my-pi 0.1.11 → 0.1.12

package/README.md

@@ -313,8 +313,28 @@ HTTP MCP servers are supported too:
 Use `"type": "http"` or `"type": "streamable-http"` for remote MCP
 servers. If `url` is present, my-pi treats the entry as HTTP.
 
-Project servers merge with global servers. If both define the same
-server name, the project config wins.
+Global MCP config is loaded automatically. Project-local `mcp.json` is
+untrusted by default; interactive sessions prompt before loading it
+and headless sessions skip it unless `MY_PI_MCP_PROJECT_CONFIG=allow`
+or `MY_PI_MCP_PROJECT_CONFIG=trust` is set. If both configs define the
+same server name, the trusted project config wins.
+
+### Hooks
+
+Claude-style hooks are discovered from `.claude/settings.json`,
+`.rulesync/hooks.json`, and `.pi/hooks.json`. Because hook commands
+run through `bash -lc`, project hook config is untrusted by default.
+Interactive sessions show the hook source files and commands before
+allowing execution; headless sessions skip hooks unless
+`MY_PI_HOOKS_CONFIG=allow` or `MY_PI_HOOKS_CONFIG=trust` is set.
+Trusted hook approvals are remembered per project directory and
+hook-config hash.
+
+Hook commands receive a restricted child-process environment by
+default: baseline shell variables plus `CLAUDE_PROJECT_DIR`. Use
+`MY_PI_HOOKS_ENV_ALLOWLIST=NAME,OTHER_NAME` or the shared
+`MY_PI_CHILD_ENV_ALLOWLIST` to pass selected ambient variables
+through.
 
 ### Commands
 

package/dist/{api-C7cSSbTg.js → api-CB0OXSW_.js}

@@ -13,11 +13,81 @@ import skills_extension, { create_skills_manager } from "@spences10/pi-skills";
 import sqlite_tools_extension from "@spences10/pi-sqlite-tools";
 import { create_telemetry_extension } from "@spences10/pi-telemetry";
 import { spawn } from "node:child_process";
+import { createHash } from "node:crypto";
 import { homedir } from "node:os";
 import { Container, SettingsList, Text, truncateToWidth, visibleWidth } from "@mariozechner/pi-tui";
 import { complete } from "@mariozechner/pi-ai";
+//#region src/extensions/hooks-resolution/env.ts
+const BASE_CHILD_ENV_KEYS = new Set([
+	"CI",
+	"COLORTERM",
+	"FORCE_COLOR",
+	"HOME",
+	"LANG",
+	"LOGNAME",
+	"NO_COLOR",
+	"PATH",
+	"SHELL",
+	"TEMP",
+	"TERM",
+	"TMP",
+	"TMPDIR",
+	"USER"
+]);
+const EXTRA_ENV_ALLOWLIST_KEYS = ["MY_PI_CHILD_ENV_ALLOWLIST", "MY_PI_HOOKS_ENV_ALLOWLIST"];
+function create_child_process_env(explicit_env = {}, source_env = process.env) {
+	const env = {};
+	const allowed_keys = new Set(BASE_CHILD_ENV_KEYS);
+	for (const key of Object.keys(source_env)) if (key.startsWith("LC_")) allowed_keys.add(key);
+	for (const allowlist_key of EXTRA_ENV_ALLOWLIST_KEYS) for (const key of parse_env_allowlist(source_env[allowlist_key])) allowed_keys.add(key);
+	for (const key of allowed_keys) {
+		const value = source_env[key];
+		if (typeof value === "string") env[key] = value;
+	}
+	return {
+		...env,
+		...explicit_env
+	};
+}
+function parse_env_allowlist(value) {
+	if (!value) return [];
+	return value.split(",").map((key) => key.trim()).filter(Boolean);
+}
+//#endregion
+//#region src/extensions/hooks-resolution/trust.ts
+function default_hooks_trust_store_path() {
+	return join(homedir(), ".pi", "agent", "trusted-hooks.json");
+}
+function is_hooks_config_trusted(project_dir, hash, trust_store_path = default_hooks_trust_store_path()) {
+	return read_trusted_hooks(trust_store_path)[project_dir]?.hash === hash;
+}
+function trust_hooks_config(project_dir, hash, trust_store_path = default_hooks_trust_store_path()) {
+	const trusted_hooks = read_trusted_hooks(trust_store_path);
+	trusted_hooks[project_dir] = {
+		project_dir,
+		hash,
+		trusted_at: (/* @__PURE__ */ new Date()).toISOString()
+	};
+	mkdirSync(dirname(trust_store_path), { recursive: true });
+	writeFileSync(trust_store_path, JSON.stringify(trusted_hooks, null, "	") + "\n", {
+		encoding: "utf8",
+		mode: 384
+	});
+}
+function read_trusted_hooks(trust_store_path) {
+	if (!existsSync(trust_store_path)) return {};
+	try {
+		const raw = readFileSync(trust_store_path, "utf-8");
+		const parsed = JSON.parse(raw);
+		return parsed && typeof parsed === "object" ? parsed : {};
+	} catch {
+		return {};
+	}
+}
+//#endregion
 //#region src/extensions/hooks-resolution/index.ts
 const HOOK_TIMEOUT_MS = 600 * 1e3;
+const HOOKS_CONFIG_ENV = "MY_PI_HOOKS_CONFIG";
 function is_file(path) {
 	try {
 		return statSync(path).isFile();
@@ -134,20 +204,47 @@ function parse_simple_hooks_file(config, source, project_dir) {
 	}
 	return hooks;
 }
+function hook_config_paths(project_dir) {
+	return [
+		join(project_dir, ".claude", "settings.json"),
+		join(project_dir, ".rulesync", "hooks.json"),
+		join(project_dir, ".pi", "hooks.json")
+	];
+}
+function parse_hooks_config_file(path, project_dir) {
+	const config = read_json_file(path);
+	if (config === void 0) return [];
+	if (path.endsWith(join(".claude", "settings.json"))) return parse_claude_settings_hooks(config, path, project_dir);
+	return parse_simple_hooks_file(config, path, project_dir);
+}
 function load_hooks(cwd) {
 	const project_dir = find_project_dir(cwd);
-	const hooks = [];
-	const claude_settings_path = join(project_dir, ".claude", "settings.json");
-	const rulesync_hooks_path = join(project_dir, ".rulesync", "hooks.json");
-	const pi_hooks_path = join(project_dir, ".pi", "hooks.json");
-	const claude_settings = read_json_file(claude_settings_path);
-	if (claude_settings !== void 0) hooks.push(...parse_claude_settings_hooks(claude_settings, claude_settings_path, project_dir));
-	const rulesync_hooks = read_json_file(rulesync_hooks_path);
-	if (rulesync_hooks !== void 0) hooks.push(...parse_simple_hooks_file(rulesync_hooks, rulesync_hooks_path, project_dir));
-	const pi_hooks = read_json_file(pi_hooks_path);
-	if (pi_hooks !== void 0) hooks.push(...parse_simple_hooks_file(pi_hooks, pi_hooks_path, project_dir));
 	return {
 		project_dir,
+		hooks: hook_config_paths(project_dir).flatMap((path) => parse_hooks_config_file(path, project_dir))
+	};
+}
+function get_hooks_config_info(cwd) {
+	const project_dir = find_project_dir(cwd);
+	const sources = hook_config_paths(project_dir).filter(is_file);
+	if (sources.length === 0) return void 0;
+	const hash = createHash("sha256");
+	for (const source of sources) {
+		hash.update(source);
+		hash.update("\0");
+		hash.update(readFileSync(source, "utf8"));
+		hash.update("\0");
+	}
+	const hooks = sources.flatMap((source) => parse_hooks_config_file(source, project_dir)).map((hook) => ({
+		event_name: hook.event_name,
+		matcher_text: hook.matcher_text,
+		command: hook.command,
+		source: hook.source
+	}));
+	return {
+		project_dir,
+		hash: hash.digest("hex"),
+		sources,
 		hooks
 	};
 }
@@ -216,10 +313,7 @@ async function run_command_hook(command, cwd, payload) {
 		const started_at = Date.now();
 		const child = spawn("bash", ["-lc", command], {
 			cwd,
-			env: {
-				...process.env,
-				CLAUDE_PROJECT_DIR: cwd
-			},
+			env: create_child_process_env({ CLAUDE_PROJECT_DIR: cwd }),
 			stdio: [
 				"pipe",
 				"pipe",
@@ -284,6 +378,66 @@ function hook_name(command) {
 	if (sh_path_match) return basename(sh_path_match[0]);
 	return basename(command.trim().split(/\s+/)[0] ?? "hook");
 }
+function normalize_hooks_config_decision(value) {
+	const normalized = value?.trim().toLowerCase();
+	if (!normalized) return void 0;
+	if ([
+		"1",
+		"true",
+		"yes",
+		"allow"
+	].includes(normalized)) return "allow";
+	if (normalized === "trust") return "trust";
+	if ([
+		"0",
+		"false",
+		"no",
+		"skip",
+		"disable"
+	].includes(normalized)) return "skip";
+}
+function format_hooks_config_prompt(info) {
+	const source_lines = info.sources.map((source) => `- ${source}`);
+	const hook_lines = info.hooks.length === 0 ? ["- no valid command hooks detected"] : info.hooks.map((hook) => {
+		const matcher = hook.matcher_text ? ` matcher=${hook.matcher_text}` : "";
+		return `- ${hook.event_name}${matcher}: ${hook.command}`;
+	});
+	return [
+		"Project hook config can execute shell commands after tool use. Trust these hooks?",
+		`Project: ${info.project_dir}`,
+		`SHA-256: ${info.hash}`,
+		"Sources:",
+		...source_lines,
+		"Commands:",
+		...hook_lines
+	].join("\n");
+}
+async function should_load_hooks_config(cwd, ctx) {
+	const info = get_hooks_config_info(cwd);
+	if (!info) return true;
+	if (is_hooks_config_trusted(info.project_dir, info.hash)) return true;
+	const env_decision = normalize_hooks_config_decision(process.env[HOOKS_CONFIG_ENV]);
+	if (env_decision === "trust") {
+		trust_hooks_config(info.project_dir, info.hash);
+		return true;
+	}
+	if (env_decision === "allow") return true;
+	if (env_decision === "skip") return false;
+	if (!ctx?.hasUI) {
+		console.warn(`Skipping untrusted hook config in ${info.project_dir}. Set ${HOOKS_CONFIG_ENV}=allow to enable hooks for this run.`);
+		return false;
+	}
+	const choice = await ctx.ui.select(format_hooks_config_prompt(info), [
+		"Allow once for this session",
+		"Trust this repo until hook config changes",
+		"Skip project hooks"
+	]);
+	if (choice === "Trust this repo until hook config changes") {
+		trust_hooks_config(info.project_dir, info.hash);
+		return true;
+	}
+	return choice === "Allow once for this session";
+}
 function create_hooks_resolution_extension(options = {}) {
 	const load_hooks_impl = options.load_hooks ?? load_hooks;
 	const run_command_hook_impl = options.run_command_hook ?? run_command_hook;
@@ -292,11 +446,18 @@ function create_hooks_resolution_extension(options = {}) {
 			project_dir: process.cwd(),
 			hooks: []
 		};
-		const refresh_hooks = (cwd) => {
+		const refresh_hooks = async (cwd, ctx) => {
+			if (!await should_load_hooks_config(cwd, ctx)) {
+				state = {
+					project_dir: cwd,
+					hooks: []
+				};
+				return;
+			}
 			state = load_hooks_impl(cwd);
 		};
-		pi.on("session_start", (_event, ctx) => {
-			refresh_hooks(ctx.cwd);
+		pi.on("session_start", async (_event, ctx) => {
+			await refresh_hooks(ctx.cwd, ctx);
 		});
 		pi.on("tool_result", async (event, ctx) => {
 			if (state.hooks.length === 0) return;
@@ -1958,4 +2119,4 @@ async function create_my_pi(options = {}) {
 //#endregion
 export { runPrintMode$1 as i, create_my_pi as n, get_force_disabled_builtins as r, InteractiveMode$1 as t };
 
-//# sourceMappingURL=api-C7cSSbTg.js.map
+//# sourceMappingURL=api-CB0OXSW_.js.map