@gotgenes/pi-permission-system 0.7.0

package/src/skill-prompt-sanitizer.ts

@@ -0,0 +1,344 @@
+import { homedir } from "node:os";
+import { dirname, join, normalize, resolve, sep } from "node:path";
+
+import type { PermissionManager } from "./permission-manager.js";
+import type { PermissionState } from "./types.js";
+
+const AVAILABLE_SKILLS_OPEN_TAG = "<available_skills>";
+const AVAILABLE_SKILLS_CLOSE_TAG = "</available_skills>";
+const SKILL_BLOCK_PATTERN = "<skill>([\\s\\S]*?)<\\/skill>";
+const SKILL_NAME_REGEX = /<name>([\s\S]*?)<\/name>/;
+const SKILL_DESCRIPTION_REGEX = /<description>([\s\S]*?)<\/description>/;
+const SKILL_LOCATION_REGEX = /<location>([\s\S]*?)<\/location>/;
+
+type ParsedSkillPromptEntry = {
+  name: string;
+  description: string;
+  location: string;
+};
+
+export type SkillPromptEntry = {
+  name: string;
+  description: string;
+  location: string;
+  state: PermissionState;
+  normalizedLocation: string;
+  normalizedBaseDir: string;
+};
+
+export type SkillPromptSection = {
+  start: number;
+  end: number;
+  entries: ParsedSkillPromptEntry[];
+};
+
+function decodeXml(value: string): string {
+  return value
+    .replace(/&lt;/g, "<")
+    .replace(/&gt;/g, ">")
+    .replace(/&quot;/g, '"')
+    .replace(/&apos;/g, "'")
+    .replace(/&amp;/g, "&");
+}
+
+function encodeXml(value: string): string {
+  return value
+    .replace(/&/g, "&amp;")
+    .replace(/</g, "&lt;")
+    .replace(/>/g, "&gt;")
+    .replace(/"/g, "&quot;")
+    .replace(/'/g, "&apos;");
+}
+
+function normalizePathForComparison(pathValue: string, cwd: string): string {
+  const trimmed = pathValue.trim().replace(/^['"]|['"]$/g, "");
+  if (!trimmed) {
+    return "";
+  }
+
+  let normalizedPath = trimmed.startsWith("@") ? trimmed.slice(1) : trimmed;
+
+  if (normalizedPath === "~") {
+    normalizedPath = homedir();
+  } else if (
+    normalizedPath.startsWith("~/") ||
+    normalizedPath.startsWith("~\\")
+  ) {
+    normalizedPath = join(homedir(), normalizedPath.slice(2));
+  }
+
+  const absolutePath = resolve(cwd, normalizedPath);
+  const normalizedAbsolutePath = normalize(absolutePath);
+  return process.platform === "win32"
+    ? normalizedAbsolutePath.toLowerCase()
+    : normalizedAbsolutePath;
+}
+
+function isPathWithinDirectory(pathValue: string, directory: string): boolean {
+  if (!pathValue || !directory) {
+    return false;
+  }
+
+  if (pathValue === directory) {
+    return true;
+  }
+
+  const prefix = directory.endsWith(sep) ? directory : `${directory}${sep}`;
+  return pathValue.startsWith(prefix);
+}
+
+function parseSkillEntries(sectionBody: string): ParsedSkillPromptEntry[] {
+  const entries: ParsedSkillPromptEntry[] = [];
+  const skillBlockRegex = new RegExp(SKILL_BLOCK_PATTERN, "g");
+
+  for (const match of sectionBody.matchAll(skillBlockRegex)) {
+    const block = match[1];
+    const nameMatch = block.match(SKILL_NAME_REGEX);
+    const descriptionMatch = block.match(SKILL_DESCRIPTION_REGEX);
+    const locationMatch = block.match(SKILL_LOCATION_REGEX);
+
+    if (!nameMatch || !descriptionMatch || !locationMatch) {
+      continue;
+    }
+
+    const name = decodeXml(nameMatch[1].trim());
+    const description = decodeXml(descriptionMatch[1].trim());
+    const location = decodeXml(locationMatch[1].trim());
+
+    if (!name || !location) {
+      continue;
+    }
+
+    entries.push({ name, description, location });
+  }
+
+  return entries;
+}
+
+export function parseSkillPromptSection(
+  prompt: string,
+): SkillPromptSection | null {
+  const start = prompt.indexOf(AVAILABLE_SKILLS_OPEN_TAG);
+  if (start === -1) {
+    return null;
+  }
+
+  const closeStart = prompt.indexOf(
+    AVAILABLE_SKILLS_CLOSE_TAG,
+    start + AVAILABLE_SKILLS_OPEN_TAG.length,
+  );
+  if (closeStart === -1) {
+    return null;
+  }
+
+  const end = closeStart + AVAILABLE_SKILLS_CLOSE_TAG.length;
+  const sectionBody = prompt.slice(
+    start + AVAILABLE_SKILLS_OPEN_TAG.length,
+    closeStart,
+  );
+
+  return {
+    start,
+    end,
+    entries: parseSkillEntries(sectionBody),
+  };
+}
+
+export function parseAllSkillPromptSections(
+  prompt: string,
+): SkillPromptSection[] {
+  const sections: SkillPromptSection[] = [];
+  let searchStart = 0;
+
+  while (searchStart < prompt.length) {
+    const start = prompt.indexOf(AVAILABLE_SKILLS_OPEN_TAG, searchStart);
+    if (start === -1) {
+      break;
+    }
+
+    const closeStart = prompt.indexOf(
+      AVAILABLE_SKILLS_CLOSE_TAG,
+      start + AVAILABLE_SKILLS_OPEN_TAG.length,
+    );
+    if (closeStart === -1) {
+      break;
+    }
+
+    const end = closeStart + AVAILABLE_SKILLS_CLOSE_TAG.length;
+    const sectionBody = prompt.slice(
+      start + AVAILABLE_SKILLS_OPEN_TAG.length,
+      closeStart,
+    );
+    sections.push({
+      start,
+      end,
+      entries: parseSkillEntries(sectionBody),
+    });
+    searchStart = end;
+  }
+
+  return sections;
+}
+
+function resolvePermissionState(
+  skillName: string,
+  permissionManager: PermissionManager,
+  agentName: string | null,
+  cache: Map<string, PermissionState>,
+): PermissionState {
+  const cachedState = cache.get(skillName);
+  if (cachedState) {
+    return cachedState;
+  }
+
+  const state = permissionManager.checkPermission(
+    "skill",
+    { name: skillName },
+    agentName ?? undefined,
+  ).state;
+  cache.set(skillName, state);
+  return state;
+}
+
+function createResolvedSkillEntry(
+  entry: ParsedSkillPromptEntry,
+  state: PermissionState,
+  cwd: string,
+): SkillPromptEntry {
+  return {
+    name: entry.name,
+    description: entry.description,
+    location: entry.location,
+    state,
+    normalizedLocation: normalizePathForComparison(entry.location, cwd),
+    normalizedBaseDir: normalizePathForComparison(dirname(entry.location), cwd),
+  };
+}
+
+function renderAvailableSkillsSection(
+  entries: readonly SkillPromptEntry[],
+): string {
+  return [
+    AVAILABLE_SKILLS_OPEN_TAG,
+    ...entries.flatMap((entry) => [
+      "  <skill>",
+      `    <name>${encodeXml(entry.name)}</name>`,
+      `    <description>${encodeXml(entry.description)}</description>`,
+      `    <location>${encodeXml(entry.location)}</location>`,
+      "  </skill>",
+    ]),
+    AVAILABLE_SKILLS_CLOSE_TAG,
+  ].join("\n");
+}
+
+function removePromptRange(prompt: string, start: number, end: number): string {
+  const beforeSection = prompt.slice(0, start).replace(/\n+$/, "");
+  const afterSection = prompt.slice(end);
+  return `${beforeSection}${afterSection}`;
+}
+
+export function resolveSkillPromptEntries(
+  prompt: string,
+  permissionManager: PermissionManager,
+  agentName: string | null,
+  cwd: string,
+): { prompt: string; entries: SkillPromptEntry[] } {
+  const sections = parseAllSkillPromptSections(prompt);
+  if (sections.length === 0) {
+    return { prompt, entries: [] };
+  }
+
+  const permissionCache = new Map<string, PermissionState>();
+  const visibleEntries: SkillPromptEntry[] = [];
+  const replacements: Array<{ start: number; end: number; content: string }> =
+    [];
+
+  for (const section of sections) {
+    const resolvedEntries = section.entries.map((entry) => {
+      const state = resolvePermissionState(
+        entry.name,
+        permissionManager,
+        agentName,
+        permissionCache,
+      );
+      return createResolvedSkillEntry(entry, state, cwd);
+    });
+
+    const visibleSectionEntries = resolvedEntries.filter(
+      (entry) => entry.state !== "deny",
+    );
+    visibleEntries.push(...visibleSectionEntries);
+
+    if (visibleSectionEntries.length === resolvedEntries.length) {
+      continue;
+    }
+
+    replacements.push({
+      start: section.start,
+      end: section.end,
+      content:
+        visibleSectionEntries.length > 0
+          ? renderAvailableSkillsSection(visibleSectionEntries)
+          : "",
+    });
+  }
+
+  if (replacements.length === 0) {
+    return { prompt, entries: visibleEntries };
+  }
+
+  let sanitizedPrompt = prompt;
+  for (let i = replacements.length - 1; i >= 0; i--) {
+    const replacement = replacements[i];
+    sanitizedPrompt =
+      replacement.content.length > 0
+        ? `${sanitizedPrompt.slice(0, replacement.start)}${replacement.content}${sanitizedPrompt.slice(replacement.end)}`
+        : removePromptRange(
+            sanitizedPrompt,
+            replacement.start,
+            replacement.end,
+          );
+  }
+
+  return {
+    prompt: sanitizedPrompt,
+    entries: visibleEntries,
+  };
+}
+
+export function findSkillPathMatch(
+  normalizedPath: string,
+  entries: readonly SkillPromptEntry[],
+): SkillPromptEntry | null {
+  if (!normalizedPath || entries.length === 0) {
+    return null;
+  }
+
+  for (const entry of entries) {
+    if (
+      entry.normalizedLocation &&
+      normalizedPath === entry.normalizedLocation
+    ) {
+      return entry;
+    }
+  }
+
+  let bestMatch: SkillPromptEntry | null = null;
+  for (const entry of entries) {
+    if (
+      !entry.normalizedBaseDir ||
+      !isPathWithinDirectory(normalizedPath, entry.normalizedBaseDir)
+    ) {
+      continue;
+    }
+
+    if (
+      !bestMatch ||
+      entry.normalizedBaseDir.length > bestMatch.normalizedBaseDir.length
+    ) {
+      bestMatch = entry;
+    }
+  }
+
+  return bestMatch;
+}

package/src/status.ts

@@ -0,0 +1,35 @@
+import type {
+  ExtensionCommandContext,
+  ExtensionContext,
+} from "@mariozechner/pi-coding-agent";
+
+import {
+  EXTENSION_ID,
+  type PermissionSystemExtensionConfig,
+} from "./extension-config.js";
+import { isYoloModeEnabled } from "./yolo-mode.js";
+
+export const PERMISSION_SYSTEM_STATUS_KEY = EXTENSION_ID;
+export const PERMISSION_SYSTEM_YOLO_STATUS_VALUE = "yolo";
+
+type PermissionStatusContext =
+  | Pick<ExtensionContext, "hasUI" | "ui">
+  | Pick<ExtensionCommandContext, "ui">;
+
+export function getPermissionSystemStatus(
+  config: PermissionSystemExtensionConfig,
+): string | undefined {
+  return isYoloModeEnabled(config)
+    ? PERMISSION_SYSTEM_YOLO_STATUS_VALUE
+    : undefined;
+}
+
+export function syncPermissionSystemStatus(
+  ctx: PermissionStatusContext,
+  config: PermissionSystemExtensionConfig,
+): void {
+  ctx.ui.setStatus(
+    PERMISSION_SYSTEM_STATUS_KEY,
+    getPermissionSystemStatus(config),
+  );
+}

package/src/system-prompt-sanitizer.ts

@@ -0,0 +1,210 @@
+export interface SanitizeSystemPromptResult {
+  prompt: string;
+  removed: boolean;
+}
+
+type LineSection = {
+  start: number;
+  end: number;
+};
+
+type GuidelineRule = {
+  matches: (guideline: string) => boolean;
+  shouldKeep: (allowedTools: ReadonlySet<string>) => boolean;
+};
+
+const AVAILABLE_TOOLS_SECTION_HEADER = "Available tools:";
+const GUIDELINES_SECTION_HEADER = "Guidelines:";
+
+const TOOL_GUIDELINE_RULES: readonly GuidelineRule[] = [
+  {
+    matches: (guideline) =>
+      guideline === "use bash for file operations like ls, rg, find",
+    shouldKeep: (allowedTools) => allowedTools.has("bash"),
+  },
+  {
+    matches: (guideline) =>
+      guideline ===
+      "prefer grep/find/ls tools over bash for file exploration (faster, respects .gitignore)",
+    shouldKeep: (allowedTools) =>
+      allowedTools.has("bash") &&
+      (allowedTools.has("grep") ||
+        allowedTools.has("find") ||
+        allowedTools.has("ls")),
+  },
+  {
+    matches: (guideline) =>
+      guideline ===
+        "use read to examine files before editing. you must use this tool instead of cat or sed." ||
+      guideline === "use read to examine files instead of cat or sed.",
+    shouldKeep: (allowedTools) => allowedTools.has("read"),
+  },
+  {
+    matches: (guideline) =>
+      guideline ===
+      "use edit for precise changes (old text must match exactly)",
+    shouldKeep: (allowedTools) => allowedTools.has("edit"),
+  },
+  {
+    matches: (guideline) =>
+      guideline === "use write only for new files or complete rewrites",
+    shouldKeep: (allowedTools) => allowedTools.has("write"),
+  },
+  {
+    matches: (guideline) =>
+      guideline ===
+      "when summarizing your actions, output plain text directly - do not use cat or bash to display what you did",
+    shouldKeep: (allowedTools) =>
+      allowedTools.has("edit") || allowedTools.has("write"),
+  },
+  {
+    matches: (guideline) =>
+      guideline ===
+      "use task when work should be delegated to one or more specialized agents instead of handled entirely in the current session.",
+    shouldKeep: (allowedTools) => allowedTools.has("task"),
+  },
+  {
+    matches: (guideline) =>
+      guideline ===
+      "use mcp for mcp discovery first: search by capability, describe one exact tool name, then call it.",
+    shouldKeep: (allowedTools) => allowedTools.has("mcp"),
+  },
+];
+
+function normalizePrompt(prompt: string): string {
+  return (prompt || "").replace(/\r\n/g, "\n");
+}
+
+function collapseExtraBlankLines(text: string): string {
+  return text.replace(/\n{3,}/g, "\n\n").trimEnd();
+}
+
+function normalizeGuidelineText(line: string): string {
+  return line
+    .trim()
+    .replace(/^[-*]\s+/, "")
+    .replace(/\s+/g, " ")
+    .toLowerCase();
+}
+
+function isTopLevelSectionHeader(line: string): boolean {
+  const trimmed = line.trim();
+  return (
+    trimmed.length > 0 && trimmed.endsWith(":") && !trimmed.startsWith("-")
+  );
+}
+
+function findSection(
+  lines: readonly string[],
+  header: string,
+): LineSection | null {
+  const start = lines.findIndex((line) => line.trim() === header);
+  if (start === -1) {
+    return null;
+  }
+
+  let end = lines.length;
+  for (let index = start + 1; index < lines.length; index += 1) {
+    if (isTopLevelSectionHeader(lines[index])) {
+      end = index;
+      break;
+    }
+  }
+
+  return { start, end };
+}
+
+function removeLineSection(
+  lines: readonly string[],
+  section: LineSection | null,
+): { lines: string[]; removed: boolean } {
+  if (!section) {
+    return { lines: [...lines], removed: false };
+  }
+
+  return {
+    lines: [...lines.slice(0, section.start), ...lines.slice(section.end)],
+    removed: true,
+  };
+}
+
+function shouldKeepGuideline(
+  line: string,
+  allowedTools: ReadonlySet<string>,
+): boolean {
+  const normalized = normalizeGuidelineText(line);
+
+  for (const rule of TOOL_GUIDELINE_RULES) {
+    if (rule.matches(normalized)) {
+      return rule.shouldKeep(allowedTools);
+    }
+  }
+
+  return true;
+}
+
+function sanitizeGuidelinesSection(
+  lines: readonly string[],
+  allowedTools: ReadonlySet<string>,
+): { lines: string[]; removed: boolean } {
+  const section = findSection(lines, GUIDELINES_SECTION_HEADER);
+  if (!section) {
+    return { lines: [...lines], removed: false };
+  }
+
+  const before = lines.slice(0, section.start + 1);
+  const after = lines.slice(section.end);
+  const body = lines.slice(section.start + 1, section.end);
+  const filteredBody = body.filter((line) => {
+    const trimmed = line.trim();
+    if (!trimmed.startsWith("- ")) {
+      return true;
+    }
+
+    return shouldKeepGuideline(line, allowedTools);
+  });
+
+  const removed = filteredBody.length !== body.length;
+  if (!removed) {
+    return { lines: [...lines], removed: false };
+  }
+
+  const hasBullet = filteredBody.some((line) => line.trim().startsWith("- "));
+  if (!hasBullet) {
+    return {
+      lines: [...lines.slice(0, section.start), ...after],
+      removed: true,
+    };
+  }
+
+  return {
+    lines: [...before, ...filteredBody, ...after],
+    removed: true,
+  };
+}
+
+export function sanitizeAvailableToolsSection(
+  systemPrompt: string,
+  allowedToolNames: readonly string[],
+): SanitizeSystemPromptResult {
+  const allowedTools = new Set(
+    allowedToolNames.map((toolName) => toolName.trim()).filter(Boolean),
+  );
+  const normalizedLines = normalizePrompt(systemPrompt).split("\n");
+  const removedToolsSection = removeLineSection(
+    normalizedLines,
+    findSection(normalizedLines, AVAILABLE_TOOLS_SECTION_HEADER),
+  );
+  const sanitizedGuidelines = sanitizeGuidelinesSection(
+    removedToolsSection.lines,
+    allowedTools,
+  );
+  const removed = removedToolsSection.removed || sanitizedGuidelines.removed;
+
+  return {
+    prompt: removed
+      ? collapseExtraBlankLines(sanitizedGuidelines.lines.join("\n"))
+      : systemPrompt,
+    removed,
+  };
+}