pi-crew 0.5.19 → 0.5.21

package/CHANGELOG.md

@@ -1,5 +1,61 @@
 # Changelog
 
+## [0.5.21] — Ultimate Final Sweep: HIGH Security + Correctness Fixes (2026-06-03)
+
+### Highlights
+- **safe-bash line-continuation bypass fixed** — `$\n(evil)` now blocked
+- **scheduledJobs dead code fixed** — settings sanitizer now passes through scheduled jobs
+- **Memory-bounded file reads** — `readIfSmall` uses `fs.readSync` with buffer instead of full file read
+- **Event log corruption detection** — `scanSequence` logs warnings for corrupt JSON lines
+
+### Security
+- `safe-bash.ts`: All structural checks now use `normalized` string (stripped line continuations)
+- `\$\s*\(` regex catches `$<newline>(evil)` → `$(evil)` bypass that bash interprets as command substitution
+- Added 2 regression tests for line-continuation bypass
+
+### Fixes
+- `settings-store.ts`: `sanitizeSettings()` now copies `scheduledJobs` as opaque array
+- `task-output-context.ts`: `readIfSmall` uses `Buffer.alloc` + `fs.readSync` instead of `readFileSync` + `slice`
+- `event-log.ts`: `scanSequence` counts and logs corrupt JSON lines via `logInternalError`
+
+### Stats
+- Test suite: 2703 pass + 1 skip, 0 fail
+- TypeScript: 0 errors
+- Total issues fixed across 37 rounds: ~155+
+
+## [0.5.20] — Verification Sweep: 7 Fixes (2026-06-03)
+
+### Highlights
+- **Correctness bug fixed**: `enforceLabelCap` could silently evict actively-used metric entries
+- `Date` removed from forbidden globals (was blocking legitimate workflow scripts)
+- `scheduledJobs` properly typed in `CrewSettings` interface
+- 3 new tests for metric MRU eviction behavior
+
+### Fixes
+
+#### Correctness
+- `Counter.inc()` and `Gauge.set()` now delete-then-set to move keys to MRU position
+- Previously, `enforceLabelCap` could evict an entry that was just updated
+
+#### Consistency
+- Removed `Date` from `FORBIDDEN_GLOBALS` in `DynamicScriptRunner`
+- `Date` is not dangerous — was causing false positives for `myDate`, `updateDate`, etc.
+- `DynamicScriptRunner` and `WorkflowSandbox` now consistent
+
+#### Type Safety
+- Added `scheduledJobs?: unknown[]` to `CrewSettings` interface
+- Removed `as any` cast in `register.ts` (now uses `as ScheduledJob`)
+
+#### Code Quality
+- Removed dead `reason` variable in `settings-store.ts`
+- Added trailing newline to `event-bus.ts` (POSIX compliance)
+- Added 3 tests for Counter/Gauge MRU eviction behavior
+
+### Stats
+- Test suite: 2658+ pass + 1 skip, 0 fail
+- TypeScript: 0 errors
+- Security: All 7 SEC-* issues confirmed still fixed
+
 ## [0.5.19] — Final Sweep: 8 MEDIUM/LOW Fixes + 2 Test Fixes (2026-06-03)
 
 ### Highlights

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pi-crew",
-  "version": "0.5.19",
+  "version": "0.5.21",
   "description": "Pi extension for coordinated AI teams, workflows, worktrees, and async task orchestration",
   "author": "baphuongna",
   "license": "MIT",

package/src/extension/register.ts

@@ -18,6 +18,7 @@ import {
 } from "./async-notifier.ts";
 import { registerAutonomousPolicy } from "./autonomous-policy.ts";
 import { registerCleanupHandler } from "./crew-cleanup.ts";
+import type { ScheduledJob } from "../runtime/scheduler.ts";
 import { clearHooks } from "../hooks/registry.ts";
 import { notifyActiveRuns } from "./session-summary.ts";
 
@@ -1339,10 +1340,10 @@ export function registerPiTeams(pi: ExtensionAPI): void {
 		// Uses a global symbol so the module doesn't need a direct circular import.
 		(globalThis as Record<symbol | string, unknown>)[Symbol.for("pi-crew:scheduler")] = crewScheduler;
 		// Load scheduled jobs from settings if present
-		if (Array.isArray((crewSettings as any).scheduledJobs)) {
-			for (const job of (crewSettings as any).scheduledJobs) {
+		if (Array.isArray(crewSettings.scheduledJobs)) {
+			for (const job of crewSettings.scheduledJobs) {
 				try {
-					crewScheduler.add(job);
+					crewScheduler.add(job as ScheduledJob);
 				} catch {
 					/* skip invalid */
 				}

package/src/observability/event-bus.ts

@@ -79,4 +79,4 @@ class EventBus {
  * This bus is retained for future observability/SIEM integration.
  * See also: progress-tracker.ts which emits agent:progress events.
  */
-export const crewEventBus = EventBus.getInstance();
+export const crewEventBus = EventBus.getInstance();

package/src/observability/metrics-primitives.ts

@@ -79,6 +79,9 @@ export class Counter extends Metric {
 		if (!Number.isFinite(delta) || delta < 0) return;
 		const key = labelKey(labels);
 		const current = this.values.get(key) ?? { labels: normalizeLabels(labels), value: 0 };
+		// Delete before set to move key to end of insertion order (MRU).
+		// Without this, enforceLabelCap could evict an actively-used entry.
+		this.values.delete(key);
 		this.values.set(key, { labels: current.labels, value: current.value + delta });
 		enforceLabelCap(this.values, this.name);
 	}
@@ -97,7 +100,10 @@ export class Gauge extends Metric {
 
 	set(labels: MetricLabels = {}, value: number): void {
 		if (!Number.isFinite(value)) return;
-		this.values.set(labelKey(labels), { labels: normalizeLabels(labels), value });
+		const key = labelKey(labels);
+		// Delete before set to move key to end of insertion order (MRU).
+		this.values.delete(key);
+		this.values.set(key, { labels: normalizeLabels(labels), value });
 		enforceLabelCap(this.values, this.name);
 	}
 

package/src/runtime/dynamic-script-runner.ts

@@ -7,7 +7,6 @@ import { WorkflowSandbox, type SandboxOptions } from "./sandbox.ts";
  * These are checked during AST validation before execution.
  */
 export const FORBIDDEN_GLOBALS = [
-	"Date",
 	"Math.random",
 	"require",
 	"import",

package/src/runtime/settings-store.ts

@@ -11,6 +11,8 @@ export interface CrewSettings {
 	defaultJoinMode?: JoinMode;
 	schedulingEnabled?: boolean;
 	notifierIntervalMs?: number;
+	/** Scheduled jobs loaded from settings — opaque, passed to crewScheduler */
+	scheduledJobs?: unknown[];
 }
 
 const MAX_CONCURRENT_CEILING = 1024;
@@ -55,6 +57,10 @@ function sanitizeSettings(raw: unknown): CrewSettings {
 	if (typeof r.notifierIntervalMs === "number" && r.notifierIntervalMs >= 1000) {
 		out.notifierIntervalMs = r.notifierIntervalMs;
 	}
+	// Pass through scheduledJobs as opaque array (validated by crewScheduler.add)
+	if (Array.isArray(r.scheduledJobs)) {
+		out.scheduledJobs = r.scheduledJobs;
+	}
 	return out;
 }
 
@@ -71,7 +77,6 @@ function readSettingsFile(filePath: string): CrewSettings {
 	try {
 		return sanitizeSettings(JSON.parse(fs.readFileSync(filePath, "utf-8")));
 	} catch (err) {
-		const reason = err instanceof Error ? err.message : String(err);
 		logInternalError("settings-store.read", err, `Ignoring malformed settings at ${filePath}`);
 		return {};
 	}

package/src/runtime/task-output-context.ts

@@ -34,7 +34,17 @@ function readIfSmall(filePath: string, maxBytes = 24_000, baseDir?: string): str
 	try {
 		const safePath = baseDir ? resolveRealContainedPath(baseDir, filePath) : filePath;
 		const stat = fs.statSync(safePath);
-		if (stat.size > maxBytes) return `${fs.readFileSync(safePath, "utf-8").slice(0, maxBytes)}\n\n...(truncated ${stat.size - maxBytes} bytes)`;
+		if (stat.size > maxBytes) {
+			// Use bounded read to avoid loading entire file into memory
+			const buf = Buffer.alloc(maxBytes);
+			const fd = fs.openSync(safePath, "r");
+			try {
+				fs.readSync(fd, buf, 0, maxBytes, 0);
+			} finally {
+				fs.closeSync(fd);
+			}
+			return `${buf.toString("utf-8")}\n\n...(truncated ${stat.size - maxBytes} bytes)`;
+		}
 		return fs.readFileSync(safePath, "utf-8");
 	} catch {
 		return undefined;

package/src/state/event-log.ts

@@ -149,12 +149,18 @@ function parseSequence(raw: string): number | undefined {
 export function scanSequence(eventsPath: string): number {
 	if (!fs.existsSync(eventsPath)) return 0;
 	let max = 0;
+	let skipped = 0;
 	for (const line of fs.readFileSync(eventsPath, "utf-8").split("\n")) {
 		if (!line.trim()) continue;
 		try {
 			const event = JSON.parse(line) as TeamEvent;
 			max = Math.max(max, event.metadata?.seq ?? 0);
-		} catch { /* skip corrupt lines without incrementing sequence */ }
+		} catch {
+			skipped++;
+		}
+	}
+	if (skipped > 0) {
+		logInternalError("event-log.scanSequence.corrupt_lines", undefined, `${eventsPath}: skipped ${skipped} corrupt line(s)`);
 	}
 	return max;
 }

package/src/tools/safe-bash.ts

@@ -201,22 +201,23 @@ export function isDangerous(command: string, options: SafeBashOptions = {}): str
 	}
 
 	// Additional shell injection checks using regex for non-critical patterns
-	// Block command substitution $(...)
-	if (/\$\([^)]*\)/.test(command)) {
+	// Block command substitution $(...)  — use normalized to prevent $\n(evil) bypass
+	// Also match $<space>(...) which is the normalized form of $\n(evil)
+	if (/\$\s*\([^)]*\)/.test(normalized)) {
 		return "Command blocked by safe_bash: command substitution $(...) is not allowed";
 	}
 	// Block backtick substitution
 	const backtickRe = /`[^`]*`/;
-	if (backtickRe.test(command)) {
+	if (backtickRe.test(normalized)) {
 		return "Command blocked by safe_bash: backtick substitution is not allowed";
 	}
 	// Block here-docs <<
-	if (/<<\s*['"]?[\w-]+['"]?/.test(command) || /\$<<\s*['"]?[\w-]+['"]?/.test(command)) {
+	if (/<<\s*['"]?[\w-]+['"]?/.test(normalized) || /\$<<\s*['"]?[\w-]+['"]?/.test(normalized)) {
 		return "Command blocked by safe_bash: here-doc is not allowed";
 	}
-	// Block ${...} variable expansion containing shell metacharacters (pipes, redirects, &&/||)
+	// Block ${...} variable expansion containing shell metacharacters
 	const varExpRe = /\$\{([^}]*)\}/;
-	const varMatch = command.match(varExpRe);
+	const varMatch = normalized.match(varExpRe);
 	if (varMatch && /[|&;<>]/.test(varMatch[1])) {
 		return "Command blocked by safe_bash: variable expansion with shell metacharacters is not allowed";
 	}