decorated-pi 0.1.0

package/extensions/safety.ts

@@ -0,0 +1,370 @@
+/**
+ * Safety — 安全防护模块
+ *
+ * - Command Guard:   拦截危险 bash 命令与 shell 覆盖写入（枚举式）
+ * - Protected Paths: 禁止写入敏感路径
+ * - Write Guard:     覆盖非空文件前确认
+ * - Secret Redact:   API Key / Token 自动掩码
+ */
+
+import type {
+  ExtensionAPI,
+  ExtensionContext,
+  ToolResultEvent,
+} from "@earendil-works/pi-coding-agent";
+import * as fs from "node:fs";
+import { resolve } from "node:path";
+
+// ─── 危险命令枚举 ──────────────────────────────────────────────────────────
+
+const DANGEROUS_COMMANDS: [string, string[]][] = [
+  ["rm", []],
+  ["sudo", []],
+  ["svn", ["commit", "revert"]],
+  ["git", ["reset", "restore", "clean", "push", "revert"]],
+];
+
+const SAFE_REDIRECT_TARGETS = new Set([
+  "/dev/null",
+  "/dev/stdout",
+  "/dev/stderr",
+]);
+
+const SHELL_SEGMENT_BREAKS = new Set(["|", "&&", "||", ";"]);
+const SHELL_REDIRECT_OPERATORS = new Set([">", ">>", "1>", "1>>", "2>", "2>>", "&>", "&>>"]);
+
+function tokenizeShell(command: string): string[] {
+  const tokens: string[] = [];
+  let current = "";
+  let quote: "'" | '"' | null = null;
+
+  const pushCurrent = () => {
+    if (current.length > 0) {
+      tokens.push(current);
+      current = "";
+    }
+  };
+
+  for (let i = 0; i < command.length; i++) {
+    const ch = command[i]!;
+
+    if (quote) {
+      if (ch === quote) {
+        quote = null;
+      } else if (ch === "\\" && quote === '"' && i + 1 < command.length) {
+        current += command[i + 1]!;
+        i += 1;
+      } else {
+        current += ch;
+      }
+      continue;
+    }
+
+    if (ch === "'" || ch === '"') {
+      quote = ch;
+      continue;
+    }
+
+    if (/\s/.test(ch)) {
+      pushCurrent();
+      continue;
+    }
+
+    if (ch === ";") {
+      pushCurrent();
+      tokens.push(";");
+      continue;
+    }
+
+    if (ch === "|" || ch === "&") {
+      if (i + 1 < command.length && command[i + 1] === ch) {
+        pushCurrent();
+        tokens.push(ch + ch);
+        i += 1;
+        continue;
+      }
+      if (ch === "|") {
+        pushCurrent();
+        tokens.push("|");
+        continue;
+      }
+    }
+
+    if (ch === ">") {
+      let op = ">";
+      if (i + 1 < command.length && command[i + 1] === ">") {
+        op = ">>";
+        i += 1;
+      }
+      if (current === "&" || /^\d+$/.test(current)) {
+        op = current + op;
+        current = "";
+      } else {
+        pushCurrent();
+      }
+      tokens.push(op);
+      continue;
+    }
+
+    current += ch;
+  }
+
+  pushCurrent();
+  return tokens;
+}
+
+function isExistingRegularFile(target: string, cwd: string): boolean {
+  if (!target || SAFE_REDIRECT_TARGETS.has(target)) return false;
+  try {
+    return fs.statSync(resolve(cwd, target)).isFile();
+  } catch {
+    return false;
+  }
+}
+
+function collectDangerousReasons(command: string, cwd: string): string[] {
+  const tokens = tokenizeShell(command);
+  const reasons: string[] = [];
+  const seen = new Set<string>();
+
+  const addReason = (reason: string) => {
+    if (seen.has(reason)) return;
+    seen.add(reason);
+    reasons.push(reason);
+  };
+
+  for (let i = 0; i < tokens.length; i++) {
+    const token = tokens[i]!;
+    if (SHELL_SEGMENT_BREAKS.has(token)) continue;
+
+    for (const [cmd, subs] of DANGEROUS_COMMANDS) {
+      const name = token.split("/").pop() ?? token;
+      if (name !== cmd && name !== `${cmd}.exe`) continue;
+      if (subs.length === 0) {
+        addReason(`"${cmd}" is a dangerous command`);
+        break;
+      }
+      const next = tokens[i + 1];
+      if (next && subs.includes(next)) {
+        addReason(`"${cmd} ${next}" is a dangerous command`);
+        break;
+      }
+    }
+
+    if (SHELL_REDIRECT_OPERATORS.has(token)) {
+      const target = tokens[i + 1];
+      if (target && isExistingRegularFile(target, cwd)) {
+        addReason(`shell redirection would write to existing file "${target}"`);
+      }
+      continue;
+    }
+
+    const name = token.split("/").pop() ?? token;
+    if (name !== "tee" && name !== "tee.exe") continue;
+
+    for (let j = i + 1; j < tokens.length; j++) {
+      const next = tokens[j]!;
+      if (SHELL_SEGMENT_BREAKS.has(next)) break;
+      if (next === "-a" || next === "--append") continue;
+      if (next.startsWith("-")) continue;
+      if (isExistingRegularFile(next, cwd)) {
+        addReason(`"tee" would write to existing file "${next}"`);
+      }
+    }
+  }
+
+  return reasons;
+}
+
+function formatDangerousReasons(reasons: string[]): string | null {
+  if (reasons.length === 0) return null;
+  if (reasons.length === 1) return reasons[0]!;
+  return `dangerous operations detected:\n- ${reasons.join("\n- ")}`;
+}
+
+function checkDangerous(command: string, cwd: string): string | null {
+  return formatDangerousReasons(collectDangerousReasons(command, cwd));
+}
+
+// ─── Protected Paths ────────────────────────────────────────────────────────
+
+const PROTECTED_PATH_SEGMENTS = [
+  ".env", ".git/", "node_modules/", ".ssh/",
+  ".gnupg/", ".aws/", "secrets/", ".docker/",
+];
+const PROTECTED_EXTENSIONS = [".pem", ".key", ".p12", ".pfx", ".keystore"];
+const PROTECTED_FILENAMES = [
+  "id_rsa", "id_ed25519", "id_ecdsa",
+  "authorized_keys", "known_hosts",
+  ".env.local", ".env.production",
+];
+
+function checkProtectedPath(filePath: string): string | null {
+  const normalized = filePath.replace(/\\/g, "/");
+  const filename = normalized.split("/").pop() ?? "";
+  for (const seg of PROTECTED_PATH_SEGMENTS) {
+    if (normalized.includes(seg)) return `path contains "${seg}"`;
+  }
+  for (const ext of PROTECTED_EXTENSIONS) {
+    if (normalized.endsWith(ext)) return `file extension "${ext}"`;
+  }
+  for (const name of PROTECTED_FILENAMES) {
+    if (filename === name) return `protected file "${name}"`;
+  }
+  return null;
+}
+
+// ─── Secret Redact ──────────────────────────────────────────────────────────
+
+import { createEngine } from "@secretlint/node";
+
+type SecretLintEngine = Awaited<ReturnType<typeof createEngine>>;
+type ToolTextContent = Extract<NonNullable<ToolResultEvent["content"]>[number], { type: "text" }>;
+
+let engine: SecretLintEngine | null = null;
+
+function maskSecret(text: string): string {
+  if (text.length <= 8) return "********";
+  return text.slice(0, 4) + "********" + text.slice(-4);
+}
+
+async function ensureEngine(): Promise<SecretLintEngine> {
+  if (!engine) {
+    engine = await createEngine({
+      formatter: "json",
+      color: false,
+      maskSecrets: false,
+      configFileJSON: {
+        rules: [
+          { id: "@secretlint/secretlint-rule-preset-recommend" },
+          { id: "@secretlint/secretlint-rule-azure" },
+          { id: "@secretlint/secretlint-rule-secp256k1-privatekey" },
+        ],
+      },
+    });
+  }
+  return engine;
+}
+
+function extractRanges(jsonOutput: string): Array<{ start: number; end: number }> {
+  try {
+    const reports = JSON.parse(jsonOutput) as Array<{
+      messages: Array<{ range: [number, number]; ruleId: string }>;
+    }>;
+    const ranges: Array<{ start: number; end: number }> = [];
+    for (const report of reports) {
+      for (const msg of report.messages) {
+        ranges.push({ start: msg.range[0], end: msg.range[1] });
+      }
+    }
+    const unique = new Map<string, { start: number; end: number }>();
+    for (const r of ranges) unique.set(`${r.start}-${r.end}`, r);
+    return [...unique.values()].sort((a, b) => b.start - a.start);
+  } catch { return []; }
+}
+
+// ─── Setup ──────────────────────────────────────────────────────────────────
+
+export function setupSafety(pi: ExtensionAPI) {
+  // ── Command Guard + Protected Paths + Write Guard (tool_call) ─────────
+
+  pi.on("tool_call", async (event, ctx) => {
+    
+    // Gate 1: 危险命令
+    if (event.toolName === "bash") {
+      const command = (event.input as { command?: string }).command;
+      if (command) {
+        const danger = checkDangerous(command, ctx.cwd);
+        if (danger) {
+          if (!ctx.hasUI) {
+            return { block: true, reason: `⛔ ${danger} (non-interactive)` };
+          }
+          const choice = await ctx.ui.select(
+            `⚠️  ${danger}\n\nAllow execution?`,
+            ["Block", "Allow once"],
+          );
+          if (!choice || choice === "Block") {
+            return { block: true, reason: `⛔ ${danger}` };
+          }
+        }
+      }
+    }
+
+    // Gate 2: 保护路径
+    if (event.toolName === "write" || event.toolName === "edit") {
+      const filePath = (event.input as any).path ?? (event.input as any).file ?? (event.input as any).file_path;
+      if (filePath) {
+        const danger = checkProtectedPath(filePath);
+        if (danger) {
+          if (!ctx.hasUI) {
+            return { block: true, reason: `🔐 ${danger}` };
+          }
+          const choice = await ctx.ui.select(
+            `🔐 ${danger}\n\nProceed?`,
+            ["Block", "Allow once"],
+          );
+          if (!choice || choice === "Block") {
+            return { block: true, reason: `🔐 ${danger}` };
+          }
+        }
+      }
+    }
+
+    // Gate 3: 写保护（已有内容的文件禁止 write，直接返回信息给 agent）
+    if (event.toolName === "write") {
+      const filePath = (event.input as any).path ?? (event.input as any).file ?? (event.input as any).file_path;
+      if (filePath) {
+        try {
+          const abs = resolve(ctx.cwd, filePath);
+          if (fs.existsSync(abs) && fs.readFileSync(abs, "utf8").length > 0) {
+            return { block: true, reason: "Overwriting a non-empty file is dangerous, use the edit tool instead!" };
+          }
+        } catch { /* file doesn't exist */ }
+      }
+    }
+  });
+
+  // ── Secret Redact (tool_result) ────────────────────────────────────────
+
+  const handleToolResult = async (
+    event: ToolResultEvent,
+    ctx: ExtensionContext,
+  ): Promise<{ content?: NonNullable<ToolResultEvent["content"]> } | void> => {
+    if (!event.content || !Array.isArray(event.content)) return;
+
+    const textParts: Array<{ index: number; text: string; item: ToolTextContent }> = [];
+    for (let i = 0; i < event.content.length; i++) {
+      const item = event.content[i];
+      if (item.type === "text" && typeof item.text === "string" && item.text.length > 0) {
+        textParts.push({ index: i, text: item.text, item });
+      }
+    }
+    if (textParts.length === 0) return;
+
+    const eng = await ensureEngine();
+    let totalCount = 0;
+    const newContent = [...event.content];
+
+    for (const { index, text, item } of textParts) {
+      const result = await eng.executeOnContent({ content: text, filePath: "tool-output.txt" });
+      const ranges = extractRanges(result.output);
+      if (ranges.length === 0) continue;
+
+      totalCount += ranges.length;
+      let redacted = text;
+      for (const { start, end } of ranges) {
+        const original = redacted.slice(start, end);
+        redacted = redacted.slice(0, start) + maskSecret(original) + redacted.slice(end);
+      }
+      const updatedItem: ToolTextContent = { ...item, text: redacted };
+      newContent[index] = updatedItem;
+    }
+
+    if (totalCount === 0) return;
+    const label = totalCount === 1 ? "1 secret" : `${totalCount} secrets`;
+    ctx.ui.notify(`🔐 Redacted ${label} in ${event.toolName} output`, "warning");
+    return { content: newContent };
+  };
+
+  pi.on("tool_result", handleToolResult);
+}

package/extensions/session-title.ts

@@ -0,0 +1,40 @@
+/**
+ * Session Title — 自动从首条消息设置 session name
+ *
+ * Pi 在 resume 列表已经用 firstMessage 显示，但 footer 不显示。
+ * 这个模块从 session entries 读取首条用户消息，设为 session name，
+ * 让 footer 行1 和 terminal title 也能显示。
+ * 用户手动 /rename 后不再覆盖。
+ */
+
+import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
+
+function extractFirstMessage(entries: Array<{ type: string; message?: { role: string; content?: unknown } }>): string | undefined {
+  for (const entry of entries) {
+    if (entry.type !== "message" || !entry.message || entry.message.role !== "user") continue;
+
+    const content = entry.message.content;
+    if (typeof content === "string" && content.trim()) {
+      return content.trim();
+    }
+    if (Array.isArray(content)) {
+      for (const part of content) {
+        if (part && typeof part === "object" && part.type === "text" && typeof part.text === "string" && part.text.trim()) {
+          return part.text.trim();
+        }
+      }
+    }
+  }
+  return undefined;
+}
+
+export function setupSessionTitle(pi: ExtensionAPI) {
+  pi.on("session_start", (_event, ctx) => {
+    if (ctx.sessionManager.getSessionName()) return;
+
+    const title = extractFirstMessage(ctx.sessionManager.getBranch());
+    if (title) {
+      pi.setSessionName(title);
+    }
+  });
+}

package/extensions/settings.ts

@@ -0,0 +1,62 @@
+/**
+ * Settings — 配置读写（唯一写文件）
+ *
+ * 所有其他模块只通过此文件访问 decorated-pi.json
+ */
+import * as fs from "node:fs";
+import * as path from "node:path";
+import * as os from "node:os";
+import type { Model } from "@earendil-works/pi-ai";
+
+const CONFIG_DIR = path.join(os.homedir(), ".pi", "agent", "extensions");
+const CONFIG_FILE = path.join(CONFIG_DIR, "decorated-pi.json");
+
+export interface DecoratedPiConfig {
+  imageModelKey?: string | null;
+  compactModelKey?: string | null;
+}
+
+export function loadConfig(): DecoratedPiConfig {
+  try {
+    if (fs.existsSync(CONFIG_FILE)) return JSON.parse(fs.readFileSync(CONFIG_FILE, "utf-8"));
+  } catch {}
+  return {};
+}
+
+export function saveConfig(config: Partial<DecoratedPiConfig>) {
+  if (!fs.existsSync(CONFIG_DIR)) fs.mkdirSync(CONFIG_DIR, { recursive: true });
+  const current = loadConfig();
+  fs.writeFileSync(CONFIG_FILE, JSON.stringify({ ...current, ...config }, null, 2), "utf-8");
+}
+
+// ─── 辅助 ──────────────────────────────────────────────────────────────────
+
+export function formatModelKey(m: Model<any>): string {
+  return `${m.provider}/${m.id}`;
+}
+
+export function parseModelKey(key: string): { provider: string; modelId: string } | null {
+  const i = key.indexOf("/");
+  if (i === -1) return null;
+  return { provider: key.slice(0, i), modelId: key.slice(i + 1) };
+}
+
+// ─── Getter ─────────────────────────────────────────────────────────────────
+
+export function getImageModelKey(): string | null {
+  return loadConfig().imageModelKey ?? null;
+}
+
+export function getCompactModelKey(): string | null {
+  return loadConfig().compactModelKey ?? null;
+}
+
+// ─── Setter ─────────────────────────────────────────────────────────────────
+
+export function setImageModelKey(key: string | null) {
+  saveConfig({ imageModelKey: key });
+}
+
+export function setCompactModelKey(key: string | null) {
+  saveConfig({ compactModelKey: key });
+}

package/extensions/slash.ts

@@ -0,0 +1,67 @@
+/**
+ * Slash — 所有扩展命令
+ *
+ * /extend-model     → 模型选择器 (TAB 切换 Image/Compact)
+ * /retry            → 中断后继续
+ */
+
+import type { ExtensionAPI, ExtensionContext } from "@earendil-works/pi-coding-agent";
+import { ModelPickerComponent } from "./extend-model.js";
+
+// ─── /extend-model ─────────────────────────────────────────────────────────
+
+function setupExtendModelCommand(pi: ExtensionAPI) {
+  pi.registerCommand("extend-model", {
+    description: "Configure image and compact models",
+    handler: async (_args, ctx) => {
+      if (ctx.hasUI) {
+        await ctx.ui.custom<void>(
+          (tui, theme, _kb, done) =>
+            new ModelPickerComponent(tui, theme, ctx.modelRegistry, () => done(undefined))
+        );
+        return;
+      }
+      ctx.ui.notify("extend-model requires interactive mode.", "warning");
+    },
+  });
+}
+
+// ─── /retry ────────────────────────────────────────────────────────────────
+
+function setupRetryCommand(pi: ExtensionAPI) {
+  let shouldInjectRetryNote = false;
+  let retryInProgress = false;
+
+  pi.registerCommand("retry", {
+    description: "Continue after interruption",
+    handler: async (_args, ctx) => {
+      if (retryInProgress) {
+        ctx.ui.notify("Retry is already in progress", "warning");
+        return;
+      }
+      if (!ctx.isIdle()) ctx.abort();
+
+      retryInProgress = true;
+      shouldInjectRetryNote = true;
+      pi.sendMessage(
+        { customType: "retry-trigger", content: "Continue.", display: false },
+        { triggerTurn: true }
+      );
+    },
+  });
+
+  pi.on("before_agent_start", async (event) => {
+    if (!shouldInjectRetryNote) return;
+    shouldInjectRetryNote = false;
+    return { systemPrompt: event.systemPrompt + "\n\nThe previous turn was interrupted by the system." };
+  });
+
+  pi.on("agent_start", () => { retryInProgress = false; });
+}
+
+// ─── 入口 ───────────────────────────────────────────────────────────────────
+
+export function setupSlash(pi: ExtensionAPI) {
+  setupExtendModelCommand(pi);
+  setupRetryCommand(pi);
+}