@dcl-regenesislabs/opendcl 0.1.0-22234509684.commit-63dfd19 → 0.1.0-22239132687.commit-eccf1dd

package/README.md

@@ -2,9 +2,26 @@
 
 [![CI](https://github.com/dcl-regenesislabs/opendcl/actions/workflows/ci.yaml/badge.svg)](https://github.com/dcl-regenesislabs/opendcl/actions/workflows/ci.yaml)
 
-AI coding assistant for Decentraland SDK7 scene development.
+Build Decentraland scenes with AI. Describe what you want in plain language — OpenDCL handles the SDK7 code, ECS architecture, and deployment for you.
 
-OpenDCL is a terminal-based AI agent that understands Decentraland's SDK, components, and patterns out of the box. It helps creators — from beginners to experienced developers — build interactive 3D scenes faster using natural language.
+OpenDCL is a terminal-based AI agent that knows Decentraland inside out: every component, every pattern, every constraint. Whether you're a first-time creator or a seasoned developer, you go from idea to running scene in minutes instead of hours.
+
+## Why OpenDCL?
+
+Building a Decentraland scene today means learning SDK7, an entity-component-system architecture, TypeScript, 60+ ECS components, parcel size limits, a QuickJS sandbox with no Node.js APIs, and a deployment pipeline. That's a steep learning curve — and it slows down even experienced developers on repetitive tasks.
+
+OpenDCL puts an AI assistant in your terminal that already knows all of this. You describe what you want, and it writes correct, deployable scene code. It validates TypeScript as it goes, knows which 3D assets are freely available, and handles multiplayer sync, UI, animations, and deployment config without you needing to look anything up.
+
+The result: **more creators building more scenes, faster.**
+
+## Use Cases
+
+- **Beginners & non-developers** — "Build me a gallery with clickable paintings." Go from zero to a working scene without writing code manually.
+- **Experienced developers** — Skip the boilerplate. Let the agent handle multiplayer sync, UI scaffolding, and deployment config while you focus on creative decisions.
+- **Teams & studios** — Prototype scene concepts quickly and iterate before committing full dev resources.
+- **Land owners & brands** — Build and update experiences on your LAND without hiring a dedicated development team.
+- **Event organizers** — Spin up interactive stages, gathering areas, and event spaces fast.
+- **Hackathons & game jams** — Go from concept to deployed scene in hours instead of days.
 
 ## Features
 
@@ -15,6 +32,7 @@ OpenDCL is a terminal-based AI agent that understands Decentraland's SDK, compon
 - **Integrated commands** — `/init` to scaffold, `/preview` to launch the dev server, `/tasks` to manage running processes, `/review` to audit code
 - **TypeScript validation** — catches type errors immediately after writing code
 - **Free 3D asset catalog** — 900+ CC0-licensed models the agent can suggest and help you use
+- **Permission gate** — prompts for confirmation before destructive bash commands or writes to sensitive files
 - **Session persistence** — pick up where you left off across sessions
 
 ## Quick Start
@@ -137,7 +155,8 @@ opendcl/
 │   ├── dcl-update-check.ts   # Checks npm for newer OpenDCL versions
 │   ├── dcl-validate.ts       # Post-write TypeScript validation
 │   ├── dcl-tasks.ts          # /tasks command (process manager)
-│   └── process-registry.ts   # Shared background process registry
+│   ├── process-registry.ts   # Shared background process registry
+│   └── permissions/           # Permission gate for dangerous operations
 ├── skills/                   # 18 SKILL.md files (domain expertise)
 ├── prompts/                  # System prompt + command templates
 ├── context/                  # SDK7 reference docs + asset catalog

package/dist/index.js

@@ -51,6 +51,7 @@ for (const ext of extensions) {
     args.push("-e", join(extDir, ext));
 }
 args.push("-e", join(extDir, "plan-mode/index.ts"));
+args.push("-e", join(extDir, "permissions/index.ts"));
 // Load all skill directories
 args.push("--skill", join(packageDir, "skills"));
 // Load prompt templates (review, explain — NOT system.md since that's the system prompt)

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;GAIG;AAEH,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAE1C,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AACtC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;AAEzC,uFAAuF;AACvF,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;AACtD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC;IACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,GAAG,QAAQ,CAAC;AAC7C,CAAC;AAED,wEAAwE;AACxE,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;AACrD,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;IAC9B,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,iBAAiB,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AAC3F,CAAC;AAED,yCAAyC;AACzC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AAEnC,iFAAiF;AACjF,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;IACtC,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,UAAU,EAAE,mBAAmB,CAAC,EAAE,OAAO,CAAC,CAAC;IACzE,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,uBAAuB,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACrE,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,YAAY,CAAC,CAAC;AAC7C,CAAC;AAED,sBAAsB;AACtB,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;AAC9C,MAAM,UAAU,GAAG;IACjB,gBAAgB;IAChB,gBAAgB;IAChB,aAAa;IACb,eAAe;IACf,cAAc;IACd,qBAAqB;IACrB,iBAAiB;IACjB,eAAe;IACf,qBAAqB;IACrB,eAAe;IACf,cAAc;CACf,CAAC;AACF,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;IAC7B,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;AACrC,CAAC;AACD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC,CAAC;AAEpD,6BAA6B;AAC7B,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;AAEjD,yFAAyF;AACzF,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC,CAAC;AACtE,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC,UAAU,EAAE,oBAAoB,CAAC,CAAC,CAAC;AAEvE,gFAAgF;AAChF,mEAAmE;AACnE,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;IACb,OAAO,CAAC,GAAG,CAAC,qBAAqB,GAAG,GAAG,CAAC;AAC1C,CAAC;AAED,6EAA6E;AAC7E,sEAAsE;AACtE,MAAM,YAAY,GAAG,eAAe,CAAC,SAAS,CAAC,WAAW,CAAC;AAC3D,eAAe,CAAC,SAAS,CAAC,WAAW,GAAG,UAAU,GAAW;IAC3D,IAAI,GAAG,CAAC,UAAU,CAAC,qBAAqB,CAAC;QAAE,OAAO;IAClD,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;AAC/B,CAAC,CAAC;AAEF,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACvB,OAAO,CAAC,KAAK,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;IAC3C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;GAIG;AAEH,OAAO,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAE1C,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AACtC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;AAEzC,uFAAuF;AACvF,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;AACtD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC;IACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,GAAG,QAAQ,CAAC;AAC7C,CAAC;AAED,wEAAwE;AACxE,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;AACrD,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;IAC9B,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,iBAAiB,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;AAC3F,CAAC;AAED,yCAAyC;AACzC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AAEnC,iFAAiF;AACjF,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;IACtC,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,UAAU,EAAE,mBAAmB,CAAC,EAAE,OAAO,CAAC,CAAC;IACzE,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,uBAAuB,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACrE,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,YAAY,CAAC,CAAC;AAC7C,CAAC;AAED,sBAAsB;AACtB,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;AAC9C,MAAM,UAAU,GAAG;IACjB,gBAAgB;IAChB,gBAAgB;IAChB,aAAa;IACb,eAAe;IACf,cAAc;IACd,qBAAqB;IACrB,iBAAiB;IACjB,eAAe;IACf,qBAAqB;IACrB,eAAe;IACf,cAAc;CACf,CAAC;AACF,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;IAC7B,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC;AACrC,CAAC;AACD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC,CAAC;AACpD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC,CAAC;AAEtD,6BAA6B;AAC7B,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;AAEjD,yFAAyF;AACzF,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC,CAAC;AACtE,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC,UAAU,EAAE,oBAAoB,CAAC,CAAC,CAAC;AAEvE,gFAAgF;AAChF,mEAAmE;AACnE,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;IACb,OAAO,CAAC,GAAG,CAAC,qBAAqB,GAAG,GAAG,CAAC;AAC1C,CAAC;AAED,6EAA6E;AAC7E,sEAAsE;AACtE,MAAM,YAAY,GAAG,eAAe,CAAC,SAAS,CAAC,WAAW,CAAC;AAC3D,eAAe,CAAC,SAAS,CAAC,WAAW,GAAG,UAAU,GAAW;IAC3D,IAAI,GAAG,CAAC,UAAU,CAAC,qBAAqB,CAAC;QAAE,OAAO;IAClD,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;AAC/B,CAAC,CAAC;AAEF,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACvB,OAAO,CAAC,KAAK,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAC;IAC3C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/extensions/permissions/index.ts

@@ -0,0 +1,77 @@
+/**
+ * Permission Gate Extension
+ *
+ * Prompts for confirmation before dangerous bash commands or writes to
+ * sensitive files. Blocks entirely in non-interactive mode.
+ * Disable with --no-permissions flag (for CI/container environments).
+ */
+
+import type { ExtensionFactory } from "@mariozechner/pi-coding-agent";
+import { classifyBashCommand, classifyFilePath } from "./utils.js";
+
+function blockResult(reason: string, detail: string): { block: true; reason: string } {
+  return {
+    block: true,
+    reason: `Blocked: ${reason}\n${detail}\nUse --no-permissions to allow in non-interactive mode.`,
+  };
+}
+
+function denyResult(reason: string): { block: true; reason: string } {
+  return { block: true, reason: `User denied: ${reason}` };
+}
+
+const ALLOW = "Allow";
+const ALWAYS = "Always allow";
+const DENY = "Deny";
+
+const extension: ExtensionFactory = (pi) => {
+  const sessionAllow = new Set<string>();
+
+  pi.registerFlag("no-permissions", {
+    description: "Disable permission gate (skip confirmation prompts for dangerous operations)",
+    type: "boolean",
+    default: false,
+  });
+
+  pi.on("tool_call", async (event, ctx) => {
+    if (pi.getFlag("no-permissions") === true) return;
+
+    const toolName = event.toolName as string;
+
+    if (toolName === "bash") {
+      const command = (event.input as { command?: string }).command ?? "";
+      const reason = classifyBashCommand(command);
+      if (!reason || sessionAllow.has(reason)) return;
+
+      if (!ctx.hasUI) return blockResult(reason, `Command: ${command}`);
+
+      const choice = await ctx.ui.select(
+        `${reason}\nCommand: ${command}`,
+        [ALLOW, ALWAYS, DENY],
+      );
+
+      if (choice === ALWAYS) { sessionAllow.add(reason); return; }
+      if (choice === ALLOW) return;
+      return denyResult(reason);
+    }
+
+    if (toolName === "write" || toolName === "edit") {
+      const filePath = (event.input as { path?: string }).path ?? "";
+      const reason = filePath ? classifyFilePath(filePath, ctx.cwd) : null;
+      if (!reason || sessionAllow.has(reason)) return;
+
+      if (!ctx.hasUI) return blockResult(reason, `Path: ${filePath}`);
+
+      const choice = await ctx.ui.select(
+        `${reason}\nFile: ${filePath}`,
+        [ALLOW, ALWAYS, DENY],
+      );
+
+      if (choice === ALWAYS) { sessionAllow.add(reason); return; }
+      if (choice === ALLOW) return;
+      return denyResult(reason);
+    }
+  });
+};
+
+export default extension;

package/extensions/permissions/utils.ts

@@ -0,0 +1,82 @@
+/**
+ * Pure classification functions for permission gating.
+ * No pi dependency — extracted for testability.
+ */
+
+import { resolve, relative } from "node:path";
+
+interface DenylistEntry {
+  pattern: RegExp;
+  reason: string;
+}
+
+const DANGEROUS_BASH_PATTERNS: DenylistEntry[] = [
+  { pattern: /\brm\b/, reason: "Deletes files or directories" },
+  { pattern: /\brmdir\b/, reason: "Removes directories" },
+  { pattern: /\bmv\b/, reason: "Moves or renames files" },
+  { pattern: /\bchmod\b/, reason: "Changes file permissions" },
+  { pattern: /\bchown\b/, reason: "Changes file ownership" },
+  { pattern: /\bdd\b/, reason: "Low-level disk write" },
+  { pattern: /\bshred\b/, reason: "Securely deletes files" },
+  { pattern: /\bsudo\b/, reason: "Runs with elevated privileges" },
+  { pattern: /\bsu\b/, reason: "Switches user" },
+  { pattern: /\bkill\b/, reason: "Terminates a process" },
+  { pattern: /\bpkill\b/, reason: "Terminates processes by name" },
+  { pattern: /\bkillall\b/, reason: "Terminates all matching processes" },
+  { pattern: /\bgit\s+push\b/i, reason: "Pushes to a remote repository" },
+  { pattern: /\bgit\s+reset\b/i, reason: "Resets git state" },
+  { pattern: /\bgit\s+rebase\b/i, reason: "Rebases git history" },
+  { pattern: /\bnpm\s+install\b/i, reason: "Installs npm packages (may run postinstall scripts)" },
+  { pattern: /\bnpm\s+uninstall\b/i, reason: "Uninstalls npm packages" },
+  { pattern: /\bnpm\s+publish\b/i, reason: "Publishes to npm registry" },
+  { pattern: /\bcurl\b.*(-X\s*(POST|PUT|DELETE|PATCH)|--data|-d\s|-F\s|--upload)/i, reason: "Sends data via HTTP" },
+  { pattern: /\bssh\b/, reason: "Opens remote shell connection" },
+  { pattern: /\bscp\b/, reason: "Copies files to/from remote host" },
+  { pattern: /\breboot\b/, reason: "Reboots the system" },
+  { pattern: /\bshutdown\b/, reason: "Shuts down the system" },
+  { pattern: /\btee\b/, reason: "Writes to files via pipe" },
+  { pattern: /(^|\s)>(?![>&])\s*\S/, reason: "Redirects output to a file" },
+  { pattern: />>/, reason: "Appends output to a file" },
+];
+
+const SENSITIVE_FILE_PATTERNS: DenylistEntry[] = [
+  { pattern: /\.env($|\.)/, reason: "Environment variables (may contain secrets)" },
+  { pattern: /\.pem$/, reason: "Private key file" },
+  { pattern: /\.key$/, reason: "Private key file" },
+  { pattern: /\.crt$/, reason: "Certificate file" },
+  { pattern: /credentials/i, reason: "Credentials file" },
+  { pattern: /\.secret/i, reason: "Secret file" },
+  { pattern: /(^|\/)package\.json$/, reason: "Package manifest (affects dependencies)" },
+  { pattern: /(^|\/)tsconfig\.json$/, reason: "TypeScript configuration" },
+  { pattern: /(^|\/)\.git\//, reason: "Git internal file" },
+];
+
+function findMatchingReason(entries: DenylistEntry[], value: string): string | null {
+  for (const { pattern, reason } of entries) {
+    if (pattern.test(value)) return reason;
+  }
+  return null;
+}
+
+/**
+ * Returns a reason string if the command is dangerous, or null if safe.
+ * Callers can use the return value as both a boolean guard and a message.
+ */
+export function classifyBashCommand(command: string): string | null {
+  return findMatchingReason(DANGEROUS_BASH_PATTERNS, command);
+}
+
+/**
+ * Returns a reason string if the file path is sensitive or outside the
+ * project root, or null if safe.
+ */
+export function classifyFilePath(filePath: string, projectRoot: string): string | null {
+  const resolved = resolve(projectRoot, filePath);
+  const rel = relative(projectRoot, resolved);
+
+  if (rel.startsWith("..")) {
+    return "File is outside the project root";
+  }
+
+  return findMatchingReason(SENSITIVE_FILE_PATTERNS, filePath);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dcl-regenesislabs/opendcl",
-  "version": "0.1.0-22234509684.commit-63dfd19",
+  "version": "0.1.0-22239132687.commit-eccf1dd",
   "description": "AI coding assistant for Decentraland SDK7 scene development",
   "type": "module",
   "bin": {
@@ -61,5 +61,5 @@
     "prompts/",
     "context/"
   ],
-  "commit": "63dfd19efba3c9161937a7f24abcc4f95b478473"
+  "commit": "eccf1ddf7568056584700b927142426e95be390d"
 }