@grwnd/pi-governance

Governance, RBAC, audit, and HITL for Pi-based coding agents

Package details

← Back
extensionskillprompt

Install @grwnd/pi-governance from npm and Pi will load the resources declared by the package manifest.

npm repohome report
$ pi install npm:@grwnd/pi-governance
Package
@grwnd/pi-governance
Version
3.1.1
Published
Apr 1, 2026
Downloads
746/mo · 33/wk
Author
dt-grwnd
License
Apache-2.0
Types
extension, skill, prompt
Size
1.9 MB
Dependencies
3 dependencies · 1 peer
Pi manifest JSON
{
  "extensions": [
    "./dist/extensions"
  ],
  "skills": [
    "./skills"
  ],
  "prompts": [
    "./prompts"
  ]
}

Security note

Pi packages can execute code and influence agent behavior. Review the source before installing third-party packages.

README

The Problem

AI coding agents have full access to your terminal, filesystem, and secrets. Without governance, an agent can run rm -rf, read .env files, or exfiltrate API keys through tool calls — with no audit trail.

The Solution

pi-governance intercepts every tool call and enforces policy before execution.

pi install npm:@grwnd/pi-governance

What you get immediately:

  • Bash blocking — 60+ patterns classify commands as safe/dangerous/needs-review
  • DLP — API keys blocked on input, PII masked on output
  • RBAC — Role-based tool and path permissions
  • Audit — Every decision logged as structured JSON
  • HITL — Human approval for sensitive operations
  • Budgets — Per-role tool invocation limits
  • Config self-protection — Agents cannot modify their own governance files

Customize

Interactive wizard

/governance init

Opens a browser-based wizard to configure roles, DLP, audit, and HITL. Generates YAML config files.

Manual YAML

Create .pi/governance.yaml and governance-rules.yaml — see the Configuration Reference.

Set identity

export PI_GOV_ROLE=project_lead  # analyst | project_lead | admin | auditor
pi
/governance status

Documentation

Full docs at dtmirizzi.github.io/pi-governance.

License

Apache-2.0