Bitter Frontier
Founding member access recorded.
Checkout cancelled.

Finding · pi-coding-agent

Authentication file mode set at creation time

What Changed

Introduced AUTH_FILE_WRITE_OPTIONS constant with mode 0o600 (owner read/write only) applied to all FileAuthStorageBackend writeFileSync() calls. Reduces the security window where auth files could exist with insecure permissions before subsequent chmod operations.

Operator Implication

Hardens credential storage by ensuring authentication files never briefly exist with world-readable permissions. Closes temporal window for permission escalation.

Receipt

Finding metadata

Confidence
high
Actionability
test
Accessibility impact
none

Run: 2026-06-03-weekly-digest-2026-05-28_2026-06-03-frontier-v0

Finding ID: 2026-06-02-pi-coding-agent-auth-file-permissions

Source links

Primary links, including exact changelog lines when available.

  1. Pi Coding Agent
    commitCommit 135fb54 'fix(coding-agent): set auth file mode on creation' sets { encoding: 'utf-8', mode: 0o600 } on all auth file creation/lock operationsgithub.com/earendil-works/pi/commit/135fb54

Versioned source: run artifact