@pushary/agent-hooks 0.6.0 → 0.8.0

package/dist/chunk-VUNL35KE.js

@@ -0,0 +1,16 @@
+// src/config.ts
+var getApiKey = () => {
+  const key = process.env.PUSHARY_API_KEY;
+  if (!key) {
+    throw new Error(
+      "PUSHARY_API_KEY environment variable is not set. Get your API key at https://pushary.com/sign-up?from=ai-coding"
+    );
+  }
+  return key;
+};
+var getBaseUrl = () => process.env.PUSHARY_BASE_URL ?? "https://pushary.com";
+
+export {
+  getApiKey,
+  getBaseUrl
+};

package/dist/chunk-YTMKB44I.js

@@ -0,0 +1,220 @@
+import {
+  askUser,
+  describeToolCall,
+  isPolicyConfig,
+  savePendingQuestion,
+  sendNotification,
+  waitForAnswer
+} from "./chunk-4Z4MB37G.js";
+import {
+  getApiKey,
+  getBaseUrl,
+  withRetry
+} from "./chunk-O6A5RHWY.js";
+
+// src/policy.ts
+import { createHash } from "crypto";
+import { existsSync, readFileSync, writeFileSync } from "fs";
+import { join } from "path";
+import { tmpdir } from "os";
+var CACHE_TTL_MS = 5 * 60 * 1e3;
+var cacheFile = (apiKey) => {
+  const hash = createHash("sha256").update(apiKey).digest("hex").slice(0, 12);
+  return join(tmpdir(), `pushary-policy-${hash}.json`);
+};
+var fetchPolicy = async (apiKey) => {
+  return withRetry(async () => {
+    const baseUrl = getBaseUrl();
+    const response = await fetch(`${baseUrl}/api/mcp/policy`, {
+      headers: { "Authorization": `Bearer ${apiKey}` },
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (!response.ok) {
+      throw new Error(`Failed to fetch policy: ${response.status}`);
+    }
+    const raw = await response.json();
+    if (!isPolicyConfig(raw)) throw new Error("Invalid policy response");
+    return raw;
+  }, { maxAttempts: 2 });
+};
+var getPolicy = async (apiKey) => {
+  const path = cacheFile(apiKey);
+  let staleCache = null;
+  if (existsSync(path)) {
+    try {
+      const stat = readFileSync(path, "utf-8");
+      const cached = JSON.parse(stat);
+      if (!isPolicyConfig(cached)) throw new Error("Corrupted cache");
+      if (!cached._cachedAt || Date.now() - cached._cachedAt < CACHE_TTL_MS) {
+        return cached;
+      }
+      staleCache = cached;
+    } catch {
+    }
+  }
+  try {
+    const policy = await fetchPolicy(apiKey);
+    try {
+      writeFileSync(path, JSON.stringify({ ...policy, _cachedAt: Date.now() }), "utf-8");
+    } catch {
+    }
+    return policy;
+  } catch {
+    if (staleCache) return staleCache;
+    throw new Error("Failed to fetch policy and no cached policy available");
+  }
+};
+var resolvePolicy = (config, toolName, modeOverride) => {
+  const base = config.policies.find((p) => p.tool === toolName) ?? config.policies.find((p) => p.tool === "*") ?? {
+    tool: toolName,
+    timeoutSeconds: config.defaultTimeoutSeconds,
+    timeoutAction: config.defaultTimeoutAction,
+    mode: config.defaultMode ?? "push_first",
+    pushFirstSeconds: config.defaultPushFirstSeconds ?? 20
+  };
+  const effectiveOverride = modeOverride ?? config.modeOverride;
+  if (effectiveOverride) {
+    return { ...base, mode: effectiveOverride };
+  }
+  return base;
+};
+
+// src/hook.ts
+import { basename } from "path";
+var sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
+var allow = () => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "allow"
+  }
+});
+var deny = (reason) => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "deny",
+    permissionDecisionReason: reason
+  }
+});
+var ask = (reason) => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "ask",
+    ...reason ? { permissionDecisionReason: reason } : {}
+  }
+});
+var pollForAnswer = async (apiKey, correlationId, deadlineMs, pollInterval = 2e3) => {
+  while (Date.now() < deadlineMs) {
+    const remaining = Math.min(Math.max(deadlineMs - Date.now(), 1e3), 3e4);
+    let answer;
+    try {
+      answer = await waitForAnswer(apiKey, correlationId, remaining);
+    } catch {
+      if (Date.now() + pollInterval >= deadlineMs) break;
+      await sleep(pollInterval);
+      continue;
+    }
+    if (answer.answered) return answer;
+    if (Date.now() + pollInterval >= deadlineMs) break;
+    await sleep(pollInterval);
+  }
+  return { answered: false };
+};
+var handlePushOnly = async (apiKey, description, projectName, timeoutSeconds, timeoutAction) => {
+  let result;
+  try {
+    result = await askUser(apiKey, {
+      question: `Allow ${description}?`,
+      type: "confirm",
+      context: `Agent wants to run this in ${projectName}`,
+      agentName: `Claude Code - ${projectName}`
+    });
+  } catch {
+    switch (timeoutAction) {
+      case "approve":
+        return allow();
+      case "deny":
+        return deny("Push notification failed, denying per policy");
+      default:
+        return ask("Push notification failed, asking in terminal");
+    }
+  }
+  const deadline = Date.now() + timeoutSeconds * 1e3;
+  const answer = await pollForAnswer(apiKey, result.correlationId, deadline);
+  if (answer.answered) {
+    return answer.value === "yes" ? allow() : deny("Denied via push notification");
+  }
+  switch (timeoutAction) {
+    case "approve":
+      return allow();
+    case "deny":
+      return deny("No response within timeout");
+    default:
+      return ask("No push response, asking in terminal");
+  }
+};
+var handleTerminalOnly = () => {
+  return ask();
+};
+var handlePushFirst = async (apiKey, description, projectName, pushFirstSeconds) => {
+  let result;
+  try {
+    result = await askUser(apiKey, {
+      question: `Allow ${description}?`,
+      type: "confirm",
+      context: `Agent wants to run this in ${projectName}`,
+      agentName: `Claude Code - ${projectName}`
+    });
+  } catch {
+    return ask("Push notification failed, asking in terminal");
+  }
+  const deadline = Date.now() + pushFirstSeconds * 1e3;
+  const answer = await pollForAnswer(apiKey, result.correlationId, deadline, 1500);
+  if (answer.answered) {
+    return answer.value === "yes" ? allow() : deny("Denied via push notification");
+  }
+  savePendingQuestion(result.correlationId);
+  return ask("Sent as push notification. You can also approve here.");
+};
+var handleNotifyOnly = async (apiKey, description, projectName) => {
+  try {
+    await sendNotification(apiKey, {
+      title: "Agent needs approval",
+      body: description,
+      agentName: `Claude Code - ${projectName}`
+    });
+  } catch {
+  }
+  return ask();
+};
+var handlePreToolUse = async (input) => {
+  try {
+    const apiKey = getApiKey();
+    const policy = await getPolicy(apiKey);
+    const toolPolicy = resolvePolicy(policy, input.tool_name);
+    if (toolPolicy.timeoutSeconds === 0 && toolPolicy.timeoutAction === "approve") {
+      return allow();
+    }
+    const description = describeToolCall(input.tool_name, input.tool_input, "hook");
+    const projectName = basename(input.cwd ?? process.cwd());
+    switch (toolPolicy.mode) {
+      case "push_only":
+        return handlePushOnly(apiKey, description, projectName, toolPolicy.timeoutSeconds, toolPolicy.timeoutAction);
+      case "terminal_only":
+        return handleTerminalOnly();
+      case "push_first":
+        return handlePushFirst(apiKey, description, projectName, toolPolicy.pushFirstSeconds);
+      case "notify_only":
+        return handleNotifyOnly(apiKey, description, projectName);
+      default:
+        return handlePushFirst(apiKey, description, projectName, toolPolicy.pushFirstSeconds);
+    }
+  } catch {
+    return ask("Pushary unavailable, falling back to terminal approval");
+  }
+};
+
+export {
+  getPolicy,
+  resolvePolicy,
+  handlePreToolUse
+};

package/dist/pushary-mode-T7XOPI6Z.js

@@ -0,0 +1,83 @@
+#!/usr/bin/env node
+import {
+  getApiKey,
+  getBaseUrl
+} from "./chunk-VUNL35KE.js";
+
+// bin/pushary-mode.ts
+var VALID_MODES = ["push_only", "push_first", "terminal_only", "notify_only"];
+var dim = (s) => `\x1B[2m${s}\x1B[0m`;
+var green = (s) => `\x1B[32m${s}\x1B[0m`;
+var cyan = (s) => `\x1B[36m${s}\x1B[0m`;
+var yellow = (s) => `\x1B[33m${s}\x1B[0m`;
+var parseDuration = (value) => {
+  const match = value.match(/^(\d+)(m|h)$/);
+  if (!match) return null;
+  const num = Number(match[1]);
+  return match[2] === "h" ? num * 3600 : num * 60;
+};
+var main = async () => {
+  const apiKey = getApiKey();
+  const baseUrl = getBaseUrl();
+  const mode = process.argv[2];
+  const forFlag = process.argv[3];
+  const forValue = process.argv[4];
+  const headers = {
+    "Authorization": `Bearer ${apiKey}`,
+    "Content-Type": "application/json"
+  };
+  if (!mode || mode === "status") {
+    const res2 = await fetch(`${baseUrl}/api/mcp/mode`, { headers });
+    const data2 = await res2.json();
+    if (!data2.override) {
+      console.log(`  Mode: ${cyan("default")} ${dim("(using per-tool policies)")}`);
+    } else {
+      console.log(`  Mode: ${green(data2.override.mode)}`);
+      if (data2.override.expiresAt) {
+        console.log(`  Expires: ${new Date(data2.override.expiresAt).toLocaleString()}`);
+      } else {
+        console.log(`  ${dim("Sticky (no expiry)")}`);
+      }
+    }
+    return;
+  }
+  if (mode === "clear" || mode === "reset") {
+    await fetch(`${baseUrl}/api/mcp/mode`, { method: "DELETE", headers });
+    console.log(`  ${green("\u2713")} Mode override cleared \u2014 using per-tool policies`);
+    return;
+  }
+  if (!VALID_MODES.includes(mode)) {
+    console.log(`  ${yellow("!")} Invalid mode: ${mode}`);
+    console.log(`  Valid modes: ${VALID_MODES.join(", ")}`);
+    console.log(`  ${dim("Usage: pushary mode <mode> [--for <duration>]")}`);
+    console.log(`  ${dim("Example: pushary mode push_only --for 30m")}`);
+    return;
+  }
+  let ttlSeconds;
+  if (forFlag === "--for" && forValue) {
+    ttlSeconds = parseDuration(forValue);
+    if (!ttlSeconds) {
+      console.log(`  ${yellow("!")} Invalid duration: ${forValue} ${dim("(use e.g. 30m, 1h)")}`);
+      return;
+    }
+  }
+  const res = await fetch(`${baseUrl}/api/mcp/mode`, {
+    method: "PUT",
+    headers,
+    body: JSON.stringify({ mode, ttlSeconds })
+  });
+  if (!res.ok) {
+    const err = await res.json();
+    console.log(`  ${yellow("!")} Failed: ${err.error ?? res.statusText}`);
+    return;
+  }
+  const data = await res.json();
+  console.log(`  ${green("\u2713")} Mode set to ${cyan(data.override.mode)}`);
+  if (data.override.expiresAt) {
+    console.log(`  Expires: ${new Date(data.override.expiresAt).toLocaleString()}`);
+  }
+};
+main().catch((err) => {
+  console.error(`  ${yellow("!")} ${err instanceof Error ? err.message : err}`);
+  process.exit(1);
+});

package/dist/src/index.d.ts

@@ -75,11 +75,13 @@ interface PolicyConfig {
     defaultTimeoutAction: 'approve' | 'deny' | 'escalate';
     defaultMode: ApprovalMode;
     defaultPushFirstSeconds: number;
+    modeOverride?: ApprovalMode | null;
 }
 declare const getPolicy: (apiKey: string) => Promise<PolicyConfig>;
-declare const resolvePolicy: (config: PolicyConfig, toolName: string) => ToolPolicy;
+declare const resolvePolicy: (config: PolicyConfig, toolName: string, modeOverride?: ApprovalMode | null) => ToolPolicy;
+declare const fetchModeOverride: (apiKey: string) => Promise<ApprovalMode | null>;
 
 declare const getApiKey: () => string;
 declare const getBaseUrl: () => string;
 
-export { type PolicyConfig, type ToolPolicy, askUser, cancelQuestion, getApiKey, getBaseUrl, getPolicy, handleNotification, handlePostToolUse, handlePreToolUse, handleStop, reportEvent, resolvePolicy, waitForAnswer };
+export { type ApprovalMode, type PolicyConfig, type ToolPolicy, askUser, cancelQuestion, fetchModeOverride, getApiKey, getBaseUrl, getPolicy, handleNotification, handlePostToolUse, handlePreToolUse, handleStop, reportEvent, resolvePolicy, waitForAnswer };

package/dist/src/index.js

@@ -1,26 +1,29 @@
 import {
+  fetchModeOverride,
   getPolicy,
   handlePreToolUse,
   resolvePolicy
-} from "../chunk-WNXGIEX7.js";
+} from "../chunk-C5TFTNHG.js";
 import {
   handleNotification,
   handlePostToolUse,
   handleStop,
   reportEvent
-} from "../chunk-KYARP7KP.js";
+} from "../chunk-5JEDLXEC.js";
 import {
   askUser,
   cancelQuestion,
   waitForAnswer
-} from "../chunk-4Z4MB37G.js";
+} from "../chunk-EMPL27ZV.js";
+import "../chunk-3MIR7ODJ.js";
 import {
   getApiKey,
   getBaseUrl
-} from "../chunk-O6A5RHWY.js";
+} from "../chunk-VUNL35KE.js";
 export {
   askUser,
   cancelQuestion,
+  fetchModeOverride,
   getApiKey,
   getBaseUrl,
   getPolicy,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pushary/agent-hooks",
-  "version": "0.6.0",
+  "version": "0.8.0",
   "description": "Permission hooks for AI coding agents: route tool approvals through Pushary push notifications",
   "author": "Pushary <business@pushary.com>",
   "homepage": "https://pushary.com",
@@ -22,15 +22,16 @@
     "pushary-codex": "./dist/bin/pushary-codex.js",
     "pushary-setup": "./dist/bin/pushary-setup.js",
     "pushary-clean": "./dist/bin/pushary-clean.js",
-    "pushary-doctor": "./dist/bin/pushary-doctor.js"
+    "pushary-doctor": "./dist/bin/pushary-doctor.js",
+    "pushary-mode": "./dist/bin/pushary-mode.js"
   },
   "files": [
     "dist",
     "data"
   ],
   "scripts": {
-    "build": "tsup src/index.ts bin/pushary.ts bin/pushary-hook.ts bin/pushary-post-hook.ts bin/pushary-stop-hook.ts bin/pushary-codex.ts bin/pushary-setup.ts bin/pushary-clean.ts bin/pushary-doctor.ts --format esm --dts --outDir dist",
-    "dev": "tsup src/index.ts bin/pushary.ts bin/pushary-hook.ts bin/pushary-post-hook.ts bin/pushary-stop-hook.ts bin/pushary-codex.ts bin/pushary-setup.ts bin/pushary-clean.ts bin/pushary-doctor.ts --format esm --watch",
+    "build": "tsup src/index.ts bin/pushary.ts bin/pushary-hook.ts bin/pushary-post-hook.ts bin/pushary-stop-hook.ts bin/pushary-codex.ts bin/pushary-setup.ts bin/pushary-clean.ts bin/pushary-doctor.ts bin/pushary-mode.ts --format esm --dts --outDir dist",
+    "dev": "tsup src/index.ts bin/pushary.ts bin/pushary-hook.ts bin/pushary-post-hook.ts bin/pushary-stop-hook.ts bin/pushary-codex.ts bin/pushary-setup.ts bin/pushary-clean.ts bin/pushary-doctor.ts bin/pushary-mode.ts --format esm --watch",
     "test": "bun test src/api.test.ts && bun test src/claude-config.test.ts && bun test src/mcp-http.test.ts && bun test src/retry.test.ts && bun test src/validate.test.ts && bun test src/policy.test.ts && bun test src/events.test.ts && bun test src/hook.test.ts"
   },
   "dependencies": {