@pushary/agent-hooks 0.4.6 → 0.5.0

package/dist/bin/pushary-codex.js

@@ -1,15 +1,14 @@
 #!/usr/bin/env node
+import {
+  reportEvent
+} from "../chunk-P4JH2Q7Z.js";
 import {
   askUser,
   waitForAnswer
-} from "../chunk-M5SRSBLS.js";
-import "../chunk-RJKW6LLC.js";
-import {
-  reportEvent
-} from "../chunk-EQE6Z4YQ.js";
+} from "../chunk-KTP2EPVB.js";
 import {
   getApiKey
-} from "../chunk-VUNL35KE.js";
+} from "../chunk-VIST7ACL.js";
 
 // bin/pushary-codex.ts
 import { hostname } from "os";

package/dist/bin/pushary-doctor.js

@@ -2,8 +2,7 @@
 import {
   callMcpTool,
   sendMcpRequest
-} from "../chunk-RJKW6LLC.js";
-import "../chunk-VUNL35KE.js";
+} from "../chunk-VIST7ACL.js";
 
 // bin/pushary-doctor.ts
 import { existsSync, readFileSync } from "fs";

package/dist/bin/pushary-hook.js

@@ -1,10 +1,9 @@
 #!/usr/bin/env node
 import {
   handlePreToolUse
-} from "../chunk-4TQW4K6T.js";
-import "../chunk-M5SRSBLS.js";
-import "../chunk-RJKW6LLC.js";
-import "../chunk-VUNL35KE.js";
+} from "../chunk-DF3BM6BF.js";
+import "../chunk-KTP2EPVB.js";
+import "../chunk-VIST7ACL.js";
 
 // bin/pushary-hook.ts
 var main = async () => {

package/dist/bin/pushary-post-hook.js

@@ -1,8 +1,9 @@
 #!/usr/bin/env node
 import {
   handlePostToolUse
-} from "../chunk-EQE6Z4YQ.js";
-import "../chunk-VUNL35KE.js";
+} from "../chunk-P4JH2Q7Z.js";
+import "../chunk-KTP2EPVB.js";
+import "../chunk-VIST7ACL.js";
 
 // bin/pushary-post-hook.ts
 var main = async () => {

package/dist/bin/pushary-stop-hook.js

@@ -1,8 +1,9 @@
 #!/usr/bin/env node
 import {
   handleStop
-} from "../chunk-EQE6Z4YQ.js";
-import "../chunk-VUNL35KE.js";
+} from "../chunk-P4JH2Q7Z.js";
+import "../chunk-KTP2EPVB.js";
+import "../chunk-VIST7ACL.js";
 
 // bin/pushary-stop-hook.ts
 var main = async () => {

package/dist/chunk-DF3BM6BF.js

@@ -0,0 +1,195 @@
+import {
+  askUser,
+  sendNotification,
+  waitForAnswer
+} from "./chunk-KTP2EPVB.js";
+import {
+  getApiKey,
+  getBaseUrl
+} from "./chunk-VIST7ACL.js";
+
+// src/policy.ts
+import { createHash } from "crypto";
+import { existsSync, readFileSync, writeFileSync } from "fs";
+import { join } from "path";
+import { tmpdir } from "os";
+var CACHE_TTL_MS = 5 * 60 * 1e3;
+var cacheFile = (apiKey) => {
+  const hash = createHash("sha256").update(apiKey).digest("hex").slice(0, 12);
+  return join(tmpdir(), `pushary-policy-${hash}.json`);
+};
+var fetchPolicy = async (apiKey) => {
+  const baseUrl = getBaseUrl();
+  const response = await fetch(`${baseUrl}/api/mcp/policy`, {
+    headers: { "Authorization": `Bearer ${apiKey}` },
+    signal: AbortSignal.timeout(1e4)
+  });
+  if (!response.ok) {
+    throw new Error(`Failed to fetch policy: ${response.status}`);
+  }
+  return response.json();
+};
+var getPolicy = async (apiKey) => {
+  const path = cacheFile(apiKey);
+  if (existsSync(path)) {
+    try {
+      const stat = readFileSync(path, "utf-8");
+      const cached = JSON.parse(stat);
+      if (!cached._cachedAt || Date.now() - cached._cachedAt < CACHE_TTL_MS) {
+        return cached;
+      }
+    } catch {
+    }
+  }
+  const policy = await fetchPolicy(apiKey);
+  writeFileSync(path, JSON.stringify({ ...policy, _cachedAt: Date.now() }), "utf-8");
+  return policy;
+};
+var resolvePolicy = (config, toolName) => {
+  const exact = config.policies.find((p) => p.tool === toolName);
+  if (exact) return exact;
+  const wildcard = config.policies.find((p) => p.tool === "*");
+  if (wildcard) return wildcard;
+  return {
+    tool: toolName,
+    timeoutSeconds: config.defaultTimeoutSeconds,
+    timeoutAction: config.defaultTimeoutAction,
+    mode: config.defaultMode ?? "push_first",
+    pushFirstSeconds: config.defaultPushFirstSeconds ?? 10
+  };
+};
+
+// src/hook.ts
+import { basename } from "path";
+import { writeFileSync as writeFileSync2, mkdirSync, existsSync as existsSync2 } from "fs";
+import { join as join2 } from "path";
+import { tmpdir as tmpdir2 } from "os";
+var describeToolCall = (input) => {
+  const { tool_name, tool_input } = input;
+  switch (tool_name) {
+    case "Bash":
+      return `bash: ${tool_input.command ?? "(no command)"}`;
+    case "Write":
+      return `write file: ${tool_input.file_path ?? "(unknown path)"}`;
+    case "Edit":
+      return `edit file: ${tool_input.file_path ?? "(unknown path)"}`;
+    case "Read":
+      return `read file: ${tool_input.file_path ?? "(unknown path)"}`;
+    default:
+      return `${tool_name}: ${JSON.stringify(tool_input).slice(0, 200)}`;
+  }
+};
+var sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
+var allow = () => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "allow"
+  }
+});
+var deny = (reason) => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "deny",
+    permissionDecisionReason: reason
+  }
+});
+var ask = (reason) => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "ask",
+    ...reason ? { permissionDecisionReason: reason } : {}
+  }
+});
+var PENDING_DIR = join2(tmpdir2(), "pushary-pending");
+var savePendingQuestion = (correlationId) => {
+  if (!existsSync2(PENDING_DIR)) mkdirSync(PENDING_DIR, { recursive: true });
+  writeFileSync2(join2(PENDING_DIR, correlationId), "", "utf-8");
+};
+var pollForAnswer = async (apiKey, correlationId, deadlineMs, pollInterval = 2e3) => {
+  while (Date.now() < deadlineMs) {
+    const remaining = Math.min(Math.max(deadlineMs - Date.now(), 1e3), 3e4);
+    const answer = await waitForAnswer(apiKey, correlationId, remaining);
+    if (answer.answered) return answer;
+    if (Date.now() + pollInterval >= deadlineMs) break;
+    await sleep(pollInterval);
+  }
+  return { answered: false };
+};
+var handlePushOnly = async (apiKey, description, projectName, timeoutSeconds, timeoutAction) => {
+  const result = await askUser(apiKey, {
+    question: `Allow ${description}?`,
+    type: "confirm",
+    context: `Agent wants to run this in ${projectName}`,
+    agentName: `Claude Code - ${projectName}`
+  });
+  const deadline = Date.now() + timeoutSeconds * 1e3;
+  const answer = await pollForAnswer(apiKey, result.correlationId, deadline);
+  if (answer.answered) {
+    return answer.value === "yes" ? allow() : deny("Denied via push notification");
+  }
+  switch (timeoutAction) {
+    case "approve":
+      return allow();
+    case "deny":
+      return deny("No response within timeout");
+    default:
+      return ask("No push response, asking in terminal");
+  }
+};
+var handleTerminalOnly = () => {
+  return ask();
+};
+var handlePushFirst = async (apiKey, description, projectName, pushFirstSeconds) => {
+  const result = await askUser(apiKey, {
+    question: `Allow ${description}?`,
+    type: "confirm",
+    context: `Agent wants to run this in ${projectName}`,
+    agentName: `Claude Code - ${projectName}`
+  });
+  const deadline = Date.now() + pushFirstSeconds * 1e3;
+  const answer = await pollForAnswer(apiKey, result.correlationId, deadline, 1500);
+  if (answer.answered) {
+    return answer.value === "yes" ? allow() : deny("Denied via push notification");
+  }
+  savePendingQuestion(result.correlationId);
+  return ask("Sent as push notification. You can also approve here.");
+};
+var handleNotifyOnly = async (apiKey, description, projectName) => {
+  try {
+    await sendNotification(apiKey, {
+      title: "Agent needs approval",
+      body: description,
+      agentName: `Claude Code - ${projectName}`
+    });
+  } catch {
+  }
+  return ask();
+};
+var handlePreToolUse = async (input) => {
+  const apiKey = getApiKey();
+  const policy = await getPolicy(apiKey);
+  const toolPolicy = resolvePolicy(policy, input.tool_name);
+  if (toolPolicy.timeoutSeconds === 0 && toolPolicy.timeoutAction === "approve") {
+    return allow();
+  }
+  const description = describeToolCall(input);
+  const projectName = basename(input.cwd ?? process.cwd());
+  switch (toolPolicy.mode) {
+    case "push_only":
+      return handlePushOnly(apiKey, description, projectName, toolPolicy.timeoutSeconds, toolPolicy.timeoutAction);
+    case "terminal_only":
+      return handleTerminalOnly();
+    case "push_first":
+      return handlePushFirst(apiKey, description, projectName, toolPolicy.pushFirstSeconds);
+    case "notify_only":
+      return handleNotifyOnly(apiKey, description, projectName);
+    default:
+      return handlePushFirst(apiKey, description, projectName, toolPolicy.pushFirstSeconds);
+  }
+};
+
+export {
+  getPolicy,
+  resolvePolicy,
+  handlePreToolUse
+};

package/dist/{chunk-M5SRSBLS.js → chunk-KTP2EPVB.js}

@@ -1,6 +1,6 @@
 import {
   callMcpTool
-} from "./chunk-RJKW6LLC.js";
+} from "./chunk-VIST7ACL.js";
 
 // src/api.ts
 var askUser = async (apiKey, params) => {
@@ -15,9 +15,13 @@ var waitForAnswer = async (apiKey, correlationId, timeoutMs = 3e4) => {
 var cancelQuestion = async (apiKey, correlationId) => {
   await callMcpTool(apiKey, "cancel_question", { correlationId });
 };
+var sendNotification = async (apiKey, params) => {
+  await callMcpTool(apiKey, "send_notification", { ...params });
+};
 
 export {
   askUser,
   waitForAnswer,
-  cancelQuestion
+  cancelQuestion,
+  sendNotification
 };

package/dist/{chunk-EQE6Z4YQ.js → chunk-P4JH2Q7Z.js}

@@ -1,11 +1,35 @@
+import {
+  cancelQuestion
+} from "./chunk-KTP2EPVB.js";
 import {
   getApiKey,
   getBaseUrl
-} from "./chunk-VUNL35KE.js";
+} from "./chunk-VIST7ACL.js";
 
 // src/events.ts
 import { hostname } from "os";
 import { basename } from "path";
+import { readdirSync, unlinkSync } from "fs";
+import { join } from "path";
+import { tmpdir } from "os";
+var PENDING_DIR = join(tmpdir(), "pushary-pending");
+var cleanupPendingQuestions = async () => {
+  try {
+    const files = readdirSync(PENDING_DIR);
+    const apiKey = getApiKey();
+    for (const correlationId of files) {
+      try {
+        await cancelQuestion(apiKey, correlationId);
+      } catch {
+      }
+      try {
+        unlinkSync(join(PENDING_DIR, correlationId));
+      } catch {
+      }
+    }
+  } catch {
+  }
+};
 var reportEvent = async (event) => {
   const apiKey = getApiKey();
   const baseUrl = getBaseUrl();
@@ -40,6 +64,7 @@ var handlePostToolUse = async (input) => {
     default:
       action = `${input.tool_name}: done`;
   }
+  await cleanupPendingQuestions();
   const isError = input.tool_result && ("error" in input.tool_result || "is_error" in input.tool_result);
   await reportEvent({
     event: isError ? "tool_error" : "tool_complete",

package/dist/{chunk-RJKW6LLC.js → chunk-VIST7ACL.js}

@@ -1,6 +1,14 @@
-import {
-  getBaseUrl
-} from "./chunk-VUNL35KE.js";
+// src/config.ts
+var getApiKey = () => {
+  const key = process.env.PUSHARY_API_KEY;
+  if (!key) {
+    throw new Error(
+      "PUSHARY_API_KEY environment variable is not set. Get your API key at https://pushary.com/sign-up?from=ai-coding"
+    );
+  }
+  return key;
+};
+var getBaseUrl = () => process.env.PUSHARY_BASE_URL ?? "https://pushary.com";
 
 // src/mcp-http.ts
 var parseSseJson = (body) => {
@@ -73,6 +81,8 @@ var callMcpTool = async (apiKey, toolName, params, options = {}) => {
 };
 
 export {
+  getApiKey,
+  getBaseUrl,
   sendMcpRequest,
   callMcpTool
 };

package/dist/src/index.d.ts

@@ -61,15 +61,20 @@ declare const askUser: (apiKey: string, params: AskUserParams) => Promise<AskUse
 declare const waitForAnswer: (apiKey: string, correlationId: string, timeoutMs?: number) => Promise<WaitForAnswerResponse>;
 declare const cancelQuestion: (apiKey: string, correlationId: string) => Promise<void>;
 
+type ApprovalMode = 'push_only' | 'terminal_only' | 'push_first' | 'notify_only';
 interface ToolPolicy {
     tool: string;
     timeoutSeconds: number;
     timeoutAction: 'approve' | 'deny' | 'escalate';
+    mode: ApprovalMode;
+    pushFirstSeconds: number;
 }
 interface PolicyConfig {
     policies: ToolPolicy[];
     defaultTimeoutSeconds: number;
     defaultTimeoutAction: 'approve' | 'deny' | 'escalate';
+    defaultMode: ApprovalMode;
+    defaultPushFirstSeconds: number;
 }
 declare const getPolicy: (apiKey: string) => Promise<PolicyConfig>;
 declare const resolvePolicy: (config: PolicyConfig, toolName: string) => ToolPolicy;

package/dist/src/index.js

@@ -2,23 +2,22 @@ import {
   getPolicy,
   handlePreToolUse,
   resolvePolicy
-} from "../chunk-4TQW4K6T.js";
-import {
-  askUser,
-  cancelQuestion,
-  waitForAnswer
-} from "../chunk-M5SRSBLS.js";
-import "../chunk-RJKW6LLC.js";
+} from "../chunk-DF3BM6BF.js";
 import {
   handleNotification,
   handlePostToolUse,
   handleStop,
   reportEvent
-} from "../chunk-EQE6Z4YQ.js";
+} from "../chunk-P4JH2Q7Z.js";
+import {
+  askUser,
+  cancelQuestion,
+  waitForAnswer
+} from "../chunk-KTP2EPVB.js";
 import {
   getApiKey,
   getBaseUrl
-} from "../chunk-VUNL35KE.js";
+} from "../chunk-VIST7ACL.js";
 export {
   askUser,
   cancelQuestion,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pushary/agent-hooks",
-  "version": "0.4.6",
+  "version": "0.5.0",
   "description": "Permission hooks for AI coding agents: route tool approvals through Pushary push notifications",
   "author": "Pushary <business@pushary.com>",
   "homepage": "https://pushary.com",

package/dist/chunk-4TQW4K6T.js

@@ -1,136 +0,0 @@
-import {
-  askUser,
-  waitForAnswer
-} from "./chunk-M5SRSBLS.js";
-import {
-  getApiKey,
-  getBaseUrl
-} from "./chunk-VUNL35KE.js";
-
-// src/policy.ts
-import { createHash } from "crypto";
-import { existsSync, readFileSync, writeFileSync } from "fs";
-import { join } from "path";
-import { tmpdir } from "os";
-var cacheFile = (apiKey) => {
-  const hash = createHash("sha256").update(apiKey).digest("hex").slice(0, 12);
-  return join(tmpdir(), `pushary-policy-${hash}.json`);
-};
-var fetchPolicy = async (apiKey) => {
-  const baseUrl = getBaseUrl();
-  const response = await fetch(`${baseUrl}/api/mcp/policy`, {
-    headers: { "Authorization": `Bearer ${apiKey}` },
-    signal: AbortSignal.timeout(1e4)
-  });
-  if (!response.ok) {
-    throw new Error(`Failed to fetch policy: ${response.status}`);
-  }
-  return response.json();
-};
-var getPolicy = async (apiKey) => {
-  const path = cacheFile(apiKey);
-  if (existsSync(path)) {
-    try {
-      return JSON.parse(readFileSync(path, "utf-8"));
-    } catch {
-    }
-  }
-  const policy = await fetchPolicy(apiKey);
-  writeFileSync(path, JSON.stringify(policy), "utf-8");
-  return policy;
-};
-var resolvePolicy = (config, toolName) => {
-  const exact = config.policies.find((p) => p.tool === toolName);
-  if (exact) return exact;
-  const wildcard = config.policies.find((p) => p.tool === "*");
-  if (wildcard) return wildcard;
-  return {
-    tool: toolName,
-    timeoutSeconds: config.defaultTimeoutSeconds,
-    timeoutAction: config.defaultTimeoutAction
-  };
-};
-
-// src/hook.ts
-import { basename } from "path";
-var describeToolCall = (input) => {
-  const { tool_name, tool_input } = input;
-  switch (tool_name) {
-    case "Bash":
-      return `bash: ${tool_input.command ?? "(no command)"}`;
-    case "Write":
-      return `write file: ${tool_input.file_path ?? "(unknown path)"}`;
-    case "Edit":
-      return `edit file: ${tool_input.file_path ?? "(unknown path)"}`;
-    case "Read":
-      return `read file: ${tool_input.file_path ?? "(unknown path)"}`;
-    default:
-      return `${tool_name}: ${JSON.stringify(tool_input).slice(0, 200)}`;
-  }
-};
-var sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
-var allow = () => ({
-  hookSpecificOutput: {
-    hookEventName: "PreToolUse",
-    permissionDecision: "allow"
-  }
-});
-var deny = (reason) => ({
-  hookSpecificOutput: {
-    hookEventName: "PreToolUse",
-    permissionDecision: "deny",
-    permissionDecisionReason: reason
-  }
-});
-var ask = (reason) => ({
-  hookSpecificOutput: {
-    hookEventName: "PreToolUse",
-    permissionDecision: "ask",
-    permissionDecisionReason: reason
-  }
-});
-var handlePreToolUse = async (input) => {
-  const apiKey = getApiKey();
-  const policy = await getPolicy(apiKey);
-  const toolPolicy = resolvePolicy(policy, input.tool_name);
-  if (toolPolicy.timeoutSeconds === 0 && toolPolicy.timeoutAction === "approve") {
-    return allow();
-  }
-  const description = describeToolCall(input);
-  const projectName = basename(input.cwd ?? process.cwd());
-  const result = await askUser(apiKey, {
-    question: `Allow ${description}?`,
-    type: "confirm",
-    context: `Agent wants to run this in ${projectName}`,
-    agentName: `Claude Code - ${projectName}`
-  });
-  const deadline = Date.now() + toolPolicy.timeoutSeconds * 1e3;
-  const pollInterval = 2e3;
-  while (Date.now() < deadline) {
-    const remaining = Math.min(
-      Math.max(deadline - Date.now(), 1e3),
-      3e4
-    );
-    const answer = await waitForAnswer(apiKey, result.correlationId, remaining);
-    if (answer.answered) {
-      return answer.value === "yes" ? allow() : deny("Denied via Pushary push notification");
-    }
-    if (Date.now() + pollInterval >= deadline) break;
-    await sleep(pollInterval);
-  }
-  switch (toolPolicy.timeoutAction) {
-    case "approve":
-      return allow();
-    case "deny":
-      return deny("No response within timeout");
-    case "escalate":
-    default:
-      return ask("Pushary: no response, asking in terminal");
-  }
-};
-
-export {
-  getPolicy,
-  resolvePolicy,
-  handlePreToolUse
-};

package/dist/chunk-VUNL35KE.js

@@ -1,16 +0,0 @@
-// src/config.ts
-var getApiKey = () => {
-  const key = process.env.PUSHARY_API_KEY;
-  if (!key) {
-    throw new Error(
-      "PUSHARY_API_KEY environment variable is not set. Get your API key at https://pushary.com/sign-up?from=ai-coding"
-    );
-  }
-  return key;
-};
-var getBaseUrl = () => process.env.PUSHARY_BASE_URL ?? "https://pushary.com";
-
-export {
-  getApiKey,
-  getBaseUrl
-};