claude-warden 2.9.0 → 2.10.1

package/.claude-plugin/marketplace.json

@@ -8,7 +8,7 @@
     {
       "name": "warden",
       "description": "Auto-approves safe commands, blocks dangerous ones, prompts for the rest",
-      "version": "2.9.0",
+      "version": "2.10.1",
       "author": {
         "name": "banyudu"
       },

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "warden",
-  "version": "2.9.0",
+  "version": "2.10.1",
   "description": "Smart command safety filter for Claude Code — parses shell pipelines and evaluates per-command safety rules to auto-approve safe commands and block dangerous ones",
   "author": {
     "name": "banyudu"

package/dist/cli.cjs

@@ -18214,6 +18214,19 @@ function convertCommand(node) {
   const raw = rawParts.join(" ");
   return { command, originalCommand, args: args2, envPrefixes, raw };
 }
+function collectExpansionsFromWord(word, result) {
+  if (!word?.expansion) return;
+  for (const exp of word.expansion) {
+    if (exp.type === "CommandExpansion" && exp.command) {
+      result.hasSubshell = true;
+      result.subshellCommands.push(exp.command);
+    }
+  }
+}
+function walkCompoundList(list, result) {
+  if (!list?.commands) return;
+  for (const cmd of list.commands) walkNode(cmd, result);
+}
 function collectCommandExpansions(node) {
   const commands = [];
   if (node.type === "Command") {
@@ -18280,7 +18293,6 @@ function walkNode(node, result) {
       break;
     }
     case "Subshell": {
-      result.hasSubshell = true;
       const subshell = node;
       if (subshell.list?.commands) {
         for (const cmd of subshell.list.commands) {
@@ -18289,15 +18301,47 @@ function walkNode(node, result) {
       }
       break;
     }
-    // Complex constructs — flag as subshell for safety
-    case "If":
-    case "For":
+    // Control constructs mirror the Subshell handler above: their bodies are
+    // walked into result.commands so each inner command is evaluated normally.
+    // hasSubshell stays false unless a head expression (`for f in $(...)`,
+    // `case $(...) in ...`) introduces a real command substitution.
+    case "For": {
+      const f = node;
+      if (f.wordlist) {
+        for (const w of f.wordlist) collectExpansionsFromWord(w, result);
+      }
+      walkCompoundList(f.do, result);
+      break;
+    }
     case "While":
-    case "Until":
-    case "Case":
-    case "Function":
-      result.hasSubshell = true;
+    case "Until": {
+      const w = node;
+      walkCompoundList(w.clause, result);
+      walkCompoundList(w.do, result);
+      break;
+    }
+    case "If": {
+      const i = node;
+      walkCompoundList(i.clause, result);
+      walkCompoundList(i.then, result);
+      if (i.else) {
+        if (i.else.type === "If") walkNode(i.else, result);
+        else walkCompoundList(i.else, result);
+      }
       break;
+    }
+    case "Case": {
+      const cs = node;
+      collectExpansionsFromWord(cs.clause, result);
+      if (cs.cases) {
+        for (const item of cs.cases) walkCompoundList(item.body, result);
+      }
+      break;
+    }
+    case "Function": {
+      walkCompoundList(node.body, result);
+      break;
+    }
     default:
       break;
   }
@@ -19519,7 +19563,18 @@ var DEFAULT_CONFIG = {
       })),
       // --- Scripting languages ---
       { command: "ruby", default: "ask", argPatterns: [...inlineExecPatterns("Ruby", ["^-e$", "^--eval"]), VERSION_HELP_FLAGS] },
-      { command: "perl", default: "ask", argPatterns: [...inlineExecPatterns("Perl", ["^-e$", "^-E$"]), VERSION_HELP_FLAGS] },
+      // `[npa]` bundles perl's common read-only short flags (`-pe`, `-ne`, `-ane`).
+      // `-i` (in-place edit) mutates files — detected separately so it's caught whether
+      // bundled (`-pie`, `-pi`) or passed as its own arg (`-i -pe`, `-i.bak -pe`).
+      {
+        command: "perl",
+        default: "ask",
+        argPatterns: [
+          { match: { anyArgMatches: ["^-[a-z]*i"] }, decision: "ask", reason: "Perl `-i` does in-place file edits. Save the script to scripts/*.pl and run it." },
+          ...inlineExecPatterns("Perl", ["^-[npa]*[eE]$"]),
+          VERSION_HELP_FLAGS
+        ]
+      },
       { command: "php", default: "ask", argPatterns: [...inlineExecPatterns("PHP", ["^-r$"]), VERSION_HELP_FLAGS] },
       // --- Java ecosystem ---
       { command: "java", default: "ask", argPatterns: [VERSION_HELP_FLAGS] },

package/dist/codex-export.cjs

@@ -18218,6 +18218,19 @@ function convertCommand(node) {
   const raw = rawParts.join(" ");
   return { command, originalCommand, args: args2, envPrefixes, raw };
 }
+function collectExpansionsFromWord(word, result) {
+  if (!word?.expansion) return;
+  for (const exp of word.expansion) {
+    if (exp.type === "CommandExpansion" && exp.command) {
+      result.hasSubshell = true;
+      result.subshellCommands.push(exp.command);
+    }
+  }
+}
+function walkCompoundList(list, result) {
+  if (!list?.commands) return;
+  for (const cmd of list.commands) walkNode(cmd, result);
+}
 function collectCommandExpansions(node) {
   const commands = [];
   if (node.type === "Command") {
@@ -18284,7 +18297,6 @@ function walkNode(node, result) {
       break;
     }
     case "Subshell": {
-      result.hasSubshell = true;
       const subshell = node;
       if (subshell.list?.commands) {
         for (const cmd of subshell.list.commands) {
@@ -18293,15 +18305,47 @@ function walkNode(node, result) {
       }
       break;
     }
-    // Complex constructs — flag as subshell for safety
-    case "If":
-    case "For":
+    // Control constructs mirror the Subshell handler above: their bodies are
+    // walked into result.commands so each inner command is evaluated normally.
+    // hasSubshell stays false unless a head expression (`for f in $(...)`,
+    // `case $(...) in ...`) introduces a real command substitution.
+    case "For": {
+      const f = node;
+      if (f.wordlist) {
+        for (const w of f.wordlist) collectExpansionsFromWord(w, result);
+      }
+      walkCompoundList(f.do, result);
+      break;
+    }
     case "While":
-    case "Until":
-    case "Case":
-    case "Function":
-      result.hasSubshell = true;
+    case "Until": {
+      const w = node;
+      walkCompoundList(w.clause, result);
+      walkCompoundList(w.do, result);
+      break;
+    }
+    case "If": {
+      const i = node;
+      walkCompoundList(i.clause, result);
+      walkCompoundList(i.then, result);
+      if (i.else) {
+        if (i.else.type === "If") walkNode(i.else, result);
+        else walkCompoundList(i.else, result);
+      }
       break;
+    }
+    case "Case": {
+      const cs = node;
+      collectExpansionsFromWord(cs.clause, result);
+      if (cs.cases) {
+        for (const item of cs.cases) walkCompoundList(item.body, result);
+      }
+      break;
+    }
+    case "Function": {
+      walkCompoundList(node.body, result);
+      break;
+    }
     default:
       break;
   }
@@ -19523,7 +19567,18 @@ var DEFAULT_CONFIG = {
       })),
       // --- Scripting languages ---
       { command: "ruby", default: "ask", argPatterns: [...inlineExecPatterns("Ruby", ["^-e$", "^--eval"]), VERSION_HELP_FLAGS] },
-      { command: "perl", default: "ask", argPatterns: [...inlineExecPatterns("Perl", ["^-e$", "^-E$"]), VERSION_HELP_FLAGS] },
+      // `[npa]` bundles perl's common read-only short flags (`-pe`, `-ne`, `-ane`).
+      // `-i` (in-place edit) mutates files — detected separately so it's caught whether
+      // bundled (`-pie`, `-pi`) or passed as its own arg (`-i -pe`, `-i.bak -pe`).
+      {
+        command: "perl",
+        default: "ask",
+        argPatterns: [
+          { match: { anyArgMatches: ["^-[a-z]*i"] }, decision: "ask", reason: "Perl `-i` does in-place file edits. Save the script to scripts/*.pl and run it." },
+          ...inlineExecPatterns("Perl", ["^-[npa]*[eE]$"]),
+          VERSION_HELP_FLAGS
+        ]
+      },
       { command: "php", default: "ask", argPatterns: [...inlineExecPatterns("PHP", ["^-r$"]), VERSION_HELP_FLAGS] },
       // --- Java ecosystem ---
       { command: "java", default: "ask", argPatterns: [VERSION_HELP_FLAGS] },

package/dist/copilot.cjs

@@ -18214,6 +18214,19 @@ function convertCommand(node) {
   const raw = rawParts.join(" ");
   return { command, originalCommand, args: args2, envPrefixes, raw };
 }
+function collectExpansionsFromWord(word, result) {
+  if (!word?.expansion) return;
+  for (const exp of word.expansion) {
+    if (exp.type === "CommandExpansion" && exp.command) {
+      result.hasSubshell = true;
+      result.subshellCommands.push(exp.command);
+    }
+  }
+}
+function walkCompoundList(list, result) {
+  if (!list?.commands) return;
+  for (const cmd of list.commands) walkNode(cmd, result);
+}
 function collectCommandExpansions(node) {
   const commands = [];
   if (node.type === "Command") {
@@ -18280,7 +18293,6 @@ function walkNode(node, result) {
       break;
     }
     case "Subshell": {
-      result.hasSubshell = true;
       const subshell = node;
       if (subshell.list?.commands) {
         for (const cmd of subshell.list.commands) {
@@ -18289,15 +18301,47 @@ function walkNode(node, result) {
       }
       break;
     }
-    // Complex constructs — flag as subshell for safety
-    case "If":
-    case "For":
+    // Control constructs mirror the Subshell handler above: their bodies are
+    // walked into result.commands so each inner command is evaluated normally.
+    // hasSubshell stays false unless a head expression (`for f in $(...)`,
+    // `case $(...) in ...`) introduces a real command substitution.
+    case "For": {
+      const f = node;
+      if (f.wordlist) {
+        for (const w of f.wordlist) collectExpansionsFromWord(w, result);
+      }
+      walkCompoundList(f.do, result);
+      break;
+    }
     case "While":
-    case "Until":
-    case "Case":
-    case "Function":
-      result.hasSubshell = true;
+    case "Until": {
+      const w = node;
+      walkCompoundList(w.clause, result);
+      walkCompoundList(w.do, result);
+      break;
+    }
+    case "If": {
+      const i = node;
+      walkCompoundList(i.clause, result);
+      walkCompoundList(i.then, result);
+      if (i.else) {
+        if (i.else.type === "If") walkNode(i.else, result);
+        else walkCompoundList(i.else, result);
+      }
       break;
+    }
+    case "Case": {
+      const cs = node;
+      collectExpansionsFromWord(cs.clause, result);
+      if (cs.cases) {
+        for (const item of cs.cases) walkCompoundList(item.body, result);
+      }
+      break;
+    }
+    case "Function": {
+      walkCompoundList(node.body, result);
+      break;
+    }
     default:
       break;
   }
@@ -19519,7 +19563,18 @@ var DEFAULT_CONFIG = {
       })),
       // --- Scripting languages ---
       { command: "ruby", default: "ask", argPatterns: [...inlineExecPatterns("Ruby", ["^-e$", "^--eval"]), VERSION_HELP_FLAGS] },
-      { command: "perl", default: "ask", argPatterns: [...inlineExecPatterns("Perl", ["^-e$", "^-E$"]), VERSION_HELP_FLAGS] },
+      // `[npa]` bundles perl's common read-only short flags (`-pe`, `-ne`, `-ane`).
+      // `-i` (in-place edit) mutates files — detected separately so it's caught whether
+      // bundled (`-pie`, `-pi`) or passed as its own arg (`-i -pe`, `-i.bak -pe`).
+      {
+        command: "perl",
+        default: "ask",
+        argPatterns: [
+          { match: { anyArgMatches: ["^-[a-z]*i"] }, decision: "ask", reason: "Perl `-i` does in-place file edits. Save the script to scripts/*.pl and run it." },
+          ...inlineExecPatterns("Perl", ["^-[npa]*[eE]$"]),
+          VERSION_HELP_FLAGS
+        ]
+      },
       { command: "php", default: "ask", argPatterns: [...inlineExecPatterns("PHP", ["^-r$"]), VERSION_HELP_FLAGS] },
       // --- Java ecosystem ---
       { command: "java", default: "ask", argPatterns: [VERSION_HELP_FLAGS] },

package/dist/index.cjs

@@ -18214,6 +18214,19 @@ function convertCommand(node) {
   const raw = rawParts.join(" ");
   return { command, originalCommand, args: args2, envPrefixes, raw };
 }
+function collectExpansionsFromWord(word, result) {
+  if (!word?.expansion) return;
+  for (const exp of word.expansion) {
+    if (exp.type === "CommandExpansion" && exp.command) {
+      result.hasSubshell = true;
+      result.subshellCommands.push(exp.command);
+    }
+  }
+}
+function walkCompoundList(list, result) {
+  if (!list?.commands) return;
+  for (const cmd of list.commands) walkNode(cmd, result);
+}
 function collectCommandExpansions(node) {
   const commands = [];
   if (node.type === "Command") {
@@ -18280,7 +18293,6 @@ function walkNode(node, result) {
       break;
     }
     case "Subshell": {
-      result.hasSubshell = true;
       const subshell = node;
       if (subshell.list?.commands) {
         for (const cmd of subshell.list.commands) {
@@ -18289,15 +18301,47 @@ function walkNode(node, result) {
       }
       break;
     }
-    // Complex constructs — flag as subshell for safety
-    case "If":
-    case "For":
+    // Control constructs mirror the Subshell handler above: their bodies are
+    // walked into result.commands so each inner command is evaluated normally.
+    // hasSubshell stays false unless a head expression (`for f in $(...)`,
+    // `case $(...) in ...`) introduces a real command substitution.
+    case "For": {
+      const f = node;
+      if (f.wordlist) {
+        for (const w of f.wordlist) collectExpansionsFromWord(w, result);
+      }
+      walkCompoundList(f.do, result);
+      break;
+    }
     case "While":
-    case "Until":
-    case "Case":
-    case "Function":
-      result.hasSubshell = true;
+    case "Until": {
+      const w = node;
+      walkCompoundList(w.clause, result);
+      walkCompoundList(w.do, result);
+      break;
+    }
+    case "If": {
+      const i = node;
+      walkCompoundList(i.clause, result);
+      walkCompoundList(i.then, result);
+      if (i.else) {
+        if (i.else.type === "If") walkNode(i.else, result);
+        else walkCompoundList(i.else, result);
+      }
       break;
+    }
+    case "Case": {
+      const cs = node;
+      collectExpansionsFromWord(cs.clause, result);
+      if (cs.cases) {
+        for (const item of cs.cases) walkCompoundList(item.body, result);
+      }
+      break;
+    }
+    case "Function": {
+      walkCompoundList(node.body, result);
+      break;
+    }
     default:
       break;
   }
@@ -19519,7 +19563,18 @@ var DEFAULT_CONFIG = {
       })),
       // --- Scripting languages ---
       { command: "ruby", default: "ask", argPatterns: [...inlineExecPatterns("Ruby", ["^-e$", "^--eval"]), VERSION_HELP_FLAGS] },
-      { command: "perl", default: "ask", argPatterns: [...inlineExecPatterns("Perl", ["^-e$", "^-E$"]), VERSION_HELP_FLAGS] },
+      // `[npa]` bundles perl's common read-only short flags (`-pe`, `-ne`, `-ane`).
+      // `-i` (in-place edit) mutates files — detected separately so it's caught whether
+      // bundled (`-pie`, `-pi`) or passed as its own arg (`-i -pe`, `-i.bak -pe`).
+      {
+        command: "perl",
+        default: "ask",
+        argPatterns: [
+          { match: { anyArgMatches: ["^-[a-z]*i"] }, decision: "ask", reason: "Perl `-i` does in-place file edits. Save the script to scripts/*.pl and run it." },
+          ...inlineExecPatterns("Perl", ["^-[npa]*[eE]$"]),
+          VERSION_HELP_FLAGS
+        ]
+      },
       { command: "php", default: "ask", argPatterns: [...inlineExecPatterns("PHP", ["^-r$"]), VERSION_HELP_FLAGS] },
       // --- Java ecosystem ---
       { command: "java", default: "ask", argPatterns: [VERSION_HELP_FLAGS] },
@@ -20913,11 +20968,12 @@ function generateAllowSnippet(details) {
   }
   return lines.join("\n");
 }
-function formatSystemMessage(decision, rawCommand, details) {
+function formatSystemMessage(decision, rawCommand, details, fallbackReason) {
   const relevant = details.filter((d) => d.decision !== "allow");
   if (decision === "ask") {
     const parts = relevant.map((d) => `\`${d.command}\`: ${d.reason}`);
-    const header = `[warden] ${parts.join(" | ")}`;
+    const body = parts.length > 0 ? parts.join(" | ") : fallbackReason || "";
+    const header = `[warden] ${body}`;
     const subcommandHints = relevant.filter((d) => d.args.length > 0).map((d) => {
       const sub = d.args[0];
       return `  Option A: Allow all \`${d.command}\` \u2192 \`/warden:allow ${d.command}\`
@@ -21191,14 +21247,14 @@ function emitResult(result, label, config) {
       const truncated = label.length > 80 ? label.slice(0, 77) + "..." : label;
       sendNotification("Claude Warden", `Blocked: ${truncated}`, config);
     }
-    const msg2 = formatSystemMessage("deny", label, result.details);
+    const msg2 = formatSystemMessage("deny", label, result.details, result.reason);
     emitDecision("deny", msg2, `[warden] Blocked: ${result.reason}`);
   }
   if (config.notifyOnAsk) {
     const truncated = label.length > 80 ? label.slice(0, 77) + "..." : label;
     sendNotification("Claude Warden", `Permission needed: ${truncated}`, config);
   }
-  const msg = formatSystemMessage("ask", label, result.details);
+  const msg = formatSystemMessage("ask", label, result.details, result.reason);
   emitDecision("ask", msg);
 }
 main().catch(() => process.exit(0));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-warden",
-  "version": "2.9.0",
+  "version": "2.10.1",
   "description": "Smart command safety filter for Claude Code — auto-approves safe commands, blocks dangerous ones",
   "type": "module",
   "main": "dist/index.cjs",