@jmylchreest/aide-plugin 0.0.57 → 0.0.58

package/src/hooks/permission-handler.ts

@@ -0,0 +1,173 @@
+#!/usr/bin/env node
+/**
+ * Permission Handler Hook (PermissionRequest)
+ *
+ * OPT-IN: This hook is NOT registered in plugin.json by default.
+ * To enable, add a PermissionRequest entry to .claude-plugin/plugin.json.
+ * Not available in OpenCode (no equivalent event).
+ *
+ * Validates Bash commands before permission prompts are shown.
+ * Can auto-approve safe commands or block dangerous ones.
+ *
+ * PermissionRequest data from Claude Code:
+ * - tool_name: "Bash"
+ * - tool_input: { command: "...", ... }
+ * - cwd, session_id
+ *
+ * Returns:
+ * - { allow: true } to auto-approve
+ * - { allow: false, reason: "..." } to block
+ * - { continue: true } to show normal permission prompt
+ */
+
+import { readStdin, findAideBinary, runAide } from "../lib/hook-utils.js";
+import { sanitizeForLog } from "../core/aide-client.js";
+import { debug } from "../lib/logger.js";
+
+const SOURCE = "permission-handler";
+
+interface PermissionRequestInput {
+  event: "PermissionRequest";
+  tool_name: string;
+  tool_input: {
+    command?: string;
+    [key: string]: unknown;
+  };
+  cwd: string;
+  session_id: string;
+}
+
+interface PermissionResponse {
+  allow?: boolean;
+  reason?: string;
+  continue?: boolean;
+}
+
+// Commands that are always safe to auto-approve
+const SAFE_COMMANDS = [
+  /^ls\b/,
+  /^pwd$/,
+  /^echo\b/,
+  /^cat\b/,
+  /^head\b/,
+  /^tail\b/,
+  /^wc\b/,
+  /^grep\b/,
+  /^find\b/,
+  /^which\b/,
+  /^git\s+(status|log|diff|branch|show)\b/,
+  /^git\s+stash\s+list\b/,
+  /^npm\s+(list|ls|outdated|view)\b/,
+  /^yarn\s+(list|info)\b/,
+  /^pnpm\s+(list|outdated)\b/,
+  /^node\s+--version$/,
+  /^npm\s+--version$/,
+  /^python\s+--version$/,
+  /^go\s+version$/,
+  /^cargo\s+--version$/,
+];
+
+// Commands that should be blocked without prompting
+const BLOCKED_COMMANDS = [
+  /rm\s+-rf\s+[/~]/, // rm -rf / or ~
+  /rm\s+-rf\s+\*/, // rm -rf *
+  /dd\s+.*of=\/dev\//, // dd to device
+  /mkfs\./, // format filesystem
+  /:\(\)\{:\|:&\};:/, // fork bomb
+  />\s*\/dev\/sd[a-z]/, // write to disk device
+  /curl.*\|\s*(ba)?sh/, // curl pipe to shell
+  /wget.*\|\s*(ba)?sh/, // wget pipe to shell
+];
+
+/**
+ * Log permission decision to aide-memory
+ */
+function logPermission(cwd: string, command: string, decision: string): void {
+  if (!findAideBinary(cwd)) return;
+
+  const safeCommand = sanitizeForLog(command).slice(0, 200);
+  runAide(cwd, [
+    "message",
+    "send",
+    `${decision}: ${safeCommand}`,
+    "--from=system",
+    "--type=permission",
+  ]);
+}
+
+/**
+ * Check if command matches any patterns
+ */
+function matchesPatterns(command: string, patterns: RegExp[]): boolean {
+  return patterns.some((pattern) => pattern.test(command));
+}
+
+async function main(): Promise<void> {
+  try {
+    const input = await readStdin();
+    if (!input.trim()) {
+      console.log(JSON.stringify({ continue: true }));
+      return;
+    }
+
+    const data: PermissionRequestInput = JSON.parse(input);
+
+    // Only handle Bash permissions
+    if (data.tool_name !== "Bash" || !data.tool_input?.command) {
+      console.log(JSON.stringify({ continue: true }));
+      return;
+    }
+
+    const command = data.tool_input.command;
+    const cwd = data.cwd || process.cwd();
+
+    // Check for blocked commands first
+    if (matchesPatterns(command, BLOCKED_COMMANDS)) {
+      logPermission(cwd, command, "BLOCKED");
+      const response: PermissionResponse = {
+        allow: false,
+        reason:
+          "This command has been blocked for safety. It matches a dangerous pattern.",
+      };
+      console.log(JSON.stringify(response));
+      return;
+    }
+
+    // Check for safe commands to auto-approve
+    if (matchesPatterns(command, SAFE_COMMANDS)) {
+      logPermission(cwd, command, "AUTO-APPROVED");
+      const response: PermissionResponse = {
+        allow: true,
+      };
+      console.log(JSON.stringify(response));
+      return;
+    }
+
+    // Default: show normal permission prompt
+    console.log(JSON.stringify({ continue: true }));
+  } catch (error) {
+    debug(SOURCE, `Hook error: ${error}`);
+    console.log(JSON.stringify({ continue: true }));
+  }
+}
+
+process.on("uncaughtException", (err) => {
+  debug(SOURCE, `UNCAUGHT EXCEPTION: ${err}`);
+  try {
+    console.log(JSON.stringify({ continue: true }));
+  } catch {
+    console.log('{"continue":true}');
+  }
+  process.exit(0);
+});
+process.on("unhandledRejection", (reason) => {
+  debug(SOURCE, `UNHANDLED REJECTION: ${reason}`);
+  try {
+    console.log(JSON.stringify({ continue: true }));
+  } catch {
+    console.log('{"continue":true}');
+  }
+  process.exit(0);
+});
+
+main();

package/src/hooks/persistence.ts

@@ -0,0 +1,93 @@
+#!/usr/bin/env node
+/**
+ * Persistence Hook (Stop)
+ *
+ * Prevents Claude from stopping when work is incomplete.
+ * Checks for active modes (autopilot) via aide-memory state.
+ */
+
+import { readStdin } from "../lib/hook-utils.js";
+import { findAideBinary } from "../core/aide-client.js";
+import { checkPersistence } from "../core/persistence-logic.js";
+import { debug } from "../lib/logger.js";
+
+const SOURCE = "persistence";
+
+interface HookInput {
+  hook_event_name: string;
+  session_id: string;
+  cwd: string;
+  stop_hook_active?: boolean;
+  transcript_path?: string;
+  permission_mode?: string;
+}
+
+interface HookOutput {
+  decision?: "block";
+  reason?: string;
+}
+
+async function main(): Promise<void> {
+  try {
+    const input = await readStdin();
+    if (!input.trim()) {
+      console.log(JSON.stringify({}));
+      return;
+    }
+
+    const data: HookInput = JSON.parse(input);
+    const cwd = data.cwd || process.cwd();
+
+    if (data.stop_hook_active) {
+      console.log(JSON.stringify({}));
+      return;
+    }
+
+    const binary = findAideBinary({
+      cwd,
+      pluginRoot:
+        process.env.AIDE_PLUGIN_ROOT || process.env.CLAUDE_PLUGIN_ROOT,
+    });
+    if (!binary) {
+      console.log(JSON.stringify({}));
+      return;
+    }
+
+    const result = checkPersistence(binary, cwd, data.session_id);
+    if (!result) {
+      console.log(JSON.stringify({}));
+      return;
+    }
+
+    const output: HookOutput = {
+      decision: "block",
+      reason: result.reason,
+    };
+
+    console.log(JSON.stringify(output));
+  } catch (err) {
+    debug(SOURCE, `Hook error: ${err}`);
+    console.log(JSON.stringify({}));
+  }
+}
+
+process.on("uncaughtException", (err) => {
+  debug(SOURCE, `UNCAUGHT EXCEPTION: ${err}`);
+  try {
+    console.log(JSON.stringify({}));
+  } catch {
+    console.log("{}");
+  }
+  process.exit(0);
+});
+process.on("unhandledRejection", (reason) => {
+  debug(SOURCE, `UNHANDLED REJECTION: ${reason}`);
+  try {
+    console.log(JSON.stringify({}));
+  } catch {
+    console.log("{}");
+  }
+  process.exit(0);
+});
+
+main();

package/src/hooks/pre-compact.ts

@@ -0,0 +1,127 @@
+#!/usr/bin/env node
+/**
+ * Pre-Compact Hook (PreCompact)
+ *
+ * Called before Claude Code compacts/summarizes the conversation.
+ * Preserves important context in aide-memory before summarization.
+ *
+ * PreCompact data from Claude Code:
+ * - session_id, cwd
+ * - summary_prompt (the prompt used for summarization)
+ */
+
+import { readStdin } from "../lib/hook-utils.js";
+import { findAideBinary } from "../core/aide-client.js";
+import { saveStateSnapshot as coreSaveStateSnapshot } from "../core/pre-compact-logic.js";
+import {
+  buildSessionSummaryFromState,
+  getSessionCommits,
+  storeSessionSummary,
+} from "../core/session-summary-logic.js";
+import {
+  gatherPartials,
+  buildSummaryFromPartials,
+} from "../core/partial-memory.js";
+import { debug } from "../lib/logger.js";
+
+const SOURCE = "pre-compact";
+
+interface PreCompactInput {
+  event: "PreCompact";
+  session_id: string;
+  cwd: string;
+  summary_prompt?: string;
+}
+
+async function main(): Promise<void> {
+  try {
+    const input = await readStdin();
+    if (!input.trim()) {
+      console.log(JSON.stringify({ continue: true }));
+      return;
+    }
+
+    const data: PreCompactInput = JSON.parse(input);
+    const cwd = data.cwd || process.cwd();
+    const sessionId = data.session_id || "unknown";
+
+    // Save state snapshot before compaction — delegates to core
+    const binary = findAideBinary({
+      cwd,
+      pluginRoot:
+        process.env.AIDE_PLUGIN_ROOT || process.env.CLAUDE_PLUGIN_ROOT,
+    });
+    if (binary) {
+      coreSaveStateSnapshot(binary, cwd, sessionId);
+
+      // Persist a session summary as a memory before context is compacted.
+      // This ensures the work-so-far is recoverable after compaction.
+      // Uses partials (if available) for a richer summary, falling back to git-only.
+      try {
+        const partials = gatherPartials(binary, cwd, sessionId);
+        let summary: string | null = null;
+
+        if (partials.length > 0) {
+          // Build from partials + git data
+          const commits = getSessionCommits(cwd);
+          summary = buildSummaryFromPartials(partials, commits, []);
+          debug(
+            SOURCE,
+            `Built pre-compact summary from ${partials.length} partials`,
+          );
+        }
+
+        // Fall back to state-only summary if no partials
+        if (!summary) {
+          summary = buildSessionSummaryFromState(cwd);
+        }
+
+        if (summary) {
+          // Tag as partial so the session-end summary supersedes it
+          const tags = `partial,session-summary,session:${sessionId}`;
+          (await import("child_process")).execFileSync(
+            binary,
+            ["memory", "add", "--category=session", `--tags=${tags}`, summary],
+            { cwd, stdio: "pipe", timeout: 5000 },
+          );
+          debug(
+            SOURCE,
+            `Saved pre-compaction partial session summary for ${sessionId.slice(0, 8)}`,
+          );
+        }
+      } catch (err) {
+        debug(
+          SOURCE,
+          `Failed to save pre-compaction summary (non-fatal): ${err}`,
+        );
+      }
+    }
+
+    // Always allow compaction to continue
+    console.log(JSON.stringify({ continue: true }));
+  } catch (error) {
+    debug(SOURCE, `Hook error: ${error}`);
+    console.log(JSON.stringify({ continue: true }));
+  }
+}
+
+process.on("uncaughtException", (err) => {
+  debug(SOURCE, `UNCAUGHT EXCEPTION: ${err}`);
+  try {
+    console.log(JSON.stringify({ continue: true }));
+  } catch {
+    console.log('{"continue":true}');
+  }
+  process.exit(0);
+});
+process.on("unhandledRejection", (reason) => {
+  debug(SOURCE, `UNHANDLED REJECTION: ${reason}`);
+  try {
+    console.log(JSON.stringify({ continue: true }));
+  } catch {
+    console.log('{"continue":true}');
+  }
+  process.exit(0);
+});
+
+main();

package/src/hooks/pre-tool-enforcer.ts

@@ -0,0 +1,120 @@
+#!/usr/bin/env node
+/**
+ * Pre-Tool Enforcer Hook (PreToolUse)
+ *
+ * Enforces tool access rules:
+ * - Read-only agents cannot use write tools
+ * - Injects contextual reminders
+ * - Tracks active state
+ *
+ * Core logic is in src/core/tool-enforcement.ts for cross-platform reuse.
+ */
+
+import { readStdin } from "../lib/hook-utils.js";
+import { debug } from "../lib/logger.js";
+import { evaluateToolUse } from "../core/tool-enforcement.js";
+import { findAideBinary, getState } from "../core/aide-client.js";
+
+const SOURCE = "pre-tool-enforcer";
+
+interface HookInput {
+  hook_event_name: string;
+  session_id: string;
+  cwd: string;
+  tool_name?: string;
+  agent_name?: string;
+  agent_id?: string;
+  transcript_path?: string;
+  permission_mode?: string;
+}
+
+interface HookOutput {
+  continue: boolean;
+  message?: string;
+  hookSpecificOutput?: {
+    hookEventName: string;
+    additionalContext?: string;
+  };
+}
+
+async function main(): Promise<void> {
+  try {
+    const input = await readStdin();
+    if (!input.trim()) {
+      console.log(JSON.stringify({ continue: true }));
+      return;
+    }
+
+    const data: HookInput = JSON.parse(input);
+    const toolName = data.tool_name || "";
+    const agentName = data.agent_name || "";
+    const cwd = data.cwd || process.cwd();
+
+    // Resolve active mode from aide binary (source of truth: BBolt store)
+    let activeMode: string | null = null;
+    try {
+      const binary = findAideBinary({
+        cwd,
+        pluginRoot:
+          process.env.AIDE_PLUGIN_ROOT || process.env.CLAUDE_PLUGIN_ROOT,
+      });
+      if (binary) {
+        activeMode = getState(binary, cwd, "mode");
+      }
+    } catch (err) {
+      debug(SOURCE, `Failed to resolve active mode (non-fatal): ${err}`);
+    }
+
+    const result = evaluateToolUse(
+      toolName,
+      agentName || undefined,
+      activeMode,
+    );
+
+    if (!result.allowed) {
+      const output: HookOutput = {
+        continue: false,
+        message: result.denyMessage,
+      };
+      console.log(JSON.stringify(output));
+      return;
+    }
+
+    if (result.reminder) {
+      const output: HookOutput = {
+        continue: true,
+        hookSpecificOutput: {
+          hookEventName: "PreToolUse",
+          additionalContext: result.reminder,
+        },
+      };
+      console.log(JSON.stringify(output));
+    } else {
+      console.log(JSON.stringify({ continue: true }));
+    }
+  } catch (error) {
+    debug(SOURCE, `Hook error: ${error}`);
+    console.log(JSON.stringify({ continue: true }));
+  }
+}
+
+process.on("uncaughtException", (err) => {
+  debug(SOURCE, `UNCAUGHT EXCEPTION: ${err}`);
+  try {
+    console.log(JSON.stringify({ continue: true }));
+  } catch {
+    console.log('{"continue":true}');
+  }
+  process.exit(0);
+});
+process.on("unhandledRejection", (reason) => {
+  debug(SOURCE, `UNHANDLED REJECTION: ${reason}`);
+  try {
+    console.log(JSON.stringify({ continue: true }));
+  } catch {
+    console.log('{"continue":true}');
+  }
+  process.exit(0);
+});
+
+main();

package/src/hooks/session-end.ts

@@ -0,0 +1,148 @@
+#!/usr/bin/env node
+/**
+ * Session End Hook (SessionEnd)
+ *
+ * Delegates cleanup to `aide session end` — single binary invocation.
+ *
+ * When invoked from Codex CLI's Stop hook (which has no separate SessionEnd),
+ * checks whether autopilot mode is active and skips cleanup if so — the
+ * session is continuing, not ending.
+ *
+ * CONSTRAINTS:
+ * - No ES module imports (hoisted resolution adds ~3s)
+ * - Output {"continue": true} before require() resolves
+ * - Cleanup via detached spawn to avoid blocking exit
+ * - MUST complete well within Claude Code's ~1.5s hook timeout
+ *
+ * STDIN:
+ * Claude Code pipes JSON via stdin and closes the pipe. The documented
+ * payload includes session_id, but in practice Claude Code often sends
+ * just `{}`. Bun's `for await` async iterator on stdin hangs even when
+ * the pipe is closed — use synchronous readFileSync(0) instead.
+ */
+
+const T0 = performance.now();
+
+// Output continue IMMEDIATELY — before require(), before anything.
+console.log(JSON.stringify({ continue: true }));
+
+const { spawn, execFileSync } = require("child_process") as typeof import("child_process");
+const { existsSync, realpathSync, appendFileSync, mkdirSync, readFileSync } = require("fs") as typeof import("fs");
+const { join } = require("path") as typeof import("path");
+const whichSync = (require("which") as typeof import("which")).sync;
+
+const SESSION_ID_RE = /^[a-zA-Z0-9_-]{1,128}$/;
+
+/** Elapsed ms since T0. */
+function ms(): string {
+  return `+${(performance.now() - T0).toFixed(0)}ms`;
+}
+
+/**
+ * Always log to .aide/_logs/session-end.log (NOT gated on AIDE_DEBUG).
+ * This hook has historically been invisible when it fails — always log.
+ */
+function log(cwd: string, msg: string): void {
+  try {
+    const logDir = join(cwd, ".aide", "_logs");
+    if (!existsSync(logDir)) mkdirSync(logDir, { recursive: true });
+    const line = `[${new Date().toISOString()}] [session-end] ${ms()} ${msg}\n`;
+    appendFileSync(join(logDir, "session-end.log"), line);
+  } catch { /* best effort */ }
+}
+
+/** Find aide binary — inline, no external module imports. */
+function findBinary(cwd?: string): string | null {
+  const pluginRoot = process.env.AIDE_PLUGIN_ROOT || process.env.CLAUDE_PLUGIN_ROOT;
+  let resolvedRoot = pluginRoot;
+  if (resolvedRoot) {
+    try { resolvedRoot = realpathSync(resolvedRoot); } catch { /* symlink may not resolve */ }
+    const p = join(resolvedRoot, "bin", "aide");
+    if (existsSync(p)) return p;
+  }
+  if (cwd) {
+    const p = join(cwd, ".aide", "bin", "aide");
+    if (existsSync(p)) return p;
+  }
+  try {
+    return whichSync("aide", { nothrow: true });
+  } catch { return null; }
+}
+
+function main(): void {
+  const cwd = process.cwd();
+  log(cwd, "started");
+
+  try {
+    // Read stdin synchronously — avoids bun's broken async iterator.
+    // Claude Code closes the pipe so this returns immediately.
+    let input = "";
+    try {
+      input = readFileSync(0, "utf-8");
+    } catch {
+      log(cwd, "stdin not readable (not a pipe?)");
+    }
+    log(cwd, `stdin (${input.length} bytes): ${input.trim().slice(0, 200)}`);
+
+    // Parse session_id from stdin JSON
+    let sessionId = "";
+    if (input.trim()) {
+      try {
+        const data = JSON.parse(input);
+        sessionId = data.session_id || "";
+      } catch {
+        log(cwd, "stdin is not valid JSON");
+      }
+    }
+
+    if (!sessionId) {
+      log(cwd, "no session_id in payload, skipping cleanup");
+      return;
+    }
+
+    if (!SESSION_ID_RE.test(sessionId)) {
+      log(cwd, `invalid session_id: ${sessionId}`);
+      return;
+    }
+
+    const binary = findBinary(cwd);
+    log(cwd, `binary: ${binary}`);
+    if (!binary) {
+      log(cwd, "no binary found, skipping cleanup");
+      return;
+    }
+
+    // Mode guard: skip cleanup if autopilot is active (session is continuing,
+    // not ending). This matters when Codex CLI invokes session-end from Stop
+    // hook since there's no separate SessionEnd event.
+    try {
+      const mode = execFileSync(binary, ["state", "get", "mode"], {
+        cwd, timeout: 500, encoding: "utf-8",
+      }).trim();
+      if (mode === "autopilot") {
+        log(cwd, "autopilot mode active, skipping cleanup (session continuing)");
+        return;
+      }
+    } catch {
+      // Binary may not support 'state get' or state may not exist — proceed
+    }
+
+    log(cwd, `spawning cleanup: session end --session=${sessionId}`);
+    const child = spawn(binary, ["session", "end", `--session=${sessionId}`], {
+      cwd, detached: true, stdio: "ignore",
+    });
+    child.unref();
+    log(cwd, "cleanup spawned (detached)");
+  } catch (error) {
+    log(cwd, `error: ${error}`);
+  }
+
+  log(cwd, `done ${ms()}`);
+}
+
+// On SIGINT/SIGTERM, exit cleanly (continue already output).
+process.on("SIGINT", () => process.exit(0));
+process.on("SIGTERM", () => process.exit(0));
+
+main();
+process.exit(0);