npm - pi-crew - Versions diffs - 0.5.20 → 0.5.21 - Mend

pi-crew 0.5.20 → 0.5.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/CHANGELOG.md +23 -0
package/package.json +1 -1
package/src/runtime/settings-store.ts +4 -0
package/src/runtime/task-output-context.ts +11 -1
package/src/state/event-log.ts +7 -1
package/src/tools/safe-bash.ts +7 -6

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,28 @@
 # Changelog
+## [0.5.21] — Ultimate Final Sweep: HIGH Security + Correctness Fixes (2026-06-03)
+### Highlights
+- **safe-bash line-continuation bypass fixed** — `$\n(evil)` now blocked
+- **scheduledJobs dead code fixed** — settings sanitizer now passes through scheduled jobs
+- **Memory-bounded file reads** — `readIfSmall` uses `fs.readSync` with buffer instead of full file read
+- **Event log corruption detection** — `scanSequence` logs warnings for corrupt JSON lines
+### Security
+- `safe-bash.ts`: All structural checks now use `normalized` string (stripped line continuations)
+- `\$\s*\(` regex catches `$<newline>(evil)` → `$(evil)` bypass that bash interprets as command substitution
+- Added 2 regression tests for line-continuation bypass
+### Fixes
+- `settings-store.ts`: `sanitizeSettings()` now copies `scheduledJobs` as opaque array
+- `task-output-context.ts`: `readIfSmall` uses `Buffer.alloc` + `fs.readSync` instead of `readFileSync` + `slice`
+- `event-log.ts`: `scanSequence` counts and logs corrupt JSON lines via `logInternalError`
+### Stats
+- Test suite: 2703 pass + 1 skip, 0 fail
+- TypeScript: 0 errors
+- Total issues fixed across 37 rounds: ~155+
 ## [0.5.20] — Verification Sweep: 7 Fixes (2026-06-03)
 ### Highlights

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pi-crew",
-  "version": "0.5.20",
+  "version": "0.5.21",
   "description": "Pi extension for coordinated AI teams, workflows, worktrees, and async task orchestration",
   "author": "baphuongna",
   "license": "MIT",

package/src/runtime/settings-store.ts CHANGED Viewed

@@ -57,6 +57,10 @@ function sanitizeSettings(raw: unknown): CrewSettings {
 	if (typeof r.notifierIntervalMs === "number" && r.notifierIntervalMs >= 1000) {
 		out.notifierIntervalMs = r.notifierIntervalMs;
 	}
+	// Pass through scheduledJobs as opaque array (validated by crewScheduler.add)
+	if (Array.isArray(r.scheduledJobs)) {
+		out.scheduledJobs = r.scheduledJobs;
+	}
 	return out;
 }

package/src/runtime/task-output-context.ts CHANGED Viewed

@@ -34,7 +34,17 @@ function readIfSmall(filePath: string, maxBytes = 24_000, baseDir?: string): str
 	try {
 		const safePath = baseDir ? resolveRealContainedPath(baseDir, filePath) : filePath;
 		const stat = fs.statSync(safePath);
-		if (stat.size > maxBytes) return `${fs.readFileSync(safePath, "utf-8").slice(0, maxBytes)}\n\n...(truncated ${stat.size - maxBytes} bytes)`;
+		if (stat.size > maxBytes) {
+			// Use bounded read to avoid loading entire file into memory
+			const buf = Buffer.alloc(maxBytes);
+			const fd = fs.openSync(safePath, "r");
+			try {
+				fs.readSync(fd, buf, 0, maxBytes, 0);
+			} finally {
+				fs.closeSync(fd);
+			}
+			return `${buf.toString("utf-8")}\n\n...(truncated ${stat.size - maxBytes} bytes)`;
+		}
 		return fs.readFileSync(safePath, "utf-8");
 	} catch {
 		return undefined;

package/src/state/event-log.ts CHANGED Viewed

@@ -149,12 +149,18 @@ function parseSequence(raw: string): number | undefined {
 export function scanSequence(eventsPath: string): number {
 	if (!fs.existsSync(eventsPath)) return 0;
 	let max = 0;
+	let skipped = 0;
 	for (const line of fs.readFileSync(eventsPath, "utf-8").split("\n")) {
 		if (!line.trim()) continue;
 		try {
 			const event = JSON.parse(line) as TeamEvent;
 			max = Math.max(max, event.metadata?.seq ?? 0);
-		} catch { /* skip corrupt lines without incrementing sequence */ }
+		} catch {
+			skipped++;
+		}
+	}
+	if (skipped > 0) {
+		logInternalError("event-log.scanSequence.corrupt_lines", undefined, `${eventsPath}: skipped ${skipped} corrupt line(s)`);
 	}
 	return max;
 }

package/src/tools/safe-bash.ts CHANGED Viewed

@@ -201,22 +201,23 @@ export function isDangerous(command: string, options: SafeBashOptions = {}): str
 	}
 	// Additional shell injection checks using regex for non-critical patterns
-	// Block command substitution $(...)
-	if (/\$\([^)]*\)/.test(command)) {
+	// Block command substitution $(...)  — use normalized to prevent $\n(evil) bypass
+	// Also match $<space>(...) which is the normalized form of $\n(evil)
+	if (/\$\s*\([^)]*\)/.test(normalized)) {
 		return "Command blocked by safe_bash: command substitution $(...) is not allowed";
 	}
 	// Block backtick substitution
 	const backtickRe = /`[^`]*`/;
-	if (backtickRe.test(command)) {
+	if (backtickRe.test(normalized)) {
 		return "Command blocked by safe_bash: backtick substitution is not allowed";
 	}
 	// Block here-docs <<
-	if (/<<\s*['"]?[\w-]+['"]?/.test(command) || /\$<<\s*['"]?[\w-]+['"]?/.test(command)) {
+	if (/<<\s*['"]?[\w-]+['"]?/.test(normalized) || /\$<<\s*['"]?[\w-]+['"]?/.test(normalized)) {
 		return "Command blocked by safe_bash: here-doc is not allowed";
 	}
-	// Block ${...} variable expansion containing shell metacharacters (pipes, redirects, &&/||)
+	// Block ${...} variable expansion containing shell metacharacters
 	const varExpRe = /\$\{([^}]*)\}/;
-	const varMatch = command.match(varExpRe);
+	const varMatch = normalized.match(varExpRe);
 	if (varMatch && /[|&;<>]/.test(varMatch[1])) {
 		return "Command blocked by safe_bash: variable expansion with shell metacharacters is not allowed";
 	}