claude-warden 1.4.0 → 1.5.2

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-warden",
-  "version": "1.4.0",
+  "version": "1.5.2",
   "description": "Smart command safety filter for Claude Code — parses shell pipelines and evaluates per-command safety rules to auto-approve safe commands and block dangerous ones",
   "author": {
     "name": "banyudu"

package/README.md

@@ -1,5 +1,11 @@
 # Claude Warden
 
+[![npm version](https://img.shields.io/npm/v/claude-warden)](https://www.npmjs.com/package/claude-warden)
+[![npm downloads](https://img.shields.io/npm/dm/claude-warden)](https://www.npmjs.com/package/claude-warden)
+[![GitHub license](https://img.shields.io/github/license/banyudu/claude-warden)](https://github.com/banyudu/claude-warden/blob/main/LICENSE)
+[![GitHub stars](https://img.shields.io/github/stars/banyudu/claude-warden)](https://github.com/banyudu/claude-warden/stargazers)
+[![CI](https://img.shields.io/github/actions/workflow/status/banyudu/claude-warden/ci.yml?label=CI)](https://github.com/banyudu/claude-warden/actions)
+
 Smart command safety filter for [Claude Code](https://claude.ai/code). Parses shell commands, evaluates each against configurable safety rules, and returns allow/deny/ask decisions — eliminating unnecessary permission prompts while blocking dangerous commands.
 
 ## The problem

package/config/warden.default.yaml

@@ -13,6 +13,12 @@ defaultDecision: ask
 # If true, commands containing $() or backticks trigger "ask"
 askOnSubshell: true
 
+# Send OS notifications when warden prompts for permission or blocks a command.
+# On macOS, uses terminal-notifier (click to activate terminal) or osascript fallback.
+# On Linux, uses notify-send.
+notifyOnAsk: true
+notifyOnDeny: true
+
 # Additional commands to always allow (checked after alwaysDeny within this scope)
 # alwaysAllow:
 #   - terraform

package/dist/index.cjs

@@ -18145,7 +18145,8 @@ function preprocessCatHeredocs(input) {
 }
 function convertCommand(node) {
   if (!node.name) return null;
-  const command = node.name.text.includes("/") ? (0, import_path.basename)(node.name.text) : node.name.text;
+  const originalCommand = node.name.text;
+  const command = originalCommand.includes("/") ? (0, import_path.basename)(originalCommand) : originalCommand;
   const envPrefixes = [];
   if (node.prefix) {
     for (const p of node.prefix) {
@@ -18168,7 +18169,7 @@ function convertCommand(node) {
     ...args2
   ];
   const raw = rawParts.join(" ");
-  return { command, args: args2, envPrefixes, raw };
+  return { command, originalCommand, args: args2, envPrefixes, raw };
 }
 function collectCommandExpansions(node) {
   const commands = [];
@@ -18335,6 +18336,16 @@ function parseCommand(input) {
 }
 
 // src/evaluator.ts
+var import_os = require("os");
+function commandMatchesName(cmd, name) {
+  if (name.startsWith("/")) {
+    return cmd.originalCommand === name;
+  }
+  if (name.startsWith("~/")) {
+    return cmd.originalCommand === (0, import_os.homedir)() + name.slice(1);
+  }
+  return cmd.command === name;
+}
 function evaluate(parsed, config) {
   if (parsed.parseError) {
     return { decision: "ask", reason: "Could not parse command safely", details: [] };
@@ -18382,10 +18393,10 @@ function evaluate(parsed, config) {
 function evaluateCommand(cmd, config) {
   const { command, args: args2 } = cmd;
   for (const layer of config.layers) {
-    if (layer.alwaysDeny.includes(command)) {
+    if (layer.alwaysDeny.some((name) => commandMatchesName(cmd, name))) {
       return { command, args: args2, decision: "deny", reason: `"${command}" is blocked`, matchedRule: "alwaysDeny" };
     }
-    if (layer.alwaysAllow.includes(command)) {
+    if (layer.alwaysAllow.some((name) => commandMatchesName(cmd, name))) {
       return { command, args: args2, decision: "allow", reason: `"${command}" is safe`, matchedRule: "alwaysAllow" };
     }
   }
@@ -18406,7 +18417,7 @@ function evaluateCommand(cmd, config) {
     if (spriteResult) return spriteResult;
   }
   for (const layer of config.layers) {
-    const rule = layer.rules.find((r) => r.command === command);
+    const rule = layer.rules.find((r) => commandMatchesName(cmd, r.command));
     if (rule) {
       return evaluateRule(cmd, rule);
     }
@@ -18642,7 +18653,7 @@ function evaluateRemoteCommand(remoteArgs, config, target) {
     return evaluate(parsed2, overriddenConfig);
   }
   const parsed = {
-    commands: [{ command: remoteCmd, args: remoteArgs.slice(1), envPrefixes: [], raw: remoteArgs.join(" ") }],
+    commands: [{ command: remoteCmd, originalCommand: remoteCmd, args: remoteArgs.slice(1), envPrefixes: [], raw: remoteArgs.join(" ") }],
     hasSubshell: false,
     subshellCommands: [],
     parseError: false
@@ -18842,7 +18853,7 @@ function evaluateSpriteExec(cmd, config) {
 // src/rules.ts
 var import_fs = require("fs");
 var import_yaml = __toESM(require_dist2(), 1);
-var import_os = require("os");
+var import_os2 = require("os");
 var import_path2 = require("path");
 
 // src/defaults.ts
@@ -18988,6 +18999,8 @@ function pkgRunnerRule(command) {
 var DEFAULT_CONFIG = {
   defaultDecision: "ask",
   askOnSubshell: true,
+  notifyOnAsk: true,
+  notifyOnDeny: true,
   trustedSSHHosts: [],
   trustedDockerContainers: [],
   trustedKubectlContexts: [],
@@ -19484,8 +19497,8 @@ var DEFAULT_CONFIG = {
 
 // src/rules.ts
 var USER_CONFIG_PATHS = [
-  (0, import_path2.join)((0, import_os.homedir)(), ".claude", "warden.yaml"),
-  (0, import_path2.join)((0, import_os.homedir)(), ".claude", "warden.json")
+  (0, import_path2.join)((0, import_os2.homedir)(), ".claude", "warden.yaml"),
+  (0, import_path2.join)((0, import_os2.homedir)(), ".claude", "warden.json")
 ];
 var PROJECT_CONFIG_NAMES = [
   ".claude/warden.yaml",
@@ -19578,6 +19591,12 @@ function mergeNonLayerFields(config, raw) {
   if (typeof raw.askOnSubshell === "boolean") {
     config.askOnSubshell = raw.askOnSubshell;
   }
+  if (typeof raw.notifyOnAsk === "boolean") {
+    config.notifyOnAsk = raw.notifyOnAsk;
+  }
+  if (typeof raw.notifyOnDeny === "boolean") {
+    config.notifyOnDeny = raw.notifyOnDeny;
+  }
   if (raw.trustedContextOverrides && typeof raw.trustedContextOverrides === "object") {
     const overrides = raw.trustedContextOverrides;
     const layer = extractLayer(overrides);
@@ -19666,6 +19685,62 @@ See /claude-warden:warden-allow`;
   return lines.join("\n");
 }
 
+// src/notify.ts
+var import_child_process = require("child_process");
+var TERMINAL_BUNDLE_IDS = {
+  "iTerm.app": "com.googlecode.iterm2",
+  "Apple_Terminal": "com.apple.Terminal",
+  "Alacritty": "com.github.alacritty.Alacritty",
+  "WezTerm": "io.wezfurlong.wezterm"
+};
+var terminalNotifierAvailable = null;
+function hasTerminalNotifier() {
+  if (terminalNotifierAvailable !== null) return terminalNotifierAvailable;
+  try {
+    (0, import_child_process.execFileSync)("which", ["terminal-notifier"], { stdio: "ignore" });
+    terminalNotifierAvailable = true;
+  } catch {
+    terminalNotifierAvailable = false;
+  }
+  return terminalNotifierAvailable;
+}
+function getBundleId() {
+  const termProgram = process.env.TERM_PROGRAM;
+  if (!termProgram) return void 0;
+  return TERMINAL_BUNDLE_IDS[termProgram];
+}
+function buildNotifyCommand(title, message) {
+  const platform = process.platform;
+  if (platform === "darwin") {
+    if (hasTerminalNotifier()) {
+      const args2 = ["-title", title, "-message", message];
+      const bundleId = getBundleId();
+      if (bundleId) {
+        args2.push("-activate", bundleId);
+      }
+      return { cmd: "terminal-notifier", args: args2 };
+    }
+    const script = `display notification ${JSON.stringify(message)} with title ${JSON.stringify(title)}`;
+    return { cmd: "osascript", args: ["-e", script] };
+  }
+  if (platform === "linux") {
+    return { cmd: "notify-send", args: [title, message] };
+  }
+  return null;
+}
+function sendNotification(title, message, config) {
+  try {
+    const notifyCmd = buildNotifyCommand(title, message);
+    if (!notifyCmd) return;
+    const child = (0, import_child_process.spawn)(notifyCmd.cmd, notifyCmd.args, {
+      detached: true,
+      stdio: "ignore"
+    });
+    child.unref();
+  } catch {
+  }
+}
+
 // src/index.ts
 async function main() {
   let raw = "";
@@ -19681,6 +19756,9 @@ async function main() {
   if (input.tool_name !== "Bash") {
     process.exit(0);
   }
+  if (input.permission_mode === "dangerously-skip-permissions") {
+    process.exit(0);
+  }
   const command = input.tool_input?.command;
   if (!command || typeof command !== "string") {
     process.exit(0);
@@ -19700,6 +19778,10 @@ async function main() {
     process.exit(0);
   }
   if (result.decision === "deny") {
+    if (config.notifyOnDeny) {
+      const truncated = command.length > 80 ? command.slice(0, 77) + "..." : command;
+      sendNotification("Claude Warden", `Blocked: ${truncated}`, config);
+    }
     const msg2 = formatSystemMessage("deny", command, result.details);
     const output2 = {
       hookSpecificOutput: {
@@ -19713,6 +19795,10 @@ async function main() {
 `);
     process.exit(2);
   }
+  if (config.notifyOnAsk) {
+    const truncated = command.length > 80 ? command.slice(0, 77) + "..." : command;
+    sendNotification("Claude Warden", `Permission needed: ${truncated}`, config);
+  }
   const msg = formatSystemMessage("ask", command, result.details);
   const output = {
     hookSpecificOutput: {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-warden",
-  "version": "1.4.0",
+  "version": "1.5.2",
   "description": "Smart command safety filter for Claude Code — auto-approves safe commands, blocks dangerous ones",
   "type": "module",
   "main": "dist/index.cjs",