registry  /  @code-partner/codepipe  /  0.3.1

@code-partner/codepipe@0.3.1

**CodePipe turns your tracker tasks into reviewed pull requests.** Assign a YouTrack task to yourself — an AI agent (Claude Code) studies your codebase, proposes a solution, waits for your approval, implements it, verifies the build and opens a PR. You co

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `codepipe up`, `codepipe daemon`, or `codepipe worker`.
Impact
A configured HUB job can cause agent and repository actions within the user-authorized CodePipe project workflow.
Mechanism
Remote job dispatch to an agent-capable local CLI with credential-backed git/API operations.
Rationale
The scanner signals are explained by the package's documented CLI/worker design. Its remote agent execution and credential-backed writes remain a meaningful dual-use capability, so warning is appropriate rather than a malicious block.
Evidence
package.jsonREADME.mddist/index.js~/.codepipe/config.json~/.codepipe/secrets/<project>.json~/.codepipe/worker/config.json.codepipe/project.yaml.codepipe-sandbox/repos
Network endpoints4
hub.codepipe.devapi.github.comgitlab.com/api/v4api.bitbucket.org

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/index.js` implements a HUB-connected worker that claims remote jobs and launches Claude Code.
  • `dist/index.js` reads/stores Git, YouTrack, and Claude credentials under `~/.codepipe`.
  • `dist/index.js` performs git operations and repository-host API writes when user invokes CLI commands.
  • Bundled worker includes a hard-coded non-English agent instruction, but it is part of an explicit Claude job workflow.
Evidence against
  • `package.json` has no preinstall, install, postinstall, prepare, or uninstall lifecycle hook.
  • Entrypoint is a `codepipe`/`devpipe` CLI bin; actions require explicit command execution.
  • No `eval`, `Function`, VM use, native module loading, or hidden agent-editor config paths were found.
  • Network hosts are CodePipe HUB and declared GitHub/GitLab/Bitbucket APIs, aligned with the package's documented workflow.
  • No evidence of covert credential exfiltration, destructive action, or foreign AI-agent control-surface mutation.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 1 file(s), 279 KB of source, external domains: api.anthropic.com, api.bitbucket.org, api.github.com, example.com, gitlab.com, hub.codepipe.dev, id.atlassian.com, your.youtrack.cloud

Source & flagged code

3 flagged · loading source
dist/index.jsView file
436`,{mode:384})}function Kd(t){return la()[t]}function pn(t,e){let r=la();r[t]=e,Hd(r)}function dn(t,e){let r=ae(e),n=Kd(t);if(n&&n!==r)throw new Error(`farm ${t} key fingerprint cha... L437: `,{mode:384})}function ef(t){return ja()[t]}function $o(t,e){let r=ja();r[t]=e,Zd(r)}function Pa(t,e){let r=ae(e),n=ef(t);if(n&&n!==r)throw new Error(`runner host ${t} key fingerpr... L438: `)?e:e+`
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L436
426`}function Gp(t){return`codepipe/context-migration-v${t}`}function Mp(t){let e=ui(t.templateVersion),r=[`CodePipe context format migration: **v${t.templateVersion} \u2192 v${t.curr... L427: `)}async function cs(t,e,r,n){let o=io(t);await o.pull(void 0,void 0,["--rebase"]).catch(()=>{});let i=Qr(t,e);if(!i.outdated)return i;let s=Gp(i.currentVersion),a=r?.branch??(awai... L428: ${l.trim()}`)}}let i=ds(n);try{await i.fetch()}catch(a){let c=a instanceof Error?a.message:String(a);throw new Error(`git fetch failed in ${n} ... L430: ${y.trim()}`)}}let h=(await t.revparse(["HEAD"])).trim(),C=f?["--force-with-lease","-u","origin",a]:["-u","origin",a];return await t.push(C),await t.push([n,"--delete",o]).catch(()... L431: `)){let n=r.match(/CA Issuers - URI:\s*(https?:\/\/\S+)/i);if(n?.[1])return n[1].trim()}return null}function ld(t,e,r){return new Promise((n,o)=>{let i=Ze.connect({host:t,port:e,se... L432: `)}function _d(t,e,r){let n=new Map,o=Je(t,`tasks/${e}/comments.jsonl`);if(aa(o))for(let i of jd(o,"utf-8").split(` ... L436: `,{mode:384})}function Kd(t){return la()[t]}function pn(t,e){let r=la();r[t]=e,Hd(r)}function dn(t,e){let r=ae(e),n=Kd(t);if(n&&n!==r)throw new Error(`farm
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L426
426`}function Gp(t){return`codepipe/context-migration-v${t}`}function Mp(t){let e=ui(t.templateVersion),r=[`CodePipe context format migration: **v${t.templateVersion} \u2192 v${t.curr... L427: `)}async function cs(t,e,r,n){let o=io(t);await o.pull(void 0,void 0,["--rebase"]).catch(()=>{});let i=Qr(t,e);if(!i.outdated)return i;let s=Gp(i.currentVersion),a=r?.branch??(awai... L428: ${l.trim()}`)}}let i=ds(n);try{await i.fetch()}catch(a){let c=a instanceof Error?a.message:String(a);throw new Error(`git fetch failed in ${n} ... L436: `,{mode:384})}function Kd(t){return la()[t]}function pn(t,e){let r=la();r[t]=e,Hd(r)}function dn(t,e){let r=ae(e),n=Kd(t);if(n&&n!==r)throw new Error(`farm ${t} key fingerprint cha... L437: `,{mode:384})}function ef(t){return ja()[t]}function $o(t,e){let r=ja();r[t]=e,Zd(r)}function Pa(t,e){let r=ae(e),n=ef(t);if(n&&n!==r)throw new Error(`runner host ${t} key fingerpr... L438: `)?e:e+` ... L441: `,{mode:384})}import Ef from"ws";var Dt=class{hubUrl;token;constructor(e,r){this.hubUrl=e,this.token=r}async register(e){let r=await fetch(`${this.hubUrl}/sandbox/register`,{method... L442: `}async function ic(t,e){if(!e.interactive)throw new Error("runInteracti
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L426

Findings

3 High2 Medium5 Low
HighChild Processdist/index.js
HighSame File Env Network Executiondist/index.js
HighCommand Output Exfiltrationdist/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License