@highflame/policy 2.0.7 → 2.0.9

package/src/errors.ts

@@ -1,195 +0,0 @@
-/**
- * Parser error types and codes for highflame-policy.
- *
- * This module provides standardized error codes that are consistent
- * across all language implementations (Rust, Go, TypeScript, Python).
- */
-
-/**
- * Error codes for parser errors.
- *
- * These codes are stable and consistent across all language implementations.
- * Format: HFP-<CATEGORY>-<NUMBER>
- * - HFP = HighFlame Policy
- * - CATEGORY = SCOPE | ACTION | COND | PARSE
- * - NUMBER = 3-digit incremental
- */
-export const ErrorCodes = {
-  // Scope constraint errors (HFP-SCOPE-xxx)
-  /** Scope constraint is missing an entity (for == operator) */
-  SCOPE_MISSING_ENTITY: "HFP-SCOPE-001",
-  /** Scope constraint is missing an entity type (for is operator) */
-  SCOPE_MISSING_ENTITY_TYPE: "HFP-SCOPE-002",
-  /** Scope constraint is missing entity list (for in operator) */
-  SCOPE_MISSING_ENTITY_LIST: "HFP-SCOPE-003",
-  /** Slot constraints are not supported in PolicyRule */
-  SCOPE_SLOT_NOT_SUPPORTED: "HFP-SCOPE-004",
-  /** Unsupported scope operator */
-  SCOPE_UNSUPPORTED_OP: "HFP-SCOPE-005",
-
-  // Action constraint errors (HFP-ACTION-xxx)
-  /** Action constraint is missing an entity (for == operator) */
-  ACTION_MISSING_ENTITY: "HFP-ACTION-001",
-  /** Action constraint is missing entities (for in operator) */
-  ACTION_MISSING_ENTITIES: "HFP-ACTION-002",
-  /** Unsupported action operator */
-  ACTION_UNSUPPORTED_OP: "HFP-ACTION-003",
-  /** Action scope is null/nil */
-  ACTION_SCOPE_NIL: "HFP-ACTION-004",
-
-  // Condition errors (HFP-COND-xxx)
-  /** Unless clauses are not supported in PolicyRule */
-  COND_UNLESS_NOT_SUPPORTED: "HFP-COND-001",
-  /** Complex condition cannot be parsed */
-  COND_COMPLEX_EXPRESSION: "HFP-COND-002",
-
-  // Parse errors (HFP-PARSE-xxx)
-  /** Invalid Cedar syntax */
-  PARSE_INVALID_SYNTAX: "HFP-PARSE-001",
-  /** Failed to convert policy to JSON */
-  PARSE_JSON_CONVERSION: "HFP-PARSE-002",
-  /** Failed to parse Cedar JSON structure */
-  PARSE_JSON_STRUCTURE: "HFP-PARSE-003",
-  /** Unknown policy effect (not permit or forbid) */
-  PARSE_UNKNOWN_EFFECT: "HFP-PARSE-004",
-  /** Duplicate policy ID found */
-  PARSE_DUPLICATE_ID: "HFP-PARSE-005",
-} as const;
-
-export type ErrorCode = (typeof ErrorCodes)[keyof typeof ErrorCodes];
-
-/**
- * Context information for parser errors.
- */
-export interface ErrorContext {
-  /** The operator that caused the error (e.g., "==", "in", "is") */
-  operator?: string;
-  /** The field that caused the error (e.g., "principal", "action", "resource") */
-  field?: string;
-  /** The policy ID if available */
-  policyId?: string;
-}
-
-/**
- * A structured parser error with code, message, and optional context.
- */
-export class ParserError extends Error {
-  /** Machine-readable error code (e.g., "HFP-SCOPE-001") */
-  public readonly code: ErrorCode;
-  /** Optional context for debugging */
-  public readonly context?: ErrorContext;
-
-  constructor(code: ErrorCode, message: string, context?: ErrorContext) {
-    super(message);
-    this.name = "ParserError";
-    this.code = code;
-    this.context = context;
-
-    // Maintains proper stack trace for where our error was thrown (only available on V8)
-    const ErrorWithCapture = Error as typeof Error & { captureStackTrace?: (err: Error, constructor: Function) => void };
-    if (ErrorWithCapture.captureStackTrace) {
-      ErrorWithCapture.captureStackTrace(this, ParserError);
-    }
-  }
-
-  /**
-   * Returns a string representation including the error code.
-   */
-  override toString(): string {
-    return `[${this.code}] ${this.message}`;
-  }
-
-  /**
-   * Serializes the error to a plain object for JSON serialization.
-   */
-  toJSON(): { code: string; message: string; context?: ErrorContext } {
-    return {
-      code: this.code,
-      message: this.message,
-      ...(this.context && { context: this.context }),
-    };
-  }
-
-  // Convenience static factory methods for common errors
-
-  /** Scope constraint is missing an entity */
-  static scopeMissingEntity(operator: string, field: string): ParserError {
-    return new ParserError(
-      ErrorCodes.SCOPE_MISSING_ENTITY,
-      `'${operator}' constraint is missing an entity`,
-      { operator, field }
-    );
-  }
-
-  /** Scope constraint is missing an entity type */
-  static scopeMissingEntityType(field: string): ParserError {
-    return new ParserError(
-      ErrorCodes.SCOPE_MISSING_ENTITY_TYPE,
-      "'is' constraint is missing an entity_type",
-      { operator: "is", field }
-    );
-  }
-
-  /** Scope constraint is missing entity list */
-  static scopeMissingEntityList(field: string): ParserError {
-    return new ParserError(
-      ErrorCodes.SCOPE_MISSING_ENTITY_LIST,
-      "'in' constraint is missing an entity",
-      { operator: "in", field }
-    );
-  }
-
-  /** Slot constraints are not supported */
-  static scopeSlotNotSupported(operator: string, field: string): ParserError {
-    return new ParserError(
-      ErrorCodes.SCOPE_SLOT_NOT_SUPPORTED,
-      `'${operator}' constraint with slot cannot be represented`,
-      { operator, field }
-    );
-  }
-
-  /** Unsupported scope operator */
-  static scopeUnsupportedOp(operator: string, field: string): ParserError {
-    return new ParserError(
-      ErrorCodes.SCOPE_UNSUPPORTED_OP,
-      `Unsupported scope operator: ${operator}`,
-      { operator, field }
-    );
-  }
-
-  /** Action constraint is missing an entity */
-  static actionMissingEntity(operator: string): ParserError {
-    return new ParserError(
-      ErrorCodes.ACTION_MISSING_ENTITY,
-      `Action '${operator}' constraint is missing an entity`,
-      { operator, field: "action" }
-    );
-  }
-
-  /** Action constraint is missing entities */
-  static actionMissingEntities(): ParserError {
-    return new ParserError(
-      ErrorCodes.ACTION_MISSING_ENTITIES,
-      "Action 'in' constraint is missing entities",
-      { operator: "in", field: "action" }
-    );
-  }
-
-  /** Unsupported action operator */
-  static actionUnsupportedOp(operator: string): ParserError {
-    return new ParserError(
-      ErrorCodes.ACTION_UNSUPPORTED_OP,
-      `Unsupported action operator: ${operator}`,
-      { operator, field: "action" }
-    );
-  }
-
-  /** Action scope is nil */
-  static actionScopeNil(): ParserError {
-    return new ParserError(
-      ErrorCodes.ACTION_SCOPE_NIL,
-      "Action scope is nil",
-      { field: "action" }
-    );
-  }
-}

package/src/index.ts

@@ -1,62 +0,0 @@
-// Code generated by highflame-policy-codegen. DO NOT EDIT.
-// Source: schema/highflame.cedarschema
-//
-// NOTE: This module requires Node.js (uses @cedar-policy/cedar-wasm).
-// For browser usage, import from '@highflame/policy/types' instead.
-
-export * from './entities.gen.js';
-export * from './actions.gen.js';
-export * from './context.gen.js';
-export * from './schema.gen.js';
-
-// Non-generated modules (require Node.js)
-export * from './engine.js';
-export * from './builder.js';
-export * from './parser.js';
-export * from './errors.js';
-export * from './annotations.js';
-
-// Service-specific schemas and context (inlined)
-export {
-  OVERWATCH_SCHEMA,
-  OVERWATCH_CONTEXT,
-  PALISADE_SCHEMA,
-  PALISADE_CONTEXT,
-} from './service-schemas.gen.js';
-export type {
-  ContextAttribute,
-  ActionContext,
-  ServiceContext,
-} from './service-schemas.gen.js';
-
-// Service-specific context key enums
-export { OverwatchContextKey } from './overwatch-context.gen.js';
-export { PalisadeContextKey } from './palisade-context.gen.js';
-
-// Service-specific entity metadata (for UI - principals, resources, actions)
-export {
-  OVERWATCH_ENTITIES,
-  OVERWATCH_ACTION_ENTITIES,
-} from './overwatch-entities.gen.js';
-export {
-  PALISADE_ENTITIES,
-  PALISADE_ACTION_ENTITIES,
-} from './palisade-entities.gen.js';
-export type { ServiceEntityMetadata, ActionEntityMetadata } from './entity-metadata-types.gen.js';
-
-// Service-specific default policies, templates, and categories
-export {
-  OVERWATCH_DEFAULTS,
-  OVERWATCH_TEMPLATES,
-  OVERWATCH_CATEGORIES,
-  OVERWATCH_TEMPLATES_JSON,
-  getOverwatchDefaultsByCategory,
-  getOverwatchTemplatesByCategory,
-  getOverwatchTemplateById,
-} from './overwatch-defaults.gen.js';
-export type {
-  OverwatchCategory,
-  OverwatchCategoryInfo,
-  OverwatchDefaultPolicy,
-  OverwatchTemplate,
-} from './overwatch-defaults.gen.js';

package/src/overwatch-context.gen.ts

@@ -1,32 +0,0 @@
-// Code generated by highflame-policy-codegen. DO NOT EDIT.
-// Source: schemas/overwatch/context.json
-
-/**
- * Context attribute keys for Overwatch Overwatch (Guardian) IDE security & policy enforcement.
- * 
- * These constants correspond to the context attributes defined in the
- * Overwatch Cedar schema and are used at policy evaluation time.
- */
-export const OverwatchContextKey = {
-  ContainsSecrets: 'contains_secrets',
-  Content: 'content',
-  Cwd: 'cwd',
-  Event: 'event',
-  HighestSeverity: 'highest_severity',
-  MaxThreatSeverity: 'max_threat_severity',
-  McpServer: 'mcp_server',
-  McpTool: 'mcp_tool',
-  Path: 'path',
-  PromptText: 'prompt_text',
-  ResponseContent: 'response_content',
-  Source: 'source',
-  ThreatCategories: 'threat_categories',
-  ThreatCount: 'threat_count',
-  ThreatTypes: 'threat_types',
-  ToolName: 'tool_name',
-  UserEmail: 'user_email',
-  WorkspaceRoot: 'workspace_root',
-  YaraThreats: 'yara_threats',
-} as const;
-
-export type OverwatchContextKey = (typeof OverwatchContextKey)[keyof typeof OverwatchContextKey];