@machina.ai/cell-cli-core 1.10.0-rc1 → 1.13.0-rc1

package/dist/src/policy/index.d.ts

@@ -5,3 +5,5 @@
  */
 export * from './policy-engine.js';
 export * from './types.js';
+export * from './toml-loader.js';
+export * from './config.js';

package/dist/src/policy/index.js

@@ -5,4 +5,6 @@
  */
 export * from './policy-engine.js';
 export * from './types.js';
+export * from './toml-loader.js';
+export * from './config.js';
 //# sourceMappingURL=index.js.map

package/dist/src/policy/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/policy/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,cAAc,oBAAoB,CAAC;AACnC,cAAc,YAAY,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/policy/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,cAAc,oBAAoB,CAAC;AACnC,cAAc,YAAY,CAAC;AAC3B,cAAc,kBAAkB,CAAC;AACjC,cAAc,aAAa,CAAC"}

package/dist/src/policy/policies/read-only.toml

@@ -0,0 +1,56 @@
+# Priority system for policy rules:
+# - Higher priority numbers win over lower priority numbers
+# - When multiple rules match, the highest priority rule is applied
+# - Rules are evaluated in order of priority (highest first)
+#
+# Priority bands (tiers):
+# - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
+# - User policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
+# - Admin policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
+#
+# This ensures Admin > User > Default hierarchy is always preserved,
+# while allowing user-specified priorities to work within each tier.
+#
+# Settings-based and dynamic rules (all in user tier 2.x):
+#   2.95: Tools that the user has selected as "Always Allow" in the interactive UI
+#   2.9:  MCP servers excluded list (security: persistent server blocks)
+#   2.4:  Command line flag --exclude-tools (explicit temporary blocks)
+#   2.3:  Command line flag --allowed-tools (explicit temporary allows)
+#   2.2:  MCP servers with trust=true (persistent trusted servers)
+#   2.1:  MCP servers allowed list (persistent general server allows)
+#
+# TOML policy priorities (before transformation):
+#   10: Write tools default to ASK_USER (becomes 1.010 in default tier)
+#   15: Auto-edit tool override (becomes 1.015 in default tier)
+#   50: Read-only tools (becomes 1.050 in default tier)
+#   999: YOLO mode allow-all (becomes 1.999 in default tier)
+
+[[rule]]
+toolName = "glob"
+decision = "allow"
+priority = 50
+
+[[rule]]
+toolName = "search_file_content"
+decision = "allow"
+priority = 50
+
+[[rule]]
+toolName = "list_directory"
+decision = "allow"
+priority = 50
+
+[[rule]]
+toolName = "read_file"
+decision = "allow"
+priority = 50
+
+[[rule]]
+toolName = "read_many_files"
+decision = "allow"
+priority = 50
+
+[[rule]]
+toolName = "google_web_search"
+decision = "allow"
+priority = 50

package/dist/src/policy/policies/write.toml

@@ -0,0 +1,63 @@
+# Priority system for policy rules:
+# - Higher priority numbers win over lower priority numbers
+# - When multiple rules match, the highest priority rule is applied
+# - Rules are evaluated in order of priority (highest first)
+#
+# Priority bands (tiers):
+# - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
+# - User policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
+# - Admin policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
+#
+# This ensures Admin > User > Default hierarchy is always preserved,
+# while allowing user-specified priorities to work within each tier.
+#
+# Settings-based and dynamic rules (all in user tier 2.x):
+#   2.95: Tools that the user has selected as "Always Allow" in the interactive UI
+#   2.9:  MCP servers excluded list (security: persistent server blocks)
+#   2.4:  Command line flag --exclude-tools (explicit temporary blocks)
+#   2.3:  Command line flag --allowed-tools (explicit temporary allows)
+#   2.2:  MCP servers with trust=true (persistent trusted servers)
+#   2.1:  MCP servers allowed list (persistent general server allows)
+#
+# TOML policy priorities (before transformation):
+#   10: Write tools default to ASK_USER (becomes 1.010 in default tier)
+#   15: Auto-edit tool override (becomes 1.015 in default tier)
+#   50: Read-only tools (becomes 1.050 in default tier)
+#   999: YOLO mode allow-all (becomes 1.999 in default tier)
+
+[[rule]]
+toolName = "replace"
+decision = "ask_user"
+priority = 10
+
+[[rule]]
+toolName = "replace"
+decision = "allow"
+priority = 15
+modes = ["autoEdit"]
+
+[[rule]]
+toolName = "save_memory"
+decision = "ask_user"
+priority = 10
+
+[[rule]]
+toolName = "run_shell_command"
+decision = "ask_user"
+priority = 10
+
+[[rule]]
+toolName = "write_file"
+decision = "ask_user"
+priority = 10
+
+[[rule]]
+toolName = "write_file"
+decision = "allow"
+priority = 15
+modes = ["autoEdit"]
+
+[[rule]]
+toolName = "web_fetch"
+decision = "ask_user"
+priority = 10

package/dist/src/policy/policies/yolo.toml

@@ -0,0 +1,31 @@
+# Priority system for policy rules:
+# - Higher priority numbers win over lower priority numbers
+# - When multiple rules match, the highest priority rule is applied
+# - Rules are evaluated in order of priority (highest first)
+#
+# Priority bands (tiers):
+# - Default policies (TOML): 1 + priority/1000 (e.g., priority 100 → 1.100)
+# - User policies (TOML): 2 + priority/1000 (e.g., priority 100 → 2.100)
+# - Admin policies (TOML): 3 + priority/1000 (e.g., priority 100 → 3.100)
+#
+# This ensures Admin > User > Default hierarchy is always preserved,
+# while allowing user-specified priorities to work within each tier.
+#
+# Settings-based and dynamic rules (all in user tier 2.x):
+#   2.95: Tools that the user has selected as "Always Allow" in the interactive UI
+#   2.9:  MCP servers excluded list (security: persistent server blocks)
+#   2.4:  Command line flag --exclude-tools (explicit temporary blocks)
+#   2.3:  Command line flag --allowed-tools (explicit temporary allows)
+#   2.2:  MCP servers with trust=true (persistent trusted servers)
+#   2.1:  MCP servers allowed list (persistent general server allows)
+#
+# TOML policy priorities (before transformation):
+#   10: Write tools default to ASK_USER (becomes 1.010 in default tier)
+#   15: Auto-edit tool override (becomes 1.015 in default tier)
+#   50: Read-only tools (becomes 1.050 in default tier)
+#   999: YOLO mode allow-all (becomes 1.999 in default tier)
+
+[[rule]]
+decision = "allow"
+priority = 999
+modes = ["yolo"]

package/dist/src/policy/policy-engine.js

@@ -6,6 +6,7 @@
 import {} from '@google/genai';
 import { PolicyDecision, } from './types.js';
 import { stableStringify } from './stable-stringify.js';
+import { debugLogger } from '../utils/debugLogger.js';
 function ruleMatches(rule, toolCall, stringifiedArgs) {
     // Check tool name if specified
     if (rule.toolName) {
@@ -52,13 +53,16 @@ export class PolicyEngine {
         if (toolCall.args && this.rules.some((rule) => rule.argsPattern)) {
             stringifiedArgs = stableStringify(toolCall.args);
         }
+        debugLogger.debug(`[PolicyEngine.check] toolCall.name: ${toolCall.name}, stringifiedArgs: ${stringifiedArgs}`);
         // Find the first matching rule (already sorted by priority)
         for (const rule of this.rules) {
             if (ruleMatches(rule, toolCall, stringifiedArgs)) {
+                debugLogger.debug(`[PolicyEngine.check] MATCHED rule: toolName=${rule.toolName}, decision=${rule.decision}, priority=${rule.priority}, argsPattern=${rule.argsPattern?.source || 'none'}`);
                 return this.applyNonInteractiveMode(rule.decision);
             }
         }
         // No matching rule found, use default decision
+        debugLogger.debug(`[PolicyEngine.check] NO MATCH - using default decision: ${this.defaultDecision}`);
         return this.applyNonInteractiveMode(this.defaultDecision);
     }
     /**

package/dist/src/policy/policy-engine.js.map

@@ -1 +1 @@
-{"version":3,"file":"policy-engine.js","sourceRoot":"","sources":["../../../src/policy/policy-engine.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAqB,MAAM,eAAe,CAAC;AAClD,OAAO,EACL,cAAc,GAGf,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAExD,SAAS,WAAW,CAClB,IAAgB,EAChB,QAAsB,EACtB,eAAmC;IAEnC,+BAA+B;IAC/B,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,2EAA2E;QAC3E,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe;YAC1D,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC;gBAC/D,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;aAAM,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC3C,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,6DAA6D;QAC7D,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,iFAAiF;QACjF,IACE,eAAe,KAAK,SAAS;YAC7B,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,eAAe,CAAC,EACvC,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,OAAO,YAAY;IACf,KAAK,CAAe;IACX,eAAe,CAAiB;IAChC,cAAc,CAAU;IAEzC,YAAY,SAA6B,EAAE;QACzC,IAAI,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CACpC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAChD,CAAC;QACF,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,IAAI,cAAc,CAAC,QAAQ,CAAC;QACzE,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,IAAI,KAAK,CAAC;IACvD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAsB;QAC1B,IAAI,eAAmC,CAAC;QACxC,gDAAgD;QAChD,IAAI,QAAQ,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACjE,eAAe,GAAG,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnD,CAAC;QAED,4DAA4D;QAC5D,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,IAAI,WAAW,CAAC,IAAI,EAAE,QAAQ,EAAE,eAAe,CAAC,EAAE,CAAC;gBACjD,OAAO,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;QAED,+CAA+C;QAC/C,OAAO,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC5D,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,IAAgB;QACtB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,4BAA4B;QAC5B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACnE,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,QAAgB;QACjC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IACvE,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAEO,uBAAuB,CAAC,QAAwB;QACtD,iDAAiD;QACjD,IAAI,IAAI,CAAC,cAAc,IAAI,QAAQ,KAAK,cAAc,CAAC,QAAQ,EAAE,CAAC;YAChE,OAAO,cAAc,CAAC,IAAI,CAAC;QAC7B,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
+{"version":3,"file":"policy-engine.js","sourceRoot":"","sources":["../../../src/policy/policy-engine.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAqB,MAAM,eAAe,CAAC;AAClD,OAAO,EACL,cAAc,GAGf,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAEtD,SAAS,WAAW,CAClB,IAAgB,EAChB,QAAsB,EACtB,eAAmC;IAEnC,+BAA+B;IAC/B,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,2EAA2E;QAC3E,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe;YAC1D,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC;gBAC/D,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;aAAM,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC3C,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,6DAA6D;QAC7D,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,iFAAiF;QACjF,IACE,eAAe,KAAK,SAAS;YAC7B,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,eAAe,CAAC,EACvC,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,OAAO,YAAY;IACf,KAAK,CAAe;IACX,eAAe,CAAiB;IAChC,cAAc,CAAU;IAEzC,YAAY,SAA6B,EAAE;QACzC,IAAI,CAAC,KAAK,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CACpC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAChD,CAAC;QACF,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,IAAI,cAAc,CAAC,QAAQ,CAAC;QACzE,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,IAAI,KAAK,CAAC;IACvD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAsB;QAC1B,IAAI,eAAmC,CAAC;QACxC,gDAAgD;QAChD,IAAI,QAAQ,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACjE,eAAe,GAAG,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnD,CAAC;QAED,WAAW,CAAC,KAAK,CACf,uCAAuC,QAAQ,CAAC,IAAI,sBAAsB,eAAe,EAAE,CAC5F,CAAC;QAEF,4DAA4D;QAC5D,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,IAAI,WAAW,CAAC,IAAI,EAAE,QAAQ,EAAE,eAAe,CAAC,EAAE,CAAC;gBACjD,WAAW,CAAC,KAAK,CACf,+CAA+C,IAAI,CAAC,QAAQ,cAAc,IAAI,CAAC,QAAQ,cAAc,IAAI,CAAC,QAAQ,iBAAiB,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,MAAM,EAAE,CACxK,CAAC;gBACF,OAAO,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;QAED,+CAA+C;QAC/C,WAAW,CAAC,KAAK,CACf,2DAA2D,IAAI,CAAC,eAAe,EAAE,CAClF,CAAC;QACF,OAAO,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC5D,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,IAAgB;QACtB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,4BAA4B;QAC5B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACnE,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,QAAgB;QACjC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IACvE,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAEO,uBAAuB,CAAC,QAAwB;QACtD,iDAAiD;QACjD,IAAI,IAAI,CAAC,cAAc,IAAI,QAAQ,KAAK,cAAc,CAAC,QAAQ,EAAE,CAAC;YAChE,OAAO,cAAc,CAAC,IAAI,CAAC;QAC7B,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/dist/src/policy/toml-loader.d.ts

@@ -0,0 +1,46 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { type PolicyRule, type ApprovalMode } from './types.js';
+/**
+ * Types of errors that can occur while loading policy files.
+ */
+export type PolicyFileErrorType = 'file_read' | 'toml_parse' | 'schema_validation' | 'rule_validation' | 'regex_compilation';
+/**
+ * Detailed error information for policy file loading failures.
+ */
+export interface PolicyFileError {
+    filePath: string;
+    fileName: string;
+    tier: 'default' | 'user' | 'admin';
+    ruleIndex?: number;
+    errorType: PolicyFileErrorType;
+    message: string;
+    details?: string;
+    suggestion?: string;
+}
+/**
+ * Result of loading policies from TOML files.
+ */
+export interface PolicyLoadResult {
+    rules: PolicyRule[];
+    errors: PolicyFileError[];
+}
+/**
+ * Loads and parses policies from TOML files in the specified directories.
+ *
+ * This function:
+ * 1. Scans directories for .toml files
+ * 2. Parses and validates each file
+ * 3. Transforms rules (commandPrefix, arrays, mcpName, priorities)
+ * 4. Filters rules by approval mode
+ * 5. Collects detailed error information for any failures
+ *
+ * @param approvalMode The current approval mode (for filtering rules by mode)
+ * @param policyDirs Array of directory paths to scan for policy files
+ * @param getPolicyTier Function to determine tier (1-3) for a directory
+ * @returns Object containing successfully parsed rules and any errors encountered
+ */
+export declare function loadPoliciesFromToml(approvalMode: ApprovalMode, policyDirs: string[], getPolicyTier: (dir: string) => number): Promise<PolicyLoadResult>;

package/dist/src/policy/toml-loader.js

@@ -0,0 +1,314 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { PolicyDecision } from './types.js';
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import toml from '@iarna/toml';
+import { z } from 'zod';
+/**
+ * Schema for a single policy rule in the TOML file (before transformation).
+ */
+const PolicyRuleSchema = z.object({
+    toolName: z.union([z.string(), z.array(z.string())]).optional(),
+    mcpName: z.string().optional(),
+    argsPattern: z.string().optional(),
+    commandPrefix: z.union([z.string(), z.array(z.string())]).optional(),
+    commandRegex: z.string().optional(),
+    decision: z.nativeEnum(PolicyDecision),
+    // Priority must be in range [0, 999] to prevent tier overflow.
+    // With tier transformation (tier + priority/1000), this ensures:
+    // - Tier 1 (default): range [1.000, 1.999]
+    // - Tier 2 (user): range [2.000, 2.999]
+    // - Tier 3 (admin): range [3.000, 3.999]
+    priority: z
+        .number({
+        required_error: 'priority is required',
+        invalid_type_error: 'priority must be a number',
+    })
+        .int({ message: 'priority must be an integer' })
+        .min(0, { message: 'priority must be >= 0' })
+        .max(999, {
+        message: 'priority must be <= 999 to prevent tier overflow. Priorities >= 1000 would jump to the next tier.',
+    }),
+    modes: z.array(z.string()).optional(),
+});
+/**
+ * Schema for the entire policy TOML file.
+ */
+const PolicyFileSchema = z.object({
+    rule: z.array(PolicyRuleSchema),
+});
+/**
+ * Escapes special regex characters in a string for use in a regex pattern.
+ * This is used for commandPrefix to ensure literal string matching.
+ *
+ * @param str The string to escape
+ * @returns The escaped string safe for use in a regex
+ */
+function escapeRegex(str) {
+    return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+/**
+ * Converts a tier number to a human-readable tier name.
+ */
+function getTierName(tier) {
+    if (tier === 1)
+        return 'default';
+    if (tier === 2)
+        return 'user';
+    if (tier === 3)
+        return 'admin';
+    return 'default';
+}
+/**
+ * Formats a Zod validation error into a readable error message.
+ */
+function formatSchemaError(error, ruleIndex) {
+    const issues = error.issues
+        .map((issue) => {
+        const path = issue.path.join('.');
+        return `  - Field "${path}": ${issue.message}`;
+    })
+        .join('\n');
+    return `Invalid policy rule (rule #${ruleIndex + 1}):\n${issues}`;
+}
+/**
+ * Validates shell command convenience syntax rules.
+ * Returns an error message if invalid, or null if valid.
+ */
+function validateShellCommandSyntax(rule, ruleIndex) {
+    const hasCommandPrefix = rule.commandPrefix !== undefined;
+    const hasCommandRegex = rule.commandRegex !== undefined;
+    const hasArgsPattern = rule.argsPattern !== undefined;
+    if (hasCommandPrefix || hasCommandRegex) {
+        // Must have exactly toolName = "run_shell_command"
+        if (rule.toolName !== 'run_shell_command' || Array.isArray(rule.toolName)) {
+            return (`Rule #${ruleIndex + 1}: commandPrefix and commandRegex can only be used with toolName = "run_shell_command"\n` +
+                `  Found: toolName = ${JSON.stringify(rule.toolName)}\n` +
+                `  Fix: Set toolName = "run_shell_command" (not an array)`);
+        }
+        // Can't combine with argsPattern
+        if (hasArgsPattern) {
+            return (`Rule #${ruleIndex + 1}: cannot use both commandPrefix/commandRegex and argsPattern\n` +
+                `  These fields are mutually exclusive\n` +
+                `  Fix: Use either commandPrefix/commandRegex OR argsPattern, not both`);
+        }
+        // Can't use both commandPrefix and commandRegex
+        if (hasCommandPrefix && hasCommandRegex) {
+            return (`Rule #${ruleIndex + 1}: cannot use both commandPrefix and commandRegex\n` +
+                `  These fields are mutually exclusive\n` +
+                `  Fix: Use either commandPrefix OR commandRegex, not both`);
+        }
+    }
+    return null;
+}
+/**
+ * Transforms a priority number based on the policy tier.
+ * Formula: tier + priority/1000
+ *
+ * @param priority The priority value from the TOML file
+ * @param tier The tier (1=default, 2=user, 3=admin)
+ * @returns The transformed priority
+ */
+function transformPriority(priority, tier) {
+    return tier + priority / 1000;
+}
+/**
+ * Loads and parses policies from TOML files in the specified directories.
+ *
+ * This function:
+ * 1. Scans directories for .toml files
+ * 2. Parses and validates each file
+ * 3. Transforms rules (commandPrefix, arrays, mcpName, priorities)
+ * 4. Filters rules by approval mode
+ * 5. Collects detailed error information for any failures
+ *
+ * @param approvalMode The current approval mode (for filtering rules by mode)
+ * @param policyDirs Array of directory paths to scan for policy files
+ * @param getPolicyTier Function to determine tier (1-3) for a directory
+ * @returns Object containing successfully parsed rules and any errors encountered
+ */
+export async function loadPoliciesFromToml(approvalMode, policyDirs, getPolicyTier) {
+    const rules = [];
+    const errors = [];
+    for (const dir of policyDirs) {
+        const tier = getPolicyTier(dir);
+        const tierName = getTierName(tier);
+        // Scan directory for all .toml files
+        let filesToLoad;
+        try {
+            const dirEntries = await fs.readdir(dir, { withFileTypes: true });
+            filesToLoad = dirEntries
+                .filter((entry) => entry.isFile() && entry.name.endsWith('.toml'))
+                .map((entry) => entry.name);
+        }
+        catch (e) {
+            const error = e;
+            if (error.code === 'ENOENT') {
+                // Directory doesn't exist, skip it (not an error)
+                continue;
+            }
+            errors.push({
+                filePath: dir,
+                fileName: path.basename(dir),
+                tier: tierName,
+                errorType: 'file_read',
+                message: `Failed to read policy directory`,
+                details: error.message,
+            });
+            continue;
+        }
+        for (const file of filesToLoad) {
+            const filePath = path.join(dir, file);
+            try {
+                // Read file
+                const fileContent = await fs.readFile(filePath, 'utf-8');
+                // Parse TOML
+                let parsed;
+                try {
+                    parsed = toml.parse(fileContent);
+                }
+                catch (e) {
+                    const error = e;
+                    errors.push({
+                        filePath,
+                        fileName: file,
+                        tier: tierName,
+                        errorType: 'toml_parse',
+                        message: 'TOML parsing failed',
+                        details: error.message,
+                        suggestion: 'Check for syntax errors like missing quotes, brackets, or commas',
+                    });
+                    continue;
+                }
+                // Validate schema
+                const validationResult = PolicyFileSchema.safeParse(parsed);
+                if (!validationResult.success) {
+                    errors.push({
+                        filePath,
+                        fileName: file,
+                        tier: tierName,
+                        errorType: 'schema_validation',
+                        message: 'Schema validation failed',
+                        details: formatSchemaError(validationResult.error, 0),
+                        suggestion: 'Ensure all required fields (decision, priority) are present with correct types',
+                    });
+                    continue;
+                }
+                // Validate shell command convenience syntax
+                for (let i = 0; i < validationResult.data.rule.length; i++) {
+                    const rule = validationResult.data.rule[i];
+                    const validationError = validateShellCommandSyntax(rule, i);
+                    if (validationError) {
+                        errors.push({
+                            filePath,
+                            fileName: file,
+                            tier: tierName,
+                            ruleIndex: i,
+                            errorType: 'rule_validation',
+                            message: 'Invalid shell command syntax',
+                            details: validationError,
+                        });
+                        // Continue to next rule, don't skip the entire file
+                    }
+                }
+                // Transform rules
+                const parsedRules = validationResult.data.rule
+                    .filter((rule) => {
+                    // Filter by mode
+                    if (!rule.modes || rule.modes.length === 0) {
+                        return true;
+                    }
+                    return rule.modes.includes(approvalMode);
+                })
+                    .flatMap((rule) => {
+                    // Transform commandPrefix/commandRegex to argsPattern
+                    let effectiveArgsPattern = rule.argsPattern;
+                    const commandPrefixes = [];
+                    if (rule.commandPrefix) {
+                        const prefixes = Array.isArray(rule.commandPrefix)
+                            ? rule.commandPrefix
+                            : [rule.commandPrefix];
+                        commandPrefixes.push(...prefixes);
+                    }
+                    else if (rule.commandRegex) {
+                        effectiveArgsPattern = `"command":"${rule.commandRegex}`;
+                    }
+                    // Expand command prefixes to multiple patterns
+                    const argsPatterns = commandPrefixes.length > 0
+                        ? commandPrefixes.map((prefix) => `"command":"${escapeRegex(prefix)}`)
+                        : [effectiveArgsPattern];
+                    // For each argsPattern, expand toolName arrays
+                    return argsPatterns.flatMap((argsPattern) => {
+                        const toolNames = rule.toolName
+                            ? Array.isArray(rule.toolName)
+                                ? rule.toolName
+                                : [rule.toolName]
+                            : [undefined];
+                        // Create a policy rule for each tool name
+                        return toolNames.map((toolName) => {
+                            // Transform mcpName field to composite toolName format
+                            let effectiveToolName;
+                            if (rule.mcpName && toolName) {
+                                effectiveToolName = `${rule.mcpName}__${toolName}`;
+                            }
+                            else if (rule.mcpName) {
+                                effectiveToolName = `${rule.mcpName}__*`;
+                            }
+                            else {
+                                effectiveToolName = toolName;
+                            }
+                            const policyRule = {
+                                toolName: effectiveToolName,
+                                decision: rule.decision,
+                                priority: transformPriority(rule.priority, tier),
+                            };
+                            // Compile regex pattern
+                            if (argsPattern) {
+                                try {
+                                    policyRule.argsPattern = new RegExp(argsPattern);
+                                }
+                                catch (e) {
+                                    const error = e;
+                                    errors.push({
+                                        filePath,
+                                        fileName: file,
+                                        tier: tierName,
+                                        errorType: 'regex_compilation',
+                                        message: 'Invalid regex pattern',
+                                        details: `Pattern: ${argsPattern}\nError: ${error.message}`,
+                                        suggestion: 'Check regex syntax for errors like unmatched brackets or invalid escape sequences',
+                                    });
+                                    // Skip this rule if regex compilation fails
+                                    return null;
+                                }
+                            }
+                            return policyRule;
+                        });
+                    });
+                })
+                    .filter((rule) => rule !== null);
+                rules.push(...parsedRules);
+            }
+            catch (e) {
+                const error = e;
+                // Catch-all for unexpected errors
+                if (error.code !== 'ENOENT') {
+                    errors.push({
+                        filePath,
+                        fileName: file,
+                        tier: tierName,
+                        errorType: 'file_read',
+                        message: 'Failed to read policy file',
+                        details: error.message,
+                    });
+                }
+            }
+        }
+    }
+    return { rules, errors };
+}
+//# sourceMappingURL=toml-loader.js.map

package/dist/src/policy/toml-loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"toml-loader.js","sourceRoot":"","sources":["../../../src/policy/toml-loader.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAmB,cAAc,EAAqB,MAAM,YAAY,CAAC;AAChF,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,IAAI,MAAM,aAAa,CAAC;AAC/B,OAAO,EAAE,CAAC,EAAiB,MAAM,KAAK,CAAC;AAEvC;;GAEG;AACH,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC/D,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACpE,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,QAAQ,EAAE,CAAC,CAAC,UAAU,CAAC,cAAc,CAAC;IACtC,+DAA+D;IAC/D,iEAAiE;IACjE,2CAA2C;IAC3C,wCAAwC;IACxC,yCAAyC;IACzC,QAAQ,EAAE,CAAC;SACR,MAAM,CAAC;QACN,cAAc,EAAE,sBAAsB;QACtC,kBAAkB,EAAE,2BAA2B;KAChD,CAAC;SACD,GAAG,CAAC,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC;SAC/C,GAAG,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC;SAC5C,GAAG,CAAC,GAAG,EAAE;QACR,OAAO,EACL,mGAAmG;KACtG,CAAC;IACJ,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC;CAChC,CAAC,CAAC;AAuCH;;;;;;GAMG;AACH,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,IAAY;IAC/B,IAAI,IAAI,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IACjC,IAAI,IAAI,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC;IAC9B,IAAI,IAAI,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC;IAC/B,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,KAAe,EAAE,SAAiB;IAC3D,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM;SACxB,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;QACb,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,OAAO,cAAc,IAAI,MAAM,KAAK,CAAC,OAAO,EAAE,CAAC;IACjD,CAAC,CAAC;SACD,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,8BAA8B,SAAS,GAAG,CAAC,OAAO,MAAM,EAAE,CAAC;AACpE,CAAC;AAED;;;GAGG;AACH,SAAS,0BAA0B,CACjC,IAAoB,EACpB,SAAiB;IAEjB,MAAM,gBAAgB,GAAG,IAAI,CAAC,aAAa,KAAK,SAAS,CAAC;IAC1D,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,KAAK,SAAS,CAAC;IACxD,MAAM,cAAc,GAAG,IAAI,CAAC,WAAW,KAAK,SAAS,CAAC;IAEtD,IAAI,gBAAgB,IAAI,eAAe,EAAE,CAAC;QACxC,mDAAmD;QACnD,IAAI,IAAI,CAAC,QAAQ,KAAK,mBAAmB,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1E,OAAO,CACL,SAAS,SAAS,GAAG,CAAC,yFAAyF;gBAC/G,uBAAuB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI;gBACxD,0DAA0D,CAC3D,CAAC;QACJ,CAAC;QAED,iCAAiC;QACjC,IAAI,cAAc,EAAE,CAAC;YACnB,OAAO,CACL,SAAS,SAAS,GAAG,CAAC,gEAAgE;gBACtF,yCAAyC;gBACzC,uEAAuE,CACxE,CAAC;QACJ,CAAC;QAED,gDAAgD;QAChD,IAAI,gBAAgB,IAAI,eAAe,EAAE,CAAC;YACxC,OAAO,CACL,SAAS,SAAS,GAAG,CAAC,oDAAoD;gBAC1E,yCAAyC;gBACzC,2DAA2D,CAC5D,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,iBAAiB,CAAC,QAAgB,EAAE,IAAY;IACvD,OAAO,IAAI,GAAG,QAAQ,GAAG,IAAI,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,YAA0B,EAC1B,UAAoB,EACpB,aAAsC;IAEtC,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,MAAM,MAAM,GAAsB,EAAE,CAAC;IAErC,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QAChC,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;QAEnC,qCAAqC;QACrC,IAAI,WAAqB,CAAC;QAC1B,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;YAClE,WAAW,GAAG,UAAU;iBACrB,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;iBACjE,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,CAA0B,CAAC;YACzC,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC5B,kDAAkD;gBAClD,SAAS;YACX,CAAC;YACD,MAAM,CAAC,IAAI,CAAC;gBACV,QAAQ,EAAE,GAAG;gBACb,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAC5B,IAAI,EAAE,QAAQ;gBACd,SAAS,EAAE,WAAW;gBACtB,OAAO,EAAE,iCAAiC;gBAC1C,OAAO,EAAE,KAAK,CAAC,OAAO;aACvB,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAEtC,IAAI,CAAC;gBACH,YAAY;gBACZ,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBAEzD,aAAa;gBACb,IAAI,MAAe,CAAC;gBACpB,IAAI,CAAC;oBACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;gBACnC,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,MAAM,KAAK,GAAG,CAAU,CAAC;oBACzB,MAAM,CAAC,IAAI,CAAC;wBACV,QAAQ;wBACR,QAAQ,EAAE,IAAI;wBACd,IAAI,EAAE,QAAQ;wBACd,SAAS,EAAE,YAAY;wBACvB,OAAO,EAAE,qBAAqB;wBAC9B,OAAO,EAAE,KAAK,CAAC,OAAO;wBACtB,UAAU,EACR,kEAAkE;qBACrE,CAAC,CAAC;oBACH,SAAS;gBACX,CAAC;gBAED,kBAAkB;gBAClB,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;gBAC5D,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,CAAC;oBAC9B,MAAM,CAAC,IAAI,CAAC;wBACV,QAAQ;wBACR,QAAQ,EAAE,IAAI;wBACd,IAAI,EAAE,QAAQ;wBACd,SAAS,EAAE,mBAAmB;wBAC9B,OAAO,EAAE,0BAA0B;wBACnC,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC,CAAC;wBACrD,UAAU,EACR,gFAAgF;qBACnF,CAAC,CAAC;oBACH,SAAS;gBACX,CAAC;gBAED,4CAA4C;gBAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3D,MAAM,IAAI,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBAC3C,MAAM,eAAe,GAAG,0BAA0B,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;oBAC5D,IAAI,eAAe,EAAE,CAAC;wBACpB,MAAM,CAAC,IAAI,CAAC;4BACV,QAAQ;4BACR,QAAQ,EAAE,IAAI;4BACd,IAAI,EAAE,QAAQ;4BACd,SAAS,EAAE,CAAC;4BACZ,SAAS,EAAE,iBAAiB;4BAC5B,OAAO,EAAE,8BAA8B;4BACvC,OAAO,EAAE,eAAe;yBACzB,CAAC,CAAC;wBACH,oDAAoD;oBACtD,CAAC;gBACH,CAAC;gBAED,kBAAkB;gBAClB,MAAM,WAAW,GAAiB,gBAAgB,CAAC,IAAI,CAAC,IAAI;qBACzD,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE;oBACf,iBAAiB;oBACjB,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAC3C,OAAO,IAAI,CAAC;oBACd,CAAC;oBACD,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;gBAC3C,CAAC,CAAC;qBACD,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;oBAChB,sDAAsD;oBACtD,IAAI,oBAAoB,GAAG,IAAI,CAAC,WAAW,CAAC;oBAC5C,MAAM,eAAe,GAAa,EAAE,CAAC;oBAErC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;wBACvB,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC;4BAChD,CAAC,CAAC,IAAI,CAAC,aAAa;4BACpB,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;wBACzB,eAAe,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;oBACpC,CAAC;yBAAM,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;wBAC7B,oBAAoB,GAAG,cAAc,IAAI,CAAC,YAAY,EAAE,CAAC;oBAC3D,CAAC;oBAED,+CAA+C;oBAC/C,MAAM,YAAY,GAChB,eAAe,CAAC,MAAM,GAAG,CAAC;wBACxB,CAAC,CAAC,eAAe,CAAC,GAAG,CACjB,CAAC,MAAM,EAAE,EAAE,CAAC,cAAc,WAAW,CAAC,MAAM,CAAC,EAAE,CAChD;wBACH,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC;oBAE7B,+CAA+C;oBAC/C,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;wBAC1C,MAAM,SAAS,GAA8B,IAAI,CAAC,QAAQ;4BACxD,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;gCAC5B,CAAC,CAAC,IAAI,CAAC,QAAQ;gCACf,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;4BACnB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;wBAEhB,0CAA0C;wBAC1C,OAAO,SAAS,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE;4BAChC,uDAAuD;4BACvD,IAAI,iBAAqC,CAAC;4BAC1C,IAAI,IAAI,CAAC,OAAO,IAAI,QAAQ,EAAE,CAAC;gCAC7B,iBAAiB,GAAG,GAAG,IAAI,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;4BACrD,CAAC;iCAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gCACxB,iBAAiB,GAAG,GAAG,IAAI,CAAC,OAAO,KAAK,CAAC;4BAC3C,CAAC;iCAAM,CAAC;gCACN,iBAAiB,GAAG,QAAQ,CAAC;4BAC/B,CAAC;4BAED,MAAM,UAAU,GAAe;gCAC7B,QAAQ,EAAE,iBAAiB;gCAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;gCACvB,QAAQ,EAAE,iBAAiB,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC;6BACjD,CAAC;4BAEF,wBAAwB;4BACxB,IAAI,WAAW,EAAE,CAAC;gCAChB,IAAI,CAAC;oCACH,UAAU,CAAC,WAAW,GAAG,IAAI,MAAM,CAAC,WAAW,CAAC,CAAC;gCACnD,CAAC;gCAAC,OAAO,CAAC,EAAE,CAAC;oCACX,MAAM,KAAK,GAAG,CAAU,CAAC;oCACzB,MAAM,CAAC,IAAI,CAAC;wCACV,QAAQ;wCACR,QAAQ,EAAE,IAAI;wCACd,IAAI,EAAE,QAAQ;wCACd,SAAS,EAAE,mBAAmB;wCAC9B,OAAO,EAAE,uBAAuB;wCAChC,OAAO,EAAE,YAAY,WAAW,YAAY,KAAK,CAAC,OAAO,EAAE;wCAC3D,UAAU,EACR,mFAAmF;qCACtF,CAAC,CAAC;oCACH,4CAA4C;oCAC5C,OAAO,IAAI,CAAC;gCACd,CAAC;4BACH,CAAC;4BAED,OAAO,UAAU,CAAC;wBACpB,CAAC,CAAC,CAAC;oBACL,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC;qBACD,MAAM,CAAC,CAAC,IAAI,EAAsB,EAAE,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;gBAEvD,KAAK,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;YAC7B,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,KAAK,GAAG,CAA0B,CAAC;gBACzC,kCAAkC;gBAClC,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC5B,MAAM,CAAC,IAAI,CAAC;wBACV,QAAQ;wBACR,QAAQ,EAAE,IAAI;wBACd,IAAI,EAAE,QAAQ;wBACd,SAAS,EAAE,WAAW;wBACtB,OAAO,EAAE,4BAA4B;wBACrC,OAAO,EAAE,KAAK,CAAC,OAAO;qBACvB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;AAC3B,CAAC"}

package/dist/src/policy/toml-loader.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export {};