@ngandu/ulicode 0.0.6

package/dist/chunk-MS5RYNRK.js

@@ -0,0 +1,137 @@
+import { WORKSPACE_TOOLS } from '@mastra/core/workspace';
+
+// src/tool-names.ts
+var MC_TOOLS = {
+  // Filesystem
+  VIEW: "view",
+  WRITE_FILE: "write_file",
+  STRING_REPLACE_LSP: "string_replace_lsp",
+  FIND_FILES: "find_files",
+  DELETE_FILE: "delete_file",
+  FILE_STAT: "file_stat",
+  MKDIR: "mkdir",
+  // Search
+  SEARCH_CONTENT: "search_content",
+  // Code intelligence
+  AST_SMART_EDIT: "ast_smart_edit",
+  // Sandbox
+  EXECUTE_COMMAND: "execute_command",
+  GET_PROCESS_OUTPUT: "get_process_output",
+  KILL_PROCESS: "kill_process"
+};
+var TOOL_NAME_OVERRIDES = {
+  [WORKSPACE_TOOLS.FILESYSTEM.READ_FILE]: { name: MC_TOOLS.VIEW },
+  [WORKSPACE_TOOLS.FILESYSTEM.WRITE_FILE]: { name: MC_TOOLS.WRITE_FILE },
+  [WORKSPACE_TOOLS.FILESYSTEM.EDIT_FILE]: { name: MC_TOOLS.STRING_REPLACE_LSP },
+  [WORKSPACE_TOOLS.FILESYSTEM.LIST_FILES]: { name: MC_TOOLS.FIND_FILES },
+  [WORKSPACE_TOOLS.FILESYSTEM.DELETE]: { name: MC_TOOLS.DELETE_FILE },
+  [WORKSPACE_TOOLS.FILESYSTEM.FILE_STAT]: { name: MC_TOOLS.FILE_STAT },
+  [WORKSPACE_TOOLS.FILESYSTEM.MKDIR]: { name: MC_TOOLS.MKDIR },
+  [WORKSPACE_TOOLS.FILESYSTEM.GREP]: { name: MC_TOOLS.SEARCH_CONTENT },
+  [WORKSPACE_TOOLS.FILESYSTEM.AST_EDIT]: { name: MC_TOOLS.AST_SMART_EDIT },
+  [WORKSPACE_TOOLS.SANDBOX.EXECUTE_COMMAND]: { name: MC_TOOLS.EXECUTE_COMMAND },
+  [WORKSPACE_TOOLS.SANDBOX.GET_PROCESS_OUTPUT]: { name: MC_TOOLS.GET_PROCESS_OUTPUT },
+  [WORKSPACE_TOOLS.SANDBOX.KILL_PROCESS]: { name: MC_TOOLS.KILL_PROCESS }
+};
+
+// src/permissions.ts
+var TOOL_CATEGORIES = {
+  read: {
+    label: "Read",
+    description: "Read files, search, list directories"
+  },
+  edit: {
+    label: "Edit",
+    description: "Create, modify, or delete files"
+  },
+  execute: {
+    label: "Execute",
+    description: "Run shell commands"
+  },
+  mcp: {
+    label: "MCP",
+    description: "External MCP server tools"
+  }
+};
+var TOOL_CATEGORY_MAP = {
+  // Read-only tools — always safe
+  [MC_TOOLS.VIEW]: "read",
+  [MC_TOOLS.SEARCH_CONTENT]: "read",
+  [MC_TOOLS.FIND_FILES]: "read",
+  web_search: "read",
+  "web-search": "read",
+  web_extract: "read",
+  "web-extract": "read",
+  // Edit tools — modify files
+  [MC_TOOLS.STRING_REPLACE_LSP]: "edit",
+  [MC_TOOLS.AST_SMART_EDIT]: "edit",
+  [MC_TOOLS.WRITE_FILE]: "edit",
+  subagent: "edit",
+  // Execute tools — run arbitrary commands
+  [MC_TOOLS.EXECUTE_COMMAND]: "execute"
+  // Interactive / planning tools — always allowed (no category needed)
+  // ask_user, task_write, task_check, submit_plan, request_access
+};
+var ALWAYS_ALLOW_TOOLS = /* @__PURE__ */ new Set(["ask_user", "task_write", "task_check", "submit_plan", "request_access"]);
+function getToolCategory(toolName) {
+  if (ALWAYS_ALLOW_TOOLS.has(toolName)) return null;
+  return TOOL_CATEGORY_MAP[toolName] ?? "mcp";
+}
+function getToolsForCategory(category) {
+  return Object.entries(TOOL_CATEGORY_MAP).filter(([, cat]) => cat === category).map(([tool]) => tool);
+}
+var DEFAULT_POLICIES = {
+  read: "allow",
+  edit: "ask",
+  execute: "ask",
+  mcp: "ask"
+};
+var YOLO_POLICIES = {
+  read: "allow",
+  edit: "allow",
+  execute: "allow",
+  mcp: "allow"
+};
+function createDefaultRules() {
+  return {
+    categories: { ...DEFAULT_POLICIES },
+    tools: {}
+  };
+}
+var SessionGrants = class {
+  grantedCategories = /* @__PURE__ */ new Set();
+  grantedTools = /* @__PURE__ */ new Set();
+  allowCategory(category) {
+    this.grantedCategories.add(category);
+  }
+  allowTool(toolName) {
+    this.grantedTools.add(toolName);
+  }
+  isGranted(toolName, category) {
+    return this.grantedTools.has(toolName) || this.grantedCategories.has(category);
+  }
+  reset() {
+    this.grantedCategories.clear();
+    this.grantedTools.clear();
+  }
+  getGrantedCategories() {
+    return [...this.grantedCategories];
+  }
+  getGrantedTools() {
+    return [...this.grantedTools];
+  }
+};
+function resolveApproval(toolName, rules, sessionGrants) {
+  const category = getToolCategory(toolName);
+  if (category === null) return "allow";
+  const toolPolicy = rules.tools[toolName];
+  if (toolPolicy) return toolPolicy;
+  if (sessionGrants.isGranted(toolName, category)) return "allow";
+  const categoryPolicy = rules.categories[category];
+  if (categoryPolicy) return categoryPolicy;
+  return DEFAULT_POLICIES[category] ?? "ask";
+}
+
+export { DEFAULT_POLICIES, MC_TOOLS, SessionGrants, TOOL_CATEGORIES, TOOL_NAME_OVERRIDES, YOLO_POLICIES, createDefaultRules, getToolCategory, getToolsForCategory, resolveApproval };
+//# sourceMappingURL=chunk-MS5RYNRK.js.map
+//# sourceMappingURL=chunk-MS5RYNRK.js.map

package/dist/chunk-MS5RYNRK.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/tool-names.ts","../src/permissions.ts"],"names":[],"mappings":";;;AAaO,IAAM,QAAA,GAAW;AAAA;AAAA,EAEtB,IAAA,EAAM,MAAA;AAAA,EACN,UAAA,EAAY,YAAA;AAAA,EACZ,kBAAA,EAAoB,oBAAA;AAAA,EACpB,UAAA,EAAY,YAAA;AAAA,EACZ,WAAA,EAAa,aAAA;AAAA,EACb,SAAA,EAAW,WAAA;AAAA,EACX,KAAA,EAAO,OAAA;AAAA;AAAA,EAGP,cAAA,EAAgB,gBAAA;AAAA;AAAA,EAGhB,cAAA,EAAgB,gBAAA;AAAA;AAAA,EAGhB,eAAA,EAAiB,iBAAA;AAAA,EACjB,kBAAA,EAAoB,oBAAA;AAAA,EACpB,YAAA,EAAc;AAChB;AAOO,IAAM,mBAAA,GAAsB;AAAA,EACjC,CAAC,gBAAgB,UAAA,CAAW,SAAS,GAAG,EAAE,IAAA,EAAM,SAAS,IAAA,EAAK;AAAA,EAC9D,CAAC,gBAAgB,UAAA,CAAW,UAAU,GAAG,EAAE,IAAA,EAAM,SAAS,UAAA,EAAW;AAAA,EACrE,CAAC,gBAAgB,UAAA,CAAW,SAAS,GAAG,EAAE,IAAA,EAAM,SAAS,kBAAA,EAAmB;AAAA,EAC5E,CAAC,gBAAgB,UAAA,CAAW,UAAU,GAAG,EAAE,IAAA,EAAM,SAAS,UAAA,EAAW;AAAA,EACrE,CAAC,gBAAgB,UAAA,CAAW,MAAM,GAAG,EAAE,IAAA,EAAM,SAAS,WAAA,EAAY;AAAA,EAClE,CAAC,gBAAgB,UAAA,CAAW,SAAS,GAAG,EAAE,IAAA,EAAM,SAAS,SAAA,EAAU;AAAA,EACnE,CAAC,gBAAgB,UAAA,CAAW,KAAK,GAAG,EAAE,IAAA,EAAM,SAAS,KAAA,EAAM;AAAA,EAC3D,CAAC,gBAAgB,UAAA,CAAW,IAAI,GAAG,EAAE,IAAA,EAAM,SAAS,cAAA,EAAe;AAAA,EACnE,CAAC,gBAAgB,UAAA,CAAW,QAAQ,GAAG,EAAE,IAAA,EAAM,SAAS,cAAA,EAAe;AAAA,EACvE,CAAC,gBAAgB,OAAA,CAAQ,eAAe,GAAG,EAAE,IAAA,EAAM,SAAS,eAAA,EAAgB;AAAA,EAC5E,CAAC,gBAAgB,OAAA,CAAQ,kBAAkB,GAAG,EAAE,IAAA,EAAM,SAAS,kBAAA,EAAmB;AAAA,EAClF,CAAC,gBAAgB,OAAA,CAAQ,YAAY,GAAG,EAAE,IAAA,EAAM,SAAS,YAAA;AAC3D;;;ACrCO,IAAM,eAAA,GAAgF;AAAA,EAC3F,IAAA,EAAM;AAAA,IACJ,KAAA,EAAO,MAAA;AAAA,IACP,WAAA,EAAa;AAAA,GACf;AAAA,EACA,IAAA,EAAM;AAAA,IACJ,KAAA,EAAO,MAAA;AAAA,IACP,WAAA,EAAa;AAAA,GACf;AAAA,EACA,OAAA,EAAS;AAAA,IACP,KAAA,EAAO,SAAA;AAAA,IACP,WAAA,EAAa;AAAA,GACf;AAAA,EACA,GAAA,EAAK;AAAA,IACH,KAAA,EAAO,KAAA;AAAA,IACP,WAAA,EAAa;AAAA;AAEjB;AAMA,IAAM,iBAAA,GAAkD;AAAA;AAAA,EAEtD,CAAC,QAAA,CAAS,IAAI,GAAG,MAAA;AAAA,EACjB,CAAC,QAAA,CAAS,cAAc,GAAG,MAAA;AAAA,EAC3B,CAAC,QAAA,CAAS,UAAU,GAAG,MAAA;AAAA,EACvB,UAAA,EAAY,MAAA;AAAA,EACZ,YAAA,EAAc,MAAA;AAAA,EACd,WAAA,EAAa,MAAA;AAAA,EACb,aAAA,EAAe,MAAA;AAAA;AAAA,EAEf,CAAC,QAAA,CAAS,kBAAkB,GAAG,MAAA;AAAA,EAC/B,CAAC,QAAA,CAAS,cAAc,GAAG,MAAA;AAAA,EAC3B,CAAC,QAAA,CAAS,UAAU,GAAG,MAAA;AAAA,EACvB,QAAA,EAAU,MAAA;AAAA;AAAA,EAGV,CAAC,QAAA,CAAS,eAAe,GAAG;AAAA;AAAA;AAI9B,CAAA;AAGA,IAAM,kBAAA,uBAAyB,GAAA,CAAI,CAAC,YAAY,YAAA,EAAc,YAAA,EAAc,aAAA,EAAe,gBAAgB,CAAC,CAAA;AAKrG,SAAS,gBAAgB,QAAA,EAAuC;AACrE,EAAA,IAAI,kBAAA,CAAmB,GAAA,CAAI,QAAQ,CAAA,EAAG,OAAO,IAAA;AAC7C,EAAA,OAAO,iBAAA,CAAkB,QAAQ,CAAA,IAAK,KAAA;AACxC;AAKO,SAAS,oBAAoB,QAAA,EAAkC;AACpE,EAAA,OAAO,OAAO,OAAA,CAAQ,iBAAiB,EACpC,MAAA,CAAO,CAAC,GAAG,GAAG,CAAA,KAAM,GAAA,KAAQ,QAAQ,CAAA,CACpC,GAAA,CAAI,CAAC,CAAC,IAAI,MAAM,IAAI,CAAA;AACzB;AAgBO,IAAM,gBAAA,GAA2D;AAAA,EACtE,IAAA,EAAM,OAAA;AAAA,EACN,IAAA,EAAM,KAAA;AAAA,EACN,OAAA,EAAS,KAAA;AAAA,EACT,GAAA,EAAK;AACP;AAGO,IAAM,aAAA,GAAwD;AAAA,EACnE,IAAA,EAAM,OAAA;AAAA,EACN,IAAA,EAAM,OAAA;AAAA,EACN,OAAA,EAAS,OAAA;AAAA,EACT,GAAA,EAAK;AACP;AAEO,SAAS,kBAAA,GAAsC;AACpD,EAAA,OAAO;AAAA,IACL,UAAA,EAAY,EAAE,GAAG,gBAAA,EAAiB;AAAA,IAClC,OAAO;AAAC,GACV;AACF;AAMO,IAAM,gBAAN,MAAoB;AAAA,EACjB,iBAAA,uBAAwB,GAAA,EAAkB;AAAA,EAC1C,YAAA,uBAAmB,GAAA,EAAY;AAAA,EAEvC,cAAc,QAAA,EAA8B;AAC1C,IAAA,IAAA,CAAK,iBAAA,CAAkB,IAAI,QAAQ,CAAA;AAAA,EACrC;AAAA,EAEA,UAAU,QAAA,EAAwB;AAChC,IAAA,IAAA,CAAK,YAAA,CAAa,IAAI,QAAQ,CAAA;AAAA,EAChC;AAAA,EAEA,SAAA,CAAU,UAAkB,QAAA,EAAiC;AAC3D,IAAA,OAAO,IAAA,CAAK,aAAa,GAAA,CAAI,QAAQ,KAAK,IAAA,CAAK,iBAAA,CAAkB,IAAI,QAAQ,CAAA;AAAA,EAC/E;AAAA,EAEA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,kBAAkB,KAAA,EAAM;AAC7B,IAAA,IAAA,CAAK,aAAa,KAAA,EAAM;AAAA,EAC1B;AAAA,EAEA,oBAAA,GAAuC;AACrC,IAAA,OAAO,CAAC,GAAG,IAAA,CAAK,iBAAiB,CAAA;AAAA,EACnC;AAAA,EAEA,eAAA,GAA4B;AAC1B,IAAA,OAAO,CAAC,GAAG,IAAA,CAAK,YAAY,CAAA;AAAA,EAC9B;AACF;AAkBO,SAAS,eAAA,CACd,QAAA,EACA,KAAA,EACA,aAAA,EACkB;AAElB,EAAA,MAAM,QAAA,GAAW,gBAAgB,QAAQ,CAAA;AACzC,EAAA,IAAI,QAAA,KAAa,MAAM,OAAO,OAAA;AAG9B,EAAA,MAAM,UAAA,GAAa,KAAA,CAAM,KAAA,CAAM,QAAQ,CAAA;AACvC,EAAA,IAAI,YAAY,OAAO,UAAA;AAGvB,EAAA,IAAI,aAAA,CAAc,SAAA,CAAU,QAAA,EAAU,QAAQ,GAAG,OAAO,OAAA;AAGxD,EAAA,MAAM,cAAA,GAAiB,KAAA,CAAM,UAAA,CAAW,QAAQ,CAAA;AAChD,EAAA,IAAI,gBAAgB,OAAO,cAAA;AAG3B,EAAA,OAAO,gBAAA,CAAiB,QAAQ,CAAA,IAAK,KAAA;AACvC","file":"chunk-MS5RYNRK.js","sourcesContent":["/**\n * Mastracode tool name constants.\n *\n * These are the names exposed to the LLM via workspace tool name remapping.\n * Used throughout mastracode for permissions, TUI rendering, tool guidance,\n * subagent allowedTools, etc.\n *\n * The workspace tools get remapped from their core names (e.g. `mastra_workspace_read_file`)\n * to these names (e.g. `view`) via the `name` property in workspace tool config.\n */\n\nimport { WORKSPACE_TOOLS } from '@mastra/core/workspace';\n\nexport const MC_TOOLS = {\n  // Filesystem\n  VIEW: 'view',\n  WRITE_FILE: 'write_file',\n  STRING_REPLACE_LSP: 'string_replace_lsp',\n  FIND_FILES: 'find_files',\n  DELETE_FILE: 'delete_file',\n  FILE_STAT: 'file_stat',\n  MKDIR: 'mkdir',\n\n  // Search\n  SEARCH_CONTENT: 'search_content',\n\n  // Code intelligence\n  AST_SMART_EDIT: 'ast_smart_edit',\n\n  // Sandbox\n  EXECUTE_COMMAND: 'execute_command',\n  GET_PROCESS_OUTPUT: 'get_process_output',\n  KILL_PROCESS: 'kill_process',\n} as const;\n\n/**\n * Workspace tool name remapping config.\n * Maps core workspace tool constants to mastracode's tool names.\n * Pass this (or spread it) into `Workspace({ tools: ... })`.\n */\nexport const TOOL_NAME_OVERRIDES = {\n  [WORKSPACE_TOOLS.FILESYSTEM.READ_FILE]: { name: MC_TOOLS.VIEW },\n  [WORKSPACE_TOOLS.FILESYSTEM.WRITE_FILE]: { name: MC_TOOLS.WRITE_FILE },\n  [WORKSPACE_TOOLS.FILESYSTEM.EDIT_FILE]: { name: MC_TOOLS.STRING_REPLACE_LSP },\n  [WORKSPACE_TOOLS.FILESYSTEM.LIST_FILES]: { name: MC_TOOLS.FIND_FILES },\n  [WORKSPACE_TOOLS.FILESYSTEM.DELETE]: { name: MC_TOOLS.DELETE_FILE },\n  [WORKSPACE_TOOLS.FILESYSTEM.FILE_STAT]: { name: MC_TOOLS.FILE_STAT },\n  [WORKSPACE_TOOLS.FILESYSTEM.MKDIR]: { name: MC_TOOLS.MKDIR },\n  [WORKSPACE_TOOLS.FILESYSTEM.GREP]: { name: MC_TOOLS.SEARCH_CONTENT },\n  [WORKSPACE_TOOLS.FILESYSTEM.AST_EDIT]: { name: MC_TOOLS.AST_SMART_EDIT },\n  [WORKSPACE_TOOLS.SANDBOX.EXECUTE_COMMAND]: { name: MC_TOOLS.EXECUTE_COMMAND },\n  [WORKSPACE_TOOLS.SANDBOX.GET_PROCESS_OUTPUT]: { name: MC_TOOLS.GET_PROCESS_OUTPUT },\n  [WORKSPACE_TOOLS.SANDBOX.KILL_PROCESS]: { name: MC_TOOLS.KILL_PROCESS },\n} as const;\n","/**\n * Granular tool permission system.\n *\n * Tools are classified into categories by risk level.\n * Each category has a configurable policy: \"allow\", \"ask\", or \"deny\".\n * Session-scoped grants let the user approve a category once per session.\n */\n\nimport { MC_TOOLS } from './tool-names.js';\n\n// ---------------------------------------------------------------------------\n// Categories\n// ---------------------------------------------------------------------------\n\nexport type ToolCategory = 'read' | 'edit' | 'execute' | 'mcp';\n\nexport const TOOL_CATEGORIES: Record<ToolCategory, { label: string; description: string }> = {\n  read: {\n    label: 'Read',\n    description: 'Read files, search, list directories',\n  },\n  edit: {\n    label: 'Edit',\n    description: 'Create, modify, or delete files',\n  },\n  execute: {\n    label: 'Execute',\n    description: 'Run shell commands',\n  },\n  mcp: {\n    label: 'MCP',\n    description: 'External MCP server tools',\n  },\n};\n\n// ---------------------------------------------------------------------------\n// Tool → Category mapping\n// ---------------------------------------------------------------------------\n\nconst TOOL_CATEGORY_MAP: Record<string, ToolCategory> = {\n  // Read-only tools — always safe\n  [MC_TOOLS.VIEW]: 'read',\n  [MC_TOOLS.SEARCH_CONTENT]: 'read',\n  [MC_TOOLS.FIND_FILES]: 'read',\n  web_search: 'read',\n  'web-search': 'read',\n  web_extract: 'read',\n  'web-extract': 'read',\n  // Edit tools — modify files\n  [MC_TOOLS.STRING_REPLACE_LSP]: 'edit',\n  [MC_TOOLS.AST_SMART_EDIT]: 'edit',\n  [MC_TOOLS.WRITE_FILE]: 'edit',\n  subagent: 'edit',\n\n  // Execute tools — run arbitrary commands\n  [MC_TOOLS.EXECUTE_COMMAND]: 'execute',\n\n  // Interactive / planning tools — always allowed (no category needed)\n  // ask_user, task_write, task_check, submit_plan, request_access\n};\n\n// Tools that never need approval regardless of policy\nconst ALWAYS_ALLOW_TOOLS = new Set(['ask_user', 'task_write', 'task_check', 'submit_plan', 'request_access']);\n\n/**\n * Get the category for a tool, or null if the tool is always-allowed.\n */\nexport function getToolCategory(toolName: string): ToolCategory | null {\n  if (ALWAYS_ALLOW_TOOLS.has(toolName)) return null;\n  return TOOL_CATEGORY_MAP[toolName] ?? 'mcp';\n}\n\n/**\n * Get the list of known tools for a given category.\n */\nexport function getToolsForCategory(category: ToolCategory): string[] {\n  return Object.entries(TOOL_CATEGORY_MAP)\n    .filter(([, cat]) => cat === category)\n    .map(([tool]) => tool);\n}\n\n// ---------------------------------------------------------------------------\n// Policies\n// ---------------------------------------------------------------------------\n\nexport type PermissionPolicy = 'allow' | 'ask' | 'deny';\n\nexport interface PermissionRules {\n  /** Policy per category. Missing categories default to their DEFAULT_POLICIES value. */\n  categories: Partial<Record<ToolCategory, PermissionPolicy>>;\n  /** Per-tool overrides. Tool name → policy. Takes precedence over category. */\n  tools: Record<string, PermissionPolicy>;\n}\n\n/** Default policies when no rules are configured (YOLO=false equivalent). */\nexport const DEFAULT_POLICIES: Record<ToolCategory, PermissionPolicy> = {\n  read: 'allow',\n  edit: 'ask',\n  execute: 'ask',\n  mcp: 'ask',\n};\n\n/** YOLO-mode policies — everything auto-allowed. */\nexport const YOLO_POLICIES: Record<ToolCategory, PermissionPolicy> = {\n  read: 'allow',\n  edit: 'allow',\n  execute: 'allow',\n  mcp: 'allow',\n};\n\nexport function createDefaultRules(): PermissionRules {\n  return {\n    categories: { ...DEFAULT_POLICIES },\n    tools: {},\n  };\n}\n\n// ---------------------------------------------------------------------------\n// Session grants — temporary \"always allow\" for this session\n// ---------------------------------------------------------------------------\n\nexport class SessionGrants {\n  private grantedCategories = new Set<ToolCategory>();\n  private grantedTools = new Set<string>();\n\n  allowCategory(category: ToolCategory): void {\n    this.grantedCategories.add(category);\n  }\n\n  allowTool(toolName: string): void {\n    this.grantedTools.add(toolName);\n  }\n\n  isGranted(toolName: string, category: ToolCategory): boolean {\n    return this.grantedTools.has(toolName) || this.grantedCategories.has(category);\n  }\n\n  reset(): void {\n    this.grantedCategories.clear();\n    this.grantedTools.clear();\n  }\n\n  getGrantedCategories(): ToolCategory[] {\n    return [...this.grantedCategories];\n  }\n\n  getGrantedTools(): string[] {\n    return [...this.grantedTools];\n  }\n}\n\n// ---------------------------------------------------------------------------\n// Decision engine\n// ---------------------------------------------------------------------------\n\nexport type ApprovalDecision = 'allow' | 'ask' | 'deny';\n\n/**\n * Determine whether a tool call should be allowed, prompted, or denied.\n *\n * Priority order:\n *  1. Always-allowed tools (ask_user, task_write, etc.) → allow\n *  2. Per-tool policy override → use that policy\n *  3. Session grants (user said \"always allow\" during this session) → allow\n *  4. Category policy → use that policy\n *  5. Fallback → \"ask\"\n */\nexport function resolveApproval(\n  toolName: string,\n  rules: PermissionRules,\n  sessionGrants: SessionGrants,\n): ApprovalDecision {\n  // 1. Always-allowed tools\n  const category = getToolCategory(toolName);\n  if (category === null) return 'allow';\n\n  // 2. Per-tool override\n  const toolPolicy = rules.tools[toolName];\n  if (toolPolicy) return toolPolicy;\n\n  // 3. Session grants\n  if (sessionGrants.isGranted(toolName, category)) return 'allow';\n\n  // 4. Category policy\n  const categoryPolicy = rules.categories[category];\n  if (categoryPolicy) return categoryPolicy;\n\n  // 5. Default policy for category\n  return DEFAULT_POLICIES[category] ?? 'ask';\n}\n"]}