npm - claude-warden - Versions diffs - 2.7.0 → 2.8.0 - Mend

claude-warden 2.7.0 → 2.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/.claude-plugin/marketplace.json +1 -1
package/.claude-plugin/plugin.json +1 -1
package/config/warden.default.yaml +20 -0
package/dist/cli.cjs +24 -0
package/dist/codex-export.cjs +24 -0
package/dist/copilot.cjs +24 -0
package/dist/index.cjs +40 -0
package/hooks/hooks.json +11 -0
package/package.json +1 -1

package/.claude-plugin/marketplace.json CHANGED Viewed

@@ -8,7 +8,7 @@
     {
       "name": "warden",
       "description": "Auto-approves safe commands, blocks dangerous ones, prompts for the rest",
-      "version": "2.7.0",
+      "version": "2.8.0",
       "author": {
         "name": "banyudu"
       },

package/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "warden",
-  "version": "2.7.0",
+  "version": "2.8.0",
   "description": "Smart command safety filter for Claude Code — parses shell pipelines and evaluates per-command safety rules to auto-approve safe commands and block dangerous ones",
   "author": {
     "name": "banyudu"

package/config/warden.default.yaml CHANGED Viewed

@@ -19,6 +19,26 @@ askOnSubshell: true
 notifyOnAsk: true
 notifyOnDeny: true
+# Guidance injected into every Claude Code session via the SessionStart hook.
+# Claude sees this as a system message, so it can shape tool choice *before*
+# warden needs to ask or deny. Keep it short — it competes for context.
+#
+# - Omit the key to use the built-in default (prefer jq, save temp scripts to
+#   tempScriptDir below, read deny reasons, mention /warden:allow and /warden:yolo).
+# - Set to a string to override with your own guidance.
+# - Set to `false` to disable injection entirely.
+#
+# sessionGuidance: |
+#   Warden is active. Prefer allow-listed tools (e.g. jq for JSON). For
+#   multi-line logic, save a temp script under /tmp/ instead of using
+#   inline `bash -c` / `node -e`.
+# Directory the built-in guidance tells Claude to save throwaway multi-line
+# scripts to. Defaults to `/tmp` so scripts don't pollute the repo. Point at
+# another location (e.g. `.warden-scratch`) if you want them tracked per-project.
+# Only used when `sessionGuidance` is unset.
+# tempScriptDir: /tmp
 # Additional commands to always allow (checked after alwaysDeny within this scope)
 # alwaysAllow:
 #   - terraform

package/dist/cli.cjs CHANGED Viewed

@@ -18933,6 +18933,18 @@ var DEFAULT_SKILL_RULES = {
     rules: []
   }]
 };
+var DEFAULT_TEMP_SCRIPT_DIR = "/tmp";
+function buildDefaultSessionGuidance(tempScriptDir) {
+  return [
+    "Claude Warden is active. It filters Bash commands against safety rules and may ask or deny.",
+    "",
+    "- For JSON in shell pipelines, prefer `jq` (auto-allowed) over `python3 -c` / `node -e`.",
+    `- For multi-line logic, save a temp script under \`${tempScriptDir}/\` (e.g. \`${tempScriptDir}/warden-task.sh\`) or add a \`package.json\` script rather than inline \`bash -c\` / \`node -e\`. Avoid polluting the repo with throwaway scripts.`,
+    "- When Warden denies or asks, read the reason \u2014 it often names the preferred alternative.",
+    "- To permanently allow a specific command, run `/warden:allow <cmd>`. To temporarily bypass filtering, `/warden:yolo`."
+  ].join("\n");
+}
+var DEFAULT_SESSION_GUIDANCE = buildDefaultSessionGuidance(DEFAULT_TEMP_SCRIPT_DIR);
 var DEFAULT_CONFIG = {
   defaultDecision: "ask",
   askOnSubshell: true,
@@ -19809,6 +19821,18 @@ function mergeNonLayerFields(config, raw) {
   if (typeof raw.notifyOnDeny === "boolean") {
     config.notifyOnDeny = raw.notifyOnDeny;
   }
+  if (typeof raw.sessionGuidance === "string" || raw.sessionGuidance === false) {
+    config.sessionGuidance = raw.sessionGuidance;
+  } else if (raw.sessionGuidance !== void 0) {
+    warn(`[warden] Warning: invalid sessionGuidance (expected string or false), ignoring
+`);
+  }
+  if (typeof raw.tempScriptDir === "string" && raw.tempScriptDir.length > 0) {
+    config.tempScriptDir = raw.tempScriptDir;
+  } else if (raw.tempScriptDir !== void 0) {
+    warn(`[warden] Warning: invalid tempScriptDir (expected non-empty string), ignoring
+`);
+  }
   if (raw.skills && typeof raw.skills === "object") {
     const skills = raw.skills;
     if (typeof skills.defaultDecision === "string") {

package/dist/codex-export.cjs CHANGED Viewed

@@ -18937,6 +18937,18 @@ var DEFAULT_SKILL_RULES = {
     rules: []
   }]
 };
+var DEFAULT_TEMP_SCRIPT_DIR = "/tmp";
+function buildDefaultSessionGuidance(tempScriptDir) {
+  return [
+    "Claude Warden is active. It filters Bash commands against safety rules and may ask or deny.",
+    "",
+    "- For JSON in shell pipelines, prefer `jq` (auto-allowed) over `python3 -c` / `node -e`.",
+    `- For multi-line logic, save a temp script under \`${tempScriptDir}/\` (e.g. \`${tempScriptDir}/warden-task.sh\`) or add a \`package.json\` script rather than inline \`bash -c\` / \`node -e\`. Avoid polluting the repo with throwaway scripts.`,
+    "- When Warden denies or asks, read the reason \u2014 it often names the preferred alternative.",
+    "- To permanently allow a specific command, run `/warden:allow <cmd>`. To temporarily bypass filtering, `/warden:yolo`."
+  ].join("\n");
+}
+var DEFAULT_SESSION_GUIDANCE = buildDefaultSessionGuidance(DEFAULT_TEMP_SCRIPT_DIR);
 var DEFAULT_CONFIG = {
   defaultDecision: "ask",
   askOnSubshell: true,
@@ -19813,6 +19825,18 @@ function mergeNonLayerFields(config, raw) {
   if (typeof raw.notifyOnDeny === "boolean") {
     config.notifyOnDeny = raw.notifyOnDeny;
   }
+  if (typeof raw.sessionGuidance === "string" || raw.sessionGuidance === false) {
+    config.sessionGuidance = raw.sessionGuidance;
+  } else if (raw.sessionGuidance !== void 0) {
+    warn(`[warden] Warning: invalid sessionGuidance (expected string or false), ignoring
+`);
+  }
+  if (typeof raw.tempScriptDir === "string" && raw.tempScriptDir.length > 0) {
+    config.tempScriptDir = raw.tempScriptDir;
+  } else if (raw.tempScriptDir !== void 0) {
+    warn(`[warden] Warning: invalid tempScriptDir (expected non-empty string), ignoring
+`);
+  }
   if (raw.skills && typeof raw.skills === "object") {
     const skills = raw.skills;
     if (typeof skills.defaultDecision === "string") {

package/dist/copilot.cjs CHANGED Viewed

@@ -18933,6 +18933,18 @@ var DEFAULT_SKILL_RULES = {
     rules: []
   }]
 };
+var DEFAULT_TEMP_SCRIPT_DIR = "/tmp";
+function buildDefaultSessionGuidance(tempScriptDir) {
+  return [
+    "Claude Warden is active. It filters Bash commands against safety rules and may ask or deny.",
+    "",
+    "- For JSON in shell pipelines, prefer `jq` (auto-allowed) over `python3 -c` / `node -e`.",
+    `- For multi-line logic, save a temp script under \`${tempScriptDir}/\` (e.g. \`${tempScriptDir}/warden-task.sh\`) or add a \`package.json\` script rather than inline \`bash -c\` / \`node -e\`. Avoid polluting the repo with throwaway scripts.`,
+    "- When Warden denies or asks, read the reason \u2014 it often names the preferred alternative.",
+    "- To permanently allow a specific command, run `/warden:allow <cmd>`. To temporarily bypass filtering, `/warden:yolo`."
+  ].join("\n");
+}
+var DEFAULT_SESSION_GUIDANCE = buildDefaultSessionGuidance(DEFAULT_TEMP_SCRIPT_DIR);
 var DEFAULT_CONFIG = {
   defaultDecision: "ask",
   askOnSubshell: true,
@@ -19806,6 +19818,18 @@ function mergeNonLayerFields(config, raw) {
   if (typeof raw.notifyOnDeny === "boolean") {
     config.notifyOnDeny = raw.notifyOnDeny;
   }
+  if (typeof raw.sessionGuidance === "string" || raw.sessionGuidance === false) {
+    config.sessionGuidance = raw.sessionGuidance;
+  } else if (raw.sessionGuidance !== void 0) {
+    warn(`[warden] Warning: invalid sessionGuidance (expected string or false), ignoring
+`);
+  }
+  if (typeof raw.tempScriptDir === "string" && raw.tempScriptDir.length > 0) {
+    config.tempScriptDir = raw.tempScriptDir;
+  } else if (raw.tempScriptDir !== void 0) {
+    warn(`[warden] Warning: invalid tempScriptDir (expected non-empty string), ignoring
+`);
+  }
   if (raw.skills && typeof raw.skills === "object") {
     const skills = raw.skills;
     if (typeof skills.defaultDecision === "string") {

package/dist/index.cjs CHANGED Viewed

@@ -18933,6 +18933,18 @@ var DEFAULT_SKILL_RULES = {
     rules: []
   }]
 };
+var DEFAULT_TEMP_SCRIPT_DIR = "/tmp";
+function buildDefaultSessionGuidance(tempScriptDir) {
+  return [
+    "Claude Warden is active. It filters Bash commands against safety rules and may ask or deny.",
+    "",
+    "- For JSON in shell pipelines, prefer `jq` (auto-allowed) over `python3 -c` / `node -e`.",
+    `- For multi-line logic, save a temp script under \`${tempScriptDir}/\` (e.g. \`${tempScriptDir}/warden-task.sh\`) or add a \`package.json\` script rather than inline \`bash -c\` / \`node -e\`. Avoid polluting the repo with throwaway scripts.`,
+    "- When Warden denies or asks, read the reason \u2014 it often names the preferred alternative.",
+    "- To permanently allow a specific command, run `/warden:allow <cmd>`. To temporarily bypass filtering, `/warden:yolo`."
+  ].join("\n");
+}
+var DEFAULT_SESSION_GUIDANCE = buildDefaultSessionGuidance(DEFAULT_TEMP_SCRIPT_DIR);
 var DEFAULT_CONFIG = {
   defaultDecision: "ask",
   askOnSubshell: true,
@@ -19806,6 +19818,18 @@ function mergeNonLayerFields(config, raw) {
   if (typeof raw.notifyOnDeny === "boolean") {
     config.notifyOnDeny = raw.notifyOnDeny;
   }
+  if (typeof raw.sessionGuidance === "string" || raw.sessionGuidance === false) {
+    config.sessionGuidance = raw.sessionGuidance;
+  } else if (raw.sessionGuidance !== void 0) {
+    warn(`[warden] Warning: invalid sessionGuidance (expected string or false), ignoring
+`);
+  }
+  if (typeof raw.tempScriptDir === "string" && raw.tempScriptDir.length > 0) {
+    config.tempScriptDir = raw.tempScriptDir;
+  } else if (raw.tempScriptDir !== void 0) {
+    warn(`[warden] Warning: invalid tempScriptDir (expected non-empty string), ignoring
+`);
+  }
   if (raw.skills && typeof raw.skills === "object") {
     const skills = raw.skills;
     if (typeof skills.defaultDecision === "string") {
@@ -20990,6 +21014,18 @@ function emitDecision(decision, reason, stderrMessage) {
   }
   process.exit(0);
 }
+function handleSessionStart(config) {
+  if (config.sessionGuidance === false) process.exit(0);
+  const text = config.sessionGuidance ?? buildDefaultSessionGuidance(config.tempScriptDir ?? DEFAULT_TEMP_SCRIPT_DIR);
+  const output = {
+    hookSpecificOutput: {
+      hookEventName: "SessionStart",
+      additionalContext: text
+    }
+  };
+  process.stdout.write(JSON.stringify(output));
+  process.exit(0);
+}
 function handleYoloMode(sessionId, result) {
   const yoloState = getYoloState(sessionId);
   if (!yoloState) return;
@@ -21011,6 +21047,10 @@ async function main() {
   } catch {
     process.exit(0);
   }
+  if (input.hook_event_name === "SessionStart") {
+    const config2 = loadConfig(input.cwd);
+    handleSessionStart(config2);
+  }
   if (input.tool_name !== "Bash" && input.tool_name !== "Skill") {
     process.exit(0);
   }

package/hooks/hooks.json CHANGED Viewed

@@ -22,6 +22,17 @@
           }
         ]
       }
+    ],
+    "SessionStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "${CLAUDE_PLUGIN_ROOT}/dist/index.cjs",
+            "timeout": 5
+          }
+        ]
+      }
     ]
   }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "claude-warden",
-  "version": "2.7.0",
+  "version": "2.8.0",
   "description": "Smart command safety filter for Claude Code — auto-approves safe commands, blocks dangerous ones",
   "type": "module",
   "main": "dist/index.cjs",