@yandy0725/pi-permission-system
Permission enforcement extension for the Pi coding agent
Package details
Install @yandy0725/pi-permission-system from npm and Pi will load the resources declared by the package manifest.
$ pi install npm:@yandy0725/pi-permission-system- Package
@yandy0725/pi-permission-system- Version
0.2.0- Published
- Jun 30, 2026
- Downloads
- 243/mo · 243/wk
- Author
- yandy0725
- License
- MIT
- Types
- extension
- Size
- 413.7 KB
- Dependencies
- 2 dependencies · 2 peers
Pi manifest JSON
{
"extensions": [
"./index.ts"
]
}Security note
Pi packages can execute code and influence agent behavior. Review the source before installing third-party packages.
README
pi-permission-system
Permission enforcement extension for the Pi coding agent. Provides centralized, deterministic permission gates over tool, bash, MCP, skill, and special operations.
Features
- allow / ask / deny at tool-call time with UI confirmation dialogs
- Hides disallowed tools before the agent starts — no wasted turns probing for blocked tools
- Bash command control with wildcard pattern matching (
git *: ask,rm -rf *: deny) - MCP and skill access gating at server, tool, and skill-name granularity
- Cross-cutting
pathrules — deny.env,~/.ssh/*across all tools and bash at once, with symlink-resolved matching - External directory guard — prompts before file tools or bash reach outside the working tree
- Fails closed — internal gate error blocks the tool; unparseable bash commands prompt instead of passing silently
- Subagent
askforwarding —askpolicies work in child sessions via parent UI - Native
@yandy0725/pi-subagentsintegration — in-process child sessions register automatically
Install
pi install npm:@yandy0725/pi-permission-system
Quick Start
- Create the global config at
~/.pi/agent/extensions/pi-permission-system/config.json:
{
"permission": {
"*": "allow",
"path": {
"*": "allow",
"*.env": "deny",
"*.env.*": "deny",
"*.env.example": "allow"
},
"bash": {
"*": "ask",
"rm -rf *": "deny",
"sudo *": "ask"
},
"external_directory": "ask"
}
}
- Start Pi — the extension automatically loads and enforces your policy.
Permission States
| State | Behavior |
|---|---|
allow |
Permits the action silently |
deny |
Blocks the action with an error message |
ask |
Prompts the user for confirmation via UI |
When the dialog prompts, you can approve once or approve a pattern for the rest of the session.
Configuration
Config lives in one JSON file per scope:
| Scope | Path |
|---|---|
| Global | ~/.pi/agent/extensions/pi-permission-system/config.json |
| Project | <cwd>/.pi/extensions/pi-permission-system/config.json |
Project overrides global. Four layers compose with most-restrictive-wins: path → external_directory → per-tool patterns → bash command patterns.
The path surface applies to all file access — tools, bash, MCP, and extensions alike — making it the right place for sensitive file patterns like .env or ~/.ssh/*. It matches both the path as referenced and its symlink-resolved form.
The external_directory surface decides whether reaching outside the working tree is allowed:
{
"permission": {
"external_directory": {
"*": "ask",
"~/.cargo/registry/*": "allow"
}
}
}
Development
npm run typecheck # tsc --noEmit
npm run lint # biome lint
npm test # vitest run
Acknowledgments
This project is a friendly fork of @gotgenes/pi-permission-system by Chris Lasher, which began as a fork of MasuRii/pi-permission-system. Thank you to all original authors for their work that made this package possible.
License
MIT