palaryn 0.1.0

package/dist/src/policy/engine.js

@@ -0,0 +1,646 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PolicyEngine = void 0;
+const fs = __importStar(require("fs"));
+const net = __importStar(require("net"));
+const yaml = __importStar(require("js-yaml"));
+/**
+ * Check if a hostname resolves to a private/internal IP address or is a
+ * well-known loopback/link-local name. Used for SSRF protection.
+ */
+function isPrivateTarget(hostname) {
+    const lower = hostname.toLowerCase();
+    // Well-known private hostnames
+    if (lower === 'localhost' || lower === '0.0.0.0') {
+        return true;
+    }
+    // IPv6 loopback and link-local
+    if (lower === '::1' || lower === '[::1]') {
+        return true;
+    }
+    // Strip square brackets for IPv6 addresses
+    const bare = lower.startsWith('[') && lower.endsWith(']') ? lower.slice(1, -1) : lower;
+    // Check for IPv6 link-local (fe80::/10)
+    if (bare.startsWith('fe80:') || bare.startsWith('fe80%')) {
+        return true;
+    }
+    // Check for IPv6 multicast (ff00::/8)
+    if (bare.startsWith('ff')) {
+        const secondChar = bare.charAt(2);
+        if (secondChar === '0' || secondChar === ':') {
+            return true;
+        }
+        // ff02::1, ff0e::, etc. — any address starting with ff is multicast
+        if (/^ff[0-9a-f]{2}:/i.test(bare)) {
+            return true;
+        }
+    }
+    // Check for Teredo tunneling (2001:0000::/32)
+    // Teredo addresses start with 2001:0000: or 2001:0:
+    if (/^2001:0{0,4}:/i.test(bare)) {
+        return true;
+    }
+    // Check for 6to4 addresses (2002::/16)
+    if (bare.startsWith('2002:')) {
+        return true;
+    }
+    // Check for IPv6 unique local addresses (fc00::/7 — includes fd00::/8)
+    if (/^f[cd]/i.test(bare)) {
+        return true;
+    }
+    // IPv6 unspecified address (::) - equivalent to 0.0.0.0
+    if (bare === '::' || bare === '0:0:0:0:0:0:0:0' || bare === '0000:0000:0000:0000:0000:0000:0000:0000') {
+        return true;
+    }
+    // IPv6 documentation range (2001:db8::/32, RFC 3849)
+    if (/^2001:0?db8:/i.test(bare) || bare.startsWith('2001:db8:')) {
+        return true;
+    }
+    // IPv4-compatible IPv6 (deprecated ::x.x.x.x format)
+    const compatMatch = bare.match(/^::(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/);
+    if (compatMatch) {
+        return isPrivateTarget(compatMatch[1]);
+    }
+    // Check if it's an IPv4 address
+    if (net.isIPv4(bare)) {
+        const parts = bare.split('.').map(Number);
+        // 127.0.0.0/8
+        if (parts[0] === 127)
+            return true;
+        // 10.0.0.0/8
+        if (parts[0] === 10)
+            return true;
+        // 172.16.0.0/12
+        if (parts[0] === 172 && parts[1] >= 16 && parts[1] <= 31)
+            return true;
+        // 192.168.0.0/16
+        if (parts[0] === 192 && parts[1] === 168)
+            return true;
+        // 169.254.0.0/16 (link-local)
+        if (parts[0] === 169 && parts[1] === 254)
+            return true;
+        // 100.64.0.0/10 (CGNAT / shared address space)
+        if (parts[0] === 100 && parts[1] >= 64 && parts[1] <= 127)
+            return true;
+        // 0.0.0.0
+        if (parts[0] === 0 && parts[1] === 0 && parts[2] === 0 && parts[3] === 0)
+            return true;
+    }
+    // Check for IPv6 addresses (non-specific format — net.isIPv6)
+    if (net.isIPv6(bare)) {
+        // Catch mapped IPv4 in dotted-quad form: ::ffff:127.0.0.1
+        const mappedMatch = bare.match(/::ffff:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/i);
+        if (mappedMatch) {
+            return isPrivateTarget(mappedMatch[1]);
+        }
+        // Catch mapped IPv4 in hex form (as URL parsers normalize): ::ffff:7f00:1
+        const mappedHexMatch = bare.match(/^::ffff:([0-9a-f]{1,4}):([0-9a-f]{1,4})$/i);
+        if (mappedHexMatch) {
+            const hi = parseInt(mappedHexMatch[1], 16);
+            const lo = parseInt(mappedHexMatch[2], 16);
+            const ipv4 = `${(hi >> 8) & 0xff}.${hi & 0xff}.${(lo >> 8) & 0xff}.${lo & 0xff}`;
+            return isPrivateTarget(ipv4);
+        }
+    }
+    return false;
+}
+const VALID_EFFECTS = ['ALLOW', 'DENY', 'TRANSFORM', 'REQUIRE_APPROVAL'];
+class PolicyEngine {
+    constructor(packPath, defaultEffect = 'DENY') {
+        /** Compiled regex cache: pattern string -> RegExp */
+        this.regexCache = new Map();
+        this.packPath = packPath;
+        this.defaultEffect = defaultEffect;
+        this.pack = this.loadPack(packPath);
+    }
+    /**
+     * Create a PolicyEngine from an in-memory PolicyPack (no file I/O).
+     * Used for workspace-specific policies stored in PolicyStore.
+     */
+    static fromPack(pack, defaultEffect = 'DENY') {
+        const engine = Object.create(PolicyEngine.prototype);
+        engine.packPath = '__in_memory__';
+        engine.defaultEffect = defaultEffect;
+        engine.regexCache = new Map();
+        // Validate
+        const validation = PolicyEngine.validate(pack);
+        if (!validation.valid) {
+            throw new Error(`Invalid policy pack: ${validation.errors.join('; ')}`);
+        }
+        // Sort rules by priority (same as loadPack does)
+        const sortedPack = { ...pack, rules: [...pack.rules] };
+        sortedPack.rules.sort((a, b) => {
+            const pa = a.priority ?? Number.MAX_SAFE_INTEGER;
+            const pb = b.priority ?? Number.MAX_SAFE_INTEGER;
+            return pa - pb;
+        });
+        engine.pack = sortedPack;
+        return engine;
+    }
+    /**
+     * Load and parse a policy pack from a YAML file on disk.
+     * Validates the structure and sorts rules by priority (ascending).
+     */
+    loadPack(path) {
+        let content;
+        try {
+            content = fs.readFileSync(path, 'utf-8');
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            throw new Error(`Failed to read policy pack file at "${path}": ${message}`);
+        }
+        let parsed;
+        try {
+            parsed = yaml.load(content);
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            throw new Error(`Failed to parse YAML in policy pack file "${path}": ${message}`);
+        }
+        if (parsed === null || parsed === undefined || typeof parsed !== 'object') {
+            throw new Error(`Policy pack file "${path}" does not contain a valid YAML object`);
+        }
+        const pack = parsed;
+        const validation = PolicyEngine.validate(pack);
+        if (!validation.valid) {
+            throw new Error(`Invalid policy pack "${path}": ${validation.errors.join('; ')}`);
+        }
+        // Sort rules by priority (lower number = higher precedence).
+        // Rules without an explicit priority are placed at the end.
+        pack.rules.sort((a, b) => {
+            const pa = a.priority ?? Number.MAX_SAFE_INTEGER;
+            const pb = b.priority ?? Number.MAX_SAFE_INTEGER;
+            return pa - pb;
+        });
+        return pack;
+    }
+    /**
+     * Reload the policy pack from disk. Useful for hot-reload scenarios
+     * where the YAML file is updated without restarting the process.
+     */
+    reload() {
+        this.regexCache.clear();
+        this.pack = this.loadPack(this.packPath);
+    }
+    /**
+     * Check if a regex pattern is safe from catastrophic backtracking (ReDoS).
+     * Blocks nested quantifiers (e.g., `(a+)+`, `(a*)*`, `(a|b?)+`) which are
+     * the most common source of exponential-time matches.
+     */
+    static isSafeRegex(pattern) {
+        if (pattern.length > PolicyEngine.MAX_REGEX_PATTERN_LENGTH)
+            return false;
+        // Detect nested quantifiers: a quantifier (+, *, {n}) immediately after a group
+        // that itself contains a quantifier — the classic ReDoS pattern
+        if (/([+*}])\s*\)\s*[+*{]/.test(pattern))
+            return false;
+        // Detect alternation inside repeated group: (a|a)+ style
+        if (/\([^)]*\|[^)]*\)\s*[+*{]/.test(pattern) && /\([^)]*\|[^)]*\)\s*[+*]\s*[+*{]/.test(pattern))
+            return false;
+        return true;
+    }
+    getCachedRegex(pattern) {
+        let re = this.regexCache.get(pattern);
+        if (re) {
+            // Move to end (most recently used) for LRU ordering
+            this.regexCache.delete(pattern);
+            this.regexCache.set(pattern, re);
+            return re;
+        }
+        // ReDoS protection: block patterns with nested quantifiers or excessive length
+        if (!PolicyEngine.isSafeRegex(pattern)) {
+            console.warn(`PolicyEngine: rejecting potentially unsafe regex pattern (ReDoS risk): "${pattern.slice(0, 100)}..."`);
+            return null;
+        }
+        try {
+            re = new RegExp(pattern);
+        }
+        catch (err) {
+            console.warn(`PolicyEngine: invalid regex pattern "${pattern}": ${err instanceof Error ? err.message : String(err)}`);
+            return null;
+        }
+        // Evict oldest entry if at capacity
+        if (this.regexCache.size >= PolicyEngine.MAX_REGEX_CACHE_SIZE) {
+            const oldest = this.regexCache.keys().next().value;
+            if (oldest !== undefined) {
+                this.regexCache.delete(oldest);
+            }
+        }
+        this.regexCache.set(pattern, re);
+        return re;
+    }
+    /**
+     * Return the currently loaded policy pack.
+     */
+    getPack() {
+        return this.pack;
+    }
+    /**
+     * Validate a PolicyPack object without loading it from disk.
+     * Returns a list of validation errors (empty when the pack is valid).
+     */
+    static validate(pack) {
+        const errors = [];
+        if (!pack.name || typeof pack.name !== 'string') {
+            errors.push('Policy pack must have a non-empty "name" string');
+        }
+        if (!pack.version || typeof pack.version !== 'string') {
+            errors.push('Policy pack must have a non-empty "version" string');
+        }
+        if (!Array.isArray(pack.rules)) {
+            errors.push('Policy pack must have a "rules" array');
+            return { valid: false, errors };
+        }
+        for (let i = 0; i < pack.rules.length; i++) {
+            const rule = pack.rules[i];
+            const prefix = `Rule[${i}]`;
+            if (!rule.name || typeof rule.name !== 'string') {
+                errors.push(`${prefix}: must have a non-empty "name" string`);
+            }
+            if (!rule.effect || typeof rule.effect !== 'string') {
+                errors.push(`${prefix} ("${rule.name || 'unnamed'}"): must have an "effect" string`);
+            }
+            else if (!VALID_EFFECTS.includes(rule.effect)) {
+                errors.push(`${prefix} ("${rule.name}"): invalid effect "${rule.effect}". ` +
+                    `Must be one of: ${VALID_EFFECTS.join(', ')}`);
+            }
+            if (!rule.conditions || typeof rule.conditions !== 'object') {
+                errors.push(`${prefix} ("${rule.name || 'unnamed'}"): must have a "conditions" object`);
+            }
+            if (rule.priority !== undefined && (typeof rule.priority !== 'number' || !isFinite(rule.priority))) {
+                errors.push(`${prefix} ("${rule.name || 'unnamed'}"): "priority" must be a finite number`);
+            }
+            // Validate regex patterns are compilable and safe from ReDoS
+            if (rule.conditions) {
+                if (rule.conditions.tool_match) {
+                    if (!PolicyEngine.isSafeRegex(rule.conditions.tool_match)) {
+                        errors.push(`${prefix} ("${rule.name || 'unnamed'}"): "conditions.tool_match" is potentially unsafe (ReDoS risk or too long): "${rule.conditions.tool_match.slice(0, 100)}"`);
+                    }
+                    else {
+                        try {
+                            new RegExp(rule.conditions.tool_match);
+                        }
+                        catch {
+                            errors.push(`${prefix} ("${rule.name || 'unnamed'}"): "conditions.tool_match" is not a valid regex: "${rule.conditions.tool_match}"`);
+                        }
+                    }
+                }
+                if (rule.conditions.label_match) {
+                    if (!PolicyEngine.isSafeRegex(rule.conditions.label_match)) {
+                        errors.push(`${prefix} ("${rule.name || 'unnamed'}"): "conditions.label_match" is potentially unsafe (ReDoS risk or too long): "${rule.conditions.label_match.slice(0, 100)}"`);
+                    }
+                    else {
+                        try {
+                            new RegExp(rule.conditions.label_match);
+                        }
+                        catch {
+                            errors.push(`${prefix} ("${rule.name || 'unnamed'}"): "conditions.label_match" is not a valid regex: "${rule.conditions.label_match}"`);
+                        }
+                    }
+                }
+            }
+        }
+        return { valid: errors.length === 0, errors };
+    }
+    /**
+     * Evaluate a ToolCall against the loaded policy pack.
+     *
+     * Processing order:
+     *   1. Check the pack-level domain_blocklist (instant DENY).
+     *   2. If a pack-level domain_allowlist exists and the call targets a URL,
+     *      the domain must appear in the allowlist or the call is denied.
+     *   3. Iterate rules in priority order. Return the first matching rule's result.
+     *   4. If no rule matches, apply the defaultEffect.
+     */
+    evaluate(toolCall, dlpContext) {
+        const domain = this.extractDomainFromToolCall(toolCall);
+        // --- Pack-level domain blocklist ---
+        if (domain && this.pack.domain_blocklist && this.pack.domain_blocklist.length > 0) {
+            if (this.isDomainInList(domain, this.pack.domain_blocklist)) {
+                return {
+                    decision: 'deny',
+                    rule_id: '__pack_domain_blocklist',
+                    rule_name: '__pack_domain_blocklist',
+                    reasons: [`Domain "${domain}" is in the pack-level domain blocklist`],
+                    transformations: [],
+                };
+            }
+        }
+        // --- SSRF protection: block private/internal targets ---
+        // Active when a domain_allowlist is configured (non-empty), indicating the
+        // policy cares about restricting target domains. In that mode, private IPs
+        // are denied unless explicitly present in the allowlist or in a rule's
+        // domains list.
+        if (domain && isPrivateTarget(domain) && this.pack.domain_allowlist && this.pack.domain_allowlist.length > 0) {
+            // Check if the pack-level allowlist explicitly includes the private domain
+            const allowlistedPrivate = this.isDomainInList(domain, this.pack.domain_allowlist);
+            // Check if any rule explicitly allows private access via domains list
+            const explicitlyAllowed = this.pack.rules.some(rule => rule.conditions.domains && rule.conditions.domains.length > 0 &&
+                this.isDomainInList(domain, rule.conditions.domains));
+            if (!explicitlyAllowed && !allowlistedPrivate) {
+                return {
+                    decision: 'deny',
+                    rule_id: '__ssrf_protection',
+                    rule_name: '__ssrf_protection',
+                    reasons: [`Domain "${domain}" resolves to a private/internal address (SSRF protection)`],
+                    transformations: [],
+                };
+            }
+        }
+        // --- Pack-level domain allowlist ---
+        if (domain && this.pack.domain_allowlist && this.pack.domain_allowlist.length > 0) {
+            if (!this.isDomainInList(domain, this.pack.domain_allowlist)) {
+                return {
+                    decision: 'deny',
+                    rule_id: '__pack_domain_allowlist',
+                    rule_name: '__pack_domain_allowlist',
+                    reasons: [`Domain "${domain}" is not in the pack-level domain allowlist`],
+                    transformations: [],
+                };
+            }
+        }
+        // --- Rule evaluation (priority order, already sorted) ---
+        for (const rule of this.pack.rules) {
+            if (this.matchesConditions(rule.conditions, toolCall, dlpContext)) {
+                return this.buildResult(rule);
+            }
+        }
+        // --- No rule matched: apply default effect ---
+        return {
+            decision: this.effectToDecision(this.pack.default_effect ?? this.defaultEffect),
+            rule_id: '__default',
+            rule_name: '__default',
+            reasons: ['No matching rule found; default effect applied'],
+            transformations: [],
+        };
+    }
+    /**
+     * Evaluate a ToolCall with DLP context (phase-2 evaluation).
+     * Only called when DLP detections were found, allowing policy rules
+     * with dlp_* conditions to match.
+     */
+    evaluateWithDLP(toolCall, dlpContext) {
+        // Only consider rules that have DLP conditions
+        for (const rule of this.pack.rules) {
+            const hasDLPConditions = rule.conditions.dlp_severity
+                || rule.conditions.dlp_detected !== undefined
+                || rule.conditions.dlp_pattern_names;
+            if (!hasDLPConditions)
+                continue;
+            if (this.matchesConditions(rule.conditions, toolCall, dlpContext)) {
+                return this.buildResult(rule);
+            }
+        }
+        return null; // No DLP-conditioned rules matched
+    }
+    /**
+     * Check whether a single rule's conditions match the given ToolCall.
+     * All specified conditions use AND logic: every present condition must
+     * match for the rule to apply. Conditions that are absent or empty are
+     * treated as "match everything".
+     */
+    matchesConditions(conditions, toolCall, dlpContext) {
+        // --- tools ---
+        if (conditions.tools && conditions.tools.length > 0) {
+            if (!conditions.tools.includes(toolCall.tool.name)) {
+                return false;
+            }
+        }
+        // --- tool_match (regex, cached) ---
+        if (conditions.tool_match) {
+            const re = this.getCachedRegex(conditions.tool_match);
+            if (!re || !re.test(toolCall.tool.name)) {
+                return false;
+            }
+        }
+        // --- capabilities ---
+        if (conditions.capabilities && conditions.capabilities.length > 0) {
+            if (!conditions.capabilities.includes(toolCall.tool.capability)) {
+                return false;
+            }
+        }
+        // --- actors ---
+        if (conditions.actors && conditions.actors.length > 0) {
+            if (!conditions.actors.includes(toolCall.actor.id)) {
+                return false;
+            }
+        }
+        // --- actor_types ---
+        if (conditions.actor_types && conditions.actor_types.length > 0) {
+            if (!conditions.actor_types.includes(toolCall.actor.type)) {
+                return false;
+            }
+        }
+        // --- domains (allow list at rule level) ---
+        if (conditions.domains && conditions.domains.length > 0) {
+            const domain = this.extractDomainFromToolCall(toolCall);
+            if (!domain) {
+                // Rule requires a specific domain but the call has no URL -- no match.
+                return false;
+            }
+            if (!this.isDomainInList(domain, conditions.domains)) {
+                return false;
+            }
+        }
+        // --- domain_blocklist (rule level) ---
+        if (conditions.domain_blocklist && conditions.domain_blocklist.length > 0) {
+            const domain = this.extractDomainFromToolCall(toolCall);
+            if (domain && this.isDomainInList(domain, conditions.domain_blocklist)) {
+                return false;
+            }
+        }
+        // --- methods ---
+        if (conditions.methods && conditions.methods.length > 0) {
+            const method = toolCall.args.method;
+            if (!method) {
+                return false;
+            }
+            // Case-insensitive comparison for HTTP methods.
+            const upperMethod = method.toUpperCase();
+            const upperMethods = conditions.methods.map((m) => m.toUpperCase());
+            if (!upperMethods.includes(upperMethod)) {
+                return false;
+            }
+        }
+        // --- labels ---
+        if (conditions.labels && conditions.labels.length > 0) {
+            const callLabels = toolCall.context?.labels;
+            if (!callLabels || callLabels.length === 0) {
+                return false;
+            }
+            // At least one label from the condition must appear in the call's labels.
+            const hasMatch = conditions.labels.some((label) => callLabels.includes(label));
+            if (!hasMatch) {
+                return false;
+            }
+        }
+        // --- label_match (regex, cached) ---
+        if (conditions.label_match) {
+            const callLabels = toolCall.context?.labels;
+            if (!callLabels || callLabels.length === 0) {
+                return false;
+            }
+            const re = this.getCachedRegex(conditions.label_match);
+            if (!re) {
+                return false;
+            }
+            const hasMatch = callLabels.some((label) => re.test(label));
+            if (!hasMatch) {
+                return false;
+            }
+        }
+        // --- platforms ---
+        if (conditions.platforms && conditions.platforms.length > 0) {
+            if (!conditions.platforms.includes(toolCall.source.platform)) {
+                return false;
+            }
+        }
+        // --- workspace_ids ---
+        if (conditions.workspace_ids && conditions.workspace_ids.length > 0) {
+            if (!conditions.workspace_ids.includes(toolCall.workspace_id)) {
+                return false;
+            }
+        }
+        // --- DLP conditions (only evaluated when dlpContext is provided) ---
+        if (conditions.dlp_detected !== undefined) {
+            if (!dlpContext)
+                return false; // DLP conditions require DLP context
+            const hasDetections = dlpContext.detected.length > 0;
+            if (conditions.dlp_detected !== hasDetections) {
+                return false;
+            }
+        }
+        if (conditions.dlp_severity && conditions.dlp_severity.length > 0) {
+            if (!dlpContext)
+                return false;
+            if (!conditions.dlp_severity.includes(dlpContext.severity)) {
+                return false;
+            }
+        }
+        if (conditions.dlp_pattern_names && conditions.dlp_pattern_names.length > 0) {
+            if (!dlpContext)
+                return false;
+            const hasMatch = conditions.dlp_pattern_names.some(name => dlpContext.pattern_names.includes(name));
+            if (!hasMatch) {
+                return false;
+            }
+        }
+        // All specified conditions matched (or were absent).
+        return true;
+    }
+    /**
+     * Extract the hostname from a URL string.
+     * Returns null if the string is not a valid URL.
+     */
+    extractDomain(url) {
+        try {
+            const parsed = new URL(url);
+            return parsed.hostname.toLowerCase();
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * Convenience helper: pull the URL out of a ToolCall's args and extract its domain.
+     */
+    extractDomainFromToolCall(toolCall) {
+        const url = toolCall.args.url;
+        if (!url || typeof url !== 'string') {
+            return null;
+        }
+        return this.extractDomain(url);
+    }
+    /**
+     * Check whether a domain appears in a domain list.
+     * Supports exact matches and wildcard subdomains (e.g., "*.example.com"
+     * matches "api.example.com" and "sub.api.example.com").
+     */
+    isDomainInList(domain, list) {
+        const lowerDomain = domain.toLowerCase();
+        for (const entry of list) {
+            const lowerEntry = entry.toLowerCase();
+            if (lowerEntry === lowerDomain) {
+                return true;
+            }
+            // Wildcard matching: *.example.com matches any subdomain of example.com.
+            if (lowerEntry.startsWith('*.')) {
+                const suffix = lowerEntry.slice(1); // ".example.com"
+                if (lowerDomain.endsWith(suffix) || lowerDomain === lowerEntry.slice(2)) {
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+    /**
+     * Map a PolicyEffect enum value to the lowercase PolicyDecision string.
+     */
+    effectToDecision(effect) {
+        return effect.toLowerCase();
+    }
+    /**
+     * Build a PolicyEvalResult from a matched rule.
+     */
+    buildResult(rule) {
+        const reasons = [];
+        if (rule.description) {
+            reasons.push(rule.description);
+        }
+        reasons.push(`Matched rule "${rule.name}"`);
+        const result = {
+            decision: this.effectToDecision(rule.effect),
+            rule_id: rule.name,
+            rule_name: rule.name,
+            reasons,
+            transformations: rule.transformations,
+        };
+        if (rule.effect === 'REQUIRE_APPROVAL' && rule.approval) {
+            result.approval = rule.approval;
+        }
+        return result;
+    }
+}
+exports.PolicyEngine = PolicyEngine;
+/**
+ * Get a cached compiled RegExp for a pattern string.
+ * Avoids re-compiling the same pattern on every evaluate() call.
+ */
+PolicyEngine.MAX_REGEX_CACHE_SIZE = 1000;
+/** Maximum allowed regex pattern length */
+PolicyEngine.MAX_REGEX_PATTERN_LENGTH = 500;
+//# sourceMappingURL=engine.js.map