mirror of
https://github.com/getcompanion-ai/co-mono.git
synced 2026-04-15 17:00:59 +00:00
e7097d911a
- Custom tools: TypeScript modules that extend pi with new tools - Custom TUI rendering via renderCall/renderResult - User interaction via pi.ui (select, confirm, input, notify) - Session lifecycle via onSession callback for state reconstruction - Examples: todo.ts, question.ts, hello.ts - Hook examples: permission-gate, git-checkpoint, protected-paths - Session lifecycle centralized in AgentSession - Works across all modes (interactive, print, RPC) - Unified session event for hooks (replaces session_start/session_switch) - Box component added to pi-tui - Examples bundled in npm and binary releases Fixes #190
38 lines
1,018 B
TypeScript
38 lines
1,018 B
TypeScript
/**
|
|
* Permission Gate Hook
|
|
*
|
|
* Prompts for confirmation before running potentially dangerous bash commands.
|
|
* Patterns checked: rm -rf, sudo, chmod/chown 777
|
|
*/
|
|
|
|
import type { HookAPI } from "@mariozechner/pi-coding-agent/hooks";
|
|
|
|
export default function (pi: HookAPI) {
|
|
const dangerousPatterns = [
|
|
/\brm\s+(-rf?|--recursive)/i,
|
|
/\bsudo\b/i,
|
|
/\b(chmod|chown)\b.*777/i,
|
|
];
|
|
|
|
pi.on("tool_call", async (event, ctx) => {
|
|
if (event.toolName !== "bash") return undefined;
|
|
|
|
const command = event.input.command as string;
|
|
const isDangerous = dangerousPatterns.some((p) => p.test(command));
|
|
|
|
if (isDangerous) {
|
|
if (!ctx.hasUI) {
|
|
// In non-interactive mode, block by default
|
|
return { block: true, reason: "Dangerous command blocked (no UI for confirmation)" };
|
|
}
|
|
|
|
const choice = await ctx.ui.select(`⚠️ Dangerous command:\n\n ${command}\n\nAllow?`, ["Yes", "No"]);
|
|
|
|
if (choice !== "Yes") {
|
|
return { block: true, reason: "Blocked by user" };
|
|
}
|
|
}
|
|
|
|
return undefined;
|
|
});
|
|
}
|