@zhijiewang/openharness 2.11.0 → 2.13.0

package/README.md

@@ -317,6 +317,8 @@ hooks:
 
 Use `match` to restrict a hook to a specific tool name (e.g., `match: Bash` only triggers for the Bash tool).
 
+See [docs/hooks.md](docs/hooks.md) for the full event reference including the new `userPromptSubmit`, `permissionRequest`, and `postToolUseFailure` events.
+
 ## Cybergotchi
 
 OpenHarness ships with a Tamagotchi-style companion that lives in the side panel. It reacts to your session in real time — celebrating streaks, complaining when tools fail, and getting hungry if you ignore it.
@@ -378,6 +380,7 @@ mcpServers:
 ```
 
 See [docs/mcp-servers.md](docs/mcp-servers.md) for the full reference.
+See [docs/mcp-servers.md](docs/mcp-servers.md#authentication) for OAuth 2.1 setup (auto-triggered on 401; `/mcp-login` and `/mcp-logout` commands available).
 
 **MCP Server Registry** — browse and install from a curated catalog:
 

package/dist/commands/index.d.ts

@@ -17,7 +17,7 @@ import type { CommandContext, CommandResult } from "./types.js";
 /**
  * Check if input is a slash command. If so, execute it.
  */
-export declare function processSlashCommand(input: string, context: CommandContext): CommandResult | null;
+export declare function processSlashCommand(input: string, context: CommandContext): Promise<CommandResult | null>;
 /**
  * Get all registered command names (for autocomplete/display).
  */

package/dist/commands/index.js

@@ -34,7 +34,7 @@ registerSkillCommands(register);
 /**
  * Check if input is a slash command. If so, execute it.
  */
-export function processSlashCommand(input, context) {
+export async function processSlashCommand(input, context) {
     const trimmed = input.trim();
     if (!trimmed.startsWith("/"))
         return null;

package/dist/commands/info.js

@@ -8,7 +8,11 @@ import { gitBranch, isGitRepo, isInMergeOrRebase } from "../git/index.js";
 import { readOhConfig } from "../harness/config.js";
 import { estimateMessageTokens } from "../harness/context-warning.js";
 import { getContextWindow } from "../harness/cost.js";
+import { normalizeMcpConfig } from "../mcp/config-normalize.js";
 import { connectedMcpServers } from "../mcp/loader.js";
+import { getAuthStatus } from "../mcp/oauth.js";
+import { getRouteSelection } from "../providers/router.js";
+import { mcpLoginHandler, mcpLogoutHandler } from "./mcp-auth.js";
 export function registerInfoCommands(register, getCommandMap) {
     register("help", "Show available commands", () => {
         const categories = {
@@ -39,7 +43,10 @@ export function registerInfoCommands(register, getCommandMap) {
                 "doctor",
                 "context",
                 "mcp",
+                "mcp-login",
+                "mcp-logout",
                 "mcp-registry",
+                "router",
                 "init",
                 "bug",
                 "feedback",
@@ -387,19 +394,50 @@ export function registerInfoCommands(register, getCommandMap) {
         ];
         return { output: lines.join("\n"), handled: true };
     });
-    register("mcp", "Show MCP server status", () => {
-        const mcp = connectedMcpServers();
-        if (mcp.length === 0) {
+    register("mcp", "Show MCP server status", async () => {
+        const connected = connectedMcpServers();
+        if (connected.length === 0) {
             return {
                 output: "No MCP servers connected.\nConfigure in .oh/config.yaml under mcpServers.\nRun /mcp-registry to browse available servers.",
                 handled: true,
             };
         }
-        const lines = [`MCP Servers (${mcp.length} connected):\n`];
-        for (const name of mcp) {
-            lines.push(`  ✓ ${name}`);
+        const cfg = readOhConfig();
+        const servers = cfg?.mcpServers ?? [];
+        const storageDir = join(homedir(), ".oh", "credentials", "mcp");
+        const lines = [`MCP Servers (${connected.length} connected):`, ""];
+        for (const name of connected) {
+            const entry = servers.find((s) => s.name === name);
+            if (!entry) {
+                lines.push(`  ${name.padEnd(20)}  unknown  —`);
+                continue;
+            }
+            const normalized = normalizeMcpConfig(entry, process.env);
+            if (normalized.kind === "error") {
+                lines.push(`  ${name.padEnd(20)}  error    ${normalized.message}`);
+                continue;
+            }
+            const kind = normalized.cfg.type;
+            const status = await getAuthStatus(normalized.cfg, storageDir);
+            let statusText;
+            switch (status) {
+                case "n/a":
+                    statusText = "—";
+                    break;
+                case "none":
+                    statusText = "not authenticated";
+                    break;
+                case "authenticated":
+                    statusText = "authenticated";
+                    break;
+                case "expired":
+                    statusText = "expired (re-authenticate with /mcp-login)";
+                    break;
+            }
+            lines.push(`  ${name.padEnd(20)}  ${kind.padEnd(6)}  ${statusText}`);
         }
-        lines.push("\nRun /mcp-registry to browse and add more servers.");
+        lines.push("");
+        lines.push("Run /mcp-registry to browse and add more servers.");
         return { output: lines.join("\n"), handled: true };
     });
     register("mcp-registry", "Browse and add MCP servers from the curated registry", (args) => {
@@ -426,6 +464,30 @@ export function registerInfoCommands(register, getCommandMap) {
         }
         return { output: `Found ${results.length} servers:\n\n${formatRegistry(results)}`, handled: true };
     });
+    register("mcp-login", "Authenticate to a remote MCP server via OAuth", async (args) => {
+        return mcpLoginHandler(args);
+    });
+    register("mcp-logout", "Wipe local OAuth tokens for an MCP server", async (args) => {
+        return mcpLogoutHandler(args);
+    });
+    register("router", "Show the model router state", (_args, ctx) => {
+        const cfg = readOhConfig()?.modelRouter;
+        const defaultModel = ctx.model ?? "unknown";
+        if (!cfg || (!cfg.fast && !cfg.balanced && !cfg.powerful)) {
+            return { output: `Router: off (single model: ${defaultModel})`, handled: true };
+        }
+        const last = ctx.sessionId ? getRouteSelection(ctx.sessionId) : undefined;
+        const lines = [
+            "Model router:",
+            `  fast       ${cfg.fast ?? `(default: ${defaultModel})`}`,
+            `  balanced   ${cfg.balanced ?? `(default: ${defaultModel})`}`,
+            `  powerful   ${cfg.powerful ?? `(default: ${defaultModel})`}`,
+        ];
+        if (last) {
+            lines.push("", `Last selection: ${last.tier} — "${last.reason}"`);
+        }
+        return { output: lines.join("\n"), handled: true };
+    });
     register("init", "Initialize project with .oh/ config", () => {
         const ohDir = join(process.cwd(), ".oh");
         if (existsSync(ohDir)) {

package/dist/commands/mcp-auth.d.ts

@@ -0,0 +1,11 @@
+export type CommandResult = {
+    output: string;
+    handled: true;
+};
+export declare function mcpLogoutHandler(name: string, opts?: {
+    storageDir?: string;
+}): Promise<CommandResult>;
+export declare function mcpLoginHandler(name: string, opts?: {
+    storageDir?: string;
+}): Promise<CommandResult>;
+//# sourceMappingURL=mcp-auth.d.ts.map

package/dist/commands/mcp-auth.js

@@ -0,0 +1,57 @@
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { readOhConfig } from "../harness/config.js";
+import { McpClient } from "../mcp/client.js";
+import { normalizeMcpConfig } from "../mcp/config-normalize.js";
+import { clearTokens } from "../mcp/oauth.js";
+import { loadCredentials } from "../mcp/oauth-storage.js";
+function defaultStorageDir() {
+    return join(homedir(), ".oh", "credentials", "mcp");
+}
+export async function mcpLogoutHandler(name, opts = {}) {
+    const storageDir = opts.storageDir ?? defaultStorageDir();
+    const trimmed = name.trim();
+    if (!trimmed) {
+        return { output: "Usage: /mcp-logout <server-name>", handled: true };
+    }
+    const existing = await loadCredentials(storageDir, trimmed);
+    if (!existing) {
+        return { output: `No credentials stored for '${trimmed}'.`, handled: true };
+    }
+    await clearTokens(storageDir, trimmed);
+    return {
+        output: `Local token for '${trimmed}' wiped. Server-side session may remain valid until expiry.`,
+        handled: true,
+    };
+}
+export async function mcpLoginHandler(name, opts = {}) {
+    const storageDir = opts.storageDir ?? defaultStorageDir();
+    const trimmed = name.trim();
+    if (!trimmed) {
+        return { output: "Usage: /mcp-login <server-name>", handled: true };
+    }
+    const cfg = readOhConfig();
+    const servers = cfg?.mcpServers ?? [];
+    const entry = servers.find((s) => s.name === trimmed);
+    if (!entry) {
+        return { output: `No MCP server named '${trimmed}' in .oh/config.yaml.`, handled: true };
+    }
+    const normalized = normalizeMcpConfig(entry, process.env);
+    if (normalized.kind === "error") {
+        return { output: `Invalid config for '${trimmed}': ${normalized.message}`, handled: true };
+    }
+    if (normalized.cfg.type === "stdio") {
+        return { output: `Server '${trimmed}' is stdio; OAuth is not applicable.`, handled: true };
+    }
+    await clearTokens(storageDir, trimmed);
+    try {
+        const client = await McpClient.connect(entry, { storageDir });
+        client.disconnect();
+        return { output: `\u2713 Authenticated to '${trimmed}'.`, handled: true };
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        return { output: `Authentication failed for '${trimmed}': ${msg}`, handled: true };
+    }
+}
+//# sourceMappingURL=mcp-auth.js.map

package/dist/commands/types.d.ts

@@ -22,7 +22,7 @@ export type CommandResult = {
     /** If set, toggle fast mode */
     toggleFastMode?: boolean;
 };
-export type CommandHandler = (args: string, context: CommandContext) => CommandResult;
+export type CommandHandler = (args: string, context: CommandContext) => CommandResult | Promise<CommandResult>;
 export type CommandContext = {
     messages: Message[];
     model: string;

package/dist/components/REPL.js

@@ -405,8 +405,14 @@ export default function REPL({ provider, tools, permissionMode, systemPrompt, mo
                 totalOutputTokens: costRef.current.totalOutputTokens,
                 sessionId,
             };
-            const result = processSlashCommand(trimmed, ctx);
-            if (result) {
+            void processSlashCommand(trimmed, ctx).then((result) => {
+                if (!result) {
+                    const userMsg = createUserMessage(input);
+                    setMessages((prev) => [...prev, userMsg]);
+                    pendingPromptRef.current = input;
+                    setSubmitCount((c) => c + 1);
+                    return;
+                }
                 if (result.openCybergotchiSetup) {
                     setShowCybergotchiSetup(true);
                     return;
@@ -446,7 +452,8 @@ export default function REPL({ provider, tools, permissionMode, systemPrompt, mo
                     setSubmitCount((c) => c + 1);
                     return;
                 }
-            }
+            });
+            return;
         }
         const userMsg = createUserMessage(input);
         setMessages((prev) => [...prev, userMsg]);

package/dist/harness/config.d.ts

@@ -17,11 +17,13 @@ export type McpHttpConfig = McpCommonConfig & {
     type: "http";
     url: string;
     headers?: Record<string, string>;
+    auth?: "oauth" | "none";
 };
 export type McpSseConfig = McpCommonConfig & {
     type: "sse";
     url: string;
     headers?: Record<string, string>;
+    auth?: "oauth" | "none";
 };
 export type McpServerConfig = McpStdioConfig | McpHttpConfig | McpSseConfig;
 export type HookDef = {
@@ -49,6 +51,9 @@ export type HooksConfig = {
     sessionEnd?: HookDef[];
     preToolUse?: HookDef[];
     postToolUse?: HookDef[];
+    postToolUseFailure?: HookDef[];
+    userPromptSubmit?: HookDef[];
+    permissionRequest?: HookDef[];
     fileChanged?: HookDef[];
     cwdChanged?: HookDef[];
     subagentStart?: HookDef[];

package/dist/harness/hooks.d.ts

@@ -10,7 +10,7 @@
  * - prompt: LLM yes/no check via provider.complete()
  */
 import type { HookDef } from "./config.js";
-export type HookEvent = "sessionStart" | "sessionEnd" | "preToolUse" | "postToolUse" | "fileChanged" | "cwdChanged" | "subagentStart" | "subagentStop" | "preCompact" | "postCompact" | "configChange" | "notification";
+export type HookEvent = "sessionStart" | "sessionEnd" | "preToolUse" | "postToolUse" | "postToolUseFailure" | "userPromptSubmit" | "permissionRequest" | "fileChanged" | "cwdChanged" | "subagentStart" | "subagentStop" | "preCompact" | "postCompact" | "configChange" | "notification";
 export type HookContext = {
     toolName?: string;
     toolArgs?: string;
@@ -30,6 +30,14 @@ export type HookContext = {
     agentId?: string;
     /** For notification: the message */
     message?: string;
+    /** For userPromptSubmit: the raw prompt text the user is about to submit */
+    prompt?: string;
+    /** For postToolUseFailure: short error label ("TimeoutError", "ExecutionError", "ReportedError") */
+    toolError?: string;
+    /** For postToolUseFailure: full error message */
+    errorMessage?: string;
+    /** For permissionRequest: the decision OH would take absent the hook ("ask", "allow", "deny") — informational */
+    permissionAction?: "ask" | "allow" | "deny";
 };
 /** Clear hook cache (call after config changes) */
 export declare function invalidateHookCache(): void;
@@ -58,4 +66,30 @@ export declare function emitHook(event: HookEvent, ctx?: HookContext): boolean;
  * Supports all hook types (command, HTTP, prompt).
  */
 export declare function emitHookAsync(event: HookEvent, ctx?: HookContext): Promise<boolean>;
+/** Parsed shape of a jsonIO hook's stdout JSON response. */
+export type ParsedJsonIoResponse = {
+    decision?: "allow" | "deny";
+    reason?: string;
+    additionalContext?: string;
+    permissionDecision?: "allow" | "deny" | "ask";
+};
+/** Parse a hook's stdout as a jsonIO envelope. Returns an empty object on malformed input. */
+export declare function parseJsonIoResponse(raw: string): ParsedJsonIoResponse;
+export type HookOutcome = {
+    allowed: boolean;
+    additionalContext?: string;
+    permissionDecision?: "allow" | "deny" | "ask";
+    reason?: string;
+};
+/**
+ * Emit a hook event and return a structured HookOutcome parsed from jsonIO responses.
+ *
+ * Merge semantics:
+ * - First `deny` (or `permissionDecision: "deny"`) short-circuits: {allowed: false, ...}.
+ * - `permissionDecision: "allow"` short-circuits: {allowed: true, permissionDecision: "allow"}.
+ * - `additionalContext` from multiple hooks is concatenated in order, "\n\n" separated.
+ * - For NOTIFY_ONLY_OUTCOME_EVENTS (postToolUseFailure), decision/permissionDecision
+ *   from hooks is ignored — outcome.allowed is always true. additionalContext is still collected.
+ */
+export declare function emitHookWithOutcome(event: HookEvent, ctx?: HookContext): Promise<HookOutcome>;
 //# sourceMappingURL=hooks.d.ts.map

package/dist/harness/hooks.js

@@ -56,6 +56,17 @@ function buildEnv(event, ctx) {
         env.OH_AGENT_ID = ctx.agentId;
     if (ctx.message)
         env.OH_MESSAGE = ctx.message;
+    if (ctx.prompt !== undefined) {
+        // Cap at 8KB to avoid Windows env-var length limits.
+        const PROMPT_MAX = 8 * 1024;
+        env.OH_PROMPT = ctx.prompt.length > PROMPT_MAX ? ctx.prompt.slice(0, PROMPT_MAX) : ctx.prompt;
+    }
+    if (ctx.toolError !== undefined)
+        env.OH_TOOL_ERROR = ctx.toolError;
+    if (ctx.errorMessage !== undefined)
+        env.OH_ERROR_MESSAGE = ctx.errorMessage;
+    if (ctx.permissionAction !== undefined)
+        env.OH_PERMISSION_ACTION = ctx.permissionAction;
     return env;
 }
 /**
@@ -142,20 +153,15 @@ function runCommandHookAsync(command, env, timeoutMs = 10_000) {
     });
 }
 /**
- * Run a JSON-mode command hook (Claude Code convention).
- *
- * Sends `{event, ...context}` as JSON on stdin. Parses stdout as JSON
- * `{ decision: "allow" | "deny", reason?: string, hookSpecificOutput?: any }`.
+ * Run a JSON-mode command hook and return the raw stdout string.
  *
- * Gating logic:
- *   - `decision: "deny"` → blocks (returns false).
- *   - `decision: "allow"` or omitted decision → allow (returns true).
- *   - Non-zero exit code → block.
- *   - Invalid/empty JSON on stdout → fall back to exit code (0 = allow).
- *   - Timeout or spawn error → block.
+ * Rejects (throws) on timeout or spawn error so callers can decide how to
+ * interpret the failure. Returns an empty string when stdout is empty.
+ * Rejects when the process exits with a non-zero code (callers treat this as
+ * a block).
  */
-function runJsonIoHookAsync(command, env, event, ctx, timeoutMs = 10_000) {
-    return new Promise((resolve) => {
+function runJsonIoHookCaptureStdout(command, env, event, ctx, timeoutMs = 10_000) {
+    return new Promise((resolve, reject) => {
         const proc = spawn(command, {
             shell: true,
             timeout: timeoutMs,
@@ -168,7 +174,7 @@ function runJsonIoHookAsync(command, env, event, ctx, timeoutMs = 10_000) {
             if (!settled) {
                 settled = true;
                 proc.kill();
-                resolve(false);
+                reject(new Error("hook timed out"));
             }
         }, timeoutMs);
         proc.stdout?.on("data", (chunk) => {
@@ -188,39 +194,56 @@ function runJsonIoHookAsync(command, env, event, ctx, timeoutMs = 10_000) {
                 return;
             settled = true;
             clearTimeout(timer);
-            // Non-zero exit is always a block, regardless of stdout.
             if ((code ?? 1) !== 0) {
-                resolve(false);
-                return;
-            }
-            // Empty stdout → treat exit code as the signal (allow for exit 0).
-            if (!stdoutBuf.trim()) {
-                resolve(true);
+                reject(new Error(`hook exited with code ${code ?? 1}`));
                 return;
             }
-            try {
-                const parsed = JSON.parse(stdoutBuf);
-                if (parsed.decision === "deny") {
-                    resolve(false);
-                }
-                else {
-                    resolve(true); // "allow" or omitted → allow
-                }
-            }
-            catch {
-                // Malformed JSON with a zero exit — fail closed conservatively.
-                resolve(false);
-            }
+            resolve(stdoutBuf);
         });
-        proc.on("error", () => {
+        proc.on("error", (err) => {
             if (!settled) {
                 settled = true;
                 clearTimeout(timer);
-                resolve(false);
+                reject(err);
             }
         });
     });
 }
+/**
+ * Run a JSON-mode command hook (Claude Code convention).
+ *
+ * Sends `{event, ...context}` as JSON on stdin. Parses stdout as JSON
+ * `{ decision: "allow" | "deny", reason?: string, hookSpecificOutput?: any }`.
+ *
+ * Gating logic:
+ *   - `decision: "deny"` → blocks (returns false).
+ *   - `decision: "allow"` or omitted decision → allow (returns true).
+ *   - Non-zero exit code → block.
+ *   - Invalid/empty JSON on stdout → fall back to exit code (0 = allow).
+ *   - Timeout or spawn error → block.
+ */
+async function runJsonIoHookAsync(command, env, event, ctx, timeoutMs = 10_000) {
+    let stdout;
+    try {
+        stdout = await runJsonIoHookCaptureStdout(command, env, event, ctx, timeoutMs);
+    }
+    catch {
+        // timeout, spawn error, or non-zero exit — block
+        return false;
+    }
+    // Empty stdout → treat exit code as the signal (allow for exit 0).
+    if (!stdout.trim()) {
+        return true;
+    }
+    try {
+        const parsed = JSON.parse(stdout);
+        return parsed.decision !== "deny";
+    }
+    catch {
+        // Malformed JSON with a zero exit — fail closed conservatively.
+        return false;
+    }
+}
 /** Run an HTTP hook. POSTs context as JSON, expects { allowed: true/false }. */
 async function runHttpHook(url, event, ctx, timeoutMs = 10_000) {
     try {
@@ -398,4 +421,150 @@ export async function emitHookAsync(event, ctx = {}) {
     }
     return true;
 }
+/** Parse a hook's stdout as a jsonIO envelope. Returns an empty object on malformed input. */
+export function parseJsonIoResponse(raw) {
+    let obj;
+    try {
+        obj = JSON.parse(raw);
+    }
+    catch {
+        return {};
+    }
+    if (!obj || typeof obj !== "object" || Array.isArray(obj))
+        return {};
+    const rec = obj;
+    const out = {};
+    if (rec.decision === "allow" || rec.decision === "deny")
+        out.decision = rec.decision;
+    if (typeof rec.reason === "string")
+        out.reason = rec.reason;
+    const hso = rec.hookSpecificOutput;
+    if (hso && typeof hso === "object" && !Array.isArray(hso)) {
+        const hsoRec = hso;
+        if (typeof hsoRec.additionalContext === "string")
+            out.additionalContext = hsoRec.additionalContext;
+        if (hsoRec.decision === "allow" || hsoRec.decision === "deny" || hsoRec.decision === "ask") {
+            out.permissionDecision = hsoRec.decision;
+        }
+        if (typeof hsoRec.reason === "string" && !out.reason)
+            out.reason = hsoRec.reason;
+    }
+    return out;
+}
+/** Events for which "notify-only" semantics apply — outcome.allowed is always true. */
+const NOTIFY_ONLY_OUTCOME_EVENTS = new Set(["postToolUseFailure"]);
+/**
+ * Map a command-hook's boolean (exit 0 / nonzero) result to a ParsedJsonIoResponse
+ * for the given event, applying per-event semantics:
+ *
+ * - userPromptSubmit: exit 0 → allow ({}); nonzero → deny.
+ * - permissionRequest: exit 0 → "ask" (fall through to user); nonzero → deny.
+ * - postToolUseFailure: notify-only — exit code is irrelevant, always return {}.
+ * - All other events: same as userPromptSubmit (exit 0 allow, nonzero deny).
+ */
+function mapEnvExitToOutcome(event, allowed) {
+    switch (event) {
+        case "permissionRequest":
+            return allowed
+                ? { permissionDecision: "ask" }
+                : { permissionDecision: "deny", decision: "deny", reason: "hook denied (exit code)" };
+        case "postToolUseFailure":
+            // notify-only; exit code is irrelevant
+            return {};
+        default:
+            return allowed ? {} : { decision: "deny", reason: "hook denied (exit code)" };
+    }
+}
+/**
+ * Execute a single hook definition and return a ParsedJsonIoResponse for outcome merging.
+ * Private to this module — not exported.
+ */
+async function runHookForOutcome(def, event, ctx) {
+    if (def.jsonIO && def.command) {
+        const env = buildEnv(event, ctx);
+        let raw;
+        try {
+            raw = await runJsonIoHookCaptureStdout(def.command, env, event, ctx, def.timeout ?? 10_000);
+        }
+        catch {
+            // timeout, spawn error, non-zero exit — treat as deny for gating events
+            return { decision: "deny", reason: "hook failed (timeout or non-zero exit)" };
+        }
+        if (!raw.trim()) {
+            // empty stdout with exit 0 — treat as allow (no decision)
+            return {};
+        }
+        return parseJsonIoResponse(raw);
+    }
+    if (def.command) {
+        // env-var mode — apply per-event exit-code semantics
+        const env = buildEnv(event, ctx);
+        const code = await runCommandHookAsync(def.command, env, def.timeout ?? 10_000);
+        return mapEnvExitToOutcome(event, code === 0);
+    }
+    if (def.http) {
+        const allowed = await runHttpHook(def.http, event, ctx, def.timeout ?? 10_000);
+        return mapEnvExitToOutcome(event, allowed);
+    }
+    if (def.prompt) {
+        const allowed = await runPromptHook(def.prompt, ctx, def.timeout ?? 10_000);
+        return allowed ? {} : { decision: "deny", reason: "prompt hook denied" };
+    }
+    return {};
+}
+/**
+ * Emit a hook event and return a structured HookOutcome parsed from jsonIO responses.
+ *
+ * Merge semantics:
+ * - First `deny` (or `permissionDecision: "deny"`) short-circuits: {allowed: false, ...}.
+ * - `permissionDecision: "allow"` short-circuits: {allowed: true, permissionDecision: "allow"}.
+ * - `additionalContext` from multiple hooks is concatenated in order, "\n\n" separated.
+ * - For NOTIFY_ONLY_OUTCOME_EVENTS (postToolUseFailure), decision/permissionDecision
+ *   from hooks is ignored — outcome.allowed is always true. additionalContext is still collected.
+ */
+export async function emitHookWithOutcome(event, ctx = {}) {
+    const hooks = getHooks();
+    const list = hooks?.[event];
+    if (!list || list.length === 0)
+        return { allowed: true };
+    const notifyOnly = NOTIFY_ONLY_OUTCOME_EVENTS.has(event);
+    const additionalContexts = [];
+    let reason;
+    let askSeen = false;
+    for (const def of list) {
+        if (def.match && !matchesHook(def, ctx))
+            continue;
+        const parsed = await runHookForOutcome(def, event, ctx);
+        if (!notifyOnly) {
+            if (parsed.decision === "deny" || parsed.permissionDecision === "deny") {
+                return {
+                    allowed: false,
+                    reason: parsed.reason ?? reason,
+                    permissionDecision: parsed.permissionDecision,
+                };
+            }
+            if (parsed.permissionDecision === "allow") {
+                if (parsed.additionalContext)
+                    additionalContexts.push(parsed.additionalContext);
+                return {
+                    allowed: true,
+                    permissionDecision: "allow",
+                    additionalContext: additionalContexts.length ? additionalContexts.join("\n\n") : undefined,
+                };
+            }
+            if (parsed.permissionDecision === "ask")
+                askSeen = true;
+        }
+        if (parsed.additionalContext)
+            additionalContexts.push(parsed.additionalContext);
+        if (!reason && parsed.reason)
+            reason = parsed.reason;
+    }
+    return {
+        allowed: true,
+        additionalContext: additionalContexts.length ? additionalContexts.join("\n\n") : undefined,
+        permissionDecision: askSeen ? "ask" : undefined,
+        reason,
+    };
+}
 //# sourceMappingURL=hooks.js.map