npm - @parmanasystems/governance - Versions diffs - 1.80.0 → 1.83.0 - Mend

@parmanasystems/governance 1.80.0 → 1.83.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -44,8 +44,33 @@ interface BundleGenerationResult {
     /** Deterministic bundle hash embedded in the manifest. */
     bundle_hash: string;
 }
-/** A single rule within a {@link PolicyDefinition}. */
-interface PolicyRule$1 {
+interface BaseCondition {
+    signal: string;
+    equals?: unknown;
+    greater_than?: number;
+    less_than?: number;
+}
+interface AllCondition {
+    all: RuleCondition[];
+}
+interface AnyCondition {
+    any: RuleCondition[];
+}
+type RuleCondition = BaseCondition | AllCondition | AnyCondition;
+/** Canonical rule shape — matches {@link SchemaV1Policy}["rules"][number]. */
+interface PolicyRule {
+    /** Unique rule identifier. */
+    id: string;
+    /** Structured condition expression evaluated against runtime signals. */
+    condition: RuleCondition;
+    outcome: {
+        action: "approve" | "reject";
+        requires_override: boolean;
+        reason?: string;
+    };
+}
+/** Rule shape accepted by {@link definePolicy}. Use {@link PolicyRule} for the runtime-canonical shape. */
+interface DefinePolicyRule {
     /** Unique rule identifier. */
     id: string;
     /** Condition expression that must evaluate to true for the rule to apply. */
@@ -63,7 +88,7 @@ interface PolicyDefinition {
     /** Semantic version string (e.g. `"1.0.0"`). */
     version: string;
     /** Ordered list of rules that make up the policy. */
-    rules: PolicyRule$1[];
+    rules: DefinePolicyRule[];
 }
 /**
@@ -146,7 +171,7 @@ interface RuntimeRequirements {
 declare function definePolicy(config: {
     id: string;
     version: string;
-    rules: PolicyRule$1[];
+    rules: DefinePolicyRule[];
 }): PolicyDefinition;
 declare const schemaV1Semantics: {
@@ -163,28 +188,6 @@ declare const schemaV1Operators: {
     less_than(left: number, right: number): boolean;
 };
-interface BaseCondition {
-    signal: string;
-    equals?: unknown;
-    greater_than?: number;
-    less_than?: number;
-}
-interface AllCondition {
-    all: RuleCondition[];
-}
-interface AnyCondition {
-    any: RuleCondition[];
-}
-type RuleCondition = BaseCondition | AllCondition | AnyCondition;
-interface PolicyRule {
-    id: string;
-    condition: RuleCondition;
-    outcome: {
-        action: "approve" | "reject";
-        requires_override: boolean;
-        reason?: string;
-    };
-}
 interface SchemaV1Policy {
     schemaVersion: string;
     signalsSchema: Record<string, unknown>;
@@ -199,4 +202,4 @@ interface SchemaRuntime {
 }
 declare function loadSchemaRuntime(schemaVersion: string): SchemaRuntime;
-export { type BundleGenerationResult, type BundleSigner, type PolicyCompileError, type PolicyCompileResult, type PolicyCompileWarning, type PolicyDefinition, type PolicyRule$1 as PolicyRule, type RuntimeRequirements, type SchemaRuntime, type SchemaV1Policy, compilePolicy, createPolicy, definePolicy, evaluateSchemaV1, generateBundle, loadSchemaRuntime, schemaV1Operators, schemaV1Semantics, upgradePolicy, validatePolicy };
+export { type AllCondition, type AnyCondition, type BaseCondition, type BundleGenerationResult, type BundleSigner, type DefinePolicyRule, type PolicyCompileError, type PolicyCompileResult, type PolicyCompileWarning, type PolicyDefinition, type PolicyRule, type RuleCondition, type RuntimeRequirements, type SchemaRuntime, type SchemaV1Policy, compilePolicy, createPolicy, definePolicy, evaluateSchemaV1, generateBundle, loadSchemaRuntime, schemaV1Operators, schemaV1Semantics, upgradePolicy, validatePolicy };

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/compile-policy.ts","../src/create-policy.ts","../src/generate-bundle.ts","../src/upgrade-policy.ts","../src/validate-policy.ts","../src/define-policy.ts","../src/schema/v1/semantics.ts","../src/schema/v1/operators.ts","../src/schema/v1/evaluator.ts","../src/schema/load-schema-runtime.ts"],"sourcesContent":["import * as fs from \"node:fs\";\nimport * as path from \"node:path\";\n\nexport interface PolicyCompileError {\n code: string;\n message: string;\n field?: string;\n}\n\nexport interface PolicyCompileWarning {\n code: string;\n message: string;\n}\n\nexport interface PolicyCompileResult {\n valid: boolean;\n policyId: string;\n policyVersion: string;\n path: string;\n errors: PolicyCompileError[];\n warnings: PolicyCompileWarning[];\n}\n\nconst SUPPORTED_SCHEMA_VERSIONS = [\"1.0.0\"];\n\nconst VALID_SIGNAL_TYPES = [\n \"integer\",\n \"number\",\n \"boolean\",\n \"string\",\n \"enum\",\n];\n\nconst VALID_ACTIONS = [\n \"approve\",\n \"reject\",\n \"escalate\",\n \"manual_review\",\n \"document_required\",\n \"auto_approve\",\n \"fraud_review\",\n \"pending_override\",\n];\n\nfunction extractSignalRefs(condition: unknown): string[] {\n if (!condition \|\| typeof condition !== \"object\" \|\| Array.isArray(condition)) {\n return [];\n }\n const c = condition as Record<string, unknown>;\n if (typeof c.signal === \"string\") return [c.signal];\n if (Array.isArray(c.all)) return c.all.flatMap(extractSignalRefs);\n if (Array.isArray(c.any)) return c.any.flatMap(extractSignalRefs);\n return [];\n}\n\nfunction isCatchAll(condition: unknown): boolean {\n if (!condition \|\| typeof condition !== \"object\" \|\| Array.isArray(condition)) {\n return false;\n }\n const c = condition as Record<string, unknown>;\n return \"all\" in c && Array.isArray(c.all) && c.all.length === 0;\n}\n\nexport function compilePolicy(policyDirectory: string): PolicyCompileResult {\n const errors: PolicyCompileError[] = [];\n const warnings: PolicyCompileWarning[] = [];\n\n let policyId = \"\";\n let policyVersion = \"\";\n\n const err = (code: string, message: string, field?: string) =>\n errors.push({ code, message, ...(field ? { field } : {}) });\n const warn = (code: string, message: string) =>\n warnings.push({ code, message });\n\n // ── PHASE 1 — File exists ──────────────────────────────────────────────────\n const policyFile = path.join(policyDirectory, \"policy.json\");\n if (!fs.existsSync(policyFile)) {\n err(\"POL-001\", `policy.json not found at ${policyFile}`);\n return { valid: false, policyId, policyVersion, path: policyDirectory, errors, warnings };\n }\n\n // ── PHASE 2 — Valid JSON ───────────────────────────────────────────────────\n let content: Record<string, unknown>;\n try {\n const raw = fs.readFileSync(policyFile, \"utf8\");\n const parsed: unknown = JSON.parse(raw);\n if (!parsed \|\| typeof parsed !== \"object\" \|\| Array.isArray(parsed)) {\n err(\"POL-002\", \"Invalid JSON: expected object at top level\");\n return { valid: false, policyId, policyVersion, path: policyDirectory, errors, warnings };\n }\n content = parsed as Record<string, unknown>;\n } catch (e: unknown) {\n const msg = e instanceof Error ? e.message : String(e);\n err(\"POL-002\", `Invalid JSON: ${msg}`);\n return { valid: false, policyId, policyVersion, path: policyDirectory, errors, warnings };\n }\n\n // ── PHASE 3 — Required fields ──────────────────────────────────────────────\n if (!content.policyId \|\| typeof content.policyId !== \"string\") {\n err(\"POL-003\", \"Missing required field: policyId\", \"policyId\");\n } else {\n policyId = content.policyId;\n }\n\n if (!content.policyVersion \|\| typeof content.policyVersion !== \"string\") {\n err(\"POL-004\", \"Missing required field: policyVersion\", \"policyVersion\");\n } else {\n policyVersion = content.policyVersion;\n }\n\n if (policyVersion && !/^\\d+\\.\\d+\\.\\d+$/.test(policyVersion)) {\n err(\n \"POL-022\",\n `policyVersion must be semver format (e.g. \"1.0.0\"), got \"${policyVersion}\". The v-prefix format (e.g. \"v1\") is not supported.`,\n \"policyVersion\",\n );\n }\n\n if (!content.schemaVersion \|\| typeof content.schemaVersion !== \"string\") {\n err(\"POL-005\", \"Missing required field: schemaVersion\", \"schemaVersion\");\n }\n\n if (\n content.signalsSchema === null \|\|\n content.signalsSchema === undefined \|\|\n typeof content.signalsSchema !== \"object\" \|\|\n Array.isArray(content.signalsSchema)\n ) {\n err(\"POL-006\", \"Missing required field: signalsSchema\", \"signalsSchema\");\n }\n\n if (!Array.isArray(content.rules)) {\n err(\"POL-007\", \"Missing required field: rules\", \"rules\");\n }\n\n // ── PHASE 4 — policyId matches directory structure ─────────────────────────\n if (policyId) {\n const dirPolicyId = path.basename(path.dirname(policyDirectory));\n if (dirPolicyId !== policyId) {\n warn(\n \"POL-008\",\n `policyId in policy.json does not match directory name (directory: '${dirPolicyId}', policyId: '${policyId}')`,\n );\n }\n }\n\n // ── PHASE 5 — schemaVersion is supported ──────────────────────────────────\n if (content.schemaVersion && typeof content.schemaVersion === \"string\") {\n if (!SUPPORTED_SCHEMA_VERSIONS.includes(content.schemaVersion)) {\n err(\n \"POL-009\",\n `Unsupported schemaVersion: ${content.schemaVersion}. Supported: ${SUPPORTED_SCHEMA_VERSIONS.join(\", \")}`,\n \"schemaVersion\",\n );\n }\n }\n\n // ── PHASE 6 — signalsSchema field validation ───────────────────────────────\n const signalsSchema = content.signalsSchema as Record<string, unknown> \| undefined;\n const knownSignals = new Set<string>();\n\n if (signalsSchema && typeof signalsSchema === \"object\" && !Array.isArray(signalsSchema)) {\n for (const [name, def] of Object.entries(signalsSchema)) {\n knownSignals.add(name);\n\n if (!def \|\| typeof def !== \"object\" \|\| Array.isArray(def)) {\n err(\"POL-010\", `Signal '${name}' missing required 'type' field`, name);\n continue;\n }\n\n const d = def as Record<string, unknown>;\n\n if (!d.type \|\| typeof d.type !== \"string\") {\n err(\"POL-010\", `Signal '${name}' missing required 'type' field`, name);\n continue;\n }\n\n if (!VALID_SIGNAL_TYPES.includes(d.type)) {\n err(\n \"POL-011\",\n `Signal '${name}' has invalid type '${d.type}'. Valid: ${VALID_SIGNAL_TYPES.join(\", \")}`,\n name,\n );\n }\n\n if (d.type === \"enum\") {\n if (!Array.isArray(d.values) \|\| (d.values as unknown[]).length === 0) {\n err(\"POL-012\", `Signal '${name}' type 'enum' requires non-empty 'values' array`, name);\n }\n }\n }\n }\n\n // ── PHASE 7 — rules validation ─────────────────────────────────────────────\n const rules = content.rules;\n\n if (Array.isArray(rules)) {\n const seenIds = new Set<string>();\n\n for (let i = 0; i < rules.length; i++) {\n const rule = rules[i] as Record<string, unknown>;\n\n if (!rule \|\| typeof rule !== \"object\") {\n err(\"POL-013\", `Rule at index ${i} missing required 'id' field`);\n continue;\n }\n\n const ruleId =\n typeof rule.id === \"string\" && rule.id.length > 0 ? rule.id : null;\n\n if (!ruleId) {\n err(\"POL-013\", `Rule at index ${i} missing required 'id' field`);\n continue;\n }\n\n if (seenIds.has(ruleId)) {\n err(\"POL-020\", `Duplicate rule id: '${ruleId}'`);\n } else {\n seenIds.add(ruleId);\n }\n\n if (!rule.condition \|\| typeof rule.condition !== \"object\" \|\| Array.isArray(rule.condition)) {\n err(\"POL-014\", `Rule '${ruleId}' missing required 'condition' field`);\n } else {\n for (const ref of extractSignalRefs(rule.condition)) {\n if (knownSignals.size > 0 && !knownSignals.has(ref)) {\n warn(\"POL-019\", `Rule '${ruleId}' references signal '${ref}' not in signalsSchema`);\n }\n }\n }\n\n if (!rule.outcome \|\| typeof rule.outcome !== \"object\" \|\| Array.isArray(rule.outcome)) {\n err(\"POL-015\", `Rule '${ruleId}' missing required 'outcome' field`);\n } else {\n const outcome = rule.outcome as Record<string, unknown>;\n\n if (!outcome.action \|\| !VALID_ACTIONS.includes(outcome.action as string)) {\n err(\n \"POL-016\",\n `Rule '${ruleId}' outcome.action '${outcome.action}' is not a valid action`,\n );\n }\n\n if (typeof outcome.requires_override !== \"boolean\") {\n err(\"POL-017\", `Rule '${ruleId}' outcome.requires_override must be boolean`);\n }\n\n if (outcome.reason !== undefined && typeof outcome.reason !== \"string\") {\n err(\"POL-018\", `Rule '${ruleId}' outcome.reason must be string`);\n }\n }\n }\n\n // ── PHASE 8 — Catch-all rule ───────────────────────────────────────────\n const hasCatchAll = rules.some(r => isCatchAll((r as Record<string, unknown>).condition));\n if (!hasCatchAll) {\n warn(\n \"POL-021\",\n \"No catch-all rule found. Executions with unmatched signals will use default reject.\",\n );\n }\n }\n\n return {\n valid: errors.length === 0,\n policyId,\n policyVersion,\n path: policyDirectory,\n errors,\n warnings,\n };\n}\n","import * as fs from \"node:fs\";\nimport * as path from \"node:path\";\n\n/*\n Scaffolds a new policy directory at `./policies/<policyId>/1.0.0/` and writes\n * a skeleton `policy.json` to it.\n \n @param policyId - Unique policy identifier. Must not already exist on disk.\n * @returns Absolute path of the created `1.0.0` version directory.\n * @throws When `./policies/<policyId>` already exists.\n /\nexport function createPolicy(\n policyId: string\n): string {\n const policyRoot = path.join(\n \"./policies\",\n policyId\n );\n\n const versionDirectory =\n path.join(\n policyRoot,\n \"1.0.0\"\n );\n\n if (fs.existsSync(policyRoot)) {\n throw new Error(\n `Policy already exists: ${policyId}`\n );\n }\n\n fs.mkdirSync(\n versionDirectory,\n {\n recursive: true,\n }\n );\n\n fs.writeFileSync(\n path.join(\n versionDirectory,\n \"policy.json\"\n ),\n\n JSON.stringify(\n {\n policyId,\n policyVersion: \"1.0.0\",\n schemaVersion: \"1.0.0\",\n signalsSchema: {},\n rules: [],\n },\n null,\n 2\n ),\n\n \"utf8\"\n );\n\n return versionDirectory;\n}\n","import as path from \"node:path\";\n\nimport {\n generateManifest,\n writeManifest,\n} from \"@parmanasystems/bundle\";\n\nimport {\n signManifest,\n writeSignature,\n} from \"@parmanasystems/crypto\";\n\nimport type {\n BundleGenerationResult,\n} from \"./types.js\";\n\nimport {\n compilePolicy,\n} from \"./compile-policy.js\";\n\n/*\n Signer configuration for {@link generateBundle}.\n * Provide an explicit private key path — never rely on implicit trust key discovery.\n /\nexport interface BundleSigner {\n /* Absolute or CWD-relative path to the PEM-encoded Ed25519 private key. /\n privateKeyPath: string;\n}\n\n/\n Generates a content-addressed bundle for `policyId`/`policyVersion` in `policyDirectory`:\n * 1. Hashes all artifacts and writes `bundle.manifest.json`.\n * 2. If `signer` is provided: signs the manifest and writes `bundle.sig`.\n * If no signer: produces an unsigned bundle (`bundle.sig` is not written).\n \n Unsigned bundles are valid for development.\n * Production deployments should provide a signer.\n \n @param policyId - Policy identifier embedded in the manifest.\n * @param policyVersion - Policy version string (e.g. `\"1.0.0\"`).\n * @param policyDirectory - Path to the directory containing the policy artifacts.\n * @param signer - Optional signing configuration. Omit to produce an unsigned bundle.\n * @returns Paths to the written files and the deterministic bundle hash.\n /\nexport function generateBundle(\n policyId: string,\n policyVersion: string,\n policyDirectory: string,\n signer?: BundleSigner\n): BundleGenerationResult {\n\n const directory =\n path.resolve(\n policyDirectory\n );\n\n // Validate policy before signing — cannot sign an invalid policy\n const compileResult = compilePolicy(directory);\n\n if (compileResult.errors.length > 0) {\n const messages = compileResult.errors\n .map(e => ` ${e.code}: ${e.message}`)\n .join(\"\\n\");\n throw new Error(\n `Policy validation failed — cannot generate bundle:\\n${messages}`,\n );\n }\n\n for (const w of compileResult.warnings) {\n console.warn(`[policy-compiler] ${w.code}: ${w.message}`);\n }\n\n const manifest =\n generateManifest(\n policyId,\n policyVersion,\n directory\n );\n\n writeManifest(\n manifest,\n directory\n );\n\n const manifestPath =\n path.join(\n directory,\n \"bundle.manifest.json\"\n );\n\n if (signer) {\n const signature =\n signManifest(\n manifestPath,\n signer.privateKeyPath\n );\n\n writeSignature(\n signature,\n directory\n );\n }\n\n return {\n success: true,\n\n manifest_path:\n manifestPath,\n\n signature_path:\n signer\n ? path.join(directory, \"bundle.sig\")\n : null,\n\n bundle_hash:\n manifest.bundle_hash,\n };\n}\n\n\n\n\n","import as fs from \"node:fs\";\nimport * as path from \"node:path\";\n\n/*\n Creates the next version directory for `policyId` by copying the latest\n * existing version and incrementing it. Supports both semver (1.0.0) and\n * legacy v-prefix (v1) directory formats. The copied `policy.json` has its\n * version field updated to the new version string.\n \n @param policyId - An existing policy identifier under `./policies/`.\n * @returns Absolute path of the newly created version directory.\n * @throws When the policy does not exist on disk.\n /\nexport function upgradePolicy(\n policyId: string\n): string {\n const policyRoot = path.join(\n \"./policies\",\n policyId\n );\n\n if (!fs.existsSync(policyRoot)) {\n throw new Error(\n `Policy does not exist: ${policyId}`\n );\n }\n\n const allDirs = fs.readdirSync(policyRoot);\n\n // Accept semver (1.0.0) and legacy v-prefix (v1) formats\n const versions = allDirs.filter(\n (e) => /^\\d+\\.\\d+\\.\\d+$/.test(e) \|\| /^v\\d+$/.test(e)\n );\n\n if (versions.length === 0) {\n throw new Error(\n `No version directories found for policy: ${policyId}`\n );\n }\n\n const parse = (v: string) =>\n v.replace(/^v/, \"\").split(\".\").map(Number);\n\n versions.sort((a, b) => {\n const [aMaj, aMin = 0, aPatch = 0] = parse(a);\n const [bMaj, bMin = 0, bPatch = 0] = parse(b);\n return aMaj !== bMaj ? aMaj - bMaj :\n aMin !== bMin ? aMin - bMin :\n aPatch - bPatch;\n });\n\n const latestVersion =\n versions[versions.length - 1];\n\n let nextVersion: string;\n\n if (/^\\d+\\.\\d+\\.\\d+$/.test(latestVersion)) {\n const [maj, min, patch] = latestVersion.split(\".\").map(Number);\n nextVersion = `${maj}.${min}.${patch + 1}`;\n } else {\n const latestNumber = Number(latestVersion.replace(\"v\", \"\"));\n nextVersion = `v${latestNumber + 1}`;\n }\n\n const latestDirectory =\n path.join(policyRoot, latestVersion);\n\n const nextDirectory =\n path.join(policyRoot, nextVersion);\n\n fs.cpSync(latestDirectory, nextDirectory, { recursive: true });\n\n const policyFile = path.join(nextDirectory, \"policy.json\");\n\n const content = JSON.parse(\n fs.readFileSync(policyFile, \"utf8\")\n );\n\n if (\"policyVersion\" in content) {\n content.policyVersion = nextVersion;\n } else {\n content.version = nextVersion;\n }\n\n fs.writeFileSync(\n policyFile,\n JSON.stringify(content, null, 2),\n \"utf8\"\n );\n\n return nextDirectory;\n}\n","import as fs from \"node:fs\";\r\nimport * as path from \"node:path\";\r\n\r\nimport {\r\n readManifest,\r\n verifyManifest,\r\n} from \"@parmanasystems/bundle\";\r\n\r\nimport {\r\n readSignature,\r\n verifySignature,\r\n} from \"@parmanasystems/crypto\";\r\n\r\n/*\r\n Validates every version directory under `./policies/<policyId>` by\r\n * re-verifying all bundle manifests (content hashes) and, when a public key\r\n * path is provided, cryptographic signatures (bundle.sig).\r\n \r\n - Version directories without a `bundle.manifest.json` (not yet bundled) are skipped.\r\n * - Version directories without a `bundle.sig` skip signature verification.\r\n * - When `publicKeyPath` is omitted, signature verification is skipped for all versions.\r\n \r\n Returns `true` only when every bundled version passes all applicable checks.\r\n \r\n @param policyId - Policy identifier whose version directories will be checked.\r\n * @param publicKeyPath - Optional explicit path to the PEM-encoded public key for\r\n * signature verification. When omitted, only manifest content\r\n * hashes are verified.\r\n * @throws When the policy directory does not exist.\r\n /\r\nexport function validatePolicy(\r\n policyId: string,\r\n publicKeyPath?: string\r\n): boolean {\r\n\r\n const policyRoot =\r\n path.join(\r\n \"./policies\",\r\n policyId\r\n );\r\n\r\n if (\r\n !fs.existsSync(\r\n policyRoot\r\n )\r\n ) {\r\n throw new Error(\r\n `Policy does not exist: ${policyId}`\r\n );\r\n }\r\n\r\n const versions =\r\n fs\r\n .readdirSync(\r\n policyRoot\r\n )\r\n .filter(\r\n (entry) =>\r\n entry.startsWith(\"v\")\r\n )\r\n .sort();\r\n\r\n for (const version of versions) {\r\n\r\n const versionDirectory =\r\n path.join(\r\n policyRoot,\r\n version\r\n );\r\n\r\n const manifestPath =\r\n path.join(\r\n versionDirectory,\r\n \"bundle.manifest.json\"\r\n );\r\n\r\n if (\r\n !fs.existsSync(\r\n manifestPath\r\n )\r\n ) {\r\n continue;\r\n }\r\n\r\n const manifest =\r\n readManifest(\r\n versionDirectory\r\n );\r\n\r\n const manifestResult =\r\n verifyManifest(\r\n manifest,\r\n versionDirectory\r\n );\r\n\r\n if (\r\n !manifestResult.valid\r\n ) {\r\n return false;\r\n }\r\n\r\n const sigPath =\r\n path.join(\r\n versionDirectory,\r\n \"bundle.sig\"\r\n );\r\n\r\n if (\r\n !publicKeyPath \|\|\r\n !fs.existsSync(sigPath)\r\n ) {\r\n continue;\r\n }\r\n\r\n const signature =\r\n readSignature(\r\n versionDirectory\r\n );\r\n\r\n const signatureValid =\r\n verifySignature(\r\n manifestPath,\r\n signature,\r\n publicKeyPath\r\n );\r\n\r\n if (\r\n !signatureValid\r\n ) {\r\n return false;\r\n }\r\n }\r\n\r\n return true;\r\n}\r\n\r\n\r\n\r\n\r\n","import type {\r\n PolicyDefinition,\r\n PolicyRule,\r\n} from \"./types.js\";\r\n\r\n/\r\n Constructs a {@link PolicyDefinition} from a plain config object.\r\n * Use this as the first step in the policy-authoring pipeline before\r\n * serializing the policy to disk and calling {@link generateBundle}.\r\n \r\n @param config - Policy id, version, and rules.\r\n */\r\nexport function definePolicy(config: {\r\n id: string;\r\n version: string;\r\n rules: PolicyRule[];\r\n}): PolicyDefinition {\r\n\r\n return {\r\n id: config.id,\r\n\r\n version: config.version,\r\n\r\n rules: config.rules,\r\n };\r\n}\r\n","export const schemaV1Semantics = {\r\n\r\n schemaVersion:\r\n \"1.0.0\",\r\n\r\n ruleConditionField:\r\n \"condition\",\r\n\r\n ruleOutcomeField:\r\n \"outcome\",\r\n\r\n signalReferenceField:\r\n \"signal\",\r\n\r\n supportedOperators: [\r\n \"equals\",\r\n \"greater_than\",\r\n \"less_than\",\r\n ],\r\n};\r\n","export const schemaV1Operators = {\r\n\r\n equals(\r\n left: unknown,\r\n right: unknown\r\n ): boolean {\r\n\r\n return left === right;\r\n },\r\n\r\n greater_than(\r\n left: number,\r\n right: number\r\n ): boolean {\r\n\r\n return left > right;\r\n },\r\n\r\n less_than(\r\n left: number,\r\n right: number\r\n ): boolean {\r\n\r\n return left < right;\r\n },\r\n};\r\n","import type {\r\n DecisionResult\r\n} from \"@parmanasystems/contracts\";\r\n\r\nimport {\r\n schemaV1Operators\r\n} from \"./operators.js\";\r\n\r\ninterface BaseCondition {\r\n signal: string;\r\n equals?: unknown;\r\n greater_than?: number;\r\n less_than?: number;\r\n}\r\n\r\ninterface AllCondition {\r\n all: RuleCondition[];\r\n}\r\n\r\ninterface AnyCondition {\r\n any: RuleCondition[];\r\n}\r\n\r\ntype RuleCondition =\r\n \| BaseCondition\r\n \| AllCondition\r\n \| AnyCondition;\r\n\r\ninterface PolicyRule {\r\n id: string;\r\n\r\n condition: RuleCondition;\r\n\r\n outcome: {\r\n action:\r\n \| \"approve\"\r\n \| \"reject\";\r\n\r\n requires_override:\r\n boolean;\r\n\r\n reason?: string;\r\n };\r\n}\r\n\r\nexport interface SchemaV1Policy {\r\n schemaVersion: string;\r\n\r\n signalsSchema:\r\n Record<string, unknown>;\r\n\r\n rules: PolicyRule[];\r\n}\r\n\r\nfunction evaluateCondition(\r\n condition: RuleCondition,\r\n signals: Record<string, unknown>\r\n): boolean {\r\n\r\n if (\"all\" in condition) {\r\n return condition.all.every(\r\n c =>\r\n evaluateCondition(\r\n c,\r\n signals\r\n )\r\n );\r\n }\r\n\r\n if (\"any\" in condition) {\r\n return condition.any.some(\r\n c =>\r\n evaluateCondition(\r\n c,\r\n signals\r\n )\r\n );\r\n }\r\n\r\n const {\r\n signal,\r\n equals,\r\n greater_than,\r\n less_than,\r\n } = condition;\r\n\r\n if (!(signal in signals)) {\r\n\r\n throw new Error(\r\n `Signal not found: ${signal}`\r\n );\r\n }\r\n\r\n const actual =\r\n signals[signal];\r\n\r\n if (equals !== undefined) {\r\n\r\n return schemaV1Operators.equals(\r\n actual,\r\n equals\r\n );\r\n }\r\n\r\n if (\r\n greater_than !== undefined\r\n ) {\r\n\r\n return schemaV1Operators.greater_than(\r\n actual as number,\r\n greater_than\r\n );\r\n }\r\n\r\n if (\r\n less_than !== undefined\r\n ) {\r\n\r\n return schemaV1Operators.less_than(\r\n actual as number,\r\n less_than\r\n );\r\n }\r\n\r\n return false;\r\n}\r\n\r\nexport function evaluateSchemaV1(\r\n policy: SchemaV1Policy,\r\n signals: Record<string, unknown>\r\n): DecisionResult {\r\n\r\n for (const rule of policy.rules) {\r\n\r\n const matched =\r\n evaluateCondition(\r\n rule.condition,\r\n signals\r\n );\r\n\r\n if (matched) {\r\n\r\n return {\r\n status: \"decided\",\r\n\r\n outcome:\r\n rule.outcome,\r\n\r\n rule_id:\r\n rule.id,\r\n\r\n source:\r\n \"rule_match\",\r\n };\r\n }\r\n }\r\n\r\n return {\r\n status: \"decided\",\r\n outcome: {\r\n action: \"reject\",\r\n requires_override: false,\r\n reason: \"[SYS-006] No rule matched — default reject. Add a catch-all rule to make this explicit.\",\r\n },\r\n rule_id: \"default\",\r\n source: \"rule_match\",\r\n };\r\n}\r\n","import type {\r\n DecisionResult\r\n} from \"@parmanasystems/contracts\";\r\n\r\nimport {\r\n evaluateSchemaV1\r\n} from \"./v1/evaluator.js\";\r\n\r\nimport {\r\n schemaV1Operators\r\n} from \"./v1/operators.js\";\r\n\r\nimport {\r\n schemaV1Semantics\r\n} from \"./v1/semantics.js\";\r\n\r\nexport interface SchemaRuntime {\r\n\r\n semantics: unknown;\r\n\r\n operators: unknown;\r\n\r\n evaluate: (\r\n policy: unknown,\r\n signals: Record<string, unknown>\r\n ) => DecisionResult;\r\n}\r\n\r\nconst SUPPORTED_SCHEMA_VERSIONS: Record<string, SchemaRuntime> = {\r\n \"1.0.0\": {\r\n semantics: schemaV1Semantics,\r\n operators: schemaV1Operators,\r\n evaluate: evaluateSchemaV1 as (\r\n policy: unknown,\r\n signals: Record<string, unknown>\r\n ) => DecisionResult,\r\n },\r\n};\r\n\r\nexport function loadSchemaRuntime(\r\n schemaVersion: string\r\n): SchemaRuntime {\r\n\r\n const runtime = SUPPORTED_SCHEMA_VERSIONS[schemaVersion];\r\n\r\n if (!runtime) {\r\n throw new Error(\r\n `Unsupported schema version: ${schemaVersion}. Supported: ${Object.keys(SUPPORTED_SCHEMA_VERSIONS).join(\", \")}`\r\n );\r\n }\r\n\r\n return runtime;\r\n}\r\n"],"mappings":";AAAA,YAAY,QAAQ;AACpB,YAAY,UAAU;AAsBtB,IAAM,4BAA4B,CAAC,OAAO;AAE1C,IAAM,qBAAqB;AAAA,EACzB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,gBAAgB;AAAA,EACpB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,SAAS,kBAAkB,WAA8B;AACvD,MAAI,CAAC,aAAa,OAAO,cAAc,YAAY,MAAM,QAAQ,SAAS,GAAG;AAC3E,WAAO,CAAC;AAAA,EACV;AACA,QAAM,IAAI;AACV,MAAI,OAAO,EAAE,WAAW,SAAU,QAAO,CAAC,EAAE,MAAM;AAClD,MAAI,MAAM,QAAQ,EAAE,GAAG,EAAG,QAAO,EAAE,IAAI,QAAQ,iBAAiB;AAChE,MAAI,MAAM,QAAQ,EAAE,GAAG,EAAG,QAAO,EAAE,IAAI,QAAQ,iBAAiB;AAChE,SAAO,CAAC;AACV;AAEA,SAAS,WAAW,WAA6B;AAC/C,MAAI,CAAC,aAAa,OAAO,cAAc,YAAY,MAAM,QAAQ,SAAS,GAAG;AAC3E,WAAO;AAAA,EACT;AACA,QAAM,IAAI;AACV,SAAO,SAAS,KAAK,MAAM,QAAQ,EAAE,GAAG,KAAK,EAAE,IAAI,WAAW;AAChE;AAEO,SAAS,cAAc,iBAA8C;AAC1E,QAAM,SAA+B,CAAC;AACtC,QAAM,WAAmC,CAAC;AAE1C,MAAI,WAAW;AACf,MAAI,gBAAgB;AAEpB,QAAM,MAAO,CAAC,MAAc,SAAiB,UAC3C,OAAO,KAAK,EAAE,MAAM,SAAS,GAAI,QAAQ,EAAE,MAAM,IAAI,CAAC,EAAG,CAAC;AAC5D,QAAM,OAAO,CAAC,MAAc,YAC1B,SAAS,KAAK,EAAE,MAAM,QAAQ,CAAC;AAGjC,QAAM,aAAkB,UAAK,iBAAiB,aAAa;AAC3D,MAAI,CAAI,cAAW,UAAU,GAAG;AAC9B,QAAI,WAAW,4BAA4B,UAAU,EAAE;AACvD,WAAO,EAAE,OAAO,OAAO,UAAU,eAAe,MAAM,iBAAiB,QAAQ,SAAS;AAAA,EAC1F;AAGA,MAAI;AACJ,MAAI;AACF,UAAM,MAAS,gBAAa,YAAY,MAAM;AAC9C,UAAM,SAAkB,KAAK,MAAM,GAAG;AACtC,QAAI,CAAC,UAAU,OAAO,WAAW,YAAY,MAAM,QAAQ,MAAM,GAAG;AAClE,UAAI,WAAW,4CAA4C;AAC3D,aAAO,EAAE,OAAO,OAAO,UAAU,eAAe,MAAM,iBAAiB,QAAQ,SAAS;AAAA,IAC1F;AACA,cAAU;AAAA,EACZ,SAAS,GAAY;AACnB,UAAM,MAAM,aAAa,QAAQ,EAAE,UAAU,OAAO,CAAC;AACrD,QAAI,WAAW,iBAAiB,GAAG,EAAE;AACrC,WAAO,EAAE,OAAO,OAAO,UAAU,eAAe,MAAM,iBAAiB,QAAQ,SAAS;AAAA,EAC1F;AAGA,MAAI,CAAC,QAAQ,YAAY,OAAO,QAAQ,aAAa,UAAU;AAC7D,QAAI,WAAW,oCAAoC,UAAU;AAAA,EAC/D,OAAO;AACL,eAAW,QAAQ;AAAA,EACrB;AAEA,MAAI,CAAC,QAAQ,iBAAiB,OAAO,QAAQ,kBAAkB,UAAU;AACvE,QAAI,WAAW,yCAAyC,eAAe;AAAA,EACzE,OAAO;AACL,oBAAgB,QAAQ;AAAA,EAC1B;AAEA,MAAI,iBAAiB,CAAC,kBAAkB,KAAK,aAAa,GAAG;AAC3D;AAAA,MACE;AAAA,MACA,4DAA4D,aAAa;AAAA,MACzE;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,QAAQ,iBAAiB,OAAO,QAAQ,kBAAkB,UAAU;AACvE,QAAI,WAAW,yCAAyC,eAAe;AAAA,EACzE;AAEA,MACE,QAAQ,kBAAkB,QAC1B,QAAQ,kBAAkB,UAC1B,OAAO,QAAQ,kBAAkB,YACjC,MAAM,QAAQ,QAAQ,aAAa,GACnC;AACA,QAAI,WAAW,yCAAyC,eAAe;AAAA,EACzE;AAEA,MAAI,CAAC,MAAM,QAAQ,QAAQ,KAAK,GAAG;AACjC,QAAI,WAAW,iCAAiC,OAAO;AAAA,EACzD;AAGA,MAAI,UAAU;AACZ,UAAM,cAAmB,cAAc,aAAQ,eAAe,CAAC;AAC/D,QAAI,gBAAgB,UAAU;AAC5B;AAAA,QACE;AAAA,QACA,sEAAsE,WAAW,iBAAiB,QAAQ;AAAA,MAC5G;AAAA,IACF;AAAA,EACF;AAGA,MAAI,QAAQ,iBAAiB,OAAO,QAAQ,kBAAkB,UAAU;AACtE,QAAI,CAAC,0BAA0B,SAAS,QAAQ,aAAa,GAAG;AAC9D;AAAA,QACE;AAAA,QACA,8BAA8B,QAAQ,aAAa,gBAAgB,0BAA0B,KAAK,IAAI,CAAC;AAAA,QACvG;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAGA,QAAM,gBAAgB,QAAQ;AAC9B,QAAM,eAAgB,oBAAI,IAAY;AAEtC,MAAI,iBAAiB,OAAO,kBAAkB,YAAY,CAAC,MAAM,QAAQ,aAAa,GAAG;AACvF,eAAW,CAAC,MAAM,GAAG,KAAK,OAAO,QAAQ,aAAa,GAAG;AACvD,mBAAa,IAAI,IAAI;AAErB,UAAI,CAAC,OAAO,OAAO,QAAQ,YAAY,MAAM,QAAQ,GAAG,GAAG;AACzD,YAAI,WAAW,WAAW,IAAI,mCAAmC,IAAI;AACrE;AAAA,MACF;AAEA,YAAM,IAAI;AAEV,UAAI,CAAC,EAAE,QAAQ,OAAO,EAAE,SAAS,UAAU;AACzC,YAAI,WAAW,WAAW,IAAI,mCAAmC,IAAI;AACrE;AAAA,MACF;AAEA,UAAI,CAAC,mBAAmB,SAAS,EAAE,IAAI,GAAG;AACxC;AAAA,UACE;AAAA,UACA,WAAW,IAAI,uBAAuB,EAAE,IAAI,aAAa,mBAAmB,KAAK,IAAI,CAAC;AAAA,UACtF;AAAA,QACF;AAAA,MACF;AAEA,UAAI,EAAE,SAAS,QAAQ;AACrB,YAAI,CAAC,MAAM,QAAQ,EAAE,MAAM,KAAM,EAAE,OAAqB,WAAW,GAAG;AACpE,cAAI,WAAW,WAAW,IAAI,mDAAmD,IAAI;AAAA,QACvF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAGA,QAAM,QAAQ,QAAQ;AAEtB,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,UAAM,UAAU,oBAAI,IAAY;AAEhC,aAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,YAAM,OAAO,MAAM,CAAC;AAEpB,UAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,YAAI,WAAW,iBAAiB,CAAC,8BAA8B;AAC/D;AAAA,MACF;AAEA,YAAM,SACJ,OAAO,KAAK,OAAO,YAAY,KAAK,GAAG,SAAS,IAAI,KAAK,KAAK;AAEhE,UAAI,CAAC,QAAQ;AACX,YAAI,WAAW,iBAAiB,CAAC,8BAA8B;AAC/D;AAAA,MACF;AAEA,UAAI,QAAQ,IAAI,MAAM,GAAG;AACvB,YAAI,WAAW,uBAAuB,MAAM,GAAG;AAAA,MACjD,OAAO;AACL,gBAAQ,IAAI,MAAM;AAAA,MACpB;AAEA,UAAI,CAAC,KAAK,aAAa,OAAO,KAAK,cAAc,YAAY,MAAM,QAAQ,KAAK,SAAS,GAAG;AAC1F,YAAI,WAAW,SAAS,MAAM,sCAAsC;AAAA,MACtE,OAAO;AACL,mBAAW,OAAO,kBAAkB,KAAK,SAAS,GAAG;AACnD,cAAI,aAAa,OAAO,KAAK,CAAC,aAAa,IAAI,GAAG,GAAG;AACnD,iBAAK,WAAW,SAAS,MAAM,wBAAwB,GAAG,wBAAwB;AAAA,UACpF;AAAA,QACF;AAAA,MACF;AAEA,UAAI,CAAC,KAAK,WAAW,OAAO,KAAK,YAAY,YAAY,MAAM,QAAQ,KAAK,OAAO,GAAG;AACpF,YAAI,WAAW,SAAS,MAAM,oCAAoC;AAAA,MACpE,OAAO;AACL,cAAM,UAAU,KAAK;AAErB,YAAI,CAAC,QAAQ,UAAU,CAAC,cAAc,SAAS,QAAQ,MAAgB,GAAG;AACxE;AAAA,YACE;AAAA,YACA,SAAS,MAAM,qBAAqB,QAAQ,MAAM;AAAA,UACpD;AAAA,QACF;AAEA,YAAI,OAAO,QAAQ,sBAAsB,WAAW;AAClD,cAAI,WAAW,SAAS,MAAM,6CAA6C;AAAA,QAC7E;AAEA,YAAI,QAAQ,WAAW,UAAa,OAAO,QAAQ,WAAW,UAAU;AACtE,cAAI,WAAW,SAAS,MAAM,iCAAiC;AAAA,QACjE;AAAA,MACF;AAAA,IACF;AAGA,UAAM,cAAc,MAAM,KAAK,OAAK,WAAY,EAA8B,SAAS,CAAC;AACxF,QAAI,CAAC,aAAa;AAChB;AAAA,QACE;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,OAAO,OAAO,WAAW;AAAA,IACzB;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN;AAAA,IACA;AAAA,EACF;AACF;;;AChRA,YAAYA,SAAQ;AACpB,YAAYC,WAAU;AAUf,SAAS,aACd,UACQ;AACR,QAAM,aAAkB;AAAA,IACtB;AAAA,IACA;AAAA,EACF;AAEA,QAAM,mBACC;AAAA,IACH;AAAA,IACA;AAAA,EACF;AAEF,MAAO,eAAW,UAAU,GAAG;AAC7B,UAAM,IAAI;AAAA,MACR,0BAA0B,QAAQ;AAAA,IACpC;AAAA,EACF;AAEA,EAAG;AAAA,IACD;AAAA,IACA;AAAA,MACE,WAAW;AAAA,IACb;AAAA,EACF;AAEA,EAAG;AAAA,IACI;AAAA,MACH;AAAA,MACA;AAAA,IACF;AAAA,IAEA,KAAK;AAAA,MACH;AAAA,QACE;AAAA,QACA,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe,CAAC;AAAA,QAChB,OAAO,CAAC;AAAA,MACV;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,IAEA;AAAA,EACF;AAEA,SAAO;AACT;;;AC5DA,YAAYC,WAAU;AAEtB;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAEP;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAkCA,SAAS,eACd,UACA,eACA,iBACA,QACwB;AAExB,QAAM,YACC;AAAA,IACH;AAAA,EACF;AAGF,QAAM,gBAAgB,cAAc,SAAS;AAE7C,MAAI,cAAc,OAAO,SAAS,GAAG;AACnC,UAAM,WAAW,cAAc,OAC5B,IAAI,OAAK,KAAK,EAAE,IAAI,KAAK,EAAE,OAAO,EAAE,EACpC,KAAK,IAAI;AACZ,UAAM,IAAI;AAAA,MACR;AAAA,EAAuD,QAAQ;AAAA,IACjE;AAAA,EACF;AAEA,aAAW,KAAK,cAAc,UAAU;AACtC,YAAQ,KAAK,qBAAqB,EAAE,IAAI,KAAK,EAAE,OAAO,EAAE;AAAA,EAC1D;AAEA,QAAM,WACJ;AAAA,IACE;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEF;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAEA,QAAM,eACC;AAAA,IACH;AAAA,IACA;AAAA,EACF;AAEF,MAAI,QAAQ;AACV,UAAM,YACJ;AAAA,MACE;AAAA,MACA,OAAO;AAAA,IACT;AAEF;AAAA,MACE;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IAET,eACE;AAAA,IAEF,gBACE,SACS,WAAK,WAAW,YAAY,IACjC;AAAA,IAEN,aACE,SAAS;AAAA,EACb;AACF;;;ACrHA,YAAYC,SAAQ;AACpB,YAAYC,WAAU;AAYf,SAAS,cACd,UACQ;AACR,QAAM,aAAkB;AAAA,IACtB;AAAA,IACA;AAAA,EACF;AAEA,MAAI,CAAI,eAAW,UAAU,GAAG;AAC9B,UAAM,IAAI;AAAA,MACR,0BAA0B,QAAQ;AAAA,IACpC;AAAA,EACF;AAEA,QAAM,UAAa,gBAAY,UAAU;AAGzC,QAAM,WAAW,QAAQ;AAAA,IACvB,CAAC,MAAM,kBAAkB,KAAK,CAAC,KAAK,SAAS,KAAK,CAAC;AAAA,EACrD;AAEA,MAAI,SAAS,WAAW,GAAG;AACzB,UAAM,IAAI;AAAA,MACR,4CAA4C,QAAQ;AAAA,IACtD;AAAA,EACF;AAEA,QAAM,QAAQ,CAAC,MACb,EAAE,QAAQ,MAAM,EAAE,EAAE,MAAM,GAAG,EAAE,IAAI,MAAM;AAE3C,WAAS,KAAK,CAAC,GAAG,MAAM;AACtB,UAAM,CAAC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,MAAM,CAAC;AAC5C,UAAM,CAAC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,MAAM,CAAC;AAC5C,WAAO,SAAS,OAAO,OAAO,OACvB,SAAS,OAAO,OAAO,OACvB,SAAS;AAAA,EAClB,CAAC;AAED,QAAM,gBACJ,SAAS,SAAS,SAAS,CAAC;AAE9B,MAAI;AAEJ,MAAI,kBAAkB,KAAK,aAAa,GAAG;AACzC,UAAM,CAAC,KAAK,KAAK,KAAK,IAAI,cAAc,MAAM,GAAG,EAAE,IAAI,MAAM;AAC7D,kBAAc,GAAG,GAAG,IAAI,GAAG,IAAI,QAAQ,CAAC;AAAA,EAC1C,OAAO;AACL,UAAM,eAAe,OAAO,cAAc,QAAQ,KAAK,EAAE,CAAC;AAC1D,kBAAc,IAAI,eAAe,CAAC;AAAA,EACpC;AAEA,QAAM,kBACC,WAAK,YAAY,aAAa;AAErC,QAAM,gBACC,WAAK,YAAY,WAAW;AAEnC,EAAG,WAAO,iBAAiB,eAAe,EAAE,WAAW,KAAK,CAAC;AAE7D,QAAM,aAAkB,WAAK,eAAe,aAAa;AAEzD,QAAM,UAAU,KAAK;AAAA,IAChB,iBAAa,YAAY,MAAM;AAAA,EACpC;AAEA,MAAI,mBAAmB,SAAS;AAC9B,YAAQ,gBAAgB;AAAA,EAC1B,OAAO;AACL,YAAQ,UAAU;AAAA,EACpB;AAEA,EAAG;AAAA,IACD;AAAA,IACA,KAAK,UAAU,SAAS,MAAM,CAAC;AAAA,IAC/B;AAAA,EACF;AAEA,SAAO;AACT;;;AC3FA,YAAYC,SAAQ;AACpB,YAAYC,WAAU;AAEtB;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAEP;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAmBA,SAAS,eACd,UACA,eACS;AAET,QAAM,aACC;AAAA,IACH;AAAA,IACA;AAAA,EACF;AAEF,MACE,CAAI;AAAA,IACF;AAAA,EACF,GACA;AACA,UAAM,IAAI;AAAA,MACR,0BAA0B,QAAQ;AAAA,IACpC;AAAA,EACF;AAEA,QAAM,WAED;AAAA,IACC;AAAA,EACF,EACC;AAAA,IACC,CAAC,UACC,MAAM,WAAW,GAAG;AAAA,EACxB,EACC,KAAK;AAEV,aAAW,WAAW,UAAU;AAE9B,UAAM,mBACC;AAAA,MACH;AAAA,MACA;AAAA,IACF;AAEF,UAAM,eACC;AAAA,MACH;AAAA,MACA;AAAA,IACF;AAEF,QACE,CAAI;AAAA,MACF;AAAA,IACF,GACA;AACA;AAAA,IACF;AAEA,UAAM,WACJ;AAAA,MACE;AAAA,IACF;AAEF,UAAM,iBACJ;AAAA,MACE;AAAA,MACA;AAAA,IACF;AAEF,QACE,CAAC,eAAe,OAChB;AACA,aAAO;AAAA,IACT;AAEA,UAAM,UACC;AAAA,MACH;AAAA,MACA;AAAA,IACF;AAEF,QACE,CAAC,iBACD,CAAI,eAAW,OAAO,GACtB;AACA;AAAA,IACF;AAEA,UAAM,YACJ;AAAA,MACE;AAAA,IACF;AAEF,UAAM,iBACJ;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAEF,QACE,CAAC,gBACD;AACA,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;;;AC1HO,SAAS,aAAa,QAIR;AAEnB,SAAO;AAAA,IACL,IAAI,OAAO;AAAA,IAEX,SAAS,OAAO;AAAA,IAEhB,OAAO,OAAO;AAAA,EAChB;AACF;;;ACzBO,IAAM,oBAAoB;AAAA,EAE/B,eACE;AAAA,EAEF,oBACE;AAAA,EAEF,kBACE;AAAA,EAEF,sBACE;AAAA,EAEF,oBAAoB;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;ACnBO,IAAM,oBAAoB;AAAA,EAE/B,OACE,MACA,OACS;AAET,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,aACE,MACA,OACS;AAET,WAAO,OAAO;AAAA,EAChB;AAAA,EAEA,UACE,MACA,OACS;AAET,WAAO,OAAO;AAAA,EAChB;AACF;;;AC6BA,SAAS,kBACP,WACA,SACS;AAET,MAAI,SAAS,WAAW;AACtB,WAAO,UAAU,IAAI;AAAA,MACnB,OACE;AAAA,QACE;AAAA,QACA;AAAA,MACF;AAAA,IACJ;AAAA,EACF;AAEA,MAAI,SAAS,WAAW;AACtB,WAAO,UAAU,IAAI;AAAA,MACnB,OACE;AAAA,QACE;AAAA,QACA;AAAA,MACF;AAAA,IACJ;AAAA,EACF;AAEA,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,EAAE,UAAU,UAAU;AAExB,UAAM,IAAI;AAAA,MACR,qBAAqB,MAAM;AAAA,IAC7B;AAAA,EACF;AAEA,QAAM,SACJ,QAAQ,MAAM;AAEhB,MAAI,WAAW,QAAW;AAExB,WAAO,kBAAkB;AAAA,MACvB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,MACE,iBAAiB,QACjB;AAEA,WAAO,kBAAkB;AAAA,MACvB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,MACE,cAAc,QACd;AAEA,WAAO,kBAAkB;AAAA,MACvB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,iBACd,QACA,SACgB;AAEhB,aAAW,QAAQ,OAAO,OAAO;AAE/B,UAAM,UACJ;AAAA,MACE,KAAK;AAAA,MACL;AAAA,IACF;AAEF,QAAI,SAAS;AAEX,aAAO;AAAA,QACL,QAAQ;AAAA,QAER,SACE,KAAK;AAAA,QAEP,SACE,KAAK;AAAA,QAEP,QACE;AAAA,MACJ;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,QAAQ;AAAA,MACR,mBAAmB;AAAA,MACnB,QAAQ;AAAA,IACV;AAAA,IACA,SAAS;AAAA,IACT,QAAQ;AAAA,EACV;AACF;;;AC3IA,IAAMC,6BAA2D;AAAA,EAC/D,SAAS;AAAA,IACP,WAAW;AAAA,IACX,WAAW;AAAA,IACX,UAAU;AAAA,EAIZ;AACF;AAEO,SAAS,kBACd,eACe;AAEf,QAAM,UAAUA,2BAA0B,aAAa;AAEvD,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI;AAAA,MACR,+BAA+B,aAAa,gBAAgB,OAAO,KAAKA,0BAAyB,EAAE,KAAK,IAAI,CAAC;AAAA,IAC/G;AAAA,EACF;AAEA,SAAO;AACT;","names":["fs","path","path","fs","path","fs","path","SUPPORTED_SCHEMA_VERSIONS"]}
1	+ {"version":3,"sources":["../src/compile-policy.ts","../src/create-policy.ts","../src/generate-bundle.ts","../src/upgrade-policy.ts","../src/validate-policy.ts","../src/define-policy.ts","../src/schema/v1/semantics.ts","../src/schema/v1/operators.ts","../src/schema/v1/evaluator.ts","../src/schema/load-schema-runtime.ts"],"sourcesContent":["import * as fs from \"node:fs\";\nimport * as path from \"node:path\";\n\nexport interface PolicyCompileError {\n code: string;\n message: string;\n field?: string;\n}\n\nexport interface PolicyCompileWarning {\n code: string;\n message: string;\n}\n\nexport interface PolicyCompileResult {\n valid: boolean;\n policyId: string;\n policyVersion: string;\n path: string;\n errors: PolicyCompileError[];\n warnings: PolicyCompileWarning[];\n}\n\nconst SUPPORTED_SCHEMA_VERSIONS = [\"1.0.0\"];\n\nconst VALID_SIGNAL_TYPES = [\n \"integer\",\n \"number\",\n \"boolean\",\n \"string\",\n \"enum\",\n];\n\nconst VALID_ACTIONS = [\n \"approve\",\n \"reject\",\n \"escalate\",\n \"manual_review\",\n \"document_required\",\n \"auto_approve\",\n \"fraud_review\",\n \"pending_override\",\n];\n\nfunction extractSignalRefs(condition: unknown): string[] {\n if (!condition \|\| typeof condition !== \"object\" \|\| Array.isArray(condition)) {\n return [];\n }\n const c = condition as Record<string, unknown>;\n if (typeof c.signal === \"string\") return [c.signal];\n if (Array.isArray(c.all)) return c.all.flatMap(extractSignalRefs);\n if (Array.isArray(c.any)) return c.any.flatMap(extractSignalRefs);\n return [];\n}\n\nfunction isCatchAll(condition: unknown): boolean {\n if (!condition \|\| typeof condition !== \"object\" \|\| Array.isArray(condition)) {\n return false;\n }\n const c = condition as Record<string, unknown>;\n return \"all\" in c && Array.isArray(c.all) && c.all.length === 0;\n}\n\nexport function compilePolicy(policyDirectory: string): PolicyCompileResult {\n const errors: PolicyCompileError[] = [];\n const warnings: PolicyCompileWarning[] = [];\n\n let policyId = \"\";\n let policyVersion = \"\";\n\n const err = (code: string, message: string, field?: string) =>\n errors.push({ code, message, ...(field ? { field } : {}) });\n const warn = (code: string, message: string) =>\n warnings.push({ code, message });\n\n // ── PHASE 1 — File exists ──────────────────────────────────────────────────\n const policyFile = path.join(policyDirectory, \"policy.json\");\n if (!fs.existsSync(policyFile)) {\n err(\"POL-001\", `policy.json not found at ${policyFile}`);\n return { valid: false, policyId, policyVersion, path: policyDirectory, errors, warnings };\n }\n\n // ── PHASE 2 — Valid JSON ───────────────────────────────────────────────────\n let content: Record<string, unknown>;\n try {\n const raw = fs.readFileSync(policyFile, \"utf8\");\n const parsed: unknown = JSON.parse(raw);\n if (!parsed \|\| typeof parsed !== \"object\" \|\| Array.isArray(parsed)) {\n err(\"POL-002\", \"Invalid JSON: expected object at top level\");\n return { valid: false, policyId, policyVersion, path: policyDirectory, errors, warnings };\n }\n content = parsed as Record<string, unknown>;\n } catch (e: unknown) {\n const msg = e instanceof Error ? e.message : String(e);\n err(\"POL-002\", `Invalid JSON: ${msg}`);\n return { valid: false, policyId, policyVersion, path: policyDirectory, errors, warnings };\n }\n\n // ── PHASE 3 — Required fields ──────────────────────────────────────────────\n if (!content.policyId \|\| typeof content.policyId !== \"string\") {\n err(\"POL-003\", \"Missing required field: policyId\", \"policyId\");\n } else {\n policyId = content.policyId;\n }\n\n if (!content.policyVersion \|\| typeof content.policyVersion !== \"string\") {\n err(\"POL-004\", \"Missing required field: policyVersion\", \"policyVersion\");\n } else {\n policyVersion = content.policyVersion;\n }\n\n if (policyVersion && !/^\\d+\\.\\d+\\.\\d+$/.test(policyVersion)) {\n err(\n \"POL-022\",\n `policyVersion must be semver format (e.g. \"1.0.0\"), got \"${policyVersion}\". The v-prefix format (e.g. \"v1\") is not supported.`,\n \"policyVersion\",\n );\n }\n\n if (!content.schemaVersion \|\| typeof content.schemaVersion !== \"string\") {\n err(\"POL-005\", \"Missing required field: schemaVersion\", \"schemaVersion\");\n }\n\n if (\n content.signalsSchema === null \|\|\n content.signalsSchema === undefined \|\|\n typeof content.signalsSchema !== \"object\" \|\|\n Array.isArray(content.signalsSchema)\n ) {\n err(\"POL-006\", \"Missing required field: signalsSchema\", \"signalsSchema\");\n }\n\n if (!Array.isArray(content.rules)) {\n err(\"POL-007\", \"Missing required field: rules\", \"rules\");\n }\n\n // ── PHASE 4 — policyId matches directory structure ─────────────────────────\n if (policyId) {\n const dirPolicyId = path.basename(path.dirname(policyDirectory));\n if (dirPolicyId !== policyId) {\n warn(\n \"POL-008\",\n `policyId in policy.json does not match directory name (directory: '${dirPolicyId}', policyId: '${policyId}')`,\n );\n }\n }\n\n // ── PHASE 5 — schemaVersion is supported ──────────────────────────────────\n if (content.schemaVersion && typeof content.schemaVersion === \"string\") {\n if (!SUPPORTED_SCHEMA_VERSIONS.includes(content.schemaVersion)) {\n err(\n \"POL-009\",\n `Unsupported schemaVersion: ${content.schemaVersion}. Supported: ${SUPPORTED_SCHEMA_VERSIONS.join(\", \")}`,\n \"schemaVersion\",\n );\n }\n }\n\n // ── PHASE 6 — signalsSchema field validation ───────────────────────────────\n const signalsSchema = content.signalsSchema as Record<string, unknown> \| undefined;\n const knownSignals = new Set<string>();\n\n if (signalsSchema && typeof signalsSchema === \"object\" && !Array.isArray(signalsSchema)) {\n for (const [name, def] of Object.entries(signalsSchema)) {\n knownSignals.add(name);\n\n if (!def \|\| typeof def !== \"object\" \|\| Array.isArray(def)) {\n err(\"POL-010\", `Signal '${name}' missing required 'type' field`, name);\n continue;\n }\n\n const d = def as Record<string, unknown>;\n\n if (!d.type \|\| typeof d.type !== \"string\") {\n err(\"POL-010\", `Signal '${name}' missing required 'type' field`, name);\n continue;\n }\n\n if (!VALID_SIGNAL_TYPES.includes(d.type)) {\n err(\n \"POL-011\",\n `Signal '${name}' has invalid type '${d.type}'. Valid: ${VALID_SIGNAL_TYPES.join(\", \")}`,\n name,\n );\n }\n\n if (d.type === \"enum\") {\n if (!Array.isArray(d.values) \|\| (d.values as unknown[]).length === 0) {\n err(\"POL-012\", `Signal '${name}' type 'enum' requires non-empty 'values' array`, name);\n }\n }\n }\n }\n\n // ── PHASE 7 — rules validation ─────────────────────────────────────────────\n const rules = content.rules;\n\n if (Array.isArray(rules)) {\n const seenIds = new Set<string>();\n\n for (let i = 0; i < rules.length; i++) {\n const rule = rules[i] as Record<string, unknown>;\n\n if (!rule \|\| typeof rule !== \"object\") {\n err(\"POL-013\", `Rule at index ${i} missing required 'id' field`);\n continue;\n }\n\n const ruleId =\n typeof rule.id === \"string\" && rule.id.length > 0 ? rule.id : null;\n\n if (!ruleId) {\n err(\"POL-013\", `Rule at index ${i} missing required 'id' field`);\n continue;\n }\n\n if (seenIds.has(ruleId)) {\n err(\"POL-020\", `Duplicate rule id: '${ruleId}'`);\n } else {\n seenIds.add(ruleId);\n }\n\n if (!rule.condition \|\| typeof rule.condition !== \"object\" \|\| Array.isArray(rule.condition)) {\n err(\"POL-014\", `Rule '${ruleId}' missing required 'condition' field`);\n } else {\n for (const ref of extractSignalRefs(rule.condition)) {\n if (knownSignals.size > 0 && !knownSignals.has(ref)) {\n warn(\"POL-019\", `Rule '${ruleId}' references signal '${ref}' not in signalsSchema`);\n }\n }\n }\n\n if (!rule.outcome \|\| typeof rule.outcome !== \"object\" \|\| Array.isArray(rule.outcome)) {\n err(\"POL-015\", `Rule '${ruleId}' missing required 'outcome' field`);\n } else {\n const outcome = rule.outcome as Record<string, unknown>;\n\n if (!outcome.action \|\| !VALID_ACTIONS.includes(outcome.action as string)) {\n err(\n \"POL-016\",\n `Rule '${ruleId}' outcome.action '${outcome.action}' is not a valid action`,\n );\n }\n\n if (typeof outcome.requires_override !== \"boolean\") {\n err(\"POL-017\", `Rule '${ruleId}' outcome.requires_override must be boolean`);\n }\n\n if (outcome.reason !== undefined && typeof outcome.reason !== \"string\") {\n err(\"POL-018\", `Rule '${ruleId}' outcome.reason must be string`);\n }\n }\n }\n\n // ── PHASE 8 — Catch-all rule ───────────────────────────────────────────\n const hasCatchAll = rules.some(r => isCatchAll((r as Record<string, unknown>).condition));\n if (!hasCatchAll) {\n warn(\n \"POL-021\",\n \"No catch-all rule found. Executions with unmatched signals will use default reject.\",\n );\n }\n }\n\n return {\n valid: errors.length === 0,\n policyId,\n policyVersion,\n path: policyDirectory,\n errors,\n warnings,\n };\n}\n","import * as fs from \"node:fs\";\nimport * as path from \"node:path\";\n\n/*\n Scaffolds a new policy directory at `./policies/<policyId>/1.0.0/` and writes\n * a skeleton `policy.json` to it.\n \n @param policyId - Unique policy identifier. Must not already exist on disk.\n * @returns Absolute path of the created `1.0.0` version directory.\n * @throws When `./policies/<policyId>` already exists.\n /\nexport function createPolicy(\n policyId: string\n): string {\n const policyRoot = path.join(\n \"./policies\",\n policyId\n );\n\n const versionDirectory =\n path.join(\n policyRoot,\n \"1.0.0\"\n );\n\n if (fs.existsSync(policyRoot)) {\n throw new Error(\n `Policy already exists: ${policyId}`\n );\n }\n\n fs.mkdirSync(\n versionDirectory,\n {\n recursive: true,\n }\n );\n\n fs.writeFileSync(\n path.join(\n versionDirectory,\n \"policy.json\"\n ),\n\n JSON.stringify(\n {\n policyId,\n policyVersion: \"1.0.0\",\n schemaVersion: \"1.0.0\",\n signalsSchema: {},\n rules: [],\n },\n null,\n 2\n ),\n\n \"utf8\"\n );\n\n return versionDirectory;\n}\n","import as path from \"node:path\";\n\nimport {\n generateManifest,\n writeManifest,\n} from \"@parmanasystems/bundle\";\n\nimport {\n signManifest,\n writeSignature,\n} from \"@parmanasystems/crypto\";\n\nimport type {\n BundleGenerationResult,\n} from \"./types.js\";\n\nimport {\n compilePolicy,\n} from \"./compile-policy.js\";\n\n/*\n Signer configuration for {@link generateBundle}.\n * Provide an explicit private key path — never rely on implicit trust key discovery.\n /\nexport interface BundleSigner {\n /* Absolute or CWD-relative path to the PEM-encoded Ed25519 private key. /\n privateKeyPath: string;\n}\n\n/\n Generates a content-addressed bundle for `policyId`/`policyVersion` in `policyDirectory`:\n * 1. Hashes all artifacts and writes `bundle.manifest.json`.\n * 2. If `signer` is provided: signs the manifest and writes `bundle.sig`.\n * If no signer: produces an unsigned bundle (`bundle.sig` is not written).\n \n Unsigned bundles are valid for development.\n * Production deployments should provide a signer.\n \n @param policyId - Policy identifier embedded in the manifest.\n * @param policyVersion - Policy version string (e.g. `\"1.0.0\"`).\n * @param policyDirectory - Path to the directory containing the policy artifacts.\n * @param signer - Optional signing configuration. Omit to produce an unsigned bundle.\n * @returns Paths to the written files and the deterministic bundle hash.\n /\nexport function generateBundle(\n policyId: string,\n policyVersion: string,\n policyDirectory: string,\n signer?: BundleSigner\n): BundleGenerationResult {\n\n const directory =\n path.resolve(\n policyDirectory\n );\n\n // Validate policy before signing — cannot sign an invalid policy\n const compileResult = compilePolicy(directory);\n\n if (compileResult.errors.length > 0) {\n const messages = compileResult.errors\n .map(e => ` ${e.code}: ${e.message}`)\n .join(\"\\n\");\n throw new Error(\n `Policy validation failed — cannot generate bundle:\\n${messages}`,\n );\n }\n\n for (const w of compileResult.warnings) {\n console.warn(`[policy-compiler] ${w.code}: ${w.message}`);\n }\n\n const manifest =\n generateManifest(\n policyId,\n policyVersion,\n directory\n );\n\n writeManifest(\n manifest,\n directory\n );\n\n const manifestPath =\n path.join(\n directory,\n \"bundle.manifest.json\"\n );\n\n if (signer) {\n const signature =\n signManifest(\n manifestPath,\n signer.privateKeyPath\n );\n\n writeSignature(\n signature,\n directory\n );\n }\n\n return {\n success: true,\n\n manifest_path:\n manifestPath,\n\n signature_path:\n signer\n ? path.join(directory, \"bundle.sig\")\n : null,\n\n bundle_hash:\n manifest.bundle_hash,\n };\n}\n\n\n\n\n","import as fs from \"node:fs\";\nimport * as path from \"node:path\";\n\n/*\n Creates the next version directory for `policyId` by copying the latest\n * existing version and incrementing it. Supports both semver (1.0.0) and\n * legacy v-prefix (v1) directory formats. The copied `policy.json` has its\n * version field updated to the new version string.\n \n @param policyId - An existing policy identifier under `./policies/`.\n * @returns Absolute path of the newly created version directory.\n * @throws When the policy does not exist on disk.\n /\nexport function upgradePolicy(\n policyId: string\n): string {\n const policyRoot = path.join(\n \"./policies\",\n policyId\n );\n\n if (!fs.existsSync(policyRoot)) {\n throw new Error(\n `Policy does not exist: ${policyId}`\n );\n }\n\n const allDirs = fs.readdirSync(policyRoot);\n\n // Accept semver (1.0.0) and legacy v-prefix (v1) formats\n const versions = allDirs.filter(\n (e) => /^\\d+\\.\\d+\\.\\d+$/.test(e) \|\| /^v\\d+$/.test(e)\n );\n\n if (versions.length === 0) {\n throw new Error(\n `No version directories found for policy: ${policyId}`\n );\n }\n\n const parse = (v: string) =>\n v.replace(/^v/, \"\").split(\".\").map(Number);\n\n versions.sort((a, b) => {\n const [aMaj, aMin = 0, aPatch = 0] = parse(a);\n const [bMaj, bMin = 0, bPatch = 0] = parse(b);\n return aMaj !== bMaj ? aMaj - bMaj :\n aMin !== bMin ? aMin - bMin :\n aPatch - bPatch;\n });\n\n const latestVersion =\n versions[versions.length - 1];\n\n let nextVersion: string;\n\n if (/^\\d+\\.\\d+\\.\\d+$/.test(latestVersion)) {\n const [maj, min, patch] = latestVersion.split(\".\").map(Number);\n nextVersion = `${maj}.${min}.${patch + 1}`;\n } else {\n const latestNumber = Number(latestVersion.replace(\"v\", \"\"));\n nextVersion = `v${latestNumber + 1}`;\n }\n\n const latestDirectory =\n path.join(policyRoot, latestVersion);\n\n const nextDirectory =\n path.join(policyRoot, nextVersion);\n\n fs.cpSync(latestDirectory, nextDirectory, { recursive: true });\n\n const policyFile = path.join(nextDirectory, \"policy.json\");\n\n const content = JSON.parse(\n fs.readFileSync(policyFile, \"utf8\")\n );\n\n if (\"policyVersion\" in content) {\n content.policyVersion = nextVersion;\n } else {\n content.version = nextVersion;\n }\n\n fs.writeFileSync(\n policyFile,\n JSON.stringify(content, null, 2),\n \"utf8\"\n );\n\n return nextDirectory;\n}\n","import as fs from \"node:fs\";\r\nimport * as path from \"node:path\";\r\n\r\nimport {\r\n readManifest,\r\n verifyManifest,\r\n} from \"@parmanasystems/bundle\";\r\n\r\nimport {\r\n readSignature,\r\n verifySignature,\r\n} from \"@parmanasystems/crypto\";\r\n\r\n/*\r\n Validates every version directory under `./policies/<policyId>` by\r\n * re-verifying all bundle manifests (content hashes) and, when a public key\r\n * path is provided, cryptographic signatures (bundle.sig).\r\n \r\n - Version directories without a `bundle.manifest.json` (not yet bundled) are skipped.\r\n * - Version directories without a `bundle.sig` skip signature verification.\r\n * - When `publicKeyPath` is omitted, signature verification is skipped for all versions.\r\n \r\n Returns `true` only when every bundled version passes all applicable checks.\r\n \r\n @param policyId - Policy identifier whose version directories will be checked.\r\n * @param publicKeyPath - Optional explicit path to the PEM-encoded public key for\r\n * signature verification. When omitted, only manifest content\r\n * hashes are verified.\r\n * @throws When the policy directory does not exist.\r\n /\r\nexport function validatePolicy(\r\n policyId: string,\r\n publicKeyPath?: string\r\n): boolean {\r\n\r\n const policyRoot =\r\n path.join(\r\n \"./policies\",\r\n policyId\r\n );\r\n\r\n if (\r\n !fs.existsSync(\r\n policyRoot\r\n )\r\n ) {\r\n throw new Error(\r\n `Policy does not exist: ${policyId}`\r\n );\r\n }\r\n\r\n const versions =\r\n fs\r\n .readdirSync(\r\n policyRoot\r\n )\r\n .filter(\r\n (entry) =>\r\n entry.startsWith(\"v\")\r\n )\r\n .sort();\r\n\r\n for (const version of versions) {\r\n\r\n const versionDirectory =\r\n path.join(\r\n policyRoot,\r\n version\r\n );\r\n\r\n const manifestPath =\r\n path.join(\r\n versionDirectory,\r\n \"bundle.manifest.json\"\r\n );\r\n\r\n if (\r\n !fs.existsSync(\r\n manifestPath\r\n )\r\n ) {\r\n continue;\r\n }\r\n\r\n const manifest =\r\n readManifest(\r\n versionDirectory\r\n );\r\n\r\n const manifestResult =\r\n verifyManifest(\r\n manifest,\r\n versionDirectory\r\n );\r\n\r\n if (\r\n !manifestResult.valid\r\n ) {\r\n return false;\r\n }\r\n\r\n const sigPath =\r\n path.join(\r\n versionDirectory,\r\n \"bundle.sig\"\r\n );\r\n\r\n if (\r\n !publicKeyPath \|\|\r\n !fs.existsSync(sigPath)\r\n ) {\r\n continue;\r\n }\r\n\r\n const signature =\r\n readSignature(\r\n versionDirectory\r\n );\r\n\r\n const signatureValid =\r\n verifySignature(\r\n manifestPath,\r\n signature,\r\n publicKeyPath\r\n );\r\n\r\n if (\r\n !signatureValid\r\n ) {\r\n return false;\r\n }\r\n }\r\n\r\n return true;\r\n}\r\n\r\n\r\n\r\n\r\n","import type {\r\n PolicyDefinition,\r\n DefinePolicyRule,\r\n} from \"./types.js\";\r\n\r\n/\r\n Constructs a {@link PolicyDefinition} from a plain config object.\r\n * Use this as the first step in the policy-authoring pipeline before\r\n * serializing the policy to disk and calling {@link generateBundle}.\r\n \r\n @param config - Policy id, version, and rules.\r\n */\r\nexport function definePolicy(config: {\r\n id: string;\r\n version: string;\r\n rules: DefinePolicyRule[];\r\n}): PolicyDefinition {\r\n\r\n return {\r\n id: config.id,\r\n\r\n version: config.version,\r\n\r\n rules: config.rules,\r\n };\r\n}\r\n","export const schemaV1Semantics = {\r\n\r\n schemaVersion:\r\n \"1.0.0\",\r\n\r\n ruleConditionField:\r\n \"condition\",\r\n\r\n ruleOutcomeField:\r\n \"outcome\",\r\n\r\n signalReferenceField:\r\n \"signal\",\r\n\r\n supportedOperators: [\r\n \"equals\",\r\n \"greater_than\",\r\n \"less_than\",\r\n ],\r\n};\r\n","export const schemaV1Operators = {\r\n\r\n equals(\r\n left: unknown,\r\n right: unknown\r\n ): boolean {\r\n\r\n return left === right;\r\n },\r\n\r\n greater_than(\r\n left: number,\r\n right: number\r\n ): boolean {\r\n\r\n return left > right;\r\n },\r\n\r\n less_than(\r\n left: number,\r\n right: number\r\n ): boolean {\r\n\r\n return left < right;\r\n },\r\n};\r\n","import type {\n DecisionResult\n} from \"@parmanasystems/contracts\";\n\nimport {\n schemaV1Operators\n} from \"./operators.js\";\n\nimport type {\n PolicyRule,\n RuleCondition,\n} from \"../../types.js\";\n\nexport interface SchemaV1Policy {\n schemaVersion: string;\n\n signalsSchema:\n Record<string, unknown>;\n\n rules: PolicyRule[];\n}\n\nfunction evaluateCondition(\n condition: RuleCondition,\n signals: Record<string, unknown>\n): boolean {\n\n if (\"all\" in condition) {\n return condition.all.every(\n c =>\n evaluateCondition(\n c,\n signals\n )\n );\n }\n\n if (\"any\" in condition) {\n return condition.any.some(\n c =>\n evaluateCondition(\n c,\n signals\n )\n );\n }\n\n const {\n signal,\n equals,\n greater_than,\n less_than,\n } = condition;\n\n if (!(signal in signals)) {\n\n throw new Error(\n `Signal not found: ${signal}`\n );\n }\n\n const actual =\n signals[signal];\n\n if (equals !== undefined) {\n\n return schemaV1Operators.equals(\n actual,\n equals\n );\n }\n\n if (\n greater_than !== undefined\n ) {\n\n return schemaV1Operators.greater_than(\n actual as number,\n greater_than\n );\n }\n\n if (\n less_than !== undefined\n ) {\n\n return schemaV1Operators.less_than(\n actual as number,\n less_than\n );\n }\n\n return false;\n}\n\nexport function evaluateSchemaV1(\n policy: SchemaV1Policy,\n signals: Record<string, unknown>\n): DecisionResult {\n\n for (const rule of policy.rules) {\n\n const matched =\n evaluateCondition(\n rule.condition,\n signals\n );\n\n if (matched) {\n\n return {\n status: \"decided\",\n\n outcome:\n rule.outcome,\n\n rule_id:\n rule.id,\n\n source:\n \"rule_match\",\n };\n }\n }\n\n return {\n status: \"decided\",\n outcome: {\n action: \"reject\",\n requires_override: false,\n reason: \"[SYS-006] No rule matched — default reject. Add a catch-all rule to make this explicit.\",\n },\n rule_id: \"default\",\n source: \"rule_match\",\n };\n}\n","import type {\r\n DecisionResult\r\n} from \"@parmanasystems/contracts\";\r\n\r\nimport {\r\n evaluateSchemaV1\r\n} from \"./v1/evaluator.js\";\r\n\r\nimport {\r\n schemaV1Operators\r\n} from \"./v1/operators.js\";\r\n\r\nimport {\r\n schemaV1Semantics\r\n} from \"./v1/semantics.js\";\r\n\r\nexport interface SchemaRuntime {\r\n\r\n semantics: unknown;\r\n\r\n operators: unknown;\r\n\r\n evaluate: (\r\n policy: unknown,\r\n signals: Record<string, unknown>\r\n ) => DecisionResult;\r\n}\r\n\r\nconst SUPPORTED_SCHEMA_VERSIONS: Record<string, SchemaRuntime> = {\r\n \"1.0.0\": {\r\n semantics: schemaV1Semantics,\r\n operators: schemaV1Operators,\r\n evaluate: evaluateSchemaV1 as (\r\n policy: unknown,\r\n signals: Record<string, unknown>\r\n ) => DecisionResult,\r\n },\r\n};\r\n\r\nexport function loadSchemaRuntime(\r\n schemaVersion: string\r\n): SchemaRuntime {\r\n\r\n const runtime = SUPPORTED_SCHEMA_VERSIONS[schemaVersion];\r\n\r\n if (!runtime) {\r\n throw new Error(\r\n `Unsupported schema version: ${schemaVersion}. Supported: ${Object.keys(SUPPORTED_SCHEMA_VERSIONS).join(\", \")}`\r\n );\r\n }\r\n\r\n return runtime;\r\n}\r\n"],"mappings":";AAAA,YAAY,QAAQ;AACpB,YAAY,UAAU;AAsBtB,IAAM,4BAA4B,CAAC,OAAO;AAE1C,IAAM,qBAAqB;AAAA,EACzB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,gBAAgB;AAAA,EACpB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,SAAS,kBAAkB,WAA8B;AACvD,MAAI,CAAC,aAAa,OAAO,cAAc,YAAY,MAAM,QAAQ,SAAS,GAAG;AAC3E,WAAO,CAAC;AAAA,EACV;AACA,QAAM,IAAI;AACV,MAAI,OAAO,EAAE,WAAW,SAAU,QAAO,CAAC,EAAE,MAAM;AAClD,MAAI,MAAM,QAAQ,EAAE,GAAG,EAAG,QAAO,EAAE,IAAI,QAAQ,iBAAiB;AAChE,MAAI,MAAM,QAAQ,EAAE,GAAG,EAAG,QAAO,EAAE,IAAI,QAAQ,iBAAiB;AAChE,SAAO,CAAC;AACV;AAEA,SAAS,WAAW,WAA6B;AAC/C,MAAI,CAAC,aAAa,OAAO,cAAc,YAAY,MAAM,QAAQ,SAAS,GAAG;AAC3E,WAAO;AAAA,EACT;AACA,QAAM,IAAI;AACV,SAAO,SAAS,KAAK,MAAM,QAAQ,EAAE,GAAG,KAAK,EAAE,IAAI,WAAW;AAChE;AAEO,SAAS,cAAc,iBAA8C;AAC1E,QAAM,SAA+B,CAAC;AACtC,QAAM,WAAmC,CAAC;AAE1C,MAAI,WAAW;AACf,MAAI,gBAAgB;AAEpB,QAAM,MAAO,CAAC,MAAc,SAAiB,UAC3C,OAAO,KAAK,EAAE,MAAM,SAAS,GAAI,QAAQ,EAAE,MAAM,IAAI,CAAC,EAAG,CAAC;AAC5D,QAAM,OAAO,CAAC,MAAc,YAC1B,SAAS,KAAK,EAAE,MAAM,QAAQ,CAAC;AAGjC,QAAM,aAAkB,UAAK,iBAAiB,aAAa;AAC3D,MAAI,CAAI,cAAW,UAAU,GAAG;AAC9B,QAAI,WAAW,4BAA4B,UAAU,EAAE;AACvD,WAAO,EAAE,OAAO,OAAO,UAAU,eAAe,MAAM,iBAAiB,QAAQ,SAAS;AAAA,EAC1F;AAGA,MAAI;AACJ,MAAI;AACF,UAAM,MAAS,gBAAa,YAAY,MAAM;AAC9C,UAAM,SAAkB,KAAK,MAAM,GAAG;AACtC,QAAI,CAAC,UAAU,OAAO,WAAW,YAAY,MAAM,QAAQ,MAAM,GAAG;AAClE,UAAI,WAAW,4CAA4C;AAC3D,aAAO,EAAE,OAAO,OAAO,UAAU,eAAe,MAAM,iBAAiB,QAAQ,SAAS;AAAA,IAC1F;AACA,cAAU;AAAA,EACZ,SAAS,GAAY;AACnB,UAAM,MAAM,aAAa,QAAQ,EAAE,UAAU,OAAO,CAAC;AACrD,QAAI,WAAW,iBAAiB,GAAG,EAAE;AACrC,WAAO,EAAE,OAAO,OAAO,UAAU,eAAe,MAAM,iBAAiB,QAAQ,SAAS;AAAA,EAC1F;AAGA,MAAI,CAAC,QAAQ,YAAY,OAAO,QAAQ,aAAa,UAAU;AAC7D,QAAI,WAAW,oCAAoC,UAAU;AAAA,EAC/D,OAAO;AACL,eAAW,QAAQ;AAAA,EACrB;AAEA,MAAI,CAAC,QAAQ,iBAAiB,OAAO,QAAQ,kBAAkB,UAAU;AACvE,QAAI,WAAW,yCAAyC,eAAe;AAAA,EACzE,OAAO;AACL,oBAAgB,QAAQ;AAAA,EAC1B;AAEA,MAAI,iBAAiB,CAAC,kBAAkB,KAAK,aAAa,GAAG;AAC3D;AAAA,MACE;AAAA,MACA,4DAA4D,aAAa;AAAA,MACzE;AAAA,IACF;AAAA,EACF;AAEA,MAAI,CAAC,QAAQ,iBAAiB,OAAO,QAAQ,kBAAkB,UAAU;AACvE,QAAI,WAAW,yCAAyC,eAAe;AAAA,EACzE;AAEA,MACE,QAAQ,kBAAkB,QAC1B,QAAQ,kBAAkB,UAC1B,OAAO,QAAQ,kBAAkB,YACjC,MAAM,QAAQ,QAAQ,aAAa,GACnC;AACA,QAAI,WAAW,yCAAyC,eAAe;AAAA,EACzE;AAEA,MAAI,CAAC,MAAM,QAAQ,QAAQ,KAAK,GAAG;AACjC,QAAI,WAAW,iCAAiC,OAAO;AAAA,EACzD;AAGA,MAAI,UAAU;AACZ,UAAM,cAAmB,cAAc,aAAQ,eAAe,CAAC;AAC/D,QAAI,gBAAgB,UAAU;AAC5B;AAAA,QACE;AAAA,QACA,sEAAsE,WAAW,iBAAiB,QAAQ;AAAA,MAC5G;AAAA,IACF;AAAA,EACF;AAGA,MAAI,QAAQ,iBAAiB,OAAO,QAAQ,kBAAkB,UAAU;AACtE,QAAI,CAAC,0BAA0B,SAAS,QAAQ,aAAa,GAAG;AAC9D;AAAA,QACE;AAAA,QACA,8BAA8B,QAAQ,aAAa,gBAAgB,0BAA0B,KAAK,IAAI,CAAC;AAAA,QACvG;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAGA,QAAM,gBAAgB,QAAQ;AAC9B,QAAM,eAAgB,oBAAI,IAAY;AAEtC,MAAI,iBAAiB,OAAO,kBAAkB,YAAY,CAAC,MAAM,QAAQ,aAAa,GAAG;AACvF,eAAW,CAAC,MAAM,GAAG,KAAK,OAAO,QAAQ,aAAa,GAAG;AACvD,mBAAa,IAAI,IAAI;AAErB,UAAI,CAAC,OAAO,OAAO,QAAQ,YAAY,MAAM,QAAQ,GAAG,GAAG;AACzD,YAAI,WAAW,WAAW,IAAI,mCAAmC,IAAI;AACrE;AAAA,MACF;AAEA,YAAM,IAAI;AAEV,UAAI,CAAC,EAAE,QAAQ,OAAO,EAAE,SAAS,UAAU;AACzC,YAAI,WAAW,WAAW,IAAI,mCAAmC,IAAI;AACrE;AAAA,MACF;AAEA,UAAI,CAAC,mBAAmB,SAAS,EAAE,IAAI,GAAG;AACxC;AAAA,UACE;AAAA,UACA,WAAW,IAAI,uBAAuB,EAAE,IAAI,aAAa,mBAAmB,KAAK,IAAI,CAAC;AAAA,UACtF;AAAA,QACF;AAAA,MACF;AAEA,UAAI,EAAE,SAAS,QAAQ;AACrB,YAAI,CAAC,MAAM,QAAQ,EAAE,MAAM,KAAM,EAAE,OAAqB,WAAW,GAAG;AACpE,cAAI,WAAW,WAAW,IAAI,mDAAmD,IAAI;AAAA,QACvF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAGA,QAAM,QAAQ,QAAQ;AAEtB,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,UAAM,UAAU,oBAAI,IAAY;AAEhC,aAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,YAAM,OAAO,MAAM,CAAC;AAEpB,UAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,YAAI,WAAW,iBAAiB,CAAC,8BAA8B;AAC/D;AAAA,MACF;AAEA,YAAM,SACJ,OAAO,KAAK,OAAO,YAAY,KAAK,GAAG,SAAS,IAAI,KAAK,KAAK;AAEhE,UAAI,CAAC,QAAQ;AACX,YAAI,WAAW,iBAAiB,CAAC,8BAA8B;AAC/D;AAAA,MACF;AAEA,UAAI,QAAQ,IAAI,MAAM,GAAG;AACvB,YAAI,WAAW,uBAAuB,MAAM,GAAG;AAAA,MACjD,OAAO;AACL,gBAAQ,IAAI,MAAM;AAAA,MACpB;AAEA,UAAI,CAAC,KAAK,aAAa,OAAO,KAAK,cAAc,YAAY,MAAM,QAAQ,KAAK,SAAS,GAAG;AAC1F,YAAI,WAAW,SAAS,MAAM,sCAAsC;AAAA,MACtE,OAAO;AACL,mBAAW,OAAO,kBAAkB,KAAK,SAAS,GAAG;AACnD,cAAI,aAAa,OAAO,KAAK,CAAC,aAAa,IAAI,GAAG,GAAG;AACnD,iBAAK,WAAW,SAAS,MAAM,wBAAwB,GAAG,wBAAwB;AAAA,UACpF;AAAA,QACF;AAAA,MACF;AAEA,UAAI,CAAC,KAAK,WAAW,OAAO,KAAK,YAAY,YAAY,MAAM,QAAQ,KAAK,OAAO,GAAG;AACpF,YAAI,WAAW,SAAS,MAAM,oCAAoC;AAAA,MACpE,OAAO;AACL,cAAM,UAAU,KAAK;AAErB,YAAI,CAAC,QAAQ,UAAU,CAAC,cAAc,SAAS,QAAQ,MAAgB,GAAG;AACxE;AAAA,YACE;AAAA,YACA,SAAS,MAAM,qBAAqB,QAAQ,MAAM;AAAA,UACpD;AAAA,QACF;AAEA,YAAI,OAAO,QAAQ,sBAAsB,WAAW;AAClD,cAAI,WAAW,SAAS,MAAM,6CAA6C;AAAA,QAC7E;AAEA,YAAI,QAAQ,WAAW,UAAa,OAAO,QAAQ,WAAW,UAAU;AACtE,cAAI,WAAW,SAAS,MAAM,iCAAiC;AAAA,QACjE;AAAA,MACF;AAAA,IACF;AAGA,UAAM,cAAc,MAAM,KAAK,OAAK,WAAY,EAA8B,SAAS,CAAC;AACxF,QAAI,CAAC,aAAa;AAChB;AAAA,QACE;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,OAAO,OAAO,WAAW;AAAA,IACzB;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN;AAAA,IACA;AAAA,EACF;AACF;;;AChRA,YAAYA,SAAQ;AACpB,YAAYC,WAAU;AAUf,SAAS,aACd,UACQ;AACR,QAAM,aAAkB;AAAA,IACtB;AAAA,IACA;AAAA,EACF;AAEA,QAAM,mBACC;AAAA,IACH;AAAA,IACA;AAAA,EACF;AAEF,MAAO,eAAW,UAAU,GAAG;AAC7B,UAAM,IAAI;AAAA,MACR,0BAA0B,QAAQ;AAAA,IACpC;AAAA,EACF;AAEA,EAAG;AAAA,IACD;AAAA,IACA;AAAA,MACE,WAAW;AAAA,IACb;AAAA,EACF;AAEA,EAAG;AAAA,IACI;AAAA,MACH;AAAA,MACA;AAAA,IACF;AAAA,IAEA,KAAK;AAAA,MACH;AAAA,QACE;AAAA,QACA,eAAe;AAAA,QACf,eAAe;AAAA,QACf,eAAe,CAAC;AAAA,QAChB,OAAO,CAAC;AAAA,MACV;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,IAEA;AAAA,EACF;AAEA,SAAO;AACT;;;AC5DA,YAAYC,WAAU;AAEtB;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAEP;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAkCA,SAAS,eACd,UACA,eACA,iBACA,QACwB;AAExB,QAAM,YACC;AAAA,IACH;AAAA,EACF;AAGF,QAAM,gBAAgB,cAAc,SAAS;AAE7C,MAAI,cAAc,OAAO,SAAS,GAAG;AACnC,UAAM,WAAW,cAAc,OAC5B,IAAI,OAAK,KAAK,EAAE,IAAI,KAAK,EAAE,OAAO,EAAE,EACpC,KAAK,IAAI;AACZ,UAAM,IAAI;AAAA,MACR;AAAA,EAAuD,QAAQ;AAAA,IACjE;AAAA,EACF;AAEA,aAAW,KAAK,cAAc,UAAU;AACtC,YAAQ,KAAK,qBAAqB,EAAE,IAAI,KAAK,EAAE,OAAO,EAAE;AAAA,EAC1D;AAEA,QAAM,WACJ;AAAA,IACE;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEF;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAEA,QAAM,eACC;AAAA,IACH;AAAA,IACA;AAAA,EACF;AAEF,MAAI,QAAQ;AACV,UAAM,YACJ;AAAA,MACE;AAAA,MACA,OAAO;AAAA,IACT;AAEF;AAAA,MACE;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IAET,eACE;AAAA,IAEF,gBACE,SACS,WAAK,WAAW,YAAY,IACjC;AAAA,IAEN,aACE,SAAS;AAAA,EACb;AACF;;;ACrHA,YAAYC,SAAQ;AACpB,YAAYC,WAAU;AAYf,SAAS,cACd,UACQ;AACR,QAAM,aAAkB;AAAA,IACtB;AAAA,IACA;AAAA,EACF;AAEA,MAAI,CAAI,eAAW,UAAU,GAAG;AAC9B,UAAM,IAAI;AAAA,MACR,0BAA0B,QAAQ;AAAA,IACpC;AAAA,EACF;AAEA,QAAM,UAAa,gBAAY,UAAU;AAGzC,QAAM,WAAW,QAAQ;AAAA,IACvB,CAAC,MAAM,kBAAkB,KAAK,CAAC,KAAK,SAAS,KAAK,CAAC;AAAA,EACrD;AAEA,MAAI,SAAS,WAAW,GAAG;AACzB,UAAM,IAAI;AAAA,MACR,4CAA4C,QAAQ;AAAA,IACtD;AAAA,EACF;AAEA,QAAM,QAAQ,CAAC,MACb,EAAE,QAAQ,MAAM,EAAE,EAAE,MAAM,GAAG,EAAE,IAAI,MAAM;AAE3C,WAAS,KAAK,CAAC,GAAG,MAAM;AACtB,UAAM,CAAC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,MAAM,CAAC;AAC5C,UAAM,CAAC,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,MAAM,CAAC;AAC5C,WAAO,SAAS,OAAO,OAAO,OACvB,SAAS,OAAO,OAAO,OACvB,SAAS;AAAA,EAClB,CAAC;AAED,QAAM,gBACJ,SAAS,SAAS,SAAS,CAAC;AAE9B,MAAI;AAEJ,MAAI,kBAAkB,KAAK,aAAa,GAAG;AACzC,UAAM,CAAC,KAAK,KAAK,KAAK,IAAI,cAAc,MAAM,GAAG,EAAE,IAAI,MAAM;AAC7D,kBAAc,GAAG,GAAG,IAAI,GAAG,IAAI,QAAQ,CAAC;AAAA,EAC1C,OAAO;AACL,UAAM,eAAe,OAAO,cAAc,QAAQ,KAAK,EAAE,CAAC;AAC1D,kBAAc,IAAI,eAAe,CAAC;AAAA,EACpC;AAEA,QAAM,kBACC,WAAK,YAAY,aAAa;AAErC,QAAM,gBACC,WAAK,YAAY,WAAW;AAEnC,EAAG,WAAO,iBAAiB,eAAe,EAAE,WAAW,KAAK,CAAC;AAE7D,QAAM,aAAkB,WAAK,eAAe,aAAa;AAEzD,QAAM,UAAU,KAAK;AAAA,IAChB,iBAAa,YAAY,MAAM;AAAA,EACpC;AAEA,MAAI,mBAAmB,SAAS;AAC9B,YAAQ,gBAAgB;AAAA,EAC1B,OAAO;AACL,YAAQ,UAAU;AAAA,EACpB;AAEA,EAAG;AAAA,IACD;AAAA,IACA,KAAK,UAAU,SAAS,MAAM,CAAC;AAAA,IAC/B;AAAA,EACF;AAEA,SAAO;AACT;;;AC3FA,YAAYC,SAAQ;AACpB,YAAYC,WAAU;AAEtB;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAEP;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAmBA,SAAS,eACd,UACA,eACS;AAET,QAAM,aACC;AAAA,IACH;AAAA,IACA;AAAA,EACF;AAEF,MACE,CAAI;AAAA,IACF;AAAA,EACF,GACA;AACA,UAAM,IAAI;AAAA,MACR,0BAA0B,QAAQ;AAAA,IACpC;AAAA,EACF;AAEA,QAAM,WAED;AAAA,IACC;AAAA,EACF,EACC;AAAA,IACC,CAAC,UACC,MAAM,WAAW,GAAG;AAAA,EACxB,EACC,KAAK;AAEV,aAAW,WAAW,UAAU;AAE9B,UAAM,mBACC;AAAA,MACH;AAAA,MACA;AAAA,IACF;AAEF,UAAM,eACC;AAAA,MACH;AAAA,MACA;AAAA,IACF;AAEF,QACE,CAAI;AAAA,MACF;AAAA,IACF,GACA;AACA;AAAA,IACF;AAEA,UAAM,WACJ;AAAA,MACE;AAAA,IACF;AAEF,UAAM,iBACJ;AAAA,MACE;AAAA,MACA;AAAA,IACF;AAEF,QACE,CAAC,eAAe,OAChB;AACA,aAAO;AAAA,IACT;AAEA,UAAM,UACC;AAAA,MACH;AAAA,MACA;AAAA,IACF;AAEF,QACE,CAAC,iBACD,CAAI,eAAW,OAAO,GACtB;AACA;AAAA,IACF;AAEA,UAAM,YACJ;AAAA,MACE;AAAA,IACF;AAEF,UAAM,iBACJ;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAEF,QACE,CAAC,gBACD;AACA,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;;;AC1HO,SAAS,aAAa,QAIR;AAEnB,SAAO;AAAA,IACL,IAAI,OAAO;AAAA,IAEX,SAAS,OAAO;AAAA,IAEhB,OAAO,OAAO;AAAA,EAChB;AACF;;;ACzBO,IAAM,oBAAoB;AAAA,EAE/B,eACE;AAAA,EAEF,oBACE;AAAA,EAEF,kBACE;AAAA,EAEF,sBACE;AAAA,EAEF,oBAAoB;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;ACnBO,IAAM,oBAAoB;AAAA,EAE/B,OACE,MACA,OACS;AAET,WAAO,SAAS;AAAA,EAClB;AAAA,EAEA,aACE,MACA,OACS;AAET,WAAO,OAAO;AAAA,EAChB;AAAA,EAEA,UACE,MACA,OACS;AAET,WAAO,OAAO;AAAA,EAChB;AACF;;;ACHA,SAAS,kBACP,WACA,SACS;AAET,MAAI,SAAS,WAAW;AACtB,WAAO,UAAU,IAAI;AAAA,MACnB,OACE;AAAA,QACE;AAAA,QACA;AAAA,MACF;AAAA,IACJ;AAAA,EACF;AAEA,MAAI,SAAS,WAAW;AACtB,WAAO,UAAU,IAAI;AAAA,MACnB,OACE;AAAA,QACE;AAAA,QACA;AAAA,MACF;AAAA,IACJ;AAAA,EACF;AAEA,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,EAAE,UAAU,UAAU;AAExB,UAAM,IAAI;AAAA,MACR,qBAAqB,MAAM;AAAA,IAC7B;AAAA,EACF;AAEA,QAAM,SACJ,QAAQ,MAAM;AAEhB,MAAI,WAAW,QAAW;AAExB,WAAO,kBAAkB;AAAA,MACvB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,MACE,iBAAiB,QACjB;AAEA,WAAO,kBAAkB;AAAA,MACvB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,MACE,cAAc,QACd;AAEA,WAAO,kBAAkB;AAAA,MACvB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,iBACd,QACA,SACgB;AAEhB,aAAW,QAAQ,OAAO,OAAO;AAE/B,UAAM,UACJ;AAAA,MACE,KAAK;AAAA,MACL;AAAA,IACF;AAEF,QAAI,SAAS;AAEX,aAAO;AAAA,QACL,QAAQ;AAAA,QAER,SACE,KAAK;AAAA,QAEP,SACE,KAAK;AAAA,QAEP,QACE;AAAA,MACJ;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,QAAQ;AAAA,MACR,mBAAmB;AAAA,MACnB,QAAQ;AAAA,IACV;AAAA,IACA,SAAS;AAAA,IACT,QAAQ;AAAA,EACV;AACF;;;AC3GA,IAAMC,6BAA2D;AAAA,EAC/D,SAAS;AAAA,IACP,WAAW;AAAA,IACX,WAAW;AAAA,IACX,UAAU;AAAA,EAIZ;AACF;AAEO,SAAS,kBACd,eACe;AAEf,QAAM,UAAUA,2BAA0B,aAAa;AAEvD,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI;AAAA,MACR,+BAA+B,aAAa,gBAAgB,OAAO,KAAKA,0BAAyB,EAAE,KAAK,IAAI,CAAC;AAAA,IAC/G;AAAA,EACF;AAEA,SAAO;AACT;","names":["fs","path","path","fs","path","fs","path","SUPPORTED_SCHEMA_VERSIONS"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@parmanasystems/governance",
-  "version": "1.80.0",
+  "version": "1.83.0",
   "private": false,
   "type": "module",
   "scripts": {
@@ -18,9 +18,9 @@
   ],
   "sideEffects": false,
   "dependencies": {
-    "@parmanasystems/bundle": "^1.80.0",
-    "@parmanasystems/crypto": "^1.80.0",
-    "@parmanasystems/contracts": "^1.80.0"
+    "@parmanasystems/bundle": "^1.83.0",
+    "@parmanasystems/crypto": "^1.83.0",
+    "@parmanasystems/contracts": "^1.83.0"
   },
   "description": "Deterministic governance lifecycle and policy infrastructure for parmanasystems.",
   "license": "Apache-2.0",