cc-safety-net 1.0.0 → 1.0.1

package/README.md

@@ -237,6 +237,25 @@ Install CC Safety Net with OpenCode's native plugin command:
 opencode plugin -g cc-safety-net
 ```
 
+> [!NOTE]
+> OpenCode can sometimes keep using a stale cached plugin version. See
+> anomalyco/opencode#25293 for the current tracking issue.
+>
+> To force OpenCode to reinstall `cc-safety-net`, remove its cached package and
+> install the version you want:
+>
+> ```sh
+> rm -rf ~/.cache/opencode/packages/cc-safety-net@latest
+> opencode plugin -g -f cc-safety-net@latest
+>
+> If you prefer pinning a specific version:
+>
+> rm -rf ~/.cache/opencode/packages/cc-safety-net@latest
+> opencode plugin -g -f cc-safety-net@<version>
+>
+> Restart OpenCode after updating so the plugin is loaded from the refreshed
+> cache.
+
 ---
 
 ### Pi Installation

package/dist/bin/cc-safety-net.js

@@ -7830,7 +7830,7 @@ import { existsSync as existsSync14 } from "node:fs";
 import { mkdtemp, readFile, rm, writeFile } from "node:fs/promises";
 import { tmpdir as tmpdir4 } from "node:os";
 import { delimiter, extname, join as join11 } from "node:path";
-var CURRENT_VERSION = "1.0.0";
+var CURRENT_VERSION = "1.0.1";
 var VERSION_FETCH_TIMEOUT_MS = 2000;
 var PI_PROBE_TIMEOUT_MS = 5000;
 var PI_SENTINEL_COMMAND = "cc-safety-net";
@@ -9327,7 +9327,7 @@ function formatTraceJson(result) {
   return JSON.stringify(result, null, 2);
 }
 // src/bin/help.ts
-var version = "1.0.0";
+var version = "1.0.1";
 var INDENT = "  ";
 var PROGRAM_NAME = "cc-safety-net";
 function formatOptionFlags(option) {

package/dist/bin/hook/common.d.ts

@@ -11,10 +11,8 @@ type ConfiguredHookAdapter<T> = Omit<HookAdapter<T>, 'outputDeny'> & {
     createDenyOutput: (message: string) => object;
     getManualPermissionAdvice?: (reason: string) => boolean | undefined;
 };
-export declare function outputHookDeny(createDenyOutput: (message: string) => object, reason: string, command?: string, segment?: string, manualPermissionAdvice?: boolean): void;
-export declare function readHookInput<T>(outputDeny: (reason: string) => void): Promise<T | null>;
 export declare function parseHookJson<T>(inputText: string, outputDeny: (reason: string) => void, strictReason: string): T | null;
+/** @internal - exported for direct test coverage */
 export declare function handleBlockedHookCommand(command: string, cwd: string, sessionId: string | undefined, outputDeny: (reason: string, command?: string, segment?: string) => void): void;
-export declare function runHookAdapter<T>(adapter: HookAdapter<T>): Promise<void>;
 export declare function runConfiguredHookAdapter<T>(adapter: ConfiguredHookAdapter<T>): Promise<void>;
 export {};

package/dist/bin/rule/format.d.ts

@@ -1,10 +1,4 @@
 import { type LoadedRulesPolicy, type RulebookLockEntryWithStats } from '@/core/rules/policy';
-export declare function printSyncResult(result: {
-    ok: boolean;
-    errors: string[];
-    warnings?: string[];
-    entries: RulebookLockEntryWithStats[];
-}): void;
 export declare function printRuleChangeResult(result: {
     ok: boolean;
     errors: string[];
@@ -18,4 +12,3 @@ export declare function printRulesTestResult(result: {
     entries: RulebookLockEntryWithStats[];
 }, sourceDisplayMap?: Map<string, string>): void;
 export declare function printRulesListReport(policy: LoadedRulesPolicy, sourceDisplayMaps: Record<'user' | 'project', Map<string, string>>): void;
-export declare function relativeDisplay(cwd: string, path: string): string;

package/dist/core/analyze/parallel.d.ts

@@ -9,4 +9,5 @@ export interface ParallelAnalyzeContext {
     analyzeNested: (command: string, overrides?: AnalyzeNestedOverrides) => string | null;
 }
 export declare function analyzeParallel(tokens: readonly string[], context: ParallelAnalyzeContext): string | null;
+/** @internal - exported for test coverage */
 export declare function extractParallelChildCommand(tokens: readonly string[]): string[];

package/dist/core/analyze/xargs.d.ts

@@ -11,5 +11,6 @@ interface XargsParseResult {
     childTokens: string[];
     replacementToken: string | null;
 }
+/** @internal - exported for test coverage */
 export declare function extractXargsChildCommandWithInfo(tokens: readonly string[]): XargsParseResult;
 export {};

package/dist/core/git/env.d.ts

@@ -1,6 +1,9 @@
 export declare const GIT_CONTEXT_ENV_OVERRIDES: readonly ["GIT_DIR", "GIT_WORK_TREE", "GIT_COMMON_DIR", "GIT_INDEX_FILE"];
+/** @internal - exported for test coverage */
 export declare const GIT_CONFIG_AFFECTING_ENV_NAMES: ReadonlySet<string>;
+/** @internal - exported for test coverage */
 export declare const GIT_SSH_ENV_NAMES: ReadonlySet<string>;
+/** @internal - exported for test coverage */
 export declare function isGitContextEnvOverrideName(name: string): boolean;
 export declare function isGitConfigEnvName(name: string): boolean;
 export declare function isTrackedGitEnvName(name: string): boolean;

package/dist/core/rules/policy/index.d.ts

@@ -1,6 +1,5 @@
-export { readRulesConfig, validateRulesConfig, writeDefaultRulesConfig, writeStarterRulebook, } from './config-file';
-export { getLegacyUserRulesConfigPath, getProjectRulesConfigPath, getProjectRulesDir, getProjectRulesLockPath, getRulebookCachePath, getRulebookDisplaySource, getRulesLockPathForConfigPath, getUserRulesConfigPath, getUserRulesDir, getUserRulesLockPath, RULES_DIR, } from './paths';
-export { getRulebookMigratedFrom, getRulesConfigRuntimeErrorsForConfig, getRulesConfigSourceDisplayMap, getUnknownOverrideErrorsForConfig, loadRulesPolicy, rulesPolicyToConfig, } from './scope-policy';
-export { parseGitHubSource } from './sources';
-export { addRulebookSource, removeRulebookSource, repairLocalRulesPolicy, syncRulesConfig, testRulebookSources, } from './sync';
-export type { LoadedRulebookInfo, LoadedRulesPolicy, RulebookLockEntry, RulebookLockEntryWithStats, RulebookSourceKind, RuleOverride, RulesConfig, RulesLockfile, RulesPolicyOptions, SyncRulesConfigOptions, SyncRulesConfigResult, } from './types';
+export { readRulesConfig, writeDefaultRulesConfig, writeStarterRulebook, } from './config-file';
+export { getLegacyUserRulesConfigPath, getProjectRulesConfigPath, getProjectRulesDir, getRulebookDisplaySource, getRulesLockPathForConfigPath, getUserRulesConfigPath, getUserRulesDir, getUserRulesLockPath, RULES_DIR, } from './paths';
+export { getRulebookMigratedFrom, getRulesConfigRuntimeErrorsForConfig, getRulesConfigSourceDisplayMap, loadRulesPolicy, } from './scope-policy';
+export { addRulebookSource, removeRulebookSource, syncRulesConfig, testRulebookSources, } from './sync';
+export type { LoadedRulesPolicy, RulebookLockEntryWithStats, RuleOverride, SyncRulesConfigOptions, } from './types';

package/dist/core/rules/policy/paths.d.ts

@@ -17,6 +17,7 @@ export interface ScopePaths {
 }
 export declare function getProjectRulesDir(cwd?: string): string;
 export declare function getProjectRulesConfigPath(cwd?: string): string;
+/** @internal - exported for test coverage */
 export declare function getProjectRulesLockPath(cwd?: string): string;
 export declare function getUserRulesDir(options?: RulesPolicyOptions): string;
 export declare function getUserRulesConfigPath(options?: RulesPolicyOptions): string;

package/dist/core/rules/policy/scope-policy.d.ts

@@ -11,6 +11,7 @@ interface ScopePolicy {
 export declare function loadRulesPolicy(options?: RulesPolicyOptions): LoadedRulesPolicy;
 export declare function getRulesConfigSourceDisplayMap(configPath: string): Map<string, string>;
 export declare function getRulesConfigRuntimeErrorsForConfig(configPath: string, lockPath: string, options: RulesPolicyOptions): string[];
+/** @internal - exported for test coverage */
 export declare function getUnknownOverrideErrorsForConfig(configPath: string, lockPath: string, options: RulesPolicyOptions): string[];
 export declare function loadScopePolicy(config: RulesConfig, lockPath: string, configDir: string, options: RulesPolicyOptions, source: 'user' | 'project'): ScopePolicy;
 export declare function rulesPolicyToConfig(policy: LoadedRulesPolicy): Config;

package/dist/core/rules/policy/types.d.ts

@@ -2,7 +2,6 @@ import type { CustomRule } from '@/types';
 export type RuleOverride = 'off' | {
     reason: string;
 };
-export type RulebookSourceKind = RulebookLockEntry['kind'];
 export interface RulesConfig {
     version: 1;
     rules: string[];

package/dist/core/rules/rulebook.d.ts

@@ -14,6 +14,7 @@ export interface Rulebook {
     rules: CustomRule[];
     tests: RulebookFixture[];
 }
+/** @internal - exported for test coverage */
 export interface RulebookFixtureFailure {
     command: string;
     message: string;
@@ -23,6 +24,7 @@ export interface RulebookFixtureResult {
     ok: boolean;
     failures: RulebookFixtureFailure[];
 }
+/** @internal - exported for test coverage */
 export declare function validateRulebook(rulebook: unknown): ValidationResult;
 export declare function runRulebookFixtures(rulebook: Rulebook): RulebookFixtureResult;
 export declare function assertValidRulebook(rulebook: unknown): Rulebook;

package/dist/pi/builtin-commands/commands.d.ts

@@ -11,5 +11,6 @@ type PiCommandContext = {
     isIdle: () => boolean;
 };
 export declare function registerBuiltinCommands(pi: PiCommandApi): void;
+/** @internal - exported for test coverage */
 export declare function buildSafetyNetCommandPrompt(args: string): string;
 export {};

package/dist/pi/index.d.ts

@@ -1,5 +1,5 @@
 import { registerBuiltinCommands } from '@/pi/builtin-commands';
-import { registerToolUseEvent } from '@/pi/tool-use';
-type PiExtensionApi = Parameters<typeof registerBuiltinCommands>[0] & Parameters<typeof registerToolUseEvent>[0];
+import { registerToolCallEvent } from '@/pi/tool-call';
+type PiExtensionApi = Parameters<typeof registerBuiltinCommands>[0] & Parameters<typeof registerToolCallEvent>[0];
 export default function ccSafetyNetPiExtension(pi: PiExtensionApi): void;
 export {};

package/dist/pi/index.js

@@ -275,6 +275,9 @@ function buildSafetyNetCommandPrompt(args) {
 
 ${args.trim() || DEFAULT_USER_REQUEST}`;
 }
+// src/pi/tool-call.ts
+import { resolve as resolve8 } from "node:path";
+
 // src/core/analyze/dangerous-text.ts
 function dangerousInText(text) {
   const t = text.toLowerCase();
@@ -6331,22 +6334,34 @@ async function runConfiguredHookAdapter(adapter) {
   });
 }
 
-// src/pi/tool-use.ts
-function registerToolUseEvent(pi) {
-  pi.on("tool_call", handlePiToolUse);
+// src/pi/tool-call.ts
+var PI_SHELL_TOOL_ADAPTERS = {
+  bash: {
+    commandField: "command"
+  },
+  Shell: {
+    commandField: "command",
+    cwdField: "working_directory"
+  }
+};
+function registerToolCallEvent(pi) {
+  pi.on("tool_call", handlePiToolCall);
 }
-function handlePiToolUse(event, ctx) {
-  if (!isPiBashToolUseEvent(event))
+function handlePiToolCall(event, ctx) {
+  const shellToolCall = getPiShellToolCall(event, ctx);
+  if (!shellToolCall)
     return;
-  if (typeof event.input.command !== "string") {
-    return blockPiToolUse(REASON_SAFETY_NET_FAILED_CLOSED);
+  if ("malformed" in shellToolCall) {
+    return blockPiToolCall(REASON_SAFETY_NET_FAILED_CLOSED);
   }
+  const command2 = shellToolCall.command;
+  const cwd = shellToolCall.cwd;
   const modes = getCCSafetyNetEnvModes();
   let result;
   try {
-    result = (ctx.safetyNetAnalyzeCommand ?? analyzeCommand)(event.input.command, {
-      cwd: ctx.cwd,
-      config: loadConfig(ctx.cwd, {
+    result = (ctx.safetyNetAnalyzeCommand ?? analyzeCommand)(command2, {
+      cwd,
+      config: loadConfig(cwd, {
         repairLocalRulebooks: true,
         ...ctx.safetyNetConfigOptions
       }),
@@ -6357,14 +6372,14 @@ function handlePiToolUse(event, ctx) {
     });
   } catch (error) {
     if (envTruthy(ENV_FLAGS.debug)) {
-      console.error(`CC Safety Net debug: pi tool_use analysis failed: ${redactSecrets(error instanceof Error ? error.message : String(error))}`);
+      console.error(`CC Safety Net debug: pi tool_call analysis failed: ${redactSecrets(error instanceof Error ? error.message : String(error))}`);
     }
-    return blockPiToolUse(REASON_SAFETY_NET_FAILED_CLOSED, event.input.command, event.input.command);
+    return blockPiToolCall(REASON_SAFETY_NET_FAILED_CLOSED, command2, command2);
   }
   if (!result) {
     const sessionId2 = ctx.sessionManager.getSessionFile();
     if (sessionId2 && envTruthy(ENV_FLAGS.debug)) {
-      writeAuditLog(sessionId2, event.input.command, event.input.command, "allowed", ctx.cwd, {
+      writeAuditLog(sessionId2, command2, command2, "allowed", cwd, {
         decision: "allow"
       });
     }
@@ -6372,17 +6387,29 @@ function handlePiToolUse(event, ctx) {
   }
   const sessionId = ctx.sessionManager.getSessionFile();
   if (sessionId) {
-    writeAuditLog(sessionId, event.input.command, result.segment, result.reason, ctx.cwd);
+    writeAuditLog(sessionId, command2, result.segment, result.reason, cwd);
   }
-  return blockPiToolUse(result.reason, event.input.command, result.segment, result.manualPermissionAdvice);
+  return blockPiToolCall(result.reason, command2, result.segment, result.manualPermissionAdvice);
 }
-function isPiBashToolUseEvent(event) {
+function getPiShellToolCall(event, ctx) {
   if (!event || typeof event !== "object")
-    return false;
-  const toolUse = event;
-  return toolUse.toolName === "bash" && !!toolUse.input;
-}
-function blockPiToolUse(reason, command2, segment, manualPermissionAdvice) {
+    return;
+  const toolCall = event;
+  if (typeof toolCall.toolName !== "string")
+    return;
+  const adapter = PI_SHELL_TOOL_ADAPTERS[toolCall.toolName];
+  if (!adapter)
+    return;
+  if (!toolCall.input || typeof toolCall.input !== "object")
+    return { malformed: true };
+  const command2 = toolCall.input[adapter.commandField];
+  if (typeof command2 !== "string")
+    return { malformed: true };
+  const cwdInput = adapter.cwdField ? toolCall.input[adapter.cwdField] : undefined;
+  const cwd = typeof cwdInput === "string" ? resolve8(ctx.cwd, cwdInput) : ctx.cwd;
+  return { command: command2, cwd };
+}
+function blockPiToolCall(reason, command2, segment, manualPermissionAdvice) {
   return {
     block: true,
     reason: formatBlockedMessage({
@@ -6397,7 +6424,7 @@ function blockPiToolUse(reason, command2, segment, manualPermissionAdvice) {
 
 // src/pi/index.ts
 function ccSafetyNetPiExtension(pi) {
-  registerToolUseEvent(pi);
+  registerToolCallEvent(pi);
   registerBuiltinCommands(pi);
 }
 export {

package/dist/pi/{tool-use.d.ts → tool-call.d.ts}

@@ -1,9 +1,9 @@
 import { analyzeCommand } from '@/core/analyze';
 import type { LoadConfigOptions } from '@/core/config';
 type PiApi = {
-    on: (event: 'tool_call', handler: (event: unknown, ctx: PiToolUseContext) => PiToolUseResult) => void;
+    on: (event: 'tool_call', handler: (event: unknown, ctx: PiToolCallContext) => PiToolCallResult) => void;
 };
-type PiToolUseContext = {
+type PiToolCallContext = {
     cwd: string;
     sessionManager: {
         getSessionFile: () => string | undefined;
@@ -11,10 +11,11 @@ type PiToolUseContext = {
     safetyNetAnalyzeCommand?: typeof analyzeCommand;
     safetyNetConfigOptions?: LoadConfigOptions;
 };
-type PiToolUseResult = {
+type PiToolCallResult = {
     block: true;
     reason: string;
 } | undefined;
-export declare function registerToolUseEvent(pi: PiApi): void;
-export declare function handlePiToolUse(event: unknown, ctx: PiToolUseContext): PiToolUseResult;
+export declare function registerToolCallEvent(pi: PiApi): void;
+/** @internal - exported for test coverage */
+export declare function handlePiToolCall(event: unknown, ctx: PiToolCallContext): PiToolCallResult;
 export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-safety-net",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "A coding agent CLI hook - block destructive git and filesystem commands before execution",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",