Skip to content

Instantly share code, notes, and snippets.

@koaning
Created April 13, 2026 13:45
Show Gist options
  • Select an option

  • Save koaning/1fd19b808c667bb89130ff1b7c1be371 to your computer and use it in GitHub Desktop.

Select an option

Save koaning/1fd19b808c667bb89130ff1b7c1be371 to your computer and use it in GitHub Desktop.
marimo pi remote guard
import path from "node:path";
import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
import { isToolCallEventType } from "@mariozechner/pi-coding-agent";
const SKILL_DIR = "/Users/vincentwarmerdam/.agents/skills/marimo-pair";
const ALLOWED_READ_ROOTS = [SKILL_DIR];
function hasDangerousShellSyntax(command: string): boolean {
return /(&&|\|\||;|\||>|`)/.test(command);
}
function stripEnvPrefix(command: string): string {
return command.replace(/^([A-Z_][A-Z0-9_]*=('[^']*'|"[^"]*"|\S+)\s+)*/, "");
}
function normalizePath(inputPath: string): string {
const cleaned = inputPath.startsWith("@") ? inputPath.slice(1) : inputPath;
return path.resolve(cleaned.replace(/^~(?=$|\/)/, process.env.HOME || "~"));
}
function isAllowedRead(inputPath: string): boolean {
const resolved = normalizePath(inputPath);
return ALLOWED_READ_ROOTS.some((root) => {
const normalizedRoot = normalizePath(root);
return resolved === normalizedRoot || resolved.startsWith(normalizedRoot + path.sep);
});
}
function isAllowedBash(command: string): boolean {
const trimmed = command.trim();
if (hasDangerousShellSyntax(trimmed)) return false;
const normalized = stripEnvPrefix(trimmed);
return /^bash\s+\S*marimo-pair\/scripts\/(discover-servers|execute-code)\.sh\b/s.test(normalized);
}
export default function (pi: ExtensionAPI) {
pi.on("tool_call", async (event) => {
if (isToolCallEventType("read", event)) {
if (!isAllowedRead(event.input.path)) {
return {
block: true,
reason: "Only marimo-pair skill files may be read.",
};
}
}
if (isToolCallEventType("edit", event)) {
return { block: true, reason: "Local file editing is disabled." };
}
if (isToolCallEventType("write", event)) {
return { block: true, reason: "Local file writing is disabled." };
}
if (isToolCallEventType("bash", event)) {
if (!isAllowedBash(event.input.command)) {
return {
block: true,
reason: "Only marimo-pair helper scripts are allowed.",
};
}
}
return undefined;
});
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment