@bacnh85/pi-plan 0.1.4 → 0.1.5

package/index.ts

@@ -152,6 +152,13 @@ function isDestructiveBash(command: string): boolean {
 	return DESTRUCTIVE_BASH_PATTERNS.some((pattern) => pattern.test(command));
 }
 
+function isReadOnlyBash(command: string): boolean {
+	const trimmed = command.trim();
+	if (!trimmed) return true;
+	if (/[;&|`$(){}]/.test(trimmed) || /\b(python|python3|node|ruby|perl|php|sh|bash|zsh|fish)\b/i.test(trimmed)) return false;
+	return /^(git\s+(status|branch|rev-parse|diff|show|log|ls-files)\b|(?:rg|grep|find|fd|ls|pwd|cat|head|tail|sed|awk|wc|sort|uniq|cut)\b)/i.test(trimmed);
+}
+
 export default function piPlanExtension(pi: ExtensionAPI): void {
 	let planModeEnabled = false;
 	let executionMode = false;
@@ -488,8 +495,8 @@ export default function piPlanExtension(pi: ExtensionAPI): void {
 			return { block: true, reason: `pi-plan: ${event.toolName} is disabled in read-only plan mode. Use ${PLAN_TOOL} to write the plan file.` };
 		}
 		if (!isToolCallEventType("bash", event)) return;
-		if (isDestructiveBash(event.input.command)) {
-			return { block: true, reason: `pi-plan: bash command blocked in plan mode because it may modify state.\nCommand: ${event.input.command}` };
+		if (isDestructiveBash(event.input.command) || !isReadOnlyBash(event.input.command)) {
+			return { block: true, reason: `pi-plan: bash command blocked in plan mode because only simple read-only inspection commands are allowed.\nCommand: ${event.input.command}` };
 		}
 	});
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bacnh85/pi-plan",
-  "version": "0.1.4",
+  "version": "0.1.5",
   "description": "Pi extension that adds a plan mode with workspace markdown plans and thinking-level presets.",
   "license": "MIT",
   "publishConfig": {