( source: ConfigChangeSource, filePath?: string, timeoutMs: number = TOOL_HOOK_EXECUTION_TIMEOUT_MS, )
| 4371 | * @param timeoutMs Optional timeout in milliseconds for hook execution |
| 4372 | */ |
| 4373 | export async function executeConfigChangeHooks( |
| 4374 | source: ConfigChangeSource, |
| 4375 | filePath?: string, |
| 4376 | timeoutMs: number = TOOL_HOOK_EXECUTION_TIMEOUT_MS, |
| 4377 | ): Promise<HookOutsideReplResult[]> { |
| 4378 | const hookInput: ConfigChangeHookInput = { |
| 4379 | ...createBaseHookInput(undefined), |
| 4380 | hook_event_name: 'ConfigChange', |
| 4381 | source, |
| 4382 | file_path: filePath, |
| 4383 | } |
| 4384 | |
| 4385 | const results = await executeHooksOutsideREPL({ |
| 4386 | hookInput, |
| 4387 | timeoutMs, |
| 4388 | matchQuery: source, |
| 4389 | }) |
| 4390 | |
| 4391 | // Policy settings are enterprise-managed — hooks fire for audit logging |
| 4392 | // but must never block policy changes from being applied |
| 4393 | if (source === 'policy_settings') { |
| 4394 | return results.map(r => ({ ...r, blocked: false })) |
| 4395 | } |
| 4396 | |
| 4397 | return results |
| 4398 | } |
| 4399 | |
| 4400 | async function executeEnvHooks( |
| 4401 | hookInput: HookInput, |
no test coverage detected