@aliou/pi-guardrails 0.5.4 → 0.6.1

package/array-editor.ts

@@ -1,213 +0,0 @@
-import type { Component, SettingsListTheme } from "@mariozechner/pi-tui";
-import {
-  Input,
-  Key,
-  matchesKey,
-  truncateToWidth,
-  visibleWidth,
-} from "@mariozechner/pi-tui";
-
-/**
- * A submenu component for editing string arrays inside a SettingsList.
- *
- * Modes:
- * - list: navigate items, delete with 'd', add with 'a', edit with 'e'/Enter
- * - add: text input for new item, confirm with Enter, cancel with Escape
- * - edit: text input pre-filled with current value, Enter saves, Escape cancels
- */
-
-export interface ArrayEditorOptions {
-  label: string;
-  items: string[];
-  theme: SettingsListTheme;
-  onSave: (items: string[]) => void;
-  onDone: () => void;
-  /** Max visible items before scrolling */
-  maxVisible?: number;
-}
-
-export class ArrayEditor implements Component {
-  private items: string[];
-  private label: string;
-  private theme: SettingsListTheme;
-  private onSave: (items: string[]) => void;
-  private onDone: () => void;
-  private selectedIndex = 0;
-  private maxVisible: number;
-  private mode: "list" | "add" | "edit" = "list";
-  private input: Input;
-  private editIndex = -1;
-
-  constructor(options: ArrayEditorOptions) {
-    this.items = [...options.items];
-    this.label = options.label;
-    this.theme = options.theme;
-    this.onSave = options.onSave;
-    this.onDone = options.onDone;
-    this.maxVisible = options.maxVisible ?? 10;
-    this.input = new Input();
-    this.input.onSubmit = (value: string) => {
-      if (this.mode === "edit") {
-        this.submitEdit(value);
-      } else {
-        this.submitAdd(value);
-      }
-    };
-    this.input.onEscape = () => {
-      this.mode = "list";
-      this.editIndex = -1;
-    };
-  }
-
-  private submitAdd(value: string) {
-    const trimmed = value.trim();
-    if (!trimmed) {
-      this.mode = "list";
-      return;
-    }
-    this.items.push(trimmed);
-    this.selectedIndex = this.items.length - 1;
-    this.save();
-    this.mode = "list";
-    this.input.setValue("");
-  }
-
-  private submitEdit(value: string) {
-    const trimmed = value.trim();
-    if (!trimmed) {
-      // Empty value = cancel edit
-      this.mode = "list";
-      this.editIndex = -1;
-      return;
-    }
-    this.items[this.editIndex] = trimmed;
-    this.save();
-    this.mode = "list";
-    this.editIndex = -1;
-    this.input.setValue("");
-  }
-
-  private deleteSelected() {
-    if (this.items.length === 0) return;
-    this.items.splice(this.selectedIndex, 1);
-    if (this.selectedIndex >= this.items.length) {
-      this.selectedIndex = Math.max(0, this.items.length - 1);
-    }
-    this.save();
-  }
-
-  private startEdit() {
-    if (this.items.length === 0) return;
-    this.editIndex = this.selectedIndex;
-    this.mode = "edit";
-    this.input.setValue(this.items[this.selectedIndex] as string);
-  }
-
-  private save() {
-    this.onSave([...this.items]);
-  }
-
-  invalidate() {}
-
-  render(width: number): string[] {
-    const lines: string[] = [];
-
-    // Header
-    lines.push(this.theme.label(` ${this.label}`, true));
-    lines.push("");
-
-    if (this.mode === "add" || this.mode === "edit") {
-      return [...lines, ...this.renderInputMode(width)];
-    }
-
-    return [...lines, ...this.renderListMode(width)];
-  }
-
-  private renderListMode(width: number): string[] {
-    const lines: string[] = [];
-
-    if (this.items.length === 0) {
-      lines.push(this.theme.hint("  (empty)"));
-    } else {
-      const startIndex = Math.max(
-        0,
-        Math.min(
-          this.selectedIndex - Math.floor(this.maxVisible / 2),
-          this.items.length - this.maxVisible,
-        ),
-      );
-      const endIndex = Math.min(
-        startIndex + this.maxVisible,
-        this.items.length,
-      );
-
-      for (let i = startIndex; i < endIndex; i++) {
-        const item = this.items[i];
-        if (!item) continue;
-        const isSelected = i === this.selectedIndex;
-        const prefix = isSelected ? this.theme.cursor : "  ";
-        const prefixWidth = visibleWidth(prefix);
-        const maxItemWidth = width - prefixWidth - 2;
-        const text = this.theme.value(
-          truncateToWidth(item, maxItemWidth, ""),
-          isSelected,
-        );
-        lines.push(prefix + text);
-      }
-
-      if (startIndex > 0 || endIndex < this.items.length) {
-        lines.push(
-          this.theme.hint(`  (${this.selectedIndex + 1}/${this.items.length})`),
-        );
-      }
-    }
-
-    lines.push("");
-    lines.push(
-      this.theme.hint("  a: add · e/Enter: edit · d: delete · Esc: back"),
-    );
-
-    return lines;
-  }
-
-  private renderInputMode(width: number): string[] {
-    const lines: string[] = [];
-    const label = this.mode === "edit" ? "  Edit item:" : "  New item:";
-    lines.push(this.theme.hint(label));
-    lines.push(`  ${this.input.render(width - 4).join("")}`);
-    lines.push("");
-    lines.push(this.theme.hint("  Enter: confirm · Esc: cancel"));
-    return lines;
-  }
-
-  handleInput(data: string) {
-    if (this.mode === "add" || this.mode === "edit") {
-      this.input.handleInput(data);
-      return;
-    }
-
-    // List mode
-    if (matchesKey(data, Key.up) || data === "k") {
-      if (this.items.length === 0) return;
-      this.selectedIndex =
-        this.selectedIndex === 0
-          ? this.items.length - 1
-          : this.selectedIndex - 1;
-    } else if (matchesKey(data, Key.down) || data === "j") {
-      if (this.items.length === 0) return;
-      this.selectedIndex =
-        this.selectedIndex === this.items.length - 1
-          ? 0
-          : this.selectedIndex + 1;
-    } else if (data === "a" || data === "A") {
-      this.mode = "add";
-      this.input.setValue("");
-    } else if (data === "e" || data === "E" || matchesKey(data, Key.enter)) {
-      this.startEdit();
-    } else if (data === "d" || data === "D") {
-      this.deleteSelected();
-    } else if (matchesKey(data, Key.escape)) {
-      this.onDone();
-    }
-  }
-}

package/config-schema.ts

@@ -1,64 +0,0 @@
-/**
- * Configuration schema for the guardrails extension.
- *
- * GuardrailsConfig is the user-facing schema (all fields optional).
- * ResolvedConfig is the internal schema (all fields required, defaults applied).
- */
-
-export interface GuardrailsConfig {
-  enabled?: boolean;
-  features?: {
-    preventBrew?: boolean;
-    preventPython?: boolean;
-    protectEnvFiles?: boolean;
-    permissionGate?: boolean;
-    enforcePackageManager?: boolean;
-  };
-  packageManager?: {
-    selected?: "bun" | "pnpm" | "npm";
-  };
-  envFiles?: {
-    protectedPatterns?: string[];
-    allowedPatterns?: string[];
-    protectedDirectories?: string[];
-    protectedTools?: string[];
-    onlyBlockIfExists?: boolean;
-    blockMessage?: string;
-  };
-  permissionGate?: {
-    patterns?: Array<{ pattern: string; description: string }>;
-    /** If set, replaces the default patterns entirely. */
-    customPatterns?: Array<{ pattern: string; description: string }>;
-    requireConfirmation?: boolean;
-    allowedPatterns?: string[];
-    autoDenyPatterns?: string[];
-  };
-}
-
-export interface ResolvedConfig {
-  enabled: boolean;
-  features: {
-    preventBrew: boolean;
-    preventPython: boolean;
-    protectEnvFiles: boolean;
-    permissionGate: boolean;
-    enforcePackageManager: boolean;
-  };
-  packageManager: {
-    selected: "bun" | "pnpm" | "npm";
-  };
-  envFiles: {
-    protectedPatterns: string[];
-    allowedPatterns: string[];
-    protectedDirectories: string[];
-    protectedTools: string[];
-    onlyBlockIfExists: boolean;
-    blockMessage: string;
-  };
-  permissionGate: {
-    patterns: Array<{ pattern: string; description: string }>;
-    requireConfirmation: boolean;
-    allowedPatterns: string[];
-    autoDenyPatterns: string[];
-  };
-}

package/hooks/enforce-package-manager.ts

@@ -1,96 +0,0 @@
-import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
-import type { ResolvedConfig } from "../config-schema";
-import { emitBlocked } from "../events";
-
-/**
- * Enforces using a specific Node package manager (bun, pnpm, or npm).
- * Blocks commands using non-selected package managers.
- */
-
-const BUN_PATTERN = /\bbun\b/;
-const PNPM_PATTERN = /\bpnpm\b/;
-const NPM_PATTERN = /\bnpm\b/;
-
-type PackageManager = "bun" | "pnpm" | "npm";
-
-interface ManagerInfo {
-  pattern: RegExp;
-  name: string;
-  installCmd: string;
-  addCmd: string;
-  runCmd: string;
-}
-
-const MANAGER_INFO: Record<PackageManager, ManagerInfo> = {
-  bun: {
-    pattern: BUN_PATTERN,
-    name: "bun",
-    installCmd: "bun install",
-    addCmd: "bun add <package>",
-    runCmd: "bun run <script>",
-  },
-  pnpm: {
-    pattern: PNPM_PATTERN,
-    name: "pnpm",
-    installCmd: "pnpm install",
-    addCmd: "pnpm add <package>",
-    runCmd: "pnpm run <script>",
-  },
-  npm: {
-    pattern: NPM_PATTERN,
-    name: "npm",
-    installCmd: "npm install",
-    addCmd: "npm install <package>",
-    runCmd: "npm run <script>",
-  },
-};
-
-export function setupEnforcePackageManagerHook(
-  pi: ExtensionAPI,
-  config: ResolvedConfig,
-) {
-  if (!config.features.enforcePackageManager) return;
-
-  const selectedManager = config.packageManager.selected;
-  const selected = MANAGER_INFO[selectedManager];
-
-  // Get all managers that should be blocked (all except the selected one)
-  const blockedManagers = (
-    Object.keys(MANAGER_INFO) as PackageManager[]
-  ).filter((m) => m !== selectedManager);
-
-  pi.on("tool_call", async (event, ctx) => {
-    if (event.toolName !== "bash") return;
-
-    const command = String(event.input.command ?? "");
-
-    for (const blockedManager of blockedManagers) {
-      const blocked = MANAGER_INFO[blockedManager];
-
-      if (blocked.pattern.test(command)) {
-        ctx.ui.notify(
-          `Blocked ${blocked.name} command. Use ${selected.name} instead.`,
-          "warning",
-        );
-
-        const reason =
-          `This project uses ${selected.name} as its package manager. ` +
-          `Use ${selected.name} instead of ${blocked.name}. ` +
-          `Run \`${selected.installCmd}\` to install dependencies, ` +
-          `\`${selected.addCmd}\` to add packages, ` +
-          `and \`${selected.runCmd}\` to run scripts.`;
-
-        emitBlocked(pi, {
-          feature: "enforcePackageManager",
-          toolName: "bash",
-          input: event.input,
-          reason,
-        });
-
-        return { block: true, reason };
-      }
-    }
-
-    return;
-  });
-}

package/hooks/prevent-brew.ts

@@ -1,41 +0,0 @@
-import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
-import type { ResolvedConfig } from "../config-schema";
-import { emitBlocked } from "../events";
-
-/**
- * Blocks all brew commands. Homebrew is not installed on this machine.
- */
-
-const BREW_PATTERN = /\bbrew\b/;
-
-export function setupPreventBrewHook(pi: ExtensionAPI, config: ResolvedConfig) {
-  if (!config.features.preventBrew) return;
-
-  pi.on("tool_call", async (event, ctx) => {
-    if (event.toolName !== "bash") return;
-
-    const command = String(event.input.command ?? "");
-
-    if (BREW_PATTERN.test(command)) {
-      ctx.ui.notify(
-        "Blocked brew command. Homebrew is not installed.",
-        "warning",
-      );
-
-      const reason =
-        "Homebrew is not installed on this machine. " +
-        "Use Nix for package management instead. " +
-        "Run packages via nix-shell or add them to the project's Nix configuration.";
-
-      emitBlocked(pi, {
-        feature: "preventBrew",
-        toolName: "bash",
-        input: event.input,
-        reason,
-      });
-
-      return { block: true, reason };
-    }
-    return;
-  });
-}

package/hooks/prevent-python.ts

@@ -1,45 +0,0 @@
-import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
-import type { ResolvedConfig } from "../config-schema";
-import { emitBlocked } from "../events";
-
-/**
- * Blocks all Python-related commands including python, python3, pip, poetry, etc.
- * Use uv for Python package management instead.
- */
-
-const PYTHON_PATTERN =
-  /\b(python|python3|pip|pip3|poetry|pyenv|virtualenv|venv)\b/;
-
-export function setupPreventPythonHook(
-  pi: ExtensionAPI,
-  config: ResolvedConfig,
-) {
-  if (!config.features.preventPython) return;
-
-  pi.on("tool_call", async (event, ctx) => {
-    if (event.toolName !== "bash") return;
-
-    const command = String(event.input.command ?? "");
-
-    if (PYTHON_PATTERN.test(command)) {
-      ctx.ui.notify("Blocked Python command. Use uv instead.", "warning");
-
-      const reason =
-        "Python is not available globally on this machine. " +
-        "Use uv for Python package management instead. " +
-        "Run `uv init` to create a new Python project, " +
-        "or `uv run python` to run Python scripts. " +
-        "Use `uv add` to install packages (replaces pip/poetry).";
-
-      emitBlocked(pi, {
-        feature: "preventPython",
-        toolName: "bash",
-        input: event.input,
-        reason,
-      });
-
-      return { block: true, reason };
-    }
-    return;
-  });
-}