@dyyz1993/pi-cli
Pi Agent project scaffolding CLI
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:etc-passwd-access | AI (semgrep): Fires in a test file asserting that /etc/passwd access is denied — this is a security test, not credential harvesting. | ai | |
| semgrep | semgrep:env-spread | AI (semgrep): Fires in a dev-script template that spawns child processes; passing process.env to subprocess is standard and not a security risk here. | ai |
Versions (showing 9 of 9)
| Version | Deps | Published |
|---|---|---|
| 1.8.0 | 0 / 0 | |
| 1.7.0 | 0 / 0 | |
| 1.6.0 | 0 / 0 | |
| 1.5.0 | 0 / 0 | |
| 1.4.0 | 0 / 0 | |
| 1.3.0 | 0 / 0 | |
| 1.2.0 | 0 / 0 | |
| 1.1.0 | 0 / 0 | |
| 1.0.0 | 0 / 0 |
v1.8.0
13 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/dyyz1993/pi-agent-template/blob/d3b89b0815fa235845e8343486f5642c9e4578e8/templates/agent/scripts/dev.ts#L108 106 | cwd: ROOT, 107 | stdio: ["pipe", "pipe", "pipe"], > 108 | env: { ...process.env }, 109 | }); 110 |
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/dyyz1993/pi-agent-template/blob/d3b89b0815fa235845e8343486f5642c9e4578e8/templates/agent/src/shared/handlers/__tests__/file-handler.test.ts#L28 26 | const { validatePath, setAllowedRoots } = await import("../../lib/path-security"); 27 | setAllowedRoots(["/safe/dir"]); > 28 | expect(() => validatePath("/etc/passwd")).toThrow( 29 | "Access denied", 30 | );
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/dyyz1993/pi-agent-template/blob/d3b89b0815fa235845e8343486f5642c9e4578e8/templates/agent/src/shared/lib/__tests__/path-security.test.ts#L26 24 | 25 | it("should reject paths outside project root", () => { > 26 | expect(isRpcPathAllowed("/etc/passwd")).toBe(false); 27 | expect(isRpcPathAllowed("/etc/shadow")).toBe(false); 28 | });
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/dyyz1993/pi-agent-template/blob/d3b89b0815fa235845e8343486f5642c9e4578e8/templates/agent/src/shared/lib/__tests__/path-security.test.ts#L27 25 | it("should reject paths outside project root", () => { 26 | expect(isRpcPathAllowed("/etc/passwd")).toBe(false); > 27 | expect(isRpcPathAllowed("/etc/shadow")).toBe(false); 28 | }); 29 |
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/dyyz1993/pi-agent-template/blob/d3b89b0815fa235845e8343486f5642c9e4578e8/templates/agent/src/shared/lib/__tests__/path-security.test.ts#L31 29 | 30 | it("should reject path traversal attempts", () => { > 31 | expect(isRpcPathAllowed(`${originalCwd}/../../../etc/passwd`)).toBe(false); 32 | }); 33 |
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/dyyz1993/pi-agent-template/blob/d3b89b0815fa235845e8343486f5642c9e4578e8/templates/agent/src/shared/lib/__tests__/path-security.test.ts#L35 33 | 34 | it("should reject paths with encoded traversal", () => { > 35 | expect(isRpcPathAllowed(`${originalCwd}/%2e%2e/etc/passwd`)).toBe(false); 36 | }); 37 |
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/dyyz1993/pi-agent-template/blob/d3b89b0815fa235845e8343486f5642c9e4578e8/templates/agent/src/shared/lib/__tests__/path-security.test.ts#L40 38 | it("should handle relative paths", () => { 39 | expect(isRpcPathAllowed("./src/main.ts")).toBe(true); > 40 | expect(isRpcPathAllowed("../../etc/passwd")).toBe(false); 41 | }); 42 |
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/dyyz1993/pi-agent-template/blob/d3b89b0815fa235845e8343486f5642c9e4578e8/templates/agent/src/shared/lib/__tests__/path-security.test.ts#L44 42 | 43 | it("should handle null bytes", () => { > 44 | expect(isRpcPathAllowed(`${originalCwd}/file.txt\0/etc/passwd`)).toBe(false); 45 | }); 46 |
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/dyyz1993/pi-agent-template/blob/d3b89b0815fa235845e8343486f5642c9e4578e8/templates/agent/src/shared/lib/__tests__/path-security.test.ts#L61 59 | 60 | it("should throw for paths outside allowed roots", () => { > 61 | expect(() => validatePath("/etc/passwd")).toThrow("Access denied"); 62 | }); 63 |
Accessing /etc/passwd or /etc/shadow — credential harvesting on Linux Source: https://github.com/dyyz1993/pi-agent-template/blob/d3b89b0815fa235845e8343486f5642c9e4578e8/templates/agent/src/shared/lib/__tests__/path-security.test.ts#L65 63 | 64 | it("should throw for path traversal attempts", () => { > 65 | expect(() => validatePath("../../../etc/passwd")).toThrow("Access denied"); 66 | }); 67 |
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/dyyz1993/pi-agent-template/blob/d3b89b0815fa235845e8343486f5642c9e4578e8/templates/chat/scripts/dev.ts#L108 106 | cwd: ROOT, 107 | stdio: ["pipe", "pipe", "pipe"], > 108 | env: { ...process.env }, 109 | }); 110 |
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/dyyz1993/pi-agent-template/blob/d3b89b0815fa235845e8343486f5642c9e4578e8/templates/general/scripts/dev.ts#L108 106 | cwd: ROOT, 107 | stdio: ["pipe", "pipe", "pipe"], > 108 | env: { ...process.env }, 109 | }); 110 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.7.0
4 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/dyyz1993/pi-agent-template/blob/023160286135d71da48b4947e2a0b7ca619e529e/templates/agent/scripts/dev.ts#L108 106 | cwd: ROOT, 107 | stdio: ["pipe", "pipe", "pipe"], > 108 | env: { ...process.env }, 109 | }); 110 |
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/dyyz1993/pi-agent-template/blob/023160286135d71da48b4947e2a0b7ca619e529e/templates/chat/scripts/dev.ts#L108 106 | cwd: ROOT, 107 | stdio: ["pipe", "pipe", "pipe"], > 108 | env: { ...process.env }, 109 | }); 110 |
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/dyyz1993/pi-agent-template/blob/023160286135d71da48b4947e2a0b7ca619e529e/templates/general/scripts/dev.ts#L108 106 | cwd: ROOT, 107 | stdio: ["pipe", "pipe", "pipe"], > 108 | env: { ...process.env }, 109 | }); 110 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.0
4 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/dyyz1993/pi-agent-template/blob/df2f86d1cc3f3940d381997d8325781188b83fc8/templates/agent/scripts/dev.ts#L108 106 | cwd: ROOT, 107 | stdio: ["pipe", "pipe", "pipe"], > 108 | env: { ...process.env }, 109 | }); 110 |
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/dyyz1993/pi-agent-template/blob/df2f86d1cc3f3940d381997d8325781188b83fc8/templates/chat/scripts/dev.ts#L108 106 | cwd: ROOT, 107 | stdio: ["pipe", "pipe", "pipe"], > 108 | env: { ...process.env }, 109 | }); 110 |
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/dyyz1993/pi-agent-template/blob/df2f86d1cc3f3940d381997d8325781188b83fc8/templates/general/scripts/dev.ts#L108 106 | cwd: ROOT, 107 | stdio: ["pipe", "pipe", "pipe"], > 108 | env: { ...process.env }, 109 | }); 110 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.0
4 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/dyyz1993/pi-agent-template/blob/4b944f0e7b5a2400b6834e0e53f2dfab80f2e4f7/templates/agent/scripts/dev.ts#L108 106 | cwd: ROOT, 107 | stdio: ["pipe", "pipe", "pipe"], > 108 | env: { ...process.env }, 109 | }); 110 |
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/dyyz1993/pi-agent-template/blob/4b944f0e7b5a2400b6834e0e53f2dfab80f2e4f7/templates/chat/scripts/dev.ts#L108 106 | cwd: ROOT, 107 | stdio: ["pipe", "pipe", "pipe"], > 108 | env: { ...process.env }, 109 | }); 110 |
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/dyyz1993/pi-agent-template/blob/4b944f0e7b5a2400b6834e0e53f2dfab80f2e4f7/templates/general/scripts/dev.ts#L108 106 | cwd: ROOT, 107 | stdio: ["pipe", "pipe", "pipe"], > 108 | env: { ...process.env }, 109 | }); 110 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.0
4 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/dyyz1993/pi-agent-template/blob/6852d8406ba5a19d1ef5a8e4ac19080fddc4c696/templates/agent/scripts/dev.ts#L108 106 | cwd: ROOT, 107 | stdio: ["pipe", "pipe", "pipe"], > 108 | env: { ...process.env }, 109 | }); 110 |
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/dyyz1993/pi-agent-template/blob/6852d8406ba5a19d1ef5a8e4ac19080fddc4c696/templates/chat/scripts/dev.ts#L108 106 | cwd: ROOT, 107 | stdio: ["pipe", "pipe", "pipe"], > 108 | env: { ...process.env }, 109 | }); 110 |
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/dyyz1993/pi-agent-template/blob/6852d8406ba5a19d1ef5a8e4ac19080fddc4c696/templates/general/scripts/dev.ts#L108 106 | cwd: ROOT, 107 | stdio: ["pipe", "pipe", "pipe"], > 108 | env: { ...process.env }, 109 | }); 110 |
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.3.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.2.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.1.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.0.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.