sessix-server 0.4.1 → 0.4.2

package/dist/index.js

@@ -1850,6 +1850,54 @@ var SessionManager = class {
       return stats ? { ...session, stats } : session;
     });
   }
+  /**
+   * 接入 ApprovalProxy 的非阻塞 hook 通知，将其映射为 ServerEvent 转发。
+   *
+   * 仅转发为 shared 类型定义中的字段，不把 hook 原始 payload 透传出去（隐私 + 体积）。
+   * 当前覆盖：
+   * - PreCompact (`type: 'compact'`)         → `session_compact`
+   * - PermissionDenied (`type: 'permission_denied'`) → `permission_denied`
+   * - Subagent  (`type: 'subagent'`)         → `subagent_event`（骨架预留，本任务不发）
+   */
+  attachApprovalProxy(approvalProxy) {
+    approvalProxy.onNotify((notification) => {
+      const serverEvent = this.mapHookNotificationToServerEvent(notification);
+      if (serverEvent) this.emit(serverEvent);
+    });
+  }
+  /** 将 hook 通知映射为 ServerEvent；不识别的 type 返回 null */
+  mapHookNotificationToServerEvent(n) {
+    switch (n.type) {
+      case "compact": {
+        const subtype = n.subtype === "completed" || n.subtype === "blocked" ? n.subtype : "started";
+        return { type: "session_compact", sessionId: n.sessionId, subtype };
+      }
+      case "permission_denied": {
+        const source = n.source === "hook" || n.source === "rule" ? n.source : "classifier";
+        return {
+          type: "permission_denied",
+          sessionId: n.sessionId,
+          toolName: n.toolName ?? "unknown",
+          reason: n.reason ?? "",
+          source
+        };
+      }
+      case "subagent": {
+        const phase = n.subtype === "completed" ? "completed" : "started";
+        return {
+          type: "subagent_event",
+          sessionId: n.sessionId,
+          parentToolUseId: typeof n.parentToolUseId === "string" ? n.parentToolUseId : "",
+          subAgentId: typeof n.subAgentId === "string" ? n.subAgentId : "",
+          phase,
+          task: typeof n.task === "string" ? n.task : void 0
+        };
+      }
+      default:
+        console.warn(`[SessionManager] Unknown hook notification type: ${n.type}`);
+        return null;
+    }
+  }
   /**
    * 注册事件回调（事件会被转发到 WsBridge）
    *
@@ -2535,6 +2583,8 @@ var ApprovalProxy = class _ApprovalProxy {
   approvalRequestCallbacks = [];
   /** 审批 resolve 回调（任何来源的 resolve 都会触发，用于 WS 广播清理 */
   approvalResolvedCallbacks = [];
+  /** Hook 通知回调（PreCompact / PermissionDenied / 等非阻塞 hook） */
+  notifyCallbacks = [];
   /** YOLO 模式状态：sessionId -> enabled */
   yoloSessions = /* @__PURE__ */ new Map();
   /** 内存缓存：已被"始终允许"的工具名（避免每次读 settings.json） */
@@ -2596,6 +2646,24 @@ var ApprovalProxy = class _ApprovalProxy {
       }
     }
   }
+  /**
+   * 注册非阻塞 hook 通知回调（如 PreCompact、PermissionDenied）
+   *
+   * 这些 hook 不需要返回决策给 Claude Code，仅作为 ServerEvent 转发到手机端。
+   */
+  onNotify(callback) {
+    this.notifyCallbacks.push(callback);
+  }
+  /** 触发所有 notify 回调（内部调用） */
+  fireNotify(notification) {
+    for (const callback of this.notifyCallbacks) {
+      try {
+        callback(notification);
+      } catch (err) {
+        console.error("[ApprovalProxy] Notify callback error:", err);
+      }
+    }
+  }
   /** 设置状态信息提供者（用于 /health 端点） */
   setStatusInfoProvider(provider) {
     this.statusInfoProvider = provider;
@@ -2780,6 +2848,8 @@ var ApprovalProxy = class _ApprovalProxy {
     const pathname = url.pathname;
     if (req.method === "POST" && pathname === "/hook/approval") {
       this.handleApprovalHook(req, res);
+    } else if (req.method === "POST" && pathname === "/hook/notify") {
+      this.handleHookNotify(req, res);
     } else if (req.method === "POST" && pathname === "/pair") {
       this.handlePair(req, res);
     } else if (req.method === "GET" && pathname === "/health") {
@@ -2845,6 +2915,51 @@ var ApprovalProxy = class _ApprovalProxy {
       this.sendJson(res, 200, { decision: "deny", reason: "Server failed to process request" });
     }
   }
+  /**
+   * 非阻塞 hook 通知端点
+   *
+   * 用于 PreCompact、PostCompact、PermissionDenied 等 fire-and-forget 的 hook：
+   * 立即返回 {"ok":true}，再异步分发到 notifyCallbacks（最终广播为 ServerEvent）。
+   *
+   * 鉴权策略：仅允许 loopback（本机 hook 脚本）访问，避免远端注入伪造事件。
+   */
+  async handleHookNotify(req, res) {
+    if (!this.isLoopbackRequest(req)) {
+      this.sendJson(res, 403, { ok: false, reason: "forbidden" });
+      return;
+    }
+    try {
+      const body = await this.parseJsonBody(req);
+      const sessionId = String(body.sessionId ?? "").trim();
+      const type = String(body.type ?? "").trim();
+      if (!sessionId || !type) {
+        this.sendJson(res, 400, { error: "sessionId and type are required" });
+        return;
+      }
+      const notification = {
+        sessionId,
+        type
+      };
+      if (typeof body.subtype === "string") notification.subtype = body.subtype;
+      if (typeof body.toolName === "string") notification.toolName = body.toolName;
+      if (typeof body.reason === "string") notification.reason = body.reason;
+      if (typeof body.source === "string") notification.source = body.source;
+      if (typeof body.parentToolUseId === "string") notification.parentToolUseId = body.parentToolUseId;
+      if (typeof body.subAgentId === "string") notification.subAgentId = body.subAgentId;
+      if (body.phase === "started" || body.phase === "completed") notification.phase = body.phase;
+      if (typeof body.task === "string") notification.task = body.task;
+      this.sendJson(res, 200, { ok: true });
+      setImmediate(() => this.fireNotify(notification));
+    } catch (err) {
+      console.error("[ApprovalProxy] Hook notify failed:", err);
+      this.sendJson(res, 200, { ok: false });
+    }
+  }
+  /** 判断请求是否来自本机 loopback（127.0.0.1 / ::1 / IPv4-mapped IPv6） */
+  isLoopbackRequest(req) {
+    const remoteAddress = req.socket.remoteAddress;
+    return remoteAddress === "127.0.0.1" || remoteAddress === "::1" || remoteAddress === "::ffff:127.0.0.1";
+  }
   /** 健康检查端点 */
   handleHealth(_req, res) {
     const info = this.statusInfoProvider?.() ?? { connections: 0, activeSessions: 0 };
@@ -2877,9 +2992,7 @@ var ApprovalProxy = class _ApprovalProxy {
   }
   /** 返回连接 token（仅本机访问） */
   handleToken(req, res) {
-    const remoteAddress = req.socket.remoteAddress;
-    const isLocal = remoteAddress === "127.0.0.1" || remoteAddress === "::1" || remoteAddress === "::ffff:127.0.0.1";
-    if (!isLocal) {
+    if (!this.isLoopbackRequest(req)) {
       this.sendJson(res, 403, { error: t("approval.forbidden") });
       return;
     }
@@ -3107,9 +3220,15 @@ var import_node_os6 = require("os");
 var SESSIX_HOOKS_DIR = (0, import_node_path4.join)((0, import_node_os6.homedir)(), ".sessix", "hooks");
 var HOOK_SCRIPT_PATH = (0, import_node_path4.join)(SESSIX_HOOKS_DIR, "approval-hook.js");
 var PERMISSION_ACCEPT_PATH = (0, import_node_path4.join)(SESSIX_HOOKS_DIR, "permission-accept.js");
+var COMPACT_HOOK_PATH = (0, import_node_path4.join)(SESSIX_HOOKS_DIR, "compact-hook.js");
+var POST_COMPACT_HOOK_PATH = (0, import_node_path4.join)(SESSIX_HOOKS_DIR, "post-compact-hook.js");
+var PERMISSION_DENIED_HOOK_PATH = (0, import_node_path4.join)(SESSIX_HOOKS_DIR, "permission-denied-hook.js");
 var CLAUDE_SETTINGS_PATH = (0, import_node_path4.join)((0, import_node_os6.homedir)(), ".claude", "settings.json");
 var HOOK_COMMAND = "node ~/.sessix/hooks/approval-hook.js";
 var PERMISSION_ACCEPT_COMMAND = "node ~/.sessix/hooks/permission-accept.js";
+var COMPACT_HOOK_COMMAND = "node ~/.sessix/hooks/compact-hook.js";
+var POST_COMPACT_HOOK_COMMAND = "node ~/.sessix/hooks/post-compact-hook.js";
+var PERMISSION_DENIED_HOOK_COMMAND = "node ~/.sessix/hooks/permission-denied-hook.js";
 var LEGACY_HOOK_COMMANDS = [
   "~/.sessix/hooks/approval-hook.sh",
   "~/.sessix/hooks/permission-accept.sh"
@@ -3169,6 +3288,112 @@ if (!process.env.SESSIX_SESSION_ID) process.exit(0)
 process.stdout.write('{"decision":"allow"}\\n')
 process.exit(0)
 `;
+var COMPACT_HOOK_TEMPLATE = `#!/usr/bin/env node
+// Sessix PreCompact \u901A\u77E5 hook
+// \u4EC5\u5728 Sessix \u7BA1\u7406\u7684\u4F1A\u8BDD\u4E2D\u6FC0\u6D3B
+
+const sessionId = process.env.SESSIX_SESSION_ID
+if (!sessionId) {
+  process.stdout.write('{}')
+  process.exit(0)
+}
+
+let raw = ''
+process.stdin.on('data', (chunk) => { raw += chunk })
+process.stdin.on('end', () => {
+  // \u8BFB\u53D6\u5E76\u4E22\u5F03 stdin payload\uFF08PreCompact \u6807\u51C6\u8F93\u5165\uFF09\uFF0Cserver \u7AEF\u4E0D\u9700\u8981\u5B83
+  try { JSON.parse(raw) } catch {}
+  // fire-and-forget\uFF1A\u4E0D\u7B49\u5F85\u54CD\u5E94\uFF0C\u907F\u514D\u963B\u585E compact
+  try {
+    fetch('http://localhost:3746/hook/notify', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        sessionId,
+        type: 'compact',
+        subtype: 'started',
+      }),
+      signal: AbortSignal.timeout(2000),
+    }).catch(() => {})
+  } catch {}
+  // \u7ACB\u5373\u8FD4\u56DE\u7A7A JSON\uFF0C\u4E0D\u963B\u585E compact
+  process.stdout.write('{}')
+  process.exit(0)
+})
+`;
+var POST_COMPACT_HOOK_TEMPLATE = `#!/usr/bin/env node
+// Sessix PostCompact \u901A\u77E5 hook
+// \u4EC5\u5728 Sessix \u7BA1\u7406\u7684\u4F1A\u8BDD\u4E2D\u6FC0\u6D3B
+
+const sessionId = process.env.SESSIX_SESSION_ID
+if (!sessionId) {
+  process.stdout.write('{}')
+  process.exit(0)
+}
+
+let raw = ''
+process.stdin.on('data', (chunk) => { raw += chunk })
+process.stdin.on('end', () => {
+  // \u8BFB\u53D6\u5E76\u4E22\u5F03 stdin payload\uFF0Cserver \u7AEF\u4E0D\u9700\u8981\u5B83
+  try { JSON.parse(raw) } catch {}
+  // fire-and-forget\uFF1A\u4E0D\u7B49\u5F85\u54CD\u5E94
+  try {
+    fetch('http://localhost:3746/hook/notify', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        sessionId,
+        type: 'compact',
+        subtype: 'completed',
+      }),
+      signal: AbortSignal.timeout(2000),
+    }).catch(() => {})
+  } catch {}
+  process.stdout.write('{}')
+  process.exit(0)
+})
+`;
+var PERMISSION_DENIED_HOOK_TEMPLATE = `#!/usr/bin/env node
+// Sessix PermissionDenied \u901A\u77E5 hook
+// \u4EC5\u5728 Sessix \u7BA1\u7406\u7684\u4F1A\u8BDD\u4E2D\u6FC0\u6D3B
+
+const sessionId = process.env.SESSIX_SESSION_ID
+if (!sessionId) {
+  process.stdout.write('{}')
+  process.exit(0)
+}
+
+let raw = ''
+process.stdin.on('data', (chunk) => { raw += chunk })
+process.stdin.on('end', () => {
+  let payload = {}
+  try { payload = JSON.parse(raw) } catch {}
+  const toolName = String(payload.tool_name || 'unknown')
+  // Claude Code PermissionDenied \u7531 classifier \u89E6\u53D1\uFF0C\u6240\u4EE5 source \u9ED8\u8BA4 'classifier'
+  const reason = String(
+    payload.reason ||
+    payload.permission_decision_reason ||
+    payload.permissionDecisionReason ||
+    ''
+  )
+  try {
+    fetch('http://localhost:3746/hook/notify', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        sessionId,
+        type: 'permission_denied',
+        toolName,
+        reason,
+        source: 'classifier',
+      }),
+      signal: AbortSignal.timeout(2000),
+    }).catch(() => {})
+  } catch {}
+  process.stdout.write('{}')
+  process.exit(0)
+})
+`;
 var HookInstaller = class {
   /**
    * 安装 hook
@@ -3182,8 +3407,14 @@ var HookInstaller = class {
     await (0, import_promises2.mkdir)(SESSIX_HOOKS_DIR, { recursive: true });
     await (0, import_promises2.writeFile)(HOOK_SCRIPT_PATH, HOOK_SCRIPT_TEMPLATE, "utf-8");
     await (0, import_promises2.writeFile)(PERMISSION_ACCEPT_PATH, PERMISSION_ACCEPT_TEMPLATE, "utf-8");
+    await (0, import_promises2.writeFile)(COMPACT_HOOK_PATH, COMPACT_HOOK_TEMPLATE, "utf-8");
+    await (0, import_promises2.writeFile)(POST_COMPACT_HOOK_PATH, POST_COMPACT_HOOK_TEMPLATE, "utf-8");
+    await (0, import_promises2.writeFile)(PERMISSION_DENIED_HOOK_PATH, PERMISSION_DENIED_HOOK_TEMPLATE, "utf-8");
     await (0, import_promises2.chmod)(HOOK_SCRIPT_PATH, 493);
     await (0, import_promises2.chmod)(PERMISSION_ACCEPT_PATH, 493);
+    await (0, import_promises2.chmod)(COMPACT_HOOK_PATH, 493);
+    await (0, import_promises2.chmod)(POST_COMPACT_HOOK_PATH, 493);
+    await (0, import_promises2.chmod)(PERMISSION_DENIED_HOOK_PATH, 493);
     await this.addHookToSettings();
     console.log("[HookInstaller] Hook installation complete");
   }
@@ -3209,6 +3440,9 @@ var HookInstaller = class {
   async isInstalled() {
     let approvalScriptContent = "";
     let permissionScriptExists = false;
+    let compactScriptExists = false;
+    let postCompactScriptExists = false;
+    let permissionDeniedScriptExists = false;
     try {
       approvalScriptContent = await (0, import_promises2.readFile)(HOOK_SCRIPT_PATH, "utf-8");
     } catch {
@@ -3218,10 +3452,25 @@ var HookInstaller = class {
       permissionScriptExists = true;
     } catch {
     }
+    try {
+      await (0, import_promises2.access)(COMPACT_HOOK_PATH);
+      compactScriptExists = true;
+    } catch {
+    }
+    try {
+      await (0, import_promises2.access)(POST_COMPACT_HOOK_PATH);
+      postCompactScriptExists = true;
+    } catch {
+    }
+    try {
+      await (0, import_promises2.access)(PERMISSION_DENIED_HOOK_PATH);
+      permissionDeniedScriptExists = true;
+    } catch {
+    }
     const isLatestVersion = approvalScriptContent.includes("permissionDecision");
     const settings = await this.readClaudeSettings();
     const configExists = this.hasHookConfig(settings);
-    return isLatestVersion && permissionScriptExists && configExists;
+    return isLatestVersion && permissionScriptExists && compactScriptExists && postCompactScriptExists && permissionDeniedScriptExists && configExists;
   }
   // ============================================
   // 内部方法
@@ -3259,6 +3508,36 @@ var HookInstaller = class {
       });
       changed = true;
     }
+    if (!this.hasPreCompactConfig(settings)) {
+      if (!settings.hooks.PreCompact) {
+        settings.hooks.PreCompact = [];
+      }
+      settings.hooks.PreCompact.push({
+        matcher: "",
+        hooks: [{ type: "command", command: COMPACT_HOOK_COMMAND }]
+      });
+      changed = true;
+    }
+    if (!this.hasPostCompactConfig(settings)) {
+      if (!settings.hooks.PostCompact) {
+        settings.hooks.PostCompact = [];
+      }
+      settings.hooks.PostCompact.push({
+        matcher: "",
+        hooks: [{ type: "command", command: POST_COMPACT_HOOK_COMMAND }]
+      });
+      changed = true;
+    }
+    if (!this.hasPermissionDeniedConfig(settings)) {
+      if (!settings.hooks.PermissionDenied) {
+        settings.hooks.PermissionDenied = [];
+      }
+      settings.hooks.PermissionDenied.push({
+        matcher: "",
+        hooks: [{ type: "command", command: PERMISSION_DENIED_HOOK_COMMAND }]
+      });
+      changed = true;
+    }
     if (changed) {
       await this.writeClaudeSettings(settings);
     } else {
@@ -3273,6 +3552,9 @@ var HookInstaller = class {
     if (!settings.hooks) return;
     this.removeHookCommand(settings, "PreToolUse", HOOK_COMMAND);
     this.removeHookCommand(settings, "PermissionRequest", PERMISSION_ACCEPT_COMMAND);
+    this.removeHookCommand(settings, "PreCompact", COMPACT_HOOK_COMMAND);
+    this.removeHookCommand(settings, "PostCompact", POST_COMPACT_HOOK_COMMAND);
+    this.removeHookCommand(settings, "PermissionDenied", PERMISSION_DENIED_HOOK_COMMAND);
     if (Object.keys(settings.hooks).length === 0) {
       delete settings.hooks;
     }
@@ -3310,7 +3592,7 @@ var HookInstaller = class {
    * 检查 settings 中是否已包含所有 Sessix hook 配置
    */
   hasHookConfig(settings) {
-    return this.hasPreToolUseConfig(settings) && this.hasPermissionRequestConfig(settings);
+    return this.hasPreToolUseConfig(settings) && this.hasPermissionRequestConfig(settings) && this.hasPreCompactConfig(settings) && this.hasPostCompactConfig(settings) && this.hasPermissionDeniedConfig(settings);
   }
   /** 检查 PreToolUse 中是否有 approval-hook.js */
   hasPreToolUseConfig(settings) {
@@ -3320,6 +3602,18 @@ var HookInstaller = class {
   hasPermissionRequestConfig(settings) {
     return this.hasHookEntry(settings?.hooks?.PermissionRequest, PERMISSION_ACCEPT_COMMAND);
   }
+  /** 检查 PreCompact 中是否有 compact-hook.js */
+  hasPreCompactConfig(settings) {
+    return this.hasHookEntry(settings?.hooks?.PreCompact, COMPACT_HOOK_COMMAND);
+  }
+  /** 检查 PostCompact 中是否有 post-compact-hook.js */
+  hasPostCompactConfig(settings) {
+    return this.hasHookEntry(settings?.hooks?.PostCompact, POST_COMPACT_HOOK_COMMAND);
+  }
+  /** 检查 PermissionDenied 中是否有 permission-denied-hook.js */
+  hasPermissionDeniedConfig(settings) {
+    return this.hasHookEntry(settings?.hooks?.PermissionDenied, PERMISSION_DENIED_HOOK_COMMAND);
+  }
   /** 检查 hook 数组中是否包含指定命令 */
   hasHookEntry(hookArray, command) {
     if (!Array.isArray(hookArray)) return false;
@@ -5049,6 +5343,7 @@ async function start(opts = {}) {
     onStateChange: (state) => mdnsService?.updatePairingState(state)
   });
   approvalProxy.setPairingManager(pairingManager);
+  sessionManager.attachApprovalProxy(approvalProxy);
   const authManager = new AuthManager();
   authManager.on("login_url", (url) => {
     wsBridge.broadcast({ type: "auth_login_url", url });

package/dist/server.js

@@ -1855,6 +1855,54 @@ var SessionManager = class {
       return stats ? { ...session, stats } : session;
     });
   }
+  /**
+   * 接入 ApprovalProxy 的非阻塞 hook 通知，将其映射为 ServerEvent 转发。
+   *
+   * 仅转发为 shared 类型定义中的字段，不把 hook 原始 payload 透传出去（隐私 + 体积）。
+   * 当前覆盖：
+   * - PreCompact (`type: 'compact'`)         → `session_compact`
+   * - PermissionDenied (`type: 'permission_denied'`) → `permission_denied`
+   * - Subagent  (`type: 'subagent'`)         → `subagent_event`（骨架预留，本任务不发）
+   */
+  attachApprovalProxy(approvalProxy) {
+    approvalProxy.onNotify((notification) => {
+      const serverEvent = this.mapHookNotificationToServerEvent(notification);
+      if (serverEvent) this.emit(serverEvent);
+    });
+  }
+  /** 将 hook 通知映射为 ServerEvent；不识别的 type 返回 null */
+  mapHookNotificationToServerEvent(n) {
+    switch (n.type) {
+      case "compact": {
+        const subtype = n.subtype === "completed" || n.subtype === "blocked" ? n.subtype : "started";
+        return { type: "session_compact", sessionId: n.sessionId, subtype };
+      }
+      case "permission_denied": {
+        const source = n.source === "hook" || n.source === "rule" ? n.source : "classifier";
+        return {
+          type: "permission_denied",
+          sessionId: n.sessionId,
+          toolName: n.toolName ?? "unknown",
+          reason: n.reason ?? "",
+          source
+        };
+      }
+      case "subagent": {
+        const phase = n.subtype === "completed" ? "completed" : "started";
+        return {
+          type: "subagent_event",
+          sessionId: n.sessionId,
+          parentToolUseId: typeof n.parentToolUseId === "string" ? n.parentToolUseId : "",
+          subAgentId: typeof n.subAgentId === "string" ? n.subAgentId : "",
+          phase,
+          task: typeof n.task === "string" ? n.task : void 0
+        };
+      }
+      default:
+        console.warn(`[SessionManager] Unknown hook notification type: ${n.type}`);
+        return null;
+    }
+  }
   /**
    * 注册事件回调（事件会被转发到 WsBridge）
    *
@@ -2540,6 +2588,8 @@ var ApprovalProxy = class _ApprovalProxy {
   approvalRequestCallbacks = [];
   /** 审批 resolve 回调（任何来源的 resolve 都会触发，用于 WS 广播清理 */
   approvalResolvedCallbacks = [];
+  /** Hook 通知回调（PreCompact / PermissionDenied / 等非阻塞 hook） */
+  notifyCallbacks = [];
   /** YOLO 模式状态：sessionId -> enabled */
   yoloSessions = /* @__PURE__ */ new Map();
   /** 内存缓存：已被"始终允许"的工具名（避免每次读 settings.json） */
@@ -2601,6 +2651,24 @@ var ApprovalProxy = class _ApprovalProxy {
       }
     }
   }
+  /**
+   * 注册非阻塞 hook 通知回调（如 PreCompact、PermissionDenied）
+   *
+   * 这些 hook 不需要返回决策给 Claude Code，仅作为 ServerEvent 转发到手机端。
+   */
+  onNotify(callback) {
+    this.notifyCallbacks.push(callback);
+  }
+  /** 触发所有 notify 回调（内部调用） */
+  fireNotify(notification) {
+    for (const callback of this.notifyCallbacks) {
+      try {
+        callback(notification);
+      } catch (err) {
+        console.error("[ApprovalProxy] Notify callback error:", err);
+      }
+    }
+  }
   /** 设置状态信息提供者（用于 /health 端点） */
   setStatusInfoProvider(provider) {
     this.statusInfoProvider = provider;
@@ -2785,6 +2853,8 @@ var ApprovalProxy = class _ApprovalProxy {
     const pathname = url.pathname;
     if (req.method === "POST" && pathname === "/hook/approval") {
       this.handleApprovalHook(req, res);
+    } else if (req.method === "POST" && pathname === "/hook/notify") {
+      this.handleHookNotify(req, res);
     } else if (req.method === "POST" && pathname === "/pair") {
       this.handlePair(req, res);
     } else if (req.method === "GET" && pathname === "/health") {
@@ -2850,6 +2920,51 @@ var ApprovalProxy = class _ApprovalProxy {
       this.sendJson(res, 200, { decision: "deny", reason: "Server failed to process request" });
     }
   }
+  /**
+   * 非阻塞 hook 通知端点
+   *
+   * 用于 PreCompact、PostCompact、PermissionDenied 等 fire-and-forget 的 hook：
+   * 立即返回 {"ok":true}，再异步分发到 notifyCallbacks（最终广播为 ServerEvent）。
+   *
+   * 鉴权策略：仅允许 loopback（本机 hook 脚本）访问，避免远端注入伪造事件。
+   */
+  async handleHookNotify(req, res) {
+    if (!this.isLoopbackRequest(req)) {
+      this.sendJson(res, 403, { ok: false, reason: "forbidden" });
+      return;
+    }
+    try {
+      const body = await this.parseJsonBody(req);
+      const sessionId = String(body.sessionId ?? "").trim();
+      const type = String(body.type ?? "").trim();
+      if (!sessionId || !type) {
+        this.sendJson(res, 400, { error: "sessionId and type are required" });
+        return;
+      }
+      const notification = {
+        sessionId,
+        type
+      };
+      if (typeof body.subtype === "string") notification.subtype = body.subtype;
+      if (typeof body.toolName === "string") notification.toolName = body.toolName;
+      if (typeof body.reason === "string") notification.reason = body.reason;
+      if (typeof body.source === "string") notification.source = body.source;
+      if (typeof body.parentToolUseId === "string") notification.parentToolUseId = body.parentToolUseId;
+      if (typeof body.subAgentId === "string") notification.subAgentId = body.subAgentId;
+      if (body.phase === "started" || body.phase === "completed") notification.phase = body.phase;
+      if (typeof body.task === "string") notification.task = body.task;
+      this.sendJson(res, 200, { ok: true });
+      setImmediate(() => this.fireNotify(notification));
+    } catch (err) {
+      console.error("[ApprovalProxy] Hook notify failed:", err);
+      this.sendJson(res, 200, { ok: false });
+    }
+  }
+  /** 判断请求是否来自本机 loopback（127.0.0.1 / ::1 / IPv4-mapped IPv6） */
+  isLoopbackRequest(req) {
+    const remoteAddress = req.socket.remoteAddress;
+    return remoteAddress === "127.0.0.1" || remoteAddress === "::1" || remoteAddress === "::ffff:127.0.0.1";
+  }
   /** 健康检查端点 */
   handleHealth(_req, res) {
     const info = this.statusInfoProvider?.() ?? { connections: 0, activeSessions: 0 };
@@ -2882,9 +2997,7 @@ var ApprovalProxy = class _ApprovalProxy {
   }
   /** 返回连接 token（仅本机访问） */
   handleToken(req, res) {
-    const remoteAddress = req.socket.remoteAddress;
-    const isLocal = remoteAddress === "127.0.0.1" || remoteAddress === "::1" || remoteAddress === "::ffff:127.0.0.1";
-    if (!isLocal) {
+    if (!this.isLoopbackRequest(req)) {
       this.sendJson(res, 403, { error: t("approval.forbidden") });
       return;
     }
@@ -3112,9 +3225,15 @@ var import_node_os6 = require("os");
 var SESSIX_HOOKS_DIR = (0, import_node_path4.join)((0, import_node_os6.homedir)(), ".sessix", "hooks");
 var HOOK_SCRIPT_PATH = (0, import_node_path4.join)(SESSIX_HOOKS_DIR, "approval-hook.js");
 var PERMISSION_ACCEPT_PATH = (0, import_node_path4.join)(SESSIX_HOOKS_DIR, "permission-accept.js");
+var COMPACT_HOOK_PATH = (0, import_node_path4.join)(SESSIX_HOOKS_DIR, "compact-hook.js");
+var POST_COMPACT_HOOK_PATH = (0, import_node_path4.join)(SESSIX_HOOKS_DIR, "post-compact-hook.js");
+var PERMISSION_DENIED_HOOK_PATH = (0, import_node_path4.join)(SESSIX_HOOKS_DIR, "permission-denied-hook.js");
 var CLAUDE_SETTINGS_PATH = (0, import_node_path4.join)((0, import_node_os6.homedir)(), ".claude", "settings.json");
 var HOOK_COMMAND = "node ~/.sessix/hooks/approval-hook.js";
 var PERMISSION_ACCEPT_COMMAND = "node ~/.sessix/hooks/permission-accept.js";
+var COMPACT_HOOK_COMMAND = "node ~/.sessix/hooks/compact-hook.js";
+var POST_COMPACT_HOOK_COMMAND = "node ~/.sessix/hooks/post-compact-hook.js";
+var PERMISSION_DENIED_HOOK_COMMAND = "node ~/.sessix/hooks/permission-denied-hook.js";
 var LEGACY_HOOK_COMMANDS = [
   "~/.sessix/hooks/approval-hook.sh",
   "~/.sessix/hooks/permission-accept.sh"
@@ -3174,6 +3293,112 @@ if (!process.env.SESSIX_SESSION_ID) process.exit(0)
 process.stdout.write('{"decision":"allow"}\\n')
 process.exit(0)
 `;
+var COMPACT_HOOK_TEMPLATE = `#!/usr/bin/env node
+// Sessix PreCompact \u901A\u77E5 hook
+// \u4EC5\u5728 Sessix \u7BA1\u7406\u7684\u4F1A\u8BDD\u4E2D\u6FC0\u6D3B
+
+const sessionId = process.env.SESSIX_SESSION_ID
+if (!sessionId) {
+  process.stdout.write('{}')
+  process.exit(0)
+}
+
+let raw = ''
+process.stdin.on('data', (chunk) => { raw += chunk })
+process.stdin.on('end', () => {
+  // \u8BFB\u53D6\u5E76\u4E22\u5F03 stdin payload\uFF08PreCompact \u6807\u51C6\u8F93\u5165\uFF09\uFF0Cserver \u7AEF\u4E0D\u9700\u8981\u5B83
+  try { JSON.parse(raw) } catch {}
+  // fire-and-forget\uFF1A\u4E0D\u7B49\u5F85\u54CD\u5E94\uFF0C\u907F\u514D\u963B\u585E compact
+  try {
+    fetch('http://localhost:3746/hook/notify', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        sessionId,
+        type: 'compact',
+        subtype: 'started',
+      }),
+      signal: AbortSignal.timeout(2000),
+    }).catch(() => {})
+  } catch {}
+  // \u7ACB\u5373\u8FD4\u56DE\u7A7A JSON\uFF0C\u4E0D\u963B\u585E compact
+  process.stdout.write('{}')
+  process.exit(0)
+})
+`;
+var POST_COMPACT_HOOK_TEMPLATE = `#!/usr/bin/env node
+// Sessix PostCompact \u901A\u77E5 hook
+// \u4EC5\u5728 Sessix \u7BA1\u7406\u7684\u4F1A\u8BDD\u4E2D\u6FC0\u6D3B
+
+const sessionId = process.env.SESSIX_SESSION_ID
+if (!sessionId) {
+  process.stdout.write('{}')
+  process.exit(0)
+}
+
+let raw = ''
+process.stdin.on('data', (chunk) => { raw += chunk })
+process.stdin.on('end', () => {
+  // \u8BFB\u53D6\u5E76\u4E22\u5F03 stdin payload\uFF0Cserver \u7AEF\u4E0D\u9700\u8981\u5B83
+  try { JSON.parse(raw) } catch {}
+  // fire-and-forget\uFF1A\u4E0D\u7B49\u5F85\u54CD\u5E94
+  try {
+    fetch('http://localhost:3746/hook/notify', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        sessionId,
+        type: 'compact',
+        subtype: 'completed',
+      }),
+      signal: AbortSignal.timeout(2000),
+    }).catch(() => {})
+  } catch {}
+  process.stdout.write('{}')
+  process.exit(0)
+})
+`;
+var PERMISSION_DENIED_HOOK_TEMPLATE = `#!/usr/bin/env node
+// Sessix PermissionDenied \u901A\u77E5 hook
+// \u4EC5\u5728 Sessix \u7BA1\u7406\u7684\u4F1A\u8BDD\u4E2D\u6FC0\u6D3B
+
+const sessionId = process.env.SESSIX_SESSION_ID
+if (!sessionId) {
+  process.stdout.write('{}')
+  process.exit(0)
+}
+
+let raw = ''
+process.stdin.on('data', (chunk) => { raw += chunk })
+process.stdin.on('end', () => {
+  let payload = {}
+  try { payload = JSON.parse(raw) } catch {}
+  const toolName = String(payload.tool_name || 'unknown')
+  // Claude Code PermissionDenied \u7531 classifier \u89E6\u53D1\uFF0C\u6240\u4EE5 source \u9ED8\u8BA4 'classifier'
+  const reason = String(
+    payload.reason ||
+    payload.permission_decision_reason ||
+    payload.permissionDecisionReason ||
+    ''
+  )
+  try {
+    fetch('http://localhost:3746/hook/notify', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        sessionId,
+        type: 'permission_denied',
+        toolName,
+        reason,
+        source: 'classifier',
+      }),
+      signal: AbortSignal.timeout(2000),
+    }).catch(() => {})
+  } catch {}
+  process.stdout.write('{}')
+  process.exit(0)
+})
+`;
 var HookInstaller = class {
   /**
    * 安装 hook
@@ -3187,8 +3412,14 @@ var HookInstaller = class {
     await (0, import_promises2.mkdir)(SESSIX_HOOKS_DIR, { recursive: true });
     await (0, import_promises2.writeFile)(HOOK_SCRIPT_PATH, HOOK_SCRIPT_TEMPLATE, "utf-8");
     await (0, import_promises2.writeFile)(PERMISSION_ACCEPT_PATH, PERMISSION_ACCEPT_TEMPLATE, "utf-8");
+    await (0, import_promises2.writeFile)(COMPACT_HOOK_PATH, COMPACT_HOOK_TEMPLATE, "utf-8");
+    await (0, import_promises2.writeFile)(POST_COMPACT_HOOK_PATH, POST_COMPACT_HOOK_TEMPLATE, "utf-8");
+    await (0, import_promises2.writeFile)(PERMISSION_DENIED_HOOK_PATH, PERMISSION_DENIED_HOOK_TEMPLATE, "utf-8");
     await (0, import_promises2.chmod)(HOOK_SCRIPT_PATH, 493);
     await (0, import_promises2.chmod)(PERMISSION_ACCEPT_PATH, 493);
+    await (0, import_promises2.chmod)(COMPACT_HOOK_PATH, 493);
+    await (0, import_promises2.chmod)(POST_COMPACT_HOOK_PATH, 493);
+    await (0, import_promises2.chmod)(PERMISSION_DENIED_HOOK_PATH, 493);
     await this.addHookToSettings();
     console.log("[HookInstaller] Hook installation complete");
   }
@@ -3214,6 +3445,9 @@ var HookInstaller = class {
   async isInstalled() {
     let approvalScriptContent = "";
     let permissionScriptExists = false;
+    let compactScriptExists = false;
+    let postCompactScriptExists = false;
+    let permissionDeniedScriptExists = false;
     try {
       approvalScriptContent = await (0, import_promises2.readFile)(HOOK_SCRIPT_PATH, "utf-8");
     } catch {
@@ -3223,10 +3457,25 @@ var HookInstaller = class {
       permissionScriptExists = true;
     } catch {
     }
+    try {
+      await (0, import_promises2.access)(COMPACT_HOOK_PATH);
+      compactScriptExists = true;
+    } catch {
+    }
+    try {
+      await (0, import_promises2.access)(POST_COMPACT_HOOK_PATH);
+      postCompactScriptExists = true;
+    } catch {
+    }
+    try {
+      await (0, import_promises2.access)(PERMISSION_DENIED_HOOK_PATH);
+      permissionDeniedScriptExists = true;
+    } catch {
+    }
     const isLatestVersion = approvalScriptContent.includes("permissionDecision");
     const settings = await this.readClaudeSettings();
     const configExists = this.hasHookConfig(settings);
-    return isLatestVersion && permissionScriptExists && configExists;
+    return isLatestVersion && permissionScriptExists && compactScriptExists && postCompactScriptExists && permissionDeniedScriptExists && configExists;
   }
   // ============================================
   // 内部方法
@@ -3264,6 +3513,36 @@ var HookInstaller = class {
       });
       changed = true;
     }
+    if (!this.hasPreCompactConfig(settings)) {
+      if (!settings.hooks.PreCompact) {
+        settings.hooks.PreCompact = [];
+      }
+      settings.hooks.PreCompact.push({
+        matcher: "",
+        hooks: [{ type: "command", command: COMPACT_HOOK_COMMAND }]
+      });
+      changed = true;
+    }
+    if (!this.hasPostCompactConfig(settings)) {
+      if (!settings.hooks.PostCompact) {
+        settings.hooks.PostCompact = [];
+      }
+      settings.hooks.PostCompact.push({
+        matcher: "",
+        hooks: [{ type: "command", command: POST_COMPACT_HOOK_COMMAND }]
+      });
+      changed = true;
+    }
+    if (!this.hasPermissionDeniedConfig(settings)) {
+      if (!settings.hooks.PermissionDenied) {
+        settings.hooks.PermissionDenied = [];
+      }
+      settings.hooks.PermissionDenied.push({
+        matcher: "",
+        hooks: [{ type: "command", command: PERMISSION_DENIED_HOOK_COMMAND }]
+      });
+      changed = true;
+    }
     if (changed) {
       await this.writeClaudeSettings(settings);
     } else {
@@ -3278,6 +3557,9 @@ var HookInstaller = class {
     if (!settings.hooks) return;
     this.removeHookCommand(settings, "PreToolUse", HOOK_COMMAND);
     this.removeHookCommand(settings, "PermissionRequest", PERMISSION_ACCEPT_COMMAND);
+    this.removeHookCommand(settings, "PreCompact", COMPACT_HOOK_COMMAND);
+    this.removeHookCommand(settings, "PostCompact", POST_COMPACT_HOOK_COMMAND);
+    this.removeHookCommand(settings, "PermissionDenied", PERMISSION_DENIED_HOOK_COMMAND);
     if (Object.keys(settings.hooks).length === 0) {
       delete settings.hooks;
     }
@@ -3315,7 +3597,7 @@ var HookInstaller = class {
    * 检查 settings 中是否已包含所有 Sessix hook 配置
    */
   hasHookConfig(settings) {
-    return this.hasPreToolUseConfig(settings) && this.hasPermissionRequestConfig(settings);
+    return this.hasPreToolUseConfig(settings) && this.hasPermissionRequestConfig(settings) && this.hasPreCompactConfig(settings) && this.hasPostCompactConfig(settings) && this.hasPermissionDeniedConfig(settings);
   }
   /** 检查 PreToolUse 中是否有 approval-hook.js */
   hasPreToolUseConfig(settings) {
@@ -3325,6 +3607,18 @@ var HookInstaller = class {
   hasPermissionRequestConfig(settings) {
     return this.hasHookEntry(settings?.hooks?.PermissionRequest, PERMISSION_ACCEPT_COMMAND);
   }
+  /** 检查 PreCompact 中是否有 compact-hook.js */
+  hasPreCompactConfig(settings) {
+    return this.hasHookEntry(settings?.hooks?.PreCompact, COMPACT_HOOK_COMMAND);
+  }
+  /** 检查 PostCompact 中是否有 post-compact-hook.js */
+  hasPostCompactConfig(settings) {
+    return this.hasHookEntry(settings?.hooks?.PostCompact, POST_COMPACT_HOOK_COMMAND);
+  }
+  /** 检查 PermissionDenied 中是否有 permission-denied-hook.js */
+  hasPermissionDeniedConfig(settings) {
+    return this.hasHookEntry(settings?.hooks?.PermissionDenied, PERMISSION_DENIED_HOOK_COMMAND);
+  }
   /** 检查 hook 数组中是否包含指定命令 */
   hasHookEntry(hookArray, command) {
     if (!Array.isArray(hookArray)) return false;
@@ -5054,6 +5348,7 @@ async function start(opts = {}) {
     onStateChange: (state) => mdnsService?.updatePairingState(state)
   });
   approvalProxy.setPairingManager(pairingManager);
+  sessionManager.attachApprovalProxy(approvalProxy);
   const authManager = new AuthManager();
   authManager.on("login_url", (url) => {
     wsBridge.broadcast({ type: "auth_login_url", url });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sessix-server",
-  "version": "0.4.1",
+  "version": "0.4.2",
   "bin": {
     "sessix-server": "dist/index.js"
   },