@red-codes/agentguard 1.0.0 → 1.1.2

package/dist/plugins/validator.js

@@ -1,276 +0,0 @@
-// Plugin manifest validator — validates plugin manifests at load time.
-//
-// Validates structure, required fields, capability declarations, version
-// format, and API version compatibility. This runs before a plugin is
-// registered in any registry to ensure only well-formed plugins are loaded.
-import { VALID_CAPABILITIES } from './types.js';
-/** Valid plugin types */
-const VALID_PLUGIN_TYPES = ['renderer', 'replay-processor', 'policy-pack'];
-/** Semver pattern: major.minor.patch with optional pre-release */
-const SEMVER_PATTERN = /^\d+\.\d+\.\d+(-[\w.]+)?$/;
-/** Semver range patterns we accept for apiVersion */
-const SEMVER_RANGE_PATTERN = /^([~^]|>=?|<=?|)?\d+\.\d+\.\d+(-[\w.]+)?$/;
-/**
- * Validate a plugin manifest for structural correctness.
- *
- * Checks:
- * - Required fields: id, name, version, type, apiVersion
- * - String format: non-empty strings, valid semver
- * - Plugin type: must be a known PluginType
- * - Capabilities: all entries must be known PluginCapability values
- * - Dependencies: must be non-empty strings if provided
- */
-export function validateManifest(manifest) {
-    const errors = [];
-    if (!manifest || typeof manifest !== 'object') {
-        return {
-            valid: false,
-            pluginId: undefined,
-            errors: [{ field: 'manifest', message: 'Manifest must be a non-null object' }],
-        };
-    }
-    const m = manifest;
-    // --- Required string fields ---
-    const requiredStrings = ['id', 'name', 'version', 'type', 'apiVersion'];
-    for (const field of requiredStrings) {
-        if (m[field] === undefined || m[field] === null) {
-            errors.push({ field, message: `"${field}" is required` });
-        }
-        else if (typeof m[field] !== 'string' || m[field].trim() === '') {
-            errors.push({ field, message: `"${field}" must be a non-empty string` });
-        }
-    }
-    const pluginId = typeof m.id === 'string' ? m.id : undefined;
-    // --- Version format ---
-    if (typeof m.version === 'string' && m.version.trim() !== '') {
-        if (!SEMVER_PATTERN.test(m.version)) {
-            errors.push({
-                field: 'version',
-                message: `"${m.version}" is not valid semver (expected major.minor.patch)`,
-            });
-        }
-    }
-    // --- API version format ---
-    if (typeof m.apiVersion === 'string' && m.apiVersion.trim() !== '') {
-        if (!SEMVER_RANGE_PATTERN.test(m.apiVersion)) {
-            errors.push({
-                field: 'apiVersion',
-                message: `"${m.apiVersion}" is not a valid semver range`,
-            });
-        }
-    }
-    // --- Plugin type ---
-    if (typeof m.type === 'string' && !VALID_PLUGIN_TYPES.includes(m.type)) {
-        errors.push({
-            field: 'type',
-            message: `"${m.type}" is not a valid plugin type (expected: ${VALID_PLUGIN_TYPES.join(', ')})`,
-        });
-    }
-    // --- Optional description ---
-    if (m.description !== undefined && typeof m.description !== 'string') {
-        errors.push({ field: 'description', message: '"description" must be a string if provided' });
-    }
-    // --- Capabilities ---
-    if (m.capabilities !== undefined) {
-        if (!Array.isArray(m.capabilities)) {
-            errors.push({
-                field: 'capabilities',
-                message: '"capabilities" must be an array if provided',
-            });
-        }
-        else {
-            for (let i = 0; i < m.capabilities.length; i++) {
-                const cap = m.capabilities[i];
-                if (typeof cap !== 'string') {
-                    errors.push({
-                        field: `capabilities[${i}]`,
-                        message: 'Each capability must be a string',
-                    });
-                }
-                else if (!VALID_CAPABILITIES.includes(cap)) {
-                    errors.push({
-                        field: `capabilities[${i}]`,
-                        message: `"${cap}" is not a valid capability (expected: ${VALID_CAPABILITIES.join(', ')})`,
-                    });
-                }
-            }
-        }
-    }
-    // --- Dependencies ---
-    if (m.dependencies !== undefined) {
-        if (!Array.isArray(m.dependencies)) {
-            errors.push({
-                field: 'dependencies',
-                message: '"dependencies" must be an array if provided',
-            });
-        }
-        else {
-            for (let i = 0; i < m.dependencies.length; i++) {
-                const dep = m.dependencies[i];
-                if (typeof dep !== 'string' || dep.trim() === '') {
-                    errors.push({
-                        field: `dependencies[${i}]`,
-                        message: 'Each dependency must be a non-empty string',
-                    });
-                }
-            }
-        }
-    }
-    return {
-        valid: errors.length === 0,
-        pluginId,
-        errors,
-    };
-}
-/**
- * Parse semver string into components.
- * Returns null if the string is not valid semver.
- */
-function parseSemver(version) {
-    const match = version.match(/^(\d+)\.(\d+)\.(\d+)/);
-    if (!match)
-        return null;
-    return {
-        major: parseInt(match[1], 10),
-        minor: parseInt(match[2], 10),
-        patch: parseInt(match[3], 10),
-    };
-}
-/**
- * Check if a plugin's declared apiVersion is compatible with the host API version.
- *
- * Supports simple semver range operators:
- * - `^1.0.0` — compatible with 1.x.x (major must match, minor/patch >= specified)
- * - `~1.2.0` — compatible with 1.2.x (major+minor must match, patch >= specified)
- * - `>=1.0.0` — any version >= 1.0.0
- * - `1.0.0` — exact match (treated as ^1.0.0 for convenience)
- */
-export function checkApiVersionCompatibility(pluginApiVersion, hostVersion) {
-    const host = parseSemver(hostVersion);
-    if (!host) {
-        return { compatible: false, reason: `Invalid host version: "${hostVersion}"` };
-    }
-    // Extract operator and version
-    const rangeMatch = pluginApiVersion.match(/^([~^]|>=?|<=?|)?(\d+\.\d+\.\d+.*)$/);
-    if (!rangeMatch) {
-        return { compatible: false, reason: `Invalid apiVersion format: "${pluginApiVersion}"` };
-    }
-    const operator = rangeMatch[1] || '^'; // Default to caret if no operator
-    const required = parseSemver(rangeMatch[2]);
-    if (!required) {
-        return { compatible: false, reason: `Cannot parse version: "${rangeMatch[2]}"` };
-    }
-    switch (operator) {
-        case '^': {
-            // Major must match, host >= required
-            if (host.major !== required.major) {
-                return {
-                    compatible: false,
-                    reason: `Major version mismatch: host ${hostVersion} vs required ^${rangeMatch[2]}`,
-                };
-            }
-            if (host.minor < required.minor ||
-                (host.minor === required.minor && host.patch < required.patch)) {
-                return {
-                    compatible: false,
-                    reason: `Host version ${hostVersion} is older than required ^${rangeMatch[2]}`,
-                };
-            }
-            return { compatible: true };
-        }
-        case '~': {
-            // Major+minor must match, patch >= required
-            if (host.major !== required.major || host.minor !== required.minor) {
-                return {
-                    compatible: false,
-                    reason: `Version mismatch: host ${hostVersion} vs required ~${rangeMatch[2]}`,
-                };
-            }
-            if (host.patch < required.patch) {
-                return {
-                    compatible: false,
-                    reason: `Host patch ${hostVersion} is older than required ~${rangeMatch[2]}`,
-                };
-            }
-            return { compatible: true };
-        }
-        case '>=': {
-            const hostVal = host.major * 10000 + host.minor * 100 + host.patch;
-            const reqVal = required.major * 10000 + required.minor * 100 + required.patch;
-            if (hostVal < reqVal) {
-                return {
-                    compatible: false,
-                    reason: `Host version ${hostVersion} is older than required >=${rangeMatch[2]}`,
-                };
-            }
-            return { compatible: true };
-        }
-        case '>': {
-            const hostVal = host.major * 10000 + host.minor * 100 + host.patch;
-            const reqVal = required.major * 10000 + required.minor * 100 + required.patch;
-            if (hostVal <= reqVal) {
-                return {
-                    compatible: false,
-                    reason: `Host version ${hostVersion} is not greater than ${rangeMatch[2]}`,
-                };
-            }
-            return { compatible: true };
-        }
-        case '<=': {
-            const hostVal = host.major * 10000 + host.minor * 100 + host.patch;
-            const reqVal = required.major * 10000 + required.minor * 100 + required.patch;
-            if (hostVal > reqVal) {
-                return {
-                    compatible: false,
-                    reason: `Host version ${hostVersion} is newer than required <=${rangeMatch[2]}`,
-                };
-            }
-            return { compatible: true };
-        }
-        case '<': {
-            const hostVal = host.major * 10000 + host.minor * 100 + host.patch;
-            const reqVal = required.major * 10000 + required.minor * 100 + required.patch;
-            if (hostVal >= reqVal) {
-                return {
-                    compatible: false,
-                    reason: `Host version ${hostVersion} is not less than ${rangeMatch[2]}`,
-                };
-            }
-            return { compatible: true };
-        }
-        default:
-            return { compatible: false, reason: `Unknown operator: "${operator}"` };
-    }
-}
-/**
- * Fully validate a plugin manifest including API version compatibility.
- *
- * This is the main entry point for plugin validation. It runs:
- * 1. Structural validation (validateManifest)
- * 2. API version compatibility check (checkApiVersionCompatibility)
- *
- * Returns a combined result with all errors.
- */
-export function validatePlugin(manifest, hostVersion) {
-    const structuralResult = validateManifest(manifest);
-    // If structural validation failed, return early — can't check compatibility
-    if (!structuralResult.valid) {
-        return structuralResult;
-    }
-    const m = manifest;
-    const errors = [...structuralResult.errors];
-    // Check API version compatibility
-    const compat = checkApiVersionCompatibility(m.apiVersion, hostVersion);
-    if (!compat.compatible) {
-        errors.push({
-            field: 'apiVersion',
-            message: compat.reason || 'Incompatible API version',
-        });
-    }
-    return {
-        valid: errors.length === 0,
-        pluginId: m.id,
-        errors,
-    };
-}
-//# sourceMappingURL=validator.js.map

package/dist/plugins/validator.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"validator.js","sourceRoot":"","sources":["../../src/plugins/validator.ts"],"names":[],"mappings":"AAAA,uEAAuE;AACvE,EAAE;AACF,yEAAyE;AACzE,sEAAsE;AACtE,4EAA4E;AAS5E,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAEhD,yBAAyB;AACzB,MAAM,kBAAkB,GAA0B,CAAC,UAAU,EAAE,kBAAkB,EAAE,aAAa,CAAC,CAAC;AAElG,kEAAkE;AAClE,MAAM,cAAc,GAAG,2BAA2B,CAAC;AAEnD,qDAAqD;AACrD,MAAM,oBAAoB,GAAG,2CAA2C,CAAC;AAEzE;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAiB;IAChD,MAAM,MAAM,GAA4B,EAAE,CAAC;IAE3C,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC9C,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,QAAQ,EAAE,SAAS;YACnB,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,oCAAoC,EAAE,CAAC;SAC/E,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,GAAG,QAAmC,CAAC;IAE9C,iCAAiC;IACjC,MAAM,eAAe,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY,CAAU,CAAC;IACjF,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,CAAC,CAAC,KAAK,CAAC,KAAK,SAAS,IAAI,CAAC,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC;YAChD,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,KAAK,eAAe,EAAE,CAAC,CAAC;QAC5D,CAAC;aAAM,IAAI,OAAO,CAAC,CAAC,KAAK,CAAC,KAAK,QAAQ,IAAK,CAAC,CAAC,KAAK,CAAY,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC9E,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,KAAK,8BAA8B,EAAE,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAE7D,yBAAyB;IACzB,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAC7D,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;YACpC,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK,EAAE,SAAS;gBAChB,OAAO,EAAE,IAAI,CAAC,CAAC,OAAO,oDAAoD;aAC3E,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,IAAI,OAAO,CAAC,CAAC,UAAU,KAAK,QAAQ,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACnE,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC;YAC7C,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK,EAAE,YAAY;gBACnB,OAAO,EAAE,IAAI,CAAC,CAAC,UAAU,+BAA+B;aACzD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAkB,CAAC,EAAE,CAAC;QACrF,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,MAAM;YACb,OAAO,EAAE,IAAI,CAAC,CAAC,IAAI,2CAA2C,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;SAC/F,CAAC,CAAC;IACL,CAAC;IAED,+BAA+B;IAC/B,IAAI,CAAC,CAAC,WAAW,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;QACrE,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,4CAA4C,EAAE,CAAC,CAAC;IAC/F,CAAC;IAED,uBAAuB;IACvB,IAAI,CAAC,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QACjC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK,EAAE,cAAc;gBACrB,OAAO,EAAE,6CAA6C;aACvD,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC/C,MAAM,GAAG,GAAG,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;gBAC9B,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;oBAC5B,MAAM,CAAC,IAAI,CAAC;wBACV,KAAK,EAAE,gBAAgB,CAAC,GAAG;wBAC3B,OAAO,EAAE,kCAAkC;qBAC5C,CAAC,CAAC;gBACL,CAAC;qBAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,GAAuB,CAAC,EAAE,CAAC;oBACjE,MAAM,CAAC,IAAI,CAAC;wBACV,KAAK,EAAE,gBAAgB,CAAC,GAAG;wBAC3B,OAAO,EAAE,IAAI,GAAG,0CAA0C,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;qBAC3F,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,IAAI,CAAC,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QACjC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC;gBACV,KAAK,EAAE,cAAc;gBACrB,OAAO,EAAE,6CAA6C;aACvD,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC/C,MAAM,GAAG,GAAG,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;gBAC9B,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;oBACjD,MAAM,CAAC,IAAI,CAAC;wBACV,KAAK,EAAE,gBAAgB,CAAC,GAAG;wBAC3B,OAAO,EAAE,4CAA4C;qBACtD,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,QAAQ;QACR,MAAM;KACP,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAAC,OAAe;IAClC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;IACpD,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,OAAO;QACL,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QAC7B,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QAC7B,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;KAC9B,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,4BAA4B,CAC1C,gBAAwB,EACxB,WAAmB;IAEnB,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IACtC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,0BAA0B,WAAW,GAAG,EAAE,CAAC;IACjF,CAAC;IAED,+BAA+B;IAC/B,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACjF,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,gBAAgB,GAAG,EAAE,CAAC;IAC3F,CAAC;IAED,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,kCAAkC;IACzE,MAAM,QAAQ,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,0BAA0B,UAAU,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;IACnF,CAAC;IAED,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,GAAG,CAAC,CAAC,CAAC;YACT,qCAAqC;YACrC,IAAI,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,KAAK,EAAE,CAAC;gBAClC,OAAO;oBACL,UAAU,EAAE,KAAK;oBACjB,MAAM,EAAE,gCAAgC,WAAW,iBAAiB,UAAU,CAAC,CAAC,CAAC,EAAE;iBACpF,CAAC;YACJ,CAAC;YACD,IACE,IAAI,CAAC,KAAK,GAAG,QAAQ,CAAC,KAAK;gBAC3B,CAAC,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,EAC9D,CAAC;gBACD,OAAO;oBACL,UAAU,EAAE,KAAK;oBACjB,MAAM,EAAE,gBAAgB,WAAW,4BAA4B,UAAU,CAAC,CAAC,CAAC,EAAE;iBAC/E,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;QAC9B,CAAC;QAED,KAAK,GAAG,CAAC,CAAC,CAAC;YACT,4CAA4C;YAC5C,IAAI,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,KAAK,EAAE,CAAC;gBACnE,OAAO;oBACL,UAAU,EAAE,KAAK;oBACjB,MAAM,EAAE,0BAA0B,WAAW,iBAAiB,UAAU,CAAC,CAAC,CAAC,EAAE;iBAC9E,CAAC;YACJ,CAAC;YACD,IAAI,IAAI,CAAC,KAAK,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAC;gBAChC,OAAO;oBACL,UAAU,EAAE,KAAK;oBACjB,MAAM,EAAE,cAAc,WAAW,4BAA4B,UAAU,CAAC,CAAC,CAAC,EAAE;iBAC7E,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;QAC9B,CAAC;QAED,KAAK,IAAI,CAAC,CAAC,CAAC;YACV,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,GAAG,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC;YACnE,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,GAAG,KAAK,GAAG,QAAQ,CAAC,KAAK,GAAG,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC;YAC9E,IAAI,OAAO,GAAG,MAAM,EAAE,CAAC;gBACrB,OAAO;oBACL,UAAU,EAAE,KAAK;oBACjB,MAAM,EAAE,gBAAgB,WAAW,6BAA6B,UAAU,CAAC,CAAC,CAAC,EAAE;iBAChF,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;QAC9B,CAAC;QAED,KAAK,GAAG,CAAC,CAAC,CAAC;YACT,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,GAAG,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC;YACnE,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,GAAG,KAAK,GAAG,QAAQ,CAAC,KAAK,GAAG,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC;YAC9E,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;gBACtB,OAAO;oBACL,UAAU,EAAE,KAAK;oBACjB,MAAM,EAAE,gBAAgB,WAAW,wBAAwB,UAAU,CAAC,CAAC,CAAC,EAAE;iBAC3E,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;QAC9B,CAAC;QAED,KAAK,IAAI,CAAC,CAAC,CAAC;YACV,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,GAAG,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC;YACnE,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,GAAG,KAAK,GAAG,QAAQ,CAAC,KAAK,GAAG,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC;YAC9E,IAAI,OAAO,GAAG,MAAM,EAAE,CAAC;gBACrB,OAAO;oBACL,UAAU,EAAE,KAAK;oBACjB,MAAM,EAAE,gBAAgB,WAAW,6BAA6B,UAAU,CAAC,CAAC,CAAC,EAAE;iBAChF,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;QAC9B,CAAC;QAED,KAAK,GAAG,CAAC,CAAC,CAAC;YACT,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,GAAG,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC;YACnE,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,GAAG,KAAK,GAAG,QAAQ,CAAC,KAAK,GAAG,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC;YAC9E,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;gBACtB,OAAO;oBACL,UAAU,EAAE,KAAK;oBACjB,MAAM,EAAE,gBAAgB,WAAW,qBAAqB,UAAU,CAAC,CAAC,CAAC,EAAE;iBACxE,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;QAC9B,CAAC;QAED;YACE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,QAAQ,GAAG,EAAE,CAAC;IAC5E,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,cAAc,CAAC,QAAiB,EAAE,WAAmB;IACnE,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAEpD,4EAA4E;IAC5E,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;QAC5B,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,MAAM,CAAC,GAAG,QAA0B,CAAC;IACrC,MAAM,MAAM,GAAG,CAAC,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAE5C,kCAAkC;IAClC,MAAM,MAAM,GAAG,4BAA4B,CAAC,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IACvE,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC;YACV,KAAK,EAAE,YAAY;YACnB,OAAO,EAAE,MAAM,CAAC,MAAM,IAAI,0BAA0B;SACrD,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,QAAQ,EAAE,CAAC,CAAC,EAAE;QACd,MAAM;KACP,CAAC;AACJ,CAAC"}

package/dist/policy/evaluator.d.ts

@@ -1,41 +0,0 @@
-export interface PolicyRule {
-    action: string | string[];
-    effect: 'allow' | 'deny';
-    conditions?: {
-        scope?: string[];
-        limit?: number;
-        branches?: string[];
-        requireTests?: boolean;
-    };
-    reason?: string;
-}
-export interface LoadedPolicy {
-    id: string;
-    name: string;
-    description?: string;
-    rules: PolicyRule[];
-    severity: number;
-}
-export interface NormalizedIntent {
-    action: string;
-    target: string;
-    agent: string;
-    branch?: string;
-    command?: string;
-    filesAffected?: number;
-    metadata?: Record<string, unknown>;
-    destructive: boolean;
-}
-export interface EvalResult {
-    allowed: boolean;
-    decision: 'allow' | 'deny';
-    matchedRule: PolicyRule | null;
-    matchedPolicy: LoadedPolicy | null;
-    reason: string;
-    severity: number;
-}
-declare function matchAction(pattern: string, action: string): boolean;
-declare function matchScope(scopePatterns: string[], target: string): boolean;
-export declare function evaluate(intent: NormalizedIntent, policies: LoadedPolicy[]): EvalResult;
-export { matchAction, matchScope };
-//# sourceMappingURL=evaluator.d.ts.map

package/dist/policy/evaluator.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"evaluator.d.ts","sourceRoot":"","sources":["../../src/policy/evaluator.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,MAAM,EAAE,OAAO,GAAG,MAAM,CAAC;IACzB,UAAU,CAAC,EAAE;QACX,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;QACpB,YAAY,CAAC,EAAE,OAAO,CAAC;KACxB,CAAC;IACF,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,WAAW,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,OAAO,GAAG,MAAM,CAAC;IAC3B,WAAW,EAAE,UAAU,GAAG,IAAI,CAAC;IAC/B,aAAa,EAAE,YAAY,GAAG,IAAI,CAAC;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,iBAAS,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAU7D;AAED,iBAAS,UAAU,CAAC,aAAa,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAepE;AAwBD,wBAAgB,QAAQ,CAAC,MAAM,EAAE,gBAAgB,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,UAAU,CA8DvF;AAED,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC"}

package/dist/policy/evaluator.js

@@ -1,111 +0,0 @@
-// Policy evaluator — matches actions against loaded policies.
-// Pure domain logic. No DOM, no Node.js-specific APIs.
-function matchAction(pattern, action) {
-    if (pattern === '*')
-        return true;
-    if (pattern === action)
-        return true;
-    if (pattern.endsWith('.*')) {
-        const prefix = pattern.slice(0, -2);
-        return action.startsWith(prefix + '.');
-    }
-    return false;
-}
-function matchScope(scopePatterns, target) {
-    if (!scopePatterns || scopePatterns.length === 0)
-        return true;
-    if (!target)
-        return true;
-    for (const pattern of scopePatterns) {
-        if (pattern === '*')
-            return true;
-        if (pattern === target)
-            return true;
-        if (pattern.endsWith('/') && target.startsWith(pattern))
-            return true;
-        if (pattern.startsWith('*')) {
-            const suffix = pattern.slice(1);
-            if (target.endsWith(suffix))
-                return true;
-        }
-    }
-    return false;
-}
-function matchConditions(conditions, intent) {
-    if (!conditions)
-        return true;
-    if (conditions.scope && !matchScope(conditions.scope, intent.target)) {
-        return false;
-    }
-    if (conditions.limit !== undefined && intent.filesAffected !== undefined) {
-        if (intent.filesAffected > conditions.limit) {
-            return true;
-        }
-    }
-    if (conditions.branches && intent.branch) {
-        if (conditions.branches.includes(intent.branch)) {
-            return true;
-        }
-    }
-    return true;
-}
-export function evaluate(intent, policies) {
-    if (!intent || !intent.action) {
-        return {
-            allowed: false,
-            decision: 'deny',
-            matchedRule: null,
-            matchedPolicy: null,
-            reason: 'Intent is missing required field: action',
-            severity: 5,
-        };
-    }
-    for (const policy of policies) {
-        for (const rule of policy.rules) {
-            if (rule.effect !== 'deny')
-                continue;
-            const actions = Array.isArray(rule.action) ? rule.action : [rule.action];
-            const actionMatches = actions.some((pattern) => matchAction(pattern, intent.action));
-            if (!actionMatches)
-                continue;
-            if (matchConditions(rule.conditions, intent)) {
-                return {
-                    allowed: false,
-                    decision: 'deny',
-                    matchedRule: rule,
-                    matchedPolicy: policy,
-                    reason: rule.reason || `Denied by policy "${policy.name}"`,
-                    severity: policy.severity,
-                };
-            }
-        }
-    }
-    for (const policy of policies) {
-        for (const rule of policy.rules) {
-            if (rule.effect !== 'allow')
-                continue;
-            const actions = Array.isArray(rule.action) ? rule.action : [rule.action];
-            const actionMatches = actions.some((pattern) => matchAction(pattern, intent.action));
-            if (actionMatches && matchConditions(rule.conditions, intent)) {
-                return {
-                    allowed: true,
-                    decision: 'allow',
-                    matchedRule: rule,
-                    matchedPolicy: policy,
-                    reason: rule.reason || `Allowed by policy "${policy.name}"`,
-                    severity: 0,
-                };
-            }
-        }
-    }
-    return {
-        allowed: true,
-        decision: 'allow',
-        matchedRule: null,
-        matchedPolicy: null,
-        reason: 'No matching policy — default allow',
-        severity: 0,
-    };
-}
-export { matchAction, matchScope };
-//# sourceMappingURL=evaluator.js.map

package/dist/policy/evaluator.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"evaluator.js","sourceRoot":"","sources":["../../src/policy/evaluator.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,uDAAuD;AA0CvD,SAAS,WAAW,CAAC,OAAe,EAAE,MAAc;IAClD,IAAI,OAAO,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACjC,IAAI,OAAO,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IAEpC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACpC,OAAO,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,UAAU,CAAC,aAAuB,EAAE,MAAc;IACzD,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9D,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;QACpC,IAAI,OAAO,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QACjC,IAAI,OAAO,KAAK,MAAM;YAAE,OAAO,IAAI,CAAC;QACpC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;YAAE,OAAO,IAAI,CAAC;QACrE,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChC,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAAE,OAAO,IAAI,CAAC;QAC3C,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,eAAe,CAAC,UAAoC,EAAE,MAAwB;IACrF,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAE7B,IAAI,UAAU,CAAC,KAAK,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QACrE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,UAAU,CAAC,KAAK,KAAK,SAAS,IAAI,MAAM,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;QACzE,IAAI,MAAM,CAAC,aAAa,GAAG,UAAU,CAAC,KAAK,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,IAAI,UAAU,CAAC,QAAQ,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QACzC,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YAChD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,MAAwB,EAAE,QAAwB;IACzE,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9B,OAAO;YACL,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE,MAAM;YAChB,WAAW,EAAE,IAAI;YACjB,aAAa,EAAE,IAAI;YACnB,MAAM,EAAE,0CAA0C;YAClD,QAAQ,EAAE,CAAC;SACZ,CAAC;IACJ,CAAC;IAED,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;QAC9B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAChC,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM;gBAAE,SAAS;YAErC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACzE,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;YAErF,IAAI,CAAC,aAAa;gBAAE,SAAS;YAE7B,IAAI,eAAe,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC;gBAC7C,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,QAAQ,EAAE,MAAM;oBAChB,WAAW,EAAE,IAAI;oBACjB,aAAa,EAAE,MAAM;oBACrB,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,qBAAqB,MAAM,CAAC,IAAI,GAAG;oBAC1D,QAAQ,EAAE,MAAM,CAAC,QAAQ;iBAC1B,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;QAC9B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAChC,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO;gBAAE,SAAS;YAEtC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACzE,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;YAErF,IAAI,aAAa,IAAI,eAAe,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC;gBAC9D,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,QAAQ,EAAE,OAAO;oBACjB,WAAW,EAAE,IAAI;oBACjB,aAAa,EAAE,MAAM;oBACrB,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,sBAAsB,MAAM,CAAC,IAAI,GAAG;oBAC3D,QAAQ,EAAE,CAAC;iBACZ,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,OAAO;QACjB,WAAW,EAAE,IAAI;QACjB,aAAa,EAAE,IAAI;QACnB,MAAM,EAAE,oCAAoC;QAC5C,QAAQ,EAAE,CAAC;KACZ,CAAC;AACJ,CAAC;AAED,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC"}

package/dist/policy/loader.d.ts

@@ -1,13 +0,0 @@
-import type { LoadedPolicy } from './evaluator.js';
-export declare const VALID_ACTIONS: Set<string>;
-interface ValidationResult {
-    valid: boolean;
-    errors: string[];
-}
-export declare function validatePolicy(policy: unknown): ValidationResult;
-export declare function loadPolicies(policyDefs: unknown[]): {
-    policies: LoadedPolicy[];
-    errors: string[];
-};
-export {};
-//# sourceMappingURL=loader.d.ts.map

package/dist/policy/loader.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../src/policy/loader.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAInD,eAAO,MAAM,aAAa,aAexB,CAAC;AAEH,UAAU,gBAAgB;IACxB,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAyCD,wBAAgB,cAAc,CAAC,MAAM,EAAE,OAAO,GAAG,gBAAgB,CAyChE;AAED,wBAAgB,YAAY,CAAC,UAAU,EAAE,OAAO,EAAE,GAAG;IACnD,QAAQ,EAAE,YAAY,EAAE,CAAC;IACzB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB,CAkCA"}

package/dist/policy/loader.js

@@ -1,118 +0,0 @@
-// Policy loader — parses and validates policy definitions.
-// Pure domain logic. No DOM, no Node.js-specific APIs.
-//
-// Policy pack loading: see pack-loader.ts for extends/merge support.
-const VALID_EFFECTS = new Set(['allow', 'deny']);
-export const VALID_ACTIONS = new Set([
-    'file.write',
-    'file.delete',
-    'file.rename',
-    'shell.exec',
-    'git.push',
-    'git.force-push',
-    'git.branch.delete',
-    'git.commit',
-    'git.merge',
-    'config.modify',
-    'dependency.add',
-    'dependency.remove',
-    'deploy.trigger',
-    '*',
-]);
-function validateRule(rule) {
-    const errors = [];
-    if (!rule || typeof rule !== 'object') {
-        return { valid: false, errors: ['Rule must be a non-null object'] };
-    }
-    const r = rule;
-    if (!r.action) {
-        errors.push('Rule is missing required field: action');
-    }
-    else {
-        const actions = Array.isArray(r.action) ? r.action : [r.action];
-        for (const a of actions) {
-            if (typeof a !== 'string') {
-                errors.push(`Invalid action type: ${typeof a}`);
-            }
-        }
-    }
-    if (!r.effect) {
-        errors.push('Rule is missing required field: effect');
-    }
-    else if (!VALID_EFFECTS.has(r.effect)) {
-        errors.push(`Invalid effect: ${r.effect}. Must be "allow" or "deny"`);
-    }
-    if (r.conditions) {
-        if (typeof r.conditions !== 'object') {
-            errors.push('Conditions must be an object');
-        }
-        const conds = r.conditions;
-        if (conds.limit !== undefined && typeof conds.limit !== 'number') {
-            errors.push('Condition "limit" must be a number');
-        }
-    }
-    return { valid: errors.length === 0, errors };
-}
-export function validatePolicy(policy) {
-    const errors = [];
-    if (!policy || typeof policy !== 'object') {
-        return { valid: false, errors: ['Policy must be a non-null object'] };
-    }
-    const p = policy;
-    if (!p.id || typeof p.id !== 'string') {
-        errors.push('Policy is missing required field: id (string)');
-    }
-    if (!p.name || typeof p.name !== 'string') {
-        errors.push('Policy is missing required field: name (string)');
-    }
-    if (!Array.isArray(p.rules) || p.rules.length === 0) {
-        errors.push('Policy must have at least one rule');
-    }
-    else {
-        for (let i = 0; i < p.rules.length; i++) {
-            const result = validateRule(p.rules[i]);
-            if (!result.valid) {
-                for (const err of result.errors) {
-                    errors.push(`Rule[${i}]: ${err}`);
-                }
-            }
-        }
-    }
-    if (p.severity !== undefined) {
-        if (typeof p.severity !== 'number' ||
-            p.severity < 1 ||
-            p.severity > 5) {
-            errors.push('Severity must be a number between 1 and 5');
-        }
-    }
-    return { valid: errors.length === 0, errors };
-}
-export function loadPolicies(policyDefs) {
-    const policies = [];
-    const errors = [];
-    if (!Array.isArray(policyDefs)) {
-        return { policies: [], errors: ['Policy definitions must be an array'] };
-    }
-    const seenIds = new Set();
-    for (let i = 0; i < policyDefs.length; i++) {
-        const def = policyDefs[i];
-        const result = validatePolicy(def);
-        if (!result.valid) {
-            for (const err of result.errors) {
-                errors.push(`Policy[${i}]: ${err}`);
-            }
-            continue;
-        }
-        if (seenIds.has(def.id)) {
-            errors.push(`Policy[${i}]: Duplicate policy ID "${def.id}"`);
-            continue;
-        }
-        seenIds.add(def.id);
-        policies.push({
-            ...def,
-            severity: def.severity ?? 3,
-        });
-    }
-    return { policies, errors };
-}
-//# sourceMappingURL=loader.js.map

package/dist/policy/loader.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/policy/loader.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,uDAAuD;AACvD,EAAE;AACF,qEAAqE;AAIrE,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;AAEjD,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;IACnC,YAAY;IACZ,aAAa;IACb,aAAa;IACb,YAAY;IACZ,UAAU;IACV,gBAAgB;IAChB,mBAAmB;IACnB,YAAY;IACZ,WAAW;IACX,eAAe;IACf,gBAAgB;IAChB,mBAAmB;IACnB,gBAAgB;IAChB,GAAG;CACJ,CAAC,CAAC;AAOH,SAAS,YAAY,CAAC,IAAa;IACjC,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,gCAAgC,CAAC,EAAE,CAAC;IACtE,CAAC;IAED,MAAM,CAAC,GAAG,IAA+B,CAAC;IAE1C,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IACxD,CAAC;SAAM,CAAC;QACN,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAChE,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC1B,MAAM,CAAC,IAAI,CAAC,wBAAwB,OAAO,CAAC,EAAE,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IACxD,CAAC;SAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,MAAgB,CAAC,EAAE,CAAC;QAClD,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,MAAgB,6BAA6B,CAAC,CAAC;IAClF,CAAC;IAED,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC;QACjB,IAAI,OAAO,CAAC,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;YACrC,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;QACD,MAAM,KAAK,GAAG,CAAC,CAAC,UAAqC,CAAC;QACtD,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YACjE,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAAe;IAC5C,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC1C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,kCAAkC,CAAC,EAAE,CAAC;IACxE,CAAC;IAED,MAAM,CAAC,GAAG,MAAiC,CAAC;IAE5C,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,OAAO,CAAC,CAAC,EAAE,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;IACjE,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpD,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;IACpD,CAAC;SAAM,CAAC;QACN,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACxC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;oBAChC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;gBACpC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,CAAC,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC7B,IACE,OAAO,CAAC,CAAC,QAAQ,KAAK,QAAQ;YAC7B,CAAC,CAAC,QAAmB,GAAG,CAAC;YACzB,CAAC,CAAC,QAAmB,GAAG,CAAC,EAC1B,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,UAAqB;IAIhD,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,qCAAqC,CAAC,EAAE,CAAC;IAC3E,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAA4B,CAAC;QACrD,MAAM,MAAM,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;QAEnC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;YACtC,CAAC;YACD,SAAS;QACX,CAAC;QAED,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAY,CAAC,EAAE,CAAC;YAClC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,2BAA2B,GAAG,CAAC,EAAY,GAAG,CAAC,CAAC;YACvE,SAAS;QACX,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAY,CAAC,CAAC;QAC9B,QAAQ,CAAC,IAAI,CAAC;YACZ,GAAG,GAAG;YACN,QAAQ,EAAG,GAAG,CAAC,QAAmB,IAAI,CAAC;SACxB,CAAC,CAAC;IACrB,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;AAC9B,CAAC"}

package/dist/policy/pack-loader.d.ts

@@ -1,40 +0,0 @@
-import type { LoadedPolicy } from './evaluator.js';
-export interface PackResolutionResult {
-    policies: LoadedPolicy[];
-    errors: string[];
-}
-/**
- * Resolve a single pack reference to an absolute file path.
- *
- * Supports three reference styles:
- * 1. Relative path — `"./packs/strict"` or `"./packs/strict.yaml"`
- * 2. Absolute path — `"/home/user/packs/strict.yaml"`
- * 3. npm package — `"@agentguard/security-pack"` resolved from node_modules
- */
-export declare function resolvePackPath(ref: string, baseDir: string): string | null;
-/**
- * Load a single policy pack from a resolved file path.
- */
-export declare function loadPackFile(filePath: string): LoadedPolicy | null;
-/**
- * Resolve and load all policy packs from an `extends` list.
- *
- * @param extends_ - Array of pack references (paths or npm package names)
- * @param baseDir  - Directory to resolve relative paths from
- * @returns Loaded pack policies and any errors encountered
- */
-export declare function resolveExtends(extends_: string[], baseDir: string): PackResolutionResult;
-/**
- * Merge pack policies with a local policy.
- *
- * Precedence: local rules override pack rules. Within packs, earlier entries
- * in the `extends` list take precedence over later entries.
- *
- * The merge strategy is:
- * 1. Collect all rules from packs (in extends order)
- * 2. Append local rules (which take precedence during evaluation since
- *    the evaluator checks deny rules first, then allow rules)
- * 3. Return a single merged policy array
- */
-export declare function mergePolicies(localPolicy: LoadedPolicy, packPolicies: LoadedPolicy[]): LoadedPolicy[];
-//# sourceMappingURL=pack-loader.d.ts.map

package/dist/policy/pack-loader.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"pack-loader.d.ts","sourceRoot":"","sources":["../../src/policy/pack-loader.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,YAAY,EAAc,MAAM,gBAAgB,CAAC;AAa/D,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,YAAY,EAAE,CAAC;IACzB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAyC3E;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,YAAY,GAAG,IAAI,CAuBlE;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,GAAG,oBAAoB,CA8BxF;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,aAAa,CAC3B,WAAW,EAAE,YAAY,EACzB,YAAY,EAAE,YAAY,EAAE,GAC3B,YAAY,EAAE,CAIhB"}