@miller-tech/uap 1.0.0

package/dist/policies/database-manager.js

@@ -0,0 +1,198 @@
+import Database from 'better-sqlite3';
+import { mkdirSync, existsSync } from 'node:fs';
+import { join, dirname } from 'node:path';
+export class DatabaseManager {
+    db;
+    constructor(dbPath) {
+        const resolvedPath = dbPath || join(process.cwd(), 'agents', 'data', 'memory', 'policies.db');
+        const dir = dirname(resolvedPath);
+        if (!existsSync(dir)) {
+            mkdirSync(dir, { recursive: true });
+        }
+        this.db = new Database(resolvedPath);
+        this.db.pragma('journal_mode = WAL');
+        this.initialize();
+    }
+    initialize() {
+        this.db.exec(`
+      CREATE TABLE IF NOT EXISTS policies (
+        id TEXT PRIMARY KEY,
+        name TEXT NOT NULL,
+        category TEXT NOT NULL,
+        level TEXT NOT NULL,
+        rawMarkdown TEXT,
+        convertedFormat TEXT,
+        executableTools TEXT DEFAULT '[]',
+        tags TEXT DEFAULT '[]',
+        createdAt TEXT NOT NULL,
+        updatedAt TEXT NOT NULL,
+        version INTEGER NOT NULL DEFAULT 1,
+        isActive INTEGER NOT NULL DEFAULT 1,
+        priority INTEGER DEFAULT 50
+      );
+
+      CREATE TABLE IF NOT EXISTS executable_tools (
+        id TEXT PRIMARY KEY,
+        policyId TEXT NOT NULL,
+        toolName TEXT NOT NULL,
+        code TEXT NOT NULL,
+        language TEXT NOT NULL DEFAULT 'python',
+        createdAt TEXT NOT NULL,
+        FOREIGN KEY (policyId) REFERENCES policies(id) ON DELETE CASCADE
+      );
+
+      CREATE TABLE IF NOT EXISTS policy_executions (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        policyId TEXT NOT NULL,
+        toolName TEXT NOT NULL,
+        operation TEXT NOT NULL,
+        args TEXT DEFAULT '{}',
+        result TEXT,
+        allowed INTEGER NOT NULL,
+        reason TEXT,
+        executedAt TEXT NOT NULL,
+        FOREIGN KEY (policyId) REFERENCES policies(id) ON DELETE CASCADE
+      );
+
+      CREATE INDEX IF NOT EXISTS idx_policies_category ON policies(category);
+      CREATE INDEX IF NOT EXISTS idx_policies_level ON policies(level);
+      CREATE INDEX IF NOT EXISTS idx_policies_active ON policies(isActive);
+      CREATE INDEX IF NOT EXISTS idx_exec_tools_policy ON executable_tools(policyId);
+      CREATE INDEX IF NOT EXISTS idx_policy_exec_policy ON policy_executions(policyId);
+      CREATE INDEX IF NOT EXISTS idx_policy_exec_time ON policy_executions(executedAt);
+    `);
+    }
+    // --- Serialization helpers ---
+    serialize(value) {
+        if (Array.isArray(value))
+            return JSON.stringify(value);
+        if (typeof value === 'boolean')
+            return value ? 1 : 0;
+        if (typeof value === 'object' && value !== null)
+            return JSON.stringify(value);
+        return value;
+    }
+    deserializeRow(row) {
+        if (!row)
+            return row;
+        const result = { ...row };
+        // Boolean fields
+        if ('isActive' in result)
+            result.isActive = result.isActive === 1;
+        if ('allowed' in result)
+            result.allowed = result.allowed === 1;
+        // JSON array fields
+        for (const field of ['executableTools', 'tags']) {
+            if (field in result && typeof result[field] === 'string') {
+                try {
+                    result[field] = JSON.parse(result[field]);
+                }
+                catch {
+                    result[field] = [];
+                }
+            }
+        }
+        // JSON object fields
+        for (const field of ['args', 'result']) {
+            if (field in result && typeof result[field] === 'string') {
+                try {
+                    result[field] = JSON.parse(result[field]);
+                }
+                catch {
+                    // leave as string
+                }
+            }
+        }
+        return result;
+    }
+    // --- CRUD for policies table ---
+    upsertPolicy(data) {
+        const serialized = {};
+        for (const [key, value] of Object.entries(data)) {
+            serialized[key] = this.serialize(value);
+        }
+        const columns = Object.keys(serialized);
+        const placeholders = columns.map(() => '?').join(', ');
+        const sql = `INSERT OR REPLACE INTO policies (${columns.join(', ')}) VALUES (${placeholders})`;
+        this.db.prepare(sql).run(...Object.values(serialized));
+    }
+    findPolicies(where) {
+        const keys = Object.keys(where);
+        const serializedValues = keys.map((k) => this.serialize(where[k]));
+        const conditions = keys.map((k) => `${k} = ?`).join(' AND ');
+        const sql = `SELECT * FROM policies WHERE ${conditions}`;
+        const rows = this.db.prepare(sql).all(...serializedValues);
+        return rows.map((r) => this.deserializeRow(r));
+    }
+    findOnePolicy(where) {
+        const results = this.findPolicies(where);
+        return results[0] || null;
+    }
+    updatePolicy(where, updates) {
+        const serializedUpdates = {};
+        for (const [key, value] of Object.entries(updates)) {
+            serializedUpdates[key] = this.serialize(value);
+        }
+        const serializedWhere = {};
+        for (const [key, value] of Object.entries(where)) {
+            serializedWhere[key] = this.serialize(value);
+        }
+        const setClauses = Object.keys(serializedUpdates)
+            .map((k) => `${k} = ?`)
+            .join(', ');
+        const whereClauses = Object.keys(serializedWhere)
+            .map((k) => `${k} = ?`)
+            .join(' AND ');
+        const sql = `UPDATE policies SET ${setClauses} WHERE ${whereClauses}`;
+        this.db
+            .prepare(sql)
+            .run(...Object.values(serializedUpdates), ...Object.values(serializedWhere));
+    }
+    getAllActivePolicies() {
+        const rows = this.db
+            .prepare('SELECT * FROM policies WHERE isActive = 1 ORDER BY priority DESC')
+            .all();
+        return rows.map((r) => this.deserializeRow(r));
+    }
+    // --- CRUD for executable_tools table ---
+    upsertExecutableTool(data) {
+        const columns = Object.keys(data);
+        const placeholders = columns.map(() => '?').join(', ');
+        const sql = `INSERT OR REPLACE INTO executable_tools (${columns.join(', ')}) VALUES (${placeholders})`;
+        this.db.prepare(sql).run(...Object.values(data));
+    }
+    findExecutableTools(policyId) {
+        return this.db
+            .prepare('SELECT * FROM executable_tools WHERE policyId = ?')
+            .all(policyId);
+    }
+    findExecutableTool(policyId, toolName) {
+        const result = this.db
+            .prepare('SELECT * FROM executable_tools WHERE policyId = ? AND toolName = ?')
+            .get(policyId, toolName);
+        return result || null;
+    }
+    // --- CRUD for policy_executions table (audit trail) ---
+    logExecution(data) {
+        const sql = `INSERT INTO policy_executions (policyId, toolName, operation, args, result, allowed, reason, executedAt) VALUES (?, ?, ?, ?, ?, ?, ?, ?)`;
+        this.db
+            .prepare(sql)
+            .run(data.policyId, data.toolName, data.operation, JSON.stringify(data.args), JSON.stringify(data.result), data.allowed ? 1 : 0, data.reason, new Date().toISOString());
+    }
+    getExecutionLog(policyId, limit = 50) {
+        let sql = 'SELECT * FROM policy_executions';
+        const params = [];
+        if (policyId) {
+            sql += ' WHERE policyId = ?';
+            params.push(policyId);
+        }
+        sql += ' ORDER BY executedAt DESC LIMIT ?';
+        params.push(limit);
+        const rows = this.db.prepare(sql).all(...params);
+        return rows.map((r) => this.deserializeRow(r));
+    }
+    close() {
+        this.db.close();
+    }
+}
+//# sourceMappingURL=database-manager.js.map

package/dist/policies/database-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"database-manager.js","sourceRoot":"","sources":["../../src/policies/database-manager.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAChD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAE1C,MAAM,OAAO,eAAe;IAClB,EAAE,CAAgC;IAE1C,YAAY,MAAe;QACzB,MAAM,YAAY,GAAG,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;QAC9F,MAAM,GAAG,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;QAClC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACrB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACtC,CAAC;QACD,IAAI,CAAC,EAAE,GAAG,IAAI,QAAQ,CAAC,YAAY,CAAC,CAAC;QACrC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACrC,IAAI,CAAC,UAAU,EAAE,CAAC;IACpB,CAAC;IAEO,UAAU;QAChB,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KA8CZ,CAAC,CAAC;IACL,CAAC;IAED,gCAAgC;IAExB,SAAS,CAAC,KAAc;QAC9B,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACvD,IAAI,OAAO,KAAK,KAAK,SAAS;YAAE,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACrD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC9E,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,cAAc,CAAC,GAA4B;QACjD,IAAI,CAAC,GAAG;YAAE,OAAO,GAAG,CAAC;QACrB,MAAM,MAAM,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC;QAE1B,iBAAiB;QACjB,IAAI,UAAU,IAAI,MAAM;YAAE,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,KAAK,CAAC,CAAC;QAClE,IAAI,SAAS,IAAI,MAAM;YAAE,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,KAAK,CAAC,CAAC;QAE/D,oBAAoB;QACpB,KAAK,MAAM,KAAK,IAAI,CAAC,iBAAiB,EAAE,MAAM,CAAC,EAAE,CAAC;YAChD,IAAI,KAAK,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,KAAK,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACzD,IAAI,CAAC;oBACH,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAW,CAAC,CAAC;gBACtD,CAAC;gBAAC,MAAM,CAAC;oBACP,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;gBACrB,CAAC;YACH,CAAC;QACH,CAAC;QAED,qBAAqB;QACrB,KAAK,MAAM,KAAK,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC;YACvC,IAAI,KAAK,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,KAAK,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACzD,IAAI,CAAC;oBACH,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAW,CAAC,CAAC;gBACtD,CAAC;gBAAC,MAAM,CAAC;oBACP,kBAAkB;gBACpB,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,kCAAkC;IAElC,YAAY,CAAC,IAA6B;QACxC,MAAM,UAAU,GAA4B,EAAE,CAAC;QAC/C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,UAAU,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACxC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,GAAG,GAAG,oCAAoC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,YAAY,GAAG,CAAC;QAC/F,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;IACzD,CAAC;IAED,YAAY,CAAC,KAA8B;QACzC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,MAAM,gBAAgB,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC7D,MAAM,GAAG,GAAG,gCAAgC,UAAU,EAAE,CAAC;QACzD,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,gBAAgB,CAA8B,CAAC;QACxF,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IAED,aAAa,CAAC,KAA8B;QAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QACzC,OAAO,OAAO,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IAC5B,CAAC;IAED,YAAY,CAAC,KAA8B,EAAE,OAAgC;QAC3E,MAAM,iBAAiB,GAA4B,EAAE,CAAC;QACtD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACnD,iBAAiB,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACjD,CAAC;QACD,MAAM,eAAe,GAA4B,EAAE,CAAC;QACpD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACjD,eAAe,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC;aAC9C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC;aACtB,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC;aAC9C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC;aACtB,IAAI,CAAC,OAAO,CAAC,CAAC;QACjB,MAAM,GAAG,GAAG,uBAAuB,UAAU,UAAU,YAAY,EAAE,CAAC;QACtE,IAAI,CAAC,EAAE;aACJ,OAAO,CAAC,GAAG,CAAC;aACZ,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,CAAC;IACjF,CAAC;IAED,oBAAoB;QAClB,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CAAC,kEAAkE,CAAC;aAC3E,GAAG,EAA+B,CAAC;QACtC,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IAED,0CAA0C;IAE1C,oBAAoB,CAAC,IAA6B;QAChD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,GAAG,GAAG,4CAA4C,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,YAAY,GAAG,CAAC;QACvG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IACnD,CAAC;IAED,mBAAmB,CAAC,QAAgB;QAClC,OAAO,IAAI,CAAC,EAAE;aACX,OAAO,CAAC,mDAAmD,CAAC;aAC5D,GAAG,CAAC,QAAQ,CAA8B,CAAC;IAChD,CAAC;IAED,kBAAkB,CAAC,QAAgB,EAAE,QAAgB;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE;aACnB,OAAO,CAAC,oEAAoE,CAAC;aAC7E,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAwC,CAAC;QAClE,OAAO,MAAM,IAAI,IAAI,CAAC;IACxB,CAAC;IAED,yDAAyD;IAEzD,YAAY,CAAC,IAQZ;QACC,MAAM,GAAG,GAAG,0IAA0I,CAAC;QACvJ,IAAI,CAAC,EAAE;aACJ,OAAO,CAAC,GAAG,CAAC;aACZ,GAAG,CACF,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EACzB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,EAC3B,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EACpB,IAAI,CAAC,MAAM,EACX,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CACzB,CAAC;IACN,CAAC;IAED,eAAe,CAAC,QAAiB,EAAE,QAAgB,EAAE;QACnD,IAAI,GAAG,GAAG,iCAAiC,CAAC;QAC5C,MAAM,MAAM,GAAc,EAAE,CAAC;QAC7B,IAAI,QAAQ,EAAE,CAAC;YACb,GAAG,IAAI,qBAAqB,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACxB,CAAC;QACD,GAAG,IAAI,mCAAmC,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,MAAM,CAA8B,CAAC;QAC9E,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IAED,KAAK;QACH,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC;CACF"}

package/dist/policies/enforced-tool-router.d.ts

@@ -0,0 +1,53 @@
+import { PolicyViolationError } from './policy-gate.js';
+export interface ToolDefinition {
+    name: string;
+    category: string;
+    execute: (args: Record<string, unknown>) => Promise<unknown>;
+}
+/**
+ * EnforcedToolRouter is the single entry point for all tool execution.
+ * Tools registered here are automatically gated by the PolicyGate.
+ *
+ * Usage:
+ *   const router = getEnforcedToolRouter();
+ *   router.registerTool({
+ *     name: 'web_browser',
+ *     category: 'automation',
+ *     execute: async (args) => { ... }
+ *   });
+ *
+ *   // This will check all REQUIRED policies before executing
+ *   const result = await router.executeTool('web_browser', { url: '...' });
+ */
+export declare class EnforcedToolRouter {
+    private tools;
+    private _gate;
+    private get gate();
+    /**
+     * Register a tool. All registered tools are policy-gated.
+     */
+    registerTool(tool: ToolDefinition): void;
+    /**
+     * Execute a tool through the policy gate.
+     * Throws PolicyViolationError if any REQUIRED policy blocks it.
+     */
+    executeTool(name: string, args?: Record<string, unknown>): Promise<unknown>;
+    /**
+     * Check if a tool call would be allowed without executing it.
+     */
+    wouldAllow(name: string, args?: Record<string, unknown>): Promise<{
+        allowed: boolean;
+        reasons: string[];
+    }>;
+    /**
+     * List all registered tools.
+     */
+    listTools(): ToolDefinition[];
+    /**
+     * Check if a tool is registered.
+     */
+    hasTool(name: string): boolean;
+}
+export declare function getEnforcedToolRouter(): EnforcedToolRouter;
+export { PolicyViolationError };
+//# sourceMappingURL=enforced-tool-router.d.ts.map

package/dist/policies/enforced-tool-router.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"enforced-tool-router.d.ts","sourceRoot":"","sources":["../../src/policies/enforced-tool-router.ts"],"names":[],"mappings":"AAAA,OAAO,EAA6B,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAEnF,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CAC9D;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,KAAK,CAA0C;IACvD,OAAO,CAAC,KAAK,CAA2B;IAExC,OAAO,KAAK,IAAI,GAKf;IAED;;OAEG;IACH,YAAY,CAAC,IAAI,EAAE,cAAc,GAAG,IAAI;IAIxC;;;OAGG;IACG,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAarF;;OAEG;IACG,UAAU,CACd,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GACjC,OAAO,CAAC;QACT,OAAO,EAAE,OAAO,CAAC;QACjB,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,CAAC;IAaF;;OAEG;IACH,SAAS,IAAI,cAAc,EAAE;IAI7B;;OAEG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;CAG/B;AAID,wBAAgB,qBAAqB,IAAI,kBAAkB,CAK1D;AAGD,OAAO,EAAE,oBAAoB,EAAE,CAAC"}

package/dist/policies/enforced-tool-router.js

@@ -0,0 +1,80 @@
+import { getPolicyGate, PolicyViolationError } from './policy-gate.js';
+/**
+ * EnforcedToolRouter is the single entry point for all tool execution.
+ * Tools registered here are automatically gated by the PolicyGate.
+ *
+ * Usage:
+ *   const router = getEnforcedToolRouter();
+ *   router.registerTool({
+ *     name: 'web_browser',
+ *     category: 'automation',
+ *     execute: async (args) => { ... }
+ *   });
+ *
+ *   // This will check all REQUIRED policies before executing
+ *   const result = await router.executeTool('web_browser', { url: '...' });
+ */
+export class EnforcedToolRouter {
+    tools = new Map();
+    _gate = null;
+    get gate() {
+        if (!this._gate) {
+            this._gate = getPolicyGate();
+        }
+        return this._gate;
+    }
+    /**
+     * Register a tool. All registered tools are policy-gated.
+     */
+    registerTool(tool) {
+        this.tools.set(tool.name, tool);
+    }
+    /**
+     * Execute a tool through the policy gate.
+     * Throws PolicyViolationError if any REQUIRED policy blocks it.
+     */
+    async executeTool(name, args = {}) {
+        const tool = this.tools.get(name);
+        if (!tool) {
+            throw new Error(`Tool "${name}" not registered. Available: ${[...this.tools.keys()].join(', ')}`);
+        }
+        return this.gate.executeWithGates(name, { ...args, _toolCategory: tool.category }, () => tool.execute(args));
+    }
+    /**
+     * Check if a tool call would be allowed without executing it.
+     */
+    async wouldAllow(name, args = {}) {
+        const tool = this.tools.get(name);
+        if (!tool) {
+            return { allowed: false, reasons: [`Tool "${name}" not registered`] };
+        }
+        const result = await this.gate.checkPolicies(name, { ...args, _toolCategory: tool.category });
+        return {
+            allowed: result.allowed,
+            reasons: result.blockedBy.map((b) => `[${b.policyName}] ${b.reason}`),
+        };
+    }
+    /**
+     * List all registered tools.
+     */
+    listTools() {
+        return [...this.tools.values()];
+    }
+    /**
+     * Check if a tool is registered.
+     */
+    hasTool(name) {
+        return this.tools.has(name);
+    }
+}
+// Lazy singleton
+let _instance = null;
+export function getEnforcedToolRouter() {
+    if (!_instance) {
+        _instance = new EnforcedToolRouter();
+    }
+    return _instance;
+}
+// Re-export for convenience
+export { PolicyViolationError };
+//# sourceMappingURL=enforced-tool-router.js.map

package/dist/policies/enforced-tool-router.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"enforced-tool-router.js","sourceRoot":"","sources":["../../src/policies/enforced-tool-router.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,aAAa,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAQnF;;;;;;;;;;;;;;GAcG;AACH,MAAM,OAAO,kBAAkB;IACrB,KAAK,GAAgC,IAAI,GAAG,EAAE,CAAC;IAC/C,KAAK,GAAsB,IAAI,CAAC;IAExC,IAAY,IAAI;QACd,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC,KAAK,GAAG,aAAa,EAAE,CAAC;QAC/B,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,IAAoB;QAC/B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAClC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,IAAY,EAAE,OAAgC,EAAE;QAChE,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CACb,SAAS,IAAI,gCAAgC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACjF,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,aAAa,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,CACtF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CACnB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CACd,IAAY,EACZ,OAAgC,EAAE;QAKlC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,SAAS,IAAI,kBAAkB,CAAC,EAAE,CAAC;QACxE,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,aAAa,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9F,OAAO;YACL,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,UAAU,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;SACtE,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,IAAY;QAClB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;CACF;AAED,iBAAiB;AACjB,IAAI,SAAS,GAA8B,IAAI,CAAC;AAChD,MAAM,UAAU,qBAAqB;IACnC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,SAAS,GAAG,IAAI,kBAAkB,EAAE,CAAC;IACvC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,4BAA4B;AAC5B,OAAO,EAAE,oBAAoB,EAAE,CAAC"}

package/dist/policies/index.d.ts

@@ -0,0 +1,10 @@
+export * from './schemas/policy.js';
+export { PolicyMemoryManager, getPolicyMemoryManager } from './policy-memory.js';
+export { PolicyToolRegistry, getPolicyToolRegistry } from './policy-tools.js';
+export { PolicyGate, getPolicyGate, PolicyViolationError } from './policy-gate.js';
+export type { PolicyCheckResult, GateResult } from './policy-gate.js';
+export { EnforcedToolRouter, getEnforcedToolRouter } from './enforced-tool-router.js';
+export type { ToolDefinition } from './enforced-tool-router.js';
+export { DatabaseManager } from './database-manager.js';
+export { convertPolicyToClaude } from './convert-policy-to-claude.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/policies/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/policies/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAC;AACpC,OAAO,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AACjF,OAAO,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC9E,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACnF,YAAY,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACtF,YAAY,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC"}

package/dist/policies/index.js

@@ -0,0 +1,8 @@
+export * from './schemas/policy.js';
+export { PolicyMemoryManager, getPolicyMemoryManager } from './policy-memory.js';
+export { PolicyToolRegistry, getPolicyToolRegistry } from './policy-tools.js';
+export { PolicyGate, getPolicyGate, PolicyViolationError } from './policy-gate.js';
+export { EnforcedToolRouter, getEnforcedToolRouter } from './enforced-tool-router.js';
+export { DatabaseManager } from './database-manager.js';
+export { convertPolicyToClaude } from './convert-policy-to-claude.js';
+//# sourceMappingURL=index.js.map

package/dist/policies/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/policies/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAC;AACpC,OAAO,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AACjF,OAAO,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC9E,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAEnF,OAAO,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAEtF,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC"}

package/dist/policies/policy-gate.d.ts

@@ -0,0 +1,59 @@
+export interface PolicyCheckResult {
+    allowed: boolean;
+    policyId: string;
+    policyName: string;
+    level: string;
+    reason: string;
+}
+export interface GateResult {
+    allowed: boolean;
+    checks: PolicyCheckResult[];
+    blockedBy: PolicyCheckResult[];
+}
+export declare class PolicyViolationError extends Error {
+    checks: PolicyCheckResult[];
+    constructor(message: string, checks: PolicyCheckResult[]);
+}
+/**
+ * PolicyGate is the enforcement middleware.
+ * Every tool call passes through executeWithGates() which:
+ * 1. Retrieves all REQUIRED policies relevant to the operation
+ * 2. Evaluates each policy's rules against the operation
+ * 3. Blocks execution if any REQUIRED policy denies it
+ * 4. Logs every check to the audit trail
+ */
+export declare class PolicyGate {
+    private _memory;
+    private _db;
+    private get memory();
+    private get db();
+    /**
+     * Check all policies before allowing an operation.
+     * Throws PolicyViolationError if any REQUIRED policy blocks it.
+     */
+    executeWithGates<T>(operation: string, args: Record<string, unknown>, executor: () => Promise<T>): Promise<T>;
+    /**
+     * Check policies without executing. Returns the gate result.
+     */
+    checkPolicies(operation: string, args: Record<string, unknown>): Promise<GateResult>;
+    /**
+     * Evaluate a single policy against an operation.
+     * Parses the policy's rawMarkdown for rules and checks them.
+     */
+    private evaluatePolicy;
+    /**
+     * Check a single rule against an operation.
+     * Returns a violation message if the rule is violated, null otherwise.
+     */
+    private checkRule;
+    /**
+     * Extract structured rules from policy markdown.
+     */
+    private extractRules;
+    /**
+     * Get the audit trail for a policy or all policies.
+     */
+    getAuditTrail(policyId?: string, limit?: number): Promise<Record<string, unknown>[]>;
+}
+export declare function getPolicyGate(): PolicyGate;
+//# sourceMappingURL=policy-gate.d.ts.map

package/dist/policies/policy-gate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-gate.d.ts","sourceRoot":"","sources":["../../src/policies/policy-gate.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,iBAAiB,EAAE,CAAC;IAC5B,SAAS,EAAE,iBAAiB,EAAE,CAAC;CAChC;AAED,qBAAa,oBAAqB,SAAQ,KAAK;IACtC,MAAM,EAAE,iBAAiB,EAAE,CAAC;gBACvB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,iBAAiB,EAAE;CAKzD;AAED;;;;;;;GAOG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,OAAO,CAAoC;IACnD,OAAO,CAAC,GAAG,CAAgC;IAE3C,OAAO,KAAK,MAAM,GAKjB;IAED,OAAO,KAAK,EAAE,GAKb;IAED;;;OAGG;IACG,gBAAgB,CAAC,CAAC,EACtB,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,QAAQ,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GACzB,OAAO,CAAC,CAAC,CAAC;IA+Bb;;OAEG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC;IAkB1F;;;OAGG;IACH,OAAO,CAAC,cAAc;IAwBtB;;;OAGG;IACH,OAAO,CAAC,SAAS;IAuBjB;;OAEG;IACH,OAAO,CAAC,YAAY;IA4CpB;;OAEG;IACG,aAAa,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,KAAK,GAAE,MAAW,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;CAG/F;AAID,wBAAgB,aAAa,IAAI,UAAU,CAK1C"}

package/dist/policies/policy-gate.js

@@ -0,0 +1,171 @@
+import { getPolicyMemoryManager } from './policy-memory.js';
+import { DatabaseManager } from './database-manager.js';
+export class PolicyViolationError extends Error {
+    checks;
+    constructor(message, checks) {
+        super(message);
+        this.name = 'PolicyViolationError';
+        this.checks = checks;
+    }
+}
+/**
+ * PolicyGate is the enforcement middleware.
+ * Every tool call passes through executeWithGates() which:
+ * 1. Retrieves all REQUIRED policies relevant to the operation
+ * 2. Evaluates each policy's rules against the operation
+ * 3. Blocks execution if any REQUIRED policy denies it
+ * 4. Logs every check to the audit trail
+ */
+export class PolicyGate {
+    _memory = null;
+    _db = null;
+    get memory() {
+        if (!this._memory) {
+            this._memory = getPolicyMemoryManager();
+        }
+        return this._memory;
+    }
+    get db() {
+        if (!this._db) {
+            this._db = new DatabaseManager();
+        }
+        return this._db;
+    }
+    /**
+     * Check all policies before allowing an operation.
+     * Throws PolicyViolationError if any REQUIRED policy blocks it.
+     */
+    async executeWithGates(operation, args, executor) {
+        const gateResult = await this.checkPolicies(operation, args);
+        // Log all checks to audit trail
+        for (const check of gateResult.checks) {
+            this.db.logExecution({
+                policyId: check.policyId,
+                toolName: operation,
+                operation,
+                args,
+                result: null,
+                allowed: check.allowed,
+                reason: check.reason,
+            });
+        }
+        if (!gateResult.allowed) {
+            const blockedNames = gateResult.blockedBy.map((b) => b.policyName).join(', ');
+            const reasons = gateResult.blockedBy.map((b) => `[${b.policyName}] ${b.reason}`).join('; ');
+            throw new PolicyViolationError(`Operation "${operation}" blocked by policies: ${blockedNames}. Reasons: ${reasons}`, gateResult.blockedBy);
+        }
+        // All gates passed - execute
+        const result = await executor();
+        return result;
+    }
+    /**
+     * Check policies without executing. Returns the gate result.
+     */
+    async checkPolicies(operation, args) {
+        const allPolicies = await this.memory.getAllPolicies();
+        const checks = [];
+        for (const policy of allPolicies) {
+            const check = this.evaluatePolicy(policy, operation, args);
+            checks.push(check);
+        }
+        const blockedBy = checks.filter((c) => !c.allowed && c.level === 'REQUIRED');
+        return {
+            allowed: blockedBy.length === 0,
+            checks,
+            blockedBy,
+        };
+    }
+    /**
+     * Evaluate a single policy against an operation.
+     * Parses the policy's rawMarkdown for rules and checks them.
+     */
+    evaluatePolicy(policy, operation, args) {
+        const rules = this.extractRules(policy.rawMarkdown);
+        const violations = [];
+        for (const rule of rules) {
+            const violation = this.checkRule(rule, operation, args);
+            if (violation) {
+                violations.push(violation);
+            }
+        }
+        return {
+            allowed: violations.length === 0,
+            policyId: policy.id,
+            policyName: policy.name,
+            level: policy.level,
+            reason: violations.length > 0 ? violations.join('; ') : `Passed all ${rules.length} rules`,
+        };
+    }
+    /**
+     * Check a single rule against an operation.
+     * Returns a violation message if the rule is violated, null otherwise.
+     */
+    checkRule(rule, operation, args) {
+        const opLower = operation.toLowerCase();
+        const argsStr = JSON.stringify(args).toLowerCase();
+        // Check if this rule is relevant to the operation
+        const isRelevant = rule.keywords.some((kw) => opLower.includes(kw) || argsStr.includes(kw));
+        if (!isRelevant)
+            return null;
+        // Check for anti-patterns
+        for (const antiPattern of rule.antiPatterns) {
+            if (opLower.includes(antiPattern) || argsStr.includes(antiPattern)) {
+                return `Rule "${rule.title}" violated: detected anti-pattern "${antiPattern}"`;
+            }
+        }
+        return null;
+    }
+    /**
+     * Extract structured rules from policy markdown.
+     */
+    extractRules(markdown) {
+        const rules = [];
+        // Match numbered rules with bold titles
+        const ruleRegex = /\d+\.\s+\*\*(.+?)\*\*[^]*?(?=\d+\.\s+\*\*|## |$)/g;
+        let match;
+        while ((match = ruleRegex.exec(markdown)) !== null) {
+            const title = match[1];
+            const body = match[0].toLowerCase();
+            // Extract keywords from the rule body
+            const keywords = [];
+            const antiPatterns = [];
+            // Common keyword patterns
+            if (body.includes('vision') || body.includes('image') || body.includes('visual')) {
+                keywords.push('image', 'vision', 'screenshot', 'view');
+            }
+            if (body.includes('count') || body.includes('measure')) {
+                keywords.push('count', 'measure', 'pixel');
+            }
+            if (body.includes('never') || body.includes('do not')) {
+                // Extract what should never be done
+                const neverMatch = body.match(/never\s+(?:use\s+)?(\w+(?:\s+\w+)?)/g);
+                if (neverMatch) {
+                    antiPatterns.push(...neverMatch.map((n) => n.replace(/^never\s+(?:use\s+)?/, '')));
+                }
+            }
+            if (body.includes('iterative') || body.includes('loop')) {
+                antiPatterns.push('iterative', 'loop', 'retry');
+            }
+            if (body.includes('one-shot') || body.includes('single pass')) {
+                antiPatterns.push('multiple_passes', 'retry_edit');
+            }
+            rules.push({ title, keywords, antiPatterns });
+        }
+        return rules;
+    }
+    /**
+     * Get the audit trail for a policy or all policies.
+     */
+    async getAuditTrail(policyId, limit = 50) {
+        return this.db.getExecutionLog(policyId, limit);
+    }
+}
+// Lazy singleton
+let _instance = null;
+export function getPolicyGate() {
+    if (!_instance) {
+        _instance = new PolicyGate();
+    }
+    return _instance;
+}
+//# sourceMappingURL=policy-gate.js.map

package/dist/policies/policy-gate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-gate.js","sourceRoot":"","sources":["../../src/policies/policy-gate.ts"],"names":[],"mappings":"AACA,OAAO,EAAuB,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AACjF,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAgBxD,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IACtC,MAAM,CAAsB;IACnC,YAAY,OAAe,EAAE,MAA2B;QACtD,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;QACnC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AAED;;;;;;;GAOG;AACH,MAAM,OAAO,UAAU;IACb,OAAO,GAA+B,IAAI,CAAC;IAC3C,GAAG,GAA2B,IAAI,CAAC;IAE3C,IAAY,MAAM;QAChB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,IAAI,CAAC,OAAO,GAAG,sBAAsB,EAAE,CAAC;QAC1C,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,IAAY,EAAE;QACZ,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YACd,IAAI,CAAC,GAAG,GAAG,IAAI,eAAe,EAAE,CAAC;QACnC,CAAC;QACD,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CACpB,SAAiB,EACjB,IAA6B,EAC7B,QAA0B;QAE1B,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAE7D,gCAAgC;QAChC,KAAK,MAAM,KAAK,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;YACtC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC;gBACnB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,QAAQ,EAAE,SAAS;gBACnB,SAAS;gBACT,IAAI;gBACJ,MAAM,EAAE,IAAI;gBACZ,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,MAAM,EAAE,KAAK,CAAC,MAAM;aACrB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;YACxB,MAAM,YAAY,GAAG,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9E,MAAM,OAAO,GAAG,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,UAAU,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5F,MAAM,IAAI,oBAAoB,CAC5B,cAAc,SAAS,0BAA0B,YAAY,cAAc,OAAO,EAAE,EACpF,UAAU,CAAC,SAAS,CACrB,CAAC;QACJ,CAAC;QAED,6BAA6B;QAC7B,MAAM,MAAM,GAAG,MAAM,QAAQ,EAAE,CAAC;QAEhC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,SAAiB,EAAE,IAA6B;QAClE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;QACvD,MAAM,MAAM,GAAwB,EAAE,CAAC;QAEvC,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;YAC3D,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,KAAK,KAAK,UAAU,CAAC,CAAC;QAE7E,OAAO;YACL,OAAO,EAAE,SAAS,CAAC,MAAM,KAAK,CAAC;YAC/B,MAAM;YACN,SAAS;SACV,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,cAAc,CACpB,MAAc,EACd,SAAiB,EACjB,IAA6B;QAE7B,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACpD,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;YACxD,IAAI,SAAS,EAAE,CAAC;gBACd,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,UAAU,CAAC,MAAM,KAAK,CAAC;YAChC,QAAQ,EAAE,MAAM,CAAC,EAAE;YACnB,UAAU,EAAE,MAAM,CAAC,IAAI;YACvB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,MAAM,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,cAAc,KAAK,CAAC,MAAM,QAAQ;SAC3F,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,SAAS,CACf,IAAmE,EACnE,SAAiB,EACjB,IAA6B;QAE7B,MAAM,OAAO,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;QACxC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAEnD,kDAAkD;QAClD,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;QAE5F,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC;QAE7B,0BAA0B;QAC1B,KAAK,MAAM,WAAW,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC5C,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACnE,OAAO,SAAS,IAAI,CAAC,KAAK,sCAAsC,WAAW,GAAG,CAAC;YACjF,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,YAAY,CAClB,QAAgB;QAEhB,MAAM,KAAK,GAAyE,EAAE,CAAC;QAEvF,wCAAwC;QACxC,MAAM,SAAS,GAAG,mDAAmD,CAAC;QACtE,IAAI,KAAK,CAAC;QAEV,OAAO,CAAC,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACnD,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACvB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;YAEpC,sCAAsC;YACtC,MAAM,QAAQ,GAAa,EAAE,CAAC;YAC9B,MAAM,YAAY,GAAa,EAAE,CAAC;YAElC,0BAA0B;YAC1B,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjF,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;YACzD,CAAC;YACD,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACvD,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;YAC7C,CAAC;YACD,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACtD,oCAAoC;gBACpC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;gBACtE,IAAI,UAAU,EAAE,CAAC;oBACf,YAAY,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,sBAAsB,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;gBACrF,CAAC;YACH,CAAC;YACD,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACxD,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;YAClD,CAAC;YACD,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBAC9D,YAAY,CAAC,IAAI,CAAC,iBAAiB,EAAE,YAAY,CAAC,CAAC;YACrD,CAAC;YAED,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC,CAAC;QAChD,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,QAAiB,EAAE,QAAgB,EAAE;QACvD,OAAO,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAClD,CAAC;CACF;AAED,iBAAiB;AACjB,IAAI,SAAS,GAAsB,IAAI,CAAC;AACxC,MAAM,UAAU,aAAa;IAC3B,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,SAAS,GAAG,IAAI,UAAU,EAAE,CAAC;IAC/B,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/policies/policy-memory.d.ts

@@ -0,0 +1,18 @@
+import { Policy } from './schemas/policy.js';
+export declare class PolicyMemoryManager {
+    private _db;
+    private get db();
+    storeRawPolicy(rawMarkdown: string, metadata?: Partial<Policy>): Promise<string>;
+    storeExecutablePolicy(policyId: string, pythonCode: string, toolName: string): Promise<void>;
+    getPolicy(id: string): Promise<Policy | null>;
+    getAllPolicies(): Promise<Policy[]>;
+    getRequiredPolicies(): Promise<Policy[]>;
+    getCategoriesPolicies(category: string): Promise<Policy[]>;
+    togglePolicy(id: string, active: boolean): Promise<void>;
+    searchByTags(tags: string[]): Promise<Policy[]>;
+    getRelevantPolicies(context: string, topK?: number): Promise<Policy[]>;
+    getExecutableToolCode(policyId: string, toolName: string): Promise<string | null>;
+    private extractPolicyName;
+}
+export declare function getPolicyMemoryManager(): PolicyMemoryManager;
+//# sourceMappingURL=policy-memory.d.ts.map

package/dist/policies/policy-memory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-memory.d.ts","sourceRoot":"","sources":["../../src/policies/policy-memory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAgB,MAAM,qBAAqB,CAAC;AAG3D,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,GAAG,CAAgC;IAE3C,OAAO,KAAK,EAAE,GAKb;IAEK,cAAc,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,GAAE,OAAO,CAAC,MAAM,CAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAsBpF,qBAAqB,CACzB,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC;IA8BV,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAM7C,cAAc,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAKnC,mBAAmB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAKxC,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAK1D,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAIxD,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAU/C,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,GAAE,MAAU,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAyBzE,qBAAqB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAKvF,OAAO,CAAC,iBAAiB;CAI1B;AAID,wBAAgB,sBAAsB,IAAI,mBAAmB,CAK5D"}