attocode 0.2.1 → 0.2.3

package/dist/src/integrations/mcp-tool-validator.js

@@ -0,0 +1,141 @@
+/**
+ * MCP Tool Description Validator
+ *
+ * Validates MCP tool descriptions for quality, helping ensure
+ * that LLMs can understand and correctly use the tools.
+ *
+ * Quality checks:
+ * 1. Description length (minimum useful length)
+ * 2. Input schema has property descriptions
+ * 3. Required parameters are marked
+ * 4. Description contains usage patterns
+ * 5. Naming conventions (snake_case, prefixed)
+ */
+// =============================================================================
+// CONSTANTS
+// =============================================================================
+const DEFAULT_CONFIG = {
+    minDescriptionLength: 20,
+    requirePropertyDescriptions: true,
+    requireExamples: false,
+    minimumPassScore: 40,
+};
+// =============================================================================
+// VALIDATOR
+// =============================================================================
+/**
+ * Validate a single tool's description quality.
+ */
+export function validateToolDescription(tool, config) {
+    const cfg = { ...DEFAULT_CONFIG, ...config };
+    const issues = [];
+    const suggestions = [];
+    let score = 100;
+    const description = tool.description || '';
+    // Check 1: Description exists and has minimum length
+    if (!description) {
+        issues.push('No description provided');
+        score -= 40;
+    }
+    else if (description.length < cfg.minDescriptionLength) {
+        issues.push(`Description too short (${description.length} chars, min: ${cfg.minDescriptionLength})`);
+        suggestions.push('Add more detail about what this tool does and when to use it');
+        score -= 20;
+    }
+    // Check 2: Description is informative (not just tool name restated)
+    if (description && tool.name) {
+        const nameWords = tool.name.replace(/[_-]/g, ' ').toLowerCase().split(/\s+/);
+        const descWords = description.toLowerCase().split(/\s+/);
+        const overlap = nameWords.filter(w => descWords.includes(w)).length;
+        if (overlap === nameWords.length && description.split(/\s+/).length < 5) {
+            issues.push('Description merely restates the tool name');
+            suggestions.push('Explain what the tool does, its purpose, and any important behavior');
+            score -= 15;
+        }
+    }
+    // Check 3: Input schema has property descriptions
+    if (cfg.requirePropertyDescriptions && tool.inputSchema) {
+        const properties = tool.inputSchema.properties;
+        if (properties) {
+            const undocumented = [];
+            for (const [propName, propSchema] of Object.entries(properties)) {
+                if (!propSchema.description) {
+                    undocumented.push(propName);
+                }
+            }
+            if (undocumented.length > 0) {
+                issues.push(`Properties missing descriptions: ${undocumented.join(', ')}`);
+                suggestions.push('Add "description" to each property in the input schema');
+                score -= Math.min(undocumented.length * 5, 20);
+            }
+        }
+    }
+    // Check 4: Required parameters are specified
+    if (tool.inputSchema) {
+        const required = tool.inputSchema.required;
+        const properties = tool.inputSchema.properties;
+        if (properties && Object.keys(properties).length > 0 && (!required || required.length === 0)) {
+            suggestions.push('Consider marking required parameters in the schema');
+            score -= 5;
+        }
+    }
+    // Check 5: Description mentions examples or usage patterns
+    if (cfg.requireExamples && description) {
+        const hasExample = /example|e\.g\.|for instance|usage:|such as/i.test(description);
+        if (!hasExample) {
+            suggestions.push('Add a usage example to the description');
+            score -= 10;
+        }
+    }
+    // Check 6: Naming conventions
+    if (tool.name) {
+        const isSnakeCase = /^[a-z][a-z0-9_]*$/.test(tool.name);
+        const hasMCPPrefix = tool.name.startsWith('mcp_');
+        if (!isSnakeCase && !hasMCPPrefix) {
+            suggestions.push('Consider using snake_case for tool names');
+            score -= 5;
+        }
+    }
+    return {
+        toolName: tool.name,
+        score: Math.max(0, score),
+        issues,
+        suggestions,
+    };
+}
+/**
+ * Validate all tools and return results sorted by score (worst first).
+ */
+export function validateAllTools(tools, config) {
+    return tools
+        .map(tool => validateToolDescription(tool, config))
+        .sort((a, b) => a.score - b.score);
+}
+/**
+ * Get a summary of validation results.
+ */
+export function formatValidationSummary(results) {
+    const passed = results.filter(r => r.score >= (DEFAULT_CONFIG.minimumPassScore));
+    const failed = results.filter(r => r.score < (DEFAULT_CONFIG.minimumPassScore));
+    const lines = [
+        `Tool Description Quality: ${passed.length}/${results.length} passed`,
+    ];
+    if (failed.length > 0) {
+        lines.push('', 'Failed:');
+        for (const r of failed) {
+            lines.push(`  ${r.toolName} (score: ${r.score}): ${r.issues.join('; ')}`);
+        }
+    }
+    return lines.join('\n');
+}
+/**
+ * Create a tool validator.
+ */
+export function createToolValidator(config) {
+    return {
+        validate: (tool) => validateToolDescription(tool, config),
+        validateAll: (tools) => validateAllTools(tools, config),
+        formatSummary: formatValidationSummary,
+    };
+}
+//# sourceMappingURL=mcp-tool-validator.js.map

package/dist/src/integrations/mcp-tool-validator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-tool-validator.js","sourceRoot":"","sources":["../../../src/integrations/mcp-tool-validator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAkCH,gFAAgF;AAChF,YAAY;AACZ,gFAAgF;AAEhF,MAAM,cAAc,GAAyB;IAC3C,oBAAoB,EAAE,EAAE;IACxB,2BAA2B,EAAE,IAAI;IACjC,eAAe,EAAE,KAAK;IACtB,gBAAgB,EAAE,EAAE;CACrB,CAAC;AAEF,gFAAgF;AAChF,YAAY;AACZ,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,uBAAuB,CACrC,IAAyB,EACzB,MAAsC;IAEtC,MAAM,GAAG,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,MAAM,EAAE,CAAC;IAC7C,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,IAAI,KAAK,GAAG,GAAG,CAAC;IAEhB,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;IAE3C,qDAAqD;IACrD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACvC,KAAK,IAAI,EAAE,CAAC;IACd,CAAC;SAAM,IAAI,WAAW,CAAC,MAAM,GAAG,GAAG,CAAC,oBAAoB,EAAE,CAAC;QACzD,MAAM,CAAC,IAAI,CAAC,0BAA0B,WAAW,CAAC,MAAM,gBAAgB,GAAG,CAAC,oBAAoB,GAAG,CAAC,CAAC;QACrG,WAAW,CAAC,IAAI,CAAC,8DAA8D,CAAC,CAAC;QACjF,KAAK,IAAI,EAAE,CAAC;IACd,CAAC;IAED,oEAAoE;IACpE,IAAI,WAAW,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC7E,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACpE,IAAI,OAAO,KAAK,SAAS,CAAC,MAAM,IAAI,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxE,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;YACzD,WAAW,CAAC,IAAI,CAAC,qEAAqE,CAAC,CAAC;YACxF,KAAK,IAAI,EAAE,CAAC;QACd,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,IAAI,GAAG,CAAC,2BAA2B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACxD,MAAM,UAAU,GAAI,IAAI,CAAC,WAAuC,CAAC,UAAiE,CAAC;QACnI,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,YAAY,GAAa,EAAE,CAAC;YAClC,KAAK,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBAChE,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;oBAC5B,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAC9B,CAAC;YACH,CAAC;YACD,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5B,MAAM,CAAC,IAAI,CAAC,oCAAoC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC3E,WAAW,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;gBAC3E,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,MAAM,QAAQ,GAAI,IAAI,CAAC,WAAuC,CAAC,QAAgC,CAAC;QAChG,MAAM,UAAU,GAAI,IAAI,CAAC,WAAuC,CAAC,UAAiD,CAAC;QACnH,IAAI,UAAU,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;YAC7F,WAAW,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;YACvE,KAAK,IAAI,CAAC,CAAC;QACb,CAAC;IACH,CAAC;IAED,2DAA2D;IAC3D,IAAI,GAAG,CAAC,eAAe,IAAI,WAAW,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,6CAA6C,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACnF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,WAAW,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;YAC3D,KAAK,IAAI,EAAE,CAAC;QACd,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,MAAM,WAAW,GAAG,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAClD,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,EAAE,CAAC;YAClC,WAAW,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;YAC7D,KAAK,IAAI,CAAC,CAAC;QACb,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,IAAI,CAAC,IAAI;QACnB,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC;QACzB,MAAM;QACN,WAAW;KACZ,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,KAA4B,EAC5B,MAAsC;IAEtC,OAAO,KAAK;SACT,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,uBAAuB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;SAClD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAA+B;IACrE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACjF,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,cAAc,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAEhF,MAAM,KAAK,GAAa;QACtB,6BAA6B,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,SAAS;KACtE,CAAC;IAEF,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;QAC1B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,YAAY,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAsC;IACxE,OAAO;QACL,QAAQ,EAAE,CAAC,IAAyB,EAAE,EAAE,CAAC,uBAAuB,CAAC,IAAI,EAAE,MAAM,CAAC;QAC9E,WAAW,EAAE,CAAC,KAA4B,EAAE,EAAE,CAAC,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC;QAC9E,aAAa,EAAE,uBAAuB;KACvC,CAAC;AACJ,CAAC"}

package/dist/src/integrations/policy-engine.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Unified policy engine.
+ *
+ * Resolves effective tool/bash/approval behavior from profiles plus
+ * compatibility mappings from legacy config fields.
+ */
+import type { PolicyEngineConfig, PolicyProfile, SandboxConfig } from '../types.js';
+import type { SwarmConfig, SwarmWorkerSpec } from './swarm/types.js';
+export declare const DEFAULT_POLICY_PROFILES: Record<string, PolicyProfile>;
+export declare const DEFAULT_POLICY_ENGINE_CONFIG: Required<Pick<PolicyEngineConfig, 'enabled' | 'legacyFallback' | 'defaultProfile' | 'defaultSwarmProfile'>>;
+export interface ResolvePolicyProfileOptions {
+    policyEngine?: PolicyEngineConfig | false;
+    requestedProfile?: string;
+    swarmConfig?: SwarmConfig;
+    worker?: SwarmWorkerSpec;
+    taskType?: string;
+    sandboxConfig?: SandboxConfig;
+    isSwarmWorker?: boolean;
+    legacyAllowedTools?: string[];
+    legacyDeniedTools?: string[];
+    globalDeniedTools?: string[];
+}
+export interface ResolvedPolicyProfile {
+    profileName: string;
+    profile: PolicyProfile;
+    metadata: {
+        selectionSource: 'explicit' | 'worker-capability' | 'task-type' | 'default';
+        usedLegacyMappings: boolean;
+        legacyMappingSources: string[];
+        warnings: string[];
+    };
+}
+export declare function resolvePolicyProfile(options: ResolvePolicyProfileOptions): ResolvedPolicyProfile;
+export declare function isToolAllowedByProfile(toolName: string, profile: PolicyProfile): {
+    allowed: boolean;
+    reason?: string;
+};
+export declare function evaluateBashCommandByProfile(command: string, profile: PolicyProfile, taskType?: string): {
+    allowed: boolean;
+    reason?: string;
+};
+export declare function mergeApprovalScopeWithProfile(scope: {
+    autoApprove: string[];
+    scopedApprove: Record<string, {
+        paths: string[];
+    }>;
+    requireApproval: string[];
+}, profile: PolicyProfile): {
+    autoApprove: string[];
+    scopedApprove: Record<string, {
+        paths: string[];
+    }>;
+    requireApproval: string[];
+};
+//# sourceMappingURL=policy-engine.d.ts.map

package/dist/src/integrations/policy-engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-engine.d.ts","sourceRoot":"","sources":["../../../src/integrations/policy-engine.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACpF,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAIrE,eAAO,MAAM,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CA0BjE,CAAC;AAEF,eAAO,MAAM,4BAA4B,EAAE,QAAQ,CACjD,IAAI,CAAC,kBAAkB,EAAE,SAAS,GAAG,gBAAgB,GAAG,gBAAgB,GAAG,qBAAqB,CAAC,CAMlG,CAAC;AAEF,MAAM,WAAW,2BAA2B;IAC1C,YAAY,CAAC,EAAE,kBAAkB,GAAG,KAAK,CAAC;IAC1C,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,MAAM,CAAC,EAAE,eAAe,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,aAAa,CAAC;IACvB,QAAQ,EAAE;QACR,eAAe,EAAE,UAAU,GAAG,mBAAmB,GAAG,WAAW,GAAG,SAAS,CAAC;QAC5E,kBAAkB,EAAE,OAAO,CAAC;QAC5B,oBAAoB,EAAE,MAAM,EAAE,CAAC;QAC/B,QAAQ,EAAE,MAAM,EAAE,CAAC;KACpB,CAAC;CACH;AAiHD,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,2BAA2B,GAAG,qBAAqB,CAyFhG;AAED,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,aAAa,GACrB;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAevC;AAED,wBAAgB,4BAA4B,CAC1C,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,aAAa,EACtB,QAAQ,CAAC,EAAE,MAAM,GAChB;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAevC;AAED,wBAAgB,6BAA6B,CAC3C,KAAK,EAAE;IACL,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IACnD,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B,EACD,OAAO,EAAE,aAAa,GACrB;IACD,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IACnD,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B,CAMA"}

package/dist/src/integrations/policy-engine.js

@@ -0,0 +1,247 @@
+/**
+ * Unified policy engine.
+ *
+ * Resolves effective tool/bash/approval behavior from profiles plus
+ * compatibility mappings from legacy config fields.
+ */
+import { getTaskTypeConfig } from './swarm/types.js';
+import { evaluateBashPolicy } from './bash-policy.js';
+export const DEFAULT_POLICY_PROFILES = {
+    'research-safe': {
+        toolAccessMode: 'whitelist',
+        allowedTools: ['read_file', 'list_files', 'glob', 'grep', 'web_search', 'write_file', 'bash', 'task_get', 'task_list'],
+        deniedTools: ['delete_file'],
+        bashMode: 'read_only',
+        bashWriteProtection: 'block_file_mutation',
+    },
+    'code-strict-bash': {
+        toolAccessMode: 'whitelist',
+        allowedTools: ['read_file', 'write_file', 'edit_file', 'list_files', 'glob', 'grep', 'bash', 'web_search', 'task_create', 'task_update', 'task_get', 'task_list'],
+        bashMode: 'full',
+        bashWriteProtection: 'block_file_mutation',
+    },
+    'code-full': {
+        toolAccessMode: 'all',
+        bashMode: 'full',
+        bashWriteProtection: 'off',
+    },
+    'review-safe': {
+        toolAccessMode: 'whitelist',
+        allowedTools: ['read_file', 'list_files', 'glob', 'grep', 'web_search', 'task_get', 'task_list'],
+        deniedTools: ['write_file', 'edit_file', 'delete_file', 'bash'],
+        bashMode: 'disabled',
+        bashWriteProtection: 'block_file_mutation',
+    },
+};
+export const DEFAULT_POLICY_ENGINE_CONFIG = {
+    enabled: true,
+    legacyFallback: true,
+    defaultProfile: 'code-full',
+    defaultSwarmProfile: 'code-strict-bash',
+};
+function mergeProfiles(...profiles) {
+    const merged = {};
+    for (const p of profiles) {
+        if (!p)
+            continue;
+        merged.toolAccessMode = p.toolAccessMode ?? merged.toolAccessMode;
+        merged.allowedTools = p.allowedTools ?? merged.allowedTools;
+        merged.deniedTools = p.deniedTools ?? merged.deniedTools;
+        merged.bashMode = p.bashMode ?? merged.bashMode;
+        merged.bashWriteProtection = p.bashWriteProtection ?? merged.bashWriteProtection;
+        if (p.approval) {
+            merged.approval = {
+                autoApprove: p.approval.autoApprove ?? merged.approval?.autoApprove,
+                scopedApprove: p.approval.scopedApprove ?? merged.approval?.scopedApprove,
+                requireApproval: p.approval.requireApproval ?? merged.approval?.requireApproval,
+            };
+        }
+    }
+    return merged;
+}
+function inferSwarmProfileForTask(taskType, swarmConfig) {
+    if (!taskType)
+        return 'code-strict-bash';
+    // V7: Use configurable policyProfile from TaskTypeConfig
+    const typeConfig = getTaskTypeConfig(taskType, swarmConfig);
+    return typeConfig.policyProfile ?? 'code-strict-bash';
+}
+function inferSwarmProfileForWorker(worker) {
+    if (!worker?.capabilities || worker.capabilities.length === 0)
+        return undefined;
+    const caps = new Set(worker.capabilities);
+    if (caps.has('code') || caps.has('write') || caps.has('test') || caps.has('document')) {
+        return 'code-strict-bash';
+    }
+    if (caps.has('review')) {
+        return 'review-safe';
+    }
+    if (caps.has('research')) {
+        return 'research-safe';
+    }
+    return undefined;
+}
+function applyLegacyMappings(profile, options) {
+    const merged = { ...profile };
+    const metadata = {
+        selectionSource: 'default',
+        usedLegacyMappings: false,
+        legacyMappingSources: [],
+        warnings: [],
+    };
+    const legacyAllowed = options.legacyAllowedTools ?? options.worker?.allowedTools;
+    if (legacyAllowed && legacyAllowed.length > 0) {
+        merged.toolAccessMode = 'whitelist';
+        merged.allowedTools = [...legacyAllowed];
+        metadata.usedLegacyMappings = true;
+        metadata.legacyMappingSources.push('legacyAllowedTools');
+        metadata.warnings.push('Legacy tool whitelist is active. Migrate to policyProfiles + worker.policyProfile.');
+    }
+    const denied = [
+        ...(merged.deniedTools ?? []),
+        ...(options.legacyDeniedTools ?? options.worker?.deniedTools ?? []),
+        ...(options.globalDeniedTools ?? options.swarmConfig?.globalDeniedTools ?? []),
+    ];
+    if (denied.length > 0) {
+        merged.deniedTools = [...new Set(denied)];
+        metadata.usedLegacyMappings = true;
+        metadata.legacyMappingSources.push('legacyDeniedTools/globalDeniedTools');
+        metadata.warnings.push('Legacy denied tools are active. Migrate to policyProfiles[].deniedTools.');
+    }
+    if (options.sandboxConfig?.blockFileCreationViaBash) {
+        merged.bashWriteProtection = 'block_file_mutation';
+        metadata.usedLegacyMappings = true;
+        metadata.legacyMappingSources.push('sandbox.blockFileCreationViaBash');
+        metadata.warnings.push('sandbox.blockFileCreationViaBash is legacy compatibility behavior. Use policy profile bashWriteProtection.');
+    }
+    if (options.sandboxConfig?.bashMode) {
+        merged.bashMode = options.sandboxConfig.bashMode;
+        metadata.usedLegacyMappings = true;
+        metadata.legacyMappingSources.push('sandbox.bashMode');
+        metadata.warnings.push('sandbox.bashMode override is active. Prefer profile-level bashMode.');
+    }
+    if (options.sandboxConfig?.bashWriteProtection) {
+        merged.bashWriteProtection = options.sandboxConfig.bashWriteProtection;
+        metadata.usedLegacyMappings = true;
+        metadata.legacyMappingSources.push('sandbox.bashWriteProtection');
+        metadata.warnings.push('sandbox.bashWriteProtection override is active. Prefer profile-level bashWriteProtection.');
+    }
+    return { profile: merged, metadata };
+}
+export function resolvePolicyProfile(options) {
+    const policyEngine = options.policyEngine || undefined;
+    const legacyFallback = policyEngine?.legacyFallback ?? DEFAULT_POLICY_ENGINE_CONFIG.legacyFallback;
+    const mergedProfiles = {
+        ...DEFAULT_POLICY_PROFILES,
+        ...(policyEngine?.profiles ?? {}),
+        ...(options.swarmConfig?.policyProfiles ?? {}),
+    };
+    // Apply profileExtensions (additive patches from YAML)
+    const extensions = options.swarmConfig?.profileExtensions;
+    if (extensions) {
+        for (const [profileName, ext] of Object.entries(extensions)) {
+            const target = mergedProfiles[profileName];
+            if (!target)
+                continue;
+            if (ext.addTools?.length && target.allowedTools) {
+                target.allowedTools = [...new Set([...target.allowedTools, ...ext.addTools])];
+                // If you explicitly add a tool, remove it from deniedTools so it actually works
+                if (target.deniedTools) {
+                    target.deniedTools = target.deniedTools.filter(t => !ext.addTools.includes(t));
+                }
+            }
+            if (ext.removeTools?.length) {
+                if (target.allowedTools) {
+                    target.allowedTools = target.allowedTools.filter(t => !ext.removeTools.includes(t));
+                }
+                // Also add removed tools to deniedTools for belt-and-suspenders
+                target.deniedTools = [...new Set([...(target.deniedTools ?? []), ...ext.removeTools])];
+            }
+        }
+    }
+    const defaultProfileName = options.isSwarmWorker
+        ? (policyEngine?.defaultSwarmProfile ?? DEFAULT_POLICY_ENGINE_CONFIG.defaultSwarmProfile)
+        : (policyEngine?.defaultProfile ?? DEFAULT_POLICY_ENGINE_CONFIG.defaultProfile);
+    let selectionSource = 'default';
+    let requestedProfile = defaultProfileName;
+    if (options.requestedProfile || options.worker?.policyProfile) {
+        requestedProfile = options.requestedProfile ?? options.worker?.policyProfile ?? defaultProfileName;
+        selectionSource = 'explicit';
+    }
+    else if (options.isSwarmWorker) {
+        const workerInferred = inferSwarmProfileForWorker(options.worker);
+        if (workerInferred) {
+            requestedProfile = workerInferred;
+            selectionSource = 'worker-capability';
+        }
+        else if (options.taskType) {
+            requestedProfile = inferSwarmProfileForTask(options.taskType, options.swarmConfig);
+            selectionSource = 'task-type';
+        }
+        else {
+            requestedProfile = defaultProfileName;
+            selectionSource = 'default';
+        }
+    }
+    const base = mergedProfiles[defaultProfileName] ?? DEFAULT_POLICY_PROFILES['code-full'];
+    const requested = mergedProfiles[requestedProfile] ?? base;
+    const merged = mergeProfiles(base, requested);
+    const { profile: effective, metadata } = legacyFallback
+        ? applyLegacyMappings(merged, options)
+        : {
+            profile: merged,
+            metadata: {
+                selectionSource: 'default',
+                usedLegacyMappings: false,
+                legacyMappingSources: [],
+                warnings: [],
+            },
+        };
+    // Merge worker.extraTools into the profile whitelist (additive, overrides deniedTools)
+    if (options.worker?.extraTools?.length && effective.toolAccessMode === 'whitelist' && effective.allowedTools) {
+        effective.allowedTools = [...new Set([...effective.allowedTools, ...options.worker.extraTools])];
+        // If you explicitly add a tool via extraTools, remove it from deniedTools so it actually works
+        if (effective.deniedTools) {
+            effective.deniedTools = effective.deniedTools.filter(t => !options.worker.extraTools.includes(t));
+        }
+    }
+    return {
+        profileName: requestedProfile,
+        profile: effective,
+        metadata: {
+            ...metadata,
+            selectionSource,
+        },
+    };
+}
+export function isToolAllowedByProfile(toolName, profile) {
+    const mode = profile.toolAccessMode ?? 'all';
+    if (mode === 'whitelist') {
+        const allowed = profile.allowedTools ?? [];
+        if (!allowed.includes(toolName)) {
+            return { allowed: false, reason: `Tool '${toolName}' is not allowed by policy whitelist.` };
+        }
+    }
+    if ((profile.deniedTools ?? []).includes(toolName)) {
+        return { allowed: false, reason: `Tool '${toolName}' is denied by policy profile.` };
+    }
+    return { allowed: true };
+}
+export function evaluateBashCommandByProfile(command, profile, taskType) {
+    let mode = profile.bashMode ?? 'full';
+    if (mode === 'task_scoped') {
+        mode = ['implement', 'test', 'refactor', 'integrate', 'deploy', 'document'].includes(taskType ?? '')
+            ? 'read_only'
+            : 'disabled';
+    }
+    const decision = evaluateBashPolicy(command, mode, profile.bashWriteProtection ?? 'off');
+    return { allowed: decision.allowed, reason: decision.reason };
+}
+export function mergeApprovalScopeWithProfile(scope, profile) {
+    return {
+        autoApprove: [...new Set([...(scope.autoApprove ?? []), ...(profile.approval?.autoApprove ?? [])])],
+        scopedApprove: { ...(scope.scopedApprove ?? {}), ...(profile.approval?.scopedApprove ?? {}) },
+        requireApproval: [...new Set([...(scope.requireApproval ?? []), ...(profile.approval?.requireApproval ?? [])])],
+    };
+}
+//# sourceMappingURL=policy-engine.js.map

package/dist/src/integrations/policy-engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-engine.js","sourceRoot":"","sources":["../../../src/integrations/policy-engine.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,CAAC,MAAM,uBAAuB,GAAkC;IACpE,eAAe,EAAE;QACf,cAAc,EAAE,WAAW;QAC3B,YAAY,EAAE,CAAC,WAAW,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,WAAW,CAAC;QACtH,WAAW,EAAE,CAAC,aAAa,CAAC;QAC5B,QAAQ,EAAE,WAAW;QACrB,mBAAmB,EAAE,qBAAqB;KAC3C;IACD,kBAAkB,EAAE;QAClB,cAAc,EAAE,WAAW;QAC3B,YAAY,EAAE,CAAC,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,UAAU,EAAE,WAAW,CAAC;QACjK,QAAQ,EAAE,MAAM;QAChB,mBAAmB,EAAE,qBAAqB;KAC3C;IACD,WAAW,EAAE;QACX,cAAc,EAAE,KAAK;QACrB,QAAQ,EAAE,MAAM;QAChB,mBAAmB,EAAE,KAAK;KAC3B;IACD,aAAa,EAAE;QACb,cAAc,EAAE,WAAW;QAC3B,YAAY,EAAE,CAAC,WAAW,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,WAAW,CAAC;QAChG,WAAW,EAAE,CAAC,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,CAAC;QAC/D,QAAQ,EAAE,UAAU;QACpB,mBAAmB,EAAE,qBAAqB;KAC3C;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,4BAA4B,GAErC;IACF,OAAO,EAAE,IAAI;IACb,cAAc,EAAE,IAAI;IACpB,cAAc,EAAE,WAAW;IAC3B,mBAAmB,EAAE,kBAAkB;CACxC,CAAC;AA0BF,SAAS,aAAa,CAAC,GAAG,QAA0C;IAClE,MAAM,MAAM,GAAkB,EAAE,CAAC;IACjC,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,MAAM,CAAC,cAAc,GAAG,CAAC,CAAC,cAAc,IAAI,MAAM,CAAC,cAAc,CAAC;QAClE,MAAM,CAAC,YAAY,GAAG,CAAC,CAAC,YAAY,IAAI,MAAM,CAAC,YAAY,CAAC;QAC5D,MAAM,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,IAAI,MAAM,CAAC,WAAW,CAAC;QACzD,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC;QAChD,MAAM,CAAC,mBAAmB,GAAG,CAAC,CAAC,mBAAmB,IAAI,MAAM,CAAC,mBAAmB,CAAC;QACjF,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;YACf,MAAM,CAAC,QAAQ,GAAG;gBAChB,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,IAAI,MAAM,CAAC,QAAQ,EAAE,WAAW;gBACnE,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,aAAa,IAAI,MAAM,CAAC,QAAQ,EAAE,aAAa;gBACzE,eAAe,EAAE,CAAC,CAAC,QAAQ,CAAC,eAAe,IAAI,MAAM,CAAC,QAAQ,EAAE,eAAe;aAChF,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,wBAAwB,CAAC,QAAiB,EAAE,WAAyB;IAC5E,IAAI,CAAC,QAAQ;QAAE,OAAO,kBAAkB,CAAC;IACzC,yDAAyD;IACzD,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;IAC5D,OAAO,UAAU,CAAC,aAAa,IAAI,kBAAkB,CAAC;AACxD,CAAC;AAED,SAAS,0BAA0B,CAAC,MAAwB;IAC1D,IAAI,CAAC,MAAM,EAAE,YAAY,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAChF,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAE1C,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;QACtF,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IACD,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvB,OAAO,aAAa,CAAC;IACvB,CAAC;IACD,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;QACzB,OAAO,eAAe,CAAC;IACzB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,mBAAmB,CAC1B,OAAsB,EACtB,OAAoC;IAKpC,MAAM,MAAM,GAAG,EAAE,GAAG,OAAO,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAsC;QAClD,eAAe,EAAE,SAAS;QAC1B,kBAAkB,EAAE,KAAK;QACzB,oBAAoB,EAAE,EAAE;QACxB,QAAQ,EAAE,EAAE;KACb,CAAC;IAEF,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,IAAI,OAAO,CAAC,MAAM,EAAE,YAAY,CAAC;IACjF,IAAI,aAAa,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,MAAM,CAAC,cAAc,GAAG,WAAW,CAAC;QACpC,MAAM,CAAC,YAAY,GAAG,CAAC,GAAG,aAAa,CAAC,CAAC;QACzC,QAAQ,CAAC,kBAAkB,GAAG,IAAI,CAAC;QACnC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QACzD,QAAQ,CAAC,QAAQ,CAAC,IAAI,CACpB,oFAAoF,CACrF,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG;QACb,GAAG,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC;QAC7B,GAAG,CAAC,OAAO,CAAC,iBAAiB,IAAI,OAAO,CAAC,MAAM,EAAE,WAAW,IAAI,EAAE,CAAC;QACnE,GAAG,CAAC,OAAO,CAAC,iBAAiB,IAAI,OAAO,CAAC,WAAW,EAAE,iBAAiB,IAAI,EAAE,CAAC;KAC/E,CAAC;IACF,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,CAAC,WAAW,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;QAC1C,QAAQ,CAAC,kBAAkB,GAAG,IAAI,CAAC;QACnC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QAC1E,QAAQ,CAAC,QAAQ,CAAC,IAAI,CACpB,0EAA0E,CAC3E,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,aAAa,EAAE,wBAAwB,EAAE,CAAC;QACpD,MAAM,CAAC,mBAAmB,GAAG,qBAAqB,CAAC;QACnD,QAAQ,CAAC,kBAAkB,GAAG,IAAI,CAAC;QACnC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QACvE,QAAQ,CAAC,QAAQ,CAAC,IAAI,CACpB,4GAA4G,CAC7G,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,aAAa,EAAE,QAAQ,EAAE,CAAC;QACpC,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC;QACjD,QAAQ,CAAC,kBAAkB,GAAG,IAAI,CAAC;QACnC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACvD,QAAQ,CAAC,QAAQ,CAAC,IAAI,CACpB,qEAAqE,CACtE,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,CAAC,aAAa,EAAE,mBAAmB,EAAE,CAAC;QAC/C,MAAM,CAAC,mBAAmB,GAAG,OAAO,CAAC,aAAa,CAAC,mBAAmB,CAAC;QACvE,QAAQ,CAAC,kBAAkB,GAAG,IAAI,CAAC;QACnC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAClE,QAAQ,CAAC,QAAQ,CAAC,IAAI,CACpB,2FAA2F,CAC5F,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,OAAoC;IACvE,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,SAAS,CAAC;IACvD,MAAM,cAAc,GAAG,YAAY,EAAE,cAAc,IAAI,4BAA4B,CAAC,cAAc,CAAC;IACnG,MAAM,cAAc,GAAkC;QACpD,GAAG,uBAAuB;QAC1B,GAAG,CAAC,YAAY,EAAE,QAAQ,IAAI,EAAE,CAAC;QACjC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,cAAc,IAAI,EAAE,CAAC;KAC/C,CAAC;IAEF,uDAAuD;IACvD,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,EAAE,iBAAiB,CAAC;IAC1D,IAAI,UAAU,EAAE,CAAC;QACf,KAAK,MAAM,CAAC,WAAW,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5D,MAAM,MAAM,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;YAC3C,IAAI,CAAC,MAAM;gBAAE,SAAS;YACtB,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBAChD,MAAM,CAAC,YAAY,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,MAAM,CAAC,YAAY,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;gBAC9E,gFAAgF;gBAChF,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;oBACvB,MAAM,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,QAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClF,CAAC;YACH,CAAC;YACD,IAAI,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE,CAAC;gBAC5B,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;oBACxB,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,WAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;gBACvF,CAAC;gBACD,gEAAgE;gBAChE,MAAM,CAAC,WAAW,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC,EAAE,GAAG,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;YACzF,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,kBAAkB,GAAG,OAAO,CAAC,aAAa;QAC9C,CAAC,CAAC,CAAC,YAAY,EAAE,mBAAmB,IAAI,4BAA4B,CAAC,mBAAmB,CAAC;QACzF,CAAC,CAAC,CAAC,YAAY,EAAE,cAAc,IAAI,4BAA4B,CAAC,cAAc,CAAC,CAAC;IAElF,IAAI,eAAe,GAAyD,SAAS,CAAC;IACtF,IAAI,gBAAgB,GAAW,kBAAkB,CAAC;IAElD,IAAI,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,MAAM,EAAE,aAAa,EAAE,CAAC;QAC9D,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,MAAM,EAAE,aAAa,IAAI,kBAAkB,CAAC;QACnG,eAAe,GAAG,UAAU,CAAC;IAC/B,CAAC;SAAM,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;QACjC,MAAM,cAAc,GAAG,0BAA0B,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAClE,IAAI,cAAc,EAAE,CAAC;YACnB,gBAAgB,GAAG,cAAc,CAAC;YAClC,eAAe,GAAG,mBAAmB,CAAC;QACxC,CAAC;aAAM,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC5B,gBAAgB,GAAG,wBAAwB,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACnF,eAAe,GAAG,WAAW,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,gBAAgB,GAAG,kBAAkB,CAAC;YACtC,eAAe,GAAG,SAAS,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,cAAc,CAAC,kBAAkB,CAAC,IAAI,uBAAuB,CAAC,WAAW,CAAC,CAAC;IACxF,MAAM,SAAS,GAAG,cAAc,CAAC,gBAAgB,CAAC,IAAI,IAAI,CAAC;IAE3D,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAC9C,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,cAAc;QACrD,CAAC,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC;QACtC,CAAC,CAAC;YACE,OAAO,EAAE,MAAM;YACf,QAAQ,EAAE;gBACR,eAAe,EAAE,SAAkB;gBACnC,kBAAkB,EAAE,KAAK;gBACzB,oBAAoB,EAAE,EAAE;gBACxB,QAAQ,EAAE,EAAE;aACb;SACF,CAAC;IAEN,uFAAuF;IACvF,IAAI,OAAO,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,IAAI,SAAS,CAAC,cAAc,KAAK,WAAW,IAAI,SAAS,CAAC,YAAY,EAAE,CAAC;QAC7G,SAAS,CAAC,YAAY,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,SAAS,CAAC,YAAY,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACjG,+FAA+F;QAC/F,IAAI,SAAS,CAAC,WAAW,EAAE,CAAC;YAC1B,SAAS,CAAC,WAAW,GAAG,SAAS,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,MAAO,CAAC,UAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QACtG,CAAC;IACH,CAAC;IAED,OAAO;QACL,WAAW,EAAE,gBAAgB;QAC7B,OAAO,EAAE,SAAS;QAClB,QAAQ,EAAE;YACR,GAAG,QAAQ;YACX,eAAe;SAChB;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,QAAgB,EAChB,OAAsB;IAEtB,MAAM,IAAI,GAAG,OAAO,CAAC,cAAc,IAAI,KAAK,CAAC;IAE7C,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;QACzB,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;QAC3C,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,QAAQ,uCAAuC,EAAE,CAAC;QAC9F,CAAC;IACH,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,QAAQ,gCAAgC,EAAE,CAAC;IACvF,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,4BAA4B,CAC1C,OAAe,EACf,OAAsB,EACtB,QAAiB;IAEjB,IAAI,IAAI,GAAG,OAAO,CAAC,QAAQ,IAAI,MAAM,CAAC;IACtC,IAAI,IAAI,KAAK,aAAa,EAAE,CAAC;QAC3B,IAAI,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC;YAClG,CAAC,CAAC,WAAW;YACb,CAAC,CAAC,UAAU,CAAC;IACjB,CAAC;IAED,MAAM,QAAQ,GAAG,kBAAkB,CACjC,OAAO,EACP,IAAI,EACJ,OAAO,CAAC,mBAAmB,IAAI,KAAK,CACrC,CAAC;IAEF,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC;AAChE,CAAC;AAED,MAAM,UAAU,6BAA6B,CAC3C,KAIC,EACD,OAAsB;IAMtB,OAAO;QACL,WAAW,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,WAAW,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACnG,aAAa,EAAE,EAAE,GAAG,CAAC,KAAK,CAAC,aAAa,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,aAAa,IAAI,EAAE,CAAC,EAAE;QAC7F,eAAe,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,eAAe,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;KAChH,CAAC;AACJ,CAAC"}

package/dist/src/integrations/safety.d.ts

@@ -4,13 +4,14 @@
  * Integrates sandboxing (Lesson 20) and human-in-the-loop (Lesson 21)
  * into the production agent. Provides execution safety and approval workflows.
  */
-import type { SandboxConfig, HumanInLoopConfig, ToolCall } from '../types.js';
+import type { SandboxConfig, PolicyEngineConfig, HumanInLoopConfig, ToolCall } from '../types.js';
 /**
  * Manages sandboxed execution of tools.
  */
 export declare class SandboxManager {
     private config;
-    constructor(config: SandboxConfig);
+    private policyEngineConfig?;
+    constructor(config: SandboxConfig, policyEngineConfig?: PolicyEngineConfig | false);
     /**
      * Check if a command is allowed.
      */
@@ -104,7 +105,7 @@ export declare class HumanInLoopManager {
 export declare class SafetyManager {
     sandbox: SandboxManager | null;
     humanInLoop: HumanInLoopManager | null;
-    constructor(sandboxConfig: SandboxConfig | false, hilConfig: HumanInLoopConfig | false);
+    constructor(sandboxConfig: SandboxConfig | false, hilConfig: HumanInLoopConfig | false, policyEngineConfig?: PolicyEngineConfig | false);
     /**
      * Validate a tool call against all safety rules.
      */
@@ -168,6 +169,6 @@ interface AuditSummary {
         high: number;
     };
 }
-export declare function createSafetyManager(sandboxConfig: SandboxConfig | false, hilConfig: HumanInLoopConfig | false): SafetyManager;
+export declare function createSafetyManager(sandboxConfig: SandboxConfig | false, hilConfig: HumanInLoopConfig | false, policyEngineConfig?: PolicyEngineConfig | false): SafetyManager;
 export {};
 //# sourceMappingURL=safety.d.ts.map

package/dist/src/integrations/safety.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"safety.d.ts","sourceRoot":"","sources":["../../../src/integrations/safety.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EACV,aAAa,EACb,iBAAiB,EACjB,QAAQ,EAGT,MAAM,aAAa,CAAC;AAMrB;;GAEG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAgB;gBAElB,MAAM,EAAE,aAAa;IAIjC;;OAEG;IACH,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;IAmBxE;;;;OAIG;IACH,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAyDpC;;OAEG;IACH,iBAAiB,IAAI,WAAW,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;IASjE;;OAEG;IACG,iBAAiB,CAAC,CAAC,EACvB,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACpB,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,CAAC,CAAC;IAqBb;;OAEG;IACH,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,GAAG;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;CAoB1E;AAMD;;GAEG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,QAAQ,CAAoB;IACpC,OAAO,CAAC,gBAAgB,CAA2C;IACnE,OAAO,CAAC,aAAa,CAA8B;IAGnD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;IACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAQ;gBAE1B,MAAM,EAAE,iBAAiB;IAIrC;;;OAGG;IACH,gBAAgB,CAAC,KAAK,EAAE,aAAa,GAAG,IAAI;IAI5C;;OAEG;IACH,OAAO,CAAC,aAAa;IAsCrB;;OAEG;IACH,UAAU,CAAC,QAAQ,EAAE,QAAQ,GAAG,SAAS;IA0CzC;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO;IAgB1C;;OAEG;IACG,eAAe,CACnB,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,cAAc,CAAC;IAyC1B;;OAEG;YACW,eAAe;IAwB7B;;OAEG;YACW,kBAAkB;IAqBhC;;;OAGG;IACH,OAAO,CAAC,SAAS;IAyBjB;;OAEG;IACH,WAAW,IAAI,UAAU,EAAE;IAI3B;;OAEG;IACH,eAAe,IAAI,YAAY;IAa/B;;OAEG;IACH,aAAa,IAAI,IAAI;CAGtB;AAMD;;GAEG;AACH,qBAAa,aAAa;IACjB,OAAO,EAAE,cAAc,GAAG,IAAI,CAAQ;IACtC,WAAW,EAAE,kBAAkB,GAAG,IAAI,CAAQ;gBAEzC,aAAa,EAAE,aAAa,GAAG,KAAK,EAAE,SAAS,EAAE,iBAAiB,GAAG,KAAK;IAUtF;;OAEG;IACG,kBAAkB,CACtB,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE;QAAE,iBAAiB,CAAC,EAAE,OAAO,CAAA;KAAE,GACxC,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAsBjD;;OAEG;IACG,iBAAiB,CAAC,CAAC,EACvB,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACpB,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,CAAC,CAAC;CAcd;AAMD;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC5B,wEAAwE;IACxE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,iDAAiD;IACjD,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IACpD,6DAA6D;IAC7D,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED;;;GAGG;AACH,KAAK,SAAS,GAAG,KAAK,GAAG,UAAU,GAAG,MAAM,GAAG,UAAU,CAAC;AAE1D;;;GAGG;AACH,UAAU,cAAc;IACtB,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,gDAAgD;IAChD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAWD,UAAU,UAAU;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,OAAO,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,SAAS,CAAC;CACjB;AAED,UAAU,YAAY;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE;QACN,GAAG,EAAE,MAAM,CAAC;QACZ,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AAMD,wBAAgB,mBAAmB,CACjC,aAAa,EAAE,aAAa,GAAG,KAAK,EACpC,SAAS,EAAE,iBAAiB,GAAG,KAAK,GACnC,aAAa,CAEf"}
+{"version":3,"file":"safety.d.ts","sourceRoot":"","sources":["../../../src/integrations/safety.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,KAAK,EACV,aAAa,EACb,kBAAkB,EAClB,iBAAiB,EACjB,QAAQ,EAGT,MAAM,aAAa,CAAC;AAYrB;;GAEG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,kBAAkB,CAAC,CAAqB;gBAEpC,MAAM,EAAE,aAAa,EAAE,kBAAkB,CAAC,EAAE,kBAAkB,GAAG,KAAK;IAKlF;;OAEG;IACH,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;IAkCxE;;;;OAIG;IACH,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAyDpC;;OAEG;IACH,iBAAiB,IAAI,WAAW,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;IASjE;;OAEG;IACG,iBAAiB,CAAC,CAAC,EACvB,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACpB,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,CAAC,CAAC;IAqBb;;OAEG;IACH,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,GAAG;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;CA6B1E;AAMD;;GAEG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,QAAQ,CAAoB;IACpC,OAAO,CAAC,gBAAgB,CAA2C;IACnE,OAAO,CAAC,aAAa,CAA8B;IAGnD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;IACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAQ;gBAE1B,MAAM,EAAE,iBAAiB;IAIrC;;;OAGG;IACH,gBAAgB,CAAC,KAAK,EAAE,aAAa,GAAG,IAAI;IAI5C;;OAEG;IACH,OAAO,CAAC,aAAa;IAsCrB;;OAEG;IACH,UAAU,CAAC,QAAQ,EAAE,QAAQ,GAAG,SAAS;IA0CzC;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO;IAgB1C;;OAEG;IACG,eAAe,CACnB,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,cAAc,CAAC;IAyC1B;;OAEG;YACW,eAAe;IAwB7B;;OAEG;YACW,kBAAkB;IAqBhC;;;OAGG;IACH,OAAO,CAAC,SAAS;IAyBjB;;OAEG;IACH,WAAW,IAAI,UAAU,EAAE;IAI3B;;OAEG;IACH,eAAe,IAAI,YAAY;IAa/B;;OAEG;IACH,aAAa,IAAI,IAAI;CAGtB;AAMD;;GAEG;AACH,qBAAa,aAAa;IACjB,OAAO,EAAE,cAAc,GAAG,IAAI,CAAQ;IACtC,WAAW,EAAE,kBAAkB,GAAG,IAAI,CAAQ;gBAGnD,aAAa,EAAE,aAAa,GAAG,KAAK,EACpC,SAAS,EAAE,iBAAiB,GAAG,KAAK,EACpC,kBAAkB,CAAC,EAAE,kBAAkB,GAAG,KAAK;IAWjD;;OAEG;IACG,kBAAkB,CACtB,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE;QAAE,iBAAiB,CAAC,EAAE,OAAO,CAAA;KAAE,GACxC,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAsBjD;;OAEG;IACG,iBAAiB,CAAC,CAAC,EACvB,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACpB,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,CAAC,CAAC;CAcd;AAMD;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC5B,wEAAwE;IACxE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,iDAAiD;IACjD,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IACpD,6DAA6D;IAC7D,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED;;;GAGG;AACH,KAAK,SAAS,GAAG,KAAK,GAAG,UAAU,GAAG,MAAM,GAAG,UAAU,CAAC;AAE1D;;;GAGG;AACH,UAAU,cAAc;IACtB,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,gDAAgD;IAChD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAWD,UAAU,UAAU;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,OAAO,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,SAAS,CAAC;CACjB;AAED,UAAU,YAAY;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE;QACN,GAAG,EAAE,MAAM,CAAC;QACZ,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AAMD,wBAAgB,mBAAmB,CACjC,aAAa,EAAE,aAAa,GAAG,KAAK,EACpC,SAAS,EAAE,iBAAiB,GAAG,KAAK,EACpC,kBAAkB,CAAC,EAAE,kBAAkB,GAAG,KAAK,GAC9C,aAAa,CAEf"}

package/dist/src/integrations/safety.js

@@ -6,6 +6,8 @@
  */
 import { resolve, isAbsolute, dirname } from 'node:path';
 import { realpathSync, existsSync, lstatSync } from 'node:fs';
+import { evaluateBashCommandByProfile, isToolAllowedByProfile, resolvePolicyProfile, } from './policy-engine.js';
+import { stripCdPrefix } from './bash-policy.js';
 // =============================================================================
 // SANDBOX MANAGER
 // =============================================================================
@@ -14,13 +16,23 @@ import { realpathSync, existsSync, lstatSync } from 'node:fs';
  */
 export class SandboxManager {
     config;
-    constructor(config) {
+    policyEngineConfig;
+    constructor(config, policyEngineConfig) {
         this.config = config;
+        this.policyEngineConfig = policyEngineConfig || undefined;
     }
     /**
      * Check if a command is allowed.
      */
     isCommandAllowed(command) {
+        const { profile } = resolvePolicyProfile({
+            policyEngine: this.policyEngineConfig,
+            sandboxConfig: this.config,
+        });
+        const policyDecision = evaluateBashCommandByProfile(command, profile);
+        if (!policyDecision.allowed) {
+            return { allowed: false, reason: policyDecision.reason };
+        }
         // Check blocked patterns first
         for (const blocked of this.config.blockedCommands || []) {
             if (command.includes(blocked)) {
@@ -29,9 +41,14 @@ export class SandboxManager {
         }
         // Check allowed commands
         const allowedCommands = this.config.allowedCommands || [];
-        const commandBase = command.split(' ')[0];
+        const effective = stripCdPrefix(command);
+        const commandBase = effective.split(' ')[0];
         if (allowedCommands.length > 0 && !allowedCommands.includes(commandBase)) {
-            return { allowed: false, reason: `Command not in allowlist: ${commandBase}` };
+            const suggestions = allowedCommands.slice(0, 10).join(', ');
+            return {
+                allowed: false,
+                reason: `Command '${commandBase}' is not in the sandbox allowlist. Use built-in tools (read_file, write_file, edit_file, glob, grep) instead, or use bash with an allowed command: ${suggestions}...`,
+            };
         }
         return { allowed: true };
     }
@@ -131,6 +148,14 @@ export class SandboxManager {
      */
     validateToolCall(toolCall) {
         const args = toolCall.arguments;
+        const { profile } = resolvePolicyProfile({
+            policyEngine: this.policyEngineConfig,
+            sandboxConfig: this.config,
+        });
+        const toolDecision = isToolAllowedByProfile(toolCall.name, profile);
+        if (!toolDecision.allowed) {
+            return { valid: false, reason: toolDecision.reason };
+        }
         // Check for command execution tools
         if (toolCall.name === 'bash' || toolCall.name === 'shell' || toolCall.name === 'execute') {
             const command = String(args.command || args.cmd || '');
@@ -390,9 +415,9 @@ export class HumanInLoopManager {
 export class SafetyManager {
     sandbox = null;
     humanInLoop = null;
-    constructor(sandboxConfig, hilConfig) {
+    constructor(sandboxConfig, hilConfig, policyEngineConfig) {
         if (sandboxConfig && sandboxConfig.enabled !== false) {
-            this.sandbox = new SandboxManager(sandboxConfig);
+            this.sandbox = new SandboxManager(sandboxConfig, policyEngineConfig);
         }
         if (hilConfig && hilConfig.enabled !== false) {
             this.humanInLoop = new HumanInLoopManager(hilConfig);
@@ -439,7 +464,7 @@ export class SafetyManager {
 // =============================================================================
 // FACTORY
 // =============================================================================
-export function createSafetyManager(sandboxConfig, hilConfig) {
-    return new SafetyManager(sandboxConfig, hilConfig);
+export function createSafetyManager(sandboxConfig, hilConfig, policyEngineConfig) {
+    return new SafetyManager(sandboxConfig, hilConfig, policyEngineConfig);
 }
 //# sourceMappingURL=safety.js.map