@dotsetlabs/tollgate 0.1.0

package/dist/policy/engine.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Policy Engine for Tollgate
+ *
+ * Evaluates policies against tool call contexts and returns decisions.
+ * Supports exact matches, glob patterns, smart content analysis,
+ * guardrails, and hierarchical defaults (tool → server → global).
+ */
+import type { TollgateConfig, PolicyDecision, ToolCallContext } from './types.js';
+/**
+ * PolicyEngine evaluates tool calls against configured policies.
+ *
+ * @example
+ * ```typescript
+ * const engine = new PolicyEngine(config);
+ *
+ * const decision = engine.evaluate({
+ *   server: 'postgres',
+ *   tool: 'query',
+ *   args: { sql: 'SELECT * FROM users' },
+ *   timestamp: new Date(),
+ * });
+ *
+ * if (decision.action === 'prompt') {
+ *   // Ask user for approval
+ * }
+ * ```
+ */
+export declare class PolicyEngine {
+    private readonly config;
+    constructor(config: TollgateConfig);
+    evaluate(context: ToolCallContext): PolicyDecision;
+    /**
+     * Check all enabled guardrails against the tool call context.
+     * Returns the first triggered guardrail result, or null if none triggered.
+     */
+    private checkGuardrails;
+    /**
+     * Determine if a guardrail should trigger based on risk level and sensitivity.
+     */
+    private shouldTriggerGuardrail;
+    /**
+     * Get the action to take based on guardrail configuration.
+     */
+    private getGuardrailAction;
+    private findMatchingPolicy;
+    private applyPolicy;
+    private applySmartAnalysis;
+    private applyGlobalDefault;
+    /**
+     * Gets the current configuration.
+     * Useful for inspecting policies at runtime.
+     */
+    getConfig(): TollgateConfig;
+}
+//# sourceMappingURL=engine.d.ts.map

package/dist/policy/engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/policy/engine.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EACV,cAAc,EACd,cAAc,EACd,eAAe,EAKhB,MAAM,YAAY,CAAC;AAYpB;;;;;;;;;;;;;;;;;;GAkBG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiB;gBAE5B,MAAM,EAAE,cAAc;IAIlC,QAAQ,CAAC,OAAO,EAAE,eAAe,GAAG,cAAc;IAoFlD;;;OAGG;IACH,OAAO,CAAC,eAAe;IA8CvB;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAgB9B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAU1B,OAAO,CAAC,kBAAkB;IA0C1B,OAAO,CAAC,WAAW;IAsCnB,OAAO,CAAC,kBAAkB;IA2C1B,OAAO,CAAC,kBAAkB;IAmB1B;;;OAGG;IACH,SAAS,IAAI,cAAc;CAG5B"}

package/dist/policy/engine.js

@@ -0,0 +1,288 @@
+/**
+ * Policy Engine for Tollgate
+ *
+ * Evaluates policies against tool call contexts and returns decisions.
+ * Supports exact matches, glob patterns, smart content analysis,
+ * guardrails, and hierarchical defaults (tool → server → global).
+ */
+import { minimatch } from 'minimatch';
+import { normalizeToolPolicy } from './parser.js';
+import { analyzerRegistry, inferAnalyzer, extractAnalyzableContent, riskToAction, DEFAULT_RISK_MAPPING, } from '../analyzers/index.js';
+/**
+ * PolicyEngine evaluates tool calls against configured policies.
+ *
+ * @example
+ * ```typescript
+ * const engine = new PolicyEngine(config);
+ *
+ * const decision = engine.evaluate({
+ *   server: 'postgres',
+ *   tool: 'query',
+ *   args: { sql: 'SELECT * FROM users' },
+ *   timestamp: new Date(),
+ * });
+ *
+ * if (decision.action === 'prompt') {
+ *   // Ask user for approval
+ * }
+ * ```
+ */
+export class PolicyEngine {
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    evaluate(context) {
+        // Step 1: Check guardrails FIRST (before any policy evaluation)
+        const guardrailResult = this.checkGuardrails(context);
+        if (guardrailResult) {
+            const guardrailAction = this.getGuardrailAction(guardrailResult);
+            if (guardrailAction === 'deny') {
+                return {
+                    action: 'deny',
+                    reason: guardrailResult.reason,
+                    matchedRule: `guardrail:${guardrailResult.guardrail}`,
+                    guardrail: guardrailResult,
+                };
+            }
+            else if (guardrailAction === 'prompt') {
+                return {
+                    action: 'prompt',
+                    reason: guardrailResult.reason,
+                    message: `Security warning: ${guardrailResult.reason}. Do you want to proceed?`,
+                    matchedRule: `guardrail:${guardrailResult.guardrail}`,
+                    guardrail: guardrailResult,
+                };
+            }
+            // For 'warn', we log but continue with normal policy evaluation
+            // The guardrail result is still attached to the decision
+        }
+        // Step 2: Normal policy evaluation
+        const serverConfig = this.config.servers?.[context.server];
+        if (!serverConfig) {
+            const decision = this.applyGlobalDefault('No server config found');
+            if (guardrailResult) {
+                decision.guardrail = guardrailResult;
+            }
+            return decision;
+        }
+        const toolPolicies = serverConfig.tools ?? {};
+        const matchedPolicy = this.findMatchingPolicy(context.tool, toolPolicies);
+        if (matchedPolicy) {
+            const policy = normalizeToolPolicy(matchedPolicy.policy);
+            const decision = this.applyPolicy(policy, matchedPolicy.pattern, context, serverConfig.defaults?.analyzer);
+            if (guardrailResult) {
+                decision.guardrail = guardrailResult;
+            }
+            return decision;
+        }
+        // Check if server has a default analyzer configured
+        if (serverConfig.defaults?.action === 'smart' || serverConfig.defaults?.analyzer) {
+            const analyzerName = serverConfig.defaults.analyzer ?? inferAnalyzer(context.server, context.tool, context.args);
+            if (analyzerName) {
+                const decision = this.applySmartAnalysis(analyzerName, context, undefined, `${context.server}:defaults`);
+                if (guardrailResult) {
+                    decision.guardrail = guardrailResult;
+                }
+                return decision;
+            }
+        }
+        if (serverConfig.defaults?.action && serverConfig.defaults.action !== 'smart') {
+            const decision = {
+                action: serverConfig.defaults.action,
+                reason: 'Applied server default',
+                matchedRule: `${context.server}:defaults`,
+            };
+            if (guardrailResult) {
+                decision.guardrail = guardrailResult;
+            }
+            return decision;
+        }
+        const decision = this.applyGlobalDefault('No matching tool policy');
+        if (guardrailResult) {
+            decision.guardrail = guardrailResult;
+        }
+        return decision;
+    }
+    /**
+     * Check all enabled guardrails against the tool call context.
+     * Returns the first triggered guardrail result, or null if none triggered.
+     */
+    checkGuardrails(context) {
+        const guardrailsConfig = this.config.guardrails;
+        // Check prompt injection guardrail
+        if (guardrailsConfig?.promptInjection?.enabled) {
+            const piConfig = guardrailsConfig.promptInjection;
+            // Check server allowlist
+            if (piConfig.serverAllowlist?.includes(context.server)) {
+                return null;
+            }
+            // Check tool allowlist
+            if (piConfig.allowlist?.includes(context.tool)) {
+                return null;
+            }
+            // Extract all string content from arguments
+            const content = extractAnalyzableContent('prompt-injection', context.tool, context.args);
+            if (content) {
+                const analysisResult = analyzerRegistry.analyze('prompt-injection', content, {
+                    tool: context.tool,
+                    server: context.server,
+                    args: context.args,
+                });
+                // Apply sensitivity threshold
+                const sensitivity = piConfig.sensitivity ?? 'balanced';
+                const shouldTrigger = this.shouldTriggerGuardrail(analysisResult.risk, sensitivity);
+                if (shouldTrigger) {
+                    return {
+                        triggered: true,
+                        guardrail: 'prompt-injection',
+                        risk: analysisResult.risk,
+                        reason: analysisResult.reason,
+                        triggers: analysisResult.triggers,
+                    };
+                }
+            }
+        }
+        return null;
+    }
+    /**
+     * Determine if a guardrail should trigger based on risk level and sensitivity.
+     */
+    shouldTriggerGuardrail(risk, sensitivity) {
+        switch (sensitivity) {
+            case 'strict':
+                // Trigger on write, destructive, or dangerous
+                return ['write', 'destructive', 'dangerous'].includes(risk);
+            case 'balanced':
+                // Trigger on destructive or dangerous
+                return ['destructive', 'dangerous'].includes(risk);
+            case 'permissive':
+                // Only trigger on dangerous
+                return risk === 'dangerous';
+            default:
+                return risk === 'dangerous';
+        }
+    }
+    /**
+     * Get the action to take based on guardrail configuration.
+     */
+    getGuardrailAction(result) {
+        const guardrailsConfig = this.config.guardrails;
+        if (result.guardrail === 'prompt-injection') {
+            return guardrailsConfig?.promptInjection?.action ?? 'deny';
+        }
+        return 'deny';
+    }
+    findMatchingPolicy(toolName, policies) {
+        // First, check for exact match
+        if (policies[toolName]) {
+            return { pattern: toolName, policy: policies[toolName] };
+        }
+        // Then check glob patterns, sorted by specificity
+        // Specificity is determined by: fewer wildcards = more specific,
+        // wildcard position later = more specific (exact prefix match)
+        const patterns = Object.keys(policies)
+            .filter((p) => p !== toolName && p.includes('*'))
+            .sort((a, b) => {
+            // Count wildcards - fewer is more specific
+            const aWildcards = (a.match(/\*/g) ?? []).length;
+            const bWildcards = (b.match(/\*/g) ?? []).length;
+            if (aWildcards !== bWildcards) {
+                return aWildcards - bWildcards;
+            }
+            // Find position of first wildcard - later is more specific
+            const aFirstWild = a.indexOf('*');
+            const bFirstWild = b.indexOf('*');
+            if (aFirstWild !== bFirstWild) {
+                return bFirstWild - aFirstWild;
+            }
+            // Fall back to length comparison
+            return b.length - a.length;
+        });
+        for (const pattern of patterns) {
+            if (minimatch(toolName, pattern)) {
+                return { pattern, policy: policies[pattern] };
+            }
+        }
+        return undefined;
+    }
+    applyPolicy(policy, matchedPattern, context, defaultAnalyzer) {
+        // Handle smart action
+        if (policy.action === 'smart') {
+            const analyzerName = policy.analyzer ?? defaultAnalyzer ?? inferAnalyzer(context.server, context.tool, context.args);
+            if (!analyzerName) {
+                // Can't determine analyzer, fall back to prompt
+                return {
+                    action: 'prompt',
+                    reason: 'Smart analysis requested but no analyzer available',
+                    message: policy.message,
+                    matchedRule: matchedPattern,
+                };
+            }
+            return this.applySmartAnalysis(analyzerName, context, policy.risks, matchedPattern, policy.message);
+        }
+        // Regular action
+        return {
+            action: policy.action,
+            reason: policy.reason,
+            message: policy.message,
+            matchedRule: matchedPattern,
+        };
+    }
+    applySmartAnalysis(analyzerName, context, riskMapping, matchedRule, customMessage) {
+        // Extract content to analyze
+        const content = extractAnalyzableContent(analyzerName, context.tool, context.args);
+        if (!content) {
+            // Can't extract content, fall back to prompt
+            return {
+                action: 'prompt',
+                reason: `Could not extract content for ${analyzerName} analysis`,
+                matchedRule,
+            };
+        }
+        // Run analysis
+        const result = analyzerRegistry.analyze(analyzerName, content, {
+            tool: context.tool,
+            server: context.server,
+            args: context.args,
+        });
+        // Map risk to action
+        const mapping = { ...DEFAULT_RISK_MAPPING, ...riskMapping };
+        const action = riskToAction(result.risk, mapping);
+        return {
+            action,
+            reason: result.reason,
+            message: customMessage,
+            matchedRule,
+            analysis: {
+                analyzer: analyzerName,
+                risk: result.risk,
+                triggers: result.triggers,
+            },
+        };
+    }
+    applyGlobalDefault(reason) {
+        const defaultAction = this.config.defaults?.action ?? 'prompt';
+        // smart as global default doesn't make sense without context
+        if (defaultAction === 'smart') {
+            return {
+                action: 'prompt',
+                reason: `${reason}; smart analysis requires tool-specific config`,
+                matchedRule: 'defaults',
+            };
+        }
+        return {
+            action: defaultAction,
+            reason: `${reason}; applied global default`,
+            matchedRule: 'defaults',
+        };
+    }
+    /**
+     * Gets the current configuration.
+     * Useful for inspecting policies at runtime.
+     */
+    getConfig() {
+        return this.config;
+    }
+}
+//# sourceMappingURL=engine.js.map

package/dist/policy/engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.js","sourceRoot":"","sources":["../../src/policy/engine.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAUtC,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,wBAAwB,EACxB,YAAY,EACZ,oBAAoB,GAGrB,MAAM,uBAAuB,CAAC;AAE/B;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,OAAO,YAAY;IACN,MAAM,CAAiB;IAExC,YAAY,MAAsB;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,QAAQ,CAAC,OAAwB;QAC/B,gEAAgE;QAChE,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACtD,IAAI,eAAe,EAAE,CAAC;YACpB,MAAM,eAAe,GAAG,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC,CAAC;YACjE,IAAI,eAAe,KAAK,MAAM,EAAE,CAAC;gBAC/B,OAAO;oBACL,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,eAAe,CAAC,MAAM;oBAC9B,WAAW,EAAE,aAAa,eAAe,CAAC,SAAS,EAAE;oBACrD,SAAS,EAAE,eAAe;iBAC3B,CAAC;YACJ,CAAC;iBAAM,IAAI,eAAe,KAAK,QAAQ,EAAE,CAAC;gBACxC,OAAO;oBACL,MAAM,EAAE,QAAQ;oBAChB,MAAM,EAAE,eAAe,CAAC,MAAM;oBAC9B,OAAO,EAAE,qBAAqB,eAAe,CAAC,MAAM,2BAA2B;oBAC/E,WAAW,EAAE,aAAa,eAAe,CAAC,SAAS,EAAE;oBACrD,SAAS,EAAE,eAAe;iBAC3B,CAAC;YACJ,CAAC;YACD,gEAAgE;YAChE,yDAAyD;QAC3D,CAAC;QAED,mCAAmC;QACnC,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAE3D,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,wBAAwB,CAAC,CAAC;YACnE,IAAI,eAAe,EAAE,CAAC;gBACpB,QAAQ,CAAC,SAAS,GAAG,eAAe,CAAC;YACvC,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,MAAM,YAAY,GAAG,YAAY,CAAC,KAAK,IAAI,EAAE,CAAC;QAC9C,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;QAE1E,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,MAAM,GAAG,mBAAmB,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;YACzD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC3G,IAAI,eAAe,EAAE,CAAC;gBACpB,QAAQ,CAAC,SAAS,GAAG,eAAe,CAAC;YACvC,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,oDAAoD;QACpD,IAAI,YAAY,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,IAAI,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC;YACjF,MAAM,YAAY,GAAG,YAAY,CAAC,QAAQ,CAAC,QAAQ,IAAI,aAAa,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;YACjH,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CACtC,YAAY,EACZ,OAAO,EACP,SAAS,EACT,GAAG,OAAO,CAAC,MAAM,WAAW,CAC7B,CAAC;gBACF,IAAI,eAAe,EAAE,CAAC;oBACpB,QAAQ,CAAC,SAAS,GAAG,eAAe,CAAC;gBACvC,CAAC;gBACD,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;QAED,IAAI,YAAY,CAAC,QAAQ,EAAE,MAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YAC9E,MAAM,QAAQ,GAAmB;gBAC/B,MAAM,EAAE,YAAY,CAAC,QAAQ,CAAC,MAAM;gBACpC,MAAM,EAAE,wBAAwB;gBAChC,WAAW,EAAE,GAAG,OAAO,CAAC,MAAM,WAAW;aAC1C,CAAC;YACF,IAAI,eAAe,EAAE,CAAC;gBACpB,QAAQ,CAAC,SAAS,GAAG,eAAe,CAAC;YACvC,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,yBAAyB,CAAC,CAAC;QACpE,IAAI,eAAe,EAAE,CAAC;YACpB,QAAQ,CAAC,SAAS,GAAG,eAAe,CAAC;QACvC,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;;OAGG;IACK,eAAe,CAAC,OAAwB;QAC9C,MAAM,gBAAgB,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC;QAEhD,mCAAmC;QACnC,IAAI,gBAAgB,EAAE,eAAe,EAAE,OAAO,EAAE,CAAC;YAC/C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,eAAe,CAAC;YAElD,yBAAyB;YACzB,IAAI,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBACvD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,uBAAuB;YACvB,IAAI,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/C,OAAO,IAAI,CAAC;YACd,CAAC;YAED,4CAA4C;YAC5C,MAAM,OAAO,GAAG,wBAAwB,CAAC,kBAAkB,EAAE,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;YAEzF,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,CAAC,kBAAkB,EAAE,OAAO,EAAE;oBAC3E,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,IAAI,EAAE,OAAO,CAAC,IAAI;iBACnB,CAAC,CAAC;gBAEH,8BAA8B;gBAC9B,MAAM,WAAW,GAAG,QAAQ,CAAC,WAAW,IAAI,UAAU,CAAC;gBACvD,MAAM,aAAa,GAAG,IAAI,CAAC,sBAAsB,CAAC,cAAc,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;gBAEpF,IAAI,aAAa,EAAE,CAAC;oBAClB,OAAO;wBACL,SAAS,EAAE,IAAI;wBACf,SAAS,EAAE,kBAAkB;wBAC7B,IAAI,EAAE,cAAc,CAAC,IAAI;wBACzB,MAAM,EAAE,cAAc,CAAC,MAAM;wBAC7B,QAAQ,EAAE,cAAc,CAAC,QAAQ;qBAClC,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,sBAAsB,CAAC,IAAe,EAAE,WAAiD;QAC/F,QAAQ,WAAW,EAAE,CAAC;YACpB,KAAK,QAAQ;gBACX,8CAA8C;gBAC9C,OAAO,CAAC,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9D,KAAK,UAAU;gBACb,sCAAsC;gBACtC,OAAO,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACrD,KAAK,YAAY;gBACf,4BAA4B;gBAC5B,OAAO,IAAI,KAAK,WAAW,CAAC;YAC9B;gBACE,OAAO,IAAI,KAAK,WAAW,CAAC;QAChC,CAAC;IACH,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,MAAuB;QAChD,MAAM,gBAAgB,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC;QAEhD,IAAI,MAAM,CAAC,SAAS,KAAK,kBAAkB,EAAE,CAAC;YAC5C,OAAO,gBAAgB,EAAE,eAAe,EAAE,MAAM,IAAI,MAAM,CAAC;QAC7D,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,kBAAkB,CACxB,QAAgB,EAChB,QAAmD;QAEnD,+BAA+B;QAC/B,IAAI,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACvB,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,QAAQ,CAAE,EAAE,CAAC;QAC5D,CAAC;QAED,kDAAkD;QAClD,iEAAiE;QACjE,+DAA+D;QAC/D,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC;aACnC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;aAChD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACb,2CAA2C;YAC3C,MAAM,UAAU,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;YACjD,MAAM,UAAU,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;YACjD,IAAI,UAAU,KAAK,UAAU,EAAE,CAAC;gBAC9B,OAAO,UAAU,GAAG,UAAU,CAAC;YACjC,CAAC;YAED,2DAA2D;YAC3D,MAAM,UAAU,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAClC,MAAM,UAAU,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,UAAU,KAAK,UAAU,EAAE,CAAC;gBAC9B,OAAO,UAAU,GAAG,UAAU,CAAC;YACjC,CAAC;YAED,iCAAiC;YACjC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;QAC7B,CAAC,CAAC,CAAC;QAEL,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,IAAI,SAAS,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;gBACjC,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAE,EAAE,CAAC;YACjD,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,WAAW,CACjB,MAAkB,EAClB,cAAsB,EACtB,OAAwB,EACxB,eAAwB;QAExB,sBAAsB;QACtB,IAAI,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YAC9B,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,IAAI,eAAe,IAAI,aAAa,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;YAErH,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,gDAAgD;gBAChD,OAAO;oBACL,MAAM,EAAE,QAAQ;oBAChB,MAAM,EAAE,oDAAoD;oBAC5D,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,WAAW,EAAE,cAAc;iBAC5B,CAAC;YACJ,CAAC;YAED,OAAO,IAAI,CAAC,kBAAkB,CAC5B,YAAY,EACZ,OAAO,EACP,MAAM,CAAC,KAAK,EACZ,cAAc,EACd,MAAM,CAAC,OAAO,CACf,CAAC;QACJ,CAAC;QAED,iBAAiB;QACjB,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,WAAW,EAAE,cAAc;SAC5B,CAAC;IACJ,CAAC;IAEO,kBAAkB,CACxB,YAAoB,EACpB,OAAwB,EACxB,WAAoC,EACpC,WAAmB,EACnB,aAAsB;QAEtB,6BAA6B;QAC7B,MAAM,OAAO,GAAG,wBAAwB,CAAC,YAAY,EAAE,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;QAEnF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,6CAA6C;YAC7C,OAAO;gBACL,MAAM,EAAE,QAAQ;gBAChB,MAAM,EAAE,iCAAiC,YAAY,WAAW;gBAChE,WAAW;aACZ,CAAC;QACJ,CAAC;QAED,eAAe;QACf,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,YAAY,EAAE,OAAO,EAAE;YAC7D,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,IAAI,EAAE,OAAO,CAAC,IAAI;SACnB,CAAC,CAAC;QAEH,qBAAqB;QACrB,MAAM,OAAO,GAAG,EAAE,GAAG,oBAAoB,EAAE,GAAG,WAAW,EAAE,CAAC;QAC5D,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAElD,OAAO;YACL,MAAM;YACN,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,OAAO,EAAE,aAAa;YACtB,WAAW;YACX,QAAQ,EAAE;gBACR,QAAQ,EAAE,YAAY;gBACtB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,QAAQ,EAAE,MAAM,CAAC,QAAQ;aAC1B;SACF,CAAC;IACJ,CAAC;IAEO,kBAAkB,CAAC,MAAc;QACvC,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,IAAI,QAAQ,CAAC;QAE/D,6DAA6D;QAC7D,IAAI,aAAa,KAAK,OAAO,EAAE,CAAC;YAC9B,OAAO;gBACL,MAAM,EAAE,QAAQ;gBAChB,MAAM,EAAE,GAAG,MAAM,gDAAgD;gBACjE,WAAW,EAAE,UAAU;aACxB,CAAC;QACJ,CAAC;QAED,OAAO;YACL,MAAM,EAAE,aAAa;YACrB,MAAM,EAAE,GAAG,MAAM,0BAA0B;YAC3C,WAAW,EAAE,UAAU;SACxB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;CACF"}

package/dist/policy/natural-language.d.ts

@@ -0,0 +1,141 @@
+/**
+ * Natural Language Policy Parser
+ *
+ * Converts human-readable policy statements into structured ToolPolicy objects.
+ * Uses rule-based pattern matching to interpret common policy expressions.
+ *
+ * @example
+ * ```typescript
+ * import { parsePolicy, parseNaturalPolicies } from '@dotsetlabs/tollgate/policy';
+ *
+ * const policy = parsePolicy('Allow read operations on postgres');
+ * // { action: 'smart', analyzer: 'sql', risks: { read: 'allow', write: 'deny', ... } }
+ *
+ * const policies = parseNaturalPolicies([
+ *   'Allow read operations on postgres',
+ *   'Deny destructive queries on any database',
+ *   'Prompt for file writes outside /tmp'
+ * ]);
+ * ```
+ *
+ * @module policy/natural-language
+ */
+import type { PolicyAction, ToolPolicy } from './types.js';
+/**
+ * Result of parsing a natural language policy.
+ */
+export interface ParsedPolicy {
+    /** Whether parsing succeeded */
+    success: boolean;
+    /** The parsed tool policy (if successful) */
+    policy?: ToolPolicy;
+    /** Server pattern to match (e.g., 'postgres', '*') */
+    serverPattern?: string;
+    /** Tool pattern to match (e.g., 'query', '*') */
+    toolPattern?: string;
+    /** Error message (if failed) */
+    error?: string;
+    /** The original input string */
+    input: string;
+    /** Explanation of how the policy was interpreted */
+    interpretation?: string;
+}
+/**
+ * Configuration for the natural language parser.
+ */
+export interface ParserOptions {
+    /** Whether to require explicit server/tool targets (default: false) */
+    requireTarget?: boolean;
+    /** Default action when risk level not specified (default: 'prompt') */
+    defaultAction?: PolicyAction;
+    /** Whether to allow fuzzy matching (default: true) */
+    fuzzyMatching?: boolean;
+}
+/**
+ * Parse a single natural language policy statement.
+ *
+ * @param input - The natural language policy statement
+ * @param options - Parser options
+ * @returns Parsed policy result
+ *
+ * @example
+ * ```typescript
+ * const result = parsePolicy('Allow read operations on postgres');
+ * if (result.success) {
+ *   console.log(result.policy);  // { action: 'smart', analyzer: 'sql', ... }
+ *   console.log(result.serverPattern);  // 'postgres'
+ * }
+ * ```
+ */
+export declare function parsePolicy(input: string, options?: ParserOptions): ParsedPolicy;
+/**
+ * Parse multiple natural language policy statements.
+ *
+ * @param inputs - Array of natural language policy statements
+ * @param options - Parser options
+ * @returns Array of parsed policy results
+ *
+ * @example
+ * ```typescript
+ * const results = parseNaturalPolicies([
+ *   'Allow read operations on postgres',
+ *   'Deny destructive queries on any database',
+ *   'Prompt for file writes',
+ * ]);
+ *
+ * const successful = results.filter(r => r.success);
+ * const failed = results.filter(r => !r.success);
+ * ```
+ */
+export declare function parseNaturalPolicies(inputs: string[], options?: ParserOptions): ParsedPolicy[];
+/**
+ * Convert parsed natural language policies to a server configuration.
+ *
+ * Groups policies by server pattern and builds tool configurations.
+ *
+ * @param policies - Array of parsed policies
+ * @returns Object mapping server patterns to their tool configurations
+ *
+ * @example
+ * ```typescript
+ * const parsed = parseNaturalPolicies([
+ *   'Allow read operations on postgres',
+ *   'Deny dangerous operations on postgres',
+ * ]);
+ *
+ * const config = policiesToConfig(parsed);
+ * // { 'postgres': { tools: { '*': { action: 'smart', ... } } } }
+ * ```
+ */
+export declare function policiesToConfig(policies: ParsedPolicy[]): Record<string, {
+    tools: Record<string, ToolPolicy>;
+}>;
+/**
+ * Validate a natural language policy statement without parsing.
+ *
+ * @param input - The policy statement to validate
+ * @returns Whether the statement appears valid
+ */
+export declare function isValidPolicyStatement(input: string): boolean;
+/**
+ * Get suggestions for fixing an invalid policy statement.
+ *
+ * @param input - The invalid policy statement
+ * @returns Array of suggested corrections
+ */
+export declare function getSuggestions(input: string): string[];
+/**
+ * Common policy templates for quick reference.
+ */
+export declare const POLICY_TEMPLATES: {
+    readonly allowReadOnly: "Allow read operations on ${server}";
+    readonly denyDangerous: "Deny dangerous operations on any server";
+    readonly promptForWrites: "Prompt for write operations on ${server}";
+    readonly allowAll: "Allow all operations on ${server}";
+    readonly denyAll: "Deny all operations on ${server}";
+    readonly promptAll: "Prompt for all operations on ${server}";
+    readonly readOnlyDatabase: "Allow read operations and deny mutations on ${server}";
+    readonly safeFileAccess: "Allow read operations and prompt for writes on filesystem";
+    readonly restrictedShell: "Deny dangerous commands and prompt for destructive operations on shell";
+};
+//# sourceMappingURL=natural-language.d.ts.map

package/dist/policy/natural-language.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"natural-language.d.ts","sourceRoot":"","sources":["../../src/policy/natural-language.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAG3D;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,6CAA6C;IAC7C,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,sDAAsD;IACtD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,iDAAiD;IACjD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gCAAgC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gCAAgC;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,oDAAoD;IACpD,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,uEAAuE;IACvE,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,uEAAuE;IACvE,aAAa,CAAC,EAAE,YAAY,CAAC;IAC7B,sDAAsD;IACtD,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAsXD;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,WAAW,CACzB,KAAK,EAAE,MAAM,EACb,OAAO,GAAE,aAAkB,GAC1B,YAAY,CAmGd;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,MAAM,EAAE,EAChB,OAAO,GAAE,aAAkB,GAC1B,YAAY,EAAE,CAEhB;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,YAAY,EAAE,GACvB,MAAM,CAAC,MAAM,EAAE;IAAE,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAA;CAAE,CAAC,CAwBvD;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAI7D;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAgCtD;AAED;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;;;;;;;;CAUnB,CAAC"}