@grwnd/pi-governance 1.4.2 → 1.5.1

package/dist/index.cjs

@@ -187,705 +187,12 @@ var require_types = __commonJS({
   }
 });
 
-// node_modules/.pnpm/lodash.isequal@4.5.0/node_modules/lodash.isequal/index.js
-var require_lodash = __commonJS({
-  "node_modules/.pnpm/lodash.isequal@4.5.0/node_modules/lodash.isequal/index.js"(exports2, module2) {
+// node_modules/.pnpm/lodash-isequal-shim@file+packages+lodash-isequal-shim/node_modules/lodash-isequal-shim/index.cjs
+var require_lodash_isequal_shim = __commonJS({
+  "node_modules/.pnpm/lodash-isequal-shim@file+packages+lodash-isequal-shim/node_modules/lodash-isequal-shim/index.cjs"(exports2, module2) {
     "use strict";
-    var LARGE_ARRAY_SIZE = 200;
-    var HASH_UNDEFINED = "__lodash_hash_undefined__";
-    var COMPARE_PARTIAL_FLAG = 1;
-    var COMPARE_UNORDERED_FLAG = 2;
-    var MAX_SAFE_INTEGER = 9007199254740991;
-    var argsTag = "[object Arguments]";
-    var arrayTag = "[object Array]";
-    var asyncTag = "[object AsyncFunction]";
-    var boolTag = "[object Boolean]";
-    var dateTag = "[object Date]";
-    var errorTag = "[object Error]";
-    var funcTag = "[object Function]";
-    var genTag = "[object GeneratorFunction]";
-    var mapTag = "[object Map]";
-    var numberTag = "[object Number]";
-    var nullTag = "[object Null]";
-    var objectTag = "[object Object]";
-    var promiseTag = "[object Promise]";
-    var proxyTag = "[object Proxy]";
-    var regexpTag = "[object RegExp]";
-    var setTag = "[object Set]";
-    var stringTag = "[object String]";
-    var symbolTag = "[object Symbol]";
-    var undefinedTag = "[object Undefined]";
-    var weakMapTag = "[object WeakMap]";
-    var arrayBufferTag = "[object ArrayBuffer]";
-    var dataViewTag = "[object DataView]";
-    var float32Tag = "[object Float32Array]";
-    var float64Tag = "[object Float64Array]";
-    var int8Tag = "[object Int8Array]";
-    var int16Tag = "[object Int16Array]";
-    var int32Tag = "[object Int32Array]";
-    var uint8Tag = "[object Uint8Array]";
-    var uint8ClampedTag = "[object Uint8ClampedArray]";
-    var uint16Tag = "[object Uint16Array]";
-    var uint32Tag = "[object Uint32Array]";
-    var reRegExpChar = /[\\^$.*+?()[\]{}|]/g;
-    var reIsHostCtor = /^\[object .+?Constructor\]$/;
-    var reIsUint = /^(?:0|[1-9]\d*)$/;
-    var typedArrayTags = {};
-    typedArrayTags[float32Tag] = typedArrayTags[float64Tag] = typedArrayTags[int8Tag] = typedArrayTags[int16Tag] = typedArrayTags[int32Tag] = typedArrayTags[uint8Tag] = typedArrayTags[uint8ClampedTag] = typedArrayTags[uint16Tag] = typedArrayTags[uint32Tag] = true;
-    typedArrayTags[argsTag] = typedArrayTags[arrayTag] = typedArrayTags[arrayBufferTag] = typedArrayTags[boolTag] = typedArrayTags[dataViewTag] = typedArrayTags[dateTag] = typedArrayTags[errorTag] = typedArrayTags[funcTag] = typedArrayTags[mapTag] = typedArrayTags[numberTag] = typedArrayTags[objectTag] = typedArrayTags[regexpTag] = typedArrayTags[setTag] = typedArrayTags[stringTag] = typedArrayTags[weakMapTag] = false;
-    var freeGlobal = typeof global == "object" && global && global.Object === Object && global;
-    var freeSelf = typeof self == "object" && self && self.Object === Object && self;
-    var root = freeGlobal || freeSelf || Function("return this")();
-    var freeExports = typeof exports2 == "object" && exports2 && !exports2.nodeType && exports2;
-    var freeModule = freeExports && typeof module2 == "object" && module2 && !module2.nodeType && module2;
-    var moduleExports = freeModule && freeModule.exports === freeExports;
-    var freeProcess = moduleExports && freeGlobal.process;
-    var nodeUtil = (function() {
-      try {
-        return freeProcess && freeProcess.binding && freeProcess.binding("util");
-      } catch (e) {
-      }
-    })();
-    var nodeIsTypedArray = nodeUtil && nodeUtil.isTypedArray;
-    function arrayFilter(array, predicate) {
-      var index = -1, length = array == null ? 0 : array.length, resIndex = 0, result = [];
-      while (++index < length) {
-        var value = array[index];
-        if (predicate(value, index, array)) {
-          result[resIndex++] = value;
-        }
-      }
-      return result;
-    }
-    function arrayPush(array, values) {
-      var index = -1, length = values.length, offset = array.length;
-      while (++index < length) {
-        array[offset + index] = values[index];
-      }
-      return array;
-    }
-    function arraySome(array, predicate) {
-      var index = -1, length = array == null ? 0 : array.length;
-      while (++index < length) {
-        if (predicate(array[index], index, array)) {
-          return true;
-        }
-      }
-      return false;
-    }
-    function baseTimes(n, iteratee) {
-      var index = -1, result = Array(n);
-      while (++index < n) {
-        result[index] = iteratee(index);
-      }
-      return result;
-    }
-    function baseUnary(func) {
-      return function(value) {
-        return func(value);
-      };
-    }
-    function cacheHas(cache, key) {
-      return cache.has(key);
-    }
-    function getValue(object, key) {
-      return object == null ? void 0 : object[key];
-    }
-    function mapToArray(map) {
-      var index = -1, result = Array(map.size);
-      map.forEach(function(value, key) {
-        result[++index] = [key, value];
-      });
-      return result;
-    }
-    function overArg(func, transform) {
-      return function(arg) {
-        return func(transform(arg));
-      };
-    }
-    function setToArray(set) {
-      var index = -1, result = Array(set.size);
-      set.forEach(function(value) {
-        result[++index] = value;
-      });
-      return result;
-    }
-    var arrayProto = Array.prototype;
-    var funcProto = Function.prototype;
-    var objectProto = Object.prototype;
-    var coreJsData = root["__core-js_shared__"];
-    var funcToString = funcProto.toString;
-    var hasOwnProperty = objectProto.hasOwnProperty;
-    var maskSrcKey = (function() {
-      var uid = /[^.]+$/.exec(coreJsData && coreJsData.keys && coreJsData.keys.IE_PROTO || "");
-      return uid ? "Symbol(src)_1." + uid : "";
-    })();
-    var nativeObjectToString = objectProto.toString;
-    var reIsNative = RegExp(
-      "^" + funcToString.call(hasOwnProperty).replace(reRegExpChar, "\\$&").replace(/hasOwnProperty|(function).*?(?=\\\()| for .+?(?=\\\])/g, "$1.*?") + "$"
-    );
-    var Buffer2 = moduleExports ? root.Buffer : void 0;
-    var Symbol2 = root.Symbol;
-    var Uint8Array2 = root.Uint8Array;
-    var propertyIsEnumerable = objectProto.propertyIsEnumerable;
-    var splice = arrayProto.splice;
-    var symToStringTag = Symbol2 ? Symbol2.toStringTag : void 0;
-    var nativeGetSymbols = Object.getOwnPropertySymbols;
-    var nativeIsBuffer = Buffer2 ? Buffer2.isBuffer : void 0;
-    var nativeKeys = overArg(Object.keys, Object);
-    var DataView = getNative(root, "DataView");
-    var Map2 = getNative(root, "Map");
-    var Promise2 = getNative(root, "Promise");
-    var Set2 = getNative(root, "Set");
-    var WeakMap2 = getNative(root, "WeakMap");
-    var nativeCreate = getNative(Object, "create");
-    var dataViewCtorString = toSource(DataView);
-    var mapCtorString = toSource(Map2);
-    var promiseCtorString = toSource(Promise2);
-    var setCtorString = toSource(Set2);
-    var weakMapCtorString = toSource(WeakMap2);
-    var symbolProto = Symbol2 ? Symbol2.prototype : void 0;
-    var symbolValueOf = symbolProto ? symbolProto.valueOf : void 0;
-    function Hash(entries) {
-      var index = -1, length = entries == null ? 0 : entries.length;
-      this.clear();
-      while (++index < length) {
-        var entry = entries[index];
-        this.set(entry[0], entry[1]);
-      }
-    }
-    function hashClear() {
-      this.__data__ = nativeCreate ? nativeCreate(null) : {};
-      this.size = 0;
-    }
-    function hashDelete(key) {
-      var result = this.has(key) && delete this.__data__[key];
-      this.size -= result ? 1 : 0;
-      return result;
-    }
-    function hashGet(key) {
-      var data = this.__data__;
-      if (nativeCreate) {
-        var result = data[key];
-        return result === HASH_UNDEFINED ? void 0 : result;
-      }
-      return hasOwnProperty.call(data, key) ? data[key] : void 0;
-    }
-    function hashHas(key) {
-      var data = this.__data__;
-      return nativeCreate ? data[key] !== void 0 : hasOwnProperty.call(data, key);
-    }
-    function hashSet(key, value) {
-      var data = this.__data__;
-      this.size += this.has(key) ? 0 : 1;
-      data[key] = nativeCreate && value === void 0 ? HASH_UNDEFINED : value;
-      return this;
-    }
-    Hash.prototype.clear = hashClear;
-    Hash.prototype["delete"] = hashDelete;
-    Hash.prototype.get = hashGet;
-    Hash.prototype.has = hashHas;
-    Hash.prototype.set = hashSet;
-    function ListCache(entries) {
-      var index = -1, length = entries == null ? 0 : entries.length;
-      this.clear();
-      while (++index < length) {
-        var entry = entries[index];
-        this.set(entry[0], entry[1]);
-      }
-    }
-    function listCacheClear() {
-      this.__data__ = [];
-      this.size = 0;
-    }
-    function listCacheDelete(key) {
-      var data = this.__data__, index = assocIndexOf(data, key);
-      if (index < 0) {
-        return false;
-      }
-      var lastIndex = data.length - 1;
-      if (index == lastIndex) {
-        data.pop();
-      } else {
-        splice.call(data, index, 1);
-      }
-      --this.size;
-      return true;
-    }
-    function listCacheGet(key) {
-      var data = this.__data__, index = assocIndexOf(data, key);
-      return index < 0 ? void 0 : data[index][1];
-    }
-    function listCacheHas(key) {
-      return assocIndexOf(this.__data__, key) > -1;
-    }
-    function listCacheSet(key, value) {
-      var data = this.__data__, index = assocIndexOf(data, key);
-      if (index < 0) {
-        ++this.size;
-        data.push([key, value]);
-      } else {
-        data[index][1] = value;
-      }
-      return this;
-    }
-    ListCache.prototype.clear = listCacheClear;
-    ListCache.prototype["delete"] = listCacheDelete;
-    ListCache.prototype.get = listCacheGet;
-    ListCache.prototype.has = listCacheHas;
-    ListCache.prototype.set = listCacheSet;
-    function MapCache(entries) {
-      var index = -1, length = entries == null ? 0 : entries.length;
-      this.clear();
-      while (++index < length) {
-        var entry = entries[index];
-        this.set(entry[0], entry[1]);
-      }
-    }
-    function mapCacheClear() {
-      this.size = 0;
-      this.__data__ = {
-        "hash": new Hash(),
-        "map": new (Map2 || ListCache)(),
-        "string": new Hash()
-      };
-    }
-    function mapCacheDelete(key) {
-      var result = getMapData(this, key)["delete"](key);
-      this.size -= result ? 1 : 0;
-      return result;
-    }
-    function mapCacheGet(key) {
-      return getMapData(this, key).get(key);
-    }
-    function mapCacheHas(key) {
-      return getMapData(this, key).has(key);
-    }
-    function mapCacheSet(key, value) {
-      var data = getMapData(this, key), size = data.size;
-      data.set(key, value);
-      this.size += data.size == size ? 0 : 1;
-      return this;
-    }
-    MapCache.prototype.clear = mapCacheClear;
-    MapCache.prototype["delete"] = mapCacheDelete;
-    MapCache.prototype.get = mapCacheGet;
-    MapCache.prototype.has = mapCacheHas;
-    MapCache.prototype.set = mapCacheSet;
-    function SetCache(values) {
-      var index = -1, length = values == null ? 0 : values.length;
-      this.__data__ = new MapCache();
-      while (++index < length) {
-        this.add(values[index]);
-      }
-    }
-    function setCacheAdd(value) {
-      this.__data__.set(value, HASH_UNDEFINED);
-      return this;
-    }
-    function setCacheHas(value) {
-      return this.__data__.has(value);
-    }
-    SetCache.prototype.add = SetCache.prototype.push = setCacheAdd;
-    SetCache.prototype.has = setCacheHas;
-    function Stack(entries) {
-      var data = this.__data__ = new ListCache(entries);
-      this.size = data.size;
-    }
-    function stackClear() {
-      this.__data__ = new ListCache();
-      this.size = 0;
-    }
-    function stackDelete(key) {
-      var data = this.__data__, result = data["delete"](key);
-      this.size = data.size;
-      return result;
-    }
-    function stackGet(key) {
-      return this.__data__.get(key);
-    }
-    function stackHas(key) {
-      return this.__data__.has(key);
-    }
-    function stackSet(key, value) {
-      var data = this.__data__;
-      if (data instanceof ListCache) {
-        var pairs = data.__data__;
-        if (!Map2 || pairs.length < LARGE_ARRAY_SIZE - 1) {
-          pairs.push([key, value]);
-          this.size = ++data.size;
-          return this;
-        }
-        data = this.__data__ = new MapCache(pairs);
-      }
-      data.set(key, value);
-      this.size = data.size;
-      return this;
-    }
-    Stack.prototype.clear = stackClear;
-    Stack.prototype["delete"] = stackDelete;
-    Stack.prototype.get = stackGet;
-    Stack.prototype.has = stackHas;
-    Stack.prototype.set = stackSet;
-    function arrayLikeKeys(value, inherited) {
-      var isArr = isArray(value), isArg = !isArr && isArguments(value), isBuff = !isArr && !isArg && isBuffer(value), isType = !isArr && !isArg && !isBuff && isTypedArray(value), skipIndexes = isArr || isArg || isBuff || isType, result = skipIndexes ? baseTimes(value.length, String) : [], length = result.length;
-      for (var key in value) {
-        if ((inherited || hasOwnProperty.call(value, key)) && !(skipIndexes && // Safari 9 has enumerable `arguments.length` in strict mode.
-        (key == "length" || // Node.js 0.10 has enumerable non-index properties on buffers.
-        isBuff && (key == "offset" || key == "parent") || // PhantomJS 2 has enumerable non-index properties on typed arrays.
-        isType && (key == "buffer" || key == "byteLength" || key == "byteOffset") || // Skip index properties.
-        isIndex(key, length)))) {
-          result.push(key);
-        }
-      }
-      return result;
-    }
-    function assocIndexOf(array, key) {
-      var length = array.length;
-      while (length--) {
-        if (eq(array[length][0], key)) {
-          return length;
-        }
-      }
-      return -1;
-    }
-    function baseGetAllKeys(object, keysFunc, symbolsFunc) {
-      var result = keysFunc(object);
-      return isArray(object) ? result : arrayPush(result, symbolsFunc(object));
-    }
-    function baseGetTag(value) {
-      if (value == null) {
-        return value === void 0 ? undefinedTag : nullTag;
-      }
-      return symToStringTag && symToStringTag in Object(value) ? getRawTag(value) : objectToString(value);
-    }
-    function baseIsArguments(value) {
-      return isObjectLike(value) && baseGetTag(value) == argsTag;
-    }
-    function baseIsEqual(value, other, bitmask, customizer, stack) {
-      if (value === other) {
-        return true;
-      }
-      if (value == null || other == null || !isObjectLike(value) && !isObjectLike(other)) {
-        return value !== value && other !== other;
-      }
-      return baseIsEqualDeep(value, other, bitmask, customizer, baseIsEqual, stack);
-    }
-    function baseIsEqualDeep(object, other, bitmask, customizer, equalFunc, stack) {
-      var objIsArr = isArray(object), othIsArr = isArray(other), objTag = objIsArr ? arrayTag : getTag(object), othTag = othIsArr ? arrayTag : getTag(other);
-      objTag = objTag == argsTag ? objectTag : objTag;
-      othTag = othTag == argsTag ? objectTag : othTag;
-      var objIsObj = objTag == objectTag, othIsObj = othTag == objectTag, isSameTag = objTag == othTag;
-      if (isSameTag && isBuffer(object)) {
-        if (!isBuffer(other)) {
-          return false;
-        }
-        objIsArr = true;
-        objIsObj = false;
-      }
-      if (isSameTag && !objIsObj) {
-        stack || (stack = new Stack());
-        return objIsArr || isTypedArray(object) ? equalArrays(object, other, bitmask, customizer, equalFunc, stack) : equalByTag(object, other, objTag, bitmask, customizer, equalFunc, stack);
-      }
-      if (!(bitmask & COMPARE_PARTIAL_FLAG)) {
-        var objIsWrapped = objIsObj && hasOwnProperty.call(object, "__wrapped__"), othIsWrapped = othIsObj && hasOwnProperty.call(other, "__wrapped__");
-        if (objIsWrapped || othIsWrapped) {
-          var objUnwrapped = objIsWrapped ? object.value() : object, othUnwrapped = othIsWrapped ? other.value() : other;
-          stack || (stack = new Stack());
-          return equalFunc(objUnwrapped, othUnwrapped, bitmask, customizer, stack);
-        }
-      }
-      if (!isSameTag) {
-        return false;
-      }
-      stack || (stack = new Stack());
-      return equalObjects(object, other, bitmask, customizer, equalFunc, stack);
-    }
-    function baseIsNative(value) {
-      if (!isObject(value) || isMasked(value)) {
-        return false;
-      }
-      var pattern = isFunction(value) ? reIsNative : reIsHostCtor;
-      return pattern.test(toSource(value));
-    }
-    function baseIsTypedArray(value) {
-      return isObjectLike(value) && isLength(value.length) && !!typedArrayTags[baseGetTag(value)];
-    }
-    function baseKeys(object) {
-      if (!isPrototype(object)) {
-        return nativeKeys(object);
-      }
-      var result = [];
-      for (var key in Object(object)) {
-        if (hasOwnProperty.call(object, key) && key != "constructor") {
-          result.push(key);
-        }
-      }
-      return result;
-    }
-    function equalArrays(array, other, bitmask, customizer, equalFunc, stack) {
-      var isPartial = bitmask & COMPARE_PARTIAL_FLAG, arrLength = array.length, othLength = other.length;
-      if (arrLength != othLength && !(isPartial && othLength > arrLength)) {
-        return false;
-      }
-      var stacked = stack.get(array);
-      if (stacked && stack.get(other)) {
-        return stacked == other;
-      }
-      var index = -1, result = true, seen = bitmask & COMPARE_UNORDERED_FLAG ? new SetCache() : void 0;
-      stack.set(array, other);
-      stack.set(other, array);
-      while (++index < arrLength) {
-        var arrValue = array[index], othValue = other[index];
-        if (customizer) {
-          var compared = isPartial ? customizer(othValue, arrValue, index, other, array, stack) : customizer(arrValue, othValue, index, array, other, stack);
-        }
-        if (compared !== void 0) {
-          if (compared) {
-            continue;
-          }
-          result = false;
-          break;
-        }
-        if (seen) {
-          if (!arraySome(other, function(othValue2, othIndex) {
-            if (!cacheHas(seen, othIndex) && (arrValue === othValue2 || equalFunc(arrValue, othValue2, bitmask, customizer, stack))) {
-              return seen.push(othIndex);
-            }
-          })) {
-            result = false;
-            break;
-          }
-        } else if (!(arrValue === othValue || equalFunc(arrValue, othValue, bitmask, customizer, stack))) {
-          result = false;
-          break;
-        }
-      }
-      stack["delete"](array);
-      stack["delete"](other);
-      return result;
-    }
-    function equalByTag(object, other, tag, bitmask, customizer, equalFunc, stack) {
-      switch (tag) {
-        case dataViewTag:
-          if (object.byteLength != other.byteLength || object.byteOffset != other.byteOffset) {
-            return false;
-          }
-          object = object.buffer;
-          other = other.buffer;
-        case arrayBufferTag:
-          if (object.byteLength != other.byteLength || !equalFunc(new Uint8Array2(object), new Uint8Array2(other))) {
-            return false;
-          }
-          return true;
-        case boolTag:
-        case dateTag:
-        case numberTag:
-          return eq(+object, +other);
-        case errorTag:
-          return object.name == other.name && object.message == other.message;
-        case regexpTag:
-        case stringTag:
-          return object == other + "";
-        case mapTag:
-          var convert = mapToArray;
-        case setTag:
-          var isPartial = bitmask & COMPARE_PARTIAL_FLAG;
-          convert || (convert = setToArray);
-          if (object.size != other.size && !isPartial) {
-            return false;
-          }
-          var stacked = stack.get(object);
-          if (stacked) {
-            return stacked == other;
-          }
-          bitmask |= COMPARE_UNORDERED_FLAG;
-          stack.set(object, other);
-          var result = equalArrays(convert(object), convert(other), bitmask, customizer, equalFunc, stack);
-          stack["delete"](object);
-          return result;
-        case symbolTag:
-          if (symbolValueOf) {
-            return symbolValueOf.call(object) == symbolValueOf.call(other);
-          }
-      }
-      return false;
-    }
-    function equalObjects(object, other, bitmask, customizer, equalFunc, stack) {
-      var isPartial = bitmask & COMPARE_PARTIAL_FLAG, objProps = getAllKeys(object), objLength = objProps.length, othProps = getAllKeys(other), othLength = othProps.length;
-      if (objLength != othLength && !isPartial) {
-        return false;
-      }
-      var index = objLength;
-      while (index--) {
-        var key = objProps[index];
-        if (!(isPartial ? key in other : hasOwnProperty.call(other, key))) {
-          return false;
-        }
-      }
-      var stacked = stack.get(object);
-      if (stacked && stack.get(other)) {
-        return stacked == other;
-      }
-      var result = true;
-      stack.set(object, other);
-      stack.set(other, object);
-      var skipCtor = isPartial;
-      while (++index < objLength) {
-        key = objProps[index];
-        var objValue = object[key], othValue = other[key];
-        if (customizer) {
-          var compared = isPartial ? customizer(othValue, objValue, key, other, object, stack) : customizer(objValue, othValue, key, object, other, stack);
-        }
-        if (!(compared === void 0 ? objValue === othValue || equalFunc(objValue, othValue, bitmask, customizer, stack) : compared)) {
-          result = false;
-          break;
-        }
-        skipCtor || (skipCtor = key == "constructor");
-      }
-      if (result && !skipCtor) {
-        var objCtor = object.constructor, othCtor = other.constructor;
-        if (objCtor != othCtor && ("constructor" in object && "constructor" in other) && !(typeof objCtor == "function" && objCtor instanceof objCtor && typeof othCtor == "function" && othCtor instanceof othCtor)) {
-          result = false;
-        }
-      }
-      stack["delete"](object);
-      stack["delete"](other);
-      return result;
-    }
-    function getAllKeys(object) {
-      return baseGetAllKeys(object, keys, getSymbols);
-    }
-    function getMapData(map, key) {
-      var data = map.__data__;
-      return isKeyable(key) ? data[typeof key == "string" ? "string" : "hash"] : data.map;
-    }
-    function getNative(object, key) {
-      var value = getValue(object, key);
-      return baseIsNative(value) ? value : void 0;
-    }
-    function getRawTag(value) {
-      var isOwn = hasOwnProperty.call(value, symToStringTag), tag = value[symToStringTag];
-      try {
-        value[symToStringTag] = void 0;
-        var unmasked = true;
-      } catch (e) {
-      }
-      var result = nativeObjectToString.call(value);
-      if (unmasked) {
-        if (isOwn) {
-          value[symToStringTag] = tag;
-        } else {
-          delete value[symToStringTag];
-        }
-      }
-      return result;
-    }
-    var getSymbols = !nativeGetSymbols ? stubArray : function(object) {
-      if (object == null) {
-        return [];
-      }
-      object = Object(object);
-      return arrayFilter(nativeGetSymbols(object), function(symbol) {
-        return propertyIsEnumerable.call(object, symbol);
-      });
-    };
-    var getTag = baseGetTag;
-    if (DataView && getTag(new DataView(new ArrayBuffer(1))) != dataViewTag || Map2 && getTag(new Map2()) != mapTag || Promise2 && getTag(Promise2.resolve()) != promiseTag || Set2 && getTag(new Set2()) != setTag || WeakMap2 && getTag(new WeakMap2()) != weakMapTag) {
-      getTag = function(value) {
-        var result = baseGetTag(value), Ctor = result == objectTag ? value.constructor : void 0, ctorString = Ctor ? toSource(Ctor) : "";
-        if (ctorString) {
-          switch (ctorString) {
-            case dataViewCtorString:
-              return dataViewTag;
-            case mapCtorString:
-              return mapTag;
-            case promiseCtorString:
-              return promiseTag;
-            case setCtorString:
-              return setTag;
-            case weakMapCtorString:
-              return weakMapTag;
-          }
-        }
-        return result;
-      };
-    }
-    function isIndex(value, length) {
-      length = length == null ? MAX_SAFE_INTEGER : length;
-      return !!length && (typeof value == "number" || reIsUint.test(value)) && (value > -1 && value % 1 == 0 && value < length);
-    }
-    function isKeyable(value) {
-      var type = typeof value;
-      return type == "string" || type == "number" || type == "symbol" || type == "boolean" ? value !== "__proto__" : value === null;
-    }
-    function isMasked(func) {
-      return !!maskSrcKey && maskSrcKey in func;
-    }
-    function isPrototype(value) {
-      var Ctor = value && value.constructor, proto = typeof Ctor == "function" && Ctor.prototype || objectProto;
-      return value === proto;
-    }
-    function objectToString(value) {
-      return nativeObjectToString.call(value);
-    }
-    function toSource(func) {
-      if (func != null) {
-        try {
-          return funcToString.call(func);
-        } catch (e) {
-        }
-        try {
-          return func + "";
-        } catch (e) {
-        }
-      }
-      return "";
-    }
-    function eq(value, other) {
-      return value === other || value !== value && other !== other;
-    }
-    var isArguments = baseIsArguments(/* @__PURE__ */ (function() {
-      return arguments;
-    })()) ? baseIsArguments : function(value) {
-      return isObjectLike(value) && hasOwnProperty.call(value, "callee") && !propertyIsEnumerable.call(value, "callee");
-    };
-    var isArray = Array.isArray;
-    function isArrayLike(value) {
-      return value != null && isLength(value.length) && !isFunction(value);
-    }
-    var isBuffer = nativeIsBuffer || stubFalse;
-    function isEqual(value, other) {
-      return baseIsEqual(value, other);
-    }
-    function isFunction(value) {
-      if (!isObject(value)) {
-        return false;
-      }
-      var tag = baseGetTag(value);
-      return tag == funcTag || tag == genTag || tag == asyncTag || tag == proxyTag;
-    }
-    function isLength(value) {
-      return typeof value == "number" && value > -1 && value % 1 == 0 && value <= MAX_SAFE_INTEGER;
-    }
-    function isObject(value) {
-      var type = typeof value;
-      return value != null && (type == "object" || type == "function");
-    }
-    function isObjectLike(value) {
-      return value != null && typeof value == "object";
-    }
-    var isTypedArray = nodeIsTypedArray ? baseUnary(nodeIsTypedArray) : baseIsTypedArray;
-    function keys(object) {
-      return isArrayLike(object) ? arrayLikeKeys(object) : baseKeys(object);
-    }
-    function stubArray() {
-      return [];
-    }
-    function stubFalse() {
-      return false;
-    }
-    module2.exports = isEqual;
+    var { isDeepStrictEqual } = require("util");
+    module2.exports = isDeepStrictEqual;
   }
 });
 
@@ -901,7 +208,7 @@ var require_helpers = __commonJS({
     var fs_1 = require("fs");
     var errors_1 = require_errors();
     var types_1 = require_types();
-    var isEqual = require_lodash();
+    var isEqual = require_lodash_isequal_shim();
     function ancestors(cls) {
       if (!isConstructor(cls))
         return [];
@@ -1526,18 +833,18 @@ var require_Query = __commonJS({
           if (receiver === null || receiver === void 0)
             throw new (args ? errors_1.InvalidCallError : errors_1.InvalidAttributeError)(receiver, attr);
           const rel = (_b = (_a = __classPrivateFieldGet(this, _Query_host, "f").getType(receiver.constructor)) === null || _a === void 0 ? void 0 : _a.fields) === null || _b === void 0 ? void 0 : _b.get(attr);
-          const self2 = receiver;
+          const self = receiver;
           if (rel instanceof filter_1.Relation)
-            value = await this.handleRelation(self2, rel);
+            value = await this.handleRelation(self, rel);
           else if (args) {
-            if (typeof self2[attr] !== "function")
+            if (typeof self[attr] !== "function")
               throw new errors_1.InvalidCallError(receiver, attr);
             const jsArgs = await Promise.all(args.map((a) => __classPrivateFieldGet(this, _Query_host, "f").toJs(a)));
-            value = self2[attr](...jsArgs);
-          } else if (!(attr in self2))
+            value = self[attr](...jsArgs);
+          } else if (!(attr in self))
             throw new errors_1.InvalidAttributeError(receiver, attr);
           else
-            value = self2[attr];
+            value = self[attr];
         } catch (e) {
           if (e instanceof TypeError || e instanceof errors_1.InvalidCallError || e instanceof errors_1.InvalidAttributeError) {
             this.applicationError(e.message);
@@ -3759,6 +3066,10 @@ __export(index_exports, {
   ConfigValidationError: () => ConfigValidationError,
   ConfigWatcher: () => ConfigWatcher,
   DANGEROUS_PATTERNS: () => DANGEROUS_PATTERNS,
+  DLP_PII_PATTERNS: () => PII_PATTERNS,
+  DLP_SECRET_PATTERNS: () => SECRET_PATTERNS,
+  DlpMasker: () => DlpMasker,
+  DlpScanner: () => DlpScanner,
   EnvIdentityProvider: () => EnvIdentityProvider,
   IdentityChain: () => IdentityChain,
   JsonlAuditSink: () => JsonlAuditSink,
@@ -3770,6 +3081,7 @@ __export(index_exports, {
   WebhookAuditSink: () => WebhookAuditSink,
   YamlFactStore: () => YamlFactStore,
   YamlPolicyEngine: () => YamlPolicyEngine,
+  compareSeverity: () => compareSeverity,
   createApprovalFlow: () => createApprovalFlow,
   createIdentityChain: () => createIdentityChain,
   createPolicyEngine: () => createPolicyEngine,
@@ -3856,12 +3168,78 @@ var OrgUnitOverride = import_typebox.Type.Object({
     })
   )
 });
+var DlpMaskingConfig = import_typebox.Type.Object({
+  strategy: import_typebox.Type.Union([import_typebox.Type.Literal("partial"), import_typebox.Type.Literal("full"), import_typebox.Type.Literal("hash")], {
+    default: "partial"
+  }),
+  show_chars: import_typebox.Type.Optional(import_typebox.Type.Number({ default: 4, minimum: 0 })),
+  placeholder: import_typebox.Type.Optional(import_typebox.Type.String({ default: "***" }))
+});
+var DlpCustomPatternConfig = import_typebox.Type.Object({
+  name: import_typebox.Type.String(),
+  pattern: import_typebox.Type.String(),
+  severity: import_typebox.Type.Union([
+    import_typebox.Type.Literal("low"),
+    import_typebox.Type.Literal("medium"),
+    import_typebox.Type.Literal("high"),
+    import_typebox.Type.Literal("critical")
+  ]),
+  action: import_typebox.Type.Optional(
+    import_typebox.Type.Union([import_typebox.Type.Literal("audit"), import_typebox.Type.Literal("mask"), import_typebox.Type.Literal("block")])
+  )
+});
+var DlpAllowlistEntryConfig = import_typebox.Type.Object({
+  pattern: import_typebox.Type.String()
+});
+var DlpRoleOverrideConfig = import_typebox.Type.Object({
+  enabled: import_typebox.Type.Optional(import_typebox.Type.Boolean()),
+  mode: import_typebox.Type.Optional(
+    import_typebox.Type.Union([import_typebox.Type.Literal("audit"), import_typebox.Type.Literal("mask"), import_typebox.Type.Literal("block")])
+  ),
+  on_input: import_typebox.Type.Optional(
+    import_typebox.Type.Union([import_typebox.Type.Literal("audit"), import_typebox.Type.Literal("mask"), import_typebox.Type.Literal("block")])
+  ),
+  on_output: import_typebox.Type.Optional(
+    import_typebox.Type.Union([import_typebox.Type.Literal("audit"), import_typebox.Type.Literal("mask"), import_typebox.Type.Literal("block")])
+  )
+});
+var DlpConfig = import_typebox.Type.Object({
+  enabled: import_typebox.Type.Boolean({ default: false }),
+  mode: import_typebox.Type.Optional(
+    import_typebox.Type.Union([import_typebox.Type.Literal("audit"), import_typebox.Type.Literal("mask"), import_typebox.Type.Literal("block")], {
+      default: "audit"
+    })
+  ),
+  on_input: import_typebox.Type.Optional(
+    import_typebox.Type.Union([import_typebox.Type.Literal("audit"), import_typebox.Type.Literal("mask"), import_typebox.Type.Literal("block")])
+  ),
+  on_output: import_typebox.Type.Optional(
+    import_typebox.Type.Union([import_typebox.Type.Literal("audit"), import_typebox.Type.Literal("mask"), import_typebox.Type.Literal("block")])
+  ),
+  masking: import_typebox.Type.Optional(DlpMaskingConfig),
+  severity_threshold: import_typebox.Type.Optional(
+    import_typebox.Type.Union(
+      [import_typebox.Type.Literal("low"), import_typebox.Type.Literal("medium"), import_typebox.Type.Literal("high"), import_typebox.Type.Literal("critical")],
+      { default: "low" }
+    )
+  ),
+  built_in: import_typebox.Type.Optional(
+    import_typebox.Type.Object({
+      secrets: import_typebox.Type.Boolean({ default: true }),
+      pii: import_typebox.Type.Boolean({ default: true })
+    })
+  ),
+  custom_patterns: import_typebox.Type.Optional(import_typebox.Type.Array(DlpCustomPatternConfig)),
+  allowlist: import_typebox.Type.Optional(import_typebox.Type.Array(DlpAllowlistEntryConfig)),
+  role_overrides: import_typebox.Type.Optional(import_typebox.Type.Record(import_typebox.Type.String(), DlpRoleOverrideConfig))
+});
 var GovernanceConfigSchema = import_typebox.Type.Object({
   auth: import_typebox.Type.Optional(AuthConfig),
   policy: import_typebox.Type.Optional(PolicyConfig),
   templates: import_typebox.Type.Optional(TemplatesConfig),
   hitl: import_typebox.Type.Optional(HitlConfig),
   audit: import_typebox.Type.Optional(AuditConfig),
+  dlp: import_typebox.Type.Optional(DlpConfig),
   org_units: import_typebox.Type.Optional(import_typebox.Type.Record(import_typebox.Type.String(), OrgUnitOverride))
 });
 
@@ -3892,6 +3270,9 @@ var DEFAULTS = {
   },
   audit: {
     sinks: [{ type: "jsonl", path: "~/.pi/agent/audit.jsonl" }]
+  },
+  dlp: {
+    enabled: false
   }
 };
 
@@ -4363,6 +3744,300 @@ var BashClassifier = class {
   }
 };
 
+// src/lib/dlp/patterns.ts
+var SECRET_PATTERNS = [
+  // AWS
+  {
+    name: "aws_access_key",
+    pattern: /\b(AKIA[0-9A-Z]{16})\b/g,
+    severity: "critical",
+    category: "secret"
+  },
+  {
+    name: "aws_secret_key",
+    pattern: /\b([A-Za-z0-9/+=]{40})(?=\s|$|"|')/g,
+    severity: "critical",
+    category: "secret"
+  },
+  // GitHub
+  {
+    name: "github_pat",
+    pattern: /\b(ghp_[A-Za-z0-9]{36,})\b/g,
+    severity: "critical",
+    category: "secret"
+  },
+  {
+    name: "github_oauth",
+    pattern: /\b(gho_[A-Za-z0-9]{36,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  {
+    name: "github_app_token",
+    pattern: /\b(ghu_[A-Za-z0-9]{36,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  // Anthropic
+  {
+    name: "anthropic_api_key",
+    pattern: /\b(sk-ant-api03-[A-Za-z0-9_-]{90,})\b/g,
+    severity: "critical",
+    category: "secret"
+  },
+  // OpenAI
+  {
+    name: "openai_api_key",
+    pattern: /\b(sk-[A-Za-z0-9]{20,}T3BlbkFJ[A-Za-z0-9]{20,})\b/g,
+    severity: "critical",
+    category: "secret"
+  },
+  // JWT
+  {
+    name: "jwt_token",
+    pattern: /\b(eyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  // Private key headers
+  {
+    name: "private_key",
+    pattern: /-----BEGIN\s+(RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/g,
+    severity: "critical",
+    category: "secret"
+  },
+  // Database connection strings
+  {
+    name: "database_url",
+    pattern: /\b((?:postgres|mysql|mongodb|redis):\/\/[^\s'"]{10,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  // Slack
+  {
+    name: "slack_token",
+    pattern: /\b(xox[bpras]-[A-Za-z0-9-]{10,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  // Stripe
+  {
+    name: "stripe_key",
+    pattern: /\b([rs]k_(?:live|test)_[A-Za-z0-9]{20,})\b/g,
+    severity: "critical",
+    category: "secret"
+  },
+  // npm
+  {
+    name: "npm_token",
+    pattern: /\b(npm_[A-Za-z0-9]{36,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  // SendGrid
+  {
+    name: "sendgrid_key",
+    pattern: /\b(SG\.[A-Za-z0-9_-]{22,}\.[A-Za-z0-9_-]{22,})\b/g,
+    severity: "high",
+    category: "secret"
+  },
+  // Generic API key patterns (env-var style assignments)
+  {
+    name: "generic_api_key",
+    pattern: /\b(?:API_KEY|API_SECRET|ACCESS_TOKEN|AUTH_TOKEN|SECRET_KEY)\s*[=:]\s*['"]?([A-Za-z0-9_-]{16,})['"]?/gi,
+    severity: "medium",
+    category: "secret"
+  },
+  // High-entropy string near keyword context
+  {
+    name: "generic_secret_assignment",
+    pattern: /\b(?:password|passwd|secret|token|credential)\s*[=:]\s*['"]([^'"]{8,})['"]?/gi,
+    severity: "medium",
+    category: "secret"
+  }
+];
+var PII_PATTERNS = [
+  // SSN (US)
+  {
+    name: "ssn",
+    pattern: /\b(\d{3}-\d{2}-\d{4})\b/g,
+    severity: "critical",
+    category: "pii"
+  },
+  // Credit card numbers
+  {
+    name: "credit_card",
+    pattern: /\b(4\d{3}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}|5[1-5]\d{2}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}|3[47]\d{2}[\s-]?\d{6}[\s-]?\d{5}|6(?:011|5\d{2})[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4})\b/g,
+    severity: "critical",
+    category: "pii"
+  },
+  // Email address
+  {
+    name: "email",
+    pattern: /\b([A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,})\b/g,
+    severity: "low",
+    category: "pii"
+  },
+  // US phone number
+  {
+    name: "phone_us",
+    pattern: /\b(\+?1?[-.\s]?\(?\d{3}\)?[-.\s]?\d{3}[-.\s]?\d{4})\b/g,
+    severity: "medium",
+    category: "pii"
+  },
+  // IPv4 address
+  {
+    name: "ipv4",
+    pattern: /\b((?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.(?:25[0-5]|2[0-4]\d|[01]?\d\d?))\b/g,
+    severity: "low",
+    category: "pii"
+  }
+];
+
+// src/lib/dlp/scanner.ts
+var SEVERITY_ORDER = {
+  low: 0,
+  medium: 1,
+  high: 2,
+  critical: 3
+};
+var DlpScanner = class {
+  patterns;
+  allowlistRegexps;
+  severityThreshold;
+  config;
+  constructor(config) {
+    this.config = config;
+    this.severityThreshold = SEVERITY_ORDER[config.severity_threshold];
+    this.patterns = [];
+    this.allowlistRegexps = [];
+    if (config.built_in.secrets) {
+      for (const def of SECRET_PATTERNS) {
+        this.patterns.push({ def });
+      }
+    }
+    if (config.built_in.pii) {
+      for (const def of PII_PATTERNS) {
+        this.patterns.push({ def });
+      }
+    }
+    for (const cp of config.custom_patterns) {
+      const def = {
+        name: cp.name,
+        pattern: new RegExp(cp.pattern, "g"),
+        severity: cp.severity,
+        category: "custom"
+      };
+      this.patterns.push({ def, action: cp.action });
+    }
+    for (const compiled of this.patterns) {
+      const override = config.pattern_overrides.get(compiled.def.name);
+      if (override) {
+        compiled.action = override;
+      }
+    }
+    for (const entry of config.allowlist) {
+      this.allowlistRegexps.push(new RegExp(entry.pattern));
+    }
+  }
+  scan(text) {
+    if (!this.config.enabled || text.length === 0) {
+      return { hasMatches: false, matches: [] };
+    }
+    const matches = [];
+    for (const compiled of this.patterns) {
+      if (SEVERITY_ORDER[compiled.def.severity] < this.severityThreshold) {
+        continue;
+      }
+      const regex = new RegExp(compiled.def.pattern.source, compiled.def.pattern.flags);
+      let match;
+      while ((match = regex.exec(text)) !== null) {
+        const matched = match[1] ?? match[0];
+        const start = match[1] ? match.index + match[0].indexOf(match[1]) : match.index;
+        const end = start + matched.length;
+        if (this.isAllowlisted(matched)) {
+          continue;
+        }
+        matches.push({
+          patternName: compiled.def.name,
+          category: compiled.def.category,
+          severity: compiled.def.severity,
+          start,
+          end,
+          matched
+        });
+      }
+    }
+    return { hasMatches: matches.length > 0, matches };
+  }
+  getAction(direction) {
+    if (direction === "input" && this.config.on_input) {
+      return this.config.on_input;
+    }
+    if (direction === "output" && this.config.on_output) {
+      return this.config.on_output;
+    }
+    return this.config.mode;
+  }
+  getPatternAction(match, direction) {
+    const compiled = this.patterns.find((p) => p.def.name === match.patternName);
+    if (compiled?.action) {
+      return compiled.action;
+    }
+    return this.getAction(direction);
+  }
+  isAllowlisted(value) {
+    for (const re of this.allowlistRegexps) {
+      if (re.test(value)) return true;
+    }
+    return false;
+  }
+};
+function compareSeverity(a, b) {
+  return SEVERITY_ORDER[a] - SEVERITY_ORDER[b];
+}
+
+// src/lib/dlp/masker.ts
+var import_node_crypto = require("crypto");
+var DEFAULT_CONFIG = {
+  strategy: "partial",
+  show_chars: 4,
+  placeholder: "***"
+};
+var DlpMasker = class {
+  config;
+  constructor(config) {
+    this.config = { ...DEFAULT_CONFIG, ...config };
+  }
+  maskValue(value) {
+    switch (this.config.strategy) {
+      case "full":
+        return this.config.placeholder;
+      case "hash": {
+        const hash = (0, import_node_crypto.createHash)("sha256").update(value).digest("hex").slice(0, 8);
+        return `[REDACTED:${hash}]`;
+      }
+      case "partial":
+      default: {
+        if (value.length <= this.config.show_chars) {
+          return this.config.placeholder;
+        }
+        return this.config.placeholder + value.slice(-this.config.show_chars);
+      }
+    }
+  }
+  maskText(text, matches) {
+    if (matches.length === 0) return text;
+    const sorted = [...matches].sort((a, b) => b.start - a.start);
+    let result = text;
+    for (const match of sorted) {
+      const masked = this.maskValue(match.matched);
+      result = result.slice(0, match.start) + masked + result.slice(match.end);
+    }
+    return result;
+  }
+};
+
 // src/lib/budget/tracker.ts
 var BudgetTracker = class {
   _used = 0;
@@ -4488,7 +4163,7 @@ function render(templateContent, variables) {
 }
 
 // src/lib/audit/logger.ts
-var import_node_crypto = require("crypto");
+var import_node_crypto2 = require("crypto");
 
 // src/lib/audit/sinks/jsonl.ts
 var import_promises = require("fs/promises");
@@ -4585,7 +4260,7 @@ var AuditLogger = class {
   async log(record) {
     const full = {
       ...record,
-      id: (0, import_node_crypto.randomUUID)(),
+      id: (0, import_node_crypto2.randomUUID)(),
       timestamp: (/* @__PURE__ */ new Date()).toISOString()
     };
     this.counts.set(full.event, (this.counts.get(full.event) ?? 0) + 1);
@@ -4709,6 +4384,10 @@ function createApprovalFlow(config, ui) {
   ConfigValidationError,
   ConfigWatcher,
   DANGEROUS_PATTERNS,
+  DLP_PII_PATTERNS,
+  DLP_SECRET_PATTERNS,
+  DlpMasker,
+  DlpScanner,
   EnvIdentityProvider,
   IdentityChain,
   JsonlAuditSink,
@@ -4720,6 +4399,7 @@ function createApprovalFlow(config, ui) {
   WebhookAuditSink,
   YamlFactStore,
   YamlPolicyEngine,
+  compareSeverity,
   createApprovalFlow,
   createIdentityChain,
   createPolicyEngine,