pi-agents-switch 0.2.4 → 0.2.5

package/frontmatter.ts

@@ -171,7 +171,6 @@ export function serializeFrontmatter(fm: AgentFrontmatter): string {
 	writeArray("tools", fm.tools);
 	writeArray("excluded_tools", fm.excluded_tools);
 
-
 	writeArray("skills", fm.skills);
 	writeArray("excluded_skills", fm.excluded_skills ?? fm.noskills);
 

package/index.ts

@@ -769,9 +769,8 @@ export default function agentsSwitch(pi: ExtensionAPI) {
 
 		// Append skills section if agent has resolved skills
 		if (currentResolved && currentResolved.skillNames.length > 0) {
-			const loadedSkills = (
-				event.systemPromptOptions as { skills?: any[] }
-			).skills;
+			const loadedSkills = (event.systemPromptOptions as { skills?: any[] })
+				.skills;
 			let selectedSkills: Array<{
 				name: string;
 				description: string;
@@ -802,12 +801,14 @@ export default function agentsSwitch(pi: ExtensionAPI) {
 		return { systemPrompt: newPrompt };
 	});
 
-	// ─── before_provider_request ────────────────────────
+	// ─── before_provider_request: enforce tool set + sanitize ─
 
 	pi.on("before_provider_request", (event) => {
-		if (!currentResolved) return;
+		if (!currentResolved || currentAgent === PI_AGENT_NAME) return;
 		const payload = event.payload as Record<string, unknown>;
 		let changed = false;
+
+		// Temperature / topP
 		if (currentResolved.temperature !== undefined) {
 			payload.temperature = currentResolved.temperature;
 			changed = true;
@@ -816,6 +817,111 @@ export default function agentsSwitch(pi: ExtensionAPI) {
 			payload.top_p = currentResolved.topP;
 			changed = true;
 		}
+
+		// ---- Sanitization: prevent other extensions from contaminating ----
+		// Other extensions (e.g. pi-lens) may override our tools and prompt
+		// in before_agent_start (last-runner-wins). We re-apply our config
+		// here as the final defence before the API call.
+
+		// 1. Filter tools — only allow resolved tools
+		const allowedTools = new Set(currentResolved.tools);
+		const rawTools = payload.tools as
+			| Array<{ function?: { name?: string } }>
+			| undefined;
+		if (rawTools && rawTools.length > 0) {
+			const before = rawTools.length;
+			payload.tools = rawTools.filter((t) =>
+				allowedTools.has(t?.function?.name ?? ""),
+			);
+			if ((payload.tools as Array<any>).length !== before) changed = true;
+		}
+
+		// 2. Clean system message — replace contaminated sections
+		const messages = payload.messages as
+			| Array<{ role: string; content: string }>
+			| undefined;
+		if (messages && messages.length > 0 && messages[0]?.role === "system") {
+			let content: string = messages[0].content;
+			const originalLen = content.length;
+
+			// Strip the "Available tools:" block (other extensions may inject their own)
+			// Format: "Available tools:\n- name: desc\n..."
+			// We replace it with our clean version.
+			const toolsMarker = "\nAvailable tools:";
+			const toolsIdx = content.indexOf(toolsMarker);
+			if (toolsIdx >= 0) {
+				// Find where the tools block ends (next section or empty line before next section)
+				const nextSection = content.indexOf(
+					"\nIn addition to the tools above",
+					toolsIdx,
+				);
+				if (nextSection >= 0) {
+					// Build clean tools list
+					if (currentResolved.tools.length === 0) {
+						content =
+							content.substring(0, toolsIdx) +
+							"\nAvailable tools:\n(none)\n" +
+							content.substring(nextSection);
+					} else {
+						// Rebuild clean tools from tool snippets if available
+						const snippets = pi.getAllTools();
+						const cleanLines = currentResolved.tools
+							.map((name) => {
+								const tool = snippets.find(
+									(t) => t.name === name,
+								);
+								return tool
+									? `- ${tool.name}: ${tool.description ?? ""}`
+									: `- ${name}`;
+							})
+							.join("\n");
+						content =
+							content.substring(0, toolsIdx) +
+							`\nAvailable tools:\n${cleanLines}\n` +
+							content.substring(nextSection);
+					}
+				}
+			}
+
+			// Strip the <available_skills> block (other extensions might add extra skills)
+			// Our before_agent_start handler manages this — any extras are contamination.
+			const skillsOpen = "\n<available_skills>";
+			const skillsIdx = content.indexOf(skillsOpen);
+			if (skillsIdx >= 0) {
+				const skillsEnd = content.indexOf("\n</available_skills>", skillsIdx);
+				if (skillsEnd >= 0) {
+					content =
+						content.substring(0, skillsIdx) +
+						content.substring(
+							skillsEnd + "\n</available_skills>".length,
+						);
+				}
+			}
+
+			// Strip "Pi documentation" block (pi-lens may re-add after our handler strips it)
+			const piDocsMarker =
+				"Pi documentation (read only when the user asks about pi itself";
+			const piDocsStart = content.indexOf(piDocsMarker);
+			if (piDocsStart >= 0) {
+				const currentDateMarker = "\nCurrent date:";
+				const currentDateStart = content.indexOf(
+					currentDateMarker,
+					piDocsStart,
+				);
+				if (currentDateStart >= 0) {
+					content =
+						content.substring(0, piDocsStart) +
+						content.substring(currentDateStart);
+				}
+			}
+
+			if (content.length !== originalLen) {
+				messages[0].content = content;
+				changed = true;
+			}
+		}
+
+		// Return payload only if we changed something (otherwise Pi uses default)
 		if (changed) return payload;
 	});
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pi-agents-switch",
-  "version": "0.2.4",
+  "version": "0.2.5",
   "description": "Tab to switch primary agents in Pi — like OpenCode's agent switching. Each agent gets an isolated profile with its own AGENTS.md, extensions, skills, and settings.",
   "type": "module",
   "pi": {

package/profile-manager.ts

@@ -480,9 +480,7 @@ export class ProfileManager {
 	private findSkillOnDisk(
 		name: string,
 	): { name: string; description: string; filePath: string } | undefined {
-		const locations = [
-			join(this.piAgentDir, "skills", name, "SKILL.md"),
-		];
+		const locations = [join(this.piAgentDir, "skills", name, "SKILL.md")];
 
 		if (this.cwd) {
 			locations.push(join(this.cwd, ".pi", "skills", name, "SKILL.md"));