@aliou/pi-guardrails 0.11.2 → 0.12.0

package/src/shared/warnings.ts

@@ -0,0 +1,17 @@
+/**
+ * Module-level warnings queue for messages that arise before any session
+ * context is available (config loading, migration, pattern compilation).
+ */
+const pendingWarnings: string[] = [];
+
+export function addPendingWarning(message: string): void {
+  pendingWarnings.push(message);
+}
+
+export function getPendingWarnings(): readonly string[] {
+  return pendingWarnings;
+}
+
+export function drainPendingWarnings(): string[] {
+  return pendingWarnings.splice(0);
+}

package/docs/defaults.md

@@ -1,140 +0,0 @@
-# Default Configuration
-
-These are the built-in defaults that ship with guardrails. Rules marked as disabled are included but inactive by default — enable them in your config or via `/guardrails:settings`.
-
-Source: [`src/config.ts`](../src/config.ts)
-
-
-Home-directory defaults use `~` in patterns. During policy evaluation, guardrails expands `~` to the current user's home directory before checking whether a file exists or should be blocked.
-## Default Policy Rules
-
-### `secret-files` — Files containing secrets
-
-Blocks access to dotenv files and similar secret-bearing files.
-
-| Protection | Only if exists |
-|------------|---------------|
-| `noAccess` | yes           |
-
-**Patterns:**
-
-| Pattern            | Type |
-|--------------------|------|
-| `.env`             | glob |
-| `.env.local`       | glob |
-| `.env.production`  | glob |
-| `.env.prod`        | glob |
-| `.dev.vars`        | glob |
-
-**Allowed exceptions:**
-
-| Pattern            | Type |
-|--------------------|------|
-| `*.example.env`    | glob |
-| `*.sample.env`     | glob |
-| `*.test.env`       | glob |
-| `.env.example`     | glob |
-| `.env.sample`      | glob |
-| `.env.test`        | glob |
-
----
-
-### `home-ssh` — SSH directory and keys
-
-Blocks access to SSH configuration, private keys, and related files. Disabled by default.
-
-| Protection | Only if exists | Enabled by default |
-|------------|---------------|-------------------|
-| `noAccess` | yes           | no                |
-
-**Patterns:**
-
-| Pattern               | Type |
-|-----------------------|------|
-| `~/.ssh/**`          | glob |
-| `~/.ssh/*_rsa`       | glob |
-| `~/.ssh/*_ed25519`   | glob |
-| `~/.ssh/*.pem`       | glob |
-
-**Allowed exceptions:**
-
-| Pattern  | Type |
-|----------|------|
-| `~/.ssh/*.pub` | glob |
-
----
-
-### `home-config` — Sensitive user configuration directories
-
-Blocks access to a small set of known sensitive config directories that commonly store credentials, tokens, or encrypted material. Disabled by default — enable it if these tools are installed and you want to protect them.
-
-| Protection | Only if exists | Enabled by default |
-|------------|---------------|-------------------|
-| `noAccess` | yes           | no                |
-
-**Patterns:**
-
-| Pattern               | Type |
-|-----------------------|------|
-| `~/.config/gh/**`     | glob |
-| `~/.config/gcloud/**` | glob |
-| `~/.config/op/**`     | glob |
-| `~/.config/sops/**`   | glob |
-
----
-
-### `home-gpg` — GPG keys and configuration
-
-Blocks access to GPG/GnuPG private keys, keyrings, and configuration. Disabled by default.
-
-| Protection | Only if exists | Enabled by default |
-|------------|---------------|-------------------|
-| `noAccess` | yes           | no                |
-
-**Patterns:**
-
-| Pattern            | Type |
-|--------------------|------|
-| `~/.gnupg/**`       | glob |
-| `~/*.gpg`           | glob |
-| `~/.gpg-agent.conf` | glob |
-
----
-
-## Path Access
-
-| Setting | Default |
-|---|---|
-| `features.pathAccess` | `false` |
-| `pathAccess.mode` | `"ask"` |
-| `pathAccess.allowedPaths` | `[]` |
-
-Modes:
-- `allow` — no path restrictions
-- `ask` — prompt when accessing paths outside working directory
-- `block` — deny all access outside working directory
-
-Allowed paths use trailing-slash convention:
-- `/path/to/file` — exact file match
-- `/path/to/dir/` — directory and all descendants
-- Supports `~/` for home directory
-
-Limitations:
-- Bash path extraction is best-effort (AST-based heuristics). Tokens like `application/json` may trigger false-positive prompts.
-- Symlinks are not resolved. Lexical path comparison only.
-- In non-interactive mode (--print), `ask` mode degrades to `block`.
-
----
-
-## Default Permission Gate Patterns
-
-These commands are detected using AST-based structural matching for accuracy.
-
-| Pattern         | Description                    |
-|-----------------|--------------------------------|
-| `rm -rf`        | Recursive force delete         |
-| `sudo`          | Superuser command              |
-| `dd of=`        | Disk write operation           |
-| `mkfs.`         | Filesystem format              |
-| `chmod -R 777`  | Insecure recursive permissions |
-| `chown -R`      | Recursive ownership change     |

package/docs/examples.md

@@ -1,170 +0,0 @@
-# Example Presets
-
-Pre-configured presets available in the `/guardrails:settings` Examples tab. These can be applied to any config scope (global, local, or memory).
-
-Source: [`src/commands/settings-command.ts`](../src/commands/settings-command.ts)
-
-## File Policy Presets
-
-### Secrets (.env)
-
-Block dotenv-like files using glob patterns.
-
-| Field      | Value                              |
-|------------|------------------------------------|
-| ID         | `example-secret-env-files`         |
-| Protection | `noAccess`                         |
-| Patterns   | `.env`, `.env.*`                   |
-| Exceptions | `.env.example`, `*.sample.env`     |
-
----
-
-### Logs (*.log)
-
-Mark log files as read-only to prevent accidental modification.
-
-| Field      | Value                     |
-|------------|---------------------------|
-| ID         | `example-log-files`       |
-| Protection | `readOnly`                |
-| Patterns   | `*.log`, `*.out`          |
-
----
-
-### Regex env
-
-Regex-based matching for `.env` and `.env.*` files. Demonstrates regex mode.
-
-| Field      | Value                                    |
-|------------|------------------------------------------|
-| ID         | `example-regex-env`                      |
-| Protection | `noAccess`                               |
-| Patterns   | `^\.env(\..+)?$` (regex)                 |
-| Exceptions | `^\.env\.example$` (regex)               |
-
----
-
-### SSH keys
-
-Block access to SSH private key files.
-
-| Field      | Value                                |
-|------------|--------------------------------------|
-| ID         | `example-ssh-keys`                   |
-| Protection | `noAccess`                           |
-| Patterns   | `*.pem`, `*_rsa`, `*_ed25519`       |
-| Exceptions | `*.pub`                              |
-
----
-
-### AWS credentials
-
-Block AWS CLI credentials and config files.
-
-| Field      | Value                                  |
-|------------|----------------------------------------|
-| ID         | `example-aws-credentials`              |
-| Protection | `noAccess`                             |
-| Patterns   | `.aws/credentials`, `.aws/config`      |
-
----
-
-### Database files
-
-Mark SQLite and database files as read-only.
-
-| Field      | Value                                  |
-|------------|----------------------------------------|
-| ID         | `example-database-files`               |
-| Protection | `readOnly`                             |
-| Patterns   | `*.db`, `*.sqlite`, `*.sqlite3`        |
-
----
-
-### Kubernetes secrets
-
-Block kubeconfig and Kubernetes secret files.
-
-| Field      | Value                                  |
-|------------|----------------------------------------|
-| ID         | `example-k8s-secrets`                  |
-| Protection | `noAccess`                             |
-| Patterns   | `.kube/config`, `*kubeconfig*`         |
-
----
-
-### Certificates
-
-Block SSL/TLS certificate and key files.
-
-| Field      | Value                                  |
-|------------|----------------------------------------|
-| ID         | `example-certificates`                 |
-| Protection | `noAccess`                             |
-| Patterns   | `*.crt`, `*.key`, `*.p12`              |
-| Exceptions | `*.csr`                                |
-
----
-
-## Dangerous Command Presets
-
-### General
-
-| Label              | Pattern              | Description                            |
-|--------------------|----------------------|----------------------------------------|
-| Homebrew           | `brew`               | Homebrew package manager               |
-| git push --force   | `git push --force`   | Git force push                         |
-| npm publish        | `npm publish`        | NPM package publishing                 |
-| yarn publish       | `yarn publish`       | Yarn package publishing                |
-| pnpm publish       | `pnpm publish`       | PNPM package publishing                |
-| drop database      | `DROP DATABASE`      | SQL database drop                      |
-| drop table         | `DROP TABLE`         | SQL table drop                         |
-
-### dbt
-
-| Label    | Pattern    | Description            |
-|----------|------------|------------------------|
-| dbt run  | `dbt run`  | dbt model execution    |
-| dbt seed | `dbt seed` | dbt seed data loading  |
-
-### AWS
-
-| Label                | Pattern                        | Description                  |
-|----------------------|--------------------------------|------------------------------|
-| aws s3 rm            | `aws s3 rm`                    | AWS S3 object deletion       |
-| aws iam              | `aws iam`                      | AWS IAM permission changes   |
-| aws ec2 terminate    | `aws ec2 terminate-instances`  | AWS EC2 instance termination |
-
-### Kubernetes
-
-| Label          | Pattern          | Description                    |
-|----------------|------------------|--------------------------------|
-| kubectl delete | `kubectl delete` | Kubernetes resource deletion   |
-| kubectl apply  | `kubectl apply`  | Kubernetes resource application|
-| kubectl scale  | `kubectl scale`  | Kubernetes scaling operation   |
-
-### Docker
-
-| Label                | Pattern                | Description                              |
-|----------------------|------------------------|------------------------------------------|
-| Docker secrets       | `docker inspect`       | Docker inspect (may expose env vars)     |
-| docker rm            | `docker rm`            | Docker container removal                 |
-| docker rmi           | `docker rmi`           | Docker image removal                     |
-| docker system prune  | `docker system prune`  | Docker system cleanup                    |
-| docker compose down  | `docker compose down`  | Docker Compose service teardown          |
-
-### Terraform
-
-| Label              | Pattern              | Description                        |
-|--------------------|----------------------|------------------------------------|
-| Terraform apply    | `terraform apply`    | Terraform infrastructure changes   |
-| Terraform destroy  | `terraform destroy`  | Terraform infrastructure destruction|
-| terraform import   | `terraform import`   | Terraform resource import          |
-
-### Google Cloud
-
-| Label                  | Pattern                            | Description                      |
-|------------------------|------------------------------------|----------------------------------|
-| gcloud compute delete  | `gcloud compute instances delete`  | GCP compute instance deletion    |
-| gcloud iam             | `gcloud iam`                       | GCP IAM permission changes       |
-| gcloud sql delete      | `gcloud sql instances delete`      | GCP Cloud SQL instance deletion  |