Compare commits
1 Commits
rcc/hook-p
...
rcc/ant-to
| Author | SHA1 | Date | |
|---|---|---|---|
|
992681c4fd |
@@ -117,6 +117,48 @@ const SLASH_COMMAND_SPECS: &[SlashCommandSpec] = &[
|
||||
argument_hint: None,
|
||||
resume_supported: true,
|
||||
},
|
||||
SlashCommandSpec {
|
||||
name: "bughunter",
|
||||
summary: "Inspect the codebase for likely bugs",
|
||||
argument_hint: Some("[scope]"),
|
||||
resume_supported: false,
|
||||
},
|
||||
SlashCommandSpec {
|
||||
name: "commit",
|
||||
summary: "Generate a commit message and create a git commit",
|
||||
argument_hint: None,
|
||||
resume_supported: false,
|
||||
},
|
||||
SlashCommandSpec {
|
||||
name: "pr",
|
||||
summary: "Draft or create a pull request from the conversation",
|
||||
argument_hint: Some("[context]"),
|
||||
resume_supported: false,
|
||||
},
|
||||
SlashCommandSpec {
|
||||
name: "issue",
|
||||
summary: "Draft or create a GitHub issue from the conversation",
|
||||
argument_hint: Some("[context]"),
|
||||
resume_supported: false,
|
||||
},
|
||||
SlashCommandSpec {
|
||||
name: "ultraplan",
|
||||
summary: "Run a deep planning prompt with multi-step reasoning",
|
||||
argument_hint: Some("[task]"),
|
||||
resume_supported: false,
|
||||
},
|
||||
SlashCommandSpec {
|
||||
name: "teleport",
|
||||
summary: "Jump to a file or symbol by searching the workspace",
|
||||
argument_hint: Some("<symbol-or-path>"),
|
||||
resume_supported: false,
|
||||
},
|
||||
SlashCommandSpec {
|
||||
name: "debug-tool-call",
|
||||
summary: "Replay the last tool call with debug details",
|
||||
argument_hint: None,
|
||||
resume_supported: false,
|
||||
},
|
||||
SlashCommandSpec {
|
||||
name: "export",
|
||||
summary: "Export the current conversation to a file",
|
||||
@@ -136,6 +178,23 @@ pub enum SlashCommand {
|
||||
Help,
|
||||
Status,
|
||||
Compact,
|
||||
Bughunter {
|
||||
scope: Option<String>,
|
||||
},
|
||||
Commit,
|
||||
Pr {
|
||||
context: Option<String>,
|
||||
},
|
||||
Issue {
|
||||
context: Option<String>,
|
||||
},
|
||||
Ultraplan {
|
||||
task: Option<String>,
|
||||
},
|
||||
Teleport {
|
||||
target: Option<String>,
|
||||
},
|
||||
DebugToolCall,
|
||||
Model {
|
||||
model: Option<String>,
|
||||
},
|
||||
@@ -180,6 +239,23 @@ impl SlashCommand {
|
||||
"help" => Self::Help,
|
||||
"status" => Self::Status,
|
||||
"compact" => Self::Compact,
|
||||
"bughunter" => Self::Bughunter {
|
||||
scope: remainder_after_command(trimmed, command),
|
||||
},
|
||||
"commit" => Self::Commit,
|
||||
"pr" => Self::Pr {
|
||||
context: remainder_after_command(trimmed, command),
|
||||
},
|
||||
"issue" => Self::Issue {
|
||||
context: remainder_after_command(trimmed, command),
|
||||
},
|
||||
"ultraplan" => Self::Ultraplan {
|
||||
task: remainder_after_command(trimmed, command),
|
||||
},
|
||||
"teleport" => Self::Teleport {
|
||||
target: remainder_after_command(trimmed, command),
|
||||
},
|
||||
"debug-tool-call" => Self::DebugToolCall,
|
||||
"model" => Self::Model {
|
||||
model: parts.next().map(ToOwned::to_owned),
|
||||
},
|
||||
@@ -212,6 +288,15 @@ impl SlashCommand {
|
||||
}
|
||||
}
|
||||
|
||||
fn remainder_after_command(input: &str, command: &str) -> Option<String> {
|
||||
input
|
||||
.trim()
|
||||
.strip_prefix(&format!("/{command}"))
|
||||
.map(str::trim)
|
||||
.filter(|value| !value.is_empty())
|
||||
.map(ToOwned::to_owned)
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn slash_command_specs() -> &'static [SlashCommandSpec] {
|
||||
SLASH_COMMAND_SPECS
|
||||
@@ -279,6 +364,13 @@ pub fn handle_slash_command(
|
||||
session: session.clone(),
|
||||
}),
|
||||
SlashCommand::Status
|
||||
| SlashCommand::Bughunter { .. }
|
||||
| SlashCommand::Commit
|
||||
| SlashCommand::Pr { .. }
|
||||
| SlashCommand::Issue { .. }
|
||||
| SlashCommand::Ultraplan { .. }
|
||||
| SlashCommand::Teleport { .. }
|
||||
| SlashCommand::DebugToolCall
|
||||
| SlashCommand::Model { .. }
|
||||
| SlashCommand::Permissions { .. }
|
||||
| SlashCommand::Clear { .. }
|
||||
@@ -307,6 +399,41 @@ mod tests {
|
||||
fn parses_supported_slash_commands() {
|
||||
assert_eq!(SlashCommand::parse("/help"), Some(SlashCommand::Help));
|
||||
assert_eq!(SlashCommand::parse(" /status "), Some(SlashCommand::Status));
|
||||
assert_eq!(
|
||||
SlashCommand::parse("/bughunter runtime"),
|
||||
Some(SlashCommand::Bughunter {
|
||||
scope: Some("runtime".to_string())
|
||||
})
|
||||
);
|
||||
assert_eq!(SlashCommand::parse("/commit"), Some(SlashCommand::Commit));
|
||||
assert_eq!(
|
||||
SlashCommand::parse("/pr ready for review"),
|
||||
Some(SlashCommand::Pr {
|
||||
context: Some("ready for review".to_string())
|
||||
})
|
||||
);
|
||||
assert_eq!(
|
||||
SlashCommand::parse("/issue flaky test"),
|
||||
Some(SlashCommand::Issue {
|
||||
context: Some("flaky test".to_string())
|
||||
})
|
||||
);
|
||||
assert_eq!(
|
||||
SlashCommand::parse("/ultraplan ship both features"),
|
||||
Some(SlashCommand::Ultraplan {
|
||||
task: Some("ship both features".to_string())
|
||||
})
|
||||
);
|
||||
assert_eq!(
|
||||
SlashCommand::parse("/teleport conversation.rs"),
|
||||
Some(SlashCommand::Teleport {
|
||||
target: Some("conversation.rs".to_string())
|
||||
})
|
||||
);
|
||||
assert_eq!(
|
||||
SlashCommand::parse("/debug-tool-call"),
|
||||
Some(SlashCommand::DebugToolCall)
|
||||
);
|
||||
assert_eq!(
|
||||
SlashCommand::parse("/model claude-opus"),
|
||||
Some(SlashCommand::Model {
|
||||
@@ -374,6 +501,13 @@ mod tests {
|
||||
assert!(help.contains("/help"));
|
||||
assert!(help.contains("/status"));
|
||||
assert!(help.contains("/compact"));
|
||||
assert!(help.contains("/bughunter [scope]"));
|
||||
assert!(help.contains("/commit"));
|
||||
assert!(help.contains("/pr [context]"));
|
||||
assert!(help.contains("/issue [context]"));
|
||||
assert!(help.contains("/ultraplan [task]"));
|
||||
assert!(help.contains("/teleport <symbol-or-path>"));
|
||||
assert!(help.contains("/debug-tool-call"));
|
||||
assert!(help.contains("/model [model]"));
|
||||
assert!(help.contains("/permissions [read-only|workspace-write|danger-full-access]"));
|
||||
assert!(help.contains("/clear [--confirm]"));
|
||||
@@ -386,7 +520,7 @@ mod tests {
|
||||
assert!(help.contains("/version"));
|
||||
assert!(help.contains("/export [file]"));
|
||||
assert!(help.contains("/session [list|switch <session-id>]"));
|
||||
assert_eq!(slash_command_specs().len(), 15);
|
||||
assert_eq!(slash_command_specs().len(), 22);
|
||||
assert_eq!(resume_supported_slash_commands().len(), 11);
|
||||
}
|
||||
|
||||
@@ -434,6 +568,22 @@ mod tests {
|
||||
let session = Session::new();
|
||||
assert!(handle_slash_command("/unknown", &session, CompactionConfig::default()).is_none());
|
||||
assert!(handle_slash_command("/status", &session, CompactionConfig::default()).is_none());
|
||||
assert!(
|
||||
handle_slash_command("/bughunter", &session, CompactionConfig::default()).is_none()
|
||||
);
|
||||
assert!(handle_slash_command("/commit", &session, CompactionConfig::default()).is_none());
|
||||
assert!(handle_slash_command("/pr", &session, CompactionConfig::default()).is_none());
|
||||
assert!(handle_slash_command("/issue", &session, CompactionConfig::default()).is_none());
|
||||
assert!(
|
||||
handle_slash_command("/ultraplan", &session, CompactionConfig::default()).is_none()
|
||||
);
|
||||
assert!(
|
||||
handle_slash_command("/teleport foo", &session, CompactionConfig::default()).is_none()
|
||||
);
|
||||
assert!(
|
||||
handle_slash_command("/debug-tool-call", &session, CompactionConfig::default())
|
||||
.is_none()
|
||||
);
|
||||
assert!(
|
||||
handle_slash_command("/model claude", &session, CompactionConfig::default()).is_none()
|
||||
);
|
||||
|
||||
@@ -37,29 +37,13 @@ pub struct RuntimeConfig {
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq, Default)]
|
||||
pub struct RuntimeFeatureConfig {
|
||||
hooks: RuntimeHookConfig,
|
||||
mcp: McpConfigCollection,
|
||||
oauth: Option<OAuthConfig>,
|
||||
model: Option<String>,
|
||||
permission_mode: Option<ResolvedPermissionMode>,
|
||||
permission_rules: RuntimePermissionRuleConfig,
|
||||
sandbox: SandboxConfig,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq, Default)]
|
||||
pub struct RuntimeHookConfig {
|
||||
pre_tool_use: Vec<String>,
|
||||
post_tool_use: Vec<String>,
|
||||
post_tool_use_failure: Vec<String>,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq, Default)]
|
||||
pub struct RuntimePermissionRuleConfig {
|
||||
allow: Vec<String>,
|
||||
deny: Vec<String>,
|
||||
ask: Vec<String>,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq, Default)]
|
||||
pub struct McpConfigCollection {
|
||||
servers: BTreeMap<String, ScopedMcpServerConfig>,
|
||||
@@ -237,14 +221,12 @@ impl ConfigLoader {
|
||||
let merged_value = JsonValue::Object(merged.clone());
|
||||
|
||||
let feature_config = RuntimeFeatureConfig {
|
||||
hooks: parse_optional_hooks_config(&merged_value)?,
|
||||
mcp: McpConfigCollection {
|
||||
servers: mcp_servers,
|
||||
},
|
||||
oauth: parse_optional_oauth_config(&merged_value, "merged settings.oauth")?,
|
||||
model: parse_optional_model(&merged_value),
|
||||
permission_mode: parse_optional_permission_mode(&merged_value)?,
|
||||
permission_rules: parse_optional_permission_rules(&merged_value)?,
|
||||
sandbox: parse_optional_sandbox_config(&merged_value)?,
|
||||
};
|
||||
|
||||
@@ -296,11 +278,6 @@ impl RuntimeConfig {
|
||||
&self.feature_config.mcp
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn hooks(&self) -> &RuntimeHookConfig {
|
||||
&self.feature_config.hooks
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn oauth(&self) -> Option<&OAuthConfig> {
|
||||
self.feature_config.oauth.as_ref()
|
||||
@@ -316,11 +293,6 @@ impl RuntimeConfig {
|
||||
self.feature_config.permission_mode
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn permission_rules(&self) -> &RuntimePermissionRuleConfig {
|
||||
&self.feature_config.permission_rules
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn sandbox(&self) -> &SandboxConfig {
|
||||
&self.feature_config.sandbox
|
||||
@@ -328,17 +300,6 @@ impl RuntimeConfig {
|
||||
}
|
||||
|
||||
impl RuntimeFeatureConfig {
|
||||
#[must_use]
|
||||
pub fn with_hooks(mut self, hooks: RuntimeHookConfig) -> Self {
|
||||
self.hooks = hooks;
|
||||
self
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn hooks(&self) -> &RuntimeHookConfig {
|
||||
&self.hooks
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn mcp(&self) -> &McpConfigCollection {
|
||||
&self.mcp
|
||||
@@ -359,69 +320,12 @@ impl RuntimeFeatureConfig {
|
||||
self.permission_mode
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn permission_rules(&self) -> &RuntimePermissionRuleConfig {
|
||||
&self.permission_rules
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn sandbox(&self) -> &SandboxConfig {
|
||||
&self.sandbox
|
||||
}
|
||||
}
|
||||
|
||||
impl RuntimeHookConfig {
|
||||
#[must_use]
|
||||
pub fn new(
|
||||
pre_tool_use: Vec<String>,
|
||||
post_tool_use: Vec<String>,
|
||||
post_tool_use_failure: Vec<String>,
|
||||
) -> Self {
|
||||
Self {
|
||||
pre_tool_use,
|
||||
post_tool_use,
|
||||
post_tool_use_failure,
|
||||
}
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn pre_tool_use(&self) -> &[String] {
|
||||
&self.pre_tool_use
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn post_tool_use(&self) -> &[String] {
|
||||
&self.post_tool_use
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn post_tool_use_failure(&self) -> &[String] {
|
||||
&self.post_tool_use_failure
|
||||
}
|
||||
}
|
||||
|
||||
impl RuntimePermissionRuleConfig {
|
||||
#[must_use]
|
||||
pub fn new(allow: Vec<String>, deny: Vec<String>, ask: Vec<String>) -> Self {
|
||||
Self { allow, deny, ask }
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn allow(&self) -> &[String] {
|
||||
&self.allow
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn deny(&self) -> &[String] {
|
||||
&self.deny
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn ask(&self) -> &[String] {
|
||||
&self.ask
|
||||
}
|
||||
}
|
||||
|
||||
impl McpConfigCollection {
|
||||
#[must_use]
|
||||
pub fn servers(&self) -> &BTreeMap<String, ScopedMcpServerConfig> {
|
||||
@@ -520,48 +424,6 @@ fn parse_optional_model(root: &JsonValue) -> Option<String> {
|
||||
.map(ToOwned::to_owned)
|
||||
}
|
||||
|
||||
fn parse_optional_hooks_config(root: &JsonValue) -> Result<RuntimeHookConfig, ConfigError> {
|
||||
let Some(object) = root.as_object() else {
|
||||
return Ok(RuntimeHookConfig::default());
|
||||
};
|
||||
let Some(hooks_value) = object.get("hooks") else {
|
||||
return Ok(RuntimeHookConfig::default());
|
||||
};
|
||||
let hooks = expect_object(hooks_value, "merged settings.hooks")?;
|
||||
Ok(RuntimeHookConfig {
|
||||
pre_tool_use: optional_string_array(hooks, "PreToolUse", "merged settings.hooks")?
|
||||
.unwrap_or_default(),
|
||||
post_tool_use: optional_string_array(hooks, "PostToolUse", "merged settings.hooks")?
|
||||
.unwrap_or_default(),
|
||||
post_tool_use_failure: optional_string_array(
|
||||
hooks,
|
||||
"PostToolUseFailure",
|
||||
"merged settings.hooks",
|
||||
)?
|
||||
.unwrap_or_default(),
|
||||
})
|
||||
}
|
||||
|
||||
fn parse_optional_permission_rules(
|
||||
root: &JsonValue,
|
||||
) -> Result<RuntimePermissionRuleConfig, ConfigError> {
|
||||
let Some(object) = root.as_object() else {
|
||||
return Ok(RuntimePermissionRuleConfig::default());
|
||||
};
|
||||
let Some(permissions) = object.get("permissions").and_then(JsonValue::as_object) else {
|
||||
return Ok(RuntimePermissionRuleConfig::default());
|
||||
};
|
||||
|
||||
Ok(RuntimePermissionRuleConfig {
|
||||
allow: optional_string_array(permissions, "allow", "merged settings.permissions")?
|
||||
.unwrap_or_default(),
|
||||
deny: optional_string_array(permissions, "deny", "merged settings.permissions")?
|
||||
.unwrap_or_default(),
|
||||
ask: optional_string_array(permissions, "ask", "merged settings.permissions")?
|
||||
.unwrap_or_default(),
|
||||
})
|
||||
}
|
||||
|
||||
fn parse_optional_permission_mode(
|
||||
root: &JsonValue,
|
||||
) -> Result<Option<ResolvedPermissionMode>, ConfigError> {
|
||||
@@ -921,7 +783,7 @@ mod tests {
|
||||
.expect("write user compat config");
|
||||
fs::write(
|
||||
home.join("settings.json"),
|
||||
r#"{"model":"sonnet","env":{"A2":"1"},"hooks":{"PreToolUse":["base"]},"permissions":{"defaultMode":"plan","allow":["Read"],"deny":["Bash(rm -rf)"]}}"#,
|
||||
r#"{"model":"sonnet","env":{"A2":"1"},"hooks":{"PreToolUse":["base"]},"permissions":{"defaultMode":"plan"}}"#,
|
||||
)
|
||||
.expect("write user settings");
|
||||
fs::write(
|
||||
@@ -931,7 +793,7 @@ mod tests {
|
||||
.expect("write project compat config");
|
||||
fs::write(
|
||||
cwd.join(".claude").join("settings.json"),
|
||||
r#"{"env":{"C":"3"},"hooks":{"PostToolUse":["project"],"PostToolUseFailure":["project-failure"]},"permissions":{"ask":["Edit"]},"mcpServers":{"project":{"command":"uvx","args":["project"]}}}"#,
|
||||
r#"{"env":{"C":"3"},"hooks":{"PostToolUse":["project"]},"mcpServers":{"project":{"command":"uvx","args":["project"]}}}"#,
|
||||
)
|
||||
.expect("write project settings");
|
||||
fs::write(
|
||||
@@ -974,18 +836,6 @@ mod tests {
|
||||
.and_then(JsonValue::as_object)
|
||||
.expect("hooks object")
|
||||
.contains_key("PostToolUse"));
|
||||
assert_eq!(loaded.hooks().pre_tool_use(), &["base".to_string()]);
|
||||
assert_eq!(loaded.hooks().post_tool_use(), &["project".to_string()]);
|
||||
assert_eq!(
|
||||
loaded.hooks().post_tool_use_failure(),
|
||||
&["project-failure".to_string()]
|
||||
);
|
||||
assert_eq!(loaded.permission_rules().allow(), &["Read".to_string()]);
|
||||
assert_eq!(
|
||||
loaded.permission_rules().deny(),
|
||||
&["Bash(rm -rf)".to_string()]
|
||||
);
|
||||
assert_eq!(loaded.permission_rules().ask(), &["Edit".to_string()]);
|
||||
assert!(loaded.mcp().get("home").is_some());
|
||||
assert!(loaded.mcp().get("project").is_some());
|
||||
|
||||
|
||||
@@ -4,14 +4,13 @@ use std::fmt::{Display, Formatter};
|
||||
use crate::compact::{
|
||||
compact_session, estimate_session_tokens, CompactionConfig, CompactionResult,
|
||||
};
|
||||
use crate::config::RuntimeFeatureConfig;
|
||||
use crate::hooks::{HookAbortSignal, HookProgressReporter, HookRunResult, HookRunner};
|
||||
use crate::permissions::{
|
||||
PermissionContext, PermissionOutcome, PermissionPolicy, PermissionPrompter,
|
||||
};
|
||||
use crate::permissions::{PermissionOutcome, PermissionPolicy, PermissionPrompter};
|
||||
use crate::session::{ContentBlock, ConversationMessage, Session};
|
||||
use crate::usage::{TokenUsage, UsageTracker};
|
||||
|
||||
const DEFAULT_AUTO_COMPACTION_INPUT_TOKENS_THRESHOLD: u32 = 100_000;
|
||||
const AUTO_COMPACTION_THRESHOLD_ENV_VAR: &str = "CLAUDE_CODE_AUTO_COMPACT_INPUT_TOKENS";
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq)]
|
||||
pub struct ApiRequest {
|
||||
pub system_prompt: Vec<String>,
|
||||
@@ -88,6 +87,12 @@ pub struct TurnSummary {
|
||||
pub tool_results: Vec<ConversationMessage>,
|
||||
pub iterations: usize,
|
||||
pub usage: TokenUsage,
|
||||
pub auto_compaction: Option<AutoCompactionEvent>,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
|
||||
pub struct AutoCompactionEvent {
|
||||
pub removed_message_count: usize,
|
||||
}
|
||||
|
||||
pub struct ConversationRuntime<C, T> {
|
||||
@@ -98,9 +103,7 @@ pub struct ConversationRuntime<C, T> {
|
||||
system_prompt: Vec<String>,
|
||||
max_iterations: usize,
|
||||
usage_tracker: UsageTracker,
|
||||
hook_runner: HookRunner,
|
||||
hook_abort_signal: HookAbortSignal,
|
||||
hook_progress_reporter: Option<Box<dyn HookProgressReporter>>,
|
||||
auto_compaction_input_tokens_threshold: u32,
|
||||
}
|
||||
|
||||
impl<C, T> ConversationRuntime<C, T>
|
||||
@@ -115,26 +118,6 @@ where
|
||||
tool_executor: T,
|
||||
permission_policy: PermissionPolicy,
|
||||
system_prompt: Vec<String>,
|
||||
) -> Self {
|
||||
Self::new_with_features(
|
||||
session,
|
||||
api_client,
|
||||
tool_executor,
|
||||
permission_policy,
|
||||
system_prompt,
|
||||
RuntimeFeatureConfig::default(),
|
||||
)
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
#[allow(clippy::needless_pass_by_value)]
|
||||
pub fn new_with_features(
|
||||
session: Session,
|
||||
api_client: C,
|
||||
tool_executor: T,
|
||||
permission_policy: PermissionPolicy,
|
||||
system_prompt: Vec<String>,
|
||||
feature_config: RuntimeFeatureConfig,
|
||||
) -> Self {
|
||||
let usage_tracker = UsageTracker::from_session(&session);
|
||||
Self {
|
||||
@@ -145,9 +128,7 @@ where
|
||||
system_prompt,
|
||||
max_iterations: usize::MAX,
|
||||
usage_tracker,
|
||||
hook_runner: HookRunner::from_feature_config(&feature_config),
|
||||
hook_abort_signal: HookAbortSignal::default(),
|
||||
hook_progress_reporter: None,
|
||||
auto_compaction_input_tokens_threshold: auto_compaction_threshold_from_env(),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -158,92 +139,11 @@ where
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn with_hook_abort_signal(mut self, hook_abort_signal: HookAbortSignal) -> Self {
|
||||
self.hook_abort_signal = hook_abort_signal;
|
||||
pub fn with_auto_compaction_input_tokens_threshold(mut self, threshold: u32) -> Self {
|
||||
self.auto_compaction_input_tokens_threshold = threshold;
|
||||
self
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn with_hook_progress_reporter(
|
||||
mut self,
|
||||
hook_progress_reporter: Box<dyn HookProgressReporter>,
|
||||
) -> Self {
|
||||
self.hook_progress_reporter = Some(hook_progress_reporter);
|
||||
self
|
||||
}
|
||||
|
||||
fn run_pre_tool_use_hook(&mut self, tool_name: &str, input: &str) -> HookRunResult {
|
||||
if let Some(reporter) = self.hook_progress_reporter.as_mut() {
|
||||
self.hook_runner.run_pre_tool_use_with_context(
|
||||
tool_name,
|
||||
input,
|
||||
Some(&self.hook_abort_signal),
|
||||
Some(reporter.as_mut()),
|
||||
)
|
||||
} else {
|
||||
self.hook_runner.run_pre_tool_use_with_context(
|
||||
tool_name,
|
||||
input,
|
||||
Some(&self.hook_abort_signal),
|
||||
None,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
fn run_post_tool_use_hook(
|
||||
&mut self,
|
||||
tool_name: &str,
|
||||
input: &str,
|
||||
output: &str,
|
||||
is_error: bool,
|
||||
) -> HookRunResult {
|
||||
if let Some(reporter) = self.hook_progress_reporter.as_mut() {
|
||||
self.hook_runner.run_post_tool_use_with_context(
|
||||
tool_name,
|
||||
input,
|
||||
output,
|
||||
is_error,
|
||||
Some(&self.hook_abort_signal),
|
||||
Some(reporter.as_mut()),
|
||||
)
|
||||
} else {
|
||||
self.hook_runner.run_post_tool_use_with_context(
|
||||
tool_name,
|
||||
input,
|
||||
output,
|
||||
is_error,
|
||||
Some(&self.hook_abort_signal),
|
||||
None,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
fn run_post_tool_use_failure_hook(
|
||||
&mut self,
|
||||
tool_name: &str,
|
||||
input: &str,
|
||||
output: &str,
|
||||
) -> HookRunResult {
|
||||
if let Some(reporter) = self.hook_progress_reporter.as_mut() {
|
||||
self.hook_runner.run_post_tool_use_failure_with_context(
|
||||
tool_name,
|
||||
input,
|
||||
output,
|
||||
Some(&self.hook_abort_signal),
|
||||
Some(reporter.as_mut()),
|
||||
)
|
||||
} else {
|
||||
self.hook_runner.run_post_tool_use_failure_with_context(
|
||||
tool_name,
|
||||
input,
|
||||
output,
|
||||
Some(&self.hook_abort_signal),
|
||||
None,
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
#[allow(clippy::too_many_lines)]
|
||||
pub fn run_turn(
|
||||
&mut self,
|
||||
user_input: impl Into<String>,
|
||||
@@ -293,96 +193,47 @@ where
|
||||
}
|
||||
|
||||
for (tool_use_id, tool_name, input) in pending_tool_uses {
|
||||
let pre_hook_result = self.run_pre_tool_use_hook(&tool_name, &input);
|
||||
let effective_input = pre_hook_result
|
||||
.updated_input()
|
||||
.map_or_else(|| input.clone(), ToOwned::to_owned);
|
||||
let permission_context = PermissionContext::new(
|
||||
pre_hook_result.permission_override(),
|
||||
pre_hook_result.permission_reason().map(ToOwned::to_owned),
|
||||
);
|
||||
|
||||
let permission_outcome = if pre_hook_result.is_cancelled() {
|
||||
PermissionOutcome::Deny {
|
||||
reason: format_hook_message(
|
||||
&pre_hook_result,
|
||||
&format!("PreToolUse hook cancelled tool `{tool_name}`"),
|
||||
),
|
||||
}
|
||||
} else if pre_hook_result.is_denied() {
|
||||
PermissionOutcome::Deny {
|
||||
reason: format_hook_message(
|
||||
&pre_hook_result,
|
||||
&format!("PreToolUse hook denied tool `{tool_name}`"),
|
||||
),
|
||||
}
|
||||
} else if let Some(prompt) = prompter.as_mut() {
|
||||
self.permission_policy.authorize_with_context(
|
||||
&tool_name,
|
||||
&effective_input,
|
||||
&permission_context,
|
||||
Some(*prompt),
|
||||
)
|
||||
let permission_outcome = if let Some(prompt) = prompter.as_mut() {
|
||||
self.permission_policy
|
||||
.authorize(&tool_name, &input, Some(*prompt))
|
||||
} else {
|
||||
self.permission_policy.authorize_with_context(
|
||||
&tool_name,
|
||||
&effective_input,
|
||||
&permission_context,
|
||||
None,
|
||||
)
|
||||
self.permission_policy.authorize(&tool_name, &input, None)
|
||||
};
|
||||
|
||||
let result_message = match permission_outcome {
|
||||
PermissionOutcome::Allow => {
|
||||
let (mut output, mut is_error) =
|
||||
match self.tool_executor.execute(&tool_name, &effective_input) {
|
||||
Ok(output) => (output, false),
|
||||
Err(error) => (error.to_string(), true),
|
||||
};
|
||||
output = merge_hook_feedback(pre_hook_result.messages(), output, false);
|
||||
|
||||
let post_hook_result = if is_error {
|
||||
self.run_post_tool_use_failure_hook(
|
||||
&tool_name,
|
||||
&effective_input,
|
||||
&output,
|
||||
)
|
||||
} else {
|
||||
self.run_post_tool_use_hook(
|
||||
&tool_name,
|
||||
&effective_input,
|
||||
&output,
|
||||
match self.tool_executor.execute(&tool_name, &input) {
|
||||
Ok(output) => ConversationMessage::tool_result(
|
||||
tool_use_id,
|
||||
tool_name,
|
||||
output,
|
||||
false,
|
||||
)
|
||||
};
|
||||
if post_hook_result.is_denied() || post_hook_result.is_cancelled() {
|
||||
is_error = true;
|
||||
),
|
||||
Err(error) => ConversationMessage::tool_result(
|
||||
tool_use_id,
|
||||
tool_name,
|
||||
error.to_string(),
|
||||
true,
|
||||
),
|
||||
}
|
||||
output = merge_hook_feedback(
|
||||
post_hook_result.messages(),
|
||||
output,
|
||||
post_hook_result.is_denied() || post_hook_result.is_cancelled(),
|
||||
);
|
||||
|
||||
ConversationMessage::tool_result(tool_use_id, tool_name, output, is_error)
|
||||
}
|
||||
PermissionOutcome::Deny { reason } => ConversationMessage::tool_result(
|
||||
tool_use_id,
|
||||
tool_name,
|
||||
merge_hook_feedback(pre_hook_result.messages(), reason, true),
|
||||
true,
|
||||
),
|
||||
PermissionOutcome::Deny { reason } => {
|
||||
ConversationMessage::tool_result(tool_use_id, tool_name, reason, true)
|
||||
}
|
||||
};
|
||||
self.session.messages.push(result_message.clone());
|
||||
tool_results.push(result_message);
|
||||
}
|
||||
}
|
||||
|
||||
let auto_compaction = self.maybe_auto_compact();
|
||||
|
||||
Ok(TurnSummary {
|
||||
assistant_messages,
|
||||
tool_results,
|
||||
iterations,
|
||||
usage: self.usage_tracker.cumulative_usage(),
|
||||
auto_compaction,
|
||||
})
|
||||
}
|
||||
|
||||
@@ -410,6 +261,48 @@ where
|
||||
pub fn into_session(self) -> Session {
|
||||
self.session
|
||||
}
|
||||
|
||||
fn maybe_auto_compact(&mut self) -> Option<AutoCompactionEvent> {
|
||||
if self.usage_tracker.cumulative_usage().input_tokens
|
||||
< self.auto_compaction_input_tokens_threshold
|
||||
{
|
||||
return None;
|
||||
}
|
||||
|
||||
let result = compact_session(
|
||||
&self.session,
|
||||
CompactionConfig {
|
||||
max_estimated_tokens: 0,
|
||||
..CompactionConfig::default()
|
||||
},
|
||||
);
|
||||
|
||||
if result.removed_message_count == 0 {
|
||||
return None;
|
||||
}
|
||||
|
||||
self.session = result.compacted_session;
|
||||
Some(AutoCompactionEvent {
|
||||
removed_message_count: result.removed_message_count,
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn auto_compaction_threshold_from_env() -> u32 {
|
||||
parse_auto_compaction_threshold(
|
||||
std::env::var(AUTO_COMPACTION_THRESHOLD_ENV_VAR)
|
||||
.ok()
|
||||
.as_deref(),
|
||||
)
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
fn parse_auto_compaction_threshold(value: Option<&str>) -> u32 {
|
||||
value
|
||||
.and_then(|raw| raw.trim().parse::<u32>().ok())
|
||||
.filter(|threshold| *threshold > 0)
|
||||
.unwrap_or(DEFAULT_AUTO_COMPACTION_INPUT_TOKENS_THRESHOLD)
|
||||
}
|
||||
|
||||
fn build_assistant_message(
|
||||
@@ -459,32 +352,6 @@ fn flush_text_block(text: &mut String, blocks: &mut Vec<ContentBlock>) {
|
||||
}
|
||||
}
|
||||
|
||||
fn format_hook_message(result: &HookRunResult, fallback: &str) -> String {
|
||||
if result.messages().is_empty() {
|
||||
fallback.to_string()
|
||||
} else {
|
||||
result.messages().join("\n")
|
||||
}
|
||||
}
|
||||
|
||||
fn merge_hook_feedback(messages: &[String], output: String, denied: bool) -> String {
|
||||
if messages.is_empty() {
|
||||
return output;
|
||||
}
|
||||
|
||||
let mut sections = Vec::new();
|
||||
if !output.trim().is_empty() {
|
||||
sections.push(output);
|
||||
}
|
||||
let label = if denied {
|
||||
"Hook feedback (denied)"
|
||||
} else {
|
||||
"Hook feedback"
|
||||
};
|
||||
sections.push(format!("{label}:\n{}", messages.join("\n")));
|
||||
sections.join("\n\n")
|
||||
}
|
||||
|
||||
type ToolHandler = Box<dyn FnMut(&str) -> Result<String, ToolError>>;
|
||||
|
||||
#[derive(Default)]
|
||||
@@ -520,11 +387,11 @@ impl ToolExecutor for StaticToolExecutor {
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::{
|
||||
ApiClient, ApiRequest, AssistantEvent, ConversationRuntime, RuntimeError,
|
||||
StaticToolExecutor,
|
||||
parse_auto_compaction_threshold, ApiClient, ApiRequest, AssistantEvent,
|
||||
AutoCompactionEvent, ConversationRuntime, RuntimeError, StaticToolExecutor,
|
||||
DEFAULT_AUTO_COMPACTION_INPUT_TOKENS_THRESHOLD,
|
||||
};
|
||||
use crate::compact::CompactionConfig;
|
||||
use crate::config::{RuntimeFeatureConfig, RuntimeHookConfig};
|
||||
use crate::permissions::{
|
||||
PermissionMode, PermissionPolicy, PermissionPromptDecision, PermissionPrompter,
|
||||
PermissionRequest,
|
||||
@@ -632,6 +499,7 @@ mod tests {
|
||||
assert_eq!(summary.tool_results.len(), 1);
|
||||
assert_eq!(runtime.session().messages.len(), 4);
|
||||
assert_eq!(summary.usage.output_tokens, 10);
|
||||
assert_eq!(summary.auto_compaction, None);
|
||||
assert!(matches!(
|
||||
runtime.session().messages[1].blocks[1],
|
||||
ContentBlock::ToolUse { .. }
|
||||
@@ -699,143 +567,6 @@ mod tests {
|
||||
));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn denies_tool_use_when_pre_tool_hook_blocks() {
|
||||
struct SingleCallApiClient;
|
||||
impl ApiClient for SingleCallApiClient {
|
||||
fn stream(&mut self, request: ApiRequest) -> Result<Vec<AssistantEvent>, RuntimeError> {
|
||||
if request
|
||||
.messages
|
||||
.iter()
|
||||
.any(|message| message.role == MessageRole::Tool)
|
||||
{
|
||||
return Ok(vec![
|
||||
AssistantEvent::TextDelta("blocked".to_string()),
|
||||
AssistantEvent::MessageStop,
|
||||
]);
|
||||
}
|
||||
Ok(vec![
|
||||
AssistantEvent::ToolUse {
|
||||
id: "tool-1".to_string(),
|
||||
name: "blocked".to_string(),
|
||||
input: r#"{"path":"secret.txt"}"#.to_string(),
|
||||
},
|
||||
AssistantEvent::MessageStop,
|
||||
])
|
||||
}
|
||||
}
|
||||
|
||||
let mut runtime = ConversationRuntime::new_with_features(
|
||||
Session::new(),
|
||||
SingleCallApiClient,
|
||||
StaticToolExecutor::new().register("blocked", |_input| {
|
||||
panic!("tool should not execute when hook denies")
|
||||
}),
|
||||
PermissionPolicy::new(PermissionMode::DangerFullAccess),
|
||||
vec!["system".to_string()],
|
||||
RuntimeFeatureConfig::default().with_hooks(RuntimeHookConfig::new(
|
||||
vec![shell_snippet("printf 'blocked by hook'; exit 2")],
|
||||
Vec::new(),
|
||||
Vec::new(),
|
||||
)),
|
||||
);
|
||||
|
||||
let summary = runtime
|
||||
.run_turn("use the tool", None)
|
||||
.expect("conversation should continue after hook denial");
|
||||
|
||||
assert_eq!(summary.tool_results.len(), 1);
|
||||
let ContentBlock::ToolResult {
|
||||
is_error, output, ..
|
||||
} = &summary.tool_results[0].blocks[0]
|
||||
else {
|
||||
panic!("expected tool result block");
|
||||
};
|
||||
assert!(
|
||||
*is_error,
|
||||
"hook denial should produce an error result: {output}"
|
||||
);
|
||||
assert!(
|
||||
output.contains("denied tool") || output.contains("blocked by hook"),
|
||||
"unexpected hook denial output: {output:?}"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn appends_post_tool_hook_feedback_to_tool_result() {
|
||||
struct TwoCallApiClient {
|
||||
calls: usize,
|
||||
}
|
||||
|
||||
impl ApiClient for TwoCallApiClient {
|
||||
fn stream(&mut self, request: ApiRequest) -> Result<Vec<AssistantEvent>, RuntimeError> {
|
||||
self.calls += 1;
|
||||
match self.calls {
|
||||
1 => Ok(vec![
|
||||
AssistantEvent::ToolUse {
|
||||
id: "tool-1".to_string(),
|
||||
name: "add".to_string(),
|
||||
input: r#"{"lhs":2,"rhs":2}"#.to_string(),
|
||||
},
|
||||
AssistantEvent::MessageStop,
|
||||
]),
|
||||
2 => {
|
||||
assert!(request
|
||||
.messages
|
||||
.iter()
|
||||
.any(|message| message.role == MessageRole::Tool));
|
||||
Ok(vec![
|
||||
AssistantEvent::TextDelta("done".to_string()),
|
||||
AssistantEvent::MessageStop,
|
||||
])
|
||||
}
|
||||
_ => Err(RuntimeError::new("unexpected extra API call")),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
let mut runtime = ConversationRuntime::new_with_features(
|
||||
Session::new(),
|
||||
TwoCallApiClient { calls: 0 },
|
||||
StaticToolExecutor::new().register("add", |_input| Ok("4".to_string())),
|
||||
PermissionPolicy::new(PermissionMode::DangerFullAccess),
|
||||
vec!["system".to_string()],
|
||||
RuntimeFeatureConfig::default().with_hooks(RuntimeHookConfig::new(
|
||||
vec![shell_snippet("printf 'pre hook ran'")],
|
||||
vec![shell_snippet("printf 'post hook ran'")],
|
||||
Vec::new(),
|
||||
)),
|
||||
);
|
||||
|
||||
let summary = runtime
|
||||
.run_turn("use add", None)
|
||||
.expect("tool loop succeeds");
|
||||
|
||||
assert_eq!(summary.tool_results.len(), 1);
|
||||
let ContentBlock::ToolResult {
|
||||
is_error, output, ..
|
||||
} = &summary.tool_results[0].blocks[0]
|
||||
else {
|
||||
panic!("expected tool result block");
|
||||
};
|
||||
assert!(
|
||||
!*is_error,
|
||||
"post hook should preserve non-error result: {output:?}"
|
||||
);
|
||||
assert!(
|
||||
output.contains('4'),
|
||||
"tool output missing value: {output:?}"
|
||||
);
|
||||
assert!(
|
||||
output.contains("pre hook ran"),
|
||||
"tool output missing pre hook feedback: {output:?}"
|
||||
);
|
||||
assert!(
|
||||
output.contains("post hook ran"),
|
||||
"tool output missing post hook feedback: {output:?}"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn reconstructs_usage_tracker_from_restored_session() {
|
||||
struct SimpleApi;
|
||||
@@ -915,13 +646,110 @@ mod tests {
|
||||
);
|
||||
}
|
||||
|
||||
#[cfg(windows)]
|
||||
fn shell_snippet(script: &str) -> String {
|
||||
script.replace('\'', "\"")
|
||||
#[test]
|
||||
fn auto_compacts_when_cumulative_input_threshold_is_crossed() {
|
||||
struct SimpleApi;
|
||||
impl ApiClient for SimpleApi {
|
||||
fn stream(
|
||||
&mut self,
|
||||
_request: ApiRequest,
|
||||
) -> Result<Vec<AssistantEvent>, RuntimeError> {
|
||||
Ok(vec![
|
||||
AssistantEvent::TextDelta("done".to_string()),
|
||||
AssistantEvent::Usage(TokenUsage {
|
||||
input_tokens: 120_000,
|
||||
output_tokens: 4,
|
||||
cache_creation_input_tokens: 0,
|
||||
cache_read_input_tokens: 0,
|
||||
}),
|
||||
AssistantEvent::MessageStop,
|
||||
])
|
||||
}
|
||||
}
|
||||
|
||||
let session = Session {
|
||||
version: 1,
|
||||
messages: vec![
|
||||
crate::session::ConversationMessage::user_text("one"),
|
||||
crate::session::ConversationMessage::assistant(vec![ContentBlock::Text {
|
||||
text: "two".to_string(),
|
||||
}]),
|
||||
crate::session::ConversationMessage::user_text("three"),
|
||||
crate::session::ConversationMessage::assistant(vec![ContentBlock::Text {
|
||||
text: "four".to_string(),
|
||||
}]),
|
||||
],
|
||||
};
|
||||
|
||||
let mut runtime = ConversationRuntime::new(
|
||||
session,
|
||||
SimpleApi,
|
||||
StaticToolExecutor::new(),
|
||||
PermissionPolicy::new(PermissionMode::DangerFullAccess),
|
||||
vec!["system".to_string()],
|
||||
)
|
||||
.with_auto_compaction_input_tokens_threshold(100_000);
|
||||
|
||||
let summary = runtime
|
||||
.run_turn("trigger", None)
|
||||
.expect("turn should succeed");
|
||||
|
||||
assert_eq!(
|
||||
summary.auto_compaction,
|
||||
Some(AutoCompactionEvent {
|
||||
removed_message_count: 2,
|
||||
})
|
||||
);
|
||||
assert_eq!(runtime.session().messages[0].role, MessageRole::System);
|
||||
}
|
||||
|
||||
#[cfg(not(windows))]
|
||||
fn shell_snippet(script: &str) -> String {
|
||||
script.to_string()
|
||||
#[test]
|
||||
fn skips_auto_compaction_below_threshold() {
|
||||
struct SimpleApi;
|
||||
impl ApiClient for SimpleApi {
|
||||
fn stream(
|
||||
&mut self,
|
||||
_request: ApiRequest,
|
||||
) -> Result<Vec<AssistantEvent>, RuntimeError> {
|
||||
Ok(vec![
|
||||
AssistantEvent::TextDelta("done".to_string()),
|
||||
AssistantEvent::Usage(TokenUsage {
|
||||
input_tokens: 99_999,
|
||||
output_tokens: 4,
|
||||
cache_creation_input_tokens: 0,
|
||||
cache_read_input_tokens: 0,
|
||||
}),
|
||||
AssistantEvent::MessageStop,
|
||||
])
|
||||
}
|
||||
}
|
||||
|
||||
let mut runtime = ConversationRuntime::new(
|
||||
Session::new(),
|
||||
SimpleApi,
|
||||
StaticToolExecutor::new(),
|
||||
PermissionPolicy::new(PermissionMode::DangerFullAccess),
|
||||
vec!["system".to_string()],
|
||||
)
|
||||
.with_auto_compaction_input_tokens_threshold(100_000);
|
||||
|
||||
let summary = runtime
|
||||
.run_turn("trigger", None)
|
||||
.expect("turn should succeed");
|
||||
assert_eq!(summary.auto_compaction, None);
|
||||
assert_eq!(runtime.session().messages.len(), 2);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn auto_compaction_threshold_defaults_and_parses_values() {
|
||||
assert_eq!(
|
||||
parse_auto_compaction_threshold(None),
|
||||
DEFAULT_AUTO_COMPACTION_INPUT_TOKENS_THRESHOLD
|
||||
);
|
||||
assert_eq!(parse_auto_compaction_threshold(Some("4321")), 4321);
|
||||
assert_eq!(
|
||||
parse_auto_compaction_threshold(Some("not-a-number")),
|
||||
DEFAULT_AUTO_COMPACTION_INPUT_TOKENS_THRESHOLD
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,853 +0,0 @@
|
||||
use std::ffi::OsStr;
|
||||
use std::io::Write;
|
||||
use std::process::{Command, Stdio};
|
||||
use std::sync::{
|
||||
atomic::{AtomicBool, Ordering},
|
||||
Arc,
|
||||
};
|
||||
use std::thread;
|
||||
use std::time::Duration;
|
||||
|
||||
use serde_json::{json, Value};
|
||||
|
||||
use crate::config::{RuntimeFeatureConfig, RuntimeHookConfig};
|
||||
use crate::permissions::PermissionOverride;
|
||||
|
||||
pub type HookPermissionDecision = PermissionOverride;
|
||||
|
||||
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
|
||||
pub enum HookEvent {
|
||||
PreToolUse,
|
||||
PostToolUse,
|
||||
PostToolUseFailure,
|
||||
}
|
||||
|
||||
impl HookEvent {
|
||||
#[must_use]
|
||||
pub fn as_str(self) -> &'static str {
|
||||
match self {
|
||||
Self::PreToolUse => "PreToolUse",
|
||||
Self::PostToolUse => "PostToolUse",
|
||||
Self::PostToolUseFailure => "PostToolUseFailure",
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq)]
|
||||
pub enum HookProgressEvent {
|
||||
Started {
|
||||
event: HookEvent,
|
||||
tool_name: String,
|
||||
command: String,
|
||||
},
|
||||
Completed {
|
||||
event: HookEvent,
|
||||
tool_name: String,
|
||||
command: String,
|
||||
},
|
||||
Cancelled {
|
||||
event: HookEvent,
|
||||
tool_name: String,
|
||||
command: String,
|
||||
},
|
||||
}
|
||||
|
||||
pub trait HookProgressReporter {
|
||||
fn on_event(&mut self, event: &HookProgressEvent);
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Default)]
|
||||
pub struct HookAbortSignal {
|
||||
aborted: Arc<AtomicBool>,
|
||||
}
|
||||
|
||||
impl HookAbortSignal {
|
||||
#[must_use]
|
||||
pub fn new() -> Self {
|
||||
Self::default()
|
||||
}
|
||||
|
||||
pub fn abort(&self) {
|
||||
self.aborted.store(true, Ordering::SeqCst);
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn is_aborted(&self) -> bool {
|
||||
self.aborted.load(Ordering::SeqCst)
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq)]
|
||||
pub struct HookRunResult {
|
||||
denied: bool,
|
||||
cancelled: bool,
|
||||
messages: Vec<String>,
|
||||
permission_override: Option<PermissionOverride>,
|
||||
permission_reason: Option<String>,
|
||||
updated_input: Option<String>,
|
||||
}
|
||||
|
||||
impl HookRunResult {
|
||||
#[must_use]
|
||||
pub fn allow(messages: Vec<String>) -> Self {
|
||||
Self {
|
||||
denied: false,
|
||||
cancelled: false,
|
||||
messages,
|
||||
permission_override: None,
|
||||
permission_reason: None,
|
||||
updated_input: None,
|
||||
}
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn is_denied(&self) -> bool {
|
||||
self.denied
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn is_cancelled(&self) -> bool {
|
||||
self.cancelled
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn messages(&self) -> &[String] {
|
||||
&self.messages
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn permission_override(&self) -> Option<PermissionOverride> {
|
||||
self.permission_override
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn permission_decision(&self) -> Option<HookPermissionDecision> {
|
||||
self.permission_override
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn permission_reason(&self) -> Option<&str> {
|
||||
self.permission_reason.as_deref()
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn updated_input(&self) -> Option<&str> {
|
||||
self.updated_input.as_deref()
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn updated_input_json(&self) -> Option<&str> {
|
||||
self.updated_input()
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq, Default)]
|
||||
pub struct HookRunner {
|
||||
config: RuntimeHookConfig,
|
||||
}
|
||||
|
||||
impl HookRunner {
|
||||
#[must_use]
|
||||
pub fn new(config: RuntimeHookConfig) -> Self {
|
||||
Self { config }
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn from_feature_config(feature_config: &RuntimeFeatureConfig) -> Self {
|
||||
Self::new(feature_config.hooks().clone())
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn run_pre_tool_use(&self, tool_name: &str, tool_input: &str) -> HookRunResult {
|
||||
self.run_pre_tool_use_with_context(tool_name, tool_input, None, None)
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn run_pre_tool_use_with_context(
|
||||
&self,
|
||||
tool_name: &str,
|
||||
tool_input: &str,
|
||||
abort_signal: Option<&HookAbortSignal>,
|
||||
reporter: Option<&mut dyn HookProgressReporter>,
|
||||
) -> HookRunResult {
|
||||
Self::run_commands(
|
||||
HookEvent::PreToolUse,
|
||||
self.config.pre_tool_use(),
|
||||
tool_name,
|
||||
tool_input,
|
||||
None,
|
||||
false,
|
||||
abort_signal,
|
||||
reporter,
|
||||
)
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn run_pre_tool_use_with_signal(
|
||||
&self,
|
||||
tool_name: &str,
|
||||
tool_input: &str,
|
||||
abort_signal: Option<&HookAbortSignal>,
|
||||
) -> HookRunResult {
|
||||
self.run_pre_tool_use_with_context(tool_name, tool_input, abort_signal, None)
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn run_post_tool_use(
|
||||
&self,
|
||||
tool_name: &str,
|
||||
tool_input: &str,
|
||||
tool_output: &str,
|
||||
is_error: bool,
|
||||
) -> HookRunResult {
|
||||
self.run_post_tool_use_with_context(
|
||||
tool_name,
|
||||
tool_input,
|
||||
tool_output,
|
||||
is_error,
|
||||
None,
|
||||
None,
|
||||
)
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn run_post_tool_use_with_context(
|
||||
&self,
|
||||
tool_name: &str,
|
||||
tool_input: &str,
|
||||
tool_output: &str,
|
||||
is_error: bool,
|
||||
abort_signal: Option<&HookAbortSignal>,
|
||||
reporter: Option<&mut dyn HookProgressReporter>,
|
||||
) -> HookRunResult {
|
||||
Self::run_commands(
|
||||
HookEvent::PostToolUse,
|
||||
self.config.post_tool_use(),
|
||||
tool_name,
|
||||
tool_input,
|
||||
Some(tool_output),
|
||||
is_error,
|
||||
abort_signal,
|
||||
reporter,
|
||||
)
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn run_post_tool_use_with_signal(
|
||||
&self,
|
||||
tool_name: &str,
|
||||
tool_input: &str,
|
||||
tool_output: &str,
|
||||
is_error: bool,
|
||||
abort_signal: Option<&HookAbortSignal>,
|
||||
) -> HookRunResult {
|
||||
self.run_post_tool_use_with_context(
|
||||
tool_name,
|
||||
tool_input,
|
||||
tool_output,
|
||||
is_error,
|
||||
abort_signal,
|
||||
None,
|
||||
)
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn run_post_tool_use_failure(
|
||||
&self,
|
||||
tool_name: &str,
|
||||
tool_input: &str,
|
||||
tool_error: &str,
|
||||
) -> HookRunResult {
|
||||
self.run_post_tool_use_failure_with_context(tool_name, tool_input, tool_error, None, None)
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn run_post_tool_use_failure_with_context(
|
||||
&self,
|
||||
tool_name: &str,
|
||||
tool_input: &str,
|
||||
tool_error: &str,
|
||||
abort_signal: Option<&HookAbortSignal>,
|
||||
reporter: Option<&mut dyn HookProgressReporter>,
|
||||
) -> HookRunResult {
|
||||
Self::run_commands(
|
||||
HookEvent::PostToolUseFailure,
|
||||
self.config.post_tool_use_failure(),
|
||||
tool_name,
|
||||
tool_input,
|
||||
Some(tool_error),
|
||||
true,
|
||||
abort_signal,
|
||||
reporter,
|
||||
)
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn run_post_tool_use_failure_with_signal(
|
||||
&self,
|
||||
tool_name: &str,
|
||||
tool_input: &str,
|
||||
tool_error: &str,
|
||||
abort_signal: Option<&HookAbortSignal>,
|
||||
) -> HookRunResult {
|
||||
self.run_post_tool_use_failure_with_context(
|
||||
tool_name,
|
||||
tool_input,
|
||||
tool_error,
|
||||
abort_signal,
|
||||
None,
|
||||
)
|
||||
}
|
||||
|
||||
#[allow(clippy::too_many_arguments)]
|
||||
fn run_commands(
|
||||
event: HookEvent,
|
||||
commands: &[String],
|
||||
tool_name: &str,
|
||||
tool_input: &str,
|
||||
tool_output: Option<&str>,
|
||||
is_error: bool,
|
||||
abort_signal: Option<&HookAbortSignal>,
|
||||
mut reporter: Option<&mut dyn HookProgressReporter>,
|
||||
) -> HookRunResult {
|
||||
if commands.is_empty() {
|
||||
return HookRunResult::allow(Vec::new());
|
||||
}
|
||||
|
||||
if abort_signal.is_some_and(HookAbortSignal::is_aborted) {
|
||||
return HookRunResult {
|
||||
denied: false,
|
||||
cancelled: true,
|
||||
messages: vec![format!(
|
||||
"{} hook cancelled before execution",
|
||||
event.as_str()
|
||||
)],
|
||||
permission_override: None,
|
||||
permission_reason: None,
|
||||
updated_input: None,
|
||||
};
|
||||
}
|
||||
|
||||
let payload = hook_payload(event, tool_name, tool_input, tool_output, is_error).to_string();
|
||||
let mut result = HookRunResult::allow(Vec::new());
|
||||
|
||||
for command in commands {
|
||||
if let Some(reporter) = reporter.as_deref_mut() {
|
||||
reporter.on_event(&HookProgressEvent::Started {
|
||||
event,
|
||||
tool_name: tool_name.to_string(),
|
||||
command: command.clone(),
|
||||
});
|
||||
}
|
||||
|
||||
match Self::run_command(
|
||||
command,
|
||||
event,
|
||||
tool_name,
|
||||
tool_input,
|
||||
tool_output,
|
||||
is_error,
|
||||
&payload,
|
||||
abort_signal,
|
||||
) {
|
||||
HookCommandOutcome::Allow { parsed } => {
|
||||
if let Some(reporter) = reporter.as_deref_mut() {
|
||||
reporter.on_event(&HookProgressEvent::Completed {
|
||||
event,
|
||||
tool_name: tool_name.to_string(),
|
||||
command: command.clone(),
|
||||
});
|
||||
}
|
||||
merge_parsed_hook_output(&mut result, parsed);
|
||||
}
|
||||
HookCommandOutcome::Deny { parsed } => {
|
||||
if let Some(reporter) = reporter.as_deref_mut() {
|
||||
reporter.on_event(&HookProgressEvent::Completed {
|
||||
event,
|
||||
tool_name: tool_name.to_string(),
|
||||
command: command.clone(),
|
||||
});
|
||||
}
|
||||
merge_parsed_hook_output(&mut result, parsed);
|
||||
result.denied = true;
|
||||
return result;
|
||||
}
|
||||
HookCommandOutcome::Warn { message } => {
|
||||
if let Some(reporter) = reporter.as_deref_mut() {
|
||||
reporter.on_event(&HookProgressEvent::Completed {
|
||||
event,
|
||||
tool_name: tool_name.to_string(),
|
||||
command: command.clone(),
|
||||
});
|
||||
}
|
||||
result.messages.push(message);
|
||||
}
|
||||
HookCommandOutcome::Cancelled { message } => {
|
||||
if let Some(reporter) = reporter.as_deref_mut() {
|
||||
reporter.on_event(&HookProgressEvent::Cancelled {
|
||||
event,
|
||||
tool_name: tool_name.to_string(),
|
||||
command: command.clone(),
|
||||
});
|
||||
}
|
||||
result.cancelled = true;
|
||||
result.messages.push(message);
|
||||
return result;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
result
|
||||
}
|
||||
|
||||
#[allow(clippy::too_many_arguments)]
|
||||
fn run_command(
|
||||
command: &str,
|
||||
event: HookEvent,
|
||||
tool_name: &str,
|
||||
tool_input: &str,
|
||||
tool_output: Option<&str>,
|
||||
is_error: bool,
|
||||
payload: &str,
|
||||
abort_signal: Option<&HookAbortSignal>,
|
||||
) -> HookCommandOutcome {
|
||||
let mut child = shell_command(command);
|
||||
child.stdin(Stdio::piped());
|
||||
child.stdout(Stdio::piped());
|
||||
child.stderr(Stdio::piped());
|
||||
child.env("HOOK_EVENT", event.as_str());
|
||||
child.env("HOOK_TOOL_NAME", tool_name);
|
||||
child.env("HOOK_TOOL_INPUT", tool_input);
|
||||
child.env("HOOK_TOOL_IS_ERROR", if is_error { "1" } else { "0" });
|
||||
if let Some(tool_output) = tool_output {
|
||||
child.env("HOOK_TOOL_OUTPUT", tool_output);
|
||||
}
|
||||
|
||||
match child.output_with_stdin(payload.as_bytes(), abort_signal) {
|
||||
Ok(CommandExecution::Finished(output)) => {
|
||||
let stdout = String::from_utf8_lossy(&output.stdout).trim().to_string();
|
||||
let stderr = String::from_utf8_lossy(&output.stderr).trim().to_string();
|
||||
let parsed = parse_hook_output(&stdout);
|
||||
match output.status.code() {
|
||||
Some(0) => {
|
||||
if parsed.deny {
|
||||
HookCommandOutcome::Deny { parsed }
|
||||
} else {
|
||||
HookCommandOutcome::Allow { parsed }
|
||||
}
|
||||
}
|
||||
Some(2) => HookCommandOutcome::Deny {
|
||||
parsed: parsed.with_fallback_message(format!(
|
||||
"{} hook denied tool `{tool_name}`",
|
||||
event.as_str()
|
||||
)),
|
||||
},
|
||||
Some(code) => HookCommandOutcome::Warn {
|
||||
message: format_hook_warning(
|
||||
command,
|
||||
code,
|
||||
parsed.primary_message(),
|
||||
stderr.as_str(),
|
||||
),
|
||||
},
|
||||
None => HookCommandOutcome::Warn {
|
||||
message: format!(
|
||||
"{} hook `{command}` terminated by signal while handling `{tool_name}`",
|
||||
event.as_str()
|
||||
),
|
||||
},
|
||||
}
|
||||
}
|
||||
Ok(CommandExecution::Cancelled) => HookCommandOutcome::Cancelled {
|
||||
message: format!(
|
||||
"{} hook `{command}` cancelled while handling `{tool_name}`",
|
||||
event.as_str()
|
||||
),
|
||||
},
|
||||
Err(error) => HookCommandOutcome::Warn {
|
||||
message: format!(
|
||||
"{} hook `{command}` failed to start for `{tool_name}`: {error}",
|
||||
event.as_str()
|
||||
),
|
||||
},
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
enum HookCommandOutcome {
|
||||
Allow { parsed: ParsedHookOutput },
|
||||
Deny { parsed: ParsedHookOutput },
|
||||
Warn { message: String },
|
||||
Cancelled { message: String },
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq, Default)]
|
||||
struct ParsedHookOutput {
|
||||
messages: Vec<String>,
|
||||
deny: bool,
|
||||
permission_override: Option<PermissionOverride>,
|
||||
permission_reason: Option<String>,
|
||||
updated_input: Option<String>,
|
||||
}
|
||||
|
||||
impl ParsedHookOutput {
|
||||
fn with_fallback_message(mut self, fallback: String) -> Self {
|
||||
if self.messages.is_empty() {
|
||||
self.messages.push(fallback);
|
||||
}
|
||||
self
|
||||
}
|
||||
|
||||
fn primary_message(&self) -> Option<&str> {
|
||||
self.messages.first().map(String::as_str)
|
||||
}
|
||||
}
|
||||
|
||||
fn merge_parsed_hook_output(target: &mut HookRunResult, parsed: ParsedHookOutput) {
|
||||
target.messages.extend(parsed.messages);
|
||||
if parsed.permission_override.is_some() {
|
||||
target.permission_override = parsed.permission_override;
|
||||
}
|
||||
if parsed.permission_reason.is_some() {
|
||||
target.permission_reason = parsed.permission_reason;
|
||||
}
|
||||
if parsed.updated_input.is_some() {
|
||||
target.updated_input = parsed.updated_input;
|
||||
}
|
||||
}
|
||||
|
||||
fn parse_hook_output(stdout: &str) -> ParsedHookOutput {
|
||||
if stdout.is_empty() {
|
||||
return ParsedHookOutput::default();
|
||||
}
|
||||
|
||||
let Ok(Value::Object(root)) = serde_json::from_str::<Value>(stdout) else {
|
||||
return ParsedHookOutput {
|
||||
messages: vec![stdout.to_string()],
|
||||
..ParsedHookOutput::default()
|
||||
};
|
||||
};
|
||||
|
||||
let mut parsed = ParsedHookOutput::default();
|
||||
|
||||
if let Some(message) = root.get("systemMessage").and_then(Value::as_str) {
|
||||
parsed.messages.push(message.to_string());
|
||||
}
|
||||
if let Some(message) = root.get("reason").and_then(Value::as_str) {
|
||||
parsed.messages.push(message.to_string());
|
||||
}
|
||||
if root.get("continue").and_then(Value::as_bool) == Some(false)
|
||||
|| root.get("decision").and_then(Value::as_str) == Some("block")
|
||||
{
|
||||
parsed.deny = true;
|
||||
}
|
||||
|
||||
if let Some(Value::Object(specific)) = root.get("hookSpecificOutput") {
|
||||
if let Some(Value::String(additional_context)) = specific.get("additionalContext") {
|
||||
parsed.messages.push(additional_context.clone());
|
||||
}
|
||||
if let Some(decision) = specific.get("permissionDecision").and_then(Value::as_str) {
|
||||
parsed.permission_override = match decision {
|
||||
"allow" => Some(PermissionOverride::Allow),
|
||||
"deny" => Some(PermissionOverride::Deny),
|
||||
"ask" => Some(PermissionOverride::Ask),
|
||||
_ => None,
|
||||
};
|
||||
}
|
||||
if let Some(reason) = specific
|
||||
.get("permissionDecisionReason")
|
||||
.and_then(Value::as_str)
|
||||
{
|
||||
parsed.permission_reason = Some(reason.to_string());
|
||||
}
|
||||
if let Some(updated_input) = specific.get("updatedInput") {
|
||||
parsed.updated_input = serde_json::to_string(updated_input).ok();
|
||||
}
|
||||
}
|
||||
|
||||
if parsed.messages.is_empty() {
|
||||
parsed.messages.push(stdout.to_string());
|
||||
}
|
||||
|
||||
parsed
|
||||
}
|
||||
|
||||
fn hook_payload(
|
||||
event: HookEvent,
|
||||
tool_name: &str,
|
||||
tool_input: &str,
|
||||
tool_output: Option<&str>,
|
||||
is_error: bool,
|
||||
) -> Value {
|
||||
match event {
|
||||
HookEvent::PostToolUseFailure => json!({
|
||||
"hook_event_name": event.as_str(),
|
||||
"tool_name": tool_name,
|
||||
"tool_input": parse_tool_input(tool_input),
|
||||
"tool_input_json": tool_input,
|
||||
"tool_error": tool_output,
|
||||
"tool_result_is_error": true,
|
||||
}),
|
||||
_ => json!({
|
||||
"hook_event_name": event.as_str(),
|
||||
"tool_name": tool_name,
|
||||
"tool_input": parse_tool_input(tool_input),
|
||||
"tool_input_json": tool_input,
|
||||
"tool_output": tool_output,
|
||||
"tool_result_is_error": is_error,
|
||||
}),
|
||||
}
|
||||
}
|
||||
|
||||
fn parse_tool_input(tool_input: &str) -> Value {
|
||||
serde_json::from_str(tool_input).unwrap_or_else(|_| json!({ "raw": tool_input }))
|
||||
}
|
||||
|
||||
fn format_hook_warning(command: &str, code: i32, stdout: Option<&str>, stderr: &str) -> String {
|
||||
let mut message =
|
||||
format!("Hook `{command}` exited with status {code}; allowing tool execution to continue");
|
||||
if let Some(stdout) = stdout.filter(|stdout| !stdout.is_empty()) {
|
||||
message.push_str(": ");
|
||||
message.push_str(stdout);
|
||||
} else if !stderr.is_empty() {
|
||||
message.push_str(": ");
|
||||
message.push_str(stderr);
|
||||
}
|
||||
message
|
||||
}
|
||||
|
||||
fn shell_command(command: &str) -> CommandWithStdin {
|
||||
#[cfg(windows)]
|
||||
let mut command_builder = {
|
||||
let mut command_builder = Command::new("cmd");
|
||||
command_builder.arg("/C").arg(command);
|
||||
CommandWithStdin::new(command_builder)
|
||||
};
|
||||
|
||||
#[cfg(not(windows))]
|
||||
let command_builder = {
|
||||
let mut command_builder = Command::new("sh");
|
||||
command_builder.arg("-lc").arg(command);
|
||||
CommandWithStdin::new(command_builder)
|
||||
};
|
||||
|
||||
command_builder
|
||||
}
|
||||
|
||||
struct CommandWithStdin {
|
||||
command: Command,
|
||||
}
|
||||
|
||||
impl CommandWithStdin {
|
||||
fn new(command: Command) -> Self {
|
||||
Self { command }
|
||||
}
|
||||
|
||||
fn stdin(&mut self, cfg: Stdio) -> &mut Self {
|
||||
self.command.stdin(cfg);
|
||||
self
|
||||
}
|
||||
|
||||
fn stdout(&mut self, cfg: Stdio) -> &mut Self {
|
||||
self.command.stdout(cfg);
|
||||
self
|
||||
}
|
||||
|
||||
fn stderr(&mut self, cfg: Stdio) -> &mut Self {
|
||||
self.command.stderr(cfg);
|
||||
self
|
||||
}
|
||||
|
||||
fn env<K, V>(&mut self, key: K, value: V) -> &mut Self
|
||||
where
|
||||
K: AsRef<OsStr>,
|
||||
V: AsRef<OsStr>,
|
||||
{
|
||||
self.command.env(key, value);
|
||||
self
|
||||
}
|
||||
|
||||
fn output_with_stdin(
|
||||
&mut self,
|
||||
stdin: &[u8],
|
||||
abort_signal: Option<&HookAbortSignal>,
|
||||
) -> std::io::Result<CommandExecution> {
|
||||
let mut child = self.command.spawn()?;
|
||||
if let Some(mut child_stdin) = child.stdin.take() {
|
||||
child_stdin.write_all(stdin)?;
|
||||
}
|
||||
|
||||
loop {
|
||||
if abort_signal.is_some_and(HookAbortSignal::is_aborted) {
|
||||
let _ = child.kill();
|
||||
let _ = child.wait_with_output();
|
||||
return Ok(CommandExecution::Cancelled);
|
||||
}
|
||||
|
||||
match child.try_wait()? {
|
||||
Some(_) => return child.wait_with_output().map(CommandExecution::Finished),
|
||||
None => thread::sleep(Duration::from_millis(20)),
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
enum CommandExecution {
|
||||
Finished(std::process::Output),
|
||||
Cancelled,
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use std::thread;
|
||||
use std::time::Duration;
|
||||
|
||||
use super::{
|
||||
HookAbortSignal, HookEvent, HookProgressEvent, HookProgressReporter, HookRunResult,
|
||||
HookRunner,
|
||||
};
|
||||
use crate::config::{RuntimeFeatureConfig, RuntimeHookConfig};
|
||||
use crate::permissions::PermissionOverride;
|
||||
|
||||
struct RecordingReporter {
|
||||
events: Vec<HookProgressEvent>,
|
||||
}
|
||||
|
||||
impl HookProgressReporter for RecordingReporter {
|
||||
fn on_event(&mut self, event: &HookProgressEvent) {
|
||||
self.events.push(event.clone());
|
||||
}
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn allows_exit_code_zero_and_captures_stdout() {
|
||||
let runner = HookRunner::new(RuntimeHookConfig::new(
|
||||
vec![shell_snippet("printf 'pre ok'")],
|
||||
Vec::new(),
|
||||
Vec::new(),
|
||||
));
|
||||
|
||||
let result = runner.run_pre_tool_use("Read", r#"{"path":"README.md"}"#);
|
||||
|
||||
assert_eq!(result, HookRunResult::allow(vec!["pre ok".to_string()]));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn denies_exit_code_two() {
|
||||
let runner = HookRunner::new(RuntimeHookConfig::new(
|
||||
vec![shell_snippet("printf 'blocked by hook'; exit 2")],
|
||||
Vec::new(),
|
||||
Vec::new(),
|
||||
));
|
||||
|
||||
let result = runner.run_pre_tool_use("Bash", r#"{"command":"pwd"}"#);
|
||||
|
||||
assert!(result.is_denied());
|
||||
assert_eq!(result.messages(), &["blocked by hook".to_string()]);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn warns_for_other_non_zero_statuses() {
|
||||
let runner = HookRunner::from_feature_config(&RuntimeFeatureConfig::default().with_hooks(
|
||||
RuntimeHookConfig::new(
|
||||
vec![shell_snippet("printf 'warning hook'; exit 1")],
|
||||
Vec::new(),
|
||||
Vec::new(),
|
||||
),
|
||||
));
|
||||
|
||||
let result = runner.run_pre_tool_use("Edit", r#"{"file":"src/lib.rs"}"#);
|
||||
|
||||
assert!(!result.is_denied());
|
||||
assert!(result
|
||||
.messages()
|
||||
.iter()
|
||||
.any(|message| message.contains("allowing tool execution to continue")));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn parses_pre_hook_permission_override_and_updated_input() {
|
||||
let runner = HookRunner::new(RuntimeHookConfig::new(
|
||||
vec![shell_snippet(
|
||||
r#"printf '%s' '{"systemMessage":"updated","hookSpecificOutput":{"permissionDecision":"allow","permissionDecisionReason":"hook ok","updatedInput":{"command":"git status"}}}'"#,
|
||||
)],
|
||||
Vec::new(),
|
||||
Vec::new(),
|
||||
));
|
||||
|
||||
let result = runner.run_pre_tool_use("bash", r#"{"command":"pwd"}"#);
|
||||
|
||||
assert_eq!(
|
||||
result.permission_override(),
|
||||
Some(PermissionOverride::Allow)
|
||||
);
|
||||
assert_eq!(result.permission_reason(), Some("hook ok"));
|
||||
assert_eq!(result.updated_input(), Some(r#"{"command":"git status"}"#));
|
||||
assert!(result.messages().iter().any(|message| message == "updated"));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn runs_post_tool_use_failure_hooks() {
|
||||
let runner = HookRunner::new(RuntimeHookConfig::new(
|
||||
Vec::new(),
|
||||
Vec::new(),
|
||||
vec![shell_snippet("printf 'failure hook ran'")],
|
||||
));
|
||||
|
||||
let result =
|
||||
runner.run_post_tool_use_failure("bash", r#"{"command":"false"}"#, "command failed");
|
||||
|
||||
assert!(!result.is_denied());
|
||||
assert_eq!(result.messages(), &["failure hook ran".to_string()]);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn abort_signal_cancels_long_running_hook_and_reports_progress() {
|
||||
let runner = HookRunner::new(RuntimeHookConfig::new(
|
||||
vec![shell_snippet("sleep 5")],
|
||||
Vec::new(),
|
||||
Vec::new(),
|
||||
));
|
||||
let abort_signal = HookAbortSignal::new();
|
||||
let abort_signal_for_thread = abort_signal.clone();
|
||||
let mut reporter = RecordingReporter { events: Vec::new() };
|
||||
|
||||
thread::spawn(move || {
|
||||
thread::sleep(Duration::from_millis(100));
|
||||
abort_signal_for_thread.abort();
|
||||
});
|
||||
|
||||
let result = runner.run_pre_tool_use_with_context(
|
||||
"bash",
|
||||
r#"{"command":"sleep 5"}"#,
|
||||
Some(&abort_signal),
|
||||
Some(&mut reporter),
|
||||
);
|
||||
|
||||
assert!(result.is_cancelled());
|
||||
assert!(reporter.events.iter().any(|event| matches!(
|
||||
event,
|
||||
HookProgressEvent::Started {
|
||||
event: HookEvent::PreToolUse,
|
||||
..
|
||||
}
|
||||
)));
|
||||
assert!(reporter.events.iter().any(|event| matches!(
|
||||
event,
|
||||
HookProgressEvent::Cancelled {
|
||||
event: HookEvent::PreToolUse,
|
||||
..
|
||||
}
|
||||
)));
|
||||
}
|
||||
|
||||
#[cfg(windows)]
|
||||
fn shell_snippet(script: &str) -> String {
|
||||
script.replace('\'', "\"")
|
||||
}
|
||||
|
||||
#[cfg(not(windows))]
|
||||
fn shell_snippet(script: &str) -> String {
|
||||
script.to_string()
|
||||
}
|
||||
}
|
||||
@@ -4,7 +4,6 @@ mod compact;
|
||||
mod config;
|
||||
mod conversation;
|
||||
mod file_ops;
|
||||
mod hooks;
|
||||
mod json;
|
||||
mod mcp;
|
||||
mod mcp_client;
|
||||
@@ -27,21 +26,18 @@ pub use config::{
|
||||
ConfigEntry, ConfigError, ConfigLoader, ConfigSource, McpClaudeAiProxyServerConfig,
|
||||
McpConfigCollection, McpOAuthConfig, McpRemoteServerConfig, McpSdkServerConfig,
|
||||
McpServerConfig, McpStdioServerConfig, McpTransport, McpWebSocketServerConfig, OAuthConfig,
|
||||
ResolvedPermissionMode, RuntimeConfig, RuntimeFeatureConfig, RuntimeHookConfig,
|
||||
RuntimePermissionRuleConfig, ScopedMcpServerConfig, CLAUDE_CODE_SETTINGS_SCHEMA_NAME,
|
||||
ResolvedPermissionMode, RuntimeConfig, RuntimeFeatureConfig, ScopedMcpServerConfig,
|
||||
CLAUDE_CODE_SETTINGS_SCHEMA_NAME,
|
||||
};
|
||||
pub use conversation::{
|
||||
ApiClient, ApiRequest, AssistantEvent, ConversationRuntime, RuntimeError, StaticToolExecutor,
|
||||
ToolError, ToolExecutor, TurnSummary,
|
||||
auto_compaction_threshold_from_env, ApiClient, ApiRequest, AssistantEvent, AutoCompactionEvent,
|
||||
ConversationRuntime, RuntimeError, StaticToolExecutor, ToolError, ToolExecutor, TurnSummary,
|
||||
};
|
||||
pub use file_ops::{
|
||||
edit_file, glob_search, grep_search, read_file, write_file, EditFileOutput, GlobSearchOutput,
|
||||
GrepSearchInput, GrepSearchOutput, ReadFileOutput, StructuredPatchHunk, TextFilePayload,
|
||||
WriteFileOutput,
|
||||
};
|
||||
pub use hooks::{
|
||||
HookAbortSignal, HookEvent, HookProgressEvent, HookProgressReporter, HookRunResult, HookRunner,
|
||||
};
|
||||
pub use mcp::{
|
||||
mcp_server_signature, mcp_tool_name, mcp_tool_prefix, normalize_name_for_mcp,
|
||||
scoped_mcp_config_hash, unwrap_ccr_proxy_url,
|
||||
@@ -66,8 +62,8 @@ pub use oauth::{
|
||||
PkceChallengeMethod, PkceCodePair,
|
||||
};
|
||||
pub use permissions::{
|
||||
PermissionContext, PermissionMode, PermissionOutcome, PermissionOverride, PermissionPolicy,
|
||||
PermissionPromptDecision, PermissionPrompter, PermissionRequest,
|
||||
PermissionMode, PermissionOutcome, PermissionPolicy, PermissionPromptDecision,
|
||||
PermissionPrompter, PermissionRequest,
|
||||
};
|
||||
pub use prompt::{
|
||||
load_system_prompt, prepend_bullets, ContextFile, ProjectContext, PromptBuildError,
|
||||
|
||||
@@ -1,9 +1,5 @@
|
||||
use std::collections::BTreeMap;
|
||||
|
||||
use serde_json::Value;
|
||||
|
||||
use crate::config::RuntimePermissionRuleConfig;
|
||||
|
||||
#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord)]
|
||||
pub enum PermissionMode {
|
||||
ReadOnly,
|
||||
@@ -26,49 +22,12 @@ impl PermissionMode {
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
|
||||
pub enum PermissionOverride {
|
||||
Allow,
|
||||
Deny,
|
||||
Ask,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq, Default)]
|
||||
pub struct PermissionContext {
|
||||
override_decision: Option<PermissionOverride>,
|
||||
override_reason: Option<String>,
|
||||
}
|
||||
|
||||
impl PermissionContext {
|
||||
#[must_use]
|
||||
pub fn new(
|
||||
override_decision: Option<PermissionOverride>,
|
||||
override_reason: Option<String>,
|
||||
) -> Self {
|
||||
Self {
|
||||
override_decision,
|
||||
override_reason,
|
||||
}
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn override_decision(&self) -> Option<PermissionOverride> {
|
||||
self.override_decision
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn override_reason(&self) -> Option<&str> {
|
||||
self.override_reason.as_deref()
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq)]
|
||||
pub struct PermissionRequest {
|
||||
pub tool_name: String,
|
||||
pub input: String,
|
||||
pub current_mode: PermissionMode,
|
||||
pub required_mode: PermissionMode,
|
||||
pub reason: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq)]
|
||||
@@ -91,9 +50,6 @@ pub enum PermissionOutcome {
|
||||
pub struct PermissionPolicy {
|
||||
active_mode: PermissionMode,
|
||||
tool_requirements: BTreeMap<String, PermissionMode>,
|
||||
allow_rules: Vec<PermissionRule>,
|
||||
deny_rules: Vec<PermissionRule>,
|
||||
ask_rules: Vec<PermissionRule>,
|
||||
}
|
||||
|
||||
impl PermissionPolicy {
|
||||
@@ -102,9 +58,6 @@ impl PermissionPolicy {
|
||||
Self {
|
||||
active_mode,
|
||||
tool_requirements: BTreeMap::new(),
|
||||
allow_rules: Vec::new(),
|
||||
deny_rules: Vec::new(),
|
||||
ask_rules: Vec::new(),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -119,26 +72,6 @@ impl PermissionPolicy {
|
||||
self
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn with_permission_rules(mut self, config: &RuntimePermissionRuleConfig) -> Self {
|
||||
self.allow_rules = config
|
||||
.allow()
|
||||
.iter()
|
||||
.map(|rule| PermissionRule::parse(rule))
|
||||
.collect();
|
||||
self.deny_rules = config
|
||||
.deny()
|
||||
.iter()
|
||||
.map(|rule| PermissionRule::parse(rule))
|
||||
.collect();
|
||||
self.ask_rules = config
|
||||
.ask()
|
||||
.iter()
|
||||
.map(|rule| PermissionRule::parse(rule))
|
||||
.collect();
|
||||
self
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
pub fn active_mode(&self) -> PermissionMode {
|
||||
self.active_mode
|
||||
@@ -157,121 +90,38 @@ impl PermissionPolicy {
|
||||
&self,
|
||||
tool_name: &str,
|
||||
input: &str,
|
||||
prompter: Option<&mut dyn PermissionPrompter>,
|
||||
mut prompter: Option<&mut dyn PermissionPrompter>,
|
||||
) -> PermissionOutcome {
|
||||
self.authorize_with_context(tool_name, input, &PermissionContext::default(), prompter)
|
||||
}
|
||||
|
||||
#[must_use]
|
||||
#[allow(clippy::too_many_lines)]
|
||||
pub fn authorize_with_context(
|
||||
&self,
|
||||
tool_name: &str,
|
||||
input: &str,
|
||||
context: &PermissionContext,
|
||||
prompter: Option<&mut dyn PermissionPrompter>,
|
||||
) -> PermissionOutcome {
|
||||
if let Some(rule) = Self::find_matching_rule(&self.deny_rules, tool_name, input) {
|
||||
return PermissionOutcome::Deny {
|
||||
reason: format!(
|
||||
"Permission to use {tool_name} has been denied by rule '{}'",
|
||||
rule.raw
|
||||
),
|
||||
};
|
||||
}
|
||||
|
||||
let current_mode = self.active_mode();
|
||||
let required_mode = self.required_mode_for(tool_name);
|
||||
let ask_rule = Self::find_matching_rule(&self.ask_rules, tool_name, input);
|
||||
let allow_rule = Self::find_matching_rule(&self.allow_rules, tool_name, input);
|
||||
|
||||
match context.override_decision() {
|
||||
Some(PermissionOverride::Deny) => {
|
||||
return PermissionOutcome::Deny {
|
||||
reason: context.override_reason().map_or_else(
|
||||
|| format!("tool '{tool_name}' denied by hook"),
|
||||
ToOwned::to_owned,
|
||||
),
|
||||
};
|
||||
}
|
||||
Some(PermissionOverride::Ask) => {
|
||||
let reason = context.override_reason().map_or_else(
|
||||
|| format!("tool '{tool_name}' requires approval due to hook guidance"),
|
||||
ToOwned::to_owned,
|
||||
);
|
||||
return Self::prompt_or_deny(
|
||||
tool_name,
|
||||
input,
|
||||
current_mode,
|
||||
required_mode,
|
||||
Some(reason),
|
||||
prompter,
|
||||
);
|
||||
}
|
||||
Some(PermissionOverride::Allow) => {
|
||||
if let Some(rule) = ask_rule {
|
||||
let reason = format!(
|
||||
"tool '{tool_name}' requires approval due to ask rule '{}'",
|
||||
rule.raw
|
||||
);
|
||||
return Self::prompt_or_deny(
|
||||
tool_name,
|
||||
input,
|
||||
current_mode,
|
||||
required_mode,
|
||||
Some(reason),
|
||||
prompter,
|
||||
);
|
||||
}
|
||||
if allow_rule.is_some()
|
||||
|| current_mode == PermissionMode::Allow
|
||||
|| current_mode >= required_mode
|
||||
{
|
||||
return PermissionOutcome::Allow;
|
||||
}
|
||||
}
|
||||
None => {}
|
||||
}
|
||||
|
||||
if let Some(rule) = ask_rule {
|
||||
let reason = format!(
|
||||
"tool '{tool_name}' requires approval due to ask rule '{}'",
|
||||
rule.raw
|
||||
);
|
||||
return Self::prompt_or_deny(
|
||||
tool_name,
|
||||
input,
|
||||
current_mode,
|
||||
required_mode,
|
||||
Some(reason),
|
||||
prompter,
|
||||
);
|
||||
}
|
||||
|
||||
if allow_rule.is_some()
|
||||
|| current_mode == PermissionMode::Allow
|
||||
|| current_mode >= required_mode
|
||||
{
|
||||
if current_mode == PermissionMode::Allow || current_mode >= required_mode {
|
||||
return PermissionOutcome::Allow;
|
||||
}
|
||||
|
||||
let request = PermissionRequest {
|
||||
tool_name: tool_name.to_string(),
|
||||
input: input.to_string(),
|
||||
current_mode,
|
||||
required_mode,
|
||||
};
|
||||
|
||||
if current_mode == PermissionMode::Prompt
|
||||
|| (current_mode == PermissionMode::WorkspaceWrite
|
||||
&& required_mode == PermissionMode::DangerFullAccess)
|
||||
{
|
||||
let reason = Some(format!(
|
||||
"tool '{tool_name}' requires approval to escalate from {} to {}",
|
||||
current_mode.as_str(),
|
||||
required_mode.as_str()
|
||||
));
|
||||
return Self::prompt_or_deny(
|
||||
tool_name,
|
||||
input,
|
||||
current_mode,
|
||||
required_mode,
|
||||
reason,
|
||||
prompter,
|
||||
);
|
||||
return match prompter.as_mut() {
|
||||
Some(prompter) => match prompter.decide(&request) {
|
||||
PermissionPromptDecision::Allow => PermissionOutcome::Allow,
|
||||
PermissionPromptDecision::Deny { reason } => PermissionOutcome::Deny { reason },
|
||||
},
|
||||
None => PermissionOutcome::Deny {
|
||||
reason: format!(
|
||||
"tool '{tool_name}' requires approval to escalate from {} to {}",
|
||||
current_mode.as_str(),
|
||||
required_mode.as_str()
|
||||
),
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
PermissionOutcome::Deny {
|
||||
@@ -282,191 +132,14 @@ impl PermissionPolicy {
|
||||
),
|
||||
}
|
||||
}
|
||||
|
||||
fn prompt_or_deny(
|
||||
tool_name: &str,
|
||||
input: &str,
|
||||
current_mode: PermissionMode,
|
||||
required_mode: PermissionMode,
|
||||
reason: Option<String>,
|
||||
mut prompter: Option<&mut dyn PermissionPrompter>,
|
||||
) -> PermissionOutcome {
|
||||
let request = PermissionRequest {
|
||||
tool_name: tool_name.to_string(),
|
||||
input: input.to_string(),
|
||||
current_mode,
|
||||
required_mode,
|
||||
reason: reason.clone(),
|
||||
};
|
||||
|
||||
match prompter.as_mut() {
|
||||
Some(prompter) => match prompter.decide(&request) {
|
||||
PermissionPromptDecision::Allow => PermissionOutcome::Allow,
|
||||
PermissionPromptDecision::Deny { reason } => PermissionOutcome::Deny { reason },
|
||||
},
|
||||
None => PermissionOutcome::Deny {
|
||||
reason: reason.unwrap_or_else(|| {
|
||||
format!(
|
||||
"tool '{tool_name}' requires approval to run while mode is {}",
|
||||
current_mode.as_str()
|
||||
)
|
||||
}),
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
fn find_matching_rule<'a>(
|
||||
rules: &'a [PermissionRule],
|
||||
tool_name: &str,
|
||||
input: &str,
|
||||
) -> Option<&'a PermissionRule> {
|
||||
rules.iter().find(|rule| rule.matches(tool_name, input))
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq)]
|
||||
struct PermissionRule {
|
||||
raw: String,
|
||||
tool_name: String,
|
||||
matcher: PermissionRuleMatcher,
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq)]
|
||||
enum PermissionRuleMatcher {
|
||||
Any,
|
||||
Exact(String),
|
||||
Prefix(String),
|
||||
}
|
||||
|
||||
impl PermissionRule {
|
||||
fn parse(raw: &str) -> Self {
|
||||
let trimmed = raw.trim();
|
||||
let open = find_first_unescaped(trimmed, '(');
|
||||
let close = find_last_unescaped(trimmed, ')');
|
||||
|
||||
if let (Some(open), Some(close)) = (open, close) {
|
||||
if close == trimmed.len() - 1 && open < close {
|
||||
let tool_name = trimmed[..open].trim();
|
||||
let content = &trimmed[open + 1..close];
|
||||
if !tool_name.is_empty() {
|
||||
let matcher = parse_rule_matcher(content);
|
||||
return Self {
|
||||
raw: trimmed.to_string(),
|
||||
tool_name: tool_name.to_string(),
|
||||
matcher,
|
||||
};
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Self {
|
||||
raw: trimmed.to_string(),
|
||||
tool_name: trimmed.to_string(),
|
||||
matcher: PermissionRuleMatcher::Any,
|
||||
}
|
||||
}
|
||||
|
||||
fn matches(&self, tool_name: &str, input: &str) -> bool {
|
||||
if self.tool_name != tool_name {
|
||||
return false;
|
||||
}
|
||||
|
||||
match &self.matcher {
|
||||
PermissionRuleMatcher::Any => true,
|
||||
PermissionRuleMatcher::Exact(expected) => {
|
||||
extract_permission_subject(input).is_some_and(|candidate| candidate == *expected)
|
||||
}
|
||||
PermissionRuleMatcher::Prefix(prefix) => extract_permission_subject(input)
|
||||
.is_some_and(|candidate| candidate.starts_with(prefix)),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
fn parse_rule_matcher(content: &str) -> PermissionRuleMatcher {
|
||||
let unescaped = unescape_rule_content(content.trim());
|
||||
if unescaped.is_empty() || unescaped == "*" {
|
||||
PermissionRuleMatcher::Any
|
||||
} else if let Some(prefix) = unescaped.strip_suffix(":*") {
|
||||
PermissionRuleMatcher::Prefix(prefix.to_string())
|
||||
} else {
|
||||
PermissionRuleMatcher::Exact(unescaped)
|
||||
}
|
||||
}
|
||||
|
||||
fn unescape_rule_content(content: &str) -> String {
|
||||
content
|
||||
.replace(r"\(", "(")
|
||||
.replace(r"\)", ")")
|
||||
.replace(r"\\", r"\")
|
||||
}
|
||||
|
||||
fn find_first_unescaped(value: &str, needle: char) -> Option<usize> {
|
||||
let mut escaped = false;
|
||||
for (idx, ch) in value.char_indices() {
|
||||
if ch == '\\' {
|
||||
escaped = !escaped;
|
||||
continue;
|
||||
}
|
||||
if ch == needle && !escaped {
|
||||
return Some(idx);
|
||||
}
|
||||
escaped = false;
|
||||
}
|
||||
None
|
||||
}
|
||||
|
||||
fn find_last_unescaped(value: &str, needle: char) -> Option<usize> {
|
||||
let chars = value.char_indices().collect::<Vec<_>>();
|
||||
for (pos, (idx, ch)) in chars.iter().enumerate().rev() {
|
||||
if *ch != needle {
|
||||
continue;
|
||||
}
|
||||
let mut backslashes = 0;
|
||||
for (_, prev) in chars[..pos].iter().rev() {
|
||||
if *prev == '\\' {
|
||||
backslashes += 1;
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if backslashes % 2 == 0 {
|
||||
return Some(*idx);
|
||||
}
|
||||
}
|
||||
None
|
||||
}
|
||||
|
||||
fn extract_permission_subject(input: &str) -> Option<String> {
|
||||
let parsed = serde_json::from_str::<Value>(input).ok();
|
||||
if let Some(Value::Object(object)) = parsed {
|
||||
for key in [
|
||||
"command",
|
||||
"path",
|
||||
"file_path",
|
||||
"filePath",
|
||||
"notebook_path",
|
||||
"notebookPath",
|
||||
"url",
|
||||
"pattern",
|
||||
"code",
|
||||
"message",
|
||||
] {
|
||||
if let Some(value) = object.get(key).and_then(Value::as_str) {
|
||||
return Some(value.to_string());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
(!input.trim().is_empty()).then(|| input.to_string())
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::{
|
||||
PermissionContext, PermissionMode, PermissionOutcome, PermissionOverride, PermissionPolicy,
|
||||
PermissionPromptDecision, PermissionPrompter, PermissionRequest,
|
||||
PermissionMode, PermissionOutcome, PermissionPolicy, PermissionPromptDecision,
|
||||
PermissionPrompter, PermissionRequest,
|
||||
};
|
||||
use crate::config::RuntimePermissionRuleConfig;
|
||||
|
||||
struct RecordingPrompter {
|
||||
seen: Vec<PermissionRequest>,
|
||||
@@ -556,120 +229,4 @@ mod tests {
|
||||
PermissionOutcome::Deny { reason } if reason == "not now"
|
||||
));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn applies_rule_based_denials_and_allows() {
|
||||
let rules = RuntimePermissionRuleConfig::new(
|
||||
vec!["bash(git:*)".to_string()],
|
||||
vec!["bash(rm -rf:*)".to_string()],
|
||||
Vec::new(),
|
||||
);
|
||||
let policy = PermissionPolicy::new(PermissionMode::ReadOnly)
|
||||
.with_tool_requirement("bash", PermissionMode::DangerFullAccess)
|
||||
.with_permission_rules(&rules);
|
||||
|
||||
assert_eq!(
|
||||
policy.authorize("bash", r#"{"command":"git status"}"#, None),
|
||||
PermissionOutcome::Allow
|
||||
);
|
||||
assert!(matches!(
|
||||
policy.authorize("bash", r#"{"command":"rm -rf /tmp/x"}"#, None),
|
||||
PermissionOutcome::Deny { reason } if reason.contains("denied by rule")
|
||||
));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn ask_rules_force_prompt_even_when_mode_allows() {
|
||||
let rules = RuntimePermissionRuleConfig::new(
|
||||
Vec::new(),
|
||||
Vec::new(),
|
||||
vec!["bash(git:*)".to_string()],
|
||||
);
|
||||
let policy = PermissionPolicy::new(PermissionMode::DangerFullAccess)
|
||||
.with_tool_requirement("bash", PermissionMode::DangerFullAccess)
|
||||
.with_permission_rules(&rules);
|
||||
let mut prompter = RecordingPrompter {
|
||||
seen: Vec::new(),
|
||||
allow: true,
|
||||
};
|
||||
|
||||
let outcome = policy.authorize("bash", r#"{"command":"git status"}"#, Some(&mut prompter));
|
||||
|
||||
assert_eq!(outcome, PermissionOutcome::Allow);
|
||||
assert_eq!(prompter.seen.len(), 1);
|
||||
assert!(prompter.seen[0]
|
||||
.reason
|
||||
.as_deref()
|
||||
.is_some_and(|reason| reason.contains("ask rule")));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn hook_allow_still_respects_ask_rules() {
|
||||
let rules = RuntimePermissionRuleConfig::new(
|
||||
Vec::new(),
|
||||
Vec::new(),
|
||||
vec!["bash(git:*)".to_string()],
|
||||
);
|
||||
let policy = PermissionPolicy::new(PermissionMode::ReadOnly)
|
||||
.with_tool_requirement("bash", PermissionMode::DangerFullAccess)
|
||||
.with_permission_rules(&rules);
|
||||
let context = PermissionContext::new(
|
||||
Some(PermissionOverride::Allow),
|
||||
Some("hook approved".to_string()),
|
||||
);
|
||||
let mut prompter = RecordingPrompter {
|
||||
seen: Vec::new(),
|
||||
allow: true,
|
||||
};
|
||||
|
||||
let outcome = policy.authorize_with_context(
|
||||
"bash",
|
||||
r#"{"command":"git status"}"#,
|
||||
&context,
|
||||
Some(&mut prompter),
|
||||
);
|
||||
|
||||
assert_eq!(outcome, PermissionOutcome::Allow);
|
||||
assert_eq!(prompter.seen.len(), 1);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn hook_deny_short_circuits_permission_flow() {
|
||||
let policy = PermissionPolicy::new(PermissionMode::DangerFullAccess)
|
||||
.with_tool_requirement("bash", PermissionMode::DangerFullAccess);
|
||||
let context = PermissionContext::new(
|
||||
Some(PermissionOverride::Deny),
|
||||
Some("blocked by hook".to_string()),
|
||||
);
|
||||
|
||||
assert_eq!(
|
||||
policy.authorize_with_context("bash", "{}", &context, None),
|
||||
PermissionOutcome::Deny {
|
||||
reason: "blocked by hook".to_string(),
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn hook_ask_forces_prompt() {
|
||||
let policy = PermissionPolicy::new(PermissionMode::DangerFullAccess)
|
||||
.with_tool_requirement("bash", PermissionMode::DangerFullAccess);
|
||||
let context = PermissionContext::new(
|
||||
Some(PermissionOverride::Ask),
|
||||
Some("hook requested confirmation".to_string()),
|
||||
);
|
||||
let mut prompter = RecordingPrompter {
|
||||
seen: Vec::new(),
|
||||
allow: true,
|
||||
};
|
||||
|
||||
let outcome = policy.authorize_with_context("bash", "{}", &context, Some(&mut prompter));
|
||||
|
||||
assert_eq!(outcome, PermissionOutcome::Allow);
|
||||
assert_eq!(prompter.seen.len(), 1);
|
||||
assert_eq!(
|
||||
prompter.seen[0].reason.as_deref(),
|
||||
Some("hook requested confirmation")
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -19,7 +19,7 @@ rustyline = "15"
|
||||
runtime = { path = "../runtime" }
|
||||
serde_json = "1"
|
||||
syntect = "5"
|
||||
tokio = { version = "1", features = ["rt-multi-thread", "signal", "time"] }
|
||||
tokio = { version = "1", features = ["rt-multi-thread", "time"] }
|
||||
tools = { path = "../tools" }
|
||||
|
||||
[lints]
|
||||
|
||||
@@ -9,8 +9,6 @@ use std::io::{self, Read, Write};
|
||||
use std::net::TcpListener;
|
||||
use std::path::{Path, PathBuf};
|
||||
use std::process::Command;
|
||||
use std::sync::mpsc::{self, Receiver, Sender};
|
||||
use std::thread::{self, JoinHandle};
|
||||
use std::time::{SystemTime, UNIX_EPOCH};
|
||||
|
||||
use api::{
|
||||
@@ -777,6 +775,10 @@ fn format_compact_report(removed: usize, resulting_messages: usize, skipped: boo
|
||||
}
|
||||
}
|
||||
|
||||
fn format_auto_compaction_notice(removed: usize) -> String {
|
||||
format!("[auto-compacted: removed {removed} messages]")
|
||||
}
|
||||
|
||||
fn parse_git_status_metadata(status: Option<&str>) -> (Option<PathBuf>, Option<String>) {
|
||||
let Some(status) = status else {
|
||||
return (None, None);
|
||||
@@ -915,7 +917,14 @@ fn run_resume_command(
|
||||
)),
|
||||
})
|
||||
}
|
||||
SlashCommand::Resume { .. }
|
||||
SlashCommand::Bughunter { .. }
|
||||
| SlashCommand::Commit
|
||||
| SlashCommand::Pr { .. }
|
||||
| SlashCommand::Issue { .. }
|
||||
| SlashCommand::Ultraplan { .. }
|
||||
| SlashCommand::Teleport { .. }
|
||||
| SlashCommand::DebugToolCall
|
||||
| SlashCommand::Resume { .. }
|
||||
| SlashCommand::Model { .. }
|
||||
| SlashCommand::Permissions { .. }
|
||||
| SlashCommand::Session { .. }
|
||||
@@ -986,61 +995,6 @@ struct LiveCli {
|
||||
session: SessionHandle,
|
||||
}
|
||||
|
||||
struct HookAbortMonitor {
|
||||
stop_tx: Option<Sender<()>>,
|
||||
join_handle: Option<JoinHandle<()>>,
|
||||
}
|
||||
|
||||
impl HookAbortMonitor {
|
||||
fn spawn(abort_signal: runtime::HookAbortSignal) -> Self {
|
||||
Self::spawn_with_waiter(abort_signal, move |stop_rx, abort_signal| {
|
||||
let Ok(runtime) = tokio::runtime::Builder::new_current_thread()
|
||||
.enable_all()
|
||||
.build()
|
||||
else {
|
||||
return;
|
||||
};
|
||||
|
||||
runtime.block_on(async move {
|
||||
let wait_for_stop = tokio::task::spawn_blocking(move || {
|
||||
let _ = stop_rx.recv();
|
||||
});
|
||||
|
||||
tokio::select! {
|
||||
result = tokio::signal::ctrl_c() => {
|
||||
if result.is_ok() {
|
||||
abort_signal.abort();
|
||||
}
|
||||
}
|
||||
_ = wait_for_stop => {}
|
||||
}
|
||||
});
|
||||
})
|
||||
}
|
||||
|
||||
fn spawn_with_waiter<F>(abort_signal: runtime::HookAbortSignal, wait_for_interrupt: F) -> Self
|
||||
where
|
||||
F: FnOnce(Receiver<()>, runtime::HookAbortSignal) + Send + 'static,
|
||||
{
|
||||
let (stop_tx, stop_rx) = mpsc::channel();
|
||||
let join_handle = thread::spawn(move || wait_for_interrupt(stop_rx, abort_signal));
|
||||
|
||||
Self {
|
||||
stop_tx: Some(stop_tx),
|
||||
join_handle: Some(join_handle),
|
||||
}
|
||||
}
|
||||
|
||||
fn stop(mut self) {
|
||||
if let Some(stop_tx) = self.stop_tx.take() {
|
||||
let _ = stop_tx.send(());
|
||||
}
|
||||
if let Some(join_handle) = self.join_handle.take() {
|
||||
let _ = join_handle.join();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl LiveCli {
|
||||
fn new(
|
||||
model: String,
|
||||
@@ -1096,34 +1050,7 @@ impl LiveCli {
|
||||
)
|
||||
}
|
||||
|
||||
fn prepare_turn_runtime(
|
||||
&self,
|
||||
emit_output: bool,
|
||||
) -> Result<
|
||||
(
|
||||
ConversationRuntime<AnthropicRuntimeClient, CliToolExecutor>,
|
||||
HookAbortMonitor,
|
||||
),
|
||||
Box<dyn std::error::Error>,
|
||||
> {
|
||||
let hook_abort_signal = runtime::HookAbortSignal::new();
|
||||
let runtime = build_runtime(
|
||||
self.runtime.session().clone(),
|
||||
self.model.clone(),
|
||||
self.system_prompt.clone(),
|
||||
true,
|
||||
emit_output,
|
||||
self.allowed_tools.clone(),
|
||||
self.permission_mode,
|
||||
)?
|
||||
.with_hook_abort_signal(hook_abort_signal.clone());
|
||||
let hook_abort_monitor = HookAbortMonitor::spawn(hook_abort_signal);
|
||||
|
||||
Ok((runtime, hook_abort_monitor))
|
||||
}
|
||||
|
||||
fn run_turn(&mut self, input: &str) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let (mut runtime, hook_abort_monitor) = self.prepare_turn_runtime(true)?;
|
||||
let mut spinner = Spinner::new();
|
||||
let mut stdout = io::stdout();
|
||||
spinner.tick(
|
||||
@@ -1132,17 +1059,21 @@ impl LiveCli {
|
||||
&mut stdout,
|
||||
)?;
|
||||
let mut permission_prompter = CliPermissionPrompter::new(self.permission_mode);
|
||||
let result = runtime.run_turn(input, Some(&mut permission_prompter));
|
||||
hook_abort_monitor.stop();
|
||||
self.runtime = runtime;
|
||||
let result = self.runtime.run_turn(input, Some(&mut permission_prompter));
|
||||
match result {
|
||||
Ok(_) => {
|
||||
Ok(summary) => {
|
||||
spinner.finish(
|
||||
"✨ Done",
|
||||
TerminalRenderer::new().color_theme(),
|
||||
&mut stdout,
|
||||
)?;
|
||||
println!();
|
||||
if let Some(event) = summary.auto_compaction {
|
||||
println!(
|
||||
"{}",
|
||||
format_auto_compaction_notice(event.removed_message_count)
|
||||
);
|
||||
}
|
||||
self.persist_session()?;
|
||||
Ok(())
|
||||
}
|
||||
@@ -1169,11 +1100,18 @@ impl LiveCli {
|
||||
}
|
||||
|
||||
fn run_prompt_json(&mut self, input: &str) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let (mut runtime, hook_abort_monitor) = self.prepare_turn_runtime(false)?;
|
||||
let session = self.runtime.session().clone();
|
||||
let mut runtime = build_runtime(
|
||||
session,
|
||||
self.model.clone(),
|
||||
self.system_prompt.clone(),
|
||||
true,
|
||||
false,
|
||||
self.allowed_tools.clone(),
|
||||
self.permission_mode,
|
||||
)?;
|
||||
let mut permission_prompter = CliPermissionPrompter::new(self.permission_mode);
|
||||
let result = runtime.run_turn(input, Some(&mut permission_prompter));
|
||||
hook_abort_monitor.stop();
|
||||
let summary = result?;
|
||||
let summary = runtime.run_turn(input, Some(&mut permission_prompter))?;
|
||||
self.runtime = runtime;
|
||||
self.persist_session()?;
|
||||
println!(
|
||||
@@ -1182,6 +1120,10 @@ impl LiveCli {
|
||||
"message": final_assistant_text(&summary),
|
||||
"model": self.model,
|
||||
"iterations": summary.iterations,
|
||||
"auto_compaction": summary.auto_compaction.map(|event| json!({
|
||||
"removed_messages": event.removed_message_count,
|
||||
"notice": format_auto_compaction_notice(event.removed_message_count),
|
||||
})),
|
||||
"tool_uses": collect_tool_uses(&summary),
|
||||
"tool_results": collect_tool_results(&summary),
|
||||
"usage": {
|
||||
@@ -1208,6 +1150,34 @@ impl LiveCli {
|
||||
self.print_status();
|
||||
false
|
||||
}
|
||||
SlashCommand::Bughunter { scope } => {
|
||||
self.run_bughunter(scope.as_deref())?;
|
||||
false
|
||||
}
|
||||
SlashCommand::Commit => {
|
||||
self.run_commit()?;
|
||||
true
|
||||
}
|
||||
SlashCommand::Pr { context } => {
|
||||
self.run_pr(context.as_deref())?;
|
||||
false
|
||||
}
|
||||
SlashCommand::Issue { context } => {
|
||||
self.run_issue(context.as_deref())?;
|
||||
false
|
||||
}
|
||||
SlashCommand::Ultraplan { task } => {
|
||||
self.run_ultraplan(task.as_deref())?;
|
||||
false
|
||||
}
|
||||
SlashCommand::Teleport { target } => {
|
||||
self.run_teleport(target.as_deref())?;
|
||||
false
|
||||
}
|
||||
SlashCommand::DebugToolCall => {
|
||||
self.run_debug_tool_call()?;
|
||||
false
|
||||
}
|
||||
SlashCommand::Compact => {
|
||||
self.compact()?;
|
||||
false
|
||||
@@ -1527,6 +1497,160 @@ impl LiveCli {
|
||||
println!("{}", format_compact_report(removed, kept, skipped));
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn run_internal_prompt_text(
|
||||
&self,
|
||||
prompt: &str,
|
||||
enable_tools: bool,
|
||||
) -> Result<String, Box<dyn std::error::Error>> {
|
||||
let session = self.runtime.session().clone();
|
||||
let mut runtime = build_runtime(
|
||||
session,
|
||||
self.model.clone(),
|
||||
self.system_prompt.clone(),
|
||||
enable_tools,
|
||||
false,
|
||||
self.allowed_tools.clone(),
|
||||
self.permission_mode,
|
||||
)?;
|
||||
let mut permission_prompter = CliPermissionPrompter::new(self.permission_mode);
|
||||
let summary = runtime.run_turn(prompt, Some(&mut permission_prompter))?;
|
||||
Ok(final_assistant_text(&summary).trim().to_string())
|
||||
}
|
||||
|
||||
fn run_bughunter(&self, scope: Option<&str>) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let scope = scope.unwrap_or("the current repository");
|
||||
let prompt = format!(
|
||||
"You are /bughunter. Inspect {scope} and identify the most likely bugs or correctness issues. Prioritize concrete findings with file paths, severity, and suggested fixes. Use tools if needed."
|
||||
);
|
||||
println!("{}", self.run_internal_prompt_text(&prompt, true)?);
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn run_ultraplan(&self, task: Option<&str>) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let task = task.unwrap_or("the current repo work");
|
||||
let prompt = format!(
|
||||
"You are /ultraplan. Produce a deep multi-step execution plan for {task}. Include goals, risks, implementation sequence, verification steps, and rollback considerations. Use tools if needed."
|
||||
);
|
||||
println!("{}", self.run_internal_prompt_text(&prompt, true)?);
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn run_teleport(&self, target: Option<&str>) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let Some(target) = target.map(str::trim).filter(|value| !value.is_empty()) else {
|
||||
println!("Usage: /teleport <symbol-or-path>");
|
||||
return Ok(());
|
||||
};
|
||||
|
||||
println!("{}", render_teleport_report(target)?);
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn run_debug_tool_call(&self) -> Result<(), Box<dyn std::error::Error>> {
|
||||
println!("{}", render_last_tool_debug_report(self.runtime.session())?);
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn run_commit(&mut self) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let status = git_output(&["status", "--short"])?;
|
||||
if status.trim().is_empty() {
|
||||
println!("Commit\n Result skipped\n Reason no workspace changes");
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
git_status_ok(&["add", "-A"])?;
|
||||
let staged_stat = git_output(&["diff", "--cached", "--stat"])?;
|
||||
let prompt = format!(
|
||||
"Generate a git commit message in plain text Lore format only. Base it on this staged diff summary:\n\n{}\n\nRecent conversation context:\n{}",
|
||||
truncate_for_prompt(&staged_stat, 8_000),
|
||||
recent_user_context(self.runtime.session(), 6)
|
||||
);
|
||||
let message = sanitize_generated_message(&self.run_internal_prompt_text(&prompt, false)?);
|
||||
if message.trim().is_empty() {
|
||||
return Err("generated commit message was empty".into());
|
||||
}
|
||||
|
||||
let path = write_temp_text_file("claw-commit-message.txt", &message)?;
|
||||
let output = Command::new("git")
|
||||
.args(["commit", "--file"])
|
||||
.arg(&path)
|
||||
.current_dir(env::current_dir()?)
|
||||
.output()?;
|
||||
if !output.status.success() {
|
||||
let stderr = String::from_utf8_lossy(&output.stderr).trim().to_string();
|
||||
return Err(format!("git commit failed: {stderr}").into());
|
||||
}
|
||||
|
||||
println!(
|
||||
"Commit\n Result created\n Message file {}\n\n{}",
|
||||
path.display(),
|
||||
message.trim()
|
||||
);
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn run_pr(&self, context: Option<&str>) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let staged = git_output(&["diff", "--stat"])?;
|
||||
let prompt = format!(
|
||||
"Generate a pull request title and body from this conversation and diff summary. Output plain text in this format exactly:\nTITLE: <title>\nBODY:\n<body markdown>\n\nContext hint: {}\n\nDiff summary:\n{}",
|
||||
context.unwrap_or("none"),
|
||||
truncate_for_prompt(&staged, 10_000)
|
||||
);
|
||||
let draft = sanitize_generated_message(&self.run_internal_prompt_text(&prompt, false)?);
|
||||
let (title, body) = parse_titled_body(&draft)
|
||||
.ok_or_else(|| "failed to parse generated PR title/body".to_string())?;
|
||||
|
||||
if command_exists("gh") {
|
||||
let body_path = write_temp_text_file("claw-pr-body.md", &body)?;
|
||||
let output = Command::new("gh")
|
||||
.args(["pr", "create", "--title", &title, "--body-file"])
|
||||
.arg(&body_path)
|
||||
.current_dir(env::current_dir()?)
|
||||
.output()?;
|
||||
if output.status.success() {
|
||||
let stdout = String::from_utf8_lossy(&output.stdout).trim().to_string();
|
||||
println!(
|
||||
"PR\n Result created\n Title {title}\n URL {}",
|
||||
if stdout.is_empty() { "<unknown>" } else { &stdout }
|
||||
);
|
||||
return Ok(());
|
||||
}
|
||||
}
|
||||
|
||||
println!("PR draft\n Title {title}\n\n{body}");
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn run_issue(&self, context: Option<&str>) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let prompt = format!(
|
||||
"Generate a GitHub issue title and body from this conversation. Output plain text in this format exactly:\nTITLE: <title>\nBODY:\n<body markdown>\n\nContext hint: {}\n\nConversation context:\n{}",
|
||||
context.unwrap_or("none"),
|
||||
truncate_for_prompt(&recent_user_context(self.runtime.session(), 10), 10_000)
|
||||
);
|
||||
let draft = sanitize_generated_message(&self.run_internal_prompt_text(&prompt, false)?);
|
||||
let (title, body) = parse_titled_body(&draft)
|
||||
.ok_or_else(|| "failed to parse generated issue title/body".to_string())?;
|
||||
|
||||
if command_exists("gh") {
|
||||
let body_path = write_temp_text_file("claw-issue-body.md", &body)?;
|
||||
let output = Command::new("gh")
|
||||
.args(["issue", "create", "--title", &title, "--body-file"])
|
||||
.arg(&body_path)
|
||||
.current_dir(env::current_dir()?)
|
||||
.output()?;
|
||||
if output.status.success() {
|
||||
let stdout = String::from_utf8_lossy(&output.stdout).trim().to_string();
|
||||
println!(
|
||||
"Issue\n Result created\n Title {title}\n URL {}",
|
||||
if stdout.is_empty() { "<unknown>" } else { &stdout }
|
||||
);
|
||||
return Ok(());
|
||||
}
|
||||
}
|
||||
|
||||
println!("Issue draft\n Title {title}\n\n{body}");
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
fn sessions_dir() -> Result<PathBuf, Box<dyn std::error::Error>> {
|
||||
@@ -1878,6 +2002,206 @@ fn render_diff_report() -> Result<String, Box<dyn std::error::Error>> {
|
||||
Ok(format!("Diff\n\n{}", diff.trim_end()))
|
||||
}
|
||||
|
||||
fn render_teleport_report(target: &str) -> Result<String, Box<dyn std::error::Error>> {
|
||||
let cwd = env::current_dir()?;
|
||||
|
||||
let file_list = Command::new("rg")
|
||||
.args(["--files"])
|
||||
.current_dir(&cwd)
|
||||
.output()?;
|
||||
let file_matches = if file_list.status.success() {
|
||||
String::from_utf8(file_list.stdout)?
|
||||
.lines()
|
||||
.filter(|line| line.contains(target))
|
||||
.take(10)
|
||||
.map(ToOwned::to_owned)
|
||||
.collect::<Vec<_>>()
|
||||
} else {
|
||||
Vec::new()
|
||||
};
|
||||
|
||||
let content_output = Command::new("rg")
|
||||
.args(["-n", "-S", "--color", "never", target, "."])
|
||||
.current_dir(&cwd)
|
||||
.output()?;
|
||||
|
||||
let mut lines = vec![format!("Teleport\n Target {target}")];
|
||||
if !file_matches.is_empty() {
|
||||
lines.push(String::new());
|
||||
lines.push("File matches".to_string());
|
||||
lines.extend(file_matches.into_iter().map(|path| format!(" {path}")));
|
||||
}
|
||||
|
||||
if content_output.status.success() {
|
||||
let matches = String::from_utf8(content_output.stdout)?;
|
||||
if !matches.trim().is_empty() {
|
||||
lines.push(String::new());
|
||||
lines.push("Content matches".to_string());
|
||||
lines.push(truncate_for_prompt(&matches, 4_000));
|
||||
}
|
||||
}
|
||||
|
||||
if lines.len() == 1 {
|
||||
lines.push(" Result no matches found".to_string());
|
||||
}
|
||||
|
||||
Ok(lines.join("\n"))
|
||||
}
|
||||
|
||||
fn render_last_tool_debug_report(session: &Session) -> Result<String, Box<dyn std::error::Error>> {
|
||||
let last_tool_use = session
|
||||
.messages
|
||||
.iter()
|
||||
.rev()
|
||||
.find_map(|message| {
|
||||
message.blocks.iter().rev().find_map(|block| match block {
|
||||
ContentBlock::ToolUse { id, name, input } => {
|
||||
Some((id.clone(), name.clone(), input.clone()))
|
||||
}
|
||||
_ => None,
|
||||
})
|
||||
})
|
||||
.ok_or_else(|| "no prior tool call found in session".to_string())?;
|
||||
|
||||
let tool_result = session.messages.iter().rev().find_map(|message| {
|
||||
message.blocks.iter().rev().find_map(|block| match block {
|
||||
ContentBlock::ToolResult {
|
||||
tool_use_id,
|
||||
tool_name,
|
||||
output,
|
||||
is_error,
|
||||
} if tool_use_id == &last_tool_use.0 => {
|
||||
Some((tool_name.clone(), output.clone(), *is_error))
|
||||
}
|
||||
_ => None,
|
||||
})
|
||||
});
|
||||
|
||||
let mut lines = vec![
|
||||
"Debug tool call".to_string(),
|
||||
format!(" Tool id {}", last_tool_use.0),
|
||||
format!(" Tool name {}", last_tool_use.1),
|
||||
" Input".to_string(),
|
||||
indent_block(&last_tool_use.2, 4),
|
||||
];
|
||||
|
||||
match tool_result {
|
||||
Some((tool_name, output, is_error)) => {
|
||||
lines.push(" Result".to_string());
|
||||
lines.push(format!(" name {tool_name}"));
|
||||
lines.push(format!(
|
||||
" status {}",
|
||||
if is_error { "error" } else { "ok" }
|
||||
));
|
||||
lines.push(indent_block(&output, 4));
|
||||
}
|
||||
None => lines.push(" Result missing tool result".to_string()),
|
||||
}
|
||||
|
||||
Ok(lines.join("\n"))
|
||||
}
|
||||
|
||||
fn indent_block(value: &str, spaces: usize) -> String {
|
||||
let indent = " ".repeat(spaces);
|
||||
value
|
||||
.lines()
|
||||
.map(|line| format!("{indent}{line}"))
|
||||
.collect::<Vec<_>>()
|
||||
.join("\n")
|
||||
}
|
||||
|
||||
fn git_output(args: &[&str]) -> Result<String, Box<dyn std::error::Error>> {
|
||||
let output = Command::new("git")
|
||||
.args(args)
|
||||
.current_dir(env::current_dir()?)
|
||||
.output()?;
|
||||
if !output.status.success() {
|
||||
let stderr = String::from_utf8_lossy(&output.stderr).trim().to_string();
|
||||
return Err(format!("git {} failed: {stderr}", args.join(" ")).into());
|
||||
}
|
||||
Ok(String::from_utf8(output.stdout)?)
|
||||
}
|
||||
|
||||
fn git_status_ok(args: &[&str]) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let output = Command::new("git")
|
||||
.args(args)
|
||||
.current_dir(env::current_dir()?)
|
||||
.output()?;
|
||||
if !output.status.success() {
|
||||
let stderr = String::from_utf8_lossy(&output.stderr).trim().to_string();
|
||||
return Err(format!("git {} failed: {stderr}", args.join(" ")).into());
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn command_exists(name: &str) -> bool {
|
||||
Command::new("which")
|
||||
.arg(name)
|
||||
.output()
|
||||
.map(|output| output.status.success())
|
||||
.unwrap_or(false)
|
||||
}
|
||||
|
||||
fn write_temp_text_file(
|
||||
filename: &str,
|
||||
contents: &str,
|
||||
) -> Result<PathBuf, Box<dyn std::error::Error>> {
|
||||
let path = env::temp_dir().join(filename);
|
||||
fs::write(&path, contents)?;
|
||||
Ok(path)
|
||||
}
|
||||
|
||||
fn recent_user_context(session: &Session, limit: usize) -> String {
|
||||
let requests = session
|
||||
.messages
|
||||
.iter()
|
||||
.filter(|message| message.role == MessageRole::User)
|
||||
.filter_map(|message| {
|
||||
message.blocks.iter().find_map(|block| match block {
|
||||
ContentBlock::Text { text } => Some(text.trim().to_string()),
|
||||
_ => None,
|
||||
})
|
||||
})
|
||||
.rev()
|
||||
.take(limit)
|
||||
.collect::<Vec<_>>();
|
||||
|
||||
if requests.is_empty() {
|
||||
"<no prior user messages>".to_string()
|
||||
} else {
|
||||
requests
|
||||
.into_iter()
|
||||
.rev()
|
||||
.enumerate()
|
||||
.map(|(index, text)| format!("{}. {}", index + 1, text))
|
||||
.collect::<Vec<_>>()
|
||||
.join("\n")
|
||||
}
|
||||
}
|
||||
|
||||
fn truncate_for_prompt(value: &str, limit: usize) -> String {
|
||||
if value.chars().count() <= limit {
|
||||
value.trim().to_string()
|
||||
} else {
|
||||
let truncated = value.chars().take(limit).collect::<String>();
|
||||
format!("{}\n…[truncated]", truncated.trim_end())
|
||||
}
|
||||
}
|
||||
|
||||
fn sanitize_generated_message(value: &str) -> String {
|
||||
value.trim().trim_matches('`').trim().replace("\r\n", "\n")
|
||||
}
|
||||
|
||||
fn parse_titled_body(value: &str) -> Option<(String, String)> {
|
||||
let normalized = sanitize_generated_message(value);
|
||||
let title = normalized
|
||||
.lines()
|
||||
.find_map(|line| line.strip_prefix("TITLE:").map(str::trim))?;
|
||||
let body_start = normalized.find("BODY:")?;
|
||||
let body = normalized[body_start + "BODY:".len()..].trim();
|
||||
Some((title.to_string(), body.to_string()))
|
||||
}
|
||||
|
||||
fn render_version_report() -> String {
|
||||
let git_sha = GIT_SHA.unwrap_or("unknown");
|
||||
let target = BUILD_TARGET.unwrap_or("unknown");
|
||||
@@ -1982,15 +2306,6 @@ fn build_system_prompt() -> Result<Vec<String>, Box<dyn std::error::Error>> {
|
||||
)?)
|
||||
}
|
||||
|
||||
fn build_runtime_feature_config(
|
||||
) -> Result<runtime::RuntimeFeatureConfig, Box<dyn std::error::Error>> {
|
||||
let cwd = env::current_dir()?;
|
||||
Ok(ConfigLoader::default_for(cwd)
|
||||
.load()?
|
||||
.feature_config()
|
||||
.clone())
|
||||
}
|
||||
|
||||
fn build_runtime(
|
||||
session: Session,
|
||||
model: String,
|
||||
@@ -2001,52 +2316,13 @@ fn build_runtime(
|
||||
permission_mode: PermissionMode,
|
||||
) -> Result<ConversationRuntime<AnthropicRuntimeClient, CliToolExecutor>, Box<dyn std::error::Error>>
|
||||
{
|
||||
let feature_config = build_runtime_feature_config()?;
|
||||
let mut runtime = ConversationRuntime::new_with_features(
|
||||
Ok(ConversationRuntime::new(
|
||||
session,
|
||||
AnthropicRuntimeClient::new(model, enable_tools, emit_output, allowed_tools.clone())?,
|
||||
CliToolExecutor::new(allowed_tools, emit_output),
|
||||
permission_policy(permission_mode, &feature_config),
|
||||
permission_policy(permission_mode),
|
||||
system_prompt,
|
||||
feature_config,
|
||||
);
|
||||
if emit_output {
|
||||
runtime = runtime.with_hook_progress_reporter(Box::new(CliHookProgressReporter));
|
||||
}
|
||||
Ok(runtime)
|
||||
}
|
||||
|
||||
struct CliHookProgressReporter;
|
||||
|
||||
impl runtime::HookProgressReporter for CliHookProgressReporter {
|
||||
fn on_event(&mut self, event: &runtime::HookProgressEvent) {
|
||||
match event {
|
||||
runtime::HookProgressEvent::Started {
|
||||
event,
|
||||
tool_name,
|
||||
command,
|
||||
} => eprintln!(
|
||||
"[hook {event_name}] {tool_name}: {command}",
|
||||
event_name = event.as_str()
|
||||
),
|
||||
runtime::HookProgressEvent::Completed {
|
||||
event,
|
||||
tool_name,
|
||||
command,
|
||||
} => eprintln!(
|
||||
"[hook done {event_name}] {tool_name}: {command}",
|
||||
event_name = event.as_str()
|
||||
),
|
||||
runtime::HookProgressEvent::Cancelled {
|
||||
event,
|
||||
tool_name,
|
||||
command,
|
||||
} => eprintln!(
|
||||
"[hook cancelled {event_name}] {tool_name}: {command}",
|
||||
event_name = event.as_str()
|
||||
),
|
||||
}
|
||||
}
|
||||
))
|
||||
}
|
||||
|
||||
struct CliPermissionPrompter {
|
||||
@@ -2069,9 +2345,6 @@ impl runtime::PermissionPrompter for CliPermissionPrompter {
|
||||
println!(" Tool {}", request.tool_name);
|
||||
println!(" Current mode {}", self.current_mode.as_str());
|
||||
println!(" Required mode {}", request.required_mode.as_str());
|
||||
if let Some(reason) = &request.reason {
|
||||
println!(" Reason {reason}");
|
||||
}
|
||||
println!(" Input {}", request.input);
|
||||
print!("Approve this tool call? [y/N]: ");
|
||||
let _ = io::stdout().flush();
|
||||
@@ -2484,15 +2757,13 @@ fn format_bash_result(icon: &str, parsed: &serde_json::Value) -> String {
|
||||
.get("backgroundTaskId")
|
||||
.and_then(|value| value.as_str())
|
||||
{
|
||||
use std::fmt::Write as _;
|
||||
let _ = write!(lines[0], " backgrounded ({task_id})");
|
||||
lines[0].push_str(&format!(" backgrounded ({task_id})"));
|
||||
} else if let Some(status) = parsed
|
||||
.get("returnCodeInterpretation")
|
||||
.and_then(|value| value.as_str())
|
||||
.filter(|status| !status.is_empty())
|
||||
{
|
||||
use std::fmt::Write as _;
|
||||
let _ = write!(lines[0], " {status}");
|
||||
lines[0].push_str(&format!(" {status}"));
|
||||
}
|
||||
|
||||
if let Some(stdout) = parsed.get("stdout").and_then(|value| value.as_str()) {
|
||||
@@ -2514,15 +2785,15 @@ fn format_read_result(icon: &str, parsed: &serde_json::Value) -> String {
|
||||
let path = extract_tool_path(file);
|
||||
let start_line = file
|
||||
.get("startLine")
|
||||
.and_then(serde_json::Value::as_u64)
|
||||
.and_then(|value| value.as_u64())
|
||||
.unwrap_or(1);
|
||||
let num_lines = file
|
||||
.get("numLines")
|
||||
.and_then(serde_json::Value::as_u64)
|
||||
.and_then(|value| value.as_u64())
|
||||
.unwrap_or(0);
|
||||
let total_lines = file
|
||||
.get("totalLines")
|
||||
.and_then(serde_json::Value::as_u64)
|
||||
.and_then(|value| value.as_u64())
|
||||
.unwrap_or(num_lines);
|
||||
let content = file
|
||||
.get("content")
|
||||
@@ -2548,7 +2819,8 @@ fn format_write_result(icon: &str, parsed: &serde_json::Value) -> String {
|
||||
let line_count = parsed
|
||||
.get("content")
|
||||
.and_then(|value| value.as_str())
|
||||
.map_or(0, |content| content.lines().count());
|
||||
.map(|content| content.lines().count())
|
||||
.unwrap_or(0);
|
||||
format!(
|
||||
"{icon} \x1b[1;32m✏️ {} {path}\x1b[0m \x1b[2m({line_count} lines)\x1b[0m",
|
||||
if kind == "create" { "Wrote" } else { "Updated" },
|
||||
@@ -2579,7 +2851,7 @@ fn format_edit_result(icon: &str, parsed: &serde_json::Value) -> String {
|
||||
let path = extract_tool_path(parsed);
|
||||
let suffix = if parsed
|
||||
.get("replaceAll")
|
||||
.and_then(serde_json::Value::as_bool)
|
||||
.and_then(|value| value.as_bool())
|
||||
.unwrap_or(false)
|
||||
{
|
||||
" (replace all)"
|
||||
@@ -2607,7 +2879,7 @@ fn format_edit_result(icon: &str, parsed: &serde_json::Value) -> String {
|
||||
fn format_glob_result(icon: &str, parsed: &serde_json::Value) -> String {
|
||||
let num_files = parsed
|
||||
.get("numFiles")
|
||||
.and_then(serde_json::Value::as_u64)
|
||||
.and_then(|value| value.as_u64())
|
||||
.unwrap_or(0);
|
||||
let filenames = parsed
|
||||
.get("filenames")
|
||||
@@ -2631,11 +2903,11 @@ fn format_glob_result(icon: &str, parsed: &serde_json::Value) -> String {
|
||||
fn format_grep_result(icon: &str, parsed: &serde_json::Value) -> String {
|
||||
let num_matches = parsed
|
||||
.get("numMatches")
|
||||
.and_then(serde_json::Value::as_u64)
|
||||
.and_then(|value| value.as_u64())
|
||||
.unwrap_or(0);
|
||||
let num_files = parsed
|
||||
.get("numFiles")
|
||||
.and_then(serde_json::Value::as_u64)
|
||||
.and_then(|value| value.as_u64())
|
||||
.unwrap_or(0);
|
||||
let content = parsed
|
||||
.get("content")
|
||||
@@ -2794,14 +3066,12 @@ impl ToolExecutor for CliToolExecutor {
|
||||
}
|
||||
}
|
||||
|
||||
fn permission_policy(
|
||||
mode: PermissionMode,
|
||||
feature_config: &runtime::RuntimeFeatureConfig,
|
||||
) -> PermissionPolicy {
|
||||
tool_permission_specs().into_iter().fold(
|
||||
PermissionPolicy::new(mode).with_permission_rules(feature_config.permission_rules()),
|
||||
|policy, spec| policy.with_tool_requirement(spec.name, spec.required_permission),
|
||||
)
|
||||
fn permission_policy(mode: PermissionMode) -> PermissionPolicy {
|
||||
tool_permission_specs()
|
||||
.into_iter()
|
||||
.fold(PermissionPolicy::new(mode), |policy, spec| {
|
||||
policy.with_tool_requirement(spec.name, spec.required_permission)
|
||||
})
|
||||
}
|
||||
|
||||
fn tool_permission_specs() -> Vec<ToolSpec> {
|
||||
@@ -2950,17 +3220,12 @@ mod tests {
|
||||
normalize_permission_mode, parse_args, parse_git_status_metadata, print_help_to,
|
||||
push_output_block, render_config_report, render_memory_report, render_repl_help,
|
||||
resolve_model_alias, response_to_events, resume_supported_slash_commands, status_context,
|
||||
CliAction, CliOutputFormat, HookAbortMonitor, SlashCommand, StatusUsage, DEFAULT_MODEL,
|
||||
CliAction, CliOutputFormat, SlashCommand, StatusUsage, DEFAULT_MODEL,
|
||||
};
|
||||
use api::{MessageResponse, OutputContentBlock, Usage};
|
||||
use runtime::{
|
||||
AssistantEvent, ContentBlock, ConversationMessage, HookAbortSignal, MessageRole,
|
||||
PermissionMode,
|
||||
};
|
||||
use runtime::{AssistantEvent, ContentBlock, ConversationMessage, MessageRole, PermissionMode};
|
||||
use serde_json::json;
|
||||
use std::path::PathBuf;
|
||||
use std::sync::mpsc;
|
||||
use std::time::Duration;
|
||||
|
||||
#[test]
|
||||
fn defaults_to_repl_when_no_args() {
|
||||
@@ -3619,43 +3884,4 @@ mod tests {
|
||||
if name == "read_file" && input == "{\"path\":\"rust/Cargo.toml\"}"
|
||||
));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn hook_abort_monitor_stops_without_aborting() {
|
||||
let abort_signal = HookAbortSignal::new();
|
||||
let (ready_tx, ready_rx) = mpsc::channel();
|
||||
let monitor = HookAbortMonitor::spawn_with_waiter(
|
||||
abort_signal.clone(),
|
||||
move |stop_rx, abort_signal| {
|
||||
ready_tx.send(()).expect("ready signal");
|
||||
let _ = stop_rx.recv();
|
||||
assert!(!abort_signal.is_aborted());
|
||||
},
|
||||
);
|
||||
|
||||
ready_rx.recv().expect("waiter should be ready");
|
||||
monitor.stop();
|
||||
|
||||
assert!(!abort_signal.is_aborted());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn hook_abort_monitor_propagates_interrupt() {
|
||||
let abort_signal = HookAbortSignal::new();
|
||||
let (done_tx, done_rx) = mpsc::channel();
|
||||
let monitor = HookAbortMonitor::spawn_with_waiter(
|
||||
abort_signal.clone(),
|
||||
move |_stop_rx, abort_signal| {
|
||||
abort_signal.abort();
|
||||
done_tx.send(()).expect("done signal");
|
||||
},
|
||||
);
|
||||
|
||||
done_rx
|
||||
.recv_timeout(Duration::from_secs(1))
|
||||
.expect("interrupt should complete");
|
||||
monitor.stop();
|
||||
|
||||
assert!(abort_signal.is_aborted());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -286,7 +286,7 @@ impl TerminalRenderer {
|
||||
) {
|
||||
match event {
|
||||
Event::Start(Tag::Heading { level, .. }) => {
|
||||
Self::start_heading(state, level as u8, output);
|
||||
self.start_heading(state, level as u8, output)
|
||||
}
|
||||
Event::End(TagEnd::Paragraph) => output.push_str("\n\n"),
|
||||
Event::Start(Tag::BlockQuote(..)) => self.start_quote(state, output),
|
||||
@@ -426,7 +426,7 @@ impl TerminalRenderer {
|
||||
}
|
||||
}
|
||||
|
||||
fn start_heading(state: &mut RenderState, level: u8, output: &mut String) {
|
||||
fn start_heading(&self, state: &mut RenderState, level: u8, output: &mut String) {
|
||||
state.heading_level = Some(level);
|
||||
if !output.is_empty() {
|
||||
output.push('\n');
|
||||
|
||||
Reference in New Issue
Block a user