@agentvault/agentvault 0.16.0 → 0.17.1

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 export { SecureChannel } from "./channel.js";
-export type { SecureChannelConfig, ChannelState, MessageMetadata, AttachmentData, PersistedState, LegacyPersistedState, DeviceSession, HistoryEntry, SendOptions, DecisionOption, DecisionRequest, DecisionResponse, ContextRef, HeartbeatStatus, StatusAlert, RoomInfo, RoomMemberInfo, RoomConversationInfo, RoomState, A2AChannel, A2AMessage, RoomParticipantEvent, DeliveryTarget, DeliveryContent, DeliveryOptions, DeliveryReceipt, TargetInfo, ActionConfirmation, ArtifactPayload, } from "./types.js";
+export type { SecureChannelConfig, ChannelState, MessageMetadata, AttachmentData, PersistedState, LegacyPersistedState, DeviceSession, HistoryEntry, SendOptions, DecisionOption, DecisionRequest, DecisionResponse, ContextRef, HeartbeatStatus, StatusAlert, RoomInfo, RoomMemberInfo, RoomConversationInfo, RoomState, A2AChannel, A2AMessage, RoomParticipantEvent, DeliveryTarget, DeliveryContent, DeliveryOptions, DeliveryReceipt, TargetInfo, ActionConfirmation, ArtifactPayload, PolicyAlert, ApprovalRequest, ApprovalResponse, } from "./types.js";
 export { parseTarget } from "./types.js";
 export { listAccountIds, resolveAccount } from "./account-config.js";
 export type { ResolvedAccount } from "./account-config.js";
@@ -18,6 +18,8 @@ export type { SkillManifest } from "./skill-manifest.js";
 export { invokeSkill } from "./skill-invoker.js";
 export type { InvocationResult, InvocationOpts } from "./skill-invoker.js";
 export { wrapSkillExecution, reportSkillInvocation, drainSkillSpans } from "./skill-telemetry.js";
+export { PolicyEnforcer } from "./policy-enforcer.js";
+export type { PolicyContext, PolicyResult, PolicyViolation, PolicyMetrics } from "./policy-enforcer.js";
 export type { OpenClawPluginApi, PluginRuntime, ChannelGatewayContext, ChannelOutboundPayloadContext, ReplyPayload, MessageSentEvent, SessionStartEvent, SessionEndEvent, AgentEventPayload, TranscriptUpdatePayload, } from "./openclaw-types.js";
 export declare const VERSION = "0.14.1";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,YAAY,EACV,mBAAmB,EACnB,YAAY,EACZ,eAAe,EACf,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,YAAY,EACZ,WAAW,EACX,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,UAAU,EACV,eAAe,EACf,WAAW,EACX,QAAQ,EACR,cAAc,EACd,oBAAoB,EACpB,SAAS,EACT,UAAU,EACV,UAAU,EACV,oBAAoB,EACpB,cAAc,EACd,eAAe,EACf,eAAe,EACf,eAAe,EACf,UAAU,EACV,kBAAkB,EAClB,eAAe,GAChB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAGzC,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrE,YAAY,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAG3D,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAGxF,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC1H,YAAY,EACV,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,yBAAyB,EAAE,MAAM,sBAAsB,CAAC;AACpG,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAG3D,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC9I,YAAY,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAGxD,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,YAAY,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAGtE,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAGnE,OAAO,EAAE,YAAY,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAC5G,YAAY,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAGzD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,YAAY,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAG3E,OAAO,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAGlG,YAAY,EACV,iBAAiB,EACjB,aAAa,EACb,qBAAqB,EACrB,6BAA6B,EAC7B,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,uBAAuB,GACxB,MAAM,qBAAqB,CAAC;AAE7B,eAAO,MAAM,OAAO,WAAW,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,YAAY,EACV,mBAAmB,EACnB,YAAY,EACZ,eAAe,EACf,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,YAAY,EACZ,WAAW,EACX,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,UAAU,EACV,eAAe,EACf,WAAW,EACX,QAAQ,EACR,cAAc,EACd,oBAAoB,EACpB,SAAS,EACT,UAAU,EACV,UAAU,EACV,oBAAoB,EACpB,cAAc,EACd,eAAe,EACf,eAAe,EACf,eAAe,EACf,UAAU,EACV,kBAAkB,EAClB,eAAe,EACf,WAAW,EACX,eAAe,EACf,gBAAgB,GACjB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAGzC,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrE,YAAY,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAG3D,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAGxF,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC1H,YAAY,EACV,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,yBAAyB,EAAE,MAAM,sBAAsB,CAAC;AACpG,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAG3D,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC9I,YAAY,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAGxD,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,YAAY,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAGtE,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAGnE,OAAO,EAAE,YAAY,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAC5G,YAAY,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAGzD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,YAAY,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAG3E,OAAO,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAGlG,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAGxG,YAAY,EACV,iBAAiB,EACjB,aAAa,EACb,qBAAqB,EACrB,6BAA6B,EAC7B,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EACjB,uBAAuB,GACxB,MAAM,qBAAqB,CAAC;AAE7B,eAAO,MAAM,OAAO,WAAW,CAAC"}

package/dist/index.js

@@ -45996,6 +45996,37 @@ function buildEvalSpan(opts) {
     status: { code: 0 }
   };
 }
+function buildPolicyViolationSpan(opts) {
+  const now = Date.now();
+  const attributes = {
+    "av.policy.rule_id": opts.ruleId,
+    "av.policy.scope": opts.policyScope,
+    "av.policy.action_taken": opts.actionTaken,
+    "av.policy.violation_type": opts.violationType
+  };
+  if (opts.targetTool)
+    attributes["av.policy.target_tool"] = opts.targetTool;
+  if (opts.targetModel)
+    attributes["av.policy.target_model"] = opts.targetModel;
+  if (opts.messageType)
+    attributes["av.policy.message_type"] = opts.messageType;
+  applySkillName(attributes, opts.skillName);
+  const isBlock = opts.actionTaken === "block";
+  return {
+    traceId: opts.traceId ?? generateTraceId(),
+    spanId: opts.spanId ?? generateSpanId(),
+    parentSpanId: opts.parentSpanId,
+    name: "av.policy.evaluate",
+    kind: "internal",
+    startTime: now,
+    endTime: now,
+    attributes,
+    status: isBlock ? { code: 2, message: `Policy violation: ${opts.violationType}` } : { code: 0 }
+  };
+}
+function buildTraceparent(span) {
+  return `00-${span.traceId}-${span.spanId}-01`;
+}
 var init_telemetry = __esm({
   "../crypto/dist/telemetry.js"() {
     "use strict";
@@ -46018,6 +46049,9 @@ function toOtlpAttributes(attrs) {
   });
 }
 function spanToOtlp(span) {
+  const enrichedAttrs = { ...span.attributes };
+  enrichedAttrs["w3c.traceparent"] = buildTraceparent(span);
+  enrichedAttrs["w3c.tracestate"] = `av=s:${span.spanId}`;
   const otlp = {
     traceId: span.traceId,
     spanId: span.spanId,
@@ -46025,7 +46059,7 @@ function spanToOtlp(span) {
     kind: span.kind,
     startTimeUnixNano: String(span.startTime * 1e6),
     endTimeUnixNano: String(span.endTime * 1e6),
-    attributes: toOtlpAttributes(span.attributes)
+    attributes: toOtlpAttributes(enrichedAttrs)
   };
   if (span.parentSpanId !== void 0) {
     otlp.parentSpanId = span.parentSpanId;
@@ -46202,6 +46236,14 @@ var init_backup = __esm({
   }
 });
 
+// ../crypto/dist/approval.js
+var init_approval = __esm({
+  async "../crypto/dist/approval.js"() {
+    "use strict";
+    await init_did();
+  }
+});
+
 // ../crypto/dist/index.js
 var init_dist = __esm({
   async "../crypto/dist/index.js"() {
@@ -46219,6 +46261,7 @@ var init_dist = __esm({
     init_telemetry();
     init_telemetry_reporter();
     await init_backup();
+    await init_approval();
   }
 });
 
@@ -48513,10 +48556,11 @@ var init_channel = __esm({
             }
             if (data.event === "hub_identity_sync") {
               if (this._persisted && data.data?.hub_id) {
-                const changed = this._persisted.hubId !== data.data.hub_id;
+                const changed = this._persisted.hubId !== data.data.hub_id || this._persisted.agentRole !== (data.data.agent_role ?? "peer");
                 this._persisted.hubAddress = data.data.hub_address;
                 this._persisted.hubId = data.data.hub_id;
                 this._persisted.agentHubId = data.data.hub_id;
+                this._persisted.agentRole = data.data.agent_role ?? "peer";
                 if (changed) this._persistState();
                 if (!this._telemetryReporter && this._persisted.deviceJwt && this._persisted.hubId) {
                   this._telemetryReporter = new TelemetryReporter({
@@ -48538,6 +48582,14 @@ var init_channel = __esm({
               }
               this.emit("hub_identity_assigned", data.data);
             }
+            if (data.event === "hub_identity_role_changed") {
+              if (this._persisted && data.data?.agent_role) {
+                this._persisted.agentRole = data.data.agent_role;
+                this._persistState();
+                console.log(`[SecureChannel] Agent role changed to: ${data.data.agent_role}`);
+              }
+              this.emit("hub_identity_role_changed", data.data);
+            }
             if (data.event === "hub_identity_removed") {
               if (this._persisted) {
                 delete this._persisted.hubAddress;
@@ -49204,6 +49256,9 @@ ${messageText}`;
       _resolveWorkspaceDir() {
         const homedir = process.env.HOME ?? process.env.USERPROFILE ?? "/tmp";
         const agentName = this.config.agentName;
+        if (this._persisted?.agentRole === "lead") {
+          return join3(homedir, ".openclaw", "workspace");
+        }
         try {
           const configPath = join3(homedir, ".openclaw", "openclaw.json");
           const raw = __require("node:fs").readFileSync(configPath, "utf-8");
@@ -76132,7 +76187,13 @@ var init_mcp_server2 = __esm({
               tags: s2.tags,
               sla: s2.slaDefinition,
               hasSchema: !!s2.inputSchema,
-              hasInstructions: !!s2.instructions
+              hasInstructions: !!s2.instructions,
+              certificationTier: s2.certificationTier,
+              modelRouting: s2.modelRouting,
+              allowedModels: s2.allowedModels,
+              hasToolPolicy: !!(s2.toolsAllowed || s2.toolsDenied),
+              hasOutputSchema: !!s2.outputSchema,
+              requiredPolicies: s2.requiredPolicies
             }));
             return {
               contents: [{
@@ -76328,7 +76389,7 @@ function parseSkillMd(content) {
   if (!frontmatter.name) return null;
   const instructionLines = lines.slice(endIdx + 1);
   const instructions = instructionLines.join("\n").trim();
-  return {
+  const skill = {
     name: frontmatter.name,
     version: frontmatter.version,
     description: frontmatter.description,
@@ -76337,82 +76398,76 @@ function parseSkillMd(content) {
     slaDefinition: frontmatter.sla,
     instructions: instructions || void 0
   };
+  if (frontmatter.agentVault) {
+    const av = frontmatter.agentVault;
+    if (av.certification) skill.certificationTier = av.certification;
+    if (av.runtime?.capabilities) skill.toolsAllowed = av.runtime.capabilities;
+    if (av.runtime?.forbidden) skill.toolsDenied = av.runtime.forbidden;
+    if (av.runtime?.output_schema) skill.outputSchema = av.runtime.output_schema;
+    if (av.model?.routing) skill.modelRouting = av.model.routing;
+    if (av.model?.allowed) skill.allowedModels = av.model.allowed;
+    if (av.model?.default) skill.defaultModel = av.model.default;
+    if (av.integrity) skill.integrity = av.integrity;
+    if (av.requiredPolicies) skill.requiredPolicies = av.requiredPolicies;
+  }
+  return skill;
 }
 function parseSimpleYaml(yaml) {
   const result = {};
   const lines = yaml.split("\n");
-  let currentKey = "";
-  let currentIndent = 0;
-  let nestedObj = null;
+  const stack = [];
+  let currentObj = result;
+  function parseValue(raw) {
+    const value = raw.replace(/^["']|["']$/g, "");
+    const num = Number(value);
+    if (!isNaN(num) && value !== "") return num;
+    if (value === "true") return true;
+    if (value === "false") return false;
+    return value;
+  }
   for (const line of lines) {
     const trimmed = line.trim();
     if (!trimmed || trimmed.startsWith("#")) continue;
     const indent = line.length - line.trimStart().length;
-    const inlineArrayMatch = trimmed.match(/^(\w[\w-]*)\s*:\s*\[(.+)\]$/);
+    while (stack.length > 0 && indent <= stack[stack.length - 1].indent) {
+      const popped = stack.pop();
+      currentObj = stack.length > 0 ? stack[stack.length - 1].obj : result;
+      currentObj[popped.key] = popped.obj;
+    }
+    const inlineArrayMatch = trimmed.match(/^(\w[\w_-]*)\s*:\s*\[(.+)\]$/);
     if (inlineArrayMatch) {
       const key = inlineArrayMatch[1];
       const values = inlineArrayMatch[2].split(",").map((v2) => v2.trim().replace(/^["']|["']$/g, ""));
-      if (nestedObj && indent > currentIndent) {
-        nestedObj[key] = values;
+      if (stack.length > 0) {
+        stack[stack.length - 1].obj[key] = values;
       } else {
-        if (nestedObj && currentKey) {
-          result[currentKey] = nestedObj;
-          nestedObj = null;
-        }
-        result[key] = values;
+        currentObj[key] = values;
       }
       continue;
     }
-    const kvMatch = trimmed.match(/^(\w[\w-]*)\s*:\s*(.+)$/);
-    if (kvMatch && indent === 0) {
-      if (nestedObj && currentKey) {
-        result[currentKey] = nestedObj;
-        nestedObj = null;
-      }
+    const kvMatch = trimmed.match(/^(\w[\w_-]*)\s*:\s*(.+)$/);
+    if (kvMatch) {
       const key = kvMatch[1];
-      const value = kvMatch[2].replace(/^["']|["']$/g, "");
-      const num = Number(value);
-      if (!isNaN(num) && value !== "") {
-        result[key] = num;
-      } else if (value === "true") {
-        result[key] = true;
-      } else if (value === "false") {
-        result[key] = false;
+      const val = parseValue(kvMatch[2]);
+      if (stack.length > 0) {
+        stack[stack.length - 1].obj[key] = val;
       } else {
-        result[key] = value;
+        currentObj[key] = val;
       }
       continue;
     }
-    const nestedMatch = trimmed.match(/^(\w[\w-]*)\s*:$/);
-    if (nestedMatch && indent === 0) {
-      if (nestedObj && currentKey) {
-        result[currentKey] = nestedObj;
-      }
-      currentKey = nestedMatch[1];
-      currentIndent = indent;
-      nestedObj = {};
+    const nestedMatch = trimmed.match(/^(\w[\w_-]*)\s*:$/);
+    if (nestedMatch) {
+      const key = nestedMatch[1];
+      const newObj = {};
+      stack.push({ key, obj: newObj, indent });
       continue;
     }
-    if (nestedObj && indent > 0) {
-      const nestedKv = trimmed.match(/^(\w[\w-]*)\s*:\s*(.+)$/);
-      if (nestedKv) {
-        const key = nestedKv[1];
-        const value = nestedKv[2].replace(/^["']|["']$/g, "");
-        const num = Number(value);
-        if (!isNaN(num) && value !== "") {
-          nestedObj[key] = num;
-        } else if (value === "true") {
-          nestedObj[key] = true;
-        } else if (value === "false") {
-          nestedObj[key] = false;
-        } else {
-          nestedObj[key] = value;
-        }
-      }
-    }
   }
-  if (nestedObj && currentKey) {
-    result[currentKey] = nestedObj;
+  while (stack.length > 0) {
+    const popped = stack.pop();
+    const parent = stack.length > 0 ? stack[stack.length - 1].obj : result;
+    parent[popped.key] = popped.obj;
   }
   return result;
 }
@@ -76684,6 +76739,151 @@ var init_skill_telemetry = __esm({
   }
 });
 
+// src/policy-enforcer.ts
+var PolicyEnforcer;
+var init_policy_enforcer = __esm({
+  async "src/policy-enforcer.ts"() {
+    "use strict";
+    await init_dist();
+    PolicyEnforcer = class {
+      skills = /* @__PURE__ */ new Map();
+      metrics = {
+        totalEvaluations: 0,
+        totalBlocks: 0,
+        totalWarnings: 0,
+        bySkill: {},
+        byRule: {}
+      };
+      spanBuffer = [];
+      /**
+       * Register a skill definition for policy evaluation.
+       */
+      registerSkill(skill) {
+        this.skills.set(skill.name, skill);
+      }
+      /**
+       * Full 5-stage policy pipeline evaluation.
+       */
+      evaluate(ctx) {
+        this.metrics.totalEvaluations++;
+        const skillMetrics = this.metrics.bySkill[ctx.skillName] ??= { evaluations: 0, blocks: 0 };
+        skillMetrics.evaluations++;
+        const violations = [];
+        const skill = this.skills.get(ctx.skillName);
+        if (skill) {
+          if (ctx.toolName && skill.toolsDenied?.length) {
+            if (skill.toolsDenied.includes(ctx.toolName)) {
+              violations.push({
+                ruleId: `deny:${ctx.skillName}:${ctx.toolName}`,
+                scope: "tool",
+                action: "block",
+                type: "forbidden_tool",
+                message: `Tool "${ctx.toolName}" is forbidden for skill "${ctx.skillName}"`
+              });
+            }
+          }
+          if (ctx.toolName && skill.toolsAllowed?.length) {
+            if (!skill.toolsAllowed.includes(ctx.toolName)) {
+              violations.push({
+                ruleId: `allow:${ctx.skillName}:${ctx.toolName}`,
+                scope: "tool",
+                action: "block",
+                type: "tool_not_allowed",
+                message: `Tool "${ctx.toolName}" is not in the allowed list for skill "${ctx.skillName}"`
+              });
+            }
+          }
+          if (ctx.model && skill.allowedModels?.length) {
+            if (!skill.allowedModels.includes(ctx.model)) {
+              violations.push({
+                ruleId: `model:${ctx.skillName}:${ctx.model}`,
+                scope: "model",
+                action: "block",
+                type: "model_not_allowed",
+                message: `Model "${ctx.model}" is not allowed for skill "${ctx.skillName}". Allowed: ${skill.allowedModels.join(", ")}`
+              });
+            }
+          }
+        }
+        const blocked = violations.some((v2) => v2.action === "block");
+        for (const v2 of violations) {
+          this.metrics.byRule[v2.ruleId] = (this.metrics.byRule[v2.ruleId] ?? 0) + 1;
+          if (v2.action === "block") this.metrics.totalBlocks++;
+          if (v2.action === "warn") this.metrics.totalWarnings++;
+          this.spanBuffer.push(
+            buildPolicyViolationSpan({
+              ruleId: v2.ruleId,
+              policyScope: v2.scope,
+              actionTaken: v2.action,
+              violationType: v2.type,
+              targetTool: ctx.toolName,
+              targetModel: ctx.model,
+              skillName: ctx.skillName
+            })
+          );
+        }
+        if (blocked) {
+          skillMetrics.blocks++;
+        }
+        return {
+          allowed: !blocked,
+          violations,
+          stage: "report"
+        };
+      }
+      /**
+       * Wrap an MCP tool handler with policy enforcement.
+       * Returns a function that checks policy before calling the original handler.
+       */
+      wrapHandler(skillName, handler) {
+        return async (args) => {
+          const result = this.evaluate({
+            skillName,
+            args
+          });
+          if (!result.allowed) {
+            return {
+              blocked: true,
+              violations: result.violations.map((v2) => ({
+                rule: v2.ruleId,
+                reason: v2.message,
+                scope: v2.scope
+              }))
+            };
+          }
+          return handler(args);
+        };
+      }
+      /**
+       * Get accumulated policy metrics.
+       */
+      getMetrics() {
+        return { ...this.metrics };
+      }
+      /**
+       * Drain buffered telemetry spans.
+       */
+      drainSpans() {
+        const spans = this.spanBuffer;
+        this.spanBuffer = [];
+        return spans;
+      }
+      /**
+       * Reset all metrics (for testing).
+       */
+      resetMetrics() {
+        this.metrics = {
+          totalEvaluations: 0,
+          totalBlocks: 0,
+          totalWarnings: 0,
+          bySkill: {},
+          byRule: {}
+        };
+      }
+    };
+  }
+});
+
 // src/index.ts
 var VERSION;
 var init_index = __esm({
@@ -76701,12 +76901,14 @@ var init_index = __esm({
     init_skill_manifest();
     init_skill_invoker();
     await init_skill_telemetry();
+    await init_policy_enforcer();
     VERSION = "0.14.1";
   }
 });
 await init_index();
 export {
   AgentVaultMcpServer,
+  PolicyEnforcer,
   SecureChannel,
   VERSION,
   agentVaultPlugin,