decorated-pi 0.2.1 → 0.3.0

package/extensions/safety/index.ts

@@ -0,0 +1,194 @@
+/**
+ * Safety — Pi 集成层
+ *
+ * - Command Guard:   拦截危险 bash 命令
+ * - Redirect Guard:  bash 覆盖写入提示确认
+ * - Protected Paths: write/edit/patch/read 保护路径提示确认
+ * - Write Guard:     覆盖非空文件禁止 write (提示使用 patch)
+ * - Secret Redact:   API Key / Token 自动掩码
+ */
+
+import type {
+  ExtensionAPI,
+  ExtensionContext,
+  ToolResultEvent,
+} from "@earendil-works/pi-coding-agent";
+import * as fs from "node:fs";
+import { resolve } from "node:path";
+import {
+  checkProtectedPath,
+  collectBashDangers,
+  formatBashDangers,
+  detectSecrets,
+  maskSecret,
+} from "./detect.js";
+
+type ToolTextContent = Extract<NonNullable<ToolResultEvent["content"]>[number], { type: "text" }>;
+
+function summarizeCommand(command: string, maxLength = 48): string {
+  const singleLine = command.replace(/\s+/g, " ").trim();
+  if (singleLine.length <= maxLength) return singleLine;
+  return `${singleLine.slice(0, maxLength - 1)}…`;
+}
+
+function formatRedactionContext(event: ToolResultEvent): string {
+  if (event.toolName === "read") {
+    const filePath = (event.input as any)?.path ?? (event.input as any)?.file ?? (event.input as any)?.file_path;
+    return filePath ? `read ${filePath}` : "read";
+  }
+  if (event.toolName === "bash") {
+    const command = (event.input as any)?.command;
+    return typeof command === "string" && command.trim().length > 0
+      ? `bash ${summarizeCommand(command)}`
+      : "bash";
+  }
+  return event.toolName;
+}
+
+// ─── Setup ──────────────────────────────────────────────────────────────────
+
+export function setupSafety(pi: ExtensionAPI) {
+  // ── Command Guard + Protected Paths + Write Guard (tool_call) ─────────
+
+  pi.on("tool_call", async (event, ctx) => {
+
+    // Gate 1: 危险命令 + 覆盖写入 + 读取保护路径
+    if (event.toolName === "bash") {
+      const command = (event.input as { command?: string }).command;
+      if (command) {
+        const dangers = collectBashDangers(command, ctx.cwd);
+        if (dangers.length > 0) {
+          const message = formatBashDangers(dangers)!;
+          if (!ctx.hasUI) {
+            return { block: true, reason: `⚠ ${message} (non-interactive)` };
+          }
+          const choice = await ctx.ui.select(
+            `⚠️  ${message}\n\nAllow execution?`,
+            ["Block", "Allow once"],
+          );
+          if (!choice || choice === "Block") {
+            return { block: true, reason: `⚠ ${message}` };
+          }
+        }
+      }
+    }
+
+    // Gate 2: write/edit/patch 写入保护路径
+    if (event.toolName === "write" || event.toolName === "edit" || event.toolName === "patch") {
+      // For write/edit, path is a single field; for patch, check all patches[].path
+      const filePaths: string[] = event.toolName === "patch"
+        ? (event.input as any).patches?.filter((p: any) => p?.path).map((p: any) => p.path) ?? []
+        : [(event.input as any).path ?? (event.input as any).file ?? (event.input as any).file_path].filter(Boolean);
+      for (const filePath of filePaths) {
+        const danger = checkProtectedPath(filePath);
+        if (danger) {
+          if (!ctx.hasUI) {
+            return { block: true, reason: `🔒 ${danger}\nmay contain sensitive information` };
+          }
+          const choice = await ctx.ui.select(
+            `🔒 ${danger}\nmay contain sensitive information\n\nProceed?`,
+            ["Block", "Allow once"],
+          );
+          if (!choice || choice === "Block") {
+            return { block: true, reason: `🔒 ${danger}\nmay contain sensitive information` };
+          }
+          break; // User approved — skip remaining paths
+        }
+      }
+    }
+
+    // Gate 3: 写保护（已有内容的文件禁止 write，直接返回信息给 agent）
+    if (event.toolName === "write") {
+      const filePath = (event.input as any).path ?? (event.input as any).file ?? (event.input as any).file_path;
+      if (filePath) {
+        try {
+          const abs = resolve(ctx.cwd, filePath);
+          if (fs.existsSync(abs) && fs.readFileSync(abs, "utf8").length > 0) {
+            return { block: true, reason: "Overwriting a non-empty file is dangerous, use the patch tool instead!" };
+          }
+        } catch { /* file doesn't exist */ }
+      }
+    }
+
+    // Gate 4: read 工具读取保护路径（bash 读取已在 Gate 1 处理）
+    if (event.toolName === "read") {
+      const filePath = (event.input as any).path ?? (event.input as any).file ?? (event.input as any).file_path;
+      if (filePath) {
+        const danger = checkProtectedPath(filePath);
+        if (danger) {
+          if (!ctx.hasUI) {
+            return { block: true, reason: `🔒 Reading protected file: ${danger}\nmay contain sensitive information` };
+          }
+          const choice = await ctx.ui.select(
+            `🔒 Reading protected file: ${danger}\nmay contain sensitive information\n\nProceed?`,
+            ["Block", "Allow once"],
+          );
+          if (!choice || choice === "Block") {
+            return { block: true, reason: `🔒 Reading protected file: ${danger}\nmay contain sensitive information` };
+          }
+        }
+      }
+    }
+  });
+
+  // ── Secret Redact (tool_result) ────────────────────────────────────────
+
+  const handleToolResult = async (
+    event: ToolResultEvent,
+    ctx: ExtensionContext,
+  ): Promise<{ content?: NonNullable<ToolResultEvent["content"]> } | void> => {
+    if (!event.content || !Array.isArray(event.content)) return;
+
+    // Scan read + bash tool output. Skip write/edit/patch because they mainly
+    // produce diffs or generated file bodies, which are handled elsewhere and are
+    // more prone to noisy false positives.
+    if (event.toolName !== "read" && event.toolName !== "bash") return;
+
+    const textParts: Array<{ index: number; text: string; item: ToolTextContent }> = [];
+    for (let i = 0; i < event.content.length; i++) {
+      const item = event.content[i];
+      if (item.type === "text" && typeof item.text === "string" && item.text.length > 0) {
+        textParts.push({ index: i, text: item.text, item });
+      }
+    }
+    if (textParts.length === 0) return;
+
+    let totalCount = 0;
+    const counts: Record<"pattern" | "regex" | "entropy", number> = {
+      pattern: 0,
+      regex: 0,
+      entropy: 0,
+    };
+    const newContent = [...event.content];
+
+    const filePath = (event.input as any)?.path ?? (event.input as any)?.file ?? (event.input as any)?.file_path;
+
+    for (const { index, text, item } of textParts) {
+      const matches = detectSecrets(text, { filePath });
+      if (matches.length === 0) continue;
+
+      totalCount += matches.length;
+      let redacted = text;
+      for (const { start, end, source } of matches) {
+        counts[source] += 1;
+        const original = redacted.slice(start, end);
+        redacted = redacted.slice(0, start) + maskSecret(original, source) + redacted.slice(end);
+      }
+      const updatedItem: ToolTextContent = { ...item, text: redacted };
+      newContent[index] = updatedItem;
+    }
+
+    if (totalCount === 0) return;
+    const label = totalCount === 1 ? "1 secret" : `${totalCount} secrets`;
+    const breakdown: string[] = [];
+    if (counts.pattern > 0) breakdown.push(`*:pattern=${counts.pattern}`);
+    if (counts.regex > 0) breakdown.push(`#:regex=${counts.regex}`);
+    if (counts.entropy > 0) breakdown.push(`?:entropy=${counts.entropy}`);
+    const suffix = breakdown.length > 0 ? ` · ${breakdown.join(" ")}` : "";
+    const contextLabel = formatRedactionContext(event);
+    ctx.ui.notify(`🔒 [${contextLabel}] Redacted ${label}${suffix}`, "warning");
+    return { content: newContent };
+  };
+
+  pi.on("tool_result", handleToolResult);
+}

package/extensions/settings.ts

@@ -25,10 +25,18 @@ export interface ProviderCache {
   models: ProviderModelEntry[];
 }
 
+export interface ModuleSettings {
+  safety?: boolean;
+  lsp?: boolean;
+  "smart-at"?: boolean;
+  patch?: boolean;
+}
+
 export interface DecoratedPiConfig {
   imageModelKey?: string | null;
   compactModelKey?: string | null;
   providers?: Record<string, ProviderCache>;
+  modules?: ModuleSettings;
 }
 
 export function loadConfig(): DecoratedPiConfig {
@@ -97,3 +105,28 @@ export function setImageModelKey(key: string | null) {
 export function setCompactModelKey(key: string | null) {
   saveConfig({ compactModelKey: key });
 }
+
+// ─── Module Switches ──────────────────────────────────────────────────────────
+
+const DEFAULT_MODULES: Required<ModuleSettings> = {
+  safety: true,
+  lsp: true,
+  "smart-at": true,
+  patch: true,
+};
+
+export function isModuleEnabled(name: keyof ModuleSettings): boolean {
+  const modules = loadConfig().modules ?? {};
+  return modules[name] ?? DEFAULT_MODULES[name] ?? true;
+}
+
+export function setModuleEnabled(name: keyof ModuleSettings, enabled: boolean) {
+  const modules = { ...loadConfig().modules };
+  modules[name] = enabled;
+  saveConfig({ modules });
+}
+
+export function getAllModuleSettings(): Required<ModuleSettings> {
+  const modules = loadConfig().modules ?? {};
+  return { ...DEFAULT_MODULES, ...modules };
+}

package/extensions/slash.ts

@@ -1,17 +1,48 @@
 /**
  * Slash — 所有扩展命令
  *
- * /extend-model     → 模型选择器 (TAB 切换 Image/Compact)
- * /retry            → 中断后继续
+ * /dp-model    → 模型选择器 (TAB 切换 Image/Compact)
+ * /dp-settings → 模块开关 (patch / safety / lsp / smart-at)
+ * /retry       → 中断后继续
  */
 
-import type { ExtensionAPI, ExtensionContext } from "@earendil-works/pi-coding-agent";
-import { ModelPickerComponent } from "./extend-model.js";
+import type { ExtensionAPI, ExtensionContext, Theme as PiTheme } from "@earendil-works/pi-coding-agent";
+import { ModelPickerComponent } from "./model-integration.js";
+import { getAllModuleSettings, setModuleEnabled, type ModuleSettings } from "./settings.js";
+import { Container, SettingsList, type TUI, type SettingsListTheme, type Component } from "@earendil-works/pi-tui";
 
-// ─── /extend-model ─────────────────────────────────────────────────────────
+// ─── Border component (matches native DynamicBorder) ────────────────────────
 
-function setupExtendModelCommand(pi: ExtensionAPI) {
-  pi.registerCommand("extend-model", {
+class DynamicBorder implements Component {
+  private colorFn: (str: string) => string;
+
+  constructor(theme: PiTheme) {
+    this.colorFn = (str: string) => theme.fg("border", str);
+  }
+
+  invalidate() {}
+
+  render(width: number): string[] {
+    return [this.colorFn("─".repeat(Math.max(1, width)))];
+  }
+}
+
+// ─── SettingsList Theme (matches native getSettingsListTheme) ───────────────
+
+function getSettingsListTheme(theme: PiTheme): SettingsListTheme {
+  return {
+    label: (text: string, selected: boolean) => selected ? theme.fg("accent", text) : text,
+    value: (text: string, selected: boolean) => selected ? theme.fg("accent", text) : theme.fg("muted", text),
+    description: (text: string) => theme.fg("dim", text),
+    cursor: theme.fg("accent", "→ "),
+    hint: (text: string) => theme.fg("dim", text),
+  };
+}
+
+// ─── /dp-model ─────────────────────────────────────────────────────────────
+
+function setupDpModelCommand(pi: ExtensionAPI) {
+  pi.registerCommand("dp-model", {
     description: "Configure image and compact models",
     handler: async (_args, ctx) => {
       if (ctx.hasUI) {
@@ -21,7 +52,77 @@ function setupExtendModelCommand(pi: ExtensionAPI) {
         );
         return;
       }
-      ctx.ui.notify("extend-model requires interactive mode.", "warning");
+      ctx.ui.notify("dp-model requires interactive mode.", "warning");
+    },
+  });
+}
+
+// ─── /dp-settings ──────────────────────────────────────────────────────────
+
+const MODULE_LABELS: Record<keyof ModuleSettings, string> = {
+  patch: "Patch Tool",
+  safety: "Safety Layer",
+  lsp: "LSP Tools",
+  "smart-at": "Smart @ Search",
+};
+
+const MODULE_DESCS: Record<keyof ModuleSettings, string> = {
+  patch: "Replace edit/write with patch tool (old_str/new_str replacement + overwrite)",
+  safety: "Command guard, protected paths, read guard, secret redaction",
+  lsp: "Language server diagnostics, hover, definition, references, symbols, rename",
+  "smart-at": "Project-aware file search replacing default autocomplete",
+};
+
+class ModuleSettingsComponent extends Container {
+  private settingsList: SettingsList;
+
+  constructor(tui: TUI, theme: PiTheme, onDone: () => void) {
+    super();
+    const modules = getAllModuleSettings();
+    const keys = Object.keys(MODULE_LABELS) as (keyof ModuleSettings)[];
+
+    const items = keys.map(k => ({
+      id: k,
+      label: MODULE_LABELS[k],
+      description: MODULE_DESCS[k],
+      currentValue: modules[k] ? "on" : "off",
+      values: ["on", "off"],
+    }));
+
+    this.addChild(new DynamicBorder(theme));
+
+    this.settingsList = new SettingsList(
+      items, 10, getSettingsListTheme(theme),
+      (id: string, newValue: string) => {
+        setModuleEnabled(id as keyof ModuleSettings, newValue === "on");
+        tui.requestRender();
+      },
+      () => onDone(),
+      { enableSearch: true },
+    );
+
+    this.addChild(this.settingsList);
+    this.addChild(new DynamicBorder(theme));
+  }
+
+  handleInput(data: string) {
+    this.settingsList.handleInput(data);
+  }
+}
+
+function setupDpSettingsCommand(pi: ExtensionAPI) {
+  pi.registerCommand("dp-settings", {
+    description: "Toggle decorated-pi modules on/off",
+    handler: async (_args, ctx) => {
+      if (ctx.hasUI) {
+        await ctx.ui.custom<void>(
+          (tui, theme, _kb, done) =>
+            new ModuleSettingsComponent(tui, theme, () => done(undefined))
+        );
+        ctx.ui.notify("Module settings updated. /reload to apply.", "info");
+        return;
+      }
+      ctx.ui.notify("dp-settings requires interactive mode.", "warning");
     },
   });
 }
@@ -62,6 +163,7 @@ function setupRetryCommand(pi: ExtensionAPI) {
 // ─── 入口 ───────────────────────────────────────────────────────────────────
 
 export function setupSlash(pi: ExtensionAPI) {
-  setupExtendModelCommand(pi);
+  setupDpModelCommand(pi);
+  setupDpSettingsCommand(pi);
   setupRetryCommand(pi);
 }