{"id":48618392,"url":"https://github.com/dtmirizzi/pi-governance","last_synced_at":"2026-04-09T02:32:37.739Z","repository":{"id":341434210,"uuid":"1170069860","full_name":"dtmirizzi/pi-governance","owner":"dtmirizzi","description":"Governance, RBAC, audit, DLP, and human-in-the-loop for Pi-based coding agents.","archived":false,"fork":false,"pushed_at":"2026-03-31T16:53:40.000Z","size":14578,"stargazers_count":9,"open_issues_count":1,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-31T18:42:01.157Z","etag":null,"topics":["audit-log","dlp","governance","openclaw","openclaw-plugin","pi","pi-extension","rbac"],"latest_commit_sha":null,"homepage":"https://grwnd-ai.github.io/pi-governance/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dtmirizzi.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-01T16:52:22.000Z","updated_at":"2026-03-31T16:53:42.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/dtmirizzi/pi-governance","commit_stats":null,"previous_names":["grwnd-ai/pi-governance","dtmirizzi/pi-governance"],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/dtmirizzi/pi-governance","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dtmirizzi%2Fpi-governance","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dtmirizzi%2Fpi-governance/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dtmirizzi%2Fpi-governance/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dtmirizzi%2Fpi-governance/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dtmirizzi","download_url":"https://codeload.github.com/dtmirizzi/pi-governance/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dtmirizzi%2Fpi-governance/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31582725,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-08T14:31:17.711Z","status":"online","status_checked_at":"2026-04-09T02:00:06.848Z","response_time":112,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit-log","dlp","governance","openclaw","openclaw-plugin","pi","pi-extension","rbac"],"created_at":"2026-04-09T02:32:32.754Z","updated_at":"2026-04-09T02:32:36.911Z","avatar_url":"https://github.com/dtmirizzi.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"assets/logo.png\" alt=\"pi-governance logo\" width=\"180\" /\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003e@grwnd/pi-governance\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  Governance, RBAC, DLP, and audit for Pi coding agents.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/dtmirizzi/pi-governance/actions/workflows/ci.yml\"\u003e\u003cimg src=\"https://github.com/dtmirizzi/pi-governance/actions/workflows/ci.yml/badge.svg\" alt=\"CI\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.npmjs.com/package/@grwnd/pi-governance\"\u003e\u003cimg src=\"https://img.shields.io/npm/v/@grwnd/pi-governance\" alt=\"npm pi-governance\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.npmjs.com/package/@grwnd/openclaw-governance\"\u003e\u003cimg src=\"https://img.shields.io/npm/v/@grwnd/openclaw-governance?label=openclaw-governance\" alt=\"npm openclaw-governance\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/dtmirizzi/pi-governance/blob/main/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-Apache--2.0-blue\" alt=\"License\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://dtmirizzi.github.io/pi-governance/\"\u003e\u003cimg src=\"https://img.shields.io/badge/docs-GitHub%20Pages-blue\" alt=\"Docs\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n## The Problem\n\nAI coding agents have full access to your terminal, filesystem, and secrets. Without governance, an agent can run `rm -rf`, read `.env` files, or exfiltrate API keys through tool calls — with no audit trail.\n\n## The Solution\n\n`pi-governance` intercepts every tool call and enforces policy before execution.\n\n```bash\npi install npm:@grwnd/pi-governance\n```\n\n**What you get immediately:**\n\n- **Bash blocking** — 60+ patterns classify commands as safe/dangerous/needs-review\n- **DLP** — API keys blocked on input, PII masked on output\n- **RBAC** — Role-based tool and path permissions\n- **Audit** — Every decision logged as structured JSON\n- **HITL** — Human approval for sensitive operations\n- **Budgets** — Per-role tool invocation limits\n- **Config self-protection** — Agents cannot modify their own governance files\n\n## Customize\n\n### Interactive wizard\n\n```\n/governance init\n```\n\nOpens a browser-based wizard to configure roles, DLP, audit, and HITL. Generates YAML config files.\n\n### Manual YAML\n\nCreate `.pi/governance.yaml` and `governance-rules.yaml` — see the [Configuration Reference](https://dtmirizzi.github.io/pi-governance/reference/config).\n\n### Set identity\n\n```bash\nexport PI_GOV_ROLE=project_lead  # analyst | project_lead | admin | auditor\npi\n/governance status\n```\n\n## Documentation\n\nFull docs at **[dtmirizzi.github.io/pi-governance](https://dtmirizzi.github.io/pi-governance/)**.\n\n- [Why Governance?](https://dtmirizzi.github.io/pi-governance/guide/why) — What can go wrong without controls\n- [Quick Start](https://dtmirizzi.github.io/pi-governance/guide/quickstart) — Install and configure\n- [Common Scenarios](https://dtmirizzi.github.io/pi-governance/guide/scenarios) — Copy-paste configs\n- [YAML Policies](https://dtmirizzi.github.io/pi-governance/guide/yaml-policies) — Full policy reference\n- [DLP Guide](https://dtmirizzi.github.io/pi-governance/guide/dlp) — Data loss prevention\n- [OpenClaw Integration](https://dtmirizzi.github.io/pi-governance/guide/openclaw) — MCP tool governance\n\n## License\n\n[Apache-2.0](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdtmirizzi%2Fpi-governance","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdtmirizzi%2Fpi-governance","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdtmirizzi%2Fpi-governance/lists"}