claude-warden 2.10.2 → 2.10.3

package/.claude-plugin/marketplace.json

@@ -8,7 +8,7 @@
     {
       "name": "warden",
       "description": "Auto-approves safe commands, blocks dangerous ones, prompts for the rest",
-      "version": "2.10.2",
+      "version": "2.10.3",
       "author": {
         "name": "banyudu"
       },

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "warden",
-  "version": "2.10.2",
+  "version": "2.10.3",
   "description": "Smart command safety filter for Claude Code — parses shell pipelines and evaluates per-command safety rules to auto-approve safe commands and block dangerous ones",
   "author": {
     "name": "banyudu"

package/dist/cli.cjs

@@ -19714,6 +19714,18 @@ var DEFAULT_CONFIG = {
         { match: { anyArgMatches: ["^(describe|list|get|search|lookup|check)-[a-z][a-z0-9-]*$"] }, decision: "allow", description: "Read-only verb-noun" },
         VERSION_HELP_FLAGS
       ] },
+      // --- Composio CLI ---
+      // Auth is persistent in ~/.composio/, so most discovery/inspection is safe.
+      // `execute` is allowed only for slugs whose verb matches a read pattern
+      // (GET/LIST/SEARCH/FETCH/READ/COUNT/RETRIEVE/FIND/VIEW/SHOW/DESCRIBE/CHECK).
+      // Everything else (link, listen, proxy, run, mutating execute) falls through to ask.
+      { command: "composio", default: "ask", argPatterns: [
+        { match: { anyArgMatches: ["^(search|whoami|apps|connections|triggers|list|ls|tools|dev)$"] }, decision: "allow", description: "Read-only composio subcommands" },
+        { match: { anyArgMatches: ["^--(get-schema|dry-run)$"] }, decision: "allow", description: "Schema inspection / dry-run flags" },
+        { match: { argsMatch: ["^execute\\s+([A-Z0-9]+_)*(GET|LIST|SEARCH|FETCH|READ|COUNT|RETRIEVE|FIND|VIEW|SHOW|DESCRIBE|CHECK)(_[A-Z0-9_]+)?(\\s|$)"] }, decision: "allow", description: "Read-only execute (GET/LIST/SEARCH/...)" },
+        { match: { argsMatch: ["^execute\\s+\\S*COMPOSIO_SEARCH_TOOLS\\b"] }, decision: "allow", description: "Tool discovery slug" },
+        VERSION_HELP_FLAGS
+      ] },
       // --- Helm ---
       { command: "helm", default: "ask", argPatterns: [
         { match: { anyArgMatches: ["^(list|search|show|status|get|template|version|env|history)$"] }, decision: "allow", description: "Read-only helm commands" },

package/dist/codex-export.cjs

@@ -19718,6 +19718,18 @@ var DEFAULT_CONFIG = {
         { match: { anyArgMatches: ["^(describe|list|get|search|lookup|check)-[a-z][a-z0-9-]*$"] }, decision: "allow", description: "Read-only verb-noun" },
         VERSION_HELP_FLAGS
       ] },
+      // --- Composio CLI ---
+      // Auth is persistent in ~/.composio/, so most discovery/inspection is safe.
+      // `execute` is allowed only for slugs whose verb matches a read pattern
+      // (GET/LIST/SEARCH/FETCH/READ/COUNT/RETRIEVE/FIND/VIEW/SHOW/DESCRIBE/CHECK).
+      // Everything else (link, listen, proxy, run, mutating execute) falls through to ask.
+      { command: "composio", default: "ask", argPatterns: [
+        { match: { anyArgMatches: ["^(search|whoami|apps|connections|triggers|list|ls|tools|dev)$"] }, decision: "allow", description: "Read-only composio subcommands" },
+        { match: { anyArgMatches: ["^--(get-schema|dry-run)$"] }, decision: "allow", description: "Schema inspection / dry-run flags" },
+        { match: { argsMatch: ["^execute\\s+([A-Z0-9]+_)*(GET|LIST|SEARCH|FETCH|READ|COUNT|RETRIEVE|FIND|VIEW|SHOW|DESCRIBE|CHECK)(_[A-Z0-9_]+)?(\\s|$)"] }, decision: "allow", description: "Read-only execute (GET/LIST/SEARCH/...)" },
+        { match: { argsMatch: ["^execute\\s+\\S*COMPOSIO_SEARCH_TOOLS\\b"] }, decision: "allow", description: "Tool discovery slug" },
+        VERSION_HELP_FLAGS
+      ] },
       // --- Helm ---
       { command: "helm", default: "ask", argPatterns: [
         { match: { anyArgMatches: ["^(list|search|show|status|get|template|version|env|history)$"] }, decision: "allow", description: "Read-only helm commands" },

package/dist/copilot.cjs

@@ -19714,6 +19714,18 @@ var DEFAULT_CONFIG = {
         { match: { anyArgMatches: ["^(describe|list|get|search|lookup|check)-[a-z][a-z0-9-]*$"] }, decision: "allow", description: "Read-only verb-noun" },
         VERSION_HELP_FLAGS
       ] },
+      // --- Composio CLI ---
+      // Auth is persistent in ~/.composio/, so most discovery/inspection is safe.
+      // `execute` is allowed only for slugs whose verb matches a read pattern
+      // (GET/LIST/SEARCH/FETCH/READ/COUNT/RETRIEVE/FIND/VIEW/SHOW/DESCRIBE/CHECK).
+      // Everything else (link, listen, proxy, run, mutating execute) falls through to ask.
+      { command: "composio", default: "ask", argPatterns: [
+        { match: { anyArgMatches: ["^(search|whoami|apps|connections|triggers|list|ls|tools|dev)$"] }, decision: "allow", description: "Read-only composio subcommands" },
+        { match: { anyArgMatches: ["^--(get-schema|dry-run)$"] }, decision: "allow", description: "Schema inspection / dry-run flags" },
+        { match: { argsMatch: ["^execute\\s+([A-Z0-9]+_)*(GET|LIST|SEARCH|FETCH|READ|COUNT|RETRIEVE|FIND|VIEW|SHOW|DESCRIBE|CHECK)(_[A-Z0-9_]+)?(\\s|$)"] }, decision: "allow", description: "Read-only execute (GET/LIST/SEARCH/...)" },
+        { match: { argsMatch: ["^execute\\s+\\S*COMPOSIO_SEARCH_TOOLS\\b"] }, decision: "allow", description: "Tool discovery slug" },
+        VERSION_HELP_FLAGS
+      ] },
       // --- Helm ---
       { command: "helm", default: "ask", argPatterns: [
         { match: { anyArgMatches: ["^(list|search|show|status|get|template|version|env|history)$"] }, decision: "allow", description: "Read-only helm commands" },

package/dist/index.cjs

@@ -19714,6 +19714,18 @@ var DEFAULT_CONFIG = {
         { match: { anyArgMatches: ["^(describe|list|get|search|lookup|check)-[a-z][a-z0-9-]*$"] }, decision: "allow", description: "Read-only verb-noun" },
         VERSION_HELP_FLAGS
       ] },
+      // --- Composio CLI ---
+      // Auth is persistent in ~/.composio/, so most discovery/inspection is safe.
+      // `execute` is allowed only for slugs whose verb matches a read pattern
+      // (GET/LIST/SEARCH/FETCH/READ/COUNT/RETRIEVE/FIND/VIEW/SHOW/DESCRIBE/CHECK).
+      // Everything else (link, listen, proxy, run, mutating execute) falls through to ask.
+      { command: "composio", default: "ask", argPatterns: [
+        { match: { anyArgMatches: ["^(search|whoami|apps|connections|triggers|list|ls|tools|dev)$"] }, decision: "allow", description: "Read-only composio subcommands" },
+        { match: { anyArgMatches: ["^--(get-schema|dry-run)$"] }, decision: "allow", description: "Schema inspection / dry-run flags" },
+        { match: { argsMatch: ["^execute\\s+([A-Z0-9]+_)*(GET|LIST|SEARCH|FETCH|READ|COUNT|RETRIEVE|FIND|VIEW|SHOW|DESCRIBE|CHECK)(_[A-Z0-9_]+)?(\\s|$)"] }, decision: "allow", description: "Read-only execute (GET/LIST/SEARCH/...)" },
+        { match: { argsMatch: ["^execute\\s+\\S*COMPOSIO_SEARCH_TOOLS\\b"] }, decision: "allow", description: "Tool discovery slug" },
+        VERSION_HELP_FLAGS
+      ] },
       // --- Helm ---
       { command: "helm", default: "ask", argPatterns: [
         { match: { anyArgMatches: ["^(list|search|show|status|get|template|version|env|history)$"] }, decision: "allow", description: "Read-only helm commands" },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-warden",
-  "version": "2.10.2",
+  "version": "2.10.3",
   "description": "Smart command safety filter for Claude Code — auto-approves safe commands, blocks dangerous ones",
   "type": "module",
   "main": "dist/index.cjs",