@malcomsonbrothers/claude-code-permission-hook 0.1.0

package/dist/logger.js

@@ -0,0 +1,45 @@
+import { appendFileSync, existsSync, statSync, readFileSync } from "fs";
+import { join } from "path";
+import { getConfigDir, loadConfig, ensureConfigDir } from "./config.js";
+const LOG_FILE = "approval.jsonl";
+function getLogPath() {
+    return join(getConfigDir(), LOG_FILE);
+}
+export function logDecision(entry) {
+    const config = loadConfig();
+    if (!config.logging.enabled) {
+        return;
+    }
+    ensureConfigDir();
+    const fullEntry = {
+        ...entry,
+        timestamp: new Date().toISOString(),
+    };
+    const line = JSON.stringify(fullEntry) + "\n";
+    appendFileSync(getLogPath(), line);
+}
+export function getLogPath_() {
+    return getLogPath();
+}
+export function logExists() {
+    return existsSync(getLogPath());
+}
+export function getLogStats() {
+    const logPath = getLogPath();
+    if (!existsSync(logPath)) {
+        return null;
+    }
+    try {
+        const stat = statSync(logPath);
+        const content = readFileSync(logPath, "utf-8");
+        const entries = content.trim().split("\n").filter(Boolean).length;
+        return {
+            entries,
+            sizeBytes: stat.size,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=logger.js.map

package/dist/logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAGxE,MAAM,QAAQ,GAAG,gBAAgB,CAAC;AAElC,SAAS,UAAU;IACjB,OAAO,IAAI,CAAC,YAAY,EAAE,EAAE,QAAQ,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,KAAkC;IAC5D,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QAC5B,OAAO;IACT,CAAC;IAED,eAAe,EAAE,CAAC;IAElB,MAAM,SAAS,GAAG;QAChB,GAAG,KAAK;QACR,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IAEF,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC;IAC9C,cAAc,CAAC,UAAU,EAAE,EAAE,IAAI,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,OAAO,UAAU,EAAE,CAAC;AACtB,CAAC;AAED,MAAM,UAAU,SAAS;IACvB,OAAO,UAAU,CAAC,UAAU,EAAE,CAAC,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC/B,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC/C,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;QAElE,OAAO;YACL,OAAO;YACP,SAAS,EAAE,IAAI,CAAC,IAAI;SACrB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/permission-handler.d.ts

@@ -0,0 +1,8 @@
+import { PermissionRequestOutput } from "./types.js";
+/**
+ * Handle a permission request from Claude Code.
+ * Returns PermissionRequestOutput for allow/deny, or null for passthrough.
+ * Passthrough means: exit 0 with no output, letting Claude show its native dialog.
+ */
+export declare function handlePermissionRequest(rawInput: unknown): Promise<PermissionRequestOutput | null>;
+//# sourceMappingURL=permission-handler.d.ts.map

package/dist/permission-handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-handler.d.ts","sourceRoot":"","sources":["../src/permission-handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,uBAAuB,EACxB,MAAM,YAAY,CAAC;AAOpB;;;;GAIG;AACH,wBAAsB,uBAAuB,CAC3C,QAAQ,EAAE,OAAO,GAChB,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC,CA2GzC"}

package/dist/permission-handler.js

@@ -0,0 +1,119 @@
+import { PermissionRequestInputSchema, } from "./types.js";
+import { checkFastDecision } from "./fast-decisions.js";
+import { getCachedDecision, setCachedDecision } from "./cache.js";
+import { queryLLM } from "./llm-client.js";
+import { logDecision } from "./logger.js";
+import { resolveProjectRoot } from "./project.js";
+/**
+ * Handle a permission request from Claude Code.
+ * Returns PermissionRequestOutput for allow/deny, or null for passthrough.
+ * Passthrough means: exit 0 with no output, letting Claude show its native dialog.
+ */
+export async function handlePermissionRequest(rawInput) {
+    // Parse and validate input
+    let input;
+    try {
+        input = PermissionRequestInputSchema.parse(rawInput);
+    }
+    catch (error) {
+        // Invalid input, deny
+        return createDenyResponse("Invalid permission request input");
+    }
+    const { tool_name: toolName, tool_input: toolInput, cwd, session_id: sessionId, } = input;
+    // Resolve the project root from cwd (.git > .claude > cwd fallback)
+    const projectRoot = cwd ? resolveProjectRoot(cwd) : undefined;
+    // Tier 1: Check fast decisions (hardcoded patterns)
+    const fastResult = checkFastDecision(toolName, toolInput);
+    if (fastResult.decision === "allow") {
+        logDecision({
+            toolName,
+            decision: "allow",
+            reason: fastResult.reason || "Fast allow",
+            decisionSource: "fast",
+            sessionId,
+            projectRoot,
+        });
+        return createAllowResponse();
+    }
+    if (fastResult.decision === "deny") {
+        logDecision({
+            toolName,
+            decision: "deny",
+            reason: fastResult.reason || "Fast deny",
+            decisionSource: "fast",
+            sessionId,
+            projectRoot,
+        });
+        return createDenyResponse(fastResult.reason || "Blocked by security pattern");
+    }
+    // Handle fast passthrough (e.g., AskUserQuestion - user must see and respond)
+    if (fastResult.decision === "passthrough") {
+        logDecision({
+            toolName,
+            decision: "passthrough",
+            reason: fastResult.reason || "Fast passthrough",
+            decisionSource: "fast",
+            sessionId,
+            projectRoot,
+        });
+        return null; // Signal passthrough - exit 0 with no output
+    }
+    // Tier 2: Check cache (note: passthrough decisions are never cached)
+    const cached = getCachedDecision(toolName, toolInput, projectRoot);
+    if (cached) {
+        logDecision({
+            toolName,
+            decision: cached.decision,
+            reason: `Cached: ${cached.reason}`,
+            decisionSource: "cache",
+            sessionId,
+            projectRoot,
+        });
+        if (cached.decision === "allow") {
+            return createAllowResponse();
+        }
+        else {
+            return createDenyResponse(cached.reason);
+        }
+    }
+    // Tier 3: Query LLM (returns allow/deny only - passthrough is handled by fast-decisions)
+    const llmResult = await queryLLM(toolName, toolInput, projectRoot);
+    // Cache the result
+    setCachedDecision(toolName, toolInput, llmResult.decision, llmResult.reason, projectRoot);
+    logDecision({
+        toolName,
+        decision: llmResult.decision,
+        reason: llmResult.reason,
+        decisionSource: "llm",
+        sessionId,
+        projectRoot,
+    });
+    if (llmResult.decision === "allow") {
+        return createAllowResponse();
+    }
+    else {
+        return createDenyResponse(llmResult.reason);
+    }
+}
+function createAllowResponse() {
+    return {
+        hookSpecificOutput: {
+            hookEventName: "PermissionRequest",
+            decision: {
+                behavior: "allow",
+            },
+        },
+    };
+}
+function createDenyResponse(message) {
+    return {
+        hookSpecificOutput: {
+            hookEventName: "PermissionRequest",
+            decision: {
+                behavior: "deny",
+                message,
+            },
+        },
+    };
+}
+//# sourceMappingURL=permission-handler.js.map

package/dist/permission-handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-handler.js","sourceRoot":"","sources":["../src/permission-handler.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,4BAA4B,GAE7B,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAElD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,QAAiB;IAEjB,2BAA2B;IAC3B,IAAI,KAAK,CAAC;IACV,IAAI,CAAC;QACH,KAAK,GAAG,4BAA4B,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACvD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,sBAAsB;QACtB,OAAO,kBAAkB,CAAC,kCAAkC,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,EACJ,SAAS,EAAE,QAAQ,EACnB,UAAU,EAAE,SAAS,EACrB,GAAG,EACH,UAAU,EAAE,SAAS,GACtB,GAAG,KAAK,CAAC;IAEV,oEAAoE;IACpE,MAAM,WAAW,GAAG,GAAG,CAAC,CAAC,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAE9D,oDAAoD;IACpD,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAE1D,IAAI,UAAU,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACpC,WAAW,CAAC;YACV,QAAQ;YACR,QAAQ,EAAE,OAAO;YACjB,MAAM,EAAE,UAAU,CAAC,MAAM,IAAI,YAAY;YACzC,cAAc,EAAE,MAAM;YACtB,SAAS;YACT,WAAW;SACZ,CAAC,CAAC;QACH,OAAO,mBAAmB,EAAE,CAAC;IAC/B,CAAC;IAED,IAAI,UAAU,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QACnC,WAAW,CAAC;YACV,QAAQ;YACR,QAAQ,EAAE,MAAM;YAChB,MAAM,EAAE,UAAU,CAAC,MAAM,IAAI,WAAW;YACxC,cAAc,EAAE,MAAM;YACtB,SAAS;YACT,WAAW;SACZ,CAAC,CAAC;QACH,OAAO,kBAAkB,CACvB,UAAU,CAAC,MAAM,IAAI,6BAA6B,CACnD,CAAC;IACJ,CAAC;IAED,8EAA8E;IAC9E,IAAI,UAAU,CAAC,QAAQ,KAAK,aAAa,EAAE,CAAC;QAC1C,WAAW,CAAC;YACV,QAAQ;YACR,QAAQ,EAAE,aAAa;YACvB,MAAM,EAAE,UAAU,CAAC,MAAM,IAAI,kBAAkB;YAC/C,cAAc,EAAE,MAAM;YACtB,SAAS;YACT,WAAW;SACZ,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,CAAC,6CAA6C;IAC5D,CAAC;IAED,qEAAqE;IACrE,MAAM,MAAM,GAAG,iBAAiB,CAAC,QAAQ,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IACnE,IAAI,MAAM,EAAE,CAAC;QACX,WAAW,CAAC;YACV,QAAQ;YACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,MAAM,EAAE,WAAW,MAAM,CAAC,MAAM,EAAE;YAClC,cAAc,EAAE,OAAO;YACvB,SAAS;YACT,WAAW;SACZ,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAChC,OAAO,mBAAmB,EAAE,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,OAAO,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,yFAAyF;IACzF,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IAEnE,mBAAmB;IACnB,iBAAiB,CACf,QAAQ,EACR,SAAS,EACT,SAAS,CAAC,QAAQ,EAClB,SAAS,CAAC,MAAM,EAChB,WAAW,CACZ,CAAC;IAEF,WAAW,CAAC;QACV,QAAQ;QACR,QAAQ,EAAE,SAAS,CAAC,QAAQ;QAC5B,MAAM,EAAE,SAAS,CAAC,MAAM;QACxB,cAAc,EAAE,KAAK;QACrB,SAAS;QACT,WAAW;KACZ,CAAC,CAAC;IAEH,IAAI,SAAS,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACnC,OAAO,mBAAmB,EAAE,CAAC;IAC/B,CAAC;SAAM,CAAC;QACN,OAAO,kBAAkB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB;IAC1B,OAAO;QACL,kBAAkB,EAAE;YAClB,aAAa,EAAE,mBAAmB;YAClC,QAAQ,EAAE;gBACR,QAAQ,EAAE,OAAO;aAClB;SACF;KACF,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe;IACzC,OAAO;QACL,kBAAkB,EAAE;YAClB,aAAa,EAAE,mBAAmB;YAClC,QAAQ,EAAE;gBACR,QAAQ,EAAE,MAAM;gBAChB,OAAO;aACR;SACF;KACF,CAAC;AACJ,CAAC"}

package/dist/project.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Resolve the project root by walking up from the given cwd.
+ * Looks for .git directory first, then .claude directory, falls back to cwd.
+ */
+export declare function resolveProjectRoot(cwd: string): string;
+//# sourceMappingURL=project.d.ts.map

package/dist/project.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"project.d.ts","sourceRoot":"","sources":["../src/project.ts"],"names":[],"mappings":"AAGA;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CA8BtD"}

package/dist/project.js

@@ -0,0 +1,35 @@
+import { existsSync } from "fs";
+import { dirname, join } from "path";
+/**
+ * Resolve the project root by walking up from the given cwd.
+ * Looks for .git directory first, then .claude directory, falls back to cwd.
+ */
+export function resolveProjectRoot(cwd) {
+    let current = cwd;
+    // Walk up looking for .git
+    while (true) {
+        if (existsSync(join(current, ".git"))) {
+            return current;
+        }
+        const parent = dirname(current);
+        if (parent === current) {
+            break;
+        }
+        current = parent;
+    }
+    // Second pass: walk up looking for .claude directory
+    current = cwd;
+    while (true) {
+        if (existsSync(join(current, ".claude"))) {
+            return current;
+        }
+        const parent = dirname(current);
+        if (parent === current) {
+            break;
+        }
+        current = parent;
+    }
+    // Fallback: return cwd as-is
+    return cwd;
+}
+//# sourceMappingURL=project.js.map

package/dist/project.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"project.js","sourceRoot":"","sources":["../src/project.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAChC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAErC;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,IAAI,OAAO,GAAG,GAAG,CAAC;IAElB,2BAA2B;IAC3B,OAAO,IAAI,EAAE,CAAC;QACZ,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;YACtC,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;YACvB,MAAM;QACR,CAAC;QACD,OAAO,GAAG,MAAM,CAAC;IACnB,CAAC;IAED,qDAAqD;IACrD,OAAO,GAAG,GAAG,CAAC;IACd,OAAO,IAAI,EAAE,CAAC;QACZ,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,EAAE,CAAC;YACzC,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;YACvB,MAAM;QACR,CAAC;QACD,OAAO,GAAG,MAAM,CAAC;IACnB,CAAC;IAED,6BAA6B;IAC7B,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,117 @@
+import { z } from "zod";
+export declare const PermissionRequestInputSchema: z.ZodObject<{
+    hook_event_name: z.ZodLiteral<"PermissionRequest">;
+    tool_name: z.ZodString;
+    tool_input: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+    transcript: z.ZodOptional<z.ZodArray<z.ZodUnknown>>;
+    session_id: z.ZodOptional<z.ZodString>;
+    cwd: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type PermissionRequestInput = z.infer<typeof PermissionRequestInputSchema>;
+export declare const PermissionDecisionSchema: z.ZodObject<{
+    behavior: z.ZodEnum<{
+        allow: "allow";
+        deny: "deny";
+    }>;
+    updatedInput: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    message: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export declare const PermissionRequestOutputSchema: z.ZodObject<{
+    hookSpecificOutput: z.ZodObject<{
+        hookEventName: z.ZodLiteral<"PermissionRequest">;
+        decision: z.ZodObject<{
+            behavior: z.ZodEnum<{
+                allow: "allow";
+                deny: "deny";
+            }>;
+            updatedInput: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+            message: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>;
+    }, z.core.$strip>;
+}, z.core.$strip>;
+export type PermissionRequestOutput = z.infer<typeof PermissionRequestOutputSchema>;
+export type PermissionDecision = z.infer<typeof PermissionDecisionSchema>;
+export declare const DEFAULT_SYSTEM_PROMPT = "You are a security-focused AI assistant that evaluates Claude Code tool requests for auto-approval.\n\nYou will receive a tool name, the project root directory, and the tool input. Your job is to decide whether the request should be automatically approved or denied.\n\nCONTEXT:\n- \"Project Root\" is the root of the developer's project (where .git lives). Operations anywhere within the project root are standard development operations and are generally safe.\n- Subdirectories within the project root (e.g. monorepo packages) are still part of the project.\n\nALWAYS DENY:\n- Destructive system commands (rm -rf /, format drives, etc.)\n- Force pushing to protected branches: git push --force / git push -f to main, master, production, staging, develop\n- Commands that exfiltrate credentials or sensitive data to external services (e.g. curl posting /etc/passwd or env vars to a remote URL)\n- Fork bombs or resource exhaustion attacks\n- Any command that modifies system files (/etc, /usr, /bin, /sbin, /boot, Windows/System32, C:\\Windows)\n\nALWAYS ALLOW:\n- Reading files is low-risk regardless of path. Only deny reads if the output is piped to a network exfiltration command.\n- Standard development operations: npm/yarn/pnpm commands, git add, git commit, git push (without --force/-f), building, testing, linting\n- File creation, editing, and deletion within the project root\n- mkdir for paths inside or relative to the project root\n- Writing standard project files: .claude/*, config files, package.json, tsconfig.json, etc.\n- Test execution (npm test, vitest, jest, pytest, etc.)\n- Package installation (npm install, pip install, etc.)\n- Network requests to localhost or well-known APIs (github.com, npmjs.org, pypi.org, etc.)\n- git push (without --force or -f flags) to any branch\n\nNUANCED CASES:\n- git push --force or git push -f: DENY if targeting protected branches (main, master, production, staging, develop). ALLOW if targeting a feature/personal branch.\n- rm / del targeting specific files within the project: ALLOW. rm -rf of directories within the project: ALLOW with caution. rm -rf outside the project: DENY.\n- curl/wget: ALLOW if fetching data. DENY if posting sensitive data (env vars, credentials, private keys) to external URLs.\n- docker commands within the project: generally ALLOW.\n- Copying files from system paths (e.g. node_modules) into the project: ALLOW.\n\nDEFAULT TO ALLOW for standard development operations. Only DENY genuinely dangerous commands.\n\nRespond with JSON only:\n{\n  \"decision\": \"allow\" | \"deny\",\n  \"reason\": \"Brief explanation of your decision\"\n}";
+export declare const ConfigSchema: z.ZodObject<{
+    llm: z.ZodPrefault<z.ZodObject<{
+        provider: z.ZodDefault<z.ZodEnum<{
+            openrouter: "openrouter";
+            openai: "openai";
+            anthropic: "anthropic";
+        }>>;
+        apiKey: z.ZodOptional<z.ZodString>;
+        model: z.ZodDefault<z.ZodString>;
+        baseUrl: z.ZodOptional<z.ZodString>;
+        systemPrompt: z.ZodDefault<z.ZodString>;
+    }, z.core.$strip>>;
+    cache: z.ZodPrefault<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        ttlHours: z.ZodDefault<z.ZodNumber>;
+    }, z.core.$strip>>;
+    logging: z.ZodPrefault<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        level: z.ZodDefault<z.ZodEnum<{
+            debug: "debug";
+            info: "info";
+            warn: "warn";
+            error: "error";
+        }>>;
+    }, z.core.$strip>>;
+    customAllowPatterns: z.ZodDefault<z.ZodArray<z.ZodString>>;
+    customDenyPatterns: z.ZodDefault<z.ZodArray<z.ZodString>>;
+    customPassthroughPatterns: z.ZodDefault<z.ZodArray<z.ZodString>>;
+}, z.core.$strip>;
+export type Config = z.infer<typeof ConfigSchema>;
+export declare const CacheEntrySchema: z.ZodObject<{
+    key: z.ZodString;
+    decision: z.ZodEnum<{
+        allow: "allow";
+        deny: "deny";
+    }>;
+    reason: z.ZodString;
+    timestamp: z.ZodNumber;
+    toolName: z.ZodString;
+    toolInput: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    projectRoot: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type CacheEntry = z.infer<typeof CacheEntrySchema>;
+export declare const CacheFileSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
+    key: z.ZodString;
+    decision: z.ZodEnum<{
+        allow: "allow";
+        deny: "deny";
+    }>;
+    reason: z.ZodString;
+    timestamp: z.ZodNumber;
+    toolName: z.ZodString;
+    toolInput: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    projectRoot: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>>;
+export type CacheFile = z.infer<typeof CacheFileSchema>;
+export declare const LogEntrySchema: z.ZodObject<{
+    timestamp: z.ZodString;
+    sessionId: z.ZodOptional<z.ZodString>;
+    toolName: z.ZodString;
+    decision: z.ZodEnum<{
+        allow: "allow";
+        deny: "deny";
+        passthrough: "passthrough";
+    }>;
+    reason: z.ZodString;
+    decisionSource: z.ZodEnum<{
+        llm: "llm";
+        cache: "cache";
+        fast: "fast";
+    }>;
+    projectRoot: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type LogEntry = z.infer<typeof LogEntrySchema>;
+export declare const LLMResponseSchema: z.ZodObject<{
+    decision: z.ZodEnum<{
+        allow: "allow";
+        deny: "deny";
+    }>;
+    reason: z.ZodString;
+}, z.core.$strip>;
+export type LLMResponse = z.infer<typeof LLMResponseSchema>;
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,eAAO,MAAM,4BAA4B;;;;;;;iBAOvC,CAAC;AAEH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAC1C,OAAO,4BAA4B,CACpC,CAAC;AAGF,eAAO,MAAM,wBAAwB;;;;;;;iBAInC,CAAC;AAEH,eAAO,MAAM,6BAA6B;;;;;;;;;;;;iBAKxC,CAAC;AAEH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAC3C,OAAO,6BAA6B,CACrC,CAAC;AACF,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAG1E,eAAO,MAAM,qBAAqB,0kFAuChC,CAAC;AAGH,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBA2BvB,CAAC;AAEH,MAAM,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAGlD,eAAO,MAAM,gBAAgB;;;;;;;;;;;iBAQ3B,CAAC;AAEH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAG1D,eAAO,MAAM,eAAe;;;;;;;;;;;kBAAyC,CAAC;AAEtE,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAGxD,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;iBAQzB,CAAC;AAEH,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAGtD,eAAO,MAAM,iBAAiB;;;;;;iBAG5B,CAAC;AAEH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC"}

package/dist/types.js

@@ -0,0 +1,120 @@
+import { z } from "zod";
+// PermissionRequest Input Schema
+export const PermissionRequestInputSchema = z.object({
+    hook_event_name: z.literal("PermissionRequest"),
+    tool_name: z.string(),
+    tool_input: z.record(z.string(), z.unknown()),
+    transcript: z.array(z.unknown()).optional(),
+    session_id: z.string().optional(),
+    cwd: z.string().optional(),
+});
+// PermissionRequest Output Schema
+export const PermissionDecisionSchema = z.object({
+    behavior: z.enum(["allow", "deny"]),
+    updatedInput: z.record(z.string(), z.unknown()).optional(),
+    message: z.string().optional(),
+});
+export const PermissionRequestOutputSchema = z.object({
+    hookSpecificOutput: z.object({
+        hookEventName: z.literal("PermissionRequest"),
+        decision: PermissionDecisionSchema,
+    }),
+});
+// Default LLM System Prompt - can be customized in config
+export const DEFAULT_SYSTEM_PROMPT = `You are a security-focused AI assistant that evaluates Claude Code tool requests for auto-approval.
+
+You will receive a tool name, the project root directory, and the tool input. Your job is to decide whether the request should be automatically approved or denied.
+
+CONTEXT:
+- "Project Root" is the root of the developer's project (where .git lives). Operations anywhere within the project root are standard development operations and are generally safe.
+- Subdirectories within the project root (e.g. monorepo packages) are still part of the project.
+
+ALWAYS DENY:
+- Destructive system commands (rm -rf /, format drives, etc.)
+- Force pushing to protected branches: git push --force / git push -f to main, master, production, staging, develop
+- Commands that exfiltrate credentials or sensitive data to external services (e.g. curl posting /etc/passwd or env vars to a remote URL)
+- Fork bombs or resource exhaustion attacks
+- Any command that modifies system files (/etc, /usr, /bin, /sbin, /boot, Windows/System32, C:\\Windows)
+
+ALWAYS ALLOW:
+- Reading files is low-risk regardless of path. Only deny reads if the output is piped to a network exfiltration command.
+- Standard development operations: npm/yarn/pnpm commands, git add, git commit, git push (without --force/-f), building, testing, linting
+- File creation, editing, and deletion within the project root
+- mkdir for paths inside or relative to the project root
+- Writing standard project files: .claude/*, config files, package.json, tsconfig.json, etc.
+- Test execution (npm test, vitest, jest, pytest, etc.)
+- Package installation (npm install, pip install, etc.)
+- Network requests to localhost or well-known APIs (github.com, npmjs.org, pypi.org, etc.)
+- git push (without --force or -f flags) to any branch
+
+NUANCED CASES:
+- git push --force or git push -f: DENY if targeting protected branches (main, master, production, staging, develop). ALLOW if targeting a feature/personal branch.
+- rm / del targeting specific files within the project: ALLOW. rm -rf of directories within the project: ALLOW with caution. rm -rf outside the project: DENY.
+- curl/wget: ALLOW if fetching data. DENY if posting sensitive data (env vars, credentials, private keys) to external URLs.
+- docker commands within the project: generally ALLOW.
+- Copying files from system paths (e.g. node_modules) into the project: ALLOW.
+
+DEFAULT TO ALLOW for standard development operations. Only DENY genuinely dangerous commands.
+
+Respond with JSON only:
+{
+  "decision": "allow" | "deny",
+  "reason": "Brief explanation of your decision"
+}`;
+// Config Schema
+export const ConfigSchema = z.object({
+    llm: z
+        .object({
+        provider: z
+            .enum(["openrouter", "openai", "anthropic"])
+            .default("openrouter"),
+        apiKey: z.string().optional(),
+        model: z.string().default("gpt-4o-mini"),
+        baseUrl: z.string().optional(),
+        systemPrompt: z.string().default(DEFAULT_SYSTEM_PROMPT),
+    })
+        .prefault({}),
+    cache: z
+        .object({
+        enabled: z.boolean().default(true),
+        ttlHours: z.number().default(168), // 1 week
+    })
+        .prefault({}),
+    logging: z
+        .object({
+        enabled: z.boolean().default(true),
+        level: z.enum(["debug", "info", "warn", "error"]).default("info"),
+    })
+        .prefault({}),
+    customAllowPatterns: z.array(z.string()).default([]),
+    customDenyPatterns: z.array(z.string()).default([]),
+    customPassthroughPatterns: z.array(z.string()).default([]),
+});
+// Cache Entry Schema (passthrough decisions are not cached - they go to user each time)
+export const CacheEntrySchema = z.object({
+    key: z.string(),
+    decision: z.enum(["allow", "deny"]),
+    reason: z.string(),
+    timestamp: z.number(),
+    toolName: z.string(),
+    toolInput: z.record(z.string(), z.unknown()).optional(),
+    projectRoot: z.string().optional(),
+});
+// Cache File Schema
+export const CacheFileSchema = z.record(z.string(), CacheEntrySchema);
+// Log Entry Schema
+export const LogEntrySchema = z.object({
+    timestamp: z.string(),
+    sessionId: z.string().optional(),
+    toolName: z.string(),
+    decision: z.enum(["allow", "deny", "passthrough"]),
+    reason: z.string(),
+    decisionSource: z.enum(["fast", "cache", "llm"]),
+    projectRoot: z.string().optional(),
+});
+// LLM Response Schema (allow/deny only - passthrough is handled by fast-decisions)
+export const LLMResponseSchema = z.object({
+    decision: z.enum(["allow", "deny"]),
+    reason: z.string(),
+});
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,iCAAiC;AACjC,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC;IACnD,eAAe,EAAE,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC;IAC/C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,UAAU,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;IAC7C,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3C,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC3B,CAAC,CAAC;AAMH,kCAAkC;AAClC,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACnC,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC1D,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC;IACpD,kBAAkB,EAAE,CAAC,CAAC,MAAM,CAAC;QAC3B,aAAa,EAAE,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC;QAC7C,QAAQ,EAAE,wBAAwB;KACnC,CAAC;CACH,CAAC,CAAC;AAOH,0DAA0D;AAC1D,MAAM,CAAC,MAAM,qBAAqB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAuCnC,CAAC;AAEH,gBAAgB;AAChB,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,GAAG,EAAE,CAAC;SACH,MAAM,CAAC;QACN,QAAQ,EAAE,CAAC;aACR,IAAI,CAAC,CAAC,YAAY,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;aAC3C,OAAO,CAAC,YAAY,CAAC;QACxB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC7B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,aAAa,CAAC;QACxC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC9B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,qBAAqB,CAAC;KACxD,CAAC;SACD,QAAQ,CAAC,EAAE,CAAC;IACf,KAAK,EAAE,CAAC;SACL,MAAM,CAAC;QACN,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;QAClC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,SAAS;KAC7C,CAAC;SACD,QAAQ,CAAC,EAAE,CAAC;IACf,OAAO,EAAE,CAAC;SACP,MAAM,CAAC;QACN,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;QAClC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;KAClE,CAAC;SACD,QAAQ,CAAC,EAAE,CAAC;IACf,mBAAmB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IACpD,kBAAkB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IACnD,yBAAyB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;CAC3D,CAAC,CAAC;AAIH,wFAAwF;AACxF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE;IACf,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACnC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAClB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACnC,CAAC,CAAC;AAIH,oBAAoB;AACpB,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,gBAAgB,CAAC,CAAC;AAItE,mBAAmB;AACnB,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;IACpB,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC;IAClD,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAClB,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IAChD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACnC,CAAC,CAAC;AAIH,mFAAmF;AACnF,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACnC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;CACnB,CAAC,CAAC"}

package/package.json

@@ -0,0 +1,58 @@
+{
+  "name": "@malcomsonbrothers/claude-code-permission-hook",
+  "version": "0.1.0",
+  "description": "Intelligent auto-approval hook for Claude Code using PermissionRequest",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "cc-approve": "./bin/cc-approve.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "test": "vitest",
+    "lint": "eslint src/",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "claude",
+    "claude-code",
+    "hooks",
+    "auto-approve",
+    "permission",
+    "ai",
+    "automation"
+  ],
+  "author": "Malcomson Brothers",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/malcomsonbrothers/claude-code-permission-hook"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "files": [
+    "dist",
+    "bin"
+  ],
+  "dependencies": {
+    "chalk": "^5.6.2",
+    "commander": "^14.0.2",
+    "inquirer": "^13.2.2",
+    "openai": "^6.17.0",
+    "pino": "^10.3.0",
+    "pino-pretty": "^13.1.3",
+    "zod": "^4.3.6"
+  },
+  "devDependencies": {
+    "@types/inquirer": "^9.0.9",
+    "@types/node": "^25.1.0",
+    "@typescript-eslint/eslint-plugin": "^8.54.0",
+    "@typescript-eslint/parser": "^8.54.0",
+    "eslint": "^9.39.2",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.18"
+  }
+}