@highflame/policy 2.0.7 → 2.0.9

package/src/schemas.test.ts

@@ -1,445 +0,0 @@
-/**
- * Schema validation tests
- *
- * Tests service-specific schema loading and policy validation
- * using Overwatch (Guardian) and Palisade schemas.
- */
-
-import { describe, it, expect, beforeEach } from 'vitest';
-import {
-  PolicyEngine,
-  PolicyValidator,
-  EntityType,
-  ActionType,
-  newEntityUID,
-  newEntity,
-} from './index.js';
-import * as fs from 'fs';
-import * as path from 'path';
-
-// Load service-specific schemas
-const SCHEMAS_DIR = path.join(__dirname, '..', '..', '..', 'schemas');
-const OVERWATCH_SCHEMA = fs.readFileSync(
-  path.join(SCHEMAS_DIR, 'overwatch', 'schema.cedarschema'),
-  'utf-8'
-);
-const PALISADE_SCHEMA = fs.readFileSync(
-  path.join(SCHEMAS_DIR, 'palisade', 'schema.cedarschema'),
-  'utf-8'
-);
-
-describe('Service-Specific Schemas', () => {
-  describe('Schema Loading', () => {
-    it('should load Overwatch schema successfully', () => {
-      expect(OVERWATCH_SCHEMA).toBeTruthy();
-      expect(OVERWATCH_SCHEMA).toContain('namespace');
-      expect(OVERWATCH_SCHEMA).toContain('Overwatch');
-    });
-
-    it('should load Palisade schema successfully', () => {
-      expect(PALISADE_SCHEMA).toBeTruthy();
-      expect(PALISADE_SCHEMA).toContain('namespace');
-      expect(PALISADE_SCHEMA).toContain('Palisade');
-    });
-  });
-
-  describe('Overwatch Schema Validation', () => {
-    let validator: PolicyValidator;
-
-    beforeEach(() => {
-      validator = new PolicyValidator(OVERWATCH_SCHEMA);
-    });
-
-    it('should validate a correct Overwatch policy', () => {
-      const validPolicy = `
-        permit(
-          principal is Overwatch::User,
-          action == Overwatch::Action::"call_tool",
-          resource is Overwatch::Tool
-        )
-        when {
-          context.threat_count < 5 &&
-          context.highest_severity != "critical"
-        };
-      `;
-
-      const result = validator.validate(validPolicy);
-      if (!result.valid) {
-        console.log('Validation errors:', result.errors);
-      }
-      expect(result.valid).toBe(true);
-      expect(result.errors).toHaveLength(0);
-    });
-
-    it('should reject policy with invalid entity type', () => {
-      const invalidPolicy = `
-        permit(
-          principal is Overwatch::NonExistentEntity,
-          action == Overwatch::Action::"call_tool",
-          resource is Overwatch::Tool
-        );
-      `;
-
-      const result = validator.validate(invalidPolicy);
-      expect(result.valid).toBe(false);
-      expect(result.errors.length).toBeGreaterThan(0);
-    });
-
-    it('should reject policy with invalid action', () => {
-      const invalidPolicy = `
-        permit(
-          principal is Overwatch::User,
-          action == Overwatch::Action::"invalid_action",
-          resource is Overwatch::Tool
-        );
-      `;
-
-      const result = validator.validate(invalidPolicy);
-      expect(result.valid).toBe(false);
-      expect(result.errors.length).toBeGreaterThan(0);
-    });
-
-    it('should validate policy with multiple context attributes', () => {
-      const policy = `
-        permit(
-          principal is Overwatch::Agent,
-          action == Overwatch::Action::"process_prompt",
-          resource is Overwatch::LlmPrompt
-        )
-        when {
-          context.threat_count == 0 &&
-          context.highest_severity == "low" &&
-          context.contains_secrets == false
-        };
-      `;
-
-      const result = validator.validate(policy);
-      expect(result.valid).toBe(true);
-    });
-  });
-
-  describe('Palisade Schema Validation', () => {
-    let validator: PolicyValidator;
-
-    beforeEach(() => {
-      validator = new PolicyValidator(PALISADE_SCHEMA);
-    });
-
-    it('should validate a correct Palisade policy', () => {
-      const validPolicy = `
-        permit(
-          principal is Palisade::Scanner,
-          action == Palisade::Action::"scan_artifact",
-          resource is Palisade::Artifact
-        )
-        when {
-          context.environment == "production" &&
-          context.artifact_format == "safetensors"
-        };
-      `;
-
-      const result = validator.validate(validPolicy);
-      expect(result.valid).toBe(true);
-      expect(result.errors).toHaveLength(0);
-    });
-
-    it('should reject policy with wrong namespace', () => {
-      const invalidPolicy = `
-        permit(
-          principal is Overwatch::Scanner,
-          action == Palisade::Action::"scan_artifact",
-          resource is Palisade::Artifact
-        );
-      `;
-
-      const result = validator.validate(invalidPolicy);
-      expect(result.valid).toBe(false);
-    });
-
-    it('should validate policy with ML-specific context', () => {
-      const policy = `
-        forbid(
-          principal is Palisade::Scanner,
-          action == Palisade::Action::"scan_artifact",
-          resource is Palisade::Artifact
-        )
-        when {
-          context.pickle_exec_path_detected == true ||
-          context.severity == "CRITICAL"
-        };
-      `;
-
-      const result = validator.validate(policy);
-      expect(result.valid).toBe(true);
-    });
-  });
-
-  describe('PolicyEngine with Service Schemas', () => {
-    it('should evaluate Overwatch policy correctly', () => {
-      const policy = `
-        permit(
-          principal is Overwatch::User,
-          action == Overwatch::Action::"call_tool",
-          resource is Overwatch::Tool
-        )
-        when { context.threat_count < 5 };
-      `;
-
-      const engine = new PolicyEngine({ schema: OVERWATCH_SCHEMA });
-      engine.loadPolicy(policy);
-
-      const entities = [
-        newEntity('Overwatch::User', 'mcp_client', { user_type: 'external', email: 'user@example.com' }),
-        newEntity('Overwatch::Tool', 'shell', { tool_name: 'shell', risk_level: 'high' }),
-      ];
-
-      const decision = engine.evaluate({
-        principal: newEntityUID('Overwatch::User', 'mcp_client'),
-        action: 'Overwatch::Action::"call_tool"',
-        resource: newEntityUID('Overwatch::Tool', 'shell'),
-        context: {
-          content: 'ls -la',
-          source: 'claudecode',
-          event: 'PreToolUse',
-          user_email: 'user@example.com',
-          tool_name: 'shell',
-          mcp_server: 'filesystem',
-          mcp_tool: 'shell',
-          path: '/workspace',
-          cwd: '/workspace',
-          workspace_root: '/workspace',
-          threat_count: 3,
-          highest_severity: 'low',
-          threat_categories: [],
-
-          yara_threats: [],
-          max_threat_severity: 1,
-          contains_secrets: false,
-          response_content: '',
-        },
-        entities,
-      });
-
-      if (decision.effect !== 'Allow') {
-        console.log('Decision:', decision);
-        console.log('Reason:', decision.reason);
-      }
-
-      expect(decision.effect).toBe('Allow');
-    });
-
-    it('should deny Overwatch policy when context fails condition', () => {
-      const policy = `
-        permit(
-          principal is Overwatch::User,
-          action == Overwatch::Action::"call_tool",
-          resource is Overwatch::Tool
-        )
-        when { context.threat_count < 5 };
-      `;
-
-      const engine = new PolicyEngine({ schema: OVERWATCH_SCHEMA });
-      engine.loadPolicy(policy);
-
-      const entities = [
-        newEntity('Overwatch::User', 'mcp_client', { user_type: 'external', email: 'user@example.com' }),
-        newEntity('Overwatch::Tool', 'shell', { tool_name: 'shell', risk_level: 'high' }),
-      ];
-
-      const decision = engine.evaluate({
-        principal: newEntityUID('Overwatch::User', 'mcp_client'),
-        action: 'Overwatch::Action::"call_tool"',
-        resource: newEntityUID('Overwatch::Tool', 'shell'),
-        context: { threat_count: 10 }, // Too many threats
-        entities,
-      });
-
-      expect(decision.effect).toBe('Deny');
-    });
-
-    it('should evaluate Palisade policy correctly', () => {
-      const policy = `
-        forbid(
-          principal is Palisade::Scanner,
-          action == Palisade::Action::"load_model",
-          resource is Palisade::Artifact
-        )
-        when {
-          context.pickle_exec_path_detected == true
-        };
-      `;
-
-      const engine = new PolicyEngine({ schema: PALISADE_SCHEMA });
-      engine.loadPolicy(policy);
-
-      const entities = [
-        newEntity('Palisade::Scanner', 'palisade', { scanner_type: 'ml_security' }),
-        newEntity('Palisade::Artifact', 'model.pkl', { artifact_format: 'pickle', path: '/models/model.pkl', signed: false, signer: 'unsigned' }),
-      ];
-
-      const decision = engine.evaluate({
-        principal: newEntityUID('Palisade::Scanner', 'palisade'),
-        action: 'Palisade::Action::"load_model"',
-        resource: newEntityUID('Palisade::Artifact', 'model.pkl'),
-        context: {
-          environment: 'production',
-          pickle_exec_path_detected: true,
-          severity: 'CRITICAL',
-        },
-        entities,
-      });
-
-      expect(decision.effect).toBe('Deny');
-    });
-
-    it('should allow Palisade policy when condition is false', () => {
-      const policy = `
-        permit(
-          principal is Palisade::Scanner,
-          action == Palisade::Action::"scan_artifact",
-          resource is Palisade::Artifact
-        );
-
-        forbid(
-          principal is Palisade::Scanner,
-          action == Palisade::Action::"scan_artifact",
-          resource is Palisade::Artifact
-        )
-        when {
-          context.pickle_exec_path_detected == true
-        };
-      `;
-
-      const engine = new PolicyEngine({ schema: PALISADE_SCHEMA });
-      engine.loadPolicy(policy);
-
-      const entities = [
-        newEntity('Palisade::Scanner', 'palisade', { scanner_type: 'ml_security' }),
-        newEntity('Palisade::Artifact', 'model.safetensors', { artifact_format: 'safetensors', path: '/models/model.safetensors', signed: true, signer: 'trusted-org' }),
-      ];
-
-      const decision = engine.evaluate({
-        principal: newEntityUID('Palisade::Scanner', 'palisade'),
-        action: 'Palisade::Action::"scan_artifact"',
-        resource: newEntityUID('Palisade::Artifact', 'model.safetensors'),
-        context: {
-          environment: 'production',
-          pickle_exec_path_detected: false,
-          severity: 'INFO',
-          finding_type: 'backdoor_check',
-          artifact_format: 'safetensors',
-          path: '/models/model.safetensors',
-          artifact_signed: true,
-          provenance_signer: 'trusted',
-          tokenizer_added_tokens_count: 0,
-          adapter_base_digest_mismatch: false,
-          gguf_suspicious_metadata: false,
-          safetensors_integrity_violation: false,
-          metadata_malicious_pattern: false,
-          metadata_cosai_level_numeric: 3,
-          match_count: 0,
-        },
-        entities,
-      });
-
-      if (decision.effect !== 'Allow') {
-        console.log('Decision:', decision);
-        console.log('Reason:', decision.reason);
-      }
-
-      expect(decision.effect).toBe('Allow');
-    });
-  });
-
-  describe('Example from REFACTORING_SUMMARY.md', () => {
-    it('should work with Guardian plugin example', () => {
-      const engine = new PolicyEngine({ schema: OVERWATCH_SCHEMA });
-
-      const policy = `
-        permit(
-          principal is Overwatch::User,
-          action == Overwatch::Action::"call_tool",
-          resource is Overwatch::Tool
-        )
-        when {
-          context.threat_count < 10 &&
-          context.highest_severity != "critical"
-        };
-      `;
-
-      engine.loadPolicy(policy);
-
-      const entities = [
-        newEntity('Overwatch::User', 'mcp_client', { user_type: 'external', email: 'user@example.com' }),
-        newEntity('Overwatch::Tool', 'shell', { tool_name: 'shell', risk_level: 'high' }),
-      ];
-
-      const decision = engine.evaluate({
-        principal: newEntityUID('Overwatch::User', 'mcp_client'),
-        action: 'Overwatch::Action::"call_tool"',
-        resource: newEntityUID('Overwatch::Tool', 'shell'),
-        context: {
-          content: 'cat /etc/passwd',
-          source: 'claudecode',
-          event: 'PreToolUse',
-          user_email: 'user@example.com',
-          tool_name: 'shell',
-          mcp_server: 'filesystem',
-          mcp_tool: 'shell',
-          path: '/etc/passwd',
-          cwd: '/workspace',
-          workspace_root: '/workspace',
-          threat_count: 5,
-          highest_severity: 'medium',
-          threat_categories: [],
-
-          yara_threats: [],
-          max_threat_severity: 2,
-          contains_secrets: false,
-          response_content: '',
-        },
-        entities,
-      });
-
-      expect(decision.effect).toBe('Allow');
-    });
-
-    it('should work with Palisade service example', () => {
-      const engine = new PolicyEngine({ schema: PALISADE_SCHEMA });
-
-      const policy = `
-        forbid(
-          principal is Palisade::Scanner,
-          action == Palisade::Action::"load_model",
-          resource is Palisade::Artifact
-        )
-        when {
-          context.environment == "production" &&
-          context.pickle_exec_path_detected == true &&
-          context.severity == "CRITICAL"
-        };
-      `;
-
-      engine.loadPolicy(policy);
-
-      const entities = [
-        newEntity('Palisade::Scanner', 'palisade', { scanner_type: 'ml_security' }),
-        newEntity('Palisade::Artifact', 'model.pkl', { artifact_format: 'pickle', path: '/models/model.pkl', signed: false, signer: 'unsigned' }),
-      ];
-
-      const decision = engine.evaluate({
-        principal: newEntityUID('Palisade::Scanner', 'palisade'),
-        action: 'Palisade::Action::"load_model"',
-        resource: newEntityUID('Palisade::Artifact', 'model.pkl'),
-        context: {
-          environment: 'production',
-          pickle_exec_path_detected: true,
-          severity: 'CRITICAL',
-        },
-        entities,
-      });
-
-      expect(decision.effect).toBe('Deny');
-    });
-  });
-});

package/src/schemas.ts

@@ -1,91 +0,0 @@
-/**
- * Service-specific Cedar schemas and context metadata
- *
- * This module provides access to service-specific Cedar schemas
- * and their associated context metadata for UI builders.
- *
- * Schemas are bundled with the package and loaded at runtime. The schema
- * files are copied from schemas/ to packages/typescript/_schemas/ during
- * codegen (see Makefile). This ensures the package is self-contained and
- * works correctly when installed from npm.
- *
- * Available Schemas:
- * - Overwatch (Guardian): IDE security policies for LLM agents and tool calls
- * - Palisade: ML supply chain security policies for artifact scanning
- *
- * @example
- * ```typescript
- * import { OVERWATCH_SCHEMA, OVERWATCH_CONTEXT } from '@highflame/policy/schemas';
- * import { PolicyEngine } from '@highflame/policy';
- *
- * const engine = new PolicyEngine();
- * engine.loadSchema(OVERWATCH_SCHEMA);
- *
- * // Parse context metadata for UI dropdowns
- * const contextMeta = JSON.parse(OVERWATCH_CONTEXT);
- * ```
- */
-
-import * as fs from 'fs';
-import * as path from 'path';
-import { fileURLToPath } from 'url';
-
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = path.dirname(__filename);
-
-// Path to schemas directory (bundled with package)
-const SCHEMAS_DIR = path.join(__dirname, '..', '_schemas');
-
-// Re-export service-specific context keys
-export { OverwatchContextKey } from './overwatch-context.gen.js';
-export { PalisadeContextKey } from './palisade-context.gen.js';
-export type { OverwatchContextKey as OverwatchContextKeyType } from './overwatch-context.gen.js';
-export type { PalisadeContextKey as PalisadeContextKeyType } from './palisade-context.gen.js';
-
-/**
- * Overwatch (Guardian) Cedar schema
- *
- * Full Cedar schema for IDE security, including:
- * - Actions: process_prompt, call_tool, connect_server, read_file, write_file
- * - Entities: User, Agent, LlmPrompt, Tool, Server, FilePath
- * - 20+ context attributes for threat detection and workspace security
- */
-export const OVERWATCH_SCHEMA = fs.readFileSync(
-  path.join(SCHEMAS_DIR, 'overwatch', 'schema.cedarschema'),
-  'utf-8'
-);
-
-/**
- * Overwatch context metadata (JSON)
- *
- * Metadata describing available context attributes for each Overwatch action.
- * Used by PolicyBuilder UI to generate context dropdowns with type information.
- */
-export const OVERWATCH_CONTEXT = fs.readFileSync(
-  path.join(SCHEMAS_DIR, 'overwatch', 'context.json'),
-  'utf-8'
-);
-
-/**
- * Palisade Cedar schema
- *
- * Full Cedar schema for ML supply chain security, including:
- * - Actions: scan_artifact, validate_integrity, validate_provenance, quarantine_artifact, load_model, deploy_model
- * - Entities: Scanner, Artifact, Package
- * - 15+ context attributes for ML security findings
- */
-export const PALISADE_SCHEMA = fs.readFileSync(
-  path.join(SCHEMAS_DIR, 'palisade', 'schema.cedarschema'),
-  'utf-8'
-);
-
-/**
- * Palisade context metadata (JSON)
- *
- * Metadata describing available context attributes for each Palisade action.
- * Used by PolicyBuilder UI to generate context dropdowns with type information.
- */
-export const PALISADE_CONTEXT = fs.readFileSync(
-  path.join(SCHEMAS_DIR, 'palisade', 'context.json'),
-  'utf-8'
-);