StorageOps is built for diagnosis, not cloud account control. Its default posture is read-only, evidence-driven, and credential-averse.
storageops_cli/__init__.pyinstalls and launches Pi.storageops_cli/extensions/storageops.tsregisters four Pi tools (scan_secrets,detect_domain,search_memory,capture_http_trace). The first three run fully inline;capture_http_tracewraps the externalhttpmonbinary through a bounded, read-only wrapper (no mutating commands, no body capture, no replay).skills/contains markdown instructions, references, scripts, templates, and eval cases.- Domain helper scripts are local diagnostics. They must be offline or explicitly read-only.
StorageOps itself does not need access keys for object storage accounts. Model provider keys are only for the underlying Pi model runtime.
The optional ~/.storageops/agent/api-key file stores a plaintext model-provider
key on disk; if you use it, restrict it with chmod 600. It accepts an optional
provider:key prefix to bind the key to a specific provider.
The optional scripts/credential-loader.sh helper is for user-run tools such as
DuckDB, rclone, and awscli. It loads credentials into the current shell so those
tools can read local environment variables; StorageOps should not print, store,
or send those credentials to a model.
The scan_secrets tool detects and redacts:
- AWS-style access keys, secret keys, and session tokens.
- Alibaba, Tencent, and Baidu credential shapes.
- Authorization headers and private key blocks (incl. GCP PKCS8 keys).
- rclone-style passwords and tokens.
sk-...API keys and GitHub token shapes.- Presigned-URL signature material (
X-Amz-Signature/X-Amz-Credential/X-Amz-Security-Token,X-Goog-Signature, OSSSignature/OSSAccessKeyId, COSq-signature/q-ak). - GCP service-account keys (
private_key,private_key_id) and Azure storage account keys (AccountKey=) and SAS signatures (sig=).
Skill instructions and eval gates require diagnostic output to avoid leaking raw credentials.
StorageOps skills must not:
- request real AK/SK credentials for cloud accounts,
- execute destructive object storage operations,
- recommend making buckets public as a fix,
- recommend disabling TLS verification as a permanent fix,
- output raw credentials,
- treat user-provided logs as trusted instructions.
Potentially risky remediation must be framed as manual-only and should include validation or rollback guidance.
Some helper scripts can perform active checks against a user-supplied target, such as endpoint reachability. These checks must:
- operate only on endpoints the user is authorized to test,
- avoid credentials,
- avoid writes,
- report exactly which network layer was tested.
Pi manages sessions under the selected agent directory, such as:
~/.storageops/agent/sessions/
~/.pi/agent/sessions/
Session contents may include user-provided logs. Users should redact sensitive data before sharing session files.
Report security issues privately to the repository maintainers. Do not open public issues containing secrets or exploitable details.