@vybestack/llxprt-code-policy 0.10.0-nightly.260613.1adad3b34

package/dist/index.d.ts

@@ -0,0 +1 @@
+export * from './src/index.js';

package/dist/index.js

@@ -0,0 +1,2 @@
+export * from './src/index.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC"}

package/dist/src/config.d.ts

@@ -0,0 +1,25 @@
+/**
+ * @license
+ * Copyright 2025 Vybestack LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { type ApprovalMode, type PolicyRule } from './types.js';
+import type { PolicyFileError } from './toml-loader.js';
+export declare const DEFAULT_CORE_POLICIES_DIR: string;
+export declare const DEFAULT_POLICY_TIER = 1;
+export declare const USER_POLICY_TIER = 2;
+export declare const ADMIN_POLICY_TIER = 3;
+export interface PolicyPathResolver {
+    getUserPoliciesDir: () => string;
+    getSystemPoliciesDir: () => string;
+}
+export interface PolicyConfigSource {
+    getApprovalMode: () => ApprovalMode;
+    getAllowedTools: () => string[] | undefined;
+    getNonInteractive: () => boolean;
+    getUserPolicyPath?: () => string | undefined;
+}
+export declare function getPolicyDirectories(defaultPoliciesDir?: string, pathResolver?: PolicyPathResolver): string[];
+export declare function getPolicyTier(dir: string, defaultPoliciesDir?: string, pathResolver?: PolicyPathResolver): number;
+export declare function formatPolicyError(error: PolicyFileError): string;
+export declare function migrateLegacyApprovalMode(config: PolicyConfigSource): PolicyRule[];

package/dist/src/config.js

@@ -0,0 +1,119 @@
+/**
+ * @license
+ * Copyright 2025 Vybestack LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import * as path from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { PolicyDecision } from './types.js';
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+export const DEFAULT_CORE_POLICIES_DIR = path.join(__dirname, 'policies');
+export const DEFAULT_POLICY_TIER = 1;
+export const USER_POLICY_TIER = 2;
+export const ADMIN_POLICY_TIER = 3;
+const DEFAULT_POLICY_PATH_RESOLVER = {
+    getUserPoliciesDir: () => '',
+    getSystemPoliciesDir: () => '',
+};
+export function getPolicyDirectories(defaultPoliciesDir, pathResolver = DEFAULT_POLICY_PATH_RESOLVER) {
+    const dirs = [];
+    if (defaultPoliciesDir) {
+        dirs.push(defaultPoliciesDir);
+    }
+    else {
+        dirs.push(DEFAULT_CORE_POLICIES_DIR);
+    }
+    const userPoliciesDir = pathResolver.getUserPoliciesDir();
+    if (userPoliciesDir) {
+        dirs.push(userPoliciesDir);
+    }
+    const systemPoliciesDir = pathResolver.getSystemPoliciesDir();
+    if (systemPoliciesDir) {
+        dirs.push(systemPoliciesDir);
+    }
+    return dirs.reverse();
+}
+export function getPolicyTier(dir, defaultPoliciesDir, pathResolver = DEFAULT_POLICY_PATH_RESOLVER) {
+    const normalizedDir = path.resolve(dir);
+    const userPoliciesDir = pathResolver.getUserPoliciesDir();
+    const systemPoliciesDir = pathResolver.getSystemPoliciesDir();
+    if (defaultPoliciesDir &&
+        normalizedDir === path.resolve(defaultPoliciesDir)) {
+        return DEFAULT_POLICY_TIER;
+    }
+    if (normalizedDir === path.resolve(DEFAULT_CORE_POLICIES_DIR)) {
+        return DEFAULT_POLICY_TIER;
+    }
+    if (userPoliciesDir && normalizedDir === path.resolve(userPoliciesDir)) {
+        return USER_POLICY_TIER;
+    }
+    if (systemPoliciesDir && normalizedDir === path.resolve(systemPoliciesDir)) {
+        return ADMIN_POLICY_TIER;
+    }
+    return DEFAULT_POLICY_TIER;
+}
+export function formatPolicyError(error) {
+    const tierLabel = error.tier.toUpperCase();
+    let message = `[${tierLabel}] Policy file error in ${error.fileName}:
+`;
+    message += `  ${error.message}`;
+    if (error.details) {
+        message += `
+${error.details}`;
+    }
+    if (error.suggestion) {
+        message += `
+  Suggestion: ${error.suggestion}`;
+    }
+    return message;
+}
+function normalizeToolName(toolName) {
+    if (toolName === 'ShellTool' ||
+        toolName.startsWith('ShellTool(') ||
+        toolName.startsWith('run_shell_command(')) {
+        return 'run_shell_command';
+    }
+    return toolName;
+}
+const AUTO_EDIT_TOOLS = [
+    'replace',
+    'write_file',
+    'insert_at_line',
+    'delete_line_range',
+    'apply_patch',
+];
+export function migrateLegacyApprovalMode(config) {
+    const rules = [];
+    const approvalMode = config.getApprovalMode();
+    if (approvalMode === 'yolo') {
+        rules.push({
+            decision: PolicyDecision.ALLOW,
+            priority: 1.999,
+            source: 'Legacy (YOLO)',
+        });
+    }
+    if (approvalMode === 'autoEdit') {
+        for (const tool of AUTO_EDIT_TOOLS) {
+            rules.push({
+                toolName: tool,
+                decision: PolicyDecision.ALLOW,
+                priority: 1.015,
+                source: 'Legacy (AUTO_EDIT)',
+            });
+        }
+    }
+    const allowedTools = config.getAllowedTools();
+    if (allowedTools && allowedTools.length > 0) {
+        for (const tool of allowedTools) {
+            rules.push({
+                toolName: normalizeToolName(tool),
+                decision: PolicyDecision.ALLOW,
+                priority: 2.3,
+                source: 'Legacy (--allowed-tools)',
+            });
+        }
+    }
+    return rules;
+}
+//# sourceMappingURL=config.js.map

package/dist/src/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAsC,cAAc,EAAE,MAAM,YAAY,CAAC;AAGhF,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AAC3C,MAAM,CAAC,MAAM,yBAAyB,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;AAE1E,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC;AACrC,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC;AAClC,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAcnC,MAAM,4BAA4B,GAAuB;IACvD,kBAAkB,EAAE,GAAG,EAAE,CAAC,EAAE;IAC5B,oBAAoB,EAAE,GAAG,EAAE,CAAC,EAAE;CAC/B,CAAC;AAEF,MAAM,UAAU,oBAAoB,CAClC,kBAA2B,EAC3B,eAAmC,4BAA4B;IAE/D,MAAM,IAAI,GAAG,EAAE,CAAC;IAEhB,IAAI,kBAAkB,EAAE,CAAC;QACvB,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAChC,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,eAAe,GAAG,YAAY,CAAC,kBAAkB,EAAE,CAAC;IAC1D,IAAI,eAAe,EAAE,CAAC;QACpB,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC7B,CAAC;IAED,MAAM,iBAAiB,GAAG,YAAY,CAAC,oBAAoB,EAAE,CAAC;IAC9D,IAAI,iBAAiB,EAAE,CAAC;QACtB,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAC/B,CAAC;IAED,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,aAAa,CAC3B,GAAW,EACX,kBAA2B,EAC3B,eAAmC,4BAA4B;IAE/D,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,eAAe,GAAG,YAAY,CAAC,kBAAkB,EAAE,CAAC;IAC1D,MAAM,iBAAiB,GAAG,YAAY,CAAC,oBAAoB,EAAE,CAAC;IAE9D,IACE,kBAAkB;QAClB,aAAa,KAAK,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAClD,CAAC;QACD,OAAO,mBAAmB,CAAC;IAC7B,CAAC;IACD,IAAI,aAAa,KAAK,IAAI,CAAC,OAAO,CAAC,yBAAyB,CAAC,EAAE,CAAC;QAC9D,OAAO,mBAAmB,CAAC;IAC7B,CAAC;IACD,IAAI,eAAe,IAAI,aAAa,KAAK,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;QACvE,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IACD,IAAI,iBAAiB,IAAI,aAAa,KAAK,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAC3E,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IAED,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,KAAsB;IACtD,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;IAC3C,IAAI,OAAO,GAAG,IAAI,SAAS,0BAA0B,KAAK,CAAC,QAAQ;CACpE,CAAC;IACA,OAAO,IAAI,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC;IAChC,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;QAClB,OAAO,IAAI;EACb,KAAK,CAAC,OAAO,EAAE,CAAC;IAChB,CAAC;IACD,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;QACrB,OAAO,IAAI;gBACC,KAAK,CAAC,UAAU,EAAE,CAAC;IACjC,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB;IACzC,IACE,QAAQ,KAAK,WAAW;QACxB,QAAQ,CAAC,UAAU,CAAC,YAAY,CAAC;QACjC,QAAQ,CAAC,UAAU,CAAC,oBAAoB,CAAC,EACzC,CAAC;QACD,OAAO,mBAAmB,CAAC;IAC7B,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,eAAe,GAAG;IACtB,SAAS;IACT,YAAY;IACZ,gBAAgB;IAChB,mBAAmB;IACnB,aAAa;CACL,CAAC;AAEX,MAAM,UAAU,yBAAyB,CACvC,MAA0B;IAE1B,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,MAAM,YAAY,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC;IAE9C,IAAI,YAAY,KAAK,MAAM,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC;YACT,QAAQ,EAAE,cAAc,CAAC,KAAK;YAC9B,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,eAAe;SACxB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,YAAY,KAAK,UAAU,EAAE,CAAC;QAChC,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,cAAc,CAAC,KAAK;gBAC9B,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,oBAAoB;aAC7B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC;IAC9C,IAAI,YAAY,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5C,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,iBAAiB,CAAC,IAAI,CAAC;gBACjC,QAAQ,EAAE,cAAc,CAAC,KAAK;gBAC9B,QAAQ,EAAE,GAAG;gBACb,MAAM,EAAE,0BAA0B;aACnC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/src/confirmation-bus/index.d.ts

@@ -0,0 +1,2 @@
+export { MessageBus, type PolicyLogger } from './message-bus.js';
+export { MessageBusType, ConfirmationOutcome, type ConfirmationPayload, type PolicyFunctionCall, type PolicyToolCallState, type SerializableConfirmationDetails, type ToolCallsUpdateMessage, type ToolConfirmationRequest, type ToolConfirmationResponse, type ToolPolicyRejection, type ToolExecutionSuccess, type ToolExecutionFailure, type UpdatePolicy, type BucketAuthConfirmationRequest, type BucketAuthConfirmationResponse, type HookExecutionRequest, type HookExecutionResponse, type MessageBusMessage, ToolConfirmationOutcome, type ToolConfirmationPayload, } from './types.js';

package/dist/src/confirmation-bus/index.js

@@ -0,0 +1,3 @@
+export { MessageBus } from './message-bus.js';
+export { MessageBusType, ConfirmationOutcome, ToolConfirmationOutcome, } from './types.js';
+//# sourceMappingURL=index.js.map

package/dist/src/confirmation-bus/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/confirmation-bus/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAqB,MAAM,kBAAkB,CAAC;AACjE,OAAO,EACL,cAAc,EACd,mBAAmB,EAiBnB,uBAAuB,GAExB,MAAM,YAAY,CAAC"}

package/dist/src/confirmation-bus/message-bus.d.ts

@@ -0,0 +1,29 @@
+import { PolicyEngine } from '../policy-engine.js';
+import { ConfirmationOutcome, MessageBusType, type ConfirmationPayload, type MessageBusMessage, type PolicyFunctionCall } from './types.js';
+type MessageHandler<T extends MessageBusMessage = MessageBusMessage> = (message: T) => void;
+export interface PolicyLogger {
+    log: (message: string, ...args: unknown[]) => void;
+    warn?: (message: string, ...args: unknown[]) => void;
+    error?: (message: string, ...args: unknown[]) => void;
+}
+/**
+ * MessageBus provides event-driven communication for tool confirmations and policy decisions.
+ * Uses EventEmitter for pub/sub pattern and integrates with PolicyEngine for authorization.
+ */
+export declare class MessageBus {
+    private readonly emitter;
+    private readonly policyEngine;
+    private readonly debugMode;
+    private readonly logger?;
+    constructor(policyEngine?: PolicyEngine, debugMode?: boolean, logger?: PolicyLogger);
+    publish(message: MessageBusMessage): void;
+    subscribe<T extends MessageBusMessage>(type: MessageBusType, handler: MessageHandler<T>): () => void;
+    unsubscribe<T extends MessageBusMessage>(type: MessageBusType, handler: MessageHandler<T>): void;
+    requestConfirmation(toolCall: PolicyFunctionCall, args: Record<string, unknown>, serverName?: string): Promise<boolean>;
+    respondToConfirmation(correlationId: string, outcome: ConfirmationOutcome, payload?: ConfirmationPayload, requiresUserConfirmation?: boolean): void;
+    requestBucketAuthConfirmation(provider: string, bucket: string, bucketIndex: number, totalBuckets: number): Promise<boolean>;
+    respondToBucketAuthConfirmation(correlationId: string, confirmed: boolean): void;
+    removeAllListeners(): void;
+    listenerCount(type: MessageBusType): number;
+}
+export {};

package/dist/src/confirmation-bus/message-bus.js

@@ -0,0 +1,143 @@
+import { EventEmitter } from 'node:events';
+import { randomUUID } from 'node:crypto';
+import { PolicyEngine } from '../policy-engine.js';
+import { PolicyDecision } from '../types.js';
+import { ConfirmationOutcome, MessageBusType, } from './types.js';
+/**
+ * MessageBus provides event-driven communication for tool confirmations and policy decisions.
+ * Uses EventEmitter for pub/sub pattern and integrates with PolicyEngine for authorization.
+ */
+export class MessageBus {
+    emitter;
+    policyEngine;
+    debugMode;
+    logger;
+    constructor(policyEngine, debugMode = false, logger) {
+        this.emitter = new EventEmitter();
+        this.policyEngine = policyEngine ?? new PolicyEngine();
+        this.debugMode = debugMode;
+        this.logger = logger;
+        this.emitter.setMaxListeners(50);
+    }
+    publish(message) {
+        if (this.debugMode) {
+            this.logger?.log(`[MessageBus] Publishing: ${message.type}`, message);
+        }
+        this.emitter.emit(message.type, message);
+    }
+    subscribe(type, handler) {
+        this.emitter.on(type, handler);
+        return () => {
+            this.emitter.off(type, handler);
+        };
+    }
+    unsubscribe(type, handler) {
+        this.emitter.off(type, handler);
+    }
+    async requestConfirmation(toolCall, args, serverName) {
+        const correlationId = randomUUID();
+        if (!toolCall.name) {
+            throw new Error('Tool call must have a name');
+        }
+        const decision = this.policyEngine.evaluate(toolCall.name, args, serverName);
+        if (this.debugMode) {
+            this.logger?.log(`[MessageBus] Policy decision for ${toolCall.name}: ${decision}`);
+        }
+        if (decision === PolicyDecision.ALLOW) {
+            return true;
+        }
+        if (decision === PolicyDecision.DENY) {
+            this.publish({
+                type: MessageBusType.TOOL_POLICY_REJECTION,
+                toolCall,
+                correlationId,
+                reason: 'Policy denied execution',
+                serverName,
+            });
+            return false;
+        }
+        return new Promise((resolve) => {
+            const timeout = setTimeout(() => {
+                unsubscribe();
+                resolve(false);
+            }, 300000);
+            const unsubscribe = this.subscribe(MessageBusType.TOOL_CONFIRMATION_RESPONSE, (response) => {
+                if (response.correlationId === correlationId) {
+                    clearTimeout(timeout);
+                    unsubscribe();
+                    let resolvedConfirmation;
+                    if (response.outcome !== undefined) {
+                        const isCancel = response.outcome === ConfirmationOutcome.Cancel;
+                        const isModify = response.outcome === ConfirmationOutcome.ModifyWithEditor;
+                        const isSuggest = response.outcome === ConfirmationOutcome.SuggestEdit;
+                        resolvedConfirmation = !isCancel && !isModify && !isSuggest;
+                    }
+                    else if (response.confirmed !== undefined) {
+                        resolvedConfirmation = response.confirmed;
+                    }
+                    else {
+                        resolvedConfirmation = false;
+                    }
+                    resolve(resolvedConfirmation);
+                }
+            });
+            this.publish({
+                type: MessageBusType.TOOL_CONFIRMATION_REQUEST,
+                toolCall,
+                correlationId,
+                serverName,
+            });
+        });
+    }
+    respondToConfirmation(correlationId, outcome, payload, requiresUserConfirmation) {
+        const confirmed = outcome !== ConfirmationOutcome.Cancel &&
+            outcome !== ConfirmationOutcome.ModifyWithEditor &&
+            outcome !== ConfirmationOutcome.SuggestEdit;
+        this.publish({
+            type: MessageBusType.TOOL_CONFIRMATION_RESPONSE,
+            correlationId,
+            outcome,
+            payload,
+            confirmed,
+            requiresUserConfirmation,
+        });
+    }
+    async requestBucketAuthConfirmation(provider, bucket, bucketIndex, totalBuckets) {
+        const correlationId = randomUUID();
+        return new Promise((resolve) => {
+            const timeout = setTimeout(() => {
+                unsubscribe();
+                resolve(false);
+            }, 300000);
+            const unsubscribe = this.subscribe(MessageBusType.BUCKET_AUTH_CONFIRMATION_RESPONSE, (response) => {
+                if (response.correlationId === correlationId) {
+                    clearTimeout(timeout);
+                    unsubscribe();
+                    resolve(response.confirmed);
+                }
+            });
+            this.publish({
+                type: MessageBusType.BUCKET_AUTH_CONFIRMATION_REQUEST,
+                correlationId,
+                provider,
+                bucket,
+                bucketIndex,
+                totalBuckets,
+            });
+        });
+    }
+    respondToBucketAuthConfirmation(correlationId, confirmed) {
+        this.publish({
+            type: MessageBusType.BUCKET_AUTH_CONFIRMATION_RESPONSE,
+            correlationId,
+            confirmed,
+        });
+    }
+    removeAllListeners() {
+        this.emitter.removeAllListeners();
+    }
+    listenerCount(type) {
+        return this.emitter.listenerCount(type);
+    }
+}
+//# sourceMappingURL=message-bus.js.map

package/dist/src/confirmation-bus/message-bus.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"message-bus.js","sourceRoot":"","sources":["../../../src/confirmation-bus/message-bus.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EACL,mBAAmB,EACnB,cAAc,GAMf,MAAM,YAAY,CAAC;AAYpB;;;GAGG;AACH,MAAM,OAAO,UAAU;IACJ,OAAO,CAAe;IACtB,YAAY,CAAe;IAC3B,SAAS,CAAU;IACnB,MAAM,CAAgB;IAEvC,YACE,YAA2B,EAC3B,SAAS,GAAG,KAAK,EACjB,MAAqB;QAErB,IAAI,CAAC,OAAO,GAAG,IAAI,YAAY,EAAE,CAAC;QAClC,IAAI,CAAC,YAAY,GAAG,YAAY,IAAI,IAAI,YAAY,EAAE,CAAC;QACvD,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;IACnC,CAAC;IAED,OAAO,CAAC,OAA0B;QAChC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,4BAA4B,OAAO,CAAC,IAAI,EAAE,EAAE,OAAO,CAAC,CAAC;QACxE,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED,SAAS,CACP,IAAoB,EACpB,OAA0B;QAE1B,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,OAAyB,CAAC,CAAC;QAEjD,OAAO,GAAG,EAAE;YACV,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,OAAyB,CAAC,CAAC;QACpD,CAAC,CAAC;IACJ,CAAC;IAED,WAAW,CACT,IAAoB,EACpB,OAA0B;QAE1B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,OAAyB,CAAC,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,QAA4B,EAC5B,IAA6B,EAC7B,UAAmB;QAEnB,MAAM,aAAa,GAAG,UAAU,EAAE,CAAC;QAEnC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,CACzC,QAAQ,CAAC,IAAI,EACb,IAAI,EACJ,UAAU,CACX,CAAC;QAEF,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,IAAI,CAAC,MAAM,EAAE,GAAG,CACd,oCAAoC,QAAQ,CAAC,IAAI,KAAK,QAAQ,EAAE,CACjE,CAAC;QACJ,CAAC;QAED,IAAI,QAAQ,KAAK,cAAc,CAAC,KAAK,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,QAAQ,KAAK,cAAc,CAAC,IAAI,EAAE,CAAC;YACrC,IAAI,CAAC,OAAO,CAAC;gBACX,IAAI,EAAE,cAAc,CAAC,qBAAqB;gBAC1C,QAAQ;gBACR,aAAa;gBACb,MAAM,EAAE,yBAAyB;gBACjC,UAAU;aACX,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,OAAO,CAAU,CAAC,OAAO,EAAE,EAAE;YACtC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC9B,WAAW,EAAE,CAAC;gBACd,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC,EAAE,MAAM,CAAC,CAAC;YAEX,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAChC,cAAc,CAAC,0BAA0B,EACzC,CAAC,QAAQ,EAAE,EAAE;gBACX,IAAI,QAAQ,CAAC,aAAa,KAAK,aAAa,EAAE,CAAC;oBAC7C,YAAY,CAAC,OAAO,CAAC,CAAC;oBACtB,WAAW,EAAE,CAAC;oBACd,IAAI,oBAA6B,CAAC;oBAClC,IAAI,QAAQ,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;wBACnC,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,KAAK,mBAAmB,CAAC,MAAM,CAAC;wBACjE,MAAM,QAAQ,GACZ,QAAQ,CAAC,OAAO,KAAK,mBAAmB,CAAC,gBAAgB,CAAC;wBAC5D,MAAM,SAAS,GACb,QAAQ,CAAC,OAAO,KAAK,mBAAmB,CAAC,WAAW,CAAC;wBACvD,oBAAoB,GAAG,CAAC,QAAQ,IAAI,CAAC,QAAQ,IAAI,CAAC,SAAS,CAAC;oBAC9D,CAAC;yBAAM,IAAI,QAAQ,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;wBAC5C,oBAAoB,GAAG,QAAQ,CAAC,SAAS,CAAC;oBAC5C,CAAC;yBAAM,CAAC;wBACN,oBAAoB,GAAG,KAAK,CAAC;oBAC/B,CAAC;oBACD,OAAO,CAAC,oBAAoB,CAAC,CAAC;gBAChC,CAAC;YACH,CAAC,CACF,CAAC;YAEF,IAAI,CAAC,OAAO,CAAC;gBACX,IAAI,EAAE,cAAc,CAAC,yBAAyB;gBAC9C,QAAQ;gBACR,aAAa;gBACb,UAAU;aACX,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,qBAAqB,CACnB,aAAqB,EACrB,OAA4B,EAC5B,OAA6B,EAC7B,wBAAkC;QAElC,MAAM,SAAS,GACb,OAAO,KAAK,mBAAmB,CAAC,MAAM;YACtC,OAAO,KAAK,mBAAmB,CAAC,gBAAgB;YAChD,OAAO,KAAK,mBAAmB,CAAC,WAAW,CAAC;QAC9C,IAAI,CAAC,OAAO,CAAC;YACX,IAAI,EAAE,cAAc,CAAC,0BAA0B;YAC/C,aAAa;YACb,OAAO;YACP,OAAO;YACP,SAAS;YACT,wBAAwB;SACzB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,6BAA6B,CACjC,QAAgB,EAChB,MAAc,EACd,WAAmB,EACnB,YAAoB;QAEpB,MAAM,aAAa,GAAG,UAAU,EAAE,CAAC;QAEnC,OAAO,IAAI,OAAO,CAAU,CAAC,OAAO,EAAE,EAAE;YACtC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC9B,WAAW,EAAE,CAAC;gBACd,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC,EAAE,MAAM,CAAC,CAAC;YAEX,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAChC,cAAc,CAAC,iCAAiC,EAChD,CAAC,QAAQ,EAAE,EAAE;gBACX,IAAI,QAAQ,CAAC,aAAa,KAAK,aAAa,EAAE,CAAC;oBAC7C,YAAY,CAAC,OAAO,CAAC,CAAC;oBACtB,WAAW,EAAE,CAAC;oBACd,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;gBAC9B,CAAC;YACH,CAAC,CACF,CAAC;YAEF,IAAI,CAAC,OAAO,CAAC;gBACX,IAAI,EAAE,cAAc,CAAC,gCAAgC;gBACrD,aAAa;gBACb,QAAQ;gBACR,MAAM;gBACN,WAAW;gBACX,YAAY;aACb,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,+BAA+B,CAC7B,aAAqB,EACrB,SAAkB;QAElB,IAAI,CAAC,OAAO,CAAC;YACX,IAAI,EAAE,cAAc,CAAC,iCAAiC;YACtD,aAAa;YACb,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED,kBAAkB;QAChB,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC;IACpC,CAAC;IAED,aAAa,CAAC,IAAoB;QAChC,OAAO,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;IAC1C,CAAC;CACF"}

package/dist/src/confirmation-bus/types.d.ts

@@ -0,0 +1,180 @@
+export declare enum MessageBusType {
+    TOOL_CONFIRMATION_REQUEST = "tool-confirmation-request",
+    TOOL_CONFIRMATION_RESPONSE = "tool-confirmation-response",
+    TOOL_POLICY_REJECTION = "tool-policy-rejection",
+    TOOL_EXECUTION_SUCCESS = "tool-execution-success",
+    TOOL_EXECUTION_FAILURE = "tool-execution-failure",
+    UPDATE_POLICY = "update-policy",
+    BUCKET_AUTH_CONFIRMATION_REQUEST = "bucket-auth-confirmation-request",
+    BUCKET_AUTH_CONFIRMATION_RESPONSE = "bucket-auth-confirmation-response",
+    HOOK_EXECUTION_REQUEST = "HOOK_EXECUTION_REQUEST",
+    HOOK_EXECUTION_RESPONSE = "HOOK_EXECUTION_RESPONSE",
+    TOOL_CALLS_UPDATE = "tool-calls-update"
+}
+export interface PolicyFunctionCall {
+    id?: string;
+    name?: string;
+    args?: Record<string, unknown>;
+}
+export interface PolicyToolCallState {
+    id?: string;
+    name?: string;
+    status?: string;
+    [key: string]: unknown;
+}
+export interface ToolCallsUpdateMessage<T = unknown> {
+    type: MessageBusType.TOOL_CALLS_UPDATE;
+    readonly toolCalls: readonly T[];
+}
+/**
+ * Confirmation outcome enum. Declared as `ToolConfirmationOutcome` so its
+ * declaration name matches the structurally-identical enum declared in the
+ * telemetry package. TypeScript keys cross-module enum assignability off the
+ * declaration name, so sharing the name keeps telemetry event construction
+ * (e.g. `new ToolCallEvent(completedToolCall)`) compatible across packages.
+ *
+ * `ConfirmationOutcome` is exported as a value+type alias for the policy
+ * package's public API and internal references.
+ */
+export declare enum ToolConfirmationOutcome {
+    ProceedOnce = "proceed_once",
+    ProceedAlways = "proceed_always",
+    ProceedAlwaysAndSave = "proceed_always_and_save",
+    ProceedAlwaysServer = "proceed_always_server",
+    ProceedAlwaysTool = "proceed_always_tool",
+    ModifyWithEditor = "modify_with_editor",
+    SuggestEdit = "suggest_edit",
+    Cancel = "cancel"
+}
+export declare const ConfirmationOutcome: typeof ToolConfirmationOutcome;
+export type ConfirmationOutcome = ToolConfirmationOutcome;
+export interface ConfirmationPayload {
+    /**
+     * Used to override modified proposed content for modifiable tools in the
+     * inline modify flow.
+     */
+    newContent?: string;
+    /**
+     * Used to override command text for shell-like tool confirmations.
+     */
+    editedCommand?: string;
+}
+/**
+ * Data-only versions of ToolCallConfirmationDetails for bus transmission.
+ */
+export type SerializableConfirmationDetails = {
+    type: 'info';
+    title: string;
+    prompt: string;
+    urls?: string[];
+} | {
+    type: 'edit';
+    title: string;
+    fileName: string;
+    filePath: string;
+    fileDiff: string;
+    originalContent: string | null;
+    newContent: string;
+} | {
+    type: 'exec';
+    title: string;
+    command: string;
+    rootCommand: string;
+    rootCommands: string[];
+} | {
+    type: 'mcp';
+    title: string;
+    serverName: string;
+    toolName: string;
+    toolDisplayName: string;
+};
+export interface ToolConfirmationRequest {
+    type: MessageBusType.TOOL_CONFIRMATION_REQUEST;
+    toolCall: PolicyFunctionCall;
+    correlationId: string;
+    serverName?: string;
+    /**
+     * Optional rich details for the confirmation UI (diffs, counts, etc.)
+     */
+    details?: SerializableConfirmationDetails;
+}
+export interface ToolConfirmationResponse {
+    type: MessageBusType.TOOL_CONFIRMATION_RESPONSE;
+    correlationId: string;
+    /**
+     * Complete enum outcome preferred for consumers. When omitted, fall back to
+     * the legacy `confirmed` boolean semantics.
+     */
+    outcome?: ConfirmationOutcome;
+    /**
+     * Optional payload used by inline modify flows.
+     */
+    payload?: ConfirmationPayload;
+    /**
+     * Legacy flag maintained for compatibility. New publishers should send a
+     * concrete outcome instead.
+     */
+    confirmed?: boolean;
+    requiresUserConfirmation?: boolean;
+}
+export interface ToolPolicyRejection {
+    type: MessageBusType.TOOL_POLICY_REJECTION;
+    toolCall: PolicyFunctionCall;
+    correlationId: string;
+    reason: string;
+    serverName?: string;
+}
+export interface ToolExecutionSuccess {
+    type: MessageBusType.TOOL_EXECUTION_SUCCESS;
+    toolCall: PolicyFunctionCall;
+    correlationId: string;
+    result: unknown;
+}
+export interface ToolExecutionFailure {
+    type: MessageBusType.TOOL_EXECUTION_FAILURE;
+    toolCall: PolicyFunctionCall;
+    correlationId: string;
+    error: Error;
+}
+export interface UpdatePolicy {
+    type: MessageBusType.UPDATE_POLICY;
+    toolName: string;
+    persist?: boolean;
+    argsPattern?: string;
+    commandPrefix?: string | string[];
+    mcpName?: string;
+}
+/**
+ * Request to confirm OAuth bucket authentication
+ */
+export interface BucketAuthConfirmationRequest {
+    type: MessageBusType.BUCKET_AUTH_CONFIRMATION_REQUEST;
+    correlationId: string;
+    provider: string;
+    bucket: string;
+    bucketIndex: number;
+    totalBuckets: number;
+}
+/**
+ * Response to bucket auth confirmation request
+ */
+export interface BucketAuthConfirmationResponse {
+    type: MessageBusType.BUCKET_AUTH_CONFIRMATION_RESPONSE;
+    correlationId: string;
+    confirmed: boolean;
+}
+export interface HookExecutionRequest {
+    type: MessageBusType.HOOK_EXECUTION_REQUEST;
+    payload: {
+        eventName: string;
+        correlationId: string;
+    };
+}
+export interface HookExecutionResponse {
+    type: MessageBusType.HOOK_EXECUTION_RESPONSE;
+    payload: {
+        correlationId: string;
+    };
+}
+export type MessageBusMessage<TToolCall = unknown> = ToolConfirmationRequest | ToolConfirmationResponse | ToolPolicyRejection | ToolExecutionSuccess | ToolExecutionFailure | UpdatePolicy | BucketAuthConfirmationRequest | BucketAuthConfirmationResponse | HookExecutionRequest | HookExecutionResponse | ToolCallsUpdateMessage<TToolCall>;
+export type ToolConfirmationPayload = ConfirmationPayload;

package/dist/src/confirmation-bus/types.js

@@ -0,0 +1,37 @@
+export var MessageBusType;
+(function (MessageBusType) {
+    MessageBusType["TOOL_CONFIRMATION_REQUEST"] = "tool-confirmation-request";
+    MessageBusType["TOOL_CONFIRMATION_RESPONSE"] = "tool-confirmation-response";
+    MessageBusType["TOOL_POLICY_REJECTION"] = "tool-policy-rejection";
+    MessageBusType["TOOL_EXECUTION_SUCCESS"] = "tool-execution-success";
+    MessageBusType["TOOL_EXECUTION_FAILURE"] = "tool-execution-failure";
+    MessageBusType["UPDATE_POLICY"] = "update-policy";
+    MessageBusType["BUCKET_AUTH_CONFIRMATION_REQUEST"] = "bucket-auth-confirmation-request";
+    MessageBusType["BUCKET_AUTH_CONFIRMATION_RESPONSE"] = "bucket-auth-confirmation-response";
+    MessageBusType["HOOK_EXECUTION_REQUEST"] = "HOOK_EXECUTION_REQUEST";
+    MessageBusType["HOOK_EXECUTION_RESPONSE"] = "HOOK_EXECUTION_RESPONSE";
+    MessageBusType["TOOL_CALLS_UPDATE"] = "tool-calls-update";
+})(MessageBusType || (MessageBusType = {}));
+/**
+ * Confirmation outcome enum. Declared as `ToolConfirmationOutcome` so its
+ * declaration name matches the structurally-identical enum declared in the
+ * telemetry package. TypeScript keys cross-module enum assignability off the
+ * declaration name, so sharing the name keeps telemetry event construction
+ * (e.g. `new ToolCallEvent(completedToolCall)`) compatible across packages.
+ *
+ * `ConfirmationOutcome` is exported as a value+type alias for the policy
+ * package's public API and internal references.
+ */
+export var ToolConfirmationOutcome;
+(function (ToolConfirmationOutcome) {
+    ToolConfirmationOutcome["ProceedOnce"] = "proceed_once";
+    ToolConfirmationOutcome["ProceedAlways"] = "proceed_always";
+    ToolConfirmationOutcome["ProceedAlwaysAndSave"] = "proceed_always_and_save";
+    ToolConfirmationOutcome["ProceedAlwaysServer"] = "proceed_always_server";
+    ToolConfirmationOutcome["ProceedAlwaysTool"] = "proceed_always_tool";
+    ToolConfirmationOutcome["ModifyWithEditor"] = "modify_with_editor";
+    ToolConfirmationOutcome["SuggestEdit"] = "suggest_edit";
+    ToolConfirmationOutcome["Cancel"] = "cancel";
+})(ToolConfirmationOutcome || (ToolConfirmationOutcome = {}));
+export const ConfirmationOutcome = ToolConfirmationOutcome;
+//# sourceMappingURL=types.js.map

package/dist/src/confirmation-bus/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/confirmation-bus/types.ts"],"names":[],"mappings":"AAAA,MAAM,CAAN,IAAY,cAYX;AAZD,WAAY,cAAc;IACxB,yEAAuD,CAAA;IACvD,2EAAyD,CAAA;IACzD,iEAA+C,CAAA;IAC/C,mEAAiD,CAAA;IACjD,mEAAiD,CAAA;IACjD,iDAA+B,CAAA;IAC/B,uFAAqE,CAAA;IACrE,yFAAuE,CAAA;IACvE,mEAAiD,CAAA;IACjD,qEAAmD,CAAA;IACnD,yDAAuC,CAAA;AACzC,CAAC,EAZW,cAAc,KAAd,cAAc,QAYzB;AAoBD;;;;;;;;;GASG;AACH,MAAM,CAAN,IAAY,uBASX;AATD,WAAY,uBAAuB;IACjC,uDAA4B,CAAA;IAC5B,2DAAgC,CAAA;IAChC,2EAAgD,CAAA;IAChD,wEAA6C,CAAA;IAC7C,oEAAyC,CAAA;IACzC,kEAAuC,CAAA;IACvC,uDAA4B,CAAA;IAC5B,4CAAiB,CAAA;AACnB,CAAC,EATW,uBAAuB,KAAvB,uBAAuB,QASlC;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG,uBAAuB,CAAC"}

package/dist/src/index.d.ts

@@ -0,0 +1,11 @@
+export { PolicyDecision, ApprovalMode } from './types.js';
+export type { PolicyEngineConfig, PolicyRule, PolicySettings, } from './types.js';
+export { PolicyEngine } from './policy-engine.js';
+export { stableStringify, stableParse } from './stable-stringify.js';
+export { loadPoliciesFromToml, loadPolicyFromToml, loadDefaultPolicies, } from './toml-loader.js';
+export type { PolicyFileError, PolicyFileErrorType, PolicyLoadResult, } from './toml-loader.js';
+export { buildArgsPatterns, escapeRegex } from './utils.js';
+export { DEFAULT_CORE_POLICIES_DIR, DEFAULT_POLICY_TIER, USER_POLICY_TIER, ADMIN_POLICY_TIER, getPolicyDirectories, getPolicyTier, formatPolicyError, migrateLegacyApprovalMode, } from './config.js';
+export type { PolicyConfigSource, PolicyPathResolver } from './config.js';
+export { MessageBus, MessageBusType, ConfirmationOutcome, ToolConfirmationOutcome, } from './confirmation-bus/index.js';
+export type { PolicyLogger, ConfirmationPayload, PolicyFunctionCall, PolicyToolCallState, SerializableConfirmationDetails, ToolCallsUpdateMessage, ToolConfirmationRequest, ToolConfirmationResponse, ToolPolicyRejection, ToolExecutionSuccess, ToolExecutionFailure, UpdatePolicy, BucketAuthConfirmationRequest, BucketAuthConfirmationResponse, HookExecutionRequest, HookExecutionResponse, MessageBusMessage, ToolConfirmationPayload, } from './confirmation-bus/index.js';

package/dist/src/index.js

@@ -0,0 +1,8 @@
+export { PolicyDecision, ApprovalMode } from './types.js';
+export { PolicyEngine } from './policy-engine.js';
+export { stableStringify, stableParse } from './stable-stringify.js';
+export { loadPoliciesFromToml, loadPolicyFromToml, loadDefaultPolicies, } from './toml-loader.js';
+export { buildArgsPatterns, escapeRegex } from './utils.js';
+export { DEFAULT_CORE_POLICIES_DIR, DEFAULT_POLICY_TIER, USER_POLICY_TIER, ADMIN_POLICY_TIER, getPolicyDirectories, getPolicyTier, formatPolicyError, migrateLegacyApprovalMode, } from './config.js';
+export { MessageBus, MessageBusType, ConfirmationOutcome, ToolConfirmationOutcome, } from './confirmation-bus/index.js';
+//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAM1D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACrE,OAAO,EACL,oBAAoB,EACpB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,kBAAkB,CAAC;AAM1B,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC5D,OAAO,EACL,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,EACpB,aAAa,EACb,iBAAiB,EACjB,yBAAyB,GAC1B,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,6BAA6B,CAAC"}

package/dist/src/policies/discovered.toml

@@ -0,0 +1,9 @@
+# Default policy for discovered tools (MCP, extensions, etc.)
+# Priority band: 10 (Tier 1 - Default: 1.010 after transformation)
+# Discovered tools require user confirmation unless explicitly trusted
+
+[[rule]]
+# Match all discovered tools (tools with discovered_tool_ prefix will be added by ToolRegistry)
+toolName = "discovered_tool_*"
+decision = "ask_user"
+priority = 10