Created
April 13, 2026 13:45
-
-
Save koaning/1fd19b808c667bb89130ff1b7c1be371 to your computer and use it in GitHub Desktop.
marimo pi remote guard
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import path from "node:path"; | |
| import type { ExtensionAPI } from "@mariozechner/pi-coding-agent"; | |
| import { isToolCallEventType } from "@mariozechner/pi-coding-agent"; | |
| const SKILL_DIR = "/Users/vincentwarmerdam/.agents/skills/marimo-pair"; | |
| const ALLOWED_READ_ROOTS = [SKILL_DIR]; | |
| function hasDangerousShellSyntax(command: string): boolean { | |
| return /(&&|\|\||;|\||>|`)/.test(command); | |
| } | |
| function stripEnvPrefix(command: string): string { | |
| return command.replace(/^([A-Z_][A-Z0-9_]*=('[^']*'|"[^"]*"|\S+)\s+)*/, ""); | |
| } | |
| function normalizePath(inputPath: string): string { | |
| const cleaned = inputPath.startsWith("@") ? inputPath.slice(1) : inputPath; | |
| return path.resolve(cleaned.replace(/^~(?=$|\/)/, process.env.HOME || "~")); | |
| } | |
| function isAllowedRead(inputPath: string): boolean { | |
| const resolved = normalizePath(inputPath); | |
| return ALLOWED_READ_ROOTS.some((root) => { | |
| const normalizedRoot = normalizePath(root); | |
| return resolved === normalizedRoot || resolved.startsWith(normalizedRoot + path.sep); | |
| }); | |
| } | |
| function isAllowedBash(command: string): boolean { | |
| const trimmed = command.trim(); | |
| if (hasDangerousShellSyntax(trimmed)) return false; | |
| const normalized = stripEnvPrefix(trimmed); | |
| return /^bash\s+\S*marimo-pair\/scripts\/(discover-servers|execute-code)\.sh\b/s.test(normalized); | |
| } | |
| export default function (pi: ExtensionAPI) { | |
| pi.on("tool_call", async (event) => { | |
| if (isToolCallEventType("read", event)) { | |
| if (!isAllowedRead(event.input.path)) { | |
| return { | |
| block: true, | |
| reason: "Only marimo-pair skill files may be read.", | |
| }; | |
| } | |
| } | |
| if (isToolCallEventType("edit", event)) { | |
| return { block: true, reason: "Local file editing is disabled." }; | |
| } | |
| if (isToolCallEventType("write", event)) { | |
| return { block: true, reason: "Local file writing is disabled." }; | |
| } | |
| if (isToolCallEventType("bash", event)) { | |
| if (!isAllowedBash(event.input.command)) { | |
| return { | |
| block: true, | |
| reason: "Only marimo-pair helper scripts are allowed.", | |
| }; | |
| } | |
| } | |
| return undefined; | |
| }); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment