A gap-closing release, motivated by a real user (me, on this user's repo) experiencing the product fail to deliver where they actually work.
What was broken
smart_read (v2.10) only intercepts the Read tool. In autonomous/agentic Claude Code sessions, Claude reaches for Bash to view files (cat/less/more/bat <bigfile>) — that bypassed smart_read entirely, the whole file dumped into context, and Receipts didn't see it. Documented honestly in v2.10.1's limitations.md, now actually closed.
What's new
smart_bash.py — PreToolUse hook on Bash. Intercepts the narrow, unambiguous case of a pure file dump and hands Claude the same outline smart_read does. The parser is the load-bearing part:
- intercepts exactly:
cat/less/more/bat <file>, single positional, no flags, zero shell metacharacters in the entire command - explicitly does not intercept: pipes, redirects, chains, substitutions,
head/tail(their 10-line default is smaller than the outline — intercepting would be net-negative),sed, quoted args, multiple files, anything ambiguous - once-per-file-per-session dedupe shared with
smart_readso the same file isn't double-nagged - slice events tagged
via=bashfor Receipts crediting - env-disable:
CONTEXT_OS_SMART_BASH=0
Why "perfection" required the narrow scope
The danger isn't missing an intercept — it's blocking a legitimate complex Bash command. So the parser's invariant is: any doubt → allow. The CI gate exercises 30+ adversarial shapes (pipes, &&, ;, $(), backticks, globs, tildes, quoted args, comments, line continuations…) and asserts every one passes through.
Tests
python/evals/runners/savings_test.pynow ~100 assertions (up from 49), covering: parser whitelist correctness, parser pass-through on every risky shape, end-to-end intercept/dedupe/disable, non-existent-file/small-file/non-Bash-tool guards.ranker_floorstill green; setup.sh embeds byte-identical.
Honest scope
This closes the Bash blind spot for the safe whitelist. The genuinely-ambiguous cases (sed/awk/quoted scripts/multi-file) remain invisible to Receipts — that's the right call (false-positive blocking real Bash work would be worse than missing some coverage).
Install
curl -fsSL https://raw.githubusercontent.com/sravan27/context-os/main/setup.sh | bash