pi-enclave 0.0.1

package/package.json

@@ -0,0 +1,53 @@
+{
+  "name": "pi-enclave",
+  "version": "0.0.1",
+  "description": "VM-isolated sandbox for pi with automatic secret protection · from yapp",
+  "author": "mgabor3141",
+  "license": "MIT",
+  "repository": {
+    "url": "git+https://github.com/mgabor3141/yapp.git",
+    "directory": "packages/enclave"
+  },
+  "keywords": [
+    "pi-package",
+    "pi-extension",
+    "yapp"
+  ],
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "files": [
+    "dist",
+    "templates",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsup"
+  },
+  "pi": {
+    "extensions": [
+      "dist/index.js"
+    ]
+  },
+  "dependencies": {
+    "@earendil-works/gondolin": "^0.6.0",
+    "graphql": "^16.13.1",
+    "smol-toml": "^1.6.0",
+    "valibot": "^1.2.0"
+  },
+  "peerDependencies": {
+    "@mariozechner/pi-coding-agent": "*"
+  },
+  "devDependencies": {
+    "@mariozechner/pi-coding-agent": "^0.57.0",
+    "@types/node": "^25.3.5",
+    "tsup": "^8.5.1",
+    "typescript": "^5.9.3"
+  }
+}

package/templates/pi-enclave.d/git.toml

@@ -0,0 +1,7 @@
+# Git support for pi-enclave
+packages = ["git"]
+setup = """
+git config --global safe.directory '*'
+git config --global user.name "$USER_NAME"
+git config --global user.email "$USER_EMAIL"
+"""

package/templates/pi-enclave.d/github.toml

@@ -0,0 +1,41 @@
+# GitHub service policy for pi-enclave
+# Drop-in file: delete this file to disable GitHub integration.
+
+packages = ["github-cli"]
+
+# Secret: how to get the token, where the proxy injects it
+[secrets.GH_TOKEN]
+command = "gh auth token"
+hosts = ["api.github.com", "github.com", "*.githubusercontent.com"]
+
+# Git: how git authenticates over HTTPS
+[[git-credentials]]
+host = "github.com"
+username = "x-access-token"
+secret = "GH_TOKEN"
+
+# github.com: git smart HTTP protocol.
+# Fetch/clone use POST /git-upload-pack (read), push uses POST /git-receive-pack (write).
+[hosts."github.com"]
+unmatched = "prompt"
+allow.GET = ["/**"]
+allow.POST = ["/**/git-upload-pack"]
+
+# GitHub API: allow reads, prompt for writes.
+# pi-enclave parses GraphQL request bodies and checks actual field
+# names (not the client-controlled operation name).
+[hosts."api.github.com"]
+unmatched = "prompt"
+allow.GET = ["/**"]
+
+[hosts."api.github.com".graphql]
+endpoint = "/graphql"
+allow.query = ["*"]
+allow.mutation = [
+  "createPullRequest",
+  "createIssue",
+  "addComment",
+  "addPullRequestReview",
+  "updatePullRequest",
+  "updateIssue",
+]

package/templates/pi-enclave.d/jj.toml

@@ -0,0 +1,11 @@
+# Jujutsu (jj) support for pi-enclave
+# For jj workspaces, add a mount for the parent .jj directory in your
+# project config:
+#
+# [[mounts]]
+# path = "~/dev/myproject/.jj"
+packages = ["jujutsu"]
+setup = """
+jj config set --user user.name "$USER_NAME"
+jj config set --user user.email "$USER_EMAIL"
+"""

package/templates/pi-enclave.toml

@@ -0,0 +1,22 @@
+# pi-enclave global configuration
+# See: https://github.com/mgabor3141/yapp/tree/main/packages/enclave
+
+# Default for projects without their own .pi/enclave.toml:
+# enabled = false
+
+# Base packages (drop-in files in pi-enclave.d/ add more):
+packages = ["curl", "jq"]
+
+# Environment variables available in the VM and setup scripts.
+# Values can be static strings, host commands, or host env vars.
+[env]
+USER_NAME = { command = "git config --global user.name" }
+USER_EMAIL = { command = "git config --global user.email" }
+
+# Service policies live in pi-enclave.d/ as drop-in files.
+# See pi-enclave.d/ for examples.
+
+# Additional secrets:
+# [secrets.OPENAI_API_KEY]
+# env = "OPENAI_API_KEY"
+# hosts = ["api.openai.com"]

package/templates/project.toml

@@ -0,0 +1,7 @@
+# pi-enclave: run tools in an isolated VM
+# Protects API keys and isolates file access.
+enabled = true
+
+# Mount additional directories in the VM (supports ~):
+# [[mounts]]
+# path = "~/dev/myproject/.jj"