Conversation
…llback VSCode doesn't support the "ask" permission, so confirm actions are force-denied. This adds a session allowlist so that non-high-risk operations auto-allow on retry within the same session, with a softer denial message guiding users to simply re-instruct Claude. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ude dialogs Reframe ClawGuard from "security tool" to "confirmation fatigue solver": - Rewrite README/LP messaging: convenience-first, security as side-effect - Add `claw-guard stats` command showing auto-allow counts - Expand session allowlist from VSCode-only to all environments - Return explicit `permissionDecision: "allow"` instead of null so Claude Code actually skips its permission dialog for safe commands - Simplify billing to free-only model (MIT, no license keys) - Natural Japanese copy for README.ja.md and LP jp.ts Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…nd improve rule coverage Replace VSCode-specific confirm-to-deny fallback with a universal deny+retry pattern: all confirm decisions now return deny with an explanation + retry hint, pre-registering the session allowlist so the retry auto-allows. This eliminates the need for vsCodeCompat flag and works consistently across all environments. Security hardening: - Restrict CORS to localhost origins only - Add 1MB request body size limit with early abort - Add anti-evasion hint to deny/ask responses Robustness: - Audit reader skips malformed JSONL lines instead of crashing - Rule loader catches invalid regex patterns gracefully Rule improvements: - Broaden npm/pip install regex to catch flag variants (--ignore-scripts, -D, -g, --no-deps, --upgrade) - Add isHistoricallyAllowed() for cross-session memory lookup - Extend session allowlist to cover high-risk confirm decisions Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…l auto-allow tests - Apply biome formatting across all packages - Add 4 new Phase 1 core rules (env-file-read, npm-install, pip-install, ssh-key-read) with active marketplace status - Replace non-null assertions with type-safe casts in integration tests - Suppress noUselessConstructor for FeatureGate (intentional API contract) - Add historical auto-allow integration tests (medium/high risk thresholds) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…mparison section, llms.txt, keywords) - Replace "license key" with "API key" in CLI commands - Remove plan display from `claw-guard test` output - Add "Why ClawGuard?" comparison table to README (EN + JA) - Add llms.txt for LLM crawlers - Expand npm keywords for search discoverability - Update billing package description to reflect free model Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Allow users to disable telemetry by setting reputation.opt_in: false in clawguard.yaml, as documented in README. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.