governance-sdk 0.5.0

package/dist/conditions/builtins.js

@@ -0,0 +1,213 @@
+/**
+ * Built-in condition evaluators — registered at engine initialization.
+ * All 25 condition types from the original switch statement, now pluggable.
+ */
+import { detectInjection } from "../injection-detect.js";
+import { evaluateBlocklist, evaluateInputLength, evaluateInputPattern } from "./preprocess.js";
+import { evaluateNetworkAllowlist, evaluateScopeBoundary, evaluateCostBudget, evaluateConcurrentLimit } from "./process.js";
+import { evaluateOutputLength, evaluateOutputPattern, evaluateSensitiveDataFilter } from "./postprocess.js";
+/** Extract all string values from a nested object for scanning */
+function extractStrings(obj) {
+    const out = [];
+    (function walk(v) {
+        if (typeof v === "string")
+            out.push(v);
+        else if (Array.isArray(v))
+            v.forEach(walk);
+        else if (v && typeof v === "object")
+            Object.values(v).forEach(walk);
+    })(obj);
+    if (out.length > 1)
+        out.push(out.join(" "));
+    return out;
+}
+/**
+ * Create the full list of built-in condition definitions.
+ * Accepts `evalCondition` so combinators (any_of, all_of, not) can recurse.
+ */
+export function getBuiltinConditions(evalCondition) {
+    return [
+        // ─── Access control ────────────────────────────────────────
+        {
+            name: "tool_blocked",
+            description: "Block specific tools",
+            evaluator: (ctx, p) => {
+                const tools = p.tools;
+                return !!ctx.tool && tools.includes(ctx.tool);
+            },
+        },
+        {
+            name: "tool_allowed",
+            description: "Only allow listed tools",
+            evaluator: (ctx, p) => {
+                const tools = p.tools;
+                return !!ctx.tool && !tools.includes(ctx.tool);
+            },
+        },
+        {
+            name: "action_type",
+            description: "Gate specific action types",
+            evaluator: (ctx, p) => {
+                const actions = p.actions;
+                return actions.includes(ctx.action);
+            },
+        },
+        {
+            name: "agent_level",
+            description: "Require minimum governance level",
+            evaluator: (ctx, p) => {
+                const minLevel = p.minLevel;
+                return (ctx.agentLevel ?? 0) < minLevel;
+            },
+        },
+        {
+            name: "tool_sequence",
+            description: "Require tools to run in order",
+            evaluator: (ctx, p) => {
+                const tool = p.tool;
+                const requiredPrior = p.requiredPrior;
+                if (ctx.tool !== tool)
+                    return false;
+                if (!ctx.toolHistory || ctx.toolHistory.length === 0)
+                    return true;
+                return !requiredPrior.every((t) => ctx.toolHistory.includes(t));
+            },
+        },
+        // ─── Resource limits ───────────────────────────────────────
+        {
+            name: "token_limit",
+            description: "Cap per-session token usage",
+            evaluator: (ctx, p) => (ctx.sessionTokensUsed ?? 0) > p.maxTokens,
+        },
+        {
+            name: "rate_limit",
+            description: "Limit actions per time window",
+            evaluator: (ctx, p) => (ctx.recentActionCount ?? 0) > p.maxActions,
+        },
+        {
+            name: "data_classification",
+            description: "Block classified data access",
+            evaluator: (ctx, p) => {
+                if (!ctx.input)
+                    return false;
+                const blocked = p.blocked;
+                const inputStr = JSON.stringify(ctx.input).toLowerCase();
+                return blocked.some((b) => inputStr.includes(b.toLowerCase()));
+            },
+        },
+        {
+            name: "time_window",
+            description: "Restrict to specific hours",
+            evaluator: (_ctx, p) => {
+                const hour = new Date().getHours();
+                const hours = p.allowedHours;
+                if (hours.start <= hours.end)
+                    return hour < hours.start || hour >= hours.end;
+                return hour < hours.start && hour >= hours.end;
+            },
+        },
+        {
+            name: "cost_budget",
+            description: "Cap monetary cost per session",
+            evaluator: (ctx, p) => evaluateCostBudget(ctx, p.maxCost),
+        },
+        {
+            name: "concurrent_limit",
+            description: "Cap parallel tool executions",
+            evaluator: (ctx, p) => evaluateConcurrentLimit(ctx, p.maxConcurrent),
+        },
+        {
+            name: "network_allowlist",
+            description: "Only allow listed domains",
+            evaluator: (ctx, p) => evaluateNetworkAllowlist(ctx, p.allowedDomains),
+        },
+        {
+            name: "scope_boundary",
+            description: "Restrict file/resource access paths",
+            evaluator: (ctx, p) => evaluateScopeBoundary(ctx, p.allowedPaths, p.blockedPaths),
+        },
+        // ─── Input safety (preprocess) ─────────────────────────────
+        {
+            name: "injection_guard",
+            description: "Detect prompt injection attacks",
+            evaluator: (ctx, p) => {
+                if (!ctx.input)
+                    return false;
+                const skip = (p.skipCategories ?? []);
+                const opts = { threshold: p.threshold, skipCategories: skip.length > 0 ? skip : undefined };
+                for (const str of extractStrings(ctx.input)) {
+                    if (detectInjection(str, opts).detected)
+                        return true;
+                }
+                return false;
+            },
+        },
+        {
+            name: "blocklist",
+            description: "Block input containing specific terms",
+            evaluator: (ctx, p) => evaluateBlocklist(ctx, p.terms, p.caseSensitive),
+        },
+        {
+            name: "input_length",
+            description: "Reject oversized inputs",
+            evaluator: (ctx, p) => evaluateInputLength(ctx, p.maxChars, p.maxTokens),
+        },
+        {
+            name: "input_pattern",
+            description: "Block input matching a regex",
+            evaluator: (ctx, p) => evaluateInputPattern(ctx, p.pattern, p.flags),
+        },
+        // ─── Output safety (postprocess) ───────────────────────────
+        {
+            name: "output_length",
+            description: "Reject oversized outputs",
+            evaluator: (ctx, p) => evaluateOutputLength(ctx, p.maxChars, p.maxTokens),
+        },
+        {
+            name: "output_pattern",
+            description: "Detect patterns in output",
+            evaluator: (ctx, p) => evaluateOutputPattern(ctx, p.pattern, p.flags),
+        },
+        {
+            name: "sensitive_data_filter",
+            description: "Detect leaked credentials and secrets",
+            evaluator: (ctx, p) => evaluateSensitiveDataFilter(ctx, p.patterns),
+        },
+        // ─── Identity ─────────────────────────────────────────────
+        {
+            name: "require_signed_action",
+            description: "Require a cryptographic signature in action metadata",
+            evaluator: (ctx) => {
+                // Block if no signature present in metadata
+                const meta = ctx.metadata;
+                return !meta || !meta.signature || typeof meta.signature !== "string";
+            },
+        },
+        // ─── Combinators ───────────────────────────────────────────
+        {
+            name: "any_of",
+            description: "Match if any sub-condition matches",
+            evaluator: (ctx, p) => {
+                const conditions = p.conditions;
+                return conditions.some((c) => evalCondition(c, ctx));
+            },
+        },
+        {
+            name: "all_of",
+            description: "Match if all sub-conditions match",
+            evaluator: (ctx, p) => {
+                const conditions = p.conditions;
+                return conditions.every((c) => evalCondition(c, ctx));
+            },
+        },
+        {
+            name: "not",
+            description: "Invert a condition",
+            evaluator: (ctx, p) => {
+                const condition = p.condition;
+                return !evalCondition(condition, ctx);
+            },
+        },
+    ];
+}
+//# sourceMappingURL=builtins.js.map

package/dist/conditions/builtins.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"builtins.js","sourceRoot":"","sources":["../../src/conditions/builtins.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAC/F,OAAO,EAAE,wBAAwB,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAC5H,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,2BAA2B,EAAE,MAAM,kBAAkB,CAAC;AAE5G,kEAAkE;AAClE,SAAS,cAAc,CAAC,GAA4B;IAClD,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,CAAC,SAAS,IAAI,CAAC,CAAU;QACvB,IAAI,OAAO,CAAC,KAAK,QAAQ;YAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;aAClC,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;YAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;aACtC,IAAI,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ;YAAE,MAAM,CAAC,MAAM,CAAC,CAA4B,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACjG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACR,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5C,OAAO,GAAG,CAAC;AACb,CAAC;AAID;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAClC,aAA+E;IAE/E,OAAO;QACL,8DAA8D;QAC9D;YACE,IAAI,EAAE,cAAc;YACpB,WAAW,EAAE,sBAAsB;YACnC,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;gBACpB,MAAM,KAAK,GAAG,CAAC,CAAC,KAAiB,CAAC;gBAClC,OAAO,CAAC,CAAC,GAAG,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAChD,CAAC;SACF;QACD;YACE,IAAI,EAAE,cAAc;YACpB,WAAW,EAAE,yBAAyB;YACtC,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;gBACpB,MAAM,KAAK,GAAG,CAAC,CAAC,KAAiB,CAAC;gBAClC,OAAO,CAAC,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACjD,CAAC;SACF;QACD;YACE,IAAI,EAAE,aAAa;YACnB,WAAW,EAAE,4BAA4B;YACzC,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;gBACpB,MAAM,OAAO,GAAG,CAAC,CAAC,OAAmB,CAAC;gBACtC,OAAO,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACtC,CAAC;SACF;QACD;YACE,IAAI,EAAE,aAAa;YACnB,WAAW,EAAE,kCAAkC;YAC/C,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;gBACpB,MAAM,QAAQ,GAAG,CAAC,CAAC,QAAkB,CAAC;gBACtC,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,CAAC,CAAC,GAAG,QAAQ,CAAC;YAC1C,CAAC;SACF;QACD;YACE,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,+BAA+B;YAC5C,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;gBACpB,MAAM,IAAI,GAAG,CAAC,CAAC,IAAc,CAAC;gBAC9B,MAAM,aAAa,GAAG,CAAC,CAAC,aAAyB,CAAC;gBAClD,IAAI,GAAG,CAAC,IAAI,KAAK,IAAI;oBAAE,OAAO,KAAK,CAAC;gBACpC,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBAClE,OAAO,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,WAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACnE,CAAC;SACF;QACD,8DAA8D;QAC9D;YACE,IAAI,EAAE,aAAa;YACnB,WAAW,EAAE,6BAA6B;YAC1C,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,iBAAiB,IAAI,CAAC,CAAC,GAAI,CAAC,CAAC,SAAoB;SAC9E;QACD;YACE,IAAI,EAAE,YAAY;YAClB,WAAW,EAAE,+BAA+B;YAC5C,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,iBAAiB,IAAI,CAAC,CAAC,GAAI,CAAC,CAAC,UAAqB;SAC/E;QACD;YACE,IAAI,EAAE,qBAAqB;YAC3B,WAAW,EAAE,8BAA8B;YAC3C,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;gBACpB,IAAI,CAAC,GAAG,CAAC,KAAK;oBAAE,OAAO,KAAK,CAAC;gBAC7B,MAAM,OAAO,GAAG,CAAC,CAAC,OAAmB,CAAC;gBACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;gBACzD,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;YACjE,CAAC;SACF;QACD;YACE,IAAI,EAAE,aAAa;YACnB,WAAW,EAAE,4BAA4B;YACzC,SAAS,EAAE,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;gBACrB,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC;gBACnC,MAAM,KAAK,GAAG,CAAC,CAAC,YAA8C,CAAC;gBAC/D,IAAI,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,GAAG;oBAAE,OAAO,IAAI,GAAG,KAAK,CAAC,KAAK,IAAI,IAAI,IAAI,KAAK,CAAC,GAAG,CAAC;gBAC7E,OAAO,IAAI,GAAG,KAAK,CAAC,KAAK,IAAI,IAAI,IAAI,KAAK,CAAC,GAAG,CAAC;YACjD,CAAC;SACF;QACD;YACE,IAAI,EAAE,aAAa;YACnB,WAAW,EAAE,+BAA+B;YAC5C,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,GAAG,EAAE,CAAC,CAAC,OAAiB,CAAC;SACpE;QACD;YACE,IAAI,EAAE,kBAAkB;YACxB,WAAW,EAAE,8BAA8B;YAC3C,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,uBAAuB,CAAC,GAAG,EAAE,CAAC,CAAC,aAAuB,CAAC;SAC/E;QACD;YACE,IAAI,EAAE,mBAAmB;YACzB,WAAW,EAAE,2BAA2B;YACxC,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,wBAAwB,CAAC,GAAG,EAAE,CAAC,CAAC,cAA0B,CAAC;SACnF;QACD;YACE,IAAI,EAAE,gBAAgB;YACtB,WAAW,EAAE,qCAAqC;YAClD,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,qBAAqB,CAAC,GAAG,EAAE,CAAC,CAAC,YAAoC,EAAE,CAAC,CAAC,YAAoC,CAAC;SAClI;QACD,8DAA8D;QAC9D;YACE,IAAI,EAAE,iBAAiB;YACvB,WAAW,EAAE,iCAAiC;YAC9C,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;gBACpB,IAAI,CAAC,GAAG,CAAC,KAAK;oBAAE,OAAO,KAAK,CAAC;gBAC7B,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,cAAc,IAAI,EAAE,CAAwB,CAAC;gBAC7D,MAAM,IAAI,GAAG,EAAE,SAAS,EAAE,CAAC,CAAC,SAAmB,EAAE,cAAc,EAAE,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;gBACtG,KAAK,MAAM,GAAG,IAAI,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC5C,IAAI,eAAe,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,QAAQ;wBAAE,OAAO,IAAI,CAAC;gBACvD,CAAC;gBACD,OAAO,KAAK,CAAC;YACf,CAAC;SACF;QACD;YACE,IAAI,EAAE,WAAW;YACjB,WAAW,EAAE,uCAAuC;YACpD,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,GAAG,EAAE,CAAC,CAAC,KAAiB,EAAE,CAAC,CAAC,aAAoC,CAAC;SAC3G;QACD;YACE,IAAI,EAAE,cAAc;YACpB,WAAW,EAAE,yBAAyB;YACtC,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,EAAE,CAAC,CAAC,QAA8B,EAAE,CAAC,CAAC,SAA+B,CAAC;SACrH;QACD;YACE,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,8BAA8B;YAC3C,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,GAAG,EAAE,CAAC,CAAC,OAAiB,EAAE,CAAC,CAAC,KAA2B,CAAC;SACrG;QACD,8DAA8D;QAC9D;YACE,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,0BAA0B;YACvC,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,GAAG,EAAE,CAAC,CAAC,QAA8B,EAAE,CAAC,CAAC,SAA+B,CAAC;SACtH;QACD;YACE,IAAI,EAAE,gBAAgB;YACtB,WAAW,EAAE,2BAA2B;YACxC,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,qBAAqB,CAAC,GAAG,EAAE,CAAC,CAAC,OAAiB,EAAE,CAAC,CAAC,KAA2B,CAAC;SACtG;QACD;YACE,IAAI,EAAE,uBAAuB;YAC7B,WAAW,EAAE,uCAAuC;YACpD,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,2BAA2B,CAAC,GAAG,EAAE,CAAC,CAAC,QAAgC,CAAC;SAC5F;QACD,6DAA6D;QAC7D;YACE,IAAI,EAAE,uBAAuB;YAC7B,WAAW,EAAE,sDAAsD;YACnE,SAAS,EAAE,CAAC,GAAG,EAAE,EAAE;gBACjB,4CAA4C;gBAC5C,MAAM,IAAI,GAAG,GAAG,CAAC,QAA+C,CAAC;gBACjE,OAAO,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,OAAO,IAAI,CAAC,SAAS,KAAK,QAAQ,CAAC;YACxE,CAAC;SACF;QACD,8DAA8D;QAC9D;YACE,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,oCAAoC;YACjD,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;gBACpB,MAAM,UAAU,GAAG,CAAC,CAAC,UAA+B,CAAC;gBACrD,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YACvD,CAAC;SACF;QACD;YACE,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,mCAAmC;YAChD,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;gBACpB,MAAM,UAAU,GAAG,CAAC,CAAC,UAA+B,CAAC;gBACrD,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YACxD,CAAC;SACF;QACD;YACE,IAAI,EAAE,KAAK;YACX,WAAW,EAAE,oBAAoB;YACjC,SAAS,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;gBACpB,MAAM,SAAS,GAAG,CAAC,CAAC,SAA4B,CAAC;gBACjD,OAAO,CAAC,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;YACxC,CAAC;SACF;KACF,CAAC;AACJ,CAAC"}

package/dist/conditions/postprocess.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Postprocess condition evaluators — run after agent execution.
+ * Output length, output pattern, and sensitive data filtering.
+ */
+import type { EnforcementContext } from "../policy.js";
+/** Check if output exceeds length limits */
+export declare function evaluateOutputLength(ctx: EnforcementContext, maxChars?: number, maxTokens?: number): boolean;
+/** Check if output matches a regex pattern (e.g., secrets, API keys) */
+export declare function evaluateOutputPattern(ctx: EnforcementContext, pattern: string, flags?: string): boolean;
+/** Scan output for sensitive data using built-in or custom patterns */
+export declare function evaluateSensitiveDataFilter(ctx: EnforcementContext, patternIds?: string[]): boolean;
+//# sourceMappingURL=postprocess.d.ts.map

package/dist/conditions/postprocess.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"postprocess.d.ts","sourceRoot":"","sources":["../../src/conditions/postprocess.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAGvD,4CAA4C;AAC5C,wBAAgB,oBAAoB,CAClC,GAAG,EAAE,kBAAkB,EACvB,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAST;AAED,wEAAwE;AACxE,wBAAgB,qBAAqB,CACnC,GAAG,EAAE,kBAAkB,EACvB,OAAO,EAAE,MAAM,EACf,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAKT;AAED,uEAAuE;AACvE,wBAAgB,2BAA2B,CACzC,GAAG,EAAE,kBAAkB,EACvB,UAAU,CAAC,EAAE,MAAM,EAAE,GACpB,OAAO,CAKT"}

package/dist/conditions/postprocess.js

@@ -0,0 +1,33 @@
+/**
+ * Postprocess condition evaluators — run after agent execution.
+ * Output length, output pattern, and sensitive data filtering.
+ */
+import { getSensitivePatterns } from "./sensitive-patterns.js";
+/** Check if output exceeds length limits */
+export function evaluateOutputLength(ctx, maxChars, maxTokens) {
+    if (!ctx.outputText)
+        return false;
+    if (maxChars !== undefined && ctx.outputText.length > maxChars)
+        return true;
+    if (maxTokens !== undefined) {
+        const count = ctx.outputTokenCount ?? Math.ceil(ctx.outputText.length / 4);
+        if (count > maxTokens)
+            return true;
+    }
+    return false;
+}
+/** Check if output matches a regex pattern (e.g., secrets, API keys) */
+export function evaluateOutputPattern(ctx, pattern, flags) {
+    if (!ctx.outputText)
+        return false;
+    const regex = new RegExp(pattern, flags);
+    return regex.test(ctx.outputText);
+}
+/** Scan output for sensitive data using built-in or custom patterns */
+export function evaluateSensitiveDataFilter(ctx, patternIds) {
+    if (!ctx.outputText)
+        return false;
+    const patterns = getSensitivePatterns(patternIds);
+    return patterns.some((p) => p.pattern.test(ctx.outputText));
+}
+//# sourceMappingURL=postprocess.js.map

package/dist/conditions/postprocess.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"postprocess.js","sourceRoot":"","sources":["../../src/conditions/postprocess.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAE/D,4CAA4C;AAC5C,MAAM,UAAU,oBAAoB,CAClC,GAAuB,EACvB,QAAiB,EACjB,SAAkB;IAElB,IAAI,CAAC,GAAG,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAElC,IAAI,QAAQ,KAAK,SAAS,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC5E,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,GAAG,CAAC,gBAAgB,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC3E,IAAI,KAAK,GAAG,SAAS;YAAE,OAAO,IAAI,CAAC;IACrC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,qBAAqB,CACnC,GAAuB,EACvB,OAAe,EACf,KAAc;IAEd,IAAI,CAAC,GAAG,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAElC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACzC,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;AACpC,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,2BAA2B,CACzC,GAAuB,EACvB,UAAqB;IAErB,IAAI,CAAC,GAAG,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAElC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;IAClD,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,UAAW,CAAC,CAAC,CAAC;AAC/D,CAAC"}

package/dist/conditions/preprocess.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Preprocess condition evaluators — run before agent processing.
+ * Blocklist, input length, and input pattern matching.
+ */
+import type { EnforcementContext } from "../policy.js";
+/** Check if input contains any blocked terms */
+export declare function evaluateBlocklist(ctx: EnforcementContext, terms: string[], caseSensitive?: boolean): boolean;
+/** Check if input exceeds length limits */
+export declare function evaluateInputLength(ctx: EnforcementContext, maxChars?: number, maxTokens?: number): boolean;
+/** Check if input matches a regex pattern */
+export declare function evaluateInputPattern(ctx: EnforcementContext, pattern: string, flags?: string): boolean;
+//# sourceMappingURL=preprocess.d.ts.map

package/dist/conditions/preprocess.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"preprocess.d.ts","sourceRoot":"","sources":["../../src/conditions/preprocess.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAEvD,gDAAgD;AAChD,wBAAgB,iBAAiB,CAC/B,GAAG,EAAE,kBAAkB,EACvB,KAAK,EAAE,MAAM,EAAE,EACf,aAAa,CAAC,EAAE,OAAO,GACtB,OAAO,CAST;AAED,2CAA2C;AAC3C,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,kBAAkB,EACvB,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAWT;AAED,6CAA6C;AAC7C,wBAAgB,oBAAoB,CAClC,GAAG,EAAE,kBAAkB,EACvB,OAAO,EAAE,MAAM,EACf,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAMT"}

package/dist/conditions/preprocess.js

@@ -0,0 +1,47 @@
+/**
+ * Preprocess condition evaluators — run before agent processing.
+ * Blocklist, input length, and input pattern matching.
+ */
+/** Check if input contains any blocked terms */
+export function evaluateBlocklist(ctx, terms, caseSensitive) {
+    const inputStr = getInputString(ctx);
+    if (!inputStr)
+        return false;
+    const haystack = caseSensitive ? inputStr : inputStr.toLowerCase();
+    return terms.some((term) => {
+        const needle = caseSensitive ? term : term.toLowerCase();
+        return haystack.includes(needle);
+    });
+}
+/** Check if input exceeds length limits */
+export function evaluateInputLength(ctx, maxChars, maxTokens) {
+    const inputStr = getInputString(ctx);
+    if (!inputStr)
+        return false;
+    if (maxChars !== undefined && inputStr.length > maxChars)
+        return true;
+    if (maxTokens !== undefined) {
+        // Rough estimate: ~4 chars per token
+        const estimated = Math.ceil(inputStr.length / 4);
+        if (estimated > maxTokens)
+            return true;
+    }
+    return false;
+}
+/** Check if input matches a regex pattern */
+export function evaluateInputPattern(ctx, pattern, flags) {
+    const inputStr = getInputString(ctx);
+    if (!inputStr)
+        return false;
+    const regex = new RegExp(pattern, flags);
+    return regex.test(inputStr);
+}
+/** Extract a string representation of the input for scanning */
+function getInputString(ctx) {
+    if (!ctx.input)
+        return null;
+    return typeof ctx.input === "string"
+        ? ctx.input
+        : JSON.stringify(ctx.input);
+}
+//# sourceMappingURL=preprocess.js.map

package/dist/conditions/preprocess.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"preprocess.js","sourceRoot":"","sources":["../../src/conditions/preprocess.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,gDAAgD;AAChD,MAAM,UAAU,iBAAiB,CAC/B,GAAuB,EACvB,KAAe,EACf,aAAuB;IAEvB,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAE5B,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IACnE,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;QACzB,MAAM,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QACzD,OAAO,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,2CAA2C;AAC3C,MAAM,UAAU,mBAAmB,CACjC,GAAuB,EACvB,QAAiB,EACjB,SAAkB;IAElB,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAE5B,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,CAAC,MAAM,GAAG,QAAQ;QAAE,OAAO,IAAI,CAAC;IACtE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,qCAAqC;QACrC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACjD,IAAI,SAAS,GAAG,SAAS;YAAE,OAAO,IAAI,CAAC;IACzC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,6CAA6C;AAC7C,MAAM,UAAU,oBAAoB,CAClC,GAAuB,EACvB,OAAe,EACf,KAAc;IAEd,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAE5B,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACzC,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC9B,CAAC;AAED,gEAAgE;AAChE,SAAS,cAAc,CAAC,GAAuB;IAC7C,IAAI,CAAC,GAAG,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAC5B,OAAO,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ;QAClC,CAAC,CAAC,GAAG,CAAC,KAAK;QACX,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AAChC,CAAC"}

package/dist/conditions/process.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Process condition evaluators — run during agent execution.
+ * Network allowlist, scope boundary, cost budget, concurrent limit.
+ */
+import type { EnforcementContext } from "../policy.js";
+/** Check if target URL domain is in the allowlist */
+export declare function evaluateNetworkAllowlist(ctx: EnforcementContext, allowedDomains: string[]): boolean;
+/** Check if target path violates scope boundaries */
+export declare function evaluateScopeBoundary(ctx: EnforcementContext, allowedPaths?: string[], blockedPaths?: string[]): boolean;
+/** Check if session cost exceeds budget */
+export declare function evaluateCostBudget(ctx: EnforcementContext, maxCost: number): boolean;
+/** Check if concurrent tool count exceeds limit */
+export declare function evaluateConcurrentLimit(ctx: EnforcementContext, maxConcurrent: number): boolean;
+//# sourceMappingURL=process.d.ts.map

package/dist/conditions/process.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"process.d.ts","sourceRoot":"","sources":["../../src/conditions/process.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAEvD,qDAAqD;AACrD,wBAAgB,wBAAwB,CACtC,GAAG,EAAE,kBAAkB,EACvB,cAAc,EAAE,MAAM,EAAE,GACvB,OAAO,CAgBT;AAED,qDAAqD;AACrD,wBAAgB,qBAAqB,CACnC,GAAG,EAAE,kBAAkB,EACvB,YAAY,CAAC,EAAE,MAAM,EAAE,EACvB,YAAY,CAAC,EAAE,MAAM,EAAE,GACtB,OAAO,CAaT;AAED,2CAA2C;AAC3C,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,kBAAkB,EACvB,OAAO,EAAE,MAAM,GACd,OAAO,CAET;AAED,mDAAmD;AACnD,wBAAgB,uBAAuB,CACrC,GAAG,EAAE,kBAAkB,EACvB,aAAa,EAAE,MAAM,GACpB,OAAO,CAET"}

package/dist/conditions/process.js

@@ -0,0 +1,78 @@
+/**
+ * Process condition evaluators — run during agent execution.
+ * Network allowlist, scope boundary, cost budget, concurrent limit.
+ */
+/** Check if target URL domain is in the allowlist */
+export function evaluateNetworkAllowlist(ctx, allowedDomains) {
+    if (!ctx.targetUrl)
+        return false;
+    let hostname;
+    try {
+        hostname = new URL(ctx.targetUrl).hostname;
+    }
+    catch {
+        // If it's not a valid URL, treat the raw string as a hostname
+        hostname = ctx.targetUrl;
+    }
+    const lower = hostname.toLowerCase();
+    return !allowedDomains.some((d) => {
+        const domain = d.toLowerCase();
+        return lower === domain || lower.endsWith(`.${domain}`);
+    });
+}
+/** Check if target path violates scope boundaries */
+export function evaluateScopeBoundary(ctx, allowedPaths, blockedPaths) {
+    if (!ctx.targetPath)
+        return false;
+    const p = normalizePath(ctx.targetPath);
+    if (blockedPaths && blockedPaths.length > 0) {
+        if (blockedPaths.some((bp) => pathMatches(p, normalizePath(bp))))
+            return true;
+    }
+    if (allowedPaths && allowedPaths.length > 0) {
+        if (!allowedPaths.some((ap) => pathMatches(p, normalizePath(ap))))
+            return true;
+    }
+    return false;
+}
+/** Check if session cost exceeds budget */
+export function evaluateCostBudget(ctx, maxCost) {
+    return (ctx.sessionCost ?? 0) > maxCost;
+}
+/** Check if concurrent tool count exceeds limit */
+export function evaluateConcurrentLimit(ctx, maxConcurrent) {
+    return (ctx.concurrentCount ?? 0) > maxConcurrent;
+}
+/**
+ * Normalize a path by resolving `.` and `..` segments to prevent traversal bypass.
+ * Does not touch the filesystem — pure string manipulation.
+ */
+function normalizePath(p) {
+    const isAbsolute = p.startsWith("/");
+    const parts = p.split("/");
+    const out = [];
+    for (const seg of parts) {
+        if (seg === "." || seg === "")
+            continue;
+        if (seg === "..") {
+            // Don't pop above root for absolute paths
+            if (out.length > 0 && out[out.length - 1] !== "..")
+                out.pop();
+            else if (!isAbsolute)
+                out.push(seg);
+        }
+        else {
+            out.push(seg);
+        }
+    }
+    return (isAbsolute ? "/" : "") + out.join("/");
+}
+/** Simple path matching — supports trailing wildcard (*) */
+function pathMatches(target, pattern) {
+    if (pattern.endsWith("/*") || pattern.endsWith("/**")) {
+        const prefix = pattern.replace(/\/\*{1,2}$/, "");
+        return target === prefix || target.startsWith(prefix + "/");
+    }
+    return target === pattern;
+}
+//# sourceMappingURL=process.js.map

package/dist/conditions/process.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"process.js","sourceRoot":"","sources":["../../src/conditions/process.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,qDAAqD;AACrD,MAAM,UAAU,wBAAwB,CACtC,GAAuB,EACvB,cAAwB;IAExB,IAAI,CAAC,GAAG,CAAC,SAAS;QAAE,OAAO,KAAK,CAAC;IAEjC,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,8DAA8D;QAC9D,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC;IAC3B,CAAC;IAED,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACrC,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;QAChC,MAAM,MAAM,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;QAC/B,OAAO,KAAK,KAAK,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,MAAM,EAAE,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;AACL,CAAC;AAED,qDAAqD;AACrD,MAAM,UAAU,qBAAqB,CACnC,GAAuB,EACvB,YAAuB,EACvB,YAAuB;IAEvB,IAAI,CAAC,GAAG,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAClC,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAExC,IAAI,YAAY,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5C,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;IAChF,CAAC;IAED,IAAI,YAAY,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5C,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;IACjF,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,2CAA2C;AAC3C,MAAM,UAAU,kBAAkB,CAChC,GAAuB,EACvB,OAAe;IAEf,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,CAAC,GAAG,OAAO,CAAC;AAC1C,CAAC;AAED,mDAAmD;AACnD,MAAM,UAAU,uBAAuB,CACrC,GAAuB,EACvB,aAAqB;IAErB,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,CAAC,CAAC,GAAG,aAAa,CAAC;AACpD,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,CAAS;IAC9B,MAAM,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACrC,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,EAAE;YAAE,SAAS;QACxC,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACjB,0CAA0C;YAC1C,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,IAAI;gBAAE,GAAG,CAAC,GAAG,EAAE,CAAC;iBACzD,IAAI,CAAC,UAAU;gBAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACtC,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChB,CAAC;IACH,CAAC;IACD,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACjD,CAAC;AAED,4DAA4D;AAC5D,SAAS,WAAW,CAAC,MAAc,EAAE,OAAe;IAClD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACtD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;QACjD,OAAO,MAAM,KAAK,MAAM,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC;IAC9D,CAAC;IACD,OAAO,MAAM,KAAK,OAAO,CAAC;AAC5B,CAAC"}

package/dist/conditions/sensitive-patterns.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Built-in regex patterns for detecting sensitive data in outputs.
+ * Used by the sensitive_data_filter condition.
+ */
+export interface SensitivePattern {
+    id: string;
+    name: string;
+    pattern: RegExp;
+}
+export declare const SENSITIVE_PATTERNS: SensitivePattern[];
+/** Get patterns by ID list, or all if empty/undefined */
+export declare function getSensitivePatterns(ids?: string[]): SensitivePattern[];
+//# sourceMappingURL=sensitive-patterns.d.ts.map

package/dist/conditions/sensitive-patterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sensitive-patterns.d.ts","sourceRoot":"","sources":["../../src/conditions/sensitive-patterns.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,eAAO,MAAM,kBAAkB,EAAE,gBAAgB,EA8BhD,CAAC;AAEF,yDAAyD;AACzD,wBAAgB,oBAAoB,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,GAAG,gBAAgB,EAAE,CAGvE"}

package/dist/conditions/sensitive-patterns.js

@@ -0,0 +1,42 @@
+/**
+ * Built-in regex patterns for detecting sensitive data in outputs.
+ * Used by the sensitive_data_filter condition.
+ */
+export const SENSITIVE_PATTERNS = [
+    // ── Credentials & Secrets ──
+    { id: "aws_key", name: "AWS Access Key", pattern: /AKIA[0-9A-Z]{16}/ },
+    { id: "aws_secret", name: "AWS Secret Key", pattern: /[0-9a-zA-Z/+]{40}(?=\s|$|"|')/ },
+    { id: "github_pat", name: "GitHub PAT", pattern: /ghp_[0-9a-zA-Z]{36}/ },
+    { id: "github_oauth", name: "GitHub OAuth", pattern: /gho_[0-9a-zA-Z]{36}/ },
+    { id: "github_app", name: "GitHub App Token", pattern: /ghs_[0-9a-zA-Z]{36}/ },
+    { id: "generic_sk", name: "Secret Key (sk-)", pattern: /sk-[0-9a-zA-Z-]{20,}/ },
+    { id: "generic_pk", name: "Public Key (pk-)", pattern: /pk-[0-9a-zA-Z-]{20,}/ },
+    { id: "jwt", name: "JWT", pattern: /eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}/ },
+    { id: "private_key", name: "Private Key", pattern: /-----BEGIN (?:RSA |EC |DSA )?PRIVATE KEY-----/ },
+    { id: "postgres_uri", name: "PostgreSQL URI", pattern: /postgres(?:ql)?:\/\/[^\s]+/ },
+    { id: "mysql_uri", name: "MySQL URI", pattern: /mysql:\/\/[^\s]+/ },
+    { id: "mongodb_uri", name: "MongoDB URI", pattern: /mongodb(?:\+srv)?:\/\/[^\s]+/ },
+    { id: "redis_uri", name: "Redis URI", pattern: /redis(?:s)?:\/\/[^\s]+/ },
+    { id: "slack_token", name: "Slack Token", pattern: /xox[bpras]-[0-9a-zA-Z-]+/ },
+    { id: "stripe_key", name: "Stripe Key", pattern: /sk_(?:live|test)_[0-9a-zA-Z]{24,}/ },
+    { id: "sendgrid_key", name: "SendGrid Key", pattern: /SG\.[0-9a-zA-Z_-]{22}\.[0-9a-zA-Z_-]{43}/ },
+    { id: "anthropic_key", name: "Anthropic Key", pattern: /sk-ant-[0-9a-zA-Z_-]{20,}/ },
+    { id: "google_api_key", name: "Google API Key", pattern: /AIza[0-9A-Za-z_-]{35}/ },
+    // ── PII ──
+    { id: "ssn", name: "US SSN", pattern: /\b\d{3}-\d{2}-\d{4}\b/ },
+    { id: "credit_card", name: "Credit Card Number", pattern: /\b(?:4\d{3}|5[1-5]\d{2}|3[47]\d{2}|6(?:011|5\d{2}))[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b/ },
+    { id: "email_address", name: "Email Address", pattern: /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/ },
+    { id: "phone_us", name: "US Phone Number", pattern: /\b(?:\+1[- ]?)?\(?\d{3}\)?[- ]?\d{3}[- ]?\d{4}\b/ },
+    { id: "ip_address", name: "IP Address", pattern: /\b(?:\d{1,3}\.){3}\d{1,3}\b/ },
+    // ── System Prompt Leak ──
+    { id: "system_prompt_leak", name: "System Prompt Leak", pattern: /\b(?:my|the|your|our)\s+(?:system\s+)?(?:prompt|instructions?)\s+(?:is|are|says?|reads?|states?)\s*:/i },
+    { id: "hidden_instructions", name: "Hidden Instructions Leak", pattern: /\b(?:hidden|secret|internal|original|initial|confidential)\s+(?:system\s+)?(?:prompt|instructions?|guidelines?)\b/i },
+    { id: "never_reveal", name: "Leaking 'Never Reveal' Content", pattern: /\b(?:you\s+must\s+never|never\s+reveal|do\s+not\s+(?:share|reveal|disclose)|must\s+not\s+(?:share|reveal|disclose))\s+(?:these|this|the|your)\s+(?:instructions?|prompt|rules?|guidelines?)\b/i },
+];
+/** Get patterns by ID list, or all if empty/undefined */
+export function getSensitivePatterns(ids) {
+    if (!ids || ids.length === 0)
+        return SENSITIVE_PATTERNS;
+    return SENSITIVE_PATTERNS.filter((p) => ids.includes(p.id));
+}
+//# sourceMappingURL=sensitive-patterns.js.map

package/dist/conditions/sensitive-patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sensitive-patterns.js","sourceRoot":"","sources":["../../src/conditions/sensitive-patterns.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAQH,MAAM,CAAC,MAAM,kBAAkB,GAAuB;IACpD,8BAA8B;IAC9B,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,kBAAkB,EAAE;IACtE,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,+BAA+B,EAAE;IACtF,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,qBAAqB,EAAE;IACxE,EAAE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,qBAAqB,EAAE;IAC5E,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,qBAAqB,EAAE;IAC9E,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,sBAAsB,EAAE;IAC/E,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,sBAAsB,EAAE;IAC/E,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,+DAA+D,EAAE;IACpG,EAAE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,+CAA+C,EAAE;IACpG,EAAE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,4BAA4B,EAAE;IACrF,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,kBAAkB,EAAE;IACnE,EAAE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,8BAA8B,EAAE;IACnF,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,wBAAwB,EAAE;IACzE,EAAE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,0BAA0B,EAAE;IAC/E,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,mCAAmC,EAAE;IACtF,EAAE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,0CAA0C,EAAE;IACjG,EAAE,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,2BAA2B,EAAE;IACpF,EAAE,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,uBAAuB,EAAE;IAClF,YAAY;IACZ,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,uBAAuB,EAAE;IAC/D,EAAE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,qFAAqF,EAAE;IACjJ,EAAE,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,qDAAqD,EAAE;IAC9G,EAAE,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,kDAAkD,EAAE;IACxG,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,6BAA6B,EAAE;IAChF,2BAA2B;IAC3B,EAAE,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,uGAAuG,EAAE;IAC1K,EAAE,EAAE,EAAE,qBAAqB,EAAE,IAAI,EAAE,0BAA0B,EAAE,OAAO,EAAE,oHAAoH,EAAE;IAC9L,EAAE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,gCAAgC,EAAE,OAAO,EAAE,gMAAgM,EAAE;CAC1Q,CAAC;AAEF,yDAAyD;AACzD,MAAM,UAAU,oBAAoB,CAAC,GAAc;IACjD,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,kBAAkB,CAAC;IACxD,OAAO,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9D,CAAC"}

package/dist/dry-run.d.ts

@@ -0,0 +1,85 @@
+/**
+ * Dry Run — test policies against your fleet without enforcing.
+ *
+ * Essential for CI/CD pipelines, policy reviews, and migration planning.
+ * Simulates enforcement against registered agents and returns what
+ * WOULD have been blocked, without actually blocking anything.
+ */
+import type { GovernanceInstance } from "./index.js";
+import type { PolicyRule, PolicyAction, PolicyStage, EnforcementDecision } from "./policy.js";
+export interface DryRunScenario {
+    /** Agent to simulate (by ID or name) */
+    agentId?: string;
+    agentName?: string;
+    /** Actions to simulate */
+    actions: DryRunAction[];
+}
+export interface DryRunAction {
+    action: PolicyAction;
+    tool?: string;
+    input?: Record<string, unknown>;
+    /** Pipeline stage to scope evaluation (omit for all-rules evaluation) */
+    stage?: PolicyStage;
+    /** Agent output text for postprocess evaluation */
+    outputText?: string;
+    outputTokenCount?: number;
+    sessionTokensUsed?: number;
+    recentActionCount?: number;
+    toolHistory?: string[];
+    targetUrl?: string;
+    targetPath?: string;
+    sessionCost?: number;
+    concurrentCount?: number;
+}
+export interface DryRunResult {
+    agentId: string;
+    agentName: string;
+    agentLevel: number;
+    decisions: DryRunDecision[];
+    summary: DryRunSummary;
+}
+export interface DryRunDecision {
+    action: DryRunAction;
+    decision: EnforcementDecision;
+}
+export interface DryRunSummary {
+    totalActions: number;
+    wouldBlock: number;
+    wouldAllow: number;
+    wouldRequireApproval: number;
+    wouldWarn: number;
+    blockRate: number;
+    rulesTriggered: string[];
+}
+export interface DryRunConfig {
+    /** Rules to test (defaults to governance instance rules) */
+    rules?: PolicyRule[];
+    /** Default outcome when no rules match */
+    defaultOutcome?: "allow" | "block";
+}
+export interface FleetDryRunResult {
+    results: DryRunResult[];
+    fleetSummary: {
+        totalAgents: number;
+        totalActions: number;
+        totalBlocked: number;
+        totalAllowed: number;
+        blockRate: number;
+        agentsAffected: number;
+        rulesTriggered: string[];
+    };
+    testedAt: string;
+}
+/**
+ * Run a dry-run simulation against a single agent.
+ *
+ * Tests policies against a set of actions without modifying state.
+ */
+export declare function dryRun(governance: GovernanceInstance, scenario: DryRunScenario, config?: DryRunConfig): Promise<DryRunResult>;
+/**
+ * Run a dry-run simulation against the entire fleet.
+ *
+ * Tests the same set of actions against every registered agent.
+ */
+export declare function fleetDryRun(governance: GovernanceInstance, actions: DryRunAction[], config?: DryRunConfig): Promise<FleetDryRunResult>;
+//# sourceMappingURL=dry-run.d.ts.map

package/dist/dry-run.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dry-run.d.ts","sourceRoot":"","sources":["../src/dry-run.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAe,MAAM,YAAY,CAAC;AAClE,OAAO,KAAK,EACV,UAAU,EACV,YAAY,EACZ,WAAW,EACX,mBAAmB,EACpB,MAAM,aAAa,CAAC;AAKrB,MAAM,WAAW,cAAc;IAC7B,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0BAA0B;IAC1B,OAAO,EAAE,YAAY,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,YAAY,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,yEAAyE;IACzE,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB,mDAAmD;IACnD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,cAAc,EAAE,CAAC;IAC5B,OAAO,EAAE,aAAa,CAAC;CACxB;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,YAAY,CAAC;IACrB,QAAQ,EAAE,mBAAmB,CAAC;CAC/B;AAED,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,MAAM,WAAW,YAAY;IAC3B,4DAA4D;IAC5D,KAAK,CAAC,EAAE,UAAU,EAAE,CAAC;IACrB,0CAA0C;IAC1C,cAAc,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC;CACpC;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,YAAY,EAAE;QACZ,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,EAAE,MAAM,CAAC;QACrB,YAAY,EAAE,MAAM,CAAC;QACrB,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,EAAE,MAAM,CAAC;QAClB,cAAc,EAAE,MAAM,CAAC;QACvB,cAAc,EAAE,MAAM,EAAE,CAAC;KAC1B,CAAC;IACF,QAAQ,EAAE,MAAM,CAAC;CAClB;AAID;;;;GAIG;AACH,wBAAsB,MAAM,CAC1B,UAAU,EAAE,kBAAkB,EAC9B,QAAQ,EAAE,cAAc,EACxB,MAAM,GAAE,YAAiB,GACxB,OAAO,CAAC,YAAY,CAAC,CAwFvB;AAED;;;;GAIG;AACH,wBAAsB,WAAW,CAC/B,UAAU,EAAE,kBAAkB,EAC9B,OAAO,EAAE,YAAY,EAAE,EACvB,MAAM,GAAE,YAAiB,GACxB,OAAO,CAAC,iBAAiB,CAAC,CA8C5B"}