@edictum/core 0.1.0

package/dist/index.mjs

@@ -0,0 +1,1890 @@
+import {
+  ApprovalStatus,
+  AuditAction,
+  CollectingAuditSink,
+  CompositeSink,
+  FileAuditSink,
+  GovernancePipeline,
+  HookDecision,
+  HookResult,
+  LocalApprovalBackend,
+  MarkEvictedError,
+  RedactionPolicy,
+  Session,
+  StdoutAuditSink,
+  Verdict,
+  createAuditEvent,
+  createPostDecision,
+  createPreDecision,
+  defaultSuccessCheck,
+  run
+} from "./chunk-X5E2YY35.mjs";
+import {
+  createContractResult,
+  createEvaluationResult
+} from "./chunk-IXMXZGJG.mjs";
+import {
+  BashClassifier,
+  EdictumConfigError,
+  EdictumDenied,
+  EdictumToolError,
+  SideEffect,
+  ToolRegistry,
+  __require,
+  _validateToolName,
+  createEnvelope,
+  createPrincipal,
+  deepFreeze
+} from "./chunk-CRPQFRYJ.mjs";
+
+// src/limits.ts
+var DEFAULT_LIMITS = Object.freeze({
+  maxAttempts: 500,
+  maxToolCalls: 200,
+  maxCallsPerTool: Object.freeze({})
+});
+
+// src/storage.ts
+var MemoryBackend = class {
+  _data = /* @__PURE__ */ new Map();
+  _counters = /* @__PURE__ */ new Map();
+  async get(key) {
+    const strVal = this._data.get(key);
+    if (strVal !== void 0) {
+      return strVal;
+    }
+    const numVal = this._counters.get(key);
+    if (numVal !== void 0) {
+      return numVal === Math.trunc(numVal) ? String(Math.trunc(numVal)) : String(numVal);
+    }
+    return null;
+  }
+  async set(key, value) {
+    this._data.set(key, value);
+  }
+  async delete(key) {
+    this._data.delete(key);
+    this._counters.delete(key);
+  }
+  async increment(key, amount = 1) {
+    const current = this._counters.get(key) ?? 0;
+    const next = current + amount;
+    this._counters.set(key, next);
+    return next;
+  }
+  /**
+   * Retrieve multiple values in a single operation.
+   *
+   * In-memory implementation: multiple Map lookups, no network overhead.
+   */
+  async batchGet(keys) {
+    const result = {};
+    for (const key of keys) {
+      result[key] = await this.get(key);
+    }
+    return result;
+  }
+};
+
+// src/findings.ts
+function createFinding(fields) {
+  return Object.freeze({
+    type: fields.type,
+    contractId: fields.contractId,
+    field: fields.field,
+    message: fields.message,
+    metadata: Object.freeze({ ...fields.metadata ?? {} })
+  });
+}
+function createPostCallResult(fields) {
+  return Object.freeze({
+    result: fields.result,
+    postconditionsPassed: fields.postconditionsPassed ?? true,
+    findings: Object.freeze([...fields.findings ?? []]),
+    outputSuppressed: fields.outputSuppressed ?? false
+  });
+}
+function classifyFinding(contractId, verdictMessage) {
+  const contractLower = contractId.toLowerCase();
+  const messageLower = (verdictMessage || "").toLowerCase();
+  const piiTerms = ["pii", "ssn", "patient", "name", "dob"];
+  if (piiTerms.some(
+    (term) => contractLower.includes(term) || messageLower.includes(term)
+  )) {
+    return "pii_detected";
+  }
+  const secretTerms = ["secret", "token", "key", "credential", "password"];
+  if (secretTerms.some(
+    (term) => contractLower.includes(term) || messageLower.includes(term)
+  )) {
+    return "secret_detected";
+  }
+  const limitTerms = ["session", "limit", "max_calls", "budget"];
+  if (limitTerms.some(
+    (term) => contractLower.includes(term) || messageLower.includes(term)
+  )) {
+    return "limit_exceeded";
+  }
+  return "policy_violation";
+}
+function buildFindings(postDecision) {
+  const findings = [];
+  for (const cr of postDecision.contractsEvaluated) {
+    if (!cr.passed) {
+      const meta = cr.metadata ?? {};
+      findings.push(
+        createFinding({
+          type: classifyFinding(cr.name, cr.message ?? ""),
+          contractId: cr.name,
+          field: meta.field ?? "output",
+          message: cr.message ?? "",
+          metadata: meta
+        })
+      );
+    }
+  }
+  return findings;
+}
+
+// src/compiled-state.ts
+function createCompiledState(partial = {}) {
+  return deepFreeze({
+    preconditions: partial.preconditions ?? [],
+    postconditions: partial.postconditions ?? [],
+    sessionContracts: partial.sessionContracts ?? [],
+    sandboxContracts: partial.sandboxContracts ?? [],
+    observePreconditions: partial.observePreconditions ?? [],
+    observePostconditions: partial.observePostconditions ?? [],
+    observeSessionContracts: partial.observeSessionContracts ?? [],
+    observeSandboxContracts: partial.observeSandboxContracts ?? [],
+    limits: partial.limits ?? DEFAULT_LIMITS,
+    policyVersion: partial.policyVersion ?? null
+  });
+}
+
+// src/guard.ts
+import { randomUUID } from "crypto";
+
+// src/factory.ts
+import { createHash as createHash2 } from "crypto";
+
+// src/yaml-engine/composer.ts
+function deepCopyBundle(data) {
+  return structuredClone(data);
+}
+function composeBundles(...bundles) {
+  if (bundles.length === 0) {
+    throw new Error("composeBundles() requires at least one bundle");
+  }
+  if (bundles.length === 1) {
+    const entry = bundles[0];
+    return {
+      bundle: deepCopyBundle(entry[0]),
+      report: { overriddenContracts: [], observeContracts: [] }
+    };
+  }
+  const overrides = [];
+  const observes = [];
+  const first = bundles[0];
+  const merged = deepCopyBundle(first[0]);
+  const firstLabel = first[1];
+  const contractSources = /* @__PURE__ */ new Map();
+  for (const c of merged.contracts ?? []) {
+    contractSources.set(c.id, firstLabel);
+  }
+  for (let i = 1; i < bundles.length; i++) {
+    const entry = bundles[i];
+    const [data, label] = entry;
+    const isObserveAlongside = Boolean(data.observe_alongside);
+    if (isObserveAlongside) {
+      mergeObserveAlongside(merged, data, label, contractSources, observes);
+    } else {
+      mergeStandard(merged, data, label, contractSources, overrides);
+    }
+  }
+  return {
+    bundle: merged,
+    report: { overriddenContracts: overrides, observeContracts: observes }
+  };
+}
+function mergeStandard(merged, layer, label, contractSources, overrides) {
+  if ("defaults" in layer) {
+    const ld = layer.defaults;
+    const md = merged.defaults ?? {};
+    if ("mode" in ld) md.mode = ld.mode;
+    if ("environment" in ld) md.environment = ld.environment;
+    merged.defaults = md;
+  }
+  if ("limits" in layer) merged.limits = deepCopyBundle(layer.limits);
+  if ("tools" in layer) {
+    const mt = merged.tools ?? {};
+    for (const [name, cfg] of Object.entries(layer.tools)) {
+      mt[name] = { ...cfg };
+    }
+    merged.tools = mt;
+  }
+  if ("metadata" in layer) {
+    const mm = merged.metadata ?? {};
+    for (const [k, v] of Object.entries(layer.metadata)) mm[k] = v;
+    merged.metadata = mm;
+  }
+  if ("observability" in layer) {
+    merged.observability = deepCopyBundle(layer.observability);
+  }
+  if ("contracts" in layer) {
+    const existingById = /* @__PURE__ */ new Map();
+    const mc = merged.contracts ?? [];
+    for (let j = 0; j < mc.length; j++) {
+      const c = mc[j];
+      existingById.set(c.id, j);
+    }
+    for (const contract of layer.contracts ?? []) {
+      const cid = contract.id;
+      const newContract = deepCopyBundle(contract);
+      if (existingById.has(cid)) {
+        const idx = existingById.get(cid);
+        overrides.push({
+          contractId: cid,
+          overriddenBy: label,
+          originalSource: contractSources.get(cid) ?? "unknown"
+        });
+        mc[idx] = newContract;
+      } else {
+        mc.push(newContract);
+        existingById.set(cid, mc.length - 1);
+      }
+      contractSources.set(cid, label);
+    }
+    merged.contracts = mc;
+  }
+}
+function mergeObserveAlongside(merged, layer, label, contractSources, observes) {
+  const mc = merged.contracts ?? [];
+  for (const contract of layer.contracts ?? []) {
+    const cid = contract.id;
+    const observeId = `${cid}:candidate`;
+    const existingIds = new Set(
+      mc.map((c) => c.id)
+    );
+    if (existingIds.has(observeId)) {
+      throw new EdictumConfigError(
+        `observe_alongside collision: generated ID "${observeId}" already exists in the bundle. Rename the conflicting contract or use a different ID for "${cid}".`
+      );
+    }
+    const observeContract = deepCopyBundle(contract);
+    observeContract.id = observeId;
+    observeContract.mode = "observe";
+    observeContract._observe = true;
+    mc.push(observeContract);
+    observes.push({
+      contractId: cid,
+      enforcedSource: contractSources.get(cid) ?? "",
+      observedSource: label
+    });
+  }
+  merged.contracts = mc;
+  if ("tools" in layer) {
+    const mt = merged.tools ?? {};
+    for (const [name, cfg] of Object.entries(layer.tools)) {
+      mt[name] = { ...cfg };
+    }
+    merged.tools = mt;
+  }
+  if ("metadata" in layer) {
+    const mm = merged.metadata ?? {};
+    for (const [k, v] of Object.entries(layer.metadata)) mm[k] = v;
+    merged.metadata = mm;
+  }
+}
+
+// src/yaml-engine/operators.ts
+var MAX_REGEX_INPUT = 1e4;
+function opEquals(fieldValue, opValue) {
+  return fieldValue === opValue;
+}
+function opNotEquals(fieldValue, opValue) {
+  return fieldValue !== opValue;
+}
+function opIn(fieldValue, opValue) {
+  return opValue.includes(fieldValue);
+}
+function opNotIn(fieldValue, opValue) {
+  return !opValue.includes(fieldValue);
+}
+function opContains(fieldValue, opValue) {
+  if (typeof fieldValue !== "string") throw new TypeError();
+  return fieldValue.includes(opValue);
+}
+function opContainsAny(fieldValue, opValue) {
+  if (typeof fieldValue !== "string") throw new TypeError();
+  return opValue.some((v) => fieldValue.includes(v));
+}
+function opStartsWith(fieldValue, opValue) {
+  if (typeof fieldValue !== "string") throw new TypeError();
+  return fieldValue.startsWith(opValue);
+}
+function opEndsWith(fieldValue, opValue) {
+  if (typeof fieldValue !== "string") throw new TypeError();
+  return fieldValue.endsWith(opValue);
+}
+function opMatches(fieldValue, opValue) {
+  if (typeof fieldValue !== "string") throw new TypeError();
+  const truncated = fieldValue.slice(0, MAX_REGEX_INPUT);
+  if (opValue instanceof RegExp) {
+    return opValue.test(truncated);
+  }
+  return new RegExp(opValue).test(truncated);
+}
+function opMatchesAny(fieldValue, opValue) {
+  if (typeof fieldValue !== "string") throw new TypeError();
+  const truncated = fieldValue.slice(0, MAX_REGEX_INPUT);
+  return opValue.some(
+    (p) => p instanceof RegExp ? p.test(truncated) : new RegExp(p).test(truncated)
+  );
+}
+function opGt(fieldValue, opValue) {
+  if (typeof fieldValue !== "number") throw new TypeError();
+  return fieldValue > opValue;
+}
+function opGte(fieldValue, opValue) {
+  if (typeof fieldValue !== "number") throw new TypeError();
+  return fieldValue >= opValue;
+}
+function opLt(fieldValue, opValue) {
+  if (typeof fieldValue !== "number") throw new TypeError();
+  return fieldValue < opValue;
+}
+function opLte(fieldValue, opValue) {
+  if (typeof fieldValue !== "number") throw new TypeError();
+  return fieldValue <= opValue;
+}
+var OPERATORS = {
+  equals: opEquals,
+  not_equals: opNotEquals,
+  in: opIn,
+  not_in: opNotIn,
+  contains: opContains,
+  contains_any: opContainsAny,
+  starts_with: opStartsWith,
+  ends_with: opEndsWith,
+  matches: opMatches,
+  matches_any: opMatchesAny,
+  gt: opGt,
+  gte: opGte,
+  lt: opLt,
+  lte: opLte
+};
+var BUILTIN_OPERATOR_NAMES = /* @__PURE__ */ new Set([
+  ...Object.keys(OPERATORS),
+  "exists"
+]);
+
+// src/yaml-engine/selectors.ts
+var _MISSING = /* @__PURE__ */ Symbol("MISSING");
+var BUILTIN_SELECTOR_PREFIXES = /* @__PURE__ */ new Set([
+  "environment",
+  "tool",
+  "args",
+  "principal",
+  "output",
+  "env",
+  "metadata"
+]);
+function resolveSelector(selector, envelope, outputText, customSelectors) {
+  if (selector === "environment") return envelope.environment;
+  if (selector === "tool.name") return envelope.toolName;
+  if (selector.startsWith("args.")) {
+    return resolveNested(selector.slice(5), envelope.args);
+  }
+  if (selector.startsWith("principal.")) {
+    if (envelope.principal == null) return _MISSING;
+    const rest = selector.slice(10);
+    if (rest === "user_id") return envelope.principal.userId;
+    if (rest === "service_id") return envelope.principal.serviceId;
+    if (rest === "org_id") return envelope.principal.orgId;
+    if (rest === "role") return envelope.principal.role;
+    if (rest === "ticket_ref") return envelope.principal.ticketRef;
+    if (rest.startsWith("claims.")) {
+      return resolveNested(
+        rest.slice(7),
+        envelope.principal.claims
+      );
+    }
+    return _MISSING;
+  }
+  if (selector === "output.text") {
+    return outputText == null ? _MISSING : outputText;
+  }
+  if (selector.startsWith("env.")) {
+    const varName = selector.slice(4);
+    const raw = process.env[varName];
+    if (raw == null) return _MISSING;
+    return coerceEnvValue(raw);
+  }
+  if (selector.startsWith("metadata.")) {
+    return resolveNested(
+      selector.slice(9),
+      envelope.metadata
+    );
+  }
+  if (customSelectors) {
+    const dotPos = selector.indexOf(".");
+    if (dotPos > 0) {
+      const prefix = selector.slice(0, dotPos);
+      if (Object.hasOwn(customSelectors, prefix)) {
+        const resolver = customSelectors[prefix];
+        const data = resolver(envelope);
+        const rest = selector.slice(dotPos + 1);
+        return resolveNested(rest, data);
+      }
+    }
+  }
+  return _MISSING;
+}
+function resolveNested(path, data) {
+  const parts = path.split(".");
+  let current = data;
+  for (const part of parts) {
+    if (current == null || typeof current !== "object") return _MISSING;
+    const obj = current;
+    if (!Object.hasOwn(obj, part)) return _MISSING;
+    current = obj[part];
+  }
+  return current;
+}
+function coerceEnvValue(raw) {
+  const low = raw.toLowerCase();
+  if (low === "true") return true;
+  if (low === "false") return false;
+  const asInt = parseInt(raw, 10);
+  if (!isNaN(asInt) && String(asInt) === raw) return asInt;
+  const asFloat = parseFloat(raw);
+  if (!isNaN(asFloat) && String(asFloat) === raw) return asFloat;
+  return raw;
+}
+
+// src/yaml-engine/evaluator.ts
+var PolicyError = class {
+  message;
+  constructor(message) {
+    this.message = message;
+  }
+};
+function evaluateExpression(expr, envelope, outputText, options) {
+  const customOps = options?.customOperators ?? null;
+  const customSels = options?.customSelectors ?? null;
+  if ("all" in expr) {
+    return _evalAll(expr.all, envelope, outputText, customOps, customSels);
+  }
+  if ("any" in expr) {
+    return _evalAny(expr.any, envelope, outputText, customOps, customSels);
+  }
+  if ("not" in expr) {
+    return _evalNot(expr.not, envelope, outputText, customOps, customSels);
+  }
+  const leafKeys = Object.keys(expr);
+  if (leafKeys.length !== 1) {
+    return new PolicyError(
+      `Leaf expression must have exactly one selector key, got ${leafKeys.length}: [${leafKeys.join(", ")}]`
+    );
+  }
+  return _evalLeaf(expr, envelope, outputText, customOps, customSels);
+}
+function _evalAll(exprs, envelope, outputText, customOps, customSels) {
+  for (const expr of exprs) {
+    const result = evaluateExpression(expr, envelope, outputText, {
+      customOperators: customOps,
+      customSelectors: customSels
+    });
+    if (result instanceof PolicyError) return result;
+    if (!result) return false;
+  }
+  return true;
+}
+function _evalAny(exprs, envelope, outputText, customOps, customSels) {
+  for (const expr of exprs) {
+    const result = evaluateExpression(expr, envelope, outputText, {
+      customOperators: customOps,
+      customSelectors: customSels
+    });
+    if (result instanceof PolicyError) return result;
+    if (result) return true;
+  }
+  return false;
+}
+function _evalNot(expr, envelope, outputText, customOps, customSels) {
+  const result = evaluateExpression(expr, envelope, outputText, {
+    customOperators: customOps,
+    customSelectors: customSels
+  });
+  if (result instanceof PolicyError) return result;
+  return !result;
+}
+function _evalLeaf(leaf, envelope, outputText, customOps, customSels) {
+  const selector = Object.keys(leaf)[0];
+  const operatorBlock = leaf[selector];
+  const value = resolveSelector(selector, envelope, outputText, customSels);
+  const opName = Object.keys(operatorBlock)[0];
+  const opValue = operatorBlock[opName];
+  return _applyOperator(opName, value, opValue, selector, customOps);
+}
+function _applyOperator(op, fieldValue, opValue, selector, customOperators) {
+  if (op === "exists") {
+    const isPresent = fieldValue !== _MISSING && fieldValue != null;
+    return isPresent === opValue;
+  }
+  if (fieldValue === _MISSING || fieldValue == null) return false;
+  try {
+    if (Object.hasOwn(OPERATORS, op)) return OPERATORS[op](fieldValue, opValue);
+    if (customOperators && Object.hasOwn(customOperators, op)) {
+      return Boolean(customOperators[op](fieldValue, opValue));
+    }
+    return new PolicyError(`Unknown operator: '${op}'`);
+  } catch {
+    return new PolicyError(
+      `Type mismatch: operator '${op}' cannot be applied to selector '${selector}' value ${typeof fieldValue}`
+    );
+  }
+}
+
+// src/yaml-engine/compiler-utils.ts
+var _PLACEHOLDER_RE = /\{([^}]+)\}/g;
+var _PLACEHOLDER_CAP = 200;
+function expandMessage(template, envelope, outputText, customSelectors) {
+  const redaction = new RedactionPolicy();
+  return template.replace(_PLACEHOLDER_RE, (match, selectorRaw) => {
+    const value = resolveSelector(selectorRaw, envelope, outputText, customSelectors);
+    if (value === _MISSING || value == null) return match;
+    let text = String(value);
+    if (redaction._looksLikeSecret(text)) text = "[REDACTED]";
+    if (text.length > _PLACEHOLDER_CAP) text = text.slice(0, _PLACEHOLDER_CAP - 3) + "...";
+    return text;
+  });
+}
+function validateOperators(bundle, customOperators) {
+  const known = /* @__PURE__ */ new Set([
+    ...BUILTIN_OPERATOR_NAMES,
+    ...Object.keys(customOperators ?? {})
+  ]);
+  const contracts = bundle.contracts ?? [];
+  for (const contract of contracts) {
+    const when = contract.when;
+    if (when) {
+      _validateExpressionOperators(when, known, contract.id);
+    }
+  }
+}
+function _validateExpressionOperators(expr, known, contractId) {
+  if (expr == null || typeof expr !== "object") return;
+  const e = expr;
+  if ("all" in e) {
+    for (const sub of e.all) {
+      _validateExpressionOperators(sub, known, contractId);
+    }
+    return;
+  }
+  if ("any" in e) {
+    for (const sub of e.any) {
+      _validateExpressionOperators(sub, known, contractId);
+    }
+    return;
+  }
+  if ("not" in e) {
+    _validateExpressionOperators(e.not, known, contractId);
+    return;
+  }
+  for (const [, operator] of Object.entries(e)) {
+    if (operator != null && typeof operator === "object") {
+      for (const opName of Object.keys(operator)) {
+        if (!known.has(opName)) {
+          throw new EdictumConfigError(
+            `Contract '${contractId}': unknown operator '${opName}'`
+          );
+        }
+      }
+    }
+  }
+}
+function precompileRegexes(expr) {
+  if (expr == null || typeof expr !== "object") return expr;
+  const e = expr;
+  if ("all" in e) {
+    return { all: e.all.map(precompileRegexes) };
+  }
+  if ("any" in e) {
+    return { any: e.any.map(precompileRegexes) };
+  }
+  if ("not" in e) {
+    return { not: precompileRegexes(e.not) };
+  }
+  const compiled = {};
+  for (const [selector, operator] of Object.entries(e)) {
+    if (operator == null || typeof operator !== "object") {
+      compiled[selector] = operator;
+      continue;
+    }
+    const newOp = { ...operator };
+    if ("matches" in newOp && typeof newOp.matches === "string") {
+      newOp.matches = new RegExp(newOp.matches);
+    }
+    if ("matches_any" in newOp && Array.isArray(newOp.matches_any)) {
+      newOp.matches_any = newOp.matches_any.map(
+        (p) => typeof p === "string" ? new RegExp(p) : p
+      );
+    }
+    compiled[selector] = newOp;
+  }
+  return compiled;
+}
+function extractOutputPatterns(expr) {
+  if (expr == null || typeof expr !== "object") return [];
+  const e = expr;
+  if ("all" in e) {
+    const patterns = [];
+    for (const sub of e.all) {
+      patterns.push(...extractOutputPatterns(sub));
+    }
+    return patterns;
+  }
+  if ("any" in e) {
+    const patterns = [];
+    for (const sub of e.any) {
+      patterns.push(...extractOutputPatterns(sub));
+    }
+    return patterns;
+  }
+  if ("not" in e) {
+    return extractOutputPatterns(e.not);
+  }
+  const collected = [];
+  for (const [selector, operator] of Object.entries(e)) {
+    if (selector !== "output.text" || operator == null || typeof operator !== "object") continue;
+    const op = operator;
+    if ("matches" in op && op.matches instanceof RegExp) {
+      collected.push(op.matches);
+    }
+    if ("matches_any" in op && Array.isArray(op.matches_any)) {
+      for (const p of op.matches_any) {
+        if (p instanceof RegExp) collected.push(p);
+      }
+    }
+  }
+  return collected;
+}
+
+// src/yaml-engine/compile-contracts.ts
+function _evalAndVerdict(whenExpr, envelope, outputText, messageTemplate, tags, thenMetadata, customOps, customSels) {
+  try {
+    const result = evaluateExpression(whenExpr, envelope, outputText, {
+      customOperators: customOps,
+      customSelectors: customSels
+    });
+    if (result instanceof PolicyError) {
+      const msg = expandMessage(messageTemplate, envelope, outputText, customSels);
+      return Verdict.fail(msg, { tags, policyError: true, ...thenMetadata });
+    }
+    if (result) {
+      const msg = expandMessage(messageTemplate, envelope, outputText, customSels);
+      return Verdict.fail(msg, { tags, ...thenMetadata });
+    }
+    return Verdict.pass_();
+  } catch (exc) {
+    const msg = expandMessage(messageTemplate, envelope, outputText, customSels);
+    return Verdict.fail(msg, { tags, policyError: true, errorDetail: String(exc), ...thenMetadata });
+  }
+}
+function _maybeObserve(result, contract) {
+  if (contract._observe === true || contract._shadow === true) result._edictum_observe = true;
+}
+function compilePre(contract, mode, customOps, customSels) {
+  const contractId = contract.id;
+  const tool = contract.tool;
+  const whenExpr = precompileRegexes(contract.when);
+  const then = contract.then;
+  const msgTpl = then.message;
+  const tags = then.tags ?? [];
+  const meta = then.metadata ?? {};
+  const check = (envelope) => _evalAndVerdict(whenExpr, envelope, void 0, msgTpl, tags, meta, customOps, customSels);
+  const result = {
+    check,
+    name: contractId,
+    tool,
+    type: "precondition",
+    mode,
+    _edictum_type: "precondition",
+    _edictum_tool: tool,
+    _edictum_when: null,
+    _edictum_mode: mode,
+    _edictum_id: contractId,
+    _edictum_source: "yaml_precondition",
+    _edictum_effect: then.effect ?? "deny",
+    _edictum_timeout: then.timeout ?? 300,
+    _edictum_timeout_effect: then.timeout_effect ?? "deny"
+  };
+  _maybeObserve(result, contract);
+  return result;
+}
+function compilePost(contract, mode, customOps, customSels) {
+  const contractId = contract.id;
+  const tool = contract.tool;
+  const whenExpr = precompileRegexes(contract.when);
+  const then = contract.then;
+  const msgTpl = then.message;
+  const tags = then.tags ?? [];
+  const meta = then.metadata ?? {};
+  const check = (envelope, response) => {
+    const outputText = response != null ? String(response) : void 0;
+    return _evalAndVerdict(whenExpr, envelope, outputText, msgTpl, tags, meta, customOps, customSels);
+  };
+  const effectValue = then.effect ?? "warn";
+  const result = {
+    check,
+    name: contractId,
+    tool,
+    type: "postcondition",
+    mode,
+    effect: effectValue,
+    _edictum_type: "postcondition",
+    _edictum_tool: tool,
+    _edictum_when: null,
+    _edictum_mode: mode,
+    _edictum_id: contractId,
+    _edictum_source: "yaml_postcondition",
+    _edictum_effect: effectValue,
+    _edictum_redact_patterns: extractOutputPatterns(whenExpr)
+  };
+  _maybeObserve(result, contract);
+  return result;
+}
+function compileSession(contract, mode, limits) {
+  const contractId = contract.id;
+  const then = contract.then;
+  const messageTemplate = then.message;
+  const tags = then.tags ?? [];
+  const thenMetadata = then.metadata ?? {};
+  const capturedLimits = { ...limits };
+  const check = async (session) => {
+    const execCount = await session.executionCount();
+    if (execCount >= capturedLimits.maxToolCalls) {
+      return Verdict.fail(messageTemplate, { tags, ...thenMetadata });
+    }
+    const attemptCount = await session.attemptCount();
+    if (attemptCount >= capturedLimits.maxAttempts) {
+      return Verdict.fail(messageTemplate, { tags, ...thenMetadata });
+    }
+    return Verdict.pass_();
+  };
+  const result = {
+    check,
+    name: contractId,
+    type: "session_contract",
+    _edictum_type: "session_contract",
+    _edictum_mode: mode,
+    _edictum_id: contractId,
+    _edictum_message: messageTemplate,
+    _edictum_tags: tags,
+    _edictum_then_metadata: thenMetadata,
+    _edictum_source: "yaml_session"
+  };
+  if (contract._observe === true || contract._shadow === true) {
+    result._edictum_observe = true;
+  }
+  return result;
+}
+function mergeSessionLimits(contract, existing) {
+  const sessionLimits = contract.limits;
+  let maxToolCalls = existing.maxToolCalls;
+  let maxAttempts = existing.maxAttempts;
+  const maxCallsPerTool = { ...existing.maxCallsPerTool };
+  if ("max_tool_calls" in sessionLimits) {
+    const raw = sessionLimits.max_tool_calls;
+    if (typeof raw !== "number" || !Number.isFinite(raw)) {
+      throw new EdictumConfigError(`Session limit max_tool_calls must be a finite number, got: ${String(raw)}`);
+    }
+    maxToolCalls = Math.min(maxToolCalls, raw);
+  }
+  if ("max_attempts" in sessionLimits) {
+    const raw = sessionLimits.max_attempts;
+    if (typeof raw !== "number" || !Number.isFinite(raw)) {
+      throw new EdictumConfigError(`Session limit max_attempts must be a finite number, got: ${String(raw)}`);
+    }
+    maxAttempts = Math.min(maxAttempts, raw);
+  }
+  if ("max_calls_per_tool" in sessionLimits) {
+    const perTool = sessionLimits.max_calls_per_tool;
+    for (const [tool, limit] of Object.entries(perTool)) {
+      if (typeof limit !== "number" || !Number.isFinite(limit)) {
+        throw new EdictumConfigError(
+          `Session limit max_calls_per_tool['${tool}'] must be a finite number, got: ${String(limit)}`
+        );
+      }
+      if (Object.hasOwn(maxCallsPerTool, tool)) {
+        maxCallsPerTool[tool] = Math.min(maxCallsPerTool[tool], limit);
+      } else {
+        maxCallsPerTool[tool] = limit;
+      }
+    }
+  }
+  return { maxAttempts, maxToolCalls, maxCallsPerTool };
+}
+
+// src/yaml-engine/sandbox-compiler.ts
+import { realpathSync } from "fs";
+import { resolve as pathResolve } from "path";
+
+// src/fnmatch.ts
+function fnmatch(name, pattern) {
+  if (pattern === "*") return true;
+  if (!pattern.includes("*") && !pattern.includes("?")) {
+    return name === pattern;
+  }
+  const safeName = name.length > 1e4 ? name.slice(0, 1e4) : name;
+  const safePattern = pattern.length > 1e4 ? pattern.slice(0, 1e4) : pattern;
+  let regex = "";
+  for (let i = 0; i < safePattern.length; i++) {
+    const ch = safePattern[i] ?? "";
+    if (ch === "*") {
+      regex += ".*";
+    } else if (ch === "?") {
+      regex += ".";
+    } else if (".+^${}()|[]\\".includes(ch)) {
+      regex += "\\" + ch;
+    } else {
+      regex += ch;
+    }
+  }
+  return new RegExp("^" + regex + "$").test(safeName);
+}
+
+// src/yaml-engine/sandbox-compiler.ts
+var _REDIRECT_PREFIX_RE = /^(?:\d*>>|>>|\d*>|>|<<|<)/;
+var _SHELL_SEPARATOR_RE = /[;|&\n\r`]|\$\(|\$\{|<\(/;
+function tokenizeCommand(cmd) {
+  const rawTokens = _shlexSplit(cmd);
+  const tokens = [];
+  for (const t of rawTokens) {
+    const stripped = t.replace(_REDIRECT_PREFIX_RE, "");
+    if (stripped) tokens.push(stripped);
+  }
+  return tokens;
+}
+function _shlexSplit(s) {
+  const tokens = [];
+  let current = "";
+  let inSingle = false;
+  let inDouble = false;
+  let i = 0;
+  try {
+    while (i < s.length) {
+      const ch = s.charAt(i);
+      if (inSingle) {
+        if (ch === "'") {
+          inSingle = false;
+        } else {
+          current += ch;
+        }
+      } else if (inDouble) {
+        if (ch === "\\" && i + 1 < s.length) {
+          const next = s.charAt(i + 1);
+          if (next === '"' || next === "\\" || next === "$" || next === "`" || next === "\n") {
+            current += next;
+            i++;
+          } else {
+            current += ch;
+          }
+        } else if (ch === '"') {
+          inDouble = false;
+        } else {
+          current += ch;
+        }
+      } else if (ch === "'") {
+        inSingle = true;
+      } else if (ch === '"') {
+        inDouble = true;
+      } else if (ch === " " || ch === "	") {
+        if (current) {
+          tokens.push(current);
+          current = "";
+        }
+      } else {
+        current += ch;
+      }
+      i++;
+    }
+    if (inSingle || inDouble) {
+      return s.split(/\s+/).filter(Boolean).map((t) => t.replace(/^['"]|['"]$/g, ""));
+    }
+    if (current) tokens.push(current);
+    return tokens;
+  } catch {
+    return s.split(/\s+/).filter(Boolean).map((t) => t.replace(/^['"]|['"]$/g, ""));
+  }
+}
+var _PATH_ARG_KEYS = /* @__PURE__ */ new Set([
+  "path",
+  "file_path",
+  "filePath",
+  "directory",
+  "dir",
+  "folder",
+  "target",
+  "destination",
+  "source",
+  "src",
+  "dst"
+]);
+function _realpath(p) {
+  try {
+    return realpathSync(p);
+  } catch {
+    return pathResolve(p);
+  }
+}
+function extractPaths(envelope) {
+  const paths = [];
+  const seen = /* @__PURE__ */ new Set();
+  function add(p) {
+    if (!p) return;
+    const resolved = _realpath(p);
+    if (!seen.has(resolved)) {
+      seen.add(resolved);
+      paths.push(resolved);
+    }
+  }
+  if (envelope.filePath) add(envelope.filePath);
+  const args = envelope.args;
+  for (const [key, value] of Object.entries(args)) {
+    if (typeof value === "string" && _PATH_ARG_KEYS.has(key)) add(value);
+  }
+  for (const [key, value] of Object.entries(args)) {
+    if (typeof value === "string" && value.startsWith("/") && !_PATH_ARG_KEYS.has(key)) add(value);
+  }
+  const cmd = envelope.bashCommand ?? args.command ?? "";
+  if (cmd) {
+    for (const token of tokenizeCommand(cmd)) {
+      if (token.startsWith("/")) add(token);
+    }
+  }
+  return paths;
+}
+function extractCommand(envelope) {
+  const cmd = envelope.bashCommand ?? envelope.args.command;
+  if (!cmd || typeof cmd !== "string") return null;
+  const stripped = cmd.trim();
+  if (!stripped) return null;
+  if (_SHELL_SEPARATOR_RE.test(stripped)) return "\0";
+  const rawFirst = stripped.split(/\s/)[0] ?? "";
+  if (_REDIRECT_PREFIX_RE.test(rawFirst)) return "\0";
+  const tokens = tokenizeCommand(stripped);
+  return tokens.length > 0 ? tokens[0] ?? null : null;
+}
+function extractUrls(envelope) {
+  const urls = [];
+  const seen = /* @__PURE__ */ new Set();
+  function addUrl(u) {
+    if (!seen.has(u)) {
+      seen.add(u);
+      urls.push(u);
+    }
+  }
+  for (const value of Object.values(envelope.args)) {
+    if (typeof value !== "string" || !value.includes("://")) continue;
+    if (extractHostname(value) !== null) {
+      addUrl(value);
+    } else {
+      for (const token of tokenizeCommand(value)) {
+        if (token.includes("://") && extractHostname(token) !== null) addUrl(token);
+      }
+    }
+  }
+  return urls;
+}
+function extractHostname(url) {
+  try {
+    return new URL(url).hostname || null;
+  } catch {
+    return null;
+  }
+}
+function domainMatches(hostname, patterns) {
+  return patterns.some((p) => fnmatch(hostname, p));
+}
+
+// src/yaml-engine/sandbox-compile-fn.ts
+import { realpathSync as realpathSync2 } from "fs";
+import { resolve as pathResolve2 } from "path";
+function _realpath2(p) {
+  try {
+    return realpathSync2(p);
+  } catch {
+    return pathResolve2(p);
+  }
+}
+function _pathWithin(filePath, prefix) {
+  return filePath === prefix || filePath.startsWith(prefix.replace(/\/+$/, "") + "/");
+}
+function compileSandbox(contract, mode) {
+  const contractId = contract.id;
+  const toolPatterns = "tools" in contract ? contract.tools : [contract.tool];
+  const within = (contract.within ?? []).map(_realpath2);
+  const notWithin = (contract.not_within ?? []).map(_realpath2);
+  const allows = contract.allows ?? {};
+  const notAllows = contract.not_allows ?? {};
+  const allowedCommands = allows.commands ?? [];
+  const allowedDomains = allows.domains ?? [];
+  const blockedDomains = notAllows.domains ?? [];
+  const outside = contract.outside ?? "deny";
+  const messageTemplate = contract.message ?? "Tool call outside sandbox boundary.";
+  const timeout = contract.timeout ?? 300;
+  const timeoutEffect = contract.timeout_effect ?? "deny";
+  const check = (envelope) => {
+    if (within.length > 0 || notWithin.length > 0) {
+      const paths = extractPaths(envelope);
+      if (paths.length > 0) {
+        for (const p of paths) {
+          for (const excluded of notWithin) {
+            if (_pathWithin(p, excluded)) {
+              return Verdict.fail(expandMessage(messageTemplate, envelope));
+            }
+          }
+        }
+        if (within.length > 0) {
+          for (const p of paths) {
+            if (!within.some((allowed) => _pathWithin(p, allowed))) {
+              return Verdict.fail(expandMessage(messageTemplate, envelope));
+            }
+          }
+        }
+      }
+    }
+    if (allowedCommands.length > 0) {
+      const firstToken = extractCommand(envelope);
+      if (firstToken !== null && !allowedCommands.includes(firstToken)) {
+        return Verdict.fail(expandMessage(messageTemplate, envelope));
+      }
+    }
+    const urls = extractUrls(envelope);
+    if (urls.length > 0) {
+      for (const url of urls) {
+        const hostname = extractHostname(url);
+        if (hostname) {
+          if (blockedDomains.length > 0 && domainMatches(hostname, blockedDomains)) {
+            return Verdict.fail(expandMessage(messageTemplate, envelope));
+          }
+          if (allowedDomains.length > 0 && !domainMatches(hostname, allowedDomains)) {
+            return Verdict.fail(expandMessage(messageTemplate, envelope));
+          }
+        } else if (allowedDomains.length > 0) {
+          return Verdict.fail(expandMessage(messageTemplate, envelope));
+        }
+      }
+    }
+    return Verdict.pass_();
+  };
+  const result = {
+    check,
+    name: contractId,
+    tool: toolPatterns.length === 1 ? toolPatterns[0] : void 0,
+    _edictum_type: "sandbox",
+    _edictum_tools: toolPatterns,
+    _edictum_mode: mode,
+    _edictum_id: contractId,
+    _edictum_source: "yaml_sandbox",
+    _edictum_effect: outside,
+    _edictum_timeout: timeout,
+    _edictum_timeout_effect: timeoutEffect
+  };
+  if (contract._observe === true || contract._shadow === true) {
+    result._edictum_observe = true;
+  }
+  return result;
+}
+
+// src/yaml-engine/compiler.ts
+function compileContracts(bundle, options = {}) {
+  const customOps = options?.customOperators ?? null;
+  const customSels = options?.customSelectors ?? null;
+  validateOperators(bundle, customOps);
+  if (bundle.defaults == null || typeof bundle.defaults !== "object") {
+    throw new EdictumConfigError(
+      "Bundle missing required 'defaults' section with 'mode' field"
+    );
+  }
+  const defaults = bundle.defaults;
+  const defaultMode = defaults.mode;
+  const preconditions = [];
+  const postconditions = [];
+  const sessionContracts = [];
+  const sandboxContracts = [];
+  let limits = { ...DEFAULT_LIMITS };
+  const contracts = bundle.contracts ?? [];
+  for (const contract of contracts) {
+    if (contract.enabled === false) continue;
+    const contractType = contract.type;
+    const contractMode = contract.mode ?? defaultMode;
+    if (contractType === "pre") {
+      preconditions.push(compilePre(contract, contractMode, customOps, customSels));
+    } else if (contractType === "post") {
+      postconditions.push(compilePost(contract, contractMode, customOps, customSels));
+    } else if (contractType === "session") {
+      const isObserve = contract._observe ?? contract._shadow ?? false;
+      if (!isObserve) {
+        limits = mergeSessionLimits(contract, limits);
+      }
+      sessionContracts.push(compileSession(contract, contractMode, limits));
+    } else if (contractType === "sandbox") {
+      sandboxContracts.push(compileSandbox(contract, contractMode));
+    } else {
+      throw new EdictumConfigError(
+        `Unknown contract type "${contractType}" in contract "${contract.id ?? "unknown"}". Expected "pre", "post", "session", or "sandbox".`
+      );
+    }
+  }
+  const tools = bundle.tools ?? {};
+  return {
+    preconditions,
+    postconditions,
+    sessionContracts,
+    sandboxContracts,
+    limits,
+    defaultMode,
+    tools
+  };
+}
+
+// src/yaml-engine/loader.ts
+import { createHash } from "crypto";
+import { readFileSync, realpathSync as realpathSync3, statSync } from "fs";
+
+// src/yaml-engine/loader-validators.ts
+function validateSchema(data) {
+  if (data.apiVersion !== "edictum/v1") {
+    throw new EdictumConfigError(
+      `Schema validation failed: apiVersion must be 'edictum/v1', got '${String(data.apiVersion)}'`
+    );
+  }
+  if (data.kind !== "ContractBundle") {
+    throw new EdictumConfigError(
+      `Schema validation failed: kind must be 'ContractBundle', got '${String(data.kind)}'`
+    );
+  }
+  if (data.metadata != null && typeof data.metadata !== "object") {
+    throw new EdictumConfigError("Schema validation failed: metadata must be an object");
+  }
+  if (!Array.isArray(data.contracts)) {
+    throw new EdictumConfigError("Schema validation failed: contracts must be an array");
+  }
+}
+var CONTROL_CHAR_RE = /[\x00-\x1f\x7f-\x9f]/;
+function validateContractId(contractId) {
+  if (CONTROL_CHAR_RE.test(contractId)) {
+    throw new EdictumConfigError(
+      `Contract id contains control characters: '${contractId.replace(CONTROL_CHAR_RE, "\\x??")}'`
+    );
+  }
+}
+function validateUniqueIds(data) {
+  const ids = /* @__PURE__ */ new Set();
+  const contracts = data.contracts ?? [];
+  for (const contract of contracts) {
+    const contractId = contract.id;
+    if (contractId != null) {
+      validateContractId(contractId);
+      if (ids.has(contractId)) {
+        throw new EdictumConfigError(`Duplicate contract id: '${contractId}'`);
+      }
+      ids.add(contractId);
+    }
+  }
+}
+function validateRegexes(data) {
+  const contracts = data.contracts ?? [];
+  for (const contract of contracts) {
+    const when = contract.when;
+    if (when != null) {
+      validateExpressionRegexes(when);
+    }
+  }
+}
+function validateExpressionRegexes(expr) {
+  if (expr == null || typeof expr !== "object") return;
+  const e = expr;
+  if ("all" in e) {
+    for (const sub of e.all) validateExpressionRegexes(sub);
+    return;
+  }
+  if ("any" in e) {
+    for (const sub of e.any) validateExpressionRegexes(sub);
+    return;
+  }
+  if ("not" in e) {
+    validateExpressionRegexes(e.not);
+    return;
+  }
+  for (const operator of Object.values(e)) {
+    if (operator == null || typeof operator !== "object") continue;
+    const op = operator;
+    if ("matches" in op) tryCompileRegex(op.matches);
+    if ("matches_any" in op) {
+      for (const pattern of op.matches_any) tryCompileRegex(pattern);
+    }
+  }
+}
+function tryCompileRegex(pattern) {
+  try {
+    new RegExp(pattern);
+  } catch (e) {
+    throw new EdictumConfigError(`Invalid regex pattern '${pattern}': ${String(e)}`);
+  }
+}
+function validatePreSelectors(data) {
+  const contracts = data.contracts ?? [];
+  for (const contract of contracts) {
+    if (contract.type !== "pre") continue;
+    const when = contract.when;
+    if (when != null && expressionHasSelector(when, "output.text")) {
+      throw new EdictumConfigError(
+        `Contract '${contract.id ?? "?"}': output.text selector is not available in type: pre contracts`
+      );
+    }
+  }
+}
+function expressionHasSelector(expr, target) {
+  if (expr == null || typeof expr !== "object") return false;
+  const e = expr;
+  if ("all" in e) return e.all.some((sub) => expressionHasSelector(sub, target));
+  if ("any" in e) return e.any.some((sub) => expressionHasSelector(sub, target));
+  if ("not" in e) return expressionHasSelector(e.not, target);
+  return target in e;
+}
+function validateSandboxContracts(data) {
+  const contracts = data.contracts ?? [];
+  for (const contract of contracts) {
+    if (contract.type !== "sandbox") continue;
+    const cid = contract.id ?? "?";
+    if ("not_within" in contract && !("within" in contract)) {
+      throw new EdictumConfigError(`Contract '${cid}': not_within requires within to also be set`);
+    }
+    if ("not_allows" in contract && !("allows" in contract)) {
+      throw new EdictumConfigError(`Contract '${cid}': not_allows requires allows to also be set`);
+    }
+    if ("not_allows" in contract) {
+      const notAllows = contract.not_allows ?? {};
+      if ("domains" in notAllows) {
+        const allows = contract.allows ?? {};
+        if (!("domains" in allows)) {
+          throw new EdictumConfigError(
+            `Contract '${cid}': not_allows.domains requires allows.domains to also be set`
+          );
+        }
+      }
+    }
+  }
+}
+
+// src/yaml-engine/loader.ts
+var MAX_BUNDLE_SIZE = 1048576;
+function computeHash(rawBytes) {
+  return { hex: createHash("sha256").update(rawBytes).digest("hex") };
+}
+function requireYaml() {
+  try {
+    const yaml = __require("js-yaml");
+    return yaml;
+  } catch {
+    throw new EdictumConfigError(
+      "The YAML engine requires js-yaml. Install it with: npm install js-yaml"
+    );
+  }
+}
+function parseYaml(content) {
+  const yaml = requireYaml();
+  let data;
+  try {
+    data = yaml.load(content);
+  } catch (e) {
+    throw new EdictumConfigError(`YAML parse error: ${String(e)}`);
+  }
+  if (data == null || typeof data !== "object" || Array.isArray(data)) {
+    throw new EdictumConfigError("YAML document must be a mapping");
+  }
+  return data;
+}
+function validateBundle(data) {
+  validateSchema(data);
+  validateUniqueIds(data);
+  validateRegexes(data);
+  validatePreSelectors(data);
+  validateSandboxContracts(data);
+}
+function loadBundle(source) {
+  const resolved = realpathSync3(source);
+  const fileSize = statSync(resolved).size;
+  if (fileSize > MAX_BUNDLE_SIZE) {
+    throw new EdictumConfigError(
+      `Bundle file too large (${fileSize} bytes, max ${MAX_BUNDLE_SIZE})`
+    );
+  }
+  const rawBytes = readFileSync(resolved);
+  const bundleHash = computeHash(rawBytes);
+  const data = parseYaml(rawBytes.toString("utf-8"));
+  validateBundle(data);
+  return [data, bundleHash];
+}
+function loadBundleString(content) {
+  const rawBytes = typeof content === "string" ? new TextEncoder().encode(content) : content;
+  if (rawBytes.length > MAX_BUNDLE_SIZE) {
+    throw new EdictumConfigError(
+      `Bundle content too large (${rawBytes.length} bytes, max ${MAX_BUNDLE_SIZE})`
+    );
+  }
+  const bundleHash = computeHash(rawBytes);
+  const text = typeof content === "string" ? content : new TextDecoder().decode(rawBytes);
+  const data = parseYaml(text);
+  validateBundle(data);
+  return [data, bundleHash];
+}
+
+// src/factory.ts
+function fromYaml(...args) {
+  let paths;
+  let options;
+  const last = args[args.length - 1];
+  if (typeof last === "object" && last !== null && !Array.isArray(last)) {
+    paths = args.slice(0, -1);
+    options = last;
+  } else {
+    paths = args;
+    options = {};
+  }
+  if (paths.length === 0) {
+    throw new EdictumConfigError("fromYaml() requires at least one path");
+  }
+  const loaded = [];
+  for (const p of paths) {
+    loaded.push(loadBundle(p));
+  }
+  let bundleData;
+  let policyVersion;
+  let report;
+  if (loaded.length === 1) {
+    const entry = loaded[0];
+    bundleData = entry[0];
+    policyVersion = entry[1].hex;
+    report = { overriddenContracts: [], observeContracts: [] };
+  } else {
+    const bundleTuples = loaded.map(
+      ([data], i) => [data, paths[i]]
+    );
+    const composed = composeBundles(...bundleTuples);
+    bundleData = composed.bundle;
+    report = composed.report;
+    policyVersion = createHash2("sha256").update(loaded.map(([, h]) => h.hex).join(":")).digest("hex");
+  }
+  const compiled = compileContracts(bundleData, {
+    customOperators: options.customOperators ?? null,
+    customSelectors: options.customSelectors ?? null
+  });
+  const guard = _buildGuard(compiled, policyVersion, options);
+  if (options.returnReport) {
+    return [guard, report];
+  }
+  return guard;
+}
+function fromYamlString(content, options = {}) {
+  const [bundleData, bundleHash] = loadBundleString(content);
+  const policyVersion = bundleHash.hex;
+  const compiled = compileContracts(bundleData, {
+    customOperators: options.customOperators ?? null,
+    customSelectors: options.customSelectors ?? null
+  });
+  return _buildGuard(compiled, policyVersion, options);
+}
+function reload(guard, yamlContent, options = {}) {
+  const [bundleData, bundleHash] = loadBundleString(yamlContent);
+  const compiled = compileContracts(bundleData, {
+    customOperators: options.customOperators ?? null,
+    customSelectors: options.customSelectors ?? null
+  });
+  const allContracts = [
+    ...compiled.preconditions,
+    ...compiled.postconditions,
+    ...compiled.sessionContracts,
+    ...compiled.sandboxContracts
+  ];
+  const temp = new Edictum({
+    contracts: allContracts,
+    limits: compiled.limits,
+    policyVersion: bundleHash.hex
+  });
+  guard._replaceState(temp._getState());
+}
+function _buildGuard(compiled, policyVersion, options) {
+  const effectiveMode = options.mode ?? compiled.defaultMode;
+  const allContracts = [
+    ...compiled.preconditions,
+    ...compiled.postconditions,
+    ...compiled.sessionContracts,
+    ...compiled.sandboxContracts
+  ];
+  const mergedTools = {};
+  for (const [name, cfg] of Object.entries(compiled.tools)) {
+    mergedTools[name] = cfg;
+  }
+  if (options.tools) {
+    for (const [name, cfg] of Object.entries(options.tools)) {
+      mergedTools[name] = cfg;
+    }
+  }
+  return new Edictum({
+    environment: options.environment ?? "production",
+    mode: effectiveMode,
+    limits: compiled.limits,
+    tools: Object.keys(mergedTools).length > 0 ? mergedTools : void 0,
+    contracts: allContracts,
+    auditSink: options.auditSink,
+    redaction: options.redaction,
+    backend: options.backend,
+    policyVersion,
+    onDeny: options.onDeny,
+    onAllow: options.onAllow,
+    successCheck: options.successCheck,
+    principal: options.principal,
+    principalResolver: options.principalResolver,
+    approvalBackend: options.approvalBackend
+  });
+}
+
+// src/guard.ts
+function isSessionContract(c) {
+  return !("tool" in c);
+}
+var Edictum = class _Edictum {
+  environment;
+  mode;
+  backend;
+  redaction;
+  toolRegistry;
+  auditSink;
+  _localSink;
+  _state;
+  _beforeHooks;
+  _afterHooks;
+  _sessionId;
+  // Callbacks and resolution — not private because _runner.ts needs access
+  // (Python's _runner.py accesses self._on_deny etc. directly)
+  /** @internal */
+  _onDeny;
+  /** @internal */
+  _onAllow;
+  /** @internal */
+  _successCheck;
+  _principal;
+  _principalResolver;
+  /** @internal */
+  _approvalBackend;
+  constructor(options = {}) {
+    this.environment = options.environment ?? "production";
+    this.mode = options.mode ?? "enforce";
+    this.backend = options.backend ?? new MemoryBackend();
+    this.redaction = options.redaction ?? new RedactionPolicy();
+    this._onDeny = options.onDeny ?? null;
+    this._onAllow = options.onAllow ?? null;
+    this._successCheck = options.successCheck ?? null;
+    this._principal = options.principal ?? null;
+    this._principalResolver = options.principalResolver ?? null;
+    this._approvalBackend = options.approvalBackend ?? null;
+    this._localSink = new CollectingAuditSink();
+    if (Array.isArray(options.auditSink)) {
+      this.auditSink = new CompositeSink([
+        this._localSink,
+        ...options.auditSink
+      ]);
+    } else if (options.auditSink != null) {
+      this.auditSink = new CompositeSink([
+        this._localSink,
+        options.auditSink
+      ]);
+    } else {
+      this.auditSink = this._localSink;
+    }
+    this.toolRegistry = new ToolRegistry();
+    if (options.tools) {
+      for (const [name, config] of Object.entries(options.tools)) {
+        this.toolRegistry.register(
+          name,
+          config.side_effect ?? SideEffect.IRREVERSIBLE,
+          config.idempotent ?? false
+        );
+      }
+    }
+    this._state = _Edictum._classifyContracts(
+      options.contracts ?? [],
+      options.limits ?? DEFAULT_LIMITS,
+      options.policyVersion ?? null
+    );
+    this._beforeHooks = [];
+    this._afterHooks = [];
+    for (const item of options.hooks ?? []) {
+      this._registerHook(item);
+    }
+    this._sessionId = randomUUID();
+  }
+  // -----------------------------------------------------------------------
+  // Properties
+  // -----------------------------------------------------------------------
+  /** The local in-memory audit event collector. Always present. */
+  get localSink() {
+    return this._localSink;
+  }
+  /** Operation limits for the current contract set. */
+  get limits() {
+    return this._state.limits;
+  }
+  /** Update operation limits (replaces compiled state atomically). */
+  set limits(value) {
+    this._state = createCompiledState({ ...this._state, limits: value });
+  }
+  /** SHA256 hash identifying the active contract bundle. */
+  get policyVersion() {
+    return this._state.policyVersion;
+  }
+  /**
+   * Replace the compiled state atomically.
+   *
+   * @internal — used by factory.ts reload(). Not part of the public API.
+   */
+  _replaceState(newState) {
+    this._state = newState;
+  }
+  /**
+   * Read the current compiled state.
+   *
+   * @internal — used by factory.ts reload(). Not part of the public API.
+   */
+  _getState() {
+    return this._state;
+  }
+  /** Update policy version (replaces compiled state atomically). */
+  set policyVersion(value) {
+    this._state = createCompiledState({
+      ...this._state,
+      policyVersion: value
+    });
+  }
+  /** The persistent session ID for this guard instance. */
+  get sessionId() {
+    return this._sessionId;
+  }
+  // -----------------------------------------------------------------------
+  // Principal
+  // -----------------------------------------------------------------------
+  /** Update the principal used for subsequent tool calls. */
+  setPrincipal(principal) {
+    this._principal = principal;
+  }
+  /** Resolve the principal for a tool call. */
+  _resolvePrincipal(toolName, toolInput) {
+    if (this._principalResolver != null) {
+      return this._principalResolver(toolName, toolInput);
+    }
+    return this._principal;
+  }
+  // -----------------------------------------------------------------------
+  // Hooks
+  // -----------------------------------------------------------------------
+  _registerHook(item) {
+    if (item.phase === "before") {
+      this._beforeHooks.push(item);
+    } else {
+      this._afterHooks.push(item);
+    }
+  }
+  getHooks(phase, envelope) {
+    const hooks = phase === "before" ? this._beforeHooks : this._afterHooks;
+    return hooks.filter(
+      (h) => h.tool === "*" || fnmatch(envelope.toolName, h.tool)
+    );
+  }
+  // -----------------------------------------------------------------------
+  // Contract accessors -- enforce mode
+  // -----------------------------------------------------------------------
+  getPreconditions(envelope) {
+    return _Edictum._filterByTool(
+      this._state.preconditions,
+      envelope
+    );
+  }
+  getPostconditions(envelope) {
+    return _Edictum._filterByTool(
+      this._state.postconditions,
+      envelope
+    );
+  }
+  getSessionContracts() {
+    return [...this._state.sessionContracts];
+  }
+  getSandboxContracts(envelope) {
+    return _Edictum._filterSandbox(
+      this._state.sandboxContracts,
+      envelope
+    );
+  }
+  // -----------------------------------------------------------------------
+  // Contract accessors -- observe mode
+  // -----------------------------------------------------------------------
+  getObservePreconditions(envelope) {
+    return _Edictum._filterByTool(
+      this._state.observePreconditions,
+      envelope
+    );
+  }
+  getObservePostconditions(envelope) {
+    return _Edictum._filterByTool(
+      this._state.observePostconditions,
+      envelope
+    );
+  }
+  getObserveSessionContracts() {
+    return [...this._state.observeSessionContracts];
+  }
+  getObserveSandboxContracts(envelope) {
+    return _Edictum._filterSandbox(
+      this._state.observeSandboxContracts,
+      envelope
+    );
+  }
+  // -----------------------------------------------------------------------
+  // Private helpers
+  // -----------------------------------------------------------------------
+  /**
+   * Classify user-facing and internal contracts into enforce/observe lists.
+   *
+   * User-facing contracts (Precondition, Postcondition, SessionContract)
+   * are converted to internal representations. Internal contracts (from
+   * YAML compiler) carry _edictum_* metadata and are classified by their
+   * _edictum_observe flag (Python uses _edictum_shadow — wire-format parity).
+   */
+  static _classifyContracts(contracts, limits, policyVersion) {
+    const pre = [];
+    const post = [];
+    const session = [];
+    const sandbox = [];
+    const oPre = [];
+    const oPost = [];
+    const oSession = [];
+    const oSandbox = [];
+    for (const item of contracts) {
+      const raw = item;
+      const edictumType = raw._edictum_type;
+      const isObserve = raw._edictum_observe ?? raw._edictum_shadow ?? false;
+      if (edictumType != null) {
+        _Edictum._classifyInternal(
+          raw,
+          edictumType,
+          isObserve,
+          { pre, post, session, sandbox, oPre, oPost, oSession, oSandbox }
+        );
+      } else if (isSessionContract(item)) {
+        const name = raw.name ?? "anonymous";
+        session.push({
+          type: "session_contract",
+          name,
+          check: item.check
+        });
+      } else if ("tool" in item && item.contractType === "post") {
+        const postItem = item;
+        const name = raw.name ?? "anonymous";
+        post.push({
+          type: "postcondition",
+          name,
+          tool: postItem.tool,
+          check: postItem.check,
+          when: postItem.when
+        });
+      } else if ("tool" in item) {
+        const ct = raw.contractType;
+        if (ct != null && ct !== "pre") {
+          throw new EdictumConfigError(
+            `Contract with tool "${item.tool}" has unknown contractType "${String(ct)}". Expected "pre" or omitted for Precondition, "post" for Postcondition.`
+          );
+        }
+        if (ct == null && item.check.length >= 2) {
+          throw new EdictumConfigError(
+            `Contract with tool "${item.tool}" has a check function with ${item.check.length} parameters (looks like a Postcondition) but is missing contractType: "post". Add it to prevent misclassification.`
+          );
+        }
+        const preItem = item;
+        const name = raw.name ?? "anonymous";
+        pre.push({
+          type: "precondition",
+          name,
+          tool: preItem.tool,
+          check: preItem.check,
+          when: preItem.when
+        });
+      }
+    }
+    return createCompiledState({
+      preconditions: pre,
+      postconditions: post,
+      sessionContracts: session,
+      sandboxContracts: sandbox,
+      observePreconditions: oPre,
+      observePostconditions: oPost,
+      observeSessionContracts: oSession,
+      observeSandboxContracts: oSandbox,
+      limits,
+      policyVersion
+    });
+  }
+  /** Route an internal contract to the appropriate enforce/observe list. */
+  static _classifyInternal(raw, edictumType, isObserve, lists) {
+    const target = isObserve ? { pre: lists.oPre, post: lists.oPost, session: lists.oSession, sandbox: lists.oSandbox } : { pre: lists.pre, post: lists.post, session: lists.session, sandbox: lists.sandbox };
+    if (edictumType === "precondition") target.pre.push(raw);
+    else if (edictumType === "postcondition") target.post.push(raw);
+    else if (edictumType === "session_contract") target.session.push(raw);
+    else if (edictumType === "sandbox") target.sandbox.push(raw);
+    else {
+      throw new EdictumConfigError(
+        `Unknown _edictum_type "${edictumType}". Expected "precondition", "postcondition", "session_contract", or "sandbox".`
+      );
+    }
+  }
+  /** Filter contracts by tool pattern and optional `when` guard. */
+  static _filterByTool(contracts, envelope) {
+    const result = [];
+    for (const p of contracts) {
+      const tool = p.tool ?? "*";
+      const when = p.when ?? null;
+      if (tool !== "*" && !fnmatch(envelope.toolName, tool)) {
+        continue;
+      }
+      if (when != null) {
+        try {
+          if (!when(envelope)) continue;
+        } catch {
+        }
+      }
+      result.push(p);
+    }
+    return result;
+  }
+  /** Filter sandbox contracts by tool patterns array. */
+  static _filterSandbox(contracts, envelope) {
+    const result = [];
+    for (const s of contracts) {
+      const tools = s.tools ?? ["*"];
+      if (tools.some((p) => fnmatch(envelope.toolName, p))) {
+        result.push(s);
+      }
+    }
+    return result;
+  }
+  // -----------------------------------------------------------------------
+  // Delegated methods — run, evaluate, evaluateBatch
+  // -----------------------------------------------------------------------
+  /** Execute a tool call with full governance pipeline. */
+  async run(toolName, args, toolCallable, options) {
+    const { run: run2 } = await import("./runner-ASI4JIW2.mjs");
+    return run2(this, toolName, args, toolCallable, options);
+  }
+  /**
+   * Dry-run evaluation of a tool call against all matching contracts.
+   *
+   * Never executes the tool. Evaluates exhaustively (no short-circuit).
+   * Session contracts are skipped.
+   */
+  evaluate(toolName, args, options) {
+    return import("./dry-run-54PYIM6T.mjs").then(
+      ({ evaluate }) => evaluate(this, toolName, args, options)
+    );
+  }
+  /** Evaluate a batch of tool calls. Thin wrapper over evaluate(). */
+  evaluateBatch(calls) {
+    return import("./dry-run-54PYIM6T.mjs").then(
+      ({ evaluateBatch }) => evaluateBatch(this, calls)
+    );
+  }
+  static fromYaml(...args) {
+    return fromYaml(...args);
+  }
+  /**
+   * Create an Edictum instance from a YAML string or Uint8Array.
+   */
+  static fromYamlString(content, options) {
+    return fromYamlString(content, options);
+  }
+  /**
+   * Atomically replace this guard's contracts from a YAML string.
+   *
+   * Pass customOperators/customSelectors if the new YAML uses custom
+   * operators or selectors that were passed to fromYaml/fromYamlString.
+   */
+  reload(yamlContent, options) {
+    reload(this, yamlContent, options);
+  }
+};
+
+// src/index.ts
+var VERSION = "0.1.0";
+export {
+  ApprovalStatus,
+  AuditAction,
+  BUILTIN_OPERATOR_NAMES,
+  BUILTIN_SELECTOR_PREFIXES,
+  BashClassifier,
+  CollectingAuditSink,
+  CompositeSink,
+  DEFAULT_LIMITS,
+  Edictum,
+  EdictumConfigError,
+  EdictumDenied,
+  EdictumToolError,
+  FileAuditSink,
+  GovernancePipeline,
+  HookDecision,
+  HookResult,
+  LocalApprovalBackend,
+  MAX_BUNDLE_SIZE,
+  MAX_REGEX_INPUT,
+  MarkEvictedError,
+  MemoryBackend,
+  PolicyError,
+  RedactionPolicy,
+  Session,
+  SideEffect,
+  StdoutAuditSink,
+  ToolRegistry,
+  VERSION,
+  Verdict,
+  _validateToolName,
+  buildFindings,
+  classifyFinding,
+  compileContracts,
+  composeBundles,
+  computeHash,
+  createAuditEvent,
+  createCompiledState,
+  createContractResult,
+  createEnvelope,
+  createEvaluationResult,
+  createFinding,
+  createPostCallResult,
+  createPostDecision,
+  createPreDecision,
+  createPrincipal,
+  deepFreeze,
+  defaultSuccessCheck,
+  evaluateExpression,
+  expandMessage,
+  fnmatch,
+  fromYaml,
+  fromYamlString,
+  loadBundle,
+  loadBundleString,
+  reload,
+  run,
+  validateOperators
+};
+//# sourceMappingURL=index.mjs.map