my-pi 0.1.19 → 0.1.21

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "my-pi",
-  "version": "0.1.19",
+  "version": "0.1.21",
   "description": "Composable pi coding agent with MCP, LSP, prompt presets, and local eval telemetry",
   "keywords": [
     "cli",
@@ -9,7 +9,6 @@
     "lsp",
     "mcp",
     "pi",
-    "pi-package",
     "sqlite",
     "telemetry"
   ],
@@ -44,18 +43,19 @@
     "@mariozechner/pi-tui": "^0.70.6",
     "citty": "^0.2.2",
     "typebox": "^1.1.34",
-    "@spences10/pi-lsp": "0.0.6",
-    "@spences10/pi-confirm-destructive": "0.0.5",
-    "@spences10/pi-mcp": "0.0.7",
-    "@spences10/pi-recall": "0.0.3",
-    "@spences10/pi-nopeek": "0.0.3",
+    "@spences10/pi-lsp": "0.0.7",
     "@spences10/pi-child-env": "0.1.1",
+    "@spences10/pi-nopeek": "0.0.3",
+    "@spences10/pi-confirm-destructive": "0.0.5",
+    "@spences10/pi-mcp": "0.0.8",
     "@spences10/pi-omnisearch": "0.0.3",
+    "@spences10/pi-project-trust": "0.0.2",
+    "@spences10/pi-recall": "0.0.3",
     "@spences10/pi-redact": "0.0.3",
     "@spences10/pi-skills": "0.0.4",
+    "@spences10/pi-team-mode": "0.0.5",
     "@spences10/pi-sqlite-tools": "0.0.3",
-    "@spences10/pi-telemetry": "0.0.3",
-    "@spences10/pi-team-mode": "0.0.3"
+    "@spences10/pi-telemetry": "0.0.3"
   },
   "devDependencies": {
     "@changesets/cli": "^2.31.0",
@@ -66,11 +66,6 @@
   "engines": {
     "node": ">=22.0.0"
   },
-  "pi": {
-    "themes": [
-      "./themes"
-    ]
-  },
   "scripts": {
     "build": "pnpm --filter \"./packages/*\" run build && vp pack",
     "dev": "vp pack --watch",

package/src/extensions/hooks-resolution/index.test.ts

@@ -272,6 +272,42 @@ describe('hooks-resolution extension', () => {
 		warn.mockRestore();
 	});
 
+	it('loads untrusted hook config once when env allows it', async () => {
+		const previous = process.env.MY_PI_HOOKS_CONFIG;
+		process.env.MY_PI_HOOKS_CONFIG = 'allow';
+		try {
+			const dir = create_temp_dir();
+			mkdirSync(join(dir, '.git'));
+			mkdirSync(join(dir, '.pi'));
+			writeFileSync(
+				join(dir, '.pi', 'hooks.json'),
+				JSON.stringify({
+					hooks: {
+						PostToolUse: [{ command: 'echo allowed' }],
+					},
+				}),
+			);
+			const { pi, events } = create_test_pi();
+			const load_hooks_impl = vi
+				.fn<(cwd: string) => HookState>()
+				.mockReturnValue({ project_dir: dir, hooks: [] });
+
+			await create_hooks_resolution_extension({
+				load_hooks: load_hooks_impl,
+			})(pi);
+
+			const start = events.get('session_start');
+			const { ctx } = create_context({ cwd: dir, hasUI: false });
+			await start({}, ctx);
+
+			expect(load_hooks_impl).toHaveBeenCalledWith(dir);
+		} finally {
+			if (previous === undefined)
+				delete process.env.MY_PI_HOOKS_CONFIG;
+			else process.env.MY_PI_HOOKS_CONFIG = previous;
+		}
+	});
+
 	it('runs matching hooks once per unique command and notifies on success', async () => {
 		const { pi, events } = create_test_pi();
 		const run_command_hook = vi

package/src/extensions/hooks-resolution/index.ts

@@ -6,14 +6,18 @@ import type {
 	ExtensionFactory,
 	ToolResultEvent,
 } from '@mariozechner/pi-coding-agent';
+import {
+	resolve_project_trust,
+	type ProjectTrustSubject,
+} from '@spences10/pi-project-trust';
 import { spawn } from 'node:child_process';
 import { createHash } from 'node:crypto';
 import { existsSync, readFileSync, statSync } from 'node:fs';
 import { basename, dirname, join, resolve } from 'node:path';
 import { create_child_process_env } from './env.js';
 import {
+	default_hooks_trust_store_path,
 	is_hooks_config_trusted,
-	trust_hooks_config,
 } from './trust.js';
 
 const HOOK_TIMEOUT_MS = 10 * 60 * 1000;
@@ -526,24 +530,9 @@ export function hook_name(command: string): string {
 	return basename(first_token);
 }
 
-type HooksConfigDecision = 'allow' | 'trust' | 'skip';
-
-function normalize_hooks_config_decision(
-	value: string | undefined,
-): HooksConfigDecision | undefined {
-	const normalized = value?.trim().toLowerCase();
-	if (!normalized) return undefined;
-	if (['1', 'true', 'yes', 'allow'].includes(normalized)) {
-		return 'allow';
-	}
-	if (normalized === 'trust') return 'trust';
-	if (['0', 'false', 'no', 'skip', 'disable'].includes(normalized)) {
-		return 'skip';
-	}
-	return undefined;
-}
-
-function format_hooks_config_prompt(info: HooksConfigInfo): string {
+function create_hooks_trust_subject(
+	info: HooksConfigInfo,
+): ProjectTrustSubject {
 	const source_lines = info.sources.map((source) => `- ${source}`);
 	const hook_lines =
 		info.hooks.length === 0
@@ -554,15 +543,27 @@ function format_hooks_config_prompt(info: HooksConfigInfo): string {
 						: '';
 					return `- ${hook.event_name}${matcher}: ${hook.command}`;
 				});
-	return [
-		'Project hook config can execute shell commands after tool use. Trust these hooks?',
-		`Project: ${info.project_dir}`,
-		`SHA-256: ${info.hash}`,
-		'Sources:',
-		...source_lines,
-		'Commands:',
-		...hook_lines,
-	].join('\n');
+	return {
+		kind: 'hooks-config',
+		id: info.project_dir,
+		store_key: info.project_dir,
+		hash: info.hash,
+		env_key: HOOKS_CONFIG_ENV,
+		prompt_title:
+			'Project hook config can execute shell commands after tool use. Trust these hooks?',
+		summary_lines: [
+			'Sources:',
+			...source_lines,
+			'Commands:',
+			...hook_lines,
+		],
+		choices: {
+			allow_once: 'Allow once for this session',
+			trust: 'Trust this repo until hook config changes',
+			skip: 'Skip project hooks',
+		},
+		headless_warning: `Skipping untrusted hook config in ${info.project_dir}. Set ${HOOKS_CONFIG_ENV}=allow to enable hooks for this run.`,
+	};
 }
 
 async function should_load_hooks_config(
@@ -574,36 +575,27 @@ async function should_load_hooks_config(
 	if (is_hooks_config_trusted(info.project_dir, info.hash))
 		return true;
 
-	const env_decision = normalize_hooks_config_decision(
-		process.env[HOOKS_CONFIG_ENV],
+	const decision = await resolve_project_trust(
+		create_hooks_trust_subject(info),
+		{
+			has_ui: ctx?.hasUI,
+			select: ctx?.hasUI
+				? async (
+						message: string,
+						choices: string[],
+					): Promise<string> => {
+						const selected = await ctx.ui.select(message, choices);
+						return selected ?? '';
+					}
+				: undefined,
+			env: process.env,
+			trust_store_path: default_hooks_trust_store_path(),
+		},
 	);
-	if (env_decision === 'trust') {
-		trust_hooks_config(info.project_dir, info.hash);
-		return true;
-	}
-	if (env_decision === 'allow') return true;
-	if (env_decision === 'skip') return false;
-
-	if (!ctx?.hasUI) {
-		console.warn(
-			`Skipping untrusted hook config in ${info.project_dir}. Set ${HOOKS_CONFIG_ENV}=allow to enable hooks for this run.`,
-		);
-		return false;
-	}
-
-	const choice = await ctx.ui.select(
-		format_hooks_config_prompt(info),
-		[
-			'Allow once for this session',
-			'Trust this repo until hook config changes',
-			'Skip project hooks',
-		],
+	return (
+		decision.action === 'allow-once' ||
+		decision.action === 'trust-persisted'
 	);
-	if (choice === 'Trust this repo until hook config changes') {
-		trust_hooks_config(info.project_dir, info.hash);
-		return true;
-	}
-	return choice === 'Allow once for this session';
 }
 
 export interface HooksResolutionOptions {

package/src/extensions/hooks-resolution/trust.ts

@@ -1,32 +1,52 @@
 import {
-	existsSync,
-	mkdirSync,
-	readFileSync,
-	writeFileSync,
-} from 'node:fs';
+	is_project_subject_trusted,
+	read_project_trust_store,
+	trust_project_subject,
+	type ProjectTrustSubject,
+} from '@spences10/pi-project-trust';
 import { homedir } from 'node:os';
-import { dirname, join } from 'node:path';
+import { join } from 'node:path';
 
-interface TrustedHooksEntry {
-	project_dir: string;
-	hash: string;
-	trusted_at: string;
-}
-
-type TrustedHooks = Record<string, TrustedHooksEntry>;
+const HOOKS_CONFIG_ENV = 'MY_PI_HOOKS_CONFIG';
 
 export function default_hooks_trust_store_path(): string {
 	return join(homedir(), '.pi', 'agent', 'trusted-hooks.json');
 }
 
+export function create_hooks_config_trust_subject(
+	project_dir: string,
+	hash: string,
+): ProjectTrustSubject {
+	return {
+		kind: 'hooks-config',
+		id: project_dir,
+		store_key: project_dir,
+		hash,
+		env_key: HOOKS_CONFIG_ENV,
+		prompt_title:
+			'Project hook config can execute shell commands after tool use. Trust these hooks?',
+	};
+}
+
 export function is_hooks_config_trusted(
 	project_dir: string,
 	hash: string,
 	trust_store_path = default_hooks_trust_store_path(),
 ): boolean {
-	const trusted_hooks = read_trusted_hooks(trust_store_path);
-	const entry = trusted_hooks[project_dir];
-	return entry?.hash === hash;
+	const subject = create_hooks_config_trust_subject(
+		project_dir,
+		hash,
+	);
+	if (is_project_subject_trusted(subject, trust_store_path))
+		return true;
+
+	const legacy_entry = read_project_trust_store(trust_store_path)[
+		project_dir
+	] as { project_dir?: unknown; hash?: unknown } | undefined;
+	return (
+		legacy_entry?.project_dir === project_dir &&
+		legacy_entry.hash === hash
+	);
 }
 
 export function trust_hooks_config(
@@ -34,30 +54,8 @@ export function trust_hooks_config(
 	hash: string,
 	trust_store_path = default_hooks_trust_store_path(),
 ): void {
-	const trusted_hooks = read_trusted_hooks(trust_store_path);
-	trusted_hooks[project_dir] = {
-		project_dir,
-		hash,
-		trusted_at: new Date().toISOString(),
-	};
-	mkdirSync(dirname(trust_store_path), { recursive: true });
-	writeFileSync(
+	trust_project_subject(
+		create_hooks_config_trust_subject(project_dir, hash),
 		trust_store_path,
-		JSON.stringify(trusted_hooks, null, '\t') + '\n',
-		{
-			encoding: 'utf8',
-			mode: 0o600,
-		},
 	);
 }
-
-function read_trusted_hooks(trust_store_path: string): TrustedHooks {
-	if (!existsSync(trust_store_path)) return {};
-	try {
-		const raw = readFileSync(trust_store_path, 'utf-8');
-		const parsed = JSON.parse(raw) as TrustedHooks;
-		return parsed && typeof parsed === 'object' ? parsed : {};
-	} catch {
-		return {};
-	}
-}