@aliou/pi-guardrails 0.4.1 → 0.5.1

package/README.md

@@ -36,8 +36,10 @@ pi install npm:@aliou/pi-guardrails
 ## Features
 
 - **prevent-brew**: Blocks Homebrew commands (disabled by default)
+- **prevent-python**: Blocks Python/pip/poetry commands, suggests uv instead (disabled by default)
 - **protect-env-files**: Prevents access to `.env` files (except `.example`/`.sample`/`.test`)
 - **permission-gate**: Prompts for confirmation on dangerous commands
+- **enforce-package-manager**: Enforces a specific Node package manager (npm, pnpm, or bun) (disabled by default)
 
 ## Configuration
 
@@ -61,8 +63,13 @@ Use `Tab` / `Shift+Tab` to switch tabs. Boolean settings can be toggled directly
   "enabled": true,
   "features": {
     "preventBrew": false,
+    "preventPython": false,
     "protectEnvFiles": true,
-    "permissionGate": true
+    "permissionGate": true,
+    "enforcePackageManager": false
+  },
+  "packageManager": {
+    "selected": "npm"
   },
   "envFiles": {
     "protectedPatterns": ["\\.env$", "\\.env\\.local$"],
@@ -96,8 +103,16 @@ All fields are optional. Missing fields use defaults shown above.
 | Key | Default | Description |
 |---|---|---|
 | `preventBrew` | `false` | Block Homebrew install/upgrade commands |
+| `preventPython` | `false` | Block python/pip/poetry commands (use uv instead) |
 | `protectEnvFiles` | `true` | Block access to `.env` files containing secrets |
 | `permissionGate` | `true` | Prompt for confirmation on dangerous commands |
+| `enforcePackageManager` | `false` | Enforce a specific Node package manager |
+
+#### `packageManager`
+
+| Key | Default | Description |
+|---|---|---|
+| `selected` | `"npm"` | Package manager to enforce: `"npm"`, `"pnpm"`, or `"bun"` |
 
 #### `envFiles`
 
@@ -156,6 +171,19 @@ Auto-deny certain commands:
 }
 ```
 
+Enforce pnpm as the package manager:
+
+```json
+{
+  "features": {
+    "enforcePackageManager": true
+  },
+  "packageManager": {
+    "selected": "pnpm"
+  }
+}
+```
+
 ## Events
 
 The extension emits events on the pi event bus for inter-extension communication.
@@ -166,7 +194,7 @@ Emitted when a tool call is blocked by any guardrail.
 
 ```typescript
 interface GuardrailsBlockedEvent {
-  feature: "preventBrew" | "protectEnvFiles" | "permissionGate";
+  feature: "preventBrew" | "preventPython" | "protectEnvFiles" | "permissionGate" | "enforcePackageManager";
   toolName: string;
   input: Record<string, unknown>;
   reason: string;
@@ -201,6 +229,17 @@ Blocked patterns:
 - `brew upgrade`
 - `brew reinstall`
 
+### prevent-python
+
+Blocks bash commands that use Python tooling directly. Disabled by default. Enable if your project uses uv for Python management.
+
+Blocked patterns:
+- `python`, `python3`
+- `pip`, `pip3`
+- `poetry`
+- `pyenv`
+- `virtualenv`, `venv`
+
 ### protect-env-files
 
 Prevents accessing `.env` files that might contain secrets. Only allows access to safe variants:
@@ -225,3 +264,14 @@ Prompts user confirmation before executing dangerous commands:
 - `chown -R` (recursive ownership change)
 
 All patterns are configurable. Supports allow-lists and auto-deny lists.
+
+### enforce-package-manager
+
+Enforces using a specific Node package manager. Disabled by default. When enabled, blocks commands using non-selected package managers.
+
+Configure via `packageManager.selected`:
+- `"npm"` (default)
+- `"pnpm"`
+- `"bun"`
+
+Example: If `selected` is `"pnpm"`, running `npm install` or `bun add` will be blocked with a message instructing the agent to use `pnpm` instead.

package/config-schema.ts

@@ -12,6 +12,10 @@ export interface GuardrailsConfig {
     preventPython?: boolean;
     protectEnvFiles?: boolean;
     permissionGate?: boolean;
+    enforcePackageManager?: boolean;
+  };
+  packageManager?: {
+    selected?: "bun" | "pnpm" | "npm";
   };
   envFiles?: {
     protectedPatterns?: string[];
@@ -38,6 +42,10 @@ export interface ResolvedConfig {
     preventPython: boolean;
     protectEnvFiles: boolean;
     permissionGate: boolean;
+    enforcePackageManager: boolean;
+  };
+  packageManager: {
+    selected: "bun" | "pnpm" | "npm";
   };
   envFiles: {
     protectedPatterns: string[];

package/config.ts

@@ -19,9 +19,19 @@ const DEFAULT_CONFIG: ResolvedConfig = {
     preventPython: false,
     protectEnvFiles: true,
     permissionGate: true,
+    enforcePackageManager: false,
+  },
+  packageManager: {
+    selected: "npm",
   },
   envFiles: {
-    protectedPatterns: ["\\.env$", "\\.env\\.local$"],
+    protectedPatterns: [
+      "\\.env$",
+      "\\.env\\.local$",
+      "\\.env\\.production$",
+      "\\.env\\.prod$",
+      "\\.dev\\.vars$",
+    ],
     allowedPatterns: [
       "\\.(example|sample|test)\\.env$",
       "\\.env\\.(example|sample|test)$",

package/events.ts

@@ -8,7 +8,8 @@ export interface GuardrailsBlockedEvent {
     | "preventBrew"
     | "preventPython"
     | "protectEnvFiles"
-    | "permissionGate";
+    | "permissionGate"
+    | "enforcePackageManager";
   toolName: string;
   input: Record<string, unknown>;
   reason: string;

package/hooks/enforce-package-manager.ts

@@ -0,0 +1,96 @@
+import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+import type { ResolvedConfig } from "../config-schema";
+import { emitBlocked } from "../events";
+
+/**
+ * Enforces using a specific Node package manager (bun, pnpm, or npm).
+ * Blocks commands using non-selected package managers.
+ */
+
+const BUN_PATTERN = /\bbun\b/;
+const PNPM_PATTERN = /\bpnpm\b/;
+const NPM_PATTERN = /\bnpm\b/;
+
+type PackageManager = "bun" | "pnpm" | "npm";
+
+interface ManagerInfo {
+  pattern: RegExp;
+  name: string;
+  installCmd: string;
+  addCmd: string;
+  runCmd: string;
+}
+
+const MANAGER_INFO: Record<PackageManager, ManagerInfo> = {
+  bun: {
+    pattern: BUN_PATTERN,
+    name: "bun",
+    installCmd: "bun install",
+    addCmd: "bun add <package>",
+    runCmd: "bun run <script>",
+  },
+  pnpm: {
+    pattern: PNPM_PATTERN,
+    name: "pnpm",
+    installCmd: "pnpm install",
+    addCmd: "pnpm add <package>",
+    runCmd: "pnpm run <script>",
+  },
+  npm: {
+    pattern: NPM_PATTERN,
+    name: "npm",
+    installCmd: "npm install",
+    addCmd: "npm install <package>",
+    runCmd: "npm run <script>",
+  },
+};
+
+export function setupEnforcePackageManagerHook(
+  pi: ExtensionAPI,
+  config: ResolvedConfig,
+) {
+  if (!config.features.enforcePackageManager) return;
+
+  const selectedManager = config.packageManager.selected;
+  const selected = MANAGER_INFO[selectedManager];
+
+  // Get all managers that should be blocked (all except the selected one)
+  const blockedManagers = (
+    Object.keys(MANAGER_INFO) as PackageManager[]
+  ).filter((m) => m !== selectedManager);
+
+  pi.on("tool_call", async (event, ctx) => {
+    if (event.toolName !== "bash") return;
+
+    const command = String(event.input.command ?? "");
+
+    for (const blockedManager of blockedManagers) {
+      const blocked = MANAGER_INFO[blockedManager];
+
+      if (blocked.pattern.test(command)) {
+        ctx.ui.notify(
+          `Blocked ${blocked.name} command. Use ${selected.name} instead.`,
+          "warning",
+        );
+
+        const reason =
+          `This project uses ${selected.name} as its package manager. ` +
+          `Use ${selected.name} instead of ${blocked.name}. ` +
+          `Run \`${selected.installCmd}\` to install dependencies, ` +
+          `\`${selected.addCmd}\` to add packages, ` +
+          `and \`${selected.runCmd}\` to run scripts.`;
+
+        emitBlocked(pi, {
+          feature: "enforcePackageManager",
+          toolName: "bash",
+          input: event.input,
+          reason,
+        });
+
+        return { block: true, reason };
+      }
+    }
+
+    return;
+  });
+}

package/hooks/index.ts

@@ -1,5 +1,6 @@
 import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
 import type { ResolvedConfig } from "../config-schema";
+import { setupEnforcePackageManagerHook } from "./enforce-package-manager";
 import { setupPermissionGateHook } from "./permission-gate";
 import { setupPreventBrewHook } from "./prevent-brew";
 import { setupPreventPythonHook } from "./prevent-python";
@@ -10,4 +11,5 @@ export function setupGuardrailsHooks(pi: ExtensionAPI, config: ResolvedConfig) {
   setupPreventPythonHook(pi, config);
   setupProtectEnvFilesHook(pi, config);
   setupPermissionGateHook(pi, config);
+  setupEnforcePackageManagerHook(pi, config);
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aliou/pi-guardrails",
-  "version": "0.4.1",
+  "version": "0.5.1",
   "type": "module",
   "private": false,
   "keywords": [
@@ -28,7 +28,7 @@
     "README.md"
   ],
   "peerDependencies": {
-    "@mariozechner/pi-coding-agent": "0.50.0",
-    "@mariozechner/pi-tui": "0.50.0"
+    "@mariozechner/pi-coding-agent": "0.50.3",
+    "@mariozechner/pi-tui": "0.50.3"
   }
 }

package/settings-command.ts

@@ -36,6 +36,11 @@ const FEATURE_UI: Record<FeatureKey, FeatureUiDef> = {
     description:
       "Prompt for confirmation on dangerous commands (rm -rf, sudo, etc.)",
   },
+  enforcePackageManager: {
+    label: "Enforce package manager",
+    description:
+      "Enforce using a specific Node package manager (bun, pnpm, or npm)",
+  },
 };
 
 export function registerSettingsCommand(pi: ExtensionAPI): void {
@@ -328,6 +333,21 @@ export function registerSettingsCommand(pi: ExtensionAPI): void {
                 },
               ],
             },
+            {
+              label: "Package Manager",
+              items: [
+                {
+                  id: "packageManager.selected",
+                  label: "Selected manager",
+                  description:
+                    "Which package manager to enforce (when feature is enabled)",
+                  currentValue:
+                    config.packageManager?.selected ??
+                    resolved.packageManager.selected,
+                  values: ["npm", "pnpm", "bun"],
+                },
+              ],
+            },
           ];
 
           return new SectionedSettings(
@@ -355,7 +375,7 @@ export function registerSettingsCommand(pi: ExtensionAPI): void {
               : configLoader.getGlobalConfig();
           const updated: GuardrailsConfig = structuredClone(config);
 
-          // Boolean toggles only - array saves handled by submenus
+          // Boolean toggles
           if (
             newValue === "enabled" ||
             newValue === "disabled" ||
@@ -365,6 +385,18 @@ export function registerSettingsCommand(pi: ExtensionAPI): void {
             const boolVal = newValue === "enabled" || newValue === "on";
             setNestedValue(updated, id, boolVal);
 
+            const ok = await saveTabConfig(tab, updated);
+            if (ok) {
+              settings = buildSettings(activeTab);
+              tui.requestRender();
+            }
+            return;
+          }
+
+          // Package manager selection
+          if (id === "packageManager.selected") {
+            setNestedValue(updated, id, newValue);
+
             const ok = await saveTabConfig(tab, updated);
             if (ok) {
               settings = buildSettings(activeTab);