npm - oh-my-customcodex - Versions diffs - 0.3.4 → 0.3.5 - Mend

oh-my-customcodex 0.3.4 → 0.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/cli/index.js +1 -1
package/dist/index.js +1 -1
package/package.json +1 -1
package/templates/.claude/hooks/hooks.json +10 -0
package/templates/.claude/hooks/scripts/claude-sensitive-path-guard.sh +39 -0
package/templates/manifest.json +2 -2

package/dist/cli/index.js CHANGED Viewed

@@ -3091,7 +3091,7 @@ var init_package = __esm(() => {
     workspaces: [
       "packages/*"
     ],
-    version: "0.3.4",
+    version: "0.3.5",
     description: "Batteries-included agent harness on top of GPT Codex + OMX",
     type: "module",
     bin: {

package/dist/index.js CHANGED Viewed

@@ -2180,7 +2180,7 @@ var package_default = {
   workspaces: [
     "packages/*"
   ],
-  version: "0.3.4",
+  version: "0.3.5",
   description: "Batteries-included agent harness on top of GPT Codex + OMX",
   type: "module",
   bin: {

package/package.json CHANGED Viewed

@@ -3,7 +3,7 @@
   "workspaces": [
     "packages/*"
   ],
-  "version": "0.3.4",
+  "version": "0.3.5",
   "description": "Batteries-included agent harness on top of GPT Codex + OMX",
   "type": "module",
   "bin": {

package/templates/.claude/hooks/hooks.json CHANGED Viewed

@@ -82,6 +82,16 @@
         ],
         "description": "Schema-based tool input validation — Phase 1 advisory only"
       },
+      {
+        "matcher": "tool == \"Bash\" && tool_input.command matches \"\\\\.claude/\"",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash .codex/hooks/scripts/claude-sensitive-path-guard.sh"
+          }
+        ],
+        "description": "Block Bash writes into .claude/ sensitive paths before Claude Code permission prompts fire"
+      },
       {
         "matcher": "tool == \"Bash\"",
         "hooks": [

package/templates/.claude/hooks/scripts/claude-sensitive-path-guard.sh ADDED Viewed

@@ -0,0 +1,39 @@
+#!/bin/bash
+# Block Bash write operations targeting .claude/ sensitive paths.
+# Claude Code can surface a sensitive-file permission prompt before allow rules
+# or bypassPermissions are evaluated, so fail fast before the command runs.
+set -euo pipefail
+command -v jq >/dev/null 2>&1 || exit 0
+input=$(cat)
+cmd=$(echo "$input" | jq -r '.tool_input.command // ""')
+if [ -z "$cmd" ]; then
+  echo "$input"
+  exit 0
+fi
+targets_claude=0
+if [[ "$cmd" =~ \.claude/ ]]; then
+  targets_claude=1
+fi
+writes_claude=0
+if [[ "$cmd" =~ (^|[[:space:]])(cp|mv|install|rsync|tee|touch|mkdir|ln)[[:space:]] ]]; then
+  writes_claude=1
+elif [[ "$cmd" =~ sed[[:space:]]+-i ]] || [[ "$cmd" =~ perl[[:space:]]+-pi ]]; then
+  writes_claude=1
+elif [[ "$cmd" =~ [\>]{1,2}[[:space:]]*[^[:space:]]*\.claude/ ]]; then
+  writes_claude=1
+fi
+if [ "$targets_claude" -eq 1 ] && [ "$writes_claude" -eq 1 ]; then
+  echo "[Hook] BLOCKED: Bash write targeting .claude/ sensitive path" >&2
+  echo "[Hook] Command: $cmd" >&2
+  echo "[Hook] Use Write/Edit or the repo's managed sync/update path instead of Bash for .claude/ changes." >&2
+  exit 2
+fi
+echo "$input"

package/templates/manifest.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
-  "version": "0.3.4",
-  "lastUpdated": "2026-04-22T04:45:00.000Z",
+  "version": "0.3.5",
+  "lastUpdated": "2026-04-22T05:00:00.000Z",
   "components": [
     {
       "name": "rules",