pi-git-guardrails

Native Pi extension that blocks dangerous git operations before the assistant can run them. It also injects a temporary git shim into assistant Bash commands so nested scripts such as npm run release or ./deploy.sh are guarded too.

Install

From npm:

pi install npm:pi-git-guardrails

From GitHub:

pi install git:github.com/ramaaudra/pi-git-guardrails

Project-local install from GitHub:

pi install git:github.com/ramaaudra/pi-git-guardrails -l

Try a local checkout for one run:

pi -e ./pi-git-guardrails

Blocked by Default

• git push in all variants
• git reset --hard
• git clean -f, git clean -fd, git clean --force
• git branch -D and force branch deletion
• git checkout ., git checkout -- ., git restore .

Path-specific restore/checkout remains allowed, for example git restore src/app.ts and git checkout -- src/app.ts.

Commands

• /git-guardrails status shows ON/OFF, session block count, pending allow-next, active rules, and recent audit entries.
• /git-guardrails allow-next push allows exactly one matching git push, including from nested scripts.
• /git-guardrails off 5m disables the guardrail temporarily. Supports s, m, and h suffixes.
• /git-guardrails on re-enables immediately and clears any temporary off timer.

Nested Script Protection

The extension prepends a session-local directory containing a git shim to PATH for assistant Bash calls. This catches normal git ... calls inside scripts, package scripts, Makefiles, and similar child processes.

Known limits:

• It does not catch scripts that call an absolute git path such as /usr/bin/git.
• It does not catch programs that use a Git library directly instead of spawning git.
• It is a coding-agent safety guardrail, not an OS-level sandbox.

Develop

npm test
npm run pack:dry-run

Publish

npm login
npm publish

If npm asks for a scoped public package flow in the future, use:

npm publish --access public

License

MIT