CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-02 03:35:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: sensitive frontmatter for Factory Droid auto-invocation safety

Browse Source 
Add sensitive: true to 6 skill templates with side effects that Factory
Droids shouldn't auto-invoke (ship, land-and-deploy, guard, careful,
freeze, unfreeze). The field is:
- Factory: emitted as disable-model-invocation: true
- Claude/Codex: stripped from output by transformFrontmatter()

Also fix Claude host path: call transformFrontmatter() for Claude to
strip the sensitive: field from Claude output.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-03-28 22:16:26 -07:00
parent 89d7ce388b
commit 205b03ede7
7 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
careful/SKILL.md.tmpl
+1
View File
@@ -17,6 +17,7 @@ hooks:
- type: command
command: "bash ${CLAUDE_SKILL_DIR}/bin/check-careful.sh"
statusMessage: "Checking for destructive commands..."
sensitive: true
---
# /careful — Destructive Command Guardrails
freeze/SKILL.md.tmpl
+1
View File
@@ -23,6 +23,7 @@ hooks:
- type: command
command: "bash ${CLAUDE_SKILL_DIR}/bin/check-freeze.sh"
statusMessage: "Checking freeze boundary..."
sensitive: true
---
# /freeze — Restrict Edits to a Directory
guard/SKILL.md.tmpl
+1
View File
@@ -28,6 +28,7 @@ hooks:
- type: command
command: "bash ${CLAUDE_SKILL_DIR}/../freeze/bin/check-freeze.sh"
statusMessage: "Checking freeze boundary..."
sensitive: true
---
# /guard — Full Safety Mode
land-and-deploy/SKILL.md.tmpl
+1
View File
@@ -13,6 +13,7 @@ allowed-tools:
- Write
- Glob
- AskUserQuestion
sensitive: true
---
{{PREAMBLE}}
scripts/gen-skill-docs.ts
+4 -1
View File
@@ -353,9 +353,12 @@ function processTemplate(tmplPath: string, host: Host = 'claude'): { outputPath:
throw new Error(`Unresolved placeholders in ${relTmplPath}: ${remaining.join(', ')}`);
}
// For Claude: strip sensitive: field (only Factory uses it)
// For external hosts: route output, transform frontmatter, rewrite paths
let symlinkLoop = false;
if (host !== 'claude') {
if (host === 'claude') {
content = transformFrontmatter(content, host);
} else {
const result = processExternalHost(content, tmplContent, host, skillDir, extractedDescription, ctx);
content = result.content;
outputPath = result.outputPath;
ship/SKILL.md.tmpl
+1
View File
@@ -15,6 +15,7 @@ allowed-tools:
- Agent
- AskUserQuestion
- WebSearch
sensitive: true
---
{{PREAMBLE}}
unfreeze/SKILL.md.tmpl
+1
View File
@@ -9,6 +9,7 @@ description: |
allowed-tools:
- Bash
- Read
sensitive: true
---
# /unfreeze — Clear Freeze Boundary