npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

pi-cwd-guard

v0.3.5

Published

Small Pi safety extension for cwd access, protected paths, runtime config confirmation, and common destructive bash commands.

Downloads

1,225

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

devnazimdevnazim

Keywords

pi-packagepi-extensioncwdguardsafety

Readme

pi-cwd-guard

A small Pi safety extension package for cwd access, protected paths, runtime config confirmation, and common destructive bash commands.

What it guards

The extension intercepts these built-in tools:

  • read
  • write
  • edit
  • bash

Current working directory guard

Before read, write, or edit runs, the extension strips a leading @ the same way Pi's built-in file tools do, then resolves the tool's path argument against the current working directory.

  • If the resolved path is inside the current working directory, the tool continues to the next checks.
  • If the resolved path is outside the current working directory and is not covered by allowedOutsideCwdPaths, Pi asks for confirmation.
  • If no UI is available, outside-cwd access is blocked by default unless the path is covered by allowedOutsideCwdPaths.

Configuring outside-cwd exceptions

You can allow specific outside-cwd paths with JSON config files:

  • Project-local: .pi/pi-cwd-guard.json
  • Global: ~/.pi/agent/extensions/pi-cwd-guard.json

Example:

{
  "allowedOutsideCwdPaths": [
    "/tmp",
    "/var/tmp",
    "~/shared-workspace",
    "../sibling-project"
  ]
}

Notes:

  • Multiple paths are supported.
  • Matching is recursive: allowing /tmp allows /tmp/foo/bar.txt.
  • ~ expands to your home directory.
  • Absolute paths are used as-is.
  • Relative paths in project config resolve against the current working directory.
  • Relative paths in global config resolve against ~/.pi/agent/extensions.
  • Project and global allowedOutsideCwdPaths are merged.
  • These exceptions only skip the outside-cwd confirmation. They do not bypass hard-protected path blocks, runtime config confirmation, or destructive bash confirmation.

You can also inspect or update the config from Pi with the /cwd-guard command:

/cwd-guard
/cwd-guard show
/cwd-guard allow /tmp --project
/cwd-guard allow /tmp --global
/cwd-guard allow /tmp /var/tmp ~/shared-workspace --project
/cwd-guard allow "/tmp/my folder" --project

Command notes:

  • /cwd-guard opens an interactive menu for showing config or adding exceptions. Without UI, it displays the merged active configuration.
  • /cwd-guard show displays the merged active configuration.
  • Typing /cwd-guard in interactive mode autocompletes subcommands, and allow ... autocompletes --project / --global.
  • allow <path...> --project updates .pi/pi-cwd-guard.json.
  • allow <path...> --global updates ~/.pi/agent/extensions/pi-cwd-guard.json and asks for confirmation first.
  • Paths added by the command are written as absolute resolved paths.
  • Command arguments support shell-style single quotes, double quotes, and backslash escapes for paths with spaces.

Hard-protected paths

write and edit are blocked for sensitive, vendor, or generated paths such as:

  • .env, .env.*
  • secrets/, .secrets/, credentials/, .credentials/
  • .npmrc, .pypirc, id_rsa, id_ed25519, kubeconfig files
  • common credential JSON files such as secrets.json, credentials.json, client_secret.json, service-account JSON files
  • *.pem, *.key, *.p12, *.pfx
  • node_modules/
  • generated/build output dirs like dist/, build/, coverage/, .next/, .nuxt/, generated/

These are hard-blocked rather than confirmed.

Runtime config confirmation

write and edit ask for confirmation before changing likely runtime config, including paths like env.ts, runtime-config.ts, app-config.ts, config.ts, config.json, appsettings.json, application.yml, deployment config such as docker-compose.yml, serverless.yml, vercel.json, netlify.toml, wrangler.toml, and config files under config-ish/deployment directories such as config/*.ts, config/*.json, k8s/*.yaml, or infra/*.tfvars. For config-ish files/directories only, edits containing obvious environment/API markers also ask for confirmation, such as:

  • BASE_URL
  • API_URL
  • PUBLIC_*
  • *_KEY
  • *_TOKEN
  • CLIENT_ID
  • CLIENT_SECRET
  • process.env
  • znv

If no UI is available, runtime config changes are blocked by default.

Permission prompt notifications

If pi-cmux is installed, pi-cwd-guard sends a best-effort cmux notification/status update whenever it opens a permission confirmation. This is optional and no-ops when pi-cmux is not present.

Common destructive bash confirmation

bash asks for confirmation before common destructive commands such as:

  • recursive/forced rm
  • sudo
  • dangerous chmod
  • recursive chown
  • git reset --hard
  • git clean -fd

This is intentionally heuristic and small. It does not parse shell scripts, inspect script files, or sandbox Python/Node.js/other scripts. For scripts, the extension adds advisory prompt guidance telling the agent to ask before intentionally accessing paths outside process.cwd() unless the path is covered by configured allowedOutsideCwdPaths.

Install

From npm:

pi install npm:pi-cwd-guard

From a local checkout:

pi install /absolute/path/to/pi-cwd-guard

Or test for one run:

pi -e /absolute/path/to/pi-cwd-guard

The package also includes a root index.ts shim, so direct extension-directory configuration such as "extensions": ["/absolute/path/to/pi-cwd-guard"] works too.

Compatibility

pi-cwd-guard uses Pi's extension API via a peer dependency and is intended to work across current Pi releases.

Development

npm install
npm run typecheck
npm run pack:dry-run

Package manifest

This package exposes its extension through:

{
  "pi": {
    "extensions": ["./src/index.ts"]
  }
}