@peac/policy-kit 0.10.8 → 0.10.10

package/dist/evaluate.js

@@ -1,258 +0,0 @@
-"use strict";
-/**
- * PEAC Policy Kit Evaluation
- *
- * Deterministic policy evaluation for CAL semantics.
- * First-match-wins rule semantics.
- *
- * @packageDocumentation
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.evaluate = evaluate;
-exports.explainMatches = explainMatches;
-exports.findEffectiveRule = findEffectiveRule;
-exports.isAllowed = isAllowed;
-exports.isDenied = isDenied;
-exports.requiresReview = requiresReview;
-exports.evaluateBatch = evaluateBatch;
-/**
- * Check if a value matches a single-or-array pattern
- *
- * @param value - Value to check
- * @param pattern - Single value or array of values
- * @returns true if value matches pattern
- */
-function matchesSingleOrArray(value, pattern) {
-    // If no pattern specified, match anything
-    if (pattern === undefined) {
-        return true;
-    }
-    // If no value and pattern exists, no match
-    if (value === undefined) {
-        return false;
-    }
-    // Check against array or single value
-    if (Array.isArray(pattern)) {
-        return pattern.includes(value);
-    }
-    return value === pattern;
-}
-/**
- * Check if a subject ID matches a pattern
- *
- * Supports:
- * - Exact match: "user:abc123"
- * - Prefix match with wildcard: "user:*" matches "user:abc123"
- *
- * @param id - Subject ID to check
- * @param pattern - Pattern to match against
- * @returns true if ID matches pattern
- */
-function matchesIdPattern(id, pattern) {
-    // No pattern = match anything
-    if (pattern === undefined) {
-        return true;
-    }
-    // No ID but pattern exists = no match
-    if (id === undefined) {
-        return false;
-    }
-    // Wildcard prefix match
-    if (pattern.endsWith('*')) {
-        const prefix = pattern.slice(0, -1);
-        return id.startsWith(prefix);
-    }
-    // Exact match
-    return id === pattern;
-}
-/**
- * Check if subject labels contain all required labels
- *
- * @param subjectLabels - Labels on the subject
- * @param requiredLabels - Labels required by the rule
- * @returns true if subject has all required labels
- */
-function hasAllLabels(subjectLabels, requiredLabels) {
-    // No required labels = match
-    if (requiredLabels === undefined || requiredLabels.length === 0) {
-        return true;
-    }
-    // Required labels but no subject labels = no match
-    if (subjectLabels === undefined || subjectLabels.length === 0) {
-        return false;
-    }
-    // Check all required labels are present
-    return requiredLabels.every((label) => subjectLabels.includes(label));
-}
-/**
- * Check if a subject matches a subject matcher
- *
- * @param subject - Subject from evaluation context
- * @param matcher - Subject matcher from rule
- * @returns true if subject matches all criteria
- */
-function matchesSubject(subject, matcher) {
-    // No matcher = match any subject
-    if (matcher === undefined) {
-        return true;
-    }
-    // Check type
-    if (!matchesSingleOrArray(subject?.type, matcher.type)) {
-        return false;
-    }
-    // Check labels (must have ALL required labels)
-    if (!hasAllLabels(subject?.labels, matcher.labels)) {
-        return false;
-    }
-    // Check ID pattern
-    if (!matchesIdPattern(subject?.id, matcher.id)) {
-        return false;
-    }
-    return true;
-}
-/**
- * Check if a rule matches the evaluation context
- *
- * All criteria must match (AND logic).
- *
- * @param rule - Policy rule to check
- * @param context - Evaluation context
- * @returns true if rule matches context
- */
-function ruleMatches(rule, context) {
-    // Check subject
-    if (!matchesSubject(context.subject, rule.subject)) {
-        return false;
-    }
-    // Check purpose
-    if (!matchesSingleOrArray(context.purpose, rule.purpose)) {
-        return false;
-    }
-    // Check licensing mode
-    if (!matchesSingleOrArray(context.licensing_mode, rule.licensing_mode)) {
-        return false;
-    }
-    return true;
-}
-/**
- * Evaluate a policy against a context
- *
- * Uses first-match-wins semantics:
- * - Rules are evaluated in order
- * - First matching rule determines the decision
- * - If no rule matches, defaults are applied
- *
- * @param policy - Policy document
- * @param context - Evaluation context
- * @returns Evaluation result
- */
-function evaluate(policy, context) {
-    // Find first matching rule
-    for (const rule of policy.rules) {
-        if (ruleMatches(rule, context)) {
-            return {
-                decision: rule.decision,
-                matched_rule: rule.name,
-                reason: rule.reason,
-                is_default: false,
-            };
-        }
-    }
-    // No rule matched, apply defaults
-    return {
-        decision: policy.defaults.decision,
-        reason: policy.defaults.reason,
-        is_default: true,
-    };
-}
-/**
- * Explain which rules could potentially match a context
- *
- * Useful for debugging and policy analysis.
- * Returns all rules that would match if evaluated, in order.
- *
- * @param policy - Policy document
- * @param context - Evaluation context
- * @returns Array of rule names that match, or 'default' if none
- */
-function explainMatches(policy, context) {
-    const matches = [];
-    for (const rule of policy.rules) {
-        if (ruleMatches(rule, context)) {
-            matches.push(rule.name);
-        }
-    }
-    if (matches.length === 0) {
-        matches.push('[default]');
-    }
-    return matches;
-}
-/**
- * Find the effective rule for a context
- *
- * Same as evaluate() but returns the full rule object.
- *
- * @param policy - Policy document
- * @param context - Evaluation context
- * @returns Matched rule or undefined if default applies
- */
-function findEffectiveRule(policy, context) {
-    for (const rule of policy.rules) {
-        if (ruleMatches(rule, context)) {
-            return rule;
-        }
-    }
-    return undefined;
-}
-/**
- * Check if a policy would allow a given context
- *
- * Convenience helper for common allow/deny checks.
- *
- * @param policy - Policy document
- * @param context - Evaluation context
- * @returns true if decision is 'allow'
- */
-function isAllowed(policy, context) {
-    const result = evaluate(policy, context);
-    return result.decision === 'allow';
-}
-/**
- * Check if a policy would deny a given context
- *
- * Convenience helper for common allow/deny checks.
- *
- * @param policy - Policy document
- * @param context - Evaluation context
- * @returns true if decision is 'deny'
- */
-function isDenied(policy, context) {
-    const result = evaluate(policy, context);
-    return result.decision === 'deny';
-}
-/**
- * Check if a policy requires review for a given context
- *
- * Convenience helper for review checks.
- *
- * @param policy - Policy document
- * @param context - Evaluation context
- * @returns true if decision is 'review'
- */
-function requiresReview(policy, context) {
-    const result = evaluate(policy, context);
-    return result.decision === 'review';
-}
-/**
- * Batch evaluate multiple contexts against a policy
- *
- * Useful for testing or bulk authorization checks.
- *
- * @param policy - Policy document
- * @param contexts - Array of evaluation contexts
- * @returns Array of evaluation results (same order as contexts)
- */
-function evaluateBatch(policy, contexts) {
-    return contexts.map((context) => evaluate(policy, context));
-}
-//# sourceMappingURL=evaluate.js.map

package/dist/evaluate.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"evaluate.js","sourceRoot":"","sources":["../src/evaluate.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AA0KH,4BAmBC;AAYD,wCAcC;AAWD,8CAUC;AAWD,8BAGC;AAWD,4BAGC;AAWD,wCAGC;AAWD,sCAKC;AAzRD;;;;;;GAMG;AACH,SAAS,oBAAoB,CAAI,KAAoB,EAAE,OAA4B;IACjF,0CAA0C;IAC1C,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,2CAA2C;IAC3C,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,sCAAsC;IACtC,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,OAAO,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IAED,OAAO,KAAK,KAAK,OAAO,CAAC;AAC3B,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAS,gBAAgB,CAAC,EAAsB,EAAE,OAA2B;IAC3E,8BAA8B;IAC9B,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,sCAAsC;IACtC,IAAI,EAAE,KAAK,SAAS,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,wBAAwB;IACxB,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACpC,OAAO,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC/B,CAAC;IAED,cAAc;IACd,OAAO,EAAE,KAAK,OAAO,CAAC;AACxB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,YAAY,CACnB,aAAmC,EACnC,cAAoC;IAEpC,6BAA6B;IAC7B,IAAI,cAAc,KAAK,SAAS,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,mDAAmD;IACnD,IAAI,aAAa,KAAK,SAAS,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,wCAAwC;IACxC,OAAO,cAAc,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;AACxE,CAAC;AAED;;;;;;GAMG;AACH,SAAS,cAAc,CACrB,OAAqC,EACrC,OAAmC;IAEnC,iCAAiC;IACjC,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,aAAa;IACb,IAAI,CAAC,oBAAoB,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACvD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,+CAA+C;IAC/C,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACnD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,mBAAmB;IACnB,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC;QAC/C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,WAAW,CAAC,IAAgB,EAAE,OAA0B;IAC/D,gBAAgB;IAChB,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,gBAAgB;IAChB,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACzD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,uBAAuB;IACvB,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,cAAc,EAAE,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;QACvE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAgB,QAAQ,CAAC,MAAsB,EAAE,OAA0B;IACzE,2BAA2B;IAC3B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QAChC,IAAI,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;YAC/B,OAAO;gBACL,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,YAAY,EAAE,IAAI,CAAC,IAAI;gBACvB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,UAAU,EAAE,KAAK;aAClB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;QAClC,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM;QAC9B,UAAU,EAAE,IAAI;KACjB,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,cAAc,CAAC,MAAsB,EAAE,OAA0B;IAC/E,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QAChC,IAAI,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;YAC/B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC5B,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,iBAAiB,CAC/B,MAAsB,EACtB,OAA0B;IAE1B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QAChC,IAAI,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,SAAS,CAAC,MAAsB,EAAE,OAA0B;IAC1E,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,OAAO,MAAM,CAAC,QAAQ,KAAK,OAAO,CAAC;AACrC,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,QAAQ,CAAC,MAAsB,EAAE,OAA0B;IACzE,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,OAAO,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC;AACpC,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,cAAc,CAAC,MAAsB,EAAE,OAA0B;IAC/E,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC;AACtC,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,aAAa,CAC3B,MAAsB,EACtB,QAA6B;IAE7B,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AAC9D,CAAC"}

package/dist/generated/profiles.js

@@ -1,212 +0,0 @@
-"use strict";
-/**
- * Generated Profile Definitions
- *
- * DO NOT EDIT MANUALLY - Generated by scripts/generate-profiles.ts
- * Source: profiles/*.yaml
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.PROFILES = exports.PROFILE_IDS = void 0;
-/**
- * Available profile IDs
- */
-exports.PROFILE_IDS = ['api-provider', 'news-media', 'open-source', 'saas-docs'];
-/**
- * All profiles indexed by ID
- */
-exports.PROFILES = {
-    'api-provider': {
-        defaults: {
-            rate_limit: {
-                limit: 200,
-                window_seconds: 3600,
-            },
-            requirements: {
-                receipt: true,
-            },
-        },
-        description: 'Policy profile for API providers and developer platforms.\nAllows search indexing for API discoverability.\nBlocks training to protect API design and documentation IP.\nRequires receipts for inference to enable usage tracking.\n',
-        id: 'api-provider',
-        name: 'API Provider',
-        parameters: {
-            contact: {
-                description: 'Developer relations or API support email',
-                example: 'api-support@example.com',
-                required: true,
-                validate: 'email',
-            },
-            negotiate_url: {
-                description: 'URL for API access negotiation',
-                required: false,
-                validate: 'url',
-            },
-            rate_limit: {
-                default: '200/hour',
-                description: 'Rate limit for API documentation access',
-                validate: 'rate_limit',
-            },
-        },
-        policy: {
-            defaults: {
-                decision: 'deny',
-                reason: 'Default deny - explicit permission required',
-            },
-            name: 'API Provider Policy',
-            rules: [
-                {
-                    decision: 'allow',
-                    name: 'allow-discovery',
-                    purpose: ['crawl', 'index', 'search', 'ai_index'],
-                    reason: 'Allow API discovery and search indexing',
-                },
-                {
-                    decision: 'deny',
-                    name: 'block-training',
-                    purpose: 'train',
-                    reason: 'API documentation training requires license',
-                },
-                {
-                    decision: 'review',
-                    name: 'inference-with-receipt',
-                    purpose: ['inference', 'ai_input'],
-                    reason: 'Inference requires valid PEAC receipt for tracking',
-                },
-            ],
-            version: 'peac-policy/0.1',
-        },
-    },
-    'news-media': {
-        defaults: {
-            rate_limit: {
-                limit: 100,
-                window_seconds: 3600,
-            },
-            requirements: {
-                receipt: true,
-            },
-        },
-        description: 'Policy profile for news and media publishers.\nAllows search engine indexing while blocking unauthorized AI training.\nInference access requires a valid PEAC receipt.\n',
-        id: 'news-media',
-        name: 'News Media Publisher',
-        parameters: {
-            contact: {
-                description: 'Contact email for licensing inquiries',
-                example: 'licensing@example.com',
-                required: true,
-                validate: 'email',
-            },
-            negotiate_url: {
-                description: 'URL for license negotiation',
-                required: false,
-                validate: 'url',
-            },
-            rate_limit: {
-                default: '100/hour',
-                description: 'Rate limit for allowed purposes',
-                validate: 'rate_limit',
-            },
-        },
-        policy: {
-            defaults: {
-                decision: 'deny',
-                reason: 'Default deny - explicit permission required',
-            },
-            name: 'News Media Policy',
-            rules: [
-                {
-                    decision: 'allow',
-                    name: 'allow-search-indexing',
-                    purpose: ['crawl', 'index', 'search', 'ai_index'],
-                    reason: 'Allow discovery and search engine indexing',
-                },
-                {
-                    decision: 'deny',
-                    name: 'block-training',
-                    purpose: 'train',
-                    reason: 'Training requires explicit licensing agreement',
-                },
-                {
-                    decision: 'review',
-                    name: 'inference-needs-receipt',
-                    purpose: ['inference', 'ai_input'],
-                    reason: 'Inference access requires valid PEAC receipt',
-                },
-            ],
-            version: 'peac-policy/0.1',
-        },
-    },
-    'open-source': {
-        defaults: {
-            rate_limit: {
-                limit: 1000,
-                window_seconds: 3600,
-            },
-        },
-        description: 'Policy profile for open source projects.\nFully open access including AI training.\nEncourages broad AI ecosystem adoption.\nReceipts are optional for attribution tracking.\n',
-        id: 'open-source',
-        name: 'Open Source Project',
-        parameters: {
-            attribution: {
-                default: 'optional',
-                description: 'Attribution requirement',
-                example: 'required',
-            },
-            contact: {
-                description: 'Project contact or maintainer email',
-                example: 'maintainer@example.com',
-                required: false,
-                validate: 'email',
-            },
-        },
-        policy: {
-            defaults: {
-                decision: 'allow',
-                reason: 'Open source - all access permitted',
-            },
-            name: 'Open Source Policy',
-            rules: [],
-            version: 'peac-policy/0.1',
-        },
-    },
-    'saas-docs': {
-        defaults: {
-            rate_limit: {
-                limit: 500,
-                window_seconds: 3600,
-            },
-        },
-        description: 'Policy profile for SaaS documentation sites.\nOpen access for search and inference to improve discoverability.\nTraining blocked to protect proprietary documentation.\nReceipts are optional to encourage AI agent adoption.\n',
-        id: 'saas-docs',
-        name: 'SaaS Documentation',
-        parameters: {
-            contact: {
-                description: 'Contact email for questions',
-                example: 'docs@example.com',
-                required: false,
-                validate: 'email',
-            },
-            rate_limit: {
-                default: '500/hour',
-                description: 'Rate limit for access',
-                validate: 'rate_limit',
-            },
-        },
-        policy: {
-            defaults: {
-                decision: 'allow',
-                reason: 'Open by default for documentation',
-            },
-            name: 'SaaS Documentation Policy',
-            rules: [
-                {
-                    decision: 'deny',
-                    name: 'block-training',
-                    purpose: 'train',
-                    reason: 'Proprietary documentation - training requires license',
-                },
-            ],
-            version: 'peac-policy/0.1',
-        },
-    },
-};
-//# sourceMappingURL=profiles.js.map

package/dist/generated/profiles.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"profiles.js","sourceRoot":"","sources":["../../src/generated/profiles.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAIH;;GAEG;AACU,QAAA,WAAW,GAAG,CAAC,cAAc,EAAE,YAAY,EAAE,aAAa,EAAE,WAAW,CAAU,CAAC;AAI/F;;GAEG;AACU,QAAA,QAAQ,GAAyC;IAC5D,cAAc,EAAE;QACd,QAAQ,EAAE;YACR,UAAU,EAAE;gBACV,KAAK,EAAE,GAAG;gBACV,cAAc,EAAE,IAAI;aACrB;YACD,YAAY,EAAE;gBACZ,OAAO,EAAE,IAAI;aACd;SACF;QACD,WAAW,EACT,sOAAsO;QACxO,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,cAAc;QACpB,UAAU,EAAE;YACV,OAAO,EAAE;gBACP,WAAW,EAAE,0CAA0C;gBACvD,OAAO,EAAE,yBAAyB;gBAClC,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,OAAO;aAClB;YACD,aAAa,EAAE;gBACb,WAAW,EAAE,gCAAgC;gBAC7C,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,KAAK;aAChB;YACD,UAAU,EAAE;gBACV,OAAO,EAAE,UAAU;gBACnB,WAAW,EAAE,yCAAyC;gBACtD,QAAQ,EAAE,YAAY;aACvB;SACF;QACD,MAAM,EAAE;YACN,QAAQ,EAAE;gBACR,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,6CAA6C;aACtD;YACD,IAAI,EAAE,qBAAqB;YAC3B,KAAK,EAAE;gBACL;oBACE,QAAQ,EAAE,OAAO;oBACjB,IAAI,EAAE,iBAAiB;oBACvB,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,CAAC;oBACjD,MAAM,EAAE,yCAAyC;iBAClD;gBACD;oBACE,QAAQ,EAAE,MAAM;oBAChB,IAAI,EAAE,gBAAgB;oBACtB,OAAO,EAAE,OAAO;oBAChB,MAAM,EAAE,6CAA6C;iBACtD;gBACD;oBACE,QAAQ,EAAE,QAAQ;oBAClB,IAAI,EAAE,wBAAwB;oBAC9B,OAAO,EAAE,CAAC,WAAW,EAAE,UAAU,CAAC;oBAClC,MAAM,EAAE,oDAAoD;iBAC7D;aACF;YACD,OAAO,EAAE,iBAAiB;SAC3B;KACF;IACD,YAAY,EAAE;QACZ,QAAQ,EAAE;YACR,UAAU,EAAE;gBACV,KAAK,EAAE,GAAG;gBACV,cAAc,EAAE,IAAI;aACrB;YACD,YAAY,EAAE;gBACZ,OAAO,EAAE,IAAI;aACd;SACF;QACD,WAAW,EACT,0KAA0K;QAC5K,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,sBAAsB;QAC5B,UAAU,EAAE;YACV,OAAO,EAAE;gBACP,WAAW,EAAE,uCAAuC;gBACpD,OAAO,EAAE,uBAAuB;gBAChC,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,OAAO;aAClB;YACD,aAAa,EAAE;gBACb,WAAW,EAAE,6BAA6B;gBAC1C,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,KAAK;aAChB;YACD,UAAU,EAAE;gBACV,OAAO,EAAE,UAAU;gBACnB,WAAW,EAAE,iCAAiC;gBAC9C,QAAQ,EAAE,YAAY;aACvB;SACF;QACD,MAAM,EAAE;YACN,QAAQ,EAAE;gBACR,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,6CAA6C;aACtD;YACD,IAAI,EAAE,mBAAmB;YACzB,KAAK,EAAE;gBACL;oBACE,QAAQ,EAAE,OAAO;oBACjB,IAAI,EAAE,uBAAuB;oBAC7B,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,CAAC;oBACjD,MAAM,EAAE,4CAA4C;iBACrD;gBACD;oBACE,QAAQ,EAAE,MAAM;oBAChB,IAAI,EAAE,gBAAgB;oBACtB,OAAO,EAAE,OAAO;oBAChB,MAAM,EAAE,gDAAgD;iBACzD;gBACD;oBACE,QAAQ,EAAE,QAAQ;oBAClB,IAAI,EAAE,yBAAyB;oBAC/B,OAAO,EAAE,CAAC,WAAW,EAAE,UAAU,CAAC;oBAClC,MAAM,EAAE,8CAA8C;iBACvD;aACF;YACD,OAAO,EAAE,iBAAiB;SAC3B;KACF;IACD,aAAa,EAAE;QACb,QAAQ,EAAE;YACR,UAAU,EAAE;gBACV,KAAK,EAAE,IAAI;gBACX,cAAc,EAAE,IAAI;aACrB;SACF;QACD,WAAW,EACT,gLAAgL;QAClL,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,qBAAqB;QAC3B,UAAU,EAAE;YACV,WAAW,EAAE;gBACX,OAAO,EAAE,UAAU;gBACnB,WAAW,EAAE,yBAAyB;gBACtC,OAAO,EAAE,UAAU;aACpB;YACD,OAAO,EAAE;gBACP,WAAW,EAAE,qCAAqC;gBAClD,OAAO,EAAE,wBAAwB;gBACjC,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,OAAO;aAClB;SACF;QACD,MAAM,EAAE;YACN,QAAQ,EAAE;gBACR,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,oCAAoC;aAC7C;YACD,IAAI,EAAE,oBAAoB;YAC1B,KAAK,EAAE,EAAE;YACT,OAAO,EAAE,iBAAiB;SAC3B;KACF;IACD,WAAW,EAAE;QACX,QAAQ,EAAE;YACR,UAAU,EAAE;gBACV,KAAK,EAAE,GAAG;gBACV,cAAc,EAAE,IAAI;aACrB;SACF;QACD,WAAW,EACT,iOAAiO;QACnO,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,oBAAoB;QAC1B,UAAU,EAAE;YACV,OAAO,EAAE;gBACP,WAAW,EAAE,6BAA6B;gBAC1C,OAAO,EAAE,kBAAkB;gBAC3B,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,OAAO;aAClB;YACD,UAAU,EAAE;gBACV,OAAO,EAAE,UAAU;gBACnB,WAAW,EAAE,uBAAuB;gBACpC,QAAQ,EAAE,YAAY;aACvB;SACF;QACD,MAAM,EAAE;YACN,QAAQ,EAAE;gBACR,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,mCAAmC;aAC5C;YACD,IAAI,EAAE,2BAA2B;YACjC,KAAK,EAAE;gBACL;oBACE,QAAQ,EAAE,MAAM;oBAChB,IAAI,EAAE,gBAAgB;oBACtB,OAAO,EAAE,OAAO;oBAChB,MAAM,EAAE,uDAAuD;iBAChE;aACF;YACD,OAAO,EAAE,iBAAiB;SAC3B;KACF;CACF,CAAC"}

package/dist/index.js

@@ -1,120 +0,0 @@
-"use strict";
-/**
- * PEAC Policy Kit
- *
- * Deterministic policy evaluation for Control Abstraction Layer (CAL) semantics.
- *
- * Features:
- * - File-based policy format (YAML or JSON)
- * - First-match-wins rule semantics
- * - Subject matching by type, labels, and ID patterns
- * - Purpose and licensing mode matching
- * - No scripting, no dynamic code
- * - Deterministic, auditable, side-effect free
- *
- * @example
- * ```typescript
- * import { loadPolicy, evaluate } from '@peac/policy-kit';
- *
- * const policy = loadPolicy('peac-policy.yaml');
- *
- * const result = evaluate(policy, {
- *   subject: { type: 'human', labels: ['subscribed'] },
- *   purpose: 'crawl',
- *   licensing_mode: 'subscription',
- * });
- *
- * console.log(result.decision); // 'allow' | 'deny' | 'review'
- * ```
- *
- * @packageDocumentation
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.enforcePurposeDecision = exports.enforceForHttp = exports.getChallengeHeader = exports.requiresChallenge = exports.enforceDecision = exports.ProfileError = exports.getProfileSummary = exports.getAllProfiles = exports.customizeProfile = exports.validateProfileParams = exports.getProfile = exports.loadProfile = exports.hasProfile = exports.listProfiles = exports.PROFILE_IDS = exports.PROFILES = exports.renderPolicyMarkdown = exports.compileAiprefTemplates = exports.compileRobotsSnippet = exports.compilePeacTxt = exports.PEAC_PROTOCOL_VERSION = exports.evaluateBatch = exports.requiresReview = exports.isDenied = exports.isAllowed = exports.findEffectiveRule = exports.explainMatches = exports.evaluate = exports.PolicyValidationError = exports.PolicyLoadError = exports.serializePolicyJson = exports.serializePolicyYaml = exports.createExamplePolicy = exports.policyFileExists = exports.validatePolicy = exports.parsePolicy = exports.loadPolicy = exports.EnforcementProfileSchema = exports.PolicyConstraintsSchema = exports.ProfileDefinitionSchema = exports.ProfileParameterSchema = exports.DecisionRequirementsSchema = exports.RateLimitConfigSchema = exports.PolicyDocumentSchema = exports.PolicyDefaultsSchema = exports.PolicyRuleSchema = exports.SubjectMatcherSchema = exports.formatRateLimit = exports.parseRateLimit = exports.POLICY_VERSION = void 0;
-exports.getRetryAfter = exports.getPurposeStatusCode = exports.evaluatePurpose = exports.getDefaultEnforcementProfile = exports.isEnforcementProfileId = exports.getEnforcementProfile = exports.DEFAULT_ENFORCEMENT_PROFILE = exports.ENFORCEMENT_PROFILE_IDS = exports.ENFORCEMENT_PROFILES = exports.OPEN_PROFILE = exports.BALANCED_PROFILE = exports.STRICT_PROFILE = exports.getPurposeDecisionStatusCode = void 0;
-// Types
-var types_1 = require("./types");
-Object.defineProperty(exports, "POLICY_VERSION", { enumerable: true, get: function () { return types_1.POLICY_VERSION; } });
-Object.defineProperty(exports, "parseRateLimit", { enumerable: true, get: function () { return types_1.parseRateLimit; } });
-Object.defineProperty(exports, "formatRateLimit", { enumerable: true, get: function () { return types_1.formatRateLimit; } });
-// Schemas for advanced validation
-Object.defineProperty(exports, "SubjectMatcherSchema", { enumerable: true, get: function () { return types_1.SubjectMatcherSchema; } });
-Object.defineProperty(exports, "PolicyRuleSchema", { enumerable: true, get: function () { return types_1.PolicyRuleSchema; } });
-Object.defineProperty(exports, "PolicyDefaultsSchema", { enumerable: true, get: function () { return types_1.PolicyDefaultsSchema; } });
-Object.defineProperty(exports, "PolicyDocumentSchema", { enumerable: true, get: function () { return types_1.PolicyDocumentSchema; } });
-Object.defineProperty(exports, "RateLimitConfigSchema", { enumerable: true, get: function () { return types_1.RateLimitConfigSchema; } });
-Object.defineProperty(exports, "DecisionRequirementsSchema", { enumerable: true, get: function () { return types_1.DecisionRequirementsSchema; } });
-Object.defineProperty(exports, "ProfileParameterSchema", { enumerable: true, get: function () { return types_1.ProfileParameterSchema; } });
-Object.defineProperty(exports, "ProfileDefinitionSchema", { enumerable: true, get: function () { return types_1.ProfileDefinitionSchema; } });
-Object.defineProperty(exports, "PolicyConstraintsSchema", { enumerable: true, get: function () { return types_1.PolicyConstraintsSchema; } });
-Object.defineProperty(exports, "EnforcementProfileSchema", { enumerable: true, get: function () { return types_1.EnforcementProfileSchema; } });
-// Loader
-var loader_1 = require("./loader");
-Object.defineProperty(exports, "loadPolicy", { enumerable: true, get: function () { return loader_1.loadPolicy; } });
-Object.defineProperty(exports, "parsePolicy", { enumerable: true, get: function () { return loader_1.parsePolicy; } });
-Object.defineProperty(exports, "validatePolicy", { enumerable: true, get: function () { return loader_1.validatePolicy; } });
-Object.defineProperty(exports, "policyFileExists", { enumerable: true, get: function () { return loader_1.policyFileExists; } });
-Object.defineProperty(exports, "createExamplePolicy", { enumerable: true, get: function () { return loader_1.createExamplePolicy; } });
-Object.defineProperty(exports, "serializePolicyYaml", { enumerable: true, get: function () { return loader_1.serializePolicyYaml; } });
-Object.defineProperty(exports, "serializePolicyJson", { enumerable: true, get: function () { return loader_1.serializePolicyJson; } });
-Object.defineProperty(exports, "PolicyLoadError", { enumerable: true, get: function () { return loader_1.PolicyLoadError; } });
-Object.defineProperty(exports, "PolicyValidationError", { enumerable: true, get: function () { return loader_1.PolicyValidationError; } });
-// Evaluation
-var evaluate_1 = require("./evaluate");
-Object.defineProperty(exports, "evaluate", { enumerable: true, get: function () { return evaluate_1.evaluate; } });
-Object.defineProperty(exports, "explainMatches", { enumerable: true, get: function () { return evaluate_1.explainMatches; } });
-Object.defineProperty(exports, "findEffectiveRule", { enumerable: true, get: function () { return evaluate_1.findEffectiveRule; } });
-Object.defineProperty(exports, "isAllowed", { enumerable: true, get: function () { return evaluate_1.isAllowed; } });
-Object.defineProperty(exports, "isDenied", { enumerable: true, get: function () { return evaluate_1.isDenied; } });
-Object.defineProperty(exports, "requiresReview", { enumerable: true, get: function () { return evaluate_1.requiresReview; } });
-Object.defineProperty(exports, "evaluateBatch", { enumerable: true, get: function () { return evaluate_1.evaluateBatch; } });
-// Compiler (artifact generation)
-var compiler_1 = require("./compiler");
-Object.defineProperty(exports, "PEAC_PROTOCOL_VERSION", { enumerable: true, get: function () { return compiler_1.PEAC_PROTOCOL_VERSION; } });
-Object.defineProperty(exports, "compilePeacTxt", { enumerable: true, get: function () { return compiler_1.compilePeacTxt; } });
-Object.defineProperty(exports, "compileRobotsSnippet", { enumerable: true, get: function () { return compiler_1.compileRobotsSnippet; } });
-Object.defineProperty(exports, "compileAiprefTemplates", { enumerable: true, get: function () { return compiler_1.compileAiprefTemplates; } });
-Object.defineProperty(exports, "renderPolicyMarkdown", { enumerable: true, get: function () { return compiler_1.renderPolicyMarkdown; } });
-// Generated profiles (v0.9.23+)
-var profiles_1 = require("./generated/profiles");
-Object.defineProperty(exports, "PROFILES", { enumerable: true, get: function () { return profiles_1.PROFILES; } });
-Object.defineProperty(exports, "PROFILE_IDS", { enumerable: true, get: function () { return profiles_1.PROFILE_IDS; } });
-// Profile loader API (v0.9.23+)
-var profiles_2 = require("./profiles");
-Object.defineProperty(exports, "listProfiles", { enumerable: true, get: function () { return profiles_2.listProfiles; } });
-Object.defineProperty(exports, "hasProfile", { enumerable: true, get: function () { return profiles_2.hasProfile; } });
-Object.defineProperty(exports, "loadProfile", { enumerable: true, get: function () { return profiles_2.loadProfile; } });
-Object.defineProperty(exports, "getProfile", { enumerable: true, get: function () { return profiles_2.getProfile; } });
-Object.defineProperty(exports, "validateProfileParams", { enumerable: true, get: function () { return profiles_2.validateProfileParams; } });
-Object.defineProperty(exports, "customizeProfile", { enumerable: true, get: function () { return profiles_2.customizeProfile; } });
-Object.defineProperty(exports, "getAllProfiles", { enumerable: true, get: function () { return profiles_2.getAllProfiles; } });
-Object.defineProperty(exports, "getProfileSummary", { enumerable: true, get: function () { return profiles_2.getProfileSummary; } });
-Object.defineProperty(exports, "ProfileError", { enumerable: true, get: function () { return profiles_2.ProfileError; } });
-// Decision enforcement (v0.9.23+)
-var enforce_1 = require("./enforce");
-Object.defineProperty(exports, "enforceDecision", { enumerable: true, get: function () { return enforce_1.enforceDecision; } });
-Object.defineProperty(exports, "requiresChallenge", { enumerable: true, get: function () { return enforce_1.requiresChallenge; } });
-Object.defineProperty(exports, "getChallengeHeader", { enumerable: true, get: function () { return enforce_1.getChallengeHeader; } });
-Object.defineProperty(exports, "enforceForHttp", { enumerable: true, get: function () { return enforce_1.enforceForHttp; } });
-// Purpose-specific enforcement (v0.9.24+)
-// These functions NEVER return 402 - that is reserved for payment/receipts
-Object.defineProperty(exports, "enforcePurposeDecision", { enumerable: true, get: function () { return enforce_1.enforcePurposeDecision; } });
-Object.defineProperty(exports, "getPurposeDecisionStatusCode", { enumerable: true, get: function () { return enforce_1.getPurposeDecisionStatusCode; } });
-// Enforcement profiles (v0.9.24+)
-var enforcement_profiles_1 = require("./enforcement-profiles");
-// Profile definitions
-Object.defineProperty(exports, "STRICT_PROFILE", { enumerable: true, get: function () { return enforcement_profiles_1.STRICT_PROFILE; } });
-Object.defineProperty(exports, "BALANCED_PROFILE", { enumerable: true, get: function () { return enforcement_profiles_1.BALANCED_PROFILE; } });
-Object.defineProperty(exports, "OPEN_PROFILE", { enumerable: true, get: function () { return enforcement_profiles_1.OPEN_PROFILE; } });
-Object.defineProperty(exports, "ENFORCEMENT_PROFILES", { enumerable: true, get: function () { return enforcement_profiles_1.ENFORCEMENT_PROFILES; } });
-Object.defineProperty(exports, "ENFORCEMENT_PROFILE_IDS", { enumerable: true, get: function () { return enforcement_profiles_1.ENFORCEMENT_PROFILE_IDS; } });
-Object.defineProperty(exports, "DEFAULT_ENFORCEMENT_PROFILE", { enumerable: true, get: function () { return enforcement_profiles_1.DEFAULT_ENFORCEMENT_PROFILE; } });
-// Profile lookup
-Object.defineProperty(exports, "getEnforcementProfile", { enumerable: true, get: function () { return enforcement_profiles_1.getEnforcementProfile; } });
-Object.defineProperty(exports, "isEnforcementProfileId", { enumerable: true, get: function () { return enforcement_profiles_1.isEnforcementProfileId; } });
-Object.defineProperty(exports, "getDefaultEnforcementProfile", { enumerable: true, get: function () { return enforcement_profiles_1.getDefaultEnforcementProfile; } });
-// Purpose evaluation
-Object.defineProperty(exports, "evaluatePurpose", { enumerable: true, get: function () { return enforcement_profiles_1.evaluatePurpose; } });
-Object.defineProperty(exports, "getPurposeStatusCode", { enumerable: true, get: function () { return enforcement_profiles_1.getPurposeStatusCode; } });
-Object.defineProperty(exports, "getRetryAfter", { enumerable: true, get: function () { return enforcement_profiles_1.getRetryAfter; } });
-//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;;;;AAEH,QAAQ;AACR,iCAqCiB;AApCf,uGAAA,cAAc,OAAA;AAad,uGAAA,cAAc,OAAA;AACd,wGAAA,eAAe,OAAA;AAWf,kCAAkC;AAClC,6GAAA,oBAAoB,OAAA;AACpB,yGAAA,gBAAgB,OAAA;AAChB,6GAAA,oBAAoB,OAAA;AACpB,6GAAA,oBAAoB,OAAA;AACpB,8GAAA,qBAAqB,OAAA;AACrB,mHAAA,0BAA0B,OAAA;AAC1B,+GAAA,sBAAsB,OAAA;AACtB,gHAAA,uBAAuB,OAAA;AACvB,gHAAA,uBAAuB,OAAA;AACvB,iHAAA,wBAAwB,OAAA;AAG1B,SAAS;AACT,mCAUkB;AAThB,oGAAA,UAAU,OAAA;AACV,qGAAA,WAAW,OAAA;AACX,wGAAA,cAAc,OAAA;AACd,0GAAA,gBAAgB,OAAA;AAChB,6GAAA,mBAAmB,OAAA;AACnB,6GAAA,mBAAmB,OAAA;AACnB,6GAAA,mBAAmB,OAAA;AACnB,yGAAA,eAAe,OAAA;AACf,+GAAA,qBAAqB,OAAA;AAGvB,aAAa;AACb,uCAQoB;AAPlB,oGAAA,QAAQ,OAAA;AACR,0GAAA,cAAc,OAAA;AACd,6GAAA,iBAAiB,OAAA;AACjB,qGAAA,SAAS,OAAA;AACT,oGAAA,QAAQ,OAAA;AACR,0GAAA,cAAc,OAAA;AACd,yGAAA,aAAa,OAAA;AAGf,iCAAiC;AACjC,uCAQoB;AAPlB,iHAAA,qBAAqB,OAAA;AACrB,0GAAA,cAAc,OAAA;AACd,gHAAA,oBAAoB,OAAA;AACpB,kHAAA,sBAAsB,OAAA;AACtB,gHAAA,oBAAoB,OAAA;AAKtB,gCAAgC;AAChC,iDAA6E;AAApE,oGAAA,QAAQ,OAAA;AAAE,uGAAA,WAAW,OAAA;AAE9B,gCAAgC;AAChC,uCAcoB;AAblB,wGAAA,YAAY,OAAA;AACZ,sGAAA,UAAU,OAAA;AACV,uGAAA,WAAW,OAAA;AACX,sGAAA,UAAU,OAAA;AACV,iHAAA,qBAAqB,OAAA;AACrB,4GAAA,gBAAgB,OAAA;AAChB,0GAAA,cAAc,OAAA;AACd,6GAAA,iBAAiB,OAAA;AACjB,wGAAA,YAAY,OAAA;AAOd,kCAAkC;AAClC,qCAamB;AAZjB,0GAAA,eAAe,OAAA;AACf,4GAAA,iBAAiB,OAAA;AACjB,6GAAA,kBAAkB,OAAA;AAClB,yGAAA,cAAc,OAAA;AAGd,0CAA0C;AAC1C,2EAA2E;AAC3E,iHAAA,sBAAsB,OAAA;AACtB,uHAAA,4BAA4B,OAAA;AAK9B,kCAAkC;AAClC,+DAiBgC;AAhB9B,sBAAsB;AACtB,sHAAA,cAAc,OAAA;AACd,wHAAA,gBAAgB,OAAA;AAChB,oHAAA,YAAY,OAAA;AACZ,4HAAA,oBAAoB,OAAA;AACpB,+HAAA,uBAAuB,OAAA;AACvB,mIAAA,2BAA2B,OAAA;AAC3B,iBAAiB;AACjB,6HAAA,qBAAqB,OAAA;AACrB,8HAAA,sBAAsB,OAAA;AACtB,oIAAA,4BAA4B,OAAA;AAC5B,qBAAqB;AACrB,uHAAA,eAAe,OAAA;AACf,4HAAA,oBAAoB,OAAA;AACpB,qHAAA,aAAa,OAAA"}