sdl-mcp 0.6.0

package/dist/policy/engine.js

@@ -0,0 +1,477 @@
+import crypto from "crypto";
+import { DEFAULT_POLICY_CONFIG } from "./types.js";
+import { logger } from "../util/logger.js";
+import { POLICY_PRIORITY_WINDOW_SIZE_LIMIT, POLICY_PRIORITY_IDENTIFIERS_REQUIRED, POLICY_PRIORITY_BUDGET_CAPS, POLICY_PRIORITY_BREAK_GLASS, POLICY_PRIORITY_DEFAULT_DENY_RAW, } from "../config/constants.js";
+/**
+ * Policy rule priorities - higher values run first.
+ * Rules are evaluated in descending priority order until one denies or all pass.
+ *
+ * Priority tiers:
+ * - 100: Hard limits (window size) - must be checked first
+ * - 90: Input validation (required fields)
+ * - 80: Budget enforcement (token/request caps)
+ * - 10: Override mechanisms (break-glass)
+ */
+const RULE_PRIORITY = {
+    WINDOW_SIZE_LIMIT: POLICY_PRIORITY_WINDOW_SIZE_LIMIT,
+    IDENTIFIERS_REQUIRED: POLICY_PRIORITY_IDENTIFIERS_REQUIRED,
+    BUDGET_CAPS: POLICY_PRIORITY_BUDGET_CAPS,
+    BREAK_GLASS: POLICY_PRIORITY_BREAK_GLASS,
+    DEFAULT_DENY_RAW: POLICY_PRIORITY_DEFAULT_DENY_RAW,
+};
+export function generateAuditHash(decision, evidence, context) {
+    const hashInput = {
+        decision,
+        evidence,
+        requestType: context.requestType,
+        repoId: context.repoId,
+        symbolId: context.symbolId,
+    };
+    const hashString = JSON.stringify(hashInput);
+    return crypto.createHash("sha256").update(hashString).digest("hex");
+}
+export class PolicyEngine {
+    rules = new Map();
+    config;
+    constructor(config = {}) {
+        this.config = { ...DEFAULT_POLICY_CONFIG, ...config };
+        this.registerDefaultRules();
+    }
+    registerDefaultRules() {
+        this.addRule({
+            name: "window-size-limit",
+            enabled: true,
+            priority: RULE_PRIORITY.WINDOW_SIZE_LIMIT,
+            evaluate: (ctx) => {
+                if (ctx.requestType !== "codeWindow") {
+                    return {
+                        passed: true,
+                        evidence: {
+                            type: "check-skipped",
+                            value: null,
+                            reason: "Rule only applies to codeWindow requests",
+                        },
+                    };
+                }
+                const failed = [];
+                if (ctx.maxWindowLines &&
+                    ctx.maxWindowLines > this.config.maxWindowLines) {
+                    failed.push({
+                        type: "max-lines-exceeded",
+                        value: {
+                            requested: ctx.maxWindowLines,
+                            limit: this.config.maxWindowLines,
+                        },
+                        reason: `Requested lines (${ctx.maxWindowLines}) exceed maximum (${this.config.maxWindowLines})`,
+                    });
+                }
+                if (ctx.maxWindowTokens &&
+                    ctx.maxWindowTokens > this.config.maxWindowTokens) {
+                    failed.push({
+                        type: "max-tokens-exceeded",
+                        value: {
+                            requested: ctx.maxWindowTokens,
+                            limit: this.config.maxWindowTokens,
+                        },
+                        reason: `Requested tokens (${ctx.maxWindowTokens}) exceed maximum (${this.config.maxWindowTokens})`,
+                    });
+                }
+                if (failed.length > 0) {
+                    return {
+                        passed: false,
+                        evidence: failed[0],
+                        downgradeTo: "skeleton",
+                    };
+                }
+                return {
+                    passed: true,
+                    evidence: {
+                        type: "window-size-check",
+                        value: {
+                            maxLines: this.config.maxWindowLines,
+                            maxTokens: this.config.maxWindowTokens,
+                        },
+                        reason: "Window size within limits",
+                    },
+                };
+            },
+        });
+        this.addRule({
+            name: "identifiers-required",
+            enabled: true,
+            priority: RULE_PRIORITY.IDENTIFIERS_REQUIRED,
+            evaluate: (ctx) => {
+                if (ctx.requestType !== "codeWindow") {
+                    return {
+                        passed: true,
+                        evidence: {
+                            type: "check-skipped",
+                            value: null,
+                            reason: "Rule only applies to codeWindow requests",
+                        },
+                    };
+                }
+                if (!this.config.requireIdentifiers) {
+                    return {
+                        passed: true,
+                        evidence: {
+                            type: "identifiers-not-required",
+                            value: null,
+                            reason: "Identifiers not required by policy",
+                        },
+                    };
+                }
+                if (!ctx.identifiersToFind || ctx.identifiersToFind.length === 0) {
+                    return {
+                        passed: false,
+                        evidence: {
+                            type: "missing-identifiers",
+                            value: null,
+                            reason: "No identifiers provided, but required by policy",
+                        },
+                        downgradeTo: "skeleton",
+                    };
+                }
+                return {
+                    passed: true,
+                    evidence: {
+                        type: "identifiers-provided",
+                        value: {
+                            count: ctx.identifiersToFind.length,
+                            identifiers: ctx.identifiersToFind.slice(0, 5),
+                        },
+                        reason: `Provided ${ctx.identifiersToFind.length} identifiers`,
+                    },
+                };
+            },
+        });
+        this.addRule({
+            name: "budget-caps",
+            enabled: true,
+            priority: RULE_PRIORITY.BUDGET_CAPS,
+            evaluate: (ctx) => {
+                if (ctx.requestType !== "graphSlice" || !ctx.budget) {
+                    return {
+                        passed: true,
+                        evidence: {
+                            type: "check-skipped",
+                            value: null,
+                            reason: "Rule only applies to graphSlice with budget",
+                        },
+                    };
+                }
+                const failed = [];
+                if (ctx.budget.maxCards &&
+                    ctx.budget.maxCards > this.config.budgetCaps.maxCards) {
+                    failed.push({
+                        type: "max-cards-exceeded",
+                        value: {
+                            requested: ctx.budget.maxCards,
+                            limit: this.config.budgetCaps.maxCards,
+                        },
+                        reason: `Requested cards (${ctx.budget.maxCards}) exceed maximum (${this.config.budgetCaps.maxCards})`,
+                    });
+                }
+                if (ctx.budget.maxEstimatedTokens &&
+                    ctx.budget.maxEstimatedTokens >
+                        this.config.budgetCaps.maxEstimatedTokens) {
+                    failed.push({
+                        type: "max-tokens-budget-exceeded",
+                        value: {
+                            requested: ctx.budget.maxEstimatedTokens,
+                            limit: this.config.budgetCaps.maxEstimatedTokens,
+                        },
+                        reason: `Requested tokens (${ctx.budget.maxEstimatedTokens}) exceed maximum (${this.config.budgetCaps.maxEstimatedTokens})`,
+                    });
+                }
+                if (failed.length > 0) {
+                    return {
+                        passed: false,
+                        evidence: failed[0],
+                    };
+                }
+                return {
+                    passed: true,
+                    evidence: {
+                        type: "budget-within-limits",
+                        value: {
+                            maxCards: this.config.budgetCaps.maxCards,
+                            maxEstimatedTokens: this.config.budgetCaps.maxEstimatedTokens,
+                        },
+                        reason: "Budget within caps",
+                    },
+                };
+            },
+        });
+        this.addRule({
+            name: "break-glass",
+            enabled: true,
+            priority: RULE_PRIORITY.BREAK_GLASS,
+            evaluate: (ctx) => {
+                if (!this.config.allowBreakGlass) {
+                    return {
+                        passed: true,
+                        evidence: {
+                            type: "break-glass-disabled",
+                            value: null,
+                            reason: "Break glass not allowed by policy",
+                        },
+                    };
+                }
+                if (ctx.reason) {
+                    const reasonUpper = ctx.reason.toUpperCase();
+                    if (reasonUpper.includes("AUDIT") ||
+                        reasonUpper.includes("BREAK-GLASS")) {
+                        return {
+                            passed: true,
+                            evidence: {
+                                type: "break-glass-triggered",
+                                value: { reason: ctx.reason },
+                                reason: "Break glass override triggered",
+                            },
+                        };
+                    }
+                }
+                return {
+                    passed: true,
+                    evidence: {
+                        type: "break-glass-not-triggered",
+                        value: null,
+                        reason: "No break glass override requested",
+                    },
+                };
+            },
+        });
+        this.addRule({
+            name: "default-deny-raw",
+            enabled: true,
+            priority: RULE_PRIORITY.DEFAULT_DENY_RAW,
+            evaluate: (ctx) => {
+                if (ctx.requestType !== "codeWindow") {
+                    return {
+                        passed: true,
+                        evidence: {
+                            type: "check-skipped",
+                            value: null,
+                            reason: "Rule only applies to codeWindow requests",
+                        },
+                    };
+                }
+                if (!this.config.defaultDenyRaw) {
+                    return {
+                        passed: true,
+                        evidence: {
+                            type: "default-allow-raw",
+                            value: null,
+                            reason: "Raw code access allowed by default",
+                        },
+                    };
+                }
+                if (ctx.sliceContext?.cards.some((c) => c.symbolId === ctx.symbolId) ||
+                    ctx.sliceContext?.frontier?.some((f) => f.symbolId === ctx.symbolId)) {
+                    return {
+                        passed: true,
+                        evidence: {
+                            type: "in-slice-or-frontier",
+                            value: { symbolId: ctx.symbolId },
+                            reason: "Symbol is in slice or frontier",
+                        },
+                    };
+                }
+                const hasIdentifiers = ctx.identifiersToFind && ctx.identifiersToFind.length > 0;
+                const downgradeTarget = hasIdentifiers ? "hotpath" : "skeleton";
+                return {
+                    passed: false,
+                    evidence: {
+                        type: "default-deny-raw",
+                        value: {
+                            symbolId: ctx.symbolId,
+                            hasIdentifiers,
+                            suggestedDowngrade: downgradeTarget,
+                        },
+                        reason: `Raw code access denied by default policy - try ${downgradeTarget} instead`,
+                    },
+                    downgradeTo: downgradeTarget,
+                };
+            },
+        });
+    }
+    addRule(rule) {
+        this.rules.set(rule.name, rule);
+    }
+    removeRule(name) {
+        this.rules.delete(name);
+    }
+    getRule(name) {
+        return this.rules.get(name);
+    }
+    evaluate(context) {
+        const evidence = [];
+        const deniedReasons = [];
+        let downgradeTo = null;
+        const sortedRules = Array.from(this.rules.values()).sort((a, b) => {
+            const priorityDiff = b.priority - a.priority;
+            if (priorityDiff !== 0)
+                return priorityDiff;
+            return a.name.localeCompare(b.name);
+        });
+        for (const rule of sortedRules) {
+            if (!rule.enabled)
+                continue;
+            try {
+                const result = rule.evaluate(context);
+                evidence.push(result.evidence);
+                if (!result.passed) {
+                    deniedReasons.push(result.evidence.reason);
+                    if (result.downgradeTo && !downgradeTo) {
+                        downgradeTo = result.downgradeTo;
+                    }
+                }
+            }
+            catch (error) {
+                logger.error(`Policy rule "${rule.name}" evaluation failed`, {
+                    error,
+                    context,
+                });
+                evidence.push({
+                    type: "rule-error",
+                    value: { ruleName: rule.name, error: String(error) },
+                    reason: `Rule "${rule.name}" failed to evaluate`,
+                });
+            }
+        }
+        let decision = "approve";
+        if (deniedReasons.length > 0) {
+            if (downgradeTo === "skeleton") {
+                decision = "downgrade-to-skeleton";
+            }
+            else if (downgradeTo === "hotpath") {
+                decision = "downgrade-to-hotpath";
+            }
+            else {
+                decision = "deny";
+            }
+        }
+        const auditHash = generateAuditHash(decision, evidence, context);
+        let downgradeTarget;
+        if (downgradeTo && context.symbolId) {
+            downgradeTarget = {
+                type: downgradeTo,
+                symbolId: context.symbolId,
+                repoId: context.repoId,
+            };
+        }
+        return {
+            decision,
+            evidenceUsed: evidence,
+            auditHash,
+            deniedReasons: deniedReasons.length > 0 ? deniedReasons : undefined,
+            downgradeTarget,
+        };
+    }
+    generateNextBestAction(decision, context) {
+        if (decision.decision === "approve") {
+            return {};
+        }
+        const deniedReasons = decision.deniedReasons ?? [];
+        let nextBestAction = "retryWithSameInputs";
+        const requiredFieldsForNext = {};
+        const deniedReasonSet = new Set(deniedReasons);
+        const deniedEvidence = decision.evidenceUsed.filter((e) => deniedReasonSet.has(e.reason));
+        if (decision.decision === "downgrade-to-skeleton") {
+            nextBestAction = "requestSkeleton";
+            if (context.symbolId) {
+                requiredFieldsForNext.requestSkeleton = {
+                    symbolId: context.symbolId,
+                    repoId: context.repoId,
+                };
+            }
+        }
+        else if (decision.decision === "downgrade-to-hotpath") {
+            nextBestAction = "requestHotPath";
+            if (context.symbolId) {
+                requiredFieldsForNext.requestHotPath = {
+                    symbolId: context.symbolId,
+                    repoId: context.repoId,
+                    identifiersToFind: context.identifiersToFind ?? [],
+                    maxTokens: context.maxWindowTokens,
+                };
+            }
+        }
+        else {
+            // Prefer evidence.type matching (deniedReasons contains evidence.reason strings).
+            for (const ev of deniedEvidence) {
+                if (ev.type === "missing-identifiers") {
+                    nextBestAction = "provideIdentifiersToFind";
+                    requiredFieldsForNext.provideIdentifiersToFind = {
+                        minCount: 1,
+                        examples: context.symbolData?.name
+                            ? [context.symbolData.name]
+                            : undefined,
+                    };
+                    break;
+                }
+                if (ev.type === "max-cards-exceeded") {
+                    nextBestAction = "narrowScope";
+                    requiredFieldsForNext.narrowScope = {
+                        field: "budget.maxCards",
+                        reason: `Requested maxCards exceeds policy cap (${this.config.budgetCaps.maxCards}). Reduce maxCards or narrow scope (more specific entrySymbols/taskText).`,
+                    };
+                    break;
+                }
+                if (ev.type === "max-tokens-budget-exceeded") {
+                    nextBestAction = "narrowScope";
+                    requiredFieldsForNext.narrowScope = {
+                        field: "budget.maxEstimatedTokens",
+                        reason: `Requested maxEstimatedTokens exceeds policy cap (${this.config.budgetCaps.maxEstimatedTokens}). Reduce maxEstimatedTokens or narrow scope (more specific entrySymbols/taskText).`,
+                    };
+                    break;
+                }
+            }
+            // Fallback to substring matching for older/custom rules that don't set useful types.
+            if (nextBestAction === "retryWithSameInputs") {
+                for (const reason of deniedReasons) {
+                    if (reason.includes("missing identifiers")) {
+                        nextBestAction = "provideIdentifiersToFind";
+                        requiredFieldsForNext.provideIdentifiersToFind = {
+                            minCount: 1,
+                            examples: context.symbolData?.name
+                                ? [context.symbolData.name]
+                                : undefined,
+                        };
+                        break;
+                    }
+                    if (reason.includes("Requested cards") &&
+                        reason.includes("exceed maximum")) {
+                        nextBestAction = "narrowScope";
+                        requiredFieldsForNext.narrowScope = {
+                            field: "budget.maxCards",
+                            reason: `Requested maxCards exceeds policy cap (${this.config.budgetCaps.maxCards}). Reduce maxCards or narrow scope (more specific entrySymbols/taskText).`,
+                        };
+                        break;
+                    }
+                    if (reason.includes("Requested tokens") &&
+                        reason.includes("exceed maximum")) {
+                        nextBestAction = "narrowScope";
+                        requiredFieldsForNext.narrowScope = {
+                            field: "budget.maxEstimatedTokens",
+                            reason: `Requested maxEstimatedTokens exceeds policy cap (${this.config.budgetCaps.maxEstimatedTokens}). Reduce maxEstimatedTokens or narrow scope (more specific entrySymbols/taskText).`,
+                        };
+                        break;
+                    }
+                }
+            }
+        }
+        return {
+            nextBestAction,
+            requiredFieldsForNext,
+        };
+    }
+    updateConfig(config) {
+        this.config = { ...this.config, ...config };
+    }
+    getConfig() {
+        return { ...this.config };
+    }
+}
+//# sourceMappingURL=engine.js.map

package/dist/policy/engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.js","sourceRoot":"","sources":["../../src/policy/engine.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAQ5B,OAAO,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAE3C,OAAO,EACL,iCAAiC,EACjC,oCAAoC,EACpC,2BAA2B,EAC3B,2BAA2B,EAC3B,gCAAgC,GACjC,MAAM,wBAAwB,CAAC;AAEhC;;;;;;;;;GASG;AACH,MAAM,aAAa,GAAG;IACpB,iBAAiB,EAAE,iCAAiC;IACpD,oBAAoB,EAAE,oCAAoC;IAC1D,WAAW,EAAE,2BAA2B;IACxC,WAAW,EAAE,2BAA2B;IACxC,gBAAgB,EAAE,gCAAgC;CAC1C,CAAC;AAUX,MAAM,UAAU,iBAAiB,CAC/B,QAAgB,EAChB,QAA0B,EAC1B,OAA6B;IAE7B,MAAM,SAAS,GAAG;QAChB,QAAQ;QACR,QAAQ;QACR,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAC;IACF,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IAC7C,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,OAAO,YAAY;IACf,KAAK,GAA4B,IAAI,GAAG,EAAE,CAAC;IAC3C,MAAM,CAAe;IAE7B,YAAY,SAAgC,EAAE;QAC5C,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,qBAAqB,EAAE,GAAG,MAAM,EAAE,CAAC;QACtD,IAAI,CAAC,oBAAoB,EAAE,CAAC;IAC9B,CAAC;IAEO,oBAAoB;QAC1B,IAAI,CAAC,OAAO,CAAC;YACX,IAAI,EAAE,mBAAmB;YACzB,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,aAAa,CAAC,iBAAiB;YACzC,QAAQ,EAAE,CAAC,GAAG,EAAE,EAAE;gBAChB,IAAI,GAAG,CAAC,WAAW,KAAK,YAAY,EAAE,CAAC;oBACrC,OAAO;wBACL,MAAM,EAAE,IAAI;wBACZ,QAAQ,EAAE;4BACR,IAAI,EAAE,eAAe;4BACrB,KAAK,EAAE,IAAI;4BACX,MAAM,EAAE,0CAA0C;yBACnD;qBACF,CAAC;gBACJ,CAAC;gBAED,MAAM,MAAM,GAAqB,EAAE,CAAC;gBAEpC,IACE,GAAG,CAAC,cAAc;oBAClB,GAAG,CAAC,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,EAC/C,CAAC;oBACD,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,oBAAoB;wBAC1B,KAAK,EAAE;4BACL,SAAS,EAAE,GAAG,CAAC,cAAc;4BAC7B,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc;yBAClC;wBACD,MAAM,EAAE,oBAAoB,GAAG,CAAC,cAAc,qBAAqB,IAAI,CAAC,MAAM,CAAC,cAAc,GAAG;qBACjG,CAAC,CAAC;gBACL,CAAC;gBAED,IACE,GAAG,CAAC,eAAe;oBACnB,GAAG,CAAC,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,EACjD,CAAC;oBACD,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,qBAAqB;wBAC3B,KAAK,EAAE;4BACL,SAAS,EAAE,GAAG,CAAC,eAAe;4BAC9B,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe;yBACnC;wBACD,MAAM,EAAE,qBAAqB,GAAG,CAAC,eAAe,qBAAqB,IAAI,CAAC,MAAM,CAAC,eAAe,GAAG;qBACpG,CAAC,CAAC;gBACL,CAAC;gBAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACtB,OAAO;wBACL,MAAM,EAAE,KAAK;wBACb,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;wBACnB,WAAW,EAAE,UAAU;qBACxB,CAAC;gBACJ,CAAC;gBAED,OAAO;oBACL,MAAM,EAAE,IAAI;oBACZ,QAAQ,EAAE;wBACR,IAAI,EAAE,mBAAmB;wBACzB,KAAK,EAAE;4BACL,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc;4BACpC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,eAAe;yBACvC;wBACD,MAAM,EAAE,2BAA2B;qBACpC;iBACF,CAAC;YACJ,CAAC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,CAAC;YACX,IAAI,EAAE,sBAAsB;YAC5B,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,aAAa,CAAC,oBAAoB;YAC5C,QAAQ,EAAE,CAAC,GAAG,EAAE,EAAE;gBAChB,IAAI,GAAG,CAAC,WAAW,KAAK,YAAY,EAAE,CAAC;oBACrC,OAAO;wBACL,MAAM,EAAE,IAAI;wBACZ,QAAQ,EAAE;4BACR,IAAI,EAAE,eAAe;4BACrB,KAAK,EAAE,IAAI;4BACX,MAAM,EAAE,0CAA0C;yBACnD;qBACF,CAAC;gBACJ,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;oBACpC,OAAO;wBACL,MAAM,EAAE,IAAI;wBACZ,QAAQ,EAAE;4BACR,IAAI,EAAE,0BAA0B;4BAChC,KAAK,EAAE,IAAI;4BACX,MAAM,EAAE,oCAAoC;yBAC7C;qBACF,CAAC;gBACJ,CAAC;gBAED,IAAI,CAAC,GAAG,CAAC,iBAAiB,IAAI,GAAG,CAAC,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACjE,OAAO;wBACL,MAAM,EAAE,KAAK;wBACb,QAAQ,EAAE;4BACR,IAAI,EAAE,qBAAqB;4BAC3B,KAAK,EAAE,IAAI;4BACX,MAAM,EAAE,iDAAiD;yBAC1D;wBACD,WAAW,EAAE,UAAU;qBACxB,CAAC;gBACJ,CAAC;gBAED,OAAO;oBACL,MAAM,EAAE,IAAI;oBACZ,QAAQ,EAAE;wBACR,IAAI,EAAE,sBAAsB;wBAC5B,KAAK,EAAE;4BACL,KAAK,EAAE,GAAG,CAAC,iBAAiB,CAAC,MAAM;4BACnC,WAAW,EAAE,GAAG,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;yBAC/C;wBACD,MAAM,EAAE,YAAY,GAAG,CAAC,iBAAiB,CAAC,MAAM,cAAc;qBAC/D;iBACF,CAAC;YACJ,CAAC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,CAAC;YACX,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,aAAa,CAAC,WAAW;YACnC,QAAQ,EAAE,CAAC,GAAG,EAAE,EAAE;gBAChB,IAAI,GAAG,CAAC,WAAW,KAAK,YAAY,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;oBACpD,OAAO;wBACL,MAAM,EAAE,IAAI;wBACZ,QAAQ,EAAE;4BACR,IAAI,EAAE,eAAe;4BACrB,KAAK,EAAE,IAAI;4BACX,MAAM,EAAE,6CAA6C;yBACtD;qBACF,CAAC;gBACJ,CAAC;gBAED,MAAM,MAAM,GAAqB,EAAE,CAAC;gBAEpC,IACE,GAAG,CAAC,MAAM,CAAC,QAAQ;oBACnB,GAAG,CAAC,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,EACrD,CAAC;oBACD,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,oBAAoB;wBAC1B,KAAK,EAAE;4BACL,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ;4BAC9B,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ;yBACvC;wBACD,MAAM,EAAE,oBAAoB,GAAG,CAAC,MAAM,CAAC,QAAQ,qBAAqB,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,GAAG;qBACvG,CAAC,CAAC;gBACL,CAAC;gBAED,IACE,GAAG,CAAC,MAAM,CAAC,kBAAkB;oBAC7B,GAAG,CAAC,MAAM,CAAC,kBAAkB;wBAC3B,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,kBAAkB,EAC3C,CAAC;oBACD,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,4BAA4B;wBAClC,KAAK,EAAE;4BACL,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,kBAAkB;4BACxC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,kBAAkB;yBACjD;wBACD,MAAM,EAAE,qBAAqB,GAAG,CAAC,MAAM,CAAC,kBAAkB,qBAAqB,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,kBAAkB,GAAG;qBAC5H,CAAC,CAAC;gBACL,CAAC;gBAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACtB,OAAO;wBACL,MAAM,EAAE,KAAK;wBACb,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;qBACpB,CAAC;gBACJ,CAAC;gBAED,OAAO;oBACL,MAAM,EAAE,IAAI;oBACZ,QAAQ,EAAE;wBACR,IAAI,EAAE,sBAAsB;wBAC5B,KAAK,EAAE;4BACL,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ;4BACzC,kBAAkB,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,kBAAkB;yBAC9D;wBACD,MAAM,EAAE,oBAAoB;qBAC7B;iBACF,CAAC;YACJ,CAAC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,CAAC;YACX,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,aAAa,CAAC,WAAW;YACnC,QAAQ,EAAE,CAAC,GAAG,EAAE,EAAE;gBAChB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;oBACjC,OAAO;wBACL,MAAM,EAAE,IAAI;wBACZ,QAAQ,EAAE;4BACR,IAAI,EAAE,sBAAsB;4BAC5B,KAAK,EAAE,IAAI;4BACX,MAAM,EAAE,mCAAmC;yBAC5C;qBACF,CAAC;gBACJ,CAAC;gBAED,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;oBACf,MAAM,WAAW,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;oBAC7C,IACE,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC;wBAC7B,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EACnC,CAAC;wBACD,OAAO;4BACL,MAAM,EAAE,IAAI;4BACZ,QAAQ,EAAE;gCACR,IAAI,EAAE,uBAAuB;gCAC7B,KAAK,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE;gCAC7B,MAAM,EAAE,gCAAgC;6BACzC;yBACF,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAED,OAAO;oBACL,MAAM,EAAE,IAAI;oBACZ,QAAQ,EAAE;wBACR,IAAI,EAAE,2BAA2B;wBACjC,KAAK,EAAE,IAAI;wBACX,MAAM,EAAE,mCAAmC;qBAC5C;iBACF,CAAC;YACJ,CAAC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,CAAC;YACX,IAAI,EAAE,kBAAkB;YACxB,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,aAAa,CAAC,gBAAgB;YACxC,QAAQ,EAAE,CAAC,GAAG,EAAE,EAAE;gBAChB,IAAI,GAAG,CAAC,WAAW,KAAK,YAAY,EAAE,CAAC;oBACrC,OAAO;wBACL,MAAM,EAAE,IAAI;wBACZ,QAAQ,EAAE;4BACR,IAAI,EAAE,eAAe;4BACrB,KAAK,EAAE,IAAI;4BACX,MAAM,EAAE,0CAA0C;yBACnD;qBACF,CAAC;gBACJ,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;oBAChC,OAAO;wBACL,MAAM,EAAE,IAAI;wBACZ,QAAQ,EAAE;4BACR,IAAI,EAAE,mBAAmB;4BACzB,KAAK,EAAE,IAAI;4BACX,MAAM,EAAE,oCAAoC;yBAC7C;qBACF,CAAC;gBACJ,CAAC;gBAED,IACE,GAAG,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,CAAC;oBAChE,GAAG,CAAC,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,QAAQ,CAAC,EACpE,CAAC;oBACD,OAAO;wBACL,MAAM,EAAE,IAAI;wBACZ,QAAQ,EAAE;4BACR,IAAI,EAAE,sBAAsB;4BAC5B,KAAK,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE;4BACjC,MAAM,EAAE,gCAAgC;yBACzC;qBACF,CAAC;gBACJ,CAAC;gBAED,MAAM,cAAc,GAClB,GAAG,CAAC,iBAAiB,IAAI,GAAG,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,CAAC;gBAE5D,MAAM,eAAe,GAAG,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC;gBAEhE,OAAO;oBACL,MAAM,EAAE,KAAK;oBACb,QAAQ,EAAE;wBACR,IAAI,EAAE,kBAAkB;wBACxB,KAAK,EAAE;4BACL,QAAQ,EAAE,GAAG,CAAC,QAAQ;4BACtB,cAAc;4BACd,kBAAkB,EAAE,eAAe;yBACpC;wBACD,MAAM,EAAE,kDAAkD,eAAe,UAAU;qBACpF;oBACD,WAAW,EAAE,eAAe;iBAC7B,CAAC;YACJ,CAAC;SACF,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,IAAgB;QACtB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,UAAU,CAAC,IAAY;QACrB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,OAAO,CAAC,IAAY;QAClB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,QAAQ,CAAC,OAA6B;QACpC,MAAM,QAAQ,GAAqB,EAAE,CAAC;QACtC,MAAM,aAAa,GAAa,EAAE,CAAC;QACnC,IAAI,WAAW,GAAkC,IAAI,CAAC;QAEtD,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YAChE,MAAM,YAAY,GAAG,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC;YAC7C,IAAI,YAAY,KAAK,CAAC;gBAAE,OAAO,YAAY,CAAC;YAC5C,OAAO,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,IAAI,CAAC,IAAI,CAAC,OAAO;gBAAE,SAAS;YAE5B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBACtC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBAE/B,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;oBACnB,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;oBAC3C,IAAI,MAAM,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;wBACvC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;oBACnC,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,gBAAgB,IAAI,CAAC,IAAI,qBAAqB,EAAE;oBAC3D,KAAK;oBACL,OAAO;iBACR,CAAC,CAAC;gBACH,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,YAAY;oBAClB,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE;oBACpD,MAAM,EAAE,SAAS,IAAI,CAAC,IAAI,sBAAsB;iBACjD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,GAA+B,SAAS,CAAC;QAErD,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,IAAI,WAAW,KAAK,UAAU,EAAE,CAAC;gBAC/B,QAAQ,GAAG,uBAAuB,CAAC;YACrC,CAAC;iBAAM,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;gBACrC,QAAQ,GAAG,sBAAsB,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACN,QAAQ,GAAG,MAAM,CAAC;YACpB,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,iBAAiB,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAEjE,IAAI,eAAe,CAAC;QACpB,IAAI,WAAW,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACpC,eAAe,GAAG;gBAChB,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC;QACJ,CAAC;QAED,OAAO;YACL,QAAQ;YACR,YAAY,EAAE,QAAQ;YACtB,SAAS;YACT,aAAa,EAAE,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;YACnE,eAAe;SAChB,CAAC;IACJ,CAAC;IAED,sBAAsB,CACpB,QAAwB,EACxB,OAA6B;QAK7B,IAAI,QAAQ,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YACpC,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,aAAa,GAAG,QAAQ,CAAC,aAAa,IAAI,EAAE,CAAC;QACnD,IAAI,cAAc,GAAmB,qBAAqB,CAAC;QAC3D,MAAM,qBAAqB,GAA0B,EAAE,CAAC;QAExD,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;QAC/C,MAAM,cAAc,GAAG,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACxD,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAC9B,CAAC;QAEF,IAAI,QAAQ,CAAC,QAAQ,KAAK,uBAAuB,EAAE,CAAC;YAClD,cAAc,GAAG,iBAAiB,CAAC;YACnC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,qBAAqB,CAAC,eAAe,GAAG;oBACtC,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;iBACvB,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,IAAI,QAAQ,CAAC,QAAQ,KAAK,sBAAsB,EAAE,CAAC;YACxD,cAAc,GAAG,gBAAgB,CAAC;YAClC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,qBAAqB,CAAC,cAAc,GAAG;oBACrC,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,IAAI,EAAE;oBAClD,SAAS,EAAE,OAAO,CAAC,eAAe;iBACnC,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,kFAAkF;YAClF,KAAK,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;gBAChC,IAAI,EAAE,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;oBACtC,cAAc,GAAG,0BAA0B,CAAC;oBAC5C,qBAAqB,CAAC,wBAAwB,GAAG;wBAC/C,QAAQ,EAAE,CAAC;wBACX,QAAQ,EAAE,OAAO,CAAC,UAAU,EAAE,IAAI;4BAChC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;4BAC3B,CAAC,CAAC,SAAS;qBACd,CAAC;oBACF,MAAM;gBACR,CAAC;gBACD,IAAI,EAAE,CAAC,IAAI,KAAK,oBAAoB,EAAE,CAAC;oBACrC,cAAc,GAAG,aAAa,CAAC;oBAC/B,qBAAqB,CAAC,WAAW,GAAG;wBAClC,KAAK,EAAE,iBAAiB;wBACxB,MAAM,EAAE,0CAA0C,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,2EAA2E;qBAC7J,CAAC;oBACF,MAAM;gBACR,CAAC;gBACD,IAAI,EAAE,CAAC,IAAI,KAAK,4BAA4B,EAAE,CAAC;oBAC7C,cAAc,GAAG,aAAa,CAAC;oBAC/B,qBAAqB,CAAC,WAAW,GAAG;wBAClC,KAAK,EAAE,2BAA2B;wBAClC,MAAM,EAAE,oDAAoD,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,kBAAkB,qFAAqF;qBAC3L,CAAC;oBACF,MAAM;gBACR,CAAC;YACH,CAAC;YAED,qFAAqF;YACrF,IAAI,cAAc,KAAK,qBAAqB,EAAE,CAAC;gBAC7C,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;oBACnC,IAAI,MAAM,CAAC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,CAAC;wBAC3C,cAAc,GAAG,0BAA0B,CAAC;wBAC5C,qBAAqB,CAAC,wBAAwB,GAAG;4BAC/C,QAAQ,EAAE,CAAC;4BACX,QAAQ,EAAE,OAAO,CAAC,UAAU,EAAE,IAAI;gCAChC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;gCAC3B,CAAC,CAAC,SAAS;yBACd,CAAC;wBACF,MAAM;oBACR,CAAC;oBACD,IACE,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAC;wBAClC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EACjC,CAAC;wBACD,cAAc,GAAG,aAAa,CAAC;wBAC/B,qBAAqB,CAAC,WAAW,GAAG;4BAClC,KAAK,EAAE,iBAAiB;4BACxB,MAAM,EAAE,0CAA0C,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,2EAA2E;yBAC7J,CAAC;wBACF,MAAM;oBACR,CAAC;oBACD,IACE,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC;wBACnC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EACjC,CAAC;wBACD,cAAc,GAAG,aAAa,CAAC;wBAC/B,qBAAqB,CAAC,WAAW,GAAG;4BAClC,KAAK,EAAE,2BAA2B;4BAClC,MAAM,EAAE,oDAAoD,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,kBAAkB,qFAAqF;yBAC3L,CAAC;wBACF,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,cAAc;YACd,qBAAqB;SACtB,CAAC;IACJ,CAAC;IAED,YAAY,CAAC,MAA6B;QACxC,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;IAC9C,CAAC;IAED,SAAS;QACP,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IAC5B,CAAC;CACF"}

package/dist/policy/types.d.ts

@@ -0,0 +1,73 @@
+import type { SymbolCard, GraphSlice, DeltaPack, SliceBudget } from "../mcp/types.js";
+import type { SymbolRow } from "../db/schema.js";
+export type PolicyRequestType = "codeWindow" | "skeleton" | "hotPath" | "symbolCard" | "graphSlice" | "delta";
+export interface PolicyRequestContext {
+    requestType: PolicyRequestType;
+    repoId: string;
+    symbolId?: string;
+    file?: string;
+    versionId?: string;
+    maxWindowLines?: number;
+    maxWindowTokens?: number;
+    identifiersToFind?: string[];
+    budget?: SliceBudget;
+    expectedLines?: number;
+    reason?: string;
+    sliceContext?: GraphSlice;
+    symbolData?: SymbolRow;
+    cardData?: SymbolCard;
+    deltaData?: DeltaPack;
+}
+export interface PolicyEvidence {
+    type: string;
+    value: any;
+    reason: string;
+}
+export interface PolicyRule {
+    name: string;
+    enabled: boolean;
+    priority: number;
+    evaluate: (context: PolicyRequestContext) => {
+        passed: boolean;
+        evidence: PolicyEvidence;
+        downgradeTo?: "skeleton" | "hotpath";
+    };
+}
+/**
+ * PolicyRule Priority Ordering
+ *
+ * Rules are evaluated in ascending order of priority (lower number = higher priority).
+ * The evaluation stops at the first rule that denies the request or downgrades it.
+ *
+ * Priority Guidelines:
+ * - 1-10: Critical security/cost controls (e.g., maxWindowLines, maxWindowTokens)
+ * - 11-20: Feature-level guards (e.g., requireIdentifiers, budgetCaps)
+ * - 21-30: Optional enhancements (e.g., custom rules)
+ *
+ * When multiple rules have the same priority, they are evaluated in the order
+ * they are registered in the policy engine.
+ */
+export interface PolicyDecision {
+    decision: "approve" | "deny" | "downgrade-to-skeleton" | "downgrade-to-hotpath";
+    evidenceUsed: PolicyEvidence[];
+    auditHash: string;
+    deniedReasons?: string[];
+    downgradeTarget?: {
+        type: "skeleton" | "hotpath";
+        symbolId: string;
+        repoId: string;
+    };
+}
+export interface PolicyConfig {
+    maxWindowLines: number;
+    maxWindowTokens: number;
+    requireIdentifiers: boolean;
+    allowBreakGlass: boolean;
+    defaultDenyRaw: boolean;
+    budgetCaps: {
+        maxCards: number;
+        maxEstimatedTokens: number;
+    };
+}
+export declare const DEFAULT_POLICY_CONFIG: PolicyConfig;
+//# sourceMappingURL=types.d.ts.map

package/dist/policy/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/policy/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,UAAU,EACV,UAAU,EACV,SAAS,EACT,WAAW,EACZ,MAAM,iBAAiB,CAAC;AACzB,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAEjD,MAAM,MAAM,iBAAiB,GACzB,YAAY,GACZ,UAAU,GACV,SAAS,GACT,YAAY,GACZ,YAAY,GACZ,OAAO,CAAC;AAEZ,MAAM,WAAW,oBAAoB;IACnC,WAAW,EAAE,iBAAiB,CAAC;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,YAAY,CAAC,EAAE,UAAU,CAAC;IAC1B,UAAU,CAAC,EAAE,SAAS,CAAC;IACvB,QAAQ,CAAC,EAAE,UAAU,CAAC;IACtB,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,GAAG,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK;QAC3C,MAAM,EAAE,OAAO,CAAC;QAChB,QAAQ,EAAE,cAAc,CAAC;QACzB,WAAW,CAAC,EAAE,UAAU,GAAG,SAAS,CAAC;KACtC,CAAC;CACH;AAED;;;;;;;;;;;;;GAaG;AAEH,MAAM,WAAW,cAAc;IAC7B,QAAQ,EACJ,SAAS,GACT,MAAM,GACN,uBAAuB,GACvB,sBAAsB,CAAC;IAC3B,YAAY,EAAE,cAAc,EAAE,CAAC;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,eAAe,CAAC,EAAE;QAChB,IAAI,EAAE,UAAU,GAAG,SAAS,CAAC;QAC7B,QAAQ,EAAE,MAAM,CAAC;QACjB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,eAAe,EAAE,OAAO,CAAC;IACzB,cAAc,EAAE,OAAO,CAAC;IACxB,UAAU,EAAE;QACV,QAAQ,EAAE,MAAM,CAAC;QACjB,kBAAkB,EAAE,MAAM,CAAC;KAC5B,CAAC;CACH;AAED,eAAO,MAAM,qBAAqB,EAAE,YAUnC,CAAC"}

package/dist/policy/types.js

@@ -0,0 +1,12 @@
+export const DEFAULT_POLICY_CONFIG = {
+    maxWindowLines: 180,
+    maxWindowTokens: 1400,
+    requireIdentifiers: true,
+    allowBreakGlass: true,
+    defaultDenyRaw: true,
+    budgetCaps: {
+        maxCards: 60,
+        maxEstimatedTokens: 12000,
+    },
+};
+//# sourceMappingURL=types.js.map

package/dist/policy/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/policy/types.ts"],"names":[],"mappings":"AAgGA,MAAM,CAAC,MAAM,qBAAqB,GAAiB;IACjD,cAAc,EAAE,GAAG;IACnB,eAAe,EAAE,IAAI;IACrB,kBAAkB,EAAE,IAAI;IACxB,eAAe,EAAE,IAAI;IACrB,cAAc,EAAE,IAAI;IACpB,UAAU,EAAE;QACV,QAAQ,EAAE,EAAE;QACZ,kBAAkB,EAAE,KAAK;KAC1B;CACF,CAAC"}

package/dist/server.d.ts

@@ -0,0 +1,17 @@
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { z } from "zod";
+interface ToolHandler {
+    (args: unknown): Promise<unknown>;
+}
+export declare class MCPServer {
+    private server;
+    private tools;
+    constructor();
+    private setupHandlers;
+    registerTool(name: string, description: string, inputSchema: z.ZodType, handler: ToolHandler): void;
+    start(): Promise<void>;
+    stop(): Promise<void>;
+    getServer(): Server;
+}
+export {};
+//# sourceMappingURL=server.d.ts.map

package/dist/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAMnE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AASxB,UAAU,WAAW;IACnB,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACnC;AASD,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,KAAK,CAA0C;;IAkBvD,OAAO,CAAC,aAAa;IAuFrB,YAAY,CACV,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,WAAW,EAAE,CAAC,CAAC,OAAO,EACtB,OAAO,EAAE,WAAW,GACnB,IAAI;IASD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAKtB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAI3B,SAAS,IAAI,MAAM;CAGpB"}