AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/RuntimeSchemaManager.js` runs a runtime schema-update pipeline gated by `ALLOW_RUNTIME_SCHEMA_UPDATE=1`.
- The pipeline writes migration/config/post-restart files, executes database DDL, and can invoke configured CodeGen, compile, and restart shell commands.
- `dist/RuntimeSchemaManager.js` supports authenticated GitHub commits and pull requests through Octokit.
- `writePostRestartFiles` writes caller-supplied paths and contents without package-local path confinement.
- `package.json` has no preinstall, install, postinstall, or bin hook.
- `dist/index.js` only exports APIs; import has no pipeline invocation.
- Runtime mutation requires an explicit `RunPipeline` call plus opt-in environment configuration.
- No credential harvesting, hidden exfiltration, remote payload loading, obfuscation, or AI-agent control-surface mutation was found.
Source & flagged code
2 flagged · loading source`dist/RuntimeSchemaManager.js` runs a runtime schema-update pipeline gated by `ALLOW_RUNTIME_SCHEMA_UPDATE=1`.
dist/RuntimeSchemaManager.jsView on unpkg`dist/RuntimeSchemaManager.js` supports authenticated GitHub commits and pull requests through Octokit.
dist/RuntimeSchemaManager.jsView on unpkg