fix/permissions-issue-on-script-run

[ConVonKnorrisson]

Fixes #7 @cri5Castro & #9 Opened by me

Summary

After a clean install and restart, /ck:judge and related commands could fail immediately with a Bash permission-check error instead of running the expected script.

What changed

• replaced fenced ```! execution blocks in command files with normal inline Run "..." script instructions
• fixed allowed-tools entries from Bash(...sh:*) to Bash(...sh*)

Why

The failing pattern included the leading ! form instead of matching a normal Bash command string. Claude appears to be checking permission against the fenced command block, not just the resolved script path.

Result

/ck:judge should run after install without requiring manual permission-rule tweaks, and the same fix applies to the related setup-build.sh and bp-config.sh command definitions.

Tested

• that it fixed the permission issue on /ck:judge and /ck:make
• Note that logs following will have ~ rather than /Users

Output /ck:make:

❯ /ck:make

⏺ /ck:make loaded clean — fix confirmed for both commands. Now running the setup
  script:

⏺ Bash("~/.claude/plugins/local/cavekit-marketplace/ck/scripts/setup-bui
      ld.sh")
  ⎿  Running…

──────────────────────────────────────────────────────────────────────────────────────
 Bash command

   "~/.claude/plugins/local/cavekit-marketplace/ck/scripts/setup-buil
   d.sh"
   Run Cavekit build setup script

 This command requires approval

 Do you want to proceed?
 ❯ 1. Yes
  2.Yes, and don’t ask  : ~/.claude/plugins/local/cavekit-marketplace/ck
    again for           /scripts/setup-build.sh:*
   3. No

Output /ck:judge:

 Bash command

   "~/.claude/plugins/local/cavekit-marketplace/ck/scripts/codex-revi
   ew.sh"
   Run Codex adversarial review

 This command requires approval

 Do you want to proceed?
 ❯ 1. Yes
  2.Yes, and don’t ask  : ~/.claude/plugins/local/cavekit-marketplace/ck
    again for           /scripts/codex-review.sh:*
   3. No

 Esc to cancel · Tab to amend · ctrl+e to explain
 

Output /ck:config list

❯ /ck:config list

⏺ Bash("~/.claude/plugins/local/cavekit-marketplace/ck/scripts/bp-config
      .sh" presets)
  ⎿  Running…

──────────────────────────────────────────────────────────────────────────────────────
 Bash command

   "~/.claude/plugins/local/cavekit-marketplace/ck/scripts/bp-config.
   sh" presets
   List Cavekit execution presets

 This command requires approval

 Do you want to proceed?
 ❯ 1. Yes
  2.Yes, and don’t ask  : ~/.claude/plugins/local/cavekit-marketplace/ck
    again for           /scripts/bp-config.sh presets:*
   3. No

Output /ck:config list

/ck:config

⏺ Bash("~/.claude/plugins/local/cavekit-marketplace/ck/scripts/bp-config
      .sh" show)
  ⎿  Running…

──────────────────────────────────────────────────────────────────────────────────────
 Bash command

   "~/.claude/plugins/local/cavekit-marketplace/ck/scripts/bp-config.
   sh" show
   Show effective Cavekit configuration

 This command requires approval

 Do you want to proceed?
 ❯ 1. Yes
  2.Yes, and don’t ask  : ~/.claude/plugins/local/cavekit-marketplace/ck
    again for           /scripts/bp-config.sh show:*
   3. No

 Esc to cancel · Tab to amend · ctrl+e to explain

Individual script runs:

❯ ~/.claude/plugins/local/cavekit-marketplace/ck/scripts/bp-config.sh summary
Cavekit preset: quality (reasoning=opus, execution=opus, exploration=sonnet, caveman=o

❯ ~/.claude/plugins/local/cavekit-marketplace/ck/scripts/bp-config.sh show
bp_model_preset=quality
bp_model_preset_source=default
bp_model_preset_source_path=(built-in default)
reasoning_model=opus
execution_model=opus
exploration_model=sonnet
caveman_mode=on
caveman_phases=build,inspect
project_config=.~//Code/webviewer/.cavekit/config
global_config=~/.cavekit/config

❯ ~/.claude/plugins/local/cavekit-marketplace/ck/scripts/bp-config.sh model execution
opus

[ConVonKnorrisson]

Created the following script for currently installed instances (in case someone needs a fix before any merge gets reviewed) which appeared to work to fix the commands other than /ck:judge run at your own risk though as I've only run it on my machine and i didn't notice any issues:

#!/usr/bin/env bash
# cavefix/fix.sh
# Fixes two related bugs in Cavekit command files:
#   1. Fenced ```! code blocks cause permission checks to match the backtick & newline
#      string rather than  only the command, so settings rule doesnt match
#   2. Bash(...:*) in allowed-tools contains a colon before the wildcard,
#      which means the pattern never matches an actual shell command string.
#
# Usage:
#   ./fix.sh                          # uses default plugin path
#   ./fix.sh /path/to/plugin/root     # override plugin root
#
#  modifies files that still contain the issue
set -euo pipefail

PLUGIN_ROOT="${1:-~/.claude/plugins/local/cavekit-marketplace}"
COMMANDS_DIRS=("$PLUGIN_ROOT/ck/commands" "$PLUGIN_ROOT/bp/commands")

fixed=0
skipped=0

for dir in "${COMMANDS_DIRS[@]}"; do
  if [ ! -d "$dir" ]; then
    echo "SKIP (not found): $dir"
    continue
  fi

  # Process only real files (skip symlinks — fixing the target is enough)
  while IFS= read -r -d '' file; do
    changed=false

    # Bug 1: Convert ```! blocks -> Run `cmd` instructions.
    if grep -q '```!' "$file"; then
      # Note: perl -i'' (no space) required on macOS; -i '' (with space) no-ops // thanks claude
      perl -i'' -0777 -pe 's/```!\n(.*?)\n```/Run `$1`/g' "$file"
      changed=true
      echo "  [fenced->inline] $file"
    fi

    # Bug 2: Strip the colon in Bash(...sh:*) allowed-tools pattern.
    # Pattern Bash(path.sh:*) doesnt match with bare command string like "path.sh arg".
    if grep -q 'allowed-tools.*\.sh:\*)' "$file"; then
      sed -i '' 's/Bash(\([^)]*\.sh\):\*)/Bash(\1*)/g' "$file"
      changed=true
      echo "  [allowed-tools :*->*] $file"
    fi

    if $changed; then
      (( fixed++ )) || true
    else
      (( skipped++ )) || true
    fi
  done < <(find "$dir" -maxdepth 1 -name "*.md" -not -type l -print0)
done

echo ""
echo "Done. Files modified: $fixed  Already clean: $skipped"
echo "Run /reload-plugins in Claude Code to apply changes."