mirror of
https://github.com/earendil-works/pi.git
synced 2026-06-18 15:54:04 +08:00
Added security file
This commit is contained in:
+70
@@ -0,0 +1,70 @@
|
||||
# Security Policy
|
||||
|
||||
This document should guide you about understanding the security concept behind
|
||||
Pi and also where the boundaries are.
|
||||
|
||||
In general Pi is a coding agent that runs locally within the security boundary
|
||||
of the user that is running it. It's the responsibiltiy of the user to monitor
|
||||
its operations or to contain it within a container, virtual machine or other
|
||||
Sandbox solution.
|
||||
|
||||
Pi relies on users installing trustworthy extensions and loading trustworthy
|
||||
skills and only to use pi within trusted repositories. This is because files
|
||||
like `AGENTS.md` or instructions in comments can be used to prompt inject the
|
||||
coding agent trivially and this cannot be protected against.
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
If you believe you found a security vulnerability in pi or another package in
|
||||
this repository, please report it privately by either:
|
||||
|
||||
- Emailing `security@earendil.com`, or
|
||||
- Opening a private report through GitHub Security Advisories for this repository
|
||||
|
||||
Please include:
|
||||
|
||||
- A description of the issue and its impact
|
||||
- Steps to reproduce, proof of concept, or relevant logs
|
||||
- Affected package, version, commit, or configuration
|
||||
- Any known mitigations
|
||||
|
||||
Do not open a public issue for security-sensitive reports. We will review
|
||||
reports and coordinate disclosure as appropriate.
|
||||
|
||||
## Scope
|
||||
|
||||
Security issues in the distributed packages, command-line tools, APIs, and
|
||||
repository code are in scope as well as earendil operated infrastricture
|
||||
on `pi.dev`.
|
||||
|
||||
## Out Of Scope
|
||||
|
||||
- Local code execution or sandboxing behavior (the Pi coding agent intentionally does not have a sandbox)
|
||||
- Behavior of pi extensions or skills installed by the user
|
||||
- Risks from working in untrusted repositories
|
||||
- Risks from installing untrusted extensions, skills, packages, or tools
|
||||
- Isuses caused by non trustworthy MITM proxies
|
||||
- Public internet exposure of a Pi installation
|
||||
- Prompt injection attacks
|
||||
- Exposed secrets that are third-party/user-controlled credentials
|
||||
- Reports requiring write access to trusted local state/config (`~/.pi`, workspace
|
||||
files, `AGENTS.md`, skills/extensions config), unless they show how an attacker
|
||||
gets that write access.
|
||||
- Issues caused by intentionally weakened user configuration.
|
||||
- Resource/DOS claims that require trusted local input/config against the pi coding agent.
|
||||
- Reports about malicious model output.
|
||||
- User-approved or user-initiated local actions presented as vulnerabilities.
|
||||
|
||||
## Notes for Reporters
|
||||
|
||||
The most useful reports show a current, reproducible security boundary bypass
|
||||
with demonstrated impact. Reports that only show expected local-agent behavior,
|
||||
prompt injection, or a malicious trusted extension/skill are not security
|
||||
vulnerabilities under this model.
|
||||
|
||||
When possible, include the exact affected path, package version or commit SHA,
|
||||
configuration, and a proof of concept against the latest release or latest
|
||||
`main`. For dependency reports, include evidence that the shipped dependency is
|
||||
affected and that the issue is reachable through Pi. For exposed-secret reports,
|
||||
include evidence that the credential is owned by Earendil or grants access to
|
||||
Earendil-operated infrastructure or services.
|
||||
Reference in New Issue
Block a user