pi-gitbox 0.1.0 → 0.1.2

package/README.md

@@ -8,7 +8,7 @@ A [Pi Coding Agent](https://pi.dev/) extension that automatically redirects giti
 
 After enabling gitbox, verify that impersonations are working correctly:
 
-1. **Check impersonated files** — Open `~/.pi/agent/gitbox/<project>/` and confirm that gitignored files appear as empty placeholders (or `{}` for `.json` files).
+1. **Check impersonated files** — Open `~/.pi/agent/gitbox/<project>/` and confirm that gitignored files contain a single space (or `{}` for `.json` files).
 2. **Test with a local model** — Ask the agent to read a known-secret file. It should report the file as empty (or `{}` if JSON), confirming the impersonation is active.
 
 ## Features
@@ -113,13 +113,14 @@ Set `bypassPaths: true` to skip this check entirely.
 
 ## How It Works
 
-1. **Session Start** — On `session_start`, the extension verifies that `git` is available and checks if the current directory is a git repository
+1. **Session Start** — On `session_start`, the extension checks whether the current directory is a git repository with `git` available
 2. **Gitignored Path Detection** — Uses git-specific commands to discover all gitignored files and directories
-3. **Gitbox Creation** — Creates a private directory at `~/.pi/agent/gitbox/<project-name>` and mirrors gitignored paths into it: files get placeholder content (`{}` for `.json` and ` ` (empty space) for others)
+3. **Gitbox Creation** — If the directory is a git repository, creates a private directory at `~/.pi/agent/gitbox/<project-name>` and mirrors gitignored paths into it: files get placeholder content (`{}` for `.json` and ` ` (empty space) for others)
 4. **Path Mapping** — Builds a mapper from original absolute paths to their impersonated counterparts
 5. **Event Interception** — On every `tool_call` event:
    - **Bash commands** — Extracts paths from the command using `shell-quote`, checks directory restrictions, then rewrites paths to their impersonated versions
    - **Path-based tools** (read, edit, write, find, grep, ls) — Checks directory restrictions, then resolves the path to its impersonated equivalent
+   - **Dynamic fallback** — If a path wasn't detected during initialization, the extension performs a real-time `git check-ignore` lookup and creates the impersonation on the fly
 6. **Status Bar** — Updates the status bar with the current gitbox state (enabled, available, not required, or unavailable)
 7. **Session Shutdown** — Optionally removes the gitbox directory if `deleteOnExit` is enabled
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pi-gitbox",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Pi extension that impersonates gitignored paths to reduce secrets exposure.",
   "keywords": [
     "pi",
@@ -32,7 +32,7 @@
     "@earendil-works/pi-tui": "*"
   },
   "devDependencies": {
-    "@types/node": "^25.9.3",
+    "@types/node": "^26.0.0",
     "@types/shell-quote": "^1.7.5",
     "prettier-plugin-organize-imports": "^4.3.0"
   },

package/src/commands.ts

@@ -100,8 +100,8 @@ export class CommandManager {
     const key: string = Object.values(Options).find((o) => o === id)!;
     await settings.setConfig({ [key]: newValue === "on" });
 
-    // Update the status bar with the new status
-    await this.gitbox.setStatus(ctx);
+    // Re-initialize to pick up the new configuration
+    await this.gitbox.initialize(ctx);
   }
 
   /**

package/src/compat.ts

@@ -0,0 +1,46 @@
+import { homedir } from "node:os";
+import { posix, resolve, sep } from "node:path";
+
+/**
+ * Standardized path separator
+ */
+export const PATH_SEP = "/";
+
+/**
+ * Standardizes the path, even if represents the home directory
+ *
+ * @param path The path to normalize
+ * @returns A normalized path
+ */
+export const normalizePath = (path: string): string => {
+  return path
+    .split(sep)
+    .join(PATH_SEP)
+    .replace(/^~\//g, homedir() + PATH_SEP);
+};
+
+/**
+ * Joins paths in a Win32/POSIX compatible way
+ *
+ * @param paths Paths to join/merge
+ * @returns A merged path
+ */
+export const joinPaths = (...paths: string[]): string => {
+  const merged = posix.join(...paths);
+  const response = normalizePath(merged);
+
+  return response;
+};
+
+/**
+ * Resolves paths in a Win32/POSIX compatible way
+ *
+ * @param paths Paths to resolve
+ * @returns A resolved path
+ */
+export const resolvePaths = (...paths: string[]): string => {
+  const resolved = resolve(...paths);
+  const response = normalizePath(resolved);
+
+  return response;
+};

package/src/detector.ts

@@ -1,16 +1,16 @@
 import { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { execSync } from "child_process";
 import { access } from "fs/promises";
-import { homedir } from "node:os";
-import { resolve, sep } from "node:path";
+import { sep } from "node:path";
+import { normalizePath, PATH_SEP, resolvePaths } from "./compat";
 
-export class Detector {
+export const Detector = new (class {
   /**
    * Determines if the user has `git` as a usable command
    *
    * @returns True if git exists
    */
-  static isGitAvailable(): boolean {
+  isGitAvailable(): boolean {
     try {
       execSync("git -v", { stdio: "pipe" });
       return true;
@@ -23,7 +23,7 @@ export class Detector {
    * Determines if the current working directory is a git repository
    * @returns True if it's a git repo
    */
-  static isGitProject(): boolean {
+  isGitProject(): boolean {
     try {
       execSync("git rev-parse --is-inside-work-tree", { stdio: "pipe" });
       return true;
@@ -37,10 +37,9 @@ export class Detector {
    *
    * @returns Relative paths for files
    */
-  static getGitignoredFiles = () => {
-    const paths = Detector.getGitignoredPaths();
-
-    return paths.filter((path) => !path.endsWith("/"));
+  getGitignoredFiles = () => {
+    const paths = this.getGitignoredPaths();
+    return paths.filter((path) => !this.isDirectory(path));
   };
 
   /**
@@ -48,10 +47,9 @@ export class Detector {
    *
    * @returns Relative paths for directories
    */
-  static getGitignoredDirectories = () => {
+  getGitignoredDirectories = () => {
     const paths = this.getGitignoredPaths();
-
-    return paths.filter((path) => path.endsWith("/"));
+    return paths.filter(this.isDirectory);
   };
 
   /**
@@ -60,7 +58,7 @@ export class Detector {
    *
    * @returns Array of git-ignored paths (relative to repo root)
    */
-  private static getGitignoredPaths(): string[] {
+  getGitignoredPaths(): string[] {
     try {
       const command =
         "git ls-files --directory --no-empty-directory --others --ignored --exclude-standard";
@@ -85,7 +83,7 @@ export class Detector {
    * @param path The path to check
    * @returns True if path exists
    */
-  static async pathExists(path: string): Promise<boolean> {
+  async pathExists(path: string): Promise<boolean> {
     try {
       await access(path);
       return true;
@@ -103,29 +101,59 @@ export class Detector {
    * @param ctx The extension context
    * @returns True if the path is within at least one allowed directory
    */
-  static isPathAllowed(
-    dirs: string[],
-    path: string,
-    ctx: ExtensionContext,
-  ): boolean {
+  isPathAllowed(dirs: string[], path: string, ctx: ExtensionContext): boolean {
     // Expand ~ to home directory before resolving
-    const normalizedPath = Detector.normalizePath(path);
-    const absPath = resolve(ctx.cwd, normalizedPath);
+    const normalizedPath = normalizePath(path);
+    const absPath = resolvePaths(ctx.cwd, normalizedPath);
     const absDirs = dirs.map((dir) =>
-      resolve(ctx.cwd, Detector.normalizePath(dir)),
+      resolvePaths(ctx.cwd, normalizePath(dir)),
     );
 
-    return absDirs.some(
-      (dir) => absPath === dir || absPath.startsWith(dir + sep),
+    const response = absDirs.some(
+      (dir) => absPath === dir || absPath.startsWith(dir + PATH_SEP),
     );
+
+    return response;
+  }
+
+  /**
+   * Dynamically checks if a path is gitignored
+   *
+   * E.g.: If the `.gitignore` is
+   *
+   * ```
+   * .vscode/*
+   * !.vscode/launch.json
+   * ```
+   *
+   * Then,
+   * .vscode/launch.json should be preserved
+   * .vscode/tasks.json should be gitignored
+   *
+   * @param path The path to check
+   * @returns True if it should be gitignored
+   */
+  dynamicCheck(path: string): boolean {
+    try {
+      const command = `git check-ignore ${path}`;
+      execSync(command, {
+        encoding: "utf-8",
+        stdio: ["pipe", "pipe", "ignore"],
+      });
+
+      return true;
+    } catch {
+      return false;
+    }
   }
 
   /**
-   * Normalizes the path when it comes with a tilde (representing HOME)
-   * @param path The path
-   * @returns A normalized path
+   * Checks if a path is a directory.
+   *
+   * @param path The path to check (will be resolved relative to cwd)
+   * @returns True if the path is a directory
    */
-  private static normalizePath(path: string): string {
-    return path.replace(/^~\//g, homedir() + sep);
+  isDirectory(path: string): boolean {
+    return path.endsWith(PATH_SEP) || path.endsWith(sep);
   }
-}
+})();

package/src/gitbox.ts

@@ -18,14 +18,14 @@ export class Gitbox {
   async initialize(ctx: ExtensionContext) {
     await this.verifySettings(ctx);
 
-    if (!Detector.isGitAvailable()) {
-      await this.setStatus(ctx);
-      return;
+    // Only create the gitbox folder if it makes sense
+    const status = await this.getStatus();
+    if (status === Status.AVAILABLE || status === Status.ENABLED) {
+      await this.impersonator.initialize(ctx);
+      await this.getOrCreate(ctx);
     }
 
-    await this.impersonator.initialize(ctx);
-    await this.getOrCreate(ctx);
-    await this.setStatus(ctx);
+    await Renderer.setStatus(ctx, status);
   }
 
   async shutdown(ctx: ExtensionContext) {
@@ -161,20 +161,9 @@ export class Gitbox {
     if (!Detector.isGitAvailable()) return Status.UNAVAILABLE;
     if (!Detector.isGitProject()) return Status.NOT_REQUIRED;
 
-    const paths = Detector.getGitignoredFiles();
+    const paths = Detector.getGitignoredPaths();
     if (paths.length === 0) return Status.AVAILABLE;
 
     return Status.ENABLED;
   }
-
-  /**
-   * Sets the current status in the status bar.
-   * No-op if the settings prevent it.
-   *
-   * @param ctx The extension context
-   */
-  async setStatus(ctx: ExtensionContext) {
-    const status = await this.getStatus();
-    await Renderer.setStatus(ctx, status);
-  }
 }

package/src/impersonator.ts

@@ -1,7 +1,8 @@
 import { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { mkdir, writeFile } from "node:fs/promises";
-import { basename, dirname, join, relative, resolve } from "node:path";
+import { basename, dirname, relative } from "node:path";
 import { parse } from "shell-quote";
+import { joinPaths, resolvePaths } from "./compat";
 import { Detector } from "./detector";
 import { settings } from "./settings";
 
@@ -29,11 +30,11 @@ export class Impersonator {
    */
   private async initializeDirectories(baseDir: string, ctx: ExtensionContext) {
     const gitignoredDirectories = Detector.getGitignoredDirectories();
-    const projectDir = join(baseDir, basename(ctx.cwd));
+    const projectDir = joinPaths(baseDir, basename(ctx.cwd));
 
     for (const path of gitignoredDirectories) {
       const impersonation = await this.createDirectory(path, projectDir, ctx);
-      const absPath = resolve(ctx.cwd, path);
+      const absPath = resolvePaths(ctx.cwd, path);
 
       if (impersonation) {
         this.mapper[absPath] = impersonation;
@@ -49,11 +50,11 @@ export class Impersonator {
    */
   private async initializeFiles(baseDir: string, ctx: ExtensionContext) {
     const gitignoredFiles = Detector.getGitignoredFiles();
-    const projectDir = join(baseDir, basename(ctx.cwd));
+    const projectDir = joinPaths(baseDir, basename(ctx.cwd));
 
     for (const path of gitignoredFiles) {
       const impersonation = await this.createFile(path, projectDir, ctx);
-      const absPath = resolve(ctx.cwd, path);
+      const absPath = resolvePaths(ctx.cwd, path);
 
       if (impersonation) {
         this.mapper[absPath] = impersonation;
@@ -75,7 +76,7 @@ export class Impersonator {
     ctx: ExtensionContext,
   ): Promise<string> {
     // Setup the gitbox for the project
-    const impersonatingPath = resolve(parentDir, relativePath);
+    const impersonatingPath = resolvePaths(parentDir, relativePath);
 
     // Create directory if it doesn't exist
     if (!(await Detector.pathExists(impersonatingPath))) {
@@ -110,13 +111,13 @@ export class Impersonator {
     const content = relativePath.endsWith(".json") ? "{}" : " ";
 
     // Setup the gitbox for the project
-    const impersonatingPath = resolve(parentDir, relativePath);
+    const impersonatingPath = resolvePaths(parentDir, relativePath);
 
     // Create file if it doesn't exist
     if (!(await Detector.pathExists(impersonatingPath))) {
       try {
         // Ensure parent directories exist first
-        const parentDir = resolve(dirname(impersonatingPath));
+        const parentDir = resolvePaths(dirname(impersonatingPath));
         await mkdir(parentDir, { recursive: true });
 
         await writeFile(impersonatingPath, content);
@@ -173,27 +174,31 @@ export class Impersonator {
    * @returns The impersonated path, if available
    */
   async resolvePath(path: string, ctx: ExtensionContext): Promise<string> {
-    // Path could be a file
-    const absPath = resolve(ctx.cwd, path);
+    // Path could be a file/dir
+    const absPath = resolvePaths(ctx.cwd, path);
     if (this.mapper[absPath]) return this.mapper[absPath];
 
-    // Part of the path could be in the mapper too
-    // E.g.: `.vscode/launch.json` when only `.vscode/` is gitignored)
-    const dirPath = dirname(absPath);
+    // Dynamic checking => Not yet in the mapper
+    // We'll need to create the path on-the-fly
+    if (Detector.dynamicCheck(absPath)) {
+      const { config } = await settings.getConfig();
 
-    for (const [source, target] of Object.entries(this.mapper)) {
-      if (dirPath.includes(source)) {
-        // We've found a gitignored `source`
-        // Let's shoehorn it as the candidate
-        const candidateDir = dirPath.replace(source, target);
-        const baseName = basename(absPath);
+      const relPath = relative(ctx.cwd, path);
+      const projectDir = joinPaths(config.baseDir, basename(ctx.cwd));
 
-        // If the file was not in the mapper, we'll need to create it on-the-fly here
-        const response = await this.createFile(baseName, candidateDir, ctx);
-        this.mapper[absPath] = response;
-
-        return response;
+      if (await Detector.isDirectory(relPath)) {
+        // E.g.: `.vscode/myfolder/` when only `.vscode/` is gitignored)
+        this.mapper[absPath] = await this.createDirectory(
+          relPath,
+          projectDir,
+          ctx,
+        );
+      } else {
+        // E.g.: `.vscode/launch.json` when only `.vscode/` is gitignored)
+        this.mapper[absPath] = await this.createFile(relPath, projectDir, ctx);
       }
+
+      return this.mapper[absPath];
     }
 
     // Couldn't find anything to impersonate, return the original path