@aliou/pi-guardrails 0.11.2 → 0.12.1

package/src/lib/model-resolver.ts

@@ -1,47 +0,0 @@
-/**
- * Model resolution helper for subagents.
- *
- * Resolves a model by provider + ID from the model registry.
- */
-
-import type { Model } from "@mariozechner/pi-ai";
-import type { ExtensionContext } from "@mariozechner/pi-coding-agent";
-
-/**
- * Find a model by provider and ID.
- *
- * @param provider - Provider name (e.g., "openrouter", "anthropic", "openai-codex")
- * @param modelId - Model ID (e.g., "anthropic/claude-haiku-4.5")
- * @param ctx - Extension context with modelRegistry
- * @returns The resolved model
- * @throws Error if model not found or API key not configured
- */
-export function resolveModel(
-  provider: string,
-  modelId: string,
-  ctx: ExtensionContext,
-  // biome-ignore lint/suspicious/noExplicitAny: Model type requires any for generic API
-): Model<any> {
-  const available = ctx.modelRegistry.getAvailable();
-  const model = available.find(
-    (m) => m.id === modelId && m.provider === provider,
-  );
-
-  if (model) {
-    return model;
-  }
-
-  // Check if the model exists but the API key is missing
-  const all = ctx.modelRegistry.getAll();
-  const existsWithoutKey = all.some(
-    (m) => m.id === modelId && m.provider === provider,
-  );
-
-  if (existsWithoutKey) {
-    throw new Error(
-      `Model "${modelId}" exists on ${provider} but no valid API key is configured.`,
-    );
-  }
-
-  throw new Error(`Model "${modelId}" not found on provider "${provider}".`);
-}

package/src/lib/timing.ts

@@ -1,42 +0,0 @@
-/**
- * Shared timing utilities for tool and subagent execution.
- */
-
-/** Minimal shape that supports timing fields. */
-export interface TimedExecution {
-  startedAt?: number;
-  endedAt?: number;
-  durationMs?: number;
-}
-
-/** Mark execution start time (epoch ms). */
-export function markExecutionStart<T extends TimedExecution>(
-  target: T,
-  startedAt = Date.now(),
-): T {
-  target.startedAt = startedAt;
-  return target;
-}
-
-/** Mark execution end time and compute duration (epoch ms / ms). */
-export function markExecutionEnd<T extends TimedExecution>(
-  target: T,
-  endedAt = Date.now(),
-): T {
-  target.endedAt = endedAt;
-  if (target.startedAt !== undefined) {
-    target.durationMs = Math.max(0, endedAt - target.startedAt);
-  }
-  return target;
-}
-
-/** Simple wall-clock timer for a full operation (e.g., subagent call). */
-export function createExecutionTimer(startedAt = Date.now()): {
-  startedAt: number;
-  getDurationMs: (endedAt?: number) => number;
-} {
-  return {
-    startedAt,
-    getDurationMs: (endedAt = Date.now()) => Math.max(0, endedAt - startedAt),
-  };
-}

package/src/lib/types.ts

@@ -1,115 +0,0 @@
-import type { AgentTool, ThinkingLevel } from "@mariozechner/pi-agent-core";
-import type { Model } from "@mariozechner/pi-ai";
-import type { Skill, ToolDefinition } from "@mariozechner/pi-coding-agent";
-
-/**
- * Configuration for a subagent.
- */
-export interface SubagentConfig {
-  /** Subagent name (for logging and run ID) */
-  name: string;
-
-  /** Model instance to use */
-  // biome-ignore lint/suspicious/noExplicitAny: Model type requires any for generic API
-  model: Model<any>;
-
-  /** System prompt for the subagent */
-  systemPrompt: string;
-
-  /** Built-in tools (AgentTool[]) - e.g., from createReadOnlyTools() */
-  tools?: AgentTool[];
-
-  /** Custom tools (ToolDefinition[]) - e.g., GitHub tools */
-  customTools?: ToolDefinition[];
-
-  /** Skills to load into system prompt */
-  skills?: Skill[];
-
-  /** Thinking level. Default: "low" */
-  thinkingLevel?: ThinkingLevel;
-
-  /** Logging options */
-  logging?: {
-    /** Enable logging. Default: false */
-    enabled: boolean;
-    /** Include raw events in debug.jsonl. Default: false */
-    debug?: boolean;
-  };
-}
-
-/**
- * Tool call state for tracking subagent tool executions.
- */
-export interface SubagentToolCall {
-  toolCallId: string;
-  toolName: string;
-  args: Record<string, unknown>;
-  status: "running" | "done" | "error";
-  /** Epoch ms when tool execution started */
-  startedAt?: number;
-  /** Epoch ms when tool execution ended */
-  endedAt?: number;
-  /** Duration in milliseconds (set when ended) */
-  durationMs?: number;
-  result?: unknown;
-  error?: string;
-  /** Partial result from tool updates (for progress display) */
-  partialResult?: {
-    content: Array<{ type: string; text?: string }>;
-    details?: unknown;
-  };
-}
-
-/**
- * Usage/cost information from the model response.
- */
-export interface SubagentUsage {
-  /** Input tokens from API (if available) */
-  inputTokens?: number;
-  /** Output tokens from API (if available) */
-  outputTokens?: number;
-  /** Cache read tokens (if available) */
-  cacheReadTokens?: number;
-  /** Cache write tokens (if available) */
-  cacheWriteTokens?: number;
-  /** Estimated tokens from response length (chars/4) */
-  estimatedTokens: number;
-  /** LLM cost in USD (if available) */
-  llmCost?: number;
-  /** Tool/API cost in USD (e.g., Exa, GitHub) */
-  toolCost?: number;
-  /** Total cost in USD (llmCost + toolCost) */
-  totalCost?: number;
-}
-
-/**
- * Result from executing a subagent.
- */
-export interface SubagentResult {
-  /** Final text content from the subagent */
-  content: string;
-
-  /** Whether the subagent was aborted */
-  aborted: boolean;
-
-  /** Final tool call states */
-  toolCalls: SubagentToolCall[];
-
-  /** Total subagent execution duration in milliseconds */
-  totalDurationMs: number;
-
-  /** Error message if the subagent failed */
-  error?: string;
-
-  /** Unique run identifier */
-  runId: string;
-
-  /** Usage/cost information */
-  usage: SubagentUsage;
-}
-
-/** Callback for text streaming updates */
-export type OnTextUpdate = (delta: string, accumulated: string) => void;
-
-/** Callback for tool execution updates */
-export type OnToolUpdate = (toolCalls: SubagentToolCall[]) => void;

package/src/utils/command-args.test.ts

@@ -1,83 +0,0 @@
-import { describe, expect, it } from "vitest";
-import { classifyCommandArgs } from "./command-args";
-
-const tokens = (command: string, args: string[]) =>
-  classifyCommandArgs(command, args).map((arg) => arg.token);
-
-describe("classifyCommandArgs", () => {
-  it("keeps unknown command arguments unchanged", () => {
-    expect(tokens("cat", ["/etc/hosts", "./file"])).toEqual([
-      "/etc/hosts",
-      "./file",
-    ]);
-  });
-
-  it("ignores awk inline program and keeps file operands", () => {
-    expect(tokens("awk", ["/aaa/{print}", "./input"])).toEqual(["./input"]);
-  });
-
-  it("keeps awk -f program files", () => {
-    expect(tokens("awk", ["-f", "./prog.awk", "./input"])).toEqual([
-      "./prog.awk",
-      "./input",
-    ]);
-  });
-
-  it("ignores sed inline scripts and keeps file operands", () => {
-    expect(tokens("sed", ["s#/old#/new#g", "./file"])).toEqual(["./file"]);
-  });
-
-  it("keeps sed -f script files", () => {
-    expect(tokens("sed", ["-f", "./script.sed", "./file"])).toEqual([
-      "./script.sed",
-      "./file",
-    ]);
-  });
-
-  it("ignores grep patterns and keeps file operands", () => {
-    expect(tokens("grep", ["/api/v1", "./src"])).toEqual(["./src"]);
-  });
-
-  it("keeps grep pattern files", () => {
-    expect(tokens("grep", ["-f", "./patterns", "./src"])).toEqual([
-      "./patterns",
-      "./src",
-    ]);
-  });
-
-  it("keeps find roots and ignores expression patterns", () => {
-    expect(tokens("find", ["./src", "-regex", ".*/test/.*"])).toEqual([
-      "./src",
-    ]);
-  });
-
-  it("ignores jq filters and keeps file operands", () => {
-    expect(tokens("jq", ['.path | test("^/tmp/")', "./data.json"])).toEqual([
-      "./data.json",
-    ]);
-  });
-
-  it("keeps jq -f filter files", () => {
-    expect(tokens("jq", ["-f", "./filter.jq", "./data.json"])).toEqual([
-      "./filter.jq",
-      "./data.json",
-    ]);
-  });
-
-  it("ignores interpreter inline code", () => {
-    expect(tokens("python3", ["-c", 'open("/etc/passwd")'])).toEqual([]);
-  });
-
-  it("keeps interpreter script operands", () => {
-    expect(tokens("python3", ["./script.py", "./data.json"])).toEqual([
-      "./script.py",
-      "./data.json",
-    ]);
-  });
-
-  it("ignores delimiter args", () => {
-    expect(tokens("cut", ["-d", "/", "./file"])).toEqual(["./file"]);
-    expect(tokens("sort", ["-t", "/", "./file"])).toEqual(["./file"]);
-    expect(tokens("tr", ["/", ":"])).toEqual([]);
-  });
-});

package/src/utils/events.ts

@@ -1,32 +0,0 @@
-import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
-
-export const GUARDRAILS_BLOCKED_EVENT = "guardrails:blocked";
-export const GUARDRAILS_DANGEROUS_EVENT = "guardrails:dangerous";
-
-export interface GuardrailsBlockedEvent {
-  feature: "policies" | "permissionGate" | "pathAccess";
-  toolName: string;
-  input: Record<string, unknown>;
-  reason: string;
-  userDenied?: boolean;
-}
-
-export interface GuardrailsDangerousEvent {
-  command: string;
-  description: string;
-  pattern: string;
-}
-
-export function emitBlocked(
-  pi: ExtensionAPI,
-  event: GuardrailsBlockedEvent,
-): void {
-  pi.events.emit(GUARDRAILS_BLOCKED_EVENT, event);
-}
-
-export function emitDangerous(
-  pi: ExtensionAPI,
-  event: GuardrailsDangerousEvent,
-): void {
-  pi.events.emit(GUARDRAILS_DANGEROUS_EVENT, event);
-}

package/src/utils/migration.test.ts

@@ -1,58 +0,0 @@
-import { describe, expect, it } from "vitest";
-import type { GuardrailsConfig } from "../config";
-import {
-  migrateAllowedPaths,
-  needsAllowedPathsMigration,
-  normalizeAllowedPaths,
-} from "./migration";
-
-describe("allowedPaths migration", () => {
-  it("normalizes strings and legacy pattern objects", () => {
-    expect(
-      normalizeAllowedPaths([
-        "/dev/null",
-        { pattern: "~/Downloads/" },
-        { pattern: " /tmp/file " },
-        { pattern: "" },
-        { regex: true },
-        42,
-        null,
-        "/dev/null",
-      ]),
-    ).toEqual(["/dev/null", "~/Downloads/", "/tmp/file"]);
-  });
-
-  it("detects legacy object-shaped allowed paths", () => {
-    const config = {
-      pathAccess: {
-        allowedPaths: [{ pattern: "/dev/null" }],
-      },
-    } as unknown as GuardrailsConfig;
-
-    expect(needsAllowedPathsMigration(config)).toBe(true);
-  });
-
-  it("does not migrate valid string allowed paths", () => {
-    const config: GuardrailsConfig = {
-      pathAccess: {
-        allowedPaths: ["/dev/null"],
-      },
-    };
-
-    expect(needsAllowedPathsMigration(config)).toBe(false);
-  });
-
-  it("converts legacy object-shaped allowed paths to strings", () => {
-    const config = {
-      pathAccess: {
-        mode: "block",
-        allowedPaths: [{ pattern: "/dev/null" }, "~/Downloads/"],
-      },
-    } as unknown as GuardrailsConfig;
-
-    expect(migrateAllowedPaths(config).pathAccess?.allowedPaths).toEqual([
-      "/dev/null",
-      "~/Downloads/",
-    ]);
-  });
-});