All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog.
- Interactive macOS dialogs for override decisions (Block / Allow Once / Trust Session)
- Trust Session feature — auto-allows a pattern for the rest of the Claude Code session, scoped to parent PID, resets on restart
- Hard-block tier for catastrophic operations (fork bombs, disk wipes, base64 evasion) — no override possible
- Audit logging to
~/.claude_bouncer/audit.logwith timestamps and decision types block-sensitive-dirshook — protects browser credential stores, SSH/GPG keys, personal comms, dev auth tokens, system auth filesblock-password-managershook — hard-blocks 1Password CLI, Bitwarden CLI, macOS Keychain access, vault data directories- Input sanitization for osascript dialog strings (prevents injection)
- POSIX-compatible locking (mkdir-based, replaces flock which isn't on macOS)
- Stale session file auto-cleanup on each hook invocation
- Test suites for sensitive-dirs and password-managers hooks
- Updated test suite for dangerous-commands with hard-block and session trust coverage
block-dangerous-commandsnow uses three-tier system: hard-block, prompt (dialog), allowblock-env-readnow shows interactive dialog instead of silent block- Moved fork bombs,
diskutil eraseDisk,ddto disk devices, and base64-to-bash from regular blocks to hard-block tier
block-dangerous-commandsPreToolUse hook with 11 blocking categories:- Destructive operations
- Privilege escalation
- Exotic bypasses
- Write + execute combos
- Data exfiltration
- Credential access
- macOS system commands
- Git destructive operations
- Git remote tampering
- Fork bombs
- Dangerous misc
block-env-readhook covering Bash and native Read tool for.envfilesclaude-safewrapper that strips sensitive env vars before launching Claude- Test suite with 55+ test cases across all categories
- Example
settings.jsonwithacceptEditsmode and ~30 scoped Bash allows - Example
CLAUDE.mdbehavioral guardrails - Honest threat model and documented known bypasses in README