-
由 Will Chen 提交于
#skip-bb <!-- This is an auto-generated description by cubic. --> --- ## Summary by cubic Add a Python permission hook that restricts python/python3 to scripts inside the .claude directory. Blocks unsafe modes and command injection to reduce risk. - **New Features** - Enforces: allow scripts under .claude; deny scripts outside; deny -m, -c, and interactive; passthrough for non-python and --version/--help. - Robust parsing of env-var prefixes, flags, quoted/unquoted paths, relative/absolute paths, and symlinks; supports CLAUDE_PROJECT_DIR. - Registered the hook in PreToolUse and expanded allowed tools in settings (Bash(chmod:*), Bash(python3:*)). Added tests for allowed, blocked, passthrough, and security-bypass commands. <sup>Written for commit 798d1abf04cdedc5395603ce4e32b2b943be8941. Summary will update on new commits.</sup> <!-- End of auto-generated description by cubic. --> --------- Co-authored-by:Claude <noreply@anthropic.com>
