claude-warden 1.5.2 → 1.6.0

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-warden",
-  "version": "1.5.2",
+  "version": "1.6.0",
   "description": "Smart command safety filter for Claude Code — parses shell pipelines and evaluates per-command safety rules to auto-approve safe commands and block dangerous ones",
   "author": {
     "name": "banyudu"

package/dist/index.cjs

@@ -18143,6 +18143,53 @@ function preprocessCatHeredocs(input) {
   const regex = /\$\(cat\s+<<-?\s*['"]?(\w+)['"]?\n([\s\S]*?)\n\1\s*\)/g;
   return input.replace(regex, "__HEREDOC_TEXT__");
 }
+function preprocessPathParentheses(input) {
+  const result = [];
+  let i = 0;
+  while (i < input.length) {
+    const ch = input[i];
+    if (ch === '"' || ch === "'") {
+      const quote = ch;
+      let j = i + 1;
+      while (j < input.length && input[j] !== quote) {
+        if (input[j] === "\\" && quote === '"') j++;
+        j++;
+      }
+      result.push(input.slice(i, j + 1));
+      i = j + 1;
+      continue;
+    }
+    if (ch === "$" && i + 1 < input.length && input[i + 1] === "(") {
+      let depth = 1;
+      let j = i + 2;
+      while (j < input.length && depth > 0) {
+        if (input[j] === "(") depth++;
+        else if (input[j] === ")") depth--;
+        if (depth > 0) j++;
+      }
+      result.push(input.slice(i, j + 1));
+      i = j + 1;
+      continue;
+    }
+    if (ch !== " " && ch !== "	" && ch !== "\n") {
+      let j = i;
+      while (j < input.length && !" 	\n".includes(input[j]) && input[j] !== '"' && input[j] !== "'" && !(input[j] === "$" && j + 1 < input.length && input[j + 1] === "(")) {
+        j++;
+      }
+      const token = input.slice(i, j);
+      if (token.includes("/") && /[()]/.test(token) && !/^[<>|;&]/.test(token)) {
+        result.push('"' + token + '"');
+      } else {
+        result.push(token);
+      }
+      i = j;
+      continue;
+    }
+    result.push(ch);
+    i++;
+  }
+  return result.join("");
+}
 function convertCommand(node) {
   if (!node.name) return null;
   const originalCommand = node.name.text;
@@ -18290,6 +18337,7 @@ function parseCommand(input) {
     return { commands: [], hasSubshell: false, subshellCommands: [], parseError: false };
   }
   input = preprocessCatHeredocs(input);
+  input = preprocessPathParentheses(input);
   try {
     const ast = (0, import_bash_parser.default)(input);
     const result = { commands: [], hasSubshell: false, subshellCommands: [] };
@@ -19222,6 +19270,7 @@ var DEFAULT_CONFIG = {
       "sudo",
       "su",
       "doas",
+      "eval",
       "mkfs",
       "fdisk",
       "dd",
@@ -19253,6 +19302,28 @@ var DEFAULT_CONFIG = {
           { match: { anyArgMatches: ["^--(version|help)$", "^-[vh]$"] }, decision: "allow", description: "Version/help flags" }
         ]
       },
+      // --- Shell sourcing ---
+      ...["source", "."].map((cmd) => ({
+        command: cmd,
+        default: "ask",
+        argPatterns: [
+          {
+            match: { anyArgMatches: [
+              "(\\.bashrc|\\.zshrc|\\.profile|\\.bash_profile|\\.zprofile|\\.shrc)$",
+              "nvm\\.sh$",
+              "\\.envrc$",
+              "\\.env$"
+            ] },
+            decision: "allow",
+            description: "Common shell config and env files"
+          },
+          {
+            match: { noArgs: true },
+            decision: "deny",
+            reason: "source/. requires a file argument"
+          }
+        ]
+      })),
       // --- Shell interpreters ---
       ...["bash", "sh", "zsh"].map((cmd) => ({
         command: cmd,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-warden",
-  "version": "1.5.2",
+  "version": "1.6.0",
   "description": "Smart command safety filter for Claude Code — auto-approves safe commands, blocks dangerous ones",
   "type": "module",
   "main": "dist/index.cjs",