@pushary/agent-hooks 0.14.0 → 0.14.1

package/dist/bin/pushary-codex-hook.js

@@ -1,10 +1,18 @@
 #!/usr/bin/env node
 import {
+  CODEX_AGENT,
+  codexAllow,
+  codexDeny,
+  codexPass,
   handlePostToolUse,
   handleStop,
   handleUserPrompt,
-  reportEvent
-} from "../chunk-SH26ZOHU.js";
+  permissionTimeoutDecision,
+  preToolUseTimeoutDecision,
+  reportEvent,
+  toCodexWire,
+  toPolicyLookup
+} from "../chunk-HJMFYDWY.js";
 import {
   DEFAULT_SESSION,
   askUser,
@@ -17,7 +25,7 @@ import {
   savePendingQuestion,
   sendNotification,
   waitForAnswer
-} from "../chunk-QRXWPZKN.js";
+} from "../chunk-XPVSZIA3.js";
 import "../chunk-22CV7V7A.js";
 import "../chunk-3MIR7ODJ.js";
 import {
@@ -26,71 +34,27 @@ import {
 
 // bin/pushary-codex-hook.ts
 import { basename, join } from "path";
-import { tmpdir } from "os";
+import { tmpdir, userInfo } from "os";
 import { existsSync, mkdirSync, statSync, unlinkSync, writeFileSync } from "fs";
-
-// src/codex-adapter.ts
-var CODEX_AGENT = { type: "codex", label: "Codex" };
-var codexAllow = () => ({ kind: "allow" });
-var codexDeny = (reason) => ({ kind: "deny", reason });
-var codexPass = () => ({ kind: "pass" });
-var toCodexWire = (event, decision) => {
-  if (event === "PermissionRequest") {
-    if (decision.kind === "allow") {
-      return {
-        hookSpecificOutput: {
-          hookEventName: "PermissionRequest",
-          decision: { behavior: "allow" }
-        }
-      };
-    }
-    if (decision.kind === "deny") {
-      return {
-        hookSpecificOutput: {
-          hookEventName: "PermissionRequest",
-          decision: { behavior: "deny", message: decision.reason }
-        }
-      };
-    }
-    return null;
-  }
-  if (event === "PreToolUse" && decision.kind === "deny") {
-    return {
-      hookSpecificOutput: {
-        hookEventName: "PreToolUse",
-        permissionDecision: "deny",
-        permissionDecisionReason: decision.reason
-      }
-    };
-  }
-  return null;
-};
-var toPolicyLookup = (toolName, toolInput) => {
-  if (toolName !== "apply_patch") return { tool: toolName, input: toolInput };
-  const command = toolInput.command;
-  return {
-    tool: "Edit",
-    input: typeof command === "string" ? { file_path: command } : {}
-  };
-};
-var permissionTimeoutDecision = (timeoutAction) => {
-  if (timeoutAction === "approve") return codexAllow();
-  if (timeoutAction === "deny") return codexDeny("No response within timeout");
-  return codexPass();
-};
-var preToolUseTimeoutDecision = (timeoutAction, denyReason = "No response within timeout") => timeoutAction === "deny" ? codexDeny(denyReason) : codexPass();
-
-// bin/pushary-codex-hook.ts
 var KILL_REASON = "Stopped by user: this agent was halted from Pushary";
 var MAX_WAIT_SECONDS = 170;
-var APPROVAL_DIR = join(tmpdir(), "pushary-codex-approvals");
 var APPROVAL_TTL_MS = 10 * 60 * 1e3;
 var sanitizeId = (value) => value.replace(/[^A-Za-z0-9_-]/g, "_").slice(0, 128);
+var userScope = () => {
+  try {
+    const info = userInfo();
+    const id = typeof info.uid === "number" && info.uid >= 0 ? String(info.uid) : info.username;
+    return sanitizeId(id) || "default";
+  } catch {
+    return "default";
+  }
+};
+var APPROVAL_DIR = join(tmpdir(), `pushary-codex-approvals-${userScope()}`);
 var markApproved = (toolUseId) => {
   if (!toolUseId) return;
   try {
-    if (!existsSync(APPROVAL_DIR)) mkdirSync(APPROVAL_DIR, { recursive: true });
-    writeFileSync(join(APPROVAL_DIR, sanitizeId(toolUseId)), "", "utf-8");
+    if (!existsSync(APPROVAL_DIR)) mkdirSync(APPROVAL_DIR, { recursive: true, mode: 448 });
+    writeFileSync(join(APPROVAL_DIR, sanitizeId(toolUseId)), "", { encoding: "utf-8", mode: 384 });
   } catch {
   }
 };
@@ -161,7 +125,7 @@ var decidePermissionRequest = async (input) => {
     const modeState = await fetchModeState(apiKey, input.session_id);
     if (modeState.kill) return codexDeny(KILL_REASON);
     const lookup = toPolicyLookup(input.tool_name ?? "", input.tool_input ?? {});
-    const policy = await getPolicy(apiKey);
+    const policy = await getPolicy(apiKey, modeState.policyVersion);
     const toolPolicy = resolvePolicy(policy, lookup.tool, modeState.mode, lookup.input);
     if (toolPolicy.timeoutSeconds === 0 && toolPolicy.timeoutAction === "approve") return codexAllow();
     if (toolPolicy.timeoutSeconds === 0 && toolPolicy.timeoutAction === "deny") {
@@ -196,7 +160,7 @@ var decidePreToolUse = async (input) => {
     const modeState = await fetchModeState(apiKey, input.session_id);
     if (modeState.kill) return codexDeny(KILL_REASON);
     const lookup = toPolicyLookup(input.tool_name ?? "", input.tool_input ?? {});
-    const policy = await getPolicy(apiKey);
+    const policy = await getPolicy(apiKey, modeState.policyVersion);
     const toolPolicy = resolvePolicy(policy, lookup.tool, modeState.mode, lookup.input);
     if (toolPolicy.timeoutSeconds === 0 && toolPolicy.timeoutAction === "approve") return codexPass();
     if (toolPolicy.timeoutSeconds === 0 && toolPolicy.timeoutAction === "deny") {

package/dist/bin/pushary-codex.js

@@ -1,12 +1,12 @@
 #!/usr/bin/env node
 import {
   reportEvent
-} from "../chunk-SH26ZOHU.js";
+} from "../chunk-HJMFYDWY.js";
 import {
   askUser,
   getMachineId,
   waitForAnswer
-} from "../chunk-QRXWPZKN.js";
+} from "../chunk-XPVSZIA3.js";
 import "../chunk-22CV7V7A.js";
 import "../chunk-3MIR7ODJ.js";
 import {

package/dist/bin/pushary-doctor.js

@@ -162,7 +162,7 @@ var main = async () => {
       if (codexNotifyPath) {
         console.log(`  ${warn} Codex: stale legacy notify entry ${dim("(double-push risk, re-run setup to remove it)")}`);
       }
-      console.log(`  ${warn} Codex: hooks must be trusted inside Codex ${dim("(run /hooks in Codex, cannot be verified from here)")}`);
+      console.log(`  ${warn} Codex: trust the hooks inside Codex ${dim("(type /hooks in Codex and trust them, once; cannot be checked from here)")}`);
     } else {
       check(!!codexNotifyPath, "Codex: notify handler configured (deprecated)", codexNotifyPath ? "upgrade Codex and re-run setup for native hooks" : "missing, re-run setup");
       if (codexNotifyPath) {

package/dist/bin/pushary-hook.js

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 import {
   handlePreToolUse
-} from "../chunk-TRLBBLSS.js";
-import "../chunk-QRXWPZKN.js";
+} from "../chunk-V4GLWPD7.js";
+import "../chunk-XPVSZIA3.js";
 import "../chunk-22CV7V7A.js";
 import "../chunk-3MIR7ODJ.js";
 import "../chunk-VUNL35KE.js";

package/dist/bin/pushary-post-hook.js

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 import {
   handlePostToolUse
-} from "../chunk-SH26ZOHU.js";
-import "../chunk-QRXWPZKN.js";
+} from "../chunk-HJMFYDWY.js";
+import "../chunk-XPVSZIA3.js";
 import "../chunk-22CV7V7A.js";
 import "../chunk-3MIR7ODJ.js";
 import "../chunk-VUNL35KE.js";

package/dist/bin/pushary-prompt-hook.js

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 import {
   handleUserPrompt
-} from "../chunk-SH26ZOHU.js";
-import "../chunk-QRXWPZKN.js";
+} from "../chunk-HJMFYDWY.js";
+import "../chunk-XPVSZIA3.js";
 import "../chunk-22CV7V7A.js";
 import "../chunk-3MIR7ODJ.js";
 import "../chunk-VUNL35KE.js";

package/dist/bin/pushary-setup.js

@@ -518,10 +518,16 @@ var setupCodex = async (_apiKey) => {
   if (hooksSupported) {
     console.log(`  ${dim2("\u2022")} Native hooks: phone approvals, policy enforcement, kill switch, session tracking`);
     console.log();
-    console.log(`  ${bold2("Trust step (required):")}`);
-    console.log(`  ${dim2("1.")} Open Codex and run ${cyan2("/hooks")}`);
-    console.log(`  ${dim2("2.")} Review the Pushary hooks and trust them`);
-    console.log(`  ${dim2("Hooks stay inactive until you trust them inside Codex.")}`);
+    console.log(`  ${bold2("One step left, and it happens inside Codex")}`);
+    console.log(`  ${dim2("Codex makes you trust any hook before it runs. This is Codex's own")}`);
+    console.log(`  ${dim2("security check, not a Pushary thing, and you only do it once.")}`);
+    console.log();
+    console.log(`  ${cyan2("1.")} Open Codex and type ${cyan2("/hooks")}`);
+    console.log(`  ${cyan2("2.")} You will see the Pushary hook commands. Trust them.`);
+    console.log();
+    console.log(`  ${dim2("Until you do, Codex just runs as usual without the phone approvals.")}`);
+    console.log(`  ${dim2("To confirm:")} run a command that needs approval and watch your phone.`);
+    console.log(`  ${dim2("Pushary updates keep the same trust, so Codex will not ask again.")}`);
   } else {
     console.log(`  ${dim2("\u2022")} Notify handler (deprecated): captures turn completions and approval requests`);
   }

package/dist/bin/pushary-stop-hook.js

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 import {
   handleStop
-} from "../chunk-SH26ZOHU.js";
-import "../chunk-QRXWPZKN.js";
+} from "../chunk-HJMFYDWY.js";
+import "../chunk-XPVSZIA3.js";
 import "../chunk-22CV7V7A.js";
 import "../chunk-3MIR7ODJ.js";
 import "../chunk-VUNL35KE.js";

package/dist/chunk-HJMFYDWY.js

@@ -0,0 +1,222 @@
+import {
+  DEFAULT_SESSION,
+  cancelQuestion,
+  deriveReceiptMeta,
+  describeToolCall,
+  fetchModeState,
+  getMachineId,
+  isDefaultSession,
+  isPolicyConfig,
+  isToolResultError,
+  listPendingQuestions,
+  removePendingQuestion,
+  removePendingSession,
+  resolvePolicy
+} from "./chunk-XPVSZIA3.js";
+import {
+  withRetry
+} from "./chunk-3MIR7ODJ.js";
+import {
+  getApiKey,
+  getBaseUrl
+} from "./chunk-VUNL35KE.js";
+
+// src/codex-adapter.ts
+var CODEX_AGENT = { type: "codex", label: "Codex" };
+var codexAllow = () => ({ kind: "allow" });
+var codexDeny = (reason) => ({ kind: "deny", reason });
+var codexPass = () => ({ kind: "pass" });
+var toCodexWire = (event, decision) => {
+  if (event === "PermissionRequest") {
+    if (decision.kind === "allow") {
+      return {
+        hookSpecificOutput: {
+          hookEventName: "PermissionRequest",
+          decision: { behavior: "allow" }
+        }
+      };
+    }
+    if (decision.kind === "deny") {
+      return {
+        hookSpecificOutput: {
+          hookEventName: "PermissionRequest",
+          decision: { behavior: "deny", message: decision.reason }
+        }
+      };
+    }
+    return null;
+  }
+  if (event === "PreToolUse" && decision.kind === "deny") {
+    return {
+      hookSpecificOutput: {
+        hookEventName: "PreToolUse",
+        permissionDecision: "deny",
+        permissionDecisionReason: decision.reason
+      }
+    };
+  }
+  return null;
+};
+var toPolicyLookup = (toolName, toolInput) => {
+  if (toolName !== "apply_patch") return { tool: toolName, input: toolInput };
+  const command = toolInput.command;
+  return {
+    tool: "Edit",
+    input: typeof command === "string" ? { file_path: command } : {}
+  };
+};
+var permissionTimeoutDecision = (timeoutAction) => {
+  if (timeoutAction === "approve") return codexAllow();
+  if (timeoutAction === "deny") return codexDeny("No response within timeout");
+  return codexPass();
+};
+var preToolUseTimeoutDecision = (timeoutAction, denyReason = "No response within timeout") => timeoutAction === "deny" ? codexDeny(denyReason) : codexPass();
+
+// src/events.ts
+import { basename, join } from "path";
+import { createHash } from "crypto";
+import { existsSync, readFileSync } from "fs";
+import { tmpdir } from "os";
+var cleanupPendingQuestions = async (sessionId) => {
+  try {
+    const files = listPendingQuestions(sessionId);
+    const apiKey = getApiKey();
+    for (const correlationId of files) {
+      try {
+        await cancelQuestion(apiKey, correlationId);
+      } catch {
+      }
+      removePendingQuestion(sessionId, correlationId);
+    }
+    if (!isDefaultSession(sessionId)) removePendingSession(sessionId);
+  } catch {
+  }
+};
+var CLAUDE_CODE_AGENT = { type: "claude_code", label: "Claude Code" };
+var POLICY_CACHE_TTL_MS = 5 * 60 * 1e3;
+var readFreshCachedPolicy = (apiKey) => {
+  const hash = createHash("sha256").update(apiKey).digest("hex").slice(0, 12);
+  const path = join(tmpdir(), `pushary-policy-${hash}.json`);
+  if (!existsSync(path)) return null;
+  const cached = JSON.parse(readFileSync(path, "utf-8"));
+  if (!isPolicyConfig(cached)) return null;
+  if (!cached._cachedAt || Date.now() - cached._cachedAt >= POLICY_CACHE_TTL_MS) return null;
+  return cached;
+};
+var deriveDecisionSource = (toolName, toolInput, liveMode) => {
+  try {
+    if (liveMode.kill) return "terminal";
+    const policy = readFreshCachedPolicy(getApiKey());
+    if (!policy) return void 0;
+    const resolved = resolvePolicy(policy, toolName, liveMode.mode, toolInput);
+    if (resolved.timeoutSeconds === 0 && resolved.timeoutAction === "approve") return "policy_auto";
+    if (resolved.mode === "push_only" || resolved.mode === "push_first") return "human";
+    return "terminal";
+  } catch {
+    return void 0;
+  }
+};
+var reportEvent = async (event, options = {}) => {
+  const apiKey = getApiKey();
+  const baseUrl = getBaseUrl();
+  await withRetry(async () => {
+    await fetch(`${baseUrl}/api/agent/event`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": `Bearer ${apiKey}`
+      },
+      body: JSON.stringify({
+        ...event,
+        machineId: event.machineId ?? getMachineId()
+      }),
+      signal: AbortSignal.timeout(options.timeoutMs ?? 1e4)
+    });
+  }, { maxAttempts: options.maxAttempts ?? 2, baseDelayMs: 300 });
+};
+var handlePostToolUse = async (input, agent = CLAUDE_CODE_AGENT) => {
+  try {
+    const projectName = basename(input.cwd ?? process.cwd());
+    const action = describeToolCall(input.tool_name, input.tool_input, "event");
+    const lookup = toPolicyLookup(input.tool_name, input.tool_input);
+    const isError = isToolResultError(input.tool_result);
+    const receiptsEnabled = process.env.PUSHARY_RECEIPTS !== "off";
+    const liveMode = await fetchModeState(getApiKey(), input.session_id);
+    await Promise.allSettled([
+      cleanupPendingQuestions(input.session_id || DEFAULT_SESSION),
+      reportEvent({
+        event: isError ? "tool_error" : "tool_complete",
+        agentType: agent.type,
+        agentName: `${agent.label} - ${projectName}`,
+        action,
+        sessionId: input.session_id,
+        error: isError ? String(input.tool_result?.error ?? input.tool_result?.stderr ?? "").slice(0, 500) : void 0,
+        decisionSource: deriveDecisionSource(lookup.tool, lookup.input, liveMode),
+        meta: receiptsEnabled ? deriveReceiptMeta(lookup.tool, lookup.input, input.tool_result, input.cwd ?? process.cwd()) : void 0
+      })
+    ]);
+  } catch {
+  }
+};
+var TASK_TITLE_MAX_LENGTH = 120;
+var handleUserPrompt = async (input, agent = CLAUDE_CODE_AGENT) => {
+  try {
+    const projectName = basename(input.cwd ?? process.cwd());
+    const titlesEnabled = process.env.PUSHARY_TASK_TITLES !== "off";
+    const taskTitle = titlesEnabled ? input.prompt?.replace(/\s+/g, " ").trim().slice(0, TASK_TITLE_MAX_LENGTH) || void 0 : void 0;
+    await reportEvent({
+      event: "user_prompt",
+      agentType: agent.type,
+      agentName: `${agent.label} - ${projectName}`,
+      sessionId: input.session_id,
+      taskTitle
+    }, { maxAttempts: 1, timeoutMs: 800 });
+  } catch {
+  }
+};
+var handleStop = async (input, agent = CLAUDE_CODE_AGENT) => {
+  try {
+    const projectName = basename(input.cwd ?? process.cwd());
+    await Promise.allSettled([
+      cleanupPendingQuestions(input.session_id || DEFAULT_SESSION),
+      reportEvent({
+        event: "session_end",
+        agentType: agent.type,
+        agentName: `${agent.label} - ${projectName}`,
+        action: "Session ended",
+        sessionId: input.session_id
+      })
+    ]);
+  } catch {
+  }
+};
+var handleNotification = async (input) => {
+  try {
+    const projectName = basename(input.cwd ?? process.cwd());
+    await reportEvent({
+      event: input.type === "error" ? "error" : "notification",
+      agentType: "claude_code",
+      agentName: `Claude Code - ${projectName}`,
+      action: input.title ?? input.message ?? "Notification",
+      sessionId: input.session_id,
+      error: input.type === "error" ? input.message : void 0
+    });
+  } catch {
+  }
+};
+
+export {
+  CODEX_AGENT,
+  codexAllow,
+  codexDeny,
+  codexPass,
+  toCodexWire,
+  toPolicyLookup,
+  permissionTimeoutDecision,
+  preToolUseTimeoutDecision,
+  reportEvent,
+  handlePostToolUse,
+  handleUserPrompt,
+  handleStop,
+  handleNotification
+};

package/dist/chunk-V4GLWPD7.js

@@ -0,0 +1,174 @@
+import {
+  DEFAULT_SESSION,
+  askUser,
+  deriveToolTarget,
+  describeToolCall,
+  fetchModeState,
+  getMachineId,
+  getPolicy,
+  resolvePolicy,
+  savePendingQuestion,
+  sendNotification,
+  waitForAnswer
+} from "./chunk-XPVSZIA3.js";
+import {
+  getApiKey
+} from "./chunk-VUNL35KE.js";
+
+// src/hook.ts
+import { basename } from "path";
+var sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
+var allow = () => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "allow"
+  }
+});
+var deny = (reason) => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "deny",
+    permissionDecisionReason: reason
+  }
+});
+var ask = (reason) => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "ask",
+    ...reason ? { permissionDecisionReason: reason } : {}
+  }
+});
+var pollForAnswer = async (apiKey, correlationId, deadlineMs, pollInterval = 2e3) => {
+  while (Date.now() < deadlineMs) {
+    const remaining = Math.min(Math.max(deadlineMs - Date.now(), 1e3), 3e4);
+    let answer;
+    try {
+      answer = await waitForAnswer(apiKey, correlationId, remaining);
+    } catch {
+      if (Date.now() + pollInterval >= deadlineMs) break;
+      await sleep(pollInterval);
+      continue;
+    }
+    if (answer.answered) return answer;
+    if (Date.now() + pollInterval >= deadlineMs) break;
+    await sleep(pollInterval);
+  }
+  return { answered: false };
+};
+var handlePushOnly = async (apiKey, description, projectName, timeoutSeconds, timeoutAction, sessionId, machineId, toolName, toolTarget) => {
+  let result;
+  try {
+    result = await askUser(apiKey, {
+      question: `Allow ${description}?`,
+      type: "confirm",
+      context: `Agent wants to run this in ${projectName}`,
+      agentName: `Claude Code - ${projectName}`,
+      sessionId,
+      machineId,
+      toolName,
+      toolTarget
+    });
+  } catch {
+    switch (timeoutAction) {
+      case "approve":
+        return allow();
+      case "deny":
+        return deny("Push notification failed, denying per policy");
+      default:
+        return ask("Push notification failed, asking in terminal");
+    }
+  }
+  const deadline = Date.now() + timeoutSeconds * 1e3;
+  const answer = await pollForAnswer(apiKey, result.correlationId, deadline);
+  if (answer.answered) {
+    return answer.value === "yes" ? allow() : deny("Denied via push notification");
+  }
+  switch (timeoutAction) {
+    case "approve":
+      return allow();
+    case "deny":
+      return deny("No response within timeout");
+    default:
+      return ask("No push response, asking in terminal");
+  }
+};
+var handleTerminalOnly = () => {
+  return ask();
+};
+var handlePushFirst = async (apiKey, description, projectName, pushFirstSeconds, sessionId, machineId, toolName, toolTarget) => {
+  let result;
+  try {
+    result = await askUser(apiKey, {
+      question: `Allow ${description}?`,
+      type: "confirm",
+      context: `Agent wants to run this in ${projectName}`,
+      agentName: `Claude Code - ${projectName}`,
+      sessionId,
+      machineId,
+      toolName,
+      toolTarget
+    });
+  } catch {
+    return ask("Push notification failed, asking in terminal");
+  }
+  const deadline = Date.now() + pushFirstSeconds * 1e3;
+  const answer = await pollForAnswer(apiKey, result.correlationId, deadline, 1500);
+  if (answer.answered) {
+    return answer.value === "yes" ? allow() : deny("Denied via push notification");
+  }
+  savePendingQuestion(sessionId || DEFAULT_SESSION, result.correlationId);
+  return ask("Sent as push notification. You can also approve here.");
+};
+var handleNotifyOnly = async (apiKey, description, projectName, sessionId, machineId) => {
+  try {
+    await sendNotification(apiKey, {
+      title: "Agent needs approval",
+      body: description,
+      agentName: `Claude Code - ${projectName}`,
+      sessionId,
+      machineId
+    });
+  } catch {
+  }
+  return ask();
+};
+var handlePreToolUse = async (input) => {
+  try {
+    const apiKey = getApiKey();
+    const modeState = await fetchModeState(apiKey, input.session_id);
+    const policy = await getPolicy(apiKey, modeState.policyVersion);
+    if (modeState.kill) {
+      return deny("Stopped by user \u2014 this agent was halted from Pushary");
+    }
+    const toolPolicy = resolvePolicy(policy, input.tool_name, modeState.mode, input.tool_input);
+    if (toolPolicy.timeoutSeconds === 0 && toolPolicy.timeoutAction === "approve") {
+      return allow();
+    }
+    if (toolPolicy.timeoutSeconds === 0 && toolPolicy.timeoutAction === "deny") {
+      return deny(`Denied by policy for ${toolPolicy.tool}`);
+    }
+    const description = describeToolCall(input.tool_name, input.tool_input, "hook");
+    const projectName = basename(input.cwd ?? process.cwd());
+    const sessionId = input.session_id;
+    const machineId = getMachineId();
+    const toolTarget = deriveToolTarget(input.tool_name, input.tool_input);
+    switch (toolPolicy.mode) {
+      case "push_only":
+        return handlePushOnly(apiKey, description, projectName, toolPolicy.timeoutSeconds, toolPolicy.timeoutAction, sessionId, machineId, input.tool_name, toolTarget);
+      case "terminal_only":
+        return handleTerminalOnly();
+      case "push_first":
+        return handlePushFirst(apiKey, description, projectName, toolPolicy.pushFirstSeconds, sessionId, machineId, input.tool_name, toolTarget);
+      case "notify_only":
+        return handleNotifyOnly(apiKey, description, projectName, sessionId, machineId);
+      default:
+        return handlePushFirst(apiKey, description, projectName, toolPolicy.pushFirstSeconds, sessionId, machineId, input.tool_name, toolTarget);
+    }
+  } catch {
+    return ask("Pushary unavailable, falling back to terminal approval");
+  }
+};
+
+export {
+  handlePreToolUse
+};

package/dist/chunk-XPVSZIA3.js

@@ -0,0 +1,315 @@
+import {
+  extractPolicyArg,
+  isApprovalMode,
+  matchRankWeight,
+  matchToolPattern
+} from "./chunk-22CV7V7A.js";
+import {
+  callMcpTool,
+  withRetry
+} from "./chunk-3MIR7ODJ.js";
+import {
+  getBaseUrl
+} from "./chunk-VUNL35KE.js";
+
+// src/validate.ts
+var isPolicyConfig = (data) => {
+  if (!data || typeof data !== "object") return false;
+  const d = data;
+  return Array.isArray(d.policies) && typeof d.defaultTimeoutSeconds === "number" && typeof d.defaultTimeoutAction === "string";
+};
+var isAskUserResponse = (data) => {
+  if (!data || typeof data !== "object") return false;
+  const d = data;
+  return typeof d.correlationId === "string" && typeof d.status === "string";
+};
+var isWaitForAnswerResponse = (data) => {
+  if (!data || typeof data !== "object") return false;
+  const d = data;
+  return typeof d.answered === "boolean";
+};
+
+// src/api.ts
+var askUser = async (apiKey, params) => {
+  const result = await callMcpTool(apiKey, "ask_user", { ...params, wait: false }, { maxRetries: 3 });
+  if (!isAskUserResponse(result)) throw new Error("Invalid ask_user response");
+  return result;
+};
+var waitForAnswer = async (apiKey, correlationId, timeoutMs = 3e4) => {
+  const result = await callMcpTool(apiKey, "wait_for_answer", {
+    correlationId,
+    timeoutMs
+  });
+  if (!isWaitForAnswerResponse(result)) throw new Error("Invalid wait_for_answer response");
+  return result;
+};
+var cancelQuestion = async (apiKey, correlationId) => {
+  await callMcpTool(apiKey, "cancel_question", { correlationId });
+};
+var sendNotification = async (apiKey, params) => {
+  await callMcpTool(apiKey, "send_notification", { ...params }, { maxRetries: 3 });
+};
+
+// src/policy.ts
+import { createHash } from "crypto";
+import { existsSync, readFileSync, writeFileSync } from "fs";
+import { join } from "path";
+import { tmpdir } from "os";
+var CACHE_TTL_MS = 5 * 60 * 1e3;
+var cacheFile = (apiKey) => {
+  const hash = createHash("sha256").update(apiKey).digest("hex").slice(0, 12);
+  return join(tmpdir(), `pushary-policy-${hash}.json`);
+};
+var fetchPolicy = async (apiKey) => {
+  return withRetry(async () => {
+    const baseUrl = getBaseUrl();
+    const response = await fetch(`${baseUrl}/api/mcp/policy`, {
+      headers: { "Authorization": `Bearer ${apiKey}` },
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (!response.ok) {
+      throw new Error(`Failed to fetch policy: ${response.status}`);
+    }
+    const raw = await response.json();
+    if (!isPolicyConfig(raw)) throw new Error("Invalid policy response");
+    return raw;
+  }, { maxAttempts: 2 });
+};
+var getPolicy = async (apiKey, expectedVersion) => {
+  const path = cacheFile(apiKey);
+  let staleCache = null;
+  if (existsSync(path)) {
+    try {
+      const stat = readFileSync(path, "utf-8");
+      const cached = JSON.parse(stat);
+      if (!isPolicyConfig(cached)) throw new Error("Corrupted cache");
+      const versionStale = expectedVersion != null && (cached._policyVersion ?? null) !== expectedVersion;
+      const ttlFresh = !cached._cachedAt || Date.now() - cached._cachedAt < CACHE_TTL_MS;
+      if (ttlFresh && !versionStale) {
+        return cached;
+      }
+      staleCache = cached;
+    } catch {
+    }
+  }
+  try {
+    const policy = await fetchPolicy(apiKey);
+    try {
+      writeFileSync(path, JSON.stringify({ ...policy, _cachedAt: Date.now(), _policyVersion: expectedVersion ?? null }), "utf-8");
+    } catch {
+    }
+    return policy;
+  } catch {
+    if (staleCache) return staleCache;
+    throw new Error("Failed to fetch policy and no cached policy available");
+  }
+};
+var findBestMatch = (policies, toolName, arg) => {
+  let best;
+  let bestWeight = 0;
+  let bestLength = -1;
+  for (const candidate of policies) {
+    const rank = matchToolPattern(candidate.tool, toolName, arg);
+    if (rank === "none") continue;
+    const weight = matchRankWeight(rank);
+    const length = rank === "prefix" ? candidate.tool.length : -1;
+    if (weight > bestWeight || weight === bestWeight && length > bestLength) {
+      best = candidate;
+      bestWeight = weight;
+      bestLength = length;
+    }
+  }
+  return best;
+};
+var resolvePolicy = (config, toolName, modeOverride, toolInput) => {
+  const arg = toolInput ? extractPolicyArg(toolName, toolInput) : void 0;
+  const base = findBestMatch(config.policies, toolName, arg) ?? config.policies.find((p) => p.tool === "*") ?? {
+    tool: toolName,
+    timeoutSeconds: config.defaultTimeoutSeconds,
+    timeoutAction: config.defaultTimeoutAction,
+    mode: config.defaultMode ?? "push_first",
+    pushFirstSeconds: config.defaultPushFirstSeconds ?? 20
+  };
+  const effectiveOverride = modeOverride ?? config.modeOverride;
+  if (effectiveOverride) {
+    return { ...base, mode: effectiveOverride };
+  }
+  return base;
+};
+var toPolicyVersion = (value) => typeof value === "string" || typeof value === "number" ? String(value) : null;
+var fetchModeState = async (apiKey, sessionId) => {
+  try {
+    const baseUrl = getBaseUrl();
+    const url = sessionId ? `${baseUrl}/api/mcp/mode?session=${encodeURIComponent(sessionId)}` : `${baseUrl}/api/mcp/mode`;
+    const response = await fetch(url, {
+      headers: { "Authorization": `Bearer ${apiKey}` },
+      signal: AbortSignal.timeout(3e3)
+    });
+    if (!response.ok) return { mode: null, kill: false, policyVersion: null };
+    const data = await response.json();
+    const mode = data.override?.mode;
+    return {
+      mode: isApprovalMode(mode) ? mode : null,
+      kill: data.kill === true,
+      policyVersion: toPolicyVersion(data.policyVersion)
+    };
+  } catch {
+    return { mode: null, kill: false, policyVersion: null };
+  }
+};
+var fetchModeOverride = async (apiKey) => (await fetchModeState(apiKey)).mode;
+
+// src/describe.ts
+import { isAbsolute, relative } from "path";
+var hookPrefixes = {
+  Bash: (input) => `bash: ${input.command ?? "(no command)"}`,
+  Write: (input) => `write file: ${input.file_path ?? "(unknown path)"}`,
+  Edit: (input) => `edit file: ${input.file_path ?? "(unknown path)"}`,
+  Read: (input) => `read file: ${input.file_path ?? "(unknown path)"}`
+};
+var eventPrefixes = {
+  Bash: (input) => `ran: ${String(input.command ?? "").slice(0, 120)}`,
+  Write: (input) => `wrote: ${input.file_path ?? "unknown"}`,
+  Edit: (input) => `edited: ${input.file_path ?? "unknown"}`,
+  Read: (input) => `read: ${input.file_path ?? "unknown"}`
+};
+var describeToolCall = (toolName, toolInput, format = "hook") => {
+  const prefixes = format === "hook" ? hookPrefixes : eventPrefixes;
+  const builder = prefixes[toolName];
+  if (builder) return builder(toolInput);
+  return format === "hook" ? `${toolName}: ${JSON.stringify(toolInput).slice(0, 200)}` : `${toolName}: done`;
+};
+var TOOL_TARGET_MAX_LENGTH = 80;
+var deriveCommandHead = (command) => {
+  if (typeof command !== "string") return void 0;
+  const head = command.trim().split(/\s+/).slice(0, 2).join(" ");
+  return head ? head.slice(0, TOOL_TARGET_MAX_LENGTH) : void 0;
+};
+var deriveToolTarget = (toolName, toolInput) => {
+  if (toolName === "Bash") {
+    return deriveCommandHead(toolInput.command);
+  }
+  if (toolName === "Edit" || toolName === "Write") {
+    const filePath = toolInput.file_path;
+    if (typeof filePath !== "string") return void 0;
+    const separator = Math.max(filePath.lastIndexOf("/"), filePath.lastIndexOf("\\"));
+    const base = filePath.slice(separator + 1);
+    const dot = base.lastIndexOf(".");
+    if (dot <= 0) return void 0;
+    return base.slice(dot).slice(0, TOOL_TARGET_MAX_LENGTH);
+  }
+  return void 0;
+};
+var RECEIPT_TARGET_MAX_LENGTH = 256;
+var isToolResultError = (toolResult) => {
+  try {
+    return Boolean(toolResult && ("error" in toolResult || "is_error" in toolResult));
+  } catch {
+    return false;
+  }
+};
+var relativizeReceiptPath = (filePath, cwd) => {
+  if (!cwd || !isAbsolute(filePath)) return filePath;
+  return relative(cwd, filePath);
+};
+var deriveReceiptMeta = (toolName, toolInput, toolResult, cwd) => {
+  try {
+    const ok = !isToolResultError(toolResult);
+    if (toolName === "Edit" || toolName === "Write") {
+      const filePath = toolInput.file_path;
+      if (typeof filePath !== "string" || !filePath) return void 0;
+      return {
+        kind: toolName === "Edit" ? "edit" : "write",
+        target: relativizeReceiptPath(filePath, cwd).slice(0, RECEIPT_TARGET_MAX_LENGTH),
+        ok
+      };
+    }
+    if (toolName === "Bash") {
+      const head = deriveCommandHead(toolInput.command);
+      if (!head) return void 0;
+      return {
+        kind: head === "git commit" ? "commit" : "bash",
+        target: head,
+        ok
+      };
+    }
+    return void 0;
+  } catch {
+    return void 0;
+  }
+};
+
+// src/identity.ts
+import { createHash as createHash2 } from "crypto";
+import { hostname } from "os";
+var deriveMachineId = (host) => createHash2("sha256").update(host).digest("hex").slice(0, 8);
+var getMachineId = () => deriveMachineId(hostname());
+
+// src/pending.ts
+import { join as join2 } from "path";
+import { tmpdir as tmpdir2 } from "os";
+import { existsSync as existsSync2, mkdirSync, writeFileSync as writeFileSync2, readdirSync, unlinkSync, rmSync, statSync } from "fs";
+var PENDING_DIR = join2(tmpdir2(), "pushary-pending");
+var DEFAULT_SESSION = "_no_session";
+var GRACE_MS = 10 * 60 * 1e3;
+var sanitize = (sessionId) => sessionId.replace(/[^A-Za-z0-9_-]/g, "_").slice(0, 128) || DEFAULT_SESSION;
+var dirFor = (sessionId) => join2(PENDING_DIR, sanitize(sessionId));
+var isDefaultSession = (sessionId) => sanitize(sessionId) === DEFAULT_SESSION;
+var savePendingQuestion = (sessionId, correlationId) => {
+  const dir = dirFor(sessionId);
+  if (!existsSync2(dir)) mkdirSync(dir, { recursive: true });
+  writeFileSync2(join2(dir, correlationId), "", "utf-8");
+};
+var listPendingQuestions = (sessionId) => {
+  const dir = dirFor(sessionId);
+  let files;
+  try {
+    files = readdirSync(dir);
+  } catch {
+    return [];
+  }
+  if (!isDefaultSession(sessionId)) return files;
+  const cutoff = Date.now() - GRACE_MS;
+  return files.filter((name) => {
+    try {
+      return statSync(join2(dir, name)).mtimeMs < cutoff;
+    } catch {
+      return false;
+    }
+  });
+};
+var removePendingQuestion = (sessionId, correlationId) => {
+  try {
+    unlinkSync(join2(dirFor(sessionId), correlationId));
+  } catch {
+  }
+};
+var removePendingSession = (sessionId) => {
+  try {
+    rmSync(dirFor(sessionId), { recursive: true, force: true });
+  } catch {
+  }
+};
+
+export {
+  isPolicyConfig,
+  askUser,
+  waitForAnswer,
+  cancelQuestion,
+  sendNotification,
+  getPolicy,
+  resolvePolicy,
+  fetchModeState,
+  fetchModeOverride,
+  describeToolCall,
+  deriveToolTarget,
+  isToolResultError,
+  deriveReceiptMeta,
+  getMachineId,
+  DEFAULT_SESSION,
+  isDefaultSession,
+  savePendingQuestion,
+  listPendingQuestions,
+  removePendingQuestion,
+  removePendingSession
+};

package/dist/src/index.d.ts

@@ -88,11 +88,12 @@ declare const askUser: (apiKey: string, params: AskUserParams) => Promise<AskUse
 declare const waitForAnswer: (apiKey: string, correlationId: string, timeoutMs?: number) => Promise<WaitForAnswerResponse>;
 declare const cancelQuestion: (apiKey: string, correlationId: string) => Promise<void>;
 
-declare const getPolicy: (apiKey: string) => Promise<PolicyConfig>;
+declare const getPolicy: (apiKey: string, expectedVersion?: string | null) => Promise<PolicyConfig>;
 declare const resolvePolicy: (config: PolicyConfig, toolName: string, modeOverride?: ApprovalMode | null, toolInput?: Record<string, unknown>) => ToolPolicy;
 interface ModeState {
     readonly mode: ApprovalMode | null;
     readonly kill: boolean;
+    readonly policyVersion: string | null;
 }
 declare const fetchModeState: (apiKey: string, sessionId?: string) => Promise<ModeState>;
 declare const fetchModeOverride: (apiKey: string) => Promise<ApprovalMode | null>;

package/dist/src/index.js

@@ -1,12 +1,12 @@
 import {
   handlePreToolUse
-} from "../chunk-TRLBBLSS.js";
+} from "../chunk-V4GLWPD7.js";
 import {
   handleNotification,
   handlePostToolUse,
   handleStop,
   reportEvent
-} from "../chunk-SH26ZOHU.js";
+} from "../chunk-HJMFYDWY.js";
 import {
   askUser,
   cancelQuestion,
@@ -15,7 +15,7 @@ import {
   getPolicy,
   resolvePolicy,
   waitForAnswer
-} from "../chunk-QRXWPZKN.js";
+} from "../chunk-XPVSZIA3.js";
 import "../chunk-22CV7V7A.js";
 import "../chunk-3MIR7ODJ.js";
 import {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pushary/agent-hooks",
-  "version": "0.14.0",
+  "version": "0.14.1",
   "description": "Permission hooks for AI coding agents: route tool approvals through Pushary push notifications",
   "author": "Pushary <business@pushary.com>",
   "homepage": "https://pushary.com",