@grwnd/pi-governance 3.0.2 → 3.1.0

package/dist/index.d.cts

@@ -13,6 +13,26 @@ declare const AuthConfig: _sinclair_typebox.TObject<{
     }>>;
 }>;
 type AuthConfigType = Static<typeof AuthConfig>;
+declare const DependencyGuardianConfig$1: _sinclair_typebox.TObject<{
+    enabled: _sinclair_typebox.TBoolean;
+    checks: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
+        existence: _sinclair_typebox.TBoolean;
+        reputation: _sinclair_typebox.TBoolean;
+        typosquatting: _sinclair_typebox.TBoolean;
+        install_scripts: _sinclair_typebox.TBoolean;
+        vulnerabilities: _sinclair_typebox.TBoolean;
+    }>>;
+    risk_thresholds: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
+        min_age_days: _sinclair_typebox.TNumber;
+        min_weekly_downloads: _sinclair_typebox.TNumber;
+    }>>;
+    on_risk: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"escalate">, _sinclair_typebox.TLiteral<"block">, _sinclair_typebox.TLiteral<"audit">]>>;
+    allowlist: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TString>>;
+    blocklist: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TString>>;
+    blocklist_patterns: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TString>>;
+    custom_registry_bypass: _sinclair_typebox.TBoolean;
+}>;
+type DependencyGuardianConfigType = Static<typeof DependencyGuardianConfig$1>;
 declare const GovernanceConfigSchema: _sinclair_typebox.TObject<{
     auth: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
         provider: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"env">, _sinclair_typebox.TLiteral<"local">, _sinclair_typebox.TLiteral<"oidc">]>;
@@ -89,6 +109,25 @@ declare const GovernanceConfigSchema: _sinclair_typebox.TObject<{
             on_output: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
         }>>>;
     }>>;
+    dependency_guardian: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
+        enabled: _sinclair_typebox.TBoolean;
+        checks: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
+            existence: _sinclair_typebox.TBoolean;
+            reputation: _sinclair_typebox.TBoolean;
+            typosquatting: _sinclair_typebox.TBoolean;
+            install_scripts: _sinclair_typebox.TBoolean;
+            vulnerabilities: _sinclair_typebox.TBoolean;
+        }>>;
+        risk_thresholds: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
+            min_age_days: _sinclair_typebox.TNumber;
+            min_weekly_downloads: _sinclair_typebox.TNumber;
+        }>>;
+        on_risk: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"escalate">, _sinclair_typebox.TLiteral<"block">, _sinclair_typebox.TLiteral<"audit">]>>;
+        allowlist: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TString>>;
+        blocklist: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TString>>;
+        blocklist_patterns: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TString>>;
+        custom_registry_bypass: _sinclair_typebox.TBoolean;
+    }>>;
     org_units: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TObject<{
         hitl: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
             default_mode: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"autonomous">, _sinclair_typebox.TLiteral<"supervised">, _sinclair_typebox.TLiteral<"dry_run">]>>;
@@ -340,6 +379,171 @@ declare class DlpMasker {
     maskText(text: string, matches: DlpMatch[]): string;
 }
 
+/**
+ * Extracts package names from shell install commands.
+ *
+ * Supports npm, yarn, pnpm, pip, and cargo.
+ */
+type Ecosystem = 'npm' | 'pypi' | 'crates.io';
+type PackageManager = 'npm' | 'yarn' | 'pnpm' | 'pip' | 'cargo';
+interface ParsedPackage {
+    name: string;
+    version?: string;
+    ecosystem: Ecosystem;
+}
+interface ParsedInstall {
+    manager: PackageManager;
+    packages: ParsedPackage[];
+    flags: string[];
+    raw: string;
+    isLockfileInstall: boolean;
+    usesCustomRegistry: boolean;
+}
+/**
+ * Attempt to parse an install command and extract package names.
+ * Returns undefined if the command is not a recognized install command.
+ */
+declare function parseInstallCommand(command: string): ParsedInstall | undefined;
+
+/**
+ * Registry clients for npm and PyPI.
+ *
+ * Uses built-in fetch() (Node 22+). Zero dependencies.
+ * All endpoints are free and require no authentication.
+ */
+
+interface RegistryMetadata {
+    name: string;
+    ecosystem: Ecosystem;
+    exists: boolean;
+    createdAt?: Date;
+    modifiedAt?: Date;
+    latestVersion?: string;
+    weeklyDownloads?: number;
+    maintainerCount?: number;
+    hasRepository: boolean;
+    hasReadme: boolean;
+    hasInstallScripts: boolean;
+    description?: string;
+    license?: string;
+}
+declare function fetchRegistryMetadata(name: string, ecosystem: Ecosystem): Promise<RegistryMetadata>;
+
+/**
+ * OSV.dev vulnerability database integration.
+ *
+ * Free, no auth, supports all major ecosystems.
+ * https://osv.dev
+ */
+
+interface VulnEntry {
+    id: string;
+    summary: string;
+    severity: 'low' | 'medium' | 'high' | 'critical';
+    fixedIn?: string;
+    aliases: string[];
+}
+interface VulnerabilityResult {
+    package: string;
+    ecosystem: Ecosystem;
+    vulnerabilities: VulnEntry[];
+    error?: string;
+}
+/**
+ * Query OSV.dev for vulnerabilities affecting a single package.
+ */
+declare function queryVulnerabilities(name: string, ecosystem: Ecosystem, version?: string): Promise<VulnerabilityResult>;
+/**
+ * Batch query OSV.dev for multiple packages at once.
+ */
+declare function queryVulnerabilitiesBatch(packages: Array<{
+    name: string;
+    ecosystem: Ecosystem;
+    version?: string;
+}>): Promise<VulnerabilityResult[]>;
+
+/**
+ * Levenshtein distance and typosquat detection.
+ *
+ * Single-row Wagner-Fischer: O(n*m) time, O(min(n,m)) space.
+ * Zero dependencies.
+ */
+declare function levenshteinDistance(a: string, b: string): number;
+declare function normalizedSimilarity(a: string, b: string): number;
+interface TyposquatMatch {
+    target: string;
+    distance: number;
+    similarity: number;
+}
+/**
+ * Check a package name against a corpus of known-good names.
+ * Returns the closest match if it looks like a typosquat.
+ */
+declare function detectTyposquat(name: string, corpus: string[]): TyposquatMatch | undefined;
+
+/**
+ * Risk scoring engine for dependency validation.
+ *
+ * Computes a risk report for a single package based on registry metadata,
+ * vulnerability data, and typosquat analysis.
+ */
+
+type RiskSeverity = 'info' | 'low' | 'medium' | 'high' | 'critical';
+type RiskRecommendation = 'allow' | 'escalate' | 'block';
+interface RiskSignal {
+    name: string;
+    severity: RiskSeverity;
+    detail: string;
+}
+interface RiskReport {
+    package: string;
+    ecosystem: string;
+    overallRisk: RiskSeverity;
+    signals: RiskSignal[];
+    vulnerabilities: VulnEntry[];
+    recommendation: RiskRecommendation;
+    metadata: RegistryMetadata;
+}
+
+/**
+ * Dependency Guardian — orchestrator module.
+ *
+ * Parses install commands, runs all checks, and returns a risk report.
+ */
+
+interface DependencyGuardianConfig {
+    enabled: boolean;
+    checks: {
+        existence: boolean;
+        reputation: boolean;
+        typosquatting: boolean;
+        install_scripts: boolean;
+        vulnerabilities: boolean;
+    };
+    risk_thresholds: {
+        min_age_days: number;
+        min_weekly_downloads: number;
+    };
+    on_risk: 'escalate' | 'block' | 'audit';
+    allowlist: string[];
+    blocklist: string[];
+    blocklist_patterns: string[];
+    custom_registry_bypass: boolean;
+}
+interface GuardianResult {
+    command: string;
+    packages: RiskReport[];
+    overallRecommendation: RiskRecommendation;
+    summary: string;
+    auditMetadata: Record<string, unknown>;
+    skipped: boolean;
+    skipReason?: string;
+}
+/**
+ * Evaluate an install command and return a risk report for all packages.
+ */
+declare function evaluateInstall(command: string, config?: DependencyGuardianConfig): Promise<GuardianResult>;
+
 /**
  * Tracks tool invocation count as a proxy for token budget.
  * The budget value represents max invocations per session; -1 means unlimited.
@@ -402,7 +606,7 @@ interface AuditSink {
     flush(): Promise<void>;
 }
 
-type AuditEventType = 'session_start' | 'session_end' | 'tool_allowed' | 'tool_denied' | 'tool_dry_run' | 'tool_result' | 'bash_denied' | 'path_denied' | 'approval_requested' | 'approval_granted' | 'approval_denied' | 'budget_exceeded' | 'config_reloaded' | 'dlp_blocked' | 'dlp_detected' | 'dlp_masked' | 'config_tampered';
+type AuditEventType = 'session_start' | 'session_end' | 'tool_allowed' | 'tool_denied' | 'tool_dry_run' | 'tool_result' | 'bash_denied' | 'path_denied' | 'approval_requested' | 'approval_granted' | 'approval_denied' | 'budget_exceeded' | 'config_reloaded' | 'dlp_blocked' | 'dlp_detected' | 'dlp_masked' | 'config_tampered' | 'dep_allowed' | 'dep_blocked' | 'dep_escalated' | 'dep_approved' | 'dep_rejected';
 interface AuditRecord {
     id: string;
     timestamp: string;
@@ -524,4 +728,4 @@ declare function startWizardServer(options: WizardServerOptions): Promise<{
     close: () => void;
 }>;
 
-export { type ApprovalFlow, type ApprovalResult, type AuditEventType, AuditLogger, type AuditRecord, type AuditSink, type BashClassification, BashClassifier, type BashOverrides, BudgetTracker, CliApprover, ConfigValidationError, ConfigWatcher, type ConfirmUI, DANGEROUS_PATTERNS, PII_PATTERNS as DLP_PII_PATTERNS, SECRET_PATTERNS as DLP_SECRET_PATTERNS, type DlpAction, type DlpAllowlistEntry, type DlpCategory, type DlpCustomPattern, DlpMasker, type DlpMatch, type DlpPatternDef, type DlpScanResult, DlpScanner, type DlpScannerConfig, type DlpSeverity, EnvIdentityProvider, type ExecutionMode, type FactStore, type GovernanceConfig, type GovernanceToolCall, type HitlConfig, IdentityChain, type IdentityProvider, JsonlAuditSink, LocalIdentityProvider, type MaskingConfig, OsoMemoryFactStore, type PathOperation, type PolicyDecision, type PolicyEngine, type Relation, type ResolvedIdentity, type RoleBinding, SAFE_PATTERNS, TemplateSelector, type TemplateSelectorConfig, WebhookApprover, WebhookAuditSink, type WizardServerOptions, YamlFactStore, YamlPolicyEngine, type YamlRole, type YamlRules, compareSeverity, createApprovalFlow, createIdentityChain, createPolicyEngine, loadConfig, render as renderTemplate, startWizardServer };
+export { type ApprovalFlow, type ApprovalResult, type AuditEventType, AuditLogger, type AuditRecord, type AuditSink, type BashClassification, BashClassifier, type BashOverrides, BudgetTracker, CliApprover, ConfigValidationError, ConfigWatcher, type ConfirmUI, DANGEROUS_PATTERNS, PII_PATTERNS as DLP_PII_PATTERNS, SECRET_PATTERNS as DLP_SECRET_PATTERNS, type DependencyGuardianConfig, type DependencyGuardianConfigType, type DlpAction, type DlpAllowlistEntry, type DlpCategory, type DlpCustomPattern, DlpMasker, type DlpMatch, type DlpPatternDef, type DlpScanResult, DlpScanner, type DlpScannerConfig, type DlpSeverity, EnvIdentityProvider, type ExecutionMode, type FactStore, type GovernanceConfig, type GovernanceToolCall, type GuardianResult, type HitlConfig, IdentityChain, type IdentityProvider, JsonlAuditSink, LocalIdentityProvider, type MaskingConfig, OsoMemoryFactStore, type ParsedInstall, type ParsedPackage, type PathOperation, type PolicyDecision, type PolicyEngine, type RegistryMetadata, type Relation, type ResolvedIdentity, type RoleBinding, SAFE_PATTERNS, TemplateSelector, type TemplateSelectorConfig, type VulnEntry, type VulnerabilityResult, WebhookApprover, WebhookAuditSink, type WizardServerOptions, YamlFactStore, YamlPolicyEngine, type YamlRole, type YamlRules, compareSeverity, createApprovalFlow, createIdentityChain, createPolicyEngine, detectTyposquat, evaluateInstall, fetchRegistryMetadata, levenshteinDistance, loadConfig, normalizedSimilarity, parseInstallCommand, queryVulnerabilities, queryVulnerabilitiesBatch, render as renderTemplate, startWizardServer };

package/dist/index.d.ts

@@ -13,6 +13,26 @@ declare const AuthConfig: _sinclair_typebox.TObject<{
     }>>;
 }>;
 type AuthConfigType = Static<typeof AuthConfig>;
+declare const DependencyGuardianConfig$1: _sinclair_typebox.TObject<{
+    enabled: _sinclair_typebox.TBoolean;
+    checks: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
+        existence: _sinclair_typebox.TBoolean;
+        reputation: _sinclair_typebox.TBoolean;
+        typosquatting: _sinclair_typebox.TBoolean;
+        install_scripts: _sinclair_typebox.TBoolean;
+        vulnerabilities: _sinclair_typebox.TBoolean;
+    }>>;
+    risk_thresholds: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
+        min_age_days: _sinclair_typebox.TNumber;
+        min_weekly_downloads: _sinclair_typebox.TNumber;
+    }>>;
+    on_risk: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"escalate">, _sinclair_typebox.TLiteral<"block">, _sinclair_typebox.TLiteral<"audit">]>>;
+    allowlist: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TString>>;
+    blocklist: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TString>>;
+    blocklist_patterns: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TString>>;
+    custom_registry_bypass: _sinclair_typebox.TBoolean;
+}>;
+type DependencyGuardianConfigType = Static<typeof DependencyGuardianConfig$1>;
 declare const GovernanceConfigSchema: _sinclair_typebox.TObject<{
     auth: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
         provider: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"env">, _sinclair_typebox.TLiteral<"local">, _sinclair_typebox.TLiteral<"oidc">]>;
@@ -89,6 +109,25 @@ declare const GovernanceConfigSchema: _sinclair_typebox.TObject<{
             on_output: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"audit">, _sinclair_typebox.TLiteral<"mask">, _sinclair_typebox.TLiteral<"block">]>>;
         }>>>;
     }>>;
+    dependency_guardian: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
+        enabled: _sinclair_typebox.TBoolean;
+        checks: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
+            existence: _sinclair_typebox.TBoolean;
+            reputation: _sinclair_typebox.TBoolean;
+            typosquatting: _sinclair_typebox.TBoolean;
+            install_scripts: _sinclair_typebox.TBoolean;
+            vulnerabilities: _sinclair_typebox.TBoolean;
+        }>>;
+        risk_thresholds: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
+            min_age_days: _sinclair_typebox.TNumber;
+            min_weekly_downloads: _sinclair_typebox.TNumber;
+        }>>;
+        on_risk: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"escalate">, _sinclair_typebox.TLiteral<"block">, _sinclair_typebox.TLiteral<"audit">]>>;
+        allowlist: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TString>>;
+        blocklist: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TString>>;
+        blocklist_patterns: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TString>>;
+        custom_registry_bypass: _sinclair_typebox.TBoolean;
+    }>>;
     org_units: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TObject<{
         hitl: _sinclair_typebox.TOptional<_sinclair_typebox.TObject<{
             default_mode: _sinclair_typebox.TOptional<_sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"autonomous">, _sinclair_typebox.TLiteral<"supervised">, _sinclair_typebox.TLiteral<"dry_run">]>>;
@@ -340,6 +379,171 @@ declare class DlpMasker {
     maskText(text: string, matches: DlpMatch[]): string;
 }
 
+/**
+ * Extracts package names from shell install commands.
+ *
+ * Supports npm, yarn, pnpm, pip, and cargo.
+ */
+type Ecosystem = 'npm' | 'pypi' | 'crates.io';
+type PackageManager = 'npm' | 'yarn' | 'pnpm' | 'pip' | 'cargo';
+interface ParsedPackage {
+    name: string;
+    version?: string;
+    ecosystem: Ecosystem;
+}
+interface ParsedInstall {
+    manager: PackageManager;
+    packages: ParsedPackage[];
+    flags: string[];
+    raw: string;
+    isLockfileInstall: boolean;
+    usesCustomRegistry: boolean;
+}
+/**
+ * Attempt to parse an install command and extract package names.
+ * Returns undefined if the command is not a recognized install command.
+ */
+declare function parseInstallCommand(command: string): ParsedInstall | undefined;
+
+/**
+ * Registry clients for npm and PyPI.
+ *
+ * Uses built-in fetch() (Node 22+). Zero dependencies.
+ * All endpoints are free and require no authentication.
+ */
+
+interface RegistryMetadata {
+    name: string;
+    ecosystem: Ecosystem;
+    exists: boolean;
+    createdAt?: Date;
+    modifiedAt?: Date;
+    latestVersion?: string;
+    weeklyDownloads?: number;
+    maintainerCount?: number;
+    hasRepository: boolean;
+    hasReadme: boolean;
+    hasInstallScripts: boolean;
+    description?: string;
+    license?: string;
+}
+declare function fetchRegistryMetadata(name: string, ecosystem: Ecosystem): Promise<RegistryMetadata>;
+
+/**
+ * OSV.dev vulnerability database integration.
+ *
+ * Free, no auth, supports all major ecosystems.
+ * https://osv.dev
+ */
+
+interface VulnEntry {
+    id: string;
+    summary: string;
+    severity: 'low' | 'medium' | 'high' | 'critical';
+    fixedIn?: string;
+    aliases: string[];
+}
+interface VulnerabilityResult {
+    package: string;
+    ecosystem: Ecosystem;
+    vulnerabilities: VulnEntry[];
+    error?: string;
+}
+/**
+ * Query OSV.dev for vulnerabilities affecting a single package.
+ */
+declare function queryVulnerabilities(name: string, ecosystem: Ecosystem, version?: string): Promise<VulnerabilityResult>;
+/**
+ * Batch query OSV.dev for multiple packages at once.
+ */
+declare function queryVulnerabilitiesBatch(packages: Array<{
+    name: string;
+    ecosystem: Ecosystem;
+    version?: string;
+}>): Promise<VulnerabilityResult[]>;
+
+/**
+ * Levenshtein distance and typosquat detection.
+ *
+ * Single-row Wagner-Fischer: O(n*m) time, O(min(n,m)) space.
+ * Zero dependencies.
+ */
+declare function levenshteinDistance(a: string, b: string): number;
+declare function normalizedSimilarity(a: string, b: string): number;
+interface TyposquatMatch {
+    target: string;
+    distance: number;
+    similarity: number;
+}
+/**
+ * Check a package name against a corpus of known-good names.
+ * Returns the closest match if it looks like a typosquat.
+ */
+declare function detectTyposquat(name: string, corpus: string[]): TyposquatMatch | undefined;
+
+/**
+ * Risk scoring engine for dependency validation.
+ *
+ * Computes a risk report for a single package based on registry metadata,
+ * vulnerability data, and typosquat analysis.
+ */
+
+type RiskSeverity = 'info' | 'low' | 'medium' | 'high' | 'critical';
+type RiskRecommendation = 'allow' | 'escalate' | 'block';
+interface RiskSignal {
+    name: string;
+    severity: RiskSeverity;
+    detail: string;
+}
+interface RiskReport {
+    package: string;
+    ecosystem: string;
+    overallRisk: RiskSeverity;
+    signals: RiskSignal[];
+    vulnerabilities: VulnEntry[];
+    recommendation: RiskRecommendation;
+    metadata: RegistryMetadata;
+}
+
+/**
+ * Dependency Guardian — orchestrator module.
+ *
+ * Parses install commands, runs all checks, and returns a risk report.
+ */
+
+interface DependencyGuardianConfig {
+    enabled: boolean;
+    checks: {
+        existence: boolean;
+        reputation: boolean;
+        typosquatting: boolean;
+        install_scripts: boolean;
+        vulnerabilities: boolean;
+    };
+    risk_thresholds: {
+        min_age_days: number;
+        min_weekly_downloads: number;
+    };
+    on_risk: 'escalate' | 'block' | 'audit';
+    allowlist: string[];
+    blocklist: string[];
+    blocklist_patterns: string[];
+    custom_registry_bypass: boolean;
+}
+interface GuardianResult {
+    command: string;
+    packages: RiskReport[];
+    overallRecommendation: RiskRecommendation;
+    summary: string;
+    auditMetadata: Record<string, unknown>;
+    skipped: boolean;
+    skipReason?: string;
+}
+/**
+ * Evaluate an install command and return a risk report for all packages.
+ */
+declare function evaluateInstall(command: string, config?: DependencyGuardianConfig): Promise<GuardianResult>;
+
 /**
  * Tracks tool invocation count as a proxy for token budget.
  * The budget value represents max invocations per session; -1 means unlimited.
@@ -402,7 +606,7 @@ interface AuditSink {
     flush(): Promise<void>;
 }
 
-type AuditEventType = 'session_start' | 'session_end' | 'tool_allowed' | 'tool_denied' | 'tool_dry_run' | 'tool_result' | 'bash_denied' | 'path_denied' | 'approval_requested' | 'approval_granted' | 'approval_denied' | 'budget_exceeded' | 'config_reloaded' | 'dlp_blocked' | 'dlp_detected' | 'dlp_masked' | 'config_tampered';
+type AuditEventType = 'session_start' | 'session_end' | 'tool_allowed' | 'tool_denied' | 'tool_dry_run' | 'tool_result' | 'bash_denied' | 'path_denied' | 'approval_requested' | 'approval_granted' | 'approval_denied' | 'budget_exceeded' | 'config_reloaded' | 'dlp_blocked' | 'dlp_detected' | 'dlp_masked' | 'config_tampered' | 'dep_allowed' | 'dep_blocked' | 'dep_escalated' | 'dep_approved' | 'dep_rejected';
 interface AuditRecord {
     id: string;
     timestamp: string;
@@ -524,4 +728,4 @@ declare function startWizardServer(options: WizardServerOptions): Promise<{
     close: () => void;
 }>;
 
-export { type ApprovalFlow, type ApprovalResult, type AuditEventType, AuditLogger, type AuditRecord, type AuditSink, type BashClassification, BashClassifier, type BashOverrides, BudgetTracker, CliApprover, ConfigValidationError, ConfigWatcher, type ConfirmUI, DANGEROUS_PATTERNS, PII_PATTERNS as DLP_PII_PATTERNS, SECRET_PATTERNS as DLP_SECRET_PATTERNS, type DlpAction, type DlpAllowlistEntry, type DlpCategory, type DlpCustomPattern, DlpMasker, type DlpMatch, type DlpPatternDef, type DlpScanResult, DlpScanner, type DlpScannerConfig, type DlpSeverity, EnvIdentityProvider, type ExecutionMode, type FactStore, type GovernanceConfig, type GovernanceToolCall, type HitlConfig, IdentityChain, type IdentityProvider, JsonlAuditSink, LocalIdentityProvider, type MaskingConfig, OsoMemoryFactStore, type PathOperation, type PolicyDecision, type PolicyEngine, type Relation, type ResolvedIdentity, type RoleBinding, SAFE_PATTERNS, TemplateSelector, type TemplateSelectorConfig, WebhookApprover, WebhookAuditSink, type WizardServerOptions, YamlFactStore, YamlPolicyEngine, type YamlRole, type YamlRules, compareSeverity, createApprovalFlow, createIdentityChain, createPolicyEngine, loadConfig, render as renderTemplate, startWizardServer };
+export { type ApprovalFlow, type ApprovalResult, type AuditEventType, AuditLogger, type AuditRecord, type AuditSink, type BashClassification, BashClassifier, type BashOverrides, BudgetTracker, CliApprover, ConfigValidationError, ConfigWatcher, type ConfirmUI, DANGEROUS_PATTERNS, PII_PATTERNS as DLP_PII_PATTERNS, SECRET_PATTERNS as DLP_SECRET_PATTERNS, type DependencyGuardianConfig, type DependencyGuardianConfigType, type DlpAction, type DlpAllowlistEntry, type DlpCategory, type DlpCustomPattern, DlpMasker, type DlpMatch, type DlpPatternDef, type DlpScanResult, DlpScanner, type DlpScannerConfig, type DlpSeverity, EnvIdentityProvider, type ExecutionMode, type FactStore, type GovernanceConfig, type GovernanceToolCall, type GuardianResult, type HitlConfig, IdentityChain, type IdentityProvider, JsonlAuditSink, LocalIdentityProvider, type MaskingConfig, OsoMemoryFactStore, type ParsedInstall, type ParsedPackage, type PathOperation, type PolicyDecision, type PolicyEngine, type RegistryMetadata, type Relation, type ResolvedIdentity, type RoleBinding, SAFE_PATTERNS, TemplateSelector, type TemplateSelectorConfig, type VulnEntry, type VulnerabilityResult, WebhookApprover, WebhookAuditSink, type WizardServerOptions, YamlFactStore, YamlPolicyEngine, type YamlRole, type YamlRules, compareSeverity, createApprovalFlow, createIdentityChain, createPolicyEngine, detectTyposquat, evaluateInstall, fetchRegistryMetadata, levenshteinDistance, loadConfig, normalizedSimilarity, parseInstallCommand, queryVulnerabilities, queryVulnerabilitiesBatch, render as renderTemplate, startWizardServer };