@aliou/pi-guardrails 0.9.2 → 0.9.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aliou/pi-guardrails",
-  "version": "0.9.2",
+  "version": "0.9.4",
   "license": "MIT",
   "type": "module",
   "private": false,
@@ -29,7 +29,7 @@
     "README.md"
   ],
   "dependencies": {
-    "@aliou/pi-utils-settings": "^0.10.0",
+    "@aliou/pi-utils-settings": "^0.10.1",
     "@aliou/sh": "^0.1.0"
   },
   "peerDependencies": {

package/src/commands/settings-command.ts

@@ -91,6 +91,173 @@ const POLICY_EXAMPLES: Array<{
       enabled: true,
     },
   },
+  {
+    label: "SSH keys",
+    description: "Block access to SSH private keys",
+    rule: {
+      id: "example-ssh-keys",
+      name: "SSH keys",
+      description: "Block SSH private key files",
+      patterns: [
+        { pattern: "*.pem" },
+        { pattern: "*_rsa" },
+        { pattern: "*_ed25519" },
+      ],
+      allowedPatterns: [{ pattern: "*.pub" }],
+      protection: "noAccess",
+      onlyIfExists: true,
+      enabled: true,
+    },
+  },
+  {
+    label: "AWS credentials",
+    description: "Block AWS CLI credentials file",
+    rule: {
+      id: "example-aws-credentials",
+      name: "AWS credentials",
+      description: "Block AWS credentials and config files",
+      patterns: [{ pattern: ".aws/credentials" }, { pattern: ".aws/config" }],
+      protection: "noAccess",
+      onlyIfExists: true,
+      enabled: true,
+    },
+  },
+  {
+    label: "Database files",
+    description: "Mark SQLite/DB files read-only",
+    rule: {
+      id: "example-database-files",
+      name: "Database files",
+      description: "Protect database files from modification",
+      patterns: [
+        { pattern: "*.db" },
+        { pattern: "*.sqlite" },
+        { pattern: "*.sqlite3" },
+      ],
+      protection: "readOnly",
+      onlyIfExists: true,
+      enabled: true,
+    },
+  },
+  {
+    label: "Kubernetes secrets",
+    description: "Block kubeconfig and k8s secrets",
+    rule: {
+      id: "example-k8s-secrets",
+      name: "Kubernetes secrets",
+      description: "Block kubectl config and secrets",
+      patterns: [{ pattern: ".kube/config" }, { pattern: "*kubeconfig*" }],
+      protection: "noAccess",
+      onlyIfExists: true,
+      enabled: true,
+    },
+  },
+  {
+    label: "Certificates",
+    description: "Block SSL/TLS certificate files",
+    rule: {
+      id: "example-certificates",
+      name: "Certificates",
+      description: "Block certificate and key files",
+      patterns: [
+        { pattern: "*.crt" },
+        { pattern: "*.key" },
+        { pattern: "*.p12" },
+      ],
+      allowedPatterns: [{ pattern: "*.csr" }],
+      protection: "noAccess",
+      onlyIfExists: true,
+      enabled: true,
+    },
+  },
+];
+
+const COMMAND_EXAMPLES: Array<{
+  label: string;
+  description: string;
+  pattern: DangerousPattern;
+}> = [
+  {
+    label: "Homebrew",
+    description: "Block brew commands (use Nix instead)",
+    pattern: { pattern: "brew", description: "Homebrew package manager" },
+  },
+  {
+    label: "Docker secrets",
+    description: "Block docker commands that may expose environment secrets",
+    pattern: {
+      pattern: "docker inspect",
+      description: "Docker inspect (may expose env vars)",
+    },
+  },
+  {
+    label: "Terraform apply",
+    description: "Require confirmation for infrastructure changes",
+    pattern: {
+      pattern: "terraform apply",
+      description: "Terraform infrastructure changes",
+    },
+  },
+  {
+    label: "Terraform destroy",
+    description: "Require confirmation for infrastructure destruction",
+    pattern: {
+      pattern: "terraform destroy",
+      description: "Terraform infrastructure destruction",
+    },
+  },
+  {
+    label: "kubectl delete",
+    description: "Require confirmation for k8s resource deletion",
+    pattern: {
+      pattern: "kubectl delete",
+      description: "Kubernetes resource deletion",
+    },
+  },
+  {
+    label: "docker system prune",
+    description: "Require confirmation for Docker cleanup",
+    pattern: {
+      pattern: "docker system prune",
+      description: "Docker system cleanup",
+    },
+  },
+  {
+    label: "git push --force",
+    description: "Require confirmation for force push",
+    pattern: { pattern: "git push --force", description: "Git force push" },
+  },
+  {
+    label: "npm publish",
+    description: "Require confirmation for package publishing",
+    pattern: { pattern: "npm publish", description: "NPM package publishing" },
+  },
+  {
+    label: "yarn publish",
+    description: "Require confirmation for package publishing",
+    pattern: {
+      pattern: "yarn publish",
+      description: "Yarn package publishing",
+    },
+  },
+  {
+    label: "pnpm publish",
+    description: "Require confirmation for package publishing",
+    pattern: {
+      pattern: "pnpm publish",
+      description: "PNPM package publishing",
+    },
+  },
+  {
+    label: "drop database",
+    description: "Require confirmation for database drops",
+    pattern: { pattern: "DROP DATABASE", description: "SQL database drop" },
+  },
+  {
+    label: "drop table",
+    description: "Require confirmation for table drops",
+    pattern: { pattern: "DROP TABLE", description: "SQL table drop" },
+  },
 ];
 
 function toKebabCase(input: string): string {
@@ -129,6 +296,26 @@ function appendPolicyRule(
   return next;
 }
 
+function appendDangerousPattern(
+  config: GuardrailsConfig | null,
+  pattern: DangerousPattern,
+): GuardrailsConfig {
+  const next = structuredClone(config ?? {}) as GuardrailsConfig;
+  const currentPatterns = next.permissionGate?.patterns ?? [];
+
+  const existingPatterns = new Set(currentPatterns.map((p) => p.pattern));
+  if (existingPatterns.has(pattern.pattern)) {
+    return next;
+  }
+
+  next.permissionGate = {
+    ...(next.permissionGate ?? {}),
+    patterns: [...currentPatterns, structuredClone(pattern)],
+  };
+
+  return next;
+}
+
 interface NewPolicyDraft {
   name: string;
   id: string;
@@ -1042,7 +1229,7 @@ export function registerGuardrailsSettings(pi: ExtensionAPI): void {
           setDraftForScope,
           theme,
         }): SettingsSection[] => {
-          const items: SettingItem[] = POLICY_EXAMPLES.map((example) => ({
+          const policyItems: SettingItem[] = POLICY_EXAMPLES.map((example) => ({
             id: `examples.${example.rule.id}`,
             label: `  ${example.label}`,
             description: example.description,
@@ -1063,10 +1250,40 @@ export function registerGuardrailsSettings(pi: ExtensionAPI): void {
               ),
           }));
 
+          const commandItems: SettingItem[] = COMMAND_EXAMPLES.map(
+            (example) => ({
+              id: `examples.cmd.${example.pattern.pattern}`,
+              label: `  ${example.label}`,
+              description: example.description,
+              currentValue: "add",
+              submenu: (_val: string, submenuDone: (v?: string) => void) =>
+                new ScopePickerSubmenu(
+                  theme,
+                  enabledScopes,
+                  (targetScope) => {
+                    const baseConfig =
+                      getDraftForScope(targetScope) ??
+                      getRawForScope(targetScope) ??
+                      null;
+                    const updated = appendDangerousPattern(
+                      baseConfig,
+                      example.pattern,
+                    );
+                    setDraftForScope(targetScope, updated);
+                  },
+                  submenuDone,
+                ),
+            }),
+          );
+
           return [
             {
-              label: "Policy presets",
-              items,
+              label: "File policy presets",
+              items: policyItems,
+            },
+            {
+              label: "Dangerous command presets",
+              items: commandItems,
             },
           ];
         },

package/src/hooks/permission-gate.ts

@@ -4,6 +4,7 @@ import {
   type ExtensionAPI,
   type ExtensionContext,
   getMarkdownTheme,
+  isToolCallEventType,
 } from "@mariozechner/pi-coding-agent";
 import {
   Box,
@@ -268,9 +269,9 @@ export function setupPermissionGateHook(
   );
 
   pi.on("tool_call", async (event, ctx) => {
-    if (event.toolName !== "bash") return;
+    if (!isToolCallEventType("bash", event)) return;
 
-    const command = String(event.input.command ?? "");
+    const command = event.input.command;
 
     // Check allowed patterns first (bypass)
     for (const pattern of allowedPatterns) {