joakimp/pi-extensions
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
37cc49e06fcac7cfe7701dc522b9fc798a267e50
pi-extensions/extensions/confirm-destructive.ts
T

107 lines
4.4 KiB
TypeScript
Raw Blame History

/**
* Confirm Destructive Actions
*
* Two layers of protection:
*
* 1. Bash commands — intercepts tool_call for bash and prompts before running
* patterns that are hard or impossible to undo.
*
* 2. Session actions — prompts before /new (clear), /resume (switch), and
* /fork so you don't accidentally throw away work.
*/
import type { ExtensionAPI, SessionBeforeSwitchEvent, SessionMessageEntry } from "@mariozechner/pi-coding-agent";
// ── Dangerous bash patterns ───────────────────────────────────────────────────
const DANGEROUS: { pattern: RegExp; label: string }[] = [
{ pattern: /\brm\s+(-[a-z]*r[a-z]*f?[a-z]*|-[a-z]*f[a-z]*r[a-z]*)\b/i, label: "recursive remove" },
{ pattern: /\bsudo\b/i, label: "sudo" },
{ pattern: /\b(chmod|chown)\b.*\b777\b/i, label: "chmod/chown 777" },
{ pattern: /\bdd\b.*\bif=/i, label: "dd (disk operation)" },
{ pattern: /\bmkfs\b/i, label: "mkfs (format)" },
{ pattern: /\bgit\s+push\b.*\s(-f|--force)\b/i, label: "git force push" },
{ pattern: />\s*\/dev\//i, label: "write to device" },
{ pattern: /\btruncate\b.*--size\s+0/i, label: "truncate to zero" },
];
function matchesDangerous(command: string): string | null {
for (const { pattern, label } of DANGEROUS) {
if (pattern.test(command)) return label;
}
return null;
}
// ── Extension ─────────────────────────────────────────────────────────────────
export default function (pi: ExtensionAPI) {
// ── 1. Dangerous bash commands ─────────────────────────────────────────────
pi.on("tool_call", async (event, ctx) => {
if (event.toolName !== "bash") return;
const command = event.input.command as string;
const match = matchesDangerous(command);
if (!match) return;
if (!ctx.hasUI) {
return { block: true, reason: `Dangerous command blocked (${match}) — no UI for confirmation` };
}
const choice = await ctx.ui.select(
`⚠️ ${match}\n\n ${command.slice(0, 200)}${command.length > 200 ? "…" : ""}\n\nAllow?`,
["Yes, run it", "No, block it"],
);
if (choice !== "Yes, run it") {
ctx.ui.notify("Command blocked", "info");
return { block: true, reason: "Blocked by user" };
}
});
// ── 2. Session clear / switch ──────────────────────────────────────────────
pi.on("session_before_switch", async (event: SessionBeforeSwitchEvent, ctx) => {
if (!ctx.hasUI) return;
if (event.reason === "new") {
const ok = await ctx.ui.confirm("Clear session?", "All messages in this session will be deleted.");
if (!ok) {
ctx.ui.notify("Clear cancelled", "info");
return { cancel: true };
}
return;
}
// resume — only confirm if there's unsaved user work
const entries = ctx.sessionManager.getEntries();
const hasUnsaved = entries.some(
(e): e is SessionMessageEntry => e.type === "message" && e.message.role === "user",
);
if (!hasUnsaved) return;
const ok = await ctx.ui.confirm("Switch session?", "Current session has messages. Switch anyway?");
if (!ok) {
ctx.ui.notify("Switch cancelled", "info");
return { cancel: true };
}
});
// ── 3. Fork ────────────────────────────────────────────────────────────────
pi.on("session_before_fork", async (event, ctx) => {
if (!ctx.hasUI) return;
const choice = await ctx.ui.select(
`Fork from entry ${event.entryId.slice(0, 8)}?`,
["Yes, create fork", "No, stay here"],
);
if (choice !== "Yes, create fork") {
ctx.ui.notify("Fork cancelled", "info");
return { cancel: true };
}
});
}
Reference in New Issue View Git Blame Copy Permalink