Skip to content

fix(pi): loosen plan-mode write gate to directory scope#594

Closed
backnotprop wants to merge 1 commit intomainfrom
fix/pi-plan-write-gate-dir-scope
Closed

fix(pi): loosen plan-mode write gate to directory scope#594
backnotprop wants to merge 1 commit intomainfrom
fix/pi-plan-write-gate-dir-scope

Conversation

@backnotprop
Copy link
Copy Markdown
Owner

@backnotprop backnotprop commented Apr 20, 2026

Summary

  • Plan-mode write/edit gate did an exact-path comparison against planFilePath, so /plannotator plans/ blocked every file inside plans/ and the agent fell back to bash cat > file to bypass it.
  • Gate is now directory-scoped when planFilePath ends with a separator, has no file extension, or points to a subdirectory. Default PLAN.md behavior is unchanged.
  • Extracted the logic to a pure function (isPlanWritePathAllowed) in tool-scope.ts with 6 new unit tests.

Repro that now works

$ /plannotator plans/
$ "make a simple plan for snake game"
→ agent writes plans/snake_game_plan.md (allowed), no bash fallback

Test plan

  • bun test apps/pi-extension/tool-scope.test.ts — 9 pass, 0 fail
  • tsc --noEmit -p apps/pi-extension/tsconfig.json — clean
  • Manual: /plannotator plans/ in a fresh project, confirm plan writes succeed
  • Manual: /plannotator PLAN.md (default), confirm behavior unchanged and writes to src/ still blocked
  • Manual: /plannotator plans/auth.md, confirm sibling writes (plans/notes.md) allowed, writes outside blocked

@backnotprop
fix(pi): loosen plan-mode write gate to directory scope
fd27ab8 
The write/edit gate required an exact path match against planFilePath,
so `/plannotator plans/` (or any directory-style path) blocked every
write the agent attempted, including files inside that same directory.
Agents then fell back to bash/python heredocs to bypass the gate.

Now directory-scoped: writes inside the plan's directory are allowed
when planFilePath ends with a separator, has no file extension, or
points to a subdirectory. Default `PLAN.md` behavior is unchanged.

Extracted the gate into a pure function in tool-scope.ts with test
coverage for the main cases (default file, trailing-slash dir, bare
dir name, subdir sibling, traversal rejection, absolute paths).

For provenance purposes, this commit was AI assisted.
@backnotprop backnotprop mentioned this pull request Apr 20, 2026
Merged
7 tasks
@backnotprop
Copy link
Copy Markdown
Owner Author

backnotprop commented Apr 20, 2026

Superseded by #595, which redesigns plan mode around agent-supplied file paths instead of the configured-path gate. That approach avoids both the sibling-unlock regression this PR introduced and the pre-existing submit-on-directory failure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@backnotprop