npm - @vtstech/pi-shared - Versions diffs - 1.1.7 → 1.1.8 - Mend

@vtstech/pi-shared 1.1.7 → 1.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/config-io.js ADDED Viewed

@@ -0,0 +1,49 @@
+// shared/config-io.ts
+import * as fs from "node:fs";
+import * as path from "node:path";
+import os from "node:os";
+var PI_AGENT_DIR = path.join(os.homedir(), ".pi", "agent");
+function readJsonConfig(filePath, defaultValue = {}) {
+  try {
+    if (fs.existsSync(filePath)) {
+      return JSON.parse(fs.readFileSync(filePath, "utf-8"));
+    }
+  } catch (err) {
+    if (typeof process !== "undefined" && process.env.PI_EXTENSIONS_DEBUG === "1") {
+      console.debug(`[config-io] Failed to read config: ${filePath}`, err);
+    }
+  }
+  return defaultValue;
+}
+function writeJsonConfig(filePath, data) {
+  const dir = path.dirname(filePath);
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+  const content = JSON.stringify(data, null, 2) + "\n";
+  const tmpPath = filePath + ".tmp";
+  try {
+    fs.writeFileSync(tmpPath, content, "utf-8");
+    fs.renameSync(tmpPath, filePath);
+  } catch {
+    fs.writeFileSync(filePath, content, "utf-8");
+  }
+}
+var SETTINGS_PATH = path.join(PI_AGENT_DIR, "settings.json");
+var SECURITY_PATH = path.join(PI_AGENT_DIR, "security.json");
+var REACT_MODE_PATH = path.join(PI_AGENT_DIR, "react-mode.json");
+var MODEL_TEST_CONFIG_PATH = path.join(PI_AGENT_DIR, "model-test-config.json");
+function readSettings() {
+  return readJsonConfig(SETTINGS_PATH);
+}
+function writeSettings(data) {
+  writeJsonConfig(SETTINGS_PATH, data);
+}
+export {
+  MODEL_TEST_CONFIG_PATH,
+  REACT_MODE_PATH,
+  SECURITY_PATH,
+  SETTINGS_PATH,
+  readJsonConfig,
+  readSettings,
+  writeJsonConfig,
+  writeSettings
+};

package/errors.js ADDED Viewed

@@ -0,0 +1,56 @@
+var __defProp = Object.defineProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+// shared/errors.ts
+var ExtensionError = class extends Error {
+  constructor(message, code) {
+    super(message);
+    __publicField(this, "code", code);
+    this.name = "ExtensionError";
+  }
+};
+var ConfigError = class extends ExtensionError {
+  constructor(message) {
+    super(message, "CONFIG_ERROR");
+    this.name = "ConfigError";
+  }
+};
+var ApiError = class extends ExtensionError {
+  constructor(message, statusCode, url) {
+    super(message, "API_ERROR");
+    __publicField(this, "statusCode", statusCode);
+    __publicField(this, "url", url);
+    this.name = "ApiError";
+  }
+};
+var TimeoutError = class extends ExtensionError {
+  constructor(message, timeoutMs) {
+    super(message, "TIMEOUT");
+    __publicField(this, "timeoutMs", timeoutMs);
+    this.name = "TimeoutError";
+  }
+};
+var SecurityError = class extends ExtensionError {
+  constructor(message, rule, detail) {
+    super(message, "SECURITY_VIOLATION");
+    __publicField(this, "rule", rule);
+    __publicField(this, "detail", detail);
+    this.name = "SecurityError";
+  }
+};
+var ToolError = class extends ExtensionError {
+  constructor(message, toolName) {
+    super(message, "TOOL_ERROR");
+    __publicField(this, "toolName", toolName);
+    this.name = "ToolError";
+  }
+};
+export {
+  ApiError,
+  ConfigError,
+  ExtensionError,
+  SecurityError,
+  TimeoutError,
+  ToolError
+};

package/format.js CHANGED Viewed

@@ -32,6 +32,7 @@ function msHuman(ms) {
 }
 function fmtBytes(b) {
   if (b === 0) return "0B";
+  if (b < 1024) return `${b}B`;
   if (b >= 1073741824) return `${(b / 1073741824).toFixed(1)}G`;
   if (b >= 1048576) return `${(b / 1048576).toFixed(0)}M`;
   return `${(b / 1024).toFixed(0)}K`;

package/model-test-utils.js CHANGED Viewed

@@ -34,6 +34,9 @@ var CONFIG = {
   // Effectively unlimited for cloud provider API calls
   PROVIDER_TOOL_TIMEOUT_MS: 12e4,
   // 120 seconds for tool usage tests on providers
+  // Context length fetching
+  CONTEXT_BATCH_SIZE: 3,
+  // Concurrent requests when fetching model context lengths
   // Rate limiting
   TEST_DELAY_MS: 1e4
   // 10 seconds between tests to avoid rate limiting
@@ -62,6 +65,7 @@ function getEffectiveConfig() {
     TOOL_TEST_TIMEOUT_MS: userConfig.toolTestTimeoutMs ?? CONFIG.TOOL_TEST_TIMEOUT_MS,
     PROVIDER_TIMEOUT_MS: userConfig.providerTimeoutMs ?? CONFIG.PROVIDER_TIMEOUT_MS,
     PROVIDER_TOOL_TIMEOUT_MS: userConfig.providerToolTimeoutMs ?? CONFIG.PROVIDER_TOOL_TIMEOUT_MS,
+    CONTEXT_BATCH_SIZE: userConfig.contextBatchSize ?? CONFIG.CONTEXT_BATCH_SIZE,
     NUM_PREDICT: userConfig.numPredict ?? CONFIG.NUM_PREDICT,
     TEMPERATURE: userConfig.temperature ?? CONFIG.TEMPERATURE
   };

package/ollama.js CHANGED Viewed

@@ -12,7 +12,7 @@ function debugLog(module, message, ...args) {
 }
 // shared/ollama.ts
-var EXTENSION_VERSION = "1.1.7";
+var EXTENSION_VERSION = "1.1.8";
 var MODELS_JSON_PATH = path.join(os.homedir(), ".pi", "agent", "models.json");
 var _modelsJsonCache = null;
 var _ollamaBaseUrlCache = null;
@@ -179,7 +179,8 @@ async function fetchModelContextLength(baseUrl, modelName) {
       }
       const numCtx = data?.model_info?.["num_ctx"];
       if (typeof numCtx === "number") return numCtx;
-    } catch {
+    } catch (err) {
+      debugLog("ollama", `failed to fetch context length for ${model}`, err);
       return void 0;
     }
     return void 0;
@@ -246,9 +247,9 @@ function detectModelFamily(modelName) {
   return "unknown";
 }
 function detectProvider(ctx) {
-  const model = ctx.model;
-  if (!model) return { kind: "unknown", name: "none" };
-  const providerName = model.provider || "";
+  const model2 = ctx.model;
+  if (!model2) return { kind: "unknown", name: "none" };
+  const providerName = model2.provider || "";
   if (!providerName) return { kind: "unknown", name: "none" };
   const modelsJson = readModelsJson();
   const userProviderCfg = (modelsJson.providers || {})[providerName];

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vtstech/pi-shared",
-  "version": "1.1.7",
+  "version": "1.1.8",
   "description": "Shared utilities for Pi Coding Agent extensions",
   "exports": {
     "./debug": "./debug.js",

package/provider-sync.js ADDED Viewed

@@ -0,0 +1,18 @@
+// shared/provider-sync.ts
+function mergeModels(newModels, oldModels) {
+  const oldModelMap = new Map(oldModels.map((m) => [m.id, m]));
+  return newModels.map((m) => {
+    const old = oldModelMap.get(m.id);
+    if (old) {
+      const merged = { ...m };
+      for (const [k, v] of Object.entries(old)) {
+        if (!(k in m)) merged[k] = v;
+      }
+      return merged;
+    }
+    return m;
+  });
+}
+export {
+  mergeModels
+};

package/react-parser.js CHANGED Viewed

@@ -111,6 +111,23 @@ function extractJsonArgs(rawArgs) {
   if (cmdMatch) return { command: cmdMatch[1] };
   return { input: jsonStr };
 }
+function extractBraceJson(raw) {
+  const jsonStart = raw.indexOf("{");
+  if (jsonStart === -1) return "";
+  let depth = 0;
+  let jsonEnd = -1;
+  for (let i = jsonStart; i < raw.length; i++) {
+    if (raw[i] === "{") depth++;
+    else if (raw[i] === "}") {
+      depth--;
+      if (depth === 0) {
+        jsonEnd = i;
+        break;
+      }
+    }
+  }
+  return jsonEnd !== -1 ? raw.slice(jsonStart, jsonEnd + 1) : "";
+}
 function parseReact(text) {
   for (const dp of ALL_DIALECT_PATTERNS) {
     const result = parseReactWithPatterns(text, dp);
@@ -382,6 +399,7 @@ export {
   WORD_MAPPINGS,
   buildDialectPatterns,
   detectReactDialect,
+  extractBraceJson,
   extractJsonArgs,
   extractToolFromJson,
   fuzzyMatchToolName,

package/security.js CHANGED Viewed

@@ -159,6 +159,8 @@ var BLOCKED_URL_ALWAYS = /* @__PURE__ */ new Set([
   "172.29.",
   "172.30.",
   "172.31.",
+  // IPv6-mapped IPv4 cloud metadata (always blocked)
+  "::ffff:169.254.169.254",
   // Internal service patterns
   "internal.",
   "private.",
@@ -172,6 +174,25 @@ var BLOCKED_URL_MAX_ONLY = /* @__PURE__ */ new Set([
   "::1",
   "::ffff:127.0.0.1",
   "::ffff:0.0.0.0",
+  // IPv6-mapped IPv4 private ranges (always blocked in max mode)
+  "::ffff:10.",
+  "::ffff:192.168.",
+  "::ffff:172.16.",
+  "::ffff:172.17.",
+  "::ffff:172.18.",
+  "::ffff:172.19.",
+  "::ffff:172.20.",
+  "::ffff:172.21.",
+  "::ffff:172.22.",
+  "::ffff:172.23.",
+  "::ffff:172.24.",
+  "::ffff:172.25.",
+  "::ffff:172.26.",
+  "::ffff:172.27.",
+  "::ffff:172.28.",
+  "::ffff:172.29.",
+  "::ffff:172.30.",
+  "::ffff:172.31.",
   // Local/internal patterns
   "local."
 ]);
@@ -234,9 +255,9 @@ function validatePath(filePath, allowedDirs) {
     }
   }
   const cwd = process.cwd();
-  const safePrefixes = ["/tmp", "/var/tmp", "/home", cwd];
+  const safePrefixes = ["/home", "/tmp", cwd];
   for (const prefix of safePrefixes) {
-    if (resolved.startsWith(prefix)) return { valid: true, error: "" };
+    if (resolved.startsWith(prefix + "/") || resolved === prefix) return { valid: true, error: "" };
   }
   if (allowedDirs) {
     for (const dir of allowedDirs) {
@@ -249,16 +270,23 @@ function validatePath(filePath, allowedDirs) {
   }
   return { valid: false, error: `Path not in allowed directories: ${filePath}` };
 }
+function stripIpv6Mapped(ip) {
+  if (ip.startsWith("::ffff:") && !ip.startsWith("::ffff:0:0")) {
+    return ip.slice(7);
+  }
+  return ip;
+}
 function isLoopbackIp(ip) {
-  if (ip.startsWith("127.") || ip === "0.0.0.0") return true;
+  const norm = stripIpv6Mapped(ip);
+  if (norm.startsWith("127.") || norm === "0.0.0.0") return true;
   if (ip === "::1" || ip === "::ffff:0.0.0.0") return true;
-  if (ip.startsWith("::ffff:127.")) return true;
   return false;
 }
 function isPrivateIp(ip) {
-  if (ip.startsWith("10.") || ip.startsWith("192.168.")) return true;
-  if (/^172\.(1[6-9]|2\d|3[01])\./.test(ip)) return true;
-  if (ip === "169.254.169.254") return true;
+  const norm = stripIpv6Mapped(ip);
+  if (norm.startsWith("10.") || norm.startsWith("192.168.")) return true;
+  if (/^172\.(1[6-9]|2\d|3[01])\./.test(norm)) return true;
+  if (norm === "169.254.169.254") return true;
   if (ip.startsWith("fc") || ip.startsWith("fd")) return true;
   if (ip.startsWith("fe80:")) return true;
   return false;
@@ -276,7 +304,8 @@ async function resolveAndCheckHostname(hostname, blockPrivate = true) {
     }
     for (const addr of addresses) {
       const ip = addr.address;
-      if (ip === "169.254.169.254") {
+      const normIp = stripIpv6Mapped(ip);
+      if (normIp === "169.254.169.254") {
         return { safe: false, error: `SSRF protection: hostname ${hostname} resolves to cloud metadata IP ${ip}` };
       }
       if (blockPrivate && (isLoopbackIp(ip) || isPrivateIp(ip))) {
@@ -347,8 +376,15 @@ var INJECTION_PATTERNS = [
 ];
 function sanitizeCommand(command) {
   if (!command) return { isSafe: false, error: "Command cannot be empty", command: "" };
-  const parts = command.trim().split(/\s+/);
-  if (!parts.length) return { isSafe: false, error: "Command cannot be empty", command: "" };
+  let normalizedCmd = command.normalize("NFKC");
+  normalizedCmd = normalizedCmd.replace(/[\u0000-\u001f\u007f-\u009f\u200b-\u200f\u2028-\u202e\ufeff\u2060-\u2069]/g, "");
+  if (normalizedCmd !== command.replace(/[\u0000-\u001f\u007f-\u009f\u200b-\u200f\u2028-\u202e\ufeff\u2060-\u2069]/g, "").normalize("NFKC")) {
+    debugLog("security", "command contained Unicode normalization variance (possible homoglyph bypass)", { original: command });
+  }
+  command = normalizedCmd;
+  const trimmed = command.trim();
+  if (!trimmed) return { isSafe: false, error: "Command cannot be empty", command: "" };
+  const parts = trimmed.split(/\s+/);
   let baseCmd = parts[0].toLowerCase();
   if (baseCmd.includes("/")) baseCmd = baseCmd.split("/").pop();
   if (baseCmd.includes("\\")) baseCmd = baseCmd.split("\\").pop();
@@ -437,6 +473,12 @@ function readRecentAuditEntries(count = 50) {
     return [];
   }
 }
+process.on("exit", () => {
+  flushAuditBuffer();
+});
+process.on("SIGTERM", () => {
+  flushAuditBuffer();
+});
 function checkBashToolInput(input) {
   const command = input.command ?? input.cmd ?? "";
   if (!command) return { safe: true, rule: "", detail: "" };

package/test-report.js ADDED Viewed

@@ -0,0 +1,89 @@
+// shared/format.ts
+function section(title) {
+  return `
+\u2500\u2500 ${title} ${"\u2500".repeat(Math.max(1, 60 - title.length - 4))}`;
+}
+function ok(msg) {
+  return `  \u2705 ${msg}`;
+}
+function fail(msg) {
+  return `  \u274C ${msg}`;
+}
+function warn(msg) {
+  return `  \u26A0\uFE0F  ${msg}`;
+}
+function info(msg) {
+  return `  \u2139\uFE0F  ${msg}`;
+}
+function msHuman(ms) {
+  if (ms < 1e3) return `${ms.toFixed(0)}ms`;
+  if (ms < 6e4) return `${(ms / 1e3).toFixed(1)}s`;
+  return `${(ms / 6e4).toFixed(1)}m`;
+}
+// shared/ollama.ts
+import * as path from "node:path";
+import os from "node:os";
+// shared/debug.ts
+var DEBUG_ENABLED = process.env.PI_EXTENSIONS_DEBUG === "1";
+// shared/ollama.ts
+var EXTENSION_VERSION = "1.1.8";
+var MODELS_JSON_PATH = path.join(os.homedir(), ".pi", "agent", "models.json");
+// shared/test-report.ts
+var branding = [
+  `  \u26A1 Pi Model Benchmark v${EXTENSION_VERSION}`,
+  `  Written by VTSTech`,
+  `  GitHub: https://github.com/VTSTech`,
+  `  Website: www.vts-tech.org`
+].join("\n");
+function formatTestScore(score, label) {
+  switch (score) {
+    case "STRONG":
+      return ok(`${label} (${score})`);
+    case "MODERATE":
+      return ok(`${label} (${score})`);
+    case "WEAK":
+      return warn(`${label} (${score})`);
+    case "FAIL":
+      return fail(`${label} (${score})`);
+    case "ERROR":
+      return fail(`Error: ${label}`);
+    default:
+      return fail(`${label} (${score})`);
+  }
+}
+function formatTestSummary(tests, totalMs) {
+  const lines = [];
+  lines.push(section("SUMMARY"));
+  for (const t of tests) {
+    lines.push(t.pass ? ok(`${t.name}: ${t.score}`) : fail(`${t.name}: ${t.score}`));
+  }
+  lines.push(info(`Total time: ${msHuman(totalMs)}`));
+  const passed = tests.filter((t) => t.pass).length;
+  lines.push(info(`Score: ${passed}/${tests.length} tests passed`));
+  return lines;
+}
+function formatRecommendation(model2, passed, total, via) {
+  const suffix = via ? ` via ${via}` : "";
+  const lines = [];
+  lines.push(section("RECOMMENDATION"));
+  if (passed === total) {
+    lines.push(ok(`${model2} is a STRONG model${suffix} \u2014 full capability`));
+  } else if (passed > 0 && passed >= total - 1) {
+    lines.push(ok(`${model2} is a GOOD model${suffix} \u2014 most capabilities work`));
+  } else if (passed > 0 && passed >= total - 2) {
+    lines.push(warn(`${model2} is USABLE${suffix} \u2014 some capabilities are limited`));
+  } else {
+    lines.push(fail(`${model2} is WEAK${suffix} \u2014 limited capabilities for agent use`));
+  }
+  return lines;
+}
+export {
+  branding,
+  formatRecommendation,
+  formatTestScore,
+  formatTestSummary
+};