Pi Extensions Setup for Homelab
This document describes the pi extensions configured for the homelab repository.
Project Extensions (.pi/extensions/)
These extensions only run in the homelab repository:
deployment-guard.ts
Confirms before deploying to production hosts (rhea, atlas).
Features:
- Shows git status before deployment
- Warns about uncommitted changes
- Suggests
dry-buildbeforeswitch/boot - Requires confirmation for production hosts
Production hosts:
const PRODUCTION_HOSTS = ["rhea", "atlas"];
secrets-validator.ts
Prevents committing unencrypted secrets.
Features:
- Scans staged files for potential secrets before commits
- Detects API keys, passwords, tokens, private keys
- Validates agenix secrets are encrypted
- Manual scan command:
/scan-secrets
Configuration Files
~/.pi/agent/extensions/
├── uv.ts # Python tool interception (pip → uv)
├── validate-git-push.ts # Git push safety
├── custom-footer.ts # Custom status bar
└── ... (other extensions)
/home/vincent/src/home/.pi/extensions/
├── deployment-guard.ts # Production deployment guard
├── secrets-validator.ts # Secret detection
└── README.md
Usage Examples
Deployment Guard
cd ~/src/home
# Try to deploy to production
make host/rhea/switch
# → Prompts: "Deploy to Production? This will deploy to rhea. Continue?"
# With uncommitted changes
make switch
# → Warns about dirty git tree, asks for confirmation
Secrets Validator
# Try to commit with potential secrets
git add secrets/api-key.txt
git commit -m "Add key"
# → Warns: "Potential secrets detected. Commit anyway?"
# Manual scan
/scan-secrets
# → Scans entire repository for potential secrets
Customization
Add Production Hosts
Edit .pi/extensions/deployment-guard.ts:
const PRODUCTION_HOSTS = [
"rhea",
"atlas",
"your-new-host", // Add here
];
Customize Secret Patterns
Edit .pi/extensions/secrets-validator.ts:
const SECRET_PATTERNS = [
{ name: "API Key", pattern: /api[_-]?key\s*[:=]\s*["']?[a-zA-Z0-9]{20,}["']?/i },
// Add more patterns here
];
Hot Reloading
After editing extensions:
/reload