npm - claude-warden - Versions diffs - 2.8.1 → 2.9.0 - Mend

claude-warden 2.8.1 → 2.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/.claude-plugin/marketplace.json +1 -1
package/.claude-plugin/plugin.json +1 -1
package/README.md +62 -1
package/dist/cli.cjs +2 -0
package/dist/codex-export.cjs +2 -0
package/dist/copilot.cjs +2 -0
package/dist/index.cjs +2 -0
package/package.json +1 -1

package/.claude-plugin/marketplace.json CHANGED Viewed

@@ -8,7 +8,7 @@
     {
       "name": "warden",
       "description": "Auto-approves safe commands, blocks dangerous ones, prompts for the rest",
-      "version": "2.8.1",
+      "version": "2.9.0",
       "author": {
         "name": "banyudu"
       },

package/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "warden",
-  "version": "2.8.1",
+  "version": "2.9.0",
   "description": "Smart command safety filter for Claude Code — parses shell pipelines and evaluates per-command safety rules to auto-approve safe commands and block dangerous ones",
   "author": {
     "name": "banyudu"

package/README.md CHANGED Viewed

@@ -6,7 +6,7 @@
 [![GitHub stars](https://img.shields.io/github/stars/banyudu/claude-warden)](https://github.com/banyudu/claude-warden/stargazers)
 [![CI](https://img.shields.io/github/actions/workflow/status/banyudu/claude-warden/ci.yml?label=CI)](https://github.com/banyudu/claude-warden/actions)
-Smart command safety filter for [Claude Code](https://claude.ai/code), [GitHub Copilot CLI](https://docs.github.com/en/copilot/how-tos/customize-copilot-cli/use-hooks), and other AI coding agents. Parses shell commands, evaluates each against configurable safety rules, and returns allow/deny/ask decisions — eliminating unnecessary permission prompts while blocking dangerous commands.
+Smart command safety filter for [Claude Code](https://claude.ai/code), [OpenAI Codex CLI](https://developers.openai.com/codex/hooks), [GitHub Copilot CLI](https://docs.github.com/en/copilot/how-tos/customize-copilot-cli/use-hooks), and other AI coding agents. Parses shell commands, evaluates each against configurable safety rules, and returns allow/deny/ask decisions — eliminating unnecessary permission prompts while blocking dangerous commands.
 ## The problem
@@ -283,8 +283,69 @@ rules:
           anyArgMatches: ['^(ps|images|logs)$']
         decision: allow
         description: Read-only docker commands
+# Skill (slash command) filtering — gate Claude Code skill invocations.
+# Skill names use the short form ("commit", not "/commit"). Glob patterns
+# are supported so you can whitelist an entire plugin namespace.
+skills:
+  defaultDecision: ask
+  alwaysAllow:
+    - commit
+    - review
+    - simplify
+    - "plugin-dev:*"      # allow every skill in the "plugin-dev" plugin
+  alwaysDeny:
+    - deploy
+  rules:
+    - skill: release
+      default: ask
+      argPatterns:
+        - match:
+            argsMatch: ["--dry-run"]
+          decision: allow
+          description: Dry-run release is safe
 ```
+## Skill (slash command) filtering
+Warden also intercepts Claude Code's `Skill` tool (the mechanism behind `/slash-command` invocations) using the same layered rule engine as shell commands. This lets you whitelist safe skills (read-only helpers, code review, summarization) while still prompting for anything that could modify state.
+Skill names are the identifier Claude Code uses internally — **without the leading `/`**. Built-in skills use a bare name (`commit`, `review`), plugin skills use `<plugin>:<skill>` (e.g. `plugin-dev:agent-development`, `code-review:code-review`). Glob patterns `*`, `?`, `[...]`, `{a,b,c}` are supported, so `"plugin-dev:*"` matches every skill in that plugin.
+### Configure
+```yaml
+skills:
+  # Default for skills with no matching rule: allow | deny | ask
+  defaultDecision: ask
+  # Auto-allow these skills (scoped to this config layer)
+  alwaysAllow:
+    - commit
+    - review
+    - "plugin-dev:*"
+  # Auto-deny these skills
+  alwaysDeny:
+    - deploy
+  # Per-skill rules with argument-aware matching
+  rules:
+    - skill: release
+      default: ask
+      argPatterns:
+        - match:
+            argsMatch: ["--dry-run"]
+          decision: allow
+          description: Dry-run release is safe
+```
+Layering follows the same **project > user > default** priority as shell rules (see [Config priority](#config-priority-scoped-layers)).
+### Built-in skill defaults
+Warden ships with a curated allow-list of skills that are read-only or informational — review tools (`review`, `security-review`, `code-review:code-review`), search/summarization helpers (`promptfolio-*`, `slack:find-discussions`, `slack:summarize-channel`), plugin-development guidance (`plugin-dev:*-development`), and `*-usage` docs skills. Everything else falls through to `defaultDecision: ask`.
 ## YOLO mode
 Need to temporarily bypass all permission prompts? YOLO mode auto-allows all commands for a limited time or the full session — while still blocking always-deny commands (like `sudo`, `shutdown`) for safety.

package/dist/cli.cjs CHANGED Viewed

@@ -18740,6 +18740,7 @@ var SAFE_DEV_TOOLS = [
   "jest",
   "vitest",
   "tsc",
+  "tsgo",
   "eslint",
   "prettier",
   "mkdirp",
@@ -19407,6 +19408,7 @@ var DEFAULT_CONFIG = {
       },
       { command: "rustup", default: "allow" },
       { command: "tsc", default: "allow" },
+      { command: "tsgo", default: "allow" },
       { command: "turbo", default: "allow" },
       { command: "nx", default: "allow" },
       { command: "lerna", default: "allow" },

package/dist/codex-export.cjs CHANGED Viewed

@@ -18744,6 +18744,7 @@ var SAFE_DEV_TOOLS = [
   "jest",
   "vitest",
   "tsc",
+  "tsgo",
   "eslint",
   "prettier",
   "mkdirp",
@@ -19411,6 +19412,7 @@ var DEFAULT_CONFIG = {
       },
       { command: "rustup", default: "allow" },
       { command: "tsc", default: "allow" },
+      { command: "tsgo", default: "allow" },
       { command: "turbo", default: "allow" },
       { command: "nx", default: "allow" },
       { command: "lerna", default: "allow" },

package/dist/copilot.cjs CHANGED Viewed

@@ -18740,6 +18740,7 @@ var SAFE_DEV_TOOLS = [
   "jest",
   "vitest",
   "tsc",
+  "tsgo",
   "eslint",
   "prettier",
   "mkdirp",
@@ -19407,6 +19408,7 @@ var DEFAULT_CONFIG = {
       },
       { command: "rustup", default: "allow" },
       { command: "tsc", default: "allow" },
+      { command: "tsgo", default: "allow" },
       { command: "turbo", default: "allow" },
       { command: "nx", default: "allow" },
       { command: "lerna", default: "allow" },

package/dist/index.cjs CHANGED Viewed

@@ -18740,6 +18740,7 @@ var SAFE_DEV_TOOLS = [
   "jest",
   "vitest",
   "tsc",
+  "tsgo",
   "eslint",
   "prettier",
   "mkdirp",
@@ -19407,6 +19408,7 @@ var DEFAULT_CONFIG = {
       },
       { command: "rustup", default: "allow" },
       { command: "tsc", default: "allow" },
+      { command: "tsgo", default: "allow" },
       { command: "turbo", default: "allow" },
       { command: "nx", default: "allow" },
       { command: "lerna", default: "allow" },

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "claude-warden",
-  "version": "2.8.1",
+  "version": "2.9.0",
   "description": "Smart command safety filter for Claude Code — auto-approves safe commands, blocks dangerous ones",
   "type": "module",
   "main": "dist/index.cjs",