npm - @edictum/core - Versions diffs - 0.1.0 → 0.2.0 - Mend

@edictum/core 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/README.md +46 -0
package/dist/{chunk-IXMXZGJG.mjs → chunk-23XIQZR5.mjs} +1 -1
package/dist/chunk-23XIQZR5.mjs.map +1 -0
package/dist/{chunk-CRPQFRYJ.mjs → chunk-2YSBMUK5.mjs} +2 -10
package/dist/chunk-2YSBMUK5.mjs.map +1 -0
package/dist/{chunk-X5E2YY35.mjs → chunk-JOBPRXVE.mjs} +44 -110
package/dist/chunk-JOBPRXVE.mjs.map +1 -0
package/dist/{dry-run-54PYIM6T.mjs → dry-run-JTRNTZA5.mjs} +3 -3
package/dist/dry-run-JTRNTZA5.mjs.map +1 -0
package/dist/index.cjs +413 -224
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +28 -27
package/dist/index.d.ts +28 -27
package/dist/index.mjs +370 -118
package/dist/index.mjs.map +1 -1
package/dist/runner-JCAQMF6O.mjs +10 -0
package/package.json +14 -13
package/dist/chunk-CRPQFRYJ.mjs.map +0 -1
package/dist/chunk-IXMXZGJG.mjs.map +0 -1
package/dist/chunk-X5E2YY35.mjs.map +0 -1
package/dist/dry-run-54PYIM6T.mjs.map +0 -1
package/dist/runner-ASI4JIW2.mjs +0 -10
/package/dist/{runner-ASI4JIW2.mjs.map → runner-JCAQMF6O.mjs.map} +0 -0

package/README.md ADDED Viewed

@@ -0,0 +1,46 @@
+# @edictum/core
+Runtime contract enforcement for AI agent tool calls. One runtime dep ([js-yaml](https://github.com/nodeca/js-yaml)).
+Part of [Edictum](https://github.com/edictum-ai/edictum-ts) -- runtime contract enforcement for AI agent tool calls.
+## Install
+```bash
+pnpm add @edictum/core
+```
+## Usage
+```typescript
+import { readFile } from 'node:fs/promises'
+import { Edictum, EdictumDenied } from '@edictum/core'
+const guard = Edictum.fromYaml('contracts.yaml')
+const governedReadFile = (args: Record<string, unknown>) => readFile(args.path as string, 'utf8')
+try {
+  await guard.run('readFile', { path: '.env' }, governedReadFile)
+} catch (e) {
+  if (e instanceof EdictumDenied) console.log(e.reason)
+}
+```
+## Key Exports
+- `Edictum` -- main guard class (`fromYaml`, `fromYamlString`, `run`, `evaluate`)
+- `EdictumDenied`, `EdictumConfigError`, `EdictumToolError` -- error types
+- `GovernancePipeline` -- governance pipeline (used by adapters)
+- `Verdict` -- contract result builder (`pass()`, `fail(reason)`)
+- `Session`, `MemoryBackend` -- session tracking and storage
+- `RedactionPolicy` -- sensitive field redaction for audit events
+- `CollectingAuditSink`, `StdoutAuditSink`, `FileAuditSink`, `CompositeSink` -- audit sinks
+- `createEnvelope`, `BashClassifier`, `SideEffect` -- envelope construction
+- `composeBundles`, `loadBundle`, `compileContracts` -- YAML engine
+## Links
+- [Full documentation](https://docs.edictum.ai)
+- [GitHub](https://github.com/edictum-ai/edictum-ts)
+- [All packages](https://github.com/edictum-ai/edictum-ts#packages)

package/dist/{chunk-IXMXZGJG.mjs → chunk-23XIQZR5.mjs} RENAMED Viewed

@@ -27,4 +27,4 @@ export {
   createContractResult,
   createEvaluationResult
 };
-//# sourceMappingURL=chunk-IXMXZGJG.mjs.map
+//# sourceMappingURL=chunk-23XIQZR5.mjs.map

package/dist/chunk-23XIQZR5.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/evaluation.ts"],"sourcesContent":["/** Evaluation result types for dry-run contract evaluation. */\n\n// ---------------------------------------------------------------------------\n// ContractResult\n// ---------------------------------------------------------------------------\n\n/** Result of evaluating a single contract. */\nexport interface ContractResult {\n readonly contractId: string\n readonly contractType: string // \"precondition\" | \"postcondition\" | \"sandbox\"\n readonly passed: boolean\n readonly message: string | null\n readonly tags: readonly string[]\n readonly observed: boolean\n readonly effect: string\n readonly policyError: boolean\n}\n\n/** Create a frozen ContractResult with defaults matching the Python dataclass. */\nexport function createContractResult(\n fields: Pick<ContractResult, 'contractId' | 'contractType' | 'passed'> &\n Partial<Omit<ContractResult, 'contractId' | 'contractType' | 'passed'>>,\n): ContractResult {\n return Object.freeze({\n contractId: fields.contractId,\n contractType: fields.contractType,\n passed: fields.passed,\n message: fields.message ?? null,\n tags: Object.freeze([...(fields.tags ?? [])]),\n observed: fields.observed ?? false,\n effect: fields.effect ?? 'warn',\n policyError: fields.policyError ?? false,\n })\n}\n\n// ---------------------------------------------------------------------------\n// EvaluationResult\n// ---------------------------------------------------------------------------\n\n/** Result of dry-run evaluation of a tool call against contracts. */\nexport interface EvaluationResult {\n readonly verdict: string // \"allow\" | \"deny\" | \"warn\"\n readonly toolName: string\n readonly contracts: readonly ContractResult[]\n readonly denyReasons: readonly string[]\n readonly warnReasons: readonly string[]\n readonly contractsEvaluated: number\n readonly policyError: boolean\n}\n\n/** Create a frozen EvaluationResult with defaults matching the Python dataclass. */\nexport function createEvaluationResult(\n fields: Pick<EvaluationResult, 'verdict' | 'toolName'> &\n Partial<Omit<EvaluationResult, 'verdict' | 'toolName'>>,\n): EvaluationResult {\n return Object.freeze({\n verdict: fields.verdict,\n toolName: fields.toolName,\n contracts: Object.freeze([...(fields.contracts ?? [])]),\n denyReasons: Object.freeze([...(fields.denyReasons ?? [])]),\n warnReasons: Object.freeze([...(fields.warnReasons ?? [])]),\n contractsEvaluated: fields.contractsEvaluated ?? 0,\n policyError: fields.policyError ?? false,\n })\n}\n"],"mappings":";AAmBO,SAAS,qBACd,QAEgB;AAChB,SAAO,OAAO,OAAO;AAAA,IACnB,YAAY,OAAO;AAAA,IACnB,cAAc,OAAO;AAAA,IACrB,QAAQ,OAAO;AAAA,IACf,SAAS,OAAO,WAAW;AAAA,IAC3B,MAAM,OAAO,OAAO,CAAC,GAAI,OAAO,QAAQ,CAAC,CAAE,CAAC;AAAA,IAC5C,UAAU,OAAO,YAAY;AAAA,IAC7B,QAAQ,OAAO,UAAU;AAAA,IACzB,aAAa,OAAO,eAAe;AAAA,EACrC,CAAC;AACH;AAkBO,SAAS,uBACd,QAEkB;AAClB,SAAO,OAAO,OAAO;AAAA,IACnB,SAAS,OAAO;AAAA,IAChB,UAAU,OAAO;AAAA,IACjB,WAAW,OAAO,OAAO,CAAC,GAAI,OAAO,aAAa,CAAC,CAAE,CAAC;AAAA,IACtD,aAAa,OAAO,OAAO,CAAC,GAAI,OAAO,eAAe,CAAC,CAAE,CAAC;AAAA,IAC1D,aAAa,OAAO,OAAO,CAAC,GAAI,OAAO,eAAe,CAAC,CAAE,CAAC;AAAA,IAC1D,oBAAoB,OAAO,sBAAsB;AAAA,IACjD,aAAa,OAAO,eAAe;AAAA,EACrC,CAAC;AACH;","names":[]}

package/dist/{chunk-CRPQFRYJ.mjs → chunk-2YSBMUK5.mjs} RENAMED Viewed

@@ -1,10 +1,3 @@
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
-}) : x)(function(x) {
-  if (typeof require !== "undefined") return require.apply(this, arguments);
-  throw Error('Dynamic require of "' + x + '" is not supported');
-});
 // src/errors.ts
 var EdictumDenied = class extends Error {
   reason;
@@ -57,7 +50,7 @@ function _validateToolName(toolName) {
   for (let i = 0; i < toolName.length; i++) {
     const code = toolName.charCodeAt(i);
     const ch = toolName[i];
-    if (code < 32 || code === 127 || ch === "/" || ch === "\\") {
+    if (code < 32 || code >= 127 && code <= 159 || code === 8232 || code === 8233 || ch === "/" || ch === "\\") {
       throw new EdictumConfigError(`Invalid tool_name: ${JSON.stringify(toolName)}`);
     }
   }
@@ -223,7 +216,6 @@ function createEnvelope(toolName, toolInput, options = {}) {
 }
 export {
-  __require,
   EdictumDenied,
   EdictumConfigError,
   EdictumToolError,
@@ -235,4 +227,4 @@ export {
   BashClassifier,
   createEnvelope
 };
-//# sourceMappingURL=chunk-CRPQFRYJ.mjs.map
+//# sourceMappingURL=chunk-2YSBMUK5.mjs.map

package/dist/chunk-2YSBMUK5.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/errors.ts","../src/envelope.ts"],"sourcesContent":["/** Exception classes for Edictum. */\n\n/** Raised when guard.run() denies a tool call in enforce mode. */\nexport class EdictumDenied extends Error {\n readonly reason: string\n readonly decisionSource: string | null\n readonly decisionName: string | null\n\n constructor(\n reason: string,\n decisionSource: string | null = null,\n decisionName: string | null = null,\n ) {\n super(reason)\n this.name = 'EdictumDenied'\n this.reason = reason\n this.decisionSource = decisionSource\n this.decisionName = decisionName\n }\n}\n\n/** Raised for configuration/load-time errors (invalid YAML, schema failures, etc.). */\nexport class EdictumConfigError extends Error {\n constructor(message: string) {\n super(message)\n this.name = 'EdictumConfigError'\n }\n}\n\n/** Raised when the governed tool itself fails. */\nexport class EdictumToolError extends Error {\n constructor(message: string) {\n super(message)\n this.name = 'EdictumToolError'\n }\n}\n","/** Tool Invocation Envelope — immutable snapshot of a tool call. */\n\nimport { randomUUID } from 'node:crypto'\n\nimport { EdictumConfigError } from './errors.js'\nimport type { ToolConfig } from './types.js'\n\n// ---------------------------------------------------------------------------\n// SideEffect\n// ---------------------------------------------------------------------------\n\n/**\n * Classification of tool side effects.\n *\n * Determines postcondition behavior and retry safety.\n *\n * DEFAULTS:\n * - Unregistered tools -> IRREVERSIBLE (conservative)\n * - Bash -> IRREVERSIBLE unless strict allowlist match\n * - Classification errors always err toward MORE restrictive\n */\nexport const SideEffect = {\n PURE: 'pure',\n READ: 'read',\n WRITE: 'write',\n IRREVERSIBLE: 'irreversible',\n} as const\n\nexport type SideEffect = (typeof SideEffect)[keyof typeof SideEffect]\n\n// ---------------------------------------------------------------------------\n// Principal\n// ---------------------------------------------------------------------------\n\n/**\n * Identity context for audit attribution.\n *\n * NOTE: `claims` is a plain object. The Principal itself is frozen via\n * `Object.freeze()`, making the reference immutable. Callers should treat\n * claims as read-only after construction.\n */\nexport interface Principal {\n readonly userId: string | null\n readonly serviceId: string | null\n readonly orgId: string | null\n readonly role: string | null\n readonly ticketRef: string | null\n readonly claims: Readonly<Record<string, unknown>>\n}\n\n/** Create a frozen Principal with defaults for omitted fields. */\nexport function createPrincipal(partial: Partial<Principal> = {}): Readonly<Principal> {\n const p: Principal = {\n userId: partial.userId ?? null,\n serviceId: partial.serviceId ?? null,\n orgId: partial.orgId ?? null,\n role: partial.role ?? null,\n ticketRef: partial.ticketRef ?? null,\n claims: partial.claims ?? {},\n }\n return deepFreeze(p)\n}\n\n// ---------------------------------------------------------------------------\n// _validateToolName\n// ---------------------------------------------------------------------------\n\n/**\n * Validate tool_name: reject empty, control chars, path separators.\n *\n * Throws EdictumConfigError for:\n * - Empty string\n * - Any C0 control character (code < 0x20), DEL/C1 (U+007F-U+009F)\n * - Unicode line/paragraph separators (U+2028, U+2029)\n * - Forward slash `/`\n * - Backslash `\\`\n */\nexport function _validateToolName(toolName: string): void {\n if (!toolName) {\n throw new EdictumConfigError(`Invalid tool_name: ${JSON.stringify(toolName)}`)\n }\n for (let i = 0; i < toolName.length; i++) {\n const code = toolName.charCodeAt(i)\n const ch = toolName[i]\n if (\n code < 0x20 ||\n (code >= 0x7f && code <= 0x9f) ||\n code === 0x2028 ||\n code === 0x2029 ||\n ch === '/' ||\n ch === '\\\\'\n ) {\n throw new EdictumConfigError(`Invalid tool_name: ${JSON.stringify(toolName)}`)\n }\n }\n}\n\n// ---------------------------------------------------------------------------\n// ToolEnvelope\n// ---------------------------------------------------------------------------\n\n/**\n * Immutable snapshot of a tool invocation.\n *\n * Prefer `createEnvelope()` factory for deep-copy guarantees.\n * Direct construction validates tool_name but does NOT deep-copy args.\n */\nexport interface ToolEnvelope {\n // Identity\n readonly toolName: string\n readonly args: Readonly<Record<string, unknown>>\n readonly callId: string\n readonly runId: string\n readonly callIndex: number\n readonly parentCallId: string | null\n\n // Classification\n readonly sideEffect: SideEffect\n readonly idempotent: boolean\n\n // Context\n readonly environment: string\n readonly timestamp: Date\n readonly caller: string\n readonly toolUseId: string | null\n\n // Principal\n readonly principal: Readonly<Principal> | null\n\n // Extracted convenience fields\n readonly bashCommand: string | null\n readonly filePath: string | null\n\n // Extensible\n readonly metadata: Readonly<Record<string, unknown>>\n}\n\n// ---------------------------------------------------------------------------\n// deepFreeze\n// ---------------------------------------------------------------------------\n\n/**\n * Recursively freeze an object and all nested objects.\n *\n * Date objects are skipped — Object.freeze() cannot prevent mutation\n * via Date prototype methods (setFullYear, setTime, etc.) because Date\n * stores state in internal slots, not own properties.\n */\nexport function deepFreeze<T>(obj: T): T {\n if (obj === null || obj === undefined || typeof obj !== 'object') {\n return obj\n }\n // Date internal slots are not freezable — skip to avoid false sense of safety\n if (obj instanceof Date) {\n return obj\n }\n // RegExp with global/sticky flags stores mutable lastIndex in internal state.\n // Freezing prevents String.replace() from updating lastIndex → TypeError.\n if (obj instanceof RegExp) {\n return obj\n }\n Object.freeze(obj)\n for (const value of Object.values(obj as Record<string, unknown>)) {\n if (\n value !== null &&\n value !== undefined &&\n typeof value === 'object' &&\n !Object.isFrozen(value)\n ) {\n deepFreeze(value)\n }\n }\n return obj\n}\n\n// ---------------------------------------------------------------------------\n// ToolRegistry\n// ---------------------------------------------------------------------------\n\n/** Maps tool names to governance properties. Unregistered tools default to IRREVERSIBLE. */\nexport class ToolRegistry {\n private readonly _tools: Map<string, ToolConfig> = new Map()\n\n register(\n name: string,\n sideEffect: SideEffect = SideEffect.WRITE,\n idempotent: boolean = false,\n ): void {\n this._tools.set(name, { name, sideEffect, idempotent })\n }\n\n classify(toolName: string, _args: Record<string, unknown>): [SideEffect, boolean] {\n const cfg = this._tools.get(toolName)\n if (cfg) {\n return [cfg.sideEffect as SideEffect, cfg.idempotent]\n }\n return [SideEffect.IRREVERSIBLE, false]\n }\n}\n\n// ---------------------------------------------------------------------------\n// BashClassifier\n// ---------------------------------------------------------------------------\n\n/**\n * Classify bash commands by side-effect level.\n *\n * Default is IRREVERSIBLE. Only downgraded to READ via strict\n * allowlist AND absence of shell operators.\n *\n * This is a heuristic, not a security boundary.\n */\nexport const BashClassifier = {\n READ_ALLOWLIST: [\n 'ls',\n 'cat',\n 'head',\n 'tail',\n 'wc',\n 'find',\n 'grep',\n 'rg',\n 'git status',\n 'git log',\n 'git diff',\n 'git show',\n 'git branch',\n 'git remote',\n 'git tag',\n 'echo',\n 'pwd',\n 'whoami',\n 'date',\n 'which',\n 'file',\n 'stat',\n 'du',\n 'df',\n 'tree',\n 'less',\n 'more',\n ] as const,\n\n SHELL_OPERATORS: [\n '\\n',\n '\\r',\n '<(',\n '<<',\n '$',\n '${',\n '>',\n '>>',\n '|',\n ';',\n '&&',\n '||',\n '$(',\n '`',\n '#{',\n ] as const,\n\n classify(command: string): SideEffect {\n const stripped = command.trim()\n if (!stripped) {\n return SideEffect.READ\n }\n\n for (const op of BashClassifier.SHELL_OPERATORS) {\n if (stripped.includes(op)) {\n return SideEffect.IRREVERSIBLE\n }\n }\n\n for (const allowed of BashClassifier.READ_ALLOWLIST) {\n if (stripped === allowed || stripped.startsWith(allowed + ' ')) {\n return SideEffect.READ\n }\n }\n\n return SideEffect.IRREVERSIBLE\n },\n} as const\n\n// ---------------------------------------------------------------------------\n// safeDeepCopy — structuredClone with JSON roundtrip fallback\n// ---------------------------------------------------------------------------\n\nfunction safeDeepCopy<T>(value: T): T {\n try {\n return structuredClone(value)\n } catch {\n return JSON.parse(JSON.stringify(value)) as T\n }\n}\n\n// ---------------------------------------------------------------------------\n// createEnvelope\n// ---------------------------------------------------------------------------\n\n/** Options for `createEnvelope()` beyond the required positional args. */\nexport interface CreateEnvelopeOptions {\n readonly runId?: string\n readonly callIndex?: number\n readonly callId?: string\n readonly parentCallId?: string | null\n readonly sideEffect?: SideEffect\n readonly idempotent?: boolean\n readonly environment?: string\n readonly timestamp?: Date\n readonly caller?: string\n readonly toolUseId?: string | null\n readonly principal?: Principal | null\n readonly metadata?: Record<string, unknown>\n readonly registry?: ToolRegistry | null\n}\n\n/**\n * Factory that enforces immutability guarantees.\n *\n * Prefer this factory over direct construction — it deep-copies args\n * and metadata to ensure the envelope is a true immutable snapshot.\n */\nexport function createEnvelope(\n toolName: string,\n toolInput: Record<string, unknown>,\n options: CreateEnvelopeOptions = {},\n): Readonly<ToolEnvelope> {\n _validateToolName(toolName)\n\n // Deep-copy for immutability\n const safeArgs = safeDeepCopy(toolInput)\n\n // Deep-copy metadata\n const safeMetadata = options.metadata ? safeDeepCopy(options.metadata) : {}\n\n // Deep-copy Principal to protect claims dict\n let safePrincipal: Readonly<Principal> | null = null\n if (options.principal != null) {\n const p = options.principal\n safePrincipal = createPrincipal({\n userId: p.userId,\n serviceId: p.serviceId,\n orgId: p.orgId,\n role: p.role,\n ticketRef: p.ticketRef,\n claims: p.claims ? safeDeepCopy(p.claims as Record<string, unknown>) : {},\n })\n }\n\n // Classification: explicit options > registry > defaults\n const registry = options.registry ?? null\n let sideEffect: SideEffect = options.sideEffect ?? SideEffect.IRREVERSIBLE\n let idempotent = options.idempotent ?? false\n let bashCommand: string | null = null\n let filePath: string | null = null\n\n // Registry overrides defaults but not explicit options\n if (registry) {\n const [regEffect, regIdempotent] = registry.classify(toolName, safeArgs)\n if (options.sideEffect == null) sideEffect = regEffect\n if (options.idempotent == null) idempotent = regIdempotent\n }\n\n // Extract convenience fields (handle both snake_case and camelCase keys)\n if (toolName === 'Bash') {\n bashCommand = (safeArgs.command as string) ?? ''\n // BashClassifier wins over registry but NOT over explicit caller options\n if (options.sideEffect == null) {\n sideEffect = BashClassifier.classify(bashCommand)\n }\n } else if (toolName === 'Read' || toolName === 'Glob' || toolName === 'Grep') {\n filePath =\n (safeArgs.file_path as string) ??\n (safeArgs.filePath as string) ??\n (safeArgs.path as string) ??\n null\n } else if (toolName === 'Write' || toolName === 'Edit') {\n filePath =\n (safeArgs.file_path as string) ??\n (safeArgs.filePath as string) ??\n (safeArgs.path as string) ??\n null\n }\n\n const envelope: ToolEnvelope = {\n toolName,\n args: safeArgs,\n callId: options.callId ?? randomUUID(),\n runId: options.runId ?? '',\n callIndex: options.callIndex ?? 0,\n parentCallId: options.parentCallId ?? null,\n sideEffect,\n idempotent,\n environment: options.environment ?? 'production',\n timestamp: options.timestamp ?? new Date(),\n caller: options.caller ?? '',\n toolUseId: options.toolUseId ?? null,\n principal: safePrincipal,\n bashCommand,\n filePath,\n metadata: safeMetadata,\n }\n\n return deepFreeze(envelope)\n}\n"],"mappings":";AAGO,IAAM,gBAAN,cAA4B,MAAM;AAAA,EAC9B;AAAA,EACA;AAAA,EACA;AAAA,EAET,YACE,QACA,iBAAgC,MAChC,eAA8B,MAC9B;AACA,UAAM,MAAM;AACZ,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,iBAAiB;AACtB,SAAK,eAAe;AAAA,EACtB;AACF;AAGO,IAAM,qBAAN,cAAiC,MAAM;AAAA,EAC5C,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;AAGO,IAAM,mBAAN,cAA+B,MAAM;AAAA,EAC1C,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;;;ACjCA,SAAS,kBAAkB;AAmBpB,IAAM,aAAa;AAAA,EACxB,MAAM;AAAA,EACN,MAAM;AAAA,EACN,OAAO;AAAA,EACP,cAAc;AAChB;AAyBO,SAAS,gBAAgB,UAA8B,CAAC,GAAwB;AACrF,QAAM,IAAe;AAAA,IACnB,QAAQ,QAAQ,UAAU;AAAA,IAC1B,WAAW,QAAQ,aAAa;AAAA,IAChC,OAAO,QAAQ,SAAS;AAAA,IACxB,MAAM,QAAQ,QAAQ;AAAA,IACtB,WAAW,QAAQ,aAAa;AAAA,IAChC,QAAQ,QAAQ,UAAU,CAAC;AAAA,EAC7B;AACA,SAAO,WAAW,CAAC;AACrB;AAgBO,SAAS,kBAAkB,UAAwB;AACxD,MAAI,CAAC,UAAU;AACb,UAAM,IAAI,mBAAmB,sBAAsB,KAAK,UAAU,QAAQ,CAAC,EAAE;AAAA,EAC/E;AACA,WAAS,IAAI,GAAG,IAAI,SAAS,QAAQ,KAAK;AACxC,UAAM,OAAO,SAAS,WAAW,CAAC;AAClC,UAAM,KAAK,SAAS,CAAC;AACrB,QACE,OAAO,MACN,QAAQ,OAAQ,QAAQ,OACzB,SAAS,QACT,SAAS,QACT,OAAO,OACP,OAAO,MACP;AACA,YAAM,IAAI,mBAAmB,sBAAsB,KAAK,UAAU,QAAQ,CAAC,EAAE;AAAA,IAC/E;AAAA,EACF;AACF;AAqDO,SAAS,WAAc,KAAW;AACvC,MAAI,QAAQ,QAAQ,QAAQ,UAAa,OAAO,QAAQ,UAAU;AAChE,WAAO;AAAA,EACT;AAEA,MAAI,eAAe,MAAM;AACvB,WAAO;AAAA,EACT;AAGA,MAAI,eAAe,QAAQ;AACzB,WAAO;AAAA,EACT;AACA,SAAO,OAAO,GAAG;AACjB,aAAW,SAAS,OAAO,OAAO,GAA8B,GAAG;AACjE,QACE,UAAU,QACV,UAAU,UACV,OAAO,UAAU,YACjB,CAAC,OAAO,SAAS,KAAK,GACtB;AACA,iBAAW,KAAK;AAAA,IAClB;AAAA,EACF;AACA,SAAO;AACT;AAOO,IAAM,eAAN,MAAmB;AAAA,EACP,SAAkC,oBAAI,IAAI;AAAA,EAE3D,SACE,MACA,aAAyB,WAAW,OACpC,aAAsB,OAChB;AACN,SAAK,OAAO,IAAI,MAAM,EAAE,MAAM,YAAY,WAAW,CAAC;AAAA,EACxD;AAAA,EAEA,SAAS,UAAkB,OAAuD;AAChF,UAAM,MAAM,KAAK,OAAO,IAAI,QAAQ;AACpC,QAAI,KAAK;AACP,aAAO,CAAC,IAAI,YAA0B,IAAI,UAAU;AAAA,IACtD;AACA,WAAO,CAAC,WAAW,cAAc,KAAK;AAAA,EACxC;AACF;AAcO,IAAM,iBAAiB;AAAA,EAC5B,gBAAgB;AAAA,IACd;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAAA,EAEA,iBAAiB;AAAA,IACf;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAAA,EAEA,SAAS,SAA6B;AACpC,UAAM,WAAW,QAAQ,KAAK;AAC9B,QAAI,CAAC,UAAU;AACb,aAAO,WAAW;AAAA,IACpB;AAEA,eAAW,MAAM,eAAe,iBAAiB;AAC/C,UAAI,SAAS,SAAS,EAAE,GAAG;AACzB,eAAO,WAAW;AAAA,MACpB;AAAA,IACF;AAEA,eAAW,WAAW,eAAe,gBAAgB;AACnD,UAAI,aAAa,WAAW,SAAS,WAAW,UAAU,GAAG,GAAG;AAC9D,eAAO,WAAW;AAAA,MACpB;AAAA,IACF;AAEA,WAAO,WAAW;AAAA,EACpB;AACF;AAMA,SAAS,aAAgB,OAAa;AACpC,MAAI;AACF,WAAO,gBAAgB,KAAK;AAAA,EAC9B,QAAQ;AACN,WAAO,KAAK,MAAM,KAAK,UAAU,KAAK,CAAC;AAAA,EACzC;AACF;AA6BO,SAAS,eACd,UACA,WACA,UAAiC,CAAC,GACV;AACxB,oBAAkB,QAAQ;AAG1B,QAAM,WAAW,aAAa,SAAS;AAGvC,QAAM,eAAe,QAAQ,WAAW,aAAa,QAAQ,QAAQ,IAAI,CAAC;AAG1E,MAAI,gBAA4C;AAChD,MAAI,QAAQ,aAAa,MAAM;AAC7B,UAAM,IAAI,QAAQ;AAClB,oBAAgB,gBAAgB;AAAA,MAC9B,QAAQ,EAAE;AAAA,MACV,WAAW,EAAE;AAAA,MACb,OAAO,EAAE;AAAA,MACT,MAAM,EAAE;AAAA,MACR,WAAW,EAAE;AAAA,MACb,QAAQ,EAAE,SAAS,aAAa,EAAE,MAAiC,IAAI,CAAC;AAAA,IAC1E,CAAC;AAAA,EACH;AAGA,QAAM,WAAW,QAAQ,YAAY;AACrC,MAAI,aAAyB,QAAQ,cAAc,WAAW;AAC9D,MAAI,aAAa,QAAQ,cAAc;AACvC,MAAI,cAA6B;AACjC,MAAI,WAA0B;AAG9B,MAAI,UAAU;AACZ,UAAM,CAAC,WAAW,aAAa,IAAI,SAAS,SAAS,UAAU,QAAQ;AACvE,QAAI,QAAQ,cAAc,KAAM,cAAa;AAC7C,QAAI,QAAQ,cAAc,KAAM,cAAa;AAAA,EAC/C;AAGA,MAAI,aAAa,QAAQ;AACvB,kBAAe,SAAS,WAAsB;AAE9C,QAAI,QAAQ,cAAc,MAAM;AAC9B,mBAAa,eAAe,SAAS,WAAW;AAAA,IAClD;AAAA,EACF,WAAW,aAAa,UAAU,aAAa,UAAU,aAAa,QAAQ;AAC5E,eACG,SAAS,aACT,SAAS,YACT,SAAS,QACV;AAAA,EACJ,WAAW,aAAa,WAAW,aAAa,QAAQ;AACtD,eACG,SAAS,aACT,SAAS,YACT,SAAS,QACV;AAAA,EACJ;AAEA,QAAM,WAAyB;AAAA,IAC7B;AAAA,IACA,MAAM;AAAA,IACN,QAAQ,QAAQ,UAAU,WAAW;AAAA,IACrC,OAAO,QAAQ,SAAS;AAAA,IACxB,WAAW,QAAQ,aAAa;AAAA,IAChC,cAAc,QAAQ,gBAAgB;AAAA,IACtC;AAAA,IACA;AAAA,IACA,aAAa,QAAQ,eAAe;AAAA,IACpC,WAAW,QAAQ,aAAa,oBAAI,KAAK;AAAA,IACzC,QAAQ,QAAQ,UAAU;AAAA,IAC1B,WAAW,QAAQ,aAAa;AAAA,IAChC,WAAW;AAAA,IACX;AAAA,IACA;AAAA,IACA,UAAU;AAAA,EACZ;AAEA,SAAO,WAAW,QAAQ;AAC5B;","names":[]}

package/dist/{chunk-X5E2YY35.mjs → chunk-JOBPRXVE.mjs} RENAMED Viewed

@@ -4,7 +4,7 @@ import {
   EdictumToolError,
   SideEffect,
   createEnvelope
-} from "./chunk-CRPQFRYJ.mjs";
+} from "./chunk-2YSBMUK5.mjs";
 // src/approval.ts
 import { randomUUID } from "crypto";
@@ -34,11 +34,8 @@ var RedactionPolicy = class _RedactionPolicy {
     "passphrase"
   ]);
   static BASH_REDACTION_PATTERNS = [
-    [
-      String.raw`(export\s+\w*(?:KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL)\w*=)\S+`,
-      "$1[REDACTED]"
-    ],
-    [String.raw`(-p\s*|--password[= ])\S+`, "$1[REDACTED]"],
+    [String.raw`(export\s+\w*(?:KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL)\w*=)\S+`, "$1[REDACTED]"],
+    [String.raw`((?:^|\s)-p\s*|--password[= ])\S+`, "$1[REDACTED]"],
     [String.raw`(://\w+:)\S+(@)`, "$1[REDACTED]$2"]
   ];
   static SECRET_VALUE_PATTERNS = [
@@ -68,25 +65,18 @@ var RedactionPolicy = class _RedactionPolicy {
         }
       }
     }
-    this._patterns = [
-      ...customPatterns ?? [],
-      ..._RedactionPolicy.BASH_REDACTION_PATTERNS
-    ];
+    this._patterns = [...customPatterns ?? [], ..._RedactionPolicy.BASH_REDACTION_PATTERNS];
     this._compiledPatterns = this._patterns.map(
       ([pattern, replacement]) => [new RegExp(pattern, "g"), replacement]
     );
-    this._compiledSecretPatterns = _RedactionPolicy.SECRET_VALUE_PATTERNS.map(
-      (p) => new RegExp(p)
-    );
+    this._compiledSecretPatterns = _RedactionPolicy.SECRET_VALUE_PATTERNS.map((p) => new RegExp(p));
     this._detectValues = detectSecretValues;
   }
   /** Recursively redact sensitive data from tool arguments. */
   redactArgs(args) {
     if (args !== null && typeof args === "object" && !Array.isArray(args)) {
       const result = {};
-      for (const [key, value] of Object.entries(
-        args
-      )) {
+      for (const [key, value] of Object.entries(args)) {
         result[key] = this._isSensitiveKey(key) ? "[REDACTED]" : this.redactArgs(value);
       }
       return result;
@@ -98,6 +88,18 @@ var RedactionPolicy = class _RedactionPolicy {
       if (this._detectValues && this._looksLikeSecret(args)) {
         return "[REDACTED]";
       }
+      if (this._detectValues) {
+        const capped = args.length > _RedactionPolicy.MAX_REGEX_INPUT ? args.slice(0, _RedactionPolicy.MAX_REGEX_INPUT) : args;
+        let redacted = capped;
+        for (const [pattern, replacement] of this._compiledPatterns) {
+          pattern.lastIndex = 0;
+          redacted = redacted.replace(pattern, replacement);
+        }
+        if (redacted.length > 1e3) {
+          return redacted.slice(0, 997) + "...";
+        }
+        return redacted;
+      }
       if (args.length > 1e3) {
         return args.slice(0, 997) + "...";
       }
@@ -168,7 +170,7 @@ var RedactionPolicy = class _RedactionPolicy {
 // src/approval.ts
 function sanitizeForTerminal(s) {
-  return s.replace(/\x1b\[[0-9;]*[a-zA-Z]/g, "").replace(/[\x00-\x1f\x7f]/g, "");
+  return s.replace(/\x1b\[[0-9;]*[a-zA-Z]/g, "").replace(/[\x00-\x1f\x7f-\x9f\u2028\u2029]/g, "");
 }
 var ApprovalStatus = {
   PENDING: "pending",
@@ -232,9 +234,7 @@ var LocalApprovalBackend = class {
     const effectiveTimeout = timeout ?? (request ? request.timeout : 300);
     try {
       const response = await this._readStdin(approvalId, effectiveTimeout);
-      const approved = ["y", "yes", "approve"].includes(
-        response.trim().toLowerCase()
-      );
+      const approved = ["y", "yes", "approve"].includes(response.trim().toLowerCase());
       const status = approved ? ApprovalStatus.APPROVED : ApprovalStatus.DENIED;
       return createApprovalDecision({
         approved,
@@ -707,10 +707,7 @@ var GovernancePipeline = class {
       }
     }
     const pe = hasPolicyError(contractsEvaluated);
-    const observeResults = await this._evaluateObserveContracts(
-      envelope,
-      session
-    );
+    const observeResults = await this._evaluateObserveContracts(envelope, session);
     return createPreDecision({
       action: "allow",
       hooksEvaluated,
@@ -765,23 +762,17 @@ var GovernancePipeline = class {
             text = policy.redactResult(text, text.length + 100);
           }
           redactedResponse = text;
-          warnings.push(
-            `\u26A0\uFE0F Content redacted by ${contract.name}.`
-          );
+          warnings.push(`\u26A0\uFE0F Content redacted by ${contract.name}.`);
         } else if (effect === "deny" && isSafe) {
           redactedResponse = `[OUTPUT SUPPRESSED] ${verdict.message}`;
           outputSuppressed = true;
-          warnings.push(
-            `\u26A0\uFE0F Output suppressed by ${contract.name}.`
-          );
+          warnings.push(`\u26A0\uFE0F Output suppressed by ${contract.name}.`);
         } else if ((effect === "redact" || effect === "deny") && !isSafe) {
           warnings.push(
             `\u26A0\uFE0F ${verdict.message} Tool already executed \u2014 assess before proceeding.`
           );
         } else if (isSafe) {
-          warnings.push(
-            `\u26A0\uFE0F ${verdict.message} Consider retrying.`
-          );
+          warnings.push(`\u26A0\uFE0F ${verdict.message} Consider retrying.`);
         } else {
           warnings.push(
             `\u26A0\uFE0F ${verdict.message} Tool already executed \u2014 assess before proceeding.`
@@ -803,10 +794,7 @@ var GovernancePipeline = class {
       try {
         verdict = await contract.check(envelope, toolResponse);
       } catch (exc) {
-        verdict = Verdict.fail(
-          `Observe-mode postcondition error: ${exc}`,
-          { policy_error: true }
-        );
+        verdict = Verdict.fail(`Observe-mode postcondition error: ${exc}`, { policy_error: true });
       }
       const record = {
         name: contract.name,
@@ -824,9 +812,7 @@ var GovernancePipeline = class {
         warnings.push(`\u26A0\uFE0F [observe] ${verdict.message}`);
       }
     }
-    const postconditionsPassed = contractsEvaluated.length > 0 ? contractsEvaluated.every(
-      (c) => c["passed"] === true || c["observed"] === true
-    ) : true;
+    const postconditionsPassed = contractsEvaluated.length > 0 ? contractsEvaluated.every((c) => c["passed"] === true || c["observed"] === true) : true;
     const pe = hasPolicyError(contractsEvaluated);
     return createPostDecision({
       toolSuccess,
@@ -847,17 +833,12 @@ var GovernancePipeline = class {
    */
   async _evaluateObserveContracts(envelope, session) {
     const results = [];
-    for (const contract of this._guard.getObservePreconditions(
-      envelope
-    )) {
+    for (const contract of this._guard.getObservePreconditions(envelope)) {
       let verdict;
       try {
         verdict = await contract.check(envelope);
       } catch (exc) {
-        verdict = Verdict.fail(
-          `Observe-mode precondition error: ${exc}`,
-          { policy_error: true }
-        );
+        verdict = Verdict.fail(`Observe-mode precondition error: ${exc}`, { policy_error: true });
       }
       results.push({
         name: contract.name,
@@ -867,17 +848,12 @@ var GovernancePipeline = class {
         source: contract.source ?? "yaml_precondition"
       });
     }
-    for (const contract of this._guard.getObserveSandboxContracts(
-      envelope
-    )) {
+    for (const contract of this._guard.getObserveSandboxContracts(envelope)) {
       let verdict;
       try {
         verdict = await contract.check(envelope);
       } catch (exc) {
-        verdict = Verdict.fail(
-          `Observe-mode sandbox error: ${exc}`,
-          { policy_error: true }
-        );
+        verdict = Verdict.fail(`Observe-mode sandbox error: ${exc}`, { policy_error: true });
       }
       results.push({
         name: contract.name,
@@ -892,10 +868,9 @@ var GovernancePipeline = class {
       try {
         verdict = await contract.check(session);
       } catch (exc) {
-        verdict = Verdict.fail(
-          `Observe-mode session contract error: ${exc}`,
-          { policy_error: true }
-        );
+        verdict = Verdict.fail(`Observe-mode session contract error: ${exc}`, {
+          policy_error: true
+        });
       }
       results.push({
         name: contract.name,
@@ -923,7 +898,7 @@ function _validateStorageKeyComponent(value, label) {
   }
   for (let i = 0; i < value.length; i++) {
     const code = value.charCodeAt(i);
-    if (code < 32 || code === 127) {
+    if (code < 32 || code >= 127 && code <= 159 || code === 8232 || code === 8233) {
       throw new EdictumConfigError(`Invalid ${label}: ${JSON.stringify(value)}`);
     }
   }
@@ -962,14 +937,10 @@ var Session = class {
   }
   async toolExecutionCount(tool) {
     _validateStorageKeyComponent(tool, "tool_name");
-    return Number(
-      await this._backend.get(`s:${this._sid}:tool:${tool}`) ?? 0
-    );
+    return Number(await this._backend.get(`s:${this._sid}:tool:${tool}`) ?? 0);
   }
   async consecutiveFailures() {
-    return Number(
-      await this._backend.get(`s:${this._sid}:consec_fail`) ?? 0
-    );
+    return Number(await this._backend.get(`s:${this._sid}:consec_fail`) ?? 0);
   }
   /**
    * Pre-fetch multiple session counters in a single backend call.
@@ -982,10 +953,7 @@ var Session = class {
    * backends without batchGet support.
    */
   async batchGetCounters(options) {
-    const keys = [
-      `s:${this._sid}:attempts`,
-      `s:${this._sid}:execs`
-    ];
+    const keys = [`s:${this._sid}:attempts`, `s:${this._sid}:execs`];
     const keyLabels = ["attempts", "execs"];
     if (options?.includeTool != null) {
       _validateStorageKeyComponent(options.includeTool, "tool_name");
@@ -1093,46 +1061,22 @@ async function run(guard, toolName, args, toolCallable, options) {
           principal: principalDict
         }
       );
-      await _emitRunPreAudit(
-        guard,
-        envelope,
-        session,
-        AuditAction.CALL_APPROVAL_REQUESTED,
-        pre
-      );
+      await _emitRunPreAudit(guard, envelope, session, AuditAction.CALL_APPROVAL_REQUESTED, pre);
       const decision = await guard._approvalBackend.waitForDecision(
         approvalRequest.approvalId,
         pre.approvalTimeout
       );
       let approved = false;
       if (decision.status === ApprovalStatus.TIMEOUT) {
-        await _emitRunPreAudit(
-          guard,
-          envelope,
-          session,
-          AuditAction.CALL_APPROVAL_TIMEOUT,
-          pre
-        );
+        await _emitRunPreAudit(guard, envelope, session, AuditAction.CALL_APPROVAL_TIMEOUT, pre);
         if (pre.approvalTimeoutEffect === "allow") {
           approved = true;
         }
       } else if (!decision.approved) {
-        await _emitRunPreAudit(
-          guard,
-          envelope,
-          session,
-          AuditAction.CALL_APPROVAL_DENIED,
-          pre
-        );
+        await _emitRunPreAudit(guard, envelope, session, AuditAction.CALL_APPROVAL_DENIED, pre);
       } else {
         approved = true;
-        await _emitRunPreAudit(
-          guard,
-          envelope,
-          session,
-          AuditAction.CALL_APPROVAL_GRANTED,
-          pre
-        );
+        await _emitRunPreAudit(guard, envelope, session, AuditAction.CALL_APPROVAL_GRANTED, pre);
       }
       if (approved) {
         if (guard._onAllow) {
@@ -1168,11 +1112,7 @@ async function run(guard, toolName, args, toolCallable, options) {
           } catch {
           }
         }
-        throw new EdictumDenied(
-          pre.reason ?? "denied",
-          pre.decisionSource,
-          pre.decisionName
-        );
+        throw new EdictumDenied(pre.reason ?? "denied", pre.decisionSource, pre.decisionName);
       }
     } else {
       for (const cr of pre.contractsEvaluated) {
@@ -1196,13 +1136,7 @@ async function run(guard, toolName, args, toolCallable, options) {
           await guard.auditSink.emit(observedEvent);
         }
       }
-      await _emitRunPreAudit(
-        guard,
-        envelope,
-        session,
-        AuditAction.CALL_ALLOWED,
-        pre
-      );
+      await _emitRunPreAudit(guard, envelope, session, AuditAction.CALL_ALLOWED, pre);
       if (guard._onAllow) {
         try {
           guard._onAllow(envelope);
@@ -1296,4 +1230,4 @@ export {
   defaultSuccessCheck,
   run
 };
-//# sourceMappingURL=chunk-X5E2YY35.mjs.map
+//# sourceMappingURL=chunk-JOBPRXVE.mjs.map