@agentapprove/opencode 0.1.0

package/LICENSE

@@ -0,0 +1,13 @@
+Copyright (c) 2026 Agent Approve LLC. All rights reserved.
+
+This software is proprietary and confidential. Unauthorized copying,
+modification, distribution, or use of this software, via any medium,
+is strictly prohibited without the express written permission of
+Agent Approve LLC.
+
+Use of this software is subject to the Agent Approve Terms of Service:
+https://www.agentapprove.com/terms
+
+Privacy Policy: https://www.agentapprove.com/privacy
+
+For licensing inquiries, contact: hello@agentapprove.com

package/README.md

@@ -0,0 +1,75 @@
+# @agentapprove/opencode
+
+[Agent Approve](https://agentapprove.com) plugin for [OpenCode](https://opencode.ai). Approve or deny AI agent tool calls from your iPhone and Apple Watch.
+
+## Why Agent Approve?
+
+- **Visibility** -- see what your OpenCode agent is doing in real time from your mobile device
+- **Centralized policy** -- define your default stance (allow, deny, or ask) and manage custom allowlists and denylists for tools, parameters, and commands
+- **Mobile approval** -- when human approval is required, review and respond from your iPhone or Apple Watch with a tap
+
+You decide the rules. Agent Approve enforces them.
+
+## How it works
+
+This plugin hooks into OpenCode's event system to enforce your approval policy:
+
+- **permission.ask** -- evaluates each tool call against your policy and blocks until allowed/denied
+- **tool.execute.before / tool.execute.after** -- logs tool lifecycle events
+- **chat.message** -- logs user prompt activity
+- **event / experimental.session.compacting** -- logs session lifecycle and compaction events
+
+## Install
+
+1. **Download Agent Approve** from the [App Store](https://agentapprove.com) and start your 7-day free trial
+2. **Run the installer** on each machine where you use OpenCode:
+
+```bash
+npx agentapprove
+```
+
+The installer handles pairing, token setup, and OpenCode plugin activation. Select OpenCode when prompted for which agents to configure.
+
+3. **Restart OpenCode** to load the plugin
+
+That's it. Tool calls will now be evaluated against your policy, and approval requests will appear on your paired device when needed.
+
+## Manual setup (advanced)
+
+If you already have Agent Approve configured and just need to add the OpenCode plugin, add `@agentapprove/opencode` to your OpenCode config:
+
+`~/.config/opencode/opencode.json`
+
+```json
+{
+  "plugin": [
+    "@agentapprove/opencode"
+  ]
+}
+```
+
+OpenCode automatically installs npm plugins listed in the `plugin` array at startup. Restart OpenCode to activate.
+
+## Configuration
+
+Plugin behavior is configured through Agent Approve environment settings in:
+
+`~/.agentapprove/env`
+
+| Setting | Default | Description |
+|---------|---------|-------------|
+| `AGENTAPPROVE_TIMEOUT` | `300` | Seconds to wait for an approval response |
+| `AGENTAPPROVE_FAIL_BEHAVIOR` | `ask` | Default policy when API is unreachable: `allow`, `deny`, or `ask` |
+| `AGENTAPPROVE_PRIVACY` | `full` | What tool data is stored in event logs: `minimal`, `summary`, or `full` |
+| `AGENTAPPROVE_DEBUG` | `false` | Write debug logs to `~/.agentapprove/hook-debug.log` |
+| `AGENTAPPROVE_AGENT_NAME` / `AGENTAPPROVE_OPENCODE_NAME` | `OpenCode` | Display name for this agent |
+| `AGENTAPPROVE_E2E_ENABLED` | `false` | Enable end-to-end encryption for non-approval event content |
+
+## Supported agents
+
+Agent Approve works with OpenCode, OpenClaw, Claude Code, Cursor, Gemini CLI, VS Code Agent, Copilot CLI, OpenAI Codex (coming soon), and more. Run `npx agentapprove` to configure multiple agents at once.
+
+## Links
+
+- [Agent Approve](https://agentapprove.com)
+- [OpenCode](https://opencode.ai)

package/dist/index.js

@@ -0,0 +1,1062 @@
+// src/index.ts
+import { fileURLToPath } from "url";
+import { randomBytes as randomBytes2 } from "crypto";
+
+// src/config.ts
+import { readFileSync as readFileSync3, existsSync as existsSync3, statSync as statSync2 } from "fs";
+import { join as join3 } from "path";
+import { homedir as homedir3 } from "os";
+import { execSync } from "child_process";
+
+// src/e2e-crypto.ts
+import { createHash, createHmac, createCipheriv, randomBytes } from "crypto";
+import { readFileSync as readFileSync2, writeFileSync as writeFileSync2, existsSync as existsSync2, copyFileSync } from "fs";
+import { join as join2 } from "path";
+import { homedir as homedir2 } from "os";
+
+// src/debug.ts
+import { appendFileSync, existsSync, mkdirSync, statSync, readFileSync, writeFileSync } from "fs";
+import { join, dirname } from "path";
+import { homedir } from "os";
+var DEBUG_LOG_PATH = join(homedir(), ".agentapprove", "hook-debug.log");
+var MAX_SIZE = 5 * 1024 * 1024;
+var KEEP_SIZE = 2 * 1024 * 1024;
+function ensureLogFile() {
+  const dir = dirname(DEBUG_LOG_PATH);
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+  if (!existsSync(DEBUG_LOG_PATH)) {
+    writeFileSync(DEBUG_LOG_PATH, "", { mode: 384 });
+    return;
+  }
+  try {
+    const stat = statSync(DEBUG_LOG_PATH);
+    if (stat.size > MAX_SIZE) {
+      const content = readFileSync(DEBUG_LOG_PATH, "utf-8");
+      writeFileSync(DEBUG_LOG_PATH, content.slice(-KEEP_SIZE), { mode: 384 });
+      appendFileSync(DEBUG_LOG_PATH, `[${localTimestamp()}] [debug] Log rotated (exceeded 5MB, kept last 2MB)
+`);
+    }
+  } catch {
+  }
+}
+function localTimestamp() {
+  const d = /* @__PURE__ */ new Date();
+  const pad = (n) => String(n).padStart(2, "0");
+  return `${d.getFullYear()}-${pad(d.getMonth() + 1)}-${pad(d.getDate())} ${pad(d.getHours())}:${pad(d.getMinutes())}:${pad(d.getSeconds())}`;
+}
+function debugLog(message, hookName = "opencode-plugin") {
+  try {
+    ensureLogFile();
+    appendFileSync(DEBUG_LOG_PATH, `[${localTimestamp()}] [${hookName}] ${message}
+`);
+  } catch {
+  }
+}
+function debugLogRawInline(data) {
+  try {
+    ensureLogFile();
+    appendFileSync(DEBUG_LOG_PATH, `${data}
+`);
+  } catch {
+  }
+}
+
+// src/e2e-crypto.ts
+function keyId(keyHex) {
+  const keyBytes = Buffer.from(keyHex, "hex");
+  const hash = createHash("sha256").update(keyBytes).digest();
+  return hash.subarray(0, 4).toString("hex");
+}
+function deriveEncKey(keyHex) {
+  const prefix = Buffer.from("agentapprove-e2e-enc:");
+  const keyBytes = Buffer.from(keyHex, "hex");
+  return createHash("sha256").update(Buffer.concat([prefix, keyBytes])).digest();
+}
+function deriveMacKey(keyHex) {
+  const prefix = Buffer.from("agentapprove-e2e-mac:");
+  const keyBytes = Buffer.from(keyHex, "hex");
+  return createHash("sha256").update(Buffer.concat([prefix, keyBytes])).digest();
+}
+function e2eEncrypt(keyHex, plaintext) {
+  const kid = keyId(keyHex);
+  const encKey = deriveEncKey(keyHex);
+  const macKey = deriveMacKey(keyHex);
+  const iv = randomBytes(16);
+  const cipher = createCipheriv("aes-256-ctr", encKey, iv);
+  const ciphertext = Buffer.concat([cipher.update(plaintext, "utf-8"), cipher.final()]);
+  const ivHex = iv.toString("hex");
+  const ciphertextBase64 = ciphertext.toString("base64");
+  const hmac = createHmac("sha256", macKey).update(Buffer.concat([iv, ciphertext])).digest("hex");
+  return `E2E:v1:${kid}:${ivHex}:${ciphertextBase64}:${hmac}`;
+}
+function applyApprovalE2E(payload, userKey, serverKey) {
+  const sensitiveFields = {};
+  for (const field of ["command", "toolInput", "cwd"]) {
+    if (payload[field] != null) {
+      sensitiveFields[field] = payload[field];
+    }
+  }
+  if (Object.keys(sensitiveFields).length === 0) {
+    return payload;
+  }
+  const sensitiveJson = JSON.stringify(sensitiveFields);
+  const result = { ...payload };
+  delete result.command;
+  delete result.toolInput;
+  delete result.cwd;
+  const e2e = {
+    user: e2eEncrypt(userKey, sensitiveJson)
+  };
+  if (serverKey) {
+    e2e.server = e2eEncrypt(serverKey, sensitiveJson);
+  }
+  result.e2e = e2e;
+  return result;
+}
+function applyEventE2E(payload, userKey) {
+  const contentFields = {};
+  for (const field of [
+    "command",
+    "toolInput",
+    "response",
+    "responsePreview",
+    "text",
+    "textPreview",
+    "prompt",
+    "output",
+    "cwd"
+  ]) {
+    if (payload[field] != null) {
+      contentFields[field] = payload[field];
+    }
+  }
+  if (Object.keys(contentFields).length === 0) {
+    return payload;
+  }
+  const e2ePayload = e2eEncrypt(userKey, JSON.stringify(contentFields));
+  const result = { ...payload };
+  delete result.command;
+  delete result.toolInput;
+  delete result.response;
+  delete result.responsePreview;
+  delete result.text;
+  delete result.textPreview;
+  delete result.prompt;
+  delete result.output;
+  delete result.cwd;
+  result.e2ePayload = e2ePayload;
+  return result;
+}
+var AA_DIR = join2(homedir2(), ".agentapprove");
+var E2E_KEY_FILE = join2(AA_DIR, "e2e-key");
+var E2E_ROOT_KEY_FILE = join2(AA_DIR, "e2e-root-key");
+var E2E_ROTATION_FILE = join2(AA_DIR, "e2e-rotation.json");
+function rotateE2eKey(oldKeyHex) {
+  const prefix = Buffer.from("agentapprove-e2e-rotate:");
+  const keyBytes = Buffer.from(oldKeyHex, "hex");
+  return createHash("sha256").update(Buffer.concat([prefix, keyBytes])).digest("hex");
+}
+function deriveEpochKey(rootKeyHex, epoch) {
+  let current = rootKeyHex;
+  for (let i = 0; i < epoch; i++) {
+    current = rotateE2eKey(current);
+  }
+  return current;
+}
+function migrateRootKey(debug = false) {
+  if (!existsSync2(E2E_KEY_FILE) || existsSync2(E2E_ROOT_KEY_FILE)) return;
+  try {
+    copyFileSync(E2E_KEY_FILE, E2E_ROOT_KEY_FILE);
+    try {
+      writeFileSync2(E2E_ROOT_KEY_FILE, readFileSync2(E2E_ROOT_KEY_FILE), { mode: 384 });
+    } catch {
+    }
+    if (!existsSync2(E2E_ROTATION_FILE)) {
+      const keyHex = readFileSync2(E2E_KEY_FILE, "utf-8").trim();
+      const kid = keyId(keyHex);
+      const config = {
+        rootKeyId: kid,
+        epoch: 0,
+        periodSeconds: 0,
+        startedAt: (/* @__PURE__ */ new Date()).toISOString()
+      };
+      writeFileSync2(E2E_ROTATION_FILE, JSON.stringify(config, null, 2), { mode: 384 });
+    }
+    if (debug) debugLog("Migrated e2e-key to e2e-root-key");
+  } catch {
+  }
+}
+function checkAndRotateKeys(currentKeyHex, debug = false) {
+  migrateRootKey(debug);
+  if (!existsSync2(E2E_ROTATION_FILE) || !existsSync2(E2E_ROOT_KEY_FILE)) {
+    return currentKeyHex;
+  }
+  let rotCfg;
+  try {
+    rotCfg = JSON.parse(readFileSync2(E2E_ROTATION_FILE, "utf-8"));
+  } catch {
+    return currentKeyHex;
+  }
+  const periodSeconds = rotCfg.periodSeconds || 0;
+  if (periodSeconds <= 0 || !rotCfg.startedAt) {
+    return currentKeyHex;
+  }
+  const startedTs = Math.floor(new Date(rotCfg.startedAt).getTime() / 1e3);
+  if (isNaN(startedTs)) return currentKeyHex;
+  const nowTs = Math.floor(Date.now() / 1e3);
+  const elapsed = nowTs - startedTs;
+  if (elapsed < 0) return currentKeyHex;
+  const expectedEpoch = Math.floor(elapsed / periodSeconds);
+  const currentEpoch = rotCfg.epoch || 0;
+  if (expectedEpoch <= currentEpoch) {
+    return currentKeyHex;
+  }
+  let rootKeyHex;
+  try {
+    rootKeyHex = readFileSync2(E2E_ROOT_KEY_FILE, "utf-8").trim();
+  } catch {
+    return currentKeyHex;
+  }
+  if (rootKeyHex.length !== 64) return currentKeyHex;
+  const newKey = deriveEpochKey(rootKeyHex, expectedEpoch);
+  if (!newKey) return currentKeyHex;
+  try {
+    writeFileSync2(E2E_KEY_FILE, newKey, { mode: 384 });
+    rotCfg.epoch = expectedEpoch;
+    writeFileSync2(E2E_ROTATION_FILE, JSON.stringify(rotCfg, null, 2), { mode: 384 });
+  } catch {
+  }
+  if (debug) debugLog(`E2E key rotated: epoch ${currentEpoch} -> ${expectedEpoch}`);
+  return newKey;
+}
+
+// src/config.ts
+var CONFIG_PATH = join3(homedir3(), ".agentapprove", "env");
+var KEYCHAIN_SERVICE = "com.agentapprove";
+var KEYCHAIN_ACCOUNT = "api-token";
+function parseConfigValue(content, key) {
+  const lines = content.split("\n");
+  let value;
+  for (const raw of lines) {
+    const line = raw.replace(/^export\s+/, "").trim();
+    if (!line.startsWith(`${key}=`)) continue;
+    let v = line.slice(key.length + 1);
+    if (v.startsWith('"') && v.endsWith('"') || v.startsWith("'") && v.endsWith("'")) {
+      v = v.slice(1, -1);
+    }
+    if (/[`$(){};<>|&!\\]/.test(v)) continue;
+    value = v;
+  }
+  return value;
+}
+function normalizeApiUrl(url) {
+  let result = url.trim();
+  while (result.endsWith("/")) {
+    result = result.slice(0, -1);
+  }
+  return result;
+}
+function normalizeApiVersion(version) {
+  const cleaned = version.trim().replace(/^\/+/, "").replace(/\/+$/, "");
+  return cleaned || "v001";
+}
+function getKeychainToken() {
+  if (process.platform !== "darwin") return void 0;
+  try {
+    const result = execSync(
+      `security find-generic-password -s "${KEYCHAIN_SERVICE}" -a "${KEYCHAIN_ACCOUNT}" -w 2>/dev/null`,
+      { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] }
+    ).trim();
+    return result || void 0;
+  } catch {
+    return void 0;
+  }
+}
+function checkPermissions(logger) {
+  if (!existsSync3(CONFIG_PATH)) return;
+  try {
+    const stat = statSync2(CONFIG_PATH);
+    const mode = stat.mode & 511;
+    if (mode & 54) {
+      logger?.warn(
+        `Config file ${CONFIG_PATH} is group or world readable/writable. Run: chmod 600 ${CONFIG_PATH}`
+      );
+    }
+  } catch {
+  }
+}
+function loadConfig(logger) {
+  checkPermissions(logger);
+  let fileContent = "";
+  if (existsSync3(CONFIG_PATH)) {
+    fileContent = readFileSync3(CONFIG_PATH, "utf-8");
+  }
+  const token = process.env.AGENTAPPROVE_TOKEN || getKeychainToken() || parseConfigValue(fileContent, "AGENTAPPROVE_TOKEN") || "";
+  if (!token) {
+    logger?.warn("No Agent Approve token found. Run the Agent Approve installer to set up.");
+  }
+  const rawApiUrl = process.env.AGENTAPPROVE_API || parseConfigValue(fileContent, "AGENTAPPROVE_API") || "https://api.agentapprove.com";
+  const rawApiVersion = process.env.AGENTAPPROVE_API_VERSION || parseConfigValue(fileContent, "AGENTAPPROVE_API_VERSION") || "v001";
+  const apiUrl = normalizeApiUrl(rawApiUrl);
+  const apiVersion = normalizeApiVersion(rawApiVersion);
+  const timeout = parseInt(process.env.AGENTAPPROVE_TIMEOUT || "", 10) || parseInt(parseConfigValue(fileContent, "AGENTAPPROVE_TIMEOUT") || "", 10) || 300;
+  const failBehavior = process.env.AGENTAPPROVE_FAIL_BEHAVIOR || parseConfigValue(fileContent, "AGENTAPPROVE_FAIL_BEHAVIOR") || "ask";
+  const privacyTier = process.env.AGENTAPPROVE_PRIVACY || parseConfigValue(fileContent, "AGENTAPPROVE_PRIVACY") || "full";
+  const debug = process.env.AGENTAPPROVE_DEBUG === "true" || process.env.AGENTAPPROVE_DEBUG_LOG === "true" || parseConfigValue(fileContent, "AGENTAPPROVE_DEBUG") === "true" || parseConfigValue(fileContent, "AGENTAPPROVE_DEBUG_LOG") === "true" || false;
+  const agentName = process.env.AGENTAPPROVE_AGENT_NAME || parseConfigValue(fileContent, "AGENTAPPROVE_OPENCODE_NAME") || "OpenCode";
+  const e2eEnabled = process.env.AGENTAPPROVE_E2E_ENABLED === "true" || parseConfigValue(fileContent, "AGENTAPPROVE_E2E_ENABLED") === "true";
+  const e2eUserKeyPath = join3(homedir3(), ".agentapprove", "e2e-key");
+  const e2eServerKeyPath = join3(homedir3(), ".agentapprove", "e2e-server-key");
+  let e2eUserKey;
+  let e2eServerKey;
+  if (e2eEnabled) {
+    if (existsSync3(e2eUserKeyPath)) {
+      try {
+        e2eUserKey = readFileSync3(e2eUserKeyPath, "utf-8").trim();
+      } catch {
+        logger?.warn("Failed to load E2E user key");
+      }
+    }
+    if (existsSync3(e2eServerKeyPath)) {
+      try {
+        e2eServerKey = readFileSync3(e2eServerKeyPath, "utf-8").trim();
+      } catch {
+        logger?.warn("Failed to load E2E server key");
+      }
+    }
+    if (e2eUserKey) {
+      e2eUserKey = checkAndRotateKeys(e2eUserKey, debug) || e2eUserKey;
+    }
+  }
+  if (debug) {
+    const e2eStatus = !e2eEnabled ? "disabled" : !e2eUserKey ? "enabled but user key missing" : `enabled, keyId=${keyId(e2eUserKey)}`;
+    debugLog(`Config loaded: e2e=${e2eStatus}, serverKey=${e2eServerKey ? "present" : "missing"}, api=${apiUrl}`);
+  }
+  return {
+    apiUrl,
+    apiVersion,
+    token,
+    timeout,
+    failBehavior,
+    privacyTier,
+    debug,
+    hookVersion: "1.1.0",
+    agentType: "opencode",
+    agentName,
+    e2eEnabled,
+    e2eUserKey,
+    e2eServerKey
+  };
+}
+
+// src/api-client.ts
+import { request as httpsRequest } from "https";
+import { request as httpRequest } from "http";
+import { URL } from "url";
+
+// src/hmac.ts
+import crypto from "crypto";
+import { readFileSync as readFileSync4 } from "fs";
+function generateHMACSignature(body, token, hookVersion) {
+  const timestamp = Math.floor(Date.now() / 1e3);
+  const message = `${hookVersion}:${timestamp}:${body}`;
+  const signature = crypto.createHmac("sha256", token).update(message).digest("hex");
+  return { timestamp, signature };
+}
+function computePluginHash(pluginPath) {
+  try {
+    const content = readFileSync4(pluginPath);
+    return crypto.createHash("sha256").update(content).digest("hex");
+  } catch {
+    return "";
+  }
+}
+function buildHMACHeaders(body, token, hookVersion, pluginHash) {
+  const { timestamp, signature } = generateHMACSignature(body, token, hookVersion);
+  return {
+    "X-Hook-Version": hookVersion,
+    "X-Hook-Timestamp": String(timestamp),
+    "X-Hook-Signature": signature,
+    "X-Hook-Hash": pluginHash
+  };
+}
+
+// src/privacy.ts
+var SUMMARY_MAX_LENGTH = 50;
+var FILEPATH_MAX_LENGTH = 100;
+var SENSITIVE_PATTERNS = [
+  /(?:password|secret|token|key|api_key|auth)=[^\s&]+/gi,
+  /Bearer [a-zA-Z0-9_-]+/gi
+];
+function redactSensitive(value) {
+  let result = value;
+  for (const pattern of SENSITIVE_PATTERNS) {
+    result = result.replace(pattern, "***REDACTED***");
+  }
+  return result;
+}
+function truncate(value, maxLen) {
+  if (!value) return value;
+  if (value.length <= maxLen) return value;
+  return value.slice(0, maxLen) + "...";
+}
+function summarizeToolInput(value) {
+  const inputStr = redactSensitive(JSON.stringify(value));
+  const summary = inputStr.length > SUMMARY_MAX_LENGTH ? inputStr.slice(0, SUMMARY_MAX_LENGTH) + "..." : inputStr;
+  return { _summary: summary };
+}
+function applyPrivacyFilter(request, privacyTier) {
+  if (privacyTier === "full") {
+    return request;
+  }
+  const filtered = { ...request };
+  if (privacyTier === "minimal") {
+    delete filtered.command;
+    filtered.toolInput = void 0;
+    delete filtered.cwd;
+    return filtered;
+  }
+  if (filtered.command) {
+    filtered.command = truncate(redactSensitive(filtered.command), SUMMARY_MAX_LENGTH);
+  }
+  if (filtered.toolInput) {
+    filtered.toolInput = summarizeToolInput(filtered.toolInput);
+  }
+  return filtered;
+}
+var CONTENT_FIELDS = [
+  "command",
+  "toolInput",
+  "response",
+  "responsePreview",
+  "text",
+  "textPreview",
+  "prompt",
+  "output",
+  "cwd"
+];
+function applyEventPrivacyFilter(event, privacyTier) {
+  if (privacyTier === "full") {
+    return event;
+  }
+  const filtered = { ...event };
+  if (privacyTier === "minimal") {
+    for (const field of CONTENT_FIELDS) {
+      delete filtered[field];
+    }
+    if (typeof filtered.textLength === "undefined" && typeof event.text === "string") {
+      filtered.textLength = event.text.length;
+    }
+    return filtered;
+  }
+  for (const field of CONTENT_FIELDS) {
+    const val = filtered[field];
+    if (val === void 0 || val === null) continue;
+    if (field === "toolInput") {
+      filtered[field] = summarizeToolInput(val);
+    } else if (typeof val === "string") {
+      filtered[field] = truncate(redactSensitive(val), SUMMARY_MAX_LENGTH);
+    }
+  }
+  if (typeof filtered.filePath === "string") {
+    filtered.filePath = truncate(filtered.filePath, FILEPATH_MAX_LENGTH);
+  }
+  return filtered;
+}
+
+// src/config-sync.ts
+import { readFileSync as readFileSync5, writeFileSync as writeFileSync3, existsSync as existsSync4, renameSync } from "fs";
+import { join as join4 } from "path";
+import { homedir as homedir4 } from "os";
+function getAADir() {
+  return process.env.__AGENTAPPROVE_TEST_DIR || join4(homedir4(), ".agentapprove");
+}
+function getEnvPath() {
+  return join4(getAADir(), "env");
+}
+function getRotationFile() {
+  return join4(getAADir(), "e2e-rotation.json");
+}
+var VALID_PRIVACY = /* @__PURE__ */ new Set(["minimal", "summary", "full"]);
+var VALID_FAIL = /* @__PURE__ */ new Set(["allow", "deny", "ask"]);
+function updateEnvValues(updates) {
+  const envPath = getEnvPath();
+  if (!existsSync4(envPath)) return;
+  const validUpdates = Object.fromEntries(
+    Object.entries(updates).filter(([, v]) => !/[`$(){};<>|&!\\]/.test(v))
+  );
+  const updateKeys = new Set(Object.keys(validUpdates));
+  if (updateKeys.size === 0) return;
+  try {
+    const content = readFileSync5(envPath, "utf-8");
+    const lines = content.split("\n");
+    const filtered = lines.filter((line) => {
+      const trimmed = line.replace(/^export\s+/, "").trim();
+      const eqIdx = trimmed.indexOf("=");
+      if (eqIdx <= 0) return true;
+      return !updateKeys.has(trimmed.slice(0, eqIdx));
+    });
+    for (const [key, value] of Object.entries(validUpdates)) {
+      filtered.push(`export ${key}=${value}`);
+    }
+    const tmpPath = `${envPath}.tmp.${process.pid}`;
+    writeFileSync3(tmpPath, filtered.join("\n"), { mode: 384 });
+    renameSync(tmpPath, envPath);
+  } catch {
+  }
+}
+function syncRotationConfig(serverPeriod, serverStartedAt, debug) {
+  const rotationFile = getRotationFile();
+  if (!existsSync4(rotationFile)) return;
+  try {
+    const raw = readFileSync5(rotationFile, "utf-8");
+    const config = JSON.parse(raw);
+    const currentPeriod = config.periodSeconds ?? 0;
+    const newPeriod = serverPeriod ?? 0;
+    let needsUpdate = false;
+    if (typeof newPeriod === "number" && newPeriod !== currentPeriod) {
+      config.periodSeconds = newPeriod;
+      needsUpdate = true;
+    }
+    if (serverStartedAt && (!config.startedAt || config.startedAt === "null")) {
+      config.startedAt = serverStartedAt;
+      needsUpdate = true;
+    }
+    if (needsUpdate) {
+      const tmpPath = `${rotationFile}.tmp.${process.pid}`;
+      writeFileSync3(tmpPath, JSON.stringify(config, null, 2), { mode: 384 });
+      renameSync(tmpPath, rotationFile);
+      if (debug) {
+        debugLog(`E2E rotation synced: periodSeconds=${newPeriod}`);
+      }
+    }
+  } catch {
+  }
+}
+function processConfigSync(parsed, config) {
+  const sync = parsed.configSync;
+  if (!sync || !sync.configSetAt) return;
+  const localSetAt = getLocalConfigSetAt();
+  if (sync.configSetAt <= localSetAt) return;
+  if (config.debug) {
+    debugLog(`Config sync: server=${sync.configSetAt} > local=${localSetAt}, updating...`);
+  }
+  const envUpdates = {};
+  if (sync.privacyTier && VALID_PRIVACY.has(sync.privacyTier)) {
+    envUpdates["AGENTAPPROVE_PRIVACY"] = sync.privacyTier;
+    config.privacyTier = sync.privacyTier;
+    if (config.debug) debugLog(`Config synced: privacy=${sync.privacyTier}`);
+  }
+  if (sync.timeoutSeconds != null) {
+    const t = sync.timeoutSeconds;
+    if (t >= 30 && t <= 600) {
+      envUpdates["AGENTAPPROVE_TIMEOUT"] = String(t);
+      config.timeout = t;
+      if (config.debug) debugLog(`Config synced: timeout=${t}`);
+    }
+  }
+  if (sync.failBehavior && VALID_FAIL.has(sync.failBehavior)) {
+    envUpdates["AGENTAPPROVE_FAIL_BEHAVIOR"] = sync.failBehavior;
+    config.failBehavior = sync.failBehavior;
+    if (config.debug) debugLog(`Config synced: failBehavior=${sync.failBehavior}`);
+  }
+  if (sync.e2eEnabled === true || sync.e2eEnabled === false) {
+    envUpdates["AGENTAPPROVE_E2E_ENABLED"] = String(sync.e2eEnabled);
+    config.e2eEnabled = sync.e2eEnabled;
+    if (config.debug) debugLog(`Config synced: e2eEnabled=${sync.e2eEnabled}`);
+  }
+  syncRotationConfig(sync.e2eRotationPeriod, sync.e2eRotationStartedAt, config.debug);
+  if (config.e2eEnabled && config.e2eUserKey) {
+    const rotatedKey = checkAndRotateKeys(config.e2eUserKey, config.debug);
+    if (rotatedKey && rotatedKey !== config.e2eUserKey) {
+      config.e2eUserKey = rotatedKey;
+      if (config.debug) debugLog("Key rotated after config sync");
+    }
+  }
+  envUpdates["AGENTAPPROVE_CONFIG_SET_AT"] = String(sync.configSetAt);
+  updateEnvValues(envUpdates);
+}
+function getLocalConfigSetAt() {
+  const envPath = getEnvPath();
+  if (!existsSync4(envPath)) return 0;
+  try {
+    const content = readFileSync5(envPath, "utf-8");
+    for (const raw of content.split("\n")) {
+      const line = raw.replace(/^export\s+/, "").trim();
+      if (line.startsWith("AGENTAPPROVE_CONFIG_SET_AT=")) {
+        const val = line.slice("AGENTAPPROVE_CONFIG_SET_AT=".length).replace(/^["']|["']$/g, "");
+        const num = parseInt(val, 10);
+        return isNaN(num) ? 0 : num;
+      }
+    }
+  } catch {
+  }
+  return 0;
+}
+
+// src/api-client.ts
+var cachedPluginHash;
+function getPluginHash(pluginPath, debug = false) {
+  if (!cachedPluginHash) {
+    cachedPluginHash = computePluginHash(pluginPath);
+    if (cachedPluginHash && debug) {
+      debugLog(`Plugin hash computed: ${cachedPluginHash.slice(0, 16)}...`);
+    }
+  }
+  return cachedPluginHash || "";
+}
+function httpPost(url, body, headers, timeoutMs) {
+  return new Promise((resolve, reject) => {
+    const parsed = new URL(url);
+    const isHttps = parsed.protocol === "https:";
+    const reqFn = isHttps ? httpsRequest : httpRequest;
+    const req = reqFn(
+      {
+        hostname: parsed.hostname,
+        port: parsed.port || (isHttps ? 443 : 80),
+        path: parsed.pathname + parsed.search,
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "Content-Length": Buffer.byteLength(body),
+          ...headers
+        },
+        timeout: timeoutMs
+      },
+      (res) => {
+        let data = "";
+        res.on("data", (chunk) => {
+          data += chunk;
+        });
+        res.on("end", () => {
+          resolve({ status: res.statusCode || 0, body: data });
+        });
+      }
+    );
+    req.on("error", reject);
+    req.on("timeout", () => {
+      req.destroy();
+      reject(new Error(`Request timed out after ${timeoutMs}ms`));
+    });
+    req.write(body);
+    req.end();
+  });
+}
+async function sendApprovalRequest(request, config, pluginPath) {
+  if (!config.token) {
+    throw new Error("No Agent Approve token configured");
+  }
+  let payload;
+  if (config.e2eEnabled && config.e2eUserKey) {
+    payload = applyApprovalE2E(request, config.e2eUserKey, config.e2eServerKey);
+    if (config.debug) {
+      debugLog("E2E encryption applied to approval request");
+    }
+  } else {
+    payload = applyPrivacyFilter(request, config.privacyTier);
+  }
+  const bodyStr = JSON.stringify(payload);
+  const pluginHash = getPluginHash(pluginPath, config.debug);
+  const hmacHeaders = buildHMACHeaders(bodyStr, config.token, config.hookVersion, pluginHash);
+  const headers = {
+    "Authorization": `Bearer ${config.token}`,
+    ...hmacHeaders
+  };
+  const url = `${config.apiUrl}/${config.apiVersion}/approve`;
+  if (config.debug) {
+    debugLog(`Requesting approval from ${url}`);
+    debugLog(`=== SENT TO ${url} ===`);
+    debugLogRawInline(bodyStr);
+    debugLog("=== END SENT ===");
+  }
+  const response = await httpPost(url, bodyStr, headers, config.timeout * 1e3);
+  if (config.debug) {
+    debugLog(`Response: ${response.body || "<empty>"}`);
+  }
+  if (response.status !== 200) {
+    throw new Error(`API returned status ${response.status}: ${response.body.slice(0, 200)}`);
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(response.body);
+  } catch {
+    throw new Error(`Failed to parse API response: ${response.body.slice(0, 200)}`);
+  }
+  processConfigSync(parsed, config);
+  return parsed;
+}
+async function sendEvent(event, config, pluginPath) {
+  if (!config.token) return;
+  const eventType = event.eventType;
+  const toolName = event.toolName;
+  if (config.debug) {
+    debugLog(`Sending ${eventType || "event"}${toolName ? ` (${toolName})` : ""} (privacy: ${config.privacyTier})`);
+  }
+  try {
+    let payload = applyEventPrivacyFilter(event, config.privacyTier);
+    if (config.e2eEnabled && config.e2eUserKey) {
+      payload = applyEventE2E(payload, config.e2eUserKey);
+      if (config.debug) {
+        debugLog(`E2E applied to event (type=${eventType})`);
+      }
+    }
+    const bodyStr = JSON.stringify(payload);
+    const pluginHash = getPluginHash(pluginPath, config.debug);
+    const hmacHeaders = buildHMACHeaders(bodyStr, config.token, config.hookVersion, pluginHash);
+    const headers = {
+      "Authorization": `Bearer ${config.token}`,
+      ...hmacHeaders
+    };
+    const url = `${config.apiUrl}/${config.apiVersion}/events`;
+    if (config.debug) {
+      debugLog(`=== SENT TO ${url} ===`);
+      debugLogRawInline(bodyStr);
+      debugLog("=== END SENT ===");
+    }
+    const response = await httpPost(url, bodyStr, headers, 5e3);
+    if (config.debug) {
+      debugLog(`send_event response: ${response.body || "<empty>"}`);
+    }
+    if (response.status === 200) {
+      try {
+        const parsed = JSON.parse(response.body);
+        processConfigSync(parsed, config);
+      } catch {
+      }
+    }
+  } catch (err) {
+    if (config.debug) {
+      debugLog(`Failed to send ${eventType || "event"}: ${err instanceof Error ? err.message : String(err)}`);
+    }
+  }
+}
+
+// src/index.ts
+var pluginFilePath;
+try {
+  pluginFilePath = fileURLToPath(import.meta.url);
+} catch {
+  pluginFilePath = __filename;
+}
+var sessionId = randomBytes2(12).toString("hex");
+var COMPACTION_DEDUP_WINDOW_MS = 2e3;
+var openCodeClient = void 0;
+var lastCompactionEventAt = 0;
+function classifyTool(toolName) {
+  const lower = toolName.toLowerCase();
+  if (lower === "bash") {
+    return { toolType: "shell_command", displayName: toolName };
+  }
+  if (lower === "write" || lower === "edit" || lower === "patch") {
+    return { toolType: "file_write", displayName: toolName };
+  }
+  if (lower === "read" || lower === "grep" || lower === "glob" || lower === "list") {
+    return { toolType: "file_read", displayName: toolName };
+  }
+  if (lower === "webfetch" || lower === "websearch") {
+    return { toolType: "network", displayName: toolName };
+  }
+  if (lower === "question") {
+    return { toolType: "user_question", displayName: toolName };
+  }
+  if (lower.startsWith("mcp__") || lower.startsWith("mcp_")) {
+    return { toolType: "mcp_tool", displayName: toolName };
+  }
+  return { toolType: "tool_use", displayName: toolName };
+}
+function extractCommand(toolName, params) {
+  const lower = toolName.toLowerCase();
+  if (lower === "bash") {
+    return params.command || void 0;
+  }
+  if (lower === "write" || lower === "edit" || lower === "patch") {
+    return params.file_path || params.path || void 0;
+  }
+  if (lower === "read") {
+    return params.file_path || params.path || void 0;
+  }
+  if (lower === "grep") {
+    return params.pattern || void 0;
+  }
+  if (lower === "glob") {
+    return params.pattern || void 0;
+  }
+  if (lower === "webfetch") {
+    return params.url || void 0;
+  }
+  if (lower === "websearch") {
+    return params.query || void 0;
+  }
+  if (lower === "question") {
+    return params.question || void 0;
+  }
+  return void 0;
+}
+function handleFailBehavior(config, error, toolName) {
+  if (config.debug) {
+    debugLog(`API error: ${error.message}, failBehavior: ${config.failBehavior}`);
+  }
+  switch (config.failBehavior) {
+    case "deny":
+      return { status: "deny" };
+    case "allow":
+      return { status: "allow" };
+    case "ask":
+    default:
+      return void 0;
+  }
+}
+function mapEventType(eventName) {
+  switch (eventName) {
+    case "session.created":
+      return "session_start";
+    case "session.idle":
+      return "stop";
+    case "session.compacted":
+      return "context_compact";
+    case "session.error":
+      return "error";
+    case "message.updated":
+      return "response";
+    default:
+      return void 0;
+  }
+}
+function shouldSkipCompactionEvent() {
+  const now = Date.now();
+  if (now - lastCompactionEventAt < COMPACTION_DEDUP_WINDOW_MS) {
+    return true;
+  }
+  lastCompactionEventAt = now;
+  return false;
+}
+function plugin(context) {
+  const config = loadConfig();
+  openCodeClient = context.client;
+  if (!config.token) {
+    console.warn(
+      "Agent Approve: No token found. Run the Agent Approve installer to pair with your account."
+    );
+    return {};
+  }
+  if (config.debug) {
+    debugLog(`Plugin loaded, API: ${config.apiUrl}, agent: ${config.agentName}`);
+  }
+  return {
+    // -------------------------------------------------------------------
+    // permission.ask: Primary approval gate (blocking)
+    // -------------------------------------------------------------------
+    "permission.ask": async (input, output) => {
+      const toolName = input.tool.name;
+      const params = input.tool.input || {};
+      const { toolType, displayName } = classifyTool(toolName);
+      const command = extractCommand(toolName, params);
+      const request = {
+        toolName: displayName,
+        toolType,
+        command,
+        toolInput: params,
+        agent: config.agentType,
+        agentName: config.agentName,
+        hookType: "permission_ask",
+        sessionId,
+        conversationId: sessionId,
+        cwd: params.workdir || params.cwd || void 0,
+        projectPath: process.cwd(),
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      };
+      try {
+        const response = await sendApprovalRequest(request, config, pluginFilePath);
+        if (response.decision === "approve" || response.decision === "allow") {
+          if (config.debug) {
+            debugLog(`Tool "${toolName}" approved${response.reason ? ": " + response.reason : ""}`);
+          }
+          output.status = "allow";
+          if (response.reason) output.reason = response.reason;
+          return;
+        }
+        if (config.debug) {
+          debugLog(`Tool "${toolName}" denied${response.reason ? ": " + response.reason : ""}`);
+        }
+        output.status = "deny";
+        output.reason = response.reason || "Denied by Agent Approve";
+      } catch (error) {
+        const result = handleFailBehavior(
+          config,
+          error instanceof Error ? error : new Error(String(error)),
+          toolName
+        );
+        if (result) {
+          output.status = result.status;
+        }
+      }
+    },
+    // -------------------------------------------------------------------
+    // tool.execute.before: Tool start monitoring (non-blocking)
+    // -------------------------------------------------------------------
+    "tool.execute.before": async (input) => {
+      const toolName = input.tool.name;
+      const params = input.tool.input || {};
+      const { toolType } = classifyTool(toolName);
+      void sendEvent({
+        toolName,
+        toolType,
+        eventType: "tool_start",
+        agent: config.agentType,
+        agentName: config.agentName,
+        hookType: "tool_execute_before",
+        sessionId,
+        conversationId: sessionId,
+        command: extractCommand(toolName, params),
+        toolInput: params,
+        cwd: params.workdir || params.cwd || void 0,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      }, config, pluginFilePath);
+    },
+    // -------------------------------------------------------------------
+    // tool.execute.after: Tool completion logging (non-blocking)
+    // -------------------------------------------------------------------
+    "tool.execute.after": async (input) => {
+      const toolName = input.tool.name;
+      const params = input.tool.input || {};
+      const { toolType } = classifyTool(toolName);
+      const resultStr = input.result != null ? typeof input.result === "string" ? input.result : JSON.stringify(input.result) : void 0;
+      const response = input.error || resultStr || void 0;
+      const responsePreview = resultStr && resultStr.length > 1e3 ? resultStr.slice(0, 1e3) + "..." : resultStr;
+      void sendEvent({
+        toolName,
+        toolType,
+        eventType: "tool_complete",
+        agent: config.agentType,
+        agentName: config.agentName,
+        hookType: "tool_execute_after",
+        sessionId,
+        conversationId: sessionId,
+        command: extractCommand(toolName, params),
+        toolInput: params,
+        status: input.error ? "error" : "success",
+        response,
+        responsePreview,
+        durationMs: input.durationMs,
+        cwd: params.workdir || params.cwd || void 0,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      }, config, pluginFilePath);
+    },
+    // -------------------------------------------------------------------
+    // chat.message: User prompt capture (non-blocking)
+    // -------------------------------------------------------------------
+    "chat.message": async (input) => {
+      if (input.role && input.role !== "user") return;
+      const text = input.content || "";
+      void sendEvent({
+        eventType: "user_prompt",
+        agent: config.agentType,
+        agentName: config.agentName,
+        hookType: "chat_message",
+        sessionId,
+        conversationId: sessionId,
+        prompt: text,
+        textLength: text.length,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      }, config, pluginFilePath);
+    },
+    // -------------------------------------------------------------------
+    // event: Catch-all session lifecycle events (blocking for session.idle)
+    // -------------------------------------------------------------------
+    "event": async (input) => {
+      const eventName = input.type;
+      const agEventType = mapEventType(eventName);
+      if (!agEventType) {
+        if (config.debug) {
+          debugLog(`Ignoring unmapped event: ${eventName}`);
+        }
+        return;
+      }
+      if (agEventType === "context_compact" && shouldSkipCompactionEvent()) {
+        if (config.debug) {
+          debugLog(`Skipping duplicate context_compact from ${eventName}`);
+        }
+        return;
+      }
+      if (eventName === "session.idle") {
+        if (config.debug) {
+          debugLog("Session idle detected, sending blocking stop event");
+        }
+        const stopRequest = {
+          toolName: "session_idle",
+          toolType: "session",
+          agent: config.agentType,
+          agentName: config.agentName,
+          hookType: "stop",
+          sessionId,
+          conversationId: sessionId,
+          projectPath: process.cwd(),
+          timestamp: (/* @__PURE__ */ new Date()).toISOString()
+        };
+        try {
+          const response = await sendApprovalRequest(stopRequest, config, pluginFilePath);
+          if ((response.decision === "approve" || response.decision === "allow") && response.reason && openCodeClient) {
+            if (config.debug) {
+              debugLog(`Stop approved with follow-up input: ${response.reason.slice(0, 100)}`);
+            }
+            try {
+              await openCodeClient.tui.appendPrompt({ body: { text: response.reason } });
+              await openCodeClient.tui.submitPrompt();
+            } catch (injectionError) {
+              if (config.debug) {
+                debugLog(`Failed to inject follow-up input: ${injectionError instanceof Error ? injectionError.message : String(injectionError)}`);
+              }
+            }
+          }
+        } catch (error) {
+          if (config.debug) {
+            debugLog(`Stop event error: ${error instanceof Error ? error.message : String(error)}`);
+          }
+        }
+        return;
+      }
+      void sendEvent({
+        eventType: agEventType,
+        agent: config.agentType,
+        agentName: config.agentName,
+        hookType: "event",
+        sessionId,
+        conversationId: sessionId,
+        trigger: eventName,
+        text: input.data ? JSON.stringify(input.data).slice(0, 500) : void 0,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      }, config, pluginFilePath);
+    },
+    // -------------------------------------------------------------------
+    // experimental.session.compacting: Pre-compaction event (non-blocking)
+    // -------------------------------------------------------------------
+    "experimental.session.compacting": async (input) => {
+      if (shouldSkipCompactionEvent()) {
+        if (config.debug) {
+          debugLog("Skipping duplicate context_compact from experimental.session.compacting");
+        }
+        return;
+      }
+      if (config.debug) {
+        debugLog(`Context compaction: ${input.messageCount ?? "?"} messages${input.tokenCount ? `, ${input.tokenCount} tokens` : ""}`);
+      }
+      void sendEvent({
+        eventType: "context_compact",
+        agent: config.agentType,
+        agentName: config.agentName,
+        hookType: "session_compacting",
+        sessionId,
+        conversationId: sessionId,
+        trigger: `${input.messageCount ?? "?"} messages${input.tokenCount ? `, ${input.tokenCount} tokens` : ""}`,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      }, config, pluginFilePath);
+    }
+  };
+}
+export {
+  classifyTool,
+  plugin as default,
+  extractCommand
+};

package/package.json

@@ -0,0 +1,39 @@
+{
+  "name": "@agentapprove/opencode",
+  "version": "0.1.0",
+  "description": "Agent Approve plugin for OpenCode - approve or deny AI agent tool calls from your iPhone and Apple Watch",
+  "main": "dist/index.js",
+  "scripts": {
+    "build": "esbuild src/index.ts --bundle --platform=node --target=node18 --outfile=dist/index.js --format=esm --external:crypto --external:fs --external:path --external:os --external:https --external:http --external:url --external:child_process",
+    "hash": "shasum -a 256 dist/index.js | cut -d' ' -f1",
+    "dev": "esbuild src/index.ts --bundle --platform=node --target=node18 --outfile=dist/index.js --format=esm --external:crypto --external:fs --external:path --external:os --external:https --external:http --external:url --external:child_process --watch"
+  },
+  "files": [
+    "dist/",
+    "README.md"
+  ],
+  "keywords": [
+    "opencode",
+    "agentapprove",
+    "agent-approve",
+    "approval",
+    "governance",
+    "ai-safety",
+    "iphone",
+    "apple-watch",
+    "tool-approval"
+  ],
+  "author": "Agent Approve LLC <hello@agentapprove.com> (https://agentapprove.com)",
+  "license": "SEE LICENSE IN LICENSE",
+  "homepage": "https://www.agentapprove.com",
+  "bugs": {
+    "url": "https://github.com/agentapprove/support/issues"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "devDependencies": {
+    "esbuild": "^0.24.0",
+    "typescript": "^5.0.0"
+  }
+}