@pushary/agent-hooks 0.8.3 → 0.9.0

package/dist/bin/pushary-clean.js

@@ -2,7 +2,7 @@
 import {
   removeClaudeMcpServers,
   removePusharySettings
-} from "../chunk-AC4UYAGX.js";
+} from "../chunk-5GFUI5N6.js";
 
 // bin/pushary-clean.ts
 import { existsSync, readFileSync, writeFileSync, rmSync } from "fs";

package/dist/bin/pushary-codex.js

@@ -1,23 +1,29 @@
 #!/usr/bin/env node
 import {
   reportEvent
-} from "../chunk-6SRXMZAN.js";
+} from "../chunk-AB4KX4XT.js";
 import {
   askUser,
+  getMachineId,
   waitForAnswer
-} from "../chunk-7PTU7TGE.js";
+} from "../chunk-OF5WIOYS.js";
 import "../chunk-3MIR7ODJ.js";
 import {
   getApiKey
 } from "../chunk-VUNL35KE.js";
 
 // bin/pushary-codex.ts
-import { hostname } from "os";
 import { basename } from "path";
+var readStdin = async () => {
+  let raw = "";
+  for await (const chunk of process.stdin) raw += chunk;
+  return raw;
+};
 var main = async () => {
-  let rawInput = "";
-  for await (const chunk of process.stdin) {
-    rawInput += chunk;
+  const argvPayload = process.argv.slice(2).find((a) => a.trim().startsWith("{"));
+  let rawInput = argvPayload ?? "";
+  if (!rawInput.trim()) {
+    rawInput = await readStdin();
   }
   if (!rawInput.trim()) {
     process.exit(0);
@@ -37,7 +43,7 @@ var main = async () => {
         agentType: "codex",
         agentName,
         action: event.message ?? "Turn complete",
-        machineId: hostname()
+        machineId: getMachineId()
       });
       process.stdout.write(JSON.stringify({ acknowledged: true }));
     }
@@ -49,13 +55,14 @@ var main = async () => {
         agentType: "codex",
         agentName,
         action: description,
-        machineId: hostname()
+        machineId: getMachineId()
       });
       const result = await askUser(apiKey, {
         question: `Allow: ${description}?`,
         type: "confirm",
         context: `Codex wants to run this in ${projectName}`,
-        agentName
+        agentName,
+        machineId: getMachineId()
       });
       const deadline = Date.now() + 12e4;
       while (Date.now() < deadline) {
@@ -69,7 +76,7 @@ var main = async () => {
             agentType: "codex",
             agentName,
             action: approved ? `Approved: ${description}` : `Denied: ${description}`,
-            machineId: hostname()
+            machineId: getMachineId()
           });
           process.exit(0);
         }

package/dist/bin/pushary-doctor.js

@@ -9,6 +9,7 @@ import "../chunk-VUNL35KE.js";
 import { existsSync, readFileSync } from "fs";
 import { join } from "path";
 import { homedir } from "os";
+import { execSync } from "child_process";
 import { confirm } from "@inquirer/prompts";
 var dim = (s) => `\x1B[2m${s}\x1B[0m`;
 var bold = (s) => `\x1B[1m${s}\x1B[0m`;
@@ -29,6 +30,28 @@ var readJson = (path) => {
     return null;
   }
 };
+var commandResolves = (command) => {
+  if (command.includes("/") || command.includes("\\")) return existsSync(command);
+  try {
+    const whichCmd = process.platform === "win32" ? "where" : "which";
+    execSync(`${whichCmd} ${command}`, { stdio: "ignore", timeout: 5e3 });
+    return true;
+  } catch {
+    return false;
+  }
+};
+var extractHookCommand = (entries, needle) => {
+  if (!Array.isArray(entries)) return null;
+  for (const entry of entries) {
+    const hookList = entry.hooks;
+    if (!Array.isArray(hookList)) continue;
+    for (const candidate of hookList) {
+      const command = candidate.command;
+      if (typeof command === "string" && command.includes(needle)) return command;
+    }
+  }
+  return null;
+};
 var results = [];
 var check = (passed, label, detail) => {
   results.push({ passed, label, detail });
@@ -80,6 +103,11 @@ var main = async () => {
     check(hasPreHook, "Claude Code: PreToolUse hook");
     check(hasPostHook, "Claude Code: PostToolUse hook");
     check(hasStopHook, "Claude Code: Stop hook");
+    const preHookCommand = extractHookCommand(hooks?.PreToolUse, "pushary-hook");
+    if (preHookCommand) {
+      const resolves = commandResolves(preHookCommand);
+      check(resolves, "Claude Code: hook command resolves", resolves ? preHookCommand : `not on PATH \u2014 ${preHookCommand}`);
+    }
     const permissions = settings.permissions;
     const hasWildcard = permissions?.allow?.some((r) => r === "mcp__pushary__*" || r === "MCP(pushary:*)") ?? false;
     check(hasWildcard, "Claude Code: Pushary tools auto-allowed", hasWildcard ? "mcp__pushary__*" : "missing");
@@ -103,16 +131,21 @@ var main = async () => {
         console.log(`  ${warn} Codex: per-tool approval overrides detected ${dim("(redundant with default_tools_approval_mode)")}`);
       }
     }
-    check(codexConfig.includes("pushary-codex"), "Codex: notify handler configured");
+    const codexNotifyPath = codexConfig.match(/["']([^"']*pushary-codex[^"']*)["']/)?.[1] ?? null;
+    check(!!codexNotifyPath, "Codex: notify handler configured");
+    if (codexNotifyPath) {
+      const resolves = commandResolves(codexNotifyPath);
+      check(resolves, "Codex: notify handler resolves", resolves ? codexNotifyPath : `not found \u2014 ${codexNotifyPath}`);
+    }
     const codexSkillPath = join(homedir(), ".codex", "skills", "pushary", "SKILL.md");
     check(existsSync(codexSkillPath), "Codex: skill installed");
   }
   check(existsSync(SKILL_PATH), "Skill installed", existsSync(SKILL_PATH) ? SKILL_PATH : "not found");
   let globalVersion = "";
   try {
-    const { execSync } = await import("child_process");
     globalVersion = execSync("npm list -g @pushary/agent-hooks --depth=0 2>/dev/null", { encoding: "utf-8", timeout: 1e4 }).match(/@pushary\/agent-hooks@([\d.]+)/)?.[1] ?? "";
   } catch {
+    globalVersion = "";
   }
   check(!!globalVersion, "Global package installed", globalVersion || "not found");
   console.log();

package/dist/bin/pushary-hook.js

@@ -1,8 +1,9 @@
 #!/usr/bin/env node
 import {
   handlePreToolUse
-} from "../chunk-M6S3M6E3.js";
-import "../chunk-7PTU7TGE.js";
+} from "../chunk-W5KRWUNE.js";
+import "../chunk-IBWCHA5M.js";
+import "../chunk-OF5WIOYS.js";
 import "../chunk-3MIR7ODJ.js";
 import "../chunk-VUNL35KE.js";
 

package/dist/bin/pushary-post-hook.js

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 import {
   handlePostToolUse
-} from "../chunk-6SRXMZAN.js";
-import "../chunk-7PTU7TGE.js";
+} from "../chunk-AB4KX4XT.js";
+import "../chunk-OF5WIOYS.js";
 import "../chunk-3MIR7ODJ.js";
 import "../chunk-VUNL35KE.js";
 

package/dist/bin/pushary-setup.js

@@ -3,7 +3,10 @@ import {
   addClaudeMcpServer,
   addPusharyHooks,
   addPusharyToolPermissions
-} from "../chunk-AC4UYAGX.js";
+} from "../chunk-5GFUI5N6.js";
+import {
+  isValidApiKey
+} from "../chunk-IBWCHA5M.js";
 
 // bin/pushary-setup.ts
 import { existsSync, readFileSync, writeFileSync, appendFileSync, mkdirSync } from "fs";
@@ -34,6 +37,15 @@ var parseKeyFlag = () => {
   }
   return void 0;
 };
+var isInstalled = (command) => {
+  const whichCmd = process.platform === "win32" ? "where" : "which";
+  try {
+    execSync(`${whichCmd} ${command}`, { stdio: "ignore", timeout: 5e3 });
+    return true;
+  } catch {
+    return false;
+  }
+};
 var readJson = (path) => {
   try {
     return JSON.parse(readFileSync(path, "utf-8"));
@@ -151,7 +163,13 @@ var setupClaudeCode = async (apiKey) => {
   });
   await installGlobally();
   await spinner("Adding hooks (PreToolUse, PostToolUse, Stop)", async () => {
-    addPusharyHooks(settings);
+    let binDir;
+    try {
+      binDir = join(execSync("npm prefix -g", { encoding: "utf-8", timeout: 5e3 }).trim(), "bin");
+    } catch {
+      binDir = void 0;
+    }
+    addPusharyHooks(settings, binDir);
   });
   await spinner(`Writing ${CLAUDE_SETTINGS}`, async () => {
     writeJson(CLAUDE_SETTINGS, settings);
@@ -185,16 +203,7 @@ var setupHermes = async (_apiKey) => {
   console.log(`
   ${bold("Setting up Hermes Agent")}
 `);
-  const whichCmd = process.platform === "win32" ? "where" : "which";
-  const hasHermes = (() => {
-    try {
-      execSync(`${whichCmd} hermes`, { stdio: "ignore", timeout: 5e3 });
-      return true;
-    } catch {
-      return false;
-    }
-  })();
-  if (!hasHermes) {
+  if (!isInstalled("hermes")) {
     console.log(`  ${yellow("!")} Hermes CLI not found. Skipping.`);
     console.log(`  ${dim("Install Hermes and re-run setup to configure.")}`);
     return;
@@ -256,16 +265,7 @@ var setupCodex = async (_apiKey) => {
   console.log(`
   ${bold("Setting up Codex")}
 `);
-  const whichCmd = process.platform === "win32" ? "where" : "which";
-  const hasCodex = (() => {
-    try {
-      execSync(`${whichCmd} codex`, { stdio: "ignore", timeout: 5e3 });
-      return true;
-    } catch {
-      return false;
-    }
-  })();
-  if (!hasCodex) {
+  if (!isInstalled("codex")) {
     console.log(`  ${yellow("!")} Codex CLI not found. Skipping.`);
     console.log(`  ${dim("Install Codex and re-run setup to configure.")}`);
     return;
@@ -402,16 +402,15 @@ var main = async () => {
   console.log(`  ${dim("Push notifications for AI coding agents")}`);
   console.log();
   await checkForUpdates(version);
-  const keyPattern = /^pk_[a-f0-9]+\.[a-f0-9]+$/;
   const flagKey = parseKeyFlag();
   const envKey = process.env.PUSHARY_API_KEY?.trim();
   let trimmedKey;
-  if (flagKey && keyPattern.test(flagKey)) {
+  if (flagKey && isValidApiKey(flagKey)) {
     const masked = `${flagKey.slice(0, 8)}...${flagKey.slice(-4)}`;
     console.log(`  ${check} Using API key: ${dim(masked)}`);
     console.log();
     trimmedKey = flagKey;
-  } else if (envKey && keyPattern.test(envKey)) {
+  } else if (envKey && isValidApiKey(envKey)) {
     const masked = `${envKey.slice(0, 8)}...${envKey.slice(-4)}`;
     console.log(`  ${check} Found API key in environment: ${dim(masked)}`);
     console.log();
@@ -429,7 +428,7 @@ var main = async () => {
     const apiKey = await input({ message: "API key:" });
     trimmedKey = apiKey.trim();
   }
-  if (!trimmedKey || !keyPattern.test(trimmedKey)) {
+  if (!trimmedKey || !isValidApiKey(trimmedKey)) {
     console.log(`
   ${yellow("!")} Invalid key format. Expected: ${dim("pk_xxx.xxx")}`);
     console.log(`  ${dim("Copy your key from")} ${cyan("https://pushary.com/dashboard/agent/settings")}`);
@@ -437,13 +436,20 @@ var main = async () => {
 `);
     process.exit(1);
   }
+  const detected = {
+    claude_code: isInstalled("claude"),
+    codex: isInstalled("codex"),
+    hermes: isInstalled("hermes"),
+    cursor: isInstalled("cursor")
+  };
+  const hint = Object.values(detected).some(Boolean) ? "(detected agents pre-selected)" : "(space = toggle, enter = confirm)";
   const agents = await checkbox({
-    message: "Which agents do you use? " + dim("(space = toggle, enter = confirm)"),
+    message: "Which agents do you use? " + dim(hint),
     choices: [
-      { name: `Claude Code  ${dim("MCP + hooks + auto-allowed tools")}`, value: "claude_code" },
-      { name: `Codex        ${dim("MCP + notify handler + auto-allowed tools")}`, value: "codex" },
-      { name: `Hermes       ${dim("native plugin + auto-error notifications")}`, value: "hermes" },
-      { name: `Cursor       ${dim("MCP server")}`, value: "cursor" }
+      { name: `Claude Code  ${dim("MCP + hooks + auto-allowed tools")}`, value: "claude_code", checked: detected.claude_code },
+      { name: `Codex        ${dim("MCP + notify handler + auto-allowed tools")}`, value: "codex", checked: detected.codex },
+      { name: `Hermes       ${dim("native plugin + auto-error notifications")}`, value: "hermes", checked: detected.hermes },
+      { name: `Cursor       ${dim("MCP server")}`, value: "cursor", checked: detected.cursor }
     ]
   });
   await saveApiKey(trimmedKey);

package/dist/bin/pushary-stop-hook.js

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 import {
   handleStop
-} from "../chunk-6SRXMZAN.js";
-import "../chunk-7PTU7TGE.js";
+} from "../chunk-AB4KX4XT.js";
+import "../chunk-OF5WIOYS.js";
 import "../chunk-3MIR7ODJ.js";
 import "../chunk-VUNL35KE.js";
 

package/dist/chunk-5GFUI5N6.js

@@ -0,0 +1,132 @@
+// src/claude-config.ts
+import { join } from "path";
+var PUSHARY_MCP_URL = "https://pushary.com/api/mcp/mcp";
+var PUSHARY_PERMISSION_RULE = "mcp__pushary__*";
+var asRecord = (value) => value && typeof value === "object" && !Array.isArray(value) ? value : void 0;
+var ensureRecord = (target, key) => {
+  const existing = asRecord(target[key]);
+  if (existing) return existing;
+  const created = {};
+  target[key] = created;
+  return created;
+};
+var isPusharyPermission = (rule) => typeof rule === "string" && (rule.includes("pushary") || rule.includes("MCP(pushary"));
+var isPusharyHook = (entry) => {
+  const hooks = asRecord(entry)?.hooks;
+  if (!Array.isArray(hooks)) return false;
+  return hooks.some((hook) => {
+    const command = String(asRecord(hook)?.command ?? "");
+    return command.includes("pushary-hook") || command.includes("pushary-post-hook") || command.includes("pushary-stop-hook");
+  });
+};
+var addClaudeMcpServer = (config, apiKey) => {
+  const mcpServers = ensureRecord(config, "mcpServers");
+  mcpServers.pushary = {
+    type: "http",
+    url: PUSHARY_MCP_URL,
+    headers: { Authorization: `Bearer ${apiKey}` }
+  };
+};
+var removeClaudeMcpServers = (config) => {
+  let changed = false;
+  const removeFrom = (target) => {
+    const mcpServers = asRecord(target.mcpServers);
+    if (!mcpServers?.pushary) return;
+    delete mcpServers.pushary;
+    if (Object.keys(mcpServers).length === 0) delete target.mcpServers;
+    changed = true;
+  };
+  removeFrom(config);
+  const projects = asRecord(config.projects);
+  if (projects) {
+    for (const project of Object.values(projects)) {
+      const projectConfig = asRecord(project);
+      if (projectConfig) removeFrom(projectConfig);
+    }
+  }
+  return changed;
+};
+var addPusharyToolPermissions = (settings) => {
+  const permissions = ensureRecord(settings, "permissions");
+  const allow = Array.isArray(permissions.allow) ? permissions.allow : [];
+  const filtered = allow.filter((rule) => !isPusharyPermission(rule));
+  if (!filtered.includes(PUSHARY_PERMISSION_RULE)) {
+    filtered.push(PUSHARY_PERMISSION_RULE);
+  }
+  permissions.allow = filtered;
+};
+var addPusharyHooks = (settings, binDir) => {
+  const resolve = (name) => binDir ? join(binDir, name) : name;
+  const hooks = ensureRecord(settings, "hooks");
+  const preToolUse = (Array.isArray(hooks.PreToolUse) ? hooks.PreToolUse : []).filter((entry) => !isPusharyHook(entry));
+  preToolUse.push({
+    matcher: "Bash|Write|Edit",
+    hooks: [{
+      type: "command",
+      command: resolve("pushary-hook"),
+      timeout: 120
+    }]
+  });
+  hooks.PreToolUse = preToolUse;
+  const postToolUse = (Array.isArray(hooks.PostToolUse) ? hooks.PostToolUse : []).filter((entry) => !isPusharyHook(entry));
+  postToolUse.push({
+    matcher: "Bash|Write|Edit",
+    hooks: [{
+      type: "command",
+      command: resolve("pushary-post-hook"),
+      timeout: 10
+    }]
+  });
+  hooks.PostToolUse = postToolUse;
+  const stop = (Array.isArray(hooks.Stop) ? hooks.Stop : []).filter((entry) => !isPusharyHook(entry));
+  stop.push({
+    hooks: [{
+      type: "command",
+      command: resolve("pushary-stop-hook"),
+      timeout: 10
+    }]
+  });
+  hooks.Stop = stop;
+};
+var removePusharySettings = (settings) => {
+  let changed = removeClaudeMcpServers(settings);
+  const permissions = asRecord(settings.permissions);
+  if (permissions && Array.isArray(permissions.allow)) {
+    const filtered = permissions.allow.filter((rule) => !isPusharyPermission(rule));
+    if (filtered.length !== permissions.allow.length) {
+      if (filtered.length === 0) {
+        delete permissions.allow;
+      } else {
+        permissions.allow = filtered;
+      }
+      if (Object.keys(permissions).length === 0) delete settings.permissions;
+      changed = true;
+    }
+  }
+  const hooks = asRecord(settings.hooks);
+  if (hooks) {
+    for (const key of ["PreToolUse", "PostToolUse", "Stop"]) {
+      const entries = hooks[key];
+      if (!Array.isArray(entries)) continue;
+      const filtered = entries.filter((entry) => !isPusharyHook(entry));
+      if (filtered.length !== entries.length) {
+        if (filtered.length === 0) {
+          delete hooks[key];
+        } else {
+          hooks[key] = filtered;
+        }
+        changed = true;
+      }
+    }
+    if (Object.keys(hooks).length === 0) delete settings.hooks;
+  }
+  return changed;
+};
+
+export {
+  addClaudeMcpServer,
+  removeClaudeMcpServers,
+  addPusharyToolPermissions,
+  addPusharyHooks,
+  removePusharySettings
+};

package/dist/chunk-AB4KX4XT.js

@@ -0,0 +1,109 @@
+import {
+  DEFAULT_SESSION,
+  cancelQuestion,
+  describeToolCall,
+  getMachineId,
+  isDefaultSession,
+  listPendingQuestions,
+  removePendingQuestion,
+  removePendingSession
+} from "./chunk-OF5WIOYS.js";
+import {
+  withRetry
+} from "./chunk-3MIR7ODJ.js";
+import {
+  getApiKey,
+  getBaseUrl
+} from "./chunk-VUNL35KE.js";
+
+// src/events.ts
+import { basename } from "path";
+var cleanupPendingQuestions = async (sessionId) => {
+  try {
+    const files = listPendingQuestions(sessionId);
+    const apiKey = getApiKey();
+    for (const correlationId of files) {
+      try {
+        await cancelQuestion(apiKey, correlationId);
+      } catch {
+      }
+      removePendingQuestion(sessionId, correlationId);
+    }
+    if (!isDefaultSession(sessionId)) removePendingSession(sessionId);
+  } catch {
+  }
+};
+var reportEvent = async (event) => {
+  const apiKey = getApiKey();
+  const baseUrl = getBaseUrl();
+  await withRetry(async () => {
+    await fetch(`${baseUrl}/api/agent/event`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": `Bearer ${apiKey}`
+      },
+      body: JSON.stringify({
+        ...event,
+        machineId: event.machineId ?? getMachineId()
+      }),
+      signal: AbortSignal.timeout(1e4)
+    });
+  }, { maxAttempts: 2, baseDelayMs: 300 });
+};
+var handlePostToolUse = async (input) => {
+  try {
+    const projectName = basename(input.cwd ?? process.cwd());
+    const action = describeToolCall(input.tool_name, input.tool_input, "event");
+    const isError = input.tool_result && ("error" in input.tool_result || "is_error" in input.tool_result);
+    await Promise.allSettled([
+      cleanupPendingQuestions(input.session_id || DEFAULT_SESSION),
+      reportEvent({
+        event: isError ? "tool_error" : "tool_complete",
+        agentType: "claude_code",
+        agentName: `Claude Code - ${projectName}`,
+        action,
+        sessionId: input.session_id,
+        error: isError ? String(input.tool_result?.error ?? input.tool_result?.stderr ?? "").slice(0, 500) : void 0
+      })
+    ]);
+  } catch {
+  }
+};
+var handleStop = async (input) => {
+  try {
+    const projectName = basename(input.cwd ?? process.cwd());
+    await Promise.allSettled([
+      cleanupPendingQuestions(input.session_id || DEFAULT_SESSION),
+      reportEvent({
+        event: "session_end",
+        agentType: "claude_code",
+        agentName: `Claude Code - ${projectName}`,
+        action: "Session ended",
+        sessionId: input.session_id
+      })
+    ]);
+  } catch {
+  }
+};
+var handleNotification = async (input) => {
+  try {
+    const projectName = basename(input.cwd ?? process.cwd());
+    await reportEvent({
+      event: input.type === "error" ? "error" : "notification",
+      agentType: "claude_code",
+      agentName: `Claude Code - ${projectName}`,
+      action: input.title ?? input.message ?? "Notification",
+      sessionId: input.session_id,
+      error: input.type === "error" ? input.message : void 0
+    });
+  } catch {
+  }
+};
+
+export {
+  reportEvent,
+  handlePostToolUse,
+  handleStop,
+  handleNotification
+};

package/dist/chunk-IBWCHA5M.js

@@ -0,0 +1,10 @@
+// ../contracts/src/index.ts
+var APPROVAL_MODES = ["push_only", "terminal_only", "push_first", "notify_only"];
+var isApprovalMode = (value) => typeof value === "string" && APPROVAL_MODES.includes(value);
+var API_KEY_PATTERN = /^pk_[a-f0-9]+\.[a-f0-9]+$/;
+var isValidApiKey = (value) => API_KEY_PATTERN.test(value);
+
+export {
+  isApprovalMode,
+  isValidApiKey
+};

package/dist/chunk-M2N5DYWN.js

@@ -0,0 +1,247 @@
+import {
+  isApprovalMode
+} from "./chunk-IBWCHA5M.js";
+import {
+  askUser,
+  describeToolCall,
+  isPolicyConfig,
+  savePendingQuestion,
+  sendNotification,
+  waitForAnswer
+} from "./chunk-7PTU7TGE.js";
+import {
+  withRetry
+} from "./chunk-3MIR7ODJ.js";
+import {
+  getApiKey,
+  getBaseUrl
+} from "./chunk-VUNL35KE.js";
+
+// src/policy.ts
+import { createHash } from "crypto";
+import { existsSync, readFileSync, writeFileSync } from "fs";
+import { join } from "path";
+import { tmpdir } from "os";
+var CACHE_TTL_MS = 5 * 60 * 1e3;
+var cacheFile = (apiKey) => {
+  const hash = createHash("sha256").update(apiKey).digest("hex").slice(0, 12);
+  return join(tmpdir(), `pushary-policy-${hash}.json`);
+};
+var fetchPolicy = async (apiKey) => {
+  return withRetry(async () => {
+    const baseUrl = getBaseUrl();
+    const response = await fetch(`${baseUrl}/api/mcp/policy`, {
+      headers: { "Authorization": `Bearer ${apiKey}` },
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (!response.ok) {
+      throw new Error(`Failed to fetch policy: ${response.status}`);
+    }
+    const raw = await response.json();
+    if (!isPolicyConfig(raw)) throw new Error("Invalid policy response");
+    return raw;
+  }, { maxAttempts: 2 });
+};
+var getPolicy = async (apiKey) => {
+  const path = cacheFile(apiKey);
+  let staleCache = null;
+  if (existsSync(path)) {
+    try {
+      const stat = readFileSync(path, "utf-8");
+      const cached = JSON.parse(stat);
+      if (!isPolicyConfig(cached)) throw new Error("Corrupted cache");
+      if (!cached._cachedAt || Date.now() - cached._cachedAt < CACHE_TTL_MS) {
+        return cached;
+      }
+      staleCache = cached;
+    } catch {
+    }
+  }
+  try {
+    const policy = await fetchPolicy(apiKey);
+    try {
+      writeFileSync(path, JSON.stringify({ ...policy, _cachedAt: Date.now() }), "utf-8");
+    } catch {
+    }
+    return policy;
+  } catch {
+    if (staleCache) return staleCache;
+    throw new Error("Failed to fetch policy and no cached policy available");
+  }
+};
+var resolvePolicy = (config, toolName, modeOverride) => {
+  const base = config.policies.find((p) => p.tool === toolName) ?? config.policies.find((p) => p.tool === "*") ?? {
+    tool: toolName,
+    timeoutSeconds: config.defaultTimeoutSeconds,
+    timeoutAction: config.defaultTimeoutAction,
+    mode: config.defaultMode ?? "push_first",
+    pushFirstSeconds: config.defaultPushFirstSeconds ?? 20
+  };
+  const effectiveOverride = modeOverride ?? config.modeOverride;
+  if (effectiveOverride) {
+    return { ...base, mode: effectiveOverride };
+  }
+  return base;
+};
+var fetchModeOverride = async (apiKey) => {
+  try {
+    const baseUrl = getBaseUrl();
+    const response = await fetch(`${baseUrl}/api/mcp/mode`, {
+      headers: { "Authorization": `Bearer ${apiKey}` },
+      signal: AbortSignal.timeout(3e3)
+    });
+    if (!response.ok) return null;
+    const data = await response.json();
+    const mode = data.override?.mode;
+    if (isApprovalMode(mode)) {
+      return mode;
+    }
+    return null;
+  } catch {
+    return null;
+  }
+};
+
+// src/hook.ts
+import { basename } from "path";
+var sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
+var allow = () => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "allow"
+  }
+});
+var deny = (reason) => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "deny",
+    permissionDecisionReason: reason
+  }
+});
+var ask = (reason) => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "ask",
+    ...reason ? { permissionDecisionReason: reason } : {}
+  }
+});
+var pollForAnswer = async (apiKey, correlationId, deadlineMs, pollInterval = 2e3) => {
+  while (Date.now() < deadlineMs) {
+    const remaining = Math.min(Math.max(deadlineMs - Date.now(), 1e3), 3e4);
+    let answer;
+    try {
+      answer = await waitForAnswer(apiKey, correlationId, remaining);
+    } catch {
+      if (Date.now() + pollInterval >= deadlineMs) break;
+      await sleep(pollInterval);
+      continue;
+    }
+    if (answer.answered) return answer;
+    if (Date.now() + pollInterval >= deadlineMs) break;
+    await sleep(pollInterval);
+  }
+  return { answered: false };
+};
+var handlePushOnly = async (apiKey, description, projectName, timeoutSeconds, timeoutAction) => {
+  let result;
+  try {
+    result = await askUser(apiKey, {
+      question: `Allow ${description}?`,
+      type: "confirm",
+      context: `Agent wants to run this in ${projectName}`,
+      agentName: `Claude Code - ${projectName}`
+    });
+  } catch {
+    switch (timeoutAction) {
+      case "approve":
+        return allow();
+      case "deny":
+        return deny("Push notification failed, denying per policy");
+      default:
+        return ask("Push notification failed, asking in terminal");
+    }
+  }
+  const deadline = Date.now() + timeoutSeconds * 1e3;
+  const answer = await pollForAnswer(apiKey, result.correlationId, deadline);
+  if (answer.answered) {
+    return answer.value === "yes" ? allow() : deny("Denied via push notification");
+  }
+  switch (timeoutAction) {
+    case "approve":
+      return allow();
+    case "deny":
+      return deny("No response within timeout");
+    default:
+      return ask("No push response, asking in terminal");
+  }
+};
+var handleTerminalOnly = () => {
+  return ask();
+};
+var handlePushFirst = async (apiKey, description, projectName, pushFirstSeconds) => {
+  let result;
+  try {
+    result = await askUser(apiKey, {
+      question: `Allow ${description}?`,
+      type: "confirm",
+      context: `Agent wants to run this in ${projectName}`,
+      agentName: `Claude Code - ${projectName}`
+    });
+  } catch {
+    return ask("Push notification failed, asking in terminal");
+  }
+  const deadline = Date.now() + pushFirstSeconds * 1e3;
+  const answer = await pollForAnswer(apiKey, result.correlationId, deadline, 1500);
+  if (answer.answered) {
+    return answer.value === "yes" ? allow() : deny("Denied via push notification");
+  }
+  savePendingQuestion(result.correlationId);
+  return ask("Sent as push notification. You can also approve here.");
+};
+var handleNotifyOnly = async (apiKey, description, projectName) => {
+  try {
+    await sendNotification(apiKey, {
+      title: "Agent needs approval",
+      body: description,
+      agentName: `Claude Code - ${projectName}`
+    });
+  } catch {
+  }
+  return ask();
+};
+var handlePreToolUse = async (input) => {
+  try {
+    const apiKey = getApiKey();
+    const [policy, modeOverride] = await Promise.all([
+      getPolicy(apiKey),
+      fetchModeOverride(apiKey)
+    ]);
+    const toolPolicy = resolvePolicy(policy, input.tool_name, modeOverride);
+    if (toolPolicy.timeoutSeconds === 0 && toolPolicy.timeoutAction === "approve") {
+      return allow();
+    }
+    const description = describeToolCall(input.tool_name, input.tool_input, "hook");
+    const projectName = basename(input.cwd ?? process.cwd());
+    switch (toolPolicy.mode) {
+      case "push_only":
+        return handlePushOnly(apiKey, description, projectName, toolPolicy.timeoutSeconds, toolPolicy.timeoutAction);
+      case "terminal_only":
+        return handleTerminalOnly();
+      case "push_first":
+        return handlePushFirst(apiKey, description, projectName, toolPolicy.pushFirstSeconds);
+      case "notify_only":
+        return handleNotifyOnly(apiKey, description, projectName);
+      default:
+        return handlePushFirst(apiKey, description, projectName, toolPolicy.pushFirstSeconds);
+    }
+  } catch {
+    return ask("Pushary unavailable, falling back to terminal approval");
+  }
+};
+
+export {
+  getPolicy,
+  resolvePolicy,
+  fetchModeOverride,
+  handlePreToolUse
+};

package/dist/chunk-OF5WIOYS.js

@@ -0,0 +1,129 @@
+import {
+  callMcpTool
+} from "./chunk-3MIR7ODJ.js";
+
+// src/validate.ts
+var isPolicyConfig = (data) => {
+  if (!data || typeof data !== "object") return false;
+  const d = data;
+  return Array.isArray(d.policies) && typeof d.defaultTimeoutSeconds === "number" && typeof d.defaultTimeoutAction === "string";
+};
+var isAskUserResponse = (data) => {
+  if (!data || typeof data !== "object") return false;
+  const d = data;
+  return typeof d.correlationId === "string" && typeof d.status === "string";
+};
+var isWaitForAnswerResponse = (data) => {
+  if (!data || typeof data !== "object") return false;
+  const d = data;
+  return typeof d.answered === "boolean";
+};
+
+// src/api.ts
+var askUser = async (apiKey, params) => {
+  const result = await callMcpTool(apiKey, "ask_user", { ...params, wait: false }, { maxRetries: 3 });
+  if (!isAskUserResponse(result)) throw new Error("Invalid ask_user response");
+  return result;
+};
+var waitForAnswer = async (apiKey, correlationId, timeoutMs = 3e4) => {
+  const result = await callMcpTool(apiKey, "wait_for_answer", {
+    correlationId,
+    timeoutMs
+  });
+  if (!isWaitForAnswerResponse(result)) throw new Error("Invalid wait_for_answer response");
+  return result;
+};
+var cancelQuestion = async (apiKey, correlationId) => {
+  await callMcpTool(apiKey, "cancel_question", { correlationId });
+};
+var sendNotification = async (apiKey, params) => {
+  await callMcpTool(apiKey, "send_notification", { ...params }, { maxRetries: 3 });
+};
+
+// src/identity.ts
+import { createHash } from "crypto";
+import { hostname } from "os";
+var deriveMachineId = (host) => createHash("sha256").update(host).digest("hex").slice(0, 8);
+var getMachineId = () => deriveMachineId(hostname());
+
+// src/describe.ts
+var hookPrefixes = {
+  Bash: (input) => `bash: ${input.command ?? "(no command)"}`,
+  Write: (input) => `write file: ${input.file_path ?? "(unknown path)"}`,
+  Edit: (input) => `edit file: ${input.file_path ?? "(unknown path)"}`,
+  Read: (input) => `read file: ${input.file_path ?? "(unknown path)"}`
+};
+var eventPrefixes = {
+  Bash: (input) => `ran: ${String(input.command ?? "").slice(0, 120)}`,
+  Write: (input) => `wrote: ${input.file_path ?? "unknown"}`,
+  Edit: (input) => `edited: ${input.file_path ?? "unknown"}`,
+  Read: (input) => `read: ${input.file_path ?? "unknown"}`
+};
+var describeToolCall = (toolName, toolInput, format = "hook") => {
+  const prefixes = format === "hook" ? hookPrefixes : eventPrefixes;
+  const builder = prefixes[toolName];
+  if (builder) return builder(toolInput);
+  return format === "hook" ? `${toolName}: ${JSON.stringify(toolInput).slice(0, 200)}` : `${toolName}: done`;
+};
+
+// src/pending.ts
+import { join } from "path";
+import { tmpdir } from "os";
+import { existsSync, mkdirSync, writeFileSync, readdirSync, unlinkSync, rmSync, statSync } from "fs";
+var PENDING_DIR = join(tmpdir(), "pushary-pending");
+var DEFAULT_SESSION = "_no_session";
+var GRACE_MS = 10 * 60 * 1e3;
+var sanitize = (sessionId) => sessionId.replace(/[^A-Za-z0-9_-]/g, "_").slice(0, 128) || DEFAULT_SESSION;
+var dirFor = (sessionId) => join(PENDING_DIR, sanitize(sessionId));
+var isDefaultSession = (sessionId) => sanitize(sessionId) === DEFAULT_SESSION;
+var savePendingQuestion = (sessionId, correlationId) => {
+  const dir = dirFor(sessionId);
+  if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+  writeFileSync(join(dir, correlationId), "", "utf-8");
+};
+var listPendingQuestions = (sessionId) => {
+  const dir = dirFor(sessionId);
+  let files;
+  try {
+    files = readdirSync(dir);
+  } catch {
+    return [];
+  }
+  if (!isDefaultSession(sessionId)) return files;
+  const cutoff = Date.now() - GRACE_MS;
+  return files.filter((name) => {
+    try {
+      return statSync(join(dir, name)).mtimeMs < cutoff;
+    } catch {
+      return false;
+    }
+  });
+};
+var removePendingQuestion = (sessionId, correlationId) => {
+  try {
+    unlinkSync(join(dirFor(sessionId), correlationId));
+  } catch {
+  }
+};
+var removePendingSession = (sessionId) => {
+  try {
+    rmSync(dirFor(sessionId), { recursive: true, force: true });
+  } catch {
+  }
+};
+
+export {
+  isPolicyConfig,
+  askUser,
+  waitForAnswer,
+  cancelQuestion,
+  sendNotification,
+  describeToolCall,
+  DEFAULT_SESSION,
+  isDefaultSession,
+  savePendingQuestion,
+  listPendingQuestions,
+  removePendingQuestion,
+  removePendingSession,
+  getMachineId
+};

package/dist/chunk-W5KRWUNE.js

@@ -0,0 +1,262 @@
+import {
+  isApprovalMode
+} from "./chunk-IBWCHA5M.js";
+import {
+  DEFAULT_SESSION,
+  askUser,
+  describeToolCall,
+  getMachineId,
+  isPolicyConfig,
+  savePendingQuestion,
+  sendNotification,
+  waitForAnswer
+} from "./chunk-OF5WIOYS.js";
+import {
+  withRetry
+} from "./chunk-3MIR7ODJ.js";
+import {
+  getApiKey,
+  getBaseUrl
+} from "./chunk-VUNL35KE.js";
+
+// src/policy.ts
+import { createHash } from "crypto";
+import { existsSync, readFileSync, writeFileSync } from "fs";
+import { join } from "path";
+import { tmpdir } from "os";
+var CACHE_TTL_MS = 5 * 60 * 1e3;
+var cacheFile = (apiKey) => {
+  const hash = createHash("sha256").update(apiKey).digest("hex").slice(0, 12);
+  return join(tmpdir(), `pushary-policy-${hash}.json`);
+};
+var fetchPolicy = async (apiKey) => {
+  return withRetry(async () => {
+    const baseUrl = getBaseUrl();
+    const response = await fetch(`${baseUrl}/api/mcp/policy`, {
+      headers: { "Authorization": `Bearer ${apiKey}` },
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (!response.ok) {
+      throw new Error(`Failed to fetch policy: ${response.status}`);
+    }
+    const raw = await response.json();
+    if (!isPolicyConfig(raw)) throw new Error("Invalid policy response");
+    return raw;
+  }, { maxAttempts: 2 });
+};
+var getPolicy = async (apiKey) => {
+  const path = cacheFile(apiKey);
+  let staleCache = null;
+  if (existsSync(path)) {
+    try {
+      const stat = readFileSync(path, "utf-8");
+      const cached = JSON.parse(stat);
+      if (!isPolicyConfig(cached)) throw new Error("Corrupted cache");
+      if (!cached._cachedAt || Date.now() - cached._cachedAt < CACHE_TTL_MS) {
+        return cached;
+      }
+      staleCache = cached;
+    } catch {
+    }
+  }
+  try {
+    const policy = await fetchPolicy(apiKey);
+    try {
+      writeFileSync(path, JSON.stringify({ ...policy, _cachedAt: Date.now() }), "utf-8");
+    } catch {
+    }
+    return policy;
+  } catch {
+    if (staleCache) return staleCache;
+    throw new Error("Failed to fetch policy and no cached policy available");
+  }
+};
+var resolvePolicy = (config, toolName, modeOverride) => {
+  const base = config.policies.find((p) => p.tool === toolName) ?? config.policies.find((p) => p.tool === "*") ?? {
+    tool: toolName,
+    timeoutSeconds: config.defaultTimeoutSeconds,
+    timeoutAction: config.defaultTimeoutAction,
+    mode: config.defaultMode ?? "push_first",
+    pushFirstSeconds: config.defaultPushFirstSeconds ?? 20
+  };
+  const effectiveOverride = modeOverride ?? config.modeOverride;
+  if (effectiveOverride) {
+    return { ...base, mode: effectiveOverride };
+  }
+  return base;
+};
+var fetchModeState = async (apiKey, sessionId) => {
+  try {
+    const baseUrl = getBaseUrl();
+    const url = sessionId ? `${baseUrl}/api/mcp/mode?session=${encodeURIComponent(sessionId)}` : `${baseUrl}/api/mcp/mode`;
+    const response = await fetch(url, {
+      headers: { "Authorization": `Bearer ${apiKey}` },
+      signal: AbortSignal.timeout(3e3)
+    });
+    if (!response.ok) return { mode: null, kill: false };
+    const data = await response.json();
+    const mode = data.override?.mode;
+    return { mode: isApprovalMode(mode) ? mode : null, kill: data.kill === true };
+  } catch {
+    return { mode: null, kill: false };
+  }
+};
+var fetchModeOverride = async (apiKey) => (await fetchModeState(apiKey)).mode;
+
+// src/hook.ts
+import { basename } from "path";
+var sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
+var allow = () => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "allow"
+  }
+});
+var deny = (reason) => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "deny",
+    permissionDecisionReason: reason
+  }
+});
+var ask = (reason) => ({
+  hookSpecificOutput: {
+    hookEventName: "PreToolUse",
+    permissionDecision: "ask",
+    ...reason ? { permissionDecisionReason: reason } : {}
+  }
+});
+var pollForAnswer = async (apiKey, correlationId, deadlineMs, pollInterval = 2e3) => {
+  while (Date.now() < deadlineMs) {
+    const remaining = Math.min(Math.max(deadlineMs - Date.now(), 1e3), 3e4);
+    let answer;
+    try {
+      answer = await waitForAnswer(apiKey, correlationId, remaining);
+    } catch {
+      if (Date.now() + pollInterval >= deadlineMs) break;
+      await sleep(pollInterval);
+      continue;
+    }
+    if (answer.answered) return answer;
+    if (Date.now() + pollInterval >= deadlineMs) break;
+    await sleep(pollInterval);
+  }
+  return { answered: false };
+};
+var handlePushOnly = async (apiKey, description, projectName, timeoutSeconds, timeoutAction, sessionId, machineId, toolName) => {
+  let result;
+  try {
+    result = await askUser(apiKey, {
+      question: `Allow ${description}?`,
+      type: "confirm",
+      context: `Agent wants to run this in ${projectName}`,
+      agentName: `Claude Code - ${projectName}`,
+      sessionId,
+      machineId,
+      toolName
+    });
+  } catch {
+    switch (timeoutAction) {
+      case "approve":
+        return allow();
+      case "deny":
+        return deny("Push notification failed, denying per policy");
+      default:
+        return ask("Push notification failed, asking in terminal");
+    }
+  }
+  const deadline = Date.now() + timeoutSeconds * 1e3;
+  const answer = await pollForAnswer(apiKey, result.correlationId, deadline);
+  if (answer.answered) {
+    return answer.value === "yes" ? allow() : deny("Denied via push notification");
+  }
+  switch (timeoutAction) {
+    case "approve":
+      return allow();
+    case "deny":
+      return deny("No response within timeout");
+    default:
+      return ask("No push response, asking in terminal");
+  }
+};
+var handleTerminalOnly = () => {
+  return ask();
+};
+var handlePushFirst = async (apiKey, description, projectName, pushFirstSeconds, sessionId, machineId, toolName) => {
+  let result;
+  try {
+    result = await askUser(apiKey, {
+      question: `Allow ${description}?`,
+      type: "confirm",
+      context: `Agent wants to run this in ${projectName}`,
+      agentName: `Claude Code - ${projectName}`,
+      sessionId,
+      machineId,
+      toolName
+    });
+  } catch {
+    return ask("Push notification failed, asking in terminal");
+  }
+  const deadline = Date.now() + pushFirstSeconds * 1e3;
+  const answer = await pollForAnswer(apiKey, result.correlationId, deadline, 1500);
+  if (answer.answered) {
+    return answer.value === "yes" ? allow() : deny("Denied via push notification");
+  }
+  savePendingQuestion(sessionId || DEFAULT_SESSION, result.correlationId);
+  return ask("Sent as push notification. You can also approve here.");
+};
+var handleNotifyOnly = async (apiKey, description, projectName, sessionId, machineId) => {
+  try {
+    await sendNotification(apiKey, {
+      title: "Agent needs approval",
+      body: description,
+      agentName: `Claude Code - ${projectName}`,
+      sessionId,
+      machineId
+    });
+  } catch {
+  }
+  return ask();
+};
+var handlePreToolUse = async (input) => {
+  try {
+    const apiKey = getApiKey();
+    const [policy, modeState] = await Promise.all([
+      getPolicy(apiKey),
+      fetchModeState(apiKey, input.session_id)
+    ]);
+    if (modeState.kill) {
+      return deny("Stopped by user \u2014 this agent was halted from Pushary");
+    }
+    const toolPolicy = resolvePolicy(policy, input.tool_name, modeState.mode);
+    if (toolPolicy.timeoutSeconds === 0 && toolPolicy.timeoutAction === "approve") {
+      return allow();
+    }
+    const description = describeToolCall(input.tool_name, input.tool_input, "hook");
+    const projectName = basename(input.cwd ?? process.cwd());
+    const sessionId = input.session_id;
+    const machineId = getMachineId();
+    switch (toolPolicy.mode) {
+      case "push_only":
+        return handlePushOnly(apiKey, description, projectName, toolPolicy.timeoutSeconds, toolPolicy.timeoutAction, sessionId, machineId, input.tool_name);
+      case "terminal_only":
+        return handleTerminalOnly();
+      case "push_first":
+        return handlePushFirst(apiKey, description, projectName, toolPolicy.pushFirstSeconds, sessionId, machineId, input.tool_name);
+      case "notify_only":
+        return handleNotifyOnly(apiKey, description, projectName, sessionId, machineId);
+      default:
+        return handlePushFirst(apiKey, description, projectName, toolPolicy.pushFirstSeconds, sessionId, machineId, input.tool_name);
+    }
+  } catch {
+    return ask("Pushary unavailable, falling back to terminal approval");
+  }
+};
+
+export {
+  getPolicy,
+  resolvePolicy,
+  fetchModeState,
+  fetchModeOverride,
+  handlePreToolUse
+};

package/dist/src/index.d.ts

@@ -1,3 +1,6 @@
+import { PolicyConfig, ApprovalMode, ToolPolicy } from '@pushary/contracts';
+export { ApprovalMode, PolicyConfig, ToolPolicy } from '@pushary/contracts';
+
 interface ToolInput {
     tool_name: string;
     tool_input: Record<string, unknown>;
@@ -19,6 +22,7 @@ interface AgentEvent {
     agentName?: string;
     action?: string;
     machineId?: string;
+    sessionId?: string;
     error?: string;
 }
 declare const reportEvent: (event: AgentEvent) => Promise<void>;
@@ -48,6 +52,9 @@ interface AskUserParams {
     options?: string[];
     context?: string;
     agentName?: string;
+    sessionId?: string;
+    machineId?: string;
+    toolName?: string;
 }
 interface AskUserResponse {
     correlationId: string;
@@ -61,27 +68,16 @@ declare const askUser: (apiKey: string, params: AskUserParams) => Promise<AskUse
 declare const waitForAnswer: (apiKey: string, correlationId: string, timeoutMs?: number) => Promise<WaitForAnswerResponse>;
 declare const cancelQuestion: (apiKey: string, correlationId: string) => Promise<void>;
 
-type ApprovalMode = 'push_only' | 'terminal_only' | 'push_first' | 'notify_only';
-interface ToolPolicy {
-    tool: string;
-    timeoutSeconds: number;
-    timeoutAction: 'approve' | 'deny' | 'escalate';
-    mode: ApprovalMode;
-    pushFirstSeconds: number;
-}
-interface PolicyConfig {
-    policies: ToolPolicy[];
-    defaultTimeoutSeconds: number;
-    defaultTimeoutAction: 'approve' | 'deny' | 'escalate';
-    defaultMode: ApprovalMode;
-    defaultPushFirstSeconds: number;
-    modeOverride?: ApprovalMode | null;
-}
 declare const getPolicy: (apiKey: string) => Promise<PolicyConfig>;
 declare const resolvePolicy: (config: PolicyConfig, toolName: string, modeOverride?: ApprovalMode | null) => ToolPolicy;
+interface ModeState {
+    readonly mode: ApprovalMode | null;
+    readonly kill: boolean;
+}
+declare const fetchModeState: (apiKey: string, sessionId?: string) => Promise<ModeState>;
 declare const fetchModeOverride: (apiKey: string) => Promise<ApprovalMode | null>;
 
 declare const getApiKey: () => string;
 declare const getBaseUrl: () => string;
 
-export { type ApprovalMode, type PolicyConfig, type ToolPolicy, askUser, cancelQuestion, fetchModeOverride, getApiKey, getBaseUrl, getPolicy, handleNotification, handlePostToolUse, handlePreToolUse, handleStop, reportEvent, resolvePolicy, waitForAnswer };
+export { type ModeState, askUser, cancelQuestion, fetchModeOverride, fetchModeState, getApiKey, getBaseUrl, getPolicy, handleNotification, handlePostToolUse, handlePreToolUse, handleStop, reportEvent, resolvePolicy, waitForAnswer };

package/dist/src/index.js

@@ -1,20 +1,22 @@
 import {
   fetchModeOverride,
+  fetchModeState,
   getPolicy,
   handlePreToolUse,
   resolvePolicy
-} from "../chunk-M6S3M6E3.js";
+} from "../chunk-W5KRWUNE.js";
+import "../chunk-IBWCHA5M.js";
 import {
   handleNotification,
   handlePostToolUse,
   handleStop,
   reportEvent
-} from "../chunk-6SRXMZAN.js";
+} from "../chunk-AB4KX4XT.js";
 import {
   askUser,
   cancelQuestion,
   waitForAnswer
-} from "../chunk-7PTU7TGE.js";
+} from "../chunk-OF5WIOYS.js";
 import "../chunk-3MIR7ODJ.js";
 import {
   getApiKey,
@@ -24,6 +26,7 @@ export {
   askUser,
   cancelQuestion,
   fetchModeOverride,
+  fetchModeState,
   getApiKey,
   getBaseUrl,
   getPolicy,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pushary/agent-hooks",
-  "version": "0.8.3",
+  "version": "0.9.0",
   "description": "Permission hooks for AI coding agents: route tool approvals through Pushary push notifications",
   "author": "Pushary <business@pushary.com>",
   "homepage": "https://pushary.com",
@@ -30,15 +30,16 @@
     "data"
   ],
   "scripts": {
-    "build": "tsup src/index.ts bin/pushary.ts bin/pushary-hook.ts bin/pushary-post-hook.ts bin/pushary-stop-hook.ts bin/pushary-codex.ts bin/pushary-setup.ts bin/pushary-clean.ts bin/pushary-doctor.ts bin/pushary-mode.ts --format esm --dts --outDir dist",
-    "dev": "tsup src/index.ts bin/pushary.ts bin/pushary-hook.ts bin/pushary-post-hook.ts bin/pushary-stop-hook.ts bin/pushary-codex.ts bin/pushary-setup.ts bin/pushary-clean.ts bin/pushary-doctor.ts bin/pushary-mode.ts --format esm --watch",
-    "test": "bun test src/api.test.ts && bun test src/claude-config.test.ts && bun test src/mcp-http.test.ts && bun test src/retry.test.ts && bun test src/validate.test.ts && bun test src/policy.test.ts && bun test src/events.test.ts && bun test src/hook.test.ts"
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "test": "bun test src/api.test.ts && bun test src/claude-config.test.ts && bun test src/mcp-http.test.ts && bun test src/retry.test.ts && bun test src/validate.test.ts && bun test src/policy.test.ts && bun test src/identity.test.ts && bun test src/pending.test.ts && bun test src/events.test.ts && bun test src/hook.test.ts"
   },
   "dependencies": {
     "@inquirer/prompts": "^8.4.2",
     "smol-toml": "^1.6.1"
   },
   "devDependencies": {
+    "@pushary/contracts": "workspace:*",
     "tsup": "^8.0.0",
     "typescript": "^5.0.0"
   }