@vybestack/llxprt-code-core 0.5.0-nightly.251121.9dcb43714 → 0.5.0-nightly.251121.cbc3e5b17

package/dist/src/policy/policies/write.toml

@@ -0,0 +1,69 @@
+# Default write tool policy
+# Priority band: 1.01 (Tier 1 - Default)
+# These tools require user confirmation by default
+
+[[rule]]
+toolName = "edit"
+decision = "ask_user"
+priority = 1.01
+
+[[rule]]
+toolName = "smart_edit"
+decision = "ask_user"
+priority = 1.01
+
+[[rule]]
+toolName = "write_file"
+decision = "ask_user"
+priority = 1.01
+
+[[rule]]
+toolName = "shell"
+decision = "ask_user"
+priority = 1.01
+
+[[rule]]
+toolName = "memory"
+decision = "ask_user"
+priority = 1.01
+
+[[rule]]
+toolName = "web_fetch"
+decision = "ask_user"
+priority = 1.01
+
+[[rule]]
+toolName = "mcp_tool"
+decision = "ask_user"
+priority = 1.01
+
+# Shell commands with dangerous patterns are denied
+[[rule]]
+toolName = "shell"
+argsPattern = "rm\\s+-rf\\s+/"
+decision = "deny"
+priority = 2.0
+
+[[rule]]
+toolName = "shell"
+argsPattern = "chmod\\s+777"
+decision = "deny"
+priority = 2.0
+
+[[rule]]
+toolName = "shell"
+argsPattern = "dd\\s+if="
+decision = "deny"
+priority = 2.0
+
+[[rule]]
+toolName = "shell"
+argsPattern = "mkfs\\."
+decision = "deny"
+priority = 2.0
+
+[[rule]]
+toolName = "shell"
+argsPattern = ":(){ :|:& };:"
+decision = "deny"
+priority = 2.0

package/dist/src/policy/policies/yolo.toml

@@ -0,0 +1,8 @@
+# YOLO mode policy - allow everything
+# Priority band: 1.999 (Tier 1 - Default, just below user settings)
+# WARNING: This disables all safety checks. Use only in trusted environments.
+
+[[rule]]
+# No toolName specified = wildcard (matches all tools)
+decision = "allow"
+priority = 1.999

package/dist/src/policy/policy-engine.d.ts

@@ -0,0 +1,55 @@
+import { PolicyDecision, type PolicyEngineConfig, type PolicyRule } from './types.js';
+/**
+ * PolicyEngine evaluates tool execution requests against configured rules.
+ * Rules are matched in priority order, with the highest priority rule winning.
+ */
+export declare class PolicyEngine {
+    private readonly rules;
+    private readonly defaultDecision;
+    private readonly nonInteractive;
+    constructor(config?: PolicyEngineConfig);
+    /**
+     * Evaluates a tool execution request and returns a policy decision.
+     *
+     * @param toolName - The name of the tool being executed
+     * @param args - The arguments passed to the tool
+     * @param serverName - Optional MCP server name (for spoofing prevention)
+     * @returns PolicyDecision (ALLOW, DENY, or ASK_USER)
+     */
+    evaluate(toolName: string, args: Record<string, unknown>, serverName?: string): PolicyDecision;
+    /**
+     * Finds the highest priority rule matching the tool and args.
+     *
+     * @param toolName - The name of the tool
+     * @param args - The tool arguments
+     * @returns The matching rule, or undefined if none match
+     */
+    private findMatchingRule;
+    /**
+     * Validates that a tool name matches its claimed server name.
+     * Returns null if spoofing is detected, otherwise returns the tool name.
+     *
+     * @param toolName - The tool name (may include server prefix)
+     * @param serverName - The claimed server name
+     * @returns The validated tool name, or null if spoofing detected
+     */
+    private validateServerName;
+    /**
+     * Returns all configured rules (for debugging/inspection).
+     *
+     * @returns Array of policy rules
+     */
+    getRules(): readonly PolicyRule[];
+    /**
+     * Returns the default decision used when no rules match.
+     *
+     * @returns PolicyDecision
+     */
+    getDefaultDecision(): PolicyDecision;
+    /**
+     * Returns whether the engine is in non-interactive mode.
+     *
+     * @returns boolean
+     */
+    isNonInteractive(): boolean;
+}

package/dist/src/policy/policy-engine.js

@@ -0,0 +1,126 @@
+import { PolicyDecision, } from './types.js';
+import { stableStringify } from './stable-stringify.js';
+/**
+ * PolicyEngine evaluates tool execution requests against configured rules.
+ * Rules are matched in priority order, with the highest priority rule winning.
+ */
+export class PolicyEngine {
+    rules;
+    defaultDecision;
+    nonInteractive;
+    constructor(config) {
+        this.rules = config?.rules ?? [];
+        this.defaultDecision = config?.defaultDecision ?? PolicyDecision.ASK_USER;
+        this.nonInteractive = config?.nonInteractive ?? false;
+        // Sort rules by priority (highest first)
+        this.rules.sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
+    }
+    /**
+     * Evaluates a tool execution request and returns a policy decision.
+     *
+     * @param toolName - The name of the tool being executed
+     * @param args - The arguments passed to the tool
+     * @param serverName - Optional MCP server name (for spoofing prevention)
+     * @returns PolicyDecision (ALLOW, DENY, or ASK_USER)
+     */
+    evaluate(toolName, args, serverName) {
+        // Validate serverName to prevent spoofing
+        if (serverName) {
+            const validatedToolName = this.validateServerName(toolName, serverName);
+            if (validatedToolName === null) {
+                // Server name spoofing detected - deny
+                return PolicyDecision.DENY;
+            }
+        }
+        // Find the highest priority matching rule
+        const matchingRule = this.findMatchingRule(toolName, args);
+        if (matchingRule) {
+            const decision = matchingRule.decision;
+            // In non-interactive mode, ASK_USER becomes DENY
+            if (this.nonInteractive && decision === PolicyDecision.ASK_USER) {
+                return PolicyDecision.DENY;
+            }
+            return decision;
+        }
+        // No matching rule - use default decision
+        if (this.nonInteractive &&
+            this.defaultDecision === PolicyDecision.ASK_USER) {
+            return PolicyDecision.DENY;
+        }
+        return this.defaultDecision;
+    }
+    /**
+     * Finds the highest priority rule matching the tool and args.
+     *
+     * @param toolName - The name of the tool
+     * @param args - The tool arguments
+     * @returns The matching rule, or undefined if none match
+     */
+    findMatchingRule(toolName, args) {
+        const argsString = stableStringify(args);
+        for (const rule of this.rules) {
+            // Check tool name match
+            const toolMatches = !rule.toolName || rule.toolName === toolName;
+            if (!toolMatches) {
+                continue;
+            }
+            // Check args pattern match
+            const argsMatch = !rule.argsPattern || rule.argsPattern.test(argsString);
+            if (!argsMatch) {
+                continue;
+            }
+            // Both match - return this rule
+            return rule;
+        }
+        return undefined;
+    }
+    /**
+     * Validates that a tool name matches its claimed server name.
+     * Returns null if spoofing is detected, otherwise returns the tool name.
+     *
+     * @param toolName - The tool name (may include server prefix)
+     * @param serverName - The claimed server name
+     * @returns The validated tool name, or null if spoofing detected
+     */
+    validateServerName(toolName, serverName) {
+        // For MCP tools, expect format: "serverName__toolName"
+        const expectedPrefix = `${serverName}__`;
+        if (toolName.startsWith(expectedPrefix)) {
+            return toolName;
+        }
+        // If tool name doesn't have the expected prefix, check if it's a non-MCP tool
+        // Non-MCP tools don't have a server prefix, so if a serverName is provided
+        // but the tool doesn't have the prefix, it's likely spoofing
+        if (!toolName.includes('__')) {
+            // This is a built-in tool, serverName should not be set
+            return null;
+        }
+        // Tool has a different server prefix - spoofing attempt
+        return null;
+    }
+    /**
+     * Returns all configured rules (for debugging/inspection).
+     *
+     * @returns Array of policy rules
+     */
+    getRules() {
+        return [...this.rules];
+    }
+    /**
+     * Returns the default decision used when no rules match.
+     *
+     * @returns PolicyDecision
+     */
+    getDefaultDecision() {
+        return this.defaultDecision;
+    }
+    /**
+     * Returns whether the engine is in non-interactive mode.
+     *
+     * @returns boolean
+     */
+    isNonInteractive() {
+        return this.nonInteractive;
+    }
+}
+//# sourceMappingURL=policy-engine.js.map

package/dist/src/policy/policy-engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-engine.js","sourceRoot":"","sources":["../../../src/policy/policy-engine.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,GAGf,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAExD;;;GAGG;AACH,MAAM,OAAO,YAAY;IACN,KAAK,CAAe;IACpB,eAAe,CAAiB;IAChC,cAAc,CAAU;IAEzC,YAAY,MAA2B;QACrC,IAAI,CAAC,KAAK,GAAG,MAAM,EAAE,KAAK,IAAI,EAAE,CAAC;QACjC,IAAI,CAAC,eAAe,GAAG,MAAM,EAAE,eAAe,IAAI,cAAc,CAAC,QAAQ,CAAC;QAC1E,IAAI,CAAC,cAAc,GAAG,MAAM,EAAE,cAAc,IAAI,KAAK,CAAC;QAEtD,yCAAyC;QACzC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACnE,CAAC;IAED;;;;;;;OAOG;IACH,QAAQ,CACN,QAAgB,EAChB,IAA6B,EAC7B,UAAmB;QAEnB,0CAA0C;QAC1C,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,iBAAiB,GAAG,IAAI,CAAC,kBAAkB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;YACxE,IAAI,iBAAiB,KAAK,IAAI,EAAE,CAAC;gBAC/B,uCAAuC;gBACvC,OAAO,cAAc,CAAC,IAAI,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,0CAA0C;QAC1C,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAE3D,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC;YAEvC,iDAAiD;YACjD,IAAI,IAAI,CAAC,cAAc,IAAI,QAAQ,KAAK,cAAc,CAAC,QAAQ,EAAE,CAAC;gBAChE,OAAO,cAAc,CAAC,IAAI,CAAC;YAC7B,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,0CAA0C;QAC1C,IACE,IAAI,CAAC,cAAc;YACnB,IAAI,CAAC,eAAe,KAAK,cAAc,CAAC,QAAQ,EAChD,CAAC;YACD,OAAO,cAAc,CAAC,IAAI,CAAC;QAC7B,CAAC;QAED,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED;;;;;;OAMG;IACK,gBAAgB,CACtB,QAAgB,EAChB,IAA6B;QAE7B,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;QAEzC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,wBAAwB;YACxB,MAAM,WAAW,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC;YACjE,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,SAAS;YACX,CAAC;YAED,2BAA2B;YAC3B,MAAM,SAAS,GAAG,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACzE,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,SAAS;YACX,CAAC;YAED,gCAAgC;YAChC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;OAOG;IACK,kBAAkB,CACxB,QAAgB,EAChB,UAAkB;QAElB,uDAAuD;QACvD,MAAM,cAAc,GAAG,GAAG,UAAU,IAAI,CAAC;QAEzC,IAAI,QAAQ,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YACxC,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,8EAA8E;QAC9E,2EAA2E;QAC3E,6DAA6D;QAC7D,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,wDAAwD;YACxD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,wDAAwD;QACxD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;OAIG;IACH,QAAQ;QACN,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IACzB,CAAC;IAED;;;;OAIG;IACH,kBAAkB;QAChB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED;;;;OAIG;IACH,gBAAgB;QACd,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;CACF"}

package/dist/src/policy/stable-stringify.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Provides deterministic JSON stringification for pattern matching in policy rules.
+ * Ensures consistent ordering of object keys and handling of special values.
+ */
+type JSONValue = string | number | boolean | null | JSONValue[] | {
+    [key: string]: JSONValue;
+};
+/**
+ * Deterministically stringifies a value for use in pattern matching.
+ * - Object keys are sorted alphabetically
+ * - Arrays maintain their order
+ * - undefined values are omitted
+ * - Functions and symbols are converted to null
+ * - Circular references throw an error
+ *
+ * @param value - The value to stringify
+ * @param space - Optional spacing for readability (default: none)
+ * @returns Deterministic JSON string
+ */
+export declare function stableStringify(value: unknown, space?: string | number): string;
+/**
+ * Parses a stable-stringified JSON string back into a value.
+ * This is just a wrapper around JSON.parse for consistency.
+ *
+ * @param text - The JSON string to parse
+ * @returns Parsed value
+ */
+export declare function stableParse(text: string): JSONValue;
+export {};

package/dist/src/policy/stable-stringify.js

@@ -0,0 +1,111 @@
+/**
+ * Provides deterministic JSON stringification for pattern matching in policy rules.
+ * Ensures consistent ordering of object keys and handling of special values.
+ */
+/**
+ * Deterministically stringifies a value for use in pattern matching.
+ * - Object keys are sorted alphabetically
+ * - Arrays maintain their order
+ * - undefined values are omitted
+ * - Functions and symbols are converted to null
+ * - Circular references throw an error
+ *
+ * @param value - The value to stringify
+ * @param space - Optional spacing for readability (default: none)
+ * @returns Deterministic JSON string
+ */
+export function stableStringify(value, space) {
+    const seen = new WeakSet();
+    function stringify(val, indent, currentDepth) {
+        // Handle primitives
+        if (val === null)
+            return 'null';
+        if (val === undefined)
+            return 'null';
+        if (typeof val === 'boolean')
+            return String(val);
+        if (typeof val === 'number') {
+            if (!Number.isFinite(val))
+                return 'null';
+            return String(val);
+        }
+        if (typeof val === 'string') {
+            return JSON.stringify(val);
+        }
+        // Handle functions and symbols
+        if (typeof val === 'function' || typeof val === 'symbol') {
+            return 'null';
+        }
+        // Handle objects and arrays
+        if (typeof val === 'object') {
+            // Circular reference check
+            if (seen.has(val)) {
+                throw new TypeError('Converting circular structure to JSON');
+            }
+            seen.add(val);
+            try {
+                // Handle arrays
+                if (Array.isArray(val)) {
+                    const items = [];
+                    const nextIndent = space ? indent + getIndentString(space) : '';
+                    const separator = space ? '\n' : '';
+                    for (let i = 0; i < val.length; i++) {
+                        const item = stringify(val[i], nextIndent, currentDepth + 1);
+                        items.push(space ? `${nextIndent}${item}` : item);
+                    }
+                    if (items.length === 0) {
+                        return '[]';
+                    }
+                    return space
+                        ? `[${separator}${items.join(`,${separator}`)}${separator}${indent}]`
+                        : `[${items.join(',')}]`;
+                }
+                // Handle objects
+                const keys = Object.keys(val).sort();
+                const pairs = [];
+                const nextIndent = space ? indent + getIndentString(space) : '';
+                const separator = space ? '\n' : '';
+                for (const key of keys) {
+                    const value = val[key];
+                    if (value !== undefined) {
+                        const stringifiedKey = JSON.stringify(key);
+                        const stringifiedValue = stringify(value, nextIndent, currentDepth + 1);
+                        const pair = space
+                            ? `${nextIndent}${stringifiedKey}: ${stringifiedValue}`
+                            : `${stringifiedKey}:${stringifiedValue}`;
+                        pairs.push(pair);
+                    }
+                }
+                if (pairs.length === 0) {
+                    return '{}';
+                }
+                return space
+                    ? `{${separator}${pairs.join(`,${separator}`)}${separator}${indent}}`
+                    : `{${pairs.join(',')}}`;
+            }
+            finally {
+                seen.delete(val);
+            }
+        }
+        // Fallback for unknown types
+        return 'null';
+    }
+    function getIndentString(space) {
+        if (typeof space === 'number') {
+            return ' '.repeat(Math.min(10, Math.max(0, Math.floor(space))));
+        }
+        return String(space).slice(0, 10);
+    }
+    return stringify(value, '', 0);
+}
+/**
+ * Parses a stable-stringified JSON string back into a value.
+ * This is just a wrapper around JSON.parse for consistency.
+ *
+ * @param text - The JSON string to parse
+ * @returns Parsed value
+ */
+export function stableParse(text) {
+    return JSON.parse(text);
+}
+//# sourceMappingURL=stable-stringify.js.map

package/dist/src/policy/stable-stringify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stable-stringify.js","sourceRoot":"","sources":["../../../src/policy/stable-stringify.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAUH;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,eAAe,CAC7B,KAAc,EACd,KAAuB;IAEvB,MAAM,IAAI,GAAG,IAAI,OAAO,EAAU,CAAC;IAEnC,SAAS,SAAS,CAChB,GAAY,EACZ,MAAc,EACd,YAAoB;QAEpB,oBAAoB;QACpB,IAAI,GAAG,KAAK,IAAI;YAAE,OAAO,MAAM,CAAC;QAChC,IAAI,GAAG,KAAK,SAAS;YAAE,OAAO,MAAM,CAAC;QACrC,IAAI,OAAO,GAAG,KAAK,SAAS;YAAE,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;QACjD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC;gBAAE,OAAO,MAAM,CAAC;YACzC,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;QACD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAC7B,CAAC;QAED,+BAA+B;QAC/B,IAAI,OAAO,GAAG,KAAK,UAAU,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACzD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,4BAA4B;QAC5B,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,2BAA2B;YAC3B,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAClB,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAC;YAC/D,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAEd,IAAI,CAAC;gBACH,gBAAgB;gBAChB,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;oBACvB,MAAM,KAAK,GAAa,EAAE,CAAC;oBAC3B,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,MAAM,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBAChE,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAEpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;wBACpC,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,YAAY,GAAG,CAAC,CAAC,CAAC;wBAC7D,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,UAAU,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;oBACpD,CAAC;oBAED,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBACvB,OAAO,IAAI,CAAC;oBACd,CAAC;oBAED,OAAO,KAAK;wBACV,CAAC,CAAC,IAAI,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,SAAS,EAAE,CAAC,GAAG,SAAS,GAAG,MAAM,GAAG;wBACrE,CAAC,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAC7B,CAAC;gBAED,iBAAiB;gBACjB,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;gBACrC,MAAM,KAAK,GAAa,EAAE,CAAC;gBAC3B,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,MAAM,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChE,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBAEpC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,MAAM,KAAK,GAAI,GAA+B,CAAC,GAAG,CAAC,CAAC;oBACpD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;wBACxB,MAAM,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBAC3C,MAAM,gBAAgB,GAAG,SAAS,CAChC,KAAK,EACL,UAAU,EACV,YAAY,GAAG,CAAC,CACjB,CAAC;wBACF,MAAM,IAAI,GAAG,KAAK;4BAChB,CAAC,CAAC,GAAG,UAAU,GAAG,cAAc,KAAK,gBAAgB,EAAE;4BACvD,CAAC,CAAC,GAAG,cAAc,IAAI,gBAAgB,EAAE,CAAC;wBAC5C,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACnB,CAAC;gBACH,CAAC;gBAED,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACvB,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,OAAO,KAAK;oBACV,CAAC,CAAC,IAAI,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,SAAS,EAAE,CAAC,GAAG,SAAS,GAAG,MAAM,GAAG;oBACrE,CAAC,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAC7B,CAAC;oBAAS,CAAC;gBACT,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACnB,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,SAAS,eAAe,CAAC,KAAsB;QAC7C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAClE,CAAC;QACD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACpC,CAAC;IAED,OAAO,SAAS,CAAC,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;AACjC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAc,CAAC;AACvC,CAAC"}

package/dist/src/policy/toml-loader.d.ts

@@ -0,0 +1,37 @@
+/**
+ * TOML Policy Loader
+ *
+ * Loads and parses TOML policy files into PolicyRule objects.
+ * Handles:
+ * - TOML parsing with @iarna/toml
+ * - Schema validation with zod
+ * - argsPattern string → RegExp conversion
+ * - Priority band enforcement
+ * - Comprehensive error handling
+ */
+import { type PolicyRule } from './types.js';
+/**
+ * Error thrown when policy loading or validation fails
+ */
+export declare class PolicyLoadError extends Error {
+    readonly path?: string;
+    readonly cause?: unknown;
+    constructor(message: string, path?: string, options?: {
+        cause?: unknown;
+    });
+}
+/**
+ * Loads and parses a TOML policy file
+ *
+ * @param path - Absolute path to the TOML policy file
+ * @returns Array of PolicyRule objects
+ * @throws PolicyLoadError if file cannot be read, parsed, or validated
+ */
+export declare function loadPolicyFromToml(path: string): Promise<PolicyRule[]>;
+/**
+ * Loads all default policy files from the policies directory
+ *
+ * @returns Array of PolicyRule objects from all default policies
+ * @throws PolicyLoadError if any default policy file fails to load
+ */
+export declare function loadDefaultPolicies(): Promise<PolicyRule[]>;

package/dist/src/policy/toml-loader.js

@@ -0,0 +1,183 @@
+/**
+ * TOML Policy Loader
+ *
+ * Loads and parses TOML policy files into PolicyRule objects.
+ * Handles:
+ * - TOML parsing with @iarna/toml
+ * - Schema validation with zod
+ * - argsPattern string → RegExp conversion
+ * - Priority band enforcement
+ * - Comprehensive error handling
+ */
+import * as toml from '@iarna/toml';
+import { z } from 'zod';
+import { readFile } from 'node:fs/promises';
+import { join } from 'node:path';
+import { PolicyDecision } from './types.js';
+/**
+ * Zod schema for a single policy rule in TOML
+ */
+const TomlRuleSchema = z.object({
+    toolName: z.string().optional(),
+    argsPattern: z.string().optional(),
+    decision: z.nativeEnum(PolicyDecision),
+    priority: z.number().optional(),
+});
+/**
+ * Zod schema for the entire policy TOML file
+ */
+const PolicyFileSchema = z.object({
+    rule: z.array(TomlRuleSchema),
+});
+/**
+ * Error thrown when policy loading or validation fails
+ */
+export class PolicyLoadError extends Error {
+    path;
+    cause;
+    constructor(message, path, options) {
+        super(message);
+        this.name = 'PolicyLoadError';
+        this.path = path;
+        this.cause = options?.cause;
+    }
+}
+/**
+ * Validates priority band according to specification:
+ * - Tier 3 (Admin): 3.xxx
+ * - Tier 2 (User): 2.xxx
+ * - Tier 1 (Default): 1.xxx
+ *
+ * Throws if priority is outside valid range.
+ */
+function validatePriorityBand(priority, path) {
+    if (priority === undefined) {
+        return; // Priority 0 is default and valid
+    }
+    // Valid range: 1.0 to 3.999
+    if (priority < 1.0 || priority >= 4.0) {
+        throw new PolicyLoadError(`Invalid priority ${priority} in ${path}. Priority must be in range [1.0, 4.0).`, path);
+    }
+}
+/**
+ * Converts argsPattern string to RegExp with proper error handling
+ */
+function parseArgsPattern(pattern, path) {
+    try {
+        return new RegExp(pattern);
+    }
+    catch (error) {
+        throw new PolicyLoadError(`Invalid regular expression in argsPattern: ${pattern}`, path, { cause: error });
+    }
+}
+/**
+ * Transforms a parsed TOML rule into a PolicyRule object
+ */
+function transformRule(rule, path) {
+    validatePriorityBand(rule.priority, path);
+    const policyRule = {
+        decision: rule.decision,
+        priority: rule.priority ?? 0,
+    };
+    // toolName is optional - undefined means wildcard (matches all tools)
+    if (rule.toolName !== undefined) {
+        policyRule.toolName = rule.toolName;
+    }
+    // argsPattern is optional - converts string to RegExp
+    if (rule.argsPattern !== undefined) {
+        policyRule.argsPattern = parseArgsPattern(rule.argsPattern, path);
+    }
+    return policyRule;
+}
+/**
+ * Loads and parses a TOML policy file
+ *
+ * @param path - Absolute path to the TOML policy file
+ * @returns Array of PolicyRule objects
+ * @throws PolicyLoadError if file cannot be read, parsed, or validated
+ */
+export async function loadPolicyFromToml(path) {
+    let content;
+    try {
+        content = await readFile(path, 'utf-8');
+    }
+    catch (error) {
+        throw new PolicyLoadError(`Failed to read policy file: ${path}`, path, {
+            cause: error,
+        });
+    }
+    let parsed;
+    try {
+        parsed = toml.parse(content);
+    }
+    catch (error) {
+        const tomlError = error;
+        throw new PolicyLoadError(`Invalid TOML syntax in ${path}: ${tomlError.message}`, path, { cause: error });
+    }
+    let validated;
+    try {
+        validated = PolicyFileSchema.parse(parsed);
+    }
+    catch (error) {
+        if (error instanceof z.ZodError) {
+            const errorMessages = error.errors.map((e) => e.message).join(', ');
+            throw new PolicyLoadError(`Invalid policy schema in ${path}: ${errorMessages}`, path, { cause: error });
+        }
+        throw error;
+    }
+    // Transform each rule
+    const rules = [];
+    for (const tomlRule of validated.rule) {
+        try {
+            const rule = transformRule(tomlRule, path);
+            rules.push(rule);
+        }
+        catch (error) {
+            if (error instanceof PolicyLoadError) {
+                throw error;
+            }
+            throw new PolicyLoadError(`Failed to transform rule in ${path}`, path, {
+                cause: error,
+            });
+        }
+    }
+    return rules;
+}
+/**
+ * Loads all default policy files from the policies directory
+ *
+ * @returns Array of PolicyRule objects from all default policies
+ * @throws PolicyLoadError if any default policy file fails to load
+ */
+export async function loadDefaultPolicies() {
+    const policyFiles = [
+        'read-only.toml',
+        'write.toml',
+        // Note: yolo.toml and discovered.toml are loaded conditionally
+    ];
+    const policiesDirUrl = new URL('./policies/', import.meta.url);
+    let policiesDir = decodeURIComponent(policiesDirUrl.pathname);
+    if (policiesDir.startsWith('/@fs/')) {
+        policiesDir = `/${policiesDir.slice('/@fs/'.length)}`;
+    }
+    if (process.platform === 'win32' && policiesDir.match(/^\/[A-Za-z]:\//)) {
+        policiesDir = policiesDir.slice(1);
+    }
+    const rules = [];
+    for (const file of policyFiles) {
+        const path = join(policiesDir, file);
+        try {
+            const fileRules = await loadPolicyFromToml(path);
+            rules.push(...fileRules);
+        }
+        catch (error) {
+            // Re-throw with context about which default file failed
+            if (error instanceof PolicyLoadError) {
+                throw new PolicyLoadError(`Failed to load default policy ${file}: ${error.message}`, path, { cause: error });
+            }
+            throw error;
+        }
+    }
+    return rules;
+}
+//# sourceMappingURL=toml-loader.js.map

package/dist/src/policy/toml-loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"toml-loader.js","sourceRoot":"","sources":["../../../src/policy/toml-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,IAAI,MAAM,aAAa,CAAC;AACpC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,cAAc,EAAmB,MAAM,YAAY,CAAC;AAE7D;;GAEG;AACH,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,QAAQ,EAAE,CAAC,CAAC,UAAU,CAAC,cAAc,CAAC;IACtC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC;CAC9B,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,OAAO,eAAgB,SAAQ,KAAK;IAC/B,IAAI,CAAU;IACd,KAAK,CAAW;IAEzB,YAAY,OAAe,EAAE,IAAa,EAAE,OAA6B;QACvE,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;QAC9B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;IAC9B,CAAC;CACF;AAED;;;;;;;GAOG;AACH,SAAS,oBAAoB,CAC3B,QAA4B,EAC5B,IAAY;IAEZ,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,OAAO,CAAC,kCAAkC;IAC5C,CAAC;IAED,4BAA4B;IAC5B,IAAI,QAAQ,GAAG,GAAG,IAAI,QAAQ,IAAI,GAAG,EAAE,CAAC;QACtC,MAAM,IAAI,eAAe,CACvB,oBAAoB,QAAQ,OAAO,IAAI,yCAAyC,EAChF,IAAI,CACL,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,OAAe,EAAE,IAAY;IACrD,IAAI,CAAC;QACH,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,eAAe,CACvB,8CAA8C,OAAO,EAAE,EACvD,IAAI,EACJ,EAAE,KAAK,EAAE,KAAK,EAAE,CACjB,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,IAAoC,EACpC,IAAY;IAEZ,oBAAoB,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAE1C,MAAM,UAAU,GAAe;QAC7B,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,CAAC;KAC7B,CAAC;IAEF,sEAAsE;IACtE,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QAChC,UAAU,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;IACtC,CAAC;IAED,sDAAsD;IACtD,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;QACnC,UAAU,CAAC,WAAW,GAAG,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,IAAY;IACnD,IAAI,OAAe,CAAC;IAEpB,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,eAAe,CAAC,+BAA+B,IAAI,EAAE,EAAE,IAAI,EAAE;YACrE,KAAK,EAAE,KAAK;SACb,CAAC,CAAC;IACL,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,SAAS,GAAG,KAAc,CAAC;QACjC,MAAM,IAAI,eAAe,CACvB,0BAA0B,IAAI,KAAK,SAAS,CAAC,OAAO,EAAE,EACtD,IAAI,EACJ,EAAE,KAAK,EAAE,KAAK,EAAE,CACjB,CAAC;IACJ,CAAC;IAED,IAAI,SAA2C,CAAC;IAChD,IAAI,CAAC;QACH,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,CAAC,CAAC,QAAQ,EAAE,CAAC;YAChC,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpE,MAAM,IAAI,eAAe,CACvB,4BAA4B,IAAI,KAAK,aAAa,EAAE,EACpD,IAAI,EACJ,EAAE,KAAK,EAAE,KAAK,EAAE,CACjB,CAAC;QACJ,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;IAED,sBAAsB;IACtB,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,KAAK,MAAM,QAAQ,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YAC3C,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,eAAe,EAAE,CAAC;gBACrC,MAAM,KAAK,CAAC;YACd,CAAC;YACD,MAAM,IAAI,eAAe,CAAC,+BAA+B,IAAI,EAAE,EAAE,IAAI,EAAE;gBACrE,KAAK,EAAE,KAAK;aACb,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,MAAM,WAAW,GAAG;QAClB,gBAAgB;QAChB,YAAY;QACZ,+DAA+D;KAChE,CAAC;IAEF,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/D,IAAI,WAAW,GAAG,kBAAkB,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;IAE9D,IAAI,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACpC,WAAW,GAAG,IAAI,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;IACxD,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,IAAI,WAAW,CAAC,KAAK,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACxE,WAAW,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACrC,CAAC;IAED,MAAM,KAAK,GAAiB,EAAE,CAAC;IAE/B,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QACrC,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,CAAC;QAC3B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,wDAAwD;YACxD,IAAI,KAAK,YAAY,eAAe,EAAE,CAAC;gBACrC,MAAM,IAAI,eAAe,CACvB,iCAAiC,IAAI,KAAK,KAAK,CAAC,OAAO,EAAE,EACzD,IAAI,EACJ,EAAE,KAAK,EAAE,KAAK,EAAE,CACjB,CAAC;YACJ,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/src/policy/types.d.ts

@@ -0,0 +1,16 @@
+export declare enum PolicyDecision {
+    ALLOW = "allow",
+    DENY = "deny",
+    ASK_USER = "ask_user"
+}
+export interface PolicyRule {
+    toolName?: string;
+    argsPattern?: RegExp;
+    decision: PolicyDecision;
+    priority?: number;
+}
+export interface PolicyEngineConfig {
+    rules?: PolicyRule[];
+    defaultDecision?: PolicyDecision;
+    nonInteractive?: boolean;
+}

package/dist/src/policy/types.js

@@ -0,0 +1,7 @@
+export var PolicyDecision;
+(function (PolicyDecision) {
+    PolicyDecision["ALLOW"] = "allow";
+    PolicyDecision["DENY"] = "deny";
+    PolicyDecision["ASK_USER"] = "ask_user";
+})(PolicyDecision || (PolicyDecision = {}));
+//# sourceMappingURL=types.js.map

package/dist/src/policy/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/policy/types.ts"],"names":[],"mappings":"AAAA,MAAM,CAAN,IAAY,cAIX;AAJD,WAAY,cAAc;IACxB,iCAAe,CAAA;IACf,+BAAa,CAAA;IACb,uCAAqB,CAAA;AACvB,CAAC,EAJW,cAAc,KAAd,cAAc,QAIzB"}