@pushary/agent-hooks 0.15.0 → 0.17.0

package/dist/bin/pushary-codex-hook.js

@@ -12,7 +12,7 @@ import {
   reportEvent,
   toCodexWire,
   toPolicyLookup
-} from "../chunk-HWEMAAOY.js";
+} from "../chunk-U6OXZPYC.js";
 import {
   DEFAULT_SESSION,
   askUser,

package/dist/bin/pushary-codex.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   reportEvent
-} from "../chunk-HWEMAAOY.js";
+} from "../chunk-U6OXZPYC.js";
 import {
   askUser,
   getMachineId,

package/dist/bin/pushary-hook.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   handlePreToolUse
-} from "../chunk-VWBNI4SC.js";
+} from "../chunk-EQJXMEIR.js";
 import "../chunk-HRQEECB6.js";
 import "../chunk-22CV7V7A.js";
 import "../chunk-DWED7BS3.js";

package/dist/bin/pushary-post-hook.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   handlePostToolUse
-} from "../chunk-HWEMAAOY.js";
+} from "../chunk-U6OXZPYC.js";
 import "../chunk-HRQEECB6.js";
 import "../chunk-22CV7V7A.js";
 import "../chunk-DWED7BS3.js";

package/dist/bin/pushary-prompt-hook.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   handleUserPrompt
-} from "../chunk-HWEMAAOY.js";
+} from "../chunk-U6OXZPYC.js";
 import "../chunk-HRQEECB6.js";
 import "../chunk-22CV7V7A.js";
 import "../chunk-DWED7BS3.js";

package/dist/bin/pushary-setup.js

@@ -25,6 +25,47 @@ import { parse as parseTOML, stringify as stringifyTOML } from "smol-toml";
 
 // src/onboarding.ts
 import qrcodeTerminal from "qrcode-terminal";
+
+// src/pairing.ts
+import crypto from "crypto";
+var X25519_SPKI_PREFIX = Buffer.from("302a300506032b656e032100", "hex");
+var HKDF_INFO = Buffer.from("pushary-pair-v1");
+var HEADER_BYTES = 32 + 12 + 16;
+var rawToPublicKey = (raw) => crypto.createPublicKey({
+  key: Buffer.concat([X25519_SPKI_PREFIX, raw]),
+  format: "der",
+  type: "spki"
+});
+var publicKeyToRaw = (key) => key.export({ format: "der", type: "spki" }).subarray(-32);
+var generateKeypair = () => {
+  const { publicKey, privateKey } = crypto.generateKeyPairSync("x25519");
+  const publicKeyRaw = publicKeyToRaw(publicKey);
+  return { publicKeyB64: publicKeyRaw.toString("base64"), publicKeyRaw, privateKey };
+};
+var publicKeyFingerprint = (b64) => {
+  const raw = Buffer.from(b64, "base64");
+  const digest = crypto.createHash("sha256").update(raw).digest("hex");
+  return (digest.slice(0, 8).match(/.{2}/g) ?? []).join(" ").toUpperCase();
+};
+var openSealedKey = (blobB64, keypair) => {
+  const blob = Buffer.from(blobB64, "base64");
+  if (blob.length <= HEADER_BYTES) throw new Error("sealed payload too short");
+  const ephemeralRaw = blob.subarray(0, 32);
+  const nonce = blob.subarray(32, 44);
+  const tag = blob.subarray(44, 60);
+  const ciphertext = blob.subarray(60);
+  const shared = crypto.diffieHellman({
+    privateKey: keypair.privateKey,
+    publicKey: rawToPublicKey(ephemeralRaw)
+  });
+  const salt = Buffer.concat([ephemeralRaw, keypair.publicKeyRaw]);
+  const key = Buffer.from(crypto.hkdfSync("sha256", shared, salt, HKDF_INFO, 32));
+  const decipher = crypto.createDecipheriv("aes-256-gcm", key, nonce);
+  decipher.setAuthTag(tag);
+  return Buffer.concat([decipher.update(ciphertext), decipher.final()]).toString("utf8");
+};
+
+// src/onboarding.ts
 var dim = (s) => `\x1B[2m${s}\x1B[0m`;
 var bold = (s) => `\x1B[1m${s}\x1B[0m`;
 var green = (s) => `\x1B[32m${s}\x1B[0m`;
@@ -174,6 +215,82 @@ var printConnectInstructions = async (apiKey) => {
   const target = site?.subscribeUrl ?? "https://pushary.com";
   console.log(`  ${dim("Connect your phone for push notifications at")} ${cyan(target)}`);
 };
+var PAIR_POLL_INTERVAL_MS = 2e3;
+var PAIR_TIMEOUT_MS = 18e4;
+var startPairing = async (cliPublicKey) => {
+  try {
+    const res = await fetch(`${API_BASE}/api/mobile/pair/start`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ cliPublicKey }),
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (!res.ok) return null;
+    const data = await res.json().catch(() => null);
+    return data && typeof data.pairId === "string" ? data.pairId : null;
+  } catch {
+    return null;
+  }
+};
+var claimPairing = async (pairId) => {
+  try {
+    const res = await fetch(`${API_BASE}/api/mobile/pair/claim?id=${encodeURIComponent(pairId)}`, {
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (!res.ok) return null;
+    return await res.json().catch(() => null);
+  } catch {
+    return null;
+  }
+};
+var connectViaAppPairing = async () => {
+  const keypair = generateKeypair();
+  const pairId = await startPairing(keypair.publicKeyB64);
+  if (!pairId) {
+    console.log(`  ${yellow("!")} Couldn't start pairing. Check your connection and try again.`);
+    return null;
+  }
+  const deepLink = `pushary://pair?pk=${encodeURIComponent(keypair.publicKeyB64)}&id=${encodeURIComponent(pairId)}`;
+  console.log();
+  console.log(`  ${bold("Connect your Pushary app")}`);
+  console.log(`  ${dim("Open the Pushary app, tap Connect agent, and scan this:")}`);
+  await printQr(deepLink);
+  console.log(`  ${dim("No camera handy? Open this link on the phone instead:")}`);
+  console.log(`  ${cyan(deepLink)}`);
+  console.log(`  ${dim("Confirm the app shows fingerprint")} ${cyan(publicKeyFingerprint(keypair.publicKeyB64))}`);
+  console.log();
+  const deadline = Date.now() + PAIR_TIMEOUT_MS;
+  const stop = startSpinner(() => {
+    const left = Math.max(0, Math.ceil((deadline - Date.now()) / 1e3));
+    return `Waiting for the app to authorize ${dim(`(${left}s)`)}`;
+  });
+  try {
+    while (Date.now() < deadline) {
+      const claim = await claimPairing(pairId);
+      if (claim?.status === "authorized") {
+        let apiKey;
+        try {
+          apiKey = openSealedKey(claim.sealed, keypair);
+        } catch {
+          stop(yellow("!"), "Pairing failed to decrypt \u2014 re-run setup to try again");
+          return null;
+        }
+        stop(check, "App connected");
+        return { apiKey, handle: claim.siteSlug };
+      }
+      if (claim?.status === "expired") {
+        stop(yellow("!"), "Pairing expired \u2014 re-run setup to try again");
+        return null;
+      }
+      await sleep(PAIR_POLL_INTERVAL_MS);
+    }
+    stop(yellow("!"), "Timed out waiting for the app");
+    return null;
+  } catch (err) {
+    stop(yellow("!"), `Pairing error ${dim(`(${err instanceof Error ? err.message : "network"})`)}`);
+    return null;
+  }
+};
 
 // bin/pushary-setup.ts
 var CLAUDE_SETTINGS = join(homedir(), ".claude", "settings.json");
@@ -199,6 +316,18 @@ var parseKeyFlag = () => {
   }
   return void 0;
 };
+var parseConnectFlag = () => {
+  const args = process.argv.slice(2);
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === "--connect" && args[i + 1]) {
+      return args[i + 1].trim() === "app" ? "app" : "web";
+    }
+    if (args[i].startsWith("--connect=")) {
+      return args[i].slice(10).trim() === "app" ? "app" : "web";
+    }
+  }
+  return "web";
+};
 var isInstalled = (command) => {
   const whichCmd = process.platform === "win32" ? "where" : "which";
   try {
@@ -648,10 +777,25 @@ var main = async () => {
   console.log(`  ${dim2("Push notifications for AI coding agents")}`);
   console.log();
   await checkForUpdates(version);
+  const connectMode = parseConnectFlag();
   const flagKey = parseKeyFlag();
   const envKey = process.env.PUSHARY_API_KEY?.trim();
   let trimmedKey;
-  if (flagKey && isValidApiKey(flagKey)) {
+  if (connectMode === "app") {
+    console.log(`  ${dim2("Pairing with your Pushary app.")}`);
+    const paired = await connectViaAppPairing();
+    if (!paired) {
+      console.log();
+      console.log(`  ${yellow2("!")} Pairing didn't complete. Re-run setup when you're ready to scan.`);
+      console.log(`  ${dim2("No app yet? Get it at")} ${cyan2("https://pushary.com/app")}`);
+      process.exit(1);
+    }
+    trimmedKey = paired.apiKey;
+    if (paired.handle) {
+      console.log(`  ${check2} Connected to ${cyan2("@" + paired.handle)}`);
+    }
+    console.log();
+  } else if (flagKey && isValidApiKey(flagKey)) {
     const masked = `${flagKey.slice(0, 8)}...${flagKey.slice(-4)}`;
     console.log(`  ${check2} Using API key: ${dim2(masked)}`);
     console.log();
@@ -720,11 +864,13 @@ var main = async () => {
       console.log(`  ${yellow2("!")} Failed: ${failed.join(", ")} ${dim2("(others completed successfully)")}`);
     }
   }
-  const skipPhone = process.argv.includes("--skip-phone");
-  if (skipPhone || !process.stdout.isTTY) {
-    await printConnectInstructions(trimmedKey);
-  } else {
-    await connectDevice(trimmedKey);
+  if (connectMode !== "app") {
+    const skipPhone = process.argv.includes("--skip-phone");
+    if (skipPhone || !process.stdout.isTTY) {
+      await printConnectInstructions(trimmedKey);
+    } else {
+      await connectDevice(trimmedKey);
+    }
   }
   console.log();
   console.log(`  ${green2(bold2("Setup complete."))}`);

package/dist/bin/pushary-stop-hook.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   handleStop
-} from "../chunk-HWEMAAOY.js";
+} from "../chunk-U6OXZPYC.js";
 import "../chunk-HRQEECB6.js";
 import "../chunk-22CV7V7A.js";
 import "../chunk-DWED7BS3.js";
@@ -15,7 +15,8 @@ var main = async () => {
   }
   try {
     const input = rawInput.trim() ? JSON.parse(rawInput) : {};
-    await handleStop(input);
+    const output = await handleStop(input);
+    if (output) process.stdout.write(JSON.stringify(output));
   } catch {
   }
 };

package/dist/chunk-EQJXMEIR.js

@@ -0,0 +1,175 @@
+import {
+  DEFAULT_SESSION,
+  askUser,
+  deriveToolTarget,
+  describeToolCall,
+  fetchModeState,
+  getMachineId,
+  getPolicy,
+  resolvePolicy,
+  savePendingQuestion,
+  sendNotification,
+  waitForAnswer
+} from "./chunk-HRQEECB6.js";
+import {
+  getApiKey
+} from "./chunk-NKXSILEW.js";
+
+// src/hook.ts
+import { basename } from "path";
+var sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
+var denyReasonFrom = (value) => value && value !== "no" && value !== "yes" ? `Denied from your phone: ${value}` : "Denied via push notification";
+var allow = () => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "allow"
+  }
+});
+var deny = (reason) => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "deny",
+    permissionDecisionReason: reason
+  }
+});
+var ask = (reason) => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "ask",
+    ...reason ? { permissionDecisionReason: reason } : {}
+  }
+});
+var pollForAnswer = async (apiKey, correlationId, deadlineMs, pollInterval = 2e3) => {
+  while (Date.now() < deadlineMs) {
+    const remaining = Math.min(Math.max(deadlineMs - Date.now(), 1e3), 3e4);
+    let answer;
+    try {
+      answer = await waitForAnswer(apiKey, correlationId, remaining);
+    } catch {
+      if (Date.now() + pollInterval >= deadlineMs) break;
+      await sleep(pollInterval);
+      continue;
+    }
+    if (answer.answered) return answer;
+    if (Date.now() + pollInterval >= deadlineMs) break;
+    await sleep(pollInterval);
+  }
+  return { answered: false };
+};
+var handlePushOnly = async (apiKey, description, projectName, timeoutSeconds, timeoutAction, sessionId, machineId, toolName, toolTarget) => {
+  let result;
+  try {
+    result = await askUser(apiKey, {
+      question: `Allow ${description}?`,
+      type: "confirm",
+      context: `Agent wants to run this in ${projectName}`,
+      agentName: `Claude Code - ${projectName}`,
+      sessionId,
+      machineId,
+      toolName,
+      toolTarget
+    });
+  } catch {
+    switch (timeoutAction) {
+      case "approve":
+        return allow();
+      case "deny":
+        return deny("Push notification failed, denying per policy");
+      default:
+        return ask("Push notification failed, asking in terminal");
+    }
+  }
+  const deadline = Date.now() + timeoutSeconds * 1e3;
+  const answer = await pollForAnswer(apiKey, result.correlationId, deadline);
+  if (answer.answered) {
+    return answer.value === "yes" ? allow() : deny(denyReasonFrom(answer.value));
+  }
+  switch (timeoutAction) {
+    case "approve":
+      return allow();
+    case "deny":
+      return deny("No response within timeout");
+    default:
+      return ask("No push response, asking in terminal");
+  }
+};
+var handleTerminalOnly = () => {
+  return ask();
+};
+var handlePushFirst = async (apiKey, description, projectName, pushFirstSeconds, sessionId, machineId, toolName, toolTarget) => {
+  let result;
+  try {
+    result = await askUser(apiKey, {
+      question: `Allow ${description}?`,
+      type: "confirm",
+      context: `Agent wants to run this in ${projectName}`,
+      agentName: `Claude Code - ${projectName}`,
+      sessionId,
+      machineId,
+      toolName,
+      toolTarget
+    });
+  } catch {
+    return ask("Push notification failed, asking in terminal");
+  }
+  const deadline = Date.now() + pushFirstSeconds * 1e3;
+  const answer = await pollForAnswer(apiKey, result.correlationId, deadline, 1500);
+  if (answer.answered) {
+    return answer.value === "yes" ? allow() : deny(denyReasonFrom(answer.value));
+  }
+  savePendingQuestion(sessionId || DEFAULT_SESSION, result.correlationId);
+  return ask("Sent as push notification. You can also approve here.");
+};
+var handleNotifyOnly = async (apiKey, description, projectName, sessionId, machineId) => {
+  try {
+    await sendNotification(apiKey, {
+      title: "Agent needs approval",
+      body: description,
+      agentName: `Claude Code - ${projectName}`,
+      sessionId,
+      machineId
+    });
+  } catch {
+  }
+  return ask();
+};
+var handlePreToolUse = async (input) => {
+  try {
+    const apiKey = getApiKey();
+    const modeState = await fetchModeState(apiKey, input.session_id);
+    const policy = await getPolicy(apiKey, modeState.policyVersion);
+    if (modeState.kill) {
+      return deny("Stopped by user \u2014 this agent was halted from Pushary");
+    }
+    const toolPolicy = resolvePolicy(policy, input.tool_name, modeState.mode, input.tool_input);
+    if (toolPolicy.timeoutSeconds === 0 && toolPolicy.timeoutAction === "approve") {
+      return allow();
+    }
+    if (toolPolicy.timeoutSeconds === 0 && toolPolicy.timeoutAction === "deny") {
+      return deny(`Denied by policy for ${toolPolicy.tool}`);
+    }
+    const description = describeToolCall(input.tool_name, input.tool_input, "hook");
+    const projectName = basename(input.cwd ?? process.cwd());
+    const sessionId = input.session_id;
+    const machineId = getMachineId();
+    const toolTarget = deriveToolTarget(input.tool_name, input.tool_input);
+    switch (toolPolicy.mode) {
+      case "push_only":
+        return handlePushOnly(apiKey, description, projectName, toolPolicy.timeoutSeconds, toolPolicy.timeoutAction, sessionId, machineId, input.tool_name, toolTarget);
+      case "terminal_only":
+        return handleTerminalOnly();
+      case "push_first":
+        return handlePushFirst(apiKey, description, projectName, toolPolicy.pushFirstSeconds, sessionId, machineId, input.tool_name, toolTarget);
+      case "notify_only":
+        return handleNotifyOnly(apiKey, description, projectName, sessionId, machineId);
+      default:
+        return handlePushFirst(apiKey, description, projectName, toolPolicy.pushFirstSeconds, sessionId, machineId, input.tool_name, toolTarget);
+    }
+  } catch {
+    return ask("Pushary unavailable, falling back to terminal approval");
+  }
+};
+
+export {
+  handlePreToolUse
+};

package/dist/chunk-U6OXZPYC.js

@@ -0,0 +1,384 @@
+import {
+  DEFAULT_SESSION,
+  cancelQuestion,
+  deriveReceiptMeta,
+  describeToolCall,
+  fetchModeState,
+  getMachineId,
+  isDefaultSession,
+  isPolicyConfig,
+  isToolResultError,
+  listPendingQuestions,
+  removePendingQuestion,
+  removePendingSession,
+  resolvePolicy
+} from "./chunk-HRQEECB6.js";
+import {
+  withRetry
+} from "./chunk-DWED7BS3.js";
+import {
+  getApiKey,
+  getBaseUrl
+} from "./chunk-NKXSILEW.js";
+
+// src/codex-adapter.ts
+var CODEX_AGENT = { type: "codex", label: "Codex" };
+var codexAllow = () => ({ kind: "allow" });
+var codexDeny = (reason) => ({ kind: "deny", reason });
+var codexPass = () => ({ kind: "pass" });
+var toCodexWire = (event, decision) => {
+  if (event === "PermissionRequest") {
+    if (decision.kind === "allow") {
+      return {
+        hookSpecificOutput: {
+          hookEventName: "PermissionRequest",
+          decision: { behavior: "allow" }
+        }
+      };
+    }
+    if (decision.kind === "deny") {
+      return {
+        hookSpecificOutput: {
+          hookEventName: "PermissionRequest",
+          decision: { behavior: "deny", message: decision.reason }
+        }
+      };
+    }
+    return null;
+  }
+  if (event === "PreToolUse" && decision.kind === "deny") {
+    return {
+      hookSpecificOutput: {
+        hookEventName: "PreToolUse",
+        permissionDecision: "deny",
+        permissionDecisionReason: decision.reason
+      }
+    };
+  }
+  return null;
+};
+var toPolicyLookup = (toolName, toolInput) => {
+  if (toolName !== "apply_patch") return { tool: toolName, input: toolInput };
+  const command = toolInput.command;
+  return {
+    tool: "Edit",
+    input: typeof command === "string" ? { file_path: command } : {}
+  };
+};
+var permissionTimeoutDecision = (timeoutAction) => {
+  if (timeoutAction === "approve") return codexAllow();
+  if (timeoutAction === "deny") return codexDeny("No response within timeout");
+  return codexPass();
+};
+var preToolUseTimeoutDecision = (timeoutAction, denyReason = "No response within timeout") => timeoutAction === "deny" ? codexDeny(denyReason) : codexPass();
+
+// src/usage.ts
+import { closeSync, mkdirSync, openSync, readFileSync, readSync, statSync, writeFileSync } from "fs";
+import { join } from "path";
+import { tmpdir } from "os";
+var DEFAULT_PRICES = [
+  { match: "opus-4-1", in: 15, out: 75 },
+  { match: "opus-4-0", in: 15, out: 75 },
+  { match: "3-opus", in: 15, out: 75 },
+  { match: "opus", in: 5, out: 25 },
+  { match: "haiku", in: 1, out: 5 },
+  { match: "sonnet", in: 3, out: 15 }
+];
+var FALLBACK_PRICE = { match: "", in: 3, out: 15 };
+var CACHE_WRITE_MULTIPLIER = 1.25;
+var CACHE_READ_MULTIPLIER = 0.1;
+var RECENT_ID_LIMIT = 200;
+var READ_CHUNK_BYTES = 1024 * 1024;
+var isModelPrice = (value) => {
+  if (!value || typeof value !== "object") return false;
+  const candidate = value;
+  return typeof candidate.match === "string" && typeof candidate.in === "number" && typeof candidate.out === "number";
+};
+var priceTable = () => {
+  const raw = process.env.PUSHARY_MODEL_PRICING?.trim();
+  if (!raw) return DEFAULT_PRICES;
+  try {
+    const parsed = JSON.parse(raw);
+    if (Array.isArray(parsed) && parsed.length > 0 && parsed.every(isModelPrice)) return parsed;
+  } catch {
+  }
+  return DEFAULT_PRICES;
+};
+var estimateCostUsd = (usage, model) => {
+  const price = priceTable().find((p) => model.includes(p.match)) ?? FALLBACK_PRICE;
+  const perTokenIn = price.in / 1e6;
+  const perTokenOut = price.out / 1e6;
+  return usage.inputTokens * perTokenIn + usage.outputTokens * perTokenOut + usage.cacheCreationTokens * perTokenIn * CACHE_WRITE_MULTIPLIER + usage.cacheReadTokens * perTokenIn * CACHE_READ_MULTIPLIER;
+};
+var stateDir = () => process.env.PUSHARY_USAGE_DIR?.trim() || join(tmpdir(), "pushary-usage");
+var stateFile = (sessionId) => join(stateDir(), sessionId.replace(/[^a-zA-Z0-9_-]/g, "_"));
+var emptyState = () => ({ offset: 0, tokensIn: 0, tokensOut: 0, costUsd: 0, recentIds: [] });
+var readState = (path) => {
+  try {
+    const parsed = JSON.parse(readFileSync(path, "utf-8"));
+    if (typeof parsed.offset === "number" && parsed.offset >= 0 && typeof parsed.tokensIn === "number" && typeof parsed.tokensOut === "number" && typeof parsed.costUsd === "number" && Array.isArray(parsed.recentIds)) {
+      return {
+        offset: parsed.offset,
+        tokensIn: parsed.tokensIn,
+        tokensOut: parsed.tokensOut,
+        costUsd: parsed.costUsd,
+        recentIds: parsed.recentIds.filter((id) => typeof id === "string")
+      };
+    }
+  } catch {
+  }
+  return emptyState();
+};
+var readRange = (path, start, end) => {
+  const fd = openSync(path, "r");
+  try {
+    const chunks = [];
+    let position = start;
+    while (position < end) {
+      const length = Math.min(READ_CHUNK_BYTES, end - position);
+      const buffer = Buffer.alloc(length);
+      const bytesRead = readSync(fd, buffer, 0, length, position);
+      if (bytesRead <= 0) break;
+      chunks.push(buffer.subarray(0, bytesRead));
+      position += bytesRead;
+    }
+    return Buffer.concat(chunks);
+  } finally {
+    closeSync(fd);
+  }
+};
+var toCount = (value) => typeof value === "number" && Number.isFinite(value) && value >= 0 ? value : 0;
+var applyLine = (state, line) => {
+  let parsed;
+  try {
+    parsed = JSON.parse(line);
+  } catch {
+    return 0;
+  }
+  if (parsed.type !== "assistant") return 0;
+  const usage = parsed.message?.usage;
+  if (!usage || typeof usage !== "object") return 0;
+  const model = typeof parsed.message?.model === "string" ? parsed.message.model : "";
+  if (model.includes("<synthetic>")) return 0;
+  const id = typeof parsed.message?.id === "string" ? parsed.message.id : null;
+  if (id) {
+    if (state.recentIds.includes(id)) return 0;
+    state.recentIds.push(id);
+    if (state.recentIds.length > RECENT_ID_LIMIT) state.recentIds.splice(0, state.recentIds.length - RECENT_ID_LIMIT);
+  }
+  const messageUsage = {
+    inputTokens: toCount(usage.input_tokens),
+    outputTokens: toCount(usage.output_tokens),
+    cacheCreationTokens: toCount(usage.cache_creation_input_tokens),
+    cacheReadTokens: toCount(usage.cache_read_input_tokens)
+  };
+  const cost = estimateCostUsd(messageUsage, model);
+  state.tokensIn += messageUsage.inputTokens + messageUsage.cacheCreationTokens + messageUsage.cacheReadTokens;
+  state.tokensOut += messageUsage.outputTokens;
+  state.costUsd += cost;
+  return cost;
+};
+var readNewUsage = (transcriptPath, sessionId) => {
+  try {
+    const size = statSync(transcriptPath).size;
+    const path = stateFile(sessionId);
+    let state = readState(path);
+    if (size < state.offset) state = { ...emptyState(), recentIds: state.recentIds };
+    let deltaUsd = 0;
+    if (size > state.offset) {
+      const buffer = readRange(transcriptPath, state.offset, size);
+      const lastNewline = buffer.lastIndexOf(10);
+      if (lastNewline >= 0) {
+        const complete = buffer.subarray(0, lastNewline + 1);
+        for (const line of complete.toString("utf-8").split("\n")) {
+          if (line.trim()) deltaUsd += applyLine(state, line);
+        }
+        state.offset += lastNewline + 1;
+      }
+    }
+    mkdirSync(stateDir(), { recursive: true });
+    writeFileSync(path, JSON.stringify(state), "utf-8");
+    if (state.tokensIn === 0 && state.tokensOut === 0) return null;
+    return {
+      tokensIn: state.tokensIn,
+      tokensOut: state.tokensOut,
+      costUsd: state.costUsd,
+      deltaUsd
+    };
+  } catch {
+    return null;
+  }
+};
+
+// src/events.ts
+import { basename, join as join2 } from "path";
+import { createHash } from "crypto";
+import { existsSync, readFileSync as readFileSync2 } from "fs";
+import { tmpdir as tmpdir2 } from "os";
+var cleanupPendingQuestions = async (sessionId) => {
+  try {
+    const files = listPendingQuestions(sessionId);
+    const apiKey = getApiKey();
+    for (const correlationId of files) {
+      try {
+        await cancelQuestion(apiKey, correlationId);
+      } catch {
+      }
+      removePendingQuestion(sessionId, correlationId);
+    }
+    if (!isDefaultSession(sessionId)) removePendingSession(sessionId);
+  } catch {
+  }
+};
+var CLAUDE_CODE_AGENT = { type: "claude_code", label: "Claude Code" };
+var POLICY_CACHE_TTL_MS = 5 * 60 * 1e3;
+var readFreshCachedPolicy = (apiKey) => {
+  const hash = createHash("sha256").update(apiKey).digest("hex").slice(0, 12);
+  const path = join2(tmpdir2(), `pushary-policy-${hash}.json`);
+  if (!existsSync(path)) return null;
+  const cached = JSON.parse(readFileSync2(path, "utf-8"));
+  if (!isPolicyConfig(cached)) return null;
+  if (!cached._cachedAt || Date.now() - cached._cachedAt >= POLICY_CACHE_TTL_MS) return null;
+  return cached;
+};
+var deriveDecisionSource = (toolName, toolInput, liveMode) => {
+  try {
+    if (liveMode.kill) return "terminal";
+    const policy = readFreshCachedPolicy(getApiKey());
+    if (!policy) return void 0;
+    const resolved = resolvePolicy(policy, toolName, liveMode.mode, toolInput);
+    if (resolved.timeoutSeconds === 0 && resolved.timeoutAction === "approve") return "policy_auto";
+    if (resolved.mode === "push_only" || resolved.mode === "push_first") return "human";
+    return "terminal";
+  } catch {
+    return void 0;
+  }
+};
+var deriveUsage = (transcriptPath, sessionId) => {
+  if (!transcriptPath || process.env.PUSHARY_COST_TRACKING === "off") return void 0;
+  try {
+    return readNewUsage(transcriptPath, sessionId || DEFAULT_SESSION) ?? void 0;
+  } catch {
+    return void 0;
+  }
+};
+var reportEvent = async (event, options = {}) => {
+  const apiKey = getApiKey();
+  const baseUrl = getBaseUrl();
+  return withRetry(async () => {
+    const res = await fetch(`${baseUrl}/api/agent/event`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": `Bearer ${apiKey}`
+      },
+      body: JSON.stringify({
+        ...event,
+        machineId: event.machineId ?? getMachineId()
+      }),
+      signal: AbortSignal.timeout(options.timeoutMs ?? 1e4)
+    });
+    try {
+      return await res.json();
+    } catch {
+      return null;
+    }
+  }, { maxAttempts: options.maxAttempts ?? 2, baseDelayMs: 300 });
+};
+var handlePostToolUse = async (input, agent = CLAUDE_CODE_AGENT) => {
+  try {
+    const projectName = basename(input.cwd ?? process.cwd());
+    const action = describeToolCall(input.tool_name, input.tool_input, "event");
+    const lookup = toPolicyLookup(input.tool_name, input.tool_input);
+    const isError = isToolResultError(input.tool_result);
+    const receiptsEnabled = process.env.PUSHARY_RECEIPTS !== "off";
+    const liveMode = await fetchModeState(getApiKey(), input.session_id);
+    await Promise.allSettled([
+      cleanupPendingQuestions(input.session_id || DEFAULT_SESSION),
+      reportEvent({
+        event: isError ? "tool_error" : "tool_complete",
+        agentType: agent.type,
+        agentName: `${agent.label} - ${projectName}`,
+        action,
+        sessionId: input.session_id,
+        error: isError ? String(input.tool_result?.error ?? input.tool_result?.stderr ?? "").slice(0, 500) : void 0,
+        decisionSource: deriveDecisionSource(lookup.tool, lookup.input, liveMode),
+        meta: receiptsEnabled ? deriveReceiptMeta(lookup.tool, lookup.input, input.tool_result, input.cwd ?? process.cwd()) : void 0,
+        usage: deriveUsage(input.transcript_path, input.session_id)
+      })
+    ]);
+  } catch {
+  }
+};
+var TASK_TITLE_MAX_LENGTH = 120;
+var handleUserPrompt = async (input, agent = CLAUDE_CODE_AGENT) => {
+  try {
+    const projectName = basename(input.cwd ?? process.cwd());
+    const titlesEnabled = process.env.PUSHARY_TASK_TITLES !== "off";
+    const taskTitle = titlesEnabled ? input.prompt?.replace(/\s+/g, " ").trim().slice(0, TASK_TITLE_MAX_LENGTH) || void 0 : void 0;
+    await reportEvent({
+      event: "user_prompt",
+      agentType: agent.type,
+      agentName: `${agent.label} - ${projectName}`,
+      sessionId: input.session_id,
+      taskTitle
+    }, { maxAttempts: 1, timeoutMs: 800 });
+  } catch {
+  }
+};
+var handleStop = async (input, agent = CLAUDE_CODE_AGENT) => {
+  try {
+    const projectName = basename(input.cwd ?? process.cwd());
+    const [, reported] = await Promise.allSettled([
+      cleanupPendingQuestions(input.session_id || DEFAULT_SESSION),
+      reportEvent({
+        event: "session_end",
+        agentType: agent.type,
+        agentName: `${agent.label} - ${projectName}`,
+        action: "Session ended",
+        sessionId: input.session_id,
+        usage: deriveUsage(input.transcript_path, input.session_id)
+      })
+    ]);
+    const pendingCommand = reported.status === "fulfilled" ? reported.value?.pendingCommand : void 0;
+    if (typeof pendingCommand === "string" && pendingCommand.trim().length > 0) {
+      return {
+        decision: "block",
+        reason: `The user sent a new instruction from their phone via Pushary: ${pendingCommand.trim()}`
+      };
+    }
+    return void 0;
+  } catch {
+    return void 0;
+  }
+};
+var handleNotification = async (input) => {
+  try {
+    const projectName = basename(input.cwd ?? process.cwd());
+    await reportEvent({
+      event: input.type === "error" ? "error" : "notification",
+      agentType: "claude_code",
+      agentName: `Claude Code - ${projectName}`,
+      action: input.title ?? input.message ?? "Notification",
+      sessionId: input.session_id,
+      error: input.type === "error" ? input.message : void 0
+    });
+  } catch {
+  }
+};
+
+export {
+  CODEX_AGENT,
+  codexAllow,
+  codexDeny,
+  codexPass,
+  toCodexWire,
+  toPolicyLookup,
+  permissionTimeoutDecision,
+  preToolUseTimeoutDecision,
+  reportEvent,
+  handlePostToolUse,
+  handleUserPrompt,
+  handleStop,
+  handleNotification
+};

package/dist/src/index.d.ts

@@ -53,7 +53,11 @@ interface ReportEventOptions {
     maxAttempts?: number;
     timeoutMs?: number;
 }
-declare const reportEvent: (event: AgentEvent, options?: ReportEventOptions) => Promise<void>;
+interface EventResponse {
+    readonly ok?: boolean;
+    readonly pendingCommand?: string;
+}
+declare const reportEvent: (event: AgentEvent, options?: ReportEventOptions) => Promise<EventResponse | null>;
 declare const handlePostToolUse: (input: {
     tool_name: string;
     tool_input: Record<string, unknown>;
@@ -62,12 +66,16 @@ declare const handlePostToolUse: (input: {
     session_id?: string;
     transcript_path?: string;
 }, agent?: AgentIdentity) => Promise<void>;
+interface StopHookOutput {
+    readonly decision: 'block';
+    readonly reason: string;
+}
 declare const handleStop: (input: {
     cwd?: string;
     session_id?: string;
     stop_hook_active?: boolean;
     transcript_path?: string;
-}, agent?: AgentIdentity) => Promise<void>;
+}, agent?: AgentIdentity) => Promise<StopHookOutput | undefined>;
 declare const handleNotification: (input: {
     message?: string;
     title?: string;

package/dist/src/index.js

@@ -1,12 +1,12 @@
 import {
   handlePreToolUse
-} from "../chunk-VWBNI4SC.js";
+} from "../chunk-EQJXMEIR.js";
 import {
   handleNotification,
   handlePostToolUse,
   handleStop,
   reportEvent
-} from "../chunk-HWEMAAOY.js";
+} from "../chunk-U6OXZPYC.js";
 import {
   askUser,
   cancelQuestion,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pushary/agent-hooks",
-  "version": "0.15.0",
+  "version": "0.17.0",
   "description": "Permission hooks for AI coding agents: route tool approvals through Pushary push notifications",
   "author": "Pushary <business@pushary.com>",
   "homepage": "https://pushary.com",
@@ -11,6 +11,9 @@
   },
   "license": "MIT",
   "type": "module",
+  "engines": {
+    "node": ">=20"
+  },
   "main": "./dist/src/index.js",
   "types": "./dist/src/index.d.ts",
   "bin": {
@@ -34,7 +37,7 @@
   "scripts": {
     "build": "node scripts/bundle-plugin.mjs && tsup",
     "dev": "tsup --watch",
-    "test": "bun test src/api.test.ts && bun test src/claude-config.test.ts && bun test src/config.test.ts && bun test src/mcp-http.test.ts && bun test src/retry.test.ts && bun test src/usage.test.ts && bun test src/validate.test.ts && bun test src/policy.test.ts && bun test src/npm.test.ts && bun test src/identity.test.ts && bun test src/pending.test.ts && bun test src/events.test.ts && bun test src/describe.test.ts && bun test src/suggestions.test.ts && bun test src/hook.test.ts && bun test src/codex-adapter.test.ts && bun test src/codex-config.test.ts"
+    "test": "bun test src/api.test.ts && bun test src/claude-config.test.ts && bun test src/config.test.ts && bun test src/mcp-http.test.ts && bun test src/retry.test.ts && bun test src/usage.test.ts && bun test src/validate.test.ts && bun test src/policy.test.ts && bun test src/npm.test.ts && bun test src/identity.test.ts && bun test src/pending.test.ts && bun test src/events.test.ts && bun test src/describe.test.ts && bun test src/suggestions.test.ts && bun test src/hook.test.ts && bun test src/codex-adapter.test.ts && bun test src/codex-config.test.ts && bun test src/pairing.test.ts"
   },
   "dependencies": {
     "@inquirer/prompts": "^8.4.2",
@@ -42,7 +45,7 @@
     "smol-toml": "^1.6.1"
   },
   "devDependencies": {
-    "@pushary/contracts": "workspace:*",
+    "@pushary/contracts": "0.1.0",
     "tsup": "^8.0.0",
     "typescript": "^5.0.0"
   }