npm - @vtstech/pi-diag - Versions diffs - 1.1.9 → 1.2.1 - Mend

@vtstech/pi-diag 1.1.9 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/diag.js +83 -17
package/package.json +3 -3

package/diag.js CHANGED Viewed

@@ -46,6 +46,11 @@ function redactValue(key, value) {
   return value;
 }
 function diag_temp_default(pi) {
+  let cachedSystemPrompt = null;
+  let cachedPayload = null;
+  pi.on("before_provider_request", (event) => {
+    cachedPayload = event.payload;
+  });
   const branding = [
     `  \u26A1 Pi Diagnostics v${EXTENSION_VERSION}`,
     `  Written by VTSTech`,
@@ -310,21 +315,21 @@ function diag_temp_default(pi) {
     lines.push(section("SECURITY"));
     const secMode = getSecurityMode();
     lines.push(info(`Security mode: ${secMode.toUpperCase()}`));
-    const effectiveCmds = secMode === "max" ? BLOCKED_COMMANDS : CRITICAL_COMMANDS;
+    const effectiveCmds = secMode === "off" ? /* @__PURE__ */ new Set() : secMode === "max" ? BLOCKED_COMMANDS : CRITICAL_COMMANDS;
     const blockedCmdList = Array.from(effectiveCmds).sort();
-    lines.push(info(`Command blocklist: ${blockedCmdList.length} commands blocked (${CRITICAL_COMMANDS.size} critical` + (secMode === "max" ? ` + ${EXTENDED_COMMANDS.size} extended)` : ")")));
+    lines.push(info(`Command blocklist: ${blockedCmdList.length} commands blocked (${CRITICAL_COMMANDS.size} critical` + (secMode === "max" ? ` + ${EXTENDED_COMMANDS.size} extended)` : secMode === "off" ? " (disabled in off mode)" : ")")));
     const exampleCmds = blockedCmdList.filter((c) => ["rm", "sudo", "chmod", "curl", "wget", "eval"].includes(c));
     if (exampleCmds.length > 0) {
       lines.push(info(`  Examples: ${exampleCmds.join(", ")}`));
     }
     check(
-      blockedCmdList.length > 0,
-      `Command blocklist active (${blockedCmdList.length} rules)`,
-      `Command blocklist is EMPTY \u2014 security risk!`
+      secMode === "off" ? true : blockedCmdList.length > 0,
+      secMode === "off" ? "Security disabled in off mode" : `Command blocklist active (${blockedCmdList.length} rules)`,
+      secMode === "off" ? "" : `Command blocklist is EMPTY \u2014 security risk!`
     );
-    const effectivePatterns = secMode === "max" ? BLOCKED_URL_PATTERNS : BLOCKED_URL_ALWAYS;
+    const effectivePatterns = secMode === "off" ? /* @__PURE__ */ new Set() : secMode === "max" ? BLOCKED_URL_PATTERNS : BLOCKED_URL_ALWAYS;
     const blockedPatterns = Array.from(effectivePatterns).sort();
-    lines.push(info(`SSRF protection: ${blockedPatterns.length} hostname patterns blocked (${BLOCKED_URL_ALWAYS.size} always` + (secMode === "max" ? ` + ${BLOCKED_URL_MAX_ONLY.size} max-only)` : ")")));
+    lines.push(info(`SSRF protection: ${blockedPatterns.length} hostname patterns blocked (${BLOCKED_URL_ALWAYS.size} always` + (secMode === "max" ? ` + ${BLOCKED_URL_MAX_ONLY.size} max-only)` : secMode === "off" ? " (disabled in off mode)" : ")")));
     const examplePatterns = blockedPatterns.filter(
       (p) => ["localhost", "127.0.0.1", "169.254.169.254", "10.", "192.168.", "internal."].includes(p)
     );
@@ -332,19 +337,19 @@ function diag_temp_default(pi) {
       lines.push(info(`  Examples: ${examplePatterns.join(", ")}`));
     }
     check(
-      blockedPatterns.length > 0,
-      `SSRF protection active (${blockedPatterns.length} patterns)`,
-      `SSRF blocklist is EMPTY \u2014 vulnerability risk!`
+      secMode === "off" ? true : blockedPatterns.length > 0,
+      secMode === "off" ? "SSRF protection disabled in off mode" : `SSRF protection active (${blockedPatterns.length} patterns)`,
+      secMode === "off" ? "" : `SSRF blocklist is EMPTY \u2014 vulnerability risk!`
     );
     lines.push(info("SSRF validation tests:"));
     const ssrfTests = [
-      { url: "http://localhost:8080/api", expectBlocked: secMode === "max" },
-      { url: "http://169.254.169.254/latest/meta-data/", expectBlocked: true },
-      { url: "http://192.168.1.1/admin", expectBlocked: true },
+      { url: "http://localhost:8080/api", expectBlocked: secMode !== "off" && secMode === "max" },
+      { url: "http://169.254.169.254/latest/meta-data/", expectBlocked: secMode !== "off" },
+      { url: "http://192.168.1.1/admin", expectBlocked: secMode !== "off" },
       { url: "https://api.example.com/data", expectBlocked: false }
     ];
     for (const test of ssrfTests) {
-      const result = isSafeUrl(test.url);
+      const result = isSafeUrl(test.url, true, secMode);
       if (test.expectBlocked && !result.safe) {
         lines.push(ok(`  BLOCKED: ${test.url} \u2192 ${result.error}`));
       } else if (!test.expectBlocked && result.safe) {
@@ -376,9 +381,9 @@ function diag_temp_default(pi) {
     }
     lines.push(info("Command injection tests:"));
     const cmdTests = [
-      { cmd: "ls; rm -rf /", expectSafe: false },
-      { cmd: "sudo chmod 777 /etc/passwd", expectSafe: false },
-      { cmd: "curl http://localhost/secret", expectSafe: secMode !== "max" },
+      { cmd: "ls; rm -rf /", expectSafe: secMode === "off" },
+      { cmd: "sudo chmod 777 /etc/passwd", expectSafe: secMode === "off" },
+      { cmd: "curl http://localhost/secret", expectSafe: secMode !== "max" && secMode !== "off" },
       { cmd: "ls -la", expectSafe: true },
       { cmd: "cat README.md", expectSafe: true },
       { cmd: "echo hello", expectSafe: true }
@@ -449,6 +454,67 @@ function diag_temp_default(pi) {
     }
     const thinking = pi.getThinkingLevel();
     lines.push(info(`Thinking level: ${thinking}`));
+    lines.push(section("SYSTEM PROMPT"));
+    let systemPromptText = null;
+    try {
+      if (typeof ctx.getSystemPrompt === "function") {
+        systemPromptText = ctx.getSystemPrompt();
+        if (systemPromptText) {
+          debugLog("diag", `system prompt retrieved via getSystemPrompt(): ${systemPromptText.length} chars`);
+        }
+      }
+    } catch (err) {
+      debugLog("diag", "getSystemPrompt() not available", err);
+    }
+    if (!systemPromptText && cachedPayload) {
+      try {
+        const messages = cachedPayload.messages;
+        if (messages?.length) {
+          const sysMsg = messages.find((m) => m.role === "system") ?? messages[0];
+          if (sysMsg?.content) {
+            systemPromptText = sysMsg.content;
+            debugLog("diag", `system prompt extracted from payload: ${systemPromptText.length} chars`);
+          }
+        }
+      } catch (err) {
+        debugLog("diag", "failed to extract system prompt from payload", err);
+      }
+    }
+    if (systemPromptText) {
+      const charCount = systemPromptText.length;
+      const wordCount = systemPromptText.split(/\s+/).filter(Boolean).length;
+      const lineCount = systemPromptText.split("\n").length;
+      lines.push(info(`Size: ${charCount} chars, ~${wordCount} words, ${lineCount} lines`));
+      const preview = systemPromptText.split("\n")[0]?.slice(0, 80) || "(empty first line)";
+      lines.push(info(`Opening line: ${preview}${preview.length >= 80 ? "..." : ""}`));
+      const TRUNCATE_AT = 2e3;
+      if (charCount <= TRUNCATE_AT) {
+        lines.push("");
+        lines.push("  \u250C\u2500\u2500\u2500 SYSTEM PROMPT \u2500\u2500\u2500");
+        for (const line of systemPromptText.split("\n")) {
+          lines.push(`  \u2502 ${line}`);
+        }
+        lines.push("  \u2514" + "\u2500".repeat(Math.min("\u2500\u2500\u2500 SYSTEM PROMPT \u2500\u2500\u2500".length + 4, 50)));
+        check(true, "System prompt retrieved successfully");
+      } else {
+        const truncated = systemPromptText.slice(0, 1500);
+        const remaining = charCount - 1500;
+        lines.push("");
+        lines.push("  \u250C\u2500\u2500\u2500 SYSTEM PROMPT (truncated) \u2500\u2500\u2500");
+        for (const line of truncated.split("\n")) {
+          lines.push(`  \u2502 ${line}`);
+        }
+        lines.push(`  \u2502 ... (${remaining} more chars not shown)`);
+        lines.push("  \u2514" + "\u2500".repeat(Math.min("\u2500\u2500\u2500 SYSTEM PROMPT (truncated) \u2500\u2500\u2500".length + 4, 50)));
+        check(true, `System prompt retrieved (${charCount} chars, showing first 1500)`);
+      }
+    } else {
+      lines.push(warn("System prompt not available"));
+      lines.push(info("  Possible reasons:"));
+      lines.push(info("    \u2022 No provider request has been made yet in this session"));
+      lines.push(info("    \u2022 ctx.getSystemPrompt() is not supported by your Pi version"));
+      lines.push(info("    \u2022 The provider payload does not contain a messages array"));
+    }
     lines.push(section("SUMMARY"));
     lines.push(info(`Passed: ${passCount}  Failed: ${failCount}  Warnings: ${warnCount}`));
     if (failCount === 0) {

package/package.json CHANGED Viewed

@@ -1,9 +1,9 @@
 {
   "name": "@vtstech/pi-diag",
-  "version": "1.1.9",
+  "version": "1.2.1",
   "description": "Diagnostics extension for Pi Coding Agent",
   "main": "diag.js",
-  "keywords": ["pi-extensions"],
+  "keywords": ["pi-package", "pi", "pi-coding-agent", "pi-extensions"],
   "license": "MIT",
   "access": "public",
   "type": "module",
@@ -14,7 +14,7 @@
     "url": "https://github.com/VTSTech/pi-coding-agent"
   },
   "dependencies": {
-    "@vtstech/pi-shared": "1.1.9"
+    "@vtstech/pi-shared": "1.2.1"
   },
   "peerDependencies": {
     "@mariozechner/pi-coding-agent": ">=0.66"