jeevesagent.security.hooks¶

User-registered lifecycle callbacks.

Hooks run in a timeout-shielded scope so a buggy callback can’t hang the loop. Pre-tool hooks can deny a call (first deny wins); post-tool hooks are best-effort and can never affect the result.

Attributes¶

`EventHook`
`PostToolHook`
`PreToolHook`

Classes¶

HookRegistry

Implements HookHost.

Module Contents¶

class jeevesagent.security.hooks.HookRegistry[source]¶

Implements HookHost.

async on_event(event: jeevesagent.core.types.Event) → None[source]¶

async post_tool(call: jeevesagent.core.types.ToolCall, result: jeevesagent.core.types.ToolResult, *, user_id: str | None = None) → None[source]¶: Best-effort post-tool callbacks. Failures and timeouts are absorbed so they cannot affect the result the loop returns. user_id follows the same forwarded-but-not-required pattern as pre_tool().

async pre_tool(call: jeevesagent.core.types.ToolCall, *, user_id: str | None = None) → jeevesagent.core.types.PermissionDecision[source]¶

Run all pre-tool hooks. First deny wins; otherwise allow.

The user_id kwarg is forwarded for protocol parity (M9); the bundled HookRegistry doesn’t itself dispatch per-user, but custom HookHost implementations can route on it. Individual hook callables continue to receive only (call,) to keep the existing decorator API stable; hooks that need the user_id can call get_run_context() themselves.

register_event(hook: EventHook) → EventHook[source]¶

register_post_tool(hook: PostToolHook) → PostToolHook[source]¶

register_pre_tool(hook: PreToolHook) → PreToolHook[source]¶

event_hooks: list[EventHook] = []¶

hook_timeout_s: float = 5.0¶

post_tool_hooks: list[PostToolHook] = []¶

pre_tool_hooks: list[PreToolHook] = []¶

jeevesagent.security.hooks.EventHook¶

jeevesagent.security.hooks.PostToolHook¶

jeevesagent.security.hooks.PreToolHook¶