@stackmemoryai/stackmemory 0.3.21 → 0.3.22

package/templates/claude-hooks/pre-tool-use

@@ -0,0 +1,189 @@
+#!/usr/bin/env node
+
+/**
+ * Pre-Tool-Use Hook for StackMemory
+ * Controls and filters tool usage based on configured policies
+ */
+
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+// Configuration for tool restrictions
+const CONFIG = {
+  // Mode: 'restrictive' | 'permissive' | 'code_only'
+  mode: process.env.STACKMEMORY_TOOL_MODE || 'permissive',
+  
+  // Tools that are always allowed
+  alwaysAllowed: [
+    'mcp__stackmemory__save_context',
+    'mcp__stackmemory__load_context',
+    'TodoWrite',
+    'TodoRead',
+  ],
+  
+  // Tools that are blocked in restrictive mode
+  restrictedTools: [
+    'Bash',
+    'Write',
+    'Edit',
+    'Delete',
+    'WebFetch',
+  ],
+  
+  // Code execution tools
+  codeExecutionTools: [
+    'mcp__code-executor__execute_code',
+    'mcp__stackmemory__code.execute',
+  ],
+  
+  // Log file for audit
+  logFile: path.join(process.env.HOME || '/tmp', '.stackmemory', 'tool-use.log'),
+};
+
+// Read input from stdin
+async function readInput() {
+  let input = '';
+  for await (const chunk of process.stdin) {
+    input += chunk;
+  }
+  return JSON.parse(input);
+}
+
+// Log tool usage
+function logToolUse(toolName, allowed, reason) {
+  try {
+    const logDir = path.dirname(CONFIG.logFile);
+    if (!fs.existsSync(logDir)) {
+      fs.mkdirSync(logDir, { recursive: true });
+    }
+    
+    const logEntry = {
+      timestamp: new Date().toISOString(),
+      tool: toolName,
+      allowed,
+      reason,
+      mode: CONFIG.mode,
+    };
+    
+    fs.appendFileSync(CONFIG.logFile, JSON.stringify(logEntry) + '\n');
+  } catch (error) {
+    // Silently fail logging
+  }
+}
+
+// Check if tool should be allowed
+function shouldAllowTool(toolName, params) {
+  // Always allowed tools
+  if (CONFIG.alwaysAllowed.includes(toolName)) {
+    return { allowed: true, reason: 'Always allowed tool' };
+  }
+  
+  // Mode-specific logic
+  switch (CONFIG.mode) {
+    case 'code_only':
+      // Only allow code execution tools
+      if (CONFIG.codeExecutionTools.includes(toolName)) {
+        return { allowed: true, reason: 'Code execution tool in code_only mode' };
+      }
+      return {
+        allowed: false,
+        reason: 'Only code execution is allowed in code_only mode',
+        suggestion: 'Use mcp__stackmemory__code.execute to run Python/JavaScript code',
+      };
+    
+    case 'restrictive':
+      // Block restricted tools
+      if (CONFIG.restrictedTools.includes(toolName)) {
+        return {
+          allowed: false,
+          reason: `Tool '${toolName}' is restricted in current mode`,
+          suggestion: 'This tool is blocked for safety. Consider using code execution instead.',
+        };
+      }
+      return { allowed: true, reason: 'Not in restricted list' };
+    
+    case 'permissive':
+    default:
+      // Allow everything but log dangerous operations
+      if (CONFIG.restrictedTools.includes(toolName)) {
+        logToolUse(toolName, true, 'Potentially dangerous tool in permissive mode');
+      }
+      return { allowed: true, reason: 'Permissive mode' };
+  }
+}
+
+// Main hook logic
+async function main() {
+  try {
+    const input = await readInput();
+    const { tool_name, parameters } = input;
+    
+    // Check if tool should be allowed
+    const decision = shouldAllowTool(tool_name, parameters);
+    
+    // Log the decision
+    logToolUse(tool_name, decision.allowed, decision.reason);
+    
+    if (!decision.allowed) {
+      // Block the tool
+      console.error(JSON.stringify({
+        status: 'blocked',
+        tool: tool_name,
+        reason: decision.reason,
+        suggestion: decision.suggestion,
+        message: `Tool '${tool_name}' is blocked. ${decision.suggestion || ''}`,
+      }));
+      process.exit(1);
+    }
+    
+    // Special handling for code execution
+    if (CONFIG.codeExecutionTools.includes(tool_name)) {
+      // Add safety warnings
+      if (parameters.code && parameters.code.includes('import os')) {
+        console.error(JSON.stringify({
+          status: 'warning',
+          message: 'Code contains potentially dangerous imports. Reviewing...',
+        }));
+      }
+    }
+    
+    // Allow the tool
+    console.log(JSON.stringify({
+      status: 'allowed',
+      tool: tool_name,
+      mode: CONFIG.mode,
+    }));
+    
+  } catch (error) {
+    // On error, allow by default (fail open)
+    console.error(JSON.stringify({
+      status: 'error',
+      message: error.message,
+      fallback: 'allowing tool due to hook error',
+    }));
+  }
+}
+
+// Handle environment info request
+if (process.argv.includes('--info')) {
+  console.log(JSON.stringify({
+    hook: 'pre-tool-use',
+    version: '1.0.0',
+    mode: CONFIG.mode,
+    modes: ['permissive', 'restrictive', 'code_only'],
+    description: 'Controls tool usage based on configured policies',
+  }));
+  process.exit(0);
+}
+
+main().catch(error => {
+  console.error(JSON.stringify({
+    status: 'error',
+    message: error.message,
+  }));
+  process.exit(1);
+});

package/dist/servers/railway/minimal.js

@@ -1,91 +0,0 @@
-#!/usr/bin/env node
-import http from "http";
-const PORT = process.env.PORT || 3e3;
-const server = http.createServer(async (req, res) => {
-  console.log(`${(/* @__PURE__ */ new Date()).toISOString()} ${req.method} ${req.url}`);
-  if (req.url === "/health" || req.url === "/api/health") {
-    res.writeHead(200, { "Content-Type": "application/json" });
-    res.end(
-      JSON.stringify({
-        status: "healthy",
-        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-        port: PORT,
-        env: process.env.NODE_ENV || "development"
-      })
-    );
-  } else if (req.url === "/test-db") {
-    res.writeHead(200, { "Content-Type": "application/json" });
-    const testResults = { postgresql: {}, redis: {} };
-    if (process.env.DATABASE_URL) {
-      try {
-        const { Client } = (await import("pg")).default;
-        const pgClient = new Client({ connectionString: process.env.DATABASE_URL });
-        await pgClient.connect();
-        const result = await pgClient.query("SELECT NOW() as time, version() as version");
-        testResults.postgresql = {
-          status: "connected",
-          time: result.rows[0].time,
-          version: result.rows[0].version.split(" ")[0]
-        };
-        await pgClient.end();
-      } catch (error) {
-        testResults.postgresql = { status: "error", message: error.message };
-      }
-    } else {
-      testResults.postgresql = { status: "not_configured" };
-    }
-    const redisUrl = process.env.REDIS_URL || (process.env.REDISHOST ? `redis://${process.env.REDISHOST}:${process.env.REDISPORT || 6379}` : null);
-    if (redisUrl) {
-      try {
-        const { createClient } = await import("redis");
-        const redisClient = createClient({ url: redisUrl });
-        await redisClient.connect();
-        await redisClient.ping();
-        const info = await redisClient.info("server");
-        const version = info.match(/redis_version:(.+)/)?.[1];
-        testResults.redis = {
-          status: "connected",
-          version,
-          url: redisUrl.replace(/:\/\/[^@]+@/, "://***:***@")
-          // Hide credentials
-        };
-        await redisClient.disconnect();
-      } catch (error) {
-        testResults.redis = { status: "error", message: error.message };
-      }
-    } else {
-      testResults.redis = { status: "not_configured" };
-    }
-    res.end(JSON.stringify(testResults, null, 2));
-  } else if (req.url === "/") {
-    res.writeHead(200, { "Content-Type": "application/json" });
-    res.end(
-      JSON.stringify({
-        message: "StackMemory Minimal Server Running",
-        version: "1.0.0",
-        endpoints: ["/health", "/api/health", "/test-db"]
-      })
-    );
-  } else {
-    res.writeHead(404, { "Content-Type": "application/json" });
-    res.end(JSON.stringify({ error: "Not found" }));
-  }
-});
-server.listen(PORT, "0.0.0.0", () => {
-  console.log(`
-=================================
-Minimal Server Started
-Port: ${PORT}
-Time: ${(/* @__PURE__ */ new Date()).toISOString()}
-=================================
-  `);
-});
-process.on("SIGTERM", () => {
-  console.log("SIGTERM received");
-  server.close(() => process.exit(0));
-});
-process.on("SIGINT", () => {
-  console.log("SIGINT received");
-  server.close(() => process.exit(0));
-});
-//# sourceMappingURL=minimal.js.map

package/dist/servers/railway/minimal.js.map

@@ -1,7 +0,0 @@
-{
-  "version": 3,
-  "sources": ["../../../src/servers/railway/minimal.ts"],
-  "sourcesContent": ["#!/usr/bin/env node\n/**\n * Minimal Railway Server - Absolute minimum for testing\n */\n\nimport http from 'http';\n\nconst PORT = process.env.PORT || 3000;\n\nconst server = http.createServer(async (req, res) => {\n  console.log(`${new Date().toISOString()} ${req.method} ${req.url}`);\n\n  if (req.url === '/health' || req.url === '/api/health') {\n    res.writeHead(200, { 'Content-Type': 'application/json' });\n    res.end(\n      JSON.stringify({\n        status: 'healthy',\n        timestamp: new Date().toISOString(),\n        port: PORT,\n        env: process.env.NODE_ENV || 'development',\n      })\n    );\n  } else if (req.url === '/test-db') {\n    res.writeHead(200, { 'Content-Type': 'application/json' });\n    \n    // Test database connections\n    const testResults = { postgresql: {}, redis: {} };\n    \n    // Test PostgreSQL\n    if (process.env.DATABASE_URL) {\n      try {\n        const { Client } = (await import('pg')).default;\n        const pgClient = new Client({ connectionString: process.env.DATABASE_URL });\n        await pgClient.connect();\n        \n        const result = await pgClient.query('SELECT NOW() as time, version() as version');\n        testResults.postgresql = {\n          status: 'connected',\n          time: result.rows[0].time,\n          version: result.rows[0].version.split(' ')[0]\n        };\n        \n        await pgClient.end();\n      } catch (error) {\n        testResults.postgresql = { status: 'error', message: error.message };\n      }\n    } else {\n      testResults.postgresql = { status: 'not_configured' };\n    }\n    \n    // Test Redis\n    const redisUrl = process.env.REDIS_URL || \n      (process.env.REDISHOST ? `redis://${process.env.REDISHOST}:${process.env.REDISPORT || 6379}` : null);\n    \n    if (redisUrl) {\n      try {\n        const { createClient } = await import('redis');\n        const redisClient = createClient({ url: redisUrl });\n        await redisClient.connect();\n        \n        await redisClient.ping();\n        const info = await redisClient.info('server');\n        const version = info.match(/redis_version:(.+)/)?.[1];\n        \n        testResults.redis = {\n          status: 'connected',\n          version: version,\n          url: redisUrl.replace(/:\\/\\/[^@]+@/, '://***:***@') // Hide credentials\n        };\n        \n        await redisClient.disconnect();\n      } catch (error) {\n        testResults.redis = { status: 'error', message: error.message };\n      }\n    } else {\n      testResults.redis = { status: 'not_configured' };\n    }\n    \n    res.end(JSON.stringify(testResults, null, 2));\n  } else if (req.url === '/') {\n    res.writeHead(200, { 'Content-Type': 'application/json' });\n    res.end(\n      JSON.stringify({\n        message: 'StackMemory Minimal Server Running',\n        version: '1.0.0',\n        endpoints: ['/health', '/api/health', '/test-db']\n      })\n    );\n  } else {\n    res.writeHead(404, { 'Content-Type': 'application/json' });\n    res.end(JSON.stringify({ error: 'Not found' }));\n  }\n});\n\nserver.listen(PORT, '0.0.0.0', () => {\n  console.log(`\n=================================\nMinimal Server Started\nPort: ${PORT}\nTime: ${new Date().toISOString()}\n=================================\n  `);\n});\n\n// Keep alive\nprocess.on('SIGTERM', () => {\n  console.log('SIGTERM received');\n  server.close(() => process.exit(0));\n});\n\nprocess.on('SIGINT', () => {\n  console.log('SIGINT received');\n  server.close(() => process.exit(0));\n});\n"],
-  "mappings": ";AAKA,OAAO,UAAU;AAEjB,MAAM,OAAO,QAAQ,IAAI,QAAQ;AAEjC,MAAM,SAAS,KAAK,aAAa,OAAO,KAAK,QAAQ;AACnD,UAAQ,IAAI,IAAG,oBAAI,KAAK,GAAE,YAAY,CAAC,IAAI,IAAI,MAAM,IAAI,IAAI,GAAG,EAAE;AAElE,MAAI,IAAI,QAAQ,aAAa,IAAI,QAAQ,eAAe;AACtD,QAAI,UAAU,KAAK,EAAE,gBAAgB,mBAAmB,CAAC;AACzD,QAAI;AAAA,MACF,KAAK,UAAU;AAAA,QACb,QAAQ;AAAA,QACR,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,QAClC,MAAM;AAAA,QACN,KAAK,QAAQ,IAAI,YAAY;AAAA,MAC/B,CAAC;AAAA,IACH;AAAA,EACF,WAAW,IAAI,QAAQ,YAAY;AACjC,QAAI,UAAU,KAAK,EAAE,gBAAgB,mBAAmB,CAAC;AAGzD,UAAM,cAAc,EAAE,YAAY,CAAC,GAAG,OAAO,CAAC,EAAE;AAGhD,QAAI,QAAQ,IAAI,cAAc;AAC5B,UAAI;AACF,cAAM,EAAE,OAAO,KAAK,MAAM,OAAO,IAAI,GAAG;AACxC,cAAM,WAAW,IAAI,OAAO,EAAE,kBAAkB,QAAQ,IAAI,aAAa,CAAC;AAC1E,cAAM,SAAS,QAAQ;AAEvB,cAAM,SAAS,MAAM,SAAS,MAAM,4CAA4C;AAChF,oBAAY,aAAa;AAAA,UACvB,QAAQ;AAAA,UACR,MAAM,OAAO,KAAK,CAAC,EAAE;AAAA,UACrB,SAAS,OAAO,KAAK,CAAC,EAAE,QAAQ,MAAM,GAAG,EAAE,CAAC;AAAA,QAC9C;AAEA,cAAM,SAAS,IAAI;AAAA,MACrB,SAAS,OAAO;AACd,oBAAY,aAAa,EAAE,QAAQ,SAAS,SAAS,MAAM,QAAQ;AAAA,MACrE;AAAA,IACF,OAAO;AACL,kBAAY,aAAa,EAAE,QAAQ,iBAAiB;AAAA,IACtD;AAGA,UAAM,WAAW,QAAQ,IAAI,cAC1B,QAAQ,IAAI,YAAY,WAAW,QAAQ,IAAI,SAAS,IAAI,QAAQ,IAAI,aAAa,IAAI,KAAK;AAEjG,QAAI,UAAU;AACZ,UAAI;AACF,cAAM,EAAE,aAAa,IAAI,MAAM,OAAO,OAAO;AAC7C,cAAM,cAAc,aAAa,EAAE,KAAK,SAAS,CAAC;AAClD,cAAM,YAAY,QAAQ;AAE1B,cAAM,YAAY,KAAK;AACvB,cAAM,OAAO,MAAM,YAAY,KAAK,QAAQ;AAC5C,cAAM,UAAU,KAAK,MAAM,oBAAoB,IAAI,CAAC;AAEpD,oBAAY,QAAQ;AAAA,UAClB,QAAQ;AAAA,UACR;AAAA,UACA,KAAK,SAAS,QAAQ,eAAe,aAAa;AAAA;AAAA,QACpD;AAEA,cAAM,YAAY,WAAW;AAAA,MAC/B,SAAS,OAAO;AACd,oBAAY,QAAQ,EAAE,QAAQ,SAAS,SAAS,MAAM,QAAQ;AAAA,MAChE;AAAA,IACF,OAAO;AACL,kBAAY,QAAQ,EAAE,QAAQ,iBAAiB;AAAA,IACjD;AAEA,QAAI,IAAI,KAAK,UAAU,aAAa,MAAM,CAAC,CAAC;AAAA,EAC9C,WAAW,IAAI,QAAQ,KAAK;AAC1B,QAAI,UAAU,KAAK,EAAE,gBAAgB,mBAAmB,CAAC;AACzD,QAAI;AAAA,MACF,KAAK,UAAU;AAAA,QACb,SAAS;AAAA,QACT,SAAS;AAAA,QACT,WAAW,CAAC,WAAW,eAAe,UAAU;AAAA,MAClD,CAAC;AAAA,IACH;AAAA,EACF,OAAO;AACL,QAAI,UAAU,KAAK,EAAE,gBAAgB,mBAAmB,CAAC;AACzD,QAAI,IAAI,KAAK,UAAU,EAAE,OAAO,YAAY,CAAC,CAAC;AAAA,EAChD;AACF,CAAC;AAED,OAAO,OAAO,MAAM,WAAW,MAAM;AACnC,UAAQ,IAAI;AAAA;AAAA;AAAA,QAGN,IAAI;AAAA,SACJ,oBAAI,KAAK,GAAE,YAAY,CAAC;AAAA;AAAA,GAE7B;AACH,CAAC;AAGD,QAAQ,GAAG,WAAW,MAAM;AAC1B,UAAQ,IAAI,kBAAkB;AAC9B,SAAO,MAAM,MAAM,QAAQ,KAAK,CAAC,CAAC;AACpC,CAAC;AAED,QAAQ,GAAG,UAAU,MAAM;AACzB,UAAQ,IAAI,iBAAiB;AAC7B,SAAO,MAAM,MAAM,QAAQ,KAAK,CAAC,CAAC;AACpC,CAAC;",
-  "names": []
-}