Skip to content

Releases: mwolff44/pi-secured-setup

v1.0.2

18 Jun 16:06
@mwolff44 mwolff44
v1.0.2
This tag was signed with the committer’s verified signature.
mwolff44 Mathias WOLFF
SSH Key Fingerprint: nF1UfjGPat9MgD9Z9yAc0R6v/jPvj0uNv8+WOJTyMzU
Verified
Learn about vigilant mode.
26727a7
This commit was signed with the committer’s verified signature.
mwolff44 Mathias WOLFF
SSH Key Fingerprint: nF1UfjGPat9MgD9Z9yAc0R6v/jPvj0uNv8+WOJTyMzU
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.2 Latest
Latest

Fixed

  • Patched non-bundled transitive dependencies reachable via @earendil-works/pi-ai@google/genai using npm overrides
  • Bumped protobufjs to 7.6.4 and ws to 8.21.0 in the non-bundled dependency tree

Security

Full Changelog: v1.0.1...v1.0.2

Assets 2
Loading

v1.0.1

18 Jun 15:46
@mwolff44 mwolff44
v1.0.1
This tag was signed with the committer’s verified signature.
mwolff44 Mathias WOLFF
SSH Key Fingerprint: nF1UfjGPat9MgD9Z9yAc0R6v/jPvj0uNv8+WOJTyMzU
Verified
Learn about vigilant mode.
020c743
This commit was signed with the committer’s verified signature.
mwolff44 Mathias WOLFF
SSH Key Fingerprint: nF1UfjGPat9MgD9Z9yAc0R6v/jPvj0uNv8+WOJTyMzU
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.1

Fixed

  • Resolved critical and high-severity security vulnerabilities
  • Fixed bugs in splitCommand and triggerSkillReview
  • Made subshell splitting quote-aware and improved audit redaction
  • Isolated audit tests from the real HOME directory and prevented skill name collisions
  • Addressed all remaining Copilot PR review findings

Changed

  • Migrated package namespace from @mariozechner to @earendil-works
  • Updated dependencies and documented future improvements

Full Changelog: v1.0.0...v1.0.1
v1.0.1

Loading

v1.0.0: Initial Release

07 May 16:41
@mwolff44 mwolff44
v1.0.0
f287884

Choose a tag to compare

View all tags
v1.0.0: Initial Release

pi-secured-setup v1.0.0

A pi-agent extension providing multi-layer security: Guards that block dangerous actions, Scanners that detect risks, and an audit trail that records everything.

What's included

Guards (block before execution):

  • Boundary enforcement — blocks writes outside project, confirms reads
  • Protected paths — glob patterns for sensitive files (.env, *.key, etc.)
  • Bash gate — classifies commands as SAFE/MODERATE/DANGEROUS/EXTERNAL

Scanners (observe, don't block):

  • Secret scanner — 15+ patterns (AWS, Anthropic, OpenAI, GitHub, DB strings, etc.), provider-agnostic redaction
  • Skill scanner — SKILL.md SHA-256 hash verification with prompt-once approval

Audit trail:

  • JSONL append-only log with automatic rotation
  • /security dashboard with blocked/confirmed counts and recent events

Commands

Command Description
/security Dashboard
/security:skills Re-trigger skill approval
/security:trust <skill> Approve a skill by name
/security:allow <path> Add allowed external path
/security:clean [days] Trim audit log

Installation

```bash
pi install git:github.com/mwolff44/pi-secured-setup
```

Tests

98 unit tests covering all guards, scanners, config merge, and path utilities.

```bash
npm test
```

Loading