anon-pi 0.1.1 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Dockerfile.pi +20 -2
- package/README.md +47 -24
- package/dist/anon-pi.d.ts +88 -44
- package/dist/anon-pi.d.ts.map +1 -1
- package/dist/anon-pi.js +172 -94
- package/dist/anon-pi.js.map +1 -1
- package/dist/cli.js +75 -14
- package/dist/cli.js.map +1 -1
- package/examples/Dockerfile.pi-webveil +94 -0
- package/package.json +3 -2
- package/src/anon-pi.ts +220 -120
- package/src/cli.ts +110 -17
package/Dockerfile.pi
CHANGED
|
@@ -5,8 +5,10 @@
|
|
|
5
5
|
# package, plus the handful of tools pi's built-in bash/grep/find expect.
|
|
6
6
|
#
|
|
7
7
|
# Note: unlike the upstream `Dockerfile.pi`, this image sets NO ENTRYPOINT and
|
|
8
|
-
# NO config volume. anon-pi passes `pi` as the run command and
|
|
9
|
-
#
|
|
8
|
+
# NO config volume. anon-pi passes `pi` as the run command and copies just its
|
|
9
|
+
# models.json into this image's ~/.pi/agent at start, so the image just needs
|
|
10
|
+
# `pi` reachable on PATH. Anything else you want in the anon session (extensions,
|
|
11
|
+
# skills, and their services) belongs HERE, in the image.
|
|
10
12
|
#
|
|
11
13
|
# Build (pin a digest for reproducibility once pushed to a registry):
|
|
12
14
|
# podman build -t localhost/anon-pi-pi:latest -f Dockerfile.pi .
|
|
@@ -20,4 +22,20 @@ RUN apt-get update \
|
|
|
20
22
|
# The official pi coding agent CLI (puts `pi` on PATH).
|
|
21
23
|
RUN npm install -g --ignore-scripts @earendil-works/pi-coding-agent
|
|
22
24
|
|
|
25
|
+
# --- Optional: extensions + skills (the capability layer) -------------------
|
|
26
|
+
# Install extensions with `pi install` (it records them in settings), NOT a
|
|
27
|
+
# global npm install. Uncomment what you want in the anon persona:
|
|
28
|
+
#
|
|
29
|
+
# RUN pi install npm:pi-subagents
|
|
30
|
+
# RUN pi install npm:pi-plan-mode
|
|
31
|
+
#
|
|
32
|
+
# An extension that needs a running SERVICE (e.g. pi-webveil + a local SearXNG)
|
|
33
|
+
# installs and configures that service in the image too. See the worked example
|
|
34
|
+
# examples/Dockerfile.pi-webveil (SearXNG over a Unix socket, started by an
|
|
35
|
+
# entrypoint that then execs anon-pi's command).
|
|
36
|
+
#
|
|
37
|
+
# Trust /work up front so pi does not prompt on every run (anon-pi never writes
|
|
38
|
+
# this for you):
|
|
39
|
+
# RUN mkdir -p /root/.pi/agent && printf '{"/work": true}\n' > /root/.pi/agent/trust.json
|
|
40
|
+
|
|
23
41
|
WORKDIR /work
|
package/README.md
CHANGED
|
@@ -33,7 +33,8 @@ export ANON_PI_IMAGE=your/pi-image:tag
|
|
|
33
33
|
export ANON_PI_LLM=192.168.1.150:8080 # your local model, reached directly
|
|
34
34
|
export ANON_PI_PROXY=socks5h://127.0.0.1:9050
|
|
35
35
|
|
|
36
|
-
anon-pi
|
|
36
|
+
anon-pi import # one-time: generate the seed models.json from your model
|
|
37
|
+
anon-pi ./recon # launch
|
|
37
38
|
```
|
|
38
39
|
|
|
39
40
|
You land in pi, inside the jail, cwd `/work` = `./recon`. pi's web/tool egress is anonymized through the proxy; the local model at `ANON_PI_LLM` is reachable directly; everything else is dropped if the proxy is down (fail-closed).
|
|
@@ -42,24 +43,20 @@ You land in pi, inside the jail, cwd `/work` = `./recon`. pi's web/tool egress i
|
|
|
42
43
|
|
|
43
44
|
| Var | Required | Default | Meaning |
|
|
44
45
|
| --- | --- | --- | --- |
|
|
45
|
-
| `ANON_PI_IMAGE` |
|
|
46
|
+
| `ANON_PI_IMAGE` | for run | | container image with `pi` on `PATH` |
|
|
46
47
|
| `ANON_PI_LLM` | yes | | RFC1918/link-local `IP[:port]` of the local model (the one direct hole) |
|
|
47
48
|
| `ANON_PI_PROXY` | no | `socks5h://127.0.0.1:9050` | the socks5h proxy |
|
|
48
49
|
| `ANON_PI_HOME` | no | `$XDG_CONFIG_HOME/anon-pi` or `~/.config/anon-pi` | anon-pi home |
|
|
49
|
-
| `ANON_PI_CONFIG` | no | `<ANON_PI_HOME>/agent` | the
|
|
50
|
-
| `
|
|
50
|
+
| `ANON_PI_CONFIG` | no | `<ANON_PI_HOME>/agent` | the seed dir (holds `models.json`) |
|
|
51
|
+
| `ANON_PI_SOURCE_MODELS` | no | `~/.pi/agent/models.json` | (`import`) the host `models.json` to read from |
|
|
51
52
|
|
|
52
53
|
## How it works
|
|
53
54
|
|
|
54
|
-
1. **Seed
|
|
55
|
-
2. **Mount.**
|
|
56
|
-
3. **Run.** anon-pi execs `netcage run --proxy <proxy> --allow-direct <ANON_PI_LLM> -it -v <workdir> -v <
|
|
55
|
+
1. **Seed = just `models.json`.** `anon-pi import` writes one file, `<ANON_PI_CONFIG>/models.json`, containing only the provider that serves your local model (see [Generating the seed](#generating-the-seed-anon-pi-import)). No auth for other providers, no sessions, no identity.
|
|
56
|
+
2. **Mount read-only + copy in.** anon-pi mounts the seed read-only at `/anon-pi-seed` and, at start, **copies** `models.json` into the container's own `~/.pi/agent`. It does **not** mount over pi's config dir, so anything the image installed there (pi itself, extensions, skills) survives; the copy just adds your local model to it.
|
|
57
|
+
3. **Run.** anon-pi execs `netcage run --proxy <proxy> --allow-direct <ANON_PI_LLM> -it -v <workdir> -v <seed>:/anon-pi-seed:ro <image> sh -c 'cp /anon-pi-seed/models.json ~/.pi/agent/ && exec pi'`.
|
|
57
58
|
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
By default anon-pi mounts the seeded config at `/opt/pi-agent` and points pi there with `PI_CODING_AGENT_DIR`. This absolute, image-independent path is chosen so the podman mount target and pi's config dir agree without anon-pi having to guess your image's home directory.
|
|
61
|
-
|
|
62
|
-
If you would rather pi's config live at its **standard** `~/.pi/agent` inside the container, set `ANON_PI_AGENT_MOUNT` to that home's **absolute** path, e.g. `ANON_PI_AGENT_MOUNT=/root/.pi/agent` for an image that runs as `root` (or `/home/<user>/.pi/agent` otherwise). The value must be absolute: podman does not expand `~`, and anon-pi rejects a `~`-relative or relative value rather than mounting it at a literal `~` directory. Both the mount target and `PI_CODING_AGENT_DIR` always stay in lockstep.
|
|
59
|
+
pi has no default model set in the seed, so on start it auto-selects the first available model, your local one (it needs no real API key). Everything that runs, and everything that identifies you, lives in the **image**, not the seed (see below).
|
|
63
60
|
|
|
64
61
|
## Providing a pi image
|
|
65
62
|
|
|
@@ -73,33 +70,59 @@ podman build -t localhost/anon-pi-pi:latest -f Dockerfile.pi .
|
|
|
73
70
|
export ANON_PI_IMAGE=localhost/anon-pi-pi:latest
|
|
74
71
|
```
|
|
75
72
|
|
|
76
|
-
The image only needs `pi` reachable on `PATH`. anon-pi passes `pi` as the run command and mounts pi's config
|
|
73
|
+
The image only needs `pi` reachable on `PATH`. anon-pi passes `pi` as the run command (via a small copy-then-exec step) and never mounts over pi's config dir, so the image needs **no `ENTRYPOINT` and no config volume** (unlike pi's upstream `Dockerfile.pi`, which is written for running pi directly).
|
|
77
74
|
|
|
78
75
|
A community image also exists ([`gni/pi-coding-agent-container`](https://github.com/gni/pi-coding-agent-container)); it is third-party and unvetted, so review it yourself before trusting it with your (anonymized) credentials.
|
|
79
76
|
|
|
80
|
-
|
|
77
|
+
### Extensions, skills, and their services go in the image
|
|
81
78
|
|
|
82
|
-
anon-pi **
|
|
79
|
+
anon-pi deliberately imports **only your local model** (see below), never your extensions or skills. That is on purpose: your extension set is an identity fingerprint, extensions run code and can leak, and many need a runtime that a copied folder cannot carry (for example `pi-webveil` needs a running searxng). The right home for capabilities is the **image**, where they are installed once, reviewably, with clean config:
|
|
83
80
|
|
|
84
|
-
```
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
81
|
+
```dockerfile
|
|
82
|
+
FROM node:24-bookworm-slim
|
|
83
|
+
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
84
|
+
bash ca-certificates git ripgrep && rm -rf /var/lib/apt/lists/*
|
|
85
|
+
RUN npm install -g --ignore-scripts @earendil-works/pi-coding-agent
|
|
86
|
+
|
|
87
|
+
# Extensions are installed with `pi install` (which records them in settings),
|
|
88
|
+
# NOT a global npm install:
|
|
89
|
+
# RUN pi install npm:pi-webveil
|
|
90
|
+
# ...and an extension that needs a service (pi-webveil -> searxng) also installs
|
|
91
|
+
# and configures that service in the image. Its egress is forced through the
|
|
92
|
+
# socks proxy by netcage at runtime, so it must be happy with proxy-only,
|
|
93
|
+
# DNS-through-proxy networking.
|
|
94
|
+
|
|
95
|
+
WORKDIR /work
|
|
88
96
|
```
|
|
89
97
|
|
|
90
|
-
|
|
98
|
+
Because anon-pi copies `models.json` **into** the image's own `~/.pi/agent` rather than replacing it, extensions installed in the image stay active in the anon session.
|
|
99
|
+
|
|
100
|
+
A worked example ships in this package: [`examples/Dockerfile.pi-webveil`](examples/Dockerfile.pi-webveil) builds pi + the `pi-webveil` extension + a local SearXNG (over a Unix socket, `http-socket` so webveil's `unix:` baseUrl can speak HTTP to it, JSON API on, limiter off), started by an entrypoint that then execs anon-pi's command. Note the anonymity subtlety it documents: SearXNG's own crawl is anonymized here **because netcage forces every process's egress through the proxy**, so webveil's plain `egress: direct` is correct in-jail (the usual "local SearXNG leaks your IP" caveat does not apply).
|
|
91
101
|
|
|
92
|
-
##
|
|
102
|
+
## Generating the seed (`anon-pi import`)
|
|
93
103
|
|
|
94
|
-
|
|
104
|
+
anon-pi **never** copies your real pi config. Instead, `anon-pi import` synthesizes a minimal seed from your local model:
|
|
95
105
|
|
|
96
106
|
```sh
|
|
97
|
-
|
|
107
|
+
export ANON_PI_LLM=192.168.1.150:8080
|
|
108
|
+
anon-pi import
|
|
98
109
|
```
|
|
99
110
|
|
|
111
|
+
It reads your host `~/.pi/agent/models.json` (override with `ANON_PI_SOURCE_MODELS`), finds the provider whose `baseUrl` serves `ANON_PI_LLM` (matched on host:port, so `192.168.1.150:8080` matches `http://192.168.1.150:8080/v1`), and writes **just that provider** to `<ANON_PI_CONFIG>/models.json`. Everything else, your paid providers and their API keys, your sessions, your trust list, your extensions, is left behind on the host.
|
|
112
|
+
|
|
113
|
+
- If no provider matches `ANON_PI_LLM`, it errors and lists the providers it did find.
|
|
114
|
+
- If the matched provider carries a real-looking `apiKey` (not `none`/`ollama`/empty), it warns but proceeds (for a local model this is usually fine).
|
|
115
|
+
- It refuses to overwrite an existing seed unless you pass `--force`.
|
|
116
|
+
|
|
117
|
+
To reseed (e.g. after changing your local model), re-run `anon-pi import --force`.
|
|
118
|
+
|
|
119
|
+
## Trusting `/work`
|
|
120
|
+
|
|
121
|
+
pi treats a mounted project as untrusted until approved. For a smooth start, have the **image** trust `/work` (bake a `trust.json` mapping `/work` to `true` into the image's `~/.pi/agent`), or approve once inside a session. anon-pi does not synthesize pi's `trust.json`; it belongs in the image, alongside the extensions.
|
|
122
|
+
|
|
100
123
|
## Overriding the config per workdir
|
|
101
124
|
|
|
102
|
-
|
|
125
|
+
pi also supports a **project-local** config at `<cwd>/.pi/`, which layers on top of the image's global config. Since your workdir is pi's cwd (`/work`), you can drop a `/work/.pi/` (i.e. `<workdir>/.pi/`) into the folder to override settings for that folder only. anon-pi does nothing special for this; it is pi's normal project-over-global layering.
|
|
103
126
|
|
|
104
127
|
## Platform
|
|
105
128
|
|
package/dist/anon-pi.d.ts
CHANGED
|
@@ -1,15 +1,23 @@
|
|
|
1
1
|
/** The container path the workdir is mounted at (pi's cwd). */
|
|
2
2
|
export declare const CONTAINER_WORKDIR = "/work";
|
|
3
3
|
/**
|
|
4
|
-
*
|
|
5
|
-
*
|
|
6
|
-
*
|
|
7
|
-
*
|
|
8
|
-
*
|
|
4
|
+
* Where the seed (just models.json) is mounted read-only in the container. The
|
|
5
|
+
* run command copies models.json FROM here INTO the container's own
|
|
6
|
+
* ~/.pi/agent, so it LAYERS onto the image's config (extensions/skills the image
|
|
7
|
+
* installed survive) instead of replacing it. This is why we mount+copy rather
|
|
8
|
+
* than mount-as-agent-dir: mounting over ~/.pi/agent would shadow the image's
|
|
9
|
+
* extensions.
|
|
9
10
|
*/
|
|
10
|
-
export declare const
|
|
11
|
-
/**
|
|
12
|
-
|
|
11
|
+
export declare const CONTAINER_SEED_DIR = "/anon-pi-seed";
|
|
12
|
+
/**
|
|
13
|
+
* The container command: copy the seeded models.json into pi's own config dir
|
|
14
|
+
* (creating it if absent), then exec pi. `$HOME/.pi/agent` is pi's default
|
|
15
|
+
* config dir when PI_CODING_AGENT_DIR is unset, i.e. exactly where the image
|
|
16
|
+
* installed pi + any extensions, so the copy augments rather than shadows.
|
|
17
|
+
*/
|
|
18
|
+
export declare const CONTAINER_RUN_CMD: string;
|
|
19
|
+
/** The single file the seed carries: pi's model/provider registry. */
|
|
20
|
+
export declare const MODELS_FILE = "models.json";
|
|
13
21
|
/** Inputs resolved from the environment + argv, injected so this stays pure. */
|
|
14
22
|
export interface AnonPiEnv {
|
|
15
23
|
/** $HOME (or an override) used to derive default paths. */
|
|
@@ -27,63 +35,99 @@ export interface AnonPiEnv {
|
|
|
27
35
|
/** XDG_CONFIG_HOME, if set (used to derive the default anon-pi home). */
|
|
28
36
|
xdgConfigHome?: string;
|
|
29
37
|
/**
|
|
30
|
-
*
|
|
31
|
-
*
|
|
32
|
-
*
|
|
33
|
-
*
|
|
34
|
-
* be mounted literally. Rejected if it starts with `~` or is not absolute.
|
|
38
|
+
* Absolute path to the Dockerfile.pi that ships with anon-pi, used only to
|
|
39
|
+
* make the missing-image error's build command concrete. cli.ts resolves it
|
|
40
|
+
* from import.meta.url; when absent the message falls back to a bare
|
|
41
|
+
* `Dockerfile.pi`.
|
|
35
42
|
*/
|
|
36
|
-
|
|
43
|
+
dockerfilePath?: string;
|
|
44
|
+
/** `import` source models.json override (ANON_PI_SOURCE_MODELS). */
|
|
45
|
+
sourceModels?: string;
|
|
46
|
+
/** The host pi agent dir override (PI_CODING_AGENT_DIR), used to find models.json. */
|
|
47
|
+
piAgentDir?: string;
|
|
37
48
|
}
|
|
38
49
|
/** The fully-resolved run plan cli.ts executes. */
|
|
39
50
|
export interface RunPlan {
|
|
40
51
|
/** Absolute workdir on the host (mounted at /work). */
|
|
41
52
|
workdir: string;
|
|
42
|
-
/** The
|
|
43
|
-
sessionAgentDir: string;
|
|
44
|
-
/** The canonical seed dir to copy FROM (read-only by convention). */
|
|
53
|
+
/** The seed dir on the host (holds models.json), mounted read-only at /anon-pi-seed. */
|
|
45
54
|
configSeed: string;
|
|
46
|
-
/** The absolute container path the session config is mounted at (== pi's config dir). */
|
|
47
|
-
agentMount: string;
|
|
48
|
-
/** True iff the session dir does not exist yet and must be seeded from configSeed. */
|
|
49
|
-
needsSeed: boolean;
|
|
50
55
|
/** The argv passed to `netcage` (after the `netcage` program name). */
|
|
51
56
|
netcageArgs: string[];
|
|
52
57
|
}
|
|
53
58
|
/** A user-facing error whose message is meant to be printed verbatim (no stack). */
|
|
54
59
|
export declare class AnonPiError extends Error {
|
|
55
60
|
}
|
|
56
|
-
/**
|
|
57
|
-
* Resolve the container agent-mount path: ANON_PI_AGENT_MOUNT or the default.
|
|
58
|
-
* It MUST be an absolute container path, because it is BOTH the podman `-v`
|
|
59
|
-
* target AND pi's PI_CODING_AGENT_DIR, and podman (unlike pi) does not expand
|
|
60
|
-
* `~`. A `~`-relative or relative value is rejected loudly rather than silently
|
|
61
|
-
* mounted at a literal `~` directory or a cwd-relative path.
|
|
62
|
-
*/
|
|
63
|
-
export declare function resolveAgentMount(env: AnonPiEnv): string;
|
|
64
|
-
/** Resolve the anon-pi home dir (holds the canonical seed + per-session state). */
|
|
61
|
+
/** Resolve the anon-pi home dir (holds the seed). */
|
|
65
62
|
export declare function resolveAnonPiHome(env: AnonPiEnv): string;
|
|
66
|
-
/** The
|
|
63
|
+
/** The seed dir (holds models.json), mounted read-only into the container. */
|
|
67
64
|
export declare function resolveConfigSeed(env: AnonPiEnv): string;
|
|
68
65
|
/**
|
|
69
|
-
*
|
|
70
|
-
*
|
|
71
|
-
*
|
|
66
|
+
* Normalise a proxy-less host:port key from an ANON_PI_LLM value or a provider
|
|
67
|
+
* baseUrl, so `192.168.1.150:8080` matches `http://192.168.1.150:8080/v1`.
|
|
68
|
+
* Returns `host` (no port) or `host:port`, lowercased, scheme/path stripped.
|
|
72
69
|
*/
|
|
73
|
-
export declare function
|
|
74
|
-
/**
|
|
75
|
-
|
|
70
|
+
export declare function hostPortKey(value: string): string;
|
|
71
|
+
/**
|
|
72
|
+
* A pi provider entry (as it appears under models.json `providers[name]`). Only
|
|
73
|
+
* the fields anon-pi reads are typed; the rest is preserved verbatim.
|
|
74
|
+
*/
|
|
75
|
+
export interface PiProvider {
|
|
76
|
+
baseUrl?: string;
|
|
77
|
+
apiKey?: string;
|
|
78
|
+
api?: string;
|
|
79
|
+
models?: unknown[];
|
|
80
|
+
[k: string]: unknown;
|
|
81
|
+
}
|
|
82
|
+
/** Parsed shape of a pi models.json (only `providers` is required). */
|
|
83
|
+
export interface PiModelsFile {
|
|
84
|
+
providers?: Record<string, PiProvider>;
|
|
85
|
+
[k: string]: unknown;
|
|
86
|
+
}
|
|
87
|
+
/** The result of picking the ANON_PI_LLM provider out of a host models.json. */
|
|
88
|
+
export interface ImportResult {
|
|
89
|
+
/** The provider key (e.g. "llamacpp-router"). */
|
|
90
|
+
name: string;
|
|
91
|
+
/** The barebones models.json to write (just the matched provider). */
|
|
92
|
+
models: PiModelsFile;
|
|
93
|
+
/** True if the matched provider's apiKey looks like a REAL secret (warn). */
|
|
94
|
+
apiKeyLooksReal: boolean;
|
|
95
|
+
}
|
|
96
|
+
/**
|
|
97
|
+
* PURE: given a parsed host models.json and the ANON_PI_LLM value, select the
|
|
98
|
+
* provider whose baseUrl points at that host:port and return a barebones
|
|
99
|
+
* models.json carrying ONLY that provider (verbatim, with its models). Throws
|
|
100
|
+
* AnonPiError if nothing matches. Carries no other provider (so etherplay /
|
|
101
|
+
* google / paid API keys never enter the seed).
|
|
102
|
+
*/
|
|
103
|
+
export declare function pickProviderForLlm(hostModels: PiModelsFile, llmDirect: string): ImportResult;
|
|
104
|
+
/**
|
|
105
|
+
* The default host models.json path `import` reads FROM. Overridable via
|
|
106
|
+
* ANON_PI_SOURCE_MODELS; defaults to the real pi config (~/.pi/agent/models.json
|
|
107
|
+
* under the container-less host HOME, or PI_CODING_AGENT_DIR if the user set it).
|
|
108
|
+
*/
|
|
109
|
+
export declare function resolveSourceModelsPath(env: AnonPiEnv): string;
|
|
76
110
|
/**
|
|
77
111
|
* Build the run plan from the environment + the (optional) workdir arg. PURE: it
|
|
78
|
-
* resolves paths and composes the netcage argv,
|
|
79
|
-
*
|
|
80
|
-
*
|
|
81
|
-
*
|
|
82
|
-
*
|
|
112
|
+
* resolves paths and composes the netcage argv, performing NO filesystem writes
|
|
113
|
+
* or spawns. It THROWS AnonPiError for the hard preconditions (missing image,
|
|
114
|
+
* missing llm, missing seed models.json) so the required inputs fail loud.
|
|
115
|
+
*
|
|
116
|
+
* The seed (models.json) is mounted READ-ONLY at /anon-pi-seed and copied into
|
|
117
|
+
* the container's own ~/.pi/agent by the run command, so it LAYERS onto the
|
|
118
|
+
* image's config (image-installed extensions/skills survive) rather than
|
|
119
|
+
* shadowing it.
|
|
120
|
+
*/
|
|
121
|
+
export declare function buildRunPlan(env: AnonPiEnv, workdirArg: string | undefined, seedModelsExists: (modelsJsonPath: string) => boolean): RunPlan;
|
|
122
|
+
/**
|
|
123
|
+
* Absolute path to the Dockerfile.pi that ships with anon-pi, resolved from this
|
|
124
|
+
* module's location (package root, one level up from dist/anon-pi.js), or
|
|
125
|
+
* undefined if it cannot be found. Used only to make the missing-image error's
|
|
126
|
+
* build command concrete.
|
|
83
127
|
*/
|
|
84
|
-
export declare function
|
|
128
|
+
export declare function shippedDockerfilePath(): string | undefined;
|
|
85
129
|
/** Read the AnonPiEnv from a process env map (kept separate so tests inject one). */
|
|
86
130
|
export declare function envFromProcess(penv: Record<string, string | undefined>): AnonPiEnv;
|
|
87
131
|
/** The --help text (kept here so it is covered by the same module). */
|
|
88
|
-
export declare const HELP = "anon-pi - launch pi inside a netcage (anonymized egress + one direct local model)\n\nUSAGE\n anon-pi [WORKDIR]\n\n WORKDIR the host folder pi works in (mounted at /work).
|
|
132
|
+
export declare const HELP = "anon-pi - launch pi inside a netcage (anonymized egress + one direct local model)\n\nUSAGE\n anon-pi [WORKDIR] launch pi jailed, working in WORKDIR (default: cwd)\n anon-pi import write the seed models.json from your local model\n\n WORKDIR the host folder pi works in (mounted at /work; pi's cwd). Files pi\n writes there land on the host.\n\nWHAT IT DOES\n Runs pi inside netcage with all web/DNS egress forced through the socks5h\n proxy (fail-closed) and ONE direct hole to your local model (ANON_PI_LLM).\n The seed models.json is mounted read-only and COPIED into the container's own\n ~/.pi/agent at start, so it layers onto the image's config: extensions and\n skills you baked into the image survive. Requires `netcage`.\n\nimport\n Reads your host ~/.pi/agent/models.json, picks the provider whose baseUrl\n serves ANON_PI_LLM, and writes JUST that provider to the seed\n (<ANON_PI_CONFIG>/models.json). No other provider's API keys, no sessions, no\n identity. Re-run with --force to overwrite an existing seed.\n\nENVIRONMENT\n ANON_PI_IMAGE (required for run) image with `pi` on PATH. No image yet?\n Running anon-pi without it prints a ready-to-build\n Dockerfile.pi recipe; see the README (Providing a pi image).\n ANON_PI_LLM (required) RFC1918/link-local IP[:port] of the local model\n ANON_PI_PROXY socks5h URL (default socks5h://127.0.0.1:9050)\n ANON_PI_HOME anon-pi home (default $XDG_CONFIG_HOME/anon-pi or ~/.config/anon-pi)\n ANON_PI_CONFIG seed dir holding models.json (default <ANON_PI_HOME>/agent)\n ANON_PI_SOURCE_MODELS (import) host models.json to read (default ~/.pi/agent/models.json)\n\nRESEED\n anon-pi import --force regenerates the seed models.json.\n\nPLATFORM\n Linux only (via netcage's netns/nft jail). On macOS/Windows it works only\n inside a Linux VM, where --allow-direct to a LAN model is VM-boundary-sensitive.\n";
|
|
89
133
|
//# sourceMappingURL=anon-pi.d.ts.map
|
package/dist/anon-pi.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"anon-pi.d.ts","sourceRoot":"","sources":["../src/anon-pi.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"anon-pi.d.ts","sourceRoot":"","sources":["../src/anon-pi.ts"],"names":[],"mappings":"AAyBA,+DAA+D;AAC/D,eAAO,MAAM,iBAAiB,UAAU,CAAC;AAEzC;;;;;;;GAOG;AACH,eAAO,MAAM,kBAAkB,kBAAkB,CAAC;AAElD;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB,QAGpB,CAAC;AAEX,sEAAsE;AACtE,eAAO,MAAM,WAAW,gBAAgB,CAAC;AAEzC,gFAAgF;AAChF,MAAM,WAAW,SAAS;IACzB,2DAA2D;IAC3D,IAAI,EAAE,MAAM,CAAC;IACb,2DAA2D;IAC3D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mFAAmF;IACnF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mEAAmE;IACnE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,2DAA2D;IAC3D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,qEAAqE;IACrE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,yEAAyE;IACzE,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;;;;OAKG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,oEAAoE;IACpE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,sFAAsF;IACtF,UAAU,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,mDAAmD;AACnD,MAAM,WAAW,OAAO;IACvB,uDAAuD;IACvD,OAAO,EAAE,MAAM,CAAC;IAChB,wFAAwF;IACxF,UAAU,EAAE,MAAM,CAAC;IACnB,uEAAuE;IACvE,WAAW,EAAE,MAAM,EAAE,CAAC;CACtB;AAID,oFAAoF;AACpF,qBAAa,WAAY,SAAQ,KAAK;CAAG;AAEzC,qDAAqD;AACrD,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,SAAS,GAAG,MAAM,CAOxD;AAED,8EAA8E;AAC9E,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,SAAS,GAAG,MAAM,CAGxD;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAOjD;AAED;;;GAGG;AACH,MAAM,WAAW,UAAU;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC;IACnB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CACrB;AAED,uEAAuE;AACvE,MAAM,WAAW,YAAY;IAC5B,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACvC,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CACrB;AAED,gFAAgF;AAChF,MAAM,WAAW,YAAY;IAC5B,iDAAiD;IACjD,IAAI,EAAE,MAAM,CAAC;IACb,sEAAsE;IACtE,MAAM,EAAE,YAAY,CAAC;IACrB,6EAA6E;IAC7E,eAAe,EAAE,OAAO,CAAC;CACzB;AAKD;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CACjC,UAAU,EAAE,YAAY,EACxB,SAAS,EAAE,MAAM,GACf,YAAY,CAkCd;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,SAAS,GAAG,MAAM,CAS9D;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,YAAY,CAC3B,GAAG,EAAE,SAAS,EACd,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,gBAAgB,EAAE,CAAC,cAAc,EAAE,MAAM,KAAK,OAAO,GACnD,OAAO,CA+ET;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,IAAI,MAAM,GAAG,SAAS,CAc1D;AAED,qFAAqF;AACrF,wBAAgB,cAAc,CAC7B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,GACtC,SAAS,CAaX;AAED,uEAAuE;AACvE,eAAO,MAAM,IAAI,o6DAsChB,CAAC"}
|