martin-loop 0.1.5 → 1.3.0

package/dist/vendor/core/persistence/cleanup.js

@@ -0,0 +1,131 @@
+/**
+ * Stale run TTL cleanup and active run resolution.
+ *
+ * Fixes the "zombie session" problem where interrupted runs leave state.json
+ * stuck in a non-terminal lifecycleState. New sessions that inspect the runs
+ * directory would see these as active when they're abandoned.
+ *
+ * Default TTL: 4 hours (MARTIN_SESSION_TTL_MS env override).
+ */
+import { mkdir, readdir, readFile, writeFile } from "node:fs/promises";
+import { join } from "node:path";
+// ---------------------------------------------------------------------------
+// Constants
+// ---------------------------------------------------------------------------
+const DEFAULT_TTL_MS = 4 * 60 * 60 * 1000; // 4 hours
+/** LoopLifecycleState values that represent a finished (non-resumable) run. */
+const TERMINAL_STATES = new Set([
+    "completed",
+    "budget_exit",
+    "diminishing_returns",
+    "stuck_exit",
+    "human_escalation",
+    "session_timeout",
+    "stagnation_detected",
+    "wall_clock_exceeded"
+]);
+// ---------------------------------------------------------------------------
+// cleanStaleRuns
+// ---------------------------------------------------------------------------
+/**
+ * Scan runsRoot for abandoned non-terminal runs and mark them session_timeout.
+ *
+ * A run is stale when:
+ *   - Its state.json lifecycleState is not in TERMINAL_STATES, AND
+ *   - Its state.json updatedAt timestamp is older than ttlMs
+ *
+ * The TTL defaults to MARTIN_SESSION_TTL_MS env var, then 4 hours.
+ */
+export async function cleanStaleRuns(runsRoot, ttlMs) {
+    const resolvedTtl = ttlMs ??
+        (process.env["MARTIN_SESSION_TTL_MS"]
+            ? parseInt(process.env["MARTIN_SESSION_TTL_MS"], 10)
+            : DEFAULT_TTL_MS);
+    const now = Date.now();
+    const errors = [];
+    let cleaned = 0;
+    let entries;
+    try {
+        entries = await readdir(runsRoot);
+    }
+    catch {
+        // runsRoot doesn't exist yet — nothing to clean
+        return { cleaned: 0, errors: [] };
+    }
+    for (const entry of entries) {
+        const statePath = join(runsRoot, entry, "state.json");
+        try {
+            const raw = await readFile(statePath, "utf8");
+            const state = JSON.parse(raw);
+            const lifecycleState = state.lifecycleState;
+            const updatedAt = state.updatedAt;
+            // Skip terminal runs regardless of age
+            if (!lifecycleState || TERMINAL_STATES.has(lifecycleState)) {
+                continue;
+            }
+            // Skip runs updated recently
+            if (!updatedAt)
+                continue;
+            const elapsed = now - new Date(updatedAt).getTime();
+            if (elapsed < resolvedTtl)
+                continue;
+            // Mark as session_timeout
+            const updated = {
+                ...state,
+                lifecycleState: "session_timeout",
+                updatedAt: new Date().toISOString()
+            };
+            await writeFile(statePath, `${JSON.stringify(updated, null, 2)}\n`, "utf8");
+            cleaned++;
+        }
+        catch (err) {
+            // state.json missing or unreadable — skip silently, record error
+            if (err.code !== "ENOENT") {
+                errors.push(`${entry}: ${String(err)}`);
+            }
+        }
+    }
+    return { cleaned, errors };
+}
+// ---------------------------------------------------------------------------
+// resolveActiveRuns
+// ---------------------------------------------------------------------------
+/**
+ * Return RunContracts for all runs currently in a non-terminal lifecycleState.
+ * Reads both state.json (for lifecycleState) and contract.json (for RunContract).
+ * Entries missing either file are silently skipped.
+ */
+export async function resolveActiveRuns(runsRoot) {
+    let entries;
+    try {
+        entries = await readdir(runsRoot);
+    }
+    catch {
+        return [];
+    }
+    const active = [];
+    for (const entry of entries) {
+        try {
+            const statePath = join(runsRoot, entry, "state.json");
+            const contractPath = join(runsRoot, entry, "contract.json");
+            const stateRaw = await readFile(statePath, "utf8");
+            const state = JSON.parse(stateRaw);
+            if (!state.lifecycleState || TERMINAL_STATES.has(state.lifecycleState)) {
+                continue;
+            }
+            const contractRaw = await readFile(contractPath, "utf8");
+            const contract = JSON.parse(contractRaw);
+            active.push(contract);
+        }
+        catch {
+            // Missing state.json or contract.json — skip
+        }
+    }
+    return active;
+}
+// Ensure the runsRoot directory exists (best-effort, used by callers that
+// want to guarantee the directory before scanning)
+export async function ensureRunsRoot(runsRoot) {
+    await mkdir(runsRoot, { recursive: true });
+}
+//# sourceMappingURL=cleanup.js.map

package/dist/vendor/core/persistence/index.d.ts

@@ -2,5 +2,7 @@ export { makeLedgerEvent } from "./ledger.js";
 export type { LedgerEvent, LedgerEventDraft, LedgerEventKind } from "./ledger.js";
 export { artifactDir, createFileRunStore, resolveRunsRoot, runDir } from "./store.js";
 export type { AttemptArtifacts, RunContract, RunStore } from "./store.js";
+export { readAllLoopRecords, readLatestLoopRecord, readLatestLoopRecordFromFile, readLoopRecordsFromFile } from "./runs-reader.js";
+export type { LoopAttemptRecord, LoopRunRecord } from "./runs-reader.js";
 export { compileAndPersistContext } from "./compiler.js";
 export type { CompileResult } from "./compiler.js";

package/dist/vendor/core/persistence/index.js

@@ -1,4 +1,5 @@
 export { makeLedgerEvent } from "./ledger.js";
 export { artifactDir, createFileRunStore, resolveRunsRoot, runDir } from "./store.js";
+export { readAllLoopRecords, readLatestLoopRecord, readLatestLoopRecordFromFile, readLoopRecordsFromFile } from "./runs-reader.js";
 export { compileAndPersistContext } from "./compiler.js";
 //# sourceMappingURL=index.js.map

package/dist/vendor/core/persistence/runs-reader.d.ts

@@ -0,0 +1,52 @@
+/**
+ * Reads completed loop records from ~/.martin/runs/ for analysis.
+ * Used by the Trust Calibration Engine and other offline analytics.
+ *
+ * Supports both storage layouts:
+ * - legacy root JSONL files: <runsRoot>/*.jsonl
+ * - canonical run trees: <runsRoot>/<loopId>/loop-record.json
+ */
+export interface LoopAttemptRecord {
+    index: number;
+    model?: string;
+    adapterId?: string;
+    failureClass?: string;
+    intervention?: string;
+    startedAt?: string;
+    completedAt?: string;
+}
+export interface LoopRunRecord {
+    loopId: string;
+    status: string;
+    lifecycleState: string;
+    createdAt: string;
+    updatedAt: string;
+    budget: {
+        maxUsd: number;
+        softLimitUsd: number;
+        maxIterations: number;
+        maxTokens: number;
+    };
+    cost: {
+        actualUsd: number;
+        tokensIn: number;
+        tokensOut: number;
+        avoidedUsd?: number;
+    };
+    attempts: LoopAttemptRecord[];
+    task: {
+        title: string;
+        objective: string;
+    };
+}
+export declare function readLoopRecordsFromFile(file: string): Promise<LoopRunRecord[]>;
+export declare function readLatestLoopRecordFromFile(file: string): Promise<LoopRunRecord | null>;
+/**
+ * Reads all loop records from the given directory (default: ~/.martin/runs/).
+ * Returns an empty array if the directory doesn't exist or has no records.
+ */
+export declare function readAllLoopRecords(runsDir?: string): Promise<LoopRunRecord[]>;
+/**
+ * Returns the most recently updated loop record, or null if none exist.
+ */
+export declare function readLatestLoopRecord(runsDir?: string): Promise<LoopRunRecord | null>;

package/dist/vendor/core/persistence/runs-reader.js

@@ -0,0 +1,84 @@
+/**
+ * Reads completed loop records from ~/.martin/runs/ for analysis.
+ * Used by the Trust Calibration Engine and other offline analytics.
+ *
+ * Supports both storage layouts:
+ * - legacy root JSONL files: <runsRoot>/*.jsonl
+ * - canonical run trees: <runsRoot>/<loopId>/loop-record.json
+ */
+import { readFile, readdir } from "node:fs/promises";
+import { homedir } from "node:os";
+import { extname, join } from "node:path";
+export async function readLoopRecordsFromFile(file) {
+    const text = await readFile(file, "utf8");
+    const extension = extname(file).toLowerCase();
+    if (extension === ".jsonl") {
+        return text
+            .split(/\r?\n/u)
+            .map((line) => line.trim())
+            .filter(Boolean)
+            .map((line) => JSON.parse(line));
+    }
+    const parsed = JSON.parse(text);
+    return Array.isArray(parsed) ? parsed : [parsed];
+}
+export async function readLatestLoopRecordFromFile(file) {
+    const records = await readLoopRecordsFromFile(file);
+    if (records.length === 0)
+        return null;
+    return records.reduce((latest, record) => {
+        const currentTimestamp = new Date(record.updatedAt ?? record.createdAt).getTime();
+        const latestTimestamp = new Date(latest.updatedAt ?? latest.createdAt).getTime();
+        return currentTimestamp > latestTimestamp ? record : latest;
+    }, records[0]);
+}
+/**
+ * Reads all loop records from the given directory (default: ~/.martin/runs/).
+ * Returns an empty array if the directory doesn't exist or has no records.
+ */
+export async function readAllLoopRecords(runsDir) {
+    const dir = runsDir ?? join(homedir(), ".martin", "runs");
+    let entries;
+    try {
+        entries = await readdir(dir, { withFileTypes: true });
+    }
+    catch {
+        return [];
+    }
+    const records = [];
+    const jsonlFiles = entries
+        .filter((entry) => entry.isFile() && entry.name.endsWith(".jsonl"))
+        .map((entry) => entry.name);
+    for (const file of jsonlFiles) {
+        try {
+            records.push(...(await readLoopRecordsFromFile(join(dir, file))));
+        }
+        catch {
+            // skip malformed files or lines
+        }
+    }
+    const runDirectories = entries.filter((entry) => entry.isDirectory());
+    for (const entry of runDirectories) {
+        try {
+            records.push(...(await readLoopRecordsFromFile(join(dir, entry.name, "loop-record.json"))));
+        }
+        catch {
+            // skip missing or malformed canonical records
+        }
+    }
+    return records;
+}
+/**
+ * Returns the most recently updated loop record, or null if none exist.
+ */
+export async function readLatestLoopRecord(runsDir) {
+    const records = await readAllLoopRecords(runsDir);
+    if (records.length === 0)
+        return null;
+    return records.reduce((latest, r) => {
+        const a = new Date(r.updatedAt ?? r.createdAt).getTime();
+        const b = new Date(latest.updatedAt ?? latest.createdAt).getTime();
+        return a > b ? r : latest;
+    }, records[0]);
+}
+//# sourceMappingURL=runs-reader.js.map

package/dist/vendor/core/persistence/store.d.ts

@@ -1,4 +1,4 @@
-import type { LoopBudget, LoopTask, MachineState } from "../../contracts/index.js";
+import type { LoopBudget, LoopRecord, LoopTask, MachineState } from "../../contracts/index.js";
 import { type LedgerEvent } from "./ledger.js";
 export interface RunContract {
     runId: string;
@@ -53,6 +53,11 @@ export interface RunStore {
      * Write artifacts for a completed attempt to artifacts/attempt-<n>/.
      */
     writeAttemptArtifacts(runId: string, attemptIndex: number, artifacts: AttemptArtifacts): Promise<void>;
+    /**
+     * Persist the latest canonical loop record snapshot when the caller has one.
+     * Optional to avoid breaking custom RunStore implementations.
+     */
+    writeLoopRecord?(runId: string, loop: LoopRecord): Promise<void>;
 }
 export declare function resolveRunsRoot(env?: NodeJS.ProcessEnv): string;
 export declare function runDir(runsRoot: string, runId: string): string;

package/dist/vendor/core/persistence/store.js

@@ -74,6 +74,11 @@ export function createFileRunStore(options = {}) {
             if (artifacts.rollbackOutcome !== undefined) {
                 await writeJsonFile(join(dir, "rollback-outcome.json"), artifacts.rollbackOutcome);
             }
+        },
+        async writeLoopRecord(runId, loop) {
+            const dir = runDir(runsRoot, runId);
+            await mkdir(dir, { recursive: true });
+            await writeJsonFile(join(dir, "loop-record.json"), loop);
         }
     };
 }

package/dist/vendor/core/policy/file-touch-quota.d.ts

@@ -0,0 +1,60 @@
+/**
+ * file-touch-quota.ts — SLICE-07
+ *
+ * File-touch quota per attempt.
+ *
+ * A single attempt is bounded in how many files it may modify. The quota is
+ * derived from the objective complexity heuristic unless an explicit override
+ * is provided in the policy.
+ *
+ * Enforcement happens at the patch-application layer (AFTER diff generation,
+ * BEFORE any file is written) — not at the prompt layer.
+ */
+export interface FileTouchQuotaResult {
+    /** Whether the patch is allowed to proceed. */
+    allowed: boolean;
+    /** Number of files the patch touched. */
+    touchedCount: number;
+    /** The active quota limit. */
+    quota: number;
+    /** Populated when allowed:false. */
+    reasonCode?: "file_touch_quota_exceeded";
+    /** Human-readable explanation. */
+    reason?: string;
+    /** true when quota was exceeded but an explicit override allowed it anyway. */
+    overridden?: boolean;
+}
+export interface ResolveFileTouchQuotaInput {
+    objective: string;
+    /** When set, ignores the heuristic and uses this value directly. */
+    explicitOverride?: number;
+}
+export interface CheckFileTouchQuotaInput {
+    /** List of file paths touched by the patch (deduped). */
+    touchedFiles: string[];
+    /** The resolved quota for this attempt. */
+    quota: number;
+    /** When true, quota enforcement is bypassed (override path). */
+    override?: boolean;
+}
+/**
+ * Resolves the file-touch quota for an attempt.
+ *
+ * Default heuristics:
+ *   - explicit override → that value
+ *   - objective contains multi-file keywords → 10
+ *   - otherwise → 3
+ */
+export declare function resolveFileTouchQuota(input: ResolveFileTouchQuotaInput): number;
+/**
+ * Checks whether a patch's file touch count is within the quota.
+ *
+ * Returns allowed:true when within quota OR when override:true.
+ * Returns allowed:false with reasonCode "file_touch_quota_exceeded" otherwise.
+ */
+export declare function checkFileTouchQuota(input: CheckFileTouchQuotaInput): FileTouchQuotaResult;
+/**
+ * Extracts a deduplicated list of b-side file paths from a unified diff.
+ * Only parses the `diff --git` header lines for efficiency.
+ */
+export declare function parseTouchedFilesFromDiff(diff: string): string[];

package/dist/vendor/core/policy/file-touch-quota.js

@@ -0,0 +1,105 @@
+/**
+ * file-touch-quota.ts — SLICE-07
+ *
+ * File-touch quota per attempt.
+ *
+ * A single attempt is bounded in how many files it may modify. The quota is
+ * derived from the objective complexity heuristic unless an explicit override
+ * is provided in the policy.
+ *
+ * Enforcement happens at the patch-application layer (AFTER diff generation,
+ * BEFORE any file is written) — not at the prompt layer.
+ */
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/**
+ * Resolves the file-touch quota for an attempt.
+ *
+ * Default heuristics:
+ *   - explicit override → that value
+ *   - objective contains multi-file keywords → 10
+ *   - otherwise → 3
+ */
+export function resolveFileTouchQuota(input) {
+    if (input.explicitOverride !== undefined && input.explicitOverride > 0) {
+        return input.explicitOverride;
+    }
+    const lower = input.objective.toLowerCase();
+    const MULTI_FILE_KEYWORDS = [
+        "all",
+        "across",
+        "refactor",
+        "migration",
+        "migrate",
+        "rename",
+        "move",
+        "reorganize",
+        "restructure",
+        "every",
+        "each",
+        "bulk",
+        "batch",
+        "update all",
+        "fix all"
+    ];
+    const isMultiFile = MULTI_FILE_KEYWORDS.some((kw) => lower.includes(kw));
+    if (isMultiFile)
+        return 10;
+    // Short single-symbol objectives default to 3
+    return Math.max(1, 3);
+}
+/**
+ * Checks whether a patch's file touch count is within the quota.
+ *
+ * Returns allowed:true when within quota OR when override:true.
+ * Returns allowed:false with reasonCode "file_touch_quota_exceeded" otherwise.
+ */
+export function checkFileTouchQuota(input) {
+    const touchedCount = input.touchedFiles.length;
+    const withinQuota = touchedCount <= input.quota;
+    if (withinQuota) {
+        return {
+            allowed: true,
+            touchedCount,
+            quota: input.quota
+        };
+    }
+    if (input.override) {
+        return {
+            allowed: true,
+            touchedCount,
+            quota: input.quota,
+            overridden: true,
+            reason: `File touch quota (${input.quota}) exceeded by ${touchedCount} files — ` +
+                `allowed via explicit override`
+        };
+    }
+    return {
+        allowed: false,
+        touchedCount,
+        quota: input.quota,
+        reasonCode: "file_touch_quota_exceeded",
+        reason: `Patch touches ${touchedCount} files but the quota for this attempt is ${input.quota}. ` +
+            `Set fileTouchQuota in the policy file or pass --override-file-quota to bypass.`
+    };
+}
+// ---------------------------------------------------------------------------
+// Diff parser
+// ---------------------------------------------------------------------------
+/**
+ * Extracts a deduplicated list of b-side file paths from a unified diff.
+ * Only parses the `diff --git` header lines for efficiency.
+ */
+export function parseTouchedFilesFromDiff(diff) {
+    const seen = new Set();
+    for (const line of diff.split("\n")) {
+        // Match: diff --git a/<path> b/<path>
+        const match = line.match(/^diff --git a\/.+? b\/(.+)$/u);
+        if (match?.[1]) {
+            seen.add(match[1]);
+        }
+    }
+    return [...seen];
+}
+//# sourceMappingURL=file-touch-quota.js.map

package/dist/vendor/core/policy/policy-loader.d.ts

@@ -0,0 +1,30 @@
+/**
+ * policy-loader.ts — SLICE-15
+ *
+ * Loads and merges policy files in order:
+ *   built-in defaults → home dir → repo root → CLI flag overrides
+ *
+ * Supports .json and a simple subset of .yaml (scalar values only).
+ * No external deps — uses only node:fs and node:path.
+ */
+import { type PolicyFile, type ResolvedPolicy } from "./policy-schema.js";
+export declare function parseSimpleYaml(src: string): Record<string, unknown>;
+export declare function findPolicyFile(dir: string): string | null;
+export declare function loadPolicyFile(filePath: string): {
+    policy: PolicyFile;
+    errors: string[];
+};
+export interface PolicyLoadOptions {
+    /** Repo root directory. Defaults to process.cwd(). */
+    cwd?: string;
+    /** Home directory. Defaults to process.env.HOME / USERPROFILE. */
+    homeDir?: string;
+    /** CLI flag overrides — these always win. */
+    cliOverrides?: PolicyFile;
+}
+export interface PolicyLoadResult {
+    resolved: ResolvedPolicy;
+    sources: string[];
+    errors: string[];
+}
+export declare function loadPolicy(options?: PolicyLoadOptions): PolicyLoadResult;

package/dist/vendor/core/policy/policy-loader.js

@@ -0,0 +1,170 @@
+/**
+ * policy-loader.ts — SLICE-15
+ *
+ * Loads and merges policy files in order:
+ *   built-in defaults → home dir → repo root → CLI flag overrides
+ *
+ * Supports .json and a simple subset of .yaml (scalar values only).
+ * No external deps — uses only node:fs and node:path.
+ */
+import { readFileSync, existsSync } from "node:fs";
+import { join, resolve } from "node:path";
+import { BUILTIN_DEFAULTS, mergePolicies, validatePolicyFile } from "./policy-schema.js";
+// ---------------------------------------------------------------------------
+// Simple YAML parser (scalar values only — handles martin.policy.yaml)
+// ---------------------------------------------------------------------------
+export function parseSimpleYaml(src) {
+    const result = {};
+    let currentKey = null;
+    let currentObj = null;
+    for (const rawLine of src.split("\n")) {
+        const line = rawLine.split("#")[0] ?? ""; // strip comments
+        if (!line.trim())
+            continue;
+        // Detect indented key-value (nested object)
+        const nestedMatch = line.match(/^  (\w[\w.]*)\s*:\s*(.*)$/);
+        const topMatch = line.match(/^(\w[\w.]*)\s*:\s*(.*)$/);
+        if (nestedMatch && currentKey) {
+            const nestedKey = nestedMatch[1];
+            if (!nestedKey)
+                continue;
+            if (!currentObj) {
+                currentObj = {};
+                result[currentKey] = currentObj;
+            }
+            const val = parseYamlValue((nestedMatch[2] ?? "").trim());
+            if (val !== undefined)
+                currentObj[nestedKey] = val;
+            continue;
+        }
+        if (topMatch) {
+            const key = topMatch[1];
+            const rest = topMatch[2] ?? "";
+            if (!key)
+                continue;
+            const trimmed = rest.trim();
+            if (trimmed === "" || trimmed === "|" || trimmed === ">") {
+                // Nested block follows
+                currentKey = key;
+                currentObj = null;
+            }
+            else if (trimmed.startsWith("-")) {
+                // Array shorthand on same line — not supported; reset
+                currentKey = key;
+                currentObj = null;
+                result[key] = [];
+            }
+            else {
+                currentKey = key;
+                currentObj = null;
+                const val = parseYamlValue(trimmed);
+                if (val !== undefined)
+                    result[key] = val;
+            }
+            continue;
+        }
+        // Array item
+        const arrMatch = line.match(/^  -\s+(.+)$/);
+        if (arrMatch && currentKey) {
+            if (!Array.isArray(result[currentKey]))
+                result[currentKey] = [];
+            result[currentKey].push(parseYamlValue((arrMatch[1] ?? "").trim()));
+        }
+    }
+    return result;
+}
+function parseYamlValue(s) {
+    if (s === "true")
+        return true;
+    if (s === "false")
+        return false;
+    if (s === "null" || s === "~")
+        return null;
+    if (/^-?\d+(\.\d+)?$/.test(s))
+        return Number(s);
+    // Strip surrounding quotes
+    if ((s.startsWith('"') && s.endsWith('"')) || (s.startsWith("'") && s.endsWith("'"))) {
+        return s.slice(1, -1);
+    }
+    if (s.startsWith("$ENV{") && s.endsWith("}")) {
+        return process.env[s.slice(5, -1)] ?? "";
+    }
+    return s;
+}
+// ---------------------------------------------------------------------------
+// File loader
+// ---------------------------------------------------------------------------
+const POLICY_FILENAMES = ["martin.policy.json", "martin.policy.yaml", "martin.policy.yml"];
+export function findPolicyFile(dir) {
+    for (const name of POLICY_FILENAMES) {
+        const p = join(dir, name);
+        if (existsSync(p))
+            return p;
+    }
+    return null;
+}
+export function loadPolicyFile(filePath) {
+    const src = readFileSync(filePath, "utf-8");
+    let raw;
+    if (filePath.endsWith(".json")) {
+        try {
+            raw = JSON.parse(src);
+        }
+        catch (e) {
+            return { policy: {}, errors: [`JSON parse error: ${String(e)}`] };
+        }
+    }
+    else {
+        raw = parseSimpleYaml(src);
+    }
+    const errors = validatePolicyFile(raw);
+    return { policy: errors.length ? {} : raw, errors };
+}
+export function loadPolicy(options) {
+    const cwd = options?.cwd ?? process.cwd();
+    const home = options?.homeDir ?? (process.env.HOME ?? process.env.USERPROFILE ?? "");
+    let resolved = { ...BUILTIN_DEFAULTS };
+    const sources = ["built-in defaults"];
+    const errors = [];
+    // Layer 1: home dir
+    if (home) {
+        const homeFile = findPolicyFile(home);
+        if (homeFile) {
+            const { policy, errors: errs } = loadPolicyFile(homeFile);
+            if (errs.length)
+                errors.push(...errs.map(e => `${homeFile}: ${e}`));
+            else {
+                resolved = mergePolicies(resolved, policy);
+                sources.push(homeFile);
+            }
+        }
+    }
+    // Layer 2: repo root (walk up from cwd until we find a policy file or hit root)
+    let dir = resolve(cwd);
+    let walked = 0;
+    while (walked < 10) {
+        const found = findPolicyFile(dir);
+        if (found) {
+            const { policy, errors: errs } = loadPolicyFile(found);
+            if (errs.length)
+                errors.push(...errs.map(e => `${found}: ${e}`));
+            else {
+                resolved = mergePolicies(resolved, policy);
+                sources.push(found);
+            }
+            break;
+        }
+        const parent = resolve(dir, "..");
+        if (parent === dir)
+            break;
+        dir = parent;
+        walked++;
+    }
+    // Layer 3: CLI flag overrides
+    if (options?.cliOverrides) {
+        resolved = mergePolicies(resolved, options.cliOverrides);
+        sources.push("CLI flags");
+    }
+    return { resolved, sources, errors };
+}
+//# sourceMappingURL=policy-loader.js.map