@aliou/pi-guardrails 0.3.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/config-schema.ts +2 -0
- package/config.ts +17 -11
- package/events.ts +5 -1
- package/hooks/index.ts +2 -0
- package/hooks/prevent-python.ts +45 -0
- package/package.json +1 -1
- package/settings-command.ts +47 -37
package/config-schema.ts
CHANGED
|
@@ -9,6 +9,7 @@ export interface GuardrailsConfig {
|
|
|
9
9
|
enabled?: boolean;
|
|
10
10
|
features?: {
|
|
11
11
|
preventBrew?: boolean;
|
|
12
|
+
preventPython?: boolean;
|
|
12
13
|
protectEnvFiles?: boolean;
|
|
13
14
|
permissionGate?: boolean;
|
|
14
15
|
};
|
|
@@ -34,6 +35,7 @@ export interface ResolvedConfig {
|
|
|
34
35
|
enabled: boolean;
|
|
35
36
|
features: {
|
|
36
37
|
preventBrew: boolean;
|
|
38
|
+
preventPython: boolean;
|
|
37
39
|
protectEnvFiles: boolean;
|
|
38
40
|
permissionGate: boolean;
|
|
39
41
|
};
|
package/config.ts
CHANGED
|
@@ -16,6 +16,7 @@ const DEFAULT_CONFIG: ResolvedConfig = {
|
|
|
16
16
|
enabled: true,
|
|
17
17
|
features: {
|
|
18
18
|
preventBrew: false,
|
|
19
|
+
preventPython: false,
|
|
19
20
|
protectEnvFiles: true,
|
|
20
21
|
permissionGate: true,
|
|
21
22
|
},
|
|
@@ -97,20 +98,25 @@ class ConfigLoader {
|
|
|
97
98
|
return merged;
|
|
98
99
|
}
|
|
99
100
|
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
101
|
+
private mergeInto<TTarget extends object, TSource extends object>(
|
|
102
|
+
target: TTarget,
|
|
103
|
+
source: TSource,
|
|
104
|
+
): void {
|
|
105
|
+
const t = target as Record<string, unknown>;
|
|
106
|
+
const s = source as Record<string, unknown>;
|
|
107
|
+
|
|
108
|
+
for (const key in s) {
|
|
109
|
+
if (s[key] === undefined) continue;
|
|
104
110
|
|
|
105
111
|
if (
|
|
106
|
-
typeof
|
|
107
|
-
!Array.isArray(
|
|
108
|
-
|
|
112
|
+
typeof s[key] === "object" &&
|
|
113
|
+
!Array.isArray(s[key]) &&
|
|
114
|
+
s[key] !== null
|
|
109
115
|
) {
|
|
110
|
-
if (!
|
|
111
|
-
this.mergeInto(
|
|
116
|
+
if (!t[key]) t[key] = {};
|
|
117
|
+
this.mergeInto(t[key] as object, s[key] as object);
|
|
112
118
|
} else {
|
|
113
|
-
|
|
119
|
+
t[key] = s[key];
|
|
114
120
|
}
|
|
115
121
|
}
|
|
116
122
|
}
|
|
@@ -137,7 +143,7 @@ class ConfigLoader {
|
|
|
137
143
|
config: GuardrailsConfig,
|
|
138
144
|
): Promise<void> {
|
|
139
145
|
await mkdir(dirname(path), { recursive: true });
|
|
140
|
-
await writeFile(path, JSON.stringify(config, null, 2)
|
|
146
|
+
await writeFile(path, `${JSON.stringify(config, null, 2)}\n`, "utf-8");
|
|
141
147
|
}
|
|
142
148
|
|
|
143
149
|
hasGlobalConfig(): boolean {
|
package/events.ts
CHANGED
|
@@ -4,7 +4,11 @@ export const GUARDRAILS_BLOCKED_EVENT = "guardrails:blocked";
|
|
|
4
4
|
export const GUARDRAILS_DANGEROUS_EVENT = "guardrails:dangerous";
|
|
5
5
|
|
|
6
6
|
export interface GuardrailsBlockedEvent {
|
|
7
|
-
feature:
|
|
7
|
+
feature:
|
|
8
|
+
| "preventBrew"
|
|
9
|
+
| "preventPython"
|
|
10
|
+
| "protectEnvFiles"
|
|
11
|
+
| "permissionGate";
|
|
8
12
|
toolName: string;
|
|
9
13
|
input: Record<string, unknown>;
|
|
10
14
|
reason: string;
|
package/hooks/index.ts
CHANGED
|
@@ -2,10 +2,12 @@ import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
|
|
|
2
2
|
import type { ResolvedConfig } from "../config-schema";
|
|
3
3
|
import { setupPermissionGateHook } from "./permission-gate";
|
|
4
4
|
import { setupPreventBrewHook } from "./prevent-brew";
|
|
5
|
+
import { setupPreventPythonHook } from "./prevent-python";
|
|
5
6
|
import { setupProtectEnvFilesHook } from "./protect-env-files";
|
|
6
7
|
|
|
7
8
|
export function setupGuardrailsHooks(pi: ExtensionAPI, config: ResolvedConfig) {
|
|
8
9
|
setupPreventBrewHook(pi, config);
|
|
10
|
+
setupPreventPythonHook(pi, config);
|
|
9
11
|
setupProtectEnvFilesHook(pi, config);
|
|
10
12
|
setupPermissionGateHook(pi, config);
|
|
11
13
|
}
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
|
|
2
|
+
import type { ResolvedConfig } from "../config-schema";
|
|
3
|
+
import { emitBlocked } from "../events";
|
|
4
|
+
|
|
5
|
+
/**
|
|
6
|
+
* Blocks all Python-related commands including python, python3, pip, poetry, etc.
|
|
7
|
+
* Use uv for Python package management instead.
|
|
8
|
+
*/
|
|
9
|
+
|
|
10
|
+
const PYTHON_PATTERN =
|
|
11
|
+
/\b(python|python3|pip|pip3|poetry|pyenv|virtualenv|venv)\b/;
|
|
12
|
+
|
|
13
|
+
export function setupPreventPythonHook(
|
|
14
|
+
pi: ExtensionAPI,
|
|
15
|
+
config: ResolvedConfig,
|
|
16
|
+
) {
|
|
17
|
+
if (!config.features.preventPython) return;
|
|
18
|
+
|
|
19
|
+
pi.on("tool_call", async (event, ctx) => {
|
|
20
|
+
if (event.toolName !== "bash") return;
|
|
21
|
+
|
|
22
|
+
const command = String(event.input.command ?? "");
|
|
23
|
+
|
|
24
|
+
if (PYTHON_PATTERN.test(command)) {
|
|
25
|
+
ctx.ui.notify("Blocked Python command. Use uv instead.", "warning");
|
|
26
|
+
|
|
27
|
+
const reason =
|
|
28
|
+
"Python is not available globally on this machine. " +
|
|
29
|
+
"Use uv for Python package management instead. " +
|
|
30
|
+
"Run `uv init` to create a new Python project, " +
|
|
31
|
+
"or `uv run python` to run Python scripts. " +
|
|
32
|
+
"Use `uv add` to install packages (replaces pip/poetry).";
|
|
33
|
+
|
|
34
|
+
emitBlocked(pi, {
|
|
35
|
+
feature: "preventPython",
|
|
36
|
+
toolName: "bash",
|
|
37
|
+
input: event.input,
|
|
38
|
+
reason,
|
|
39
|
+
});
|
|
40
|
+
|
|
41
|
+
return { block: true, reason };
|
|
42
|
+
}
|
|
43
|
+
return;
|
|
44
|
+
});
|
|
45
|
+
}
|
package/package.json
CHANGED
package/settings-command.ts
CHANGED
|
@@ -3,12 +3,41 @@ import { getSettingsListTheme } from "@mariozechner/pi-coding-agent";
|
|
|
3
3
|
import { Key, matchesKey } from "@mariozechner/pi-tui";
|
|
4
4
|
import { ArrayEditor } from "./array-editor";
|
|
5
5
|
import { configLoader } from "./config";
|
|
6
|
-
import type { GuardrailsConfig } from "./config-schema";
|
|
6
|
+
import type { GuardrailsConfig, ResolvedConfig } from "./config-schema";
|
|
7
7
|
import { PatternEditor } from "./pattern-editor";
|
|
8
8
|
import { SectionedSettings, type SettingsSection } from "./sectioned-settings";
|
|
9
9
|
|
|
10
10
|
type Tab = "local" | "global";
|
|
11
11
|
|
|
12
|
+
// Typed feature UI definitions. Adding a key to ResolvedConfig.features
|
|
13
|
+
// without adding it here will cause a type error.
|
|
14
|
+
type FeatureKey = keyof ResolvedConfig["features"];
|
|
15
|
+
|
|
16
|
+
interface FeatureUiDef {
|
|
17
|
+
label: string;
|
|
18
|
+
description: string;
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
const FEATURE_UI: Record<FeatureKey, FeatureUiDef> = {
|
|
22
|
+
preventBrew: {
|
|
23
|
+
label: "Prevent Homebrew",
|
|
24
|
+
description: "Block brew commands",
|
|
25
|
+
},
|
|
26
|
+
preventPython: {
|
|
27
|
+
label: "Prevent Python",
|
|
28
|
+
description: "Block python/pip/poetry commands. Use uv instead.",
|
|
29
|
+
},
|
|
30
|
+
protectEnvFiles: {
|
|
31
|
+
label: "Protect .env files",
|
|
32
|
+
description: "Block access to .env files containing secrets",
|
|
33
|
+
},
|
|
34
|
+
permissionGate: {
|
|
35
|
+
label: "Permission gate",
|
|
36
|
+
description:
|
|
37
|
+
"Prompt for confirmation on dangerous commands (rm -rf, sudo, etc.)",
|
|
38
|
+
},
|
|
39
|
+
};
|
|
40
|
+
|
|
12
41
|
export function registerSettingsCommand(pi: ExtensionAPI): void {
|
|
13
42
|
pi.registerCommand("guardrails:settings", {
|
|
14
43
|
description: "Configure guardrails (local/global)",
|
|
@@ -168,45 +197,26 @@ export function registerSettingsCommand(pi: ExtensionAPI): void {
|
|
|
168
197
|
: configLoader.getGlobalConfig();
|
|
169
198
|
const resolved = configLoader.getConfig();
|
|
170
199
|
|
|
200
|
+
const featureItems = (Object.keys(FEATURE_UI) as FeatureKey[]).map(
|
|
201
|
+
(key) => {
|
|
202
|
+
const def = FEATURE_UI[key];
|
|
203
|
+
return {
|
|
204
|
+
id: `features.${key}`,
|
|
205
|
+
label: def.label,
|
|
206
|
+
description: def.description,
|
|
207
|
+
currentValue:
|
|
208
|
+
(config.features?.[key] ?? resolved.features[key])
|
|
209
|
+
? "enabled"
|
|
210
|
+
: "disabled",
|
|
211
|
+
values: ["enabled", "disabled"],
|
|
212
|
+
};
|
|
213
|
+
},
|
|
214
|
+
);
|
|
215
|
+
|
|
171
216
|
const sections: SettingsSection[] = [
|
|
172
217
|
{
|
|
173
218
|
label: "Features",
|
|
174
|
-
items:
|
|
175
|
-
{
|
|
176
|
-
id: "features.preventBrew",
|
|
177
|
-
label: "Prevent Homebrew",
|
|
178
|
-
description: "Block brew commands",
|
|
179
|
-
currentValue:
|
|
180
|
-
(config.features?.preventBrew ??
|
|
181
|
-
resolved.features.preventBrew)
|
|
182
|
-
? "enabled"
|
|
183
|
-
: "disabled",
|
|
184
|
-
values: ["enabled", "disabled"],
|
|
185
|
-
},
|
|
186
|
-
{
|
|
187
|
-
id: "features.protectEnvFiles",
|
|
188
|
-
label: "Protect .env files",
|
|
189
|
-
description: "Block access to .env files containing secrets",
|
|
190
|
-
currentValue:
|
|
191
|
-
(config.features?.protectEnvFiles ??
|
|
192
|
-
resolved.features.protectEnvFiles)
|
|
193
|
-
? "enabled"
|
|
194
|
-
: "disabled",
|
|
195
|
-
values: ["enabled", "disabled"],
|
|
196
|
-
},
|
|
197
|
-
{
|
|
198
|
-
id: "features.permissionGate",
|
|
199
|
-
label: "Permission gate",
|
|
200
|
-
description:
|
|
201
|
-
"Prompt for confirmation on dangerous commands (rm -rf, sudo, etc.)",
|
|
202
|
-
currentValue:
|
|
203
|
-
(config.features?.permissionGate ??
|
|
204
|
-
resolved.features.permissionGate)
|
|
205
|
-
? "enabled"
|
|
206
|
-
: "disabled",
|
|
207
|
-
values: ["enabled", "disabled"],
|
|
208
|
-
},
|
|
209
|
-
],
|
|
219
|
+
items: featureItems,
|
|
210
220
|
},
|
|
211
221
|
{
|
|
212
222
|
label: "Env Files",
|