( fileSuggestionInput: FileSuggestionCommandInput, signal?: AbortSignal, timeoutMs: number = 5000, // Short timeout for typeahead suggestions )
| 4673 | * @returns Array of file paths, or empty array if no command configured |
| 4674 | */ |
| 4675 | export async function executeFileSuggestionCommand( |
| 4676 | fileSuggestionInput: FileSuggestionCommandInput, |
| 4677 | signal?: AbortSignal, |
| 4678 | timeoutMs: number = 5000, // Short timeout for typeahead suggestions |
| 4679 | ): Promise<string[]> { |
| 4680 | // Check if all hooks are disabled by managed settings |
| 4681 | if (shouldDisableAllHooksIncludingManaged()) { |
| 4682 | return [] |
| 4683 | } |
| 4684 | |
| 4685 | // SECURITY: ALL hooks require workspace trust in interactive mode |
| 4686 | // This centralized check prevents RCE vulnerabilities for all current and future hooks |
| 4687 | if (shouldSkipHookDueToTrust()) { |
| 4688 | logForDebugging( |
| 4689 | `Skipping FileSuggestion command execution - workspace trust not accepted`, |
| 4690 | ) |
| 4691 | return [] |
| 4692 | } |
| 4693 | |
| 4694 | // When disableAllHooks is set in non-managed settings, only managed fileSuggestion runs |
| 4695 | // (non-managed settings cannot disable managed commands, but non-managed commands are disabled) |
| 4696 | let fileSuggestion |
| 4697 | if (shouldAllowManagedHooksOnly()) { |
| 4698 | fileSuggestion = getSettingsForSource('policySettings')?.fileSuggestion |
| 4699 | } else { |
| 4700 | fileSuggestion = getSettings_DEPRECATED()?.fileSuggestion |
| 4701 | } |
| 4702 | |
| 4703 | if (!fileSuggestion || fileSuggestion.type !== 'command') { |
| 4704 | return [] |
| 4705 | } |
| 4706 | |
| 4707 | // Use provided signal or create a default one |
| 4708 | const abortSignal = signal || AbortSignal.timeout(timeoutMs) |
| 4709 | |
| 4710 | try { |
| 4711 | const jsonInput = jsonStringify(fileSuggestionInput) |
| 4712 | |
| 4713 | const hook = { type: 'command' as const, command: fileSuggestion.command } |
| 4714 | |
| 4715 | const result = await execCommandHook( |
| 4716 | hook, |
| 4717 | 'FileSuggestion', |
| 4718 | 'FileSuggestion', |
| 4719 | jsonInput, |
| 4720 | abortSignal, |
| 4721 | randomUUID(), |
| 4722 | ) |
| 4723 | |
| 4724 | if (result.aborted || result.status !== 0) { |
| 4725 | return [] |
| 4726 | } |
| 4727 | |
| 4728 | return result.stdout |
| 4729 | .split('\n') |
| 4730 | .map(line => line.trim()) |
| 4731 | .filter(Boolean) |
| 4732 | } catch (error) { |
no test coverage detected