hooks.ts
components/permissions/hooks.ts
210
Lines
8453
Bytes
2
Exports
15
Imports
10
Keywords
What this is
This page documents one file from the repository and includes its full source so you can read it without leaving the docs site.
Beginner explanation
This file is one piece of the larger system. Its name, directory, imports, and exports show where it fits. Start by reading the exports and related files first.
How it is used
Start from the exports list and related files. Those are the easiest clues for where this file fits into the system.
Expert explanation
Architecturally, this file intersects with shell-safety, permissions, ui-flow. It contains 210 lines, 15 detected imports, and 2 detected exports.
Important relationships
- components/permissions/FallbackPermissionRequest.tsx
- components/permissions/PermissionDecisionDebugInfo.tsx
- components/permissions/PermissionDialog.tsx
- components/permissions/PermissionExplanation.tsx
- components/permissions/PermissionPrompt.tsx
- components/permissions/PermissionRequest.tsx
- components/permissions/PermissionRequestTitle.tsx
- components/permissions/PermissionRuleExplanation.tsx
- schemas/hooks.ts
- types/hooks.ts
- utils/hooks.ts
Detected exports
UnaryEventusePermissionRequestLogging
Keywords
decisionreasonpermissionresulttooluseconfirmcasereasonsuggestionsanalyticsmetadata_i_verified_this_is_not_code_or_filepathsutilstoolbashtool
Detected imports
bun:bundlereactsrc/services/analytics/index.jssrc/services/analytics/metadata.jssrc/tools/BashTool/BashTool.jssrc/utils/bash/commands.jssrc/utils/permissions/PermissionResult.jssrc/utils/permissions/PermissionUpdate.jssrc/utils/permissions/permissionRuleParser.jssrc/utils/sandbox/sandbox-adapter.js../../components/permissions/PermissionRequest.js../../state/AppState.js../../utils/env.js../../utils/slowOperations.js../../utils/unaryLogging.js
Source notes
This page embeds the full file contents. Small or leaf files are still indexed honestly instead of being over-explained.
Full source
import { feature } from 'bun:bundle'
import { useEffect, useRef } from 'react'
import {
type AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
logEvent,
} from 'src/services/analytics/index.js'
import { sanitizeToolNameForAnalytics } from 'src/services/analytics/metadata.js'
import { BashTool } from 'src/tools/BashTool/BashTool.js'
import { splitCommand_DEPRECATED } from 'src/utils/bash/commands.js'
import type {
PermissionDecisionReason,
PermissionResult,
} from 'src/utils/permissions/PermissionResult.js'
import {
extractRules,
hasRules,
} from 'src/utils/permissions/PermissionUpdate.js'
import { permissionRuleValueToString } from 'src/utils/permissions/permissionRuleParser.js'
import { SandboxManager } from 'src/utils/sandbox/sandbox-adapter.js'
import type { ToolUseConfirm } from '../../components/permissions/PermissionRequest.js'
import { useSetAppState } from '../../state/AppState.js'
import { env } from '../../utils/env.js'
import { jsonStringify } from '../../utils/slowOperations.js'
import { type CompletionType, logUnaryEvent } from '../../utils/unaryLogging.js'
export type UnaryEvent = {
completion_type: CompletionType
language_name: string | Promise<string>
}
function permissionResultToLog(permissionResult: PermissionResult): string {
switch (permissionResult.behavior) {
case 'allow':
return 'allow'
case 'ask': {
const rules = extractRules(permissionResult.suggestions)
const suggestions =
rules.length > 0
? rules.map(r => permissionRuleValueToString(r)).join(', ')
: 'none'
return `ask: ${permissionResult.message},
suggestions: ${suggestions}
reason: ${decisionReasonToString(permissionResult.decisionReason)}`
}
case 'deny':
return `deny: ${permissionResult.message},
reason: ${decisionReasonToString(permissionResult.decisionReason)}`
case 'passthrough': {
const rules = extractRules(permissionResult.suggestions)
const suggestions =
rules.length > 0
? rules.map(r => permissionRuleValueToString(r)).join(', ')
: 'none'
return `passthrough: ${permissionResult.message},
suggestions: ${suggestions}
reason: ${decisionReasonToString(permissionResult.decisionReason)}`
}
}
}
function decisionReasonToString(
decisionReason: PermissionDecisionReason | undefined,
): string {
if (!decisionReason) {
return 'No decision reason'
}
if (
(feature('BASH_CLASSIFIER') || feature('TRANSCRIPT_CLASSIFIER')) &&
decisionReason.type === 'classifier'
) {
return `Classifier: ${decisionReason.classifier}, Reason: ${decisionReason.reason}`
}
switch (decisionReason.type) {
case 'rule':
return `Rule: ${permissionRuleValueToString(decisionReason.rule.ruleValue)}`
case 'mode':
return `Mode: ${decisionReason.mode}`
case 'subcommandResults':
return `Subcommand Results: ${Array.from(decisionReason.reasons.entries())
.map(([key, value]) => `${key}: ${permissionResultToLog(value)}`)
.join(', \n')}`
case 'permissionPromptTool':
return `Permission Tool: ${decisionReason.permissionPromptToolName}, Result: ${jsonStringify(decisionReason.toolResult)}`
case 'hook':
return `Hook: ${decisionReason.hookName}${decisionReason.reason ? `, Reason: ${decisionReason.reason}` : ''}`
case 'workingDir':
return `Working Directory: ${decisionReason.reason}`
case 'safetyCheck':
return `Safety check: ${decisionReason.reason}`
case 'other':
return `Other: ${decisionReason.reason}`
default:
return jsonStringify(decisionReason, null, 2)
}
}
/**
* Logs permission request events using analytics and unary logging.
* Handles both the analytics event and the unary event logging.
*/
export function usePermissionRequestLogging(
toolUseConfirm: ToolUseConfirm,
unaryEvent: UnaryEvent,
): void {
const setAppState = useSetAppState()
// Guard against effect re-firing if toolUseConfirm's object reference
// changes during a single dialog's lifetime (e.g., parent re-renders with a
// fresh object). Without this, the unconditional setAppState below can
// cascade into an infinite microtask loop — each re-fire does another
// setAppState spread + (ant builds) splitCommand → shell-quote regex,
// pegging CPU at 100% and leaking ~500MB/min in JSRopeString/RegExp allocs.
// The component is keyed by toolUseID, so this ref resets on remount —
// we only need to dedupe re-fires WITHIN one dialog instance.
const loggedToolUseID = useRef<string | null>(null)
useEffect(() => {
if (loggedToolUseID.current === toolUseConfirm.toolUseID) {
return
}
loggedToolUseID.current = toolUseConfirm.toolUseID
// Increment permission prompt count for attribution tracking
setAppState(prev => ({
...prev,
attribution: {
...prev.attribution,
permissionPromptCount: prev.attribution.permissionPromptCount + 1,
},
}))
// Log analytics event
logEvent('tengu_tool_use_show_permission_request', {
messageID: toolUseConfirm.assistantMessage.message
.id as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
toolName: sanitizeToolNameForAnalytics(toolUseConfirm.tool.name),
isMcp: toolUseConfirm.tool.isMcp ?? false,
decisionReasonType: toolUseConfirm.permissionResult.decisionReason
?.type as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
sandboxEnabled: SandboxManager.isSandboxingEnabled(),
})
if (process.env.USER_TYPE === 'ant') {
const permissionResult = toolUseConfirm.permissionResult
if (
toolUseConfirm.tool.name === BashTool.name &&
permissionResult.behavior === 'ask' &&
!hasRules(permissionResult.suggestions)
) {
// Log if no rule suggestions ("always allow") are provided
logEvent('tengu_internal_tool_use_permission_request_no_always_allow', {
messageID: toolUseConfirm.assistantMessage.message
.id as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
toolName: sanitizeToolNameForAnalytics(toolUseConfirm.tool.name),
isMcp: toolUseConfirm.tool.isMcp ?? false,
decisionReasonType: (permissionResult.decisionReason?.type ??
'unknown') as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
sandboxEnabled: SandboxManager.isSandboxingEnabled(),
// This DOES contain code/filepaths and should not be logged in the public build!
decisionReasonDetails: decisionReasonToString(
permissionResult.decisionReason,
) as never,
})
}
}
// [ANT-ONLY] Log bash tool calls, so we can categorize
// & burn down calls that should have been allowed
if (process.env.USER_TYPE === 'ant') {
const parsedInput = BashTool.inputSchema.safeParse(toolUseConfirm.input)
if (
toolUseConfirm.tool.name === BashTool.name &&
toolUseConfirm.permissionResult.behavior === 'ask' &&
parsedInput.success
) {
// Note: All metadata fields in this event contain code/filepaths
let split = [parsedInput.data.command]
try {
split = splitCommand_DEPRECATED(parsedInput.data.command)
} catch {
// Ignore parse errors here - just log the full command
}
logEvent('tengu_internal_bash_tool_use_permission_request', {
parts: jsonStringify(
split,
) as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
input: jsonStringify(
toolUseConfirm.input,
) as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
decisionReasonType: toolUseConfirm.permissionResult.decisionReason
?.type as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
decisionReason: decisionReasonToString(
toolUseConfirm.permissionResult.decisionReason,
) as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
})
}
}
void logUnaryEvent({
completion_type: unaryEvent.completion_type,
event: 'response',
metadata: {
language_name: unaryEvent.language_name,
message_id: toolUseConfirm.assistantMessage.message.id,
platform: env.platform,
},
})
}, [toolUseConfirm, unaryEvent, setAppState])
}