@google/gemini-cli-core 0.24.0-nightly.20251231.05049b5ab → 0.24.0-preview.0

package/dist/src/policy/policy-engine.js

@@ -8,7 +8,7 @@ import { PolicyDecision, getHookSource, ApprovalMode, } from './types.js';
 import { stableStringify } from './stable-stringify.js';
 import { debugLogger } from '../utils/debugLogger.js';
 import { SafetyCheckDecision } from '../safety/protocol.js';
-import { SHELL_TOOL_NAMES, initializeShellParsers, splitCommands, } from '../utils/shell-utils.js';
+import { SHELL_TOOL_NAMES, initializeShellParsers, splitCommands, hasRedirection, } from '../utils/shell-utils.js';
 function ruleMatches(rule, toolCall, stringifiedArgs, serverName, currentApprovalMode) {
     // Check if rule applies to current approval mode
     if (rule.modes && rule.modes.length > 0) {
@@ -96,6 +96,77 @@ export class PolicyEngine {
     getApprovalMode() {
         return this.approvalMode;
     }
+    /**
+     * Check if a shell command is allowed.
+     */
+    async checkShellCommand(toolName, command, ruleDecision, serverName, dir_path, allowRedirection) {
+        if (!command) {
+            return this.applyNonInteractiveMode(ruleDecision);
+        }
+        await initializeShellParsers();
+        const subCommands = splitCommands(command);
+        if (subCommands.length === 0) {
+            debugLogger.debug(`[PolicyEngine.check] Command parsing failed for: ${command}. Falling back to ASK_USER.`);
+            return this.applyNonInteractiveMode(PolicyDecision.ASK_USER);
+        }
+        // If there are multiple parts, or if we just want to validate the single part against DENY rules
+        if (subCommands.length > 0) {
+            debugLogger.debug(`[PolicyEngine.check] Validating shell command: ${subCommands.length} parts`);
+            if (ruleDecision === PolicyDecision.DENY) {
+                return PolicyDecision.DENY;
+            }
+            // Start optimistically. If all parts are ALLOW, the whole is ALLOW.
+            // We will downgrade if any part is ASK_USER or DENY.
+            let aggregateDecision = PolicyDecision.ALLOW;
+            for (const subCmd of subCommands) {
+                // Prevent infinite recursion for the root command
+                if (subCmd === command) {
+                    if (!allowRedirection && hasRedirection(subCmd)) {
+                        debugLogger.debug(`[PolicyEngine.check] Downgrading ALLOW to ASK_USER for redirected command: ${subCmd}`);
+                        // Redirection always downgrades ALLOW to ASK_USER
+                        if (aggregateDecision === PolicyDecision.ALLOW) {
+                            aggregateDecision = PolicyDecision.ASK_USER;
+                        }
+                    }
+                    else {
+                        // If the command is atomic (cannot be split further) and didn't
+                        // trigger infinite recursion checks, we must respect the decision
+                        // of the rule that triggered this check. If the rule was ASK_USER
+                        // (e.g. wildcard), we must downgrade.
+                        if (ruleDecision === PolicyDecision.ASK_USER &&
+                            aggregateDecision === PolicyDecision.ALLOW) {
+                            aggregateDecision = PolicyDecision.ASK_USER;
+                        }
+                    }
+                    continue;
+                }
+                const subResult = await this.check({ name: toolName, args: { command: subCmd, dir_path } }, serverName);
+                // subResult.decision is already filtered through applyNonInteractiveMode by this.check()
+                const subDecision = subResult.decision;
+                // If any part is DENIED, the whole command is DENIED
+                if (subDecision === PolicyDecision.DENY) {
+                    return PolicyDecision.DENY;
+                }
+                // If any part requires ASK_USER, the whole command requires ASK_USER
+                if (subDecision === PolicyDecision.ASK_USER) {
+                    if (aggregateDecision === PolicyDecision.ALLOW) {
+                        aggregateDecision = PolicyDecision.ASK_USER;
+                    }
+                }
+                // Check for redirection in allowed sub-commands
+                if (subDecision === PolicyDecision.ALLOW &&
+                    !allowRedirection &&
+                    hasRedirection(subCmd)) {
+                    debugLogger.debug(`[PolicyEngine.check] Downgrading ALLOW to ASK_USER for redirected command: ${subCmd}`);
+                    if (aggregateDecision === PolicyDecision.ALLOW) {
+                        aggregateDecision = PolicyDecision.ASK_USER;
+                    }
+                }
+            }
+            return this.applyNonInteractiveMode(aggregateDecision);
+        }
+        return this.applyNonInteractiveMode(ruleDecision);
+    }
     /**
      * Check if a tool call is allowed based on the configured policies.
      * Returns the decision and the matching rule (if any).
@@ -115,56 +186,9 @@ export class PolicyEngine {
         for (const rule of this.rules) {
             if (ruleMatches(rule, toolCall, stringifiedArgs, serverName, this.approvalMode)) {
                 debugLogger.debug(`[PolicyEngine.check] MATCHED rule: toolName=${rule.toolName}, decision=${rule.decision}, priority=${rule.priority}, argsPattern=${rule.argsPattern?.source || 'none'}`);
-                // Special handling for shell commands: check sub-commands if present
-                if (toolCall.name &&
-                    SHELL_TOOL_NAMES.includes(toolCall.name) &&
-                    rule.decision === PolicyDecision.ALLOW) {
-                    const command = toolCall.args?.command;
-                    if (command) {
-                        await initializeShellParsers();
-                        const subCommands = splitCommands(command);
-                        // If there are multiple sub-commands, we must verify EACH of them matches an ALLOW rule.
-                        // If any sub-command results in DENY -> the whole thing is DENY.
-                        // If any sub-command results in ASK_USER -> the whole thing is ASK_USER (unless one is DENY).
-                        // Only if ALL sub-commands are ALLOW do we proceed with ALLOW.
-                        if (subCommands.length === 0) {
-                            // This case occurs if the command is non-empty but parsing fails.
-                            // An ALLOW rule for a prefix might have matched, but since the rest of
-                            // the command is un-parseable, it's unsafe to proceed.
-                            // Fall back to a safe decision.
-                            debugLogger.debug(`[PolicyEngine.check] Command parsing failed for: ${command}. Falling back to safe decision because implicit ALLOW is unsafe.`);
-                            decision = this.applyNonInteractiveMode(PolicyDecision.ASK_USER);
-                        }
-                        else if (subCommands.length > 1) {
-                            debugLogger.debug(`[PolicyEngine.check] Compound command detected: ${subCommands.length} parts`);
-                            let aggregateDecision = PolicyDecision.ALLOW;
-                            for (const subCmd of subCommands) {
-                                // Recursively check each sub-command
-                                const subCall = {
-                                    name: toolCall.name,
-                                    args: { command: subCmd },
-                                };
-                                const subResult = await this.check(subCall, serverName);
-                                if (subResult.decision === PolicyDecision.DENY) {
-                                    aggregateDecision = PolicyDecision.DENY;
-                                    break; // Fail fast
-                                }
-                                else if (subResult.decision === PolicyDecision.ASK_USER) {
-                                    aggregateDecision = PolicyDecision.ASK_USER;
-                                    // efficient: we can only strictly downgrade from ALLOW to ASK_USER,
-                                    // but we must continue looking for DENY.
-                                }
-                            }
-                            decision = aggregateDecision;
-                        }
-                        else {
-                            // Single command, rule match is valid
-                            decision = this.applyNonInteractiveMode(rule.decision);
-                        }
-                    }
-                    else {
-                        decision = this.applyNonInteractiveMode(rule.decision);
-                    }
+                if (toolCall.name && SHELL_TOOL_NAMES.includes(toolCall.name)) {
+                    const args = toolCall.args;
+                    decision = await this.checkShellCommand(toolCall.name, args?.command, rule.decision, serverName, args?.dir_path, rule.allowRedirection);
                 }
                 else {
                     decision = this.applyNonInteractiveMode(rule.decision);

package/dist/src/policy/policy-engine.js.map

@@ -1 +1 @@
-{"version":3,"file":"policy-engine.js","sourceRoot":"","sources":["../../../src/policy/policy-engine.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAqB,MAAM,eAAe,CAAC;AAClD,OAAO,EACL,cAAc,EAMd,aAAa,EACb,YAAY,GACb,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAEtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAE5D,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EACtB,aAAa,GACd,MAAM,yBAAyB,CAAC;AAEjC,SAAS,WAAW,CAClB,IAAoC,EACpC,QAAsB,EACtB,eAAmC,EACnC,UAA8B,EAC9B,mBAAiC;IAEjC,iDAAiD;IACjD,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;YAC9C,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,2EAA2E;QAC3E,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe;YAC1D,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;gBAC7B,6EAA6E;gBAC7E,gHAAgH;gBAChH,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;oBAC1B,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YACD,uDAAuD;YACvD,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC;gBAC/D,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;aAAM,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC3C,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,6DAA6D;QAC7D,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,iFAAiF;QACjF,IACE,eAAe,KAAK,SAAS;YAC7B,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,eAAe,CAAC,EACvC,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CACzB,IAAqB,EACrB,OAA6B;IAE7B,gCAAgC;IAChC,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,KAAK,OAAO,CAAC,SAAS,EAAE,CAAC;QAC3D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,iCAAiC;IACjC,IAAI,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU,KAAK,OAAO,CAAC,UAAU,EAAE,CAAC;QAC9D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,OAAO,YAAY;IACf,KAAK,CAAe;IACpB,QAAQ,CAAsB;IAC9B,YAAY,CAAoB;IACvB,eAAe,CAAiB;IAChC,cAAc,CAAU;IACxB,aAAa,CAAiB;IAC9B,UAAU,CAAU;IAC7B,YAAY,CAAe;IAEnC,YAAY,SAA6B,EAAE,EAAE,aAA6B;QACxE,IAAI,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CACpC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAChD,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,IAAI,CAC1C,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAChD,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,IAAI,CAClD,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAChD,CAAC;QACF,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,IAAI,cAAc,CAAC,QAAQ,CAAC;QACzE,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,IAAI,KAAK,CAAC;QACrD,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC;QAC5C,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,YAAY,CAAC,OAAO,CAAC;IAClE,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,IAAkB;QAChC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,KAAK,CACT,QAAsB,EACtB,UAA8B;QAK9B,IAAI,eAAmC,CAAC;QACxC,gDAAgD;QAChD,IACE,QAAQ,CAAC,IAAI;YACb,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC;gBAC1C,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,EACvD,CAAC;YACD,eAAe,GAAG,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnD,CAAC;QAED,WAAW,CAAC,KAAK,CACf,uCAAuC,QAAQ,CAAC,IAAI,sBAAsB,eAAe,EAAE,CAC5F,CAAC;QAEF,4DAA4D;QAC5D,IAAI,WAAmC,CAAC;QACxC,IAAI,QAAoC,CAAC;QAEzC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,IACE,WAAW,CACT,IAAI,EACJ,QAAQ,EACR,eAAe,EACf,UAAU,EACV,IAAI,CAAC,YAAY,CAClB,EACD,CAAC;gBACD,WAAW,CAAC,KAAK,CACf,+CAA+C,IAAI,CAAC,QAAQ,cAAc,IAAI,CAAC,QAAQ,cAAc,IAAI,CAAC,QAAQ,iBAAiB,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,MAAM,EAAE,CACxK,CAAC;gBAEF,qEAAqE;gBACrE,IACE,QAAQ,CAAC,IAAI;oBACb,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC;oBACxC,IAAI,CAAC,QAAQ,KAAK,cAAc,CAAC,KAAK,EACtC,CAAC;oBACD,MAAM,OAAO,GAAI,QAAQ,CAAC,IAA6B,EAAE,OAAO,CAAC;oBACjE,IAAI,OAAO,EAAE,CAAC;wBACZ,MAAM,sBAAsB,EAAE,CAAC;wBAC/B,MAAM,WAAW,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;wBAE3C,yFAAyF;wBACzF,iEAAiE;wBACjE,8FAA8F;wBAC9F,+DAA+D;wBAC/D,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;4BAC7B,kEAAkE;4BAClE,uEAAuE;4BACvE,uDAAuD;4BACvD,gCAAgC;4BAChC,WAAW,CAAC,KAAK,CACf,oDAAoD,OAAO,mEAAmE,CAC/H,CAAC;4BACF,QAAQ,GAAG,IAAI,CAAC,uBAAuB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;wBACnE,CAAC;6BAAM,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BAClC,WAAW,CAAC,KAAK,CACf,mDAAmD,WAAW,CAAC,MAAM,QAAQ,CAC9E,CAAC;4BACF,IAAI,iBAAiB,GAAG,cAAc,CAAC,KAAK,CAAC;4BAE7C,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;gCACjC,qCAAqC;gCACrC,MAAM,OAAO,GAAG;oCACd,IAAI,EAAE,QAAQ,CAAC,IAAI;oCACnB,IAAI,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE;iCAC1B,CAAC;gCACF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;gCAExD,IAAI,SAAS,CAAC,QAAQ,KAAK,cAAc,CAAC,IAAI,EAAE,CAAC;oCAC/C,iBAAiB,GAAG,cAAc,CAAC,IAAI,CAAC;oCACxC,MAAM,CAAC,YAAY;gCACrB,CAAC;qCAAM,IAAI,SAAS,CAAC,QAAQ,KAAK,cAAc,CAAC,QAAQ,EAAE,CAAC;oCAC1D,iBAAiB,GAAG,cAAc,CAAC,QAAQ,CAAC;oCAC5C,oEAAoE;oCACpE,yCAAyC;gCAC3C,CAAC;4BACH,CAAC;4BAED,QAAQ,GAAG,iBAAiB,CAAC;wBAC/B,CAAC;6BAAM,CAAC;4BACN,sCAAsC;4BACtC,QAAQ,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;wBACzD,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,QAAQ,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBACzD,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,QAAQ,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACzD,CAAC;gBACD,WAAW,GAAG,IAAI,CAAC;gBACnB,MAAM;YACR,CAAC;QACH,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,+CAA+C;YAC/C,WAAW,CAAC,KAAK,CACf,2DAA2D,IAAI,CAAC,eAAe,EAAE,CAClF,CAAC;YACF,QAAQ,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAChE,CAAC;QAED,+CAA+C;QAC/C,IAAI,QAAQ,KAAK,cAAc,CAAC,IAAI,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YAC3D,KAAK,MAAM,WAAW,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACxC,IACE,WAAW,CACT,WAAW,EACX,QAAQ,EACR,eAAe,EACf,UAAU,EACV,IAAI,CAAC,YAAY,CAClB,EACD,CAAC;oBACD,WAAW,CAAC,KAAK,CACf,gDAAgD,WAAW,CAAC,OAAO,CAAC,IAAI,EAAE,CAC3E,CAAC;oBACF,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAChD,QAAQ,EACR,WAAW,CAAC,OAAO,CACpB,CAAC;wBAEF,IAAI,MAAM,CAAC,QAAQ,KAAK,mBAAmB,CAAC,IAAI,EAAE,CAAC;4BACjD,WAAW,CAAC,KAAK,CACf,+CAA+C,MAAM,CAAC,MAAM,EAAE,CAC/D,CAAC;4BACF,OAAO;gCACL,QAAQ,EAAE,cAAc,CAAC,IAAI;gCAC7B,IAAI,EAAE,WAAW;6BAClB,CAAC;wBACJ,CAAC;6BAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,mBAAmB,CAAC,QAAQ,EAAE,CAAC;4BAC5D,WAAW,CAAC,KAAK,CACf,2DAA2D,MAAM,CAAC,MAAM,EAAE,CAC3E,CAAC;4BACF,QAAQ,GAAG,cAAc,CAAC,QAAQ,CAAC;wBACrC,CAAC;oBACH,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,WAAW,CAAC,KAAK,CACf,+CAA+C,KAAK,EAAE,CACvD,CAAC;wBACF,OAAO;4BACL,QAAQ,EAAE,cAAc,CAAC,IAAI;4BAC7B,IAAI,EAAE,WAAW;yBAClB,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC;YAChD,IAAI,EAAE,WAAW;SAClB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,IAAgB;QACtB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,4BAA4B;QAC5B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,UAAU,CAAC,OAA0B;QACnC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC5B,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACtE,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,QAAgB;QACjC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IACvE,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,WAAW;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,OAAwB;QACrC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1E,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS,CACb,OAAoD;QAEpD,2DAA2D;QAC3D,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,OAAO,cAAc,CAAC,IAAI,CAAC;QAC7B,CAAC;QAED,MAAM,OAAO,GACX,OAAO,IAAI,OAAO;YAChB,CAAC,CAAC;gBACE,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,UAAU,EAAE,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC;gBACxC,aAAa,EACX,OAAO,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,KAAK,SAAS;oBAClD,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC;oBACjC,CAAC,CAAC,SAAS;aAChB;YACH,CAAC,CAAC,OAAO,CAAC;QAEd,iDAAiD;QACjD,IAAI,OAAO,CAAC,aAAa,KAAK,KAAK,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACxE,OAAO,cAAc,CAAC,IAAI,CAAC;QAC7B,CAAC;QAED,kDAAkD;QAClD,IAAI,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvD,KAAK,MAAM,WAAW,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC5C,IAAI,kBAAkB,CAAC,WAAW,EAAE,OAAO,CAAC,EAAE,CAAC;oBAC7C,WAAW,CAAC,KAAK,CACf,kDAAkD,WAAW,CAAC,OAAO,CAAC,IAAI,eAAe,OAAO,CAAC,SAAS,EAAE,CAC7G,CAAC;oBACF,IAAI,CAAC;wBACH,0DAA0D;wBAC1D,0DAA0D;wBAC1D,MAAM,aAAa,GAAG;4BACpB,IAAI,EAAE,QAAQ,OAAO,CAAC,SAAS,EAAE;4BACjC,IAAI,EAAE;gCACJ,UAAU,EAAE,OAAO,CAAC,UAAU;gCAC9B,aAAa,EAAE,OAAO,CAAC,aAAa;6BACrC;yBACF,CAAC;wBAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAChD,aAAa,EACb,WAAW,CAAC,OAAO,CACpB,CAAC;wBAEF,IAAI,MAAM,CAAC,QAAQ,KAAK,mBAAmB,CAAC,IAAI,EAAE,CAAC;4BACjD,WAAW,CAAC,KAAK,CACf,iDAAiD,MAAM,CAAC,MAAM,EAAE,CACjE,CAAC;4BACF,OAAO,cAAc,CAAC,IAAI,CAAC;wBAC7B,CAAC;6BAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,mBAAmB,CAAC,QAAQ,EAAE,CAAC;4BAC5D,WAAW,CAAC,KAAK,CACf,6DAA6D,MAAM,CAAC,MAAM,EAAE,CAC7E,CAAC;4BACF,iEAAiE;4BACjE,OAAO,IAAI,CAAC,uBAAuB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;wBAC/D,CAAC;oBACH,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,WAAW,CAAC,KAAK,CACf,iDAAiD,KAAK,EAAE,CACzD,CAAC;wBACF,OAAO,cAAc,CAAC,IAAI,CAAC;oBAC7B,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,uBAAuB;QACvB,OAAO,cAAc,CAAC,KAAK,CAAC;IAC9B,CAAC;IAEO,uBAAuB,CAAC,QAAwB;QACtD,iDAAiD;QACjD,IAAI,IAAI,CAAC,cAAc,IAAI,QAAQ,KAAK,cAAc,CAAC,QAAQ,EAAE,CAAC;YAChE,OAAO,cAAc,CAAC,IAAI,CAAC;QAC7B,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
+{"version":3,"file":"policy-engine.js","sourceRoot":"","sources":["../../../src/policy/policy-engine.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAqB,MAAM,eAAe,CAAC;AAClD,OAAO,EACL,cAAc,EAMd,aAAa,EACb,YAAY,GACb,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAEtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAE5D,OAAO,EACL,gBAAgB,EAChB,sBAAsB,EACtB,aAAa,EACb,cAAc,GACf,MAAM,yBAAyB,CAAC;AAEjC,SAAS,WAAW,CAClB,IAAoC,EACpC,QAAsB,EACtB,eAAmC,EACnC,UAA8B,EAC9B,mBAAiC;IAEjC,iDAAiD;IACjD,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;YAC9C,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,2EAA2E;QAC3E,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe;YAC1D,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;gBAC7B,6EAA6E;gBAC7E,gHAAgH;gBAChH,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;oBAC1B,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YACD,uDAAuD;YACvD,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC;gBAC/D,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;aAAM,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC3C,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,6DAA6D;QAC7D,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,iFAAiF;QACjF,IACE,eAAe,KAAK,SAAS;YAC7B,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,eAAe,CAAC,EACvC,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CACzB,IAAqB,EACrB,OAA6B;IAE7B,gCAAgC;IAChC,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,KAAK,OAAO,CAAC,SAAS,EAAE,CAAC;QAC3D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,iCAAiC;IACjC,IAAI,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU,KAAK,OAAO,CAAC,UAAU,EAAE,CAAC;QAC9D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,OAAO,YAAY;IACf,KAAK,CAAe;IACpB,QAAQ,CAAsB;IAC9B,YAAY,CAAoB;IACvB,eAAe,CAAiB;IAChC,cAAc,CAAU;IACxB,aAAa,CAAiB;IAC9B,UAAU,CAAU;IAC7B,YAAY,CAAe;IAEnC,YAAY,SAA6B,EAAE,EAAE,aAA6B;QACxE,IAAI,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CACpC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAChD,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,IAAI,CAC1C,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAChD,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,IAAI,CAClD,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAChD,CAAC;QACF,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,IAAI,cAAc,CAAC,QAAQ,CAAC;QACzE,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,IAAI,KAAK,CAAC;QACrD,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC;QAC5C,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,YAAY,CAAC,OAAO,CAAC;IAClE,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,IAAkB;QAChC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAC7B,QAAgB,EAChB,OAA2B,EAC3B,YAA4B,EAC5B,UAA8B,EAC9B,QAA4B,EAC5B,gBAA0B;QAE1B,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CAAC,uBAAuB,CAAC,YAAY,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,sBAAsB,EAAE,CAAC;QAC/B,MAAM,WAAW,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QAE3C,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,WAAW,CAAC,KAAK,CACf,oDAAoD,OAAO,6BAA6B,CACzF,CAAC;YACF,OAAO,IAAI,CAAC,uBAAuB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC/D,CAAC;QAED,iGAAiG;QACjG,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,WAAW,CAAC,KAAK,CACf,kDAAkD,WAAW,CAAC,MAAM,QAAQ,CAC7E,CAAC;YAEF,IAAI,YAAY,KAAK,cAAc,CAAC,IAAI,EAAE,CAAC;gBACzC,OAAO,cAAc,CAAC,IAAI,CAAC;YAC7B,CAAC;YAED,oEAAoE;YACpE,qDAAqD;YACrD,IAAI,iBAAiB,GAAG,cAAc,CAAC,KAAK,CAAC;YAE7C,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;gBACjC,kDAAkD;gBAClD,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;oBACvB,IAAI,CAAC,gBAAgB,IAAI,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC;wBAChD,WAAW,CAAC,KAAK,CACf,8EAA8E,MAAM,EAAE,CACvF,CAAC;wBACF,kDAAkD;wBAClD,IAAI,iBAAiB,KAAK,cAAc,CAAC,KAAK,EAAE,CAAC;4BAC/C,iBAAiB,GAAG,cAAc,CAAC,QAAQ,CAAC;wBAC9C,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,gEAAgE;wBAChE,kEAAkE;wBAClE,kEAAkE;wBAClE,sCAAsC;wBACtC,IACE,YAAY,KAAK,cAAc,CAAC,QAAQ;4BACxC,iBAAiB,KAAK,cAAc,CAAC,KAAK,EAC1C,CAAC;4BACD,iBAAiB,GAAG,cAAc,CAAC,QAAQ,CAAC;wBAC9C,CAAC;oBACH,CAAC;oBACD,SAAS;gBACX,CAAC;gBAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAChC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,EACvD,UAAU,CACX,CAAC;gBAEF,yFAAyF;gBACzF,MAAM,WAAW,GAAG,SAAS,CAAC,QAAQ,CAAC;gBAEvC,qDAAqD;gBACrD,IAAI,WAAW,KAAK,cAAc,CAAC,IAAI,EAAE,CAAC;oBACxC,OAAO,cAAc,CAAC,IAAI,CAAC;gBAC7B,CAAC;gBAED,qEAAqE;gBACrE,IAAI,WAAW,KAAK,cAAc,CAAC,QAAQ,EAAE,CAAC;oBAC5C,IAAI,iBAAiB,KAAK,cAAc,CAAC,KAAK,EAAE,CAAC;wBAC/C,iBAAiB,GAAG,cAAc,CAAC,QAAQ,CAAC;oBAC9C,CAAC;gBACH,CAAC;gBAED,gDAAgD;gBAChD,IACE,WAAW,KAAK,cAAc,CAAC,KAAK;oBACpC,CAAC,gBAAgB;oBACjB,cAAc,CAAC,MAAM,CAAC,EACtB,CAAC;oBACD,WAAW,CAAC,KAAK,CACf,8EAA8E,MAAM,EAAE,CACvF,CAAC;oBACF,IAAI,iBAAiB,KAAK,cAAc,CAAC,KAAK,EAAE,CAAC;wBAC/C,iBAAiB,GAAG,cAAc,CAAC,QAAQ,CAAC;oBAC9C,CAAC;gBACH,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC,uBAAuB,CAAC,iBAAiB,CAAC,CAAC;QACzD,CAAC;QAED,OAAO,IAAI,CAAC,uBAAuB,CAAC,YAAY,CAAC,CAAC;IACpD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,KAAK,CACT,QAAsB,EACtB,UAA8B;QAK9B,IAAI,eAAmC,CAAC;QACxC,gDAAgD;QAChD,IACE,QAAQ,CAAC,IAAI;YACb,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC;gBAC1C,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,EACvD,CAAC;YACD,eAAe,GAAG,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnD,CAAC;QAED,WAAW,CAAC,KAAK,CACf,uCAAuC,QAAQ,CAAC,IAAI,sBAAsB,eAAe,EAAE,CAC5F,CAAC;QAEF,4DAA4D;QAC5D,IAAI,WAAmC,CAAC;QACxC,IAAI,QAAoC,CAAC;QAEzC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,IACE,WAAW,CACT,IAAI,EACJ,QAAQ,EACR,eAAe,EACf,UAAU,EACV,IAAI,CAAC,YAAY,CAClB,EACD,CAAC;gBACD,WAAW,CAAC,KAAK,CACf,+CAA+C,IAAI,CAAC,QAAQ,cAAc,IAAI,CAAC,QAAQ,cAAc,IAAI,CAAC,QAAQ,iBAAiB,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,MAAM,EAAE,CACxK,CAAC;gBAEF,IAAI,QAAQ,CAAC,IAAI,IAAI,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC9D,MAAM,IAAI,GAAG,QAAQ,CAAC,IAA+C,CAAC;oBACtE,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,CACrC,QAAQ,CAAC,IAAI,EACb,IAAI,EAAE,OAAO,EACb,IAAI,CAAC,QAAQ,EACb,UAAU,EACV,IAAI,EAAE,QAAQ,EACd,IAAI,CAAC,gBAAgB,CACtB,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,QAAQ,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACzD,CAAC;gBACD,WAAW,GAAG,IAAI,CAAC;gBACnB,MAAM;YACR,CAAC;QACH,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,+CAA+C;YAC/C,WAAW,CAAC,KAAK,CACf,2DAA2D,IAAI,CAAC,eAAe,EAAE,CAClF,CAAC;YACF,QAAQ,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAChE,CAAC;QAED,+CAA+C;QAC/C,IAAI,QAAQ,KAAK,cAAc,CAAC,IAAI,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YAC3D,KAAK,MAAM,WAAW,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACxC,IACE,WAAW,CACT,WAAW,EACX,QAAQ,EACR,eAAe,EACf,UAAU,EACV,IAAI,CAAC,YAAY,CAClB,EACD,CAAC;oBACD,WAAW,CAAC,KAAK,CACf,gDAAgD,WAAW,CAAC,OAAO,CAAC,IAAI,EAAE,CAC3E,CAAC;oBACF,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAChD,QAAQ,EACR,WAAW,CAAC,OAAO,CACpB,CAAC;wBAEF,IAAI,MAAM,CAAC,QAAQ,KAAK,mBAAmB,CAAC,IAAI,EAAE,CAAC;4BACjD,WAAW,CAAC,KAAK,CACf,+CAA+C,MAAM,CAAC,MAAM,EAAE,CAC/D,CAAC;4BACF,OAAO;gCACL,QAAQ,EAAE,cAAc,CAAC,IAAI;gCAC7B,IAAI,EAAE,WAAW;6BAClB,CAAC;wBACJ,CAAC;6BAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,mBAAmB,CAAC,QAAQ,EAAE,CAAC;4BAC5D,WAAW,CAAC,KAAK,CACf,2DAA2D,MAAM,CAAC,MAAM,EAAE,CAC3E,CAAC;4BACF,QAAQ,GAAG,cAAc,CAAC,QAAQ,CAAC;wBACrC,CAAC;oBACH,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,WAAW,CAAC,KAAK,CACf,+CAA+C,KAAK,EAAE,CACvD,CAAC;wBACF,OAAO;4BACL,QAAQ,EAAE,cAAc,CAAC,IAAI;4BAC7B,IAAI,EAAE,WAAW;yBAClB,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC;YAChD,IAAI,EAAE,WAAW;SAClB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,IAAgB;QACtB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,4BAA4B;QAC5B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,UAAU,CAAC,OAA0B;QACnC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC5B,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACtE,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,QAAgB;QACjC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IACvE,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,WAAW;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,OAAwB;QACrC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1E,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS,CACb,OAAoD;QAEpD,2DAA2D;QAC3D,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,OAAO,cAAc,CAAC,IAAI,CAAC;QAC7B,CAAC;QAED,MAAM,OAAO,GACX,OAAO,IAAI,OAAO;YAChB,CAAC,CAAC;gBACE,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,UAAU,EAAE,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC;gBACxC,aAAa,EACX,OAAO,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,KAAK,SAAS;oBAClD,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC;oBACjC,CAAC,CAAC,SAAS;aAChB;YACH,CAAC,CAAC,OAAO,CAAC;QAEd,iDAAiD;QACjD,IAAI,OAAO,CAAC,aAAa,KAAK,KAAK,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACxE,OAAO,cAAc,CAAC,IAAI,CAAC;QAC7B,CAAC;QAED,kDAAkD;QAClD,IAAI,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvD,KAAK,MAAM,WAAW,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC5C,IAAI,kBAAkB,CAAC,WAAW,EAAE,OAAO,CAAC,EAAE,CAAC;oBAC7C,WAAW,CAAC,KAAK,CACf,kDAAkD,WAAW,CAAC,OAAO,CAAC,IAAI,eAAe,OAAO,CAAC,SAAS,EAAE,CAC7G,CAAC;oBACF,IAAI,CAAC;wBACH,0DAA0D;wBAC1D,0DAA0D;wBAC1D,MAAM,aAAa,GAAG;4BACpB,IAAI,EAAE,QAAQ,OAAO,CAAC,SAAS,EAAE;4BACjC,IAAI,EAAE;gCACJ,UAAU,EAAE,OAAO,CAAC,UAAU;gCAC9B,aAAa,EAAE,OAAO,CAAC,aAAa;6BACrC;yBACF,CAAC;wBAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAChD,aAAa,EACb,WAAW,CAAC,OAAO,CACpB,CAAC;wBAEF,IAAI,MAAM,CAAC,QAAQ,KAAK,mBAAmB,CAAC,IAAI,EAAE,CAAC;4BACjD,WAAW,CAAC,KAAK,CACf,iDAAiD,MAAM,CAAC,MAAM,EAAE,CACjE,CAAC;4BACF,OAAO,cAAc,CAAC,IAAI,CAAC;wBAC7B,CAAC;6BAAM,IAAI,MAAM,CAAC,QAAQ,KAAK,mBAAmB,CAAC,QAAQ,EAAE,CAAC;4BAC5D,WAAW,CAAC,KAAK,CACf,6DAA6D,MAAM,CAAC,MAAM,EAAE,CAC7E,CAAC;4BACF,iEAAiE;4BACjE,OAAO,IAAI,CAAC,uBAAuB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;wBAC/D,CAAC;oBACH,CAAC;oBAAC,OAAO,KAAK,EAAE,CAAC;wBACf,WAAW,CAAC,KAAK,CACf,iDAAiD,KAAK,EAAE,CACzD,CAAC;wBACF,OAAO,cAAc,CAAC,IAAI,CAAC;oBAC7B,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,uBAAuB;QACvB,OAAO,cAAc,CAAC,KAAK,CAAC;IAC9B,CAAC;IAEO,uBAAuB,CAAC,QAAwB;QACtD,iDAAiD;QACjD,IAAI,IAAI,CAAC,cAAc,IAAI,QAAQ,KAAK,cAAc,CAAC,QAAQ,EAAE,CAAC;YAChE,OAAO,cAAc,CAAC,IAAI,CAAC;QAC7B,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/dist/src/policy/policy-engine.test.js

@@ -3,13 +3,37 @@
  * Copyright 2025 Google LLC
  * SPDX-License-Identifier: Apache-2.0
  */
-import { describe, it, expect, beforeEach, vi } from 'vitest';
+import { describe, it, expect, beforeEach, beforeAll, vi } from 'vitest';
 import { PolicyEngine } from './policy-engine.js';
 import { PolicyDecision, InProcessCheckerType, ApprovalMode, } from './types.js';
 import { SafetyCheckDecision } from '../safety/protocol.js';
+import { initializeShellParsers } from '../utils/shell-utils.js';
+import { buildArgsPatterns } from './utils.js';
+// Mock shell-utils to ensure consistent behavior across platforms (especially Windows CI)
+// We want to test PolicyEngine logic, not the shell parser's ability to parse commands
+vi.mock('../utils/shell-utils.js', async (importOriginal) => {
+    const actual = await importOriginal();
+    return {
+        ...actual,
+        initializeShellParsers: vi.fn().mockResolvedValue(undefined),
+        splitCommands: vi.fn().mockImplementation((command) => {
+            // Simple mock splitting logic for test cases
+            if (command.includes('&&')) {
+                return command.split('&&').map((c) => c.trim());
+            }
+            return [command];
+        }),
+        hasRedirection: vi.fn().mockImplementation((command) => 
+        // Simple mock: true if '>' is present, unless it looks like "-> arrow"
+        command.includes('>') && !command.includes('-> arrow')),
+    };
+});
 describe('PolicyEngine', () => {
     let engine;
     let mockCheckerRunner;
+    beforeAll(async () => {
+        await initializeShellParsers();
+    });
     beforeEach(() => {
         mockCheckerRunner = {
             runChecker: vi.fn(),
@@ -308,6 +332,23 @@ describe('PolicyEngine', () => {
             // Matches lowest priority rule (not shell)
             expect((await engine.check({ name: 'edit' }, undefined)).decision).toBe(PolicyDecision.DENY);
         });
+        it('should correctly match commands with quotes in commandPrefix', async () => {
+            const prefix = 'git commit -m "fix"';
+            const patterns = buildArgsPatterns(undefined, prefix);
+            const rules = [
+                {
+                    toolName: 'run_shell_command',
+                    argsPattern: new RegExp(patterns[0]),
+                    decision: PolicyDecision.ALLOW,
+                },
+            ];
+            engine = new PolicyEngine({ rules });
+            const result = await engine.check({
+                name: 'run_shell_command',
+                args: { command: 'git commit -m "fix"' },
+            }, undefined);
+            expect(result.decision).toBe(PolicyDecision.ALLOW);
+        });
         it('should handle tools with no args', async () => {
             const rules = [
                 {
@@ -592,6 +633,236 @@ describe('PolicyEngine', () => {
             // Should fall back to regular object serialization when toJSON throws
             expect((await engine.check({ name: 'test', args }, undefined)).decision).toBe(PolicyDecision.ALLOW);
         });
+        it('should downgrade ALLOW to ASK_USER for redirected shell commands', async () => {
+            const rules = [
+                {
+                    toolName: 'run_shell_command',
+                    // Matches "echo" prefix
+                    argsPattern: /"command":"echo/,
+                    decision: PolicyDecision.ALLOW,
+                },
+            ];
+            engine = new PolicyEngine({ rules });
+            // Safe command should be allowed
+            expect((await engine.check({ name: 'run_shell_command', args: { command: 'echo "hello"' } }, undefined)).decision).toBe(PolicyDecision.ALLOW);
+            // Redirected command should be downgraded to ASK_USER
+            expect((await engine.check({
+                name: 'run_shell_command',
+                args: { command: 'echo "hello" > file.txt' },
+            }, undefined)).decision).toBe(PolicyDecision.ASK_USER);
+        });
+        it('should allow redirected shell commands when allowRedirection is true', async () => {
+            const rules = [
+                {
+                    toolName: 'run_shell_command',
+                    // Matches "echo" prefix
+                    argsPattern: /"command":"echo/,
+                    decision: PolicyDecision.ALLOW,
+                    allowRedirection: true,
+                },
+            ];
+            engine = new PolicyEngine({ rules });
+            // Redirected command should stay ALLOW
+            expect((await engine.check({
+                name: 'run_shell_command',
+                args: { command: 'echo "hello" > file.txt' },
+            }, undefined)).decision).toBe(PolicyDecision.ALLOW);
+        });
+        it('should NOT downgrade ALLOW to ASK_USER for quoted redirection chars', async () => {
+            const rules = [
+                {
+                    toolName: 'run_shell_command',
+                    argsPattern: /"command":"echo/,
+                    decision: PolicyDecision.ALLOW,
+                },
+            ];
+            engine = new PolicyEngine({ rules });
+            // Should remain ALLOW because it's not a real redirection
+            expect((await engine.check({
+                name: 'run_shell_command',
+                args: { command: 'echo "-> arrow"' },
+            }, undefined)).decision).toBe(PolicyDecision.ALLOW);
+        });
+        it('should preserve dir_path during recursive shell command checks', async () => {
+            const rules = [
+                {
+                    toolName: 'run_shell_command',
+                    // Rule that only allows echo in a specific directory
+                    // Note: stableStringify sorts keys alphabetically and has no spaces: {"command":"echo hello","dir_path":"/safe/path"}
+                    argsPattern: /"command":"echo hello".*"dir_path":"\/safe\/path"/,
+                    decision: PolicyDecision.ALLOW,
+                },
+                {
+                    // Catch-all ALLOW for shell but with low priority
+                    toolName: 'run_shell_command',
+                    decision: PolicyDecision.ALLOW,
+                    priority: -100,
+                },
+            ];
+            engine = new PolicyEngine({ rules });
+            // Compound command. The decomposition will call check() for "echo hello"
+            // which should match our specific high-priority rule IF dir_path is preserved.
+            const result = await engine.check({
+                name: 'run_shell_command',
+                args: { command: 'echo hello && pwd', dir_path: '/safe/path' },
+            }, undefined);
+            expect(result.decision).toBe(PolicyDecision.ALLOW);
+        });
+        it('should upgrade ASK_USER to ALLOW if all sub-commands are allowed', async () => {
+            const rules = [
+                {
+                    toolName: 'run_shell_command',
+                    argsPattern: /"command":"git status/,
+                    decision: PolicyDecision.ALLOW,
+                    priority: 20,
+                },
+                {
+                    toolName: 'run_shell_command',
+                    argsPattern: /"command":"ls/,
+                    decision: PolicyDecision.ALLOW,
+                    priority: 20,
+                },
+                {
+                    // Catch-all ASK_USER for shell
+                    toolName: 'run_shell_command',
+                    decision: PolicyDecision.ASK_USER,
+                    priority: 10,
+                },
+            ];
+            engine = new PolicyEngine({ rules });
+            // "git status && ls" matches the catch-all ASK_USER rule initially.
+            // But since both parts are explicitly ALLOWed, the result should be upgraded to ALLOW.
+            const result = await engine.check({
+                name: 'run_shell_command',
+                args: { command: 'git status && ls' },
+            }, undefined);
+            expect(result.decision).toBe(PolicyDecision.ALLOW);
+        });
+        it('should respect explicit DENY for compound commands even if parts are allowed', async () => {
+            const rules = [
+                {
+                    // Explicitly DENY the compound command
+                    toolName: 'run_shell_command',
+                    argsPattern: /"command":"git status && ls"/,
+                    decision: PolicyDecision.DENY,
+                    priority: 30,
+                },
+                {
+                    toolName: 'run_shell_command',
+                    argsPattern: /"command":"git status/,
+                    decision: PolicyDecision.ALLOW,
+                    priority: 20,
+                },
+                {
+                    toolName: 'run_shell_command',
+                    argsPattern: /"command":"ls/,
+                    decision: PolicyDecision.ALLOW,
+                    priority: 20,
+                },
+            ];
+            engine = new PolicyEngine({ rules });
+            const result = await engine.check({
+                name: 'run_shell_command',
+                args: { command: 'git status && ls' },
+            }, undefined);
+            expect(result.decision).toBe(PolicyDecision.DENY);
+        });
+        it('should propagate DENY from any sub-command', async () => {
+            const rules = [
+                {
+                    toolName: 'run_shell_command',
+                    argsPattern: /"command":"rm/,
+                    decision: PolicyDecision.DENY,
+                    priority: 20,
+                },
+                {
+                    toolName: 'run_shell_command',
+                    argsPattern: /"command":"echo/,
+                    decision: PolicyDecision.ALLOW,
+                    priority: 20,
+                },
+                {
+                    toolName: 'run_shell_command',
+                    decision: PolicyDecision.ASK_USER,
+                    priority: 10,
+                },
+            ];
+            engine = new PolicyEngine({ rules });
+            // "echo hello && rm -rf /" -> echo is ALLOW, rm is DENY -> Result DENY
+            const result = await engine.check({
+                name: 'run_shell_command',
+                args: { command: 'echo hello && rm -rf /' },
+            }, undefined);
+            expect(result.decision).toBe(PolicyDecision.DENY);
+        });
+        it('should DENY redirected shell commands in non-interactive mode', async () => {
+            const config = {
+                nonInteractive: true,
+                rules: [
+                    {
+                        toolName: 'run_shell_command',
+                        decision: PolicyDecision.ALLOW,
+                    },
+                ],
+            };
+            engine = new PolicyEngine(config);
+            // Redirected command should be DENIED in non-interactive mode
+            // (Normally ASK_USER, but ASK_USER -> DENY in non-interactive)
+            expect((await engine.check({
+                name: 'run_shell_command',
+                args: { command: 'echo "hello" > file.txt' },
+            }, undefined)).decision).toBe(PolicyDecision.DENY);
+        });
+        it('should default to ASK_USER for atomic commands when matching a wildcard ASK_USER rule', async () => {
+            // Regression test: atomic commands were auto-allowing because of optimistic initialization
+            const rules = [
+                {
+                    toolName: 'run_shell_command',
+                    decision: PolicyDecision.ASK_USER,
+                },
+            ];
+            engine = new PolicyEngine({ rules });
+            // Atomic command "whoami" matches the wildcard rule (ASK_USER).
+            // It should NOT be upgraded to ALLOW.
+            expect((await engine.check({
+                name: 'run_shell_command',
+                args: { command: 'whoami' },
+            }, undefined)).decision).toBe(PolicyDecision.ASK_USER);
+        });
+        it('should allow redirected shell commands in non-interactive mode if allowRedirection is true', async () => {
+            const config = {
+                nonInteractive: true,
+                rules: [
+                    {
+                        toolName: 'run_shell_command',
+                        decision: PolicyDecision.ALLOW,
+                        allowRedirection: true,
+                    },
+                ],
+            };
+            engine = new PolicyEngine(config);
+            // Redirected command should stay ALLOW even in non-interactive mode
+            expect((await engine.check({
+                name: 'run_shell_command',
+                args: { command: 'echo "hello" > file.txt' },
+            }, undefined)).decision).toBe(PolicyDecision.ALLOW);
+        });
+        it('should avoid infinite recursion for commands with substitution', async () => {
+            const rules = [
+                {
+                    toolName: 'run_shell_command',
+                    decision: PolicyDecision.ALLOW,
+                },
+            ];
+            engine = new PolicyEngine({ rules });
+            // Command with substitution triggers splitCommands returning the same command as its first element.
+            // This verifies the fix for the infinite recursion bug.
+            const result = await engine.check({
+                name: 'run_shell_command',
+                args: { command: 'echo $(ls)' },
+            }, undefined);
+            expect(result.decision).toBe(PolicyDecision.ALLOW);
+        });
     });
     describe('safety checker integration', () => {
         it('should call checker when rule allows and has safety_checker', async () => {