@edictum/core 0.1.0

package/dist/chunk-CRPQFRYJ.mjs

@@ -0,0 +1,238 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+// src/errors.ts
+var EdictumDenied = class extends Error {
+  reason;
+  decisionSource;
+  decisionName;
+  constructor(reason, decisionSource = null, decisionName = null) {
+    super(reason);
+    this.name = "EdictumDenied";
+    this.reason = reason;
+    this.decisionSource = decisionSource;
+    this.decisionName = decisionName;
+  }
+};
+var EdictumConfigError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "EdictumConfigError";
+  }
+};
+var EdictumToolError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "EdictumToolError";
+  }
+};
+
+// src/envelope.ts
+import { randomUUID } from "crypto";
+var SideEffect = {
+  PURE: "pure",
+  READ: "read",
+  WRITE: "write",
+  IRREVERSIBLE: "irreversible"
+};
+function createPrincipal(partial = {}) {
+  const p = {
+    userId: partial.userId ?? null,
+    serviceId: partial.serviceId ?? null,
+    orgId: partial.orgId ?? null,
+    role: partial.role ?? null,
+    ticketRef: partial.ticketRef ?? null,
+    claims: partial.claims ?? {}
+  };
+  return deepFreeze(p);
+}
+function _validateToolName(toolName) {
+  if (!toolName) {
+    throw new EdictumConfigError(`Invalid tool_name: ${JSON.stringify(toolName)}`);
+  }
+  for (let i = 0; i < toolName.length; i++) {
+    const code = toolName.charCodeAt(i);
+    const ch = toolName[i];
+    if (code < 32 || code === 127 || ch === "/" || ch === "\\") {
+      throw new EdictumConfigError(`Invalid tool_name: ${JSON.stringify(toolName)}`);
+    }
+  }
+}
+function deepFreeze(obj) {
+  if (obj === null || obj === void 0 || typeof obj !== "object") {
+    return obj;
+  }
+  if (obj instanceof Date) {
+    return obj;
+  }
+  if (obj instanceof RegExp) {
+    return obj;
+  }
+  Object.freeze(obj);
+  for (const value of Object.values(obj)) {
+    if (value !== null && value !== void 0 && typeof value === "object" && !Object.isFrozen(value)) {
+      deepFreeze(value);
+    }
+  }
+  return obj;
+}
+var ToolRegistry = class {
+  _tools = /* @__PURE__ */ new Map();
+  register(name, sideEffect = SideEffect.WRITE, idempotent = false) {
+    this._tools.set(name, { name, sideEffect, idempotent });
+  }
+  classify(toolName, _args) {
+    const cfg = this._tools.get(toolName);
+    if (cfg) {
+      return [cfg.sideEffect, cfg.idempotent];
+    }
+    return [SideEffect.IRREVERSIBLE, false];
+  }
+};
+var BashClassifier = {
+  READ_ALLOWLIST: [
+    "ls",
+    "cat",
+    "head",
+    "tail",
+    "wc",
+    "find",
+    "grep",
+    "rg",
+    "git status",
+    "git log",
+    "git diff",
+    "git show",
+    "git branch",
+    "git remote",
+    "git tag",
+    "echo",
+    "pwd",
+    "whoami",
+    "date",
+    "which",
+    "file",
+    "stat",
+    "du",
+    "df",
+    "tree",
+    "less",
+    "more"
+  ],
+  SHELL_OPERATORS: [
+    "\n",
+    "\r",
+    "<(",
+    "<<",
+    "$",
+    "${",
+    ">",
+    ">>",
+    "|",
+    ";",
+    "&&",
+    "||",
+    "$(",
+    "`",
+    "#{"
+  ],
+  classify(command) {
+    const stripped = command.trim();
+    if (!stripped) {
+      return SideEffect.READ;
+    }
+    for (const op of BashClassifier.SHELL_OPERATORS) {
+      if (stripped.includes(op)) {
+        return SideEffect.IRREVERSIBLE;
+      }
+    }
+    for (const allowed of BashClassifier.READ_ALLOWLIST) {
+      if (stripped === allowed || stripped.startsWith(allowed + " ")) {
+        return SideEffect.READ;
+      }
+    }
+    return SideEffect.IRREVERSIBLE;
+  }
+};
+function safeDeepCopy(value) {
+  try {
+    return structuredClone(value);
+  } catch {
+    return JSON.parse(JSON.stringify(value));
+  }
+}
+function createEnvelope(toolName, toolInput, options = {}) {
+  _validateToolName(toolName);
+  const safeArgs = safeDeepCopy(toolInput);
+  const safeMetadata = options.metadata ? safeDeepCopy(options.metadata) : {};
+  let safePrincipal = null;
+  if (options.principal != null) {
+    const p = options.principal;
+    safePrincipal = createPrincipal({
+      userId: p.userId,
+      serviceId: p.serviceId,
+      orgId: p.orgId,
+      role: p.role,
+      ticketRef: p.ticketRef,
+      claims: p.claims ? safeDeepCopy(p.claims) : {}
+    });
+  }
+  const registry = options.registry ?? null;
+  let sideEffect = options.sideEffect ?? SideEffect.IRREVERSIBLE;
+  let idempotent = options.idempotent ?? false;
+  let bashCommand = null;
+  let filePath = null;
+  if (registry) {
+    const [regEffect, regIdempotent] = registry.classify(toolName, safeArgs);
+    if (options.sideEffect == null) sideEffect = regEffect;
+    if (options.idempotent == null) idempotent = regIdempotent;
+  }
+  if (toolName === "Bash") {
+    bashCommand = safeArgs.command ?? "";
+    if (options.sideEffect == null) {
+      sideEffect = BashClassifier.classify(bashCommand);
+    }
+  } else if (toolName === "Read" || toolName === "Glob" || toolName === "Grep") {
+    filePath = safeArgs.file_path ?? safeArgs.filePath ?? safeArgs.path ?? null;
+  } else if (toolName === "Write" || toolName === "Edit") {
+    filePath = safeArgs.file_path ?? safeArgs.filePath ?? safeArgs.path ?? null;
+  }
+  const envelope = {
+    toolName,
+    args: safeArgs,
+    callId: options.callId ?? randomUUID(),
+    runId: options.runId ?? "",
+    callIndex: options.callIndex ?? 0,
+    parentCallId: options.parentCallId ?? null,
+    sideEffect,
+    idempotent,
+    environment: options.environment ?? "production",
+    timestamp: options.timestamp ?? /* @__PURE__ */ new Date(),
+    caller: options.caller ?? "",
+    toolUseId: options.toolUseId ?? null,
+    principal: safePrincipal,
+    bashCommand,
+    filePath,
+    metadata: safeMetadata
+  };
+  return deepFreeze(envelope);
+}
+
+export {
+  __require,
+  EdictumDenied,
+  EdictumConfigError,
+  EdictumToolError,
+  SideEffect,
+  createPrincipal,
+  _validateToolName,
+  deepFreeze,
+  ToolRegistry,
+  BashClassifier,
+  createEnvelope
+};
+//# sourceMappingURL=chunk-CRPQFRYJ.mjs.map

package/dist/chunk-CRPQFRYJ.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/errors.ts","../src/envelope.ts"],"sourcesContent":["/** Exception classes for Edictum. */\n\n/** Raised when guard.run() denies a tool call in enforce mode. */\nexport class EdictumDenied extends Error {\n  readonly reason: string;\n  readonly decisionSource: string | null;\n  readonly decisionName: string | null;\n\n  constructor(\n    reason: string,\n    decisionSource: string | null = null,\n    decisionName: string | null = null,\n  ) {\n    super(reason);\n    this.name = \"EdictumDenied\";\n    this.reason = reason;\n    this.decisionSource = decisionSource;\n    this.decisionName = decisionName;\n  }\n}\n\n/** Raised for configuration/load-time errors (invalid YAML, schema failures, etc.). */\nexport class EdictumConfigError extends Error {\n  constructor(message: string) {\n    super(message);\n    this.name = \"EdictumConfigError\";\n  }\n}\n\n/** Raised when the governed tool itself fails. */\nexport class EdictumToolError extends Error {\n  constructor(message: string) {\n    super(message);\n    this.name = \"EdictumToolError\";\n  }\n}\n","/** Tool Invocation Envelope — immutable snapshot of a tool call. */\n\nimport { randomUUID } from \"node:crypto\";\n\nimport { EdictumConfigError } from \"./errors.js\";\nimport type { ToolConfig } from \"./types.js\";\n\n// ---------------------------------------------------------------------------\n// SideEffect\n// ---------------------------------------------------------------------------\n\n/**\n * Classification of tool side effects.\n *\n * Determines postcondition behavior and retry safety.\n *\n * DEFAULTS:\n * - Unregistered tools -> IRREVERSIBLE (conservative)\n * - Bash -> IRREVERSIBLE unless strict allowlist match\n * - Classification errors always err toward MORE restrictive\n */\nexport const SideEffect = {\n  PURE: \"pure\",\n  READ: \"read\",\n  WRITE: \"write\",\n  IRREVERSIBLE: \"irreversible\",\n} as const;\n\nexport type SideEffect = (typeof SideEffect)[keyof typeof SideEffect];\n\n// ---------------------------------------------------------------------------\n// Principal\n// ---------------------------------------------------------------------------\n\n/**\n * Identity context for audit attribution.\n *\n * NOTE: `claims` is a plain object. The Principal itself is frozen via\n * `Object.freeze()`, making the reference immutable. Callers should treat\n * claims as read-only after construction.\n */\nexport interface Principal {\n  readonly userId: string | null;\n  readonly serviceId: string | null;\n  readonly orgId: string | null;\n  readonly role: string | null;\n  readonly ticketRef: string | null;\n  readonly claims: Readonly<Record<string, unknown>>;\n}\n\n/** Create a frozen Principal with defaults for omitted fields. */\nexport function createPrincipal(\n  partial: Partial<Principal> = {},\n): Readonly<Principal> {\n  const p: Principal = {\n    userId: partial.userId ?? null,\n    serviceId: partial.serviceId ?? null,\n    orgId: partial.orgId ?? null,\n    role: partial.role ?? null,\n    ticketRef: partial.ticketRef ?? null,\n    claims: partial.claims ?? {},\n  };\n  return deepFreeze(p);\n}\n\n// ---------------------------------------------------------------------------\n// _validateToolName\n// ---------------------------------------------------------------------------\n\n/**\n * Validate tool_name: reject empty, control chars, path separators.\n *\n * Throws EdictumConfigError for:\n * - Empty string\n * - Any ASCII control character (code < 0x20 or code === 0x7f)\n * - Forward slash `/`\n * - Backslash `\\`\n */\nexport function _validateToolName(toolName: string): void {\n  if (!toolName) {\n    throw new EdictumConfigError(`Invalid tool_name: ${JSON.stringify(toolName)}`);\n  }\n  for (let i = 0; i < toolName.length; i++) {\n    const code = toolName.charCodeAt(i);\n    const ch = toolName[i];\n    if (code < 0x20 || code === 0x7f || ch === \"/\" || ch === \"\\\\\") {\n      throw new EdictumConfigError(`Invalid tool_name: ${JSON.stringify(toolName)}`);\n    }\n  }\n}\n\n// ---------------------------------------------------------------------------\n// ToolEnvelope\n// ---------------------------------------------------------------------------\n\n/**\n * Immutable snapshot of a tool invocation.\n *\n * Prefer `createEnvelope()` factory for deep-copy guarantees.\n * Direct construction validates tool_name but does NOT deep-copy args.\n */\nexport interface ToolEnvelope {\n  // Identity\n  readonly toolName: string;\n  readonly args: Readonly<Record<string, unknown>>;\n  readonly callId: string;\n  readonly runId: string;\n  readonly callIndex: number;\n  readonly parentCallId: string | null;\n\n  // Classification\n  readonly sideEffect: SideEffect;\n  readonly idempotent: boolean;\n\n  // Context\n  readonly environment: string;\n  readonly timestamp: Date;\n  readonly caller: string;\n  readonly toolUseId: string | null;\n\n  // Principal\n  readonly principal: Readonly<Principal> | null;\n\n  // Extracted convenience fields\n  readonly bashCommand: string | null;\n  readonly filePath: string | null;\n\n  // Extensible\n  readonly metadata: Readonly<Record<string, unknown>>;\n}\n\n// ---------------------------------------------------------------------------\n// deepFreeze\n// ---------------------------------------------------------------------------\n\n/**\n * Recursively freeze an object and all nested objects.\n *\n * Date objects are skipped — Object.freeze() cannot prevent mutation\n * via Date prototype methods (setFullYear, setTime, etc.) because Date\n * stores state in internal slots, not own properties.\n */\nexport function deepFreeze<T>(obj: T): T {\n  if (obj === null || obj === undefined || typeof obj !== \"object\") {\n    return obj;\n  }\n  // Date internal slots are not freezable — skip to avoid false sense of safety\n  if (obj instanceof Date) {\n    return obj;\n  }\n  // RegExp with global/sticky flags stores mutable lastIndex in internal state.\n  // Freezing prevents String.replace() from updating lastIndex → TypeError.\n  if (obj instanceof RegExp) {\n    return obj;\n  }\n  Object.freeze(obj);\n  for (const value of Object.values(obj as Record<string, unknown>)) {\n    if (value !== null && value !== undefined && typeof value === \"object\" && !Object.isFrozen(value)) {\n      deepFreeze(value);\n    }\n  }\n  return obj;\n}\n\n// ---------------------------------------------------------------------------\n// ToolRegistry\n// ---------------------------------------------------------------------------\n\n/** Maps tool names to governance properties. Unregistered tools default to IRREVERSIBLE. */\nexport class ToolRegistry {\n  private readonly _tools: Map<string, ToolConfig> = new Map();\n\n  register(\n    name: string,\n    sideEffect: SideEffect = SideEffect.WRITE,\n    idempotent: boolean = false,\n  ): void {\n    this._tools.set(name, { name, sideEffect, idempotent });\n  }\n\n  classify(\n    toolName: string,\n    _args: Record<string, unknown>,\n  ): [SideEffect, boolean] {\n    const cfg = this._tools.get(toolName);\n    if (cfg) {\n      return [cfg.sideEffect as SideEffect, cfg.idempotent];\n    }\n    return [SideEffect.IRREVERSIBLE, false];\n  }\n}\n\n// ---------------------------------------------------------------------------\n// BashClassifier\n// ---------------------------------------------------------------------------\n\n/**\n * Classify bash commands by side-effect level.\n *\n * Default is IRREVERSIBLE. Only downgraded to READ via strict\n * allowlist AND absence of shell operators.\n *\n * This is a heuristic, not a security boundary.\n */\nexport const BashClassifier = {\n  READ_ALLOWLIST: [\n    \"ls\",\n    \"cat\",\n    \"head\",\n    \"tail\",\n    \"wc\",\n    \"find\",\n    \"grep\",\n    \"rg\",\n    \"git status\",\n    \"git log\",\n    \"git diff\",\n    \"git show\",\n    \"git branch\",\n    \"git remote\",\n    \"git tag\",\n    \"echo\",\n    \"pwd\",\n    \"whoami\",\n    \"date\",\n    \"which\",\n    \"file\",\n    \"stat\",\n    \"du\",\n    \"df\",\n    \"tree\",\n    \"less\",\n    \"more\",\n  ] as const,\n\n  SHELL_OPERATORS: [\n    \"\\n\",\n    \"\\r\",\n    \"<(\",\n    \"<<\",\n    \"$\",\n    \"${\",\n    \">\",\n    \">>\",\n    \"|\",\n    \";\",\n    \"&&\",\n    \"||\",\n    \"$(\",\n    \"`\",\n    \"#{\",\n  ] as const,\n\n  classify(command: string): SideEffect {\n    const stripped = command.trim();\n    if (!stripped) {\n      return SideEffect.READ;\n    }\n\n    for (const op of BashClassifier.SHELL_OPERATORS) {\n      if (stripped.includes(op)) {\n        return SideEffect.IRREVERSIBLE;\n      }\n    }\n\n    for (const allowed of BashClassifier.READ_ALLOWLIST) {\n      if (stripped === allowed || stripped.startsWith(allowed + \" \")) {\n        return SideEffect.READ;\n      }\n    }\n\n    return SideEffect.IRREVERSIBLE;\n  },\n} as const;\n\n// ---------------------------------------------------------------------------\n// safeDeepCopy — structuredClone with JSON roundtrip fallback\n// ---------------------------------------------------------------------------\n\nfunction safeDeepCopy<T>(value: T): T {\n  try {\n    return structuredClone(value);\n  } catch {\n    return JSON.parse(JSON.stringify(value)) as T;\n  }\n}\n\n// ---------------------------------------------------------------------------\n// createEnvelope\n// ---------------------------------------------------------------------------\n\n/** Options for `createEnvelope()` beyond the required positional args. */\nexport interface CreateEnvelopeOptions {\n  readonly runId?: string;\n  readonly callIndex?: number;\n  readonly callId?: string;\n  readonly parentCallId?: string | null;\n  readonly sideEffect?: SideEffect;\n  readonly idempotent?: boolean;\n  readonly environment?: string;\n  readonly timestamp?: Date;\n  readonly caller?: string;\n  readonly toolUseId?: string | null;\n  readonly principal?: Principal | null;\n  readonly metadata?: Record<string, unknown>;\n  readonly registry?: ToolRegistry | null;\n}\n\n/**\n * Factory that enforces immutability guarantees.\n *\n * Prefer this factory over direct construction — it deep-copies args\n * and metadata to ensure the envelope is a true immutable snapshot.\n */\nexport function createEnvelope(\n  toolName: string,\n  toolInput: Record<string, unknown>,\n  options: CreateEnvelopeOptions = {},\n): Readonly<ToolEnvelope> {\n  _validateToolName(toolName);\n\n  // Deep-copy for immutability\n  const safeArgs = safeDeepCopy(toolInput);\n\n  // Deep-copy metadata\n  const safeMetadata = options.metadata ? safeDeepCopy(options.metadata) : {};\n\n  // Deep-copy Principal to protect claims dict\n  let safePrincipal: Readonly<Principal> | null = null;\n  if (options.principal != null) {\n    const p = options.principal;\n    safePrincipal = createPrincipal({\n      userId: p.userId,\n      serviceId: p.serviceId,\n      orgId: p.orgId,\n      role: p.role,\n      ticketRef: p.ticketRef,\n      claims: p.claims ? safeDeepCopy(p.claims as Record<string, unknown>) : {},\n    });\n  }\n\n  // Classification: explicit options > registry > defaults\n  const registry = options.registry ?? null;\n  let sideEffect: SideEffect = options.sideEffect ?? SideEffect.IRREVERSIBLE;\n  let idempotent = options.idempotent ?? false;\n  let bashCommand: string | null = null;\n  let filePath: string | null = null;\n\n  // Registry overrides defaults but not explicit options\n  if (registry) {\n    const [regEffect, regIdempotent] = registry.classify(toolName, safeArgs);\n    if (options.sideEffect == null) sideEffect = regEffect;\n    if (options.idempotent == null) idempotent = regIdempotent;\n  }\n\n  // Extract convenience fields (handle both snake_case and camelCase keys)\n  if (toolName === \"Bash\") {\n    bashCommand = (safeArgs.command as string) ?? \"\";\n    // BashClassifier wins over registry but NOT over explicit caller options\n    if (options.sideEffect == null) {\n      sideEffect = BashClassifier.classify(bashCommand);\n    }\n  } else if (\n    toolName === \"Read\" ||\n    toolName === \"Glob\" ||\n    toolName === \"Grep\"\n  ) {\n    filePath =\n      (safeArgs.file_path as string) ??\n      (safeArgs.filePath as string) ??\n      (safeArgs.path as string) ??\n      null;\n  } else if (toolName === \"Write\" || toolName === \"Edit\") {\n    filePath =\n      (safeArgs.file_path as string) ??\n      (safeArgs.filePath as string) ??\n      (safeArgs.path as string) ??\n      null;\n  }\n\n  const envelope: ToolEnvelope = {\n    toolName,\n    args: safeArgs,\n    callId: options.callId ?? randomUUID(),\n    runId: options.runId ?? \"\",\n    callIndex: options.callIndex ?? 0,\n    parentCallId: options.parentCallId ?? null,\n    sideEffect,\n    idempotent,\n    environment: options.environment ?? \"production\",\n    timestamp: options.timestamp ?? new Date(),\n    caller: options.caller ?? \"\",\n    toolUseId: options.toolUseId ?? null,\n    principal: safePrincipal,\n    bashCommand,\n    filePath,\n    metadata: safeMetadata,\n  };\n\n  return deepFreeze(envelope);\n}\n"],"mappings":";;;;;;;;AAGO,IAAM,gBAAN,cAA4B,MAAM;AAAA,EAC9B;AAAA,EACA;AAAA,EACA;AAAA,EAET,YACE,QACA,iBAAgC,MAChC,eAA8B,MAC9B;AACA,UAAM,MAAM;AACZ,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,iBAAiB;AACtB,SAAK,eAAe;AAAA,EACtB;AACF;AAGO,IAAM,qBAAN,cAAiC,MAAM;AAAA,EAC5C,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;AAGO,IAAM,mBAAN,cAA+B,MAAM;AAAA,EAC1C,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;;;ACjCA,SAAS,kBAAkB;AAmBpB,IAAM,aAAa;AAAA,EACxB,MAAM;AAAA,EACN,MAAM;AAAA,EACN,OAAO;AAAA,EACP,cAAc;AAChB;AAyBO,SAAS,gBACd,UAA8B,CAAC,GACV;AACrB,QAAM,IAAe;AAAA,IACnB,QAAQ,QAAQ,UAAU;AAAA,IAC1B,WAAW,QAAQ,aAAa;AAAA,IAChC,OAAO,QAAQ,SAAS;AAAA,IACxB,MAAM,QAAQ,QAAQ;AAAA,IACtB,WAAW,QAAQ,aAAa;AAAA,IAChC,QAAQ,QAAQ,UAAU,CAAC;AAAA,EAC7B;AACA,SAAO,WAAW,CAAC;AACrB;AAeO,SAAS,kBAAkB,UAAwB;AACxD,MAAI,CAAC,UAAU;AACb,UAAM,IAAI,mBAAmB,sBAAsB,KAAK,UAAU,QAAQ,CAAC,EAAE;AAAA,EAC/E;AACA,WAAS,IAAI,GAAG,IAAI,SAAS,QAAQ,KAAK;AACxC,UAAM,OAAO,SAAS,WAAW,CAAC;AAClC,UAAM,KAAK,SAAS,CAAC;AACrB,QAAI,OAAO,MAAQ,SAAS,OAAQ,OAAO,OAAO,OAAO,MAAM;AAC7D,YAAM,IAAI,mBAAmB,sBAAsB,KAAK,UAAU,QAAQ,CAAC,EAAE;AAAA,IAC/E;AAAA,EACF;AACF;AAqDO,SAAS,WAAc,KAAW;AACvC,MAAI,QAAQ,QAAQ,QAAQ,UAAa,OAAO,QAAQ,UAAU;AAChE,WAAO;AAAA,EACT;AAEA,MAAI,eAAe,MAAM;AACvB,WAAO;AAAA,EACT;AAGA,MAAI,eAAe,QAAQ;AACzB,WAAO;AAAA,EACT;AACA,SAAO,OAAO,GAAG;AACjB,aAAW,SAAS,OAAO,OAAO,GAA8B,GAAG;AACjE,QAAI,UAAU,QAAQ,UAAU,UAAa,OAAO,UAAU,YAAY,CAAC,OAAO,SAAS,KAAK,GAAG;AACjG,iBAAW,KAAK;AAAA,IAClB;AAAA,EACF;AACA,SAAO;AACT;AAOO,IAAM,eAAN,MAAmB;AAAA,EACP,SAAkC,oBAAI,IAAI;AAAA,EAE3D,SACE,MACA,aAAyB,WAAW,OACpC,aAAsB,OAChB;AACN,SAAK,OAAO,IAAI,MAAM,EAAE,MAAM,YAAY,WAAW,CAAC;AAAA,EACxD;AAAA,EAEA,SACE,UACA,OACuB;AACvB,UAAM,MAAM,KAAK,OAAO,IAAI,QAAQ;AACpC,QAAI,KAAK;AACP,aAAO,CAAC,IAAI,YAA0B,IAAI,UAAU;AAAA,IACtD;AACA,WAAO,CAAC,WAAW,cAAc,KAAK;AAAA,EACxC;AACF;AAcO,IAAM,iBAAiB;AAAA,EAC5B,gBAAgB;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAAA,EAEA,iBAAiB;AAAA,IACf;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAAA,EAEA,SAAS,SAA6B;AACpC,UAAM,WAAW,QAAQ,KAAK;AAC9B,QAAI,CAAC,UAAU;AACb,aAAO,WAAW;AAAA,IACpB;AAEA,eAAW,MAAM,eAAe,iBAAiB;AAC/C,UAAI,SAAS,SAAS,EAAE,GAAG;AACzB,eAAO,WAAW;AAAA,MACpB;AAAA,IACF;AAEA,eAAW,WAAW,eAAe,gBAAgB;AACnD,UAAI,aAAa,WAAW,SAAS,WAAW,UAAU,GAAG,GAAG;AAC9D,eAAO,WAAW;AAAA,MACpB;AAAA,IACF;AAEA,WAAO,WAAW;AAAA,EACpB;AACF;AAMA,SAAS,aAAgB,OAAa;AACpC,MAAI;AACF,WAAO,gBAAgB,KAAK;AAAA,EAC9B,QAAQ;AACN,WAAO,KAAK,MAAM,KAAK,UAAU,KAAK,CAAC;AAAA,EACzC;AACF;AA6BO,SAAS,eACd,UACA,WACA,UAAiC,CAAC,GACV;AACxB,oBAAkB,QAAQ;AAG1B,QAAM,WAAW,aAAa,SAAS;AAGvC,QAAM,eAAe,QAAQ,WAAW,aAAa,QAAQ,QAAQ,IAAI,CAAC;AAG1E,MAAI,gBAA4C;AAChD,MAAI,QAAQ,aAAa,MAAM;AAC7B,UAAM,IAAI,QAAQ;AAClB,oBAAgB,gBAAgB;AAAA,MAC9B,QAAQ,EAAE;AAAA,MACV,WAAW,EAAE;AAAA,MACb,OAAO,EAAE;AAAA,MACT,MAAM,EAAE;AAAA,MACR,WAAW,EAAE;AAAA,MACb,QAAQ,EAAE,SAAS,aAAa,EAAE,MAAiC,IAAI,CAAC;AAAA,IAC1E,CAAC;AAAA,EACH;AAGA,QAAM,WAAW,QAAQ,YAAY;AACrC,MAAI,aAAyB,QAAQ,cAAc,WAAW;AAC9D,MAAI,aAAa,QAAQ,cAAc;AACvC,MAAI,cAA6B;AACjC,MAAI,WAA0B;AAG9B,MAAI,UAAU;AACZ,UAAM,CAAC,WAAW,aAAa,IAAI,SAAS,SAAS,UAAU,QAAQ;AACvE,QAAI,QAAQ,cAAc,KAAM,cAAa;AAC7C,QAAI,QAAQ,cAAc,KAAM,cAAa;AAAA,EAC/C;AAGA,MAAI,aAAa,QAAQ;AACvB,kBAAe,SAAS,WAAsB;AAE9C,QAAI,QAAQ,cAAc,MAAM;AAC9B,mBAAa,eAAe,SAAS,WAAW;AAAA,IAClD;AAAA,EACF,WACE,aAAa,UACb,aAAa,UACb,aAAa,QACb;AACA,eACG,SAAS,aACT,SAAS,YACT,SAAS,QACV;AAAA,EACJ,WAAW,aAAa,WAAW,aAAa,QAAQ;AACtD,eACG,SAAS,aACT,SAAS,YACT,SAAS,QACV;AAAA,EACJ;AAEA,QAAM,WAAyB;AAAA,IAC7B;AAAA,IACA,MAAM;AAAA,IACN,QAAQ,QAAQ,UAAU,WAAW;AAAA,IACrC,OAAO,QAAQ,SAAS;AAAA,IACxB,WAAW,QAAQ,aAAa;AAAA,IAChC,cAAc,QAAQ,gBAAgB;AAAA,IACtC;AAAA,IACA;AAAA,IACA,aAAa,QAAQ,eAAe;AAAA,IACpC,WAAW,QAAQ,aAAa,oBAAI,KAAK;AAAA,IACzC,QAAQ,QAAQ,UAAU;AAAA,IAC1B,WAAW,QAAQ,aAAa;AAAA,IAChC,WAAW;AAAA,IACX;AAAA,IACA;AAAA,IACA,UAAU;AAAA,EACZ;AAEA,SAAO,WAAW,QAAQ;AAC5B;","names":[]}

package/dist/chunk-IXMXZGJG.mjs

@@ -0,0 +1,30 @@
+// src/evaluation.ts
+function createContractResult(fields) {
+  return Object.freeze({
+    contractId: fields.contractId,
+    contractType: fields.contractType,
+    passed: fields.passed,
+    message: fields.message ?? null,
+    tags: Object.freeze([...fields.tags ?? []]),
+    observed: fields.observed ?? false,
+    effect: fields.effect ?? "warn",
+    policyError: fields.policyError ?? false
+  });
+}
+function createEvaluationResult(fields) {
+  return Object.freeze({
+    verdict: fields.verdict,
+    toolName: fields.toolName,
+    contracts: Object.freeze([...fields.contracts ?? []]),
+    denyReasons: Object.freeze([...fields.denyReasons ?? []]),
+    warnReasons: Object.freeze([...fields.warnReasons ?? []]),
+    contractsEvaluated: fields.contractsEvaluated ?? 0,
+    policyError: fields.policyError ?? false
+  });
+}
+
+export {
+  createContractResult,
+  createEvaluationResult
+};
+//# sourceMappingURL=chunk-IXMXZGJG.mjs.map

package/dist/chunk-IXMXZGJG.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/evaluation.ts"],"sourcesContent":["/** Evaluation result types for dry-run contract evaluation. */\n\n// ---------------------------------------------------------------------------\n// ContractResult\n// ---------------------------------------------------------------------------\n\n/** Result of evaluating a single contract. */\nexport interface ContractResult {\n  readonly contractId: string;\n  readonly contractType: string; // \"precondition\" | \"postcondition\" | \"sandbox\"\n  readonly passed: boolean;\n  readonly message: string | null;\n  readonly tags: readonly string[];\n  readonly observed: boolean;\n  readonly effect: string;\n  readonly policyError: boolean;\n}\n\n/** Create a frozen ContractResult with defaults matching the Python dataclass. */\nexport function createContractResult(\n  fields: Pick<ContractResult, \"contractId\" | \"contractType\" | \"passed\"> &\n    Partial<Omit<ContractResult, \"contractId\" | \"contractType\" | \"passed\">>,\n): ContractResult {\n  return Object.freeze({\n    contractId: fields.contractId,\n    contractType: fields.contractType,\n    passed: fields.passed,\n    message: fields.message ?? null,\n    tags: Object.freeze([...(fields.tags ?? [])]),\n    observed: fields.observed ?? false,\n    effect: fields.effect ?? \"warn\",\n    policyError: fields.policyError ?? false,\n  });\n}\n\n// ---------------------------------------------------------------------------\n// EvaluationResult\n// ---------------------------------------------------------------------------\n\n/** Result of dry-run evaluation of a tool call against contracts. */\nexport interface EvaluationResult {\n  readonly verdict: string; // \"allow\" | \"deny\" | \"warn\"\n  readonly toolName: string;\n  readonly contracts: readonly ContractResult[];\n  readonly denyReasons: readonly string[];\n  readonly warnReasons: readonly string[];\n  readonly contractsEvaluated: number;\n  readonly policyError: boolean;\n}\n\n/** Create a frozen EvaluationResult with defaults matching the Python dataclass. */\nexport function createEvaluationResult(\n  fields: Pick<EvaluationResult, \"verdict\" | \"toolName\"> &\n    Partial<Omit<EvaluationResult, \"verdict\" | \"toolName\">>,\n): EvaluationResult {\n  return Object.freeze({\n    verdict: fields.verdict,\n    toolName: fields.toolName,\n    contracts: Object.freeze([...(fields.contracts ?? [])]),\n    denyReasons: Object.freeze([...(fields.denyReasons ?? [])]),\n    warnReasons: Object.freeze([...(fields.warnReasons ?? [])]),\n    contractsEvaluated: fields.contractsEvaluated ?? 0,\n    policyError: fields.policyError ?? false,\n  });\n}\n"],"mappings":";AAmBO,SAAS,qBACd,QAEgB;AAChB,SAAO,OAAO,OAAO;AAAA,IACnB,YAAY,OAAO;AAAA,IACnB,cAAc,OAAO;AAAA,IACrB,QAAQ,OAAO;AAAA,IACf,SAAS,OAAO,WAAW;AAAA,IAC3B,MAAM,OAAO,OAAO,CAAC,GAAI,OAAO,QAAQ,CAAC,CAAE,CAAC;AAAA,IAC5C,UAAU,OAAO,YAAY;AAAA,IAC7B,QAAQ,OAAO,UAAU;AAAA,IACzB,aAAa,OAAO,eAAe;AAAA,EACrC,CAAC;AACH;AAkBO,SAAS,uBACd,QAEkB;AAClB,SAAO,OAAO,OAAO;AAAA,IACnB,SAAS,OAAO;AAAA,IAChB,UAAU,OAAO;AAAA,IACjB,WAAW,OAAO,OAAO,CAAC,GAAI,OAAO,aAAa,CAAC,CAAE,CAAC;AAAA,IACtD,aAAa,OAAO,OAAO,CAAC,GAAI,OAAO,eAAe,CAAC,CAAE,CAAC;AAAA,IAC1D,aAAa,OAAO,OAAO,CAAC,GAAI,OAAO,eAAe,CAAC,CAAE,CAAC;AAAA,IAC1D,oBAAoB,OAAO,sBAAsB;AAAA,IACjD,aAAa,OAAO,eAAe;AAAA,EACrC,CAAC;AACH;","names":[]}