@highflame/policy 1.1.3

package/dist/actions.gen.d.ts

@@ -0,0 +1,29 @@
+import { EntityUID } from './entities.gen.js';
+/**
+ * Action types defined in the Highflame Cedar schema.
+ */
+export declare const ActionType: {
+    readonly AccessServerResource: "access_server_resource";
+    readonly CallTool: "call_tool";
+    readonly ConnectServer: "connect_server";
+    readonly DeployModel: "deploy_model";
+    readonly HttpRequest: "http_request";
+    readonly LoadModel: "load_model";
+    readonly ProcessPrompt: "process_prompt";
+    readonly ProcessResponse: "process_response";
+    readonly QuarantineArtifact: "quarantine_artifact";
+    readonly ReadFile: "read_file";
+    readonly ScanArtifact: "scan_artifact";
+    readonly ScanPackage: "scan_package";
+    readonly ScanTarget: "scan_target";
+    readonly SkipGuardrails: "skip_guardrails";
+    readonly ValidateIntegrity: "validate_integrity";
+    readonly ValidateProvenance: "validate_provenance";
+    readonly WriteFile: "write_file";
+};
+export type ActionType = (typeof ActionType)[keyof typeof ActionType];
+/**
+ * Create an EntityUID for an action.
+ */
+export declare function actionUID(action: ActionType): EntityUID;
+//# sourceMappingURL=actions.gen.d.ts.map

package/dist/actions.gen.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"actions.gen.d.ts","sourceRoot":"","sources":["../src/actions.gen.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE9C;;GAEG;AACH,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;CAkBb,CAAC;AAEX,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,OAAO,UAAU,CAAC,CAAC;AAEtE;;GAEG;AACH,wBAAgB,SAAS,CAAC,MAAM,EAAE,UAAU,GAAG,SAAS,CAEvD"}

package/dist/actions.gen.js

@@ -0,0 +1,31 @@
+// Code generated by highflame-policy-codegen. DO NOT EDIT.
+// Source: schema/highflame.cedarschema
+/**
+ * Action types defined in the Highflame Cedar schema.
+ */
+export const ActionType = {
+    AccessServerResource: 'access_server_resource',
+    CallTool: 'call_tool',
+    ConnectServer: 'connect_server',
+    DeployModel: 'deploy_model',
+    HttpRequest: 'http_request',
+    LoadModel: 'load_model',
+    ProcessPrompt: 'process_prompt',
+    ProcessResponse: 'process_response',
+    QuarantineArtifact: 'quarantine_artifact',
+    ReadFile: 'read_file',
+    ScanArtifact: 'scan_artifact',
+    ScanPackage: 'scan_package',
+    ScanTarget: 'scan_target',
+    SkipGuardrails: 'skip_guardrails',
+    ValidateIntegrity: 'validate_integrity',
+    ValidateProvenance: 'validate_provenance',
+    WriteFile: 'write_file',
+};
+/**
+ * Create an EntityUID for an action.
+ */
+export function actionUID(action) {
+    return { type: 'Action', id: action };
+}
+//# sourceMappingURL=actions.gen.js.map

package/dist/actions.gen.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"actions.gen.js","sourceRoot":"","sources":["../src/actions.gen.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,uCAAuC;AAIvC;;GAEG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG;IACtB,oBAAoB,EAAE,wBAAwB;IAC9C,QAAQ,EAAE,WAAW;IACrB,aAAa,EAAE,gBAAgB;IAC/B,WAAW,EAAE,cAAc;IAC3B,WAAW,EAAE,cAAc;IAC3B,SAAS,EAAE,YAAY;IACvB,aAAa,EAAE,gBAAgB;IAC/B,eAAe,EAAE,kBAAkB;IACnC,kBAAkB,EAAE,qBAAqB;IACzC,QAAQ,EAAE,WAAW;IACrB,YAAY,EAAE,eAAe;IAC7B,WAAW,EAAE,cAAc;IAC3B,UAAU,EAAE,aAAa;IACzB,cAAc,EAAE,iBAAiB;IACjC,iBAAiB,EAAE,oBAAoB;IACvC,kBAAkB,EAAE,qBAAqB;IACzC,SAAS,EAAE,YAAY;CACjB,CAAC;AAIX;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,MAAkB;IACxC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC;AAC1C,CAAC"}

package/dist/builder.d.ts

@@ -0,0 +1,189 @@
+/**
+ * PolicyBuilder - Type-safe Cedar policy construction for Highflame.
+ *
+ * This builder ensures that policies created from the UI are always valid
+ * by construction. It uses the generated types from the Cedar schema to
+ * provide compile-time safety and autocomplete support.
+ *
+ * Example usage:
+ * ```typescript
+ * const policy = PolicyBuilder.permit()
+ *   .principal(EntityType.User, "user-123")
+ *   .action(ActionType.ReadFile)
+ *   .resource(EntityType.FilePath, "/data/reports")
+ *   .when("context.environment == \"production\"")
+ *   .build();
+ *
+ * // Get Cedar policy text
+ * const cedarText = policy.toCedar();
+ *
+ * // Get JSON representation (for storage/editing)
+ * const policyJson = policy.toJSON();
+ * ```
+ */
+import { EntityType, EntityUID } from './entities.gen.js';
+import { ActionType } from './actions.gen.js';
+import { ContextKey } from './context.gen.js';
+/**
+ * Policy effect - permit or forbid
+ */
+export type PolicyEffect = 'permit' | 'forbid';
+/**
+ * Condition operator types
+ */
+export type ConditionOperator = 'eq' | 'neq' | 'lt' | 'lte' | 'gt' | 'gte' | 'contains' | 'in' | 'like';
+/**
+ * A single condition in a policy
+ */
+export interface PolicyCondition {
+    /** The context key or attribute path */
+    field: string;
+    /** The comparison operator */
+    operator: ConditionOperator;
+    /** The value to compare against */
+    value: string | number | boolean | string[];
+}
+/**
+ * JSON representation of a policy for storage and editing
+ */
+export interface PolicyJSON {
+    /** Unique identifier for this policy */
+    id?: string;
+    /** Human-readable name/description */
+    name?: string;
+    /** Policy effect */
+    effect: PolicyEffect;
+    /** Principal constraint */
+    principal: {
+        type: string;
+        id?: string;
+    } | null;
+    /** Action constraint */
+    action: string | string[];
+    /** Resource constraint */
+    resource: {
+        type: string;
+        id?: string;
+    } | null;
+    /** Conditions (when clause) */
+    conditions: PolicyCondition[];
+    /** Raw condition string (for advanced users) */
+    rawCondition?: string;
+}
+/**
+ * A built policy that can be converted to Cedar text or JSON
+ */
+export declare class Policy {
+    private readonly data;
+    constructor(data: PolicyJSON);
+    /**
+     * Convert to Cedar policy text
+     */
+    toCedar(): string;
+    /**
+     * Convert a condition to Cedar syntax
+     */
+    private conditionToCedar;
+    /**
+     * Convert a value to Cedar string representation
+     */
+    private valueToString;
+    /**
+     * Get JSON representation for storage
+     */
+    toJSON(): PolicyJSON;
+    /**
+     * Get the policy ID
+     */
+    getId(): string | undefined;
+    /**
+     * Get the policy name
+     */
+    getName(): string | undefined;
+}
+/**
+ * Builder for constructing Cedar policies with type safety.
+ */
+export declare class PolicyBuilder {
+    private data;
+    private constructor();
+    /**
+     * Start building a permit policy
+     */
+    static permit(): PolicyBuilder;
+    /**
+     * Start building a forbid policy
+     */
+    static forbid(): PolicyBuilder;
+    /**
+     * Create a builder from existing JSON (for editing)
+     */
+    static fromJSON(json: PolicyJSON): PolicyBuilder;
+    /**
+     * Set policy ID
+     */
+    id(id: string): PolicyBuilder;
+    /**
+     * Set policy name/description
+     */
+    name(name: string): PolicyBuilder;
+    /**
+     * Set principal constraint by type only (any entity of this type)
+     */
+    principalType(type: EntityType | string): PolicyBuilder;
+    /**
+     * Set principal constraint by type and ID (specific entity)
+     */
+    principal(type: EntityType | string, id: string): PolicyBuilder;
+    /**
+     * Set principal from EntityUID
+     */
+    principalEntity(entity: EntityUID): PolicyBuilder;
+    /**
+     * Set single action constraint
+     */
+    action(action: ActionType | string): PolicyBuilder;
+    /**
+     * Set multiple action constraints (action in [list])
+     */
+    actions(actions: (ActionType | string)[]): PolicyBuilder;
+    /**
+     * Set resource constraint by type only (any entity of this type)
+     */
+    resourceType(type: EntityType | string): PolicyBuilder;
+    /**
+     * Set resource constraint by type and ID (specific entity)
+     */
+    resource(type: EntityType | string, id: string): PolicyBuilder;
+    /**
+     * Set resource from EntityUID
+     */
+    resourceEntity(entity: EntityUID): PolicyBuilder;
+    /**
+     * Add a structured condition
+     */
+    when(field: ContextKey | string, operator: ConditionOperator, value: string | number | boolean | string[]): PolicyBuilder;
+    /**
+     * Add a raw condition string (for advanced users)
+     */
+    whenRaw(condition: string): PolicyBuilder;
+    /**
+     * Clear all conditions
+     */
+    clearConditions(): PolicyBuilder;
+    /**
+     * Build the policy
+     */
+    build(): Policy;
+    /**
+     * Get current state as JSON (for preview/debugging)
+     */
+    toJSON(): PolicyJSON;
+}
+/**
+ * Parse Cedar policy text back to PolicyJSON (best effort)
+ * Note: This is a simplified parser for policies created by PolicyBuilder.
+ * Complex hand-written policies may not parse correctly.
+ */
+export declare function parseCedarPolicy(cedarText: string): PolicyJSON | null;
+//# sourceMappingURL=builder.d.ts.map

package/dist/builder.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"builder.d.ts","sourceRoot":"","sources":["../src/builder.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAE/C;;GAEG;AACH,MAAM,MAAM,iBAAiB,GACvB,IAAI,GACJ,KAAK,GACL,IAAI,GACJ,KAAK,GACL,IAAI,GACJ,KAAK,GACL,UAAU,GACV,IAAI,GACJ,MAAM,CAAC;AAEb;;GAEG;AACH,MAAM,WAAW,eAAe;IAC5B,wCAAwC;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,8BAA8B;IAC9B,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,mCAAmC;IACnC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,EAAE,CAAC;CAC/C;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACvB,wCAAwC;IACxC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,sCAAsC;IACtC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,oBAAoB;IACpB,MAAM,EAAE,YAAY,CAAC;IACrB,2BAA2B;IAC3B,SAAS,EAAE;QACP,IAAI,EAAE,MAAM,CAAC;QACb,EAAE,CAAC,EAAE,MAAM,CAAC;KACf,GAAG,IAAI,CAAC;IACT,wBAAwB;IACxB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,0BAA0B;IAC1B,QAAQ,EAAE;QACN,IAAI,EAAE,MAAM,CAAC;QACb,EAAE,CAAC,EAAE,MAAM,CAAC;KACf,GAAG,IAAI,CAAC;IACT,+BAA+B;IAC/B,UAAU,EAAE,eAAe,EAAE,CAAC;IAC9B,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,qBAAa,MAAM;IACH,OAAO,CAAC,QAAQ,CAAC,IAAI;gBAAJ,IAAI,EAAE,UAAU;IAE7C;;OAEG;IACH,OAAO,IAAI,MAAM;IAkEjB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAgCxB;;OAEG;IACH,OAAO,CAAC,aAAa;IAarB;;OAEG;IACH,MAAM,IAAI,UAAU;IAIpB;;OAEG;IACH,KAAK,IAAI,MAAM,GAAG,SAAS;IAI3B;;OAEG;IACH,OAAO,IAAI,MAAM,GAAG,SAAS;CAGhC;AAED;;GAEG;AACH,qBAAa,aAAa;IACtB,OAAO,CAAC,IAAI,CAMV;IAEF,OAAO;IAIP;;OAEG;IACH,MAAM,CAAC,MAAM,IAAI,aAAa;IAI9B;;OAEG;IACH,MAAM,CAAC,MAAM,IAAI,aAAa;IAI9B;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,GAAG,aAAa;IAMhD;;OAEG;IACH,EAAE,CAAC,EAAE,EAAE,MAAM,GAAG,aAAa;IAK7B;;OAEG;IACH,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa;IAKjC;;OAEG;IACH,aAAa,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,GAAG,aAAa;IAKvD;;OAEG;IACH,SAAS,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,EAAE,EAAE,EAAE,MAAM,GAAG,aAAa;IAK/D;;OAEG;IACH,eAAe,CAAC,MAAM,EAAE,SAAS,GAAG,aAAa;IAKjD;;OAEG;IACH,MAAM,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,GAAG,aAAa;IAKlD;;OAEG;IACH,OAAO,CAAC,OAAO,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC,EAAE,GAAG,aAAa;IAKxD;;OAEG;IACH,YAAY,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,GAAG,aAAa;IAKtD;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,EAAE,EAAE,EAAE,MAAM,GAAG,aAAa;IAK9D;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,SAAS,GAAG,aAAa;IAKhD;;OAEG;IACH,IAAI,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,EAAE,QAAQ,EAAE,iBAAiB,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,EAAE,GAAG,aAAa;IAKzH;;OAEG;IACH,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,aAAa;IAKzC;;OAEG;IACH,eAAe,IAAI,aAAa;IAMhC;;OAEG;IACH,KAAK,IAAI,MAAM;IASf;;OAEG;IACH,MAAM,IAAI,UAAU;CAGvB;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI,CAyErE"}

package/dist/builder.js

@@ -0,0 +1,385 @@
+/**
+ * PolicyBuilder - Type-safe Cedar policy construction for Highflame.
+ *
+ * This builder ensures that policies created from the UI are always valid
+ * by construction. It uses the generated types from the Cedar schema to
+ * provide compile-time safety and autocomplete support.
+ *
+ * Example usage:
+ * ```typescript
+ * const policy = PolicyBuilder.permit()
+ *   .principal(EntityType.User, "user-123")
+ *   .action(ActionType.ReadFile)
+ *   .resource(EntityType.FilePath, "/data/reports")
+ *   .when("context.environment == \"production\"")
+ *   .build();
+ *
+ * // Get Cedar policy text
+ * const cedarText = policy.toCedar();
+ *
+ * // Get JSON representation (for storage/editing)
+ * const policyJson = policy.toJSON();
+ * ```
+ */
+/**
+ * A built policy that can be converted to Cedar text or JSON
+ */
+export class Policy {
+    data;
+    constructor(data) {
+        this.data = data;
+    }
+    /**
+     * Convert to Cedar policy text
+     */
+    toCedar() {
+        const lines = [];
+        // Policy annotation (comment with name)
+        if (this.data.name) {
+            lines.push(`// @name: ${this.data.name}`);
+        }
+        if (this.data.id) {
+            lines.push(`// @id: ${this.data.id}`);
+        }
+        // Effect and principal
+        let policyLine = `${this.data.effect} (`;
+        // Principal
+        if (this.data.principal) {
+            if (this.data.principal.id) {
+                policyLine += `\n    principal == ${this.data.principal.type}::\"${this.data.principal.id}\"`;
+            }
+            else {
+                policyLine += `\n    principal is ${this.data.principal.type}`;
+            }
+        }
+        else {
+            policyLine += `\n    principal`;
+        }
+        // Action
+        if (Array.isArray(this.data.action)) {
+            if (this.data.action.length === 1) {
+                policyLine += `,\n    action == Action::\"${this.data.action[0]}\"`;
+            }
+            else {
+                const actions = this.data.action.map(a => `Action::\"${a}\"`).join(', ');
+                policyLine += `,\n    action in [${actions}]`;
+            }
+        }
+        else {
+            policyLine += `,\n    action == Action::\"${this.data.action}\"`;
+        }
+        // Resource
+        if (this.data.resource) {
+            if (this.data.resource.id) {
+                policyLine += `,\n    resource == ${this.data.resource.type}::\"${this.data.resource.id}\"`;
+            }
+            else {
+                policyLine += `,\n    resource is ${this.data.resource.type}`;
+            }
+        }
+        else {
+            policyLine += `,\n    resource`;
+        }
+        policyLine += '\n)';
+        lines.push(policyLine);
+        // When clause
+        if (this.data.rawCondition) {
+            lines.push(`when { ${this.data.rawCondition} };`);
+        }
+        else if (this.data.conditions.length > 0) {
+            const conditionStr = this.data.conditions
+                .map(c => this.conditionToCedar(c))
+                .join(' && ');
+            lines.push(`when { ${conditionStr} };`);
+        }
+        else {
+            lines.push(';');
+        }
+        return lines.join('\n');
+    }
+    /**
+     * Convert a condition to Cedar syntax
+     */
+    conditionToCedar(condition) {
+        const { field, operator, value } = condition;
+        const valueStr = this.valueToString(value);
+        switch (operator) {
+            case 'eq':
+                return `context.${field} == ${valueStr}`;
+            case 'neq':
+                return `context.${field} != ${valueStr}`;
+            case 'lt':
+                return `context.${field} < ${valueStr}`;
+            case 'lte':
+                return `context.${field} <= ${valueStr}`;
+            case 'gt':
+                return `context.${field} > ${valueStr}`;
+            case 'gte':
+                return `context.${field} >= ${valueStr}`;
+            case 'contains':
+                return `context.${field}.contains(${valueStr})`;
+            case 'in':
+                if (Array.isArray(value)) {
+                    const items = value.map(v => `\"${v}\"`).join(', ');
+                    return `context.${field} in [${items}]`;
+                }
+                return `context.${field} in ${valueStr}`;
+            case 'like':
+                return `context.${field} like ${valueStr}`;
+            default:
+                return `context.${field} == ${valueStr}`;
+        }
+    }
+    /**
+     * Convert a value to Cedar string representation
+     */
+    valueToString(value) {
+        if (typeof value === 'string') {
+            return `\"${value}\"`;
+        }
+        if (typeof value === 'number' || typeof value === 'boolean') {
+            return String(value);
+        }
+        if (Array.isArray(value)) {
+            return `[${value.map(v => `\"${v}\"`).join(', ')}]`;
+        }
+        return String(value);
+    }
+    /**
+     * Get JSON representation for storage
+     */
+    toJSON() {
+        return { ...this.data };
+    }
+    /**
+     * Get the policy ID
+     */
+    getId() {
+        return this.data.id;
+    }
+    /**
+     * Get the policy name
+     */
+    getName() {
+        return this.data.name;
+    }
+}
+/**
+ * Builder for constructing Cedar policies with type safety.
+ */
+export class PolicyBuilder {
+    data = {
+        effect: 'permit',
+        principal: null,
+        action: '',
+        resource: null,
+        conditions: [],
+    };
+    constructor(effect) {
+        this.data.effect = effect;
+    }
+    /**
+     * Start building a permit policy
+     */
+    static permit() {
+        return new PolicyBuilder('permit');
+    }
+    /**
+     * Start building a forbid policy
+     */
+    static forbid() {
+        return new PolicyBuilder('forbid');
+    }
+    /**
+     * Create a builder from existing JSON (for editing)
+     */
+    static fromJSON(json) {
+        const builder = new PolicyBuilder(json.effect);
+        builder.data = { ...json };
+        return builder;
+    }
+    /**
+     * Set policy ID
+     */
+    id(id) {
+        this.data.id = id;
+        return this;
+    }
+    /**
+     * Set policy name/description
+     */
+    name(name) {
+        this.data.name = name;
+        return this;
+    }
+    /**
+     * Set principal constraint by type only (any entity of this type)
+     */
+    principalType(type) {
+        this.data.principal = { type };
+        return this;
+    }
+    /**
+     * Set principal constraint by type and ID (specific entity)
+     */
+    principal(type, id) {
+        this.data.principal = { type, id };
+        return this;
+    }
+    /**
+     * Set principal from EntityUID
+     */
+    principalEntity(entity) {
+        this.data.principal = { type: entity.type, id: entity.id };
+        return this;
+    }
+    /**
+     * Set single action constraint
+     */
+    action(action) {
+        this.data.action = action;
+        return this;
+    }
+    /**
+     * Set multiple action constraints (action in [list])
+     */
+    actions(actions) {
+        this.data.action = actions;
+        return this;
+    }
+    /**
+     * Set resource constraint by type only (any entity of this type)
+     */
+    resourceType(type) {
+        this.data.resource = { type };
+        return this;
+    }
+    /**
+     * Set resource constraint by type and ID (specific entity)
+     */
+    resource(type, id) {
+        this.data.resource = { type, id };
+        return this;
+    }
+    /**
+     * Set resource from EntityUID
+     */
+    resourceEntity(entity) {
+        this.data.resource = { type: entity.type, id: entity.id };
+        return this;
+    }
+    /**
+     * Add a structured condition
+     */
+    when(field, operator, value) {
+        this.data.conditions.push({ field, operator, value });
+        return this;
+    }
+    /**
+     * Add a raw condition string (for advanced users)
+     */
+    whenRaw(condition) {
+        this.data.rawCondition = condition;
+        return this;
+    }
+    /**
+     * Clear all conditions
+     */
+    clearConditions() {
+        this.data.conditions = [];
+        this.data.rawCondition = undefined;
+        return this;
+    }
+    /**
+     * Build the policy
+     */
+    build() {
+        // Validate required fields
+        if (!this.data.action || (Array.isArray(this.data.action) && this.data.action.length === 0)) {
+            throw new Error('Policy must have at least one action');
+        }
+        return new Policy({ ...this.data });
+    }
+    /**
+     * Get current state as JSON (for preview/debugging)
+     */
+    toJSON() {
+        return { ...this.data };
+    }
+}
+/**
+ * Parse Cedar policy text back to PolicyJSON (best effort)
+ * Note: This is a simplified parser for policies created by PolicyBuilder.
+ * Complex hand-written policies may not parse correctly.
+ */
+export function parseCedarPolicy(cedarText) {
+    try {
+        const result = {
+            effect: 'permit',
+            principal: null,
+            action: '',
+            resource: null,
+            conditions: [],
+        };
+        // Extract name from annotation
+        const nameMatch = cedarText.match(/\/\/ @name: (.+)/);
+        if (nameMatch) {
+            result.name = nameMatch[1].trim();
+        }
+        // Extract id from annotation
+        const idMatch = cedarText.match(/\/\/ @id: (.+)/);
+        if (idMatch) {
+            result.id = idMatch[1].trim();
+        }
+        // Extract effect
+        if (cedarText.includes('forbid')) {
+            result.effect = 'forbid';
+        }
+        // Extract principal
+        const principalMatch = cedarText.match(/principal\s*==\s*(\w+)::"([^"]+)"/);
+        if (principalMatch) {
+            result.principal = { type: principalMatch[1], id: principalMatch[2] };
+        }
+        else {
+            const principalTypeMatch = cedarText.match(/principal\s+is\s+(\w+)/);
+            if (principalTypeMatch) {
+                result.principal = { type: principalTypeMatch[1] };
+            }
+        }
+        // Extract action(s)
+        const actionMatch = cedarText.match(/action\s*==\s*Action::"([^"]+)"/);
+        if (actionMatch) {
+            result.action = actionMatch[1];
+        }
+        else {
+            const actionsMatch = cedarText.match(/action\s+in\s+\[([^\]]+)\]/);
+            if (actionsMatch) {
+                const actions = actionsMatch[1].match(/Action::"([^"]+)"/g);
+                if (actions) {
+                    result.action = actions.map(a => a.replace(/Action::"([^"]+)"/, '$1'));
+                }
+            }
+        }
+        // Extract resource
+        const resourceMatch = cedarText.match(/resource\s*==\s*(\w+)::"([^"]+)"/);
+        if (resourceMatch) {
+            result.resource = { type: resourceMatch[1], id: resourceMatch[2] };
+        }
+        else {
+            const resourceTypeMatch = cedarText.match(/resource\s+is\s+(\w+)/);
+            if (resourceTypeMatch) {
+                result.resource = { type: resourceTypeMatch[1] };
+            }
+        }
+        // Extract when clause (as raw condition)
+        const whenMatch = cedarText.match(/when\s*\{([^}]+)\}/);
+        if (whenMatch) {
+            result.rawCondition = whenMatch[1].trim();
+        }
+        return result;
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=builder.js.map

package/dist/builder.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"builder.js","sourceRoot":"","sources":["../src/builder.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAiEH;;GAEG;AACH,MAAM,OAAO,MAAM;IACc;IAA7B,YAA6B,IAAgB;QAAhB,SAAI,GAAJ,IAAI,CAAY;IAAG,CAAC;IAEjD;;OAEG;IACH,OAAO;QACH,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,wCAAwC;QACxC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACjB,KAAK,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAC9C,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACf,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QAC1C,CAAC;QAED,uBAAuB;QACvB,IAAI,UAAU,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC;QAEzC,YAAY;QACZ,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACtB,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;gBACzB,UAAU,IAAI,sBAAsB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC;YAClG,CAAC;iBAAM,CAAC;gBACJ,UAAU,IAAI,sBAAsB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;YACnE,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,UAAU,IAAI,iBAAiB,CAAC;QACpC,CAAC;QAED,SAAS;QACT,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAClC,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAChC,UAAU,IAAI,8BAA8B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;YACxE,CAAC;iBAAM,CAAC;gBACJ,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACzE,UAAU,IAAI,qBAAqB,OAAO,GAAG,CAAC;YAClD,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,UAAU,IAAI,8BAA8B,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC;QACrE,CAAC;QAED,WAAW;QACX,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACrB,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACxB,UAAU,IAAI,sBAAsB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC;YAChG,CAAC;iBAAM,CAAC;gBACJ,UAAU,IAAI,sBAAsB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YAClE,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,UAAU,IAAI,iBAAiB,CAAC;QACpC,CAAC;QAED,UAAU,IAAI,KAAK,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAEvB,cAAc;QACd,IAAI,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACzB,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,YAAY,KAAK,CAAC,CAAC;QACtD,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzC,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU;iBACpC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;iBAClC,IAAI,CAAC,MAAM,CAAC,CAAC;YAClB,KAAK,CAAC,IAAI,CAAC,UAAU,YAAY,KAAK,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACJ,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,SAA0B;QAC/C,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,SAAS,CAAC;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAE3C,QAAQ,QAAQ,EAAE,CAAC;YACf,KAAK,IAAI;gBACL,OAAO,WAAW,KAAK,OAAO,QAAQ,EAAE,CAAC;YAC7C,KAAK,KAAK;gBACN,OAAO,WAAW,KAAK,OAAO,QAAQ,EAAE,CAAC;YAC7C,KAAK,IAAI;gBACL,OAAO,WAAW,KAAK,MAAM,QAAQ,EAAE,CAAC;YAC5C,KAAK,KAAK;gBACN,OAAO,WAAW,KAAK,OAAO,QAAQ,EAAE,CAAC;YAC7C,KAAK,IAAI;gBACL,OAAO,WAAW,KAAK,MAAM,QAAQ,EAAE,CAAC;YAC5C,KAAK,KAAK;gBACN,OAAO,WAAW,KAAK,OAAO,QAAQ,EAAE,CAAC;YAC7C,KAAK,UAAU;gBACX,OAAO,WAAW,KAAK,aAAa,QAAQ,GAAG,CAAC;YACpD,KAAK,IAAI;gBACL,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;oBACvB,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACpD,OAAO,WAAW,KAAK,QAAQ,KAAK,GAAG,CAAC;gBAC5C,CAAC;gBACD,OAAO,WAAW,KAAK,OAAO,QAAQ,EAAE,CAAC;YAC7C,KAAK,MAAM;gBACP,OAAO,WAAW,KAAK,SAAS,QAAQ,EAAE,CAAC;YAC/C;gBACI,OAAO,WAAW,KAAK,OAAO,QAAQ,EAAE,CAAC;QACjD,CAAC;IACL,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,KAA2C;QAC7D,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC5B,OAAO,KAAK,KAAK,IAAI,CAAC;QAC1B,CAAC;QACD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;YAC1D,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;QACxD,CAAC;QACD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,MAAM;QACF,OAAO,EAAE,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,KAAK;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,OAAO;QACH,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;IAC1B,CAAC;CACJ;AAED;;GAEG;AACH,MAAM,OAAO,aAAa;IACd,IAAI,GAAe;QACvB,MAAM,EAAE,QAAQ;QAChB,SAAS,EAAE,IAAI;QACf,MAAM,EAAE,EAAE;QACV,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,EAAE;KACjB,CAAC;IAEF,YAAoB,MAAoB;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,MAAM;QACT,OAAO,IAAI,aAAa,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,MAAM;QACT,OAAO,IAAI,aAAa,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,IAAgB;QAC5B,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,IAAI,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;QAC3B,OAAO,OAAO,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,EAAE,CAAC,EAAU;QACT,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,IAAY;QACb,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACtB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,IAAyB;QACnC,IAAI,CAAC,IAAI,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,IAAyB,EAAE,EAAU;QAC3C,IAAI,CAAC,IAAI,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QACnC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,MAAiB;QAC7B,IAAI,CAAC,IAAI,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC;QAC3D,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,MAA2B;QAC9B,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAC1B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,OAAgC;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC;QAC3B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,IAAyB;QAClC,IAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,EAAE,IAAI,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,IAAyB,EAAE,EAAU;QAC1C,IAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,MAAiB;QAC5B,IAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC;QAC1D,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,KAA0B,EAAE,QAA2B,EAAE,KAA2C;QACrG,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,SAAiB;QACrB,IAAI,CAAC,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;QACnC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,eAAe;QACX,IAAI,CAAC,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;QAC1B,IAAI,CAAC,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;QACnC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,KAAK;QACD,2BAA2B;QAC3B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;YAC1F,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,IAAI,MAAM,CAAC,EAAE,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,MAAM;QACF,OAAO,EAAE,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAC5B,CAAC;CACJ;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,SAAiB;IAC9C,IAAI,CAAC;QACD,MAAM,MAAM,GAAe;YACvB,MAAM,EAAE,QAAQ;YAChB,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,EAAE;YACV,QAAQ,EAAE,IAAI;YACd,UAAU,EAAE,EAAE;SACjB,CAAC;QAEF,+BAA+B;QAC/B,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACtD,IAAI,SAAS,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACtC,CAAC;QAED,6BAA6B;QAC7B,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAClD,IAAI,OAAO,EAAE,CAAC;YACV,MAAM,CAAC,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;QAED,iBAAiB;QACjB,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC;QAC7B,CAAC;QAED,oBAAoB;QACpB,MAAM,cAAc,GAAG,SAAS,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;QAC5E,IAAI,cAAc,EAAE,CAAC;YACjB,MAAM,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1E,CAAC;aAAM,CAAC;YACJ,MAAM,kBAAkB,GAAG,SAAS,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;YACrE,IAAI,kBAAkB,EAAE,CAAC;gBACrB,MAAM,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,CAAC,CAAC,EAAE,CAAC;YACvD,CAAC;QACL,CAAC;QAED,oBAAoB;QACpB,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACvE,IAAI,WAAW,EAAE,CAAC;YACd,MAAM,CAAC,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC;aAAM,CAAC;YACJ,MAAM,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;YACnE,IAAI,YAAY,EAAE,CAAC;gBACf,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;gBAC5D,IAAI,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAC,CAAC;gBAC3E,CAAC;YACL,CAAC;QACL,CAAC;QAED,mBAAmB;QACnB,MAAM,aAAa,GAAG,SAAS,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;QAC1E,IAAI,aAAa,EAAE,CAAC;YAChB,MAAM,CAAC,QAAQ,GAAG,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,CAAC;aAAM,CAAC;YACJ,MAAM,iBAAiB,GAAG,SAAS,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YACnE,IAAI,iBAAiB,EAAE,CAAC;gBACpB,MAAM,CAAC,QAAQ,GAAG,EAAE,IAAI,EAAE,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC;YACrD,CAAC;QACL,CAAC;QAED,yCAAyC;QACzC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACxD,IAAI,SAAS,EAAE,CAAC;YACZ,MAAM,CAAC,YAAY,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,CAAC;QAED,OAAO,MAAM,CAAC;IAClB,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,IAAI,CAAC;IAChB,CAAC;AACL,CAAC"}