codepiper 0.1.0

package/packages/daemon/src/sessions/policyEngine.ts

@@ -0,0 +1,165 @@
+/**
+ * PolicyEngine - Evaluates PermissionRequest events against policy rules
+ *
+ * Features:
+ * - Pattern matching (glob, negation, arrays)
+ * - Rule precedence (priority + order)
+ * - Context matching (tool, args, cwd, session)
+ * - Default policy fallback
+ */
+
+import { matchPattern, valueToString } from "./policyMatcher";
+import type { PermissionRequest, Policy, PolicyDecision, PolicyRule } from "./policyTypes";
+
+export type DefaultPolicyAction = "ask" | "deny";
+
+export interface PolicyEngineOptions {
+  /** Default action when no rules match (only "ask" or "deny" — "allow" requires explicit rules) */
+  defaultAction?: DefaultPolicyAction;
+
+  /** Default reason when no rules match */
+  defaultReason?: string;
+}
+
+export class PolicyEngine {
+  private defaultAction: DefaultPolicyAction;
+  private defaultReason: string;
+
+  constructor(options: PolicyEngineOptions = {}) {
+    this.defaultAction = options.defaultAction ?? "ask";
+    this.defaultReason = options.defaultReason ?? "No matching policy rule found (default ask)";
+  }
+
+  /**
+   * Update the default action at runtime (e.g., when daemon settings change)
+   */
+  setDefaultAction(action: DefaultPolicyAction): void {
+    this.defaultAction = action;
+    this.defaultReason =
+      action === "ask"
+        ? "No matching policy rule found (default ask)"
+        : `No matching policy rule found (default ${action})`;
+  }
+
+  /**
+   * Get the current default action
+   */
+  getDefaultAction(): DefaultPolicyAction {
+    return this.defaultAction;
+  }
+
+  /**
+   * Evaluate a permission request against a list of policies
+   *
+   * Algorithm:
+   * 1. Filter policies by session ID and enabled status
+   * 2. Sort by priority (higher = more specific, evaluated first)
+   * 3. Evaluate each rule in priority order
+   * 4. First match wins
+   * 5. If no match, return default policy
+   *
+   * @param request The permission request to evaluate
+   * @param policies All available policies
+   * @returns The policy decision
+   */
+  async evaluate(request: PermissionRequest, policies: Policy[]): Promise<PolicyDecision> {
+    // Filter and sort policies
+    const applicablePolicies = policies
+      .filter((p) => this.isPolicyApplicable(p, request))
+      .sort((a, b) => b.priority - a.priority); // Higher priority first
+
+    // Evaluate each policy's rules in order
+    for (const policy of applicablePolicies) {
+      for (const rule of policy.rules) {
+        if (this.ruleMatches(rule, request)) {
+          // First match wins
+          return {
+            action: rule.action,
+            reason: rule.reason,
+            policyId: policy.id,
+            ruleId: rule.id,
+          };
+        }
+      }
+    }
+
+    // No match - return default policy
+    return this.getDefaultPolicy();
+  }
+
+  /**
+   * Check if a policy is applicable to a request
+   */
+  private isPolicyApplicable(policy: Policy, request: PermissionRequest): boolean {
+    // Only enabled policies
+    if (!policy.enabled) {
+      return false;
+    }
+
+    // Check session ID match
+    if (policy.sessionId !== undefined) {
+      if (policy.sessionId !== request.sessionId) {
+        return false;
+      }
+    }
+
+    return true;
+  }
+
+  /**
+   * Check if a rule matches a permission request
+   *
+   * All criteria must match for the rule to match:
+   * - Tool name (if specified)
+   * - Arguments (if specified, all must match)
+   * - CWD (if specified)
+   * - Session (if specified)
+   */
+  private ruleMatches(rule: PolicyRule, request: PermissionRequest): boolean {
+    // Match tool name
+    if (rule.tool !== undefined) {
+      if (!matchPattern(request.tool, rule.tool)) {
+        return false;
+      }
+    }
+
+    // Match arguments
+    if (rule.args !== undefined) {
+      for (const [key, pattern] of Object.entries(rule.args)) {
+        const value = request.args[key];
+        const valueStr = valueToString(value);
+
+        if (!(valueStr && matchPattern(valueStr, pattern))) {
+          return false;
+        }
+      }
+    }
+
+    // Match CWD
+    if (rule.cwd !== undefined) {
+      if (!matchPattern(request.cwd, rule.cwd)) {
+        return false;
+      }
+    }
+
+    // Match session
+    if (rule.session !== undefined) {
+      if (!matchPattern(request.sessionId, rule.session)) {
+        return false;
+      }
+    }
+
+    // All criteria matched
+    return true;
+  }
+
+  /**
+   * Get the default policy when no rules match
+   */
+  private getDefaultPolicy(): PolicyDecision {
+    return {
+      action: this.defaultAction,
+      reason: this.defaultReason,
+    };
+  }
+}

package/packages/daemon/src/sessions/policyMatcher.ts

@@ -0,0 +1,114 @@
+/**
+ * PolicyMatcher - Pattern matching utilities for policy rules
+ * Supports glob patterns, negation, and arrays
+ */
+
+import micromatch from "micromatch";
+
+/**
+ * Match a value against a pattern or array of patterns
+ *
+ * Supports:
+ * - Exact matching: "Read" matches "Read"
+ * - Glob patterns: "Read*" matches "ReadFile"
+ * - Wildcards: "*Read*" matches "FileRead"
+ * - Negation: "!*.env" matches anything except *.env
+ * - Arrays: ["Read", "Write"] matches either
+ *
+ * @param value The value to match
+ * @param pattern The pattern(s) to match against
+ * @returns true if the value matches the pattern
+ */
+export function matchPattern(value: string, pattern: string | string[]): boolean {
+  const patterns = Array.isArray(pattern) ? pattern : [pattern];
+
+  // Track if we have any negative patterns
+  const negativePatterns: string[] = [];
+  const positivePatterns: string[] = [];
+
+  for (const p of patterns) {
+    // Skip empty patterns
+    if (p === "") {
+      // Empty pattern matches empty value
+      if (value === "") {
+        return true;
+      }
+      continue;
+    }
+
+    if (p.startsWith("!")) {
+      const negPattern = p.slice(1);
+      if (negPattern !== "") {
+        negativePatterns.push(negPattern);
+      }
+    } else {
+      positivePatterns.push(p);
+    }
+  }
+
+  // Micromatch options for better pattern matching
+  // bash: true treats patterns as bash globs (not file paths)
+  const options = { bash: true };
+
+  // If value matches any negative pattern, fail immediately
+  if (negativePatterns.length > 0) {
+    if (micromatch.isMatch(value, negativePatterns, options)) {
+      return false;
+    }
+  }
+
+  // If we have positive patterns, check if any match
+  if (positivePatterns.length > 0) {
+    return micromatch.isMatch(value, positivePatterns, options);
+  }
+
+  // If we only had negative patterns and they didn't match, still fail
+  // because we have no positive pattern to indicate what SHOULD match
+  // Negative patterns alone mean "deny these" but don't specify what to allow
+  if (negativePatterns.length > 0) {
+    return false;
+  }
+
+  // No patterns at all
+  return false;
+}
+
+/**
+ * Normalize a path for consistent matching
+ * Removes trailing slashes and resolves relative paths
+ */
+export function normalizePath(path: string): string {
+  // Remove trailing slash
+  let normalized = path.replace(/\/+$/, "");
+
+  // If empty after removing slashes, it was root
+  if (normalized === "") {
+    normalized = "/";
+  }
+
+  return normalized;
+}
+
+/**
+ * Convert a value to string for pattern matching
+ * Handles non-string values gracefully
+ */
+export function valueToString(value: unknown): string {
+  if (value === null || value === undefined) {
+    return "";
+  }
+
+  if (typeof value === "string") {
+    return value;
+  }
+
+  if (typeof value === "number" || typeof value === "boolean") {
+    return String(value);
+  }
+
+  if (typeof value === "object") {
+    return JSON.stringify(value);
+  }
+
+  return String(value);
+}

package/packages/daemon/src/sessions/policyTypes.ts

@@ -0,0 +1,94 @@
+/**
+ * PolicyTypes - Core types for the policy engine
+ */
+
+/**
+ * Policy rule action types
+ */
+export type PolicyAction = "allow" | "deny" | "ask";
+
+/**
+ * A single policy rule that matches against PermissionRequest criteria
+ */
+export interface PolicyRule {
+  /** Unique identifier for this rule */
+  id: string;
+
+  /** Action to take if this rule matches */
+  action: PolicyAction;
+
+  /** Tool name pattern(s) to match against (glob supported) */
+  tool?: string | string[];
+
+  /** Argument patterns to match (key -> pattern) */
+  args?: Record<string, string | string[]>;
+
+  /** CWD pattern(s) to match against */
+  cwd?: string | string[];
+
+  /** Session ID pattern(s) to match against */
+  session?: string | string[];
+
+  /** Human-readable explanation for the decision */
+  reason?: string;
+}
+
+/**
+ * A policy contains multiple rules and metadata
+ */
+export interface Policy {
+  /** Unique identifier */
+  id: string;
+
+  /** Human-readable name */
+  name: string;
+
+  /** Optional description */
+  description?: string;
+
+  /** Whether this policy is active */
+  enabled: boolean;
+
+  /** Higher priority = evaluated first (more specific) */
+  priority: number;
+
+  /** Session ID this policy applies to (null = global) */
+  sessionId?: string;
+
+  /** Rules to evaluate in order */
+  rules: PolicyRule[];
+}
+
+/**
+ * The result of evaluating a permission request against policies
+ */
+export interface PolicyDecision {
+  /** The action to take */
+  action: PolicyAction;
+
+  /** Explanation for the decision */
+  reason?: string;
+
+  /** ID of the policy that matched */
+  policyId?: string;
+
+  /** ID of the specific rule that matched */
+  ruleId?: string;
+}
+
+/**
+ * A permission request from Claude Code hooks
+ */
+export interface PermissionRequest {
+  /** Session ID making the request */
+  sessionId: string;
+
+  /** Tool name being invoked */
+  tool: string;
+
+  /** Tool arguments */
+  args: Record<string, unknown>;
+
+  /** Current working directory */
+  cwd: string;
+}

package/packages/daemon/src/sessions/ptyProcess.ts

@@ -0,0 +1,141 @@
+/**
+ * PTY (Pseudo-Terminal) process wrapper for Bun
+ */
+
+import type { Subprocess } from "bun";
+
+export interface PTYProcessOptions {
+  command: string[];
+  cwd: string;
+  env?: Record<string, string>;
+  cols?: number;
+  rows?: number;
+  onData?: (data: string) => void;
+  onExit?: (exitCode: number, signal: string | null) => void;
+  onDrain?: () => void;
+}
+
+export class PTYProcess {
+  private proc: Subprocess;
+  public pid: number;
+  public cols: number;
+  public rows: number;
+  public closed: boolean = false;
+
+  constructor(options: PTYProcessOptions) {
+    const { command, cwd, env, cols = 80, rows = 24, onData, onExit, onDrain } = options;
+
+    this.cols = cols;
+    this.rows = rows;
+
+    try {
+      this.proc = Bun.spawn(command, {
+        cwd,
+        env: env || process.env,
+        terminal: {
+          cols,
+          rows,
+          data: (_terminal, data) => {
+            if (onData) {
+              const text = new TextDecoder().decode(data);
+              onData(text);
+            }
+          },
+          exit: (_terminal, exitCode, signal) => {
+            this.closed = true;
+            if (onExit) {
+              onExit(exitCode, signal);
+            }
+          },
+          drain: (_terminal) => {
+            if (onDrain) {
+              onDrain();
+            }
+          },
+        },
+      });
+
+      if (!this.proc.terminal) {
+        throw new Error("Failed to create PTY - terminal object is undefined");
+      }
+
+      this.pid = this.proc.pid;
+    } catch (error) {
+      throw new Error(`Failed to spawn process: ${error}`);
+    }
+  }
+
+  write(data: string): void {
+    if (this.closed) {
+      throw new Error("Cannot write to closed PTY");
+    }
+
+    if (!this.proc.terminal) {
+      throw new Error("PTY terminal is not available");
+    }
+
+    this.proc.terminal.write(data);
+  }
+
+  resize(cols: number, rows: number): void {
+    if (this.closed) {
+      throw new Error("Cannot resize closed PTY");
+    }
+
+    if (!this.proc.terminal) {
+      throw new Error("PTY terminal is not available");
+    }
+
+    this.cols = cols;
+    this.rows = rows;
+    this.proc.terminal.resize(cols, rows);
+  }
+
+  setRawMode(enabled: boolean): void {
+    if (this.closed) {
+      throw new Error("Cannot set raw mode on closed PTY");
+    }
+
+    if (!this.proc.terminal) {
+      throw new Error("PTY terminal is not available");
+    }
+
+    this.proc.terminal.setRawMode(enabled);
+  }
+
+  async kill(signal?: string): Promise<void> {
+    if (this.closed) {
+      return;
+    }
+
+    try {
+      // Close terminal first to trigger clean shutdown
+      if (this.proc.terminal && !this.proc.terminal.closed) {
+        this.proc.terminal.close();
+      }
+
+      // Then kill the process
+      this.proc.kill(signal as any);
+
+      // Wait for process to exit with timeout
+      await Promise.race([this.proc.exited, new Promise((resolve) => setTimeout(resolve, 1000))]);
+
+      this.closed = true;
+    } catch (_error) {
+      // Process might already be dead
+      this.closed = true;
+    }
+  }
+
+  ref(): void {
+    if (this.proc.terminal) {
+      this.proc.terminal.ref();
+    }
+  }
+
+  unref(): void {
+    if (this.proc.terminal) {
+      this.proc.terminal.unref();
+    }
+  }
+}