pi-ketch 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,100 @@
1
+ # Contributing to pi-ketch
2
+
3
+ `pi-ketch` is a small adapter between Pi and the Ketch CLI. Contributions should stay focused on that boundary: tool schemas, argument construction, process handling, bounded output, Pi rendering, and the bundled research skill.
4
+
5
+ ## Before you start
6
+
7
+ Open an issue before beginning a broad feature or behavioral change. Small bug fixes, tests, and documentation corrections can go directly to a pull request.
8
+
9
+ Reproduce backend behavior with the Ketch CLI when possible. If the same problem occurs in a direct Ketch command, it probably belongs in the [Ketch repository](https://github.com/1broseidon/ketch). Include that reproduction when opening an issue here so maintainers can confirm which project owns the fix.
10
+
11
+ Do not report vulnerabilities in a public issue. Follow [SECURITY.md](./SECURITY.md) instead.
12
+
13
+ ## Development setup
14
+
15
+ You need:
16
+
17
+ - Node.js 22.14 or newer
18
+ - Pi 0.80.6 or newer for manual integration testing
19
+ - Ketch 0.11 or newer for optional live tests
20
+
21
+ Clone the repository and install dependencies:
22
+
23
+ ```sh
24
+ git clone https://github.com/sovorn-c/pi-ketch.git
25
+ cd pi-ketch
26
+ npm install
27
+ ```
28
+
29
+ Run the complete local check:
30
+
31
+ ```sh
32
+ npm run validate
33
+ ```
34
+
35
+ This runs the TypeScript checker, unit tests, and `npm pack --dry-run`.
36
+
37
+ ## Repository layout
38
+
39
+ - `src/tools/`: Pi tool definitions and Ketch argument builders
40
+ - `src/schemas.ts`: tool input schemas and limits
41
+ - `src/ketch.ts`: process execution, cancellation, timeouts, and crawl streaming
42
+ - `src/output.ts`: output bounds and temporary-file handling
43
+ - `src/format.ts`: model-facing Markdown formatting
44
+ - `src/render.ts`: Pi TUI rendering
45
+ - `skills/ketch/`: agent routing and research guidance
46
+ - `test/`: argument, process, and output tests
47
+
48
+ ## Testing changes
49
+
50
+ The unit tests use a fake Ketch executable. They do not require network access, credentials, Chromium, or a configured Ketch installation.
51
+
52
+ Add or update tests when changing:
53
+
54
+ - tool parameters or defaults
55
+ - generated CLI arguments
56
+ - validation and incompatible-option rules
57
+ - exit-code handling
58
+ - cancellation or timeout behavior
59
+ - crawl and output bounds
60
+ - formatted result shapes
61
+
62
+ Live tests are optional and should remain small. Use low result counts, short crawls, and public test pages. Never add API keys, tokens, local configuration, cache data, or machine-specific browser paths to the repository.
63
+
64
+ To load the checkout directly in Pi:
65
+
66
+ ```sh
67
+ pi --no-extensions -e ./src/index.ts
68
+ ```
69
+
70
+ Useful operator checks include:
71
+
72
+ ```sh
73
+ ketch version
74
+ ketch doctor
75
+ ```
76
+
77
+ A failed optional backend is not automatically a `pi-ketch` failure. Confirm that the backend is configured, then reproduce the call with Ketch directly.
78
+
79
+ ## Change guidelines
80
+
81
+ - Keep tool inputs bounded and preserve the limits in `src/schemas.ts`.
82
+ - Spawn commands without a shell and keep free-form input after `--`.
83
+ - Preserve cancellation, timeout, and Ketch exit-code behavior.
84
+ - Accept only HTTP and HTTPS URLs for scrape and crawl inputs.
85
+ - Treat fetched content as untrusted data, not agent instructions.
86
+ - Keep routine search provider-neutral. The operator chooses the default backend; agents should not hardcode one.
87
+ - Separate operator setup instructions from agent behavior in documentation and skills.
88
+ - Avoid adding another service SDK when Ketch already exposes the capability through its CLI.
89
+
90
+ ## Pull requests
91
+
92
+ Before submitting a pull request:
93
+
94
+ 1. Keep the change focused and explain the user-visible behavior.
95
+ 2. Add tests for changed behavior or explain why no test is needed.
96
+ 3. Run `npm run validate`.
97
+ 4. Update the README or bundled skill when tool behavior changes.
98
+ 5. Confirm that no credentials, local paths, generated archives, or cache files are included.
99
+
100
+ Maintainers handle version bumps, npm publishing, and release tags. Contributors should not change the package version unless a maintainer asks them to.
package/SECURITY.md ADDED
@@ -0,0 +1,81 @@
1
+ # Security policy
2
+
3
+ ## Supported versions
4
+
5
+ `pi-ketch` is a small community package and supports only its latest npm release.
6
+
7
+ | Version | Security fixes |
8
+ | --- | --- |
9
+ | Latest npm release | Yes |
10
+ | Older releases | No |
11
+
12
+ Before reporting a problem, confirm the installed version with:
13
+
14
+ ```sh
15
+ npm view pi-ketch version
16
+ node -p "require('$HOME/.pi/agent/npm/node_modules/pi-ketch/package.json').version"
17
+ ```
18
+
19
+ ## Report a vulnerability
20
+
21
+ Do not open a public issue for a suspected vulnerability. Use [GitHub private vulnerability reporting](https://github.com/sovorn-c/pi-ketch/security/advisories/new).
22
+
23
+ Include enough information to reproduce and assess the report:
24
+
25
+ - the `pi-ketch`, Pi, Ketch, Node.js, and operating-system versions
26
+ - the affected tool and parameters, with secrets removed
27
+ - expected and observed behavior
28
+ - a minimal reproduction or proof of concept
29
+ - the likely impact
30
+ - whether the behavior also occurs when running Ketch directly
31
+
32
+ Maintainers will respond and coordinate a fix on a best-effort basis. Please allow time for investigation before publishing details.
33
+
34
+ ## Reporting scope
35
+
36
+ Report problems here when they are caused by the Pi adapter, including:
37
+
38
+ - command or argument injection
39
+ - a URL validation bypass
40
+ - credentials or sensitive local data appearing in tool output
41
+ - failures in output bounds, crawl limits, cancellation, or timeout enforcement that create a security impact
42
+ - unsafe temporary-file handling
43
+ - misleading agent guidance that causes a concrete security boundary to be bypassed
44
+
45
+ If a direct Ketch CLI command reproduces the vulnerability, report it privately to the [Ketch maintainers](https://github.com/1broseidon/ketch/security) as well. Vulnerabilities in Pi itself belong in the [Pi repository](https://github.com/badlogic/pi-mono). Provider account and API issues should be reported to that provider.
46
+
47
+ The following are usually operational problems rather than vulnerabilities:
48
+
49
+ - a missing API key or optional backend
50
+ - an unreachable self-hosted service
51
+ - a search provider returning poor or unexpected results
52
+ - authentication, CAPTCHA, rate-limit, or anti-bot failures
53
+ - a target page returning malicious or inaccurate text without escaping the documented untrusted-content boundary
54
+
55
+ ## Security boundaries
56
+
57
+ ### Package execution
58
+
59
+ Pi packages run with the user's permissions. `pi-ketch` launches the configured Ketch executable directly, without a shell, and places free-form query input after `--`. The `KETCH_BIN` environment variable is operator-controlled and must point to a trusted executable.
60
+
61
+ ### Network access and SSRF
62
+
63
+ Scrape and crawl inputs accept only absolute HTTP and HTTPS URLs. This protocol check is not complete SSRF protection. Ketch can reach loopback addresses, private networks, cloud metadata services, and other HTTP services available from the host.
64
+
65
+ Do not expose these tools to untrusted users on a privileged network. Use network isolation or a sandbox when stronger outbound-access controls are required.
66
+
67
+ ### Untrusted content
68
+
69
+ Search results and fetched pages are untrusted data. They may contain prompt injection, misleading instructions, or hostile markup. Agents must use the content as research material and must not treat it as system or operator instructions.
70
+
71
+ ### Credentials and configuration
72
+
73
+ `pi-ketch` uses Ketch's existing configuration, environment variables, and supported credential sources such as the `gh` CLI. It does not copy API keys into Pi settings. Do not include credentials in prompts, bug reports, test fixtures, screenshots, or committed configuration.
74
+
75
+ ### Browser rendering
76
+
77
+ Forced browser rendering starts the Chromium executable configured in Ketch. Browser rendering does not bypass authentication, CAPTCHAs, or strong anti-bot controls. Keep Chromium updated and do not configure an untrusted browser binary.
78
+
79
+ ### Cache and temporary output
80
+
81
+ Ketch maintains a local page cache. When formatted output exceeds Pi's visible limit, `pi-ketch` may save the full result to a temporary file so Pi can read it later. Cached pages and temporary files can contain sensitive fetched content. Avoid scraping private pages unless the host and local storage are trusted, and remove sensitive cache or temporary data according to your operating environment's policy.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "pi-ketch",
3
- "version": "0.1.4",
3
+ "version": "0.1.5",
4
4
  "description": "Agent-native web research tools for Pi: multi-backend search, public code search, library docs, scraping, crawling, and browser rendering, powered by Ketch.",
5
5
  "type": "module",
6
6
  "license": "MIT",
@@ -28,6 +28,8 @@
28
28
  "src/",
29
29
  "skills/",
30
30
  "README.md",
31
+ "CONTRIBUTING.md",
32
+ "SECURITY.md",
31
33
  "LICENSE",
32
34
  "tsconfig.json"
33
35
  ],