mirror of
https://github.com/garrytan/gstack.git
synced 2026-05-06 21:46:40 +02:00
Garry Tan
8500136d15
* fix: telemetry source tagging + duration guards Add --source, --error-message, --failed-step flags to gstack-telemetry-log. Source tagging (live vs test via GSTACK_TELEMETRY_SOURCE env) prevents E2E tests from polluting production data. Duration guards cap unreasonable values (>24h or negative → null). Partial cherry-pick from garrytan/community-mode — non-breaking parts only. Skips install_fingerprint rename (needs schema migration). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: remove trigger guard + proactive opt-out prompt Remove "MANUAL TRIGGER ONLY" injection from all skill descriptions. This frees 59 chars per skill from the 1024-char Codex description budget and lets skills auto-fire based on semantic matching. Merge auto-fire control into the existing `proactive` setting — when false, Claude won't auto-invoke skills or suggest them. Users are prompted once about this preference (chains after the telemetry prompt, fires on second skill run). Also trims the root gstack description by removing the skill catalog (already in the body), saving ~500 chars. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: bump version and changelog (v0.11.16.0) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
83 lines
2.9 KiB
Markdown
83 lines
2.9 KiB
Markdown
---
|
|
name: freeze
|
|
version: 0.1.0
|
|
description: |
|
|
Restrict file edits to a specific directory for the session. Blocks Edit and
|
|
Write outside the allowed path. Use when debugging to prevent accidentally
|
|
"fixing" unrelated code, or when you want to scope changes to one module.
|
|
Use when asked to "freeze", "restrict edits", "only edit this folder",
|
|
or "lock down edits".
|
|
allowed-tools:
|
|
- Bash
|
|
- Read
|
|
- AskUserQuestion
|
|
hooks:
|
|
PreToolUse:
|
|
- matcher: "Edit"
|
|
hooks:
|
|
- type: command
|
|
command: "bash ${CLAUDE_SKILL_DIR}/bin/check-freeze.sh"
|
|
statusMessage: "Checking freeze boundary..."
|
|
- matcher: "Write"
|
|
hooks:
|
|
- type: command
|
|
command: "bash ${CLAUDE_SKILL_DIR}/bin/check-freeze.sh"
|
|
statusMessage: "Checking freeze boundary..."
|
|
---
|
|
<!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly -->
|
|
<!-- Regenerate: bun run gen:skill-docs -->
|
|
|
|
# /freeze — Restrict Edits to a Directory
|
|
|
|
Lock file edits to a specific directory. Any Edit or Write operation targeting
|
|
a file outside the allowed path will be **blocked** (not just warned).
|
|
|
|
```bash
|
|
mkdir -p ~/.gstack/analytics
|
|
echo '{"skill":"freeze","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || true
|
|
```
|
|
|
|
## Setup
|
|
|
|
Ask the user which directory to restrict edits to. Use AskUserQuestion:
|
|
|
|
- Question: "Which directory should I restrict edits to? Files outside this path will be blocked from editing."
|
|
- Text input (not multiple choice) — the user types a path.
|
|
|
|
Once the user provides a directory path:
|
|
|
|
1. Resolve it to an absolute path:
|
|
```bash
|
|
FREEZE_DIR=$(cd "<user-provided-path>" 2>/dev/null && pwd)
|
|
echo "$FREEZE_DIR"
|
|
```
|
|
|
|
2. Ensure trailing slash and save to the freeze state file:
|
|
```bash
|
|
FREEZE_DIR="${FREEZE_DIR%/}/"
|
|
STATE_DIR="${CLAUDE_PLUGIN_DATA:-$HOME/.gstack}"
|
|
mkdir -p "$STATE_DIR"
|
|
echo "$FREEZE_DIR" > "$STATE_DIR/freeze-dir.txt"
|
|
echo "Freeze boundary set: $FREEZE_DIR"
|
|
```
|
|
|
|
Tell the user: "Edits are now restricted to `<path>/`. Any Edit or Write
|
|
outside this directory will be blocked. To change the boundary, run `/freeze`
|
|
again. To remove it, run `/unfreeze` or end the session."
|
|
|
|
## How it works
|
|
|
|
The hook reads `file_path` from the Edit/Write tool input JSON, then checks
|
|
whether the path starts with the freeze directory. If not, it returns
|
|
`permissionDecision: "deny"` to block the operation.
|
|
|
|
The freeze boundary persists for the session via the state file. The hook
|
|
script reads it on every Edit/Write invocation.
|
|
|
|
## Notes
|
|
|
|
- The trailing `/` on the freeze directory prevents `/src` from matching `/src-old`
|
|
- Freeze applies to Edit and Write tools only — Read, Bash, Glob, Grep are unaffected
|
|
- This prevents accidental edits, not a security boundary — Bash commands like `sed` can still modify files outside the boundary
|
|
- To deactivate, run `/unfreeze` or end the conversation
|