@agentpolicyspecification/core 0.1.0

package/dist/engine/aps-engine.d.ts

@@ -0,0 +1,22 @@
+import type { InputContext } from "../generated/input-context.js";
+import type { OutputContext } from "../generated/output-context.js";
+import type { ToolCallContext } from "../generated/tool-call-context.js";
+import { AuditRecord } from "../core/errors.js";
+import type { PolicySet } from "./policy-set.js";
+export type AuditHandler = (record: AuditRecord) => void | Promise<void>;
+export interface ApsEngineOptions {
+    policySet: PolicySet;
+    onAudit?: AuditHandler;
+}
+export declare class ApsEngine {
+    private readonly policySet;
+    private readonly onAudit;
+    constructor({ policySet, onAudit }: ApsEngineOptions);
+    static fromJson(absolutePath: string, options?: Pick<ApsEngineOptions, "onAudit">): Promise<ApsEngine>;
+    evaluateInput(context: InputContext): Promise<void>;
+    evaluateToolCall(context: ToolCallContext): Promise<void>;
+    evaluateOutput(context: OutputContext): Promise<void>;
+    private runPolicies;
+    private audit;
+}
+//# sourceMappingURL=aps-engine.d.ts.map

package/dist/engine/aps-engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aps-engine.d.ts","sourceRoot":"","sources":["../../src/engine/aps-engine.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mCAAmC,CAAC;AAGzE,OAAO,EAAE,WAAW,EAA+D,MAAM,mBAAmB,CAAC;AAC7G,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAEjD,MAAM,MAAM,YAAY,GAAG,CAAC,MAAM,EAAE,WAAW,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAEzE,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,SAAS,CAAC;IACrB,OAAO,CAAC,EAAE,YAAY,CAAC;CACxB;AAED,qBAAa,SAAS;IACpB,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;IACtC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA2B;gBAEvC,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,gBAAgB;WAKvC,QAAQ,CAAC,YAAY,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC;IAsCtG,aAAa,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAInD,gBAAgB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAIzD,cAAc,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;YAI7C,WAAW;YA+EX,KAAK;CAKpB"}

package/dist/engine/aps-engine.js

@@ -0,0 +1,167 @@
+import { readFile } from "node:fs/promises";
+import { PolicyDenialError, PolicyEvaluationError } from "../core/errors.js";
+export class ApsEngine {
+    policySet;
+    onAudit;
+    constructor({ policySet, onAudit }) {
+        this.policySet = policySet;
+        this.onAudit = onAudit;
+    }
+    static async fromJson(absolutePath, options) {
+        const raw = await readFile(absolutePath, "utf-8");
+        const jsonPolicySet = JSON.parse(raw);
+        const input = [];
+        const tool_call = [];
+        const output = [];
+        for (const [index, entry] of jsonPolicySet.policies.entries()) {
+            const id = `policy-${index}`;
+            const appliesTo = entry.applies_to;
+            const appliesToAll = !appliesTo || appliesTo.length === 0;
+            if (appliesToAll || appliesTo.includes("input")) {
+                input.push({ id, evaluate: (ctx) => evaluateEntry(entry, ctx) });
+            }
+            if (appliesToAll || appliesTo.includes("tool_call")) {
+                tool_call.push({
+                    id,
+                    evaluate: (ctx) => {
+                        const tools = entry.tools;
+                        if (tools && tools.length > 0 && !tools.includes(ctx.tool_name)) {
+                            return Promise.resolve({ decision: "allow" });
+                        }
+                        return evaluateEntry(entry, ctx);
+                    },
+                });
+            }
+            if (appliesToAll || appliesTo.includes("output")) {
+                output.push({ id, evaluate: (ctx) => evaluateEntry(entry, ctx) });
+            }
+        }
+        return new ApsEngine({ policySet: { input, tool_call, output }, ...options });
+    }
+    async evaluateInput(context) {
+        await this.runPolicies(this.policySet.input ?? [], context, "input");
+    }
+    async evaluateToolCall(context) {
+        await this.runPolicies(this.policySet.tool_call ?? [], context, "tool_call");
+    }
+    async evaluateOutput(context) {
+        await this.runPolicies(this.policySet.output ?? [], context, "output");
+    }
+    async runPolicies(policies, context, interceptionPoint) {
+        for (const policy of policies) {
+            let decision;
+            try {
+                decision = await policy.evaluate(context);
+            }
+            catch (err) {
+                console.error('err: ', err);
+                if (err instanceof PolicyEvaluationError) {
+                    await this.audit({
+                        policy_id: policy.id,
+                        decision: "evaluation_error",
+                        interception_point: interceptionPoint,
+                        reason: String(err.cause),
+                        context,
+                        timestamp: new Date().toISOString(),
+                    });
+                }
+                if ((this.policySet.on_error ?? "deny") === "deny") {
+                    throw err instanceof PolicyEvaluationError
+                        ? err
+                        : new PolicyEvaluationError({ policy_id: policy.id, interception_point: interceptionPoint, cause: err });
+                }
+                continue;
+            }
+            if (decision.decision === "audit") {
+                await this.audit({
+                    policy_id: policy.id,
+                    decision: "audit",
+                    interception_point: interceptionPoint,
+                    reason: decision.reason,
+                    context,
+                    timestamp: new Date().toISOString(),
+                });
+                continue;
+            }
+            if (decision.decision === "deny") {
+                await this.audit({
+                    policy_id: policy.id,
+                    decision: "deny",
+                    interception_point: interceptionPoint,
+                    reason: decision.reason,
+                    context,
+                    timestamp: new Date().toISOString(),
+                });
+                throw new PolicyDenialError({
+                    policy_id: decision.policy_id ?? policy.id,
+                    interception_point: interceptionPoint,
+                    reason: decision.reason ?? "Policy denied without reason",
+                });
+            }
+            // allow, redact, transform — log and continue
+            // (redact/transform mutation is left to the runtime adapter layer)
+            if (decision.decision !== "allow") {
+                await this.audit({
+                    policy_id: policy.id,
+                    decision: decision.decision,
+                    interception_point: interceptionPoint,
+                    reason: undefined,
+                    context,
+                    timestamp: new Date().toISOString(),
+                });
+            }
+        }
+    }
+    async audit(record) {
+        if (this.onAudit) {
+            await this.onAudit(record);
+        }
+    }
+}
+// ── fromJson helpers ──────────────────────────────────────────────────────────
+function evaluateEntry(entry, ctx) {
+    if (!evaluateCondition(entry.condition, ctx)) {
+        return Promise.resolve({ decision: "allow" });
+    }
+    return Promise.resolve(buildDecision(entry, ctx));
+}
+function evaluateCondition(condition, ctx) {
+    const cond = condition;
+    if ("always" in cond)
+        return true;
+    const field = cond.field;
+    const value = resolveField(ctx, field);
+    if ("equals" in cond)
+        return value === cond.equals;
+    if ("contains" in cond)
+        return cond.contains.some(v => String(value).toLowerCase().includes(v.toLowerCase()));
+    if ("not_in" in cond)
+        return !cond.not_in.includes(value);
+    if ("greater_than" in cond)
+        return Number(value) > cond.greater_than;
+    return false;
+}
+function resolveField(obj, fieldPath) {
+    return fieldPath.split(".").reduce((acc, key) => acc?.[key], obj);
+}
+function buildDecision(entry, ctx) {
+    if (entry.action === "allow")
+        return { decision: "allow" };
+    if (entry.action === "deny") {
+        return {
+            decision: "deny",
+            ...(entry.reason ? { reason: entry.reason } : {}),
+        };
+    }
+    return {
+        decision: "transform",
+        transformation: {
+            operations: Object.entries(entry.transformation ?? {}).map(([field, template]) => ({
+                field,
+                op: "set",
+                value: template.replace(/\{\{(.+?)\}\}/g, (_, expr) => String(resolveField(ctx, expr.trim()) ?? "")),
+            })),
+        },
+    };
+}
+//# sourceMappingURL=aps-engine.js.map

package/dist/engine/aps-engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aps-engine.js","sourceRoot":"","sources":["../../src/engine/aps-engine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAO5C,OAAO,EAAkC,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAU7G,MAAM,OAAO,SAAS;IACH,SAAS,CAAY;IACrB,OAAO,CAA2B;IAEnD,YAAY,EAAE,SAAS,EAAE,OAAO,EAAoB;QAClD,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAoB,EAAE,OAA2C;QACrF,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAkB,CAAC;QAEvD,MAAM,KAAK,GAAkB,EAAE,CAAC;QAChC,MAAM,SAAS,GAAqB,EAAE,CAAC;QACvC,MAAM,MAAM,GAAmB,EAAE,CAAC;QAElC,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,aAAa,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;YAC9D,MAAM,EAAE,GAAG,UAAU,KAAK,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAG,KAAK,CAAC,UAAkC,CAAC;YAC3D,MAAM,YAAY,GAAG,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,CAAC;YAE1D,IAAI,YAAY,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChD,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YACnE,CAAC;YAED,IAAI,YAAY,IAAI,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACpD,SAAS,CAAC,IAAI,CAAC;oBACb,EAAE;oBACF,QAAQ,EAAE,CAAC,GAAG,EAAE,EAAE;wBAChB,MAAM,KAAK,GAAG,KAAK,CAAC,KAA6B,CAAC;wBAClD,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;4BAChE,OAAO,OAAO,CAAC,OAAO,CAAiB,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;wBAChE,CAAC;wBACD,OAAO,aAAa,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBACnC,CAAC;iBACF,CAAC,CAAC;YACL,CAAC;YAED,IAAI,YAAY,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjD,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;QAED,OAAO,IAAI,SAAS,CAAC,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;IAChF,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,OAAqB;QACvC,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,IAAI,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAwB;QAC7C,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,IAAI,EAAE,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC;IAC/E,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAAsB;QACzC,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,IAAI,EAAE,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IACzE,CAAC;IAKO,KAAK,CAAC,WAAW,CACvB,QAAyD,EACzD,OAAuD,EACvD,iBAAoC;QAEpC,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;YAC9B,IAAI,QAAwB,CAAC;YAE7B,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAO,MAAsF,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC7H,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;gBAC5B,IAAI,GAAG,YAAY,qBAAqB,EAAE,CAAC;oBACzC,MAAM,IAAI,CAAC,KAAK,CAAC;wBACf,SAAS,EAAE,MAAM,CAAC,EAAE;wBACpB,QAAQ,EAAE,kBAAkB;wBAC5B,kBAAkB,EAAE,iBAAiB;wBACrC,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC;wBACzB,OAAO;wBACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;qBACpC,CAAC,CAAC;gBACL,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,IAAI,MAAM,CAAC,KAAK,MAAM,EAAE,CAAC;oBACnD,MAAM,GAAG,YAAY,qBAAqB;wBACxC,CAAC,CAAC,GAAG;wBACL,CAAC,CAAC,IAAI,qBAAqB,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,EAAE,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;gBAC7G,CAAC;gBAED,SAAS;YACX,CAAC;YAED,IAAI,QAAQ,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;gBAClC,MAAM,IAAI,CAAC,KAAK,CAAC;oBACf,SAAS,EAAE,MAAM,CAAC,EAAE;oBACpB,QAAQ,EAAE,OAAO;oBACjB,kBAAkB,EAAE,iBAAiB;oBACrC,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,OAAO;oBACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACpC,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;YAED,IAAI,QAAQ,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;gBACjC,MAAM,IAAI,CAAC,KAAK,CAAC;oBACf,SAAS,EAAE,MAAM,CAAC,EAAE;oBACpB,QAAQ,EAAE,MAAM;oBAChB,kBAAkB,EAAE,iBAAiB;oBACrC,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,OAAO;oBACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACpC,CAAC,CAAC;gBAEH,MAAM,IAAI,iBAAiB,CAAC;oBAC1B,SAAS,EAAE,QAAQ,CAAC,SAAS,IAAI,MAAM,CAAC,EAAE;oBAC1C,kBAAkB,EAAE,iBAAiB;oBACrC,MAAM,EAAE,QAAQ,CAAC,MAAM,IAAI,8BAA8B;iBAC1D,CAAC,CAAC;YACL,CAAC;YAED,8CAA8C;YAC9C,mEAAmE;YACnE,IAAI,QAAQ,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;gBAClC,MAAM,IAAI,CAAC,KAAK,CAAC;oBACf,SAAS,EAAE,MAAM,CAAC,EAAE;oBACpB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;oBAC3B,kBAAkB,EAAE,iBAAiB;oBACrC,MAAM,EAAE,SAAS;oBACjB,OAAO;oBACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACpC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,KAAK,CAAC,MAAmB;QACrC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;CACF;AAED,iFAAiF;AAEjF,SAAS,aAAa,CAAC,KAAkB,EAAE,GAAY;IACrD,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,SAAS,EAAE,GAAG,CAAC,EAAE,CAAC;QAC7C,OAAO,OAAO,CAAC,OAAO,CAAiB,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;AACpD,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAmC,EAAE,GAAY;IAC1E,MAAM,IAAI,GAAG,SAA+C,CAAC;IAC7D,IAAI,QAAQ,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAClC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAe,CAAC;IACnC,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACvC,IAAI,QAAQ,IAAI,IAAI;QAAE,OAAO,KAAK,KAAK,IAAI,CAAC,MAAM,CAAC;IACnD,IAAI,UAAU,IAAI,IAAI;QAAE,OAAQ,IAAI,CAAC,QAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IAC5H,IAAI,QAAQ,IAAI,IAAI;QAAE,OAAO,CAAE,IAAI,CAAC,MAAoB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACzE,IAAI,cAAc,IAAI,IAAI;QAAE,OAAO,MAAM,CAAC,KAAK,CAAC,GAAI,IAAI,CAAC,YAAuB,CAAC;IACjF,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CAAC,GAAY,EAAE,SAAiB;IACnD,OAAO,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAU,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAE,GAA+B,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;AAC1G,CAAC;AAED,SAAS,aAAa,CAAC,KAAkB,EAAE,GAAY;IACrD,IAAI,KAAK,CAAC,MAAM,KAAK,OAAO;QAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;IAC3D,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC5B,OAAO;YACL,QAAQ,EAAE,MAAM;YAChB,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAClD,CAAC;IACJ,CAAC;IACD,OAAO;QACL,QAAQ,EAAE,WAAW;QACrB,cAAc,EAAE;YACd,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;gBACjF,KAAK;gBACL,EAAE,EAAE,KAAc;gBAClB,KAAK,EAAE,QAAQ,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAS,EAAE,IAAY,EAAE,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,CAAwC;aAC5J,CAAC,CAAC;SACJ;KACF,CAAC;AACJ,CAAC"}

package/dist/engine/policy-set.d.ts

@@ -0,0 +1,9 @@
+import type { InputPolicy, OutputPolicy, ToolCallPolicy } from "../core/policy.js";
+export type OnErrorBehavior = "deny" | "allow";
+export interface PolicySet {
+    on_error?: OnErrorBehavior;
+    input?: InputPolicy[];
+    tool_call?: ToolCallPolicy[];
+    output?: OutputPolicy[];
+}
+//# sourceMappingURL=policy-set.d.ts.map

package/dist/engine/policy-set.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-set.d.ts","sourceRoot":"","sources":["../../src/engine/policy-set.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAEnF,MAAM,MAAM,eAAe,GAAG,MAAM,GAAG,OAAO,CAAC;AAE/C,MAAM,WAAW,SAAS;IACxB,QAAQ,CAAC,EAAE,eAAe,CAAC;IAC3B,KAAK,CAAC,EAAE,WAAW,EAAE,CAAC;IACtB,SAAS,CAAC,EAAE,cAAc,EAAE,CAAC;IAC7B,MAAM,CAAC,EAAE,YAAY,EAAE,CAAC;CACzB"}

package/dist/engine/policy-set.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=policy-set.js.map

package/dist/engine/policy-set.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-set.js","sourceRoot":"","sources":["../../src/engine/policy-set.ts"],"names":[],"mappings":""}

package/dist/generated/base.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Base schema for the Agent Policy Specification v0.1.0. All other APS schemas extend this schema. Defines shared types used across the specification.
+ */
+export interface ApsBase {
+    [k: string]: unknown;
+}
+//# sourceMappingURL=base.d.ts.map

package/dist/generated/base.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base.d.ts","sourceRoot":"","sources":["../../src/generated/base.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CACtB"}

package/dist/generated/base.js

@@ -0,0 +1,4 @@
+/* eslint-disable */
+// This file is auto-generated from base.schema.json. Do not edit manually.
+export {};
+//# sourceMappingURL=base.js.map

package/dist/generated/base.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base.js","sourceRoot":"","sources":["../../src/generated/base.ts"],"names":[],"mappings":"AAAA,oBAAoB;AACpB,2EAA2E"}

package/dist/generated/dsl-policy.d.ts

@@ -0,0 +1,130 @@
+/**
+ * A condition that is evaluated against the context
+ */
+export type Condition = EqualsCondition | ContainsCondition | NotInCondition | GreaterThanCondition | AlwaysCondition;
+/**
+ * A single Agent Policy Specification DSL policy rule
+ */
+export interface DSLPolicy {
+    condition: Condition;
+    /**
+     * The action to take when the condition matches
+     */
+    action: "allow" | "deny" | "redact" | "transform" | "audit";
+    /**
+     * Optional human-readable reason for the action, typically used with deny
+     */
+    reason?: string;
+    /**
+     * Redaction instructions to apply when action is 'redact'.
+     *
+     * @minItems 1
+     */
+    redactions?: [
+        {
+            /**
+             * Dot-notation path to the field being redacted (e.g. 'response.content').
+             */
+            field: string;
+            /**
+             * 'mask' replaces with a fixed string, 'remove' deletes the field, 'replace' substitutes matched patterns.
+             */
+            strategy: "mask" | "remove" | "replace";
+            /**
+             * Replacement string. Required when strategy is 'mask' or 'replace'.
+             */
+            replacement?: string;
+            /**
+             * Regex pattern identifying the content to redact. Required when strategy is 'replace'.
+             */
+            pattern?: string;
+        },
+        ...{
+            /**
+             * Dot-notation path to the field being redacted (e.g. 'response.content').
+             */
+            field: string;
+            /**
+             * 'mask' replaces with a fixed string, 'remove' deletes the field, 'replace' substitutes matched patterns.
+             */
+            strategy: "mask" | "remove" | "replace";
+            /**
+             * Replacement string. Required when strategy is 'mask' or 'replace'.
+             */
+            replacement?: string;
+            /**
+             * Regex pattern identifying the content to redact. Required when strategy is 'replace'.
+             */
+            pattern?: string;
+        }[]
+    ];
+    /**
+     * Field transformations to apply when action is 'transform'. Keys are dot-notation field paths, values are template strings supporting {{field.path}} interpolation.
+     */
+    transformation?: {
+        [k: string]: string;
+    };
+}
+/**
+ * Matches when the resolved field value strictly equals the operand
+ */
+export interface EqualsCondition {
+    /**
+     * Dot-notation path to the field in the context (e.g. 'tool_name', 'messages.0.content')
+     */
+    field: string;
+    /**
+     * The value to compare against using strict equality
+     */
+    equals: {
+        [k: string]: unknown;
+    };
+}
+/**
+ * Matches when the resolved field value contains any of the given substrings (case-insensitive)
+ */
+export interface ContainsCondition {
+    /**
+     * Dot-notation path to the field in the context
+     */
+    field: string;
+    /**
+     * List of substrings to search for
+     *
+     * @minItems 1
+     */
+    contains: [string, ...string[]];
+}
+/**
+ * Matches when the resolved field value is not present in the given list
+ */
+export interface NotInCondition {
+    /**
+     * Dot-notation path to the field in the context
+     */
+    field: string;
+    /**
+     * List of values the field must not be equal to
+     */
+    not_in: unknown[];
+}
+/**
+ * Matches when the resolved field value is numerically greater than the operand
+ */
+export interface GreaterThanCondition {
+    /**
+     * Dot-notation path to the field in the context
+     */
+    field: string;
+    /**
+     * The numeric threshold
+     */
+    greater_than: number;
+}
+/**
+ * Always matches, regardless of context
+ */
+export interface AlwaysCondition {
+    always: true;
+}
+//# sourceMappingURL=dsl-policy.d.ts.map

package/dist/generated/dsl-policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dsl-policy.d.ts","sourceRoot":"","sources":["../../src/generated/dsl-policy.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,eAAe,GAAG,iBAAiB,GAAG,cAAc,GAAG,oBAAoB,GAAG,eAAe,CAAC;AAEtH;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,SAAS,EAAE,SAAS,CAAC;IACrB;;OAEG;IACH,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,QAAQ,GAAG,WAAW,GAAG,OAAO,CAAC;IAC5D;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,UAAU,CAAC,EAAE;QACX;YACE;;eAEG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;eAEG;YACH,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS,CAAC;YACxC;;eAEG;YACH,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB;;eAEG;YACH,OAAO,CAAC,EAAE,MAAM,CAAC;SAClB;QACD,GAAG;YACD;;eAEG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;eAEG;YACH,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS,CAAC;YACxC;;eAEG;YACH,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB;;eAEG;YACH,OAAO,CAAC,EAAE,MAAM,CAAC;SAClB,EAAE;KACJ,CAAC;IACF;;OAEG;IACH,cAAc,CAAC,EAAE;QACf,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;KACrB,CAAC;CACH;AACD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IACd;;OAEG;IACH,MAAM,EAAE;QACN,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;KACtB,CAAC;CACH;AACD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IACd;;;;OAIG;IACH,QAAQ,EAAE,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;CACjC;AACD;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IACd;;OAEG;IACH,MAAM,EAAE,OAAO,EAAE,CAAC;CACnB;AACD;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IACd;;OAEG;IACH,YAAY,EAAE,MAAM,CAAC;CACtB;AACD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,IAAI,CAAC;CACd"}

package/dist/generated/dsl-policy.js

@@ -0,0 +1,4 @@
+/* eslint-disable */
+// This file is auto-generated from dsl-policy.schema.json. Do not edit manually.
+export {};
+//# sourceMappingURL=dsl-policy.js.map

package/dist/generated/dsl-policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dsl-policy.js","sourceRoot":"","sources":["../../src/generated/dsl-policy.ts"],"names":[],"mappings":"AAAA,oBAAoB;AACpB,iFAAiF"}

package/dist/generated/input-context.d.ts

@@ -0,0 +1,48 @@
+/**
+ * The evaluation input provided to policies at the Input Interception point.
+ */
+export type InputContext = ApsBase & {
+    /**
+     * The ordered message history to be forwarded to the LLM runtime.
+     */
+    messages: Message[];
+    metadata: Metadata;
+};
+/**
+ * Base schema for the Agent Policy Specification v0.1.0. All other APS schemas extend this schema. Defines shared types used across the specification.
+ */
+export interface ApsBase {
+    [k: string]: unknown;
+}
+/**
+ * A single message in a conversation.
+ */
+export interface Message {
+    /**
+     * The role of the message author.
+     */
+    role: "system" | "user" | "assistant";
+    /**
+     * The text content of the message.
+     */
+    content: string;
+}
+/**
+ * Common metadata attached to every APS context object.
+ */
+export interface Metadata {
+    /**
+     * Unique identifier for the agent that owns this session.
+     */
+    agent_id: string;
+    /**
+     * Unique identifier for the current session.
+     */
+    session_id: string;
+    /**
+     * ISO 8601 timestamp of when the interception occurred.
+     */
+    timestamp: string;
+    [k: string]: unknown;
+}
+//# sourceMappingURL=input-context.d.ts.map

package/dist/generated/input-context.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"input-context.d.ts","sourceRoot":"","sources":["../../src/generated/input-context.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG;IACnC;;OAEG;IACH,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,QAAQ,EAAE,QAAQ,CAAC;CACpB,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CACtB;AACD;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB;;OAEG;IACH,IAAI,EAAE,QAAQ,GAAG,MAAM,GAAG,WAAW,CAAC;IACtC;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;CACjB;AACD;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,UAAU,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CACtB"}

package/dist/generated/input-context.js

@@ -0,0 +1,4 @@
+/* eslint-disable */
+// This file is auto-generated from input-context.schema.json. Do not edit manually.
+export {};
+//# sourceMappingURL=input-context.js.map

package/dist/generated/input-context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"input-context.js","sourceRoot":"","sources":["../../src/generated/input-context.ts"],"names":[],"mappings":"AAAA,oBAAoB;AACpB,oFAAoF"}

package/dist/generated/output-context.d.ts

@@ -0,0 +1,42 @@
+/**
+ * The evaluation input provided to policies at the Output Interception point.
+ */
+export type OutputContext = ApsBase & {
+    response: AssistantMessage;
+    metadata: Metadata;
+};
+/**
+ * Base schema for the Agent Policy Specification v0.1.0. All other APS schemas extend this schema. Defines shared types used across the specification.
+ */
+export interface ApsBase {
+    [k: string]: unknown;
+}
+/**
+ * A message produced by the LLM (role must be 'assistant').
+ */
+export interface AssistantMessage {
+    role: "assistant";
+    /**
+     * The text content of the assistant message.
+     */
+    content: string;
+}
+/**
+ * Common metadata attached to every APS context object.
+ */
+export interface Metadata {
+    /**
+     * Unique identifier for the agent that owns this session.
+     */
+    agent_id: string;
+    /**
+     * Unique identifier for the current session.
+     */
+    session_id: string;
+    /**
+     * ISO 8601 timestamp of when the interception occurred.
+     */
+    timestamp: string;
+    [k: string]: unknown;
+}
+//# sourceMappingURL=output-context.d.ts.map

package/dist/generated/output-context.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"output-context.d.ts","sourceRoot":"","sources":["../../src/generated/output-context.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG;IACpC,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,QAAQ,EAAE,QAAQ,CAAC;CACpB,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CACtB;AACD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,WAAW,CAAC;IAClB;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;CACjB;AACD;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,UAAU,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAClB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CACtB"}

package/dist/generated/output-context.js

@@ -0,0 +1,4 @@
+/* eslint-disable */
+// This file is auto-generated from output-context.schema.json. Do not edit manually.
+export {};
+//# sourceMappingURL=output-context.js.map

package/dist/generated/output-context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"output-context.js","sourceRoot":"","sources":["../../src/generated/output-context.ts"],"names":[],"mappings":"AAAA,oBAAoB;AACpB,qFAAqF"}

package/dist/generated/policy-decision.d.ts

@@ -0,0 +1,95 @@
+/**
+ * The result produced by a policy evaluation at any interception point.
+ */
+export type PolicyDecision = AllowDecision | DenyDecision | RedactDecision | TransformDecision | AuditDecision;
+export interface AllowDecision {
+    decision: "allow";
+    /**
+     * When true, an audit record is also produced for this interaction.
+     */
+    audit?: boolean;
+}
+export interface DenyDecision {
+    decision: "deny";
+    /**
+     * Human-readable explanation for the denial. MAY be omitted for security-sensitive denials.
+     */
+    reason?: string;
+    /**
+     * Identifier of the policy that produced this denial.
+     */
+    policy_id?: string;
+    /**
+     * When true, an audit record is also produced for this interaction.
+     */
+    audit?: boolean;
+}
+export interface RedactDecision {
+    decision: "redact";
+    /**
+     * @minItems 1
+     */
+    redactions: [Redaction, ...Redaction[]];
+    /**
+     * When true, an audit record is also produced for this interaction.
+     */
+    audit?: boolean;
+}
+export interface Redaction {
+    /**
+     * Dot-notation path to the field being redacted (e.g. 'response.content').
+     */
+    field: string;
+    /**
+     * 'mask' replaces with a fixed string, 'remove' deletes the field, 'replace' substitutes matched patterns.
+     */
+    strategy: "mask" | "remove" | "replace";
+    /**
+     * Replacement string. Required when strategy is 'mask' or 'replace'.
+     */
+    replacement?: string;
+    /**
+     * Regex pattern identifying the content to redact. Required when strategy is 'replace'.
+     */
+    pattern?: string;
+}
+export interface TransformDecision {
+    decision: "transform";
+    transformation: Transformation;
+    /**
+     * When true, an audit record is also produced for this interaction.
+     */
+    audit?: boolean;
+}
+export interface Transformation {
+    /**
+     * Ordered list of transformation operations to apply.
+     */
+    operations: {
+        /**
+         * 'set' replaces the field value, 'prepend'/'append' adds content to a string field.
+         */
+        op: "set" | "prepend" | "append";
+        /**
+         * Dot-notation path to the field to transform.
+         */
+        field: string;
+        /**
+         * The value to apply. Type must match the target field.
+         */
+        value: {
+            [k: string]: unknown;
+        };
+    }[];
+}
+/**
+ * Produces only an audit record; the interaction proceeds unchanged.
+ */
+export interface AuditDecision {
+    decision: "audit";
+    /**
+     * Optional note to include in the audit record.
+     */
+    reason?: string;
+}
+//# sourceMappingURL=policy-decision.d.ts.map

package/dist/generated/policy-decision.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-decision.d.ts","sourceRoot":"","sources":["../../src/generated/policy-decision.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,aAAa,GAAG,YAAY,GAAG,cAAc,GAAG,iBAAiB,GAAG,aAAa,CAAC;AAE/G,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,OAAO,CAAC;IAClB;;OAEG;IACH,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AACD,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AACD,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,QAAQ,CAAC;IACnB;;OAEG;IACH,UAAU,EAAE,CAAC,SAAS,EAAE,GAAG,SAAS,EAAE,CAAC,CAAC;IACxC;;OAEG;IACH,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AACD,MAAM,WAAW,SAAS;IACxB;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IACd;;OAEG;IACH,QAAQ,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS,CAAC;IACxC;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AACD,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,WAAW,CAAC;IACtB,cAAc,EAAE,cAAc,CAAC;IAC/B;;OAEG;IACH,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AACD,MAAM,WAAW,cAAc;IAC7B;;OAEG;IACH,UAAU,EAAE;QACV;;WAEG;QACH,EAAE,EAAE,KAAK,GAAG,SAAS,GAAG,QAAQ,CAAC;QACjC;;WAEG;QACH,KAAK,EAAE,MAAM,CAAC;QACd;;WAEG;QACH,KAAK,EAAE;YACL,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;SACtB,CAAC;KACH,EAAE,CAAC;CACL;AACD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,OAAO,CAAC;IAClB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB"}

package/dist/generated/policy-decision.js

@@ -0,0 +1,4 @@
+/* eslint-disable */
+// This file is auto-generated from policy-decision.schema.json. Do not edit manually.
+export {};
+//# sourceMappingURL=policy-decision.js.map

package/dist/generated/policy-decision.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-decision.js","sourceRoot":"","sources":["../../src/generated/policy-decision.ts"],"names":[],"mappings":"AAAA,oBAAoB;AACpB,sFAAsF"}