@edictum/core 0.1.0 → 0.2.0

package/dist/index.mjs

@@ -18,11 +18,11 @@ import {
   createPreDecision,
   defaultSuccessCheck,
   run
-} from "./chunk-X5E2YY35.mjs";
+} from "./chunk-JOBPRXVE.mjs";
 import {
   createContractResult,
   createEvaluationResult
-} from "./chunk-IXMXZGJG.mjs";
+} from "./chunk-23XIQZR5.mjs";
 import {
   BashClassifier,
   EdictumConfigError,
@@ -30,12 +30,11 @@ import {
   EdictumToolError,
   SideEffect,
   ToolRegistry,
-  __require,
   _validateToolName,
   createEnvelope,
   createPrincipal,
   deepFreeze
-} from "./chunk-CRPQFRYJ.mjs";
+} from "./chunk-2YSBMUK5.mjs";
 
 // src/limits.ts
 var DEFAULT_LIMITS = Object.freeze({
@@ -108,21 +107,15 @@ function classifyFinding(contractId, verdictMessage) {
   const contractLower = contractId.toLowerCase();
   const messageLower = (verdictMessage || "").toLowerCase();
   const piiTerms = ["pii", "ssn", "patient", "name", "dob"];
-  if (piiTerms.some(
-    (term) => contractLower.includes(term) || messageLower.includes(term)
-  )) {
+  if (piiTerms.some((term) => contractLower.includes(term) || messageLower.includes(term))) {
     return "pii_detected";
   }
   const secretTerms = ["secret", "token", "key", "credential", "password"];
-  if (secretTerms.some(
-    (term) => contractLower.includes(term) || messageLower.includes(term)
-  )) {
+  if (secretTerms.some((term) => contractLower.includes(term) || messageLower.includes(term))) {
     return "secret_detected";
   }
   const limitTerms = ["session", "limit", "max_calls", "budget"];
-  if (limitTerms.some(
-    (term) => contractLower.includes(term) || messageLower.includes(term)
-  )) {
+  if (limitTerms.some((term) => contractLower.includes(term) || messageLower.includes(term))) {
     return "limit_exceeded";
   }
   return "policy_violation";
@@ -263,9 +256,7 @@ function mergeObserveAlongside(merged, layer, label, contractSources, observes)
   for (const contract of layer.contracts ?? []) {
     const cid = contract.id;
     const observeId = `${cid}:candidate`;
-    const existingIds = new Set(
-      mc.map((c) => c.id)
-    );
+    const existingIds = new Set(mc.map((c) => c.id));
     if (existingIds.has(observeId)) {
       throw new EdictumConfigError(
         `observe_alongside collision: generated ID "${observeId}" already exists in the bundle. Rename the conflicting contract or use a different ID for "${cid}".`
@@ -405,10 +396,7 @@ function resolveSelector(selector, envelope, outputText, customSelectors) {
     if (rest === "role") return envelope.principal.role;
     if (rest === "ticket_ref") return envelope.principal.ticketRef;
     if (rest.startsWith("claims.")) {
-      return resolveNested(
-        rest.slice(7),
-        envelope.principal.claims
-      );
+      return resolveNested(rest.slice(7), envelope.principal.claims);
     }
     return _MISSING;
   }
@@ -422,10 +410,7 @@ function resolveSelector(selector, envelope, outputText, customSelectors) {
     return coerceEnvValue(raw);
   }
   if (selector.startsWith("metadata.")) {
-    return resolveNested(
-      selector.slice(9),
-      envelope.metadata
-    );
+    return resolveNested(selector.slice(9), envelope.metadata);
   }
   if (customSelectors) {
     const dotPos = selector.indexOf(".");
@@ -474,13 +459,31 @@ function evaluateExpression(expr, envelope, outputText, options) {
   const customOps = options?.customOperators ?? null;
   const customSels = options?.customSelectors ?? null;
   if ("all" in expr) {
-    return _evalAll(expr.all, envelope, outputText, customOps, customSels);
+    return _evalAll(
+      expr.all,
+      envelope,
+      outputText,
+      customOps,
+      customSels
+    );
   }
   if ("any" in expr) {
-    return _evalAny(expr.any, envelope, outputText, customOps, customSels);
+    return _evalAny(
+      expr.any,
+      envelope,
+      outputText,
+      customOps,
+      customSels
+    );
   }
   if ("not" in expr) {
-    return _evalNot(expr.not, envelope, outputText, customOps, customSels);
+    return _evalNot(
+      expr.not,
+      envelope,
+      outputText,
+      customOps,
+      customSels
+    );
   }
   const leafKeys = Object.keys(expr);
   if (leafKeys.length !== 1) {
@@ -535,7 +538,8 @@ function _applyOperator(op, fieldValue, opValue, selector, customOperators) {
   }
   if (fieldValue === _MISSING || fieldValue == null) return false;
   try {
-    if (Object.hasOwn(OPERATORS, op)) return OPERATORS[op](fieldValue, opValue);
+    if (Object.hasOwn(OPERATORS, op))
+      return OPERATORS[op](fieldValue, opValue);
     if (customOperators && Object.hasOwn(customOperators, op)) {
       return Boolean(customOperators[op](fieldValue, opValue));
     }
@@ -562,10 +566,7 @@ function expandMessage(template, envelope, outputText, customSelectors) {
   });
 }
 function validateOperators(bundle, customOperators) {
-  const known = /* @__PURE__ */ new Set([
-    ...BUILTIN_OPERATOR_NAMES,
-    ...Object.keys(customOperators ?? {})
-  ]);
+  const known = /* @__PURE__ */ new Set([...BUILTIN_OPERATOR_NAMES, ...Object.keys(customOperators ?? {})]);
   const contracts = bundle.contracts ?? [];
   for (const contract of contracts) {
     const when = contract.when;
@@ -597,9 +598,7 @@ function _validateExpressionOperators(expr, known, contractId) {
     if (operator != null && typeof operator === "object") {
       for (const opName of Object.keys(operator)) {
         if (!known.has(opName)) {
-          throw new EdictumConfigError(
-            `Contract '${contractId}': unknown operator '${opName}'`
-          );
+          throw new EdictumConfigError(`Contract '${contractId}': unknown operator '${opName}'`);
         }
       }
     }
@@ -734,7 +733,16 @@ function compilePost(contract, mode, customOps, customSels) {
   const meta = then.metadata ?? {};
   const check = (envelope, response) => {
     const outputText = response != null ? String(response) : void 0;
-    return _evalAndVerdict(whenExpr, envelope, outputText, msgTpl, tags, meta, customOps, customSels);
+    return _evalAndVerdict(
+      whenExpr,
+      envelope,
+      outputText,
+      msgTpl,
+      tags,
+      meta,
+      customOps,
+      customSels
+    );
   };
   const effectValue = then.effect ?? "warn";
   const result = {
@@ -799,14 +807,18 @@ function mergeSessionLimits(contract, existing) {
   if ("max_tool_calls" in sessionLimits) {
     const raw = sessionLimits.max_tool_calls;
     if (typeof raw !== "number" || !Number.isFinite(raw)) {
-      throw new EdictumConfigError(`Session limit max_tool_calls must be a finite number, got: ${String(raw)}`);
+      throw new EdictumConfigError(
+        `Session limit max_tool_calls must be a finite number, got: ${String(raw)}`
+      );
     }
     maxToolCalls = Math.min(maxToolCalls, raw);
   }
   if ("max_attempts" in sessionLimits) {
     const raw = sessionLimits.max_attempts;
     if (typeof raw !== "number" || !Number.isFinite(raw)) {
-      throw new EdictumConfigError(`Session limit max_attempts must be a finite number, got: ${String(raw)}`);
+      throw new EdictumConfigError(
+        `Session limit max_attempts must be a finite number, got: ${String(raw)}`
+      );
     }
     maxAttempts = Math.min(maxAttempts, raw);
   }
@@ -828,10 +840,6 @@ function mergeSessionLimits(contract, existing) {
   return { maxAttempts, maxToolCalls, maxCallsPerTool };
 }
 
-// src/yaml-engine/sandbox-compiler.ts
-import { realpathSync } from "fs";
-import { resolve as pathResolve } from "path";
-
 // src/fnmatch.ts
 function fnmatch(name, pattern) {
   if (pattern === "*") return true;
@@ -856,6 +864,36 @@ function fnmatch(name, pattern) {
   return new RegExp("^" + regex + "$").test(safeName);
 }
 
+// src/yaml-engine/resolve-path.ts
+import { realpathSync } from "fs";
+import { resolve as pathResolve, sep as pathSep, join as pathJoin } from "path";
+function resolvePath(p) {
+  const cleaned = p.replace(/\0/g, "");
+  const resolved = pathResolve(cleaned);
+  try {
+    return realpathSync(resolved);
+  } catch (err) {
+    if (err.code !== "ENOENT") {
+      return resolved;
+    }
+    const parts = resolved.split(pathSep);
+    for (let i = parts.length - 1; i > 0; i--) {
+      const prefix = parts.slice(0, i).join(pathSep) || "/";
+      try {
+        const realPrefix = realpathSync(prefix);
+        const rest = parts.slice(i).join(pathSep);
+        return pathJoin(realPrefix, rest);
+      } catch (innerErr) {
+        if (innerErr.code !== "ENOENT") {
+          return resolved;
+        }
+        continue;
+      }
+    }
+    return resolved;
+  }
+}
+
 // src/yaml-engine/sandbox-compiler.ts
 var _REDIRECT_PREFIX_RE = /^(?:\d*>>|>>|\d*>|>|<<|<)/;
 var _SHELL_SEPARATOR_RE = /[;|&\n\r`]|\$\(|\$\{|<\(/;
@@ -931,21 +969,25 @@ var _PATH_ARG_KEYS = /* @__PURE__ */ new Set([
   "destination",
   "source",
   "src",
-  "dst"
+  "dst",
+  // Common path-like arg names from AI framework tool calls.
+  // IMPORTANT: Only include keys that are unambiguously path-related.
+  // Generic keys like 'name', 'input', 'output', 'from', 'to' are excluded
+  // because they frequently hold non-path values (e.g., { from: "English" }),
+  // and resolvePath() would produce false positives. The heuristic loop below
+  // catches path-like VALUES in any key (containing '..', '~', or '/').
+  "filename",
+  "file",
+  "filepath",
+  "read_path",
+  "write_path"
 ]);
-function _realpath(p) {
-  try {
-    return realpathSync(p);
-  } catch {
-    return pathResolve(p);
-  }
-}
 function extractPaths(envelope) {
   const paths = [];
   const seen = /* @__PURE__ */ new Set();
   function add(p) {
     if (!p) return;
-    const resolved = _realpath(p);
+    const resolved = resolvePath(p);
     if (!seen.has(resolved)) {
       seen.add(resolved);
       paths.push(resolved);
@@ -959,6 +1001,17 @@ function extractPaths(envelope) {
   for (const [key, value] of Object.entries(args)) {
     if (typeof value === "string" && value.startsWith("/") && !_PATH_ARG_KEYS.has(key)) add(value);
   }
+  for (const [key, value] of Object.entries(args)) {
+    if (typeof value === "string" && !_PATH_ARG_KEYS.has(key)) {
+      const isUrl = value.includes("://");
+      if (!isUrl && value.includes("../") || // embedded traversal: foo/../etc/passwd
+      value === ".." || // bare parent reference
+      value.startsWith("../") || // parent traversal prefix: ../../etc/passwd
+      value.startsWith("~") || value.startsWith("./") && !isUrl) {
+        add(value);
+      }
+    }
+  }
   const cmd = envelope.bashCommand ?? args.command ?? "";
   if (cmd) {
     for (const token of tokenizeCommand(cmd)) {
@@ -1011,23 +1064,14 @@ function domainMatches(hostname, patterns) {
 }
 
 // src/yaml-engine/sandbox-compile-fn.ts
-import { realpathSync as realpathSync2 } from "fs";
-import { resolve as pathResolve2 } from "path";
-function _realpath2(p) {
-  try {
-    return realpathSync2(p);
-  } catch {
-    return pathResolve2(p);
-  }
-}
 function _pathWithin(filePath, prefix) {
   return filePath === prefix || filePath.startsWith(prefix.replace(/\/+$/, "") + "/");
 }
 function compileSandbox(contract, mode) {
   const contractId = contract.id;
   const toolPatterns = "tools" in contract ? contract.tools : [contract.tool];
-  const within = (contract.within ?? []).map(_realpath2);
-  const notWithin = (contract.not_within ?? []).map(_realpath2);
+  const within = (contract.within ?? []).map(resolvePath);
+  const notWithin = (contract.not_within ?? []).map(resolvePath);
   const allows = contract.allows ?? {};
   const notAllows = contract.not_allows ?? {};
   const allowedCommands = allows.commands ?? [];
@@ -1040,6 +1084,11 @@ function compileSandbox(contract, mode) {
   const check = (envelope) => {
     if (within.length > 0 || notWithin.length > 0) {
       const paths = extractPaths(envelope);
+      if (paths.length === 0 && within.length > 0) {
+        return Verdict.fail(
+          expandMessage(messageTemplate, envelope) + " (no extractable paths \u2014 sandbox cannot verify boundary compliance)"
+        );
+      }
       if (paths.length > 0) {
         for (const p of paths) {
           for (const excluded of notWithin) {
@@ -1106,9 +1155,7 @@ function compileContracts(bundle, options = {}) {
   const customSels = options?.customSelectors ?? null;
   validateOperators(bundle, customOps);
   if (bundle.defaults == null || typeof bundle.defaults !== "object") {
-    throw new EdictumConfigError(
-      "Bundle missing required 'defaults' section with 'mode' field"
-    );
+    throw new EdictumConfigError("Bundle missing required 'defaults' section with 'mode' field");
   }
   const defaults = bundle.defaults;
   const defaultMode = defaults.mode;
@@ -1154,7 +1201,8 @@ function compileContracts(bundle, options = {}) {
 
 // src/yaml-engine/loader.ts
 import { createHash } from "crypto";
-import { readFileSync, realpathSync as realpathSync3, statSync } from "fs";
+import { readFileSync, realpathSync as realpathSync2, statSync } from "fs";
+import yaml from "js-yaml";
 
 // src/yaml-engine/loader-validators.ts
 function validateSchema(data) {
@@ -1175,13 +1223,22 @@ function validateSchema(data) {
     throw new EdictumConfigError("Schema validation failed: contracts must be an array");
   }
 }
-var CONTROL_CHAR_RE = /[\x00-\x1f\x7f-\x9f]/;
+var CONTROL_CHAR_RE = /[\x00-\x1f\x7f-\x9f\u2028\u2029]/;
+var CONTRACT_ID_RE = /^[a-z0-9][a-z0-9_-]*$/;
 function validateContractId(contractId) {
+  if (contractId.length > 1e4) {
+    throw new EdictumConfigError("Contract id exceeds maximum length");
+  }
   if (CONTROL_CHAR_RE.test(contractId)) {
     throw new EdictumConfigError(
       `Contract id contains control characters: '${contractId.replace(CONTROL_CHAR_RE, "\\x??")}'`
     );
   }
+  if (!CONTRACT_ID_RE.test(contractId)) {
+    throw new EdictumConfigError(
+      `Contract id '${contractId}' must match pattern ^[a-z0-9][a-z0-9_-]*$`
+    );
+  }
 }
 function validateUniqueIds(data) {
   const ids = /* @__PURE__ */ new Set();
@@ -1282,26 +1339,229 @@ function validateSandboxContracts(data) {
   }
 }
 
+// src/yaml-engine/loader-field-validators.ts
+var VALID_CONTRACT_TYPES = /* @__PURE__ */ new Set(["pre", "post", "session", "sandbox"]);
+var PRE_EFFECTS = /* @__PURE__ */ new Set(["deny", "approve"]);
+var POST_EFFECTS = /* @__PURE__ */ new Set(["warn", "redact", "deny"]);
+var VALID_MODES = /* @__PURE__ */ new Set(["enforce", "observe"]);
+var VALID_SIDE_EFFECTS = /* @__PURE__ */ new Set(["pure", "read", "write", "irreversible"]);
+var KNOWN_TOP_LEVEL = /* @__PURE__ */ new Set([
+  "apiVersion",
+  "kind",
+  "metadata",
+  "defaults",
+  "contracts",
+  "tools",
+  "observability",
+  "observe_alongside"
+]);
+var METADATA_NAME_RE = /^[a-z0-9][a-z0-9._-]*$/;
+var MAX_MESSAGE_LENGTH = 500;
+function fail(msg) {
+  throw new EdictumConfigError(`Schema validation failed: ${msg}`);
+}
+function validateContractFields(data) {
+  for (const key of Object.keys(data)) {
+    if (!KNOWN_TOP_LEVEL.has(key)) fail(`unknown top-level field '${key}'`);
+  }
+  if (data.metadata == null || typeof data.metadata !== "object" || Array.isArray(data.metadata)) {
+    fail("'metadata' is required and must be an object");
+  }
+  const meta = data.metadata;
+  if (meta.name == null || typeof meta.name !== "string") fail("metadata.name is required");
+  const metaName = meta.name;
+  if (metaName.length > 1e4) fail("metadata.name exceeds maximum length");
+  if (!METADATA_NAME_RE.test(metaName)) {
+    fail(
+      `metadata.name must be a lowercase slug (^[a-z0-9][a-z0-9._-]*$), got '${metaName.slice(0, 100)}'`
+    );
+  }
+  if (data.defaults == null || typeof data.defaults !== "object" || Array.isArray(data.defaults)) {
+    fail("'defaults' is required and must be an object");
+  }
+  const mode = data.defaults.mode;
+  if (!VALID_MODES.has(mode)) {
+    fail(`defaults.mode must be 'enforce' or 'observe', got '${String(mode)}'`);
+  }
+  const contracts = data.contracts;
+  if (contracts.length === 0) fail("contracts must contain at least 1 item");
+  if (data.tools != null) {
+    if (typeof data.tools !== "object" || Array.isArray(data.tools)) {
+      fail("'tools' must be a mapping of tool names to descriptors, not an array");
+    }
+    for (const [tn, td] of Object.entries(data.tools)) {
+      if (td == null || typeof td !== "object" || Array.isArray(td)) {
+        fail(`tools.${tn} must be an object with a 'side_effect' field`);
+      }
+      const se = td.side_effect;
+      if (!VALID_SIDE_EFFECTS.has(se)) {
+        fail(
+          `tools.${tn}.side_effect must be 'pure', 'read', 'write', or 'irreversible', got '${String(se)}'`
+        );
+      }
+    }
+  }
+  for (const c of contracts) {
+    if (c == null || typeof c !== "object" || Array.isArray(c)) {
+      fail("every contract must be an object (got null or non-object array element)");
+    }
+    if (c.id == null || typeof c.id !== "string" || c.id.length === 0) {
+      fail("every contract requires a non-empty 'id' string");
+    }
+    const cid = c.id;
+    if (!VALID_CONTRACT_TYPES.has(c.type)) {
+      fail(`contract '${cid}': invalid type '${String(c.type)}'`);
+    }
+    const t = c.type;
+    if (t === "pre" || t === "post") validatePrePost(c, t, cid);
+    else if (t === "session") validateSession(c, cid);
+    else if (t === "sandbox") validateSandboxStructure(c, cid);
+  }
+}
+function validatePrePost(c, t, cid) {
+  if (c.tool == null || typeof c.tool !== "string") {
+    fail(`${t} contract '${cid}' requires 'tool' to be a string`);
+  }
+  if (c.when == null || typeof c.when !== "object" || Array.isArray(c.when)) {
+    fail(
+      `${t} contract '${cid}' requires 'when' to be a mapping (got ${Array.isArray(c.when) ? "array" : typeof c.when})`
+    );
+  }
+  if (c.then == null || typeof c.then !== "object" || Array.isArray(c.then)) {
+    fail(`${t} contract '${cid}' requires 'then' to be a mapping`);
+  }
+  const then = c.then;
+  if (then.effect == null) fail(`${t} contract '${cid}' requires 'then.effect'`);
+  if (then.message == null) fail(`${t} contract '${cid}' requires 'then.message'`);
+  validateMessageLength(then.message, `${t} contract '${cid}'`);
+  const effect = then.effect;
+  if (t === "pre" && !PRE_EFFECTS.has(effect)) {
+    fail(`pre contract '${cid}': effect must be 'deny' or 'approve', got '${effect}'`);
+  }
+  if (t === "post" && !POST_EFFECTS.has(effect)) {
+    fail(`post contract '${cid}': effect must be 'warn', 'redact', or 'deny', got '${effect}'`);
+  }
+}
+function validateSession(c, cid) {
+  if (c.limits == null || typeof c.limits !== "object" || Array.isArray(c.limits)) {
+    fail(`session contract '${cid}' requires 'limits' to be a mapping`);
+  }
+  const lim = c.limits;
+  if (!("max_tool_calls" in lim) && !("max_attempts" in lim) && !("max_calls_per_tool" in lim)) {
+    fail(
+      `session contract '${cid}': limits must have max_tool_calls, max_attempts, or max_calls_per_tool`
+    );
+  }
+  if (c.then == null || typeof c.then !== "object" || Array.isArray(c.then)) {
+    fail(`session contract '${cid}' requires 'then' to be a mapping`);
+  }
+  const then = c.then;
+  if (then.effect !== "deny") {
+    fail(`session contract '${cid}': effect must be 'deny', got '${String(then.effect)}'`);
+  }
+  if (then.message == null) fail(`session contract '${cid}' requires 'then.message'`);
+  validateMessageLength(then.message, `session contract '${cid}'`);
+}
+function validateSandboxStructure(c, cid) {
+  if (c.tool == null && c.tools == null) {
+    fail(`sandbox contract '${cid}' requires either 'tool' or 'tools'`);
+  }
+  if (c.tool != null && typeof c.tool !== "string") {
+    fail(`sandbox contract '${cid}': 'tool' must be a string`);
+  }
+  if (c.tools != null && (!Array.isArray(c.tools) || c.tools.length === 0)) {
+    fail(`sandbox contract '${cid}': 'tools' must be a non-empty array`);
+  }
+  if (c.within == null && c.allows == null) {
+    fail(`sandbox contract '${cid}' requires either 'within' or 'allows'`);
+  }
+  if (c.within != null && (!Array.isArray(c.within) || c.within.length === 0)) {
+    fail(`sandbox contract '${cid}': 'within' must be a non-empty array`);
+  }
+  if (c.message == null) fail(`sandbox contract '${cid}' requires 'message'`);
+  validateMessageLength(c.message, `sandbox contract '${cid}'`);
+}
+function validateMessageLength(msg, context) {
+  if (typeof msg !== "string") {
+    fail(`${context}: message must be a string`);
+  }
+  if (msg.length > MAX_MESSAGE_LENGTH) {
+    fail(`${context}: message exceeds ${MAX_MESSAGE_LENGTH} characters`);
+  }
+}
+
+// src/yaml-engine/loader-expression-validators.ts
+var NUMERIC_OPS = /* @__PURE__ */ new Set(["gt", "gte", "lt", "lte"]);
+var STRING_OPS = /* @__PURE__ */ new Set(["contains", "starts_with", "ends_with"]);
+var ARRAY_MIN1_OPS = /* @__PURE__ */ new Set(["in", "not_in", "contains_any", "matches_any"]);
+function fail2(msg) {
+  throw new EdictumConfigError(`Schema validation failed: ${msg}`);
+}
+function validateExpressionShapes(data) {
+  for (const c of data.contracts ?? []) {
+    if (c == null || typeof c !== "object") continue;
+    const contract = c;
+    if (contract.when != null) checkExprShape(contract.when, contract.id ?? "?");
+  }
+}
+var MAX_EXPR_DEPTH = 50;
+function checkExprShape(expr, cid, depth = 0) {
+  if (depth > MAX_EXPR_DEPTH)
+    fail2(`contract '${cid}': expression nesting exceeds maximum depth (${MAX_EXPR_DEPTH})`);
+  if (expr == null || typeof expr !== "object") return;
+  const e = expr;
+  if ("all" in e) {
+    const a = e.all;
+    if (!Array.isArray(a) || a.length === 0)
+      fail2(`contract '${cid}': 'all' requires a non-empty array`);
+    for (const s of a) checkExprShape(s, cid, depth + 1);
+    return;
+  }
+  if ("any" in e) {
+    const a = e.any;
+    if (!Array.isArray(a) || a.length === 0)
+      fail2(`contract '${cid}': 'any' requires a non-empty array`);
+    for (const s of a) checkExprShape(s, cid, depth + 1);
+    return;
+  }
+  if ("not" in e) {
+    if (e.not == null || typeof e.not !== "object" || Array.isArray(e.not)) {
+      fail2(
+        `contract '${cid}': 'not' requires an expression mapping (got ${e.not === null ? "null" : Array.isArray(e.not) ? "array" : typeof e.not})`
+      );
+    }
+    checkExprShape(e.not, cid, depth + 1);
+    return;
+  }
+  for (const v of Object.values(e)) {
+    if (v == null || typeof v !== "object") continue;
+    if (Array.isArray(v)) {
+      fail2(`contract '${cid}': selector value must be an operator mapping, not an array`);
+    }
+    const op = v;
+    for (const [name, val] of Object.entries(op)) {
+      if (NUMERIC_OPS.has(name) && typeof val !== "number") {
+        fail2(`contract '${cid}': operator '${name}' requires a number, got ${typeof val}`);
+      }
+      if (STRING_OPS.has(name) && typeof val !== "string") {
+        fail2(`contract '${cid}': operator '${name}' requires a string, got ${typeof val}`);
+      }
+      if (ARRAY_MIN1_OPS.has(name) && (!Array.isArray(val) || val.length === 0)) {
+        fail2(`contract '${cid}': operator '${name}' requires a non-empty array`);
+      }
+    }
+  }
+}
+
 // src/yaml-engine/loader.ts
 var MAX_BUNDLE_SIZE = 1048576;
 function computeHash(rawBytes) {
   return { hex: createHash("sha256").update(rawBytes).digest("hex") };
 }
-function requireYaml() {
-  try {
-    const yaml = __require("js-yaml");
-    return yaml;
-  } catch {
-    throw new EdictumConfigError(
-      "The YAML engine requires js-yaml. Install it with: npm install js-yaml"
-    );
-  }
-}
 function parseYaml(content) {
-  const yaml = requireYaml();
   let data;
   try {
-    data = yaml.load(content);
+    data = yaml.load(content, { schema: yaml.CORE_SCHEMA });
   } catch (e) {
     throw new EdictumConfigError(`YAML parse error: ${String(e)}`);
   }
@@ -1312,13 +1572,15 @@ function parseYaml(content) {
 }
 function validateBundle(data) {
   validateSchema(data);
+  validateContractFields(data);
   validateUniqueIds(data);
+  validateExpressionShapes(data);
   validateRegexes(data);
   validatePreSelectors(data);
   validateSandboxContracts(data);
 }
 function loadBundle(source) {
-  const resolved = realpathSync3(source);
+  const resolved = realpathSync2(source);
   const fileSize = statSync(resolved).size;
   if (fileSize > MAX_BUNDLE_SIZE) {
     throw new EdictumConfigError(
@@ -1373,9 +1635,10 @@ function fromYaml(...args) {
     policyVersion = entry[1].hex;
     report = { overriddenContracts: [], observeContracts: [] };
   } else {
-    const bundleTuples = loaded.map(
-      ([data], i) => [data, paths[i]]
-    );
+    const bundleTuples = loaded.map(([data], i) => [
+      data,
+      paths[i]
+    ]);
     const composed = composeBundles(...bundleTuples);
     bundleData = composed.bundle;
     report = composed.report;
@@ -1496,15 +1759,9 @@ var Edictum = class _Edictum {
     this._approvalBackend = options.approvalBackend ?? null;
     this._localSink = new CollectingAuditSink();
     if (Array.isArray(options.auditSink)) {
-      this.auditSink = new CompositeSink([
-        this._localSink,
-        ...options.auditSink
-      ]);
+      this.auditSink = new CompositeSink([this._localSink, ...options.auditSink]);
     } else if (options.auditSink != null) {
-      this.auditSink = new CompositeSink([
-        this._localSink,
-        options.auditSink
-      ]);
+      this.auditSink = new CompositeSink([this._localSink, options.auditSink]);
     } else {
       this.auditSink = this._localSink;
     }
@@ -1602,24 +1859,16 @@ var Edictum = class _Edictum {
   }
   getHooks(phase, envelope) {
     const hooks = phase === "before" ? this._beforeHooks : this._afterHooks;
-    return hooks.filter(
-      (h) => h.tool === "*" || fnmatch(envelope.toolName, h.tool)
-    );
+    return hooks.filter((h) => h.tool === "*" || fnmatch(envelope.toolName, h.tool));
   }
   // -----------------------------------------------------------------------
   // Contract accessors -- enforce mode
   // -----------------------------------------------------------------------
   getPreconditions(envelope) {
-    return _Edictum._filterByTool(
-      this._state.preconditions,
-      envelope
-    );
+    return _Edictum._filterByTool(this._state.preconditions, envelope);
   }
   getPostconditions(envelope) {
-    return _Edictum._filterByTool(
-      this._state.postconditions,
-      envelope
-    );
+    return _Edictum._filterByTool(this._state.postconditions, envelope);
   }
   getSessionContracts() {
     return [...this._state.sessionContracts];
@@ -1679,12 +1928,16 @@ var Edictum = class _Edictum {
       const edictumType = raw._edictum_type;
       const isObserve = raw._edictum_observe ?? raw._edictum_shadow ?? false;
       if (edictumType != null) {
-        _Edictum._classifyInternal(
-          raw,
-          edictumType,
-          isObserve,
-          { pre, post, session, sandbox, oPre, oPost, oSession, oSandbox }
-        );
+        _Edictum._classifyInternal(raw, edictumType, isObserve, {
+          pre,
+          post,
+          session,
+          sandbox,
+          oPre,
+          oPost,
+          oSession,
+          oSandbox
+        });
       } else if (isSessionContract(item)) {
         const name = raw.name ?? "anonymous";
         session.push({
@@ -1742,9 +1995,12 @@ var Edictum = class _Edictum {
   static _classifyInternal(raw, edictumType, isObserve, lists) {
     const target = isObserve ? { pre: lists.oPre, post: lists.oPost, session: lists.oSession, sandbox: lists.oSandbox } : { pre: lists.pre, post: lists.post, session: lists.session, sandbox: lists.sandbox };
     if (edictumType === "precondition") target.pre.push(raw);
-    else if (edictumType === "postcondition") target.post.push(raw);
-    else if (edictumType === "session_contract") target.session.push(raw);
-    else if (edictumType === "sandbox") target.sandbox.push(raw);
+    else if (edictumType === "postcondition")
+      target.post.push(raw);
+    else if (edictumType === "session_contract")
+      target.session.push(raw);
+    else if (edictumType === "sandbox")
+      target.sandbox.push(raw);
     else {
       throw new EdictumConfigError(
         `Unknown _edictum_type "${edictumType}". Expected "precondition", "postcondition", "session_contract", or "sandbox".`
@@ -1786,7 +2042,7 @@ var Edictum = class _Edictum {
   // -----------------------------------------------------------------------
   /** Execute a tool call with full governance pipeline. */
   async run(toolName, args, toolCallable, options) {
-    const { run: run2 } = await import("./runner-ASI4JIW2.mjs");
+    const { run: run2 } = await import("./runner-JCAQMF6O.mjs");
     return run2(this, toolName, args, toolCallable, options);
   }
   /**
@@ -1796,15 +2052,11 @@ var Edictum = class _Edictum {
    * Session contracts are skipped.
    */
   evaluate(toolName, args, options) {
-    return import("./dry-run-54PYIM6T.mjs").then(
-      ({ evaluate }) => evaluate(this, toolName, args, options)
-    );
+    return import("./dry-run-JTRNTZA5.mjs").then(({ evaluate }) => evaluate(this, toolName, args, options));
   }
   /** Evaluate a batch of tool calls. Thin wrapper over evaluate(). */
   evaluateBatch(calls) {
-    return import("./dry-run-54PYIM6T.mjs").then(
-      ({ evaluateBatch }) => evaluateBatch(this, calls)
-    );
+    return import("./dry-run-JTRNTZA5.mjs").then(({ evaluateBatch }) => evaluateBatch(this, calls));
   }
   static fromYaml(...args) {
     return fromYaml(...args);