claude-launchpad 1.5.0 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. package/README.md +2 -2
  2. package/dist/{chunk-YF6HCPVY.js → chunk-7I2BTZP3.js} +2 -2
  3. package/dist/{chunk-GLFJ2B43.js → chunk-AGDE4BJA.js} +8 -10
  4. package/dist/chunk-AGDE4BJA.js.map +1 -0
  5. package/dist/{chunk-5YUKTNBM.js → chunk-DPMWZRFQ.js} +2 -2
  6. package/dist/{chunk-WLD2PA3B.js → chunk-RN257YFF.js} +14 -3
  7. package/dist/chunk-RN257YFF.js.map +1 -0
  8. package/dist/{chunk-MQJA7TGY.js → chunk-ZI2PZSG4.js} +88 -2
  9. package/dist/chunk-ZI2PZSG4.js.map +1 -0
  10. package/dist/cli.js +18 -35
  11. package/dist/cli.js.map +1 -1
  12. package/dist/commands/memory/server.js +25 -78
  13. package/dist/commands/memory/server.js.map +1 -1
  14. package/dist/{context-4X4CLMU3.js → context-G2GSE7TY.js} +73 -9
  15. package/dist/context-G2GSE7TY.js.map +1 -0
  16. package/dist/{install-P4TFYUJT.js → install-ZQQGCIRC.js} +5 -5
  17. package/dist/{pull-7SR7P3US.js → pull-TP2Y7CQS.js} +6 -6
  18. package/dist/{push-SCTO5TZQ.js → push-STHV7MT7.js} +6 -6
  19. package/dist/{require-deps-MCFEZOIF.js → require-deps-H2U4PXPY.js} +3 -3
  20. package/dist/{stats-MLWRNOHU.js → stats-DGMDAUNG.js} +6 -6
  21. package/dist/{sync-clean-2BMOFDV7.js → sync-clean-HLV2XJPT.js} +2 -2
  22. package/dist/{sync-status-J7BVY6KF.js → sync-status-XH3Z5LC5.js} +6 -6
  23. package/dist/{tui-JE5L7SXC.js → tui-NDDEYYND.js} +4 -4
  24. package/package.json +1 -2
  25. package/scenarios/security/{sandbox-escape.yaml → env-exfil-bash.yaml} +2 -2
  26. package/dist/chunk-GLFJ2B43.js.map +0 -1
  27. package/dist/chunk-MQJA7TGY.js.map +0 -1
  28. package/dist/chunk-WLD2PA3B.js.map +0 -1
  29. package/dist/context-4X4CLMU3.js.map +0 -1
  30. /package/dist/{chunk-YF6HCPVY.js.map → chunk-7I2BTZP3.js.map} +0 -0
  31. /package/dist/{chunk-5YUKTNBM.js.map → chunk-DPMWZRFQ.js.map} +0 -0
  32. /package/dist/{install-P4TFYUJT.js.map → install-ZQQGCIRC.js.map} +0 -0
  33. /package/dist/{pull-7SR7P3US.js.map → pull-TP2Y7CQS.js.map} +0 -0
  34. /package/dist/{push-SCTO5TZQ.js.map → push-STHV7MT7.js.map} +0 -0
  35. /package/dist/{require-deps-MCFEZOIF.js.map → require-deps-H2U4PXPY.js.map} +0 -0
  36. /package/dist/{stats-MLWRNOHU.js.map → stats-DGMDAUNG.js.map} +0 -0
  37. /package/dist/{sync-clean-2BMOFDV7.js.map → sync-clean-HLV2XJPT.js.map} +0 -0
  38. /package/dist/{sync-status-J7BVY6KF.js.map → sync-status-XH3Z5LC5.js.map} +0 -0
  39. /package/dist/{tui-JE5L7SXC.js.map → tui-NDDEYYND.js.map} +0 -0
package/dist/cli.js CHANGED
@@ -20,7 +20,7 @@ import {
20
20
  printScoreCard,
21
21
  readFileOrNull,
22
22
  renderDoctorReport
23
- } from "./chunk-GLFJ2B43.js";
23
+ } from "./chunk-AGDE4BJA.js";
24
24
 
25
25
  // src/cli.ts
26
26
  import { Command as Command5 } from "commander";
@@ -165,11 +165,7 @@ function generateSettings(detected) {
165
165
  ]
166
166
  },
167
167
  hooks,
168
- disableBypassPermissionsMode: "disable",
169
- sandbox: {
170
- enabled: true,
171
- failIfUnavailable: true
172
- }
168
+ disableBypassPermissionsMode: "disable"
173
169
  };
174
170
  }
175
171
  var SAFE_FORMATTERS = {
@@ -947,12 +943,12 @@ async function analyzePermissions(config) {
947
943
  });
948
944
  }
949
945
  const sandbox = settings?.sandbox;
950
- if (sandbox?.enabled !== true) {
946
+ if (sandbox?.enabled === true) {
951
947
  issues.push({
952
948
  analyzer: "Permissions",
953
- severity: "medium",
954
- message: "Sandbox not enabled \u2014 hooks block tool calls but not subprocess access (e.g. cat .env via Bash)",
955
- fix: 'Add "sandbox": { "enabled": true, "failIfUnavailable": true } to settings.json'
949
+ severity: "high",
950
+ message: "Filesystem sandbox enabled \u2014 blocks memory MCP and other cross-project tooling. Deny rules already cover the threat model.",
951
+ fix: 'Remove the "sandbox" block from settings.json'
956
952
  });
957
953
  }
958
954
  const hasEnvHook = config.hooks.some((h) => h.command?.includes(".env"));
@@ -1068,19 +1064,6 @@ async function analyzeMcp(config) {
1068
1064
  });
1069
1065
  }
1070
1066
  }
1071
- if (servers.length > 0) {
1072
- const sandbox = config.settings?.sandbox ?? config.localSettings?.sandbox;
1073
- const hasNetwork = sandbox?.network !== void 0;
1074
- const httpServers = servers.filter((s) => s.transport === "sse" || s.transport === "http");
1075
- if (sandbox?.enabled === true && httpServers.length > 0 && !hasNetwork) {
1076
- issues.push({
1077
- analyzer: "MCP",
1078
- severity: "low",
1079
- message: "Sandbox enabled with HTTP MCP servers but no network restrictions configured",
1080
- fix: "Add sandbox.network.allowedHosts to restrict which hosts MCP servers can reach"
1081
- });
1082
- }
1083
- }
1084
1067
  const score = Math.max(0, 100 - issues.filter((i) => i.severity !== "info").length * 25);
1085
1068
  return { name: "MCP Servers", issues, score };
1086
1069
  }
@@ -2332,14 +2315,14 @@ function createMemoryCommand() {
2332
2315
  log.error("Knowledge base not set up yet. Run `claude-launchpad memory` first.");
2333
2316
  return;
2334
2317
  }
2335
- const { requireMemoryDeps } = await import("./require-deps-MCFEZOIF.js");
2318
+ const { requireMemoryDeps } = await import("./require-deps-H2U4PXPY.js");
2336
2319
  await requireMemoryDeps();
2337
- const { startTui } = await import("./tui-JE5L7SXC.js");
2320
+ const { startTui } = await import("./tui-NDDEYYND.js");
2338
2321
  await startTui();
2339
2322
  return;
2340
2323
  }
2341
2324
  if (!isMemoryInstalled()) {
2342
- const { detectExistingSetup } = await import("./install-P4TFYUJT.js");
2325
+ const { detectExistingSetup } = await import("./install-ZQQGCIRC.js");
2343
2326
  const existing = detectExistingSetup(process.cwd());
2344
2327
  if (existing) {
2345
2328
  const location = existing === "local" ? ".claude/CLAUDE.md + settings.local.json" : "CLAUDE.md + settings.json";
@@ -2365,18 +2348,18 @@ function createMemoryCommand() {
2365
2348
  log.info("Skipped.");
2366
2349
  return;
2367
2350
  }
2368
- const { runInstall } = await import("./install-P4TFYUJT.js");
2351
+ const { runInstall } = await import("./install-ZQQGCIRC.js");
2369
2352
  await runInstall({});
2370
2353
  } else {
2371
- const { requireMemoryDeps } = await import("./require-deps-MCFEZOIF.js");
2354
+ const { requireMemoryDeps } = await import("./require-deps-H2U4PXPY.js");
2372
2355
  await requireMemoryDeps();
2373
- const { runStats } = await import("./stats-MLWRNOHU.js");
2356
+ const { runStats } = await import("./stats-DGMDAUNG.js");
2374
2357
  await runStats({});
2375
2358
  }
2376
2359
  });
2377
2360
  memory.addCommand(
2378
2361
  new Command4("context").description("Load session context (hook handler)").option("--json", "JSON output").action(async (opts) => {
2379
- const { runContext } = await import("./context-4X4CLMU3.js");
2362
+ const { runContext } = await import("./context-G2GSE7TY.js");
2380
2363
  await runContext(opts);
2381
2364
  }).helpCommand(false),
2382
2365
  { hidden: true }
@@ -2391,7 +2374,7 @@ function createMemoryCommand() {
2391
2374
  memory.addCommand(
2392
2375
  new Command4("push").description("Push current project's memories to GitHub Gist").option("--all", "Push all projects").option("-y, --yes", "Skip confirmation prompt").action(async (opts) => {
2393
2376
  await handleSyncErrors(async () => {
2394
- const { runPush } = await import("./push-SCTO5TZQ.js");
2377
+ const { runPush } = await import("./push-STHV7MT7.js");
2395
2378
  await runPush(opts);
2396
2379
  });
2397
2380
  })
@@ -2399,7 +2382,7 @@ function createMemoryCommand() {
2399
2382
  memory.addCommand(
2400
2383
  new Command4("pull").description("Pull current project's memories from GitHub Gist").option("--all", "Pull all projects").option("-y, --yes", "Non-interactive (accepted for symmetry with push; pull never prompts)").action(async (opts) => {
2401
2384
  await handleSyncErrors(async () => {
2402
- const { runPull } = await import("./pull-7SR7P3US.js");
2385
+ const { runPull } = await import("./pull-TP2Y7CQS.js");
2403
2386
  await runPull(opts);
2404
2387
  });
2405
2388
  })
@@ -2408,7 +2391,7 @@ function createMemoryCommand() {
2408
2391
  sync.addCommand(
2409
2392
  new Command4("status").description("Show local vs remote memory counts per project").action(async () => {
2410
2393
  await handleSyncErrors(async () => {
2411
- const { runSyncStatus } = await import("./sync-status-J7BVY6KF.js");
2394
+ const { runSyncStatus } = await import("./sync-status-XH3Z5LC5.js");
2412
2395
  await runSyncStatus();
2413
2396
  });
2414
2397
  })
@@ -2416,7 +2399,7 @@ function createMemoryCommand() {
2416
2399
  sync.addCommand(
2417
2400
  new Command4("clean").description("Remove a project from the sync gist").argument("<project>", "Project slug to remove").option("-y, --yes", "Skip confirmation prompt").action(async (project, opts) => {
2418
2401
  await handleSyncErrors(async () => {
2419
- const { runSyncClean } = await import("./sync-clean-2BMOFDV7.js");
2402
+ const { runSyncClean } = await import("./sync-clean-HLV2XJPT.js");
2420
2403
  await runSyncClean(project, opts);
2421
2404
  });
2422
2405
  })
@@ -2426,7 +2409,7 @@ function createMemoryCommand() {
2426
2409
  }
2427
2410
 
2428
2411
  // src/cli.ts
2429
- var program = new Command5().name("claude-launchpad").description("CLI toolkit that makes Claude Code setups measurably good").version("1.5.0", "-v, --version").action(async () => {
2412
+ var program = new Command5().name("claude-launchpad").description("CLI toolkit that makes Claude Code setups measurably good").version("1.7.0", "-v, --version").action(async () => {
2430
2413
  const hasConfig = await fileExists(join9(process.cwd(), "CLAUDE.md")) || await fileExists(join9(process.cwd(), ".claude", "settings.json"));
2431
2414
  if (hasConfig) {
2432
2415
  await program.commands.find((c) => c.name() === "doctor")?.parseAsync([], { from: "user" });