Commit 866d3a970cc0

Vincent Demeester <vincent@sbr.pm>
2026-02-18 13:45:03
feat(dots): add kubectl guardrail and fix missing dep
Added kubectl to dangerous commands list in guardrails extension to require user confirmation before execution. Added missing pi-coding-agent devDependency to package.json.
main
1 parent 194fdcd
Changed files (2)
dots
pi
agent
extensions
guardrails
index.ts
package.json
dots/pi/agent/extensions/guardrails/index.ts
@@ -51,6 +51,7 @@ const dangerousCommands = [
 	{ pattern: /:\(\)\s*\{\s*:\s*\|\s*:\s*&\s*\}\s*;/, desc: "fork bomb" },
 	{ pattern: /\bnixos-rebuild\s+(switch|boot|test)/, desc: "direct nixos-rebuild (use make targets)" },
 	{ pattern: /\bhome-manager\s+switch\b/, desc: "direct home-manager switch (use make targets)" },
+	{ pattern: /\bkubectl\b/, desc: "kubectl command" },
 ];
 
 // ── Protected path patterns (hard block via bash) ─────────────
dots/pi/agent/extensions/guardrails/package.json
@@ -7,6 +7,7 @@
     "extensions": ["./index.ts"]
   },
   "devDependencies": {
+    "@mariozechner/pi-coding-agent": "*",
     "bun-types": "^1.0.0"
   }
 }