@hydra-acp/approver 0.1.5 → 0.1.7

package/README.md

@@ -56,7 +56,7 @@ process with these env vars set: `HYDRA_ACP_DAEMON_URL`, `HYDRA_ACP_TOKEN`,
 `HYDRA_ACP_WS_URL`. Stdout/stderr land in
 `~/.hydra-acp/extensions/hydra-acp-approver.log`. Lifecycle is managed with
 `hydra-acp extensions start|stop|restart hydra-acp-approver` and
-`hydra-acp extensions logs hydra-acp-approver -f` to tail.
+`hydra-acp extensions log hydra-acp-approver -f` to tail.
 
 ## Configure
 
@@ -79,68 +79,15 @@ export default function approve(req) {
 
 > Prefer `allow_once` — agents typically cache `allow_always` choices locally and bypass the approver on subsequent identical calls.
 
-### Recommended starting point
+### Built-in default rule
 
-Blanket-allow-everything-execute is convenient but a foot-gun. The rule below mirrors that ergonomics for `read`/`search`/`other` but guards `execute` with a danger list — any tool call whose serialized shape mentions `rm -rf /`, `dd of=/dev/...`, fork bombs, piping `curl` into `sh`, system-state changes (`shutdown`, `reboot`), and friends abstains instead, so an interactive client (Slack, TUI, browser) gets the prompt and a human decides.
+When no config file is present, the approver applies a built-in default rule defined in [`src/rule.ts`](src/rule.ts) (`DEFAULT_RULE`). It auto-approves `read`/`search`/`other`, auto-approves `execute` *unless* the serialized tool call matches one of a list of danger patterns (`rm -rf /`, `dd of=/dev/...`, fork bombs, piping `curl` into `sh`, system-state changes like `shutdown`/`reboot`, and friends), and abstains on every other kind. When it abstains, the request stays open so an interactive client (Slack, TUI, browser) can prompt a human.
 
 Patterns are matched against `JSON.stringify(toolCall)`, so they catch whichever field the agent put the command in (`rawInput.command`, terminal blocks in `content`, the title, etc.). Abstaining is safe — the request stays open — so the list errs on the side of being broad.
 
-```js
-// ~/.hydra-acp/approver.config.js
-const SAFE_KINDS = new Set(["read", "search", "other"]);
-
-const DANGEROUS_PATTERNS = [
-  // rm with recursive + force flags hitting /, /*, ~, $HOME, or a bare glob
-  /\brm\b[^\n]*\s-[a-zA-Z]*(rf|fr)[a-zA-Z]*\b[^\n]*(\s|=)(\/(?!\w)|\/\*|~|\$HOME|\*)(\s|"|'|\\|$)/,
-  /\brm\b[^\n]*--recursive\b[^\n]*--force\b[^\n]*(\s|=)(\/(?!\w)|\/\*|~|\$HOME|\*)/,
-  /\brm\b[^\n]*--force\b[^\n]*--recursive\b[^\n]*(\s|=)(\/(?!\w)|\/\*|~|\$HOME|\*)/,
-  /\bdd\b[^\n]*\bof=\/dev\/(sd|nvme|disk|hd|mmcblk|xvd|vd)\w*/i,
-  /\bmkfs(\.\w+)?\s+\/dev\//i,
-  /\bfdisk\s+\/dev\//i,
-  /\bparted\s+\/dev\//i,
-  /\bshred\b[^\n]*\/dev\//i,
-  /:\s*\(\s*\)\s*\{\s*:\s*\|\s*:\s*&\s*\}\s*;\s*:/,            // fork bomb
-  />\s*\/dev\/(sd|nvme|disk|hd|mmcblk|xvd|vd)\w*/i,
-  />\s*\/etc\/(passwd|shadow|sudoers|hosts)\b/i,
-  /\b(shutdown|reboot|halt|poweroff)\b/i,
-  /\binit\s+[06]\b/,
-  /\bkill\s+-(?:9|KILL|SIGKILL)\s+1\b/,
-  /\b(curl|wget|fetch)\b[^\n|]*\|\s*(sudo\s+)?(sh|bash|zsh|fish)\b/i,
-  /\bchmod\s+-R\b[^\n]*\s\/(\s|$|"|')/,
-  /\bchown\s+-R\b[^\n]*\s\/(\s|$|"|')/,
-  /\bsudo\s+(rm|dd|mkfs|fdisk|parted|shred|chmod|chown|shutdown|reboot|halt|poweroff|init|userdel|groupdel)\b/i,
-];
-
-function looksDangerous(toolCall) {
-  let blob;
-  try {
-    blob = JSON.stringify(toolCall);
-  } catch {
-    return true;
-  }
-  return DANGEROUS_PATTERNS.some((p) => p.test(blob));
-}
+Treat the default as a starting point, not a security boundary — pattern-based detection inevitably misses things, and an agent that can craft commands can probably evade any list. The win is "no permission prompts for the 99% case, human-in-the-loop for the obviously-irreversible 1%."
 
-function pickAllowOnce(options) {
-  return options.find((o) => o.kind === "allow_once")?.optionId ?? null;
-}
-
-export default function approve(req) {
-  const kind = req.toolCall?.kind;
-  if (SAFE_KINDS.has(kind)) {
-    return pickAllowOnce(req.options);
-  }
-  if (kind === "execute") {
-    if (looksDangerous(req.toolCall)) {
-      return null;
-    }
-    return pickAllowOnce(req.options);
-  }
-  return null;
-}
-```
-
-Treat this as a starting point, not a security boundary — pattern-based detection inevitably misses things, and an agent that can craft commands can probably evade any list you write. The win is "no permission prompts for the 99% case, human-in-the-loop for the obviously-irreversible 1%."
+Drop a JS file at `~/.hydra-acp/approver.config.js` to override it entirely. See [`src/rule.ts`](src/rule.ts) if you want to copy the default and extend it.
 
 ### Request shape
 
@@ -189,9 +136,35 @@ kill -HUP $(cat ~/.hydra-acp/extensions/hydra-acp-approver.pid)
 
 Pending (already-abstained) requests are unaffected; new requests use the fresh rule.
 
-### Missing config
+### Broken config
+
+If the config file *exists* but fails to load (syntax error, no default export, throw at import time, etc.), the approver abstains on every request rather than silently falling back to the built-in default — a broken config shouldn't quietly auto-approve anything. Fix the file and either save it (auto-reloads) or `SIGHUP` the process.
+
+### Dangerously allow all
 
-If `approver.config.js` doesn't exist, the approver defaults to **abstain on every request**. Installing the extension without writing a config has zero behavioral effect — the daemon broadcasts permission prompts to every attached client as before.
+Set `HYDRA_ACP_APPROVER_DANGEROUSLY_ALLOW_ALL=1` to auto-approve **every** permission request — no kind check, no danger list, no human in the loop. The rule config file is ignored entirely (not loaded, not watched). This is the equivalent of Claude Code's `--dangerously-skip-permissions`: convenient for sandboxes and throwaway VMs, reckless on anything you care about.
+
+Wire it through the extension's env in `~/.hydra-acp/config.json`:
+
+```json
+{
+  "extensions": {
+    "hydra-acp-approver": {
+      "command": ["hydra-acp-approver"],
+      "env": { "HYDRA_ACP_APPROVER_DANGEROUSLY_ALLOW_ALL": "1" },
+      "enabled": true
+    }
+  }
+}
+```
+
+Or via the CLI:
+
+```sh
+hydra-acp extensions add hydra-acp-approver \
+  --command hydra-acp-approver \
+  --env HYDRA_ACP_APPROVER_DANGEROUSLY_ALLOW_ALL=1
+```
 
 ## Environment
 
@@ -202,6 +175,7 @@ If `approver.config.js` doesn't exist, the approver defaults to **abstain on eve
 | `HYDRA_ACP_WS_URL` | derived from daemon URL | Override WS endpoint |
 | `HYDRA_ACP_APPROVER_CONFIG` | `~/.hydra-acp/approver.config.js` | Path to the rule module |
 | `HYDRA_ACP_APPROVER_POLL_MS` | `2000` | Session-discovery poll interval |
+| `HYDRA_ACP_APPROVER_DANGEROUSLY_ALLOW_ALL` | `false` | Auto-approve every request, ignoring the rule config |
 | `DEBUG` | `false` | Verbose logging |
 
 ## How it works

package/dist/config.js

@@ -40,6 +40,7 @@ export function loadConfig() {
         hydraToken,
         hydraPollIntervalMs: intEnv("HYDRA_ACP_APPROVER_POLL_MS", 2000),
         ruleConfigPath,
+        dangerouslyAllowAll: boolEnv("HYDRA_ACP_APPROVER_DANGEROUSLY_ALLOW_ALL", false),
         debug: boolEnv("DEBUG", false),
     };
 }

package/dist/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAepC,SAAS,WAAW,CAAC,OAAe;IAClC,IAAI,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACnC,OAAO,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC;IACjF,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAClC,OAAO,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC;IAC/E,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,uDAAuD,OAAO,EAAE,CAAC,CAAC;AACpF,CAAC;AAED,SAAS,MAAM,CAAC,IAAY,EAAE,QAAgB;IAC5C,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC5B,IAAI,CAAC,CAAC,EAAE,CAAC;QACP,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjC,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;AAC3C,CAAC;AAED,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC;AAExD,SAAS,OAAO,CAAC,IAAY,EAAE,QAAiB;IAC9C,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC5B,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;QACpB,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,MAAM,cAAc,GAClB,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,uBAAuB,CAAC;IAC9D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC;IACrD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,mGAAmG,CACpG,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GACd,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,WAAW,CAAC,cAAc,CAAC,CAAC;IAC9D,MAAM,cAAc,GAClB,OAAO,CAAC,GAAG,CAAC,yBAAyB;QACrC,OAAO,CAAC,OAAO,EAAE,EAAE,YAAY,EAAE,oBAAoB,CAAC,CAAC;IAEzD,OAAO;QACL,cAAc;QACd,UAAU;QACV,UAAU;QACV,mBAAmB,EAAE,MAAM,CAAC,4BAA4B,EAAE,IAAI,CAAC;QAC/D,cAAc;QACd,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC;KAC/B,CAAC;AACJ,CAAC"}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAkBpC,SAAS,WAAW,CAAC,OAAe;IAClC,IAAI,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QACnC,OAAO,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC;IACjF,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAClC,OAAO,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC;IAC/E,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,uDAAuD,OAAO,EAAE,CAAC,CAAC;AACpF,CAAC;AAED,SAAS,MAAM,CAAC,IAAY,EAAE,QAAgB;IAC5C,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC5B,IAAI,CAAC,CAAC,EAAE,CAAC;QACP,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjC,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;AAC3C,CAAC;AAED,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC;AAExD,SAAS,OAAO,CAAC,IAAY,EAAE,QAAiB;IAC9C,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC5B,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;QACpB,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,MAAM,cAAc,GAClB,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,uBAAuB,CAAC;IAC9D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC;IACrD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CACb,mGAAmG,CACpG,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GACd,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,WAAW,CAAC,cAAc,CAAC,CAAC;IAC9D,MAAM,cAAc,GAClB,OAAO,CAAC,GAAG,CAAC,yBAAyB;QACrC,OAAO,CAAC,OAAO,EAAE,EAAE,YAAY,EAAE,oBAAoB,CAAC,CAAC;IAEzD,OAAO;QACL,cAAc;QACd,UAAU;QACV,UAAU;QACV,mBAAmB,EAAE,MAAM,CAAC,4BAA4B,EAAE,IAAI,CAAC;QAC/D,cAAc;QACd,mBAAmB,EAAE,OAAO,CAC1B,0CAA0C,EAC1C,KAAK,CACN;QACD,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC;KAC/B,CAAC;AACJ,CAAC"}

package/dist/index.js

@@ -5,7 +5,7 @@ import { fileURLToPath } from "node:url";
 import { loadConfig } from "./config.js";
 import { HydraDiscovery } from "./discovery.js";
 import { ApproverBridge } from "./bridge.js";
-import { ABSTAIN_RULE, loadRule } from "./rule.js";
+import { ALLOW_ALL_RULE, DEFAULT_RULE, loadRule, } from "./rule.js";
 import { logger, setDebug } from "./util/log.js";
 import { watchConfigPath } from "./util/watch.js";
 const log = logger("main");
@@ -30,8 +30,14 @@ async function main() {
     // The current rule function. SIGHUP-triggered reloads mutate this
     // box; bridges re-read it on each request via a thunk so they always
     // see the latest version.
-    let currentRule = ABSTAIN_RULE;
-    currentRule = await loadRule(config.ruleConfigPath);
+    let currentRule = DEFAULT_RULE;
+    if (config.dangerouslyAllowAll) {
+        log.warn("HYDRA_ACP_APPROVER_DANGEROUSLY_ALLOW_ALL is set — auto-approving every permission request. Rule config file is ignored.");
+        currentRule = ALLOW_ALL_RULE;
+    }
+    else {
+        currentRule = await loadRule(config.ruleConfigPath);
+    }
     const bridges = new Map();
     const discovery = new HydraDiscovery({
         daemonUrl: config.hydraDaemonUrl,
@@ -87,20 +93,21 @@ async function main() {
             log.warn(`rule reload failed: ${err.message}`);
         });
     };
-    process.on("SIGHUP", () => reloadRule("SIGHUP"));
-    // Auto-reload when the config file is edited. Watches the parent
-    // directory so it survives editor temp-file-then-rename and picks up
-    // the file even if it didn't exist at startup. SIGHUP stays as a
-    // manual fallback for setups where fs.watch is unreliable (NFS,
-    // network mounts, etc.).
-    const configWatcher = watchConfigPath({
-        path: config.ruleConfigPath,
-        onChange: () => reloadRule("config file changed"),
-        onError: (err) => log.warn(`config watcher error: ${err.message}`),
-    });
+    // Skip rule reloading entirely when dangerouslyAllowAll is on —
+    // the config file is being ignored, so there's nothing to reload.
+    const configWatcher = config.dangerouslyAllowAll
+        ? null
+        : watchConfigPath({
+            path: config.ruleConfigPath,
+            onChange: () => reloadRule("config file changed"),
+            onError: (err) => log.warn(`config watcher error: ${err.message}`),
+        });
+    if (!config.dangerouslyAllowAll) {
+        process.on("SIGHUP", () => reloadRule("SIGHUP"));
+    }
     const shutdown = (sig) => {
         log.info(`${sig} received — shutting down`);
-        configWatcher.stop();
+        configWatcher?.stop();
         discovery.stop();
         for (const bridge of bridges.values()) {
             bridge.stop();

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAqB,MAAM,WAAW,CAAC;AACtE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;AAE3B,SAAS,WAAW;IAClB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACrD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CACpB,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,iBAAiB,CAAC,EAAE,MAAM,CAAC,CAC/B,CAAC;QAC1B,OAAO,GAAG,CAAC,OAAO,IAAI,SAAS,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACtD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,WAAW,EAAE,IAAI,CAAC,CAAC;QAC9D,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEvB,kEAAkE;IAClE,qEAAqE;IACrE,0BAA0B;IAC1B,IAAI,WAAW,GAAiB,YAAY,CAAC;IAC7C,WAAW,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IAEpD,MAAM,OAAO,GAAG,IAAI,GAAG,EAA0B,CAAC;IAElD,MAAM,SAAS,GAAG,IAAI,cAAc,CAAC;QACnC,SAAS,EAAE,MAAM,CAAC,cAAc;QAChC,KAAK,EAAE,MAAM,CAAC,UAAU;QACxB,cAAc,EAAE,MAAM,CAAC,mBAAmB;QAC1C,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;gBACnC,OAAO;YACT,CAAC;YACD,GAAG,CAAC,IAAI,CACN,gBAAgB,OAAO,CAAC,SAAS,UAAU,OAAO,CAAC,OAAO,IAAI,GAAG,QAAQ,OAAO,CAAC,GAAG,EAAE,CACvF,CAAC;YACF,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC;gBAChC,WAAW,EAAE,MAAM,CAAC,UAAU;gBAC9B,KAAK,EAAE,MAAM,CAAC,UAAU;gBACxB,IAAI,EAAE;oBACJ,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,GAAG,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS;wBAC/B,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE;wBAC9B,CAAC,CAAC,EAAE,CAAC;iBACR;gBACD,OAAO,EAAE,GAAG,EAAE,CAAC,WAAW;aAC3B,CAAC,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YACvC,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;QACD,QAAQ,EAAE,CAAC,SAAS,EAAE,EAAE;YACtB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACtC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;YACT,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,kBAAkB,SAAS,EAAE,CAAC,CAAC;YACxC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC1B,MAAM,CAAC,IAAI,EAAE,CAAC;QAChB,CAAC;KACF,CAAC,CAAC;IACH,SAAS,CAAC,KAAK,EAAE,CAAC;IAElB,6DAA6D;IAC7D,oEAAoE;IACpE,iEAAiE;IACjE,mEAAmE;IACnE,qDAAqD;IACrD,MAAM,UAAU,GAAG,CAAC,MAAc,EAAQ,EAAE;QAC1C,GAAG,CAAC,IAAI,CAAC,GAAG,MAAM,0BAA0B,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;QACrE,QAAQ,CAAC,MAAM,CAAC,cAAc,CAAC;aAC5B,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;YACb,WAAW,GAAG,IAAI,CAAC;YACnB,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;gBACtC,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACnC,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;YACtB,GAAG,CAAC,IAAI,CAAC,uBAAwB,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEjD,iEAAiE;IACjE,qEAAqE;IACrE,iEAAiE;IACjE,gEAAgE;IAChE,yBAAyB;IACzB,MAAM,aAAa,GAAG,eAAe,CAAC;QACpC,IAAI,EAAE,MAAM,CAAC,cAAc;QAC3B,QAAQ,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC;QACjD,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,yBAAyB,GAAG,CAAC,OAAO,EAAE,CAAC;KACnE,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,CAAC,GAAW,EAAQ,EAAE;QACrC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,2BAA2B,CAAC,CAAC;QAC5C,aAAa,CAAC,IAAI,EAAE,CAAC;QACrB,SAAS,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,EAAE,CAAC;QAChB,CAAC;QACD,iDAAiD;QACjD,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC;IACjD,CAAC,CAAC;IACF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/C,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;IAEjD,GAAG,CAAC,IAAI,CACN,iCAAiC,MAAM,CAAC,cAAc,SAAS,MAAM,CAAC,cAAc,EAAE,CACvF,CAAC;AACJ,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAwB,GAAa,CAAC,OAAO,IAAI,CAAC,CAAC;IACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EACL,cAAc,EACd,YAAY,EACZ,QAAQ,GAET,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;AAE3B,SAAS,WAAW;IAClB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACrD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CACpB,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,iBAAiB,CAAC,EAAE,MAAM,CAAC,CAC/B,CAAC;QAC1B,OAAO,GAAG,CAAC,OAAO,IAAI,SAAS,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACtD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,WAAW,EAAE,IAAI,CAAC,CAAC;QAC9D,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEvB,kEAAkE;IAClE,qEAAqE;IACrE,0BAA0B;IAC1B,IAAI,WAAW,GAAiB,YAAY,CAAC;IAC7C,IAAI,MAAM,CAAC,mBAAmB,EAAE,CAAC;QAC/B,GAAG,CAAC,IAAI,CACN,yHAAyH,CAC1H,CAAC;QACF,WAAW,GAAG,cAAc,CAAC;IAC/B,CAAC;SAAM,CAAC;QACN,WAAW,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,GAAG,EAA0B,CAAC;IAElD,MAAM,SAAS,GAAG,IAAI,cAAc,CAAC;QACnC,SAAS,EAAE,MAAM,CAAC,cAAc;QAChC,KAAK,EAAE,MAAM,CAAC,UAAU;QACxB,cAAc,EAAE,MAAM,CAAC,mBAAmB;QAC1C,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;gBACnC,OAAO;YACT,CAAC;YACD,GAAG,CAAC,IAAI,CACN,gBAAgB,OAAO,CAAC,SAAS,UAAU,OAAO,CAAC,OAAO,IAAI,GAAG,QAAQ,OAAO,CAAC,GAAG,EAAE,CACvF,CAAC;YACF,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC;gBAChC,WAAW,EAAE,MAAM,CAAC,UAAU;gBAC9B,KAAK,EAAE,MAAM,CAAC,UAAU;gBACxB,IAAI,EAAE;oBACJ,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,GAAG,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS;wBAC/B,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE;wBAC9B,CAAC,CAAC,EAAE,CAAC;iBACR;gBACD,OAAO,EAAE,GAAG,EAAE,CAAC,WAAW;aAC3B,CAAC,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YACvC,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;QACD,QAAQ,EAAE,CAAC,SAAS,EAAE,EAAE;YACtB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACtC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO;YACT,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,kBAAkB,SAAS,EAAE,CAAC,CAAC;YACxC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC1B,MAAM,CAAC,IAAI,EAAE,CAAC;QAChB,CAAC;KACF,CAAC,CAAC;IACH,SAAS,CAAC,KAAK,EAAE,CAAC;IAElB,6DAA6D;IAC7D,oEAAoE;IACpE,iEAAiE;IACjE,mEAAmE;IACnE,qDAAqD;IACrD,MAAM,UAAU,GAAG,CAAC,MAAc,EAAQ,EAAE;QAC1C,GAAG,CAAC,IAAI,CAAC,GAAG,MAAM,0BAA0B,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;QACrE,QAAQ,CAAC,MAAM,CAAC,cAAc,CAAC;aAC5B,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;YACb,WAAW,GAAG,IAAI,CAAC;YACnB,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;gBACtC,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACnC,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;YACtB,GAAG,CAAC,IAAI,CAAC,uBAAwB,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;IAEF,gEAAgE;IAChE,kEAAkE;IAClE,MAAM,aAAa,GAAG,MAAM,CAAC,mBAAmB;QAC9C,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,eAAe,CAAC;YACd,IAAI,EAAE,MAAM,CAAC,cAAc;YAC3B,QAAQ,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,qBAAqB,CAAC;YACjD,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,yBAAyB,GAAG,CAAC,OAAO,EAAE,CAAC;SACnE,CAAC,CAAC;IACP,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,CAAC;QAChC,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;IACnD,CAAC;IAED,MAAM,QAAQ,GAAG,CAAC,GAAW,EAAQ,EAAE;QACrC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,2BAA2B,CAAC,CAAC;QAC5C,aAAa,EAAE,IAAI,EAAE,CAAC;QACtB,SAAS,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,EAAE,CAAC;QAChB,CAAC;QACD,iDAAiD;QACjD,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC;IACjD,CAAC,CAAC;IACF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/C,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;IAEjD,GAAG,CAAC,IAAI,CACN,iCAAiC,MAAM,CAAC,cAAc,SAAS,MAAM,CAAC,cAAc,EAAE,CACvF,CAAC;AACJ,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAwB,GAAa,CAAC,OAAO,IAAI,CAAC,CAAC;IACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/rule.js

@@ -2,17 +2,90 @@ import { stat } from "node:fs/promises";
 import { pathToFileURL } from "node:url";
 import { logger } from "./util/log.js";
 const log = logger("rule");
-// The default rule when no config file is present (or when it fails to
-// load): abstain on every request. Safe-by-default so a freshly
-// installed extension never silently auto-approves anything.
+// Fallback when a config file exists but fails to load (bad syntax,
+// no default export, etc.): abstain on every request. We don't guess
+// at the user's intent when their config is broken.
 export const ABSTAIN_RULE = () => null;
+// Engaged by HYDRA_ACP_APPROVER_DANGEROUSLY_ALLOW_ALL=1. Approves
+// every request by picking an allow_once option (allow_always as a
+// fallback). Mirrors Claude Code's --dangerously-skip-permissions:
+// no prompts, no danger-list guarding, no human in the loop.
+export const ALLOW_ALL_RULE = (req) => {
+    const allowOnce = req.options.find((o) => o.kind === "allow_once");
+    if (allowOnce) {
+        return allowOnce.optionId;
+    }
+    const allowAlways = req.options.find((o) => o.kind === "allow_always");
+    if (allowAlways) {
+        return allowAlways.optionId;
+    }
+    return null;
+};
+const SAFE_KINDS = new Set(["read", "search", "other"]);
+// Tool calls whose serialized JSON matches one of these patterns
+// abstain instead of auto-approving, so a human client gets the
+// prompt.
+const DANGEROUS_PATTERNS = [
+    /\brm\b[^\n]*\s-[a-zA-Z]*(rf|fr)[a-zA-Z]*\b[^\n]*(\s|=)(\/(?!\w)|\/\*|~|\$HOME|\*)(\s|"|'|\\|$)/,
+    /\brm\b[^\n]*--recursive\b[^\n]*--force\b[^\n]*(\s|=)(\/(?!\w)|\/\*|~|\$HOME|\*)/,
+    /\brm\b[^\n]*--force\b[^\n]*--recursive\b[^\n]*(\s|=)(\/(?!\w)|\/\*|~|\$HOME|\*)/,
+    /\bdd\b[^\n]*\bof=\/dev\/(sd|nvme|disk|hd|mmcblk|xvd|vd)\w*/i,
+    /\bmkfs(\.\w+)?\s+\/dev\//i,
+    /\bfdisk\s+\/dev\//i,
+    /\bparted\s+\/dev\//i,
+    /\bshred\b[^\n]*\/dev\//i,
+    /:\s*\(\s*\)\s*\{\s*:\s*\|\s*:\s*&\s*\}\s*;\s*:/,
+    />\s*\/dev\/(sd|nvme|disk|hd|mmcblk|xvd|vd)\w*/i,
+    />\s*\/etc\/(passwd|shadow|sudoers|hosts)\b/i,
+    /\b(shutdown|reboot|halt|poweroff)\b/i,
+    /\binit\s+[06]\b/,
+    /\bkill\s+-(?:9|KILL|SIGKILL)\s+1\b/,
+    /\b(curl|wget|fetch)\b[^\n|]*\|\s*(sudo\s+)?(sh|bash|zsh|fish)\b/i,
+    /\bchmod\s+-R\b[^\n]*\s\/(\s|$|"|')/,
+    /\bchown\s+-R\b[^\n]*\s\/(\s|$|"|')/,
+    /\bsudo\s+(rm|dd|mkfs|fdisk|parted|shred|chmod|chown|shutdown|reboot|halt|poweroff|init|userdel|groupdel)\b/i,
+];
+function looksDangerous(toolCall) {
+    let blob;
+    try {
+        blob = JSON.stringify(toolCall);
+    }
+    catch {
+        return true;
+    }
+    return DANGEROUS_PATTERNS.some((p) => p.test(blob));
+}
+function pickAllowOnce(options) {
+    return options.find((o) => o.kind === "allow_once")?.optionId ?? null;
+}
+// The default rule when no config file is present. Matches the
+// "Recommended starting point" shown in README.md: auto-approve
+// read/search/other, auto-approve execute unless it matches a
+// danger pattern, abstain otherwise. Users override this by
+// dropping a JS module at the configured path.
+export const DEFAULT_RULE = (req) => {
+    const kind = req.toolCall?.kind;
+    if (kind !== undefined && SAFE_KINDS.has(kind)) {
+        return pickAllowOnce(req.options);
+    }
+    if (kind === "execute") {
+        if (looksDangerous(req.toolCall)) {
+            return null;
+        }
+        return pickAllowOnce(req.options);
+    }
+    return null;
+};
 let loadCounter = 0;
 // Loads (or reloads) the user's rule function from `path`. Each call
 // re-imports with a fresh cache-busting query param so SIGHUP-driven
 // reloads pick up edits without restarting the process.
 //
-// Returns ABSTAIN_RULE when the file is missing or fails to import;
-// the caller stays running and human clients keep working as before.
+// Returns DEFAULT_RULE when the file is missing (the recommended
+// starting point — auto-approve safe kinds, guard execute against a
+// danger list, abstain otherwise). Returns ABSTAIN_RULE when the
+// file exists but fails to import, so a broken user config doesn't
+// silently fall back to auto-approval.
 export async function loadRule(path) {
     try {
         await stat(path);
@@ -20,8 +93,8 @@ export async function loadRule(path) {
     catch (err) {
         const e = err;
         if (e.code === "ENOENT") {
-            log.info(`no rule config at ${path} — abstaining on every request (drop a JS file at that path to enable auto-approval)`);
-            return ABSTAIN_RULE;
+            log.info(`no rule config at ${path} — using built-in default rule (drop a JS file at that path to override)`);
+            return DEFAULT_RULE;
         }
         log.warn(`stat ${path} failed: ${e.message}; abstaining`);
         return ABSTAIN_RULE;

package/dist/rule.js.map

@@ -1 +1 @@
-{"version":3,"file":"rule.js","sourceRoot":"","sources":["../src/rule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAEvC,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;AAwB3B,uEAAuE;AACvE,gEAAgE;AAChE,6DAA6D;AAC7D,MAAM,CAAC,MAAM,YAAY,GAAiB,GAAG,EAAE,CAAC,IAAI,CAAC;AAErD,IAAI,WAAW,GAAG,CAAC,CAAC;AAEpB,qEAAqE;AACrE,qEAAqE;AACrE,wDAAwD;AACxD,EAAE;AACF,oEAAoE;AACpE,qEAAqE;AACrE,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,IAAY;IACzC,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;IACnB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,GAA4B,CAAC;QACvC,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACxB,GAAG,CAAC,IAAI,CACN,qBAAqB,IAAI,sFAAsF,CAChH,CAAC;YACF,OAAO,YAAY,CAAC;QACtB,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,YAAY,CAAC,CAAC,OAAO,cAAc,CAAC,CAAC;QAC1D,OAAO,YAAY,CAAC;IACtB,CAAC;IACD,qEAAqE;IACrE,+DAA+D;IAC/D,sCAAsC;IACtC,WAAW,IAAI,CAAC,CAAC;IACjB,MAAM,GAAG,GAAG,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,MAAM,IAAI,CAAC,GAAG,EAAE,IAAI,WAAW,EAAE,CAAC;IACzE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,CAAC,MAAM,MAAM,CAAC,GAAG,CAAC,CAA0B,CAAC;QACzD,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC;QACvB,IAAI,OAAO,EAAE,KAAK,UAAU,EAAE,CAAC;YAC7B,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,gDAAgD,CAAC,CAAC;YAClE,OAAO,YAAY,CAAC;QACtB,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,6BAA6B,IAAI,EAAE,CAAC,CAAC;QAC9C,OAAO,EAAkB,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,YAAa,GAAa,CAAC,OAAO,cAAc,CAAC,CAAC;QACzE,OAAO,YAAY,CAAC;IACtB,CAAC;AACH,CAAC"}
+{"version":3,"file":"rule.js","sourceRoot":"","sources":["../src/rule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAEvC,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;AAwB3B,oEAAoE;AACpE,qEAAqE;AACrE,oDAAoD;AACpD,MAAM,CAAC,MAAM,YAAY,GAAiB,GAAG,EAAE,CAAC,IAAI,CAAC;AAErD,kEAAkE;AAClE,mEAAmE;AACnE,mEAAmE;AACnE,6DAA6D;AAC7D,MAAM,CAAC,MAAM,cAAc,GAAiB,CAAC,GAAG,EAAE,EAAE;IAClD,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC;IACnE,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,SAAS,CAAC,QAAQ,CAAC;IAC5B,CAAC;IACD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,CAAC;IACvE,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,WAAW,CAAC,QAAQ,CAAC;IAC9B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAEF,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;AAExD,iEAAiE;AACjE,gEAAgE;AAChE,UAAU;AACV,MAAM,kBAAkB,GAAa;IACnC,gGAAgG;IAChG,iFAAiF;IACjF,iFAAiF;IACjF,6DAA6D;IAC7D,2BAA2B;IAC3B,oBAAoB;IACpB,qBAAqB;IACrB,yBAAyB;IACzB,gDAAgD;IAChD,gDAAgD;IAChD,6CAA6C;IAC7C,sCAAsC;IACtC,iBAAiB;IACjB,oCAAoC;IACpC,kEAAkE;IAClE,oCAAoC;IACpC,oCAAoC;IACpC,6GAA6G;CAC9G,CAAC;AAEF,SAAS,cAAc,CAAC,QAAuC;IAC7D,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AACtD,CAAC;AAED,SAAS,aAAa,CACpB,OAAqC;IAErC,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,EAAE,QAAQ,IAAI,IAAI,CAAC;AACxE,CAAC;AAED,+DAA+D;AAC/D,gEAAgE;AAChE,8DAA8D;AAC9D,4DAA4D;AAC5D,+CAA+C;AAC/C,MAAM,CAAC,MAAM,YAAY,GAAiB,CAAC,GAAG,EAAE,EAAE;IAChD,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC;IAChC,IAAI,IAAI,KAAK,SAAS,IAAI,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/C,OAAO,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;IACD,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,IAAI,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAEF,IAAI,WAAW,GAAG,CAAC,CAAC;AAEpB,qEAAqE;AACrE,qEAAqE;AACrE,wDAAwD;AACxD,EAAE;AACF,iEAAiE;AACjE,oEAAoE;AACpE,iEAAiE;AACjE,mEAAmE;AACnE,uCAAuC;AACvC,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,IAAY;IACzC,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;IACnB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,GAA4B,CAAC;QACvC,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACxB,GAAG,CAAC,IAAI,CACN,qBAAqB,IAAI,0EAA0E,CACpG,CAAC;YACF,OAAO,YAAY,CAAC;QACtB,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,YAAY,CAAC,CAAC,OAAO,cAAc,CAAC,CAAC;QAC1D,OAAO,YAAY,CAAC;IACtB,CAAC;IACD,qEAAqE;IACrE,+DAA+D;IAC/D,sCAAsC;IACtC,WAAW,IAAI,CAAC,CAAC;IACjB,MAAM,GAAG,GAAG,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,MAAM,IAAI,CAAC,GAAG,EAAE,IAAI,WAAW,EAAE,CAAC;IACzE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,CAAC,MAAM,MAAM,CAAC,GAAG,CAAC,CAA0B,CAAC;QACzD,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC;QACvB,IAAI,OAAO,EAAE,KAAK,UAAU,EAAE,CAAC;YAC7B,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,gDAAgD,CAAC,CAAC;YAClE,OAAO,YAAY,CAAC;QACtB,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,6BAA6B,IAAI,EAAE,CAAC,CAAC;QAC9C,OAAO,EAAkB,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,YAAa,GAAa,CAAC,OAAO,cAAc,CAAC,CAAC;QACzE,OAAO,YAAY,CAAC;IACtB,CAAC;AACH,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hydra-acp/approver",
-  "version": "0.1.5",
+  "version": "0.1.7",
   "description": "Headless permission auto-approver extension for hydra-acp.",
   "license": "MIT",
   "type": "module",