npm - @hydra-acp/approver - Versions diffs - 0.1.0 - Mend

@hydra-acp/approver 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Sam Magnuson
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,214 @@
+# hydra-acp-approver
+Headless permission auto-responder extension for [hydra-acp](https://github.com/smagnuso/hydra-acp).
+Attaches to every live hydra session and answers `session/request_permission` based on a JavaScript rule function you provide. When the rule matches, the approver wins the race and dismisses the permission prompt before any human client sees it. When the rule abstains, the request stays open so your interactive clients (slack, TUI, browser) can still answer it normally.
+## Install
+From npm (recommended once published):
+```sh
+npm install -g @hydra-acp/approver
+```
+This drops a `hydra-acp-approver` binary on your PATH.
+Or from source:
+```sh
+git clone git@github.com:smagnuso/hydra-acp-approver.git ~/dev/hydra-acp-approver
+cd ~/dev/hydra-acp-approver
+npm install
+npm run build
+```
+Register the extension with hydra. If installed via npm:
+```sh
+hydra-acp extensions add hydra-acp-approver --command hydra-acp-approver
+```
+Or pointed at a local build:
+```sh
+hydra-acp extensions add hydra-acp-approver \
+  --command node \
+  --args ~/dev/hydra-acp-approver/dist/index.js
+```
+That writes the equivalent entry into `~/.hydra-acp/config.json`:
+```json
+{
+  "extensions": {
+    "hydra-acp-approver": {
+      "command": ["node"],
+      "args": ["/home/you/dev/hydra-acp-approver/dist/index.js"],
+      "enabled": true
+    }
+  }
+}
+```
+On `hydra-acp daemon start`, hydra spawns hydra-acp-approver as a managed
+process with these env vars set: `HYDRA_ACP_DAEMON_URL`, `HYDRA_ACP_TOKEN`,
+`HYDRA_ACP_WS_URL`. Stdout/stderr land in
+`~/.hydra-acp/extensions/hydra-acp-approver.log`. Lifecycle is managed with
+`hydra-acp extensions start|stop|restart hydra-acp-approver` and
+`hydra-acp extensions logs hydra-acp-approver -f` to tail.
+## Configure
+Drop a JS module at `~/.hydra-acp/approver.config.js` (override with `HYDRA_ACP_APPROVER_CONFIG`). Default-export a function that decides per request:
+```js
+// ~/.hydra-acp/approver.config.js
+export default function approve(req) {
+  // req.toolCall.kind is one of: "read", "edit", "execute", "search",
+  // "delete", "move", "fetch", "switch_mode", "think", "other".
+  const kind = req.toolCall?.kind;
+  if (["read", "search", "other", "execute"].includes(kind)) {
+    return req.options.find((o) => o.kind === "allow_once")?.optionId ?? null;
+  }
+  // Return null/undefined to abstain — the request stays open and a
+  // human client handles it as usual.
+  return null;
+}
+```
+> Prefer `allow_once` — agents typically cache `allow_always` choices locally and bypass the approver on subsequent identical calls.
+### Recommended starting point
+Blanket-allow-everything-execute is convenient but a foot-gun. The rule below mirrors that ergonomics for `read`/`search`/`other` but guards `execute` with a danger list — any tool call whose serialized shape mentions `rm -rf /`, `dd of=/dev/...`, fork bombs, piping `curl` into `sh`, system-state changes (`shutdown`, `reboot`), and friends abstains instead, so an interactive client (Slack, TUI, browser) gets the prompt and a human decides.
+Patterns are matched against `JSON.stringify(toolCall)`, so they catch whichever field the agent put the command in (`rawInput.command`, terminal blocks in `content`, the title, etc.). Abstaining is safe — the request stays open — so the list errs on the side of being broad.
+```js
+// ~/.hydra-acp/approver.config.js
+const SAFE_KINDS = new Set(["read", "search", "other"]);
+const DANGEROUS_PATTERNS = [
+  // rm with recursive + force flags hitting /, /*, ~, $HOME, or a bare glob
+  /\brm\b[^\n]*\s-[a-zA-Z]*(rf|fr)[a-zA-Z]*\b[^\n]*(\s|=)(\/(?!\w)|\/\*|~|\$HOME|\*)(\s|"|'|\\|$)/,
+  /\brm\b[^\n]*--recursive\b[^\n]*--force\b[^\n]*(\s|=)(\/(?!\w)|\/\*|~|\$HOME|\*)/,
+  /\brm\b[^\n]*--force\b[^\n]*--recursive\b[^\n]*(\s|=)(\/(?!\w)|\/\*|~|\$HOME|\*)/,
+  /\bdd\b[^\n]*\bof=\/dev\/(sd|nvme|disk|hd|mmcblk|xvd|vd)\w*/i,
+  /\bmkfs(\.\w+)?\s+\/dev\//i,
+  /\bfdisk\s+\/dev\//i,
+  /\bparted\s+\/dev\//i,
+  /\bshred\b[^\n]*\/dev\//i,
+  /:\s*\(\s*\)\s*\{\s*:\s*\|\s*:\s*&\s*\}\s*;\s*:/,            // fork bomb
+  />\s*\/dev\/(sd|nvme|disk|hd|mmcblk|xvd|vd)\w*/i,
+  />\s*\/etc\/(passwd|shadow|sudoers|hosts)\b/i,
+  /\b(shutdown|reboot|halt|poweroff)\b/i,
+  /\binit\s+[06]\b/,
+  /\bkill\s+-(?:9|KILL|SIGKILL)\s+1\b/,
+  /\b(curl|wget|fetch)\b[^\n|]*\|\s*(sudo\s+)?(sh|bash|zsh|fish)\b/i,
+  /\bchmod\s+-R\b[^\n]*\s\/(\s|$|"|')/,
+  /\bchown\s+-R\b[^\n]*\s\/(\s|$|"|')/,
+  /\bsudo\s+(rm|dd|mkfs|fdisk|parted|shred|chmod|chown|shutdown|reboot|halt|poweroff|init|userdel|groupdel)\b/i,
+];
+function looksDangerous(toolCall) {
+  let blob;
+  try {
+    blob = JSON.stringify(toolCall);
+  } catch {
+    return true;
+  }
+  return DANGEROUS_PATTERNS.some((p) => p.test(blob));
+}
+function pickAllowOnce(options) {
+  return options.find((o) => o.kind === "allow_once")?.optionId ?? null;
+}
+export default function approve(req) {
+  const kind = req.toolCall?.kind;
+  if (SAFE_KINDS.has(kind)) {
+    return pickAllowOnce(req.options);
+  }
+  if (kind === "execute") {
+    if (looksDangerous(req.toolCall)) {
+      return null;
+    }
+    return pickAllowOnce(req.options);
+  }
+  return null;
+}
+```
+Treat this as a starting point, not a security boundary — pattern-based detection inevitably misses things, and an agent that can craft commands can probably evade any list you write. The win is "no permission prompts for the 99% case, human-in-the-loop for the obviously-irreversible 1%."
+### Request shape
+```ts
+interface PermissionRequest {
+  sessionId: string;
+  toolCall: {
+    toolCallId: string;
+    name?: string;
+    title?: string;
+    kind?: string;
+    [k: string]: unknown;
+  };
+  options: ReadonlyArray<{
+    optionId: string;
+    name: string;
+    kind?: "allow_once" | "allow_always" | "reject_once" | "reject_always" | string;
+  }>;
+  cwd?: string;
+  agentId?: string;
+}
+```
+### Return value
+| Return       | Behavior                                                                                             |
+|--------------|------------------------------------------------------------------------------------------------------|
+| `string`     | An `optionId` from `req.options`. Approver responds with `{ outcome: { outcome: "selected", optionId } }` and wins the race against other attached clients. |
+| `null` / `undefined` | Abstain. Approver doesn't respond; other attached clients (humans) see the prompt. |
+| `Promise<...>` | Awaited. Same semantics on resolve. |
+| Throw        | Caught + logged + treated as abstain — safe-by-default if your rule has a bug. |
+If `optionId` doesn't appear in `req.options` (typo, agent-specific renaming), the approver abstains and logs a warning.
+### Reload
+Edits to `approver.config.js` are picked up automatically — the approver watches the file and re-imports it (with cache-busting) on every save. The next permission request after the reload completes uses the fresh rule.
+If `fs.watch` is unreliable on your filesystem (NFS, some network mounts, certain container layouts), trigger a reload manually:
+```sh
+hydra-acp extensions restart hydra-acp-approver
+# or, lighter, just re-import the rule without bouncing the WS attaches:
+kill -HUP $(cat ~/.hydra-acp/extensions/hydra-acp-approver.pid)
+```
+Pending (already-abstained) requests are unaffected; new requests use the fresh rule.
+### Missing config
+If `approver.config.js` doesn't exist, the approver defaults to **abstain on every request**. Installing the extension without writing a config has zero behavioral effect — the daemon broadcasts permission prompts to every attached client as before.
+## Environment
+| Env var | Default | Purpose |
+|---|---|---|
+| `HYDRA_ACP_DAEMON_URL` | `http://127.0.0.1:8765` | Daemon HTTP endpoint (injected by hydra when run as an extension) |
+| `HYDRA_ACP_TOKEN` | *(required)* | Daemon auth token (injected by hydra) |
+| `HYDRA_ACP_WS_URL` | derived from daemon URL | Override WS endpoint |
+| `HYDRA_ACP_APPROVER_CONFIG` | `~/.hydra-acp/approver.config.js` | Path to the rule module |
+| `HYDRA_ACP_APPROVER_POLL_MS` | `2000` | Session-discovery poll interval |
+| `DEBUG` | `false` | Verbose logging |
+## How it works
+The hydra-acp daemon broadcasts each `session/request_permission` to every attached client simultaneously and resolves the original agent request on the first response (see `hydra-acp/src/core/session.ts` `handlePermissionRequest`). Losers receive a `session/permission_resolved` notification with the winning outcome.
+The approver attaches as one more client. When the rule fn returns an `optionId`, it replies immediately and wins. When it abstains, it stashes the JSON-RPC `respond` callback keyed by `toolCallId`; when `permission_resolved` arrives for that id, it replies with `{ outcome: { outcome: "cancelled" } }` to close out its own pending promise (no side effect — the daemon already settled the original request).
+This means: install the approver and any per-client approve lambdas can go. Centralize the policy in one place.

package/dist/acp/attach.js ADDED Viewed

@@ -0,0 +1,192 @@
+import { EventEmitter } from "node:events";
+import { readFileSync } from "node:fs";
+import { WebSocket } from "ws";
+import { logger } from "../util/log.js";
+const pkg = JSON.parse(readFileSync(new URL("../../package.json", import.meta.url), "utf8"));
+import { isNotification, isRequest, isResponse, } from "./protocol.js";
+const log = logger("acp");
+export class AcpAttach extends EventEmitter {
+    opts;
+    ws;
+    nextId = 1;
+    pending = new Map();
+    connected = false;
+    constructor(opts) {
+        super();
+        this.opts = opts;
+    }
+    get sessionId() {
+        return this.opts.sessionId;
+    }
+    get isConnected() {
+        return this.connected;
+    }
+    start() {
+        log.debug(`connecting ${this.opts.daemonWsUrl} for ${this.opts.sessionId}`);
+        const subprotocols = ["acp.v1", `hydra-acp-token.${this.opts.token}`];
+        let ws;
+        try {
+            ws = new WebSocket(this.opts.daemonWsUrl, subprotocols);
+        }
+        catch (err) {
+            this.emit("error", err);
+            return;
+        }
+        this.ws = ws;
+        ws.on("open", () => {
+            this.connected = true;
+            log.info(`ws open ${this.opts.sessionId}`);
+            void this.handshake()
+                .then(() => {
+                this.emit("open");
+            })
+                .catch((err) => {
+                this.emit("error", err);
+                try {
+                    this.ws?.close();
+                }
+                catch {
+                    void 0;
+                }
+            });
+        });
+        ws.on("message", (data, isBinary) => {
+            if (isBinary) {
+                return;
+            }
+            const text = data.toString("utf8");
+            try {
+                const parsed = JSON.parse(text);
+                this.onMessage(parsed);
+            }
+            catch (err) {
+                log.warn(`parse error on ${this.opts.sessionId}: ${err.message}; raw=${text.slice(0, 200)}`);
+            }
+        });
+        ws.on("error", (err) => {
+            log.warn(`ws error ${this.opts.sessionId}: ${err.message}`);
+            this.emit("error", err);
+        });
+        ws.on("close", (code, reason) => {
+            const hadError = code >= 4000 || code === 1006 || code === 1011;
+            const reasonText = reason.toString("utf8");
+            this.connected = false;
+            log.info(`ws closed ${this.opts.sessionId} code=${code}${reasonText ? ` reason=${reasonText}` : ""}`);
+            for (const [, p] of this.pending) {
+                p.reject(new Error("ws closed"));
+            }
+            this.pending.clear();
+            this.emit("close", { hadError });
+        });
+    }
+    stop() {
+        if (this.ws && this.ws.readyState !== WebSocket.CLOSED) {
+            try {
+                this.ws.close();
+            }
+            catch {
+                void 0;
+            }
+        }
+    }
+    async request(method, params) {
+        const id = this.nextId++;
+        const msg = {
+            jsonrpc: "2.0",
+            id,
+            method,
+            ...(params !== undefined ? { params } : {}),
+        };
+        this.write(msg);
+        return new Promise((resolve, reject) => {
+            this.pending.set(id, {
+                resolve: (resp) => {
+                    if (resp.error) {
+                        reject(new Error(`${resp.error.code}: ${resp.error.message}`));
+                    }
+                    else {
+                        resolve(resp.result);
+                    }
+                },
+                reject,
+            });
+        });
+    }
+    notify(method, params) {
+        const msg = {
+            jsonrpc: "2.0",
+            method,
+            ...(params !== undefined ? { params } : {}),
+        };
+        this.write(msg);
+    }
+    reply(id, result) {
+        const msg = { jsonrpc: "2.0", id, result };
+        this.write(msg);
+    }
+    replyError(id, code, message) {
+        const msg = {
+            jsonrpc: "2.0",
+            id,
+            error: { code, message },
+        };
+        this.write(msg);
+    }
+    async handshake() {
+        try {
+            await this.request("initialize", {
+                protocolVersion: 1,
+                clientCapabilities: {
+                    fs: { readTextFile: false, writeTextFile: false },
+                    terminal: false,
+                },
+            });
+        }
+        catch (err) {
+            log.warn(`initialize failed for ${this.opts.sessionId}: ${err.message}`);
+        }
+        try {
+            // historyPolicy: "none" — the approver doesn't care about prior
+            // transcript content; we only want fresh permission requests.
+            const attachResult = await this.request("session/attach", {
+                sessionId: this.opts.sessionId,
+                historyPolicy: "none",
+                clientInfo: { name: "hydra-acp-approver", version: pkg.version },
+            });
+            log.info(`attached ${this.opts.sessionId}${attachResult.replayed !== undefined
+                ? ` replayed=${attachResult.replayed}`
+                : ""}`);
+        }
+        catch (err) {
+            log.warn(`session/attach failed for ${this.opts.sessionId}: ${err.message}`);
+            throw err;
+        }
+    }
+    write(msg) {
+        if (!this.ws || this.ws.readyState !== WebSocket.OPEN) {
+            log.warn(`drop write to closed ws: ${JSON.stringify(msg)}`);
+            return;
+        }
+        this.ws.send(JSON.stringify(msg));
+    }
+    onMessage(m) {
+        if (isResponse(m)) {
+            const p = this.pending.get(m.id);
+            if (p) {
+                this.pending.delete(m.id);
+                p.resolve(m);
+            }
+            else {
+                log.debug(`unmatched response id=${String(m.id)}`);
+            }
+            this.emit("response", m);
+        }
+        else if (isRequest(m)) {
+            this.emit("request", m);
+        }
+        else if (isNotification(m)) {
+            this.emit("notification", m);
+        }
+    }
+}
+//# sourceMappingURL=attach.js.map

package/dist/acp/attach.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"attach.js","sourceRoot":"","sources":["../../src/acp/attach.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AAC/B,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAExC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CACpB,YAAY,CAAC,IAAI,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,CAC9C,CAAC;AACzB,OAAO,EAML,cAAc,EACd,SAAS,EACT,UAAU,GACX,MAAM,eAAe,CAAC;AAEvB,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;AAsB1B,MAAM,OAAO,SAAU,SAAQ,YAA0B;IAM1B;IALrB,EAAE,CAAwB;IAC1B,MAAM,GAAG,CAAC,CAAC;IACX,OAAO,GAAG,IAAI,GAAG,EAA6B,CAAC;IAC/C,SAAS,GAAG,KAAK,CAAC;IAE1B,YAA6B,IAAmB;QAC9C,KAAK,EAAE,CAAC;QADmB,SAAI,GAAJ,IAAI,CAAe;IAEhD,CAAC;IAED,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;IAC7B,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,KAAK;QACH,GAAG,CAAC,KAAK,CAAC,cAAc,IAAI,CAAC,IAAI,CAAC,WAAW,QAAQ,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;QAC5E,MAAM,YAAY,GAAG,CAAC,QAAQ,EAAE,mBAAmB,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QACtE,IAAI,EAAa,CAAC;QAClB,IAAI,CAAC;YACH,EAAE,GAAG,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;QAC1D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAY,CAAC,CAAC;YACjC,OAAO;QACT,CAAC;QACD,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;QAEb,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;YACjB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;YACtB,GAAG,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;YAC3C,KAAK,IAAI,CAAC,SAAS,EAAE;iBAClB,IAAI,CAAC,GAAG,EAAE;gBACT,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACpB,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;gBACtB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAY,CAAC,CAAC;gBACjC,IAAI,CAAC;oBACH,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC;gBACnB,CAAC;gBAAC,MAAM,CAAC;oBACP,KAAK,CAAC,CAAC;gBACT,CAAC;YACH,CAAC,CAAC,CAAC;QACP,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE;YAClC,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YACD,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YACnC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmB,CAAC;gBAClD,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACzB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,IAAI,CACN,kBAAkB,IAAI,CAAC,IAAI,CAAC,SAAS,KAAM,GAAa,CAAC,OAAO,SAAS,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAC9F,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACrB,GAAG,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,SAAS,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAC5D,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;YAC9B,MAAM,QAAQ,GAAG,IAAI,IAAI,IAAI,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI,CAAC;YAChE,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAC3C,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;YACvB,GAAG,CAAC,IAAI,CACN,aAAa,IAAI,CAAC,IAAI,CAAC,SAAS,SAAS,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,WAAW,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAC5F,CAAC;YACF,KAAK,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjC,CAAC,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC;YACnC,CAAC;YACD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACrB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAI;QACF,IAAI,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,KAAK,SAAS,CAAC,MAAM,EAAE,CAAC;YACvD,IAAI,CAAC;gBACH,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;YAClB,CAAC;YAAC,MAAM,CAAC;gBACP,KAAK,CAAC,CAAC;YACT,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAc,MAAc,EAAE,MAAgB;QACzD,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QACzB,MAAM,GAAG,GAAmB;YAC1B,OAAO,EAAE,KAAK;YACd,EAAE;YACF,MAAM;YACN,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5C,CAAC;QACF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAChB,OAAO,IAAI,OAAO,CAAI,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACxC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE;gBACnB,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;oBAChB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;wBACf,MAAM,CAAC,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;oBACjE,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,IAAI,CAAC,MAAW,CAAC,CAAC;oBAC5B,CAAC;gBACH,CAAC;gBACD,MAAM;aACP,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,MAAc,EAAE,MAAgB;QACrC,MAAM,GAAG,GAAwB;YAC/B,OAAO,EAAE,KAAK;YACd,MAAM;YACN,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5C,CAAC;QACF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,EAAa,EAAE,MAAe;QAClC,MAAM,GAAG,GAAoB,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC;QAC5D,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC;IAED,UAAU,CAAC,EAAa,EAAE,IAAY,EAAE,OAAe;QACrD,MAAM,GAAG,GAAoB;YAC3B,OAAO,EAAE,KAAK;YACd,EAAE;YACF,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE;SACzB,CAAC;QACF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,SAAS;QACrB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;gBAC/B,eAAe,EAAE,CAAC;gBAClB,kBAAkB,EAAE;oBAClB,EAAE,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE;oBACjD,QAAQ,EAAE,KAAK;iBAChB;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CACN,yBAAyB,IAAI,CAAC,IAAI,CAAC,SAAS,KAAM,GAAa,CAAC,OAAO,EAAE,CAC1E,CAAC;QACJ,CAAC;QACD,IAAI,CAAC;YACH,gEAAgE;YAChE,8DAA8D;YAC9D,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,OAAO,CAGpC,gBAAgB,EAAE;gBACnB,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS;gBAC9B,aAAa,EAAE,MAAM;gBACrB,UAAU,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE;aACjE,CAAC,CAAC;YACH,GAAG,CAAC,IAAI,CACN,YAAY,IAAI,CAAC,IAAI,CAAC,SAAS,GAC7B,YAAY,CAAC,QAAQ,KAAK,SAAS;gBACjC,CAAC,CAAC,aAAa,YAAY,CAAC,QAAQ,EAAE;gBACtC,CAAC,CAAC,EACN,EAAE,CACH,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CACN,6BAA6B,IAAI,CAAC,IAAI,CAAC,SAAS,KAAM,GAAa,CAAC,OAAO,EAAE,CAC9E,CAAC;YACF,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,GAAmB;QAC/B,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,EAAE,CAAC,UAAU,KAAK,SAAS,CAAC,IAAI,EAAE,CAAC;YACtD,GAAG,CAAC,IAAI,CAAC,4BAA4B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,CAAC;QACD,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;IACpC,CAAC;IAEO,SAAS,CAAC,CAAiB;QACjC,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YAClB,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACjC,IAAI,CAAC,EAAE,CAAC;gBACN,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC1B,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YACf,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,KAAK,CAAC,yBAAyB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;YACrD,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QAC3B,CAAC;aAAM,IAAI,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;QAC1B,CAAC;aAAM,IAAI,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7B,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;CACF"}

package/dist/acp/protocol.js ADDED Viewed

@@ -0,0 +1,10 @@
+export function isRequest(m) {
+    return "method" in m && "id" in m;
+}
+export function isNotification(m) {
+    return "method" in m && !("id" in m);
+}
+export function isResponse(m) {
+    return !("method" in m) && "id" in m;
+}
+//# sourceMappingURL=protocol.js.map

package/dist/acp/protocol.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"protocol.js","sourceRoot":"","sources":["../../src/acp/protocol.ts"],"names":[],"mappings":"AA2BA,MAAM,UAAU,SAAS,CAAC,CAAiB;IACzC,OAAO,QAAQ,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,CAAiB;IAC9C,OAAO,QAAQ,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,CAAiB;IAC1C,OAAO,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC;AACvC,CAAC"}

package/dist/bridge.js ADDED Viewed

@@ -0,0 +1,70 @@
+import { AcpAttach } from "./acp/attach.js";
+import { PermissionRouter } from "./permission.js";
+import { logger } from "./util/log.js";
+const log = logger("bridge");
+// One bridge per discovered session. Opens a WS, attaches as a
+// controller, hooks session/request_permission requests + the
+// session/permission_resolved notification through PermissionRouter.
+//
+// `getRule` is a thunk rather than a baked-in value so SIGHUP reloads
+// (which mutate the rule on the entry point's loader) are picked up
+// without rebuilding every bridge. The router itself also has a
+// setRule path, used when a reload happens after a bridge is live.
+export class ApproverBridge {
+    opts;
+    attach;
+    router;
+    stopped = false;
+    constructor(opts) {
+        this.opts = opts;
+        this.attach = new AcpAttach({
+            sessionId: opts.meta.sessionId,
+            daemonWsUrl: opts.daemonWsUrl,
+            token: opts.token,
+        });
+        this.router = new PermissionRouter(opts.getRule(), opts.meta, log);
+    }
+    start() {
+        this.attach.on("request", (r) => this.onRequest(r));
+        this.attach.on("notification", (n) => this.onNotification(n));
+        this.attach.on("close", () => {
+            this.router.shutdown();
+        });
+        this.attach.on("error", (err) => {
+            log.warn(`attach error ${this.opts.meta.sessionId}: ${err.message}`);
+        });
+        this.attach.start();
+    }
+    stop() {
+        if (this.stopped) {
+            return;
+        }
+        this.stopped = true;
+        this.router.shutdown();
+        this.attach.stop();
+    }
+    // Pull a fresh rule from the loader after a SIGHUP reload.
+    refreshRule() {
+        this.router.setRule(this.opts.getRule());
+    }
+    onRequest(r) {
+        if (r.method !== "session/request_permission") {
+            // Anything else aimed at us is unexpected — reply with a JSON-RPC
+            // method-not-found so the daemon doesn't hold a pending promise.
+            this.attach.replyError(r.id, -32601, `method not implemented: ${r.method}`);
+            return;
+        }
+        const params = (r.params ?? {});
+        void this.router.onRequestPermission(r.id, params, (result) => {
+            this.attach.reply(r.id, result);
+        });
+    }
+    onNotification(n) {
+        if (n.method !== "session/permission_resolved") {
+            return;
+        }
+        const params = (n.params ?? {});
+        this.router.onPermissionResolved(params);
+    }
+}
+//# sourceMappingURL=bridge.js.map

package/dist/bridge.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"bridge.js","sourceRoot":"","sources":["../src/bridge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAO5C,OAAO,EAAE,gBAAgB,EAAoB,MAAM,iBAAiB,CAAC;AAErE,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAEvC,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;AAS7B,+DAA+D;AAC/D,8DAA8D;AAC9D,qEAAqE;AACrE,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AACpE,gEAAgE;AAChE,mEAAmE;AACnE,MAAM,OAAO,cAAc;IAKI;IAJZ,MAAM,CAAY;IAClB,MAAM,CAAmB;IAClC,OAAO,GAAG,KAAK,CAAC;IAExB,YAA6B,IAAmB;QAAnB,SAAI,GAAJ,IAAI,CAAe;QAC9C,IAAI,CAAC,MAAM,GAAG,IAAI,SAAS,CAAC;YAC1B,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS;YAC9B,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,GAAG,IAAI,gBAAgB,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACrE,CAAC;IAED,KAAK;QACH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9D,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YAC3B,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QACzB,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YAC9B,GAAG,CAAC,IAAI,CACN,gBAAgB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,KAAK,GAAG,CAAC,OAAO,EAAE,CAC3D,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;IAED,IAAI;QACF,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QACvB,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IACrB,CAAC;IAED,2DAA2D;IAC3D,WAAW;QACT,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAC3C,CAAC;IAEO,SAAS,CAAC,CAAiB;QACjC,IAAI,CAAC,CAAC,MAAM,KAAK,4BAA4B,EAAE,CAAC;YAC9C,kEAAkE;YAClE,iEAAiE;YACjE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,2BAA2B,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;YAC5E,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAA4B,CAAC;QAC3D,KAAK,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE;YAC5D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,cAAc,CAAC,CAAsB;QAC3C,IAAI,CAAC,CAAC,MAAM,KAAK,6BAA6B,EAAE,CAAC;YAC/C,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAA6B,CAAC;QAC5D,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAC3C,CAAC;CACF"}

package/dist/config.js ADDED Viewed

@@ -0,0 +1,46 @@
+import { homedir } from "node:os";
+import { resolve } from "node:path";
+function deriveWsUrl(httpUrl) {
+    if (httpUrl.startsWith("https://")) {
+        return "wss://" + httpUrl.slice("https://".length).replace(/\/$/, "") + "/acp";
+    }
+    if (httpUrl.startsWith("http://")) {
+        return "ws://" + httpUrl.slice("http://".length).replace(/\/$/, "") + "/acp";
+    }
+    throw new Error(`hydraDaemonUrl must start with http:// or https://: ${httpUrl}`);
+}
+function intEnv(name, fallback) {
+    const v = process.env[name];
+    if (!v) {
+        return fallback;
+    }
+    const n = Number.parseInt(v, 10);
+    return Number.isFinite(n) ? n : fallback;
+}
+const TRUTHY = new Set(["1", "true", "yes", "on", "t"]);
+function boolEnv(name, fallback) {
+    const v = process.env[name];
+    if (v === undefined) {
+        return fallback;
+    }
+    return TRUTHY.has(v.toLowerCase());
+}
+export function loadConfig() {
+    const hydraDaemonUrl = process.env.HYDRA_ACP_DAEMON_URL ?? "http://127.0.0.1:8765";
+    const hydraToken = process.env.HYDRA_ACP_TOKEN ?? "";
+    if (!hydraToken) {
+        throw new Error("Missing HYDRA_ACP_TOKEN env var. When run as a hydra extension, hydra injects this automatically.");
+    }
+    const hydraWsUrl = process.env.HYDRA_ACP_WS_URL ?? deriveWsUrl(hydraDaemonUrl);
+    const ruleConfigPath = process.env.HYDRA_ACP_APPROVER_CONFIG ??
+        resolve(homedir(), ".hydra-acp", "approver.config.js");
+    return {
+        hydraDaemonUrl,
+        hydraWsUrl,
+        hydraToken,
+        hydraPollIntervalMs: intEnv("HYDRA_ACP_APPROVER_POLL_MS", 2000),
+        ruleConfigPath,
+        debug: boolEnv("DEBUG", false),
+    };
+}
+//# sourceMappingURL=config.js.map

package/dist/config.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAepC,SAAS,WAAW,CAAC,OAAe;IAClC,IAAI,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACnC,OAAO,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC;IACjF,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAClC,OAAO,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC;IAC/E,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,uDAAuD,OAAO,EAAE,CAAC,CAAC;AACpF,CAAC;AAED,SAAS,MAAM,CAAC,IAAY,EAAE,QAAgB;IAC5C,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC5B,IAAI,CAAC,CAAC,EAAE,CAAC;QACP,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjC,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;AAC3C,CAAC;AAED,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC;AAExD,SAAS,OAAO,CAAC,IAAY,EAAE,QAAiB;IAC9C,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC5B,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;QACpB,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,MAAM,cAAc,GAClB,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,uBAAuB,CAAC;IAC9D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC;IACrD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,mGAAmG,CACpG,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GACd,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,WAAW,CAAC,cAAc,CAAC,CAAC;IAC9D,MAAM,cAAc,GAClB,OAAO,CAAC,GAAG,CAAC,yBAAyB;QACrC,OAAO,CAAC,OAAO,EAAE,EAAE,YAAY,EAAE,oBAAoB,CAAC,CAAC;IAEzD,OAAO;QACL,cAAc;QACd,UAAU;QACV,UAAU;QACV,mBAAmB,EAAE,MAAM,CAAC,4BAA4B,EAAE,IAAI,CAAC;QAC/D,cAAc;QACd,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC;KAC/B,CAAC;AACJ,CAAC"}

package/dist/discovery.js ADDED Viewed

@@ -0,0 +1,82 @@
+import { logger } from "./util/log.js";
+const log = logger("discovery");
+const DEFAULT_POLL_MS = 2_000;
+export class HydraDiscovery {
+    opts;
+    timer;
+    known = new Map();
+    stopped = false;
+    inFlight = false;
+    constructor(opts) {
+        this.opts = opts;
+    }
+    start() {
+        log.info(`polling ${this.opts.daemonUrl}/v1/sessions every ${this.opts.pollIntervalMs ?? DEFAULT_POLL_MS}ms`);
+        void this.poll();
+        this.timer = setInterval(() => {
+            void this.poll();
+        }, this.opts.pollIntervalMs ?? DEFAULT_POLL_MS);
+    }
+    stop() {
+        this.stopped = true;
+        if (this.timer) {
+            clearInterval(this.timer);
+            this.timer = undefined;
+        }
+    }
+    async poll() {
+        if (this.stopped || this.inFlight) {
+            return;
+        }
+        this.inFlight = true;
+        try {
+            const r = await fetch(`${this.opts.daemonUrl}/v1/sessions`, {
+                headers: { Authorization: `Bearer ${this.opts.token}` },
+            });
+            if (!r.ok) {
+                log.warn(`daemon /v1/sessions returned ${r.status}`);
+                return;
+            }
+            const body = (await r.json());
+            const seen = new Map();
+            for (const s of body.sessions) {
+                if (s.status !== "live") {
+                    continue;
+                }
+                seen.set(s.sessionId, s);
+            }
+            for (const [id, s] of seen) {
+                if (!this.known.has(id)) {
+                    this.known.set(id, s);
+                    try {
+                        this.opts.onAdd(s);
+                    }
+                    catch (err) {
+                        log.warn(`onAdd error for ${id}: ${err.message}`);
+                    }
+                }
+                else {
+                    this.known.set(id, s);
+                }
+            }
+            for (const id of [...this.known.keys()]) {
+                if (!seen.has(id)) {
+                    this.known.delete(id);
+                    try {
+                        this.opts.onRemove(id);
+                    }
+                    catch (err) {
+                        log.warn(`onRemove error for ${id}: ${err.message}`);
+                    }
+                }
+            }
+        }
+        catch (err) {
+            log.debug(`poll error: ${err.message}`);
+        }
+        finally {
+            this.inFlight = false;
+        }
+    }
+}
+//# sourceMappingURL=discovery.js.map

package/dist/discovery.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"discovery.js","sourceRoot":"","sources":["../src/discovery.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAEvC,MAAM,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC;AAoBhC,MAAM,eAAe,GAAG,KAAK,CAAC;AAE9B,MAAM,OAAO,cAAc;IAMI;IALrB,KAAK,CAA6B;IAClC,KAAK,GAAG,IAAI,GAAG,EAA4B,CAAC;IAC5C,OAAO,GAAG,KAAK,CAAC;IAChB,QAAQ,GAAG,KAAK,CAAC;IAEzB,YAA6B,IAA2B;QAA3B,SAAI,GAAJ,IAAI,CAAuB;IAAG,CAAC;IAE5D,KAAK;QACH,GAAG,CAAC,IAAI,CACN,WAAW,IAAI,CAAC,IAAI,CAAC,SAAS,sBAAsB,IAAI,CAAC,IAAI,CAAC,cAAc,IAAI,eAAe,IAAI,CACpG,CAAC;QACF,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC;QACjB,IAAI,CAAC,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE;YAC5B,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC;QACnB,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,cAAc,IAAI,eAAe,CAAC,CAAC;IAClD,CAAC;IAED,IAAI;QACF,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC;QACzB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,IAAI;QAChB,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClC,OAAO;QACT,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACrB,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,cAAc,EAAE;gBAC1D,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE;aACxD,CAAC,CAAC;YACH,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;gBACV,GAAG,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;gBACrD,OAAO;YACT,CAAC;YACD,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAqC,CAAC;YAClE,MAAM,IAAI,GAAG,IAAI,GAAG,EAA4B,CAAC;YACjD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC9B,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;oBACxB,SAAS;gBACX,CAAC;gBACD,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;YAC3B,CAAC;YACD,KAAK,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;gBAC3B,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;oBACxB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;oBACtB,IAAI,CAAC;wBACH,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBACrB,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,GAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,KAAM,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;oBAC/D,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;gBACxB,CAAC;YACH,CAAC;YACD,KAAK,MAAM,EAAE,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;gBACxC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;oBAClB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;oBACtB,IAAI,CAAC;wBACH,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;oBACzB,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,GAAG,CAAC,IAAI,CAAC,sBAAsB,EAAE,KAAM,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;oBAClE,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,KAAK,CAAC,eAAgB,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QACrD,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC;QACxB,CAAC;IACH,CAAC;CACF"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,101 @@
+#!/usr/bin/env node
+import { loadConfig } from "./config.js";
+import { HydraDiscovery } from "./discovery.js";
+import { ApproverBridge } from "./bridge.js";
+import { ABSTAIN_RULE, loadRule } from "./rule.js";
+import { logger, setDebug } from "./util/log.js";
+import { watchConfigPath } from "./util/watch.js";
+const log = logger("main");
+async function main() {
+    const config = loadConfig();
+    setDebug(config.debug);
+    // The current rule function. SIGHUP-triggered reloads mutate this
+    // box; bridges re-read it on each request via a thunk so they always
+    // see the latest version.
+    let currentRule = ABSTAIN_RULE;
+    currentRule = await loadRule(config.ruleConfigPath);
+    const bridges = new Map();
+    const discovery = new HydraDiscovery({
+        daemonUrl: config.hydraDaemonUrl,
+        token: config.hydraToken,
+        pollIntervalMs: config.hydraPollIntervalMs,
+        onAdd: (session) => {
+            if (bridges.has(session.sessionId)) {
+                return;
+            }
+            log.info(`attaching to ${session.sessionId} agent=${session.agentId ?? "?"} cwd=${session.cwd}`);
+            const bridge = new ApproverBridge({
+                daemonWsUrl: config.hydraWsUrl,
+                token: config.hydraToken,
+                meta: {
+                    sessionId: session.sessionId,
+                    cwd: session.cwd,
+                    ...(session.agentId !== undefined
+                        ? { agentId: session.agentId }
+                        : {}),
+                },
+                getRule: () => currentRule,
+            });
+            bridges.set(session.sessionId, bridge);
+            bridge.start();
+        },
+        onRemove: (sessionId) => {
+            const bridge = bridges.get(sessionId);
+            if (!bridge) {
+                return;
+            }
+            log.info(`detaching from ${sessionId}`);
+            bridges.delete(sessionId);
+            bridge.stop();
+        },
+    });
+    discovery.start();
+    // Reloads the rule function. Bridges call getRule() on every
+    // permission request, so they pick up the new function for the next
+    // request after reload completes. In-flight (stashed) responders
+    // keep their original abstain behavior and get closed out normally
+    // by permission_resolved when a human resolves them.
+    const reloadRule = (origin) => {
+        log.info(`${origin} — reloading rule from ${config.ruleConfigPath}`);
+        loadRule(config.ruleConfigPath)
+            .then((rule) => {
+            currentRule = rule;
+            for (const bridge of bridges.values()) {
+                bridge.refreshRule();
+            }
+            log.info("rule reload complete");
+        })
+            .catch((err) => {
+            log.warn(`rule reload failed: ${err.message}`);
+        });
+    };
+    process.on("SIGHUP", () => reloadRule("SIGHUP"));
+    // Auto-reload when the config file is edited. Watches the parent
+    // directory so it survives editor temp-file-then-rename and picks up
+    // the file even if it didn't exist at startup. SIGHUP stays as a
+    // manual fallback for setups where fs.watch is unreliable (NFS,
+    // network mounts, etc.).
+    const configWatcher = watchConfigPath({
+        path: config.ruleConfigPath,
+        onChange: () => reloadRule("config file changed"),
+        onError: (err) => log.warn(`config watcher error: ${err.message}`),
+    });
+    const shutdown = (sig) => {
+        log.info(`${sig} received — shutting down`);
+        configWatcher.stop();
+        discovery.stop();
+        for (const bridge of bridges.values()) {
+            bridge.stop();
+        }
+        // Give the WS closes a beat to flush, then exit.
+        setTimeout(() => process.exit(0), 200).unref();
+    };
+    process.on("SIGINT", () => shutdown("SIGINT"));
+    process.on("SIGTERM", () => shutdown("SIGTERM"));
+    log.info(`hydra-acp-approver up; daemon=${config.hydraDaemonUrl} rule=${config.ruleConfigPath}`);
+}
+main().catch((err) => {
+    process.stderr.write(`hydra-acp-approver: ${err.message}\n`);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAqB,MAAM,WAAW,CAAC;AACtE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;AAE3B,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEvB,kEAAkE;IAClE,qEAAqE;IACrE,0BAA0B;IAC1B,IAAI,WAAW,GAAiB,YAAY,CAAC;IAC7C,WAAW,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IAEpD,MAAM,OAAO,GAAG,IAAI,GAAG,EAA0B,CAAC;IAElD,MAAM,SAAS,GAAG,IAAI,cAAc,CAAC;QACnC,SAAS,EAAE,MAAM,CAAC,cAAc;QAChC,KAAK,EAAE,MAAM,CAAC,UAAU;QACxB,cAAc,EAAE,MAAM,CAAC,mBAAmB;QAC1C,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;gBACnC,OAAO;YACT,CAAC;YACD,GAAG,CAAC,IAAI,CACN,gBAAgB,OAAO,CAAC,SAAS,UAAU,OAAO,CAAC,OAAO,IAAI,GAAG,QAAQ,OAAO,CAAC,GAAG,EAAE,CACvF,CAAC;YACF,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC;gBAChC,WAAW,EAAE,MAAM,CAAC,UAAU;gBAC9B,KAAK,EAAE,MAAM,CAAC,UAAU;gBACxB,IAAI,EAAE;oBACJ,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,GAAG,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS;wBAC/B,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE;wBAC9B,CAAC,CAAC,EAAE,CAAC;iBACR;gBACD,OAAO,EAAE,GAAG,EAAE,CAAC,WAAW;aAC3B,CAAC,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YACvC,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;QACD,QAAQ,EAAE,CAAC,SAAS,EAAE,EAAE;YACtB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACtC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;YACT,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,kBAAkB,SAAS,EAAE,CAAC,CAAC;YACxC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC1B,MAAM,CAAC,IAAI,EAAE,CAAC;QAChB,CAAC;KACF,CAAC,CAAC;IACH,SAAS,CAAC,KAAK,EAAE,CAAC;IAElB,6DAA6D;IAC7D,oEAAoE;IACpE,iEAAiE;IACjE,mEAAmE;IACnE,qDAAqD;IACrD,MAAM,UAAU,GAAG,CAAC,MAAc,EAAQ,EAAE;QAC1C,GAAG,CAAC,IAAI,CAAC,GAAG,MAAM,0BAA0B,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;QACrE,QAAQ,CAAC,MAAM,CAAC,cAAc,CAAC;aAC5B,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;YACb,WAAW,GAAG,IAAI,CAAC;YACnB,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;gBACtC,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACnC,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;YACtB,GAAG,CAAC,IAAI,CAAC,uBAAwB,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEjD,iEAAiE;IACjE,qEAAqE;IACrE,iEAAiE;IACjE,gEAAgE;IAChE,yBAAyB;IACzB,MAAM,aAAa,GAAG,eAAe,CAAC;QACpC,IAAI,EAAE,MAAM,CAAC,cAAc;QAC3B,QAAQ,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC;QACjD,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,yBAAyB,GAAG,CAAC,OAAO,EAAE,CAAC;KACnE,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,CAAC,GAAW,EAAQ,EAAE;QACrC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,2BAA2B,CAAC,CAAC;QAC5C,aAAa,CAAC,IAAI,EAAE,CAAC;QACrB,SAAS,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,EAAE,CAAC;QAChB,CAAC;QACD,iDAAiD;QACjD,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC;IACjD,CAAC,CAAC;IACF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/C,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;IAEjD,GAAG,CAAC,IAAI,CACN,iCAAiC,MAAM,CAAC,cAAc,SAAS,MAAM,CAAC,cAAc,EAAE,CACvF,CAAC;AACJ,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAwB,GAAa,CAAC,OAAO,IAAI,CAAC,CAAC;IACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/permission.js ADDED Viewed

@@ -0,0 +1,86 @@
+// Per-bridge router: decodes session/request_permission, calls the user
+// rule fn, and either responds immediately (rule returned an optionId)
+// or stashes the responder until session/permission_resolved arrives
+// from the daemon.
+//
+// Rules can change at runtime via setRule (SIGHUP-driven reload from
+// the entry point). Pending responders are unaffected by a reload —
+// they remain stashed and get closed out when permission_resolved
+// arrives or the WS drops.
+export class PermissionRouter {
+    meta;
+    log;
+    pending = new Map();
+    rule;
+    constructor(rule, meta, log) {
+        this.meta = meta;
+        this.log = log;
+        this.rule = rule;
+    }
+    setRule(rule) {
+        this.rule = rule;
+    }
+    async onRequestPermission(id, params, respond) {
+        const req = buildRequest(params, this.meta);
+        let result;
+        try {
+            result = await this.rule(req);
+        }
+        catch (err) {
+            this.log.warn(`rule threw on toolCallId=${req.toolCall.toolCallId}: ${err.message}; abstaining`);
+            result = null;
+        }
+        if (result == null) {
+            this.stash(req.toolCall.toolCallId, respond);
+            this.log.info(`abstain id=${id} toolCallId=${req.toolCall.toolCallId} kind=${req.toolCall.kind ?? "?"}`);
+            return;
+        }
+        const opt = req.options.find((o) => o.optionId === result);
+        if (!opt) {
+            this.log.warn(`rule returned unknown optionId=${result} for toolCallId=${req.toolCall.toolCallId}; abstaining`);
+            this.stash(req.toolCall.toolCallId, respond);
+            return;
+        }
+        respond({ outcome: { outcome: "selected", optionId: result } });
+        this.log.info(`approved toolCallId=${req.toolCall.toolCallId} kind=${req.toolCall.kind ?? "?"} optionId=${result} (${opt.kind ?? "?"})`);
+    }
+    // Another controller answered the request first. Close out our stashed
+    // promise (if any) with a cancelled outcome so the JSON-RPC layer
+    // doesn't leak a pending request on the daemon side.
+    onPermissionResolved(params) {
+        const toolCallId = params.toolCall?.toolCallId;
+        if (!toolCallId) {
+            return;
+        }
+        const entry = this.pending.get(toolCallId);
+        if (!entry) {
+            return;
+        }
+        this.pending.delete(toolCallId);
+        entry.respond({ outcome: { outcome: "cancelled" } });
+        this.log.debug(`closed out abstained toolCallId=${toolCallId}`);
+    }
+    // Drop any stashed responders — called on WS close so we don't hold
+    // dangling JSON-RPC promises against a connection that's gone.
+    shutdown() {
+        if (this.pending.size > 0) {
+            this.log.debug(`dropping ${this.pending.size} pending responder(s) on shutdown`);
+        }
+        this.pending.clear();
+    }
+    stash(toolCallId, respond) {
+        this.pending.set(toolCallId, { toolCallId, respond });
+    }
+}
+function buildRequest(params, meta) {
+    const toolCall = (params.toolCall ?? {});
+    const options = Array.isArray(params.options) ? params.options : [];
+    return {
+        sessionId: meta.sessionId,
+        toolCall,
+        options,
+        ...(meta.cwd !== undefined ? { cwd: meta.cwd } : {}),
+        ...(meta.agentId !== undefined ? { agentId: meta.agentId } : {}),
+    };
+}
+//# sourceMappingURL=permission.js.map

package/dist/permission.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"permission.js","sourceRoot":"","sources":["../src/permission.ts"],"names":[],"mappings":"AAqBA,wEAAwE;AACxE,uEAAuE;AACvE,qEAAqE;AACrE,mBAAmB;AACnB,EAAE;AACF,qEAAqE;AACrE,oEAAoE;AACpE,kEAAkE;AAClE,2BAA2B;AAC3B,MAAM,OAAO,gBAAgB;IAMR;IACA;IANX,OAAO,GAAG,IAAI,GAAG,EAA4B,CAAC;IAC9C,IAAI,CAAe;IAE3B,YACE,IAAkB,EACD,IAAiB,EACjB,GAAW;QADX,SAAI,GAAJ,IAAI,CAAa;QACjB,QAAG,GAAH,GAAG,CAAQ;QAE5B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,OAAO,CAAC,IAAkB;QACxB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,EAAa,EACb,MAA+B,EAC/B,OAAkB;QAElB,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,MAAiC,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,IAAI,CACX,4BAA4B,GAAG,CAAC,QAAQ,CAAC,UAAU,KAAM,GAAa,CAAC,OAAO,cAAc,CAC7F,CAAC;YACF,MAAM,GAAG,IAAI,CAAC;QAChB,CAAC;QACD,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;YACnB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YAC7C,IAAI,CAAC,GAAG,CAAC,IAAI,CACX,cAAc,EAAE,eAAe,GAAG,CAAC,QAAQ,CAAC,UAAU,SACpD,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,GACvB,EAAE,CACH,CAAC;YACF,OAAO;QACT,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;QAC3D,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,IAAI,CAAC,GAAG,CAAC,IAAI,CACX,kCAAkC,MAAM,mBAAmB,GAAG,CAAC,QAAQ,CAAC,UAAU,cAAc,CACjG,CAAC;YACF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YAC7C,OAAO;QACT,CAAC;QACD,OAAO,CAAC,EAAE,OAAO,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;QAChE,IAAI,CAAC,GAAG,CAAC,IAAI,CACX,uBAAuB,GAAG,CAAC,QAAQ,CAAC,UAAU,SAC5C,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,GACvB,aAAa,MAAM,KAAK,GAAG,CAAC,IAAI,IAAI,GAAG,GAAG,CAC3C,CAAC;IACJ,CAAC;IAED,uEAAuE;IACvE,kEAAkE;IAClE,qDAAqD;IACrD,oBAAoB,CAAC,MAAgC;QACnD,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC;QAC/C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO;QACT,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;QACT,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAChC,KAAK,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE,EAAE,CAAC,CAAC;QACrD,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,mCAAmC,UAAU,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,oEAAoE;IACpE,+DAA+D;IAC/D,QAAQ;QACN,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC1B,IAAI,CAAC,GAAG,CAAC,KAAK,CACZ,YAAY,IAAI,CAAC,OAAO,CAAC,IAAI,mCAAmC,CACjE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;IAEO,KAAK,CAAC,UAAkB,EAAE,OAAkB;QAClD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;IACxD,CAAC;CACF;AAED,SAAS,YAAY,CACnB,MAA+B,EAC/B,IAAiB;IAEjB,MAAM,QAAQ,GAAG,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAkC,CAAC;IAC1E,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;IACpE,OAAO;QACL,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,QAAQ;QACR,OAAO;QACP,GAAG,CAAC,IAAI,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACpD,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACjE,CAAC;AACJ,CAAC"}

package/dist/rule.js ADDED Viewed

@@ -0,0 +1,49 @@
+import { stat } from "node:fs/promises";
+import { pathToFileURL } from "node:url";
+import { logger } from "./util/log.js";
+const log = logger("rule");
+// The default rule when no config file is present (or when it fails to
+// load): abstain on every request. Safe-by-default so a freshly
+// installed extension never silently auto-approves anything.
+export const ABSTAIN_RULE = () => null;
+let loadCounter = 0;
+// Loads (or reloads) the user's rule function from `path`. Each call
+// re-imports with a fresh cache-busting query param so SIGHUP-driven
+// reloads pick up edits without restarting the process.
+//
+// Returns ABSTAIN_RULE when the file is missing or fails to import;
+// the caller stays running and human clients keep working as before.
+export async function loadRule(path) {
+    try {
+        await stat(path);
+    }
+    catch (err) {
+        const e = err;
+        if (e.code === "ENOENT") {
+            log.info(`no rule config at ${path} — abstaining on every request (drop a JS file at that path to enable auto-approval)`);
+            return ABSTAIN_RULE;
+        }
+        log.warn(`stat ${path} failed: ${e.message}; abstaining`);
+        return ABSTAIN_RULE;
+    }
+    // Cache-bust the dynamic import so reloads see fresh source. Without
+    // the query param, Node's ESM loader returns the cached module
+    // forever and SIGHUP becomes a no-op.
+    loadCounter += 1;
+    const url = `${pathToFileURL(path).href}?v=${Date.now()}-${loadCounter}`;
+    try {
+        const mod = (await import(url));
+        const fn = mod.default;
+        if (typeof fn !== "function") {
+            log.warn(`${path} did not export a default function; abstaining`);
+            return ABSTAIN_RULE;
+        }
+        log.info(`loaded rule function from ${path}`);
+        return fn;
+    }
+    catch (err) {
+        log.warn(`import ${path} failed: ${err.message}; abstaining`);
+        return ABSTAIN_RULE;
+    }
+}
+//# sourceMappingURL=rule.js.map

package/dist/rule.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"rule.js","sourceRoot":"","sources":["../src/rule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAEvC,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;AAwB3B,uEAAuE;AACvE,gEAAgE;AAChE,6DAA6D;AAC7D,MAAM,CAAC,MAAM,YAAY,GAAiB,GAAG,EAAE,CAAC,IAAI,CAAC;AAErD,IAAI,WAAW,GAAG,CAAC,CAAC;AAEpB,qEAAqE;AACrE,qEAAqE;AACrE,wDAAwD;AACxD,EAAE;AACF,oEAAoE;AACpE,qEAAqE;AACrE,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,IAAY;IACzC,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;IACnB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,GAA4B,CAAC;QACvC,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACxB,GAAG,CAAC,IAAI,CACN,qBAAqB,IAAI,sFAAsF,CAChH,CAAC;YACF,OAAO,YAAY,CAAC;QACtB,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,YAAY,CAAC,CAAC,OAAO,cAAc,CAAC,CAAC;QAC1D,OAAO,YAAY,CAAC;IACtB,CAAC;IACD,qEAAqE;IACrE,+DAA+D;IAC/D,sCAAsC;IACtC,WAAW,IAAI,CAAC,CAAC;IACjB,MAAM,GAAG,GAAG,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,MAAM,IAAI,CAAC,GAAG,EAAE,IAAI,WAAW,EAAE,CAAC;IACzE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,CAAC,MAAM,MAAM,CAAC,GAAG,CAAC,CAA0B,CAAC;QACzD,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC;QACvB,IAAI,OAAO,EAAE,KAAK,UAAU,EAAE,CAAC;YAC7B,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,gDAAgD,CAAC,CAAC;YAClE,OAAO,YAAY,CAAC;QACtB,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,6BAA6B,IAAI,EAAE,CAAC,CAAC;QAC9C,OAAO,EAAkB,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,YAAa,GAAa,CAAC,OAAO,cAAc,CAAC,CAAC;QACzE,OAAO,YAAY,CAAC;IACtB,CAAC;AACH,CAAC"}

package/dist/util/log.js ADDED Viewed

@@ -0,0 +1,46 @@
+let debugEnabled = false;
+export function setDebug(on) {
+    debugEnabled = on;
+}
+function emit(level, scope, args) {
+    const ts = new Date().toISOString();
+    const stream = level === "error" || level === "warn" ? process.stderr : process.stdout;
+    stream.write(`[${ts}] ${level} [${scope}] ${formatArgs(args)}\n`);
+}
+function formatArgs(args) {
+    return args
+        .map((a) => {
+        if (typeof a === "string") {
+            return a;
+        }
+        if (a instanceof Error) {
+            return a.stack ?? a.message;
+        }
+        try {
+            return JSON.stringify(a);
+        }
+        catch {
+            return String(a);
+        }
+    })
+        .join(" ");
+}
+export function logger(scope) {
+    return {
+        debug(...args) {
+            if (debugEnabled) {
+                emit("debug", scope, args);
+            }
+        },
+        info(...args) {
+            emit("info", scope, args);
+        },
+        warn(...args) {
+            emit("warn", scope, args);
+        },
+        error(...args) {
+            emit("error", scope, args);
+        },
+    };
+}
+//# sourceMappingURL=log.js.map

package/dist/util/log.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"log.js","sourceRoot":"","sources":["../../src/util/log.ts"],"names":[],"mappings":"AAEA,IAAI,YAAY,GAAG,KAAK,CAAC;AAEzB,MAAM,UAAU,QAAQ,CAAC,EAAW;IAClC,YAAY,GAAG,EAAE,CAAC;AACpB,CAAC;AAED,SAAS,IAAI,CAAC,KAAY,EAAE,KAAa,EAAE,IAAe;IACxD,MAAM,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACpC,MAAM,MAAM,GAAG,KAAK,KAAK,OAAO,IAAI,KAAK,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACvF,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,KAAK,KAAK,KAAK,KAAK,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,UAAU,CAAC,IAAe;IACjC,OAAO,IAAI;SACR,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACT,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,OAAO,CAAC,CAAC;QACX,CAAC;QACD,IAAI,CAAC,YAAY,KAAK,EAAE,CAAC;YACvB,OAAO,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,OAAO,CAAC;QAC9B,CAAC;QACD,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;QACnB,CAAC;IACH,CAAC,CAAC;SACD,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC;AASD,MAAM,UAAU,MAAM,CAAC,KAAa;IAClC,OAAO;QACL,KAAK,CAAC,GAAG,IAAe;YACtB,IAAI,YAAY,EAAE,CAAC;gBACjB,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QACD,IAAI,CAAC,GAAG,IAAe;YACrB,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;QAC5B,CAAC;QACD,IAAI,CAAC,GAAG,IAAe;YACrB,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;QAC5B,CAAC;QACD,KAAK,CAAC,GAAG,IAAe;YACtB,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;QAC7B,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/util/watch.js ADDED Viewed

@@ -0,0 +1,75 @@
+import { realpathSync, watch } from "node:fs";
+import { dirname, basename, resolve } from "node:path";
+// Watch a config file by watching its parent directory and filtering on
+// basename. This survives editors that write a temp file and rename
+// over the target (vim, helix, JetBrains) — those flip the inode, which
+// a direct `fs.watch(path)` would stop tracking. It also gracefully
+// handles the file not existing yet at startup: as soon as a matching
+// filename appears in the directory, the watcher fires.
+//
+// Symlinks: inotify on a directory only sees changes to entries in that
+// directory; editing the target of a symlink that lives there does not
+// touch the symlink itself, so a naive single watcher misses edits
+// through the symlink. We resolve the realpath at startup and, when it
+// differs from the literal path, watch both parents — the literal one
+// to catch the symlink being created/swapped/removed, and the realpath
+// one to catch edits to the actual file. If the symlink doesn't exist
+// yet we just watch the literal parent and the realpath watcher is
+// added later (on the next reload, the caller can recreate us).
+export function watchConfigPath(opts) {
+    const literal = resolve(opts.path);
+    let real = literal;
+    try {
+        real = realpathSync(literal);
+    }
+    catch {
+        // file doesn't exist yet; watching the literal parent is enough.
+    }
+    const debounce = opts.debounceMs ?? 200;
+    let timer;
+    const watchers = [];
+    const trigger = () => {
+        if (timer) {
+            clearTimeout(timer);
+        }
+        timer = setTimeout(() => {
+            timer = undefined;
+            opts.onChange();
+        }, debounce);
+    };
+    const armParentWatcher = (filePath) => {
+        const dir = dirname(filePath);
+        const file = basename(filePath);
+        try {
+            const w = watch(dir, { persistent: false }, (_event, name) => {
+                if (name && name.toString() === file) {
+                    trigger();
+                }
+            });
+            if (opts.onError) {
+                w.on("error", opts.onError);
+            }
+            watchers.push(w);
+        }
+        catch (err) {
+            if (opts.onError) {
+                opts.onError(err);
+            }
+        }
+    };
+    armParentWatcher(literal);
+    if (real !== literal) {
+        armParentWatcher(real);
+    }
+    return {
+        stop: () => {
+            if (timer) {
+                clearTimeout(timer);
+            }
+            for (const w of watchers) {
+                w.close();
+            }
+        },
+    };
+}
+//# sourceMappingURL=watch.js.map

package/dist/util/watch.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"watch.js","sourceRoot":"","sources":["../../src/util/watch.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,KAAK,EAAkB,MAAM,SAAS,CAAC;AAC9D,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAevD,wEAAwE;AACxE,oEAAoE;AACpE,wEAAwE;AACxE,oEAAoE;AACpE,sEAAsE;AACtE,wDAAwD;AACxD,EAAE;AACF,wEAAwE;AACxE,uEAAuE;AACvE,mEAAmE;AACnE,uEAAuE;AACvE,sEAAsE;AACtE,uEAAuE;AACvE,sEAAsE;AACtE,mEAAmE;AACnE,gEAAgE;AAChE,MAAM,UAAU,eAAe,CAAC,IAAkB;IAChD,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnC,IAAI,IAAI,GAAG,OAAO,CAAC;IACnB,IAAI,CAAC;QACH,IAAI,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,iEAAiE;IACnE,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,IAAI,GAAG,CAAC;IACxC,IAAI,KAAiC,CAAC;IACtC,MAAM,QAAQ,GAAgB,EAAE,CAAC;IACjC,MAAM,OAAO,GAAG,GAAS,EAAE;QACzB,IAAI,KAAK,EAAE,CAAC;YACV,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;QACD,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YACtB,KAAK,GAAG,SAAS,CAAC;YAClB,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,CAAC,EAAE,QAAQ,CAAC,CAAC;IACf,CAAC,CAAC;IACF,MAAM,gBAAgB,GAAG,CAAC,QAAgB,EAAQ,EAAE;QAClD,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC9B,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAChC,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE;gBAC3D,IAAI,IAAI,IAAI,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC;oBACrC,OAAO,EAAE,CAAC;gBACZ,CAAC;YACH,CAAC,CAAC,CAAC;YACH,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,CAAC,CAAC,EAAE,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;YAC9B,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACnB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,IAAI,CAAC,OAAO,CAAC,GAAY,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC,CAAC;IACF,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC1B,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACzB,CAAC;IACD,OAAO;QACL,IAAI,EAAE,GAAS,EAAE;YACf,IAAI,KAAK,EAAE,CAAC;gBACV,YAAY,CAAC,KAAK,CAAC,CAAC;YACtB,CAAC;YACD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;gBACzB,CAAC,CAAC,KAAK,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC"}

package/package.json ADDED Viewed

@@ -0,0 +1,41 @@
+{
+  "name": "@hydra-acp/approver",
+  "version": "0.1.0",
+  "description": "Headless permission auto-approver extension for hydra-acp.",
+  "license": "MIT",
+  "type": "module",
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "main": "dist/index.js",
+  "bin": {
+    "hydra-acp-approver": "dist/index.js"
+  },
+  "scripts": {
+    "build": "tsc -p .",
+    "watch": "tsc -p . --watch",
+    "start": "node dist/index.js",
+    "dev": "tsc -p . && node dist/index.js",
+    "test": "node --test --import tsx 'test/**/*.test.ts'",
+    "lint": "tsc -p . --noEmit",
+    "prepublishOnly": "npm run build && npm test"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "dependencies": {
+    "ws": "^8.20.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.10.0",
+    "@types/ws": "^8.18.1",
+    "tsx": "^4.20.0",
+    "typescript": "^5.6.3"
+  }
+}