2.1 KiB
2.1 KiB
name, description
| name | description |
|---|---|
| ownership-session-security | Session ownership and authorization workflow. Use when implementing cancel, respond, steer, run ownership, cwd overrides, imported runs, or cross-session actions. |
ownership-session-security
Use this skill for cross-session safety and trust-boundary work.
Source patterns distilled
- Pi session IDs:
ctx.sessionManager.getSessionId()from Pi coreExtensionContext - pi-crew ownership:
TeamRunManifest.ownerSessionId,src/extension/team-tool/run.ts,cancel.ts,respond.ts - Path safety:
src/utils/safe-paths.ts,src/state/state-store.ts,src/state/mailbox.ts - Destructive actions:
src/extension/team-tool/lifecycle-actions.ts,src/worktree/cleanup.ts
Rules
- Propagate the active Pi session ID into
TeamContextfor every production tool/command path. - New runs should record
ownerSessionIdwhen available. - For owned runs, cross-session actions that mutate state must be rejected unless explicit force/admin semantics are designed and tested.
- Legacy runs without
ownerSessionIdmay remain permissive for backward compatibility, but document this behavior. - User/LLM-controlled path fields (
cwd, import paths, artifact paths, task IDs) must be normalized and contained under an allowed base. - Use
resolveContainedPath,resolveRealContainedPath,assertSafePathId, and symlink checks rather than ad-hocstartsWithchecks. - Destructive management actions must require
confirm: true; referenced resource deletes must requireforce: truewhere applicable.
Anti-patterns
- Assuming
ctx.sessionIdexists directly on Pi context. - Letting
cwd: ../other-projectmove run state into another project. - Letting
respond/cancelmutate a foreign owned run. - Trusting task IDs, run IDs, or artifact paths from tool params without validation.
Verification
cd pi-crew
npx tsc --noEmit
node --experimental-strip-types --test test/unit/cancel-ownership.test.ts test/unit/respond-tool.test.ts test/unit/cwd-override-security.test.ts test/unit/api-artifact-security.test.ts
npm test