@aliou/pi-guardrails 0.6.0 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/{settings-command.ts → commands/settings-command.ts} +4 -5
  2. package/config.ts +78 -2
  3. package/hooks/index.ts +1 -1
  4. package/hooks/permission-gate.ts +7 -4
  5. package/hooks/protect-env-files.ts +5 -5
  6. package/index.ts +1 -1
  7. package/package.json +5 -2
  8. package/{matching.ts → utils/matching.ts} +1 -1
  9. package/{migration.ts → utils/migration.ts} +1 -1
  10. package/config-schema.ts +0 -76
  11. /package/{pattern-editor.ts → components/pattern-editor.ts} +0 -0
  12. /package/{events.ts → utils/events.ts} +0 -0
  13. /package/{glob-expander.ts → utils/glob-expander.ts} +0 -0
  14. /package/{shell-utils.ts → utils/shell-utils.ts} +0 -0
package/{settings-command.ts → commands/settings-command.ts} RENAMED
@@ -7,14 +7,14 @@ import {
7
7
  } from "@aliou/pi-utils-settings";
8
8
  import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
9
9
  import { getSettingsListTheme } from "@mariozechner/pi-coding-agent";
10
- import { configLoader } from "./config";
10
+ import { PatternEditor } from "../components/pattern-editor";
11
11
  import type {
12
12
  DangerousPattern,
13
13
  GuardrailsConfig,
14
14
  PatternConfig,
15
15
  ResolvedConfig,
16
- } from "./config-schema";
17
- import { PatternEditor } from "./pattern-editor";
16
+ } from "../config";
17
+ import { configLoader } from "../config";
18
18
 
19
19
  type FeatureKey = keyof ResolvedConfig["features"];
20
20
 
@@ -31,8 +31,6 @@ const FEATURE_UI: Record<FeatureKey, { label: string; description: string }> = {
31
31
  };
32
32
 
33
33
  export function registerGuardrailsSettings(pi: ExtensionAPI): void {
34
- const settingsTheme = getSettingsListTheme();
35
-
36
34
  registerSettingsCommand<GuardrailsConfig, ResolvedConfig>(pi, {
37
35
  commandName: "guardrails:settings",
38
36
  title: "Guardrails Settings",
@@ -42,6 +40,7 @@ export function registerGuardrailsSettings(pi: ExtensionAPI): void {
42
40
  resolved: ResolvedConfig,
43
41
  { setDraft },
44
42
  ): SettingsSection[] => {
43
+ const settingsTheme = getSettingsListTheme();
45
44
  // --- Helpers ---
46
45
 
47
46
  function count(id: string): string {
package/config.ts CHANGED
@@ -1,11 +1,87 @@
1
+ /**
2
+ * Configuration schema for the guardrails extension.
3
+ *
4
+ * GuardrailsConfig is the user-facing schema (all fields optional).
5
+ * ResolvedConfig is the internal schema (all fields required, defaults applied).
6
+ */
7
+
8
+ /**
9
+ * A pattern with explicit matching mode.
10
+ * Default: glob for files, substring for commands.
11
+ * regex: true means full regex matching.
12
+ */
13
+ export interface PatternConfig {
14
+ pattern: string;
15
+ regex?: boolean;
16
+ }
17
+
18
+ /**
19
+ * Permission gate pattern. When regex is false (default), the pattern
20
+ * is matched as substring against the raw command string.
21
+ * When regex is true, uses full regex against the raw string.
22
+ */
23
+ export interface DangerousPattern extends PatternConfig {
24
+ description: string;
25
+ }
26
+
27
+ export interface GuardrailsConfig {
28
+ version?: string;
29
+ enabled?: boolean;
30
+ features?: {
31
+ protectEnvFiles?: boolean;
32
+ permissionGate?: boolean;
33
+ };
34
+ envFiles?: {
35
+ protectedPatterns?: PatternConfig[];
36
+ allowedPatterns?: PatternConfig[];
37
+ protectedDirectories?: PatternConfig[];
38
+ protectedTools?: string[];
39
+ onlyBlockIfExists?: boolean;
40
+ blockMessage?: string;
41
+ };
42
+ permissionGate?: {
43
+ patterns?: DangerousPattern[];
44
+ /** If set, replaces the default patterns entirely. */
45
+ customPatterns?: DangerousPattern[];
46
+ requireConfirmation?: boolean;
47
+ allowedPatterns?: PatternConfig[];
48
+ autoDenyPatterns?: PatternConfig[];
49
+ };
50
+ }
51
+
52
+ export interface ResolvedConfig {
53
+ version: string;
54
+ enabled: boolean;
55
+ features: {
56
+ protectEnvFiles: boolean;
57
+ permissionGate: boolean;
58
+ };
59
+ envFiles: {
60
+ protectedPatterns: PatternConfig[];
61
+ allowedPatterns: PatternConfig[];
62
+ protectedDirectories: PatternConfig[];
63
+ protectedTools: string[];
64
+ onlyBlockIfExists: boolean;
65
+ blockMessage: string;
66
+ };
67
+ permissionGate: {
68
+ patterns: DangerousPattern[];
69
+ /** When true, use hardcoded structural matchers for built-in patterns.
70
+ * Set to false when customPatterns replaces the defaults. */
71
+ useBuiltinMatchers: boolean;
72
+ requireConfirmation: boolean;
73
+ allowedPatterns: PatternConfig[];
74
+ autoDenyPatterns: PatternConfig[];
75
+ };
76
+ }
77
+
1
78
  import { ConfigLoader, type Migration } from "@aliou/pi-utils-settings";
2
- import type { GuardrailsConfig, ResolvedConfig } from "./config-schema";
3
79
  import {
4
80
  backupConfig,
5
81
  CURRENT_VERSION,
6
82
  migrateV0,
7
83
  needsMigration,
8
- } from "./migration";
84
+ } from "./utils/migration";
9
85
 
10
86
  /**
11
87
  * Config fields removed in the toolchain extraction.
package/hooks/index.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
2
- import type { ResolvedConfig } from "../config-schema";
2
+ import type { ResolvedConfig } from "../config";
3
3
  import { setupPermissionGateHook } from "./permission-gate";
4
4
  import { setupProtectEnvFilesHook } from "./protect-env-files";
5
5
 
package/hooks/permission-gate.ts CHANGED
@@ -9,10 +9,13 @@ import {
9
9
  Text,
10
10
  wrapTextWithAnsi,
11
11
  } from "@mariozechner/pi-tui";
12
- import type { DangerousPattern, ResolvedConfig } from "../config-schema";
13
- import { emitBlocked, emitDangerous } from "../events";
14
- import { type CompiledPattern, compileCommandPatterns } from "../matching";
15
- import { walkCommands, wordToString } from "../shell-utils";
12
+ import type { DangerousPattern, ResolvedConfig } from "../config";
13
+ import { emitBlocked, emitDangerous } from "../utils/events";
14
+ import {
15
+ type CompiledPattern,
16
+ compileCommandPatterns,
17
+ } from "../utils/matching";
18
+ import { walkCommands, wordToString } from "../utils/shell-utils";
16
19
 
17
20
  /**
18
21
  * Permission gate that prompts user confirmation for dangerous commands.
package/hooks/protect-env-files.ts CHANGED
@@ -2,11 +2,11 @@ import { stat } from "node:fs/promises";
2
2
  import { resolve } from "node:path";
3
3
  import { parse } from "@aliou/sh";
4
4
  import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
5
- import type { ResolvedConfig } from "../config-schema";
6
- import { emitBlocked } from "../events";
7
- import { expandGlob, hasGlobChars } from "../glob-expander";
8
- import { type CompiledPattern, compileFilePatterns } from "../matching";
9
- import { walkCommands, wordToString } from "../shell-utils";
5
+ import type { ResolvedConfig } from "../config";
6
+ import { emitBlocked } from "../utils/events";
7
+ import { expandGlob, hasGlobChars } from "../utils/glob-expander";
8
+ import { type CompiledPattern, compileFilePatterns } from "../utils/matching";
9
+ import { walkCommands, wordToString } from "../utils/shell-utils";
10
10
 
11
11
  /**
12
12
  * Prevents accessing .env files unless they match an allowed pattern.
package/index.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
2
+ import { registerGuardrailsSettings } from "./commands/settings-command";
2
3
  import { configLoader } from "./config";
3
4
  import { setupGuardrailsHooks } from "./hooks";
4
- import { registerGuardrailsSettings } from "./settings-command";
5
5
 
6
6
  /**
7
7
  * Guardrails Extension
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aliou/pi-guardrails",
3
- "version": "0.6.0",
3
+ "version": "0.6.1",
4
4
  "type": "module",
5
5
  "private": false,
6
6
  "keywords": [
@@ -26,11 +26,14 @@
26
26
  "files": [
27
27
  "*.ts",
28
28
  "hooks",
29
+ "commands",
30
+ "components",
31
+ "utils",
29
32
  "README.md"
30
33
  ],
31
34
  "dependencies": {
32
35
  "@aliou/pi-utils-settings": "^0.1.0",
33
- "@aliou/sh": "github:aliou/sh#v0.1.0"
36
+ "@aliou/sh": "^0.1.0"
34
37
  },
35
38
  "peerDependencies": {
36
39
  "@mariozechner/pi-coding-agent": ">=0.51.0"
package/{matching.ts → utils/matching.ts} RENAMED
@@ -8,7 +8,7 @@
8
8
  * Both support `regex: true` for full regex matching.
9
9
  */
10
10
 
11
- import type { PatternConfig } from "./config-schema";
11
+ import type { PatternConfig } from "../config";
12
12
 
13
13
  export interface CompiledPattern {
14
14
  test: (input: string) => boolean;
package/{migration.ts → utils/migration.ts} RENAMED
@@ -12,7 +12,7 @@ import type {
12
12
  DangerousPattern,
13
13
  GuardrailsConfig,
14
14
  PatternConfig,
15
- } from "./config-schema";
15
+ } from "../config";
16
16
 
17
17
  export const CURRENT_VERSION = "0.6.0-20260204";
18
18
 
package/config-schema.ts DELETED
@@ -1,76 +0,0 @@
1
- /**
2
- * Configuration schema for the guardrails extension.
3
- *
4
- * GuardrailsConfig is the user-facing schema (all fields optional).
5
- * ResolvedConfig is the internal schema (all fields required, defaults applied).
6
- */
7
-
8
- /**
9
- * A pattern with explicit matching mode.
10
- * Default: glob for files, substring for commands.
11
- * regex: true means full regex matching.
12
- */
13
- export interface PatternConfig {
14
- pattern: string;
15
- regex?: boolean;
16
- }
17
-
18
- /**
19
- * Permission gate pattern. When regex is false (default), the pattern
20
- * is matched as substring against the raw command string.
21
- * When regex is true, uses full regex against the raw string.
22
- */
23
- export interface DangerousPattern extends PatternConfig {
24
- description: string;
25
- }
26
-
27
- export interface GuardrailsConfig {
28
- version?: string;
29
- enabled?: boolean;
30
- features?: {
31
- protectEnvFiles?: boolean;
32
- permissionGate?: boolean;
33
- };
34
- envFiles?: {
35
- protectedPatterns?: PatternConfig[];
36
- allowedPatterns?: PatternConfig[];
37
- protectedDirectories?: PatternConfig[];
38
- protectedTools?: string[];
39
- onlyBlockIfExists?: boolean;
40
- blockMessage?: string;
41
- };
42
- permissionGate?: {
43
- patterns?: DangerousPattern[];
44
- /** If set, replaces the default patterns entirely. */
45
- customPatterns?: DangerousPattern[];
46
- requireConfirmation?: boolean;
47
- allowedPatterns?: PatternConfig[];
48
- autoDenyPatterns?: PatternConfig[];
49
- };
50
- }
51
-
52
- export interface ResolvedConfig {
53
- version: string;
54
- enabled: boolean;
55
- features: {
56
- protectEnvFiles: boolean;
57
- permissionGate: boolean;
58
- };
59
- envFiles: {
60
- protectedPatterns: PatternConfig[];
61
- allowedPatterns: PatternConfig[];
62
- protectedDirectories: PatternConfig[];
63
- protectedTools: string[];
64
- onlyBlockIfExists: boolean;
65
- blockMessage: string;
66
- };
67
- permissionGate: {
68
- patterns: DangerousPattern[];
69
- /** When true, use hardcoded structural matchers for built-in patterns.
70
- * Set to false when customPatterns replaces the defaults. */
71
- useBuiltinMatchers: boolean;
72
- requireConfirmation: boolean;
73
- allowedPatterns: PatternConfig[];
74
- autoDenyPatterns: PatternConfig[];
75
- };
76
- }
/package/{events.ts → utils/events.ts} RENAMED
File without changes
/package/{glob-expander.ts → utils/glob-expander.ts} RENAMED
File without changes
/package/{shell-utils.ts → utils/shell-utils.ts} RENAMED
File without changes