@peac/policy-kit 0.9.18

package/README.md

@@ -0,0 +1,23 @@
+# @peac/policy-kit
+
+PEAC Policy Kit - deterministic policy evaluation for CAL semantics
+
+## Installation
+
+```bash
+pnpm add @peac/policy-kit
+```
+
+## Documentation
+
+See [peacprotocol.org](https://peacprotocol.org) for full documentation.
+
+## License
+
+Apache-2.0
+
+---
+
+PEAC Protocol is an open source project stewarded by Originary and community contributors.
+
+[Originary](https://www.originary.xyz) | [Docs](https://peacprotocol.org) | [GitHub](https://github.com/peacprotocol/peac)

package/dist/compiler.d.ts

@@ -0,0 +1,111 @@
+/**
+ * PEAC Policy Kit Compiler
+ *
+ * Compiles policy documents to deployment artifacts:
+ * - peac.txt (PEAC discovery file - canonical schema)
+ * - robots.txt snippet for AI crawlers
+ * - AIPREF header templates (compatibility output)
+ * - Human-readable markdown summary
+ *
+ * All outputs are deterministic (stable ordering where semantically safe).
+ * Rule order is preserved where it affects semantics (first-match-wins).
+ *
+ * @packageDocumentation
+ */
+import { PolicyDocument } from './types';
+/**
+ * Default PEAC protocol version for generated peac.txt
+ *
+ * Uses major.minor format (e.g., "0.9") by default. Pass a full version
+ * (e.g., "0.9.17") via peacVersion option if needed.
+ *
+ * This matches the wire format version from @peac/kernel.
+ */
+export declare const PEAC_PROTOCOL_VERSION: "0.9";
+/**
+ * Options for compilation
+ */
+export interface CompileOptions {
+    /** Base URL for the site (used in peac.txt) */
+    siteUrl?: string;
+    /** Contact email for policy questions */
+    contact?: string;
+    /** Include comments in output */
+    includeComments?: boolean;
+    /**
+     * PEAC protocol version for peac.txt (default: 0.9)
+     * Use major.minor (0.9) or full version (0.9.17) as needed.
+     */
+    peacVersion?: string;
+    /** Attribution requirement: required, optional, or none */
+    attribution?: 'required' | 'optional' | 'none';
+    /**
+     * Receipts requirement: required, optional, or omit (don't include field)
+     * Default: 'required' for conditional usage, 'optional' for open usage
+     */
+    receipts?: 'required' | 'optional' | 'omit';
+    /** Rate limit string (e.g., "100/hour", "unlimited") */
+    rateLimit?: string;
+    /** Negotiate endpoint URL */
+    negotiateUrl?: string;
+}
+/**
+ * AIPREF header template
+ */
+export interface AiprefTemplate {
+    /** Header name */
+    header: string;
+    /** Header value */
+    value: string;
+    /** Description of when to use */
+    description: string;
+}
+/**
+ * Compile policy to peac.txt format (canonical schema)
+ *
+ * Generates a PEAC discovery file that can be served at:
+ * - /.well-known/peac.txt (primary)
+ * - /peac.txt (fallback)
+ *
+ * Output uses canonical PEAC schema with `version` and `usage` fields.
+ * Rule order is preserved in comments (first-match-wins semantics).
+ *
+ * @param policy - Policy document
+ * @param options - Compilation options
+ * @returns peac.txt content (YAML format)
+ */
+export declare function compilePeacTxt(policy: PolicyDocument, options?: CompileOptions): string;
+/**
+ * Compile policy to robots.txt snippet for AI crawlers
+ *
+ * Generates User-agent blocks for known AI crawlers based on policy.
+ * Conservative: if default is deny or review, disallows crawling.
+ *
+ * @param policy - Policy document
+ * @param options - Compilation options
+ * @returns robots.txt snippet content
+ */
+export declare function compileRobotsSnippet(policy: PolicyDocument, options?: CompileOptions): string;
+/**
+ * Compile policy to AIPREF header templates
+ *
+ * Generates header values for HTTP responses.
+ * These are COMPATIBILITY templates, not normative PEAC headers.
+ * The authoritative policy is always peac.txt.
+ *
+ * @param policy - Policy document
+ * @param options - Compilation options
+ * @returns Array of header templates
+ */
+export declare function compileAiprefTemplates(policy: PolicyDocument, options?: CompileOptions): AiprefTemplate[];
+/**
+ * Render policy as human-readable markdown
+ *
+ * Generates an ai-policy.md file for documentation.
+ *
+ * @param policy - Policy document
+ * @param options - Compilation options
+ * @returns Markdown content
+ */
+export declare function renderPolicyMarkdown(policy: PolicyDocument, options?: CompileOptions): string;
+//# sourceMappingURL=compiler.d.ts.map

package/dist/compiler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"compiler.d.ts","sourceRoot":"","sources":["../src/compiler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,cAAc,EAAkC,MAAM,SAAS,CAAC;AAEzE;;;;;;;GAOG;AACH,eAAO,MAAM,qBAAqB,EAAG,KAAc,CAAC;AAEpD;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,+CAA+C;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yCAAyC;IACzC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,iCAAiC;IACjC,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,2DAA2D;IAC3D,WAAW,CAAC,EAAE,UAAU,GAAG,UAAU,GAAG,MAAM,CAAC;IAC/C;;;OAGG;IACH,QAAQ,CAAC,EAAE,UAAU,GAAG,UAAU,GAAG,MAAM,CAAC;IAC5C,wDAAwD;IACxD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,6BAA6B;IAC7B,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,kBAAkB;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,mBAAmB;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,iCAAiC;IACjC,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,GAAE,cAAmB,GAAG,MAAM,CAmE3F;AAED;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,GAAE,cAAmB,GAAG,MAAM,CA+CjG;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,cAAc,EACtB,OAAO,GAAE,cAAmB,GAC3B,cAAc,EAAE,CA8BlB;AAED;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,GAAE,cAAmB,GAAG,MAAM,CA2FjG"}

package/dist/compiler.js

@@ -0,0 +1,304 @@
+"use strict";
+/**
+ * PEAC Policy Kit Compiler
+ *
+ * Compiles policy documents to deployment artifacts:
+ * - peac.txt (PEAC discovery file - canonical schema)
+ * - robots.txt snippet for AI crawlers
+ * - AIPREF header templates (compatibility output)
+ * - Human-readable markdown summary
+ *
+ * All outputs are deterministic (stable ordering where semantically safe).
+ * Rule order is preserved where it affects semantics (first-match-wins).
+ *
+ * @packageDocumentation
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PEAC_PROTOCOL_VERSION = void 0;
+exports.compilePeacTxt = compilePeacTxt;
+exports.compileRobotsSnippet = compileRobotsSnippet;
+exports.compileAiprefTemplates = compileAiprefTemplates;
+exports.renderPolicyMarkdown = renderPolicyMarkdown;
+/**
+ * Default PEAC protocol version for generated peac.txt
+ *
+ * Uses major.minor format (e.g., "0.9") by default. Pass a full version
+ * (e.g., "0.9.17") via peacVersion option if needed.
+ *
+ * This matches the wire format version from @peac/kernel.
+ */
+exports.PEAC_PROTOCOL_VERSION = '0.9';
+/**
+ * Compile policy to peac.txt format (canonical schema)
+ *
+ * Generates a PEAC discovery file that can be served at:
+ * - /.well-known/peac.txt (primary)
+ * - /peac.txt (fallback)
+ *
+ * Output uses canonical PEAC schema with `version` and `usage` fields.
+ * Rule order is preserved in comments (first-match-wins semantics).
+ *
+ * @param policy - Policy document
+ * @param options - Compilation options
+ * @returns peac.txt content (YAML format)
+ */
+function compilePeacTxt(policy, options = {}) {
+    const lines = [];
+    const { includeComments = true, peacVersion = exports.PEAC_PROTOCOL_VERSION } = options;
+    if (includeComments) {
+        lines.push('# PEAC Policy Discovery File');
+        lines.push(`# Generated from: ${policy.name || 'peac-policy.yaml'}`);
+        lines.push('#');
+        lines.push('# Serve at: /.well-known/peac.txt');
+        lines.push('# See: https://peacprotocol.org');
+        lines.push('');
+    }
+    // PEAC protocol version (canonical field)
+    lines.push(`version: ${peacVersion}`);
+    // Usage: open (allow default) or conditional (deny/review default)
+    const usage = policy.defaults.decision === 'allow' ? 'open' : 'conditional';
+    lines.push(`usage: ${usage}`);
+    lines.push('');
+    // List purposes covered by rules (sorted for determinism - safe because informational)
+    const purposes = extractPurposes(policy);
+    if (purposes.length > 0) {
+        lines.push(`purposes: [${purposes.join(', ')}]`);
+    }
+    // Attribution if specified
+    if (options.attribution && options.attribution !== 'none') {
+        lines.push(`attribution: ${options.attribution}`);
+    }
+    // Receipts: configurable, with sensible defaults based on usage
+    // - conditional: defaults to 'required' (explicit receipt needed)
+    // - open: defaults to 'optional' (receipt accepted but not required)
+    const receiptsDefault = usage === 'conditional' ? 'required' : 'optional';
+    const receiptsValue = options.receipts ?? receiptsDefault;
+    if (receiptsValue !== 'omit') {
+        lines.push(`receipts: ${receiptsValue}`);
+    }
+    // Rate limit (applies to both open and conditional)
+    if (options.rateLimit) {
+        lines.push(`rate_limit: ${options.rateLimit}`);
+    }
+    // Negotiate endpoint (typically for conditional access)
+    if (options.negotiateUrl) {
+        lines.push(`negotiate: ${options.negotiateUrl}`);
+    }
+    // Contact if provided
+    if (options.contact) {
+        lines.push(`contact: ${options.contact}`);
+    }
+    // Show rule summary in comments (preserve author order - semantically significant)
+    if (policy.rules.length > 0 && includeComments) {
+        lines.push('');
+        lines.push('# Policy rules (first-match-wins, author order preserved):');
+        lines.push(`# Source: ${policy.name || 'peac-policy.yaml'} (${policy.rules.length} rules)`);
+        for (const rule of policy.rules) {
+            lines.push(`#   ${rule.name}: ${rule.decision}`);
+        }
+    }
+    return lines.join('\n') + '\n';
+}
+/**
+ * Compile policy to robots.txt snippet for AI crawlers
+ *
+ * Generates User-agent blocks for known AI crawlers based on policy.
+ * Conservative: if default is deny or review, disallows crawling.
+ *
+ * @param policy - Policy document
+ * @param options - Compilation options
+ * @returns robots.txt snippet content
+ */
+function compileRobotsSnippet(policy, options = {}) {
+    const lines = [];
+    const { includeComments = true } = options;
+    // Known AI crawler user agents (sorted for determinism)
+    const aiCrawlers = [
+        'Anthropic-AI',
+        'CCBot',
+        'ChatGPT-User',
+        'Claude-Web',
+        'Cohere-AI',
+        'GPTBot',
+        'Google-Extended',
+        'Meta-ExternalAgent',
+        'Meta-ExternalFetcher',
+        'PerplexityBot',
+        'anthropic-ai',
+        'cohere-ai',
+    ];
+    if (includeComments) {
+        lines.push('# AI Crawler Directives');
+        lines.push(`# Generated from PEAC policy: ${policy.name || 'peac-policy.yaml'}`);
+        lines.push('#');
+        lines.push('# SNIPPET - Review before adding to your robots.txt');
+        lines.push(`# Default policy: ${policy.defaults.decision}`);
+        lines.push('');
+    }
+    // Conservative approach: only allow if default is explicitly 'allow'
+    // If default is 'deny' or 'review', disallow and require PEAC receipt
+    const isDefaultAllow = policy.defaults.decision === 'allow';
+    for (const crawler of aiCrawlers) {
+        lines.push(`User-agent: ${crawler}`);
+        if (isDefaultAllow) {
+            lines.push('Allow: /');
+        }
+        else {
+            lines.push('Disallow: /');
+            if (includeComments) {
+                lines.push('# Requires PEAC receipt for access');
+            }
+        }
+        lines.push('');
+    }
+    return lines.join('\n');
+}
+/**
+ * Compile policy to AIPREF header templates
+ *
+ * Generates header values for HTTP responses.
+ * These are COMPATIBILITY templates, not normative PEAC headers.
+ * The authoritative policy is always peac.txt.
+ *
+ * @param policy - Policy document
+ * @param options - Compilation options
+ * @returns Array of header templates
+ */
+function compileAiprefTemplates(policy, options = {}) {
+    const templates = [];
+    const { peacVersion = exports.PEAC_PROTOCOL_VERSION } = options;
+    const usage = policy.defaults.decision === 'allow' ? 'open' : 'conditional';
+    // PEAC-Policy header (debug/compatibility - see peac.txt for authoritative policy)
+    templates.push({
+        header: 'PEAC-Policy',
+        value: `version=${peacVersion}; usage=${usage}; rules=${policy.rules.length}`,
+        description: 'Debug/compatibility header - see peac.txt for authoritative policy',
+    });
+    // X-Robots-Tag for AI (compatibility, widely supported)
+    if (policy.defaults.decision === 'deny') {
+        templates.push({
+            header: 'X-Robots-Tag',
+            value: 'noai, noimageai',
+            description: 'Compatibility header: signal no AI training (default deny policy)',
+        });
+    }
+    // Note about AIPREF-style headers
+    templates.push({
+        header: '# Compatibility Note',
+        value: 'See /.well-known/peac.txt for authoritative policy',
+        description: 'These headers are for compatibility only. AIPREF-style X-AI-* headers are not generated to avoid contradictions with conditional rules.',
+    });
+    return templates;
+}
+/**
+ * Render policy as human-readable markdown
+ *
+ * Generates an ai-policy.md file for documentation.
+ *
+ * @param policy - Policy document
+ * @param options - Compilation options
+ * @returns Markdown content
+ */
+function renderPolicyMarkdown(policy, options = {}) {
+    const lines = [];
+    // Header
+    lines.push(`# ${policy.name || 'AI Access Policy'}`);
+    lines.push('');
+    lines.push(`> Generated from PEAC policy (${policy.version})`);
+    lines.push('');
+    // Summary
+    lines.push('## Summary');
+    lines.push('');
+    lines.push(`- **Default Decision:** ${policy.defaults.decision}`);
+    if (policy.defaults.reason) {
+        lines.push(`- **Default Reason:** ${policy.defaults.reason}`);
+    }
+    lines.push(`- **Total Rules:** ${policy.rules.length}`);
+    lines.push('');
+    // Contact
+    if (options.contact) {
+        lines.push(`For questions about this policy, contact: ${options.contact}`);
+        lines.push('');
+    }
+    // How it works
+    lines.push('## How This Policy Works');
+    lines.push('');
+    lines.push('This policy uses **first-match-wins** semantics (like firewall rules). When an AI agent requests access:');
+    lines.push('');
+    lines.push('1. Rules are evaluated in order');
+    lines.push('2. The first matching rule determines the decision');
+    lines.push('3. If no rule matches, the default decision applies');
+    lines.push('');
+    // Rules (preserve author order - first-match-wins semantics are order-dependent)
+    if (policy.rules.length > 0) {
+        lines.push('## Rules');
+        lines.push('');
+        lines.push('> Rules are evaluated in order. The first matching rule wins.');
+        lines.push('');
+        for (const rule of policy.rules) {
+            lines.push(`### ${rule.name}`);
+            lines.push('');
+            lines.push(`- **Decision:** ${rule.decision}`);
+            if (rule.reason) {
+                lines.push(`- **Reason:** ${rule.reason}`);
+            }
+            if (rule.subject) {
+                const subjectParts = [];
+                if (rule.subject.type) {
+                    const types = Array.isArray(rule.subject.type)
+                        ? rule.subject.type.join(', ')
+                        : rule.subject.type;
+                    subjectParts.push(`type: ${types}`);
+                }
+                if (rule.subject.labels) {
+                    subjectParts.push(`labels: ${rule.subject.labels.join(', ')}`);
+                }
+                if (rule.subject.id) {
+                    subjectParts.push(`id: ${rule.subject.id}`);
+                }
+                if (subjectParts.length > 0) {
+                    lines.push(`- **Subject:** ${subjectParts.join('; ')}`);
+                }
+            }
+            if (rule.purpose) {
+                const purposes = Array.isArray(rule.purpose) ? rule.purpose.join(', ') : rule.purpose;
+                lines.push(`- **Purpose:** ${purposes}`);
+            }
+            if (rule.licensing_mode) {
+                const modes = Array.isArray(rule.licensing_mode)
+                    ? rule.licensing_mode.join(', ')
+                    : rule.licensing_mode;
+                lines.push(`- **Licensing Mode:** ${modes}`);
+            }
+            lines.push('');
+        }
+    }
+    // Footer
+    lines.push('---');
+    lines.push('');
+    lines.push('*This policy is enforced via the PEAC Protocol. See [peacprotocol.org](https://peacprotocol.org) for more information.*');
+    lines.push('');
+    return lines.join('\n');
+}
+// --- Helper functions ---
+/**
+ * Extract all unique purposes from policy rules (sorted for determinism)
+ */
+function extractPurposes(policy) {
+    const purposes = new Set();
+    for (const rule of policy.rules) {
+        if (rule.purpose) {
+            if (Array.isArray(rule.purpose)) {
+                for (const p of rule.purpose) {
+                    purposes.add(p);
+                }
+            }
+            else {
+                purposes.add(rule.purpose);
+            }
+        }
+    }
+    // Sort for deterministic output
+    return Array.from(purposes).sort();
+}
+//# sourceMappingURL=compiler.js.map

package/dist/compiler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"compiler.js","sourceRoot":"","sources":["../src/compiler.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;AAoEH,wCAmEC;AAYD,oDA+CC;AAaD,wDAiCC;AAWD,oDA2FC;AAlVD;;;;;;;GAOG;AACU,QAAA,qBAAqB,GAAG,KAAc,CAAC;AA0CpD;;;;;;;;;;;;;GAaG;AACH,SAAgB,cAAc,CAAC,MAAsB,EAAE,UAA0B,EAAE;IACjF,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,EAAE,eAAe,GAAG,IAAI,EAAE,WAAW,GAAG,6BAAqB,EAAE,GAAG,OAAO,CAAC;IAEhF,IAAI,eAAe,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC3C,KAAK,CAAC,IAAI,CAAC,qBAAqB,MAAM,CAAC,IAAI,IAAI,kBAAkB,EAAE,CAAC,CAAC;QACrE,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChB,KAAK,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QAC9C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,IAAI,CAAC,YAAY,WAAW,EAAE,CAAC,CAAC;IAEtC,mEAAmE;IACnE,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC;IAC5E,KAAK,CAAC,IAAI,CAAC,UAAU,KAAK,EAAE,CAAC,CAAC;IAC9B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,uFAAuF;IACvF,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACzC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,KAAK,CAAC,IAAI,CAAC,cAAc,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACnD,CAAC;IAED,2BAA2B;IAC3B,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,KAAK,MAAM,EAAE,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,gBAAgB,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,gEAAgE;IAChE,kEAAkE;IAClE,qEAAqE;IACrE,MAAM,eAAe,GAAG,KAAK,KAAK,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC;IAC1E,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,IAAI,eAAe,CAAC;IAC1D,IAAI,aAAa,KAAK,MAAM,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,aAAa,aAAa,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,oDAAoD;IACpD,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,eAAe,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,wDAAwD;IACxD,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,cAAc,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,sBAAsB;IACtB,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,YAAY,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,mFAAmF;IACnF,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,eAAe,EAAE,CAAC;QAC/C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;QACzE,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,IAAI,IAAI,kBAAkB,KAAK,MAAM,CAAC,KAAK,CAAC,MAAM,SAAS,CAAC,CAAC;QAC5F,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AACjC,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,oBAAoB,CAAC,MAAsB,EAAE,UAA0B,EAAE;IACvF,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,EAAE,eAAe,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAE3C,wDAAwD;IACxD,MAAM,UAAU,GAAG;QACjB,cAAc;QACd,OAAO;QACP,cAAc;QACd,YAAY;QACZ,WAAW;QACX,QAAQ;QACR,iBAAiB;QACjB,oBAAoB;QACpB,sBAAsB;QACtB,eAAe;QACf,cAAc;QACd,WAAW;KACZ,CAAC;IAEF,IAAI,eAAe,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACtC,KAAK,CAAC,IAAI,CAAC,iCAAiC,MAAM,CAAC,IAAI,IAAI,kBAAkB,EAAE,CAAC,CAAC;QACjF,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChB,KAAK,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;QAClE,KAAK,CAAC,IAAI,CAAC,qBAAqB,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,qEAAqE;IACrE,sEAAsE;IACtE,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,OAAO,CAAC;IAE5D,KAAK,MAAM,OAAO,IAAI,UAAU,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,eAAe,OAAO,EAAE,CAAC,CAAC;QACrC,IAAI,cAAc,EAAE,CAAC;YACnB,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAC1B,IAAI,eAAe,EAAE,CAAC;gBACpB,KAAK,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,sBAAsB,CACpC,MAAsB,EACtB,UAA0B,EAAE;IAE5B,MAAM,SAAS,GAAqB,EAAE,CAAC;IACvC,MAAM,EAAE,WAAW,GAAG,6BAAqB,EAAE,GAAG,OAAO,CAAC;IACxD,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC;IAE5E,mFAAmF;IACnF,SAAS,CAAC,IAAI,CAAC;QACb,MAAM,EAAE,aAAa;QACrB,KAAK,EAAE,WAAW,WAAW,WAAW,KAAK,WAAW,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE;QAC7E,WAAW,EAAE,oEAAoE;KAClF,CAAC,CAAC;IAEH,wDAAwD;IACxD,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxC,SAAS,CAAC,IAAI,CAAC;YACb,MAAM,EAAE,cAAc;YACtB,KAAK,EAAE,iBAAiB;YACxB,WAAW,EAAE,mEAAmE;SACjF,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAClC,SAAS,CAAC,IAAI,CAAC;QACb,MAAM,EAAE,sBAAsB;QAC9B,KAAK,EAAE,oDAAoD;QAC3D,WAAW,EACT,yIAAyI;KAC5I,CAAC,CAAC;IAEH,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,oBAAoB,CAAC,MAAsB,EAAE,UAA0B,EAAE;IACvF,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,SAAS;IACT,KAAK,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC,IAAI,IAAI,kBAAkB,EAAE,CAAC,CAAC;IACrD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,iCAAiC,MAAM,CAAC,OAAO,GAAG,CAAC,CAAC;IAC/D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,UAAU;IACV,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACzB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,2BAA2B,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;IAClE,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,yBAAyB,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAChE,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,sBAAsB,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IACxD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,UAAU;IACV,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,6CAA6C,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3E,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,eAAe;IACf,KAAK,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IACvC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CACR,0GAA0G,CAC3G,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;IAC9C,KAAK,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;IACjE,KAAK,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;IAClE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,iFAAiF;IACjF,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC;QAC5E,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAC/B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACf,KAAK,CAAC,IAAI,CAAC,mBAAmB,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC/C,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,KAAK,CAAC,IAAI,CAAC,iBAAiB,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;YAC7C,CAAC;YACD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,MAAM,YAAY,GAAa,EAAE,CAAC;gBAClC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;oBACtB,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;wBAC5C,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;wBAC9B,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;oBACtB,YAAY,CAAC,IAAI,CAAC,SAAS,KAAK,EAAE,CAAC,CAAC;gBACtC,CAAC;gBACD,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;oBACxB,YAAY,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACjE,CAAC;gBACD,IAAI,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;oBACpB,YAAY,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC9C,CAAC;gBACD,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC5B,KAAK,CAAC,IAAI,CAAC,kBAAkB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC1D,CAAC;YACH,CAAC;YACD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;gBACtF,KAAK,CAAC,IAAI,CAAC,kBAAkB,QAAQ,EAAE,CAAC,CAAC;YAC3C,CAAC;YACD,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACxB,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC;oBAC9C,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;oBAChC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC;gBACxB,KAAK,CAAC,IAAI,CAAC,yBAAyB,KAAK,EAAE,CAAC,CAAC;YAC/C,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,SAAS;IACT,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CACR,yHAAyH,CAC1H,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,2BAA2B;AAE3B;;GAEG;AACH,SAAS,eAAe,CAAC,MAAsB;IAC7C,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE3C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QAChC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;oBAC7B,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;AACrC,CAAC"}

package/dist/evaluate.d.ts

@@ -0,0 +1,84 @@
+/**
+ * PEAC Policy Kit Evaluation
+ *
+ * Deterministic policy evaluation for CAL semantics.
+ * First-match-wins rule semantics.
+ *
+ * @packageDocumentation
+ */
+import { PolicyDocument, PolicyRule, EvaluationContext, EvaluationResult } from './types';
+/**
+ * Evaluate a policy against a context
+ *
+ * Uses first-match-wins semantics:
+ * - Rules are evaluated in order
+ * - First matching rule determines the decision
+ * - If no rule matches, defaults are applied
+ *
+ * @param policy - Policy document
+ * @param context - Evaluation context
+ * @returns Evaluation result
+ */
+export declare function evaluate(policy: PolicyDocument, context: EvaluationContext): EvaluationResult;
+/**
+ * Explain which rules could potentially match a context
+ *
+ * Useful for debugging and policy analysis.
+ * Returns all rules that would match if evaluated, in order.
+ *
+ * @param policy - Policy document
+ * @param context - Evaluation context
+ * @returns Array of rule names that match, or 'default' if none
+ */
+export declare function explainMatches(policy: PolicyDocument, context: EvaluationContext): string[];
+/**
+ * Find the effective rule for a context
+ *
+ * Same as evaluate() but returns the full rule object.
+ *
+ * @param policy - Policy document
+ * @param context - Evaluation context
+ * @returns Matched rule or undefined if default applies
+ */
+export declare function findEffectiveRule(policy: PolicyDocument, context: EvaluationContext): PolicyRule | undefined;
+/**
+ * Check if a policy would allow a given context
+ *
+ * Convenience helper for common allow/deny checks.
+ *
+ * @param policy - Policy document
+ * @param context - Evaluation context
+ * @returns true if decision is 'allow'
+ */
+export declare function isAllowed(policy: PolicyDocument, context: EvaluationContext): boolean;
+/**
+ * Check if a policy would deny a given context
+ *
+ * Convenience helper for common allow/deny checks.
+ *
+ * @param policy - Policy document
+ * @param context - Evaluation context
+ * @returns true if decision is 'deny'
+ */
+export declare function isDenied(policy: PolicyDocument, context: EvaluationContext): boolean;
+/**
+ * Check if a policy requires review for a given context
+ *
+ * Convenience helper for review checks.
+ *
+ * @param policy - Policy document
+ * @param context - Evaluation context
+ * @returns true if decision is 'review'
+ */
+export declare function requiresReview(policy: PolicyDocument, context: EvaluationContext): boolean;
+/**
+ * Batch evaluate multiple contexts against a policy
+ *
+ * Useful for testing or bulk authorization checks.
+ *
+ * @param policy - Policy document
+ * @param contexts - Array of evaluation contexts
+ * @returns Array of evaluation results (same order as contexts)
+ */
+export declare function evaluateBatch(policy: PolicyDocument, contexts: EvaluationContext[]): EvaluationResult[];
+//# sourceMappingURL=evaluate.d.ts.map

package/dist/evaluate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"evaluate.d.ts","sourceRoot":"","sources":["../src/evaluate.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EACL,cAAc,EACd,UAAU,EAEV,iBAAiB,EACjB,gBAAgB,EAIjB,MAAM,SAAS,CAAC;AAmJjB;;;;;;;;;;;GAWG;AACH,wBAAgB,QAAQ,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,iBAAiB,GAAG,gBAAgB,CAmB7F;AAED;;;;;;;;;GASG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,iBAAiB,GAAG,MAAM,EAAE,CAc3F;AAED;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,cAAc,EACtB,OAAO,EAAE,iBAAiB,GACzB,UAAU,GAAG,SAAS,CAOxB;AAED;;;;;;;;GAQG;AACH,wBAAgB,SAAS,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAGrF;AAED;;;;;;;;GAQG;AACH,wBAAgB,QAAQ,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAGpF;AAED;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAG1F;AAED;;;;;;;;GAQG;AACH,wBAAgB,aAAa,CAC3B,MAAM,EAAE,cAAc,EACtB,QAAQ,EAAE,iBAAiB,EAAE,GAC5B,gBAAgB,EAAE,CAEpB"}