@diegopetrucci/pi-extensions 0.1.5 → 0.1.7

package/README.md

@@ -8,6 +8,8 @@ A collection of [pi](https://github.com/badlogic/pi-mono) agent extensions I mad
 |---|---|
 | [`minimal-footer`](./extensions/minimal-footer) | Replaces pi's built-in footer with a minimal two-line layout: branch/repo on the first line, context/model on the second. |
 | [`oracle`](./extensions/oracle) | Adds an Amp-style read-only oracle tool that auto-selects the strongest reasoning model on the current provider/subscription, covers pi’s built-in providers with hardcoded rankings, sets reasoning to xhigh by default, and shows live status while running. |
+| [`permission-gate`](./extensions/permission-gate) | Prompts for confirmation before dangerous bash commands like `rm -rf`, `sudo`, and `chmod 777`. |
+| [`confirm-destructive`](./extensions/confirm-destructive) | Confirms before destructive session actions like clear, switch, and fork. |
 
 ## Install
 
@@ -22,7 +24,7 @@ pi install git:github.com/diegopetrucci/pi-extensions
 Or pin to a tagged version:
 
 ```bash
-pi install git:github.com/diegopetrucci/pi-extensions@v0.1.5
+pi install git:github.com/diegopetrucci/pi-extensions@v0.1.7
 ```
 
 ### npm
@@ -53,6 +55,14 @@ pi install npm:@diegopetrucci/pi-minimal-footer
 pi install npm:@diegopetrucci/pi-oracle
 ```
 
+```bash
+pi install npm:@diegopetrucci/pi-permission-gate
+```
+
+```bash
+pi install npm:@diegopetrucci/pi-confirm-destructive
+```
+
 ### Option 2: filter the repo package
 
 If you prefer the collection package, you can filter it in your pi settings.
@@ -83,25 +93,35 @@ Oracle only:
 }
 ```
 
-## npm publishing
-
-The repo is set up to support both:
-
-- the collection package: `@diegopetrucci/pi-extensions`
-- standalone extension packages like `@diegopetrucci/pi-minimal-footer`
+Permission gate only:
 
-## Repository structure
+```json
+{
+  "packages": [
+    {
+      "source": "npm:@diegopetrucci/pi-extensions",
+      "extensions": ["extensions/permission-gate/index.ts"]
+    }
+  ]
+}
+```
 
-Each extension lives in its own subdirectory under [`extensions/`](./extensions). This keeps the repo easy to grow while still letting each extension carry its own package metadata and documentation.
+Confirm destructive only:
 
-## Oracle docs
+```json
+{
+  "packages": [
+    {
+      "source": "npm:@diegopetrucci/pi-extensions",
+      "extensions": ["extensions/confirm-destructive/index.ts"]
+    }
+  ]
+}
+```
 
-- [Oracle provider matrix](./docs/oracle-provider-matrix.md)
-- [Release notes for v0.1.5](./docs/release-notes-v0.1.5.md)
-- [GitHub release body for v0.1.5](./docs/github-release-v0.1.5.md)
-- [Publish checklist for v0.1.5](./docs/publish-checklist-v0.1.5.md)
-- [Announcement copy for v0.1.5](./docs/announcement-v0.1.5.md)
+## npm publishing
 
-## License
+The repo is set up to support both:
 
-[MIT](./LICENSE)
+- the collection package: `@diegopetrucci/pi-extensions`
+- standalone extension packages like `@diegopetrucci/pi-minimal-footer`, `@diegopetrucci/pi-oracle`, `@diegopetrucci/pi-permission-gate`, and `@diegopetrucci/pi-confirm-destructive`

package/extensions/confirm-destructive/README.md

@@ -0,0 +1,43 @@
+# confirm-destructive
+
+A small pi extension that asks for confirmation before destructive session actions.
+
+This is adapted from the original `confirm-destructive.ts` example in [`badlogic/pi-mono`](https://github.com/badlogic/pi-mono/blob/main/packages/coding-agent/examples/extensions/confirm-destructive.ts) and kept basically the same.
+
+## What it checks
+
+- clearing the current session
+- switching sessions when the current session has user messages
+- forking from an entry
+
+## Install
+
+### Standalone npm package
+
+```bash
+pi install npm:@diegopetrucci/pi-confirm-destructive
+```
+
+### Collection package
+
+```bash
+pi install npm:@diegopetrucci/pi-extensions
+```
+
+### GitHub package
+
+```bash
+pi install git:github.com/diegopetrucci/pi-extensions
+```
+
+Then reload pi:
+
+```text
+/reload
+```
+
+## Notes
+
+- Hooks `session_before_switch` and `session_before_fork`.
+- Cancels the action when the user declines.
+- Does nothing in non-interactive mode.

package/extensions/confirm-destructive/index.ts

@@ -0,0 +1,59 @@
+/**
+ * Confirm Destructive Actions Extension
+ *
+ * Prompts for confirmation before destructive session actions (clear, switch, branch).
+ * Demonstrates how to cancel session events using the before_* events.
+ */
+
+import type { ExtensionAPI, SessionBeforeSwitchEvent, SessionMessageEntry } from "@mariozechner/pi-coding-agent";
+
+export default function (pi: ExtensionAPI) {
+	pi.on("session_before_switch", async (event: SessionBeforeSwitchEvent, ctx) => {
+		if (!ctx.hasUI) return;
+
+		if (event.reason === "new") {
+			const confirmed = await ctx.ui.confirm(
+				"Clear session?",
+				"This will delete all messages in the current session.",
+			);
+
+			if (!confirmed) {
+				ctx.ui.notify("Clear cancelled", "info");
+				return { cancel: true };
+			}
+			return;
+		}
+
+		// reason === "resume" - check if there are unsaved changes (messages since last assistant response)
+		const entries = ctx.sessionManager.getEntries();
+		const hasUnsavedWork = entries.some(
+			(e): e is SessionMessageEntry => e.type === "message" && e.message.role === "user",
+		);
+
+		if (hasUnsavedWork) {
+			const confirmed = await ctx.ui.confirm(
+				"Switch session?",
+				"You have messages in the current session. Switch anyway?",
+			);
+
+			if (!confirmed) {
+				ctx.ui.notify("Switch cancelled", "info");
+				return { cancel: true };
+			}
+		}
+	});
+
+	pi.on("session_before_fork", async (event, ctx) => {
+		if (!ctx.hasUI) return;
+
+		const choice = await ctx.ui.select(`Fork from entry ${event.entryId.slice(0, 8)}?`, [
+			"Yes, create fork",
+			"No, stay in current session",
+		]);
+
+		if (choice !== "Yes, create fork") {
+			ctx.ui.notify("Fork cancelled", "info");
+			return { cancel: true };
+		}
+	});
+}

package/extensions/confirm-destructive/package.json

@@ -0,0 +1,27 @@
+{
+  "name": "@diegopetrucci/pi-confirm-destructive",
+  "version": "0.1.0",
+  "description": "A pi extension that confirms destructive session actions.",
+  "keywords": ["pi-package", "pi", "session", "safety"],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/diegopetrucci/pi-extensions.git",
+    "directory": "extensions/confirm-destructive"
+  },
+  "files": [
+    "index.ts",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "pi": {
+    "extensions": [
+      "index.ts"
+    ]
+  },
+  "peerDependencies": {
+    "@mariozechner/pi-coding-agent": "*"
+  }
+}

package/extensions/permission-gate/README.md

@@ -0,0 +1,45 @@
+# permission-gate
+
+A small pi extension that prompts for confirmation before running potentially dangerous bash commands.
+
+This is adapted from the original `permission-gate.ts` example in [`badlogic/pi-mono`](https://github.com/badlogic/pi-mono/blob/main/packages/coding-agent/examples/extensions/permission-gate.ts) and kept basically the same.
+
+## What it checks
+
+- `rm -rf`
+- `sudo`
+- `chmod` / `chown` with `777`
+
+If pi is running without an interactive UI, it blocks matching commands by default.
+
+## Install
+
+### Standalone npm package
+
+```bash
+pi install npm:@diegopetrucci/pi-permission-gate
+```
+
+### Collection package
+
+```bash
+pi install npm:@diegopetrucci/pi-extensions
+```
+
+### GitHub package
+
+```bash
+pi install git:github.com/diegopetrucci/pi-extensions
+```
+
+Then reload pi:
+
+```text
+/reload
+```
+
+## Notes
+
+- Hooks the `tool_call` event.
+- Only inspects the `bash` tool.
+- Prompts with a simple `Yes` / `No` selector before allowing dangerous commands.

package/extensions/permission-gate/index.ts

@@ -0,0 +1,34 @@
+/**
+ * Permission Gate Extension
+ *
+ * Prompts for confirmation before running potentially dangerous bash commands.
+ * Patterns checked: rm -rf, sudo, chmod/chown 777
+ */
+
+import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+
+export default function (pi: ExtensionAPI) {
+	const dangerousPatterns = [/\brm\s+(-rf?|--recursive)/i, /\bsudo\b/i, /\b(chmod|chown)\b.*777/i];
+
+	pi.on("tool_call", async (event, ctx) => {
+		if (event.toolName !== "bash") return undefined;
+
+		const command = event.input.command as string;
+		const isDangerous = dangerousPatterns.some((p) => p.test(command));
+
+		if (isDangerous) {
+			if (!ctx.hasUI) {
+				// In non-interactive mode, block by default
+				return { block: true, reason: "Dangerous command blocked (no UI for confirmation)" };
+			}
+
+			const choice = await ctx.ui.select(`⚠️ Dangerous command:\n\n  ${command}\n\nAllow?`, ["Yes", "No"]);
+
+			if (choice !== "Yes") {
+				return { block: true, reason: "Blocked by user" };
+			}
+		}
+
+		return undefined;
+	});
+}

package/extensions/permission-gate/package.json

@@ -0,0 +1,27 @@
+{
+  "name": "@diegopetrucci/pi-permission-gate",
+  "version": "0.1.0",
+  "description": "A pi extension that prompts before dangerous bash commands.",
+  "keywords": ["pi-package", "pi", "security", "bash"],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/diegopetrucci/pi-extensions.git",
+    "directory": "extensions/permission-gate"
+  },
+  "files": [
+    "index.ts",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "pi": {
+    "extensions": [
+      "index.ts"
+    ]
+  },
+  "peerDependencies": {
+    "@mariozechner/pi-coding-agent": "*"
+  }
+}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@diegopetrucci/pi-extensions",
-  "version": "0.1.5",
-  "description": "A collection of pi extensions, including a minimal custom footer and an Amp-style oracle.",
+  "version": "0.1.7",
+  "description": "A collection of pi extensions, including a minimal custom footer, an Amp-style oracle, a permission gate for dangerous bash commands, and confirm-before-destructive session actions.",
   "keywords": ["pi-package", "pi", "terminal", "agent"],
   "license": "MIT",
   "repository": {
@@ -27,7 +27,9 @@
   "pi": {
     "extensions": [
       "./extensions/minimal-footer/index.ts",
-      "./extensions/oracle/index.ts"
+      "./extensions/oracle/index.ts",
+      "./extensions/permission-gate/index.ts",
+      "./extensions/confirm-destructive/index.ts"
     ],
     "image": "https://raw.githubusercontent.com/diegopetrucci/pi-extensions/main/assets/oracle-preview.svg"
   }