@grwnd/pi-governance 1.4.2 → 1.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +75 -9
- package/dist/extensions/index.cjs +592 -3
- package/dist/extensions/index.cjs.map +1 -1
- package/dist/extensions/index.js +594 -3
- package/dist/extensions/index.js.map +1 -1
- package/dist/index.cjs +387 -707
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +105 -2
- package/dist/index.d.ts +105 -2
- package/dist/index.js +380 -705
- package/dist/index.js.map +1 -1
- package/package.json +6 -1
package/README.md
CHANGED
|
@@ -10,7 +10,8 @@
|
|
|
10
10
|
|
|
11
11
|
<p align="center">
|
|
12
12
|
<a href="https://github.com/Grwnd-AI/pi-governance/actions/workflows/ci.yml"><img src="https://github.com/Grwnd-AI/pi-governance/actions/workflows/ci.yml/badge.svg" alt="CI" /></a>
|
|
13
|
-
<a href="https://www.npmjs.com/package/@grwnd/pi-governance"><img src="https://img.shields.io/npm/v/@grwnd/pi-governance" alt="npm" /></a>
|
|
13
|
+
<a href="https://www.npmjs.com/package/@grwnd/pi-governance"><img src="https://img.shields.io/npm/v/@grwnd/pi-governance" alt="npm pi-governance" /></a>
|
|
14
|
+
<a href="https://www.npmjs.com/package/@grwnd/openclaw-governance"><img src="https://img.shields.io/npm/v/@grwnd/openclaw-governance?label=openclaw-governance" alt="npm openclaw-governance" /></a>
|
|
14
15
|
<a href="https://github.com/Grwnd-AI/pi-governance/blob/main/LICENSE"><img src="https://img.shields.io/badge/license-Apache--2.0-blue" alt="License" /></a>
|
|
15
16
|
<a href="https://grwnd-ai.github.io/pi-governance/"><img src="https://img.shields.io/badge/docs-GitHub%20Pages-blue" alt="Docs" /></a>
|
|
16
17
|
</p>
|
|
@@ -24,6 +25,7 @@
|
|
|
24
25
|
- **Role-based access control** — define who can use which tools
|
|
25
26
|
- **Bash command classification** — auto-block dangerous commands (`rm -rf`, `sudo`, `curl | sh`)
|
|
26
27
|
- **Path-level file gating** — restrict read/write to scoped directories
|
|
28
|
+
- **Data loss prevention** — detect and block/mask API keys, tokens, and PII before they reach the LLM
|
|
27
29
|
- **Human-in-the-loop approval** — require sign-off for sensitive operations
|
|
28
30
|
- **Audit logging** — structured JSONL logs of every governance decision
|
|
29
31
|
- **Prompt-level policy** — role-scoped system prompt templates
|
|
@@ -43,6 +45,7 @@ That's it. On next session start, governance is active with sensible defaults:
|
|
|
43
45
|
- All tools allowed
|
|
44
46
|
- Dangerous bash commands blocked
|
|
45
47
|
- Supervised mode (approval required for writes and bash)
|
|
48
|
+
- DLP disabled (opt-in)
|
|
46
49
|
- Audit logged to `~/.pi/agent/audit.jsonl`
|
|
47
50
|
|
|
48
51
|
### Configure
|
|
@@ -153,6 +156,7 @@ User message → Pi Agent Runtime
|
|
|
153
156
|
┌─────┴──────────┐
|
|
154
157
|
│ onBeforeToolCall │ ← RBAC: tool allowed?
|
|
155
158
|
│ → classify bash │ ← Path check
|
|
159
|
+
│ → DLP scan │ ← Block/mask secrets & PII
|
|
156
160
|
│ → HITL approval │ ← Audit log
|
|
157
161
|
└─────┬──────────┘
|
|
158
162
|
│
|
|
@@ -160,10 +164,42 @@ User message → Pi Agent Runtime
|
|
|
160
164
|
│ └→ Return denial message
|
|
161
165
|
│
|
|
162
166
|
┌─────┴──────────┐
|
|
163
|
-
│ onAfterToolCall │ ←
|
|
167
|
+
│ onAfterToolCall │ ← DLP scan output
|
|
168
|
+
│ │ ← Audit result
|
|
164
169
|
└────────────────┘
|
|
165
170
|
```
|
|
166
171
|
|
|
172
|
+
## Data Loss Prevention
|
|
173
|
+
|
|
174
|
+
DLP prevents secrets and PII from leaking through tool calls to LLM providers. It scans both inputs (before execution) and outputs (before reaching the LLM).
|
|
175
|
+
|
|
176
|
+
```yaml
|
|
177
|
+
dlp:
|
|
178
|
+
enabled: true
|
|
179
|
+
mode: mask # audit | mask | block
|
|
180
|
+
on_input: block # block tool calls with secrets
|
|
181
|
+
on_output: mask # redact secrets in tool output
|
|
182
|
+
masking:
|
|
183
|
+
strategy: partial # partial | full | hash
|
|
184
|
+
show_chars: 4
|
|
185
|
+
severity_threshold: low
|
|
186
|
+
built_in:
|
|
187
|
+
secrets: true # AWS keys, GitHub PATs, JWTs, Stripe keys, ...
|
|
188
|
+
pii: true # SSN, credit cards, email, phone, IP
|
|
189
|
+
custom_patterns:
|
|
190
|
+
- name: internal_key
|
|
191
|
+
pattern: 'grwnd_[a-zA-Z0-9]{32}'
|
|
192
|
+
severity: critical
|
|
193
|
+
action: block
|
|
194
|
+
allowlist:
|
|
195
|
+
- pattern: '127\.0\.0\.1'
|
|
196
|
+
role_overrides:
|
|
197
|
+
admin:
|
|
198
|
+
enabled: false # admin skips DLP
|
|
199
|
+
```
|
|
200
|
+
|
|
201
|
+
DLP is **disabled by default** — zero behavioral change for existing users. See the full [DLP guide](https://grwnd-ai.github.io/pi-governance/guide/dlp) and [pattern reference](https://grwnd-ai.github.io/pi-governance/reference/dlp-patterns).
|
|
202
|
+
|
|
167
203
|
## Dual Policy Engine
|
|
168
204
|
|
|
169
205
|
Choose between two policy engines:
|
|
@@ -190,12 +226,40 @@ pi-governance works with [OpenClaw](https://github.com/Grwnd-AI) out of the box.
|
|
|
190
226
|
|
|
191
227
|
```
|
|
192
228
|
OpenClaw gateway (WhatsApp, Discord, Telegram, …)
|
|
193
|
-
└─
|
|
194
|
-
└─
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
229
|
+
└─ [optional] @grwnd/openclaw-governance plugin → channel identity
|
|
230
|
+
└─ Pi embedded runner
|
|
231
|
+
└─ @grwnd/pi-governance extension
|
|
232
|
+
├─ RBAC for MCP tools (create_report, upload_asset, …)
|
|
233
|
+
├─ bash command classification
|
|
234
|
+
├─ audit logging (JSONL + webhook)
|
|
235
|
+
└─ HITL approval flow
|
|
236
|
+
```
|
|
237
|
+
|
|
238
|
+
### Get up and running
|
|
239
|
+
|
|
240
|
+
```bash
|
|
241
|
+
# 1. Install the Pi governance extension
|
|
242
|
+
pi install npm:@grwnd/pi-governance
|
|
243
|
+
|
|
244
|
+
# 2. Install the OpenClaw identity bridge plugin
|
|
245
|
+
openclaw plugins install @grwnd/openclaw-governance
|
|
246
|
+
```
|
|
247
|
+
|
|
248
|
+
Create `openclaw-users.yaml` to map channel users to governance roles:
|
|
249
|
+
|
|
250
|
+
```yaml
|
|
251
|
+
users:
|
|
252
|
+
whatsapp:+15550123:
|
|
253
|
+
role: report_author
|
|
254
|
+
org_unit: field-ops
|
|
255
|
+
discord:428374928374:
|
|
256
|
+
role: analyst
|
|
257
|
+
slack:U04ABCD1234:
|
|
258
|
+
role: project_lead
|
|
259
|
+
org_unit: engineering
|
|
260
|
+
default:
|
|
261
|
+
role: analyst
|
|
262
|
+
org_unit: default
|
|
199
263
|
```
|
|
200
264
|
|
|
201
265
|
Put MCP tool names directly in your policy rules:
|
|
@@ -220,7 +284,7 @@ roles:
|
|
|
220
284
|
token_budget_daily: 500
|
|
221
285
|
```
|
|
222
286
|
|
|
223
|
-
|
|
287
|
+
When a WhatsApp user messages your OpenClaw agent, the identity bridge parses the session key, maps them to a role, and pi-governance enforces the policy — all automatically. Every MCP tool call is audited as structured JSON.
|
|
224
288
|
|
|
225
289
|
See the full [OpenClaw integration guide](https://grwnd-ai.github.io/pi-governance/guide/openclaw) for MCP tool reference tables, channel identity mapping, and common patterns.
|
|
226
290
|
|
|
@@ -230,8 +294,10 @@ Full documentation at **[grwnd-ai.github.io/pi-governance](https://grwnd-ai.gith
|
|
|
230
294
|
|
|
231
295
|
- [Quick Start](https://grwnd-ai.github.io/pi-governance/guide/quickstart)
|
|
232
296
|
- [Team Deployment](https://grwnd-ai.github.io/pi-governance/guide/team-deployment)
|
|
297
|
+
- [OpenClaw Integration](https://grwnd-ai.github.io/pi-governance/guide/openclaw)
|
|
233
298
|
- [YAML Policies](https://grwnd-ai.github.io/pi-governance/guide/yaml-policies)
|
|
234
299
|
- [Bash Classifier](https://grwnd-ai.github.io/pi-governance/guide/bash-classifier)
|
|
300
|
+
- [Data Loss Prevention](https://grwnd-ai.github.io/pi-governance/guide/dlp)
|
|
235
301
|
- [Configuration Reference](https://grwnd-ai.github.io/pi-governance/reference/config)
|
|
236
302
|
|
|
237
303
|
## License
|