npm - pi-permissions - Versions diffs - 1.0.0 - Mend

pi-permissions 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/LICENSE +21 -0
package/README.md +100 -0
package/extensions/permissions.ts +59 -0
package/package.json +46 -0

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Nico Avanzini
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,100 @@
+# pi-permissions
+A [pi](https://github.com/badlogic/pi) extension that provides configurable allow/deny permission rules for tool calls — similar to Claude's permission system.
+## Install
+```bash
+# From npm
+pi install npm:pi-permissions
+# From GitHub
+pi install https://github.com/NicoAvanzDev/pi-permissions
+# Project-local (shared with team)
+pi install -l https://github.com/NicoAvanzDev/pi-permissions
+# Try without installing
+pi -e npm:pi-permissions
+```
+## Configuration
+Create a `permissions.json` file in one of these locations:
+| Location | Scope |
+|----------|-------|
+| `.pi/permissions.json` | Project-local (checked first) |
+| `~/.pi/agent/permissions.json` | Global fallback |
+### Example
+```json
+{
+  "permissions": {
+    "allow": [
+      "Bash(npm run *)",
+      "Bash(npm test *)",
+      "Bash(git commit *)",
+      "Bash(git diff *)",
+      "Bash(git status)",
+      "Bash(git log *)",
+      "Bash(* --version)",
+      "Bash(* --help *)"
+    ],
+    "deny": [
+      "Bash(git push *)",
+      "Bash(git add .)",
+      "Bash(rm -rf *)",
+      "Write(*.env)",
+      "Write(.env.*)",
+      "Edit(*.env)"
+    ]
+  }
+}
+```
+## Rule Format
+Rules use the format `Tool(pattern)` where:
+- **Tool** — the pi tool name: `Bash`, `Write`, `Edit`, `Read`
+- **pattern** — a glob pattern where `*` matches any characters
+### Supported Tools
+| Tool | What the pattern matches against |
+|------|----------------------------------|
+| `Bash(pattern)` | The bash command string |
+| `Write(pattern)` | The file path being written |
+| `Edit(pattern)` | The file path being edited |
+| `Read(pattern)` | The file path being read |
+### Evaluation Logic
+1. **Deny rules are checked first** — if any deny rule matches, the call is blocked
+2. **Allow rules are checked next** — if allow rules exist for the tool, the call must match at least one
+3. **No rules = no restrictions** — if no allow rules exist for a tool, all calls pass (unless denied)
+This means:
+- Use **deny** to block specific dangerous commands
+- Use **allow** to whitelist only approved commands (everything else is blocked)
+- **Deny always wins** over allow
+### Pattern Examples
+| Pattern | Matches | Doesn't match |
+|---------|---------|---------------|
+| `Bash(git push *)` | `git push origin main` | `git pull` |
+| `Bash(npm run *)` | `npm run build`, `npm run test` | `npm install` |
+| `Bash(* --version)` | `node --version`, `npm --version` | `node index.js` |
+| `Write(*.env)` | `.env`, `app.env` | `.env.example` |
+| `Write(secrets/*)` | `secrets/key.pem` | `src/secrets.ts` |
+## Reloading
+After editing `permissions.json`, type `/reload` in pi to apply the changes.
+## License
+MIT

package/extensions/permissions.ts ADDED Viewed

@@ -0,0 +1,59 @@
+import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+import { readFile } from "node:fs/promises";
+import { join } from "node:path";
+import type { PermissionsConfig } from "./rules.ts";
+import { evaluate, parseRules } from "./rules.ts";
+import type { ParsedRule } from "./rules.ts";
+async function loadConfig(cwd: string): Promise<PermissionsConfig> {
+  const paths = [join(cwd, ".pi", "permissions.json")];
+  const home = process.env.HOME || process.env.USERPROFILE || "";
+  if (home) {
+    paths.push(join(home, ".pi", "agent", "permissions.json"));
+  }
+  for (const configPath of paths) {
+    try {
+      const content = await readFile(configPath, "utf-8");
+      return JSON.parse(content) as PermissionsConfig;
+    } catch {
+      // File not found or invalid, try next
+    }
+  }
+  return {};
+}
+export default function (pi: ExtensionAPI) {
+  let allowRules: ParsedRule[] = [];
+  let denyRules: ParsedRule[] = [];
+  async function reloadRules(cwd: string) {
+    const config = await loadConfig(cwd);
+    allowRules = parseRules(config.permissions?.allow ?? []);
+    denyRules = parseRules(config.permissions?.deny ?? []);
+  }
+  pi.on("session_start", async (_event, ctx) => {
+    await reloadRules(ctx.cwd);
+    const total = allowRules.length + denyRules.length;
+    if (total > 0) {
+      ctx.ui.notify(
+        `Permissions loaded: ${allowRules.length} allow, ${denyRules.length} deny rules`,
+        "info",
+      );
+    }
+  });
+  pi.on("tool_call", async (event) => {
+    const result = evaluate(
+      event.toolName,
+      event.input as Record<string, unknown>,
+      allowRules,
+      denyRules,
+    );
+    if (result.blocked) {
+      return { block: true, reason: result.reason! };
+    }
+  });
+}

package/package.json ADDED Viewed

@@ -0,0 +1,46 @@
+{
+  "name": "pi-permissions",
+  "version": "1.0.0",
+  "description": "Configurable allow/deny permission rules for pi tool calls — control which bash commands, file reads, writes, and edits the agent can perform.",
+  "keywords": [
+    "pi-package",
+    "pi-extension",
+    "permissions",
+    "security",
+    "allow-deny"
+  ],
+  "homepage": "https://github.com/NicoAvanzDev/pi-permissions#readme",
+  "bugs": {
+    "url": "https://github.com/NicoAvanzDev/pi-permissions/issues"
+  },
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/NicoAvanzDev/pi-permissions.git"
+  },
+  "files": [
+    "extensions/permissions.ts",
+    "README.md"
+  ],
+  "type": "module",
+  "scripts": {
+    "build": "echo 'nothing to build'",
+    "test": "vitest run",
+    "lint": "oxlint",
+    "fmt": "oxfmt \"**/*.ts\"",
+    "fmt:check": "oxfmt --check \"**/*.ts\"",
+    "check": "vitest run && oxlint && oxfmt --check \"**/*.ts\"",
+    "prepublishOnly": "npm pack --dry-run"
+  },
+  "devDependencies": {
+    "oxfmt": "^0.41.0",
+    "oxlint": "^1.56.0",
+    "vitest": "^4.1.0"
+  },
+  "peerDependencies": {
+    "@mariozechner/pi-coding-agent": "*"
+  },
+  "pi": {
+    "extensions": ["./extensions"]
+  }
+}