@vtstech/pi-security 1.0.3 → 1.0.4-1

package/README.md

@@ -0,0 +1,28 @@
+# @vtstech/pi-security
+
+Security extension for the [Pi Coding Agent](https://github.com/badlogic/pi-mono).
+
+Command, path, and network security layer for Pi's tool execution. Automatically loaded — no commands needed.
+
+## Install
+
+```bash
+pi install "npm:@vtstech/pi-security"
+```
+
+## Protection
+
+- **65 blocked commands** — system modification, privilege escalation, network attacks, package management, process control, shell escapes
+- **SSRF protection** — 27 blocked hostname patterns (loopback, RFC1918 private ranges, cloud metadata endpoints)
+- **Path validation** — prevents filesystem escape and access to critical system directories
+- **Shell injection detection** — regex patterns for command chaining, substitution, and redirection
+- **Audit logging** — JSON-lines audit log at `~/.pi/agent/audit.log`
+
+## Links
+
+- [Full Documentation](https://github.com/VTSTech/pi-coding-agent#security-securityts)
+- [Changelog](https://github.com/VTSTech/pi-coding-agent/blob/main/CHANGELOG.md)
+
+## License
+
+MIT — [VTSTech](https://www.vts-tech.org)

package/package.json

@@ -1,11 +1,12 @@
 {
   "name": "@vtstech/pi-security",
-  "version": "1.0.3",
+  "version": "1.0.4-1",
   "description": "Security extension for Pi Coding Agent",
   "main": "security.js",
   "keywords": ["pi-package", "pi-extensions"],
   "license": "MIT",
   "access": "public",
+  "type": "module",
   "author": "VTSTech",
   "homepage": "https://www.vts-tech.org",
   "repository": {
@@ -13,7 +14,7 @@
     "url": "https://github.com/VTSTech/pi-coding-agent"
   },
   "dependencies": {
-    "@vtstech/pi-shared": "1.0.3"
+    "@vtstech/pi-shared": "1.0.4-1"
   },
   "peerDependencies": {
     "@mariozechner/pi-coding-agent": ">=0.66"

package/security.js

@@ -1,29 +1,15 @@
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-
 // .build-npm/security/security.temp.ts
-var security_temp_exports = {};
-__export(security_temp_exports, {
-  default: () => security_temp_default
-});
-module.exports = __toCommonJS(security_temp_exports);
-var import_security = require("@vtstech/pi-shared/security");
-var import_format = require("@vtstech/pi-shared/format");
+import {
+  checkBashToolInput,
+  checkFileToolInput,
+  checkHttpToolInput,
+  checkInjectionPatterns,
+  appendAuditEntry,
+  readRecentAuditEntries,
+  BLOCKED_COMMANDS,
+  BLOCKED_URL_PATTERNS
+} from "@vtstech/pi-shared/security";
+import { section, ok, fail, warn, info } from "@vtstech/pi-shared/format";
 function security_temp_default(pi) {
   const stats = {
     blocked: 0,
@@ -46,7 +32,7 @@ function security_temp_default(pi) {
       case "bash":
       case "shell":
       case "run_command":
-        result = (0, import_security.checkBashToolInput)(input);
+        result = checkBashToolInput(input);
         break;
       case "read":
       case "read_file":
@@ -56,17 +42,17 @@ function security_temp_default(pi) {
       case "edit_file":
       case "list_directory":
       case "list_dir":
-        result = (0, import_security.checkFileToolInput)(input);
+        result = checkFileToolInput(input);
         break;
       case "http_get":
       case "http_post":
       case "fetch":
       case "web_search":
       case "http_request":
-        result = (0, import_security.checkHttpToolInput)(input);
+        result = checkHttpToolInput(input);
         break;
       default:
-        result = (0, import_security.checkInjectionPatterns)(input);
+        result = checkInjectionPatterns(input);
         break;
     }
     if (!result.safe) {
@@ -78,7 +64,7 @@ function security_temp_default(pi) {
         detail: result.detail,
         timestamp: (/* @__PURE__ */ new Date()).toISOString()
       };
-      (0, import_security.appendAuditEntry)({
+      appendAuditEntry({
         timestamp: (/* @__PURE__ */ new Date()).toISOString(),
         toolName,
         toolCallId,
@@ -95,7 +81,7 @@ function security_temp_default(pi) {
     stats.allowed++;
     if (["bash", "shell", "write", "write_file", "edit", "edit_file"].includes(toolName)) {
       stats.warnings++;
-      (0, import_security.appendAuditEntry)({
+      appendAuditEntry({
         timestamp: (/* @__PURE__ */ new Date()).toISOString(),
         toolName,
         toolCallId,
@@ -110,7 +96,7 @@ function security_temp_default(pi) {
     const toolName = event.toolName;
     const isError = event.isError;
     if (isError) {
-      (0, import_security.appendAuditEntry)({
+      appendAuditEntry({
         timestamp: (/* @__PURE__ */ new Date()).toISOString(),
         toolName,
         toolCallId: event.toolCallId,
@@ -124,34 +110,34 @@ function security_temp_default(pi) {
   async function generateAuditReport() {
     const lines = [];
     lines.push(branding);
-    lines.push((0, import_format.section)("SESSION STATISTICS"));
-    lines.push((0, import_format.info)(`Tool calls allowed: ${stats.allowed}`));
-    lines.push((0, import_format.info)(`Tool calls blocked: ${stats.blocked}`));
-    lines.push((0, import_format.info)(`Dangerous operations logged: ${stats.warnings}`));
+    lines.push(section("SESSION STATISTICS"));
+    lines.push(info(`Tool calls allowed: ${stats.allowed}`));
+    lines.push(info(`Tool calls blocked: ${stats.blocked}`));
+    lines.push(info(`Dangerous operations logged: ${stats.warnings}`));
     if (stats.blocked > 0) {
-      lines.push((0, import_format.warn)(`${stats.blocked} operation(s) were blocked by security rules`));
+      lines.push(warn(`${stats.blocked} operation(s) were blocked by security rules`));
     }
     const ruleNames = Object.keys(stats.byRule);
     if (ruleNames.length > 0) {
-      lines.push((0, import_format.section)("BLOCKED BY RULE"));
+      lines.push(section("BLOCKED BY RULE"));
       for (const rule of ruleNames) {
-        lines.push((0, import_format.info)(`  ${rule}: ${stats.byRule[rule]} blocked`));
+        lines.push(info(`  ${rule}: ${stats.byRule[rule]} blocked`));
       }
     }
     if (stats.lastBlocked) {
-      lines.push((0, import_format.section)("LAST BLOCKED"));
-      lines.push((0, import_format.fail)(`Tool: ${stats.lastBlocked.tool}`));
-      lines.push((0, import_format.fail)(`Rule: ${stats.lastBlocked.rule}`));
-      lines.push((0, import_format.fail)(`Detail: ${stats.lastBlocked.detail}`));
-      lines.push((0, import_format.info)(`Time: ${stats.lastBlocked.timestamp}`));
+      lines.push(section("LAST BLOCKED"));
+      lines.push(fail(`Tool: ${stats.lastBlocked.tool}`));
+      lines.push(fail(`Rule: ${stats.lastBlocked.rule}`));
+      lines.push(fail(`Detail: ${stats.lastBlocked.detail}`));
+      lines.push(info(`Time: ${stats.lastBlocked.timestamp}`));
     }
-    lines.push((0, import_format.section)("SECURITY CONFIGURATION"));
-    lines.push((0, import_format.info)(`Blocked commands: ${import_security.BLOCKED_COMMANDS.size}`));
-    lines.push((0, import_format.info)(`Blocked URL patterns: ${import_security.BLOCKED_URL_PATTERNS.size}`));
-    lines.push((0, import_format.info)(`Active checks: command_blocklist, path_validation, ssrf_protection, injection_detection`));
-    const recentEntries = (0, import_security.readRecentAuditEntries)(20);
+    lines.push(section("SECURITY CONFIGURATION"));
+    lines.push(info(`Blocked commands: ${BLOCKED_COMMANDS.size}`));
+    lines.push(info(`Blocked URL patterns: ${BLOCKED_URL_PATTERNS.size}`));
+    lines.push(info(`Active checks: command_blocklist, path_validation, ssrf_protection, injection_detection`));
+    const recentEntries = readRecentAuditEntries(20);
     if (recentEntries.length > 0) {
-      lines.push((0, import_format.section)("RECENT AUDIT LOG (last 20)"));
+      lines.push(section("RECENT AUDIT LOG (last 20)"));
       for (const entry of recentEntries) {
         const ts = entry.timestamp || "?";
         const action = entry.action;
@@ -159,19 +145,19 @@ function security_temp_default(pi) {
         const rule = entry.rule;
         const detail = entry.detail;
         if (action === "blocked") {
-          lines.push((0, import_format.fail)(`[${ts}] ${tool} \u2192 BLOCKED (${rule}): ${detail}`));
+          lines.push(fail(`[${ts}] ${tool} \u2192 BLOCKED (${rule}): ${detail}`));
         } else if (action === "warning") {
-          lines.push((0, import_format.warn)(`[${ts}] ${tool} \u2192 WARNING (${rule}): ${detail}`));
+          lines.push(warn(`[${ts}] ${tool} \u2192 WARNING (${rule}): ${detail}`));
         } else {
-          lines.push((0, import_format.ok)(`[${ts}] ${tool} \u2192 allowed (${rule})`));
+          lines.push(ok(`[${ts}] ${tool} \u2192 allowed (${rule})`));
         }
       }
     }
-    lines.push((0, import_format.section)("SUMMARY"));
+    lines.push(section("SUMMARY"));
     if (stats.blocked === 0) {
-      lines.push((0, import_format.ok)("No security violations detected in this session"));
+      lines.push(ok("No security violations detected in this session"));
     } else {
-      lines.push((0, import_format.fail)(`${stats.blocked} security violation(s) blocked`));
+      lines.push(fail(`${stats.blocked} security violation(s) blocked`));
     }
     lines.push(branding);
     return lines.join("\n");
@@ -231,3 +217,6 @@ function sanitizeInputForLog(input) {
   }
   return sanitized;
 }
+export {
+  security_temp_default as default
+};