@burneikis/pi-nolo

No-YOLO mode for pi — gates write, edit, and bash tool calls behind user confirmation with configurable safe-command allowlists and YOLO override modes.

Package details

← Back
extension

Install @burneikis/pi-nolo from npm and Pi will load the resources declared by the package manifest.

npm repohome report
$ pi install npm:@burneikis/pi-nolo
Package
@burneikis/pi-nolo
Version
1.1.0
Published
Apr 9, 2026
Downloads
197/mo · 23/wk
Author
burneikis
License
MIT
Types
extension
Size
60.9 KB
Dependencies
1 dependency · 1 peer
Pi manifest JSON
{
  "extensions": [
    "./index.ts"
  ]
}

Security note

Pi packages can execute code and influence agent behavior. Review the source before installing third-party packages.

README

pi-nolo

No-YOLO mode for pi-coding-agent. Gates write, edit, and bash tool calls behind user confirmation — press Enter to allow, Escape to block.

Read-safe bash commands (ls, grep, git status, etc.) are auto-approved via a configurable allowlist, so you only get prompted for commands that could mutate state.

Install

pi install npm:@burneikis/pi-nolo

Or from git:

pi install https://github.com/burneikis/pi-nolo

Note:

There will be a keybing conflict with ctrl+y for cycling yolo mode, and tui.editor.yank, so I recommend changing ~/.pi/agent/keybindings.json to include "tui.editor.yank": "ctrl+shift+y".

What it does

Every time the agent tries to:

  • Write a file — confirms with the file path and line count
  • Edit a file — confirms with the file path; shows a pre-rendered diff preview before the tool finishes executing
  • Run a bash command — auto-approves safe read-only commands; confirms everything else

You get a dialog: Enter to allow, Escape to block.

In non-interactive mode (no UI), all mutations are blocked by default.

Pre-rendered edit diffs

As of pi ~0.63.0, the built-in edit tool only shows diffs after execution. This extension includes a built-in pre-renderer (ported from pi-pre-render-edit) that computes and displays the diff as soon as the tool arguments are complete -- before the edit is applied. This means you can see exactly what will change while the confirmation dialog is open.

If you previously installed pi-pre-render-edit separately, you can remove it -- the functionality is now bundled here.

YOLO modes

Use /yolo to cycle through three modes at any time during a session:

Mode Footer label Write/Edit Bash
off (default) nolo confirm confirm (safe cmds auto-approved)
writes writes auto-allow confirm (safe cmds auto-approved)
full yolo auto-allow auto-allow

Each /yolo invocation advances to the next mode and wraps back around:

off → writes-yolo → full-yolo → off → …

The current mode is shown in the footer status bar. It is also persisted in the session so it survives a /reload.

When to use each mode

  • writes — you trust the edits but still want a gate on shell commands.
  • full — you want the agent to run completely hands-free. Use with caution.

Bash Command Allowlist

Safe commands are auto-approved without a confirmation dialog. A command is considered safe when:

  1. It starts with a recognized safe prefix (e.g., ls, grep, git status)
  2. It does not contain any dangerous patterns (pipes, chaining, redirects, etc.)

Default safe prefixes

ls, cat, head, tail, wc, find, grep, rg, fd, tree,
file, stat, du, df, which, whoami, pwd, echo, date, uname,
env, printenv, git status, git log, git diff, git show,
git branch, git remote, git tag, git rev-parse,
npm list, npm outdated, npm view, node --version,
python --version, cargo --version, rustc --version, go version

Dangerous pattern guard

Even if a command starts with a safe prefix, it will still require confirmation if it contains:

  • Pipes (|), chaining (&&, ||, ;)
  • Command substitution (`, $())
  • Redirections (>, >>)
  • Dangerous commands (rm, sudo, eval, exec, source, sh, bash)

For example, ls is auto-approved but ls; rm -rf / will prompt for confirmation.

Configuration

You can customize the allowlist with a nolo.json config file:

  • Project-level: .pi/nolo.json (takes precedence)
  • Global: ~/.pi/agent/nolo.json

Config format

{
  "safePrefixes": ["make build", "docker ps", "kubectl get"],
  "dangerousPatterns": ["\\|", "&&", "\\brm\\b"]
}

Merge behavior

  • safePrefixes — merged (union of defaults + global + project)
  • dangerousPatterns — overridden (project overrides global overrides defaults)

If no config files exist, the hardcoded defaults are used. See nolo.example.json for the full default configuration.

Example: add custom safe commands

Create .pi/nolo.json in your project:

{
  "safePrefixes": ["make build", "docker ps", "kubectl get pods"]
}

These will be added to the defaults — you don't need to re-list the built-in prefixes.

Example: relax dangerous patterns

If you want to allow piped commands (at your own risk):

{
  "dangerousPatterns": [
    "&&",
    "\\|\\|",
    ";",
    "`",
    "\\$\\(",
    ">\\s",
    ">>",
    "\\brm\\b",
    "\\bsudo\\b",
    "\\beval\\b",
    "\\bexec\\b"
  ]
}

This replaces the defaults entirely, so the \\| (pipe) pattern is no longer checked.

License

MIT