pi-mono-all 1.2.3 → 1.2.4

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # pi-mono-all
 
+## 1.2.4
+
+### Patch Changes
+
+- Bundle `pi-mono-sentinel@1.12.0` with project-scoped config stored under the Pi agent directory instead of the current working directory.
+
 ## 1.2.3
 
 ### Patch Changes

package/node_modules/pi-mono-sentinel/CHANGELOG.md

@@ -1,5 +1,11 @@
 # pi-mono-sentinel
 
+## 1.12.0
+
+### Changed
+
+- Store project-scoped Sentinel config under the Pi agent directory (`~/.pi/agent/extensions/sentinel/projects/`) instead of creating `.pi/extensions/sentinel.json` in the current working directory. Existing cwd-local config files are still read for compatibility.
+
 ## 1.11.0
 
 ### Minor Changes

package/node_modules/pi-mono-sentinel/README.md

@@ -14,11 +14,13 @@ It addresses cross-cutting security gaps that pure command-based guardrails miss
 Sentinel reads and merges optional JSON config from three scopes:
 
 1. Global: `$PI_CODING_AGENT_DIR/extensions/sentinel.json` or `~/.pi/agent/extensions/sentinel.json`
-2. Local/project: `.pi/extensions/sentinel.json` under the current working directory
+2. Local/project: a current-working-directory scoped file under `$PI_CODING_AGENT_DIR/extensions/sentinel/projects/` or `~/.pi/agent/extensions/sentinel/projects/`
 3. Memory: session-only grants written internally while Pi is running
 
 Merge priority is `memory > local > global > defaults`.
 
+Local/project config is stored in Pi's agent directory instead of the user's working directory, so Sentinel does not create `.pi/` files in arbitrary project folders. Existing legacy `.pi/extensions/sentinel.json` files are still read for compatibility, but new local/project writes go to the agent directory.
+
 ```json
 {
   "enabled": true,

package/node_modules/pi-mono-sentinel/__tests__/config.test.ts

@@ -1,7 +1,7 @@
 import assert from "node:assert/strict";
-import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import { existsSync, mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
 import { tmpdir } from "node:os";
-import { join } from "node:path";
+import { dirname, join } from "node:path";
 import { afterEach, beforeEach, describe, test } from "node:test";
 
 import { SentinelConfigLoader } from "../config.ts";
@@ -39,7 +39,7 @@ describe("SentinelConfigLoader", () => {
 		mkdirSync(join(agentDir, "extensions"), { recursive: true });
 		writeFileSync(loader.getConfigPath("global"), JSON.stringify({ pathAccess: { allowedPaths: ["/global"] } }), { flag: "w" });
 		loader.load(cwd);
-		mkdirSync(join(cwd, ".pi", "extensions"), { recursive: true });
+		mkdirSync(dirname(loader.getConfigPath("local")), { recursive: true });
 		writeFileSync(loader.getConfigPath("local"), JSON.stringify({ features: { pathAccess: true }, pathAccess: { allowedPaths: ["/local"] } }), { flag: "w" });
 		loader.load(cwd);
 		loader.save("memory", { pathAccess: { mode: "block", allowedPaths: ["/memory"] } });
@@ -49,12 +49,26 @@ describe("SentinelConfigLoader", () => {
 		assert.deepEqual(config.pathAccess.allowedPaths, ["/memory"]);
 	});
 
-	test("save writes global and local config files", () => {
+	test("save writes global and cwd-scoped local config files under the agent dir", () => {
 		const loader = new SentinelConfigLoader();
 		loader.load(cwd);
 		loader.save("global", { enabled: false });
 		loader.save("local", { features: { pathAccess: true } });
 		assert.deepEqual(loader.getRawConfig("global"), { enabled: false });
 		assert.deepEqual(loader.getRawConfig("local"), { features: { pathAccess: true } });
+		assert.equal(loader.getConfigPath("local").startsWith(join(agentDir, "extensions", "sentinel", "projects")), true);
+		assert.equal(existsSync(join(cwd, ".pi", "extensions", "sentinel.json")), false);
+	});
+
+	test("reads legacy cwd-local config without writing back to cwd", () => {
+		const loader = new SentinelConfigLoader();
+		mkdirSync(join(cwd, ".pi", "extensions"), { recursive: true });
+		writeFileSync(join(cwd, ".pi", "extensions", "sentinel.json"), JSON.stringify({ features: { pathAccess: true } }), { flag: "w" });
+
+		loader.load(cwd);
+		assert.equal(loader.getConfig().features.pathAccess, true);
+
+		loader.save("local", { pathAccess: { allowedPaths: ["/outside"] } });
+		assert.equal(existsSync(loader.getConfigPath("local")), true);
 	});
 });

package/node_modules/pi-mono-sentinel/__tests__/path-access.test.ts

@@ -44,7 +44,10 @@ describe("path-access helpers", () => {
 	});
 
 	test("derives and persists selected path-access grants with the correct scope and target", () => {
+		const originalAgentDir = process.env.PI_CODING_AGENT_DIR;
+		const agentDir = mkdtempSync(join(tmpdir(), "sentinel-path-access-agent-"));
 		const cwd = mkdtempSync(join(tmpdir(), "sentinel-path-access-cwd-"));
+		process.env.PI_CODING_AGENT_DIR = agentDir;
 		try {
 			configLoader.load(cwd);
 			configLoader.save("memory", { features: { pathAccess: true }, pathAccess: { mode: "ask", allowedPaths: [] } });
@@ -69,6 +72,9 @@ describe("path-access helpers", () => {
 			configLoader.addAllowedPath(localFileGrant.scope, localFileGrant.grant);
 			assert.ok(configLoader.getRawConfig("local")?.pathAccess?.allowedPaths?.includes("/tmp/outside-file.txt"));
 		} finally {
+			if (originalAgentDir === undefined) delete process.env.PI_CODING_AGENT_DIR;
+			else process.env.PI_CODING_AGENT_DIR = originalAgentDir;
+			rmSync(agentDir, { recursive: true, force: true });
 			rmSync(cwd, { recursive: true, force: true });
 		}
 	});

package/node_modules/pi-mono-sentinel/config.ts

@@ -1,6 +1,7 @@
+import { createHash } from "node:crypto";
 import { mkdirSync, readFileSync, writeFileSync } from "node:fs";
 import { homedir } from "node:os";
-import { dirname, join } from "node:path";
+import { basename, dirname, join, resolve } from "node:path";
 
 export type SentinelConfigScope = "global" | "local" | "memory";
 export type SentinelPathAccessMode = "allow" | "ask" | "block";
@@ -92,6 +93,20 @@ function writeJson(path: string, value: SentinelConfig): void {
 	writeFileSync(path, `${JSON.stringify(value, null, 2)}\n`, "utf-8");
 }
 
+function localScopeId(cwd: string): string {
+	const normalizedCwd = resolve(cwd);
+	const slug = (basename(normalizedCwd) || "root")
+		.replace(/[^a-zA-Z0-9._-]+/g, "-")
+		.replace(/^-+|-+$/g, "")
+		.slice(0, 48) || "root";
+	const hash = createHash("sha256").update(normalizedCwd).digest("hex").slice(0, 12);
+	return `${slug}-${hash}.json`;
+}
+
+function legacyLocalConfigPath(cwd: string): string {
+	return join(resolve(cwd), ".pi", "extensions", "sentinel.json");
+}
+
 function isPlainObject(value: unknown): value is Record<string, unknown> {
 	return typeof value === "object" && value !== null && !Array.isArray(value);
 }
@@ -127,7 +142,11 @@ export class SentinelConfigLoader {
 	load(cwd = process.cwd()): void {
 		this.localCwd = cwd;
 		this.globalConfig = readJson(this.getConfigPath("global"));
-		this.localConfig = readJson(this.getConfigPath("local"));
+		const legacyLocalConfig = readJson(legacyLocalConfigPath(this.localCwd));
+		const scopedLocalConfig = readJson(this.getConfigPath("local"));
+		this.localConfig = legacyLocalConfig && scopedLocalConfig
+			? mergeConfig(legacyLocalConfig, scopedLocalConfig)
+			: scopedLocalConfig ?? legacyLocalConfig;
 		this.resolvedConfig = undefined;
 	}
 
@@ -152,7 +171,7 @@ export class SentinelConfigLoader {
 	getConfigPath(scope: Exclude<SentinelConfigScope, "memory">): string {
 		return scope === "global"
 			? join(getAgentDir(), "extensions", "sentinel.json")
-			: join(this.localCwd, ".pi", "extensions", "sentinel.json");
+			: join(getAgentDir(), "extensions", "sentinel", "projects", localScopeId(this.localCwd));
 	}
 
 	save(scope: SentinelConfigScope, partial: SentinelConfig): void {

package/node_modules/pi-mono-sentinel/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pi-mono-sentinel",
-  "version": "1.11.0",
+  "version": "1.12.0",
   "description": "Pi extension that guards against content-based secret leaks and indirect script execution",
   "keywords": [
     "pi-package",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pi-mono-all",
-  "version": "1.2.3",
+  "version": "1.2.4",
   "description": "All pi-mono extensions and bundled skills",
   "type": "module",
   "keywords": [
@@ -9,24 +9,24 @@
     "pi-skill"
   ],
   "dependencies": {
-    "pi-mono-ask-user-question": "1.7.4",
     "pi-mono-auto-fix": "0.3.1",
+    "pi-mono-ask-user-question": "1.7.4",
     "pi-mono-btw": "1.7.4",
-    "pi-mono-context": "0.1.1",
     "pi-mono-clear": "1.7.3",
-    "pi-mono-figma": "0.2.2",
+    "pi-mono-context": "0.1.1",
     "pi-mono-context-guard": "1.7.3",
     "pi-mono-linear": "0.2.3",
-    "pi-mono-loop": "1.7.3",
-    "pi-mono-sentinel": "1.11.0",
-    "pi-mono-review": "1.8.2",
+    "pi-common": "0.1.1",
+    "pi-mono-figma": "0.2.2",
+    "pi-mono-multi-edit": "1.7.3",
+    "pi-mono-sentinel": "1.12.0",
     "pi-mono-simplify": "1.7.3",
+    "pi-mono-review": "1.8.2",
     "pi-mono-team-mode": "2.3.2",
-    "pi-mono-multi-edit": "1.7.3",
-    "pi-common": "0.1.1",
-    "pi-mono-web-search": "0.1.0",
     "pi-mono-status-line": "1.7.3",
-    "pi-mono-usage": "0.1.1"
+    "pi-mono-usage": "0.1.1",
+    "pi-mono-web-search": "0.1.0",
+    "pi-mono-loop": "1.7.3"
   },
   "bundledDependencies": [
     "pi-mono-ask-user-question",