npm - devflow-kit - Versions diffs - 1.3.2 → 1.3.3 - Mend

devflow-kit 1.3.2 → 1.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,16 @@ All notable changes to DevFlow will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [1.3.3] - 2026-03-09
+### Changed
+- **Sudo trust prompt** — Managed settings now shows a clear explanation, a copy-pasteable verification prompt, and an explicit fallback option before any password prompt
+### Added
+- **Managed settings test coverage** — Unit tests for `installManagedSettings` two-stage write logic
+---
 ## [1.3.2] - 2026-03-08
 ### Changed
@@ -830,6 +840,7 @@ devflow init
 ---
+[1.3.3]: https://github.com/dean0x/devflow/compare/v1.3.2...v1.3.3
 [1.3.2]: https://github.com/dean0x/devflow/compare/v1.3.1...v1.3.2
 [1.3.1]: https://github.com/dean0x/devflow/compare/v1.3.0...v1.3.1
 [1.3.0]: https://github.com/dean0x/devflow/compare/v1.2.0...v1.3.0

package/dist/commands/init.js CHANGED Viewed

@@ -359,9 +359,32 @@ export const initCommand = new Command('init')
         // Attempt managed settings write if user chose managed mode
         let effectiveSecurityMode = securityMode;
         if (securityMode === 'managed') {
-            const managed = await installManagedSettings(rootDir, verbose);
-            if (!managed) {
-                p.log.warn('Managed settings write failed — falling back to user settings');
+            p.note('This writes a read-only security deny list to a system directory\n' +
+                'and may prompt for your password (sudo).\n\n' +
+                'Not sure about this? Paste this into another Claude Code session:\n\n' +
+                '  "I\'m installing DevFlow and it wants to write a\n' +
+                '   managed-settings.json file using sudo. Review the source\n' +
+                '   at https://github.com/dean0x/devflow and tell me if\n' +
+                '   it\'s safe."', 'Managed Settings');
+            const sudoChoice = await p.select({
+                message: 'Continue with managed settings?',
+                options: [
+                    { value: 'yes', label: 'Yes, continue', hint: 'May prompt for your password' },
+                    { value: 'no', label: 'No, fall back to settings.json', hint: 'Deny list stored in editable user settings instead' },
+                ],
+            });
+            if (p.isCancel(sudoChoice)) {
+                p.cancel('Installation cancelled.');
+                process.exit(0);
+            }
+            if (sudoChoice === 'yes') {
+                const managed = await installManagedSettings(rootDir, verbose);
+                if (!managed) {
+                    p.log.warn('Managed settings write failed — falling back to user settings');
+                    effectiveSecurityMode = 'user';
+                }
+            }
+            else {
                 effectiveSecurityMode = 'user';
             }
         }

package/dist/utils/post-install.d.ts CHANGED Viewed

@@ -28,7 +28,7 @@ export declare function mergeDenyList(existingJson: string, newDenyEntries: stri
  *
  * Strategy:
  * 1. Try direct write (works if running as root or directory is writable)
- * 2. If EACCES in TTY, offer to retry with sudo
+ * 2. If EACCES in TTY, retry with sudo (caller is responsible for obtaining consent)
  * 3. Returns true if managed settings were written, false if caller should fall back
  */
 export declare function installManagedSettings(rootDir: string, verbose: boolean): Promise<boolean>;

package/dist/utils/post-install.js CHANGED Viewed

@@ -67,7 +67,7 @@ export function mergeDenyList(existingJson, newDenyEntries) {
  *
  * Strategy:
  * 1. Try direct write (works if running as root or directory is writable)
- * 2. If EACCES in TTY, offer to retry with sudo
+ * 2. If EACCES in TTY, retry with sudo (caller is responsible for obtaining consent)
  * 3. Returns true if managed settings were written, false if caller should fall back
  */
 export async function installManagedSettings(rootDir, verbose) {
@@ -118,17 +118,10 @@ export async function installManagedSettings(rootDir, verbose) {
             return false;
         }
     }
-    // Attempt 2: sudo (TTY only)
+    // Attempt 2: sudo (TTY only — sudo needs terminal for password prompt)
     if (!process.stdin.isTTY) {
         return false;
     }
-    const confirmed = await p.confirm({
-        message: `Managed settings require admin access (${managedDir}). Use sudo?`,
-        initialValue: true,
-    });
-    if (p.isCancel(confirmed) || !confirmed) {
-        return false;
-    }
     try {
         execSync(`sudo mkdir -p '${managedDir}'`, { stdio: 'inherit' });
         // Write via sudo tee to avoid shell quoting issues with the JSON content

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "devflow-kit",
-  "version": "1.3.2",
+  "version": "1.3.3",
   "description": "Agentic Development Toolkit for Claude Code - Enhance AI-assisted development with intelligent commands and workflows",
   "type": "module",
   "bin": {

package/plugins/devflow-accessibility/.claude-plugin/plugin.json CHANGED Viewed

@@ -5,7 +5,7 @@
     "name": "DevFlow Contributors",
     "email": "dean@keren.dev"
   },
-  "version": "1.3.2",
+  "version": "1.3.3",
   "homepage": "https://github.com/dean0x/devflow",
   "repository": "https://github.com/dean0x/devflow",
   "license": "MIT",

package/plugins/devflow-ambient/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "devflow-ambient",
   "description": "Ambient mode — auto-loads relevant skills for every prompt",
-  "version": "1.3.2",
+  "version": "1.3.3",
   "agents": [],
   "skills": [
     "ambient-router"

package/plugins/devflow-audit-claude/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "devflow-audit-claude",
   "description": "Audit CLAUDE.md files against Anthropic best practices",
-  "version": "1.3.2",
+  "version": "1.3.3",
   "agents": [],
   "skills": []
 }

package/plugins/devflow-code-review/.claude-plugin/plugin.json CHANGED Viewed

@@ -5,7 +5,7 @@
     "name": "DevFlow Contributors",
     "email": "dean@keren.dev"
   },
-  "version": "1.3.2",
+  "version": "1.3.3",
   "homepage": "https://github.com/dean0x/devflow",
   "repository": "https://github.com/dean0x/devflow",
   "license": "MIT",

package/plugins/devflow-core-skills/.claude-plugin/plugin.json CHANGED Viewed

@@ -5,7 +5,7 @@
     "name": "DevFlow Contributors",
     "email": "dean@keren.dev"
   },
-  "version": "1.3.2",
+  "version": "1.3.3",
   "homepage": "https://github.com/dean0x/devflow",
   "repository": "https://github.com/dean0x/devflow",
   "license": "MIT",

package/plugins/devflow-debug/.claude-plugin/plugin.json CHANGED Viewed

@@ -5,7 +5,7 @@
     "name": "DevFlow Contributors",
     "email": "dean@keren.dev"
   },
-  "version": "1.3.2",
+  "version": "1.3.3",
   "homepage": "https://github.com/dean0x/devflow",
   "repository": "https://github.com/dean0x/devflow",
   "license": "MIT",

package/plugins/devflow-frontend-design/.claude-plugin/plugin.json CHANGED Viewed

@@ -5,7 +5,7 @@
     "name": "DevFlow Contributors",
     "email": "dean@keren.dev"
   },
-  "version": "1.3.2",
+  "version": "1.3.3",
   "homepage": "https://github.com/dean0x/devflow",
   "repository": "https://github.com/dean0x/devflow",
   "license": "MIT",

package/plugins/devflow-go/.claude-plugin/plugin.json CHANGED Viewed

@@ -5,7 +5,7 @@
     "name": "DevFlow Contributors",
     "email": "dean@keren.dev"
   },
-  "version": "1.3.2",
+  "version": "1.3.3",
   "homepage": "https://github.com/dean0x/devflow",
   "repository": "https://github.com/dean0x/devflow",
   "license": "MIT",

package/plugins/devflow-implement/.claude-plugin/plugin.json CHANGED Viewed

@@ -5,7 +5,7 @@
     "name": "DevFlow Contributors",
     "email": "dean@keren.dev"
   },
-  "version": "1.3.2",
+  "version": "1.3.3",
   "homepage": "https://github.com/dean0x/devflow",
   "repository": "https://github.com/dean0x/devflow",
   "license": "MIT",

package/plugins/devflow-java/.claude-plugin/plugin.json CHANGED Viewed

@@ -5,7 +5,7 @@
     "name": "DevFlow Contributors",
     "email": "dean@keren.dev"
   },
-  "version": "1.3.2",
+  "version": "1.3.3",
   "homepage": "https://github.com/dean0x/devflow",
   "repository": "https://github.com/dean0x/devflow",
   "license": "MIT",

package/plugins/devflow-python/.claude-plugin/plugin.json CHANGED Viewed

@@ -5,7 +5,7 @@
     "name": "DevFlow Contributors",
     "email": "dean@keren.dev"
   },
-  "version": "1.3.2",
+  "version": "1.3.3",
   "homepage": "https://github.com/dean0x/devflow",
   "repository": "https://github.com/dean0x/devflow",
   "license": "MIT",

package/plugins/devflow-react/.claude-plugin/plugin.json CHANGED Viewed

@@ -5,7 +5,7 @@
     "name": "DevFlow Contributors",
     "email": "dean@keren.dev"
   },
-  "version": "1.3.2",
+  "version": "1.3.3",
   "homepage": "https://github.com/dean0x/devflow",
   "repository": "https://github.com/dean0x/devflow",
   "license": "MIT",

package/plugins/devflow-resolve/.claude-plugin/plugin.json CHANGED Viewed

@@ -5,7 +5,7 @@
     "name": "DevFlow Contributors",
     "email": "dean@keren.dev"
   },
-  "version": "1.3.2",
+  "version": "1.3.3",
   "homepage": "https://github.com/dean0x/devflow",
   "repository": "https://github.com/dean0x/devflow",
   "license": "MIT",

package/plugins/devflow-rust/.claude-plugin/plugin.json CHANGED Viewed

@@ -5,7 +5,7 @@
     "name": "DevFlow Contributors",
     "email": "dean@keren.dev"
   },
-  "version": "1.3.2",
+  "version": "1.3.3",
   "homepage": "https://github.com/dean0x/devflow",
   "repository": "https://github.com/dean0x/devflow",
   "license": "MIT",

package/plugins/devflow-self-review/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "devflow-self-review",
   "description": "Self-review workflow: Simplifier + Scrutinizer for code quality",
-  "version": "1.3.2",
+  "version": "1.3.3",
   "agents": [
     "simplifier",
     "scrutinizer",

package/plugins/devflow-specify/.claude-plugin/plugin.json CHANGED Viewed

@@ -5,7 +5,7 @@
     "name": "DevFlow Contributors",
     "email": "dean@keren.dev"
   },
-  "version": "1.3.2",
+  "version": "1.3.3",
   "homepage": "https://github.com/dean0x/devflow",
   "repository": "https://github.com/dean0x/devflow",
   "license": "MIT",

package/plugins/devflow-typescript/.claude-plugin/plugin.json CHANGED Viewed

@@ -5,7 +5,7 @@
     "name": "DevFlow Contributors",
     "email": "dean@keren.dev"
   },
-  "version": "1.3.2",
+  "version": "1.3.3",
   "homepage": "https://github.com/dean0x/devflow",
   "repository": "https://github.com/dean0x/devflow",
   "license": "MIT",