@akshaykarle/pi-tools

Pi coding agent extensions — security hardening, and more

Package details

← Back
extensionskill

Install @akshaykarle/pi-tools from npm and Pi will load the resources declared by the package manifest.

npm report
$ pi install npm:@akshaykarle/pi-tools
Package
@akshaykarle/pi-tools
Version
0.1.0
Published
May 2, 2026
Downloads
not available
Author
akshaykarle
License
MIT
Types
extension, skill
Size
56.7 MB
Dependencies
2 dependencies · 1 peer
Pi manifest JSON
{
  "extensions": [
    "./extensions/security.ts",
    "./extensions/sandbox.ts",
    "./extensions/agent-teams.ts",
    "./extensions/git-worktree.ts",
    "node_modules/@plannotator/pi-extension"
  ],
  "skills": [
    "./skills",
    "node_modules/@plannotator/pi-extension/skills"
  ]
}

Security note

Pi packages can execute code and influence agent behavior. Review the source before installing third-party packages.

README

@akshaykarle/pi-tools

Pi coding agent extensions for security hardening and productivity.

Installation

pi install @akshaykarle/pi-tools

Or add to your ~/.pi/agent/settings.json:

{
  "packages": ["@akshaykarle/pi-tools"]
}

Development

This repo uses nix-direnv. Once installed, run direnv allow once — deps from flake.nix auto-load on cd.

Without direnv: nix develop then npm install && npx tsc.

Extensions

security.ts

Defense-in-depth security extension that intercepts tool calls and results:

Hard blocks (no override):

  • Destructive filesystem commands (rm -rf /, mkfs, dd of=/dev, fork bombs)
  • Secret exfiltration (posting env vars to network, piping credential files to curl/nc)
  • Self-protection (cannot remove/modify security extension files or settings)

Confirmation required:

  • sudo commands
  • Permission changes (chmod, chown)
  • Destructive git operations (push --force, reset --hard, clean -f)
  • Privileged Docker containers
  • Network listeners

Secret masking:

  • Redacts known secret env var values from tool output
  • Covers *_SECRET, *_TOKEN, *_KEY, *_PASSWORD, *_CREDENTIAL patterns

Prompt injection detection:

  • Flags instruction hijacking attempts in file contents
  • Detects hidden text via zero-width Unicode characters
  • Catches markdown image/link exfiltration patterns
  • Warns (doesn't block) to avoid false positives on legitimate files

plannotator

Bundled from @plannotator/pi-extension. Interactive plan review for coding agents — annotate plans visually, share with your team, and automatically send feedback.

License

MIT