash"]` has higher precedence than specific `ask: ["Bash(git push:*)"]` in Claude Code's permission evaluation.
+- Hook matchers must match the exact tool name used by Claude Code.
+
+#### Impact
+- All git operations (push, commit, add) now correctly trigger "ask" confirmation
+- PreToolUse hooks now execute for bash commands
+- Security tier enforcement restored
+
+---
+
 ## [3.2.0] - 2025-12-06
 
 ### Added - Episodic Memory P0+P1 Enhancements

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jaguilar87/gaia-ops",
-  "version": "3.2.0",
+  "version": "3.2.2",
   "description": "Multi-agent orchestration system for Claude Code - DevOps automation toolkit",
   "main": "index.js",
   "type": "module",

package/templates/settings.template.json

@@ -3,7 +3,7 @@
   "hooks": {
     "PreToolUse": [
       {
-        "matcher": "BashTool",
+        "matcher": "Bash",
         "hooks": [
           {
             "type": "command",
@@ -14,7 +14,7 @@
     ],
     "PostToolUse": [
       {
-        "matcher": "BashTool",
+        "matcher": "Bash",
         "hooks": [
           {
             "type": "command",
@@ -37,7 +37,6 @@
   },
   "permissions": {
     "allow": [
-      "Bash",
       "BashOutput",
       "ExitPlanMode",
       "Glob",
@@ -55,15 +54,330 @@
       "Edit(/tmp/*)",
       "Write(/tmp/*)",
       "NotebookEdit",
+
       "Bash(echo:*)",
       "Bash(cat:*)",
-      "Bash(rm /tmp/*)",
-      "Bash(mv /tmp/*)",
-      "Bash(cp /tmp/*)",
-      "Bash(mkdir /tmp/*)",
-      "Bash(ls /tmp/*)",
-      "Bash(touch /tmp/*)",
-      "Bash(tee /tmp/*)"
+      "Bash(ls:*)",
+      "Bash(pwd:*)",
+      "Bash(cd:*)",
+      "Bash(head:*)",
+      "Bash(tail:*)",
+      "Bash(grep:*)",
+      "Bash(find:*)",
+      "Bash(which:*)",
+      "Bash(whoami:*)",
+      "Bash(hostname:*)",
+      "Bash(date:*)",
+      "Bash(uname:*)",
+      "Bash(env:*)",
+      "Bash(printenv:*)",
+      "Bash(wc:*)",
+      "Bash(sort:*)",
+      "Bash(uniq:*)",
+      "Bash(diff:*)",
+      "Bash(file:*)",
+      "Bash(stat:*)",
+      "Bash(realpath:*)",
+      "Bash(dirname:*)",
+      "Bash(basename:*)",
+      "Bash(tree:*)",
+      "Bash(du:*)",
+      "Bash(df:*)",
+      "Bash(free:*)",
+      "Bash(uptime:*)",
+      "Bash(ps:*)",
+      "Bash(top:*)",
+      "Bash(htop:*)",
+      "Bash(id:*)",
+      "Bash(groups:*)",
+      "Bash(getent:*)",
+      "Bash(locale:*)",
+      "Bash(timedatectl:*)",
+      "Bash(lsb_release:*)",
+      "Bash(arch:*)",
+      "Bash(nproc:*)",
+      "Bash(lscpu:*)",
+      "Bash(lsmem:*)",
+      "Bash(ip:*)",
+      "Bash(ifconfig:*)",
+      "Bash(netstat:*)",
+      "Bash(ss:*)",
+      "Bash(ping:*)",
+      "Bash(traceroute:*)",
+      "Bash(nslookup:*)",
+      "Bash(dig:*)",
+      "Bash(host:*)",
+      "Bash(curl:*)",
+      "Bash(wget:*)",
+      "Bash(nc:*)",
+      "Bash(telnet:*)",
+      "Bash(jq:*)",
+      "Bash(yq:*)",
+      "Bash(xargs:*)",
+      "Bash(awk:*)",
+      "Bash(sed:*)",
+      "Bash(cut:*)",
+      "Bash(tr:*)",
+      "Bash(tee:*)",
+      "Bash(read:*)",
+      "Bash(printf:*)",
+      "Bash(test:*)",
+      "Bash([:*)",
+      "Bash(true:*)",
+      "Bash(false:*)",
+      "Bash(exit:*)",
+      "Bash(return:*)",
+      "Bash(source:*)",
+      "Bash(.:*)",
+      "Bash(export:*)",
+      "Bash(set:*)",
+      "Bash(unset:*)",
+      "Bash(alias:*)",
+      "Bash(type:*)",
+      "Bash(command:*)",
+      "Bash(hash:*)",
+      "Bash(time:*)",
+      "Bash(timeout:*)",
+      "Bash(watch:*)",
+      "Bash(sleep:*)",
+      "Bash(wait:*)",
+      "Bash(kill:*)",
+      "Bash(pkill:*)",
+      "Bash(pgrep:*)",
+      "Bash(jobs:*)",
+      "Bash(fg:*)",
+      "Bash(bg:*)",
+      "Bash(nohup:*)",
+      "Bash(disown:*)",
+      "Bash(history:*)",
+      "Bash(fc:*)",
+      "Bash(pushd:*)",
+      "Bash(popd:*)",
+      "Bash(dirs:*)",
+      "Bash(tar:*)",
+      "Bash(gzip:*)",
+      "Bash(gunzip:*)",
+      "Bash(zip:*)",
+      "Bash(unzip:*)",
+      "Bash(base64:*)",
+      "Bash(md5sum:*)",
+      "Bash(sha256sum:*)",
+      "Bash(openssl:*)",
+
+      "Bash(git status:*)",
+      "Bash(git diff:*)",
+      "Bash(git log:*)",
+      "Bash(git show:*)",
+      "Bash(git branch:*)",
+      "Bash(git remote:*)",
+      "Bash(git fetch:*)",
+      "Bash(git stash list:*)",
+      "Bash(git describe:*)",
+      "Bash(git rev-parse:*)",
+      "Bash(git config --get:*)",
+      "Bash(git config --list:*)",
+      "Bash(git ls-files:*)",
+      "Bash(git ls-tree:*)",
+      "Bash(git cat-file:*)",
+      "Bash(git blame:*)",
+      "Bash(git shortlog:*)",
+      "Bash(git reflog:*)",
+      "Bash(git tag:*)",
+      "Bash(git for-each-ref:*)",
+
+      "Bash(aws sts:*)",
+      "Bash(aws configure list:*)",
+      "Bash(aws configure get:*)",
+      "Bash(aws ec2 describe-:*)",
+      "Bash(aws ec2 get-:*)",
+      "Bash(aws s3 ls:*)",
+      "Bash(aws s3api get-:*)",
+      "Bash(aws s3api head-:*)",
+      "Bash(aws s3api list-:*)",
+      "Bash(aws rds describe-:*)",
+      "Bash(aws iam get-:*)",
+      "Bash(aws iam list-:*)",
+      "Bash(aws lambda get-:*)",
+      "Bash(aws lambda list-:*)",
+      "Bash(aws logs describe-:*)",
+      "Bash(aws logs get-:*)",
+      "Bash(aws logs filter-:*)",
+      "Bash(aws cloudwatch describe-:*)",
+      "Bash(aws cloudwatch get-:*)",
+      "Bash(aws cloudwatch list-:*)",
+      "Bash(aws cloudformation describe-:*)",
+      "Bash(aws cloudformation get-:*)",
+      "Bash(aws cloudformation list-:*)",
+      "Bash(aws elbv2 describe-:*)",
+      "Bash(aws elb describe-:*)",
+      "Bash(aws route53 get-:*)",
+      "Bash(aws route53 list-:*)",
+      "Bash(aws secretsmanager get-:*)",
+      "Bash(aws secretsmanager list-:*)",
+      "Bash(aws secretsmanager describe-:*)",
+      "Bash(aws ssm get-:*)",
+      "Bash(aws ssm list-:*)",
+      "Bash(aws ssm describe-:*)",
+      "Bash(aws sns get-:*)",
+      "Bash(aws sns list-:*)",
+      "Bash(aws sqs get-:*)",
+      "Bash(aws sqs list-:*)",
+      "Bash(aws dynamodb describe-:*)",
+      "Bash(aws dynamodb list-:*)",
+      "Bash(aws dynamodb get-:*)",
+      "Bash(aws dynamodb scan:*)",
+      "Bash(aws dynamodb query:*)",
+      "Bash(aws ecr describe-:*)",
+      "Bash(aws ecr get-:*)",
+      "Bash(aws ecr list-:*)",
+      "Bash(aws eks describe-:*)",
+      "Bash(aws eks list-:*)",
+      "Bash(aws elasticache describe-:*)",
+
+      "Bash(gcloud version:*)",
+      "Bash(gcloud info:*)",
+      "Bash(gcloud auth:*)",
+      "Bash(gcloud config:*)",
+      "Bash(gcloud projects list:*)",
+      "Bash(gcloud projects describe:*)",
+      "Bash(gcloud compute instances list:*)",
+      "Bash(gcloud compute instances describe:*)",
+      "Bash(gcloud compute networks list:*)",
+      "Bash(gcloud compute networks describe:*)",
+      "Bash(gcloud compute networks subnets list:*)",
+      "Bash(gcloud compute networks subnets describe:*)",
+      "Bash(gcloud compute firewall-rules list:*)",
+      "Bash(gcloud compute firewall-rules describe:*)",
+      "Bash(gcloud compute addresses list:*)",
+      "Bash(gcloud compute addresses describe:*)",
+      "Bash(gcloud compute disks list:*)",
+      "Bash(gcloud compute disks describe:*)",
+      "Bash(gcloud compute images list:*)",
+      "Bash(gcloud compute images describe:*)",
+      "Bash(gcloud compute zones list:*)",
+      "Bash(gcloud compute regions list:*)",
+      "Bash(gcloud container clusters list:*)",
+      "Bash(gcloud container clusters describe:*)",
+      "Bash(gcloud container clusters get-credentials:*)",
+      "Bash(gcloud container node-pools list:*)",
+      "Bash(gcloud container node-pools describe:*)",
+      "Bash(gcloud sql instances list:*)",
+      "Bash(gcloud sql instances describe:*)",
+      "Bash(gcloud sql databases list:*)",
+      "Bash(gcloud sql users list:*)",
+      "Bash(gcloud redis instances list:*)",
+      "Bash(gcloud redis instances describe:*)",
+      "Bash(gcloud iam service-accounts list:*)",
+      "Bash(gcloud iam service-accounts describe:*)",
+      "Bash(gcloud iam service-accounts get-iam-policy:*)",
+      "Bash(gcloud iam roles list:*)",
+      "Bash(gcloud iam roles describe:*)",
+      "Bash(gcloud logging read:*)",
+      "Bash(gcloud logging logs list:*)",
+      "Bash(gcloud services list:*)",
+      "Bash(gcloud artifacts repositories list:*)",
+      "Bash(gcloud artifacts docker images list:*)",
+      "Bash(gsutil ls:*)",
+      "Bash(gsutil cat:*)",
+      "Bash(gsutil stat:*)",
+      "Bash(gsutil du:*)",
+
+      "Bash(kubectl get:*)",
+      "Bash(kubectl describe:*)",
+      "Bash(kubectl logs:*)",
+      "Bash(kubectl version:*)",
+      "Bash(kubectl config:*)",
+      "Bash(kubectl cluster-info:*)",
+      "Bash(kubectl api-resources:*)",
+      "Bash(kubectl api-versions:*)",
+      "Bash(kubectl explain:*)",
+      "Bash(kubectl top:*)",
+      "Bash(kubectl auth:*)",
+      "Bash(kubectl diff:*)",
+      "Bash(kubectl wait:*)",
+
+      "Bash(helm list:*)",
+      "Bash(helm status:*)",
+      "Bash(helm get:*)",
+      "Bash(helm template:*)",
+      "Bash(helm version:*)",
+      "Bash(helm repo list:*)",
+      "Bash(helm search:*)",
+      "Bash(helm show:*)",
+      "Bash(helm lint:*)",
+      "Bash(helm history:*)",
+      "Bash(helm env:*)",
+
+      "Bash(flux get:*)",
+      "Bash(flux check:*)",
+      "Bash(flux version:*)",
+      "Bash(flux logs:*)",
+      "Bash(flux stats:*)",
+      "Bash(flux tree:*)",
+      "Bash(flux diff:*)",
+      "Bash(flux events:*)",
+
+      "Bash(terraform version:*)",
+      "Bash(terraform show:*)",
+      "Bash(terraform output:*)",
+      "Bash(terraform state list:*)",
+      "Bash(terraform state show:*)",
+      "Bash(terraform validate:*)",
+      "Bash(terraform fmt:*)",
+      "Bash(terraform providers:*)",
+      "Bash(terraform graph:*)",
+      "Bash(terraform console:*)",
+
+      "Bash(terragrunt version:*)",
+      "Bash(terragrunt output:*)",
+      "Bash(terragrunt validate:*)",
+      "Bash(terragrunt graph-dependencies:*)",
+      "Bash(terragrunt render-json:*)",
+      "Bash(terragrunt hclfmt:*)",
+
+      "Bash(docker ps:*)",
+      "Bash(docker images:*)",
+      "Bash(docker logs:*)",
+      "Bash(docker inspect:*)",
+      "Bash(docker version:*)",
+      "Bash(docker info:*)",
+      "Bash(docker stats:*)",
+      "Bash(docker top:*)",
+      "Bash(docker port:*)",
+      "Bash(docker diff:*)",
+      "Bash(docker history:*)",
+      "Bash(docker network ls:*)",
+      "Bash(docker network inspect:*)",
+      "Bash(docker volume ls:*)",
+      "Bash(docker volume inspect:*)",
+      "Bash(docker compose ps:*)",
+      "Bash(docker compose logs:*)",
+      "Bash(docker compose config:*)",
+
+      "Bash(python:*)",
+      "Bash(python3:*)",
+      "Bash(pip list:*)",
+      "Bash(pip show:*)",
+      "Bash(pip freeze:*)",
+      "Bash(pip check:*)",
+      "Bash(node:*)",
+      "Bash(npm list:*)",
+      "Bash(npm view:*)",
+      "Bash(npm version:*)",
+      "Bash(npm outdated:*)",
+      "Bash(npm audit:*)",
+      "Bash(npx:*)",
+      "Bash(pnpm list:*)",
+      "Bash(yarn list:*)",
+      "Bash(go version:*)",
+      "Bash(go list:*)",
+      "Bash(go env:*)",
+      "Bash(rustc --version:*)",
+      "Bash(cargo --version:*)",
+      "Bash(java -version:*)",
+      "Bash(javac -version:*)",
+      "Bash(mvn --version:*)",
+      "Bash(gradle --version:*)"
     ],
     "deny": [
       "Bash(aws backup delete:*::*)",
@@ -122,7 +436,7 @@
       "Bash(gcloud sql instances delete:*)",
       "Bash(gcloud storage rm:*)",
       "Bash(gsutil rb:*)",
-      "Bash(gsutil rm -r:*::*)",
+      "Bash(gsutil rm -r:*)",
       "Bash(kubectl delete cluster:*)",
       "Bash(kubectl delete clusterrole:*)",
       "Bash(kubectl delete clusterrolebinding:*)",
@@ -146,9 +460,12 @@
       "Bash(terragrunt apply:*)",
       "Bash(terraform plan:*)",
       "Bash(terragrunt plan:*)",
+      "Bash(terraform init:*)",
+      "Bash(terragrunt init:*)",
       "Bash(flux delete:*)",
       "Bash(flux suspend:*)",
       "Bash(flux resume:*)",
+      "Bash(flux reconcile:*)",
       "Bash(kubectl delete:*)",
       "Bash(kubectl apply:*)",
       "Bash(kubectl create:*)",
@@ -157,11 +474,21 @@
       "Bash(kubectl scale:*)",
       "Bash(kubectl set:*)",
       "Bash(kubectl exec:*)",
+      "Bash(kubectl run:*)",
+      "Bash(kubectl edit:*)",
+      "Bash(kubectl label:*)",
+      "Bash(kubectl annotate:*)",
+      "Bash(kubectl taint:*)",
+      "Bash(kubectl cordon:*)",
+      "Bash(kubectl uncordon:*)",
       "Bash(helm delete:*)",
       "Bash(helm uninstall:*)",
       "Bash(helm install:*)",
       "Bash(helm upgrade:*)",
       "Bash(helm rollback:*)",
+      "Bash(helm repo add:*)",
+      "Bash(helm repo update:*)",
+      "Bash(helm repo remove:*)",
       "Bash(git push:*)",
       "Bash(git pull:*)",
       "Bash(git rebase:*)",
@@ -171,7 +498,17 @@
       "Bash(git cherry-pick:*)",
       "Bash(git commit:*)",
       "Bash(git add:*)",
-      "Bash(git branch:*)",
+      "Bash(git branch -d:*)",
+      "Bash(git branch -D:*)",
+      "Bash(git branch -m:*)",
+      "Bash(git checkout -b:*)",
+      "Bash(git switch -c:*)",
+      "Bash(git stash:*)",
+      "Bash(git stash drop:*)",
+      "Bash(git stash pop:*)",
+      "Bash(git stash apply:*)",
+      "Bash(git clean:*)",
+      "Bash(git restore:*)",
       "Bash(rm:*)",
       "Bash(rmdir:*)",
       "Bash(mv:*)",
@@ -179,6 +516,8 @@
       "Bash(chmod:*)",
       "Bash(chown:*)",
       "Bash(mkdir:*)",
+      "Bash(touch:*)",
+      "Bash(ln:*)",
       "Bash(aws cloudformation create-stack:*)",
       "Bash(aws cloudformation update-stack:*)",
       "Bash(aws ec2 create-:*)",
@@ -190,27 +529,96 @@
       "Bash(aws iam attach-:*)",
       "Bash(aws iam create-:*)",
       "Bash(aws iam put-:*)",
+      "Bash(aws iam update-:*)",
       "Bash(aws lambda create-function:*)",
       "Bash(aws lambda update-:*)",
       "Bash(aws rds create-:*)",
       "Bash(aws rds modify-:*)",
+      "Bash(aws rds start-:*)",
+      "Bash(aws rds stop-:*)",
       "Bash(aws s3 cp:*)",
       "Bash(aws s3 mv:*)",
+      "Bash(aws s3 rm:*)",
+      "Bash(aws s3 sync:*)",
       "Bash(aws s3api put-:*)",
+      "Bash(aws s3api create-:*)",
+      "Bash(aws sns create-:*)",
+      "Bash(aws sns publish:*)",
+      "Bash(aws sqs create-:*)",
+      "Bash(aws sqs send-:*)",
+      "Bash(aws secretsmanager create-:*)",
+      "Bash(aws secretsmanager put-:*)",
+      "Bash(aws secretsmanager update-:*)",
+      "Bash(aws ssm put-:*)",
+      "Bash(aws ssm send-:*)",
       "Bash(gcloud compute instances create:*)",
       "Bash(gcloud compute instances reset:*)",
       "Bash(gcloud compute instances start:*)",
       "Bash(gcloud compute instances stop:*)",
-      "Bash(gcloud compute :* create::*)",
-      "Bash(gcloud compute :* update::*)",
+      "Bash(gcloud compute disks create:*)",
+      "Bash(gcloud compute networks create:*)",
+      "Bash(gcloud compute networks subnets create:*)",
+      "Bash(gcloud compute firewall-rules create:*)",
+      "Bash(gcloud compute firewall-rules update:*)",
+      "Bash(gcloud compute addresses create:*)",
       "Bash(gcloud container clusters create:*)",
       "Bash(gcloud container clusters update:*)",
-      "Bash(gcloud functions deploy:*)",
+      "Bash(gcloud container clusters resize:*)",
+      "Bash(gcloud container node-pools create:*)",
+      "Bash(gcloud container node-pools update:*)",
       "Bash(gcloud sql instances create:*)",
-      "Bash(gcloud sql instances patch:*)"
+      "Bash(gcloud sql instances patch:*)",
+      "Bash(gcloud sql instances restart:*)",
+      "Bash(gcloud sql databases create:*)",
+      "Bash(gcloud sql users create:*)",
+      "Bash(gcloud sql users set-password:*)",
+      "Bash(gcloud redis instances create:*)",
+      "Bash(gcloud redis instances update:*)",
+      "Bash(gcloud iam service-accounts create:*)",
+      "Bash(gcloud iam service-accounts keys create:*)",
+      "Bash(gcloud projects add-iam-policy-binding:*)",
+      "Bash(gcloud functions deploy:*)",
+      "Bash(gsutil cp:*)",
+      "Bash(gsutil mv:*)",
+      "Bash(gsutil rm:*)",
+      "Bash(gsutil rsync:*)",
+      "Bash(gsutil mb:*)",
+      "Bash(docker build:*)",
+      "Bash(docker push:*)",
+      "Bash(docker pull:*)",
+      "Bash(docker run:*)",
+      "Bash(docker exec:*)",
+      "Bash(docker stop:*)",
+      "Bash(docker start:*)",
+      "Bash(docker restart:*)",
+      "Bash(docker rm:*)",
+      "Bash(docker rmi:*)",
+      "Bash(docker network create:*)",
+      "Bash(docker network rm:*)",
+      "Bash(docker volume create:*)",
+      "Bash(docker volume rm:*)",
+      "Bash(docker compose up:*)",
+      "Bash(docker compose down:*)",
+      "Bash(docker compose build:*)",
+      "Bash(npm install:*)",
+      "Bash(npm ci:*)",
+      "Bash(npm update:*)",
+      "Bash(npm uninstall:*)",
+      "Bash(npm publish:*)",
+      "Bash(npm run:*)",
+      "Bash(pnpm install:*)",
+      "Bash(pnpm add:*)",
+      "Bash(pnpm remove:*)",
+      "Bash(yarn install:*)",
+      "Bash(yarn add:*)",
+      "Bash(yarn remove:*)",
+      "Bash(pip install:*)",
+      "Bash(pip uninstall:*)",
+      "Bash(pip3 install:*)",
+      "Bash(pip3 uninstall:*)"
     ]
   },
   "environment": {
     "mode": "development"
   }
-}
+}