@grwnd/pi-governance 1.8.0 → 1.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/extensions/index.cjs +43 -5
- package/dist/extensions/index.cjs.map +1 -1
- package/dist/extensions/index.js +43 -5
- package/dist/extensions/index.js.map +1 -1
- package/dist/index.cjs +10 -1
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +10 -1
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.d.cts
CHANGED
|
@@ -402,7 +402,7 @@ interface AuditSink {
|
|
|
402
402
|
flush(): Promise<void>;
|
|
403
403
|
}
|
|
404
404
|
|
|
405
|
-
type AuditEventType = 'session_start' | 'session_end' | 'tool_allowed' | 'tool_denied' | 'tool_dry_run' | 'tool_result' | 'bash_denied' | 'path_denied' | 'approval_requested' | 'approval_granted' | 'approval_denied' | 'budget_exceeded' | 'config_reloaded' | 'dlp_blocked' | 'dlp_detected' | 'dlp_masked';
|
|
405
|
+
type AuditEventType = 'session_start' | 'session_end' | 'tool_allowed' | 'tool_denied' | 'tool_dry_run' | 'tool_result' | 'bash_denied' | 'path_denied' | 'approval_requested' | 'approval_granted' | 'approval_denied' | 'budget_exceeded' | 'config_reloaded' | 'dlp_blocked' | 'dlp_detected' | 'dlp_masked' | 'config_tampered';
|
|
406
406
|
interface AuditRecord {
|
|
407
407
|
id: string;
|
|
408
408
|
timestamp: string;
|
package/dist/index.d.ts
CHANGED
|
@@ -402,7 +402,7 @@ interface AuditSink {
|
|
|
402
402
|
flush(): Promise<void>;
|
|
403
403
|
}
|
|
404
404
|
|
|
405
|
-
type AuditEventType = 'session_start' | 'session_end' | 'tool_allowed' | 'tool_denied' | 'tool_dry_run' | 'tool_result' | 'bash_denied' | 'path_denied' | 'approval_requested' | 'approval_granted' | 'approval_denied' | 'budget_exceeded' | 'config_reloaded' | 'dlp_blocked' | 'dlp_detected' | 'dlp_masked';
|
|
405
|
+
type AuditEventType = 'session_start' | 'session_end' | 'tool_allowed' | 'tool_denied' | 'tool_dry_run' | 'tool_result' | 'bash_denied' | 'path_denied' | 'approval_requested' | 'approval_granted' | 'approval_denied' | 'budget_exceeded' | 'config_reloaded' | 'dlp_blocked' | 'dlp_detected' | 'dlp_masked' | 'config_tampered';
|
|
406
406
|
interface AuditRecord {
|
|
407
407
|
id: string;
|
|
408
408
|
timestamp: string;
|
package/dist/index.js
CHANGED
|
@@ -3633,7 +3633,16 @@ var DANGEROUS_PATTERNS = [
|
|
|
3633
3633
|
// Compiler/build (can execute arbitrary code)
|
|
3634
3634
|
/\bmake\s/,
|
|
3635
3635
|
/\bgcc\b/,
|
|
3636
|
-
/\bg
|
|
3636
|
+
/\bg\+\+/,
|
|
3637
|
+
// Governance config tampering — shell-based writes to governance files
|
|
3638
|
+
/(cat|echo|printf)\s.*>\s*.*governance(-rules)?\.yaml/,
|
|
3639
|
+
/\btee\s+.*governance(-rules)?\.yaml/,
|
|
3640
|
+
/sed\s+-i.*governance(-rules)?\.yaml/,
|
|
3641
|
+
/(cp|mv|rm)\s.*governance(-rules)?\.yaml/,
|
|
3642
|
+
/(cat|echo|printf)\s.*>\s*.*\.pi\/governance/,
|
|
3643
|
+
/\btee\s+.*\.pi\/governance/,
|
|
3644
|
+
/sed\s+-i.*\.pi\/governance/,
|
|
3645
|
+
/(cp|mv|rm)\s.*\.pi\/governance/
|
|
3637
3646
|
];
|
|
3638
3647
|
|
|
3639
3648
|
// src/lib/bash/classifier.ts
|