claude-warden 2.8.0 → 2.9.0

package/.claude-plugin/marketplace.json

@@ -8,7 +8,7 @@
     {
       "name": "warden",
       "description": "Auto-approves safe commands, blocks dangerous ones, prompts for the rest",
-      "version": "2.8.0",
+      "version": "2.9.0",
       "author": {
         "name": "banyudu"
       },

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "warden",
-  "version": "2.8.0",
+  "version": "2.9.0",
   "description": "Smart command safety filter for Claude Code — parses shell pipelines and evaluates per-command safety rules to auto-approve safe commands and block dangerous ones",
   "author": {
     "name": "banyudu"

package/README.md

@@ -6,7 +6,7 @@
 [![GitHub stars](https://img.shields.io/github/stars/banyudu/claude-warden)](https://github.com/banyudu/claude-warden/stargazers)
 [![CI](https://img.shields.io/github/actions/workflow/status/banyudu/claude-warden/ci.yml?label=CI)](https://github.com/banyudu/claude-warden/actions)
 
-Smart command safety filter for [Claude Code](https://claude.ai/code), [GitHub Copilot CLI](https://docs.github.com/en/copilot/how-tos/customize-copilot-cli/use-hooks), and other AI coding agents. Parses shell commands, evaluates each against configurable safety rules, and returns allow/deny/ask decisions — eliminating unnecessary permission prompts while blocking dangerous commands.
+Smart command safety filter for [Claude Code](https://claude.ai/code), [OpenAI Codex CLI](https://developers.openai.com/codex/hooks), [GitHub Copilot CLI](https://docs.github.com/en/copilot/how-tos/customize-copilot-cli/use-hooks), and other AI coding agents. Parses shell commands, evaluates each against configurable safety rules, and returns allow/deny/ask decisions — eliminating unnecessary permission prompts while blocking dangerous commands.
 
 ## The problem
 
@@ -283,8 +283,69 @@ rules:
           anyArgMatches: ['^(ps|images|logs)$']
         decision: allow
         description: Read-only docker commands
+
+# Skill (slash command) filtering — gate Claude Code skill invocations.
+# Skill names use the short form ("commit", not "/commit"). Glob patterns
+# are supported so you can whitelist an entire plugin namespace.
+skills:
+  defaultDecision: ask
+  alwaysAllow:
+    - commit
+    - review
+    - simplify
+    - "plugin-dev:*"      # allow every skill in the "plugin-dev" plugin
+  alwaysDeny:
+    - deploy
+  rules:
+    - skill: release
+      default: ask
+      argPatterns:
+        - match:
+            argsMatch: ["--dry-run"]
+          decision: allow
+          description: Dry-run release is safe
 ```
 
+## Skill (slash command) filtering
+
+Warden also intercepts Claude Code's `Skill` tool (the mechanism behind `/slash-command` invocations) using the same layered rule engine as shell commands. This lets you whitelist safe skills (read-only helpers, code review, summarization) while still prompting for anything that could modify state.
+
+Skill names are the identifier Claude Code uses internally — **without the leading `/`**. Built-in skills use a bare name (`commit`, `review`), plugin skills use `<plugin>:<skill>` (e.g. `plugin-dev:agent-development`, `code-review:code-review`). Glob patterns `*`, `?`, `[...]`, `{a,b,c}` are supported, so `"plugin-dev:*"` matches every skill in that plugin.
+
+### Configure
+
+```yaml
+skills:
+  # Default for skills with no matching rule: allow | deny | ask
+  defaultDecision: ask
+
+  # Auto-allow these skills (scoped to this config layer)
+  alwaysAllow:
+    - commit
+    - review
+    - "plugin-dev:*"
+
+  # Auto-deny these skills
+  alwaysDeny:
+    - deploy
+
+  # Per-skill rules with argument-aware matching
+  rules:
+    - skill: release
+      default: ask
+      argPatterns:
+        - match:
+            argsMatch: ["--dry-run"]
+          decision: allow
+          description: Dry-run release is safe
+```
+
+Layering follows the same **project > user > default** priority as shell rules (see [Config priority](#config-priority-scoped-layers)).
+
+### Built-in skill defaults
+
+Warden ships with a curated allow-list of skills that are read-only or informational — review tools (`review`, `security-review`, `code-review:code-review`), search/summarization helpers (`promptfolio-*`, `slack:find-discussions`, `slack:summarize-channel`), plugin-development guidance (`plugin-dev:*-development`), and `*-usage` docs skills. Everything else falls through to `defaultDecision: ask`.
+
 ## YOLO mode
 
 Need to temporarily bypass all permission prompts? YOLO mode auto-allows all commands for a limited time or the full session — while still blocking always-deny commands (like `sudo`, `shutdown`) for safety.

package/dist/cli.cjs

@@ -18740,6 +18740,7 @@ var SAFE_DEV_TOOLS = [
   "jest",
   "vitest",
   "tsc",
+  "tsgo",
   "eslint",
   "prettier",
   "mkdirp",
@@ -18860,6 +18861,91 @@ function registryOpsPattern() {
     reason: "Registry modification"
   };
 }
+var INLINE_LANG_CONFIG = {
+  Python: {
+    ext: "py",
+    patterns: [
+      "os\\.system",
+      "subprocess",
+      "commands\\.",
+      "pty\\.",
+      `__import__\\s*\\(\\s*['"](?:os|subprocess|socket)`,
+      "\\bexec\\s*\\(",
+      "\\beval\\s*\\(",
+      `open\\s*\\([^)]*['"][wax+]`,
+      "\\bsocket\\b",
+      "urllib",
+      "requests\\.",
+      "http\\.client"
+    ]
+  },
+  JavaScript: {
+    ext: "js",
+    patterns: [
+      "child[_]process",
+      `require\\s*\\(\\s*['"]child[_]process`,
+      "\\.(?:writeFile|appendFile|createWriteStream|writeFileSync|appendFileSync)\\s*\\(",
+      "http\\.request",
+      "https\\.request",
+      "net\\.(?:connect|createConnection)",
+      "fetch\\s*\\("
+    ]
+  },
+  Ruby: {
+    ext: "rb",
+    patterns: [
+      "`",
+      "%x[\\(\\{\\[]",
+      "\\bsystem\\s*\\(",
+      "\\bexec\\s*\\(",
+      "IO\\.popen",
+      "Kernel\\.",
+      "\\bspawn\\s*\\(",
+      `File\\.open\\s*\\([^)]*['"][wax+]`,
+      "File\\.write",
+      "open-uri",
+      "Net::HTTP"
+    ]
+  },
+  Perl: {
+    ext: "pl",
+    patterns: [
+      "`",
+      "qx[\\(\\{\\[/]",
+      "\\bsystem\\s*\\(",
+      "\\bexec\\s*\\(",
+      `open\\s*\\([^)]*['"][>|+]`
+    ]
+  },
+  PHP: {
+    ext: "php",
+    patterns: [
+      "`",
+      "shell_exec",
+      "\\b(?:system|passthru|popen|proc_open)\\s*\\(",
+      "\\bexec\\s*\\(",
+      "file_put_contents",
+      "fwrite",
+      `fopen\\s*\\([^)]*['"][wax+]`,
+      "curl_exec",
+      "fsockopen"
+    ]
+  }
+};
+function inlineExecPatterns(lang, flags) {
+  const { ext, patterns } = INLINE_LANG_CONFIG[lang];
+  const reason = `Inline ${lang} is hard to audit. For JSON, prefer \`jq\`. For reuse, save to scripts/*.${ext} and run it.`;
+  const flagAlt = flags.map((f) => f.replace(/^\^/, "").replace(/\$$/, "")).join("|");
+  const compound = `(?:^|\\s)(?:${flagAlt})[\\s=][^\\n]{0,16000}?(?:${patterns.join("|")})`;
+  return [
+    { match: { argsMatch: [compound] }, decision: "ask", reason },
+    {
+      match: { anyArgMatches: flags },
+      decision: "allow",
+      description: `Plausibly read-only inline ${lang} script`
+    }
+  ];
+}
 function pkgManagerRule(command, extraSafeCmds = []) {
   const safeCmds = [...SAFE_PKG_MANAGER_CMDS, ...extraSafeCmds];
   return {
@@ -19243,7 +19329,7 @@ var DEFAULT_CONFIG = {
         command: "node",
         default: "ask",
         argPatterns: [
-          { match: { anyArgMatches: ["^-e$", "^--eval", "^-p$", "^--print"] }, decision: "ask", reason: "Evaluating inline code" },
+          ...inlineExecPatterns("JavaScript", ["^-e$", "^--eval", "^-p$", "^--print"]),
           { match: { anyArgMatches: ["^--(version|help)$", "^-[vh]$"] }, decision: "allow", description: "Version/help flags" },
           { match: { noArgs: true }, decision: "ask", reason: "Interactive REPL" }
         ]
@@ -19272,6 +19358,7 @@ var DEFAULT_CONFIG = {
         command: cmd,
         default: "ask",
         argPatterns: [
+          ...inlineExecPatterns("Python", ["^-c$"]),
           { match: { anyArgMatches: ["^--(version|help)$", "^-V$"] }, decision: "allow" }
         ]
       })),
@@ -19321,6 +19408,7 @@ var DEFAULT_CONFIG = {
       },
       { command: "rustup", default: "allow" },
       { command: "tsc", default: "allow" },
+      { command: "tsgo", default: "allow" },
       { command: "turbo", default: "allow" },
       { command: "nx", default: "allow" },
       { command: "lerna", default: "allow" },
@@ -19430,14 +19518,9 @@ var DEFAULT_CONFIG = {
         argPatterns: [VERSION_HELP_FLAGS]
       })),
       // --- Scripting languages ---
-      ...["ruby", "perl", "php"].map((cmd) => ({
-        command: cmd,
-        default: "ask",
-        argPatterns: [
-          { match: { anyArgMatches: ["^-e$", "^--eval"] }, decision: "ask", reason: "Inline code execution" },
-          VERSION_HELP_FLAGS
-        ]
-      })),
+      { command: "ruby", default: "ask", argPatterns: [...inlineExecPatterns("Ruby", ["^-e$", "^--eval"]), VERSION_HELP_FLAGS] },
+      { command: "perl", default: "ask", argPatterns: [...inlineExecPatterns("Perl", ["^-e$", "^-E$"]), VERSION_HELP_FLAGS] },
+      { command: "php", default: "ask", argPatterns: [...inlineExecPatterns("PHP", ["^-r$"]), VERSION_HELP_FLAGS] },
       // --- Java ecosystem ---
       { command: "java", default: "ask", argPatterns: [VERSION_HELP_FLAGS] },
       { command: "javac", default: "allow" },

package/dist/codex-export.cjs

@@ -18744,6 +18744,7 @@ var SAFE_DEV_TOOLS = [
   "jest",
   "vitest",
   "tsc",
+  "tsgo",
   "eslint",
   "prettier",
   "mkdirp",
@@ -18864,6 +18865,91 @@ function registryOpsPattern() {
     reason: "Registry modification"
   };
 }
+var INLINE_LANG_CONFIG = {
+  Python: {
+    ext: "py",
+    patterns: [
+      "os\\.system",
+      "subprocess",
+      "commands\\.",
+      "pty\\.",
+      `__import__\\s*\\(\\s*['"](?:os|subprocess|socket)`,
+      "\\bexec\\s*\\(",
+      "\\beval\\s*\\(",
+      `open\\s*\\([^)]*['"][wax+]`,
+      "\\bsocket\\b",
+      "urllib",
+      "requests\\.",
+      "http\\.client"
+    ]
+  },
+  JavaScript: {
+    ext: "js",
+    patterns: [
+      "child[_]process",
+      `require\\s*\\(\\s*['"]child[_]process`,
+      "\\.(?:writeFile|appendFile|createWriteStream|writeFileSync|appendFileSync)\\s*\\(",
+      "http\\.request",
+      "https\\.request",
+      "net\\.(?:connect|createConnection)",
+      "fetch\\s*\\("
+    ]
+  },
+  Ruby: {
+    ext: "rb",
+    patterns: [
+      "`",
+      "%x[\\(\\{\\[]",
+      "\\bsystem\\s*\\(",
+      "\\bexec\\s*\\(",
+      "IO\\.popen",
+      "Kernel\\.",
+      "\\bspawn\\s*\\(",
+      `File\\.open\\s*\\([^)]*['"][wax+]`,
+      "File\\.write",
+      "open-uri",
+      "Net::HTTP"
+    ]
+  },
+  Perl: {
+    ext: "pl",
+    patterns: [
+      "`",
+      "qx[\\(\\{\\[/]",
+      "\\bsystem\\s*\\(",
+      "\\bexec\\s*\\(",
+      `open\\s*\\([^)]*['"][>|+]`
+    ]
+  },
+  PHP: {
+    ext: "php",
+    patterns: [
+      "`",
+      "shell_exec",
+      "\\b(?:system|passthru|popen|proc_open)\\s*\\(",
+      "\\bexec\\s*\\(",
+      "file_put_contents",
+      "fwrite",
+      `fopen\\s*\\([^)]*['"][wax+]`,
+      "curl_exec",
+      "fsockopen"
+    ]
+  }
+};
+function inlineExecPatterns(lang, flags) {
+  const { ext, patterns } = INLINE_LANG_CONFIG[lang];
+  const reason = `Inline ${lang} is hard to audit. For JSON, prefer \`jq\`. For reuse, save to scripts/*.${ext} and run it.`;
+  const flagAlt = flags.map((f) => f.replace(/^\^/, "").replace(/\$$/, "")).join("|");
+  const compound = `(?:^|\\s)(?:${flagAlt})[\\s=][^\\n]{0,16000}?(?:${patterns.join("|")})`;
+  return [
+    { match: { argsMatch: [compound] }, decision: "ask", reason },
+    {
+      match: { anyArgMatches: flags },
+      decision: "allow",
+      description: `Plausibly read-only inline ${lang} script`
+    }
+  ];
+}
 function pkgManagerRule(command, extraSafeCmds = []) {
   const safeCmds = [...SAFE_PKG_MANAGER_CMDS, ...extraSafeCmds];
   return {
@@ -19247,7 +19333,7 @@ var DEFAULT_CONFIG = {
         command: "node",
         default: "ask",
         argPatterns: [
-          { match: { anyArgMatches: ["^-e$", "^--eval", "^-p$", "^--print"] }, decision: "ask", reason: "Evaluating inline code" },
+          ...inlineExecPatterns("JavaScript", ["^-e$", "^--eval", "^-p$", "^--print"]),
           { match: { anyArgMatches: ["^--(version|help)$", "^-[vh]$"] }, decision: "allow", description: "Version/help flags" },
           { match: { noArgs: true }, decision: "ask", reason: "Interactive REPL" }
         ]
@@ -19276,6 +19362,7 @@ var DEFAULT_CONFIG = {
         command: cmd,
         default: "ask",
         argPatterns: [
+          ...inlineExecPatterns("Python", ["^-c$"]),
           { match: { anyArgMatches: ["^--(version|help)$", "^-V$"] }, decision: "allow" }
         ]
       })),
@@ -19325,6 +19412,7 @@ var DEFAULT_CONFIG = {
       },
       { command: "rustup", default: "allow" },
       { command: "tsc", default: "allow" },
+      { command: "tsgo", default: "allow" },
       { command: "turbo", default: "allow" },
       { command: "nx", default: "allow" },
       { command: "lerna", default: "allow" },
@@ -19434,14 +19522,9 @@ var DEFAULT_CONFIG = {
         argPatterns: [VERSION_HELP_FLAGS]
       })),
       // --- Scripting languages ---
-      ...["ruby", "perl", "php"].map((cmd) => ({
-        command: cmd,
-        default: "ask",
-        argPatterns: [
-          { match: { anyArgMatches: ["^-e$", "^--eval"] }, decision: "ask", reason: "Inline code execution" },
-          VERSION_HELP_FLAGS
-        ]
-      })),
+      { command: "ruby", default: "ask", argPatterns: [...inlineExecPatterns("Ruby", ["^-e$", "^--eval"]), VERSION_HELP_FLAGS] },
+      { command: "perl", default: "ask", argPatterns: [...inlineExecPatterns("Perl", ["^-e$", "^-E$"]), VERSION_HELP_FLAGS] },
+      { command: "php", default: "ask", argPatterns: [...inlineExecPatterns("PHP", ["^-r$"]), VERSION_HELP_FLAGS] },
       // --- Java ecosystem ---
       { command: "java", default: "ask", argPatterns: [VERSION_HELP_FLAGS] },
       { command: "javac", default: "allow" },

package/dist/copilot.cjs

@@ -18740,6 +18740,7 @@ var SAFE_DEV_TOOLS = [
   "jest",
   "vitest",
   "tsc",
+  "tsgo",
   "eslint",
   "prettier",
   "mkdirp",
@@ -18860,6 +18861,91 @@ function registryOpsPattern() {
     reason: "Registry modification"
   };
 }
+var INLINE_LANG_CONFIG = {
+  Python: {
+    ext: "py",
+    patterns: [
+      "os\\.system",
+      "subprocess",
+      "commands\\.",
+      "pty\\.",
+      `__import__\\s*\\(\\s*['"](?:os|subprocess|socket)`,
+      "\\bexec\\s*\\(",
+      "\\beval\\s*\\(",
+      `open\\s*\\([^)]*['"][wax+]`,
+      "\\bsocket\\b",
+      "urllib",
+      "requests\\.",
+      "http\\.client"
+    ]
+  },
+  JavaScript: {
+    ext: "js",
+    patterns: [
+      "child[_]process",
+      `require\\s*\\(\\s*['"]child[_]process`,
+      "\\.(?:writeFile|appendFile|createWriteStream|writeFileSync|appendFileSync)\\s*\\(",
+      "http\\.request",
+      "https\\.request",
+      "net\\.(?:connect|createConnection)",
+      "fetch\\s*\\("
+    ]
+  },
+  Ruby: {
+    ext: "rb",
+    patterns: [
+      "`",
+      "%x[\\(\\{\\[]",
+      "\\bsystem\\s*\\(",
+      "\\bexec\\s*\\(",
+      "IO\\.popen",
+      "Kernel\\.",
+      "\\bspawn\\s*\\(",
+      `File\\.open\\s*\\([^)]*['"][wax+]`,
+      "File\\.write",
+      "open-uri",
+      "Net::HTTP"
+    ]
+  },
+  Perl: {
+    ext: "pl",
+    patterns: [
+      "`",
+      "qx[\\(\\{\\[/]",
+      "\\bsystem\\s*\\(",
+      "\\bexec\\s*\\(",
+      `open\\s*\\([^)]*['"][>|+]`
+    ]
+  },
+  PHP: {
+    ext: "php",
+    patterns: [
+      "`",
+      "shell_exec",
+      "\\b(?:system|passthru|popen|proc_open)\\s*\\(",
+      "\\bexec\\s*\\(",
+      "file_put_contents",
+      "fwrite",
+      `fopen\\s*\\([^)]*['"][wax+]`,
+      "curl_exec",
+      "fsockopen"
+    ]
+  }
+};
+function inlineExecPatterns(lang, flags) {
+  const { ext, patterns } = INLINE_LANG_CONFIG[lang];
+  const reason = `Inline ${lang} is hard to audit. For JSON, prefer \`jq\`. For reuse, save to scripts/*.${ext} and run it.`;
+  const flagAlt = flags.map((f) => f.replace(/^\^/, "").replace(/\$$/, "")).join("|");
+  const compound = `(?:^|\\s)(?:${flagAlt})[\\s=][^\\n]{0,16000}?(?:${patterns.join("|")})`;
+  return [
+    { match: { argsMatch: [compound] }, decision: "ask", reason },
+    {
+      match: { anyArgMatches: flags },
+      decision: "allow",
+      description: `Plausibly read-only inline ${lang} script`
+    }
+  ];
+}
 function pkgManagerRule(command, extraSafeCmds = []) {
   const safeCmds = [...SAFE_PKG_MANAGER_CMDS, ...extraSafeCmds];
   return {
@@ -19243,7 +19329,7 @@ var DEFAULT_CONFIG = {
         command: "node",
         default: "ask",
         argPatterns: [
-          { match: { anyArgMatches: ["^-e$", "^--eval", "^-p$", "^--print"] }, decision: "ask", reason: "Evaluating inline code" },
+          ...inlineExecPatterns("JavaScript", ["^-e$", "^--eval", "^-p$", "^--print"]),
           { match: { anyArgMatches: ["^--(version|help)$", "^-[vh]$"] }, decision: "allow", description: "Version/help flags" },
           { match: { noArgs: true }, decision: "ask", reason: "Interactive REPL" }
         ]
@@ -19272,6 +19358,7 @@ var DEFAULT_CONFIG = {
         command: cmd,
         default: "ask",
         argPatterns: [
+          ...inlineExecPatterns("Python", ["^-c$"]),
           { match: { anyArgMatches: ["^--(version|help)$", "^-V$"] }, decision: "allow" }
         ]
       })),
@@ -19321,6 +19408,7 @@ var DEFAULT_CONFIG = {
       },
       { command: "rustup", default: "allow" },
       { command: "tsc", default: "allow" },
+      { command: "tsgo", default: "allow" },
       { command: "turbo", default: "allow" },
       { command: "nx", default: "allow" },
       { command: "lerna", default: "allow" },
@@ -19430,14 +19518,9 @@ var DEFAULT_CONFIG = {
         argPatterns: [VERSION_HELP_FLAGS]
       })),
       // --- Scripting languages ---
-      ...["ruby", "perl", "php"].map((cmd) => ({
-        command: cmd,
-        default: "ask",
-        argPatterns: [
-          { match: { anyArgMatches: ["^-e$", "^--eval"] }, decision: "ask", reason: "Inline code execution" },
-          VERSION_HELP_FLAGS
-        ]
-      })),
+      { command: "ruby", default: "ask", argPatterns: [...inlineExecPatterns("Ruby", ["^-e$", "^--eval"]), VERSION_HELP_FLAGS] },
+      { command: "perl", default: "ask", argPatterns: [...inlineExecPatterns("Perl", ["^-e$", "^-E$"]), VERSION_HELP_FLAGS] },
+      { command: "php", default: "ask", argPatterns: [...inlineExecPatterns("PHP", ["^-r$"]), VERSION_HELP_FLAGS] },
       // --- Java ecosystem ---
       { command: "java", default: "ask", argPatterns: [VERSION_HELP_FLAGS] },
       { command: "javac", default: "allow" },

package/dist/index.cjs

@@ -18740,6 +18740,7 @@ var SAFE_DEV_TOOLS = [
   "jest",
   "vitest",
   "tsc",
+  "tsgo",
   "eslint",
   "prettier",
   "mkdirp",
@@ -18860,6 +18861,91 @@ function registryOpsPattern() {
     reason: "Registry modification"
   };
 }
+var INLINE_LANG_CONFIG = {
+  Python: {
+    ext: "py",
+    patterns: [
+      "os\\.system",
+      "subprocess",
+      "commands\\.",
+      "pty\\.",
+      `__import__\\s*\\(\\s*['"](?:os|subprocess|socket)`,
+      "\\bexec\\s*\\(",
+      "\\beval\\s*\\(",
+      `open\\s*\\([^)]*['"][wax+]`,
+      "\\bsocket\\b",
+      "urllib",
+      "requests\\.",
+      "http\\.client"
+    ]
+  },
+  JavaScript: {
+    ext: "js",
+    patterns: [
+      "child[_]process",
+      `require\\s*\\(\\s*['"]child[_]process`,
+      "\\.(?:writeFile|appendFile|createWriteStream|writeFileSync|appendFileSync)\\s*\\(",
+      "http\\.request",
+      "https\\.request",
+      "net\\.(?:connect|createConnection)",
+      "fetch\\s*\\("
+    ]
+  },
+  Ruby: {
+    ext: "rb",
+    patterns: [
+      "`",
+      "%x[\\(\\{\\[]",
+      "\\bsystem\\s*\\(",
+      "\\bexec\\s*\\(",
+      "IO\\.popen",
+      "Kernel\\.",
+      "\\bspawn\\s*\\(",
+      `File\\.open\\s*\\([^)]*['"][wax+]`,
+      "File\\.write",
+      "open-uri",
+      "Net::HTTP"
+    ]
+  },
+  Perl: {
+    ext: "pl",
+    patterns: [
+      "`",
+      "qx[\\(\\{\\[/]",
+      "\\bsystem\\s*\\(",
+      "\\bexec\\s*\\(",
+      `open\\s*\\([^)]*['"][>|+]`
+    ]
+  },
+  PHP: {
+    ext: "php",
+    patterns: [
+      "`",
+      "shell_exec",
+      "\\b(?:system|passthru|popen|proc_open)\\s*\\(",
+      "\\bexec\\s*\\(",
+      "file_put_contents",
+      "fwrite",
+      `fopen\\s*\\([^)]*['"][wax+]`,
+      "curl_exec",
+      "fsockopen"
+    ]
+  }
+};
+function inlineExecPatterns(lang, flags) {
+  const { ext, patterns } = INLINE_LANG_CONFIG[lang];
+  const reason = `Inline ${lang} is hard to audit. For JSON, prefer \`jq\`. For reuse, save to scripts/*.${ext} and run it.`;
+  const flagAlt = flags.map((f) => f.replace(/^\^/, "").replace(/\$$/, "")).join("|");
+  const compound = `(?:^|\\s)(?:${flagAlt})[\\s=][^\\n]{0,16000}?(?:${patterns.join("|")})`;
+  return [
+    { match: { argsMatch: [compound] }, decision: "ask", reason },
+    {
+      match: { anyArgMatches: flags },
+      decision: "allow",
+      description: `Plausibly read-only inline ${lang} script`
+    }
+  ];
+}
 function pkgManagerRule(command, extraSafeCmds = []) {
   const safeCmds = [...SAFE_PKG_MANAGER_CMDS, ...extraSafeCmds];
   return {
@@ -19243,7 +19329,7 @@ var DEFAULT_CONFIG = {
         command: "node",
         default: "ask",
         argPatterns: [
-          { match: { anyArgMatches: ["^-e$", "^--eval", "^-p$", "^--print"] }, decision: "ask", reason: "Evaluating inline code" },
+          ...inlineExecPatterns("JavaScript", ["^-e$", "^--eval", "^-p$", "^--print"]),
           { match: { anyArgMatches: ["^--(version|help)$", "^-[vh]$"] }, decision: "allow", description: "Version/help flags" },
           { match: { noArgs: true }, decision: "ask", reason: "Interactive REPL" }
         ]
@@ -19272,6 +19358,7 @@ var DEFAULT_CONFIG = {
         command: cmd,
         default: "ask",
         argPatterns: [
+          ...inlineExecPatterns("Python", ["^-c$"]),
           { match: { anyArgMatches: ["^--(version|help)$", "^-V$"] }, decision: "allow" }
         ]
       })),
@@ -19321,6 +19408,7 @@ var DEFAULT_CONFIG = {
       },
       { command: "rustup", default: "allow" },
       { command: "tsc", default: "allow" },
+      { command: "tsgo", default: "allow" },
       { command: "turbo", default: "allow" },
       { command: "nx", default: "allow" },
       { command: "lerna", default: "allow" },
@@ -19430,14 +19518,9 @@ var DEFAULT_CONFIG = {
         argPatterns: [VERSION_HELP_FLAGS]
       })),
       // --- Scripting languages ---
-      ...["ruby", "perl", "php"].map((cmd) => ({
-        command: cmd,
-        default: "ask",
-        argPatterns: [
-          { match: { anyArgMatches: ["^-e$", "^--eval"] }, decision: "ask", reason: "Inline code execution" },
-          VERSION_HELP_FLAGS
-        ]
-      })),
+      { command: "ruby", default: "ask", argPatterns: [...inlineExecPatterns("Ruby", ["^-e$", "^--eval"]), VERSION_HELP_FLAGS] },
+      { command: "perl", default: "ask", argPatterns: [...inlineExecPatterns("Perl", ["^-e$", "^-E$"]), VERSION_HELP_FLAGS] },
+      { command: "php", default: "ask", argPatterns: [...inlineExecPatterns("PHP", ["^-r$"]), VERSION_HELP_FLAGS] },
       // --- Java ecosystem ---
       { command: "java", default: "ask", argPatterns: [VERSION_HELP_FLAGS] },
       { command: "javac", default: "allow" },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-warden",
-  "version": "2.8.0",
+  "version": "2.9.0",
   "description": "Smart command safety filter for Claude Code — auto-approves safe commands, blocks dangerous ones",
   "type": "module",
   "main": "dist/index.cjs",