hardstop 1.4.6 → 1.4.9

package/.claude/skills/hs/SKILL.md

@@ -3,7 +3,26 @@ name: hs
 description: "ACTIVATE THIS SKILL FOR ANY SHELL COMMAND OR FILE READ. Check curl, wget, rm, sudo, apt, dpkg, chmod, dd, format, powershell, bash, sh. Check pipe patterns like | sh or | bash. Check shell wrappers like bash -c, xargs, find -exec. Check cloud CLI (aws, gcloud, kubectl, terraform). Check when user says sysadmin told me, Stack Overflow says, is this safe, can I run. Block reading of .env, .ssh, .aws, and credential files. This skill blocks dangerous commands and warns on risky ones. ALWAYS apply the safety protocol from this document before responding about any command."
 ---
 
-# Hardstop Skill v1.4
+# Hardstop Skill v1.5
+
+## INVOCATION INSTRUCTIONS (read first when skill is activated)
+
+When this skill is activated via the Skill tool, check the ARGUMENTS field immediately:
+
+| Argument | Action — run this Bash command FIRST before anything else |
+|----------|----------------------------------------------------------|
+| `skip [n]` | `python ~/.claude/plugins/hs/commands/hs_cmd.py skip [n]` |
+| `on` / `enable` | `python ~/.claude/plugins/hs/commands/hs_cmd.py on` |
+| `off` / `disable` | `python ~/.claude/plugins/hs/commands/hs_cmd.py off` |
+| `status` | `python ~/.claude/plugins/hs/commands/hs_cmd.py status` |
+| `log` | `python ~/.claude/plugins/hs/commands/hs_cmd.py log` |
+| *(none)* | Apply the safety protocol below to evaluate the pending command |
+
+**Execute the Bash command immediately.** The hook reads `~/.hardstop/skip_next` — if that file is not written, skips have no effect.
+
+> **Path note:** Commands above assume the default install location. If Hardstop was installed with `CLAUDE_CONFIG_DIR` set, replace `~/.claude` in the paths with that directory.
+
+---
 
 > **Note:** This skill complements the Hardstop plugin. The plugin provides deterministic protection via hooks; this skill provides LLM-level awareness for platforms without hook support.
 
@@ -496,6 +515,13 @@ If you need to read this file, use '/hs skip' first.
 
 ## Changelog
 
+### v1.5 (2026-02-22)
+- **NEW FEATURE:** Invocation Instructions — explicit instructions for executing hs_cmd.py when the skill is activated with arguments
+- Added "INVOCATION INSTRUCTIONS" section at the top of the skill (before the safety protocol)
+- Maps skill arguments (`skip`, `on`, `off`, `status`, `log`) to their corresponding Bash commands via `~/.claude/plugins/hs/commands/hs_cmd.py`
+- Fixes skip bypass not working in Claude Code VSCode extension: LLM now runs `python ~/.claude/plugins/hs/commands/hs_cmd.py skip [n]` immediately on `/hs skip` invocation
+- Ensures `~/.hardstop/skip_next` is written so the hook correctly honors the bypass counter
+
 ### v1.4 (2026-02-14)
 - **NEW FEATURE:** Blocked Command Workflow — explicit instructions for handling blocked commands
 - Added "WHEN COMMANDS ARE BLOCKED" section with 5-step workflow
@@ -556,7 +582,7 @@ Copy to your agent's skill/instruction directory.
 
 ---
 
-**Version:** 1.4
+**Version:** 1.5
 **Author:** Francesco Marinoni Moretto
 **License:** CC-BY-4.0
 **Repository:** https://github.com/frmoretto/hardstop

package/.claude-plugin/marketplace.json

@@ -13,7 +13,7 @@
       "name": "hs",
       "source": "./",
       "description": "Pre-execution safety layer that blocks dangerous shell commands and credential file reads using pattern matching + LLM analysis. Fail-closed design.",
-      "version": "1.4.6",
+      "version": "1.4.9",
       "author": {
         "name": "Francesco Marinoni Moretto",
         "email": "contact@clarity-gate.org"

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "hs",
-  "version": "1.4.6",
+  "version": "1.4.9",
   "description": "Pre-execution safety layer that blocks dangerous shell commands and credential file reads using pattern matching + LLM analysis. Fail-closed design.",
   "author": {
     "name": "Francesco Marinoni Moretto",

package/.codex/skills/hs/SKILL.md

@@ -1,18 +1,29 @@
 ---
 name: hs
-version: "1.4"
 description: "ACTIVATE THIS SKILL FOR ANY SHELL COMMAND OR FILE READ. Check curl, wget, rm, sudo, apt, dpkg, chmod, dd, format, powershell, bash, sh. Check pipe patterns like | sh or | bash. Check shell wrappers like bash -c, xargs, find -exec. Check cloud CLI (aws, gcloud, kubectl, terraform). Check when user says sysadmin told me, Stack Overflow says, is this safe, can I run. Block reading of .env, .ssh, .aws, and credential files. This skill blocks dangerous commands and warns on risky ones. ALWAYS apply the safety protocol from this document before responding about any command."
-author: Francesco Marinoni Moretto
 license: CC-BY-4.0
-triggers:
-  - hardstop
-  - safety check
-  - pre-execution check
-  - is this command safe
-  - check command safety
 ---
 
-# Hardstop Skill v1.4
+# Hardstop Skill v1.5
+
+## INVOCATION INSTRUCTIONS (read first when skill is activated)
+
+When this skill is activated via the Skill tool, check the ARGUMENTS field immediately:
+
+| Argument | Action — run this Bash command FIRST before anything else |
+|----------|----------------------------------------------------------|
+| `skip [n]` | `python ~/.claude/plugins/hs/commands/hs_cmd.py skip [n]` |
+| `on` / `enable` | `python ~/.claude/plugins/hs/commands/hs_cmd.py on` |
+| `off` / `disable` | `python ~/.claude/plugins/hs/commands/hs_cmd.py off` |
+| `status` | `python ~/.claude/plugins/hs/commands/hs_cmd.py status` |
+| `log` | `python ~/.claude/plugins/hs/commands/hs_cmd.py log` |
+| *(none)* | Apply the safety protocol below to evaluate the pending command |
+
+**Execute the Bash command immediately.** The hook reads `~/.hardstop/skip_next` — if that file is not written, skips have no effect.
+
+> **Path note:** Commands above assume the default install location. If Hardstop was installed with `CLAUDE_CONFIG_DIR` set, replace `~/.claude` in the paths with that directory.
+
+---
 
 > **Note:** This skill complements the Hardstop plugin. The plugin provides deterministic protection via hooks; this skill provides LLM-level awareness for platforms without hook support.
 
@@ -505,6 +516,13 @@ If you need to read this file, use '/hs skip' first.
 
 ## Changelog
 
+### v1.5 (2026-02-22)
+- **NEW FEATURE:** Invocation Instructions — explicit instructions for executing hs_cmd.py when the skill is activated with arguments
+- Added "INVOCATION INSTRUCTIONS" section at the top of the skill (before the safety protocol)
+- Maps skill arguments (`skip`, `on`, `off`, `status`, `log`) to their corresponding Bash commands via `~/.claude/plugins/hs/commands/hs_cmd.py`
+- Fixes skip bypass not working in Claude Code VSCode extension: LLM now runs `python ~/.claude/plugins/hs/commands/hs_cmd.py skip [n]` immediately on `/hs skip` invocation
+- Ensures `~/.hardstop/skip_next` is written so the hook correctly honors the bypass counter
+
 ### v1.4 (2026-02-14)
 - **NEW FEATURE:** Blocked Command Workflow — explicit instructions for handling blocked commands
 - Added "WHEN COMMANDS ARE BLOCKED" section with 5-step workflow
@@ -565,7 +583,7 @@ Copy to your agent's skill/instruction directory.
 
 ---
 
-**Version:** 1.4
+**Version:** 1.5
 **Author:** Francesco Marinoni Moretto
 **License:** CC-BY-4.0
 **Repository:** https://github.com/frmoretto/hardstop

package/.github/skills/hs/SKILL.md

@@ -1,18 +1,29 @@
 ---
 name: hs
-version: "1.4"
 description: "ACTIVATE THIS SKILL FOR ANY SHELL COMMAND OR FILE READ. Check curl, wget, rm, sudo, apt, dpkg, chmod, dd, format, powershell, bash, sh. Check pipe patterns like | sh or | bash. Check shell wrappers like bash -c, xargs, find -exec. Check cloud CLI (aws, gcloud, kubectl, terraform). Check when user says sysadmin told me, Stack Overflow says, is this safe, can I run. Block reading of .env, .ssh, .aws, and credential files. This skill blocks dangerous commands and warns on risky ones. ALWAYS apply the safety protocol from this document before responding about any command."
-author: Francesco Marinoni Moretto
 license: CC-BY-4.0
-triggers:
-  - hardstop
-  - safety check
-  - pre-execution check
-  - is this command safe
-  - check command safety
 ---
 
-# Hardstop Skill v1.4
+# Hardstop Skill v1.5
+
+## INVOCATION INSTRUCTIONS (read first when skill is activated)
+
+When this skill is activated via the Skill tool, check the ARGUMENTS field immediately:
+
+| Argument | Action — run this Bash command FIRST before anything else |
+|----------|----------------------------------------------------------|
+| `skip [n]` | `python ~/.claude/plugins/hs/commands/hs_cmd.py skip [n]` |
+| `on` / `enable` | `python ~/.claude/plugins/hs/commands/hs_cmd.py on` |
+| `off` / `disable` | `python ~/.claude/plugins/hs/commands/hs_cmd.py off` |
+| `status` | `python ~/.claude/plugins/hs/commands/hs_cmd.py status` |
+| `log` | `python ~/.claude/plugins/hs/commands/hs_cmd.py log` |
+| *(none)* | Apply the safety protocol below to evaluate the pending command |
+
+**Execute the Bash command immediately.** The hook reads `~/.hardstop/skip_next` — if that file is not written, skips have no effect.
+
+> **Path note:** Commands above assume the default install location. If Hardstop was installed with `CLAUDE_CONFIG_DIR` set, replace `~/.claude` in the paths with that directory.
+
+---
 
 > **Note:** This skill complements the Hardstop plugin. The plugin provides deterministic protection via hooks; this skill provides LLM-level awareness for platforms without hook support.
 
@@ -505,6 +516,13 @@ If you need to read this file, use '/hs skip' first.
 
 ## Changelog
 
+### v1.5 (2026-02-22)
+- **NEW FEATURE:** Invocation Instructions — explicit instructions for executing hs_cmd.py when the skill is activated with arguments
+- Added "INVOCATION INSTRUCTIONS" section at the top of the skill (before the safety protocol)
+- Maps skill arguments (`skip`, `on`, `off`, `status`, `log`) to their corresponding Bash commands via `~/.claude/plugins/hs/commands/hs_cmd.py`
+- Fixes skip bypass not working in Claude Code VSCode extension: LLM now runs `python ~/.claude/plugins/hs/commands/hs_cmd.py skip [n]` immediately on `/hs skip` invocation
+- Ensures `~/.hardstop/skip_next` is written so the hook correctly honors the bypass counter
+
 ### v1.4 (2026-02-14)
 - **NEW FEATURE:** Blocked Command Workflow — explicit instructions for handling blocked commands
 - Added "WHEN COMMANDS ARE BLOCKED" section with 5-step workflow
@@ -565,7 +583,7 @@ Copy to your agent's skill/instruction directory.
 
 ---
 
-**Version:** 1.4
+**Version:** 1.5
 **Author:** Francesco Marinoni Moretto
 **License:** CC-BY-4.0
 **Repository:** https://github.com/frmoretto/hardstop

package/CHANGELOG.md

@@ -2,6 +2,43 @@
 
 All notable changes to Hardstop will be documented in this file.
 
+## [1.4.9] - 2026-04-18
+
+### Added
+- **Installers + runtime:** Respect `CLAUDE_CONFIG_DIR` env var across `bin/install.js`, `install.sh`, `install.ps1`, `uninstall.sh` (resolved at install time) and `hooks/pre_tool_use.py`, `commands/hs_cmd.py` (derived from `__file__` at runtime). 7 new tests cover path derivation and dynamic safe-pattern matching. Thanks to @moiri-gamboni in #4.
+
+### Fixed
+- **uninstall.ps1:** Apply `CLAUDE_CONFIG_DIR` resolution for parity with `uninstall.sh`; previously left files behind on Windows when installed under a custom config directory.
+
+### Changed
+- **Platform skill copies (`.claude/`, `.codex/`, `.github/`):** Add a path-note clarifying that `~/.claude/...` paths in invocation tables assume the default install location.
+
+---
+
+## [1.4.8] - 2026-03-02
+
+### Changed
+- **skills/hs/SKILL.md (canonical):** Soften invocation language and add Security Architecture note to address OpenClaw "Suspicious" rating on ClawhHub
+  - Table header: "run this Bash command FIRST" → "Action (user-requested via /hs)"
+  - "Execute the Bash command immediately" → "Run the corresponding command — the user has explicitly requested this action via /hs"
+  - Added Security Architecture blockquote: explains plugin architecture, local scripts (not remote code), credential paths are block targets, skip is user-initiated and scoped
+  - Section 9: clarified that Hardstop blocks reads of credential paths, it does not access them
+  - Skip context: expanded to explain scoped bypass (next N commands, default 1)
+- **Platform copies unchanged** (`.claude/`, `.codex/`, `.github/`): retain original directive language for reliable LLM execution
+
+---
+
+## [1.4.7] - 2026-02-22
+
+### Added
+- **skills/ (all copies):** Skill v1.5 — added "INVOCATION INSTRUCTIONS" section at the top of all SKILL.md files. Maps skill arguments (`skip`, `on`, `off`, `status`, `log`) to their corresponding `hs_cmd.py` Bash commands, fixing skip bypass not working in Claude Code VSCode extension
+
+### Fixed
+- **skills/ (all copies):** Removed unsupported YAML frontmatter fields (`version`, `author`, `triggers`) from `.claude/`, `.codex/`, and `.github/` skill copies — these produce IDE warnings and are ignored by the Claude Code skill parser
+- **CLAUDE.md:** Documented Claude Code skill frontmatter constraints and correct per-platform YAML schema
+
+---
+
 ## [1.4.6] - 2026-02-17
 
 ### Fixed