@spences10/pi-redact

Tool-output redaction for Pi that replaces likely secrets before they reach the model context

Packages

Package details

extension

Install @spences10/pi-redact from npm and Pi will load the resources declared by the package manifest.

npm repohome report
$ pi install npm:@spences10/pi-redact
Package
@spences10/pi-redact
Version
0.0.12
Published
May 21, 2026
Downloads
2,361/mo · 120/wk
Author
spences10
License
MIT
Types
extension
Size
17.9 KB
Dependencies
0 dependencies · 2 peers
Pi manifest JSON
{
  "extensions": [
    "./dist/index.js"
  ],
  "image": "https://raw.githubusercontent.com/spences10/my-pi/main/assets/pi-package-preview.png"
}

Security note

Pi packages can execute code and influence agent behavior. Review the source before installing third-party packages.

README

@spences10/pi-redact

built with Vite+ tested with Vitest npm version license

my-pi package preview

Prevent accidental secret exposure before tool output reaches the model. pi-redact scans command results for likely tokens, keys, and credentials, replacing them with safe placeholders while preserving enough context to debug.

Installation

pi install npm:@spences10/pi-redact

Local development from this monorepo:

pnpm --filter @spences10/pi-redact run build
pi install ./packages/pi-redact
# or for one run only
pi -e ./packages/pi-redact

What it does

@spences10/pi-redact listens for Pi tool_result events and rewrites text content before it is added to model context. It is intended as a last-mile safety net for accidental secrets in command output, file reads, logs, and config files.

It currently detects and redacts:

  • API-key-like fields such as password, secret, token, and api_key
  • GitHub classic and fine-grained tokens
  • Tavily, Kagi, Brave, and Firecrawl API keys
  • connection strings with embedded credentials
  • SSH config metadata such as Host, HostName, User, IdentityFile, ProxyJump, and forwarding directives

Redactions preserve a short prefix where helpful and append a marker such as [REDACTED:GitHub Token].

Commands

/redact-stats

Shows how many values were redacted in the current Pi session.

/redact-stats

Example

If a tool returns:

GITHUB_TOKEN=ghp_abcdefghijklmnopqrstuvwxyz1234567890

The model receives something like:

GITH********************[REDACTED:GitHub Token]

Using from a custom harness

import redact from '@spences10/pi-redact';

// pass `redact` as an ExtensionFactory to your Pi runtime

my-pi imports this package directly and enables it as the built-in filter-output extension.

Limitations

This extension is defensive, not a guarantee. It can miss novel secret formats, and broad patterns can occasionally redact benign values. Use proper secret hygiene as the primary control:

  • do not print secrets unnecessarily
  • avoid reading .env files into model context
  • prefer scoped, revocable tokens
  • rotate anything that may have been exposed

Development

Package scripts build transitive workspace dependencies first, then run local tools through Vite+ with vp exec.

pnpm --filter @spences10/pi-redact run check
pnpm --filter @spences10/pi-redact run test
pnpm --filter @spences10/pi-redact run build

License

MIT