mirror of
https://github.com/getcompanion-ai/co-mono.git
synced 2026-04-15 14:03:49 +00:00
030788140a
- Remove setApiKey, resolveApiKey, and global apiKeys Map from stream.ts - Rename getApiKey to getApiKeyFromEnv (only checks env vars) - Remove OAuth storage layer (storage.ts deleted) - OAuth login/refresh functions now return credentials instead of saving - getOAuthApiKey/refreshOAuthToken now take credentials as params - Add test/oauth.ts helper for ai package tests - Simplify root npm run check (single biome + tsgo pass) - Remove redundant check scripts from most packages - Add web-ui and coding-agent examples to biome/tsgo includes coding-agent still has compile errors - needs refactoring for new API
34 lines
1,008 B
TypeScript
34 lines
1,008 B
TypeScript
/**
|
|
* Permission Gate Hook
|
|
*
|
|
* Prompts for confirmation before running potentially dangerous bash commands.
|
|
* Patterns checked: rm -rf, sudo, chmod/chown 777
|
|
*/
|
|
|
|
import type { HookAPI } from "@mariozechner/pi-coding-agent/hooks";
|
|
|
|
export default function (pi: HookAPI) {
|
|
const dangerousPatterns = [/\brm\s+(-rf?|--recursive)/i, /\bsudo\b/i, /\b(chmod|chown)\b.*777/i];
|
|
|
|
pi.on("tool_call", async (event, ctx) => {
|
|
if (event.toolName !== "bash") return undefined;
|
|
|
|
const command = event.input.command as string;
|
|
const isDangerous = dangerousPatterns.some((p) => p.test(command));
|
|
|
|
if (isDangerous) {
|
|
if (!ctx.hasUI) {
|
|
// In non-interactive mode, block by default
|
|
return { block: true, reason: "Dangerous command blocked (no UI for confirmation)" };
|
|
}
|
|
|
|
const choice = await ctx.ui.select(`⚠️ Dangerous command:\n\n ${command}\n\nAllow?`, ["Yes", "No"]);
|
|
|
|
if (choice !== "Yes") {
|
|
return { block: true, reason: "Blocked by user" };
|
|
}
|
|
}
|
|
|
|
return undefined;
|
|
});
|
|
}
|