npm - @vtstech/pi-security - Versions diffs - 1.1.4 → 1.1.5 - Mend

@vtstech/pi-security 1.1.4 → 1.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -2,7 +2,7 @@
 Security extension for the [Pi Coding Agent](https://github.com/badlogic/pi-mono).
-Command, path, and network security layer for Pi's tool execution. Automatically loaded — no commands needed.
+Command, path, and network security layer for Pi's tool execution with a configurable security mode. Automatically loaded.
 ## Install
@@ -12,11 +12,21 @@ pi install "npm:@vtstech/pi-security"
 ## Protection
-- **65 blocked commands** — system modification, privilege escalation, network attacks, package management, process control, shell escapes
-- **SSRF protection** — 29 blocked hostname patterns (full `127.0.0.0/8` loopback range, RFC1918 private ranges, cloud metadata endpoints, IPv4-mapped IPv6 `::ffff:127.0.0.1` and `::ffff:0.0.0.0`)
+- **Partitioned command blocklist** — 41 CRITICAL commands (always blocked: system modification, privilege escalation, network attacks, shell escapes) + 25 EXTENDED commands (blocked in max mode: package management, process control, development tools)
+- **Mode-aware SSRF protection** — 19 ALWAYS_BLOCKED URL patterns (loopback, RFC1918 private ranges, cloud metadata endpoints) + 7 MAX_ONLY patterns (localhost by name, broadcast, link-local, current network) that are allowed in basic mode
+- **Security mode toggle** — switch between `basic` and `max` modes at runtime; persisted to `~/.pi/agent/security.json`
 - **Path validation** — prevents filesystem escape and access to critical system directories; symlinks are dereferenced via `fs.realpathSync()` to block `/tmp/evil → /etc/passwd` bypasses
 - **Shell injection detection** — regex patterns for command chaining, substitution, and redirection
-- **Audit logging** — JSON-lines audit log at `~/.pi/agent/audit.log` (path exported as `AUDIT_LOG_PATH` for cross-extension use)
+- **Audit logging** — JSON-lines audit log at `~/.pi/agent/audit.log` with security mode recorded per entry (path exported as `AUDIT_LOG_PATH`)
+## Commands
+```bash
+/security mode basic    # Relaxed — CRITICAL commands blocked, localhost URLs allowed
+/security mode max      # Full lockdown — all 66 commands blocked, strict SSRF
+```
+**Default mode: `max`**. The current mode is shown in the status bar as `SEC:BASIC` or `SEC:MAX`.
 ## Links
@@ -25,4 +35,4 @@ pi install "npm:@vtstech/pi-security"
 ## License
-MIT — [VTSTech](https://www.vts-tech.org)
+MIT — [VTSTech](https://www.vts-tech.org)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vtstech/pi-security",
-  "version": "1.1.4",
+  "version": "1.1.5",
   "description": "Security extension for Pi Coding Agent",
   "main": "security.js",
   "keywords": ["pi-extensions"],
@@ -14,7 +14,7 @@
     "url": "https://github.com/VTSTech/pi-coding-agent"
   },
   "dependencies": {
-    "@vtstech/pi-shared": "1.1.4"
+    "@vtstech/pi-shared": "1.1.5"
   },
   "peerDependencies": {
     "@mariozechner/pi-coding-agent": ">=0.66"

package/security.js CHANGED Viewed

@@ -6,9 +6,15 @@ import {
   checkInjectionPatterns,
   appendAuditEntry,
   readRecentAuditEntries,
-  BLOCKED_COMMANDS,
-  BLOCKED_URL_PATTERNS
+  CRITICAL_COMMANDS,
+  EXTENDED_COMMANDS,
+  BLOCKED_URL_ALWAYS,
+  BLOCKED_URL_MAX_ONLY,
+  getSecurityMode,
+  setSecurityMode,
+  SECURITY_CONFIG_PATH
 } from "@vtstech/pi-shared/security";
+import { debugLog } from "@vtstech/pi-shared/debug";
 import { section, ok, fail, warn, info } from "@vtstech/pi-shared/format";
 import { EXTENSION_VERSION } from "@vtstech/pi-shared/ollama";
 function security_temp_default(pi) {
@@ -24,6 +30,120 @@ function security_temp_default(pi) {
     `  GitHub: https://github.com/VTSTech`,
     `  Website: www.vts-tech.org`
   ].join("\n");
+  pi.registerCommand("security", {
+    description: "Manage security mode \u2014 usage: /security mode [basic|max]",
+    handler: async (args, ctx) => {
+      try {
+        const parts = args.trim().split(/\s+/);
+        const sub = parts[0]?.toLowerCase() || "";
+        if (sub === "mode") {
+          const value = parts[1]?.toLowerCase();
+          const currentMode = getSecurityMode();
+          if (!value) {
+            const lines2 = [branding];
+            lines2.push(section("SECURITY MODE"));
+            lines2.push(info(`Current mode: ${currentMode.toUpperCase()}`));
+            lines2.push(info(`Config path: ${SECURITY_CONFIG_PATH}`));
+            lines2.push(info(`Critical commands (always blocked): ${CRITICAL_COMMANDS.size}`));
+            lines2.push(info(`Extended commands (max only): ${EXTENDED_COMMANDS.size}`));
+            lines2.push(info(`Total blocked (max): ${CRITICAL_COMMANDS.size + EXTENDED_COMMANDS.size}`));
+            lines2.push(info(`URL patterns always blocked: ${BLOCKED_URL_ALWAYS.size}`));
+            lines2.push(info(`URL patterns (max only): ${BLOCKED_URL_MAX_ONLY.size}`));
+            lines2.push(section("MODE DIFFERENCES"));
+            lines2.push(info("Basic: critical commands blocked, localhost/127.x allowed"));
+            lines2.push(info("Max: all commands blocked, full SSRF protection"));
+            lines2.push(section("SWITCH MODE"));
+            lines2.push(info("/security mode basic  \u2014 relax restrictions for development"));
+            lines2.push(info("/security mode max    \u2014 full lockdown (default)"));
+            lines2.push(branding);
+            pi.sendMessage({
+              customType: "security-mode-info",
+              content: lines2.join("\n"),
+              display: { type: "content", content: lines2.join("\n") }
+            });
+            return;
+          }
+          if (value === "basic" || value === "max") {
+            if (value === currentMode) {
+              ctx.ui.notify(`Security mode is already ${value.toUpperCase()}`, "info");
+              return;
+            }
+            const writeOk = setSecurityMode(value);
+            if (!writeOk) {
+              ctx.ui.notify(`FAILED to persist security mode: could not write ${SECURITY_CONFIG_PATH}`, "error");
+              debugLog("security", `/security mode ${value}: write failed`, { path: SECURITY_CONFIG_PATH });
+              return;
+            }
+            ctx.ui.setStatus("status-sec", value.toUpperCase());
+            ctx.ui.notify(`Security mode set to ${value.toUpperCase()}`, "success");
+            appendAuditEntry({
+              timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+              toolName: "security-command",
+              toolCallId: "",
+              action: "allowed",
+              rule: "mode_change",
+              detail: `Security mode changed to ${value.toUpperCase()}`
+            });
+            const totalCmds = CRITICAL_COMMANDS.size + EXTENDED_COMMANDS.size;
+            const lines2 = [branding];
+            lines2.push(section("SECURITY MODE CHANGED"));
+            lines2.push(ok(`Mode: ${value.toUpperCase()}`));
+            lines2.push(info(`Previous: ${currentMode.toUpperCase()}`));
+            lines2.push(info(`Config: ${SECURITY_CONFIG_PATH}`));
+            if (value === "basic") {
+              lines2.push(warn("Extended commands are now ALLOWED: rm, sudo, npm, apt, git, curl, wget, etc."));
+              lines2.push(warn("Localhost and 127.x URLs are now ALLOWED for SSRF"));
+              lines2.push(ok("Critical commands remain blocked: dd, mkfs, shred, fdisk, ssh, etc."));
+            } else {
+              lines2.push(ok(`Full lockdown active \u2014 all ${totalCmds} commands blocked`));
+              lines2.push(ok("Full SSRF protection \u2014 localhost and private IPs blocked"));
+            }
+            lines2.push(branding);
+            pi.sendMessage({
+              customType: "security-mode-changed",
+              content: lines2.join("\n"),
+              display: { type: "content", content: lines2.join("\n") }
+            });
+            return;
+          }
+          ctx.ui.notify(`Invalid mode: "${value}". Use "basic" or "max".`, "error");
+          return;
+        }
+        const lines = [branding];
+        lines.push(section("SECURITY COMMANDS"));
+        lines.push(info("/security mode        \u2014 show current security mode"));
+        lines.push(info("/security mode basic  \u2014 relax to basic mode"));
+        lines.push(info("/security mode max    \u2014 switch to max lockdown"));
+        lines.push(info("/security-audit       \u2014 show security audit report"));
+        lines.push(branding);
+        pi.sendMessage({
+          customType: "security-usage",
+          content: lines.join("\n"),
+          display: { type: "content", content: lines.join("\n") }
+        });
+      } catch (e) {
+        debugLog("security", "/security command handler error", e);
+        ctx.ui.notify(`/security error: ${e.message}`, "error");
+      }
+    }
+  });
+  pi.registerCompletion?.("security", {
+    getCompletions: () => {
+      return [
+        { value: "mode", label: "mode", description: "View or change the security enforcement mode" }
+      ];
+    },
+    getArgumentCompletions: (args) => {
+      const sub = args[0]?.toLowerCase() || "";
+      if (sub === "mode" && args.length === 2) {
+        return [
+          { value: "basic", label: "basic", description: "Relax to basic mode \u2014 only critical commands blocked" },
+          { value: "max", label: "max", description: "Full lockdown \u2014 all commands blocked (default)" }
+        ];
+      }
+      return [];
+    }
+  });
   pi.on("tool_call", (event) => {
     const toolName = event.toolName;
     const input = event.input ?? {};
@@ -111,6 +231,17 @@ function security_temp_default(pi) {
   async function generateAuditReport() {
     const lines = [];
     lines.push(branding);
+    const currentMode = getSecurityMode();
+    lines.push(section("SECURITY MODE"));
+    lines.push(info(`Current mode: ${currentMode.toUpperCase()}`));
+    lines.push(info(`Config file: ${SECURITY_CONFIG_PATH}`));
+    lines.push(section("BLOCKLIST SUMMARY"));
+    lines.push(info(`Critical commands (always blocked): ${CRITICAL_COMMANDS.size}`));
+    lines.push(info(`Extended commands (max only): ${EXTENDED_COMMANDS.size}`));
+    lines.push(info(`Effective blocked commands: ${currentMode === "max" ? CRITICAL_COMMANDS.size + EXTENDED_COMMANDS.size : CRITICAL_COMMANDS.size}`));
+    lines.push(info(`URL patterns always blocked: ${BLOCKED_URL_ALWAYS.size}`));
+    lines.push(info(`URL patterns (max only): ${BLOCKED_URL_MAX_ONLY.size}`));
+    lines.push(info(`Effective blocked URL patterns: ${currentMode === "max" ? BLOCKED_URL_ALWAYS.size + BLOCKED_URL_MAX_ONLY.size : BLOCKED_URL_ALWAYS.size}`));
     lines.push(section("SESSION STATISTICS"));
     lines.push(info(`Tool calls allowed: ${stats.allowed}`));
     lines.push(info(`Tool calls blocked: ${stats.blocked}`));
@@ -132,10 +263,11 @@ function security_temp_default(pi) {
       lines.push(fail(`Detail: ${stats.lastBlocked.detail}`));
       lines.push(info(`Time: ${stats.lastBlocked.timestamp}`));
     }
-    lines.push(section("SECURITY CONFIGURATION"));
-    lines.push(info(`Blocked commands: ${BLOCKED_COMMANDS.size}`));
-    lines.push(info(`Blocked URL patterns: ${BLOCKED_URL_PATTERNS.size}`));
-    lines.push(info(`Active checks: command_blocklist, path_validation, ssrf_protection, injection_detection`));
+    lines.push(section("ACTIVE CHECKS"));
+    lines.push(info(`Command blocklist: critical always, extended in max mode`));
+    lines.push(info(`Path validation: sensitive directory protection`));
+    lines.push(info(`SSRF protection: ${currentMode === "max" ? "full (loopback + metadata + private)" : "metadata + private only"}`));
+    lines.push(info(`Injection detection: metacharacter scanning`));
     const recentEntries = readRecentAuditEntries(20);
     if (recentEntries.length > 0) {
       lines.push(section("RECENT AUDIT LOG (last 20)"));
@@ -145,12 +277,13 @@ function security_temp_default(pi) {
         const tool = entry.toolName;
         const rule = entry.rule;
         const detail = entry.detail;
+        const mode = entry.securityMode || currentMode;
         if (action === "blocked") {
-          lines.push(fail(`[${ts}] ${tool} \u2192 BLOCKED (${rule}): ${detail}`));
+          lines.push(fail(`[${ts}][${mode.toUpperCase()}] ${tool} \u2192 BLOCKED (${rule}): ${detail}`));
         } else if (action === "warning") {
-          lines.push(warn(`[${ts}] ${tool} \u2192 WARNING (${rule}): ${detail}`));
+          lines.push(warn(`[${ts}][${mode.toUpperCase()}] ${tool} \u2192 WARNING (${rule}): ${detail}`));
         } else {
-          lines.push(ok(`[${ts}] ${tool} \u2192 allowed (${rule})`));
+          lines.push(ok(`[${ts}][${mode.toUpperCase()}] ${tool} \u2192 allowed (${rule})`));
         }
       }
     }
@@ -160,6 +293,7 @@ function security_temp_default(pi) {
     } else {
       lines.push(fail(`${stats.blocked} security violation(s) blocked`));
     }
+    lines.push(info(`Security mode: ${currentMode.toUpperCase()} \u2014 /security mode to change`));
     lines.push(branding);
     return lines.join("\n");
   }