npm - @mondaydotcomorg/atp-provenance - Versions diffs - 0.19.7 → 0.19.8 - Mend

@mondaydotcomorg/atp-provenance 0.19.7 → 0.19.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/index.js CHANGED Viewed

@@ -1,12 +1,1910 @@
-export * from './types.js';
-export { createProvenanceProxy, getProvenance, hasProvenance, getAllProvenance, canRead, getProvenanceForPrimitive, markPrimitiveTainted, isPrimitiveTainted, setProvenanceExecutionId, clearProvenanceExecutionId, registerProvenanceMetadata, cleanupProvenanceForExecution, captureProvenanceState, restoreProvenanceState, captureProvenanceSnapshot, restoreProvenanceSnapshot, setGlobalProvenanceStore, hydrateProvenance, hydrateExecutionProvenance, } from './registry.js';
-export { issueProvenanceToken, verifyProvenanceToken, verifyProvenanceHints, computeDigest, stableStringify, getClientSecret, } from './tokens.js';
-export { SecurityPolicyEngine } from './policies/engine.js';
-export { preventDataExfiltration, preventDataExfiltrationWithApproval, requireUserOrigin, requireUserOriginWithApproval, blockLLMRecipients, blockLLMRecipientsWithApproval, auditSensitiveAccess, getBuiltInPolicies, getBuiltInPoliciesWithApproval, createCustomPolicy, } from './policies/engine.js';
-export { createDeclarativePolicy, loadDeclarativePolicies, } from './policies/declarative.js';
-export { DeclarativePolicyConfigSchema, PolicyConfigurationSchema, PolicyRuleSchema, ConditionSchema, OperatorSchema, PolicyActionSchema, } from './policies/schema.js';
-export { PolicyBuilder, RuleBuilder } from './policies/builder.js';
-export { DynamicPolicyRegistry } from './policies/dynamic.js';
-export { instrumentCode, createTrackingRuntime } from './ast/instrumentor.js';
-export { InMemoryProvenanceStore } from './store.js';
+import { nanoid } from 'nanoid';
+import { log } from '@mondaydotcomorg/atp-runtime';
+import crypto from 'crypto';
+import { z } from 'zod';
+import * as acorn from 'acorn';
+import * as walk from 'acorn-walk';
+import * as escodegen from 'escodegen';
+var __defProp = Object.defineProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+// src/types.ts
+var ProvenanceMode;
+(function(ProvenanceMode2) {
+  ProvenanceMode2["NONE"] = "none";
+  ProvenanceMode2["PROXY"] = "proxy";
+  ProvenanceMode2["AST"] = "ast";
+})(ProvenanceMode || (ProvenanceMode = {}));
+var ProvenanceSource;
+(function(ProvenanceSource2) {
+  ProvenanceSource2["USER"] = "user";
+  ProvenanceSource2["LLM"] = "llm";
+  ProvenanceSource2["TOOL"] = "tool";
+  ProvenanceSource2["SYSTEM"] = "system";
+})(ProvenanceSource || (ProvenanceSource = {}));
+var ProvenanceSecurityError = class extends Error {
+  static {
+    __name(this, "ProvenanceSecurityError");
+  }
+  policy;
+  toolName;
+  details;
+  constructor(message, policy, toolName, details) {
+    super(message);
+    this.policy = policy;
+    this.toolName = toolName;
+    this.details = details;
+    this.name = "ProvenanceSecurityError";
+  }
+};
+var MAX_VALUE_SIZE = 1024 * 1024;
+function stableStringify(value) {
+  try {
+    if (value === null || value === void 0) {
+      return String(value);
+    }
+    if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
+      return JSON.stringify(value);
+    }
+    if (typeof value === "function" || typeof value === "symbol") {
+      return null;
+    }
+    const seen = /* @__PURE__ */ new WeakSet();
+    const replacer = /* @__PURE__ */ __name((_key, val) => {
+      if (val !== null && typeof val === "object") {
+        if (seen.has(val)) {
+          return "[Circular]";
+        }
+        seen.add(val);
+        if (!Array.isArray(val)) {
+          const sorted = {};
+          const keys = Object.keys(val).sort();
+          for (const k of keys) {
+            sorted[k] = val[k];
+          }
+          return sorted;
+        }
+      }
+      return val;
+    }, "replacer");
+    const result = JSON.stringify(value, replacer);
+    if (result.length > MAX_VALUE_SIZE) {
+      return null;
+    }
+    return result;
+  } catch (error) {
+    return null;
+  }
+}
+__name(stableStringify, "stableStringify");
+function computeDigest(value) {
+  const serialized = stableStringify(value);
+  if (!serialized) {
+    return null;
+  }
+  return crypto.createHash("sha256").update(serialized).digest("base64url");
+}
+__name(computeDigest, "computeDigest");
+function getClientSecret(clientId) {
+  const secret = process.env.PROVENANCE_SECRET;
+  if (!secret) {
+    throw new Error("PROVENANCE_SECRET environment variable is required for provenance tracking. Generate a strong secret with: openssl rand -base64 32");
+  }
+  const secretBytes = Buffer.from(secret, "utf-8").length;
+  if (secretBytes < 32) {
+    throw new Error(`PROVENANCE_SECRET must be at least 32 bytes (currently ${secretBytes} bytes). Generate a strong secret with: openssl rand -base64 32`);
+  }
+  return secret;
+}
+__name(getClientSecret, "getClientSecret");
+function hmacSign(data, secret) {
+  return crypto.createHmac("sha256", secret).update(data).digest("base64url");
+}
+__name(hmacSign, "hmacSign");
+async function issueProvenanceToken(metadata, value, clientId, executionId, cacheProvider, ttl = 3600) {
+  const valueDigest = computeDigest(value);
+  if (!valueDigest) {
+    return null;
+  }
+  const metaId = nanoid();
+  const cacheKey = `prov:meta:${clientId}:${metaId}`;
+  try {
+    await cacheProvider.set(cacheKey, JSON.stringify(metadata), ttl);
+    if (typeof value === "string" || typeof value === "number") {
+      const valueKey = `prov:value:${clientId}:${valueDigest}`;
+      await cacheProvider.set(valueKey, JSON.stringify({
+        value: String(value),
+        metaId
+      }), ttl);
+    }
+  } catch (error) {
+    log.error("Failed to store provenance metadata in cache", {
+      error
+    });
+    return null;
+  }
+  const payload = {
+    v: 1,
+    clientId,
+    executionId,
+    createdAt: Date.now(),
+    expiresAt: Date.now() + ttl * 1e3,
+    valueDigest,
+    metaId
+  };
+  const payloadStr = JSON.stringify(payload);
+  const payloadB64 = Buffer.from(payloadStr).toString("base64url");
+  const secret = getClientSecret();
+  const signature = hmacSign(payloadB64, secret);
+  return `${payloadB64}.${signature}`;
+}
+__name(issueProvenanceToken, "issueProvenanceToken");
+async function verifyProvenanceToken(token, value, clientId, executionId, cacheProvider) {
+  try {
+    const parts = token.split(".");
+    if (parts.length !== 2) {
+      return null;
+    }
+    const [payloadB64, signature] = parts;
+    if (!payloadB64 || !signature) {
+      return null;
+    }
+    const secret = getClientSecret(clientId);
+    const expectedSig = hmacSign(payloadB64, secret);
+    try {
+      const sigBuf = Buffer.from(signature, "base64url");
+      const expectedBuf = Buffer.from(expectedSig, "base64url");
+      if (sigBuf.length !== expectedBuf.length || !crypto.timingSafeEqual(sigBuf, expectedBuf)) {
+        log.error("Token signature verification failed");
+        return null;
+      }
+    } catch (error) {
+      log.error("Token signature comparison error", {
+        error
+      });
+      return null;
+    }
+    const payloadStr = Buffer.from(payloadB64, "base64url").toString();
+    const payload = JSON.parse(payloadStr);
+    if (payload.v !== 1) {
+      log.error("Unsupported token version", {
+        version: payload.v
+      });
+      return null;
+    }
+    if (payload.clientId !== clientId) {
+      log.error("Token clientId mismatch", {
+        tokenClientId: payload.clientId,
+        expectedClientId: clientId
+      });
+      return null;
+    }
+    if (payload.executionId !== executionId) {
+      log.error("Token executionId mismatch", {
+        tokenExecutionId: payload.executionId,
+        expectedExecutionId: executionId
+      });
+      return null;
+    }
+    if (Date.now() > payload.expiresAt) {
+      log.warn("Token expired");
+      return null;
+    }
+    const valueDigest = computeDigest(value);
+    if (!valueDigest || valueDigest !== payload.valueDigest) {
+      log.warn("Token value digest mismatch (value may have been modified)");
+      return null;
+    }
+    const cacheKey = `prov:meta:${payload.clientId}:${payload.metaId}`;
+    const metaStr = await cacheProvider.get(cacheKey);
+    if (!metaStr || typeof metaStr !== "string") {
+      log.warn("Token metadata not found in cache (expired or evicted)");
+      return null;
+    }
+    const metadata = JSON.parse(metaStr);
+    return metadata;
+  } catch (error) {
+    log.error("Token verification error", {
+      error
+    });
+    return null;
+  }
+}
+__name(verifyProvenanceToken, "verifyProvenanceToken");
+async function verifyProvenanceHints(hints, clientId, executionId, cacheProvider, maxHints = 1e3) {
+  const map = /* @__PURE__ */ new Map();
+  const hintsToProcess = hints.slice(0, maxHints);
+  if (hints.length > maxHints) {
+    log.warn(`Capped provenance hints from ${hints.length} to ${maxHints}`);
+  }
+  const timeout = 100;
+  const promises = hintsToProcess.map(async (token) => {
+    try {
+      const parts = token.split(".");
+      if (parts.length !== 2) return;
+      const [payloadB64] = parts;
+      if (!payloadB64) return;
+      const payloadStr = Buffer.from(payloadB64, "base64url").toString();
+      const payload = JSON.parse(payloadStr);
+      const cacheKey = `prov:meta:${payload.clientId}:${payload.metaId}`;
+      const fetchPromise = cacheProvider.get(cacheKey);
+      const timeoutPromise = new Promise((resolve) => setTimeout(() => resolve(null), timeout));
+      const metaStr = await Promise.race([
+        fetchPromise,
+        timeoutPromise
+      ]);
+      if (metaStr && typeof metaStr === "string") {
+        const metadata = JSON.parse(metaStr);
+        map.set(payload.valueDigest, metadata);
+        const valueKey = `prov:value:${payload.clientId}:${payload.valueDigest}`;
+        const valueStr = await Promise.race([
+          cacheProvider.get(valueKey),
+          new Promise((resolve) => setTimeout(() => resolve(null), timeout))
+        ]);
+        if (valueStr && typeof valueStr === "string") {
+          try {
+            const { value } = JSON.parse(valueStr);
+            map.__valueMap = map.__valueMap || /* @__PURE__ */ new Map();
+            map.__valueMap.set(value, metadata);
+          } catch (e) {
+          }
+        }
+      }
+    } catch (error) {
+    }
+  });
+  await Promise.all(promises);
+  return map;
+}
+__name(verifyProvenanceHints, "verifyProvenanceHints");
+// src/store.ts
+var InMemoryProvenanceStore = class {
+  static {
+    __name(this, "InMemoryProvenanceStore");
+  }
+  registry = /* @__PURE__ */ new Map();
+  primitives = /* @__PURE__ */ new Map();
+  executionIds = /* @__PURE__ */ new Map();
+  executionPrimitives = /* @__PURE__ */ new Map();
+  async get(id) {
+    return this.registry.get(id) || null;
+  }
+  async getBatch(ids) {
+    const result = /* @__PURE__ */ new Map();
+    for (const id of ids) {
+      const meta = this.registry.get(id);
+      if (meta) {
+        result.set(id, meta);
+      }
+    }
+    return result;
+  }
+  async set(id, metadata, executionId) {
+    this.registry.set(id, metadata);
+    if (executionId) {
+      let ids = this.executionIds.get(executionId);
+      if (!ids) {
+        ids = /* @__PURE__ */ new Set();
+        this.executionIds.set(executionId, ids);
+      }
+      ids.add(id);
+    }
+  }
+  async getPrimitive(key) {
+    return this.primitives.get(key) || null;
+  }
+  async setPrimitive(key, metadata, executionId) {
+    this.primitives.set(key, metadata);
+    if (executionId) {
+      let keys = this.executionPrimitives.get(executionId);
+      if (!keys) {
+        keys = /* @__PURE__ */ new Set();
+        this.executionPrimitives.set(executionId, keys);
+      }
+      keys.add(key);
+    }
+  }
+  async cleanupExecution(executionId) {
+    const ids = this.executionIds.get(executionId);
+    if (ids) {
+      for (const id of ids) {
+        this.registry.delete(id);
+      }
+      this.executionIds.delete(executionId);
+    }
+    const primKeys = this.executionPrimitives.get(executionId);
+    if (primKeys) {
+      for (const key of primKeys) {
+        this.primitives.delete(key);
+      }
+      this.executionPrimitives.delete(executionId);
+    }
+  }
+  async getExecution(executionId) {
+    const result = /* @__PURE__ */ new Map();
+    const ids = this.executionIds.get(executionId);
+    if (ids) {
+      for (const id of ids) {
+        const meta = this.registry.get(id);
+        if (meta) {
+          result.set(id, meta);
+        }
+      }
+    }
+    return result;
+  }
+};
+// src/registry.ts
+var PROVENANCE_KEY = "__provenance__";
+var PROVENANCE_ID_KEY = "__prov_id__";
+var provenanceStore = /* @__PURE__ */ new WeakMap();
+var provenanceRegistry = /* @__PURE__ */ new Map();
+var executionProvenanceIds = /* @__PURE__ */ new Map();
+var currentExecutionId = null;
+var primitiveProvenanceMap = /* @__PURE__ */ new Map();
+var executionTaintedPrimitives = /* @__PURE__ */ new Map();
+var globalStore = new InMemoryProvenanceStore();
+function setGlobalProvenanceStore(store) {
+  globalStore = store;
+}
+__name(setGlobalProvenanceStore, "setGlobalProvenanceStore");
+function markPrimitiveTainted(value, sourceMetadata) {
+  if (typeof value !== "string" && typeof value !== "number") {
+    return;
+  }
+  if (currentExecutionId) {
+    const tainted = executionTaintedPrimitives.get(currentExecutionId);
+    if (tainted) {
+      tainted.add(value);
+    }
+  }
+  const key = `tainted:${String(value)}`;
+  primitiveProvenanceMap.set(key, sourceMetadata);
+  globalStore.setPrimitive(key, sourceMetadata, currentExecutionId || void 0).catch((err) => {
+    log.warn("Failed to save primitive taint to provenance store", {
+      error: err
+    });
+  });
+}
+__name(markPrimitiveTainted, "markPrimitiveTainted");
+function isPrimitiveTainted(value) {
+  if (typeof value !== "string" && typeof value !== "number") {
+    return false;
+  }
+  if (currentExecutionId) {
+    const tainted = executionTaintedPrimitives.get(currentExecutionId);
+    if (tainted && tainted.has(value)) {
+      return true;
+    }
+  }
+  return false;
+}
+__name(isPrimitiveTainted, "isPrimitiveTainted");
+function setProvenanceExecutionId(executionId) {
+  currentExecutionId = executionId;
+  if (!executionProvenanceIds.has(executionId)) {
+    executionProvenanceIds.set(executionId, /* @__PURE__ */ new Set());
+  }
+  if (!executionTaintedPrimitives.has(executionId)) {
+    executionTaintedPrimitives.set(executionId, /* @__PURE__ */ new Set());
+  }
+}
+__name(setProvenanceExecutionId, "setProvenanceExecutionId");
+function clearProvenanceExecutionId() {
+  currentExecutionId = null;
+}
+__name(clearProvenanceExecutionId, "clearProvenanceExecutionId");
+async function hydrateProvenance(ids) {
+  const batch = await globalStore.getBatch(ids);
+  for (const [id, metadata] of batch.entries()) {
+    provenanceRegistry.set(id, metadata);
+    if (currentExecutionId) {
+      let execIds = executionProvenanceIds.get(currentExecutionId);
+      if (!execIds) {
+        execIds = /* @__PURE__ */ new Set();
+        executionProvenanceIds.set(currentExecutionId, execIds);
+      }
+      execIds.add(id);
+    }
+  }
+}
+__name(hydrateProvenance, "hydrateProvenance");
+async function hydrateExecutionProvenance(executionId) {
+  const batch = await globalStore.getExecution(executionId);
+  for (const [id, metadata] of batch.entries()) {
+    provenanceRegistry.set(id, metadata);
+    if (currentExecutionId === executionId) {
+      let executionSet = executionProvenanceIds.get(executionId);
+      if (!executionSet) {
+        executionSet = /* @__PURE__ */ new Set();
+        executionProvenanceIds.set(executionId, executionSet);
+      }
+      executionSet.add(id);
+    }
+  }
+}
+__name(hydrateExecutionProvenance, "hydrateExecutionProvenance");
+function registerProvenanceMetadata(id, metadata, executionId) {
+  if (id.startsWith("tainted:") || id.includes(":")) {
+    primitiveProvenanceMap.set(id, metadata);
+    globalStore.setPrimitive(id, metadata, executionId).catch((err) => {
+      log.warn("Failed to save primitive provenance to store", {
+        error: err
+      });
+    });
+    if (id.startsWith("tainted:")) {
+      const value = id.slice("tainted:".length);
+      if (executionId) {
+        let tainted = executionTaintedPrimitives.get(executionId);
+        if (!tainted) {
+          tainted = /* @__PURE__ */ new Set();
+          executionTaintedPrimitives.set(executionId, tainted);
+        }
+        tainted.add(value);
+      }
+    }
+  } else {
+    provenanceRegistry.set(id, metadata);
+    globalStore.set(id, metadata, executionId).catch((err) => {
+      log.warn("Failed to save provenance to store", {
+        error: err
+      });
+    });
+  }
+  if (executionId) {
+    let ids = executionProvenanceIds.get(executionId);
+    if (!ids) {
+      ids = /* @__PURE__ */ new Set();
+      executionProvenanceIds.set(executionId, ids);
+    }
+    ids.add(id);
+  }
+}
+__name(registerProvenanceMetadata, "registerProvenanceMetadata");
+function cleanupProvenanceForExecution(executionId) {
+  const ids = executionProvenanceIds.get(executionId);
+  if (ids) {
+    for (const id of ids) {
+      provenanceRegistry.delete(id);
+      const keysToDelete = [];
+      for (const key of primitiveProvenanceMap.keys()) {
+        if (key.startsWith(`${id}:`) || key.startsWith("tainted:")) {
+          keysToDelete.push(key);
+        }
+      }
+      for (const key of keysToDelete) {
+        primitiveProvenanceMap.delete(key);
+      }
+    }
+    executionProvenanceIds.delete(executionId);
+  }
+  executionTaintedPrimitives.delete(executionId);
+  globalStore.cleanupExecution(executionId).catch((err) => {
+    log.warn("Failed to cleanup provenance store", {
+      error: err
+    });
+  });
+}
+__name(cleanupProvenanceForExecution, "cleanupProvenanceForExecution");
+function getProvenanceForPrimitive(value) {
+  if (typeof value !== "string" && typeof value !== "number") {
+    return null;
+  }
+  const valueStr = String(value);
+  if (isPrimitiveTainted(value)) {
+    const taintedKey2 = `tainted:${valueStr}`;
+    const metadata = primitiveProvenanceMap.get(taintedKey2);
+    if (metadata) {
+      return metadata;
+    }
+  }
+  const taintedKey = `tainted:${valueStr}`;
+  const taintedMetadata = primitiveProvenanceMap.get(taintedKey);
+  if (taintedMetadata) {
+    return taintedMetadata;
+  }
+  for (const [key, metadata] of primitiveProvenanceMap.entries()) {
+    const parts = key.split(":");
+    if (parts.length >= 3 && !key.startsWith("tainted:")) {
+      const primitiveValue = parts.slice(2).join(":");
+      if (primitiveValue === valueStr) {
+        return metadata;
+      }
+    }
+  }
+  const digest = computeDigest(value);
+  if (digest) {
+    const digestMetadata = provenanceRegistry.get(digest);
+    if (digestMetadata) {
+      return digestMetadata;
+    }
+  }
+  return null;
+}
+__name(getProvenanceForPrimitive, "getProvenanceForPrimitive");
+function captureProvenanceState(executionId) {
+  const state = /* @__PURE__ */ new Map();
+  const ids = executionProvenanceIds.get(executionId);
+  if (ids) {
+    for (const id of ids) {
+      const metadata = provenanceRegistry.get(id);
+      if (metadata) {
+        state.set(id, metadata);
+      }
+    }
+  }
+  return state;
+}
+__name(captureProvenanceState, "captureProvenanceState");
+function captureProvenanceSnapshot(executionId) {
+  const registryMap = captureProvenanceState(executionId);
+  const registry = Array.from(registryMap.entries());
+  const primitives = [];
+  const ids = executionProvenanceIds.get(executionId) || /* @__PURE__ */ new Set();
+  const tainted = executionTaintedPrimitives.get(executionId);
+  if (tainted) {
+    for (const value of tainted) {
+      const key = `tainted:${String(value)}`;
+      const meta = primitiveProvenanceMap.get(key);
+      if (meta) {
+        primitives.push([
+          key,
+          meta
+        ]);
+      }
+    }
+  }
+  for (const [key, meta] of primitiveProvenanceMap.entries()) {
+    if (key.startsWith("tainted:")) {
+      continue;
+    }
+    const [first] = key.split(":");
+    if (first && ids.has(first)) {
+      primitives.push([
+        key,
+        meta
+      ]);
+    }
+  }
+  return {
+    registry,
+    primitives
+  };
+}
+__name(captureProvenanceSnapshot, "captureProvenanceSnapshot");
+function restoreProvenanceState(executionId, state) {
+  setProvenanceExecutionId(executionId);
+  const ids = executionProvenanceIds.get(executionId);
+  for (const [id, metadata] of state) {
+    provenanceRegistry.set(id, metadata);
+    ids.add(id);
+    globalStore.set(id, metadata, executionId).catch((err) => {
+      log.error("Failed to save provenance to store", {
+        error: err
+      });
+    });
+  }
+}
+__name(restoreProvenanceState, "restoreProvenanceState");
+function restoreProvenanceSnapshot(executionId, snapshot) {
+  const registryMap = new Map(snapshot.registry);
+  restoreProvenanceState(executionId, registryMap);
+  for (const [key, meta] of snapshot.primitives) {
+    primitiveProvenanceMap.set(key, meta);
+    globalStore.setPrimitive(key, meta, executionId).catch((err) => {
+      log.error("Failed to save primitive provenance to store", {
+        error: err
+      });
+    });
+    if (key.startsWith("tainted:")) {
+      const value = key.slice("tainted:".length);
+      let set = executionTaintedPrimitives.get(executionId);
+      if (!set) {
+        set = /* @__PURE__ */ new Set();
+        executionTaintedPrimitives.set(executionId, set);
+      }
+      set.add(value);
+    }
+  }
+}
+__name(restoreProvenanceSnapshot, "restoreProvenanceSnapshot");
+function createProvenanceProxy(value, source, readers = {
+  type: "public"
+}, dependencies = []) {
+  if (value === null || value === void 0) {
+    return value;
+  }
+  if (typeof value !== "object" && typeof value !== "function") {
+    return value;
+  }
+  const id = nanoid();
+  const metadata = {
+    id,
+    source,
+    readers,
+    dependencies,
+    context: {}
+  };
+  provenanceRegistry.set(id, metadata);
+  if (currentExecutionId) {
+    const ids = executionProvenanceIds.get(currentExecutionId);
+    if (ids) {
+      ids.add(id);
+    }
+  }
+  globalStore.set(id, metadata, currentExecutionId || void 0).catch((err) => {
+    log.warn("Failed to persist provenance to store", {
+      error: err
+    });
+  });
+  try {
+    Object.defineProperty(value, PROVENANCE_ID_KEY, {
+      value: id,
+      writable: false,
+      enumerable: true,
+      configurable: true,
+      // @ts-ignore
+      __proto__: null
+    });
+  } catch (e) {
+    provenanceStore.set(value, metadata);
+  }
+  if (Array.isArray(value)) {
+    for (const item of value) {
+      if (typeof item === "object" && item !== null && !hasProvenance(item)) {
+        createProvenanceProxy(item, source, readers, [
+          id,
+          ...dependencies
+        ]);
+      }
+    }
+  } else if (typeof value === "object") {
+    for (const key in value) {
+      if (Object.prototype.hasOwnProperty.call(value, key) && key !== PROVENANCE_ID_KEY) {
+        const nestedValue = value[key];
+        if (typeof nestedValue === "object" && nestedValue !== null && !hasProvenance(nestedValue)) {
+          createProvenanceProxy(nestedValue, source, readers, [
+            id,
+            ...dependencies
+          ]);
+        } else if (typeof nestedValue === "string" || typeof nestedValue === "number") {
+          const primitiveKey = `${id}:${key}:${String(nestedValue)}`;
+          primitiveProvenanceMap.set(primitiveKey, metadata);
+          globalStore.setPrimitive(primitiveKey, metadata, currentExecutionId || void 0).catch((err) => {
+            log.error("Failed to save primitive provenance to store", {
+              error: err
+            });
+          });
+        }
+      }
+    }
+  }
+  return value;
+}
+__name(createProvenanceProxy, "createProvenanceProxy");
+function getProvenance(value) {
+  if (value === null || value === void 0) {
+    return null;
+  }
+  if (typeof value === "string" || typeof value === "number") {
+    const primitiveProvenance = getProvenanceForPrimitive(value);
+    if (primitiveProvenance) {
+      return primitiveProvenance;
+    }
+  }
+  if (typeof value === "object") {
+    const id = value[PROVENANCE_ID_KEY];
+    if (id && typeof id === "string") {
+      const metadata = provenanceRegistry.get(id);
+      if (metadata) {
+        return metadata;
+      }
+    }
+    if (PROVENANCE_KEY in value) {
+      return value[PROVENANCE_KEY];
+    }
+    const stored = provenanceStore.get(value);
+    if (stored) {
+      return stored;
+    }
+  }
+  return null;
+}
+__name(getProvenance, "getProvenance");
+function hasProvenance(value) {
+  return getProvenance(value) !== null;
+}
+__name(hasProvenance, "hasProvenance");
+function getAllProvenance(value, visited = /* @__PURE__ */ new Set()) {
+  if (value === null || value === void 0 || typeof value !== "object") {
+    return [];
+  }
+  if (visited.has(value)) {
+    return [];
+  }
+  visited.add(value);
+  const results = [];
+  const metadata = getProvenance(value);
+  if (metadata) {
+    results.push(metadata);
+  }
+  if (Array.isArray(value)) {
+    for (const item of value) {
+      results.push(...getAllProvenance(item, visited));
+    }
+  } else if (typeof value === "object") {
+    for (const key in value) {
+      if (key !== PROVENANCE_KEY && key !== PROVENANCE_ID_KEY && Object.prototype.hasOwnProperty.call(value, key)) {
+        results.push(...getAllProvenance(value[key], visited));
+      }
+    }
+  }
+  return results;
+}
+__name(getAllProvenance, "getAllProvenance");
+function canRead(reader, permissions) {
+  if (permissions.type === "public") {
+    return true;
+  }
+  return permissions.readers.includes(reader);
+}
+__name(canRead, "canRead");
+// src/policies/engine.ts
+var SecurityPolicyEngine = class {
+  static {
+    __name(this, "SecurityPolicyEngine");
+  }
+  policies;
+  logger;
+  approvalCallback;
+  customGetProvenance;
+  constructor(policies, logger, customGetProvenance) {
+    this.policies = policies;
+    this.logger = logger;
+    this.customGetProvenance = customGetProvenance;
+  }
+  /**
+  * Set a custom getProvenance function (e.g., for AST mode)
+  */
+  setGetProvenance(fn) {
+    this.customGetProvenance = fn;
+  }
+  /**
+  * Set approval callback for policies that return action='approve'
+  */
+  setApprovalCallback(callback) {
+    this.approvalCallback = callback;
+  }
+  async checkTool(toolName, apiGroup, args) {
+    this.logger.debug("Checking security policies", {
+      toolName,
+      apiGroup,
+      policyCount: this.policies.length
+    });
+    const getProvenanceFn = this.customGetProvenance || getProvenance;
+    for (const policy of this.policies) {
+      const result = await policy.check(toolName, args, getProvenanceFn);
+      const action = this.normalizeAction(result);
+      if (action === "block") {
+        this.logger.warn("Security policy blocked tool execution", {
+          toolName,
+          apiGroup,
+          policy: policy.name,
+          reason: result.reason
+        });
+        throw new ProvenanceSecurityError(result.reason || `Policy ${policy.name} denied execution`, policy.name, toolName, {
+          apiGroup,
+          args: this.sanitizeArgs(args),
+          context: result.context
+        });
+      }
+      if (action === "approve") {
+        this.logger.info("Security policy requires approval", {
+          toolName,
+          apiGroup,
+          policy: policy.name,
+          reason: result.reason
+        });
+        const approved = await this.requestApproval(toolName, apiGroup, policy.name, result);
+        if (!approved) {
+          this.logger.warn("Security policy approval denied", {
+            toolName,
+            apiGroup,
+            policy: policy.name
+          });
+          throw new ProvenanceSecurityError(`Approval denied: ${result.reason || "Operation requires approval"}`, policy.name, toolName, {
+            apiGroup,
+            args: this.sanitizeArgs(args),
+            approvalDenied: true
+          });
+        }
+        this.logger.info("Security policy approval granted", {
+          toolName,
+          apiGroup,
+          policy: policy.name
+        });
+      }
+      if (action === "log") {
+        this.logger.warn("Security policy audit event", {
+          toolName,
+          apiGroup,
+          policy: policy.name,
+          reason: result.reason,
+          context: result.context,
+          args: this.sanitizeArgs(args)
+        });
+      }
+    }
+    this.logger.debug("All security policies passed", {
+      toolName,
+      apiGroup
+    });
+  }
+  normalizeAction(result) {
+    if (result.action) {
+      return result.action;
+    }
+    if (result.allowed !== void 0) {
+      return result.allowed ? "log" : "block";
+    }
+    return "log";
+  }
+  async requestApproval(toolName, apiGroup, policyName, result) {
+    if (!this.approvalCallback) {
+      this.logger.error("Approval required but no callback configured", {
+        toolName,
+        policy: policyName
+      });
+      throw new ProvenanceSecurityError("Approval required but approval handler not configured", policyName, toolName, {
+        requiresApproval: true
+      });
+    }
+    const message = result.reason || `Policy ${policyName} requires approval for ${toolName}`;
+    const context = {
+      toolName,
+      apiGroup,
+      policy: policyName,
+      ...result.context || {}
+    };
+    try {
+      return await this.approvalCallback(message, context);
+    } catch (error) {
+      this.logger.error("Approval request failed", {
+        error,
+        toolName,
+        policy: policyName
+      });
+      return false;
+    }
+  }
+  sanitizeArgs(args) {
+    const sanitized = {};
+    for (const [key, value] of Object.entries(args)) {
+      if (typeof value === "string" && value.length > 100) {
+        sanitized[key] = value.substring(0, 100) + "...";
+      } else if (typeof value === "object") {
+        sanitized[key] = "[object]";
+      } else {
+        sanitized[key] = value;
+      }
+    }
+    return sanitized;
+  }
+};
+function getAllProvenanceFromArgs(args, getProvenance2) {
+  const allProvenance = [];
+  const visited = /* @__PURE__ */ new Set();
+  function scan(value) {
+    if (value === null || value === void 0) return;
+    if (typeof value === "string" || typeof value === "number") {
+      try {
+        const primitiveProv = getProvenance2(value);
+        if (primitiveProv) {
+          allProvenance.push(primitiveProv);
+        }
+      } catch (error) {
+      }
+      return;
+    }
+    if (typeof value !== "object") return;
+    if (visited.has(value)) return;
+    visited.add(value);
+    const provenance = getProvenance2(value);
+    if (provenance) {
+      allProvenance.push(provenance);
+    }
+    if (Array.isArray(value)) {
+      for (const item of value) {
+        scan(item);
+      }
+    } else {
+      for (const key in value) {
+        if (Object.prototype.hasOwnProperty.call(value, key)) {
+          scan(value[key]);
+        }
+      }
+    }
+  }
+  __name(scan, "scan");
+  for (const key in args) {
+    if (Object.prototype.hasOwnProperty.call(args, key)) {
+      scan(args[key]);
+    }
+  }
+  return allProvenance;
+}
+__name(getAllProvenanceFromArgs, "getAllProvenanceFromArgs");
+var preventDataExfiltration = {
+  name: "prevent-data-exfiltration",
+  description: "Prevents sending data to recipients who cannot read it",
+  check: /* @__PURE__ */ __name((toolName, args, getProvenance2) => {
+    const recipientKeys = [
+      "to",
+      "recipient",
+      "recipients",
+      "email",
+      "address"
+    ];
+    let recipient = null;
+    for (const key of recipientKeys) {
+      if (args[key] && typeof args[key] === "string") {
+        recipient = args[key];
+        break;
+      }
+    }
+    if (!recipient) {
+      return {
+        action: "log"
+      };
+    }
+    const allProvenance = getAllProvenanceFromArgs(args, getProvenance2);
+    for (const metadata of allProvenance) {
+      if (metadata.source.type === ProvenanceSource.TOOL) {
+        if (metadata.readers.type === "restricted") {
+          if (!canRead(recipient, metadata.readers)) {
+            return {
+              action: "block",
+              reason: `Recipient "${recipient}" cannot read data from ${metadata.source.toolName}. Authorized readers: ${metadata.readers.readers.join(", ")}`,
+              policy: "prevent-data-exfiltration",
+              context: {
+                recipient,
+                toolSource: metadata.source.toolName,
+                authorizedReaders: metadata.readers.readers
+              }
+            };
+          }
+        }
+      }
+    }
+    return {
+      action: "log"
+    };
+  }, "check")
+};
+var preventDataExfiltrationWithApproval = {
+  name: "prevent-data-exfiltration-approval",
+  description: "Requires approval for sending data to recipients who cannot read it",
+  check: /* @__PURE__ */ __name((toolName, args, getProvenance2) => {
+    const recipientKeys = [
+      "to",
+      "recipient",
+      "recipients",
+      "email",
+      "address"
+    ];
+    let recipient = null;
+    for (const key of recipientKeys) {
+      if (args[key] && typeof args[key] === "string") {
+        recipient = args[key];
+        break;
+      }
+    }
+    if (!recipient) {
+      return {
+        action: "log"
+      };
+    }
+    const allProvenance = getAllProvenanceFromArgs(args, getProvenance2);
+    for (const metadata of allProvenance) {
+      if (metadata.source.type === ProvenanceSource.TOOL) {
+        if (metadata.readers.type === "restricted") {
+          if (!canRead(recipient, metadata.readers)) {
+            return {
+              action: "approve",
+              reason: `Sending data from ${metadata.source.toolName} to "${recipient}" (not in authorized readers)`,
+              policy: "prevent-data-exfiltration-approval",
+              context: {
+                recipient,
+                toolSource: metadata.source.toolName,
+                authorizedReaders: metadata.readers.readers,
+                sensitiveFields: Object.keys(args).filter((k) => args[k] !== null)
+              }
+            };
+          }
+        }
+      }
+    }
+    return {
+      action: "log"
+    };
+  }, "check")
+};
+var requireUserOrigin = {
+  name: "require-user-origin",
+  description: "Requires critical parameters to come directly from user input",
+  check: /* @__PURE__ */ __name((toolName, args, getProvenance2) => {
+    const criticalTools = [
+      "deleteDatabase",
+      "dropTable",
+      "executeSQL",
+      "sendMoney",
+      "transfer"
+    ];
+    if (!criticalTools.some((t) => toolName.toLowerCase().includes(t.toLowerCase()))) {
+      return {
+        action: "log"
+      };
+    }
+    for (const [key, value] of Object.entries(args)) {
+      const allProvenance = getAllProvenance(value);
+      for (const metadata of allProvenance) {
+        if (metadata.source.type !== ProvenanceSource.USER && metadata.source.type !== ProvenanceSource.SYSTEM) {
+          return {
+            action: "block",
+            reason: `Critical tool "${toolName}" parameter "${key}" must come from user input, but came from ${metadata.source.type}`,
+            policy: "require-user-origin",
+            context: {
+              toolName,
+              parameterKey: key,
+              actualSource: metadata.source.type
+            }
+          };
+        }
+      }
+    }
+    return {
+      action: "log"
+    };
+  }, "check")
+};
+var requireUserOriginWithApproval = {
+  name: "require-user-origin-approval",
+  description: "Requires approval for critical operations with non-user data",
+  check: /* @__PURE__ */ __name((toolName, args, getProvenance2) => {
+    const criticalTools = [
+      "deleteDatabase",
+      "dropTable",
+      "executeSQL",
+      "sendMoney",
+      "transfer"
+    ];
+    if (!criticalTools.some((t) => toolName.toLowerCase().includes(t.toLowerCase()))) {
+      return {
+        action: "log"
+      };
+    }
+    for (const [key, value] of Object.entries(args)) {
+      const allProvenance = getAllProvenance(value);
+      for (const metadata of allProvenance) {
+        if (metadata.source.type !== ProvenanceSource.USER && metadata.source.type !== ProvenanceSource.SYSTEM) {
+          return {
+            action: "approve",
+            reason: `Critical operation "${toolName}" with parameter "${key}" from ${metadata.source.type} source`,
+            policy: "require-user-origin-approval",
+            context: {
+              toolName,
+              parameterKey: key,
+              actualSource: metadata.source.type,
+              value: String(value).substring(0, 100)
+            }
+          };
+        }
+      }
+    }
+    return {
+      action: "log"
+    };
+  }, "check")
+};
+var blockLLMRecipients = {
+  name: "block-llm-recipients",
+  description: "Blocks sending data to LLM-extracted email addresses",
+  check: /* @__PURE__ */ __name((toolName, args, getProvenance2) => {
+    const recipientKeys = [
+      "to",
+      "recipient",
+      "recipients",
+      "email"
+    ];
+    for (const key of recipientKeys) {
+      if (!args[key]) continue;
+      const metadata = getProvenance2(args[key]);
+      if (metadata && metadata.source.type === ProvenanceSource.LLM) {
+        return {
+          action: "block",
+          reason: `Cannot send to LLM-extracted recipient in parameter "${key}". Recipients must come from user input or trusted sources.`,
+          policy: "block-llm-recipients",
+          context: {
+            parameterKey: key,
+            recipientValue: String(args[key]).substring(0, 50)
+          }
+        };
+      }
+    }
+    return {
+      action: "log"
+    };
+  }, "check")
+};
+var blockLLMRecipientsWithApproval = {
+  name: "block-llm-recipients-approval",
+  description: "Requires approval for sending to LLM-extracted email addresses",
+  check: /* @__PURE__ */ __name((toolName, args, getProvenance2) => {
+    const recipientKeys = [
+      "to",
+      "recipient",
+      "recipients",
+      "email"
+    ];
+    for (const key of recipientKeys) {
+      if (!args[key]) continue;
+      const metadata = getProvenance2(args[key]);
+      if (metadata && metadata.source.type === ProvenanceSource.LLM) {
+        return {
+          action: "approve",
+          reason: `Sending to LLM-extracted recipient "${args[key]}" in parameter "${key}"`,
+          policy: "block-llm-recipients-approval",
+          context: {
+            parameterKey: key,
+            recipientValue: String(args[key]),
+            llmOperation: metadata.source.operation
+          }
+        };
+      }
+    }
+    return {
+      action: "log"
+    };
+  }, "check")
+};
+var auditSensitiveAccess = {
+  name: "audit-sensitive-access",
+  description: "Logs access to sensitive data (does not block)",
+  check: /* @__PURE__ */ __name((toolName, args, getProvenance2) => {
+    const sensitiveTools = [
+      "getPassword",
+      "getCreditCard",
+      "getSSN",
+      "getBankAccount"
+    ];
+    if (sensitiveTools.some((t) => toolName.toLowerCase().includes(t.toLowerCase()))) {
+      const allProvenance = getAllProvenance(args);
+      return {
+        action: "log",
+        reason: `Sensitive data accessed via ${toolName}`,
+        policy: "audit-sensitive-access",
+        context: {
+          toolName,
+          provenanceChain: allProvenance.map((p) => ({
+            source: p.source,
+            id: p.id
+          }))
+        }
+      };
+    }
+    return {
+      action: "log"
+    };
+  }, "check")
+};
+function createCustomPolicy(name, description, checkFn) {
+  return {
+    name,
+    description,
+    check: checkFn
+  };
+}
+__name(createCustomPolicy, "createCustomPolicy");
+function getBuiltInPolicies() {
+  return [
+    preventDataExfiltration,
+    requireUserOrigin,
+    blockLLMRecipients,
+    auditSensitiveAccess
+  ];
+}
+__name(getBuiltInPolicies, "getBuiltInPolicies");
+function getBuiltInPoliciesWithApproval() {
+  return [
+    preventDataExfiltrationWithApproval,
+    requireUserOriginWithApproval,
+    blockLLMRecipientsWithApproval,
+    auditSensitiveAccess
+  ];
+}
+__name(getBuiltInPoliciesWithApproval, "getBuiltInPoliciesWithApproval");
+// src/policies/declarative.ts
+function resolveValue(path, args, getProvenance2) {
+  const parts = path.split(".");
+  const root = parts.shift();
+  if (root === "args") {
+    let current = args;
+    for (const part of parts) {
+      if (current === null || current === void 0) {
+        return void 0;
+      }
+      current = current[part];
+    }
+    return current;
+  }
+  if (root === "provenance" && parts[0] === "args") {
+    parts.shift();
+    const argName = parts.shift();
+    if (!argName) return void 0;
+    const argValue = args[argName];
+    let remainingParts = [
+      ...parts
+    ];
+    const metadataKeys = [
+      "source",
+      "readers",
+      "dependencies",
+      "id",
+      "context"
+    ];
+    let splitIndex = -1;
+    for (let i = 0; i < remainingParts.length; i++) {
+      if (metadataKeys.includes(remainingParts[i])) {
+        splitIndex = i;
+        break;
+      }
+    }
+    if (splitIndex === -1) {
+      return void 0;
+    }
+    let valuePath = remainingParts.slice(0, splitIndex);
+    let metaPath = remainingParts.slice(splitIndex);
+    let currentVal = argValue;
+    for (const part of valuePath) {
+      if (currentVal === null || currentVal === void 0) return void 0;
+      currentVal = currentVal[part];
+    }
+    const metadata = getProvenance2(currentVal);
+    if (!metadata) return void 0;
+    let currentMeta = metadata;
+    for (const part of metaPath) {
+      if (currentMeta === null || currentMeta === void 0) return void 0;
+      currentMeta = currentMeta[part];
+    }
+    return currentMeta;
+  }
+  return void 0;
+}
+__name(resolveValue, "resolveValue");
+function evaluateCondition(actual, operator, expected) {
+  switch (operator) {
+    case "equals":
+      return actual === expected;
+    case "notEquals":
+      return actual !== expected;
+    case "contains":
+      return Array.isArray(actual) || typeof actual === "string" ? actual.includes(expected) : false;
+    case "notContains":
+      return Array.isArray(actual) || typeof actual === "string" ? !actual.includes(expected) : true;
+    case "startsWith":
+      return typeof actual === "string" ? actual.startsWith(expected) : false;
+    case "notStartsWith":
+      return typeof actual === "string" ? !actual.startsWith(expected) : true;
+    case "endsWith":
+      return typeof actual === "string" ? actual.endsWith(expected) : false;
+    case "notEndsWith":
+      return typeof actual === "string" ? !actual.endsWith(expected) : true;
+    case "matches":
+      if (typeof actual === "string") {
+        return new RegExp(expected).test(actual);
+      }
+      if (typeof actual === "number" && typeof expected === "string") {
+        const match = expected.match(/^([<>]=?|==|!=)(\d+(?:\.\d+)?)$/);
+        if (match) {
+          const [, op, value] = match;
+          const numValue = parseFloat(value);
+          switch (op) {
+            case ">":
+              return actual > numValue;
+            case ">=":
+              return actual >= numValue;
+            case "<":
+              return actual < numValue;
+            case "<=":
+              return actual <= numValue;
+            case "==":
+              return actual === numValue;
+            case "!=":
+              return actual !== numValue;
+          }
+        }
+      }
+      return false;
+    case "in":
+      return Array.isArray(expected) ? expected.includes(actual) : false;
+    case "notIn":
+      return Array.isArray(expected) ? !expected.includes(actual) : true;
+    default:
+      return false;
+  }
+}
+__name(evaluateCondition, "evaluateCondition");
+function createDeclarativePolicy(config) {
+  return {
+    name: config.id,
+    description: config.description,
+    check: /* @__PURE__ */ __name(async (toolName, args, getProvenance2) => {
+      if (config.scope.toolName) {
+        const toolRegex = new RegExp(`^${config.scope.toolName}$`);
+        if (!toolRegex.test(toolName)) {
+          return {
+            action: "log"
+          };
+        }
+      }
+      if (config.scope.apiGroup) {
+        const extractedGroup = toolName.split(".")[0] || "";
+        const groupRegex = new RegExp(`^${config.scope.apiGroup}$`);
+        if (!groupRegex.test(extractedGroup)) {
+          return {
+            action: "log"
+          };
+        }
+      }
+      for (const rule of config.rules) {
+        const allMatch = rule.conditions.every((condition) => {
+          const actualValue = resolveValue(condition.field, args, getProvenance2);
+          return evaluateCondition(actualValue, condition.operator, condition.value);
+        });
+        if (allMatch) {
+          return {
+            action: rule.action,
+            reason: rule.reason || `Matched rule ${rule.id || "unknown"} in policy ${config.id}`,
+            policy: config.id,
+            context: {
+              ruleId: rule.id,
+              conditions: rule.conditions
+            }
+          };
+        }
+      }
+      return {
+        action: "log"
+      };
+    }, "check")
+  };
+}
+__name(createDeclarativePolicy, "createDeclarativePolicy");
+function loadDeclarativePolicies(config) {
+  if (Array.isArray(config)) {
+    return config.map(createDeclarativePolicy);
+  }
+  return config.policies.map(createDeclarativePolicy);
+}
+__name(loadDeclarativePolicies, "loadDeclarativePolicies");
+var OperatorSchema = z.enum([
+  "equals",
+  "notEquals",
+  "contains",
+  "notContains",
+  "startsWith",
+  "notStartsWith",
+  "endsWith",
+  "notEndsWith",
+  "matches",
+  "in",
+  "notIn"
+]);
+var ConditionSchema = z.object({
+  field: z.string().describe("Field to check (e.g. args.paramName, provenance.args.param.source.type)"),
+  operator: OperatorSchema,
+  value: z.any().describe("Value to compare against")
+});
+var PolicyActionSchema = z.enum([
+  "log",
+  "approve",
+  "block"
+]);
+var PolicyRuleSchema = z.object({
+  id: z.string().optional(),
+  action: PolicyActionSchema,
+  conditions: z.array(ConditionSchema).describe("All conditions must match (implicit AND)"),
+  reason: z.string().optional()
+});
+var DeclarativePolicyConfigSchema = z.object({
+  id: z.string(),
+  description: z.string().optional(),
+  scope: z.object({
+    toolName: z.string().optional().describe("Regex pattern or exact match for tool name"),
+    apiGroup: z.string().optional().describe("Regex pattern or exact match for API group")
+  }),
+  rules: z.array(PolicyRuleSchema).describe("Rules are evaluated in order. First match wins.")
+});
+var PolicyConfigurationSchema = z.object({
+  version: z.string(),
+  policies: z.array(DeclarativePolicyConfigSchema)
+});
+// src/policies/builder.ts
+var RuleBuilder = class {
+  static {
+    __name(this, "RuleBuilder");
+  }
+  rule = {
+    action: "log",
+    conditions: []
+  };
+  constructor(action = "log") {
+    this.rule.action = action;
+  }
+  action(action) {
+    this.rule.action = action;
+    return this;
+  }
+  id(id) {
+    this.rule.id = id;
+    return this;
+  }
+  reason(reason) {
+    this.rule.reason = reason;
+    return this;
+  }
+  condition(field, operator, value) {
+    this.rule.conditions.push({
+      field,
+      operator,
+      value
+    });
+    return this;
+  }
+  build() {
+    return this.rule;
+  }
+};
+var PolicyBuilder = class {
+  static {
+    __name(this, "PolicyBuilder");
+  }
+  config;
+  constructor(id) {
+    this.config = {
+      id,
+      scope: {},
+      rules: []
+    };
+  }
+  description(desc) {
+    this.config.description = desc;
+    return this;
+  }
+  scopeTool(toolNamePattern) {
+    this.config.scope.toolName = toolNamePattern;
+    return this;
+  }
+  scopeApiGroup(apiGroupPattern) {
+    this.config.scope.apiGroup = apiGroupPattern;
+    return this;
+  }
+  /**
+  * Add a rule using a builder callback
+  * @example
+  * .addRule(r => r.action('block').condition('args.amount', 'matches', '>1000'))
+  */
+  addRule(buildFn) {
+    const builder = new RuleBuilder();
+    this.config.rules.push(buildFn(builder).build());
+    return this;
+  }
+  /**
+  * Add a fully formed rule object
+  */
+  addRuleObject(rule) {
+    this.config.rules.push(rule);
+    return this;
+  }
+  build() {
+    return this.config;
+  }
+};
+// src/policies/dynamic.ts
+var DynamicPolicyRegistry = class {
+  static {
+    __name(this, "DynamicPolicyRegistry");
+  }
+  name = "dynamic-policy-registry";
+  description = "Container for dynamically managed security policies";
+  policies = /* @__PURE__ */ new Map();
+  constructor(initialPolicies = []) {
+    for (const policy of initialPolicies) {
+      this.policies.set(policy.name, policy);
+    }
+  }
+  /**
+  * Add or update a policy
+  */
+  addPolicy(policy) {
+    this.policies.set(policy.name, policy);
+  }
+  /**
+  * Remove a policy by name
+  */
+  removePolicy(name) {
+    this.policies.delete(name);
+  }
+  /**
+  * clear all policies
+  */
+  clear() {
+    this.policies.clear();
+  }
+  /**
+  * Load policies from declarative configurations (JSON)
+  * This is useful for loading policies saved from a UI
+  */
+  loadFromConfigs(configs, replace = false) {
+    if (replace) {
+      this.policies.clear();
+    }
+    for (const config of configs) {
+      const policy = createDeclarativePolicy(config);
+      this.policies.set(policy.name, policy);
+    }
+  }
+  /**
+  * Get all registered policies
+  */
+  getPolicies() {
+    return Array.from(this.policies.values());
+  }
+  /**
+  * Implementation of the SecurityPolicy check interface.
+  * Delegates to all registered policies.
+  */
+  async check(toolName, args, getProvenance2) {
+    let requiresApproval = null;
+    for (const policy of this.policies.values()) {
+      const result = await policy.check(toolName, args, getProvenance2);
+      if (result.action === "block") {
+        return result;
+      }
+      if (result.action === "approve") {
+        if (!requiresApproval) {
+          requiresApproval = result;
+        }
+      }
+    }
+    if (requiresApproval) {
+      return requiresApproval;
+    }
+    return {
+      action: "log"
+    };
+  }
+};
+function instrumentCode(code) {
+  const wrappedCode = `(async function() {
+${code}
+})`;
+  const ast = acorn.parse(wrappedCode, {
+    ecmaVersion: 2022,
+    sourceType: "script"
+  });
+  const context = {
+    trackingCalls: 0
+  };
+  walk.simple(ast, {
+    BinaryExpression(node) {
+      wrapBinaryExpression(node, context);
+    },
+    AssignmentExpression(node) {
+      wrapAssignment(node, context);
+    },
+    CallExpression(node) {
+      if (node.callee.type === "MemberExpression") {
+        wrapMethodCall(node, context);
+      }
+    },
+    TemplateLiteral(node) {
+      wrapTemplateLiteral(node, context);
+    }
+  });
+  let instrumentedCode = escodegen.generate(ast);
+  if (instrumentedCode.endsWith(");")) {
+    instrumentedCode = instrumentedCode.slice(0, -1);
+  }
+  return {
+    code: instrumentedCode,
+    metadata: {
+      trackingCalls: context.trackingCalls
+    }
+  };
+}
+__name(instrumentCode, "instrumentCode");
+function wrapBinaryExpression(node, context) {
+  context.trackingCalls++;
+  const originalNode = {
+    ...node
+  };
+  node.type = "CallExpression";
+  node.callee = {
+    type: "Identifier",
+    name: "__track_binary"
+  };
+  node.arguments = [
+    originalNode.left,
+    originalNode.right,
+    {
+      type: "Literal",
+      value: originalNode.operator
+    }
+  ];
+}
+__name(wrapBinaryExpression, "wrapBinaryExpression");
+function wrapAssignment(node, context) {
+  context.trackingCalls++;
+  const originalRight = node.right;
+  node.right = {
+    type: "CallExpression",
+    callee: {
+      type: "Identifier",
+      name: "__track_assign"
+    },
+    arguments: [
+      {
+        type: "Literal",
+        value: node.left.type === "Identifier" ? node.left.name : "unknown"
+      },
+      originalRight
+    ]
+  };
+}
+__name(wrapAssignment, "wrapAssignment");
+function wrapMethodCall(node, context) {
+  const obj = node.callee.object;
+  const isAPICall = obj.type === "Identifier" && (obj.name === "api" || obj.name === "atp") || obj.type === "MemberExpression" && isAPIObject(obj);
+  if (!isAPICall) {
+    return;
+  }
+  context.trackingCalls++;
+  const originalNode = {
+    ...node
+  };
+  node.type = "CallExpression";
+  node.callee = {
+    type: "Identifier",
+    name: "__track_method"
+  };
+  node.arguments = [
+    originalNode.callee.object,
+    {
+      type: "Literal",
+      value: originalNode.callee.property.name || originalNode.callee.property.value
+    },
+    {
+      type: "ArrayExpression",
+      elements: originalNode.arguments
+    }
+  ];
+}
+__name(wrapMethodCall, "wrapMethodCall");
+function isAPIObject(node) {
+  if (node.type === "Identifier") {
+    return node.name === "api" || node.name === "atp";
+  }
+  if (node.type === "MemberExpression") {
+    return isAPIObject(node.object);
+  }
+  return false;
+}
+__name(isAPIObject, "isAPIObject");
+function wrapTemplateLiteral(node, context) {
+  context.trackingCalls++;
+  const originalNode = {
+    ...node
+  };
+  node.type = "CallExpression";
+  node.callee = {
+    type: "Identifier",
+    name: "__track_template"
+  };
+  node.arguments = [
+    {
+      type: "ArrayExpression",
+      elements: originalNode.expressions || []
+    },
+    {
+      type: "ArrayExpression",
+      elements: (originalNode.quasis || []).map((quasi) => ({
+        type: "Literal",
+        value: quasi.value.cooked || quasi.value.raw
+      }))
+    }
+  ];
+}
+__name(wrapTemplateLiteral, "wrapTemplateLiteral");
+var ASTProvenanceTracker = class {
+  static {
+    __name(this, "ASTProvenanceTracker");
+  }
+  metadata = /* @__PURE__ */ new Map();
+  valueToId = /* @__PURE__ */ new WeakMap();
+  nextId = 0;
+  getId(value) {
+    if (typeof value === "object" && value !== null) {
+      const existing = this.valueToId.get(value);
+      if (existing) return existing;
+      const id = `tracked_${this.nextId++}`;
+      this.valueToId.set(value, id);
+      return id;
+    }
+    return `primitive_${nanoid()}`;
+  }
+  track(value, source, dependencies = []) {
+    if (value === null || value === void 0) {
+      return value;
+    }
+    const id = this.getId(value);
+    if (!this.metadata.has(id)) {
+      this.metadata.set(id, {
+        id,
+        source,
+        readers: {
+          type: "public"
+        },
+        dependencies
+      });
+    }
+    return value;
+  }
+  trackBinary(left, right, operator) {
+    const leftId = this.getId(left);
+    const rightId = this.getId(right);
+    const leftProv = getProvenance(left) || getProvenanceForPrimitive(left);
+    const rightProv = getProvenance(right) || getProvenanceForPrimitive(right);
+    const toolMetadata = leftProv?.source.type === ProvenanceSource.TOOL ? leftProv : rightProv?.source.type === ProvenanceSource.TOOL ? rightProv : null;
+    let result;
+    switch (operator) {
+      case "+":
+        result = left + right;
+        if (typeof result === "string" && toolMetadata) {
+          markPrimitiveTainted(result, toolMetadata);
+        }
+        break;
+      case "-":
+        result = left - right;
+        break;
+      case "*":
+        result = left * right;
+        break;
+      case "/":
+        result = left / right;
+        break;
+      case "%":
+        result = left % right;
+        break;
+      case "===":
+      case "==":
+        result = left === right;
+        break;
+      case "!==":
+      case "!=":
+        result = left !== right;
+        break;
+      case "<":
+        result = left < right;
+        break;
+      case ">":
+        result = left > right;
+        break;
+      case "<=":
+        result = left <= right;
+        break;
+      case ">=":
+        result = left >= right;
+        break;
+      case "&&":
+        result = left && right;
+        break;
+      case "||":
+        result = left || right;
+        break;
+      default:
+        result = void 0;
+    }
+    return this.track(result, {
+      type: "system",
+      operation: `binary_${operator}`,
+      timestamp: Date.now()
+    }, [
+      leftId,
+      rightId
+    ]);
+  }
+  trackAssign(name, value) {
+    return this.track(value, {
+      type: "system",
+      operation: "assignment",
+      timestamp: Date.now()
+    }, [
+      this.getId(value)
+    ]);
+  }
+  trackMethod(object, method, args) {
+    if (typeof object === "object" && object !== null && method in object) {
+      const result = object[method](...args);
+      return this.track(result, {
+        type: "system",
+        operation: `method_${method}`,
+        timestamp: Date.now()
+      }, [
+        this.getId(object),
+        ...args.map((a) => this.getId(a))
+      ]);
+    }
+    return void 0;
+  }
+  trackTemplate(expressions, quasis) {
+    let result = "";
+    let toolMetadata = null;
+    for (let i = 0; i < quasis.length; i++) {
+      result += quasis[i] || "";
+      if (i < expressions.length) {
+        const expr = expressions[i];
+        result += String(expr);
+        const prov = getProvenance(expr) || getProvenanceForPrimitive(expr);
+        if (prov && prov.source.type === ProvenanceSource.TOOL && !toolMetadata) {
+          toolMetadata = prov;
+        }
+      }
+    }
+    if (toolMetadata) {
+      markPrimitiveTainted(result, toolMetadata);
+    }
+    return result;
+  }
+  getMetadata(value) {
+    if (typeof value === "object" && value !== null) {
+      const id = this.valueToId.get(value);
+      if (id) {
+        return this.metadata.get(id) || null;
+      }
+    }
+    return null;
+  }
+  getAllMetadata() {
+    return new Map(this.metadata);
+  }
+  restoreMetadata(metadata) {
+    this.metadata = new Map(metadata);
+  }
+};
+function createTrackingRuntime() {
+  const tracker = new ASTProvenanceTracker();
+  return {
+    tracker,
+    runtime: {
+      __track: /* @__PURE__ */ __name((value, source, deps) => tracker.track(value, source, deps), "__track"),
+      __track_binary: /* @__PURE__ */ __name((left, right, operator) => tracker.trackBinary(left, right, operator), "__track_binary"),
+      __track_assign: /* @__PURE__ */ __name((name, value) => tracker.trackAssign(name, value), "__track_assign"),
+      __track_method: /* @__PURE__ */ __name((object, method, args) => tracker.trackMethod(object, method, args), "__track_method"),
+      __track_template: /* @__PURE__ */ __name((expressions, quasis) => tracker.trackTemplate(expressions, quasis), "__track_template"),
+      __get_provenance: /* @__PURE__ */ __name((value) => tracker.getMetadata(value), "__get_provenance")
+    }
+  };
+}
+__name(createTrackingRuntime, "createTrackingRuntime");
+export { ConditionSchema, DeclarativePolicyConfigSchema, DynamicPolicyRegistry, InMemoryProvenanceStore, OperatorSchema, PolicyActionSchema, PolicyBuilder, PolicyConfigurationSchema, PolicyRuleSchema, ProvenanceMode, ProvenanceSecurityError, ProvenanceSource, RuleBuilder, SecurityPolicyEngine, auditSensitiveAccess, blockLLMRecipients, blockLLMRecipientsWithApproval, canRead, captureProvenanceSnapshot, captureProvenanceState, cleanupProvenanceForExecution, clearProvenanceExecutionId, computeDigest, createCustomPolicy, createDeclarativePolicy, createProvenanceProxy, createTrackingRuntime, getAllProvenance, getBuiltInPolicies, getBuiltInPoliciesWithApproval, getClientSecret, getProvenance, getProvenanceForPrimitive, hasProvenance, hydrateExecutionProvenance, hydrateProvenance, instrumentCode, isPrimitiveTainted, issueProvenanceToken, loadDeclarativePolicies, markPrimitiveTainted, preventDataExfiltration, preventDataExfiltrationWithApproval, registerProvenanceMetadata, requireUserOrigin, requireUserOriginWithApproval, restoreProvenanceSnapshot, restoreProvenanceState, setGlobalProvenanceStore, setProvenanceExecutionId, stableStringify, verifyProvenanceHints, verifyProvenanceToken };
+//# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map