@grwnd/pi-governance 1.4.2 → 1.5.1

package/dist/extensions/index.js

@@ -1,3 +1,6 @@
+// src/extensions/index.ts
+import { existsSync as existsSync2 } from "fs";
+
 // src/lib/config/loader.ts
 import { existsSync, readFileSync } from "fs";
 import { parse as parseYaml } from "yaml";
@@ -76,12 +79,78 @@ var OrgUnitOverride = Type.Object({
     })
   )
 });
+var DlpMaskingConfig = Type.Object({
+  strategy: Type.Union([Type.Literal("partial"), Type.Literal("full"), Type.Literal("hash")], {
+    default: "partial"
+  }),
+  show_chars: Type.Optional(Type.Number({ default: 4, minimum: 0 })),
+  placeholder: Type.Optional(Type.String({ default: "***" }))
+});
+var DlpCustomPatternConfig = Type.Object({
+  name: Type.String(),
+  pattern: Type.String(),
+  severity: Type.Union([
+    Type.Literal("low"),
+    Type.Literal("medium"),
+    Type.Literal("high"),
+    Type.Literal("critical")
+  ]),
+  action: Type.Optional(
+    Type.Union([Type.Literal("audit"), Type.Literal("mask"), Type.Literal("block")])
+  )
+});
+var DlpAllowlistEntryConfig = Type.Object({
+  pattern: Type.String()
+});
+var DlpRoleOverrideConfig = Type.Object({
+  enabled: Type.Optional(Type.Boolean()),
+  mode: Type.Optional(
+    Type.Union([Type.Literal("audit"), Type.Literal("mask"), Type.Literal("block")])
+  ),
+  on_input: Type.Optional(
+    Type.Union([Type.Literal("audit"), Type.Literal("mask"), Type.Literal("block")])
+  ),
+  on_output: Type.Optional(
+    Type.Union([Type.Literal("audit"), Type.Literal("mask"), Type.Literal("block")])
+  )
+});
+var DlpConfig = Type.Object({
+  enabled: Type.Boolean({ default: false }),
+  mode: Type.Optional(
+    Type.Union([Type.Literal("audit"), Type.Literal("mask"), Type.Literal("block")], {
+      default: "audit"
+    })
+  ),
+  on_input: Type.Optional(
+    Type.Union([Type.Literal("audit"), Type.Literal("mask"), Type.Literal("block")])
+  ),
+  on_output: Type.Optional(
+    Type.Union([Type.Literal("audit"), Type.Literal("mask"), Type.Literal("block")])
+  ),
+  masking: Type.Optional(DlpMaskingConfig),
+  severity_threshold: Type.Optional(
+    Type.Union(
+      [Type.Literal("low"), Type.Literal("medium"), Type.Literal("high"), Type.Literal("critical")],
+      { default: "low" }
+    )
+  ),
+  built_in: Type.Optional(
+    Type.Object({
+      secrets: Type.Boolean({ default: true }),
+      pii: Type.Boolean({ default: true })
+    })
+  ),
+  custom_patterns: Type.Optional(Type.Array(DlpCustomPatternConfig)),
+  allowlist: Type.Optional(Type.Array(DlpAllowlistEntryConfig)),
+  role_overrides: Type.Optional(Type.Record(Type.String(), DlpRoleOverrideConfig))
+});
 var GovernanceConfigSchema = Type.Object({
   auth: Type.Optional(AuthConfig),
   policy: Type.Optional(PolicyConfig),
   templates: Type.Optional(TemplatesConfig),
   hitl: Type.Optional(HitlConfig),
   audit: Type.Optional(AuditConfig),
+  dlp: Type.Optional(DlpConfig),
   org_units: Type.Optional(Type.Record(Type.String(), OrgUnitOverride))
 });
 
@@ -112,6 +181,9 @@ var DEFAULTS = {
   },
   audit: {
     sinks: [{ type: "jsonl", path: "~/.pi/agent/audit.jsonl" }]
+  },
+  dlp: {
+    enabled: false
   }
 };
 
@@ -821,6 +893,297 @@ var ConfigWatcher = class {
   }
 };
 
+// src/lib/dlp/patterns.ts
+var SECRET_PATTERNS = [
+  // AWS
+  {
+    name: "aws_access_key",
+    pattern: /\b(AKIA[0-9A-Z]{16})\b/g,
+    severity: "critical",
+    category: "secret"
+  },
+  {
+    name: "aws_secret_key",
+    pattern: /\b([A-Za-z0-9/+=]{40})(?=\s|$|"|')/g,
+    severity: "critical",
+    category: "secret"
+  },
+  // GitHub
+  {
+    name: "github_pat",
+    pattern: /\b(ghp_[A-Za-z0-9]{36,})\b/g,
+    severity: "critical",
+    category: "secret"
+  },
+  {
+    name: "github_oauth",
+    pattern: /\b(gho_[A-Za-z0-9]{36,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  {
+    name: "github_app_token",
+    pattern: /\b(ghu_[A-Za-z0-9]{36,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  // Anthropic
+  {
+    name: "anthropic_api_key",
+    pattern: /\b(sk-ant-api03-[A-Za-z0-9_-]{90,})\b/g,
+    severity: "critical",
+    category: "secret"
+  },
+  // OpenAI
+  {
+    name: "openai_api_key",
+    pattern: /\b(sk-[A-Za-z0-9]{20,}T3BlbkFJ[A-Za-z0-9]{20,})\b/g,
+    severity: "critical",
+    category: "secret"
+  },
+  // JWT
+  {
+    name: "jwt_token",
+    pattern: /\b(eyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  // Private key headers
+  {
+    name: "private_key",
+    pattern: /-----BEGIN\s+(RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/g,
+    severity: "critical",
+    category: "secret"
+  },
+  // Database connection strings
+  {
+    name: "database_url",
+    pattern: /\b((?:postgres|mysql|mongodb|redis):\/\/[^\s'"]{10,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  // Slack
+  {
+    name: "slack_token",
+    pattern: /\b(xox[bpras]-[A-Za-z0-9-]{10,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  // Stripe
+  {
+    name: "stripe_key",
+    pattern: /\b([rs]k_(?:live|test)_[A-Za-z0-9]{20,})\b/g,
+    severity: "critical",
+    category: "secret"
+  },
+  // npm
+  {
+    name: "npm_token",
+    pattern: /\b(npm_[A-Za-z0-9]{36,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  // SendGrid
+  {
+    name: "sendgrid_key",
+    pattern: /\b(SG\.[A-Za-z0-9_-]{22,}\.[A-Za-z0-9_-]{22,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  // Generic API key patterns (env-var style assignments)
+  {
+    name: "generic_api_key",
+    pattern: /\b(?:API_KEY|API_SECRET|ACCESS_TOKEN|AUTH_TOKEN|SECRET_KEY)\s*[=:]\s*['"]?([A-Za-z0-9_-]{16,})['"]?/gi,
+    severity: "medium",
+    category: "secret"
+  },
+  // High-entropy string near keyword context
+  {
+    name: "generic_secret_assignment",
+    pattern: /\b(?:password|passwd|secret|token|credential)\s*[=:]\s*['"]([^'"]{8,})['"]?/gi,
+    severity: "medium",
+    category: "secret"
+  }
+];
+var PII_PATTERNS = [
+  // SSN (US)
+  {
+    name: "ssn",
+    pattern: /\b(\d{3}-\d{2}-\d{4})\b/g,
+    severity: "critical",
+    category: "pii"
+  },
+  // Credit card numbers
+  {
+    name: "credit_card",
+    pattern: /\b(4\d{3}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}|5[1-5]\d{2}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}|3[47]\d{2}[\s-]?\d{6}[\s-]?\d{5}|6(?:011|5\d{2})[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4})\b/g,
+    severity: "critical",
+    category: "pii"
+  },
+  // Email address
+  {
+    name: "email",
+    pattern: /\b([A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,})\b/g,
+    severity: "low",
+    category: "pii"
+  },
+  // US phone number
+  {
+    name: "phone_us",
+    pattern: /\b(\+?1?[-.\s]?\(?\d{3}\)?[-.\s]?\d{3}[-.\s]?\d{4})\b/g,
+    severity: "medium",
+    category: "pii"
+  },
+  // IPv4 address
+  {
+    name: "ipv4",
+    pattern: /\b((?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.(?:25[0-5]|2[0-4]\d|[01]?\d\d?))\b/g,
+    severity: "low",
+    category: "pii"
+  }
+];
+
+// src/lib/dlp/scanner.ts
+var SEVERITY_ORDER = {
+  low: 0,
+  medium: 1,
+  high: 2,
+  critical: 3
+};
+var DlpScanner = class {
+  patterns;
+  allowlistRegexps;
+  severityThreshold;
+  config;
+  constructor(config) {
+    this.config = config;
+    this.severityThreshold = SEVERITY_ORDER[config.severity_threshold];
+    this.patterns = [];
+    this.allowlistRegexps = [];
+    if (config.built_in.secrets) {
+      for (const def of SECRET_PATTERNS) {
+        this.patterns.push({ def });
+      }
+    }
+    if (config.built_in.pii) {
+      for (const def of PII_PATTERNS) {
+        this.patterns.push({ def });
+      }
+    }
+    for (const cp of config.custom_patterns) {
+      const def = {
+        name: cp.name,
+        pattern: new RegExp(cp.pattern, "g"),
+        severity: cp.severity,
+        category: "custom"
+      };
+      this.patterns.push({ def, action: cp.action });
+    }
+    for (const compiled of this.patterns) {
+      const override = config.pattern_overrides.get(compiled.def.name);
+      if (override) {
+        compiled.action = override;
+      }
+    }
+    for (const entry of config.allowlist) {
+      this.allowlistRegexps.push(new RegExp(entry.pattern));
+    }
+  }
+  scan(text) {
+    if (!this.config.enabled || text.length === 0) {
+      return { hasMatches: false, matches: [] };
+    }
+    const matches = [];
+    for (const compiled of this.patterns) {
+      if (SEVERITY_ORDER[compiled.def.severity] < this.severityThreshold) {
+        continue;
+      }
+      const regex = new RegExp(compiled.def.pattern.source, compiled.def.pattern.flags);
+      let match;
+      while ((match = regex.exec(text)) !== null) {
+        const matched = match[1] ?? match[0];
+        const start = match[1] ? match.index + match[0].indexOf(match[1]) : match.index;
+        const end = start + matched.length;
+        if (this.isAllowlisted(matched)) {
+          continue;
+        }
+        matches.push({
+          patternName: compiled.def.name,
+          category: compiled.def.category,
+          severity: compiled.def.severity,
+          start,
+          end,
+          matched
+        });
+      }
+    }
+    return { hasMatches: matches.length > 0, matches };
+  }
+  getAction(direction) {
+    if (direction === "input" && this.config.on_input) {
+      return this.config.on_input;
+    }
+    if (direction === "output" && this.config.on_output) {
+      return this.config.on_output;
+    }
+    return this.config.mode;
+  }
+  getPatternAction(match, direction) {
+    const compiled = this.patterns.find((p) => p.def.name === match.patternName);
+    if (compiled?.action) {
+      return compiled.action;
+    }
+    return this.getAction(direction);
+  }
+  isAllowlisted(value) {
+    for (const re of this.allowlistRegexps) {
+      if (re.test(value)) return true;
+    }
+    return false;
+  }
+};
+
+// src/lib/dlp/masker.ts
+import { createHash } from "crypto";
+var DEFAULT_CONFIG = {
+  strategy: "partial",
+  show_chars: 4,
+  placeholder: "***"
+};
+var DlpMasker = class {
+  config;
+  constructor(config) {
+    this.config = { ...DEFAULT_CONFIG, ...config };
+  }
+  maskValue(value) {
+    switch (this.config.strategy) {
+      case "full":
+        return this.config.placeholder;
+      case "hash": {
+        const hash = createHash("sha256").update(value).digest("hex").slice(0, 8);
+        return `[REDACTED:${hash}]`;
+      }
+      case "partial":
+      default: {
+        if (value.length <= this.config.show_chars) {
+          return this.config.placeholder;
+        }
+        return this.config.placeholder + value.slice(-this.config.show_chars);
+      }
+    }
+  }
+  maskText(text, matches) {
+    if (matches.length === 0) return text;
+    const sorted = [...matches].sort((a, b) => b.start - a.start);
+    let result = text;
+    for (const match of sorted) {
+      const masked = this.maskValue(match.matched);
+      result = result.slice(0, match.start) + masked + result.slice(match.end);
+    }
+    return result;
+  }
+};
+
 // src/extensions/index.ts
 var PATH_TOOLS = {
   read: "path",
@@ -858,6 +1221,72 @@ function extractPath(toolName, input) {
   const val = input[key];
   return typeof val === "string" ? val : void 0;
 }
+var ACTION_PRIORITY = { audit: 0, mask: 1, block: 2 };
+function extractDlpFields(toolName, input) {
+  const fields = /* @__PURE__ */ new Map();
+  switch (toolName) {
+    case "bash": {
+      const cmd = input["command"];
+      if (typeof cmd === "string") fields.set("command", cmd);
+      break;
+    }
+    case "write": {
+      const content = input["content"];
+      if (typeof content === "string") fields.set("content", content);
+      const path = input["path"];
+      if (typeof path === "string") fields.set("path", path);
+      break;
+    }
+    case "edit": {
+      const newStr = input["new_string"];
+      if (typeof newStr === "string") fields.set("new_string", newStr);
+      const oldStr = input["old_string"];
+      if (typeof oldStr === "string") fields.set("old_string", oldStr);
+      break;
+    }
+    default: {
+      for (const [key, val] of Object.entries(input)) {
+        if (typeof val === "string") fields.set(key, val);
+      }
+    }
+  }
+  return fields;
+}
+function resolveHighestAction(scanner, matches, direction) {
+  let highest = "audit";
+  for (const match of matches) {
+    const action = scanner.getPatternAction(match, direction);
+    if (ACTION_PRIORITY[action] > ACTION_PRIORITY[highest]) {
+      highest = action;
+    }
+  }
+  return highest;
+}
+function resolveDlpConfig(dlpConfig, role) {
+  if (!dlpConfig?.enabled) return void 0;
+  const roleOverride = dlpConfig.role_overrides?.[role];
+  if (roleOverride?.enabled === false) return void 0;
+  const patternOverrides = /* @__PURE__ */ new Map();
+  return {
+    enabled: true,
+    mode: roleOverride?.mode ?? dlpConfig.mode ?? "audit",
+    on_input: roleOverride?.on_input ?? dlpConfig.on_input,
+    on_output: roleOverride?.on_output ?? dlpConfig.on_output,
+    severity_threshold: dlpConfig.severity_threshold ?? "low",
+    built_in: {
+      secrets: dlpConfig.built_in?.secrets ?? true,
+      pii: dlpConfig.built_in?.pii ?? true
+    },
+    custom_patterns: (dlpConfig.custom_patterns ?? []).map((cp) => ({
+      name: cp.name,
+      pattern: cp.pattern,
+      severity: cp.severity,
+      action: cp.action
+    })),
+    allowlist: dlpConfig.allowlist ?? [],
+    pattern_overrides: patternOverrides
+  };
+}
 var piGovernance = (pi) => {
   let config;
   let policyEngine;
@@ -869,7 +1298,18 @@ var piGovernance = (pi) => {
   let sessionId;
   let budgetTracker;
   let configWatcher;
-  const stats = { allowed: 0, denied: 0, approvals: 0, dryRun: 0, budgetExceeded: 0 };
+  let dlpScanner;
+  let dlpMasker;
+  const stats = {
+    allowed: 0,
+    denied: 0,
+    approvals: 0,
+    dryRun: 0,
+    budgetExceeded: 0,
+    dlpBlocked: 0,
+    dlpDetected: 0,
+    dlpMasked: 0
+  };
   pi.on("session_start", async (_event, ctx) => {
     sessionId = ctx.sessionId;
     const loaded = loadConfig();
@@ -877,7 +1317,45 @@ var piGovernance = (pi) => {
     const chain = createIdentityChain(config.auth);
     identity = await chain.resolve();
     const rulesFile = config.policy?.yaml?.rules_file ?? "./governance-rules.yaml";
-    policyEngine = new YamlPolicyEngine(rulesFile);
+    if (existsSync2(rulesFile)) {
+      policyEngine = new YamlPolicyEngine(rulesFile);
+    } else {
+      policyEngine = new YamlPolicyEngine({
+        roles: {
+          admin: {
+            allowed_tools: ["all"],
+            blocked_tools: [],
+            prompt_template: "admin",
+            execution_mode: "autonomous",
+            human_approval: { required_for: [] },
+            token_budget_daily: -1,
+            allowed_paths: ["**"],
+            blocked_paths: []
+          },
+          project_lead: {
+            allowed_tools: ["all"],
+            blocked_tools: [],
+            prompt_template: "project-lead",
+            execution_mode: "supervised",
+            human_approval: { required_for: ["bash", "write"] },
+            token_budget_daily: -1,
+            allowed_paths: ["**"],
+            blocked_paths: []
+          },
+          analyst: {
+            allowed_tools: ["read", "grep", "find", "ls"],
+            blocked_tools: ["write", "edit", "bash"],
+            prompt_template: "analyst",
+            execution_mode: "supervised",
+            human_approval: { required_for: ["all"] },
+            token_budget_daily: -1,
+            allowed_paths: ["**"],
+            blocked_paths: []
+          }
+        }
+      });
+      ctx.ui.notify(`Rules file not found: ${rulesFile} \u2014 using built-in defaults`, "warning");
+    }
     executionMode = policyEngine.getExecutionMode(identity.role);
     const bashOverrides = policyEngine.getBashOverrides(identity.role);
     bashClassifier = new BashClassifier(bashOverrides);
@@ -898,15 +1376,30 @@ var piGovernance = (pi) => {
     }
     const budget = policyEngine.getTokenBudget(identity.role);
     budgetTracker = new BudgetTracker(budget);
+    const dlpCfg = resolveDlpConfig(config.dlp, identity.role);
+    if (dlpCfg) {
+      dlpScanner = new DlpScanner(dlpCfg);
+      dlpMasker = new DlpMasker(config.dlp?.masking);
+    }
     if (loaded.source !== "built-in") {
       configWatcher = new ConfigWatcher(
         loaded.source,
         (newConfig) => {
           config = newConfig;
           const newRulesFile = newConfig.policy?.yaml?.rules_file ?? "./governance-rules.yaml";
-          policyEngine = new YamlPolicyEngine(newRulesFile);
+          if (existsSync2(newRulesFile)) {
+            policyEngine = new YamlPolicyEngine(newRulesFile);
+          }
           const newOverrides = policyEngine.getBashOverrides(identity.role);
           bashClassifier = new BashClassifier(newOverrides);
+          const newDlpCfg = resolveDlpConfig(newConfig.dlp, identity.role);
+          if (newDlpCfg) {
+            dlpScanner = new DlpScanner(newDlpCfg);
+            dlpMasker = new DlpMasker(newConfig.dlp?.masking);
+          } else {
+            dlpScanner = void 0;
+            dlpMasker = void 0;
+          }
           audit.log({
             sessionId,
             event: "config_reloaded",
@@ -1054,6 +1547,63 @@ var piGovernance = (pi) => {
         return { block: true, reason: `Access denied to path: ${path}` };
       }
     }
+    if (dlpScanner && dlpMasker) {
+      const fields = extractDlpFields(toolName, input);
+      const allMatches = [];
+      for (const [, fieldValue] of fields) {
+        const result = dlpScanner.scan(fieldValue);
+        allMatches.push(...result.matches);
+      }
+      if (allMatches.length > 0) {
+        const action = resolveHighestAction(dlpScanner, allMatches, "input");
+        const patternNames = [...new Set(allMatches.map((m) => m.patternName))];
+        const severities = [...new Set(allMatches.map((m) => m.severity))];
+        const dlpMeta = {
+          patterns: patternNames,
+          severities,
+          direction: "input",
+          count: allMatches.length
+        };
+        if (action === "block") {
+          stats.dlpBlocked++;
+          await audit.log({
+            ...baseRecord,
+            event: "dlp_blocked",
+            decision: "denied",
+            reason: `DLP: ${patternNames.join(", ")} detected in input`,
+            metadata: dlpMeta
+          });
+          return {
+            block: true,
+            reason: `DLP blocked: sensitive data detected (${patternNames.join(", ")})`
+          };
+        }
+        if (action === "mask") {
+          stats.dlpMasked++;
+          for (const [fieldKey, fieldValue] of fields) {
+            const fieldResult = dlpScanner.scan(fieldValue);
+            if (fieldResult.hasMatches) {
+              input[fieldKey] = dlpMasker.maskText(
+                fieldValue,
+                fieldResult.matches
+              );
+            }
+          }
+          await audit.log({
+            ...baseRecord,
+            event: "dlp_masked",
+            metadata: { ...dlpMeta, strategy: dlpMasker["config"].strategy }
+          });
+        } else {
+          stats.dlpDetected++;
+          await audit.log({
+            ...baseRecord,
+            event: "dlp_detected",
+            metadata: dlpMeta
+          });
+        }
+      }
+    }
     if (toolName !== "bash" && policyEngine.requiresApproval(identity.role, toolName)) {
       if (approvalFlow) {
         stats.approvals++;
@@ -1081,6 +1631,44 @@ var piGovernance = (pi) => {
     return void 0;
   });
   pi.on("tool_result", async (event, _ctx) => {
+    if (dlpScanner && dlpMasker && event.output) {
+      const result = dlpScanner.scan(event.output);
+      if (result.hasMatches) {
+        const action = resolveHighestAction(dlpScanner, result.matches, "output");
+        const patternNames = [...new Set(result.matches.map((m) => m.patternName))];
+        const severities = [...new Set(result.matches.map((m) => m.severity))];
+        const dlpMeta = {
+          patterns: patternNames,
+          severities,
+          direction: "output",
+          count: result.matches.length
+        };
+        if (action === "mask" || action === "block") {
+          stats.dlpMasked++;
+          event.output = dlpMasker.maskText(event.output, result.matches);
+          await audit.log({
+            sessionId,
+            event: "dlp_masked",
+            userId: identity.userId,
+            role: identity.role,
+            orgUnit: identity.orgUnit,
+            tool: event.toolName,
+            metadata: { ...dlpMeta, strategy: dlpMasker["config"].strategy }
+          });
+        } else {
+          stats.dlpDetected++;
+          await audit.log({
+            sessionId,
+            event: "dlp_detected",
+            userId: identity.userId,
+            role: identity.role,
+            orgUnit: identity.orgUnit,
+            tool: event.toolName,
+            metadata: dlpMeta
+          });
+        }
+      }
+    }
     await audit.log({
       sessionId,
       event: "tool_result",
@@ -1128,6 +1716,9 @@ var piGovernance = (pi) => {
           `  Approvals: ${stats.approvals}`,
           `  Dry-run blocks: ${stats.dryRun}`,
           `  Budget exceeded: ${stats.budgetExceeded}`,
+          `  DLP blocked: ${stats.dlpBlocked}`,
+          `  DLP detected: ${stats.dlpDetected}`,
+          `  DLP masked: ${stats.dlpMasked}`,
           "",
           "Audit Events:",
           ...[...summary.entries()].map(([k, v]) => `  ${k}: ${v}`)