joakimp/pi-extensions
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
pi-extensions/extensions/confirm-destructive.ts
T
joakimp 1381a37115 Rename @mariozechner/pi-* to @earendil-works/pi-* 
Pi moved to its new home at earendil-works on 2026-05-07
(https://pi.dev/news/2026/5/7/pi-has-a-new-home). Affected packages:

  @mariozechner/pi-coding-agent  -> @earendil-works/pi-coding-agent
  @mariozechner/pi-tui           -> @earendil-works/pi-tui
  @mariozechner/pi-ai            -> @earendil-works/pi-ai
  @mariozechner/pi-agent-core    -> @earendil-works/pi-agent-core

The old @mariozechner/* packages are deprecated on npm with the
explicit message 'please use @earendil-works/pi-coding-agent instead
going forward', and the version stream has moved on (old top-out
0.73.1; new currently 0.74.0). Anyone npm-installing the old names
gets a deprecation warning + a stale binary.

Sweep:
- All 7 extension TypeScript files: import statements updated.
- README, AGENTS, install.sh: textual references and the github.com/
  mariozechner/pi-coding-agent URL pointed at github.com/earendil-works/
  pi (the new monorepo root; coding-agent now lives at
  packages/coding-agent inside it).
- Bun build of mcp-loader, ext-toggle, ssh-controlmaster verified clean.

Brew install references (`brew install pi-coding-agent`) left as-is:
the homebrew formula still works at 0.73.1 and a tap update is
tracked upstream at earendil-works/pi#2755. Historical CHANGELOG
entries are untouched.
2026-05-09 17:56:15 +02:00

107 lines
4.4 KiB
TypeScript
Raw Permalink Blame History

/**
* Confirm Destructive Actions
*
* Two layers of protection:
*
* 1. Bash commands — intercepts tool_call for bash and prompts before running
* patterns that are hard or impossible to undo.
*
* 2. Session actions — prompts before /new (clear), /resume (switch), and
* /fork so you don't accidentally throw away work.
*/
import type { ExtensionAPI, SessionBeforeSwitchEvent, SessionMessageEntry } from "@earendil-works/pi-coding-agent";
// ── Dangerous bash patterns ───────────────────────────────────────────────────
const DANGEROUS: { pattern: RegExp; label: string }[] = [
{ pattern: /\brm\s+(-[a-z]*r[a-z]*f?[a-z]*|-[a-z]*f[a-z]*r[a-z]*)\b/i, label: "recursive remove" },
{ pattern: /\bsudo\b/i, label: "sudo" },
{ pattern: /\b(chmod|chown)\b.*\b777\b/i, label: "chmod/chown 777" },
{ pattern: /\bdd\b.*\bif=/i, label: "dd (disk operation)" },
{ pattern: /\bmkfs\b/i, label: "mkfs (format)" },
{ pattern: /\bgit\s+push\b.*\s(-f|--force)\b/i, label: "git force push" },
{ pattern: />\s*\/dev\//i, label: "write to device" },
{ pattern: /\btruncate\b.*--size\s+0/i, label: "truncate to zero" },
];
function matchesDangerous(command: string): string | null {
for (const { pattern, label } of DANGEROUS) {
if (pattern.test(command)) return label;
}
return null;
}
// ── Extension ─────────────────────────────────────────────────────────────────
export default function (pi: ExtensionAPI) {
// ── 1. Dangerous bash commands ─────────────────────────────────────────────
pi.on("tool_call", async (event, ctx) => {
if (event.toolName !== "bash") return;
const command = event.input.command as string;
const match = matchesDangerous(command);
if (!match) return;
if (!ctx.hasUI) {
return { block: true, reason: `Dangerous command blocked (${match}) — no UI for confirmation` };
}
const choice = await ctx.ui.select(
`⚠️ ${match}\n\n ${command.slice(0, 200)}${command.length > 200 ? "…" : ""}\n\nAllow?`,
["Yes, run it", "No, block it"],
);
if (choice !== "Yes, run it") {
ctx.ui.notify("Command blocked", "info");
return { block: true, reason: "Blocked by user" };
}
});
// ── 2. Session clear / switch ──────────────────────────────────────────────
pi.on("session_before_switch", async (event: SessionBeforeSwitchEvent, ctx) => {
if (!ctx.hasUI) return;
if (event.reason === "new") {
const ok = await ctx.ui.confirm("Clear session?", "All messages in this session will be deleted.");
if (!ok) {
ctx.ui.notify("Clear cancelled", "info");
return { cancel: true };
}
return;
}
// resume — only confirm if there's unsaved user work
const entries = ctx.sessionManager.getEntries();
const hasUnsaved = entries.some(
(e): e is SessionMessageEntry => e.type === "message" && e.message.role === "user",
);
if (!hasUnsaved) return;
const ok = await ctx.ui.confirm("Switch session?", "Current session has messages. Switch anyway?");
if (!ok) {
ctx.ui.notify("Switch cancelled", "info");
return { cancel: true };
}
});
// ── 3. Fork ────────────────────────────────────────────────────────────────
pi.on("session_before_fork", async (event, ctx) => {
if (!ctx.hasUI) return;
const choice = await ctx.ui.select(
`Fork from entry ${event.entryId.slice(0, 8)}?`,
["Yes, create fork", "No, stay here"],
);
if (choice !== "Yes, create fork") {
ctx.ui.notify("Fork cancelled", "info");
return { cancel: true };
}
});
}
Reference in New Issue View Git Blame Copy Permalink