mirror of https://github.com/garrytan/gstack.git
68 lines
2.9 KiB
Markdown
68 lines
2.9 KiB
Markdown
---
|
|
name: freeze
|
|
description: |
|
|
Restrict file edits to a specific directory for the session. Blocks Edit and
|
|
Write outside the allowed path. Use when debugging to prevent accidentally
|
|
"fixing" unrelated code, or when you want to scope changes to one module.
|
|
Use when asked to "freeze", "restrict edits", "only edit this folder",
|
|
or "lock down edits".
|
|
---
|
|
<!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly -->
|
|
<!-- Regenerate: bun run gen:skill-docs -->
|
|
> **Safety Advisory:** This skill includes safety checks that verify file edits are within the allowed scope boundary before applying, and verify file writes are within the allowed scope boundary before applying. When using this skill, always pause and verify before executing potentially destructive operations. If uncertain about a command's safety, ask the user for confirmation before proceeding.
|
|
|
|
|
|
# /freeze — Restrict Edits to a Directory
|
|
|
|
Lock file edits to a specific directory. Any Edit or Write operation targeting
|
|
a file outside the allowed path will be **blocked** (not just warned).
|
|
|
|
```bash
|
|
mkdir -p ~/.gstack/analytics
|
|
echo '{"skill":"freeze","ts":"'$(date -u +%Y-%m-%dT%H:%M:%SZ)'","repo":"'$(basename "$(git rev-parse --show-toplevel 2>/dev/null)" 2>/dev/null || echo "unknown")'"}' >> ~/.gstack/analytics/skill-usage.jsonl 2>/dev/null || true
|
|
```
|
|
|
|
## Setup
|
|
|
|
Ask the user which directory to restrict edits to. Use AskUserQuestion:
|
|
|
|
- Question: "Which directory should I restrict edits to? Files outside this path will be blocked from editing."
|
|
- Text input (not multiple choice) — the user types a path.
|
|
|
|
Once the user provides a directory path:
|
|
|
|
1. Resolve it to an absolute path:
|
|
```bash
|
|
FREEZE_DIR=$(cd "<user-provided-path>" 2>/dev/null && pwd)
|
|
echo "$FREEZE_DIR"
|
|
```
|
|
|
|
2. Ensure trailing slash and save to the freeze state file:
|
|
```bash
|
|
FREEZE_DIR="${FREEZE_DIR%/}/"
|
|
STATE_DIR="${CLAUDE_PLUGIN_DATA:-$HOME/.gstack}"
|
|
mkdir -p "$STATE_DIR"
|
|
echo "$FREEZE_DIR" > "$STATE_DIR/freeze-dir.txt"
|
|
echo "Freeze boundary set: $FREEZE_DIR"
|
|
```
|
|
|
|
Tell the user: "Edits are now restricted to `<path>/`. Any Edit or Write
|
|
outside this directory will be blocked. To change the boundary, run `/freeze`
|
|
again. To remove it, run `/unfreeze` or end the session."
|
|
|
|
## How it works
|
|
|
|
The hook reads `file_path` from the Edit/Write tool input JSON, then checks
|
|
whether the path starts with the freeze directory. If not, it returns
|
|
`permissionDecision: "deny"` to block the operation.
|
|
|
|
The freeze boundary persists for the session via the state file. The hook
|
|
script reads it on every Edit/Write invocation.
|
|
|
|
## Notes
|
|
|
|
- The trailing `/` on the freeze directory prevents `/src` from matching `/src-old`
|
|
- Freeze applies to Edit and Write tools only — Read, Bash, Glob, Grep are unaffected
|
|
- This prevents accidental edits, not a security boundary — Bash commands like `sed` can still modify files outside the boundary
|
|
- To deactivate, run `/unfreeze` or end the conversation
|