failproofai 0.0.6 → 0.0.8

package/dist/cli.mjs

@@ -103,7 +103,7 @@ var init_hook_logger = __esm(() => {
 });
 
 // src/hooks/hooks-config.ts
-import { readFileSync, writeFileSync, existsSync as existsSync2, mkdirSync as mkdirSync2 } from "node:fs";
+import { readFileSync, writeFileSync, existsSync as existsSync2, mkdirSync as mkdirSync2, statSync as statSync2 } from "node:fs";
 import { resolve, dirname } from "node:path";
 import { homedir as homedir2 } from "node:os";
 function readConfigAt(path) {
@@ -117,8 +117,24 @@ function readConfigAt(path) {
     return {};
   }
 }
+function findProjectConfigDir(start) {
+  const home = homedir2();
+  let dir = resolve(start);
+  while (dir !== home) {
+    const marker = resolve(dir, ".failproofai");
+    try {
+      if (statSync2(marker).isDirectory())
+        return dir;
+    } catch {}
+    const parent = dirname(dir);
+    if (parent === dir)
+      break;
+    dir = parent;
+  }
+  return resolve(start);
+}
 function readMergedHooksConfig(cwd) {
-  const base = cwd ? resolve(cwd) : process.cwd();
+  const base = findProjectConfigDir(cwd ?? process.cwd());
   const projectPath = resolve(base, ".failproofai", "policies-config.json");
   const localPath = resolve(base, ".failproofai", "policies-config.local.json");
   const globalPath = resolve(homedir2(), ".failproofai", "policies-config.json");
@@ -150,14 +166,13 @@ function readMergedHooksConfig(cwd) {
   };
 }
 function getConfigPathForScope(scope, cwd) {
-  const base = cwd ? resolve(cwd) : process.cwd();
   switch (scope) {
     case "user":
       return resolve(homedir2(), ".failproofai", "policies-config.json");
     case "project":
-      return resolve(base, ".failproofai", "policies-config.json");
+      return resolve(findProjectConfigDir(cwd ?? process.cwd()), ".failproofai", "policies-config.json");
     case "local":
-      return resolve(base, ".failproofai", "policies-config.local.json");
+      return resolve(findProjectConfigDir(cwd ?? process.cwd()), ".failproofai", "policies-config.local.json");
   }
 }
 function readScopedHooksConfig(scope, cwd) {
@@ -768,6 +783,38 @@ function blockFailproofaiCommands(ctx) {
   }
   return allow();
 }
+function blockInfraCli(ctx, re, denyMsg) {
+  if (ctx.toolName !== "Bash")
+    return allow();
+  const cmd = getCommand(ctx);
+  if (!re.test(cmd))
+    return allow();
+  const allowPatterns = ctx.params?.allowPatterns ?? [];
+  if (allowPatterns.some((p) => matchesAllowedPattern(cmd, p)))
+    return allow();
+  return deny(denyMsg);
+}
+function blockKubectl(ctx) {
+  return blockInfraCli(ctx, KUBECTL_RE, "kubectl commands are blocked");
+}
+function blockTerraform(ctx) {
+  return blockInfraCli(ctx, TERRAFORM_RE, "terraform/tofu commands are blocked");
+}
+function blockAwsCli(ctx) {
+  return blockInfraCli(ctx, AWS_CLI_RE, "aws CLI commands are blocked");
+}
+function blockGcloud(ctx) {
+  return blockInfraCli(ctx, GCLOUD_RE, "gcloud commands are blocked");
+}
+function blockAzCli(ctx) {
+  return blockInfraCli(ctx, AZ_CLI_RE, "az (Azure) CLI commands are blocked");
+}
+function blockHelm(ctx) {
+  return blockInfraCli(ctx, HELM_RE, "helm commands are blocked");
+}
+function blockGhPipeline(ctx) {
+  return blockInfraCli(ctx, GH_PIPELINE_RE, "gh pipeline-trigger commands are blocked");
+}
 async function warnRepeatedToolCalls(ctx) {
   const THRESHOLD = 3;
   const transcriptPath = ctx.session?.transcriptPath;
@@ -1027,22 +1074,7 @@ function requirePrBeforeStop(ctx) {
       return allow(`PR #${pr.number} exists: ${pr.url}`);
     }
     if (pr.state === "MERGED") {
-      try {
-        execFileSync("git", ["fetch", "origin", `+refs/heads/${baseBranch}:refs/remotes/origin/${baseBranch}`], {
-          cwd,
-          encoding: "utf8",
-          stdio: ["pipe", "pipe", "pipe"],
-          timeout: 1e4
-        });
-        const freshAhead = execFileSync("git", ["log", `origin/${baseBranch}..HEAD`, "--oneline"], { cwd, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"], timeout: 5000 }).trim();
-        if (!freshAhead) {
-          return allow(`PR #${pr.number} was merged; branch is up to date with ${baseBranch}.`);
-        }
-        const freshDiff = execFileSync("git", ["diff", "--stat", `origin/${baseBranch}`, "HEAD"], { cwd, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"], timeout: 5000 }).trim();
-        if (!freshDiff) {
-          return allow(`PR #${pr.number} was merged; no file changes vs ${baseBranch}.`);
-        }
-      } catch {}
+      return allow(`PR #${pr.number} was merged: ${pr.url}. ` + `Switch off this branch (e.g. 'git checkout ${baseBranch} && git pull') before stopping again.`);
     }
     return deny(`Pull request for branch "${branch}" is ${pr.state.toLowerCase()}. Run now: gh pr create`);
   } catch {
@@ -1060,7 +1092,31 @@ function requireNoConflictsBeforeStop(ctx) {
   if (branch === baseBranch) {
     return allow(`On base branch "${baseBranch}", skipping conflict check.`);
   }
-  let localSkipped = false;
+  try {
+    execSync("gh --version", { cwd, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"], timeout: 3000 });
+  } catch {
+    return allow("gh CLI not installed, skipping conflict check.");
+  }
+  let prJson;
+  try {
+    prJson = execSync("gh pr view --json mergeable,number,url,state", {
+      cwd,
+      encoding: "utf8",
+      stdio: ["pipe", "pipe", "pipe"],
+      timeout: 15000
+    }).trim();
+  } catch {
+    return allow("No pull request found for branch, skipping conflict check.");
+  }
+  let pr;
+  try {
+    pr = JSON.parse(prJson);
+  } catch {
+    return allow("Could not parse gh pr view output, skipping conflict check.");
+  }
+  if (pr.state !== "OPEN") {
+    return allow(`PR #${pr.number} is ${pr.state.toLowerCase()}; skipping conflict check.`);
+  }
   try {
     execFileSync("git", ["rev-parse", "--verify", `origin/${baseBranch}`], {
       cwd,
@@ -1069,9 +1125,7 @@ function requireNoConflictsBeforeStop(ctx) {
       timeout: 3000
     });
     const ahead = execFileSync("git", ["log", `origin/${baseBranch}..HEAD`, "--oneline"], { cwd, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"], timeout: 5000 }).trim();
-    if (!ahead) {
-      localSkipped = true;
-    } else {
+    if (ahead) {
       execFileSync("git", ["merge-tree", "--write-tree", "--name-only", `origin/${baseBranch}`, "HEAD"], { cwd, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"], timeout: 1e4 });
     }
   } catch (err) {
@@ -1090,32 +1144,6 @@ function requireNoConflictsBeforeStop(ctx) {
       const fileList = files.length ? files.join(", ") : "one or more files";
       return deny(`Branch "${branch}" has merge conflicts with ${baseBranch} in: ${fileList}. ` + `Rebase or merge origin/${baseBranch} now and resolve the conflicts.`);
     }
-    localSkipped = true;
-  }
-  try {
-    execSync("gh --version", { cwd, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"], timeout: 3000 });
-  } catch {
-    return allow(localSkipped ? "Local conflict check skipped and gh CLI not installed, skipping conflict check." : `Branch "${branch}" merges cleanly with ${baseBranch} locally (gh CLI not installed, PR mergeability not verified).`);
-  }
-  let prJson;
-  try {
-    prJson = execSync("gh pr view --json mergeable,number,url,state", {
-      cwd,
-      encoding: "utf8",
-      stdio: ["pipe", "pipe", "pipe"],
-      timeout: 15000
-    }).trim();
-  } catch {
-    return allow(localSkipped ? "No pull request found for branch, skipping conflict check." : `Branch "${branch}" merges cleanly with ${baseBranch} locally (no PR to verify against).`);
-  }
-  let pr;
-  try {
-    pr = JSON.parse(prJson);
-  } catch {
-    return allow("Could not parse gh pr view output, skipping PR mergeability check.");
-  }
-  if (pr.state !== "OPEN") {
-    return allow(`PR #${pr.number} is ${pr.state.toLowerCase()}; skipping conflict check.`);
   }
   if (pr.mergeable === "CONFLICTING") {
     return deny(`PR #${pr.number} has merge conflicts per GitHub (${pr.url}). ` + `Rebase or merge origin/${baseBranch} now and resolve the conflicts.`);
@@ -1178,7 +1206,7 @@ function registerBuiltinPolicies(enabledNames) {
     }
   }
 }
-var SHELL_OPERATORS, SHELL_METACHAR_RE, JWT_RE, API_KEY_PATTERNS, CONNECTION_STRING_RE, PRIVATE_KEY_RE, BEARER_TOKEN_RE, SQL_TOOL_RE, DESTRUCTIVE_SQL_RE, DELETE_NO_WHERE_RE, SQL_WHERE_RE, SCHEMA_ALTER_RE, PUBLISH_CMD_RE, ENV_PRINTENV_RE, ECHO_ENV_RE, EXPORT_RE, PS_ENV_VAR_RE, PS_CHILDITEM_ENV_RE, DOTNET_GETENV_RE, CMD_ECHO_ENV_RE, ENV_FILE_PATH_RE, ENV_CMD_RE, SUDO_RE, PS_ELEVATION_RE, RUNAS_RE, CURL_PIPE_SH_RE, PS_WEB_PIPE_RE, FORCE_PUSH_RE, SECRET_FILE_RE, SECRET_FILE_ID_RSA_RE, SECRET_FILE_CREDENTIALS_RE, GIT_COMMIT_MERGE_RE, FAILPROOFAI_CLI_RE, FAILPROOFAI_UNINSTALL_RE, GIT_AMEND_RE, GIT_STASH_DROP_RE, GIT_ADD_ALL_RE, NPM_GLOBAL_RE, YARN_GLOBAL_RE, PNPM_GLOBAL_RE, BUN_GLOBAL_RE, CARGO_INSTALL_RE, PIP_SYSTEM_RE, PKG_MANAGER_DETECTORS, NOHUP_RE, SCREEN_DETACH_RE, TMUX_DETACH_RE, DISOWN_RE, BACKGROUND_AMPERSAND_RE, gitBranchCache, READ_LIKE_CMDS, TOOL_CALL_TRACKER_MAX_BYTES = 65536, SEGMENT_SPLIT_RE, BUILTIN_POLICIES;
+var SHELL_OPERATORS, SHELL_METACHAR_RE, JWT_RE, API_KEY_PATTERNS, CONNECTION_STRING_RE, PRIVATE_KEY_RE, BEARER_TOKEN_RE, SQL_TOOL_RE, DESTRUCTIVE_SQL_RE, DELETE_NO_WHERE_RE, SQL_WHERE_RE, SCHEMA_ALTER_RE, PUBLISH_CMD_RE, ENV_PRINTENV_RE, ECHO_ENV_RE, EXPORT_RE, PS_ENV_VAR_RE, PS_CHILDITEM_ENV_RE, DOTNET_GETENV_RE, CMD_ECHO_ENV_RE, ENV_FILE_PATH_RE, ENV_CMD_RE, SUDO_RE, PS_ELEVATION_RE, RUNAS_RE, CURL_PIPE_SH_RE, PS_WEB_PIPE_RE, FORCE_PUSH_RE, SECRET_FILE_RE, SECRET_FILE_ID_RSA_RE, SECRET_FILE_CREDENTIALS_RE, GIT_COMMIT_MERGE_RE, FAILPROOFAI_CLI_RE, FAILPROOFAI_UNINSTALL_RE, GIT_AMEND_RE, GIT_STASH_DROP_RE, GIT_ADD_ALL_RE, NPM_GLOBAL_RE, YARN_GLOBAL_RE, PNPM_GLOBAL_RE, BUN_GLOBAL_RE, CARGO_INSTALL_RE, PIP_SYSTEM_RE, PKG_MANAGER_DETECTORS, NOHUP_RE, SCREEN_DETACH_RE, TMUX_DETACH_RE, DISOWN_RE, BACKGROUND_AMPERSAND_RE, KUBECTL_RE, TERRAFORM_RE, AWS_CLI_RE, GCLOUD_RE, AZ_CLI_RE, HELM_RE, GH_PIPELINE_RE, gitBranchCache, READ_LIKE_CMDS, TOOL_CALL_TRACKER_MAX_BYTES = 65536, SEGMENT_SPLIT_RE, BUILTIN_POLICIES;
 var init_builtin_policies = __esm(() => {
   init_hook_logger();
   SHELL_OPERATORS = new Set(["&&", "||", "|", ";"]);
@@ -1251,6 +1279,13 @@ var init_builtin_policies = __esm(() => {
   TMUX_DETACH_RE = /\btmux\s+(?:new-session|new)\b[^|&;]*-d\b/;
   DISOWN_RE = /\bdisown\b/;
   BACKGROUND_AMPERSAND_RE = /(?<![&|])\s?&\s*(?:$|#|;)/;
+  KUBECTL_RE = /(?:^|[;\n]|&&|\|\|?|&)\s*kubectl(?:\s|$)/;
+  TERRAFORM_RE = /(?:^|[;\n]|&&|\|\|?|&)\s*(?:terraform|tofu)(?:\s|$)/;
+  AWS_CLI_RE = /(?:^|[;\n]|&&|\|\|?|&)\s*aws(?:\s|$)/;
+  GCLOUD_RE = /(?:^|[;\n]|&&|\|\|?|&)\s*gcloud(?:\s|$)/;
+  AZ_CLI_RE = /(?:^|[;\n]|&&|\|\|?|&)\s*az(?:\s|$)/;
+  HELM_RE = /(?:^|[;\n]|&&|\|\|?|&)\s*helm(?:\s|$)/;
+  GH_PIPELINE_RE = /(?:^|[;\n]|&&|\|\|?|&)\s*gh\s+(?:workflow\s+(?:run|enable|disable)|run\s+(?:rerun|cancel)|pr\s+merge|release\s+(?:create|delete)|cache\s+delete|secret\s+(?:set|delete))\b/;
   gitBranchCache = new Map;
   READ_LIKE_CMDS = /(?:^|;|&&|\|\||\|)\s*(?:ls|find|cat|head|tail|less|more|wc|file|stat|tree|du)\s/;
   SEGMENT_SPLIT_RE = /\s*(?:&&|\|\||\||;)\s*/;
@@ -1379,6 +1414,111 @@ var init_builtin_policies = __esm(() => {
       defaultEnabled: true,
       category: "Dangerous Commands"
     },
+    {
+      name: "block-kubectl",
+      description: "Block kubectl commands (Kubernetes cluster mutations)",
+      fn: blockKubectl,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: false,
+      category: "Infra Commands",
+      params: {
+        allowPatterns: {
+          type: "string[]",
+          description: "kubectl command patterns to allow, matched token-by-token (e.g. 'kubectl get *', 'kubectl describe *')",
+          default: []
+        }
+      }
+    },
+    {
+      name: "block-terraform",
+      description: "Block terraform and tofu (OpenTofu) commands",
+      fn: blockTerraform,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: false,
+      category: "Infra Commands",
+      params: {
+        allowPatterns: {
+          type: "string[]",
+          description: "terraform/tofu command patterns to allow (e.g. 'terraform plan', 'terraform validate')",
+          default: []
+        }
+      }
+    },
+    {
+      name: "block-aws-cli",
+      description: "Block aws CLI commands",
+      fn: blockAwsCli,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: false,
+      category: "Infra Commands",
+      params: {
+        allowPatterns: {
+          type: "string[]",
+          description: "aws CLI command patterns to allow (e.g. 'aws s3 ls *', 'aws sts get-caller-identity')",
+          default: []
+        }
+      }
+    },
+    {
+      name: "block-gcloud",
+      description: "Block gcloud (Google Cloud) CLI commands",
+      fn: blockGcloud,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: false,
+      category: "Infra Commands",
+      params: {
+        allowPatterns: {
+          type: "string[]",
+          description: "gcloud command patterns to allow (e.g. 'gcloud auth list', 'gcloud config list')",
+          default: []
+        }
+      }
+    },
+    {
+      name: "block-az-cli",
+      description: "Block az (Azure) CLI commands",
+      fn: blockAzCli,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: false,
+      category: "Infra Commands",
+      params: {
+        allowPatterns: {
+          type: "string[]",
+          description: "az CLI command patterns to allow (e.g. 'az account show', 'az group list')",
+          default: []
+        }
+      }
+    },
+    {
+      name: "block-helm",
+      description: "Block helm commands",
+      fn: blockHelm,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: false,
+      category: "Infra Commands",
+      params: {
+        allowPatterns: {
+          type: "string[]",
+          description: "helm command patterns to allow (e.g. 'helm list', 'helm status *')",
+          default: []
+        }
+      }
+    },
+    {
+      name: "block-gh-pipeline",
+      description: "Block gh CLI pipeline-trigger subcommands (workflow run, run rerun/cancel, pr merge, release create/delete, cache delete, secret set/delete)",
+      fn: blockGhPipeline,
+      match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+      defaultEnabled: false,
+      category: "Infra Commands",
+      params: {
+        allowPatterns: {
+          type: "string[]",
+          description: "gh pipeline command patterns to allow (e.g. specific scripted invocations); read-only gh subcommands like 'gh pr view' and 'gh run list' are not matched by this policy",
+          default: []
+        }
+      }
+    },
     {
       name: "block-secrets-write",
       description: "Block writing secret key files",
@@ -1981,8 +2121,9 @@ async function loadCustomHooks(customPoliciesPath, opts) {
 async function loadAllCustomHooks(customPoliciesPath, opts) {
   clearCustomHooks();
   const conventionSources = [];
+  const projectRoot = findProjectConfigDir(opts?.sessionCwd ?? process.cwd());
   if (customPoliciesPath) {
-    const absPath = isAbsolute(customPoliciesPath) ? customPoliciesPath : resolve4(opts?.sessionCwd ?? process.cwd(), customPoliciesPath);
+    const absPath = isAbsolute(customPoliciesPath) ? customPoliciesPath : resolve4(projectRoot, customPoliciesPath);
     if (existsSync3(absPath)) {
       await loadSingleFile(absPath);
     } else {
@@ -1990,7 +2131,7 @@ async function loadAllCustomHooks(customPoliciesPath, opts) {
     }
   }
   const hooksBeforeConvention = getCustomHooks().length;
-  const projectDir = resolve4(opts?.sessionCwd ?? process.cwd(), ".failproofai", "policies");
+  const projectDir = resolve4(projectRoot, ".failproofai", "policies");
   const projectFiles = discoverPolicyFiles(projectDir);
   for (const file of projectFiles) {
     const hooksBefore = getCustomHooks().length;
@@ -2045,6 +2186,7 @@ var init_custom_hooks_loader = __esm(() => {
   init_hook_logger();
   init_custom_hooks_registry();
   init_loader_utils();
+  init_hooks_config();
   CONVENTION_FILE_RE = /policies\.(js|mjs|ts)$/;
 });
 
@@ -2057,7 +2199,7 @@ import {
   readdirSync as readdirSync2,
   mkdirSync as mkdirSync3,
   existsSync as existsSync4,
-  statSync as statSync2,
+  statSync as statSync3,
   unlinkSync
 } from "node:fs";
 import { join as join3 } from "node:path";
@@ -2079,7 +2221,7 @@ function acquireLock() {
       if (e.code !== "EEXIST")
         return;
       try {
-        const s = statSync2(lockPath);
+        const s = statSync3(lockPath);
         if (Date.now() - s.mtimeMs > LOCK_STALE_MS) {
           writeFileSync2(lockPath, String(process.pid), "utf-8");
           return;
@@ -2171,7 +2313,7 @@ var init_hook_activity_store = __esm(() => {
 });
 
 // package.json
-var version2 = "0.0.6";
+var version2 = "0.0.8";
 var init_package = () => {};
 
 // src/posthog-key.ts
@@ -2349,7 +2491,7 @@ import {
   mkdirSync as mkdirSync5,
   existsSync as existsSync6,
   readFileSync as readFileSync4,
-  statSync as statSync3,
+  statSync as statSync4,
   renameSync as renameSync4,
   unlinkSync as unlinkSync3,
   readdirSync as readdirSync3,
@@ -2395,7 +2537,7 @@ function appendToServerQueue(entry) {
     return;
   ensureDir2();
   try {
-    if (existsSync6(PENDING_FILE) && statSync3(PENDING_FILE).size > MAX_QUEUE_BYTES) {
+    if (existsSync6(PENDING_FILE) && statSync4(PENDING_FILE).size > MAX_QUEUE_BYTES) {
       return;
     }
   } catch {}
@@ -2408,7 +2550,7 @@ function appendToServerQueue(entry) {
 }
 function queueSizeBytes() {
   try {
-    return statSync3(PENDING_FILE).size;
+    return statSync4(PENDING_FILE).size;
   } catch {
     return 0;
   }
@@ -2417,7 +2559,7 @@ function claimPendingBatch() {
   if (!existsSync6(PENDING_FILE))
     return null;
   try {
-    const size = statSync3(PENDING_FILE).size;
+    const size = statSync4(PENDING_FILE).size;
     if (size === 0)
       return null;
   } catch {
@@ -4484,7 +4626,7 @@ import { realpathSync as realpathSync2 } from "fs";
 import { dirname as dirname7, resolve as resolve8 } from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
 // package.json
-var version = "0.0.6";
+var version = "0.0.8";
 
 // bin/failproofai.mjs
 if (!process.env.FAILPROOFAI_PACKAGE_ROOT) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "failproofai",
-  "version": "0.0.6",
+  "version": "0.0.8",
   "description": "The easiest way to manage policies that keep your AI agents reliable, on-task, and running autonomously — for Claude Code & the Agents SDK",
   "bin": {
     "failproofai": "./dist/cli.mjs"