@bacnh85/pi-plan 0.1.9 → 0.3.0

package/index.ts

@@ -1,9 +1,12 @@
+import type { AssistantMessage } from "@earendil-works/pi-ai";
 import type { ExtensionAPI, ExtensionCommandContext, ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { isToolCallEventType, withFileMutationQueue } from "@earendil-works/pi-coding-agent";
+import { truncateToWidth, visibleWidth } from "@earendil-works/pi-tui";
 import { Type } from "typebox";
 import { mkdir, readFile, rename, writeFile } from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
+import { isDestructiveBash, isReadOnlyBash } from "./lib/bash-gating";
 
 const STATUS_KEY = "pi-plan";
 const PLAN_DIR = path.join(".agents", "plans");
@@ -11,7 +14,29 @@ const PLAN_TOOL = "write_plan";
 const PLAN_QUESTION_TOOL = "ask_plan_question";
 const PLAN_EXECUTE_COMMAND = "plan-execute";
 const PREFERENCES_FILE = path.join(os.homedir(), ".pi", "agent", "pi-plan", "preferences.json");
-const DEFAULT_PLAN_TOOLS = ["read", "bash", "grep", "find", "ls", "searxng_search", "brave_search", "brave_content", "firecrawl_search", "firecrawl_scrape", "firecrawl_map", "firecrawl_crawl", "web_status", PLAN_TOOL, PLAN_QUESTION_TOOL];
+const SERENA_PLAN_TOOLS = [
+	"serena_status",
+	"serena_list_tools",
+	"serena_get_symbols_overview",
+	"serena_find_symbol",
+	"serena_find_referencing_symbols",
+	"serena_find_declaration",
+	"serena_find_implementations",
+	"serena_search_for_pattern",
+	"serena_get_current_config",
+	"serena_get_diagnostics_for_file",
+	"serena_list_memories",
+	"serena_read_memory",
+];
+
+const DEFAULT_PLAN_TOOLS = [
+	"read", "bash", "grep", "find", "ls",
+	"searxng_search", "brave_search", "brave_content",
+	"firecrawl_search", "firecrawl_scrape", "firecrawl_map", "firecrawl_crawl",
+	"web_status",
+	...SERENA_PLAN_TOOLS,
+	PLAN_TOOL, PLAN_QUESTION_TOOL,
+];
 const PLAN_ALLOWED_TOOLS = new Set(DEFAULT_PLAN_TOOLS);
 const THINKING_LEVELS = ["off", "minimal", "low", "medium", "high", "xhigh"] as const;
 
@@ -52,28 +77,6 @@ interface PlanQuestionParams {
 	allowOther?: boolean;
 }
 
-const DESTRUCTIVE_BASH_PATTERNS = [
-	/\brm\b/i,
-	/\brmdir\b/i,
-	/\bmv\b/i,
-	/\bcp\b/i,
-	/\bmkdir\b/i,
-	/\btouch\b/i,
-	/\bchmod\b/i,
-	/\bchown\b/i,
-	/\btee\b/i,
-	/(^|[^<])>(?!>)/,
-	/>>/,
-	/\bnpm\s+(install|uninstall|update|ci|link|publish)/i,
-	/\b(yarn|pnpm)\s+(add|remove|install|publish)/i,
-	/\bpip\s+(install|uninstall)/i,
-	/\bgit\s+(add|commit|push|pull|merge|rebase|reset|checkout|stash|cherry-pick|revert|tag|init|clone)/i,
-	/\bsudo\b/i,
-	/\bkill(all)?\b/i,
-	/\b(pk|re)?kill\b/i,
-	/\b(vim?|nano|emacs|code|subl)\b/i,
-];
-
 function isThinkingLevel(value: string): value is ThinkingLevel {
 	return (THINKING_LEVELS as readonly string[]).includes(value);
 }
@@ -169,91 +172,6 @@ async function savePreferences(preferences: PlanPreferences): Promise<void> {
 	await rename(temporaryPath, PREFERENCES_FILE);
 }
 
-function isDestructiveBash(command: string): boolean {
-	return DESTRUCTIVE_BASH_PATTERNS.some((pattern) => pattern.test(command));
-}
-
-function tokenizeSimpleCommand(command: string): string[] | undefined {
-	const trimmed = command.trim();
-	if (!trimmed) return [];
-	if (/[;&|`$(){}<>]/.test(trimmed) || /\b(python|python3|node|ruby|perl|php|sh|bash|zsh|fish)\b/i.test(trimmed)) return undefined;
-	if (/['"]/.test(trimmed)) return undefined;
-	return trimmed.split(/\s+/).filter(Boolean);
-}
-
-function sanitizeCommand(command: string): string[] {
-	let sanitized = command;
-
-	// Strip /dev/null redirects: 2>/dev/null, >/dev/null, >>/dev/null, &>/dev/null
-	sanitized = sanitized.replace(/\d*>>?\s*\/dev\/null/g, "");
-	sanitized = sanitized.replace(/&>\s*\/dev\/null/g, "");
-	// Strip fd redirections: 2>&1, 1>&2, etc.
-	sanitized = sanitized.replace(/\s*\d*>&\d+\s*/g, " ");
-
-	// Strip cd <path> &&  /  cd <path> ;  prefix
-	sanitized = sanitized.replace(/^cd\s+(?:"[^"]*"|'[^']*'|[^\s;&|]+)\s*(?:&&|;)\s*/i, "").trim();
-
-	// If command contains pipes, split into segments and validate each
-	if (sanitized.includes("|")) {
-		return sanitized.split("|").map((s) => s.trim()).filter(Boolean);
-	}
-
-	return [sanitized.trim()];
-}
-
-function hasOptionValue(tokens: string[], index: number): boolean {
-	return index + 1 < tokens.length && !tokens[index + 1].startsWith("-");
-}
-
-function isAllowedNpmMetadataCommand(tokens: string[]): boolean {
-	if (tokens[0] !== "npm" || !["view", "info"].includes(tokens[1])) return false;
-	let hasSpec = false;
-	for (let index = 2; index < tokens.length; index += 1) {
-		const token = tokens[index];
-		if (["--registry", "--tag"].includes(token)) {
-			if (!hasOptionValue(tokens, index)) return false;
-			index += 1;
-			continue;
-		}
-		if (token.startsWith("--registry=") || token.startsWith("--tag=") || token === "--json" || token === "--parseable" || token === "--silent") continue;
-		if (token.startsWith("-")) return false;
-		hasSpec = true;
-	}
-	return hasSpec;
-}
-
-function isAllowedGitCommand(tokens: string[]): boolean {
-	if (tokens[0] !== "git" || !tokens[1]) return false;
-	const subcommand = tokens[1];
-	const args = tokens.slice(2);
-	if (["add", "commit", "push", "pull", "merge", "rebase", "reset", "checkout", "switch", "restore", "stash", "cherry-pick", "revert", "tag", "init", "clone", "fetch", "remote", "config", "worktree"].includes(subcommand)) return false;
-
-	if (subcommand === "status") return args.every((arg) => ["--short", "-s", "--porcelain", "--porcelain=v1", "--porcelain=v2", "--branch", "-b", "--ignored", "--ignored=matching", "--ignored=traditional", "--ignored=no", "--untracked-files", "--untracked-files=no", "--untracked-files=normal", "--untracked-files=all", "-uno", "-unormal", "-uall"].includes(arg));
-	if (subcommand === "diff") return !args.some((arg) => arg === "--output" || arg.startsWith("--output=") || arg === "--ext-diff" || arg === "--textconv");
-	if (["show", "log", "rev-parse", "ls-files"].includes(subcommand)) return true;
-	if (subcommand === "branch") {
-		const mutating = new Set(["-d", "-D", "-m", "-M", "-c", "-C", "--delete", "--move", "--copy", "--set-upstream-to", "--track", "--unset-upstream", "--edit-description"]);
-		return !args.some((arg) => mutating.has(arg) || arg.startsWith("--set-upstream-to=") || arg === "-u");
-	}
-	return false;
-}
-
-export function isReadOnlyBash(command: string): boolean {
-	const segments = sanitizeCommand(command);
-	if (segments.length === 0) return true;
-
-	return segments.every((segment) => {
-		const tokens = tokenizeSimpleCommand(segment);
-		if (!tokens) return false;
-		if (tokens.length === 0) return true;
-		const normalized = tokens[0] === "rtk" ? tokens.slice(1) : tokens;
-		if (normalized.length === 0) return false;
-		if (isAllowedGitCommand(normalized)) return true;
-		if (isAllowedNpmMetadataCommand(normalized)) return true;
-		return /^(rg|grep|find|fd|ls|pwd|cat|head|tail|sed|awk|wc|sort|uniq|cut|read)$/.test(normalized[0]);
-	});
-}
-
 export default function piPlanExtension(pi: ExtensionAPI): void {
 	let planModeEnabled = false;
 	let executionMode = false;
@@ -265,22 +183,168 @@ export default function piPlanExtension(pi: ExtensionAPI): void {
 	let lastPlanStatus: PlanStatus | undefined;
 	let applyingStoredThinking = false;
 
-	function setStatus(ctx: ExtensionContext): void {
-		if (planModeEnabled) {
-			ctx.ui.setStatus(STATUS_KEY, ctx.ui.theme.fg("warning", `plan:${planThinking}`));
-			return;
-		}
-		if (executionMode) {
-			ctx.ui.setStatus(STATUS_KEY, ctx.ui.theme.fg("accent", `exec:${normalThinking}`));
-			return;
-		}
-		ctx.ui.setStatus(STATUS_KEY, undefined);
-	}
-
 	function clearPlanWidget(ctx: ExtensionContext): void {
 		ctx.ui.setWidget(STATUS_KEY, undefined);
 	}
-
+function updateFooter(ctx: ExtensionContext): void {
+		if (planModeEnabled) {
+			ctx.ui.setFooter((tui, theme, footerData) => {
+				const unsub = footerData.onBranchChange(() => tui.requestRender());
+				const sanitizeStatusText = (text: string) =>
+					text.replace(/[\r\n\t]/g, " ").replace(/ +/g, " ").trim();
+				return {
+					dispose: unsub,
+					invalidate() {},
+					render(width: number): string[] {
+						const lines: string[] = [];
+
+						// Line 1: cwd (branch) • session name
+						const home = process.env.HOME || process.env.USERPROFILE;
+						const resolvedCwd = path.resolve(ctx.sessionManager.getCwd());
+						let pwd = resolvedCwd;
+						if (home) {
+							const resolvedHome = path.resolve(home);
+							const rel = path.relative(resolvedHome, resolvedCwd);
+							if (rel === "" || (!rel.startsWith(`..`) && !path.isAbsolute(rel))) {
+								pwd = rel === "" ? "~" : `~${path.sep}${rel}`;
+							}
+						}
+						const branch = footerData.getGitBranch();
+						if (branch) pwd = `${pwd} (${branch})`;
+						const sessionName = ctx.sessionManager.getSessionName();
+						if (sessionName) pwd = `${pwd} • ${sessionName}`;
+						lines.push(truncateToWidth(theme.fg("dim", pwd), width, theme.fg("dim", "...")));
+
+						// Calculate cumulative usage from ALL session entries
+						const fmtTokens = (n: number) =>
+							n < 1000 ? `${n}` :
+							n < 10000 ? `${(n / 1000).toFixed(1)}k` :
+							n < 1000000 ? `${Math.round(n / 1000)}k` :
+							n < 10000000 ? `${(n / 1000000).toFixed(1)}M` :
+							`${Math.round(n / 1000000)}M`;
+
+						let totalInput = 0, totalOutput = 0, totalCacheRead = 0, totalCacheWrite = 0, totalCost = 0;
+						let latestCacheHitRate: number | undefined;
+						for (const e of ctx.sessionManager.getEntries()) {
+							if (e.type === "message" && e.message.role === "assistant") {
+								const m = e.message as AssistantMessage;
+								totalInput += m.usage.input;
+								totalOutput += m.usage.output;
+								totalCacheRead += m.usage.cacheRead;
+								totalCacheWrite += m.usage.cacheWrite;
+								totalCost += m.usage.cost.total;
+								const latestPromptTokens = m.usage.input + m.usage.cacheRead + m.usage.cacheWrite;
+								latestCacheHitRate = latestPromptTokens > 0
+									? (m.usage.cacheRead / latestPromptTokens) * 100
+									: undefined;
+							}
+						}
+
+						const contextUsage = ctx.getContextUsage();
+						const contextWindow = contextUsage?.contextWindow ?? ctx.model?.contextWindow ?? 0;
+						const contextPercentValue = contextUsage?.percent ?? 0;
+						const contextPercent = contextUsage?.percent !== null
+							? contextPercentValue.toFixed(1)
+							: "?";
+
+						// Build left stats
+						const parts: string[] = [];
+						if (totalInput) parts.push(`↑${fmtTokens(totalInput)}`);
+						if (totalOutput) parts.push(`↓${fmtTokens(totalOutput)}`);
+						if (totalCacheRead) parts.push(`R${fmtTokens(totalCacheRead)}`);
+						if (totalCacheWrite) parts.push(`W${fmtTokens(totalCacheWrite)}`);
+						if ((totalCacheRead > 0 || totalCacheWrite > 0) && latestCacheHitRate !== undefined) {
+							parts.push(`CH${latestCacheHitRate.toFixed(1)}%`);
+						}
+						const usingSubscription = ctx.model ? ctx.modelRegistry.isUsingOAuth(ctx.model) : false;
+						if (totalCost || usingSubscription) {
+							parts.push(`$${totalCost.toFixed(3)}${usingSubscription ? " (sub)" : ""}`);
+						}
+						const autoIndicator = " (auto)";
+						const contextPercentDisplay = contextPercent === "?"
+							? `?/${fmtTokens(contextWindow)}${autoIndicator}`
+							: `${contextPercent}%/${fmtTokens(contextWindow)}${autoIndicator}`;
+						let contextPercentStr: string;
+						if (contextPercentValue > 90) {
+							contextPercentStr = theme.fg("error", contextPercentDisplay);
+						} else if (contextPercentValue > 70) {
+							contextPercentStr = theme.fg("warning", contextPercentDisplay);
+						} else {
+							contextPercentStr = contextPercentDisplay;
+						}
+						parts.push(contextPercentStr);
+
+						const statsLeft = parts.join(" ");
+						const statsLeftWidth = visibleWidth(statsLeft);
+
+						// Right side: model info (dimmed) + highlighted plan mode indicator
+						const modelName = ctx.model?.id || "no-model";
+						let rightModelInfo = modelName;
+						if (ctx.model?.reasoning) {
+							const thinkingLevel = pi.getThinkingLevel() || "off";
+							rightModelInfo = thinkingLevel === "off"
+								? `${modelName} • thinking off`
+								: `${modelName} • ${thinkingLevel}`;
+						}
+						if (footerData.getAvailableProviderCount() > 1 && ctx.model) {
+							const withProvider = `(${ctx.model.provider}) ${rightModelInfo}`;
+							const minPad = 2;
+							if (statsLeftWidth + minPad + visibleWidth(withProvider) + visibleWidth(" | Plan mode") <= width) {
+								rightModelInfo = withProvider;
+							}
+						}
+
+						const planText = " | Plan mode";
+						const rightModelWidth = visibleWidth(rightModelInfo);
+						const planWidth = visibleWidth(planText);
+						const minPadding = 2;
+						const totalNeeded = statsLeftWidth + minPadding + rightModelWidth + planWidth;
+
+						let statsLine: string;
+						if (totalNeeded <= width) {
+							const padding = " ".repeat(width - statsLeftWidth - rightModelWidth - planWidth);
+							// Dim statsLeft and model info separately (statsLeft may have color codes from context %)
+							statsLine = theme.fg("dim", statsLeft) + theme.fg("dim", padding + rightModelInfo) + theme.fg("warning", planText);
+						} else {
+							const availableForRight = width - statsLeftWidth - minPadding;
+							if (availableForRight > 0) {
+								if (availableForRight <= planWidth) {
+									// Very tight: show only (part of) plan indicator
+									const trimmed = truncateToWidth(theme.fg("warning", planText), availableForRight, "");
+									const pad = " ".repeat(Math.max(0, width - statsLeftWidth - visibleWidth(trimmed)));
+									statsLine = theme.fg("dim", statsLeft) + pad + trimmed;
+								} else {
+									// Show model info (truncated if needed) + plan indicator
+									const availModel = availableForRight - planWidth;
+									const modelDisplay = truncateToWidth(rightModelInfo, availModel, "");
+									const pad = " ".repeat(Math.max(0, width - statsLeftWidth - visibleWidth(modelDisplay) - planWidth));
+									statsLine = theme.fg("dim", statsLeft) + theme.fg("dim", pad + modelDisplay) + theme.fg("warning", planText);
+								}
+							} else {
+								statsLine = theme.fg("dim", statsLeft);
+							}
+						}
+
+						lines.push(statsLine);
+
+						// Line 3: extension statuses (from setStatus calls by other extensions)
+						const extensionStatuses = footerData.getExtensionStatuses();
+						if (extensionStatuses.size > 0) {
+							const sortedStatuses = Array.from(extensionStatuses.entries())
+								.sort(([a], [b]) => a.localeCompare(b))
+								.map(([, text]) => sanitizeStatusText(text));
+							const statusLine = sortedStatuses.join(" ");
+							lines.push(truncateToWidth(statusLine, width, theme.fg("dim", "...")));
+						}
+
+						return lines;
+					},
+				};
+			});
+		} else {
+			ctx.ui.setFooter(undefined);
+		}
+	}
 	function persistState(): void {
 		pi.appendEntry("pi-plan", {
 			enabled: planModeEnabled,
@@ -332,7 +396,7 @@ export default function piPlanExtension(pi: ExtensionAPI): void {
 		if (key && preferences) {
 			preferences.perModel[key] = { planThinking, normalThinking };
 		}
-		setStatus(ctx);
+		updateFooter(ctx);
 		persistState();
 		persistPreferences();
 	}
@@ -342,10 +406,10 @@ export default function piPlanExtension(pi: ExtensionAPI): void {
 		executionMode = false;
 		enablePlanTools();
 		applyThinking(planThinking);
-		setStatus(ctx);
+		updateFooter(ctx);
 		clearPlanWidget(ctx);
 		persistState();
-		ctx.ui.notify(`Plan mode enabled. Thinking=${planThinking}. Plans will be written to ${PLAN_DIR}/`, "info");
+		ctx.ui.notify(`Plan mode enabled. Plans will be written to ${PLAN_DIR}/`, "info");
 	}
 
 	function leavePlanMode(ctx: ExtensionContext, restoreThinking = true): void {
@@ -353,10 +417,10 @@ export default function piPlanExtension(pi: ExtensionAPI): void {
 		executionMode = false;
 		restoreTools();
 		if (restoreThinking) applyThinking(normalThinking);
-		setStatus(ctx);
+		updateFooter(ctx);
 		clearPlanWidget(ctx);
 		persistState();
-		ctx.ui.notify(`Plan mode disabled. Thinking=${pi.getThinkingLevel()}.`, "info");
+		ctx.ui.notify("Plan mode disabled.", "info");
 	}
 
 	async function handlePlanCommand(args: string, ctx: ExtensionContext): Promise<void> {
@@ -374,7 +438,7 @@ export default function piPlanExtension(pi: ExtensionAPI): void {
 		lastPlanStatus = "approved";
 		restoreTools();
 		applyThinking(normalThinking);
-		setStatus(ctx);
+		updateFooter(ctx);
 		clearPlanWidget(ctx);
 		persistState();
 		persistPreferences();
@@ -584,7 +648,7 @@ export default function piPlanExtension(pi: ExtensionAPI): void {
 		} else if (executionMode) {
 			applyThinking(normalThinking);
 		}
-		setStatus(ctx);
+		updateFooter(ctx);
 		clearPlanWidget(ctx);
 	});
 
@@ -603,7 +667,7 @@ export default function piPlanExtension(pi: ExtensionAPI): void {
 				applyThinking(normalThinking);
 			}
 		}
-		setStatus(ctx);
+		updateFooter(ctx);
 		persistState();
 	});
 
@@ -624,6 +688,28 @@ export default function piPlanExtension(pi: ExtensionAPI): void {
 		}
 	});
 
+	pi.on("context", async (event) => {
+		// When not in plan mode or execution mode, filter out stale context messages
+		if (!planModeEnabled && !executionMode) {
+			return {
+				messages: event.messages.filter((m) => {
+					const msg = m as { customType?: string };
+					return msg.customType !== "pi-plan-context" && msg.customType !== "pi-plan-execution-context";
+				}),
+			};
+		}
+		// In execution mode, filter out stale plan mode context messages
+		if (executionMode && !planModeEnabled) {
+			return {
+				messages: event.messages.filter((m) => {
+					const msg = m as { customType?: string };
+					return msg.customType !== "pi-plan-context";
+				}),
+			};
+		}
+		// In plan mode, let all messages through
+	});
+
 	pi.on("before_agent_start", async (_event, ctx) => {
 		if (planModeEnabled) {
 			const relativePlan = lastPlanPath ? relativeToCwd(ctx.cwd, lastPlanPath) : `${PLAN_DIR}/<timestamp>-<title>.md`;
@@ -673,7 +759,7 @@ export default function piPlanExtension(pi: ExtensionAPI): void {
 			lastPlanStatus = "approved";
 			restoreTools();
 			applyThinking(normalThinking);
-			setStatus(ctx);
+			updateFooter(ctx);
 			clearPlanWidget(ctx);
 			persistState();
 			persistPreferences();

package/lib/bash-gating.ts

@@ -0,0 +1,154 @@
+/**
+ * Bash command gating logic for pi-plan's read-only plan mode.
+ * Extracted from index.ts so it can be tested without importing @earendil-works/pi-coding-agent.
+ */
+
+export const DESTRUCTIVE_BASH_PATTERNS = [
+	// File-system modifying commands — match only at command start (^) or after
+	// command separators (; && || | &), not after plain spaces within arguments.
+	/(?:^|(?:;\s*|&&\s*|\|\|?\s*|&\s*))(?:rm|rmdir|mv|cp|mkdir|touch|chmod|chown|tee)\b/i,
+	/(?:^|(?:;\s*|&&\s*|\|\|?\s*|&\s*))sudo\b/i,
+	/(?:^|(?:;\s*|&&\s*|\|\|?\s*|&\s*))(?:kill(?:all)?|pkill|rekill)\b/i,
+	/(?:^|(?:;\s*|&&\s*|\|\|?\s*|&\s*))(?:vim?|nano|emacs|code|subl)\b/i,
+	// File output redirects >, >>, 1>, 2> (NOT fd duplication like 2>&1)
+	// Matches after whitespace or command separators since that's how shell redirects work
+	/(?:^|[\s;|&])[0-9]*>(?!>|&\d)/,
+	/>>/,
+	// Package manager commands (\b prefix correctly checks first word)
+	/\bnpm\s+(install|uninstall|update|ci|link|publish)/i,
+	/\b(yarn|pnpm)\s+(add|remove|install|publish)/i,
+	/\bpip\s+(install|uninstall)/i,
+	/\bgit\s+(add|commit|push|pull|merge|rebase|reset|checkout|stash|cherry-pick|revert|tag|init|clone)/i,
+];
+
+export function isDestructiveBash(command: string): boolean {
+	return DESTRUCTIVE_BASH_PATTERNS.some((pattern) => pattern.test(command));
+}
+
+export function tokenizeSimpleCommand(command: string): string[] | undefined {
+	const trimmed = command.trim();
+	if (!trimmed) return [];
+	if (/[;&|`$(){}<>]/.test(trimmed)) return undefined;
+	// Only check the first word for interpreter names, not arguments.
+	// e.g., "which node" is read-only (node is an argument), "node script.js" is not.
+	const firstWord = trimmed.split(/\s+/)[0];
+	if (firstWord && /\b(python|python3|node|ruby|perl|php|sh|bash|zsh|fish)\b/i.test(firstWord)) return undefined;
+	if (/['"]/.test(trimmed)) {
+		// Parse tokens respecting quotes so quoted paths like ls "C:\\path" work.
+		const tokens: string[] = [];
+		let current = "";
+		let inQuote: '"' | "'" | null = null;
+		for (const ch of trimmed) {
+			if (inQuote) {
+				if (ch === inQuote) {
+					inQuote = null;
+				} else {
+					current += ch;
+				}
+			} else if (ch === '"' || ch === "'") {
+				inQuote = ch;
+			} else if (/\s/.test(ch)) {
+				if (current) {
+					tokens.push(current);
+					current = "";
+				}
+			} else {
+				current += ch;
+			}
+		}
+		if (current) tokens.push(current);
+		return tokens;
+	}
+	return trimmed.split(/\s+/).filter(Boolean);
+}
+
+export function sanitizeCommand(command: string): string[] {
+	let sanitized = command;
+
+	// Strip /dev/null redirects: 2>/dev/null, >/dev/null, >>/dev/null, &>/dev/null
+	sanitized = sanitized.replace(/\d*>>?\s*\/dev\/null/g, "");
+	sanitized = sanitized.replace(/&>\s*\/dev\/null/g, "");
+	// Strip Windows nul redirects: 2>nul, >nul, >>nul, &>nul
+	sanitized = sanitized.replace(/\d*>>?\s*nul\b/g, "");
+	sanitized = sanitized.replace(/&>\s*nul\b/g, "");
+	// Strip fd redirections: 2>&1, 1>&2, etc.
+	sanitized = sanitized.replace(/\s*\d*>&\d+\s*/g, " ");
+
+	// Strip cd <path> &&  /  cd <path> ;  prefix
+	sanitized = sanitized.replace(/^cd\s+(?:"[^"]*"|'[^']*'|[^\s;&|]+)\s*(?:&&|;)\s*/i, "").trim();
+
+	// Split on && and ; (chaining operators) to validate each segment independently.
+	// || remains blocked because it introduces conditional/fallback execution paths.
+	const chainSegments = sanitized.split(/\s*&&\s*|\s*;\s*/).map((s) => s.trim()).filter(Boolean);
+	if (chainSegments.length === 0) return [];
+
+	// Within each chain segment, further split on pipes for per-segment validation
+	const allSegments: string[] = [];
+	for (const segment of chainSegments) {
+		if (segment.includes("|")) {
+			allSegments.push(...segment.split("|").map((s) => s.trim()).filter(Boolean));
+		} else {
+			allSegments.push(segment);
+		}
+	}
+
+	return allSegments;
+}
+
+function hasOptionValue(tokens: string[], index: number): boolean {
+	return index + 1 < tokens.length && !tokens[index + 1].startsWith("-");
+}
+
+function isAllowedNpmMetadataCommand(tokens: string[]): boolean {
+	if (tokens[0] !== "npm" || !["view", "info"].includes(tokens[1])) return false;
+	let hasSpec = false;
+	for (let index = 2; index < tokens.length; index += 1) {
+		const token = tokens[index];
+		if (["--registry", "--tag"].includes(token)) {
+			if (!hasOptionValue(tokens, index)) return false;
+			index += 1;
+			continue;
+		}
+		if (token.startsWith("--registry=") || token.startsWith("--tag=") || token === "--json" || token === "--parseable" || token === "--silent") continue;
+		if (token.startsWith("-")) return false;
+		hasSpec = true;
+	}
+	return hasSpec;
+}
+
+function isAllowedGitCommand(tokens: string[]): boolean {
+	if (tokens[0] !== "git" || !tokens[1]) return false;
+	const subcommand = tokens[1];
+	// -- is a standard POSIX argument separator; filter it out before subcommand-specific checks
+	const args = tokens.slice(2).filter((arg) => arg !== "--");
+	if (["add", "commit", "push", "pull", "merge", "rebase", "reset", "checkout", "switch", "restore", "stash", "cherry-pick", "revert", "tag", "init", "clone", "fetch", "remote", "config", "worktree"].includes(subcommand)) return false;
+
+	if (subcommand === "status") {
+		// Flags must match the allowlist; positional args (paths) are always read-only
+		const flags = args.filter((arg) => arg.startsWith("-"));
+		return flags.every((arg) => ["--short", "-s", "--porcelain", "--porcelain=v1", "--porcelain=v2", "--branch", "-b", "--ignored", "--ignored=matching", "--ignored=traditional", "--ignored=no", "--untracked-files", "--untracked-files=no", "--untracked-files=normal", "--untracked-files=all", "-uno", "-unormal", "-uall"].includes(arg));
+	}
+	if (subcommand === "diff") return !args.some((arg) => arg === "--output" || arg.startsWith("--output=") || arg === "--ext-diff" || arg === "--textconv");
+	if (["show", "log", "rev-parse", "ls-files"].includes(subcommand)) return true;
+	if (subcommand === "branch") {
+		const mutating = new Set(["-d", "-D", "-m", "-M", "-c", "-C", "--delete", "--move", "--copy", "--set-upstream-to", "--track", "--unset-upstream", "--edit-description"]);
+		return !args.some((arg) => mutating.has(arg) || arg.startsWith("--set-upstream-to=") || arg === "-u");
+	}
+	return false;
+}
+
+export function isReadOnlyBash(command: string): boolean {
+	const segments = sanitizeCommand(command);
+	if (segments.length === 0) return true;
+
+	return segments.every((segment) => {
+		const tokens = tokenizeSimpleCommand(segment);
+		if (!tokens) return false;
+		if (tokens.length === 0) return true;
+		const normalized = tokens[0] === "rtk" ? tokens.slice(1) : tokens;
+		if (normalized.length === 0) return false;
+		if (isAllowedGitCommand(normalized)) return true;
+		if (isAllowedNpmMetadataCommand(normalized)) return true;
+		return /^(rg|grep|find|fd|ls|pwd|cat|head|tail|sed|awk|wc|sort|uniq|cut|echo|read|where|which|findstr|type)$/.test(normalized[0]);
+	});
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bacnh85/pi-plan",
-  "version": "0.1.9",
+  "version": "0.3.0",
   "description": "Pi extension that adds a plan mode with workspace markdown plans and thinking-level presets.",
   "license": "MIT",
   "publishConfig": {
@@ -24,15 +24,25 @@
   ],
   "files": [
     "README.md",
-    "index.ts"
+    "index.ts",
+    "lib/"
   ],
   "pi": {
     "extensions": [
       "./index.ts"
     ]
   },
+  "scripts": {
+    "test": "mocha"
+  },
   "peerDependencies": {
     "@earendil-works/pi-coding-agent": "*",
     "typebox": "*"
+  },
+  "devDependencies": {
+    "@types/node": "^20.19.43",
+    "chai": "^4.5.0",
+    "mocha": "^10.8.2",
+    "tsx": "^4.22.4"
   }
 }