@pushary/agent-hooks 0.8.0 → 0.8.2

package/dist/bin/pushary-codex.js

@@ -1,11 +1,11 @@
 #!/usr/bin/env node
 import {
   reportEvent
-} from "../chunk-5JEDLXEC.js";
+} from "../chunk-OP4QAN23.js";
 import {
   askUser,
   waitForAnswer
-} from "../chunk-EMPL27ZV.js";
+} from "../chunk-KTM4ZQ3W.js";
 import "../chunk-3MIR7ODJ.js";
 import {
   getApiKey

package/dist/bin/pushary-hook.js

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 import {
   handlePreToolUse
-} from "../chunk-C5TFTNHG.js";
-import "../chunk-EMPL27ZV.js";
+} from "../chunk-2CRLBMOX.js";
+import "../chunk-KTM4ZQ3W.js";
 import "../chunk-3MIR7ODJ.js";
 import "../chunk-VUNL35KE.js";
 

package/dist/bin/pushary-post-hook.js

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 import {
   handlePostToolUse
-} from "../chunk-5JEDLXEC.js";
-import "../chunk-EMPL27ZV.js";
+} from "../chunk-OP4QAN23.js";
+import "../chunk-KTM4ZQ3W.js";
 import "../chunk-3MIR7ODJ.js";
 import "../chunk-VUNL35KE.js";
 

package/dist/bin/pushary-setup.js

@@ -26,6 +26,14 @@ var green = (s) => `\x1B[32m${s}\x1B[0m`;
 var cyan = (s) => `\x1B[36m${s}\x1B[0m`;
 var yellow = (s) => `\x1B[33m${s}\x1B[0m`;
 var check = green("\u2713");
+var parseKeyFlag = () => {
+  const args = process.argv.slice(2);
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === "--key" && args[i + 1]) return args[i + 1].trim();
+    if (args[i].startsWith("--key=")) return args[i].slice(6).trim();
+  }
+  return void 0;
+};
 var readJson = (path) => {
   try {
     return JSON.parse(readFileSync(path, "utf-8"));
@@ -394,9 +402,16 @@ var main = async () => {
   console.log(`  ${dim("Push notifications for AI coding agents")}`);
   console.log();
   await checkForUpdates(version);
+  const keyPattern = /^pk_[a-f0-9]+\.[a-f0-9]+$/;
+  const flagKey = parseKeyFlag();
   const envKey = process.env.PUSHARY_API_KEY?.trim();
   let trimmedKey;
-  if (envKey && /^pk_[a-f0-9]+\.[a-f0-9]+$/.test(envKey)) {
+  if (flagKey && keyPattern.test(flagKey)) {
+    const masked = `${flagKey.slice(0, 8)}...${flagKey.slice(-4)}`;
+    console.log(`  ${check} Using API key: ${dim(masked)}`);
+    console.log();
+    trimmedKey = flagKey;
+  } else if (envKey && keyPattern.test(envKey)) {
     const masked = `${envKey.slice(0, 8)}...${envKey.slice(-4)}`;
     console.log(`  ${check} Found API key in environment: ${dim(masked)}`);
     console.log();
@@ -414,7 +429,7 @@ var main = async () => {
     const apiKey = await input({ message: "API key:" });
     trimmedKey = apiKey.trim();
   }
-  if (!trimmedKey || !/^pk_[a-f0-9]+\.[a-f0-9]+$/.test(trimmedKey)) {
+  if (!trimmedKey || !keyPattern.test(trimmedKey)) {
     console.log(`
   ${yellow("!")} Invalid key format. Expected: ${dim("pk_xxx.xxx")}`);
     console.log(`  ${dim("Copy your key from")} ${cyan("https://pushary.com/dashboard/agent/settings")}`);

package/dist/bin/pushary-stop-hook.js

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 import {
   handleStop
-} from "../chunk-5JEDLXEC.js";
-import "../chunk-EMPL27ZV.js";
+} from "../chunk-OP4QAN23.js";
+import "../chunk-KTM4ZQ3W.js";
 import "../chunk-3MIR7ODJ.js";
 import "../chunk-VUNL35KE.js";
 

package/dist/chunk-2CRLBMOX.js

@@ -0,0 +1,244 @@
+import {
+  askUser,
+  describeToolCall,
+  isPolicyConfig,
+  savePendingQuestion,
+  sendNotification,
+  waitForAnswer
+} from "./chunk-KTM4ZQ3W.js";
+import {
+  withRetry
+} from "./chunk-3MIR7ODJ.js";
+import {
+  getApiKey,
+  getBaseUrl
+} from "./chunk-VUNL35KE.js";
+
+// src/policy.ts
+import { createHash } from "crypto";
+import { existsSync, readFileSync, writeFileSync } from "fs";
+import { join } from "path";
+import { tmpdir } from "os";
+var CACHE_TTL_MS = 5 * 60 * 1e3;
+var cacheFile = (apiKey) => {
+  const hash = createHash("sha256").update(apiKey).digest("hex").slice(0, 12);
+  return join(tmpdir(), `pushary-policy-${hash}.json`);
+};
+var fetchPolicy = async (apiKey) => {
+  return withRetry(async () => {
+    const baseUrl = getBaseUrl();
+    const response = await fetch(`${baseUrl}/api/mcp/policy`, {
+      headers: { "Authorization": `Bearer ${apiKey}` },
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (!response.ok) {
+      throw new Error(`Failed to fetch policy: ${response.status}`);
+    }
+    const raw = await response.json();
+    if (!isPolicyConfig(raw)) throw new Error("Invalid policy response");
+    return raw;
+  }, { maxAttempts: 2 });
+};
+var getPolicy = async (apiKey) => {
+  const path = cacheFile(apiKey);
+  let staleCache = null;
+  if (existsSync(path)) {
+    try {
+      const stat = readFileSync(path, "utf-8");
+      const cached = JSON.parse(stat);
+      if (!isPolicyConfig(cached)) throw new Error("Corrupted cache");
+      if (!cached._cachedAt || Date.now() - cached._cachedAt < CACHE_TTL_MS) {
+        return cached;
+      }
+      staleCache = cached;
+    } catch {
+    }
+  }
+  try {
+    const policy = await fetchPolicy(apiKey);
+    try {
+      writeFileSync(path, JSON.stringify({ ...policy, _cachedAt: Date.now() }), "utf-8");
+    } catch {
+    }
+    return policy;
+  } catch {
+    if (staleCache) return staleCache;
+    throw new Error("Failed to fetch policy and no cached policy available");
+  }
+};
+var resolvePolicy = (config, toolName, modeOverride) => {
+  const base = config.policies.find((p) => p.tool === toolName) ?? config.policies.find((p) => p.tool === "*") ?? {
+    tool: toolName,
+    timeoutSeconds: config.defaultTimeoutSeconds,
+    timeoutAction: config.defaultTimeoutAction,
+    mode: config.defaultMode ?? "push_first",
+    pushFirstSeconds: config.defaultPushFirstSeconds ?? 20
+  };
+  const effectiveOverride = modeOverride ?? config.modeOverride;
+  if (effectiveOverride) {
+    return { ...base, mode: effectiveOverride };
+  }
+  return base;
+};
+var fetchModeOverride = async (apiKey) => {
+  try {
+    const baseUrl = getBaseUrl();
+    const response = await fetch(`${baseUrl}/api/mcp/mode`, {
+      headers: { "Authorization": `Bearer ${apiKey}` },
+      signal: AbortSignal.timeout(3e3)
+    });
+    if (!response.ok) return null;
+    const data = await response.json();
+    const mode = data.override?.mode;
+    if (mode && ["push_only", "terminal_only", "push_first", "notify_only"].includes(mode)) {
+      return mode;
+    }
+    return null;
+  } catch {
+    return null;
+  }
+};
+
+// src/hook.ts
+import { basename } from "path";
+var sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
+var allow = () => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "allow"
+  }
+});
+var deny = (reason) => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "deny",
+    permissionDecisionReason: reason
+  }
+});
+var ask = (reason) => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "ask",
+    ...reason ? { permissionDecisionReason: reason } : {}
+  }
+});
+var pollForAnswer = async (apiKey, correlationId, deadlineMs, pollInterval = 2e3) => {
+  while (Date.now() < deadlineMs) {
+    const remaining = Math.min(Math.max(deadlineMs - Date.now(), 1e3), 3e4);
+    let answer;
+    try {
+      answer = await waitForAnswer(apiKey, correlationId, remaining);
+    } catch {
+      if (Date.now() + pollInterval >= deadlineMs) break;
+      await sleep(pollInterval);
+      continue;
+    }
+    if (answer.answered) return answer;
+    if (Date.now() + pollInterval >= deadlineMs) break;
+    await sleep(pollInterval);
+  }
+  return { answered: false };
+};
+var handlePushOnly = async (apiKey, description, projectName, timeoutSeconds, timeoutAction) => {
+  let result;
+  try {
+    result = await askUser(apiKey, {
+      question: `Allow ${description}?`,
+      type: "confirm",
+      context: `Agent wants to run this in ${projectName}`,
+      agentName: `Claude Code - ${projectName}`
+    });
+  } catch {
+    switch (timeoutAction) {
+      case "approve":
+        return allow();
+      case "deny":
+        return deny("Push notification failed, denying per policy");
+      default:
+        return ask("Push notification failed, asking in terminal");
+    }
+  }
+  const deadline = Date.now() + timeoutSeconds * 1e3;
+  const answer = await pollForAnswer(apiKey, result.correlationId, deadline);
+  if (answer.answered) {
+    return answer.value === "yes" ? allow() : deny("Denied via push notification");
+  }
+  switch (timeoutAction) {
+    case "approve":
+      return allow();
+    case "deny":
+      return deny("No response within timeout");
+    default:
+      return ask("No push response, asking in terminal");
+  }
+};
+var handleTerminalOnly = () => {
+  return ask();
+};
+var handlePushFirst = async (apiKey, description, projectName, pushFirstSeconds) => {
+  let result;
+  try {
+    result = await askUser(apiKey, {
+      question: `Allow ${description}?`,
+      type: "confirm",
+      context: `Agent wants to run this in ${projectName}`,
+      agentName: `Claude Code - ${projectName}`
+    });
+  } catch {
+    return ask("Push notification failed, asking in terminal");
+  }
+  const deadline = Date.now() + pushFirstSeconds * 1e3;
+  const answer = await pollForAnswer(apiKey, result.correlationId, deadline, 1500);
+  if (answer.answered) {
+    return answer.value === "yes" ? allow() : deny("Denied via push notification");
+  }
+  savePendingQuestion(result.correlationId);
+  return ask("Sent as push notification. You can also approve here.");
+};
+var handleNotifyOnly = async (apiKey, description, projectName) => {
+  try {
+    await sendNotification(apiKey, {
+      title: "Agent needs approval",
+      body: description,
+      agentName: `Claude Code - ${projectName}`
+    });
+  } catch {
+  }
+  return ask();
+};
+var handlePreToolUse = async (input) => {
+  try {
+    const apiKey = getApiKey();
+    const [policy, modeOverride] = await Promise.all([
+      getPolicy(apiKey),
+      fetchModeOverride(apiKey)
+    ]);
+    const toolPolicy = resolvePolicy(policy, input.tool_name, modeOverride);
+    if (toolPolicy.timeoutSeconds === 0 && toolPolicy.timeoutAction === "approve") {
+      return allow();
+    }
+    const description = describeToolCall(input.tool_name, input.tool_input, "hook");
+    const projectName = basename(input.cwd ?? process.cwd());
+    switch (toolPolicy.mode) {
+      case "push_only":
+        return handlePushOnly(apiKey, description, projectName, toolPolicy.timeoutSeconds, toolPolicy.timeoutAction);
+      case "terminal_only":
+        return handleTerminalOnly();
+      case "push_first":
+        return handlePushFirst(apiKey, description, projectName, toolPolicy.pushFirstSeconds);
+      case "notify_only":
+        return handleNotifyOnly(apiKey, description, projectName);
+      default:
+        return handlePushFirst(apiKey, description, projectName, toolPolicy.pushFirstSeconds);
+    }
+  } catch {
+    return ask("Pushary unavailable, falling back to terminal approval");
+  }
+};
+
+export {
+  getPolicy,
+  resolvePolicy,
+  fetchModeOverride,
+  handlePreToolUse
+};

package/dist/chunk-KTM4ZQ3W.js

@@ -0,0 +1,96 @@
+import {
+  callMcpTool
+} from "./chunk-3MIR7ODJ.js";
+
+// src/validate.ts
+var isPolicyConfig = (data) => {
+  if (!data || typeof data !== "object") return false;
+  const d = data;
+  return Array.isArray(d.policies) && typeof d.defaultTimeoutSeconds === "number" && typeof d.defaultTimeoutAction === "string";
+};
+var isAskUserResponse = (data) => {
+  if (!data || typeof data !== "object") return false;
+  const d = data;
+  return typeof d.correlationId === "string" && typeof d.status === "string";
+};
+var isWaitForAnswerResponse = (data) => {
+  if (!data || typeof data !== "object") return false;
+  const d = data;
+  return typeof d.answered === "boolean";
+};
+
+// src/api.ts
+var askUser = async (apiKey, params) => {
+  const result = await callMcpTool(apiKey, "ask_user", { ...params, wait: false });
+  if (!isAskUserResponse(result)) throw new Error("Invalid ask_user response");
+  return result;
+};
+var waitForAnswer = async (apiKey, correlationId, timeoutMs = 3e4) => {
+  const result = await callMcpTool(apiKey, "wait_for_answer", {
+    correlationId,
+    timeoutMs
+  });
+  if (!isWaitForAnswerResponse(result)) throw new Error("Invalid wait_for_answer response");
+  return result;
+};
+var cancelQuestion = async (apiKey, correlationId) => {
+  await callMcpTool(apiKey, "cancel_question", { correlationId });
+};
+var sendNotification = async (apiKey, params) => {
+  await callMcpTool(apiKey, "send_notification", { ...params });
+};
+
+// src/describe.ts
+var hookPrefixes = {
+  Bash: (input) => `bash: ${input.command ?? "(no command)"}`,
+  Write: (input) => `write file: ${input.file_path ?? "(unknown path)"}`,
+  Edit: (input) => `edit file: ${input.file_path ?? "(unknown path)"}`,
+  Read: (input) => `read file: ${input.file_path ?? "(unknown path)"}`
+};
+var eventPrefixes = {
+  Bash: (input) => `ran: ${String(input.command ?? "").slice(0, 120)}`,
+  Write: (input) => `wrote: ${input.file_path ?? "unknown"}`,
+  Edit: (input) => `edited: ${input.file_path ?? "unknown"}`,
+  Read: (input) => `read: ${input.file_path ?? "unknown"}`
+};
+var describeToolCall = (toolName, toolInput, format = "hook") => {
+  const prefixes = format === "hook" ? hookPrefixes : eventPrefixes;
+  const builder = prefixes[toolName];
+  if (builder) return builder(toolInput);
+  return format === "hook" ? `${toolName}: ${JSON.stringify(toolInput).slice(0, 200)}` : `${toolName}: done`;
+};
+
+// src/pending.ts
+import { join } from "path";
+import { tmpdir } from "os";
+import { existsSync, mkdirSync, writeFileSync, readdirSync, unlinkSync } from "fs";
+var PENDING_DIR = join(tmpdir(), "pushary-pending");
+var savePendingQuestion = (correlationId) => {
+  if (!existsSync(PENDING_DIR)) mkdirSync(PENDING_DIR, { recursive: true });
+  writeFileSync(join(PENDING_DIR, correlationId), "", "utf-8");
+};
+var listPendingQuestions = () => {
+  try {
+    return readdirSync(PENDING_DIR);
+  } catch {
+    return [];
+  }
+};
+var removePendingQuestion = (correlationId) => {
+  try {
+    unlinkSync(join(PENDING_DIR, correlationId));
+  } catch {
+  }
+};
+
+export {
+  isPolicyConfig,
+  askUser,
+  waitForAnswer,
+  cancelQuestion,
+  sendNotification,
+  describeToolCall,
+  savePendingQuestion,
+  listPendingQuestions,
+  removePendingQuestion
+};

package/dist/chunk-OP4QAN23.js

@@ -0,0 +1,99 @@
+import {
+  cancelQuestion,
+  describeToolCall,
+  listPendingQuestions,
+  removePendingQuestion
+} from "./chunk-KTM4ZQ3W.js";
+import {
+  withRetry
+} from "./chunk-3MIR7ODJ.js";
+import {
+  getApiKey,
+  getBaseUrl
+} from "./chunk-VUNL35KE.js";
+
+// src/events.ts
+import { hostname } from "os";
+import { basename } from "path";
+var cleanupPendingQuestions = async () => {
+  try {
+    const files = listPendingQuestions();
+    const apiKey = getApiKey();
+    for (const correlationId of files) {
+      try {
+        await cancelQuestion(apiKey, correlationId);
+      } catch {
+      }
+      removePendingQuestion(correlationId);
+    }
+  } catch {
+  }
+};
+var reportEvent = async (event) => {
+  const apiKey = getApiKey();
+  const baseUrl = getBaseUrl();
+  await withRetry(async () => {
+    await fetch(`${baseUrl}/api/agent/event`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": `Bearer ${apiKey}`
+      },
+      body: JSON.stringify({
+        ...event,
+        machineId: event.machineId ?? hostname()
+      }),
+      signal: AbortSignal.timeout(1e4)
+    });
+  }, { maxAttempts: 2, baseDelayMs: 300 });
+};
+var handlePostToolUse = async (input) => {
+  try {
+    const projectName = basename(input.cwd ?? process.cwd());
+    const action = describeToolCall(input.tool_name, input.tool_input, "event");
+    const isError = input.tool_result && ("error" in input.tool_result || "is_error" in input.tool_result);
+    await Promise.allSettled([
+      cleanupPendingQuestions(),
+      reportEvent({
+        event: isError ? "tool_error" : "tool_complete",
+        agentType: "claude_code",
+        agentName: `Claude Code - ${projectName}`,
+        action,
+        error: isError ? String(input.tool_result?.error ?? input.tool_result?.stderr ?? "").slice(0, 500) : void 0
+      })
+    ]);
+  } catch {
+  }
+};
+var handleStop = async (input) => {
+  try {
+    const projectName = basename(input.cwd ?? process.cwd());
+    await reportEvent({
+      event: "session_end",
+      agentType: "claude_code",
+      agentName: `Claude Code - ${projectName}`,
+      action: "Session ended"
+    });
+  } catch {
+  }
+};
+var handleNotification = async (input) => {
+  try {
+    const projectName = basename(input.cwd ?? process.cwd());
+    await reportEvent({
+      event: input.type === "error" ? "error" : "notification",
+      agentType: "claude_code",
+      agentName: `Claude Code - ${projectName}`,
+      action: input.title ?? input.message ?? "Notification",
+      error: input.type === "error" ? input.message : void 0
+    });
+  } catch {
+  }
+};
+
+export {
+  reportEvent,
+  handlePostToolUse,
+  handleStop,
+  handleNotification
+};

package/dist/src/index.js

@@ -3,18 +3,18 @@ import {
   getPolicy,
   handlePreToolUse,
   resolvePolicy
-} from "../chunk-C5TFTNHG.js";
+} from "../chunk-2CRLBMOX.js";
 import {
   handleNotification,
   handlePostToolUse,
   handleStop,
   reportEvent
-} from "../chunk-5JEDLXEC.js";
+} from "../chunk-OP4QAN23.js";
 import {
   askUser,
   cancelQuestion,
   waitForAnswer
-} from "../chunk-EMPL27ZV.js";
+} from "../chunk-KTM4ZQ3W.js";
 import "../chunk-3MIR7ODJ.js";
 import {
   getApiKey,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pushary/agent-hooks",
-  "version": "0.8.0",
+  "version": "0.8.2",
   "description": "Permission hooks for AI coding agents: route tool approvals through Pushary push notifications",
   "author": "Pushary <business@pushary.com>",
   "homepage": "https://pushary.com",