agent-window 1.0.0

package/hooks/hook.mjs

@@ -0,0 +1,299 @@
+#!/usr/bin/env node
+/**
+ * PreToolUse Hook for Discord Permission Approval
+ *
+ * This hook intercepts tool calls and:
+ * - Auto-approves safe tools (Read, Glob, Grep, etc.)
+ * - Requests Discord approval for risky tools (Write, Edit, Bash)
+ *
+ * Communication with Discord bot via shared file directory.
+ */
+
+import { readFileSync, writeFileSync, existsSync, unlinkSync, mkdirSync } from 'fs';
+import { join } from 'path';
+import { randomUUID } from 'crypto';
+
+// Read input from stdin
+let inputData = '';
+process.stdin.setEncoding('utf8');
+
+for await (const chunk of process.stdin) {
+  inputData += chunk;
+}
+
+const input = JSON.parse(inputData);
+const toolName = input.tool_name || '';
+const toolInput = input.tool_input || {};
+const toolUseId = input.tool_use_id || randomUUID();
+
+// Pending directory (shared with Discord bot)
+const PENDING_DIR = process.env.HOOK_PENDING_DIR || '/pending-permissions';
+const TIMEOUT_MS = 120000; // 2 minutes
+
+// Auto-approve safe tools (including Write/Edit since user trusts them)
+const AUTO_APPROVE = [
+  'Read', 'Glob', 'Grep',           // File reading/search
+  'Write', 'Edit', 'NotebookEdit',  // File writing/editing (user trusts these)
+  'WebFetch', 'WebSearch',          // Web access
+  'TodoWrite', 'Task', 'TaskOutput', 'AskUserQuestion',  // Internal tools
+  'Skill', 'EnterPlanMode', 'ExitPlanMode',  // Planning tools
+];
+
+// Always deny dangerous tools
+const ALWAYS_DENY = ['KillShell'];
+
+// Bash commands that are safe to auto-approve (read-only or common dev commands)
+const SAFE_BASH_PATTERNS = [
+  // File reading/listing
+  /^ls\b/,
+  /^pwd$/,
+  /^cat\b/,
+  /^head\b/,
+  /^tail\b/,
+  /^less\b/,
+  /^more\b/,
+  /^file\b/,
+  /^stat\b/,
+  /^wc\b/,
+  /^find\b/,
+  /^tree\b/,
+  /^du\b/,
+  /^df\b/,
+  /^realpath\b/,
+  /^readlink\b/,
+  /^dirname\b/,
+  /^basename\b/,
+
+  // Text processing (read-only)
+  /^grep\b/,
+  /^egrep\b/,
+  /^fgrep\b/,
+  /^rg\b/,
+  /^ag\b/,
+  /^awk\b/,
+  /^sort\b/,
+  /^uniq\b/,
+  /^cut\b/,
+  /^tr\b/,
+  /^diff\b/,
+  /^cmp\b/,
+  /^comm\b/,
+  /^jq\b/,
+  /^yq\b/,
+  /^xargs\b.*\b(ls|cat|head|grep|echo|wc)\b/,
+
+  // Git (read-only operations)
+  /^git\s+(status|log|diff|branch|show|remote|config|describe|tag|rev-parse|ls-files|ls-tree|blame|shortlog|reflog|stash\s+list)/,
+
+  // Package managers (read/build/test operations)
+  /^npm\s+(list|ls|view|info|outdated|test|run|install|ci|build|start|version)/,
+  /^yarn\s+(list|info|outdated|test|run|install|build|start|version)/,
+  /^pnpm\s+(list|info|outdated|test|run|install|build|start|version)/,
+  /^pip\s+(list|show|freeze|check)/,
+  /^pip3\s+(list|show|freeze|check)/,
+  /^cargo\s+(build|test|check|run|clippy|fmt|doc|tree|metadata)/,
+  /^go\s+(build|test|run|vet|fmt|mod\s+(tidy|download|graph)|version)/,
+  /^composer\s+(show|info|outdated|validate)/,
+  /^bundle\s+(list|show|outdated|check)/,
+  /^mvn\s+(compile|test|package|verify|dependency:tree)/,
+  /^gradle\s+(build|test|check|dependencies)/,
+
+  // Version checks
+  /^node\s+(--version|-v)$/,
+  /^npm\s+(--version|-v)$/,
+  /^python\s*(--version|-V)$/,
+  /^python3\s*(--version|-V)$/,
+  /^pip\s+(--version|-V)$/,
+  /^ruby\s*(--version|-v)$/,
+  /^go\s+version$/,
+  /^cargo\s+(--version|-V)$/,
+  /^rustc\s+(--version|-V)$/,
+  /^java\s+(--version|-version)$/,
+  /^docker\s+(--version|-v)$/,
+
+  // Docker (read-only)
+  /^docker\s+(ps|images|logs|inspect|stats|top|port|version|info)/,
+  /^docker-compose\s+(ps|logs|config|version)/,
+
+  // System info
+  /^which\b/,
+  /^whereis\b/,
+  /^type\b/,
+  /^command\s+-v/,
+  /^echo\b/,
+  /^printf\b/,
+  /^date\b/,
+  /^whoami$/,
+  /^id\b/,
+  /^env$/,
+  /^printenv\b/,
+  /^hostname$/,
+  /^uname\b/,
+  /^uptime$/,
+  /^free\b/,
+  /^top\s+-bn1/,
+  /^ps\s+(aux|ef)/,
+
+  // Network (read-only)
+  /^curl\s+(-s\s+)?(-I\s+)?https?:/,
+  /^wget\s+(-q\s+)?(-O\s*-\s+)?https?:/,
+  /^ping\s+-c\s+\d/,
+  /^netstat\b/,
+  /^ss\b/,
+  /^ifconfig$/,
+  /^ip\s+(addr|link|route)/,
+
+  // Build/test commands (common and safe)
+  /^make(\s+\w+)?$/,
+  /^cmake\b/,
+  /^tsc\b/,
+  /^eslint\b/,
+  /^prettier\b/,
+  /^jest\b/,
+  /^vitest\b/,
+  /^pytest\b/,
+  /^mocha\b/,
+];
+
+// Bash commands that always need approval (destructive)
+const DANGEROUS_BASH_PATTERNS = [
+  /\brm\s/,           // Remove files
+  /\brmdir\b/,        // Remove directories
+  /\bunlink\b/,       // Remove files
+  />\s*\/dev\/null/,  // Redirect to null (data loss)
+  /\bgit\s+(push|reset|rebase|checkout\s+-f|clean)/,  // Destructive git
+  /\bdocker\s+(rm|rmi|prune|system\s+prune)/,  // Docker cleanup
+  /\bkill\b/,         // Kill processes
+  /\bpkill\b/,        // Kill processes
+  /\bsudo\b/,         // Elevated privileges
+];
+
+function sleep(ms) {
+  return new Promise(resolve => setTimeout(resolve, ms));
+}
+
+function output(decision, reason, updatedInput = null) {
+  const result = {
+    hookSpecificOutput: {
+      hookEventName: 'PreToolUse',
+      permissionDecision: decision,
+      permissionDecisionReason: reason,
+    }
+  };
+  if (updatedInput) {
+    result.hookSpecificOutput.updatedInput = updatedInput;
+  }
+  console.log(JSON.stringify(result));
+  process.exit(0);
+}
+
+// Ensure pending directory exists
+try {
+  mkdirSync(PENDING_DIR, { recursive: true });
+} catch (e) {}
+
+console.error(`[Hook] Tool: ${toolName}, ID: ${toolUseId.substring(0, 8)}...`);
+
+// Auto-approve safe tools
+if (AUTO_APPROVE.includes(toolName)) {
+  console.error(`[Hook] Auto-approving: ${toolName}`);
+  output('allow', `Auto-approved: ${toolName} is a safe operation`);
+}
+
+// Always deny dangerous tools
+if (ALWAYS_DENY.includes(toolName)) {
+  console.error(`[Hook] Auto-denying: ${toolName}`);
+  output('deny', `Denied: ${toolName} is not allowed for security reasons`);
+}
+
+// Special handling for Bash commands
+if (toolName === 'Bash') {
+  const command = (toolInput.command || '').trim();
+  console.error(`[Hook] Bash command: ${command.substring(0, 80)}...`);
+
+  // Check for dangerous patterns first - these always need approval
+  const isDangerous = DANGEROUS_BASH_PATTERNS.some(p => p.test(command));
+  if (isDangerous) {
+    console.error(`[Hook] Dangerous bash pattern detected, requesting Discord approval`);
+    // Fall through to Discord approval (don't exit here)
+  } else {
+    // Check for safe patterns
+    const isSafe = SAFE_BASH_PATTERNS.some(p => p.test(command));
+    if (isSafe) {
+      console.error(`[Hook] Auto-approving safe bash: ${command.substring(0, 50)}`);
+      output('allow', `Auto-approved: Safe bash command`);
+    }
+    // Not explicitly safe - fall through to Discord approval
+    console.error(`[Hook] Bash needs Discord approval: ${command.substring(0, 50)}`);
+  }
+}
+
+// For other tools, request Discord approval
+const requestId = toolUseId.replace(/[^a-zA-Z0-9]/g, '_').substring(0, 50);
+const requestFile = join(PENDING_DIR, `${requestId}.request.json`);
+const responseFile = join(PENDING_DIR, `${requestId}.response.json`);
+
+// Write request file
+const request = {
+  tool_use_id: toolUseId,
+  tool_name: toolName,
+  input: toolInput,
+  timestamp: Date.now(),
+};
+
+try {
+  writeFileSync(requestFile, JSON.stringify(request, null, 2));
+  console.error(`[Hook] Waiting for Discord approval: ${toolName}`);
+} catch (e) {
+  console.error(`[Hook] Failed to write request: ${e.message}`);
+  output('deny', `Permission system error: ${e.message}`);
+}
+
+// Poll for response
+const deadline = Date.now() + TIMEOUT_MS;
+let pollCount = 0;
+console.error(`[Hook] Polling for response: ${responseFile}`);
+
+while (Date.now() < deadline) {
+  pollCount++;
+
+  // Debug: list files every 10 polls (3 seconds)
+  if (pollCount % 10 === 1) {
+    try {
+      const { readdirSync } = await import('fs');
+      const files = readdirSync(PENDING_DIR);
+      console.error(`[Hook] Poll #${pollCount}, files in ${PENDING_DIR}: ${files.join(', ') || '(empty)'}`);
+    } catch (e) {
+      console.error(`[Hook] Poll #${pollCount}, cannot list dir: ${e.message}`);
+    }
+  }
+
+  if (existsSync(responseFile)) {
+    console.error(`[Hook] Response file found!`);
+    try {
+      const content = readFileSync(responseFile, 'utf-8');
+      console.error(`[Hook] Response content: ${content.substring(0, 100)}`);
+      const response = JSON.parse(content);
+
+      // Clean up files
+      try { unlinkSync(requestFile); } catch (e) {}
+      try { unlinkSync(responseFile); } catch (e) {}
+
+      console.error(`[Hook] Got response: ${response.behavior}`);
+
+      if (response.behavior === 'allow') {
+        output('allow', 'User approved via Discord', response.updatedInput);
+      } else {
+        output('deny', response.message || 'User denied via Discord');
+      }
+    } catch (e) {
+      console.error(`[Hook] Error reading/parsing response: ${e.message}`);
+    }
+  }
+  await sleep(300);
+}
+
+// Timeout
+try { unlinkSync(requestFile); } catch (e) {}
+console.error('[Hook] Timeout waiting for approval');
+output('deny', 'Permission request timed out (2 minutes). Please try again.');

package/hooks/settings.json

@@ -0,0 +1,15 @@
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": ".*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node /permission-hook/hook.mjs"
+          }
+        ]
+      }
+    ]
+  }
+}

package/package.json

@@ -0,0 +1,45 @@
+{
+  "name": "agent-window",
+  "version": "1.0.0",
+  "description": "A window to interact with AI agents through chat interfaces. Simplified interaction, powerful backend capabilities.",
+  "type": "module",
+  "main": "src/bot.js",
+  "bin": {
+    "agent-window": "./bin/cli.js"
+  },
+  "scripts": {
+    "start": "node src/bot.js",
+    "dev": "node --watch src/bot.js",
+    "setup": "node bin/cli.js setup",
+    "pm2:start": "pm2 start ecosystem.config.cjs",
+    "pm2:stop": "pm2 stop agent-window",
+    "pm2:restart": "pm2 restart agent-window",
+    "pm2:logs": "pm2 logs agent-window"
+  },
+  "keywords": [
+    "agent",
+    "window",
+    "discord",
+    "slack",
+    "bot",
+    "claude",
+    "ai",
+    "cli",
+    "docker",
+    "sandbox",
+    "chat",
+    "interface"
+  ],
+  "author": "",
+  "license": "MIT",
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "discord.js": "^14.14.1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/YOUR_USERNAME/AgentWindow"
+  }
+}

package/sandbox/Dockerfile

@@ -0,0 +1,61 @@
+# Claude CLI Sandbox Environment with MCP Permission Support
+FROM node:20-slim
+
+# Install system dependencies for Playwright/Chromium (as root)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    # Playwright dependencies
+    libglib2.0-0 \
+    libnss3 \
+    libnspr4 \
+    libdbus-1-3 \
+    libatk1.0-0 \
+    libatk-bridge2.0-0 \
+    libcups2 \
+    libexpat1 \
+    libxcb1 \
+    libxkbcommon0 \
+    libatspi2.0-0 \
+    libx11-6 \
+    libxcomposite1 \
+    libxdamage1 \
+    libxext6 \
+    libxfixes3 \
+    libxrandr2 \
+    libgbm1 \
+    libcairo2 \
+    libpango-1.0-0 \
+    libasound2 \
+    # Additional useful tools
+    git \
+    curl \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Claude CLI globally
+RUN npm install -g @anthropic-ai/claude-code
+
+# Install MCP SDK for permission server
+RUN npm install -g @modelcontextprotocol/sdk zod
+
+# Create directories
+WORKDIR /workspace
+RUN mkdir -p /mcp-server /pending-permissions
+
+# Create a flexible home directory that any user can use
+RUN mkdir -p /home/claude/.cache/ms-playwright && chmod -R 777 /home/claude
+
+# Install Playwright globally and download Chromium to shared location
+ENV PLAYWRIGHT_BROWSERS_PATH=/home/claude/.cache/ms-playwright
+RUN npm install -g playwright && npx playwright install chromium && chmod -R 777 /home/claude/.cache/ms-playwright
+
+# Set environment variables
+ENV TERM=dumb
+ENV CI=true
+ENV NO_COLOR=1
+ENV FORCE_COLOR=0
+ENV NODE_PATH=/usr/local/lib/node_modules
+ENV HOME=/home/claude
+ENV PLAYWRIGHT_BROWSERS_PATH=/home/claude/.cache/ms-playwright
+
+# Default command
+ENTRYPOINT ["claude"]
+CMD ["--help"]

package/scripts/install.sh

@@ -0,0 +1,114 @@
+#!/bin/bash
+
+# AgentBridge - Quick Install Script
+#
+# Usage:
+#   curl -fsSL https://raw.githubusercontent.com/YOUR_USERNAME/AgentBridge/main/scripts/install.sh | bash
+#
+# Or:
+#   ./scripts/install.sh
+
+set -e
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+CYAN='\033[0;36m'
+NC='\033[0m'
+
+log_info() { echo -e "${CYAN}ℹ️  $1${NC}"; }
+log_success() { echo -e "${GREEN}✅ $1${NC}"; }
+log_warning() { echo -e "${YELLOW}⚠️  $1${NC}"; }
+log_error() { echo -e "${RED}❌ $1${NC}"; }
+
+echo ""
+echo -e "${CYAN}"
+echo "   _                    _   ____       _     _"
+echo "  / \\   __ _  ___ _ __ | |_| __ ) _ __(_) __| | __ _  ___"
+echo " / _ \\ / _\` |/ _ \\ '_ \\| __|  _ \\| '__| |/ _\` |/ _\` |/ _ \\"
+echo "/ ___ \\ (_| |  __/ | | | |_| |_) | |  | | (_| | (_| |  __/"
+echo "/_/   \\_\\__, |\\___|_| |_|\\__|____/|_|  |_|\\__,_|\\__, |\\___|"
+echo "        |___/                                   |___/"
+echo -e "${NC}"
+echo "  Bridge AI coding agents to chat platforms"
+echo ""
+
+# Check Node.js
+if ! command -v node &> /dev/null; then
+    log_error "Node.js not found. Please install Node.js 18+ first."
+    echo "Visit: https://nodejs.org/"
+    exit 1
+fi
+
+NODE_VERSION=$(node -v | cut -d'v' -f2 | cut -d'.' -f1)
+if [ "$NODE_VERSION" -lt 18 ]; then
+    log_error "Node.js 18+ required. Current: $(node -v)"
+    exit 1
+fi
+log_success "Node.js $(node -v)"
+
+# Check Docker
+if ! command -v docker &> /dev/null; then
+    log_error "Docker not found. Please install Docker first."
+    echo "Visit: https://docs.docker.com/get-docker/"
+    exit 1
+fi
+log_success "Docker found"
+
+# Check PM2
+if ! command -v pm2 &> /dev/null; then
+    log_info "Installing PM2..."
+    npm install -g pm2
+    log_success "PM2 installed"
+else
+    log_success "PM2 found"
+fi
+
+# Clone or update
+INSTALL_DIR="${INSTALL_DIR:-$HOME/AgentBridge}"
+
+if [ -d "$INSTALL_DIR" ]; then
+    log_info "Updating existing installation..."
+    cd "$INSTALL_DIR"
+    git pull origin main
+else
+    log_info "Cloning repository..."
+    git clone https://github.com/YOUR_USERNAME/AgentBridge.git "$INSTALL_DIR"
+    cd "$INSTALL_DIR"
+fi
+
+# Install dependencies
+log_info "Installing dependencies..."
+npm install
+
+# Build Docker image
+log_info "Building Docker sandbox..."
+docker build -t claude-sandbox ./sandbox
+
+# Config check
+if [ ! -f "config/config.json" ]; then
+    log_warning "Config not found."
+    echo ""
+    echo "Create config/config.json:"
+    echo "  cp config/config.example.json config/config.json"
+    echo "  nano config/config.json"
+    echo ""
+fi
+
+# Link CLI
+log_info "Linking CLI..."
+npm link
+
+echo ""
+log_success "Installation complete!"
+echo ""
+echo "Next steps:"
+echo "  1. Edit config/config.json"
+echo "  2. Run: agent-bridge start"
+echo ""
+echo "Commands:"
+echo "  agent-bridge setup   - Interactive setup"
+echo "  agent-bridge start   - Start"
+echo "  agent-bridge logs    - View logs"
+echo "  agent-bridge --help  - Help"
+echo ""