npm - @golproductions/check - Versions diffs - 1.1.0 - Mend

@golproductions/check 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,27 @@
+GOL Productions Proprietary License
+Copyright (c) 2026 GOL Productions. All rights reserved.
+This software is the proprietary product of GOL Productions
+("GOL"). It is licensed, not sold.
+GRANT OF LICENSE. GOL grants you a limited, non-exclusive,
+non-transferable, revocable licence to use this software
+exclusively with GOL's Check API service.
+RESTRICTIONS. You may not:
+  1. Copy, modify, or create derivative works of this software.
+  2. Redistribute, sublicense, sell, or otherwise transfer this
+     software to any third party.
+  3. Use this software with any competing command-validation or
+     preflight service.
+  4. Reverse-engineer, decompile, or disassemble this software.
+TERMINATION. This licence terminates immediately if you breach
+any of its terms or if GOL revokes it at its discretion.
+DISCLAIMER. THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY
+OF ANY KIND. GOL DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED.
+GOVERNING LAW. This licence is governed by the laws of the
+State of Victoria, Australia.

package/package.json ADDED Viewed

@@ -0,0 +1,35 @@
+{
+  "name": "@golproductions/check",
+  "version": "1.1.0",
+  "description": "Pre-execution firewall hook for AI agents. Validates every command before it reaches the shell. Supports Claude Code, Gemini CLI, Antigravity, and Cursor.",
+  "bin": {
+    "check": "src/index.js"
+  },
+  "type": "module",
+  "engines": {
+    "node": ">=18"
+  },
+  "files": [
+    "src/",
+    "LICENSE"
+  ],
+  "keywords": [
+    "claude-code",
+    "gemini-cli",
+    "antigravity",
+    "cursor",
+    "hooks",
+    "pretooluse",
+    "beforetool",
+    "beforeshellexecution",
+    "command-validation",
+    "firewall",
+    "ai-agents"
+  ],
+  "license": "SEE LICENSE IN LICENSE",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/golproductions/check.git"
+  },
+  "homepage": "https://www.golproductions.com/check.html"
+}

package/src/index.js ADDED Viewed

@@ -0,0 +1,154 @@
+#!/usr/bin/env node
+// Copyright (c) 2026 GOL Productions. All rights reserved. Proprietary and confidential.
+import { execFileSync } from "node:child_process";
+const API = "https://triage.golproductions.com/preflight";
+const CLIENT_ID = process.env.GOL_CLIENT_ID || "";
+const TIMEOUT_MS = 5000;
+const IS_WIN = process.platform === "win32";
+const SKIP = new Set(["cd", "ls", "dir", "pwd", "echo", "cat", "head", "tail", "wc", "mkdir", "test", "true", "false", "exit"]);
+const PREFIXES = new Set(["sudo", "nohup", "nice", "time", "timeout", "env"]);
+function detectPlatform(parsed) {
+  if (typeof parsed.command === "string" && !parsed.tool_input) return "cursor";
+  if (parsed.hook_event_name === "BeforeTool") return "gemini";
+  return "claude";
+}
+function extractCommand(parsed, platform) {
+  if (platform === "cursor") return parsed.command;
+  return parsed.tool_input?.command;
+}
+function getBaseCommand(cmd) {
+  const cleaned = cmd.replace(/\\\s*\n/g, " ").trim();
+  const tokens = [];
+  let i = 0;
+  while (i < cleaned.length) {
+    while (i < cleaned.length && /\s/.test(cleaned[i])) i++;
+    if (i >= cleaned.length) break;
+    let token = "";
+    if (cleaned[i] === "'" || cleaned[i] === '"') {
+      const q = cleaned[i++];
+      while (i < cleaned.length && cleaned[i] !== q) {
+        if (cleaned[i] === "\\" && q === '"' && i + 1 < cleaned.length) { token += cleaned[++i]; i++; }
+        else token += cleaned[i++];
+      }
+      if (i < cleaned.length) i++;
+    } else {
+      while (i < cleaned.length && !/\s/.test(cleaned[i])) token += cleaned[i++];
+    }
+    if (token.length > 0) tokens.push(token);
+  }
+  let idx = 0;
+  while (idx < tokens.length) {
+    const t = tokens[idx];
+    if (t === "sudo" || t === "nohup") { idx++; continue; }
+    if (t === "env") { idx++; if (idx < tokens.length && tokens[idx].includes("=")) idx++; continue; }
+    if (t === "nice") { idx++; if (idx < tokens.length && tokens[idx] === "-n") { idx++; if (idx < tokens.length) idx++; } continue; }
+    if (t === "time") { idx++; continue; }
+    if (t === "timeout") { idx++; if (idx < tokens.length) idx++; continue; }
+    if (t.includes("=") && !t.startsWith("-")) { idx++; continue; }
+    if (t === "|" || t === "||" || t === "&&" || t === ";") break;
+    return t.includes("/") ? t.split("/").pop() : t;
+  }
+  return null;
+}
+function binaryExists(base) {
+  if (!base || PREFIXES.has(base)) return null;
+  try {
+    execFileSync(IS_WIN ? "where" : "which", [base], { timeout: 2000, stdio: "pipe" });
+    return true;
+  } catch { return false; }
+}
+function respond(platform, allowed, reason) {
+  if (allowed) {
+    const out = {
+      cursor: { permission: "allow" },
+      gemini: { decision: "allow" },
+      claude: { hookSpecificOutput: { hookEventName: "PreToolUse", permissionDecision: "allow" } }
+    };
+    process.stdout.write(JSON.stringify(out[platform]));
+    process.exit(0);
+  }
+  if (platform === "gemini") {
+    process.stderr.write(reason + "\n");
+    process.exit(2);
+  }
+  const out = {
+    cursor: { permission: "deny", user_message: reason, agent_message: reason },
+    claude: { hookSpecificOutput: { hookEventName: "PreToolUse", permissionDecision: "deny", permissionDecisionReason: reason } }
+  };
+  process.stdout.write(JSON.stringify(out[platform]));
+  process.exit(0);
+}
+async function main() {
+  let platform = "claude";
+  try {
+    let input = "";
+    for await (const chunk of process.stdin) input += chunk;
+    let parsed;
+    try { parsed = JSON.parse(input); } catch { respond("claude", true); return; }
+    platform = detectPlatform(parsed);
+    const command = extractCommand(parsed, platform);
+    if (!command) { respond(platform, true); return; }
+    const toolName = parsed.tool_name;
+    const trimmed = command.trim();
+    const first = trimmed.split(/\s+/)[0];
+    if (SKIP.has(first)) { respond(platform, true); return; }
+    if (platform === "claude" && toolName === "PowerShell") { respond(platform, true); return; }
+    if (!CLIENT_ID) {
+      process.stderr.write("check: GOL_CLIENT_ID not set. Get your key at https://www.golproductions.com/check.html\n");
+      respond(platform, true);
+      return;
+    }
+    const base = getBaseCommand(command);
+    const exists = binaryExists(base);
+    if (exists === false) {
+      respond(platform, false, "Check: '" + base + "' is not installed on this machine");
+      return;
+    }
+    const payload = { command };
+    if (exists !== null) payload.binary_exists = exists;
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), TIMEOUT_MS);
+    const res = await fetch(API, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "X-GOL-CLIENT-ID": CLIENT_ID,
+        "User-Agent": "check/1.1.0",
+      },
+      body: JSON.stringify(payload),
+      signal: controller.signal,
+    });
+    clearTimeout(timer);
+    const data = await res.json();
+    if (data.verdict === "runnable") {
+      respond(platform, true);
+    } else {
+      respond(platform, false, "Check: command is invalid");
+    }
+  } catch {
+    respond(platform, true);
+  }
+}
+main();