@ory/claude-code 0.2.1 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/handlers.js +16 -8
- package/package.json +2 -2
package/dist/handlers.js
CHANGED
|
@@ -198,23 +198,27 @@ async function handlePreToolUse(input, client, deps = {}) {
|
|
|
198
198
|
object: mcpTool.serverName,
|
|
199
199
|
relation: "use",
|
|
200
200
|
subjectId,
|
|
201
|
+
...("subjectSet" in subject ? { subjectSet: subject.subjectSet } : {}),
|
|
201
202
|
spanAttributes: mcpAttrs,
|
|
202
203
|
});
|
|
204
|
+
const decisionAttrs = decision.spanAttributes;
|
|
203
205
|
if (decision.kind === "allow") {
|
|
204
|
-
client.tracer.record("tool.invoke", "ok", {
|
|
206
|
+
client.tracer.record("tool.invoke", "ok", {
|
|
207
|
+
attributes: { ...mcpAttrs, ...decisionAttrs },
|
|
208
|
+
});
|
|
205
209
|
return {};
|
|
206
210
|
}
|
|
207
211
|
if (decision.kind === "observe") {
|
|
208
212
|
client.tracer.record("tool.block", "denied", {
|
|
209
|
-
attributes: { ...mcpAttrs, allowed: false, ...(0, argus_1.alertAttributes)(false) },
|
|
213
|
+
attributes: { ...mcpAttrs, ...decisionAttrs, allowed: false, ...(0, argus_1.alertAttributes)(false) },
|
|
210
214
|
});
|
|
211
215
|
client.tracer.record("tool.invoke", "ok", {
|
|
212
|
-
attributes: { ...mcpAttrs, allowed: false, observed: true },
|
|
216
|
+
attributes: { ...mcpAttrs, ...decisionAttrs, allowed: false, observed: true },
|
|
213
217
|
});
|
|
214
218
|
return {};
|
|
215
219
|
}
|
|
216
220
|
client.tracer.record("tool.block", "denied", {
|
|
217
|
-
attributes: { ...mcpAttrs, allowed: false, ...(0, argus_1.alertAttributes)(true) },
|
|
221
|
+
attributes: { ...mcpAttrs, ...decisionAttrs, allowed: false, ...(0, argus_1.alertAttributes)(true) },
|
|
218
222
|
});
|
|
219
223
|
return {
|
|
220
224
|
decision: "block",
|
|
@@ -227,21 +231,24 @@ async function handlePreToolUse(input, client, deps = {}) {
|
|
|
227
231
|
return handlePermissionError(decision.error, toolName, client);
|
|
228
232
|
}
|
|
229
233
|
const attrs = { toolName, ...inputSummary };
|
|
234
|
+
const decisionAttrs = decision.spanAttributes;
|
|
230
235
|
if (decision.kind === "allow") {
|
|
231
|
-
client.tracer.record("tool.invoke", "ok", {
|
|
236
|
+
client.tracer.record("tool.invoke", "ok", {
|
|
237
|
+
attributes: { ...attrs, ...decisionAttrs, allowed: true },
|
|
238
|
+
});
|
|
232
239
|
return {};
|
|
233
240
|
}
|
|
234
241
|
if (decision.kind === "observe") {
|
|
235
242
|
client.tracer.record("tool.block", "denied", {
|
|
236
|
-
attributes: { ...attrs, allowed: false, ...(0, argus_1.alertAttributes)(false) },
|
|
243
|
+
attributes: { ...attrs, ...decisionAttrs, allowed: false, ...(0, argus_1.alertAttributes)(false) },
|
|
237
244
|
});
|
|
238
245
|
client.tracer.record("tool.invoke", "ok", {
|
|
239
|
-
attributes: { ...attrs, allowed: false, observed: true },
|
|
246
|
+
attributes: { ...attrs, ...decisionAttrs, allowed: false, observed: true },
|
|
240
247
|
});
|
|
241
248
|
return {};
|
|
242
249
|
}
|
|
243
250
|
client.tracer.record("tool.block", "denied", {
|
|
244
|
-
attributes: { ...attrs, allowed: false, ...(0, argus_1.alertAttributes)(true) },
|
|
251
|
+
attributes: { ...attrs, ...decisionAttrs, allowed: false, ...(0, argus_1.alertAttributes)(true) },
|
|
245
252
|
});
|
|
246
253
|
return {
|
|
247
254
|
decision: "block",
|
|
@@ -383,6 +390,7 @@ async function handlePermissionRequest(input, client) {
|
|
|
383
390
|
object: mcpTool.serverName,
|
|
384
391
|
relation: "use",
|
|
385
392
|
subjectId,
|
|
393
|
+
...("subjectSet" in subject ? { subjectSet: subject.subjectSet } : {}),
|
|
386
394
|
spanAttributes: { toolName, mcpServer: mcpTool.serverName, mcpTool: mcpTool.toolName },
|
|
387
395
|
});
|
|
388
396
|
if (decision.kind === "deny") {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ory/claude-code",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.3.0",
|
|
4
4
|
"description": "Ory plugin for Claude Code: scaffolding skills, a local Ory instance, and authentication, authorization, and audit for every tool call",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"homepage": "https://ory.com",
|
|
@@ -72,7 +72,7 @@
|
|
|
72
72
|
"!dist/**/*.tsbuildinfo"
|
|
73
73
|
],
|
|
74
74
|
"dependencies": {
|
|
75
|
-
"@ory/argus": "0.
|
|
75
|
+
"@ory/argus": "0.3.0"
|
|
76
76
|
},
|
|
77
77
|
"engines": {
|
|
78
78
|
"node": ">=24"
|