npm - @vtstech/pi-shared - Versions diffs - 1.1.4 → 1.1.5 - Mend

@vtstech/pi-shared 1.1.4 → 1.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -10,7 +10,7 @@ This is an internal dependency — you don't need to install it directly. It's p
 |--------|-------------|
 | `format` | Section headers, indicators (ok/fail/warn/info), numeric formatters (bytes, ms, percentages), string utilities |
 | `ollama` | Ollama base URL resolution, models.json I/O with TTL cache, model family detection, provider detection, Ollama API helpers |
-| `security` | Command blocklist (65), SSRF patterns (29), path validation with symlink dereference, URL validation, command sanitization, audit logging (`AUDIT_LOG_PATH` exported) |
+| `security` | Security mode toggle (`basic`/`max`), partitioned command blocklist (41 CRITICAL + 25 EXTENDED), mode-aware SSRF (19 + 7 patterns), path validation with symlink dereference, URL validation, command sanitization, audit logging with mode tracking (`AUDIT_LOG_PATH` exported) |
 | `types` | Type definitions (ToolSupportLevel, AuditEntry, etc.) |
 ## Usage
@@ -27,4 +27,4 @@ import { readModelsJson, getOllamaBaseUrl } from "@vtstech/pi-shared/ollama";
 ## License
-MIT — [VTSTech](https://www.vts-tech.org)
+MIT — [VTSTech](https://www.vts-tech.org)

package/ollama.js CHANGED Viewed

@@ -12,7 +12,7 @@ function debugLog(module, message, ...args) {
 }
 // shared/ollama.ts
-var EXTENSION_VERSION = "1.1.4";
+var EXTENSION_VERSION = "1.1.5";
 var MODELS_JSON_PATH = path.join(os.homedir(), ".pi", "agent", "models.json");
 var _modelsJsonCache = null;
 var _ollamaBaseUrlCache = null;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vtstech/pi-shared",
-  "version": "1.1.4",
+  "version": "1.1.5",
   "description": "Shared utilities for Pi Coding Agent extensions",
   "exports": {
     "./format": "./format.js",

package/security.js CHANGED Viewed

@@ -13,53 +13,69 @@ function debugLog(module, message, ...args) {
 // shared/security.ts
 var SETTINGS_PATH = path.join(os.homedir(), ".pi", "agent", "settings.json");
-var BLOCKED_COMMANDS = /* @__PURE__ */ new Set([
-  // System modification
-  "rm",
-  "rmdir",
-  "del",
-  "format",
-  "fdisk",
+var SECURITY_CONFIG_PATH = path.join(os.homedir(), ".pi", "agent", "security.json");
+function getSecurityMode() {
+  try {
+    if (!fs.existsSync(SECURITY_CONFIG_PATH)) return "max";
+    const raw = fs.readFileSync(SECURITY_CONFIG_PATH, "utf-8");
+    const config = JSON.parse(raw);
+    if (config.mode === "basic" || config.mode === "max") return config.mode;
+    return "max";
+  } catch (err) {
+    debugLog("security", `failed to read security config at ${SECURITY_CONFIG_PATH}`, err);
+    return "max";
+  }
+}
+function setSecurityMode(mode) {
+  const configDir = path.dirname(SECURITY_CONFIG_PATH);
+  try {
+    if (!fs.existsSync(configDir)) {
+      fs.mkdirSync(configDir, { recursive: true });
+    }
+    const config = { mode, lastUpdated: (/* @__PURE__ */ new Date()).toISOString() };
+    fs.writeFileSync(SECURITY_CONFIG_PATH, JSON.stringify(config, null, 2), "utf-8");
+    const verify = JSON.parse(fs.readFileSync(SECURITY_CONFIG_PATH, "utf-8"));
+    if (verify.mode !== mode) {
+      debugLog("security", `security config write verification failed: expected ${mode}, got ${verify.mode}`);
+      return false;
+    }
+    debugLog("security", `security mode set to ${mode}`, { path: SECURITY_CONFIG_PATH });
+    return true;
+  } catch (err) {
+    debugLog("security", `failed to write security config to ${SECURITY_CONFIG_PATH}`, err);
+    return false;
+  }
+}
+var CRITICAL_COMMANDS = /* @__PURE__ */ new Set([
+  // Filesystem destruction (irrecoverable)
   "mkfs",
   "dd",
   "shred",
   "wipe",
   "srm",
-  // Privilege escalation
-  "sudo",
+  "format",
+  "fdisk",
+  // Privilege escalation (non-sudo)
   "su",
   "doas",
   "pkexec",
   "gksudo",
   "kdesu",
-  // Network attacks
+  // Network attack tools
   "nmap",
   "nc",
   "netcat",
   "telnet",
-  "wget",
-  "curl",
+  // Remote access
   "ssh",
   "scp",
   "sftp",
   "rsync",
-  // Package management
-  "apt",
-  "apt-get",
-  "yum",
-  "dnf",
-  "pacman",
-  "pip",
-  "npm",
-  "yarn",
-  "cargo",
-  // Process control
+  // Process killing
   "kill",
   "killall",
   "pkill",
   "xkill",
-  "systemctl",
-  "service",
   // User management
   "useradd",
   "userdel",
@@ -73,30 +89,56 @@ var BLOCKED_COMMANDS = /* @__PURE__ */ new Set([
   "source",
   ".",
   "alias",
-  // Filesystem
+  // Filesystem control
   "mount",
   "umount",
-  "chown",
-  "chmod",
   "chattr",
   "lsattr",
-  // Shell escapes
+  // Permission modification
+  "chown",
+  "chmod"
+]);
+var EXTENDED_COMMANDS = /* @__PURE__ */ new Set([
+  // File deletion
+  "rm",
+  "rmdir",
+  "del",
+  // Privilege escalation
+  "sudo",
+  // Download tools
+  "wget",
+  "curl",
+  // Package management
+  "apt",
+  "apt-get",
+  "yum",
+  "dnf",
+  "pacman",
+  "pip",
+  "npm",
+  "yarn",
+  "cargo",
+  // System service control
+  "systemctl",
+  "service",
+  // Interactive editors (shell escape risk)
   "vi",
   "vim",
   "nano",
   "emacs",
   "less",
   "more",
-  "man"
+  "man",
+  // Version control
+  "git"
 ]);
-var BLOCKED_URL_PATTERNS = /* @__PURE__ */ new Set([
-  // Loopback (full 127.0.0.0/8 range)
-  "localhost",
-  "127.",
-  "0.0.0.0",
-  "::1",
-  "::ffff:127.0.0.1",
-  "::ffff:0.0.0.0",
+var BLOCKED_COMMANDS = /* @__PURE__ */ new Set([
+  ...CRITICAL_COMMANDS,
+  ...EXTENDED_COMMANDS
+]);
+var BLOCKED_URL_ALWAYS = /* @__PURE__ */ new Set([
+  // Cloud metadata endpoints
+  "169.254.169.254",
   // RFC1918 private ranges
   "10.",
   "192.168.",
@@ -116,14 +158,26 @@ var BLOCKED_URL_PATTERNS = /* @__PURE__ */ new Set([
   "172.29.",
   "172.30.",
   "172.31.",
-  // Cloud metadata endpoints
-  "169.254.169.254",
   // Internal service patterns
   "internal.",
-  "local.",
   "private.",
   "intranet."
 ]);
+var BLOCKED_URL_MAX_ONLY = /* @__PURE__ */ new Set([
+  // Loopback addresses (full 127.0.0.0/8 range)
+  "localhost",
+  "127.",
+  "0.0.0.0",
+  "::1",
+  "::ffff:127.0.0.1",
+  "::ffff:0.0.0.0",
+  // Local/internal patterns
+  "local."
+]);
+var BLOCKED_URL_PATTERNS = /* @__PURE__ */ new Set([
+  ...BLOCKED_URL_ALWAYS,
+  ...BLOCKED_URL_MAX_ONLY
+]);
 var CRITICAL_SYSTEM_DIRS = [
   "/etc",
   "/root",
@@ -166,7 +220,8 @@ function validatePath(filePath, allowedDirs) {
     "/.gnupg/",
     path.join(os.homedir(), ".ssh"),
     path.join(os.homedir(), ".gnupg"),
-    SETTINGS_PATH
+    SETTINGS_PATH,
+    SECURITY_CONFIG_PATH
     // NOTE: models.json is intentionally excluded from sensitivePaths.
     // Extensions use readModelsJson()/writeModelsJson() from shared/ollama.ts
     // for direct file I/O — not via Pi's tool system — so blocking it here
@@ -218,11 +273,19 @@ function isSafeUrl(url, blockSsrf = true) {
     return { safe: false, error: "URL hostname uses non-decimal IP format" };
   }
   if (blockSsrf) {
-    for (const pattern of BLOCKED_URL_PATTERNS) {
+    const mode = getSecurityMode();
+    for (const pattern of BLOCKED_URL_ALWAYS) {
       if (normalized === pattern || normalized.endsWith("." + pattern) || normalized.startsWith(pattern)) {
         return { safe: false, error: `SSRF protection: blocked hostname pattern '${pattern}'` };
       }
     }
+    if (mode === "max") {
+      for (const pattern of BLOCKED_URL_MAX_ONLY) {
+        if (normalized === pattern || normalized.endsWith("." + pattern) || normalized.startsWith(pattern)) {
+          return { safe: false, error: `SSRF protection: blocked hostname pattern '${pattern}' (max mode)` };
+        }
+      }
+    }
   }
   return { safe: true, error: "" };
 }
@@ -249,8 +312,12 @@ function sanitizeCommand(command) {
   let baseCmd = parts[0].toLowerCase();
   if (baseCmd.includes("/")) baseCmd = baseCmd.split("/").pop();
   if (baseCmd.includes("\\")) baseCmd = baseCmd.split("\\").pop();
-  if (BLOCKED_COMMANDS.has(baseCmd)) {
-    return { isSafe: false, error: `Blocked command: ${baseCmd}`, command: "" };
+  if (CRITICAL_COMMANDS.has(baseCmd)) {
+    return { isSafe: false, error: `Blocked command: ${baseCmd} (critical)`, command: "" };
+  }
+  const mode = getSecurityMode();
+  if (mode === "max" && EXTENDED_COMMANDS.has(baseCmd)) {
+    return { isSafe: false, error: `Blocked command: ${baseCmd} (max mode)`, command: "" };
   }
   const stripped = command.replace(/\n/g, " ").replace(/\r/g, " ");
   if (stripped !== command) {
@@ -270,7 +337,8 @@ function appendAuditEntry(entry) {
     if (!fs.existsSync(AUDIT_DIR)) {
       fs.mkdirSync(AUDIT_DIR, { recursive: true });
     }
-    const line = JSON.stringify(entry) + "\n";
+    const enriched = { ...entry, securityMode: getSecurityMode() };
+    const line = JSON.stringify(enriched) + "\n";
     fs.appendFileSync(AUDIT_LOG_PATH, line, "utf-8");
   } catch (err) {
     debugLog("security", "audit log write failure", err);
@@ -352,15 +420,22 @@ function checkInjectionPatterns(input) {
 export {
   AUDIT_LOG_PATH,
   BLOCKED_COMMANDS,
+  BLOCKED_URL_ALWAYS,
+  BLOCKED_URL_MAX_ONLY,
   BLOCKED_URL_PATTERNS,
+  CRITICAL_COMMANDS,
+  EXTENDED_COMMANDS,
+  SECURITY_CONFIG_PATH,
   SETTINGS_PATH,
   appendAuditEntry,
   checkBashToolInput,
   checkFileToolInput,
   checkHttpToolInput,
   checkInjectionPatterns,
+  getSecurityMode,
   isSafeUrl,
   readRecentAuditEntries,
   sanitizeCommand,
+  setSecurityMode,
   validatePath
 };