Two releases on the same day, twenty minutes apart: v1.0.1 then v1.0.2. Both do the same job — harden pi-secured-setup itself. This is a short post to explain what changed and why it matters, because a security tool that ships its own vulnerabilities loses all credibility.

If you’re new to the project, the introductory article covers the basics: Guards, Scanners, the audit trail.

v1.0.1 — the quality pass

Three threads:

  • Critical and high-severity vulnerabilities resolved. The technical detail follows in v1.0.2.
  • Bugs in splitCommand and triggerSkillReview. The first one matters most: it’s what splits a bash command so subshells like $(whoami) get classified separately. The previous version didn’t handle quotes correctly — a mis-extracted subshell could slip past classification. Splitting is now quote-aware.
  • Improved audit redaction and tests isolated from the real HOME (no more machine config leaking into the test suite), plus a fix for skill name collisions.

On the ecosystem side: namespace migration from @mariozechner to @earendil-works. The upstream pi project changed its scope; we’re following along.

And every finding from the Copilot PR review has been addressed.

v1.0.2 — the supply chain, down to transitive deps

v1.0.1 fixed the extension’s own code. v1.0.2 goes after the dependencies it pulls in — specifically the non-bundled transitive ones reachable via @earendil-works/pi-ai@google/genai.

The honest part: the bundled copies inside @earendil-works/pi-coding-agent@0.79.6 (undici, protobufjs, ws) are still there. overrides can’t touch what’s already packaged upstream — that needs a bump from the @earendil-works publisher. I’d rather say it out loud than let anyone believe it’s all fixed.

This is exactly the kind of supply chain that pi-secured-setup watches for on your machine. Applying the same rigor to ourselves was the least we could do.

Update

pi install git:github.com/mwolff44/pi-secured-setup

Sources and full changelog on GitHub. Feedback and bug reports welcome.