@aliou/pi-guardrails 0.4.0 → 0.5.0

package/README.md

@@ -36,8 +36,10 @@ pi install npm:@aliou/pi-guardrails
 ## Features
 
 - **prevent-brew**: Blocks Homebrew commands (disabled by default)
+- **prevent-python**: Blocks Python/pip/poetry commands, suggests uv instead (disabled by default)
 - **protect-env-files**: Prevents access to `.env` files (except `.example`/`.sample`/`.test`)
 - **permission-gate**: Prompts for confirmation on dangerous commands
+- **enforce-package-manager**: Enforces a specific Node package manager (npm, pnpm, or bun) (disabled by default)
 
 ## Configuration
 
@@ -61,8 +63,13 @@ Use `Tab` / `Shift+Tab` to switch tabs. Boolean settings can be toggled directly
   "enabled": true,
   "features": {
     "preventBrew": false,
+    "preventPython": false,
     "protectEnvFiles": true,
-    "permissionGate": true
+    "permissionGate": true,
+    "enforcePackageManager": false
+  },
+  "packageManager": {
+    "selected": "npm"
   },
   "envFiles": {
     "protectedPatterns": ["\\.env$", "\\.env\\.local$"],
@@ -96,8 +103,16 @@ All fields are optional. Missing fields use defaults shown above.
 | Key | Default | Description |
 |---|---|---|
 | `preventBrew` | `false` | Block Homebrew install/upgrade commands |
+| `preventPython` | `false` | Block python/pip/poetry commands (use uv instead) |
 | `protectEnvFiles` | `true` | Block access to `.env` files containing secrets |
 | `permissionGate` | `true` | Prompt for confirmation on dangerous commands |
+| `enforcePackageManager` | `false` | Enforce a specific Node package manager |
+
+#### `packageManager`
+
+| Key | Default | Description |
+|---|---|---|
+| `selected` | `"npm"` | Package manager to enforce: `"npm"`, `"pnpm"`, or `"bun"` |
 
 #### `envFiles`
 
@@ -156,6 +171,19 @@ Auto-deny certain commands:
 }
 ```
 
+Enforce pnpm as the package manager:
+
+```json
+{
+  "features": {
+    "enforcePackageManager": true
+  },
+  "packageManager": {
+    "selected": "pnpm"
+  }
+}
+```
+
 ## Events
 
 The extension emits events on the pi event bus for inter-extension communication.
@@ -166,7 +194,7 @@ Emitted when a tool call is blocked by any guardrail.
 
 ```typescript
 interface GuardrailsBlockedEvent {
-  feature: "preventBrew" | "protectEnvFiles" | "permissionGate";
+  feature: "preventBrew" | "preventPython" | "protectEnvFiles" | "permissionGate" | "enforcePackageManager";
   toolName: string;
   input: Record<string, unknown>;
   reason: string;
@@ -201,6 +229,17 @@ Blocked patterns:
 - `brew upgrade`
 - `brew reinstall`
 
+### prevent-python
+
+Blocks bash commands that use Python tooling directly. Disabled by default. Enable if your project uses uv for Python management.
+
+Blocked patterns:
+- `python`, `python3`
+- `pip`, `pip3`
+- `poetry`
+- `pyenv`
+- `virtualenv`, `venv`
+
 ### protect-env-files
 
 Prevents accessing `.env` files that might contain secrets. Only allows access to safe variants:
@@ -225,3 +264,14 @@ Prompts user confirmation before executing dangerous commands:
 - `chown -R` (recursive ownership change)
 
 All patterns are configurable. Supports allow-lists and auto-deny lists.
+
+### enforce-package-manager
+
+Enforces using a specific Node package manager. Disabled by default. When enabled, blocks commands using non-selected package managers.
+
+Configure via `packageManager.selected`:
+- `"npm"` (default)
+- `"pnpm"`
+- `"bun"`
+
+Example: If `selected` is `"pnpm"`, running `npm install` or `bun add` will be blocked with a message instructing the agent to use `pnpm` instead.

package/config-schema.ts

@@ -12,6 +12,10 @@ export interface GuardrailsConfig {
     preventPython?: boolean;
     protectEnvFiles?: boolean;
     permissionGate?: boolean;
+    enforcePackageManager?: boolean;
+  };
+  packageManager?: {
+    selected?: "bun" | "pnpm" | "npm";
   };
   envFiles?: {
     protectedPatterns?: string[];
@@ -38,6 +42,10 @@ export interface ResolvedConfig {
     preventPython: boolean;
     protectEnvFiles: boolean;
     permissionGate: boolean;
+    enforcePackageManager: boolean;
+  };
+  packageManager: {
+    selected: "bun" | "pnpm" | "npm";
   };
   envFiles: {
     protectedPatterns: string[];

package/config.ts

@@ -19,6 +19,10 @@ const DEFAULT_CONFIG: ResolvedConfig = {
     preventPython: false,
     protectEnvFiles: true,
     permissionGate: true,
+    enforcePackageManager: false,
+  },
+  packageManager: {
+    selected: "npm",
   },
   envFiles: {
     protectedPatterns: ["\\.env$", "\\.env\\.local$"],
@@ -98,20 +102,25 @@ class ConfigLoader {
     return merged;
   }
 
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  private mergeInto(target: any, source: any): void {
-    for (const key in source) {
-      if (source[key] === undefined) continue;
+  private mergeInto<TTarget extends object, TSource extends object>(
+    target: TTarget,
+    source: TSource,
+  ): void {
+    const t = target as Record<string, unknown>;
+    const s = source as Record<string, unknown>;
+
+    for (const key in s) {
+      if (s[key] === undefined) continue;
 
       if (
-        typeof source[key] === "object" &&
-        !Array.isArray(source[key]) &&
-        source[key] !== null
+        typeof s[key] === "object" &&
+        !Array.isArray(s[key]) &&
+        s[key] !== null
       ) {
-        if (!target[key]) target[key] = {};
-        this.mergeInto(target[key], source[key]);
+        if (!t[key]) t[key] = {};
+        this.mergeInto(t[key] as object, s[key] as object);
       } else {
-        target[key] = source[key];
+        t[key] = s[key];
       }
     }
   }
@@ -138,7 +147,7 @@ class ConfigLoader {
     config: GuardrailsConfig,
   ): Promise<void> {
     await mkdir(dirname(path), { recursive: true });
-    await writeFile(path, JSON.stringify(config, null, 2) + "\n", "utf-8");
+    await writeFile(path, `${JSON.stringify(config, null, 2)}\n`, "utf-8");
   }
 
   hasGlobalConfig(): boolean {

package/events.ts

@@ -8,7 +8,8 @@ export interface GuardrailsBlockedEvent {
     | "preventBrew"
     | "preventPython"
     | "protectEnvFiles"
-    | "permissionGate";
+    | "permissionGate"
+    | "enforcePackageManager";
   toolName: string;
   input: Record<string, unknown>;
   reason: string;

package/hooks/enforce-package-manager.ts

@@ -0,0 +1,96 @@
+import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+import type { ResolvedConfig } from "../config-schema";
+import { emitBlocked } from "../events";
+
+/**
+ * Enforces using a specific Node package manager (bun, pnpm, or npm).
+ * Blocks commands using non-selected package managers.
+ */
+
+const BUN_PATTERN = /\bbun\b/;
+const PNPM_PATTERN = /\bpnpm\b/;
+const NPM_PATTERN = /\bnpm\b/;
+
+type PackageManager = "bun" | "pnpm" | "npm";
+
+interface ManagerInfo {
+  pattern: RegExp;
+  name: string;
+  installCmd: string;
+  addCmd: string;
+  runCmd: string;
+}
+
+const MANAGER_INFO: Record<PackageManager, ManagerInfo> = {
+  bun: {
+    pattern: BUN_PATTERN,
+    name: "bun",
+    installCmd: "bun install",
+    addCmd: "bun add <package>",
+    runCmd: "bun run <script>",
+  },
+  pnpm: {
+    pattern: PNPM_PATTERN,
+    name: "pnpm",
+    installCmd: "pnpm install",
+    addCmd: "pnpm add <package>",
+    runCmd: "pnpm run <script>",
+  },
+  npm: {
+    pattern: NPM_PATTERN,
+    name: "npm",
+    installCmd: "npm install",
+    addCmd: "npm install <package>",
+    runCmd: "npm run <script>",
+  },
+};
+
+export function setupEnforcePackageManagerHook(
+  pi: ExtensionAPI,
+  config: ResolvedConfig,
+) {
+  if (!config.features.enforcePackageManager) return;
+
+  const selectedManager = config.packageManager.selected;
+  const selected = MANAGER_INFO[selectedManager];
+
+  // Get all managers that should be blocked (all except the selected one)
+  const blockedManagers = (
+    Object.keys(MANAGER_INFO) as PackageManager[]
+  ).filter((m) => m !== selectedManager);
+
+  pi.on("tool_call", async (event, ctx) => {
+    if (event.toolName !== "bash") return;
+
+    const command = String(event.input.command ?? "");
+
+    for (const blockedManager of blockedManagers) {
+      const blocked = MANAGER_INFO[blockedManager];
+
+      if (blocked.pattern.test(command)) {
+        ctx.ui.notify(
+          `Blocked ${blocked.name} command. Use ${selected.name} instead.`,
+          "warning",
+        );
+
+        const reason =
+          `This project uses ${selected.name} as its package manager. ` +
+          `Use ${selected.name} instead of ${blocked.name}. ` +
+          `Run \`${selected.installCmd}\` to install dependencies, ` +
+          `\`${selected.addCmd}\` to add packages, ` +
+          `and \`${selected.runCmd}\` to run scripts.`;
+
+        emitBlocked(pi, {
+          feature: "enforcePackageManager",
+          toolName: "bash",
+          input: event.input,
+          reason,
+        });
+
+        return { block: true, reason };
+      }
+    }
+
+    return;
+  });
+}

package/hooks/index.ts

@@ -1,5 +1,6 @@
 import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
 import type { ResolvedConfig } from "../config-schema";
+import { setupEnforcePackageManagerHook } from "./enforce-package-manager";
 import { setupPermissionGateHook } from "./permission-gate";
 import { setupPreventBrewHook } from "./prevent-brew";
 import { setupPreventPythonHook } from "./prevent-python";
@@ -10,4 +11,5 @@ export function setupGuardrailsHooks(pi: ExtensionAPI, config: ResolvedConfig) {
   setupPreventPythonHook(pi, config);
   setupProtectEnvFilesHook(pi, config);
   setupPermissionGateHook(pi, config);
+  setupEnforcePackageManagerHook(pi, config);
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aliou/pi-guardrails",
-  "version": "0.4.0",
+  "version": "0.5.0",
   "type": "module",
   "private": false,
   "keywords": [

package/settings-command.ts

@@ -3,12 +3,46 @@ import { getSettingsListTheme } from "@mariozechner/pi-coding-agent";
 import { Key, matchesKey } from "@mariozechner/pi-tui";
 import { ArrayEditor } from "./array-editor";
 import { configLoader } from "./config";
-import type { GuardrailsConfig } from "./config-schema";
+import type { GuardrailsConfig, ResolvedConfig } from "./config-schema";
 import { PatternEditor } from "./pattern-editor";
 import { SectionedSettings, type SettingsSection } from "./sectioned-settings";
 
 type Tab = "local" | "global";
 
+// Typed feature UI definitions. Adding a key to ResolvedConfig.features
+// without adding it here will cause a type error.
+type FeatureKey = keyof ResolvedConfig["features"];
+
+interface FeatureUiDef {
+  label: string;
+  description: string;
+}
+
+const FEATURE_UI: Record<FeatureKey, FeatureUiDef> = {
+  preventBrew: {
+    label: "Prevent Homebrew",
+    description: "Block brew commands",
+  },
+  preventPython: {
+    label: "Prevent Python",
+    description: "Block python/pip/poetry commands. Use uv instead.",
+  },
+  protectEnvFiles: {
+    label: "Protect .env files",
+    description: "Block access to .env files containing secrets",
+  },
+  permissionGate: {
+    label: "Permission gate",
+    description:
+      "Prompt for confirmation on dangerous commands (rm -rf, sudo, etc.)",
+  },
+  enforcePackageManager: {
+    label: "Enforce package manager",
+    description:
+      "Enforce using a specific Node package manager (bun, pnpm, or npm)",
+  },
+};
+
 export function registerSettingsCommand(pi: ExtensionAPI): void {
   pi.registerCommand("guardrails:settings", {
     description: "Configure guardrails (local/global)",
@@ -168,45 +202,26 @@ export function registerSettingsCommand(pi: ExtensionAPI): void {
               : configLoader.getGlobalConfig();
           const resolved = configLoader.getConfig();
 
+          const featureItems = (Object.keys(FEATURE_UI) as FeatureKey[]).map(
+            (key) => {
+              const def = FEATURE_UI[key];
+              return {
+                id: `features.${key}`,
+                label: def.label,
+                description: def.description,
+                currentValue:
+                  (config.features?.[key] ?? resolved.features[key])
+                    ? "enabled"
+                    : "disabled",
+                values: ["enabled", "disabled"],
+              };
+            },
+          );
+
           const sections: SettingsSection[] = [
             {
               label: "Features",
-              items: [
-                {
-                  id: "features.preventBrew",
-                  label: "Prevent Homebrew",
-                  description: "Block brew commands",
-                  currentValue:
-                    (config.features?.preventBrew ??
-                    resolved.features.preventBrew)
-                      ? "enabled"
-                      : "disabled",
-                  values: ["enabled", "disabled"],
-                },
-                {
-                  id: "features.protectEnvFiles",
-                  label: "Protect .env files",
-                  description: "Block access to .env files containing secrets",
-                  currentValue:
-                    (config.features?.protectEnvFiles ??
-                    resolved.features.protectEnvFiles)
-                      ? "enabled"
-                      : "disabled",
-                  values: ["enabled", "disabled"],
-                },
-                {
-                  id: "features.permissionGate",
-                  label: "Permission gate",
-                  description:
-                    "Prompt for confirmation on dangerous commands (rm -rf, sudo, etc.)",
-                  currentValue:
-                    (config.features?.permissionGate ??
-                    resolved.features.permissionGate)
-                      ? "enabled"
-                      : "disabled",
-                  values: ["enabled", "disabled"],
-                },
-              ],
+              items: featureItems,
             },
             {
               label: "Env Files",
@@ -318,6 +333,21 @@ export function registerSettingsCommand(pi: ExtensionAPI): void {
                 },
               ],
             },
+            {
+              label: "Package Manager",
+              items: [
+                {
+                  id: "packageManager.selected",
+                  label: "Selected manager",
+                  description:
+                    "Which package manager to enforce (when feature is enabled)",
+                  currentValue:
+                    config.packageManager?.selected ??
+                    resolved.packageManager.selected,
+                  values: ["npm", "pnpm", "bun"],
+                },
+              ],
+            },
           ];
 
           return new SectionedSettings(
@@ -345,7 +375,7 @@ export function registerSettingsCommand(pi: ExtensionAPI): void {
               : configLoader.getGlobalConfig();
           const updated: GuardrailsConfig = structuredClone(config);
 
-          // Boolean toggles only - array saves handled by submenus
+          // Boolean toggles
           if (
             newValue === "enabled" ||
             newValue === "disabled" ||
@@ -355,6 +385,18 @@ export function registerSettingsCommand(pi: ExtensionAPI): void {
             const boolVal = newValue === "enabled" || newValue === "on";
             setNestedValue(updated, id, boolVal);
 
+            const ok = await saveTabConfig(tab, updated);
+            if (ok) {
+              settings = buildSettings(activeTab);
+              tui.requestRender();
+            }
+            return;
+          }
+
+          // Package manager selection
+          if (id === "packageManager.selected") {
+            setNestedValue(updated, id, newValue);
+
             const ok = await saveTabConfig(tab, updated);
             if (ok) {
               settings = buildSettings(activeTab);