add confirm-destructive, git-checkpoint, notify extensions

extensions/confirm-destructive.ts

@@ -0,0 +1,106 @@
+/**
+ * Confirm Destructive Actions
+ *
+ * Two layers of protection:
+ *
+ * 1. Bash commands — intercepts tool_call for bash and prompts before running
+ *    patterns that are hard or impossible to undo.
+ *
+ * 2. Session actions — prompts before /new (clear), /resume (switch), and
+ *    /fork so you don't accidentally throw away work.
+ */
+
+import type { ExtensionAPI, SessionBeforeSwitchEvent, SessionMessageEntry } from "@mariozechner/pi-coding-agent";
+
+// ── Dangerous bash patterns ───────────────────────────────────────────────────
+
+const DANGEROUS: { pattern: RegExp; label: string }[] = [
+  { pattern: /\brm\s+(-[a-z]*r[a-z]*f?[a-z]*|-[a-z]*f[a-z]*r[a-z]*)\b/i, label: "recursive remove" },
+  { pattern: /\bsudo\b/i,                                                   label: "sudo" },
+  { pattern: /\b(chmod|chown)\b.*\b777\b/i,                                 label: "chmod/chown 777" },
+  { pattern: /\bdd\b.*\bif=/i,                                              label: "dd (disk operation)" },
+  { pattern: /\bmkfs\b/i,                                                   label: "mkfs (format)" },
+  { pattern: /\bgit\s+push\b.*\s(-f|--force)\b/i,                          label: "git force push" },
+  { pattern: />\s*\/dev\//i,                                                label: "write to device" },
+  { pattern: /\btruncate\b.*--size\s+0/i,                                   label: "truncate to zero" },
+];
+
+function matchesDangerous(command: string): string | null {
+  for (const { pattern, label } of DANGEROUS) {
+    if (pattern.test(command)) return label;
+  }
+  return null;
+}
+
+// ── Extension ─────────────────────────────────────────────────────────────────
+
+export default function (pi: ExtensionAPI) {
+
+  // ── 1. Dangerous bash commands ─────────────────────────────────────────────
+
+  pi.on("tool_call", async (event, ctx) => {
+    if (event.toolName !== "bash") return;
+
+    const command = event.input.command as string;
+    const match = matchesDangerous(command);
+    if (!match) return;
+
+    if (!ctx.hasUI) {
+      return { block: true, reason: `Dangerous command blocked (${match}) — no UI for confirmation` };
+    }
+
+    const choice = await ctx.ui.select(
+      `⚠️  ${match}\n\n  ${command.slice(0, 200)}${command.length > 200 ? "…" : ""}\n\nAllow?`,
+      ["Yes, run it", "No, block it"],
+    );
+
+    if (choice !== "Yes, run it") {
+      ctx.ui.notify("Command blocked", "info");
+      return { block: true, reason: "Blocked by user" };
+    }
+  });
+
+  // ── 2. Session clear / switch ──────────────────────────────────────────────
+
+  pi.on("session_before_switch", async (event: SessionBeforeSwitchEvent, ctx) => {
+    if (!ctx.hasUI) return;
+
+    if (event.reason === "new") {
+      const ok = await ctx.ui.confirm("Clear session?", "All messages in this session will be deleted.");
+      if (!ok) {
+        ctx.ui.notify("Clear cancelled", "info");
+        return { cancel: true };
+      }
+      return;
+    }
+
+    // resume — only confirm if there's unsaved user work
+    const entries = ctx.sessionManager.getEntries();
+    const hasUnsaved = entries.some(
+      (e): e is SessionMessageEntry => e.type === "message" && e.message.role === "user",
+    );
+    if (!hasUnsaved) return;
+
+    const ok = await ctx.ui.confirm("Switch session?", "Current session has messages. Switch anyway?");
+    if (!ok) {
+      ctx.ui.notify("Switch cancelled", "info");
+      return { cancel: true };
+    }
+  });
+
+  // ── 3. Fork ────────────────────────────────────────────────────────────────
+
+  pi.on("session_before_fork", async (event, ctx) => {
+    if (!ctx.hasUI) return;
+
+    const choice = await ctx.ui.select(
+      `Fork from entry ${event.entryId.slice(0, 8)}?`,
+      ["Yes, create fork", "No, stay here"],
+    );
+
+    if (choice !== "Yes, create fork") {
+      ctx.ui.notify("Fork cancelled", "info");
+      return { cancel: true };
+    }
+  });
+}

extensions/git-checkpoint.ts

@@ -0,0 +1,76 @@
+/**
+ * Git Checkpoint Extension
+ *
+ * Creates a git stash checkpoint at the start of each turn, keyed to the
+ * session entry ID. If you /fork from a past entry, you're offered the option
+ * to restore the code state from that point.
+ *
+ * Silently skips turns where the working directory isn't inside a git repo or
+ * where there are no changes to stash.
+ *
+ * Status bar shows the number of checkpoints saved in the current session.
+ */
+
+import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+
+export default function (pi: ExtensionAPI) {
+  // entryId → stash ref (e.g. "refs/stash" or a full sha)
+  const checkpoints = new Map<string, string>();
+
+  async function inGitRepo(): Promise<boolean> {
+    try {
+      const result = await pi.exec("git", ["rev-parse", "--git-dir"]);
+      return result.exitCode === 0;
+    } catch {
+      return false;
+    }
+  }
+
+  function updateStatus(ctx: { ui: { setStatus: (id: string, text: string) => void } }): void {
+    const n = checkpoints.size;
+    if (n > 0) {
+      ctx.ui.setStatus("git-checkpoint", `⎇ ${n} checkpoint${n === 1 ? "" : "s"}`);
+    } else {
+      ctx.ui.setStatus("git-checkpoint", "");
+    }
+  }
+
+  pi.on("turn_start", async (_event, ctx) => {
+    if (!(await inGitRepo())) return;
+
+    // Capture the current entry ID at turn start — this is the entry the
+    // user will fork from if they want to restore code to this point.
+    const entryId = ctx.sessionManager.getLeafId();
+    if (!entryId) return;
+
+    // git stash create makes a stash object without touching the working tree.
+    // Returns the stash ref on stdout, or empty string if nothing to stash.
+    const result = await pi.exec("git", ["stash", "create"]);
+    const ref = result.stdout.trim();
+
+    if (ref) {
+      checkpoints.set(entryId, ref);
+      updateStatus(ctx);
+    }
+  });
+
+  pi.on("session_before_fork", async (event, ctx) => {
+    const ref = checkpoints.get(event.entryId);
+    if (!ref) return;
+    if (!ctx.hasUI) return;
+
+    const choice = await ctx.ui.select(
+      "Restore code to this checkpoint?",
+      ["Yes, restore code state", "No, keep current code"],
+    );
+
+    if (choice?.startsWith("Yes")) {
+      await pi.exec("git", ["stash", "apply", ref]);
+      ctx.ui.notify("Code restored to checkpoint", "success");
+    }
+  });
+
+  pi.on("session_shutdown", () => {
+    checkpoints.clear();
+  });
+}

extensions/notify.ts

@@ -0,0 +1,78 @@
+/**
+ * Notify Extension
+ *
+ * Sends a native notification when the pi agent finishes and is waiting for
+ * input. Useful when you step away during a long task.
+ *
+ * Only fires when the agent ran for longer than --notify-min-secs (default 8).
+ * Short responses are silently skipped to avoid notification noise.
+ *
+ * Terminal detection (in priority order):
+ *   KITTY_WINDOW_ID → OSC 99  (Kitty)
+ *   WT_SESSION      → Windows toast  (Windows Terminal / WSL)
+ *   otherwise       → OSC 777  (iTerm2, WezTerm, Ghostty, rxvt-unicode)
+ */
+
+import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+
+// ── Notification backends ─────────────────────────────────────────────────────
+
+function notifyKitty(title: string, body: string): void {
+  // OSC 99: two-part protocol — title first, then body
+  process.stdout.write(`\x1b]99;i=1:d=0;${title}\x1b\\`);
+  process.stdout.write(`\x1b]99;i=1:p=body;${body}\x1b\\`);
+}
+
+function notifyOSC777(title: string, body: string): void {
+  process.stdout.write(`\x1b]777;notify;${title};${body}\x07`);
+}
+
+function notifyWindows(title: string, body: string): void {
+  const type = "Windows.UI.Notifications";
+  const script = [
+    `[${type}.ToastNotificationManager, ${type}, ContentType = WindowsRuntime] > $null`,
+    `$xml = [${type}.ToastNotificationManager]::GetTemplateContent([${type}.ToastTemplateType]::ToastText01)`,
+    `$xml.GetElementsByTagName('text')[0].AppendChild($xml.CreateTextNode('${body}')) > $null`,
+    `[${type}.ToastNotificationManager]::CreateToastNotifier('${title}').Show([${type}.ToastNotification]::new($xml))`,
+  ].join("; ");
+  const { execFile } = require("node:child_process");
+  execFile("powershell.exe", ["-NoProfile", "-Command", script]);
+}
+
+function notify(title: string, body: string): void {
+  if (process.env.KITTY_WINDOW_ID) {
+    notifyKitty(title, body);
+  } else if (process.env.WT_SESSION) {
+    notifyWindows(title, body);
+  } else {
+    notifyOSC777(title, body);
+  }
+}
+
+// ── Extension ─────────────────────────────────────────────────────────────────
+
+export default function (pi: ExtensionAPI) {
+  pi.registerFlag("notify-min-secs", {
+    description: "Minimum agent run time in seconds before a notification fires (default: 8)",
+    type: "number",
+    default: 8,
+  });
+
+  let startedAt: number | undefined;
+
+  pi.on("agent_start", async () => {
+    startedAt = Date.now();
+  });
+
+  pi.on("agent_end", async () => {
+    if (startedAt === undefined) return;
+
+    const elapsed = (Date.now() - startedAt) / 1000;
+    startedAt = undefined;
+
+    const minSecs = (pi.getFlag("notify-min-secs") as number | undefined) ?? 8;
+    if (elapsed < minSecs) return;
+
+    notify("Pi", `Done (${Math.round(elapsed)}s)`);
+  });
+}