@xynogen/pix-gate 0.1.0 → 0.1.2

package/README.md

@@ -0,0 +1,52 @@
+# pix-gate
+
+Pi extension — permission gate for dangerous bash commands.
+
+## What it does
+
+Intercepts every `bash` tool call and classifies the command against a set of severity rules before it runs. Three tiers apply: `critical` commands are blocked outright in non-interactive mode and hard-denied via dialog in TUI mode; `dangerous` commands (including any `sudo` invocation, which is redirected to `sudo_run`) show a 30-second auto-deny confirmation dialog; `risky` commands show a 60-second allow-first dialog and silently pass in non-interactive mode. Auto-approve patterns and extra rules can be configured in `~/.pi/agent/pix-gate.json`. Built-in rules can be replaced entirely by setting `disableDefaults: true` in the config file.
+
+## Install
+
+```bash
+pi install npm:@xynogen/pix-gate
+```
+
+## Reusable exports
+
+The gate is split into a pure rule engine and the interactive prompt, so the
+classification logic can be reused without the TUI:
+
+- `@xynogen/pix-gate/lib` — pure rules: `DEFAULT_RULES`, `buildRules`,
+  `classify`, `loadUserConfig`, `isSudoCommand`. No Pi/TUI dependency.
+- `@xynogen/pix-gate/prompt` — `promptGateDecision()`, the confirm/deny dialog
+  (depends on `pi-tui`).
+
+`pix-skills` imports `./lib` to gate skill `` !`cmd` `` directives with the same
+rules as the bash tool (auto-deny on match, no prompt).
+
+## Configuration
+
+`~/.pi/agent/pix-gate.json`:
+
+```json
+{
+  "disableDefaults": false,
+  "extraRules": [
+    { "pattern": "rm -rf /my-dir", "severity": "critical", "reason": "Deletes project root" }
+  ],
+  "autoApprove": ["^echo "]
+}
+```
+
+## Full distro
+
+To install the complete pix suite (all packages + Pi itself):
+
+```bash
+curl -fsSL https://raw.githubusercontent.com/xynogen/pix-mono/main/scripts/install.sh | sh
+```
+
+## License
+
+MIT

package/package.json

@@ -1,9 +1,15 @@
 {
 	"name": "@xynogen/pix-gate",
-	"version": "0.1.0",
+	"version": "0.1.2",
 	"description": "Pi extension — permission gate for dangerous bash commands (confirm/block with TUI dialog)",
 	"type": "module",
 	"main": "src/index.ts",
+	"exports": {
+		".": "./src/index.ts",
+		"./lib": "./src/lib.ts",
+		"./prompt": "./src/prompt.ts",
+		"./src/*": "./src/*"
+	},
 	"scripts": {
 		"test": "bun test"
 	},

package/src/index.ts

@@ -16,9 +16,8 @@
  */
 
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
-import { DynamicBorder } from "@earendil-works/pi-coding-agent";
-import { Box, type SelectItem, SelectList, Text } from "@earendil-works/pi-tui";
 import { buildRules, classify, isSudoCommand, loadUserConfig } from "./lib.ts";
+import { promptGateDecision, SEVERITY_ICON } from "./prompt.ts";
 
 export default function (pi: ExtensionAPI): void {
 	const { rules, autoApprove } = buildRules(loadUserConfig());
@@ -49,12 +48,7 @@ export default function (pi: ExtensionAPI): void {
 			};
 		}
 
-		const icon =
-			hit.severity === "critical"
-				? "🛑"
-				: hit.severity === "dangerous"
-					? "⚠️ "
-					: "❓";
+		const icon = SEVERITY_ICON[hit.severity];
 		const label = hit.severity.toUpperCase();
 
 		// Non-interactive: block critical + dangerous outright; allow risky silently.
@@ -74,12 +68,12 @@ export default function (pi: ExtensionAPI): void {
 			return undefined;
 		}
 
-		const timeoutMs =
-			hit.severity === "critical"
-				? 15_000
-				: hit.severity === "dangerous"
-					? 30_000
-					: 60_000;
+		const decision = await promptGateDecision(ctx.ui, hit, command);
+
+		if (!decision.approved) {
+			ctx.ui.notify(`${icon} ${decision.reason}: ${hit.reason}`, "warning");
+			return { block: true, reason: `[${label}] ${decision.reason}` };
+		}
 
 		const severityColor =
 			hit.severity === "critical"
@@ -87,133 +81,6 @@ export default function (pi: ExtensionAPI): void {
 				: hit.severity === "dangerous"
 					? "warning"
 					: "accent";
-
-		// Critical: deny-first; dangerous/risky: allow-first.
-		const choices: SelectItem[] =
-			hit.severity === "critical"
-				? [
-						{
-							value: "no",
-							label: "No, block it",
-							description: "Prevent this command from running",
-						},
-						{
-							value: "yes",
-							label: "Yes, I understand the risk",
-							description: "Allow once",
-						},
-					]
-				: [
-						{
-							value: "yes",
-							label: "Yes, allow",
-							description: "Run the command",
-						},
-						{
-							value: "no",
-							label: "No, block it",
-							description: "Prevent this command from running",
-						},
-					];
-
-		const controller = new AbortController();
-		const timeoutId = setTimeout(() => controller.abort(), timeoutMs);
-
-		const choice = await ctx.ui.custom<string | null>(
-			(tui, theme, _kb, done) => {
-				const container = new Box(0, 0, (s) => theme.bg("customMessageBg", s));
-
-				container.addChild(
-					new DynamicBorder((s: string) => theme.fg(severityColor, s)),
-				);
-
-				container.addChild(
-					new Text(
-						`${icon} ` +
-							theme.fg(severityColor, theme.bold(label)) +
-							theme.fg("muted", ` — ${hit.reason}`),
-						1,
-						0,
-					),
-				);
-
-				container.addChild(new Text(theme.fg("toolOutput", command), 2, 0));
-
-				// Live countdown
-				const deadlineMs = Date.now() + timeoutMs;
-				const countdownText = new Text("", 1, 0);
-				const updateCountdown = () => {
-					const remaining = Math.max(
-						0,
-						Math.ceil((deadlineMs - Date.now()) / 1000),
-					);
-					countdownText.setText(
-						theme.fg("dim", "Auto-deny in ") +
-							theme.fg(
-								remaining <= 5 ? severityColor : "muted",
-								`${remaining}s`,
-							),
-					);
-				};
-				updateCountdown();
-				const ticker = setInterval(() => {
-					updateCountdown();
-					tui.requestRender();
-				}, 1000);
-				container.addChild(countdownText);
-
-				const list = new SelectList(choices, choices.length, {
-					selectedPrefix: (t) => theme.fg(severityColor, t),
-					selectedText: (t) => theme.fg(severityColor, t),
-					description: (t) => theme.fg("muted", t),
-					scrollInfo: (t) => theme.fg("dim", t),
-					noMatch: (t) => theme.fg("warning", t),
-				});
-				const finish = (v: string | null) => {
-					clearInterval(ticker);
-					done(v);
-				};
-				list.onSelect = (item) => finish(item.value);
-				list.onCancel = () => finish(null);
-				container.addChild(list);
-
-				container.addChild(
-					new Text(
-						theme.fg("dim", "↑↓ navigate • enter select • esc cancel"),
-						1,
-						0,
-					),
-				);
-
-				container.addChild(
-					new DynamicBorder((s: string) => theme.fg(severityColor, s)),
-				);
-
-				controller.signal.addEventListener("abort", () => finish(null));
-
-				return {
-					render: (w: number) => container.render(w),
-					invalidate: () => container.invalidate(),
-					handleInput: (data: string) => {
-						list.handleInput(data);
-						tui.requestRender();
-					},
-				};
-			},
-			{ overlay: true },
-		);
-
-		clearTimeout(timeoutId);
-
-		const approved = choice === "yes";
-		if (!approved) {
-			const reason = controller.signal.aborted
-				? "Timed out"
-				: "Blocked by user";
-			ctx.ui.notify(`${icon} ${reason}: ${hit.reason}`, "warning");
-			return { block: true, reason: `[${label}] ${reason}` };
-		}
-
 		ctx.ui.notify(
 			`${icon} ` +
 				ctx.ui.theme.fg(

package/src/prompt.ts

@@ -0,0 +1,176 @@
+/**
+ * pix-gate — Part 2: the prompt.
+ *
+ * The interactive confirm/deny dialog, decoupled from the rule engine (lib.ts).
+ * Returns a pure decision; the caller maps it to a tool-call result and emits
+ * any notifications. This lets the rule engine be reused without the TUI dep.
+ */
+
+import type { ExtensionContext } from "@earendil-works/pi-coding-agent";
+import { DynamicBorder } from "@earendil-works/pi-coding-agent";
+import { Box, type SelectItem, SelectList, Text } from "@earendil-works/pi-tui";
+import type { Rule } from "./lib.ts";
+
+export interface GateDecision {
+	approved: boolean;
+	/** "Approved" | "Blocked by user" | "Timed out" */
+	reason: string;
+}
+
+/** The UI surface the dialog needs — the extension context's `ui`. */
+export type GatePromptUI = ExtensionContext["ui"];
+
+const TIMEOUT_MS: Record<Rule["severity"], number> = {
+	critical: 15_000,
+	dangerous: 30_000,
+	risky: 60_000,
+};
+
+const SEVERITY_COLOR = {
+	critical: "error",
+	dangerous: "warning",
+	risky: "accent",
+} as const satisfies Record<Rule["severity"], string>;
+
+const SEVERITY_ICON: Record<Rule["severity"], string> = {
+	critical: "🛑",
+	dangerous: "⚠️ ",
+	risky: "❓",
+};
+
+/**
+ * Show the confirm/deny dialog for a matched command and resolve the decision.
+ * Critical defaults to deny-first; dangerous/risky default to allow-first.
+ * Times out to a denial after a severity-scaled deadline.
+ */
+export async function promptGateDecision(
+	ui: GatePromptUI,
+	hit: Rule,
+	command: string,
+): Promise<GateDecision> {
+	const timeoutMs = TIMEOUT_MS[hit.severity];
+	const severityColor = SEVERITY_COLOR[hit.severity];
+	const icon = SEVERITY_ICON[hit.severity];
+	const label = hit.severity.toUpperCase();
+
+	const choices: SelectItem[] =
+		hit.severity === "critical"
+			? [
+					{
+						value: "no",
+						label: "No, block it",
+						description: "Prevent this command from running",
+					},
+					{
+						value: "yes",
+						label: "Yes, I understand the risk",
+						description: "Allow once",
+					},
+				]
+			: [
+					{
+						value: "yes",
+						label: "Yes, allow",
+						description: "Run the command",
+					},
+					{
+						value: "no",
+						label: "No, block it",
+						description: "Prevent this command from running",
+					},
+				];
+
+	const controller = new AbortController();
+	const timeoutId = setTimeout(() => controller.abort(), timeoutMs);
+
+	const choice = await ui.custom<string | null>(
+		(tui, theme, _kb, done) => {
+			const container = new Box(0, 0, (s) => theme.bg("customMessageBg", s));
+
+			container.addChild(
+				new DynamicBorder((s: string) => theme.fg(severityColor, s)),
+			);
+
+			container.addChild(
+				new Text(
+					`${icon} ` +
+						theme.fg(severityColor, theme.bold(label)) +
+						theme.fg("muted", ` — ${hit.reason}`),
+					1,
+					0,
+				),
+			);
+
+			container.addChild(new Text(theme.fg("toolOutput", command), 2, 0));
+
+			const deadlineMs = Date.now() + timeoutMs;
+			const countdownText = new Text("", 1, 0);
+			const updateCountdown = () => {
+				const remaining = Math.max(
+					0,
+					Math.ceil((deadlineMs - Date.now()) / 1000),
+				);
+				countdownText.setText(
+					theme.fg("dim", "Auto-deny in ") +
+						theme.fg(remaining <= 5 ? severityColor : "muted", `${remaining}s`),
+				);
+			};
+			updateCountdown();
+			const ticker = setInterval(() => {
+				updateCountdown();
+				tui.requestRender();
+			}, 1000);
+			container.addChild(countdownText);
+
+			const list = new SelectList(choices, choices.length, {
+				selectedPrefix: (t) => theme.fg(severityColor, t),
+				selectedText: (t) => theme.fg(severityColor, t),
+				description: (t) => theme.fg("muted", t),
+				scrollInfo: (t) => theme.fg("dim", t),
+				noMatch: (t) => theme.fg("warning", t),
+			});
+			const finish = (v: string | null) => {
+				clearInterval(ticker);
+				done(v);
+			};
+			list.onSelect = (item) => finish(item.value);
+			list.onCancel = () => finish(null);
+			container.addChild(list);
+
+			container.addChild(
+				new Text(
+					theme.fg("dim", "↑↓ navigate • enter select • esc cancel"),
+					1,
+					0,
+				),
+			);
+
+			container.addChild(
+				new DynamicBorder((s: string) => theme.fg(severityColor, s)),
+			);
+
+			controller.signal.addEventListener("abort", () => finish(null));
+
+			return {
+				render: (w: number) => container.render(w),
+				invalidate: () => container.invalidate(),
+				handleInput: (data: string) => {
+					list.handleInput(data);
+					tui.requestRender();
+				},
+			};
+		},
+		{ overlay: true },
+	);
+
+	clearTimeout(timeoutId);
+
+	const approved = choice === "yes";
+	if (approved) return { approved: true, reason: "Approved" };
+	return {
+		approved: false,
+		reason: controller.signal.aborted ? "Timed out" : "Blocked by user",
+	};
+}
+
+export { SEVERITY_ICON };