npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@inceptionstack/pi-hard-no

v1.3.1

Published

Pi extension — automatic code review after every agent turn

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

royosheroveroyosherove

Keywords

piextensioncode-reviewaiagent

Readme

pi-hard-no

Gives your AI agent a hard no. Every. Single. Time. Until the code is right.

A pi extension that automatically reviews code changes after each agent turn using a separate reviewer instance. If the reviewer isn't happy, the agent goes back and fixes it — looping continuously until the review says LGTM. Push is blocked until the reviewer approves, so nothing lands remote without passing review. No manual triggering needed — it all happens automatically. Fully customizable: swap models, write your own review rules, tune loop limits, gate with a judge, and more.

Install

pi install npm:@inceptionstack/pi-hard-no

Or manually:

cp index.ts ~/.pi/agent/extensions/pi-hard-no.ts

How it works

Agent makes file changes (write, edit, bash)
         │
         ▼ agent_end fires
         │
         ▼ Extension detects file-modifying tool calls
         │
         ▼ Spawns a fresh pi instance (in-memory, isolated)
         │
         ▼ Sends per-file diffs + commit messages to reviewer
         │  Reviewer reads each file itself via read(path) tool
         │
    ┌────┴────┐
    │         │
  LGTM    Hard no
    │         │
    │         ▼
    │      Feeds issues back to the agent
    │      Agent fixes → reviewer loops again
    │       (up to maxReviewLoops — default 100)
    │
    ▼ >1 file reviewed from git?
    │
    ├── No → done
    │
    └── Yes → Architect review
              (cross-file consistency, architecture coherence)

The reviewer checks for:

  • Bugs, logic errors, off-by-one errors, race conditions
  • Security issues (injection, secret leaks, auth bypasses)
  • Missing error handling
  • DRY violations (Don't Repeat Yourself)
  • Single Responsibility Principle
  • Readability and maintainability

Configuration

Config files are loaded from two locations. Local takes precedence over global:

  1. cwd/.hardno/ — project-specific config
  2. ~/.pi/.hardno/ — global defaults

All config files are optional. If missing, sensible defaults are used.

Use /scaffold-review-files to generate config templates.

.hardno/settings.json

{
  "maxReviewLoops": 100,
  "model": "amazon-bedrock/us.meta.llama4-maverick-17b-instruct-v1:0",
  "thinkingLevel": "off",
  "architectEnabled": true,
  "reviewTimeoutMs": 120000,
  "toggleShortcut": "alt+r",
  "cancelShortcut": "",
  "judgeEnabled": false,
  "judgeModel": "amazon-bedrock/us.anthropic.claude-haiku-4-5-20251001-v1:0",
  "judgeTimeoutMs": 10000
}

| Setting | Type | Default | Description | | ------------------ | ----------- | -------------------------------------------------------------- | ------------------------------------------------------------------------------------------ | | maxReviewLoops | integer > 0 | 100 | Max review→fix→review cycles before giving up | | model | string | "amazon-bedrock/us.meta.llama4-maverick-17b-instruct-v1:0" | Reviewer model ("provider/model-id") | | thinkingLevel | string | "off" | off\|minimal\|low\|medium\|high\|xhigh | | architectEnabled | boolean | true | Enable architect review (triggers when >1 file reviewed from git) | | reviewTimeoutMs | integer > 0 | 120000 | Max wall-clock per review in ms | | toggleShortcut | string | "alt+r" | Key id for toggling review on/off | | judgeEnabled | boolean | false | Opt-in LLM gate that suppresses redundant reviews on read-only turns (see Judge) | | judgeModel | string | "amazon-bedrock/us.anthropic.claude-haiku-4-5-20251001-v1:0" | Model used by the judge ("provider/model-id") | | judgeTimeoutMs | integer > 0 | 10000 | Max wall-clock per judge classification call in ms | | cancelShortcut | string | "" (none) | Key id for cancelling review (opt-in, see below) |

Note: roundupEnabled is accepted as a legacy alias for architectEnabled.

.hardno/review-rules.md

Custom review rules appended to the reviewer prompt. Only include review criteria — the surrounding prompt (tools, budget, workflow, response format) is handled automatically.

## Architecture

- All API endpoints must validate input with zod schemas
- Database queries must use parameterized statements

## Security

- No console.log in production code (use logger)
- No secrets in code — use environment variables

Use /add-review-rule <text> to quickly prepend rules, or /hardno-rules to open the file in pi's editor.

.hardno/auto-review.md

Override the "what to review / what not to report" section of the review prompt. The surrounding prompt (tools, budget, workflow, response format) is always included automatically.

.hardno/architect.md

Custom rules for the architect review (cross-file consistency check):

## Architecture

- Verify module dependency graph has no cycles
- Check error handling is consistent across all modules
- Flag any TODO/FIXME comments added during fix loops

Note: .hardno/roundup.md is accepted as a legacy fallback.

.hardno/ignore

Gitignore-style patterns to exclude files from review:

# Skip generated files
*.generated.ts
dist/
node_modules/

# Skip specific paths
src/vendor/**

UX

Status bar (bottom of pi)

  • hard-no on (Alt+R toggle) — idle, no pending files
  • hard-no on 🔒 push blocked · will review 3 files (Alt+R toggle) — edits accumulating, push blocked
  • hard-no reviewing… 🔒 push blocked (/cancel-review) — reviewer running
  • hard-no on issues found 🔒 push blocked (Alt+R toggle) — review found issues, agent looping to fix
  • hard-no skipped — no files to review — nothing to review after fix turn
  • hard-no off (Alt+R toggle) — disabled, push guard off

Review progress widget

During reviews, an animated widget appears below the editor showing:

  • ASCII art senior dev with reading glasses
  • File list with active file highlighted and per-file tool usage counts
  • Elapsed time, model name, loop count

Commands

| Command | Description | | ------------------------- | --------------------------------------------------------------------- | | /review | Toggle review on/off | | /review N | Review the last N commits | | /review-all | Review all changes (pending diff → last commit → all files in cwd) | | /cancel-review | Cancel an in-progress review (works during architect review) | | /review-judge-toggle | Toggle the duplicate-review suppressor (judge) for this session | | /review-clean-logs | Wipe ~/.pi/.hardno/review.log + reviews/*.json (config untouched) | | /scaffold-review-files | Create .hardno/ config templates in a git repo | | /hardno-rules | Edit .hardno/review-rules.md in pi's built-in editor | | /add-review-rule <text> | Prepend a custom rule to .hardno/review-rules.md |

Keyboard shortcuts

| Key | Default | Configurable | Action | | ------------------ | -------- | ---------------- | --------------------------------------------------- | | Toggle shortcut | alt+r | toggleShortcut | Toggle review on/off | | Cancel shortcut | (none) | cancelShortcut | Cancel in-progress review | | ctrl+alt+r | built-in | no | Cancel review (fallback, terminals that support it) | | ctrl+alt+shift+r | built-in | no | Full reset: cancel, reset loops, clear all state |

Note: /cancel-review is the recommended cancel method. It works in all terminals. Keyboard shortcuts for cancel are opt-in via cancelShortcut in settings because many terminals (especially iTerm2 on macOS) don't reliably send modifier key combos.

The loop

  1. Agent makes changes → review triggers
  2. Hard no — issues found → agent fixes them → review triggers again
  3. LGTM — loop counter resets, agent proceeds
  4. If loop count reaches maxReviewLoops → stops with a warning
  5. Toggling off/on with /review resets the counter

The agent cannot push, skip, or ignore the review. It loops until it gets an LGTM or hits the ceiling.

Architect review

After the review loop reaches LGTM, an architect review triggers automatically when more than one file was reviewed from git across the session. No heuristics or judge gating — it always runs for multi-file changes.

The architect review:

  • Checks architecture coherence across all changes
  • Verifies cross-file consistency (naming, patterns, types)
  • Looks for accumulated tech debt from fix loops
  • Validates documentation is still accurate
  • Uses tools (read, bash, grep, find, ls) to explore the full codebase

Disable with "architectEnabled": false in settings.

Judge

The judge is an opt-in duplicate-review suppressor. When enabled, it runs a cheap classifier LLM (default: Claude Haiku 4.5) on each bash tool call the agent made this turn. If every bash call classifies as inspection_vcs_noop (reads state only — git status, git log, echo, inspection compounds, etc.) and no write/edit tool call ran, the full review is skipped with reason judge_read_only.

Why it exists: the deterministic classifier in changes.ts uses a static allowlist. Commands using shell builtins outside the allowlist (e.g. echo in a compound) get flagged as "potentially modifying" and trigger an unnecessary review of already-reviewed content. The judge catches those false positives.

Fail-safe by design:

  • Off by default.
  • Fail-open: any judge error (timeout, transport, parse) → review runs as normal.
  • unsure classification → review runs (same as "modifying").
  • Any write/edit tool call skips the judge entirely and goes straight to review.
  • A kill switch: set "judgeEnabled": false to disable instantly.

Enable in .hardno/settings.json:

{
  "judgeEnabled": true
}

See eval/RESULTS.md for the evaluation that picked Haiku 4.5.

What triggers a review

Only fires when file-modifying tools were used during the agent turn:

  • write — new files
  • edit — file edits
  • bash — commands matching file operations (cp, mv, rm, sed -i, cat >, tee, mkdir, echo >)

Pure read/search turns are skipped. Non-file-modifying bash commands (git commit, curl, aws, etc.) are also skipped.

Untracked (new) files

Files created via write that haven't been git added are detected via git ls-files --others --exclude-standard and included in the review context, labeled as (new file).

Cancellation

You can cancel a review at any time:

  • /cancel-review — works in all terminals, recommended method
  • Configured shortcut — set cancelShortcut in settings if you want a hotkey
  • ctrl+alt+r — fallback, works in terminals that support the key combo

Cancellation stops the current review immediately, including architect reviews. The agent continues normally.

Push guard

The extension automatically blocks git push when:

  • A review is in progress — wait for the review to complete
  • The last review found issues — fix the issues and get LGTM first
  • Files have been modified but not yet reviewed — wait for the review to start and complete

The status bar shows 🔒 push blocked whenever push would be blocked.

The block applies to any bash tool call matching git push (including git -C <dir> push, git push origin main, etc.). The agent sees a clear "Push blocked" message explaining why.

The block clears automatically when:

  • The next review returns LGTM
  • The review skips with "no files to review" (issues resolved by deletion/revert)
  • You do a full reset (Ctrl+Alt+Shift+R)
  • You disable review (Alt+R toggle) — push guard is off when review is off

No git hooks are needed — this is enforced at the extension level via pi's tool_call event interception.

License

MIT