pi-mono-all 1.2.5 → 1.2.6

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # pi-mono-all
 
+## 1.2.6
+
+### Patch Changes
+
+- Bundle `pi-mono-sentinel@1.13.0` with smarter path-access prompts, session-scoped grants, and exact multi-file grants.
+
 ## 1.2.5
 
 ### Patch Changes

package/node_modules/pi-mono-sentinel/CHANGELOG.md

@@ -1,5 +1,15 @@
 # pi-mono-sentinel
 
+## 1.13.0
+
+### Minor Changes
+
+### Enhanced: path-access grants
+
+- Added smarter path-access prompts that distinguish existing files, new files, directories, and multiple same-folder file targets.
+- Added session-only permission grants for `write` / `edit`, including recursive directory grants that reset with the session.
+- Added exact multi-file grants for bash commands that reference several outside-project files in the same directory.
+
 ## 1.12.0
 
 ### Changed

package/node_modules/pi-mono-sentinel/__tests__/path-access.test.ts

@@ -10,6 +10,7 @@ import {
 	directoryGrantFor,
 	isInsideCwd,
 	isPathAllowed,
+	pathAccessGrantsForChoice,
 	pathAccessGrantForChoice,
 	toStoragePath,
 } from "../path-access.ts";
@@ -78,4 +79,24 @@ describe("path-access helpers", () => {
 			rmSync(cwd, { recursive: true, force: true });
 		}
 	});
+
+	test("derives grants for multiple exact files", () => {
+		assert.deepEqual(
+			pathAccessGrantsForChoice("allow_files_session", ["/tmp/a/one.txt", "/tmp/a/two.txt"], CWD),
+			[
+				{
+					grant: "/tmp/a/one.txt",
+					broadCheckPath: "/tmp/a/one.txt",
+					scope: "memory",
+					directory: false,
+				},
+				{
+					grant: "/tmp/a/two.txt",
+					broadCheckPath: "/tmp/a/two.txt",
+					scope: "memory",
+					directory: false,
+				},
+			],
+		);
+	});
 });

package/node_modules/pi-mono-sentinel/__tests__/whitelist.test.ts

@@ -50,6 +50,17 @@ describe("SentinelSession whitelist", () => {
 		assert.equal(session.isWhitelisted("/persisted/path"), true);
 	});
 
+	test("session directory grants are recursive and reset-scoped", () => {
+		const session = new SentinelSession();
+		session.addToSessionWhitelist("/tmp/sentinel-session-dir/");
+		assert.equal(session.isWhitelisted("/tmp/sentinel-session-dir/file.md"), true);
+		assert.equal(session.isWhitelisted("/tmp/sentinel-session-dir/nested/file.md"), true);
+		assert.equal(session.isWhitelisted("/tmp/sentinel-session-dir-sibling/file.md"), false);
+
+		session.reset();
+		assert.equal(session.isWhitelisted("/tmp/sentinel-session-dir/file.md"), false);
+	});
+
 	test("read whitelist is separate from permission whitelist", () => {
 		const session = new SentinelSession();
 		session.addToReadWhitelist("/safe/example-doc.md");

package/node_modules/pi-mono-sentinel/guards/path-access.ts

@@ -1,12 +1,14 @@
 import type { ExtensionAPI } from "@earendil-works/pi-coding-agent";
 import { isToolCallEventType } from "@earendil-works/pi-coding-agent";
+import { existsSync, statSync } from "node:fs";
+import { dirname } from "node:path";
 
 import { configLoader, type ResolvedSentinelConfig } from "../config.js";
 import { blockToolCall } from "../events.js";
 import {
 	checkPathAccess,
 	isTooBroadGrant,
-	pathAccessGrantForChoice,
+	pathAccessGrantsForChoice,
 } from "../path-access.js";
 import { extractBashPathCandidates } from "../patterns/bash-paths.js";
 import { resolveTargetPath } from "../patterns/permissions.js";
@@ -14,19 +16,63 @@ import { resolveTargetPath } from "../patterns/permissions.js";
 type GrantChoice =
 	| "allow_once"
 	| "allow_file_session"
+	| "allow_files_session"
 	| "allow_directory_session"
 	| "allow_file_always"
+	| "allow_files_always"
 	| "allow_directory_always"
 	| "deny";
 
-const CHOICES: Array<{ value: GrantChoice; label: string }> = [
-	{ value: "allow_once", label: "Allow once" },
-	{ value: "allow_file_session", label: "Allow file this session" },
-	{ value: "allow_directory_session", label: "Allow directory this session" },
-	{ value: "allow_file_always", label: "Allow file always" },
-	{ value: "allow_directory_always", label: "Allow directory always" },
-	{ value: "deny", label: "Deny" },
-];
+type PathPromptKind = "existing_file" | "new_file" | "directory" | "multiple_files";
+
+function choicesForPathPrompt(kind: PathPromptKind): Array<{ value: GrantChoice; label: string }> {
+	switch (kind) {
+		case "new_file":
+			return [
+				{ value: "allow_once", label: "Allow once" },
+				{ value: "allow_directory_session", label: "Allow creating files in this folder for this session" },
+				{ value: "allow_directory_always", label: "Always allow creating files in this folder" },
+				{ value: "deny", label: "Deny" },
+			];
+		case "directory":
+			return [
+				{ value: "allow_once", label: "Allow once" },
+				{ value: "allow_directory_session", label: "Allow this folder for this session" },
+				{ value: "allow_directory_always", label: "Always allow this folder" },
+				{ value: "deny", label: "Deny" },
+			];
+		case "multiple_files":
+			return [
+				{ value: "allow_once", label: "Allow once" },
+				{ value: "allow_files_session", label: "Allow these files for this session" },
+				{ value: "allow_files_always", label: "Always allow these files" },
+				{ value: "deny", label: "Deny" },
+			];
+		case "existing_file":
+		default:
+			return [
+				{ value: "allow_once", label: "Allow once" },
+				{ value: "allow_file_session", label: "Allow this file for this session" },
+				{ value: "allow_file_always", label: "Always allow this file" },
+				{ value: "deny", label: "Deny" },
+			];
+	}
+}
+
+function promptKindForPath(absolutePath: string, toolName: string): PathPromptKind {
+	try {
+		if (existsSync(absolutePath) && statSync(absolutePath).isDirectory()) return "directory";
+	} catch {
+		// Fall through to operation-based classification.
+	}
+	return toolName === "write" && !existsSync(absolutePath) ? "new_file" : "existing_file";
+}
+
+function allInSameDirectory(paths: readonly string[]): boolean {
+	if (paths.length < 2) return false;
+	const first = dirname(paths[0]);
+	return paths.every((path) => dirname(path) === first);
+}
 
 const MAX_BASH_PATH_CANDIDATES = 50;
 const TOOL_PATH_NORMALIZERS = {
@@ -42,38 +88,63 @@ export function registerPathAccess(pi: ExtensionAPI): void {
 		toolName: string,
 		input: Record<string, unknown>,
 		ctx: { cwd: string; hasUI: boolean; ui: { select?: (title: string, options: string[]) => Promise<string | undefined> } },
+	): Promise<{ block: true; reason: string } | undefined> {
+		return guardPaths(config, [absolutePath], toolName, input, ctx);
+	}
+
+	async function guardPaths(
+		config: ResolvedSentinelConfig,
+		absolutePaths: readonly string[],
+		toolName: string,
+		input: Record<string, unknown>,
+		ctx: { cwd: string; hasUI: boolean; ui: { select?: (title: string, options: string[]) => Promise<string | undefined> } },
 	): Promise<{ block: true; reason: string } | undefined> {
 		if (!config.features.pathAccess || config.pathAccess.mode === "allow") return;
 
-		const check = checkPathAccess(absolutePath, ctx.cwd, config.pathAccess.allowedPaths);
-		if (check.allowed) return;
+		const denied = absolutePaths
+			.map((absolutePath) => checkPathAccess(absolutePath, ctx.cwd, config.pathAccess.allowedPaths))
+			.filter((check) => !check.allowed) as Array<{ allowed: false; absolutePath: string; reason: string }>;
+		if (denied.length === 0) return;
 
-		const reason = check.reason;
+		const deniedPaths = denied.map((check) => check.absolutePath);
+		const reason = denied.length === 1
+			? denied[0].reason
+			: `Paths are outside the current working directory: ${deniedPaths.join(", ")}`;
 		if (config.pathAccess.mode === "block" || !ctx.hasUI) {
 			return blockToolCall(pi, { feature: "pathAccess", toolName, input, reason }, `[sentinel] ${reason}`);
 		}
 
+		const promptKind = deniedPaths.length > 1 && allInSameDirectory(deniedPaths)
+			? "multiple_files"
+			: promptKindForPath(deniedPaths[0], toolName);
+		const choices = choicesForPathPrompt(promptKind);
+		const pathLines = deniedPaths.length === 1
+			? [`Path: ${deniedPaths[0]}`]
+			: ["Paths:", ...deniedPaths.map((path) => `  - ${path}`)];
+
 		const selectedLabel = await ctx.ui.select?.(
 			[
 				"[sentinel] Path access outside current project",
 				`Tool: ${toolName}`,
-				`Path: ${absolutePath}`,
+				...pathLines,
 				`Project: ${ctx.cwd}`,
 				"",
 				"Allow access?",
 			].join("\n"),
-			CHOICES.map((choice) => choice.label),
+			choices.map((choice) => choice.label),
 		);
-		const choice = CHOICES.find((item) => item.label === selectedLabel)?.value ?? "deny";
+		const choice = choices.find((item) => item.label === selectedLabel)?.value ?? "deny";
 
 		if (choice === "allow_once") return;
 
-		const grant = pathAccessGrantForChoice(choice, absolutePath, ctx.cwd);
-		if (grant) {
-			if (isTooBroadGrant(grant.broadCheckPath)) {
-				return { block: true, reason: `[sentinel] Refusing overly broad ${grant.directory ? "directory" : "path"} grant.` };
+		const grants = pathAccessGrantsForChoice(choice, deniedPaths, ctx.cwd);
+		if (grants.length > 0) {
+			for (const grant of grants) {
+				if (isTooBroadGrant(grant.broadCheckPath)) {
+					return { block: true, reason: `[sentinel] Refusing overly broad ${grant.directory ? "directory" : "path"} grant.` };
+				}
+				configLoader.addAllowedPath(grant.scope, grant.grant);
 			}
-			configLoader.addAllowedPath(grant.scope, grant.grant);
 			return;
 		}
 
@@ -94,8 +165,18 @@ export function registerPathAccess(pi: ExtensionAPI): void {
 		const command = event.input.command ?? "";
 		const config = configLoader.getConfig();
 		const candidates = extractBashPathCandidates(command, ctx.cwd).slice(0, MAX_BASH_PATH_CANDIDATES);
+		const pendingByDirectory = new Map<string, string[]>();
 		for (const absolutePath of candidates) {
-			const result = await guardPath(config, absolutePath, "bash", event.input, ctx);
+			const check = checkPathAccess(absolutePath, ctx.cwd, config.pathAccess.allowedPaths);
+			if (check.allowed) continue;
+			const paths = pendingByDirectory.get(dirname(absolutePath)) ?? [];
+			paths.push(absolutePath);
+			pendingByDirectory.set(dirname(absolutePath), paths);
+		}
+		for (const paths of pendingByDirectory.values()) {
+			const result = paths.length > 1
+				? await guardPaths(config, paths, "bash", event.input, ctx)
+				: await guardPath(config, paths[0], "bash", event.input, ctx);
 			if (result) return result;
 		}
 	});

package/node_modules/pi-mono-sentinel/guards/permission-gate.ts

@@ -18,9 +18,11 @@ import type {
 	ExtensionContext,
 } from "@earendil-works/pi-coding-agent";
 import { isToolCallEventType } from "@earendil-works/pi-coding-agent";
+import { existsSync, statSync } from "node:fs";
 
 import { configLoader } from "../config.js";
 import { blockToolCall, emitDangerous } from "../events.js";
+import { directoryGrantFor, toStoragePath } from "../path-access.js";
 import type { SentinelSession } from "../session.js";
 import {
 	BASH_RISK_DESCRIPTIONS,
@@ -100,6 +102,43 @@ function registerBashGate(pi: ExtensionAPI): void {
 // Write / edit gating
 // ---------------------------------------------------------------------------
 
+type PathGateChoice = "allow_once" | "allow_session" | "allow_always" | "deny";
+
+function pathGateChoices(absolutePath: string, toolName: "write" | "edit"): Array<{ value: PathGateChoice; label: string; directoryGrant: boolean }> {
+	let isDirectory = false;
+	try {
+		isDirectory = existsSync(absolutePath) && statSync(absolutePath).isDirectory();
+	} catch {
+		isDirectory = false;
+	}
+	const isNewFile = toolName === "write" && !existsSync(absolutePath);
+
+	if (isNewFile) {
+		return [
+			{ value: "allow_once", label: "Allow once", directoryGrant: false },
+			{ value: "allow_session", label: "Allow creating files in this folder for this session", directoryGrant: true },
+			{ value: "allow_always", label: "Always allow creating files in this folder", directoryGrant: true },
+			{ value: "deny", label: "Deny", directoryGrant: false },
+		];
+	}
+
+	if (isDirectory) {
+		return [
+			{ value: "allow_once", label: "Allow once", directoryGrant: false },
+			{ value: "allow_session", label: "Allow this folder for this session", directoryGrant: true },
+			{ value: "allow_always", label: "Always allow this folder", directoryGrant: true },
+			{ value: "deny", label: "Deny", directoryGrant: false },
+		];
+	}
+
+	return [
+		{ value: "allow_once", label: "Allow once", directoryGrant: false },
+		{ value: "allow_session", label: "Allow this file for this session", directoryGrant: false },
+		{ value: "allow_always", label: "Always allow this file", directoryGrant: false },
+		{ value: "deny", label: "Deny", directoryGrant: false },
+	];
+}
+
 function registerPathGate(pi: ExtensionAPI, session: SentinelSession): void {
 	const handler = async (
 		rawPath: string | undefined,
@@ -132,18 +171,18 @@ function registerPathGate(pi: ExtensionAPI, session: SentinelSession): void {
 		].join("\n");
 
 		if (ctx.hasUI) {
-			const choice = await ctx.ui.select(title, [
-				"Allow once",
-				"Always allow this path",
-				"Deny",
-			]);
+			const choices = pathGateChoices(absolute, toolName);
+			const selectedLabel = await ctx.ui.select(title, choices.map((choice) => choice.label));
+			const choice = choices.find((item) => item.label === selectedLabel);
 
-			if (choice === "Allow once") {
+			if (choice?.value === "allow_once") {
 				return;
 			}
 
-			if (choice === "Always allow this path") {
-				session.addToWhitelist(absolute);
+			if (choice?.value === "allow_session" || choice?.value === "allow_always") {
+				const grant = choice.directoryGrant ? directoryGrantFor(absolute) : toStoragePath(absolute);
+				if (choice.value === "allow_session") session.addToSessionWhitelist(grant);
+				else session.addToWhitelist(grant);
 				return;
 			}
 

package/node_modules/pi-mono-sentinel/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pi-mono-sentinel",
-  "version": "1.12.0",
+  "version": "1.13.0",
   "description": "Pi extension that guards against content-based secret leaks and indirect script execution",
   "keywords": [
     "pi-package",

package/node_modules/pi-mono-sentinel/path-access.ts

@@ -33,6 +33,24 @@ export function pathAccessGrantForChoice(choice: string, absolutePath: string, c
 	};
 }
 
+export function pathAccessGrantsForChoice(choice: string, absolutePaths: readonly string[], cwd: string): Array<{ grant: string; broadCheckPath: string; scope: "memory" | "local"; directory: boolean }> {
+	if (absolutePaths.length === 0) return [];
+	const match = /^allow_(file|directory|files)_(session|always)$/.exec(choice);
+	if (!match) return [];
+
+	if (match[1] === "files") {
+		return absolutePaths.map((absolutePath) => ({
+			grant: toStoragePath(absolutePath),
+			broadCheckPath: absolutePath,
+			scope: match[2] === "always" ? "local" : "memory",
+			directory: false,
+		}));
+	}
+
+	const grant = pathAccessGrantForChoice(choice, absolutePaths[0], cwd);
+	return grant ? [grant] : [];
+}
+
 export function isTooBroadGrant(absolutePath: string): boolean {
 	const normalized = normalize(absolutePath).replace(/[\\/]+$/, "");
 	return normalized === "/" || normalized === homedir();

package/node_modules/pi-mono-sentinel/session.ts

@@ -1,5 +1,6 @@
 import type { ScanResult, WriteEntry } from "./types.js";
 import { configLoader } from "./config.js";
+import { isPathAllowed } from "./path-access.js";
 import {
 	loadReadWhitelist,
 	loadWhitelist,
@@ -27,6 +28,9 @@ export class SentinelSession {
 	/** Persistent whitelist of paths the user chose to remember. */
 	private whitelist = loadWhitelist();
 
+	/** Session-only whitelist of paths the user allowed until reset. */
+	private sessionWhitelist = new Set<string>();
+
 	/** Persistent whitelist of read paths that are safe despite secret matches. */
 	private readWhitelist = loadReadWhitelist();
 
@@ -34,6 +38,7 @@ export class SentinelSession {
 	reset(): void {
 		this.writeRegistry.clear();
 		this.scanCache.clear();
+		this.sessionWhitelist.clear();
 		// whitelist is intentionally NOT cleared here so it persists across sessions
 	}
 
@@ -77,11 +82,18 @@ export class SentinelSession {
 	// -- Whitelist (permission-gate persistence) -------------------------------
 
 	isWhitelisted(absolutePath: string): boolean {
-		return this.whitelist.has(absolutePath);
+		return (
+			isPathAllowed(absolutePath, [...this.sessionWhitelist], process.cwd()) ||
+			isPathAllowed(absolutePath, [...this.whitelist], process.cwd())
+		);
+	}
+
+	addToSessionWhitelist(pathGrant: string): void {
+		this.sessionWhitelist.add(pathGrant);
 	}
 
-	addToWhitelist(absolutePath: string): void {
-		this.whitelist.add(absolutePath);
+	addToWhitelist(pathGrant: string): void {
+		this.whitelist.add(pathGrant);
 		saveWhitelist(this.whitelist);
 	}
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pi-mono-all",
-  "version": "1.2.5",
+  "version": "1.2.6",
   "description": "All pi-mono extensions and bundled skills",
   "type": "module",
   "keywords": [
@@ -9,24 +9,24 @@
     "pi-skill"
   ],
   "dependencies": {
-    "pi-mono-auto-fix": "0.3.1",
     "pi-mono-ask-user-question": "1.7.4",
+    "pi-mono-auto-fix": "0.3.1",
     "pi-mono-btw": "1.7.4",
     "pi-mono-clear": "1.7.3",
     "pi-mono-context": "0.1.1",
-    "pi-mono-context-guard": "1.7.3",
     "pi-mono-figma": "0.2.2",
-    "pi-common": "0.1.1",
-    "pi-mono-linear": "0.2.4",
+    "pi-mono-context-guard": "1.7.3",
     "pi-mono-loop": "1.7.3",
+    "pi-mono-multi-edit": "1.7.3",
+    "pi-mono-linear": "0.2.4",
     "pi-mono-simplify": "1.7.3",
-    "pi-mono-status-line": "1.7.3",
-    "pi-mono-sentinel": "1.12.0",
-    "pi-mono-review": "1.8.2",
+    "pi-mono-sentinel": "1.13.0",
     "pi-mono-team-mode": "2.3.2",
     "pi-mono-usage": "0.1.1",
     "pi-mono-web-search": "0.1.0",
-    "pi-mono-multi-edit": "1.7.3"
+    "pi-mono-review": "1.8.2",
+    "pi-common": "0.1.1",
+    "pi-mono-status-line": "1.7.3"
   },
   "bundledDependencies": [
     "pi-mono-ask-user-question",