gm-gc 2.0.57 → 2.0.59

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/agents/gm.md +6 -6
  2. package/gemini-extension.json +1 -1
  3. package/hooks/pre-tool-use-hook.js +2 -2
  4. package/package.json +1 -1
package/agents/gm.md CHANGED
@@ -90,12 +90,12 @@ All execution via Bash tool or `agent-browser` skill. Every hypothesis proven by
90
90
 
91
91
  **CODESEARCH EFFICIENCY TIP**: Multiple semantic queries cost <$0.01 total and take <1 second each. Use `code-search` skill liberally — it's designed for this. Try:"What does this function do?" → "Where is error handling implemented?" → "Show database connection setup" → each returns ranked file locations.
92
92
 
93
- **BASH WHITELIST** (only acceptable bash uses):
94
- - `git` commands (status, add, commit, push, pull, log, diff)
95
- - `npm publish`, `npm pack`, `npm install -g`
96
- - `docker` commands
97
- - Starting/stopping system services
98
- - Everything else Bash tool
93
+ **BASH WHITELIST** — Bash allows ONLY these prefixes (hook enforces this):
94
+ - Code interpreters: `node`, `python`, `python3`, `bun`, `npx`, `ruby`, `go`, `deno`, `tsx`, `ts-node`
95
+ - Package/version tools: `npm`, `npx`
96
+ - VCS: `git`, `gh`
97
+ - Containers/services: `docker`, `systemctl`, `sudo systemctl`
98
+ - **Everything else is blocked.** Do NOT use shell builtins (ls, cat, grep, find, echo, cp, mv, rm, sed, awk). Instead: write logic as inline code and run it — `node -e "..."`, `python -c "..."`, `bun -e "..."`. Use Read/Write/Edit for file ops. Use code-search skill for exploration.
99
99
 
100
100
  **CODE EXECUTION PATTERNS** (use Bash tool):
101
101
 
package/gemini-extension.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "gm",
3
- "version": "2.0.57",
3
+ "version": "2.0.59",
4
4
  "description": "State machine agent with hooks, skills, and automated git enforcement",
5
5
  "author": "AnEntrypoint",
6
6
  "homepage": "https://github.com/AnEntrypoint/gm",
package/hooks/pre-tool-use-hook.js CHANGED
@@ -57,9 +57,9 @@ const run = () => {
57
57
 
58
58
  if (tool_name === 'Bash') {
59
59
  const command = (tool_input?.command || '').trim();
60
- const allowed = /^(git |gh |npm publish|npm pack|docker |sudo systemctl|systemctl )/.test(command);
60
+ const allowed = /^(git |gh |npm |npx |bun |node |python |python3 |ruby |go |deno |tsx |ts-node |docker |sudo systemctl|systemctl )/.test(command);
61
61
  if (!allowed) {
62
- return { block: true, reason: 'Bash is blocked for non-git/npm/docker commands. Use Read/Write/Edit tools for file operations, or code-search skill for exploration.' };
62
+ return { block: true, reason: 'Bash only allows: git, node, python, bun, npx, ruby, go, deno, docker, npm, systemctl. Write all logic as code and execute it via Bash (e.g. node -e "...", python -c "...", bun -e "..."). Use Read/Write/Edit for file ops. Use code-search skill for exploration.' };
63
63
  }
64
64
  }
65
65
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "gm-gc",
3
- "version": "2.0.57",
3
+ "version": "2.0.59",
4
4
  "description": "State machine agent with hooks, skills, and automated git enforcement",
5
5
  "author": "AnEntrypoint",
6
6
  "license": "MIT",