@red-codes/policy 1.0.0

package/dist/pack-loader.js

@@ -0,0 +1,169 @@
+// Policy pack loader — resolves, loads, validates, and merges policy packs.
+// Supports local directory packs and npm-style package references.
+// Includes version compatibility checking for policy packs.
+//
+// A policy pack is a YAML or JSON policy file that can be referenced via the
+// `extends` key in a policy definition. Packs are loaded and their rules are
+// merged with the local policy, with local rules taking precedence.
+import { readFileSync, existsSync } from 'node:fs';
+import { resolve, join } from 'node:path';
+import { loadYamlPolicy } from './yaml-loader.js';
+import { validatePolicy } from './loader.js';
+import { parsePackReference, checkCompatibility, satisfiesRange } from './pack-version.js';
+/** Candidate filenames when resolving a pack directory */
+const PACK_MANIFEST_CANDIDATES = [
+    'agentguard-pack.yaml',
+    'agentguard-pack.yml',
+    'agentguard-pack.json',
+    'agentguard.yaml',
+    'agentguard.yml',
+];
+/**
+ * Resolve a single pack reference to an absolute file path.
+ *
+ * Supports three reference styles:
+ * 1. Relative path — `"./packs/strict"` or `"./packs/strict.yaml"`
+ * 2. Absolute path — `"/home/user/packs/strict.yaml"`
+ * 3. npm package — `"@agentguard/security-pack"` resolved from node_modules
+ *
+ * References may include a version constraint suffix (e.g., `"./pack@^1.2.0"`),
+ * which is stripped before path resolution.
+ */
+export function resolvePackPath(ref, baseDir) {
+    // 1. Direct file reference (relative or absolute)
+    const directPath = resolve(baseDir, ref);
+    if (existsSync(directPath)) {
+        // If it's a file, use it directly
+        if (directPath.endsWith('.yaml') ||
+            directPath.endsWith('.yml') ||
+            directPath.endsWith('.json')) {
+            return directPath;
+        }
+        // If it's a directory, look for manifest files
+        for (const candidate of PACK_MANIFEST_CANDIDATES) {
+            const candidatePath = join(directPath, candidate);
+            if (existsSync(candidatePath)) {
+                return candidatePath;
+            }
+        }
+    }
+    // Try with common extensions if the direct path didn't work
+    for (const ext of ['.yaml', '.yml', '.json']) {
+        const withExt = directPath + ext;
+        if (existsSync(withExt)) {
+            return withExt;
+        }
+    }
+    // 2. npm package reference — search node_modules
+    const nodeModulesPath = join(baseDir, 'node_modules', ref);
+    if (existsSync(nodeModulesPath)) {
+        for (const candidate of PACK_MANIFEST_CANDIDATES) {
+            const candidatePath = join(nodeModulesPath, candidate);
+            if (existsSync(candidatePath)) {
+                return candidatePath;
+            }
+        }
+    }
+    return null;
+}
+/**
+ * Load a single policy pack from a resolved file path.
+ */
+export function loadPackFile(filePath) {
+    const content = readFileSync(filePath, 'utf8');
+    if (filePath.endsWith('.yaml') || filePath.endsWith('.yml')) {
+        return loadYamlPolicy(content, `pack:${filePath}`);
+    }
+    try {
+        const parsed = JSON.parse(content);
+        const result = validatePolicy(parsed);
+        if (!result.valid) {
+            return null;
+        }
+        return {
+            id: parsed.id || `pack:${filePath}`,
+            name: parsed.name || 'JSON Pack',
+            description: parsed.description,
+            rules: parsed.rules,
+            severity: parsed.severity ?? 3,
+            version: parsed.version,
+            agentguardVersion: parsed.agentguardVersion,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Resolve and load all policy packs from an `extends` list.
+ *
+ * @param extends_ - Array of pack references (paths, npm package names, or versioned refs like "pack@^1.0.0")
+ * @param baseDir  - Directory to resolve relative paths from
+ * @param options  - Optional settings including the current AgentGuard version for compatibility checks
+ * @returns Loaded pack policies, errors, and version warnings
+ */
+export function resolveExtends(extends_, baseDir, options) {
+    const policies = [];
+    const errors = [];
+    const warnings = [];
+    const seenIds = new Set();
+    for (const rawRef of extends_) {
+        const { ref, versionConstraint } = parsePackReference(rawRef);
+        const resolvedPath = resolvePackPath(ref, baseDir);
+        if (!resolvedPath) {
+            errors.push(`Pack not found: "${ref}" (searched from ${baseDir})`);
+            continue;
+        }
+        const pack = loadPackFile(resolvedPath);
+        if (!pack) {
+            errors.push(`Failed to load pack: "${ref}" (${resolvedPath})`);
+            continue;
+        }
+        if (seenIds.has(pack.id)) {
+            errors.push(`Duplicate pack ID: "${pack.id}" from "${ref}"`);
+            continue;
+        }
+        // Check version pin constraint (from extends reference like "pack@^1.2.0")
+        if (versionConstraint) {
+            if (pack.version) {
+                if (!satisfiesRange(pack.version, versionConstraint)) {
+                    warnings.push(`Pack "${pack.id}" version ${pack.version} does not satisfy ` +
+                        `pinned constraint ${versionConstraint} (from "${rawRef}")`);
+                }
+            }
+            else {
+                warnings.push(`Pack "${pack.id}" has no version field but version pin ` +
+                    `${versionConstraint} was requested (from "${rawRef}")`);
+            }
+        }
+        // Check AgentGuard version compatibility
+        if (pack.agentguardVersion && options?.currentAgentguardVersion) {
+            const compat = checkCompatibility(pack.agentguardVersion, options.currentAgentguardVersion);
+            if (!compat.compatible) {
+                errors.push(`Pack "${pack.id}" is incompatible: ${compat.reason}`);
+                continue;
+            }
+        }
+        seenIds.add(pack.id);
+        policies.push(pack);
+    }
+    return { policies, errors, warnings };
+}
+/**
+ * Merge pack policies with a local policy.
+ *
+ * Precedence: local rules override pack rules. Within packs, earlier entries
+ * in the `extends` list take precedence over later entries.
+ *
+ * The merge strategy is:
+ * 1. Collect all rules from packs (in extends order)
+ * 2. Append local rules (which take precedence during evaluation since
+ *    the evaluator checks deny rules first, then allow rules)
+ * 3. Return a single merged policy array
+ */
+export function mergePolicies(localPolicy, packPolicies) {
+    // Pack policies come first (lower precedence in evaluation order)
+    // Local policy comes last (highest precedence)
+    return [...packPolicies, localPolicy];
+}
+//# sourceMappingURL=pack-loader.js.map

package/dist/pack-loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pack-loader.js","sourceRoot":"","sources":["../src/pack-loader.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,mEAAmE;AACnE,4DAA4D;AAC5D,EAAE;AACF,6EAA6E;AAC7E,6EAA6E;AAC7E,oEAAoE;AAEpE,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAE3F,0DAA0D;AAC1D,MAAM,wBAAwB,GAAG;IAC/B,sBAAsB;IACtB,qBAAqB;IACrB,sBAAsB;IACtB,iBAAiB;IACjB,gBAAgB;CACjB,CAAC;AAeF;;;;;;;;;;GAUG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW,EAAE,OAAe;IAC1D,kDAAkD;IAClD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACzC,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,kCAAkC;QAClC,IACE,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;YAC5B,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC3B,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,EAC5B,CAAC;YACD,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,+CAA+C;QAC/C,KAAK,MAAM,SAAS,IAAI,wBAAwB,EAAE,CAAC;YACjD,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;YAClD,IAAI,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;gBAC9B,OAAO,aAAa,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,KAAK,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAG,UAAU,GAAG,GAAG,CAAC;QACjC,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACxB,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,EAAE,cAAc,EAAE,GAAG,CAAC,CAAC;IAC3D,IAAI,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QAChC,KAAK,MAAM,SAAS,IAAI,wBAAwB,EAAE,CAAC;YACjD,MAAM,aAAa,GAAG,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;YACvD,IAAI,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;gBAC9B,OAAO,aAAa,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAE/C,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC5D,OAAO,cAAc,CAAC,OAAO,EAAE,QAAQ,QAAQ,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA4B,CAAC;QAC9D,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACtC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO;YACL,EAAE,EAAG,MAAM,CAAC,EAAa,IAAI,QAAQ,QAAQ,EAAE;YAC/C,IAAI,EAAG,MAAM,CAAC,IAAe,IAAI,WAAW;YAC5C,WAAW,EAAE,MAAM,CAAC,WAAiC;YACrD,KAAK,EAAE,MAAM,CAAC,KAAqB;YACnC,QAAQ,EAAG,MAAM,CAAC,QAAmB,IAAI,CAAC;YAC1C,OAAO,EAAE,MAAM,CAAC,OAA6B;YAC7C,iBAAiB,EAAE,MAAM,CAAC,iBAAuC;SAClE,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAC5B,QAAkB,EAClB,OAAe,EACf,OAAyB;IAEzB,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAElC,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;QAC9B,MAAM,EAAE,GAAG,EAAE,iBAAiB,EAAE,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAG,eAAe,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAEnD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,CAAC,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,OAAO,GAAG,CAAC,CAAC;YACnE,SAAS;QACX,CAAC;QAED,MAAM,IAAI,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;QAExC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,CAAC,IAAI,CAAC,yBAAyB,GAAG,MAAM,YAAY,GAAG,CAAC,CAAC;YAC/D,SAAS;QACX,CAAC;QAED,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,uBAAuB,IAAI,CAAC,EAAE,WAAW,GAAG,GAAG,CAAC,CAAC;YAC7D,SAAS;QACX,CAAC;QAED,2EAA2E;QAC3E,IAAI,iBAAiB,EAAE,CAAC;YACtB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,EAAE,CAAC;oBACrD,QAAQ,CAAC,IAAI,CACX,SAAS,IAAI,CAAC,EAAE,aAAa,IAAI,CAAC,OAAO,oBAAoB;wBAC3D,qBAAqB,iBAAiB,WAAW,MAAM,IAAI,CAC9D,CAAC;gBACJ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,IAAI,CACX,SAAS,IAAI,CAAC,EAAE,yCAAyC;oBACvD,GAAG,iBAAiB,yBAAyB,MAAM,IAAI,CAC1D,CAAC;YACJ,CAAC;QACH,CAAC;QAED,yCAAyC;QACzC,IAAI,IAAI,CAAC,iBAAiB,IAAI,OAAO,EAAE,wBAAwB,EAAE,CAAC;YAChE,MAAM,MAAM,GAAG,kBAAkB,CAAC,IAAI,CAAC,iBAAiB,EAAE,OAAO,CAAC,wBAAwB,CAAC,CAAC;YAC5F,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;gBACvB,MAAM,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,EAAE,sBAAsB,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;gBACnE,SAAS;YACX,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACrB,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;AACxC,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,aAAa,CAC3B,WAAyB,EACzB,YAA4B;IAE5B,kEAAkE;IAClE,+CAA+C;IAC/C,OAAO,CAAC,GAAG,YAAY,EAAE,WAAW,CAAC,CAAC;AACxC,CAAC"}

package/dist/pack-version.d.ts

@@ -0,0 +1,51 @@
+export interface SemVer {
+    major: number;
+    minor: number;
+    patch: number;
+}
+export interface CompatibilityResult {
+    compatible: boolean;
+    reason?: string;
+}
+export interface ParsedPackReference {
+    ref: string;
+    versionConstraint?: string;
+}
+/**
+ * Parse a semver string into its components.
+ * Returns null if the string is not a valid semver.
+ */
+export declare function parseSemver(version: string): SemVer | null;
+/**
+ * Compare two semver versions.
+ * Returns -1 if a < b, 0 if a === b, 1 if a > b.
+ */
+export declare function compareSemver(a: SemVer, b: SemVer): -1 | 0 | 1;
+/**
+ * Check if a version satisfies a version range.
+ *
+ * Supported range formats:
+ * - Exact: `"1.2.3"` — must match exactly
+ * - Greater-or-equal: `">=1.2.3"` — version must be >= range
+ * - Caret: `"^1.2.3"` — compatible with (same major, >= minor.patch)
+ * - Tilde: `"~1.2.3"` — reasonably close (same major.minor, >= patch)
+ */
+export declare function satisfiesRange(version: string, range: string): boolean;
+/**
+ * Check if a policy pack is compatible with the current AgentGuard version.
+ *
+ * @param packAgentguardVersion — the `agentguardVersion` range from the pack (e.g., ">=2.0.0")
+ * @param currentVersion — the running AgentGuard version (e.g., "2.2.0")
+ */
+export declare function checkCompatibility(packAgentguardVersion: string, currentVersion: string): CompatibilityResult;
+/**
+ * Parse a pack reference that may include a version constraint.
+ *
+ * Supports `"pack-name@^1.2.0"` syntax where the `@version` suffix
+ * specifies a version pin for the pack's own version.
+ *
+ * Scoped npm packages (e.g., `@agentguard/security-pack@^1.0.0`) are
+ * handled by splitting on the last `@`.
+ */
+export declare function parsePackReference(ref: string): ParsedPackReference;
+//# sourceMappingURL=pack-version.d.ts.map

package/dist/pack-version.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pack-version.d.ts","sourceRoot":"","sources":["../src/pack-version.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,MAAM;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,OAAO,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAID;;;GAGG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAQ1D;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAK9D;AAED;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAoCtE;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAChC,qBAAqB,EAAE,MAAM,EAC7B,cAAc,EAAE,MAAM,GACrB,mBAAmB,CAgBrB;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,mBAAmB,CAoBnE"}

package/dist/pack-version.js

@@ -0,0 +1,129 @@
+// Policy pack versioning — semver parsing, range checking, and compatibility validation.
+// Zero external dependencies. Supports the subset of semver needed for policy packs.
+const SEMVER_REGEX = /^(\d+)\.(\d+)\.(\d+)$/;
+/**
+ * Parse a semver string into its components.
+ * Returns null if the string is not a valid semver.
+ */
+export function parseSemver(version) {
+    const match = version.trim().match(SEMVER_REGEX);
+    if (!match)
+        return null;
+    return {
+        major: parseInt(match[1], 10),
+        minor: parseInt(match[2], 10),
+        patch: parseInt(match[3], 10),
+    };
+}
+/**
+ * Compare two semver versions.
+ * Returns -1 if a < b, 0 if a === b, 1 if a > b.
+ */
+export function compareSemver(a, b) {
+    if (a.major !== b.major)
+        return a.major < b.major ? -1 : 1;
+    if (a.minor !== b.minor)
+        return a.minor < b.minor ? -1 : 1;
+    if (a.patch !== b.patch)
+        return a.patch < b.patch ? -1 : 1;
+    return 0;
+}
+/**
+ * Check if a version satisfies a version range.
+ *
+ * Supported range formats:
+ * - Exact: `"1.2.3"` — must match exactly
+ * - Greater-or-equal: `">=1.2.3"` — version must be >= range
+ * - Caret: `"^1.2.3"` — compatible with (same major, >= minor.patch)
+ * - Tilde: `"~1.2.3"` — reasonably close (same major.minor, >= patch)
+ */
+export function satisfiesRange(version, range) {
+    const trimmed = range.trim();
+    if (trimmed.startsWith('>=')) {
+        const rangeVer = parseSemver(trimmed.slice(2));
+        const ver = parseSemver(version);
+        if (!rangeVer || !ver)
+            return false;
+        return compareSemver(ver, rangeVer) >= 0;
+    }
+    if (trimmed.startsWith('^')) {
+        const rangeVer = parseSemver(trimmed.slice(1));
+        const ver = parseSemver(version);
+        if (!rangeVer || !ver)
+            return false;
+        // Same major, >= minor.patch
+        if (ver.major !== rangeVer.major)
+            return false;
+        if (ver.minor > rangeVer.minor)
+            return true;
+        if (ver.minor === rangeVer.minor)
+            return ver.patch >= rangeVer.patch;
+        return false;
+    }
+    if (trimmed.startsWith('~')) {
+        const rangeVer = parseSemver(trimmed.slice(1));
+        const ver = parseSemver(version);
+        if (!rangeVer || !ver)
+            return false;
+        // Same major.minor, >= patch
+        if (ver.major !== rangeVer.major)
+            return false;
+        if (ver.minor !== rangeVer.minor)
+            return false;
+        return ver.patch >= rangeVer.patch;
+    }
+    // Exact match
+    const rangeVer = parseSemver(trimmed);
+    const ver = parseSemver(version);
+    if (!rangeVer || !ver)
+        return false;
+    return compareSemver(ver, rangeVer) === 0;
+}
+/**
+ * Check if a policy pack is compatible with the current AgentGuard version.
+ *
+ * @param packAgentguardVersion — the `agentguardVersion` range from the pack (e.g., ">=2.0.0")
+ * @param currentVersion — the running AgentGuard version (e.g., "2.2.0")
+ */
+export function checkCompatibility(packAgentguardVersion, currentVersion) {
+    const current = parseSemver(currentVersion);
+    if (!current) {
+        return { compatible: true, reason: `Cannot parse current version "${currentVersion}"` };
+    }
+    if (!satisfiesRange(currentVersion, packAgentguardVersion)) {
+        return {
+            compatible: false,
+            reason: `Pack requires AgentGuard ${packAgentguardVersion} ` +
+                `but current version is ${currentVersion}`,
+        };
+    }
+    return { compatible: true };
+}
+/**
+ * Parse a pack reference that may include a version constraint.
+ *
+ * Supports `"pack-name@^1.2.0"` syntax where the `@version` suffix
+ * specifies a version pin for the pack's own version.
+ *
+ * Scoped npm packages (e.g., `@agentguard/security-pack@^1.0.0`) are
+ * handled by splitting on the last `@`.
+ */
+export function parsePackReference(ref) {
+    // Find the last '@' that is not at position 0 (scoped packages start with @)
+    const lastAt = ref.lastIndexOf('@');
+    if (lastAt <= 0) {
+        // No version constraint, or the only @ is the scope prefix
+        return { ref };
+    }
+    const possibleVersion = ref.slice(lastAt + 1);
+    // Check if what follows the @ looks like a version constraint
+    if (/^[~^>=]*\d/.test(possibleVersion)) {
+        return {
+            ref: ref.slice(0, lastAt),
+            versionConstraint: possibleVersion,
+        };
+    }
+    // Not a version constraint (e.g., just part of a package name)
+    return { ref };
+}
+//# sourceMappingURL=pack-version.js.map

package/dist/pack-version.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pack-version.js","sourceRoot":"","sources":["../src/pack-version.ts"],"names":[],"mappings":"AAAA,yFAAyF;AACzF,qFAAqF;AAkBrF,MAAM,YAAY,GAAG,uBAAuB,CAAC;AAE7C;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,OAAe;IACzC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IACjD,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,OAAO;QACL,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QAC7B,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QAC7B,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;KAC9B,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,CAAS,EAAE,CAAS;IAChD,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK;QAAE,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK;QAAE,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK;QAAE,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,cAAc,CAAC,OAAe,EAAE,KAAa;IAC3D,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAE7B,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,MAAM,GAAG,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;QACjC,IAAI,CAAC,QAAQ,IAAI,CAAC,GAAG;YAAE,OAAO,KAAK,CAAC;QACpC,OAAO,aAAa,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC;IAED,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,MAAM,GAAG,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;QACjC,IAAI,CAAC,QAAQ,IAAI,CAAC,GAAG;YAAE,OAAO,KAAK,CAAC;QACpC,6BAA6B;QAC7B,IAAI,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;QAC/C,IAAI,GAAG,CAAC,KAAK,GAAG,QAAQ,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAC5C,IAAI,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,KAAK;YAAE,OAAO,GAAG,CAAC,KAAK,IAAI,QAAQ,CAAC,KAAK,CAAC;QACrE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,MAAM,GAAG,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;QACjC,IAAI,CAAC,QAAQ,IAAI,CAAC,GAAG;YAAE,OAAO,KAAK,CAAC;QACpC,6BAA6B;QAC7B,IAAI,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;QAC/C,IAAI,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;QAC/C,OAAO,GAAG,CAAC,KAAK,IAAI,QAAQ,CAAC,KAAK,CAAC;IACrC,CAAC;IAED,cAAc;IACd,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IACjC,IAAI,CAAC,QAAQ,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACpC,OAAO,aAAa,CAAC,GAAG,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC5C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAChC,qBAA6B,EAC7B,cAAsB;IAEtB,MAAM,OAAO,GAAG,WAAW,CAAC,cAAc,CAAC,CAAC;IAC5C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,iCAAiC,cAAc,GAAG,EAAE,CAAC;IAC1F,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,qBAAqB,CAAC,EAAE,CAAC;QAC3D,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,MAAM,EACJ,4BAA4B,qBAAqB,GAAG;gBACpD,0BAA0B,cAAc,EAAE;SAC7C,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;AAC9B,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,6EAA6E;IAC7E,MAAM,MAAM,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IAEpC,IAAI,MAAM,IAAI,CAAC,EAAE,CAAC;QAChB,2DAA2D;QAC3D,OAAO,EAAE,GAAG,EAAE,CAAC;IACjB,CAAC;IAED,MAAM,eAAe,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC9C,8DAA8D;IAC9D,IAAI,YAAY,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;QACvC,OAAO;YACL,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC;YACzB,iBAAiB,EAAE,eAAe;SACnC,CAAC;IACJ,CAAC;IAED,+DAA+D;IAC/D,OAAO,EAAE,GAAG,EAAE,CAAC;AACjB,CAAC"}

package/dist/policy-trust.d.ts

@@ -0,0 +1,38 @@
+export type RiskLevel = 'danger' | 'warning' | 'info';
+export interface RiskFlag {
+    level: RiskLevel;
+    message: string;
+    pattern: string;
+}
+export type TrustClass = 'implicitly_trusted' | 'trust_gated';
+export interface PolicyTrustResult {
+    trustClass: TrustClass;
+    status: 'trusted' | 'untrusted' | 'content_changed';
+    riskFlags: RiskFlag[];
+}
+/**
+ * Pure function. Regex-based pattern matching on policy YAML content to detect
+ * risky configurations. Returns an array of risk flags (empty for safe policies).
+ */
+export declare function analyzePolicyRisk(content: string): RiskFlag[];
+/**
+ * Pure function. Determines trust classification based on path location.
+ * - Home dir paths → implicitly_trusted
+ * - Explicit CLI flag (--policy) → implicitly_trusted
+ * - Project-local files → trust_gated
+ */
+export declare function classifyPolicyLocation(policyPath: string, options?: {
+    isExplicitCliFlag?: boolean;
+}): TrustClass;
+/**
+ * Non-interactive trust gate. Reads trust store + file hash.
+ * No stdin/stdout prompts — interactive prompting lives in the CLI trust command.
+ *
+ * 1. Classify location → if implicitly_trusted, return early with status: 'trusted'
+ * 2. If trust_gated, check trust store via verifyTrust() from @red-codes/core
+ * 3. CI override: if isCiTrustOverride() returns true, treat as 'trusted'
+ */
+export declare function verifyPolicyTrust(policyPath: string, options?: {
+    isExplicitCliFlag?: boolean;
+}): Promise<PolicyTrustResult>;
+//# sourceMappingURL=policy-trust.d.ts.map

package/dist/policy-trust.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-trust.d.ts","sourceRoot":"","sources":["../src/policy-trust.ts"],"names":[],"mappings":"AAQA,MAAM,MAAM,SAAS,GAAG,QAAQ,GAAG,SAAS,GAAG,MAAM,CAAC;AAEtD,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,SAAS,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,MAAM,UAAU,GAAG,oBAAoB,GAAG,aAAa,CAAC;AAE9D,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,UAAU,CAAC;IACvB,MAAM,EAAE,SAAS,GAAG,WAAW,GAAG,iBAAiB,CAAC;IACpD,SAAS,EAAE,QAAQ,EAAE,CAAC;CACvB;AA+DD;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,QAAQ,EAAE,CAW7D;AAMD;;;;;GAKG;AACH,wBAAgB,sBAAsB,CACpC,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;IAAE,iBAAiB,CAAC,EAAE,OAAO,CAAA;CAAE,GACxC,UAAU,CAUZ;AAMD;;;;;;;GAOG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;IAAE,iBAAiB,CAAC,EAAE,OAAO,CAAA;CAAE,GACxC,OAAO,CAAC,iBAAiB,CAAC,CAyB5B"}

package/dist/policy-trust.js

@@ -0,0 +1,119 @@
+// Policy trust verification with risk analysis.
+// Non-interactive — no stdin/stdout prompts.
+// Interactive prompting lives in the CLI trust command.
+import { readFileSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { verifyTrust, isCiTrustOverride } from '@red-codes/core';
+const RISK_PATTERNS = [
+    {
+        level: 'danger',
+        regex: /allow\s*:\s*["']?\*["']?/,
+        message: 'Wildcard allow detected — all actions will be permitted',
+        patternStr: 'allow: "*"',
+    },
+    {
+        level: 'danger',
+        regex: /(?:secret_exposure|protected_branches|blast_radius|test_before_push|no_force_push)\s*:\s*false/,
+        message: 'Disabled security invariant detected',
+        patternStr: '<invariant>: false',
+    },
+    {
+        level: 'danger',
+        regex: /enabled\s*:\s*false/,
+        message: 'Invariant explicitly disabled via enabled: false',
+        patternStr: 'enabled: false',
+    },
+    {
+        level: 'warning',
+        regex: /scope\s*:\s*["']?\*\*["']?/,
+        message: 'Broad scope pattern "**" matches all paths',
+        patternStr: 'scope: "**"',
+    },
+    {
+        level: 'warning',
+        regex: /files\s*:\s*\[["']?\*\*["']?\]/,
+        message: 'Broad files pattern ["**"] matches all files',
+        patternStr: 'files: ["**"]',
+    },
+    {
+        level: 'warning',
+        regex: /lockdownThreshold\s*:\s*(\d+)/,
+        message: 'High lockdown threshold — escalation to LOCKDOWN will be delayed',
+        patternStr: 'lockdownThreshold: >20',
+        customCheck: (content) => {
+            const match = /lockdownThreshold\s*:\s*(\d+)/.exec(content);
+            if (!match)
+                return false;
+            return parseInt(match[1], 10) > 20;
+        },
+    },
+];
+// ---------------------------------------------------------------------------
+// analyzePolicyRisk
+// ---------------------------------------------------------------------------
+/**
+ * Pure function. Regex-based pattern matching on policy YAML content to detect
+ * risky configurations. Returns an array of risk flags (empty for safe policies).
+ */
+export function analyzePolicyRisk(content) {
+    const flags = [];
+    for (const rp of RISK_PATTERNS) {
+        const matched = rp.customCheck ? rp.customCheck(content) : rp.regex.test(content);
+        if (matched) {
+            flags.push({ level: rp.level, message: rp.message, pattern: rp.patternStr });
+        }
+    }
+    return flags;
+}
+// ---------------------------------------------------------------------------
+// classifyPolicyLocation
+// ---------------------------------------------------------------------------
+/**
+ * Pure function. Determines trust classification based on path location.
+ * - Home dir paths → implicitly_trusted
+ * - Explicit CLI flag (--policy) → implicitly_trusted
+ * - Project-local files → trust_gated
+ */
+export function classifyPolicyLocation(policyPath, options) {
+    if (options?.isExplicitCliFlag)
+        return 'implicitly_trusted';
+    const home = homedir();
+    if (policyPath.startsWith('~') || policyPath.startsWith('$HOME') || policyPath.startsWith(home)) {
+        return 'implicitly_trusted';
+    }
+    return 'trust_gated';
+}
+// ---------------------------------------------------------------------------
+// verifyPolicyTrust
+// ---------------------------------------------------------------------------
+/**
+ * Non-interactive trust gate. Reads trust store + file hash.
+ * No stdin/stdout prompts — interactive prompting lives in the CLI trust command.
+ *
+ * 1. Classify location → if implicitly_trusted, return early with status: 'trusted'
+ * 2. If trust_gated, check trust store via verifyTrust() from @red-codes/core
+ * 3. CI override: if isCiTrustOverride() returns true, treat as 'trusted'
+ */
+export async function verifyPolicyTrust(policyPath, options) {
+    const trustClass = classifyPolicyLocation(policyPath, options);
+    // Read file content for risk analysis
+    let content = '';
+    try {
+        content = readFileSync(policyPath, 'utf8');
+    }
+    catch {
+        // If file can't be read, proceed without risk analysis
+    }
+    const riskFlags = analyzePolicyRisk(content);
+    if (trustClass === 'implicitly_trusted') {
+        return { trustClass, status: 'trusted', riskFlags };
+    }
+    // CI override: treat project-local policy as trusted in CI environments
+    if (isCiTrustOverride()) {
+        return { trustClass, status: 'trusted', riskFlags };
+    }
+    // Delegate to trust store for trust-gated locations
+    const storeStatus = await verifyTrust(policyPath);
+    return { trustClass, status: storeStatus, riskFlags };
+}
+//# sourceMappingURL=policy-trust.js.map

package/dist/policy-trust.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-trust.js","sourceRoot":"","sources":["../src/policy-trust.ts"],"names":[],"mappings":"AAAA,gDAAgD;AAChD,6CAA6C;AAC7C,wDAAwD;AAExD,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AA8BjE,MAAM,aAAa,GAAkB;IACnC;QACE,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,0BAA0B;QACjC,OAAO,EAAE,yDAAyD;QAClE,UAAU,EAAE,YAAY;KACzB;IACD;QACE,KAAK,EAAE,QAAQ;QACf,KAAK,EACH,gGAAgG;QAClG,OAAO,EAAE,sCAAsC;QAC/C,UAAU,EAAE,oBAAoB;KACjC;IACD;QACE,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,qBAAqB;QAC5B,OAAO,EAAE,kDAAkD;QAC3D,UAAU,EAAE,gBAAgB;KAC7B;IACD;QACE,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,4BAA4B;QACnC,OAAO,EAAE,4CAA4C;QACrD,UAAU,EAAE,aAAa;KAC1B;IACD;QACE,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,gCAAgC;QACvC,OAAO,EAAE,8CAA8C;QACvD,UAAU,EAAE,eAAe;KAC5B;IACD;QACE,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,+BAA+B;QACtC,OAAO,EAAE,kEAAkE;QAC3E,UAAU,EAAE,wBAAwB;QACpC,WAAW,EAAE,CAAC,OAAe,EAAW,EAAE;YACxC,MAAM,KAAK,GAAG,+BAA+B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC5D,IAAI,CAAC,KAAK;gBAAE,OAAO,KAAK,CAAC;YACzB,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC;QACrC,CAAC;KACF;CACF,CAAC;AAEF,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,MAAM,KAAK,GAAe,EAAE,CAAC;IAE7B,KAAK,MAAM,EAAE,IAAI,aAAa,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClF,IAAI,OAAO,EAAE,CAAC;YACZ,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,UAAU,EAAE,CAAC,CAAC;QAC/E,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,yBAAyB;AACzB,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CACpC,UAAkB,EAClB,OAAyC;IAEzC,IAAI,OAAO,EAAE,iBAAiB;QAAE,OAAO,oBAAoB,CAAC;IAE5D,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IAEvB,IAAI,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAChG,OAAO,oBAAoB,CAAC;IAC9B,CAAC;IAED,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,UAAkB,EAClB,OAAyC;IAEzC,MAAM,UAAU,GAAG,sBAAsB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAE/D,sCAAsC;IACtC,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,IAAI,CAAC;QACH,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,uDAAuD;IACzD,CAAC;IAED,MAAM,SAAS,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAE7C,IAAI,UAAU,KAAK,oBAAoB,EAAE,CAAC;QACxC,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;IACtD,CAAC;IAED,wEAAwE;IACxE,IAAI,iBAAiB,EAAE,EAAE,CAAC;QACxB,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;IACtD,CAAC;IAED,oDAAoD;IACpD,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,CAAC;IAClD,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC;AACxD,CAAC"}

package/dist/yaml-loader.d.ts

@@ -0,0 +1,53 @@
+import type { LoadedPolicy, PersonaCondition, ForecastCondition } from './evaluator.js';
+import type { AgentPersona } from '@red-codes/core';
+export interface YamlPersonaDef {
+    model?: string;
+    provider?: string;
+    runtime?: string;
+    version?: string;
+    trustTier?: string;
+    autonomy?: string;
+    riskTolerance?: string;
+    role?: string;
+    tags?: string[];
+}
+export interface YamlPolicyDef {
+    id?: string;
+    name?: string;
+    description?: string;
+    severity?: number;
+    version?: string;
+    agentguardVersion?: string;
+    extends?: string[];
+    persona?: YamlPersonaDef;
+    rules?: YamlRule[];
+    /** Kernel invariant IDs to disable (human-operator override) */
+    disabledInvariants?: string[];
+    /** Top-level enforcement mode: 'monitor' (warn) or 'enforce' (block) */
+    mode?: 'monitor' | 'enforce';
+    /** Named policy pack to apply (e.g., 'essentials', 'strict') */
+    pack?: string;
+    /** Per-invariant mode overrides: invariant ID → 'monitor' | 'enforce' */
+    invariantModes?: Record<string, 'monitor' | 'enforce'>;
+}
+interface YamlRule {
+    action?: string | string[];
+    effect?: string;
+    target?: string;
+    branches?: string[];
+    reason?: string;
+    limit?: number;
+    requireTests?: boolean;
+    requireFormat?: boolean;
+    requireWorktree?: boolean;
+    persona?: PersonaCondition;
+    intervention?: string;
+    forecast?: ForecastCondition;
+}
+export declare function parseYamlPolicy(yaml: string): YamlPolicyDef;
+/** Convert a YamlPersonaDef to an AgentPersona (for policy defaults). */
+export declare function yamlPersonaToAgentPersona(def: YamlPersonaDef): AgentPersona;
+export declare function loadYamlPolicy(yaml: string, defaultId?: string): LoadedPolicy;
+export declare function loadYamlPolicies(yaml: string): LoadedPolicy[];
+export {};
+//# sourceMappingURL=yaml-loader.d.ts.map

package/dist/yaml-loader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"yaml-loader.d.ts","sourceRoot":"","sources":["../src/yaml-loader.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAc,YAAY,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACpG,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAEpD,MAAM,WAAW,cAAc;IAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,cAAc,CAAC;IACzB,KAAK,CAAC,EAAE,QAAQ,EAAE,CAAC;IACnB,gEAAgE;IAChE,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,wEAAwE;IACxE,IAAI,CAAC,EAAE,SAAS,GAAG,SAAS,CAAC;IAC7B,gEAAgE;IAChE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,yEAAyE;IACzE,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,GAAG,SAAS,CAAC,CAAC;CACxD;AAED,UAAU,QAAQ;IAChB,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,OAAO,CAAC,EAAE,gBAAgB,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,iBAAiB,CAAC;CAC9B;AAiJD,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,aAAa,CA6Q3D;AAgHD,yEAAyE;AACzE,wBAAgB,yBAAyB,CAAC,GAAG,EAAE,cAAc,GAAG,YAAY,CAiB3E;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,YAAY,CA0C7E;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,YAAY,EAAE,CAE7D"}