@ssweens/pi-huddle 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -0
- package/extensions/index.ts +1 -1
- package/extensions/lib/utils.ts +20 -1
- package/package.json +1 -1
- package/skills/huddle/SKILL.md +1 -1
package/README.md
CHANGED
|
@@ -188,6 +188,8 @@ Enter to select · Tab/↑↓ to navigate · Esc to cancel
|
|
|
188
188
|
`cat`, `head`, `tail`, `grep`, `find`, `rg`, `fd`, `ls`, `pwd`, `tree`,
|
|
189
189
|
`git status`, `git log`, `git diff`, `git branch`, `npm list`, `curl`, `jq`
|
|
190
190
|
|
|
191
|
+
Benign output redirections like `2>/dev/null` and `2>&1` are also allowed.
|
|
192
|
+
|
|
191
193
|
### Blocked Bash Commands (Prompt Required)
|
|
192
194
|
|
|
193
195
|
`rm`, `mv`, `cp`, `mkdir`, `touch`, `git add`, `git commit`, `git push`,
|
package/extensions/index.ts
CHANGED
|
@@ -52,7 +52,7 @@ export default function huddleExtension(pi: ExtensionAPI): void {
|
|
|
52
52
|
|
|
53
53
|
if (huddleEnabled) {
|
|
54
54
|
pi.setActiveTools(HUDDLE_MODE_TOOLS);
|
|
55
|
-
ctx.ui.notify(`Huddle mode enabled. Tools: ${HUDDLE_MODE_TOOLS.join(", ")}. Safe: cd, rg, fd, cat, git status/log/diff`);
|
|
55
|
+
ctx.ui.notify(`Huddle mode enabled. Tools: ${HUDDLE_MODE_TOOLS.join(", ")}. Safe: cd, rg, fd, head, tail, cat, grep, find, git status/log/diff`);
|
|
56
56
|
} else {
|
|
57
57
|
pi.setActiveTools(NORMAL_MODE_TOOLS);
|
|
58
58
|
ctx.ui.notify("Huddle mode disabled. Full access restored.");
|
package/extensions/lib/utils.ts
CHANGED
|
@@ -95,6 +95,22 @@ const SAFE_PATTERNS = [
|
|
|
95
95
|
/^\s*exa\b/,
|
|
96
96
|
];
|
|
97
97
|
|
|
98
|
+
// Redirections that are safe in read-only huddle mode (suppress output only)
|
|
99
|
+
const SAFE_REDIRECTION_PATTERNS = [
|
|
100
|
+
/\b\d*>\s*\/dev\/null\b/g,
|
|
101
|
+
/\b\d*>>\s*\/dev\/null\b/g,
|
|
102
|
+
/\b\d*>\s*&\d+\b/g,
|
|
103
|
+
/\b\d*>>\s*&\d+\b/g,
|
|
104
|
+
];
|
|
105
|
+
|
|
106
|
+
function stripSafeRedirections(command: string): string {
|
|
107
|
+
let sanitized = command;
|
|
108
|
+
for (const pattern of SAFE_REDIRECTION_PATTERNS) {
|
|
109
|
+
sanitized = sanitized.replace(pattern, "");
|
|
110
|
+
}
|
|
111
|
+
return sanitized;
|
|
112
|
+
}
|
|
113
|
+
|
|
98
114
|
/**
|
|
99
115
|
* Split command into parts respecting quoted strings.
|
|
100
116
|
* Handles: &&, ;, | (but not inside quotes)
|
|
@@ -146,8 +162,11 @@ function splitCommandRespectingQuotes(command: string): string[] {
|
|
|
146
162
|
}
|
|
147
163
|
|
|
148
164
|
export function isSafeCommand(command: string): boolean {
|
|
165
|
+
// Allow benign output-suppression redirections before destructive checks.
|
|
166
|
+
const commandForDestructiveCheck = stripSafeRedirections(command);
|
|
167
|
+
|
|
149
168
|
// Check for destructive patterns anywhere in the command
|
|
150
|
-
const isDestructive = DESTRUCTIVE_PATTERNS.some((p) => p.test(
|
|
169
|
+
const isDestructive = DESTRUCTIVE_PATTERNS.some((p) => p.test(commandForDestructiveCheck));
|
|
151
170
|
if (isDestructive) return false;
|
|
152
171
|
|
|
153
172
|
// Split compound commands and check each part
|
package/package.json
CHANGED
package/skills/huddle/SKILL.md
CHANGED
|
@@ -153,7 +153,7 @@ The `ask_user` tool is available in **both huddle mode and normal mode**. It pre
|
|
|
153
153
|
- Git writes: `git add`, `git commit`, `git push`
|
|
154
154
|
- Package installs: `npm install`, `yarn add`, `pip install`
|
|
155
155
|
- System: `sudo`, `kill`, `reboot`
|
|
156
|
-
- Redirections: `>`, `>>`
|
|
156
|
+
- Redirections: `>`, `>>` (except benign output suppression like `2>/dev/null` or `2>&1`)
|
|
157
157
|
|
|
158
158
|
## Tips
|
|
159
159
|
|