v1.0.0: Initial Release
pi-secured-setup v1.0.0
A pi-agent extension providing multi-layer security: Guards that block dangerous actions, Scanners that detect risks, and an audit trail that records everything.
What's included
Guards (block before execution):
- Boundary enforcement — blocks writes outside project, confirms reads
- Protected paths — glob patterns for sensitive files (
.env,*.key, etc.) - Bash gate — classifies commands as SAFE/MODERATE/DANGEROUS/EXTERNAL
Scanners (observe, don't block):
- Secret scanner — 15+ patterns (AWS, Anthropic, OpenAI, GitHub, DB strings, etc.), provider-agnostic redaction
- Skill scanner — SKILL.md SHA-256 hash verification with prompt-once approval
Audit trail:
- JSONL append-only log with automatic rotation
/securitydashboard with blocked/confirmed counts and recent events
Commands
| Command | Description |
|---|---|
/security |
Dashboard |
/security:skills |
Re-trigger skill approval |
/security:trust <skill> |
Approve a skill by name |
/security:allow <path> |
Add allowed external path |
/security:clean [days] |
Trim audit log |
Installation
```bash
pi install git:github.com/mwolff44/pi-secured-setup
```
Tests
98 unit tests covering all guards, scanners, config merge, and path utilities.
```bash
npm test
```