pi-agent-supervisor 1.0.0 → 1.1.0

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "pi-agent-supervisor",
-  "version": "1.0.0",
-  "description": "Runtime safety net for AI agents — blocks dangerous commands, protects files, enforces rate limits, and records sessions.",
+  "version": "1.1.0",
+  "description": "Runtime safety net for AI agents \u2014 blocks dangerous commands, protects files, enforces rate limits, and records sessions.",
   "keywords": [
     "pi-package",
     "pi-extension",
@@ -28,6 +28,7 @@
   },
   "files": [
     "src/",
+    "patterns/",
     "README.md",
     "AGENTS.md",
     "LICENSE"
@@ -40,5 +41,12 @@
     "extensions": [
       "./src/index.ts"
     ]
+  },
+  "scripts": {
+    "test": "vitest run",
+    "test:watch": "vitest"
+  },
+  "devDependencies": {
+    "vitest": "^2.0.0"
   }
-}
+}

package/patterns/container.txt

@@ -0,0 +1,9 @@
+# Container & runtime escape
+docker\s+run\s+.*--privileged
+docker\s+run\s+.*--pid=host
+docker\s+run\s+.*--network=host
+docker\s+run\s+.*-v\s+/:/host
+nsenter\s
+mount\s+/dev/sd
+capsh\s+--print
+systemd-nspawn

package/patterns/credentials.txt

@@ -0,0 +1,14 @@
+# Credential & secret access
+cat\s+.*~?/\.ssh/id_
+cat\s+.*~?/\.aws/credentials
+cat\s+.*~?/\.config/gcloud
+env\s*\|\s*grep\s+.*key
+env\s*\|\s*grep\s+.*token
+env\s*\|\s*grep\s+.*secret
+env\s*\|\s*grep\s+.*password
+find\s+.*-name\s+.*\.pem
+find\s+.*-name\s+.*\.key
+cat\s+/proc/\*/environ
+sqlite3\s+.*cookies
+cat\s+.*~?/\.netrc
+security\s+find-generic-password

package/patterns/crypto.txt

@@ -0,0 +1,10 @@
+# Cryptomining & resource abuse
+xmrig
+minerd
+cpuminer
+stratum
+nice\s+-n\s+-20
+chrt\s+-f\s+99
+stress-ng
+yes\s+>\s+/dev/null
+systemd-run\s+--scope\s+--property=CPUQuota

package/patterns/destructive.txt

@@ -0,0 +1,15 @@
+# Destructive commands
+rm\s+-rf\s+/\s
+rm\s+-rf\s+/$
+rm\s+-rf\s+~
+rm\s+-rf\s+\*
+git\s+push\s+.*--force
+git\s+push\s+.*-f\b
+sudo\s+
+chmod\s+777
+>\s*/dev/sd[a-z]
+dd\s+if=
+mkfs\.
+:(){ :|:& };:
+>\s*\.env
+>\s*\.git

package/patterns/evasion.txt

@@ -0,0 +1,10 @@
+# Evidence tampering & log wiping
+history\s+-c
+history\s+-d
+rm\s+-f\s+/var/log/
+>\s*/var/log/syslog
+shred\s+-u
+journalctl\s+.*--vacuum-time=1s
+auditctl\s+-e\s+0
+auditctl\s+-D
+logrotate\s+-f

package/patterns/hardware.txt

@@ -0,0 +1,8 @@
+# Firmware & hardware destruction
+flashrom
+nvme\s+format
+hdparm\s+.*--security-erase
+hdparm\s+.*--security-set-pass
+sg_format
+ipmitool
+efibootmgr

package/patterns/injection.txt

@@ -0,0 +1,7 @@
+# Process injection & manipulation
+LD_PRELOAD=
+gdb\s+-p
+strace\s+-p
+kill\s+-9\s+1\b
+kill\s+-SIGKILL\s+1\b
+echo\s+.*>\s+/proc/sys/kernel/core_pattern

package/patterns/network.txt

@@ -0,0 +1,12 @@
+# Network exfiltration & reverse shells
+curl\s+.*-F\s+'?file=@
+wget\s+.*--post-file=
+nc\s+-e\s+/bin
+ncat\s+.*--sh-exec
+python3?\s+-m\s+http\.server
+ssh\s+-R\s
+autossh\s+-R\s
+scp\s+.*@.*:
+rsync\s+.*@.*:
+dig\s+\+short\s+myip\.opendns\.com
+curl\s+ifconfig\.me

package/patterns/persistence.txt

@@ -0,0 +1,14 @@
+# Persistence & backdoors
+crontab\s+-e
+crontab\s+-l\s*\|
+\*\s+\*\s+\*\s+\*\s+\*
+systemctl\s+enable\s+--now
+>.*~?/\.bashrc
+>.*~?/\.bash_profile
+>.*~?/\.zshrc
+>.*~?/\.ssh/authorized_keys
+ssh-keygen
+chattr\s+\+i
+setfacl
+at\s+now
+batch\s

package/patterns/supplychain.txt

@@ -0,0 +1,7 @@
+# Supply chain — pipe-to-shell & untrusted installs
+curl\s+.*\|\s*bash
+curl\s+.*\|\s*sh
+wget\s+.*-qO-.*\|\s*bash
+wget\s+.*-qO-.*\|\s*sh
+pip\s+install\s+.*--index-url
+npm\s+install\s+.*--registry\s+http