permissions hook helper
Add web tool notifications and filter handled entries in review
+15
-4
+15
-4
chook.mjs
+15
-4
chook.mjs
···
449
449
audit(config.audit, input, "passthrough", null);
450
450
// Only notify for tools that Claude actually prompts for
451
451
// Read-only tools (Grep, Glob, Read, LS) are never prompted
452
-
const promptableTools = new Set(["Bash", "Write", "Edit", "MultiEdit", "NotebookEdit", "Task"]);
452
+
const promptableTools = new Set(["Bash", "Write", "Edit", "MultiEdit", "NotebookEdit", "Task", "WebFetch", "WebSearch"]);
453
453
if (promptableTools.has(toolName)) {
454
-
const detail = toolInput.command || toolInput.file_path || toolInput.notebook_path || toolName;
454
+
const detail = toolInput.command || toolInput.file_path || toolInput.notebook_path || toolInput.url || toolInput.query || toolName;
455
455
scheduleNotification(input.session_id, toolName, detail);
456
456
}
457
457
} catch (e) {
···
493
493
console.error("No audit_file configured.");
494
494
process.exit(1);
495
495
}
496
-
const entries = readAuditEntries(auditPath, ["deny", "passthrough"]);
496
+
const rawEntries = readAuditEntries(auditPath, ["deny", "passthrough"]);
497
+
// Filter out entries that current rules would now handle
498
+
const allowRules = compileRules(config.allow || []);
499
+
const denyRules = compileRules(config.deny || []);
500
+
const entries = rawEntries.filter((e) => {
501
+
const cwd = e.cwd || "/";
502
+
// If a deny rule now matches, it's handled
503
+
if (checkRules(denyRules, e.tool_name, e.tool_input, cwd)) return false;
504
+
// If an allow rule now matches, it's handled
505
+
if (checkRules(allowRules, e.tool_name, e.tool_input, cwd)) return false;
506
+
return true;
507
+
});
497
508
if (entries.length === 0) {
498
-
console.log("No deny/passthrough entries in audit log.");
509
+
console.log("No unhandled deny/passthrough entries in audit log.");
499
510
process.exit(0);
500
511
}
501
512