@trigguard/cli 0.1.1

package/dist/commands/policy-distribution.js

@@ -0,0 +1,108 @@
+import { readFileSync } from "node:fs";
+import { activateBreakGlass, approvePolicyChangeRequest, authorizePolicyActivation, createPolicyChangeRequest, deactivateBreakGlass, finalizePolicyActivationGovernance, isBreakGlassActive, listPendingChanges, loadLocalPolicyState, loadPolicyManifest, rejectPolicyChangeRequest, setChangeWindow, syncPolicyBundle, verifyPolicyManifestSignature, } from "@trigguard/policy-engine";
+function usage() {
+    console.error("Usage:\n" +
+        "  trigguard policy sync <manifest.json> <bundle.json>\n" +
+        "  trigguard policy state\n" +
+        "  trigguard policy verify-manifest <manifest.json>\n" +
+        "  trigguard policy request-change <bundle.json>\n" +
+        "  trigguard policy approve <changeId> [approver]\n" +
+        "  trigguard policy reject <changeId> [actor]\n" +
+        "  trigguard policy set-window <start> <end>\n" +
+        "  trigguard policy break-glass <reason>\n" +
+        "  trigguard policy break-glass-end\n" +
+        "  trigguard policy pending");
+    process.exit(1);
+}
+export async function runPolicySync(argv) {
+    const manifestPath = argv[0];
+    const bundlePath = argv[1];
+    if (!manifestPath || !bundlePath)
+        usage();
+    const manifest = loadPolicyManifest(manifestPath);
+    const bundle = JSON.parse(readFileSync(bundlePath, "utf8"));
+    const actor = process.env.TRIGGUARD_OPERATOR || process.env.USER || "cli-operator";
+    const auth = authorizePolicyActivation(bundle.bundle_hash, actor);
+    if (!auth.ok) {
+        console.error(`POLICY_GOVERNANCE_VIOLATION: ${auth.detail ?? "policy activation blocked by governance"}`);
+        process.exitCode = 2;
+        return;
+    }
+    const out = syncPolicyBundle(manifest, bundle);
+    if (!out.ok) {
+        console.error(`Policy sync rejected: ${out.code} ${out.detail ? `(${out.detail})` : ""}`);
+        process.exitCode = 2;
+        return;
+    }
+    finalizePolicyActivationGovernance(bundle.bundle_hash, actor, auth);
+    console.log(`Policy synced: version=${manifest.version} bundle=${manifest.bundle_hash}`);
+}
+export async function runPolicyState() {
+    const s = loadLocalPolicyState();
+    if (!s) {
+        console.log("No local policy state.");
+        return;
+    }
+    console.log(JSON.stringify(s, null, 2));
+}
+export async function runPolicyVerifyManifest(argv) {
+    const manifestPath = argv[0];
+    if (!manifestPath)
+        usage();
+    const manifest = loadPolicyManifest(manifestPath);
+    const out = verifyPolicyManifestSignature(manifest);
+    if (!out.ok) {
+        console.error(`Manifest invalid: ${out.detail ?? "signature verification failed"}`);
+        process.exitCode = 2;
+        return;
+    }
+    console.log("Manifest signature valid.");
+}
+export async function runPolicyRequestChange(argv) {
+    const bundlePath = argv[0];
+    const author = argv[1] || process.env.USER || "unknown";
+    if (!bundlePath)
+        usage();
+    const bundle = JSON.parse(readFileSync(bundlePath, "utf8"));
+    const req = createPolicyChangeRequest(bundle.bundle_hash, author);
+    console.log(JSON.stringify(req, null, 2));
+}
+export async function runPolicyApprove(argv) {
+    const changeId = argv[0];
+    const approver = argv[1] || process.env.USER || "unknown";
+    if (!changeId)
+        usage();
+    const req = approvePolicyChangeRequest(changeId, approver);
+    console.log(JSON.stringify(req, null, 2));
+}
+export async function runPolicyReject(argv) {
+    const changeId = argv[0];
+    const actor = argv[1] || process.env.USER || "unknown";
+    if (!changeId)
+        usage();
+    const req = rejectPolicyChangeRequest(changeId, actor);
+    console.log(JSON.stringify(req, null, 2));
+}
+export async function runPolicySetWindow(argv) {
+    const start = argv[0];
+    const end = argv[1];
+    if (!start || !end)
+        usage();
+    setChangeWindow(start, end, process.env.USER || "unknown");
+    console.log("Policy change window set.");
+}
+export async function runPolicyBreakGlass(argv) {
+    const reason = argv.join(" ").trim();
+    if (!reason)
+        usage();
+    const out = activateBreakGlass(reason, process.env.USER || "unknown");
+    console.log(JSON.stringify({ break_glass_active: out.active, break_glass_expires: out.expires_at }, null, 2));
+}
+export async function runPolicyBreakGlassEnd() {
+    deactivateBreakGlass(process.env.USER || "unknown");
+    console.log(JSON.stringify({ break_glass_active: isBreakGlassActive() }, null, 2));
+}
+export async function runPolicyPending() {
+    const rows = listPendingChanges();
+    console.log(JSON.stringify({ pending_changes: rows }, null, 2));
+}

package/dist/commands/policy-runtime.d.ts

@@ -0,0 +1,4 @@
+export declare function runPolicyReload(argv: string[]): Promise<void>;
+export declare function runPolicyRuntimeRollback(): Promise<void>;
+export declare function runPolicyHistory(): Promise<void>;
+export declare function runPolicyActive(): Promise<void>;

package/dist/commands/policy-runtime.js

@@ -0,0 +1,61 @@
+import { readFileSync } from "node:fs";
+import { authorizePolicyActivation, finalizePolicyActivationGovernance, getActivePolicyRuntime, listPolicyHistory, loadPolicyManifest, reloadPolicyBundle, rollbackPolicy, } from "@trigguard/policy-engine";
+function usage() {
+    console.error("Usage:\n" +
+        "  trigguard policy reload <manifest.json> <bundle.json>\n" +
+        "  trigguard policy rollback\n" +
+        "  trigguard policy history\n" +
+        "  trigguard policy active");
+    process.exit(1);
+}
+export async function runPolicyReload(argv) {
+    const manifestPath = argv[0];
+    const bundlePath = argv[1];
+    if (!manifestPath || !bundlePath)
+        usage();
+    const manifest = loadPolicyManifest(manifestPath);
+    const bundle = JSON.parse(readFileSync(bundlePath, "utf8"));
+    const actor = process.env.TRIGGUARD_OPERATOR || process.env.USER || "cli-operator";
+    const auth = authorizePolicyActivation(bundle.bundle_hash, actor);
+    if (!auth.ok) {
+        console.error(`POLICY_GOVERNANCE_VIOLATION: ${auth.detail ?? "policy reload blocked by governance"}`);
+        process.exitCode = 2;
+        return;
+    }
+    const out = await reloadPolicyBundle(manifest, bundle);
+    if (!out.ok) {
+        const msg = out.detail ? `${out.code} (${out.detail})` : String(out.code);
+        console.error(`Policy reload failed: ${msg}`);
+        process.exitCode = 2;
+        return;
+    }
+    finalizePolicyActivationGovernance(bundle.bundle_hash, actor, auth);
+    console.log(`Policy reloaded: version=${manifest.version} bundle=${manifest.bundle_hash}`);
+}
+export async function runPolicyRuntimeRollback() {
+    const out = rollbackPolicy();
+    if (!out.ok) {
+        const msg = out.detail ? `${out.code} (${out.detail})` : String(out.code);
+        console.error(`Policy rollback failed: ${msg}`);
+        process.exitCode = 2;
+        return;
+    }
+    console.log(`Rolled back to bundle ${out.bundle?.bundle_hash ?? "(unknown)"}`);
+}
+export async function runPolicyHistory() {
+    const h = listPolicyHistory();
+    console.log(JSON.stringify({ history: h }, null, 2));
+}
+export async function runPolicyActive() {
+    const r = getActivePolicyRuntime();
+    if (!r) {
+        console.log("No active policy runtime (unconfigured or not hydrated).");
+        return;
+    }
+    console.log(JSON.stringify({
+        bundle_hash: r.bundle_hash,
+        version: r.version,
+        loaded_at: r.loaded_at,
+        policy_bundle: r.policy_bundle,
+    }, null, 2));
+}

package/dist/commands/policy.d.ts

@@ -0,0 +1 @@
+export declare function runPolicy(argv: string[]): Promise<void>;

package/dist/commands/policy.js

@@ -0,0 +1,123 @@
+import { runPolicyApprove, runPolicyBreakGlass, runPolicyBreakGlassEnd, runPolicyPending, runPolicyReject, runPolicyRequestChange, runPolicySetWindow, runPolicySync, runPolicyState, runPolicyVerifyManifest, } from "./policy-distribution.js";
+import { runPolicyActive, runPolicyHistory, runPolicyReload, runPolicyRuntimeRollback, } from "./policy-runtime.js";
+import { policyUsage, runPolicyActivate, runPolicyBuild, runPolicyLint, runPolicyPublish, runPolicyStackRollback, runPolicyStage, runPolicyPromote, runPolicyMetrics, runPolicySimulate, runPolicyTest, runPolicyValidate, runPolicyVersionBump, } from "./policyLifecycle.js";
+export async function runPolicy(argv) {
+    const cmd = argv[0];
+    const rest = argv.slice(1);
+    switch (cmd) {
+        case "lint":
+            if (!rest[0])
+                policyUsage();
+            await runPolicyLint(rest[0]);
+            return;
+        case "test":
+            if (!rest[0])
+                policyUsage();
+            await runPolicyTest(rest[0]);
+            return;
+        case "build":
+            if (!rest[0])
+                policyUsage();
+            await runPolicyBuild(rest[0]);
+            return;
+        case "simulate":
+            await runPolicySimulate(rest);
+            return;
+        case "publish":
+            if (!rest[0])
+                policyUsage();
+            await runPolicyPublish(rest[0]);
+            return;
+        case "activate":
+            if (!rest[0])
+                policyUsage();
+            await runPolicyActivate(rest[0]);
+            return;
+        case "rollback":
+            if (rest.length)
+                policyUsage();
+            await runPolicyRuntimeRollback();
+            return;
+        case "stack-rollback":
+            if (rest.length)
+                policyUsage();
+            await runPolicyStackRollback();
+            return;
+        case "reload":
+            await runPolicyReload(rest);
+            return;
+        case "history":
+            if (rest.length)
+                policyUsage();
+            await runPolicyHistory();
+            return;
+        case "active":
+            if (rest.length)
+                policyUsage();
+            await runPolicyActive();
+            return;
+        case "stage":
+            if (!rest[0])
+                policyUsage();
+            await runPolicyStage(rest[0]);
+            return;
+        case "promote":
+            if (rest.length)
+                policyUsage();
+            await runPolicyPromote();
+            return;
+        case "metrics":
+            if (rest.length)
+                policyUsage();
+            await runPolicyMetrics();
+            return;
+        case "validate":
+            if (!rest[0])
+                policyUsage();
+            await runPolicyValidate(rest[0]);
+            return;
+        case "version":
+            if (rest[0] !== "bump")
+                policyUsage();
+            await runPolicyVersionBump(rest.slice(1));
+            return;
+        case "sync":
+            await runPolicySync(rest);
+            return;
+        case "state":
+            if (rest.length)
+                policyUsage();
+            await runPolicyState();
+            return;
+        case "verify-manifest":
+            await runPolicyVerifyManifest(rest);
+            return;
+        case "request-change":
+            await runPolicyRequestChange(rest);
+            return;
+        case "approve":
+            await runPolicyApprove(rest);
+            return;
+        case "reject":
+            await runPolicyReject(rest);
+            return;
+        case "set-window":
+            await runPolicySetWindow(rest);
+            return;
+        case "break-glass":
+            await runPolicyBreakGlass(rest);
+            return;
+        case "break-glass-end":
+            if (rest.length)
+                policyUsage();
+            await runPolicyBreakGlassEnd();
+            return;
+        case "pending":
+            if (rest.length)
+                policyUsage();
+            await runPolicyPending();
+            return;
+        default:
+            policyUsage();
+    }
+}

package/dist/commands/policyLifecycle.d.ts

@@ -0,0 +1,13 @@
+export declare function policyUsage(): never;
+export declare function runPolicyLint(path: string): Promise<void>;
+export declare function runPolicyTest(path: string): Promise<void>;
+export declare function runPolicyBuild(path: string): Promise<void>;
+export declare function runPolicySimulate(rest: string[]): Promise<void>;
+export declare function runPolicyPublish(bundlePath: string): Promise<void>;
+export declare function runPolicyActivate(hashArg: string): Promise<void>;
+export declare function runPolicyStackRollback(): Promise<void>;
+export declare function runPolicyStage(bundleArg: string): Promise<void>;
+export declare function runPolicyPromote(): Promise<void>;
+export declare function runPolicyMetrics(): Promise<void>;
+export declare function runPolicyValidate(bundlePath: string): Promise<void>;
+export declare function runPolicyVersionBump(argv: string[]): Promise<void>;