npm - failproofai - Versions diffs - 0.0.9 → 0.0.10-beta.0 - Mend

failproofai 0.0.9 → 0.0.10-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (197) hide show

package/.next/standalone/pi-extension/index.ts ADDED Viewed

@@ -0,0 +1,373 @@
+/**
+ * failproofai policy bridge for Pi (pi-coding-agent).
+ *
+ * This extension is loaded by Pi at startup and registered via
+ * `pi install <abs-path-to-this-dir> [-l]` (or by hand-authoring an entry in
+ * `<scope>/.pi/settings.json`). It subscribes to Pi's `tool_call`, `user_bash`,
+ * `input`, and `session_start` events and forwards them to the failproofai
+ * binary as `failproofai --hook <Event> --cli pi`. failproofai prints a
+ * decision JSON to stdout; this shim parses it and translates into Pi's
+ * `{ block: true, reason }` return shape so policy `deny` decisions cancel
+ * tool execution.
+ *
+ * Marker comment for failproofai's installer detection (do not remove):
+ *   __failproofai_hook__: true
+ *
+ * Binary resolution. failproofai ships two entrypoints:
+ *   • dist/cli.mjs — bundled, node-compatible (production npm install)
+ *   • bin/failproofai.mjs — source, requires `bun` (dev / monorepo)
+ *
+ * dist/cli.mjs is preferred because spawning `node bin/failproofai.mjs`
+ * fails with ERR_IMPORT_ATTRIBUTE_MISSING (the source `import package.json`
+ * needs `with { type: "json" }` under node, which bun handles transparently
+ * but the build:cli step transpiles away in dist/cli.mjs). When dist/cli.mjs
+ * isn't present, fall back to running bin/failproofai.mjs with `bun`. Pi
+ * spawns extensions with an undefined cwd contract, so paths are resolved
+ * relative to this file via `import.meta.url`, NOT process.cwd().
+ */
+import { spawnSync } from "node:child_process";
+import { resolve, dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+import { existsSync, readdirSync, statSync } from "node:fs";
+import { homedir } from "node:os";
+const HERE = dirname(fileURLToPath(import.meta.url));
+const DIST_BIN = resolve(HERE, "..", "dist", "cli.mjs");
+const SRC_BIN = resolve(HERE, "..", "bin", "failproofai.mjs");
+// Prefer the bundled dist/cli.mjs (node-compatible); fall back to source +
+// bun for dev workflows where dist/ hasn't been built yet.
+function resolveSpawn(): { cmd: string; args: string[] } {
+  if (process.env.FAILPROOFAI_BINARY_OVERRIDE) {
+    return { cmd: "node", args: [process.env.FAILPROOFAI_BINARY_OVERRIDE] };
+  }
+  if (existsSync(DIST_BIN)) {
+    return { cmd: "node", args: [DIST_BIN] };
+  }
+  return { cmd: "bun", args: [SRC_BIN] };
+}
+interface PolicyDecision {
+  permission?: "allow" | "deny";
+  reason?: string;
+}
+/**
+ * Spawn `failproofai --hook <eventName> --cli pi`, write the JSON payload to
+ * stdin, and parse the flat `{permission, reason}` JSON we expect failproofai
+ * to print on stdout. Fail-open on any subprocess / parse error.
+ */
+/** Optional stderr trace for debugging the shim. Enabled with
+ *  FAILPROOFAI_PI_DEBUG=1; silent otherwise. */
+function debug(msg: string): void {
+  if (process.env.FAILPROOFAI_PI_DEBUG === "1") {
+    process.stderr.write(`[failproofai-pi-shim] ${msg}\n`);
+  }
+}
+function callPolicy(eventName: string, payload: unknown): { block: boolean; reason: string } {
+  const { cmd, args } = resolveSpawn();
+  debug(`callPolicy event=${eventName} cmd=${cmd}`);
+  try {
+    const result = spawnSync(
+      cmd,
+      [...args, "--hook", eventName, "--cli", "pi"],
+      {
+        input: JSON.stringify(payload),
+        encoding: "utf8",
+        timeout: 60_000,
+      },
+    );
+    if (result.status !== 0) return { block: false, reason: "" };
+    const stdout = (result.stdout || "").trim();
+    if (!stdout) return { block: false, reason: "" };
+    const parsed = JSON.parse(stdout) as PolicyDecision;
+    if (parsed.permission === "deny") {
+      debug(`DENY reason=${parsed.reason}`);
+      return { block: true, reason: parsed.reason ?? "Blocked by failproofai" };
+    }
+  } catch (err) {
+    debug(`EXCEPTION ${err instanceof Error ? err.message : String(err)}`);
+    // Fail-open: never block tool execution because of an infra failure.
+  }
+  return { block: false, reason: "" };
+}
+interface PiToolCallEvent {
+  type?: string;
+  toolName?: string;
+  toolCallId?: string;
+  input?: Record<string, unknown>;
+  cwd?: string;
+  sessionId?: string;
+}
+/**
+ * Pi emits tool names in lowercase (`bash`, `read`, `edit`, `write`).
+ * failproofai's builtin policies match on Claude-shaped capitalized names
+ * (`Bash`, `Read`, `Edit`, `Write`). Map between the two so existing
+ * tool-name match clauses fire on Pi sessions.
+ */
+function canonicalizeToolName(piToolName: string | undefined): string | undefined {
+  if (!piToolName) return undefined;
+  return piToolName.charAt(0).toUpperCase() + piToolName.slice(1);
+}
+/** Resolve the cwd for the policy payload. Pi events don't include cwd, so
+ *  fall back to the extension's process.cwd() — which is where Pi was
+ *  launched and where `.failproofai/` config lives. */
+function resolveCwd(eventCwd: string | undefined): string {
+  return eventCwd ?? process.cwd();
+}
+/**
+ * Pi (verified empirically against pi-coding-agent v0.71.1) does NOT
+ * populate `event.sessionId` on any of its events — `session_start`,
+ * `tool_call`, `user_bash`, `input`, `tool_result`, `agent_end`,
+ * `session_shutdown` all leave it undefined. Without help the shim can't
+ * tag activity records with a session id, so the dashboard renders
+ * `Session ID: —` for every Pi row.
+ *
+ * What Pi DOES do: at session start it creates a JSONL transcript at
+ * `~/.pi/agent/sessions/<encodedCwd>/<isoTimestamp>_<uuid>.jsonl` where
+ * the filename encodes the sessionId. We discover ours by scanning the
+ * encoded-cwd directory for the most-recently-modified matching file.
+ *
+ * Strategy: scan once and cache. Pi runs one session per process so the
+ * cache is per-process and lives for the session's lifetime. If Pi ever
+ * multiplexes, we'd need a keyed map.
+ */
+const PI_FILE_RE = /^[\d-]+T[\d-]+Z_([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\.jsonl$/i;
+/** Encode a cwd into Pi's on-disk session-dir name. Pi strips the leading
+ *  `/` before replacing remaining slashes with `-`, e.g.
+ *  `/home/u/repo` → `--home-u-repo--`. */
+function piEncodeCwd(cwd: string): string {
+  const inner = cwd.replace(/^\/+/, "").replace(/\//g, "-");
+  return `--${inner}--`;
+}
+/** Process start boundary — files older than this aren't from the current
+ *  Pi session. Captured at module load so cold-start in a cwd with stale
+ *  transcripts doesn't pin a previous session's UUID. We allow a small
+ *  tolerance below `processStartMs` because mtime resolution and clock
+ *  skew can put a "current" file's mtime a few hundred ms before module
+ *  load on slow startup. */
+const PROCESS_START_MS = Date.now();
+const STALE_TOLERANCE_MS = 2_000;
+/** Find the newest `<ts>_<uuid>.jsonl` file under `~/.pi/agent/sessions/<encodedCwd>/`
+ *  whose mtime indicates it belongs to the CURRENT Pi process (≥ process
+ *  start, with a small tolerance). Files older than that are stale
+ *  transcripts from prior sessions in the same cwd — caching their UUID
+ *  would cross-attribute every event of the new session.
+ *  Returns undefined when the dir doesn't exist, has no matching file, or
+ *  every matching file is stale. */
+function discoverPiSessionId(cwd: string): string | undefined {
+  const root = process.env.PI_SESSIONS_DIR || join(homedir(), ".pi", "agent", "sessions");
+  const dir = join(root, piEncodeCwd(cwd));
+  let entries: string[];
+  try { entries = readdirSync(dir); } catch { return undefined; }
+  const boundary = PROCESS_START_MS - STALE_TOLERANCE_MS;
+  let best: { sessionId: string; mtime: number } | undefined;
+  for (const name of entries) {
+    const m = PI_FILE_RE.exec(name);
+    if (!m) continue;
+    let mtime: number;
+    try { mtime = statSync(join(dir, name)).mtimeMs; } catch { continue; }
+    if (mtime < boundary) continue;
+    if (!best || mtime > best.mtime) best = { sessionId: m[1], mtime };
+  }
+  return best?.sessionId;
+}
+/** sessionId cache, keyed by cwd. Per-cwd so a multi-cwd Pi (extension running
+ *  across multiple workspace roots) can't cross-attribute. Cleared on
+ *  session_shutdown reasons `new`/`resume`/`fork` (Pi reuses the process). */
+const cachedSessionIdByCwd = new Map<string, string>();
+function resolveSessionId(eventSessionId: string | undefined, cwd: string): string | undefined {
+  if (eventSessionId) {
+    cachedSessionIdByCwd.set(cwd, eventSessionId);
+    return eventSessionId;
+  }
+  const cached = cachedSessionIdByCwd.get(cwd);
+  if (cached) return cached;
+  // Pi v0.71.1 never sets sessionId — discover from disk.
+  const discovered = discoverPiSessionId(cwd);
+  if (discovered) cachedSessionIdByCwd.set(cwd, discovered);
+  return discovered;
+}
+/** Clear the cached sessionId for a cwd. Called on session_shutdown reasons
+ *  that indicate a new session is starting in the same process (`new`,
+ *  `resume`, `fork`). Without this, the next session would inherit the prior
+ *  sessionId until disk discovery refreshed it. */
+function resetSessionIdCache(cwd: string): void {
+  cachedSessionIdByCwd.delete(cwd);
+}
+interface PiUserBashEvent {
+  type?: string;
+  command?: string;
+  cwd?: string;
+  sessionId?: string;
+}
+interface PiInputEvent {
+  type?: string;
+  text?: string;
+  source?: string;
+  cwd?: string;
+  sessionId?: string;
+}
+interface PiSessionStartEvent {
+  type?: string;
+  reason?: string;
+  cwd?: string;
+  sessionId?: string;
+}
+interface PiSessionShutdownEvent {
+  type?: string;
+  /** "quit" | "reload" | "new" | "resume" | "fork" per pi-coding-agent v0.72.1 */
+  reason?: string;
+  targetSessionFile?: string;
+  cwd?: string;
+  sessionId?: string;
+}
+interface PiToolResultEvent {
+  type?: string;
+  toolCallId?: string;
+  toolName?: string;
+  input?: Record<string, unknown>;
+  /** TextContent | ImageContent — opaque to us; forwarded as-is. */
+  content?: unknown[];
+  isError?: boolean;
+  cwd?: string;
+  sessionId?: string;
+}
+interface PiAgentEndEvent {
+  type?: string;
+  /** AgentMessage[] — opaque; not forwarded (Stop policies don't need it). */
+  messages?: unknown[];
+  cwd?: string;
+  sessionId?: string;
+}
+interface PiExtensionApi {
+  on(event: string, handler: (event: unknown) => unknown): void;
+}
+export default function failproofaiBridge(pi: PiExtensionApi) {
+  // tool_call → PreToolUse. Block tool execution when failproofai denies.
+  pi.on("tool_call", (event: unknown): unknown => {
+    const e = event as PiToolCallEvent;
+    const decision = callPolicy("tool_call", {
+      tool_name: canonicalizeToolName(e.toolName),
+      tool_input: e.input,
+      session_id: resolveSessionId(e.sessionId, resolveCwd(e.cwd)),
+      cwd: resolveCwd(e.cwd),
+      hook_event_name: "PreToolUse",
+    });
+    if (decision.block) return { block: true, reason: decision.reason };
+    return undefined;
+  });
+  // user_bash → PreToolUse with synthesized toolName=Bash.
+  pi.on("user_bash", (event: unknown): unknown => {
+    const e = event as PiUserBashEvent;
+    const decision = callPolicy("user_bash", {
+      tool_name: "Bash",
+      tool_input: { command: e.command },
+      session_id: resolveSessionId(e.sessionId, resolveCwd(e.cwd)),
+      cwd: resolveCwd(e.cwd),
+      hook_event_name: "PreToolUse",
+    });
+    if (decision.block) return { block: true, reason: decision.reason };
+    return undefined;
+  });
+  // input → UserPromptSubmit. Honor block decisions if Pi accepts them
+  // (Pi's docs describe block on input but it's not exhaustively tested).
+  pi.on("input", (event: unknown): unknown => {
+    const e = event as PiInputEvent;
+    const decision = callPolicy("input", {
+      prompt: e.text,
+      session_id: resolveSessionId(e.sessionId, resolveCwd(e.cwd)),
+      cwd: resolveCwd(e.cwd),
+      hook_event_name: "UserPromptSubmit",
+    });
+    if (decision.block) return { block: true, reason: decision.reason };
+    return undefined;
+  });
+  // session_start → SessionStart. Observe-only; we still forward so the
+  // activity feed records the session and any UserPromptSubmit policies that
+  // need session_id continuity see the metadata.
+  pi.on("session_start", (event: unknown): unknown => {
+    const e = event as PiSessionStartEvent;
+    callPolicy("session_start", {
+      session_id: resolveSessionId(e.sessionId, resolveCwd(e.cwd)),
+      cwd: resolveCwd(e.cwd),
+      reason: e.reason,
+      hook_event_name: "SessionStart",
+    });
+    return undefined;
+  });
+  // tool_result → PostToolUse. Observation-only on Pi: ToolResultEventResult
+  // exposes {content, details, isError} for mutation but no `block`. We
+  // forward to the failproofai binary so PostToolUse builtins (sanitize-jwt,
+  // sanitize-api-keys, sanitize-connection-strings, sanitize-private-key-
+  // content, sanitize-bearer-tokens) run and get their decisions logged to
+  // the activity store + stderr — but Pi keeps the original tool result.
+  pi.on("tool_result", (event: unknown): unknown => {
+    const e = event as PiToolResultEvent;
+    callPolicy("tool_result", {
+      tool_name: canonicalizeToolName(e.toolName),
+      tool_input: e.input ?? {},
+      tool_response: { content: e.content, isError: e.isError },
+      session_id: resolveSessionId(e.sessionId, resolveCwd(e.cwd)),
+      cwd: resolveCwd(e.cwd),
+      hook_event_name: "PostToolUse",
+    });
+    return undefined;
+  });
+  // agent_end → Stop. Observation-only on Pi: the agent loop has already
+  // exited when this fires, so a deny decision cannot keep Pi running the
+  // way Claude's exit-2-from-Stop can. We still forward so the 5
+  // require-*-before-stop builtins run and log their findings (visible in
+  // the dashboard's activity feed and stderr) — best-effort visibility.
+  pi.on("agent_end", (event: unknown): unknown => {
+    const e = event as PiAgentEndEvent;
+    callPolicy("agent_end", {
+      session_id: resolveSessionId(e.sessionId, resolveCwd(e.cwd)),
+      cwd: resolveCwd(e.cwd),
+      hook_event_name: "Stop",
+    });
+    return undefined;
+  });
+  // session_shutdown → SessionEnd. Observation-only; emits a SessionEnd
+  // record so per-session telemetry has a clean close. Reset the per-cwd
+  // sessionId cache for shutdown reasons that mean "Pi is starting a new
+  // session in the same process" — without the reset, the next session's
+  // events would inherit the prior session's id until disk discovery
+  // refreshed it.
+  pi.on("session_shutdown", (event: unknown): unknown => {
+    const e = event as PiSessionShutdownEvent;
+    const cwd = resolveCwd(e.cwd);
+    callPolicy("session_shutdown", {
+      session_id: resolveSessionId(e.sessionId, cwd),
+      cwd,
+      reason: e.reason,
+      hook_event_name: "SessionEnd",
+    });
+    if (e.reason === "new" || e.reason === "resume" || e.reason === "fork") {
+      resetSessionIdCache(cwd);
+    }
+    return undefined;
+  });
+}

package/.next/standalone/pi-extension/package.json ADDED Viewed

@@ -0,0 +1,12 @@
+{
+  "name": "@failproofai/pi-extension",
+  "version": "0.0.1",
+  "description": "failproofai policy bridge for Pi (pi-coding-agent)",
+  "type": "module",
+  "main": "./index.ts",
+  "private": true,
+  "keywords": [
+    "pi-extension",
+    "failproofai"
+  ]
+}

package/.next/standalone/server.js CHANGED Viewed

@@ -9,7 +9,7 @@ const currentPort = parseInt(process.env.PORT, 10) || 3000
 const hostname = process.env.HOSTNAME || '0.0.0.0'
 let keepAliveTimeout = parseInt(process.env.KEEP_ALIVE_TIMEOUT, 10)
-const nextConfig = {"env":{"NEXT_PUBLIC_APP_VERSION":"0.0.9"},"typescript":{"ignoreBuildErrors":false},"typedRoutes":false,"distDir":"./.next","cleanDistDir":true,"assetPrefix":"","cacheMaxMemorySize":52428800,"configOrigin":"next.config.ts","useFileSystemPublicRoutes":true,"generateEtags":true,"pageExtensions":["tsx","ts","jsx","js"],"poweredByHeader":true,"compress":true,"images":{"deviceSizes":[640,750,828,1080,1200,1920,2048,3840],"imageSizes":[32,48,64,96,128,256,384],"path":"/_next/image","loader":"default","loaderFile":"","domains":[],"disableStaticImages":false,"minimumCacheTTL":14400,"formats":["image/webp"],"maximumRedirects":3,"maximumResponseBody":50000000,"dangerouslyAllowLocalIP":false,"dangerouslyAllowSVG":false,"contentSecurityPolicy":"script-src 'none'; frame-src 'none'; sandbox;","contentDispositionType":"attachment","localPatterns":[{"pathname":"**","search":""}],"remotePatterns":[],"qualities":[75],"unoptimized":true,"customCacheHandler":false},"devIndicators":{"position":"bottom-left"},"onDemandEntries":{"maxInactiveAge":60000,"pagesBufferLength":5},"basePath":"","sassOptions":{},"trailingSlash":false,"i18n":null,"productionBrowserSourceMaps":false,"excludeDefaultMomentLocales":true,"reactProductionProfiling":false,"reactStrictMode":null,"reactMaxHeadersLength":6000,"httpAgentOptions":{"keepAlive":true},"logging":{"serverFunctions":true,"browserToTerminal":"warn"},"compiler":{},"expireTime":31536000,"staticPageGenerationTimeout":60,"output":"standalone","modularizeImports":{"@mui/icons-material":{"transform":"@mui/icons-material/{{member}}"},"lodash":{"transform":"lodash/{{member}}"}},"outputFileTracingRoot":"/home/runner/work/failproofai/failproofai","cacheComponents":false,"cacheLife":{"default":{"stale":300,"revalidate":900,"expire":4294967294},"seconds":{"stale":30,"revalidate":1,"expire":60},"minutes":{"stale":300,"revalidate":60,"expire":3600},"hours":{"stale":300,"revalidate":3600,"expire":86400},"days":{"stale":300,"revalidate":86400,"expire":604800},"weeks":{"stale":300,"revalidate":604800,"expire":2592000},"max":{"stale":300,"revalidate":2592000,"expire":31536000}},"cacheHandlers":{},"experimental":{"appNewScrollHandler":false,"useSkewCookie":false,"cssChunking":true,"multiZoneDraftMode":false,"appNavFailHandling":false,"prerenderEarlyExit":true,"serverMinification":true,"linkNoTouchStart":false,"caseSensitiveRoutes":false,"cachedNavigations":false,"partialFallbacks":false,"dynamicOnHover":false,"varyParams":false,"prefetchInlining":false,"preloadEntriesOnStart":true,"clientRouterFilter":true,"clientRouterFilterRedirects":false,"fetchCacheKeyPrefix":"","proxyPrefetch":"flexible","optimisticClientCache":true,"manualClientBasePath":false,"cpus":3,"memoryBasedWorkersCount":false,"imgOptConcurrency":null,"imgOptTimeoutInSeconds":7,"imgOptMaxInputPixels":268402689,"imgOptSequentialRead":null,"imgOptSkipMetadata":null,"isrFlushToDisk":true,"workerThreads":false,"optimizeCss":false,"nextScriptWorkers":false,"scrollRestoration":false,"externalDir":false,"disableOptimizedLoading":false,"gzipSize":true,"craCompat":false,"esmExternals":true,"fullySpecified":false,"swcTraceProfiling":false,"forceSwcTransforms":false,"largePageDataBytes":128000,"typedEnv":false,"parallelServerCompiles":false,"parallelServerBuildTraces":false,"ppr":false,"authInterrupts":false,"webpackMemoryOptimizations":false,"optimizeServerReact":true,"strictRouteTypes":false,"viewTransition":false,"removeUncaughtErrorAndRejectionListeners":false,"validateRSCRequestHeaders":false,"staleTimes":{"dynamic":0,"static":300},"reactDebugChannel":true,"serverComponentsHmrCache":true,"staticGenerationMaxConcurrency":8,"staticGenerationMinPagesPerWorker":25,"transitionIndicator":false,"gestureTransition":false,"inlineCss":false,"useCache":false,"globalNotFound":false,"browserDebugInfoInTerminal":"warn","lockDistDir":true,"proxyClientMaxBodySize":10485760,"hideLogsAfterAbort":false,"mcpServer":true,"turbopackFileSystemCacheForDev":true,"turbopackFileSystemCacheForBuild":false,"turbopackInferModuleSideEffects":true,"turbopackPluginRuntimeStrategy":"childProcesses","optimizePackageImports":["lucide-react","date-fns","lodash-es","ramda","antd","react-bootstrap","ahooks","@ant-design/icons","@headlessui/react","@headlessui-float/react","@heroicons/react/20/solid","@heroicons/react/24/solid","@heroicons/react/24/outline","@visx/visx","@tremor/react","rxjs","@mui/material","@mui/icons-material","recharts","react-use","effect","@effect/schema","@effect/platform","@effect/platform-node","@effect/platform-browser","@effect/platform-bun","@effect/sql","@effect/sql-mssql","@effect/sql-mysql2","@effect/sql-pg","@effect/sql-sqlite-node","@effect/sql-sqlite-bun","@effect/sql-sqlite-wasm","@effect/sql-sqlite-react-native","@effect/rpc","@effect/rpc-http","@effect/typeclass","@effect/experimental","@effect/opentelemetry","@material-ui/core","@material-ui/icons","@tabler/icons-react","mui-core","react-icons/ai","react-icons/bi","react-icons/bs","react-icons/cg","react-icons/ci","react-icons/di","react-icons/fa","react-icons/fa6","react-icons/fc","react-icons/fi","react-icons/gi","react-icons/go","react-icons/gr","react-icons/hi","react-icons/hi2","react-icons/im","react-icons/io","react-icons/io5","react-icons/lia","react-icons/lib","react-icons/lu","react-icons/md","react-icons/pi","react-icons/ri","react-icons/rx","react-icons/si","react-icons/sl","react-icons/tb","react-icons/tfi","react-icons/ti","react-icons/vsc","react-icons/wi"],"trustHostHeader":false,"isExperimentalCompile":false},"htmlLimitedBots":"[\\w-]+-Google|Google-[\\w-]+|Chrome-Lighthouse|Slurp|DuckDuckBot|baiduspider|yandex|sogou|bitlybot|tumblr|vkShare|quora link preview|redditbot|ia_archiver|Bingbot|BingPreview|applebot|facebookexternalhit|facebookcatalog|Twitterbot|LinkedInBot|Slackbot|Discordbot|WhatsApp|SkypeUriPreview|Yeti|googleweblight","bundlePagesRouterDependencies":false,"configFileName":"next.config.ts","outputFileTracingExcludes":{"*":["node_modules/@img/**","node_modules/sharp/**"]},"turbopack":{"root":"/home/runner/work/failproofai/failproofai"},"distDirRoot":".next"}
+const nextConfig = {"env":{"NEXT_PUBLIC_APP_VERSION":"0.0.10-beta.0"},"typescript":{"ignoreBuildErrors":false},"typedRoutes":false,"distDir":"./.next","cleanDistDir":true,"assetPrefix":"","cacheMaxMemorySize":52428800,"configOrigin":"next.config.ts","useFileSystemPublicRoutes":true,"generateEtags":true,"pageExtensions":["tsx","ts","jsx","js"],"poweredByHeader":true,"compress":true,"images":{"deviceSizes":[640,750,828,1080,1200,1920,2048,3840],"imageSizes":[32,48,64,96,128,256,384],"path":"/_next/image","loader":"default","loaderFile":"","domains":[],"disableStaticImages":false,"minimumCacheTTL":14400,"formats":["image/webp"],"maximumRedirects":3,"maximumResponseBody":50000000,"dangerouslyAllowLocalIP":false,"dangerouslyAllowSVG":false,"contentSecurityPolicy":"script-src 'none'; frame-src 'none'; sandbox;","contentDispositionType":"attachment","localPatterns":[{"pathname":"**","search":""}],"remotePatterns":[],"qualities":[75],"unoptimized":true,"customCacheHandler":false},"devIndicators":{"position":"bottom-left"},"onDemandEntries":{"maxInactiveAge":60000,"pagesBufferLength":5},"basePath":"","sassOptions":{},"trailingSlash":false,"i18n":null,"productionBrowserSourceMaps":false,"excludeDefaultMomentLocales":true,"reactProductionProfiling":false,"reactStrictMode":null,"reactMaxHeadersLength":6000,"httpAgentOptions":{"keepAlive":true},"logging":{"serverFunctions":true,"browserToTerminal":"warn"},"compiler":{},"expireTime":31536000,"staticPageGenerationTimeout":60,"output":"standalone","modularizeImports":{"@mui/icons-material":{"transform":"@mui/icons-material/{{member}}"},"lodash":{"transform":"lodash/{{member}}"}},"outputFileTracingRoot":"/home/runner/work/failproofai/failproofai","cacheComponents":false,"cacheLife":{"default":{"stale":300,"revalidate":900,"expire":4294967294},"seconds":{"stale":30,"revalidate":1,"expire":60},"minutes":{"stale":300,"revalidate":60,"expire":3600},"hours":{"stale":300,"revalidate":3600,"expire":86400},"days":{"stale":300,"revalidate":86400,"expire":604800},"weeks":{"stale":300,"revalidate":604800,"expire":2592000},"max":{"stale":300,"revalidate":2592000,"expire":31536000}},"cacheHandlers":{},"experimental":{"appNewScrollHandler":false,"useSkewCookie":false,"cssChunking":true,"multiZoneDraftMode":false,"appNavFailHandling":false,"prerenderEarlyExit":true,"serverMinification":true,"linkNoTouchStart":false,"caseSensitiveRoutes":false,"cachedNavigations":false,"partialFallbacks":false,"dynamicOnHover":false,"varyParams":false,"prefetchInlining":false,"preloadEntriesOnStart":true,"clientRouterFilter":true,"clientRouterFilterRedirects":false,"fetchCacheKeyPrefix":"","proxyPrefetch":"flexible","optimisticClientCache":true,"manualClientBasePath":false,"cpus":3,"memoryBasedWorkersCount":false,"imgOptConcurrency":null,"imgOptTimeoutInSeconds":7,"imgOptMaxInputPixels":268402689,"imgOptSequentialRead":null,"imgOptSkipMetadata":null,"isrFlushToDisk":true,"workerThreads":false,"optimizeCss":false,"nextScriptWorkers":false,"scrollRestoration":false,"externalDir":false,"disableOptimizedLoading":false,"gzipSize":true,"craCompat":false,"esmExternals":true,"fullySpecified":false,"swcTraceProfiling":false,"forceSwcTransforms":false,"largePageDataBytes":128000,"typedEnv":false,"parallelServerCompiles":false,"parallelServerBuildTraces":false,"ppr":false,"authInterrupts":false,"webpackMemoryOptimizations":false,"optimizeServerReact":true,"strictRouteTypes":false,"viewTransition":false,"removeUncaughtErrorAndRejectionListeners":false,"validateRSCRequestHeaders":false,"staleTimes":{"dynamic":0,"static":300},"reactDebugChannel":true,"serverComponentsHmrCache":true,"staticGenerationMaxConcurrency":8,"staticGenerationMinPagesPerWorker":25,"transitionIndicator":false,"gestureTransition":false,"inlineCss":false,"useCache":false,"globalNotFound":false,"browserDebugInfoInTerminal":"warn","lockDistDir":true,"proxyClientMaxBodySize":10485760,"hideLogsAfterAbort":false,"mcpServer":true,"turbopackFileSystemCacheForDev":true,"turbopackFileSystemCacheForBuild":false,"turbopackInferModuleSideEffects":true,"turbopackPluginRuntimeStrategy":"childProcesses","optimizePackageImports":["lucide-react","date-fns","lodash-es","ramda","antd","react-bootstrap","ahooks","@ant-design/icons","@headlessui/react","@headlessui-float/react","@heroicons/react/20/solid","@heroicons/react/24/solid","@heroicons/react/24/outline","@visx/visx","@tremor/react","rxjs","@mui/material","@mui/icons-material","recharts","react-use","effect","@effect/schema","@effect/platform","@effect/platform-node","@effect/platform-browser","@effect/platform-bun","@effect/sql","@effect/sql-mssql","@effect/sql-mysql2","@effect/sql-pg","@effect/sql-sqlite-node","@effect/sql-sqlite-bun","@effect/sql-sqlite-wasm","@effect/sql-sqlite-react-native","@effect/rpc","@effect/rpc-http","@effect/typeclass","@effect/experimental","@effect/opentelemetry","@material-ui/core","@material-ui/icons","@tabler/icons-react","mui-core","react-icons/ai","react-icons/bi","react-icons/bs","react-icons/cg","react-icons/ci","react-icons/di","react-icons/fa","react-icons/fa6","react-icons/fc","react-icons/fi","react-icons/gi","react-icons/go","react-icons/gr","react-icons/hi","react-icons/hi2","react-icons/im","react-icons/io","react-icons/io5","react-icons/lia","react-icons/lib","react-icons/lu","react-icons/md","react-icons/pi","react-icons/ri","react-icons/rx","react-icons/si","react-icons/sl","react-icons/tb","react-icons/tfi","react-icons/ti","react-icons/vsc","react-icons/wi"],"trustHostHeader":false,"isExperimentalCompile":false},"htmlLimitedBots":"[\\w-]+-Google|Google-[\\w-]+|Chrome-Lighthouse|Slurp|DuckDuckBot|baiduspider|yandex|sogou|bitlybot|tumblr|vkShare|quora link preview|redditbot|ia_archiver|Bingbot|BingPreview|applebot|facebookexternalhit|facebookcatalog|Twitterbot|LinkedInBot|Slackbot|Discordbot|WhatsApp|SkypeUriPreview|Yeti|googleweblight","bundlePagesRouterDependencies":false,"configFileName":"next.config.ts","outputFileTracingExcludes":{"*":["node_modules/@img/**","node_modules/sharp/**"]},"turbopack":{"root":"/home/runner/work/failproofai/failproofai"},"distDirRoot":".next"}
 process.env.__NEXT_PRIVATE_STANDALONE_CONFIG = JSON.stringify(nextConfig)

package/README.md CHANGED Viewed

@@ -17,7 +17,7 @@
 **Translations**: [简体中文](docs/i18n/README.zh.md) | [日本語](docs/i18n/README.ja.md) | [한국어](docs/i18n/README.ko.md) | [Español](docs/i18n/README.es.md) | [Português](docs/i18n/README.pt-br.md) | [Deutsch](docs/i18n/README.de.md) | [Français](docs/i18n/README.fr.md) | [Русский](docs/i18n/README.ru.md) | [हिन्दी](docs/i18n/README.hi.md) | [Türkçe](docs/i18n/README.tr.md) | [Tiếng Việt](docs/i18n/README.vi.md) | [Italiano](docs/i18n/README.it.md) | [العربية](docs/i18n/README.ar.md) | [עברית](docs/i18n/README.he.md)
-The easiest way to manage policies that keep your AI agents reliable, on-task, and running autonomously - for **Claude Code**, **OpenAI Codex** & the **Agents SDK**.
+The easiest way to manage policies that keep your AI agents reliable, on-task, and running autonomously - for **Claude Code**, **OpenAI Codex**, **GitHub Copilot CLI** _(beta)_, **Cursor Agent** _(beta)_, **OpenCode** _(beta)_, **Pi** _(beta)_, **Gemini CLI** _(beta)_ & the **Agents SDK**.
 <p align="center">
   <img src="failproofai-hq.gif" alt="Failproof AI in action" width="800" />
@@ -37,10 +37,44 @@ The easiest way to manage policies that keep your AI agents reliable, on-task, a
     </picture>
   </a>
   &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-  <strong>+ more coming soon</strong>
+  <a href="https://docs.github.com/en/copilot/how-tos/copilot-cli/customize-copilot/use-hooks" title="GitHub Copilot CLI">
+    <picture>
+      <source media="(prefers-color-scheme: dark)" srcset="assets/logos/copilot-dark.svg" />
+      <img src="assets/logos/copilot-light.svg" alt="GitHub Copilot" width="64" height="64" />
+    </picture>
+  </a>
+  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+  <a href="https://cursor.com/docs/hooks" title="Cursor Agent CLI">
+    <picture>
+      <source media="(prefers-color-scheme: dark)" srcset="assets/logos/cursor-dark.svg" />
+      <img src="assets/logos/cursor-light.svg" alt="Cursor Agent" width="64" height="64" />
+    </picture>
+  </a>
+</p>
+<p align="center">
+  <a href="https://opencode.ai/docs/plugins/" title="OpenCode">
+    <picture>
+      <source media="(prefers-color-scheme: dark)" srcset="assets/logos/opencode-dark.svg" />
+      <img src="assets/logos/opencode-light.svg" alt="OpenCode" width="64" height="64" />
+    </picture>
+  </a>
+  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+  <a href="https://pi.dev" title="Pi (pi-coding-agent)">
+    <picture>
+      <source media="(prefers-color-scheme: dark)" srcset="assets/logos/pi-dark.svg" />
+      <img src="assets/logos/pi-light.svg" alt="Pi" width="64" height="64" />
+    </picture>
+  </a>
+  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+  <a href="https://geminicli.com/" title="Gemini CLI">
+    <picture>
+      <source media="(prefers-color-scheme: dark)" srcset="assets/logos/gemini-dark.svg" />
+      <img src="assets/logos/gemini-light.svg" alt="Gemini CLI" width="64" height="64" />
+    </picture>
+  </a>
 </p>
-> Install hooks for one or both: `failproofai policies --install --cli codex` (or `--cli claude codex`). Omit `--cli` to auto-detect installed CLIs and prompt.
+> Install hooks for one or any combination: `failproofai policies --install --cli opencode pi gemini` (or `--cli claude codex copilot cursor opencode pi gemini`). Omit `--cli` to auto-detect installed CLIs and prompt. **GitHub Copilot CLI, Cursor Agent, OpenCode, Pi, and Gemini CLI support are in beta — testing is ongoing.**
 - **39 Built-in Policies** - Catch common agent failure modes out of the box. Block destructive commands, prevent secret leakage, keep agents inside project boundaries, detect loops, and more.
 - **Custom Policies** - Write your own reliability rules in JavaScript. Use the `allow`/`deny`/`instruct` API to enforce conventions, prevent drift, gate operations, or integrate with external systems.