@grwnd/pi-governance 3.0.0 → 3.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +1 -1
- package/README.md +11 -11
- package/dist/extensions/index.cjs +10 -6
- package/dist/extensions/index.cjs.map +1 -1
- package/dist/extensions/index.js +10 -6
- package/dist/extensions/index.js.map +1 -1
- package/package.json +13 -3
package/LICENSE
CHANGED
package/README.md
CHANGED
|
@@ -9,11 +9,11 @@
|
|
|
9
9
|
</p>
|
|
10
10
|
|
|
11
11
|
<p align="center">
|
|
12
|
-
<a href="https://github.com/
|
|
12
|
+
<a href="https://github.com/dtmirizzi/pi-governance/actions/workflows/ci.yml"><img src="https://github.com/dtmirizzi/pi-governance/actions/workflows/ci.yml/badge.svg" alt="CI" /></a>
|
|
13
13
|
<a href="https://www.npmjs.com/package/@grwnd/pi-governance"><img src="https://img.shields.io/npm/v/@grwnd/pi-governance" alt="npm pi-governance" /></a>
|
|
14
14
|
<a href="https://www.npmjs.com/package/@grwnd/openclaw-governance"><img src="https://img.shields.io/npm/v/@grwnd/openclaw-governance?label=openclaw-governance" alt="npm openclaw-governance" /></a>
|
|
15
|
-
<a href="https://github.com/
|
|
16
|
-
<a href="https://
|
|
15
|
+
<a href="https://github.com/dtmirizzi/pi-governance/blob/main/LICENSE"><img src="https://img.shields.io/badge/license-Apache--2.0-blue" alt="License" /></a>
|
|
16
|
+
<a href="https://dtmirizzi.github.io/pi-governance/"><img src="https://img.shields.io/badge/docs-GitHub%20Pages-blue" alt="Docs" /></a>
|
|
17
17
|
</p>
|
|
18
18
|
|
|
19
19
|
---
|
|
@@ -52,7 +52,7 @@ Opens a browser-based wizard to configure roles, DLP, audit, and HITL. Generates
|
|
|
52
52
|
|
|
53
53
|
### Manual YAML
|
|
54
54
|
|
|
55
|
-
Create `.pi/governance.yaml` and `governance-rules.yaml` — see the [Configuration Reference](https://
|
|
55
|
+
Create `.pi/governance.yaml` and `governance-rules.yaml` — see the [Configuration Reference](https://dtmirizzi.github.io/pi-governance/reference/config).
|
|
56
56
|
|
|
57
57
|
### Set identity
|
|
58
58
|
|
|
@@ -64,14 +64,14 @@ pi
|
|
|
64
64
|
|
|
65
65
|
## Documentation
|
|
66
66
|
|
|
67
|
-
Full docs at **[
|
|
67
|
+
Full docs at **[dtmirizzi.github.io/pi-governance](https://dtmirizzi.github.io/pi-governance/)**.
|
|
68
68
|
|
|
69
|
-
- [Why Governance?](https://
|
|
70
|
-
- [Quick Start](https://
|
|
71
|
-
- [Common Scenarios](https://
|
|
72
|
-
- [YAML Policies](https://
|
|
73
|
-
- [DLP Guide](https://
|
|
74
|
-
- [OpenClaw Integration](https://
|
|
69
|
+
- [Why Governance?](https://dtmirizzi.github.io/pi-governance/guide/why) — What can go wrong without controls
|
|
70
|
+
- [Quick Start](https://dtmirizzi.github.io/pi-governance/guide/quickstart) — Install and configure
|
|
71
|
+
- [Common Scenarios](https://dtmirizzi.github.io/pi-governance/guide/scenarios) — Copy-paste configs
|
|
72
|
+
- [YAML Policies](https://dtmirizzi.github.io/pi-governance/guide/yaml-policies) — Full policy reference
|
|
73
|
+
- [DLP Guide](https://dtmirizzi.github.io/pi-governance/guide/dlp) — Data loss prevention
|
|
74
|
+
- [OpenClaw Integration](https://dtmirizzi.github.io/pi-governance/guide/openclaw) — MCP tool governance
|
|
75
75
|
|
|
76
76
|
## License
|
|
77
77
|
|
|
@@ -3008,8 +3008,9 @@ var piGovernance = (pi) => {
|
|
|
3008
3008
|
}
|
|
3009
3009
|
const rulesFileCfg = config.policy?.yaml?.rules_file ?? "./governance-rules.yaml";
|
|
3010
3010
|
paths.add((0, import_node_path3.resolve)(rulesFileCfg));
|
|
3011
|
-
|
|
3012
|
-
paths.add((0, import_node_path3.resolve)(
|
|
3011
|
+
const cwd = ctx.workingDirectory ?? process.cwd();
|
|
3012
|
+
paths.add((0, import_node_path3.resolve)(cwd, ".pi/governance.yaml"));
|
|
3013
|
+
paths.add((0, import_node_path3.resolve)(cwd, "governance-rules.yaml"));
|
|
3013
3014
|
protectedPaths = paths;
|
|
3014
3015
|
const chain = createIdentityChain(config.auth);
|
|
3015
3016
|
identity = await chain.resolve();
|
|
@@ -3130,6 +3131,7 @@ var piGovernance = (pi) => {
|
|
|
3130
3131
|
);
|
|
3131
3132
|
});
|
|
3132
3133
|
pi.on("tool_call", async (event, _ctx) => {
|
|
3134
|
+
if (!audit || !policyEngine || !identity) return void 0;
|
|
3133
3135
|
const { toolName, input } = event;
|
|
3134
3136
|
const params = summarizeParams(toolName, input);
|
|
3135
3137
|
const baseRecord = {
|
|
@@ -3346,6 +3348,7 @@ var piGovernance = (pi) => {
|
|
|
3346
3348
|
return void 0;
|
|
3347
3349
|
});
|
|
3348
3350
|
pi.on("tool_result", async (event, _ctx) => {
|
|
3351
|
+
if (!audit || !identity) return;
|
|
3349
3352
|
if (dlpScanner && dlpMasker && event.output) {
|
|
3350
3353
|
const result = dlpScanner.scan(event.output);
|
|
3351
3354
|
if (result.hasMatches) {
|
|
@@ -3397,15 +3400,16 @@ var piGovernance = (pi) => {
|
|
|
3397
3400
|
});
|
|
3398
3401
|
pi.on("session_shutdown", async (_event, _ctx) => {
|
|
3399
3402
|
configWatcher?.stop();
|
|
3403
|
+
if (!audit) return;
|
|
3400
3404
|
await audit.log({
|
|
3401
3405
|
sessionId,
|
|
3402
3406
|
event: "session_end",
|
|
3403
|
-
userId: identity
|
|
3404
|
-
role: identity
|
|
3405
|
-
orgUnit: identity
|
|
3407
|
+
userId: identity?.userId,
|
|
3408
|
+
role: identity?.role,
|
|
3409
|
+
orgUnit: identity?.orgUnit,
|
|
3406
3410
|
metadata: {
|
|
3407
3411
|
stats: { ...stats },
|
|
3408
|
-
budget: { used: budgetTracker.used(), remaining: budgetTracker.remaining() },
|
|
3412
|
+
budget: budgetTracker ? { used: budgetTracker.used(), remaining: budgetTracker.remaining() } : void 0,
|
|
3409
3413
|
summary: Object.fromEntries(audit.getSummary())
|
|
3410
3414
|
}
|
|
3411
3415
|
});
|