pi-gitbox 0.1.1 → 0.2.0

package/README.md

@@ -8,18 +8,21 @@ A [Pi Coding Agent](https://pi.dev/) extension that automatically redirects giti
 
 After enabling gitbox, verify that impersonations are working correctly:
 
-1. **Check impersonated files** — Open `~/.pi/agent/gitbox/<project>/` and confirm that gitignored files appear as empty placeholders (or `{}` for `.json` files).
+1. **Check impersonated files** — Open `~/.pi/agent/gitbox/<project>/` and confirm that gitignored files contain a single space (or `{}` for `.json` files).
 2. **Test with a local model** — Ask the agent to read a known-secret file. It should report the file as empty (or `{}` if JSON), confirming the impersonation is active.
 
 ## Features
 
-- **Gitignored file impersonation** — gitignored files and directories are automatically mirrored into a private gitbox directory
+- **Gitignored file impersonation** — gitignored files are automatically mirrored into a private gitbox directory
+- **Directory impersonation** — gitignored directories can also be mirrored (opt-in)
 - **Command & path interception** — bash commands and file operations (read, edit, write, find, grep, ls) are internally redirected to the impersonated paths
 - **Directory access control** — restricts agent access to allowed directories by default; prompts for approval when accessing paths outside the allowed list
 - **Configurable directory bypass** — optionally disable directory restrictions
 - **Status bar indicators** — color-coded status showing whether the gitbox is enabled, available, not required, unavailable or bypassed
 - **Auto cleanup** — optionally delete the gitbox when the session exits
 
+> **Note on directory impersonation:** By default, only gitignored files are impersonated. Enabling `impersonateDirs` also mirrors directories into the gitbox. This is useful when you want the agent to operate on the project without disrupting your current folders — for example, a Node project with `node_modules/` ignored by git can be used from the working directory (when `impersonateDirs: false`), or can be recreated to be available in the gitbox instead (when `impersonateDirs: true`).
+
 ## Status Bar
 
 The status bar displays `📦 Gitbox:` followed by the current status:
@@ -58,6 +61,7 @@ You can customize Gitbox options via the interactive menu (`/gitbox`) for common
     "baseDir": "~/.pi/agent/gitbox",
     "statusBar": true,
     "deleteOnExit": false,
+    "impersonateDirs": false,
     "bypassGitbox": false,
     "bypassPaths": false,
     "allowedPaths": []
@@ -67,24 +71,25 @@ You can customize Gitbox options via the interactive menu (`/gitbox`) for common
 
 ### Configuration Options
 
-| Option         | Type     | Default              | Description                               |
-| -------------- | -------- | -------------------- | ----------------------------------------- |
-| `baseDir`      | string   | `~/.pi/agent/gitbox` | Base directory where gitboxes are created |
-| `statusBar`    | boolean  | `true`               | Show gitbox status in the status bar      |
-| `deleteOnExit` | boolean  | `false`              | Delete the gitbox when the session exits  |
-| `bypassGitbox` | boolean  | `false`              | Skip impersonation of gitignored paths    |
-| `bypassPaths`  | boolean  | `false`              | Bypass path access restrictions entirely  |
-| `allowedPaths` | string[] | `[]`                 | Additional paths to allow access to       |
+| Option            | Type     | Default              | Description                               |
+| ----------------- | -------- | -------------------- | ----------------------------------------- |
+| `baseDir`         | string   | `~/.pi/agent/gitbox` | Base directory where gitboxes are created |
+| `statusBar`       | boolean  | `true`               | Show gitbox status in the status bar      |
+| `deleteOnExit`    | boolean  | `false`              | Delete the gitbox when the session exits  |
+| `impersonateDirs` | boolean  | `false`              | Also impersonate gitignored directories   |
+| `bypassGitbox`    | boolean  | `false`              | Skip impersonation of gitignored paths    |
+| `bypassPaths`     | boolean  | `false`              | Bypass path access restrictions entirely  |
+| `allowedPaths`    | string[] | `[]`                 | Additional paths to allow access to       |
 
-> **Note:** The interactive menu (`/gitbox`) exposes `statusBar`, `deleteOnExit`, `bypassGitbox`, and `bypassPaths`. The remaining options (`baseDir`, `allowedPaths`) must be configured directly in `settings.json`.
+> **Note:** The interactive menu (`/gitbox`) only exposes boolean keys. The remaining options (`baseDir`, `allowedPaths`) must be configured directly in `settings.json`.
 
 ### Directory Access
 
 By default, the extension allows access to:
 
 - The current working directory (`process.cwd()`)
-- The Pi agent directory (`~/.pi/agent`)
-- The extension package directory
+- The Pi agent directory (`~/.pi/agent/`)
+- The Pi package directory (`<...>/@earendil-works/pi-coding-agent`)
 - `/dev/null`
 
 If the agent attempts to access a path outside these allowed directories, a confirmation dialog appears:
@@ -115,11 +120,12 @@ Set `bypassPaths: true` to skip this check entirely.
 
 1. **Session Start** — On `session_start`, the extension checks whether the current directory is a git repository with `git` available
 2. **Gitignored Path Detection** — Uses git-specific commands to discover all gitignored files and directories
-3. **Gitbox Creation** — If the directory is a git repository, creates a private directory at `~/.pi/agent/gitbox/<project-name>` and mirrors gitignored paths into it: files get placeholder content (`{}` for `.json` and ` ` (empty space) for others)
+3. **Gitbox Creation** — If the directory is a git repository, creates a private directory at `~/.pi/agent/gitbox/<project-name>` and mirrors gitignored files into it (files get placeholder content (`{}` for `.json` and ` ` (empty space) for others)). With `impersonateDirs: true`, gitignored directories are also mirrored.
 4. **Path Mapping** — Builds a mapper from original absolute paths to their impersonated counterparts
 5. **Event Interception** — On every `tool_call` event:
    - **Bash commands** — Extracts paths from the command using `shell-quote`, checks directory restrictions, then rewrites paths to their impersonated versions
    - **Path-based tools** (read, edit, write, find, grep, ls) — Checks directory restrictions, then resolves the path to its impersonated equivalent
+   - **Dynamic fallback** — For paths within gitignored directories that weren't explicitly detected during initialization (e.g., nested files inside an ignored directory), the extension performs a real-time `git check-ignore` lookup and creates the impersonation on the fly. Files are explicitly detected during initialization, so this fallback is primarily useful for directories
 6. **Status Bar** — Updates the status bar with the current gitbox state (enabled, available, not required, or unavailable)
 7. **Session Shutdown** — Optionally removes the gitbox directory if `deleteOnExit` is enabled
 

package/index.ts

@@ -9,7 +9,7 @@ import { BASE_ALLOWED_PATHS } from "./src/defaults";
 import { Detector } from "./src/detector";
 import { Gitbox } from "./src/gitbox";
 import { Impersonator } from "./src/impersonator";
-import { askUserOrBlock } from "./src/prompts";
+import { askUserOrBlock, checkPathsAccess } from "./src/prompts";
 import { settings } from "./src/settings";
 
 export default async (pi: ExtensionAPI) => {
@@ -37,7 +37,6 @@ export default async (pi: ExtensionAPI) => {
 
   pi.on("tool_call", async (event: ToolCallEvent, ctx: ExtensionContext) => {
     const { config } = await settings.getConfig();
-
     const resolvedDirs = [...BASE_ALLOWED_PATHS, ...config.allowedPaths];
 
     if (gitbox.isBashEvent(event)) {
@@ -46,13 +45,8 @@ export default async (pi: ExtensionAPI) => {
       // First, scan if we can even access the paths
       if (!config.bypassPaths) {
         const paths = await impersonator.extractFromCommand(command);
-
-        for (const path of paths) {
-          if (Detector.isPathAllowed(resolvedDirs, path, ctx)) continue;
-
-          const response = await askUserOrBlock(ctx, path);
-          if (response.block) return response;
-        }
+        const blocked = await checkPathsAccess(paths, resolvedDirs, ctx);
+        if (blocked) return blocked;
       }
 
       // Then, impersonate the command
@@ -62,11 +56,12 @@ export default async (pi: ExtensionAPI) => {
       const { path } = event.input as { path: string };
 
       // First, scan if we can even access the paths
-      if (!config.bypassPaths) {
-        if (!Detector.isPathAllowed(resolvedDirs, path, ctx)) {
-          const response = await askUserOrBlock(ctx, path);
-          if (response.block) return response;
-        }
+      if (
+        !config.bypassPaths &&
+        !Detector.isPathAllowed(resolvedDirs, path, ctx)
+      ) {
+        const response = await askUserOrBlock(ctx, path);
+        if (response.block) return response;
       }
 
       // Then, impersonate the path

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pi-gitbox",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "description": "Pi extension that impersonates gitignored paths to reduce secrets exposure.",
   "keywords": [
     "pi",
@@ -22,6 +22,9 @@
       "./index.ts"
     ]
   },
+  "scripts": {
+    "test": "vitest run"
+  },
   "prettier": {
     "plugins": [
       "prettier-plugin-organize-imports"
@@ -32,11 +35,12 @@
     "@earendil-works/pi-tui": "*"
   },
   "devDependencies": {
-    "@types/node": "^26.0.0",
+    "@types/node": "^26.0.1",
     "@types/shell-quote": "^1.7.5",
-    "prettier-plugin-organize-imports": "^4.3.0"
+    "prettier-plugin-organize-imports": "^4.3.0",
+    "vitest": "^4.1.9"
   },
   "dependencies": {
-    "shell-quote": "^1.8.4"
+    "shell-quote": "^1.9.0"
   }
 }

package/src/commands.ts

@@ -15,6 +15,7 @@ import { settings } from "./settings";
 enum Options {
   STATUS_BAR = "statusBar",
   DELETE_ON_EXIT = "deleteOnExit",
+  IMPERSONATE_DIRS = "impersonateDirs",
   BYPASS_GITBOX = "bypassGitbox",
   BYPASS_PATHS = "bypassPaths",
 }
@@ -72,10 +73,14 @@ export class CommandManager {
    * @param ctx The extension context
    */
   private async runGitboxPaths(ctx: ExtensionCommandContext): Promise<void> {
-    const mapper = this.gitbox.getMapper(ctx);
+    const fileMapper = this.gitbox.getFileMapper(ctx);
+    const dirMapper = this.gitbox.getDirMapper(ctx);
 
-    const lines = Object.entries(mapper)
-      .map(([source, target]) => `  ${source} -> ${target}`)
+    const lines = Object.entries({ ...fileMapper, ...dirMapper })
+      .map(([source, target]) => {
+        const icon = source in dirMapper ? "📁" : "📄";
+        return `  ${icon} ${source} -> ${target}`;
+      })
       .join("\n");
 
     const content = lines
@@ -148,6 +153,13 @@ export class CommandManager {
         currentValue: config.deleteOnExit ? "on" : "off",
         values: ["on", "off"],
       },
+      {
+        id: Options.IMPERSONATE_DIRS,
+        label: "Impersonate directories",
+        description: "Also impersonate gitignored directories",
+        currentValue: config.impersonateDirs ? "on" : "off",
+        values: ["on", "off"],
+      },
       {
         id: Options.BYPASS_GITBOX,
         label: "Bypass impersonation",

package/src/compat.ts

@@ -0,0 +1,46 @@
+import { homedir } from "node:os";
+import { posix, resolve, sep } from "node:path";
+
+/**
+ * Standardized path separator
+ */
+export const PATH_SEP = "/";
+
+/**
+ * Standardizes the path, even if represents the home directory
+ *
+ * @param path The path to normalize
+ * @returns A normalized path
+ */
+export const normalizePath = (path: string): string => {
+  return path
+    .split(sep)
+    .join(PATH_SEP)
+    .replace(/^~\//g, homedir() + PATH_SEP);
+};
+
+/**
+ * Joins paths in a Win32/POSIX compatible way
+ *
+ * @param paths Paths to join/merge
+ * @returns A merged path
+ */
+export const joinPaths = (...paths: string[]): string => {
+  const merged = posix.join(...paths);
+  const response = normalizePath(merged);
+
+  return response;
+};
+
+/**
+ * Resolves paths in a Win32/POSIX compatible way
+ *
+ * @param paths Paths to resolve
+ * @returns A resolved path
+ */
+export const resolvePaths = (...paths: string[]): string => {
+  const resolved = resolve(...paths);
+  const response = normalizePath(resolved);
+
+  return response;
+};

package/src/config-types.ts

@@ -6,7 +6,10 @@ export interface GitboxConfig {
   baseDir: string;
   statusBar: boolean;
   deleteOnExit: boolean;
+  // Impersonation
+  impersonateDirs: boolean;
   bypassGitbox: boolean;
+  // Permissions
   bypassPaths: boolean;
   allowedPaths: string[];
 }

package/src/defaults.ts

@@ -21,6 +21,16 @@ export const GITBOX_STATUSBAR = true;
  */
 export const DELETE_ON_EXIT = false;
 
+/**
+ * Whether to also impersonate gitignored directories
+ */
+export const IMPERSONATE_DIRS = false;
+
+/**
+ * Whether to bypass impersonation entirely
+ */
+export const BYPASS_GITBOX = false;
+
 /**
  * Default paths that are always allowed.
  */
@@ -48,8 +58,3 @@ export const ALLOWED_PATHS: string[] = [];
  * Whether to bypass path restrictions
  */
 export const BYPASS_PATHS = false;
-
-/**
- * Whether to bypass impersonation entirely
- */
-export const BYPASS_GITBOX = false;

package/src/detector.ts

@@ -1,16 +1,16 @@
 import { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { execSync } from "child_process";
+import { statSync } from "fs";
 import { access } from "fs/promises";
-import { homedir } from "node:os";
-import { resolve, sep } from "node:path";
+import { normalizePath, PATH_SEP, resolvePaths } from "./compat";
 
-export class Detector {
+export const Detector = new (class {
   /**
    * Determines if the user has `git` as a usable command
    *
    * @returns True if git exists
    */
-  static isGitAvailable(): boolean {
+  isGitAvailable(): boolean {
     try {
       execSync("git -v", { stdio: "pipe" });
       return true;
@@ -23,7 +23,7 @@ export class Detector {
    * Determines if the current working directory is a git repository
    * @returns True if it's a git repo
    */
-  static isGitProject(): boolean {
+  isGitProject(): boolean {
     try {
       execSync("git rev-parse --is-inside-work-tree", { stdio: "pipe" });
       return true;
@@ -37,10 +37,9 @@ export class Detector {
    *
    * @returns Relative paths for files
    */
-  static getGitignoredFiles = () => {
-    const paths = Detector.getGitignoredPaths();
-
-    return paths.filter((path) => !path.endsWith("/"));
+  getGitignoredFiles = () => {
+    const paths = this.getGitignoredPaths();
+    return paths.filter((path) => !this.isDirectory(path));
   };
 
   /**
@@ -48,10 +47,9 @@ export class Detector {
    *
    * @returns Relative paths for directories
    */
-  static getGitignoredDirectories = () => {
+  getGitignoredDirectories = () => {
     const paths = this.getGitignoredPaths();
-
-    return paths.filter((path) => path.endsWith("/"));
+    return paths.filter(this.isDirectory);
   };
 
   /**
@@ -60,7 +58,7 @@ export class Detector {
    *
    * @returns Array of git-ignored paths (relative to repo root)
    */
-  private static getGitignoredPaths(): string[] {
+  getGitignoredPaths(): string[] {
     try {
       const command =
         "git ls-files --directory --no-empty-directory --others --ignored --exclude-standard";
@@ -85,7 +83,7 @@ export class Detector {
    * @param path The path to check
    * @returns True if path exists
    */
-  static async pathExists(path: string): Promise<boolean> {
+  async pathExists(path: string): Promise<boolean> {
     try {
       await access(path);
       return true;
@@ -103,29 +101,64 @@ export class Detector {
    * @param ctx The extension context
    * @returns True if the path is within at least one allowed directory
    */
-  static isPathAllowed(
-    dirs: string[],
-    path: string,
-    ctx: ExtensionContext,
-  ): boolean {
+  isPathAllowed(dirs: string[], path: string, ctx: ExtensionContext): boolean {
     // Expand ~ to home directory before resolving
-    const normalizedPath = Detector.normalizePath(path);
-    const absPath = resolve(ctx.cwd, normalizedPath);
+    const normalizedPath = normalizePath(path);
+    const absPath = resolvePaths(ctx.cwd, normalizedPath);
     const absDirs = dirs.map((dir) =>
-      resolve(ctx.cwd, Detector.normalizePath(dir)),
+      resolvePaths(ctx.cwd, normalizePath(dir)),
     );
 
-    return absDirs.some(
-      (dir) => absPath === dir || absPath.startsWith(dir + sep),
+    const response = absDirs.some(
+      (dir) => absPath === dir || absPath.startsWith(dir + PATH_SEP),
     );
+
+    return response;
+  }
+
+  /**
+   * Dynamically checks if a path is gitignored
+   *
+   * E.g.: If the `.gitignore` is
+   *
+   * ```
+   * .vscode/*
+   * !.vscode/launch.json
+   * ```
+   *
+   * Then,
+   * .vscode/launch.json should be preserved
+   * .vscode/tasks.json should be gitignored
+   *
+   * @param path The path to check
+   * @returns True if it should be gitignored
+   */
+  dynamicCheck(path: string): boolean {
+    try {
+      const command = `git check-ignore ${path}`;
+      execSync(command, {
+        encoding: "utf-8",
+        stdio: ["pipe", "pipe", "ignore"],
+      });
+
+      return true;
+    } catch {
+      return false;
+    }
   }
 
   /**
-   * Normalizes the path when it comes with a tilde (representing HOME)
-   * @param path The path
-   * @returns A normalized path
+   * Checks if a path is a directory.
+   *
+   * @param path The path to check (will be resolved relative to cwd)
+   * @returns True if the path is a directory
    */
-  private static normalizePath(path: string): string {
-    return path.replace(/^~\//g, homedir() + sep);
+  isDirectory(path: string): boolean {
+    try {
+      const absPath = resolvePaths(path);
+      return statSync(absPath).isDirectory();
+    } catch {
+      return false;
+    }
   }
-}
+})();

package/src/gitbox.ts

@@ -87,6 +87,28 @@ export class Gitbox {
     return this.impersonator.getMapper(ctx.cwd);
   }
 
+  /**
+   * Returns the file mapper from the impersonator.
+   * Delegates to impersonator instance
+   *
+   * @param ctx The extension context
+   * @returns The source -> target path mapping for files
+   */
+  getFileMapper(ctx: ExtensionContext): Record<string, string> {
+    return this.impersonator.getFileMapper(ctx.cwd);
+  }
+
+  /**
+   * Returns the directory mapper from the impersonator.
+   * Delegates to impersonator instance
+   *
+   * @param ctx The extension context
+   * @returns The source -> target path mapping for directories
+   */
+  getDirMapper(ctx: ExtensionContext): Record<string, string> {
+    return this.impersonator.getDirMapper(ctx.cwd);
+  }
+
   /**
    * Validates the configuration settings
    *
@@ -161,7 +183,7 @@ export class Gitbox {
     if (!Detector.isGitAvailable()) return Status.UNAVAILABLE;
     if (!Detector.isGitProject()) return Status.NOT_REQUIRED;
 
-    const paths = Detector.getGitignoredFiles();
+    const paths = Detector.getGitignoredPaths();
     if (paths.length === 0) return Status.AVAILABLE;
 
     return Status.ENABLED;

package/src/impersonator.ts

@@ -1,12 +1,23 @@
 import { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { mkdir, writeFile } from "node:fs/promises";
-import { basename, dirname, join, relative, resolve } from "node:path";
+import { basename, dirname, relative } from "node:path";
+import type { GlobPattern } from "shell-quote";
 import { parse } from "shell-quote";
+import { joinPaths, resolvePaths } from "./compat";
 import { Detector } from "./detector";
 import { settings } from "./settings";
 
 export class Impersonator {
-  private mapper: Record<string, string> = {};
+  private fileMapper: Record<string, string> = {};
+  private dirMapper: Record<string, string> = {};
+
+  /**
+   * Returns a combined mapper of both file and directory impersonations
+   * @returns Combined source -> target path mapping
+   */
+  get pathMapper(): Record<string, string> {
+    return { ...this.fileMapper, ...this.dirMapper };
+  }
 
   /**
    * Fills the mapper with paths that are gitignored
@@ -14,11 +25,15 @@ export class Impersonator {
    * @param ctx The extension context
    */
   async initialize(ctx: ExtensionContext): Promise<void> {
-    this.mapper = {};
+    this.fileMapper = {};
+    this.dirMapper = {};
     const { config } = await settings.getConfig();
 
-    await this.initializeDirectories(config.baseDir, ctx);
     await this.initializeFiles(config.baseDir, ctx);
+
+    if (config.impersonateDirs) {
+      await this.initializeDirectories(config.baseDir, ctx);
+    }
   }
 
   /**
@@ -29,14 +44,14 @@ export class Impersonator {
    */
   private async initializeDirectories(baseDir: string, ctx: ExtensionContext) {
     const gitignoredDirectories = Detector.getGitignoredDirectories();
-    const projectDir = join(baseDir, basename(ctx.cwd));
+    const projectDir = joinPaths(baseDir, basename(ctx.cwd));
 
     for (const path of gitignoredDirectories) {
       const impersonation = await this.createDirectory(path, projectDir, ctx);
-      const absPath = resolve(ctx.cwd, path);
+      const absPath = resolvePaths(ctx.cwd, path);
 
       if (impersonation) {
-        this.mapper[absPath] = impersonation;
+        this.dirMapper[absPath] = impersonation;
       }
     }
   }
@@ -49,14 +64,14 @@ export class Impersonator {
    */
   private async initializeFiles(baseDir: string, ctx: ExtensionContext) {
     const gitignoredFiles = Detector.getGitignoredFiles();
-    const projectDir = join(baseDir, basename(ctx.cwd));
+    const projectDir = joinPaths(baseDir, basename(ctx.cwd));
 
     for (const path of gitignoredFiles) {
       const impersonation = await this.createFile(path, projectDir, ctx);
-      const absPath = resolve(ctx.cwd, path);
+      const absPath = resolvePaths(ctx.cwd, path);
 
       if (impersonation) {
-        this.mapper[absPath] = impersonation;
+        this.fileMapper[absPath] = impersonation;
       }
     }
   }
@@ -75,7 +90,7 @@ export class Impersonator {
     ctx: ExtensionContext,
   ): Promise<string> {
     // Setup the gitbox for the project
-    const impersonatingPath = resolve(parentDir, relativePath);
+    const impersonatingPath = resolvePaths(parentDir, relativePath);
 
     // Create directory if it doesn't exist
     if (!(await Detector.pathExists(impersonatingPath))) {
@@ -110,13 +125,13 @@ export class Impersonator {
     const content = relativePath.endsWith(".json") ? "{}" : " ";
 
     // Setup the gitbox for the project
-    const impersonatingPath = resolve(parentDir, relativePath);
+    const impersonatingPath = resolvePaths(parentDir, relativePath);
 
     // Create file if it doesn't exist
     if (!(await Detector.pathExists(impersonatingPath))) {
       try {
         // Ensure parent directories exist first
-        const parentDir = resolve(dirname(impersonatingPath));
+        const parentDir = resolvePaths(dirname(impersonatingPath));
         await mkdir(parentDir, { recursive: true });
 
         await writeFile(impersonatingPath, content);
@@ -139,7 +154,39 @@ export class Impersonator {
   getMapper(baseDir: string): Record<string, string> {
     const result: Record<string, string> = {};
 
-    for (const [absSource, target] of Object.entries(this.mapper)) {
+    for (const [absSource, target] of Object.entries(this.pathMapper)) {
+      result[relative(baseDir, absSource)] = target;
+    }
+
+    return result;
+  }
+
+  /**
+   * Returns the file mapper, with sources relative to the given base directory.
+   *
+   * @param baseDir The base directory to resolve relative paths against
+   * @returns The source -> target path mapping for files
+   */
+  getFileMapper(baseDir: string): Record<string, string> {
+    const result: Record<string, string> = {};
+
+    for (const [absSource, target] of Object.entries(this.fileMapper)) {
+      result[relative(baseDir, absSource)] = target;
+    }
+
+    return result;
+  }
+
+  /**
+   * Returns the directory mapper, with sources relative to the given base directory.
+   *
+   * @param baseDir The base directory to resolve relative paths against
+   * @returns The source -> target path mapping for directories
+   */
+  getDirMapper(baseDir: string): Record<string, string> {
+    const result: Record<string, string> = {};
+
+    for (const [absSource, target] of Object.entries(this.dirMapper)) {
       result[relative(baseDir, absSource)] = target;
     }
 
@@ -173,26 +220,40 @@ export class Impersonator {
    * @returns The impersonated path, if available
    */
   async resolvePath(path: string, ctx: ExtensionContext): Promise<string> {
-    // Path could be a file
-    const absPath = resolve(ctx.cwd, path);
-    if (this.mapper[absPath]) return this.mapper[absPath];
-
-    // Part of the path could be in the mapper too
-    // E.g.: `.vscode/launch.json` when only `.vscode/` is gitignored)
-    const dirPath = dirname(absPath);
-
-    for (const [source, target] of Object.entries(this.mapper)) {
-      if (dirPath.includes(source)) {
-        // We've found a gitignored `source`
-        // Let's shoehorn it as the candidate
-        const candidateDir = dirPath.replace(source, target);
-        const baseName = basename(absPath);
-
-        // If the file was not in the mapper, we'll need to create it on-the-fly here
-        const response = await this.createFile(baseName, candidateDir, ctx);
-        this.mapper[absPath] = response;
-
-        return response;
+    const absPath = resolvePaths(ctx.cwd, path);
+
+    // Check file mapper first
+    if (this.fileMapper[absPath]) return this.fileMapper[absPath];
+
+    // Check directory mapper only if impersonateDirs is enabled
+    const { config } = await settings.getConfig();
+    if (!config.impersonateDirs) return path;
+
+    // Check existence in dirMapper
+    if (this.dirMapper[absPath]) return this.dirMapper[absPath];
+
+    // Not yet in the mapper => Dynamic checking
+    // We'll need to create the path on-the-fly
+    if (Detector.dynamicCheck(absPath)) {
+      const relPath = relative(ctx.cwd, path);
+      const projectDir = joinPaths(config.baseDir, basename(ctx.cwd));
+
+      if (Detector.isDirectory(absPath)) {
+        // E.g.: `.vscode/myfolder/` when only `.vscode/` is gitignored)
+        this.dirMapper[absPath] = await this.createDirectory(
+          relPath,
+          projectDir,
+          ctx,
+        );
+        return this.dirMapper[absPath];
+      } else {
+        // E.g.: `.vscode/launch.json` when only `.vscode/` is gitignored)
+        this.fileMapper[absPath] = await this.createFile(
+          relPath,
+          projectDir,
+          ctx,
+        );
+        return this.fileMapper[absPath];
       }
     }
 
@@ -215,7 +276,37 @@ export class Impersonator {
       .filter((token) => typeof token === "string")
       .filter(this.isPathLike);
 
-    return paths;
+    // Collect paths from glob tokens
+    // e.g.: `file dist/*` → extracts 'dist' from the glob token
+    const globPaths = tokens
+      .filter(
+        (token): token is GlobPattern =>
+          typeof token === "object" &&
+          token !== null &&
+          "op" in token &&
+          token.op === "glob",
+      )
+      .map((token) => this.stripGlobPattern(token.pattern))
+      .filter(this.isPathLike);
+
+    return [...paths, ...globPaths];
+  }
+
+  /**
+   * Strips a simple glob pattern (`*`) from a path, returning the base path.
+   *
+   * e.g.: `dist/*` → `dist`, `*` → ``, `src/file.ts` → `src/file.ts`
+   *
+   * @param value The glob pattern value from shell-quote
+   * @returns The path with the glob suffix removed, or the original if no glob
+   */
+  private stripGlobPattern(value: string): string {
+    const starIndex = value.indexOf("*");
+    if (starIndex === -1) return value;
+
+    // Strip from the last `/` before the `*` to the end
+    const lastSlash = value.lastIndexOf("/", starIndex);
+    return lastSlash === -1 ? "" : value.substring(0, lastSlash);
   }
 
   /**
@@ -234,9 +325,6 @@ export class Impersonator {
     // Command flags and options
     if (candidate.startsWith("-")) return false;
 
-    // Pure numbers (e.g., 42, 3.14, -0)
-    if (/^-?\d+(\.\d+)?$/.test(candidate)) return false;
-
     // URLs (e.g., https://example.com, ftp://...)
     if (/^[a-z]+:\/\//i.test(candidate)) return false;
 

package/src/prompts.ts

@@ -1,4 +1,5 @@
 import { ExtensionContext } from "@earendil-works/pi-coding-agent";
+import { Detector } from "./detector";
 import { settings } from "./settings";
 
 /**
@@ -19,10 +20,10 @@ enum Options {
  * @param path The path to check
  * @returns An object with `block: true` and a `reason` if blocked, or `{ block: false }` if allowed
  */
-export async function askUserOrBlock(
+export const askUserOrBlock = async (
   ctx: ExtensionContext,
   path: string,
-): Promise<{ block: boolean; reason?: string }> {
+): Promise<{ block: boolean; reason?: string }> => {
   const reason = `Path "${path}" is outside allowed directories and was denied.`;
 
   // Check if UI is available
@@ -45,4 +46,26 @@ export async function askUserOrBlock(
   }
 
   return { block: false };
-}
+};
+
+/**
+ * Checks if all paths are allowed, prompting the user if needed.
+ *
+ * @param paths Paths to check
+ * @param resolvedDirs Allowed directories
+ * @param ctx The extension context
+ * @returns The blocked response if any path was denied, or null
+ */
+export const checkPathsAccess = async (
+  paths: string[],
+  resolvedDirs: string[],
+  ctx: ExtensionContext,
+): Promise<{ block: boolean; reason?: string } | null> => {
+  for (const path of paths) {
+    if (Detector.isPathAllowed(resolvedDirs, path, ctx)) continue;
+
+    const response = await askUserOrBlock(ctx, path);
+    if (response.block) return response;
+  }
+  return null;
+};

package/src/settings.ts

@@ -9,6 +9,7 @@ import {
   DELETE_ON_EXIT,
   GITBOX_BASEDIR,
   GITBOX_STATUSBAR,
+  IMPERSONATE_DIRS,
   STATUS_KEY,
 } from "./defaults";
 
@@ -40,6 +41,7 @@ class Settings {
       baseDir: GITBOX_BASEDIR,
       statusBar: GITBOX_STATUSBAR,
       deleteOnExit: DELETE_ON_EXIT,
+      impersonateDirs: IMPERSONATE_DIRS,
       bypassGitbox: BYPASS_GITBOX,
       bypassPaths: BYPASS_PATHS,
       allowedPaths: ALLOWED_PATHS,

package/tests/impersonator.test.ts

@@ -0,0 +1,92 @@
+import { beforeEach, describe, expect, it } from "vitest";
+import { Impersonator } from "../src/impersonator";
+
+describe("Impersonator", () => {
+  let imp: Impersonator;
+
+  beforeEach(() => {
+    imp = new Impersonator();
+  });
+
+  describe("extractFromCommand", () => {
+    it("extracts paths from a simple command", async () => {
+      const result = await imp.extractFromCommand("cat file.txt");
+      expect(result).toEqual(["cat", "file.txt"]);
+    });
+
+    it("extracts paths from glob patterns", async () => {
+      const result = await imp.extractFromCommand("file dist/*");
+      expect(result).toContain("file");
+      expect(result).toContain("dist");
+    });
+
+    it("handles bare glob by excluding it", async () => {
+      const result = await imp.extractFromCommand("ls *");
+      expect(result).toEqual(["ls"]);
+    });
+
+    it("extracts paths from multiple globs", async () => {
+      const result = await imp.extractFromCommand("src/*.ts test/*.test.ts");
+      expect(result).toContain("src");
+      expect(result).toContain("test");
+    });
+
+    it("does not extract shell operators", async () => {
+      const result = await imp.extractFromCommand("cat a.txt && cat b.txt");
+      expect(result).toContain("cat");
+      expect(result).toContain("a.txt");
+      expect(result).toContain("b.txt");
+      expect(result).not.toContain("&&");
+    });
+
+    it("does not extract command flags", async () => {
+      const result = await imp.extractFromCommand("ls -la -R");
+      expect(result).toEqual(["ls"]);
+    });
+
+    it("does not extract URLs", async () => {
+      const result = await imp.extractFromCommand(
+        "curl https://example.com/file.txt",
+      );
+      expect(result).toContain("curl");
+      expect(result).not.toContain("https://example.com/file.txt");
+    });
+
+    it("does not extract environment variable assignments", async () => {
+      const result = await imp.extractFromCommand(
+        "NODE_ENV=production node app.js",
+      );
+      expect(result).toContain("node");
+      expect(result).toContain("app.js");
+      expect(result).not.toContain("NODE_ENV=production");
+    });
+
+    it("handles mixed paths and globs", async () => {
+      const result = await imp.extractFromCommand(
+        "cp src/main.ts dist/main.ts",
+      );
+      expect(result).toContain("cp");
+      expect(result).toContain("src/main.ts");
+      expect(result).toContain("dist/main.ts");
+    });
+
+    it("handles nested glob paths", async () => {
+      const result = await imp.extractFromCommand("build src/**/*");
+      expect(result).toContain("build");
+      expect(result).toContain("src");
+    });
+
+    it("handles empty command", async () => {
+      const result = await imp.extractFromCommand("");
+      expect(result).toEqual([]);
+    });
+
+    it("rejects shell reserved words", async () => {
+      const result = await imp.extractFromCommand("if true then else fi");
+      expect(result).not.toContain("true");
+      expect(result).not.toContain("then");
+      expect(result).not.toContain("else");
+      expect(result).not.toContain("fi");
+    });
+  });
+});