@grwnd/pi-governance 1.5.0 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/extensions/index.cjs +59 -3
  2. package/dist/extensions/index.cjs.map +1 -1
  3. package/dist/extensions/index.js +61 -3
  4. package/dist/extensions/index.js.map +1 -1
  5. package/dist/index.cjs +26 -706
  6. package/dist/index.cjs.map +1 -1
  7. package/dist/index.js +26 -706
  8. package/dist/index.js.map +1 -1
  9. package/package.json +6 -1
package/dist/extensions/index.cjs CHANGED
@@ -23,6 +23,7 @@ __export(extensions_exports, {
23
23
  default: () => extensions_default
24
24
  });
25
25
  module.exports = __toCommonJS(extensions_exports);
26
+ var import_node_fs2 = require("fs");
26
27
 
27
28
  // src/lib/config/loader.ts
28
29
  var import_fs = require("fs");
@@ -206,7 +207,20 @@ var DEFAULTS = {
206
207
  sinks: [{ type: "jsonl", path: "~/.pi/agent/audit.jsonl" }]
207
208
  },
208
209
  dlp: {
209
- enabled: false
210
+ enabled: true,
211
+ mode: "audit",
212
+ on_input: "block",
213
+ on_output: "mask",
214
+ masking: {
215
+ strategy: "partial",
216
+ show_chars: 4,
217
+ placeholder: "***"
218
+ },
219
+ severity_threshold: "low",
220
+ built_in: {
221
+ secrets: true,
222
+ pii: true
223
+ }
210
224
  }
211
225
  };
212
226
 
@@ -1340,7 +1354,47 @@ var piGovernance = (pi) => {
1340
1354
  const chain = createIdentityChain(config.auth);
1341
1355
  identity = await chain.resolve();
1342
1356
  const rulesFile = config.policy?.yaml?.rules_file ?? "./governance-rules.yaml";
1343
- policyEngine = new YamlPolicyEngine(rulesFile);
1357
+ if ((0, import_node_fs2.existsSync)(rulesFile)) {
1358
+ policyEngine = new YamlPolicyEngine(rulesFile);
1359
+ } else {
1360
+ policyEngine = new YamlPolicyEngine({
1361
+ roles: {
1362
+ admin: {
1363
+ allowed_tools: ["all"],
1364
+ blocked_tools: [],
1365
+ prompt_template: "admin",
1366
+ execution_mode: "autonomous",
1367
+ human_approval: { required_for: [] },
1368
+ token_budget_daily: -1,
1369
+ allowed_paths: ["**"],
1370
+ blocked_paths: []
1371
+ },
1372
+ project_lead: {
1373
+ allowed_tools: ["all"],
1374
+ blocked_tools: [],
1375
+ prompt_template: "project-lead",
1376
+ execution_mode: "supervised",
1377
+ human_approval: { required_for: ["bash", "write"] },
1378
+ token_budget_daily: -1,
1379
+ allowed_paths: ["**"],
1380
+ blocked_paths: []
1381
+ },
1382
+ analyst: {
1383
+ allowed_tools: ["read", "grep", "find", "ls"],
1384
+ blocked_tools: ["write", "edit", "bash"],
1385
+ prompt_template: "analyst",
1386
+ execution_mode: "supervised",
1387
+ human_approval: { required_for: ["all"] },
1388
+ token_budget_daily: -1,
1389
+ allowed_paths: ["**"],
1390
+ blocked_paths: []
1391
+ }
1392
+ }
1393
+ });
1394
+ if (config.policy?.yaml?.rules_file) {
1395
+ ctx.ui.notify(`Rules file not found: ${rulesFile} \u2014 using built-in defaults`, "warning");
1396
+ }
1397
+ }
1344
1398
  executionMode = policyEngine.getExecutionMode(identity.role);
1345
1399
  const bashOverrides = policyEngine.getBashOverrides(identity.role);
1346
1400
  bashClassifier = new BashClassifier(bashOverrides);
@@ -1372,7 +1426,9 @@ var piGovernance = (pi) => {
1372
1426
  (newConfig) => {
1373
1427
  config = newConfig;
1374
1428
  const newRulesFile = newConfig.policy?.yaml?.rules_file ?? "./governance-rules.yaml";
1375
- policyEngine = new YamlPolicyEngine(newRulesFile);
1429
+ if ((0, import_node_fs2.existsSync)(newRulesFile)) {
1430
+ policyEngine = new YamlPolicyEngine(newRulesFile);
1431
+ }
1376
1432
  const newOverrides = policyEngine.getBashOverrides(identity.role);
1377
1433
  bashClassifier = new BashClassifier(newOverrides);
1378
1434
  const newDlpCfg = resolveDlpConfig(newConfig.dlp, identity.role);