@lannguyensi/harness 0.7.0 → 0.8.1

package/dist/policy-packs/builtin/understanding-before-execution.js

@@ -0,0 +1,254 @@
+// Builtin Policy Pack: `understanding-before-execution`.
+//
+// Bundles three hook contributions for Claude Code (UserPromptSubmit,
+// Stop, PreToolUse), plus a per-mode instructions.md that documents what
+// the pack is doing for human auditors. The actual prompt that the agent
+// sees at UserPromptSubmit time is owned by `@lannguyensi/understanding-gate`
+// (specifically `src/prompts/{full,fast-confirm,grill-me}.ts`); harness's
+// instructions.md is the operator-facing summary, not the agent-injected
+// text. Drift on instructions.md is therefore meaningful (someone edited
+// the audit copy), distinct from drift on the package's own templates
+// (which the package's own drift detection would handle on a future
+// `understanding-gate init` reinstall).
+import { profileToSettingsPermissions } from "../permission-translator.js";
+import { DEFAULT_RUNTIME } from "../runtime.js";
+import { isKnownProfileName, resolveProfile, KNOWN_PROFILE_NAMES, } from "./permission-profiles.js";
+export const PACK_NAME = "understanding-before-execution";
+const MODES = ["fast_confirm", "grill_me", "strict"];
+export const DEFAULT_MODE = "grill_me";
+const HOOK_NAME_PREFIX = `policy-pack:${PACK_NAME}`;
+// Per-runtime hook surface. Claude Code keys on tool name (Edit|Write|Bash);
+// Codex's write surface is `apply_patch` + `Bash`/`shell` (the task's
+// in-scope list). The hook contract Codex feeds to the adapter is the
+// same generic envelope harness publishes: `{ session_id, tool_name,
+// raw_input, event }` on stdin, `{ decision }` on stdout, exit 2 on
+// block. See dogfood/phase6-6/README.md for the wire format.
+const PRE_TOOL_USE_MATCH_CLAUDE = "Edit|Write|Bash";
+const PRE_TOOL_USE_MATCH_CODEX = "apply_patch|Bash|shell";
+// UserPromptSubmit + Stop hooks point at `@lannguyensi/understanding-gate`
+// bare bin names (npm i -g). The harness validator's checkHooks skips
+// PATH lookup for non-rooted commands by design, so missing-bin shows
+// up at runtime, not at lint. `harness doctor` (Phase 6 #4 follow-up)
+// will add the presence check.
+const BIN_USER_PROMPT_SUBMIT_CLAUDE = "understanding-gate-claude-hook";
+const BIN_STOP_CLAUDE = "understanding-gate-claude-stop";
+// PreToolUse blocker is the harness CLI itself (Phase 6 #4): it consults
+// BOTH the evidence-ledger tag (canonical for harnessed sessions) AND
+// the persisted JSON report under `.understanding-gate/reports/`
+// (fallback for sessions without grounding-mcp wired). The npm package's
+// own bin remains available for solo users; the harness blocker is
+// strictly more powerful.
+const PRE_TOOL_USE_COMMAND_CLAUDE = "harness pack hook pre-tool-use";
+// Codex variants. The package `@lannguyensi/understanding-gate` does
+// not yet ship Codex bins, so harness owns the adapter:
+//
+//   - UserPromptSubmit-equivalent injector (Phase 6 #6).
+//   - Stop-equivalent capture into `.understanding-gate/reports/`
+//     (Phase 6 #6 follow-up).
+//   - PreToolUse blocker on apply_patch/Bash/shell (Phase 6 #6).
+//
+// Cross-runtime sessions can still approve from a Claude Code report:
+// the ledger tag is the canonical source for harnessed sessions,
+// independent of which runtime captured the report. The persisted-
+// report directory is shared between runtimes, so a Codex stop that
+// writes a report is approvable via `harness approve understanding`
+// regardless of which runtime invokes the next tool call.
+const COMMAND_USER_PROMPT_SUBMIT_CODEX = "harness pack hook codex-user-prompt-submit";
+const COMMAND_STOP_CODEX = "harness pack hook codex-stop";
+const COMMAND_PRE_TOOL_USE_CODEX = "harness pack hook codex-pre-tool-use";
+export function isMode(value) {
+    return typeof value === "string" && MODES.includes(value);
+}
+export function resolveMode(pack) {
+    const raw = pack.config["mode"];
+    if (raw === undefined)
+        return { mode: DEFAULT_MODE, warning: null };
+    if (isMode(raw))
+        return { mode: raw, warning: null };
+    const warning = `policy_packs[${pack.name}].config.mode: unrecognised value ${JSON.stringify(raw)}, falling back to "${DEFAULT_MODE}". Allowed: ${MODES.join(", ")}.`;
+    return { mode: DEFAULT_MODE, warning };
+}
+function buildHooks(runtime) {
+    // Per-mode hook commands are identical (the mode is passed via the
+    // package's UNDERSTANDING_GATE_MODE env var, set elsewhere — out of
+    // scope for Phase 6 #2). What changes per mode is the instructions.md
+    // content + the actual injected prompt (owned by the npm package).
+    if (runtime === "codex") {
+        return [
+            {
+                name: `${HOOK_NAME_PREFIX}:codex:user-prompt-submit`,
+                event: "UserPromptSubmit",
+                command: COMMAND_USER_PROMPT_SUBMIT_CODEX,
+                blocking: false,
+                budget_ms: 5000,
+                description: "Codex adapter: inject the Understanding-Gate instruction template before the agent acts. Phase 6 #6.",
+            },
+            {
+                name: `${HOOK_NAME_PREFIX}:codex:stop`,
+                event: "Stop",
+                command: COMMAND_STOP_CODEX,
+                blocking: false,
+                budget_ms: 5000,
+                description: "Codex adapter: capture the agent's Understanding Report into .understanding-gate/reports/ as approvalStatus:pending. Phase 6 #6 follow-up.",
+            },
+            {
+                name: `${HOOK_NAME_PREFIX}:codex:pre-tool-use`,
+                event: "PreToolUse",
+                match: PRE_TOOL_USE_MATCH_CODEX,
+                command: COMMAND_PRE_TOOL_USE_CODEX,
+                blocking: "hard",
+                budget_ms: 5000,
+                description: "Codex adapter: block apply_patch/Bash/shell until an approved Understanding Report exists for the session. Consults both the evidence-ledger tag and the persisted JSON report.",
+            },
+        ];
+    }
+    return [
+        {
+            name: `${HOOK_NAME_PREFIX}:user-prompt-submit`,
+            event: "UserPromptSubmit",
+            command: BIN_USER_PROMPT_SUBMIT_CLAUDE,
+            blocking: false,
+            budget_ms: 5000,
+            description: "Inject the Understanding-Gate instruction template before the agent acts. Source: @lannguyensi/understanding-gate.",
+        },
+        {
+            name: `${HOOK_NAME_PREFIX}:stop`,
+            event: "Stop",
+            command: BIN_STOP_CLAUDE,
+            blocking: false,
+            budget_ms: 5000,
+            description: "Capture the agent's Understanding Report into .understanding-gate/reports/. Source: @lannguyensi/understanding-gate.",
+        },
+        {
+            name: `${HOOK_NAME_PREFIX}:pre-tool-use`,
+            event: "PreToolUse",
+            match: PRE_TOOL_USE_MATCH_CLAUDE,
+            command: PRE_TOOL_USE_COMMAND_CLAUDE,
+            blocking: "hard",
+            budget_ms: 5000,
+            description: "Block Edit/Write/Bash until an approved Understanding Report exists for the session. Consults both the evidence-ledger tag (understanding-approved:${SESSION_ID}) and the persisted JSON report.",
+        },
+    ];
+}
+function modeFriction(mode) {
+    switch (mode) {
+        case "fast_confirm":
+            return "low friction. The gate fires on prompts the classifier flags as execution-relevant. Brief Understanding Report; one-line approval.";
+        case "grill_me":
+            return "medium friction (default). The gate fires on any prompt the agent might respond to with a write. Full Understanding Report (assumptions, openQuestions, outOfScope, risks, verificationPlan). Push-back is encouraged.";
+        case "strict":
+            return "high friction. The gate fires on every prompt. Report MUST include verificationPlan and outOfScope; requiresHumanApproval is forced to true.";
+    }
+}
+function buildInstructions(pack, mode, runtime) {
+    const description = pack.description?.trim() ?? "";
+    const isCodex = runtime === "codex";
+    const injectorCmd = isCodex ? COMMAND_USER_PROMPT_SUBMIT_CODEX : BIN_USER_PROMPT_SUBMIT_CLAUDE;
+    const stopCmd = isCodex ? COMMAND_STOP_CODEX : BIN_STOP_CLAUDE;
+    const blockerCmd = isCodex ? COMMAND_PRE_TOOL_USE_CODEX : PRE_TOOL_USE_COMMAND_CLAUDE;
+    const blockerMatch = isCodex ? PRE_TOOL_USE_MATCH_CODEX : PRE_TOOL_USE_MATCH_CLAUDE;
+    const settingsArtefact = isCodex
+        ? "`harness.generated/codex/config.toml`"
+        : "harness-managed `settings.json`";
+    const stopBullet = `2. \`Stop\` capture (\`${stopCmd}\`): persists the emitted Understanding
+   Report under \`.understanding-gate/reports/\` for audit and downstream
+   approval consumption.
+`;
+    const blockerOrdinal = "3";
+    return `# Policy Pack: ${PACK_NAME}
+
+> Operator audit copy. The agent-facing prompt is injected at runtime by
+> the \`${injectorCmd}\` UserPromptSubmit hook; that text lives
+> in the \`@lannguyensi/understanding-gate\` package, not here. This file
+> records WHAT the pack is doing and HOW it is configured so that
+> \`harness diff --since-apply\` can flag operator-facing drift.
+
+## Runtime
+
+${runtime}
+
+## Mode
+
+${mode}
+
+${modeFriction(mode)}
+
+## Effect
+
+While this pack is enabled, hooks are wired into the ${settingsArtefact}:
+
+1. \`UserPromptSubmit\` injector (\`${injectorCmd}\`): inserts the
+   Understanding-Gate instruction template into the agent's first response.
+${stopBullet}${blockerOrdinal}. \`PreToolUse\` blocker (\`${blockerCmd}\`, blocking: hard)
+   on \`${blockerMatch}\`: refuses the tool call until an approved
+   report exists for the session. Consults BOTH the evidence-ledger
+   tag (\`understanding-approved:\${SESSION_ID}\`, canonical for
+   harnessed sessions) AND the persisted JSON report under
+   \`.understanding-gate/reports/\` (fallback for sessions without
+   grounding-mcp wired). Either source approves.
+
+## Approval
+
+The standalone blocker shipped in \`@lannguyensi/understanding-gate@>=0.2.0\`
+checks the persisted JSON report's \`approvalStatus\`. Phase 6 #4 will
+add a harness-side blocker that ALSO consults the evidence-ledger tag
+\`understanding-approved:\${SESSION_ID}\` (canonical for harnessed
+sessions), and \`harness approve understanding\` will round-trip both.
+Until then, approval flows through the package's own CLI.
+
+## Pack metadata
+${description ? `\n> ${description.replace(/\n/g, "\n> ")}\n` : ""}
+- Source: \`builtin\`
+- Pack: \`${PACK_NAME}\`
+- Mode: \`${mode}\`
+- Runtime: \`${runtime}\`
+
+## See also
+
+- \`docs/policy-packs/understanding-before-execution.md\` (full reference)
+- \`docs/ROADMAP.md\` Phase 6 sub-task decomposition
+`;
+}
+function resolvePermissionProfile(pack) {
+    const raw = pack.config["permission_profile"];
+    if (raw === undefined)
+        return { permissions: null, warning: null };
+    if (typeof raw !== "string") {
+        return {
+            permissions: null,
+            warning: `policy_packs[${pack.name}].config.permission_profile: expected a string, got ${typeof raw}; skipping permission contribution.`,
+        };
+    }
+    if (!isKnownProfileName(raw)) {
+        return {
+            permissions: null,
+            warning: `policy_packs[${pack.name}].config.permission_profile: unrecognised profile ${JSON.stringify(raw)}. Allowed: ${KNOWN_PROFILE_NAMES.join(", ")}. Skipping permission contribution.`,
+        };
+    }
+    const profile = resolveProfile(raw);
+    if (!profile)
+        return { permissions: null, warning: null };
+    return { permissions: profileToSettingsPermissions(profile), warning: null };
+}
+export function resolve(pack, runtime = DEFAULT_RUNTIME) {
+    const { mode, warning } = resolveMode(pack);
+    const hooks = buildHooks(runtime);
+    const instructionsContent = buildInstructions(pack, mode, runtime);
+    const files = [
+        {
+            relativePath: `policy-packs/${PACK_NAME}/instructions.md`,
+            content: instructionsContent,
+        },
+    ];
+    const warnings = [];
+    if (warning)
+        warnings.push(warning);
+    const profileResult = resolvePermissionProfile(pack);
+    if (profileResult.warning)
+        warnings.push(profileResult.warning);
+    const contribution = { hooks, files };
+    if (profileResult.permissions)
+        contribution.permissions = profileResult.permissions;
+    return { contribution, warnings };
+}
+//# sourceMappingURL=understanding-before-execution.js.map

package/dist/policy-packs/builtin/understanding-before-execution.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"understanding-before-execution.js","sourceRoot":"","sources":["../../../src/policy-packs/builtin/understanding-before-execution.ts"],"names":[],"mappings":"AAAA,yDAAyD;AACzD,EAAE;AACF,sEAAsE;AACtE,yEAAyE;AACzE,yEAAyE;AACzE,8EAA8E;AAC9E,0EAA0E;AAC1E,yEAAyE;AACzE,yEAAyE;AACzE,sEAAsE;AACtE,oEAAoE;AACpE,wCAAwC;AAGxC,OAAO,EAAE,4BAA4B,EAAE,MAAM,6BAA6B,CAAC;AAC3E,OAAO,EAAE,eAAe,EAAgB,MAAM,eAAe,CAAC;AAM9D,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,mBAAmB,GACpB,MAAM,0BAA0B,CAAC;AAElC,MAAM,CAAC,MAAM,SAAS,GAAG,gCAAgC,CAAC;AAI1D,MAAM,KAAK,GAAoB,CAAC,cAAc,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;AAEtE,MAAM,CAAC,MAAM,YAAY,GAAS,UAAU,CAAC;AAE7C,MAAM,gBAAgB,GAAG,eAAe,SAAS,EAAE,CAAC;AAEpD,6EAA6E;AAC7E,sEAAsE;AACtE,sEAAsE;AACtE,qEAAqE;AACrE,oEAAoE;AACpE,6DAA6D;AAC7D,MAAM,yBAAyB,GAAG,iBAAiB,CAAC;AACpD,MAAM,wBAAwB,GAAG,wBAAwB,CAAC;AAE1D,2EAA2E;AAC3E,sEAAsE;AACtE,sEAAsE;AACtE,sEAAsE;AACtE,+BAA+B;AAC/B,MAAM,6BAA6B,GAAG,gCAAgC,CAAC;AACvE,MAAM,eAAe,GAAG,gCAAgC,CAAC;AACzD,yEAAyE;AACzE,sEAAsE;AACtE,iEAAiE;AACjE,yEAAyE;AACzE,mEAAmE;AACnE,0BAA0B;AAC1B,MAAM,2BAA2B,GAAG,gCAAgC,CAAC;AAErE,qEAAqE;AACrE,wDAAwD;AACxD,EAAE;AACF,yDAAyD;AACzD,kEAAkE;AAClE,8BAA8B;AAC9B,iEAAiE;AACjE,EAAE;AACF,sEAAsE;AACtE,iEAAiE;AACjE,mEAAmE;AACnE,oEAAoE;AACpE,oEAAoE;AACpE,0DAA0D;AAC1D,MAAM,gCAAgC,GAAG,4CAA4C,CAAC;AACtF,MAAM,kBAAkB,GAAG,8BAA8B,CAAC;AAC1D,MAAM,0BAA0B,GAAG,sCAAsC,CAAC;AAE1E,MAAM,UAAU,MAAM,CAAC,KAAc;IACnC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAK,KAA2B,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACnF,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,IAAgB;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAChC,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACpE,IAAI,MAAM,CAAC,GAAG,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACrD,MAAM,OAAO,GAAG,gBAAgB,IAAI,CAAC,IAAI,qCAAqC,IAAI,CAAC,SAAS,CAC1F,GAAG,CACJ,sBAAsB,YAAY,eAAe,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;IACtE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC;AACzC,CAAC;AAED,SAAS,UAAU,CAAC,OAAgB;IAClC,mEAAmE;IACnE,oEAAoE;IACpE,sEAAsE;IACtE,mEAAmE;IACnE,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,OAAO;YACL;gBACE,IAAI,EAAE,GAAG,gBAAgB,2BAA2B;gBACpD,KAAK,EAAE,kBAAkB;gBACzB,OAAO,EAAE,gCAAgC;gBACzC,QAAQ,EAAE,KAAK;gBACf,SAAS,EAAE,IAAI;gBACf,WAAW,EACT,sGAAsG;aACzG;YACD;gBACE,IAAI,EAAE,GAAG,gBAAgB,aAAa;gBACtC,KAAK,EAAE,MAAM;gBACb,OAAO,EAAE,kBAAkB;gBAC3B,QAAQ,EAAE,KAAK;gBACf,SAAS,EAAE,IAAI;gBACf,WAAW,EACT,4IAA4I;aAC/I;YACD;gBACE,IAAI,EAAE,GAAG,gBAAgB,qBAAqB;gBAC9C,KAAK,EAAE,YAAY;gBACnB,KAAK,EAAE,wBAAwB;gBAC/B,OAAO,EAAE,0BAA0B;gBACnC,QAAQ,EAAE,MAAM;gBAChB,SAAS,EAAE,IAAI;gBACf,WAAW,EACT,iLAAiL;aACpL;SACF,CAAC;IACJ,CAAC;IACD,OAAO;QACL;YACE,IAAI,EAAE,GAAG,gBAAgB,qBAAqB;YAC9C,KAAK,EAAE,kBAAkB;YACzB,OAAO,EAAE,6BAA6B;YACtC,QAAQ,EAAE,KAAK;YACf,SAAS,EAAE,IAAI;YACf,WAAW,EACT,oHAAoH;SACvH;QACD;YACE,IAAI,EAAE,GAAG,gBAAgB,OAAO;YAChC,KAAK,EAAE,MAAM;YACb,OAAO,EAAE,eAAe;YACxB,QAAQ,EAAE,KAAK;YACf,SAAS,EAAE,IAAI;YACf,WAAW,EACT,sHAAsH;SACzH;QACD;YACE,IAAI,EAAE,GAAG,gBAAgB,eAAe;YACxC,KAAK,EAAE,YAAY;YACnB,KAAK,EAAE,yBAAyB;YAChC,OAAO,EAAE,2BAA2B;YACpC,QAAQ,EAAE,MAAM;YAChB,SAAS,EAAE,IAAI;YACf,WAAW,EACT,kMAAkM;SACrM;KACF,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,IAAU;IAC9B,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,cAAc;YACjB,OAAO,oIAAoI,CAAC;QAC9I,KAAK,UAAU;YACb,OAAO,wNAAwN,CAAC;QAClO,KAAK,QAAQ;YACX,OAAO,8IAA8I,CAAC;IAC1J,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAgB,EAAE,IAAU,EAAE,OAAgB;IACvE,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACnD,MAAM,OAAO,GAAG,OAAO,KAAK,OAAO,CAAC;IACpC,MAAM,WAAW,GAAG,OAAO,CAAC,CAAC,CAAC,gCAAgC,CAAC,CAAC,CAAC,6BAA6B,CAAC;IAC/F,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,eAAe,CAAC;IAC/D,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,CAAC,2BAA2B,CAAC;IACtF,MAAM,YAAY,GAAG,OAAO,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,yBAAyB,CAAC;IACpF,MAAM,gBAAgB,GAAG,OAAO;QAC9B,CAAC,CAAC,uCAAuC;QACzC,CAAC,CAAC,iCAAiC,CAAC;IACtC,MAAM,UAAU,GAAG,0BAA0B,OAAO;;;CAGrD,CAAC;IACA,MAAM,cAAc,GAAG,GAAG,CAAC;IAC3B,OAAO,kBAAkB,SAAS;;;UAG1B,WAAW;;;;;;;EAOnB,OAAO;;;;EAIP,IAAI;;EAEJ,YAAY,CAAC,IAAI,CAAC;;;;uDAImC,gBAAgB;;sCAEjC,WAAW;;EAE/C,UAAU,GAAG,cAAc,+BAA+B,UAAU;UAC5D,YAAY;;;;;;;;;;;;;;;;;EAiBpB,WAAW,CAAC,CAAC,CAAC,OAAO,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;;YAEtD,SAAS;YACT,IAAI;eACD,OAAO;;;;;;CAMrB,CAAC;AACF,CAAC;AAED,SAAS,wBAAwB,CAC/B,IAAgB;IAEhB,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAC9C,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IACnE,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO;YACL,WAAW,EAAE,IAAI;YACjB,OAAO,EAAE,gBAAgB,IAAI,CAAC,IAAI,uDAAuD,OAAO,GAAG,qCAAqC;SACzI,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7B,OAAO;YACL,WAAW,EAAE,IAAI;YACjB,OAAO,EAAE,gBAAgB,IAAI,CAAC,IAAI,qDAAqD,IAAI,CAAC,SAAS,CACnG,GAAG,CACJ,cAAc,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,qCAAqC;SACnF,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC1D,OAAO,EAAE,WAAW,EAAE,4BAA4B,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC/E,CAAC;AAED,MAAM,UAAU,OAAO,CACrB,IAAgB,EAChB,UAAmB,eAAe;IAElC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAC5C,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IAClC,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IACnE,MAAM,KAAK,GAA2B;QACpC;YACE,YAAY,EAAE,gBAAgB,SAAS,kBAAkB;YACzD,OAAO,EAAE,mBAAmB;SAC7B;KACF,CAAC;IACF,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,OAAO;QAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAEpC,MAAM,aAAa,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IACrD,IAAI,aAAa,CAAC,OAAO;QAAE,QAAQ,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;IAChE,MAAM,YAAY,GAAqB,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IACxD,IAAI,aAAa,CAAC,WAAW;QAAE,YAAY,CAAC,WAAW,GAAG,aAAa,CAAC,WAAW,CAAC;IAEpF,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC;AACpC,CAAC"}

package/dist/policy-packs/expand.d.ts

@@ -0,0 +1,4 @@
+import type { Manifest } from "../schema/index.js";
+import { type Runtime } from "./runtime.js";
+import type { PackExpansionResult } from "./types.js";
+export declare function expandPolicyPacks(manifest: Manifest, runtime?: Runtime): PackExpansionResult;

package/dist/policy-packs/expand.js

@@ -0,0 +1,90 @@
+// Apply-time expansion of `policy_packs[]` entries.
+//
+// Walks the manifest's enabled packs, parses each `source:` string,
+// resolves builtin packs through the registry, and aggregates their
+// contributions (hooks + files). Unrecognised sources or unknown builtin
+// names produce non-fatal warnings here; `harness validate` is the
+// place that turns the same conditions into hard errors so the user
+// sees them at lint time, not silently at apply time.
+//
+// Hook-name collision handling: pack hooks are namespaced
+// (`policy-pack:<name>:<role>`) by the builtin definitions, so a user
+// hook with a colliding name is the user's mistake. We surface that as
+// a warning here rather than blowing up; the schema's duplicate-name
+// superRefine will reject it on the augmented manifest's downstream
+// re-parse if a caller re-validates.
+import { resolveBuiltin } from "./registry.js";
+import { DEFAULT_RUNTIME } from "./runtime.js";
+import { parsePackSource } from "./source.js";
+export function expandPolicyPacks(manifest, runtime = DEFAULT_RUNTIME) {
+    const out = { hooks: [], files: [], warnings: [], skipped: [] };
+    if (manifest.policy_packs.length === 0)
+        return out;
+    const existingHookNames = new Set(manifest.hooks.map((h) => h.name));
+    const seenPackHookNames = new Set();
+    const allowSet = new Set();
+    const askSet = new Set();
+    const denySet = new Set();
+    let anyPermissions = false;
+    for (const pack of manifest.policy_packs) {
+        if (!pack.enabled) {
+            out.skipped.push(pack.name);
+            continue;
+        }
+        const sourceParsed = parsePackSource(pack.source);
+        if (sourceParsed.kind === "unknown") {
+            out.warnings.push(`policy_packs[${pack.name}]: source ${JSON.stringify(pack.source)} is not recognised in v1 (only "builtin" resolves); skipping.`);
+            continue;
+        }
+        const resolved = resolveBuiltin(pack, runtime);
+        if (!resolved) {
+            out.warnings.push(`policy_packs[${pack.name}]: not a known builtin pack; skipping. See docs/policy-packs/ for supported names.`);
+            continue;
+        }
+        out.warnings.push(...resolved.warnings);
+        for (const hook of resolved.contribution.hooks) {
+            if (existingHookNames.has(hook.name)) {
+                out.warnings.push(`policy_packs[${pack.name}]: hook name "${hook.name}" collides with a manifest hooks[] entry; pack contribution dropped to avoid a duplicate-name failure.`);
+                continue;
+            }
+            if (seenPackHookNames.has(hook.name)) {
+                out.warnings.push(`policy_packs[${pack.name}]: hook name "${hook.name}" was already contributed by an earlier pack; second copy dropped.`);
+                continue;
+            }
+            seenPackHookNames.add(hook.name);
+            out.hooks.push(hook);
+        }
+        out.files.push(...resolved.contribution.files);
+        if (resolved.contribution.permissions) {
+            anyPermissions = true;
+            for (const p of resolved.contribution.permissions.allow)
+                allowSet.add(p);
+            for (const p of resolved.contribution.permissions.ask)
+                askSet.add(p);
+            for (const p of resolved.contribution.permissions.deny)
+                denySet.add(p);
+        }
+    }
+    if (anyPermissions) {
+        // Deny wins over ask wins over allow at merge time: a stricter
+        // intent from any pack should not be silently relaxed by a more
+        // permissive sibling. Concretely, a pattern present in deny is
+        // stripped from ask + allow; a pattern present in ask is stripped
+        // from allow.
+        for (const p of denySet) {
+            askSet.delete(p);
+            allowSet.delete(p);
+        }
+        for (const p of askSet) {
+            allowSet.delete(p);
+        }
+        const permissions = {
+            allow: [...allowSet].sort(),
+            ask: [...askSet].sort(),
+            deny: [...denySet].sort(),
+        };
+        out.permissions = permissions;
+    }
+    return out;
+}
+//# sourceMappingURL=expand.js.map

package/dist/policy-packs/expand.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"expand.js","sourceRoot":"","sources":["../../src/policy-packs/expand.ts"],"names":[],"mappings":"AAAA,oDAAoD;AACpD,EAAE;AACF,oEAAoE;AACpE,oEAAoE;AACpE,yEAAyE;AACzE,mEAAmE;AACnE,oEAAoE;AACpE,sDAAsD;AACtD,EAAE;AACF,0DAA0D;AAC1D,sEAAsE;AACtE,uEAAuE;AACvE,qEAAqE;AACrE,oEAAoE;AACpE,qCAAqC;AAGrC,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAgB,MAAM,cAAc,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAG9C,MAAM,UAAU,iBAAiB,CAC/B,QAAkB,EAClB,UAAmB,eAAe;IAElC,MAAM,GAAG,GAAwB,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACrF,IAAI,QAAQ,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,GAAG,CAAC;IAEnD,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACrE,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC5C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IACjC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,IAAI,cAAc,GAAG,KAAK,CAAC;IAE3B,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,YAAY,EAAE,CAAC;QACzC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5B,SAAS;QACX,CAAC;QACD,MAAM,YAAY,GAAG,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAClD,IAAI,YAAY,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACpC,GAAG,CAAC,QAAQ,CAAC,IAAI,CACf,gBAAgB,IAAI,CAAC,IAAI,aAAa,IAAI,CAAC,SAAS,CAClD,IAAI,CAAC,MAAM,CACZ,+DAA+D,CACjE,CAAC;YACF,SAAS;QACX,CAAC;QACD,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC/C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,GAAG,CAAC,QAAQ,CAAC,IAAI,CACf,gBAAgB,IAAI,CAAC,IAAI,oFAAoF,CAC9G,CAAC;YACF,SAAS;QACX,CAAC;QACD,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACxC,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;YAC/C,IAAI,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrC,GAAG,CAAC,QAAQ,CAAC,IAAI,CACf,gBAAgB,IAAI,CAAC,IAAI,iBAAiB,IAAI,CAAC,IAAI,wGAAwG,CAC5J,CAAC;gBACF,SAAS;YACX,CAAC;YACD,IAAI,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrC,GAAG,CAAC,QAAQ,CAAC,IAAI,CACf,gBAAgB,IAAI,CAAC,IAAI,iBAAiB,IAAI,CAAC,IAAI,oEAAoE,CACxH,CAAC;gBACF,SAAS;YACX,CAAC;YACD,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC;QACD,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QAC/C,IAAI,QAAQ,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC;YACtC,cAAc,GAAG,IAAI,CAAC;YACtB,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,YAAY,CAAC,WAAW,CAAC,KAAK;gBAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACzE,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,YAAY,CAAC,WAAW,CAAC,GAAG;gBAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACrE,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,YAAY,CAAC,WAAW,CAAC,IAAI;gBAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED,IAAI,cAAc,EAAE,CAAC;QACnB,+DAA+D;QAC/D,gEAAgE;QAChE,+DAA+D;QAC/D,kEAAkE;QAClE,cAAc;QACd,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACjB,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACrB,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACrB,CAAC;QACD,MAAM,WAAW,GAAgC;YAC/C,KAAK,EAAE,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,EAAE;YAC3B,GAAG,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,IAAI,EAAE;YACvB,IAAI,EAAE,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,EAAE;SAC1B,CAAC;QACF,GAAG,CAAC,WAAW,GAAG,WAAW,CAAC;IAChC,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/policy-packs/index.d.ts

@@ -0,0 +1,5 @@
+export { expandPolicyPacks } from "./expand.js";
+export { KNOWN_BUILTIN_PACKS, isBuiltinPackName, resolveBuiltin, type BuiltinPackName, type ResolveBuiltinResult, } from "./registry.js";
+export { KNOWN_RUNTIMES, DEFAULT_RUNTIME, isRuntime, parseRuntime, type Runtime, } from "./runtime.js";
+export { parsePackSource, type PackSourceKind, type PackSourceParseResult } from "./source.js";
+export type { PackContribution, PackContributionFile, PackExpansionResult, } from "./types.js";

package/dist/policy-packs/index.js

@@ -0,0 +1,5 @@
+export { expandPolicyPacks } from "./expand.js";
+export { KNOWN_BUILTIN_PACKS, isBuiltinPackName, resolveBuiltin, } from "./registry.js";
+export { KNOWN_RUNTIMES, DEFAULT_RUNTIME, isRuntime, parseRuntime, } from "./runtime.js";
+export { parsePackSource } from "./source.js";
+//# sourceMappingURL=index.js.map

package/dist/policy-packs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/policy-packs/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,cAAc,GAGf,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,cAAc,EACd,eAAe,EACf,SAAS,EACT,YAAY,GAEb,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,eAAe,EAAmD,MAAM,aAAa,CAAC"}

package/dist/policy-packs/permission-translator.d.ts

@@ -0,0 +1,9 @@
+import type { PermissionActionKey, PermissionProfile } from "../schema/permission-profiles.js";
+export interface SettingsPermissions {
+    allow: string[];
+    ask: string[];
+    deny: string[];
+}
+export declare function profileToSettingsPermissions(profile: PermissionProfile): SettingsPermissions;
+/** Test seam — exposed for unit coverage of the action→pattern map. */
+export declare function _internalPatternMap(): Record<PermissionActionKey, string[]>;

package/dist/policy-packs/permission-translator.js

@@ -0,0 +1,76 @@
+// Phase 6 #5 — translate abstract permission profile actions into
+// Claude Code's settings.json permissions vocabulary.
+//
+// Mapping rules:
+//
+//   Action key  →  tool patterns                                   (matcher style)
+//   ----------     ----------------------------------------------- ----------------
+//   read           ["Read", "Glob", "Grep"]                        bare tool names
+//   edit           ["Edit", "Write", "MultiEdit"]                  bare tool names
+//   bash           ["Bash"]                                        bare tool name
+//   commit         ["Bash(git commit*)"]                           Bash-prefix syntax
+//   push           ["Bash(git push*)"]                             Bash-prefix syntax
+//   pr             ["mcp__agent-tasks__pull_requests_create",      MCP + bare gh
+//                   "Bash(gh pr create*)"]
+//   deploy         ["Bash(kubectl*)", "Bash(terraform destroy*)",  Bash-prefix syntax
+//                   "Bash(npm publish*)"]
+//
+// `allow` enum mapping:
+//
+//   "true"  / true   → permissions.allow
+//   "false" / false  → permissions.deny
+//   "ask"            → permissions.ask
+//   "limited"        → permissions.ask  (v1 fallback — distinct
+//                                        semantics deferred to a
+//                                        Phase 6 #5 follow-up)
+//   "ask_or_deny"    → permissions.ask  (same fallback rationale)
+const ACTION_TO_PATTERNS = {
+    read: ["Read", "Glob", "Grep"],
+    edit: ["Edit", "Write", "MultiEdit"],
+    bash: ["Bash"],
+    commit: ["Bash(git commit*)"],
+    push: ["Bash(git push*)"],
+    pr: ["mcp__agent-tasks__pull_requests_create", "Bash(gh pr create*)"],
+    deploy: ["Bash(kubectl*)", "Bash(terraform destroy*)", "Bash(npm publish*)"],
+};
+function bucketForAllow(value) {
+    switch (value) {
+        case "true":
+            return "allow";
+        case "false":
+            return "deny";
+        case "ask":
+        case "limited":
+        case "ask_or_deny":
+            return "ask";
+    }
+}
+export function profileToSettingsPermissions(profile) {
+    const allow = new Set();
+    const ask = new Set();
+    const deny = new Set();
+    const buckets = {
+        allow,
+        ask,
+        deny,
+    };
+    for (const key of Object.keys(profile.actions)) {
+        const rule = profile.actions[key];
+        if (!rule)
+            continue;
+        const target = bucketForAllow(rule.allow);
+        for (const pattern of ACTION_TO_PATTERNS[key]) {
+            buckets[target].add(pattern);
+        }
+    }
+    return {
+        allow: [...allow].sort(),
+        ask: [...ask].sort(),
+        deny: [...deny].sort(),
+    };
+}
+/** Test seam — exposed for unit coverage of the action→pattern map. */
+export function _internalPatternMap() {
+    return ACTION_TO_PATTERNS;
+}
+//# sourceMappingURL=permission-translator.js.map

package/dist/policy-packs/permission-translator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-translator.js","sourceRoot":"","sources":["../../src/policy-packs/permission-translator.ts"],"names":[],"mappings":"AAAA,kEAAkE;AAClE,sDAAsD;AACtD,EAAE;AACF,iBAAiB;AACjB,EAAE;AACF,mFAAmF;AACnF,oFAAoF;AACpF,mFAAmF;AACnF,mFAAmF;AACnF,kFAAkF;AAClF,sFAAsF;AACtF,sFAAsF;AACtF,iFAAiF;AACjF,2CAA2C;AAC3C,sFAAsF;AACtF,0CAA0C;AAC1C,EAAE;AACF,wBAAwB;AACxB,EAAE;AACF,yCAAyC;AACzC,wCAAwC;AACxC,uCAAuC;AACvC,gEAAgE;AAChE,iEAAiE;AACjE,+DAA+D;AAC/D,kEAAkE;AAclE,MAAM,kBAAkB,GAA0C;IAChE,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;IAC9B,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,WAAW,CAAC;IACpC,IAAI,EAAE,CAAC,MAAM,CAAC;IACd,MAAM,EAAE,CAAC,mBAAmB,CAAC;IAC7B,IAAI,EAAE,CAAC,iBAAiB,CAAC;IACzB,EAAE,EAAE,CAAC,wCAAwC,EAAE,qBAAqB,CAAC;IACrE,MAAM,EAAE,CAAC,gBAAgB,EAAE,0BAA0B,EAAE,oBAAoB,CAAC;CAC7E,CAAC;AAEF,SAAS,cAAc,CAAC,KAAsB;IAC5C,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,MAAM;YACT,OAAO,OAAO,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,MAAM,CAAC;QAChB,KAAK,KAAK,CAAC;QACX,KAAK,SAAS,CAAC;QACf,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,4BAA4B,CAC1C,OAA0B;IAE1B,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAChC,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAE/B,MAAM,OAAO,GAAmD;QAC9D,KAAK;QACL,GAAG;QACH,IAAI;KACL,CAAC;IAEF,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAA0B,EAAE,CAAC;QACxE,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1C,KAAK,MAAM,OAAO,IAAI,kBAAkB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9C,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,EAAE;QACxB,GAAG,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE;QACpB,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,IAAI,EAAE;KACvB,CAAC;AACJ,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,mBAAmB;IACjC,OAAO,kBAAkB,CAAC;AAC5B,CAAC"}

package/dist/policy-packs/registry.d.ts

@@ -0,0 +1,11 @@
+import type { PolicyPack } from "../schema/index.js";
+import { type Runtime } from "./runtime.js";
+import type { PackContribution } from "./types.js";
+export declare const KNOWN_BUILTIN_PACKS: readonly ["understanding-before-execution"];
+export type BuiltinPackName = (typeof KNOWN_BUILTIN_PACKS)[number];
+export declare function isBuiltinPackName(name: string): name is BuiltinPackName;
+export interface ResolveBuiltinResult {
+    contribution: PackContribution;
+    warnings: string[];
+}
+export declare function resolveBuiltin(pack: PolicyPack, runtime?: Runtime): ResolveBuiltinResult | null;

package/dist/policy-packs/registry.js

@@ -0,0 +1,20 @@
+// Registry of builtin policy-pack names.
+//
+// Phase 6 #2 ships exactly one builtin: `understanding-before-execution`.
+// Future builtins are added here. Non-builtin sources (path/npm/git) are
+// out of scope for v1; their resolution lands in a later sub-task.
+import { PACK_NAME as UNDERSTANDING_BEFORE_EXECUTION, resolve as resolveUnderstandingBeforeExecution, } from "./builtin/understanding-before-execution.js";
+import { DEFAULT_RUNTIME } from "./runtime.js";
+export const KNOWN_BUILTIN_PACKS = [UNDERSTANDING_BEFORE_EXECUTION];
+export function isBuiltinPackName(name) {
+    return KNOWN_BUILTIN_PACKS.includes(name);
+}
+export function resolveBuiltin(pack, runtime = DEFAULT_RUNTIME) {
+    if (!isBuiltinPackName(pack.name))
+        return null;
+    switch (pack.name) {
+        case UNDERSTANDING_BEFORE_EXECUTION:
+            return resolveUnderstandingBeforeExecution(pack, runtime);
+    }
+}
+//# sourceMappingURL=registry.js.map

package/dist/policy-packs/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/policy-packs/registry.ts"],"names":[],"mappings":"AAAA,yCAAyC;AACzC,EAAE;AACF,0EAA0E;AAC1E,yEAAyE;AACzE,mEAAmE;AAGnE,OAAO,EACL,SAAS,IAAI,8BAA8B,EAC3C,OAAO,IAAI,mCAAmC,GAC/C,MAAM,6CAA6C,CAAC;AACrD,OAAO,EAAE,eAAe,EAAgB,MAAM,cAAc,CAAC;AAG7D,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,8BAA8B,CAAU,CAAC;AAG7E,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,OAAQ,mBAAyC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AACnE,CAAC;AAOD,MAAM,UAAU,cAAc,CAC5B,IAAgB,EAChB,UAAmB,eAAe;IAElC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/C,QAAQ,IAAI,CAAC,IAAuB,EAAE,CAAC;QACrC,KAAK,8BAA8B;YACjC,OAAO,mCAAmC,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC9D,CAAC;AACH,CAAC"}

package/dist/policy-packs/runtime.d.ts

@@ -0,0 +1,8 @@
+export declare const KNOWN_RUNTIMES: readonly ["claude-code", "codex"];
+export type Runtime = (typeof KNOWN_RUNTIMES)[number];
+export declare const DEFAULT_RUNTIME: Runtime;
+export declare function isRuntime(value: unknown): value is Runtime;
+export declare function parseRuntime(raw: string | undefined): {
+    runtime: Runtime;
+    warning: string | null;
+};

package/dist/policy-packs/runtime.js

@@ -0,0 +1,30 @@
+// Phase 6 #6 — runtime target identifier threaded through policy-pack
+// expansion. Selects which adapter shape a pack emits.
+//
+// `claude-code` (default): hook commands point at the `@lannguyensi/understanding-gate`
+// claude-code bins and the harness PreToolUse blocker. Output of
+// `harness apply` is the Claude Code `settings.json` shape under
+// `harness.generated/settings.json`.
+//
+// `codex`: hook commands point at the harness-shipped Codex adapter
+// subcommands (`harness pack hook codex-*`). Output of `harness apply`
+// is a Codex-flavoured config artefact under
+// `harness.generated/codex/`. Phase 6 #6 ships block + allow for the
+// understanding-before-execution pack; cross-pack and additional
+// runtimes are out of v1 scope.
+export const KNOWN_RUNTIMES = ["claude-code", "codex"];
+export const DEFAULT_RUNTIME = "claude-code";
+export function isRuntime(value) {
+    return typeof value === "string" && KNOWN_RUNTIMES.includes(value);
+}
+export function parseRuntime(raw) {
+    if (raw === undefined)
+        return { runtime: DEFAULT_RUNTIME, warning: null };
+    if (isRuntime(raw))
+        return { runtime: raw, warning: null };
+    return {
+        runtime: DEFAULT_RUNTIME,
+        warning: `unrecognised runtime ${JSON.stringify(raw)}, falling back to "${DEFAULT_RUNTIME}". Allowed: ${KNOWN_RUNTIMES.join(", ")}.`,
+    };
+}
+//# sourceMappingURL=runtime.js.map

package/dist/policy-packs/runtime.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../../src/policy-packs/runtime.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,uDAAuD;AACvD,EAAE;AACF,wFAAwF;AACxF,iEAAiE;AACjE,iEAAiE;AACjE,qCAAqC;AACrC,EAAE;AACF,oEAAoE;AACpE,uEAAuE;AACvE,6CAA6C;AAC7C,qEAAqE;AACrE,iEAAiE;AACjE,gCAAgC;AAEhC,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,aAAa,EAAE,OAAO,CAAU,CAAC;AAEhE,MAAM,CAAC,MAAM,eAAe,GAAY,aAAa,CAAC;AAEtD,MAAM,UAAU,SAAS,CAAC,KAAc;IACtC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAK,cAAoC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC5F,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,GAAuB;IAIlD,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC1E,IAAI,SAAS,CAAC,GAAG,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3D,OAAO;QACL,OAAO,EAAE,eAAe;QACxB,OAAO,EAAE,wBAAwB,IAAI,CAAC,SAAS,CAC7C,GAAG,CACJ,sBAAsB,eAAe,eAAe,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;KAClF,CAAC;AACJ,CAAC"}

package/dist/policy-packs/source.d.ts

@@ -0,0 +1,6 @@
+export type PackSourceKind = "builtin" | "unknown";
+export interface PackSourceParseResult {
+    kind: PackSourceKind;
+    raw: string;
+}
+export declare function parsePackSource(source: string): PackSourceParseResult;

package/dist/policy-packs/source.js

@@ -0,0 +1,10 @@
+// Pack `source:` strings parse here. v1 only resolves `builtin`; future
+// values (`path:./foo`, `npm:@scope/pack@1.0.0`, `git:https://...`) are
+// reserved for community-authored packs and surface as `kind: "unknown"`
+// today, with the canonical-doc-pointer in the warning.
+export function parsePackSource(source) {
+    if (source === "builtin")
+        return { kind: "builtin", raw: source };
+    return { kind: "unknown", raw: source };
+}
+//# sourceMappingURL=source.js.map

package/dist/policy-packs/source.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"source.js","sourceRoot":"","sources":["../../src/policy-packs/source.ts"],"names":[],"mappings":"AAAA,wEAAwE;AACxE,wEAAwE;AACxE,yEAAyE;AACzE,wDAAwD;AASxD,MAAM,UAAU,eAAe,CAAC,MAAc;IAC5C,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;IAClE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;AAC1C,CAAC"}

package/dist/policy-packs/types.d.ts

@@ -0,0 +1,41 @@
+import type { Hook } from "../schema/index.js";
+export interface PackContributionFile {
+    /** Relative path under `harness.generated/`, including the policy-packs/ prefix. */
+    relativePath: string;
+    content: string;
+}
+/**
+ * Phase 6 #5 — permissions contributed by a pack's selected
+ * permission profile. Translated downstream into the Claude Code
+ * settings.json `permissions` block.
+ */
+export interface PackPermissionsContribution {
+    allow: string[];
+    ask: string[];
+    deny: string[];
+}
+export interface PackContribution {
+    /** Hooks to merge into the manifest before settings.json generation. */
+    hooks: Hook[];
+    /** Files to write under `harness.generated/`. */
+    files: PackContributionFile[];
+    /** Optional permission contribution (Phase 6 #5). */
+    permissions?: PackPermissionsContribution;
+}
+export interface PackExpansionResult {
+    /** Combined hooks contributed by every enabled, resolvable pack. */
+    hooks: Hook[];
+    /** Combined files contributed by every enabled, resolvable pack. */
+    files: PackContributionFile[];
+    /**
+     * Combined permissions contributed by every enabled, resolvable
+     * pack (set-union per bucket; later contributions cannot relax a
+     * deny from an earlier pack). undefined when no pack contributed
+     * any permission entries.
+     */
+    permissions?: PackPermissionsContribution;
+    /** Non-fatal expansion warnings (e.g. unknown source, unknown name on a non-strict path). */
+    warnings: string[];
+    /** Names of packs that were skipped because `enabled: false`. */
+    skipped: string[];
+}

package/dist/policy-packs/types.js

@@ -0,0 +1,11 @@
+// Shared types for the policy-pack expansion pipeline.
+//
+// A pack contribution is the data a builtin pack produces at apply time:
+// a list of hooks to merge into the in-memory manifest before settings
+// generation, plus a list of files to write under
+// `harness.generated/policy-packs/<name>/`.
+//
+// The `Hook` shape mirrors the manifest's hooks[] entry exactly (so the
+// existing generate-settings projection picks them up unchanged).
+export {};
+//# sourceMappingURL=types.js.map