npm - attocode - Versions diffs - 0.2.4 → 0.2.5 - Mend

attocode 0.2.4 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (577) hide show

package/dist/src/integrations/safety/execution-policy.js ADDED Viewed

@@ -0,0 +1,352 @@
+/**
+ * Lesson 25: Execution Policy Integration
+ *
+ * Integrates execution policies and intent classification (from Lesson 23)
+ * into the production agent. Provides three-tier tool access control
+ * and intent-aware policy decisions.
+ */
+// =============================================================================
+// EXECUTION POLICY MANAGER
+// =============================================================================
+/**
+ * ExecutionPolicyManager handles tool access control and intent classification.
+ */
+export class ExecutionPolicyManager {
+    config;
+    grants = new Map();
+    listeners = [];
+    grantIdCounter = 0;
+    constructor(config = {}) {
+        this.config = {
+            defaultPolicy: config.defaultPolicy ?? 'prompt',
+            toolPolicies: config.toolPolicies ?? {},
+            intentAware: config.intentAware ?? true,
+            intentConfidenceThreshold: config.intentConfidenceThreshold ?? 0.7,
+        };
+    }
+    /**
+     * Evaluate policy for a tool call.
+     */
+    evaluate(toolCall, context) {
+        // Check for active grant first
+        const grant = this.findGrant(toolCall);
+        if (grant) {
+            this.useGrant(grant);
+            return {
+                policy: 'allow',
+                reason: `Allowed by grant: ${grant.reason || 'permission granted'}`,
+                grantUsed: grant,
+                requiresApproval: false,
+            };
+        }
+        // Get base policy for tool
+        const toolPolicy = this.config.toolPolicies[toolCall.name];
+        let policy = toolPolicy?.policy ?? this.config.defaultPolicy;
+        let reason = toolPolicy?.reason ?? 'Default policy';
+        // Check conditions
+        if (toolPolicy?.conditions) {
+            for (const condition of toolPolicy.conditions) {
+                if (this.matchesCondition(toolCall, context, condition)) {
+                    policy = condition.policy;
+                    reason = condition.reason || `Condition matched`;
+                    break;
+                }
+            }
+        }
+        // Classify intent if enabled
+        let intent;
+        if (this.config.intentAware && policy === 'prompt') {
+            intent = this.classifyIntent(toolCall, context);
+            this.emit({ type: 'intent.classified', tool: toolCall.name, intent });
+            // Adjust policy based on intent
+            if (intent.type === 'deliberate' && intent.confidence >= this.config.intentConfidenceThreshold) {
+                policy = 'allow';
+                reason = `Intent: deliberate (confidence: ${(intent.confidence * 100).toFixed(0)}%)`;
+            }
+        }
+        const result = {
+            policy,
+            reason,
+            intent,
+            requiresApproval: policy === 'prompt',
+        };
+        this.emit({ type: 'policy.evaluated', tool: toolCall.name, result });
+        if (policy === 'forbidden') {
+            this.emit({ type: 'tool.blocked', tool: toolCall.name, reason });
+        }
+        else if (policy === 'prompt') {
+            this.emit({ type: 'tool.prompted', tool: toolCall.name });
+        }
+        return result;
+    }
+    /**
+     * Create a permission grant.
+     */
+    createGrant(options) {
+        const grant = {
+            id: `grant_${++this.grantIdCounter}`,
+            ...options,
+        };
+        this.grants.set(grant.id, grant);
+        this.emit({ type: 'grant.created', grant });
+        return grant;
+    }
+    /**
+     * Revoke a grant.
+     */
+    revokeGrant(grantId) {
+        const existed = this.grants.delete(grantId);
+        if (existed) {
+            this.emit({ type: 'grant.expired', grantId });
+        }
+        return existed;
+    }
+    /**
+     * Get active grants.
+     */
+    getActiveGrants() {
+        this.cleanupExpiredGrants();
+        return Array.from(this.grants.values());
+    }
+    /**
+     * Subscribe to events.
+     */
+    on(listener) {
+        this.listeners.push(listener);
+        return () => {
+            const idx = this.listeners.indexOf(listener);
+            if (idx >= 0)
+                this.listeners.splice(idx, 1);
+        };
+    }
+    /**
+     * Update tool policy.
+     */
+    setToolPolicy(toolName, policy) {
+        this.config.toolPolicies[toolName] = policy;
+    }
+    /**
+     * Get current config.
+     */
+    getConfig() {
+        return { ...this.config };
+    }
+    // -------------------------------------------------------------------------
+    // PRIVATE METHODS
+    // -------------------------------------------------------------------------
+    emit(event) {
+        for (const listener of this.listeners) {
+            try {
+                listener(event);
+            }
+            catch {
+                // Ignore listener errors
+            }
+        }
+    }
+    findGrant(toolCall) {
+        this.cleanupExpiredGrants();
+        for (const grant of this.grants.values()) {
+            if (grant.toolName !== toolCall.name)
+                continue;
+            // Check arg pattern if specified
+            if (grant.argPattern) {
+                if (!this.matchesArgPattern(toolCall.arguments, grant.argPattern)) {
+                    continue;
+                }
+            }
+            // Check usage limit
+            if (grant.maxUsages !== undefined && (grant.usageCount ?? 0) >= grant.maxUsages) {
+                continue;
+            }
+            return grant;
+        }
+        return undefined;
+    }
+    useGrant(grant) {
+        grant.usageCount = (grant.usageCount ?? 0) + 1;
+        this.emit({ type: 'grant.used', grant });
+        // Check if grant should be removed
+        if (grant.maxUsages !== undefined && grant.usageCount >= grant.maxUsages) {
+            this.grants.delete(grant.id);
+            this.emit({ type: 'grant.expired', grantId: grant.id });
+        }
+    }
+    cleanupExpiredGrants() {
+        const now = new Date();
+        for (const [id, grant] of this.grants) {
+            if (grant.expiresAt && grant.expiresAt < now) {
+                this.grants.delete(id);
+                this.emit({ type: 'grant.expired', grantId: id });
+            }
+        }
+    }
+    matchesCondition(toolCall, context, condition) {
+        // Check argument pattern
+        if (condition.argMatch) {
+            for (const [key, pattern] of Object.entries(condition.argMatch)) {
+                const value = toolCall.arguments[key];
+                if (value === undefined)
+                    return false;
+                const stringValue = String(value);
+                if (typeof pattern === 'string') {
+                    if (!stringValue.includes(pattern))
+                        return false;
+                }
+                else if (pattern instanceof RegExp) {
+                    if (!pattern.test(stringValue))
+                        return false;
+                }
+            }
+        }
+        // Check context condition
+        if (condition.contextMatch) {
+            if (!condition.contextMatch(context))
+                return false;
+        }
+        return true;
+    }
+    matchesArgPattern(args, pattern) {
+        for (const [key, value] of Object.entries(pattern)) {
+            const argValue = args[key];
+            if (argValue !== value)
+                return false;
+        }
+        return true;
+    }
+    classifyIntent(toolCall, context) {
+        const evidence = [];
+        let score = 0;
+        // Check if tool name appears in recent user message
+        const recentUserMessage = context.currentMessage || this.getLastUserMessage(context);
+        if (recentUserMessage) {
+            const normalizedTool = toolCall.name.toLowerCase().replace(/_/g, ' ');
+            const normalizedMessage = recentUserMessage.toLowerCase();
+            if (normalizedMessage.includes(normalizedTool) ||
+                normalizedMessage.includes(toolCall.name.toLowerCase())) {
+                score += 0.4;
+                evidence.push('Tool name mentioned in user message');
+            }
+            // Check for imperative verbs suggesting intent
+            const imperatives = ['please', 'can you', 'could you', 'i need', 'i want', 'do', 'run', 'execute'];
+            if (imperatives.some(imp => normalizedMessage.includes(imp))) {
+                score += 0.2;
+                evidence.push('Imperative language detected');
+            }
+        }
+        // Check if this tool was used before in conversation
+        const previousToolCalls = context.previousToolCalls || [];
+        if (previousToolCalls.some(tc => tc.name === toolCall.name)) {
+            score += 0.2;
+            evidence.push('Tool used previously in session');
+        }
+        // Check conversation flow
+        if (context.messages.length >= 2) {
+            const recentMessages = context.messages.slice(-3);
+            const mentionsAction = recentMessages.some(m => m.content.toLowerCase().includes(toolCall.name.toLowerCase()));
+            if (mentionsAction) {
+                score += 0.2;
+                evidence.push('Tool discussed in recent messages');
+            }
+        }
+        // Determine intent type
+        let type;
+        if (score >= 0.6) {
+            type = 'deliberate';
+        }
+        else if (score >= 0.3) {
+            type = 'inferred';
+        }
+        else {
+            type = 'accidental';
+        }
+        return {
+            type,
+            confidence: Math.min(1, score),
+            evidence,
+        };
+    }
+    getLastUserMessage(context) {
+        for (let i = context.messages.length - 1; i >= 0; i--) {
+            if (context.messages[i].role === 'user') {
+                return context.messages[i].content;
+            }
+        }
+        return undefined;
+    }
+}
+// =============================================================================
+// FACTORY
+// =============================================================================
+/**
+ * Create an execution policy manager.
+ */
+export function createExecutionPolicyManager(config) {
+    return new ExecutionPolicyManager(config);
+}
+// =============================================================================
+// PRESET POLICIES
+// =============================================================================
+/**
+ * Strict policy preset - minimal auto-allow.
+ */
+export const STRICT_POLICY = {
+    defaultPolicy: 'prompt',
+    intentAware: true,
+    intentConfidenceThreshold: 0.9,
+    toolPolicies: {
+        read_file: { policy: 'allow', reason: 'Read-only operation' },
+        list_directory: { policy: 'allow', reason: 'Read-only operation' },
+        search: { policy: 'allow', reason: 'Read-only operation' },
+        write_file: { policy: 'prompt', reason: 'Modifies filesystem' },
+        delete_file: { policy: 'forbidden', reason: 'Destructive operation' },
+        bash: {
+            policy: 'prompt',
+            conditions: [
+                { argMatch: { command: /^ls\s/ }, policy: 'allow', reason: 'Safe read command' },
+                { argMatch: { command: /^rm\s/ }, policy: 'forbidden', reason: 'Destructive command' },
+                { argMatch: { command: /^sudo\s/ }, policy: 'forbidden', reason: 'Elevated privileges' },
+            ],
+        },
+    },
+};
+/**
+ * Balanced policy preset - reasonable defaults.
+ */
+export const BALANCED_POLICY = {
+    defaultPolicy: 'prompt',
+    intentAware: true,
+    intentConfidenceThreshold: 0.7,
+    toolPolicies: {
+        read_file: { policy: 'allow' },
+        list_directory: { policy: 'allow' },
+        search: { policy: 'allow' },
+        write_file: { policy: 'prompt' },
+        delete_file: { policy: 'prompt' },
+        bash: {
+            policy: 'prompt',
+            conditions: [
+                { argMatch: { command: /^(ls|pwd|echo|cat|head|tail|grep)\s/ }, policy: 'allow' },
+                { argMatch: { command: /^rm\s+-rf\s+\// }, policy: 'forbidden' },
+            ],
+        },
+    },
+};
+/**
+ * Permissive policy preset - trust the agent.
+ */
+export const PERMISSIVE_POLICY = {
+    defaultPolicy: 'allow',
+    intentAware: false,
+    toolPolicies: {
+        bash: {
+            policy: 'allow',
+            conditions: [
+                { argMatch: { command: /^rm\s+-rf\s+\// }, policy: 'forbidden' },
+                { argMatch: { command: /^sudo\s/ }, policy: 'prompt' },
+            ],
+        },
+        delete_file: { policy: 'prompt' },
+    },
+};
+//# sourceMappingURL=execution-policy.js.map

package/dist/src/integrations/safety/execution-policy.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"execution-policy.js","sourceRoot":"","sources":["../../../../src/integrations/safety/execution-policy.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAwHH,gFAAgF;AAChF,2BAA2B;AAC3B,gFAAgF;AAEhF;;GAEG;AACH,MAAM,OAAO,sBAAsB;IACzB,MAAM,CAAwB;IAC9B,MAAM,GAAG,IAAI,GAAG,EAA2B,CAAC;IAC5C,SAAS,GAA0B,EAAE,CAAC;IACtC,cAAc,GAAG,CAAC,CAAC;IAE3B,YAAY,SAAyC,EAAE;QACrD,IAAI,CAAC,MAAM,GAAG;YACZ,aAAa,EAAE,MAAM,CAAC,aAAa,IAAI,QAAQ;YAC/C,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,EAAE;YACvC,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,IAAI;YACvC,yBAAyB,EAAE,MAAM,CAAC,yBAAyB,IAAI,GAAG;SACnE,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,QAAQ,CACN,QAAkB,EAClB,OAAsB;QAEtB,+BAA+B;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACvC,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACrB,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,qBAAqB,KAAK,CAAC,MAAM,IAAI,oBAAoB,EAAE;gBACnE,SAAS,EAAE,KAAK;gBAChB,gBAAgB,EAAE,KAAK;aACxB,CAAC;QACJ,CAAC;QAED,2BAA2B;QAC3B,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,IAAI,MAAM,GAAG,UAAU,EAAE,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC;QAC7D,IAAI,MAAM,GAAG,UAAU,EAAE,MAAM,IAAI,gBAAgB,CAAC;QAEpD,mBAAmB;QACnB,IAAI,UAAU,EAAE,UAAU,EAAE,CAAC;YAC3B,KAAK,MAAM,SAAS,IAAI,UAAU,CAAC,UAAU,EAAE,CAAC;gBAC9C,IAAI,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,EAAE,CAAC;oBACxD,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;oBAC1B,MAAM,GAAG,SAAS,CAAC,MAAM,IAAI,mBAAmB,CAAC;oBACjD,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,IAAI,MAAwC,CAAC;QAC7C,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YACnD,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YAEtE,gCAAgC;YAChC,IAAI,MAAM,CAAC,IAAI,KAAK,YAAY,IAAI,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,MAAM,CAAC,yBAA0B,EAAE,CAAC;gBAChG,MAAM,GAAG,OAAO,CAAC;gBACjB,MAAM,GAAG,mCAAmC,CAAC,MAAM,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;YACvF,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAqB;YAC/B,MAAM;YACN,MAAM;YACN,MAAM;YACN,gBAAgB,EAAE,MAAM,KAAK,QAAQ;SACtC,CAAC;QAEF,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QAErE,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;YAC3B,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QACnE,CAAC;aAAM,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,OAAoC;QAC9C,MAAM,KAAK,GAAoB;YAC7B,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,cAAc,EAAE;YACpC,GAAG,OAAO;SACX,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,CAAC;QAE5C,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,OAAe;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,eAAe;QACb,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC5B,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,EAAE,CAAC,QAA6B;QAC9B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9B,OAAO,GAAG,EAAE;YACV,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC7C,IAAI,GAAG,IAAI,CAAC;gBAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAC9C,CAAC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,QAAgB,EAAE,MAAkB;QAChD,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IAC5B,CAAC;IAED,4EAA4E;IAC5E,kBAAkB;IAClB,4EAA4E;IAEpE,IAAI,CAAC,KAAkB;QAC7B,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,QAAQ,CAAC,KAAK,CAAC,CAAC;YAClB,CAAC;YAAC,MAAM,CAAC;gBACP,yBAAyB;YAC3B,CAAC;QACH,CAAC;IACH,CAAC;IAEO,SAAS,CAAC,QAAkB;QAClC,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAE5B,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;YACzC,IAAI,KAAK,CAAC,QAAQ,KAAK,QAAQ,CAAC,IAAI;gBAAE,SAAS;YAE/C,iCAAiC;YACjC,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;gBACrB,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,SAAS,EAAE,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;oBAClE,SAAS;gBACX,CAAC;YACH,CAAC;YAED,oBAAoB;YACpB,IAAI,KAAK,CAAC,SAAS,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;gBAChF,SAAS;YACX,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,QAAQ,CAAC,KAAsB;QACrC,KAAK,CAAC,UAAU,GAAG,CAAC,KAAK,CAAC,UAAU,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAC/C,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;QAEzC,mCAAmC;QACnC,IAAI,KAAK,CAAC,SAAS,KAAK,SAAS,IAAI,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;YACzE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC7B,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAEO,oBAAoB;QAC1B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACtC,IAAI,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;gBAC7C,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBACvB,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;IACH,CAAC;IAEO,gBAAgB,CACtB,QAAkB,EAClB,OAAsB,EACtB,SAA0B;QAE1B,yBAAyB;QACzB,IAAI,SAAS,CAAC,QAAQ,EAAE,CAAC;YACvB,KAAK,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAChE,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACtC,IAAI,KAAK,KAAK,SAAS;oBAAE,OAAO,KAAK,CAAC;gBAEtC,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;gBAClC,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;oBAChC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC;wBAAE,OAAO,KAAK,CAAC;gBACnD,CAAC;qBAAM,IAAI,OAAO,YAAY,MAAM,EAAE,CAAC;oBACrC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC;wBAAE,OAAO,KAAK,CAAC;gBAC/C,CAAC;YACH,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,IAAI,SAAS,CAAC,YAAY,EAAE,CAAC;YAC3B,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAC;QACrD,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,iBAAiB,CACvB,IAA6B,EAC7B,OAAgC;QAEhC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;YAC3B,IAAI,QAAQ,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAC;QACvC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,cAAc,CACpB,QAAkB,EAClB,OAAsB;QAEtB,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,IAAI,KAAK,GAAG,CAAC,CAAC;QAEd,oDAAoD;QACpD,MAAM,iBAAiB,GAAG,OAAO,CAAC,cAAc,IAAI,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACrF,IAAI,iBAAiB,EAAE,CAAC;YACtB,MAAM,cAAc,GAAG,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YACtE,MAAM,iBAAiB,GAAG,iBAAiB,CAAC,WAAW,EAAE,CAAC;YAE1D,IAAI,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC;gBAC1C,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBAC5D,KAAK,IAAI,GAAG,CAAC;gBACb,QAAQ,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;YACvD,CAAC;YAED,+CAA+C;YAC/C,MAAM,WAAW,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;YACnG,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,iBAAiB,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAC7D,KAAK,IAAI,GAAG,CAAC;gBACb,QAAQ,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAED,qDAAqD;QACrD,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAC;QAC1D,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,KAAK,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5D,KAAK,IAAI,GAAG,CAAC;YACb,QAAQ,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QACnD,CAAC;QAED,0BAA0B;QAC1B,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACjC,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAClD,MAAM,cAAc,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC7C,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAC9D,CAAC;YACF,IAAI,cAAc,EAAE,CAAC;gBACnB,KAAK,IAAI,GAAG,CAAC;gBACb,QAAQ,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;QAED,wBAAwB;QACxB,IAAI,IAAgB,CAAC;QACrB,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACjB,IAAI,GAAG,YAAY,CAAC;QACtB,CAAC;aAAM,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;YACxB,IAAI,GAAG,UAAU,CAAC;QACpB,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,YAAY,CAAC;QACtB,CAAC;QAED,OAAO;YACL,IAAI;YACJ,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC;YAC9B,QAAQ;SACT,CAAC;IACJ,CAAC;IAEO,kBAAkB,CAAC,OAAsB;QAC/C,KAAK,IAAI,CAAC,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YACtD,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBACxC,OAAO,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;YACrC,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;CACF;AAED,gFAAgF;AAChF,UAAU;AACV,gFAAgF;AAEhF;;GAEG;AACH,MAAM,UAAU,4BAA4B,CAC1C,MAAuC;IAEvC,OAAO,IAAI,sBAAsB,CAAC,MAAM,CAAC,CAAC;AAC5C,CAAC;AAED,gFAAgF;AAChF,kBAAkB;AAClB,gFAAgF;AAEhF;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAA0B;IAClD,aAAa,EAAE,QAAQ;IACvB,WAAW,EAAE,IAAI;IACjB,yBAAyB,EAAE,GAAG;IAC9B,YAAY,EAAE;QACZ,SAAS,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,qBAAqB,EAAE;QAC7D,cAAc,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,qBAAqB,EAAE;QAClE,MAAM,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,qBAAqB,EAAE;QAC1D,UAAU,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,qBAAqB,EAAE;QAC/D,WAAW,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,uBAAuB,EAAE;QACrE,IAAI,EAAE;YACJ,MAAM,EAAE,QAAQ;YAChB,UAAU,EAAE;gBACV,EAAE,QAAQ,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE;gBAChF,EAAE,QAAQ,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,qBAAqB,EAAE;gBACtF,EAAE,QAAQ,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,qBAAqB,EAAE;aACzF;SACF;KACF;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAA0B;IACpD,aAAa,EAAE,QAAQ;IACvB,WAAW,EAAE,IAAI;IACjB,yBAAyB,EAAE,GAAG;IAC9B,YAAY,EAAE;QACZ,SAAS,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE;QAC9B,cAAc,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE;QACnC,MAAM,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE;QAC3B,UAAU,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;QAChC,WAAW,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;QACjC,IAAI,EAAE;YACJ,MAAM,EAAE,QAAQ;YAChB,UAAU,EAAE;gBACV,EAAE,QAAQ,EAAE,EAAE,OAAO,EAAE,qCAAqC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE;gBACjF,EAAE,QAAQ,EAAE,EAAE,OAAO,EAAE,gBAAgB,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE;aACjE;SACF;KACF;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA0B;IACtD,aAAa,EAAE,OAAO;IACtB,WAAW,EAAE,KAAK;IAClB,YAAY,EAAE;QACZ,IAAI,EAAE;YACJ,MAAM,EAAE,OAAO;YACf,UAAU,EAAE;gBACV,EAAE,QAAQ,EAAE,EAAE,OAAO,EAAE,gBAAgB,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE;gBAChE,EAAE,QAAQ,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;aACvD;SACF;QACD,WAAW,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;KAClC;CACF,CAAC"}

package/dist/src/integrations/safety/policy-engine.d.ts ADDED Viewed

@@ -0,0 +1,55 @@
+/**
+ * Unified policy engine.
+ *
+ * Resolves effective tool/bash/approval behavior from profiles plus
+ * compatibility mappings from legacy config fields.
+ */
+import type { PolicyEngineConfig, PolicyProfile, SandboxConfig } from '../../types.js';
+import type { SwarmConfig, SwarmWorkerSpec } from '../swarm/types.js';
+export declare const DEFAULT_POLICY_PROFILES: Record<string, PolicyProfile>;
+export declare const DEFAULT_POLICY_ENGINE_CONFIG: Required<Pick<PolicyEngineConfig, 'enabled' | 'legacyFallback' | 'defaultProfile' | 'defaultSwarmProfile'>>;
+export interface ResolvePolicyProfileOptions {
+    policyEngine?: PolicyEngineConfig | false;
+    requestedProfile?: string;
+    swarmConfig?: SwarmConfig;
+    worker?: SwarmWorkerSpec;
+    taskType?: string;
+    sandboxConfig?: SandboxConfig;
+    isSwarmWorker?: boolean;
+    legacyAllowedTools?: string[];
+    legacyDeniedTools?: string[];
+    globalDeniedTools?: string[];
+}
+export interface ResolvedPolicyProfile {
+    profileName: string;
+    profile: PolicyProfile;
+    metadata: {
+        selectionSource: 'explicit' | 'worker-capability' | 'task-type' | 'default';
+        usedLegacyMappings: boolean;
+        legacyMappingSources: string[];
+        warnings: string[];
+    };
+}
+export declare function resolvePolicyProfile(options: ResolvePolicyProfileOptions): ResolvedPolicyProfile;
+export declare function isToolAllowedByProfile(toolName: string, profile: PolicyProfile): {
+    allowed: boolean;
+    reason?: string;
+};
+export declare function evaluateBashCommandByProfile(command: string, profile: PolicyProfile, taskType?: string): {
+    allowed: boolean;
+    reason?: string;
+};
+export declare function mergeApprovalScopeWithProfile(scope: {
+    autoApprove: string[];
+    scopedApprove: Record<string, {
+        paths: string[];
+    }>;
+    requireApproval: string[];
+}, profile: PolicyProfile): {
+    autoApprove: string[];
+    scopedApprove: Record<string, {
+        paths: string[];
+    }>;
+    requireApproval: string[];
+};
+//# sourceMappingURL=policy-engine.d.ts.map

package/dist/src/integrations/safety/policy-engine.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"policy-engine.d.ts","sourceRoot":"","sources":["../../../../src/integrations/safety/policy-engine.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACvF,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAItE,eAAO,MAAM,uBAAuB,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CA0BjE,CAAC;AAEF,eAAO,MAAM,4BAA4B,EAAE,QAAQ,CACjD,IAAI,CAAC,kBAAkB,EAAE,SAAS,GAAG,gBAAgB,GAAG,gBAAgB,GAAG,qBAAqB,CAAC,CAMlG,CAAC;AAEF,MAAM,WAAW,2BAA2B;IAC1C,YAAY,CAAC,EAAE,kBAAkB,GAAG,KAAK,CAAC;IAC1C,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,MAAM,CAAC,EAAE,eAAe,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC9B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,aAAa,CAAC;IACvB,QAAQ,EAAE;QACR,eAAe,EAAE,UAAU,GAAG,mBAAmB,GAAG,WAAW,GAAG,SAAS,CAAC;QAC5E,kBAAkB,EAAE,OAAO,CAAC;QAC5B,oBAAoB,EAAE,MAAM,EAAE,CAAC;QAC/B,QAAQ,EAAE,MAAM,EAAE,CAAC;KACpB,CAAC;CACH;AAiHD,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,2BAA2B,GAAG,qBAAqB,CAyFhG;AAED,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,aAAa,GACrB;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAevC;AAED,wBAAgB,4BAA4B,CAC1C,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,aAAa,EACtB,QAAQ,CAAC,EAAE,MAAM,GAChB;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAevC;AAED,wBAAgB,6BAA6B,CAC3C,KAAK,EAAE;IACL,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IACnD,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B,EACD,OAAO,EAAE,aAAa,GACrB;IACD,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IACnD,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B,CAMA"}

package/dist/src/integrations/safety/policy-engine.js ADDED Viewed

@@ -0,0 +1,247 @@
+/**
+ * Unified policy engine.
+ *
+ * Resolves effective tool/bash/approval behavior from profiles plus
+ * compatibility mappings from legacy config fields.
+ */
+import { getTaskTypeConfig } from '../swarm/types.js';
+import { evaluateBashPolicy } from './bash-policy.js';
+export const DEFAULT_POLICY_PROFILES = {
+    'research-safe': {
+        toolAccessMode: 'whitelist',
+        allowedTools: ['read_file', 'list_files', 'glob', 'grep', 'web_search', 'write_file', 'bash', 'task_get', 'task_list'],
+        deniedTools: ['delete_file'],
+        bashMode: 'read_only',
+        bashWriteProtection: 'block_file_mutation',
+    },
+    'code-strict-bash': {
+        toolAccessMode: 'whitelist',
+        allowedTools: ['read_file', 'write_file', 'edit_file', 'list_files', 'glob', 'grep', 'bash', 'web_search', 'task_create', 'task_update', 'task_get', 'task_list'],
+        bashMode: 'full',
+        bashWriteProtection: 'block_file_mutation',
+    },
+    'code-full': {
+        toolAccessMode: 'all',
+        bashMode: 'full',
+        bashWriteProtection: 'off',
+    },
+    'review-safe': {
+        toolAccessMode: 'whitelist',
+        allowedTools: ['read_file', 'list_files', 'glob', 'grep', 'web_search', 'task_get', 'task_list'],
+        deniedTools: ['write_file', 'edit_file', 'delete_file', 'bash'],
+        bashMode: 'disabled',
+        bashWriteProtection: 'block_file_mutation',
+    },
+};
+export const DEFAULT_POLICY_ENGINE_CONFIG = {
+    enabled: true,
+    legacyFallback: true,
+    defaultProfile: 'code-full',
+    defaultSwarmProfile: 'code-strict-bash',
+};
+function mergeProfiles(...profiles) {
+    const merged = {};
+    for (const p of profiles) {
+        if (!p)
+            continue;
+        merged.toolAccessMode = p.toolAccessMode ?? merged.toolAccessMode;
+        merged.allowedTools = p.allowedTools ?? merged.allowedTools;
+        merged.deniedTools = p.deniedTools ?? merged.deniedTools;
+        merged.bashMode = p.bashMode ?? merged.bashMode;
+        merged.bashWriteProtection = p.bashWriteProtection ?? merged.bashWriteProtection;
+        if (p.approval) {
+            merged.approval = {
+                autoApprove: p.approval.autoApprove ?? merged.approval?.autoApprove,
+                scopedApprove: p.approval.scopedApprove ?? merged.approval?.scopedApprove,
+                requireApproval: p.approval.requireApproval ?? merged.approval?.requireApproval,
+            };
+        }
+    }
+    return merged;
+}
+function inferSwarmProfileForTask(taskType, swarmConfig) {
+    if (!taskType)
+        return 'code-strict-bash';
+    // V7: Use configurable policyProfile from TaskTypeConfig
+    const typeConfig = getTaskTypeConfig(taskType, swarmConfig);
+    return typeConfig.policyProfile ?? 'code-strict-bash';
+}
+function inferSwarmProfileForWorker(worker) {
+    if (!worker?.capabilities || worker.capabilities.length === 0)
+        return undefined;
+    const caps = new Set(worker.capabilities);
+    if (caps.has('code') || caps.has('write') || caps.has('test') || caps.has('document')) {
+        return 'code-strict-bash';
+    }
+    if (caps.has('review')) {
+        return 'review-safe';
+    }
+    if (caps.has('research')) {
+        return 'research-safe';
+    }
+    return undefined;
+}
+function applyLegacyMappings(profile, options) {
+    const merged = { ...profile };
+    const metadata = {
+        selectionSource: 'default',
+        usedLegacyMappings: false,
+        legacyMappingSources: [],
+        warnings: [],
+    };
+    const legacyAllowed = options.legacyAllowedTools ?? options.worker?.allowedTools;
+    if (legacyAllowed && legacyAllowed.length > 0) {
+        merged.toolAccessMode = 'whitelist';
+        merged.allowedTools = [...legacyAllowed];
+        metadata.usedLegacyMappings = true;
+        metadata.legacyMappingSources.push('legacyAllowedTools');
+        metadata.warnings.push('Legacy tool whitelist is active. Migrate to policyProfiles + worker.policyProfile.');
+    }
+    const denied = [
+        ...(merged.deniedTools ?? []),
+        ...(options.legacyDeniedTools ?? options.worker?.deniedTools ?? []),
+        ...(options.globalDeniedTools ?? options.swarmConfig?.globalDeniedTools ?? []),
+    ];
+    if (denied.length > 0) {
+        merged.deniedTools = [...new Set(denied)];
+        metadata.usedLegacyMappings = true;
+        metadata.legacyMappingSources.push('legacyDeniedTools/globalDeniedTools');
+        metadata.warnings.push('Legacy denied tools are active. Migrate to policyProfiles[].deniedTools.');
+    }
+    if (options.sandboxConfig?.blockFileCreationViaBash) {
+        merged.bashWriteProtection = 'block_file_mutation';
+        metadata.usedLegacyMappings = true;
+        metadata.legacyMappingSources.push('sandbox.blockFileCreationViaBash');
+        metadata.warnings.push('sandbox.blockFileCreationViaBash is legacy compatibility behavior. Use policy profile bashWriteProtection.');
+    }
+    if (options.sandboxConfig?.bashMode) {
+        merged.bashMode = options.sandboxConfig.bashMode;
+        metadata.usedLegacyMappings = true;
+        metadata.legacyMappingSources.push('sandbox.bashMode');
+        metadata.warnings.push('sandbox.bashMode override is active. Prefer profile-level bashMode.');
+    }
+    if (options.sandboxConfig?.bashWriteProtection) {
+        merged.bashWriteProtection = options.sandboxConfig.bashWriteProtection;
+        metadata.usedLegacyMappings = true;
+        metadata.legacyMappingSources.push('sandbox.bashWriteProtection');
+        metadata.warnings.push('sandbox.bashWriteProtection override is active. Prefer profile-level bashWriteProtection.');
+    }
+    return { profile: merged, metadata };
+}
+export function resolvePolicyProfile(options) {
+    const policyEngine = options.policyEngine || undefined;
+    const legacyFallback = policyEngine?.legacyFallback ?? DEFAULT_POLICY_ENGINE_CONFIG.legacyFallback;
+    const mergedProfiles = {
+        ...DEFAULT_POLICY_PROFILES,
+        ...(policyEngine?.profiles ?? {}),
+        ...(options.swarmConfig?.policyProfiles ?? {}),
+    };
+    // Apply profileExtensions (additive patches from YAML)
+    const extensions = options.swarmConfig?.profileExtensions;
+    if (extensions) {
+        for (const [profileName, ext] of Object.entries(extensions)) {
+            const target = mergedProfiles[profileName];
+            if (!target)
+                continue;
+            if (ext.addTools?.length && target.allowedTools) {
+                target.allowedTools = [...new Set([...target.allowedTools, ...ext.addTools])];
+                // If you explicitly add a tool, remove it from deniedTools so it actually works
+                if (target.deniedTools) {
+                    target.deniedTools = target.deniedTools.filter(t => !ext.addTools.includes(t));
+                }
+            }
+            if (ext.removeTools?.length) {
+                if (target.allowedTools) {
+                    target.allowedTools = target.allowedTools.filter(t => !ext.removeTools.includes(t));
+                }
+                // Also add removed tools to deniedTools for belt-and-suspenders
+                target.deniedTools = [...new Set([...(target.deniedTools ?? []), ...ext.removeTools])];
+            }
+        }
+    }
+    const defaultProfileName = options.isSwarmWorker
+        ? (policyEngine?.defaultSwarmProfile ?? DEFAULT_POLICY_ENGINE_CONFIG.defaultSwarmProfile)
+        : (policyEngine?.defaultProfile ?? DEFAULT_POLICY_ENGINE_CONFIG.defaultProfile);
+    let selectionSource = 'default';
+    let requestedProfile = defaultProfileName;
+    if (options.requestedProfile || options.worker?.policyProfile) {
+        requestedProfile = options.requestedProfile ?? options.worker?.policyProfile ?? defaultProfileName;
+        selectionSource = 'explicit';
+    }
+    else if (options.isSwarmWorker) {
+        const workerInferred = inferSwarmProfileForWorker(options.worker);
+        if (workerInferred) {
+            requestedProfile = workerInferred;
+            selectionSource = 'worker-capability';
+        }
+        else if (options.taskType) {
+            requestedProfile = inferSwarmProfileForTask(options.taskType, options.swarmConfig);
+            selectionSource = 'task-type';
+        }
+        else {
+            requestedProfile = defaultProfileName;
+            selectionSource = 'default';
+        }
+    }
+    const base = mergedProfiles[defaultProfileName] ?? DEFAULT_POLICY_PROFILES['code-full'];
+    const requested = mergedProfiles[requestedProfile] ?? base;
+    const merged = mergeProfiles(base, requested);
+    const { profile: effective, metadata } = legacyFallback
+        ? applyLegacyMappings(merged, options)
+        : {
+            profile: merged,
+            metadata: {
+                selectionSource: 'default',
+                usedLegacyMappings: false,
+                legacyMappingSources: [],
+                warnings: [],
+            },
+        };
+    // Merge worker.extraTools into the profile whitelist (additive, overrides deniedTools)
+    if (options.worker?.extraTools?.length && effective.toolAccessMode === 'whitelist' && effective.allowedTools) {
+        effective.allowedTools = [...new Set([...effective.allowedTools, ...options.worker.extraTools])];
+        // If you explicitly add a tool via extraTools, remove it from deniedTools so it actually works
+        if (effective.deniedTools) {
+            effective.deniedTools = effective.deniedTools.filter(t => !options.worker.extraTools.includes(t));
+        }
+    }
+    return {
+        profileName: requestedProfile,
+        profile: effective,
+        metadata: {
+            ...metadata,
+            selectionSource,
+        },
+    };
+}
+export function isToolAllowedByProfile(toolName, profile) {
+    const mode = profile.toolAccessMode ?? 'all';
+    if (mode === 'whitelist') {
+        const allowed = profile.allowedTools ?? [];
+        if (!allowed.includes(toolName)) {
+            return { allowed: false, reason: `Tool '${toolName}' is not allowed by policy whitelist.` };
+        }
+    }
+    if ((profile.deniedTools ?? []).includes(toolName)) {
+        return { allowed: false, reason: `Tool '${toolName}' is denied by policy profile.` };
+    }
+    return { allowed: true };
+}
+export function evaluateBashCommandByProfile(command, profile, taskType) {
+    let mode = profile.bashMode ?? 'full';
+    if (mode === 'task_scoped') {
+        mode = ['implement', 'test', 'refactor', 'integrate', 'deploy', 'document'].includes(taskType ?? '')
+            ? 'read_only'
+            : 'disabled';
+    }
+    const decision = evaluateBashPolicy(command, mode, profile.bashWriteProtection ?? 'off');
+    return { allowed: decision.allowed, reason: decision.reason };
+}
+export function mergeApprovalScopeWithProfile(scope, profile) {
+    return {
+        autoApprove: [...new Set([...(scope.autoApprove ?? []), ...(profile.approval?.autoApprove ?? [])])],
+        scopedApprove: { ...(scope.scopedApprove ?? {}), ...(profile.approval?.scopedApprove ?? {}) },
+        requireApproval: [...new Set([...(scope.requireApproval ?? []), ...(profile.approval?.requireApproval ?? [])])],
+    };
+}
+//# sourceMappingURL=policy-engine.js.map