@preapexis/pi-kit 1.1.2 → 1.2.0

package/extensions/litellm-provider.ts

@@ -3,29 +3,21 @@ import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
 
 type LiteLlmModelInfo = {
   model_name?: string;
-  litellm_params?: {
-    model?: string;
-  };
   model_info?: {
     id?: string;
     name?: string;
     display_name?: string;
-    description?: string;
     max_tokens?: number;
     max_input_tokens?: number;
     context_window?: number;
     input_cost_per_token?: number;
     output_cost_per_token?: number;
     supports_vision?: boolean;
-    supports_function_calling?: boolean;
-    mode?: string;
   };
 };
 
 type OpenAiModel = {
   id?: string;
-  object?: string;
-  owned_by?: string;
 };
 
 type ModelPayload = {
@@ -45,10 +37,6 @@ type PiModel = {
   };
   contextWindow: number;
   maxTokens: number;
-  compat?: {
-    supportsDeveloperRole?: boolean;
-    supportsReasoningEffort?: boolean;
-  };
 };
 
 const PROVIDER_ID = "litellm";
@@ -59,9 +47,13 @@ export default async function (pi: ExtensionAPI): Promise<void> {
     process.env.LITELLM_BASE_URL ?? DEFAULT_BASE_URL
   );
 
-  async function registerLiteLlmProvider(): Promise<void> {
+  async function registerLiteLlmProvider(): Promise<number> {
     const models = await discoverModels(baseUrl);
 
+    if (models.length === 0) {
+      return 0;
+    }
+
     pi.registerProvider(PROVIDER_ID, {
       name: "LiteLLM",
       baseUrl,
@@ -69,20 +61,54 @@ export default async function (pi: ExtensionAPI): Promise<void> {
       api: "openai-completions",
       models
     });
+
+    return models.length;
   }
 
-  await registerLiteLlmProvider();
+  try {
+    const count = await registerLiteLlmProvider();
+
+    if (count > 0) {
+      console.log(`[litellm] Registered ${count} models from ${baseUrl}`);
+    } else {
+      console.log("[litellm] No models found. Provider was not registered.");
+    }
+  } catch (error) {
+    console.log(
+      [
+        "[litellm] Provider skipped.",
+        error instanceof Error ? error.message : String(error),
+        "Start LiteLLM and run /litellm-refresh."
+      ].join("\n")
+    );
+  }
 
   pi.registerCommand("litellm-refresh", {
     description: "Refresh LiteLLM models from the LiteLLM proxy",
     handler: async (_args, ctx) => {
       try {
-        await registerLiteLlmProvider();
+        const count = await registerLiteLlmProvider();
+
+        if (count === 0) {
+          ctx.ui.notify(
+            [
+              "LiteLLM refresh finished, but no models were found.",
+              "",
+              `Base URL: ${baseUrl}`,
+              "",
+              "Make sure LiteLLM is running."
+            ].join("\n"),
+            "warning"
+          );
+
+          return;
+        }
 
         ctx.ui.notify(
           [
             "LiteLLM models refreshed.",
             "",
+            `Models found: ${count}`,
             `Base URL: ${baseUrl}`,
             "",
             "Run /model to select a LiteLLM model."
@@ -129,26 +155,11 @@ async function discoverModels(baseUrl: string): Promise<PiModel[]> {
         return models;
       }
     } catch {
-      // Try the next endpoint.
+      // Try next endpoint.
     }
   }
 
-  const fallbackModels = getFallbackModels();
-
-  if (fallbackModels.length > 0) {
-    return fallbackModels;
-  }
-
-  throw new Error(
-    [
-      "Could not discover LiteLLM models.",
-      "",
-      `Tried: ${endpoints.join(", ")}`,
-      "",
-      "Make sure LiteLLM is running and set LITELLM_API_KEY if your proxy requires auth.",
-      "You can also set LITELLM_MODELS as a comma-separated fallback."
-    ].join("\n")
-  );
+  return getFallbackModels();
 }
 
 async function fetchModelPayload(url: string): Promise<ModelPayload> {
@@ -228,11 +239,7 @@ function modelFromPayloadItem(
       cacheWrite: 0
     },
     contextWindow,
-    maxTokens,
-    compat: {
-      supportsDeveloperRole: false,
-      supportsReasoningEffort: false
-    }
+    maxTokens
   };
 }
 
@@ -293,10 +300,6 @@ function getFallbackModels(): PiModel[] {
         cacheWrite: 0
       },
       contextWindow: 128000,
-      maxTokens: 4096,
-      compat: {
-        supportsDeveloperRole: false,
-        supportsReasoningEffort: false
-      }
+      maxTokens: 4096
     }));
 }

package/extensions/workspace-guard.ts

@@ -0,0 +1,234 @@
+import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
+import * as path from "node:path";
+
+type EventContext = Parameters<Parameters<ExtensionAPI["on"]>[1]>[1];
+
+type ToolDecision =
+  | {
+      block: true;
+      reason: string;
+    }
+  | undefined;
+
+type InputRecord = Record<string, unknown>;
+
+const STATUS_KEY = "workspace-guard";
+
+export default function (pi: ExtensionAPI): void {
+  let workspaceRoot: string | null = null;
+
+  function normalize(filePath: string): string {
+    return path.resolve(filePath);
+  }
+
+  function isInsideWorkspace(targetPath: string): boolean {
+    if (!workspaceRoot) return true;
+
+    const root = normalize(workspaceRoot);
+    const target = normalize(targetPath);
+
+    return target === root || target.startsWith(root + path.sep);
+  }
+
+  function inputRecord(input: unknown): InputRecord {
+    if (input && typeof input === "object") {
+      return input as InputRecord;
+    }
+
+    return {};
+  }
+
+  function getPathValue(input: InputRecord): string | undefined {
+    const keys = [
+      "path",
+      "filePath",
+      "filepath",
+      "dir",
+      "directory",
+      "cwd",
+      "root"
+    ];
+
+    for (const key of keys) {
+      const value = input[key];
+
+      if (typeof value === "string" && value.trim()) {
+        return value;
+      }
+    }
+
+    return undefined;
+  }
+
+  function resolveFromWorkspaceOrCwd(ctx: EventContext, value: string): string {
+    if (path.isAbsolute(value)) {
+      return normalize(value);
+    }
+
+    return normalize(path.join(ctx.cwd, value));
+  }
+
+  function commandLooksOutside(command: string): boolean {
+    const patterns = [
+      /\bcd\s+\.\./i,
+      /\bcd\s+["']?\//i,
+      /\bcd\s+["']?[a-zA-Z]:\\/i,
+      /\bpushd\s+\.\./i,
+      /\bpushd\s+["']?\//i,
+      /\bpushd\s+["']?[a-zA-Z]:\\/i,
+      /\bgit\s+-C\s+\.\./i,
+      /\bnpm\s+--prefix\s+\.\./i,
+      /\bpnpm\s+-C\s+\.\./i,
+      /\byarn\s+--cwd\s+\.\./i,
+      /\bSet-Location\s+\.\./i,
+      /\bsl\s+\.\./i
+    ];
+
+    return patterns.some((pattern) => pattern.test(command));
+  }
+
+  async function confirmOutsideAccess(
+    ctx: EventContext,
+    action: string,
+    targetPath: string
+  ): Promise<ToolDecision> {
+    if (!workspaceRoot) return undefined;
+
+    if (isInsideWorkspace(targetPath)) {
+      return undefined;
+    }
+
+    const message = [
+      `Workspace guard blocked outside-${action} access.`,
+      "",
+      `Workspace root: ${workspaceRoot}`,
+      `Requested path: ${targetPath}`,
+      "",
+      "Allow this one time?"
+    ].join("\n");
+
+    if (!ctx.hasUI) {
+      return {
+        block: true,
+        reason: `Outside workspace ${action} blocked: ${targetPath}`
+      };
+    }
+
+    const ok = await ctx.ui.confirm("Outside workspace access", message);
+
+    if (!ok) {
+      return {
+        block: true,
+        reason: `Outside workspace ${action} cancelled by user.`
+      };
+    }
+
+    return undefined;
+  }
+
+  pi.on("session_start", async (_event, ctx) => {
+    workspaceRoot = normalize(ctx.cwd);
+
+    if (ctx.hasUI) {
+      ctx.ui.setStatus(STATUS_KEY, "workspace: locked");
+    }
+  });
+
+  pi.on("before_agent_start", async (event) => {
+    return {
+      systemPrompt:
+        event.systemPrompt +
+        `
+
+Workspace boundary rules:
+- Treat the current working directory as the workspace root.
+- Do not read, search, edit, write, delete, or inspect files outside the current workspace unless the user explicitly asks.
+- Before using any path outside the workspace, ask the user for permission.
+- Prefer relative paths inside the current repository.
+- Do not run commands that cd, pushd, Set-Location, or otherwise move outside the workspace unless explicitly requested.
+- If outside-workspace context seems useful, ask first instead of checking it silently.
+`
+    };
+  });
+
+  pi.on("tool_call", async (event, ctx) => {
+    if (!workspaceRoot) {
+      workspaceRoot = normalize(ctx.cwd);
+    }
+
+    const input = inputRecord(event.input);
+
+    if (
+      event.toolName === "read" ||
+      event.toolName === "write" ||
+      event.toolName === "edit" ||
+      event.toolName === "ls" ||
+      event.toolName === "grep" ||
+      event.toolName === "find"
+    ) {
+      const rawPath = getPathValue(input);
+
+      if (rawPath) {
+        const targetPath = resolveFromWorkspaceOrCwd(ctx, rawPath);
+
+        return await confirmOutsideAccess(ctx, event.toolName, targetPath);
+      }
+    }
+
+    if (event.toolName === "bash") {
+      const command = String(input.command ?? "");
+
+      const rawCwd = typeof input.cwd === "string" ? input.cwd : undefined;
+
+      if (rawCwd) {
+        const targetCwd = resolveFromWorkspaceOrCwd(ctx, rawCwd);
+        const decision = await confirmOutsideAccess(ctx, "command", targetCwd);
+
+        if (decision) return decision;
+      }
+
+      if (commandLooksOutside(command)) {
+        if (!ctx.hasUI) {
+          return {
+            block: true,
+            reason: "Command that may leave the workspace was blocked."
+          };
+        }
+
+        const ok = await ctx.ui.confirm(
+          "Command may leave workspace",
+          [
+            "This command appears to move outside the current workspace.",
+            "",
+            `Workspace root: ${workspaceRoot}`,
+            "",
+            command,
+            "",
+            "Allow this one time?"
+          ].join("\n")
+        );
+
+        if (!ok) {
+          return {
+            block: true,
+            reason: "Outside-workspace command cancelled by user."
+          };
+        }
+      }
+    }
+
+    return undefined;
+  });
+
+  pi.registerCommand("workspace-root", {
+    description: "Show the current locked workspace root",
+    handler: async (_args, ctx) => {
+      if (!ctx.hasUI) return;
+
+      ctx.ui.notify(
+        `Workspace root:\n\n${workspaceRoot ?? normalize(ctx.cwd)}`,
+        "info"
+      );
+    }
+  });
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@preapexis/pi-kit",
-  "version": "1.1.2",
+  "version": "1.2.0",
   "description": "Personal Pi coding-agent kit with safety extensions, status UI, prompt workflows, skills, and themes.",
   "keywords": [
     "pi-package",

package/themes/latte-review.json

@@ -29,7 +29,7 @@
     "thinkingText": "muted",
 
     "selectedBg": "panel2",
-    "userMessageBg": "panel",
+    "userMessageBg": "panel2",
     "userMessageText": "",
     "customMessageBg": "#e0f2fe",
     "customMessageText": "",

package/themes/neon-guardian.json

@@ -29,7 +29,7 @@
     "thinkingText": "muted",
 
     "selectedBg": "panel2",
-    "userMessageBg": "panel",
+    "userMessageBg": "#1e293b",
     "userMessageText": "",
     "customMessageBg": "#0e7490",
     "customMessageText": "",

package/themes/safe-dark.json

@@ -27,7 +27,7 @@
     "thinkingText": "muted",
 
     "selectedBg": "panel",
-    "userMessageBg": "panel",
+    "userMessageBg": "soft",
     "userMessageText": "",
     "customMessageBg": "panel",
     "customMessageText": "",

package/themes/tokyo-midnight.json

@@ -29,7 +29,7 @@
     "thinkingText": "muted",
 
     "selectedBg": "panel2",
-    "userMessageBg": "panel",
+    "userMessageBg": "panel2",
     "userMessageText": "",
     "customMessageBg": "panel",
     "customMessageText": "",