@anthropic-field/core 0.1.0

package/dist/src/policy/policy-engine.js

@@ -0,0 +1,357 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import {} from '@google/genai';
+import { PolicyDecision, ApprovalMode, } from './types.js';
+import { stableStringify } from './stable-stringify.js';
+import { debugLogger } from '../utils/debugLogger.js';
+import { SafetyCheckDecision } from '../safety/protocol.js';
+import { SHELL_TOOL_NAMES, initializeShellParsers, splitCommands, hasRedirection, } from '../utils/shell-utils.js';
+function ruleMatches(rule, toolCall, stringifiedArgs, serverName, currentApprovalMode) {
+    // Check if rule applies to current approval mode
+    if (rule.modes && rule.modes.length > 0) {
+        if (!rule.modes.includes(currentApprovalMode)) {
+            return false;
+        }
+    }
+    // Check tool name if specified
+    if (rule.toolName) {
+        // Support wildcard patterns: "serverName__*" matches "serverName__anyTool"
+        if (rule.toolName.endsWith('__*')) {
+            const prefix = rule.toolName.slice(0, -3); // Remove "__*"
+            if (serverName !== undefined) {
+                // Robust check: if serverName is provided, it MUST match the prefix exactly.
+                // This prevents "malicious-server" from spoofing "trusted-server" by naming itself "trusted-server__malicious".
+                if (serverName !== prefix) {
+                    return false;
+                }
+            }
+            // Always verify the prefix, even if serverName matched
+            if (!toolCall.name || !toolCall.name.startsWith(prefix + '__')) {
+                return false;
+            }
+        }
+        else if (toolCall.name !== rule.toolName) {
+            return false;
+        }
+    }
+    // Check args pattern if specified
+    if (rule.argsPattern) {
+        // If rule has an args pattern but tool has no args, no match
+        if (!toolCall.args) {
+            return false;
+        }
+        // Use stable JSON stringification with sorted keys to ensure consistent matching
+        if (stringifiedArgs === undefined ||
+            !rule.argsPattern.test(stringifiedArgs)) {
+            return false;
+        }
+    }
+    return true;
+}
+export class PolicyEngine {
+    rules;
+    checkers;
+    hookCheckers;
+    defaultDecision;
+    nonInteractive;
+    checkerRunner;
+    approvalMode;
+    constructor(config = {}, checkerRunner) {
+        this.rules = (config.rules ?? []).sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
+        this.checkers = (config.checkers ?? []).sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
+        this.hookCheckers = (config.hookCheckers ?? []).sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
+        this.defaultDecision = config.defaultDecision ?? PolicyDecision.ASK_USER;
+        this.nonInteractive = config.nonInteractive ?? false;
+        this.checkerRunner = checkerRunner;
+        this.approvalMode = config.approvalMode ?? ApprovalMode.DEFAULT;
+    }
+    /**
+     * Update the current approval mode.
+     */
+    setApprovalMode(mode) {
+        this.approvalMode = mode;
+    }
+    /**
+     * Get the current approval mode.
+     */
+    getApprovalMode() {
+        return this.approvalMode;
+    }
+    shouldDowngradeForRedirection(command, allowRedirection) {
+        return (!allowRedirection &&
+            hasRedirection(command) &&
+            this.approvalMode !== ApprovalMode.AUTO_EDIT &&
+            this.approvalMode !== ApprovalMode.YOLO);
+    }
+    /**
+     * Check if a shell command is allowed.
+     */
+    async checkShellCommand(toolName, command, ruleDecision, serverName, dir_path, allowRedirection, rule) {
+        if (!command) {
+            return {
+                decision: this.applyNonInteractiveMode(ruleDecision),
+                rule,
+            };
+        }
+        await initializeShellParsers();
+        const subCommands = splitCommands(command);
+        if (subCommands.length === 0) {
+            // If the matched rule says DENY, we should respect it immediately even if parsing fails.
+            if (ruleDecision === PolicyDecision.DENY) {
+                return { decision: PolicyDecision.DENY, rule };
+            }
+            // In YOLO mode, we should proceed anyway even if we can't parse the command.
+            if (this.approvalMode === ApprovalMode.YOLO) {
+                return {
+                    decision: PolicyDecision.ALLOW,
+                    rule,
+                };
+            }
+            debugLogger.debug(`[PolicyEngine.check] Command parsing failed for: ${command}. Falling back to ASK_USER.`);
+            // Parsing logic failed, we can't trust it. Force ASK_USER (or DENY).
+            // We return the rule that matched so the evaluation loop terminates.
+            return {
+                decision: this.applyNonInteractiveMode(PolicyDecision.ASK_USER),
+                rule,
+            };
+        }
+        // If there are multiple parts, or if we just want to validate the single part against DENY rules
+        if (subCommands.length > 0) {
+            debugLogger.debug(`[PolicyEngine.check] Validating shell command: ${subCommands.length} parts`);
+            if (ruleDecision === PolicyDecision.DENY) {
+                return { decision: PolicyDecision.DENY, rule };
+            }
+            // Start optimistically. If all parts are ALLOW, the whole is ALLOW.
+            // We will downgrade if any part is ASK_USER or DENY.
+            let aggregateDecision = PolicyDecision.ALLOW;
+            let responsibleRule;
+            // Check for redirection on the full command string
+            if (this.shouldDowngradeForRedirection(command, allowRedirection)) {
+                debugLogger.debug(`[PolicyEngine.check] Downgrading ALLOW to ASK_USER for redirected command: ${command}`);
+                aggregateDecision = PolicyDecision.ASK_USER;
+                responsibleRule = undefined; // Inherent policy
+            }
+            for (const rawSubCmd of subCommands) {
+                const subCmd = rawSubCmd.trim();
+                // Prevent infinite recursion for the root command
+                if (subCmd === command) {
+                    if (this.shouldDowngradeForRedirection(subCmd, allowRedirection)) {
+                        debugLogger.debug(`[PolicyEngine.check] Downgrading ALLOW to ASK_USER for redirected command: ${subCmd}`);
+                        // Redirection always downgrades ALLOW to ASK_USER
+                        if (aggregateDecision === PolicyDecision.ALLOW) {
+                            aggregateDecision = PolicyDecision.ASK_USER;
+                            responsibleRule = undefined; // Inherent policy
+                        }
+                    }
+                    else {
+                        // Atomic command matching the rule.
+                        if (ruleDecision === PolicyDecision.ASK_USER &&
+                            aggregateDecision === PolicyDecision.ALLOW) {
+                            aggregateDecision = PolicyDecision.ASK_USER;
+                            responsibleRule = rule;
+                        }
+                    }
+                    continue;
+                }
+                const subResult = await this.check({ name: toolName, args: { command: subCmd, dir_path } }, serverName);
+                // subResult.decision is already filtered through applyNonInteractiveMode by this.check()
+                const subDecision = subResult.decision;
+                // If any part is DENIED, the whole command is DENY
+                if (subDecision === PolicyDecision.DENY) {
+                    return {
+                        decision: PolicyDecision.DENY,
+                        rule: subResult.rule,
+                    };
+                }
+                // If any part requires ASK_USER, the whole command requires ASK_USER
+                if (subDecision === PolicyDecision.ASK_USER) {
+                    aggregateDecision = PolicyDecision.ASK_USER;
+                    if (!responsibleRule) {
+                        responsibleRule = subResult.rule;
+                    }
+                }
+                // Check for redirection in allowed sub-commands
+                if (subDecision === PolicyDecision.ALLOW &&
+                    this.shouldDowngradeForRedirection(subCmd, allowRedirection)) {
+                    debugLogger.debug(`[PolicyEngine.check] Downgrading ALLOW to ASK_USER for redirected command: ${subCmd}`);
+                    if (aggregateDecision === PolicyDecision.ALLOW) {
+                        aggregateDecision = PolicyDecision.ASK_USER;
+                        responsibleRule = undefined;
+                    }
+                }
+            }
+            return {
+                decision: this.applyNonInteractiveMode(aggregateDecision),
+                // If we stayed at ALLOW, we return the original rule (if any).
+                // If we downgraded, we return the responsible rule (or undefined if implicit).
+                rule: aggregateDecision === ruleDecision ? rule : responsibleRule,
+            };
+        }
+        return {
+            decision: this.applyNonInteractiveMode(ruleDecision),
+            rule,
+        };
+    }
+    /**
+     * Check if a tool call is allowed based on the configured policies.
+     * Returns the decision and the matching rule (if any).
+     */
+    async check(toolCall, serverName) {
+        let stringifiedArgs;
+        // Compute stringified args once before the loop
+        if (toolCall.args &&
+            (this.rules.some((rule) => rule.argsPattern) ||
+                this.checkers.some((checker) => checker.argsPattern))) {
+            stringifiedArgs = stableStringify(toolCall.args);
+        }
+        debugLogger.debug(`[PolicyEngine.check] toolCall.name: ${toolCall.name}, stringifiedArgs: ${stringifiedArgs}`);
+        // Check for shell commands upfront to handle splitting
+        let isShellCommand = false;
+        let command;
+        let shellDirPath;
+        const toolName = toolCall.name;
+        if (toolName && SHELL_TOOL_NAMES.includes(toolName)) {
+            isShellCommand = true;
+            const args = toolCall.args;
+            command = args?.command;
+            shellDirPath = args?.dir_path;
+        }
+        // Find the first matching rule (already sorted by priority)
+        let matchedRule;
+        let decision;
+        // For tools with a server name, we want to try matching both the
+        // original name and the fully qualified name (server__tool).
+        const toolCallsToTry = [toolCall];
+        if (serverName && toolCall.name && !toolCall.name.includes('__')) {
+            toolCallsToTry.push({
+                ...toolCall,
+                name: `${serverName}__${toolCall.name}`,
+            });
+        }
+        for (const rule of this.rules) {
+            const match = toolCallsToTry.some((tc) => ruleMatches(rule, tc, stringifiedArgs, serverName, this.approvalMode));
+            if (match) {
+                debugLogger.debug(`[PolicyEngine.check] MATCHED rule: toolName=${rule.toolName}, decision=${rule.decision}, priority=${rule.priority}, argsPattern=${rule.argsPattern?.source || 'none'}`);
+                if (isShellCommand && toolName) {
+                    const shellResult = await this.checkShellCommand(toolName, command, rule.decision, serverName, shellDirPath, rule.allowRedirection, rule);
+                    decision = shellResult.decision;
+                    if (shellResult.rule) {
+                        matchedRule = shellResult.rule;
+                        break;
+                    }
+                }
+                else {
+                    decision = this.applyNonInteractiveMode(rule.decision);
+                    matchedRule = rule;
+                    break;
+                }
+            }
+        }
+        // Default if no rule matched
+        if (decision === undefined) {
+            debugLogger.debug(`[PolicyEngine.check] NO MATCH - using default decision: ${this.defaultDecision}`);
+            if (toolName && SHELL_TOOL_NAMES.includes(toolName)) {
+                const shellResult = await this.checkShellCommand(toolName, command, this.defaultDecision, serverName, shellDirPath);
+                decision = shellResult.decision;
+                matchedRule = shellResult.rule;
+            }
+            else {
+                decision = this.applyNonInteractiveMode(this.defaultDecision);
+            }
+        }
+        // Safety checks
+        if (decision !== PolicyDecision.DENY && this.checkerRunner) {
+            for (const checkerRule of this.checkers) {
+                if (ruleMatches(checkerRule, toolCall, stringifiedArgs, serverName, this.approvalMode)) {
+                    debugLogger.debug(`[PolicyEngine.check] Running safety checker: ${checkerRule.checker.name}`);
+                    try {
+                        const result = await this.checkerRunner.runChecker(toolCall, checkerRule.checker);
+                        if (result.decision === SafetyCheckDecision.DENY) {
+                            debugLogger.debug(`[PolicyEngine.check] Safety checker '${checkerRule.checker.name}' denied execution: ${result.reason}`);
+                            return {
+                                decision: PolicyDecision.DENY,
+                                rule: matchedRule,
+                            };
+                        }
+                        else if (result.decision === SafetyCheckDecision.ASK_USER) {
+                            debugLogger.debug(`[PolicyEngine.check] Safety checker requested ASK_USER: ${result.reason}`);
+                            decision = PolicyDecision.ASK_USER;
+                        }
+                    }
+                    catch (error) {
+                        debugLogger.debug(`[PolicyEngine.check] Safety checker '${checkerRule.checker.name}' threw an error:`, error);
+                        return {
+                            decision: PolicyDecision.DENY,
+                            rule: matchedRule,
+                        };
+                    }
+                }
+            }
+        }
+        return {
+            decision: this.applyNonInteractiveMode(decision),
+            rule: matchedRule,
+        };
+    }
+    /**
+     * Add a new rule to the policy engine.
+     */
+    addRule(rule) {
+        this.rules.push(rule);
+        // Re-sort rules by priority
+        this.rules.sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
+    }
+    addChecker(checker) {
+        this.checkers.push(checker);
+        this.checkers.sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
+    }
+    /**
+     * Remove rules for a specific tool.
+     * If source is provided, only rules matching that source are removed.
+     */
+    removeRulesForTool(toolName, source) {
+        this.rules = this.rules.filter((rule) => rule.toolName !== toolName ||
+            (source !== undefined && rule.source !== source));
+    }
+    /**
+     * Get all current rules.
+     */
+    getRules() {
+        return this.rules;
+    }
+    /**
+     * Check if a rule for a specific tool already exists.
+     * If ignoreDynamic is true, it only returns true if a rule exists that was NOT added by AgentRegistry.
+     */
+    hasRuleForTool(toolName, ignoreDynamic = false) {
+        return this.rules.some((rule) => rule.toolName === toolName &&
+            (!ignoreDynamic || rule.source !== 'AgentRegistry (Dynamic)'));
+    }
+    getCheckers() {
+        return this.checkers;
+    }
+    /**
+     * Add a new hook checker to the policy engine.
+     */
+    addHookChecker(checker) {
+        this.hookCheckers.push(checker);
+        this.hookCheckers.sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
+    }
+    /**
+     * Get all current hook checkers.
+     */
+    getHookCheckers() {
+        return this.hookCheckers;
+    }
+    applyNonInteractiveMode(decision) {
+        // In non-interactive mode, ASK_USER becomes DENY
+        if (this.nonInteractive && decision === PolicyDecision.ASK_USER) {
+            return PolicyDecision.DENY;
+        }
+        return decision;
+    }
+}
+//# sourceMappingURL=policy-engine.js.map

package/dist/src/policy/policy-engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-engine.js","sourceRoot":"","sources":["../../../src/policy/policy-engine.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAqB,MAAM,eAAe,CAAC;AAClD,OAAO,EACL,cAAc,EAKd,YAAY,GAEb,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAEtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EACtB,aAAa,EACb,cAAc,GACf,MAAM,yBAAyB,CAAC;AAEjC,SAAS,WAAW,CAClB,IAAoC,EACpC,QAAsB,EACtB,eAAmC,EACnC,UAA8B,EAC9B,mBAAiC;IAEjC,iDAAiD;IACjD,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;YAC9C,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,2EAA2E;QAC3E,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe;YAC1D,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;gBAC7B,6EAA6E;gBAC7E,gHAAgH;gBAChH,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;oBAC1B,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YACD,uDAAuD;YACvD,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC;gBAC/D,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;aAAM,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC3C,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,6DAA6D;QAC7D,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,iFAAiF;QACjF,IACE,eAAe,KAAK,SAAS;YAC7B,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,eAAe,CAAC,EACvC,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,OAAO,YAAY;IACf,KAAK,CAAe;IACpB,QAAQ,CAAsB;IAC9B,YAAY,CAAoB;IACvB,eAAe,CAAiB;IAChC,cAAc,CAAU;IACxB,aAAa,CAAiB;IACvC,YAAY,CAAe;IAEnC,YAAY,SAA6B,EAAE,EAAE,aAA6B;QACxE,IAAI,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CACpC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAChD,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,IAAI,CAC1C,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAChD,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,IAAI,CAClD,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAChD,CAAC;QACF,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,IAAI,cAAc,CAAC,QAAQ,CAAC;QACzE,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,IAAI,KAAK,CAAC;QACrD,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,YAAY,CAAC,OAAO,CAAC;IAClE,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,IAAkB;QAChC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAEO,6BAA6B,CACnC,OAAe,EACf,gBAA0B;QAE1B,OAAO,CACL,CAAC,gBAAgB;YACjB,cAAc,CAAC,OAAO,CAAC;YACvB,IAAI,CAAC,YAAY,KAAK,YAAY,CAAC,SAAS;YAC5C,IAAI,CAAC,YAAY,KAAK,YAAY,CAAC,IAAI,CACxC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAC7B,QAAgB,EAChB,OAA2B,EAC3B,YAA4B,EAC5B,UAA8B,EAC9B,QAA4B,EAC5B,gBAA0B,EAC1B,IAAiB;QAEjB,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;gBACL,QAAQ,EAAE,IAAI,CAAC,uBAAuB,CAAC,YAAY,CAAC;gBACpD,IAAI;aACL,CAAC;QACJ,CAAC;QAED,MAAM,sBAAsB,EAAE,CAAC;QAC/B,MAAM,WAAW,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QAE3C,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,yFAAyF;YACzF,IAAI,YAAY,KAAK,cAAc,CAAC,IAAI,EAAE,CAAC;gBACzC,OAAO,EAAE,QAAQ,EAAE,cAAc,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;YACjD,CAAC;YAED,6EAA6E;YAC7E,IAAI,IAAI,CAAC,YAAY,KAAK,YAAY,CAAC,IAAI,EAAE,CAAC;gBAC5C,OAAO;oBACL,QAAQ,EAAE,cAAc,CAAC,KAAK;oBAC9B,IAAI;iBACL,CAAC;YACJ,CAAC;YAED,WAAW,CAAC,KAAK,CACf,oDAAoD,OAAO,6BAA6B,CACzF,CAAC;YAEF,qEAAqE;YACrE,qEAAqE;YACrE,OAAO;gBACL,QAAQ,EAAE,IAAI,CAAC,uBAAuB,CAAC,cAAc,CAAC,QAAQ,CAAC;gBAC/D,IAAI;aACL,CAAC;QACJ,CAAC;QAED,iGAAiG;QACjG,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,WAAW,CAAC,KAAK,CACf,kDAAkD,WAAW,CAAC,MAAM,QAAQ,CAC7E,CAAC;YAEF,IAAI,YAAY,KAAK,cAAc,CAAC,IAAI,EAAE,CAAC;gBACzC,OAAO,EAAE,QAAQ,EAAE,cAAc,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;YACjD,CAAC;YAED,oEAAoE;YACpE,qDAAqD;YACrD,IAAI,iBAAiB,GAAG,cAAc,CAAC,KAAK,CAAC;YAC7C,IAAI,eAAuC,CAAC;YAE5C,mDAAmD;YACnD,IAAI,IAAI,CAAC,6BAA6B,CAAC,OAAO,EAAE,gBAAgB,CAAC,EAAE,CAAC;gBAClE,WAAW,CAAC,KAAK,CACf,8EAA8E,OAAO,EAAE,CACxF,CAAC;gBACF,iBAAiB,GAAG,cAAc,CAAC,QAAQ,CAAC;gBAC5C,eAAe,GAAG,SAAS,CAAC,CAAC,kBAAkB;YACjD,CAAC;YAED,KAAK,MAAM,SAAS,IAAI,WAAW,EAAE,CAAC;gBACpC,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;gBAChC,kDAAkD;gBAClD,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;oBACvB,IAAI,IAAI,CAAC,6BAA6B,CAAC,MAAM,EAAE,gBAAgB,CAAC,EAAE,CAAC;wBACjE,WAAW,CAAC,KAAK,CACf,8EAA8E,MAAM,EAAE,CACvF,CAAC;wBACF,kDAAkD;wBAClD,IAAI,iBAAiB,KAAK,cAAc,CAAC,KAAK,EAAE,CAAC;4BAC/C,iBAAiB,GAAG,cAAc,CAAC,QAAQ,CAAC;4BAC5C,eAAe,GAAG,SAAS,CAAC,CAAC,kBAAkB;wBACjD,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,oCAAoC;wBACpC,IACE,YAAY,KAAK,cAAc,CAAC,QAAQ;4BACxC,iBAAiB,KAAK,cAAc,CAAC,KAAK,EAC1C,CAAC;4BACD,iBAAiB,GAAG,cAAc,CAAC,QAAQ,CAAC;4BAC5C,eAAe,GAAG,IAAI,CAAC;wBACzB,CAAC;oBACH,CAAC;oBACD,SAAS;gBACX,CAAC;gBAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAChC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,EACvD,UAAU,CACX,CAAC;gBAEF,yFAAyF;gBACzF,MAAM,WAAW,GAAG,SAAS,CAAC,QAAQ,CAAC;gBAEvC,mDAAmD;gBACnD,IAAI,WAAW,KAAK,cAAc,CAAC,IAAI,EAAE,CAAC;oBACxC,OAAO;wBACL,QAAQ,EAAE,cAAc,CAAC,IAAI;wBAC7B,IAAI,EAAE,SAAS,CAAC,IAAI;qBACrB,CAAC;gBACJ,CAAC;gBAED,qEAAqE;gBACrE,IAAI,WAAW,KAAK,cAAc,CAAC,QAAQ,EAAE,CAAC;oBAC5C,iBAAiB,GAAG,cAAc,CAAC,QAAQ,CAAC;oBAC5C,IAAI,CAAC,eAAe,EAAE,CAAC;wBACrB,eAAe,GAAG,SAAS,CAAC,IAAI,CAAC;oBACnC,CAAC;gBACH,CAAC;gBAED,gDAAgD;gBAChD,IACE,WAAW,KAAK,cAAc,CAAC,KAAK;oBACpC,IAAI,CAAC,6BAA6B,CAAC,MAAM,EAAE,gBAAgB,CAAC,EAC5D,CAAC;oBACD,WAAW,CAAC,KAAK,CACf,8EAA8E,MAAM,EAAE,CACvF,CAAC;oBACF,IAAI,iBAAiB,KAAK,cAAc,CAAC,KAAK,EAAE,CAAC;wBAC/C,iBAAiB,GAAG,cAAc,CAAC,QAAQ,CAAC;wBAC5C,eAAe,GAAG,SAAS,CAAC;oBAC9B,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,IAAI,CAAC,uBAAuB,CAAC,iBAAiB,CAAC;gBACzD,+DAA+D;gBAC/D,+EAA+E;gBAC/E,IAAI,EAAE,iBAAiB,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,eAAe;aAClE,CAAC;QACJ,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,uBAAuB,CAAC,YAAY,CAAC;YACpD,IAAI;SACL,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,KAAK,CACT,QAAsB,EACtB,UAA8B;QAE9B,IAAI,eAAmC,CAAC;QACxC,gDAAgD;QAChD,IACE,QAAQ,CAAC,IAAI;YACb,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC;gBAC1C,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,EACvD,CAAC;YACD,eAAe,GAAG,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnD,CAAC;QAED,WAAW,CAAC,KAAK,CACf,uCAAuC,QAAQ,CAAC,IAAI,sBAAsB,eAAe,EAAE,CAC5F,CAAC;QAEF,uDAAuD;QACvD,IAAI,cAAc,GAAG,KAAK,CAAC;QAC3B,IAAI,OAA2B,CAAC;QAChC,IAAI,YAAgC,CAAC;QAErC,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC;QAE/B,IAAI,QAAQ,IAAI,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpD,cAAc,GAAG,IAAI,CAAC;YACtB,MAAM,IAAI,GAAG,QAAQ,CAAC,IAA+C,CAAC;YACtE,OAAO,GAAG,IAAI,EAAE,OAAO,CAAC;YACxB,YAAY,GAAG,IAAI,EAAE,QAAQ,CAAC;QAChC,CAAC;QAED,4DAA4D;QAC5D,IAAI,WAAmC,CAAC;QACxC,IAAI,QAAoC,CAAC;QAEzC,iEAAiE;QACjE,6DAA6D;QAC7D,MAAM,cAAc,GAAmB,CAAC,QAAQ,CAAC,CAAC;QAClD,IAAI,UAAU,IAAI,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACjE,cAAc,CAAC,IAAI,CAAC;gBAClB,GAAG,QAAQ;gBACX,IAAI,EAAE,GAAG,UAAU,KAAK,QAAQ,CAAC,IAAI,EAAE;aACxC,CAAC,CAAC;QACL,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CACvC,WAAW,CAAC,IAAI,EAAE,EAAE,EAAE,eAAe,EAAE,UAAU,EAAE,IAAI,CAAC,YAAY,CAAC,CACtE,CAAC;YAEF,IAAI,KAAK,EAAE,CAAC;gBACV,WAAW,CAAC,KAAK,CACf,+CAA+C,IAAI,CAAC,QAAQ,cAAc,IAAI,CAAC,QAAQ,cAAc,IAAI,CAAC,QAAQ,iBAAiB,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,MAAM,EAAE,CACxK,CAAC;gBAEF,IAAI,cAAc,IAAI,QAAQ,EAAE,CAAC;oBAC/B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAC9C,QAAQ,EACR,OAAO,EACP,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,YAAY,EACZ,IAAI,CAAC,gBAAgB,EACrB,IAAI,CACL,CAAC;oBACF,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC;oBAChC,IAAI,WAAW,CAAC,IAAI,EAAE,CAAC;wBACrB,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC;wBAC/B,MAAM;oBACR,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,QAAQ,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACvD,WAAW,GAAG,IAAI,CAAC;oBACnB,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3B,WAAW,CAAC,KAAK,CACf,2DAA2D,IAAI,CAAC,eAAe,EAAE,CAClF,CAAC;YACF,IAAI,QAAQ,IAAI,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAC9C,QAAQ,EACR,OAAO,EACP,IAAI,CAAC,eAAe,EACpB,UAAU,EACV,YAAY,CACb,CAAC;gBACF,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC;gBAChC,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC;YACjC,CAAC;iBAAM,CAAC;gBACN,QAAQ,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YAChE,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,IAAI,QAAQ,KAAK,cAAc,CAAC,IAAI,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YAC3D,KAAK,MAAM,WAAW,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACxC,IACE,WAAW,CACT,WAAW,EACX,QAAQ,EACR,eAAe,EACf,UAAU,EACV,IAAI,CAAC,YAAY,CAClB,EACD,CAAC;oBACD,WAAW,CAAC,KAAK,CACf,gDAAgD,WAAW,CAAC,OAAO,CAAC,IAAI,EAAE,CAC3E,CAAC;oBACF,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAChD,QAAQ,EACR,WAAW,CAAC,OAAO,CACpB,CAAC;wBACF,IAAI,MAAM,CAAC,QAAQ,KAAK,mBAAmB,CAAC,IAAI,EAAE,CAAC;4BACjD,WAAW,CAAC,KAAK,CACf,wCAAwC,WAAW,CAAC,OAAO,CAAC,IAAI,uBAAuB,MAAM,CAAC,MAAM,EAAE,CACvG,CAAC;4BACF,OAAO;gCACL,QAAQ,EAAE,cAAc,CAAC,IAAI;gCAC7B,IAAI,EAAE,WAAW;6BAClB,CAAC;wBACJ,CAAC;6BAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,mBAAmB,CAAC,QAAQ,EAAE,CAAC;4BAC5D,WAAW,CAAC,KAAK,CACf,2DAA2D,MAAM,CAAC,MAAM,EAAE,CAC3E,CAAC;4BACF,QAAQ,GAAG,cAAc,CAAC,QAAQ,CAAC;wBACrC,CAAC;oBACH,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,WAAW,CAAC,KAAK,CACf,wCAAwC,WAAW,CAAC,OAAO,CAAC,IAAI,mBAAmB,EACnF,KAAK,CACN,CAAC;wBACF,OAAO;4BACL,QAAQ,EAAE,cAAc,CAAC,IAAI;4BAC7B,IAAI,EAAE,WAAW;yBAClB,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC;YAChD,IAAI,EAAE,WAAW;SAClB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,IAAgB;QACtB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,4BAA4B;QAC5B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,UAAU,CAAC,OAA0B;QACnC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC5B,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACtE,CAAC;IAED;;;OAGG;IACH,kBAAkB,CAAC,QAAgB,EAAE,MAAe;QAClD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAC5B,CAAC,IAAI,EAAE,EAAE,CACP,IAAI,CAAC,QAAQ,KAAK,QAAQ;YAC1B,CAAC,MAAM,KAAK,SAAS,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,CAAC,CACnD,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,QAAgB,EAAE,aAAa,GAAG,KAAK;QACpD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CACpB,CAAC,IAAI,EAAE,EAAE,CACP,IAAI,CAAC,QAAQ,KAAK,QAAQ;YAC1B,CAAC,CAAC,aAAa,IAAI,IAAI,CAAC,MAAM,KAAK,yBAAyB,CAAC,CAChE,CAAC;IACJ,CAAC;IAED,WAAW;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,OAAwB;QACrC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1E,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAEO,uBAAuB,CAAC,QAAwB;QACtD,iDAAiD;QACjD,IAAI,IAAI,CAAC,cAAc,IAAI,QAAQ,KAAK,cAAc,CAAC,QAAQ,EAAE,CAAC;YAChE,OAAO,cAAc,CAAC,IAAI,CAAC;QAC7B,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/dist/src/policy/stable-stringify.d.ts

@@ -0,0 +1,58 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+/**
+ * Produces a stable, deterministic JSON string representation with sorted keys.
+ *
+ * This method is critical for security policy matching. It ensures that the same
+ * object always produces the same string representation, regardless of property
+ * insertion order, which could vary across different JavaScript engines or
+ * runtime conditions.
+ *
+ * Key behaviors:
+ * 1. **Sorted Keys**: Object properties are always serialized in alphabetical order,
+ *    ensuring deterministic output for pattern matching.
+ *
+ * 2. **Circular Reference Protection**: Uses ancestor chain tracking (not just
+ *    object identity) to detect true circular references while correctly handling
+ *    repeated non-circular object references. Circular references are replaced
+ *    with "[Circular]" to prevent stack overflow attacks.
+ *
+ * 3. **JSON Spec Compliance**:
+ *    - undefined values: Omitted from objects, converted to null in arrays
+ *    - Functions: Omitted from objects, converted to null in arrays
+ *    - toJSON methods: Respected and called when present (per JSON.stringify spec)
+ *
+ * 4. **Security Considerations**:
+ *    - Prevents DoS via circular references that would cause infinite recursion
+ *    - Ensures consistent policy rule matching by normalizing property order
+ *    - Respects toJSON for objects that sanitize their output
+ *    - Handles toJSON methods that throw errors gracefully
+ *
+ * @param obj - The object to stringify (typically toolCall.args)
+ * @returns A deterministic JSON string representation
+ *
+ * @example
+ * // Different property orders produce the same output:
+ * stableStringify({b: 2, a: 1}) === stableStringify({a: 1, b: 2})
+ * // Returns: '{"a":1,"b":2}'
+ *
+ * @example
+ * // Circular references are handled safely:
+ * const obj = {a: 1};
+ * obj.self = obj;
+ * stableStringify(obj)
+ * // Returns: '{"a":1,"self":"[Circular]"}'
+ *
+ * @example
+ * // toJSON methods are respected:
+ * const obj = {
+ *   sensitive: 'secret',
+ *   toJSON: () => ({ safe: 'data' })
+ * };
+ * stableStringify(obj)
+ * // Returns: '{"safe":"data"}'
+ */
+export declare function stableStringify(obj: unknown): string;

package/dist/src/policy/stable-stringify.js

@@ -0,0 +1,122 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+/**
+ * Produces a stable, deterministic JSON string representation with sorted keys.
+ *
+ * This method is critical for security policy matching. It ensures that the same
+ * object always produces the same string representation, regardless of property
+ * insertion order, which could vary across different JavaScript engines or
+ * runtime conditions.
+ *
+ * Key behaviors:
+ * 1. **Sorted Keys**: Object properties are always serialized in alphabetical order,
+ *    ensuring deterministic output for pattern matching.
+ *
+ * 2. **Circular Reference Protection**: Uses ancestor chain tracking (not just
+ *    object identity) to detect true circular references while correctly handling
+ *    repeated non-circular object references. Circular references are replaced
+ *    with "[Circular]" to prevent stack overflow attacks.
+ *
+ * 3. **JSON Spec Compliance**:
+ *    - undefined values: Omitted from objects, converted to null in arrays
+ *    - Functions: Omitted from objects, converted to null in arrays
+ *    - toJSON methods: Respected and called when present (per JSON.stringify spec)
+ *
+ * 4. **Security Considerations**:
+ *    - Prevents DoS via circular references that would cause infinite recursion
+ *    - Ensures consistent policy rule matching by normalizing property order
+ *    - Respects toJSON for objects that sanitize their output
+ *    - Handles toJSON methods that throw errors gracefully
+ *
+ * @param obj - The object to stringify (typically toolCall.args)
+ * @returns A deterministic JSON string representation
+ *
+ * @example
+ * // Different property orders produce the same output:
+ * stableStringify({b: 2, a: 1}) === stableStringify({a: 1, b: 2})
+ * // Returns: '{"a":1,"b":2}'
+ *
+ * @example
+ * // Circular references are handled safely:
+ * const obj = {a: 1};
+ * obj.self = obj;
+ * stableStringify(obj)
+ * // Returns: '{"a":1,"self":"[Circular]"}'
+ *
+ * @example
+ * // toJSON methods are respected:
+ * const obj = {
+ *   sensitive: 'secret',
+ *   toJSON: () => ({ safe: 'data' })
+ * };
+ * stableStringify(obj)
+ * // Returns: '{"safe":"data"}'
+ */
+export function stableStringify(obj) {
+    const stringify = (currentObj, ancestors) => {
+        // Handle primitives and null
+        if (currentObj === undefined) {
+            return 'null'; // undefined in arrays becomes null in JSON
+        }
+        if (currentObj === null) {
+            return 'null';
+        }
+        if (typeof currentObj === 'function') {
+            return 'null'; // functions in arrays become null in JSON
+        }
+        if (typeof currentObj !== 'object') {
+            return JSON.stringify(currentObj);
+        }
+        // Check for circular reference (object is in ancestor chain)
+        if (ancestors.has(currentObj)) {
+            return '"[Circular]"';
+        }
+        ancestors.add(currentObj);
+        try {
+            // Check for toJSON method and use it if present
+            const objWithToJSON = currentObj;
+            if (typeof objWithToJSON.toJSON === 'function') {
+                try {
+                    const jsonValue = objWithToJSON.toJSON();
+                    // The result of toJSON needs to be stringified recursively
+                    if (jsonValue === null) {
+                        return 'null';
+                    }
+                    return stringify(jsonValue, ancestors);
+                }
+                catch {
+                    // If toJSON throws, treat as a regular object
+                }
+            }
+            if (Array.isArray(currentObj)) {
+                const items = currentObj.map((item) => {
+                    // undefined and functions in arrays become null
+                    if (item === undefined || typeof item === 'function') {
+                        return 'null';
+                    }
+                    return stringify(item, ancestors);
+                });
+                return '[' + items.join(',') + ']';
+            }
+            // Handle objects - sort keys and filter out undefined/function values
+            const sortedKeys = Object.keys(currentObj).sort();
+            const pairs = [];
+            for (const key of sortedKeys) {
+                const value = currentObj[key];
+                // Skip undefined and function values in objects (per JSON spec)
+                if (value !== undefined && typeof value !== 'function') {
+                    pairs.push(JSON.stringify(key) + ':' + stringify(value, ancestors));
+                }
+            }
+            return '{' + pairs.join(',') + '}';
+        }
+        finally {
+            ancestors.delete(currentObj);
+        }
+    };
+    return stringify(obj, new Set());
+}
+//# sourceMappingURL=stable-stringify.js.map

package/dist/src/policy/stable-stringify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stable-stringify.js","sourceRoot":"","sources":["../../../src/policy/stable-stringify.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmDG;AACH,MAAM,UAAU,eAAe,CAAC,GAAY;IAC1C,MAAM,SAAS,GAAG,CAAC,UAAmB,EAAE,SAAuB,EAAU,EAAE;QACzE,6BAA6B;QAC7B,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,OAAO,MAAM,CAAC,CAAC,2CAA2C;QAC5D,CAAC;QACD,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;YACxB,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,IAAI,OAAO,UAAU,KAAK,UAAU,EAAE,CAAC;YACrC,OAAO,MAAM,CAAC,CAAC,0CAA0C;QAC3D,CAAC;QACD,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACpC,CAAC;QAED,6DAA6D;QAC7D,IAAI,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,OAAO,cAAc,CAAC;QACxB,CAAC;QAED,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAE1B,IAAI,CAAC;YACH,gDAAgD;YAChD,MAAM,aAAa,GAAG,UAAwC,CAAC;YAC/D,IAAI,OAAO,aAAa,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;gBAC/C,IAAI,CAAC;oBACH,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC;oBACzC,2DAA2D;oBAC3D,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;wBACvB,OAAO,MAAM,CAAC;oBAChB,CAAC;oBACD,OAAO,SAAS,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;gBACzC,CAAC;gBAAC,MAAM,CAAC;oBACP,8CAA8C;gBAChD,CAAC;YACH,CAAC;YAED,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9B,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;oBACpC,gDAAgD;oBAChD,IAAI,IAAI,KAAK,SAAS,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE,CAAC;wBACrD,OAAO,MAAM,CAAC;oBAChB,CAAC;oBACD,OAAO,SAAS,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;gBACpC,CAAC,CAAC,CAAC;gBACH,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;YACrC,CAAC;YAED,sEAAsE;YACtE,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC;YAClD,MAAM,KAAK,GAAa,EAAE,CAAC;YAE3B,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAI,UAAsC,CAAC,GAAG,CAAC,CAAC;gBAC3D,gEAAgE;gBAChE,IAAI,KAAK,KAAK,SAAS,IAAI,OAAO,KAAK,KAAK,UAAU,EAAE,CAAC;oBACvD,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,SAAS,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC;gBACtE,CAAC;YACH,CAAC;YAED,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;QACrC,CAAC;gBAAS,CAAC;YACT,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC,CAAC;IAEF,OAAO,SAAS,CAAC,GAAG,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;AACnC,CAAC"}

package/dist/src/policy/toml-loader.d.ts

@@ -0,0 +1,45 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { type PolicyRule, type SafetyCheckerRule } from './types.js';
+/**
+ * Types of errors that can occur while loading policy files.
+ */
+export type PolicyFileErrorType = 'file_read' | 'toml_parse' | 'schema_validation' | 'rule_validation' | 'regex_compilation';
+/**
+ * Detailed error information for policy file loading failures.
+ */
+export interface PolicyFileError {
+    filePath: string;
+    fileName: string;
+    tier: 'default' | 'user' | 'admin';
+    ruleIndex?: number;
+    errorType: PolicyFileErrorType;
+    message: string;
+    details?: string;
+    suggestion?: string;
+}
+/**
+ * Result of loading policies from TOML files.
+ */
+export interface PolicyLoadResult {
+    rules: PolicyRule[];
+    checkers: SafetyCheckerRule[];
+    errors: PolicyFileError[];
+}
+/**
+ * Loads and parses policies from TOML files in the specified directories.
+ *
+ * This function:
+ * 1. Scans directories for .toml files
+ * 2. Parses and validates each file
+ * 3. Transforms rules (commandPrefix, arrays, mcpName, priorities)
+ * 4. Collects detailed error information for any failures
+ *
+ * @param policyDirs Array of directory paths to scan for policy files
+ * @param getPolicyTier Function to determine tier (1-3) for a directory
+ * @returns Object containing successfully parsed rules and any errors encountered
+ */
+export declare function loadPoliciesFromToml(policyDirs: string[], getPolicyTier: (dir: string) => number): Promise<PolicyLoadResult>;