claude-init 1.0.36 → 1.0.42
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -8,11 +8,28 @@
|
|
|
8
8
|
"Bash(node:*)",
|
|
9
9
|
"Bash(npm pack:*)",
|
|
10
10
|
"Bash(git log:*)",
|
|
11
|
-
"Bash(git add:*)"
|
|
11
|
+
"Bash(git add:*)",
|
|
12
|
+
"WebFetch(domain:code.claude.com)",
|
|
13
|
+
"WebFetch(domain:ccusage.com)",
|
|
14
|
+
"WebFetch(domain:github.com)",
|
|
15
|
+
"WebFetch(domain:www.npmjs.com)",
|
|
16
|
+
"WebFetch(domain:www.aihero.dev)",
|
|
17
|
+
"WebFetch(domain:www.andreagrandi.it)",
|
|
18
|
+
"WebFetch(domain:medium.com)",
|
|
19
|
+
"WebFetch(domain:kentgigger.com)",
|
|
20
|
+
"WebFetch(domain:alexop.dev)",
|
|
21
|
+
"WebFetch(domain:www.lexo.ch)",
|
|
22
|
+
"WebFetch(domain:jsr.io)",
|
|
23
|
+
"WebFetch(domain:liambx.com)",
|
|
24
|
+
"WebFetch(domain:json.schemastore.org)",
|
|
25
|
+
"WebFetch(domain:www.schemastore.org)",
|
|
26
|
+
"WebFetch(domain:gist.github.com)",
|
|
27
|
+
"WebFetch(domain:stacktoheap.com)",
|
|
28
|
+
"Bash(npm view:*)"
|
|
12
29
|
],
|
|
13
30
|
"deny": [],
|
|
14
31
|
"additionalDirectories": [
|
|
15
32
|
"/tmp"
|
|
16
33
|
]
|
|
17
34
|
}
|
|
18
|
-
}
|
|
35
|
+
}
|
|
@@ -60,7 +60,7 @@ while read -r cidr; do
|
|
|
60
60
|
exit 1
|
|
61
61
|
fi
|
|
62
62
|
echo "Adding GitHub range $cidr"
|
|
63
|
-
ipset add allowed-domains "$cidr"
|
|
63
|
+
ipset add allowed-domains "$cidr" -exist
|
|
64
64
|
done < <(echo "$gh_ranges" | jq -r '(.web + .api + .git)[]' | aggregate -q)
|
|
65
65
|
|
|
66
66
|
# Resolve and add other allowed domains
|
|
@@ -86,7 +86,7 @@ for domain in \
|
|
|
86
86
|
exit 1
|
|
87
87
|
fi
|
|
88
88
|
echo "Adding $ip for $domain"
|
|
89
|
-
ipset add allowed-domains "$ip"
|
|
89
|
+
ipset add allowed-domains "$ip" -exist
|
|
90
90
|
done < <(echo "$ips")
|
|
91
91
|
done
|
|
92
92
|
|
|
@@ -37,8 +37,8 @@ iptables -A INPUT -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
|
|
|
37
37
|
iptables -A INPUT -i lo -j ACCEPT
|
|
38
38
|
iptables -A OUTPUT -o lo -j ACCEPT
|
|
39
39
|
|
|
40
|
-
# Create ipset with CIDR support
|
|
41
|
-
ipset create allowed-domains hash:net
|
|
40
|
+
# Create ipset with CIDR support (idempotent)
|
|
41
|
+
ipset create -exist allowed-domains hash:net
|
|
42
42
|
|
|
43
43
|
# Fetch GitHub meta information and aggregate + add their IP ranges
|
|
44
44
|
echo "Fetching GitHub IP ranges..."
|
|
@@ -60,7 +60,7 @@ while read -r cidr; do
|
|
|
60
60
|
exit 1
|
|
61
61
|
fi
|
|
62
62
|
echo "Adding GitHub range $cidr"
|
|
63
|
-
ipset add allowed-domains "$cidr"
|
|
63
|
+
ipset add -exist allowed-domains "$cidr"
|
|
64
64
|
done < <(echo "$gh_ranges" | jq -r '(.web + .api + .git)[]' | aggregate -q)
|
|
65
65
|
|
|
66
66
|
# Resolve and add other allowed domains
|
|
@@ -88,7 +88,7 @@ for domain in \
|
|
|
88
88
|
exit 1
|
|
89
89
|
fi
|
|
90
90
|
echo "Adding $ip for $domain"
|
|
91
|
-
ipset add allowed-domains "$ip"
|
|
91
|
+
ipset add -exist allowed-domains "$ip"
|
|
92
92
|
done < <(echo "$ips")
|
|
93
93
|
done
|
|
94
94
|
|
package/CLAUDE.md
CHANGED
|
@@ -2,4 +2,4 @@
|
|
|
2
2
|
|
|
3
3
|
## Lessons
|
|
4
4
|
|
|
5
|
-
- When
|
|
5
|
+
- When using `ipset add` commands, always use the `-exist` flag to prevent errors when adding duplicate entries (e.g., `ipset add allowed-domains "$ip" -exist`). DNS resolution can return duplicate IPs or the same IP may be shared across domains.
|