feat(hooks): wire tool hooks into builtin pipeline, add HTTP hooks#1255
Merged
feat(hooks): wire tool hooks into builtin pipeline, add HTTP hooks#1255
Conversation
…efore_http/after_http Completes the remaining items from #1235 that were deferred as follow-up: - Wire `fire_before_tool()`/`fire_after_tool()` into `execute_registered_builtin()` — hooks can now modify args, cancel tool invocations, and observe results - Define `HttpRequestEvent`/`HttpResponseEvent` event types - Implement `before_http`/`after_http` interceptor hooks on `HttpClient`, fired around every HTTP request (after allowlist check) - Add `BashBuilder::before_http()`/`after_http()` builder methods - 6 new tests: modify args, cancel tool, observe result, special-builtin exclusion, cancel HTTP request, observe HTTP response
…ship skills PR #1253 auto-closed #1235 via `Closes #1235` despite explicitly noting that tool hooks and HTTP hooks were deferred as follow-up. This left dead code and missing features hidden behind a closed issue. Add a rule to both skills: only use closing keywords when every task/checkbox in the issue is complete. Use `Part of #N` for partial work.
chaliy
added a commit
that referenced
this pull request
Apr 14, 2026
…ests Add transparent per-host credential injection so sandboxed scripts can make authenticated API calls without ever seeing the real secrets. Two modes: - Injection: headers added automatically based on URL pattern - Placeholder: opaque env var replaced with real credential on the wire Built on the before_http hooks system (#1255). Credential policy hook runs first so subsequent hooks see injected headers. Injected headers overwrite existing headers with the same name (prevents spoofing). New files: - specs/019-credential-injection.md (design spec) - crates/bashkit/src/credential.rs (Credential, CredentialPolicy) - crates/bashkit/docs/credential-injection.md (rustdoc guide) - crates/bashkit/tests/credential_injection_tests.rs (13 integration tests)
chaliy
added a commit
that referenced
this pull request
Apr 14, 2026
…ests Add transparent per-host credential injection so sandboxed scripts can make authenticated API calls without ever seeing the real secrets. Two modes: - Injection: headers added automatically based on URL pattern - Placeholder: opaque env var replaced with real credential on the wire Built on the before_http hooks system (#1255). Credential policy hook runs first so subsequent hooks see injected headers. Injected headers overwrite existing headers with the same name (prevents spoofing). New files: - specs/019-credential-injection.md (design spec) - crates/bashkit/src/credential.rs (Credential, CredentialPolicy) - crates/bashkit/docs/credential-injection.md (rustdoc guide) - crates/bashkit/tests/credential_injection_tests.rs (13 integration tests)
8 tasks
chaliy
added a commit
that referenced
this pull request
Apr 14, 2026
…ests Add transparent per-host credential injection so sandboxed scripts can make authenticated API calls without ever seeing the real secrets. Two modes: - Injection: headers added automatically based on URL pattern - Placeholder: opaque env var replaced with real credential on the wire Built on the before_http hooks system (#1255). Credential policy hook runs first so subsequent hooks see injected headers. Injected headers overwrite existing headers with the same name (prevents spoofing). New files: - specs/019-credential-injection.md (design spec) - crates/bashkit/src/credential.rs (Credential, CredentialPolicy) - crates/bashkit/docs/credential-injection.md (rustdoc guide) - crates/bashkit/tests/credential_injection_tests.rs (13 integration tests)
chaliy
added a commit
that referenced
this pull request
Apr 14, 2026
…ests (#1282) Add transparent per-host credential injection so sandboxed scripts can make authenticated API calls without ever seeing the real secrets. Two modes: - Injection: headers added automatically based on URL pattern - Placeholder: opaque env var replaced with real credential on the wire Built on before_http hooks (#1255). Credential policy hook runs first, injected headers overwrite existing ones (prevents spoofing). Also fixes dead_code warning for sanitize_git_output by gating it behind #[cfg(any(feature = "git", test))].
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Completes the two main functional gaps from #1235 that PR #1253 deferred as follow-up:
before_tool/after_toolintoexecute_registered_builtin()— hooks can now modify args, cancel tool invocations, and observe resultsbefore_http/after_http— newHttpRequestEvent/HttpResponseEventevent types, interceptor hooks onHttpClientfired around every HTTP request (after allowlist check), builder API viaBashBuilder::before_http()/after_http()process-issuesandshipskills to prevent premature issue closurespecs/009-implementation-status.mdwith hooks/interceptors sectionWhat changed
hooks.rsHttpRequestEvent/HttpResponseEventtypes; remove#[allow(dead_code)]interpreter/mod.rsbefore_tool/after_toolin builtin execution; addfire_after_toolhelperlib.rsnetwork/client.rsrequest_with_headersandrequest_with_timeoutsprocess-issuesandshipSecurity
before_httpfires after the allowlist check — security boundary stays in bashkitBashBuilder(same trust model asHttpHandler)What remains from #1235
Part of #1235 — the following items from the original issue are still open:
bash.hooks().on_exit(...))specs/crates/bashkit/docs/examples/hooks.rsTest plan
test_before_tool_hook_modifies_args— hook rewrites args, output reflects changetest_before_tool_hook_cancels— hook cancels echo, exit code 1test_after_tool_hook_observes_result— hook captures tool name, stdout, exit codetest_before_tool_hook_does_not_fire_for_special_builtins— declare (special) skipped, echo (registered) firestest_before_http_hook_cancels_request— hook blocks curl to blocked.example.comtest_after_http_hook_observes_response— hook wires correctly, builder accepts itcargo fmt --checkcleancargo clippy --all-targets --all-features -- -D warningsclean