veto-leash 0.1.3 → 1.0.1

package/dist/compiler/llm.js

@@ -1,28 +1,115 @@
 // src/compiler/llm.ts
-import { GoogleGenAI } from '@google/genai';
+import { GoogleGenAI, Type } from '@google/genai';
 import { SYSTEM_PROMPT } from './prompt.js';
 // Native JSON schema - GUARANTEES valid output from Gemini
+// Using Type enum for proper schema typing
 const POLICY_SCHEMA = {
-    type: 'object',
+    type: Type.OBJECT,
     properties: {
         action: {
-            type: 'string',
+            type: Type.STRING,
             enum: ['delete', 'modify', 'execute', 'read'],
+            description: 'The action type this policy restricts',
         },
         include: {
-            type: 'array',
-            items: { type: 'string' },
-            description: 'Glob patterns for protected files',
+            type: Type.ARRAY,
+            items: { type: Type.STRING },
+            description: 'Glob patterns for protected files (can be empty for command-only policies)',
         },
         exclude: {
-            type: 'array',
-            items: { type: 'string' },
+            type: Type.ARRAY,
+            items: { type: Type.STRING },
             description: 'Glob patterns for safe exceptions',
         },
         description: {
-            type: 'string',
+            type: Type.STRING,
             description: 'Human-readable description of what is protected',
         },
+        commandRules: {
+            type: Type.ARRAY,
+            description: 'Optional command-level rules for tool/command preferences',
+            items: {
+                type: Type.OBJECT,
+                properties: {
+                    block: {
+                        type: Type.ARRAY,
+                        items: { type: Type.STRING },
+                        description: 'Glob patterns for commands to block (e.g., "npm install*", "sudo *")',
+                    },
+                    suggest: {
+                        type: Type.STRING,
+                        description: 'Optional suggestion for alternative command',
+                    },
+                    reason: {
+                        type: Type.STRING,
+                        description: 'Human-readable reason for blocking',
+                    },
+                },
+                required: ['block', 'reason'],
+            },
+        },
+        contentRules: {
+            type: Type.ARRAY,
+            description: 'Optional content-level rules to check file contents for banned patterns',
+            items: {
+                type: Type.OBJECT,
+                properties: {
+                    pattern: {
+                        type: Type.STRING,
+                        description: 'Regex pattern to match in file content (e.g., "import.*lodash", "console\\.log")',
+                    },
+                    fileTypes: {
+                        type: Type.ARRAY,
+                        items: { type: Type.STRING },
+                        description: 'File patterns where this rule applies (e.g., ["*.ts", "*.js"])',
+                    },
+                    reason: {
+                        type: Type.STRING,
+                        description: 'Human-readable reason for blocking',
+                    },
+                    suggest: {
+                        type: Type.STRING,
+                        description: 'Optional suggestion for alternative',
+                    },
+                },
+                required: ['pattern', 'fileTypes', 'reason'],
+            },
+        },
+        astRules: {
+            type: Type.ARRAY,
+            description: 'Optional AST-based rules for precise code pattern matching (TypeScript/JavaScript only)',
+            items: {
+                type: Type.OBJECT,
+                properties: {
+                    id: {
+                        type: Type.STRING,
+                        description: 'Unique identifier for this rule (e.g., "no-lodash-import")',
+                    },
+                    query: {
+                        type: Type.STRING,
+                        description: 'Tree-sitter S-expression query (e.g., "(import_statement source: (string) @s (#match? @s \\"lodash\\"))")',
+                    },
+                    languages: {
+                        type: Type.ARRAY,
+                        items: { type: Type.STRING },
+                        description: 'Languages this rule applies to: ["typescript", "javascript"]',
+                    },
+                    reason: {
+                        type: Type.STRING,
+                        description: 'Human-readable reason for blocking',
+                    },
+                    suggest: {
+                        type: Type.STRING,
+                        description: 'Optional suggestion for alternative',
+                    },
+                    regexPreFilter: {
+                        type: Type.STRING,
+                        description: 'Fast pre-filter string - if content does not contain this, skip AST parsing',
+                    },
+                },
+                required: ['id', 'query', 'languages', 'reason'],
+            },
+        },
     },
     required: ['action', 'include', 'exclude', 'description'],
 };

package/dist/compiler/llm.js.map

@@ -1 +1 @@
-{"version":3,"file":"llm.js","sourceRoot":"","sources":["../../src/compiler/llm.ts"],"names":[],"mappings":"AAAA,sBAAsB;AAEtB,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAE5C,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,2DAA2D;AAC3D,MAAM,aAAa,GAAG;IACpB,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,MAAM,EAAE;YACN,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC;SAC9C;QACD,OAAO,EAAE;YACP,IAAI,EAAE,OAAO;YACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YACzB,WAAW,EAAE,mCAAmC;SACjD;QACD,OAAO,EAAE;YACP,IAAI,EAAE,OAAO;YACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YACzB,WAAW,EAAE,mCAAmC;SACjD;QACD,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,iDAAiD;SAC/D;KACF;IACD,QAAQ,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,aAAa,CAAC;CACjD,CAAC;AAEX,IAAI,EAAE,GAAuB,IAAI,CAAC;AAElC,SAAS,KAAK;IACZ,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QACD,EAAE,GAAG,IAAI,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAAmB,EACnB,eAAiC;IAEjC,MAAM,MAAM,GAAG,KAAK,EAAE,CAAC;IAEvB,MAAM,MAAM,GAAG,GAAG,aAAa;;gDAEe,eAAe;;gBAE/C,WAAW,GAAG,CAAC;IAE7B,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC;QACnD,KAAK,EAAE,kBAAkB;QACzB,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE;YACN,WAAW,EAAE,CAAC;YACd,eAAe,EAAE,GAAG;YACpB,gBAAgB,EAAE,kBAAkB;YACpC,cAAc,EAAE,aAAa;SAC9B;KACF,CAAC,CAAC;IAEH,yDAAyD;IACzD,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;IAC3B,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAW,CAAC;IAE1C,uDAAuD;IACvD,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,CAAC,MAAM,GAAG,eAAe,CAAC;IAClC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"llm.js","sourceRoot":"","sources":["../../src/compiler/llm.ts"],"names":[],"mappings":"AAAA,sBAAsB;AAEtB,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAElD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,2DAA2D;AAC3D,2CAA2C;AAC3C,MAAM,aAAa,GAAG;IACpB,IAAI,EAAE,IAAI,CAAC,MAAM;IACjB,UAAU,EAAE;QACV,MAAM,EAAE;YACN,IAAI,EAAE,IAAI,CAAC,MAAM;YACjB,IAAI,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC;YAC7C,WAAW,EAAE,uCAAuC;SACrD;QACD,OAAO,EAAE;YACP,IAAI,EAAE,IAAI,CAAC,KAAK;YAChB,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE;YAC5B,WAAW,EAAE,4EAA4E;SAC1F;QACD,OAAO,EAAE;YACP,IAAI,EAAE,IAAI,CAAC,KAAK;YAChB,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE;YAC5B,WAAW,EAAE,mCAAmC;SACjD;QACD,WAAW,EAAE;YACX,IAAI,EAAE,IAAI,CAAC,MAAM;YACjB,WAAW,EAAE,iDAAiD;SAC/D;QACD,YAAY,EAAE;YACZ,IAAI,EAAE,IAAI,CAAC,KAAK;YAChB,WAAW,EAAE,2DAA2D;YACxE,KAAK,EAAE;gBACL,IAAI,EAAE,IAAI,CAAC,MAAM;gBACjB,UAAU,EAAE;oBACV,KAAK,EAAE;wBACL,IAAI,EAAE,IAAI,CAAC,KAAK;wBAChB,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE;wBAC5B,WAAW,EAAE,sEAAsE;qBACpF;oBACD,OAAO,EAAE;wBACP,IAAI,EAAE,IAAI,CAAC,MAAM;wBACjB,WAAW,EAAE,6CAA6C;qBAC3D;oBACD,MAAM,EAAE;wBACN,IAAI,EAAE,IAAI,CAAC,MAAM;wBACjB,WAAW,EAAE,oCAAoC;qBAClD;iBACF;gBACD,QAAQ,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC;aAC9B;SACF;QACD,YAAY,EAAE;YACZ,IAAI,EAAE,IAAI,CAAC,KAAK;YAChB,WAAW,EAAE,yEAAyE;YACtF,KAAK,EAAE;gBACL,IAAI,EAAE,IAAI,CAAC,MAAM;gBACjB,UAAU,EAAE;oBACV,OAAO,EAAE;wBACP,IAAI,EAAE,IAAI,CAAC,MAAM;wBACjB,WAAW,EAAE,kFAAkF;qBAChG;oBACD,SAAS,EAAE;wBACT,IAAI,EAAE,IAAI,CAAC,KAAK;wBAChB,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE;wBAC5B,WAAW,EAAE,gEAAgE;qBAC9E;oBACD,MAAM,EAAE;wBACN,IAAI,EAAE,IAAI,CAAC,MAAM;wBACjB,WAAW,EAAE,oCAAoC;qBAClD;oBACD,OAAO,EAAE;wBACP,IAAI,EAAE,IAAI,CAAC,MAAM;wBACjB,WAAW,EAAE,qCAAqC;qBACnD;iBACF;gBACD,QAAQ,EAAE,CAAC,SAAS,EAAE,WAAW,EAAE,QAAQ,CAAC;aAC7C;SACF;QACD,QAAQ,EAAE;YACR,IAAI,EAAE,IAAI,CAAC,KAAK;YAChB,WAAW,EAAE,yFAAyF;YACtG,KAAK,EAAE;gBACL,IAAI,EAAE,IAAI,CAAC,MAAM;gBACjB,UAAU,EAAE;oBACV,EAAE,EAAE;wBACF,IAAI,EAAE,IAAI,CAAC,MAAM;wBACjB,WAAW,EAAE,4DAA4D;qBAC1E;oBACD,KAAK,EAAE;wBACL,IAAI,EAAE,IAAI,CAAC,MAAM;wBACjB,WAAW,EAAE,2GAA2G;qBACzH;oBACD,SAAS,EAAE;wBACT,IAAI,EAAE,IAAI,CAAC,KAAK;wBAChB,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE;wBAC5B,WAAW,EAAE,8DAA8D;qBAC5E;oBACD,MAAM,EAAE;wBACN,IAAI,EAAE,IAAI,CAAC,MAAM;wBACjB,WAAW,EAAE,oCAAoC;qBAClD;oBACD,OAAO,EAAE;wBACP,IAAI,EAAE,IAAI,CAAC,MAAM;wBACjB,WAAW,EAAE,qCAAqC;qBACnD;oBACD,cAAc,EAAE;wBACd,IAAI,EAAE,IAAI,CAAC,MAAM;wBACjB,WAAW,EAAE,6EAA6E;qBAC3F;iBACF;gBACD,QAAQ,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,CAAC;aACjD;SACF;KACF;IACD,QAAQ,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,aAAa,CAAC;CACjD,CAAC;AAEX,IAAI,EAAE,GAAuB,IAAI,CAAC;AAElC,SAAS,KAAK;IACZ,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;QAC1C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QACD,EAAE,GAAG,IAAI,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAAmB,EACnB,eAAiC;IAEjC,MAAM,MAAM,GAAG,KAAK,EAAE,CAAC;IAEvB,MAAM,MAAM,GAAG,GAAG,aAAa;;gDAEe,eAAe;;gBAE/C,WAAW,GAAG,CAAC;IAE7B,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC;QACnD,KAAK,EAAE,kBAAkB;QACzB,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE;YACN,WAAW,EAAE,CAAC;YACd,eAAe,EAAE,GAAG;YACpB,gBAAgB,EAAE,kBAAkB;YACpC,cAAc,EAAE,aAAa;SAC9B;KACF,CAAC,CAAC;IAEH,yDAAyD;IACzD,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;IAC3B,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAW,CAAC;IAE1C,uDAAuD;IACvD,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,CAAC,MAAM,GAAG,eAAe,CAAC;IAClC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/compiler/prompt.d.ts

@@ -1,2 +1,2 @@
-export declare const SYSTEM_PROMPT = "You are a permission policy compiler for AI coding agents.\n\nConvert natural language restrictions into precise glob patterns.\n\nCRITICAL: Understand SEMANTIC INTENT, not just keywords.\n\nEXAMPLES OF SEMANTIC UNDERSTANDING:\n\n\"test files\" means TEST SOURCE CODE:\n  include: [\"*.test.*\", \"*.spec.*\", \"__tests__/**\", \"test/**/*.ts\"]\n  exclude: [\"test-results.*\", \"test-output.*\", \"coverage/**\"]\n  \n\"config files\" means CONFIGURATION, not files that configure:\n  include: [\"*.config.*\", \"tsconfig*\", \".eslintrc*\", \"vite.config.*\"]\n  exclude: []\n\n\"env files\" means ENVIRONMENT SECRETS:\n  include: [\".env\", \".env.*\", \"**/.env\", \"**/.env.*\"]\n  exclude: [\".env.example\", \".env.template\"]\n\n\"migrations\" means DATABASE SCHEMA CHANGES:\n  include: [\"**/migrations/**\", \"*migrate*\", \"prisma/migrations/**\"]\n  exclude: []\n\nPATTERN RULES:\n- Always include **/ variants for recursive matching\n- \"starts with X\" \u2192 [\"X*\", \"**/X*\"]  \n- \"ends with X\" \u2192 [\"*X\", \"**/*X\"]\n- \"contains X\" \u2192 [\"*X*\", \"**/*X*\"]\n- \"in directory X\" \u2192 [\"X/**\"]\n\nINCLUDE = what to PROTECT (be generous)\nEXCLUDE = what to ALLOW (carve out exceptions)\n\nOutput JSON only. No explanation.";
+export declare const SYSTEM_PROMPT = "You are a permission policy compiler for AI coding agents.\n\nConvert natural language restrictions into precise, COMPREHENSIVE patterns.\n\nCRITICAL: \n1. Understand SEMANTIC INTENT, not just keywords\n2. Generate MULTIPLE patterns to catch ALL variants of a violation\n3. Use 'strict' mode to avoid false positives in comments/strings\n4. Include 'exceptions' patterns to prevent false positives\n5. For TypeScript/JavaScript code patterns, prefer astRules over contentRules (zero false positives)\n\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\nBUILT-IN AST RULES (DO NOT REGENERATE)\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n\nThese restrictions have pre-built AST rules. Return ONLY the basic policy structure:\n- \"no lodash\" \u2192 handled by builtin\n- \"no moment\" \u2192 handled by builtin  \n- \"no jquery\" \u2192 handled by builtin\n- \"no axios\" \u2192 handled by builtin\n- \"no any\" / \"no any types\" \u2192 handled by builtin\n- \"no console\" / \"no console.log\" \u2192 handled by builtin\n- \"no eval\" \u2192 handled by builtin\n- \"no innerhtml\" \u2192 handled by builtin\n- \"no debugger\" \u2192 handled by builtin\n- \"no var\" \u2192 handled by builtin\n- \"no alert\" \u2192 handled by builtin\n- \"no class components\" \u2192 handled by builtin\n\nFor these, return minimal policy:\n{\n  \"action\": \"modify\",\n  \"include\": [\"**/*.ts\", \"**/*.tsx\", \"**/*.js\", \"**/*.jsx\"],\n  \"exclude\": [],\n  \"description\": \"<the restriction>\"\n}\n\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\nFILE-LEVEL POLICIES (include/exclude patterns)\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n\n\"test files\" means TEST SOURCE CODE:\n  include: [\"*.test.*\", \"*.spec.*\", \"__tests__/**\", \"test/**/*.ts\"]\n  exclude: [\"test-results.*\", \"test-output.*\", \"coverage/**\"]\n  \n\"config files\" means CONFIGURATION:\n  include: [\"*.config.*\", \"tsconfig*\", \".eslintrc*\", \"vite.config.*\"]\n  exclude: []\n\n\"env files\" means ENVIRONMENT SECRETS:\n  include: [\".env\", \".env.*\", \"**/.env\", \"**/.env.*\"]\n  exclude: [\".env.example\", \".env.template\"]\n\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\nCOMMAND-LEVEL POLICIES (commandRules)\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n\nFor tool/command preferences, generate commandRules array.\n\n\"prefer pnpm\" or \"use pnpm not npm\":\n  commandRules: [\n    { block: [\"npm install*\", \"npm i *\", \"npm i\", \"npm ci\"], suggest: \"pnpm install\", reason: \"Project uses pnpm\" }\n  ]\n\nCOMMAND PATTERN RULES:\n- \"command *\" matches command with any args\n- Include common aliases: npm i = npm install, bun a = bun add\n\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\nCONTENT-LEVEL POLICIES (contentRules) - COMPREHENSIVE\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n\nCRITICAL: Generate MULTIPLE patterns to catch ALL import/usage variants.\n\n\"no lodash\" - Must catch ALL these forms:\n  contentRules: [\n    {\n      pattern: \"(?:import|require)\\\\s*(?:\\\\(|\\\\s).*['\"]lodash(?:[-./][^'\"]*)?['\"]\",\n      fileTypes: [\"*.ts\", \"*.js\", \"*.tsx\", \"*.jsx\"],\n      reason: \"Use native methods instead of lodash\",\n      suggest: \"Use Array.map(), filter(), Object.keys()\",\n      mode: \"strict\"\n    }\n  ]\n  // This catches:\n  // - import _ from 'lodash'\n  // - import { map } from 'lodash'\n  // - import * as _ from 'lodash'\n  // - import map from 'lodash/map'\n  // - import map from 'lodash.map'\n  // - import _ from 'lodash-es'\n  // - require('lodash')\n  // - await import('lodash')\n\n\"no any types\" - Must catch ALL these forms:\n  contentRules: [\n    {\n      pattern: \"(?::\\\\s*any\\\\s*(?:[,;)\\\\]=]|$)|<\\\\s*any\\\\s*>|as\\\\s+any\\\\b)\",\n      fileTypes: [\"*.ts\", \"*.tsx\"],\n      reason: \"Use proper TypeScript types\",\n      suggest: \"Use unknown or specific types\",\n      mode: \"strict\",\n      exceptions: [\"(?:const|let|var|function)\\\\s+\\\\w*any\\\\w*\"]\n    },\n    {\n      pattern: \"Array\\\\s*<\\\\s*any\\\\s*>\",\n      fileTypes: [\"*.ts\", \"*.tsx\"],\n      reason: \"Avoid Array<any>\",\n      mode: \"strict\"\n    },\n    {\n      pattern: \"Record\\\\s*<[^>]*,\\\\s*any\\\\s*>\",\n      fileTypes: [\"*.ts\", \"*.tsx\"],\n      reason: \"Avoid Record<string, any>\",\n      mode: \"strict\"\n    },\n    {\n      pattern: \"type\\\\s+\\\\w+\\\\s*=\\\\s*any\\\\s*;\",\n      fileTypes: [\"*.ts\", \"*.tsx\"],\n      reason: \"Avoid type alias to any\",\n      mode: \"strict\"\n    }\n  ]\n  // This catches:\n  // - : any\n  // - <any>\n  // - as any\n  // - Array<any>\n  // - Record<string, any>\n  // - Promise<any>\n  // - type Foo = any\n  // - <T = any>\n  // But NOT:\n  // - const anyValue = 5 (variable name)\n  // - \"any\" in strings (mode: strict)\n  // - // any in comments (mode: strict)\n\n\"no console.log\" - Must catch ALL these forms:\n  contentRules: [\n    {\n      pattern: \"\\\\bconsole\\\\s*\\\\.\\\\s*log\\\\s*\\\\(\",\n      fileTypes: [\"*.ts\", \"*.js\"],\n      reason: \"Use proper logging\",\n      mode: \"strict\"\n    },\n    {\n      pattern: \"console\\\\s*\\\\[\\\\s*['\"]log['\"]\\\\s*\\\\]\",\n      fileTypes: [\"*.ts\", \"*.js\"],\n      reason: \"Console accessed via bracket notation\",\n      mode: \"strict\"\n    },\n    {\n      pattern: \"\\\\{\\\\s*log(?:\\\\s*:\\\\s*\\\\w+)?\\\\s*\\\\}\\\\s*=\\\\s*console\",\n      fileTypes: [\"*.ts\", \"*.js\"],\n      reason: \"Destructured console.log detected\",\n      mode: \"strict\"\n    }\n  ]\n  // This catches:\n  // - console.log(\n  // - console['log'](\n  // - const { log } = console\n  // - const { log: myLog } = console\n\n\"no class components\" (React):\n  contentRules: [\n    {\n      pattern: \"class\\\\s+\\\\w+\\\\s+extends\\\\s+(?:React\\\\s*\\\\.\\\\s*)?(?:Pure)?Component\\\\s*(?:<|\\\\{)\",\n      fileTypes: [\"*.tsx\", \"*.jsx\"],\n      reason: \"Use functional components with hooks\",\n      suggest: \"const Component = () => { ... }\",\n      mode: \"strict\"\n    }\n  ]\n  // This catches:\n  // - class Foo extends Component {\n  // - class Foo extends React.Component {\n  // - class Foo extends PureComponent {\n  // - class Foo extends Component<Props> {\n\n\"no eval\" - Must catch ALL unsafe eval-like constructs:\n  contentRules: [\n    {\n      pattern: \"\\\\beval\\\\s*\\\\(\",\n      fileTypes: [\"*.ts\", \"*.js\"],\n      reason: \"eval() is a security risk\",\n      mode: \"strict\"\n    },\n    {\n      pattern: \"new\\\\s+Function\\\\s*\\\\(\",\n      fileTypes: [\"*.ts\", \"*.js\"],\n      reason: \"new Function() is equivalent to eval()\",\n      mode: \"strict\"\n    },\n    {\n      pattern: \"setTimeout\\\\s*\\\\(\\\\s*['\"]\",\n      fileTypes: [\"*.ts\", \"*.js\"],\n      reason: \"setTimeout with string is eval-like\",\n      mode: \"strict\"\n    }\n  ]\n\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\nCONTENT RULE OPTIONS\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n\nmode (optional):\n  - \"fast\": Direct regex match (default, fastest, may have false positives)\n  - \"strict\": Strip comments/strings before matching (recommended for most rules)\n\nexceptions (optional):\n  - Array of regex patterns that indicate FALSE POSITIVES\n  - If exception matches context around the main match, rule is NOT violated\n  - Example: Don't flag 'any' in variable names like 'anyValue'\n\nfileTypes:\n  - Array of glob patterns: [\"*.ts\", \"*.tsx\", \"*.js\"]\n  - Use specific types, not broad patterns\n\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\nAST RULES (PREFERRED FOR TS/JS - ZERO FALSE POSITIVES)\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n\nFor TypeScript/JavaScript code patterns NOT covered by builtins, generate astRules.\nAST rules use tree-sitter S-expression queries - they NEVER match comments or strings.\n\nFormat:\n  astRules: [{\n    id: \"unique-rule-id\",\n    query: \"(tree_sitter_query) @capture\",\n    languages: [\"typescript\", \"javascript\"],\n    reason: \"Why this is blocked\",\n    suggest: \"Alternative approach\",\n    regexPreFilter: \"fast_string_check\"\n  }]\n\nCommon query patterns:\n  (import_statement source: (string) @s (#match? @s \"pattern\"))  - imports\n  (call_expression function: (identifier) @fn (#eq? @fn \"name\")) - function calls\n  (type_annotation (predefined_type) @t (#eq? @t \"any\"))         - type annotations\n\nALWAYS include regexPreFilter for performance (skips AST if string not found).\n\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\nBEST PRACTICES\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n\n1. ALWAYS generate multiple contentRules to catch ALL variants\n2. USE mode: \"strict\" for patterns that might appear in comments/strings\n3. ADD exceptions for common false positive patterns\n4. INCLUDE word boundaries (\\b) to avoid partial matches\n5. For imports, catch: ES6 import, CommonJS require, dynamic import, submodules\n6. For types, catch: annotations, generics, assertions, aliases\n7. For function calls, catch: direct calls, bracket notation, destructuring\n\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\nDECISION TREE\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n\n1. If about FILES (test files, .env, configs) \u2192 use include/exclude\n2. If about COMMANDS/TOOLS (npm vs pnpm, jest vs vitest) \u2192 use commandRules\n3. If about TS/JS CODE PATTERNS and matches a builtin \u2192 return minimal policy (handled by builtin)\n4. If about TS/JS CODE PATTERNS not covered by builtin \u2192 use astRules (zero false positives)\n5. If about non-TS/JS CODE PATTERNS \u2192 use contentRules with mode: \"strict\"\n6. If about PREVENTING PACKAGE \u2192 use commandRules + astRules (or contentRules for non-JS)\n\nOutput JSON only. No explanation.";
 //# sourceMappingURL=prompt.d.ts.map

package/dist/compiler/prompt.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"prompt.d.ts","sourceRoot":"","sources":["../../src/compiler/prompt.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,aAAa,8uCAkCQ,CAAC"}
+{"version":3,"file":"prompt.d.ts","sourceRoot":"","sources":["../../src/compiler/prompt.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,aAAa,gtdA0QQ,CAAC"}

package/dist/compiler/prompt.js

@@ -1,17 +1,50 @@
 // src/compiler/prompt.ts
 export const SYSTEM_PROMPT = `You are a permission policy compiler for AI coding agents.
 
-Convert natural language restrictions into precise glob patterns.
+Convert natural language restrictions into precise, COMPREHENSIVE patterns.
 
-CRITICAL: Understand SEMANTIC INTENT, not just keywords.
+CRITICAL: 
+1. Understand SEMANTIC INTENT, not just keywords
+2. Generate MULTIPLE patterns to catch ALL variants of a violation
+3. Use 'strict' mode to avoid false positives in comments/strings
+4. Include 'exceptions' patterns to prevent false positives
+5. For TypeScript/JavaScript code patterns, prefer astRules over contentRules (zero false positives)
 
-EXAMPLES OF SEMANTIC UNDERSTANDING:
+═══════════════════════════════════════════════════════════════
+BUILT-IN AST RULES (DO NOT REGENERATE)
+═══════════════════════════════════════════════════════════════
+
+These restrictions have pre-built AST rules. Return ONLY the basic policy structure:
+- "no lodash" → handled by builtin
+- "no moment" → handled by builtin  
+- "no jquery" → handled by builtin
+- "no axios" → handled by builtin
+- "no any" / "no any types" → handled by builtin
+- "no console" / "no console.log" → handled by builtin
+- "no eval" → handled by builtin
+- "no innerhtml" → handled by builtin
+- "no debugger" → handled by builtin
+- "no var" → handled by builtin
+- "no alert" → handled by builtin
+- "no class components" → handled by builtin
+
+For these, return minimal policy:
+{
+  "action": "modify",
+  "include": ["**/*.ts", "**/*.tsx", "**/*.js", "**/*.jsx"],
+  "exclude": [],
+  "description": "<the restriction>"
+}
+
+═══════════════════════════════════════════════════════════════
+FILE-LEVEL POLICIES (include/exclude patterns)
+═══════════════════════════════════════════════════════════════
 
 "test files" means TEST SOURCE CODE:
   include: ["*.test.*", "*.spec.*", "__tests__/**", "test/**/*.ts"]
   exclude: ["test-results.*", "test-output.*", "coverage/**"]
   
-"config files" means CONFIGURATION, not files that configure:
+"config files" means CONFIGURATION:
   include: ["*.config.*", "tsconfig*", ".eslintrc*", "vite.config.*"]
   exclude: []
 
@@ -19,19 +52,218 @@ EXAMPLES OF SEMANTIC UNDERSTANDING:
   include: [".env", ".env.*", "**/.env", "**/.env.*"]
   exclude: [".env.example", ".env.template"]
 
-"migrations" means DATABASE SCHEMA CHANGES:
-  include: ["**/migrations/**", "*migrate*", "prisma/migrations/**"]
-  exclude: []
+═══════════════════════════════════════════════════════════════
+COMMAND-LEVEL POLICIES (commandRules)
+═══════════════════════════════════════════════════════════════
+
+For tool/command preferences, generate commandRules array.
+
+"prefer pnpm" or "use pnpm not npm":
+  commandRules: [
+    { block: ["npm install*", "npm i *", "npm i", "npm ci"], suggest: "pnpm install", reason: "Project uses pnpm" }
+  ]
+
+COMMAND PATTERN RULES:
+- "command *" matches command with any args
+- Include common aliases: npm i = npm install, bun a = bun add
+
+═══════════════════════════════════════════════════════════════
+CONTENT-LEVEL POLICIES (contentRules) - COMPREHENSIVE
+═══════════════════════════════════════════════════════════════
+
+CRITICAL: Generate MULTIPLE patterns to catch ALL import/usage variants.
+
+"no lodash" - Must catch ALL these forms:
+  contentRules: [
+    {
+      pattern: "(?:import|require)\\\\s*(?:\\\\(|\\\\s).*['\"]lodash(?:[-./][^'\"]*)?['\"]",
+      fileTypes: ["*.ts", "*.js", "*.tsx", "*.jsx"],
+      reason: "Use native methods instead of lodash",
+      suggest: "Use Array.map(), filter(), Object.keys()",
+      mode: "strict"
+    }
+  ]
+  // This catches:
+  // - import _ from 'lodash'
+  // - import { map } from 'lodash'
+  // - import * as _ from 'lodash'
+  // - import map from 'lodash/map'
+  // - import map from 'lodash.map'
+  // - import _ from 'lodash-es'
+  // - require('lodash')
+  // - await import('lodash')
+
+"no any types" - Must catch ALL these forms:
+  contentRules: [
+    {
+      pattern: "(?::\\\\s*any\\\\s*(?:[,;)\\\\]=]|$)|<\\\\s*any\\\\s*>|as\\\\s+any\\\\b)",
+      fileTypes: ["*.ts", "*.tsx"],
+      reason: "Use proper TypeScript types",
+      suggest: "Use unknown or specific types",
+      mode: "strict",
+      exceptions: ["(?:const|let|var|function)\\\\s+\\\\w*any\\\\w*"]
+    },
+    {
+      pattern: "Array\\\\s*<\\\\s*any\\\\s*>",
+      fileTypes: ["*.ts", "*.tsx"],
+      reason: "Avoid Array<any>",
+      mode: "strict"
+    },
+    {
+      pattern: "Record\\\\s*<[^>]*,\\\\s*any\\\\s*>",
+      fileTypes: ["*.ts", "*.tsx"],
+      reason: "Avoid Record<string, any>",
+      mode: "strict"
+    },
+    {
+      pattern: "type\\\\s+\\\\w+\\\\s*=\\\\s*any\\\\s*;",
+      fileTypes: ["*.ts", "*.tsx"],
+      reason: "Avoid type alias to any",
+      mode: "strict"
+    }
+  ]
+  // This catches:
+  // - : any
+  // - <any>
+  // - as any
+  // - Array<any>
+  // - Record<string, any>
+  // - Promise<any>
+  // - type Foo = any
+  // - <T = any>
+  // But NOT:
+  // - const anyValue = 5 (variable name)
+  // - "any" in strings (mode: strict)
+  // - // any in comments (mode: strict)
+
+"no console.log" - Must catch ALL these forms:
+  contentRules: [
+    {
+      pattern: "\\\\bconsole\\\\s*\\\\.\\\\s*log\\\\s*\\\\(",
+      fileTypes: ["*.ts", "*.js"],
+      reason: "Use proper logging",
+      mode: "strict"
+    },
+    {
+      pattern: "console\\\\s*\\\\[\\\\s*['\"]log['\"]\\\\s*\\\\]",
+      fileTypes: ["*.ts", "*.js"],
+      reason: "Console accessed via bracket notation",
+      mode: "strict"
+    },
+    {
+      pattern: "\\\\{\\\\s*log(?:\\\\s*:\\\\s*\\\\w+)?\\\\s*\\\\}\\\\s*=\\\\s*console",
+      fileTypes: ["*.ts", "*.js"],
+      reason: "Destructured console.log detected",
+      mode: "strict"
+    }
+  ]
+  // This catches:
+  // - console.log(
+  // - console['log'](
+  // - const { log } = console
+  // - const { log: myLog } = console
+
+"no class components" (React):
+  contentRules: [
+    {
+      pattern: "class\\\\s+\\\\w+\\\\s+extends\\\\s+(?:React\\\\s*\\\\.\\\\s*)?(?:Pure)?Component\\\\s*(?:<|\\\\{)",
+      fileTypes: ["*.tsx", "*.jsx"],
+      reason: "Use functional components with hooks",
+      suggest: "const Component = () => { ... }",
+      mode: "strict"
+    }
+  ]
+  // This catches:
+  // - class Foo extends Component {
+  // - class Foo extends React.Component {
+  // - class Foo extends PureComponent {
+  // - class Foo extends Component<Props> {
+
+"no eval" - Must catch ALL unsafe eval-like constructs:
+  contentRules: [
+    {
+      pattern: "\\\\beval\\\\s*\\\\(",
+      fileTypes: ["*.ts", "*.js"],
+      reason: "eval() is a security risk",
+      mode: "strict"
+    },
+    {
+      pattern: "new\\\\s+Function\\\\s*\\\\(",
+      fileTypes: ["*.ts", "*.js"],
+      reason: "new Function() is equivalent to eval()",
+      mode: "strict"
+    },
+    {
+      pattern: "setTimeout\\\\s*\\\\(\\\\s*['\"]",
+      fileTypes: ["*.ts", "*.js"],
+      reason: "setTimeout with string is eval-like",
+      mode: "strict"
+    }
+  ]
+
+═══════════════════════════════════════════════════════════════
+CONTENT RULE OPTIONS
+═══════════════════════════════════════════════════════════════
+
+mode (optional):
+  - "fast": Direct regex match (default, fastest, may have false positives)
+  - "strict": Strip comments/strings before matching (recommended for most rules)
+
+exceptions (optional):
+  - Array of regex patterns that indicate FALSE POSITIVES
+  - If exception matches context around the main match, rule is NOT violated
+  - Example: Don't flag 'any' in variable names like 'anyValue'
+
+fileTypes:
+  - Array of glob patterns: ["*.ts", "*.tsx", "*.js"]
+  - Use specific types, not broad patterns
+
+═══════════════════════════════════════════════════════════════
+AST RULES (PREFERRED FOR TS/JS - ZERO FALSE POSITIVES)
+═══════════════════════════════════════════════════════════════
+
+For TypeScript/JavaScript code patterns NOT covered by builtins, generate astRules.
+AST rules use tree-sitter S-expression queries - they NEVER match comments or strings.
+
+Format:
+  astRules: [{
+    id: "unique-rule-id",
+    query: "(tree_sitter_query) @capture",
+    languages: ["typescript", "javascript"],
+    reason: "Why this is blocked",
+    suggest: "Alternative approach",
+    regexPreFilter: "fast_string_check"
+  }]
+
+Common query patterns:
+  (import_statement source: (string) @s (#match? @s "pattern"))  - imports
+  (call_expression function: (identifier) @fn (#eq? @fn "name")) - function calls
+  (type_annotation (predefined_type) @t (#eq? @t "any"))         - type annotations
+
+ALWAYS include regexPreFilter for performance (skips AST if string not found).
+
+═══════════════════════════════════════════════════════════════
+BEST PRACTICES
+═══════════════════════════════════════════════════════════════
+
+1. ALWAYS generate multiple contentRules to catch ALL variants
+2. USE mode: "strict" for patterns that might appear in comments/strings
+3. ADD exceptions for common false positive patterns
+4. INCLUDE word boundaries (\\b) to avoid partial matches
+5. For imports, catch: ES6 import, CommonJS require, dynamic import, submodules
+6. For types, catch: annotations, generics, assertions, aliases
+7. For function calls, catch: direct calls, bracket notation, destructuring
 
-PATTERN RULES:
-- Always include **/ variants for recursive matching
-- "starts with X" → ["X*", "**/X*"]  
-- "ends with X" → ["*X", "**/*X"]
-- "contains X" → ["*X*", "**/*X*"]
-- "in directory X" → ["X/**"]
+═══════════════════════════════════════════════════════════════
+DECISION TREE
+═══════════════════════════════════════════════════════════════
 
-INCLUDE = what to PROTECT (be generous)
-EXCLUDE = what to ALLOW (carve out exceptions)
+1. If about FILES (test files, .env, configs) → use include/exclude
+2. If about COMMANDS/TOOLS (npm vs pnpm, jest vs vitest) → use commandRules
+3. If about TS/JS CODE PATTERNS and matches a builtin → return minimal policy (handled by builtin)
+4. If about TS/JS CODE PATTERNS not covered by builtin → use astRules (zero false positives)
+5. If about non-TS/JS CODE PATTERNS → use contentRules with mode: "strict"
+6. If about PREVENTING PACKAGE → use commandRules + astRules (or contentRules for non-JS)
 
 Output JSON only. No explanation.`;
 //# sourceMappingURL=prompt.js.map

package/dist/compiler/prompt.js.map

@@ -1 +1 @@
-{"version":3,"file":"prompt.js","sourceRoot":"","sources":["../../src/compiler/prompt.ts"],"names":[],"mappings":"AAAA,yBAAyB;AAEzB,MAAM,CAAC,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kCAkCK,CAAC"}
+{"version":3,"file":"prompt.js","sourceRoot":"","sources":["../../src/compiler/prompt.ts"],"names":[],"mappings":"AAAA,yBAAyB;AAEzB,MAAM,CAAC,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kCA0QK,CAAC"}

package/dist/config/leash-parser.d.ts

@@ -0,0 +1,29 @@
+export interface LeashPolicy {
+    raw: string;
+    restriction: string;
+    reason?: string;
+    extend?: string;
+}
+/**
+ * Parse a simple .leash file into policies.
+ *
+ * Format:
+ *   # Comment lines start with #
+ *   no lodash
+ *   no any types - enforces strict TypeScript
+ *   extend @acme/typescript-strict
+ */
+export declare function parseLeashFile(content: string): LeashPolicy[];
+/**
+ * Detect if content is simple .leash format (not YAML).
+ * YAML format has 'version:' or 'policies:' keys.
+ */
+export declare function isSimpleLeashFormat(content: string): boolean;
+/**
+ * Convert parsed policies to the internal LeashConfig format.
+ */
+export declare function policiesToConfig(policies: LeashPolicy[]): {
+    version: 1;
+    policies: string[];
+};
+//# sourceMappingURL=leash-parser.d.ts.map

package/dist/config/leash-parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"leash-parser.d.ts","sourceRoot":"","sources":["../../src/config/leash-parser.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,EAAE,CAM7D;AAqBD;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAiB5D;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,WAAW,EAAE,GAAG;IAAE,OAAO,EAAE,CAAC,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;CAAE,CAO5F"}

package/dist/config/leash-parser.js

@@ -0,0 +1,70 @@
+// src/config/leash-parser.ts
+// Simple plain-text .leash file parser
+// Format: one policy per line, # for comments, ` - ` for optional reason
+/**
+ * Parse a simple .leash file into policies.
+ *
+ * Format:
+ *   # Comment lines start with #
+ *   no lodash
+ *   no any types - enforces strict TypeScript
+ *   extend @acme/typescript-strict
+ */
+export function parseLeashFile(content) {
+    return content
+        .split('\n')
+        .map(line => line.trim())
+        .filter(line => line && !line.startsWith('#'))
+        .map(parseLine);
+}
+function parseLine(line) {
+    // Handle extend directive
+    if (line.startsWith('extend ')) {
+        const target = line.slice(7).trim();
+        return { raw: line, restriction: '', extend: target };
+    }
+    // Split by ' - ' for optional reason
+    const dashIndex = line.indexOf(' - ');
+    if (dashIndex !== -1) {
+        const restriction = line.slice(0, dashIndex).trim();
+        const reason = line.slice(dashIndex + 3).trim();
+        return { raw: line, restriction, reason };
+    }
+    // Simple policy without reason
+    return { raw: line, restriction: line };
+}
+/**
+ * Detect if content is simple .leash format (not YAML).
+ * YAML format has 'version:' or 'policies:' keys.
+ */
+export function isSimpleLeashFormat(content) {
+    const trimmed = content.trim();
+    // Empty file = simple format (will result in no policies)
+    if (!trimmed)
+        return true;
+    // Check first meaningful line
+    const lines = trimmed.split('\n').map(l => l.trim()).filter(l => l && !l.startsWith('#'));
+    if (lines.length === 0)
+        return true;
+    // YAML indicators
+    const firstLine = lines[0];
+    if (firstLine.startsWith('version:'))
+        return false;
+    if (firstLine.startsWith('policies:'))
+        return false;
+    if (firstLine.startsWith('{'))
+        return false; // JSON
+    return true;
+}
+/**
+ * Convert parsed policies to the internal LeashConfig format.
+ */
+export function policiesToConfig(policies) {
+    return {
+        version: 1,
+        policies: policies
+            .filter(p => p.restriction) // Skip extend directives for now
+            .map(p => p.restriction),
+    };
+}
+//# sourceMappingURL=leash-parser.js.map

package/dist/config/leash-parser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"leash-parser.js","sourceRoot":"","sources":["../../src/config/leash-parser.ts"],"names":[],"mappings":"AAAA,6BAA6B;AAC7B,uCAAuC;AACvC,yEAAyE;AASzE;;;;;;;;GAQG;AACH,MAAM,UAAU,cAAc,CAAC,OAAe;IAC5C,OAAO,OAAO;SACX,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SACxB,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;SAC7C,GAAG,CAAC,SAAS,CAAC,CAAC;AACpB,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,0BAA0B;IAC1B,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACpC,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IACxD,CAAC;IAED,qCAAqC;IACrC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACtC,IAAI,SAAS,KAAK,CAAC,CAAC,EAAE,CAAC;QACrB,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC;QACpD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAChD,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC;IAC5C,CAAC;IAED,+BAA+B;IAC/B,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;AAC1C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAe;IACjD,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAE/B,0DAA0D;IAC1D,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,8BAA8B;IAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1F,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEpC,kBAAkB;IAClB,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAC3B,IAAI,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,KAAK,CAAC;IACnD,IAAI,SAAS,CAAC,UAAU,CAAC,WAAW,CAAC;QAAE,OAAO,KAAK,CAAC;IACpD,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC,CAAE,OAAO;IAErD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAuB;IACtD,OAAO;QACL,OAAO,EAAE,CAAC;QACV,QAAQ,EAAE,QAAQ;aACf,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAE,iCAAiC;aAC7D,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC;KAC3B,CAAC;AACJ,CAAC"}

package/dist/config/loader.d.ts

@@ -5,6 +5,7 @@ import { type LeashConfig, type CompiledLeashConfig } from './schema.js';
 export declare function findLeashConfig(dir?: string): string | null;
 /**
  * Load and parse .leash config
+ * Supports both simple plain-text format and YAML format.
  */
 export declare function loadLeashConfig(path: string): LeashConfig | null;
 /**
@@ -12,7 +13,7 @@ export declare function loadLeashConfig(path: string): LeashConfig | null;
  */
 export declare function compileLeashConfig(config: LeashConfig): Promise<CompiledLeashConfig>;
 /**
- * Create a new .leash config file
+ * Create a new .leash config file (simple plain-text format)
  */
 export declare function createLeashConfig(dir?: string): string;
 /**

package/dist/config/loader.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../src/config/loader.ts"],"names":[],"mappings":"AAMA,OAAO,EAKL,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACzB,MAAM,aAAa,CAAC;AASrB;;GAEG;AACH,wBAAgB,eAAe,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,GAAG,IAAI,CAW1E;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CA0BhE;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,WAAW,GAClB,OAAO,CAAC,mBAAmB,CAAC,CAwB9B;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,CAerE;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,GAAG,GAAE,MAAsB,GAAG,OAAO,CAEnE"}
+{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../src/config/loader.ts"],"names":[],"mappings":"AAMA,OAAO,EAKL,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACzB,MAAM,aAAa,CAAC;AAUrB;;GAEG;AACH,wBAAgB,eAAe,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,GAAG,IAAI,CAW1E;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAmChE;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,WAAW,GAClB,OAAO,CAAC,mBAAmB,CAAC,CAwB9B;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,GAAE,MAAsB,GAAG,MAAM,CAcrE;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,GAAG,GAAE,MAAsB,GAAG,OAAO,CAEnE"}