cschmatzler/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

up

Browse Source
This commit is contained in:
Christoph Schmatzler
2026-03-22 18:17:09 +00:00
parent 6c816ae5ab
commit 32fda4a7e9
4 changed files with 225 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

190
modules/_ai-tools/no-git.ts Normal file
View File

@@ -0,0 +1,190 @@
/**
* No Git Extension
*
* Blocks direct git invocations and tells the LLM to use jj (Jujutsu) instead.
* Mentions of the word "git" in search patterns, strings, comments, etc. are allowed.
*/
import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
import { isToolCallEventType } from "@mariozechner/pi-coding-agent";
type ShellToken =
| { type: "word"; value: string }
| { type: "operator"; value: string };
const COMMAND_PREFIXES = new Set(["env", "command", "builtin", "time", "sudo", "nohup", "nice"]);
const SHELL_KEYWORDS = new Set(["if", "then", "elif", "else", "do", "while", "until", "case", "in"]);
const SHELL_INTERPRETERS = new Set(["bash", "sh", "zsh", "fish", "nu"]);
function isAssignmentWord(value: string): boolean {
return /^[A-Za-z_][A-Za-z0-9_]*=.*/.test(value);
}
function tokenizeShell(command: string): ShellToken[] {
const tokens: ShellToken[] = [];
let current = "";
let quote: "'" | '"' | null = null;
const pushWord = () => {
if (!current) return;
tokens.push({ type: "word", value: current });
current = "";
};
for (let i = 0; i < command.length; i++) {
const char = command[i];
if (quote) {
if (quote === "'") {
if (char === "'") {
quote = null;
} else {
current += char;
}
continue;
}
if (char === '"') {
quote = null;
continue;
}
if (char === "\\") {
if (i + 1 < command.length) {
current += command[i + 1];
i += 1;
}
continue;
}
current += char;
continue;
}
if (char === "'" || char === '"') {
quote = char;
continue;
}
if (char === "\\") {
if (i + 1 < command.length) {
current += command[i + 1];
i += 1;
}
continue;
}
if (/\s/.test(char)) {
pushWord();
if (char === "\n") {
tokens.push({ type: "operator", value: "\n" });
}
continue;
}
const twoCharOperator = command.slice(i, i + 2);
if (twoCharOperator === "&&" || twoCharOperator === "||") {
pushWord();
tokens.push({ type: "operator", value: twoCharOperator });
i += 1;
continue;
}
if (char === ";" || char === "|" || char === "(" || char === ")") {
pushWord();
tokens.push({ type: "operator", value: char });
continue;
}
current += char;
}
pushWord();
return tokens;
}
function findCommandWord(words: string[]): { word?: string; index: number } {
for (let i = 0; i < words.length; i++) {
const word = words[i];
if (SHELL_KEYWORDS.has(word)) {
continue;
}
if (isAssignmentWord(word)) {
continue;
}
if (COMMAND_PREFIXES.has(word)) {
continue;
}
return { word, index: i };
}
return { index: words.length };
}
function getInlineShellCommand(words: string[], commandIndex: number): string | null {
for (let i = commandIndex + 1; i < words.length; i++) {
const word = words[i];
if (/^(?:-[A-Za-z]*c[A-Za-z]*|--command)$/.test(word)) {
return words[i + 1] ?? null;
}
}
return null;
}
function segmentContainsBlockedGit(words: string[]): boolean {
const { word, index } = findCommandWord(words);
if (!word) {
return false;
}
if (word === "git") {
return true;
}
if (word === "jj") {
return false;
}
if (SHELL_INTERPRETERS.has(word)) {
const inlineCommand = getInlineShellCommand(words, index);
return inlineCommand ? containsBlockedGitInvocation(inlineCommand) : false;
}
return false;
}
function containsBlockedGitInvocation(command: string): boolean {
const tokens = tokenizeShell(command);
let words: string[] = [];
for (const token of tokens) {
if (token.type === "operator") {
if (segmentContainsBlockedGit(words)) {
return true;
}
words = [];
continue;
}
words.push(token.value);
}
return segmentContainsBlockedGit(words);
}
export default function (pi: ExtensionAPI) {
pi.on("tool_call", async (event, _ctx) => {
if (!isToolCallEventType("bash", event)) return;
const command = event.input.command.trim();
if (containsBlockedGitInvocation(command)) {
return {
block: true,
reason: "git is not used in this project. Use jj (Jujutsu) instead.",
};
}
});
}

28
modules/_ai-tools/no-scripting.ts Normal file
View File

@@ -0,0 +1,28 @@
/**
* No Scripting Extension
*
* Blocks python, perl, ruby, php, lua, and inline bash/sh scripts.
* Tells the LLM to use `nu -c` instead.
*/
import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
import { isToolCallEventType } from "@mariozechner/pi-coding-agent";
const SCRIPTING_PATTERN =
/(?:^|[;&|]\s*|&&\s*|\|\|\s*|\$\(\s*|`\s*)(?:python[23]?|perl|ruby|php|lua|bash\s+-c|sh\s+-c)\s/;
export default function (pi: ExtensionAPI) {
pi.on("tool_call", async (event, _ctx) => {
if (!isToolCallEventType("bash", event)) return;
const command = event.input.command.trim();
if (SCRIPTING_PATTERN.test(command)) {
return {
block: true,
reason:
"Do not use python, perl, ruby, php, lua, or inline bash/sh for scripting. Use `nu -c` instead.",
};
}
});
}

62
modules/ai-tools.nix
View File

@@ -20,6 +20,8 @@
source = "${pkgs.pi-mcp-adapter}/lib/node_modules/pi-mcp-adapter";
recursive = true;
};
".pi/agent/extensions/no-git.ts".source = ./_ai-tools/no-git.ts;
".pi/agent/extensions/no-scripting.ts".source = ./_ai-tools/no-scripting.ts;
".pi/agent/extensions/review.ts".source = ./_ai-tools/review.ts;
".pi/agent/skills/elixir-dev" = {
source = "${inputs.pi-elixir}/skills/elixir-dev";
@@ -29,68 +31,12 @@
source = "${inputs.pi-rose-pine}/themes";
recursive = true;
};
".pi/agent/extensions/no-git.ts".text = ''
/**
* No Git Extension
*
* Blocks git commands and tells the LLM to use jj (Jujutsu) instead.
*/
import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
import { isToolCallEventType } from "@mariozechner/pi-coding-agent";
export default function (pi: ExtensionAPI) {
pi.on("tool_call", async (event, _ctx) => {
if (!isToolCallEventType("bash", event)) return;
const command = event.input.command.trim();
if (/\bgit\b/.test(command) && !/\bjj\s+git\b/.test(command)) {
return {
block: true,
reason: "git is not used in this project. Use jj (Jujutsu) instead.",
};
}
});
}
'';
".pi/agent/extensions/no-scripting.ts".text = ''
/**
* No Scripting Extension
*
* Blocks python, perl, ruby, php, lua, and inline bash/sh scripts.
* Tells the LLM to use `nu -c` instead.
*/
import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
import { isToolCallEventType } from "@mariozechner/pi-coding-agent";
const SCRIPTING_PATTERN =
/(?:^|[;&|]\s*|&&\s*|\|\|\s*|\$\(\s*|`\s*)(?:python[23]?|perl|ruby|php|lua|bash\s+-c|sh\s+-c)\s/;
export default function (pi: ExtensionAPI) {
pi.on("tool_call", async (event, _ctx) => {
if (!isToolCallEventType("bash", event)) return;
const command = event.input.command.trim();
if (SCRIPTING_PATTERN.test(command)) {
return {
block: true,
reason:
"Do not use python, perl, ruby, php, lua, or inline bash/sh for scripting. Use `nu -c` instead.",
};
}
});
}
'';
".pi/agent/settings.json".text =
builtins.toJSON {
lastChangelogVersion = "0.61.1";
theme = "rose-pine-dawn";
hideThinkingBlock = true;
defaultProvider = "anthropic";
defaultModel = "claude-opus-4-6";
defaultProvider = "openai-codex";
defaultModel = "gpt-5.4";
defaultThinkingLevel = "high";
packages = [
{

6
modules/overlays.nix
View File

@@ -30,17 +30,17 @@
# cog-cli
(final: prev: let
version = "0.22.0";
version = "0.22.1";
srcs = {
x86_64-linux =
prev.fetchurl {
url = "https://github.com/trycog/cog-cli/releases/download/v${version}/cog-linux-x86_64.tar.gz";
hash = "sha256-GKCO8kUUPl1OQSVhefRy3CIitdkm//nI7LKifyOx+lk=";
hash = "sha256-ET+sNXisUrHShR1gxqdumegXycXcxGzJcQOdTr5005w=";
};
aarch64-darwin =
prev.fetchurl {
url = "https://github.com/trycog/cog-cli/releases/download/v${version}/cog-darwin-arm64.tar.gz";
hash = "sha256-uFkOoy2uFtRvuS7Cqb7ivKdvuDzV9ERNgMq2wiOHI7k=";
hash = "sha256-jcN+DtOqr3or5C71jp7AIAz0wh73FYybCC4FRBykKO4=";
};
};
in {