npm - failproofai - Versions diffs - 0.0.8 → 0.0.9-beta.1 - Mend

failproofai 0.0.8 → 0.0.9-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (140) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "failproofai",
-  "version": "0.0.8",
+  "version": "0.0.9-beta.1",
   "description": "The easiest way to manage policies that keep your AI agents reliable, on-task, and running autonomously — for Claude Code & the Agents SDK",
   "bin": {
     "failproofai": "./dist/cli.mjs"
@@ -90,7 +90,7 @@
     "tailwind-merge": "^3.4.0",
     "tailwindcss": "^4.1.18",
     "typescript": "^6.0.2",
-    "@anthropic-ai/sdk": "^0.90.0",
+    "@anthropic-ai/sdk": "^0.91.1",
     "vitest": "^4.0.18"
   },
   "dependencies": {

package/src/hooks/builtin-policies.ts CHANGED Viewed

@@ -10,15 +10,36 @@ import { allow, deny, instruct } from "./policy-helpers";
 import { normalizePolicyName, registerPolicy } from "./policy-registry";
 import { hookLogWarn } from "./hook-logger";
-function isClaudeInternalPath(resolved: string): boolean {
-  const claudeDir = join(homedir(), ".claude");
-  return resolved === claudeDir || resolved.startsWith(claudeDir + "/");
+/**
+ * Whether `resolved` lives under an agent CLI's home directory
+ * (~/.claude/ or ~/.codex/). Used to whitelist agent self-reads of their own
+ * config and transcripts.
+ */
+function isAgentInternalPath(resolved: string): boolean {
+  for (const dir of [".claude", ".codex"]) {
+    const root = join(homedir(), dir);
+    if (resolved === root || resolved.startsWith(root + "/")) return true;
+  }
+  return false;
 }
-function isClaudeSettingsFile(resolved: string): boolean {
-  return /[\\/]\.claude[\\/]settings(?:\.[^/\\]+)?\.json$/.test(resolved);
+/**
+ * Whether `resolved` is a settings/hooks file for an agent CLI:
+ *   • Claude Code: `.claude/settings.json`, `.claude/settings.local.json`, etc.
+ *   • Codex: `.codex/hooks.json`
+ * These must NEVER be edited by the agent itself — that would let it disable
+ * its own protections.
+ */
+function isAgentSettingsFile(resolved: string): boolean {
+  if (/[\\/]\.claude[\\/]settings(?:\.[^/\\]+)?\.json$/.test(resolved)) return true;
+  if (/[\\/]\.codex[\\/]hooks\.json$/.test(resolved)) return true;
+  return false;
 }
+// Back-compat aliases — kept for any caller that imports the old names.
+const isClaudeInternalPath = isAgentInternalPath;
+const isClaudeSettingsFile = isAgentSettingsFile;
 function getCommand(ctx: PolicyContext): string {
   return (ctx.toolInput?.command as string) ?? "";
 }
@@ -1483,7 +1504,9 @@ export const BUILTIN_POLICIES: BuiltinPolicyDefinition[] = [
     name: "block-sudo",
     description: "Block sudo commands",
     fn: blockSudo,
-    match: { events: ["PreToolUse"], toolNames: ["Bash"] },
+    // PermissionRequest is Codex's escalation-approval event; fire the same
+    // sudo guard there so Codex sandbox bypasses are blocked too.
+    match: { events: ["PreToolUse", "PermissionRequest"], toolNames: ["Bash"] },
     defaultEnabled: true,
     category: "Dangerous Commands",
     params: {

package/src/hooks/handler.ts CHANGED Viewed

@@ -5,7 +5,8 @@
  * ~/.failproofai/policies-config.json, evaluates matching policies, persists
  * activity to disk, and returns the appropriate exit code + stdout response.
  */
-import type { HookEventType, SessionMetadata } from "./types";
+import type { HookEventType, IntegrationType, SessionMetadata, CodexHookEventType } from "./types";
+import { CODEX_EVENT_MAP } from "./types";
 import type { PolicyFunction, PolicyResult } from "./policy-types";
 import { readMergedHooksConfig } from "./hooks-config";
 import { registerBuiltinPolicies } from "./builtin-policies";
@@ -15,10 +16,28 @@ import { loadAllCustomHooks } from "./custom-hooks-loader";
 import type { CustomHook } from "./policy-types";
 import { persistHookActivity } from "./hook-activity-store";
 import { trackHookEvent } from "./hook-telemetry";
+import { resolvePermissionMode } from "./resolve-permission-mode";
 import { getInstanceId } from "../../lib/telemetry-id";
 import { hookLogInfo, hookLogWarn } from "./hook-logger";
-export async function handleHookEvent(eventType: string): Promise<number> {
+/**
+ * Canonicalize an event name to PascalCase. Codex sends snake_case event names
+ * on stdin and as the --hook arg; Claude Code sends PascalCase. The internal
+ * registry, builtin policies, and policy.match.events all key on PascalCase.
+ */
+function canonicalizeEventType(raw: string, cli: IntegrationType): HookEventType {
+  if (cli === "codex") {
+    const mapped = CODEX_EVENT_MAP[raw as CodexHookEventType];
+    if (mapped) return mapped;
+  }
+  // Already PascalCase or unknown — pass through; HOOK_EVENT_TYPES type-checks downstream.
+  return raw as HookEventType;
+}
+export async function handleHookEvent(
+  eventType: string,
+  cli: IntegrationType = "claude",
+): Promise<number> {
   const startTime = performance.now();
   // Read stdin payload (Claude passes JSON)
@@ -57,13 +76,18 @@ export async function handleHookEvent(eventType: string): Promise<number> {
     }
   }
+  // Canonicalize event name (Codex sends snake_case; internals expect PascalCase)
+  const canonicalEventType = canonicalizeEventType(eventType, cli);
   // Extract session metadata from payload
+  const sessionId = parsed.session_id as string | undefined;
   const session: SessionMetadata = {
-    sessionId: parsed.session_id as string | undefined,
+    sessionId,
     transcriptPath: parsed.transcript_path as string | undefined,
     cwd: parsed.cwd as string | undefined,
-    permissionMode: parsed.permission_mode as string | undefined,
+    permissionMode: resolvePermissionMode(cli, parsed, sessionId),
     hookEventName: parsed.hook_event_name as string | undefined,
+    cli,
   };
   // Load enabled policies (merge across project/local/global scopes)
@@ -98,6 +122,7 @@ export async function handleHookEvent(eventType: string): Promise<number> {
           hook_name: hookName,
           error_type: isTimeout ? "timeout" : "exception",
           event_type: eventType,
+          cli,
           is_convention_policy: isConvention,
           convention_scope: conventionScope ?? null,
         });
@@ -116,6 +141,7 @@ export async function handleHookEvent(eventType: string): Promise<number> {
   // Fire telemetry once per invocation for custom hook loads
   if (customHooksList.length > 0) {
     void trackHookEvent(getInstanceId(), "custom_hooks_loaded", {
+      cli,
       custom_hooks_count: customHooksList.length,
       custom_hook_names: customHooksList.map((h) => h.name),
       event_types_covered: [...new Set(customHooksList.flatMap((h) => h.match?.events ?? []))],
@@ -125,7 +151,8 @@ export async function handleHookEvent(eventType: string): Promise<number> {
   // Fire telemetry for convention-based policy discovery
   if (loadResult.conventionSources.length > 0) {
     void trackHookEvent(getInstanceId(), "convention_policies_loaded", {
-      event_type: eventType,
+      event_type: canonicalEventType,
+      cli,
       project_file_count: loadResult.conventionSources.filter((s) => s.scope === "project").length,
       user_file_count: loadResult.conventionSources.filter((s) => s.scope === "user").length,
       convention_hook_count: conventionHookNames.size,
@@ -133,10 +160,10 @@ export async function handleHookEvent(eventType: string): Promise<number> {
     });
   }
-  hookLogInfo(`event=${eventType} policies=${config.enabledPolicies.length} custom=${customHooksList.length} convention=${conventionHookNames.size}`);
+  hookLogInfo(`event=${canonicalEventType} cli=${cli} policies=${config.enabledPolicies.length} custom=${customHooksList.length} convention=${conventionHookNames.size}`);
-  // Evaluate policies
-  const result = await evaluatePolicies(eventType as HookEventType, parsed, session, config);
+  // Evaluate policies (use canonical PascalCase event type)
+  const result = await evaluatePolicies(canonicalEventType, parsed, session, config);
   const durationMs = Math.round(performance.now() - startTime);
   hookLogInfo(`result=${result.decision} policy=${result.policyName ?? "none"} duration=${durationMs}ms`);
@@ -150,7 +177,8 @@ export async function handleHookEvent(eventType: string): Promise<number> {
   // Persist activity to disk (visible in /policies activity tab)
   const activityEntry = {
     timestamp: Date.now(),
-    eventType,
+    eventType: canonicalEventType,
+    integration: cli,
     toolName: (parsed.tool_name as string) ?? null,
     policyName: result.policyName,
     policyNames: result.policyNames,
@@ -203,7 +231,8 @@ export async function handleHookEvent(eventType: string): Promise<number> {
         : [];
       const distinctId = getInstanceId();
       await trackHookEvent(distinctId, "hook_policy_triggered", {
-        event_type: eventType,
+        event_type: canonicalEventType,
+        cli,
         tool_name: (parsed.tool_name as string) ?? null,
         policy_name: result.policyName,
         decision: result.decision,

package/src/hooks/hook-activity-store.ts CHANGED Viewed

@@ -41,6 +41,8 @@ let rotateSeq = 0;
 export interface HookActivityEntry {
   timestamp: number;
   eventType: string;
+  /** Which agent CLI fired the hook (claude | codex). */
+  integration?: string;
   toolName: string | null;
   policyName: string | null;
   policyNames?: string[];

package/src/hooks/install-prompt.ts CHANGED Viewed

@@ -11,6 +11,8 @@
  */
 import * as readline from "node:readline";
 import { BUILTIN_POLICIES } from "./builtin-policies";
+import { detectInstalledClis, getIntegration } from "./integrations";
+import type { IntegrationType } from "./types";
 interface SelectItem {
   name: string;
@@ -28,6 +30,169 @@ export interface PromptOptions {
   includeBeta?: boolean;
 }
+/**
+ * Resolve which agent CLIs to install hooks for.
+ *
+ * Rules:
+ *   • If `explicit` is provided (from `--cli`), use it as-is.
+ *   • Else, detect installed CLIs (PATH probe).
+ *   • If exactly one detected → use just that one (no prompt).
+ *   • If multiple detected and stdin is a TTY → arrow-key single-select.
+ *   • Otherwise → default to all detected (or ["claude"] when none).
+ *
+ * Returns the selected IntegrationType[] (always non-empty).
+ */
+export async function resolveTargetClis(explicit?: IntegrationType[]): Promise<IntegrationType[]> {
+  if (explicit && explicit.length > 0) return [...new Set(explicit)];
+  const detected = detectInstalledClis();
+  if (detected.length === 0) {
+    console.log(
+      "\x1B[33mWarning: no agent CLI binary found in PATH (claude, codex). " +
+        "Defaulting to Claude Code; hooks will activate when an agent is installed.\x1B[0m",
+    );
+    return ["claude"];
+  }
+  if (detected.length === 1) {
+    const integration = getIntegration(detected[0]);
+    console.log(`Detected ${integration.displayName}; installing hooks for it.`);
+    return detected;
+  }
+  // Multiple detected. Prompt or default.
+  if (!process.stdin.isTTY) return detected; // non-interactive: install for all detected
+  return promptCliTargetSelection(detected);
+}
+/**
+ * Interactive arrow-key single-select for "install for which CLI?" when
+ * multiple agent CLIs are detected. Visual style mirrors promptPolicySelection.
+ */
+async function promptCliTargetSelection(
+  detected: IntegrationType[],
+): Promise<IntegrationType[]> {
+  const labels = detected.map((id) => getIntegration(id).displayName).join(" + ");
+  const options: Array<{ label: string; description: string; value: IntegrationType[] }> = [
+    { label: "Both", description: labels, value: detected },
+    ...detected.map((id) => ({
+      label: `${getIntegration(id).displayName} only`,
+      description: "",
+      value: [id] as IntegrationType[],
+    })),
+  ];
+  let cursor = 0;
+  let lastLineCount = 0;
+  let cursorHidden = false;
+  function hideCursor(): void {
+    if (!cursorHidden) {
+      process.stdout.write("\x1B[?25l");
+      cursorHidden = true;
+    }
+  }
+  function showCursor(): void {
+    if (cursorHidden) {
+      process.stdout.write("\x1B[?25h");
+      cursorHidden = false;
+    }
+  }
+  function truncateLine(line: string, width: number): string {
+    let visual = 0;
+    let result = "";
+    let i = 0;
+    while (i < line.length) {
+      if (line[i] === "\x1B" && line[i + 1] === "[") {
+        let j = i + 2;
+        while (j < line.length && !/[A-Za-z]/.test(line[j])) j++;
+        j++;
+        result += line.slice(i, j);
+        i = j;
+      } else {
+        if (visual >= width) break;
+        result += line[i];
+        visual++;
+        i++;
+      }
+    }
+    return result;
+  }
+  function render(): void {
+    const cols = process.stdout.columns || 120;
+    hideCursor();
+    const lines: string[] = [];
+    lines.push("  Failproof AI — Install Hooks");
+    lines.push("");
+    lines.push(`  \x1B[2mDetected ${labels}. Choose where to install:\x1B[0m`);
+    lines.push("");
+    for (let i = 0; i < options.length; i++) {
+      const opt = options[i];
+      const isActive = i === cursor;
+      const pointer = isActive ? "\x1B[36m❯\x1B[0m" : " ";
+      const labelPart = isActive ? `\x1B[1;36m${opt.label}\x1B[0m` : opt.label;
+      const pad = opt.description ? " ".repeat(Math.max(2, 22 - opt.label.length)) : "";
+      const desc = opt.description ? `\x1B[2m${opt.description}\x1B[0m` : "";
+      lines.push(`  ${pointer} ${labelPart}${pad}${desc}`);
+    }
+    lines.push("");
+    lines.push("  \x1B[2m" + "─".repeat(Math.max(2, cols - 2)) + "\x1B[0m");
+    lines.push("  [↑↓] Move  [Enter] Select  [^C] Quit");
+    if (lastLineCount > 0) {
+      process.stdout.write(`\x1B[${lastLineCount}A\x1B[J`);
+    }
+    const output =
+      lines.map((l) => (l === "" ? l : truncateLine(l, cols))).join("\n") + "\n";
+    process.stdout.write(output);
+    lastLineCount = lines.length;
+  }
+  return new Promise<IntegrationType[]>((resolve) => {
+    render();
+    readline.emitKeypressEvents(process.stdin);
+    const wasRaw = process.stdin.isRaw;
+    if (process.stdin.setRawMode) process.stdin.setRawMode(true);
+    process.stdin.resume();
+    function cleanup(): void {
+      showCursor();
+      process.stdin.removeListener("keypress", onKey);
+      if (process.stdin.setRawMode) process.stdin.setRawMode(wasRaw ?? false);
+      process.stdin.pause();
+    }
+    function onKey(_str: string | undefined, key: readline.Key): void {
+      if (!key) return;
+      if (key.ctrl && (key.name === "c" || key.name === "d")) {
+        cleanup();
+        process.stdout.write("\n");
+        process.exit(130); // SIGINT-equivalent
+      }
+      if (key.name === "up") {
+        cursor = cursor > 0 ? cursor - 1 : options.length - 1;
+        render();
+      } else if (key.name === "down") {
+        cursor = cursor < options.length - 1 ? cursor + 1 : 0;
+        render();
+      } else if (key.name === "return" || key.name === "space") {
+        cleanup();
+        process.stdout.write("\n");
+        resolve(options[cursor].value);
+      }
+    }
+    process.stdin.on("keypress", onKey);
+  });
+}
 /**
  * Show interactive searchable policy selector.
  * @param preSelected — policy names to pre-check (e.g. from existing config).