Fewer prompts, sharper reviews. This release cuts permission-prompt friction for Bulwark's own bundled assets, makes the code-review skill language-aware so it only runs checks that apply to each file, and adds an opt-in hook that auto-approves tool calls scoped to the plugin's own files.
Added
- Opt-in permission-bypass hook (
bulwark-permission-hook.sh, PreToolUse) — auto-approves Read/Edit/Bash calls whose targets resolve inside the plugin's own cache root, so Bulwark's bundled skills and agents stop prompting for access to their own files. Off by default and never auto-installed; opt in per project viabulwark-scaffold --with-permission-hook. Path-traversal that spoofs a plugin prefix but escapes the root is blocked, and any target outside the plugin cache (for example/etc/passwdor a networkcurl) still prompts normally. Documented as a separate, default-off hook — the always-on set remains eight hooks. bulwark-scaffold --with-permission-hookflag — installs the opt-in permission hook at project scope during scaffolding.- Universal per-language
code-reviewrecipes across all eight Justfile templates and the root Justfile —typecheck-py,lint-py,validate-json/validate-yaml, andshellcheck. Each recipe degrades gracefully: it skips and exits 0 when the underlying tool is absent, and propagates the tool's exit status when present.
Changed
code-reviewskill is now language-aware — it detects each changed file's language and gates review sections via a Language Applicability table, so it runs only the checks relevant to the files under review instead of assuming a single stack.allowed-toolsdeclared on all 30 skills;toolsaudited on all 15 agents — every skill now pre-authorizes exactly the tools it needs, removing routine permission prompts during normal skill execution. (allowed-toolspre-authorizes, it does not restrict;disallowed-toolsremains the restriction field.)
Full changelog: https://github.com/QBall-Inc/the-bulwark/blob/main/CHANGELOG.md