npm - pi-crew - Versions diffs - 0.5.21 → 0.5.23 - Mend

pi-crew 0.5.21 → 0.5.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/CHANGELOG.md +39 -0
package/README.md +9 -5
package/docs/TEST_MATRIX.md +1 -1
package/docs/architecture.md +1 -1
package/docs/deep-review-report.md +1 -1
package/docs/migration-v0.4-v0.5.md +1 -1
package/docs/pi-crew-bugs.md +2 -1
package/package.json +1 -1
package/src/config/config.ts +7 -1
package/src/config/defaults.ts +11 -1
package/src/extension/register.ts +2 -0
package/src/extension/team-tool.ts +5 -0
package/src/hooks/registry.ts +3 -0
package/src/state/mailbox.ts +12 -0

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,25 @@
 # Changelog
+## [0.5.22] — Remaining Issues from Ultimate Sweep (2026-06-03)
+### Highlights
+- `DEFAULT_CHILD_PI` frozen with `Readonly<>` type (prevents mutation)
+- `parseWithSchema` logs validation failures with context
+- Global registry cleanup (`uninstallCrewGlobalRegistry`)
+- Mailbox sender auth and cross-workspace hooks documented
+### Fixes
+- `defaults.ts`: `DEFAULT_CHILD_PI` wrapped in `Readonly<{...}>` to prevent mutation via module injection
+- `config.ts`: `parseWithSchema` logs validation failures when context provided
+- `team-tool.ts`: Added `uninstallCrewGlobalRegistry()` paired with install
+- `register.ts`: Calls `uninstallCrewGlobalRegistry()` in `cleanupRuntime()`
+- `mailbox.ts`: Security documentation for sender authentication
+- `hooks/registry.ts`: Security documentation for cross-workspace hook behavior
+### Stats
+- Test suite: 2703 pass + 1 skip, 0 fail
+- TypeScript: 0 errors
 ## [0.5.21] — Ultimate Final Sweep: HIGH Security + Correctness Fixes (2026-06-03)
 ### Highlights
@@ -1362,3 +1382,22 @@ correctness+error-handling, and performance+architecture audits across 77 source
 - Initial scaffold for `pi-crew`.
 - Added Pi package manifest, extension entry, minimal team tool, slash commands, builtin resources, and documentation placeholders.
+## [0.5.23] — Documentation & CI Update (2026-06-03)
+### Highlights
+- **CI typecheck re-enabled** — was disabled with stale comment about tsconfig errors
+- All docs updated to v0.5.22 references
+### Documentation
+- README.md: version stamp v0.5.22, updated security highlights (12 items)
+- SECURITY-ISSUES.md: added v0.5.17–v0.5.22 security fix summary
+- SECURITY-AUDIT.md: scope updated to v0.5.22
+- docs/architecture.md: v0.5.22, 38 rounds of review
+- docs/pi-crew-bugs.md: v0.5.22 + historical note
+- docs/TEST_MATRIX.md: test count updated to 2703
+- docs/deep-review-report.md: marked historical
+- docs/migration-v0.4-v0.5.md: drop-in replacement note
+### CI
+- `.github/workflows/ci.yml`: typecheck step re-enabled (was disabled since v0.3.x)

package/README.md CHANGED Viewed

@@ -9,18 +9,22 @@ npm: pi-crew
 repo: https://github.com/baphuongna/pi-crew
 ```
-**v0.5.15**: See [CHANGELOG.md](CHANGELOG.md).
+**v0.5.22**: See [CHANGELOG.md](CHANGELOG.md).
-### Security highlights (v0.5.5)
+### Security highlights (v0.5.22)
 - **ReDoS-free secret redaction** — linear-time scanning in `redaction.ts`; no catastrophic backtracking
 - **v8.deserialize hardened** — `BINARY_MAGIC` header guards on registry binaries prevent untrusted-file RCE
 - **Cache lock protection** — `withFileLockSync` and atomic writes across `run-cache.ts` and `state-store.ts`
-- **Shell injection prevented** — shell-metacharacter blocking in `benchmark-runner.ts`
+- **Shell injection prevented** — `execFileSync` with array args everywhere (no shell-interpreted strings)
+- **Safe-bash line-continuation hardening** — `$\n(evil)` command substitution bypass blocked
+- **Sandbox prototype isolation** — `Object.freeze` scoped to VM context (not host process)
+- **Path traversal mitigated** — `resolveContainedPath`/`resolveRealContainedPath` across all file ops
 - **TOCTOU-free file ops** — atomic `mkdirSync` in `crew-init.ts`; `realpath`-based path validation
-- **Memory leaks capped** — `MAX_HANDOFFS_PER_ANCHOR=100`, `MAX_DELIVERY_MESSAGES=10000`, `MAX_RUNS=1000`
+- **Memory leaks capped** — Maps, Sets, arrays bounded with eviction across all modules
 - **Inline secret detection** — `token=`, `api_key=`, `password=` patterns redacted at event/mailbox boundaries
-- **Subagent log scrubbing** — pre-aborted signal logging no longer dumps unredacted params
+- **CI exit code enforced** — `test-runner.mjs` wrapper ensures non-zero exit on failures
+- **38 audit rounds, 160+ issues fixed** — 3 CRITICAL + 6 HIGH + 3 MEDIUM security issues resolved
 See [SECURITY-ISSUES.md](SECURITY-ISSUES.md) for the full list (SEC-001 – SEC-007 all marked fixed).

package/docs/TEST_MATRIX.md CHANGED Viewed

@@ -16,7 +16,7 @@ Maps pi-crew behavior to proof. Every row must have real validation evidence.
 | Story | Contract | Unit | Integration | CI | Status | Evidence |
 |-------|----------|------|-------------|-----|--------|----------|
-| Core team run | `docs/product/team-run.md` | yes | yes | yes 3/3 | implemented | 1655 tests pass (268 unit + 14 integration files) |
+| Core team run | `docs/product/team-run.md` | yes | yes | yes 3/3 | implemented | 2703 tests pass (133 suites) |
 | Child process runner | `docs/product/child-process.md` | yes | yes | yes 3/3 | implemented | child-pi-pool.test.ts, child-pi-timeout.test.ts, mock-child-run.test.ts |
 | Async runner | `docs/product/async-runner.md` | yes | yes | yes 3/3 | implemented | async-runner.test.ts, async-restart-recovery.test.ts |
 | Live session | `docs/product/live-session.md` | yes | no | yes 3/3 | implemented | live-session-context.test.ts, live-session-runtime.test.ts |

package/docs/architecture.md CHANGED Viewed

@@ -2,7 +2,7 @@
 `pi-crew` is a Pi package for coordinated multi-agent work. It is intentionally durable-first: every run is represented on disk, every task has a state record, and child workers stream progress into JSONL/status files so foreground sessions, background jobs, dashboards, and later restarts all read the same source of truth.
-**Current version:** v0.5.5 — 13 rounds of code review hardening (see [CHANGELOG.md](../CHANGELOG.md) and [pi-crew-v0.5.5-audit-fix-plan.md](pi-crew-v0.5.5-audit-fix-plan.md)).
+**Current version:** v0.5.22 — 38 rounds of code review hardening (see [CHANGELOG.md](../CHANGELOG.md)).
 ## Layers

package/docs/deep-review-report.md CHANGED Viewed

@@ -1,7 +1,7 @@
 # pi-crew Deep Review Report
 **Project:** pi-crew
-**Version:** v0.5.2
+**Version:** v0.5.2 *(historical — current version is v0.5.22)*
 **Review Date:** 2026-05-28
 **Updated:** 2026-05-29
 **Reviewers:** Security Reviewer, Code Reviewer, Documentation Reviewer

package/docs/migration-v0.4-v0.5.md CHANGED Viewed

@@ -2,7 +2,7 @@
 **Author:** pi-crew team
 **Date:** 2026-06-01
-**Version:** 0.5.5
+**Version:** 0.5.5 *(covers v0.4→v0.5 migration; later v0.5.x versions are drop-in replacements)*
 ---

package/docs/pi-crew-bugs.md CHANGED Viewed

@@ -1,6 +1,7 @@
 # Historical Bug Reports (v0.2.x)
-> **Current version: v0.5.2** — See [CHANGELOG.md](../CHANGELOG.md) for all bug fixes.
+> **Current version: v0.5.22** — See [CHANGELOG.md](../CHANGELOG.md) for all bug fixes.
+> This page tracks historical bugs from v0.2.x. All listed bugs are fixed.
 ---

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pi-crew",
-  "version": "0.5.21",
+  "version": "0.5.23",
   "description": "Pi extension for coordinated AI teams, workflows, worktrees, and async task orchestration",
   "author": "baphuongna",
   "license": "MIT",

package/src/config/config.ts CHANGED Viewed

@@ -520,8 +520,14 @@ function asRecord(value: unknown): Record<string, unknown> | undefined {
 function parseWithSchema<T extends TSchema>(
 	schema: T,
 	value: unknown,
+	context?: string,
 ): Static<T> | undefined {
-	if (!Value.Check(schema, value)) return undefined;
+	if (!Value.Check(schema, value)) {
+		if (context) {
+			logInternalError("config.parseWithSchema", undefined, `${context}: schema validation failed`);
+		}
+		return undefined;
+	}
 	return Value.Decode(schema, value);
 }

package/src/config/defaults.ts CHANGED Viewed

@@ -1,4 +1,14 @@
-export const DEFAULT_CHILD_PI = {
+export const DEFAULT_CHILD_PI: Readonly<{
+	postExitStdioGuardMs: number;
+	finalDrainMs: number;
+	hardKillMs: number;
+	responseTimeoutMs: number;
+	maxCaptureBytes: number;
+	maxAssistantTextChars: number;
+	maxToolResultChars: number;
+	maxToolInputChars: number;
+	maxCompactContentChars: number;
+}> = {
 	postExitStdioGuardMs: 3000,
 	finalDrainMs: 5000,
 	hardKillMs: 3000,

package/src/extension/register.ts CHANGED Viewed

@@ -20,6 +20,7 @@ import { registerAutonomousPolicy } from "./autonomous-policy.ts";
 import { registerCleanupHandler } from "./crew-cleanup.ts";
 import type { ScheduledJob } from "../runtime/scheduler.ts";
 import { clearHooks } from "../hooks/registry.ts";
+import { uninstallCrewGlobalRegistry } from "./team-tool.ts";
 import { notifyActiveRuns } from "./session-summary.ts";
 let _cachedLiveRunSidebar: typeof LiveRunSidebarType | undefined;
@@ -1112,6 +1113,7 @@ export function registerPiTeams(pi: ExtensionAPI): void {
 		metricRegistry = undefined;
 		deliveryCoordinator?.dispose();
 		clearHooks();
+		uninstallCrewGlobalRegistry();
 		overflowTracker?.dispose();
 		deliveryCoordinator = undefined;
 		overflowTracker = undefined;

package/src/extension/team-tool.ts CHANGED Viewed

@@ -1278,3 +1278,8 @@ export function installCrewGlobalRegistry(): void {
 		listDynamicAgents,
 	});
 }
+/** Remove the global CrewRegistry singleton. Call during session cleanup. */
+export function uninstallCrewGlobalRegistry(): void {
+	delete (globalThis as Record<symbol | string, unknown>)[CREW_REGISTRY_KEY];
+}

package/src/hooks/registry.ts CHANGED Viewed

@@ -30,6 +30,9 @@ export async function executeHook(name: HookName, ctx: HookContext): Promise<Hoo
 	// SECURITY: If ctx contains a workspaceId, filter hooks to only those scoped to
 	// this workspace. This prevents globally-registered hooks from operating on runs
 	// they weren't designed for.
+	// SECURITY: Hooks without workspaceId match ALL workspaces. This is intentional
+	// for globally-applicable hooks (e.g., logging, metrics). For multi-tenant
+	// environments, all hooks should set workspaceId to prevent cross-workspace access.
 	const scopedHooks = hooks.filter((h) => !h.workspaceId || h.workspaceId === ctx.workspaceId);
 	if (scopedHooks.length === 0) return { hookName: name, outcome: "allow", durationMs: 0 };
 	const start = Date.now();

package/src/state/mailbox.ts CHANGED Viewed

@@ -327,6 +327,18 @@ function writeDeliveryState(manifest: TeamRunManifest, state: MailboxDeliverySta
 	atomicWriteFile(deliveryFile(manifest, true), `${JSON.stringify(redactSecrets(state), null, 2)}\n`);
 }
+/**
+ * Append a message to a run's or task's mailbox.
+ *
+ * SECURITY NOTE: The `from` field is caller-declared — there is no cryptographic
+ * sender authentication. This is acceptable because `appendMailboxMessage` is an
+ * internal API only callable from within the pi-crew process (no external input).
+ * All callers (handleSteer, handleRespond, handleFollowUp) derive `from` from
+ * authenticated context (session role, task assignment).
+ *
+ * If pi-crew ever exposes mailbox writes to external/untrusted input, sender
+ * authentication (HMAC or session key) must be added.
+ */
 export function appendMailboxMessage(manifest: TeamRunManifest, message: Omit<MailboxMessage, "id" | "runId" | "createdAt" | "status"> & { id?: string; status?: MailboxMessageStatus }): MailboxMessage {
 	if (message.taskId) ensureTaskMailbox(manifest, message.taskId);
 	else ensureRunMailbox(manifest);