claude-warden 1.1.9 → 1.1.10

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-warden",
-  "version": "1.1.9",
+  "version": "1.1.10",
   "description": "Smart command safety filter for Claude Code — parses shell pipelines and evaluates per-command safety rules to auto-approve safe commands and block dangerous ones",
   "author": {
     "name": "banyudu"

package/README.md

@@ -168,6 +168,35 @@ All support glob patterns: `*`, `?`, `[...]`, `[!...]`, `{a,b,c}`
 5. Results are combined: any deny → deny whole pipeline, any ask → ask, all allow → allow
 6. Returns the decision via stdout JSON (allow/ask) or exit code 2 (deny), with a system message explaining the reasoning for deny/ask decisions
 
+## FAQ
+
+### Warden says "All commands are safe" but I still get a permission prompt
+
+This usually means **another plugin's hook** is overriding Warden's decision. When multiple PreToolUse hooks run, Claude Code uses "most restrictive wins" — if any hook returns `ask`, it overrides another hook's `allow`.
+
+**Common culprit:** The `github-dev` plugin ships a `git_commit_confirm.py` hook that returns `permissionDecision: "ask"` for every `git commit` command, regardless of what Warden decides. You'll see something like:
+
+```
+Hook PreToolUse:Bash requires confirmation for this command:
+[warden] All commands are safe
+```
+
+Warden evaluated the command as safe, but the other hook forced a confirmation prompt.
+
+**How to fix:** Uninstall or disable the conflicting plugin. For example:
+
+```
+/plugin uninstall github-dev
+```
+
+**How to diagnose:** If you see Warden's `[warden] All commands are safe` message alongside a permission prompt, another hook is the cause. Check your installed plugins for PreToolUse hooks:
+
+```
+/plugin list
+```
+
+Then inspect each plugin's `hooks/hooks.json` for PreToolUse entries targeting `Bash`.
+
 ## Development
 
 ```bash

package/dist/index.cjs

@@ -19397,7 +19397,18 @@ function formatSystemMessage(decision, rawCommand, details) {
   const relevant = details.filter((d) => d.decision !== "allow");
   if (decision === "ask") {
     const parts = relevant.map((d) => `\`${d.command}\`: ${d.reason}`);
-    return `[warden] ${parts.join(" | ")} \u2014 To auto-allow, see /warden-allow`;
+    const header = `[warden] ${parts.join(" | ")}`;
+    const subcommandHints = relevant.filter((d) => d.args.length > 0).map((d) => {
+      const sub = d.args[0];
+      return `  Option A: Allow all \`${d.command}\` \u2192 \`/warden-allow ${d.command}\`
+  Option B: Allow only \`${d.command} ${sub}\` \u2192 \`/warden-allow ${d.command} ${sub}\``;
+    });
+    if (subcommandHints.length > 0) {
+      return `${header}
+${subcommandHints.join("\n")}
+See /warden-allow`;
+    }
+    return `${header} \u2014 To auto-allow, see /warden-allow`;
   }
   const lines = ["[warden] Command blocked", ""];
   if (relevant.length > 0) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-warden",
-  "version": "1.1.9",
+  "version": "1.1.10",
   "description": "Smart command safety filter for Claude Code — auto-approves safe commands, blocks dangerous ones",
   "type": "module",
   "main": "dist/index.cjs",
@@ -44,6 +44,9 @@
     "typecheck": "tsc --noEmit",
     "eval": "node dist/index.cjs",
     "sync-plugin-version": "node -e \"const p=require('./package.json'),fs=require('fs'),f='.claude-plugin/plugin.json',j=JSON.parse(fs.readFileSync(f));j.version=p.version;fs.writeFileSync(f,JSON.stringify(j,null,2)+'\\n')\"",
+    "release": "scripts/release.sh patch",
+    "release:minor": "scripts/release.sh minor",
+    "release:major": "scripts/release.sh major",
     "docs:dev": "cd docs-src && pnpm dev",
     "docs:build": "cd docs-src && pnpm install && pnpm build"
   }