@vtstech/pi-shared 1.1.6 → 1.1.8

package/README.md

@@ -10,10 +10,10 @@ This is an internal dependency — you don't need to install it directly. It's p
 |--------|-------------|
 | `debug` | Conditional debug logging via `PI_EXTENSIONS_DEBUG=1` env var — `debugLog(module, message, ...args)` |
 | `format` | Section headers, indicators (ok/fail/warn/info), numeric formatters (bytes, ms, percentages), string utilities |
-| `model-test-utils` | Shared test utilities — `ChatFn` abstraction, unified test functions (tool usage, reasoning, instruction following), scoring helpers, tool support cache |
-| `ollama` | Ollama base URL resolution, models.json I/O with TTL cache, model family detection, provider detection, Ollama API helpers |
+| `model-test-utils` | Shared test utilities — `ChatFn` abstraction, unified test functions, scoring helpers, tool support cache, user config (`~/.pi/agent/model-test-config.json`), test history with regression detection (`~/.pi/agent/cache/model-test-history.json`) |
+| `ollama` | Ollama base URL resolution, models.json I/O with TTL cache, async write mutex (`acquireModelsJsonLock`, `readModifyWriteModelsJson`), exponential backoff retry (`withRetry`), model family detection, provider detection, Ollama API helpers |
 | `react-parser` | Multi-dialect ReAct text parser — 4 dialects (react, function, tool, call), `parseReact()`, `detectReactDialect()`, `fuzzyMatchToolName()` |
-| `security` | Security mode toggle (`basic`/`max`), partitioned command blocklist (41 CRITICAL + 25 EXTENDED), mode-aware SSRF (19 + 7 patterns), path validation with symlink dereference, URL validation, command sanitization, audit logging with mode tracking (`AUDIT_LOG_PATH` exported) |
+| `security` | Security mode toggle (`basic`/`max`), partitioned command blocklist (41 CRITICAL + 25 EXTENDED) with full-word scanning, mode-aware SSRF (22 + 7 patterns), path validation with symlink dereference, URL validation, command sanitization, DNS rebinding protection (`resolveAndCheckHostname`), buffered audit logging with mode tracking (`AUDIT_LOG_PATH` exported) |
 | `types` | Type definitions (ToolSupportLevel, AuditEntry, etc.) |
 
 ## Usage

package/config-io.js

@@ -0,0 +1,49 @@
+// shared/config-io.ts
+import * as fs from "node:fs";
+import * as path from "node:path";
+import os from "node:os";
+var PI_AGENT_DIR = path.join(os.homedir(), ".pi", "agent");
+function readJsonConfig(filePath, defaultValue = {}) {
+  try {
+    if (fs.existsSync(filePath)) {
+      return JSON.parse(fs.readFileSync(filePath, "utf-8"));
+    }
+  } catch (err) {
+    if (typeof process !== "undefined" && process.env.PI_EXTENSIONS_DEBUG === "1") {
+      console.debug(`[config-io] Failed to read config: ${filePath}`, err);
+    }
+  }
+  return defaultValue;
+}
+function writeJsonConfig(filePath, data) {
+  const dir = path.dirname(filePath);
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+  const content = JSON.stringify(data, null, 2) + "\n";
+  const tmpPath = filePath + ".tmp";
+  try {
+    fs.writeFileSync(tmpPath, content, "utf-8");
+    fs.renameSync(tmpPath, filePath);
+  } catch {
+    fs.writeFileSync(filePath, content, "utf-8");
+  }
+}
+var SETTINGS_PATH = path.join(PI_AGENT_DIR, "settings.json");
+var SECURITY_PATH = path.join(PI_AGENT_DIR, "security.json");
+var REACT_MODE_PATH = path.join(PI_AGENT_DIR, "react-mode.json");
+var MODEL_TEST_CONFIG_PATH = path.join(PI_AGENT_DIR, "model-test-config.json");
+function readSettings() {
+  return readJsonConfig(SETTINGS_PATH);
+}
+function writeSettings(data) {
+  writeJsonConfig(SETTINGS_PATH, data);
+}
+export {
+  MODEL_TEST_CONFIG_PATH,
+  REACT_MODE_PATH,
+  SECURITY_PATH,
+  SETTINGS_PATH,
+  readJsonConfig,
+  readSettings,
+  writeJsonConfig,
+  writeSettings
+};

package/errors.js

@@ -0,0 +1,56 @@
+var __defProp = Object.defineProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+
+// shared/errors.ts
+var ExtensionError = class extends Error {
+  constructor(message, code) {
+    super(message);
+    __publicField(this, "code", code);
+    this.name = "ExtensionError";
+  }
+};
+var ConfigError = class extends ExtensionError {
+  constructor(message) {
+    super(message, "CONFIG_ERROR");
+    this.name = "ConfigError";
+  }
+};
+var ApiError = class extends ExtensionError {
+  constructor(message, statusCode, url) {
+    super(message, "API_ERROR");
+    __publicField(this, "statusCode", statusCode);
+    __publicField(this, "url", url);
+    this.name = "ApiError";
+  }
+};
+var TimeoutError = class extends ExtensionError {
+  constructor(message, timeoutMs) {
+    super(message, "TIMEOUT");
+    __publicField(this, "timeoutMs", timeoutMs);
+    this.name = "TimeoutError";
+  }
+};
+var SecurityError = class extends ExtensionError {
+  constructor(message, rule, detail) {
+    super(message, "SECURITY_VIOLATION");
+    __publicField(this, "rule", rule);
+    __publicField(this, "detail", detail);
+    this.name = "SecurityError";
+  }
+};
+var ToolError = class extends ExtensionError {
+  constructor(message, toolName) {
+    super(message, "TOOL_ERROR");
+    __publicField(this, "toolName", toolName);
+    this.name = "ToolError";
+  }
+};
+export {
+  ApiError,
+  ConfigError,
+  ExtensionError,
+  SecurityError,
+  TimeoutError,
+  ToolError
+};

package/format.js

@@ -32,6 +32,7 @@ function msHuman(ms) {
 }
 function fmtBytes(b) {
   if (b === 0) return "0B";
+  if (b < 1024) return `${b}B`;
   if (b >= 1073741824) return `${(b / 1073741824).toFixed(1)}G`;
   if (b >= 1048576) return `${(b / 1048576).toFixed(0)}M`;
   return `${(b / 1024).toFixed(0)}K`;

package/model-test-utils.js

@@ -34,10 +34,42 @@ var CONFIG = {
   // Effectively unlimited for cloud provider API calls
   PROVIDER_TOOL_TIMEOUT_MS: 12e4,
   // 120 seconds for tool usage tests on providers
+  // Context length fetching
+  CONTEXT_BATCH_SIZE: 3,
+  // Concurrent requests when fetching model context lengths
   // Rate limiting
   TEST_DELAY_MS: 1e4
   // 10 seconds between tests to avoid rate limiting
 };
+var TEST_CONFIG_DIR = path.join(os.homedir(), ".pi", "agent");
+var TEST_CONFIG_PATH = path.join(TEST_CONFIG_DIR, "model-test-config.json");
+function readTestConfig() {
+  try {
+    if (fs.existsSync(TEST_CONFIG_PATH)) {
+      const raw = fs.readFileSync(TEST_CONFIG_PATH, "utf-8");
+      return JSON.parse(raw);
+    }
+  } catch {
+  }
+  return {};
+}
+function getEffectiveConfig() {
+  const userConfig = readTestConfig();
+  return {
+    ...CONFIG,
+    DEFAULT_TIMEOUT_MS: userConfig.defaultTimeoutMs ?? CONFIG.DEFAULT_TIMEOUT_MS,
+    CONNECT_TIMEOUT_S: userConfig.connectTimeoutS ?? CONFIG.CONNECT_TIMEOUT_S,
+    MAX_RETRIES: userConfig.maxRetries ?? CONFIG.MAX_RETRIES,
+    RETRY_DELAY_MS: userConfig.retryDelayMs ?? CONFIG.RETRY_DELAY_MS,
+    TEST_DELAY_MS: userConfig.testDelayMs ?? CONFIG.TEST_DELAY_MS,
+    TOOL_TEST_TIMEOUT_MS: userConfig.toolTestTimeoutMs ?? CONFIG.TOOL_TEST_TIMEOUT_MS,
+    PROVIDER_TIMEOUT_MS: userConfig.providerTimeoutMs ?? CONFIG.PROVIDER_TIMEOUT_MS,
+    PROVIDER_TOOL_TIMEOUT_MS: userConfig.providerToolTimeoutMs ?? CONFIG.PROVIDER_TOOL_TIMEOUT_MS,
+    CONTEXT_BATCH_SIZE: userConfig.contextBatchSize ?? CONFIG.CONTEXT_BATCH_SIZE,
+    NUM_PREDICT: userConfig.numPredict ?? CONFIG.NUM_PREDICT,
+    TEMPERATURE: userConfig.temperature ?? CONFIG.TEMPERATURE
+  };
+}
 var WEATHER_TOOL_DEFINITION = {
   type: "function",
   function: {
@@ -150,6 +182,91 @@ function cacheToolSupport(model, support, family) {
   _toolSupportCacheInMemory = cache;
   writeToolSupportCache(cache);
 }
+var TEST_HISTORY_DIR = path.join(os.homedir(), ".pi", "agent", "cache");
+var TEST_HISTORY_PATH = path.join(TEST_HISTORY_DIR, "model-test-history.json");
+var MAX_HISTORY_PER_MODEL = 50;
+var MAX_HISTORY_TOTAL = 500;
+function readTestHistory() {
+  try {
+    if (fs.existsSync(TEST_HISTORY_PATH)) {
+      const raw = fs.readFileSync(TEST_HISTORY_PATH, "utf-8");
+      return JSON.parse(raw);
+    }
+  } catch {
+  }
+  return {};
+}
+function writeTestHistory(history) {
+  for (const model of Object.keys(history)) {
+    if (history[model].length > MAX_HISTORY_PER_MODEL) {
+      history[model] = history[model].slice(-MAX_HISTORY_PER_MODEL);
+    }
+  }
+  let totalEntries = 0;
+  const modelsByRecency = Object.entries(history).map(([model, entries]) => ({
+    model,
+    entries,
+    lastEntry: entries[entries.length - 1]?.timestamp || ""
+  })).sort((a, b) => b.lastEntry.localeCompare(a.lastEntry));
+  const trimmedHistory = {};
+  for (const { model, entries } of modelsByRecency) {
+    if (totalEntries + entries.length > MAX_HISTORY_TOTAL) {
+      const remaining = MAX_HISTORY_TOTAL - totalEntries;
+      if (remaining <= 0) break;
+      trimmedHistory[model] = entries.slice(-remaining);
+      totalEntries += remaining;
+    } else {
+      trimmedHistory[model] = entries;
+      totalEntries += entries.length;
+    }
+  }
+  if (!fs.existsSync(TEST_HISTORY_DIR)) {
+    fs.mkdirSync(TEST_HISTORY_DIR, { recursive: true });
+  }
+  fs.writeFileSync(TEST_HISTORY_PATH, JSON.stringify(trimmedHistory, null, 2) + "\n", "utf-8");
+}
+function appendTestHistory(entry) {
+  const history = readTestHistory();
+  if (!history[entry.model]) {
+    history[entry.model] = [];
+  }
+  history[entry.model].push(entry);
+  writeTestHistory(history);
+}
+function getModelHistory(model, limit = 10) {
+  const history = readTestHistory();
+  const entries = history[model] || [];
+  return entries.slice(-limit);
+}
+function detectRegression(model, current) {
+  const history = readTestHistory();
+  const entries = history[model] || [];
+  if (entries.length < 2) return [];
+  const previous = entries[entries.length - 2];
+  const regressions = [];
+  const scoreOrder = ["STRONG", "MODERATE", "WEAK", "FAIL", "ERROR", "NO", "YES"];
+  const scoreRank = (s) => {
+    const idx = scoreOrder.indexOf(s);
+    return idx >= 0 ? idx : 99;
+  };
+  if (scoreRank(current.tests.reasoning.score) > scoreRank(previous.tests.reasoning.score)) {
+    regressions.push({ test: "Reasoning", previous: previous.tests.reasoning.score, current: current.tests.reasoning.score });
+  }
+  if (scoreRank(current.tests.toolUsage.score) > scoreRank(previous.tests.toolUsage.score)) {
+    regressions.push({ test: "Tool Usage", previous: previous.tests.toolUsage.score, current: current.tests.toolUsage.score });
+  }
+  if (scoreRank(current.tests.reactParsing.score) > scoreRank(previous.tests.reactParsing.score)) {
+    regressions.push({ test: "ReAct Parsing", previous: previous.tests.reactParsing.score, current: current.tests.reactParsing.score });
+  }
+  if (scoreRank(current.tests.instructionFollowing.score) > scoreRank(previous.tests.instructionFollowing.score)) {
+    regressions.push({ test: "Instructions", previous: previous.tests.instructionFollowing.score, current: current.tests.instructionFollowing.score });
+  }
+  const supportRank = (s) => s === "native" ? 0 : s === "react" ? 1 : 2;
+  if (supportRank(current.tests.toolSupport.level) > supportRank(previous.tests.toolSupport.level)) {
+    regressions.push({ test: "Tool Support", previous: previous.tests.toolSupport.level, current: current.tests.toolSupport.level });
+  }
+  return regressions;
+}
 var REASONING_PROMPT = `A snail climbs 3 feet up a wall each day, but slides back 2 feet each night. The wall is 10 feet tall. How many days does it take the snail to reach the top? Think step by step and give the final answer on its own line like: ANSWER: <number>`;
 var TOOL_SYSTEM_PROMPT = "You are a helpful assistant. Use the available tools when needed.";
 var TOOL_USER_PROMPT = "What's the weather like in Paris right now?";
@@ -309,11 +426,18 @@ The JSON object must have exactly these 4 keys:
 }
 export {
   CONFIG,
+  TEST_CONFIG_PATH,
   TOOL_SUPPORT_CACHE_PATH,
   WEATHER_TOOL_DEFINITION,
+  appendTestHistory,
   cacheToolSupport,
+  detectRegression,
   getCachedToolSupport,
+  getEffectiveConfig,
+  getModelHistory,
   parseTextToolCall,
+  readTestConfig,
+  readTestHistory,
   readToolSupportCache,
   scoreNativeToolCall,
   scoreReasoning,
@@ -321,5 +445,6 @@ export {
   testInstructionFollowingUnified,
   testReasoningUnified,
   testToolUsageUnified,
+  writeTestHistory,
   writeToolSupportCache
 };

package/ollama.js

@@ -12,7 +12,7 @@ function debugLog(module, message, ...args) {
 }
 
 // shared/ollama.ts
-var EXTENSION_VERSION = "1.1.6";
+var EXTENSION_VERSION = "1.1.8";
 var MODELS_JSON_PATH = path.join(os.homedir(), ".pi", "agent", "models.json");
 var _modelsJsonCache = null;
 var _ollamaBaseUrlCache = null;
@@ -71,35 +71,120 @@ function writeModelsJson(data) {
   _modelsJsonCache = null;
   _ollamaBaseUrlCache = null;
 }
-async function fetchOllamaModels(baseUrl) {
-  const res = await fetch(`${baseUrl}/api/tags`, {
-    signal: AbortSignal.timeout(5e3)
+var _modelsJsonLock = null;
+async function acquireModelsJsonLock() {
+  while (_modelsJsonLock) {
+    await _modelsJsonLock;
+  }
+  let releaseLock;
+  _modelsJsonLock = new Promise((resolve) => {
+    releaseLock = resolve;
   });
-  if (!res.ok) throw new Error(`Ollama returned ${res.status}`);
-  const data = await res.json();
-  return data.models ?? [];
+  return {
+    release: () => {
+      releaseLock();
+      _modelsJsonLock = null;
+    }
+  };
 }
-async function fetchModelContextLength(baseUrl, modelName) {
+async function readModifyWriteModelsJson(modifier) {
+  const { release } = await acquireModelsJsonLock();
   try {
-    const res = await fetch(`${baseUrl}/api/show`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ name: modelName }),
-      signal: AbortSignal.timeout(3e4)
+    const data = readModelsJson();
+    const modified = modifier(data);
+    if (modified === null) return false;
+    writeModelsJson(modified);
+    return true;
+  } finally {
+    release();
+  }
+}
+var DEFAULT_RETRY_OPTIONS = {
+  maxRetries: 2,
+  baseDelayMs: 1e3,
+  maxDelayMs: 1e4,
+  retryOnTimeout: true,
+  retryOnConnectionError: true
+};
+function backoffDelay(attempt, baseDelayMs, maxDelayMs) {
+  const delay = Math.min(baseDelayMs * Math.pow(2, attempt), maxDelayMs);
+  const jitter = delay * 0.25 * (Math.random() * 2 - 1);
+  return Math.max(0, Math.round(delay + jitter));
+}
+var RETRYABLE_ERROR_PATTERNS = [
+  "ECONNREFUSED",
+  "ECONNRESET",
+  "ENOTFOUND",
+  "ETIMEDOUT",
+  "fetch failed",
+  "network error",
+  "socket hang up",
+  "Empty response"
+];
+function isRetryableError(error, opts) {
+  if (error instanceof Error) {
+    if (error.name === "AbortError" && opts.retryOnTimeout) return true;
+    const msg = error.message;
+    if (opts.retryOnConnectionError && RETRYABLE_ERROR_PATTERNS.some((p) => msg.includes(p))) {
+      return true;
+    }
+  }
+  return false;
+}
+async function withRetry(fn, options) {
+  const opts = { ...DEFAULT_RETRY_OPTIONS, ...options };
+  let lastError;
+  for (let attempt = 0; attempt <= opts.maxRetries; attempt++) {
+    try {
+      return await fn();
+    } catch (error) {
+      lastError = error;
+      if (attempt < opts.maxRetries && isRetryableError(error, opts)) {
+        const delay = backoffDelay(attempt, opts.baseDelayMs, opts.maxDelayMs);
+        debugLog("ollama", `Retry ${attempt + 1}/${opts.maxRetries} after ${delay}ms: ${error instanceof Error ? error.message : String(error)}`);
+        await new Promise((r) => setTimeout(r, delay));
+        continue;
+      }
+      throw error;
+    }
+  }
+  throw lastError;
+}
+async function fetchOllamaModels(baseUrl) {
+  return withRetry(async () => {
+    const res = await fetch(`${baseUrl}/api/tags`, {
+      signal: AbortSignal.timeout(5e3)
     });
-    if (!res.ok) return void 0;
+    if (!res.ok) throw new Error(`Ollama returned ${res.status}`);
     const data = await res.json();
-    for (const key of Object.keys(data?.model_info ?? {})) {
-      if (key.endsWith(".context_length")) {
-        const val = data.model_info[key];
-        if (typeof val === "number") return val;
+    return data.models ?? [];
+  });
+}
+async function fetchModelContextLength(baseUrl, modelName) {
+  return withRetry(async () => {
+    try {
+      const res = await fetch(`${baseUrl}/api/show`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ name: modelName }),
+        signal: AbortSignal.timeout(3e4)
+      });
+      if (!res.ok) return void 0;
+      const data = await res.json();
+      for (const key of Object.keys(data?.model_info ?? {})) {
+        if (key.endsWith(".context_length")) {
+          const val = data.model_info[key];
+          if (typeof val === "number") return val;
+        }
       }
+      const numCtx = data?.model_info?.["num_ctx"];
+      if (typeof numCtx === "number") return numCtx;
+    } catch (err) {
+      debugLog("ollama", `failed to fetch context length for ${model}`, err);
+      return void 0;
     }
-    const numCtx = data?.model_info?.["num_ctx"];
-    if (typeof numCtx === "number") return numCtx;
-  } catch {
     return void 0;
-  }
+  });
 }
 async function fetchContextLengthsBatched(baseUrl, modelNames, batchSize = 3) {
   const result = /* @__PURE__ */ new Map();
@@ -162,9 +247,9 @@ function detectModelFamily(modelName) {
   return "unknown";
 }
 function detectProvider(ctx) {
-  const model = ctx.model;
-  if (!model) return { kind: "unknown", name: "none" };
-  const providerName = model.provider || "";
+  const model2 = ctx.model;
+  if (!model2) return { kind: "unknown", name: "none" };
+  const providerName = model2.provider || "";
   if (!providerName) return { kind: "unknown", name: "none" };
   const modelsJson = readModelsJson();
   const userProviderCfg = (modelsJson.providers || {})[providerName];
@@ -205,6 +290,7 @@ export {
   BUILTIN_PROVIDERS,
   EXTENSION_VERSION,
   MODELS_JSON_PATH,
+  acquireModelsJsonLock,
   detectModelFamily,
   detectProvider,
   fetchContextLengthsBatched,
@@ -213,5 +299,7 @@ export {
   getOllamaBaseUrl,
   isReasoningModel,
   readModelsJson,
+  readModifyWriteModelsJson,
+  withRetry,
   writeModelsJson
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vtstech/pi-shared",
-  "version": "1.1.6",
+  "version": "1.1.8",
   "description": "Shared utilities for Pi Coding Agent extensions",
   "exports": {
     "./debug": "./debug.js",

package/provider-sync.js

@@ -0,0 +1,18 @@
+// shared/provider-sync.ts
+function mergeModels(newModels, oldModels) {
+  const oldModelMap = new Map(oldModels.map((m) => [m.id, m]));
+  return newModels.map((m) => {
+    const old = oldModelMap.get(m.id);
+    if (old) {
+      const merged = { ...m };
+      for (const [k, v] of Object.entries(old)) {
+        if (!(k in m)) merged[k] = v;
+      }
+      return merged;
+    }
+    return m;
+  });
+}
+export {
+  mergeModels
+};

package/react-parser.js

@@ -111,6 +111,23 @@ function extractJsonArgs(rawArgs) {
   if (cmdMatch) return { command: cmdMatch[1] };
   return { input: jsonStr };
 }
+function extractBraceJson(raw) {
+  const jsonStart = raw.indexOf("{");
+  if (jsonStart === -1) return "";
+  let depth = 0;
+  let jsonEnd = -1;
+  for (let i = jsonStart; i < raw.length; i++) {
+    if (raw[i] === "{") depth++;
+    else if (raw[i] === "}") {
+      depth--;
+      if (depth === 0) {
+        jsonEnd = i;
+        break;
+      }
+    }
+  }
+  return jsonEnd !== -1 ? raw.slice(jsonStart, jsonEnd + 1) : "";
+}
 function parseReact(text) {
   for (const dp of ALL_DIALECT_PATTERNS) {
     const result = parseReactWithPatterns(text, dp);
@@ -382,6 +399,7 @@ export {
   WORD_MAPPINGS,
   buildDialectPatterns,
   detectReactDialect,
+  extractBraceJson,
   extractJsonArgs,
   extractToolFromJson,
   fuzzyMatchToolName,

package/security.js

@@ -12,6 +12,7 @@ function debugLog(module, message, ...args) {
 }
 
 // shared/security.ts
+import dns from "node:dns";
 var SETTINGS_PATH = path.join(os.homedir(), ".pi", "agent", "settings.json");
 var SECURITY_CONFIG_PATH = path.join(os.homedir(), ".pi", "agent", "security.json");
 function getSecurityMode() {
@@ -158,6 +159,8 @@ var BLOCKED_URL_ALWAYS = /* @__PURE__ */ new Set([
   "172.29.",
   "172.30.",
   "172.31.",
+  // IPv6-mapped IPv4 cloud metadata (always blocked)
+  "::ffff:169.254.169.254",
   // Internal service patterns
   "internal.",
   "private.",
@@ -171,6 +174,25 @@ var BLOCKED_URL_MAX_ONLY = /* @__PURE__ */ new Set([
   "::1",
   "::ffff:127.0.0.1",
   "::ffff:0.0.0.0",
+  // IPv6-mapped IPv4 private ranges (always blocked in max mode)
+  "::ffff:10.",
+  "::ffff:192.168.",
+  "::ffff:172.16.",
+  "::ffff:172.17.",
+  "::ffff:172.18.",
+  "::ffff:172.19.",
+  "::ffff:172.20.",
+  "::ffff:172.21.",
+  "::ffff:172.22.",
+  "::ffff:172.23.",
+  "::ffff:172.24.",
+  "::ffff:172.25.",
+  "::ffff:172.26.",
+  "::ffff:172.27.",
+  "::ffff:172.28.",
+  "::ffff:172.29.",
+  "::ffff:172.30.",
+  "::ffff:172.31.",
   // Local/internal patterns
   "local."
 ]);
@@ -233,9 +255,9 @@ function validatePath(filePath, allowedDirs) {
     }
   }
   const cwd = process.cwd();
-  const safePrefixes = ["/tmp", "/var/tmp", "/home", cwd];
+  const safePrefixes = ["/home", "/tmp", cwd];
   for (const prefix of safePrefixes) {
-    if (resolved.startsWith(prefix)) return { valid: true, error: "" };
+    if (resolved.startsWith(prefix + "/") || resolved === prefix) return { valid: true, error: "" };
   }
   if (allowedDirs) {
     for (const dir of allowedDirs) {
@@ -248,6 +270,53 @@ function validatePath(filePath, allowedDirs) {
   }
   return { valid: false, error: `Path not in allowed directories: ${filePath}` };
 }
+function stripIpv6Mapped(ip) {
+  if (ip.startsWith("::ffff:") && !ip.startsWith("::ffff:0:0")) {
+    return ip.slice(7);
+  }
+  return ip;
+}
+function isLoopbackIp(ip) {
+  const norm = stripIpv6Mapped(ip);
+  if (norm.startsWith("127.") || norm === "0.0.0.0") return true;
+  if (ip === "::1" || ip === "::ffff:0.0.0.0") return true;
+  return false;
+}
+function isPrivateIp(ip) {
+  const norm = stripIpv6Mapped(ip);
+  if (norm.startsWith("10.") || norm.startsWith("192.168.")) return true;
+  if (/^172\.(1[6-9]|2\d|3[01])\./.test(norm)) return true;
+  if (norm === "169.254.169.254") return true;
+  if (ip.startsWith("fc") || ip.startsWith("fd")) return true;
+  if (ip.startsWith("fe80:")) return true;
+  return false;
+}
+async function resolveAndCheckHostname(hostname, blockPrivate = true) {
+  try {
+    const addresses = await new Promise((resolve2, reject) => {
+      dns.lookup(hostname, { all: true }, (err, addresses2) => {
+        if (err) reject(err);
+        else resolve2(addresses2);
+      });
+    });
+    if (!addresses || addresses.length === 0) {
+      return { safe: true, error: "" };
+    }
+    for (const addr of addresses) {
+      const ip = addr.address;
+      const normIp = stripIpv6Mapped(ip);
+      if (normIp === "169.254.169.254") {
+        return { safe: false, error: `SSRF protection: hostname ${hostname} resolves to cloud metadata IP ${ip}` };
+      }
+      if (blockPrivate && (isLoopbackIp(ip) || isPrivateIp(ip))) {
+        return { safe: false, error: `SSRF protection: hostname ${hostname} resolves to private/reserved IP ${ip} (DNS rebinding check)` };
+      }
+    }
+    return { safe: true, error: "" };
+  } catch {
+    return { safe: true, error: "" };
+  }
+}
 function isSafeUrl(url, blockSsrf = true) {
   if (!url) return { safe: false, error: "URL cannot be empty" };
   let parsed;
@@ -307,13 +376,25 @@ var INJECTION_PATTERNS = [
 ];
 function sanitizeCommand(command) {
   if (!command) return { isSafe: false, error: "Command cannot be empty", command: "" };
-  const parts = command.trim().split(/\s+/);
-  if (!parts.length) return { isSafe: false, error: "Command cannot be empty", command: "" };
+  let normalizedCmd = command.normalize("NFKC");
+  normalizedCmd = normalizedCmd.replace(/[\u0000-\u001f\u007f-\u009f\u200b-\u200f\u2028-\u202e\ufeff\u2060-\u2069]/g, "");
+  if (normalizedCmd !== command.replace(/[\u0000-\u001f\u007f-\u009f\u200b-\u200f\u2028-\u202e\ufeff\u2060-\u2069]/g, "").normalize("NFKC")) {
+    debugLog("security", "command contained Unicode normalization variance (possible homoglyph bypass)", { original: command });
+  }
+  command = normalizedCmd;
+  const trimmed = command.trim();
+  if (!trimmed) return { isSafe: false, error: "Command cannot be empty", command: "" };
+  const parts = trimmed.split(/\s+/);
   let baseCmd = parts[0].toLowerCase();
   if (baseCmd.includes("/")) baseCmd = baseCmd.split("/").pop();
   if (baseCmd.includes("\\")) baseCmd = baseCmd.split("\\").pop();
-  if (CRITICAL_COMMANDS.has(baseCmd)) {
-    return { isSafe: false, error: `Blocked command: ${baseCmd} (critical)`, command: "" };
+  for (const raw of parts) {
+    let word = raw.toLowerCase();
+    if (word.includes("/")) word = word.split("/").pop();
+    if (word.includes("\\")) word = word.split("\\").pop();
+    if (CRITICAL_COMMANDS.has(word)) {
+      return { isSafe: false, error: `Blocked command: ${word} (critical)`, command: "" };
+    }
   }
   const mode = getSecurityMode();
   if (mode === "max" && EXTENDED_COMMANDS.has(baseCmd)) {
@@ -332,16 +413,46 @@ function sanitizeCommand(command) {
 }
 var AUDIT_DIR = path.join(os.homedir(), ".pi", "agent");
 var AUDIT_LOG_PATH = path.join(AUDIT_DIR, "audit.log");
-function appendAuditEntry(entry) {
+var AUDIT_BUFFER_MAX_ENTRIES = 50;
+var AUDIT_FLUSH_INTERVAL_MS = 500;
+var _auditBuffer = [];
+var _auditFlushTimer = null;
+function ensureAuditFlushTimer() {
+  if (_auditFlushTimer) return;
+  _auditFlushTimer = setInterval(() => {
+    if (_auditBuffer.length > 0) {
+      flushAuditBuffer();
+    }
+  }, AUDIT_FLUSH_INTERVAL_MS);
+  const timerRef = _auditFlushTimer;
+  if (timerRef.unref) {
+    timerRef.unref();
+  }
+}
+function flushAuditBuffer() {
+  if (_auditBuffer.length === 0) return;
   try {
     if (!fs.existsSync(AUDIT_DIR)) {
       fs.mkdirSync(AUDIT_DIR, { recursive: true });
     }
+    const batch = _auditBuffer.join("");
+    fs.appendFileSync(AUDIT_LOG_PATH, batch, "utf-8");
+  } catch (err) {
+    debugLog("security", "audit buffer flush failure", err);
+  }
+  _auditBuffer = [];
+}
+function appendAuditEntry(entry) {
+  try {
+    ensureAuditFlushTimer();
     const enriched = { ...entry, securityMode: getSecurityMode() };
     const line = JSON.stringify(enriched) + "\n";
-    fs.appendFileSync(AUDIT_LOG_PATH, line, "utf-8");
+    _auditBuffer.push(line);
+    if (_auditBuffer.length >= AUDIT_BUFFER_MAX_ENTRIES) {
+      flushAuditBuffer();
+    }
   } catch (err) {
-    debugLog("security", "audit log write failure", err);
+    debugLog("security", "audit log entry creation failure", err);
   }
 }
 function readRecentAuditEntries(count = 50) {
@@ -362,6 +473,12 @@ function readRecentAuditEntries(count = 50) {
     return [];
   }
 }
+process.on("exit", () => {
+  flushAuditBuffer();
+});
+process.on("SIGTERM", () => {
+  flushAuditBuffer();
+});
 function checkBashToolInput(input) {
   const command = input.command ?? input.cmd ?? "";
   if (!command) return { safe: true, rule: "", detail: "" };
@@ -432,9 +549,11 @@ export {
   checkFileToolInput,
   checkHttpToolInput,
   checkInjectionPatterns,
+  flushAuditBuffer,
   getSecurityMode,
   isSafeUrl,
   readRecentAuditEntries,
+  resolveAndCheckHostname,
   sanitizeCommand,
   setSecurityMode,
   validatePath

package/test-report.js

@@ -0,0 +1,89 @@
+// shared/format.ts
+function section(title) {
+  return `
+\u2500\u2500 ${title} ${"\u2500".repeat(Math.max(1, 60 - title.length - 4))}`;
+}
+function ok(msg) {
+  return `  \u2705 ${msg}`;
+}
+function fail(msg) {
+  return `  \u274C ${msg}`;
+}
+function warn(msg) {
+  return `  \u26A0\uFE0F  ${msg}`;
+}
+function info(msg) {
+  return `  \u2139\uFE0F  ${msg}`;
+}
+function msHuman(ms) {
+  if (ms < 1e3) return `${ms.toFixed(0)}ms`;
+  if (ms < 6e4) return `${(ms / 1e3).toFixed(1)}s`;
+  return `${(ms / 6e4).toFixed(1)}m`;
+}
+
+// shared/ollama.ts
+import * as path from "node:path";
+import os from "node:os";
+
+// shared/debug.ts
+var DEBUG_ENABLED = process.env.PI_EXTENSIONS_DEBUG === "1";
+
+// shared/ollama.ts
+var EXTENSION_VERSION = "1.1.8";
+var MODELS_JSON_PATH = path.join(os.homedir(), ".pi", "agent", "models.json");
+
+// shared/test-report.ts
+var branding = [
+  `  \u26A1 Pi Model Benchmark v${EXTENSION_VERSION}`,
+  `  Written by VTSTech`,
+  `  GitHub: https://github.com/VTSTech`,
+  `  Website: www.vts-tech.org`
+].join("\n");
+function formatTestScore(score, label) {
+  switch (score) {
+    case "STRONG":
+      return ok(`${label} (${score})`);
+    case "MODERATE":
+      return ok(`${label} (${score})`);
+    case "WEAK":
+      return warn(`${label} (${score})`);
+    case "FAIL":
+      return fail(`${label} (${score})`);
+    case "ERROR":
+      return fail(`Error: ${label}`);
+    default:
+      return fail(`${label} (${score})`);
+  }
+}
+function formatTestSummary(tests, totalMs) {
+  const lines = [];
+  lines.push(section("SUMMARY"));
+  for (const t of tests) {
+    lines.push(t.pass ? ok(`${t.name}: ${t.score}`) : fail(`${t.name}: ${t.score}`));
+  }
+  lines.push(info(`Total time: ${msHuman(totalMs)}`));
+  const passed = tests.filter((t) => t.pass).length;
+  lines.push(info(`Score: ${passed}/${tests.length} tests passed`));
+  return lines;
+}
+function formatRecommendation(model2, passed, total, via) {
+  const suffix = via ? ` via ${via}` : "";
+  const lines = [];
+  lines.push(section("RECOMMENDATION"));
+  if (passed === total) {
+    lines.push(ok(`${model2} is a STRONG model${suffix} \u2014 full capability`));
+  } else if (passed > 0 && passed >= total - 1) {
+    lines.push(ok(`${model2} is a GOOD model${suffix} \u2014 most capabilities work`));
+  } else if (passed > 0 && passed >= total - 2) {
+    lines.push(warn(`${model2} is USABLE${suffix} \u2014 some capabilities are limited`));
+  } else {
+    lines.push(fail(`${model2} is WEAK${suffix} \u2014 limited capabilities for agent use`));
+  }
+  return lines;
+}
+export {
+  branding,
+  formatRecommendation,
+  formatTestScore,
+  formatTestSummary
+};