@edictum/core 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. package/README.md +46 -0
  2. package/dist/{chunk-IXMXZGJG.mjs → chunk-23XIQZR5.mjs} +1 -1
  3. package/dist/chunk-23XIQZR5.mjs.map +1 -0
  4. package/dist/{chunk-CRPQFRYJ.mjs → chunk-2YSBMUK5.mjs} +2 -10
  5. package/dist/chunk-2YSBMUK5.mjs.map +1 -0
  6. package/dist/{chunk-X5E2YY35.mjs → chunk-JOBPRXVE.mjs} +44 -110
  7. package/dist/chunk-JOBPRXVE.mjs.map +1 -0
  8. package/dist/{dry-run-54PYIM6T.mjs → dry-run-JTRNTZA5.mjs} +3 -3
  9. package/dist/dry-run-JTRNTZA5.mjs.map +1 -0
  10. package/dist/index.cjs +413 -224
  11. package/dist/index.cjs.map +1 -1
  12. package/dist/index.d.cts +28 -27
  13. package/dist/index.d.ts +28 -27
  14. package/dist/index.mjs +370 -118
  15. package/dist/index.mjs.map +1 -1
  16. package/dist/runner-JCAQMF6O.mjs +10 -0
  17. package/package.json +14 -13
  18. package/dist/chunk-CRPQFRYJ.mjs.map +0 -1
  19. package/dist/chunk-IXMXZGJG.mjs.map +0 -1
  20. package/dist/chunk-X5E2YY35.mjs.map +0 -1
  21. package/dist/dry-run-54PYIM6T.mjs.map +0 -1
  22. package/dist/runner-ASI4JIW2.mjs +0 -10
  23. /package/dist/{runner-ASI4JIW2.mjs.map → runner-JCAQMF6O.mjs.map} +0 -0
package/dist/index.d.cts CHANGED
@@ -55,7 +55,8 @@ declare function createPrincipal(partial?: Partial<Principal>): Readonly<Princip
55
55
  *
56
56
  * Throws EdictumConfigError for:
57
57
  * - Empty string
58
- * - Any ASCII control character (code < 0x20 or code === 0x7f)
58
+ * - Any C0 control character (code < 0x20), DEL/C1 (U+007F-U+009F)
59
+ * - Unicode line/paragraph separators (U+2028, U+2029)
59
60
  * - Forward slash `/`
60
61
  * - Backslash `\`
61
62
  */
@@ -239,7 +240,7 @@ declare const Verdict: {
239
240
  };
240
241
  /** Before execution. Safe to deny — tool hasn't run yet. */
241
242
  interface Precondition {
242
- readonly contractType?: "pre";
243
+ readonly contractType?: 'pre';
243
244
  readonly tool: string;
244
245
  readonly check: (envelope: ToolEnvelope) => Verdict | Promise<Verdict>;
245
246
  readonly when?: ((envelope: ToolEnvelope) => boolean) | null;
@@ -251,7 +252,7 @@ interface Precondition {
251
252
  * On failure for write/irreversible: warn only, NO retry coaching.
252
253
  */
253
254
  interface Postcondition {
254
- readonly contractType: "post";
255
+ readonly contractType: 'post';
255
256
  readonly tool: string;
256
257
  readonly check: (envelope: ToolEnvelope, response: unknown) => Verdict | Promise<Verdict>;
257
258
  readonly when?: ((envelope: ToolEnvelope) => boolean) | null;
@@ -314,7 +315,7 @@ declare const DEFAULT_LIMITS: OperationLimits;
314
315
  type AnyFunction = (...args: any[]) => any;
315
316
  /** Registration for a hook callback. */
316
317
  interface HookRegistration {
317
- readonly phase: "before" | "after";
318
+ readonly phase: 'before' | 'after';
318
319
  readonly tool: string;
319
320
  readonly callback: AnyFunction;
320
321
  readonly when?: AnyFunction | null;
@@ -515,7 +516,7 @@ interface ContractResult {
515
516
  readonly policyError: boolean;
516
517
  }
517
518
  /** Create a frozen ContractResult with defaults matching the Python dataclass. */
518
- declare function createContractResult(fields: Pick<ContractResult, "contractId" | "contractType" | "passed"> & Partial<Omit<ContractResult, "contractId" | "contractType" | "passed">>): ContractResult;
519
+ declare function createContractResult(fields: Pick<ContractResult, 'contractId' | 'contractType' | 'passed'> & Partial<Omit<ContractResult, 'contractId' | 'contractType' | 'passed'>>): ContractResult;
519
520
  /** Result of dry-run evaluation of a tool call against contracts. */
520
521
  interface EvaluationResult {
521
522
  readonly verdict: string;
@@ -527,7 +528,7 @@ interface EvaluationResult {
527
528
  readonly policyError: boolean;
528
529
  }
529
530
  /** Create a frozen EvaluationResult with defaults matching the Python dataclass. */
530
- declare function createEvaluationResult(fields: Pick<EvaluationResult, "verdict" | "toolName"> & Partial<Omit<EvaluationResult, "verdict" | "toolName">>): EvaluationResult;
531
+ declare function createEvaluationResult(fields: Pick<EvaluationResult, 'verdict' | 'toolName'> & Partial<Omit<EvaluationResult, 'verdict' | 'toolName'>>): EvaluationResult;
531
532
 
532
533
  /** Structured postcondition findings. */
533
534
  /**
@@ -545,7 +546,7 @@ interface Finding {
545
546
  readonly metadata: Readonly<Record<string, unknown>>;
546
547
  }
547
548
  /** Create a frozen Finding with defaults for metadata. */
548
- declare function createFinding(fields: Pick<Finding, "type" | "contractId" | "field" | "message"> & Partial<Pick<Finding, "metadata">>): Finding;
549
+ declare function createFinding(fields: Pick<Finding, 'type' | 'contractId' | 'field' | 'message'> & Partial<Pick<Finding, 'metadata'>>): Finding;
549
550
  /**
550
551
  * Result from a governed tool call, including postcondition findings.
551
552
  *
@@ -562,7 +563,7 @@ interface PostCallResult {
562
563
  readonly outputSuppressed: boolean;
563
564
  }
564
565
  /** Create a PostCallResult with defaults. */
565
- declare function createPostCallResult(fields: Pick<PostCallResult, "result"> & Partial<Omit<PostCallResult, "result">>): PostCallResult;
566
+ declare function createPostCallResult(fields: Pick<PostCallResult, 'result'> & Partial<Omit<PostCallResult, 'result'>>): PostCallResult;
566
567
  /**
567
568
  * Classify a postcondition finding type from contract ID and message.
568
569
  *
@@ -606,41 +607,41 @@ declare function buildFindings(postDecision: PostDecisionLike): Finding[];
606
607
 
607
608
  interface InternalContractBase {
608
609
  readonly name: string;
609
- readonly mode?: "enforce" | "observe";
610
+ readonly mode?: 'enforce' | 'observe';
610
611
  readonly source?: string;
611
612
  }
612
613
  /** Internal precondition — enriched with pipeline metadata. */
613
614
  interface InternalPrecondition extends InternalContractBase {
614
- readonly type: "precondition";
615
+ readonly type: 'precondition';
615
616
  readonly tool: string;
616
617
  readonly check: (envelope: ToolEnvelope) => Verdict | Promise<Verdict>;
617
618
  readonly when?: ((envelope: ToolEnvelope) => boolean) | null;
618
- readonly effect?: "deny" | "approve";
619
+ readonly effect?: 'deny' | 'approve';
619
620
  readonly timeout?: number;
620
- readonly timeoutEffect?: "deny" | "allow";
621
+ readonly timeoutEffect?: 'deny' | 'allow';
621
622
  }
622
623
  /** Internal postcondition — enriched with effect and redaction info. */
623
624
  interface InternalPostcondition extends InternalContractBase {
624
- readonly type: "postcondition";
625
+ readonly type: 'postcondition';
625
626
  readonly tool: string;
626
627
  readonly check: (envelope: ToolEnvelope, response: unknown) => Verdict | Promise<Verdict>;
627
628
  readonly when?: ((envelope: ToolEnvelope) => boolean) | null;
628
- readonly effect?: "warn" | "redact" | "deny";
629
+ readonly effect?: 'warn' | 'redact' | 'deny';
629
630
  readonly redactPatterns?: readonly RegExp[];
630
631
  }
631
632
  /** Internal session contract. */
632
633
  interface InternalSessionContract extends InternalContractBase {
633
- readonly type: "session_contract";
634
+ readonly type: 'session_contract';
634
635
  readonly check: (session: Session) => Verdict | Promise<Verdict>;
635
636
  }
636
637
  /** Internal sandbox contract — tool matching uses tools[] not tool. */
637
638
  interface InternalSandboxContract extends InternalContractBase {
638
- readonly type: "sandbox";
639
+ readonly type: 'sandbox';
639
640
  readonly tools: readonly string[];
640
641
  readonly check: (envelope: ToolEnvelope) => Verdict | Promise<Verdict>;
641
- readonly effect?: "deny" | "approve";
642
+ readonly effect?: 'deny' | 'approve';
642
643
  readonly timeout?: number;
643
- readonly timeoutEffect?: "deny" | "allow";
644
+ readonly timeoutEffect?: 'deny' | 'allow';
644
645
  }
645
646
  /** Union of all internal contract types. */
646
647
  type InternalContract = InternalPrecondition | InternalPostcondition | InternalSessionContract | InternalSandboxContract;
@@ -652,7 +653,7 @@ type InternalContract = InternalPrecondition | InternalPostcondition | InternalS
652
653
  */
653
654
  interface GuardLike {
654
655
  readonly limits: OperationLimits;
655
- getHooks(phase: "before" | "after", envelope: ToolEnvelope): HookRegistration[];
656
+ getHooks(phase: 'before' | 'after', envelope: ToolEnvelope): HookRegistration[];
656
657
  getPreconditions(envelope: ToolEnvelope): InternalPrecondition[];
657
658
  getPostconditions(envelope: ToolEnvelope): InternalPostcondition[];
658
659
  getSessionContracts(): InternalSessionContract[];
@@ -696,7 +697,7 @@ declare function createCompiledState(partial?: Partial<CompiledState>): Compiled
696
697
 
697
698
  /** Result of pre-execution governance evaluation. */
698
699
  interface PreDecision {
699
- readonly action: "allow" | "deny" | "pending_approval";
700
+ readonly action: 'allow' | 'deny' | 'pending_approval';
700
701
  readonly reason: string | null;
701
702
  readonly decisionSource: string | null;
702
703
  readonly decisionName: string | null;
@@ -710,7 +711,7 @@ interface PreDecision {
710
711
  readonly approvalMessage: string | null;
711
712
  }
712
713
  /** Create a PreDecision with defaults for omitted fields. */
713
- declare function createPreDecision(partial: Partial<PreDecision> & Pick<PreDecision, "action">): PreDecision;
714
+ declare function createPreDecision(partial: Partial<PreDecision> & Pick<PreDecision, 'action'>): PreDecision;
714
715
  /** Result of post-execution governance evaluation. */
715
716
  interface PostDecision {
716
717
  readonly toolSuccess: boolean;
@@ -722,7 +723,7 @@ interface PostDecision {
722
723
  readonly outputSuppressed: boolean;
723
724
  }
724
725
  /** Create a PostDecision with defaults for omitted fields. */
725
- declare function createPostDecision(partial: Partial<PostDecision> & Pick<PostDecision, "toolSuccess">): PostDecision;
726
+ declare function createPostDecision(partial: Partial<PostDecision> & Pick<PostDecision, 'toolSuccess'>): PostDecision;
726
727
  /**
727
728
  * Orchestrates all governance checks.
728
729
  *
@@ -830,7 +831,7 @@ declare function evaluateExpression(expr: Record<string, unknown>, envelope: Too
830
831
 
831
832
  /** Options shared by fromYaml and fromYamlString. */
832
833
  interface YamlFactoryOptions {
833
- readonly mode?: "enforce" | "observe";
834
+ readonly mode?: 'enforce' | 'observe';
834
835
  readonly tools?: Record<string, {
835
836
  side_effect?: string;
836
837
  idempotent?: boolean;
@@ -903,7 +904,7 @@ declare function reload(guard: Edictum, yamlContent: string, options?: ReloadOpt
903
904
  /** Constructor options for the Edictum guard. */
904
905
  interface EdictumOptions {
905
906
  readonly environment?: string;
906
- readonly mode?: "enforce" | "observe";
907
+ readonly mode?: 'enforce' | 'observe';
907
908
  readonly limits?: OperationLimits;
908
909
  readonly tools?: Record<string, {
909
910
  side_effect?: string;
@@ -931,7 +932,7 @@ interface EdictumOptions {
931
932
  */
932
933
  declare class Edictum implements GuardLike {
933
934
  readonly environment: string;
934
- readonly mode: "enforce" | "observe";
935
+ readonly mode: 'enforce' | 'observe';
935
936
  readonly backend: StorageBackend;
936
937
  readonly redaction: RedactionPolicy;
937
938
  readonly toolRegistry: ToolRegistry;
@@ -977,7 +978,7 @@ declare class Edictum implements GuardLike {
977
978
  /** Resolve the principal for a tool call. */
978
979
  _resolvePrincipal(toolName: string, toolInput: Record<string, unknown>): Principal | null;
979
980
  private _registerHook;
980
- getHooks(phase: "before" | "after", envelope: ToolEnvelope): HookRegistration[];
981
+ getHooks(phase: 'before' | 'after', envelope: ToolEnvelope): HookRegistration[];
981
982
  getPreconditions(envelope: ToolEnvelope): InternalPrecondition[];
982
983
  getPostconditions(envelope: ToolEnvelope): InternalPostcondition[];
983
984
  getSessionContracts(): InternalSessionContract[];
@@ -1198,4 +1199,4 @@ declare function loadBundleString(content: string | Uint8Array): [Record<string,
1198
1199
  /** Edictum — Runtime contract enforcement for AI agent tool calls. */
1199
1200
  declare const VERSION = "0.1.0";
1200
1201
 
1201
- export { type ApprovalBackend, type ApprovalDecision, type ApprovalRequest, ApprovalStatus, AuditAction, type AuditEvent, type AuditSink, BUILTIN_OPERATOR_NAMES, BUILTIN_SELECTOR_PREFIXES, BashClassifier, type BatchCall, type BundleHash, CollectingAuditSink, type CompileOptions, type CompiledBundle, type CompiledState, type ComposedBundle, CompositeSink, type CompositionReport, type ContractResult, type CreateEnvelopeOptions, type CustomOperator, type CustomSelector, DEFAULT_LIMITS, Edictum, EdictumConfigError, EdictumDenied, type EdictumOptions, EdictumToolError, type EvaluateOptions, type EvaluationResult, FileAuditSink, type Finding, type FromYamlOptions, GovernancePipeline, type GuardLike, HookDecision, type HookRegistration, HookResult, type InternalContract, type InternalPostcondition, type InternalPrecondition, type InternalSandboxContract, type InternalSessionContract, LocalApprovalBackend, MAX_BUNDLE_SIZE, MAX_REGEX_INPUT, MarkEvictedError, MemoryBackend, type OperationLimits, PolicyError, type PostCallResult, type PostDecision, type PostDecisionLike, type Postcondition, type PreDecision, type Precondition, type Principal, RedactionPolicy, type ReloadOptions, type RunOptions, Session, type SessionContract, SideEffect, StdoutAuditSink, type StorageBackend, type ToolConfig, type ToolEnvelope, ToolRegistry, VERSION, Verdict, type YamlFactoryOptions, _validateToolName, buildFindings, classifyFinding, compileContracts, composeBundles, computeHash, createAuditEvent, createCompiledState, createContractResult, createEnvelope, createEvaluationResult, createFinding, createPostCallResult, createPostDecision, createPreDecision, createPrincipal, deepFreeze, defaultSuccessCheck, evaluateExpression, expandMessage, fnmatch, fromYaml, fromYamlString, loadBundle, loadBundleString, reload, run, validateOperators };
1202
+ export { type ApprovalBackend, type ApprovalDecision, type ApprovalRequest, ApprovalStatus, AuditAction, type AuditEvent, type AuditSink, BUILTIN_OPERATOR_NAMES, BUILTIN_SELECTOR_PREFIXES, BashClassifier, type BatchCall, type BundleHash, CollectingAuditSink, type CompileOptions, type CompiledBundle, type CompiledState, type ComposedBundle, CompositeSink, type CompositionOverride, type CompositionReport, type ContractResult, type CreateEnvelopeOptions, type CustomOperator, type CustomSelector, DEFAULT_LIMITS, Edictum, EdictumConfigError, EdictumDenied, type EdictumOptions, EdictumToolError, type EvaluateOptions, type EvaluationResult, type EvaluateOptions$1 as ExpressionEvaluateOptions, FileAuditSink, type Finding, type FromYamlOptions, GovernancePipeline, type GuardLike, HookDecision, type HookRegistration, HookResult, type InternalContract, type InternalPostcondition, type InternalPrecondition, type InternalSandboxContract, type InternalSessionContract, LocalApprovalBackend, MAX_BUNDLE_SIZE, MAX_REGEX_INPUT, MarkEvictedError, MemoryBackend, type ObserveContract, type OperationLimits, PolicyError, type PostCallResult, type PostDecision, type PostDecisionLike, type Postcondition, type PreDecision, type Precondition, type Principal, RedactionPolicy, type ReloadOptions, type RunOptions, Session, type SessionContract, SideEffect, StdoutAuditSink, type StorageBackend, type ToolConfig, type ToolEnvelope, ToolRegistry, VERSION, Verdict, type YamlFactoryOptions, _validateToolName, buildFindings, classifyFinding, compileContracts, composeBundles, computeHash, createAuditEvent, createCompiledState, createContractResult, createEnvelope, createEvaluationResult, createFinding, createPostCallResult, createPostDecision, createPreDecision, createPrincipal, deepFreeze, defaultSuccessCheck, evaluateExpression, expandMessage, fnmatch, fromYaml, fromYamlString, loadBundle, loadBundleString, reload, run, validateOperators };
package/dist/index.d.ts CHANGED
@@ -55,7 +55,8 @@ declare function createPrincipal(partial?: Partial<Principal>): Readonly<Princip
55
55
  *
56
56
  * Throws EdictumConfigError for:
57
57
  * - Empty string
58
- * - Any ASCII control character (code < 0x20 or code === 0x7f)
58
+ * - Any C0 control character (code < 0x20), DEL/C1 (U+007F-U+009F)
59
+ * - Unicode line/paragraph separators (U+2028, U+2029)
59
60
  * - Forward slash `/`
60
61
  * - Backslash `\`
61
62
  */
@@ -239,7 +240,7 @@ declare const Verdict: {
239
240
  };
240
241
  /** Before execution. Safe to deny — tool hasn't run yet. */
241
242
  interface Precondition {
242
- readonly contractType?: "pre";
243
+ readonly contractType?: 'pre';
243
244
  readonly tool: string;
244
245
  readonly check: (envelope: ToolEnvelope) => Verdict | Promise<Verdict>;
245
246
  readonly when?: ((envelope: ToolEnvelope) => boolean) | null;
@@ -251,7 +252,7 @@ interface Precondition {
251
252
  * On failure for write/irreversible: warn only, NO retry coaching.
252
253
  */
253
254
  interface Postcondition {
254
- readonly contractType: "post";
255
+ readonly contractType: 'post';
255
256
  readonly tool: string;
256
257
  readonly check: (envelope: ToolEnvelope, response: unknown) => Verdict | Promise<Verdict>;
257
258
  readonly when?: ((envelope: ToolEnvelope) => boolean) | null;
@@ -314,7 +315,7 @@ declare const DEFAULT_LIMITS: OperationLimits;
314
315
  type AnyFunction = (...args: any[]) => any;
315
316
  /** Registration for a hook callback. */
316
317
  interface HookRegistration {
317
- readonly phase: "before" | "after";
318
+ readonly phase: 'before' | 'after';
318
319
  readonly tool: string;
319
320
  readonly callback: AnyFunction;
320
321
  readonly when?: AnyFunction | null;
@@ -515,7 +516,7 @@ interface ContractResult {
515
516
  readonly policyError: boolean;
516
517
  }
517
518
  /** Create a frozen ContractResult with defaults matching the Python dataclass. */
518
- declare function createContractResult(fields: Pick<ContractResult, "contractId" | "contractType" | "passed"> & Partial<Omit<ContractResult, "contractId" | "contractType" | "passed">>): ContractResult;
519
+ declare function createContractResult(fields: Pick<ContractResult, 'contractId' | 'contractType' | 'passed'> & Partial<Omit<ContractResult, 'contractId' | 'contractType' | 'passed'>>): ContractResult;
519
520
  /** Result of dry-run evaluation of a tool call against contracts. */
520
521
  interface EvaluationResult {
521
522
  readonly verdict: string;
@@ -527,7 +528,7 @@ interface EvaluationResult {
527
528
  readonly policyError: boolean;
528
529
  }
529
530
  /** Create a frozen EvaluationResult with defaults matching the Python dataclass. */
530
- declare function createEvaluationResult(fields: Pick<EvaluationResult, "verdict" | "toolName"> & Partial<Omit<EvaluationResult, "verdict" | "toolName">>): EvaluationResult;
531
+ declare function createEvaluationResult(fields: Pick<EvaluationResult, 'verdict' | 'toolName'> & Partial<Omit<EvaluationResult, 'verdict' | 'toolName'>>): EvaluationResult;
531
532
 
532
533
  /** Structured postcondition findings. */
533
534
  /**
@@ -545,7 +546,7 @@ interface Finding {
545
546
  readonly metadata: Readonly<Record<string, unknown>>;
546
547
  }
547
548
  /** Create a frozen Finding with defaults for metadata. */
548
- declare function createFinding(fields: Pick<Finding, "type" | "contractId" | "field" | "message"> & Partial<Pick<Finding, "metadata">>): Finding;
549
+ declare function createFinding(fields: Pick<Finding, 'type' | 'contractId' | 'field' | 'message'> & Partial<Pick<Finding, 'metadata'>>): Finding;
549
550
  /**
550
551
  * Result from a governed tool call, including postcondition findings.
551
552
  *
@@ -562,7 +563,7 @@ interface PostCallResult {
562
563
  readonly outputSuppressed: boolean;
563
564
  }
564
565
  /** Create a PostCallResult with defaults. */
565
- declare function createPostCallResult(fields: Pick<PostCallResult, "result"> & Partial<Omit<PostCallResult, "result">>): PostCallResult;
566
+ declare function createPostCallResult(fields: Pick<PostCallResult, 'result'> & Partial<Omit<PostCallResult, 'result'>>): PostCallResult;
566
567
  /**
567
568
  * Classify a postcondition finding type from contract ID and message.
568
569
  *
@@ -606,41 +607,41 @@ declare function buildFindings(postDecision: PostDecisionLike): Finding[];
606
607
 
607
608
  interface InternalContractBase {
608
609
  readonly name: string;
609
- readonly mode?: "enforce" | "observe";
610
+ readonly mode?: 'enforce' | 'observe';
610
611
  readonly source?: string;
611
612
  }
612
613
  /** Internal precondition — enriched with pipeline metadata. */
613
614
  interface InternalPrecondition extends InternalContractBase {
614
- readonly type: "precondition";
615
+ readonly type: 'precondition';
615
616
  readonly tool: string;
616
617
  readonly check: (envelope: ToolEnvelope) => Verdict | Promise<Verdict>;
617
618
  readonly when?: ((envelope: ToolEnvelope) => boolean) | null;
618
- readonly effect?: "deny" | "approve";
619
+ readonly effect?: 'deny' | 'approve';
619
620
  readonly timeout?: number;
620
- readonly timeoutEffect?: "deny" | "allow";
621
+ readonly timeoutEffect?: 'deny' | 'allow';
621
622
  }
622
623
  /** Internal postcondition — enriched with effect and redaction info. */
623
624
  interface InternalPostcondition extends InternalContractBase {
624
- readonly type: "postcondition";
625
+ readonly type: 'postcondition';
625
626
  readonly tool: string;
626
627
  readonly check: (envelope: ToolEnvelope, response: unknown) => Verdict | Promise<Verdict>;
627
628
  readonly when?: ((envelope: ToolEnvelope) => boolean) | null;
628
- readonly effect?: "warn" | "redact" | "deny";
629
+ readonly effect?: 'warn' | 'redact' | 'deny';
629
630
  readonly redactPatterns?: readonly RegExp[];
630
631
  }
631
632
  /** Internal session contract. */
632
633
  interface InternalSessionContract extends InternalContractBase {
633
- readonly type: "session_contract";
634
+ readonly type: 'session_contract';
634
635
  readonly check: (session: Session) => Verdict | Promise<Verdict>;
635
636
  }
636
637
  /** Internal sandbox contract — tool matching uses tools[] not tool. */
637
638
  interface InternalSandboxContract extends InternalContractBase {
638
- readonly type: "sandbox";
639
+ readonly type: 'sandbox';
639
640
  readonly tools: readonly string[];
640
641
  readonly check: (envelope: ToolEnvelope) => Verdict | Promise<Verdict>;
641
- readonly effect?: "deny" | "approve";
642
+ readonly effect?: 'deny' | 'approve';
642
643
  readonly timeout?: number;
643
- readonly timeoutEffect?: "deny" | "allow";
644
+ readonly timeoutEffect?: 'deny' | 'allow';
644
645
  }
645
646
  /** Union of all internal contract types. */
646
647
  type InternalContract = InternalPrecondition | InternalPostcondition | InternalSessionContract | InternalSandboxContract;
@@ -652,7 +653,7 @@ type InternalContract = InternalPrecondition | InternalPostcondition | InternalS
652
653
  */
653
654
  interface GuardLike {
654
655
  readonly limits: OperationLimits;
655
- getHooks(phase: "before" | "after", envelope: ToolEnvelope): HookRegistration[];
656
+ getHooks(phase: 'before' | 'after', envelope: ToolEnvelope): HookRegistration[];
656
657
  getPreconditions(envelope: ToolEnvelope): InternalPrecondition[];
657
658
  getPostconditions(envelope: ToolEnvelope): InternalPostcondition[];
658
659
  getSessionContracts(): InternalSessionContract[];
@@ -696,7 +697,7 @@ declare function createCompiledState(partial?: Partial<CompiledState>): Compiled
696
697
 
697
698
  /** Result of pre-execution governance evaluation. */
698
699
  interface PreDecision {
699
- readonly action: "allow" | "deny" | "pending_approval";
700
+ readonly action: 'allow' | 'deny' | 'pending_approval';
700
701
  readonly reason: string | null;
701
702
  readonly decisionSource: string | null;
702
703
  readonly decisionName: string | null;
@@ -710,7 +711,7 @@ interface PreDecision {
710
711
  readonly approvalMessage: string | null;
711
712
  }
712
713
  /** Create a PreDecision with defaults for omitted fields. */
713
- declare function createPreDecision(partial: Partial<PreDecision> & Pick<PreDecision, "action">): PreDecision;
714
+ declare function createPreDecision(partial: Partial<PreDecision> & Pick<PreDecision, 'action'>): PreDecision;
714
715
  /** Result of post-execution governance evaluation. */
715
716
  interface PostDecision {
716
717
  readonly toolSuccess: boolean;
@@ -722,7 +723,7 @@ interface PostDecision {
722
723
  readonly outputSuppressed: boolean;
723
724
  }
724
725
  /** Create a PostDecision with defaults for omitted fields. */
725
- declare function createPostDecision(partial: Partial<PostDecision> & Pick<PostDecision, "toolSuccess">): PostDecision;
726
+ declare function createPostDecision(partial: Partial<PostDecision> & Pick<PostDecision, 'toolSuccess'>): PostDecision;
726
727
  /**
727
728
  * Orchestrates all governance checks.
728
729
  *
@@ -830,7 +831,7 @@ declare function evaluateExpression(expr: Record<string, unknown>, envelope: Too
830
831
 
831
832
  /** Options shared by fromYaml and fromYamlString. */
832
833
  interface YamlFactoryOptions {
833
- readonly mode?: "enforce" | "observe";
834
+ readonly mode?: 'enforce' | 'observe';
834
835
  readonly tools?: Record<string, {
835
836
  side_effect?: string;
836
837
  idempotent?: boolean;
@@ -903,7 +904,7 @@ declare function reload(guard: Edictum, yamlContent: string, options?: ReloadOpt
903
904
  /** Constructor options for the Edictum guard. */
904
905
  interface EdictumOptions {
905
906
  readonly environment?: string;
906
- readonly mode?: "enforce" | "observe";
907
+ readonly mode?: 'enforce' | 'observe';
907
908
  readonly limits?: OperationLimits;
908
909
  readonly tools?: Record<string, {
909
910
  side_effect?: string;
@@ -931,7 +932,7 @@ interface EdictumOptions {
931
932
  */
932
933
  declare class Edictum implements GuardLike {
933
934
  readonly environment: string;
934
- readonly mode: "enforce" | "observe";
935
+ readonly mode: 'enforce' | 'observe';
935
936
  readonly backend: StorageBackend;
936
937
  readonly redaction: RedactionPolicy;
937
938
  readonly toolRegistry: ToolRegistry;
@@ -977,7 +978,7 @@ declare class Edictum implements GuardLike {
977
978
  /** Resolve the principal for a tool call. */
978
979
  _resolvePrincipal(toolName: string, toolInput: Record<string, unknown>): Principal | null;
979
980
  private _registerHook;
980
- getHooks(phase: "before" | "after", envelope: ToolEnvelope): HookRegistration[];
981
+ getHooks(phase: 'before' | 'after', envelope: ToolEnvelope): HookRegistration[];
981
982
  getPreconditions(envelope: ToolEnvelope): InternalPrecondition[];
982
983
  getPostconditions(envelope: ToolEnvelope): InternalPostcondition[];
983
984
  getSessionContracts(): InternalSessionContract[];
@@ -1198,4 +1199,4 @@ declare function loadBundleString(content: string | Uint8Array): [Record<string,
1198
1199
  /** Edictum — Runtime contract enforcement for AI agent tool calls. */
1199
1200
  declare const VERSION = "0.1.0";
1200
1201
 
1201
- export { type ApprovalBackend, type ApprovalDecision, type ApprovalRequest, ApprovalStatus, AuditAction, type AuditEvent, type AuditSink, BUILTIN_OPERATOR_NAMES, BUILTIN_SELECTOR_PREFIXES, BashClassifier, type BatchCall, type BundleHash, CollectingAuditSink, type CompileOptions, type CompiledBundle, type CompiledState, type ComposedBundle, CompositeSink, type CompositionReport, type ContractResult, type CreateEnvelopeOptions, type CustomOperator, type CustomSelector, DEFAULT_LIMITS, Edictum, EdictumConfigError, EdictumDenied, type EdictumOptions, EdictumToolError, type EvaluateOptions, type EvaluationResult, FileAuditSink, type Finding, type FromYamlOptions, GovernancePipeline, type GuardLike, HookDecision, type HookRegistration, HookResult, type InternalContract, type InternalPostcondition, type InternalPrecondition, type InternalSandboxContract, type InternalSessionContract, LocalApprovalBackend, MAX_BUNDLE_SIZE, MAX_REGEX_INPUT, MarkEvictedError, MemoryBackend, type OperationLimits, PolicyError, type PostCallResult, type PostDecision, type PostDecisionLike, type Postcondition, type PreDecision, type Precondition, type Principal, RedactionPolicy, type ReloadOptions, type RunOptions, Session, type SessionContract, SideEffect, StdoutAuditSink, type StorageBackend, type ToolConfig, type ToolEnvelope, ToolRegistry, VERSION, Verdict, type YamlFactoryOptions, _validateToolName, buildFindings, classifyFinding, compileContracts, composeBundles, computeHash, createAuditEvent, createCompiledState, createContractResult, createEnvelope, createEvaluationResult, createFinding, createPostCallResult, createPostDecision, createPreDecision, createPrincipal, deepFreeze, defaultSuccessCheck, evaluateExpression, expandMessage, fnmatch, fromYaml, fromYamlString, loadBundle, loadBundleString, reload, run, validateOperators };
1202
+ export { type ApprovalBackend, type ApprovalDecision, type ApprovalRequest, ApprovalStatus, AuditAction, type AuditEvent, type AuditSink, BUILTIN_OPERATOR_NAMES, BUILTIN_SELECTOR_PREFIXES, BashClassifier, type BatchCall, type BundleHash, CollectingAuditSink, type CompileOptions, type CompiledBundle, type CompiledState, type ComposedBundle, CompositeSink, type CompositionOverride, type CompositionReport, type ContractResult, type CreateEnvelopeOptions, type CustomOperator, type CustomSelector, DEFAULT_LIMITS, Edictum, EdictumConfigError, EdictumDenied, type EdictumOptions, EdictumToolError, type EvaluateOptions, type EvaluationResult, type EvaluateOptions$1 as ExpressionEvaluateOptions, FileAuditSink, type Finding, type FromYamlOptions, GovernancePipeline, type GuardLike, HookDecision, type HookRegistration, HookResult, type InternalContract, type InternalPostcondition, type InternalPrecondition, type InternalSandboxContract, type InternalSessionContract, LocalApprovalBackend, MAX_BUNDLE_SIZE, MAX_REGEX_INPUT, MarkEvictedError, MemoryBackend, type ObserveContract, type OperationLimits, PolicyError, type PostCallResult, type PostDecision, type PostDecisionLike, type Postcondition, type PreDecision, type Precondition, type Principal, RedactionPolicy, type ReloadOptions, type RunOptions, Session, type SessionContract, SideEffect, StdoutAuditSink, type StorageBackend, type ToolConfig, type ToolEnvelope, ToolRegistry, VERSION, Verdict, type YamlFactoryOptions, _validateToolName, buildFindings, classifyFinding, compileContracts, composeBundles, computeHash, createAuditEvent, createCompiledState, createContractResult, createEnvelope, createEvaluationResult, createFinding, createPostCallResult, createPostDecision, createPreDecision, createPrincipal, deepFreeze, defaultSuccessCheck, evaluateExpression, expandMessage, fnmatch, fromYaml, fromYamlString, loadBundle, loadBundleString, reload, run, validateOperators };