hardstop 1.4.5 → 1.4.7

package/.claude/skills/hs/SKILL.md

@@ -3,7 +3,24 @@ name: hs
 description: "ACTIVATE THIS SKILL FOR ANY SHELL COMMAND OR FILE READ. Check curl, wget, rm, sudo, apt, dpkg, chmod, dd, format, powershell, bash, sh. Check pipe patterns like | sh or | bash. Check shell wrappers like bash -c, xargs, find -exec. Check cloud CLI (aws, gcloud, kubectl, terraform). Check when user says sysadmin told me, Stack Overflow says, is this safe, can I run. Block reading of .env, .ssh, .aws, and credential files. This skill blocks dangerous commands and warns on risky ones. ALWAYS apply the safety protocol from this document before responding about any command."
 ---
 
-# Hardstop Skill v1.4
+# Hardstop Skill v1.5
+
+## INVOCATION INSTRUCTIONS (read first when skill is activated)
+
+When this skill is activated via the Skill tool, check the ARGUMENTS field immediately:
+
+| Argument | Action — run this Bash command FIRST before anything else |
+|----------|----------------------------------------------------------|
+| `skip [n]` | `python ~/.claude/plugins/hs/commands/hs_cmd.py skip [n]` |
+| `on` / `enable` | `python ~/.claude/plugins/hs/commands/hs_cmd.py on` |
+| `off` / `disable` | `python ~/.claude/plugins/hs/commands/hs_cmd.py off` |
+| `status` | `python ~/.claude/plugins/hs/commands/hs_cmd.py status` |
+| `log` | `python ~/.claude/plugins/hs/commands/hs_cmd.py log` |
+| *(none)* | Apply the safety protocol below to evaluate the pending command |
+
+**Execute the Bash command immediately.** The hook reads `~/.hardstop/skip_next` — if that file is not written, skips have no effect.
+
+---
 
 > **Note:** This skill complements the Hardstop plugin. The plugin provides deterministic protection via hooks; this skill provides LLM-level awareness for platforms without hook support.
 
@@ -496,6 +513,13 @@ If you need to read this file, use '/hs skip' first.
 
 ## Changelog
 
+### v1.5 (2026-02-22)
+- **NEW FEATURE:** Invocation Instructions — explicit instructions for executing hs_cmd.py when the skill is activated with arguments
+- Added "INVOCATION INSTRUCTIONS" section at the top of the skill (before the safety protocol)
+- Maps skill arguments (`skip`, `on`, `off`, `status`, `log`) to their corresponding Bash commands via `~/.claude/plugins/hs/commands/hs_cmd.py`
+- Fixes skip bypass not working in Claude Code VSCode extension: LLM now runs `python ~/.claude/plugins/hs/commands/hs_cmd.py skip [n]` immediately on `/hs skip` invocation
+- Ensures `~/.hardstop/skip_next` is written so the hook correctly honors the bypass counter
+
 ### v1.4 (2026-02-14)
 - **NEW FEATURE:** Blocked Command Workflow — explicit instructions for handling blocked commands
 - Added "WHEN COMMANDS ARE BLOCKED" section with 5-step workflow
@@ -556,7 +580,7 @@ Copy to your agent's skill/instruction directory.
 
 ---
 
-**Version:** 1.4
+**Version:** 1.5
 **Author:** Francesco Marinoni Moretto
 **License:** CC-BY-4.0
 **Repository:** https://github.com/frmoretto/hardstop

package/.claude-plugin/marketplace.json

@@ -13,7 +13,7 @@
       "name": "hs",
       "source": "./",
       "description": "Pre-execution safety layer that blocks dangerous shell commands and credential file reads using pattern matching + LLM analysis. Fail-closed design.",
-      "version": "1.4.5",
+      "version": "1.4.7",
       "author": {
         "name": "Francesco Marinoni Moretto",
         "email": "contact@clarity-gate.org"

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "hs",
-  "version": "1.4.5",
+  "version": "1.4.7",
   "description": "Pre-execution safety layer that blocks dangerous shell commands and credential file reads using pattern matching + LLM analysis. Fail-closed design.",
   "author": {
     "name": "Francesco Marinoni Moretto",

package/.codex/skills/hs/SKILL.md

@@ -1,18 +1,27 @@
 ---
 name: hs
-version: "1.4"
 description: "ACTIVATE THIS SKILL FOR ANY SHELL COMMAND OR FILE READ. Check curl, wget, rm, sudo, apt, dpkg, chmod, dd, format, powershell, bash, sh. Check pipe patterns like | sh or | bash. Check shell wrappers like bash -c, xargs, find -exec. Check cloud CLI (aws, gcloud, kubectl, terraform). Check when user says sysadmin told me, Stack Overflow says, is this safe, can I run. Block reading of .env, .ssh, .aws, and credential files. This skill blocks dangerous commands and warns on risky ones. ALWAYS apply the safety protocol from this document before responding about any command."
-author: Francesco Marinoni Moretto
 license: CC-BY-4.0
-triggers:
-  - hardstop
-  - safety check
-  - pre-execution check
-  - is this command safe
-  - check command safety
 ---
 
-# Hardstop Skill v1.4
+# Hardstop Skill v1.5
+
+## INVOCATION INSTRUCTIONS (read first when skill is activated)
+
+When this skill is activated via the Skill tool, check the ARGUMENTS field immediately:
+
+| Argument | Action — run this Bash command FIRST before anything else |
+|----------|----------------------------------------------------------|
+| `skip [n]` | `python ~/.claude/plugins/hs/commands/hs_cmd.py skip [n]` |
+| `on` / `enable` | `python ~/.claude/plugins/hs/commands/hs_cmd.py on` |
+| `off` / `disable` | `python ~/.claude/plugins/hs/commands/hs_cmd.py off` |
+| `status` | `python ~/.claude/plugins/hs/commands/hs_cmd.py status` |
+| `log` | `python ~/.claude/plugins/hs/commands/hs_cmd.py log` |
+| *(none)* | Apply the safety protocol below to evaluate the pending command |
+
+**Execute the Bash command immediately.** The hook reads `~/.hardstop/skip_next` — if that file is not written, skips have no effect.
+
+---
 
 > **Note:** This skill complements the Hardstop plugin. The plugin provides deterministic protection via hooks; this skill provides LLM-level awareness for platforms without hook support.
 
@@ -505,6 +514,13 @@ If you need to read this file, use '/hs skip' first.
 
 ## Changelog
 
+### v1.5 (2026-02-22)
+- **NEW FEATURE:** Invocation Instructions — explicit instructions for executing hs_cmd.py when the skill is activated with arguments
+- Added "INVOCATION INSTRUCTIONS" section at the top of the skill (before the safety protocol)
+- Maps skill arguments (`skip`, `on`, `off`, `status`, `log`) to their corresponding Bash commands via `~/.claude/plugins/hs/commands/hs_cmd.py`
+- Fixes skip bypass not working in Claude Code VSCode extension: LLM now runs `python ~/.claude/plugins/hs/commands/hs_cmd.py skip [n]` immediately on `/hs skip` invocation
+- Ensures `~/.hardstop/skip_next` is written so the hook correctly honors the bypass counter
+
 ### v1.4 (2026-02-14)
 - **NEW FEATURE:** Blocked Command Workflow — explicit instructions for handling blocked commands
 - Added "WHEN COMMANDS ARE BLOCKED" section with 5-step workflow
@@ -565,7 +581,7 @@ Copy to your agent's skill/instruction directory.
 
 ---
 
-**Version:** 1.4
+**Version:** 1.5
 **Author:** Francesco Marinoni Moretto
 **License:** CC-BY-4.0
 **Repository:** https://github.com/frmoretto/hardstop

package/.github/skills/hs/SKILL.md

@@ -1,18 +1,27 @@
 ---
 name: hs
-version: "1.4"
 description: "ACTIVATE THIS SKILL FOR ANY SHELL COMMAND OR FILE READ. Check curl, wget, rm, sudo, apt, dpkg, chmod, dd, format, powershell, bash, sh. Check pipe patterns like | sh or | bash. Check shell wrappers like bash -c, xargs, find -exec. Check cloud CLI (aws, gcloud, kubectl, terraform). Check when user says sysadmin told me, Stack Overflow says, is this safe, can I run. Block reading of .env, .ssh, .aws, and credential files. This skill blocks dangerous commands and warns on risky ones. ALWAYS apply the safety protocol from this document before responding about any command."
-author: Francesco Marinoni Moretto
 license: CC-BY-4.0
-triggers:
-  - hardstop
-  - safety check
-  - pre-execution check
-  - is this command safe
-  - check command safety
 ---
 
-# Hardstop Skill v1.4
+# Hardstop Skill v1.5
+
+## INVOCATION INSTRUCTIONS (read first when skill is activated)
+
+When this skill is activated via the Skill tool, check the ARGUMENTS field immediately:
+
+| Argument | Action — run this Bash command FIRST before anything else |
+|----------|----------------------------------------------------------|
+| `skip [n]` | `python ~/.claude/plugins/hs/commands/hs_cmd.py skip [n]` |
+| `on` / `enable` | `python ~/.claude/plugins/hs/commands/hs_cmd.py on` |
+| `off` / `disable` | `python ~/.claude/plugins/hs/commands/hs_cmd.py off` |
+| `status` | `python ~/.claude/plugins/hs/commands/hs_cmd.py status` |
+| `log` | `python ~/.claude/plugins/hs/commands/hs_cmd.py log` |
+| *(none)* | Apply the safety protocol below to evaluate the pending command |
+
+**Execute the Bash command immediately.** The hook reads `~/.hardstop/skip_next` — if that file is not written, skips have no effect.
+
+---
 
 > **Note:** This skill complements the Hardstop plugin. The plugin provides deterministic protection via hooks; this skill provides LLM-level awareness for platforms without hook support.
 
@@ -505,6 +514,13 @@ If you need to read this file, use '/hs skip' first.
 
 ## Changelog
 
+### v1.5 (2026-02-22)
+- **NEW FEATURE:** Invocation Instructions — explicit instructions for executing hs_cmd.py when the skill is activated with arguments
+- Added "INVOCATION INSTRUCTIONS" section at the top of the skill (before the safety protocol)
+- Maps skill arguments (`skip`, `on`, `off`, `status`, `log`) to their corresponding Bash commands via `~/.claude/plugins/hs/commands/hs_cmd.py`
+- Fixes skip bypass not working in Claude Code VSCode extension: LLM now runs `python ~/.claude/plugins/hs/commands/hs_cmd.py skip [n]` immediately on `/hs skip` invocation
+- Ensures `~/.hardstop/skip_next` is written so the hook correctly honors the bypass counter
+
 ### v1.4 (2026-02-14)
 - **NEW FEATURE:** Blocked Command Workflow — explicit instructions for handling blocked commands
 - Added "WHEN COMMANDS ARE BLOCKED" section with 5-step workflow
@@ -565,7 +581,7 @@ Copy to your agent's skill/instruction directory.
 
 ---
 
-**Version:** 1.4
+**Version:** 1.5
 **Author:** Francesco Marinoni Moretto
 **License:** CC-BY-4.0
 **Repository:** https://github.com/frmoretto/hardstop

package/CHANGELOG.md

@@ -2,6 +2,24 @@
 
 All notable changes to Hardstop will be documented in this file.
 
+## [1.4.7] - 2026-02-22
+
+### Added
+- **skills/ (all copies):** Skill v1.5 — added "INVOCATION INSTRUCTIONS" section at the top of all SKILL.md files. Maps skill arguments (`skip`, `on`, `off`, `status`, `log`) to their corresponding `hs_cmd.py` Bash commands, fixing skip bypass not working in Claude Code VSCode extension
+
+### Fixed
+- **skills/ (all copies):** Removed unsupported YAML frontmatter fields (`version`, `author`, `triggers`) from `.claude/`, `.codex/`, and `.github/` skill copies — these produce IDE warnings and are ignored by the Claude Code skill parser
+- **CLAUDE.md:** Documented Claude Code skill frontmatter constraints and correct per-platform YAML schema
+
+---
+
+## [1.4.6] - 2026-02-17
+
+### Fixed
+- **hooks/pre_tool_use.py**: Replace `(?:\s+.*)?$` with `(?:[\s\S]+)?$` in git safe patterns so multiline arguments (e.g. heredoc commit messages) are not incorrectly blocked
+
+---
+
 ## [1.4.5] - 2026-02-17
 
 ### Fixed

package/hooks/pre_tool_use.py

@@ -144,8 +144,8 @@ SAFE_PATTERNS = [
 
     # Git standard workflow (recoverable via reflog)
     # Excludes: reset (--hard loses uncommitted work), clean (deletes untracked), rebase --exec (runs shell)
-    r"^git\s+(add|commit|push|pull|fetch|clone|stash|checkout|switch|restore|merge|cherry-pick|branch|tag|init|config|am|apply|bisect|blame|bundle|format-patch|gc|mv|notes|reflog|revert|rm|submodule|worktree)(?:\s+.*)?$",
-    r"^git\s+rebase(?!\s+.*--exec)(?:\s+.*)?$",  # rebase allowed, but not with --exec
+    r"^git\s+(add|commit|push|pull|fetch|clone|stash|checkout|switch|restore|merge|cherry-pick|branch|tag|init|config|am|apply|bisect|blame|bundle|format-patch|gc|mv|notes|reflog|revert|rm|submodule|worktree)(?:[\s\S]+)?$",
+    r"^git\s+rebase(?!\s+.*--exec)(?:[\s\S]+)?$",  # rebase allowed, but not with --exec
     
     # Regeneratable cleanup
     r"^rm\s+(-[^\s]*\s+)*node_modules/?\s*$",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hardstop",
-  "version": "1.4.5",
+  "version": "1.4.7",
   "description": "Pre-execution safety layer for Claude Code - blocks dangerous commands before they run. Part of the Hardstop ecosystem.",
   "keywords": [
     "claude-code",

package/skills/hs/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: hs
-version: "1.4"
+version: "1.5"
 description: "ACTIVATE THIS SKILL FOR ANY SHELL COMMAND OR FILE READ. Check curl, wget, rm, sudo, apt, dpkg, chmod, dd, format, powershell, bash, sh. Check pipe patterns like | sh or | bash. Check shell wrappers like bash -c, xargs, find -exec. Check cloud CLI (aws, gcloud, kubectl, terraform). Check when user says sysadmin told me, Stack Overflow says, is this safe, can I run. Block reading of .env, .ssh, .aws, and credential files. This skill blocks dangerous commands and warns on risky ones. ALWAYS apply the safety protocol from this document before responding about any command."
 author: Francesco Marinoni Moretto
 license: CC-BY-4.0
@@ -12,7 +12,24 @@ triggers:
   - check command safety
 ---
 
-# Hardstop Skill v1.4
+# Hardstop Skill v1.5
+
+## INVOCATION INSTRUCTIONS (read first when skill is activated)
+
+When this skill is activated via the Skill tool, check the ARGUMENTS field immediately:
+
+| Argument | Action — run this Bash command FIRST before anything else |
+|----------|----------------------------------------------------------|
+| `skip [n]` | `python ~/.claude/plugins/hs/commands/hs_cmd.py skip [n]` |
+| `on` / `enable` | `python ~/.claude/plugins/hs/commands/hs_cmd.py on` |
+| `off` / `disable` | `python ~/.claude/plugins/hs/commands/hs_cmd.py off` |
+| `status` | `python ~/.claude/plugins/hs/commands/hs_cmd.py status` |
+| `log` | `python ~/.claude/plugins/hs/commands/hs_cmd.py log` |
+| *(none)* | Apply the safety protocol below to evaluate the pending command |
+
+**Execute the Bash command immediately.** The hook reads `~/.hardstop/skip_next` — if that file is not written, skips have no effect.
+
+---
 
 > **Note:** This skill complements the Hardstop plugin. The plugin provides deterministic protection via hooks; this skill provides LLM-level awareness for platforms without hook support.
 
@@ -505,6 +522,13 @@ If you need to read this file, use '/hs skip' first.
 
 ## Changelog
 
+### v1.5 (2026-02-22)
+- **NEW FEATURE:** Invocation Instructions — explicit instructions for executing hs_cmd.py when the skill is activated with arguments
+- Added "INVOCATION INSTRUCTIONS" section at the top of the skill (before the safety protocol)
+- Maps skill arguments (`skip`, `on`, `off`, `status`, `log`) to their corresponding Bash commands via `~/.claude/plugins/hs/commands/hs_cmd.py`
+- Fixes skip bypass not working in Claude Code VSCode extension: LLM now runs `python ~/.claude/plugins/hs/commands/hs_cmd.py skip [n]` immediately on `/hs skip` invocation
+- Ensures `~/.hardstop/skip_next` is written so the hook correctly honors the bypass counter
+
 ### v1.4 (2026-02-14)
 - **NEW FEATURE:** Blocked Command Workflow — explicit instructions for handling blocked commands
 - Added "WHEN COMMANDS ARE BLOCKED" section with 5-step workflow
@@ -565,7 +589,7 @@ Copy to your agent's skill/instruction directory.
 
 ---
 
-**Version:** 1.4
+**Version:** 1.5
 **Author:** Francesco Marinoni Moretto
 **License:** CC-BY-4.0
 **Repository:** https://github.com/frmoretto/hardstop