-
Notifications
You must be signed in to change notification settings - Fork 287
Expand file tree
/
Copy pathpermission-request.sh
More file actions
executable file
·40 lines (33 loc) · 1.21 KB
/
permission-request.sh
File metadata and controls
executable file
·40 lines (33 loc) · 1.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#!/bin/bash
# permission-request.sh
# Runs when permission dialog appears
# Use for custom approval logic or logging
INPUT=$(cat)
TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name // "unknown"')
PERMISSION_TYPE=$(echo "$INPUT" | jq -r '.permission_type // "unknown"')
SESSION_ID=$(echo "$INPUT" | jq -r '.session_id // "unknown"')
# Log permission request
LOG_DIR="$HOME/.claude/logs"
mkdir -p "$LOG_DIR"
TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
LOG_ENTRY=$(jq -n \
--arg timestamp "$TIMESTAMP" \
--arg tool "$TOOL_NAME" \
--arg permission "$PERMISSION_TYPE" \
--arg session "$SESSION_ID" \
'{timestamp: $timestamp, tool: $tool, permission_type: $permission, session: $session}')
echo "$LOG_ENTRY" >> "$LOG_DIR/permissions-$(date +%Y-%m-%d).jsonl"
# Example: Auto-deny dangerous permissions in production
if [[ "$PERMISSION_TYPE" == "file_write" ]] && [[ "$PWD" == *"/production"* ]]; then
echo "BLOCKED: File write in production directory requires manual approval" >&2
exit 2
fi
# Example: Warn about elevated permissions
if [[ "$PERMISSION_TYPE" == "bash_sudo" ]]; then
cat << EOF
{
"systemMessage": "⚠️ Warning: Tool requesting sudo permissions. Review carefully before approving."
}
EOF
fi
exit 0