claude-warden 1.1.8 → 1.1.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +1 -1
- package/README.md +29 -0
- package/dist/index.cjs +13 -1
- package/package.json +15 -12
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "claude-warden",
|
|
3
|
-
"version": "1.1.
|
|
3
|
+
"version": "1.1.10",
|
|
4
4
|
"description": "Smart command safety filter for Claude Code — parses shell pipelines and evaluates per-command safety rules to auto-approve safe commands and block dangerous ones",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "banyudu"
|
package/README.md
CHANGED
|
@@ -168,6 +168,35 @@ All support glob patterns: `*`, `?`, `[...]`, `[!...]`, `{a,b,c}`
|
|
|
168
168
|
5. Results are combined: any deny → deny whole pipeline, any ask → ask, all allow → allow
|
|
169
169
|
6. Returns the decision via stdout JSON (allow/ask) or exit code 2 (deny), with a system message explaining the reasoning for deny/ask decisions
|
|
170
170
|
|
|
171
|
+
## FAQ
|
|
172
|
+
|
|
173
|
+
### Warden says "All commands are safe" but I still get a permission prompt
|
|
174
|
+
|
|
175
|
+
This usually means **another plugin's hook** is overriding Warden's decision. When multiple PreToolUse hooks run, Claude Code uses "most restrictive wins" — if any hook returns `ask`, it overrides another hook's `allow`.
|
|
176
|
+
|
|
177
|
+
**Common culprit:** The `github-dev` plugin ships a `git_commit_confirm.py` hook that returns `permissionDecision: "ask"` for every `git commit` command, regardless of what Warden decides. You'll see something like:
|
|
178
|
+
|
|
179
|
+
```
|
|
180
|
+
Hook PreToolUse:Bash requires confirmation for this command:
|
|
181
|
+
[warden] All commands are safe
|
|
182
|
+
```
|
|
183
|
+
|
|
184
|
+
Warden evaluated the command as safe, but the other hook forced a confirmation prompt.
|
|
185
|
+
|
|
186
|
+
**How to fix:** Uninstall or disable the conflicting plugin. For example:
|
|
187
|
+
|
|
188
|
+
```
|
|
189
|
+
/plugin uninstall github-dev
|
|
190
|
+
```
|
|
191
|
+
|
|
192
|
+
**How to diagnose:** If you see Warden's `[warden] All commands are safe` message alongside a permission prompt, another hook is the cause. Check your installed plugins for PreToolUse hooks:
|
|
193
|
+
|
|
194
|
+
```
|
|
195
|
+
/plugin list
|
|
196
|
+
```
|
|
197
|
+
|
|
198
|
+
Then inspect each plugin's `hooks/hooks.json` for PreToolUse entries targeting `Bash`.
|
|
199
|
+
|
|
171
200
|
## Development
|
|
172
201
|
|
|
173
202
|
```bash
|
package/dist/index.cjs
CHANGED
|
@@ -19084,6 +19084,7 @@ var DEFAULT_CONFIG = {
|
|
|
19084
19084
|
"dirs",
|
|
19085
19085
|
"hash",
|
|
19086
19086
|
"alias",
|
|
19087
|
+
"set",
|
|
19087
19088
|
"sleep",
|
|
19088
19089
|
"wait",
|
|
19089
19090
|
"time",
|
|
@@ -19396,7 +19397,18 @@ function formatSystemMessage(decision, rawCommand, details) {
|
|
|
19396
19397
|
const relevant = details.filter((d) => d.decision !== "allow");
|
|
19397
19398
|
if (decision === "ask") {
|
|
19398
19399
|
const parts = relevant.map((d) => `\`${d.command}\`: ${d.reason}`);
|
|
19399
|
-
|
|
19400
|
+
const header = `[warden] ${parts.join(" | ")}`;
|
|
19401
|
+
const subcommandHints = relevant.filter((d) => d.args.length > 0).map((d) => {
|
|
19402
|
+
const sub = d.args[0];
|
|
19403
|
+
return ` Option A: Allow all \`${d.command}\` \u2192 \`/warden-allow ${d.command}\`
|
|
19404
|
+
Option B: Allow only \`${d.command} ${sub}\` \u2192 \`/warden-allow ${d.command} ${sub}\``;
|
|
19405
|
+
});
|
|
19406
|
+
if (subcommandHints.length > 0) {
|
|
19407
|
+
return `${header}
|
|
19408
|
+
${subcommandHints.join("\n")}
|
|
19409
|
+
See /warden-allow`;
|
|
19410
|
+
}
|
|
19411
|
+
return `${header} \u2014 To auto-allow, see /warden-allow`;
|
|
19400
19412
|
}
|
|
19401
19413
|
const lines = ["[warden] Command blocked", ""];
|
|
19402
19414
|
if (relevant.length > 0) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "claude-warden",
|
|
3
|
-
"version": "1.1.
|
|
3
|
+
"version": "1.1.10",
|
|
4
4
|
"description": "Smart command safety filter for Claude Code — auto-approves safe commands, blocks dangerous ones",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.cjs",
|
|
@@ -28,6 +28,14 @@
|
|
|
28
28
|
"README.md",
|
|
29
29
|
"LICENSE"
|
|
30
30
|
],
|
|
31
|
+
"devDependencies": {
|
|
32
|
+
"@types/node": "^20.0.0",
|
|
33
|
+
"bash-parser": "^0.5.0",
|
|
34
|
+
"tsup": "^8.0.0",
|
|
35
|
+
"typescript": "^5.4.0",
|
|
36
|
+
"vitest": "^1.6.0",
|
|
37
|
+
"yaml": "^2.4.0"
|
|
38
|
+
},
|
|
31
39
|
"scripts": {
|
|
32
40
|
"build": "tsup",
|
|
33
41
|
"dev": "tsup --watch",
|
|
@@ -36,15 +44,10 @@
|
|
|
36
44
|
"typecheck": "tsc --noEmit",
|
|
37
45
|
"eval": "node dist/index.cjs",
|
|
38
46
|
"sync-plugin-version": "node -e \"const p=require('./package.json'),fs=require('fs'),f='.claude-plugin/plugin.json',j=JSON.parse(fs.readFileSync(f));j.version=p.version;fs.writeFileSync(f,JSON.stringify(j,null,2)+'\\n')\"",
|
|
39
|
-
"
|
|
40
|
-
"
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
"
|
|
44
|
-
"bash-parser": "^0.5.0",
|
|
45
|
-
"tsup": "^8.0.0",
|
|
46
|
-
"typescript": "^5.4.0",
|
|
47
|
-
"vitest": "^1.6.0",
|
|
48
|
-
"yaml": "^2.4.0"
|
|
47
|
+
"release": "scripts/release.sh patch",
|
|
48
|
+
"release:minor": "scripts/release.sh minor",
|
|
49
|
+
"release:major": "scripts/release.sh major",
|
|
50
|
+
"docs:dev": "cd docs-src && pnpm dev",
|
|
51
|
+
"docs:build": "cd docs-src && pnpm install && pnpm build"
|
|
49
52
|
}
|
|
50
|
-
}
|
|
53
|
+
}
|