@hiro-c/agent-gate 1.2.0 → 1.4.0

package/README.md

@@ -90,6 +90,8 @@ Full options: see [docs/config.md](docs/config.md) (TODO) or `AgentGatePluginCon
 | `AGENT_GATE_USE_SDK` | `1` prefers the Anthropic agent SDK over API/CLI (no API key needed; works best with daemon mode) |
 | `AGENT_GATE_ON_ERROR` | `block` to fail-closed when a rule or AI client throws (default `allow`) |
 | `AGENT_GATE_DAEMON` | `1` routes through the daemon if it is running |
+| `AGENT_GATE_CACHE_TTL_SEC` | Daemon decision cache TTL in seconds (default `60`) |
+| `AGENT_GATE_CACHE_SIZE` | Daemon decision cache max entries (default `256`) |
 
 ## Supported AI tools
 

package/dist/cache/DecisionCache.d.ts

@@ -0,0 +1,36 @@
+import { ValidationResult } from '../contracts/types/ValidationResult';
+export interface CacheKey {
+    adapter: string;
+    toolName: string;
+    toolInput: Record<string, unknown>;
+    cwd: string;
+}
+export interface DecisionCacheOptions {
+    /** Time to live in seconds. Entries past this age miss. */
+    ttlSec: number;
+    /** Max entries before LRU eviction kicks in. */
+    maxEntries: number;
+    /** Clock injection for testing. Defaults to Date.now. */
+    now?: () => number;
+}
+/**
+ * In-process LRU + TTL cache of agent-gate decisions.
+ *
+ * Most useful inside `agent-gate daemon` where the cache persists
+ * across hook invocations. Same {adapter, toolName, toolInput, cwd}
+ * within the TTL skips the entire pipeline (deterministic engine,
+ * collector, AI call) and returns the prior verdict.
+ */
+export declare class DecisionCache {
+    private readonly ttlMs;
+    private readonly maxEntries;
+    private readonly now;
+    private readonly store;
+    constructor(opts: DecisionCacheOptions);
+    private hash;
+    get(key: CacheKey): ValidationResult | null;
+    set(key: CacheKey, value: ValidationResult): void;
+    get size(): number;
+    clear(): void;
+}
+//# sourceMappingURL=DecisionCache.d.ts.map

package/dist/cache/DecisionCache.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"DecisionCache.d.ts","sourceRoot":"","sources":["../../src/cache/DecisionCache.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,qCAAqC,CAAA;AAEtE,MAAM,WAAW,QAAQ;IACvB,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAClC,GAAG,EAAE,MAAM,CAAA;CACZ;AAED,MAAM,WAAW,oBAAoB;IACnC,2DAA2D;IAC3D,MAAM,EAAE,MAAM,CAAA;IACd,gDAAgD;IAChD,UAAU,EAAE,MAAM,CAAA;IAClB,yDAAyD;IACzD,GAAG,CAAC,EAAE,MAAM,MAAM,CAAA;CACnB;AAOD;;;;;;;GAOG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAQ;IAC9B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAQ;IACnC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAc;IAClC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAgC;gBAE1C,IAAI,EAAE,oBAAoB;IAMtC,OAAO,CAAC,IAAI;IASZ,GAAG,CAAC,GAAG,EAAE,QAAQ,GAAG,gBAAgB,GAAG,IAAI;IAc3C,GAAG,CAAC,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,gBAAgB,GAAG,IAAI;IAWjD,IAAI,IAAI,IAAI,MAAM,CAEjB;IAED,KAAK,IAAI,IAAI;CAGd"}

package/dist/cache/DecisionCache.js

@@ -0,0 +1,80 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DecisionCache = void 0;
+/**
+ * In-process LRU + TTL cache of agent-gate decisions.
+ *
+ * Most useful inside `agent-gate daemon` where the cache persists
+ * across hook invocations. Same {adapter, toolName, toolInput, cwd}
+ * within the TTL skips the entire pipeline (deterministic engine,
+ * collector, AI call) and returns the prior verdict.
+ */
+class DecisionCache {
+    ttlMs;
+    maxEntries;
+    now;
+    store = new Map();
+    constructor(opts) {
+        this.ttlMs = opts.ttlSec * 1000;
+        this.maxEntries = opts.maxEntries;
+        this.now = opts.now ?? Date.now;
+    }
+    hash(key) {
+        return JSON.stringify({
+            a: key.adapter,
+            t: key.toolName,
+            c: key.cwd,
+            i: canonicalize(key.toolInput),
+        });
+    }
+    get(key) {
+        const k = this.hash(key);
+        const entry = this.store.get(k);
+        if (!entry)
+            return null;
+        if (entry.expiresAt <= this.now()) {
+            this.store.delete(k);
+            return null;
+        }
+        // Refresh LRU order: re-insert.
+        this.store.delete(k);
+        this.store.set(k, entry);
+        return entry.value;
+    }
+    set(key, value) {
+        const k = this.hash(key);
+        this.store.delete(k);
+        this.store.set(k, { value, expiresAt: this.now() + this.ttlMs });
+        while (this.store.size > this.maxEntries) {
+            const oldest = this.store.keys().next().value;
+            if (oldest === undefined)
+                break;
+            this.store.delete(oldest);
+        }
+    }
+    get size() {
+        return this.store.size;
+    }
+    clear() {
+        this.store.clear();
+    }
+}
+exports.DecisionCache = DecisionCache;
+/**
+ * Stable string representation of an arbitrary JSON-like input.
+ * Sorts object keys so key-order does not affect cache hits.
+ */
+function canonicalize(value) {
+    if (Array.isArray(value)) {
+        return value.map(canonicalize);
+    }
+    if (value !== null && typeof value === 'object') {
+        const obj = value;
+        const sorted = {};
+        for (const k of Object.keys(obj).sort()) {
+            sorted[k] = canonicalize(obj[k]);
+        }
+        return sorted;
+    }
+    return value;
+}

package/dist/cli/agent-gate.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"agent-gate.d.ts","sourceRoot":"","sources":["../../src/cli/agent-gate.ts"],"names":[],"mappings":";AAIA,OAAO,EAAE,gBAAgB,EAAE,MAAM,qCAAqC,CAAA;AAYtE,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAA;AAsC7C,wBAAsB,GAAG,CACvB,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,OAAO,GAChB,OAAO,CAAC,gBAAgB,CAAC,CAE3B;AAsGD,UAAU,UAAU;IAClB,UAAU,EAAE,MAAM,EAAE,CAAA;IACpB,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,OAAO,CAAA;IACjB,WAAW,EAAE,OAAO,CAAA;CACrB;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,UAAU,CAgCpD"}
+{"version":3,"file":"agent-gate.d.ts","sourceRoot":"","sources":["../../src/cli/agent-gate.ts"],"names":[],"mappings":";AAIA,OAAO,EAAE,gBAAgB,EAAE,MAAM,qCAAqC,CAAA;AAYtE,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAA;AAuC7C,wBAAsB,GAAG,CACvB,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,OAAO,GAChB,OAAO,CAAC,gBAAgB,CAAC,CAE3B;AAuHD,UAAU,UAAU;IAClB,UAAU,EAAE,MAAM,EAAE,CAAA;IACpB,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,OAAO,CAAA;IACjB,WAAW,EAAE,OAAO,CAAA;CACrB;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,UAAU,CAgCpD"}

package/dist/cli/agent-gate.js

@@ -15,6 +15,7 @@ const formatFindings_1 = require("../doctor/formatFindings");
 const server_1 = require("../daemon/server");
 const client_1 = require("../daemon/client");
 const protocol_1 = require("../daemon/protocol");
+const DecisionCache_1 = require("../cache/DecisionCache");
 const HELP_TEXT = `agent-gate — runtime enforcer for AI coding agent rules
 
 Usage:
@@ -75,6 +76,14 @@ function runHookMode(adapter) {
 }
 async function runDaemon() {
     const socketPath = process.env.AGENT_GATE_SOCKET_PATH ?? (0, protocol_1.defaultSocketPath)();
+    // Shared decision cache lives for the lifetime of the daemon, so every
+    // hook invocation benefits from prior verdicts.
+    const ttlSec = parseInt(process.env.AGENT_GATE_CACHE_TTL_SEC ?? '60', 10);
+    const maxEntries = parseInt(process.env.AGENT_GATE_CACHE_SIZE ?? '256', 10);
+    const cache = new DecisionCache_1.DecisionCache({
+        ttlSec: Number.isNaN(ttlSec) ? 60 : ttlSec,
+        maxEntries: Number.isNaN(maxEntries) ? 256 : maxEntries,
+    });
     const server = new server_1.DaemonServer({
         socketPath,
         handler: async (req) => {
@@ -89,6 +98,7 @@ async function runDaemon() {
             const result = await (0, processHookData_1.processHookData)(req.payload, {
                 adapter,
                 cwd: req.cwd,
+                cache,
             });
             return { output: adapter.formatResponse(result) };
         },

package/dist/deterministic/bashAnalysis.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Light-weight bash analysis utilities used by deterministic rules to
+ * see past common obfuscation patterns. This is intentionally not a
+ * full shell parser; it handles the cases that matter for guardrails
+ * (separators, quoting, heredoc redirects, command substitution
+ * markers) and stays small.
+ */
+/**
+ * Split a command line into top-level statements separated by `;`,
+ * `&&`, `||`, `|`, or newline. Respects single- and double-quoted
+ * regions so separators inside strings are preserved as part of the
+ * statement.
+ *
+ * Trims and drops empty results.
+ */
+export declare function splitStatements(command: string): string[];
+/**
+ * Return any redirect targets that follow a heredoc operator. Each
+ * `cat <<EOF > target` (or `>> target`) anywhere in the command
+ * contributes one entry. Returns the raw target token without quote
+ * stripping.
+ */
+export declare function extractHeredocTargets(command: string): string[];
+/**
+ * True when the command uses command substitution `$(...)` / backticks,
+ * or a non-literal variable reference (anything other than the well-
+ * known `$HOME` / `$USER` / `$PWD` which the catastrophic-path rule
+ * already understands).
+ */
+export declare function hasObfuscation(command: string): boolean;
+//# sourceMappingURL=bashAnalysis.d.ts.map

package/dist/deterministic/bashAnalysis.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bashAnalysis.d.ts","sourceRoot":"","sources":["../../src/deterministic/bashAnalysis.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CA2CzD;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAS/D;AAWD;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAYvD"}

package/dist/deterministic/bashAnalysis.js

@@ -0,0 +1,108 @@
+"use strict";
+/**
+ * Light-weight bash analysis utilities used by deterministic rules to
+ * see past common obfuscation patterns. This is intentionally not a
+ * full shell parser; it handles the cases that matter for guardrails
+ * (separators, quoting, heredoc redirects, command substitution
+ * markers) and stays small.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.splitStatements = splitStatements;
+exports.extractHeredocTargets = extractHeredocTargets;
+exports.hasObfuscation = hasObfuscation;
+/**
+ * Split a command line into top-level statements separated by `;`,
+ * `&&`, `||`, `|`, or newline. Respects single- and double-quoted
+ * regions so separators inside strings are preserved as part of the
+ * statement.
+ *
+ * Trims and drops empty results.
+ */
+function splitStatements(command) {
+    const out = [];
+    let buf = '';
+    let i = 0;
+    let quote = null;
+    while (i < command.length) {
+        const c = command[i];
+        if (quote) {
+            buf += c;
+            if (c === quote)
+                quote = null;
+            i++;
+            continue;
+        }
+        if (c === '"' || c === "'") {
+            quote = c;
+            buf += c;
+            i++;
+            continue;
+        }
+        if (c === ';' || c === '\n' || c === '|') {
+            // `||` collapses with `|`; `&&` handled below.
+            out.push(buf);
+            buf = '';
+            i++;
+            // collapse a trailing | of `||`
+            if (c === '|' && command[i] === '|')
+                i++;
+            continue;
+        }
+        if (c === '&' && command[i + 1] === '&') {
+            out.push(buf);
+            buf = '';
+            i += 2;
+            continue;
+        }
+        buf += c;
+        i++;
+    }
+    out.push(buf);
+    return out.map((s) => s.trim()).filter((s) => s.length > 0);
+}
+/**
+ * Return any redirect targets that follow a heredoc operator. Each
+ * `cat <<EOF > target` (or `>> target`) anywhere in the command
+ * contributes one entry. Returns the raw target token without quote
+ * stripping.
+ */
+function extractHeredocTargets(command) {
+    const targets = [];
+    // `<<` or `<<-`, optional `'TAG'` or `"TAG"` or bare TAG, then a redirect.
+    // We are permissive about whitespace.
+    const re = /<<-?\s*(?:['"]?\w+['"]?)\s*(?:>>?)\s*([^\s;|&<>]+)/g;
+    for (const m of command.matchAll(re)) {
+        if (m[1])
+            targets.push(m[1]);
+    }
+    return targets;
+}
+const KNOWN_LITERAL_VARS = new Set([
+    '$HOME',
+    '${HOME}',
+    '$PWD',
+    '${PWD}',
+    '$USER',
+    '${USER}',
+]);
+/**
+ * True when the command uses command substitution `$(...)` / backticks,
+ * or a non-literal variable reference (anything other than the well-
+ * known `$HOME` / `$USER` / `$PWD` which the catastrophic-path rule
+ * already understands).
+ */
+function hasObfuscation(command) {
+    if (/\$\([^)]*\)/.test(command))
+        return true;
+    if (/`[^`]*`/.test(command))
+        return true;
+    // Match each $VAR / ${VAR} occurrence and decide whether it is one
+    // of the literal allowlist.
+    const re = /\$\{?[A-Za-z_][A-Za-z0-9_]*\}?/g;
+    for (const m of command.matchAll(re)) {
+        const tok = m[0];
+        if (!KNOWN_LITERAL_VARS.has(tok))
+            return true;
+    }
+    return false;
+}

package/dist/deterministic/rules/preventBashSecretWrite.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"preventBashSecretWrite.d.ts","sourceRoot":"","sources":["../../../src/deterministic/rules/preventBashSecretWrite.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAe,MAAM,UAAU,CAAA;AAwDzD,eAAO,MAAM,sBAAsB,EAAE,iBAkBpC,CAAA"}
+{"version":3,"file":"preventBashSecretWrite.d.ts","sourceRoot":"","sources":["../../../src/deterministic/rules/preventBashSecretWrite.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAe,MAAM,UAAU,CAAA;AA6DzD,eAAO,MAAM,sBAAsB,EAAE,iBAsBpC,CAAA"}

package/dist/deterministic/rules/preventBashSecretWrite.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.preventBashSecretWrite = void 0;
+const bashAnalysis_1 = require("../bashAnalysis");
 const TEMPLATE_SUFFIXES = ['.example', '.sample', '.template', '.dist'];
 function basename(path) {
     const cleaned = path.replace(/[\s'"]+$/, '');
@@ -30,18 +31,18 @@ function isSecretTargetPath(rawPath) {
     return false;
 }
 /**
- * Extracts files that the command writes to via redirect (>, >>) or `tee`.
- * Conservative: matches the next non-flag token after the operator/word.
+ * Extracts every file the command writes to:
+ *   1. Standard redirects (`>`, `>>`, `1>`, `2>`, `&>`)
+ *   2. `tee [-a] FILE [FILE ...]`
+ *   3. Heredoc redirects (`cat <<EOF > file`)
  */
 function extractWriteTargets(command) {
     const targets = [];
-    // Redirect operators: >, >>, &>, &>>, 1>, 2> etc.
     const redirectRe = /[12&]?>>?\s*([^\s;|&<>]+)/g;
     for (const m of command.matchAll(redirectRe)) {
         if (m[1])
             targets.push(m[1]);
     }
-    // tee [-a] FILE [FILE ...]
     const teeRe = /\btee\b(?:\s+-[A-Za-z]+)*\s+([^\s;|&<>]+(?:\s+[^\s;|&<>]+)*)/g;
     for (const m of command.matchAll(teeRe)) {
         if (m[1]) {
@@ -51,6 +52,9 @@ function extractWriteTargets(command) {
             }
         }
     }
+    for (const t of (0, bashAnalysis_1.extractHeredocTargets)(command)) {
+        targets.push(t);
+    }
     return targets;
 }
 exports.preventBashSecretWrite = {
@@ -61,13 +65,17 @@ exports.preventBashSecretWrite = {
         const command = toolInput.command;
         if (typeof command !== 'string')
             return { kind: 'allow' };
-        const targets = extractWriteTargets(command);
-        for (const target of targets) {
-            if (isSecretTargetPath(target)) {
-                return {
-                    kind: 'block',
-                    reason: `Refusing to write to a likely secret/credential file via shell redirect: ${target}. If this is intentional, run the command manually outside of the agent.`,
-                };
+        // Inspect each top-level statement; heredoc spans newlines so the
+        // statement splitter preserves the heredoc body inside its segment.
+        for (const stmt of (0, bashAnalysis_1.splitStatements)(command)) {
+            const targets = extractWriteTargets(stmt);
+            for (const target of targets) {
+                if (isSecretTargetPath(target)) {
+                    return {
+                        kind: 'block',
+                        reason: `Refusing to write to a likely secret/credential file via shell redirect: ${target}. If this is intentional, run the command manually outside of the agent.`,
+                    };
+                }
             }
         }
         return { kind: 'allow' };

package/dist/deterministic/rules/preventRmRfRoot.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"preventRmRfRoot.d.ts","sourceRoot":"","sources":["../../../src/deterministic/rules/preventRmRfRoot.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAe,MAAM,UAAU,CAAA;AA+CzD,eAAO,MAAM,eAAe,EAAE,iBAmB7B,CAAA"}
+{"version":3,"file":"preventRmRfRoot.d.ts","sourceRoot":"","sources":["../../../src/deterministic/rules/preventRmRfRoot.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAe,MAAM,UAAU,CAAA;AA0EzD,eAAO,MAAM,eAAe,EAAE,iBAa7B,CAAA"}

package/dist/deterministic/rules/preventRmRfRoot.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.preventRmRfRoot = void 0;
+const bashAnalysis_1 = require("../bashAnalysis");
 const CATASTROPHIC_TARGETS = new Set([
     '/',
     '$HOME',
@@ -44,6 +45,29 @@ function extractTargets(command) {
     const tokens = trimmed.split(/\s+/);
     return tokens.slice(1).filter((t) => !t.startsWith('-'));
 }
+function evaluateStatement(stmt) {
+    if (!isRecursiveForceRm(stmt))
+        return { kind: 'allow' };
+    // Substitution / unresolved variable targets cannot be evaluated
+    // statically. Treat them as suspicious: we cannot prove they are not
+    // catastrophic, so block.
+    if ((0, bashAnalysis_1.hasObfuscation)(stmt)) {
+        return {
+            kind: 'block',
+            reason: 'Refusing recursive rm whose target is a command substitution or unresolved variable. The target cannot be evaluated statically, so the operation is rejected as a safety precaution.',
+        };
+    }
+    const targets = extractTargets(stmt);
+    for (const target of targets) {
+        if (CATASTROPHIC_TARGETS.has(target)) {
+            return {
+                kind: 'block',
+                reason: `Refusing to run recursive rm on a catastrophic path: ${target}. If this is genuinely intended, run the command manually outside of the agent.`,
+            };
+        }
+    }
+    return { kind: 'allow' };
+}
 exports.preventRmRfRoot = {
     id: 'prevent-rm-rf-root',
     check(toolName, toolInput) {
@@ -52,16 +76,10 @@ exports.preventRmRfRoot = {
         const command = toolInput.command;
         if (typeof command !== 'string')
             return { kind: 'allow' };
-        if (!isRecursiveForceRm(command))
-            return { kind: 'allow' };
-        const targets = extractTargets(command);
-        for (const target of targets) {
-            if (CATASTROPHIC_TARGETS.has(target)) {
-                return {
-                    kind: 'block',
-                    reason: `Refusing to run recursive rm on a catastrophic path: ${target}. If this is genuinely intended, run the command manually outside of the agent.`,
-                };
-            }
+        for (const stmt of (0, bashAnalysis_1.splitStatements)(command)) {
+            const v = evaluateStatement(stmt);
+            if (v.kind === 'block')
+                return v;
         }
         return { kind: 'allow' };
     },

package/dist/hooks/processHookData.d.ts

@@ -6,6 +6,7 @@ import { Config } from '../config/Config';
 import { DeterministicRule } from '../deterministic/types';
 import { Adapter } from '../adapters/Adapter';
 import { AgentGateConfig } from '../config/AgentGateConfig';
+import { DecisionCache } from '../cache/DecisionCache';
 import { EventBus } from '../observability/eventBus';
 export interface CooldownStore {
     getLastTime(key: string): number;
@@ -32,6 +33,12 @@ export interface ProcessHookDataDeps {
         enabled: boolean;
         path?: string;
     };
+    /**
+     * Optional in-process decision cache. Most useful in daemon mode where
+     * the cache survives across hook invocations and short-circuits the
+     * entire pipeline on a hit.
+     */
+    cache?: DecisionCache;
 }
 export declare function processHookData(input: string, deps?: ProcessHookDataDeps): Promise<ValidationResult>;
 //# sourceMappingURL=processHookData.d.ts.map

package/dist/hooks/processHookData.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"processHookData.d.ts","sourceRoot":"","sources":["../../src/hooks/processHookData.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,gBAAgB,EAAE,MAAM,qCAAqC,CAAA;AACtE,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAA;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAA;AAE7D,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAA;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAKzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAG1D,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAA;AAE7C,OAAO,EACL,eAAe,EAEhB,MAAM,2BAA2B,CAAA;AAMlC,OAAO,EAAE,QAAQ,EAAE,MAAM,2BAA2B,CAAA;AAWpD,MAAM,WAAW,aAAa;IAC5B,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;IAChC,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;CAC7C;AA4BD,MAAM,WAAW,mBAAmB;IAClC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,eAAe,CAAC,EAAE,eAAe,CAAA;IACjC,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,UAAU,EAAE,CAAA;IACzC,WAAW,CAAC,EAAE,OAAO,SAAS,CAAA;IAC9B,cAAc,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,YAAY,CAAA;IACjD,aAAa,CAAC,EAAE,aAAa,CAAA;IAC7B,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,kBAAkB,CAAC,EAAE,iBAAiB,EAAE,CAAA;IACxC,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,wEAAwE;IACxE,OAAO,CAAC,EAAE;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAA;CAC9C;AAaD,wBAAsB,eAAe,CACnC,KAAK,EAAE,MAAM,EACb,IAAI,CAAC,EAAE,mBAAmB,GACzB,OAAO,CAAC,gBAAgB,CAAC,CAuI3B"}
+{"version":3,"file":"processHookData.d.ts","sourceRoot":"","sources":["../../src/hooks/processHookData.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,gBAAgB,EAAE,MAAM,qCAAqC,CAAA;AACtE,OAAO,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAA;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAA;AAE7D,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAA;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AAKzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAG1D,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAA;AAE7C,OAAO,EACL,eAAe,EAEhB,MAAM,2BAA2B,CAAA;AAMlC,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AACtD,OAAO,EAAE,QAAQ,EAAE,MAAM,2BAA2B,CAAA;AAWpD,MAAM,WAAW,aAAa;IAC5B,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;IAChC,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;CAC7C;AA4BD,MAAM,WAAW,mBAAmB;IAClC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,eAAe,CAAC,EAAE,eAAe,CAAA;IACjC,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,UAAU,EAAE,CAAA;IACzC,WAAW,CAAC,EAAE,OAAO,SAAS,CAAA;IAC9B,cAAc,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,YAAY,CAAA;IACjD,aAAa,CAAC,EAAE,aAAa,CAAA;IAC7B,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,kBAAkB,CAAC,EAAE,iBAAiB,EAAE,CAAA;IACxC,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,wEAAwE;IACxE,OAAO,CAAC,EAAE;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAA;IAC7C;;;;OAIG;IACH,KAAK,CAAC,EAAE,aAAa,CAAA;CACtB;AAaD,wBAAsB,eAAe,CACnC,KAAK,EAAE,MAAM,EACb,IAAI,CAAC,EAAE,mBAAmB,GACzB,OAAO,CAAC,gBAAgB,CAAC,CA0K3B"}

package/dist/hooks/processHookData.js

@@ -68,6 +68,18 @@ async function processHookData(input, deps) {
     const { toolName, toolInput } = parsed.action;
     // Resolve cwd early so the agent-gate config can be loaded relative to it.
     const cwd = deps?.cwd ?? process.cwd();
+    // Cache lookup: if a recent verdict for the exact same (adapter, tool,
+    // input, cwd) is still valid, return it without re-running the pipeline.
+    if (deps?.cache) {
+        const cached = deps.cache.get({
+            adapter: adapter.id,
+            toolName,
+            toolInput,
+            cwd,
+        });
+        if (cached)
+            return cached;
+    }
     const agentGateConfig = deps?.agentGateConfig ?? (0, AgentGateConfig_1.loadAgentGateConfig)(cwd);
     // Build SessionContext (history from adapter, projectRoot defaults to cwd
     // for v1; future work can detect the actual project root).
@@ -108,7 +120,14 @@ async function processHookData(input, deps) {
             source: 'deterministic',
             ruleId: ruleVerdict.ruleId,
         });
-        return { decision: 'block', reason: ruleVerdict.reason };
+        const verdict = {
+            decision: 'block',
+            reason: ruleVerdict.reason,
+        };
+        if (deps?.cache) {
+            deps.cache.set({ adapter: adapter.id, toolName, toolInput, cwd }, verdict);
+        }
+        return verdict;
     }
     // Cooldown check (file-based, persists across process invocations)
     const cooldownStore = config.cooldown > 0
@@ -125,6 +144,9 @@ async function processHookData(input, deps) {
     const collect = deps?.collectFn ?? collectRuleSources_1.collectRuleSources;
     const rules = collect(cwd);
     if (rules.length === 0) {
+        if (deps?.cache) {
+            deps.cache.set({ adapter: adapter.id, toolName, toolInput, cwd }, PASS);
+        }
         return PASS;
     }
     // Get model client
@@ -165,6 +187,9 @@ async function processHookData(input, deps) {
         reason: result.reason,
         source,
     });
+    if (deps?.cache) {
+        deps.cache.set({ adapter: adapter.id, toolName, toolInput, cwd }, result);
+    }
     return result;
 }
 function createModelClient(config, cwd) {

package/dist/index.d.ts

@@ -25,6 +25,8 @@ export type { AgentSdkClientOptions, AgentSdkQueryFn, } from './validation/model
 export { lintRuleSources } from './doctor/lintRuleSources';
 export { formatFindings } from './doctor/formatFindings';
 export type { Finding, FindingCode, Severity, } from './doctor/findings';
+export { DecisionCache } from './cache/DecisionCache';
+export type { CacheKey, DecisionCacheOptions, } from './cache/DecisionCache';
 export { DaemonServer } from './daemon/server';
 export type { DaemonServerOptions, DaemonHandler } from './daemon/server';
 export { sendToDaemon } from './daemon/client';

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AACxC,YAAY,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAA;AACpD,YAAY,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAClE,YAAY,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAA;AAC/D,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAA;AAC9D,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAA;AAG9D,YAAY,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAA;AAC1E,YAAY,EAAE,QAAQ,EAAE,MAAM,4BAA4B,CAAA;AAC1D,YAAY,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAA;AACjE,YAAY,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAA;AAC9E,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AAClE,YAAY,EACV,cAAc,EACd,YAAY,GACb,MAAM,kCAAkC,CAAA;AAGzC,OAAO,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAA;AAGnE,YAAY,EACV,iBAAiB,EACjB,WAAW,GACZ,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,2BAA2B,CAAA;AAClC,OAAO,EACL,yBAAyB,EACzB,8BAA8B,GAC/B,MAAM,8BAA8B,CAAA;AAGrC,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAA;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAA;AACzD,YAAY,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAA;AAGrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,0CAA0C,CAAA;AAC/E,YAAY,EAAE,2BAA2B,EAAE,MAAM,0CAA0C,CAAA;AAC3F,OAAO,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAA;AACnE,YAAY,EACV,qBAAqB,EACrB,eAAe,GAChB,MAAM,oCAAoC,CAAA;AAG3C,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAA;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAA;AACxD,YAAY,EACV,OAAO,EACP,WAAW,EACX,QAAQ,GACT,MAAM,mBAAmB,CAAA;AAG1B,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAC9C,YAAY,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAC9C,YAAY,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAA;AAC1D,OAAO,EACL,iBAAiB,IAAI,uBAAuB,GAC7C,MAAM,mBAAmB,CAAA;AAC1B,YAAY,EACV,aAAa,EACb,cAAc,EACd,mBAAmB,GACpB,MAAM,mBAAmB,CAAA;AAG1B,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAA;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAA;AACnE,YAAY,EACV,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,mBAAmB,EACnB,kBAAkB,EAClB,IAAI,GACL,MAAM,4BAA4B,CAAA;AAGnC,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAA;AACnE,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AACxC,YAAY,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAA;AACpD,YAAY,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAClE,YAAY,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAA;AAC/D,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAA;AAC9D,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAA;AAG9D,YAAY,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAA;AAC1E,YAAY,EAAE,QAAQ,EAAE,MAAM,4BAA4B,CAAA;AAC1D,YAAY,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAA;AACjE,YAAY,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAA;AAC9E,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AAClE,YAAY,EACV,cAAc,EACd,YAAY,GACb,MAAM,kCAAkC,CAAA;AAGzC,OAAO,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAA;AAGnE,YAAY,EACV,iBAAiB,EACjB,WAAW,GACZ,MAAM,uBAAuB,CAAA;AAC9B,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,2BAA2B,CAAA;AAClC,OAAO,EACL,yBAAyB,EACzB,8BAA8B,GAC/B,MAAM,8BAA8B,CAAA;AAGrC,OAAO,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAA;AAClE,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAA;AACzD,YAAY,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAA;AAGrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,0CAA0C,CAAA;AAC/E,YAAY,EAAE,2BAA2B,EAAE,MAAM,0CAA0C,CAAA;AAC3F,OAAO,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAA;AACnE,YAAY,EACV,qBAAqB,EACrB,eAAe,GAChB,MAAM,oCAAoC,CAAA;AAG3C,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAA;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAA;AACxD,YAAY,EACV,OAAO,EACP,WAAW,EACX,QAAQ,GACT,MAAM,mBAAmB,CAAA;AAG1B,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAA;AACrD,YAAY,EACV,QAAQ,EACR,oBAAoB,GACrB,MAAM,uBAAuB,CAAA;AAG9B,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAC9C,YAAY,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAC9C,YAAY,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAA;AAC1D,OAAO,EACL,iBAAiB,IAAI,uBAAuB,GAC7C,MAAM,mBAAmB,CAAA;AAC1B,YAAY,EACV,aAAa,EACb,cAAc,EACd,mBAAmB,GACpB,MAAM,mBAAmB,CAAA;AAG1B,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAA;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAA;AACnE,YAAY,EACV,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,mBAAmB,EACnB,kBAAkB,EAClB,IAAI,GACL,MAAM,4BAA4B,CAAA;AAGnC,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAA;AACnE,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAA"}

package/dist/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.processHookData = exports.validator = exports.collectRuleSources = exports.JsonlFileSink = exports.EventBus = exports.defaultDaemonSocketPath = exports.sendToDaemon = exports.DaemonServer = exports.formatFindings = exports.lintRuleSources = exports.AgentSdkClient = exports.CompositeModelClient = exports.cursorAdapter = exports.claudeCodeAdapter = exports.buildDefaultDeterministicRules = exports.defaultDeterministicRules = exports.forbidFilePathPattern = exports.forbidContentPattern = exports.forbidCommandPattern = exports.HookDataSchema = exports.loadPluginConfig = exports.loadAgentGateConfig = exports.defineConfig = exports.Config = void 0;
+exports.processHookData = exports.validator = exports.collectRuleSources = exports.JsonlFileSink = exports.EventBus = exports.defaultDaemonSocketPath = exports.sendToDaemon = exports.DaemonServer = exports.DecisionCache = exports.formatFindings = exports.lintRuleSources = exports.AgentSdkClient = exports.CompositeModelClient = exports.cursorAdapter = exports.claudeCodeAdapter = exports.buildDefaultDeterministicRules = exports.defaultDeterministicRules = exports.forbidFilePathPattern = exports.forbidContentPattern = exports.forbidCommandPattern = exports.HookDataSchema = exports.loadPluginConfig = exports.loadAgentGateConfig = exports.defineConfig = exports.Config = void 0;
 // Config
 var Config_1 = require("./config/Config");
 Object.defineProperty(exports, "Config", { enumerable: true, get: function () { return Config_1.Config; } });
@@ -35,6 +35,9 @@ var lintRuleSources_1 = require("./doctor/lintRuleSources");
 Object.defineProperty(exports, "lintRuleSources", { enumerable: true, get: function () { return lintRuleSources_1.lintRuleSources; } });
 var formatFindings_1 = require("./doctor/formatFindings");
 Object.defineProperty(exports, "formatFindings", { enumerable: true, get: function () { return formatFindings_1.formatFindings; } });
+// Cache
+var DecisionCache_1 = require("./cache/DecisionCache");
+Object.defineProperty(exports, "DecisionCache", { enumerable: true, get: function () { return DecisionCache_1.DecisionCache; } });
 // Daemon
 var server_1 = require("./daemon/server");
 Object.defineProperty(exports, "DaemonServer", { enumerable: true, get: function () { return server_1.DaemonServer; } });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hiro-c/agent-gate",
-  "version": "1.2.0",
+  "version": "1.4.0",
   "description": "Runtime rule enforcer for AI coding agents. Reads CLAUDE.md / AGENTS.md / .cursorrules and enforces them via Claude Code and Cursor hooks, with a deterministic safety baseline.",
   "author": "Hiro-Chiba",
   "license": "MIT",