cc-viewer 1.6.98 → 1.6.99
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/perm-bridge.js +10 -10
- package/package.json +1 -1
package/lib/perm-bridge.js
CHANGED
|
@@ -19,11 +19,6 @@ if (!port) {
|
|
|
19
19
|
process.exit(1);
|
|
20
20
|
}
|
|
21
21
|
|
|
22
|
-
// If bypass permissions mode, don't intercept — let Claude Code handle normally
|
|
23
|
-
if (process.env.CCV_BYPASS_PERMISSIONS === '1') {
|
|
24
|
-
process.exit(1);
|
|
25
|
-
}
|
|
26
|
-
|
|
27
22
|
let stdinData;
|
|
28
23
|
try {
|
|
29
24
|
stdinData = readFileSync(0, 'utf-8');
|
|
@@ -49,10 +44,17 @@ if (!toolName || !toolInput) {
|
|
|
49
44
|
process.exit(1);
|
|
50
45
|
}
|
|
51
46
|
|
|
47
|
+
// 硬拦截:git commit/push 和 npm publish 即使在 --d (bypass) 模式下也强制走 Web UI 审批
|
|
48
|
+
// 这是安全底线,不受 --dangerously-skip-permissions 影响
|
|
49
|
+
const isPublishCmd = toolName === 'Bash' && toolInput.command &&
|
|
50
|
+
/git\s+(commit|push)|npm\s+publish/i.test(toolInput.command);
|
|
51
|
+
|
|
52
|
+
// Bypass mode: skip all other tools, but NOT publish commands
|
|
53
|
+
if (process.env.CCV_BYPASS_PERMISSIONS === '1' && !isPublishCmd) {
|
|
54
|
+
process.exit(1);
|
|
55
|
+
}
|
|
56
|
+
|
|
52
57
|
// AskUserQuestion has its own dedicated hook (ask-bridge.js)
|
|
53
|
-
// Output a no-decision response (exit 0 without permissionDecision) so Claude Code
|
|
54
|
-
// continues to ask-bridge. Using exit(1) here would cause Claude Code to fall back
|
|
55
|
-
// to terminal, breaking ask-bridge's web UI flow.
|
|
56
58
|
if (toolName === 'AskUserQuestion') {
|
|
57
59
|
process.stdout.write(JSON.stringify({ hookSpecificOutput: { hookEventName: 'PreToolUse' } }) + '\n');
|
|
58
60
|
process.exit(0);
|
|
@@ -61,8 +63,6 @@ if (toolName === 'AskUserQuestion') {
|
|
|
61
63
|
// These tools need explicit user approval via Web UI (mutating or external access).
|
|
62
64
|
const APPROVAL_TOOLS = new Set(['Bash', 'Edit', 'Write', 'NotebookEdit', 'WebFetch', 'WebSearch']);
|
|
63
65
|
if (!APPROVAL_TOOLS.has(toolName)) {
|
|
64
|
-
// Explicit allow — prevents Claude Code from falling back to terminal approval UI.
|
|
65
|
-
// Only AskUserQuestion (handled above) outputs no-decision; everything else gets a decision.
|
|
66
66
|
process.stdout.write(JSON.stringify({
|
|
67
67
|
hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'allow' },
|
|
68
68
|
}) + '\n');
|