@yandy0725/pi-permission-system

Permission enforcement extension for the Pi coding agent

Packages

Package details

extension

Install @yandy0725/pi-permission-system from npm and Pi will load the resources declared by the package manifest.

$ pi install npm:@yandy0725/pi-permission-system
Package
@yandy0725/pi-permission-system
Version
0.2.0
Published
Jun 30, 2026
Downloads
243/mo · 243/wk
Author
yandy0725
License
MIT
Types
extension
Size
413.7 KB
Dependencies
2 dependencies · 2 peers
Pi manifest JSON
{
  "extensions": [
    "./index.ts"
  ]
}

Security note

Pi packages can execute code and influence agent behavior. Review the source before installing third-party packages.

README

pi-permission-system

Permission enforcement extension for the Pi coding agent. Provides centralized, deterministic permission gates over tool, bash, MCP, skill, and special operations.

Features

  • allow / ask / deny at tool-call time with UI confirmation dialogs
  • Hides disallowed tools before the agent starts — no wasted turns probing for blocked tools
  • Bash command control with wildcard pattern matching (git *: ask, rm -rf *: deny)
  • MCP and skill access gating at server, tool, and skill-name granularity
  • Cross-cutting path rules — deny .env, ~/.ssh/* across all tools and bash at once, with symlink-resolved matching
  • External directory guard — prompts before file tools or bash reach outside the working tree
  • Fails closed — internal gate error blocks the tool; unparseable bash commands prompt instead of passing silently
  • Subagent ask forwardingask policies work in child sessions via parent UI
  • Native @yandy0725/pi-subagents integration — in-process child sessions register automatically

Install

pi install npm:@yandy0725/pi-permission-system

Quick Start

  1. Create the global config at ~/.pi/agent/extensions/pi-permission-system/config.json:
{
  "permission": {
    "*": "allow",
    "path": {
      "*": "allow",
      "*.env": "deny",
      "*.env.*": "deny",
      "*.env.example": "allow"
    },
    "bash": {
      "*": "ask",
      "rm -rf *": "deny",
      "sudo *": "ask"
    },
    "external_directory": "ask"
  }
}
  1. Start Pi — the extension automatically loads and enforces your policy.

Permission States

State Behavior
allow Permits the action silently
deny Blocks the action with an error message
ask Prompts the user for confirmation via UI

When the dialog prompts, you can approve once or approve a pattern for the rest of the session.

Configuration

Config lives in one JSON file per scope:

Scope Path
Global ~/.pi/agent/extensions/pi-permission-system/config.json
Project <cwd>/.pi/extensions/pi-permission-system/config.json

Project overrides global. Four layers compose with most-restrictive-wins: pathexternal_directory → per-tool patterns → bash command patterns.

The path surface applies to all file access — tools, bash, MCP, and extensions alike — making it the right place for sensitive file patterns like .env or ~/.ssh/*. It matches both the path as referenced and its symlink-resolved form.

The external_directory surface decides whether reaching outside the working tree is allowed:

{
  "permission": {
    "external_directory": {
      "*": "ask",
      "~/.cargo/registry/*": "allow"
    }
  }
}

Development

npm run typecheck        # tsc --noEmit
npm run lint             # biome lint
npm test                 # vitest run

Acknowledgments

This project is a friendly fork of @gotgenes/pi-permission-system by Chris Lasher, which began as a fork of MasuRii/pi-permission-system. Thank you to all original authors for their work that made this package possible.

License

MIT