@sureshsankaran/opencode-destructive-check 1.0.2 → 1.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/index.ts +41 -9
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sureshsankaran/opencode-destructive-check",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.4",
|
|
4
4
|
"description": "OpenCode plugin that checks for destructive commands before any tool/bash call and asks for permission",
|
|
5
5
|
"main": "src/index.ts",
|
|
6
6
|
"types": "src/index.ts",
|
package/src/index.ts
CHANGED
|
@@ -308,24 +308,55 @@ const destructiveCheck: Plugin = async () => {
|
|
|
308
308
|
async ["permission.ask"](
|
|
309
309
|
input: {
|
|
310
310
|
id: string
|
|
311
|
-
type
|
|
311
|
+
// Old permission system uses 'type', new system uses 'permission'
|
|
312
|
+
type?: string
|
|
313
|
+
permission?: string
|
|
312
314
|
pattern?: string | string[]
|
|
315
|
+
patterns?: string[]
|
|
313
316
|
sessionID: string
|
|
314
|
-
messageID
|
|
317
|
+
messageID?: string
|
|
315
318
|
callID?: string
|
|
316
|
-
title
|
|
319
|
+
title?: string
|
|
317
320
|
metadata: Record<string, unknown>
|
|
318
|
-
time
|
|
321
|
+
time?: { created: number }
|
|
319
322
|
},
|
|
320
323
|
output: { status: "ask" | "deny" | "allow" },
|
|
321
324
|
): Promise<void> {
|
|
322
325
|
const stats = getStats(input.sessionID)
|
|
323
326
|
|
|
327
|
+
// Get permission type from either old or new system
|
|
328
|
+
const permissionType = input.permission || input.type || ""
|
|
329
|
+
|
|
324
330
|
// Check if this is a bash/command execution permission
|
|
325
|
-
if (
|
|
326
|
-
|
|
331
|
+
if (permissionType === "bash" || permissionType === "command" || permissionType === "shell") {
|
|
332
|
+
// Get commands from patterns (new system) or metadata/title (old system)
|
|
333
|
+
const patterns =
|
|
334
|
+
input.patterns || (Array.isArray(input.pattern) ? input.pattern : input.pattern ? [input.pattern] : [])
|
|
335
|
+
|
|
336
|
+
// Check each pattern individually for destructive commands
|
|
337
|
+
for (const pattern of patterns) {
|
|
338
|
+
const match = checkCommand(pattern)
|
|
339
|
+
if (match) {
|
|
340
|
+
stats.permissionsRequested++
|
|
341
|
+
globalStats.permissionsRequested++
|
|
342
|
+
stats.lastMatch = match
|
|
327
343
|
|
|
328
|
-
|
|
344
|
+
console.warn(
|
|
345
|
+
`[destructive-check] PERMISSION REQUIRED: ${match.severity.toUpperCase()} destructive command detected`,
|
|
346
|
+
)
|
|
347
|
+
console.warn(` Category: ${match.category}`)
|
|
348
|
+
console.warn(` Severity: ${match.severity}`)
|
|
349
|
+
console.warn(` Command: ${pattern.slice(0, 100)}${pattern.length > 100 ? "..." : ""}`)
|
|
350
|
+
|
|
351
|
+
// Ask for permission for all severity levels
|
|
352
|
+
output.status = "ask"
|
|
353
|
+
return
|
|
354
|
+
}
|
|
355
|
+
}
|
|
356
|
+
|
|
357
|
+
// Also check joined patterns and metadata as fallback
|
|
358
|
+
const command = patterns.join(" ") || (input.metadata?.command as string) || input.title || ""
|
|
359
|
+
if (command && patterns.length === 0) {
|
|
329
360
|
const match = checkCommand(command)
|
|
330
361
|
if (match) {
|
|
331
362
|
stats.permissionsRequested++
|
|
@@ -347,8 +378,9 @@ const destructiveCheck: Plugin = async () => {
|
|
|
347
378
|
}
|
|
348
379
|
|
|
349
380
|
// Check file operations
|
|
350
|
-
if (
|
|
351
|
-
const patterns =
|
|
381
|
+
if (permissionType === "write" || permissionType === "edit" || permissionType === "delete") {
|
|
382
|
+
const patterns =
|
|
383
|
+
input.patterns || (Array.isArray(input.pattern) ? input.pattern : input.pattern ? [input.pattern] : [])
|
|
352
384
|
for (const p of patterns) {
|
|
353
385
|
if (isDangerousPath(p)) {
|
|
354
386
|
stats.permissionsRequested++
|