#
#
# patch "lua_hooks.cc"
#  from [071959bce2f7b86e171fb65e35f536e32959b61c]
#    to [91186ecf4c978d1c000103fafbc841bec2c20f85]
# 
# patch "lua_hooks.hh"
#  from [19daa588608b21c0f466fe7bb4f878c0b6d9cee8]
#    to [01561e2076fc77e99edcff6d2644d9e62b3037fb]
# 
# patch "network/automate_session.cc"
#  from [f0282ea40425e1f130f900c9bfc16c49cf3303c4]
#    to [3b43ab640d1f6eb7531263f9c00327f2e9e114a9]
# 
# patch "network/automate_session.hh"
#  from [3de5d2137e5f57ed0288da858b2ffef1c9dd7bb3]
#    to [f4a152ca99e1cb1230d2e64b0896b311f584a577]
#
============================================================
--- lua_hooks.cc	071959bce2f7b86e171fb65e35f536e32959b61c
+++ lua_hooks.cc	91186ecf4c978d1c000103fafbc841bec2c20f85
@@ -874,6 +874,54 @@ bool
 }
 
 bool
+lua_hooks::hook_get_remote_automate_permitted(key_identity_info const & identity,
+                                              vector<string> const & command_line,
+                                              vector<pair<string, string> > const & command_opts)
+{
+  Lua ll(st);
+  ll.func("get_remote_automate_permitted");
+  push_key_identity_info(ll, identity);
+
+  int k = 1;
+
+  ll.push_table();
+  vector<string>::const_iterator l;
+  for (l = command_line.begin(), k = 1; l != command_line.end(); ++l, ++k)
+    {
+      ll.push_int(k);
+      ll.push_str(*l);
+      ll.set_table();
+    }
+  ll.push_table();
+  k = 1;
+  vector<pair<string, string> >::const_iterator o;
+  for (o = command_opts.begin(), k = 1; o != command_opts.end(); ++o, ++k)
+    {
+      ll.push_int(k);
+
+      {
+        ll.push_table();
+
+        ll.push_str("name");
+        ll.push_str(o->first);
+        ll.set_table();
+
+        ll.push_str("value");
+        ll.push_str(o->second);
+        ll.set_table();
+      }
+
+      ll.set_table();
+    }
+
+  ll.call(3, 1);
+
+  bool permitted(false);
+  ll.extract_bool(permitted);
+  return ll.ok() && permitted;
+}
+
+bool
 lua_hooks::hook_init_attributes(file_path const & filename,
                                 map<string, string> & attrs)
 {
============================================================
--- lua_hooks.hh	19daa588608b21c0f466fe7bb4f878c0b6d9cee8
+++ lua_hooks.hh	01561e2076fc77e99edcff6d2644d9e62b3037fb
@@ -95,6 +95,10 @@ public:
   bool hook_get_netsync_read_permitted(std::string const & branch);
   bool hook_get_netsync_write_permitted(key_identity_info const & identity);
 
+  bool hook_get_remote_automate_permitted(key_identity_info const & identity,
+                                          std::vector<std::string> const & command_line,
+                                          std::vector<std::pair<std::string, std::string> > const & command_opts);
+
   // local repo hooks
   bool hook_ignore_file(file_path const & p);
   bool hook_ignore_branch(branch_name const & branch);
============================================================
--- network/automate_session.cc	f0282ea40425e1f130f900c9bfc16c49cf3303c4
+++ network/automate_session.cc	3b43ab640d1f6eb7531263f9c00327f2e9e114a9
@@ -81,7 +81,7 @@ void automate_session::prepare_to_confir
 void automate_session::prepare_to_confirm(key_identity_info const & remote_key,
                                           bool use_transport_auth)
 {
-  // nothing to do
+  remote_identity = remote_key;
 }
 
 bool automate_session::do_work(transaction_guard & guard,
@@ -99,19 +99,25 @@ bool automate_session::do_work(transacti
         cmd_in->read_automate_command_cmd(in_args, in_opts);
         ++command_number;
 
-        args_vector args;
-        for (vector<string>::iterator i = in_args.begin();
-             i != in_args.end(); ++i)
-          {
-            args.push_back(arg_type(*i, origin::user));
-          }
-
         ostringstream oss;
         bool have_err = false;
         string err;
 
         try
           {
+            E(app.lua.hook_get_remote_automate_permitted(remote_identity,
+                                                         in_args,
+                                                         in_opts),
+              origin::user,
+              F("Sorry, you aren't allowed to do that."));
+
+            args_vector args;
+            for (vector<string>::iterator i = in_args.begin();
+                 i != in_args.end(); ++i)
+              {
+                args.push_back(arg_type(*i, origin::user));
+              }
+
             options::options_type opts;
             opts = options::opts::all_options() - options::opts::globals();
             opts.instantiate(&app.opts).reset();
@@ -172,12 +178,16 @@ bool automate_session::do_work(transacti
           {
             have_err = true;
             err = f.what();
+            err += "\n";
           }
 
-        netcmd out_cmd(get_version());
-        out_cmd.write_automate_packet_cmd(command_number, 0,
-                                          !have_err, oss.str());
-        write_netcmd(out_cmd);
+        if (!oss.str().empty() || !have_err)
+          {
+            netcmd out_cmd(get_version());
+            out_cmd.write_automate_packet_cmd(command_number, 0,
+                                              !have_err, oss.str());
+            write_netcmd(out_cmd);
+          }
         if (have_err)
           {
             netcmd err_cmd(get_version());
============================================================
--- network/automate_session.hh	3de5d2137e5f57ed0288da858b2ffef1c9dd7bb3
+++ network/automate_session.hh	f4a152ca99e1cb1230d2e64b0896b311f584a577
@@ -13,6 +13,7 @@
 #include "automate_ostream.hh"
 #include "cmd.hh"
 #include "network/wrapped_session.hh"
+#include "project.hh" // key_identity_info
 
 class automate_session : public wrapped_session
 {
@@ -24,6 +25,8 @@ class automate_session : public wrapped_
 
   bool is_done;
 
+  key_identity_info remote_identity;
+
   void send_command();
 public:
   automate_session(app_state & app,