feat: Support Extension Hooks with Security Warning (#14460)

2026-04-22 19:14:33 -07:00 · 2025-12-03 15:07:37 -05:00
parent 939cb67621
commit eb3312e7ba
4 changed files with 225 additions and 10 deletions
@@ -103,7 +103,10 @@ async function promptForConsentInteractive(
 * Builds a consent string for installing an extension based on it's
 * extensionConfig.
 */
-function extensionConsentString(extensionConfig: ExtensionConfig): string {
+function extensionConsentString(
+  extensionConfig: ExtensionConfig,
+  hasHooks: boolean,
+): string {
  const sanitizedConfig = escapeAnsiCtrlCodes(extensionConfig);
  const output: string[] = [];
  const mcpServerEntries = Object.entries(sanitizedConfig.mcpServers || {});
@@ -130,6 +133,11 @@ function extensionConsentString(extensionConfig: ExtensionConfig): string {
      `This extension will exclude the following core tools: ${sanitizedConfig.excludeTools}`,
    );
  }
+  if (hasHooks) {
+    output.push(
+      '⚠️  This extension contains Hooks which can automatically execute commands.',
+    );
+  }
  return output.join('\n');
 }

@@ -145,12 +153,15 @@ function extensionConsentString(extensionConfig: ExtensionConfig): string {
 export async function maybeRequestConsentOrFail(
  extensionConfig: ExtensionConfig,
  requestConsent: (consent: string) => Promise<boolean>,
+  hasHooks: boolean,
  previousExtensionConfig?: ExtensionConfig,
+  previousHasHooks?: boolean,
 ) {
-  const extensionConsent = extensionConsentString(extensionConfig);
+  const extensionConsent = extensionConsentString(extensionConfig, hasHooks);
  if (previousExtensionConfig) {
    const previousExtensionConsent = extensionConsentString(
      previousExtensionConfig,
+      previousHasHooks ?? false,
    );
    if (previousExtensionConsent === extensionConsent) {
      return;