@pylabmit/agent-cmdb 1.5.0

package/dist/loader.js

@@ -0,0 +1,199 @@
+import { readFileSync } from 'node:fs';
+import { dirname, extname, resolve } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { parse as parseYaml } from 'yaml';
+import { validateControlPlane } from './validator.js';
+const moduleDir = dirname(fileURLToPath(import.meta.url));
+export const defaultControlPlanePath = resolve(moduleDir, '..', 'examples', 'basic', 'control-plane.yaml');
+export const multiAgentExampleControlPlanePath = resolve(moduleDir, '..', 'examples', 'multi-agent', 'control-plane.yaml');
+export class ControlPlaneLoadError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'ControlPlaneLoadError';
+    }
+}
+export function loadControlPlane(filePath) {
+    const content = readControlPlaneFile(filePath);
+    const parsed = parseControlPlaneContent(filePath, content);
+    const controlPlane = parseControlPlane(parsed);
+    const errors = validateControlPlane(controlPlane).filter((issue) => issue.severity === 'error');
+    if (errors.length > 0) {
+        const detail = errors.map((issue) => `${issue.code}: ${issue.message}`).join('; ');
+        throw new ControlPlaneLoadError(`Control plane validation failed: ${detail}`);
+    }
+    return controlPlane;
+}
+export function loadDefaultControlPlane() {
+    return loadControlPlane(defaultControlPlanePath);
+}
+function readControlPlaneFile(filePath) {
+    try {
+        return readFileSync(filePath, 'utf8');
+    }
+    catch (error) {
+        const detail = error instanceof Error ? error.message : String(error);
+        throw new ControlPlaneLoadError(`Failed to read control plane at ${filePath}: ${detail}`);
+    }
+}
+function parseControlPlaneContent(filePath, content) {
+    const extension = extname(filePath).toLowerCase();
+    try {
+        if (extension === '.yaml' || extension === '.yml') {
+            return parseYaml(content);
+        }
+        return JSON.parse(content);
+    }
+    catch (error) {
+        const detail = error instanceof Error ? error.message : String(error);
+        const format = extension === '.yaml' || extension === '.yml' ? 'YAML' : 'JSON';
+        throw new ControlPlaneLoadError(`Failed to parse control plane ${format} at ${filePath}: ${detail}`);
+    }
+}
+function parseControlPlane(value) {
+    const root = requireRecord(value, 'Control plane');
+    return {
+        version: readString(root, 'version', 'Control plane version'),
+        updatedAt: readString(root, 'updatedAt', 'Control plane updatedAt'),
+        sources: readArray(root, 'sources', 'Control plane sources').map(parseSourceRef),
+        profiles: readArray(root, 'profiles', 'Control plane profiles').map(parseAgentProfile),
+        policies: readArray(root, 'policies', 'Control plane policies').map(parsePolicyRule),
+        objects: readArray(root, 'objects', 'Control plane objects').map(parseCmdbObject),
+        relationships: readArray(root, 'relationships', 'Control plane relationships').map(parseRelationship)
+    };
+}
+function parseSourceRef(value) {
+    const record = requireRecord(value, 'Source');
+    const kind = readString(record, 'kind', 'Source kind');
+    if (!['memory', 'tool', 'oauth', 'wiki', 'web', 'evidence'].includes(kind)) {
+        throw new ControlPlaneLoadError(`Source kind has invalid value ${kind}.`);
+    }
+    return {
+        id: readString(record, 'id', 'Source id'),
+        label: readString(record, 'label', 'Source label'),
+        kind: kind,
+        readOnly: readBoolean(record, 'readOnly', 'Source readOnly'),
+        notes: optionalString(record, 'notes'),
+        freshnessTtl: optionalString(record, 'freshnessTtl'),
+        brainEntityId: optionalString(record, 'brainEntityId')
+    };
+}
+function parseAgentProfile(value) {
+    const record = requireRecord(value, 'Profile');
+    return {
+        id: readString(record, 'id', 'Profile id'),
+        name: readString(record, 'name', 'Profile name'),
+        purpose: readString(record, 'purpose', 'Profile purpose'),
+        guardrails: readStringArray(record, 'guardrails', 'Profile guardrails'),
+        routes: readArray(record, 'routes', 'Profile routes').map(parseSourceRoute)
+    };
+}
+function parseSourceRoute(value) {
+    const record = requireRecord(value, 'Source route');
+    return {
+        intent: readString(record, 'intent', 'Source route intent'),
+        sources: readStringArray(record, 'sources', 'Source route sources'),
+        notes: optionalString(record, 'notes')
+    };
+}
+function parsePolicyRule(value) {
+    const record = requireRecord(value, 'Policy');
+    const effect = readString(record, 'effect', 'Policy effect');
+    if (!['allow', 'deny', 'approval_required'].includes(effect)) {
+        throw new ControlPlaneLoadError(`Policy effect has invalid value ${effect}.`);
+    }
+    return {
+        id: readString(record, 'id', 'Policy id'),
+        effect: effect,
+        actions: readStringArray(record, 'actions', 'Policy actions'),
+        profiles: optionalStringArray(record, 'profiles', 'Policy profiles'),
+        tools: optionalStringArray(record, 'tools', 'Policy tools'),
+        reason: readString(record, 'reason', 'Policy reason'),
+        code: optionalString(record, 'code'),
+        canEscalate: optionalBoolean(record, 'canEscalate'),
+        suggestedAlternative: optionalString(record, 'suggestedAlternative')
+    };
+}
+function parseCmdbObject(value) {
+    const record = requireRecord(value, 'CMDB object');
+    const kind = readString(record, 'kind', 'CMDB object kind');
+    const status = readString(record, 'status', 'CMDB object status');
+    if (!['profile', 'source', 'tool', 'job', 'memory', 'policy', 'workspace'].includes(kind)) {
+        throw new ControlPlaneLoadError(`CMDB object kind has invalid value ${kind}.`);
+    }
+    if (!['active', 'paused', 'blocked', 'planned'].includes(status)) {
+        throw new ControlPlaneLoadError(`CMDB object status has invalid value ${status}.`);
+    }
+    return {
+        id: readString(record, 'id', 'CMDB object id'),
+        kind: kind,
+        label: readString(record, 'label', 'CMDB object label'),
+        status: status,
+        profile: optionalString(record, 'profile'),
+        tags: readStringArray(record, 'tags', 'CMDB object tags'),
+        dependsOn: optionalStringArray(record, 'dependsOn', 'CMDB object dependsOn'),
+        notes: optionalString(record, 'notes')
+    };
+}
+function parseRelationship(value) {
+    const record = requireRecord(value, 'Relationship');
+    const type = readString(record, 'type', 'Relationship type');
+    if (!['uses', 'owns', 'governed_by', 'depends_on', 'blocks', 'writes_to'].includes(type)) {
+        throw new ControlPlaneLoadError(`Relationship type has invalid value ${type}.`);
+    }
+    return {
+        from: readString(record, 'from', 'Relationship from'),
+        to: readString(record, 'to', 'Relationship to'),
+        type: type,
+        notes: optionalString(record, 'notes')
+    };
+}
+function readArray(record, key, label) {
+    const value = record[key];
+    if (!Array.isArray(value)) {
+        throw new ControlPlaneLoadError(`${label} must be an array.`);
+    }
+    return value;
+}
+function readStringArray(record, key, label) {
+    return readArray(record, key, label).map((value) => requireNonEmptyString(value, label));
+}
+function optionalStringArray(record, key, label) {
+    if (record[key] === undefined)
+        return undefined;
+    return readStringArray(record, key, label);
+}
+function readString(record, key, label) {
+    return requireNonEmptyString(record[key], label);
+}
+function optionalString(record, key) {
+    if (record[key] === undefined)
+        return undefined;
+    return requireNonEmptyString(record[key], key);
+}
+function readBoolean(record, key, label) {
+    if (typeof record[key] !== 'boolean') {
+        throw new ControlPlaneLoadError(`${label} must be a boolean.`);
+    }
+    return record[key];
+}
+function optionalBoolean(record, key) {
+    if (record[key] === undefined)
+        return undefined;
+    if (typeof record[key] !== 'boolean') {
+        throw new ControlPlaneLoadError(`${key} must be a boolean.`);
+    }
+    return record[key];
+}
+function requireRecord(value, label) {
+    if (!value || typeof value !== 'object' || Array.isArray(value)) {
+        throw new ControlPlaneLoadError(`${label} must be an object.`);
+    }
+    return value;
+}
+function requireNonEmptyString(value, label) {
+    if (typeof value !== 'string' || value.trim().length === 0) {
+        throw new ControlPlaneLoadError(`${label} must be a non-empty string.`);
+    }
+    return value;
+}
+//# sourceMappingURL=loader.js.map

package/dist/loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"loader.js","sourceRoot":"","sources":["../src/loader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAWtD,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAE1D,MAAM,CAAC,MAAM,uBAAuB,GAAG,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,oBAAoB,CAAC,CAAC;AAC3G,MAAM,CAAC,MAAM,iCAAiC,GAAG,OAAO,CACtD,SAAS,EACT,IAAI,EACJ,UAAU,EACV,aAAa,EACb,oBAAoB,CACrB,CAAC;AAEF,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAC9C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,OAAO,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC3D,MAAM,YAAY,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;IAEhG,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnF,MAAM,IAAI,qBAAqB,CAAC,oCAAoC,MAAM,EAAE,CAAC,CAAC;IAChF,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAM,UAAU,uBAAuB;IACrC,OAAO,gBAAgB,CAAC,uBAAuB,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,oBAAoB,CAAC,QAAgB;IAC5C,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACxC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,MAAM,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACtE,MAAM,IAAI,qBAAqB,CAAC,mCAAmC,QAAQ,KAAK,MAAM,EAAE,CAAC,CAAC;IAC5F,CAAC;AACH,CAAC;AAED,SAAS,wBAAwB,CAAC,QAAgB,EAAE,OAAe;IACjE,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IAElD,IAAI,CAAC;QACH,IAAI,SAAS,KAAK,OAAO,IAAI,SAAS,KAAK,MAAM,EAAE,CAAC;YAClD,OAAO,SAAS,CAAC,OAAO,CAAC,CAAC;QAC5B,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,MAAM,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACtE,MAAM,MAAM,GAAG,SAAS,KAAK,OAAO,IAAI,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;QAC/E,MAAM,IAAI,qBAAqB,CAAC,iCAAiC,MAAM,OAAO,QAAQ,KAAK,MAAM,EAAE,CAAC,CAAC;IACvG,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAEnD,OAAO;QACL,OAAO,EAAE,UAAU,CAAC,IAAI,EAAE,SAAS,EAAE,uBAAuB,CAAC;QAC7D,SAAS,EAAE,UAAU,CAAC,IAAI,EAAE,WAAW,EAAE,yBAAyB,CAAC;QACnE,OAAO,EAAE,SAAS,CAAC,IAAI,EAAE,SAAS,EAAE,uBAAuB,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC;QAChF,QAAQ,EAAE,SAAS,CAAC,IAAI,EAAE,UAAU,EAAE,wBAAwB,CAAC,CAAC,GAAG,CAAC,iBAAiB,CAAC;QACtF,QAAQ,EAAE,SAAS,CAAC,IAAI,EAAE,UAAU,EAAE,wBAAwB,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC;QACpF,OAAO,EAAE,SAAS,CAAC,IAAI,EAAE,SAAS,EAAE,uBAAuB,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC;QACjF,aAAa,EAAE,SAAS,CAAC,IAAI,EAAE,eAAe,EAAE,6BAA6B,CAAC,CAAC,GAAG,CAAC,iBAAiB,CAAC;KACtG,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IAC9C,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC;IACvD,IAAI,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,qBAAqB,CAAC,iCAAiC,IAAI,GAAG,CAAC,CAAC;IAC5E,CAAC;IAED,OAAO;QACL,EAAE,EAAE,UAAU,CAAC,MAAM,EAAE,IAAI,EAAE,WAAW,CAAC;QACzC,KAAK,EAAE,UAAU,CAAC,MAAM,EAAE,OAAO,EAAE,cAAc,CAAC;QAClD,IAAI,EAAE,IAAyB;QAC/B,QAAQ,EAAE,WAAW,CAAC,MAAM,EAAE,UAAU,EAAE,iBAAiB,CAAC;QAC5D,KAAK,EAAE,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC;QACtC,YAAY,EAAE,cAAc,CAAC,MAAM,EAAE,cAAc,CAAC;QACpD,aAAa,EAAE,cAAc,CAAC,MAAM,EAAE,eAAe,CAAC;KACvD,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IAE/C,OAAO;QACL,EAAE,EAAE,UAAU,CAAC,MAAM,EAAE,IAAI,EAAE,YAAY,CAAC;QAC1C,IAAI,EAAE,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,CAAC;QAChD,OAAO,EAAE,UAAU,CAAC,MAAM,EAAE,SAAS,EAAE,iBAAiB,CAAC;QACzD,UAAU,EAAE,eAAe,CAAC,MAAM,EAAE,YAAY,EAAE,oBAAoB,CAAC;QACvE,MAAM,EAAE,SAAS,CAAC,MAAM,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC,GAAG,CAAC,gBAAgB,CAAC;KAC5E,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAc;IACtC,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;IAEpD,OAAO;QACL,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,QAAQ,EAAE,qBAAqB,CAAC;QAC3D,OAAO,EAAE,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,sBAAsB,CAAC;QACnE,KAAK,EAAE,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC;KACvC,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;IAC7D,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,mBAAmB,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC7D,MAAM,IAAI,qBAAqB,CAAC,mCAAmC,MAAM,GAAG,CAAC,CAAC;IAChF,CAAC;IAED,OAAO;QACL,EAAE,EAAE,UAAU,CAAC,MAAM,EAAE,IAAI,EAAE,WAAW,CAAC;QACzC,MAAM,EAAE,MAAsB;QAC9B,OAAO,EAAE,eAAe,CAAC,MAAM,EAAE,SAAS,EAAE,gBAAgB,CAAC;QAC7D,QAAQ,EAAE,mBAAmB,CAAC,MAAM,EAAE,UAAU,EAAE,iBAAiB,CAAC;QACpE,KAAK,EAAE,mBAAmB,CAAC,MAAM,EAAE,OAAO,EAAE,cAAc,CAAC;QAC3D,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,QAAQ,EAAE,eAAe,CAAC;QACrD,IAAI,EAAE,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC;QACpC,WAAW,EAAE,eAAe,CAAC,MAAM,EAAE,aAAa,CAAC;QACnD,oBAAoB,EAAE,cAAc,CAAC,MAAM,EAAE,sBAAsB,CAAC;KACrE,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC;IACnD,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,kBAAkB,CAAC,CAAC;IAC5D,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,EAAE,QAAQ,EAAE,oBAAoB,CAAC,CAAC;IAClE,IAAI,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1F,MAAM,IAAI,qBAAqB,CAAC,sCAAsC,IAAI,GAAG,CAAC,CAAC;IACjF,CAAC;IACD,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACjE,MAAM,IAAI,qBAAqB,CAAC,wCAAwC,MAAM,GAAG,CAAC,CAAC;IACrF,CAAC;IAED,OAAO;QACL,EAAE,EAAE,UAAU,CAAC,MAAM,EAAE,IAAI,EAAE,gBAAgB,CAAC;QAC9C,IAAI,EAAE,IAA0B;QAChC,KAAK,EAAE,UAAU,CAAC,MAAM,EAAE,OAAO,EAAE,mBAAmB,CAAC;QACvD,MAAM,EAAE,MAA8B;QACtC,OAAO,EAAE,cAAc,CAAC,MAAM,EAAE,SAAS,CAAC;QAC1C,IAAI,EAAE,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,kBAAkB,CAAC;QACzD,SAAS,EAAE,mBAAmB,CAAC,MAAM,EAAE,WAAW,EAAE,uBAAuB,CAAC;QAC5E,KAAK,EAAE,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC;KACvC,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,mBAAmB,CAAC,CAAC;IAC7D,IAAI,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACzF,MAAM,IAAI,qBAAqB,CAAC,uCAAuC,IAAI,GAAG,CAAC,CAAC;IAClF,CAAC;IAED,OAAO;QACL,IAAI,EAAE,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,mBAAmB,CAAC;QACrD,EAAE,EAAE,UAAU,CAAC,MAAM,EAAE,IAAI,EAAE,iBAAiB,CAAC;QAC/C,IAAI,EAAE,IAA4B;QAClC,KAAK,EAAE,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC;KACvC,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,MAA+B,EAAE,GAAW,EAAE,KAAa;IAC5E,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,qBAAqB,CAAC,GAAG,KAAK,oBAAoB,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,eAAe,CAAC,MAA+B,EAAE,GAAW,EAAE,KAAa;IAClF,OAAO,SAAS,CAAC,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,qBAAqB,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAC3F,CAAC;AAED,SAAS,mBAAmB,CAAC,MAA+B,EAAE,GAAW,EAAE,KAAa;IACtF,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAChD,OAAO,eAAe,CAAC,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,UAAU,CAAC,MAA+B,EAAE,GAAW,EAAE,KAAa;IAC7E,OAAO,qBAAqB,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,cAAc,CAAC,MAA+B,EAAE,GAAW;IAClE,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAChD,OAAO,qBAAqB,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,WAAW,CAAC,MAA+B,EAAE,GAAW,EAAE,KAAa;IAC9E,IAAI,OAAO,MAAM,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;QACrC,MAAM,IAAI,qBAAqB,CAAC,GAAG,KAAK,qBAAqB,CAAC,CAAC;IACjE,CAAC;IACD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC;AAED,SAAS,eAAe,CAAC,MAA+B,EAAE,GAAW;IACnE,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAChD,IAAI,OAAO,MAAM,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;QACrC,MAAM,IAAI,qBAAqB,CAAC,GAAG,GAAG,qBAAqB,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC;AAED,SAAS,aAAa,CAAC,KAAc,EAAE,KAAa;IAClD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,qBAAqB,CAAC,GAAG,KAAK,qBAAqB,CAAC,CAAC;IACjE,CAAC;IACD,OAAO,KAAgC,CAAC;AAC1C,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAc,EAAE,KAAa;IAC1D,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3D,MAAM,IAAI,qBAAqB,CAAC,GAAG,KAAK,8BAA8B,CAAC,CAAC;IAC1E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/policy-engine.d.ts

@@ -0,0 +1,7 @@
+import type { ControlPlane, PolicyDecision, PolicyRequest, PolicyRule } from './types.js';
+export declare function evaluatePolicy(controlPlane: ControlPlane, request: PolicyRequest): PolicyDecision;
+export declare function normalizePolicyRequest(request: PolicyRequest): PolicyRequest;
+export declare function policyMatches(rule: PolicyRule, request: PolicyRequest): boolean;
+export declare function policyShadows(candidate: PolicyRule, policy: PolicyRule): boolean;
+export declare function policiesConflict(left: PolicyRule, right: PolicyRule): boolean;
+//# sourceMappingURL=policy-engine.d.ts.map

package/dist/policy-engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-engine.d.ts","sourceRoot":"","sources":["../src/policy-engine.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAc,YAAY,EAAE,cAAc,EAAgB,aAAa,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAQpH,wBAAgB,cAAc,CAAC,YAAY,EAAE,YAAY,EAAE,OAAO,EAAE,aAAa,GAAG,cAAc,CAmDjG;AAED,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,aAAa,GAAG,aAAa,CAW5E;AAED,wBAAgB,aAAa,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,aAAa,GAAG,OAAO,CAM/E;AAED,wBAAgB,aAAa,CAAC,SAAS,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAKhF;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,UAAU,GAAG,OAAO,CAM7E"}

package/dist/policy-engine.js

@@ -0,0 +1,143 @@
+const effectRank = {
+    deny: 3,
+    approval_required: 2,
+    allow: 1
+};
+export function evaluatePolicy(controlPlane, request) {
+    const normalizedRequest = normalizePolicyRequest(request);
+    ensureProfileExists(controlPlane, normalizedRequest.profile);
+    const blockedObject = findUnavailableReferencedObject(controlPlane, normalizedRequest);
+    if (blockedObject) {
+        return {
+            effect: 'deny',
+            ruleId: `object-status-${blockedObject.status}`,
+            code: `object_${blockedObject.status}`,
+            reason: `Object ${blockedObject.id} is ${blockedObject.status}.`,
+            profile: normalizedRequest.profile,
+            action: normalizedRequest.action,
+            tool: normalizedRequest.tool,
+            canEscalate: false,
+            suggestedAlternative: 'Use an active source or tool.'
+        };
+    }
+    const matchingRules = controlPlane.policies.filter((rule) => policyMatches(rule, normalizedRequest));
+    const selectedRule = matchingRules.sort((left, right) => {
+        const rankDelta = effectRank[right.effect] - effectRank[left.effect];
+        if (rankDelta !== 0)
+            return rankDelta;
+        return controlPlane.policies.indexOf(left) - controlPlane.policies.indexOf(right);
+    })[0];
+    if (!selectedRule) {
+        return {
+            effect: 'approval_required',
+            ruleId: 'default-approval-required',
+            code: 'no_explicit_policy_match',
+            reason: 'No explicit allow rule matched this action, so approval is required.',
+            profile: normalizedRequest.profile,
+            action: normalizedRequest.action,
+            tool: normalizedRequest.tool,
+            canEscalate: true,
+            suggestedAlternative: 'Ask for explicit approval or add a policy rule.'
+        };
+    }
+    return {
+        effect: selectedRule.effect,
+        ruleId: selectedRule.id,
+        code: selectedRule.code ?? selectedRule.id,
+        reason: selectedRule.reason,
+        profile: normalizedRequest.profile,
+        action: normalizedRequest.action,
+        tool: normalizedRequest.tool,
+        canEscalate: selectedRule.canEscalate ?? selectedRule.effect === 'approval_required',
+        suggestedAlternative: selectedRule.suggestedAlternative
+    };
+}
+export function normalizePolicyRequest(request) {
+    const record = requireRecord(request, 'Policy request');
+    const tool = record.tool === undefined
+        ? undefined
+        : requireNonEmptyString(record.tool, 'Policy request tool', 'when provided');
+    return {
+        profile: requireNonEmptyString(record.profile, 'Policy request profile'),
+        action: requireNonEmptyString(record.action, 'Policy request action'),
+        tool
+    };
+}
+export function policyMatches(rule, request) {
+    if (!matchesList(rule.actions, request.action))
+        return false;
+    if (rule.profiles && !matchesList(rule.profiles, request.profile))
+        return false;
+    if (rule.tools && !request.tool)
+        return rule.tools.includes('*');
+    if (rule.tools && request.tool && !matchesList(rule.tools, request.tool))
+        return false;
+    return true;
+}
+export function policyShadows(candidate, policy) {
+    if (candidate.effect !== policy.effect)
+        return false;
+    return listCovers(candidate.actions, policy.actions)
+        && optionalListCovers(candidate.profiles, policy.profiles)
+        && optionalListCovers(candidate.tools, policy.tools);
+}
+export function policiesConflict(left, right) {
+    if (left.effect === right.effect)
+        return false;
+    if (left.effect !== 'deny' && right.effect !== 'deny')
+        return false;
+    return listOverlaps(left.actions, right.actions)
+        && optionalListOverlaps(left.profiles, right.profiles)
+        && optionalListOverlaps(left.tools, right.tools);
+}
+function matchesList(values, candidate) {
+    return values.includes('*') || values.includes(candidate);
+}
+function optionalListCovers(candidate, policy) {
+    if (!candidate)
+        return true;
+    if (!policy)
+        return candidate.includes('*');
+    return listCovers(candidate, policy);
+}
+function listCovers(candidate, policy) {
+    return candidate.includes('*') || policy.every((value) => candidate.includes(value));
+}
+function optionalListOverlaps(left, right) {
+    if (!left || !right)
+        return true;
+    return listOverlaps(left, right);
+}
+function listOverlaps(left, right) {
+    return left.includes('*') || right.includes('*') || left.some((value) => right.includes(value));
+}
+function findUnavailableReferencedObject(controlPlane, request) {
+    if (!request.tool)
+        return undefined;
+    const candidateIds = new Set([
+        request.tool,
+        `source.${request.tool}`,
+        `tool.${request.tool}`
+    ]);
+    return controlPlane.objects.find((object) => (candidateIds.has(object.id)
+        && (object.status === 'blocked' || object.status === 'paused')));
+}
+function ensureProfileExists(controlPlane, profileId) {
+    if (!controlPlane.profiles.some((candidate) => candidate.id === profileId)) {
+        throw new Error(`Unknown profile: ${profileId}.`);
+    }
+}
+function requireRecord(value, label) {
+    if (!value || typeof value !== 'object' || Array.isArray(value)) {
+        throw new Error(`${label} must be an object.`);
+    }
+    return value;
+}
+function requireNonEmptyString(value, label, suffix) {
+    if (typeof value !== 'string' || value.trim().length === 0) {
+        const suffixText = suffix ? ` ${suffix}` : '';
+        throw new Error(`${label} must be a non-empty string${suffixText}.`);
+    }
+    return value;
+}
+//# sourceMappingURL=policy-engine.js.map

package/dist/policy-engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-engine.js","sourceRoot":"","sources":["../src/policy-engine.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,GAAiC;IAC/C,IAAI,EAAE,CAAC;IACP,iBAAiB,EAAE,CAAC;IACpB,KAAK,EAAE,CAAC;CACT,CAAC;AAEF,MAAM,UAAU,cAAc,CAAC,YAA0B,EAAE,OAAsB;IAC/E,MAAM,iBAAiB,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;IAC1D,mBAAmB,CAAC,YAAY,EAAE,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,+BAA+B,CAAC,YAAY,EAAE,iBAAiB,CAAC,CAAC;IAEvF,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,iBAAiB,aAAa,CAAC,MAAM,EAAE;YAC/C,IAAI,EAAE,UAAU,aAAa,CAAC,MAAM,EAAE;YACtC,MAAM,EAAE,UAAU,aAAa,CAAC,EAAE,OAAO,aAAa,CAAC,MAAM,GAAG;YAChE,OAAO,EAAE,iBAAiB,CAAC,OAAO;YAClC,MAAM,EAAE,iBAAiB,CAAC,MAAM;YAChC,IAAI,EAAE,iBAAiB,CAAC,IAAI;YAC5B,WAAW,EAAE,KAAK;YAClB,oBAAoB,EAAE,+BAA+B;SACtD,CAAC;IACJ,CAAC;IAED,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC,CAAC;IACrG,MAAM,YAAY,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QACtD,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrE,IAAI,SAAS,KAAK,CAAC;YAAE,OAAO,SAAS,CAAC;QACtC,OAAO,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACpF,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAEN,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE,mBAAmB;YAC3B,MAAM,EAAE,2BAA2B;YACnC,IAAI,EAAE,0BAA0B;YAChC,MAAM,EAAE,sEAAsE;YAC9E,OAAO,EAAE,iBAAiB,CAAC,OAAO;YAClC,MAAM,EAAE,iBAAiB,CAAC,MAAM;YAChC,IAAI,EAAE,iBAAiB,CAAC,IAAI;YAC5B,WAAW,EAAE,IAAI;YACjB,oBAAoB,EAAE,iDAAiD;SACxE,CAAC;IACJ,CAAC;IAED,OAAO;QACL,MAAM,EAAE,YAAY,CAAC,MAAM;QAC3B,MAAM,EAAE,YAAY,CAAC,EAAE;QACvB,IAAI,EAAE,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,EAAE;QAC1C,MAAM,EAAE,YAAY,CAAC,MAAM;QAC3B,OAAO,EAAE,iBAAiB,CAAC,OAAO;QAClC,MAAM,EAAE,iBAAiB,CAAC,MAAM;QAChC,IAAI,EAAE,iBAAiB,CAAC,IAAI;QAC5B,WAAW,EAAE,YAAY,CAAC,WAAW,IAAI,YAAY,CAAC,MAAM,KAAK,mBAAmB;QACpF,oBAAoB,EAAE,YAAY,CAAC,oBAAoB;KACxD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,OAAsB;IAC3D,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;IACxD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,KAAK,SAAS;QACpC,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,qBAAqB,CAAC,MAAM,CAAC,IAAI,EAAE,qBAAqB,EAAE,eAAe,CAAC,CAAC;IAE/E,OAAO;QACL,OAAO,EAAE,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,wBAAwB,CAAC;QACxE,MAAM,EAAE,qBAAqB,CAAC,MAAM,CAAC,MAAM,EAAE,uBAAuB,CAAC;QACrE,IAAI;KACL,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,IAAgB,EAAE,OAAsB;IACpE,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7D,IAAI,IAAI,CAAC,QAAQ,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAC;IAChF,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACjE,IAAI,IAAI,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACvF,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,SAAqB,EAAE,MAAkB;IACrE,IAAI,SAAS,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACrD,OAAO,UAAU,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC;WAC/C,kBAAkB,CAAC,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC;WACvD,kBAAkB,CAAC,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;AACzD,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAAgB,EAAE,KAAiB;IAClE,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC/C,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC;IACpE,OAAO,YAAY,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC;WAC3C,oBAAoB,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,QAAQ,CAAC;WACnD,oBAAoB,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,WAAW,CAAC,MAAgB,EAAE,SAAiB;IACtD,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,kBAAkB,CAAC,SAA+B,EAAE,MAA4B;IACvF,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC5B,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC5C,OAAO,UAAU,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,UAAU,CAAC,SAAmB,EAAE,MAAgB;IACvD,OAAO,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;AACvF,CAAC;AAED,SAAS,oBAAoB,CAAC,IAA0B,EAAE,KAA2B;IACnF,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACjC,OAAO,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,YAAY,CAAC,IAAc,EAAE,KAAe;IACnD,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;AAClG,CAAC;AAED,SAAS,+BAA+B,CAAC,YAA0B,EAAE,OAAsB;IACzF,IAAI,CAAC,OAAO,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAEpC,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;QAC3B,OAAO,CAAC,IAAI;QACZ,UAAU,OAAO,CAAC,IAAI,EAAE;QACxB,QAAQ,OAAO,CAAC,IAAI,EAAE;KACvB,CAAC,CAAC;IAEH,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAC3C,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;WACxB,CAAC,MAAM,CAAC,MAAM,KAAK,SAAS,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,CAC/D,CAAC,CAAC;AACL,CAAC;AAED,SAAS,mBAAmB,CAAC,YAA0B,EAAE,SAAiB;IACxE,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,KAAK,SAAS,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,KAAK,CAAC,oBAAoB,SAAS,GAAG,CAAC,CAAC;IACpD,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,KAAc,EAAE,KAAa;IAClD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,qBAAqB,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,KAAgC,CAAC;AAC1C,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAc,EAAE,KAAa,EAAE,MAAe;IAC3E,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3D,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,8BAA8B,UAAU,GAAG,CAAC,CAAC;IACvE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/preflight-action.d.ts

@@ -0,0 +1,3 @@
+import type { ControlPlane, PreflightRequest, PreflightResult } from './types.js';
+export declare function preflightAction(controlPlane: ControlPlane, request: PreflightRequest): PreflightResult;
+//# sourceMappingURL=preflight-action.d.ts.map

package/dist/preflight-action.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"preflight-action.d.ts","sourceRoot":"","sources":["../src/preflight-action.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,YAAY,EAAkB,gBAAgB,EAAE,eAAe,EAAuB,MAAM,YAAY,CAAC;AAEvH,wBAAgB,eAAe,CAAC,YAAY,EAAE,YAAY,EAAE,OAAO,EAAE,gBAAgB,GAAG,eAAe,CA+CtG"}

package/dist/preflight-action.js

@@ -0,0 +1,101 @@
+import { evaluatePolicy, normalizePolicyRequest } from './policy-engine.js';
+import { inspectProfile, resolveSourceRoute } from './route-resolver.js';
+export function preflightAction(controlPlane, request) {
+    const normalizedRequest = normalizePreflightRequest(request);
+    const decision = evaluatePolicy(controlPlane, normalizedRequest);
+    let finalDecision = decision;
+    let route;
+    const warnings = [];
+    if (normalizedRequest.intent) {
+        try {
+            route = resolveSourceRoute(controlPlane, {
+                profile: normalizedRequest.profile,
+                intent: normalizedRequest.intent,
+                freshness: normalizedRequest.freshness,
+                now: normalizedRequest.now
+            });
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            const reason = `Route resolution failed: ${message}`;
+            warnings.push(reason);
+            if (decision.effect === 'allow') {
+                finalDecision = {
+                    effect: 'deny',
+                    ruleId: 'route-resolution-failed',
+                    code: 'route_resolution_failed',
+                    reason,
+                    profile: normalizedRequest.profile,
+                    action: normalizedRequest.action,
+                    tool: normalizedRequest.tool,
+                    canEscalate: false,
+                    suggestedAlternative: 'Fix the source route for this profile and intent before executing.'
+                };
+            }
+        }
+    }
+    const profile = inspectProfile(controlPlane, normalizedRequest.profile);
+    return {
+        allowed: finalDecision.effect === 'allow',
+        approvalRequired: finalDecision.effect === 'approval_required',
+        decision: finalDecision,
+        route,
+        routeExecutable: finalDecision.effect === 'allow' && Boolean(route),
+        guardrails: route?.guardrails ?? profile.guardrails,
+        warnings,
+        dryRun: Boolean(normalizedRequest.dryRun)
+    };
+}
+function normalizePreflightRequest(request) {
+    const normalizedPolicy = normalizePolicyRequest(request);
+    const record = requireRecord(request, 'Preflight request');
+    const intent = record.intent === undefined
+        ? undefined
+        : requireNonEmptyString(record.intent, 'Preflight request intent', 'when provided');
+    const dryRun = record.dryRun === undefined ? undefined : requireBoolean(record.dryRun, 'Preflight request dryRun');
+    const freshness = normalizeFreshness(record.freshness);
+    const now = record.now === undefined
+        ? undefined
+        : requireNonEmptyString(record.now, 'Preflight request now', 'when provided');
+    return {
+        ...normalizedPolicy,
+        intent,
+        dryRun,
+        freshness,
+        now
+    };
+}
+function normalizeFreshness(value) {
+    if (value === undefined)
+        return undefined;
+    if (!Array.isArray(value)) {
+        throw new Error('Preflight request freshness must be an array.');
+    }
+    return value.map((entry) => {
+        const record = requireRecord(entry, 'Preflight freshness input');
+        return {
+            sourceId: requireNonEmptyString(record.sourceId, 'Preflight freshness sourceId'),
+            lastUpdated: requireNonEmptyString(record.lastUpdated, 'Preflight freshness lastUpdated')
+        };
+    });
+}
+function requireBoolean(value, label) {
+    if (typeof value !== 'boolean') {
+        throw new Error(`${label} must be a boolean.`);
+    }
+    return value;
+}
+function requireRecord(value, label) {
+    if (!value || typeof value !== 'object' || Array.isArray(value)) {
+        throw new Error(`${label} must be an object.`);
+    }
+    return value;
+}
+function requireNonEmptyString(value, label, suffix) {
+    if (typeof value !== 'string' || value.trim().length === 0) {
+        const suffixText = suffix ? ` ${suffix}` : '';
+        throw new Error(`${label} must be a non-empty string${suffixText}.`);
+    }
+    return value;
+}
+//# sourceMappingURL=preflight-action.js.map

package/dist/preflight-action.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"preflight-action.js","sourceRoot":"","sources":["../src/preflight-action.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAGzE,MAAM,UAAU,eAAe,CAAC,YAA0B,EAAE,OAAyB;IACnF,MAAM,iBAAiB,GAAG,yBAAyB,CAAC,OAAO,CAAC,CAAC;IAC7D,MAAM,QAAQ,GAAG,cAAc,CAAC,YAAY,EAAE,iBAAiB,CAAC,CAAC;IACjE,IAAI,aAAa,GAAmB,QAAQ,CAAC;IAC7C,IAAI,KAAsC,CAAC;IAC3C,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,IAAI,iBAAiB,CAAC,MAAM,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,KAAK,GAAG,kBAAkB,CAAC,YAAY,EAAE;gBACvC,OAAO,EAAE,iBAAiB,CAAC,OAAO;gBAClC,MAAM,EAAE,iBAAiB,CAAC,MAAM;gBAChC,SAAS,EAAE,iBAAiB,CAAC,SAAS;gBACtC,GAAG,EAAE,iBAAiB,CAAC,GAAG;aAC3B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,MAAM,MAAM,GAAG,4BAA4B,OAAO,EAAE,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACtB,IAAI,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;gBAChC,aAAa,GAAG;oBACd,MAAM,EAAE,MAAM;oBACd,MAAM,EAAE,yBAAyB;oBACjC,IAAI,EAAE,yBAAyB;oBAC/B,MAAM;oBACN,OAAO,EAAE,iBAAiB,CAAC,OAAO;oBAClC,MAAM,EAAE,iBAAiB,CAAC,MAAM;oBAChC,IAAI,EAAE,iBAAiB,CAAC,IAAI;oBAC5B,WAAW,EAAE,KAAK;oBAClB,oBAAoB,EAAE,oEAAoE;iBAC3F,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,cAAc,CAAC,YAAY,EAAE,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAExE,OAAO;QACL,OAAO,EAAE,aAAa,CAAC,MAAM,KAAK,OAAO;QACzC,gBAAgB,EAAE,aAAa,CAAC,MAAM,KAAK,mBAAmB;QAC9D,QAAQ,EAAE,aAAa;QACvB,KAAK;QACL,eAAe,EAAE,aAAa,CAAC,MAAM,KAAK,OAAO,IAAI,OAAO,CAAC,KAAK,CAAC;QACnE,UAAU,EAAE,KAAK,EAAE,UAAU,IAAI,OAAO,CAAC,UAAU;QACnD,QAAQ;QACR,MAAM,EAAE,OAAO,CAAC,iBAAiB,CAAC,MAAM,CAAC;KAC1C,CAAC;AACJ,CAAC;AAED,SAAS,yBAAyB,CAAC,OAAyB;IAC1D,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;IACzD,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IAC3D,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,KAAK,SAAS;QACxC,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,qBAAqB,CAAC,MAAM,CAAC,MAAM,EAAE,0BAA0B,EAAE,eAAe,CAAC,CAAC;IACtF,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,EAAE,0BAA0B,CAAC,CAAC;IACnH,MAAM,SAAS,GAAG,kBAAkB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACvD,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,KAAK,SAAS;QAClC,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,qBAAqB,CAAC,MAAM,CAAC,GAAG,EAAE,uBAAuB,EAAE,eAAe,CAAC,CAAC;IAEhF,OAAO;QACL,GAAG,gBAAgB;QACnB,MAAM;QACN,MAAM;QACN,SAAS;QACT,GAAG;KACJ,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAc;IACxC,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAC1C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IACD,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;QACzB,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,EAAE,2BAA2B,CAAC,CAAC;QACjE,OAAO;YACL,QAAQ,EAAE,qBAAqB,CAAC,MAAM,CAAC,QAAQ,EAAE,8BAA8B,CAAC;YAChF,WAAW,EAAE,qBAAqB,CAAC,MAAM,CAAC,WAAW,EAAE,iCAAiC,CAAC;SAC1F,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,cAAc,CAAC,KAAc,EAAE,KAAa;IACnD,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,qBAAqB,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,KAAc,EAAE,KAAa;IAClD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,qBAAqB,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,KAAgC,CAAC;AAC1C,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAc,EAAE,KAAa,EAAE,MAAe;IAC3E,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3D,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,8BAA8B,UAAU,GAAG,CAAC,CAAC;IACvE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/preflight.d.ts

@@ -0,0 +1,4 @@
+import { type AgentCmdbOptions } from './interface.js';
+import type { PreflightRequest, PreflightResult } from './types.js';
+export declare function agentPreflight(request: PreflightRequest, options?: AgentCmdbOptions): Promise<PreflightResult>;
+//# sourceMappingURL=preflight.d.ts.map

package/dist/preflight.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"preflight.d.ts","sourceRoot":"","sources":["../src/preflight.ts"],"names":[],"mappings":"AAAA,OAAO,EAAmB,KAAK,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACxE,OAAO,KAAK,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAEpE,wBAAsB,cAAc,CAClC,OAAO,EAAE,gBAAgB,EACzB,OAAO,GAAE,gBAAqB,GAC7B,OAAO,CAAC,eAAe,CAAC,CAqC1B"}

package/dist/preflight.js

@@ -0,0 +1,36 @@
+import { createAgentCmdb } from './interface.js';
+export async function agentPreflight(request, options = {}) {
+    const cmdb = createAgentCmdb(options);
+    const result = cmdb.preflight(request);
+    const now = new Date().toISOString();
+    if (result.dryRun) {
+        return result;
+    }
+    if (result.decision.effect === 'deny') {
+        await cmdb.logEvidence({
+            profile: result.decision.profile,
+            source: 'agent-cmdb-preflight',
+            intent: request.intent ?? result.decision.action,
+            summary: `Denied: ${result.decision.reason}`,
+            trust: 'high',
+            capturedAt: now,
+            tags: ['agent-cmdb', 'preflight', 'deny', result.decision.ruleId]
+        });
+    }
+    await cmdb.logChange({
+        target: result.decision.ruleId,
+        targetType: 'policy',
+        action: 'verify',
+        actor: 'agent-cmdb-preflight',
+        reason: `Preflight ${result.decision.effect} for ${result.decision.profile}/${result.decision.action}.`,
+        changedAt: now,
+        after: {
+            allowed: result.allowed,
+            approvalRequired: result.approvalRequired,
+            routeExecutable: result.routeExecutable,
+            decision: result.decision
+        }
+    });
+    return result;
+}
+//# sourceMappingURL=preflight.js.map

package/dist/preflight.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"preflight.js","sourceRoot":"","sources":["../src/preflight.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAyB,MAAM,gBAAgB,CAAC;AAGxE,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAyB,EACzB,UAA4B,EAAE;IAE9B,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QACtC,MAAM,IAAI,CAAC,WAAW,CAAC;YACrB,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO;YAChC,MAAM,EAAE,sBAAsB;YAC9B,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM;YAChD,OAAO,EAAE,WAAW,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE;YAC5C,KAAK,EAAE,MAAM;YACb,UAAU,EAAE,GAAG;YACf,IAAI,EAAE,CAAC,YAAY,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;SAClE,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,CAAC,SAAS,CAAC;QACnB,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM;QAC9B,UAAU,EAAE,QAAQ;QACpB,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE,sBAAsB;QAC7B,MAAM,EAAE,aAAa,MAAM,CAAC,QAAQ,CAAC,MAAM,QAAQ,MAAM,CAAC,QAAQ,CAAC,OAAO,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG;QACvG,SAAS,EAAE,GAAG;QACd,KAAK,EAAE;YACL,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC1B;KACF,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/route-resolver.d.ts

@@ -0,0 +1,6 @@
+import type { AgentProfile, ControlPlane, ProfileInspection, ResolvedSourceRoute, SourceRef, SourceRouteRequest } from './types.js';
+export declare function resolveSourceRoute(controlPlane: ControlPlane, request: SourceRouteRequest): ResolvedSourceRoute;
+export declare function inspectProfile(controlPlane: ControlPlane, profileId: string): ProfileInspection;
+export declare function ensureProfile(controlPlane: ControlPlane, profileId: string): AgentProfile;
+export declare function ensureSource(controlPlane: ControlPlane, sourceId: string): SourceRef;
+//# sourceMappingURL=route-resolver.d.ts.map

package/dist/route-resolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"route-resolver.d.ts","sourceRoot":"","sources":["../src/route-resolver.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,mBAAmB,EAGnB,SAAS,EACT,kBAAkB,EACnB,MAAM,YAAY,CAAC;AAEpB,wBAAgB,kBAAkB,CAChC,YAAY,EAAE,YAAY,EAC1B,OAAO,EAAE,kBAAkB,GAC1B,mBAAmB,CAuBrB;AAED,wBAAgB,cAAc,CAAC,YAAY,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,GAAG,iBAAiB,CAc/F;AAED,wBAAgB,aAAa,CAAC,YAAY,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,GAAG,YAAY,CAMzF;AAED,wBAAgB,YAAY,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,GAAG,SAAS,CAMpF"}