create-tigra 2.1.0 → 2.1.2

package/bin/create-tigra.js

@@ -213,6 +213,9 @@ async function main() {
           }
         }
 
+        // Create .developer-role file (default: fullstack = no restrictions)
+        await fs.writeFile(path.join(targetDir, '.developer-role'), 'fullstack\n', 'utf-8');
+
         spinner.succeed('Project scaffolded successfully!');
       } catch (error) {
         spinner.fail('Failed to scaffold project');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-tigra",
-  "version": "2.1.0",
+  "version": "2.1.2",
   "type": "module",
   "description": "Create a production-ready full-stack app with Next.js 16 + Fastify 5 + Prisma + Redis",
   "bin": {

package/template/_claude/hooks/restrict-paths.sh

@@ -3,6 +3,9 @@
 # Claude can always READ any file for full project context.
 # Only Edit/Write operations are blocked on the other side's directory.
 #
+# NOTE: settings.json matcher already filters for Edit|Write only,
+# so this script does NOT need to check the tool name.
+#
 # To switch roles, either:
 #   1. Edit .developer-role and type: frontend, backend, or fullstack
 #   2. Use /role command in Claude
@@ -23,32 +26,9 @@ if [ -z "$ROLE" ] || [ "$ROLE" = "fullstack" ]; then
   exit 0
 fi
 
-# Read stdin (JSON from Claude Code)
+# Read the full JSON input from Claude Code
 INPUT=$(cat)
 
-# Extract tool_name from JSON
-TOOL_NAME=$(echo "$INPUT" | grep -oP '"tool_name"\s*:\s*"[^"]*"' | head -1 | sed 's/.*:.*"\(.*\)"/\1/')
-
-# Only block write operations (Edit, Write). Allow Read, Glob, Grep.
-if [ "$TOOL_NAME" != "Edit" ] && [ "$TOOL_NAME" != "Write" ]; then
-  exit 0
-fi
-
-# Extract file_path or path from JSON
-FILE_PATH=""
-for field in file_path path; do
-  value=$(echo "$INPUT" | grep -oP "\"${field}\"\s*:\s*\"[^\"]*\"" | head -1 | sed 's/.*:.*"\(.*\)"/\1/')
-  if [ -n "$value" ]; then
-    FILE_PATH="$value"
-    break
-  fi
-done
-
-# No file path found = allow
-if [ -z "$FILE_PATH" ]; then
-  exit 0
-fi
-
 deny_with_reason() {
   cat <<DENY_EOF
 {"hookSpecificOutput":{"hookEventName":"PreToolUse","permissionDecision":"deny","permissionDecisionReason":"$1"}}
@@ -56,12 +36,14 @@ DENY_EOF
   exit 0
 }
 
+# Simple path check against the raw JSON input.
+# No JSON parsing needed — just check if the input contains server/ or client/ paths.
 if [ "$ROLE" = "frontend" ]; then
-  if echo "$FILE_PATH" | grep -qiE "(^|/|\\\\)server(/|\\\\|$)"; then
+  if echo "$INPUT" | grep -qiE "server[/\\\\]"; then
     deny_with_reason "BLOCKED: Role is set to frontend. You can read server/ files but cannot modify them. Only the backend developer can edit server/ code."
   fi
 elif [ "$ROLE" = "backend" ]; then
-  if echo "$FILE_PATH" | grep -qiE "(^|/|\\\\)client(/|\\\\|$)"; then
+  if echo "$INPUT" | grep -qiE "client[/\\\\]"; then
     deny_with_reason "BLOCKED: Role is set to backend. You can read client/ files but cannot modify them. Only the frontend developer can edit client/ code."
   fi
 fi

package/template/_claude/skills/role/SKILL.md

@@ -18,11 +18,13 @@ Read the file `.developer-role` in the project root to see the current role.
 
 ## What each role does
 
-| Role | Access |
-|------|--------|
-| `frontend` | Can only work in `client/`. Blocked from `server/`. |
-| `backend` | Can only work in `server/`. Blocked from `client/`. |
-| `fullstack` | Full access to everything. No restrictions. |
+Claude can always READ all files for full project context. Only WRITE access is restricted.
+
+| Role | Can edit |
+|------|---------|
+| `frontend` | `client/` only. Cannot edit `server/` files. |
+| `backend` | `server/` only. Cannot edit `client/` files. |
+| `fullstack` | Everything. No restrictions. |
 
 ## Response format
 
@@ -31,7 +33,7 @@ After switching, confirm like this:
 ```
 Role switched to **{role}**.
 
-- frontend → client/ only
-- backend → server/ only
-- fullstack → full access
+- frontend → can edit client/ only (can read everything)
+- backend → can edit server/ only (can read everything)
+- fullstack → can edit everything
 ```