v0.18.2

Patch release for GitHub issue #31.

Fixed:

• Task-scoped Bash permission matching now applies the same single-command validation to explicit Bash(...) wildcards as it does to virtual Read / Grep / Glob / LS permissions.
• Bash(git status*) and Bash(git diff*) no longer allow chained commands such as git status --short && rg ....
• The read-only recovery lane now covers safe repo inspection commands including safe find, git blame, and git diff.
• Dependency-changing commands such as npm install --prefix frontend remain denied unless a task explicitly grants them.

Validation:

• node scripts/check-version-sync.mjs
• node scripts/verify-contracts.mjs
• bash install.sh --help
• npm run --silent lint
• git diff --check
• npm test (830 pass, 2 skipped live Claude runtime cases due non-standard ANTHROPIC_BASE_URL, 0 fail)