npm - palaryn - Versions diffs - 0.1.0 → 0.3.2 - Mend

palaryn 0.1.0 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (344) hide show

package/README.md +243 -588
package/dist/sdk/typescript/src/client.js +2 -2
package/dist/sdk/typescript/src/client.js.map +1 -1
package/dist/src/anomaly/detector.d.ts +7 -4
package/dist/src/anomaly/detector.d.ts.map +1 -1
package/dist/src/anomaly/detector.js +22 -12
package/dist/src/anomaly/detector.js.map +1 -1
package/dist/src/audit/logger.d.ts +10 -0
package/dist/src/audit/logger.d.ts.map +1 -1
package/dist/src/audit/logger.js +52 -38
package/dist/src/audit/logger.js.map +1 -1
package/dist/src/auth/routes.d.ts.map +1 -1
package/dist/src/auth/routes.js +35 -0
package/dist/src/auth/routes.js.map +1 -1
package/dist/src/budget/manager.d.ts +5 -0
package/dist/src/budget/manager.d.ts.map +1 -1
package/dist/src/budget/manager.js +32 -0
package/dist/src/budget/manager.js.map +1 -1
package/dist/src/budget/model-pricing.d.ts +20 -0
package/dist/src/budget/model-pricing.d.ts.map +1 -0
package/dist/src/budget/model-pricing.js +107 -0
package/dist/src/budget/model-pricing.js.map +1 -0
package/dist/src/budget/usage-extractor.d.ts +3 -1
package/dist/src/budget/usage-extractor.d.ts.map +1 -1
package/dist/src/budget/usage-extractor.js +47 -3
package/dist/src/budget/usage-extractor.js.map +1 -1
package/dist/src/config/defaults.d.ts.map +1 -1
package/dist/src/config/defaults.js +65 -13
package/dist/src/config/defaults.js.map +1 -1
package/dist/src/dlp/tool-patterns.d.ts +7 -0
package/dist/src/dlp/tool-patterns.d.ts.map +1 -0
package/dist/src/dlp/tool-patterns.js +34 -0
package/dist/src/dlp/tool-patterns.js.map +1 -0
package/dist/src/executor/filesystem-executor.d.ts +28 -0
package/dist/src/executor/filesystem-executor.d.ts.map +1 -0
package/dist/src/executor/filesystem-executor.js +192 -0
package/dist/src/executor/filesystem-executor.js.map +1 -0
package/dist/src/executor/http-executor.d.ts.map +1 -1
package/dist/src/executor/http-executor.js +22 -2
package/dist/src/executor/http-executor.js.map +1 -1
package/dist/src/executor/index.d.ts +4 -0
package/dist/src/executor/index.d.ts.map +1 -1
package/dist/src/executor/index.js +9 -1
package/dist/src/executor/index.js.map +1 -1
package/dist/src/executor/shell-executor.d.ts +22 -0
package/dist/src/executor/shell-executor.d.ts.map +1 -0
package/dist/src/executor/shell-executor.js +119 -0
package/dist/src/executor/shell-executor.js.map +1 -0
package/dist/src/executor/sql-executor.d.ts +29 -0
package/dist/src/executor/sql-executor.d.ts.map +1 -0
package/dist/src/executor/sql-executor.js +114 -0
package/dist/src/executor/sql-executor.js.map +1 -0
package/dist/src/executor/websocket-executor.d.ts +26 -0
package/dist/src/executor/websocket-executor.d.ts.map +1 -0
package/dist/src/executor/websocket-executor.js +205 -0
package/dist/src/executor/websocket-executor.js.map +1 -0
package/dist/src/interceptor/index.d.ts +2 -0
package/dist/src/interceptor/index.d.ts.map +1 -0
package/dist/src/interceptor/index.js +6 -0
package/dist/src/interceptor/index.js.map +1 -0
package/dist/src/interceptor/provider-interceptor.d.ts +36 -0
package/dist/src/interceptor/provider-interceptor.d.ts.map +1 -0
package/dist/src/interceptor/provider-interceptor.js +302 -0
package/dist/src/interceptor/provider-interceptor.js.map +1 -0
package/dist/src/mcp/auth-verifier.d.ts.map +1 -1
package/dist/src/mcp/auth-verifier.js +3 -2
package/dist/src/mcp/auth-verifier.js.map +1 -1
package/dist/src/mcp/bridge.d.ts +14 -10
package/dist/src/mcp/bridge.d.ts.map +1 -1
package/dist/src/mcp/bridge.js +51 -227
package/dist/src/mcp/bridge.js.map +1 -1
package/dist/src/mcp/http-transport.d.ts +2 -0
package/dist/src/mcp/http-transport.d.ts.map +1 -1
package/dist/src/mcp/http-transport.js +117 -66
package/dist/src/mcp/http-transport.js.map +1 -1
package/dist/src/mcp/internal-auth.d.ts +13 -0
package/dist/src/mcp/internal-auth.d.ts.map +1 -0
package/dist/src/mcp/internal-auth.js +12 -0
package/dist/src/mcp/internal-auth.js.map +1 -0
package/dist/src/mcp/tool-definitions.d.ts +41 -0
package/dist/src/mcp/tool-definitions.d.ts.map +1 -0
package/dist/src/mcp/tool-definitions.js +491 -0
package/dist/src/mcp/tool-definitions.js.map +1 -0
package/dist/src/middleware/auth.js.map +1 -1
package/dist/src/middleware/session.js.map +1 -1
package/dist/src/middleware/validate.d.ts +8 -0
package/dist/src/middleware/validate.d.ts.map +1 -1
package/dist/src/middleware/validate.js +45 -0
package/dist/src/middleware/validate.js.map +1 -1
package/dist/src/policy/engine.d.ts +4 -0
package/dist/src/policy/engine.d.ts.map +1 -1
package/dist/src/policy/engine.js +117 -0
package/dist/src/policy/engine.js.map +1 -1
package/dist/src/saas/routes.d.ts.map +1 -1
package/dist/src/saas/routes.js +355 -22
package/dist/src/saas/routes.js.map +1 -1
package/dist/src/server/app.d.ts.map +1 -1
package/dist/src/server/app.js +24 -3
package/dist/src/server/app.js.map +1 -1
package/dist/src/server/gateway.d.ts.map +1 -1
package/dist/src/server/gateway.js +17 -0
package/dist/src/server/gateway.js.map +1 -1
package/dist/src/server/index.d.ts.map +1 -1
package/dist/src/server/index.js +18 -0
package/dist/src/server/index.js.map +1 -1
package/dist/src/storage/interfaces.d.ts +14 -3
package/dist/src/storage/interfaces.d.ts.map +1 -1
package/dist/src/storage/memory.d.ts +2 -0
package/dist/src/storage/memory.d.ts.map +1 -1
package/dist/src/storage/memory.js +6 -0
package/dist/src/storage/memory.js.map +1 -1
package/dist/src/storage/postgres.d.ts +5 -0
package/dist/src/storage/postgres.d.ts.map +1 -1
package/dist/src/storage/postgres.js +16 -0
package/dist/src/storage/postgres.js.map +1 -1
package/dist/src/storage/redis.d.ts +10 -0
package/dist/src/storage/redis.d.ts.map +1 -1
package/dist/src/storage/redis.js +65 -0
package/dist/src/storage/redis.js.map +1 -1
package/dist/src/types/budget.d.ts +4 -0
package/dist/src/types/budget.d.ts.map +1 -1
package/dist/src/types/config.d.ts +58 -0
package/dist/src/types/config.d.ts.map +1 -1
package/dist/src/types/events.d.ts +1 -0
package/dist/src/types/events.d.ts.map +1 -1
package/dist/src/types/policy.d.ts +11 -1
package/dist/src/types/policy.d.ts.map +1 -1
package/dist/src/types/tool-result.d.ts +11 -0
package/dist/src/types/tool-result.d.ts.map +1 -1
package/dist/tests/unit/app-routes.test.d.ts +2 -0
package/dist/tests/unit/app-routes.test.d.ts.map +1 -0
package/dist/tests/unit/app-routes.test.js +715 -0
package/dist/tests/unit/app-routes.test.js.map +1 -0
package/dist/tests/unit/audit-logger.test.js +105 -0
package/dist/tests/unit/audit-logger.test.js.map +1 -1
package/dist/tests/unit/auth-providers.test.d.ts +2 -0
package/dist/tests/unit/auth-providers.test.d.ts.map +1 -0
package/dist/tests/unit/auth-providers.test.js +279 -0
package/dist/tests/unit/auth-providers.test.js.map +1 -0
package/dist/tests/unit/auth-routes-extended.test.d.ts +2 -0
package/dist/tests/unit/auth-routes-extended.test.d.ts.map +1 -0
package/dist/tests/unit/auth-routes-extended.test.js +993 -0
package/dist/tests/unit/auth-routes-extended.test.js.map +1 -0
package/dist/tests/unit/auth-verifier.test.d.ts +2 -0
package/dist/tests/unit/auth-verifier.test.d.ts.map +1 -0
package/dist/tests/unit/auth-verifier.test.js +505 -0
package/dist/tests/unit/auth-verifier.test.js.map +1 -0
package/dist/tests/unit/billing-routes.test.d.ts +2 -0
package/dist/tests/unit/billing-routes.test.d.ts.map +1 -0
package/dist/tests/unit/billing-routes.test.js +432 -0
package/dist/tests/unit/billing-routes.test.js.map +1 -0
package/dist/tests/unit/config-defaults.test.d.ts +2 -0
package/dist/tests/unit/config-defaults.test.d.ts.map +1 -0
package/dist/tests/unit/config-defaults.test.js +119 -0
package/dist/tests/unit/config-defaults.test.js.map +1 -0
package/dist/tests/unit/defaults.test.js +0 -10
package/dist/tests/unit/defaults.test.js.map +1 -1
package/dist/tests/unit/filesystem-executor.test.d.ts +2 -0
package/dist/tests/unit/filesystem-executor.test.d.ts.map +1 -0
package/dist/tests/unit/filesystem-executor.test.js +280 -0
package/dist/tests/unit/filesystem-executor.test.js.map +1 -0
package/dist/tests/unit/gateway-branches.test.d.ts +2 -0
package/dist/tests/unit/gateway-branches.test.d.ts.map +1 -0
package/dist/tests/unit/gateway-branches.test.js +1039 -0
package/dist/tests/unit/gateway-branches.test.js.map +1 -0
package/dist/tests/unit/http-executor-branches.test.d.ts +2 -0
package/dist/tests/unit/http-executor-branches.test.d.ts.map +1 -0
package/dist/tests/unit/http-executor-branches.test.js +495 -0
package/dist/tests/unit/http-executor-branches.test.js.map +1 -0
package/dist/tests/unit/logger.test.d.ts +2 -0
package/dist/tests/unit/logger.test.d.ts.map +1 -0
package/dist/tests/unit/logger.test.js +97 -0
package/dist/tests/unit/logger.test.js.map +1 -0
package/dist/tests/unit/mcp-internal-auth.test.d.ts +2 -0
package/dist/tests/unit/mcp-internal-auth.test.d.ts.map +1 -0
package/dist/tests/unit/mcp-internal-auth.test.js +445 -0
package/dist/tests/unit/mcp-internal-auth.test.js.map +1 -0
package/dist/tests/unit/metrics.test.js +102 -0
package/dist/tests/unit/metrics.test.js.map +1 -1
package/dist/tests/unit/model-pricing.test.d.ts +2 -0
package/dist/tests/unit/model-pricing.test.d.ts.map +1 -0
package/dist/tests/unit/model-pricing.test.js +87 -0
package/dist/tests/unit/model-pricing.test.js.map +1 -0
package/dist/tests/unit/oauth-stores.test.d.ts +2 -0
package/dist/tests/unit/oauth-stores.test.d.ts.map +1 -0
package/dist/tests/unit/oauth-stores.test.js +260 -0
package/dist/tests/unit/oauth-stores.test.js.map +1 -0
package/dist/tests/unit/policy-engine.test.js +466 -0
package/dist/tests/unit/policy-engine.test.js.map +1 -1
package/dist/tests/unit/provider-interceptor.test.d.ts +2 -0
package/dist/tests/unit/provider-interceptor.test.d.ts.map +1 -0
package/dist/tests/unit/provider-interceptor.test.js +472 -0
package/dist/tests/unit/provider-interceptor.test.js.map +1 -0
package/dist/tests/unit/saas-routes-branches.test.d.ts +2 -0
package/dist/tests/unit/saas-routes-branches.test.d.ts.map +1 -0
package/dist/tests/unit/saas-routes-branches.test.js +2165 -0
package/dist/tests/unit/saas-routes-branches.test.js.map +1 -0
package/dist/tests/unit/saas-routes-crud.test.d.ts +2 -0
package/dist/tests/unit/saas-routes-crud.test.d.ts.map +1 -0
package/dist/tests/unit/saas-routes-crud.test.js +332 -0
package/dist/tests/unit/saas-routes-crud.test.js.map +1 -0
package/dist/tests/unit/saas-routes-data.test.d.ts +2 -0
package/dist/tests/unit/saas-routes-data.test.d.ts.map +1 -0
package/dist/tests/unit/saas-routes-data.test.js +405 -0
package/dist/tests/unit/saas-routes-data.test.js.map +1 -0
package/dist/tests/unit/saas-routes.test.js +3 -3
package/dist/tests/unit/saas-routes.test.js.map +1 -1
package/dist/tests/unit/shell-executor.test.d.ts +2 -0
package/dist/tests/unit/shell-executor.test.d.ts.map +1 -0
package/dist/tests/unit/shell-executor.test.js +145 -0
package/dist/tests/unit/shell-executor.test.js.map +1 -0
package/dist/tests/unit/sql-executor.test.d.ts +2 -0
package/dist/tests/unit/sql-executor.test.d.ts.map +1 -0
package/dist/tests/unit/sql-executor.test.js +177 -0
package/dist/tests/unit/sql-executor.test.js.map +1 -0
package/dist/tests/unit/stream-proxy.test.d.ts +2 -0
package/dist/tests/unit/stream-proxy.test.d.ts.map +1 -0
package/dist/tests/unit/stream-proxy.test.js +147 -0
package/dist/tests/unit/stream-proxy.test.js.map +1 -0
package/dist/tests/unit/tool-definitions.test.d.ts +2 -0
package/dist/tests/unit/tool-definitions.test.d.ts.map +1 -0
package/dist/tests/unit/tool-definitions.test.js +184 -0
package/dist/tests/unit/tool-definitions.test.js.map +1 -0
package/dist/tests/unit/usage-extractor.test.js +140 -0
package/dist/tests/unit/usage-extractor.test.js.map +1 -1
package/dist/tests/unit/webhook-handler.test.d.ts +2 -0
package/dist/tests/unit/webhook-handler.test.d.ts.map +1 -0
package/dist/tests/unit/webhook-handler.test.js +453 -0
package/dist/tests/unit/webhook-handler.test.js.map +1 -0
package/dist/tests/unit/webhook-routes.test.d.ts +2 -0
package/dist/tests/unit/webhook-routes.test.d.ts.map +1 -0
package/dist/tests/unit/webhook-routes.test.js +69 -0
package/dist/tests/unit/webhook-routes.test.js.map +1 -0
package/dist/tests/unit/websocket-executor.test.d.ts +2 -0
package/dist/tests/unit/websocket-executor.test.d.ts.map +1 -0
package/dist/tests/unit/websocket-executor.test.js +121 -0
package/dist/tests/unit/websocket-executor.test.js.map +1 -0
package/package.json +8 -2
package/policy-packs/demo_fail.yaml +41 -0
package/policy-packs/full_tools.yaml +136 -0
package/src/admin/index.ts +1 -0
package/src/admin/routes.ts +509 -0
package/src/admin/templates.ts +572 -0
package/src/anomaly/detector.ts +730 -0
package/src/anomaly/index.ts +1 -0
package/src/approval/manager.ts +569 -0
package/src/approval/webhook.ts +133 -0
package/src/audit/logger.ts +490 -0
package/src/auth/index.ts +5 -0
package/src/auth/password.ts +21 -0
package/src/auth/pkce.ts +22 -0
package/src/auth/providers.ts +208 -0
package/src/auth/routes.ts +561 -0
package/src/auth/session.ts +84 -0
package/src/billing/index.ts +6 -0
package/src/billing/plan-enforcer.ts +135 -0
package/src/billing/routes.ts +229 -0
package/src/billing/stripe-client.ts +58 -0
package/src/billing/webhook-handler.ts +182 -0
package/src/billing/webhook-routes.ts +28 -0
package/src/budget/manager.ts +679 -0
package/src/budget/model-pricing.ts +119 -0
package/src/budget/usage-extractor.ts +214 -0
package/src/cli.ts +91 -0
package/src/config/defaults.ts +261 -0
package/src/config/validate.ts +88 -0
package/src/dlp/composite-scanner.ts +213 -0
package/src/dlp/index.ts +9 -0
package/src/dlp/interfaces.ts +34 -0
package/src/dlp/patterns.ts +30 -0
package/src/dlp/prompt-injection-backend.ts +181 -0
package/src/dlp/prompt-injection-patterns.ts +302 -0
package/src/dlp/regex-backend.ts +181 -0
package/src/dlp/scanner.ts +502 -0
package/src/dlp/text-normalizer.ts +225 -0
package/src/dlp/tool-patterns.ts +35 -0
package/src/dlp/trufflehog-backend.ts +190 -0
package/src/executor/filesystem-executor.ts +196 -0
package/src/executor/http-executor.ts +349 -0
package/src/executor/index.ts +9 -0
package/src/executor/interfaces.ts +11 -0
package/src/executor/noop-executor.ts +23 -0
package/src/executor/registry.ts +64 -0
package/src/executor/shell-executor.ts +148 -0
package/src/executor/slack-executor.ts +176 -0
package/src/executor/sql-executor.ts +146 -0
package/src/executor/websocket-executor.ts +211 -0
package/src/index.ts +24 -0
package/src/interceptor/index.ts +1 -0
package/src/interceptor/provider-interceptor.ts +315 -0
package/src/mcp/auth-verifier.ts +152 -0
package/src/mcp/bridge.ts +703 -0
package/src/mcp/http-transport.ts +698 -0
package/src/mcp/index.ts +9 -0
package/src/mcp/internal-auth.ts +14 -0
package/src/mcp/oauth-pages.ts +139 -0
package/src/mcp/oauth-postgres-stores.ts +278 -0
package/src/mcp/oauth-provider.ts +536 -0
package/src/mcp/oauth-stores.ts +202 -0
package/src/mcp/server.ts +55 -0
package/src/mcp/tool-definitions.ts +562 -0
package/src/metrics/collector.ts +357 -0
package/src/metrics/index.ts +1 -0
package/src/middleware/auth.ts +814 -0
package/src/middleware/session.ts +85 -0
package/src/middleware/validate.ts +130 -0
package/src/policy/engine.ts +815 -0
package/src/policy/index.ts +2 -0
package/src/policy/opa-engine.ts +829 -0
package/src/proxy/forward-proxy.ts +649 -0
package/src/proxy/index.ts +1 -0
package/src/ratelimit/limiter.ts +196 -0
package/src/replay/engine.ts +142 -0
package/src/replay/index.ts +1 -0
package/src/saas/index.ts +1 -0
package/src/saas/routes.ts +2178 -0
package/src/server/app.ts +985 -0
package/src/server/errors.ts +49 -0
package/src/server/gateway.ts +1130 -0
package/src/server/index.ts +307 -0
package/src/server/logger.ts +255 -0
package/src/server/stream-proxy.ts +202 -0
package/src/storage/file-persistence.ts +315 -0
package/src/storage/index.ts +4 -0
package/src/storage/interfaces.ts +287 -0
package/src/storage/memory.ts +686 -0
package/src/storage/postgres.ts +1831 -0
package/src/storage/redis.ts +835 -0
package/src/tracing/index.ts +1 -0
package/src/tracing/provider.ts +100 -0
package/src/trust/calculator.ts +141 -0
package/src/trust/index.ts +7 -0
package/src/types/budget.ts +36 -0
package/src/types/config.ts +278 -0
package/src/types/events.ts +41 -0
package/src/types/express.d.ts +14 -0
package/src/types/index.ts +7 -0
package/src/types/policy.ts +83 -0
package/src/types/stripe-config.ts +11 -0
package/src/types/subscription.ts +59 -0
package/src/types/tool-call.ts +47 -0
package/src/types/tool-result.ts +82 -0
package/src/types/user.ts +125 -0
package/tsconfig.json +24 -0

package/dist/tests/unit/policy-engine.test.js CHANGED Viewed

@@ -1341,5 +1341,471 @@ rules:
             expect(result.rule_name).toBe('__ssrf_protection');
         });
     });
+    // -----------------------------------------------------------------------
+    // New tool type conditions
+    // -----------------------------------------------------------------------
+    describe('New tool type conditions', () => {
+        /** Build a minimal valid ToolCall for testing new conditions. */
+        function makeToolCall(overrides = {}) {
+            return {
+                tool_call_id: 'tc_test',
+                task_id: 'task_test',
+                workspace_id: 'ws_test',
+                actor: { type: 'agent', id: 'agent_test' },
+                source: { platform: 'test' },
+                tool: { name: 'test.tool', capability: 'read' },
+                args: {},
+                ...overrides,
+            };
+        }
+        // --- file_paths ---
+        describe('file_paths', () => {
+            it('matches when file path matches glob pattern', () => {
+                const pack = {
+                    name: 'file_paths_test',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'deny-env-files',
+                            effect: 'DENY',
+                            priority: 1,
+                            conditions: { file_paths: ['*.env'] },
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack, 'ALLOW');
+                const tc = makeToolCall({ args: { path: '.env' } });
+                expect(engine.evaluate(tc).decision).toBe('deny');
+            });
+            it('does not match when file path does not match', () => {
+                const pack = {
+                    name: 'file_paths_no_match',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'deny-env-files',
+                            effect: 'DENY',
+                            priority: 1,
+                            conditions: { file_paths: ['*.env'] },
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack, 'ALLOW');
+                const tc = makeToolCall({ args: { path: 'readme.md' } });
+                expect(engine.evaluate(tc).decision).toBe('allow');
+            });
+            it('does not match when no path arg present', () => {
+                const pack = {
+                    name: 'file_paths_no_path',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'deny-env-files',
+                            effect: 'DENY',
+                            priority: 1,
+                            conditions: { file_paths: ['*.env'] },
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack, 'ALLOW');
+                const tc = makeToolCall({ args: {} });
+                expect(engine.evaluate(tc).decision).toBe('allow');
+            });
+        });
+        // --- file_paths_blocklist ---
+        describe('file_paths_blocklist', () => {
+            it('blocks when path matches blocklist pattern', () => {
+                const pack = {
+                    name: 'file_blocklist_test',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'allow-all-except-secrets',
+                            effect: 'ALLOW',
+                            priority: 1,
+                            conditions: { file_paths_blocklist: ['/etc/**'] },
+                        },
+                        {
+                            name: 'deny-all',
+                            effect: 'DENY',
+                            priority: 100,
+                            conditions: {},
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack);
+                const tc = makeToolCall({ args: { path: '/etc/passwd' } });
+                // The ALLOW rule won't match because file_paths_blocklist blocks it, so deny-all fires
+                expect(engine.evaluate(tc).decision).toBe('deny');
+            });
+            it('allows when path does not match blocklist', () => {
+                const pack = {
+                    name: 'file_blocklist_allow',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'allow-all-except-secrets',
+                            effect: 'ALLOW',
+                            priority: 1,
+                            conditions: { file_paths_blocklist: ['/etc/**'] },
+                        },
+                        {
+                            name: 'deny-all',
+                            effect: 'DENY',
+                            priority: 100,
+                            conditions: {},
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack);
+                const tc = makeToolCall({ args: { path: '/home/user/file.txt' } });
+                expect(engine.evaluate(tc).decision).toBe('allow');
+            });
+        });
+        // --- file_extensions ---
+        describe('file_extensions', () => {
+            it('matches when file extension is in list', () => {
+                const pack = {
+                    name: 'file_ext_test',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'deny-key-files',
+                            effect: 'DENY',
+                            priority: 1,
+                            conditions: { file_extensions: ['.key', '.pem'] },
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack, 'ALLOW');
+                const tc = makeToolCall({ args: { path: '/certs/server.key' } });
+                expect(engine.evaluate(tc).decision).toBe('deny');
+            });
+            it('does not match when extension not in list', () => {
+                const pack = {
+                    name: 'file_ext_no_match',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'deny-key-files',
+                            effect: 'DENY',
+                            priority: 1,
+                            conditions: { file_extensions: ['.key', '.pem'] },
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack, 'ALLOW');
+                const tc = makeToolCall({ args: { path: '/app/config.json' } });
+                expect(engine.evaluate(tc).decision).toBe('allow');
+            });
+        });
+        // --- sql_tables ---
+        describe('sql_tables', () => {
+            it('matches when query references matching table', () => {
+                const pack = {
+                    name: 'sql_tables_test',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'deny-users-table',
+                            effect: 'DENY',
+                            priority: 1,
+                            conditions: { sql_tables: ['users'] },
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack, 'ALLOW');
+                const tc = makeToolCall({ args: { query: 'SELECT * FROM users WHERE id = 1' } });
+                expect(engine.evaluate(tc).decision).toBe('deny');
+            });
+            it('does not match when table not found in query', () => {
+                const pack = {
+                    name: 'sql_tables_no_match',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'deny-users-table',
+                            effect: 'DENY',
+                            priority: 1,
+                            conditions: { sql_tables: ['users'] },
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack, 'ALLOW');
+                const tc = makeToolCall({ args: { query: 'SELECT * FROM orders WHERE id = 1' } });
+                expect(engine.evaluate(tc).decision).toBe('allow');
+            });
+        });
+        // --- sql_tables_blocklist ---
+        describe('sql_tables_blocklist', () => {
+            it('blocks when query references blocked table (FROM, JOIN, INTO, UPDATE)', () => {
+                const pack = {
+                    name: 'sql_blocklist_test',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'allow-except-secrets',
+                            effect: 'ALLOW',
+                            priority: 1,
+                            conditions: { sql_tables_blocklist: ['secrets'] },
+                        },
+                        {
+                            name: 'deny-all',
+                            effect: 'DENY',
+                            priority: 100,
+                            conditions: {},
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack);
+                // FROM
+                expect(engine.evaluate(makeToolCall({ args: { query: 'SELECT * FROM secrets' } })).decision).toBe('deny');
+                // JOIN
+                expect(engine.evaluate(makeToolCall({ args: { query: 'SELECT * FROM orders JOIN secrets ON 1=1' } })).decision).toBe('deny');
+                // INTO
+                expect(engine.evaluate(makeToolCall({ args: { query: 'INSERT INTO secrets VALUES (1)' } })).decision).toBe('deny');
+                // UPDATE
+                expect(engine.evaluate(makeToolCall({ args: { query: 'UPDATE secrets SET val = 1' } })).decision).toBe('deny');
+            });
+            it('allows when no blocked tables referenced', () => {
+                const pack = {
+                    name: 'sql_blocklist_allow',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'allow-except-secrets',
+                            effect: 'ALLOW',
+                            priority: 1,
+                            conditions: { sql_tables_blocklist: ['secrets'] },
+                        },
+                        {
+                            name: 'deny-all',
+                            effect: 'DENY',
+                            priority: 100,
+                            conditions: {},
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack);
+                const tc = makeToolCall({ args: { query: 'SELECT * FROM orders' } });
+                expect(engine.evaluate(tc).decision).toBe('allow');
+            });
+        });
+        // --- sql_statements ---
+        describe('sql_statements', () => {
+            it('matches SELECT statement', () => {
+                const pack = {
+                    name: 'sql_stmt_select',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'deny-selects',
+                            effect: 'DENY',
+                            priority: 1,
+                            conditions: { sql_statements: ['SELECT'] },
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack, 'ALLOW');
+                const tc = makeToolCall({ args: { query: 'SELECT * FROM users' } });
+                expect(engine.evaluate(tc).decision).toBe('deny');
+            });
+            it('matches INSERT statement', () => {
+                const pack = {
+                    name: 'sql_stmt_insert',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'deny-inserts',
+                            effect: 'DENY',
+                            priority: 1,
+                            conditions: { sql_statements: ['INSERT'] },
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack, 'ALLOW');
+                const tc = makeToolCall({ args: { query: 'INSERT INTO users VALUES (1)' } });
+                expect(engine.evaluate(tc).decision).toBe('deny');
+            });
+            it('does not match when statement type differs', () => {
+                const pack = {
+                    name: 'sql_stmt_no_match',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'deny-deletes',
+                            effect: 'DENY',
+                            priority: 1,
+                            conditions: { sql_statements: ['DELETE'] },
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack, 'ALLOW');
+                const tc = makeToolCall({ args: { query: 'SELECT * FROM users' } });
+                expect(engine.evaluate(tc).decision).toBe('allow');
+            });
+        });
+        // --- shell_commands ---
+        describe('shell_commands', () => {
+            it('matches when command is in allowed list', () => {
+                const pack = {
+                    name: 'shell_cmd_test',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'deny-rm',
+                            effect: 'DENY',
+                            priority: 1,
+                            conditions: { shell_commands: ['rm'] },
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack, 'ALLOW');
+                const tc = makeToolCall({ args: { command: 'rm' } });
+                expect(engine.evaluate(tc).decision).toBe('deny');
+            });
+            it('does not match when command not in list', () => {
+                const pack = {
+                    name: 'shell_cmd_no_match',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'deny-rm',
+                            effect: 'DENY',
+                            priority: 1,
+                            conditions: { shell_commands: ['rm'] },
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack, 'ALLOW');
+                const tc = makeToolCall({ args: { command: 'ls' } });
+                expect(engine.evaluate(tc).decision).toBe('allow');
+            });
+        });
+        // --- shell_commands_blocklist ---
+        describe('shell_commands_blocklist', () => {
+            it('blocks when command is in blocklist', () => {
+                const pack = {
+                    name: 'shell_blocklist_test',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'allow-except-rm',
+                            effect: 'ALLOW',
+                            priority: 1,
+                            conditions: { shell_commands_blocklist: ['rm', 'shutdown'] },
+                        },
+                        {
+                            name: 'deny-all',
+                            effect: 'DENY',
+                            priority: 100,
+                            conditions: {},
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack);
+                const tc = makeToolCall({ args: { command: 'rm' } });
+                // ALLOW rule won't match because blocklist fires, so deny-all fires
+                expect(engine.evaluate(tc).decision).toBe('deny');
+            });
+            it('allows when command not in blocklist', () => {
+                const pack = {
+                    name: 'shell_blocklist_allow',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'allow-except-rm',
+                            effect: 'ALLOW',
+                            priority: 1,
+                            conditions: { shell_commands_blocklist: ['rm', 'shutdown'] },
+                        },
+                        {
+                            name: 'deny-all',
+                            effect: 'DENY',
+                            priority: 100,
+                            conditions: {},
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack);
+                const tc = makeToolCall({ args: { command: 'ls' } });
+                expect(engine.evaluate(tc).decision).toBe('allow');
+            });
+        });
+        // --- providers ---
+        describe('providers', () => {
+            it('matches when provider arg matches', () => {
+                const pack = {
+                    name: 'providers_test',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'deny-openai',
+                            effect: 'DENY',
+                            priority: 1,
+                            conditions: { providers: ['openai'] },
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack, 'ALLOW');
+                const tc = makeToolCall({ args: { provider: 'openai' } });
+                expect(engine.evaluate(tc).decision).toBe('deny');
+            });
+            it('does not match when provider differs', () => {
+                const pack = {
+                    name: 'providers_no_match',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'deny-openai',
+                            effect: 'DENY',
+                            priority: 1,
+                            conditions: { providers: ['openai'] },
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack, 'ALLOW');
+                const tc = makeToolCall({ args: { provider: 'claude' } });
+                expect(engine.evaluate(tc).decision).toBe('allow');
+            });
+        });
+        // --- provider_tool_types ---
+        describe('provider_tool_types', () => {
+            it('matches when provider_tool_type arg matches', () => {
+                const pack = {
+                    name: 'provider_types_test',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'deny-computer-use',
+                            effect: 'DENY',
+                            priority: 1,
+                            conditions: { provider_tool_types: ['computer_use'] },
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack, 'ALLOW');
+                const tc = makeToolCall({ args: { provider_tool_type: 'computer_use' } });
+                expect(engine.evaluate(tc).decision).toBe('deny');
+            });
+            it('does not match when type differs', () => {
+                const pack = {
+                    name: 'provider_types_no_match',
+                    version: '1.0.0',
+                    rules: [
+                        {
+                            name: 'deny-computer-use',
+                            effect: 'DENY',
+                            priority: 1,
+                            conditions: { provider_tool_types: ['computer_use'] },
+                        },
+                    ],
+                };
+                const engine = engine_1.PolicyEngine.fromPack(pack, 'ALLOW');
+                const tc = makeToolCall({ args: { provider_tool_type: 'function' } });
+                expect(engine.evaluate(tc).decision).toBe('allow');
+            });
+        });
+    });
 });
 //# sourceMappingURL=policy-engine.test.js.map