npm - @bacnh85/pi-plan - Versions diffs - 0.1.8 → 0.2.0 - Mend

@bacnh85/pi-plan 0.1.8 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/index.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import { Type } from "typebox";
 import { mkdir, readFile, rename, writeFile } from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
+import { isDestructiveBash, isReadOnlyBash } from "./lib/bash-gating";
 const STATUS_KEY = "pi-plan";
 const PLAN_DIR = path.join(".agents", "plans");
@@ -11,7 +12,29 @@ const PLAN_TOOL = "write_plan";
 const PLAN_QUESTION_TOOL = "ask_plan_question";
 const PLAN_EXECUTE_COMMAND = "plan-execute";
 const PREFERENCES_FILE = path.join(os.homedir(), ".pi", "agent", "pi-plan", "preferences.json");
-const DEFAULT_PLAN_TOOLS = ["read", "bash", "grep", "find", "ls", "searxng_search", "brave_search", "brave_content", "firecrawl_search", "firecrawl_scrape", "firecrawl_map", "firecrawl_crawl", "web_status", PLAN_TOOL, PLAN_QUESTION_TOOL];
+const SERENA_PLAN_TOOLS = [
+	"serena_status",
+	"serena_list_tools",
+	"serena_get_symbols_overview",
+	"serena_find_symbol",
+	"serena_find_referencing_symbols",
+	"serena_find_declaration",
+	"serena_find_implementations",
+	"serena_search_for_pattern",
+	"serena_get_current_config",
+	"serena_get_diagnostics_for_file",
+	"serena_list_memories",
+	"serena_read_memory",
+];
+const DEFAULT_PLAN_TOOLS = [
+	"read", "bash", "grep", "find", "ls",
+	"searxng_search", "brave_search", "brave_content",
+	"firecrawl_search", "firecrawl_scrape", "firecrawl_map", "firecrawl_crawl",
+	"web_status",
+	...SERENA_PLAN_TOOLS,
+	PLAN_TOOL, PLAN_QUESTION_TOOL,
+];
 const PLAN_ALLOWED_TOOLS = new Set(DEFAULT_PLAN_TOOLS);
 const THINKING_LEVELS = ["off", "minimal", "low", "medium", "high", "xhigh"] as const;
@@ -52,28 +75,6 @@ interface PlanQuestionParams {
 	allowOther?: boolean;
 }
-const DESTRUCTIVE_BASH_PATTERNS = [
-	/\brm\b/i,
-	/\brmdir\b/i,
-	/\bmv\b/i,
-	/\bcp\b/i,
-	/\bmkdir\b/i,
-	/\btouch\b/i,
-	/\bchmod\b/i,
-	/\bchown\b/i,
-	/\btee\b/i,
-	/(^|[^<])>(?!>)/,
-	/>>/,
-	/\bnpm\s+(install|uninstall|update|ci|link|publish)/i,
-	/\b(yarn|pnpm)\s+(add|remove|install|publish)/i,
-	/\bpip\s+(install|uninstall)/i,
-	/\bgit\s+(add|commit|push|pull|merge|rebase|reset|checkout|stash|cherry-pick|revert|tag|init|clone)/i,
-	/\bsudo\b/i,
-	/\bkill(all)?\b/i,
-	/\b(pk|re)?kill\b/i,
-	/\b(vim?|nano|emacs|code|subl)\b/i,
-];
 function isThinkingLevel(value: string): value is ThinkingLevel {
 	return (THINKING_LEVELS as readonly string[]).includes(value);
 }
@@ -169,66 +170,6 @@ async function savePreferences(preferences: PlanPreferences): Promise<void> {
 	await rename(temporaryPath, PREFERENCES_FILE);
 }
-function isDestructiveBash(command: string): boolean {
-	return DESTRUCTIVE_BASH_PATTERNS.some((pattern) => pattern.test(command));
-}
-function tokenizeSimpleCommand(command: string): string[] | undefined {
-	const trimmed = command.trim();
-	if (!trimmed) return [];
-	if (/[;&|`$(){}<>]/.test(trimmed) || /\b(python|python3|node|ruby|perl|php|sh|bash|zsh|fish)\b/i.test(trimmed)) return undefined;
-	if (/['"]/.test(trimmed)) return undefined;
-	return trimmed.split(/\s+/).filter(Boolean);
-}
-function hasOptionValue(tokens: string[], index: number): boolean {
-	return index + 1 < tokens.length && !tokens[index + 1].startsWith("-");
-}
-function isAllowedNpmMetadataCommand(tokens: string[]): boolean {
-	if (tokens[0] !== "npm" || !["view", "info"].includes(tokens[1])) return false;
-	let hasSpec = false;
-	for (let index = 2; index < tokens.length; index += 1) {
-		const token = tokens[index];
-		if (["--registry", "--tag"].includes(token)) {
-			if (!hasOptionValue(tokens, index)) return false;
-			index += 1;
-			continue;
-		}
-		if (token.startsWith("--registry=") || token.startsWith("--tag=") || token === "--json" || token === "--parseable" || token === "--silent") continue;
-		if (token.startsWith("-")) return false;
-		hasSpec = true;
-	}
-	return hasSpec;
-}
-function isAllowedGitCommand(tokens: string[]): boolean {
-	if (tokens[0] !== "git" || !tokens[1]) return false;
-	const subcommand = tokens[1];
-	const args = tokens.slice(2);
-	if (["add", "commit", "push", "pull", "merge", "rebase", "reset", "checkout", "switch", "restore", "stash", "cherry-pick", "revert", "tag", "init", "clone", "fetch", "remote", "config", "worktree"].includes(subcommand)) return false;
-	if (subcommand === "status") return args.every((arg) => ["--short", "-s", "--porcelain", "--porcelain=v1", "--porcelain=v2", "--branch", "-b", "--ignored", "--ignored=matching", "--ignored=traditional", "--ignored=no", "--untracked-files", "--untracked-files=no", "--untracked-files=normal", "--untracked-files=all", "-uno", "-unormal", "-uall"].includes(arg));
-	if (subcommand === "diff") return !args.some((arg) => arg === "--output" || arg.startsWith("--output=") || arg === "--ext-diff" || arg === "--textconv");
-	if (["show", "log", "rev-parse", "ls-files"].includes(subcommand)) return true;
-	if (subcommand === "branch") {
-		const mutating = new Set(["-d", "-D", "-m", "-M", "-c", "-C", "--delete", "--move", "--copy", "--set-upstream-to", "--track", "--unset-upstream", "--edit-description"]);
-		return !args.some((arg) => mutating.has(arg) || arg.startsWith("--set-upstream-to=") || arg === "-u");
-	}
-	return false;
-}
-export function isReadOnlyBash(command: string): boolean {
-	const tokens = tokenizeSimpleCommand(command);
-	if (!tokens) return false;
-	if (tokens.length === 0) return true;
-	const normalized = tokens[0] === "rtk" ? tokens.slice(1) : tokens;
-	if (normalized.length === 0) return false;
-	if (isAllowedGitCommand(normalized)) return true;
-	if (isAllowedNpmMetadataCommand(normalized)) return true;
-	return /^(rg|grep|find|fd|ls|pwd|cat|head|tail|sed|awk|wc|sort|uniq|cut)$/.test(normalized[0]);
-}
 export default function piPlanExtension(pi: ExtensionAPI): void {
 	let planModeEnabled = false;
 	let executionMode = false;

package/lib/bash-gating.ts ADDED Viewed

@@ -0,0 +1,154 @@
+/**
+ * Bash command gating logic for pi-plan's read-only plan mode.
+ * Extracted from index.ts so it can be tested without importing @earendil-works/pi-coding-agent.
+ */
+export const DESTRUCTIVE_BASH_PATTERNS = [
+	// File-system modifying commands — match only at command start (^) or after
+	// command separators (; && || | &), not after plain spaces within arguments.
+	/(?:^|(?:;\s*|&&\s*|\|\|?\s*|&\s*))(?:rm|rmdir|mv|cp|mkdir|touch|chmod|chown|tee)\b/i,
+	/(?:^|(?:;\s*|&&\s*|\|\|?\s*|&\s*))sudo\b/i,
+	/(?:^|(?:;\s*|&&\s*|\|\|?\s*|&\s*))(?:kill(?:all)?|pkill|rekill)\b/i,
+	/(?:^|(?:;\s*|&&\s*|\|\|?\s*|&\s*))(?:vim?|nano|emacs|code|subl)\b/i,
+	// File output redirects >, >>, 1>, 2> (NOT fd duplication like 2>&1)
+	// Matches after whitespace or command separators since that's how shell redirects work
+	/(?:^|[\s;|&])[0-9]*>(?!>|&\d)/,
+	/>>/,
+	// Package manager commands (\b prefix correctly checks first word)
+	/\bnpm\s+(install|uninstall|update|ci|link|publish)/i,
+	/\b(yarn|pnpm)\s+(add|remove|install|publish)/i,
+	/\bpip\s+(install|uninstall)/i,
+	/\bgit\s+(add|commit|push|pull|merge|rebase|reset|checkout|stash|cherry-pick|revert|tag|init|clone)/i,
+];
+export function isDestructiveBash(command: string): boolean {
+	return DESTRUCTIVE_BASH_PATTERNS.some((pattern) => pattern.test(command));
+}
+export function tokenizeSimpleCommand(command: string): string[] | undefined {
+	const trimmed = command.trim();
+	if (!trimmed) return [];
+	if (/[;&|`$(){}<>]/.test(trimmed)) return undefined;
+	// Only check the first word for interpreter names, not arguments.
+	// e.g., "which node" is read-only (node is an argument), "node script.js" is not.
+	const firstWord = trimmed.split(/\s+/)[0];
+	if (firstWord && /\b(python|python3|node|ruby|perl|php|sh|bash|zsh|fish)\b/i.test(firstWord)) return undefined;
+	if (/['"]/.test(trimmed)) {
+		// Parse tokens respecting quotes so quoted paths like ls "C:\\path" work.
+		const tokens: string[] = [];
+		let current = "";
+		let inQuote: '"' | "'" | null = null;
+		for (const ch of trimmed) {
+			if (inQuote) {
+				if (ch === inQuote) {
+					inQuote = null;
+				} else {
+					current += ch;
+				}
+			} else if (ch === '"' || ch === "'") {
+				inQuote = ch;
+			} else if (/\s/.test(ch)) {
+				if (current) {
+					tokens.push(current);
+					current = "";
+				}
+			} else {
+				current += ch;
+			}
+		}
+		if (current) tokens.push(current);
+		return tokens;
+	}
+	return trimmed.split(/\s+/).filter(Boolean);
+}
+export function sanitizeCommand(command: string): string[] {
+	let sanitized = command;
+	// Strip /dev/null redirects: 2>/dev/null, >/dev/null, >>/dev/null, &>/dev/null
+	sanitized = sanitized.replace(/\d*>>?\s*\/dev\/null/g, "");
+	sanitized = sanitized.replace(/&>\s*\/dev\/null/g, "");
+	// Strip Windows nul redirects: 2>nul, >nul, >>nul, &>nul
+	sanitized = sanitized.replace(/\d*>>?\s*nul\b/g, "");
+	sanitized = sanitized.replace(/&>\s*nul\b/g, "");
+	// Strip fd redirections: 2>&1, 1>&2, etc.
+	sanitized = sanitized.replace(/\s*\d*>&\d+\s*/g, " ");
+	// Strip cd <path> &&  /  cd <path> ;  prefix
+	sanitized = sanitized.replace(/^cd\s+(?:"[^"]*"|'[^']*'|[^\s;&|]+)\s*(?:&&|;)\s*/i, "").trim();
+	// Split on && and ; (chaining operators) to validate each segment independently.
+	// || remains blocked because it introduces conditional/fallback execution paths.
+	const chainSegments = sanitized.split(/\s*&&\s*|\s*;\s*/).map((s) => s.trim()).filter(Boolean);
+	if (chainSegments.length === 0) return [];
+	// Within each chain segment, further split on pipes for per-segment validation
+	const allSegments: string[] = [];
+	for (const segment of chainSegments) {
+		if (segment.includes("|")) {
+			allSegments.push(...segment.split("|").map((s) => s.trim()).filter(Boolean));
+		} else {
+			allSegments.push(segment);
+		}
+	}
+	return allSegments;
+}
+function hasOptionValue(tokens: string[], index: number): boolean {
+	return index + 1 < tokens.length && !tokens[index + 1].startsWith("-");
+}
+function isAllowedNpmMetadataCommand(tokens: string[]): boolean {
+	if (tokens[0] !== "npm" || !["view", "info"].includes(tokens[1])) return false;
+	let hasSpec = false;
+	for (let index = 2; index < tokens.length; index += 1) {
+		const token = tokens[index];
+		if (["--registry", "--tag"].includes(token)) {
+			if (!hasOptionValue(tokens, index)) return false;
+			index += 1;
+			continue;
+		}
+		if (token.startsWith("--registry=") || token.startsWith("--tag=") || token === "--json" || token === "--parseable" || token === "--silent") continue;
+		if (token.startsWith("-")) return false;
+		hasSpec = true;
+	}
+	return hasSpec;
+}
+function isAllowedGitCommand(tokens: string[]): boolean {
+	if (tokens[0] !== "git" || !tokens[1]) return false;
+	const subcommand = tokens[1];
+	// -- is a standard POSIX argument separator; filter it out before subcommand-specific checks
+	const args = tokens.slice(2).filter((arg) => arg !== "--");
+	if (["add", "commit", "push", "pull", "merge", "rebase", "reset", "checkout", "switch", "restore", "stash", "cherry-pick", "revert", "tag", "init", "clone", "fetch", "remote", "config", "worktree"].includes(subcommand)) return false;
+	if (subcommand === "status") {
+		// Flags must match the allowlist; positional args (paths) are always read-only
+		const flags = args.filter((arg) => arg.startsWith("-"));
+		return flags.every((arg) => ["--short", "-s", "--porcelain", "--porcelain=v1", "--porcelain=v2", "--branch", "-b", "--ignored", "--ignored=matching", "--ignored=traditional", "--ignored=no", "--untracked-files", "--untracked-files=no", "--untracked-files=normal", "--untracked-files=all", "-uno", "-unormal", "-uall"].includes(arg));
+	}
+	if (subcommand === "diff") return !args.some((arg) => arg === "--output" || arg.startsWith("--output=") || arg === "--ext-diff" || arg === "--textconv");
+	if (["show", "log", "rev-parse", "ls-files"].includes(subcommand)) return true;
+	if (subcommand === "branch") {
+		const mutating = new Set(["-d", "-D", "-m", "-M", "-c", "-C", "--delete", "--move", "--copy", "--set-upstream-to", "--track", "--unset-upstream", "--edit-description"]);
+		return !args.some((arg) => mutating.has(arg) || arg.startsWith("--set-upstream-to=") || arg === "-u");
+	}
+	return false;
+}
+export function isReadOnlyBash(command: string): boolean {
+	const segments = sanitizeCommand(command);
+	if (segments.length === 0) return true;
+	return segments.every((segment) => {
+		const tokens = tokenizeSimpleCommand(segment);
+		if (!tokens) return false;
+		if (tokens.length === 0) return true;
+		const normalized = tokens[0] === "rtk" ? tokens.slice(1) : tokens;
+		if (normalized.length === 0) return false;
+		if (isAllowedGitCommand(normalized)) return true;
+		if (isAllowedNpmMetadataCommand(normalized)) return true;
+		return /^(rg|grep|find|fd|ls|pwd|cat|head|tail|sed|awk|wc|sort|uniq|cut|echo|read|where|which|findstr|type)$/.test(normalized[0]);
+	});
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@bacnh85/pi-plan",
-  "version": "0.1.8",
+  "version": "0.2.0",
   "description": "Pi extension that adds a plan mode with workspace markdown plans and thinking-level presets.",
   "license": "MIT",
   "publishConfig": {
@@ -24,15 +24,25 @@
   ],
   "files": [
     "README.md",
-    "index.ts"
+    "index.ts",
+    "lib/"
   ],
   "pi": {
     "extensions": [
       "./index.ts"
     ]
   },
+  "scripts": {
+    "test": "mocha"
+  },
   "peerDependencies": {
     "@earendil-works/pi-coding-agent": "*",
     "typebox": "*"
+  },
+  "devDependencies": {
+    "@types/node": "^20.19.43",
+    "chai": "^4.5.0",
+    "mocha": "^10.8.2",
+    "tsx": "^4.22.4"
   }
 }