npm - claude-warden - Versions diffs - 1.5.1 → 1.5.3 - Mend

claude-warden 1.5.1 → 1.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/.claude-plugin/plugin.json +1 -1
package/README.md +6 -0
package/dist/index.cjs +68 -9
package/package.json +1 -1

package/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "claude-warden",
-  "version": "1.5.1",
+  "version": "1.5.3",
   "description": "Smart command safety filter for Claude Code — parses shell pipelines and evaluates per-command safety rules to auto-approve safe commands and block dangerous ones",
   "author": {
     "name": "banyudu"

package/README.md CHANGED Viewed

@@ -1,5 +1,11 @@
 # Claude Warden
+[![npm version](https://img.shields.io/npm/v/claude-warden)](https://www.npmjs.com/package/claude-warden)
+[![npm downloads](https://img.shields.io/npm/dm/claude-warden)](https://www.npmjs.com/package/claude-warden)
+[![GitHub license](https://img.shields.io/github/license/banyudu/claude-warden)](https://github.com/banyudu/claude-warden/blob/main/LICENSE)
+[![GitHub stars](https://img.shields.io/github/stars/banyudu/claude-warden)](https://github.com/banyudu/claude-warden/stargazers)
+[![CI](https://img.shields.io/github/actions/workflow/status/banyudu/claude-warden/ci.yml?label=CI)](https://github.com/banyudu/claude-warden/actions)
 Smart command safety filter for [Claude Code](https://claude.ai/code). Parses shell commands, evaluates each against configurable safety rules, and returns allow/deny/ask decisions — eliminating unnecessary permission prompts while blocking dangerous commands.
 ## The problem

package/dist/index.cjs CHANGED Viewed

@@ -18143,9 +18143,57 @@ function preprocessCatHeredocs(input) {
   const regex = /\$\(cat\s+<<-?\s*['"]?(\w+)['"]?\n([\s\S]*?)\n\1\s*\)/g;
   return input.replace(regex, "__HEREDOC_TEXT__");
 }
+function preprocessPathParentheses(input) {
+  const result = [];
+  let i = 0;
+  while (i < input.length) {
+    const ch = input[i];
+    if (ch === '"' || ch === "'") {
+      const quote = ch;
+      let j = i + 1;
+      while (j < input.length && input[j] !== quote) {
+        if (input[j] === "\\" && quote === '"') j++;
+        j++;
+      }
+      result.push(input.slice(i, j + 1));
+      i = j + 1;
+      continue;
+    }
+    if (ch === "$" && i + 1 < input.length && input[i + 1] === "(") {
+      let depth = 1;
+      let j = i + 2;
+      while (j < input.length && depth > 0) {
+        if (input[j] === "(") depth++;
+        else if (input[j] === ")") depth--;
+        if (depth > 0) j++;
+      }
+      result.push(input.slice(i, j + 1));
+      i = j + 1;
+      continue;
+    }
+    if (ch !== " " && ch !== "	" && ch !== "\n") {
+      let j = i;
+      while (j < input.length && !" 	\n".includes(input[j]) && input[j] !== '"' && input[j] !== "'" && !(input[j] === "$" && j + 1 < input.length && input[j + 1] === "(")) {
+        j++;
+      }
+      const token = input.slice(i, j);
+      if (token.includes("/") && /[()]/.test(token) && !/^[<>|;&]/.test(token)) {
+        result.push('"' + token + '"');
+      } else {
+        result.push(token);
+      }
+      i = j;
+      continue;
+    }
+    result.push(ch);
+    i++;
+  }
+  return result.join("");
+}
 function convertCommand(node) {
   if (!node.name) return null;
-  const command = node.name.text.includes("/") ? (0, import_path.basename)(node.name.text) : node.name.text;
+  const originalCommand = node.name.text;
+  const command = originalCommand.includes("/") ? (0, import_path.basename)(originalCommand) : originalCommand;
   const envPrefixes = [];
   if (node.prefix) {
     for (const p of node.prefix) {
@@ -18168,7 +18216,7 @@ function convertCommand(node) {
     ...args2
   ];
   const raw = rawParts.join(" ");
-  return { command, args: args2, envPrefixes, raw };
+  return { command, originalCommand, args: args2, envPrefixes, raw };
 }
 function collectCommandExpansions(node) {
   const commands = [];
@@ -18289,6 +18337,7 @@ function parseCommand(input) {
     return { commands: [], hasSubshell: false, subshellCommands: [], parseError: false };
   }
   input = preprocessCatHeredocs(input);
+  input = preprocessPathParentheses(input);
   try {
     const ast = (0, import_bash_parser.default)(input);
     const result = { commands: [], hasSubshell: false, subshellCommands: [] };
@@ -18335,6 +18384,16 @@ function parseCommand(input) {
 }
 // src/evaluator.ts
+var import_os = require("os");
+function commandMatchesName(cmd, name) {
+  if (name.startsWith("/")) {
+    return cmd.originalCommand === name;
+  }
+  if (name.startsWith("~/")) {
+    return cmd.originalCommand === (0, import_os.homedir)() + name.slice(1);
+  }
+  return cmd.command === name;
+}
 function evaluate(parsed, config) {
   if (parsed.parseError) {
     return { decision: "ask", reason: "Could not parse command safely", details: [] };
@@ -18382,10 +18441,10 @@ function evaluate(parsed, config) {
 function evaluateCommand(cmd, config) {
   const { command, args: args2 } = cmd;
   for (const layer of config.layers) {
-    if (layer.alwaysDeny.includes(command)) {
+    if (layer.alwaysDeny.some((name) => commandMatchesName(cmd, name))) {
       return { command, args: args2, decision: "deny", reason: `"${command}" is blocked`, matchedRule: "alwaysDeny" };
     }
-    if (layer.alwaysAllow.includes(command)) {
+    if (layer.alwaysAllow.some((name) => commandMatchesName(cmd, name))) {
       return { command, args: args2, decision: "allow", reason: `"${command}" is safe`, matchedRule: "alwaysAllow" };
     }
   }
@@ -18406,7 +18465,7 @@ function evaluateCommand(cmd, config) {
     if (spriteResult) return spriteResult;
   }
   for (const layer of config.layers) {
-    const rule = layer.rules.find((r) => r.command === command);
+    const rule = layer.rules.find((r) => commandMatchesName(cmd, r.command));
     if (rule) {
       return evaluateRule(cmd, rule);
     }
@@ -18642,7 +18701,7 @@ function evaluateRemoteCommand(remoteArgs, config, target) {
     return evaluate(parsed2, overriddenConfig);
   }
   const parsed = {
-    commands: [{ command: remoteCmd, args: remoteArgs.slice(1), envPrefixes: [], raw: remoteArgs.join(" ") }],
+    commands: [{ command: remoteCmd, originalCommand: remoteCmd, args: remoteArgs.slice(1), envPrefixes: [], raw: remoteArgs.join(" ") }],
     hasSubshell: false,
     subshellCommands: [],
     parseError: false
@@ -18842,7 +18901,7 @@ function evaluateSpriteExec(cmd, config) {
 // src/rules.ts
 var import_fs = require("fs");
 var import_yaml = __toESM(require_dist2(), 1);
-var import_os = require("os");
+var import_os2 = require("os");
 var import_path2 = require("path");
 // src/defaults.ts
@@ -19486,8 +19545,8 @@ var DEFAULT_CONFIG = {
 // src/rules.ts
 var USER_CONFIG_PATHS = [
-  (0, import_path2.join)((0, import_os.homedir)(), ".claude", "warden.yaml"),
-  (0, import_path2.join)((0, import_os.homedir)(), ".claude", "warden.json")
+  (0, import_path2.join)((0, import_os2.homedir)(), ".claude", "warden.yaml"),
+  (0, import_path2.join)((0, import_os2.homedir)(), ".claude", "warden.json")
 ];
 var PROJECT_CONFIG_NAMES = [
   ".claude/warden.yaml",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "claude-warden",
-  "version": "1.5.1",
+  "version": "1.5.3",
   "description": "Smart command safety filter for Claude Code — auto-approves safe commands, blocks dangerous ones",
   "type": "module",
   "main": "dist/index.cjs",