@grwnd/pi-governance 1.4.2 → 1.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +75 -9
- package/dist/extensions/index.cjs +592 -3
- package/dist/extensions/index.cjs.map +1 -1
- package/dist/extensions/index.js +594 -3
- package/dist/extensions/index.js.map +1 -1
- package/dist/index.cjs +387 -707
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +105 -2
- package/dist/index.d.ts +105 -2
- package/dist/index.js +380 -705
- package/dist/index.js.map +1 -1
- package/package.json +6 -1
package/dist/index.d.cts
CHANGED
|
@@ -58,6 +58,37 @@ declare const GovernanceConfigSchema: _sinclair_typebox.TObject<{
|
|
|
58
58
|
connection: _sinclair_typebox.TString;
|
|
59
59
|
}>]>>;
|
|
60
60
|
}>>;
|
|
61
|
+
dlp: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
|
|
62
|
+
enabled: _sinclair_typebox.TBoolean;
|
|
63
|
+
mode: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
|
|
64
|
+
on_input: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
|
|
65
|
+
on_output: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
|
|
66
|
+
masking: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
|
|
67
|
+
strategy: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"partial">, _sinclair_typebox.TLiteral<"full">, _sinclair_typebox.TLiteral<"hash">]>;
|
|
68
|
+
show_chars: _sinclair_typebox.TOptional<_sinclair_typebox.TNumber>;
|
|
69
|
+
placeholder: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
70
|
+
}>>;
|
|
71
|
+
severity_threshold: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"low">, _sinclair_typebox.TLiteral<"medium">, _sinclair_typebox.TLiteral<"high">, _sinclair_typebox.TLiteral<"critical">]>>;
|
|
72
|
+
built_in: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
|
|
73
|
+
secrets: _sinclair_typebox.TBoolean;
|
|
74
|
+
pii: _sinclair_typebox.TBoolean;
|
|
75
|
+
}>>;
|
|
76
|
+
custom_patterns: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TObject<{
|
|
77
|
+
name: _sinclair_typebox.TString;
|
|
78
|
+
pattern: _sinclair_typebox.TString;
|
|
79
|
+
severity: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"low">, _sinclair_typebox.TLiteral<"medium">, _sinclair_typebox.TLiteral<"high">, _sinclair_typebox.TLiteral<"critical">]>;
|
|
80
|
+
action: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
|
|
81
|
+
}>>>;
|
|
82
|
+
allowlist: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TObject<{
|
|
83
|
+
pattern: _sinclair_typebox.TString;
|
|
84
|
+
}>>>;
|
|
85
|
+
role_overrides: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TObject<{
|
|
86
|
+
enabled: _sinclair_typebox.TOptional<_sinclair_typebox.TBoolean>;
|
|
87
|
+
mode: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
|
|
88
|
+
on_input: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
|
|
89
|
+
on_output: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
|
|
90
|
+
}>>>;
|
|
91
|
+
}>>;
|
|
61
92
|
org_units: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TObject<{
|
|
62
93
|
hitl: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
|
|
63
94
|
default_mode: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"autonomous">, _sinclair_typebox.TLiteral<"supervised">, _sinclair_typebox.TLiteral<"dry_run">]>>;
|
|
@@ -237,6 +268,78 @@ declare class BashClassifier {
|
|
|
237
268
|
declare const SAFE_PATTERNS: RegExp[];
|
|
238
269
|
declare const DANGEROUS_PATTERNS: RegExp[];
|
|
239
270
|
|
|
271
|
+
type DlpSeverity = 'low' | 'medium' | 'high' | 'critical';
|
|
272
|
+
type DlpCategory = 'secret' | 'pii' | 'custom';
|
|
273
|
+
interface DlpPatternDef {
|
|
274
|
+
name: string;
|
|
275
|
+
pattern: RegExp;
|
|
276
|
+
severity: DlpSeverity;
|
|
277
|
+
category: DlpCategory;
|
|
278
|
+
}
|
|
279
|
+
declare const SECRET_PATTERNS: DlpPatternDef[];
|
|
280
|
+
declare const PII_PATTERNS: DlpPatternDef[];
|
|
281
|
+
|
|
282
|
+
type DlpAction = 'audit' | 'mask' | 'block';
|
|
283
|
+
interface DlpMatch {
|
|
284
|
+
patternName: string;
|
|
285
|
+
category: DlpCategory;
|
|
286
|
+
severity: DlpSeverity;
|
|
287
|
+
start: number;
|
|
288
|
+
end: number;
|
|
289
|
+
matched: string;
|
|
290
|
+
}
|
|
291
|
+
interface DlpScanResult {
|
|
292
|
+
hasMatches: boolean;
|
|
293
|
+
matches: DlpMatch[];
|
|
294
|
+
}
|
|
295
|
+
interface DlpCustomPattern {
|
|
296
|
+
name: string;
|
|
297
|
+
pattern: string;
|
|
298
|
+
severity: DlpSeverity;
|
|
299
|
+
action?: DlpAction;
|
|
300
|
+
}
|
|
301
|
+
interface DlpAllowlistEntry {
|
|
302
|
+
pattern: string;
|
|
303
|
+
}
|
|
304
|
+
interface DlpScannerConfig {
|
|
305
|
+
enabled: boolean;
|
|
306
|
+
mode: DlpAction;
|
|
307
|
+
on_input?: DlpAction;
|
|
308
|
+
on_output?: DlpAction;
|
|
309
|
+
severity_threshold: DlpSeverity;
|
|
310
|
+
built_in: {
|
|
311
|
+
secrets: boolean;
|
|
312
|
+
pii: boolean;
|
|
313
|
+
};
|
|
314
|
+
custom_patterns: DlpCustomPattern[];
|
|
315
|
+
allowlist: DlpAllowlistEntry[];
|
|
316
|
+
pattern_overrides: Map<string, DlpAction>;
|
|
317
|
+
}
|
|
318
|
+
declare class DlpScanner {
|
|
319
|
+
private patterns;
|
|
320
|
+
private allowlistRegexps;
|
|
321
|
+
private severityThreshold;
|
|
322
|
+
private config;
|
|
323
|
+
constructor(config: DlpScannerConfig);
|
|
324
|
+
scan(text: string): DlpScanResult;
|
|
325
|
+
getAction(direction: 'input' | 'output'): DlpAction;
|
|
326
|
+
getPatternAction(match: DlpMatch, direction: 'input' | 'output'): DlpAction;
|
|
327
|
+
private isAllowlisted;
|
|
328
|
+
}
|
|
329
|
+
declare function compareSeverity(a: DlpSeverity, b: DlpSeverity): number;
|
|
330
|
+
|
|
331
|
+
interface MaskingConfig {
|
|
332
|
+
strategy: 'partial' | 'full' | 'hash';
|
|
333
|
+
show_chars: number;
|
|
334
|
+
placeholder: string;
|
|
335
|
+
}
|
|
336
|
+
declare class DlpMasker {
|
|
337
|
+
private config;
|
|
338
|
+
constructor(config?: Partial<MaskingConfig>);
|
|
339
|
+
maskValue(value: string): string;
|
|
340
|
+
maskText(text: string, matches: DlpMatch[]): string;
|
|
341
|
+
}
|
|
342
|
+
|
|
240
343
|
/**
|
|
241
344
|
* Tracks tool invocation count as a proxy for token budget.
|
|
242
345
|
* The budget value represents max invocations per session; -1 means unlimited.
|
|
@@ -299,7 +402,7 @@ interface AuditSink {
|
|
|
299
402
|
flush(): Promise<void>;
|
|
300
403
|
}
|
|
301
404
|
|
|
302
|
-
type AuditEventType = 'session_start' | 'session_end' | 'tool_allowed' | 'tool_denied' | 'tool_dry_run' | 'tool_result' | 'bash_denied' | 'path_denied' | 'approval_requested' | 'approval_granted' | 'approval_denied' | 'budget_exceeded' | 'config_reloaded';
|
|
405
|
+
type AuditEventType = 'session_start' | 'session_end' | 'tool_allowed' | 'tool_denied' | 'tool_dry_run' | 'tool_result' | 'bash_denied' | 'path_denied' | 'approval_requested' | 'approval_granted' | 'approval_denied' | 'budget_exceeded' | 'config_reloaded' | 'dlp_blocked' | 'dlp_detected' | 'dlp_masked';
|
|
303
406
|
interface AuditRecord {
|
|
304
407
|
id: string;
|
|
305
408
|
timestamp: string;
|
|
@@ -407,4 +510,4 @@ declare class WebhookApprover implements ApprovalFlow {
|
|
|
407
510
|
}): Promise<ApprovalResult>;
|
|
408
511
|
}
|
|
409
512
|
|
|
410
|
-
export { type ApprovalFlow, type ApprovalResult, type AuditEventType, AuditLogger, type AuditRecord, type AuditSink, type BashClassification, BashClassifier, type BashOverrides, BudgetTracker, CliApprover, ConfigValidationError, ConfigWatcher, type ConfirmUI, DANGEROUS_PATTERNS, EnvIdentityProvider, type ExecutionMode, type FactStore, type GovernanceConfig, type GovernanceToolCall, type HitlConfig, IdentityChain, type IdentityProvider, JsonlAuditSink, LocalIdentityProvider, OsoMemoryFactStore, type PathOperation, type PolicyDecision, type PolicyEngine, type Relation, type ResolvedIdentity, type RoleBinding, SAFE_PATTERNS, TemplateSelector, type TemplateSelectorConfig, WebhookApprover, WebhookAuditSink, YamlFactStore, YamlPolicyEngine, type YamlRole, type YamlRules, createApprovalFlow, createIdentityChain, createPolicyEngine, loadConfig, render as renderTemplate };
|
|
513
|
+
export { type ApprovalFlow, type ApprovalResult, type AuditEventType, AuditLogger, type AuditRecord, type AuditSink, type BashClassification, BashClassifier, type BashOverrides, BudgetTracker, CliApprover, ConfigValidationError, ConfigWatcher, type ConfirmUI, DANGEROUS_PATTERNS, PII_PATTERNS as DLP_PII_PATTERNS, SECRET_PATTERNS as DLP_SECRET_PATTERNS, type DlpAction, type DlpAllowlistEntry, type DlpCategory, type DlpCustomPattern, DlpMasker, type DlpMatch, type DlpPatternDef, type DlpScanResult, DlpScanner, type DlpScannerConfig, type DlpSeverity, EnvIdentityProvider, type ExecutionMode, type FactStore, type GovernanceConfig, type GovernanceToolCall, type HitlConfig, IdentityChain, type IdentityProvider, JsonlAuditSink, LocalIdentityProvider, type MaskingConfig, OsoMemoryFactStore, type PathOperation, type PolicyDecision, type PolicyEngine, type Relation, type ResolvedIdentity, type RoleBinding, SAFE_PATTERNS, TemplateSelector, type TemplateSelectorConfig, WebhookApprover, WebhookAuditSink, YamlFactStore, YamlPolicyEngine, type YamlRole, type YamlRules, compareSeverity, createApprovalFlow, createIdentityChain, createPolicyEngine, loadConfig, render as renderTemplate };
|
package/dist/index.d.ts
CHANGED
|
@@ -58,6 +58,37 @@ declare const GovernanceConfigSchema: _sinclair_typebox.TObject<{
|
|
|
58
58
|
connection: _sinclair_typebox.TString;
|
|
59
59
|
}>]>>;
|
|
60
60
|
}>>;
|
|
61
|
+
dlp: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
|
|
62
|
+
enabled: _sinclair_typebox.TBoolean;
|
|
63
|
+
mode: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
|
|
64
|
+
on_input: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
|
|
65
|
+
on_output: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
|
|
66
|
+
masking: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
|
|
67
|
+
strategy: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"partial">, _sinclair_typebox.TLiteral<"full">, _sinclair_typebox.TLiteral<"hash">]>;
|
|
68
|
+
show_chars: _sinclair_typebox.TOptional<_sinclair_typebox.TNumber>;
|
|
69
|
+
placeholder: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
|
|
70
|
+
}>>;
|
|
71
|
+
severity_threshold: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"low">, _sinclair_typebox.TLiteral<"medium">, _sinclair_typebox.TLiteral<"high">, _sinclair_typebox.TLiteral<"critical">]>>;
|
|
72
|
+
built_in: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
|
|
73
|
+
secrets: _sinclair_typebox.TBoolean;
|
|
74
|
+
pii: _sinclair_typebox.TBoolean;
|
|
75
|
+
}>>;
|
|
76
|
+
custom_patterns: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TObject<{
|
|
77
|
+
name: _sinclair_typebox.TString;
|
|
78
|
+
pattern: _sinclair_typebox.TString;
|
|
79
|
+
severity: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"low">, _sinclair_typebox.TLiteral<"medium">, _sinclair_typebox.TLiteral<"high">, _sinclair_typebox.TLiteral<"critical">]>;
|
|
80
|
+
action: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
|
|
81
|
+
}>>>;
|
|
82
|
+
allowlist: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TObject<{
|
|
83
|
+
pattern: _sinclair_typebox.TString;
|
|
84
|
+
}>>>;
|
|
85
|
+
role_overrides: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TObject<{
|
|
86
|
+
enabled: _sinclair_typebox.TOptional<_sinclair_typebox.TBoolean>;
|
|
87
|
+
mode: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
|
|
88
|
+
on_input: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
|
|
89
|
+
on_output: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
|
|
90
|
+
}>>>;
|
|
91
|
+
}>>;
|
|
61
92
|
org_units: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TObject<{
|
|
62
93
|
hitl: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
|
|
63
94
|
default_mode: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"autonomous">, _sinclair_typebox.TLiteral<"supervised">, _sinclair_typebox.TLiteral<"dry_run">]>>;
|
|
@@ -237,6 +268,78 @@ declare class BashClassifier {
|
|
|
237
268
|
declare const SAFE_PATTERNS: RegExp[];
|
|
238
269
|
declare const DANGEROUS_PATTERNS: RegExp[];
|
|
239
270
|
|
|
271
|
+
type DlpSeverity = 'low' | 'medium' | 'high' | 'critical';
|
|
272
|
+
type DlpCategory = 'secret' | 'pii' | 'custom';
|
|
273
|
+
interface DlpPatternDef {
|
|
274
|
+
name: string;
|
|
275
|
+
pattern: RegExp;
|
|
276
|
+
severity: DlpSeverity;
|
|
277
|
+
category: DlpCategory;
|
|
278
|
+
}
|
|
279
|
+
declare const SECRET_PATTERNS: DlpPatternDef[];
|
|
280
|
+
declare const PII_PATTERNS: DlpPatternDef[];
|
|
281
|
+
|
|
282
|
+
type DlpAction = 'audit' | 'mask' | 'block';
|
|
283
|
+
interface DlpMatch {
|
|
284
|
+
patternName: string;
|
|
285
|
+
category: DlpCategory;
|
|
286
|
+
severity: DlpSeverity;
|
|
287
|
+
start: number;
|
|
288
|
+
end: number;
|
|
289
|
+
matched: string;
|
|
290
|
+
}
|
|
291
|
+
interface DlpScanResult {
|
|
292
|
+
hasMatches: boolean;
|
|
293
|
+
matches: DlpMatch[];
|
|
294
|
+
}
|
|
295
|
+
interface DlpCustomPattern {
|
|
296
|
+
name: string;
|
|
297
|
+
pattern: string;
|
|
298
|
+
severity: DlpSeverity;
|
|
299
|
+
action?: DlpAction;
|
|
300
|
+
}
|
|
301
|
+
interface DlpAllowlistEntry {
|
|
302
|
+
pattern: string;
|
|
303
|
+
}
|
|
304
|
+
interface DlpScannerConfig {
|
|
305
|
+
enabled: boolean;
|
|
306
|
+
mode: DlpAction;
|
|
307
|
+
on_input?: DlpAction;
|
|
308
|
+
on_output?: DlpAction;
|
|
309
|
+
severity_threshold: DlpSeverity;
|
|
310
|
+
built_in: {
|
|
311
|
+
secrets: boolean;
|
|
312
|
+
pii: boolean;
|
|
313
|
+
};
|
|
314
|
+
custom_patterns: DlpCustomPattern[];
|
|
315
|
+
allowlist: DlpAllowlistEntry[];
|
|
316
|
+
pattern_overrides: Map<string, DlpAction>;
|
|
317
|
+
}
|
|
318
|
+
declare class DlpScanner {
|
|
319
|
+
private patterns;
|
|
320
|
+
private allowlistRegexps;
|
|
321
|
+
private severityThreshold;
|
|
322
|
+
private config;
|
|
323
|
+
constructor(config: DlpScannerConfig);
|
|
324
|
+
scan(text: string): DlpScanResult;
|
|
325
|
+
getAction(direction: 'input' | 'output'): DlpAction;
|
|
326
|
+
getPatternAction(match: DlpMatch, direction: 'input' | 'output'): DlpAction;
|
|
327
|
+
private isAllowlisted;
|
|
328
|
+
}
|
|
329
|
+
declare function compareSeverity(a: DlpSeverity, b: DlpSeverity): number;
|
|
330
|
+
|
|
331
|
+
interface MaskingConfig {
|
|
332
|
+
strategy: 'partial' | 'full' | 'hash';
|
|
333
|
+
show_chars: number;
|
|
334
|
+
placeholder: string;
|
|
335
|
+
}
|
|
336
|
+
declare class DlpMasker {
|
|
337
|
+
private config;
|
|
338
|
+
constructor(config?: Partial<MaskingConfig>);
|
|
339
|
+
maskValue(value: string): string;
|
|
340
|
+
maskText(text: string, matches: DlpMatch[]): string;
|
|
341
|
+
}
|
|
342
|
+
|
|
240
343
|
/**
|
|
241
344
|
* Tracks tool invocation count as a proxy for token budget.
|
|
242
345
|
* The budget value represents max invocations per session; -1 means unlimited.
|
|
@@ -299,7 +402,7 @@ interface AuditSink {
|
|
|
299
402
|
flush(): Promise<void>;
|
|
300
403
|
}
|
|
301
404
|
|
|
302
|
-
type AuditEventType = 'session_start' | 'session_end' | 'tool_allowed' | 'tool_denied' | 'tool_dry_run' | 'tool_result' | 'bash_denied' | 'path_denied' | 'approval_requested' | 'approval_granted' | 'approval_denied' | 'budget_exceeded' | 'config_reloaded';
|
|
405
|
+
type AuditEventType = 'session_start' | 'session_end' | 'tool_allowed' | 'tool_denied' | 'tool_dry_run' | 'tool_result' | 'bash_denied' | 'path_denied' | 'approval_requested' | 'approval_granted' | 'approval_denied' | 'budget_exceeded' | 'config_reloaded' | 'dlp_blocked' | 'dlp_detected' | 'dlp_masked';
|
|
303
406
|
interface AuditRecord {
|
|
304
407
|
id: string;
|
|
305
408
|
timestamp: string;
|
|
@@ -407,4 +510,4 @@ declare class WebhookApprover implements ApprovalFlow {
|
|
|
407
510
|
}): Promise<ApprovalResult>;
|
|
408
511
|
}
|
|
409
512
|
|
|
410
|
-
export { type ApprovalFlow, type ApprovalResult, type AuditEventType, AuditLogger, type AuditRecord, type AuditSink, type BashClassification, BashClassifier, type BashOverrides, BudgetTracker, CliApprover, ConfigValidationError, ConfigWatcher, type ConfirmUI, DANGEROUS_PATTERNS, EnvIdentityProvider, type ExecutionMode, type FactStore, type GovernanceConfig, type GovernanceToolCall, type HitlConfig, IdentityChain, type IdentityProvider, JsonlAuditSink, LocalIdentityProvider, OsoMemoryFactStore, type PathOperation, type PolicyDecision, type PolicyEngine, type Relation, type ResolvedIdentity, type RoleBinding, SAFE_PATTERNS, TemplateSelector, type TemplateSelectorConfig, WebhookApprover, WebhookAuditSink, YamlFactStore, YamlPolicyEngine, type YamlRole, type YamlRules, createApprovalFlow, createIdentityChain, createPolicyEngine, loadConfig, render as renderTemplate };
|
|
513
|
+
export { type ApprovalFlow, type ApprovalResult, type AuditEventType, AuditLogger, type AuditRecord, type AuditSink, type BashClassification, BashClassifier, type BashOverrides, BudgetTracker, CliApprover, ConfigValidationError, ConfigWatcher, type ConfirmUI, DANGEROUS_PATTERNS, PII_PATTERNS as DLP_PII_PATTERNS, SECRET_PATTERNS as DLP_SECRET_PATTERNS, type DlpAction, type DlpAllowlistEntry, type DlpCategory, type DlpCustomPattern, DlpMasker, type DlpMatch, type DlpPatternDef, type DlpScanResult, DlpScanner, type DlpScannerConfig, type DlpSeverity, EnvIdentityProvider, type ExecutionMode, type FactStore, type GovernanceConfig, type GovernanceToolCall, type HitlConfig, IdentityChain, type IdentityProvider, JsonlAuditSink, LocalIdentityProvider, type MaskingConfig, OsoMemoryFactStore, type PathOperation, type PolicyDecision, type PolicyEngine, type Relation, type ResolvedIdentity, type RoleBinding, SAFE_PATTERNS, TemplateSelector, type TemplateSelectorConfig, WebhookApprover, WebhookAuditSink, YamlFactStore, YamlPolicyEngine, type YamlRole, type YamlRules, compareSeverity, createApprovalFlow, createIdentityChain, createPolicyEngine, loadConfig, render as renderTemplate };
|