@grwnd/pi-governance 1.4.1 → 1.5.0

package/dist/index.d.cts

@@ -58,6 +58,37 @@ declare const GovernanceConfigSchema: _sinclair_typebox.TObject<{
             connection: _sinclair_typebox.TString;
         }>]>>;
     }>>;
+    dlp: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
+        enabled: _sinclair_typebox.TBoolean;
+        mode: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
+        on_input: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
+        on_output: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
+        masking: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
+            strategy: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"partial">, _sinclair_typebox.TLiteral<"full">, _sinclair_typebox.TLiteral<"hash">]>;
+            show_chars: _sinclair_typebox.TOptional<_sinclair_typebox.TNumber>;
+            placeholder: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
+        }>>;
+        severity_threshold: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"low">, _sinclair_typebox.TLiteral<"medium">, _sinclair_typebox.TLiteral<"high">, _sinclair_typebox.TLiteral<"critical">]>>;
+        built_in: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
+            secrets: _sinclair_typebox.TBoolean;
+            pii: _sinclair_typebox.TBoolean;
+        }>>;
+        custom_patterns: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TObject<{
+            name: _sinclair_typebox.TString;
+            pattern: _sinclair_typebox.TString;
+            severity: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"low">, _sinclair_typebox.TLiteral<"medium">, _sinclair_typebox.TLiteral<"high">, _sinclair_typebox.TLiteral<"critical">]>;
+            action: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
+        }>>>;
+        allowlist: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TObject<{
+            pattern: _sinclair_typebox.TString;
+        }>>>;
+        role_overrides: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TObject<{
+            enabled: _sinclair_typebox.TOptional<_sinclair_typebox.TBoolean>;
+            mode: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
+            on_input: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
+            on_output: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
+        }>>>;
+    }>>;
     org_units: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TObject<{
         hitl: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
             default_mode: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"autonomous">, _sinclair_typebox.TLiteral<"supervised">, _sinclair_typebox.TLiteral<"dry_run">]>>;
@@ -237,6 +268,78 @@ declare class BashClassifier {
 declare const SAFE_PATTERNS: RegExp[];
 declare const DANGEROUS_PATTERNS: RegExp[];
 
+type DlpSeverity = 'low' | 'medium' | 'high' | 'critical';
+type DlpCategory = 'secret' | 'pii' | 'custom';
+interface DlpPatternDef {
+    name: string;
+    pattern: RegExp;
+    severity: DlpSeverity;
+    category: DlpCategory;
+}
+declare const SECRET_PATTERNS: DlpPatternDef[];
+declare const PII_PATTERNS: DlpPatternDef[];
+
+type DlpAction = 'audit' | 'mask' | 'block';
+interface DlpMatch {
+    patternName: string;
+    category: DlpCategory;
+    severity: DlpSeverity;
+    start: number;
+    end: number;
+    matched: string;
+}
+interface DlpScanResult {
+    hasMatches: boolean;
+    matches: DlpMatch[];
+}
+interface DlpCustomPattern {
+    name: string;
+    pattern: string;
+    severity: DlpSeverity;
+    action?: DlpAction;
+}
+interface DlpAllowlistEntry {
+    pattern: string;
+}
+interface DlpScannerConfig {
+    enabled: boolean;
+    mode: DlpAction;
+    on_input?: DlpAction;
+    on_output?: DlpAction;
+    severity_threshold: DlpSeverity;
+    built_in: {
+        secrets: boolean;
+        pii: boolean;
+    };
+    custom_patterns: DlpCustomPattern[];
+    allowlist: DlpAllowlistEntry[];
+    pattern_overrides: Map<string, DlpAction>;
+}
+declare class DlpScanner {
+    private patterns;
+    private allowlistRegexps;
+    private severityThreshold;
+    private config;
+    constructor(config: DlpScannerConfig);
+    scan(text: string): DlpScanResult;
+    getAction(direction: 'input' | 'output'): DlpAction;
+    getPatternAction(match: DlpMatch, direction: 'input' | 'output'): DlpAction;
+    private isAllowlisted;
+}
+declare function compareSeverity(a: DlpSeverity, b: DlpSeverity): number;
+
+interface MaskingConfig {
+    strategy: 'partial' | 'full' | 'hash';
+    show_chars: number;
+    placeholder: string;
+}
+declare class DlpMasker {
+    private config;
+    constructor(config?: Partial<MaskingConfig>);
+    maskValue(value: string): string;
+    maskText(text: string, matches: DlpMatch[]): string;
+}
+
 /**
  * Tracks tool invocation count as a proxy for token budget.
  * The budget value represents max invocations per session; -1 means unlimited.
@@ -299,7 +402,7 @@ interface AuditSink {
     flush(): Promise<void>;
 }
 
-type AuditEventType = 'session_start' | 'session_end' | 'tool_allowed' | 'tool_denied' | 'tool_dry_run' | 'tool_result' | 'bash_denied' | 'path_denied' | 'approval_requested' | 'approval_granted' | 'approval_denied' | 'budget_exceeded' | 'config_reloaded';
+type AuditEventType = 'session_start' | 'session_end' | 'tool_allowed' | 'tool_denied' | 'tool_dry_run' | 'tool_result' | 'bash_denied' | 'path_denied' | 'approval_requested' | 'approval_granted' | 'approval_denied' | 'budget_exceeded' | 'config_reloaded' | 'dlp_blocked' | 'dlp_detected' | 'dlp_masked';
 interface AuditRecord {
     id: string;
     timestamp: string;
@@ -407,4 +510,4 @@ declare class WebhookApprover implements ApprovalFlow {
     }): Promise<ApprovalResult>;
 }
 
-export { type ApprovalFlow, type ApprovalResult, type AuditEventType, AuditLogger, type AuditRecord, type AuditSink, type BashClassification, BashClassifier, type BashOverrides, BudgetTracker, CliApprover, ConfigValidationError, ConfigWatcher, type ConfirmUI, DANGEROUS_PATTERNS, EnvIdentityProvider, type ExecutionMode, type FactStore, type GovernanceConfig, type GovernanceToolCall, type HitlConfig, IdentityChain, type IdentityProvider, JsonlAuditSink, LocalIdentityProvider, OsoMemoryFactStore, type PathOperation, type PolicyDecision, type PolicyEngine, type Relation, type ResolvedIdentity, type RoleBinding, SAFE_PATTERNS, TemplateSelector, type TemplateSelectorConfig, WebhookApprover, WebhookAuditSink, YamlFactStore, YamlPolicyEngine, type YamlRole, type YamlRules, createApprovalFlow, createIdentityChain, createPolicyEngine, loadConfig, render as renderTemplate };
+export { type ApprovalFlow, type ApprovalResult, type AuditEventType, AuditLogger, type AuditRecord, type AuditSink, type BashClassification, BashClassifier, type BashOverrides, BudgetTracker, CliApprover, ConfigValidationError, ConfigWatcher, type ConfirmUI, DANGEROUS_PATTERNS, PII_PATTERNS as DLP_PII_PATTERNS, SECRET_PATTERNS as DLP_SECRET_PATTERNS, type DlpAction, type DlpAllowlistEntry, type DlpCategory, type DlpCustomPattern, DlpMasker, type DlpMatch, type DlpPatternDef, type DlpScanResult, DlpScanner, type DlpScannerConfig, type DlpSeverity, EnvIdentityProvider, type ExecutionMode, type FactStore, type GovernanceConfig, type GovernanceToolCall, type HitlConfig, IdentityChain, type IdentityProvider, JsonlAuditSink, LocalIdentityProvider, type MaskingConfig, OsoMemoryFactStore, type PathOperation, type PolicyDecision, type PolicyEngine, type Relation, type ResolvedIdentity, type RoleBinding, SAFE_PATTERNS, TemplateSelector, type TemplateSelectorConfig, WebhookApprover, WebhookAuditSink, YamlFactStore, YamlPolicyEngine, type YamlRole, type YamlRules, compareSeverity, createApprovalFlow, createIdentityChain, createPolicyEngine, loadConfig, render as renderTemplate };

package/dist/index.d.ts

@@ -58,6 +58,37 @@ declare const GovernanceConfigSchema: _sinclair_typebox.TObject<{
             connection: _sinclair_typebox.TString;
         }>]>>;
     }>>;
+    dlp: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
+        enabled: _sinclair_typebox.TBoolean;
+        mode: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
+        on_input: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
+        on_output: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
+        masking: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
+            strategy: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"partial">, _sinclair_typebox.TLiteral<"full">, _sinclair_typebox.TLiteral<"hash">]>;
+            show_chars: _sinclair_typebox.TOptional<_sinclair_typebox.TNumber>;
+            placeholder: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
+        }>>;
+        severity_threshold: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"low">, _sinclair_typebox.TLiteral<"medium">, _sinclair_typebox.TLiteral<"high">, _sinclair_typebox.TLiteral<"critical">]>>;
+        built_in: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
+            secrets: _sinclair_typebox.TBoolean;
+            pii: _sinclair_typebox.TBoolean;
+        }>>;
+        custom_patterns: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TObject<{
+            name: _sinclair_typebox.TString;
+            pattern: _sinclair_typebox.TString;
+            severity: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"low">, _sinclair_typebox.TLiteral<"medium">, _sinclair_typebox.TLiteral<"high">, _sinclair_typebox.TLiteral<"critical">]>;
+            action: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
+        }>>>;
+        allowlist: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TObject<{
+            pattern: _sinclair_typebox.TString;
+        }>>>;
+        role_overrides: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TObject<{
+            enabled: _sinclair_typebox.TOptional<_sinclair_typebox.TBoolean>;
+            mode: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
+            on_input: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
+            on_output: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
+        }>>>;
+    }>>;
     org_units: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TObject<{
         hitl: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
             default_mode: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"autonomous">, _sinclair_typebox.TLiteral<"supervised">, _sinclair_typebox.TLiteral<"dry_run">]>>;
@@ -237,6 +268,78 @@ declare class BashClassifier {
 declare const SAFE_PATTERNS: RegExp[];
 declare const DANGEROUS_PATTERNS: RegExp[];
 
+type DlpSeverity = 'low' | 'medium' | 'high' | 'critical';
+type DlpCategory = 'secret' | 'pii' | 'custom';
+interface DlpPatternDef {
+    name: string;
+    pattern: RegExp;
+    severity: DlpSeverity;
+    category: DlpCategory;
+}
+declare const SECRET_PATTERNS: DlpPatternDef[];
+declare const PII_PATTERNS: DlpPatternDef[];
+
+type DlpAction = 'audit' | 'mask' | 'block';
+interface DlpMatch {
+    patternName: string;
+    category: DlpCategory;
+    severity: DlpSeverity;
+    start: number;
+    end: number;
+    matched: string;
+}
+interface DlpScanResult {
+    hasMatches: boolean;
+    matches: DlpMatch[];
+}
+interface DlpCustomPattern {
+    name: string;
+    pattern: string;
+    severity: DlpSeverity;
+    action?: DlpAction;
+}
+interface DlpAllowlistEntry {
+    pattern: string;
+}
+interface DlpScannerConfig {
+    enabled: boolean;
+    mode: DlpAction;
+    on_input?: DlpAction;
+    on_output?: DlpAction;
+    severity_threshold: DlpSeverity;
+    built_in: {
+        secrets: boolean;
+        pii: boolean;
+    };
+    custom_patterns: DlpCustomPattern[];
+    allowlist: DlpAllowlistEntry[];
+    pattern_overrides: Map<string, DlpAction>;
+}
+declare class DlpScanner {
+    private patterns;
+    private allowlistRegexps;
+    private severityThreshold;
+    private config;
+    constructor(config: DlpScannerConfig);
+    scan(text: string): DlpScanResult;
+    getAction(direction: 'input' | 'output'): DlpAction;
+    getPatternAction(match: DlpMatch, direction: 'input' | 'output'): DlpAction;
+    private isAllowlisted;
+}
+declare function compareSeverity(a: DlpSeverity, b: DlpSeverity): number;
+
+interface MaskingConfig {
+    strategy: 'partial' | 'full' | 'hash';
+    show_chars: number;
+    placeholder: string;
+}
+declare class DlpMasker {
+    private config;
+    constructor(config?: Partial<MaskingConfig>);
+    maskValue(value: string): string;
+    maskText(text: string, matches: DlpMatch[]): string;
+}
+
 /**
  * Tracks tool invocation count as a proxy for token budget.
  * The budget value represents max invocations per session; -1 means unlimited.
@@ -299,7 +402,7 @@ interface AuditSink {
     flush(): Promise<void>;
 }
 
-type AuditEventType = 'session_start' | 'session_end' | 'tool_allowed' | 'tool_denied' | 'tool_dry_run' | 'tool_result' | 'bash_denied' | 'path_denied' | 'approval_requested' | 'approval_granted' | 'approval_denied' | 'budget_exceeded' | 'config_reloaded';
+type AuditEventType = 'session_start' | 'session_end' | 'tool_allowed' | 'tool_denied' | 'tool_dry_run' | 'tool_result' | 'bash_denied' | 'path_denied' | 'approval_requested' | 'approval_granted' | 'approval_denied' | 'budget_exceeded' | 'config_reloaded' | 'dlp_blocked' | 'dlp_detected' | 'dlp_masked';
 interface AuditRecord {
     id: string;
     timestamp: string;
@@ -407,4 +510,4 @@ declare class WebhookApprover implements ApprovalFlow {
     }): Promise<ApprovalResult>;
 }
 
-export { type ApprovalFlow, type ApprovalResult, type AuditEventType, AuditLogger, type AuditRecord, type AuditSink, type BashClassification, BashClassifier, type BashOverrides, BudgetTracker, CliApprover, ConfigValidationError, ConfigWatcher, type ConfirmUI, DANGEROUS_PATTERNS, EnvIdentityProvider, type ExecutionMode, type FactStore, type GovernanceConfig, type GovernanceToolCall, type HitlConfig, IdentityChain, type IdentityProvider, JsonlAuditSink, LocalIdentityProvider, OsoMemoryFactStore, type PathOperation, type PolicyDecision, type PolicyEngine, type Relation, type ResolvedIdentity, type RoleBinding, SAFE_PATTERNS, TemplateSelector, type TemplateSelectorConfig, WebhookApprover, WebhookAuditSink, YamlFactStore, YamlPolicyEngine, type YamlRole, type YamlRules, createApprovalFlow, createIdentityChain, createPolicyEngine, loadConfig, render as renderTemplate };
+export { type ApprovalFlow, type ApprovalResult, type AuditEventType, AuditLogger, type AuditRecord, type AuditSink, type BashClassification, BashClassifier, type BashOverrides, BudgetTracker, CliApprover, ConfigValidationError, ConfigWatcher, type ConfirmUI, DANGEROUS_PATTERNS, PII_PATTERNS as DLP_PII_PATTERNS, SECRET_PATTERNS as DLP_SECRET_PATTERNS, type DlpAction, type DlpAllowlistEntry, type DlpCategory, type DlpCustomPattern, DlpMasker, type DlpMatch, type DlpPatternDef, type DlpScanResult, DlpScanner, type DlpScannerConfig, type DlpSeverity, EnvIdentityProvider, type ExecutionMode, type FactStore, type GovernanceConfig, type GovernanceToolCall, type HitlConfig, IdentityChain, type IdentityProvider, JsonlAuditSink, LocalIdentityProvider, type MaskingConfig, OsoMemoryFactStore, type PathOperation, type PolicyDecision, type PolicyEngine, type Relation, type ResolvedIdentity, type RoleBinding, SAFE_PATTERNS, TemplateSelector, type TemplateSelectorConfig, WebhookApprover, WebhookAuditSink, YamlFactStore, YamlPolicyEngine, type YamlRole, type YamlRules, compareSeverity, createApprovalFlow, createIdentityChain, createPolicyEngine, loadConfig, render as renderTemplate };

package/dist/index.js

@@ -3831,12 +3831,78 @@ var OrgUnitOverride = Type.Object({
     })
   )
 });
+var DlpMaskingConfig = Type.Object({
+  strategy: Type.Union([Type.Literal("partial"), Type.Literal("full"), Type.Literal("hash")], {
+    default: "partial"
+  }),
+  show_chars: Type.Optional(Type.Number({ default: 4, minimum: 0 })),
+  placeholder: Type.Optional(Type.String({ default: "***" }))
+});
+var DlpCustomPatternConfig = Type.Object({
+  name: Type.String(),
+  pattern: Type.String(),
+  severity: Type.Union([
+    Type.Literal("low"),
+    Type.Literal("medium"),
+    Type.Literal("high"),
+    Type.Literal("critical")
+  ]),
+  action: Type.Optional(
+    Type.Union([Type.Literal("audit"), Type.Literal("mask"), Type.Literal("block")])
+  )
+});
+var DlpAllowlistEntryConfig = Type.Object({
+  pattern: Type.String()
+});
+var DlpRoleOverrideConfig = Type.Object({
+  enabled: Type.Optional(Type.Boolean()),
+  mode: Type.Optional(
+    Type.Union([Type.Literal("audit"), Type.Literal("mask"), Type.Literal("block")])
+  ),
+  on_input: Type.Optional(
+    Type.Union([Type.Literal("audit"), Type.Literal("mask"), Type.Literal("block")])
+  ),
+  on_output: Type.Optional(
+    Type.Union([Type.Literal("audit"), Type.Literal("mask"), Type.Literal("block")])
+  )
+});
+var DlpConfig = Type.Object({
+  enabled: Type.Boolean({ default: false }),
+  mode: Type.Optional(
+    Type.Union([Type.Literal("audit"), Type.Literal("mask"), Type.Literal("block")], {
+      default: "audit"
+    })
+  ),
+  on_input: Type.Optional(
+    Type.Union([Type.Literal("audit"), Type.Literal("mask"), Type.Literal("block")])
+  ),
+  on_output: Type.Optional(
+    Type.Union([Type.Literal("audit"), Type.Literal("mask"), Type.Literal("block")])
+  ),
+  masking: Type.Optional(DlpMaskingConfig),
+  severity_threshold: Type.Optional(
+    Type.Union(
+      [Type.Literal("low"), Type.Literal("medium"), Type.Literal("high"), Type.Literal("critical")],
+      { default: "low" }
+    )
+  ),
+  built_in: Type.Optional(
+    Type.Object({
+      secrets: Type.Boolean({ default: true }),
+      pii: Type.Boolean({ default: true })
+    })
+  ),
+  custom_patterns: Type.Optional(Type.Array(DlpCustomPatternConfig)),
+  allowlist: Type.Optional(Type.Array(DlpAllowlistEntryConfig)),
+  role_overrides: Type.Optional(Type.Record(Type.String(), DlpRoleOverrideConfig))
+});
 var GovernanceConfigSchema = Type.Object({
   auth: Type.Optional(AuthConfig),
   policy: Type.Optional(PolicyConfig),
   templates: Type.Optional(TemplatesConfig),
   hitl: Type.Optional(HitlConfig),
   audit: Type.Optional(AuditConfig),
+  dlp: Type.Optional(DlpConfig),
   org_units: Type.Optional(Type.Record(Type.String(), OrgUnitOverride))
 });
 
@@ -3867,6 +3933,9 @@ var DEFAULTS = {
   },
   audit: {
     sinks: [{ type: "jsonl", path: "~/.pi/agent/audit.jsonl" }]
+  },
+  dlp: {
+    enabled: false
   }
 };
 
@@ -4338,6 +4407,300 @@ var BashClassifier = class {
   }
 };
 
+// src/lib/dlp/patterns.ts
+var SECRET_PATTERNS = [
+  // AWS
+  {
+    name: "aws_access_key",
+    pattern: /\b(AKIA[0-9A-Z]{16})\b/g,
+    severity: "critical",
+    category: "secret"
+  },
+  {
+    name: "aws_secret_key",
+    pattern: /\b([A-Za-z0-9/+=]{40})(?=\s|$|"|')/g,
+    severity: "critical",
+    category: "secret"
+  },
+  // GitHub
+  {
+    name: "github_pat",
+    pattern: /\b(ghp_[A-Za-z0-9]{36,})\b/g,
+    severity: "critical",
+    category: "secret"
+  },
+  {
+    name: "github_oauth",
+    pattern: /\b(gho_[A-Za-z0-9]{36,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  {
+    name: "github_app_token",
+    pattern: /\b(ghu_[A-Za-z0-9]{36,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  // Anthropic
+  {
+    name: "anthropic_api_key",
+    pattern: /\b(sk-ant-api03-[A-Za-z0-9_-]{90,})\b/g,
+    severity: "critical",
+    category: "secret"
+  },
+  // OpenAI
+  {
+    name: "openai_api_key",
+    pattern: /\b(sk-[A-Za-z0-9]{20,}T3BlbkFJ[A-Za-z0-9]{20,})\b/g,
+    severity: "critical",
+    category: "secret"
+  },
+  // JWT
+  {
+    name: "jwt_token",
+    pattern: /\b(eyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  // Private key headers
+  {
+    name: "private_key",
+    pattern: /-----BEGIN\s+(RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/g,
+    severity: "critical",
+    category: "secret"
+  },
+  // Database connection strings
+  {
+    name: "database_url",
+    pattern: /\b((?:postgres|mysql|mongodb|redis):\/\/[^\s'"]{10,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  // Slack
+  {
+    name: "slack_token",
+    pattern: /\b(xox[bpras]-[A-Za-z0-9-]{10,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  // Stripe
+  {
+    name: "stripe_key",
+    pattern: /\b([rs]k_(?:live|test)_[A-Za-z0-9]{20,})\b/g,
+    severity: "critical",
+    category: "secret"
+  },
+  // npm
+  {
+    name: "npm_token",
+    pattern: /\b(npm_[A-Za-z0-9]{36,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  // SendGrid
+  {
+    name: "sendgrid_key",
+    pattern: /\b(SG\.[A-Za-z0-9_-]{22,}\.[A-Za-z0-9_-]{22,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  // Generic API key patterns (env-var style assignments)
+  {
+    name: "generic_api_key",
+    pattern: /\b(?:API_KEY|API_SECRET|ACCESS_TOKEN|AUTH_TOKEN|SECRET_KEY)\s*[=:]\s*['"]?([A-Za-z0-9_-]{16,})['"]?/gi,
+    severity: "medium",
+    category: "secret"
+  },
+  // High-entropy string near keyword context
+  {
+    name: "generic_secret_assignment",
+    pattern: /\b(?:password|passwd|secret|token|credential)\s*[=:]\s*['"]([^'"]{8,})['"]?/gi,
+    severity: "medium",
+    category: "secret"
+  }
+];
+var PII_PATTERNS = [
+  // SSN (US)
+  {
+    name: "ssn",
+    pattern: /\b(\d{3}-\d{2}-\d{4})\b/g,
+    severity: "critical",
+    category: "pii"
+  },
+  // Credit card numbers
+  {
+    name: "credit_card",
+    pattern: /\b(4\d{3}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}|5[1-5]\d{2}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}|3[47]\d{2}[\s-]?\d{6}[\s-]?\d{5}|6(?:011|5\d{2})[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4})\b/g,
+    severity: "critical",
+    category: "pii"
+  },
+  // Email address
+  {
+    name: "email",
+    pattern: /\b([A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,})\b/g,
+    severity: "low",
+    category: "pii"
+  },
+  // US phone number
+  {
+    name: "phone_us",
+    pattern: /\b(\+?1?[-.\s]?\(?\d{3}\)?[-.\s]?\d{3}[-.\s]?\d{4})\b/g,
+    severity: "medium",
+    category: "pii"
+  },
+  // IPv4 address
+  {
+    name: "ipv4",
+    pattern: /\b((?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.(?:25[0-5]|2[0-4]\d|[01]?\d\d?))\b/g,
+    severity: "low",
+    category: "pii"
+  }
+];
+
+// src/lib/dlp/scanner.ts
+var SEVERITY_ORDER = {
+  low: 0,
+  medium: 1,
+  high: 2,
+  critical: 3
+};
+var DlpScanner = class {
+  patterns;
+  allowlistRegexps;
+  severityThreshold;
+  config;
+  constructor(config) {
+    this.config = config;
+    this.severityThreshold = SEVERITY_ORDER[config.severity_threshold];
+    this.patterns = [];
+    this.allowlistRegexps = [];
+    if (config.built_in.secrets) {
+      for (const def of SECRET_PATTERNS) {
+        this.patterns.push({ def });
+      }
+    }
+    if (config.built_in.pii) {
+      for (const def of PII_PATTERNS) {
+        this.patterns.push({ def });
+      }
+    }
+    for (const cp of config.custom_patterns) {
+      const def = {
+        name: cp.name,
+        pattern: new RegExp(cp.pattern, "g"),
+        severity: cp.severity,
+        category: "custom"
+      };
+      this.patterns.push({ def, action: cp.action });
+    }
+    for (const compiled of this.patterns) {
+      const override = config.pattern_overrides.get(compiled.def.name);
+      if (override) {
+        compiled.action = override;
+      }
+    }
+    for (const entry of config.allowlist) {
+      this.allowlistRegexps.push(new RegExp(entry.pattern));
+    }
+  }
+  scan(text) {
+    if (!this.config.enabled || text.length === 0) {
+      return { hasMatches: false, matches: [] };
+    }
+    const matches = [];
+    for (const compiled of this.patterns) {
+      if (SEVERITY_ORDER[compiled.def.severity] < this.severityThreshold) {
+        continue;
+      }
+      const regex = new RegExp(compiled.def.pattern.source, compiled.def.pattern.flags);
+      let match;
+      while ((match = regex.exec(text)) !== null) {
+        const matched = match[1] ?? match[0];
+        const start = match[1] ? match.index + match[0].indexOf(match[1]) : match.index;
+        const end = start + matched.length;
+        if (this.isAllowlisted(matched)) {
+          continue;
+        }
+        matches.push({
+          patternName: compiled.def.name,
+          category: compiled.def.category,
+          severity: compiled.def.severity,
+          start,
+          end,
+          matched
+        });
+      }
+    }
+    return { hasMatches: matches.length > 0, matches };
+  }
+  getAction(direction) {
+    if (direction === "input" && this.config.on_input) {
+      return this.config.on_input;
+    }
+    if (direction === "output" && this.config.on_output) {
+      return this.config.on_output;
+    }
+    return this.config.mode;
+  }
+  getPatternAction(match, direction) {
+    const compiled = this.patterns.find((p) => p.def.name === match.patternName);
+    if (compiled?.action) {
+      return compiled.action;
+    }
+    return this.getAction(direction);
+  }
+  isAllowlisted(value) {
+    for (const re of this.allowlistRegexps) {
+      if (re.test(value)) return true;
+    }
+    return false;
+  }
+};
+function compareSeverity(a, b) {
+  return SEVERITY_ORDER[a] - SEVERITY_ORDER[b];
+}
+
+// src/lib/dlp/masker.ts
+import { createHash } from "crypto";
+var DEFAULT_CONFIG = {
+  strategy: "partial",
+  show_chars: 4,
+  placeholder: "***"
+};
+var DlpMasker = class {
+  config;
+  constructor(config) {
+    this.config = { ...DEFAULT_CONFIG, ...config };
+  }
+  maskValue(value) {
+    switch (this.config.strategy) {
+      case "full":
+        return this.config.placeholder;
+      case "hash": {
+        const hash = createHash("sha256").update(value).digest("hex").slice(0, 8);
+        return `[REDACTED:${hash}]`;
+      }
+      case "partial":
+      default: {
+        if (value.length <= this.config.show_chars) {
+          return this.config.placeholder;
+        }
+        return this.config.placeholder + value.slice(-this.config.show_chars);
+      }
+    }
+  }
+  maskText(text, matches) {
+    if (matches.length === 0) return text;
+    const sorted = [...matches].sort((a, b) => b.start - a.start);
+    let result = text;
+    for (const match of sorted) {
+      const masked = this.maskValue(match.matched);
+      result = result.slice(0, match.start) + masked + result.slice(match.end);
+    }
+    return result;
+  }
+};
+
 // src/lib/budget/tracker.ts
 var BudgetTracker = class {
   _used = 0;
@@ -4682,6 +5045,10 @@ export {
   ConfigValidationError,
   ConfigWatcher,
   DANGEROUS_PATTERNS,
+  PII_PATTERNS as DLP_PII_PATTERNS,
+  SECRET_PATTERNS as DLP_SECRET_PATTERNS,
+  DlpMasker,
+  DlpScanner,
   EnvIdentityProvider,
   IdentityChain,
   JsonlAuditSink,
@@ -4693,6 +5060,7 @@ export {
   WebhookAuditSink,
   YamlFactStore,
   YamlPolicyEngine,
+  compareSeverity,
   createApprovalFlow,
   createIdentityChain,
   createPolicyEngine,