agentlock-shared 0.1.0 → 0.3.0

package/dist/__tests__/policy-claude-bash.test.js

@@ -0,0 +1,401 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const policy_js_1 = require("../policy.js");
+(0, vitest_1.describe)('compileClaudeBashPattern (glob semantics, mirrors SSH)', () => {
+    (0, vitest_1.it)('exact-matches a literal pattern with no wildcards', () => {
+        const re = (0, policy_js_1.compileClaudeBashPattern)('grep');
+        (0, vitest_1.expect)(re.test('grep')).toBe(true);
+        (0, vitest_1.expect)(re.test('grep foo')).toBe(false);
+        (0, vitest_1.expect)(re.test('grepfoo')).toBe(false);
+    });
+    (0, vitest_1.it)('treats `*` as a glob wildcard for any run of characters', () => {
+        const re = (0, policy_js_1.compileClaudeBashPattern)('grep *');
+        (0, vitest_1.expect)(re.test('grep')).toBe(false); // pattern requires at least the space
+        (0, vitest_1.expect)(re.test('grep foo')).toBe(true);
+        (0, vitest_1.expect)(re.test('grep /home/foo')).toBe(true);
+        (0, vitest_1.expect)(re.test('grepfoo')).toBe(false); // space is part of the pattern
+    });
+    (0, vitest_1.it)('lets you tighten globs to a path prefix', () => {
+        const re = (0, policy_js_1.compileClaudeBashPattern)('grep /home/*');
+        (0, vitest_1.expect)(re.test('grep /home/foo')).toBe(true);
+        (0, vitest_1.expect)(re.test('grep /home/sub/file.txt')).toBe(true);
+        (0, vitest_1.expect)(re.test('grep /etc/passwd')).toBe(false);
+    });
+    (0, vitest_1.it)('honors the /regex/ escape hatch', () => {
+        const re = (0, policy_js_1.compileClaudeBashPattern)('/^(rm|dd)\\s/');
+        (0, vitest_1.expect)(re.test('rm foo')).toBe(true);
+        (0, vitest_1.expect)(re.test('dd if=/dev/zero')).toBe(true);
+        (0, vitest_1.expect)(re.test('npm install')).toBe(false);
+    });
+    (0, vitest_1.it)('treats regex hint chars (^, $, |, etc) as raw regex', () => {
+        const re = (0, policy_js_1.compileClaudeBashPattern)('^git (push|pull)');
+        (0, vitest_1.expect)(re.test('git push origin main')).toBe(true);
+        (0, vitest_1.expect)(re.test('git pull')).toBe(true);
+        (0, vitest_1.expect)(re.test('git status')).toBe(false);
+    });
+});
+(0, vitest_1.describe)('evaluateClaudeBashRules', () => {
+    const baseRules = {
+        rules: [
+            { pattern: 'git status', decision: 'ALLOW' },
+            { pattern: 'grep /home/*', decision: 'ALLOW', description: 'Allow grep on home dir' },
+            { pattern: '/^(rm|dd|mkfs)\\b/', decision: 'BLOCK' },
+            { pattern: 'pnpm install *', decision: 'REQUIRE_APPROVAL' },
+        ],
+    };
+    (0, vitest_1.it)('escalates ${IFS}/$VAR injection past an ALLOW glob to approval (shell-meta gate regression)', () => {
+        // `${IFS}` expands to whitespace incl. a newline at runtime, so it acts as a
+        // command separator. It (and `$IFS`/`$(...)`/backticks) must NOT ride an
+        // ALLOW glob — regression for the SHELL_CONTROL_RE `$` gap.
+        const rules = {
+            rules: [{ pattern: 'git status *', decision: 'ALLOW' }],
+        };
+        for (const cmd of [
+            'git status ${IFS}rm${IFS}-rf${IFS}/',
+            'git status $IFS',
+            'git status $(rm -rf /)',
+            'git status `id`',
+        ]) {
+            (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)(cmd, rules)?.decision).toBe('REQUIRE_APPROVAL');
+        }
+        // legit glob tails with no shell metacharacters still auto-ALLOW
+        for (const cmd of ['git status --short', 'git status -uno', 'git status /home/foo']) {
+            (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)(cmd, rules)?.decision).toBe('ALLOW');
+        }
+    });
+    (0, vitest_1.it)('returns null when rules are undefined or absent', () => {
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('git status', undefined)).toBeNull();
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('git status', null)).toBeNull();
+    });
+    (0, vitest_1.it)('returns null when no rule matches and defaultDecision is unset', () => {
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('curl https://example.com', baseRules)).toBeNull();
+    });
+    (0, vitest_1.it)('exact-matches an ALLOW rule with no wildcard', () => {
+        const out = (0, policy_js_1.evaluateClaudeBashRules)('git status', baseRules);
+        (0, vitest_1.expect)(out?.decision).toBe('ALLOW');
+        (0, vitest_1.expect)(out?.matchedPattern).toBe('git status');
+    });
+    (0, vitest_1.it)('does NOT match an exact-pattern when the command has args', () => {
+        // `git status --short` doesn't equal `git status`, so the rule misses.
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('git status --short', baseRules)).toBeNull();
+    });
+    (0, vitest_1.it)('matches a glob ALLOW with args', () => {
+        const out = (0, policy_js_1.evaluateClaudeBashRules)('grep /home/foo', baseRules);
+        (0, vitest_1.expect)(out?.decision).toBe('ALLOW');
+        (0, vitest_1.expect)(out?.matchedPattern).toBe('grep /home/*');
+    });
+    (0, vitest_1.it)('does not match a glob outside the prefix', () => {
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('grep /etc/passwd', baseRules)).toBeNull();
+    });
+    (0, vitest_1.it)('honors regex-style BLOCK rules', () => {
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('rm -rf foo', baseRules)?.decision).toBe('BLOCK');
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('dd if=/dev/zero of=/dev/sda', baseRules)?.decision).toBe('BLOCK');
+    });
+    (0, vitest_1.it)('canonicalizes whitespace before matching', () => {
+        const out = (0, policy_js_1.evaluateClaudeBashRules)('  git    status  ', baseRules);
+        (0, vitest_1.expect)(out?.decision).toBe('ALLOW');
+    });
+    (0, vitest_1.it)('falls back to defaultDecision when set and no rule matched', () => {
+        const rules = { ...baseRules, defaultDecision: 'REQUIRE_APPROVAL' };
+        const out = (0, policy_js_1.evaluateClaudeBashRules)('curl https://example.com', rules);
+        (0, vitest_1.expect)(out?.decision).toBe('REQUIRE_APPROVAL');
+        (0, vitest_1.expect)(out?.matchedPattern).toBe('');
+    });
+    (0, vitest_1.it)('first match wins (ordering matters)', () => {
+        const rules = {
+            rules: [
+                { pattern: 'git *', decision: 'ALLOW' },
+                { pattern: 'git push *', decision: 'BLOCK' },
+            ],
+        };
+        // The broad ALLOW rule shadows the specific BLOCK because it comes first.
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('git push origin main', rules)?.decision).toBe('ALLOW');
+    });
+    (0, vitest_1.it)('skips invalid regex patterns rather than throwing', () => {
+        const rules = {
+            rules: [
+                { pattern: '/[broken/', decision: 'ALLOW' }, // unclosed character class
+                { pattern: 'echo *', decision: 'ALLOW' },
+            ],
+        };
+        // Skipped invalid rule, falls through to next which matches.
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('echo hello', rules)?.decision).toBe('ALLOW');
+    });
+});
+(0, vitest_1.describe)('evaluateClaudeBashRules — safety gates', () => {
+    const rules = {
+        rules: [
+            { pattern: 'git status', decision: 'ALLOW' }, // exact, no glob
+            { pattern: 'git status *', decision: 'ALLOW' }, // glob ALLOW with args
+            { pattern: 'rm *', decision: 'ALLOW' },
+            { pattern: '/^cat .* \\| grep .*$/', decision: 'ALLOW' },
+            { pattern: 'git push *', decision: 'BLOCK' },
+        ],
+    };
+    (0, vitest_1.it)('escalates a glob ALLOW to REQUIRE_APPROVAL when the command contains shell metacharacters', () => {
+        // `git status ; rm -rf /` matches `git status *` (glob), but the `;`
+        // opens up arbitrary commands — escalate.
+        const out = (0, policy_js_1.evaluateClaudeBashRules)('git status ; rm -rf /', rules);
+        (0, vitest_1.expect)(out?.decision).toBe('REQUIRE_APPROVAL');
+        (0, vitest_1.expect)(out?.matchedPattern).toBe('git status *');
+        (0, vitest_1.expect)(out?.reason).toMatch(/shell metacharacters/);
+    });
+    (0, vitest_1.it)('escalates ALLOW for output redirection too', () => {
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('git status > /tmp/leak', rules)?.decision).toBe('REQUIRE_APPROVAL');
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('git status | tee /tmp/x', rules)?.decision).toBe('REQUIRE_APPROVAL');
+    });
+    (0, vitest_1.it)('escalates ALLOW when the command uses a single `&` background separator', () => {
+        // `cmd1 & cmd2` in bash runs cmd1 in the background and immediately
+        // runs cmd2. Without catching bare `&`, `git status & rm -rf /` would
+        // sail past `ALLOW: git status *`.
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('git status & rm -rf /', rules)?.decision).toBe('REQUIRE_APPROVAL');
+        // No-space-after-status variant: a glob `git status *` requires the
+        // space, so `git status -p &rm -rf /` is what bash would happily run
+        // — `git status -p` plus background-then-rm. The rule still matches
+        // and the gate must catch the `&`.
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('git status -p &rm -rf /', rules)?.decision).toBe('REQUIRE_APPROVAL');
+    });
+    (0, vitest_1.it)('escalates ALLOW when the command embeds a newline (multi-line bypass)', () => {
+        // Real shells treat a literal newline as a command terminator. The
+        // canonicalize step in the matcher collapses whitespace, so a
+        // glob ALLOW would otherwise match `git status\ncurl evil.com` and
+        // the second line would slip through. The safety gate runs against
+        // the raw command precisely to catch this.
+        const out = (0, policy_js_1.evaluateClaudeBashRules)('git status\ncurl https://example.com', rules);
+        (0, vitest_1.expect)(out?.decision).toBe('REQUIRE_APPROVAL');
+        (0, vitest_1.expect)(out?.reason).toMatch(/shell metacharacters/);
+    });
+    (0, vitest_1.it)('also catches \\r\\n line endings', () => {
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('git status\r\nrm -rf /', rules)?.decision).toBe('REQUIRE_APPROVAL');
+    });
+    (0, vitest_1.it)('escalates a default-ALLOW outcome the same way as a rule-ALLOW (shell metas)', () => {
+        // No rule matches `curl evil.com; rm -rf /`, but the policy's
+        // defaultDecision is ALLOW. Without gating the default through the
+        // safety check, this would auto-approve a compound command — exact
+        // same bypass we're trying to prevent for explicit ALLOW rules.
+        const r = {
+            rules: [],
+            defaultDecision: 'ALLOW',
+        };
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('curl https://example.com; rm -rf /', r)?.decision).toBe('REQUIRE_APPROVAL');
+    });
+    (0, vitest_1.it)('honors default-ALLOW for admin-class commands when no rule matches', () => {
+        const r = {
+            rules: [],
+            defaultDecision: 'ALLOW',
+        };
+        // No rule matches; default ALLOW applies. The admin-class hint is
+        // informational only — the editor's linter is the recommendation
+        // surface, runtime honours the explicit policy choice.
+        const out = (0, policy_js_1.evaluateClaudeBashRules)('rm -rf /', r, {
+            hardcodedActionType: 'admin',
+        });
+        (0, vitest_1.expect)(out?.decision).toBe('ALLOW');
+    });
+    (0, vitest_1.it)('still honors default-ALLOW for clean read-only commands', () => {
+        const r = {
+            rules: [],
+            defaultDecision: 'ALLOW',
+        };
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('ls -la', r, { hardcodedActionType: 'read' })?.decision).toBe('ALLOW');
+    });
+    (0, vitest_1.it)('default-BLOCK and default-REQUIRE_APPROVAL are always honored', () => {
+        const block = {
+            rules: [],
+            defaultDecision: 'BLOCK',
+        };
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('ls', block)?.decision).toBe('BLOCK');
+        const approve = {
+            rules: [],
+            defaultDecision: 'REQUIRE_APPROVAL',
+        };
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('ls', approve)?.decision).toBe('REQUIRE_APPROVAL');
+    });
+    (0, vitest_1.it)('does not escalate when the matched pattern is a /regex/ — the user opted in', () => {
+        // /^cat .* \| grep .*$/ matches `cat foo | grep bar` and the pattern
+        // itself is a regex, so the user clearly meant compound matching.
+        const out = (0, policy_js_1.evaluateClaudeBashRules)('cat foo | grep bar', rules);
+        (0, vitest_1.expect)(out?.decision).toBe('ALLOW');
+    });
+    (0, vitest_1.it)('does not escalate exact-match ALLOWs (they cannot match compound commands anyway)', () => {
+        // `git status` exact matches only the bare command — no shell metas
+        // possible in the matched portion. Stays ALLOW.
+        const out = (0, policy_js_1.evaluateClaudeBashRules)('git status', rules);
+        (0, vitest_1.expect)(out?.decision).toBe('ALLOW');
+        (0, vitest_1.expect)(out?.matchedPattern).toBe('git status');
+    });
+    (0, vitest_1.it)('honors explicit ALLOW for admin-class commands (no auto-escalation)', () => {
+        // `rm *` ALLOW rule matches `rm -rf /tmp`. The routing endpoint may
+        // pass hardcodedActionType: 'admin', but an explicit ALLOW is the
+        // admin's choice — runtime honours it. The editor's linter surfaces
+        // a warning at edit time so admins notice high-risk ALLOWs.
+        const out = (0, policy_js_1.evaluateClaudeBashRules)('rm -rf /tmp', rules, {
+            hardcodedActionType: 'admin',
+        });
+        (0, vitest_1.expect)(out?.decision).toBe('ALLOW');
+    });
+    (0, vitest_1.it)('the admin-opt-in flag is a no-op now (kept for back-compat with stored policies)', () => {
+        const out = (0, policy_js_1.evaluateClaudeBashRules)('rm -rf /tmp', rules, {
+            hardcodedActionType: 'admin',
+            allowHighRiskAutoApproval: { admin: true },
+        });
+        (0, vitest_1.expect)(out?.decision).toBe('ALLOW');
+    });
+    (0, vitest_1.it)('BLOCK rules are NEVER escalated, even with admin classification', () => {
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('git push origin main', rules)?.decision).toBe('BLOCK');
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('git push origin main', rules, {
+            hardcodedActionType: 'admin',
+        })?.decision).toBe('BLOCK');
+    });
+    (0, vitest_1.it)('REQUIRE_APPROVAL rules are NEVER escalated either', () => {
+        const r = {
+            rules: [{ pattern: 'pnpm install *', decision: 'REQUIRE_APPROVAL' }],
+        };
+        // Compound + admin opts shouldn't change a REQUIRE_APPROVAL outcome.
+        (0, vitest_1.expect)((0, policy_js_1.evaluateClaudeBashRules)('pnpm install foo ; ls', r)?.decision).toBe('REQUIRE_APPROVAL');
+    });
+    (0, vitest_1.it)('honors plain ALLOW when no shell metas and not admin', () => {
+        const out = (0, policy_js_1.evaluateClaudeBashRules)('git status', rules, {
+            hardcodedActionType: 'read',
+        });
+        (0, vitest_1.expect)(out?.decision).toBe('ALLOW');
+    });
+});
+(0, vitest_1.describe)('suggestClaudeBashPattern', () => {
+    (0, vitest_1.it)('returns empty for empty input', () => {
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('')).toBe('');
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('   ')).toBe('');
+    });
+    (0, vitest_1.it)('exact-matches a single-token command', () => {
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('ls')).toBe('ls');
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('pwd')).toBe('pwd');
+    });
+    (0, vitest_1.it)('takes the first two tokens for typical subcommand-style commands', () => {
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('git status --short')).toBe('git status *');
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('git push origin main')).toBe('git push *');
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('kubectl apply -f deploy.yaml')).toBe('kubectl apply *');
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('pnpm install --frozen-lockfile')).toBe('pnpm install *');
+    });
+    (0, vitest_1.it)('drops to single-token when the second token is a flag', () => {
+        // `ls -la /home` shouldn't pin admins to `ls -la *` — the more useful
+        // suggestion is `ls *`, which they can tighten if they want.
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('ls -la /home')).toBe('ls *');
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('grep --color foo')).toBe('grep *');
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('curl -X POST http://x')).toBe('curl *');
+    });
+    (0, vitest_1.it)('drops to single-token when the second token is a path operand', () => {
+        // `find . -delete` shouldn't suggest `find . *` (so narrow it's only
+        // useful for cwd) — fall back to `find *` which is at least usable.
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('find . -delete')).toBe('find *');
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('cat /etc/passwd')).toBe('cat *');
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('ls ~/Downloads')).toBe('ls *');
+        // Backslash for Windows paths.
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('dir \\Users\\foo')).toBe('dir *');
+    });
+    (0, vitest_1.it)('strips quoted segments before tokenising', () => {
+        // The naïve tokeniser would split into `[git, commit, -m, "fix:, bug"]`
+        // and pick `commit -m` as a flag → `git *`. With quote stripping we
+        // get the more useful `git commit *`.
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('git commit -m "fix: bug"')).toBe('git commit *');
+    });
+    (0, vitest_1.it)('drops to single-token when the second token contains shell metas', () => {
+        // After quote-stripping, a piped command leaves the pipe sitting where
+        // the subcommand would otherwise be. Don't suggest `echo | *` — bail
+        // to `echo *`.
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)("echo 'hello world' | tee out")).toBe('echo *');
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('curl https://x')).toBe('curl *');
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('cat foo.txt')).toBe('cat *');
+    });
+    (0, vitest_1.it)('canonicalizes whitespace', () => {
+        (0, vitest_1.expect)((0, policy_js_1.suggestClaudeBashPattern)('  git    status  --short  ')).toBe('git status *');
+    });
+});
+(0, vitest_1.describe)('evaluateClaudeBashRules — per-rule overrides', () => {
+    (0, vitest_1.it)('propagates require_two_approvals from a matched REQUIRE_APPROVAL rule', () => {
+        const r = {
+            rules: [
+                {
+                    pattern: 'kubectl apply *',
+                    decision: 'REQUIRE_APPROVAL',
+                    require_two_approvals: true,
+                },
+            ],
+        };
+        const out = (0, policy_js_1.evaluateClaudeBashRules)('kubectl apply -f deploy.yaml', r);
+        (0, vitest_1.expect)(out?.decision).toBe('REQUIRE_APPROVAL');
+        (0, vitest_1.expect)(out?.require_two_approvals).toBe(true);
+    });
+    (0, vitest_1.it)('propagates allowed_approvers from a matched rule', () => {
+        const uuid1 = '11111111-1111-4111-8111-111111111111';
+        const uuid2 = '22222222-2222-4222-8222-222222222222';
+        const r = {
+            rules: [
+                {
+                    pattern: 'git push *',
+                    decision: 'REQUIRE_APPROVAL',
+                    allowed_approvers: [uuid1, uuid2],
+                },
+            ],
+        };
+        const out = (0, policy_js_1.evaluateClaudeBashRules)('git push origin main', r);
+        (0, vitest_1.expect)(out?.allowed_approvers).toEqual([uuid1, uuid2]);
+    });
+    (0, vitest_1.it)('propagates require_two_approvals=false to explicitly loosen', () => {
+        // A matched rule with require_two_approvals: false should override a
+        // surrounding rule's true setting — that's the whole point of the
+        // per-rule field.
+        const r = {
+            rules: [
+                {
+                    pattern: 'pnpm test',
+                    decision: 'REQUIRE_APPROVAL',
+                    require_two_approvals: false,
+                },
+            ],
+        };
+        const out = (0, policy_js_1.evaluateClaudeBashRules)('pnpm test', r);
+        (0, vitest_1.expect)(out?.require_two_approvals).toBe(false);
+    });
+    (0, vitest_1.it)('omits override fields when rule does not set them', () => {
+        const r = {
+            rules: [{ pattern: 'git status', decision: 'ALLOW' }],
+        };
+        const out = (0, policy_js_1.evaluateClaudeBashRules)('git status', r);
+        (0, vitest_1.expect)(out?.require_two_approvals).toBeUndefined();
+        (0, vitest_1.expect)(out?.allowed_approvers).toBeUndefined();
+    });
+    (0, vitest_1.it)('omits override fields on a synthesised default-match', () => {
+        // The synthesised match for `defaultDecision` has no underlying rule,
+        // so there's nothing to copy — caller falls back to surrounding rule.
+        const r = {
+            rules: [],
+            defaultDecision: 'REQUIRE_APPROVAL',
+        };
+        const out = (0, policy_js_1.evaluateClaudeBashRules)('curl https://x', r);
+        (0, vitest_1.expect)(out?.decision).toBe('REQUIRE_APPROVAL');
+        (0, vitest_1.expect)(out?.require_two_approvals).toBeUndefined();
+        (0, vitest_1.expect)(out?.allowed_approvers).toBeUndefined();
+    });
+    (0, vitest_1.it)('keeps overrides when an ALLOW rule is escalated by the shell-meta gate', () => {
+        // Even when the safety gate flips ALLOW → REQUIRE_APPROVAL (shell
+        // metas in the command), the per-rule overrides still apply.
+        // Otherwise an admin's "this rule needs 2-person approval" intent
+        // would be silently dropped on escalation.
+        const r = {
+            rules: [
+                {
+                    pattern: 'git *',
+                    decision: 'ALLOW',
+                    require_two_approvals: true,
+                },
+            ],
+        };
+        // Canonical form `git status; rm -rf /` matches `git .*`. Raw form
+        // contains `;` → safety gate flips to REQUIRE_APPROVAL.
+        const out = (0, policy_js_1.evaluateClaudeBashRules)('git status; rm -rf /', r);
+        (0, vitest_1.expect)(out?.decision).toBe('REQUIRE_APPROVAL');
+        (0, vitest_1.expect)(out?.require_two_approvals).toBe(true);
+    });
+});
+//# sourceMappingURL=policy-claude-bash.test.js.map

package/dist/__tests__/policy-claude-bash.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-claude-bash.test.js","sourceRoot":"","sources":["../../src/__tests__/policy-claude-bash.test.ts"],"names":[],"mappings":";;AAAA,mCAA8C;AAC9C,4CAIsB;AAGtB,IAAA,iBAAQ,EAAC,wDAAwD,EAAE,GAAG,EAAE;IACtE,IAAA,WAAE,EAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,MAAM,EAAE,GAAG,IAAA,oCAAwB,EAAC,MAAM,CAAC,CAAC;QAC5C,IAAA,eAAM,EAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,IAAA,eAAM,EAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxC,IAAA,eAAM,EAAC,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,MAAM,EAAE,GAAG,IAAA,oCAAwB,EAAC,QAAQ,CAAC,CAAC;QAC9C,IAAA,eAAM,EAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,sCAAsC;QAC3E,IAAA,eAAM,EAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvC,IAAA,eAAM,EAAC,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAA,eAAM,EAAC,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,+BAA+B;IACzE,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,EAAE,GAAG,IAAA,oCAAwB,EAAC,cAAc,CAAC,CAAC;QACpD,IAAA,eAAM,EAAC,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAA,eAAM,EAAC,EAAE,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtD,IAAA,eAAM,EAAC,EAAE,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,EAAE,GAAG,IAAA,oCAAwB,EAAC,eAAe,CAAC,CAAC;QACrD,IAAA,eAAM,EAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,IAAA,eAAM,EAAC,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9C,IAAA,eAAM,EAAC,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,EAAE,GAAG,IAAA,oCAAwB,EAAC,kBAAkB,CAAC,CAAC;QACxD,IAAA,eAAM,EAAC,EAAE,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,IAAA,eAAM,EAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvC,IAAA,eAAM,EAAC,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,iBAAQ,EAAC,yBAAyB,EAAE,GAAG,EAAE;IACvC,MAAM,SAAS,GAA2C;QACxD,KAAK,EAAE;YACL,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE;YAC5C,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,EAAE,wBAAwB,EAAE;YACrF,EAAE,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,OAAO,EAAE;YACpD,EAAE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,kBAAkB,EAAE;SAC5D;KACF,CAAC;IAEF,IAAA,WAAE,EAAC,6FAA6F,EAAE,GAAG,EAAE;QACrG,6EAA6E;QAC7E,yEAAyE;QACzE,4DAA4D;QAC5D,MAAM,KAAK,GAA2C;YACpD,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;SACxD,CAAC;QACF,KAAK,MAAM,GAAG,IAAI;YAChB,qCAAqC;YACrC,iBAAiB;YACjB,wBAAwB;YACxB,iBAAiB;SAClB,EAAE,CAAC;YACF,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,GAAG,EAAE,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACjF,CAAC;QACD,iEAAiE;QACjE,KAAK,MAAM,GAAG,IAAI,CAAC,oBAAoB,EAAE,iBAAiB,EAAE,sBAAsB,CAAC,EAAE,CAAC;YACpF,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,GAAG,EAAE,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACtE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,YAAY,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QACpE,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjE,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,0BAA0B,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;IACpF,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,GAAG,GAAG,IAAA,mCAAuB,EAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QAC7D,IAAA,eAAM,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpC,IAAA,eAAM,EAAC,GAAG,EAAE,cAAc,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,2DAA2D,EAAE,GAAG,EAAE;QACnE,uEAAuE;QACvE,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,oBAAoB,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC9E,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,GAAG,GAAG,IAAA,mCAAuB,EAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;QACjE,IAAA,eAAM,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpC,IAAA,eAAM,EAAC,GAAG,EAAE,cAAc,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,YAAY,EAAE,SAAS,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjF,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,6BAA6B,EAAE,SAAS,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpG,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,GAAG,GAAG,IAAA,mCAAuB,EAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC;QACpE,IAAA,eAAM,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,4DAA4D,EAAE,GAAG,EAAE;QACpE,MAAM,KAAK,GAAG,EAAE,GAAG,SAAS,EAAE,eAAe,EAAE,kBAA2B,EAAE,CAAC;QAC7E,MAAM,GAAG,GAAG,IAAA,mCAAuB,EAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;QACvE,IAAA,eAAM,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAC/C,IAAA,eAAM,EAAC,GAAG,EAAE,cAAc,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,KAAK,GAA2C;YACpD,KAAK,EAAE;gBACL,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE;gBACvC,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE;aAC7C;SACF,CAAC;QACF,0EAA0E;QAC1E,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,sBAAsB,EAAE,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACzF,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,MAAM,KAAK,GAA2C;YACpD,KAAK,EAAE;gBACL,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,2BAA2B;gBACxE,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE;aACzC;SACF,CAAC;QACF,6DAA6D;QAC7D,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,YAAY,EAAE,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC/E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,iBAAQ,EAAC,wCAAwC,EAAE,GAAG,EAAE;IACtD,MAAM,KAAK,GAA2C;QACpD,KAAK,EAAE;YACL,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,iBAAiB;YAC/D,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,uBAAuB;YACvE,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE;YACtC,EAAE,OAAO,EAAE,wBAAwB,EAAE,QAAQ,EAAE,OAAO,EAAE;YACxD,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE;SAC7C;KACF,CAAC;IAEF,IAAA,WAAE,EAAC,2FAA2F,EAAE,GAAG,EAAE;QACnG,qEAAqE;QACrE,0CAA0C;QAC1C,MAAM,GAAG,GAAG,IAAA,mCAAuB,EAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;QACpE,IAAA,eAAM,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAC/C,IAAA,eAAM,EAAC,GAAG,EAAE,cAAc,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACjD,IAAA,eAAM,EAAC,GAAG,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,wBAAwB,EAAE,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,CAC7E,kBAAkB,CACnB,CAAC;QACF,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,yBAAyB,EAAE,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,CAC9E,kBAAkB,CACnB,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,yEAAyE,EAAE,GAAG,EAAE;QACjF,oEAAoE;QACpE,sEAAsE;QACtE,mCAAmC;QACnC,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,uBAAuB,EAAE,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,CAC5E,kBAAkB,CACnB,CAAC;QACF,oEAAoE;QACpE,qEAAqE;QACrE,oEAAoE;QACpE,mCAAmC;QACnC,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,yBAAyB,EAAE,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,CAC9E,kBAAkB,CACnB,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,uEAAuE,EAAE,GAAG,EAAE;QAC/E,mEAAmE;QACnE,8DAA8D;QAC9D,mEAAmE;QACnE,mEAAmE;QACnE,2CAA2C;QAC3C,MAAM,GAAG,GAAG,IAAA,mCAAuB,EAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;QACnF,IAAA,eAAM,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAC/C,IAAA,eAAM,EAAC,GAAG,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,IAAA,eAAM,EACJ,IAAA,mCAAuB,EAAC,wBAAwB,EAAE,KAAK,CAAC,EAAE,QAAQ,CACnE,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,8EAA8E,EAAE,GAAG,EAAE;QACtF,8DAA8D;QAC9D,mEAAmE;QACnE,mEAAmE;QACnE,gEAAgE;QAChE,MAAM,CAAC,GAA2C;YAChD,KAAK,EAAE,EAAE;YACT,eAAe,EAAE,OAAO;SACzB,CAAC;QACF,IAAA,eAAM,EACJ,IAAA,mCAAuB,EAAC,oCAAoC,EAAE,CAAC,CAAC,EAAE,QAAQ,CAC3E,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,oEAAoE,EAAE,GAAG,EAAE;QAC5E,MAAM,CAAC,GAA2C;YAChD,KAAK,EAAE,EAAE;YACT,eAAe,EAAE,OAAO;SACzB,CAAC;QACF,kEAAkE;QAClE,iEAAiE;QACjE,uDAAuD;QACvD,MAAM,GAAG,GAAG,IAAA,mCAAuB,EAAC,UAAU,EAAE,CAAC,EAAE;YACjD,mBAAmB,EAAE,OAAO;SAC7B,CAAC,CAAC;QACH,IAAA,eAAM,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,MAAM,CAAC,GAA2C;YAChD,KAAK,EAAE,EAAE;YACT,eAAe,EAAE,OAAO;SACzB,CAAC;QACF,IAAA,eAAM,EACJ,IAAA,mCAAuB,EAAC,QAAQ,EAAE,CAAC,EAAE,EAAE,mBAAmB,EAAE,MAAM,EAAE,CAAC,EAAE,QAAQ,CAChF,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,+DAA+D,EAAE,GAAG,EAAE;QACvE,MAAM,KAAK,GAA2C;YACpD,KAAK,EAAE,EAAE;YACT,eAAe,EAAE,OAAO;SACzB,CAAC;QACF,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,IAAI,EAAE,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrE,MAAM,OAAO,GAA2C;YACtD,KAAK,EAAE,EAAE;YACT,eAAe,EAAE,kBAAkB;SACpC,CAAC;QACF,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,IAAI,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACpF,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,6EAA6E,EAAE,GAAG,EAAE;QACrF,qEAAqE;QACrE,kEAAkE;QAClE,MAAM,GAAG,GAAG,IAAA,mCAAuB,EAAC,oBAAoB,EAAE,KAAK,CAAC,CAAC;QACjE,IAAA,eAAM,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,mFAAmF,EAAE,GAAG,EAAE;QAC3F,oEAAoE;QACpE,gDAAgD;QAChD,MAAM,GAAG,GAAG,IAAA,mCAAuB,EAAC,YAAY,EAAE,KAAK,CAAC,CAAC;QACzD,IAAA,eAAM,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpC,IAAA,eAAM,EAAC,GAAG,EAAE,cAAc,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,qEAAqE,EAAE,GAAG,EAAE;QAC7E,oEAAoE;QACpE,kEAAkE;QAClE,oEAAoE;QACpE,4DAA4D;QAC5D,MAAM,GAAG,GAAG,IAAA,mCAAuB,EAAC,aAAa,EAAE,KAAK,EAAE;YACxD,mBAAmB,EAAE,OAAO;SAC7B,CAAC,CAAC;QACH,IAAA,eAAM,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,kFAAkF,EAAE,GAAG,EAAE;QAC1F,MAAM,GAAG,GAAG,IAAA,mCAAuB,EAAC,aAAa,EAAE,KAAK,EAAE;YACxD,mBAAmB,EAAE,OAAO;YAC5B,yBAAyB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;SAC3C,CAAC,CAAC;QACH,IAAA,eAAM,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,iEAAiE,EAAE,GAAG,EAAE;QACzE,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,sBAAsB,EAAE,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvF,IAAA,eAAM,EACJ,IAAA,mCAAuB,EAAC,sBAAsB,EAAE,KAAK,EAAE;YACrD,mBAAmB,EAAE,OAAO;SAC7B,CAAC,EAAE,QAAQ,CACb,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,MAAM,CAAC,GAA2C;YAChD,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,kBAAkB,EAAE,CAAC;SACrE,CAAC;QACF,qEAAqE;QACrE,IAAA,eAAM,EAAC,IAAA,mCAAuB,EAAC,uBAAuB,EAAE,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACjG,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,GAAG,GAAG,IAAA,mCAAuB,EAAC,YAAY,EAAE,KAAK,EAAE;YACvD,mBAAmB,EAAE,MAAM;SAC5B,CAAC,CAAC;QACH,IAAA,eAAM,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,iBAAQ,EAAC,0BAA0B,EAAE,GAAG,EAAE;IACxC,IAAA,WAAE,EAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClD,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,kEAAkE,EAAE,GAAG,EAAE;QAC1E,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC5E,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,sBAAsB,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC5E,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,8BAA8B,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACzF,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,gCAAgC,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC5F,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,uDAAuD,EAAE,GAAG,EAAE;QAC/D,sEAAsE;QACtE,6DAA6D;QAC7D,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC9D,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpE,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,uBAAuB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,+DAA+D,EAAE,GAAG,EAAE;QACvE,qEAAqE;QACrE,oEAAoE;QACpE,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAClE,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClE,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAChE,+BAA+B;QAC/B,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,wEAAwE;QACxE,oEAAoE;QACpE,sCAAsC;QACtC,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,0BAA0B,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACpF,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,kEAAkE,EAAE,GAAG,EAAE;QAC1E,uEAAuE;QACvE,qEAAqE;QACrE,eAAe;QACf,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,8BAA8B,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChF,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAClE,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,IAAA,eAAM,EAAC,IAAA,oCAAwB,EAAC,4BAA4B,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACtF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,iBAAQ,EAAC,8CAA8C,EAAE,GAAG,EAAE;IAC5D,IAAA,WAAE,EAAC,uEAAuE,EAAE,GAAG,EAAE;QAC/E,MAAM,CAAC,GAA2C;YAChD,KAAK,EAAE;gBACL;oBACE,OAAO,EAAE,iBAAiB;oBAC1B,QAAQ,EAAE,kBAAkB;oBAC5B,qBAAqB,EAAE,IAAI;iBAC5B;aACF;SACF,CAAC;QACF,MAAM,GAAG,GAAG,IAAA,mCAAuB,EAAC,8BAA8B,EAAE,CAAC,CAAC,CAAC;QACvE,IAAA,eAAM,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAC/C,IAAA,eAAM,EAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,KAAK,GAAG,sCAAsC,CAAC;QACrD,MAAM,KAAK,GAAG,sCAAsC,CAAC;QACrD,MAAM,CAAC,GAA2C;YAChD,KAAK,EAAE;gBACL;oBACE,OAAO,EAAE,YAAY;oBACrB,QAAQ,EAAE,kBAAkB;oBAC5B,iBAAiB,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;iBAClC;aACF;SACF,CAAC;QACF,MAAM,GAAG,GAAG,IAAA,mCAAuB,EAAC,sBAAsB,EAAE,CAAC,CAAC,CAAC;QAC/D,IAAA,eAAM,EAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,6DAA6D,EAAE,GAAG,EAAE;QACrE,qEAAqE;QACrE,kEAAkE;QAClE,kBAAkB;QAClB,MAAM,CAAC,GAA2C;YAChD,KAAK,EAAE;gBACL;oBACE,OAAO,EAAE,WAAW;oBACpB,QAAQ,EAAE,kBAAkB;oBAC5B,qBAAqB,EAAE,KAAK;iBAC7B;aACF;SACF,CAAC;QACF,MAAM,GAAG,GAAG,IAAA,mCAAuB,EAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QACpD,IAAA,eAAM,EAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,MAAM,CAAC,GAA2C;YAChD,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;SACtD,CAAC;QACF,MAAM,GAAG,GAAG,IAAA,mCAAuB,EAAC,YAAY,EAAE,CAAC,CAAC,CAAC;QACrD,IAAA,eAAM,EAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC,aAAa,EAAE,CAAC;QACnD,IAAA,eAAM,EAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC,aAAa,EAAE,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,sEAAsE;QACtE,sEAAsE;QACtE,MAAM,CAAC,GAA2C;YAChD,KAAK,EAAE,EAAE;YACT,eAAe,EAAE,kBAAkB;SACpC,CAAC;QACF,MAAM,GAAG,GAAG,IAAA,mCAAuB,EAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC;QACzD,IAAA,eAAM,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAC/C,IAAA,eAAM,EAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC,aAAa,EAAE,CAAC;QACnD,IAAA,eAAM,EAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC,aAAa,EAAE,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,wEAAwE,EAAE,GAAG,EAAE;QAChF,kEAAkE;QAClE,6DAA6D;QAC7D,kEAAkE;QAClE,2CAA2C;QAC3C,MAAM,CAAC,GAA2C;YAChD,KAAK,EAAE;gBACL;oBACE,OAAO,EAAE,OAAO;oBAChB,QAAQ,EAAE,OAAO;oBACjB,qBAAqB,EAAE,IAAI;iBAC5B;aACF;SACF,CAAC;QACF,mEAAmE;QACnE,wDAAwD;QACxD,MAAM,GAAG,GAAG,IAAA,mCAAuB,EAAC,sBAAsB,EAAE,CAAC,CAAC,CAAC;QAC/D,IAAA,eAAM,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAC/C,IAAA,eAAM,EAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/policy-llm-floor.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=policy-llm-floor.test.d.ts.map

package/dist/__tests__/policy-llm-floor.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-llm-floor.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/policy-llm-floor.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/policy-llm-floor.test.js

@@ -0,0 +1,107 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const policy_js_1 = require("../policy.js");
+const baseAction = (overrides = {}) => ({
+    action_type: 'read',
+    tool: 'unknown.tool',
+    payload: {},
+    ...overrides,
+});
+(0, vitest_1.describe)('evaluatePolicy — llmFloor option', () => {
+    (0, vitest_1.it)('ignores llmFloor when not provided (existing behavior preserved)', () => {
+        // mcp.list_tools has a static floor of `read`, so with no llmFloor the
+        // effective type stays `read`. (Unrecognised tools now floor to `write`.)
+        const action = baseAction({ tool: 'mcp.list_tools' });
+        const result = (0, policy_js_1.evaluatePolicy)(action, policy_js_1.DEFAULT_POLICY_RULES);
+        (0, vitest_1.expect)(result.effective_action_type).toBe('read');
+    });
+    (0, vitest_1.it)('upgrades effective_action_type when llmFloor is higher than declared + static', () => {
+        // `mcp.list_tools` has static floor = read.
+        // Agent declares read. LLM says write → effective should be write.
+        const action = baseAction({ action_type: 'read', tool: 'mcp.list_tools' });
+        const result = (0, policy_js_1.evaluatePolicy)(action, policy_js_1.DEFAULT_POLICY_RULES, {
+            llmFloor: 'write',
+        });
+        (0, vitest_1.expect)(result.effective_action_type).toBe('write');
+        (0, vitest_1.expect)(result.decision).toBe('REQUIRE_APPROVAL');
+    });
+    (0, vitest_1.it)('does NOT downgrade when llmFloor is lower than staticFloor', () => {
+        // `stripe.charge` has static floor = financial.
+        // LLM says read → effective should still be financial (never downgrade).
+        const action = baseAction({
+            action_type: 'read',
+            tool: 'stripe.charge',
+            payload: {},
+        });
+        const result = (0, policy_js_1.evaluatePolicy)(action, policy_js_1.DEFAULT_POLICY_RULES, {
+            llmFloor: 'read',
+        });
+        (0, vitest_1.expect)(result.effective_action_type).toBe('financial');
+    });
+    (0, vitest_1.it)('does NOT downgrade when llmFloor is lower than declared', () => {
+        // Agent declares admin, LLM says read → effective should still be admin.
+        // DEFAULT_POLICY_RULES maps action_type: 'admin' → BLOCK (see policy.test.ts:420).
+        const action = baseAction({ action_type: 'admin', tool: 'unknown.tool' });
+        const result = (0, policy_js_1.evaluatePolicy)(action, policy_js_1.DEFAULT_POLICY_RULES, {
+            llmFloor: 'read',
+        });
+        (0, vitest_1.expect)(result.effective_action_type).toBe('admin');
+        (0, vitest_1.expect)(result.decision).toBe('BLOCK');
+    });
+    (0, vitest_1.it)('takes max of static and llm when both are higher than declared', () => {
+        // stripe.charge → static floor = financial
+        // llmFloor = admin
+        // max = admin
+        const action = baseAction({
+            action_type: 'read',
+            tool: 'stripe.charge',
+            payload: {},
+        });
+        const result = (0, policy_js_1.evaluatePolicy)(action, policy_js_1.DEFAULT_POLICY_RULES, {
+            llmFloor: 'admin',
+        });
+        (0, vitest_1.expect)(result.effective_action_type).toBe('admin');
+    });
+    (0, vitest_1.it)('skipCategoryFloor overrides both static and llm floors', () => {
+        const action = baseAction({
+            action_type: 'read',
+            tool: 'stripe.charge',
+            payload: {},
+        });
+        const result = (0, policy_js_1.evaluatePolicy)(action, policy_js_1.DEFAULT_POLICY_RULES, {
+            skipCategoryFloor: true,
+            llmFloor: 'admin',
+        });
+        (0, vitest_1.expect)(result.effective_action_type).toBe('read');
+    });
+    (0, vitest_1.it)('llmFloor promotes declared read on unknown tool to financial → REQUIRE_APPROVAL', () => {
+        // This is the key scenario: unknown tool (static = read), agent said read,
+        // LLM identified it as financial. Without LLM, this would auto-allow.
+        // With LLM, it gets flagged for approval.
+        const action = baseAction({
+            action_type: 'read',
+            tool: 'custom.transfer_funds',
+            payload: {},
+        });
+        const result = (0, policy_js_1.evaluatePolicy)(action, policy_js_1.DEFAULT_POLICY_RULES, {
+            llmFloor: 'financial',
+        });
+        (0, vitest_1.expect)(result.effective_action_type).toBe('financial');
+        (0, vitest_1.expect)(result.decision).toBe('REQUIRE_APPROVAL');
+        (0, vitest_1.expect)(result.reason).toContain('category floored');
+    });
+    (0, vitest_1.it)('llmFloor-only upgrade surfaces the category-floored reason suffix', () => {
+        // `mcp.list_tools` has static floor = read. Agent declares read. LLM says
+        // write. The upgrade is driven ONLY by llmFloor — the static floor
+        // contributes nothing. This test locks in that the reason suffix
+        // ("category floored") fires for llmFloor-only upgrades too, not just for
+        // static-floor upgrades. Guards against silent regression of test 7 if the
+        // static FINANCIAL_PATTERNS list ever changes.
+        const action = baseAction({ action_type: 'read', tool: 'mcp.list_tools' });
+        const result = (0, policy_js_1.evaluatePolicy)(action, policy_js_1.DEFAULT_POLICY_RULES, { llmFloor: 'write' });
+        (0, vitest_1.expect)(result.effective_action_type).toBe('write');
+        (0, vitest_1.expect)(result.reason).toContain('category floored');
+    });
+});
+//# sourceMappingURL=policy-llm-floor.test.js.map

package/dist/__tests__/policy-llm-floor.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-llm-floor.test.js","sourceRoot":"","sources":["../../src/__tests__/policy-llm-floor.test.ts"],"names":[],"mappings":";;AAAA,mCAA8C;AAC9C,4CAAoE;AAGpE,MAAM,UAAU,GAAG,CAAC,YAAyC,EAAE,EAAsB,EAAE,CAAC,CAAC;IACvF,WAAW,EAAE,MAAM;IACnB,IAAI,EAAE,cAAc;IACpB,OAAO,EAAE,EAAE;IACX,GAAG,SAAS;CACb,CAAC,CAAC;AAEH,IAAA,iBAAQ,EAAC,kCAAkC,EAAE,GAAG,EAAE;IAChD,IAAA,WAAE,EAAC,kEAAkE,EAAE,GAAG,EAAE;QAC1E,uEAAuE;QACvE,0EAA0E;QAC1E,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACtD,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,CAAC,CAAC;QAC5D,IAAA,eAAM,EAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,+EAA+E,EAAE,GAAG,EAAE;QACvF,4CAA4C;QAC5C,mEAAmE;QACnE,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAC3E,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,EAAE;YAC1D,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC;QACH,IAAA,eAAM,EAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnD,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,4DAA4D,EAAE,GAAG,EAAE;QACpE,gDAAgD;QAChD,yEAAyE;QACzE,MAAM,MAAM,GAAG,UAAU,CAAC;YACxB,WAAW,EAAE,MAAM;YACnB,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,EAAE;SACZ,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,EAAE;YAC1D,QAAQ,EAAE,MAAM;SACjB,CAAC,CAAC;QACH,IAAA,eAAM,EAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,yEAAyE;QACzE,mFAAmF;QACnF,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC,CAAC;QAC1E,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,EAAE;YAC1D,QAAQ,EAAE,MAAM;SACjB,CAAC,CAAC;QACH,IAAA,eAAM,EAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnD,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,2CAA2C;QAC3C,mBAAmB;QACnB,cAAc;QACd,MAAM,MAAM,GAAG,UAAU,CAAC;YACxB,WAAW,EAAE,MAAM;YACnB,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,EAAE;SACZ,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,EAAE;YAC1D,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC;QACH,IAAA,eAAM,EAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,MAAM,MAAM,GAAG,UAAU,CAAC;YACxB,WAAW,EAAE,MAAM;YACnB,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,EAAE;SACZ,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,EAAE;YAC1D,iBAAiB,EAAE,IAAI;YACvB,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC;QACH,IAAA,eAAM,EAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,iFAAiF,EAAE,GAAG,EAAE;QACzF,2EAA2E;QAC3E,sEAAsE;QACtE,0CAA0C;QAC1C,MAAM,MAAM,GAAG,UAAU,CAAC;YACxB,WAAW,EAAE,MAAM;YACnB,IAAI,EAAE,uBAAuB;YAC7B,OAAO,EAAE,EAAE;SACZ,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,EAAE;YAC1D,QAAQ,EAAE,WAAW;SACtB,CAAC,CAAC;QACH,IAAA,eAAM,EAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACvD,IAAA,eAAM,EAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACjD,IAAA,eAAM,EAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,mEAAmE,EAAE,GAAG,EAAE;QAC3E,0EAA0E;QAC1E,mEAAmE;QACnE,iEAAiE;QACjE,0EAA0E;QAC1E,2EAA2E;QAC3E,+CAA+C;QAC/C,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAC3E,MAAM,MAAM,GAAG,IAAA,0BAAc,EAAC,MAAM,EAAE,gCAAoB,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QACnF,IAAA,eAAM,EAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnD,IAAA,eAAM,EAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/policy-ssh-e2e.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=policy-ssh-e2e.test.d.ts.map

package/dist/__tests__/policy-ssh-e2e.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-ssh-e2e.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/policy-ssh-e2e.test.ts"],"names":[],"mappings":""}