npm - hardstop - Versions diffs - 1.4.2 → 1.4.4 - Mend

hardstop 1.4.2 → 1.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/.claude-plugin/marketplace.json +30 -64
package/.claude-plugin/plugin.json +2 -5
package/CHANGELOG.md +29 -0
package/README.md +5 -2
package/bin/install.js +1 -1
package/bin/postinstall.js +10 -0
package/commands/hs.md +1 -1
package/commands/hs_cmd.py +5 -0
package/commands/skip.md +1 -1
package/hooks/pre_tool_use.py +13 -0
package/package.json +2 -2
package/skills/hs/SKILL.md +1 -1

package/.claude-plugin/marketplace.json CHANGED Viewed

@@ -1,72 +1,38 @@
 {
-  "$schema": "https://claude.ai/schemas/plugin-manifest-v1.json",
   "name": "hardstop",
-  "version": "1.4.2",
-  "description": "Pre-execution safety layer that blocks dangerous shell commands and credential file reads using pattern matching + LLM analysis. Fail-closed design.",
-  "author": "Francesco Marinoni Moretto",
-  "license": "CC-BY-4.0",
-  "repository": "https://github.com/frmoretto/hardstop",
-  "homepage": "https://github.com/frmoretto/hardstop",
-  "keywords": [
-    "hardstop",
-    "safety",
-    "security",
-    "pre-execution",
-    "shell",
-    "bash",
-    "powershell",
-    "command-blocking",
-    "ai-safety",
-    "guardrails"
-  ],
-  "skills": [
-    {
-      "name": "hs",
-      "path": "skills/hs/SKILL.md",
-      "triggers": [
-        "hardstop",
-        "safety check",
-        "pre-execution check",
-        "is this command safe",
-        "check command safety"
-      ]
-    }
-  ],
-  "hooks": {
-    "PreToolUse": [
-      {
-        "matcher": "Bash",
-        "command": "python hooks/pre_tool_use.py",
-        "description": "Pre-execution safety verification for shell commands"
-      },
-      {
-        "matcher": "PowerShell",
-        "command": "python hooks/pre_tool_use.py",
-        "description": "Pre-execution safety verification for PowerShell commands"
-      },
-      {
-        "matcher": "Read",
-        "command": "python hooks/pre_read.py",
-        "description": "Pre-read credential file protection"
-      }
-    ]
+  "metadata": {
+    "description": "Pre-execution safety layer for Claude Code",
+    "version": "1.0.0"
   },
-  "commands": [
+  "owner": {
+    "name": "Francesco Marinoni Moretto",
+    "email": "contact@clarity-gate.org"
+  },
+  "plugins": [
     {
       "name": "hs",
-      "aliases": ["hardstop"],
-      "description": "Control Hardstop plugin",
-      "subcommands": [
-        {"name": "on", "description": "Enable protection"},
-        {"name": "off", "description": "Disable protection"},
-        {"name": "skip", "description": "Skip next N commands (default 1)"},
-        {"name": "status", "description": "Show current state"},
-        {"name": "log", "description": "View audit log"}
+      "source": "./",
+      "description": "Pre-execution safety layer that blocks dangerous shell commands and credential file reads using pattern matching + LLM analysis. Fail-closed design.",
+      "version": "1.4.4",
+      "author": {
+        "name": "Francesco Marinoni Moretto",
+        "email": "contact@clarity-gate.org"
+      },
+      "homepage": "https://github.com/frmoretto/hardstop",
+      "repository": "https://github.com/frmoretto/hardstop",
+      "license": "CC-BY-4.0",
+      "keywords": [
+        "safety",
+        "security",
+        "pre-execution",
+        "shell",
+        "bash",
+        "powershell",
+        "command-blocking",
+        "ai-safety",
+        "guardrails",
+        "fail-closed"
       ]
     }
-  ],
-  "compatibility": {
-    "claude-code": ">=1.0.0",
-    "claude-desktop": ">=1.0.0"
-  }
+  ]
 }

package/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,16 +1,13 @@
 {
   "name": "hs",
-  "version": "1.4.2",
+  "version": "1.4.4",
   "description": "Pre-execution safety layer that blocks dangerous shell commands and credential file reads using pattern matching + LLM analysis. Fail-closed design.",
   "author": {
     "name": "Francesco Marinoni Moretto",
     "email": "contact@clarity-gate.org"
   },
   "homepage": "https://github.com/frmoretto/hardstop",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/frmoretto/hardstop.git"
-  },
+  "repository": "https://github.com/frmoretto/hardstop",
   "license": "CC-BY-4.0",
   "keywords": [
     "safety",

package/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,35 @@
 All notable changes to Hardstop will be documented in this file.
+## [1.4.4] - 2026-02-17
+### Fixed
+- **commands/hs.md**: Pass `$ARGUMENTS` instead of hardcoded `skip` for skip/bypass handler, so `hs bypass` correctly forwards the argument
+- **commands/skip.md**: Forward `$ARGUMENTS` to `hs_cmd.py` so `/skip` passes through any user-supplied arguments
+---
+## [1.4.3] - 2026-02-14
+### Growth Features
+Adds GitHub star calls-to-action at key user touchpoints.
+### Added
+- **bin/postinstall.js**: Post-install message with GitHub star CTA
+  - Shows after `npm install hardstop`
+  - Welcomes users and directs to quick start
+- **hooks/pre_tool_use.py**: First-block celebration message
+  - Shows once per installation after first blocked command
+  - "🎉 Hardstop just protected you!" with star link
+- **commands/hs_cmd.py**: GitHub star CTA in `/hs status` output
+  - Reminds users to star when checking status
+- **README.md**: GitHub stars badge and prominent CTA
+  - Social proof badge showing current star count
+  - "👉 Star on GitHub if Hardstop keeps you safe!"
+---
 ## [1.4.2] - 2026-02-14
 ### UX Workflow Enhancement & Ecosystem Cross-Links

package/README.md CHANGED Viewed

@@ -2,6 +2,7 @@
 [![npm version](https://img.shields.io/npm/v/hardstop.svg)](https://www.npmjs.com/package/hardstop)
 [![npm downloads](https://img.shields.io/npm/dm/hardstop.svg)](https://www.npmjs.com/package/hardstop)
+[![GitHub stars](https://img.shields.io/github/stars/frmoretto/hardstop?style=social)](https://github.com/frmoretto/hardstop/stargazers)
 [![license](https://img.shields.io/npm/l/hardstop.svg)](LICENSE)
 [![node](https://img.shields.io/node/v/hardstop.svg)](https://www.npmjs.com/package/hardstop)
 [![Tests](https://github.com/frmoretto/hardstop/workflows/Tests/badge.svg)](https://github.com/frmoretto/hardstop/actions/workflows/test.yml)
@@ -10,6 +11,8 @@
 [![Platform](https://img.shields.io/badge/platform-macOS_%7C_Linux_%7C_Windows-lightgrey)](https://github.com/frmoretto/hardstop)
 [![SLSA Provenance](https://img.shields.io/badge/SLSA-Build_Provenance-green?logo=sigstore)](https://github.com/frmoretto/hardstop/attestations)
+> 👉 **[⭐ Star on GitHub](https://github.com/frmoretto/hardstop)** if Hardstop keeps you safe!
 Pre-execution safety validation for AI coding agents. Validates every shell command against 428 security patterns before execution — blocking destructive operations, credential theft, infrastructure teardown, and prompt injection. Fail-closed: blocks by default when uncertain.
 **Ecosystem:** The detection patterns are published separately as [hardstop-patterns](https://www.npmjs.com/package/hardstop-patterns) ([GitHub](https://github.com/frmoretto/hardstop-patterns)) — reusable in any Node.js tool.
@@ -46,7 +49,7 @@ $ Read ~/.aws/credentials
 # You check the status
 $ /hs status
-Hardstop v1.4.2
+Hardstop v1.4.3
   Status:      🟢 Enabled
   Session Risk: Moderate (35/100)
   Blocked: 2 commands this session
@@ -154,7 +157,7 @@ powershell -ExecutionPolicy Bypass -File install.ps1
 You should see:
 ```
-Hardstop v1.4.2
+Hardstop v1.4.3
   Status:      🟢 Enabled
   Session Risk: Low (0/100)
   262 patterns loaded (MITRE ATT&CK mapped)

package/bin/install.js CHANGED Viewed

@@ -263,7 +263,7 @@ function getVersion() {
   } catch (e) {
     // Ignore errors
   }
-  return 'v1.4.2';
+  return 'v1.4.3';
 }
 // Main installation flow

package/bin/postinstall.js ADDED Viewed

@@ -0,0 +1,10 @@
+#!/usr/bin/env node
+console.log('\n✅ Hardstop installed successfully!\n');
+console.log('🛡️  Your commands are now protected.\n');
+console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
+console.log('⭐ Star us on GitHub:');
+console.log('   https://github.com/frmoretto/hardstop\n');
+console.log('📚 Quick start: npx hardstop install');
+console.log('📖 Documentation: https://github.com/frmoretto/hardstop#readme');
+console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n');

package/commands/hs.md CHANGED Viewed

@@ -40,7 +40,7 @@ python "${CLAUDE_PLUGIN_ROOT}/commands/hs_cmd.py" off
 ### If argument is "skip" or "bypass":
 Use `/skip` command instead, or run:
 ```bash
-python "${CLAUDE_PLUGIN_ROOT}/commands/hs_cmd.py" skip
+python "${CLAUDE_PLUGIN_ROOT}/commands/hs_cmd.py" $ARGUMENTS
 ```
 ### If argument is "log" or "logs" or "audit":

package/commands/hs_cmd.py CHANGED Viewed

@@ -153,6 +153,11 @@ def cmd_status():
         except Exception:
             pass
+    # GitHub star CTA
+    print()
+    print("  ⭐ Enjoying Hardstop? Star us on GitHub!")
+    print("     https://github.com/frmoretto/hardstop")
 def cmd_log():
     """Show recent audit log entries."""

package/commands/skip.md CHANGED Viewed

@@ -12,7 +12,7 @@ Set a one-time bypass flag so the next shell command skips the safety check.
 Run this command to set the skip flag:
 ```bash
-python "${CLAUDE_PLUGIN_ROOT}/commands/hs_cmd.py" skip
+python "${CLAUDE_PLUGIN_ROOT}/commands/hs_cmd.py" skip $ARGUMENTS
 ```
 Then inform the user that the next command will bypass safety checks, but protection will resume automatically after that.

package/hooks/pre_tool_use.py CHANGED Viewed

@@ -788,6 +788,19 @@ def block_command(message: str, command: str, layer: str, cwd: str, pattern_data
         }
     print(json.dumps(output))
+    # Show first-block message (once per installation)
+    first_block_file = STATE_DIR / "first_block_shown"
+    if not first_block_file.exists():
+        try:
+            print("\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━", file=sys.stderr)
+            print("🎉 Hardstop just protected you from a dangerous command!", file=sys.stderr)
+            print("⭐ Enjoying it? Star us: https://github.com/frmoretto/hardstop", file=sys.stderr)
+            print("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n", file=sys.stderr)
+            first_block_file.touch()
+        except:
+            pass  # Don't fail if we can't write
     sys.exit(0)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "hardstop",
-  "version": "1.4.2",
+  "version": "1.4.4",
   "description": "Pre-execution safety layer for Claude Code - blocks dangerous commands before they run. Part of the Hardstop ecosystem.",
   "keywords": [
     "claude-code",
@@ -61,7 +61,7 @@
   },
   "scripts": {
     "test": "echo \"Use pytest for testing: cd hardstop && pytest tests/\"",
-    "postinstall": "echo \"Run 'npx hardstop install' to install the plugin\""
+    "postinstall": "node bin/postinstall.js"
   },
   "dependencies": {},
   "devDependencies": {}

package/skills/hs/SKILL.md CHANGED Viewed

@@ -1,6 +1,6 @@
 ---
 name: hs
-version: "1.3"
+version: "1.4"
 description: "ACTIVATE THIS SKILL FOR ANY SHELL COMMAND OR FILE READ. Check curl, wget, rm, sudo, apt, dpkg, chmod, dd, format, powershell, bash, sh. Check pipe patterns like | sh or | bash. Check shell wrappers like bash -c, xargs, find -exec. Check cloud CLI (aws, gcloud, kubectl, terraform). Check when user says sysadmin told me, Stack Overflow says, is this safe, can I run. Block reading of .env, .ssh, .aws, and credential files. This skill blocks dangerous commands and warns on risky ones. ALWAYS apply the safety protocol from this document before responding about any command."
 author: Francesco Marinoni Moretto
 license: CC-BY-4.0