pi-file-permissions 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -0
- package/extensions/pi-file-permissions.ts +1 -0
- package/package.json +5 -1
package/README.md
CHANGED
|
@@ -29,6 +29,10 @@ By default, all enabled tools have unrestricted access to the filesystem. This e
|
|
|
29
29
|
|
|
30
30
|
This extension is designed to do one simple thing: **restrict which paths the LLM's tools can access**. If you don't provide a `file-permissions.yaml` in your project root, nothing happens — pi runs completely normally.
|
|
31
31
|
|
|
32
|
+
### Why This Matters
|
|
33
|
+
|
|
34
|
+
Pi's LLM often aggressively searches for files — sometimes scanning from `$HOME` or traversing large directory trees — which can be slow and wasteful. More importantly, when building **focused agents** or **multi-agent systems**, setting clear boundaries on which files each agent can access is critical. You want to define exactly which paths are read-only, which are editable, and which are completely off-limits. This prevents agents from stepping on each other's work and keeps each agent scoped to its responsibility.
|
|
35
|
+
|
|
32
36
|
Permission control is enforced at three levels:
|
|
33
37
|
|
|
34
38
|
### 1. System Prompt
|
|
@@ -265,6 +265,7 @@ function buildSystemPromptNotice(rules: PermissionRules): string {
|
|
|
265
265
|
"",
|
|
266
266
|
"Everything in the current project folder and ~/.pi is always accessible.",
|
|
267
267
|
"Everything else is denied.",
|
|
268
|
+
"When searching for a file, you MUST search ALL domains that have find permission, not just some of them. Do not skip a domain just because it lacks read or write permission.",
|
|
268
269
|
"If a tool reports a permission restriction, NEVER try a workaround via bash, alternate tools, broader parent directories, globbing, or search/discovery commands.",
|
|
269
270
|
"Stop immediately and report the limitation instead.",
|
|
270
271
|
].join("\n");
|
package/package.json
CHANGED
|
@@ -1,9 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "pi-file-permissions",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.2",
|
|
4
4
|
"description": "Pi extension that enforces file-level permissions via a YAML config. Controls which paths each tool (read, write, edit, find, grep, ls) can access.",
|
|
5
5
|
"keywords": ["pi-package"],
|
|
6
6
|
"license": "MIT",
|
|
7
|
+
"repository": {
|
|
8
|
+
"type": "git",
|
|
9
|
+
"url": "https://github.com/ross-jill-ws/pi-file-permissions"
|
|
10
|
+
},
|
|
7
11
|
"pi": {
|
|
8
12
|
"extensions": ["./extensions"]
|
|
9
13
|
},
|