Quick Start

Install (30 seconds)

bash

pi install npm:@grwnd/pi-governance

Start a session — governance is active immediately:

bash

pi

Verify:

/governance status

What you get out of the box

Protection	Default
Bash classification	Active — dangerous commands blocked
DLP	Active — secrets blocked on input, PII masked on output
Role	`analyst` (read-only) unless `PI_GOV_ROLE` is set
Audit	JSONL to `~/.pi/agent/audit.jsonl`

Customize

Option A: Interactive wizard

/governance init

Opens a browser-based configuration wizard. Select roles, toggle DLP, configure audit sinks — generates YAML files for you.

Option B: Manual YAML

Create .pi/governance.yaml in your project root:

yaml

auth:
  provider: env
policy:
  engine: yaml
  yaml:
    rules_file: ./governance-rules.yaml
hitl:
  default_mode: supervised
audit:
  sinks:
    - type: jsonl
      path: ~/.pi/agent/audit.jsonl

Set your identity

bash

export PI_GOV_USER=alice
export PI_GOV_ROLE=project_lead
export PI_GOV_ORG_UNIT=default
pi

If no identity is set, the extension falls back to analyst (most restrictive).

Next steps

Why Governance? — Concrete scenarios showing what can go wrong
Common Scenarios — Copy-paste configs for common setups
YAML Policies — Full policy reference
Team Deployment — Roll out to your team

Quick Start ​

Install (30 seconds) ​

What you get out of the box ​

Customize ​

Option A: Interactive wizard ​

Option B: Manual YAML ​

Set your identity ​

Next steps ​

Quick Start

Install (30 seconds)

What you get out of the box

Customize

Option A: Interactive wizard

Option B: Manual YAML

Set your identity

Next steps