@kiranpg/pi-sentry
A Pi extension that blocks sensitive file reads and redacts secrets before they reach the model or session history.
Package details
Install @kiranpg/pi-sentry from npm and Pi will load the resources declared by the package manifest.
$ pi install npm:@kiranpg/pi-sentry- Package
@kiranpg/pi-sentry- Version
0.1.1- Published
- Jun 2, 2026
- Downloads
- not available
- Author
- kiranpg
- License
- MIT
- Types
- extension
- Size
- 31.7 KB
- Dependencies
- 0 dependencies · 1 peer
Pi manifest JSON
{
"extensions": [
"./extensions/sentry.ts"
]
}Security note
Pi packages can execute code and influence agent behavior. Review the source before installing third-party packages.
README
pi-sentry
pi-sentry is a pi extension that helps protect credentials and secrets.
By default, it redacts secrets from inputs, tool output, and session history. In strict mode, it also blocks risky file reads, searches, commands, and tool calls. You can turn it off when needed.
Overview
pi-sentry protects against:
- Sensitive file reads: in strict mode, blocks access to files and directories like
.env,.npmrc,.aws/credentials,.kube/config,.ssh/,.docker/config.json, private keys, Terraform state/vars, and service-account JSON files. - Sensitive shell commands: in strict mode, blocks commands that may expose secrets, such as
cat .env,echo $OPENAI_API_KEY, scripts that echo secret env vars,rg token ~/.aws/credentials,printenv,gh auth token, andkubectl config view --raw. - Secrets in tool calls: in strict mode, blocks tool calls that contain secret-like values.
- Sensitive path search: in strict mode, blocks
grepsearches that target sensitive paths or globs. - Secrets in tool output: redacts secrets from tool output, including stderr and error details.
- Session history: redacts secrets from session text, tool-call arguments, and tool result details.
pi-sentry redacts common secret formats:
- JSON:
{ "token": "..." } - YAML/env:
AWS_SECRET_ACCESS_KEY=...,password: ... - snake_case and camelCase keys:
db_password,dbPassword,stripeApiKey - provider tokens: OpenAI, Anthropic, OpenRouter, Google, GitHub, etc.
- bearer tokens and JWTs
- passwords in URLs, including database URLs
- private key blocks, including env values like
PRIVATE_KEY=... - session cookies, such as
SESSION_COOKIE=...
Install
Install from npm:
pi install npm:@kiranpg/pi-sentry
Install from GitHub:
pi install git:https://github.com/kirang89/pi-sentry.git
# or pin a tag/commit
pi install git:https://github.com/kirang89/pi-sentry.git@v0.1.0
Try it without installing:
pi -e npm:@kiranpg/pi-sentry
# or
pi -e git:https://github.com/kirang89/pi-sentry.git
Reload an active Pi session with /reload after installing.
Usage
Use /sentry inside the agent to view or change the mode:
/sentryshows the current mode./sentry strictblocks risky actions and redacts secrets./sentry redact-onlyallows actions but redacts secrets. This is the default./sentry offdisables pi-sentry.
Config
Create ~/.pi/agent/pi-sentry.json to add custom path rules:
{
"allowPaths": [".env.local.example"],
"blockPaths": ["private/**", "*.secret.json"]
}
allowPathsallows paths that pi-sentry would otherwise block.blockPathsblocks paths that pi-sentry would otherwise allow.- User rules override built-in rules.
- If a path matches both
allowPathsandblockPaths, pi-sentry blocks it. - Plain filenames like
.envmatch any path segment. - Glob patterns support
*,**, and?.
Run /reload after changing this file.
Development
npm install
npm run lint
npm run typecheck
npm test
Release
Releases are version-tagged. The release workflow validates that the pushed tag matches package.json:
git tag v0.1.0
git push origin v0.1.0
For the first npm publish, publish the scoped package locally with npm while logged in as the package owner:
npm publish --access public --provenance
After the package exists on npm, configure npm Trusted Publishing for .github/workflows/release.yml and remove token-based publishing from the workflow.