pi-boundary
Filesystem boundary enforcement for pi — prompts before the agent escapes your project
Package details
Install pi-boundary from npm and Pi will load the resources declared by the package manifest.
$ pi install npm:pi-boundary- Package
pi-boundary- Version
0.1.4- Published
- Mar 18, 2026
- Downloads
- 43/mo · 11/wk
- Author
- rjshrjndrn
- License
- MIT
- Types
- extension
- Size
- 40.2 KB
- Dependencies
- 0 dependencies · 2 peers
Pi manifest JSON
{
"extensions": [
"./extensions"
]
}Security note
Pi packages can execute code and influence agent behavior. Review the source before installing third-party packages.
README
pi-boundary
Filesystem boundary enforcement for pi. Prompts you before the agent reads or writes files outside your project.
How it works
On session start, pi-boundary detects your project boundary:
- Runs
git rev-parse --show-toplevelto find the git worktree root - Falls back to the current working directory if not in a git repo
Then it intercepts every file tool call (read, write, edit, grep, find, ls):
- Inside boundary → allowed silently
- Outside boundary → you get a confirmation prompt
- Previously approved directory → allowed silently (remembered for the session)
🔒 pi-boundary: path outside project
Tool: read
Path: /Users/you/.ssh/config
Boundary: /Users/you/project
Allow this access? (y/n)
When you approve, the parent directory is remembered for the rest of the session.
Install
# As a pi package
pi install npm:pi-boundary
# Or test locally
pi -e ./pi-boundary/extensions/index.ts
Limitations
- No bash coverage — the
bashtool is not intercepted. The agent can still access files outside the boundary via shell commands. This will be addressed in a future version. - Session-scoped memory only — approvals reset when you start a new session.
- No configuration — the boundary is always the git worktree root (or CWD). Custom boundaries and allow/deny patterns are planned for a future version.
Development
cd pi-boundary
npm install
npm test
License
MIT