@askance/cli 0.1.0

package/dist/common/api-client.js

@@ -0,0 +1,186 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.readConfig = readConfig;
+exports.clearConfigCache = clearConfigCache;
+exports.apiGet = apiGet;
+exports.apiPost = apiPost;
+exports.intercept = intercept;
+exports.getInstructions = getInstructions;
+exports.waitForInstruction = waitForInstruction;
+exports.readKeepAliveConfig = readKeepAliveConfig;
+const node_https_1 = __importDefault(require("node:https"));
+const node_http_1 = __importDefault(require("node:http"));
+const node_fs_1 = __importDefault(require("node:fs"));
+const node_path_1 = __importDefault(require("node:path"));
+const yaml_1 = require("yaml");
+let cachedConfig = null;
+function readConfig() {
+    if (cachedConfig)
+        return cachedConfig;
+    const projectDir = process.env.ASKANCE_PROJECT_DIR ?? process.cwd();
+    // Read API URL from .askance.yml or env
+    let apiUrl = process.env.ASKANCE_API_URL ?? "";
+    let projectId = process.env.ASKANCE_PROJECT_ID ?? "";
+    const policyPath = node_path_1.default.join(projectDir, ".askance.yml");
+    if (node_fs_1.default.existsSync(policyPath)) {
+        try {
+            const yml = (0, yaml_1.parse)(node_fs_1.default.readFileSync(policyPath, "utf-8"));
+            if (yml?.api_url && !apiUrl)
+                apiUrl = yml.api_url;
+            if (yml?.project_id && !projectId)
+                projectId = yml.project_id;
+        }
+        catch { }
+    }
+    // Read auth token from credentials file or env
+    let token = process.env.ASKANCE_TOKEN ?? "";
+    let refreshToken = "";
+    const credPath = node_path_1.default.join(projectDir, ".askance", "credentials");
+    if (node_fs_1.default.existsSync(credPath)) {
+        try {
+            const creds = JSON.parse(node_fs_1.default.readFileSync(credPath, "utf-8"));
+            if (!token && creds.token)
+                token = creds.token;
+            if (creds.refresh_token)
+                refreshToken = creds.refresh_token;
+            if (creds.api_url && !apiUrl)
+                apiUrl = creds.api_url;
+            if (creds.project_id && !projectId)
+                projectId = creds.project_id;
+        }
+        catch { }
+    }
+    if (!apiUrl)
+        apiUrl = "https://api.askance.app";
+    cachedConfig = { apiUrl, token, refreshToken, projectId };
+    return cachedConfig;
+}
+function clearConfigCache() {
+    cachedConfig = null;
+}
+function rawRequest(method, urlPath, authToken, apiUrl, body, timeoutMs = 120_000) {
+    const url = new URL(urlPath, apiUrl);
+    const isHttps = url.protocol === "https:";
+    const transport = isHttps ? node_https_1.default : node_http_1.default;
+    return new Promise((resolve) => {
+        const bodyStr = body ? JSON.stringify(body) : undefined;
+        const req = transport.request({
+            hostname: url.hostname,
+            port: url.port || (isHttps ? 443 : 80),
+            path: url.pathname + url.search,
+            method,
+            headers: {
+                "Content-Type": "application/json",
+                ...(bodyStr ? { "Content-Length": Buffer.byteLength(bodyStr) } : {}),
+                ...(authToken ? { Authorization: `Bearer ${authToken}` } : {}),
+            },
+            timeout: timeoutMs,
+        }, (res) => {
+            let data = "";
+            res.on("data", (chunk) => (data += chunk));
+            res.on("end", () => {
+                try {
+                    const parsed = JSON.parse(data);
+                    if (res.statusCode && res.statusCode >= 200 && res.statusCode < 300) {
+                        resolve({ ok: true, data: parsed, status: res.statusCode });
+                    }
+                    else {
+                        resolve({
+                            ok: false,
+                            error: parsed.error || parsed.message || `HTTP ${res.statusCode}`,
+                            status: res.statusCode,
+                        });
+                    }
+                }
+                catch {
+                    if (res.statusCode && res.statusCode >= 200 && res.statusCode < 300) {
+                        resolve({ ok: true, status: res.statusCode });
+                    }
+                    else {
+                        resolve({ ok: false, error: data || `HTTP ${res.statusCode}`, status: res.statusCode });
+                    }
+                }
+            });
+        });
+        req.on("error", (err) => {
+            resolve({ ok: false, error: err.message });
+        });
+        req.on("timeout", () => {
+            req.destroy();
+            resolve({ ok: false, error: "Request timed out" });
+        });
+        if (bodyStr)
+            req.write(bodyStr);
+        req.end();
+    });
+}
+async function tryRefreshToken() {
+    const config = readConfig();
+    if (!config.refreshToken)
+        return false;
+    const result = await rawRequest("POST", "/api/auth/refresh", "", config.apiUrl, { refreshToken: config.refreshToken });
+    if (!result.ok || !result.data)
+        return false;
+    // Update credentials file
+    const projectDir = process.env.ASKANCE_PROJECT_DIR ?? process.cwd();
+    const credPath = node_path_1.default.join(projectDir, ".askance", "credentials");
+    if (node_fs_1.default.existsSync(credPath)) {
+        try {
+            const creds = JSON.parse(node_fs_1.default.readFileSync(credPath, "utf-8"));
+            creds.token = result.data.token;
+            creds.refresh_token = result.data.refreshToken;
+            node_fs_1.default.writeFileSync(credPath, JSON.stringify(creds, null, 2) + "\n", { mode: 0o600 });
+        }
+        catch { }
+    }
+    // Update cached config
+    clearConfigCache();
+    return true;
+}
+async function makeRequest(method, urlPath, body, timeoutMs = 120_000) {
+    const config = readConfig();
+    const result = await rawRequest(method, urlPath, config.token, config.apiUrl, body, timeoutMs);
+    // On 401, try refreshing the token and retry once
+    if (result.status === 401) {
+        const refreshed = await tryRefreshToken();
+        if (refreshed) {
+            const newConfig = readConfig();
+            return rawRequest(method, urlPath, newConfig.token, newConfig.apiUrl, body, timeoutMs);
+        }
+    }
+    return result;
+}
+function apiGet(urlPath, timeoutMs) {
+    return makeRequest("GET", urlPath, undefined, timeoutMs);
+}
+function apiPost(urlPath, body, timeoutMs) {
+    return makeRequest("POST", urlPath, body, timeoutMs);
+}
+function intercept(payload) {
+    return apiPost("/api/intercept", payload);
+}
+function getInstructions(projectId) {
+    return apiGet(`/api/instructions/${projectId}`);
+}
+function waitForInstruction(projectId, timeoutMs) {
+    return apiGet(`/api/instructions/${projectId}/wait?timeout=${timeoutMs}`, timeoutMs + 5000);
+}
+function readKeepAliveConfig() {
+    const projectDir = process.env.ASKANCE_PROJECT_DIR ?? process.cwd();
+    const policyPath = node_path_1.default.join(projectDir, ".askance.yml");
+    try {
+        const yml = (0, yaml_1.parse)(node_fs_1.default.readFileSync(policyPath, "utf-8"));
+        return {
+            enabled: yml?.keep_alive?.enabled ?? true,
+            duration: yml?.keep_alive?.duration ?? 3600,
+            poll_interval: yml?.keep_alive?.poll_interval ?? 30,
+        };
+    }
+    catch {
+        return { enabled: true, duration: 3600, poll_interval: 30 };
+    }
+}
+//# sourceMappingURL=api-client.js.map

package/dist/hook-handler/index.js

@@ -0,0 +1,143 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const node_fs_1 = __importDefault(require("node:fs"));
+const api_client_1 = require("../common/api-client");
+const CONTEXT_LINES = 20;
+function readStdin() {
+    return new Promise((resolve, reject) => {
+        let data = "";
+        process.stdin.setEncoding("utf-8");
+        process.stdin.on("data", (chunk) => (data += chunk));
+        process.stdin.on("end", () => resolve(data));
+        process.stdin.on("error", reject);
+    });
+}
+function extractContext(transcriptPath) {
+    try {
+        if (!transcriptPath || !node_fs_1.default.existsSync(transcriptPath))
+            return "";
+        const content = node_fs_1.default.readFileSync(transcriptPath, "utf-8");
+        const lines = content.trim().split("\n");
+        const recent = lines.slice(-CONTEXT_LINES);
+        const fragments = [];
+        for (const line of recent) {
+            try {
+                const entry = JSON.parse(line);
+                if (entry.type === "assistant" && entry.message?.content) {
+                    const parts = Array.isArray(entry.message.content)
+                        ? entry.message.content
+                        : [entry.message.content];
+                    for (const part of parts) {
+                        if (typeof part === "string" && part.trim()) {
+                            fragments.push(part.trim());
+                        }
+                        else if (part?.type === "text" && part.text?.trim()) {
+                            fragments.push(part.text.trim());
+                        }
+                    }
+                }
+            }
+            catch {
+                // skip unparseable lines
+            }
+        }
+        const combined = fragments.slice(-5).join("\n---\n");
+        return combined.length > 1000 ? combined.slice(-1000) : combined;
+    }
+    catch {
+        return "";
+    }
+}
+async function main() {
+    let input;
+    try {
+        const raw = await readStdin();
+        input = JSON.parse(raw);
+    }
+    catch {
+        process.exit(0);
+    }
+    // Extract recent Claude reasoning from transcript
+    input.context_summary = extractContext(input.transcript_path ?? "");
+    const config = (0, api_client_1.readConfig)();
+    // Map to cloud API format (PascalCase)
+    const payload = {
+        ToolName: input.tool_name ?? "",
+        ToolInput: input.tool_input ? JSON.stringify(input.tool_input) : undefined,
+        SessionId: input.session_id,
+        Cwd: input.cwd,
+        ContextSummary: input.context_summary,
+        ProjectId: config.projectId || undefined,
+    };
+    const result = await (0, api_client_1.intercept)(payload);
+    if (!result.ok || !result.data) {
+        // Cloud API unreachable — fallback to "ask"
+        const output = JSON.stringify({
+            hookSpecificOutput: {
+                hookEventName: "PreToolUse",
+                permissionDecision: "ask",
+                permissionDecisionReason: "Askance cloud API unavailable, falling back to manual approval",
+            },
+        });
+        process.stdout.write(output);
+        process.exit(0);
+    }
+    const response = result.data;
+    if (response.action === "allow") {
+        // Check for pending operator instructions on every allowed call
+        let reason = `Auto-approved: ${response.rule ?? "policy"}`;
+        if (config.projectId) {
+            const instrResult = await (0, api_client_1.getInstructions)(config.projectId);
+            if (instrResult.ok && instrResult.data && instrResult.data.length > 0) {
+                const texts = instrResult.data.map((i) => i.text).join("\n");
+                reason += `\n\n[Askance] OPERATOR INSTRUCTION — The operator has sent you a new task via the dashboard. ` +
+                    `After completing your current action, please address this:\n${texts}`;
+            }
+        }
+        reason += `\n\n[Askance] KEEP-ALIVE: When you have no more tasks to work on, ` +
+            `do NOT go idle. Instead, call the mcp__askance__check_instructions tool ` +
+            `to enter a keep-alive polling loop for new operator instructions.`;
+        const output = JSON.stringify({
+            hookSpecificOutput: {
+                hookEventName: "PreToolUse",
+                permissionDecision: "allow",
+                permissionDecisionReason: reason,
+            },
+        });
+        process.stdout.write(output);
+        process.exit(0);
+    }
+    if (response.action === "pending") {
+        const output = JSON.stringify({
+            hookSpecificOutput: {
+                hookEventName: "PreToolUse",
+                permissionDecision: "deny",
+                permissionDecisionReason: `PENDING APPROVAL (${response.approval_id}): ${response.rule}. ` +
+                    `This action is queued for human approval on the Askance dashboard. ` +
+                    `Continue working on other tasks. When you need the result, call the ` +
+                    `mcp__askance__wait tool with approval_id "${response.approval_id}" ` +
+                    `to check if it has been approved. Once approved, retry the original action.`,
+            },
+        });
+        process.stdout.write(output);
+        process.exit(0);
+    }
+    if (response.action === "deny") {
+        const output = JSON.stringify({
+            hookSpecificOutput: {
+                hookEventName: "PreToolUse",
+                permissionDecision: "deny",
+                permissionDecisionReason: response.reason ?? `Denied: ${response.rule ?? "policy"}`,
+            },
+        });
+        process.stdout.write(output);
+        process.exit(0);
+    }
+    // Unknown response — fallback to ask
+    process.exit(0);
+}
+main().catch(() => process.exit(0));
+//# sourceMappingURL=index.js.map

package/dist/hook-handler/stop-hook.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const api_client_1 = require("../common/api-client");
+function readStdin() {
+    return new Promise((resolve, reject) => {
+        let data = "";
+        process.stdin.setEncoding("utf-8");
+        process.stdin.on("data", (chunk) => (data += chunk));
+        process.stdin.on("end", () => resolve(data));
+        process.stdin.on("error", reject);
+    });
+}
+async function main() {
+    let input;
+    try {
+        const raw = await readStdin();
+        input = JSON.parse(raw);
+    }
+    catch {
+        process.exit(0);
+    }
+    const config = (0, api_client_1.readConfig)();
+    if (!config.projectId) {
+        process.exit(0);
+    }
+    // Check for queued instructions from the dashboard
+    try {
+        const result = await (0, api_client_1.getInstructions)(config.projectId);
+        if (result.ok && result.data && result.data.length > 0) {
+            const texts = result.data.map((i) => i.text).join("\n\n");
+            const output = JSON.stringify({
+                notification: `[Askance] New instruction from operator:\n\n${texts}`,
+            });
+            process.stdout.write(output);
+            process.exit(0);
+        }
+    }
+    catch {
+        // API unavailable — silently continue
+    }
+    // No instructions — just exit cleanly
+    process.exit(0);
+}
+main().catch(() => process.exit(0));
+//# sourceMappingURL=stop-hook.js.map

package/dist/mcp-server/index.js

@@ -0,0 +1,236 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const mcp_js_1 = require("@modelcontextprotocol/sdk/server/mcp.js");
+const stdio_js_1 = require("@modelcontextprotocol/sdk/server/stdio.js");
+const zod_1 = require("zod");
+const api_client_1 = require("../common/api-client");
+const server = new mcp_js_1.McpServer({
+    name: "askance",
+    version: "0.1.0",
+});
+// Tool: wait for an approval decision (long-polls the cloud API)
+server.tool("wait", "Wait for a pending Askance approval to be decided. Use this after a tool call was denied with a PENDING APPROVAL message. This will block until the operator approves or denies the request on the dashboard, or until it times out. Returns the approval status.", {
+    approval_id: zod_1.z
+        .string()
+        .describe("The approval ID from the PENDING APPROVAL message"),
+    timeout_seconds: zod_1.z
+        .number()
+        .optional()
+        .default(120)
+        .describe("Max seconds to wait (default 120, max 300)"),
+}, async ({ approval_id, timeout_seconds }) => {
+    const timeoutMs = Math.min((timeout_seconds ?? 120) * 1000, 300_000);
+    try {
+        const result = await (0, api_client_1.apiGet)(`/api/approvals/${approval_id}/wait?timeout=${timeoutMs}`, timeoutMs + 5000);
+        if (!result.ok) {
+            return {
+                content: [{ type: "text", text: `Error: ${result.error}` }],
+                isError: true,
+            };
+        }
+        const data = result.data;
+        const status = data.status;
+        if (status === "timeout") {
+            return {
+                content: [{
+                        type: "text",
+                        text: `Approval ${approval_id} is still pending. No decision yet. You can call wait again later or continue with other work.`,
+                    }],
+            };
+        }
+        // Cloud API returns status "decided" with nested approval object
+        const approval = (data.approval ?? data);
+        const approvalStatus = approval.status?.toLowerCase();
+        if (approvalStatus === "approved") {
+            return {
+                content: [{
+                        type: "text",
+                        text: `APPROVED: ${approval_id}. The operator approved "${approval.toolName ?? approval.tool_name}". You can now retry the original action.`,
+                    }],
+            };
+        }
+        if (approvalStatus === "denied") {
+            return {
+                content: [{
+                        type: "text",
+                        text: `DENIED: ${approval_id}. The operator denied "${approval.toolName ?? approval.tool_name}". Do not retry this action. Find an alternative approach or skip it.`,
+                    }],
+            };
+        }
+        return {
+            content: [{
+                    type: "text",
+                    text: `Unknown status for ${approval_id}: ${JSON.stringify(data)}`,
+                }],
+        };
+    }
+    catch (err) {
+        return {
+            content: [{
+                    type: "text",
+                    text: `Error waiting for approval: ${err instanceof Error ? err.message : String(err)}`,
+                }],
+            isError: true,
+        };
+    }
+});
+// Tool: list all pending approvals
+server.tool("pending", "List all pending Askance approval requests waiting for operator decision on the dashboard.", {}, async () => {
+    try {
+        const config = (0, api_client_1.readConfig)();
+        const path = config.projectId
+            ? `/api/approvals?projectId=${config.projectId}`
+            : "/api/approvals";
+        const result = await (0, api_client_1.apiGet)(path);
+        if (!result.ok) {
+            return {
+                content: [{ type: "text", text: `Error: ${result.error}` }],
+                isError: true,
+            };
+        }
+        const items = result.data ?? [];
+        if (items.length === 0) {
+            return {
+                content: [{
+                        type: "text",
+                        text: "No pending approvals. All previous requests have been decided.",
+                    }],
+            };
+        }
+        const lines = items.map((r) => `- [${r.id}] ${r.toolName ?? r.tool_name} (${r.risk} risk) — ${r.rule} — ${new Date(r.createdAt).toLocaleTimeString()}`);
+        return {
+            content: [{
+                    type: "text",
+                    text: `Pending approvals (${items.length}):\n${lines.join("\n")}`,
+                }],
+        };
+    }
+    catch (err) {
+        return {
+            content: [{
+                    type: "text",
+                    text: `Error fetching pending approvals: ${err instanceof Error ? err.message : String(err)}`,
+                }],
+            isError: true,
+        };
+    }
+});
+// Tool: check status of a specific approval
+server.tool("status", "Check the current status of a specific Askance approval request by ID.", {
+    approval_id: zod_1.z.string().describe("The approval ID to check"),
+}, async ({ approval_id }) => {
+    try {
+        const result = await (0, api_client_1.apiGet)(`/api/approvals/${approval_id}`);
+        if (!result.ok) {
+            return {
+                content: [{
+                        type: "text",
+                        text: `Approval ${approval_id} not found or API unavailable.`,
+                    }],
+                isError: true,
+            };
+        }
+        const data = result.data;
+        return {
+            content: [{
+                    type: "text",
+                    text: `Approval ${approval_id}: status=${data.status}, tool=${data.toolName ?? data.tool_name}, risk=${data.risk}, rule=${data.rule}`,
+                }],
+        };
+    }
+    catch (err) {
+        return {
+            content: [{
+                    type: "text",
+                    text: `Approval ${approval_id} not found or API unavailable.`,
+                }],
+            isError: true,
+        };
+    }
+});
+// Tool: check for operator instructions (keep-alive polling loop)
+server.tool("check_instructions", "Poll the Askance dashboard for new operator instructions. Call this in a keep-alive loop when you have no more tasks to work on. " +
+    "This will long-poll for up to poll_interval seconds, then return. If no instructions arrive, call this tool again " +
+    "to continue the keep-alive loop. Stop polling once the total keep-alive duration has elapsed (the response will tell you when to stop). " +
+    "IMPORTANT: You MUST call this tool when you finish all your tasks instead of going idle.", {
+    keep_alive_started_at: zod_1.z
+        .number()
+        .optional()
+        .describe("Unix timestamp (ms) when the keep-alive loop started. Omit on first call — the tool will return it for subsequent calls."),
+}, async ({ keep_alive_started_at }) => {
+    try {
+        const config = (0, api_client_1.readConfig)();
+        if (!config.projectId) {
+            return {
+                content: [{
+                        type: "text",
+                        text: "No project configured. Run 'npx askance login' to connect to your Askance project.",
+                    }],
+                isError: true,
+            };
+        }
+        // Read keep-alive config from local .askance.yml
+        const kaConfig = (0, api_client_1.readKeepAliveConfig)();
+        if (!kaConfig.enabled) {
+            return {
+                content: [{
+                        type: "text",
+                        text: "Keep-alive polling is disabled in .askance.yml. You may stop.",
+                    }],
+            };
+        }
+        const now = Date.now();
+        const startedAt = keep_alive_started_at ?? now;
+        const elapsedMs = now - startedAt;
+        const durationMs = kaConfig.duration * 1000;
+        if (elapsedMs >= durationMs) {
+            return {
+                content: [{
+                        type: "text",
+                        text: `Keep-alive duration expired (${kaConfig.duration}s). No more instructions. You may stop polling.`,
+                    }],
+            };
+        }
+        const remainingMs = durationMs - elapsedMs;
+        const pollMs = Math.min(kaConfig.poll_interval * 1000, remainingMs);
+        // Long-poll the cloud API for instructions
+        const result = await (0, api_client_1.waitForInstruction)(config.projectId, pollMs);
+        if (result.ok && result.data?.status === "instruction" && result.data.instructions?.length) {
+            const texts = result.data.instructions.map((i) => i.text).join("\n\n");
+            return {
+                content: [{
+                        type: "text",
+                        text: `NEW OPERATOR INSTRUCTION:\n\n${texts}\n\n` +
+                            `Please execute this instruction now. When done, call check_instructions again ` +
+                            `with keep_alive_started_at=${startedAt} to continue the keep-alive loop.`,
+                    }],
+            };
+        }
+        const remainingSec = Math.round((durationMs - (Date.now() - startedAt)) / 1000);
+        return {
+            content: [{
+                    type: "text",
+                    text: `No instructions yet. Keep-alive: ${remainingSec}s remaining. ` +
+                        `Call check_instructions again with keep_alive_started_at=${startedAt} to continue polling.`,
+                }],
+        };
+    }
+    catch (err) {
+        return {
+            content: [{
+                    type: "text",
+                    text: `Error polling for instructions: ${err instanceof Error ? err.message : String(err)}`,
+                }],
+            isError: true,
+        };
+    }
+});
+async function main() {
+    const transport = new stdio_js_1.StdioServerTransport();
+    await server.connect(transport);
+}
+main().catch((err) => {
+    process.stderr.write(`Askance MCP server error: ${err}\n`);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/templates/ci-safe.yml

@@ -0,0 +1,22 @@
+version: 1
+
+api_url: https://api.askance.app
+project_id: ""
+
+keep_alive:
+  enabled: false
+  duration: 0
+  poll_interval: 0
+rules:
+  - name: "Allow read-only tools"
+    match: { tool: "^(Read|Glob|Grep)$" }
+    action: allow
+    risk: low
+  - name: "Allow test commands"
+    match: { tool: "^Bash$", command: "^(npm test|pytest|dotnet test|go test|cargo test)" }
+    action: allow
+    risk: low
+  - name: "Deny everything else"
+    match: { tool: ".*" }
+    action: deny
+    risk: high

package/dist/templates/conservative.yml

@@ -0,0 +1,30 @@
+version: 1
+
+api_url: https://api.askance.app
+project_id: ""
+
+keep_alive:
+  enabled: true
+  duration: 3600
+  poll_interval: 30
+rules:
+  - name: "Allow read-only tools"
+    match: { tool: "^(Read|Glob|Grep|WebSearch|WebFetch)$" }
+    action: allow
+    risk: low
+  - name: "Gate all writes"
+    match: { tool: "^(Write|Edit|NotebookEdit)$" }
+    action: gate
+    risk: medium
+  - name: "Gate bash commands"
+    match: { tool: "^Bash$" }
+    action: gate
+    risk: high
+  - name: "Deny destructive commands"
+    match: { tool: "^Bash$", command: "(rm -rf|drop table|format |shutdown|reboot)" }
+    action: deny
+    risk: high
+  - name: "Default - gate everything"
+    match: { tool: ".*" }
+    action: gate
+    risk: medium

package/dist/templates/copilot-config.json

@@ -0,0 +1,11 @@
+{
+  "copilot.agent": {
+    "hooks": {
+      "preToolUse": {
+        "command": "node",
+        "args": ["node_modules/@askance/cli/dist/hook-handler/index.js"],
+        "matchTools": [".*"]
+      }
+    }
+  }
+}