claude-hud

zhanj/claude-hud

Fork 0

mirror of https://github.com/jarrodwatts/claude-hud.git synced 2026-05-02 10:32:39 +00:00

Commit Graph

Author	SHA1	Message	Date
Jarrod Watts	17475d3f61	fix(extra-cmd): improve robustness and add tests (#94 ) - Add debug logging for failures (uses DEBUG=claude-hud pattern) - Support --extra-cmd=value syntax (in addition to --extra-cmd value) - Reject empty values with debug warning - Add security comment explaining shell injection is intentional (user CLI input) - Export sanitize() for testability - Add 30 unit tests for sanitize, arg parsing, timeout, malformed JSON Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-19 16:11:23 +11:00
Jarrod Watts	32cd0ca56b	feat: add --extra-cmd CLI argument for custom status labels (#92 ) - Add `--extra-cmd` CLI flag to execute a user-specified command - Command must return JSON with a `label` field, e.g., `{"label": "$1.23/day"}` - Includes security hardening: - sanitize() to strip terminal escape sequences (CSI, OSC, control chars, bidi) - maxBuffer: 10KB limit to prevent memory issues - Label truncation to 50 chars max - Display extraLabel in session line when present Co-authored-by: Johnny Wang <johnnywang1991@msn.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-19 15:24:29 +11:00

Author

SHA1

Message

Date

Jarrod Watts

17475d3f61

fix(extra-cmd): improve robustness and add tests (#94 )

- Add debug logging for failures (uses DEBUG=claude-hud pattern)
- Support --extra-cmd=value syntax (in addition to --extra-cmd value)
- Reject empty values with debug warning
- Add security comment explaining shell injection is intentional (user CLI input)
- Export sanitize() for testability
- Add 30 unit tests for sanitize, arg parsing, timeout, malformed JSON

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-19 16:11:23 +11:00

Jarrod Watts

32cd0ca56b

feat: add --extra-cmd CLI argument for custom status labels (#92 )

- Add `--extra-cmd` CLI flag to execute a user-specified command
- Command must return JSON with a `label` field, e.g., `{"label": "$1.23/day"}`
- Includes security hardening:
  - sanitize() to strip terminal escape sequences (CSI, OSC, control chars, bidi)
  - maxBuffer: 10KB limit to prevent memory issues
  - Label truncation to 50 chars max
- Display extraLabel in session line when present

Co-authored-by: Johnny Wang <johnnywang1991@msn.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-19 15:24:29 +11:00

2 Commits