eeymoo/claw-code
1
0
Fork 0
mirror of https://github.com/instructkr/claw-code.git synced 2026-04-04 05:04:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: eeymoo:rcc/plugins
Branches Tags
eeymoo:main eeymoo:feat/release-0.1.0-readme eeymoo:feat/uiux-redesign eeymoo:feat/ui-hardening eeymoo:integration/dori-cleanroom eeymoo:dev/rust eeymoo:rcc/plugins eeymoo:rcc/cache-tracking eeymoo:rcc/telemetry eeymoo:rcc/jsonl-session eeymoo:rcc/grok eeymoo:rcc/hook-pipeline eeymoo:rcc/api eeymoo:rcc/parity-fix eeymoo:rcc/subagent eeymoo:rcc/ant-tools eeymoo:rcc/hooks eeymoo:rcc/ui-polish eeymoo:rcc/cli eeymoo:rcc/render eeymoo:rcc/sandbox eeymoo:rcc/git eeymoo:rcc/thinking eeymoo:rcc/runtime eeymoo:rcc/update eeymoo:rcc/doctor eeymoo:rcc/tools eeymoo:rcc/image eeymoo:rcc/memory eeymoo:rcc/cost
..
compare: eeymoo:dev/rust
Branches Tags
eeymoo:feat/release-0.1.0-readme eeymoo:feat/uiux-redesign eeymoo:main eeymoo:feat/ui-hardening eeymoo:integration/dori-cleanroom eeymoo:dev/rust eeymoo:rcc/plugins eeymoo:rcc/cache-tracking eeymoo:rcc/telemetry eeymoo:rcc/jsonl-session eeymoo:rcc/grok eeymoo:rcc/hook-pipeline eeymoo:rcc/api eeymoo:rcc/parity-fix eeymoo:rcc/subagent eeymoo:rcc/ant-tools eeymoo:rcc/hooks eeymoo:rcc/ui-polish eeymoo:rcc/cli eeymoo:rcc/render eeymoo:rcc/sandbox eeymoo:rcc/git eeymoo:rcc/thinking eeymoo:rcc/runtime eeymoo:rcc/update eeymoo:rcc/doctor eeymoo:rcc/tools eeymoo:rcc/image eeymoo:rcc/memory eeymoo:rcc/cost

9 Commits
rcc/plugin ... dev/rust

Author SHA1 Message Date
Yeachan-Heo
a9efc734d5 Preserve plugin and hook semantics while finishing the hook-pipeline merge 
The merge now keeps plugin lifecycle management, plugin tool permissions,
hook abort/progress handling, permission-rule config, and shared slash-command
help aligned across runtime and CLI codepaths.

Constraint: Merge had to retain both plugin runtime behavior and hook-pipeline permission/abort features
Rejected: Drop plugin-aware runtime paths during merge | would regress installed plugin hooks and lifecycle handling
Rejected: Prefer hook-pipeline tool permissions over the global tool registry | would lose plugin tool permission mapping
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Keep runtime hook flow, permission policy wiring, and slash-command surfaces synchronized across crates during future merges
Tested: cargo test; cargo fmt --all --check; git diff --check
Not-tested: Live networked ANTHROPIC_API_KEY smoke path
 2026-04-01 09:00:55 +00:00
Yeachan-Heo
f509d569ae fix: handle new slash command variants in cli 2026-04-01 08:40:20 +00:00
Yeachan-Heo
8ae96376a2 merge: integrate plugin subsystem and command surface from rcc/plugins 2026-04-01 08:17:27 +00:00
Yeachan-Heo
c38eac7a90 feat: hook-pipeline progress — tests passing 2026-04-01 05:58:00 +00:00
Yeachan-Heo
197065bfc8 feat: hook abort signal + Ctrl-C cancellation pipeline 2026-04-01 05:55:24 +00:00
Yeachan-Heo
555a245456 wip: hook progress UI + documentation 2026-04-01 04:50:26 +00:00
Yeachan-Heo
9efd029e26 wip: hook-pipeline progress 2026-04-01 04:40:18 +00:00
Yeachan-Heo
eb89fc95e7 wip: hook-pipeline progress 2026-04-01 04:30:25 +00:00
Yeachan-Heo
94199beabb wip: hook pipeline progress 2026-04-01 04:20:16 +00:00
9 changed files with 1580 additions and 628 deletions
Expand all files Collapse all files

373
rust/crates/commands/src/lib.rs
View File

@@ -201,8 +201,8 @@ const SLASH_COMMAND_SPECS: &[SlashCommandSpec] = &[
resume_supported: false, resume_supported: false,
}, },
SlashCommandSpec { SlashCommandSpec {
name: "plugin", name: "plugins",
aliases: &["plugins", "marketplace"], aliases: &["plugin", "marketplace"],
summary: "Manage Claude Code plugins", summary: "Manage Claude Code plugins",
argument_hint: Some( argument_hint: Some(
"[list|install <path>|enable <name>|disable <name>|uninstall <id>|update <id>]", "[list|install <path>|enable <name>|disable <name>|uninstall <id>|update <id>]",
@@ -212,16 +212,16 @@ const SLASH_COMMAND_SPECS: &[SlashCommandSpec] = &[
SlashCommandSpec { SlashCommandSpec {
name: "agents", name: "agents",
aliases: &[], aliases: &[],
summary: "List configured agents", summary: "Manage agent configurations",
argument_hint: None, argument_hint: None,
resume_supported: true, resume_supported: false,
}, },
SlashCommandSpec { SlashCommandSpec {
name: "skills", name: "skills",
aliases: &[], aliases: &[],
summary: "List available skills", summary: "List available skills",
argument_hint: None, argument_hint: None,
resume_supported: true, resume_supported: false,
}, },
]; ];
@@ -470,29 +470,6 @@ struct SkillSummary {
description: Option<String>, description: Option<String>,
source: DefinitionSource, source: DefinitionSource,
shadowed_by: Option<DefinitionSource>, shadowed_by: Option<DefinitionSource>,
origin: SkillOrigin,
}
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
enum SkillOrigin {
SkillsDir,
LegacyCommandsDir,
}
impl SkillOrigin {
fn detail_label(self) -> Option<&'static str> {
match self {
Self::SkillsDir => None,
Self::LegacyCommandsDir => Some("legacy /commands"),
}
}
}
#[derive(Debug, Clone, PartialEq, Eq)]
struct SkillRoot {
source: DefinitionSource,
path: PathBuf,
origin: SkillOrigin,
} }
#[allow(clippy::too_many_lines)] #[allow(clippy::too_many_lines)]
@@ -608,27 +585,23 @@ pub fn handle_plugins_slash_command(
} }
pub fn handle_agents_slash_command(args: Option<&str>, cwd: &Path) -> std::io::Result<String> { pub fn handle_agents_slash_command(args: Option<&str>, cwd: &Path) -> std::io::Result<String> {
match normalize_optional_args(args) { if let Some(args) = args.filter(|value| !value.trim().is_empty()) {
None | Some("list") => { return Ok(format!("Usage: /agents\nUnexpected arguments: {args}"));
let roots = discover_definition_roots(cwd, "agents");
let agents = load_agents_from_roots(&roots)?;
Ok(render_agents_report(&agents))
}
Some("-h" | "--help" | "help") => Ok(render_agents_usage(None)),
Some(args) => Ok(render_agents_usage(Some(args))),
} }
let roots = discover_definition_roots(cwd, "agents");
let agents = load_agents_from_roots(&roots)?;
Ok(render_agents_report(&agents))
} }
pub fn handle_skills_slash_command(args: Option<&str>, cwd: &Path) -> std::io::Result<String> { pub fn handle_skills_slash_command(args: Option<&str>, cwd: &Path) -> std::io::Result<String> {
match normalize_optional_args(args) { if let Some(args) = args.filter(|value| !value.trim().is_empty()) {
None | Some("list") => { return Ok(format!("Usage: /skills\nUnexpected arguments: {args}"));
let roots = discover_skill_roots(cwd);
let skills = load_skills_from_roots(&roots)?;
Ok(render_skills_report(&skills))
}
Some("-h" | "--help" | "help") => Ok(render_skills_usage(None)),
Some(args) => Ok(render_skills_usage(Some(args))),
} }
let roots = discover_definition_roots(cwd, "skills");
let skills = load_skills_from_roots(&roots)?;
Ok(render_skills_report(&skills))
} }
#[must_use] #[must_use]
@@ -724,83 +697,6 @@ fn discover_definition_roots(cwd: &Path, leaf: &str) -> Vec<(DefinitionSource, P
roots roots
} }
fn discover_skill_roots(cwd: &Path) -> Vec<SkillRoot> {
let mut roots = Vec::new();
for ancestor in cwd.ancestors() {
push_unique_skill_root(
&mut roots,
DefinitionSource::ProjectCodex,
ancestor.join(".codex").join("skills"),
SkillOrigin::SkillsDir,
);
push_unique_skill_root(
&mut roots,
DefinitionSource::ProjectClaude,
ancestor.join(".claude").join("skills"),
SkillOrigin::SkillsDir,
);
push_unique_skill_root(
&mut roots,
DefinitionSource::ProjectCodex,
ancestor.join(".codex").join("commands"),
SkillOrigin::LegacyCommandsDir,
);
push_unique_skill_root(
&mut roots,
DefinitionSource::ProjectClaude,
ancestor.join(".claude").join("commands"),
SkillOrigin::LegacyCommandsDir,
);
}
if let Ok(codex_home) = env::var("CODEX_HOME") {
let codex_home = PathBuf::from(codex_home);
push_unique_skill_root(
&mut roots,
DefinitionSource::UserCodexHome,
codex_home.join("skills"),
SkillOrigin::SkillsDir,
);
push_unique_skill_root(
&mut roots,
DefinitionSource::UserCodexHome,
codex_home.join("commands"),
SkillOrigin::LegacyCommandsDir,
);
}
if let Some(home) = env::var_os("HOME") {
let home = PathBuf::from(home);
push_unique_skill_root(
&mut roots,
DefinitionSource::UserCodex,
home.join(".codex").join("skills"),
SkillOrigin::SkillsDir,
);
push_unique_skill_root(
&mut roots,
DefinitionSource::UserCodex,
home.join(".codex").join("commands"),
SkillOrigin::LegacyCommandsDir,
);
push_unique_skill_root(
&mut roots,
DefinitionSource::UserClaude,
home.join(".claude").join("skills"),
SkillOrigin::SkillsDir,
);
push_unique_skill_root(
&mut roots,
DefinitionSource::UserClaude,
home.join(".claude").join("commands"),
SkillOrigin::LegacyCommandsDir,
);
}
roots
}
fn push_unique_root( fn push_unique_root(
roots: &mut Vec<(DefinitionSource, PathBuf)>, roots: &mut Vec<(DefinitionSource, PathBuf)>,
source: DefinitionSource, source: DefinitionSource,
@@ -811,21 +707,6 @@ fn push_unique_root(
} }
} }
fn push_unique_skill_root(
roots: &mut Vec<SkillRoot>,
source: DefinitionSource,
path: PathBuf,
origin: SkillOrigin,
) {
if path.is_dir() && !roots.iter().any(|existing| existing.path == path) {
roots.push(SkillRoot {
source,
path,
origin,
});
}
}
fn load_agents_from_roots( fn load_agents_from_roots(
roots: &[(DefinitionSource, PathBuf)], roots: &[(DefinitionSource, PathBuf)],
) -> std::io::Result<Vec<AgentSummary>> { ) -> std::io::Result<Vec<AgentSummary>> {
@@ -840,10 +721,11 @@ fn load_agents_from_roots(
continue; continue;
} }
let contents = fs::read_to_string(entry.path())?; let contents = fs::read_to_string(entry.path())?;
let fallback_name = entry.path().file_stem().map_or_else( let fallback_name = entry
|| entry.file_name().to_string_lossy().to_string(), .path()
|stem| stem.to_string_lossy().to_string(), .file_stem()
); .map(|stem| stem.to_string_lossy().to_string())
.unwrap_or_else(|| entry.file_name().to_string_lossy().to_string());
root_agents.push(AgentSummary { root_agents.push(AgentSummary {
name: parse_toml_string(&contents, "name").unwrap_or(fallback_name), name: parse_toml_string(&contents, "name").unwrap_or(fallback_name),
description: parse_toml_string(&contents, "description"), description: parse_toml_string(&contents, "description"),
@@ -869,66 +751,31 @@ fn load_agents_from_roots(
Ok(agents) Ok(agents)
} }
fn load_skills_from_roots(roots: &[SkillRoot]) -> std::io::Result<Vec<SkillSummary>> { fn load_skills_from_roots(
roots: &[(DefinitionSource, PathBuf)],
) -> std::io::Result<Vec<SkillSummary>> {
let mut skills = Vec::new(); let mut skills = Vec::new();
let mut active_sources = BTreeMap::<String, DefinitionSource>::new(); let mut active_sources = BTreeMap::<String, DefinitionSource>::new();
for root in roots { for (source, root) in roots {
let mut root_skills = Vec::new(); let mut root_skills = Vec::new();
for entry in fs::read_dir(&root.path)? { for entry in fs::read_dir(root)? {
let entry = entry?; let entry = entry?;
match root.origin { if !entry.path().is_dir() {
SkillOrigin::SkillsDir => { continue;
if !entry.path().is_dir() {
continue;
}
let skill_path = entry.path().join("SKILL.md");
if !skill_path.is_file() {
continue;
}
let contents = fs::read_to_string(skill_path)?;
let (name, description) = parse_skill_frontmatter(&contents);
root_skills.push(SkillSummary {
name: name
.unwrap_or_else(|| entry.file_name().to_string_lossy().to_string()),
description,
source: root.source,
shadowed_by: None,
origin: root.origin,
});
}
SkillOrigin::LegacyCommandsDir => {
let path = entry.path();
let markdown_path = if path.is_dir() {
let skill_path = path.join("SKILL.md");
if !skill_path.is_file() {
continue;
}
skill_path
} else if path
.extension()
.is_some_and(|ext| ext.to_string_lossy().eq_ignore_ascii_case("md"))
{
path
} else {
continue;
};
let contents = fs::read_to_string(&markdown_path)?;
let fallback_name = markdown_path.file_stem().map_or_else(
|| entry.file_name().to_string_lossy().to_string(),
|stem| stem.to_string_lossy().to_string(),
);
let (name, description) = parse_skill_frontmatter(&contents);
root_skills.push(SkillSummary {
name: name.unwrap_or(fallback_name),
description,
source: root.source,
shadowed_by: None,
origin: root.origin,
});
}
} }
let skill_path = entry.path().join("SKILL.md");
if !skill_path.is_file() {
continue;
}
let contents = fs::read_to_string(skill_path)?;
let (name, description) = parse_skill_frontmatter(&contents);
root_skills.push(SkillSummary {
name: name.unwrap_or_else(|| entry.file_name().to_string_lossy().to_string()),
description,
source: *source,
shadowed_by: None,
});
} }
root_skills.sort_by(|left, right| left.name.cmp(&right.name)); root_skills.sort_by(|left, right| left.name.cmp(&right.name));
@@ -984,16 +831,16 @@ fn parse_skill_frontmatter(contents: &str) -> (Option<String>, Option<String>) {
break; break;
} }
if let Some(value) = trimmed.strip_prefix("name:") { if let Some(value) = trimmed.strip_prefix("name:") {
let value = unquote_frontmatter_value(value.trim()); let value = value.trim();
if !value.is_empty() { if !value.is_empty() {
name = Some(value); name = Some(value.to_string());
} }
continue; continue;
} }
if let Some(value) = trimmed.strip_prefix("description:") { if let Some(value) = trimmed.strip_prefix("description:") {
let value = unquote_frontmatter_value(value.trim()); let value = value.trim();
if !value.is_empty() { if !value.is_empty() {
description = Some(value); description = Some(value.to_string());
} }
} }
} }
@@ -1001,20 +848,6 @@ fn parse_skill_frontmatter(contents: &str) -> (Option<String>, Option<String>) {
(name, description) (name, description)
} }
fn unquote_frontmatter_value(value: &str) -> String {
value
.strip_prefix('"')
.and_then(|trimmed| trimmed.strip_suffix('"'))
.or_else(|| {
value
.strip_prefix('\'')
.and_then(|trimmed| trimmed.strip_suffix('\''))
})
.unwrap_or(value)
.trim()
.to_string()
}
fn render_agents_report(agents: &[AgentSummary]) -> String { fn render_agents_report(agents: &[AgentSummary]) -> String {
if agents.is_empty() { if agents.is_empty() {
return "No agents found.".to_string(); return "No agents found.".to_string();
@@ -1105,14 +938,10 @@ fn render_skills_report(skills: &[SkillSummary]) -> String {
lines.push(format!("{}:", source.label())); lines.push(format!("{}:", source.label()));
for skill in group { for skill in group {
let mut parts = vec![skill.name.clone()]; let detail = match &skill.description {
if let Some(description) = &skill.description { Some(description) => format!("{} · {}", skill.name, description),
parts.push(description.clone()); None => skill.name.clone(),
} };
if let Some(detail) = skill.origin.detail_label() {
parts.push(detail.to_string());
}
let detail = parts.join(" · ");
match skill.shadowed_by { match skill.shadowed_by {
Some(winner) => lines.push(format!(" (shadowed by {}) {detail}", winner.label())), Some(winner) => lines.push(format!(" (shadowed by {}) {detail}", winner.label())),
None => lines.push(format!(" {detail}")), None => lines.push(format!(" {detail}")),
@@ -1124,36 +953,6 @@ fn render_skills_report(skills: &[SkillSummary]) -> String {
lines.join("\n").trim_end().to_string() lines.join("\n").trim_end().to_string()
} }
fn normalize_optional_args(args: Option<&str>) -> Option<&str> {
args.map(str::trim).filter(|value| !value.is_empty())
}
fn render_agents_usage(unexpected: Option<&str>) -> String {
let mut lines = vec![
"Agents".to_string(),
" Usage /agents".to_string(),
" Direct CLI claw agents".to_string(),
" Sources .codex/agents, .claude/agents, $CODEX_HOME/agents".to_string(),
];
if let Some(args) = unexpected {
lines.push(format!(" Unexpected {args}"));
}
lines.join("\n")
}
fn render_skills_usage(unexpected: Option<&str>) -> String {
let mut lines = vec![
"Skills".to_string(),
" Usage /skills".to_string(),
" Direct CLI claw skills".to_string(),
" Sources .codex/skills, .claude/skills, legacy /commands".to_string(),
];
if let Some(args) = unexpected {
lines.push(format!(" Unexpected {args}"));
}
lines.join("\n")
}
#[must_use] #[must_use]
pub fn handle_slash_command( pub fn handle_slash_command(
input: &str, input: &str,
@@ -1213,7 +1012,7 @@ mod tests {
handle_plugins_slash_command, handle_slash_command, load_agents_from_roots, handle_plugins_slash_command, handle_slash_command, load_agents_from_roots,
load_skills_from_roots, render_agents_report, render_plugins_report, render_skills_report, load_skills_from_roots, render_agents_report, render_plugins_report, render_skills_report,
render_slash_command_help, resume_supported_slash_commands, slash_command_specs, render_slash_command_help, resume_supported_slash_commands, slash_command_specs,
DefinitionSource, SkillOrigin, SkillRoot, SlashCommand, DefinitionSource, SlashCommand,
}; };
use plugins::{PluginKind, PluginManager, PluginManagerConfig, PluginMetadata, PluginSummary}; use plugins::{PluginKind, PluginManager, PluginManagerConfig, PluginMetadata, PluginSummary};
use runtime::{CompactionConfig, ContentBlock, ConversationMessage, MessageRole, Session}; use runtime::{CompactionConfig, ContentBlock, ConversationMessage, MessageRole, Session};
@@ -1273,15 +1072,6 @@ mod tests {
.expect("write skill"); .expect("write skill");
} }
fn write_legacy_command(root: &Path, name: &str, description: &str) {
fs::create_dir_all(root).expect("commands root");
fs::write(
root.join(format!("{name}.md")),
format!("---\nname: {name}\ndescription: {description}\n---\n\n# {name}\n"),
)
.expect("write command");
}
#[allow(clippy::too_many_lines)] #[allow(clippy::too_many_lines)]
#[test] #[test]
fn parses_supported_slash_commands() { fn parses_supported_slash_commands() {
@@ -1437,13 +1227,10 @@ mod tests {
assert!(help.contains("/export [file]")); assert!(help.contains("/export [file]"));
assert!(help.contains("/session [list|switch <session-id>]")); assert!(help.contains("/session [list|switch <session-id>]"));
assert!(help.contains( assert!(help.contains(
"/plugin [list|install <path>|enable <name>|disable <name>|uninstall <id>|update <id>]" "/plugins [list|install <path>|enable <name>|disable <name>|uninstall <id>|update <id>]"
)); ));
assert!(help.contains("aliases: /plugins, /marketplace"));
assert!(help.contains("/agents"));
assert!(help.contains("/skills"));
assert_eq!(slash_command_specs().len(), 25); assert_eq!(slash_command_specs().len(), 25);
assert_eq!(resume_supported_slash_commands().len(), 13); assert_eq!(resume_supported_slash_commands().len(), 11);
} }
#[test] #[test]
@@ -1636,41 +1423,24 @@ mod tests {
fn lists_skills_from_project_and_user_roots() { fn lists_skills_from_project_and_user_roots() {
let workspace = temp_dir("skills-workspace"); let workspace = temp_dir("skills-workspace");
let project_skills = workspace.join(".codex").join("skills"); let project_skills = workspace.join(".codex").join("skills");
let project_commands = workspace.join(".claude").join("commands");
let user_home = temp_dir("skills-home"); let user_home = temp_dir("skills-home");
let user_skills = user_home.join(".codex").join("skills"); let user_skills = user_home.join(".codex").join("skills");
write_skill(&project_skills, "plan", "Project planning guidance"); write_skill(&project_skills, "plan", "Project planning guidance");
write_legacy_command(&project_commands, "deploy", "Legacy deployment guidance");
write_skill(&user_skills, "plan", "User planning guidance"); write_skill(&user_skills, "plan", "User planning guidance");
write_skill(&user_skills, "help", "Help guidance"); write_skill(&user_skills, "help", "Help guidance");
let roots = vec![ let roots = vec![
SkillRoot { (DefinitionSource::ProjectCodex, project_skills),
source: DefinitionSource::ProjectCodex, (DefinitionSource::UserCodex, user_skills),
path: project_skills,
origin: SkillOrigin::SkillsDir,
},
SkillRoot {
source: DefinitionSource::ProjectClaude,
path: project_commands,
origin: SkillOrigin::LegacyCommandsDir,
},
SkillRoot {
source: DefinitionSource::UserCodex,
path: user_skills,
origin: SkillOrigin::SkillsDir,
},
]; ];
let report = let report =
render_skills_report(&load_skills_from_roots(&roots).expect("skill roots should load")); render_skills_report(&load_skills_from_roots(&roots).expect("skill roots should load"));
assert!(report.contains("Skills")); assert!(report.contains("Skills"));
assert!(report.contains("3 available skills")); assert!(report.contains("2 available skills"));
assert!(report.contains("Project (.codex):")); assert!(report.contains("Project (.codex):"));
assert!(report.contains("plan · Project planning guidance")); assert!(report.contains("plan · Project planning guidance"));
assert!(report.contains("Project (.claude):"));
assert!(report.contains("deploy · Legacy deployment guidance · legacy /commands"));
assert!(report.contains("User (~/.codex):")); assert!(report.contains("User (~/.codex):"));
assert!(report.contains("(shadowed by Project (.codex)) plan · User planning guidance")); assert!(report.contains("(shadowed by Project (.codex)) plan · User planning guidance"));
assert!(report.contains("help · Help guidance")); assert!(report.contains("help · Help guidance"));
@@ -1679,39 +1449,6 @@ mod tests {
let _ = fs::remove_dir_all(user_home); let _ = fs::remove_dir_all(user_home);
} }
#[test]
fn agents_and_skills_usage_support_help_and_unexpected_args() {
let cwd = temp_dir("slash-usage");
let agents_help =
super::handle_agents_slash_command(Some("help"), &cwd).expect("agents help");
assert!(agents_help.contains("Usage /agents"));
assert!(agents_help.contains("Direct CLI claw agents"));
let agents_unexpected =
super::handle_agents_slash_command(Some("show planner"), &cwd).expect("agents usage");
assert!(agents_unexpected.contains("Unexpected show planner"));
let skills_help =
super::handle_skills_slash_command(Some("--help"), &cwd).expect("skills help");
assert!(skills_help.contains("Usage /skills"));
assert!(skills_help.contains("legacy /commands"));
let skills_unexpected =
super::handle_skills_slash_command(Some("show help"), &cwd).expect("skills usage");
assert!(skills_unexpected.contains("Unexpected show help"));
let _ = fs::remove_dir_all(cwd);
}
#[test]
fn parses_quoted_skill_frontmatter_values() {
let contents = "---\nname: \"hud\"\ndescription: 'Quoted description'\n---\n";
let (name, description) = super::parse_skill_frontmatter(contents);
assert_eq!(name.as_deref(), Some("hud"));
assert_eq!(description.as_deref(), Some("Quoted description"));
}
#[test] #[test]
fn installs_plugin_from_path_and_lists_it() { fn installs_plugin_from_path_and_lists_it() {
let config_home = temp_dir("home"); let config_home = temp_dir("home");

98
rust/crates/runtime/src/config.rs
View File

@@ -52,6 +52,7 @@ pub struct RuntimeFeatureConfig {
oauth: Option<OAuthConfig>, oauth: Option<OAuthConfig>,
model: Option<String>, model: Option<String>,
permission_mode: Option<ResolvedPermissionMode>, permission_mode: Option<ResolvedPermissionMode>,
permission_rules: RuntimePermissionRuleConfig,
sandbox: SandboxConfig, sandbox: SandboxConfig,
} }
@@ -59,6 +60,14 @@ pub struct RuntimeFeatureConfig {
pub struct RuntimeHookConfig { pub struct RuntimeHookConfig {
pre_tool_use: Vec<String>, pre_tool_use: Vec<String>,
post_tool_use: Vec<String>, post_tool_use: Vec<String>,
post_tool_use_failure: Vec<String>,
}
#[derive(Debug, Clone, PartialEq, Eq, Default)]
pub struct RuntimePermissionRuleConfig {
allow: Vec<String>,
deny: Vec<String>,
ask: Vec<String>,
} }
#[derive(Debug, Clone, PartialEq, Eq, Default)] #[derive(Debug, Clone, PartialEq, Eq, Default)]
@@ -248,6 +257,7 @@ impl ConfigLoader {
oauth: parse_optional_oauth_config(&merged_value, "merged settings.oauth")?, oauth: parse_optional_oauth_config(&merged_value, "merged settings.oauth")?,
model: parse_optional_model(&merged_value), model: parse_optional_model(&merged_value),
permission_mode: parse_optional_permission_mode(&merged_value)?, permission_mode: parse_optional_permission_mode(&merged_value)?,
permission_rules: parse_optional_permission_rules(&merged_value)?,
sandbox: parse_optional_sandbox_config(&merged_value)?, sandbox: parse_optional_sandbox_config(&merged_value)?,
}; };
@@ -324,6 +334,11 @@ impl RuntimeConfig {
self.feature_config.permission_mode self.feature_config.permission_mode
} }
#[must_use]
pub fn permission_rules(&self) -> &RuntimePermissionRuleConfig {
&self.feature_config.permission_rules
}
#[must_use] #[must_use]
pub fn sandbox(&self) -> &SandboxConfig { pub fn sandbox(&self) -> &SandboxConfig {
&self.feature_config.sandbox &self.feature_config.sandbox
@@ -373,6 +388,11 @@ impl RuntimeFeatureConfig {
self.permission_mode self.permission_mode
} }
#[must_use]
pub fn permission_rules(&self) -> &RuntimePermissionRuleConfig {
&self.permission_rules
}
#[must_use] #[must_use]
pub fn sandbox(&self) -> &SandboxConfig { pub fn sandbox(&self) -> &SandboxConfig {
&self.sandbox &self.sandbox
@@ -428,10 +448,15 @@ pub fn default_config_home() -> PathBuf {
impl RuntimeHookConfig { impl RuntimeHookConfig {
#[must_use] #[must_use]
pub fn new(pre_tool_use: Vec<String>, post_tool_use: Vec<String>) -> Self { pub fn new(
pre_tool_use: Vec<String>,
post_tool_use: Vec<String>,
post_tool_use_failure: Vec<String>,
) -> Self {
Self { Self {
pre_tool_use, pre_tool_use,
post_tool_use, post_tool_use,
post_tool_use_failure,
} }
} }
@@ -445,6 +470,11 @@ impl RuntimeHookConfig {
&self.post_tool_use &self.post_tool_use
} }
#[must_use]
pub fn post_tool_use_failure(&self) -> &[String] {
&self.post_tool_use_failure
}
#[must_use] #[must_use]
pub fn merged(&self, other: &Self) -> Self { pub fn merged(&self, other: &Self) -> Self {
let mut merged = self.clone(); let mut merged = self.clone();
@@ -455,6 +485,32 @@ impl RuntimeHookConfig {
pub fn extend(&mut self, other: &Self) { pub fn extend(&mut self, other: &Self) {
extend_unique(&mut self.pre_tool_use, other.pre_tool_use()); extend_unique(&mut self.pre_tool_use, other.pre_tool_use());
extend_unique(&mut self.post_tool_use, other.post_tool_use()); extend_unique(&mut self.post_tool_use, other.post_tool_use());
extend_unique(
&mut self.post_tool_use_failure,
other.post_tool_use_failure(),
);
}
}
impl RuntimePermissionRuleConfig {
#[must_use]
pub fn new(allow: Vec<String>, deny: Vec<String>, ask: Vec<String>) -> Self {
Self { allow, deny, ask }
}
#[must_use]
pub fn allow(&self) -> &[String] {
&self.allow
}
#[must_use]
pub fn deny(&self) -> &[String] {
&self.deny
}
#[must_use]
pub fn ask(&self) -> &[String] {
&self.ask
} }
} }
@@ -569,6 +625,32 @@ fn parse_optional_hooks_config(root: &JsonValue) -> Result<RuntimeHookConfig, Co
.unwrap_or_default(), .unwrap_or_default(),
post_tool_use: optional_string_array(hooks, "PostToolUse", "merged settings.hooks")? post_tool_use: optional_string_array(hooks, "PostToolUse", "merged settings.hooks")?
.unwrap_or_default(), .unwrap_or_default(),
post_tool_use_failure: optional_string_array(
hooks,
"PostToolUseFailure",
"merged settings.hooks",
)?
.unwrap_or_default(),
})
}
fn parse_optional_permission_rules(
root: &JsonValue,
) -> Result<RuntimePermissionRuleConfig, ConfigError> {
let Some(object) = root.as_object() else {
return Ok(RuntimePermissionRuleConfig::default());
};
let Some(permissions) = object.get("permissions").and_then(JsonValue::as_object) else {
return Ok(RuntimePermissionRuleConfig::default());
};
Ok(RuntimePermissionRuleConfig {
allow: optional_string_array(permissions, "allow", "merged settings.permissions")?
.unwrap_or_default(),
deny: optional_string_array(permissions, "deny", "merged settings.permissions")?
.unwrap_or_default(),
ask: optional_string_array(permissions, "ask", "merged settings.permissions")?
.unwrap_or_default(),
}) })
} }
@@ -991,7 +1073,7 @@ mod tests {
.expect("write user compat config"); .expect("write user compat config");
fs::write( fs::write(
home.join("settings.json"), home.join("settings.json"),
r#"{"model":"sonnet","env":{"A2":"1"},"hooks":{"PreToolUse":["base"]},"permissions":{"defaultMode":"plan"}}"#, r#"{"model":"sonnet","env":{"A2":"1"},"hooks":{"PreToolUse":["base"]},"permissions":{"defaultMode":"plan","allow":["Read"],"deny":["Bash(rm -rf)"]}}"#,
) )
.expect("write user settings"); .expect("write user settings");
fs::write( fs::write(
@@ -1001,7 +1083,7 @@ mod tests {
.expect("write project compat config"); .expect("write project compat config");
fs::write( fs::write(
cwd.join(".claude").join("settings.json"), cwd.join(".claude").join("settings.json"),
r#"{"env":{"C":"3"},"hooks":{"PostToolUse":["project"]},"mcpServers":{"project":{"command":"uvx","args":["project"]}}}"#, r#"{"env":{"C":"3"},"hooks":{"PostToolUse":["project"],"PostToolUseFailure":["project-failure"]},"permissions":{"ask":["Edit"]},"mcpServers":{"project":{"command":"uvx","args":["project"]}}}"#,
) )
.expect("write project settings"); .expect("write project settings");
fs::write( fs::write(
@@ -1046,6 +1128,16 @@ mod tests {
.contains_key("PostToolUse")); .contains_key("PostToolUse"));
assert_eq!(loaded.hooks().pre_tool_use(), &["base".to_string()]); assert_eq!(loaded.hooks().pre_tool_use(), &["base".to_string()]);
assert_eq!(loaded.hooks().post_tool_use(), &["project".to_string()]); assert_eq!(loaded.hooks().post_tool_use(), &["project".to_string()]);
assert_eq!(
loaded.hooks().post_tool_use_failure(),
&["project-failure".to_string()]
);
assert_eq!(loaded.permission_rules().allow(), &["Read".to_string()]);
assert_eq!(
loaded.permission_rules().deny(),
&["Bash(rm -rf)".to_string()]
);
assert_eq!(loaded.permission_rules().ask(), &["Edit".to_string()]);
assert!(loaded.mcp().get("home").is_some()); assert!(loaded.mcp().get("home").is_some());
assert!(loaded.mcp().get("project").is_some()); assert!(loaded.mcp().get("project").is_some());

266
rust/crates/runtime/src/conversation.rs
View File

@@ -7,8 +7,10 @@ use crate::compact::{
compact_session, estimate_session_tokens, CompactionConfig, CompactionResult, compact_session, estimate_session_tokens, CompactionConfig, CompactionResult,
}; };
use crate::config::RuntimeFeatureConfig; use crate::config::RuntimeFeatureConfig;
use crate::hooks::HookRunner; use crate::hooks::{HookAbortSignal, HookProgressReporter, HookRunResult, HookRunner};
use crate::permissions::{PermissionOutcome, PermissionPolicy, PermissionPrompter}; use crate::permissions::{
PermissionContext, PermissionOutcome, PermissionPolicy, PermissionPrompter,
};
use crate::session::{ContentBlock, ConversationMessage, Session}; use crate::session::{ContentBlock, ConversationMessage, Session};
use crate::usage::{TokenUsage, UsageTracker}; use crate::usage::{TokenUsage, UsageTracker};
@@ -112,6 +114,8 @@ pub struct ConversationRuntime<C, T> {
plugin_hook_runner: Option<PluginHookRunner>, plugin_hook_runner: Option<PluginHookRunner>,
plugin_registry: Option<PluginRegistry>, plugin_registry: Option<PluginRegistry>,
plugins_shutdown: bool, plugins_shutdown: bool,
hook_abort_signal: HookAbortSignal,
hook_progress_reporter: Option<Box<dyn HookProgressReporter>>,
} }
impl<C, T> ConversationRuntime<C, T> { impl<C, T> ConversationRuntime<C, T> {
@@ -176,6 +180,8 @@ where
plugin_hook_runner: None, plugin_hook_runner: None,
plugin_registry: None, plugin_registry: None,
plugins_shutdown: false, plugins_shutdown: false,
hook_abort_signal: HookAbortSignal::default(),
hook_progress_reporter: None,
} }
} }
@@ -221,6 +227,92 @@ where
self self
} }
#[must_use]
pub fn with_hook_abort_signal(mut self, hook_abort_signal: HookAbortSignal) -> Self {
self.hook_abort_signal = hook_abort_signal;
self
}
#[must_use]
pub fn with_hook_progress_reporter(
mut self,
hook_progress_reporter: Box<dyn HookProgressReporter>,
) -> Self {
self.hook_progress_reporter = Some(hook_progress_reporter);
self
}
fn run_pre_tool_use_hook(&mut self, tool_name: &str, input: &str) -> HookRunResult {
if let Some(reporter) = self.hook_progress_reporter.as_mut() {
self.hook_runner.run_pre_tool_use_with_context(
tool_name,
input,
Some(&self.hook_abort_signal),
Some(reporter.as_mut()),
)
} else {
self.hook_runner.run_pre_tool_use_with_context(
tool_name,
input,
Some(&self.hook_abort_signal),
None,
)
}
}
fn run_post_tool_use_hook(
&mut self,
tool_name: &str,
input: &str,
output: &str,
is_error: bool,
) -> HookRunResult {
if let Some(reporter) = self.hook_progress_reporter.as_mut() {
self.hook_runner.run_post_tool_use_with_context(
tool_name,
input,
output,
is_error,
Some(&self.hook_abort_signal),
Some(reporter.as_mut()),
)
} else {
self.hook_runner.run_post_tool_use_with_context(
tool_name,
input,
output,
is_error,
Some(&self.hook_abort_signal),
None,
)
}
}
fn run_post_tool_use_failure_hook(
&mut self,
tool_name: &str,
input: &str,
output: &str,
) -> HookRunResult {
if let Some(reporter) = self.hook_progress_reporter.as_mut() {
self.hook_runner.run_post_tool_use_failure_with_context(
tool_name,
input,
output,
Some(&self.hook_abort_signal),
Some(reporter.as_mut()),
)
} else {
self.hook_runner.run_post_tool_use_failure_with_context(
tool_name,
input,
output,
Some(&self.hook_abort_signal),
None,
)
}
}
#[allow(clippy::too_many_lines)] #[allow(clippy::too_many_lines)]
pub fn run_turn( pub fn run_turn(
&mut self, &mut self,
@@ -273,94 +365,124 @@ where
} }
for (tool_use_id, tool_name, input) in pending_tool_uses { for (tool_use_id, tool_name, input) in pending_tool_uses {
let permission_outcome = if let Some(prompt) = prompter.as_mut() { let pre_hook_result = self.run_pre_tool_use_hook(&tool_name, &input);
self.permission_policy let effective_input = pre_hook_result
.authorize(&tool_name, &input, Some(*prompt)) .updated_input()
.map_or_else(|| input.clone(), ToOwned::to_owned);
let permission_context = PermissionContext::new(
pre_hook_result.permission_override(),
pre_hook_result.permission_reason().map(ToOwned::to_owned),
);
let permission_outcome = if pre_hook_result.is_cancelled() {
PermissionOutcome::Deny {
reason: format_hook_message(
pre_hook_result.messages(),
&format!("PreToolUse hook cancelled tool `{tool_name}`"),
),
}
} else if pre_hook_result.is_denied() {
PermissionOutcome::Deny {
reason: format_hook_message(
pre_hook_result.messages(),
&format!("PreToolUse hook denied tool `{tool_name}`"),
),
}
} else if let Some(prompt) = prompter.as_mut() {
self.permission_policy.authorize_with_context(
&tool_name,
&effective_input,
&permission_context,
Some(*prompt),
)
} else { } else {
self.permission_policy.authorize(&tool_name, &input, None) self.permission_policy.authorize_with_context(
&tool_name,
&effective_input,
&permission_context,
None,
)
}; };
let result_message = match permission_outcome { let result_message = match permission_outcome {
PermissionOutcome::Allow => { PermissionOutcome::Allow => {
let pre_hook_result = self.hook_runner.run_pre_tool_use(&tool_name, &input); let plugin_pre_hook_result =
if pre_hook_result.is_denied() { self.run_plugin_pre_tool_use(&tool_name, &effective_input);
if plugin_pre_hook_result.is_denied() {
let deny_message = format!("PreToolUse hook denied tool `{tool_name}`"); let deny_message = format!("PreToolUse hook denied tool `{tool_name}`");
let mut messages = pre_hook_result.messages().to_vec();
messages.extend(plugin_pre_hook_result.messages().iter().cloned());
ConversationMessage::tool_result( ConversationMessage::tool_result(
tool_use_id, tool_use_id,
tool_name, tool_name,
format_hook_message(pre_hook_result.messages(), &deny_message), format_hook_message(&messages, &deny_message),
true, true,
) )
} else { } else {
let plugin_pre_hook_result = let (mut output, mut is_error) =
self.run_plugin_pre_tool_use(&tool_name, &input); match self.tool_executor.execute(&tool_name, &effective_input) {
if plugin_pre_hook_result.is_denied() { Ok(output) => (output, false),
let deny_message = Err(error) => (error.to_string(), true),
format!("PreToolUse hook denied tool `{tool_name}`"); };
let mut messages = pre_hook_result.messages().to_vec(); output = merge_hook_feedback(pre_hook_result.messages(), output, false);
messages.extend(plugin_pre_hook_result.messages().iter().cloned()); output = merge_hook_feedback(
ConversationMessage::tool_result( plugin_pre_hook_result.messages(),
tool_use_id, output,
tool_name, false,
format_hook_message(&messages, &deny_message), );
true,
let hook_output = output.clone();
let post_hook_result = if is_error {
self.run_post_tool_use_failure_hook(
&tool_name,
&effective_input,
&hook_output,
) )
} else { } else {
let (mut output, mut is_error) = self.run_post_tool_use_hook(
match self.tool_executor.execute(&tool_name, &input) { &tool_name,
Ok(output) => (output, false), &effective_input,
Err(error) => (error.to_string(), true), &hook_output,
};
output =
merge_hook_feedback(pre_hook_result.messages(), output, false);
output = merge_hook_feedback(
plugin_pre_hook_result.messages(),
output,
false, false,
);
let hook_output = output.clone();
let post_hook_result = self.hook_runner.run_post_tool_use(
&tool_name,
&input,
&hook_output,
is_error,
);
let plugin_post_hook_result = self.run_plugin_post_tool_use(
&tool_name,
&input,
&hook_output,
is_error,
);
if post_hook_result.is_denied() {
is_error = true;
}
if plugin_post_hook_result.is_denied() {
is_error = true;
}
output = merge_hook_feedback(
post_hook_result.messages(),
output,
post_hook_result.is_denied(),
);
output = merge_hook_feedback(
plugin_post_hook_result.messages(),
output,
plugin_post_hook_result.is_denied(),
);
ConversationMessage::tool_result(
tool_use_id,
tool_name,
output,
is_error,
) )
};
let plugin_post_hook_result = self.run_plugin_post_tool_use(
&tool_name,
&effective_input,
&hook_output,
is_error,
);
if post_hook_result.is_denied()
|| post_hook_result.is_cancelled()
|| plugin_post_hook_result.is_denied()
{
is_error = true;
} }
output = merge_hook_feedback(
post_hook_result.messages(),
output,
post_hook_result.is_denied() || post_hook_result.is_cancelled(),
);
output = merge_hook_feedback(
plugin_post_hook_result.messages(),
output,
plugin_post_hook_result.is_denied(),
);
ConversationMessage::tool_result(
tool_use_id,
tool_name,
output,
is_error,
)
} }
} }
PermissionOutcome::Deny { reason } => { PermissionOutcome::Deny { reason } => ConversationMessage::tool_result(
ConversationMessage::tool_result(tool_use_id, tool_name, reason, true) tool_use_id,
} tool_name,
merge_hook_feedback(pre_hook_result.messages(), reason, true),
true,
),
}; };
self.session.messages.push(result_message.clone()); self.session.messages.push(result_message.clone());
tool_results.push(result_message); tool_results.push(result_message);
@@ -870,6 +992,7 @@ mod tests {
RuntimeFeatureConfig::default().with_hooks(RuntimeHookConfig::new( RuntimeFeatureConfig::default().with_hooks(RuntimeHookConfig::new(
vec![shell_snippet("printf 'blocked by hook'; exit 2")], vec![shell_snippet("printf 'blocked by hook'; exit 2")],
Vec::new(), Vec::new(),
Vec::new(),
)), )),
); );
@@ -936,6 +1059,7 @@ mod tests {
RuntimeFeatureConfig::default().with_hooks(RuntimeHookConfig::new( RuntimeFeatureConfig::default().with_hooks(RuntimeHookConfig::new(
vec![shell_snippet("printf 'pre hook ran'")], vec![shell_snippet("printf 'pre hook ran'")],
vec![shell_snippet("printf 'post hook ran'")], vec![shell_snippet("printf 'post hook ran'")],
Vec::new(),
)), )),
); );

607
rust/crates/runtime/src/hooks.rs
View File

@@ -1,30 +1,91 @@
use std::ffi::OsStr; use std::ffi::OsStr;
use std::io::Write;
use std::path::Path; use std::path::Path;
use std::process::Command; use std::process::{Command, Stdio};
use std::sync::{
atomic::{AtomicBool, Ordering},
Arc,
};
use std::thread;
use std::time::Duration;
use serde_json::json; use serde_json::{json, Value};
use crate::config::{RuntimeFeatureConfig, RuntimeHookConfig}; use crate::config::{RuntimeFeatureConfig, RuntimeHookConfig};
use crate::permissions::PermissionOverride;
pub type HookPermissionDecision = PermissionOverride;
#[derive(Debug, Clone, Copy, PartialEq, Eq)] #[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum HookEvent { pub enum HookEvent {
PreToolUse, PreToolUse,
PostToolUse, PostToolUse,
PostToolUseFailure,
} }
impl HookEvent { impl HookEvent {
fn as_str(self) -> &'static str { #[must_use]
pub fn as_str(self) -> &'static str {
match self { match self {
Self::PreToolUse => "PreToolUse", Self::PreToolUse => "PreToolUse",
Self::PostToolUse => "PostToolUse", Self::PostToolUse => "PostToolUse",
Self::PostToolUseFailure => "PostToolUseFailure",
} }
} }
} }
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum HookProgressEvent {
Started {
event: HookEvent,
tool_name: String,
command: String,
},
Completed {
event: HookEvent,
tool_name: String,
command: String,
},
Cancelled {
event: HookEvent,
tool_name: String,
command: String,
},
}
pub trait HookProgressReporter {
fn on_event(&mut self, event: &HookProgressEvent);
}
#[derive(Debug, Clone, Default)]
pub struct HookAbortSignal {
aborted: Arc<AtomicBool>,
}
impl HookAbortSignal {
#[must_use]
pub fn new() -> Self {
Self::default()
}
pub fn abort(&self) {
self.aborted.store(true, Ordering::SeqCst);
}
#[must_use]
pub fn is_aborted(&self) -> bool {
self.aborted.load(Ordering::SeqCst)
}
}
#[derive(Debug, Clone, PartialEq, Eq)] #[derive(Debug, Clone, PartialEq, Eq)]
pub struct HookRunResult { pub struct HookRunResult {
denied: bool, denied: bool,
cancelled: bool,
messages: Vec<String>, messages: Vec<String>,
permission_override: Option<PermissionOverride>,
permission_reason: Option<String>,
updated_input: Option<String>,
} }
impl HookRunResult { impl HookRunResult {
@@ -32,7 +93,11 @@ impl HookRunResult {
pub fn allow(messages: Vec<String>) -> Self { pub fn allow(messages: Vec<String>) -> Self {
Self { Self {
denied: false, denied: false,
cancelled: false,
messages, messages,
permission_override: None,
permission_reason: None,
updated_input: None,
} }
} }
@@ -41,10 +106,40 @@ impl HookRunResult {
self.denied self.denied
} }
#[must_use]
pub fn is_cancelled(&self) -> bool {
self.cancelled
}
#[must_use] #[must_use]
pub fn messages(&self) -> &[String] { pub fn messages(&self) -> &[String] {
&self.messages &self.messages
} }
#[must_use]
pub fn permission_override(&self) -> Option<PermissionOverride> {
self.permission_override
}
#[must_use]
pub fn permission_decision(&self) -> Option<HookPermissionDecision> {
self.permission_override
}
#[must_use]
pub fn permission_reason(&self) -> Option<&str> {
self.permission_reason.as_deref()
}
#[must_use]
pub fn updated_input(&self) -> Option<&str> {
self.updated_input.as_deref()
}
#[must_use]
pub fn updated_input_json(&self) -> Option<&str> {
self.updated_input()
}
} }
#[derive(Debug, Clone, PartialEq, Eq, Default)] #[derive(Debug, Clone, PartialEq, Eq, Default)]
@@ -65,16 +160,39 @@ impl HookRunner {
#[must_use] #[must_use]
pub fn run_pre_tool_use(&self, tool_name: &str, tool_input: &str) -> HookRunResult { pub fn run_pre_tool_use(&self, tool_name: &str, tool_input: &str) -> HookRunResult {
self.run_commands( self.run_pre_tool_use_with_context(tool_name, tool_input, None, None)
}
#[must_use]
pub fn run_pre_tool_use_with_context(
&self,
tool_name: &str,
tool_input: &str,
abort_signal: Option<&HookAbortSignal>,
reporter: Option<&mut dyn HookProgressReporter>,
) -> HookRunResult {
Self::run_commands(
HookEvent::PreToolUse, HookEvent::PreToolUse,
self.config.pre_tool_use(), self.config.pre_tool_use(),
tool_name, tool_name,
tool_input, tool_input,
None, None,
false, false,
abort_signal,
reporter,
) )
} }
#[must_use]
pub fn run_pre_tool_use_with_signal(
&self,
tool_name: &str,
tool_input: &str,
abort_signal: Option<&HookAbortSignal>,
) -> HookRunResult {
self.run_pre_tool_use_with_context(tool_name, tool_input, abort_signal, None)
}
#[must_use] #[must_use]
pub fn run_post_tool_use( pub fn run_post_tool_use(
&self, &self,
@@ -83,43 +201,147 @@ impl HookRunner {
tool_output: &str, tool_output: &str,
is_error: bool, is_error: bool,
) -> HookRunResult { ) -> HookRunResult {
self.run_commands( self.run_post_tool_use_with_context(
tool_name,
tool_input,
tool_output,
is_error,
None,
None,
)
}
#[must_use]
pub fn run_post_tool_use_with_context(
&self,
tool_name: &str,
tool_input: &str,
tool_output: &str,
is_error: bool,
abort_signal: Option<&HookAbortSignal>,
reporter: Option<&mut dyn HookProgressReporter>,
) -> HookRunResult {
Self::run_commands(
HookEvent::PostToolUse, HookEvent::PostToolUse,
self.config.post_tool_use(), self.config.post_tool_use(),
tool_name, tool_name,
tool_input, tool_input,
Some(tool_output), Some(tool_output),
is_error, is_error,
abort_signal,
reporter,
) )
} }
fn run_commands( #[must_use]
pub fn run_post_tool_use_with_signal(
&self, &self,
tool_name: &str,
tool_input: &str,
tool_output: &str,
is_error: bool,
abort_signal: Option<&HookAbortSignal>,
) -> HookRunResult {
self.run_post_tool_use_with_context(
tool_name,
tool_input,
tool_output,
is_error,
abort_signal,
None,
)
}
#[must_use]
pub fn run_post_tool_use_failure(
&self,
tool_name: &str,
tool_input: &str,
tool_error: &str,
) -> HookRunResult {
self.run_post_tool_use_failure_with_context(tool_name, tool_input, tool_error, None, None)
}
#[must_use]
pub fn run_post_tool_use_failure_with_context(
&self,
tool_name: &str,
tool_input: &str,
tool_error: &str,
abort_signal: Option<&HookAbortSignal>,
reporter: Option<&mut dyn HookProgressReporter>,
) -> HookRunResult {
Self::run_commands(
HookEvent::PostToolUseFailure,
self.config.post_tool_use_failure(),
tool_name,
tool_input,
Some(tool_error),
true,
abort_signal,
reporter,
)
}
#[must_use]
pub fn run_post_tool_use_failure_with_signal(
&self,
tool_name: &str,
tool_input: &str,
tool_error: &str,
abort_signal: Option<&HookAbortSignal>,
) -> HookRunResult {
self.run_post_tool_use_failure_with_context(
tool_name,
tool_input,
tool_error,
abort_signal,
None,
)
}
#[allow(clippy::too_many_arguments)]
fn run_commands(
event: HookEvent, event: HookEvent,
commands: &[String], commands: &[String],
tool_name: &str, tool_name: &str,
tool_input: &str, tool_input: &str,
tool_output: Option<&str>, tool_output: Option<&str>,
is_error: bool, is_error: bool,
abort_signal: Option<&HookAbortSignal>,
mut reporter: Option<&mut dyn HookProgressReporter>,
) -> HookRunResult { ) -> HookRunResult {
if commands.is_empty() { if commands.is_empty() {
return HookRunResult::allow(Vec::new()); return HookRunResult::allow(Vec::new());
} }
let payload = json!({ if abort_signal.is_some_and(HookAbortSignal::is_aborted) {
"hook_event_name": event.as_str(), return HookRunResult {
"tool_name": tool_name, denied: false,
"tool_input": parse_tool_input(tool_input), cancelled: true,
"tool_input_json": tool_input, messages: vec![format!(
"tool_output": tool_output, "{} hook cancelled before execution",
"tool_result_is_error": is_error, event.as_str()
}) )],
.to_string(); permission_override: None,
permission_reason: None,
updated_input: None,
};
}
let mut messages = Vec::new(); let payload = hook_payload(event, tool_name, tool_input, tool_output, is_error).to_string();
let mut result = HookRunResult::allow(Vec::new());
for command in commands { for command in commands {
match self.run_command( if let Some(reporter) = reporter.as_deref_mut() {
reporter.on_event(&HookProgressEvent::Started {
event,
tool_name: tool_name.to_string(),
command: command.clone(),
});
}
match Self::run_command(
command, command,
event, event,
tool_name, tool_name,
@@ -127,32 +349,60 @@ impl HookRunner {
tool_output, tool_output,
is_error, is_error,
&payload, &payload,
abort_signal,
) { ) {
HookCommandOutcome::Allow { message } => { HookCommandOutcome::Allow { parsed } => {
if let Some(message) = message { if let Some(reporter) = reporter.as_deref_mut() {
messages.push(message); reporter.on_event(&HookProgressEvent::Completed {
event,
tool_name: tool_name.to_string(),
command: command.clone(),
});
} }
merge_parsed_hook_output(&mut result, parsed);
} }
HookCommandOutcome::Deny { message } => { HookCommandOutcome::Deny { parsed } => {
let message = message.unwrap_or_else(|| { if let Some(reporter) = reporter.as_deref_mut() {
format!("{} hook denied tool `{tool_name}`", event.as_str()) reporter.on_event(&HookProgressEvent::Completed {
}); event,
messages.push(message); tool_name: tool_name.to_string(),
return HookRunResult { command: command.clone(),
denied: true, });
messages, }
}; merge_parsed_hook_output(&mut result, parsed);
result.denied = true;
return result;
}
HookCommandOutcome::Warn { message } => {
if let Some(reporter) = reporter.as_deref_mut() {
reporter.on_event(&HookProgressEvent::Completed {
event,
tool_name: tool_name.to_string(),
command: command.clone(),
});
}
result.messages.push(message);
}
HookCommandOutcome::Cancelled { message } => {
if let Some(reporter) = reporter.as_deref_mut() {
reporter.on_event(&HookProgressEvent::Cancelled {
event,
tool_name: tool_name.to_string(),
command: command.clone(),
});
}
result.cancelled = true;
result.messages.push(message);
return result;
} }
HookCommandOutcome::Warn { message } => messages.push(message),
} }
} }
HookRunResult::allow(messages) result
} }
#[allow(clippy::too_many_arguments, clippy::unused_self)] #[allow(clippy::too_many_arguments)]
fn run_command( fn run_command(
&self,
command: &str, command: &str,
event: HookEvent, event: HookEvent,
tool_name: &str, tool_name: &str,
@@ -160,11 +410,12 @@ impl HookRunner {
tool_output: Option<&str>, tool_output: Option<&str>,
is_error: bool, is_error: bool,
payload: &str, payload: &str,
abort_signal: Option<&HookAbortSignal>,
) -> HookCommandOutcome { ) -> HookCommandOutcome {
let mut child = shell_command(command); let mut child = shell_command(command);
child.stdin(std::process::Stdio::piped()); child.stdin(Stdio::piped());
child.stdout(std::process::Stdio::piped()); child.stdout(Stdio::piped());
child.stderr(std::process::Stdio::piped()); child.stderr(Stdio::piped());
child.env("HOOK_EVENT", event.as_str()); child.env("HOOK_EVENT", event.as_str());
child.env("HOOK_TOOL_NAME", tool_name); child.env("HOOK_TOOL_NAME", tool_name);
child.env("HOOK_TOOL_INPUT", tool_input); child.env("HOOK_TOOL_INPUT", tool_input);
@@ -173,19 +424,30 @@ impl HookRunner {
child.env("HOOK_TOOL_OUTPUT", tool_output); child.env("HOOK_TOOL_OUTPUT", tool_output);
} }
match child.output_with_stdin(payload.as_bytes()) { match child.output_with_stdin(payload.as_bytes(), abort_signal) {
Ok(output) => { Ok(CommandExecution::Finished(output)) => {
let stdout = String::from_utf8_lossy(&output.stdout).trim().to_string(); let stdout = String::from_utf8_lossy(&output.stdout).trim().to_string();
let stderr = String::from_utf8_lossy(&output.stderr).trim().to_string(); let stderr = String::from_utf8_lossy(&output.stderr).trim().to_string();
let message = (!stdout.is_empty()).then_some(stdout); let parsed = parse_hook_output(&stdout);
match output.status.code() { match output.status.code() {
Some(0) => HookCommandOutcome::Allow { message }, Some(0) => {
Some(2) => HookCommandOutcome::Deny { message }, if parsed.deny {
HookCommandOutcome::Deny { parsed }
} else {
HookCommandOutcome::Allow { parsed }
}
}
Some(2) => HookCommandOutcome::Deny {
parsed: parsed.with_fallback_message(format!(
"{} hook denied tool `{tool_name}`",
event.as_str()
)),
},
Some(code) => HookCommandOutcome::Warn { Some(code) => HookCommandOutcome::Warn {
message: format_hook_warning( message: format_hook_warning(
command, command,
code, code,
message.as_deref(), parsed.primary_message(),
stderr.as_str(), stderr.as_str(),
), ),
}, },
@@ -197,6 +459,12 @@ impl HookRunner {
}, },
} }
} }
Ok(CommandExecution::Cancelled) => HookCommandOutcome::Cancelled {
message: format!(
"{} hook `{command}` cancelled while handling `{tool_name}`",
event.as_str()
),
},
Err(error) => HookCommandOutcome::Warn { Err(error) => HookCommandOutcome::Warn {
message: format!( message: format!(
"{} hook `{command}` failed to start for `{tool_name}`: {error}", "{} hook `{command}` failed to start for `{tool_name}`: {error}",
@@ -208,12 +476,131 @@ impl HookRunner {
} }
enum HookCommandOutcome { enum HookCommandOutcome {
Allow { message: Option<String> }, Allow { parsed: ParsedHookOutput },
Deny { message: Option<String> }, Deny { parsed: ParsedHookOutput },
Warn { message: String }, Warn { message: String },
Cancelled { message: String },
} }
fn parse_tool_input(tool_input: &str) -> serde_json::Value { #[derive(Debug, Clone, PartialEq, Eq, Default)]
struct ParsedHookOutput {
messages: Vec<String>,
deny: bool,
permission_override: Option<PermissionOverride>,
permission_reason: Option<String>,
updated_input: Option<String>,
}
impl ParsedHookOutput {
fn with_fallback_message(mut self, fallback: String) -> Self {
if self.messages.is_empty() {
self.messages.push(fallback);
}
self
}
fn primary_message(&self) -> Option<&str> {
self.messages.first().map(String::as_str)
}
}
fn merge_parsed_hook_output(target: &mut HookRunResult, parsed: ParsedHookOutput) {
target.messages.extend(parsed.messages);
if parsed.permission_override.is_some() {
target.permission_override = parsed.permission_override;
}
if parsed.permission_reason.is_some() {
target.permission_reason = parsed.permission_reason;
}
if parsed.updated_input.is_some() {
target.updated_input = parsed.updated_input;
}
}
fn parse_hook_output(stdout: &str) -> ParsedHookOutput {
if stdout.is_empty() {
return ParsedHookOutput::default();
}
let Ok(Value::Object(root)) = serde_json::from_str::<Value>(stdout) else {
return ParsedHookOutput {
messages: vec![stdout.to_string()],
..ParsedHookOutput::default()
};
};
let mut parsed = ParsedHookOutput::default();
if let Some(message) = root.get("systemMessage").and_then(Value::as_str) {
parsed.messages.push(message.to_string());
}
if let Some(message) = root.get("reason").and_then(Value::as_str) {
parsed.messages.push(message.to_string());
}
if root.get("continue").and_then(Value::as_bool) == Some(false)
|| root.get("decision").and_then(Value::as_str) == Some("block")
{
parsed.deny = true;
}
if let Some(Value::Object(specific)) = root.get("hookSpecificOutput") {
if let Some(Value::String(additional_context)) = specific.get("additionalContext") {
parsed.messages.push(additional_context.clone());
}
if let Some(decision) = specific.get("permissionDecision").and_then(Value::as_str) {
parsed.permission_override = match decision {
"allow" => Some(PermissionOverride::Allow),
"deny" => Some(PermissionOverride::Deny),
"ask" => Some(PermissionOverride::Ask),
_ => None,
};
}
if let Some(reason) = specific
.get("permissionDecisionReason")
.and_then(Value::as_str)
{
parsed.permission_reason = Some(reason.to_string());
}
if let Some(updated_input) = specific.get("updatedInput") {
parsed.updated_input = serde_json::to_string(updated_input).ok();
}
}
if parsed.messages.is_empty() {
parsed.messages.push(stdout.to_string());
}
parsed
}
fn hook_payload(
event: HookEvent,
tool_name: &str,
tool_input: &str,
tool_output: Option<&str>,
is_error: bool,
) -> Value {
match event {
HookEvent::PostToolUseFailure => json!({
"hook_event_name": event.as_str(),
"tool_name": tool_name,
"tool_input": parse_tool_input(tool_input),
"tool_input_json": tool_input,
"tool_error": tool_output,
"tool_result_is_error": true,
}),
_ => json!({
"hook_event_name": event.as_str(),
"tool_name": tool_name,
"tool_input": parse_tool_input(tool_input),
"tool_input_json": tool_input,
"tool_output": tool_output,
"tool_result_is_error": is_error,
}),
}
}
fn parse_tool_input(tool_input: &str) -> Value {
serde_json::from_str(tool_input).unwrap_or_else(|_| json!({ "raw": tool_input })) serde_json::from_str(tool_input).unwrap_or_else(|_| json!({ "raw": tool_input }))
} }
@@ -261,17 +648,17 @@ impl CommandWithStdin {
Self { command } Self { command }
} }
fn stdin(&mut self, cfg: std::process::Stdio) -> &mut Self { fn stdin(&mut self, cfg: Stdio) -> &mut Self {
self.command.stdin(cfg); self.command.stdin(cfg);
self self
} }
fn stdout(&mut self, cfg: std::process::Stdio) -> &mut Self { fn stdout(&mut self, cfg: Stdio) -> &mut Self {
self.command.stdout(cfg); self.command.stdout(cfg);
self self
} }
fn stderr(&mut self, cfg: std::process::Stdio) -> &mut Self { fn stderr(&mut self, cfg: Stdio) -> &mut Self {
self.command.stderr(cfg); self.command.stderr(cfg);
self self
} }
@@ -285,26 +672,64 @@ impl CommandWithStdin {
self self
} }
fn output_with_stdin(&mut self, stdin: &[u8]) -> std::io::Result<std::process::Output> { fn output_with_stdin(
&mut self,
stdin: &[u8],
abort_signal: Option<&HookAbortSignal>,
) -> std::io::Result<CommandExecution> {
let mut child = self.command.spawn()?; let mut child = self.command.spawn()?;
if let Some(mut child_stdin) = child.stdin.take() { if let Some(mut child_stdin) = child.stdin.take() {
use std::io::Write;
child_stdin.write_all(stdin)?; child_stdin.write_all(stdin)?;
} }
child.wait_with_output()
loop {
if abort_signal.is_some_and(HookAbortSignal::is_aborted) {
let _ = child.kill();
let _ = child.wait_with_output();
return Ok(CommandExecution::Cancelled);
}
match child.try_wait()? {
Some(_) => return child.wait_with_output().map(CommandExecution::Finished),
None => thread::sleep(Duration::from_millis(20)),
}
}
} }
} }
enum CommandExecution {
Finished(std::process::Output),
Cancelled,
}
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use super::{HookRunResult, HookRunner}; use std::thread;
use std::time::Duration;
use super::{
HookAbortSignal, HookEvent, HookProgressEvent, HookProgressReporter, HookRunResult,
HookRunner,
};
use crate::config::{RuntimeFeatureConfig, RuntimeHookConfig}; use crate::config::{RuntimeFeatureConfig, RuntimeHookConfig};
use crate::permissions::PermissionOverride;
struct RecordingReporter {
events: Vec<HookProgressEvent>,
}
impl HookProgressReporter for RecordingReporter {
fn on_event(&mut self, event: &HookProgressEvent) {
self.events.push(event.clone());
}
}
#[test] #[test]
fn allows_exit_code_zero_and_captures_stdout() { fn allows_exit_code_zero_and_captures_stdout() {
let runner = HookRunner::new(RuntimeHookConfig::new( let runner = HookRunner::new(RuntimeHookConfig::new(
vec![shell_snippet("printf 'pre ok'")], vec![shell_snippet("printf 'pre ok'")],
Vec::new(), Vec::new(),
Vec::new(),
)); ));
let result = runner.run_pre_tool_use("Read", r#"{"path":"README.md"}"#); let result = runner.run_pre_tool_use("Read", r#"{"path":"README.md"}"#);
@@ -317,6 +742,7 @@ mod tests {
let runner = HookRunner::new(RuntimeHookConfig::new( let runner = HookRunner::new(RuntimeHookConfig::new(
vec![shell_snippet("printf 'blocked by hook'; exit 2")], vec![shell_snippet("printf 'blocked by hook'; exit 2")],
Vec::new(), Vec::new(),
Vec::new(),
)); ));
let result = runner.run_pre_tool_use("Bash", r#"{"command":"pwd"}"#); let result = runner.run_pre_tool_use("Bash", r#"{"command":"pwd"}"#);
@@ -331,6 +757,7 @@ mod tests {
RuntimeHookConfig::new( RuntimeHookConfig::new(
vec![shell_snippet("printf 'warning hook'; exit 1")], vec![shell_snippet("printf 'warning hook'; exit 1")],
Vec::new(), Vec::new(),
Vec::new(),
), ),
)); ));
@@ -343,6 +770,82 @@ mod tests {
.any(|message| message.contains("allowing tool execution to continue"))); .any(|message| message.contains("allowing tool execution to continue")));
} }
#[test]
fn parses_pre_hook_permission_override_and_updated_input() {
let runner = HookRunner::new(RuntimeHookConfig::new(
vec![shell_snippet(
r#"printf '%s' '{"systemMessage":"updated","hookSpecificOutput":{"permissionDecision":"allow","permissionDecisionReason":"hook ok","updatedInput":{"command":"git status"}}}'"#,
)],
Vec::new(),
Vec::new(),
));
let result = runner.run_pre_tool_use("bash", r#"{"command":"pwd"}"#);
assert_eq!(
result.permission_override(),
Some(PermissionOverride::Allow)
);
assert_eq!(result.permission_reason(), Some("hook ok"));
assert_eq!(result.updated_input(), Some(r#"{"command":"git status"}"#));
assert!(result.messages().iter().any(|message| message == "updated"));
}
#[test]
fn runs_post_tool_use_failure_hooks() {
let runner = HookRunner::new(RuntimeHookConfig::new(
Vec::new(),
Vec::new(),
vec![shell_snippet("printf 'failure hook ran'")],
));
let result =
runner.run_post_tool_use_failure("bash", r#"{"command":"false"}"#, "command failed");
assert!(!result.is_denied());
assert_eq!(result.messages(), &["failure hook ran".to_string()]);
}
#[test]
fn abort_signal_cancels_long_running_hook_and_reports_progress() {
let runner = HookRunner::new(RuntimeHookConfig::new(
vec![shell_snippet("sleep 5")],
Vec::new(),
Vec::new(),
));
let abort_signal = HookAbortSignal::new();
let abort_signal_for_thread = abort_signal.clone();
let mut reporter = RecordingReporter { events: Vec::new() };
thread::spawn(move || {
thread::sleep(Duration::from_millis(100));
abort_signal_for_thread.abort();
});
let result = runner.run_pre_tool_use_with_context(
"bash",
r#"{"command":"sleep 5"}"#,
Some(&abort_signal),
Some(&mut reporter),
);
assert!(result.is_cancelled());
assert!(reporter.events.iter().any(|event| matches!(
event,
HookProgressEvent::Started {
event: HookEvent::PreToolUse,
..
}
)));
assert!(reporter.events.iter().any(|event| matches!(
event,
HookProgressEvent::Cancelled {
event: HookEvent::PreToolUse,
..
}
)));
}
#[cfg(windows)] #[cfg(windows)]
fn shell_snippet(script: &str) -> String { fn shell_snippet(script: &str) -> String {
script.replace('\'', "\"") script.replace('\'', "\"")

11
rust/crates/runtime/src/lib.rs
View File

@@ -28,7 +28,8 @@ pub use config::{
McpConfigCollection, McpOAuthConfig, McpRemoteServerConfig, McpSdkServerConfig, McpConfigCollection, McpOAuthConfig, McpRemoteServerConfig, McpSdkServerConfig,
McpServerConfig, McpStdioServerConfig, McpTransport, McpWebSocketServerConfig, OAuthConfig, McpServerConfig, McpStdioServerConfig, McpTransport, McpWebSocketServerConfig, OAuthConfig,
ResolvedPermissionMode, RuntimeConfig, RuntimeFeatureConfig, RuntimeHookConfig, ResolvedPermissionMode, RuntimeConfig, RuntimeFeatureConfig, RuntimeHookConfig,
RuntimePluginConfig, ScopedMcpServerConfig, CLAUDE_CODE_SETTINGS_SCHEMA_NAME, RuntimePermissionRuleConfig, RuntimePluginConfig, ScopedMcpServerConfig,
CLAUDE_CODE_SETTINGS_SCHEMA_NAME,
}; };
pub use conversation::{ pub use conversation::{
auto_compaction_threshold_from_env, ApiClient, ApiRequest, AssistantEvent, AutoCompactionEvent, auto_compaction_threshold_from_env, ApiClient, ApiRequest, AssistantEvent, AutoCompactionEvent,
@@ -39,7 +40,9 @@ pub use file_ops::{
GrepSearchInput, GrepSearchOutput, ReadFileOutput, StructuredPatchHunk, TextFilePayload, GrepSearchInput, GrepSearchOutput, ReadFileOutput, StructuredPatchHunk, TextFilePayload,
WriteFileOutput, WriteFileOutput,
}; };
pub use hooks::{HookEvent, HookRunResult, HookRunner}; pub use hooks::{
HookAbortSignal, HookEvent, HookProgressEvent, HookProgressReporter, HookRunResult, HookRunner,
};
pub use mcp::{ pub use mcp::{
mcp_server_signature, mcp_tool_name, mcp_tool_prefix, normalize_name_for_mcp, mcp_server_signature, mcp_tool_name, mcp_tool_prefix, normalize_name_for_mcp,
scoped_mcp_config_hash, unwrap_ccr_proxy_url, scoped_mcp_config_hash, unwrap_ccr_proxy_url,
@@ -64,8 +67,8 @@ pub use oauth::{
PkceChallengeMethod, PkceCodePair, PkceChallengeMethod, PkceCodePair,
}; };
pub use permissions::{ pub use permissions::{
PermissionMode, PermissionOutcome, PermissionPolicy, PermissionPromptDecision, PermissionContext, PermissionMode, PermissionOutcome, PermissionOverride, PermissionPolicy,
PermissionPrompter, PermissionRequest, PermissionPromptDecision, PermissionPrompter, PermissionRequest,
}; };
pub use prompt::{ pub use prompt::{
load_system_prompt, prepend_bullets, ContextFile, ProjectContext, PromptBuildError, load_system_prompt, prepend_bullets, ContextFile, ProjectContext, PromptBuildError,

495
rust/crates/runtime/src/permissions.rs
View File

@@ -1,5 +1,9 @@
use std::collections::BTreeMap; use std::collections::BTreeMap;
use serde_json::Value;
use crate::config::RuntimePermissionRuleConfig;
#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord)] #[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord)]
pub enum PermissionMode { pub enum PermissionMode {
ReadOnly, ReadOnly,
@@ -22,12 +26,49 @@ impl PermissionMode {
} }
} }
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum PermissionOverride {
Allow,
Deny,
Ask,
}
#[derive(Debug, Clone, PartialEq, Eq, Default)]
pub struct PermissionContext {
override_decision: Option<PermissionOverride>,
override_reason: Option<String>,
}
impl PermissionContext {
#[must_use]
pub fn new(
override_decision: Option<PermissionOverride>,
override_reason: Option<String>,
) -> Self {
Self {
override_decision,
override_reason,
}
}
#[must_use]
pub fn override_decision(&self) -> Option<PermissionOverride> {
self.override_decision
}
#[must_use]
pub fn override_reason(&self) -> Option<&str> {
self.override_reason.as_deref()
}
}
#[derive(Debug, Clone, PartialEq, Eq)] #[derive(Debug, Clone, PartialEq, Eq)]
pub struct PermissionRequest { pub struct PermissionRequest {
pub tool_name: String, pub tool_name: String,
pub input: String, pub input: String,
pub current_mode: PermissionMode, pub current_mode: PermissionMode,
pub required_mode: PermissionMode, pub required_mode: PermissionMode,
pub reason: Option<String>,
} }
#[derive(Debug, Clone, PartialEq, Eq)] #[derive(Debug, Clone, PartialEq, Eq)]
@@ -50,6 +91,9 @@ pub enum PermissionOutcome {
pub struct PermissionPolicy { pub struct PermissionPolicy {
active_mode: PermissionMode, active_mode: PermissionMode,
tool_requirements: BTreeMap<String, PermissionMode>, tool_requirements: BTreeMap<String, PermissionMode>,
allow_rules: Vec<PermissionRule>,
deny_rules: Vec<PermissionRule>,
ask_rules: Vec<PermissionRule>,
} }
impl PermissionPolicy { impl PermissionPolicy {
@@ -58,6 +102,9 @@ impl PermissionPolicy {
Self { Self {
active_mode, active_mode,
tool_requirements: BTreeMap::new(), tool_requirements: BTreeMap::new(),
allow_rules: Vec::new(),
deny_rules: Vec::new(),
ask_rules: Vec::new(),
} }
} }
@@ -72,6 +119,26 @@ impl PermissionPolicy {
self self
} }
#[must_use]
pub fn with_permission_rules(mut self, config: &RuntimePermissionRuleConfig) -> Self {
self.allow_rules = config
.allow()
.iter()
.map(|rule| PermissionRule::parse(rule))
.collect();
self.deny_rules = config
.deny()
.iter()
.map(|rule| PermissionRule::parse(rule))
.collect();
self.ask_rules = config
.ask()
.iter()
.map(|rule| PermissionRule::parse(rule))
.collect();
self
}
#[must_use] #[must_use]
pub fn active_mode(&self) -> PermissionMode { pub fn active_mode(&self) -> PermissionMode {
self.active_mode self.active_mode
@@ -90,38 +157,121 @@ impl PermissionPolicy {
&self, &self,
tool_name: &str, tool_name: &str,
input: &str, input: &str,
mut prompter: Option<&mut dyn PermissionPrompter>, prompter: Option<&mut dyn PermissionPrompter>,
) -> PermissionOutcome { ) -> PermissionOutcome {
let current_mode = self.active_mode(); self.authorize_with_context(tool_name, input, &PermissionContext::default(), prompter)
let required_mode = self.required_mode_for(tool_name); }
if current_mode == PermissionMode::Allow || current_mode >= required_mode {
return PermissionOutcome::Allow; #[must_use]
#[allow(clippy::too_many_lines)]
pub fn authorize_with_context(
&self,
tool_name: &str,
input: &str,
context: &PermissionContext,
prompter: Option<&mut dyn PermissionPrompter>,
) -> PermissionOutcome {
if let Some(rule) = Self::find_matching_rule(&self.deny_rules, tool_name, input) {
return PermissionOutcome::Deny {
reason: format!(
"Permission to use {tool_name} has been denied by rule '{}'",
rule.raw
),
};
} }
let request = PermissionRequest { let current_mode = self.active_mode();
tool_name: tool_name.to_string(), let required_mode = self.required_mode_for(tool_name);
input: input.to_string(), let ask_rule = Self::find_matching_rule(&self.ask_rules, tool_name, input);
current_mode, let allow_rule = Self::find_matching_rule(&self.allow_rules, tool_name, input);
required_mode,
}; match context.override_decision() {
Some(PermissionOverride::Deny) => {
return PermissionOutcome::Deny {
reason: context.override_reason().map_or_else(
|| format!("tool '{tool_name}' denied by hook"),
ToOwned::to_owned,
),
};
}
Some(PermissionOverride::Ask) => {
let reason = context.override_reason().map_or_else(
|| format!("tool '{tool_name}' requires approval due to hook guidance"),
ToOwned::to_owned,
);
return Self::prompt_or_deny(
tool_name,
input,
current_mode,
required_mode,
Some(reason),
prompter,
);
}
Some(PermissionOverride::Allow) => {
if let Some(rule) = ask_rule {
let reason = format!(
"tool '{tool_name}' requires approval due to ask rule '{}'",
rule.raw
);
return Self::prompt_or_deny(
tool_name,
input,
current_mode,
required_mode,
Some(reason),
prompter,
);
}
if allow_rule.is_some()
|| current_mode == PermissionMode::Allow
|| current_mode >= required_mode
{
return PermissionOutcome::Allow;
}
}
None => {}
}
if let Some(rule) = ask_rule {
let reason = format!(
"tool '{tool_name}' requires approval due to ask rule '{}'",
rule.raw
);
return Self::prompt_or_deny(
tool_name,
input,
current_mode,
required_mode,
Some(reason),
prompter,
);
}
if allow_rule.is_some()
|| current_mode == PermissionMode::Allow
|| current_mode >= required_mode
{
return PermissionOutcome::Allow;
}
if current_mode == PermissionMode::Prompt if current_mode == PermissionMode::Prompt
|| (current_mode == PermissionMode::WorkspaceWrite || (current_mode == PermissionMode::WorkspaceWrite
&& required_mode == PermissionMode::DangerFullAccess) && required_mode == PermissionMode::DangerFullAccess)
{ {
return match prompter.as_mut() { let reason = Some(format!(
Some(prompter) => match prompter.decide(&request) { "tool '{tool_name}' requires approval to escalate from {} to {}",
PermissionPromptDecision::Allow => PermissionOutcome::Allow, current_mode.as_str(),
PermissionPromptDecision::Deny { reason } => PermissionOutcome::Deny { reason }, required_mode.as_str()
}, ));
None => PermissionOutcome::Deny { return Self::prompt_or_deny(
reason: format!( tool_name,
"tool '{tool_name}' requires approval to escalate from {} to {}", input,
current_mode.as_str(), current_mode,
required_mode.as_str() required_mode,
), reason,
}, prompter,
}; );
} }
PermissionOutcome::Deny { PermissionOutcome::Deny {
@@ -132,14 +282,191 @@ impl PermissionPolicy {
), ),
} }
} }
fn prompt_or_deny(
tool_name: &str,
input: &str,
current_mode: PermissionMode,
required_mode: PermissionMode,
reason: Option<String>,
mut prompter: Option<&mut dyn PermissionPrompter>,
) -> PermissionOutcome {
let request = PermissionRequest {
tool_name: tool_name.to_string(),
input: input.to_string(),
current_mode,
required_mode,
reason: reason.clone(),
};
match prompter.as_mut() {
Some(prompter) => match prompter.decide(&request) {
PermissionPromptDecision::Allow => PermissionOutcome::Allow,
PermissionPromptDecision::Deny { reason } => PermissionOutcome::Deny { reason },
},
None => PermissionOutcome::Deny {
reason: reason.unwrap_or_else(|| {
format!(
"tool '{tool_name}' requires approval to run while mode is {}",
current_mode.as_str()
)
}),
},
}
}
fn find_matching_rule<'a>(
rules: &'a [PermissionRule],
tool_name: &str,
input: &str,
) -> Option<&'a PermissionRule> {
rules.iter().find(|rule| rule.matches(tool_name, input))
}
}
#[derive(Debug, Clone, PartialEq, Eq)]
struct PermissionRule {
raw: String,
tool_name: String,
matcher: PermissionRuleMatcher,
}
#[derive(Debug, Clone, PartialEq, Eq)]
enum PermissionRuleMatcher {
Any,
Exact(String),
Prefix(String),
}
impl PermissionRule {
fn parse(raw: &str) -> Self {
let trimmed = raw.trim();
let open = find_first_unescaped(trimmed, '(');
let close = find_last_unescaped(trimmed, ')');
if let (Some(open), Some(close)) = (open, close) {
if close == trimmed.len() - 1 && open < close {
let tool_name = trimmed[..open].trim();
let content = &trimmed[open + 1..close];
if !tool_name.is_empty() {
let matcher = parse_rule_matcher(content);
return Self {
raw: trimmed.to_string(),
tool_name: tool_name.to_string(),
matcher,
};
}
}
}
Self {
raw: trimmed.to_string(),
tool_name: trimmed.to_string(),
matcher: PermissionRuleMatcher::Any,
}
}
fn matches(&self, tool_name: &str, input: &str) -> bool {
if self.tool_name != tool_name {
return false;
}
match &self.matcher {
PermissionRuleMatcher::Any => true,
PermissionRuleMatcher::Exact(expected) => {
extract_permission_subject(input).is_some_and(|candidate| candidate == *expected)
}
PermissionRuleMatcher::Prefix(prefix) => extract_permission_subject(input)
.is_some_and(|candidate| candidate.starts_with(prefix)),
}
}
}
fn parse_rule_matcher(content: &str) -> PermissionRuleMatcher {
let unescaped = unescape_rule_content(content.trim());
if unescaped.is_empty() || unescaped == "*" {
PermissionRuleMatcher::Any
} else if let Some(prefix) = unescaped.strip_suffix(":*") {
PermissionRuleMatcher::Prefix(prefix.to_string())
} else {
PermissionRuleMatcher::Exact(unescaped)
}
}
fn unescape_rule_content(content: &str) -> String {
content
.replace(r"\(", "(")
.replace(r"\)", ")")
.replace(r"\\", r"\")
}
fn find_first_unescaped(value: &str, needle: char) -> Option<usize> {
let mut escaped = false;
for (idx, ch) in value.char_indices() {
if ch == '\\' {
escaped = !escaped;
continue;
}
if ch == needle && !escaped {
return Some(idx);
}
escaped = false;
}
None
}
fn find_last_unescaped(value: &str, needle: char) -> Option<usize> {
let chars = value.char_indices().collect::<Vec<_>>();
for (pos, (idx, ch)) in chars.iter().enumerate().rev() {
if *ch != needle {
continue;
}
let mut backslashes = 0;
for (_, prev) in chars[..pos].iter().rev() {
if *prev == '\\' {
backslashes += 1;
} else {
break;
}
}
if backslashes % 2 == 0 {
return Some(*idx);
}
}
None
}
fn extract_permission_subject(input: &str) -> Option<String> {
let parsed = serde_json::from_str::<Value>(input).ok();
if let Some(Value::Object(object)) = parsed {
for key in [
"command",
"path",
"file_path",
"filePath",
"notebook_path",
"notebookPath",
"url",
"pattern",
"code",
"message",
] {
if let Some(value) = object.get(key).and_then(Value::as_str) {
return Some(value.to_string());
}
}
}
(!input.trim().is_empty()).then(|| input.to_string())
} }
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use super::{ use super::{
PermissionMode, PermissionOutcome, PermissionPolicy, PermissionPromptDecision, PermissionContext, PermissionMode, PermissionOutcome, PermissionOverride, PermissionPolicy,
PermissionPrompter, PermissionRequest, PermissionPromptDecision, PermissionPrompter, PermissionRequest,
}; };
use crate::config::RuntimePermissionRuleConfig;
struct RecordingPrompter { struct RecordingPrompter {
seen: Vec<PermissionRequest>, seen: Vec<PermissionRequest>,
@@ -229,4 +556,120 @@ mod tests {
PermissionOutcome::Deny { reason } if reason == "not now" PermissionOutcome::Deny { reason } if reason == "not now"
)); ));
} }
#[test]
fn applies_rule_based_denials_and_allows() {
let rules = RuntimePermissionRuleConfig::new(
vec!["bash(git:*)".to_string()],
vec!["bash(rm -rf:*)".to_string()],
Vec::new(),
);
let policy = PermissionPolicy::new(PermissionMode::ReadOnly)
.with_tool_requirement("bash", PermissionMode::DangerFullAccess)
.with_permission_rules(&rules);
assert_eq!(
policy.authorize("bash", r#"{"command":"git status"}"#, None),
PermissionOutcome::Allow
);
assert!(matches!(
policy.authorize("bash", r#"{"command":"rm -rf /tmp/x"}"#, None),
PermissionOutcome::Deny { reason } if reason.contains("denied by rule")
));
}
#[test]
fn ask_rules_force_prompt_even_when_mode_allows() {
let rules = RuntimePermissionRuleConfig::new(
Vec::new(),
Vec::new(),
vec!["bash(git:*)".to_string()],
);
let policy = PermissionPolicy::new(PermissionMode::DangerFullAccess)
.with_tool_requirement("bash", PermissionMode::DangerFullAccess)
.with_permission_rules(&rules);
let mut prompter = RecordingPrompter {
seen: Vec::new(),
allow: true,
};
let outcome = policy.authorize("bash", r#"{"command":"git status"}"#, Some(&mut prompter));
assert_eq!(outcome, PermissionOutcome::Allow);
assert_eq!(prompter.seen.len(), 1);
assert!(prompter.seen[0]
.reason
.as_deref()
.is_some_and(|reason| reason.contains("ask rule")));
}
#[test]
fn hook_allow_still_respects_ask_rules() {
let rules = RuntimePermissionRuleConfig::new(
Vec::new(),
Vec::new(),
vec!["bash(git:*)".to_string()],
);
let policy = PermissionPolicy::new(PermissionMode::ReadOnly)
.with_tool_requirement("bash", PermissionMode::DangerFullAccess)
.with_permission_rules(&rules);
let context = PermissionContext::new(
Some(PermissionOverride::Allow),
Some("hook approved".to_string()),
);
let mut prompter = RecordingPrompter {
seen: Vec::new(),
allow: true,
};
let outcome = policy.authorize_with_context(
"bash",
r#"{"command":"git status"}"#,
&context,
Some(&mut prompter),
);
assert_eq!(outcome, PermissionOutcome::Allow);
assert_eq!(prompter.seen.len(), 1);
}
#[test]
fn hook_deny_short_circuits_permission_flow() {
let policy = PermissionPolicy::new(PermissionMode::DangerFullAccess)
.with_tool_requirement("bash", PermissionMode::DangerFullAccess);
let context = PermissionContext::new(
Some(PermissionOverride::Deny),
Some("blocked by hook".to_string()),
);
assert_eq!(
policy.authorize_with_context("bash", "{}", &context, None),
PermissionOutcome::Deny {
reason: "blocked by hook".to_string(),
}
);
}
#[test]
fn hook_ask_forces_prompt() {
let policy = PermissionPolicy::new(PermissionMode::DangerFullAccess)
.with_tool_requirement("bash", PermissionMode::DangerFullAccess);
let context = PermissionContext::new(
Some(PermissionOverride::Ask),
Some("hook requested confirmation".to_string()),
);
let mut prompter = RecordingPrompter {
seen: Vec::new(),
allow: true,
};
let outcome = policy.authorize_with_context("bash", "{}", &context, Some(&mut prompter));
assert_eq!(outcome, PermissionOutcome::Allow);
assert_eq!(prompter.seen.len(), 1);
assert_eq!(
prompter.seen[0].reason.as_deref(),
Some("hook requested confirmation")
);
}
} }

2
rust/crates/rusty-claude-cli/Cargo.toml
View File

@@ -20,7 +20,7 @@ runtime = { path = "../runtime" }
plugins = { path = "../plugins" } plugins = { path = "../plugins" }
serde_json = "1" serde_json = "1"
syntect = "5" syntect = "5"
tokio = { version = "1", features = ["rt-multi-thread", "time"] } tokio = { version = "1", features = ["rt-multi-thread", "signal", "time"] }
tools = { path = "../tools" } tools = { path = "../tools" }
[lints] [lints]

351
rust/crates/rusty-claude-cli/src/main.rs
View File

@@ -10,9 +10,9 @@ use std::io::{self, Read, Write};
use std::net::TcpListener; use std::net::TcpListener;
use std::path::{Path, PathBuf}; use std::path::{Path, PathBuf};
use std::process::Command; use std::process::Command;
use std::sync::mpsc::{self, RecvTimeoutError}; use std::sync::mpsc::{self, Receiver, RecvTimeoutError, Sender};
use std::sync::{Arc, Mutex}; use std::sync::{Arc, Mutex};
use std::thread; use std::thread::{self, JoinHandle};
use std::time::{Duration, Instant, SystemTime, UNIX_EPOCH}; use std::time::{Duration, Instant, SystemTime, UNIX_EPOCH};
use api::{ use api::{
@@ -22,8 +22,8 @@ use api::{
}; };
use commands::{ use commands::{
handle_agents_slash_command, handle_plugins_slash_command, handle_skills_slash_command, handle_plugins_slash_command, render_slash_command_help, resume_supported_slash_commands,
render_slash_command_help, resume_supported_slash_commands, slash_command_specs, SlashCommand, slash_command_specs, SlashCommand,
}; };
use compat_harness::{extract_manifest, UpstreamPaths}; use compat_harness::{extract_manifest, UpstreamPaths};
use init::initialize_repo; use init::initialize_repo;
@@ -73,8 +73,6 @@ fn run() -> Result<(), Box<dyn std::error::Error>> {
match parse_args(&args)? { match parse_args(&args)? {
CliAction::DumpManifests => dump_manifests(), CliAction::DumpManifests => dump_manifests(),
CliAction::BootstrapPlan => print_bootstrap_plan(), CliAction::BootstrapPlan => print_bootstrap_plan(),
CliAction::Agents { args } => LiveCli::print_agents(args.as_deref())?,
CliAction::Skills { args } => LiveCli::print_skills(args.as_deref())?,
CliAction::PrintSystemPrompt { cwd, date } => print_system_prompt(cwd, date), CliAction::PrintSystemPrompt { cwd, date } => print_system_prompt(cwd, date),
CliAction::Version => print_version(), CliAction::Version => print_version(),
CliAction::ResumeSession { CliAction::ResumeSession {
@@ -106,12 +104,6 @@ fn run() -> Result<(), Box<dyn std::error::Error>> {
enum CliAction { enum CliAction {
DumpManifests, DumpManifests,
BootstrapPlan, BootstrapPlan,
Agents {
args: Option<String>,
},
Skills {
args: Option<String>,
},
PrintSystemPrompt { PrintSystemPrompt {
cwd: PathBuf, cwd: PathBuf,
date: String, date: String,
@@ -275,12 +267,6 @@ fn parse_args(args: &[String]) -> Result<CliAction, String> {
match rest[0].as_str() { match rest[0].as_str() {
"dump-manifests" => Ok(CliAction::DumpManifests), "dump-manifests" => Ok(CliAction::DumpManifests),
"bootstrap-plan" => Ok(CliAction::BootstrapPlan), "bootstrap-plan" => Ok(CliAction::BootstrapPlan),
"agents" => Ok(CliAction::Agents {
args: join_optional_args(&rest[1..]),
}),
"skills" => Ok(CliAction::Skills {
args: join_optional_args(&rest[1..]),
}),
"system-prompt" => parse_system_prompt_args(&rest[1..]), "system-prompt" => parse_system_prompt_args(&rest[1..]),
"login" => Ok(CliAction::Login), "login" => Ok(CliAction::Login),
"logout" => Ok(CliAction::Logout), "logout" => Ok(CliAction::Logout),
@@ -298,37 +284,14 @@ fn parse_args(args: &[String]) -> Result<CliAction, String> {
permission_mode, permission_mode,
}) })
} }
other if other.starts_with('/') => parse_direct_slash_cli_action(&rest), other if !other.starts_with('/') => Ok(CliAction::Prompt {
_other => Ok(CliAction::Prompt {
prompt: rest.join(" "), prompt: rest.join(" "),
model, model,
output_format, output_format,
allowed_tools, allowed_tools,
permission_mode, permission_mode,
}), }),
} other => Err(format!("unknown subcommand: {other}")),
}
fn join_optional_args(args: &[String]) -> Option<String> {
let joined = args.join(" ");
let trimmed = joined.trim();
(!trimmed.is_empty()).then(|| trimmed.to_string())
}
fn parse_direct_slash_cli_action(rest: &[String]) -> Result<CliAction, String> {
let raw = rest.join(" ");
match SlashCommand::parse(&raw) {
Some(SlashCommand::Help) => Ok(CliAction::Help),
Some(SlashCommand::Agents { args }) => Ok(CliAction::Agents { args }),
Some(SlashCommand::Skills { args }) => Ok(CliAction::Skills { args }),
Some(command) => Err(format!(
"unsupported direct slash command outside the REPL: {command_name}",
command_name = match command {
SlashCommand::Unknown(name) => format!("/{name}"),
_ => rest[0].clone(),
}
)),
None => Err(format!("unknown subcommand: {}", rest[0])),
} }
} }
@@ -928,20 +891,6 @@ fn run_resume_command(
)), )),
}) })
} }
SlashCommand::Agents { args } => {
let cwd = env::current_dir()?;
Ok(ResumeCommandOutcome {
session: session.clone(),
message: Some(handle_agents_slash_command(args.as_deref(), &cwd)?),
})
}
SlashCommand::Skills { args } => {
let cwd = env::current_dir()?;
Ok(ResumeCommandOutcome {
session: session.clone(),
message: Some(handle_skills_slash_command(args.as_deref(), &cwd)?),
})
}
SlashCommand::Bughunter { .. } SlashCommand::Bughunter { .. }
| SlashCommand::Commit | SlashCommand::Commit
| SlashCommand::Pr { .. } | SlashCommand::Pr { .. }
@@ -954,6 +903,8 @@ fn run_resume_command(
| SlashCommand::Permissions { .. } | SlashCommand::Permissions { .. }
| SlashCommand::Session { .. } | SlashCommand::Session { .. }
| SlashCommand::Plugins { .. } | SlashCommand::Plugins { .. }
| SlashCommand::Agents { .. }
| SlashCommand::Skills { .. }
| SlashCommand::Unknown(_) => Err("unsupported resumed slash command".into()), | SlashCommand::Unknown(_) => Err("unsupported resumed slash command".into()),
} }
} }
@@ -1021,6 +972,61 @@ struct LiveCli {
session: SessionHandle, session: SessionHandle,
} }
struct HookAbortMonitor {
stop_tx: Option<Sender<()>>,
join_handle: Option<JoinHandle<()>>,
}
impl HookAbortMonitor {
fn spawn(abort_signal: runtime::HookAbortSignal) -> Self {
Self::spawn_with_waiter(abort_signal, move |stop_rx, abort_signal| {
let Ok(runtime) = tokio::runtime::Builder::new_current_thread()
.enable_all()
.build()
else {
return;
};
runtime.block_on(async move {
let wait_for_stop = tokio::task::spawn_blocking(move || {
let _ = stop_rx.recv();
});
tokio::select! {
result = tokio::signal::ctrl_c() => {
if result.is_ok() {
abort_signal.abort();
}
}
_ = wait_for_stop => {}
}
});
})
}
fn spawn_with_waiter<F>(abort_signal: runtime::HookAbortSignal, wait_for_interrupt: F) -> Self
where
F: FnOnce(Receiver<()>, runtime::HookAbortSignal) + Send + 'static,
{
let (stop_tx, stop_rx) = mpsc::channel();
let join_handle = thread::spawn(move || wait_for_interrupt(stop_rx, abort_signal));
Self {
stop_tx: Some(stop_tx),
join_handle: Some(join_handle),
}
}
fn stop(mut self) {
if let Some(stop_tx) = self.stop_tx.take() {
let _ = stop_tx.send(());
}
if let Some(join_handle) = self.join_handle.take() {
let _ = join_handle.join();
}
}
}
impl LiveCli { impl LiveCli {
fn new( fn new(
model: String, model: String,
@@ -1077,7 +1083,35 @@ impl LiveCli {
) )
} }
fn prepare_turn_runtime(
&self,
emit_output: bool,
) -> Result<
(
ConversationRuntime<AnthropicRuntimeClient, CliToolExecutor>,
HookAbortMonitor,
),
Box<dyn std::error::Error>,
> {
let hook_abort_signal = runtime::HookAbortSignal::new();
let runtime = build_runtime(
self.runtime.session().clone(),
self.model.clone(),
self.system_prompt.clone(),
true,
emit_output,
self.allowed_tools.clone(),
self.permission_mode,
None,
)?
.with_hook_abort_signal(hook_abort_signal.clone());
let hook_abort_monitor = HookAbortMonitor::spawn(hook_abort_signal);
Ok((runtime, hook_abort_monitor))
}
fn run_turn(&mut self, input: &str) -> Result<(), Box<dyn std::error::Error>> { fn run_turn(&mut self, input: &str) -> Result<(), Box<dyn std::error::Error>> {
let (mut runtime, hook_abort_monitor) = self.prepare_turn_runtime(true)?;
let mut spinner = Spinner::new(); let mut spinner = Spinner::new();
let mut stdout = io::stdout(); let mut stdout = io::stdout();
spinner.tick( spinner.tick(
@@ -1086,7 +1120,9 @@ impl LiveCli {
&mut stdout, &mut stdout,
)?; )?;
let mut permission_prompter = CliPermissionPrompter::new(self.permission_mode); let mut permission_prompter = CliPermissionPrompter::new(self.permission_mode);
let result = self.runtime.run_turn(input, Some(&mut permission_prompter)); let result = runtime.run_turn(input, Some(&mut permission_prompter));
hook_abort_monitor.stop();
self.runtime = runtime;
match result { match result {
Ok(summary) => { Ok(summary) => {
spinner.finish( spinner.finish(
@@ -1127,19 +1163,11 @@ impl LiveCli {
} }
fn run_prompt_json(&mut self, input: &str) -> Result<(), Box<dyn std::error::Error>> { fn run_prompt_json(&mut self, input: &str) -> Result<(), Box<dyn std::error::Error>> {
let session = self.runtime.session().clone(); let (mut runtime, hook_abort_monitor) = self.prepare_turn_runtime(false)?;
let mut runtime = build_runtime(
session,
self.model.clone(),
self.system_prompt.clone(),
true,
false,
self.allowed_tools.clone(),
self.permission_mode,
None,
)?;
let mut permission_prompter = CliPermissionPrompter::new(self.permission_mode); let mut permission_prompter = CliPermissionPrompter::new(self.permission_mode);
let summary = runtime.run_turn(input, Some(&mut permission_prompter))?; let result = runtime.run_turn(input, Some(&mut permission_prompter));
hook_abort_monitor.stop();
let summary = result?;
self.runtime = runtime; self.runtime = runtime;
self.persist_session()?; self.persist_session()?;
println!( println!(
@@ -1248,12 +1276,12 @@ impl LiveCli {
SlashCommand::Plugins { action, target } => { SlashCommand::Plugins { action, target } => {
self.handle_plugins_command(action.as_deref(), target.as_deref())? self.handle_plugins_command(action.as_deref(), target.as_deref())?
} }
SlashCommand::Agents { args } => { SlashCommand::Agents { .. } => {
Self::print_agents(args.as_deref())?; eprintln!("/agents is not fully wired yet");
false false
} }
SlashCommand::Skills { args } => { SlashCommand::Skills { .. } => {
Self::print_skills(args.as_deref())?; eprintln!("/skills is not fully wired yet");
false false
} }
SlashCommand::Unknown(name) => { SlashCommand::Unknown(name) => {
@@ -1456,18 +1484,6 @@ impl LiveCli {
Ok(()) Ok(())
} }
fn print_agents(args: Option<&str>) -> Result<(), Box<dyn std::error::Error>> {
let cwd = env::current_dir()?;
println!("{}", handle_agents_slash_command(args, &cwd)?);
Ok(())
}
fn print_skills(args: Option<&str>) -> Result<(), Box<dyn std::error::Error>> {
let cwd = env::current_dir()?;
println!("{}", handle_skills_slash_command(args, &cwd)?);
Ok(())
}
fn print_diff() -> Result<(), Box<dyn std::error::Error>> { fn print_diff() -> Result<(), Box<dyn std::error::Error>> {
println!("{}", render_diff_report()?); println!("{}", render_diff_report()?);
Ok(()) Ok(())
@@ -2805,7 +2821,6 @@ fn describe_tool_progress(name: &str, input: &str) -> String {
} }
#[allow(clippy::needless_pass_by_value)] #[allow(clippy::needless_pass_by_value)]
#[allow(clippy::too_many_arguments)]
fn build_runtime( fn build_runtime(
session: Session, session: Session,
model: String, model: String,
@@ -2818,7 +2833,7 @@ fn build_runtime(
) -> Result<ConversationRuntime<AnthropicRuntimeClient, CliToolExecutor>, Box<dyn std::error::Error>> ) -> Result<ConversationRuntime<AnthropicRuntimeClient, CliToolExecutor>, Box<dyn std::error::Error>>
{ {
let (feature_config, plugin_registry, tool_registry) = build_runtime_plugin_state()?; let (feature_config, plugin_registry, tool_registry) = build_runtime_plugin_state()?;
Ok(ConversationRuntime::new_with_plugins( let mut runtime = ConversationRuntime::new_with_plugins(
session, session,
AnthropicRuntimeClient::new( AnthropicRuntimeClient::new(
model, model,
@@ -2829,11 +2844,48 @@ fn build_runtime(
progress_reporter, progress_reporter,
)?, )?,
CliToolExecutor::new(allowed_tools.clone(), emit_output, tool_registry.clone()), CliToolExecutor::new(allowed_tools.clone(), emit_output, tool_registry.clone()),
permission_policy(permission_mode, &tool_registry), permission_policy(permission_mode, &feature_config, &tool_registry),
system_prompt, system_prompt,
feature_config, feature_config,
plugin_registry, plugin_registry,
)?) )?;
if emit_output {
runtime = runtime.with_hook_progress_reporter(Box::new(CliHookProgressReporter));
}
Ok(runtime)
}
struct CliHookProgressReporter;
impl runtime::HookProgressReporter for CliHookProgressReporter {
fn on_event(&mut self, event: &runtime::HookProgressEvent) {
match event {
runtime::HookProgressEvent::Started {
event,
tool_name,
command,
} => eprintln!(
"[hook {event_name}] {tool_name}: {command}",
event_name = event.as_str()
),
runtime::HookProgressEvent::Completed {
event,
tool_name,
command,
} => eprintln!(
"[hook done {event_name}] {tool_name}: {command}",
event_name = event.as_str()
),
runtime::HookProgressEvent::Cancelled {
event,
tool_name,
command,
} => eprintln!(
"[hook cancelled {event_name}] {tool_name}: {command}",
event_name = event.as_str()
),
}
}
} }
struct CliPermissionPrompter { struct CliPermissionPrompter {
@@ -3130,12 +3182,7 @@ fn collect_tool_results(summary: &runtime::TurnSummary) -> Vec<serde_json::Value
fn slash_command_completion_candidates() -> Vec<String> { fn slash_command_completion_candidates() -> Vec<String> {
slash_command_specs() slash_command_specs()
.iter() .iter()
.flat_map(|spec| { .map(|spec| format!("/{}", spec.name))
std::iter::once(spec.name)
.chain(spec.aliases.iter().copied())
.map(|name| format!("/{name}"))
.collect::<Vec<_>>()
})
.collect() .collect()
} }
@@ -3688,9 +3735,13 @@ impl ToolExecutor for CliToolExecutor {
} }
} }
fn permission_policy(mode: PermissionMode, tool_registry: &GlobalToolRegistry) -> PermissionPolicy { fn permission_policy(
mode: PermissionMode,
feature_config: &runtime::RuntimeFeatureConfig,
tool_registry: &GlobalToolRegistry,
) -> PermissionPolicy {
tool_registry.permission_specs(None).into_iter().fold( tool_registry.permission_specs(None).into_iter().fold(
PermissionPolicy::new(mode), PermissionPolicy::new(mode).with_permission_rules(feature_config.permission_rules()),
|policy, (name, required_permission)| { |policy, (name, required_permission)| {
policy.with_tool_requirement(name, required_permission) policy.with_tool_requirement(name, required_permission)
}, },
@@ -3767,8 +3818,6 @@ fn print_help_to(out: &mut impl Write) -> io::Result<()> {
)?; )?;
writeln!(out, " claw dump-manifests")?; writeln!(out, " claw dump-manifests")?;
writeln!(out, " claw bootstrap-plan")?; writeln!(out, " claw bootstrap-plan")?;
writeln!(out, " claw agents")?;
writeln!(out, " claw skills")?;
writeln!(out, " claw system-prompt [--cwd PATH] [--date YYYY-MM-DD]")?; writeln!(out, " claw system-prompt [--cwd PATH] [--date YYYY-MM-DD]")?;
writeln!(out, " claw login")?; writeln!(out, " claw login")?;
writeln!(out, " claw logout")?; writeln!(out, " claw logout")?;
@@ -3823,8 +3872,6 @@ fn print_help_to(out: &mut impl Write) -> io::Result<()> {
out, out,
" claw --resume session.json /status /diff /export notes.txt" " claw --resume session.json /status /diff /export notes.txt"
)?; )?;
writeln!(out, " claw agents")?;
writeln!(out, " claw /skills")?;
writeln!(out, " claw login")?; writeln!(out, " claw login")?;
writeln!(out, " claw init")?; writeln!(out, " claw init")?;
Ok(()) Ok(())
@@ -3844,14 +3891,18 @@ mod tests {
normalize_permission_mode, parse_args, parse_git_status_metadata, permission_policy, normalize_permission_mode, parse_args, parse_git_status_metadata, permission_policy,
print_help_to, push_output_block, render_config_report, render_memory_report, print_help_to, push_output_block, render_config_report, render_memory_report,
render_repl_help, resolve_model_alias, response_to_events, resume_supported_slash_commands, render_repl_help, resolve_model_alias, response_to_events, resume_supported_slash_commands,
status_context, CliAction, CliOutputFormat, InternalPromptProgressEvent, status_context, CliAction, CliOutputFormat, HookAbortMonitor, InternalPromptProgressEvent,
InternalPromptProgressState, SlashCommand, StatusUsage, DEFAULT_MODEL, InternalPromptProgressState, SlashCommand, StatusUsage, DEFAULT_MODEL,
}; };
use api::{MessageResponse, OutputContentBlock, Usage}; use api::{MessageResponse, OutputContentBlock, Usage};
use plugins::{PluginTool, PluginToolDefinition, PluginToolPermission}; use plugins::{PluginTool, PluginToolDefinition, PluginToolPermission};
use runtime::{AssistantEvent, ContentBlock, ConversationMessage, MessageRole, PermissionMode}; use runtime::{
AssistantEvent, ContentBlock, ConversationMessage, HookAbortSignal, MessageRole,
PermissionMode,
};
use serde_json::json; use serde_json::json;
use std::path::PathBuf; use std::path::PathBuf;
use std::sync::mpsc;
use std::time::Duration; use std::time::Duration;
use tools::GlobalToolRegistry; use tools::GlobalToolRegistry;
@@ -4045,43 +4096,6 @@ mod tests {
parse_args(&["init".to_string()]).expect("init should parse"), parse_args(&["init".to_string()]).expect("init should parse"),
CliAction::Init CliAction::Init
); );
assert_eq!(
parse_args(&["agents".to_string()]).expect("agents should parse"),
CliAction::Agents { args: None }
);
assert_eq!(
parse_args(&["skills".to_string()]).expect("skills should parse"),
CliAction::Skills { args: None }
);
assert_eq!(
parse_args(&["agents".to_string(), "--help".to_string()])
.expect("agents help should parse"),
CliAction::Agents {
args: Some("--help".to_string())
}
);
}
#[test]
fn parses_direct_agents_and_skills_slash_commands() {
assert_eq!(
parse_args(&["/agents".to_string()]).expect("/agents should parse"),
CliAction::Agents { args: None }
);
assert_eq!(
parse_args(&["/skills".to_string()]).expect("/skills should parse"),
CliAction::Skills { args: None }
);
assert_eq!(
parse_args(&["/skills".to_string(), "help".to_string()])
.expect("/skills help should parse"),
CliAction::Skills {
args: Some("help".to_string())
}
);
let error = parse_args(&["/status".to_string()])
.expect_err("/status should remain REPL-only when invoked directly");
assert!(error.contains("unsupported direct slash command"));
} }
#[test] #[test]
@@ -4149,7 +4163,11 @@ mod tests {
#[test] #[test]
fn permission_policy_uses_plugin_tool_permissions() { fn permission_policy_uses_plugin_tool_permissions() {
let policy = permission_policy(PermissionMode::ReadOnly, &registry_with_plugin_tool()); let policy = permission_policy(
PermissionMode::ReadOnly,
&runtime::RuntimeFeatureConfig::default(),
&registry_with_plugin_tool(),
);
let required = policy.required_mode_for("plugin_echo"); let required = policy.required_mode_for("plugin_echo");
assert_eq!(required, PermissionMode::WorkspaceWrite); assert_eq!(required, PermissionMode::WorkspaceWrite);
} }
@@ -4180,11 +4198,8 @@ mod tests {
assert!(help.contains("/export [file]")); assert!(help.contains("/export [file]"));
assert!(help.contains("/session [list|switch <session-id>]")); assert!(help.contains("/session [list|switch <session-id>]"));
assert!(help.contains( assert!(help.contains(
"/plugin [list|install <path>|enable <name>|disable <name>|uninstall <id>|update <id>]" "/plugins [list|install <path>|enable <name>|disable <name>|uninstall <id>|update <id>]"
)); ));
assert!(help.contains("aliases: /plugins, /marketplace"));
assert!(help.contains("/agents"));
assert!(help.contains("/skills"));
assert!(help.contains("/exit")); assert!(help.contains("/exit"));
} }
@@ -4198,7 +4213,7 @@ mod tests {
names, names,
vec![ vec![
"help", "status", "compact", "clear", "cost", "config", "memory", "init", "diff", "help", "status", "compact", "clear", "cost", "config", "memory", "init", "diff",
"version", "export", "agents", "skills", "version", "export",
] ]
); );
} }
@@ -4265,9 +4280,6 @@ mod tests {
print_help_to(&mut help).expect("help should render"); print_help_to(&mut help).expect("help should render");
let help = String::from_utf8(help).expect("help should be utf8"); let help = String::from_utf8(help).expect("help should be utf8");
assert!(help.contains("claw init")); assert!(help.contains("claw init"));
assert!(help.contains("claw agents"));
assert!(help.contains("claw skills"));
assert!(help.contains("claw /skills"));
} }
#[test] #[test]
@@ -4792,4 +4804,43 @@ mod tests {
)); ));
assert!(!String::from_utf8(out).expect("utf8").contains("step 1")); assert!(!String::from_utf8(out).expect("utf8").contains("step 1"));
} }
#[test]
fn hook_abort_monitor_stops_without_aborting() {
let abort_signal = HookAbortSignal::new();
let (ready_tx, ready_rx) = mpsc::channel();
let monitor = HookAbortMonitor::spawn_with_waiter(
abort_signal.clone(),
move |stop_rx, abort_signal| {
ready_tx.send(()).expect("ready signal");
let _ = stop_rx.recv();
assert!(!abort_signal.is_aborted());
},
);
ready_rx.recv().expect("waiter should be ready");
monitor.stop();
assert!(!abort_signal.is_aborted());
}
#[test]
fn hook_abort_monitor_propagates_interrupt() {
let abort_signal = HookAbortSignal::new();
let (done_tx, done_rx) = mpsc::channel();
let monitor = HookAbortMonitor::spawn_with_waiter(
abort_signal.clone(),
move |_stop_rx, abort_signal| {
abort_signal.abort();
done_tx.send(()).expect("done signal");
},
);
done_rx
.recv_timeout(Duration::from_secs(1))
.expect("interrupt should complete");
monitor.stop();
assert!(abort_signal.is_aborted());
}
} }

5
rust/crates/rusty-claude-cli/src/render.rs
View File

@@ -286,7 +286,7 @@ impl TerminalRenderer {
) { ) {
match event { match event {
Event::Start(Tag::Heading { level, .. }) => { Event::Start(Tag::Heading { level, .. }) => {
self.start_heading(state, level as u8, output); Self::start_heading(state, level as u8, output);
} }
Event::End(TagEnd::Paragraph) => output.push_str("\n\n"), Event::End(TagEnd::Paragraph) => output.push_str("\n\n"),
Event::Start(Tag::BlockQuote(..)) => self.start_quote(state, output), Event::Start(Tag::BlockQuote(..)) => self.start_quote(state, output),
@@ -426,8 +426,7 @@ impl TerminalRenderer {
} }
} }
#[allow(clippy::unused_self)] fn start_heading(state: &mut RenderState, level: u8, output: &mut String) {
fn start_heading(&self, state: &mut RenderState, level: u8, output: &mut String) {
state.heading_level = Some(level); state.heading_level = Some(level);
if !output.is_empty() { if !output.is_empty() {
output.push('\n'); output.push('\n');