fullcourtdefense-cli 1.1.1 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/commands/hook.js +15 -1
  2. package/dist/index.js +1 -1
  3. package/package.json +1 -1
package/dist/commands/hook.js CHANGED
@@ -38,6 +38,14 @@ const fs = __importStar(require("fs"));
38
38
  const os = __importStar(require("os"));
39
39
  const path = __importStar(require("path"));
40
40
  const DEFAULT_API_URL = 'https://api.fullcourtdefense.ai';
41
+ const DEBUG_LOG = path.join(os.homedir(), '.fullcourtdefense-hook.log');
42
+ /** Append a diagnostic line so we can see exactly what Cursor invoked + the verdict. */
43
+ function dbg(obj) {
44
+ try {
45
+ fs.appendFileSync(DEBUG_LOG, JSON.stringify({ t: new Date().toISOString(), ...obj }) + '\n');
46
+ }
47
+ catch { /* ignore */ }
48
+ }
41
49
  function readStdin() {
42
50
  return new Promise((resolve) => {
43
51
  let data = '';
@@ -231,6 +239,8 @@ async function hookCommand(args, config) {
231
239
  }
232
240
  const event = inferEvent(args.event, payload);
233
241
  const text = extractText(event, payload).trim();
242
+ dbg({ phase: 'invoke', event, argEvent: args.event, pid: process.pid,
243
+ payloadKeys: Object.keys(payload), textPreview: text.slice(0, 80) });
234
244
  // Emit the verdict in the shape Cursor expects for THIS event, then exit.
235
245
  // beforeSubmitPrompt blocks via { continue: false }; the execution hooks
236
246
  // (shell/mcp/read) block via { permission: "deny" }. Exit 2 reinforces it.
@@ -242,8 +252,12 @@ async function hookCommand(args, config) {
242
252
  decision.user_message = userMsg;
243
253
  if (agentMsg)
244
254
  decision.agent_message = agentMsg;
255
+ dbg({ phase: 'verdict', event, blocked, decision });
245
256
  process.stdout.write(JSON.stringify(decision));
246
- process.exit(blocked ? 2 : 0);
257
+ // ALWAYS exit 0 so Cursor uses our JSON verdict. Exit 2 is interpreted as
258
+ // `permission: "deny"`, which beforeSubmitPrompt ignores (it uses `continue`),
259
+ // so exiting 2 would silently let blocked prompts through.
260
+ process.exit(0);
247
261
  };
248
262
  // Nothing to scan, or no Shield configured → allow (fail-open by design here:
249
263
  // a misconfigured machine must not brick the developer's IDE).
package/dist/index.js CHANGED
@@ -10,7 +10,7 @@ const configure_1 = require("./commands/configure");
10
10
  const discover_1 = require("./commands/discover");
11
11
  const hook_1 = require("./commands/hook");
12
12
  const installCursorHook_1 = require("./commands/installCursorHook");
13
- const VERSION = '1.1.1';
13
+ const VERSION = '1.1.3';
14
14
  function parseArgs(argv) {
15
15
  const flags = {};
16
16
  let command = '';
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "fullcourtdefense-cli",
3
- "version": "1.1.1",
3
+ "version": "1.1.3",
4
4
  "description": "Full Court Defense CLI — security scanning for AI agents from your terminal",
5
5
  "main": "dist/index.js",
6
6
  "bin": {