gm-cc 2.0.246 → 2.0.250

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/.claude-plugin/marketplace.json +1 -1
  2. package/hooks/hooks.json +12 -7
  3. package/package.json +1 -1
  4. package/plugin.json +1 -1
  5. package/scripts/bootstrap.js +45 -0
  6. package/scripts/postinstall-kilo.js +55 -42
  7. package/scripts/postinstall-oc.js +57 -42
  8. package/scripts/postinstall.js +137 -101
  9. package/hooks/pre-tool-use-hook.js +0 -504
  10. package/hooks/prompt-submit-hook.js +0 -177
  11. package/hooks/session-start-hook.js +0 -188
  12. package/hooks/stop-hook-git.js +0 -190
  13. package/hooks/stop-hook.js +0 -57
package/hooks/pre-tool-use-hook.js DELETED
@@ -1,504 +0,0 @@
1
- #!/usr/bin/env bun
2
-
3
- const fs = require('fs');
4
- const path = require('path');
5
- const os = require('os');
6
- const { execSync, spawnSync } = require('child_process');
7
-
8
- const isGemini = process.env.GEMINI_PROJECT_DIR !== undefined;
9
- const IS_WIN = process.platform === 'win32';
10
- const projectDir = process.env.CLAUDE_PROJECT_DIR || process.env.GEMINI_PROJECT_DIR || process.env.OC_PROJECT_DIR || process.env.KILO_PROJECT_DIR;
11
-
12
- // ─── Local tool management ────────────────────────────────────────────────────
13
- const TOOLS_DIR = path.join(os.homedir(), '.claude', 'gm-tools');
14
- const CHECK_STAMP = path.join(TOOLS_DIR, '.last-check');
15
- const PKG_JSON = path.join(TOOLS_DIR, 'package.json');
16
- const MANAGED_PKGS = ['agent-browser'];
17
- const CHECK_INTERVAL_MS = 60 * 1000; // 60 seconds
18
-
19
- function ensureToolsDir() {
20
- try { fs.mkdirSync(TOOLS_DIR, { recursive: true }); } catch {}
21
- if (!fs.existsSync(PKG_JSON)) {
22
- try { fs.writeFileSync(PKG_JSON, JSON.stringify({ name: 'gm-tools', version: '1.0.0', private: true })); } catch {}
23
- }
24
- }
25
-
26
- function localBin(name) {
27
- const ext = IS_WIN ? '.exe' : '';
28
- return path.join(TOOLS_DIR, 'node_modules', '.bin', name + ext);
29
- }
30
-
31
- function isInstalled(name) {
32
- return fs.existsSync(localBin(name));
33
- }
34
-
35
- function installPkg(name) {
36
- try {
37
- spawnSync('bun', ['add', name + '@latest'], {
38
- cwd: TOOLS_DIR, encoding: 'utf8', timeout: 120000, windowsHide: true
39
- });
40
- } catch {}
41
- }
42
-
43
- function getInstalledVersion(name) {
44
- try {
45
- const p = path.join(TOOLS_DIR, 'node_modules', name, 'package.json');
46
- return JSON.parse(fs.readFileSync(p, 'utf8')).version;
47
- } catch { return null; }
48
- }
49
-
50
- function getLatestVersion(name) {
51
- try {
52
- const https = require('https');
53
- return new Promise((resolve) => {
54
- const req = https.get(
55
- `https://registry.npmjs.org/${name}/latest`,
56
- { headers: { Accept: 'application/json' } },
57
- (res) => {
58
- let d = '';
59
- res.on('data', c => d += c);
60
- res.on('end', () => { try { resolve(JSON.parse(d).version); } catch { resolve(null); } });
61
- }
62
- );
63
- req.setTimeout(5000, () => { req.destroy(); resolve(null); });
64
- req.on('error', () => resolve(null));
65
- });
66
- } catch { return Promise.resolve(null); }
67
- }
68
-
69
- function shouldCheck() {
70
- try {
71
- const t = parseInt(fs.readFileSync(CHECK_STAMP, 'utf8').trim(), 10);
72
- return isNaN(t) || (Date.now() - t) > CHECK_INTERVAL_MS;
73
- } catch { return true; }
74
- }
75
-
76
- function stampCheck() {
77
- try { fs.writeFileSync(CHECK_STAMP, String(Date.now())); } catch {}
78
- }
79
-
80
- async function ensureTools() {
81
- ensureToolsDir();
82
- // Install any missing packages immediately (synchronous first-run)
83
- const missing = MANAGED_PKGS.filter(p => !isInstalled(p));
84
- if (missing.length > 0) {
85
- try {
86
- spawnSync('bun', ['add', ...missing.map(p => p + '@latest')], {
87
- cwd: TOOLS_DIR, encoding: 'utf8', timeout: 180000, windowsHide: true
88
- });
89
- } catch {}
90
- }
91
- // Async version check (non-blocking — fire and forget)
92
- if (shouldCheck()) {
93
- stampCheck();
94
- (async () => {
95
- for (const name of MANAGED_PKGS) {
96
- const installed = getInstalledVersion(name);
97
- if (!installed) { installPkg(name); continue; }
98
- const latest = await getLatestVersion(name);
99
- if (latest && latest !== installed) installPkg(name);
100
- }
101
- })().catch(() => {});
102
- }
103
- }
104
-
105
- // Run tool installation (fire-and-forget, won't block hook)
106
- ensureTools().catch(() => {});
107
-
108
- // ─── Lang plugin loader ───────────────────────────────────────────────────────
109
- function loadLangPlugins(projectDir) {
110
- if (!projectDir) return [];
111
- const langDir = path.join(projectDir, 'lang');
112
- if (!fs.existsSync(langDir)) return [];
113
- try {
114
- return fs.readdirSync(langDir)
115
- .filter(f => f.endsWith('.js') && f !== 'loader.js' && f !== 'SPEC.md')
116
- .reduce((acc, f) => {
117
- try {
118
- const p = require(path.join(langDir, f));
119
- if (p && typeof p.id === 'string' && p.exec && p.exec.match instanceof RegExp && typeof p.exec.run === 'function') acc.push(p);
120
- } catch (_) {}
121
- return acc;
122
- }, []);
123
- } catch (_) { return []; }
124
- }
125
-
126
- // Helper: run a local binary (falls back to bunx if not installed)
127
- function pkgEntry(name) {
128
- try {
129
- const pkg = JSON.parse(fs.readFileSync(path.join(TOOLS_DIR, 'node_modules', name, 'package.json'), 'utf8'));
130
- const binVal = pkg.bin;
131
- const rel = typeof binVal === 'string' ? binVal : (binVal?.[name] || Object.values(binVal || {})[0]);
132
- if (rel) return path.join(TOOLS_DIR, 'node_modules', name, rel);
133
- } catch {}
134
- return null;
135
- }
136
-
137
- function runLocal(name, args, opts = {}) {
138
- if (IS_WIN) {
139
- const entry = pkgEntry(name);
140
- if (entry && fs.existsSync(entry)) {
141
- return spawnSync('bun', [entry, ...args], { encoding: 'utf8', windowsHide: true, timeout: 65000, ...opts });
142
- }
143
- }
144
- const bin = localBin(name);
145
- if (fs.existsSync(bin)) {
146
- return spawnSync(bin, args, { encoding: 'utf8', windowsHide: true, timeout: 65000, ...opts });
147
- }
148
- return spawnSync('bun', ['x', name, ...args], { encoding: 'utf8', windowsHide: true, timeout: 65000, ...opts });
149
- }
150
-
151
- // ─── Hook helpers ─────────────────────────────────────────────────────────────
152
- const writeTools = ['Write', 'write_file'];
153
- const searchTools = ['glob', 'search_file_content', 'Search', 'search'];
154
- const forbiddenTools = ['find', 'Find', 'Glob', 'Grep'];
155
-
156
- const allow = (additionalContext) => ({
157
- hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'allow', ...(additionalContext && { additionalContext }) }
158
- });
159
- const deny = (reason) => isGemini
160
- ? { decision: 'deny', reason }
161
- : { hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'deny', permissionDecisionReason: reason } };
162
-
163
- // Write output to tmp file and redirect the Bash command to read+delete it via bun (no popup)
164
- const allowWithNoop = (context) => {
165
- const tmp = path.join(os.tmpdir(), `gm-out-${Date.now()}.txt`);
166
- fs.writeFileSync(tmp, context, 'utf-8');
167
- // Use bun -e to read and print file — windowsHide applies to child, and bun itself is hidden
168
- // cmd /c type also works without popup since cmd.exe is the host shell
169
- const cmd = IS_WIN
170
- ? `bun -e "process.stdout.write(require('fs').readFileSync(process.argv[1],'utf8'));require('fs').unlinkSync(process.argv[1])" "${tmp}"`
171
- : `cat '${tmp}'; rm -f '${tmp}'`;
172
- return {
173
- hookSpecificOutput: {
174
- hookEventName: 'PreToolUse',
175
- permissionDecision: 'allow',
176
- updatedInput: { command: cmd }
177
- }
178
- };
179
- };
180
-
181
- // ─── plugkit runner helper ────────────────────────────────────────────────────
182
- function plugkitBin() { return path.join(TOOLS_DIR, IS_WIN ? 'plugkit.exe' : 'plugkit'); }
183
-
184
- function runGmExec(args, opts = {}) {
185
- const bin = plugkitBin();
186
- if (fs.existsSync(bin)) {
187
- return spawnSync(bin, args, { encoding: 'utf8', windowsHide: true, timeout: 65000, ...opts });
188
- }
189
- return spawnSync('plugkit', args, { encoding: 'utf8', windowsHide: true, timeout: 65000, ...opts });
190
- }
191
-
192
- // ─── Main hook ────────────────────────────────────────────────────────────────
193
- const run = () => {
194
- try {
195
- const input = fs.readFileSync(0, 'utf-8');
196
- const data = JSON.parse(input);
197
- const { tool_name, tool_input } = data;
198
-
199
- if (!tool_name) return allow();
200
-
201
- if (forbiddenTools.includes(tool_name)) {
202
- return deny('Use the code-search skill for codebase exploration instead of Grep/Glob/find. Describe what you need in plain language — it understands intent, not just patterns.');
203
- }
204
-
205
- if (writeTools.includes(tool_name)) {
206
- const file_path = tool_input?.file_path || '';
207
- const ext = path.extname(file_path);
208
- const inSkillsDir = file_path.includes('/skills/') || file_path.includes('\\skills\\');
209
- const base = path.basename(file_path).toLowerCase();
210
- if ((ext === '.md' || ext === '.txt' || base.startsWith('features_list')) &&
211
- !base.startsWith('claude') && !base.startsWith('readme') && !inSkillsDir) {
212
- return deny('Cannot create documentation files. Only CLAUDE.md and readme.md are maintained. For task-specific notes, use .prd. For permanent reference material, add to CLAUDE.md.');
213
- }
214
- if (/\.(test|spec)\.(js|ts|jsx|tsx|mjs|cjs)$/.test(base) ||
215
- /^(jest|vitest|mocha|ava|jasmine|tap)\.(config|setup)/.test(base) ||
216
- file_path.includes('/__tests__/') || file_path.includes('/test/') ||
217
- file_path.includes('/tests/') || file_path.includes('/fixtures/') ||
218
- file_path.includes('/test-data/') || file_path.includes('/__mocks__/') ||
219
- /\.(snap|stub|mock|fixture)\.(js|ts|json)$/.test(base)) {
220
- return deny('Test files forbidden on disk. Use Bash tool with real services for all testing.');
221
- }
222
- }
223
-
224
- if (searchTools.includes(tool_name)) return allow();
225
-
226
- if (tool_name === 'Task' && (tool_input?.subagent_type || '') === 'Explore') {
227
- return deny('Use the code-search skill for codebase exploration. Describe what you need in plain language.');
228
- }
229
-
230
- if (tool_name === 'EnterPlanMode') {
231
- return deny('Plan mode is disabled. Use the gm skill (PLAN→EXECUTE→EMIT→VERIFY→COMPLETE state machine) instead.');
232
- }
233
-
234
- if (tool_name === 'Skill') {
235
- const skill = (tool_input?.skill || '').toLowerCase().replace(/^gm:/, '');
236
- if (skill === 'explore' || skill === 'search') {
237
- return deny('Use the code-search skill for codebase exploration. Describe what you need in plain language — it understands intent, not just patterns.');
238
- }
239
- }
240
-
241
- if (tool_name === 'Bash') {
242
- const command = (tool_input?.command || '').trim();
243
- const stripFooter = (s) => s.replace(/\n\[Running tools\][\s\S]*$/, '').trimEnd();
244
-
245
- // ─── agent-browser: CLI commands ──────────────────────────────────────────
246
- const abCliMatch = command.match(/^agent-browser:\n([\s\S]+)$/);
247
- if (abCliMatch) {
248
- const abCode = abCliMatch[1];
249
- const abNative = (() => {
250
- const abDir = path.join(TOOLS_DIR, 'node_modules', 'agent-browser', 'bin');
251
- const ext = IS_WIN ? '.exe' : '';
252
- const archMap = { x64: 'x64', arm64: 'arm64', ia32: 'x64' };
253
- const osMap = { win32: 'win32', darwin: 'darwin', linux: 'linux' };
254
- const candidate = path.join(abDir, `agent-browser-${osMap[process.platform] || process.platform}-${archMap[process.arch] || process.arch}${ext}`);
255
- return fs.existsSync(candidate) ? candidate : null;
256
- })();
257
- const abBin = abNative || (fs.existsSync(localBin('agent-browser')) ? localBin('agent-browser') : 'agent-browser');
258
- const AB_CMDS = new Set(['open','goto','navigate','close','quit','exit','back','forward','reload','click','dblclick','type','fill','press','check','uncheck','select','drag','upload','hover','focus','scroll','scrollintoview','wait','screenshot','pdf','snapshot','get','is','find','eval','connect','tab','frame','dialog','state','session','network','cookies','storage','set','trace','profiler','record','console','errors','highlight','inspect','diff','keyboard','mouse','install','upgrade','confirm','deny','auth','device','window']);
259
- const AB_GLOBAL_FLAGS = new Set(['--cdp','--headed','--headless','--session','--session-name','--auto-connect','--profile','--allow-file-access','--color-scheme','-p','--platform','--device']);
260
- const AB_GLOBAL_FLAGS_WITH_VALUE = new Set(['--cdp','--session','--session-name','--profile','--color-scheme','-p','--platform','--device']);
261
- const AB_SESSION_STATE = path.join(os.tmpdir(), 'gm-ab-sessions.json');
262
- function readAbSessions() { try { return JSON.parse(fs.readFileSync(AB_SESSION_STATE, 'utf8')); } catch { return {}; } }
263
- function writeAbSessions(s) { try { fs.writeFileSync(AB_SESSION_STATE, JSON.stringify(s)); } catch {} }
264
- function parseAbLine(line) {
265
- const tokens = line.match(/(?:[^\s"']+|"[^"]*"|'[^']*')+/g) || [];
266
- const globalArgs = [], rest = [];
267
- let i = 0;
268
- while (i < tokens.length) {
269
- if (AB_GLOBAL_FLAGS.has(tokens[i])) {
270
- globalArgs.push(tokens[i]);
271
- if (AB_GLOBAL_FLAGS_WITH_VALUE.has(tokens[i]) && i + 1 < tokens.length && !tokens[i+1].startsWith('--')) globalArgs.push(tokens[++i]);
272
- i++;
273
- } else { rest.push(...tokens.slice(i)); break; }
274
- }
275
- return { globalArgs, rest };
276
- }
277
- const spawnAb = (bin, args, stdin) => {
278
- const headed = args.includes('--headed');
279
- const opts = { encoding: 'utf-8', timeout: 60000, windowsHide: !headed, ...(IS_WIN && { shell: true }), cwd: process.cwd(), ...(stdin !== undefined && { input: stdin }) };
280
- const r = spawnSync(bin, args, opts);
281
- if (!r.stdout && !r.stderr && r.error) return `[spawn error: ${r.error.message}]`;
282
- const out = (r.stdout || '').trimEnd(), err = stripFooter(r.stderr || '').trimEnd();
283
- return out && err ? out + '\n[stderr]\n' + err : stripFooter(out || err);
284
- };
285
- try {
286
- const safeAb = abCode.trim();
287
- const firstParsed = parseAbLine(safeAb.split('\n')[0].trim());
288
- const firstWord = (firstParsed.rest[0] || '').toLowerCase();
289
- const sessionName = (() => { const si = firstParsed.globalArgs.indexOf('--session'); return si >= 0 ? firstParsed.globalArgs[si+1] : 'default'; })();
290
- const sessions = readAbSessions();
291
- if (['open','goto','navigate'].includes(firstWord)) sessions[sessionName] = { url: firstParsed.rest[1] || '?', ts: Date.now() };
292
- if (['close','quit','exit'].includes(firstWord)) delete sessions[sessionName];
293
- writeAbSessions(sessions);
294
- const openSessions = Object.entries(sessions);
295
- let result;
296
- if (AB_CMDS.has(firstWord)) {
297
- const lines = safeAb.split('\n').map(l => l.trim()).filter(Boolean);
298
- if (lines.length === 1) {
299
- const { globalArgs, rest } = parseAbLine(lines[0]);
300
- result = spawnAb(abBin, [...globalArgs, ...rest]);
301
- } else {
302
- const hasClose = lines.some(l => { const w = (parseAbLine(l).rest[0]||'').toLowerCase(); return ['close','quit','exit'].includes(w); });
303
- const batchGlobals = firstParsed.globalArgs;
304
- const results = [];
305
- for (const l of lines) {
306
- const { globalArgs, rest } = parseAbLine(l);
307
- const mergedGlobals = [...batchGlobals.filter(f => !globalArgs.includes(f)), ...globalArgs];
308
- const w = (rest[0]||'').toLowerCase();
309
- if (['open','goto','navigate'].includes(w)) sessions[sessionName] = { url: rest[1]||'?', ts: Date.now() };
310
- if (['close','quit','exit'].includes(w)) delete sessions[sessionName];
311
- const args = AB_CMDS.has(w) ? [...mergedGlobals, ...rest] : [...mergedGlobals, 'eval', '--stdin'];
312
- const stdin = AB_CMDS.has(w) ? undefined : l.trim();
313
- results.push(spawnAb(abBin, args, stdin));
314
- }
315
- writeAbSessions(sessions);
316
- result = results.filter(Boolean).join('\n');
317
- if (!hasClose && openSessions.length > 0) result += `\n\n[tab] Browser session "${sessionName}" still open. Close when done:\n agent-browser:\n close`;
318
- }
319
- } else {
320
- result = spawnAb(abBin, ['eval', '--stdin'], safeAb);
321
- }
322
- if (openSessions.length > 1) {
323
- const stale = openSessions.filter(([n]) => n !== sessionName).map(([n,v]) => ` "${n}" → ${v.url} (${Math.round((Date.now()-v.ts)/60000)}min ago)`).join('\n');
324
- result = (result || '') + `\n\n[tab] ${openSessions.length - 1} other session(s) still open:\n${stale}\n Close with: agent-browser:\\nclose (or --session <name> close)`;
325
- }
326
- return allowWithNoop(`agent-browser output:\n\n${result || '(no output)'}`);
327
- } catch(e) {
328
- return allowWithNoop(`agent-browser error:\n\n${e.message || '(exec failed)'}`);
329
- }
330
- }
331
-
332
- const execMatch = command.match(/^exec(?::(\S+))?\n([\s\S]+)$/);
333
- if (execMatch) {
334
- const rawLang = (execMatch[1] || '').toLowerCase();
335
- const code = execMatch[2];
336
- if (/^\s*agent-browser\s/.test(code)) {
337
- return deny(`Do not call agent-browser via exec:bash. Use agent-browser: for CLI commands:\n\nagent-browser:\nopen http://example.com\n\nMultiple commands:\n\nagent-browser:\nopen http://localhost:3001\nwait 2000\nsnapshot -i\n\nFor headed mode:\n\nagent-browser:\n--headed open http://localhost:3001\nwait --load networkidle\nsnapshot -i\n\nFor JS eval in browser:\n\nexec:agent-browser\ndocument.title`);
338
- }
339
- const cwd = tool_input?.cwd;
340
-
341
- // ─── Lang plugin dispatch ─────────────────────────────────────────────
342
- if (rawLang) {
343
- const builtins = new Set(['js','javascript','ts','typescript','node','nodejs','py','python','sh','bash','shell','zsh','powershell','ps1','go','rust','c','cpp','java','deno','cmd','browser','ab','agent-browser','codesearch','search','status','sleep','close','runner','type']);
344
- if (!builtins.has(rawLang)) {
345
- const plugins = loadLangPlugins(projectDir);
346
- const plugin = plugins.find(p => p.exec.match.test(`exec:${rawLang}\n${code}`));
347
- if (plugin) {
348
- const runnerCode = `
349
- const plugin = require(${JSON.stringify(path.join(projectDir, 'lang', plugin.id + '.js'))});
350
- Promise.resolve(plugin.exec.run(${JSON.stringify(code)}, ${JSON.stringify(cwd || projectDir || process.cwd())}))
351
- .then(out => process.stdout.write(String(out || '')))
352
- .catch(e => { process.stderr.write(e.message || String(e)); process.exit(1); });
353
- `;
354
- const r = spawnSync('bun', ['-e', runnerCode], { encoding: 'utf-8', timeout: 60000, windowsHide: true });
355
- const out = (r.stdout || '').trimEnd();
356
- const err = (r.stderr || '').trimEnd();
357
- if (r.status !== 0 || r.error) return allowWithNoop(`exec:${rawLang} error:\n\n${r.error ? r.error.message : (err || 'exec failed')}`);
358
- return allowWithNoop(`exec:${rawLang} output:\n\n${out || '(no output)'}`);
359
- }
360
- }
361
- }
362
- // ─────────────────────────────────────────────────────────────────────
363
- const detectLang = (src) => {
364
- if (/^\s*(import |from |export |const |let |var |function |class |async |await |console\.|process\.)/.test(src)) return 'nodejs';
365
- if (/^\s*(import |def |print\(|class |if __name__)/.test(src)) return 'python';
366
- if (/^\s*(echo |ls |cd |mkdir |rm |cat |grep |find |export |source |#!)/.test(src)) return 'bash';
367
- return 'nodejs';
368
- };
369
- // Note: 'cmd' is NOT aliased to 'bash' — it has its own handler below
370
- const aliases = { js: 'nodejs', javascript: 'nodejs', ts: 'typescript', node: 'nodejs', py: 'python', sh: 'bash', shell: 'bash', zsh: 'bash', powershell: 'powershell', ps1: 'powershell', browser: 'agent-browser', ab: 'agent-browser', codesearch: 'codesearch', search: 'search', status: 'status', sleep: 'sleep', close: 'close', runner: 'runner', type: 'type' };
371
- const lang = aliases[rawLang] || rawLang || detectLang(code);
372
- const langExts = { nodejs: 'mjs', typescript: 'ts', deno: 'ts', python: 'py', bash: 'sh', powershell: 'ps1', go: 'go', rust: 'rs', c: 'c', cpp: 'cpp', java: 'java' };
373
-
374
- const spawnDirect = (bin, args, stdin) => {
375
- const isAb = lang === 'agent-browser';
376
- const spawnCwd = cwd || (isAb ? process.cwd() : undefined);
377
- const opts = { encoding: 'utf-8', timeout: 60000, windowsHide: true, ...(isAb && IS_WIN && { shell: true }), ...(spawnCwd && { cwd: spawnCwd }), ...(stdin !== undefined && { input: stdin }) };
378
- const r = spawnSync(bin, args, opts);
379
- if (!r.stdout && !r.stderr && r.error) return `[spawn error: ${r.error.message}]`;
380
- const out = (r.stdout || '').trimEnd(), err = stripFooter(r.stderr || '').trimEnd();
381
- return out && err ? out + '\n[stderr]\n' + err : stripFooter(out || err);
382
- };
383
-
384
- const runWithFile = (l, src) => {
385
- const tmp = path.join(os.tmpdir(), `gm-exec-${Date.now()}.${langExts[l] || l}`);
386
- fs.writeFileSync(tmp, src, 'utf-8');
387
- const r = runGmExec(['exec', `--lang=${l}`, `--file=${tmp}`, ...(cwd ? [`--cwd=${cwd}`] : [])], { timeout: 65000 });
388
- try { fs.unlinkSync(tmp); } catch (e) {}
389
- let out = stripFooter((r.stdout || '') + (r.stderr || ''));
390
- const bg = out.match(/Task ID:\s*(task_\S+)/);
391
- if (bg) {
392
- runGmExec(['sleep', bg[1], '15'], { timeout: 25000 });
393
- const sr = runGmExec(['status', bg[1]], { timeout: 15000 });
394
- const statusOut = stripFooter((sr.stdout || '') + (sr.stderr || ''));
395
- const stillRunning = /Status:\s*running/i.test(statusOut);
396
- out = statusOut;
397
- if (!stillRunning) runGmExec(['close', bg[1]], { timeout: 10000 });
398
- }
399
- return out;
400
- };
401
-
402
- const decodeB64 = (s) => {
403
- const t = s.trim();
404
- if (t.length < 16 || t.length % 4 !== 0 || !/^[A-Za-z0-9+/\r\n]+=*$/.test(t)) return s;
405
- try { const d = Buffer.from(t, 'base64').toString('utf-8'); return /[\x00-\x08\x0b\x0e-\x1f]/.test(d) ? s : d; } catch { return s; }
406
- };
407
-
408
- const safeCode = decodeB64(code);
409
-
410
- if (['codesearch', 'search'].includes(lang)) {
411
- const query = safeCode.trim();
412
- const r = runGmExec(['search', ...(cwd ? ['--path', cwd] : []), query], { timeout: 30000, ...(cwd && { cwd }) });
413
- return allowWithNoop(`exec:${lang} output:\n\n${stripFooter((r.stdout || '') + (r.stderr || '')) || '(no results)'}`);
414
- }
415
- if (lang === 'status') {
416
- const r = runGmExec(['status', safeCode.trim()], { timeout: 15000 });
417
- return allowWithNoop(`exec:status output:\n\n${stripFooter((r.stdout || '') + (r.stderr || ''))}`);
418
- }
419
- if (lang === 'sleep') {
420
- const parts = safeCode.trim().split(/\s+/);
421
- const r = runGmExec(['sleep', ...parts], { timeout: 70000 });
422
- return allowWithNoop(`exec:sleep output:\n\n${stripFooter((r.stdout || '') + (r.stderr || ''))}`);
423
- }
424
- if (lang === 'close') {
425
- const r = runGmExec(['close', safeCode.trim()], { timeout: 15000 });
426
- return allowWithNoop(`exec:close output:\n\n${stripFooter((r.stdout || '') + (r.stderr || ''))}`);
427
- }
428
- if (lang === 'runner') {
429
- const r = runGmExec(['runner', safeCode.trim()], { timeout: 15000 });
430
- return allowWithNoop(`exec:runner output:\n\n${stripFooter((r.stdout || '') + (r.stderr || ''))}`);
431
- }
432
- if (lang === 'type') {
433
- const lines = safeCode.split(/\r?\n/);
434
- const taskId = lines[0].trim();
435
- const inputData = lines.slice(1).join('\n').trim();
436
- const r = runGmExec(['type', taskId, inputData], { timeout: 15000 });
437
- return allowWithNoop(`exec:type output:\n\n${stripFooter((r.stdout || '') + (r.stderr || ''))}`);
438
- }
439
- try {
440
- let result;
441
- if (lang === 'bash') {
442
- const shFile = path.join(os.tmpdir(), `gm-exec-${Date.now()}.sh`);
443
- fs.writeFileSync(shFile, safeCode, 'utf-8');
444
- result = spawnDirect('bash', [shFile]);
445
- try { fs.unlinkSync(shFile); } catch (e) {}
446
- if (!result || result.startsWith('[spawn error:')) result = runWithFile('bash', safeCode);
447
- } else if (lang === 'cmd') {
448
- // exec:cmd always runs cmd.exe /c — explicit Windows command prompt
449
- result = spawnDirect('cmd.exe', ['/c', safeCode]);
450
- if (!result || result.startsWith('[spawn error:')) result = runWithFile('cmd', safeCode);
451
- return allowWithNoop(`exec:cmd output:\n\n${result || '(no output)'}`);
452
- } else if (lang === 'python') {
453
- result = spawnDirect('python3', ['-c', safeCode]);
454
- if (!result || result.startsWith('[spawn error:')) result = spawnDirect('python', ['-c', safeCode]);
455
- } else if (!lang || ['nodejs', 'typescript', 'deno'].includes(lang)) {
456
- const wrapped = `const __result = await (async () => {\n${safeCode}\n})();\nif (__result !== undefined) { if (typeof __result === 'object') { console.log(JSON.stringify(__result, null, 2)); } else { console.log(__result); } }`;
457
- result = runWithFile(lang || 'nodejs', wrapped);
458
- } else if (lang === 'agent-browser') {
459
- // exec:agent-browser = JS eval in browser page context only.
460
- // Browser CLI commands (open, click, snapshot, headed mode, etc.) use agent-browser: prefix.
461
- const abNative = (() => {
462
- const abDir = path.join(TOOLS_DIR, 'node_modules', 'agent-browser', 'bin');
463
- const ext = IS_WIN ? '.exe' : '';
464
- const archMap = { x64: 'x64', arm64: 'arm64', ia32: 'x64' };
465
- const osMap = { win32: 'win32', darwin: 'darwin', linux: 'linux' };
466
- const candidate = path.join(abDir, `agent-browser-${osMap[process.platform] || process.platform}-${archMap[process.arch] || process.arch}${ext}`);
467
- return fs.existsSync(candidate) ? candidate : null;
468
- })();
469
- const abBin = abNative || (fs.existsSync(localBin('agent-browser')) ? localBin('agent-browser') : 'agent-browser');
470
- result = spawnDirect(abBin, ['eval', '--stdin'], safeCode);
471
- } else {
472
- result = runWithFile(lang, safeCode);
473
- }
474
- return allowWithNoop(`exec:${lang} output:\n\n${result || '(no output)'}`);
475
- } catch (e) {
476
- return allowWithNoop(`exec:${lang} error:\n\n${(e.stdout || '') + (e.stderr || '') || e.message || '(exec failed)'}`);
477
- }
478
- }
479
-
480
- if (/^bun\s+x\s+(gm-exec|rs-exec|plugkit|codebasesearch)/.test(command)) {
481
- return deny(`Do not call ${command.match(/^bun\s+x\s+(\S+)/)[1]} directly. Use exec:<lang> syntax instead.\n\nExamples:\n exec:nodejs\n console.log("hello")\n\n exec:codesearch\n find all database queries\n\n exec:bash\n ls -la\n\nThe exec: prefix routes through the hook dispatcher which handles language detection, background tasks, and tool management automatically.`);
482
- }
483
-
484
- if (!/^exec(\s|:)/.test(command) && !/^agent-browser:/.test(command) && !/^git /.test(command) && !/(\bclaude\b)/.test(command) && !/^npm install .* \/config\/.gmweb/.test(command) && !/^bun install --cwd \/config\/.gmweb/.test(command)) {
485
- return deny(`Bash is restricted to exec:<lang>, agent-browser:, and git.\n\nexec:<lang> syntax (lang auto-detected if omitted):\n exec:nodejs / exec:python / exec:bash / exec:typescript\n exec:go / exec:rust / exec:java / exec:c / exec:cpp\n exec:cmd ← runs cmd.exe /c on Windows\n exec:agent-browser ← JS eval in browser page context (document.title, DOM queries, etc.)\n exec ← auto-detects language\n\nexec:agent-browser — JS eval in browser page context:\n exec:agent-browser\n document.title\n\n exec:agent-browser\n JSON.stringify([...document.querySelectorAll('h1')].map(h => h.textContent))\n\nagent-browser: — browser CLI commands (open, click, snapshot, headed mode, etc.):\n agent-browser:\n open http://localhost:3001\n\n agent-browser:\n --headed open http://localhost:3001\n wait --load networkidle\n snapshot -i\n\n agent-browser:\n close\n\nTask management shortcuts (body = args):\n exec:status\n <task_id>\n\n exec:sleep\n <task_id> [seconds] [--next-output]\n\n exec:type\n <task_id>\n <input to send to stdin>\n\n exec:close\n <task_id>\n\n exec:runner\n start|stop|status\n\nCode search shortcut:\n exec:codesearch\n <natural language query>\n\nAll other Bash commands are blocked.`);
486
- }
487
- }
488
-
489
- const allowedTools = ['agent-browser', 'Skill', 'code-search', 'electron', 'TaskOutput', 'ReadMcpResourceTool', 'ListMcpResourcesTool'];
490
- if (allowedTools.includes(tool_name)) return allow();
491
-
492
- return allow();
493
- } catch (error) {
494
- return allow();
495
- }
496
- };
497
-
498
- try {
499
- const result = run();
500
- console.log(JSON.stringify(result));
501
- process.exit(0);
502
- } catch (error) {
503
- process.exit(0);
504
- }