@grwnd/pi-governance 1.5.0 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/extensions/index.cjs +59 -3
  2. package/dist/extensions/index.cjs.map +1 -1
  3. package/dist/extensions/index.js +61 -3
  4. package/dist/extensions/index.js.map +1 -1
  5. package/dist/index.cjs +26 -706
  6. package/dist/index.cjs.map +1 -1
  7. package/dist/index.js +26 -706
  8. package/dist/index.js.map +1 -1
  9. package/package.json +6 -1
package/dist/extensions/index.js CHANGED
@@ -1,3 +1,6 @@
1
+ // src/extensions/index.ts
2
+ import { existsSync as existsSync2 } from "fs";
3
+
1
4
  // src/lib/config/loader.ts
2
5
  import { existsSync, readFileSync } from "fs";
3
6
  import { parse as parseYaml } from "yaml";
@@ -180,7 +183,20 @@ var DEFAULTS = {
180
183
  sinks: [{ type: "jsonl", path: "~/.pi/agent/audit.jsonl" }]
181
184
  },
182
185
  dlp: {
183
- enabled: false
186
+ enabled: true,
187
+ mode: "audit",
188
+ on_input: "block",
189
+ on_output: "mask",
190
+ masking: {
191
+ strategy: "partial",
192
+ show_chars: 4,
193
+ placeholder: "***"
194
+ },
195
+ severity_threshold: "low",
196
+ built_in: {
197
+ secrets: true,
198
+ pii: true
199
+ }
184
200
  }
185
201
  };
186
202
 
@@ -1314,7 +1330,47 @@ var piGovernance = (pi) => {
1314
1330
  const chain = createIdentityChain(config.auth);
1315
1331
  identity = await chain.resolve();
1316
1332
  const rulesFile = config.policy?.yaml?.rules_file ?? "./governance-rules.yaml";
1317
- policyEngine = new YamlPolicyEngine(rulesFile);
1333
+ if (existsSync2(rulesFile)) {
1334
+ policyEngine = new YamlPolicyEngine(rulesFile);
1335
+ } else {
1336
+ policyEngine = new YamlPolicyEngine({
1337
+ roles: {
1338
+ admin: {
1339
+ allowed_tools: ["all"],
1340
+ blocked_tools: [],
1341
+ prompt_template: "admin",
1342
+ execution_mode: "autonomous",
1343
+ human_approval: { required_for: [] },
1344
+ token_budget_daily: -1,
1345
+ allowed_paths: ["**"],
1346
+ blocked_paths: []
1347
+ },
1348
+ project_lead: {
1349
+ allowed_tools: ["all"],
1350
+ blocked_tools: [],
1351
+ prompt_template: "project-lead",
1352
+ execution_mode: "supervised",
1353
+ human_approval: { required_for: ["bash", "write"] },
1354
+ token_budget_daily: -1,
1355
+ allowed_paths: ["**"],
1356
+ blocked_paths: []
1357
+ },
1358
+ analyst: {
1359
+ allowed_tools: ["read", "grep", "find", "ls"],
1360
+ blocked_tools: ["write", "edit", "bash"],
1361
+ prompt_template: "analyst",
1362
+ execution_mode: "supervised",
1363
+ human_approval: { required_for: ["all"] },
1364
+ token_budget_daily: -1,
1365
+ allowed_paths: ["**"],
1366
+ blocked_paths: []
1367
+ }
1368
+ }
1369
+ });
1370
+ if (config.policy?.yaml?.rules_file) {
1371
+ ctx.ui.notify(`Rules file not found: ${rulesFile} \u2014 using built-in defaults`, "warning");
1372
+ }
1373
+ }
1318
1374
  executionMode = policyEngine.getExecutionMode(identity.role);
1319
1375
  const bashOverrides = policyEngine.getBashOverrides(identity.role);
1320
1376
  bashClassifier = new BashClassifier(bashOverrides);
@@ -1346,7 +1402,9 @@ var piGovernance = (pi) => {
1346
1402
  (newConfig) => {
1347
1403
  config = newConfig;
1348
1404
  const newRulesFile = newConfig.policy?.yaml?.rules_file ?? "./governance-rules.yaml";
1349
- policyEngine = new YamlPolicyEngine(newRulesFile);
1405
+ if (existsSync2(newRulesFile)) {
1406
+ policyEngine = new YamlPolicyEngine(newRulesFile);
1407
+ }
1350
1408
  const newOverrides = policyEngine.getBashOverrides(identity.role);
1351
1409
  bashClassifier = new BashClassifier(newOverrides);
1352
1410
  const newDlpCfg = resolveDlpConfig(newConfig.dlp, identity.role);