npm - @grwnd/pi-governance - Versions diffs - 1.8.0 → 1.9.0 - Mend

@grwnd/pi-governance 1.8.0 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md +1 -0
package/dist/extensions/index.cjs +43 -5
package/dist/extensions/index.cjs.map +1 -1
package/dist/extensions/index.js +43 -5
package/dist/extensions/index.js.map +1 -1
package/dist/index.cjs +10 -1
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +1 -1
package/dist/index.d.ts +1 -1
package/dist/index.js +10 -1
package/dist/index.js.map +1 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -38,6 +38,7 @@ pi install npm:@grwnd/pi-governance
 - **Audit** — Every decision logged as structured JSON
 - **HITL** — Human approval for sensitive operations
 - **Budgets** — Per-role tool invocation limits
+- **Config self-protection** — Agents cannot modify their own governance files
 ## Customize

package/dist/extensions/index.cjs CHANGED Viewed

@@ -1551,15 +1551,15 @@ function sendJson(res, status, data) {
   res.end(JSON.stringify(data));
 }
 function readBody(req) {
-  return new Promise((resolve, reject) => {
+  return new Promise((resolve2, reject) => {
     const chunks = [];
     req.on("data", (chunk) => chunks.push(chunk));
-    req.on("end", () => resolve(Buffer.concat(chunks).toString("utf-8")));
+    req.on("end", () => resolve2(Buffer.concat(chunks).toString("utf-8")));
     req.on("error", reject);
   });
 }
 function startWizardServer(options) {
-  return new Promise((resolve, reject) => {
+  return new Promise((resolve2, reject) => {
     let shutdownTimer;
     const server = (0, import_node_http.createServer)((req, res) => {
       setCorsHeaders(res);
@@ -1649,7 +1649,7 @@ function startWizardServer(options) {
       shutdownTimer = setTimeout(() => {
         closeServer();
       }, AUTO_SHUTDOWN_MS);
-      resolve({ port: addr.port, close: closeServer });
+      resolve2({ port: addr.port, close: closeServer });
     });
   });
 }
@@ -1708,6 +1708,7 @@ __export(extensions_exports, {
 });
 module.exports = __toCommonJS(extensions_exports);
 var import_node_fs3 = require("fs");
+var import_node_path3 = require("path");
 // src/lib/config/loader.ts
 var import_fs = require("fs");
@@ -2181,7 +2182,16 @@ var DANGEROUS_PATTERNS = [
   // Compiler/build (can execute arbitrary code)
   /\bmake\s/,
   /\bgcc\b/,
-  /\bg\+\+/
+  /\bg\+\+/,
+  // Governance config tampering — shell-based writes to governance files
+  /(cat|echo|printf)\s.*>\s*.*governance(-rules)?\.yaml/,
+  /\btee\s+.*governance(-rules)?\.yaml/,
+  /sed\s+-i.*governance(-rules)?\.yaml/,
+  /(cp|mv|rm)\s.*governance(-rules)?\.yaml/,
+  /(cat|echo|printf)\s.*>\s*.*\.pi\/governance/,
+  /\btee\s+.*\.pi\/governance/,
+  /sed\s+-i.*\.pi\/governance/,
+  /(cp|mv|rm)\s.*\.pi\/governance/
 ];
 // src/lib/bash/classifier.ts
@@ -2976,7 +2986,9 @@ var piGovernance = (pi) => {
   let configWatcher;
   let dlpScanner;
   let dlpMasker;
+  let protectedPaths = /* @__PURE__ */ new Set();
   const stats = {
+    configTampered: 0,
     allowed: 0,
     denied: 0,
     approvals: 0,
@@ -2990,6 +3002,15 @@ var piGovernance = (pi) => {
     sessionId = ctx.sessionId;
     const loaded = loadConfig();
     config = loaded.config;
+    const paths = /* @__PURE__ */ new Set();
+    if (loaded.source !== "built-in") {
+      paths.add((0, import_node_path3.resolve)(loaded.source));
+    }
+    const rulesFileCfg = config.policy?.yaml?.rules_file ?? "./governance-rules.yaml";
+    paths.add((0, import_node_path3.resolve)(rulesFileCfg));
+    paths.add((0, import_node_path3.resolve)(ctx.workingDirectory, ".pi/governance.yaml"));
+    paths.add((0, import_node_path3.resolve)(ctx.workingDirectory, "governance-rules.yaml"));
+    protectedPaths = paths;
     const chain = createIdentityChain(config.auth);
     identity = await chain.resolve();
     const rulesFile = config.policy?.yaml?.rules_file ?? "./governance-rules.yaml";
@@ -3119,6 +3140,22 @@ var piGovernance = (pi) => {
       tool: toolName,
       input: params
     };
+    if (WRITE_TOOLS.has(toolName)) {
+      const filePath = extractPath(toolName, input);
+      if (filePath && protectedPaths.has((0, import_node_path3.resolve)(filePath))) {
+        stats.configTampered++;
+        await audit.log({
+          ...baseRecord,
+          event: "config_tampered",
+          decision: "denied",
+          reason: `Config self-protection: write to governance file blocked (${filePath})`
+        });
+        return {
+          block: true,
+          reason: `Governance config files are protected and cannot be modified by agents`
+        };
+      }
+    }
     if (executionMode === "dry_run") {
       stats.dryRun++;
       await audit.log({
@@ -3394,6 +3431,7 @@ var piGovernance = (pi) => {
           `  Approvals: ${stats.approvals}`,
           `  Dry-run blocks: ${stats.dryRun}`,
           `  Budget exceeded: ${stats.budgetExceeded}`,
+          `  Config tampered: ${stats.configTampered}`,
           `  DLP blocked: ${stats.dlpBlocked}`,
           `  DLP detected: ${stats.dlpDetected}`,
           `  DLP masked: ${stats.dlpMasked}`,