@zhijiewang/openharness 2.12.0 → 2.14.0

package/README.md

@@ -317,6 +317,8 @@ hooks:
 
 Use `match` to restrict a hook to a specific tool name (e.g., `match: Bash` only triggers for the Bash tool).
 
+See [docs/hooks.md](docs/hooks.md) for the full event reference including the new `userPromptSubmit`, `permissionRequest`, and `postToolUseFailure` events.
+
 ## Cybergotchi
 
 OpenHarness ships with a Tamagotchi-style companion that lives in the side panel. It reacts to your session in real time — celebrating streaks, complaining when tools fail, and getting hungry if you ignore it.

package/dist/commands/info.js

@@ -11,6 +11,7 @@ import { getContextWindow } from "../harness/cost.js";
 import { normalizeMcpConfig } from "../mcp/config-normalize.js";
 import { connectedMcpServers } from "../mcp/loader.js";
 import { getAuthStatus } from "../mcp/oauth.js";
+import { getRouteSelection } from "../providers/router.js";
 import { mcpLoginHandler, mcpLogoutHandler } from "./mcp-auth.js";
 export function registerInfoCommands(register, getCommandMap) {
     register("help", "Show available commands", () => {
@@ -45,6 +46,7 @@ export function registerInfoCommands(register, getCommandMap) {
                 "mcp-login",
                 "mcp-logout",
                 "mcp-registry",
+                "router",
                 "init",
                 "bug",
                 "feedback",
@@ -468,6 +470,24 @@ export function registerInfoCommands(register, getCommandMap) {
     register("mcp-logout", "Wipe local OAuth tokens for an MCP server", async (args) => {
         return mcpLogoutHandler(args);
     });
+    register("router", "Show the model router state", (_args, ctx) => {
+        const cfg = readOhConfig()?.modelRouter;
+        const defaultModel = ctx.model ?? "unknown";
+        if (!cfg || (!cfg.fast && !cfg.balanced && !cfg.powerful)) {
+            return { output: `Router: off (single model: ${defaultModel})`, handled: true };
+        }
+        const last = ctx.sessionId ? getRouteSelection(ctx.sessionId) : undefined;
+        const lines = [
+            "Model router:",
+            `  fast       ${cfg.fast ?? `(default: ${defaultModel})`}`,
+            `  balanced   ${cfg.balanced ?? `(default: ${defaultModel})`}`,
+            `  powerful   ${cfg.powerful ?? `(default: ${defaultModel})`}`,
+        ];
+        if (last) {
+            lines.push("", `Last selection: ${last.tier} — "${last.reason}"`);
+        }
+        return { output: lines.join("\n"), handled: true };
+    });
     register("init", "Initialize project with .oh/ config", () => {
         const ohDir = join(process.cwd(), ".oh");
         if (existsSync(ohDir)) {

package/dist/commands/session.js

@@ -7,6 +7,33 @@ import { dirname, join, resolve } from "node:path";
 import { getContextWindow } from "../harness/cost.js";
 import { createSession, listSessions, loadSession, saveSession } from "../harness/session.js";
 import { compressMessages } from "../query/index.js";
+function formatMessagesAsMarkdown(messages) {
+    const blocks = [];
+    for (const m of messages) {
+        if (m.role === "user") {
+            blocks.push(`## User\n\n${m.content}`);
+        }
+        else if (m.role === "assistant") {
+            const parts = [];
+            if (m.content)
+                parts.push(m.content);
+            if (m.toolCalls?.length) {
+                for (const tc of m.toolCalls) {
+                    parts.push(`**Tool call:** \`${tc.toolName}(${JSON.stringify(tc.arguments)})\``);
+                }
+            }
+            blocks.push(`## Assistant\n\n${parts.join("\n\n")}`);
+        }
+        else if (m.role === "tool") {
+            for (const tr of m.toolResults ?? []) {
+                const label = tr.isError ? "Tool error" : "Tool result";
+                blocks.push(`**${label}:**\n\n\`\`\`\n${tr.output}\n\`\`\``);
+            }
+        }
+        // system / info messages are skipped — they're OH-internal UX, not conversation
+    }
+    return blocks.join("\n\n");
+}
 function setPinned(args, ctx, pinned) {
     const idx = parseInt(args.trim(), 10);
     if (Number.isNaN(idx) || idx < 1 || idx > ctx.messages.length) {
@@ -59,20 +86,19 @@ export function registerSessionCommands(register) {
             compactedMessages: compacted,
         };
     });
-    register("export", "Export conversation to file", (_args, ctx) => {
-        const lines = ctx.messages
-            .filter((m) => m.role === "user" || m.role === "assistant")
-            .map((m) => `${m.role === "user" ? "User" : "Assistant"}: ${m.content}`)
-            .join("\n\n");
-        const filename = `.oh/export-${ctx.sessionId}.md`;
+    register("export", "Export conversation to file (args: 'json' for JSON format)", (args, ctx) => {
+        const asJson = args.trim().toLowerCase() === "json";
+        const ext = asJson ? "json" : "md";
+        const filename = `.oh/export-${ctx.sessionId}.${ext}`;
+        const body = asJson ? JSON.stringify(ctx.messages, null, 2) : formatMessagesAsMarkdown(ctx.messages);
         try {
             mkdirSync(dirname(filename), { recursive: true });
             const { writeFileSync } = require("node:fs");
-            writeFileSync(filename, lines);
-            return { output: `Exported to ${filename}`, handled: true };
+            writeFileSync(filename, body);
+            return { output: `Exported ${ctx.messages.length} messages to ${filename}`, handled: true };
         }
         catch {
-            return { output: `Export failed. Content:\n\n${lines.slice(0, 500)}`, handled: true };
+            return { output: `Export failed. Content:\n\n${body.slice(0, 500)}`, handled: true };
         }
     });
     register("history", "List recent sessions or search across them", (args) => {
@@ -106,7 +132,8 @@ export function registerSessionCommands(register) {
         const lines = sessions.map((s) => {
             const date = new Date(s.updatedAt).toLocaleDateString();
             const cost = s.cost > 0 ? ` $${s.cost.toFixed(4)}` : "";
-            return `  ${s.id}  ${date}  ${String(s.messages).padStart(3)} msgs  ${(s.model || "?").slice(0, 24)}${cost}`;
+            const parent = s.parentSessionId ? ` ⤴ forked from ${s.parentSessionId}` : "";
+            return `  ${s.id}  ${date}  ${String(s.messages).padStart(3)} msgs  ${(s.model || "?").slice(0, 24)}${cost}${parent}`;
         });
         return { output: `Recent sessions (use /resume <id> to continue):\n${lines.join("\n")}`, handled: true };
     });
@@ -127,11 +154,11 @@ export function registerSessionCommands(register) {
         }
     });
     register("fork", "Fork current session (create a branch you can resume later)", (_args, ctx) => {
-        const forked = createSession("", "");
+        const forked = createSession(ctx.providerName, ctx.model, { parentSessionId: ctx.sessionId });
         forked.messages = [...ctx.messages];
         saveSession(forked);
         return {
-            output: `Session forked as ${forked.id}. Resume later with: oh --resume ${forked.id}`,
+            output: `Session forked as ${forked.id} (from ${ctx.sessionId}). Resume later with: oh --resume ${forked.id}`,
             handled: true,
         };
     });

package/dist/harness/config.d.ts

@@ -51,6 +51,9 @@ export type HooksConfig = {
     sessionEnd?: HookDef[];
     preToolUse?: HookDef[];
     postToolUse?: HookDef[];
+    postToolUseFailure?: HookDef[];
+    userPromptSubmit?: HookDef[];
+    permissionRequest?: HookDef[];
     fileChanged?: HookDef[];
     cwdChanged?: HookDef[];
     subagentStart?: HookDef[];
@@ -104,6 +107,10 @@ export type OhConfig = {
         apiKey?: string;
         baseUrl?: string;
     }>;
+    /** MCP OAuth token storage backend. Default: "auto" — keychain when available, filesystem otherwise. */
+    credentials?: {
+        storage?: "filesystem" | "auto";
+    };
     /** Auto-commit after each file-modifying tool execution */
     gitCommitPerTool?: boolean;
     /** Effort level for LLM reasoning depth */

package/dist/harness/hooks.d.ts

@@ -10,7 +10,7 @@
  * - prompt: LLM yes/no check via provider.complete()
  */
 import type { HookDef } from "./config.js";
-export type HookEvent = "sessionStart" | "sessionEnd" | "preToolUse" | "postToolUse" | "fileChanged" | "cwdChanged" | "subagentStart" | "subagentStop" | "preCompact" | "postCompact" | "configChange" | "notification";
+export type HookEvent = "sessionStart" | "sessionEnd" | "preToolUse" | "postToolUse" | "postToolUseFailure" | "userPromptSubmit" | "permissionRequest" | "fileChanged" | "cwdChanged" | "subagentStart" | "subagentStop" | "preCompact" | "postCompact" | "configChange" | "notification";
 export type HookContext = {
     toolName?: string;
     toolArgs?: string;
@@ -30,6 +30,14 @@ export type HookContext = {
     agentId?: string;
     /** For notification: the message */
     message?: string;
+    /** For userPromptSubmit: the raw prompt text the user is about to submit */
+    prompt?: string;
+    /** For postToolUseFailure: short error label ("TimeoutError", "ExecutionError", "ReportedError") */
+    toolError?: string;
+    /** For postToolUseFailure: full error message */
+    errorMessage?: string;
+    /** For permissionRequest: the decision OH would take absent the hook ("ask", "allow", "deny") — informational */
+    permissionAction?: "ask" | "allow" | "deny";
 };
 /** Clear hook cache (call after config changes) */
 export declare function invalidateHookCache(): void;
@@ -58,4 +66,30 @@ export declare function emitHook(event: HookEvent, ctx?: HookContext): boolean;
  * Supports all hook types (command, HTTP, prompt).
  */
 export declare function emitHookAsync(event: HookEvent, ctx?: HookContext): Promise<boolean>;
+/** Parsed shape of a jsonIO hook's stdout JSON response. */
+export type ParsedJsonIoResponse = {
+    decision?: "allow" | "deny";
+    reason?: string;
+    additionalContext?: string;
+    permissionDecision?: "allow" | "deny" | "ask";
+};
+/** Parse a hook's stdout as a jsonIO envelope. Returns an empty object on malformed input. */
+export declare function parseJsonIoResponse(raw: string): ParsedJsonIoResponse;
+export type HookOutcome = {
+    allowed: boolean;
+    additionalContext?: string;
+    permissionDecision?: "allow" | "deny" | "ask";
+    reason?: string;
+};
+/**
+ * Emit a hook event and return a structured HookOutcome parsed from jsonIO responses.
+ *
+ * Merge semantics:
+ * - First `deny` (or `permissionDecision: "deny"`) short-circuits: {allowed: false, ...}.
+ * - `permissionDecision: "allow"` short-circuits: {allowed: true, permissionDecision: "allow"}.
+ * - `additionalContext` from multiple hooks is concatenated in order, "\n\n" separated.
+ * - For NOTIFY_ONLY_OUTCOME_EVENTS (postToolUseFailure), decision/permissionDecision
+ *   from hooks is ignored — outcome.allowed is always true. additionalContext is still collected.
+ */
+export declare function emitHookWithOutcome(event: HookEvent, ctx?: HookContext): Promise<HookOutcome>;
 //# sourceMappingURL=hooks.d.ts.map

package/dist/harness/hooks.js

@@ -56,6 +56,17 @@ function buildEnv(event, ctx) {
         env.OH_AGENT_ID = ctx.agentId;
     if (ctx.message)
         env.OH_MESSAGE = ctx.message;
+    if (ctx.prompt !== undefined) {
+        // Cap at 8KB to avoid Windows env-var length limits.
+        const PROMPT_MAX = 8 * 1024;
+        env.OH_PROMPT = ctx.prompt.length > PROMPT_MAX ? ctx.prompt.slice(0, PROMPT_MAX) : ctx.prompt;
+    }
+    if (ctx.toolError !== undefined)
+        env.OH_TOOL_ERROR = ctx.toolError;
+    if (ctx.errorMessage !== undefined)
+        env.OH_ERROR_MESSAGE = ctx.errorMessage;
+    if (ctx.permissionAction !== undefined)
+        env.OH_PERMISSION_ACTION = ctx.permissionAction;
     return env;
 }
 /**
@@ -142,20 +153,15 @@ function runCommandHookAsync(command, env, timeoutMs = 10_000) {
     });
 }
 /**
- * Run a JSON-mode command hook (Claude Code convention).
- *
- * Sends `{event, ...context}` as JSON on stdin. Parses stdout as JSON
- * `{ decision: "allow" | "deny", reason?: string, hookSpecificOutput?: any }`.
+ * Run a JSON-mode command hook and return the raw stdout string.
  *
- * Gating logic:
- *   - `decision: "deny"` → blocks (returns false).
- *   - `decision: "allow"` or omitted decision → allow (returns true).
- *   - Non-zero exit code → block.
- *   - Invalid/empty JSON on stdout → fall back to exit code (0 = allow).
- *   - Timeout or spawn error → block.
+ * Rejects (throws) on timeout or spawn error so callers can decide how to
+ * interpret the failure. Returns an empty string when stdout is empty.
+ * Rejects when the process exits with a non-zero code (callers treat this as
+ * a block).
  */
-function runJsonIoHookAsync(command, env, event, ctx, timeoutMs = 10_000) {
-    return new Promise((resolve) => {
+function runJsonIoHookCaptureStdout(command, env, event, ctx, timeoutMs = 10_000) {
+    return new Promise((resolve, reject) => {
         const proc = spawn(command, {
             shell: true,
             timeout: timeoutMs,
@@ -168,7 +174,7 @@ function runJsonIoHookAsync(command, env, event, ctx, timeoutMs = 10_000) {
             if (!settled) {
                 settled = true;
                 proc.kill();
-                resolve(false);
+                reject(new Error("hook timed out"));
             }
         }, timeoutMs);
         proc.stdout?.on("data", (chunk) => {
@@ -188,39 +194,56 @@ function runJsonIoHookAsync(command, env, event, ctx, timeoutMs = 10_000) {
                 return;
             settled = true;
             clearTimeout(timer);
-            // Non-zero exit is always a block, regardless of stdout.
             if ((code ?? 1) !== 0) {
-                resolve(false);
-                return;
-            }
-            // Empty stdout → treat exit code as the signal (allow for exit 0).
-            if (!stdoutBuf.trim()) {
-                resolve(true);
+                reject(new Error(`hook exited with code ${code ?? 1}`));
                 return;
             }
-            try {
-                const parsed = JSON.parse(stdoutBuf);
-                if (parsed.decision === "deny") {
-                    resolve(false);
-                }
-                else {
-                    resolve(true); // "allow" or omitted → allow
-                }
-            }
-            catch {
-                // Malformed JSON with a zero exit — fail closed conservatively.
-                resolve(false);
-            }
+            resolve(stdoutBuf);
         });
-        proc.on("error", () => {
+        proc.on("error", (err) => {
             if (!settled) {
                 settled = true;
                 clearTimeout(timer);
-                resolve(false);
+                reject(err);
             }
         });
     });
 }
+/**
+ * Run a JSON-mode command hook (Claude Code convention).
+ *
+ * Sends `{event, ...context}` as JSON on stdin. Parses stdout as JSON
+ * `{ decision: "allow" | "deny", reason?: string, hookSpecificOutput?: any }`.
+ *
+ * Gating logic:
+ *   - `decision: "deny"` → blocks (returns false).
+ *   - `decision: "allow"` or omitted decision → allow (returns true).
+ *   - Non-zero exit code → block.
+ *   - Invalid/empty JSON on stdout → fall back to exit code (0 = allow).
+ *   - Timeout or spawn error → block.
+ */
+async function runJsonIoHookAsync(command, env, event, ctx, timeoutMs = 10_000) {
+    let stdout;
+    try {
+        stdout = await runJsonIoHookCaptureStdout(command, env, event, ctx, timeoutMs);
+    }
+    catch {
+        // timeout, spawn error, or non-zero exit — block
+        return false;
+    }
+    // Empty stdout → treat exit code as the signal (allow for exit 0).
+    if (!stdout.trim()) {
+        return true;
+    }
+    try {
+        const parsed = JSON.parse(stdout);
+        return parsed.decision !== "deny";
+    }
+    catch {
+        // Malformed JSON with a zero exit — fail closed conservatively.
+        return false;
+    }
+}
 /** Run an HTTP hook. POSTs context as JSON, expects { allowed: true/false }. */
 async function runHttpHook(url, event, ctx, timeoutMs = 10_000) {
     try {
@@ -398,4 +421,150 @@ export async function emitHookAsync(event, ctx = {}) {
     }
     return true;
 }
+/** Parse a hook's stdout as a jsonIO envelope. Returns an empty object on malformed input. */
+export function parseJsonIoResponse(raw) {
+    let obj;
+    try {
+        obj = JSON.parse(raw);
+    }
+    catch {
+        return {};
+    }
+    if (!obj || typeof obj !== "object" || Array.isArray(obj))
+        return {};
+    const rec = obj;
+    const out = {};
+    if (rec.decision === "allow" || rec.decision === "deny")
+        out.decision = rec.decision;
+    if (typeof rec.reason === "string")
+        out.reason = rec.reason;
+    const hso = rec.hookSpecificOutput;
+    if (hso && typeof hso === "object" && !Array.isArray(hso)) {
+        const hsoRec = hso;
+        if (typeof hsoRec.additionalContext === "string")
+            out.additionalContext = hsoRec.additionalContext;
+        if (hsoRec.decision === "allow" || hsoRec.decision === "deny" || hsoRec.decision === "ask") {
+            out.permissionDecision = hsoRec.decision;
+        }
+        if (typeof hsoRec.reason === "string" && !out.reason)
+            out.reason = hsoRec.reason;
+    }
+    return out;
+}
+/** Events for which "notify-only" semantics apply — outcome.allowed is always true. */
+const NOTIFY_ONLY_OUTCOME_EVENTS = new Set(["postToolUseFailure"]);
+/**
+ * Map a command-hook's boolean (exit 0 / nonzero) result to a ParsedJsonIoResponse
+ * for the given event, applying per-event semantics:
+ *
+ * - userPromptSubmit: exit 0 → allow ({}); nonzero → deny.
+ * - permissionRequest: exit 0 → "ask" (fall through to user); nonzero → deny.
+ * - postToolUseFailure: notify-only — exit code is irrelevant, always return {}.
+ * - All other events: same as userPromptSubmit (exit 0 allow, nonzero deny).
+ */
+function mapEnvExitToOutcome(event, allowed) {
+    switch (event) {
+        case "permissionRequest":
+            return allowed
+                ? { permissionDecision: "ask" }
+                : { permissionDecision: "deny", decision: "deny", reason: "hook denied (exit code)" };
+        case "postToolUseFailure":
+            // notify-only; exit code is irrelevant
+            return {};
+        default:
+            return allowed ? {} : { decision: "deny", reason: "hook denied (exit code)" };
+    }
+}
+/**
+ * Execute a single hook definition and return a ParsedJsonIoResponse for outcome merging.
+ * Private to this module — not exported.
+ */
+async function runHookForOutcome(def, event, ctx) {
+    if (def.jsonIO && def.command) {
+        const env = buildEnv(event, ctx);
+        let raw;
+        try {
+            raw = await runJsonIoHookCaptureStdout(def.command, env, event, ctx, def.timeout ?? 10_000);
+        }
+        catch {
+            // timeout, spawn error, non-zero exit — treat as deny for gating events
+            return { decision: "deny", reason: "hook failed (timeout or non-zero exit)" };
+        }
+        if (!raw.trim()) {
+            // empty stdout with exit 0 — treat as allow (no decision)
+            return {};
+        }
+        return parseJsonIoResponse(raw);
+    }
+    if (def.command) {
+        // env-var mode — apply per-event exit-code semantics
+        const env = buildEnv(event, ctx);
+        const code = await runCommandHookAsync(def.command, env, def.timeout ?? 10_000);
+        return mapEnvExitToOutcome(event, code === 0);
+    }
+    if (def.http) {
+        const allowed = await runHttpHook(def.http, event, ctx, def.timeout ?? 10_000);
+        return mapEnvExitToOutcome(event, allowed);
+    }
+    if (def.prompt) {
+        const allowed = await runPromptHook(def.prompt, ctx, def.timeout ?? 10_000);
+        return allowed ? {} : { decision: "deny", reason: "prompt hook denied" };
+    }
+    return {};
+}
+/**
+ * Emit a hook event and return a structured HookOutcome parsed from jsonIO responses.
+ *
+ * Merge semantics:
+ * - First `deny` (or `permissionDecision: "deny"`) short-circuits: {allowed: false, ...}.
+ * - `permissionDecision: "allow"` short-circuits: {allowed: true, permissionDecision: "allow"}.
+ * - `additionalContext` from multiple hooks is concatenated in order, "\n\n" separated.
+ * - For NOTIFY_ONLY_OUTCOME_EVENTS (postToolUseFailure), decision/permissionDecision
+ *   from hooks is ignored — outcome.allowed is always true. additionalContext is still collected.
+ */
+export async function emitHookWithOutcome(event, ctx = {}) {
+    const hooks = getHooks();
+    const list = hooks?.[event];
+    if (!list || list.length === 0)
+        return { allowed: true };
+    const notifyOnly = NOTIFY_ONLY_OUTCOME_EVENTS.has(event);
+    const additionalContexts = [];
+    let reason;
+    let askSeen = false;
+    for (const def of list) {
+        if (def.match && !matchesHook(def, ctx))
+            continue;
+        const parsed = await runHookForOutcome(def, event, ctx);
+        if (!notifyOnly) {
+            if (parsed.decision === "deny" || parsed.permissionDecision === "deny") {
+                return {
+                    allowed: false,
+                    reason: parsed.reason ?? reason,
+                    permissionDecision: parsed.permissionDecision,
+                };
+            }
+            if (parsed.permissionDecision === "allow") {
+                if (parsed.additionalContext)
+                    additionalContexts.push(parsed.additionalContext);
+                return {
+                    allowed: true,
+                    permissionDecision: "allow",
+                    additionalContext: additionalContexts.length ? additionalContexts.join("\n\n") : undefined,
+                };
+            }
+            if (parsed.permissionDecision === "ask")
+                askSeen = true;
+        }
+        if (parsed.additionalContext)
+            additionalContexts.push(parsed.additionalContext);
+        if (!reason && parsed.reason)
+            reason = parsed.reason;
+    }
+    return {
+        allowed: true,
+        additionalContext: additionalContexts.length ? additionalContexts.join("\n\n") : undefined,
+        permissionDecision: askSeen ? "ask" : undefined,
+        reason,
+    };
+}
 //# sourceMappingURL=hooks.js.map

package/dist/harness/session.d.ts

@@ -13,6 +13,8 @@ export type Session = {
     gitBranch?: string;
     workingDir?: string;
     tools?: string[];
+    /** For forked sessions: the session this one was forked from. */
+    parentSessionId?: string;
     /** Hibernate state — saved on exit for wake reconstruction */
     hibernate?: {
         summary?: string;
@@ -26,6 +28,7 @@ export declare function createSession(provider: string, model: string, extras?:
     gitBranch?: string;
     workingDir?: string;
     tools?: string[];
+    parentSessionId?: string;
 }): Session;
 export declare function saveSession(session: Session, dir?: string): string;
 export declare function loadSession(id: string, dir?: string): Session;
@@ -35,6 +38,7 @@ export declare function listSessions(dir?: string): Array<{
     messages: number;
     cost: number;
     updatedAt: number;
+    parentSessionId?: string;
 }>;
 /** Returns the ID of the most recently updated session, or null if none exist. */
 export declare function getLastSessionId(dir?: string): string | null;

package/dist/harness/session.js

@@ -18,6 +18,7 @@ export function createSession(provider, model, extras) {
         ...(extras?.gitBranch ? { gitBranch: extras.gitBranch } : {}),
         ...(extras?.workingDir ? { workingDir: extras.workingDir } : {}),
         ...(extras?.tools ? { tools: extras.tools } : {}),
+        ...(extras?.parentSessionId ? { parentSessionId: extras.parentSessionId } : {}),
     };
 }
 let _evicting = false;
@@ -73,6 +74,7 @@ export function listSessions(dir) {
                 messages: data.messages?.length ?? 0,
                 cost: data.totalCost ?? 0,
                 updatedAt: data.updatedAt ?? 0,
+                ...(data.parentSessionId ? { parentSessionId: data.parentSessionId } : {}),
             };
         }
         catch {

package/dist/harness/submit-handler.js

@@ -6,6 +6,7 @@ import { processSlashCommand } from "../commands/index.js";
 import { cybergotchiEvents } from "../cybergotchi/events.js";
 import { resolveMcpMention } from "../mcp/loader.js";
 import { createInfoMessage, createUserMessage } from "../types/message.js";
+import { emitHookWithOutcome } from "./hooks.js";
 /**
  * Process user input: handle exit, companion mentions, slash commands,
  * @mentions, and prepare the prompt for the LLM.
@@ -78,10 +79,28 @@ export async function handleUserInput(input, ctx) {
             }
             if (result.prependToPrompt) {
                 messages = [...messages, createUserMessage(input)];
+                const prependPrompt = result.prependToPrompt;
+                const prependOutcome = await emitHookWithOutcome("userPromptSubmit", {
+                    prompt: prependPrompt,
+                    sessionId: ctx.sessionId,
+                    model: ctx.currentModel,
+                    provider: ctx.providerName,
+                    permissionMode: ctx.permissionMode,
+                });
+                if (!prependOutcome.allowed) {
+                    const reason = prependOutcome.reason ? `: ${prependOutcome.reason}` : "";
+                    return {
+                        handled: true,
+                        messages: [...messages, createInfoMessage(`Blocked by userPromptSubmit hook${reason}`)],
+                    };
+                }
+                const finalPrependPrompt = prependOutcome.additionalContext
+                    ? `${prependOutcome.additionalContext}\n\n${prependPrompt}`
+                    : prependPrompt;
                 return {
                     handled: false,
                     messages,
-                    prompt: result.prependToPrompt,
+                    prompt: finalPrependPrompt,
                     newModel: result.newModel ?? undefined,
                 };
             }
@@ -136,6 +155,21 @@ export async function handleUserInput(input, ctx) {
             /* ignore */
         }
     }
-    return { handled: false, messages, prompt: resolvedInput };
+    const outcome = await emitHookWithOutcome("userPromptSubmit", {
+        prompt: resolvedInput,
+        sessionId: ctx.sessionId,
+        model: ctx.currentModel,
+        provider: ctx.providerName,
+        permissionMode: ctx.permissionMode,
+    });
+    if (!outcome.allowed) {
+        const reason = outcome.reason ? `: ${outcome.reason}` : "";
+        return {
+            handled: true,
+            messages: [...messages, createInfoMessage(`Blocked by userPromptSubmit hook${reason}`)],
+        };
+    }
+    const finalPrompt = outcome.additionalContext ? `${outcome.additionalContext}\n\n${resolvedInput}` : resolvedInput;
+    return { handled: false, messages, prompt: finalPrompt };
 }
 //# sourceMappingURL=submit-handler.js.map