@blackbelt-technology/pi-agent-dashboard
Web dashboard for monitoring and interacting with pi agent sessions
5
Versions
MIT
License
Yes
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
mbotondmrbencerobertcsakanynorbert.herczeg
Keywords
pi-package
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@blackbelt-technology/pi-dashboard-web | AI (phantom-deps): Same-org monorepo sibling; declared as dep but re-exported rather than directly imported. | ai | |
| phantom-deps | phantom-dep:@blackbelt-technology/pi-dashboard-server | AI (phantom-deps): Same-org monorepo sibling; declared as dep but re-exported rather than directly imported. | ai | |
| phantom-deps | phantom-dep:@blackbelt-technology/pi-dashboard-extension | AI (phantom-deps): Same-org monorepo sibling; declared as dep but re-exported rather than directly imported. | ai | |
| semgrep | semgrep:silent-process-exec-var | AI (semgrep): Same test-file dummy process spawn as silent-process-exec — benign test fixture. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Fires in test files saving/restoring process.env — standard test pattern, not credential exfiltration. | ai | |
| install-scripts | install-script:postinstall | AI (install-scripts): Fixes pty permissions for terminal emulation — expected for a Pi dashboard with terminal features. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Fires in CORS test asserting 127.0.0.1 localhost is allowed — not a malicious outbound connection. | ai | |
| semgrep | semgrep:etc-passwd-access | AI (semgrep): Fires in path-traversal rejection test asserting /etc/passwd is blocked — not credential harvesting. | ai | |
| semgrep | semgrep:silent-process-exec | AI (semgrep): Fires in test file spawning a dummy sleep process to test headless shutdown logic — not a reverse shell. | ai |
Versions (showing 5 of 5)
| Version | Deps | Published |
|---|---|---|
| 0.4.3 | 3 / 4 | |
| 0.4.1 | 3 / 4 | |
| 0.2.9 | 3 / 4 | |
| 0.2.8 | 3 / 4 | |
| 0.2.0 | 3 / 4 |
v0.4.3
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.9
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.2.8
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.