@aliou/pi-guardrails 0.9.5 → 0.10.0

package/src/commands/settings-command.ts

@@ -258,6 +258,118 @@ const COMMAND_EXAMPLES: Array<{
     description: "Require confirmation for table drops",
     pattern: { pattern: "DROP TABLE", description: "SQL table drop" },
   },
+  {
+    label: "dbt run",
+    description: "Require confirmation for dbt model runs",
+    pattern: {
+      pattern: "dbt run",
+      description: "dbt model execution",
+    },
+  },
+  {
+    label: "dbt seed",
+    description: "Require confirmation for dbt seed data loading",
+    pattern: {
+      pattern: "dbt seed",
+      description: "dbt seed data loading",
+    },
+  },
+  {
+    label: "aws s3 rm",
+    description: "Require confirmation for AWS S3 deletions",
+    pattern: {
+      pattern: "aws s3 rm",
+      description: "AWS S3 object deletion",
+    },
+  },
+  {
+    label: "aws iam",
+    description: "Require confirmation for AWS IAM changes",
+    pattern: {
+      pattern: "aws iam",
+      description: "AWS IAM permission changes",
+    },
+  },
+  {
+    label: "aws ec2 terminate",
+    description: "Require confirmation for EC2 instance termination",
+    pattern: {
+      pattern: "aws ec2 terminate-instances",
+      description: "AWS EC2 instance termination",
+    },
+  },
+  {
+    label: "kubectl apply",
+    description: "Require confirmation for k8s resource application",
+    pattern: {
+      pattern: "kubectl apply",
+      description: "Kubernetes resource application",
+    },
+  },
+  {
+    label: "kubectl scale",
+    description: "Require confirmation for k8s scaling operations",
+    pattern: {
+      pattern: "kubectl scale",
+      description: "Kubernetes scaling operation",
+    },
+  },
+  {
+    label: "docker rm",
+    description: "Require confirmation for Docker container removal",
+    pattern: {
+      pattern: "docker rm",
+      description: "Docker container removal",
+    },
+  },
+  {
+    label: "docker rmi",
+    description: "Require confirmation for Docker image removal",
+    pattern: {
+      pattern: "docker rmi",
+      description: "Docker image removal",
+    },
+  },
+  {
+    label: "docker compose down",
+    description: "Require confirmation for Docker Compose teardown",
+    pattern: {
+      pattern: "docker compose down",
+      description: "Docker Compose service teardown",
+    },
+  },
+  {
+    label: "terraform import",
+    description: "Require confirmation for Terraform resource import",
+    pattern: {
+      pattern: "terraform import",
+      description: "Terraform resource import",
+    },
+  },
+  {
+    label: "gcloud compute delete",
+    description: "Require confirmation for GCP compute instance deletion",
+    pattern: {
+      pattern: "gcloud compute instances delete",
+      description: "GCP compute instance deletion",
+    },
+  },
+  {
+    label: "gcloud iam",
+    description: "Require confirmation for GCP IAM changes",
+    pattern: {
+      pattern: "gcloud iam",
+      description: "GCP IAM permission changes",
+    },
+  },
+  {
+    label: "gcloud sql delete",
+    description: "Require confirmation for GCP SQL instance deletion",
+    pattern: {
+      pattern: "gcloud sql instances delete",
+      description: "GCP Cloud SQL instance deletion",
+    },
+  },
 ];
 
 function toKebabCase(input: string): string {
@@ -845,7 +957,7 @@ export function registerGuardrailsSettings(pi: ExtensionAPI): void {
     buildSections: (
       tabConfig: GuardrailsConfig | null,
       _resolved: ResolvedConfig,
-      { setDraft, theme },
+      { setDraft, theme, scope },
     ): SettingsSection[] => {
       const settingsTheme = theme;
       let scopedConfig = structuredClone(tabConfig ?? {}) as GuardrailsConfig;
@@ -1005,9 +1117,11 @@ export function registerGuardrailsSettings(pi: ExtensionAPI): void {
         return scopedConfig.permissionGate?.explainTimeout ?? null;
       }
 
-      const featureItems = (Object.keys(FEATURE_UI) as FeatureKey[])
+      const featureItems: SettingItem[] = (
+        Object.keys(FEATURE_UI) as FeatureKey[]
+      )
         .filter((key) => key !== "policies")
-        .map((key) => {
+        .map((key): SettingItem => {
           const scopedValue = scopedConfig.features?.[key];
           return {
             id: `features.${key}`,
@@ -1023,6 +1137,18 @@ export function registerGuardrailsSettings(pi: ExtensionAPI): void {
           };
         });
 
+      if (scope === "global") {
+        featureItems.push({
+          id: "onboarding.run",
+          label: "Onboarding status",
+          description: "Use /guardrails:onboarding to run onboarding",
+          currentValue:
+            scopedConfig.onboarding?.completed === true
+              ? "completed"
+              : "pending",
+        });
+      }
+
       const policyRules = getPolicyRules();
 
       const openPolicyEditor = (

package/src/config.ts

@@ -56,6 +56,13 @@ export interface PolicyRule {
 export interface GuardrailsConfig {
   version?: string;
   enabled?: boolean;
+  /** Deprecated-defaults bridge: when true, applies built-in policy defaults. */
+  applyBuiltinDefaults?: boolean;
+  onboarding?: {
+    completed?: boolean;
+    completedAt?: string;
+    version?: string;
+  };
   features?: {
     policies?: boolean;
     permissionGate?: boolean;
@@ -90,6 +97,7 @@ export interface GuardrailsConfig {
 export interface ResolvedConfig {
   version: string;
   enabled: boolean;
+  applyBuiltinDefaults: boolean;
   features: {
     policies: boolean;
     permissionGate: boolean;
@@ -187,6 +195,7 @@ const migrations: Migration<GuardrailsConfig>[] = [
 const DEFAULT_CONFIG: ResolvedConfig = {
   version: CURRENT_VERSION,
   enabled: true,
+  applyBuiltinDefaults: true,
   features: {
     policies: true,
     permissionGate: true,
@@ -217,6 +226,51 @@ const DEFAULT_CONFIG: ResolvedConfig = {
           "Accessing {file} is not allowed. This file contains secrets. " +
           "Explain to the user why you want to access this file, and if changes are needed ask the user to make them.",
       },
+      {
+        id: "home-ssh",
+        description: "SSH directory and keys",
+        enabled: false,
+        patterns: [
+          { pattern: "~/.ssh/**" },
+          { pattern: "~/.ssh/*_rsa" },
+          { pattern: "~/.ssh/*_ed25519" },
+          { pattern: "~/.ssh/*.pem" },
+        ],
+        allowedPatterns: [{ pattern: "~/.ssh/*.pub" }],
+        protection: "noAccess",
+        onlyIfExists: true,
+        blockMessage:
+          "Accessing {file} is not allowed. This file is part of your SSH configuration and may contain private keys or sensitive host information.",
+      },
+      {
+        id: "home-config",
+        description: "Sensitive user configuration directories",
+        enabled: false,
+        patterns: [
+          { pattern: "~/.config/gh/**" },
+          { pattern: "~/.config/gcloud/**" },
+          { pattern: "~/.config/op/**" },
+          { pattern: "~/.config/sops/**" },
+        ],
+        protection: "noAccess",
+        onlyIfExists: true,
+        blockMessage:
+          "Accessing {file} is not allowed. This file is in a sensitive user configuration directory and may contain credentials or tokens.",
+      },
+      {
+        id: "home-gpg",
+        description: "GPG keys and configuration",
+        enabled: false,
+        patterns: [
+          { pattern: "~/.gnupg/**" },
+          { pattern: "~/*.gpg" },
+          { pattern: "~/.gpg-agent.conf" },
+        ],
+        protection: "noAccess",
+        onlyIfExists: true,
+        blockMessage:
+          "Accessing {file} is not allowed. This file is part of your GPG configuration and may contain private keys or trust settings.",
+      },
     ],
   },
   permissionGate: {
@@ -250,8 +304,10 @@ export const configLoader = new ConfigLoader<GuardrailsConfig, ResolvedConfig>(
     afterMerge: (resolved, global, local, memory) => {
       const ruleMap = new Map<string, PolicyRule>();
 
-      for (const rule of DEFAULT_CONFIG.policies.rules) {
-        ruleMap.set(rule.id, rule);
+      if (resolved.applyBuiltinDefaults) {
+        for (const rule of DEFAULT_CONFIG.policies.rules) {
+          ruleMap.set(rule.id, rule);
+        }
       }
       if (global?.policies?.rules) {
         for (const rule of global.policies.rules) {

package/src/hooks/permission-gate.ts

@@ -14,6 +14,8 @@ import {
   matchesKey,
   Spacer,
   Text,
+  truncateToWidth,
+  visibleWidth,
   wrapTextWithAnsi,
 } from "@mariozechner/pi-tui";
 import type { DangerousPattern, ResolvedConfig } from "../config";
@@ -96,6 +98,250 @@ interface CommandExplanation {
   provider: string;
 }
 
+interface MinimalTheme {
+  fg(color: string, text: string): string;
+  bg(color: string, text: string): string;
+  bold(text: string): string;
+}
+
+interface NumberedWrappedRow {
+  logicalLineNumber: number;
+  rendered: string;
+}
+
+interface CommandViewportState {
+  maxScrollOffset: number;
+  pinnedRows: NumberedWrappedRow[];
+  scrollWindowLines: number;
+  scrollableRows: NumberedWrappedRow[];
+}
+
+const COMMAND_VIEWPORT_LINES = 12;
+const BUILTIN_KEYWORD_PATTERNS = new Set([
+  "rm -rf",
+  "sudo",
+  "dd if=",
+  "mkfs.",
+  "chmod -R 777",
+  "chown -R",
+]);
+
+function buildNumberedWrappedLines(
+  command: string,
+  contentWidth: number,
+  theme: Pick<MinimalTheme, "fg">,
+): NumberedWrappedRow[] {
+  const logicalLines = command.split("\n");
+  const lineNumberWidth = Math.max(2, String(logicalLines.length).length);
+  const prefixSpacing = 1;
+  const textWidth = Math.max(1, contentWidth - lineNumberWidth - prefixSpacing);
+  const rows: Array<{ logicalLineNumber: number; rendered: string }> = [];
+
+  for (const [index, logicalLine] of logicalLines.entries()) {
+    const lineNumber = index + 1;
+    const wrapped = wrapTextWithAnsi(theme.fg("text", logicalLine), textWidth);
+    const wrappedLines = wrapped.length > 0 ? wrapped : [""];
+    const prefix = theme.fg(
+      "dim",
+      String(lineNumber).padStart(lineNumberWidth),
+    );
+
+    for (const line of wrappedLines) {
+      rows.push({
+        logicalLineNumber: lineNumber,
+        rendered: `${prefix} ${line}`,
+      });
+    }
+  }
+
+  return rows;
+}
+
+function getCommandViewportState(
+  command: string,
+  contentWidth: number,
+  theme: Pick<MinimalTheme, "fg">,
+): CommandViewportState {
+  const numberedRows = buildNumberedWrappedLines(command, contentWidth, theme);
+  const pinnedRows = numberedRows.filter((row) => row.logicalLineNumber === 1);
+  const scrollableRows = numberedRows.filter(
+    (row) => row.logicalLineNumber !== 1,
+  );
+  const scrollWindowLines = Math.max(
+    0,
+    COMMAND_VIEWPORT_LINES - pinnedRows.length,
+  );
+
+  return {
+    maxScrollOffset: Math.max(0, scrollableRows.length - scrollWindowLines),
+    pinnedRows,
+    scrollWindowLines,
+    scrollableRows,
+  };
+}
+
+function buildRightAlignedBorder(
+  width: number,
+  themeLine: (s: string) => string,
+  label: string,
+): string {
+  const safeWidth = Math.max(1, width);
+  const truncatedLabel = truncateToWidth(label, safeWidth);
+  const remaining = safeWidth - visibleWidth(truncatedLabel);
+  return themeLine("─".repeat(Math.max(0, remaining)) + truncatedLabel);
+}
+
+function createPermissionGateConfirmComponent(
+  command: string,
+  description: string,
+  explanation: CommandExplanation | null,
+) {
+  return (
+    tui: { terminal: { rows: number; columns: number }; requestRender(): void },
+    theme: MinimalTheme,
+    _kb: unknown,
+    done: (result: "allow" | "allow-session" | "deny") => void,
+  ) => {
+    const container = new Container();
+    const redBorder = (s: string) => theme.fg("error", s);
+    const dimBorder = (s: string) => theme.fg("dim", s);
+    let scrollOffset = 0;
+
+    if (explanation) {
+      const explanationBox = new Box(1, 1, (s: string) =>
+        theme.bg("customMessageBg", s),
+      );
+      explanationBox.addChild(
+        new Text(
+          theme.fg(
+            "accent",
+            theme.bold(
+              `Model explanation (${explanation.modelName} / ${explanation.modelId} / ${explanation.provider})`,
+            ),
+          ),
+          0,
+          0,
+        ),
+      );
+      explanationBox.addChild(new Spacer(1));
+      explanationBox.addChild(
+        new Markdown(explanation.text, 0, 0, getMarkdownTheme(), {
+          color: (s: string) => theme.fg("text", s),
+        }),
+      );
+      container.addChild(explanationBox);
+    }
+    container.addChild(new DynamicBorder(redBorder));
+    container.addChild(
+      new Text(
+        theme.fg("error", theme.bold("Dangerous Command Detected")),
+        1,
+        0,
+      ),
+    );
+    container.addChild(new Spacer(1));
+    container.addChild(
+      new Text(
+        theme.fg("warning", `This command contains ${description}:`),
+        1,
+        0,
+      ),
+    );
+    container.addChild(new Spacer(1));
+    const commandTopBorder = new Text("", 0, 0);
+    container.addChild(commandTopBorder);
+    const commandText = new Text("", 1, 0);
+    container.addChild(commandText);
+    const commandBottomBorder = new Text("", 0, 0);
+    container.addChild(commandBottomBorder);
+    container.addChild(new Spacer(1));
+    container.addChild(new Text(theme.fg("text", "Allow execution?"), 1, 0));
+    container.addChild(new Spacer(1));
+    container.addChild(
+      new Text(
+        theme.fg(
+          "dim",
+          "↑/↓ or j/k: scroll • y/enter: allow • a: session • n/esc: deny",
+        ),
+        1,
+        0,
+      ),
+    );
+    container.addChild(new DynamicBorder(redBorder));
+
+    return {
+      render: (width: number) => {
+        const contentWidth = Math.max(1, width - 4);
+        const {
+          maxScrollOffset,
+          pinnedRows,
+          scrollWindowLines,
+          scrollableRows,
+        } = getCommandViewportState(command, contentWidth, theme);
+        scrollOffset = Math.max(0, Math.min(scrollOffset, maxScrollOffset));
+
+        const visibleScrollableRows = scrollableRows.slice(
+          scrollOffset,
+          scrollOffset + scrollWindowLines,
+        );
+        const visibleRows = [...pinnedRows, ...visibleScrollableRows];
+        const linesBelow = Math.max(
+          0,
+          scrollableRows.length - (scrollOffset + visibleScrollableRows.length),
+        );
+
+        commandTopBorder.setText(
+          buildRightAlignedBorder(
+            width,
+            dimBorder,
+            scrollOffset > 0 ? `↑ ${scrollOffset} more` : "",
+          ),
+        );
+        commandText.setText(visibleRows.map((row) => row.rendered).join("\n"));
+        commandBottomBorder.setText(
+          buildRightAlignedBorder(
+            width,
+            dimBorder,
+            linesBelow > 0 ? `↓ ${linesBelow} more` : "",
+          ),
+        );
+        return container.render(width);
+      },
+      invalidate: () => container.invalidate(),
+      handleInput: (data: string) => {
+        const contentWidth = Math.max(1, tui.terminal.columns - 4);
+        const { maxScrollOffset } = getCommandViewportState(
+          command,
+          contentWidth,
+          theme,
+        );
+
+        if (matchesKey(data, Key.up) || data === "k") {
+          scrollOffset = Math.max(0, scrollOffset - 1);
+          tui.requestRender();
+        } else if (matchesKey(data, Key.down) || data === "j") {
+          scrollOffset = Math.min(maxScrollOffset, scrollOffset + 1);
+          tui.requestRender();
+        } else if (
+          matchesKey(data, Key.enter) ||
+          data === "y" ||
+          data === "Y"
+        ) {
+          done("allow");
+        } else if (data === "a" || data === "A") {
+          done("allow-session");
+        } else if (
+          matchesKey(data, Key.escape) ||
+          data === "n" ||
+          data === "N"
+        ) {
+          done("deny");
+        }
+      },
+    };
+  };
+}
+
 async function explainCommand(
   command: string,
   modelSpec: string,
@@ -217,22 +463,13 @@ function findDangerousMatch(
 
   // When structural parsing succeeds, skip raw substring fallback for built-in
   // keyword patterns to avoid false positives in quoted args/messages.
-  const builtInKeywordPatterns = new Set([
-    "rm -rf",
-    "sudo",
-    "dd if=",
-    "mkfs.",
-    "chmod -R 777",
-    "chown -R",
-  ]);
-
   for (const cp of compiledPatterns) {
     const src = cp.source as DangerousPattern;
     if (
       useBuiltinMatchers &&
       parsedSuccessfully &&
       !src.regex &&
-      builtInKeywordPatterns.has(src.pattern)
+      BUILTIN_KEYWORD_PATTERNS.has(src.pattern)
     ) {
       continue;
     }
@@ -344,101 +581,7 @@ export function setupPermissionGateHook(
       type ConfirmResult = "allow" | "allow-session" | "deny";
 
       const result = await ctx.ui.custom<ConfirmResult>(
-        (_tui, theme, _kb, done) => {
-          const container = new Container();
-          const redBorder = (s: string) => theme.fg("error", s);
-
-          if (explanation) {
-            const explanationBox = new Box(1, 1, (s: string) =>
-              theme.bg("customMessageBg", s),
-            );
-            explanationBox.addChild(
-              new Text(
-                theme.fg(
-                  "accent",
-                  theme.bold(
-                    `Model explanation (${explanation.modelName} / ${explanation.modelId} / ${explanation.provider})`,
-                  ),
-                ),
-                0,
-                0,
-              ),
-            );
-            explanationBox.addChild(new Spacer(1));
-            explanationBox.addChild(
-              new Markdown(explanation.text, 0, 0, getMarkdownTheme(), {
-                color: (s: string) => theme.fg("text", s),
-              }),
-            );
-            container.addChild(explanationBox);
-          }
-          container.addChild(new DynamicBorder(redBorder));
-          container.addChild(
-            new Text(
-              theme.fg("error", theme.bold("Dangerous Command Detected")),
-              1,
-              0,
-            ),
-          );
-          container.addChild(new Spacer(1));
-          container.addChild(
-            new Text(
-              theme.fg("warning", `This command contains ${description}:`),
-              1,
-              0,
-            ),
-          );
-          container.addChild(new Spacer(1));
-          container.addChild(
-            new DynamicBorder((s: string) => theme.fg("muted", s)),
-          );
-          const commandText = new Text("", 1, 0);
-          container.addChild(commandText);
-          container.addChild(
-            new DynamicBorder((s: string) => theme.fg("muted", s)),
-          );
-          container.addChild(new Spacer(1));
-          container.addChild(
-            new Text(theme.fg("text", "Allow execution?"), 1, 0),
-          );
-          container.addChild(new Spacer(1));
-          container.addChild(
-            new Text(
-              theme.fg(
-                "dim",
-                "y/enter: allow • a: allow for session • n/esc: deny",
-              ),
-              1,
-              0,
-            ),
-          );
-          container.addChild(new DynamicBorder(redBorder));
-
-          return {
-            render: (width: number) => {
-              const wrappedCommand = wrapTextWithAnsi(
-                theme.fg("text", command),
-                width - 4,
-              ).join("\n");
-              commandText.setText(wrappedCommand);
-              return container.render(width);
-            },
-            invalidate: () => container.invalidate(),
-            handleInput: (data: string) => {
-              if (matchesKey(data, Key.enter) || data === "y" || data === "Y") {
-                done("allow");
-              } else if (data === "a" || data === "A") {
-                done("allow-session");
-              } else if (
-                matchesKey(data, Key.escape) ||
-                data === "n" ||
-                data === "N"
-              ) {
-                done("deny");
-              }
-            },
-          };
-        },
+        createPermissionGateConfirmComponent(command, description, explanation),
       );
 
       if (result === "allow-session") {

package/src/hooks/policies.ts

@@ -10,6 +10,7 @@ import {
   compileFilePatterns,
   normalizeFilePath,
 } from "../utils/matching";
+import { expandHomePath } from "../utils/path";
 import { walkCommands, wordToString } from "../utils/shell-utils";
 import { pendingWarnings } from "../utils/warnings";
 
@@ -37,9 +38,9 @@ interface CompiledRule {
   enabled: boolean;
 }
 
-async function fileExists(cwd: string, filePath: string): Promise<boolean> {
+async function fileExists(filePath: string, cwd: string): Promise<boolean> {
   try {
-    await stat(resolve(cwd, filePath));
+    await stat(resolvePolicyPath(filePath, cwd));
     return true;
   } catch {
     return false;
@@ -118,8 +119,19 @@ function maybePathLike(token: string): boolean {
 }
 
 function normalizeTargetForPolicy(filePath: string, cwd: string): string {
-  const absolute = resolve(cwd, filePath);
+  if (filePath === "~" || filePath.startsWith("~/")) {
+    return normalizeFilePath(filePath);
+  }
+
+  const expanded = expandHomePath(filePath);
+  const absolute = resolve(cwd, expanded);
   const rel = relative(cwd, absolute);
+  const normalizedHome = normalizeFilePath(expandHomePath("~"));
+  const normalizedAbsolute = normalizeFilePath(absolute);
+
+  if (normalizedAbsolute.startsWith(`${normalizedHome}/`)) {
+    return normalizeFilePath(`~/${relative(expandHomePath("~"), absolute)}`);
+  }
 
   const candidate =
     rel && !rel.startsWith("..") && !isAbsolute(rel) ? rel : absolute;
@@ -127,6 +139,10 @@ function normalizeTargetForPolicy(filePath: string, cwd: string): string {
   return normalizeFilePath(candidate);
 }
 
+function resolvePolicyPath(filePath: string, cwd: string): string {
+  return resolve(cwd, expandHomePath(filePath));
+}
+
 function matchesAnyPolicyPattern(
   filePath: string,
   rules: CompiledRule[],
@@ -236,7 +252,7 @@ async function getEffectiveProtection(
     );
     if (allowed) continue;
 
-    if (rule.onlyIfExists && !(await fileExists(cwd, filePath))) continue;
+    if (rule.onlyIfExists && !(await fileExists(filePath, cwd))) continue;
 
     const rank = protectionRank(rule.protection);
     if (!bestMatch || rank > bestMatch.rank) {