{"id":50233129,"url":"https://github.com/mwolff44/pi-secured-setup","last_synced_at":"2026-07-06T07:01:31.727Z","repository":{"id":365654404,"uuid":"1232149221","full_name":"mwolff44/pi-secured-setup","owner":"mwolff44","description":"Secure setup and permission hardening extension for the Pi coding agent.","archived":false,"fork":false,"pushed_at":"2026-06-18T10:00:14.000Z","size":142,"stargazers_count":6,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-06-18T10:21:28.684Z","etag":null,"topics":["coding-agent","hardening","permissions","pi","pi-extension","policy","security","skill-verification"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mwolff44.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-07T16:29:18.000Z","updated_at":"2026-06-17T11:36:14.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/mwolff44/pi-secured-setup","commit_stats":null,"previous_names":["mwolff44/pi-secured-setup"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/mwolff44/pi-secured-setup","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mwolff44%2Fpi-secured-setup","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mwolff44%2Fpi-secured-setup/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mwolff44%2Fpi-secured-setup/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mwolff44%2Fpi-secured-setup/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mwolff44","download_url":"https://codeload.github.com/mwolff44/pi-secured-setup/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mwolff44%2Fpi-secured-setup/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35180933,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-06T02:00:07.184Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["coding-agent","hardening","permissions","pi","pi-extension","policy","security","skill-verification"],"created_at":"2026-05-26T19:00:32.258Z","updated_at":"2026-07-06T07:01:31.713Z","avatar_url":"https://github.com/mwolff44.png","language":"TypeScript","funding_links":[],"categories":["Extensions"],"sub_categories":[],"readme":"# Pi Secured Setup\n\nA distributable pi-agent extension providing multi-layer security: **Guards** that block dangerous actions, **Scanners** that detect risks, and an **audit trail** that records everything.\n\n## Installation\n\n```bash\n# Install from git\npi install git:github.com/mwolff44/pi-secured-setup\n\n# Pin to a version\npi install git:github.com/mwolff44/pi-secured-setup@v1.0.0\n\n# Update (pulls latest, never touches local config)\npi update pi-secured-setup\n```\n\n## What It Does\n\n### Guards (block before execution)\n\n| Guard | Applies To | Behavior |\n|-------|-----------|----------|\n| **Boundary** | `read`, `write`, `edit` | Blocks writes outside the project directory (`cwd`). Confirms reads outside boundary. External paths can be whitelisted. |\n| **Protected paths** | `read`, `write`, `edit` | Blocks writes to sensitive files (`.env`, `*.key`, `*.pem`, etc.). Confirms reads. Patterns are configurable. |\n| **Bash gate** | `bash` | Classifies commands as SAFE / MODERATE / DANGEROUS / EXTERNAL. Dangerous and external commands require confirmation. Unknown commands also require confirmation. |\n\nAll three guards run in a **single combined handler** (ADR-0001) with fixed order: boundary → protected-paths → bash-gate. First block wins.\n\n### Scanners (observe, don't block)\n\n| Scanner | Mechanism | Behavior |\n|---------|-----------|----------|\n| **Secret scanner** | `before_provider_request` | Recursively walks the provider payload for strings matching 15+ secret patterns (AWS keys, LLM keys, private keys, DB connection strings, GitHub tokens, etc.). Redacts as `***REDACTED:{pattern-name}***`. Provider-agnostic. |\n| **Skill scanner** | `session_start` | Hashes `SKILL.md` for every discovered skill. Prompts for approval of new or changed skills. Previously skipped/unapproved skills show a notification only. |\n\n### Audit log\n\nEvery guard and scanner action is recorded as a JSONL entry in `~/.pi/agent/security/audit.jsonl`. The log rotates automatically (default: 10MB per file, 3 files retained).\n\n## Commands\n\n| Command | Description |\n|---------|-------------|\n| `/security` | Dashboard — blocked/confirmed counts, recent events, skill status |\n| `/security:skills` | Re-trigger skill approval flow for all skills |\n| `/security:trust \u003cskill\u003e` | Approve a skill by name, persist to config |\n| `/security:allow \u003cpath\u003e` | Add an external path to the allowed list |\n| `/security:clean [days]` | Trim audit log entries older than N days (default: 30) |\n\n## Configuration\n\nConfiguration is loaded from three layers, merged in priority order:\n\n```\n1. defaults/              — shipped with the package\n2. ~/.pi/agent/security/  — machine-specific overrides\n3. .pi/security/          — project-specific overrides (relative to cwd)\n```\n\nPattern lists are **additive** — each layer can add new patterns. A `!` prefix **excludes** an inherited pattern:\n\n```jsonc\n// .pi/security/protected-paths.json — project override\n{\n  \"patterns\": [\n    \"!*secret*\",        // Remove the inherited *secret* pattern\n    \"config/local.json\" // Add a project-specific pattern\n  ],\n  \"readAction\": \"allow\" // Override: don't confirm reads for protected files\n}\n```\n\nNon-pattern fields (like `writeAction`, `readAction`) in later layers replace earlier values.\n\n### Config files\n\n| File | Purpose |\n|------|---------|\n| `protected-paths.json` | Glob patterns for sensitive files + read/write actions |\n| `command-rules.json` | Regex patterns for SAFE / MODERATE / DANGEROUS / EXTERNAL command classification |\n| `allowed-external.json` | Paths outside the project boundary that are allowed |\n| `audit-config.json` | Log rotation settings (`maxFileSize`, `maxFiles`) |\n| `skill-approvals.json` | Auto-managed — skill hashes + approval decisions |\n\n### Per-project example\n\nTo add project-specific security rules, create a `.pi/security/` directory in your project root:\n\n```bash\nmkdir -p .pi/security\n```\n\nThen add any of these files:\n\n```jsonc\n// .pi/security/protected-paths.json\n{\n  \"patterns\": [\n    \"config/production.json\",\n    \"secrets/*.yml\"\n  ]\n}\n```\n\n```jsonc\n// .pi/security/command-rules.json\n{\n  \"dangerous\": [\n    \"terraform destroy\",\n    \"kubectl delete\"\n  ]\n}\n```\n\n```jsonc\n// .pi/security/allowed-external.json\n{\n  \"paths\": [\n    \"../shared-lib\"\n  ]\n}\n```\n\n## Architecture\n\nSee [CONTEXT.md](CONTEXT.md) for domain terminology and [docs/adr/](docs/adr/) for architectural decision records.\n\n```\nextensions/\n  security.ts           # Entry point\nlib/\n  config.ts             # Three-layer config merge with ! exclusion\n  guard-pipeline.ts     # Single combined tool_call handler (ADR-0001)\n  boundary.ts           # Boundary evaluation (ADR-0003)\n  protected-paths.ts    # Protected path glob matching\n  bash-gate.ts          # Command classification (SAFE/MODERATE/DANGEROUS/EXTERNAL)\n  secret-scanner.ts     # Provider-agnostic secret redaction (ADR-0002)\n  skill-scanner.ts      # SKILL.md hash verification (ADR-0004)\n  audit.ts              # JSONL audit log + rotation + /security commands\n  utils.ts              # Shared helpers\ndefaults/\n  protected-paths.json  # Default global protected patterns\n  command-rules.json    # Default command classification rules\n  allowed-external.json # Default allowed external paths\n  audit-config.json     # Default rotation settings\n```\n\n## First-run experience\n\n1. Extension loads → detects no `~/.pi/agent/security/` directory\n2. Creates directory with default configs\n3. Scans all skills → prompts approval for each one (once)\n4. Ready — all guards and scanners active\n\n## Emergency bypass\n\nThere is no bypass flag. If a guard is too restrictive:\n1. Edit the config file (`~/.pi/agent/security/` or `.pi/security/`)\n2. Run `/reload` to apply changes\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmwolff44%2Fpi-secured-setup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmwolff44%2Fpi-secured-setup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmwolff44%2Fpi-secured-setup/lists"}