v0.4.2 - Critical Bug Fix & Security Hardening
🚨 Critical Bug Fix
This release fixes a critical bug where the auto-update mechanism (/docs -t) would destroy the installation directory, causing all subsequent /docs commands to fail.
Root Cause
Running install.sh from within ~/.claude-code-docs caused rm -rf "$INSTALL_DIR" to delete the current working directory while the script was still running.
Solution
Replaced full reinstall with lightweight script sync after git pull.
What's New
🔒 Security Improvements
- Path Traversal Protection: Added realpath validation in fallback mode to ensure files stay within docs directory
- Lock File Mechanism: Prevents concurrent update race conditions with automatic stale lock cleanup (60s)
🛠️ Bug Fixes
- Critical Auto-Update Bug: Fixed self-destruction issue during updates
- Template Fallback: Enhanced helper now gracefully degrades if template is missing
- Silent Failure Logging:
sync_helper_script()now logs failures to stderr for debugging
🗑️ Removed
- Unused Hook: Removed PreToolUse hook that did nothing (just
exit 0)
✅ Testing
- Added 9 new integration tests for critical bug fix scenarios
- 627 tests passing (was 618), 2 skipped
- 78.7% code coverage maintained
📚 Documentation
- Updated test counts across README.md and CONTRIBUTING.md
- Added "How It Works" section to README
- Corrected path counts (273 paths tracked)
Upgrade
# Re-run installer to upgrade
curl -fsSL https://raw.githubusercontent.com/costiash/claude-code-docs/main/install.sh | bashFull Changelog: https://github.com/costiash/claude-code-docs/blob/main/CHANGELOG.md