@clawdstrike/openclaw 0.1.0

package/dist/policy/loader.js

@@ -0,0 +1,262 @@
+import { load as loadYaml } from 'js-yaml';
+import { readFileSync } from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { loadPolicyFromFile as loadCanonicalPolicyFromFile, loadPolicyFromString as loadCanonicalPolicyFromString, } from '@clawdstrike/policy';
+import { resolveBuiltinPolicy } from '../config.js';
+import { validatePolicy } from './validator.js';
+const RULESETS_DIR = fileURLToPath(new URL('../../rulesets/', import.meta.url));
+const CANONICAL_RULESETS_DIR = fileURLToPath(new URL('../../../../rulesets/', import.meta.url));
+export class PolicyLoadError extends Error {
+    cause;
+    constructor(message, opts) {
+        super(message);
+        this.name = 'PolicyLoadError';
+        this.cause = opts?.cause;
+    }
+}
+function isPlainObject(value) {
+    return typeof value === 'object' && value !== null && !Array.isArray(value);
+}
+function isBuiltinRef(ref) {
+    if (!ref)
+        return null;
+    if (ref.startsWith('clawdstrike:'))
+        return ref;
+    const candidate = `clawdstrike:${ref}`;
+    return resolveBuiltinPolicy(candidate) ? candidate : null;
+}
+function deepMerge(base, overlay) {
+    if (!isPlainObject(base) || !isPlainObject(overlay))
+        return overlay;
+    const out = { ...base };
+    for (const [key, value] of Object.entries(overlay)) {
+        if (value === undefined)
+            continue;
+        const existing = out[key];
+        if (isPlainObject(existing) && isPlainObject(value)) {
+            out[key] = deepMerge(existing, value);
+            continue;
+        }
+        // Arrays and scalars replace.
+        out[key] = value;
+    }
+    return out;
+}
+export function loadPolicyFromString(content) {
+    const parsed = parseYamlObject(content);
+    if (isCanonicalPolicy(parsed)) {
+        const canonical = loadCanonicalPolicyFromString(content, {
+            resolve: false,
+            rulesetsDir: CANONICAL_RULESETS_DIR,
+            onWarning: warnLegacyCompatibility,
+        });
+        return translateCanonicalPolicy(canonical);
+    }
+    const policy = parsed;
+    if (policy.version === 'clawdstrike-v1.0') {
+        warnLegacyCompatibility('Loaded legacy OpenClaw policy schema (clawdstrike-v1.0); canonical 1.2.0 is preferred.');
+    }
+    return policy;
+}
+function readPolicyFile(policyPath) {
+    try {
+        return readFileSync(policyPath, 'utf-8');
+    }
+    catch (err) {
+        throw new PolicyLoadError(`Failed to read policy file: ${policyPath}`, { cause: err });
+    }
+}
+function resolvePolicyRef(ref, baseDir) {
+    const builtin = isBuiltinRef(ref);
+    if (builtin) {
+        const fileName = resolveBuiltinPolicy(builtin);
+        if (!fileName) {
+            throw new PolicyLoadError(`Unknown built-in policy: ${builtin}`);
+        }
+        const filePath = path.join(RULESETS_DIR, fileName);
+        return {
+            id: `builtin:${builtin}`,
+            path: filePath,
+            content: readPolicyFile(filePath),
+            baseDir: path.dirname(filePath),
+        };
+    }
+    const resolvedPath = baseDir ? path.resolve(baseDir, ref) : path.resolve(ref);
+    return {
+        id: `file:${resolvedPath}`,
+        path: resolvedPath,
+        content: readPolicyFile(resolvedPath),
+        baseDir: path.dirname(resolvedPath),
+    };
+}
+function normalizeExtendsRef(ref, baseDir) {
+    const builtin = isBuiltinRef(ref);
+    if (builtin)
+        return builtin;
+    if (baseDir)
+        return path.resolve(baseDir, ref);
+    return ref;
+}
+function loadPolicyRecursive(ref, stack) {
+    const resolved = resolvePolicyRef(ref, baseDirForRef(ref, stack));
+    const { id, content, baseDir, path: policyPath } = resolved;
+    if (stack.includes(id)) {
+        throw new PolicyLoadError(`Circular policy extends detected: ${[...stack, id].join(' -> ')}`);
+    }
+    const nextStack = [...stack, id];
+    const parsed = parseYamlObject(content);
+    if (isCanonicalPolicy(parsed)) {
+        const canonical = policyPath
+            ? loadCanonicalPolicyFromFile(policyPath, {
+                resolve: true,
+                rulesetsDir: CANONICAL_RULESETS_DIR,
+                onWarning: warnLegacyCompatibility,
+            })
+            : loadCanonicalPolicyFromString(content, {
+                resolve: true,
+                basePath: baseDir,
+                rulesetsDir: CANONICAL_RULESETS_DIR,
+                onWarning: warnLegacyCompatibility,
+            });
+        const translated = translateCanonicalPolicy(canonical);
+        const report = validatePolicy(translated);
+        if (!report.valid) {
+            throw new PolicyLoadError(`Policy validation failed:\n- ${report.errors.join('\n- ')}`);
+        }
+        return translated;
+    }
+    const policy = parsed;
+    if (policy.version === 'clawdstrike-v1.0') {
+        warnLegacyCompatibility('Loaded legacy OpenClaw policy schema (clawdstrike-v1.0); canonical 1.2.0 is preferred.');
+    }
+    const extendsRef = typeof policy.extends === 'string' ? policy.extends.trim() : undefined;
+    if (!extendsRef) {
+        const report = validatePolicy(policy);
+        if (!report.valid) {
+            throw new PolicyLoadError(`Policy validation failed:\n- ${report.errors.join('\n- ')}`);
+        }
+        return policy;
+    }
+    const parentRef = normalizeExtendsRef(extendsRef, baseDir);
+    const parent = loadPolicyRecursive(parentRef, nextStack);
+    const merged = deepMerge(parent, { ...policy, extends: undefined });
+    const report = validatePolicy(merged);
+    if (!report.valid) {
+        throw new PolicyLoadError(`Policy validation failed:\n- ${report.errors.join('\n- ')}`);
+    }
+    return merged;
+}
+function baseDirForRef(ref, stack) {
+    // If we're resolving an extends chain and the last frame was a file, resolve
+    // relative paths from that file's directory.
+    const last = stack[stack.length - 1];
+    if (!last)
+        return undefined;
+    if (last.startsWith('file:')) {
+        const lastPath = last.slice('file:'.length);
+        return path.dirname(lastPath);
+    }
+    // Built-in policies don't define a baseDir for relative file extends.
+    return undefined;
+}
+export function loadPolicy(ref) {
+    if (!ref) {
+        throw new PolicyLoadError('Policy reference must be non-empty');
+    }
+    return loadPolicyRecursive(ref, []);
+}
+function parseYamlObject(content) {
+    let parsed;
+    try {
+        parsed = loadYaml(content);
+    }
+    catch (err) {
+        throw new PolicyLoadError('Failed to parse policy YAML', { cause: err });
+    }
+    if (!isPlainObject(parsed)) {
+        throw new PolicyLoadError('Policy must be a YAML mapping/object');
+    }
+    return parsed;
+}
+function isCanonicalPolicy(policy) {
+    const version = policy.version;
+    return typeof version === 'string' && /^(1\.1\.0|1\.2\.0)$/.test(version);
+}
+function warnLegacyCompatibility(message) {
+    // eslint-disable-next-line no-console
+    console.warn(message);
+}
+function translateCanonicalPolicy(canonical) {
+    const out = {
+        version: 'clawdstrike-v1.0',
+    };
+    const guards = canonical.guards;
+    const toggles = {};
+    if (guards) {
+        if (typeof guards.forbidden_path === 'object') {
+            const cfg = guards.forbidden_path;
+            toggles.forbidden_path = cfg.enabled !== false;
+            if (Array.isArray(cfg.patterns) && cfg.patterns.length > 0) {
+                out.filesystem = out.filesystem ?? {};
+                out.filesystem.forbidden_paths = cfg.patterns.filter((v) => typeof v === 'string');
+            }
+        }
+        if (typeof guards.path_allowlist === 'object') {
+            const cfg = guards.path_allowlist;
+            out.filesystem = out.filesystem ?? {};
+            if (Array.isArray(cfg.file_access_allow)) {
+                out.filesystem.allowed_read_paths = cfg.file_access_allow.filter((v) => typeof v === 'string');
+            }
+            if (Array.isArray(cfg.file_write_allow)) {
+                out.filesystem.allowed_write_roots = cfg.file_write_allow.filter((v) => typeof v === 'string');
+            }
+        }
+        if (typeof guards.egress_allowlist === 'object') {
+            const cfg = guards.egress_allowlist;
+            toggles.egress = cfg.enabled !== false;
+            const allow = Array.isArray(cfg.allow) ? cfg.allow.filter((v) => typeof v === 'string') : [];
+            const block = Array.isArray(cfg.block) ? cfg.block.filter((v) => typeof v === 'string') : [];
+            const defaultAction = cfg.default_action === 'allow' ? 'allow' : 'block';
+            out.egress = {
+                mode: defaultAction === 'allow' && allow.includes('*') ? 'open' : allow.length === 0 && defaultAction === 'block' ? 'deny_all' : 'allowlist',
+                allowed_domains: allow.filter((v) => v !== '*'),
+                denied_domains: block,
+            };
+        }
+        if (typeof guards.patch_integrity === 'object') {
+            const cfg = guards.patch_integrity;
+            toggles.patch_integrity = cfg.enabled !== false;
+            if (Array.isArray(cfg.forbidden_patterns) && cfg.forbidden_patterns.length > 0) {
+                out.execution = out.execution ?? {};
+                out.execution.denied_patterns = cfg.forbidden_patterns.filter((v) => typeof v === 'string');
+            }
+        }
+        if (typeof guards.secret_leak === 'object') {
+            const cfg = guards.secret_leak;
+            toggles.secret_leak = cfg.enabled !== false;
+        }
+        if (typeof guards.mcp_tool === 'object') {
+            const cfg = guards.mcp_tool;
+            toggles.mcp_tool = cfg.enabled !== false;
+            out.tools = {
+                allowed: Array.isArray(cfg.allow) ? cfg.allow.filter((v) => typeof v === 'string') : [],
+                denied: Array.isArray(cfg.block) ? cfg.block.filter((v) => typeof v === 'string') : [],
+            };
+        }
+        if (Array.isArray(guards.custom)) {
+            out.guards = {
+                ...out.guards,
+                custom: guards.custom,
+            };
+        }
+    }
+    if (Object.keys(toggles).length > 0) {
+        out.guards = {
+            ...(out.guards ?? {}),
+            ...toggles,
+        };
+    }
+    return out;
+}
+//# sourceMappingURL=loader.js.map

package/dist/policy/loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/policy/loader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,IAAI,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EACL,kBAAkB,IAAI,2BAA2B,EACjD,oBAAoB,IAAI,6BAA6B,GACtD,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AAGpD,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAEhD,MAAM,YAAY,GAAG,aAAa,CAAC,IAAI,GAAG,CAAC,iBAAiB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAChF,MAAM,sBAAsB,GAAG,aAAa,CAAC,IAAI,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAEhG,MAAM,OAAO,eAAgB,SAAQ,KAAK;IAC/B,KAAK,CAAW;IAEzB,YAAY,OAAe,EAAE,IAA0B;QACrD,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;QAC9B,IAAI,CAAC,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC;IAC3B,CAAC;CACF;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,YAAY,CAAC,GAAW;IAC/B,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,IAAI,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC;QAAE,OAAO,GAAG,CAAC;IAC/C,MAAM,SAAS,GAAG,eAAe,GAAG,EAAE,CAAC;IACvC,OAAO,oBAAoB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC;AAC5D,CAAC;AAED,SAAS,SAAS,CAAC,IAAS,EAAE,OAAY;IACxC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC;IAEpE,MAAM,GAAG,GAA4B,EAAE,GAAG,IAAI,EAAE,CAAC;IAEjD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,KAAK,KAAK,SAAS;YAAE,SAAS;QAElC,MAAM,QAAQ,GAAI,GAAW,CAAC,GAAG,CAAC,CAAC;QAEnC,IAAI,aAAa,CAAC,QAAQ,CAAC,IAAI,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;YACnD,GAAW,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YAC/C,SAAS;QACX,CAAC;QAED,8BAA8B;QAC7B,GAAW,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IAC5B,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,OAAe;IAClD,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IACxC,IAAI,iBAAiB,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,MAAM,SAAS,GAAG,6BAA6B,CAAC,OAAO,EAAE;YACvD,OAAO,EAAE,KAAK;YACd,WAAW,EAAE,sBAAsB;YACnC,SAAS,EAAE,uBAAuB;SACnC,CAAC,CAAC;QACH,OAAO,wBAAwB,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC;IAED,MAAM,MAAM,GAAG,MAAgB,CAAC;IAChC,IAAI,MAAM,CAAC,OAAO,KAAK,kBAAkB,EAAE,CAAC;QAC1C,uBAAuB,CACrB,wFAAwF,CACzF,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,cAAc,CAAC,UAAkB;IACxC,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,eAAe,CAAC,+BAA+B,UAAU,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;IACzF,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAW,EAAE,OAAgB;IACrD,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,QAAQ,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAC/C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,eAAe,CAAC,4BAA4B,OAAO,EAAE,CAAC,CAAC;QACnE,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;QACnD,OAAO;YACL,EAAE,EAAE,WAAW,OAAO,EAAE;YACxB,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,cAAc,CAAC,QAAQ,CAAC;YACjC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;SAChC,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC9E,OAAO;QACL,EAAE,EAAE,QAAQ,YAAY,EAAE;QAC1B,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,cAAc,CAAC,YAAY,CAAC;QACrC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC;KACpC,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAW,EAAE,OAAgB;IACxD,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAC5B,IAAI,OAAO;QAAE,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAC/C,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAW,EAAE,KAAe;IACvD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,EAAE,aAAa,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;IAClE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,QAAQ,CAAC;IAE5D,IAAI,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,eAAe,CAAC,qCAAqC,CAAC,GAAG,KAAK,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAChG,CAAC;IAED,MAAM,SAAS,GAAG,CAAC,GAAG,KAAK,EAAE,EAAE,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IACxC,IAAI,iBAAiB,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,MAAM,SAAS,GAAG,UAAU;YAC1B,CAAC,CAAC,2BAA2B,CAAC,UAAU,EAAE;gBACxC,OAAO,EAAE,IAAI;gBACb,WAAW,EAAE,sBAAsB;gBACnC,SAAS,EAAE,uBAAuB;aACnC,CAAC;YACF,CAAC,CAAC,6BAA6B,CAAC,OAAO,EAAE;gBACvC,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,OAAO;gBACjB,WAAW,EAAE,sBAAsB;gBACnC,SAAS,EAAE,uBAAuB;aACnC,CAAC,CAAC;QAEL,MAAM,UAAU,GAAG,wBAAwB,CAAC,SAAS,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,cAAc,CAAC,UAAU,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,MAAM,IAAI,eAAe,CAAC,gCAAgC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC1F,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,MAAM,MAAM,GAAG,MAAgB,CAAC;IAChC,IAAI,MAAM,CAAC,OAAO,KAAK,kBAAkB,EAAE,CAAC;QAC1C,uBAAuB,CACrB,wFAAwF,CACzF,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAC1F,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACtC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,MAAM,IAAI,eAAe,CAAC,gCAAgC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC1F,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,SAAS,GAAG,mBAAmB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC3D,MAAM,MAAM,GAAG,mBAAmB,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IAEzD,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,EAAE,GAAG,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;IAEpE,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IACtC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,IAAI,eAAe,CAAC,gCAAgC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAC1F,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,aAAa,CAAC,GAAW,EAAE,KAAe;IACjD,6EAA6E;IAC7E,6CAA6C;IAC7C,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACrC,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAE5B,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAChC,CAAC;IAED,sEAAsE;IACtE,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,eAAe,CAAC,oCAAoC,CAAC,CAAC;IAClE,CAAC;IAED,OAAO,mBAAmB,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,eAAe,CAAC,OAAe;IACtC,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,eAAe,CAAC,6BAA6B,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,eAAe,CAAC,sCAAsC,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,MAAiC,CAAC;AAC3C,CAAC;AAED,SAAS,iBAAiB,CAAC,MAA+B;IACxD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAC/B,OAAO,OAAO,OAAO,KAAK,QAAQ,IAAI,qBAAqB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC5E,CAAC;AAED,SAAS,uBAAuB,CAAC,OAAe;IAC9C,sCAAsC;IACtC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,wBAAwB,CAAC,SAA0B;IAC1D,MAAM,GAAG,GAAW;QAClB,OAAO,EAAE,kBAAkB;KAC5B,CAAC;IAEF,MAAM,MAAM,GAAG,SAAS,CAAC,MAAyC,CAAC;IACnE,MAAM,OAAO,GAA4B,EAAE,CAAC;IAC5C,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,OAAO,MAAM,CAAC,cAAc,KAAK,QAAQ,EAAE,CAAC;YAC9C,MAAM,GAAG,GAAG,MAAM,CAAC,cAAyC,CAAC;YAC7D,OAAO,CAAC,cAAc,GAAG,GAAG,CAAC,OAAO,KAAK,KAAK,CAAC;YAC/C,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3D,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC;gBACtC,GAAG,CAAC,UAAU,CAAC,eAAe,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;YAClG,CAAC;QACH,CAAC;QAED,IAAI,OAAO,MAAM,CAAC,cAAc,KAAK,QAAQ,EAAE,CAAC;YAC9C,MAAM,GAAG,GAAG,MAAM,CAAC,cAAyC,CAAC;YAC7D,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC;YACtC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,CAAC;gBACzC,GAAG,CAAC,UAAU,CAAC,kBAAkB,GAAG,GAAG,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;YAC9G,CAAC;YACD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBACxC,GAAG,CAAC,UAAU,CAAC,mBAAmB,GAAG,GAAG,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;YAC9G,CAAC;QACH,CAAC;QAED,IAAI,OAAO,MAAM,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,GAAG,GAAG,MAAM,CAAC,gBAA2C,CAAC;YAC/D,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,OAAO,KAAK,KAAK,CAAC;YACvC,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1G,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1G,MAAM,aAAa,GAAG,GAAG,CAAC,cAAc,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;YACzE,GAAG,CAAC,MAAM,GAAG;gBACX,IAAI,EAAE,aAAa,KAAK,OAAO,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,aAAa,KAAK,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW;gBAC5I,eAAe,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,GAAG,CAAC;gBAC/C,cAAc,EAAE,KAAK;aACtB,CAAC;QACJ,CAAC;QAED,IAAI,OAAO,MAAM,CAAC,eAAe,KAAK,QAAQ,EAAE,CAAC;YAC/C,MAAM,GAAG,GAAG,MAAM,CAAC,eAA0C,CAAC;YAC9D,OAAO,CAAC,eAAe,GAAG,GAAG,CAAC,OAAO,KAAK,KAAK,CAAC;YAChD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC/E,GAAG,CAAC,SAAS,GAAG,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC;gBACpC,GAAG,CAAC,SAAS,CAAC,eAAe,GAAG,GAAG,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;YAC3G,CAAC;QACH,CAAC;QAED,IAAI,OAAO,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YAC3C,MAAM,GAAG,GAAG,MAAM,CAAC,WAAsC,CAAC;YAC1D,OAAO,CAAC,WAAW,GAAG,GAAG,CAAC,OAAO,KAAK,KAAK,CAAC;QAC9C,CAAC;QAED,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACxC,MAAM,GAAG,GAAG,MAAM,CAAC,QAAmC,CAAC;YACvD,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC,OAAO,KAAK,KAAK,CAAC;YACzC,GAAG,CAAC,KAAK,GAAG;gBACV,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE;gBACpG,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE;aACpG,CAAC;QACJ,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAE,MAAc,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1C,GAAG,CAAC,MAAM,GAAG;gBACX,GAAG,GAAG,CAAC,MAAM;gBACb,MAAM,EAAG,MAAc,CAAC,MAAM;aAC/B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,GAAG,CAAC,MAAM,GAAG;YACX,GAAG,CAAC,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC;YACrB,GAAG,OAAO;SACX,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/policy/validator.d.ts

@@ -0,0 +1,4 @@
+import type { PolicyLintResult } from '../types.js';
+export declare const POLICY_SCHEMA_VERSION = "clawdstrike-v1.0";
+export declare function validatePolicy(policy: unknown): PolicyLintResult;
+//# sourceMappingURL=validator.d.ts.map

package/dist/policy/validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validator.d.ts","sourceRoot":"","sources":["../../src/policy/validator.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAU,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAG5D,eAAO,MAAM,qBAAqB,qBAAqB,CAAC;AAwGxD,wBAAgB,cAAc,CAAC,MAAM,EAAE,OAAO,GAAG,gBAAgB,CAmJhE"}