@seanmozeik/tripwire 0.2.0 → 0.4.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@seanmozeik/tripwire",
-  "version": "0.2.0",
+  "version": "0.4.0",
   "description": "Opinionated hooks dispatcher for AI coding agents with configurable safety rules",
   "license": "MIT",
   "bin": {

package/src/dispatch.ts

@@ -19,7 +19,7 @@ import { BunRuntime } from '@effect/platform-bun';
 import { Cause, Effect, Exit, Schema } from 'effect';
 
 import { parseCommand } from './lib/bash';
-import { loadConfig, type Config } from './lib/config';
+import { getDefaultConfig, loadConfig, mergeWithDefaults, type Config } from './lib/config';
 import { type Decision, allow, merge } from './lib/decision';
 import {
   type BashInput,
@@ -48,9 +48,6 @@ import { pathProtect } from './rules/path-protect';
 import { postSecretScrub } from './rules/post-secret-scrub';
 import { readProtect } from './rules/read-protect';
 
-const RULE_TIMEOUT_MS = 250;
-const POST_RULE_TIMEOUT_MS = 5000; // Betterleaks subprocess can take longer
-
 const readStdin = async (): Promise<string> => {
   const chunks: Buffer[] = [];
   for await (const chunk of process.stdin) {
@@ -243,6 +240,25 @@ const runRules = (rules: readonly Rule[], timeoutMs: number): Effect.Effect<Deci
     return merge(decisions);
   });
 
+const runRulesSync = (rules: readonly Rule[]): Decision => {
+  if (rules.length === 0) {
+    return allow('no-rules');
+  }
+  return merge(rules.map((r) => r.fn()));
+};
+
+const decide = (event: HookEvent, config: Config = getDefaultConfig()): Decision => {
+  const mergedConfig = mergeWithDefaults(config);
+  const tool = normalizeToolName(event.tool_name ?? '');
+  if (event.hook_event_name === 'PreToolUse') {
+    return runRulesSync(collectPreToolUseRules(tool, event.tool_input, mergedConfig));
+  }
+  if (event.hook_event_name === 'PostToolUse') {
+    return runRulesSync(collectPostToolUseRules(tool, event.tool_response));
+  }
+  return allow('no-rules');
+};
+
 const handleBashAllow = (event: HookEvent, decision: Decision, config: Config): void => {
   // After the gate passes (allow or warn), apply rtk command-rewrite. If
   // Rtk doesn't change the command, fall through to normal allow / warn.
@@ -302,11 +318,9 @@ const program = Effect.gen(function* () {
     return;
   }
   const event = decodeExit.value;
-  const tool = normalizeToolName(event.tool_name ?? '');
 
   if (event.hook_event_name === 'PreToolUse') {
-    const rules = collectPreToolUseRules(tool, event.tool_input, config);
-    const decision = yield* runRules(rules, RULE_TIMEOUT_MS);
+    const decision = decide(event, config);
     if (decision.kind === 'deny' || decision.kind === 'ask') {
       writePreToolGate(event.hook_event_name, decision);
       return;
@@ -316,8 +330,7 @@ const program = Effect.gen(function* () {
   }
 
   if (event.hook_event_name === 'PostToolUse') {
-    const rules = collectPostToolUseRules(tool, event.tool_response);
-    const decision = yield* runRules(rules, POST_RULE_TIMEOUT_MS);
+    const decision = decide(event, config);
     if (decision.kind === 'deny') {
       writePostToolBlock(decision);
       return;
@@ -337,4 +350,15 @@ const handled = program.pipe(
   }),
 );
 
-BunRuntime.runMain(handled);
+if (import.meta.main) {
+  BunRuntime.runMain(handled);
+}
+
+export {
+  collectPostToolUseRules,
+  collectPreToolUseRules,
+  decide,
+  normalizeToolName,
+  runRules,
+  runRulesSync,
+};

package/src/index.ts

@@ -2,3 +2,5 @@ export type { Decision } from './lib/decision.ts';
 export type { HookEvent } from './lib/event.ts';
 export type { Config } from './lib/config.ts';
 export { allow, deny, ask, warn } from './lib/decision.ts';
+export { decide } from './dispatch.ts';
+export { getDefaultConfig, loadConfig, mergeWithDefaults } from './lib/config.ts';

package/src/lib/config.ts

@@ -11,6 +11,10 @@ const BlockRuleSchema = Schema.Struct({
   pattern: Schema.String,
   message: Schema.String,
   action: Schema.optional(Schema.Union([Schema.Literal('deny'), Schema.Literal('ask')])),
+  requiresFlags: Schema.optional(Schema.Array(Schema.String)),
+  forbidsFlagValues: Schema.optional(
+    Schema.Array(Schema.Struct({ flag: Schema.String, values: Schema.Array(Schema.String) })),
+  ),
 });
 
 const RtkConfigSchema = Schema.Struct({
@@ -103,4 +107,4 @@ export type GitConfig = typeof GitConfigSchema.Type;
 export type SafePathsConfig = typeof SafePathsConfigSchema.Type;
 export type Config = typeof ConfigSchema.Type;
 
-export { CONFIG_PATH, ConfigSchema };
+export { CONFIG_PATH, ConfigSchema, getDefaultConfig, mergeWithDefaults };

package/src/rules/config-custom.ts

@@ -1,51 +1,160 @@
 // Config-based custom blocking/allowing rules.
 // Uses shell parsing utilities to match command patterns from config.
 
-import { parseCommand, type Segment } from '../lib/bash';
+import { hasBypass, parseCommand, type Segment } from '../lib/bash';
 import type { BlockRule } from '../lib/config';
 import { type Decision, allow, deny, ask } from '../lib/decision';
 
+const BYPASS_HELP = 'If this is intentional, append ` # tripwire-allow: <reason>` to the command.';
+
+const ALIASES: ReadonlyMap<string, string> = new Map([
+  ['add', 'create'],
+  ['new', 'create'],
+  ['edit', 'update'],
+  ['set', 'update'],
+  ['rm', 'delete'],
+  ['del', 'delete'],
+  ['remove', 'delete'],
+]);
+
+const canonical = (token: string): string => ALIASES.get(token) ?? token;
+
+// Strip directory prefix so an absolute or homebrew-style path matches its
+// Basename — `/opt/homebrew/bin/gog` and `gog` are the same command for
+// Policy purposes. shim's typed dispatcher resolves CLIs to absolute paths,
+// So matchers that compare `seg.head` literally would otherwise miss every
+// Rule for those invocations.
+const basename = (token: string): string => {
+  const idx = token.lastIndexOf('/');
+  return idx === -1 ? token : token.slice(idx + 1);
+};
+
+const flagPresent = (tokens: readonly string[], flag: string): boolean =>
+  tokens.some((t) => t === flag || t.startsWith(`${flag}=`));
+
+const flagValue = (tokens: readonly string[], flag: string): string | null => {
+  for (let i = 0; i < tokens.length; i++) {
+    const t = tokens[i]!;
+    if (t === flag) {
+      return tokens[i + 1] ?? '';
+    }
+    if (t.startsWith(`${flag}=`)) {
+      return t.slice(flag.length + 1);
+    }
+  }
+  return null;
+};
+
+const subcommandTokens = (seg: Segment): string[] => {
+  const out: string[] = [];
+  const tokens = seg.tokens.slice(1);
+  for (let i = 0; i < tokens.length; i++) {
+    const t = tokens[i]!;
+    if (t.startsWith('-')) {
+      // Without per-CLI flag metadata, we conservatively treat
+      // `--flag value` / `-f value` as one option pair and `--flag=value`
+      // As one token. This keeps global selectors like `--account X`
+      // Out of the subcommand path, at the cost of not distinguishing
+      // Boolean flags that precede positional args.
+      if (!t.includes('=') && tokens[i + 1] !== undefined && !tokens[i + 1]!.startsWith('-')) {
+        i++;
+      }
+      continue;
+    }
+    out.push(t);
+  }
+  return out;
+};
+
 // Match a pattern against parsed segments using shell parsing.
 // This is more powerful than simple regex because it uses the same
 // Parsing logic as the rest of tripwire.
-const matchPattern = (segments: readonly Segment[], pattern: string): boolean => {
+const matchPattern = (segments: readonly Segment[], rule: BlockRule): boolean => {
+  const pattern = rule.pattern;
   const patternSegs = parseCommand(pattern);
   if (patternSegs.length === 0) {
     return false;
   }
 
-  const patternHead = patternSegs[0]!.head;
+  const patternTokens = patternSegs[0]!.tokens;
+  const patternHead = patternTokens[0];
+  if (patternHead === undefined) {
+    return false;
+  }
+  const patternSubcommands = patternTokens.slice(1);
 
-  // Simple head match for now - can be extended to match flags, args, etc.
   for (const seg of segments) {
-    if (seg.head === patternHead) {
+    if (basename(seg.head) !== basename(patternHead)) {
+      continue;
+    }
+
+    if (patternSubcommands.length > 0) {
+      const actualSubcommands = subcommandTokens(seg);
+      const pathMatches = patternSubcommands.every(
+        (p, i) =>
+          actualSubcommands[i] !== undefined && canonical(actualSubcommands[i]) === canonical(p),
+      );
+      if (!pathMatches) {
+        continue;
+      }
+    }
+
+    if ((rule.requiresFlags ?? []).some((flag) => !flagPresent(seg.tokens, flag))) {
+      continue;
+    }
+
+    const valueChecks = rule.forbidsFlagValues ?? [];
+    const valuesMatch = valueChecks.every((check) => {
+      const value = flagValue(seg.tokens, check.flag);
+      return value !== null && check.values.includes(value);
+    });
+    if (!valuesMatch) {
+      continue;
+    }
+
+    if (
+      patternSubcommands.length === 0 &&
+      rule.requiresFlags === undefined &&
+      rule.forbidsFlagValues === undefined
+    ) {
       return true;
     }
+
+    return true;
   }
   return false;
 };
 
 export const configCustom = (
   segments: readonly Segment[],
-  _cmd: string,
+  cmd: string,
   blockedCommands: readonly BlockRule[],
   allowedCommands: readonly BlockRule[],
 ): Decision => {
+  if (hasBypass(cmd)) {
+    return allow('config-custom');
+  }
+
   // Check allowed first (overrides blocks)
   for (const allowRule of allowedCommands) {
-    if (matchPattern(segments, allowRule.pattern)) {
+    if (matchPattern(segments, allowRule)) {
       return allow('config-custom');
     }
   }
 
   // Then check blocked
   for (const blockRule of blockedCommands) {
-    if (matchPattern(segments, blockRule.pattern)) {
-      return blockRule.action === 'deny'
-        ? deny('config-custom', blockRule.message)
-        : ask('config-custom', blockRule.message);
+    if (matchPattern(segments, blockRule)) {
+      const message = blockRule.message.includes('tripwire-allow')
+        ? blockRule.message
+        : `${blockRule.message} ${BYPASS_HELP}`;
+      return blockRule.action === 'ask'
+        ? ask('config-custom', message)
+        : deny('config-custom', message);
     }
   }
 
   return allow('config-custom');
 };
+
+export { matchPattern };