Whitelist Obsidian CLI binary in sandbox callback hook

[amexicotte]

Problem
Claudian's PreToolUse:Callback hook blocks execution of the official Obsidian CLI because the binary lives outside the vault at /Applications/Obsidian.app/Contents/MacOS/obsidian.

Error:

Access denied: Command path "/Applications/Obsidian.app/Contents/MacOS/obsidian" is outside the vault. Agent is restricted to vault directory only.
This blocks all obsidian CLI commands (obsidian vault, obsidian search, obsidian read, etc.).

What I tried
Symlink inside .claude/ pointing to the binary - blocked (resolves outside vault)
Copying the binary into the vault - launches full Electron app instead of CLI mode
Adding "Bash(/Applications/Obsidian.app/Contents/MacOS/obsidian:*)" to settings.local.json allow list - no effect on the callback hook
Adding PATH via "environmentVariables" in claudian-settings.json - no effect
Adding to "persistentExternalContextPaths" - no effect
Expected behavior
The Obsidian CLI should be callable from Claudian sessions. Obsidian's team (kepano) is actively building CLI support for Claude Code integration. This is the primary use case.

Suggested fix
Whitelist /Applications/Obsidian.app/Contents/MacOS/obsidian (macOS) and equivalent paths on other platforms in the sandbox callback, or add a configurable allowedBinaryPaths setting in claudian-settings.json.

Environment
macOS
Obsidian 1.12+ with CLI registered
Claudian latest
permissionMode: "yolo" in claudian-settings.json

[YishenTu]

#306

export PATH=/Applications/Obsidian.app/Contents/MacOS:$PATH

[zhaoscsc]

我测试了一下，添加了export PATH=/Applications/Obsidian.app/Contents/MacOS:$PATH以后，Obsidian CLI 只有部分命令能正常工作（如 vault），而 search 等命令没有输出。