claude-warden 1.1.11 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +1 -1
- package/config/warden.default.yaml +11 -0
- package/dist/index.cjs +24 -3
- package/package.json +1 -1
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "claude-warden",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.2.0",
|
|
4
4
|
"description": "Smart command safety filter for Claude Code — parses shell pipelines and evaluates per-command safety rules to auto-approve safe commands and block dangerous ones",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "banyudu"
|
|
@@ -51,6 +51,17 @@ askOnSubshell: true
|
|
|
51
51
|
# - my-sprite
|
|
52
52
|
# - dev-*
|
|
53
53
|
|
|
54
|
+
# Override rules when evaluating commands inside trusted remote contexts
|
|
55
|
+
# (docker exec, kubectl exec, ssh, sprite exec). These overrides are applied
|
|
56
|
+
# as the highest-priority layer only for remote command evaluation.
|
|
57
|
+
# trustedContextOverrides:
|
|
58
|
+
# alwaysAllow:
|
|
59
|
+
# - sudo
|
|
60
|
+
# - apt
|
|
61
|
+
# - apt-get
|
|
62
|
+
# alwaysDeny: []
|
|
63
|
+
# rules: []
|
|
64
|
+
|
|
54
65
|
# Command-specific rules (override built-in rules by command name).
|
|
55
66
|
# The first scope (project > user > default) with a rule for a given command wins.
|
|
56
67
|
# rules:
|
package/dist/index.cjs
CHANGED
|
@@ -18583,7 +18583,7 @@ function evaluateSSHCommand(cmd, config) {
|
|
|
18583
18583
|
};
|
|
18584
18584
|
}
|
|
18585
18585
|
const parsed = parseCommand(remoteCommand);
|
|
18586
|
-
const result = evaluate(parsed, config);
|
|
18586
|
+
const result = evaluate(parsed, configWithContextOverrides(config));
|
|
18587
18587
|
return {
|
|
18588
18588
|
command,
|
|
18589
18589
|
args: args2,
|
|
@@ -18603,7 +18603,15 @@ var DOCKER_EXEC_FLAGS_WITH_VALUE = /* @__PURE__ */ new Set([
|
|
|
18603
18603
|
"--detach-keys"
|
|
18604
18604
|
]);
|
|
18605
18605
|
var INTERACTIVE_SHELLS = /* @__PURE__ */ new Set(["bash", "sh", "zsh"]);
|
|
18606
|
+
function configWithContextOverrides(config) {
|
|
18607
|
+
if (!config.trustedContextOverrides) return config;
|
|
18608
|
+
return {
|
|
18609
|
+
...config,
|
|
18610
|
+
layers: [config.trustedContextOverrides, ...config.layers]
|
|
18611
|
+
};
|
|
18612
|
+
}
|
|
18606
18613
|
function evaluateRemoteCommand(remoteArgs, config) {
|
|
18614
|
+
const overriddenConfig = configWithContextOverrides(config);
|
|
18607
18615
|
if (remoteArgs.length === 0) {
|
|
18608
18616
|
return { decision: "allow", reason: "interactive", details: [] };
|
|
18609
18617
|
}
|
|
@@ -18614,14 +18622,14 @@ function evaluateRemoteCommand(remoteArgs, config) {
|
|
|
18614
18622
|
if (INTERACTIVE_SHELLS.has(remoteCmd) && remoteArgs[1] === "-c" && remoteArgs.length >= 3) {
|
|
18615
18623
|
const innerCommand = remoteArgs.slice(2).join(" ");
|
|
18616
18624
|
const parsed2 = parseCommand(innerCommand);
|
|
18617
|
-
return evaluate(parsed2,
|
|
18625
|
+
return evaluate(parsed2, overriddenConfig);
|
|
18618
18626
|
}
|
|
18619
18627
|
const parsed = {
|
|
18620
18628
|
commands: [{ command: remoteCmd, args: remoteArgs.slice(1) }],
|
|
18621
18629
|
hasSubshell: false,
|
|
18622
18630
|
subshellCommands: []
|
|
18623
18631
|
};
|
|
18624
|
-
return evaluate(parsed,
|
|
18632
|
+
return evaluate(parsed, overriddenConfig);
|
|
18625
18633
|
}
|
|
18626
18634
|
function parseDockerExecArgs(args2) {
|
|
18627
18635
|
let target = null;
|
|
@@ -19345,6 +19353,19 @@ function mergeNonLayerFields(config, raw) {
|
|
|
19345
19353
|
if (typeof raw.askOnSubshell === "boolean") {
|
|
19346
19354
|
config.askOnSubshell = raw.askOnSubshell;
|
|
19347
19355
|
}
|
|
19356
|
+
if (raw.trustedContextOverrides && typeof raw.trustedContextOverrides === "object") {
|
|
19357
|
+
const overrides = raw.trustedContextOverrides;
|
|
19358
|
+
const layer = extractLayer(overrides);
|
|
19359
|
+
if (config.trustedContextOverrides) {
|
|
19360
|
+
config.trustedContextOverrides = {
|
|
19361
|
+
alwaysAllow: [...layer.alwaysAllow, ...config.trustedContextOverrides.alwaysAllow],
|
|
19362
|
+
alwaysDeny: [...layer.alwaysDeny, ...config.trustedContextOverrides.alwaysDeny],
|
|
19363
|
+
rules: [...layer.rules, ...config.trustedContextOverrides.rules]
|
|
19364
|
+
};
|
|
19365
|
+
} else {
|
|
19366
|
+
config.trustedContextOverrides = layer;
|
|
19367
|
+
}
|
|
19368
|
+
}
|
|
19348
19369
|
}
|
|
19349
19370
|
|
|
19350
19371
|
// src/suggest.ts
|