@zincapp/znvault-cli 2.19.0 → 2.19.1

package/dist/commands/policy/index.js

@@ -0,0 +1,160 @@
+// Path: src/commands/policy/index.ts
+import { listPolicies, getPolicy } from './list.js';
+import { createPolicy, updatePolicy, deletePolicy, enablePolicy, disablePolicy, validatePolicy } from './crud.js';
+import { showAttachments, attachPolicyToUser, attachPolicyToRole, detachPolicyFromUser, detachPolicyFromRole, listUserPolicies, listRolePolicies, } from './attachments.js';
+import { testPolicy } from './test.js';
+import { exportPolicy, importPolicy } from './io.js';
+// Re-export types
+export * from './types.js';
+export function registerPolicyCommands(program) {
+    const policy = program
+        .command('policy')
+        .description('ABAC policy management commands');
+    // ============ List Policies ============
+    policy
+        .command('list')
+        .description('List ABAC policies')
+        .option('--tenant <id>', 'Filter by tenant ID (superadmin only)')
+        .option('--enabled', 'Show only enabled policies')
+        .option('--disabled', 'Show only disabled policies')
+        .option('--effect <effect>', 'Filter by effect (allow|deny)')
+        .option('--search <term>', 'Search by name or description')
+        .option('--json', 'Output as JSON')
+        .action(listPolicies);
+    // ============ Get Policy ============
+    policy
+        .command('get <id>')
+        .description('Get policy details')
+        .option('--json', 'Output as JSON')
+        .action(getPolicy);
+    // ============ Create Policy ============
+    policy
+        .command('create')
+        .description('Create a new ABAC policy')
+        .requiredOption('--name <name>', 'Policy name')
+        .requiredOption('--effect <effect>', 'Policy effect (allow|deny)')
+        .requiredOption('--actions <actions>', 'Comma-separated list of actions (e.g., secret:read:value,secret:update)')
+        .option('--description <desc>', 'Policy description')
+        .option('--priority <num>', 'Priority (higher = evaluated first)', '0')
+        .option('--tenant <id>', 'Tenant ID (omit for global policy)')
+        .option('--resources <json>', 'Resources JSON array')
+        .option('--conditions <json>', 'Conditions JSON array')
+        .option('--from-file <path>', 'Load policy definition from JSON file')
+        .option('--json', 'Output as JSON')
+        .action(createPolicy);
+    // ============ Update Policy ============
+    policy
+        .command('update <id>')
+        .description('Update an ABAC policy')
+        .option('--name <name>', 'New policy name')
+        .option('--description <desc>', 'New description')
+        .option('--effect <effect>', 'New effect (allow|deny)')
+        .option('--actions <actions>', 'New comma-separated list of actions')
+        .option('--priority <num>', 'New priority')
+        .option('--resources <json>', 'New resources JSON array')
+        .option('--conditions <json>', 'New conditions JSON array')
+        .option('--from-file <path>', 'Load updates from JSON file')
+        .option('--json', 'Output as JSON')
+        .action(updatePolicy);
+    // ============ Delete Policy ============
+    policy
+        .command('delete <id>')
+        .description('Delete an ABAC policy')
+        .option('-y, --yes', 'Skip confirmation')
+        .option('--json', 'Output as JSON')
+        .action(deletePolicy);
+    // ============ Enable Policy ============
+    policy
+        .command('enable <id>')
+        .description('Enable an ABAC policy')
+        .option('--json', 'Output as JSON')
+        .action(enablePolicy);
+    // ============ Disable Policy ============
+    policy
+        .command('disable <id>')
+        .description('Disable an ABAC policy')
+        .option('--json', 'Output as JSON')
+        .action(disablePolicy);
+    // ============ Validate Policy ============
+    policy
+        .command('validate')
+        .description('Validate a policy definition without creating it')
+        .requiredOption('--name <name>', 'Policy name')
+        .requiredOption('--effect <effect>', 'Policy effect (allow|deny)')
+        .requiredOption('--actions <actions>', 'Comma-separated list of actions')
+        .option('--description <desc>', 'Policy description')
+        .option('--priority <num>', 'Priority', '0')
+        .option('--resources <json>', 'Resources JSON array')
+        .option('--conditions <json>', 'Conditions JSON array')
+        .option('--from-file <path>', 'Load policy from JSON file')
+        .action(validatePolicy);
+    // ============ Show Policy Attachments ============
+    policy
+        .command('attachments <id>')
+        .description('Show users and roles attached to a policy')
+        .option('--json', 'Output as JSON')
+        .action(showAttachments);
+    // ============ Attach Policy to User ============
+    policy
+        .command('attach-user <policyId> <userId>')
+        .description('Attach a policy to a user')
+        .option('--json', 'Output as JSON')
+        .action(attachPolicyToUser);
+    // ============ Attach Policy to Role ============
+    policy
+        .command('attach-role <policyId> <roleId>')
+        .description('Attach a policy to a role')
+        .option('--json', 'Output as JSON')
+        .action(attachPolicyToRole);
+    // ============ Detach Policy from User ============
+    policy
+        .command('detach-user <policyId> <userId>')
+        .description('Detach a policy from a user')
+        .option('--json', 'Output as JSON')
+        .action(detachPolicyFromUser);
+    // ============ Detach Policy from Role ============
+    policy
+        .command('detach-role <policyId> <roleId>')
+        .description('Detach a policy from a role')
+        .option('--json', 'Output as JSON')
+        .action(detachPolicyFromRole);
+    // ============ List User's Policies ============
+    policy
+        .command('user-policies <userId>')
+        .description('List policies attached to a user (directly or via roles)')
+        .option('--json', 'Output as JSON')
+        .action(listUserPolicies);
+    // ============ List Role's Policies ============
+    policy
+        .command('role-policies <roleId>')
+        .description('List policies attached to a role')
+        .option('--json', 'Output as JSON')
+        .action(listRolePolicies);
+    // ============ Test Policy Evaluation ============
+    policy
+        .command('test')
+        .description('Test ABAC policy evaluation for a user and action')
+        .requiredOption('--user <userId>', 'User ID to test')
+        .requiredOption('--action <action>', 'Action to test (e.g., secret:read:value)')
+        .option('--resource-type <type>', 'Resource type (secret|kms_key|certificate|...)')
+        .option('--resource-id <id>', 'Resource ID')
+        .option('--resource-tenant <id>', 'Resource tenant ID')
+        .option('--ip <ip>', 'Simulated client IP address')
+        .option('--mfa', 'Simulate MFA verified')
+        .option('--json', 'Output as JSON')
+        .action(testPolicy);
+    // ============ Export Policy ============
+    policy
+        .command('export <id>')
+        .description('Export a policy as JSON')
+        .option('-o, --output <path>', 'Output file path')
+        .action(exportPolicy);
+    // ============ Import Policy ============
+    policy
+        .command('import <path>')
+        .description('Import a policy from JSON file')
+        .option('--tenant <id>', 'Override tenant ID')
+        .option('--json', 'Output as JSON')
+        .action(importPolicy);
+}
+//# sourceMappingURL=index.js.map

package/dist/commands/policy/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/policy/index.ts"],"names":[],"mappings":"AAAA,qCAAqC;AAOrC,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAClH,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAErD,kBAAkB;AAClB,cAAc,YAAY,CAAC;AAE3B,MAAM,UAAU,sBAAsB,CAAC,OAAgB;IACrD,MAAM,MAAM,GAAG,OAAO;SACnB,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,iCAAiC,CAAC,CAAC;IAElD,0CAA0C;IAC1C,MAAM;SACH,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,oBAAoB,CAAC;SACjC,MAAM,CAAC,eAAe,EAAE,uCAAuC,CAAC;SAChE,MAAM,CAAC,WAAW,EAAE,4BAA4B,CAAC;SACjD,MAAM,CAAC,YAAY,EAAE,6BAA6B,CAAC;SACnD,MAAM,CAAC,mBAAmB,EAAE,+BAA+B,CAAC;SAC5D,MAAM,CAAC,iBAAiB,EAAE,+BAA+B,CAAC;SAC1D,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,YAAY,CAAC,CAAC;IAExB,uCAAuC;IACvC,MAAM;SACH,OAAO,CAAC,UAAU,CAAC;SACnB,WAAW,CAAC,oBAAoB,CAAC;SACjC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,SAAS,CAAC,CAAC;IAErB,0CAA0C;IAC1C,MAAM;SACH,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,0BAA0B,CAAC;SACvC,cAAc,CAAC,eAAe,EAAE,aAAa,CAAC;SAC9C,cAAc,CAAC,mBAAmB,EAAE,4BAA4B,CAAC;SACjE,cAAc,CAAC,qBAAqB,EAAE,yEAAyE,CAAC;SAChH,MAAM,CAAC,sBAAsB,EAAE,oBAAoB,CAAC;SACpD,MAAM,CAAC,kBAAkB,EAAE,qCAAqC,EAAE,GAAG,CAAC;SACtE,MAAM,CAAC,eAAe,EAAE,oCAAoC,CAAC;SAC7D,MAAM,CAAC,oBAAoB,EAAE,sBAAsB,CAAC;SACpD,MAAM,CAAC,qBAAqB,EAAE,uBAAuB,CAAC;SACtD,MAAM,CAAC,oBAAoB,EAAE,uCAAuC,CAAC;SACrE,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,YAAY,CAAC,CAAC;IAExB,0CAA0C;IAC1C,MAAM;SACH,OAAO,CAAC,aAAa,CAAC;SACtB,WAAW,CAAC,uBAAuB,CAAC;SACpC,MAAM,CAAC,eAAe,EAAE,iBAAiB,CAAC;SAC1C,MAAM,CAAC,sBAAsB,EAAE,iBAAiB,CAAC;SACjD,MAAM,CAAC,mBAAmB,EAAE,yBAAyB,CAAC;SACtD,MAAM,CAAC,qBAAqB,EAAE,qCAAqC,CAAC;SACpE,MAAM,CAAC,kBAAkB,EAAE,cAAc,CAAC;SAC1C,MAAM,CAAC,oBAAoB,EAAE,0BAA0B,CAAC;SACxD,MAAM,CAAC,qBAAqB,EAAE,2BAA2B,CAAC;SAC1D,MAAM,CAAC,oBAAoB,EAAE,6BAA6B,CAAC;SAC3D,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,YAAY,CAAC,CAAC;IAExB,0CAA0C;IAC1C,MAAM;SACH,OAAO,CAAC,aAAa,CAAC;SACtB,WAAW,CAAC,uBAAuB,CAAC;SACpC,MAAM,CAAC,WAAW,EAAE,mBAAmB,CAAC;SACxC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,YAAY,CAAC,CAAC;IAExB,0CAA0C;IAC1C,MAAM;SACH,OAAO,CAAC,aAAa,CAAC;SACtB,WAAW,CAAC,uBAAuB,CAAC;SACpC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,YAAY,CAAC,CAAC;IAExB,2CAA2C;IAC3C,MAAM;SACH,OAAO,CAAC,cAAc,CAAC;SACvB,WAAW,CAAC,wBAAwB,CAAC;SACrC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,aAAa,CAAC,CAAC;IAEzB,4CAA4C;IAC5C,MAAM;SACH,OAAO,CAAC,UAAU,CAAC;SACnB,WAAW,CAAC,kDAAkD,CAAC;SAC/D,cAAc,CAAC,eAAe,EAAE,aAAa,CAAC;SAC9C,cAAc,CAAC,mBAAmB,EAAE,4BAA4B,CAAC;SACjE,cAAc,CAAC,qBAAqB,EAAE,iCAAiC,CAAC;SACxE,MAAM,CAAC,sBAAsB,EAAE,oBAAoB,CAAC;SACpD,MAAM,CAAC,kBAAkB,EAAE,UAAU,EAAE,GAAG,CAAC;SAC3C,MAAM,CAAC,oBAAoB,EAAE,sBAAsB,CAAC;SACpD,MAAM,CAAC,qBAAqB,EAAE,uBAAuB,CAAC;SACtD,MAAM,CAAC,oBAAoB,EAAE,4BAA4B,CAAC;SAC1D,MAAM,CAAC,cAAc,CAAC,CAAC;IAE1B,oDAAoD;IACpD,MAAM;SACH,OAAO,CAAC,kBAAkB,CAAC;SAC3B,WAAW,CAAC,2CAA2C,CAAC;SACxD,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,eAAe,CAAC,CAAC;IAE3B,kDAAkD;IAClD,MAAM;SACH,OAAO,CAAC,iCAAiC,CAAC;SAC1C,WAAW,CAAC,2BAA2B,CAAC;SACxC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAE9B,kDAAkD;IAClD,MAAM;SACH,OAAO,CAAC,iCAAiC,CAAC;SAC1C,WAAW,CAAC,2BAA2B,CAAC;SACxC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAE9B,oDAAoD;IACpD,MAAM;SACH,OAAO,CAAC,iCAAiC,CAAC;SAC1C,WAAW,CAAC,6BAA6B,CAAC;SAC1C,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAEhC,oDAAoD;IACpD,MAAM;SACH,OAAO,CAAC,iCAAiC,CAAC;SAC1C,WAAW,CAAC,6BAA6B,CAAC;SAC1C,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAEhC,iDAAiD;IACjD,MAAM;SACH,OAAO,CAAC,wBAAwB,CAAC;SACjC,WAAW,CAAC,0DAA0D,CAAC;SACvE,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAE5B,iDAAiD;IACjD,MAAM;SACH,OAAO,CAAC,wBAAwB,CAAC;SACjC,WAAW,CAAC,kCAAkC,CAAC;SAC/C,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAE5B,mDAAmD;IACnD,MAAM;SACH,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,mDAAmD,CAAC;SAChE,cAAc,CAAC,iBAAiB,EAAE,iBAAiB,CAAC;SACpD,cAAc,CAAC,mBAAmB,EAAE,0CAA0C,CAAC;SAC/E,MAAM,CAAC,wBAAwB,EAAE,gDAAgD,CAAC;SAClF,MAAM,CAAC,oBAAoB,EAAE,aAAa,CAAC;SAC3C,MAAM,CAAC,wBAAwB,EAAE,oBAAoB,CAAC;SACtD,MAAM,CAAC,WAAW,EAAE,6BAA6B,CAAC;SAClD,MAAM,CAAC,OAAO,EAAE,uBAAuB,CAAC;SACxC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,UAAU,CAAC,CAAC;IAEtB,0CAA0C;IAC1C,MAAM;SACH,OAAO,CAAC,aAAa,CAAC;SACtB,WAAW,CAAC,yBAAyB,CAAC;SACtC,MAAM,CAAC,qBAAqB,EAAE,kBAAkB,CAAC;SACjD,MAAM,CAAC,YAAY,CAAC,CAAC;IAExB,0CAA0C;IAC1C,MAAM;SACH,OAAO,CAAC,eAAe,CAAC;SACxB,WAAW,CAAC,gCAAgC,CAAC;SAC7C,MAAM,CAAC,eAAe,EAAE,oBAAoB,CAAC;SAC7C,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;SAClC,MAAM,CAAC,YAAY,CAAC,CAAC;AAC1B,CAAC"}

package/dist/commands/policy/io.d.ts

@@ -0,0 +1,4 @@
+import type { PolicyExportOptions, PolicyImportOptions } from './types.js';
+export declare function exportPolicy(id: string, options: PolicyExportOptions): Promise<void>;
+export declare function importPolicy(path: string, options: PolicyImportOptions): Promise<void>;
+//# sourceMappingURL=io.d.ts.map

package/dist/commands/policy/io.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"io.d.ts","sourceRoot":"","sources":["../../../src/commands/policy/io.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAG3E,wBAAsB,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CA8B1F;AAED,wBAAsB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CA4B5F"}

package/dist/commands/policy/io.js

@@ -0,0 +1,65 @@
+// Path: src/commands/policy/io.ts
+/**
+ * Policy import/export commands
+ */
+import ora from 'ora';
+import { client } from '../../lib/client.js';
+import * as output from '../../lib/output.js';
+import { safeReadFile, safeParseJson, safeWriteFile } from './helpers.js';
+export async function exportPolicy(id, options) {
+    const spinner = ora('Exporting policy...').start();
+    try {
+        const result = await client.getPolicy(id);
+        spinner.stop();
+        const exportData = {
+            name: result.name,
+            description: result.description,
+            effect: result.effect,
+            actions: result.actions,
+            resources: result.resources,
+            conditions: result.conditions,
+            priority: result.priority,
+        };
+        const jsonString = JSON.stringify(exportData, null, 2);
+        if (options.output) {
+            safeWriteFile(options.output, jsonString);
+            output.success(`Policy exported to ${options.output}`);
+        }
+        else {
+            console.log(jsonString);
+        }
+    }
+    catch (err) {
+        spinner.fail('Failed to export policy');
+        output.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+}
+export async function importPolicy(path, options) {
+    try {
+        const content = safeReadFile(path);
+        const policyData = safeParseJson(content, path);
+        if (options.tenant) {
+            policyData.tenantId = options.tenant;
+        }
+        const spinner = ora('Importing policy...').start();
+        const result = await client.createPolicy(policyData);
+        spinner.succeed('Policy imported successfully');
+        if (options.json) {
+            output.json(result);
+        }
+        else {
+            output.keyValue({
+                'ID': result.id,
+                'Name': result.name,
+                'Effect': result.effect.toUpperCase(),
+                'Status': result.isActive ? 'Enabled' : 'Disabled',
+            });
+        }
+    }
+    catch (err) {
+        output.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=io.js.map

package/dist/commands/policy/io.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"io.js","sourceRoot":"","sources":["../../../src/commands/policy/io.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAElC;;GAEG;AAEH,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC7C,OAAO,KAAK,MAAM,MAAM,qBAAqB,CAAC;AAG9C,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAE1E,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EAAU,EAAE,OAA4B;IACzE,MAAM,OAAO,GAAG,GAAG,CAAC,qBAAqB,CAAC,CAAC,KAAK,EAAE,CAAC;IAEnD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAC1C,OAAO,CAAC,IAAI,EAAE,CAAC;QAEf,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC1B,CAAC;QAEF,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAEvD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,aAAa,CAAC,OAAO,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;YAC1C,MAAM,CAAC,OAAO,CAAC,sBAAsB,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACzD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACxC,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAY,EAAE,OAA4B;IAC3E,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;QACnC,MAAM,UAAU,GAAG,aAAa,CAAoB,OAAO,EAAE,IAAI,CAAC,CAAC;QAEnE,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,UAAU,CAAC,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC;QACvC,CAAC;QAED,MAAM,OAAO,GAAG,GAAG,CAAC,qBAAqB,CAAC,CAAC,KAAK,EAAE,CAAC;QAEnD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;QACrD,OAAO,CAAC,OAAO,CAAC,8BAA8B,CAAC,CAAC;QAEhD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,QAAQ,CAAC;gBACd,IAAI,EAAE,MAAM,CAAC,EAAE;gBACf,MAAM,EAAE,MAAM,CAAC,IAAI;gBACnB,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE;gBACrC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU;aACnD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/policy/list.d.ts

@@ -0,0 +1,4 @@
+import type { PolicyListOptions, PolicyGetOptions } from './types.js';
+export declare function listPolicies(options: PolicyListOptions): Promise<void>;
+export declare function getPolicy(id: string, options: PolicyGetOptions): Promise<void>;
+//# sourceMappingURL=list.d.ts.map

package/dist/commands/policy/list.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"list.d.ts","sourceRoot":"","sources":["../../../src/commands/policy/list.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEtE,wBAAsB,YAAY,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAyC5E;AAED,wBAAsB,SAAS,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CA0DpF"}

package/dist/commands/policy/list.js

@@ -0,0 +1,99 @@
+// Path: src/commands/policy/list.ts
+/**
+ * Policy list and get commands
+ */
+import ora from 'ora';
+import { client } from '../../lib/client.js';
+import * as output from '../../lib/output.js';
+export async function listPolicies(options) {
+    const spinner = ora('Fetching policies...').start();
+    try {
+        const result = await client.listPolicies({
+            tenantId: options.tenant,
+            enabled: options.enabled ? true : options.disabled ? false : undefined,
+            effect: options.effect,
+            search: options.search,
+        });
+        spinner.stop();
+        if (options.json) {
+            output.json(result.items);
+            return;
+        }
+        if (result.items.length === 0) {
+            output.info('No policies found');
+            return;
+        }
+        output.table(['ID', 'Name', 'Effect', 'Priority', 'Actions', 'Status', 'Tenant'], result.items.map(p => [
+            p.id.substring(0, 8),
+            p.name.length > 25 ? p.name.substring(0, 22) + '...' : p.name,
+            p.effect.toUpperCase(),
+            p.priority.toString(),
+            p.actions.length > 2 ? `${p.actions.slice(0, 2).join(', ')}...` : p.actions.join(', '),
+            p.isActive ? 'Enabled' : 'Disabled',
+            p.tenantId ?? '-',
+        ]));
+        output.info(`Total: ${result.pagination.total} policy(s)${result.pagination.hasMore ? ' (more available)' : ''}`);
+    }
+    catch (err) {
+        spinner.fail('Failed to list policies');
+        output.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+}
+export async function getPolicy(id, options) {
+    const spinner = ora('Fetching policy...').start();
+    try {
+        const result = await client.getPolicy(id);
+        spinner.stop();
+        if (options.json) {
+            output.json(result);
+            return;
+        }
+        output.section('Policy Details');
+        output.keyValue({
+            'ID': result.id,
+            'Name': result.name,
+            'Description': result.description ?? '-',
+            'Effect': result.effect.toUpperCase(),
+            'Priority': result.priority.toString(),
+            'Status': result.isActive ? 'Enabled' : 'Disabled',
+            'Tenant': result.tenantId ?? 'Global',
+            'Created': output.formatDate(result.createdAt),
+            'Updated': output.formatDate(result.updatedAt),
+        });
+        console.log();
+        output.section('Actions');
+        for (const action of result.actions) {
+            console.log(`  - ${action}`);
+        }
+        if (result.resources && result.resources.length > 0) {
+            console.log();
+            output.section('Resources');
+            for (const resource of result.resources) {
+                const parts = [`type: ${resource.type}`];
+                if (resource.id)
+                    parts.push(`id: ${resource.id}`);
+                if (resource.tenantId)
+                    parts.push(`tenant: ${resource.tenantId}`);
+                if (resource.tags)
+                    parts.push(`tags: ${JSON.stringify(resource.tags)}`);
+                console.log(`  - ${parts.join(', ')}`);
+            }
+        }
+        if (result.conditions && result.conditions.length > 0) {
+            console.log();
+            output.section('Conditions');
+            for (const condition of result.conditions) {
+                const op = condition.operator ? ` ${condition.operator}` : '';
+                console.log(`  - ${condition.type}${op}: ${JSON.stringify(condition.value)}`);
+            }
+        }
+        console.log();
+    }
+    catch (err) {
+        spinner.fail('Failed to get policy');
+        output.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=list.js.map

package/dist/commands/policy/list.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"list.js","sourceRoot":"","sources":["../../../src/commands/policy/list.ts"],"names":[],"mappings":"AAAA,oCAAoC;AAEpC;;GAEG;AAEH,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC7C,OAAO,KAAK,MAAM,MAAM,qBAAqB,CAAC;AAG9C,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAA0B;IAC3D,MAAM,OAAO,GAAG,GAAG,CAAC,sBAAsB,CAAC,CAAC,KAAK,EAAE,CAAC;IAEpD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC;YACvC,QAAQ,EAAE,OAAO,CAAC,MAAM;YACxB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;YACtE,MAAM,EAAE,OAAO,CAAC,MAAsC;YACtD,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC,CAAC;QACH,OAAO,CAAC,IAAI,EAAE,CAAC;QAEf,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC1B,OAAO;QACT,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;YACjC,OAAO;QACT,CAAC;QAED,MAAM,CAAC,KAAK,CACV,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,CAAC,EACnE,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACpB,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC;YACpB,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI;YAC7D,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE;YACtB,CAAC,CAAC,QAAQ,CAAC,QAAQ,EAAE;YACrB,CAAC,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;YACtF,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU;YACnC,CAAC,CAAC,QAAQ,IAAI,GAAG;SAClB,CAAC,CACH,CAAC;QAEF,MAAM,CAAC,IAAI,CAAC,UAAU,MAAM,CAAC,UAAU,CAAC,KAAK,aAAa,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACpH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACxC,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,EAAU,EAAE,OAAyB;IACnE,MAAM,OAAO,GAAG,GAAG,CAAC,oBAAoB,CAAC,CAAC,KAAK,EAAE,CAAC;IAElD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAC1C,OAAO,CAAC,IAAI,EAAE,CAAC;QAEf,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACpB,OAAO;QACT,CAAC;QAED,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;QACjC,MAAM,CAAC,QAAQ,CAAC;YACd,IAAI,EAAE,MAAM,CAAC,EAAE;YACf,MAAM,EAAE,MAAM,CAAC,IAAI;YACnB,aAAa,EAAE,MAAM,CAAC,WAAW,IAAI,GAAG;YACxC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE;YACrC,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE;YACtC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU;YAClD,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,QAAQ;YACrC,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC;YAC9C,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC;SAC/C,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC1B,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,OAAO,MAAM,EAAE,CAAC,CAAC;QAC/B,CAAC;QAED,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpD,OAAO,CAAC,GAAG,EAAE,CAAC;YACd,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YAC5B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBACxC,MAAM,KAAK,GAAG,CAAC,SAAS,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;gBACzC,IAAI,QAAQ,CAAC,EAAE;oBAAE,KAAK,CAAC,IAAI,CAAC,OAAO,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;gBAClD,IAAI,QAAQ,CAAC,QAAQ;oBAAE,KAAK,CAAC,IAAI,CAAC,WAAW,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAClE,IAAI,QAAQ,CAAC,IAAI;oBAAE,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACxE,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtD,OAAO,CAAC,GAAG,EAAE,CAAC;YACd,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YAC7B,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;gBAC1C,MAAM,EAAE,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC9D,OAAO,CAAC,GAAG,CAAC,OAAO,SAAS,CAAC,IAAI,GAAG,EAAE,KAAK,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAChF,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACrC,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/policy/test.d.ts

@@ -0,0 +1,3 @@
+import type { PolicyTestOptions } from './types.js';
+export declare function testPolicy(options: PolicyTestOptions): Promise<void>;
+//# sourceMappingURL=test.d.ts.map

package/dist/commands/policy/test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"test.d.ts","sourceRoot":"","sources":["../../../src/commands/policy/test.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEpD,wBAAsB,UAAU,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAyD1E"}

package/dist/commands/policy/test.js

@@ -0,0 +1,58 @@
+// Path: src/commands/policy/test.ts
+/**
+ * Policy test command
+ */
+import ora from 'ora';
+import { client } from '../../lib/client.js';
+import * as output from '../../lib/output.js';
+export async function testPolicy(options) {
+    const spinner = ora('Testing policy evaluation...').start();
+    try {
+        const request = {
+            userId: options.user,
+            action: options.action,
+            resource: options.resourceType ? {
+                type: options.resourceType,
+                id: options.resourceId,
+                tenantId: options.resourceTenant,
+            } : undefined,
+            requestContext: (options.ip !== undefined || options.mfa !== undefined) ? {
+                ip: options.ip,
+                mfaVerified: options.mfa ?? false,
+            } : undefined,
+        };
+        const result = await client.testPolicy(request);
+        spinner.stop();
+        if (options.json) {
+            output.json(result);
+            return;
+        }
+        const statusIcon = result.allowed ? '[OK]' : '[X]';
+        const statusText = result.allowed ? 'ALLOWED' : 'DENIED';
+        console.log();
+        console.log(`  ${statusIcon} Access: ${statusText}`);
+        console.log(`    Effect: ${result.effect.toUpperCase()}`);
+        console.log(`    Reason: ${result.reason}`);
+        console.log();
+        output.keyValue({
+            'Policies Evaluated': result.evaluatedPolicies.toString(),
+            'Policies Matched': result.matchedPolicies.length.toString(),
+            'Evaluation Time': `${result.evaluationTimeMs}ms`,
+        });
+        if (result.matchedPolicies.length > 0) {
+            console.log();
+            output.section('Matched Policies');
+            output.table(['Name', 'Effect', 'Priority'], result.matchedPolicies.map(p => [
+                p.name,
+                p.effect.toUpperCase(),
+                p.priority.toString(),
+            ]));
+        }
+    }
+    catch (err) {
+        spinner.fail('Failed to test policy');
+        output.error(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=test.js.map

package/dist/commands/policy/test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"test.js","sourceRoot":"","sources":["../../../src/commands/policy/test.ts"],"names":[],"mappings":"AAAA,oCAAoC;AAEpC;;GAEG;AAEH,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC7C,OAAO,KAAK,MAAM,MAAM,qBAAqB,CAAC;AAG9C,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,OAA0B;IACzD,MAAM,OAAO,GAAG,GAAG,CAAC,8BAA8B,CAAC,CAAC,KAAK,EAAE,CAAC;IAE5D,IAAI,CAAC;QACH,MAAM,OAAO,GAAG;YACd,MAAM,EAAE,OAAO,CAAC,IAAI;YACpB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC;gBAC/B,IAAI,EAAE,OAAO,CAAC,YAAY;gBAC1B,EAAE,EAAE,OAAO,CAAC,UAAU;gBACtB,QAAQ,EAAE,OAAO,CAAC,cAAc;aACjC,CAAC,CAAC,CAAC,SAAS;YACb,cAAc,EAAE,CAAC,OAAO,CAAC,EAAE,KAAK,SAAS,IAAI,OAAO,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC;gBACxE,EAAE,EAAE,OAAO,CAAC,EAAE;gBACd,WAAW,EAAE,OAAO,CAAC,GAAG,IAAI,KAAK;aAClC,CAAC,CAAC,CAAC,SAAS;SACd,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAChD,OAAO,CAAC,IAAI,EAAE,CAAC;QAEf,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACpB,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QACnD,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzD,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,KAAK,UAAU,YAAY,UAAU,EAAE,CAAC,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAC5C,OAAO,CAAC,GAAG,EAAE,CAAC;QAEd,MAAM,CAAC,QAAQ,CAAC;YACd,oBAAoB,EAAE,MAAM,CAAC,iBAAiB,CAAC,QAAQ,EAAE;YACzD,kBAAkB,EAAE,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,QAAQ,EAAE;YAC5D,iBAAiB,EAAE,GAAG,MAAM,CAAC,gBAAgB,IAAI;SAClD,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtC,OAAO,CAAC,GAAG,EAAE,CAAC;YACd,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;YACnC,MAAM,CAAC,KAAK,CACV,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,EAC9B,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC9B,CAAC,CAAC,IAAI;gBACN,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE;gBACtB,CAAC,CAAC,QAAQ,CAAC,QAAQ,EAAE;aACtB,CAAC,CACH,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACtC,MAAM,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/policy/types.d.ts

@@ -0,0 +1,84 @@
+/**
+ * Type definitions for policy commands
+ */
+export interface PolicyListOptions {
+    tenant?: string;
+    enabled?: boolean;
+    disabled?: boolean;
+    effect?: string;
+    search?: string;
+    json?: boolean;
+}
+export interface PolicyGetOptions {
+    json?: boolean;
+}
+export interface PolicyCreateOptions {
+    name: string;
+    effect: string;
+    actions: string;
+    description?: string;
+    priority: string;
+    tenant?: string;
+    resources?: string;
+    conditions?: string;
+    fromFile?: string;
+    json?: boolean;
+}
+export interface PolicyUpdateOptions {
+    name?: string;
+    description?: string;
+    effect?: string;
+    actions?: string;
+    priority?: string;
+    resources?: string;
+    conditions?: string;
+    fromFile?: string;
+    json?: boolean;
+}
+export interface PolicyDeleteOptions {
+    yes?: boolean;
+    json?: boolean;
+}
+export interface PolicyToggleOptions {
+    json?: boolean;
+}
+export interface PolicyAttachOptions {
+    json?: boolean;
+}
+export interface PolicyValidateOptions {
+    name: string;
+    effect: string;
+    actions: string;
+    description?: string;
+    priority: string;
+    resources?: string;
+    conditions?: string;
+    fromFile?: string;
+}
+export interface PolicyAttachmentsOptions {
+    json?: boolean;
+}
+export interface PolicyUserPoliciesOptions {
+    json?: boolean;
+}
+export interface PolicyRolePoliciesOptions {
+    json?: boolean;
+}
+export interface PolicyTestOptions {
+    user: string;
+    action: string;
+    resourceType?: string;
+    resourceId?: string;
+    resourceTenant?: string;
+    ip?: string;
+    mfa?: boolean;
+    json?: boolean;
+}
+export interface PolicyExportOptions {
+    output?: string;
+}
+export interface PolicyImportOptions {
+    tenant?: string;
+    json?: boolean;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/commands/policy/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/commands/policy/types.ts"],"names":[],"mappings":"AAEA;;GAEG;AAEH,MAAM,WAAW,iBAAiB;IAChC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,wBAAwB;IACvC,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,yBAAyB;IACxC,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,yBAAyB;IACxC,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB"}

package/dist/commands/policy/types.js

@@ -0,0 +1,3 @@
+// Path: src/commands/policy/types.ts
+export {};
+//# sourceMappingURL=types.js.map

package/dist/commands/policy/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/commands/policy/types.ts"],"names":[],"mappings":"AAAA,qCAAqC"}

package/dist/commands/policy.d.ts

@@ -1,3 +1,7 @@
-import { type Command } from 'commander';
-export declare function registerPolicyCommands(program: Command): void;
+/**
+ * Policy command re-exports for backward compatibility.
+ * The actual implementation has been modularized into src/commands/policy/
+ */
+export { registerPolicyCommands } from './policy/index.js';
+export type { PolicyListOptions, PolicyGetOptions, PolicyCreateOptions, PolicyUpdateOptions, PolicyDeleteOptions, PolicyToggleOptions, PolicyAttachOptions, PolicyValidateOptions, PolicyAttachmentsOptions, PolicyUserPoliciesOptions, PolicyRolePoliciesOptions, PolicyTestOptions, PolicyExportOptions, PolicyImportOptions, } from './policy/types.js';
 //# sourceMappingURL=policy.d.ts.map

package/dist/commands/policy.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../src/commands/policy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,WAAW,CAAC;AAiKzC,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CA8wB7D"}
+{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../src/commands/policy.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,OAAO,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAG3D,YAAY,EACV,iBAAiB,EACjB,gBAAgB,EAChB,mBAAmB,EACnB,mBAAmB,EACnB,mBAAmB,EACnB,mBAAmB,EACnB,mBAAmB,EACnB,qBAAqB,EACrB,wBAAwB,EACxB,yBAAyB,EACzB,yBAAyB,EACzB,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,mBAAmB,CAAC"}