@melihmucuk/leash 1.0.7 → 1.0.9

package/README.md

@@ -23,6 +23,7 @@ AI agents can hallucinate dangerous commands. Leash sandboxes them:
 <img height="400" alt="image" src="https://github.com/user-attachments/assets/94f0a4e5-db6c-4b14-bddd-b8984c51ed3d" />
 
 Links:
+
 1. [Claude CLI deleted my entire home directory (Dec 8th 2025)](https://www.reddit.com/r/ClaudeAI/comments/1pgxckk/claude_cli_deleted_my_entire_home_directory_wiped/)
 2. [Google Antigravity just deleted my drive (Nov 27th 2025)](https://www.reddit.com/r/google_antigravity/comments/1p82or6/google_antigravity_just_deleted_the_contents_of/)
 
@@ -56,13 +57,13 @@ Restart your agent. Done!
 
 If you prefer manual configuration, use `leash --path <platform>` to get the path and add it to your config file.
 
-**Pi Coding Agent** - [docs](https://github.com/badlogic/pi-mono/blob/main/packages/coding-agent/docs/hooks.md)
+**Pi Coding Agent** - [docs](https://github.com/badlogic/pi-mono/blob/main/packages/coding-agent/docs/extensions.md)
 
 Add to `~/.pi/agent/settings.json`:
 
 ```json
 {
-  "hooks": ["<path from leash --path pi>"]
+  "extensions": ["<path from leash --path pi>"]
 }
 ```
 
@@ -328,7 +329,7 @@ Near-zero latency impact on your workflow:
 | Platform    | Latency per tool call | Notes                                    |
 | ----------- | --------------------- | ---------------------------------------- |
 | OpenCode    | **~20µs**             | In-process plugin, near-zero overhead    |
-| Pi          | **~20µs**             | In-process hook, near-zero overhead      |
+| Pi          | **~20µs**             | In-process extension, near-zero overhead |
 | Claude Code | **~31ms**             | External process (~30ms Node.js startup) |
 | Factory     | **~31ms**             | External process (~30ms Node.js startup) |
 

package/bin/lib.js

@@ -29,18 +29,18 @@ export const PLATFORMS = {
     configPath: ".pi/agent/settings.json",
     distPath: "pi/leash.js",
     setup: (config, leashPath) => {
-      config.hooks = config.hooks || [];
-      if (config.hooks.some((h) => h.includes("leash"))) {
+      config.extensions = config.extensions || [];
+      if (config.extensions.some((e) => e.includes("leash"))) {
         return { skipped: true };
       }
-      config.hooks.push(leashPath);
+      config.extensions.push(leashPath);
       return { skipped: false };
     },
     remove: (config) => {
-      if (!config.hooks) return false;
-      const before = config.hooks.length;
-      config.hooks = config.hooks.filter((h) => !h.includes("leash"));
-      return config.hooks.length < before;
+      if (!config.extensions) return false;
+      const before = config.extensions.length;
+      config.extensions = config.extensions.filter((e) => !e.includes("leash"));
+      return config.extensions.length < before;
     },
   },
   "claude-code": {

package/dist/claude-code/leash.js

@@ -347,7 +347,11 @@ var CommandAnalyzer = class {
             reason: `Command "${name}" targets path outside working directory: ${path}`
           };
         }
-        const result = this.checkProtectedPath(path, `Command "${name}"`, resolveBase);
+        const result = this.checkProtectedPath(
+          path,
+          `Command "${name}"`,
+          resolveBase
+        );
         if (result.blocked) return result;
       }
     }
@@ -359,7 +363,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "cp" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "cp" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     return this.checkProtectedPath(dest, 'Command "cp"', resolveBase);
@@ -371,7 +378,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "dd" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "dd" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     return this.checkProtectedPath(dest, 'Command "dd"', resolveBase);
@@ -383,7 +393,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "mv" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "mv" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     const destResult = this.checkProtectedPath(
@@ -396,7 +409,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(source, false, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "mv" targets path outside working directory: ${this.resolvePath(source, resolveBase)}`
+          reason: `Command "mv" targets path outside working directory: ${this.resolvePath(
+            source,
+            resolveBase
+          )}`
         };
       }
       const sourceResult = this.checkProtectedPath(
@@ -413,7 +429,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(path, false, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(path, resolveBase)}`
+          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(
+            path,
+            resolveBase
+          )}`
         };
       }
       const result = this.checkProtectedPath(
@@ -431,7 +450,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(path, allowDevicePaths, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(path, resolveBase)}`
+          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(
+            path,
+            resolveBase
+          )}`
         };
       }
       const result = this.checkProtectedPath(

package/dist/factory/leash.js

@@ -347,7 +347,11 @@ var CommandAnalyzer = class {
             reason: `Command "${name}" targets path outside working directory: ${path}`
           };
         }
-        const result = this.checkProtectedPath(path, `Command "${name}"`, resolveBase);
+        const result = this.checkProtectedPath(
+          path,
+          `Command "${name}"`,
+          resolveBase
+        );
         if (result.blocked) return result;
       }
     }
@@ -359,7 +363,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "cp" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "cp" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     return this.checkProtectedPath(dest, 'Command "cp"', resolveBase);
@@ -371,7 +378,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "dd" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "dd" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     return this.checkProtectedPath(dest, 'Command "dd"', resolveBase);
@@ -383,7 +393,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "mv" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "mv" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     const destResult = this.checkProtectedPath(
@@ -396,7 +409,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(source, false, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "mv" targets path outside working directory: ${this.resolvePath(source, resolveBase)}`
+          reason: `Command "mv" targets path outside working directory: ${this.resolvePath(
+            source,
+            resolveBase
+          )}`
         };
       }
       const sourceResult = this.checkProtectedPath(
@@ -413,7 +429,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(path, false, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(path, resolveBase)}`
+          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(
+            path,
+            resolveBase
+          )}`
         };
       }
       const result = this.checkProtectedPath(
@@ -431,7 +450,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(path, allowDevicePaths, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(path, resolveBase)}`
+          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(
+            path,
+            resolveBase
+          )}`
         };
       }
       const result = this.checkProtectedPath(

package/dist/opencode/leash.js

@@ -345,7 +345,11 @@ var CommandAnalyzer = class {
             reason: `Command "${name}" targets path outside working directory: ${path}`
           };
         }
-        const result = this.checkProtectedPath(path, `Command "${name}"`, resolveBase);
+        const result = this.checkProtectedPath(
+          path,
+          `Command "${name}"`,
+          resolveBase
+        );
         if (result.blocked) return result;
       }
     }
@@ -357,7 +361,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "cp" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "cp" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     return this.checkProtectedPath(dest, 'Command "cp"', resolveBase);
@@ -369,7 +376,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "dd" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "dd" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     return this.checkProtectedPath(dest, 'Command "dd"', resolveBase);
@@ -381,7 +391,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "mv" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "mv" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     const destResult = this.checkProtectedPath(
@@ -394,7 +407,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(source, false, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "mv" targets path outside working directory: ${this.resolvePath(source, resolveBase)}`
+          reason: `Command "mv" targets path outside working directory: ${this.resolvePath(
+            source,
+            resolveBase
+          )}`
         };
       }
       const sourceResult = this.checkProtectedPath(
@@ -411,7 +427,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(path, false, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(path, resolveBase)}`
+          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(
+            path,
+            resolveBase
+          )}`
         };
       }
       const result = this.checkProtectedPath(
@@ -429,7 +448,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(path, allowDevicePaths, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(path, resolveBase)}`
+          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(
+            path,
+            resolveBase
+          )}`
         };
       }
       const result = this.checkProtectedPath(

package/dist/pi/leash.js

@@ -345,7 +345,11 @@ var CommandAnalyzer = class {
             reason: `Command "${name}" targets path outside working directory: ${path}`
           };
         }
-        const result = this.checkProtectedPath(path, `Command "${name}"`, resolveBase);
+        const result = this.checkProtectedPath(
+          path,
+          `Command "${name}"`,
+          resolveBase
+        );
         if (result.blocked) return result;
       }
     }
@@ -357,7 +361,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "cp" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "cp" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     return this.checkProtectedPath(dest, 'Command "cp"', resolveBase);
@@ -369,7 +376,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "dd" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "dd" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     return this.checkProtectedPath(dest, 'Command "dd"', resolveBase);
@@ -381,7 +391,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "mv" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "mv" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     const destResult = this.checkProtectedPath(
@@ -394,7 +407,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(source, false, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "mv" targets path outside working directory: ${this.resolvePath(source, resolveBase)}`
+          reason: `Command "mv" targets path outside working directory: ${this.resolvePath(
+            source,
+            resolveBase
+          )}`
         };
       }
       const sourceResult = this.checkProtectedPath(
@@ -411,7 +427,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(path, false, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(path, resolveBase)}`
+          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(
+            path,
+            resolveBase
+          )}`
         };
       }
       const result = this.checkProtectedPath(
@@ -429,7 +448,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(path, allowDevicePaths, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(path, resolveBase)}`
+          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(
+            path,
+            resolveBase
+          )}`
         };
       }
       const result = this.checkProtectedPath(
@@ -544,17 +566,15 @@ async function checkForUpdates() {
 // packages/pi/leash.ts
 function leash_default(pi) {
   let analyzer = null;
-  pi.on("session", async (event, ctx) => {
-    if (event.reason === "start") {
-      analyzer = new CommandAnalyzer(ctx.cwd);
-      ctx.ui.notify("\u{1F512} Leash active", "info");
-      const update = await checkForUpdates();
-      if (update.hasUpdate) {
-        ctx.ui.notify(
-          `\u{1F504} Leash ${update.latestVersion} available. Run: leash --update (restart required)`,
-          "warning"
-        );
-      }
+  pi.on("session_start", async (_event, ctx) => {
+    analyzer = new CommandAnalyzer(ctx.cwd);
+    ctx.ui.notify("\u{1F512} Leash active", "info");
+    const update = await checkForUpdates();
+    if (update.hasUpdate) {
+      ctx.ui.notify(
+        `\u{1F504} Leash ${update.latestVersion} available. Run: leash --update (restart required)`,
+        "warning"
+      );
     }
   });
   pi.on("tool_call", async (event, ctx) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@melihmucuk/leash",
-  "version": "1.0.7",
+  "version": "1.0.9",
   "type": "module",
   "description": "Security guardrails for AI coding agents",
   "bin": {
@@ -49,8 +49,8 @@
     "build:factory": "esbuild packages/factory/leash.ts --bundle --outfile=dist/factory/leash.js --platform=node --format=esm"
   },
   "devDependencies": {
-    "@mariozechner/pi-coding-agent": "^0.27.2",
-    "@opencode-ai/plugin": "^1.0.191",
+    "@mariozechner/pi-coding-agent": "^0.36.0",
+    "@opencode-ai/plugin": "^1.0.224",
     "@types/node": "^22.19.3",
     "esbuild": "^0.27.2",
     "typescript": "^5.9.3"