hadara 0.1.0-rc.0

package/dist/mcp/server.js

@@ -0,0 +1,104 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handleMcpJsonRpcMessage = handleMcpJsonRpcMessage;
+exports.startMcpStdioServer = startMcpStdioServer;
+const node_readline_1 = __importDefault(require("node:readline"));
+const tool_dispatch_1 = require("./tool-dispatch");
+const tool_registry_1 = require("./tool-registry");
+function handleMcpJsonRpcMessage(message, options = {}) {
+    let parsed;
+    try {
+        parsed = JSON.parse(message);
+    }
+    catch {
+        return serializeError(null, -32700, 'Parse error');
+    }
+    if (!isJsonRpcRequest(parsed)) {
+        return serializeError(null, -32600, 'Invalid Request');
+    }
+    if (parsed.id === undefined) {
+        return null;
+    }
+    return JSON.stringify(handleMcpRequest(parsed, options));
+}
+function startMcpStdioServer(options = {}, input = process.stdin, output = process.stdout) {
+    const lines = node_readline_1.default.createInterface({ input });
+    lines.on('line', (line) => {
+        const trimmed = line.trim();
+        if (!trimmed)
+            return;
+        const response = handleMcpJsonRpcMessage(trimmed, options);
+        if (response)
+            output.write(`${response}\n`);
+    });
+}
+function handleMcpRequest(request, options) {
+    const projectRoot = options.projectRoot ?? process.cwd();
+    const tools = (0, tool_registry_1.createMcpToolRegistry)(projectRoot, { enableEvidenceAttach: options.enableEvidenceAttach });
+    const writeEnabled = options.enableEvidenceAttach === true;
+    switch (request.method) {
+        case 'initialize':
+            return success(request.id ?? null, {
+                protocolVersion: '2024-11-05',
+                serverInfo: {
+                    name: 'hadara',
+                    version: '0.0.0-bootstrap'
+                },
+                capabilities: {
+                    tools: {
+                        listChanged: false
+                    },
+                    _meta: {
+                        'hadara/phase': writeEnabled ? 'evidence-attach-enabled' : 'read-only-bridge',
+                        'hadara/readOnly': !writeEnabled,
+                        'hadara/writes': writeEnabled,
+                        'hadara/evidenceAttach': writeEnabled,
+                        'hadara/shellExecution': false,
+                        'hadara/providerCalls': false
+                    }
+                },
+                instructions: writeEnabled
+                    ? 'HADARA MCP evidence attach is enabled only for this server process. Evidence writes require per-call approval metadata, are audited privately, and never execute shell commands or call providers.'
+                    : 'HADARA MCP is running in default read-only mode. Evidence attach, shell execution, and provider calls are disabled for this server process.'
+            });
+        case 'tools/list':
+            return success(request.id ?? null, { tools: tools.map((tool) => tool.metadata) });
+        case 'tools/call': {
+            try {
+                return success(request.id ?? null, (0, tool_dispatch_1.dispatchMcpToolCall)(request.params, tools));
+            }
+            catch (toolError) {
+                if (toolError instanceof tool_dispatch_1.McpToolDispatchError) {
+                    return error(request.id ?? null, toolError.jsonRpcCode, toolError.message, { issue: toolError.issue });
+                }
+                return error(request.id ?? null, -32603, toolError instanceof Error ? toolError.message : String(toolError));
+            }
+        }
+        default:
+            return error(request.id ?? null, -32601, `Method not found: ${request.method}`);
+    }
+}
+function isJsonRpcRequest(value) {
+    if (typeof value !== 'object' || value === null)
+        return false;
+    const candidate = value;
+    if (candidate.jsonrpc !== '2.0')
+        return false;
+    if (typeof candidate.method !== 'string')
+        return false;
+    if (candidate.id !== undefined && candidate.id !== null && typeof candidate.id !== 'string' && typeof candidate.id !== 'number')
+        return false;
+    return true;
+}
+function success(id, result) {
+    return { jsonrpc: '2.0', id, result };
+}
+function error(id, code, message, data) {
+    return { jsonrpc: '2.0', id, error: { code, message, ...(data === undefined ? {} : { data }) } };
+}
+function serializeError(id, code, message) {
+    return JSON.stringify(error(id, code, message));
+}

package/dist/mcp/tool-dispatch.js

@@ -0,0 +1,159 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.McpToolDispatchError = exports.MCP_TOOL_ISSUE_CODES = void 0;
+exports.dispatchMcpToolCall = dispatchMcpToolCall;
+exports.wrapJsonTextPayload = wrapJsonTextPayload;
+exports.MCP_TOOL_ISSUE_CODES = [
+    'TOOL_NOT_FOUND',
+    'TOOL_INPUT_INVALID',
+    'TOOL_NOT_IMPLEMENTED',
+    'TOOL_FORBIDDEN_BY_PHASE',
+    'TOOL_POLICY_DENIED',
+    'TOOL_WRITE_FORBIDDEN',
+    'TOOL_WORKSPACE_BOUNDARY',
+    'TOOL_ARTIFACT_REDACTION_FAILED',
+    'TOOL_SCHEMA_VERSION_MISMATCH'
+];
+class McpToolDispatchError extends Error {
+    issue;
+    jsonRpcCode;
+    constructor(issue, jsonRpcCode = -32602) {
+        super(issue.message);
+        this.issue = issue;
+        this.jsonRpcCode = jsonRpcCode;
+        this.name = 'McpToolDispatchError';
+    }
+}
+exports.McpToolDispatchError = McpToolDispatchError;
+function dispatchMcpToolCall(params, tools) {
+    const call = parseToolCallParams(params);
+    const tool = tools.find((item) => item.metadata.name === call.name);
+    if (!tool) {
+        throw new McpToolDispatchError({
+            severity: 'error',
+            code: 'TOOL_NOT_FOUND',
+            message: `MCP tool not found: ${call.name}`
+        });
+    }
+    if (!tool.phaseAllowed) {
+        throw new McpToolDispatchError({
+            severity: 'error',
+            code: 'TOOL_FORBIDDEN_BY_PHASE',
+            message: `MCP tool is forbidden in the current HADARA phase: ${call.name}`
+        });
+    }
+    if (!tool.handler) {
+        throw new McpToolDispatchError({
+            severity: 'error',
+            code: 'TOOL_NOT_IMPLEMENTED',
+            message: `MCP tool is not implemented: ${call.name}`
+        });
+    }
+    validateToolArguments(call.name, call.arguments, tool.metadata.inputSchema);
+    return wrapJsonTextPayload(tool.handler(call.arguments));
+}
+function wrapJsonTextPayload(report) {
+    return {
+        content: [
+            {
+                type: 'text',
+                text: JSON.stringify(report)
+            }
+        ]
+    };
+}
+function parseToolCallParams(params) {
+    if (!isPlainObject(params)) {
+        throw invalidInput('tools/call params must be an object.');
+    }
+    if (typeof params.name !== 'string' || params.name.trim().length === 0) {
+        throw invalidInput('tools/call params.name must be a non-empty string.');
+    }
+    if (!isPlainObject(params.arguments)) {
+        throw invalidInput('tools/call params.arguments must be an object.');
+    }
+    return {
+        name: params.name,
+        arguments: params.arguments
+    };
+}
+function validateToolArguments(toolName, args, schema) {
+    const required = schema.required ?? [];
+    for (const name of required) {
+        if (!(name in args)) {
+            throw invalidInput(`${toolName} requires argument: ${name}`);
+        }
+    }
+    if (!schema.additionalProperties) {
+        for (const name of Object.keys(args)) {
+            if (!(name in schema.properties)) {
+                throw invalidInput(`${toolName} does not accept argument: ${name}`);
+            }
+        }
+    }
+    validateSchemaProperties(toolName, args, schema.properties, schema.required ?? []);
+}
+function validateSchemaProperties(toolName, args, properties, required, pathPrefix = '') {
+    for (const name of required) {
+        if (!(name in args)) {
+            throw invalidInput(`${toolName} requires argument: ${pathPrefix}${name}`);
+        }
+    }
+    for (const [name, property] of Object.entries(properties)) {
+        const value = args[name];
+        if (value === undefined)
+            continue;
+        const argumentName = `${pathPrefix}${name}`;
+        if (property.type === 'boolean' && typeof value !== 'boolean') {
+            throw invalidInput(`${toolName} argument ${argumentName} must be a boolean.`);
+        }
+        if (property.type === 'integer') {
+            if (typeof value !== 'number' || !Number.isInteger(value)) {
+                throw invalidInput(`${toolName} argument ${argumentName} must be an integer.`);
+            }
+            if (property.minimum !== undefined && value < property.minimum) {
+                throw invalidInput(`${toolName} argument ${argumentName} must be greater than or equal to ${property.minimum}.`);
+            }
+            if (property.maximum !== undefined && value > property.maximum) {
+                throw invalidInput(`${toolName} argument ${argumentName} must be less than or equal to ${property.maximum}.`);
+            }
+        }
+        if (property.type === 'string') {
+            if (typeof value !== 'string') {
+                throw invalidInput(`${toolName} argument ${argumentName} must be a string.`);
+            }
+            if (property.minLength !== undefined && value.length < property.minLength) {
+                throw invalidInput(`${toolName} argument ${argumentName} must be at least ${property.minLength} character(s).`);
+            }
+            if (property.pattern !== undefined && !new RegExp(property.pattern).test(value)) {
+                throw invalidInput(`${toolName} argument ${argumentName} must match ${property.pattern}.`);
+            }
+            if (property.enum !== undefined && !property.enum.includes(value)) {
+                throw invalidInput(`${toolName} argument ${argumentName} must be one of: ${property.enum.join(', ')}.`);
+            }
+        }
+        if (property.type === 'object') {
+            if (!isPlainObject(value)) {
+                throw invalidInput(`${toolName} argument ${argumentName} must be an object.`);
+            }
+            if (!property.additionalProperties) {
+                for (const childName of Object.keys(value)) {
+                    if (!(childName in property.properties)) {
+                        throw invalidInput(`${toolName} argument ${argumentName} does not accept property: ${childName}`);
+                    }
+                }
+            }
+            validateSchemaProperties(toolName, value, property.properties, property.required ?? [], `${argumentName}.`);
+        }
+    }
+}
+function invalidInput(message) {
+    return new McpToolDispatchError({
+        severity: 'error',
+        code: 'TOOL_INPUT_INVALID',
+        message
+    });
+}
+function isPlainObject(value) {
+    return typeof value === 'object' && value !== null && !Array.isArray(value);
+}

package/dist/mcp/tool-registry.js

@@ -0,0 +1,150 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createMcpToolRegistry = createMcpToolRegistry;
+const evidence_json_1 = require("../cli/evidence-json");
+const audit_1 = require("../core/audit");
+const paths_1 = require("../core/paths");
+const context_export_1 = require("../hermes/context-export");
+const project_read_model_1 = require("../services/project-read-model");
+const active_run_state_1 = require("../services/active-run-state");
+const evidence_list_1 = require("../services/evidence-list");
+const harness_service_1 = require("../services/harness-service");
+const operational_debt_1 = require("../services/operational-debt");
+const policy_service_1 = require("../services/policy-service");
+const task_read_model_1 = require("../services/task-read-model");
+const tools_list_1 = require("../services/tools-list");
+const tool_schemas_1 = require("./tool-schemas");
+function createMcpToolRegistry(projectRoot, options = {}) {
+    const readTools = tool_schemas_1.HADARA_MCP_TOOL_SCHEMAS.map((metadata) => ({
+        metadata,
+        phaseAllowed: true,
+        handler: (args) => handleReadOnlyTool(projectRoot, metadata.name, args, options)
+    }));
+    if (!options.enableEvidenceAttach)
+        return readTools;
+    return [
+        ...readTools,
+        {
+            metadata: tool_schemas_1.HADARA_MCP_EVIDENCE_ATTACH_SCHEMA,
+            phaseAllowed: true,
+            handler: (args) => handleEvidenceAttachTool(projectRoot, args)
+        }
+    ];
+}
+function handleReadOnlyTool(projectRoot, name, args, options) {
+    switch (name) {
+        case 'hadara.task.list':
+            return {
+                ...(0, task_read_model_1.createTaskListReport)(projectRoot),
+                issues: []
+            };
+        case 'hadara.task.read':
+            return (0, task_read_model_1.createTaskReadReport)(projectRoot, String(args.taskId), {
+                includePrivate: args.includePrivate === true
+            });
+        case 'hadara.handoff.read':
+            return (0, project_read_model_1.createHandoffReadReport)(projectRoot, {
+                includeHistory: args.includeHistory === true,
+                historyLimit: typeof args.historyLimit === 'number' ? args.historyLimit : 20
+            });
+        case 'hadara.project.state.read':
+            return (0, project_read_model_1.createProjectStateReadReport)(projectRoot, {
+                includeDocuments: args.includeDocuments === undefined ? true : args.includeDocuments === true,
+                summaryOnly: args.summaryOnly === true
+            });
+        case 'hadara.policy.evaluate':
+            return (0, policy_service_1.createPolicyEvaluateReport)(String(args.command), typeof args.mode === 'string' ? args.mode : 'assisted');
+        case 'hadara.harness.validate':
+            return (0, harness_service_1.createHarnessValidateReport)(projectRoot, String(args.taskId), {
+                level: args.level === 'done' ? 'done' : 'draft'
+            });
+        case 'hadara.evidence.list':
+            return (0, evidence_list_1.createEvidenceListReport)(projectRoot, {
+                taskId: String(args.taskId),
+                limit: typeof args.limit === 'number' ? args.limit : undefined,
+                includePrivate: args.includePrivate === true
+            });
+        case 'hadara.context.export':
+            return (0, context_export_1.createContextExportReport)(projectRoot, {
+                format: args.format === 'json' ? 'json' : 'markdown',
+                summaryOnly: args.summaryOnly === true
+            });
+        case 'hadara.tools.list':
+            return (0, tools_list_1.createToolsListReport)({ enableEvidenceAttach: options.enableEvidenceAttach });
+        case 'hadara.active.run.read':
+            return (0, active_run_state_1.safeCreateActiveRunProjection)(projectRoot);
+        case 'hadara.active.run.resume':
+            return (0, active_run_state_1.createActiveRunResumeReport)(projectRoot);
+        case 'hadara.debt.list':
+            return (0, operational_debt_1.createOperationalDebtReport)(projectRoot);
+        case 'hadara.debt.show':
+            return (0, operational_debt_1.createOperationalDebtShowReport)(projectRoot, String(args.id));
+        default:
+            throw new Error(`unregistered MCP tool handler: ${name}`);
+    }
+}
+function handleEvidenceAttachTool(projectRoot, args) {
+    const approval = parseApproval(args.approval);
+    const report = (0, evidence_json_1.createEvidenceCollectReport)(projectRoot, {
+        taskId: String(args.taskId),
+        kind: parseEvidenceKind(String(args.kind)),
+        summary: String(args.summary),
+        result: parseEvidenceResult(String(args.result)),
+        visibility: parseEvidenceVisibility(typeof args.visibility === 'string' ? args.visibility : 'public'),
+        path: typeof args.artifactPath === 'string' ? args.artifactPath : undefined
+    });
+    auditEvidenceAttach(projectRoot, args, approval, report);
+    return report;
+}
+function parseApproval(value) {
+    const approval = value;
+    return {
+        actor: String(approval.actor),
+        reason: String(approval.reason)
+    };
+}
+function auditEvidenceAttach(projectRoot, args, approval, report) {
+    const result = isEvidenceCollectReport(report) && report.ok ? 'succeeded' : 'failed';
+    const issues = isEvidenceCollectReport(report) ? report.issues.map((issue) => ({ code: issue.code, severity: issue.severity })) : [];
+    (0, audit_1.writeAuditEvent)((0, paths_1.resolveHadaraPaths)({ projectRoot }).auditDir, {
+        actor: 'agent',
+        task_id: typeof args.taskId === 'string' ? args.taskId : undefined,
+        event_type: `mcp.evidence.attach.${result}`,
+        risk: result === 'succeeded' ? 'medium' : 'blocked',
+        summary: `MCP evidence attach ${result} for ${String(args.taskId)}`,
+        payload: {
+            tool: 'hadara.evidence.attach',
+            approval,
+            input: {
+                taskId: args.taskId,
+                kind: args.kind,
+                result: args.result,
+                visibility: typeof args.visibility === 'string' ? args.visibility : 'public',
+                artifactPathProvided: typeof args.artifactPath === 'string'
+            },
+            ok: result === 'succeeded',
+            issues
+        }
+    });
+}
+function isEvidenceCollectReport(value) {
+    if (typeof value !== 'object' || value === null)
+        return false;
+    const candidate = value;
+    return typeof candidate.ok === 'boolean' && Array.isArray(candidate.issues);
+}
+function parseEvidenceKind(value) {
+    if (value === 'test-log' || value === 'command-log' || value === 'diff-summary' || value === 'screenshot' || value === 'note')
+        return value;
+    throw new Error(`unsupported evidence kind: ${value}`);
+}
+function parseEvidenceResult(value) {
+    if (value === 'passed' || value === 'failed' || value === 'blocked' || value === 'unknown')
+        return value;
+    throw new Error(`unsupported evidence result: ${value}`);
+}
+function parseEvidenceVisibility(value) {
+    if (value === 'public' || value === 'private')
+        return value;
+    throw new Error(`unsupported evidence visibility: ${value}`);
+}

package/dist/mcp/tool-schemas.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HADARA_MCP_EVIDENCE_ATTACH_SCHEMA = exports.HADARA_MCP_TOOL_SCHEMAS = void 0;
+const capability_registry_1 = require("../services/capability-registry");
+exports.HADARA_MCP_TOOL_SCHEMAS = capability_registry_1.HADARA_MCP_READ_CAPABILITIES.map((capability) => ({
+    name: capability.name,
+    description: capability.description,
+    inputSchema: capability.inputSchema,
+    annotations: { readOnlyHint: true },
+    _meta: { 'hadara/readOnly': true, 'hadara/implemented': true }
+}));
+exports.HADARA_MCP_EVIDENCE_ATTACH_SCHEMA = {
+    name: capability_registry_1.HADARA_MCP_EVIDENCE_ATTACH_CAPABILITY.name,
+    description: capability_registry_1.HADARA_MCP_EVIDENCE_ATTACH_CAPABILITY.description,
+    inputSchema: capability_registry_1.HADARA_MCP_EVIDENCE_ATTACH_CAPABILITY.inputSchema,
+    annotations: { readOnlyHint: false },
+    _meta: { 'hadara/readOnly': false, 'hadara/implemented': true }
+};

package/dist/policy/command-risk.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.classifyCommandRisk = classifyCommandRisk;
+exports.isDangerousShellCommand = isDangerousShellCommand;
+const presets_1 = require("./presets");
+const BLOCKED_WORDS = new Set(['sudo', 'format', 'diskpart']);
+const EXECUTION_SINKS = new Set(['sh', 'bash', 'iex', 'invoke-expression']);
+const NETWORK_COMMANDS = new Set(['curl', 'wget', 'iwr', 'invoke-webrequest']);
+function classifyCommandRisk(command) {
+    const safePreset = (0, presets_1.findSafeCommandPreset)(command);
+    if (safePreset)
+        return safePreset.risk;
+    const tokens = command.tokens.map((token) => token.toLowerCase());
+    if (isDangerousShellCommand(command))
+        return 'destructive';
+    if (tokens[0] === 'npm' && tokens[1] === 'publish')
+        return 'release';
+    if (NETWORK_COMMANDS.has(tokens[0]))
+        return 'network';
+    return 'write';
+}
+function isDangerousShellCommand(command) {
+    const tokens = command.tokens.map((token) => token.toLowerCase());
+    if (tokens.some((token) => BLOCKED_WORDS.has(token)))
+        return true;
+    if (tokens[0] === 'rm' && tokens.some((token) => token.includes('r') && token.includes('f')))
+        return true;
+    if (tokens[0] === 'del' && tokens.some((token) => token.toLowerCase() === '/s'))
+        return true;
+    if (tokens[0] === 'git' && tokens[1] === 'reset' && tokens.includes('--hard'))
+        return true;
+    if (tokens[0] === 'git' && tokens[1] === 'clean' && tokens.some((token) => token.includes('f') || token.includes('x'))) {
+        return true;
+    }
+    if (command.operators.includes('|')) {
+        return tokens.some((token) => NETWORK_COMMANDS.has(token)) && tokens.some((token) => EXECUTION_SINKS.has(token));
+    }
+    return false;
+}

package/dist/policy/permission-matrix.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parsePermissionMode = parsePermissionMode;
+exports.evaluatePermissionMatrix = evaluatePermissionMatrix;
+function parsePermissionMode(value) {
+    if (value === 'readonly' || value === 'assisted' || value === 'trusted' || value === 'auto' || value === 'release') {
+        return value;
+    }
+    throw new Error(`unsupported permission mode: ${value}`);
+}
+function evaluatePermissionMatrix(mode, risk) {
+    if (risk === 'destructive') {
+        return { action: 'deny', risk: 'blocked', reason: 'Dangerous shell command is blocked by policy.' };
+    }
+    if (risk === 'release') {
+        return mode === 'release'
+            ? { action: 'ask', risk: 'high', reason: 'Release mode requires explicit approval for release commands.' }
+            : { action: 'deny', risk: 'blocked', reason: 'Release commands are only available in release mode.' };
+    }
+    if (mode === 'readonly') {
+        return { action: 'deny', risk: 'medium', reason: 'Readonly mode does not allow shell execution.' };
+    }
+    if (risk === 'network' && (mode === 'auto' || mode === 'trusted')) {
+        return { action: 'ask', risk: 'high', reason: `${mode} mode requires approval for network commands.` };
+    }
+    if (mode === 'assisted') {
+        return isKnownSafeRisk(risk)
+            ? { action: 'ask', risk: 'low', reason: 'Assisted mode still requires approval for safe shell commands.' }
+            : { action: 'ask', risk: 'medium', reason: 'Assisted mode requires approval for shell execution.' };
+    }
+    if (mode === 'release') {
+        return isKnownSafeRisk(risk)
+            ? { action: 'allow', risk: 'low', reason: 'Release mode allows known build/test commands.' }
+            : { action: 'ask', risk: 'high', reason: 'Release mode requires approval for non-release commands.' };
+    }
+    return isKnownSafeRisk(risk)
+        ? { action: 'allow', risk: 'low', reason: `${mode} mode allows known safe shell commands.` }
+        : { action: 'allow', risk: 'medium', reason: `${mode} mode allows non-dangerous shell execution.` };
+}
+function isKnownSafeRisk(risk) {
+    return risk === 'read' || risk === 'test' || risk === 'build';
+}

package/dist/policy/policy.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.tokenizeShellCommand = exports.parsePermissionMode = exports.evaluatePermissionMatrix = exports.isDangerousShellCommand = exports.classifyCommandRisk = void 0;
+exports.classifyShellCommand = classifyShellCommand;
+const command_risk_1 = require("./command-risk");
+const permission_matrix_1 = require("./permission-matrix");
+const tokenizer_1 = require("./tokenizer");
+var command_risk_2 = require("./command-risk");
+Object.defineProperty(exports, "classifyCommandRisk", { enumerable: true, get: function () { return command_risk_2.classifyCommandRisk; } });
+Object.defineProperty(exports, "isDangerousShellCommand", { enumerable: true, get: function () { return command_risk_2.isDangerousShellCommand; } });
+var permission_matrix_2 = require("./permission-matrix");
+Object.defineProperty(exports, "evaluatePermissionMatrix", { enumerable: true, get: function () { return permission_matrix_2.evaluatePermissionMatrix; } });
+Object.defineProperty(exports, "parsePermissionMode", { enumerable: true, get: function () { return permission_matrix_2.parsePermissionMode; } });
+var tokenizer_2 = require("./tokenizer");
+Object.defineProperty(exports, "tokenizeShellCommand", { enumerable: true, get: function () { return tokenizer_2.tokenizeShellCommand; } });
+function classifyShellCommand(command, mode) {
+    const normalizedMode = (0, permission_matrix_1.parsePermissionMode)(mode);
+    const parsed = (0, tokenizer_1.tokenizeShellCommand)(command);
+    return (0, permission_matrix_1.evaluatePermissionMatrix)(normalizedMode, (0, command_risk_1.classifyCommandRisk)(parsed));
+}

package/dist/policy/preflight.js

@@ -0,0 +1,47 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createShellExecutionPreflight = createShellExecutionPreflight;
+const policy_1 = require("./policy");
+function createShellExecutionPreflight(command, mode) {
+    const normalizedMode = (0, policy_1.parsePermissionMode)(mode);
+    const shell = (0, policy_1.tokenizeShellCommand)(command);
+    const decision = (0, policy_1.classifyShellCommand)(command, normalizedMode);
+    const execution = toExecutionGate(decision);
+    return {
+        schemaVersion: 'hadara.policy.preflight.v1',
+        command: 'policy.preflight-shell',
+        ok: execution.status !== 'denied',
+        input: {
+            mode: normalizedMode,
+            command
+        },
+        shell,
+        decision,
+        execution
+    };
+}
+function toExecutionGate(decision) {
+    if (decision.action === 'allow') {
+        return {
+            status: 'allowed',
+            canExecuteWithoutApproval: true,
+            requiresApproval: false,
+            willExecute: false
+        };
+    }
+    if (decision.action === 'ask') {
+        return {
+            status: 'requires_approval',
+            canExecuteWithoutApproval: false,
+            requiresApproval: true,
+            willExecute: false
+        };
+    }
+    return {
+        status: 'denied',
+        canExecuteWithoutApproval: false,
+        requiresApproval: false,
+        willExecute: false,
+        exitCodeIfBlocked: 2
+    };
+}

package/dist/policy/presets.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SAFE_COMMAND_PRESETS = void 0;
+exports.findSafeCommandPreset = findSafeCommandPreset;
+exports.SAFE_COMMAND_PRESETS = [
+    { id: 'npm-test', tokens: ['npm', 'test'], risk: 'test', platform: 'any' },
+    { id: 'npm-run-test', tokens: ['npm', 'run', 'test'], risk: 'test', platform: 'any' },
+    { id: 'npm-run-test-unit', tokens: ['npm', 'run', 'test:unit'], risk: 'test', platform: 'any' },
+    { id: 'npm-run-test-contract', tokens: ['npm', 'run', 'test:contract'], risk: 'test', platform: 'any' },
+    { id: 'npm-run-test-harness', tokens: ['npm', 'run', 'test:harness'], risk: 'test', platform: 'any' },
+    { id: 'npm-run-build', tokens: ['npm', 'run', 'build'], risk: 'build', platform: 'any' },
+    { id: 'npm-run-check', tokens: ['npm', 'run', 'check'], risk: 'test', platform: 'any' },
+    { id: 'pytest', tokens: ['pytest'], risk: 'test', platform: 'any' },
+    { id: 'git-diff', tokens: ['git', 'diff'], risk: 'read', platform: 'any' },
+    { id: 'git-status', tokens: ['git', 'status'], risk: 'read', platform: 'any' },
+    { id: 'git-log', tokens: ['git', 'log'], risk: 'read', platform: 'any' },
+    { id: 'git-show', tokens: ['git', 'show'], risk: 'read', platform: 'any' }
+];
+function findSafeCommandPreset(command) {
+    if (command.operators.length > 0)
+        return null;
+    const tokens = command.tokens.map((token) => token.toLowerCase());
+    return exports.SAFE_COMMAND_PRESETS.find((preset) => tokens.length === preset.tokens.length && preset.tokens.every((part, index) => tokens[index] === part)) ?? null;
+}

package/dist/policy/tokenizer.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.tokenizeShellCommand = tokenizeShellCommand;
+function tokenizeShellCommand(command) {
+    const tokens = [];
+    const operators = [];
+    let current = '';
+    let quote = null;
+    for (let index = 0; index < command.length; index += 1) {
+        const char = command[index];
+        const next = command[index + 1];
+        if (quote) {
+            if (char === quote) {
+                quote = null;
+            }
+            else {
+                current += char;
+            }
+            continue;
+        }
+        if (char === '"' || char === "'") {
+            quote = char;
+            continue;
+        }
+        const twoCharOperator = `${char}${next}`;
+        if (twoCharOperator === '&&' || twoCharOperator === '||') {
+            pushToken(tokens, current);
+            current = '';
+            operators.push(twoCharOperator);
+            index += 1;
+            continue;
+        }
+        if (char === '|' || char === ';') {
+            pushToken(tokens, current);
+            current = '';
+            operators.push(char);
+            continue;
+        }
+        if (/\s/.test(char)) {
+            pushToken(tokens, current);
+            current = '';
+            continue;
+        }
+        current += char;
+    }
+    pushToken(tokens, current);
+    return { tokens, operators };
+}
+function pushToken(tokens, value) {
+    const trimmed = value.trim();
+    if (trimmed)
+        tokens.push(trimmed);
+}