@grwnd/pi-governance 3.0.2 → 3.1.1

package/dist/extensions/index.js

@@ -1826,6 +1826,32 @@ var DlpConfig = Type.Object({
   allowlist: Type.Optional(Type.Array(DlpAllowlistEntryConfig)),
   role_overrides: Type.Optional(Type.Record(Type.String(), DlpRoleOverrideConfig))
 });
+var DependencyGuardianChecksConfig = Type.Object({
+  existence: Type.Boolean({ default: true }),
+  reputation: Type.Boolean({ default: true }),
+  typosquatting: Type.Boolean({ default: true }),
+  install_scripts: Type.Boolean({ default: true }),
+  vulnerabilities: Type.Boolean({ default: true })
+});
+var DependencyGuardianConfig = Type.Object({
+  enabled: Type.Boolean({ default: true }),
+  checks: Type.Optional(DependencyGuardianChecksConfig),
+  risk_thresholds: Type.Optional(
+    Type.Object({
+      min_age_days: Type.Number({ default: 30, minimum: 0 }),
+      min_weekly_downloads: Type.Number({ default: 100, minimum: 0 })
+    })
+  ),
+  on_risk: Type.Optional(
+    Type.Union([Type.Literal("escalate"), Type.Literal("block"), Type.Literal("audit")], {
+      default: "escalate"
+    })
+  ),
+  allowlist: Type.Optional(Type.Array(Type.String())),
+  blocklist: Type.Optional(Type.Array(Type.String())),
+  blocklist_patterns: Type.Optional(Type.Array(Type.String())),
+  custom_registry_bypass: Type.Boolean({ default: true })
+});
 var GovernanceConfigSchema = Type.Object({
   auth: Type.Optional(AuthConfig),
   policy: Type.Optional(PolicyConfig),
@@ -1833,6 +1859,7 @@ var GovernanceConfigSchema = Type.Object({
   hitl: Type.Optional(HitlConfig),
   audit: Type.Optional(AuditConfig),
   dlp: Type.Optional(DlpConfig),
+  dependency_guardian: Type.Optional(DependencyGuardianConfig),
   org_units: Type.Optional(Type.Record(Type.String(), OrgUnitOverride))
 });
 
@@ -2843,6 +2870,1015 @@ var DlpMasker = class {
   }
 };
 
+// src/lib/deps/parser.ts
+var FLAGS_WITH_VALUE = /* @__PURE__ */ new Set([
+  // npm/yarn/pnpm
+  "--registry",
+  "--save-prefix",
+  "--tag",
+  "--cache",
+  "--prefix",
+  // pip
+  "-r",
+  "--requirement",
+  "-c",
+  "--constraint",
+  "-e",
+  "--editable",
+  "-t",
+  "--target",
+  "--index-url",
+  "-i",
+  "--extra-index-url",
+  "--find-links",
+  "-f",
+  "--root",
+  "--prefix",
+  // cargo
+  "--git",
+  "--branch",
+  "--rev",
+  "--path",
+  "--version"
+]);
+var CUSTOM_REGISTRY_FLAGS = /* @__PURE__ */ new Set(["--registry", "--index-url", "-i", "--extra-index-url"]);
+var LOCKFILE_PATTERNS = [
+  /\bnpm\s+ci\b/,
+  /\bpnpm\s+install\s+--frozen-lockfile\b/,
+  /\byarn\s+install\s+--frozen-lockfile\b/,
+  /\bpip\s+install\b.*--require-hashes\b/
+];
+var MANAGER_MATCHERS = [
+  { manager: "npm", ecosystem: "npm", subcommandPattern: /\bnpm\s+(install|i|add)\s/ },
+  { manager: "yarn", ecosystem: "npm", subcommandPattern: /\byarn\s+(add|install)\s/ },
+  { manager: "pnpm", ecosystem: "npm", subcommandPattern: /\bpnpm\s+(add|install|i)\s/ },
+  { manager: "pip", ecosystem: "pypi", subcommandPattern: /\bpip\s+install\s/ },
+  { manager: "cargo", ecosystem: "crates.io", subcommandPattern: /\bcargo\s+(add|install)\s/ }
+];
+function splitVersionFromName(raw, ecosystem) {
+  if (ecosystem === "npm") {
+    const atIdx = raw.lastIndexOf("@");
+    if (atIdx > 0) {
+      return { name: raw.slice(0, atIdx), version: raw.slice(atIdx + 1) };
+    }
+    return { name: raw };
+  }
+  if (ecosystem === "pypi") {
+    const match = raw.match(/^([a-zA-Z0-9_.-]+)([=<>!~]+.+)?$/);
+    if (match) {
+      return { name: match[1], version: match[2] };
+    }
+    return { name: raw };
+  }
+  if (ecosystem === "crates.io") {
+    const atIdx = raw.indexOf("@");
+    if (atIdx > 0) {
+      return { name: raw.slice(0, atIdx), version: raw.slice(atIdx + 1) };
+    }
+    return { name: raw };
+  }
+  return { name: raw };
+}
+function parseInstallCommand(command) {
+  const trimmed = command.trim();
+  const isLockfileInstall = LOCKFILE_PATTERNS.some((p) => p.test(trimmed));
+  if (/\bnpm\s+ci\b/.test(trimmed)) {
+    return {
+      manager: "npm",
+      packages: [],
+      flags: [],
+      raw: trimmed,
+      isLockfileInstall: true,
+      usesCustomRegistry: false
+    };
+  }
+  for (const matcher of MANAGER_MATCHERS) {
+    if (!matcher.subcommandPattern.test(trimmed)) continue;
+    const subMatch = trimmed.match(matcher.subcommandPattern);
+    if (!subMatch) continue;
+    const afterSubcommand = trimmed.slice(subMatch.index + subMatch[0].length);
+    const tokens = tokenize(afterSubcommand);
+    const packages = [];
+    const flags = [];
+    let usesCustomRegistry = false;
+    for (let i = 0; i < tokens.length; i++) {
+      const token = tokens[i];
+      if (token.startsWith("-")) {
+        flags.push(token);
+        const flagName = token.includes("=") ? token.slice(0, token.indexOf("=")) : token;
+        if (CUSTOM_REGISTRY_FLAGS.has(flagName)) {
+          usesCustomRegistry = true;
+        }
+        if (FLAGS_WITH_VALUE.has(flagName) || token.includes("=")) {
+          if (!token.includes("=")) i++;
+        }
+        continue;
+      }
+      if (matcher.manager === "pip" && (token.endsWith(".txt") || token.endsWith(".cfg"))) {
+        continue;
+      }
+      if (matcher.manager === "pip" && (token.startsWith("/") || token.startsWith("./") || token.startsWith("http://") || token.startsWith("https://") || token.startsWith("git+"))) {
+        continue;
+      }
+      const { name, version } = splitVersionFromName(token, matcher.ecosystem);
+      if (name) {
+        packages.push({ name, version, ecosystem: matcher.ecosystem });
+      }
+    }
+    return {
+      manager: matcher.manager,
+      packages,
+      flags,
+      raw: trimmed,
+      isLockfileInstall,
+      usesCustomRegistry
+    };
+  }
+  return void 0;
+}
+function tokenize(input) {
+  const tokens = [];
+  let current = "";
+  let inSingleQuote = false;
+  let inDoubleQuote = false;
+  for (let i = 0; i < input.length; i++) {
+    const ch = input[i];
+    if (ch === "'" && !inDoubleQuote) {
+      inSingleQuote = !inSingleQuote;
+      continue;
+    }
+    if (ch === '"' && !inSingleQuote) {
+      inDoubleQuote = !inDoubleQuote;
+      continue;
+    }
+    if (ch === " " && !inSingleQuote && !inDoubleQuote) {
+      if (current) tokens.push(current);
+      current = "";
+    } else {
+      current += ch;
+    }
+  }
+  if (current) tokens.push(current);
+  return tokens;
+}
+
+// src/lib/deps/registry.ts
+var REQUEST_TIMEOUT_MS = 5e3;
+function withTimeout(ms) {
+  return AbortSignal.timeout(ms);
+}
+async function fetchNpmMetadata(name) {
+  const encodedName = name.startsWith("@") ? `@${encodeURIComponent(name.slice(1))}` : encodeURIComponent(name);
+  const url = `https://registry.npmjs.org/${encodedName}`;
+  let res;
+  try {
+    res = await fetch(url, { signal: withTimeout(REQUEST_TIMEOUT_MS) });
+  } catch {
+    return notFound(name, "npm");
+  }
+  if (!res.ok) return notFound(name, "npm");
+  const data = await res.json();
+  const latest = data["dist-tags"]?.["latest"];
+  const latestVersion = latest ? data.versions?.[latest] : void 0;
+  const scripts = latestVersion?.scripts ?? {};
+  const hasInstallScripts = !!(scripts["preinstall"] || scripts["install"] || scripts["postinstall"]);
+  let weeklyDownloads;
+  try {
+    const dlUrl = `https://api.npmjs.org/downloads/point/last-week/${encodedName}`;
+    const dlRes = await fetch(dlUrl, { signal: withTimeout(REQUEST_TIMEOUT_MS) });
+    if (dlRes.ok) {
+      const dlData = await dlRes.json();
+      weeklyDownloads = dlData.downloads;
+    }
+  } catch {
+  }
+  return {
+    name,
+    ecosystem: "npm",
+    exists: true,
+    createdAt: data.time?.["created"] ? new Date(data.time["created"]) : void 0,
+    modifiedAt: data.time?.["modified"] ? new Date(data.time["modified"]) : void 0,
+    latestVersion: latest,
+    weeklyDownloads,
+    maintainerCount: data.maintainers?.length,
+    hasRepository: !!data.repository,
+    hasReadme: !!(data.readme && data.readme.length > 10),
+    hasInstallScripts,
+    description: data.description,
+    license: data.license
+  };
+}
+async function fetchPyPIMetadata(name) {
+  const url = `https://pypi.org/pypi/${encodeURIComponent(name)}/json`;
+  let res;
+  try {
+    res = await fetch(url, { signal: withTimeout(REQUEST_TIMEOUT_MS) });
+  } catch {
+    return notFound(name, "pypi");
+  }
+  if (!res.ok) return notFound(name, "pypi");
+  const data = await res.json();
+  let earliest;
+  for (const files of Object.values(data.releases)) {
+    for (const file of files) {
+      const d = new Date(file.upload_time);
+      if (!earliest || d < earliest) earliest = d;
+    }
+  }
+  const projectUrls = data.info.project_urls ?? {};
+  const hasRepo = !!(data.info.home_page || projectUrls["Source"] || projectUrls["Repository"] || projectUrls["GitHub"] || projectUrls["Homepage"]);
+  const hasMaintainer = !!(data.info.maintainer || data.info.author);
+  let weeklyDownloads;
+  try {
+    const statsUrl = `https://pypistats.org/api/packages/${encodeURIComponent(name)}/recent`;
+    const statsRes = await fetch(statsUrl, {
+      signal: withTimeout(REQUEST_TIMEOUT_MS),
+      headers: { Accept: "application/json" }
+    });
+    if (statsRes.ok) {
+      const statsData = await statsRes.json();
+      weeklyDownloads = statsData.data?.last_week;
+    }
+  } catch {
+  }
+  return {
+    name,
+    ecosystem: "pypi",
+    exists: true,
+    createdAt: earliest,
+    modifiedAt: data.urls.length > 0 ? new Date(data.urls[data.urls.length - 1].upload_time) : void 0,
+    latestVersion: data.info.version,
+    weeklyDownloads,
+    maintainerCount: hasMaintainer ? 1 : 0,
+    hasRepository: hasRepo,
+    hasReadme: !!(data.info.description && data.info.description.length > 10),
+    hasInstallScripts: false,
+    // PyPI doesn't have post-install scripts in the same way
+    description: data.info.summary,
+    license: data.info.license
+  };
+}
+function notFound(name, ecosystem) {
+  return {
+    name,
+    ecosystem,
+    exists: false,
+    hasRepository: false,
+    hasReadme: false,
+    hasInstallScripts: false
+  };
+}
+var cache = /* @__PURE__ */ new Map();
+var MAX_CACHE_SIZE = 200;
+function cacheKey(name, ecosystem) {
+  return `${ecosystem}:${name}`;
+}
+async function fetchRegistryMetadata(name, ecosystem) {
+  const key = cacheKey(name, ecosystem);
+  const cached = cache.get(key);
+  if (cached) return cached;
+  let result;
+  switch (ecosystem) {
+    case "npm":
+      result = await fetchNpmMetadata(name);
+      break;
+    case "pypi":
+      result = await fetchPyPIMetadata(name);
+      break;
+    default:
+      result = notFound(name, ecosystem);
+  }
+  if (cache.size >= MAX_CACHE_SIZE) {
+    const firstKey = cache.keys().next().value;
+    if (firstKey !== void 0) cache.delete(firstKey);
+  }
+  cache.set(key, result);
+  return result;
+}
+
+// src/lib/deps/vulnerabilities.ts
+var REQUEST_TIMEOUT_MS2 = 5e3;
+function osvEcosystem(ecosystem) {
+  switch (ecosystem) {
+    case "npm":
+      return "npm";
+    case "pypi":
+      return "PyPI";
+    case "crates.io":
+      return "crates.io";
+    default:
+      return ecosystem;
+  }
+}
+function parseSeverity(vuln) {
+  const sevEntry = vuln.severity?.find((s) => s.type === "CVSS_V3");
+  if (!sevEntry) return "medium";
+  const scoreStr = sevEntry.score;
+  const numericMatch = scoreStr.match(/(\d+\.\d+)/);
+  if (numericMatch) {
+    const score = parseFloat(numericMatch[1]);
+    if (score >= 9) return "critical";
+    if (score >= 7) return "high";
+    if (score >= 4) return "medium";
+    return "low";
+  }
+  return "medium";
+}
+function extractFixedVersion(vuln) {
+  for (const affected of vuln.affected ?? []) {
+    for (const range of affected.ranges ?? []) {
+      for (const event of range.events ?? []) {
+        if (event.fixed) return event.fixed;
+      }
+    }
+  }
+  return void 0;
+}
+function mapVuln(vuln) {
+  return {
+    id: vuln.id,
+    summary: vuln.summary ?? vuln.details?.slice(0, 200) ?? "No description",
+    severity: parseSeverity(vuln),
+    fixedIn: extractFixedVersion(vuln),
+    aliases: vuln.aliases ?? []
+  };
+}
+async function queryVulnerabilities(name, ecosystem, version) {
+  const body = {
+    package: { name, ecosystem: osvEcosystem(ecosystem) }
+  };
+  if (version) body.version = version;
+  try {
+    const res = await fetch("https://api.osv.dev/v1/query", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(body),
+      signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS2)
+    });
+    if (!res.ok) {
+      return { package: name, ecosystem, vulnerabilities: [], error: `OSV HTTP ${res.status}` };
+    }
+    const data = await res.json();
+    return {
+      package: name,
+      ecosystem,
+      vulnerabilities: (data.vulns ?? []).map(mapVuln)
+    };
+  } catch (err) {
+    return {
+      package: name,
+      ecosystem,
+      vulnerabilities: [],
+      error: err instanceof Error ? err.message : "Unknown error"
+    };
+  }
+}
+async function queryVulnerabilitiesBatch(packages) {
+  if (packages.length === 0) return [];
+  if (packages.length === 1) {
+    const pkg = packages[0];
+    return [await queryVulnerabilities(pkg.name, pkg.ecosystem, pkg.version)];
+  }
+  const queries = packages.map((pkg) => {
+    const q = {
+      package: { name: pkg.name, ecosystem: osvEcosystem(pkg.ecosystem) }
+    };
+    if (pkg.version) q.version = pkg.version;
+    return q;
+  });
+  try {
+    const res = await fetch("https://api.osv.dev/v1/querybatch", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ queries }),
+      signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS2)
+    });
+    if (!res.ok) {
+      return packages.map((pkg) => ({
+        package: pkg.name,
+        ecosystem: pkg.ecosystem,
+        vulnerabilities: [],
+        error: `OSV HTTP ${res.status}`
+      }));
+    }
+    const data = await res.json();
+    return data.results.map((result, i) => ({
+      package: packages[i].name,
+      ecosystem: packages[i].ecosystem,
+      vulnerabilities: (result.vulns ?? []).map(mapVuln)
+    }));
+  } catch (err) {
+    const errMsg = err instanceof Error ? err.message : "Unknown error";
+    return packages.map((pkg) => ({
+      package: pkg.name,
+      ecosystem: pkg.ecosystem,
+      vulnerabilities: [],
+      error: errMsg
+    }));
+  }
+}
+
+// src/lib/deps/levenshtein.ts
+function levenshteinDistance(a, b) {
+  if (a === b) return 0;
+  if (a.length === 0) return b.length;
+  if (b.length === 0) return a.length;
+  if (a.length > b.length) [a, b] = [b, a];
+  const m = a.length;
+  const n = b.length;
+  const row = new Array(m + 1);
+  for (let j = 0; j <= m; j++) row[j] = j;
+  for (let i = 1; i <= n; i++) {
+    let corner = row[0];
+    row[0] = i;
+    for (let j = 1; j <= m; j++) {
+      const temp = row[j];
+      if (b[i - 1] === a[j - 1]) {
+        row[j] = corner;
+      } else {
+        row[j] = 1 + Math.min(corner, temp, row[j - 1]);
+      }
+      corner = temp;
+    }
+  }
+  return row[m];
+}
+function normalizedSimilarity(a, b) {
+  const maxLen = Math.max(a.length, b.length);
+  if (maxLen === 0) return 1;
+  return 1 - levenshteinDistance(a, b) / maxLen;
+}
+function normalizeName(name) {
+  const stripped = name.replace(/^@[^/]+\//, "");
+  return stripped.replace(/[-_.]/g, "").toLowerCase();
+}
+function detectTyposquat(name, corpus) {
+  const normalized = normalizeName(name);
+  let bestMatch;
+  let bestDistance = Infinity;
+  for (const target of corpus) {
+    const normalizedTarget = normalizeName(target);
+    if (normalizedTarget === normalized) return void 0;
+    const distance = levenshteinDistance(normalized, normalizedTarget);
+    const similarity = normalizedSimilarity(normalized, normalizedTarget);
+    const shouldFlag = distance === 1 || distance === 2 && normalized.length >= 5 || similarity >= 0.85;
+    if (shouldFlag && distance < bestDistance) {
+      bestDistance = distance;
+      bestMatch = { target, distance, similarity };
+    }
+  }
+  return bestMatch;
+}
+
+// src/lib/deps/allowlist.ts
+var DEFAULT_NPM_ALLOWLIST = [
+  // Frameworks
+  "express",
+  "react",
+  "react-dom",
+  "next",
+  "vue",
+  "angular",
+  "svelte",
+  "fastify",
+  "koa",
+  "hapi",
+  "nest",
+  "nuxt",
+  // Build tools
+  "typescript",
+  "webpack",
+  "vite",
+  "esbuild",
+  "tsup",
+  "rollup",
+  "parcel",
+  "babel",
+  "swc",
+  // Quality tools
+  "prettier",
+  "eslint",
+  "vitest",
+  "jest",
+  "mocha",
+  "chai",
+  "sinon",
+  "husky",
+  "lint-staged",
+  // Utilities
+  "lodash",
+  "axios",
+  "chalk",
+  "commander",
+  "debug",
+  "async",
+  "uuid",
+  "semver",
+  "glob",
+  "fs-extra",
+  "mkdirp",
+  "rimraf",
+  "minimist",
+  "yargs",
+  "dotenv",
+  "nanoid",
+  "date-fns",
+  "dayjs",
+  "moment",
+  "rxjs",
+  "immer",
+  // Validation
+  "zod",
+  "joi",
+  "ajv",
+  "yup",
+  // HTTP / API
+  "cors",
+  "body-parser",
+  "cookie-parser",
+  "morgan",
+  "helmet",
+  "jsonwebtoken",
+  "bcrypt",
+  "passport",
+  // Database
+  "mongoose",
+  "sequelize",
+  "prisma",
+  "typeorm",
+  "knex",
+  "pg",
+  "mysql2",
+  "redis",
+  "ioredis",
+  "better-sqlite3",
+  // Realtime
+  "socket.io",
+  "ws",
+  // State management
+  "zustand",
+  "redux",
+  "mobx",
+  // CSS
+  "tailwindcss",
+  "postcss",
+  "autoprefixer",
+  "sass",
+  "styled-components",
+  "clsx",
+  "classnames",
+  // Media
+  "sharp",
+  "puppeteer",
+  "cheerio",
+  "marked",
+  "highlight.js",
+  // Types
+  "tslib"
+];
+var DEFAULT_PYPI_ALLOWLIST = [
+  // Web
+  "requests",
+  "flask",
+  "django",
+  "fastapi",
+  "aiohttp",
+  "httpx",
+  "uvicorn",
+  "gunicorn",
+  "starlette",
+  // Data
+  "numpy",
+  "pandas",
+  "scipy",
+  "matplotlib",
+  "scikit-learn",
+  "pillow",
+  // Infrastructure
+  "boto3",
+  "botocore",
+  "urllib3",
+  "certifi",
+  "charset-normalizer",
+  "idna",
+  // Core
+  "setuptools",
+  "pip",
+  "wheel",
+  "packaging",
+  "typing-extensions",
+  "six",
+  "python-dateutil",
+  "pyyaml",
+  "tomli",
+  "filelock",
+  "attrs",
+  "click",
+  "importlib-metadata",
+  "zipp",
+  "platformdirs",
+  // Crypto
+  "cryptography",
+  "cffi",
+  "pycparser",
+  "jmespath",
+  "pyasn1",
+  // DB
+  "sqlalchemy",
+  "psycopg2",
+  "redis",
+  "celery",
+  // Template / Markup
+  "jinja2",
+  "markupsafe",
+  "beautifulsoup4",
+  "lxml",
+  "scrapy",
+  // Validation
+  "pydantic",
+  // Testing
+  "pytest",
+  "tox",
+  "coverage",
+  "mock"
+];
+var DEFAULT_BLOCKLIST_EXACT = [
+  // npm typosquats (historically malicious)
+  "crossenv",
+  "cross-env.js",
+  "d3.js",
+  "fabric-js",
+  "ffmpegs",
+  "gruntcli",
+  "http-proxy.js",
+  "jquery.js",
+  "mongose",
+  "mssql-node",
+  "nodecaffe",
+  "nodefabric",
+  "nodemailer-js",
+  "noderequest",
+  "nodesass",
+  "opencv.js",
+  "openssl.js",
+  "shadowsock",
+  "sqliter",
+  "sqlserver",
+  // npm compromised
+  "flatmap-stream",
+  // PyPI typosquats
+  "colourama",
+  "python3-dateutil",
+  "requesocks",
+  "requesst",
+  "beautifulsup",
+  "numppy",
+  "numpys",
+  "djanga",
+  "urlib3"
+];
+var DEFAULT_BLOCKLIST_PATTERNS = [
+  /-free-download$/,
+  /-crack$/,
+  /-keygen$/,
+  /-license-key$/,
+  /-hack$/,
+  /-serial$/,
+  /-activation$/,
+  /-premium-free$/,
+  /-generator-free$/
+];
+function buildAllowBlockLists(ecosystem, userAllowlist, userBlocklist, userBlocklistPatterns) {
+  const base = ecosystem === "npm" ? DEFAULT_NPM_ALLOWLIST : ecosystem === "pypi" ? DEFAULT_PYPI_ALLOWLIST : [];
+  return {
+    allowlist: [...base, ...userAllowlist],
+    blocklist: [...DEFAULT_BLOCKLIST_EXACT, ...userBlocklist],
+    blocklistPatterns: [
+      ...DEFAULT_BLOCKLIST_PATTERNS,
+      ...userBlocklistPatterns.map((p) => new RegExp(p))
+    ]
+  };
+}
+function isAllowlisted(name, allowlist) {
+  return allowlist.includes(name);
+}
+function isBlocklisted(name, blocklist, blocklistPatterns) {
+  if (blocklist.includes(name)) return true;
+  return blocklistPatterns.some((p) => p.test(name));
+}
+
+// src/lib/deps/risk.ts
+var DEFAULT_THRESHOLDS = {
+  minAgeDays: 30,
+  minWeeklyDownloads: 100
+};
+var SEVERITY_ORDER2 = {
+  info: 0,
+  low: 1,
+  medium: 2,
+  high: 3,
+  critical: 4
+};
+function maxSeverity(a, b) {
+  return SEVERITY_ORDER2[a] >= SEVERITY_ORDER2[b] ? a : b;
+}
+function computeRiskReport(metadata, vulns, typosquatMatch, isBlocklisted2, isAllowlisted2, thresholds = DEFAULT_THRESHOLDS) {
+  const signals = [];
+  let overallRisk = "info";
+  if (!metadata.exists) {
+    signals.push({
+      name: "package_not_found",
+      severity: "critical",
+      detail: `Package "${metadata.name}" does not exist on ${metadata.ecosystem}`
+    });
+    overallRisk = "critical";
+  }
+  if (isBlocklisted2) {
+    signals.push({
+      name: "on_blocklist",
+      severity: "critical",
+      detail: `Package "${metadata.name}" is on the blocklist`
+    });
+    overallRisk = "critical";
+  }
+  for (const vuln of vulns) {
+    signals.push({
+      name: "known_vulnerability",
+      severity: vuln.severity,
+      detail: `${vuln.id}: ${vuln.summary}${vuln.fixedIn ? ` (fixed in ${vuln.fixedIn})` : ""}`
+    });
+    overallRisk = maxSeverity(overallRisk, vuln.severity);
+  }
+  if (isAllowlisted2 && signals.length === 0) {
+    return {
+      package: metadata.name,
+      ecosystem: metadata.ecosystem,
+      overallRisk: "info",
+      signals: [],
+      vulnerabilities: vulns,
+      recommendation: "allow",
+      metadata
+    };
+  }
+  if (!isAllowlisted2 && metadata.exists) {
+    if (metadata.createdAt) {
+      const ageDays = (Date.now() - metadata.createdAt.getTime()) / (1e3 * 60 * 60 * 24);
+      if (ageDays < 7) {
+        signals.push({
+          name: "very_new_package",
+          severity: "high",
+          detail: `Created ${Math.floor(ageDays)} days ago`
+        });
+        overallRisk = maxSeverity(overallRisk, "high");
+      } else if (ageDays < thresholds.minAgeDays) {
+        signals.push({
+          name: "new_package",
+          severity: "medium",
+          detail: `Created ${Math.floor(ageDays)} days ago (threshold: ${thresholds.minAgeDays})`
+        });
+        overallRisk = maxSeverity(overallRisk, "medium");
+      }
+    }
+    if (metadata.weeklyDownloads !== void 0) {
+      if (metadata.weeklyDownloads < thresholds.minWeeklyDownloads) {
+        const sev = metadata.weeklyDownloads < 10 ? "high" : "medium";
+        signals.push({
+          name: "low_downloads",
+          severity: sev,
+          detail: `${metadata.weeklyDownloads} weekly downloads (threshold: ${thresholds.minWeeklyDownloads})`
+        });
+        overallRisk = maxSeverity(overallRisk, sev);
+      }
+    }
+    if (typosquatMatch) {
+      signals.push({
+        name: "typosquat_suspect",
+        severity: "high",
+        detail: `Similar to "${typosquatMatch.target}" (edit distance: ${typosquatMatch.distance})`
+      });
+      overallRisk = maxSeverity(overallRisk, "high");
+    }
+    if (metadata.hasInstallScripts) {
+      signals.push({
+        name: "has_install_scripts",
+        severity: "medium",
+        detail: "Package has preinstall/install/postinstall scripts"
+      });
+      overallRisk = maxSeverity(overallRisk, "medium");
+    }
+    if (!metadata.hasRepository) {
+      signals.push({
+        name: "no_repository",
+        severity: "low",
+        detail: "No source repository URL in metadata"
+      });
+      overallRisk = maxSeverity(overallRisk, "low");
+    }
+    if (!metadata.hasReadme) {
+      signals.push({
+        name: "no_readme",
+        severity: "low",
+        detail: "No README content"
+      });
+      overallRisk = maxSeverity(overallRisk, "low");
+    }
+    if (!metadata.license) {
+      signals.push({
+        name: "no_license",
+        severity: "low",
+        detail: "No license declared"
+      });
+      overallRisk = maxSeverity(overallRisk, "low");
+    }
+    if (metadata.maintainerCount !== void 0 && metadata.maintainerCount <= 1) {
+      signals.push({
+        name: "single_maintainer",
+        severity: "info",
+        detail: `${metadata.maintainerCount} maintainer(s)`
+      });
+    }
+  }
+  let recommendation;
+  if (SEVERITY_ORDER2[overallRisk] >= SEVERITY_ORDER2["critical"]) {
+    recommendation = "block";
+  } else if (SEVERITY_ORDER2[overallRisk] >= SEVERITY_ORDER2["medium"]) {
+    recommendation = "escalate";
+  } else {
+    recommendation = "allow";
+  }
+  return {
+    package: metadata.name,
+    ecosystem: metadata.ecosystem,
+    overallRisk,
+    signals,
+    vulnerabilities: vulns,
+    recommendation,
+    metadata
+  };
+}
+
+// src/lib/deps/guardian.ts
+var DEFAULT_CONFIG2 = {
+  enabled: true,
+  checks: {
+    existence: true,
+    reputation: true,
+    typosquatting: true,
+    install_scripts: true,
+    vulnerabilities: true
+  },
+  risk_thresholds: {
+    min_age_days: 30,
+    min_weekly_downloads: 100
+  },
+  on_risk: "escalate",
+  allowlist: [],
+  blocklist: [],
+  blocklist_patterns: [],
+  custom_registry_bypass: true
+};
+async function evaluateInstall(command, config = DEFAULT_CONFIG2) {
+  if (!config.enabled) {
+    return skippedResult(command, "Dependency guardian is disabled");
+  }
+  const parsed = parseInstallCommand(command);
+  if (!parsed) {
+    return skippedResult(command, "Not a recognized install command");
+  }
+  if (parsed.isLockfileInstall) {
+    return skippedResult(command, "Lock-file install (pinned dependencies)");
+  }
+  if (config.custom_registry_bypass && parsed.usesCustomRegistry) {
+    return skippedResult(command, "Custom registry detected (bypass enabled)");
+  }
+  if (parsed.packages.length === 0) {
+    return skippedResult(command, "No specific packages to validate");
+  }
+  const ecosystems = [...new Set(parsed.packages.map((p) => p.ecosystem))];
+  const listsPerEcosystem = new Map(
+    ecosystems.map((eco) => [
+      eco,
+      buildAllowBlockLists(eco, config.allowlist, config.blocklist, config.blocklist_patterns)
+    ])
+  );
+  const metadataPromises = parsed.packages.map(async (pkg) => {
+    if (!config.checks.existence && !config.checks.reputation && !config.checks.install_scripts) {
+      return void 0;
+    }
+    return fetchRegistryMetadata(pkg.name, pkg.ecosystem);
+  });
+  const vulnPromise = config.checks.vulnerabilities ? queryVulnerabilitiesBatch(
+    parsed.packages.map((p) => ({
+      name: p.name,
+      ecosystem: p.ecosystem,
+      version: p.version
+    }))
+  ) : Promise.resolve(
+    parsed.packages.map((p) => ({
+      package: p.name,
+      ecosystem: p.ecosystem,
+      vulnerabilities: []
+    }))
+  );
+  const [metadataResults, vulnResults] = await Promise.all([
+    Promise.all(metadataPromises),
+    vulnPromise
+  ]);
+  const reports = [];
+  for (let i = 0; i < parsed.packages.length; i++) {
+    const pkg = parsed.packages[i];
+    const lists = listsPerEcosystem.get(pkg.ecosystem);
+    const allowed = isAllowlisted(pkg.name, lists.allowlist);
+    const blocked = isBlocklisted(pkg.name, lists.blocklist, lists.blocklistPatterns);
+    const metadata = metadataResults[i] ?? {
+      name: pkg.name,
+      ecosystem: pkg.ecosystem,
+      exists: true,
+      // assume exists if we didn't check
+      hasRepository: true,
+      hasReadme: true,
+      hasInstallScripts: false
+    };
+    const vulns = vulnResults[i]?.vulnerabilities ?? [];
+    const typosquatMatch = config.checks.typosquatting && !allowed ? detectTyposquat(pkg.name, lists.allowlist) : void 0;
+    const report = computeRiskReport(metadata, vulns, typosquatMatch, blocked, allowed, {
+      minAgeDays: config.risk_thresholds.min_age_days,
+      minWeeklyDownloads: config.risk_thresholds.min_weekly_downloads
+    });
+    reports.push(report);
+  }
+  let overallRecommendation = "allow";
+  for (const report of reports) {
+    if (report.recommendation === "block") {
+      overallRecommendation = "block";
+      break;
+    }
+    if (report.recommendation === "escalate") {
+      overallRecommendation = "escalate";
+    }
+  }
+  if (config.on_risk === "audit" && overallRecommendation === "escalate") {
+    overallRecommendation = "allow";
+  }
+  if (config.on_risk === "block" && overallRecommendation === "escalate") {
+    overallRecommendation = "block";
+  }
+  const summary = formatSummary(command, reports, overallRecommendation);
+  return {
+    command,
+    packages: reports,
+    overallRecommendation,
+    summary,
+    auditMetadata: {
+      command,
+      manager: parsed.manager,
+      packages: reports.map((r) => ({
+        name: r.package,
+        ecosystem: r.ecosystem,
+        risk: r.overallRisk,
+        signals: r.signals.map((s) => s.name),
+        vulnCount: r.vulnerabilities.length
+      }))
+    },
+    skipped: false
+  };
+}
+function skippedResult(command, reason) {
+  return {
+    command,
+    packages: [],
+    overallRecommendation: "allow",
+    summary: reason,
+    auditMetadata: { command, skipped: true, reason },
+    skipped: true,
+    skipReason: reason
+  };
+}
+function formatSummary(command, reports, recommendation) {
+  const lines = [];
+  lines.push(`Command: ${command}`);
+  lines.push("");
+  for (const report of reports) {
+    if (report.signals.length === 0 && report.vulnerabilities.length === 0) continue;
+    lines.push(`Package: ${report.package} (${report.ecosystem})`);
+    lines.push(`Risk: ${report.overallRisk.toUpperCase()}`);
+    if (report.signals.length > 0) {
+      lines.push("Signals:");
+      for (const signal of report.signals) {
+        const icon = signal.severity === "critical" || signal.severity === "high" ? "!!" : signal.severity === "medium" ? "! " : "  ";
+        lines.push(`  ${icon} ${signal.name}: ${signal.detail}`);
+      }
+    }
+    lines.push("");
+  }
+  if (recommendation === "block") {
+    lines.push("Recommendation: BLOCK");
+  } else if (recommendation === "escalate") {
+    lines.push("Recommendation: Requires human approval");
+  }
+  return lines.join("\n");
+}
+
 // src/extensions/index.ts
 var PATH_TOOLS = {
   read: "path",
@@ -2946,6 +3982,28 @@ function resolveDlpConfig(dlpConfig, role) {
     pattern_overrides: patternOverrides
   };
 }
+function resolveGuardianConfig(cfg) {
+  if (!cfg || cfg.enabled === false) return void 0;
+  return {
+    enabled: cfg.enabled ?? true,
+    checks: {
+      existence: cfg.checks?.existence ?? true,
+      reputation: cfg.checks?.reputation ?? true,
+      typosquatting: cfg.checks?.typosquatting ?? true,
+      install_scripts: cfg.checks?.install_scripts ?? true,
+      vulnerabilities: cfg.checks?.vulnerabilities ?? true
+    },
+    risk_thresholds: {
+      min_age_days: cfg.risk_thresholds?.min_age_days ?? 30,
+      min_weekly_downloads: cfg.risk_thresholds?.min_weekly_downloads ?? 100
+    },
+    on_risk: cfg.on_risk ?? "escalate",
+    allowlist: cfg.allowlist ?? [],
+    blocklist: cfg.blocklist ?? [],
+    blocklist_patterns: cfg.blocklist_patterns ?? [],
+    custom_registry_bypass: cfg.custom_registry_bypass ?? true
+  };
+}
 var piGovernance = (pi) => {
   let config;
   let policyEngine;
@@ -2959,6 +4017,7 @@ var piGovernance = (pi) => {
   let configWatcher;
   let dlpScanner;
   let dlpMasker;
+  let guardianConfig;
   let protectedPaths = /* @__PURE__ */ new Set();
   const stats = {
     configTampered: 0,
@@ -3054,6 +4113,7 @@ var piGovernance = (pi) => {
       dlpScanner = new DlpScanner(dlpCfg);
       dlpMasker = new DlpMasker(config.dlp?.masking);
     }
+    guardianConfig = resolveGuardianConfig(config.dependency_guardian);
     if (loaded.source !== "built-in") {
       configWatcher = new ConfigWatcher(
         loaded.source,
@@ -3073,6 +4133,7 @@ var piGovernance = (pi) => {
             dlpScanner = void 0;
             dlpMasker = void 0;
           }
+          guardianConfig = resolveGuardianConfig(newConfig.dependency_guardian);
           audit.log({
             sessionId,
             event: "config_reloaded",
@@ -3103,7 +4164,7 @@ var piGovernance = (pi) => {
       "info"
     );
   });
-  pi.on("tool_call", async (event, _ctx) => {
+  pi.on("tool_call", async (event, ctx) => {
     if (!audit || !policyEngine || !identity) return void 0;
     const { toolName, input } = event;
     const params = summarizeParams(toolName, input);
@@ -3169,6 +4230,47 @@ var piGovernance = (pi) => {
       const command = typeof input["command"] === "string" ? input["command"] : "";
       const classification = bashClassifier.classify(command);
       if (classification === "dangerous") {
+        if (guardianConfig && parseInstallCommand(command)) {
+          const guardianResult = await evaluateInstall(command, guardianConfig);
+          if (!guardianResult.skipped) {
+            if (guardianResult.overallRecommendation === "block") {
+              stats.denied++;
+              await audit.log({
+                ...baseRecord,
+                event: "dep_blocked",
+                decision: "denied",
+                reason: guardianResult.summary,
+                metadata: guardianResult.auditMetadata
+              });
+              return { block: true, reason: guardianResult.summary };
+            }
+            if (guardianResult.overallRecommendation === "escalate") {
+              await audit.log({
+                ...baseRecord,
+                event: "dep_escalated",
+                metadata: guardianResult.auditMetadata
+              });
+              const approved = await ctx.ui.confirm(
+                "Dependency Review Required",
+                guardianResult.summary
+              );
+              if (!approved) {
+                stats.denied++;
+                await audit.log({ ...baseRecord, event: "dep_rejected" });
+                return { block: true, reason: "Dependency rejected by reviewer" };
+              }
+              stats.approvals++;
+              await audit.log({ ...baseRecord, event: "dep_approved" });
+            }
+            await audit.log({
+              ...baseRecord,
+              event: "dep_allowed",
+              metadata: guardianResult.auditMetadata
+            });
+            stats.allowed++;
+            return void 0;
+          }
+        }
         stats.denied++;
         await audit.log({
           ...baseRecord,