claude-warden 1.6.0 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +1 -1
- package/dist/index.cjs +43 -6
- package/package.json +1 -1
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "claude-warden",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.7.0",
|
|
4
4
|
"description": "Smart command safety filter for Claude Code — parses shell pipelines and evaluates per-command safety rules to auto-approve safe commands and block dangerous ones",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "banyudu"
|
package/dist/index.cjs
CHANGED
|
@@ -19064,7 +19064,6 @@ var DEFAULT_CONFIG = {
|
|
|
19064
19064
|
"wc",
|
|
19065
19065
|
"sort",
|
|
19066
19066
|
"uniq",
|
|
19067
|
-
"tee",
|
|
19068
19067
|
"diff",
|
|
19069
19068
|
"comm",
|
|
19070
19069
|
"cut",
|
|
@@ -19088,7 +19087,6 @@ var DEFAULT_CONFIG = {
|
|
|
19088
19087
|
"rg",
|
|
19089
19088
|
"ag",
|
|
19090
19089
|
"ack",
|
|
19091
|
-
"find",
|
|
19092
19090
|
"fd",
|
|
19093
19091
|
"fzf",
|
|
19094
19092
|
"locate",
|
|
@@ -19135,11 +19133,8 @@ var DEFAULT_CONFIG = {
|
|
|
19135
19133
|
"du",
|
|
19136
19134
|
"lsof",
|
|
19137
19135
|
// Text processing
|
|
19138
|
-
"sed",
|
|
19139
|
-
"awk",
|
|
19140
19136
|
"jq",
|
|
19141
19137
|
"yq",
|
|
19142
|
-
"xargs",
|
|
19143
19138
|
"seq",
|
|
19144
19139
|
// Network diagnostics (read-only)
|
|
19145
19140
|
"nslookup",
|
|
@@ -19253,7 +19248,6 @@ var DEFAULT_CONFIG = {
|
|
|
19253
19248
|
"shasum",
|
|
19254
19249
|
"cksum",
|
|
19255
19250
|
"base64",
|
|
19256
|
-
"openssl",
|
|
19257
19251
|
"watch",
|
|
19258
19252
|
"timeout",
|
|
19259
19253
|
"nohup",
|
|
@@ -19437,6 +19431,49 @@ var DEFAULT_CONFIG = {
|
|
|
19437
19431
|
VERSION_HELP_FLAGS
|
|
19438
19432
|
]
|
|
19439
19433
|
},
|
|
19434
|
+
// --- Potentially dangerous text/file tools ---
|
|
19435
|
+
{
|
|
19436
|
+
command: "find",
|
|
19437
|
+
default: "allow",
|
|
19438
|
+
argPatterns: [
|
|
19439
|
+
{ match: { anyArgMatches: ["^-exec$", "^-execdir$", "^-delete$", "^-ok$", "^-okdir$"] }, decision: "ask", reason: "find can execute or delete files" }
|
|
19440
|
+
]
|
|
19441
|
+
},
|
|
19442
|
+
{
|
|
19443
|
+
command: "sed",
|
|
19444
|
+
default: "allow",
|
|
19445
|
+
argPatterns: [
|
|
19446
|
+
{ match: { anyArgMatches: ["^-i$", "^-i\\b", "^--in-place"] }, decision: "ask", reason: "In-place file modification" }
|
|
19447
|
+
]
|
|
19448
|
+
},
|
|
19449
|
+
{
|
|
19450
|
+
command: "awk",
|
|
19451
|
+
default: "allow",
|
|
19452
|
+
argPatterns: [
|
|
19453
|
+
{ match: { argsMatch: ["system\\s*\\(", "\\|\\s*getline", "print\\s*>"] }, decision: "ask", reason: "awk can execute commands or write files" }
|
|
19454
|
+
]
|
|
19455
|
+
},
|
|
19456
|
+
{
|
|
19457
|
+
command: "xargs",
|
|
19458
|
+
default: "ask",
|
|
19459
|
+
argPatterns: [
|
|
19460
|
+
{ match: { noArgs: true }, decision: "allow", description: "xargs with no args runs echo (safe)" }
|
|
19461
|
+
]
|
|
19462
|
+
},
|
|
19463
|
+
{
|
|
19464
|
+
command: "tee",
|
|
19465
|
+
default: "allow",
|
|
19466
|
+
argPatterns: [
|
|
19467
|
+
{ match: { anyArgMatches: ["^/(etc|usr|var|sys|proc|boot|root|lib)"] }, decision: "ask", reason: "Writing to system directory" }
|
|
19468
|
+
]
|
|
19469
|
+
},
|
|
19470
|
+
{
|
|
19471
|
+
command: "openssl",
|
|
19472
|
+
default: "allow",
|
|
19473
|
+
argPatterns: [
|
|
19474
|
+
{ match: { anyArgMatches: ["^(enc|rsautl|pkeyutl|smime|cms)$"] }, decision: "ask", reason: "Encryption/signing operations" }
|
|
19475
|
+
]
|
|
19476
|
+
},
|
|
19440
19477
|
// --- File operations ---
|
|
19441
19478
|
{
|
|
19442
19479
|
command: "rm",
|