mirror of
https://github.com/garrytan/gstack.git
synced 2026-05-02 03:35:09 +02:00
Garry Tan
c4f679d829
* feat: add /careful, /freeze, /guard, /unfreeze safety hook skills Four new on-demand skills using Claude Code's PreToolUse hooks: - /careful: warns before destructive commands (rm -rf, DROP TABLE, force-push, etc.) - /freeze: blocks file edits outside a specified directory - /guard: composes both into one command - /unfreeze: clears freeze boundary without ending session Pure bash hook scripts with Python fallback for JSON edge cases. Safe exceptions for build artifacts (node_modules, dist, .next, etc.). Hook fire telemetry logs pattern name only (never command content). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: add skill usage telemetry to preamble TemplateContext system passes skill name through resolver pipeline so each generated SKILL.md gets its own name baked into the telemetry line. Appends to ~/.gstack/analytics/skill-usage.jsonl on every invocation. Covers 14 preamble-using skills + 4 hook skills (inline telemetry). JSONL format: {"skill":"ship","ts":"...","repo":"my-project"} Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: add analytics CLI for skill usage stats bun run analytics reads ~/.gstack/analytics/skill-usage.jsonl and shows top skills, per-repo breakdown, hook fire stats, and daily timeline. Supports --period 7d/30d/all. Handles missing/empty/malformed data. 22 unit tests cover parsing, filtering, formatting, and edge cases. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: add skills-used-this-week to /retro Retro Step 2 now reads skill-usage.jsonl and shows which gstack skills were used during the retro window. Follows the same pattern as the Greptile signal and Backlog Health metrics — read file, filter by date, aggregate, present. Skips silently if no analytics data exists. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * test: add hook script and telemetry tests 32 unit tests for check-careful.sh covering all 8 destructive patterns, safe exceptions, Python fallback, and malformed input handling. 7 unit tests for check-freeze.sh covering boundary enforcement, trailing slash edge case, and missing state file. Telemetry tests verify per-skill name correctness in generated output. Adds careful/freeze/guard/unfreeze/document-release to ALL_SKILLS. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: bump version to 0.6.5 + changelog + mark TODOs shipped Safety hook skills and skill usage telemetry shipped. Analytics CLI and /retro integration included. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: /debug auto-freezes edits to the module being debugged Add PreToolUse hooks (Edit/Write) to debug/SKILL.md.tmpl that reference the existing freeze/bin/check-freeze.sh. After Phase 1 investigation, /debug locks edits to the narrowest affected directory. Graceful degradation: if freeze script is unavailable, scope lock is skipped. Users can run /unfreeze to remove the restriction. Deferred 6 enhancements to TODOS.md, gated on telemetry showing the freeze hook actually fires in real debugging sessions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
83 lines
3.1 KiB
Markdown
83 lines
3.1 KiB
Markdown
---
|
|
name: guard
|
|
version: 0.1.0
|
|
description: |
|
|
Full safety mode: destructive command warnings + directory-scoped edits.
|
|
Combines /careful (warns before rm -rf, DROP TABLE, force-push, etc.) with
|
|
/freeze (blocks edits outside a specified directory). Use for maximum safety
|
|
when touching prod or debugging live systems. Use when asked to "guard mode",
|
|
"full safety", "lock it down", or "maximum safety".
|
|
allowed-tools:
|
|
- Bash
|
|
- Read
|
|
- AskUserQuestion
|
|
hooks:
|
|
PreToolUse:
|
|
- matcher: "Bash"
|
|
hooks:
|
|
- type: command
|
|
command: "bash ${CLAUDE_SKILL_DIR}/../careful/bin/check-careful.sh"
|
|
statusMessage: "Checking for destructive commands..."
|
|
- matcher: "Edit"
|
|
hooks:
|
|
- type: command
|
|
command: "bash ${CLAUDE_SKILL_DIR}/../freeze/bin/check-freeze.sh"
|
|
statusMessage: "Checking freeze boundary..."
|
|
- matcher: "Write"
|
|
hooks:
|
|
- type: command
|
|
command: "bash ${CLAUDE_SKILL_DIR}/../freeze/bin/check-freeze.sh"
|
|
statusMessage: "Checking freeze boundary..."
|
|
---
|
|
<!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly -->
|
|
<!-- Regenerate: bun run gen:skill-docs -->
|
|
|
|
# /guard — Full Safety Mode
|
|
|
|
Activates both destructive command warnings and directory-scoped edit restrictions.
|
|
This is the combination of `/careful` + `/freeze` in a single command.
|
|
|
|
**Dependency note:** This skill references hook scripts from the sibling `/careful`
|
|
and `/freeze` skill directories. Both must be installed (they are installed together
|
|
by the gstack setup script).
|
|
|
|
```bash
|
|
mkdir -p ~/.gstack/analytics
|
|
echo '{"skill":"guard","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || true
|
|
```
|
|
|
|
## Setup
|
|
|
|
Ask the user which directory to restrict edits to. Use AskUserQuestion:
|
|
|
|
- Question: "Guard mode: which directory should edits be restricted to? Destructive command warnings are always on. Files outside the chosen path will be blocked from editing."
|
|
- Text input (not multiple choice) — the user types a path.
|
|
|
|
Once the user provides a directory path:
|
|
|
|
1. Resolve it to an absolute path:
|
|
```bash
|
|
FREEZE_DIR=$(cd "<user-provided-path>" 2>/dev/null && pwd)
|
|
echo "$FREEZE_DIR"
|
|
```
|
|
|
|
2. Ensure trailing slash and save to the freeze state file:
|
|
```bash
|
|
FREEZE_DIR="${FREEZE_DIR%/}/"
|
|
STATE_DIR="${CLAUDE_PLUGIN_DATA:-$HOME/.gstack}"
|
|
mkdir -p "$STATE_DIR"
|
|
echo "$FREEZE_DIR" > "$STATE_DIR/freeze-dir.txt"
|
|
echo "Freeze boundary set: $FREEZE_DIR"
|
|
```
|
|
|
|
Tell the user:
|
|
- "**Guard mode active.** Two protections are now running:"
|
|
- "1. **Destructive command warnings** — rm -rf, DROP TABLE, force-push, etc. will warn before executing (you can override)"
|
|
- "2. **Edit boundary** — file edits restricted to `<path>/`. Edits outside this directory are blocked."
|
|
- "To remove the edit boundary, run `/unfreeze`. To deactivate everything, end the session."
|
|
|
|
## What's protected
|
|
|
|
See `/careful` for the full list of destructive command patterns and safe exceptions.
|
|
See `/freeze` for how edit boundary enforcement works.
|