@highflame/policy 2.1.41 → 2.1.42

package/_schemas/ai_gateway/context.json

@@ -7,6 +7,18 @@
       "name": "call_tool",
       "description": "Call an MCP tool — threat focus: command injection, tool poisoning, rug pull, secrets, PII",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "content",
           "type": "string",
@@ -343,6 +355,18 @@
       "name": "connect_server",
       "description": "Connect to an MCP server — threat focus: supply chain, tool poisoning, config risk",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "content",
           "type": "string",
@@ -553,6 +577,18 @@
       "name": "process_prompt",
       "description": "Process a prompt (MCP or LLM chat completion) — threat focus: injection, jailbreak, secrets, PII, content safety",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "content",
           "type": "string",
@@ -793,6 +829,18 @@
       "name": "read_file",
       "description": "Read an MCP resource — threat focus: secrets exposure, PII exposure",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "content",
           "type": "string",
@@ -961,6 +1009,18 @@
       "name": "write_file",
       "description": "Write an MCP resource — threat focus: secrets in output, PII in output",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "content",
           "type": "string",

package/_schemas/ai_gateway/schema.cedarschema

@@ -73,6 +73,9 @@ action call_tool appliesTo {
   principal: [User, MCP_Client],
   resource: [Tool],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     // --- Content ---
     content: String,                  // Raw content being scanned
 
@@ -179,6 +182,9 @@ action connect_server appliesTo {
   principal: [User, MCP_Client],
   resource: [Server],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     content?: String,                 // Server config content (if available)
     mcp_server?: String,
 
@@ -248,6 +254,9 @@ action process_prompt appliesTo {
   principal: [User, MCP_Client],
   resource: [LlmPrompt],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     content: String,
     mcp_server?: String,
 
@@ -326,6 +335,9 @@ action read_file appliesTo {
   principal: [User, MCP_Client],
   resource: [FilePath],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     content: String,
     mcp_server?: String,
 
@@ -384,6 +396,9 @@ action write_file appliesTo {
   principal: [User, MCP_Client],
   resource: [FilePath],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     content: String,
     mcp_server?: String,
 

package/_schemas/guardrails/context.json

@@ -7,6 +7,18 @@
       "name": "process_prompt",
       "description": "Analyze user prompts and AI responses for security threats, PII, and content violations",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "request_id",
           "type": "string",
@@ -523,6 +535,18 @@
       "name": "call_tool",
       "description": "Execute agentic tool calls, including shell commands, file operations, and MCP tools",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "request_id",
           "type": "string",
@@ -1015,6 +1039,18 @@
       "name": "read_file",
       "description": "Read file operations for analyzing file content before allowing access",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "request_id",
           "type": "string",
@@ -1195,6 +1231,18 @@
       "name": "write_file",
       "description": "Write file operations for preventing writes of sensitive content",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "request_id",
           "type": "string",
@@ -1387,6 +1435,18 @@
       "name": "connect_server",
       "description": "Connect to an MCP server, used to control which MCP servers are allowed",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "request_id",
           "type": "string",

package/_schemas/guardrails/schema.cedarschema

@@ -96,6 +96,9 @@ namespace Guardrails {
 
     /// Context for process_prompt action (user prompts & AI responses)
     type ProcessPromptContext = {
+        // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+        "role"?: String,
+        "privilege_scope"?: Set<String>,
         // Core metadata (required)
         "request_id": String,
         "timestamp": Long,
@@ -235,6 +238,9 @@ namespace Guardrails {
 
     /// Context for call_tool action (agentic tool execution)
     type CallToolContext = {
+        // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+        "role"?: String,
+        "privilege_scope"?: Set<String>,
         // Core metadata (required)
         "request_id": String,
         "timestamp": Long,
@@ -371,6 +377,9 @@ namespace Guardrails {
 
     /// Context for read_file action
     type FileReadContext = {
+        // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+        "role"?: String,
+        "privilege_scope"?: Set<String>,
         // Core metadata (required)
         "request_id": String,
         "timestamp": Long,
@@ -431,6 +440,9 @@ namespace Guardrails {
 
     /// Context for write_file action
     type FileWriteContext = {
+        // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+        "role"?: String,
+        "privilege_scope"?: Set<String>,
         // Core metadata (required)
         "request_id": String,
         "timestamp": Long,
@@ -495,6 +507,9 @@ namespace Guardrails {
 
     /// Context for connect_server action (MCP server connections)
     type ConnectServerContext = {
+        // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+        "role"?: String,
+        "privilege_scope"?: Set<String>,
         // Core metadata (required)
         "request_id": String,
         "timestamp": Long,

package/_schemas/overwatch/context.json

@@ -7,6 +7,18 @@
       "name": "process_prompt",
       "description": "User submits a prompt or receives AI response",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "content",
           "type": "string",
@@ -301,6 +313,18 @@
       "name": "call_tool",
       "description": "User calls a tool (native IDE tool or MCP tool)",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "content",
           "type": "string",
@@ -709,6 +733,18 @@
       "name": "connect_server",
       "description": "Connect to an MCP server",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "content",
           "type": "string",
@@ -901,6 +937,18 @@
       "name": "read_file",
       "description": "Read a file from disk",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "content",
           "type": "string",
@@ -1093,6 +1141,18 @@
       "name": "write_file",
       "description": "Write a file to disk",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "content",
           "type": "string",

package/_schemas/overwatch/schema.cedarschema

@@ -79,6 +79,9 @@ action process_prompt appliesTo {
   principal: [User, Agent],
   resource: [LlmPrompt],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     // --- Event & Source ---
     content: String,                  // Raw content being scanned
     source: String,                   // IDE source: "cursor", "claudecode", "github_copilot"
@@ -157,6 +160,9 @@ action call_tool appliesTo {
   principal: [User, Agent],
   resource: [Tool, FilePath],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     // --- Event & Source ---
     content: String,                  // Raw content being scanned (e.g., shell command, tool args)
     source: String,                   // IDE source
@@ -266,6 +272,9 @@ action connect_server appliesTo {
   principal: [User, Agent],
   resource: [Server],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     content?: String,                 // Server config content (if available)
     source: String,
     event: String,
@@ -313,6 +322,9 @@ action read_file appliesTo {
   principal: [User, Agent],
   resource: [FilePath],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     content: String,
     source: String,
     event: String,
@@ -364,6 +376,9 @@ action write_file appliesTo {
   principal: [User, Agent],
   resource: [FilePath],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     content: String,
     source: String,
     event: String,

package/_schemas/sentry/context.json

@@ -7,6 +7,18 @@
       "name": "process_prompt",
       "description": "User sends a message (prompt) to an AI chat service via the browser",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "content",
           "type": "string",
@@ -331,6 +343,18 @@
       "name": "receive_response",
       "description": "AI service responds to the user — scan response content for harmful output",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "content",
           "type": "string",
@@ -565,6 +589,18 @@
       "name": "paste_content",
       "description": "User pastes content into an AI chat (clipboard, cross-tab, cross-app)",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "content",
           "type": "string",
@@ -853,6 +889,18 @@
       "name": "upload_file",
       "description": "User uploads a file or document into an AI chat service",
       "context_attributes": [
+        {
+          "key": "role",
+          "type": "string",
+          "required": false,
+          "description": "Caller's RBAC role projected from the principal's token (AARM R6 / CAP-IDN-011), e.g. finance_lead. Absent when the token carries no role claim."
+        },
+        {
+          "key": "privilege_scope",
+          "type": "array",
+          "required": false,
+          "description": "Privilege-scope strings granted to the caller, projected from the token (AARM R6 / CAP-IDN-011), e.g. transfer:approve. Absent when the token carries no claim."
+        },
         {
           "key": "content",
           "type": "string",

package/_schemas/sentry/schema.cedarschema

@@ -78,6 +78,9 @@ action process_prompt appliesTo {
   principal: [User],
   resource: [ChatSession],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     // --- Core Metadata ---
     content: String,                  // Raw message content being sent
     source: String,                   // Browser extension identifier: "sentry"
@@ -165,6 +168,9 @@ action receive_response appliesTo {
   principal: [User],
   resource: [ChatSession],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     // --- Core Metadata ---
     content: String,                  // AI response content
     source: String,
@@ -231,6 +237,9 @@ action paste_content appliesTo {
   principal: [User],
   resource: [ChatSession, Document],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     // --- Core Metadata ---
     content: String,                  // Pasted content
     source: String,
@@ -308,6 +317,9 @@ action upload_file appliesTo {
   principal: [User],
   resource: [Document, ChatSession],
   context: {
+    // Identity (AARM R6 / CAP-IDN-011) — projected from the principal's token; optional.
+    role?: String,
+    privilege_scope?: Set<String>,
     // --- Core Metadata ---
     content: String,                  // Extracted file text content (for scanning)
     source: String,

package/dist/aarm-annotation.d.ts

@@ -0,0 +1,120 @@
+/**
+ * AARM-Aware Annotation Parser (TypeScript)
+ *
+ * Runtime layer over the generated AARM annotation registry
+ * (aarm-annotations.gen.ts). Ported from packages/go/aarm_annotation.go to
+ * give Studio's policy editor the SAME parse + validation rules Shield runs
+ * at policy sync time (Go's ValidateAARMAnnotations). The two
+ * implementations share a test corpus — see aarm-annotation.test.ts and its
+ * Go twin aarm_annotation_test.go.
+ *
+ * Takes the `Record<string, string>` of a policy's @-annotations and
+ * produces:
+ *
+ *   - typed directives Studio (and any TS consumer) can switch on
+ *     (StepUpRequiredDirective, DeferBelowConfidenceDirective, ...) and
+ *   - a list of typed validation errors (AARMAnnotationError).
+ *
+ * Three encoding shapes are accepted, matching the value_encoding block in
+ * schemas/annotations.json:
+ *
+ *  1. Marker:                  `@defer_on_conflict("")`        → no params
+ *  2. Single-param positional: `@defer_below_confidence("0.7")` → bare value
+ *     binds to the single required-positional parameter declared in the
+ *     registry. Fails closed if no such parameter exists.
+ *  3. Multi-param key=value:    `@step_up_required("role=finance_lead,timeout_seconds=3600")`
+ *     parameters are comma-separated key=value pairs. Unknown keys error;
+ *     missing required parameters error.
+ *
+ * Generic Cedar annotations (@id, @name, @severity, @tags, arbitrary custom
+ * KV pairs) are NOT parsed here — those live in annotations.ts and remain
+ * free-form. AARM annotations are a strict subset whose key MUST appear in
+ * AARM_ANNOTATION_BY_KEY.
+ *
+ * Validation is fail-closed (AARM R3/R4): a malformed AARM annotation never
+ * silently degrades to a no-op — the caller is told exactly which
+ * annotation, which parameter, and what was wrong, so Admin can reject the
+ * policy at deploy time and Studio's lint can surface it inline.
+ */
+/**
+ * Parsed form of `@step_up_required`. Suspends the action pending approval
+ * from an approver carrying `role`; fail-closed DENY after `timeoutSeconds`.
+ */
+export interface StepUpRequiredDirective {
+    /** AuthN role the approver must carry (validated against authn.roles at deploy). */
+    role: string;
+    /** Seconds the action waits before fail-closed DENY. Defaults to the registry default (86400). */
+    timeoutSeconds: number;
+}
+/** Parsed form of `@defer_on_conflict`. Marker — presence is the signal. */
+export interface DeferOnConflictDirective {
+}
+/** Parsed form of `@defer_below_confidence`. Defers when a detector confidence < threshold. */
+export interface DeferBelowConfidenceDirective {
+    /** Threshold in [0.0, 1.0]. Detector scores strictly below trigger a deferral. */
+    threshold: number;
+}
+/** Parsed form of `@defer_until_context`. Defers when the named context field is empty/missing. */
+export interface DeferUntilContextDirective {
+    /** Dotted Cedar context-attribute path (e.g. "session_max_sensitivity"). */
+    field: string;
+}
+/**
+ * Every typed AARM directive parsed from a single policy's annotation map.
+ * Each field is present iff the corresponding annotation was present and
+ * parsed successfully.
+ */
+export interface AARMDirectives {
+    stepUpRequired?: StepUpRequiredDirective;
+    deferOnConflict?: DeferOnConflictDirective;
+    deferBelowConfidence?: DeferBelowConfidenceDirective;
+    deferUntilContext?: DeferUntilContextDirective;
+}
+/** True iff at least one AARM directive was parsed. */
+export declare function hasAnyAARMDirective(d: AARMDirectives | null | undefined): boolean;
+export interface AARMAnnotationErrorInit {
+    /** Annotation key (e.g. "step_up_required"). */
+    key: string;
+    /** Parameter where the failure occurred; omit for annotation-level failures. */
+    parameter?: string;
+    /** Raw Cedar value (or parameter substring) that was rejected. */
+    rawValue?: string;
+    /** Short, actionable human-readable message. */
+    reason: string;
+}
+/**
+ * Structured error for a malformed AARM annotation. Mirrors Go's
+ * AARMAnnotationError. Studio's lint surfaces these inline; Admin serializes
+ * them in the policy-create rejection.
+ */
+export declare class AARMAnnotationError extends Error {
+    readonly key: string;
+    readonly parameter: string;
+    readonly rawValue: string;
+    readonly reason: string;
+    constructor(init: AARMAnnotationErrorInit);
+}
+/** True iff err is an AARMAnnotationError. */
+export declare function isAARMAnnotationError(err: unknown): err is AARMAnnotationError;
+export interface ParseAARMResult {
+    directives: AARMDirectives;
+    errors: AARMAnnotationError[];
+}
+/**
+ * Walks the raw annotation map and extracts every AARM-recognized annotation
+ * into typed directives. Non-AARM keys are ignored (handled by the generic
+ * annotation surface in annotations.ts).
+ *
+ * Errors are COLLECTED, not fail-fast, so a single call surfaces every
+ * offending annotation at once — Studio shows all squiggles in one pass.
+ * Keys are processed in sorted order for stable error reporting.
+ */
+export declare function parseAARMAnnotations(raw: Record<string, string> | null | undefined): ParseAARMResult;
+/**
+ * Validate-only variant: returns the error list without the typed
+ * directives. Suitable for Admin's policy-create endpoint, which only needs
+ * the yes/no verdict + error list.
+ */
+export declare function validateAARMAnnotations(raw: Record<string, string> | null | undefined): AARMAnnotationError[];
+/** True iff key is a platform-recognized AARM annotation. */
+export declare function isAARMAnnotationKey(key: string): boolean;