@percena/weft 0.4.0-next.3 → 0.4.0-next.5

package/dist/index.d.cts

@@ -1,9 +1,10 @@
-export { AgentCommandSink, AgentEventStream, AgentRuntime, AgentRuntimeKind, AgentRuntimeState, AgentRuntimeStatus, AgentTimelineStream, RuntimeCapabilityReport, RuntimePolicyHook, SessionToolBridge, createRuntimeCapabilityReport, createRuntimeExtensionContext, invokeSessionTool, reduceRuntimeState, sanitizeProviderSourceTools, selectRuntimeCandidate };
-export { PermissionApproval, PermissionPolicy, PermissionScope, PolicyDecisionReceipt, PolicyLayer, PolicyRuleMatch, ToolIntent, ToolPolicyDecision, ToolPolicyRequest, createInMemoryApprovalStore, createPermissionPolicy, createPermissionPolicyFromConfig, createPolicyDecisionReceipt, createSourcePolicyLayer, evaluateToolPolicy, explainToolPolicy, validatePolicyConfig };
-export { AgentSession, UseAgentSessionOptions, useAgentSession } from '@percena/weft-react';
+export { AgentCommandSink, AgentEventStream, AgentRuntime, AgentRuntimeKind, AgentRuntimeState, AgentRuntimeStatus, AgentTimelineStream, SendMessageOptions };
+export { TimelineCursor, TimelineEnvelope, TimelineFetchRequest, TimelineFetchResult, TimelineItem, TimelinePermissionRequest, TimelinePermissionResolution };
+export { AgentSession, UseAgentSessionOptions, useAgentSession } from './chat.cjs';
 export { CreateFlitroEmbedRuntimeOptions, createFlitroEmbedRuntime };
 export { AgentChatPanel, TimelineAgentChatPanel, useAgentChatSession, useTimelineAgentChatSession };
 export { EN_FALLBACK };
+import '@weft/ui';
 
 // ── inlined from @weft/core ──
 // -- @weft/core/index.d.ts --
@@ -3096,277 +3097,6 @@ declare function createRuntimeCapabilityReport(options: CreateRuntimeCapabilityR
 
 export { type AgentCommandSink, type AgentEventStream, type AgentRuntime, type AgentRuntimeKind, type AgentRuntimeOptions, type AgentRuntimeState, type AgentRuntimeStatus, type AgentTimelineStream, type BrowserActionReceipt, type BrowserActionRequest, type CodexPermissionParams, type CommandOrigin, type CommandReceipt, type CreateRuntimeCapabilityReportOptions, type CreateSkillRequest, type CreateSkillResult, type CreateSourceRequest, type CreateSourceResult, type DeleteSkillRequest, type DeleteSkillResult, type DeleteSourceRequest, type DeleteSourceResult, type GetAutomationsConfigRequest, type GetAutomationsConfigResult, type GetSkillRequest, type GetSkillResult, type GetSourceRequest, type GetSourceResult, type InterSessionMessageRequest, type InvokeSessionToolOptions, type ListSchedulesRequest, type ListSchedulesResult, type ListSkillsRequest, type ListSkillsResult, type ListSourcesRequest, type ListSourcesResult, type LlmToolRequest, type LlmToolResult, type ProviderAuthDetection, type ProviderAuthMode, type ProviderSourceCredentialRef, type ProviderSourceToolDescriptor, RUNTIME_KINDS, type RuntimeAction, type RuntimeAuthDetection, type RuntimeAutomationCapabilities, type RuntimeCandidate, type RuntimeCapabilityReport, type RuntimeExtensionCapabilities, type RuntimeExtensionContext, type RuntimeFeatureCapabilities, type RuntimeHostServices, type RuntimeHostToolCapabilities, type RuntimePermissionScope, type RuntimePermissionScopeInput, type RuntimePolicyCapabilities, type RuntimePolicyExtension, type RuntimePolicyHook, type RuntimeSelection, type RuntimeSelectionOptions, type RuntimeSkillCapabilities, type RuntimeSourceCapabilities, type RuntimeToolIntent, type ScheduleSummary, type SendMessageOptions, type SessionListRequest, type SessionListResult, type SessionMetadataPatch, type SessionMetadataSnapshot, type SessionToolBridge, type SessionToolInvocationReceipt, type SessionToolName, type SessionToolRequest, type SessionToolTimelineRef, type SkillSelection, type SkillSummary, type SourceActivationReceipt, type SourceActivationRequest, type SourceAuthReceipt, type SourceAuthRequest, type SourceSelection, type SourceSummary, type SpawnSessionReceipt, type SpawnSessionRequest, type StartScheduleRequest, type StartScheduleResult, type StopScheduleRequest, type StopScheduleResult, type SubmitPlanReceipt, type SubmitPlanRequest, type ToolPolicyDecision, type ToolPolicyRequest, type UpdateAutomationsConfigRequest, type UpdateAutomationsConfigResult, type UpdateSkillRequest, type UpdateSkillResult, type UpdateSourceRequest, type UpdateSourceResult, createRuntimeCapabilityReport, createRuntimeExtensionContext, initialRuntimeState, invokeSessionTool, mapCodexSandboxModeToSandboxPolicy, mapPermissionModeToCodexParams, reduceRuntimeState, sanitizeProviderSourceTools, selectRuntimeCandidate };
 
-// ── inlined from @weft/policy ──
-// -- @weft/policy/index.d.ts --
-
-type ToolPolicyDecision = {
-    decision: 'allow';
-} | {
-    decision: 'ask';
-    reason: string;
-} | {
-    decision: 'deny';
-    reason: string;
-};
-type ToolIntent = {
-    kind: 'bash';
-    command: string;
-    baseCommand: string;
-} | {
-    kind: 'file_write';
-    path: string;
-    toolName: string;
-} | {
-    kind: 'mcp';
-    name: string;
-} | {
-    kind: 'api';
-    method: string;
-    path: string;
-    url?: string;
-} | {
-    kind: 'unknown';
-    toolName: string;
-};
-interface PolicyRuleMatch {
-    layerId: string;
-    ruleType: 'bash-pattern' | 'mcp-pattern' | 'api-endpoint' | 'write-path' | 'blocked-command-hint';
-    pattern: string;
-}
-type ToolPolicyExplanation = ToolPolicyDecision & {
-    intent: ToolIntent;
-    matchedRule?: PolicyRuleMatch;
-    hint?: string;
-    tryInstead?: string[];
-    hintContext?: string;
-};
-/**
- * Policy decision receipt — a full audit record for every allow/ask/deny decision.
- *
- * Required by §11.8.2: each policy decision must produce a machine-readable receipt
- * with requestId, matchedRule, scope, origin, ttl, and explain, plus timelineRef
- * for cross-referencing with the canonical timeline.
- */
-interface PolicyDecisionReceipt {
-    /** Unique request identifier for audit trail */
-    requestId: string;
-    /** The policy decision (allow/ask/deny) */
-    decision: ToolPolicyDecision;
-    /** Full explain output used to derive the receipt */
-    explain: ToolPolicyExplanation;
-    /** The tool intent that was evaluated */
-    intent: ToolIntent;
-    /** Which rule matched (if any) */
-    matchedRule?: PolicyRuleMatch;
-    /** The scope in which the decision applies */
-    scope?: PermissionScopeInput;
-    /** Who or what originated the request */
-    origin?: PermissionApprovalOrigin;
-    /** How long the allow decision is valid (ms since epoch), if applicable */
-    ttl?: number;
-    /** Blocked command hint for deny decisions */
-    hint?: string;
-    /** Timeline envelope references for audit cross-referencing */
-    timelineRefs?: Array<{
-        epoch: string;
-        seq: number;
-    }>;
-}
-interface CreatePolicyDecisionReceiptOptions {
-    requestId: string;
-    policy: PermissionPolicy;
-    request: ToolPolicyRequest;
-    origin?: PermissionApprovalOrigin;
-    ttl?: number;
-    timelineRefs?: Array<{
-        epoch: string;
-        seq: number;
-    }>;
-}
-type PermissionScope = {
-    type: 'session';
-    sessionId: string;
-} | {
-    type: 'workspace';
-    workspaceId: string;
-} | {
-    type: 'source';
-    sourceSlug: string;
-} | {
-    type: 'skill';
-    skillSlug: string;
-} | {
-    type: 'automation';
-    automationId: string;
-} | {
-    type: 'tool-call';
-    callId: string;
-};
-type PermissionScopeInput = string | PermissionScope;
-type PermissionApprovalOrigin = {
-    type: 'user';
-    id?: string;
-} | {
-    type: 'automation';
-    id: string;
-} | {
-    type: 'system';
-    id?: string;
-};
-interface AlwaysAllowRule {
-    toolName: string;
-    scope?: PermissionScopeInput;
-}
-interface ApiEndpointRule {
-    method: string;
-    pattern: string;
-}
-interface BlockedCommandHintRule {
-    command: string;
-    reason: string;
-    whenNotMatching?: string;
-    tryInstead?: string[];
-    context?: string;
-}
-interface PolicyRuleSet {
-    allowedBashPatterns?: string[];
-    allowedMcpPatterns?: string[];
-    allowedApiEndpoints?: ApiEndpointRule[];
-    allowedWritePaths?: string[];
-    blockedCommandHints?: BlockedCommandHintRule[];
-}
-interface PolicyLayer {
-    id: string;
-    rules: PolicyRuleSet;
-    scope?: PermissionScopeInput;
-}
-interface PermissionApproval {
-    id: string;
-    toolName: string;
-    scope: PermissionScope;
-    origin: PermissionApprovalOrigin;
-    createdAt?: number;
-    expiresAt?: number;
-}
-interface PermissionApprovalStore {
-    remember(approval: PermissionApproval): void;
-    revoke(id: string): void;
-    snapshot(): PermissionApproval[];
-}
-interface PermissionPolicy {
-    mode: PermissionMode;
-    alwaysAllow: AlwaysAllowRule[];
-    approvals: PermissionApproval[];
-    layers: PolicyLayer[];
-}
-interface CreatePermissionPolicyOptions {
-    mode?: PermissionMode;
-    alwaysAllow?: AlwaysAllowRule[];
-    approvals?: PermissionApproval[];
-    layers?: PolicyLayer[];
-}
-interface CreateSourcePolicyLayerOptions {
-    sourceSlug: string;
-    rules: PolicyRuleSet;
-    id?: string;
-}
-interface PolicyConfigLayer {
-    id: string;
-    sourceSlug?: string;
-    scope?: PermissionScopeInput;
-    rules: PolicyRuleSet;
-}
-interface PolicyConfigFile {
-    mode?: PermissionMode;
-    alwaysAllow?: AlwaysAllowRule[];
-    approvals?: PermissionApproval[];
-    layers?: PolicyConfigLayer[];
-}
-interface PolicyConfigIssue {
-    path: string;
-    message: string;
-    suggestion?: string;
-}
-interface PolicyConfigValidationResult {
-    valid: boolean;
-    errors: PolicyConfigIssue[];
-    warnings: PolicyConfigIssue[];
-}
-interface CreatePermissionPolicyFromConfigResult {
-    validation: PolicyConfigValidationResult;
-    policy?: PermissionPolicy;
-}
-interface ToolPolicyRequest {
-    toolName: string;
-    input?: Record<string, unknown>;
-    toolIntent?: ToolIntent;
-    scope?: PermissionScopeInput;
-}
-interface CreateApprovalStoreOptions {
-    now?: () => number;
-}
-declare function createPermissionPolicy(options?: CreatePermissionPolicyOptions): PermissionPolicy;
-declare function createSourcePolicyLayer(options: CreateSourcePolicyLayerOptions): PolicyLayer;
-declare function validatePolicyConfig(input: unknown): PolicyConfigValidationResult;
-declare function createPermissionPolicyFromConfig(input: unknown): CreatePermissionPolicyFromConfigResult;
-declare function evaluateToolPolicy(policy: PermissionPolicy, request: ToolPolicyRequest): ToolPolicyDecision;
-declare function createPolicyDecisionReceipt(options: CreatePolicyDecisionReceiptOptions): PolicyDecisionReceipt;
-declare function explainToolPolicy(policy: PermissionPolicy, request: ToolPolicyRequest): ToolPolicyExplanation;
-declare function createInMemoryApprovalStore(options?: CreateApprovalStoreOptions): PermissionApprovalStore;
-interface BlockedCommandHintResult {
-    reason: string;
-    match: PolicyRuleMatch;
-    tryInstead?: string[];
-    context?: string;
-}
-
-export { type AlwaysAllowRule, type ApiEndpointRule, type BlockedCommandHintResult, type BlockedCommandHintRule, type CreateApprovalStoreOptions, type CreatePermissionPolicyFromConfigResult, type CreatePermissionPolicyOptions, type CreatePolicyDecisionReceiptOptions, type CreateSourcePolicyLayerOptions, type PermissionApproval, type PermissionApprovalOrigin, type PermissionApprovalStore, type PermissionPolicy, type PermissionScope, type PermissionScopeInput, type PolicyConfigFile, type PolicyConfigIssue, type PolicyConfigLayer, type PolicyConfigValidationResult, type PolicyDecisionReceipt, type PolicyLayer, type PolicyRuleMatch, type PolicyRuleSet, type ToolIntent, type ToolPolicyDecision, type ToolPolicyExplanation, type ToolPolicyRequest, createInMemoryApprovalStore, createPermissionPolicy, createPermissionPolicyFromConfig, createPolicyDecisionReceipt, createSourcePolicyLayer, evaluateToolPolicy, explainToolPolicy, validatePolicyConfig };
-
-// -- @weft/policy/loader.d.ts --
-import '@weft/core';
-
-interface PolicyFileContents {
-    allowedBashPatterns?: string[];
-    allowedMcpPatterns?: string[];
-    allowedApiEndpoints?: ApiEndpointRule[];
-    allowedWritePaths?: string[];
-    blockedCommandHints?: BlockedCommandHintRule[];
-}
-interface PolicyFileLoadResult {
-    rules: PolicyRuleSet;
-    path: string;
-    errors: string[];
-}
-interface LoadPolicyLayersOptions {
-    globalPath?: string;
-    workspacePath?: string;
-}
-declare function loadPolicyFile(filePath: string): Promise<PolicyFileLoadResult>;
-declare function loadPolicyLayers(options?: LoadPolicyLayersOptions): Promise<{
-    layers: PolicyLayer[];
-    errors: string[];
-}>;
-
-export { type LoadPolicyLayersOptions, type PolicyFileContents, type PolicyFileLoadResult, loadPolicyFile, loadPolicyLayers };
-
-// -- @weft/policy/merge.d.ts --
-import '@weft/core';
-
-/**
- * Merge multiple PolicyRuleSets into one. Later entries take precedence
- * for blockedCommandHints (last hint per command wins), while array fields
- * (patterns, paths, endpoints) are concatenated and deduplicated.
- */
-declare function mergePolicyRuleSets(...sets: PolicyRuleSet[]): PolicyRuleSet;
-/**
- * Merge multiple PolicyLayers into a single flat layer. Used when
- * combining global + workspace file-based layers into one layer
- * before appending to a policy's existing layers.
- */
-declare function mergePolicyLayers(layers: PolicyLayer[], id: string): PolicyLayer | undefined;
-
-export { mergePolicyLayers, mergePolicyRuleSets };
-
 // ── inlined from @percena/weft-client ──
 // -- @percena/weft-client/index.d.ts --
 /**

package/dist/index.d.ts

@@ -1,9 +1,10 @@
-export { AgentCommandSink, AgentEventStream, AgentRuntime, AgentRuntimeKind, AgentRuntimeState, AgentRuntimeStatus, AgentTimelineStream, RuntimeCapabilityReport, RuntimePolicyHook, SessionToolBridge, createRuntimeCapabilityReport, createRuntimeExtensionContext, invokeSessionTool, reduceRuntimeState, sanitizeProviderSourceTools, selectRuntimeCandidate };
-export { PermissionApproval, PermissionPolicy, PermissionScope, PolicyDecisionReceipt, PolicyLayer, PolicyRuleMatch, ToolIntent, ToolPolicyDecision, ToolPolicyRequest, createInMemoryApprovalStore, createPermissionPolicy, createPermissionPolicyFromConfig, createPolicyDecisionReceipt, createSourcePolicyLayer, evaluateToolPolicy, explainToolPolicy, validatePolicyConfig };
-export { AgentSession, UseAgentSessionOptions, useAgentSession } from '@percena/weft-react';
+export { AgentCommandSink, AgentEventStream, AgentRuntime, AgentRuntimeKind, AgentRuntimeState, AgentRuntimeStatus, AgentTimelineStream, SendMessageOptions };
+export { TimelineCursor, TimelineEnvelope, TimelineFetchRequest, TimelineFetchResult, TimelineItem, TimelinePermissionRequest, TimelinePermissionResolution };
+export { AgentSession, UseAgentSessionOptions, useAgentSession } from './chat.js';
 export { CreateFlitroEmbedRuntimeOptions, createFlitroEmbedRuntime };
 export { AgentChatPanel, TimelineAgentChatPanel, useAgentChatSession, useTimelineAgentChatSession };
 export { EN_FALLBACK };
+import '@weft/ui';
 
 // ── inlined from @weft/core ──
 // -- @weft/core/index.d.ts --
@@ -3096,277 +3097,6 @@ declare function createRuntimeCapabilityReport(options: CreateRuntimeCapabilityR
 
 export { type AgentCommandSink, type AgentEventStream, type AgentRuntime, type AgentRuntimeKind, type AgentRuntimeOptions, type AgentRuntimeState, type AgentRuntimeStatus, type AgentTimelineStream, type BrowserActionReceipt, type BrowserActionRequest, type CodexPermissionParams, type CommandOrigin, type CommandReceipt, type CreateRuntimeCapabilityReportOptions, type CreateSkillRequest, type CreateSkillResult, type CreateSourceRequest, type CreateSourceResult, type DeleteSkillRequest, type DeleteSkillResult, type DeleteSourceRequest, type DeleteSourceResult, type GetAutomationsConfigRequest, type GetAutomationsConfigResult, type GetSkillRequest, type GetSkillResult, type GetSourceRequest, type GetSourceResult, type InterSessionMessageRequest, type InvokeSessionToolOptions, type ListSchedulesRequest, type ListSchedulesResult, type ListSkillsRequest, type ListSkillsResult, type ListSourcesRequest, type ListSourcesResult, type LlmToolRequest, type LlmToolResult, type ProviderAuthDetection, type ProviderAuthMode, type ProviderSourceCredentialRef, type ProviderSourceToolDescriptor, RUNTIME_KINDS, type RuntimeAction, type RuntimeAuthDetection, type RuntimeAutomationCapabilities, type RuntimeCandidate, type RuntimeCapabilityReport, type RuntimeExtensionCapabilities, type RuntimeExtensionContext, type RuntimeFeatureCapabilities, type RuntimeHostServices, type RuntimeHostToolCapabilities, type RuntimePermissionScope, type RuntimePermissionScopeInput, type RuntimePolicyCapabilities, type RuntimePolicyExtension, type RuntimePolicyHook, type RuntimeSelection, type RuntimeSelectionOptions, type RuntimeSkillCapabilities, type RuntimeSourceCapabilities, type RuntimeToolIntent, type ScheduleSummary, type SendMessageOptions, type SessionListRequest, type SessionListResult, type SessionMetadataPatch, type SessionMetadataSnapshot, type SessionToolBridge, type SessionToolInvocationReceipt, type SessionToolName, type SessionToolRequest, type SessionToolTimelineRef, type SkillSelection, type SkillSummary, type SourceActivationReceipt, type SourceActivationRequest, type SourceAuthReceipt, type SourceAuthRequest, type SourceSelection, type SourceSummary, type SpawnSessionReceipt, type SpawnSessionRequest, type StartScheduleRequest, type StartScheduleResult, type StopScheduleRequest, type StopScheduleResult, type SubmitPlanReceipt, type SubmitPlanRequest, type ToolPolicyDecision, type ToolPolicyRequest, type UpdateAutomationsConfigRequest, type UpdateAutomationsConfigResult, type UpdateSkillRequest, type UpdateSkillResult, type UpdateSourceRequest, type UpdateSourceResult, createRuntimeCapabilityReport, createRuntimeExtensionContext, initialRuntimeState, invokeSessionTool, mapCodexSandboxModeToSandboxPolicy, mapPermissionModeToCodexParams, reduceRuntimeState, sanitizeProviderSourceTools, selectRuntimeCandidate };
 
-// ── inlined from @weft/policy ──
-// -- @weft/policy/index.d.ts --
-
-type ToolPolicyDecision = {
-    decision: 'allow';
-} | {
-    decision: 'ask';
-    reason: string;
-} | {
-    decision: 'deny';
-    reason: string;
-};
-type ToolIntent = {
-    kind: 'bash';
-    command: string;
-    baseCommand: string;
-} | {
-    kind: 'file_write';
-    path: string;
-    toolName: string;
-} | {
-    kind: 'mcp';
-    name: string;
-} | {
-    kind: 'api';
-    method: string;
-    path: string;
-    url?: string;
-} | {
-    kind: 'unknown';
-    toolName: string;
-};
-interface PolicyRuleMatch {
-    layerId: string;
-    ruleType: 'bash-pattern' | 'mcp-pattern' | 'api-endpoint' | 'write-path' | 'blocked-command-hint';
-    pattern: string;
-}
-type ToolPolicyExplanation = ToolPolicyDecision & {
-    intent: ToolIntent;
-    matchedRule?: PolicyRuleMatch;
-    hint?: string;
-    tryInstead?: string[];
-    hintContext?: string;
-};
-/**
- * Policy decision receipt — a full audit record for every allow/ask/deny decision.
- *
- * Required by §11.8.2: each policy decision must produce a machine-readable receipt
- * with requestId, matchedRule, scope, origin, ttl, and explain, plus timelineRef
- * for cross-referencing with the canonical timeline.
- */
-interface PolicyDecisionReceipt {
-    /** Unique request identifier for audit trail */
-    requestId: string;
-    /** The policy decision (allow/ask/deny) */
-    decision: ToolPolicyDecision;
-    /** Full explain output used to derive the receipt */
-    explain: ToolPolicyExplanation;
-    /** The tool intent that was evaluated */
-    intent: ToolIntent;
-    /** Which rule matched (if any) */
-    matchedRule?: PolicyRuleMatch;
-    /** The scope in which the decision applies */
-    scope?: PermissionScopeInput;
-    /** Who or what originated the request */
-    origin?: PermissionApprovalOrigin;
-    /** How long the allow decision is valid (ms since epoch), if applicable */
-    ttl?: number;
-    /** Blocked command hint for deny decisions */
-    hint?: string;
-    /** Timeline envelope references for audit cross-referencing */
-    timelineRefs?: Array<{
-        epoch: string;
-        seq: number;
-    }>;
-}
-interface CreatePolicyDecisionReceiptOptions {
-    requestId: string;
-    policy: PermissionPolicy;
-    request: ToolPolicyRequest;
-    origin?: PermissionApprovalOrigin;
-    ttl?: number;
-    timelineRefs?: Array<{
-        epoch: string;
-        seq: number;
-    }>;
-}
-type PermissionScope = {
-    type: 'session';
-    sessionId: string;
-} | {
-    type: 'workspace';
-    workspaceId: string;
-} | {
-    type: 'source';
-    sourceSlug: string;
-} | {
-    type: 'skill';
-    skillSlug: string;
-} | {
-    type: 'automation';
-    automationId: string;
-} | {
-    type: 'tool-call';
-    callId: string;
-};
-type PermissionScopeInput = string | PermissionScope;
-type PermissionApprovalOrigin = {
-    type: 'user';
-    id?: string;
-} | {
-    type: 'automation';
-    id: string;
-} | {
-    type: 'system';
-    id?: string;
-};
-interface AlwaysAllowRule {
-    toolName: string;
-    scope?: PermissionScopeInput;
-}
-interface ApiEndpointRule {
-    method: string;
-    pattern: string;
-}
-interface BlockedCommandHintRule {
-    command: string;
-    reason: string;
-    whenNotMatching?: string;
-    tryInstead?: string[];
-    context?: string;
-}
-interface PolicyRuleSet {
-    allowedBashPatterns?: string[];
-    allowedMcpPatterns?: string[];
-    allowedApiEndpoints?: ApiEndpointRule[];
-    allowedWritePaths?: string[];
-    blockedCommandHints?: BlockedCommandHintRule[];
-}
-interface PolicyLayer {
-    id: string;
-    rules: PolicyRuleSet;
-    scope?: PermissionScopeInput;
-}
-interface PermissionApproval {
-    id: string;
-    toolName: string;
-    scope: PermissionScope;
-    origin: PermissionApprovalOrigin;
-    createdAt?: number;
-    expiresAt?: number;
-}
-interface PermissionApprovalStore {
-    remember(approval: PermissionApproval): void;
-    revoke(id: string): void;
-    snapshot(): PermissionApproval[];
-}
-interface PermissionPolicy {
-    mode: PermissionMode;
-    alwaysAllow: AlwaysAllowRule[];
-    approvals: PermissionApproval[];
-    layers: PolicyLayer[];
-}
-interface CreatePermissionPolicyOptions {
-    mode?: PermissionMode;
-    alwaysAllow?: AlwaysAllowRule[];
-    approvals?: PermissionApproval[];
-    layers?: PolicyLayer[];
-}
-interface CreateSourcePolicyLayerOptions {
-    sourceSlug: string;
-    rules: PolicyRuleSet;
-    id?: string;
-}
-interface PolicyConfigLayer {
-    id: string;
-    sourceSlug?: string;
-    scope?: PermissionScopeInput;
-    rules: PolicyRuleSet;
-}
-interface PolicyConfigFile {
-    mode?: PermissionMode;
-    alwaysAllow?: AlwaysAllowRule[];
-    approvals?: PermissionApproval[];
-    layers?: PolicyConfigLayer[];
-}
-interface PolicyConfigIssue {
-    path: string;
-    message: string;
-    suggestion?: string;
-}
-interface PolicyConfigValidationResult {
-    valid: boolean;
-    errors: PolicyConfigIssue[];
-    warnings: PolicyConfigIssue[];
-}
-interface CreatePermissionPolicyFromConfigResult {
-    validation: PolicyConfigValidationResult;
-    policy?: PermissionPolicy;
-}
-interface ToolPolicyRequest {
-    toolName: string;
-    input?: Record<string, unknown>;
-    toolIntent?: ToolIntent;
-    scope?: PermissionScopeInput;
-}
-interface CreateApprovalStoreOptions {
-    now?: () => number;
-}
-declare function createPermissionPolicy(options?: CreatePermissionPolicyOptions): PermissionPolicy;
-declare function createSourcePolicyLayer(options: CreateSourcePolicyLayerOptions): PolicyLayer;
-declare function validatePolicyConfig(input: unknown): PolicyConfigValidationResult;
-declare function createPermissionPolicyFromConfig(input: unknown): CreatePermissionPolicyFromConfigResult;
-declare function evaluateToolPolicy(policy: PermissionPolicy, request: ToolPolicyRequest): ToolPolicyDecision;
-declare function createPolicyDecisionReceipt(options: CreatePolicyDecisionReceiptOptions): PolicyDecisionReceipt;
-declare function explainToolPolicy(policy: PermissionPolicy, request: ToolPolicyRequest): ToolPolicyExplanation;
-declare function createInMemoryApprovalStore(options?: CreateApprovalStoreOptions): PermissionApprovalStore;
-interface BlockedCommandHintResult {
-    reason: string;
-    match: PolicyRuleMatch;
-    tryInstead?: string[];
-    context?: string;
-}
-
-export { type AlwaysAllowRule, type ApiEndpointRule, type BlockedCommandHintResult, type BlockedCommandHintRule, type CreateApprovalStoreOptions, type CreatePermissionPolicyFromConfigResult, type CreatePermissionPolicyOptions, type CreatePolicyDecisionReceiptOptions, type CreateSourcePolicyLayerOptions, type PermissionApproval, type PermissionApprovalOrigin, type PermissionApprovalStore, type PermissionPolicy, type PermissionScope, type PermissionScopeInput, type PolicyConfigFile, type PolicyConfigIssue, type PolicyConfigLayer, type PolicyConfigValidationResult, type PolicyDecisionReceipt, type PolicyLayer, type PolicyRuleMatch, type PolicyRuleSet, type ToolIntent, type ToolPolicyDecision, type ToolPolicyExplanation, type ToolPolicyRequest, createInMemoryApprovalStore, createPermissionPolicy, createPermissionPolicyFromConfig, createPolicyDecisionReceipt, createSourcePolicyLayer, evaluateToolPolicy, explainToolPolicy, validatePolicyConfig };
-
-// -- @weft/policy/loader.d.ts --
-import '@weft/core';
-
-interface PolicyFileContents {
-    allowedBashPatterns?: string[];
-    allowedMcpPatterns?: string[];
-    allowedApiEndpoints?: ApiEndpointRule[];
-    allowedWritePaths?: string[];
-    blockedCommandHints?: BlockedCommandHintRule[];
-}
-interface PolicyFileLoadResult {
-    rules: PolicyRuleSet;
-    path: string;
-    errors: string[];
-}
-interface LoadPolicyLayersOptions {
-    globalPath?: string;
-    workspacePath?: string;
-}
-declare function loadPolicyFile(filePath: string): Promise<PolicyFileLoadResult>;
-declare function loadPolicyLayers(options?: LoadPolicyLayersOptions): Promise<{
-    layers: PolicyLayer[];
-    errors: string[];
-}>;
-
-export { type LoadPolicyLayersOptions, type PolicyFileContents, type PolicyFileLoadResult, loadPolicyFile, loadPolicyLayers };
-
-// -- @weft/policy/merge.d.ts --
-import '@weft/core';
-
-/**
- * Merge multiple PolicyRuleSets into one. Later entries take precedence
- * for blockedCommandHints (last hint per command wins), while array fields
- * (patterns, paths, endpoints) are concatenated and deduplicated.
- */
-declare function mergePolicyRuleSets(...sets: PolicyRuleSet[]): PolicyRuleSet;
-/**
- * Merge multiple PolicyLayers into a single flat layer. Used when
- * combining global + workspace file-based layers into one layer
- * before appending to a policy's existing layers.
- */
-declare function mergePolicyLayers(layers: PolicyLayer[], id: string): PolicyLayer | undefined;
-
-export { mergePolicyLayers, mergePolicyRuleSets };
-
 // ── inlined from @percena/weft-client ──
 // -- @percena/weft-client/index.d.ts --
 /**