elias/oh-my-opencode
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
oh-my-opencode/src/hooks/write-existing-file-guard/hook.ts

213 lines
5.9 KiB
TypeScript
Raw Blame History

import type { Hooks, PluginInput } from "@opencode-ai/plugin"
import { existsSync, realpathSync } from "fs"
import { basename, dirname, isAbsolute, join, normalize, resolve, sep } from "path"
import { log } from "../../shared"
type GuardArgs = {
filePath?: string
path?: string
file_path?: string
overwrite?: boolean | string
}
const MAX_TRACKED_SESSIONS = 256
function asRecord(value: unknown): Record<string, unknown> | undefined {
if (!value || typeof value !== "object") {
return undefined
}
return value as Record<string, unknown>
}
function getPathFromArgs(args: GuardArgs | undefined): string | undefined {
return args?.filePath ?? args?.path ?? args?.file_path
}
function resolveInputPath(ctx: PluginInput, inputPath: string): string {
return normalize(isAbsolute(inputPath) ? inputPath : resolve(ctx.directory, inputPath))
}
function toCanonicalPath(absolutePath: string): string {
let canonicalPath = absolutePath
if (existsSync(absolutePath)) {
try {
canonicalPath = realpathSync.native(absolutePath)
} catch {
canonicalPath = absolutePath
}
} else {
const absoluteDir = dirname(absolutePath)
const resolvedDir = existsSync(absoluteDir) ? realpathSync.native(absoluteDir) : absoluteDir
canonicalPath = join(resolvedDir, basename(absolutePath))
}
// Preserve canonical casing from the filesystem to avoid collapsing distinct
// files on case-sensitive volumes (supported on all major OSes).
return normalize(canonicalPath)
}
function isOverwriteEnabled(value: boolean | string | undefined): boolean {
if (value === true) {
return true
}
if (typeof value === "string") {
return value.toLowerCase() === "true"
}
return false
}
export function createWriteExistingFileGuardHook(ctx: PluginInput): Hooks {
const readPermissionsBySession = new Map<string, Set<string>>()
const sessionLastAccess = new Map<string, number>()
const canonicalSessionRoot = toCanonicalPath(resolveInputPath(ctx, ctx.directory))
const sisyphusRoot = join(canonicalSessionRoot, ".sisyphus") + sep
const touchSession = (sessionID: string): void => {
sessionLastAccess.set(sessionID, Date.now())
}
const evictLeastRecentlyUsedSession = (): void => {
let oldestSessionID: string | undefined
let oldestSeen = Number.POSITIVE_INFINITY
for (const [sessionID, lastSeen] of sessionLastAccess.entries()) {
if (lastSeen < oldestSeen) {
oldestSeen = lastSeen
oldestSessionID = sessionID
}
}
if (!oldestSessionID) {
return
}
readPermissionsBySession.delete(oldestSessionID)
sessionLastAccess.delete(oldestSessionID)
}
const ensureSessionReadSet = (sessionID: string): Set<string> => {
let readSet = readPermissionsBySession.get(sessionID)
if (!readSet) {
if (readPermissionsBySession.size >= MAX_TRACKED_SESSIONS) {
evictLeastRecentlyUsedSession()
}
readSet = new Set<string>()
readPermissionsBySession.set(sessionID, readSet)
}
touchSession(sessionID)
return readSet
}
const registerReadPermission = (sessionID: string, canonicalPath: string): void => {
const readSet = ensureSessionReadSet(sessionID)
readSet.add(canonicalPath)
}
const consumeReadPermission = (sessionID: string, canonicalPath: string): boolean => {
const readSet = readPermissionsBySession.get(sessionID)
if (!readSet || !readSet.has(canonicalPath)) {
return false
}
readSet.delete(canonicalPath)
touchSession(sessionID)
return true
}
const invalidateOtherSessions = (canonicalPath: string, writingSessionID?: string): void => {
for (const [sessionID, readSet] of readPermissionsBySession.entries()) {
if (writingSessionID && sessionID === writingSessionID) {
continue
}
if (readSet.delete(canonicalPath)) {
touchSession(sessionID)
}
}
}
return {
"tool.execute.before": async (input, output) => {
const toolName = input.tool?.toLowerCase()
if (toolName !== "write" && toolName !== "read") {
return
}
const argsRecord = asRecord(output.args)
const args = argsRecord as GuardArgs | undefined
const filePath = getPathFromArgs(args)
if (!filePath) {
return
}
const resolvedPath = resolveInputPath(ctx, filePath)
const canonicalPath = toCanonicalPath(resolvedPath)
if (toolName === "read") {
if (!existsSync(resolvedPath) || !input.sessionID) {
return
}
registerReadPermission(input.sessionID, canonicalPath)
return
}
const overwriteEnabled = isOverwriteEnabled(args?.overwrite)
if (argsRecord && "overwrite" in argsRecord) {
delete argsRecord.overwrite
}
if (!existsSync(resolvedPath)) {
return
}
const isSisyphusPath = canonicalPath.startsWith(sisyphusRoot)
if (isSisyphusPath) {
log("[write-existing-file-guard] Allowing .sisyphus/** overwrite", {
sessionID: input.sessionID,
filePath,
})
invalidateOtherSessions(canonicalPath, input.sessionID)
return
}
if (overwriteEnabled) {
log("[write-existing-file-guard] Allowing overwrite flag bypass", {
sessionID: input.sessionID,
filePath,
resolvedPath,
})
invalidateOtherSessions(canonicalPath, input.sessionID)
return
}
if (input.sessionID && consumeReadPermission(input.sessionID, canonicalPath)) {
log("[write-existing-file-guard] Allowing overwrite after read", {
sessionID: input.sessionID,
filePath,
resolvedPath,
})
invalidateOtherSessions(canonicalPath, input.sessionID)
return
}
log("[write-existing-file-guard] Blocking write to existing file", {
sessionID: input.sessionID,
filePath,
resolvedPath,
})
throw new Error("File already exists. Use edit tool instead.")
},
}
}
Reference in New Issue View Git Blame Copy Permalink