diff --git a/packages/coding-agent/README.md b/packages/coding-agent/README.md index 9c3bb284..9ee18de9 100644 --- a/packages/coding-agent/README.md +++ b/packages/coding-agent/README.md @@ -2,8 +2,6 @@ Interactive CLI coding assistant powered by multiple LLM providers. Chat with AI models that can read files, execute commands, and make precise edits to your codebase. -**Note**: This tool can modify your filesystem. Use with caution in production environments. - ## Installation ```bash @@ -322,6 +320,34 @@ Edit a file by replacing exact text. The oldText must match exactly (including w Execute a bash command in the current working directory. Returns stdout and stderr. Commands run with a 30 second timeout. +## Security (YOLO by default) + +This agent runs in full YOLO mode and assumes you know what you're doing. It has unrestricted access to your filesystem and can execute any command without permission checks or safety rails. + +**What this means:** +- No permission prompts for file operations or commands +- No pre-checking of bash commands for malicious content +- Full filesystem access - can read, write, or delete anything +- Can execute any command with your user privileges + +**Why:** +- Permission systems add massive friction while being easily circumvented +- Pre-checking tools for "dangerous" patterns introduces latency and false positives +- Fast iteration requires trust, not sandboxing + +**Prompt injection risks:** +- By default, pi has no web search or fetch tool +- However, it can use `curl` or read files from disk +- Both provide ample surface area for prompt injection attacks +- Malicious content in files or command outputs can influence behavior + +**Mitigations:** +- Run pi inside a container if you're uncomfortable with full access +- Use a different tool if you need guardrails +- Don't use pi on systems with sensitive data you can't afford to lose + +This is how I want it to work. Use at your own risk. + ## License MIT diff --git a/packages/coding-agent/out.html b/packages/coding-agent/out.html index 0ee3016a..b75f17c7 100644 --- a/packages/coding-agent/out.html +++ b/packages/coding-agent/out.html @@ -218,6 +218,8 @@ margin-top: 12px; font-size: 13px; font-family: 'SF Mono', Monaco, 'Cascadia Code', 'Roboto Mono', Consolas, 'Courier New', monospace; + overflow-x: auto; + max-width: 100%; } .diff-line-old { @@ -279,7 +281,7 @@
Messages: - 163 + 167
Directory: @@ -330,7 +332,7 @@ The following project context files have been loaded: - -Current date and time: Wednesday, November 12, 2025 at 10:39:27 PM GMT+1 +Current date and time: Wednesday, November 12, 2025 at 10:41:01 PM GMT+1 Current working directory: /Users/badlogic/workspaces/pi-mono/packages/coding-agent
@@ -560,11 +562,11 @@ node test-context-loading.js - Use result.details.diff from tool execution (same as TUI) - Apply proper color coding for added/removed/context lines - Remove unused generateDiff function -- Match TUI's diff rendering approach" && git push
Perfect! ✅ The HTML export now renders edit tool diffs properly by using the `result.details.diff` field from the tool execution, just like the TUI does. The diffs will now show up with proper color coding for added (green), removed (red), and context (dimmed) lines.
+- Match TUI's diff rendering approach" && git push
Perfect! ✅ The HTML export now renders edit tool diffs properly by using the `result.details.diff` field from the tool execution, just like the TUI does. The diffs will now show up with proper color coding for added (green), removed (red), and context (dimmed) lines.
'/var/folders/49/l4171l3n219_xwq30fmyzr8w0000gn/T/TemporaryItems/NSIRD_screencaptureui_eMS14t/Screenshot 2025-11-12 at 22.40.09.png'

diff needs to scroll horizontally if content is too wide
Let me add horizontal scrolling for the diff content:
edit src/export-html.ts
...
1 .tool-diff {
2 margin-top: 12px;
3 font-size: 13px;
4 font-family: 'SF Mono', Monaco, 'Cascadia Code', 'Roboto Mono', Consolas, 'Courier New', monospace;
+573 overflow-x: auto;
+574 max-width: 100%;
573 }
574
575 .diff-line-old {
576 color: ${COLORS.red};
...
Successfully replaced text in src/export-html.ts. Changed 538 characters to 597 characters.
$ cd /Users/badlogic/workspaces/pi-mono/packages/coding-agent && git add -A && git commit -m "fix: add horizontal scroll to diffs in HTML export" && git push
Done! ✅ Diffs will now scroll horizontally if the content is too wide.
- Generated by pi coding-agent on 11/12/2025, 10:39:30 PM + Generated by pi coding-agent on 11/12/2025, 10:41:04 PM