@oxagen/cli 0.6.0 → 0.6.1

package/dist/repl/one-shot.js

@@ -12,25 +12,41 @@
  * context engine. Model calls go through the Vercel AI Gateway.
  */
 import { runTurn, MissingGatewayKeyError } from "../agent/pipeline.js";
+import { runAgent } from "../agent/loop.js";
 import { loadProjectContext } from "../agent/project-context.js";
 import { openSessionMemory } from "../agent/memory.js";
 import { openFleetMemory } from "../agent/fleet/memory.js";
 import { openTraceStore } from "../agent/trace-store.js";
+import { getAgent } from "../agents/loader.js";
+import { appendVerboseLog } from "../agent/verbose-log.js";
+import { formatVerboseSection } from "../agent/trace-format.js";
+import { readConfig } from "../lib/config.js";
+import { PermissionBroker } from "../agent/permissions.js";
 export async function runOneShot(prompt, options = {}) {
     const cwd = process.cwd();
     const projectContext = loadProjectContext(cwd);
     const memory = await openSessionMemory(cwd, `one-shot-${Date.now()}`);
     const fleetMemory = openFleetMemory(cwd);
     const traceStore = openTraceStore(cwd);
+    const verbose = options.verbose ?? readConfig().verbose ?? false;
+    // Non-interactive: build a broker only when a mode is requested. With no
+    // approver, `ask` denies mutations (fail closed); acceptEdits/bypass enable
+    // scripted edits. The model-router never under-spends on safety regardless.
+    const broker = options.mode && options.mode !== "readonly"
+        ? new PermissionBroker({ mode: options.mode, cwd })
+        : undefined;
+    const readOnly = options.readOnly || options.mode === "readonly";
     try {
         let streamed = false;
         const result = await runTurn({
             prompt,
             cwd,
             projectContext,
-            readOnly: options.readOnly,
+            readOnly,
+            broker,
             model: options.model,
             bare: options.bare,
+            verbose,
             memory,
             fleetMemory,
             // Pipeline stage progress goes to stderr so stdout stays the clean answer.
@@ -53,6 +69,12 @@ export async function runOneShot(prompt, options = {}) {
         traceStore.record(result.trace);
         if (streamed)
             process.stdout.write("\n");
+        // Verbose: append the structured record to the JSONL stream and print the
+        // per-phase / per-model / cost breakdown to stderr (stdout stays the answer).
+        if (verbose) {
+            appendVerboseLog(cwd, result.trace);
+            process.stderr.write(formatVerboseSection(result.trace).join("\n") + "\n");
+        }
     }
     catch (err) {
         if (err instanceof MissingGatewayKeyError) {
@@ -67,6 +89,54 @@ export async function runOneShot(prompt, options = {}) {
         await memory?.close();
     }
 }
+/**
+ * Run a single prompt as a named agent (its system prompt, tool allowlist, and
+ * model). Bypasses the eval/enhance/judge pipeline — the agent's own prompt is
+ * authoritative. Streams the answer to stdout; tool activity to stderr.
+ */
+export async function runAgentOneShot(prompt, agentName, options = {}) {
+    const cwd = process.cwd();
+    const agent = getAgent(agentName, { cwd });
+    if (!agent) {
+        process.stderr.write(`Error: unknown agent "${agentName}". Run \`oxagen agent list\`.\n`);
+        process.exitCode = 1;
+        return;
+    }
+    const projectContext = loadProjectContext(cwd);
+    const memory = await openSessionMemory(cwd, `agent-${agentName}-${Date.now()}`);
+    try {
+        let streamed = false;
+        await runAgent({
+            prompt,
+            cwd,
+            agent,
+            readOnly: options.readOnly,
+            model: options.model,
+            projectContext,
+            memory,
+            onText: (delta) => {
+                streamed = true;
+                process.stdout.write(delta);
+            },
+            onToolCall: (name, input) => {
+                const summary = typeof input === "object" && input !== null
+                    ? JSON.stringify(input).slice(0, 120)
+                    : String(input);
+                process.stderr.write(`  · ${name} ${summary}\n`);
+            },
+            onToolBlocked: (name, reason) => process.stderr.write(`  ⛔ ${name}: ${reason}\n`),
+        });
+        if (streamed)
+            process.stdout.write("\n");
+    }
+    catch (err) {
+        process.stderr.write(`Error: ${err instanceof Error ? err.message : String(err)}\n`);
+        process.exitCode = 1;
+    }
+    finally {
+        await memory?.close();
+    }
+}
 export async function runFromStdin(options = {}) {
     const chunks = [];
     for await (const chunk of process.stdin) {

package/dist/repl/one-shot.js.map

@@ -1 +1 @@
-{"version":3,"file":"one-shot.js","sourceRoot":"","sources":["../../src/repl/one-shot.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,OAAO,EAAE,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AACvE,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AASzD,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,MAAc,EACd,UAA0B,EAAE;IAE5B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1B,MAAM,cAAc,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,YAAY,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACtE,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IACzC,MAAM,UAAU,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IAEvC,IAAI,CAAC;QACH,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC;YAC3B,MAAM;YACN,GAAG;YACH,cAAc;YACd,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,MAAM;YACN,WAAW;YACX,2EAA2E;YAC3E,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;gBACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,KAAK,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,CAChE,CAAC;YACJ,CAAC;YACD,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;gBAChB,QAAQ,GAAG,IAAI,CAAC;gBAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAC9B,CAAC;YACD,sEAAsE;YACtE,qEAAqE;YACrE,UAAU,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC1B,MAAM,OAAO,GACX,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI;oBACzC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBACrC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,IAAI,OAAO,IAAI,CAAC,CAAC;YACnD,CAAC;SACF,CAAC,CAAC;QACH,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAChC,IAAI,QAAQ;YAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,sBAAsB,EAAE,CAAC;YAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;QAClD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,UAAU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAC/D,CAAC;QACJ,CAAC;QACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;YAAS,CAAC;QACT,MAAM,MAAM,EAAE,KAAK,EAAE,CAAC;IACxB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,UAA0B,EAAE;IAC7D,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,KAAe,CAAC,CAAC;IAC/B,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;IAC7D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC7D,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IACD,MAAM,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AACpC,CAAC"}
+{"version":3,"file":"one-shot.js","sourceRoot":"","sources":["../../src/repl/one-shot.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,OAAO,EAAE,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AACvE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAuB,MAAM,yBAAyB,CAAC;AAkBhF,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,MAAc,EACd,UAA0B,EAAE;IAE5B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1B,MAAM,cAAc,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,YAAY,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACtE,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IACzC,MAAM,UAAU,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,UAAU,EAAE,CAAC,OAAO,IAAI,KAAK,CAAC;IAEjE,yEAAyE;IACzE,4EAA4E;IAC5E,4EAA4E;IAC5E,MAAM,MAAM,GACV,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU;QACzC,CAAC,CAAC,IAAI,gBAAgB,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC;QACnD,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU,CAAC;IAEjE,IAAI,CAAC;QACH,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC;YAC3B,MAAM;YACN,GAAG;YACH,cAAc;YACd,QAAQ;YACR,MAAM;YACN,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,OAAO;YACP,MAAM;YACN,WAAW;YACX,2EAA2E;YAC3E,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;gBACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,KAAK,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,CAChE,CAAC;YACJ,CAAC;YACD,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;gBAChB,QAAQ,GAAG,IAAI,CAAC;gBAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAC9B,CAAC;YACD,sEAAsE;YACtE,qEAAqE;YACrE,UAAU,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC1B,MAAM,OAAO,GACX,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI;oBACzC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBACrC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,IAAI,OAAO,IAAI,CAAC,CAAC;YACnD,CAAC;SACF,CAAC,CAAC;QACH,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAChC,IAAI,QAAQ;YAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACzC,0EAA0E;QAC1E,8EAA8E;QAC9E,IAAI,OAAO,EAAE,CAAC;YACZ,gBAAgB,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;YACpC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,sBAAsB,EAAE,CAAC;YAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;QAClD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,UAAU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAC/D,CAAC;QACJ,CAAC;QACD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;YAAS,CAAC;QACT,MAAM,MAAM,EAAE,KAAK,EAAE,CAAC;IACxB,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,MAAc,EACd,SAAiB,EACjB,UAA0B,EAAE;IAE5B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1B,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;IAC3C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yBAAyB,SAAS,iCAAiC,CAAC,CAAC;QAC1F,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IACD,MAAM,cAAc,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,GAAG,EAAE,SAAS,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAChF,IAAI,CAAC;QACH,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,MAAM,QAAQ,CAAC;YACb,MAAM;YACN,GAAG;YACH,KAAK;YACL,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,cAAc;YACd,MAAM;YACN,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;gBAChB,QAAQ,GAAG,IAAI,CAAC;gBAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAC9B,CAAC;YACD,UAAU,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC1B,MAAM,OAAO,GACX,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI;oBACzC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBACrC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,IAAI,OAAO,IAAI,CAAC,CAAC;YACnD,CAAC;YACD,aAAa,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,KAAK,MAAM,IAAI,CAAC;SAClF,CAAC,CAAC;QACH,IAAI,QAAQ;YAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACrF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;YAAS,CAAC;QACT,MAAM,MAAM,EAAE,KAAK,EAAE,CAAC;IACxB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,UAA0B,EAAE;IAC7D,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,KAAe,CAAC,CAAC;IAC/B,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;IAC7D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC7D,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IACD,MAAM,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AACpC,CAAC"}

package/dist/rules/__tests__/enforce.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=enforce.test.d.ts.map

package/dist/rules/__tests__/enforce.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"enforce.test.d.ts","sourceRoot":"","sources":["../../../src/rules/__tests__/enforce.test.ts"],"names":[],"mappings":""}

package/dist/rules/__tests__/enforce.test.js

@@ -0,0 +1,58 @@
+import { describe, it, expect } from "vitest";
+import { renderRulesSection, guardDenyEntry, guardsToDeny } from "../enforce.js";
+import { evaluateLocalPermission } from "../../settings/permissions-gate.js";
+const rule = (over) => ({
+    description: "",
+    text: "do the thing",
+    source: "test",
+    ...over,
+});
+describe("renderRulesSection", () => {
+    it("returns empty string with no rules", () => {
+        expect(renderRulesSection([])).toBe("");
+    });
+    it("lists rules and marks enforced ones", () => {
+        const out = renderRulesSection([
+            rule({ id: "a", text: "Always read before editing." }),
+            rule({ id: "b", text: "Never edit applied migrations.", guard: { tool: "Edit", denyPathGlob: "m/**" } }),
+        ]);
+        expect(out).toContain("Workspace rules");
+        expect(out).toContain("Always read before editing.");
+        expect(out).toContain("Never edit applied migrations.  [enforced]");
+    });
+});
+describe("guardDenyEntry", () => {
+    it("builds Tool(glob) for a path guard", () => {
+        expect(guardDenyEntry(rule({ id: "x", guard: { tool: "Edit", denyPathGlob: "m/**" } }))).toBe("Edit(m/**)");
+    });
+    it("builds Tool(glob) for a command guard", () => {
+        expect(guardDenyEntry(rule({ id: "x", guard: { tool: "Bash", denyCommandGlob: "rm -rf*" } }))).toBe("Bash(rm -rf*)");
+    });
+    it("builds a bare tool when no pattern", () => {
+        expect(guardDenyEntry(rule({ id: "x", guard: { tool: "Bash" } }))).toBe("Bash");
+    });
+    it("returns null without a guard", () => {
+        expect(guardDenyEntry(rule({ id: "x" }))).toBeNull();
+    });
+});
+describe("guardsToDeny", () => {
+    it("produces deny entries + a reason map keyed by entry", () => {
+        const { deny, reasons } = guardsToDeny([
+            rule({ id: "no-mig", text: "Add a forward migration.", guard: { tool: "Edit", denyPathGlob: "mig/*-applied/**" } }),
+            rule({ id: "style", text: "prompt only" }), // no guard → no deny
+        ]);
+        expect(deny).toEqual(["Edit(mig/*-applied/**)"]);
+        expect(reasons["Edit(mig/*-applied/**)"]).toContain('rule "no-mig"');
+        expect(reasons["Edit(mig/*-applied/**)"]).toContain("Add a forward migration.");
+    });
+    it("the produced deny entries actually block via the permission gate", () => {
+        const { deny } = guardsToDeny([
+            rule({ id: "no-mig", guard: { tool: "Edit", denyPathGlob: "packages/database/migrations/*-applied/**" } }),
+        ]);
+        const blocked = evaluateLocalPermission("edit_file", { path: "packages/database/migrations/0001-applied/up.sql" }, { deny });
+        expect(blocked.decision).toBe("deny");
+        const allowed = evaluateLocalPermission("edit_file", { path: "src/app.ts" }, { deny });
+        expect(allowed.decision).toBe("allow");
+    });
+});
+//# sourceMappingURL=enforce.test.js.map

package/dist/rules/__tests__/enforce.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"enforce.test.js","sourceRoot":"","sources":["../../../src/rules/__tests__/enforce.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AACjF,OAAO,EAAE,uBAAuB,EAAE,MAAM,oCAAoC,CAAC;AAG7E,MAAM,IAAI,GAAG,CAAC,IAAoC,EAAQ,EAAE,CAAC,CAAC;IAC5D,WAAW,EAAE,EAAE;IACf,IAAI,EAAE,cAAc;IACpB,MAAM,EAAE,MAAM;IACd,GAAG,IAAI;CACR,CAAC,CAAC;AAEH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,GAAG,GAAG,kBAAkB,CAAC;YAC7B,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,6BAA6B,EAAE,CAAC;YACtD,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,gCAAgC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,EAAE,CAAC;SACzG,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QACzC,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,6BAA6B,CAAC,CAAC;QACrD,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,4CAA4C,CAAC,CAAC;IACtE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC9G,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACvH,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAClF,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;IACvD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,YAAY,CAAC;YACrC,IAAI,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,0BAA0B,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,kBAAkB,EAAE,EAAE,CAAC;YACnH,IAAI,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC,EAAE,qBAAqB;SAClE,CAAC,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QACrE,MAAM,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;IAClF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kEAAkE,EAAE,GAAG,EAAE;QAC1E,MAAM,EAAE,IAAI,EAAE,GAAG,YAAY,CAAC;YAC5B,IAAI,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,2CAA2C,EAAE,EAAE,CAAC;SAC3G,CAAC,CAAC;QACH,MAAM,OAAO,GAAG,uBAAuB,CACrC,WAAW,EACX,EAAE,IAAI,EAAE,kDAAkD,EAAE,EAC5D,EAAE,IAAI,EAAE,CACT,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,uBAAuB,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;QACvF,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/rules/__tests__/loader.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=loader.test.d.ts.map

package/dist/rules/__tests__/loader.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"loader.test.d.ts","sourceRoot":"","sources":["../../../src/rules/__tests__/loader.test.ts"],"names":[],"mappings":""}

package/dist/rules/__tests__/loader.test.js

@@ -0,0 +1,54 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { mkdtempSync, mkdirSync, writeFileSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { loadRules } from "../loader.js";
+let dir;
+let userDir;
+function writeRule(rel, body) {
+    const path = join(dir, rel);
+    mkdirSync(join(path, ".."), { recursive: true });
+    writeFileSync(path, body, "utf8");
+}
+const load = () => loadRules({ cwd: dir, userRulesDir: userDir });
+beforeEach(() => {
+    dir = mkdtempSync(join(tmpdir(), "oxagen-rules-"));
+    userDir = join(dir, "user-rules");
+});
+afterEach(() => rmSync(dir, { recursive: true, force: true }));
+describe("loadRules", () => {
+    it("loads a rule with description, guard, and body text", () => {
+        writeRule(".oxagen/rules/no-applied-migration.md", "---\ndescription: Never edit an applied migration\nguard-tool: Edit\nguard-deny-path: packages/database/migrations/*-applied/**\n---\nAdd a new forward migration instead of editing an applied one.");
+        const rules = load();
+        expect(rules).toHaveLength(1);
+        const r = rules[0];
+        expect(r.id).toBe("no-applied-migration");
+        expect(r.description).toBe("Never edit an applied migration");
+        expect(r.guard).toEqual({ tool: "Edit", denyPathGlob: "packages/database/migrations/*-applied/**" });
+        expect(r.text).toContain("Add a new forward migration");
+    });
+    it("parses a bash command guard", () => {
+        writeRule(".oxagen/rules/no-force-push.md", "---\nguard-tool: Bash\nguard-deny-command: git push --force*\n---\nNever force-push.");
+        expect(load()[0]?.guard).toEqual({ tool: "Bash", denyCommandGlob: "git push --force*" });
+    });
+    it("treats a rule with no guard frontmatter as prompt-only", () => {
+        writeRule(".oxagen/rules/style.md", "---\ndescription: d\n---\nMatch the surrounding code style.");
+        expect(load()[0]?.guard).toBeUndefined();
+    });
+    it(".oxagen overrides .claude overrides user by name", () => {
+        mkdirSync(userDir, { recursive: true });
+        writeFileSync(join(userDir, "r.md"), "user text");
+        writeRule(".claude/rules/r.md", "claude text");
+        expect(load().find((x) => x.id === "r")?.text).toBe("claude text");
+        writeRule(".oxagen/rules/r.md", "oxagen text");
+        expect(load().find((x) => x.id === "r")?.text).toBe("oxagen text");
+    });
+    it("ignores files with an empty body", () => {
+        writeRule(".oxagen/rules/empty.md", "---\ndescription: d\n---\n");
+        expect(load()).toHaveLength(0);
+    });
+    it("returns an empty list when no rules exist", () => {
+        expect(load()).toEqual([]);
+    });
+});
+//# sourceMappingURL=loader.test.js.map

package/dist/rules/__tests__/loader.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"loader.test.js","sourceRoot":"","sources":["../../../src/rules/__tests__/loader.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACxE,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,IAAI,GAAW,CAAC;AAChB,IAAI,OAAe,CAAC;AAEpB,SAAS,SAAS,CAAC,GAAW,EAAE,IAAY;IAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC5B,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,aAAa,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,IAAI,GAAG,GAAG,EAAE,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC,CAAC;AAElE,UAAU,CAAC,GAAG,EAAE;IACd,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,eAAe,CAAC,CAAC,CAAC;IACnD,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;AACpC,CAAC,CAAC,CAAC;AACH,SAAS,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AAE/D,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;IACzB,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,SAAS,CACP,uCAAuC,EACvC,sMAAsM,CACvM,CAAC;QACF,MAAM,KAAK,GAAG,IAAI,EAAE,CAAC;QACrB,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC9B,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACpB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC1C,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QAC9D,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,2CAA2C,EAAE,CAAC,CAAC;QACrG,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,6BAA6B,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,SAAS,CAAC,gCAAgC,EAAE,sFAAsF,CAAC,CAAC;QACpI,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE,mBAAmB,EAAE,CAAC,CAAC;IAC3F,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,SAAS,CAAC,wBAAwB,EAAE,6DAA6D,CAAC,CAAC;QACnG,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,aAAa,EAAE,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACxC,aAAa,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE,WAAW,CAAC,CAAC;QAClD,SAAS,CAAC,oBAAoB,EAAE,aAAa,CAAC,CAAC;QAC/C,MAAM,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACnE,SAAS,CAAC,oBAAoB,EAAE,aAAa,CAAC,CAAC;QAC/C,MAAM,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,SAAS,CAAC,wBAAwB,EAAE,4BAA4B,CAAC,CAAC;QAClE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/rules/enforce.d.ts

@@ -0,0 +1,23 @@
+/**
+ * enforce.ts — Turn rules into the two enforcement signals the agent loop needs.
+ *
+ *   - renderRulesSection(): Tier 1 — the system-prompt block listing every rule.
+ *   - guardsToDeny():       Tier 2 — guarded rules become permission deny entries
+ *                           (reusing the settings permission gate) plus a map from
+ *                           the deny entry back to the rule text, so a blocked tool
+ *                           call returns the human rule to the model.
+ */
+import type { Rule } from "./types.js";
+/** The system-prompt section listing active rules (Tier 1: soft adherence). */
+export declare function renderRulesSection(rules: Rule[]): string;
+/** The permission-gate deny entry a guard produces (e.g. `Edit(migrations/**)`). */
+export declare function guardDenyEntry(rule: Rule): string | null;
+export interface RuleDenies {
+    /** Deny entries to merge into `permissions.deny` for the gate. */
+    deny: string[];
+    /** Deny entry → human block message (rule name + text) for the gate. */
+    reasons: Record<string, string>;
+}
+/** Convert guarded rules into gate deny entries + their human reasons (Tier 2). */
+export declare function guardsToDeny(rules: Rule[]): RuleDenies;
+//# sourceMappingURL=enforce.d.ts.map

package/dist/rules/enforce.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"enforce.d.ts","sourceRoot":"","sources":["../../src/rules/enforce.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAEvC,+EAA+E;AAC/E,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,MAAM,CAUxD;AAED,oFAAoF;AACpF,wBAAgB,cAAc,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,GAAG,IAAI,CAMxD;AAED,MAAM,WAAW,UAAU;IACzB,kEAAkE;IAClE,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,wEAAwE;IACxE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED,mFAAmF;AACnF,wBAAgB,YAAY,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,UAAU,CAUtD"}

package/dist/rules/enforce.js

@@ -0,0 +1,36 @@
+/** The system-prompt section listing active rules (Tier 1: soft adherence). */
+export function renderRulesSection(rules) {
+    if (rules.length === 0)
+        return "";
+    const lines = [
+        "",
+        "## Workspace rules (binding — follow exactly; guarded rules are hard-blocked)",
+    ];
+    for (const r of rules) {
+        lines.push(`- ${r.text}${r.guard ? "  [enforced]" : ""}`);
+    }
+    return lines.join("\n");
+}
+/** The permission-gate deny entry a guard produces (e.g. `Edit(migrations/**)`). */
+export function guardDenyEntry(rule) {
+    const guard = rule.guard;
+    if (!guard)
+        return null;
+    const tool = guard.tool ?? "*";
+    const pattern = guard.denyPathGlob ?? guard.denyCommandGlob;
+    return pattern ? `${tool}(${pattern})` : tool;
+}
+/** Convert guarded rules into gate deny entries + their human reasons (Tier 2). */
+export function guardsToDeny(rules) {
+    const deny = [];
+    const reasons = {};
+    for (const rule of rules) {
+        const entry = guardDenyEntry(rule);
+        if (!entry)
+            continue;
+        deny.push(entry);
+        reasons[entry] = `rule "${rule.id}" — ${rule.text}`;
+    }
+    return { deny, reasons };
+}
+//# sourceMappingURL=enforce.js.map

package/dist/rules/enforce.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"enforce.js","sourceRoot":"","sources":["../../src/rules/enforce.ts"],"names":[],"mappings":"AAWA,+EAA+E;AAC/E,MAAM,UAAU,kBAAkB,CAAC,KAAa;IAC9C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAClC,MAAM,KAAK,GAAG;QACZ,EAAE;QACF,+EAA+E;KAChF,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,oFAAoF;AACpF,MAAM,UAAU,cAAc,CAAC,IAAU;IACvC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;IACzB,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,GAAG,CAAC;IAC/B,MAAM,OAAO,GAAG,KAAK,CAAC,YAAY,IAAI,KAAK,CAAC,eAAe,CAAC;IAC5D,OAAO,OAAO,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;AAChD,CAAC;AASD,mFAAmF;AACnF,MAAM,UAAU,YAAY,CAAC,KAAa;IACxC,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;QACnC,IAAI,CAAC,KAAK;YAAE,SAAS;QACrB,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjB,OAAO,CAAC,KAAK,CAAC,GAAG,SAAS,IAAI,CAAC,EAAE,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC;IACtD,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AAC3B,CAAC"}

package/dist/rules/index.d.ts

@@ -0,0 +1,10 @@
+/**
+ * @module rules — Workspace rules the agent retrieves, is told about, and is
+ * hard-blocked from violating. The CLI-local foundation of the adherence loop
+ * in docs/specs/stella-graph-memory-sync/spec.md (§4).
+ */
+export type { Rule, RuleGuard } from "./types.js";
+export { loadRules, type LoadRulesOptions } from "./loader.js";
+export { renderRulesSection, guardsToDeny, guardDenyEntry, type RuleDenies, } from "./enforce.js";
+export { scaffoldRule } from "./write.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/rules/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,YAAY,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,KAAK,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EACL,kBAAkB,EAClB,YAAY,EACZ,cAAc,EACd,KAAK,UAAU,GAChB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC"}

package/dist/rules/index.js

@@ -0,0 +1,4 @@
+export { loadRules } from "./loader.js";
+export { renderRulesSection, guardsToDeny, guardDenyEntry, } from "./enforce.js";
+export { scaffoldRule } from "./write.js";
+//# sourceMappingURL=index.js.map

package/dist/rules/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,SAAS,EAAyB,MAAM,aAAa,CAAC;AAC/D,OAAO,EACL,kBAAkB,EAClB,YAAY,EACZ,cAAc,GAEf,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC"}

package/dist/rules/loader.d.ts

@@ -0,0 +1,10 @@
+import type { Rule } from "./types.js";
+export interface LoadRulesOptions {
+    /** Project root. Defaults to process.cwd(). */
+    cwd?: string;
+    /** Override the user rules dir (testing). */
+    userRulesDir?: string;
+}
+/** Load every workspace rule visible from `cwd`, merged by name across sources. */
+export declare function loadRules(opts?: LoadRulesOptions): Rule[];
+//# sourceMappingURL=loader.d.ts.map

package/dist/rules/loader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../src/rules/loader.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,IAAI,EAAa,MAAM,YAAY,CAAC;AAElD,MAAM,WAAW,gBAAgB;IAC/B,+CAA+C;IAC/C,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,6CAA6C;IAC7C,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AA+CD,mFAAmF;AACnF,wBAAgB,SAAS,CAAC,IAAI,GAAE,gBAAqB,GAAG,IAAI,EAAE,CAQ7D"}

package/dist/rules/loader.js

@@ -0,0 +1,77 @@
+/**
+ * loader.ts — Discover and parse workspace rules.
+ *
+ * Sources, lowest → highest precedence (later overrides by name):
+ *   1. ~/.config/oxagen/rules/*.md   (user)
+ *   2. <project>/.claude/rules/*.md  (Claude Code interop)
+ *   3. <project>/.oxagen/rules/*.md  (oxagen project rules)
+ *
+ * Frontmatter keys: description, guard-tool, guard-deny-path, guard-deny-command.
+ * The body is the rule text. Reuses the agent loader's frontmatter parser.
+ */
+import { readdirSync, existsSync, readFileSync } from "node:fs";
+import { join, basename } from "node:path";
+import { homedir } from "node:os";
+import { parseFrontmatter } from "../agents/loader.js";
+function guardFrom(data) {
+    const tool = data["guard-tool"];
+    const denyPathGlob = data["guard-deny-path"];
+    const denyCommandGlob = data["guard-deny-command"];
+    if (!tool && !denyPathGlob && !denyCommandGlob)
+        return undefined;
+    const guard = {};
+    if (tool)
+        guard.tool = tool;
+    if (denyPathGlob)
+        guard.denyPathGlob = denyPathGlob;
+    if (denyCommandGlob)
+        guard.denyCommandGlob = denyCommandGlob;
+    return guard;
+}
+function ruleFromFile(path) {
+    let raw;
+    try {
+        raw = readFileSync(path, "utf8");
+    }
+    catch {
+        return null;
+    }
+    const { data, body } = parseFrontmatter(raw);
+    const id = data["name"] || basename(path).replace(/\.md$/, "");
+    if (!id || !body.trim())
+        return null; // a rule needs a name and a statement
+    return {
+        id,
+        description: data["description"] ?? "",
+        text: body.trim(),
+        guard: guardFrom(data),
+        source: path,
+    };
+}
+function loadDir(dir, into) {
+    if (!existsSync(dir))
+        return;
+    let files;
+    try {
+        files = readdirSync(dir).filter((f) => f.endsWith(".md"));
+    }
+    catch {
+        return;
+    }
+    for (const file of files.sort()) {
+        const rule = ruleFromFile(join(dir, file));
+        if (rule)
+            into.set(rule.id, rule);
+    }
+}
+/** Load every workspace rule visible from `cwd`, merged by name across sources. */
+export function loadRules(opts = {}) {
+    const cwd = opts.cwd ?? process.cwd();
+    const userDir = opts.userRulesDir ?? join(homedir(), ".config", "oxagen", "rules");
+    const registry = new Map();
+    loadDir(userDir, registry);
+    loadDir(join(cwd, ".claude", "rules"), registry);
+    loadDir(join(cwd, ".oxagen", "rules"), registry);
+    return [...registry.values()];
+}
+//# sourceMappingURL=loader.js.map

package/dist/rules/loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/rules/loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAChE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAUvD,SAAS,SAAS,CAAC,IAA4B;IAC7C,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC;IAChC,MAAM,YAAY,GAAG,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAC7C,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACnD,IAAI,CAAC,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,eAAe;QAAE,OAAO,SAAS,CAAC;IACjE,MAAM,KAAK,GAAc,EAAE,CAAC;IAC5B,IAAI,IAAI;QAAE,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC;IAC5B,IAAI,YAAY;QAAE,KAAK,CAAC,YAAY,GAAG,YAAY,CAAC;IACpD,IAAI,eAAe;QAAE,KAAK,CAAC,eAAe,GAAG,eAAe,CAAC;IAC7D,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,YAAY,CAAC,IAAY;IAChC,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAC/D,IAAI,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC,CAAC,sCAAsC;IAC5E,OAAO;QACL,EAAE;QACF,WAAW,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE;QACtC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QACjB,KAAK,EAAE,SAAS,CAAC,IAAI,CAAC;QACtB,MAAM,EAAE,IAAI;KACb,CAAC;AACJ,CAAC;AAED,SAAS,OAAO,CAAC,GAAW,EAAE,IAAuB;IACnD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO;IAC7B,IAAI,KAAe,CAAC;IACpB,IAAI,CAAC;QACH,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;IAC5D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;IACD,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QAChC,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;QAC3C,IAAI,IAAI;YAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;IACpC,CAAC;AACH,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,SAAS,CAAC,OAAyB,EAAE;IACnD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACtC,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnF,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAgB,CAAC;IACzC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC3B,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,CAAC;IACjD,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;AAChC,CAAC"}

package/dist/rules/types.d.ts

@@ -0,0 +1,39 @@
+/**
+ * types.ts — Workspace rules Stella retrieves, injects, and enforces.
+ *
+ * A rule is a binding instruction for the coding agent. It is always injected
+ * into the system prompt (Tier 1). When it carries a `guard`, it is also
+ * hard-enforced at the tool boundary (Tier 2) by the same permission gate used
+ * for settings permissions and MCP tools — a violating tool call is blocked and
+ * the rule text is returned to the model so it self-corrects.
+ *
+ * Rules are authored as markdown under `.oxagen/rules/*.md` today; learned
+ * procedural rules (engram promotion) will flow through the same retrieval +
+ * enforcement path once memory sync lands (see
+ * docs/specs/stella-graph-memory-sync/spec.md, Phase 4).
+ */
+/** A machine-enforceable guard that blocks a tool call that would violate the rule. */
+export interface RuleGuard {
+    /**
+     * Canonical tool the guard applies to: `Bash`, `Write`, `Edit`, `Read`, or
+     * `*` for any. Matched against the tool's canonical permission name.
+     */
+    tool?: string;
+    /** Block a file tool (Write/Edit/Read) whose path matches this glob. */
+    denyPathGlob?: string;
+    /** Block a Bash command matching this glob. */
+    denyCommandGlob?: string;
+}
+export interface Rule {
+    /** Rule name (the filename or frontmatter `name`). */
+    id: string;
+    /** Short description shown in `rules list`. */
+    description: string;
+    /** The rule statement injected into the system prompt. */
+    text: string;
+    /** Optional hard guard (Tier 2). Absent ⇒ prompt-only (Tier 1). */
+    guard?: RuleGuard;
+    /** Where the rule came from (file path). */
+    source: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/rules/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/rules/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,uFAAuF;AACvF,MAAM,WAAW,SAAS;IACxB;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,wEAAwE;IACxE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,+CAA+C;IAC/C,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,IAAI;IACnB,sDAAsD;IACtD,EAAE,EAAE,MAAM,CAAC;IACX,+CAA+C;IAC/C,WAAW,EAAE,MAAM,CAAC;IACpB,0DAA0D;IAC1D,IAAI,EAAE,MAAM,CAAC;IACb,mEAAmE;IACnE,KAAK,CAAC,EAAE,SAAS,CAAC;IAClB,4CAA4C;IAC5C,MAAM,EAAE,MAAM,CAAC;CAChB"}

package/dist/rules/types.js

@@ -0,0 +1,16 @@
+/**
+ * types.ts — Workspace rules Stella retrieves, injects, and enforces.
+ *
+ * A rule is a binding instruction for the coding agent. It is always injected
+ * into the system prompt (Tier 1). When it carries a `guard`, it is also
+ * hard-enforced at the tool boundary (Tier 2) by the same permission gate used
+ * for settings permissions and MCP tools — a violating tool call is blocked and
+ * the rule text is returned to the model so it self-corrects.
+ *
+ * Rules are authored as markdown under `.oxagen/rules/*.md` today; learned
+ * procedural rules (engram promotion) will flow through the same retrieval +
+ * enforcement path once memory sync lands (see
+ * docs/specs/stella-graph-memory-sync/spec.md, Phase 4).
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/rules/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/rules/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG"}

package/dist/rules/write.d.ts

@@ -0,0 +1,10 @@
+/** Write a starter rule to `.oxagen/rules/<name>.md`. */
+export declare function scaffoldRule(opts: {
+    name: string;
+    cwd?: string;
+    dir?: string;
+}): {
+    path: string;
+    created: boolean;
+};
+//# sourceMappingURL=write.d.ts.map

package/dist/rules/write.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"write.d.ts","sourceRoot":"","sources":["../../src/rules/write.ts"],"names":[],"mappings":"AAmBA,yDAAyD;AACzD,wBAAgB,YAAY,CAAC,IAAI,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG;IAChF,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;CAClB,CAOA"}

package/dist/rules/write.js

@@ -0,0 +1,28 @@
+/**
+ * write.ts — Scaffold a new rule for `oxagen rules new`.
+ */
+import { writeFileSync, existsSync, mkdirSync } from "node:fs";
+import { join, dirname } from "node:path";
+const TEMPLATE = (name) => `---
+description: One-line description of what ${name} enforces.
+# Optional hard guard — a violating tool call is blocked before it runs.
+# guard-tool: Edit        # Bash | Write | Edit | Read | *
+# guard-deny-path: packages/database/migrations/*-applied/**
+# guard-deny-command: rm -rf*
+---
+
+State the rule as one clear, imperative instruction. This text is injected into
+the agent's system prompt and returned to the model when a guarded violation is
+blocked, so write it so the agent knows what to do instead.
+`;
+/** Write a starter rule to `.oxagen/rules/<name>.md`. */
+export function scaffoldRule(opts) {
+    const dir = opts.dir ?? join(opts.cwd ?? process.cwd(), ".oxagen", "rules");
+    const path = join(dir, `${opts.name}.md`);
+    if (existsSync(path))
+        return { path, created: false };
+    mkdirSync(dirname(path), { recursive: true });
+    writeFileSync(path, TEMPLATE(opts.name), "utf8");
+    return { path, created: true };
+}
+//# sourceMappingURL=write.js.map

package/dist/rules/write.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"write.js","sourceRoot":"","sources":["../../src/rules/write.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAE1C,MAAM,QAAQ,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC;4CACS,IAAI;;;;;;;;;;CAU/C,CAAC;AAEF,yDAAyD;AACzD,MAAM,UAAU,YAAY,CAAC,IAAkD;IAI7E,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IAC5E,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC;IAC1C,IAAI,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACtD,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,CAAC;IACjD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AACjC,CAAC"}

package/dist/settings/__tests__/gate.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=gate.test.d.ts.map

package/dist/settings/__tests__/gate.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gate.test.d.ts","sourceRoot":"","sources":["../../../src/settings/__tests__/gate.test.ts"],"names":[],"mappings":""}