@mandate-os/sdk 0.1.0

package/enforced-capabilities.d.ts

@@ -0,0 +1,81 @@
+import type { ToolId } from './mandates';
+export declare const mandateOsGenericEvaluateToolName = "mandateos_evaluate_actions";
+export declare const mandateOsGenericEnforcedExecuteToolName = "mandateos_execute_enforced_action";
+export type EnforcementIntegration = 'mcp' | 'openclaw';
+export declare const enforcementRouteDefinitions: readonly [{
+    readonly route: "enforced.github.issue.label";
+    readonly integration: "mcp";
+    readonly recommendedTool: "mandateos_execute_enforced_action";
+    readonly kind: "github.issue.label";
+    readonly actionTool: "issue.label";
+    readonly legacyToolName: "mandateos_execute_github_issue_label";
+    readonly executePath: "/api/v1/integrations/github/issue-label/execute";
+}, {
+    readonly route: "enforced.github.pull_request.draft";
+    readonly integration: "mcp";
+    readonly recommendedTool: "mandateos_execute_enforced_action";
+    readonly kind: "github.pull_request.draft";
+    readonly actionTool: "pr.draft";
+    readonly legacyToolName: "mandateos_execute_github_pull_request_draft";
+    readonly executePath: "/api/v1/integrations/github/pull-request/draft/execute";
+}, {
+    readonly route: "enforced.openclaw.exec";
+    readonly integration: "openclaw";
+    readonly recommendedTool: "mandateos_openclaw_exec";
+}, {
+    readonly route: "enforced.openclaw.browser.mutate";
+    readonly integration: "openclaw";
+    readonly recommendedTool: "mandateos_openclaw_browser_mutate";
+}, {
+    readonly route: "enforced.openclaw.agent.spawn";
+    readonly integration: "openclaw";
+    readonly recommendedTool: "mandateos_openclaw_spawn_agent";
+}];
+export type EnforcedRouteDefinition = (typeof enforcementRouteDefinitions)[number];
+export type EnforcedRouteId = EnforcedRouteDefinition['route'];
+export type PolicyGatewayRoute = 'generic' | EnforcedRouteId;
+export type EnforcedExecutionCapability = Extract<EnforcedRouteDefinition, {
+    kind: string;
+    actionTool: ToolId;
+    executePath: string;
+}>;
+export type EnforcedExecutionKind = EnforcedExecutionCapability['kind'];
+export declare function isPolicyGatewayRoute(value: string): value is PolicyGatewayRoute;
+export declare function isEnforcedExecutionKind(value: string): value is EnforcedExecutionKind;
+export declare function getEnforcedRouteDefinition(route: EnforcedRouteId): {
+    readonly route: "enforced.github.issue.label";
+    readonly integration: "mcp";
+    readonly recommendedTool: "mandateos_execute_enforced_action";
+    readonly kind: "github.issue.label";
+    readonly actionTool: "issue.label";
+    readonly legacyToolName: "mandateos_execute_github_issue_label";
+    readonly executePath: "/api/v1/integrations/github/issue-label/execute";
+} | {
+    readonly route: "enforced.github.pull_request.draft";
+    readonly integration: "mcp";
+    readonly recommendedTool: "mandateos_execute_enforced_action";
+    readonly kind: "github.pull_request.draft";
+    readonly actionTool: "pr.draft";
+    readonly legacyToolName: "mandateos_execute_github_pull_request_draft";
+    readonly executePath: "/api/v1/integrations/github/pull-request/draft/execute";
+} | {
+    readonly route: "enforced.openclaw.exec";
+    readonly integration: "openclaw";
+    readonly recommendedTool: "mandateos_openclaw_exec";
+} | {
+    readonly route: "enforced.openclaw.browser.mutate";
+    readonly integration: "openclaw";
+    readonly recommendedTool: "mandateos_openclaw_browser_mutate";
+} | {
+    readonly route: "enforced.openclaw.agent.spawn";
+    readonly integration: "openclaw";
+    readonly recommendedTool: "mandateos_openclaw_spawn_agent";
+};
+export declare function getEnforcedExecutionCapability(kind: EnforcedExecutionKind): EnforcedExecutionCapability;
+export declare function recommendedToolForRoute(route: PolicyGatewayRoute): "mandateos_evaluate_actions" | "mandateos_execute_enforced_action" | "mandateos_openclaw_exec" | "mandateos_openclaw_browser_mutate" | "mandateos_openclaw_spawn_agent";
+export declare function listMandateOsEnforcedToolNames(integration?: EnforcementIntegration, options?: {
+    includeLegacyToolNames?: boolean;
+}): string[];
+export declare function getLegacyToolNameForExecutionKind(kind: EnforcedExecutionKind): "mandateos_execute_github_issue_label" | "mandateos_execute_github_pull_request_draft" | undefined;
+export declare function getExpectedActionToolForExecutionKind(kind: EnforcedExecutionKind): "issue.label" | "pr.draft";
+//# sourceMappingURL=enforced-capabilities.d.ts.map

package/enforced-capabilities.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"enforced-capabilities.d.ts","sourceRoot":"","sources":["../../../packages/mandate-os-sdk/src/enforced-capabilities.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAEzC,eAAO,MAAM,gCAAgC,+BAA+B,CAAC;AAC7E,eAAO,MAAM,uCAAuC,sCACf,CAAC;AAEtC,MAAM,MAAM,sBAAsB,GAAG,KAAK,GAAG,UAAU,CAAC;AAIxD,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkC9B,CAAC;AAEX,MAAM,MAAM,uBAAuB,GACjC,CAAC,OAAO,2BAA2B,CAAC,CAAC,MAAM,CAAC,CAAC;AAC/C,MAAM,MAAM,eAAe,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;AAC/D,MAAM,MAAM,kBAAkB,GAAG,SAAS,GAAG,eAAe,CAAC;AAC7D,MAAM,MAAM,2BAA2B,GAAG,OAAO,CAC/C,uBAAuB,EACvB;IACE,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB,CACF,CAAC;AACF,MAAM,MAAM,qBAAqB,GAAG,2BAA2B,CAAC,MAAM,CAAC,CAAC;AAExE,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,MAAM,GACZ,KAAK,IAAI,kBAAkB,CAK7B;AAED,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,MAAM,GACZ,KAAK,IAAI,qBAAqB,CAIhC;AAED,wBAAgB,0BAA0B,CAAC,KAAK,EAAE,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAUhE;AAED,wBAAgB,8BAA8B,CAAC,IAAI,EAAE,qBAAqB,GAanD,2BAA2B,CACjD;AAED,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,kBAAkB,2KAMhE;AAED,wBAAgB,8BAA8B,CAC5C,WAAW,CAAC,EAAE,sBAAsB,EACpC,OAAO,GAAE;IACP,sBAAsB,CAAC,EAAE,OAAO,CAAC;CAC7B,YAiBP;AAED,wBAAgB,iCAAiC,CAAC,IAAI,EAAE,qBAAqB,sGAI5E;AAED,wBAAgB,qCAAqC,CACnD,IAAI,EAAE,qBAAqB,8BAG5B"}

package/enforced-capabilities.js

@@ -0,0 +1,89 @@
+export const mandateOsGenericEvaluateToolName = 'mandateos_evaluate_actions';
+export const mandateOsGenericEnforcedExecuteToolName = 'mandateos_execute_enforced_action';
+// Central registry for enforced capabilities. Add new routes here so policy
+// redirects, generic execute flows, and host tool discovery stay aligned.
+export const enforcementRouteDefinitions = [
+    {
+        route: 'enforced.github.issue.label',
+        integration: 'mcp',
+        recommendedTool: mandateOsGenericEnforcedExecuteToolName,
+        kind: 'github.issue.label',
+        actionTool: 'issue.label',
+        legacyToolName: 'mandateos_execute_github_issue_label',
+        executePath: '/api/v1/integrations/github/issue-label/execute',
+    },
+    {
+        route: 'enforced.github.pull_request.draft',
+        integration: 'mcp',
+        recommendedTool: mandateOsGenericEnforcedExecuteToolName,
+        kind: 'github.pull_request.draft',
+        actionTool: 'pr.draft',
+        legacyToolName: 'mandateos_execute_github_pull_request_draft',
+        executePath: '/api/v1/integrations/github/pull-request/draft/execute',
+    },
+    {
+        route: 'enforced.openclaw.exec',
+        integration: 'openclaw',
+        recommendedTool: 'mandateos_openclaw_exec',
+    },
+    {
+        route: 'enforced.openclaw.browser.mutate',
+        integration: 'openclaw',
+        recommendedTool: 'mandateos_openclaw_browser_mutate',
+    },
+    {
+        route: 'enforced.openclaw.agent.spawn',
+        integration: 'openclaw',
+        recommendedTool: 'mandateos_openclaw_spawn_agent',
+    },
+];
+export function isPolicyGatewayRoute(value) {
+    return (value === 'generic' ||
+        enforcementRouteDefinitions.some((definition) => definition.route === value));
+}
+export function isEnforcedExecutionKind(value) {
+    return enforcementRouteDefinitions.some((definition) => 'kind' in definition && definition.kind === value);
+}
+export function getEnforcedRouteDefinition(route) {
+    const definition = enforcementRouteDefinitions.find((entry) => entry.route === route);
+    if (!definition) {
+        throw new Error(`Unknown MandateOS enforced route: ${route}`);
+    }
+    return definition;
+}
+export function getEnforcedExecutionCapability(kind) {
+    const definition = enforcementRouteDefinitions.find((entry) => 'kind' in entry && entry.kind === kind);
+    if (!definition ||
+        !('actionTool' in definition) ||
+        !('executePath' in definition)) {
+        throw new Error(`Unknown MandateOS enforced execution kind: ${kind}`);
+    }
+    return definition;
+}
+export function recommendedToolForRoute(route) {
+    if (route === 'generic') {
+        return mandateOsGenericEvaluateToolName;
+    }
+    return getEnforcedRouteDefinition(route).recommendedTool;
+}
+export function listMandateOsEnforcedToolNames(integration, options = {}) {
+    const toolNames = new Set();
+    for (const definition of enforcementRouteDefinitions) {
+        if (integration && definition.integration !== integration) {
+            continue;
+        }
+        toolNames.add(definition.recommendedTool);
+        if (options.includeLegacyToolNames && 'legacyToolName' in definition) {
+            toolNames.add(definition.legacyToolName);
+        }
+    }
+    return [...toolNames];
+}
+export function getLegacyToolNameForExecutionKind(kind) {
+    const definition = getEnforcedExecutionCapability(kind);
+    return 'legacyToolName' in definition ? definition.legacyToolName : undefined;
+}
+export function getExpectedActionToolForExecutionKind(kind) {
+    return getEnforcedExecutionCapability(kind).actionTool;
+}
+//# sourceMappingURL=enforced-capabilities.js.map

package/enforced-capabilities.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"enforced-capabilities.js","sourceRoot":"","sources":["../../../packages/mandate-os-sdk/src/enforced-capabilities.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,gCAAgC,GAAG,4BAA4B,CAAC;AAC7E,MAAM,CAAC,MAAM,uCAAuC,GAClD,mCAAmC,CAAC;AAItC,4EAA4E;AAC5E,0EAA0E;AAC1E,MAAM,CAAC,MAAM,2BAA2B,GAAG;IACzC;QACE,KAAK,EAAE,6BAA6B;QACpC,WAAW,EAAE,KAAK;QAClB,eAAe,EAAE,uCAAuC;QACxD,IAAI,EAAE,oBAAoB;QAC1B,UAAU,EAAE,aAAa;QACzB,cAAc,EAAE,sCAAsC;QACtD,WAAW,EAAE,iDAAiD;KAC/D;IACD;QACE,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EAAE,KAAK;QAClB,eAAe,EAAE,uCAAuC;QACxD,IAAI,EAAE,2BAA2B;QACjC,UAAU,EAAE,UAAU;QACtB,cAAc,EAAE,6CAA6C;QAC7D,WAAW,EAAE,wDAAwD;KACtE;IACD;QACE,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE,UAAU;QACvB,eAAe,EAAE,yBAAyB;KAC3C;IACD;QACE,KAAK,EAAE,kCAAkC;QACzC,WAAW,EAAE,UAAU;QACvB,eAAe,EAAE,mCAAmC;KACrD;IACD;QACE,KAAK,EAAE,+BAA+B;QACtC,WAAW,EAAE,UAAU;QACvB,eAAe,EAAE,gCAAgC;KAClD;CACO,CAAC;AAgBX,MAAM,UAAU,oBAAoB,CAClC,KAAa;IAEb,OAAO,CACL,KAAK,KAAK,SAAS;QACnB,2BAA2B,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,KAAK,KAAK,KAAK,CAAC,CAC7E,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,KAAa;IAEb,OAAO,2BAA2B,CAAC,IAAI,CACrC,CAAC,UAAU,EAAE,EAAE,CAAC,MAAM,IAAI,UAAU,IAAI,UAAU,CAAC,IAAI,KAAK,KAAK,CAClE,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,KAAsB;IAC/D,MAAM,UAAU,GAAG,2BAA2B,CAAC,IAAI,CACjD,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,KAAK,KAAK,CACjC,CAAC;IAEF,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,qCAAqC,KAAK,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,8BAA8B,CAAC,IAA2B;IACxE,MAAM,UAAU,GAAG,2BAA2B,CAAC,IAAI,CACjD,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,IAAI,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,IAAI,CAClD,CAAC;IAEF,IACE,CAAC,UAAU;QACX,CAAC,CAAC,YAAY,IAAI,UAAU,CAAC;QAC7B,CAAC,CAAC,aAAa,IAAI,UAAU,CAAC,EAC9B,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,8CAA8C,IAAI,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,OAAO,UAAyC,CAAC;AACnD,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,KAAyB;IAC/D,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,gCAAgC,CAAC;IAC1C,CAAC;IAED,OAAO,0BAA0B,CAAC,KAAK,CAAC,CAAC,eAAe,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,8BAA8B,CAC5C,WAAoC,EACpC,UAEI,EAAE;IAEN,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IAEpC,KAAK,MAAM,UAAU,IAAI,2BAA2B,EAAE,CAAC;QACrD,IAAI,WAAW,IAAI,UAAU,CAAC,WAAW,KAAK,WAAW,EAAE,CAAC;YAC1D,SAAS;QACX,CAAC;QAED,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;QAE1C,IAAI,OAAO,CAAC,sBAAsB,IAAI,gBAAgB,IAAI,UAAU,EAAE,CAAC;YACrE,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,SAAS,CAAC,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,iCAAiC,CAAC,IAA2B;IAC3E,MAAM,UAAU,GAAG,8BAA8B,CAAC,IAAI,CAAC,CAAC;IAExD,OAAO,gBAAgB,IAAI,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;AAChF,CAAC;AAED,MAAM,UAAU,qCAAqC,CACnD,IAA2B;IAE3B,OAAO,8BAA8B,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC;AACzD,CAAC"}

package/index.d.ts

@@ -0,0 +1,7 @@
+export * from './agent-client';
+export * from './agent-middleware';
+export * from './contracts';
+export * from './enforced-capabilities';
+export * from './mandates';
+export * from './policy-gateway';
+//# sourceMappingURL=index.d.ts.map

package/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../packages/mandate-os-sdk/src/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,oBAAoB,CAAC;AACnC,cAAc,aAAa,CAAC;AAC5B,cAAc,yBAAyB,CAAC;AACxC,cAAc,YAAY,CAAC;AAC3B,cAAc,kBAAkB,CAAC"}

package/index.js

@@ -0,0 +1,7 @@
+export * from './agent-client';
+export * from './agent-middleware';
+export * from './contracts';
+export * from './enforced-capabilities';
+export * from './mandates';
+export * from './policy-gateway';
+//# sourceMappingURL=index.js.map

package/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../packages/mandate-os-sdk/src/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,oBAAoB,CAAC;AACnC,cAAc,aAAa,CAAC;AAC5B,cAAc,yBAAyB,CAAC;AACxC,cAAc,YAAY,CAAC;AAC3B,cAAc,kBAAkB,CAAC"}

package/mandates.d.ts

@@ -0,0 +1,35 @@
+export declare const toolIds: readonly ["repo.read", "issue.label", "pr.draft", "docs.publish", "erp.read", "quote.request", "contract.draft", "payment.execute", "deploy.prod", "support.refund", "shell.exec", "browser.read", "browser.mutate", "agent.spawn", "node.command", "session.control"];
+export declare const regionIds: readonly ["eea", "oecd", "global"];
+export declare const decisions: readonly ["allowed", "approval", "blocked"];
+export declare const riskLevels: readonly ["low", "medium", "high"];
+export declare const zones: readonly ["domestic", "eea", "oecd", "restricted"];
+export type ToolId = (typeof toolIds)[number];
+export type RegionId = (typeof regionIds)[number];
+export type Decision = (typeof decisions)[number];
+export type RiskLevel = (typeof riskLevels)[number];
+export type Zone = (typeof zones)[number];
+export declare function isToolId(value: string): value is ToolId;
+export declare function isRiskLevel(value: string): value is RiskLevel;
+export declare function isZone(value: string): value is Zone;
+export type MandateDraft = {
+    presetId: string;
+    owner: string;
+    agentName: string;
+    purpose: string;
+    monthlyCapNok: number;
+    approvalTermMonths: number;
+    allowedRegion: RegionId;
+    allowedTools: ToolId[];
+};
+export type ActionScenario = {
+    id: string;
+    title: string;
+    description: string;
+    tool: ToolId;
+    amountNok: number;
+    termMonths: number;
+    zone: Zone;
+    riskLevel: RiskLevel;
+    receiptSuffix: string;
+};
+//# sourceMappingURL=mandates.d.ts.map

package/mandates.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mandates.d.ts","sourceRoot":"","sources":["../../../packages/mandate-os-sdk/src/mandates.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,OAAO,wQAiBV,CAAC;AAEX,eAAO,MAAM,SAAS,oCAAqC,CAAC;AAC5D,eAAO,MAAM,SAAS,6CAA8C,CAAC;AACrE,eAAO,MAAM,UAAU,oCAAqC,CAAC;AAC7D,eAAO,MAAM,KAAK,oDAAqD,CAAC;AAExE,MAAM,MAAM,MAAM,GAAG,CAAC,OAAO,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC;AAC9C,MAAM,MAAM,QAAQ,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC;AAClD,MAAM,MAAM,QAAQ,GAAG,CAAC,OAAO,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC;AAClD,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC;AACpD,MAAM,MAAM,IAAI,GAAG,CAAC,OAAO,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC;AAE1C,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,KAAK,IAAI,MAAM,CAEvD;AAED,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,KAAK,IAAI,SAAS,CAE7D;AAED,wBAAgB,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,KAAK,IAAI,IAAI,CAEnD;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,aAAa,EAAE,QAAQ,CAAC;IACxB,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,IAAI,CAAC;IACX,SAAS,EAAE,SAAS,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC"}

package/mandates.js

@@ -0,0 +1,32 @@
+export const toolIds = [
+    'repo.read',
+    'issue.label',
+    'pr.draft',
+    'docs.publish',
+    'erp.read',
+    'quote.request',
+    'contract.draft',
+    'payment.execute',
+    'deploy.prod',
+    'support.refund',
+    'shell.exec',
+    'browser.read',
+    'browser.mutate',
+    'agent.spawn',
+    'node.command',
+    'session.control',
+];
+export const regionIds = ['eea', 'oecd', 'global'];
+export const decisions = ['allowed', 'approval', 'blocked'];
+export const riskLevels = ['low', 'medium', 'high'];
+export const zones = ['domestic', 'eea', 'oecd', 'restricted'];
+export function isToolId(value) {
+    return toolIds.includes(value);
+}
+export function isRiskLevel(value) {
+    return riskLevels.includes(value);
+}
+export function isZone(value) {
+    return zones.includes(value);
+}
+//# sourceMappingURL=mandates.js.map

package/mandates.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mandates.js","sourceRoot":"","sources":["../../../packages/mandate-os-sdk/src/mandates.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,OAAO,GAAG;IACrB,WAAW;IACX,aAAa;IACb,UAAU;IACV,cAAc;IACd,UAAU;IACV,eAAe;IACf,gBAAgB;IAChB,iBAAiB;IACjB,aAAa;IACb,gBAAgB;IAChB,YAAY;IACZ,cAAc;IACd,gBAAgB;IAChB,aAAa;IACb,cAAc;IACd,iBAAiB;CACT,CAAC;AAEX,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAU,CAAC;AAC5D,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,CAAU,CAAC;AACrE,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,CAAU,CAAC;AAC7D,MAAM,CAAC,MAAM,KAAK,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,CAAU,CAAC;AAQxE,MAAM,UAAU,QAAQ,CAAC,KAAa;IACpC,OAAO,OAAO,CAAC,QAAQ,CAAC,KAAe,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,OAAO,UAAU,CAAC,QAAQ,CAAC,KAAkB,CAAC,CAAC;AACjD,CAAC;AAED,MAAM,UAAU,MAAM,CAAC,KAAa;IAClC,OAAO,KAAK,CAAC,QAAQ,CAAC,KAAa,CAAC,CAAC;AACvC,CAAC"}

package/package.json

@@ -0,0 +1,20 @@
+{
+  "name": "@mandate-os/sdk",
+  "version": "0.1.0",
+  "description": "TypeScript SDK for MandateOS agent integrations.",
+  "license": "MIT",
+  "type": "module",
+  "sideEffects": false,
+  "publishConfig": {
+    "access": "public"
+  },
+  "main": "./index.js",
+  "module": "./index.js",
+  "types": "./index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./index.d.ts",
+      "import": "./index.js"
+    }
+  }
+}

package/policy-gateway.d.ts

@@ -0,0 +1,78 @@
+import type { ReceiptRecord, RuntimeSimulationBatch } from './contracts';
+import type { ActionScenario, RiskLevel, ToolId, Zone } from './mandates';
+import type { MandateOsAgentClient } from './agent-client';
+import { type PolicyGatewayRoute } from './enforced-capabilities';
+export type PolicyGatewayPermission = 'allow' | 'ask' | 'deny';
+export type PolicyGatewayChannel = 'shell' | 'mcp' | 'browser' | 'agent' | 'node' | 'session';
+export type MandateOsPolicyGatewayRule = {
+    id: string;
+    channel: PolicyGatewayChannel;
+    matcher: string | RegExp;
+    flags?: string;
+    tool: ToolId;
+    title: string;
+    description: string;
+    amountNok?: number;
+    termMonths?: number;
+    zone: Zone;
+    riskLevel: RiskLevel;
+    route?: PolicyGatewayRoute;
+};
+export type MandateOsPolicyGatewayOptions = {
+    client: Pick<MandateOsAgentClient, 'evaluateActions'>;
+    defaultMandateId?: string;
+    defaultSource?: string;
+    hostName?: string;
+    unmatchedPermission?: PolicyGatewayPermission;
+    rules: MandateOsPolicyGatewayRule[];
+};
+export type PolicyGatewayDecision = 'local_allow' | 'policy_allowed' | 'policy_approval' | 'policy_blocked' | 'redirect_enforced' | 'unmatched' | 'misconfigured';
+export type PolicyGatewayEvaluationResult = {
+    permission: PolicyGatewayPermission;
+    decision: PolicyGatewayDecision;
+    ruleId?: string;
+    route?: PolicyGatewayRoute;
+    action?: ActionScenario;
+    receipt?: ReceiptRecord;
+    evaluation?: RuntimeSimulationBatch;
+    userMessage?: string;
+    agentMessage?: string;
+    recommendedTool?: string;
+};
+export type PolicyGatewayAttempt = {
+    channel: PolicyGatewayChannel;
+    subject: string;
+    mandateId?: string;
+    source?: string;
+    host?: string;
+    details?: Record<string, unknown>;
+    context?: Record<string, unknown>;
+};
+export declare const readOnlyShellPatterns: readonly [RegExp, RegExp, RegExp, RegExp];
+export declare const defaultHostGatewayRules: MandateOsPolicyGatewayRule[];
+export declare const openClawPolicyGatewayRules: MandateOsPolicyGatewayRule[];
+export declare class MandateOsPolicyGateway {
+    private readonly options;
+    private readonly defaultMandateId?;
+    private readonly defaultSource?;
+    private readonly hostName;
+    private readonly unmatchedPermission;
+    private readonly rules;
+    constructor(options: MandateOsPolicyGatewayOptions);
+    evaluateAttempt(input: PolicyGatewayAttempt): Promise<PolicyGatewayEvaluationResult>;
+    createUnmatchedResult(channel: PolicyGatewayChannel, agentMessage: string): PolicyGatewayEvaluationResult;
+    private findRule;
+    private evaluateMatchedAttempt;
+}
+export declare function parsePolicyGatewayRules(input: unknown): MandateOsPolicyGatewayRule[];
+export declare function normalizeMcpToolName(value: string): string;
+export declare function isMandateOsToolName(value: string): boolean;
+export declare function summarizeJson(value: unknown): string;
+export declare function isReadOnlyShellCommand(command: string): boolean;
+export declare function isPolicyGatewayChannel(value: string): value is PolicyGatewayChannel;
+export declare function normalizePermission(value: unknown, fallback: PolicyGatewayPermission): PolicyGatewayPermission;
+export declare function normalizeOptionalText(value: unknown): string;
+export declare function normalizeOptionalNumber(value: unknown): number | undefined;
+export declare function splitCommaSeparatedList(value: string): string[];
+export declare function truncate(value: string, maxLength: number): string;
+//# sourceMappingURL=policy-gateway.d.ts.map

package/policy-gateway.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-gateway.d.ts","sourceRoot":"","sources":["../../../packages/mandate-os-sdk/src/policy-gateway.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACzE,OAAO,KAAK,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAE1E,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAC3D,OAAO,EAGL,KAAK,kBAAkB,EACxB,MAAM,yBAAyB,CAAC;AAEjC,MAAM,MAAM,uBAAuB,GAAG,OAAO,GAAG,KAAK,GAAG,MAAM,CAAC;AAC/D,MAAM,MAAM,oBAAoB,GAC5B,OAAO,GACP,KAAK,GACL,SAAS,GACT,OAAO,GACP,MAAM,GACN,SAAS,CAAC;AAEd,MAAM,MAAM,0BAA0B,GAAG;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,oBAAoB,CAAC;IAC9B,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,IAAI,CAAC;IACX,SAAS,EAAE,SAAS,CAAC;IACrB,KAAK,CAAC,EAAE,kBAAkB,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,6BAA6B,GAAG;IAC1C,MAAM,EAAE,IAAI,CAAC,oBAAoB,EAAE,iBAAiB,CAAC,CAAC;IACtD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mBAAmB,CAAC,EAAE,uBAAuB,CAAC;IAC9C,KAAK,EAAE,0BAA0B,EAAE,CAAC;CACrC,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAC7B,aAAa,GACb,gBAAgB,GAChB,iBAAiB,GACjB,gBAAgB,GAChB,mBAAmB,GACnB,WAAW,GACX,eAAe,CAAC;AAEpB,MAAM,MAAM,6BAA6B,GAAG;IAC1C,UAAU,EAAE,uBAAuB,CAAC;IACpC,QAAQ,EAAE,qBAAqB,CAAC;IAChC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,kBAAkB,CAAC;IAC3B,MAAM,CAAC,EAAE,cAAc,CAAC;IACxB,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,UAAU,CAAC,EAAE,sBAAsB,CAAC;IACpC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,OAAO,EAAE,oBAAoB,CAAC;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC,CAAC;AAMF,eAAO,MAAM,qBAAqB,2CAKxB,CAAC;AAEX,eAAO,MAAM,uBAAuB,EAAE,0BAA0B,EAgNtD,CAAC;AAEX,eAAO,MAAM,0BAA0B,EAAE,0BAA0B,EA0EzD,CAAC;AAEX,qBAAa,sBAAsB;IAOrB,OAAO,CAAC,QAAQ,CAAC,OAAO;IANpC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAS;IAC3C,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAA0B;IAC9D,OAAO,CAAC,QAAQ,CAAC,KAAK,CAA8B;gBAEvB,OAAO,EAAE,6BAA6B;IAW7D,eAAe,CACnB,KAAK,EAAE,oBAAoB,GAC1B,OAAO,CAAC,6BAA6B,CAAC;IAkCzC,qBAAqB,CACnB,OAAO,EAAE,oBAAoB,EAC7B,YAAY,EAAE,MAAM,GACnB,6BAA6B;IAiBhC,OAAO,CAAC,QAAQ;YAMF,sBAAsB;CAkHrC;AAED,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,OAAO,GACb,0BAA0B,EAAE,CAiG9B;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,UAEjD;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,WAQhD;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,UAU3C;AAED,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,WAErD;AAED,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,MAAM,GACZ,KAAK,IAAI,oBAAoB,CAI/B;AAED,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,OAAO,EACd,QAAQ,EAAE,uBAAuB,GAChC,uBAAuB,CAIzB;AAED,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,OAAO,UAEnD;AAED,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,OAAO,sBAcrD;AAED,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,MAAM,YAKpD;AAED,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,UAIxD"}