npm - veto-sdk - Versions diffs - 2.0.0 → 2.2.0 - Mend

veto-sdk 2.0.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (106) hide show

package/dist/browser/index.d.ts +1 -1
package/dist/browser/index.d.ts.map +1 -1
package/dist/browser/index.js.map +1 -1
package/dist/browser/types.d.ts +17 -1
package/dist/browser/types.d.ts.map +1 -1
package/dist/browser/veto.d.ts +10 -0
package/dist/browser/veto.d.ts.map +1 -1
package/dist/browser/veto.js +68 -4
package/dist/browser/veto.js.map +1 -1
package/dist/cli/bin.js +0 -0
package/dist/cloud/types.d.ts +17 -2
package/dist/cloud/types.d.ts.map +1 -1
package/dist/core/events.d.ts +11 -1
package/dist/core/events.d.ts.map +1 -1
package/dist/core/events.js +4 -0
package/dist/core/events.js.map +1 -1
package/dist/core/protect.d.ts +3 -1
package/dist/core/protect.d.ts.map +1 -1
package/dist/core/protect.js +14 -4
package/dist/core/protect.js.map +1 -1
package/dist/core/veto.d.ts +43 -1
package/dist/core/veto.d.ts.map +1 -1
package/dist/core/veto.js +248 -13
package/dist/core/veto.js.map +1 -1
package/dist/deterministic/types.d.ts +103 -0
package/dist/deterministic/types.d.ts.map +1 -1
package/dist/economic/budget-engine.d.ts +29 -0
package/dist/economic/budget-engine.d.ts.map +1 -0
package/dist/economic/budget-engine.js +146 -0
package/dist/economic/budget-engine.js.map +1 -0
package/dist/economic/connectors/ap2.d.ts +51 -0
package/dist/economic/connectors/ap2.d.ts.map +1 -0
package/dist/economic/connectors/ap2.js +133 -0
package/dist/economic/connectors/ap2.js.map +1 -0
package/dist/economic/connectors/index.d.ts +8 -0
package/dist/economic/connectors/index.d.ts.map +1 -0
package/dist/economic/connectors/index.js +8 -0
package/dist/economic/connectors/index.js.map +1 -0
package/dist/economic/connectors/mpp.d.ts +41 -0
package/dist/economic/connectors/mpp.d.ts.map +1 -0
package/dist/economic/connectors/mpp.js +97 -0
package/dist/economic/connectors/mpp.js.map +1 -0
package/dist/economic/connectors/x402.d.ts +20 -0
package/dist/economic/connectors/x402.d.ts.map +1 -0
package/dist/economic/connectors/x402.js +142 -0
package/dist/economic/connectors/x402.js.map +1 -0
package/dist/economic/evaluator.d.ts +77 -0
package/dist/economic/evaluator.d.ts.map +1 -0
package/dist/economic/evaluator.js +231 -0
package/dist/economic/evaluator.js.map +1 -0
package/dist/economic/index.d.ts +13 -0
package/dist/economic/index.d.ts.map +1 -0
package/dist/economic/index.js +15 -0
package/dist/economic/index.js.map +1 -0
package/dist/economic/types.d.ts +188 -0
package/dist/economic/types.d.ts.map +1 -0
package/dist/economic/types.js +10 -0
package/dist/economic/types.js.map +1 -0
package/dist/extractors/content.d.ts +42 -0
package/dist/extractors/content.d.ts.map +1 -0
package/dist/extractors/content.js +154 -0
package/dist/extractors/content.js.map +1 -0
package/dist/extractors/index.d.ts +7 -0
package/dist/extractors/index.d.ts.map +1 -0
package/dist/extractors/index.js +7 -0
package/dist/extractors/index.js.map +1 -0
package/dist/index.d.ts +9 -3
package/dist/index.d.ts.map +1 -1
package/dist/index.js +10 -2
package/dist/index.js.map +1 -1
package/dist/policy/generator.d.ts +110 -0
package/dist/policy/generator.d.ts.map +1 -0
package/dist/policy/generator.js +463 -0
package/dist/policy/generator.js.map +1 -0
package/dist/policy/index.d.ts +7 -0
package/dist/policy/index.d.ts.map +1 -0
package/dist/policy/index.js +7 -0
package/dist/policy/index.js.map +1 -0
package/dist/providers/adapters.d.ts +27 -0
package/dist/providers/adapters.d.ts.map +1 -1
package/dist/providers/adapters.js +58 -0
package/dist/providers/adapters.js.map +1 -1
package/dist/rules/index.d.ts +1 -0
package/dist/rules/index.d.ts.map +1 -1
package/dist/rules/index.js +1 -0
package/dist/rules/index.js.map +1 -1
package/dist/rules/local-evaluator.d.ts +69 -0
package/dist/rules/local-evaluator.d.ts.map +1 -0
package/dist/rules/local-evaluator.js +217 -0
package/dist/rules/local-evaluator.js.map +1 -0
package/dist/rules/policy-ir-schema.d.ts +109 -0
package/dist/rules/policy-ir-schema.d.ts.map +1 -1
package/dist/rules/policy-ir-schema.js +90 -0
package/dist/rules/policy-ir-schema.js.map +1 -1
package/dist/rules/policy-packs.d.ts.map +1 -1
package/dist/rules/policy-packs.js +1 -0
package/dist/rules/policy-packs.js.map +1 -1
package/dist/types/config.d.ts +2 -1
package/dist/types/config.d.ts.map +1 -1
package/dist/types/config.js.map +1 -1
package/dist/utils/logger.d.ts +38 -2
package/dist/utils/logger.d.ts.map +1 -1
package/dist/utils/logger.js +231 -26
package/dist/utils/logger.js.map +1 -1
package/package.json +9 -1
package/packs/economic-agent.yaml +62 -0

package/dist/policy/generator.d.ts ADDED Viewed

@@ -0,0 +1,110 @@
+/**
+ * Policy generator utilities — NL-to-rule helpers for consumers who bring
+ * their own LLM.
+ *
+ * Provides the system prompt, Zod schema, rule sanitization, and instant
+ * generation for well-known patterns. Does NOT include LLM invocation.
+ *
+ * @module policy/generator
+ */
+import type { Rule } from '../rules/types.js';
+/**
+ * Result of policy generation or validation.
+ */
+export interface PolicyGenerationResult {
+    success: boolean;
+    rules: Rule[];
+    explanation: string;
+    warnings?: string[];
+    error?: string;
+}
+/**
+ * Clarification request returned when a policy description is ambiguous.
+ */
+export interface PolicyClarificationRequest {
+    explanation: string;
+    questions: string[];
+}
+export declare const BROWSER_AGENT_SYSTEM_PROMPT = "You are a security policy compiler for a browser automation agent.\n\nConvert the user's natural-language policy into one or more Veto rules (JSON).\n\n## Rule Schema\n\nEach rule is a JSON object:\n{\n  \"id\": string,           // kebab-case unique ID (e.g., \"block-expensive-purchases\")\n  \"name\": string,         // short human-readable name\n  \"description\": string,  // 1-2 sentence description\n  \"enabled\": true,\n  \"severity\": \"critical\" | \"high\" | \"medium\" | \"low\" | \"info\",\n  \"action\": \"block\" | \"warn\" | \"log\" | \"allow\" | \"require_approval\",\n  \"tools\": string[],      // which browser actions this applies to (omit for ALL)\n  \"conditions\": [         // ALL must match (AND logic)\n    { \"field\": string, \"operator\": string, \"value\": any }\n  ],\n  \"condition_groups\": [   // groups are OR'd; conditions within each group are AND'd\n    [ { \"field\": ..., \"operator\": ..., \"value\": ... } ]\n  ],\n  \"tags\": string[]\n}\n\n## Available Tools (prefix: browser_)\n\nbrowser_clickElement, browser_inputText, browser_goToUrl, browser_searchGoogle,\nbrowser_scrollToPercent, browser_switchTab, browser_openTab, browser_closeTab,\nbrowser_goBack, browser_sendKeys, browser_wait, browser_scrollToText,\nbrowser_selectDropdownOption, browser_getDropdownOptions, browser_cacheContent,\nbrowser_done, browser_scrollToTop, browser_scrollToBottom, browser_nextPage,\nbrowser_previousPage\n\nOmit \"tools\" to apply to ALL actions.\n\n## Available Condition Fields\n\nYou can condition on ANY field in the action's arguments using dot notation.\nThe system provides these built-in fields, but you are not limited to them:\n\n**Page context:**\n- arguments.current_url (string) \u2014 current page URL\n- arguments.page_title (string) \u2014 current page title\n- arguments.action_index (number) \u2014 action sequence number in this task\n- arguments.domain_time_seconds (number) \u2014 cumulative seconds on this domain\n\n**Element context** (for actions targeting a specific page element \u2014 click, input, scroll-to, etc.):\n- arguments.element_context.element_text (string) \u2014 the target element's own text content\n- arguments.element_context.row_text (string) \u2014 ALL visible text in the element's row, list item, card, or containing group. In a spreadsheet, this is the full row (e.g. \"Antler US Fund $160 1/5/2026 2026 II NYC\"). Use this for per-row/per-item policy enforcement.\n- arguments.element_context.tag (string) \u2014 HTML tag of the target element\n- arguments.element_context.xpath (string) \u2014 XPath of the target element\n\n**Element styles** (for actions targeting page elements):\n- arguments.computed_styles.* \u2014 any CSS property (backgroundColor, color, fontSize, display, visibility, opacity, position, zIndex, pointerEvents, fontWeight, textDecoration, overflow, cursor, borderColor)\n\n**Extracted entities** (auto-detected from visible page content):\n- arguments.extracted_entities.prices (number[]) \u2014 prices in any currency\n- arguments.extracted_entities.max_price (number) \u2014 highest price on page\n- arguments.extracted_entities.min_price (number) \u2014 lowest price on page\n- arguments.extracted_entities.emails (string[]) \u2014 email addresses\n- arguments.extracted_entities.phone_numbers (string[]) \u2014 phone numbers (international)\n- arguments.extracted_entities.salary_figures (number[]) \u2014 salary/compensation amounts\n- arguments.extracted_entities.has_salary_figures (boolean)\n- arguments.extracted_entities.equity_percentages (number[]) \u2014 equity/vesting %\n- arguments.extracted_entities.has_equity_info (boolean)\n- arguments.extracted_entities.has_sensitive_pii (boolean) \u2014 any PII detected\n- arguments.extracted_entities.has_credit_cards (boolean) \u2014 credit card numbers detected\n- arguments.extracted_entities.has_gov_ids (boolean) \u2014 government ID patterns detected\n- arguments.extracted_entities.has_api_keys (boolean) \u2014 API keys/secrets detected\n- arguments.extracted_entities.sensitive_terms (string[]) \u2014 categories found: salary, equity, gov_id, credit_card, api_key, email, phone\n\n**Action-specific arguments:**\n- arguments.url \u2014 target URL for navigation\n- arguments.text \u2014 text being typed\n- arguments.query \u2014 search query\n- arguments.index \u2014 target element index\n\nYou can also use any custom field path. Unknown fields resolve to undefined and conditions on them won't match.\n\n## Operators\n\nequals, not_equals, contains, not_contains, starts_with, ends_with, matches,\ngreater_than, less_than, in, not_in, length_greater_than, percent_of,\noutside_hours, within_hours\n\nFor time-based: use \"HH:MM-HH:MM\" format (e.g., \"09:00-17:00\"). Handles overnight ranges.\nYou can use any operator the Veto SDK supports. Unknown operators are passed through to cloud evaluation.\n\n## Action Types\n\n- \"block\" \u2014 prevent the action (hard limit)\n- \"require_approval\" \u2014 pause and ask the human to approve/deny\n- \"warn\" \u2014 log warning but allow\n- \"log\" \u2014 silently log\n- \"allow\" \u2014 explicitly allow (for exceptions)\n\nUse \"block\" for hard safety limits. Use \"require_approval\" when the user wants case-by-case review.\n\n## Rules\n\n1. Rules are evaluated per-action, not per-page\n2. Use \"conditions\" for AND logic, \"condition_groups\" for OR logic\n3. For URL matching, prefer \"contains\" or \"matches\" over \"equals\"\n4. For price thresholds, use \"arguments.extracted_entities.max_price\" with \"greater_than\"\n5. Generate the minimum number of rules needed\n6. For per-row/per-item enforcement (e.g. \"block items in NYC\", \"hide funds from Acme\"), use arguments.element_context.row_text with \"contains\" \u2014 this checks the specific row the agent is interacting with, NOT the entire page\n7. Use extracted_entities for page-wide checks (e.g. \"block when credit cards visible\"). Use element_context for item-level checks (e.g. \"block clicking rows where location is NYC\")\n\n## Output Format\n\nReturn JSON with exactly two fields:\n{\n  \"rules\": [ ... ],\n  \"explanation\": \"1-3 sentence plain-English explanation\"\n}";
+/**
+ * Lazily create and return the Zod schema for policy output validation.
+ *
+ * Requires `zod` as a peer dependency. Throws if zod is not installed.
+ */
+export declare function getPolicyOutputSchema(): Promise<unknown>;
+/**
+ * Sanitize LLM-generated rules into valid SDK Rule objects.
+ *
+ * Normalizes IDs with `local-nl-` prefix, deduplicates, and passes through
+ * unknown operators/tools with warnings (returned in the warnings array).
+ */
+export declare function sanitizeGeneratedRules(parsed: {
+    rules: Array<{
+        id: string;
+        name: string;
+        description?: string | null;
+        enabled?: boolean;
+        severity: string;
+        action: string;
+        tools?: string[] | null;
+        conditions?: Array<{
+            field: string;
+            operator: string;
+            value?: unknown;
+        }> | null;
+        condition_groups?: Array<Array<{
+            field: string;
+            operator: string;
+            value?: unknown;
+        }>> | null;
+        tags?: string[] | null;
+    }>;
+}): {
+    rules: Rule[];
+    warnings: string[];
+};
+/**
+ * Validate raw LLM output against the policy schema and sanitize into Rules.
+ *
+ * Requires `zod` as a peer dependency.
+ */
+export declare function validatePolicyOutput(raw: unknown): Promise<PolicyGenerationResult>;
+type InstantAction = 'block' | 'require_approval' | 'warn' | 'log';
+interface InstantRuleDef {
+    id: string;
+    name: string;
+    description: string;
+    enabled: true;
+    severity: 'critical' | 'high';
+    action: InstantAction;
+    conditions: Array<{
+        field: string;
+        operator: string;
+        value: string | number | boolean;
+    }>;
+}
+interface InstantOutput {
+    rules: InstantRuleDef[];
+    explanation: string;
+}
+/**
+ * Zero-latency deterministic rule generation for common intents.
+ *
+ * Handles credit card shields, PII shields, gov ID shields, API key shields,
+ * price limits, and salary info shields. Returns null for anything that
+ * needs an LLM.
+ */
+export declare function tryInstantGeneration(input: string): InstantOutput | null;
+/**
+ * Detect natural-language policy declarations — standing rules with conditions
+ * that should route to policy generation rather than the automation loop.
+ */
+export declare function looksLikePolicyDeclaration(task: string): boolean;
+/**
+ * Check if a policy request needs clarification before generation.
+ *
+ * Returns null if the request is clear enough to proceed.
+ */
+export declare function reviewPolicyRequest(input: string): PolicyClarificationRequest | null;
+export {};
+//# sourceMappingURL=generator.d.ts.map

package/dist/policy/generator.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"generator.d.ts","sourceRoot":"","sources":["../../src/policy/generator.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAiB,MAAM,mBAAmB,CAAC;AAK7D;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAID,eAAO,MAAM,2BAA2B,kjMAkHtC,CAAC;AAiDH;;;;GAIG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,OAAO,CAAC,CAwC9D;AAID;;;;;GAKG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE;IAAE,KAAK,EAAE,KAAK,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,OAAO,CAAC,EAAE,OAAO,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;QAAC,UAAU,CAAC,EAAE,KAAK,CAAC;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,KAAK,CAAC,EAAE,OAAO,CAAA;SAAE,CAAC,GAAG,IAAI,CAAC;QAAC,gBAAgB,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAC;YAAC,KAAK,CAAC,EAAE,OAAO,CAAA;SAAE,CAAC,CAAC,GAAG,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;KAAE,CAAC,CAAA;CAAE,GACvW;IAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAA;CAAE,CAgEvC;AAED;;;;GAIG;AACH,wBAAsB,oBAAoB,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAWxF;AAID,KAAK,aAAa,GAAG,OAAO,GAAG,kBAAkB,GAAG,MAAM,GAAG,KAAK,CAAC;AAkCnE,UAAU,cAAc;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,IAAI,CAAC;IACd,QAAQ,EAAE,UAAU,GAAG,MAAM,CAAC;IAC9B,MAAM,EAAE,aAAa,CAAC;IACtB,UAAU,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC,CAAC;CAC1F;AAaD,UAAU,aAAa;IACrB,KAAK,EAAE,cAAc,EAAE,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CA0GxE;AAID;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAqBhE;AAYD;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,0BAA0B,GAAG,IAAI,CA2CpF"}

package/dist/policy/generator.js ADDED Viewed

@@ -0,0 +1,463 @@
+/**
+ * Policy generator utilities — NL-to-rule helpers for consumers who bring
+ * their own LLM.
+ *
+ * Provides the system prompt, Zod schema, rule sanitization, and instant
+ * generation for well-known patterns. Does NOT include LLM invocation.
+ *
+ * @module policy/generator
+ */
+// --- System prompt ---
+export const BROWSER_AGENT_SYSTEM_PROMPT = `You are a security policy compiler for a browser automation agent.
+Convert the user's natural-language policy into one or more Veto rules (JSON).
+## Rule Schema
+Each rule is a JSON object:
+{
+  "id": string,           // kebab-case unique ID (e.g., "block-expensive-purchases")
+  "name": string,         // short human-readable name
+  "description": string,  // 1-2 sentence description
+  "enabled": true,
+  "severity": "critical" | "high" | "medium" | "low" | "info",
+  "action": "block" | "warn" | "log" | "allow" | "require_approval",
+  "tools": string[],      // which browser actions this applies to (omit for ALL)
+  "conditions": [         // ALL must match (AND logic)
+    { "field": string, "operator": string, "value": any }
+  ],
+  "condition_groups": [   // groups are OR'd; conditions within each group are AND'd
+    [ { "field": ..., "operator": ..., "value": ... } ]
+  ],
+  "tags": string[]
+}
+## Available Tools (prefix: browser_)
+browser_clickElement, browser_inputText, browser_goToUrl, browser_searchGoogle,
+browser_scrollToPercent, browser_switchTab, browser_openTab, browser_closeTab,
+browser_goBack, browser_sendKeys, browser_wait, browser_scrollToText,
+browser_selectDropdownOption, browser_getDropdownOptions, browser_cacheContent,
+browser_done, browser_scrollToTop, browser_scrollToBottom, browser_nextPage,
+browser_previousPage
+Omit "tools" to apply to ALL actions.
+## Available Condition Fields
+You can condition on ANY field in the action's arguments using dot notation.
+The system provides these built-in fields, but you are not limited to them:
+**Page context:**
+- arguments.current_url (string) — current page URL
+- arguments.page_title (string) — current page title
+- arguments.action_index (number) — action sequence number in this task
+- arguments.domain_time_seconds (number) — cumulative seconds on this domain
+**Element context** (for actions targeting a specific page element — click, input, scroll-to, etc.):
+- arguments.element_context.element_text (string) — the target element's own text content
+- arguments.element_context.row_text (string) — ALL visible text in the element's row, list item, card, or containing group. In a spreadsheet, this is the full row (e.g. "Antler US Fund $160 1/5/2026 2026 II NYC"). Use this for per-row/per-item policy enforcement.
+- arguments.element_context.tag (string) — HTML tag of the target element
+- arguments.element_context.xpath (string) — XPath of the target element
+**Element styles** (for actions targeting page elements):
+- arguments.computed_styles.* — any CSS property (backgroundColor, color, fontSize, display, visibility, opacity, position, zIndex, pointerEvents, fontWeight, textDecoration, overflow, cursor, borderColor)
+**Extracted entities** (auto-detected from visible page content):
+- arguments.extracted_entities.prices (number[]) — prices in any currency
+- arguments.extracted_entities.max_price (number) — highest price on page
+- arguments.extracted_entities.min_price (number) — lowest price on page
+- arguments.extracted_entities.emails (string[]) — email addresses
+- arguments.extracted_entities.phone_numbers (string[]) — phone numbers (international)
+- arguments.extracted_entities.salary_figures (number[]) — salary/compensation amounts
+- arguments.extracted_entities.has_salary_figures (boolean)
+- arguments.extracted_entities.equity_percentages (number[]) — equity/vesting %
+- arguments.extracted_entities.has_equity_info (boolean)
+- arguments.extracted_entities.has_sensitive_pii (boolean) — any PII detected
+- arguments.extracted_entities.has_credit_cards (boolean) — credit card numbers detected
+- arguments.extracted_entities.has_gov_ids (boolean) — government ID patterns detected
+- arguments.extracted_entities.has_api_keys (boolean) — API keys/secrets detected
+- arguments.extracted_entities.sensitive_terms (string[]) — categories found: salary, equity, gov_id, credit_card, api_key, email, phone
+**Action-specific arguments:**
+- arguments.url — target URL for navigation
+- arguments.text — text being typed
+- arguments.query — search query
+- arguments.index — target element index
+You can also use any custom field path. Unknown fields resolve to undefined and conditions on them won't match.
+## Operators
+equals, not_equals, contains, not_contains, starts_with, ends_with, matches,
+greater_than, less_than, in, not_in, length_greater_than, percent_of,
+outside_hours, within_hours
+For time-based: use "HH:MM-HH:MM" format (e.g., "09:00-17:00"). Handles overnight ranges.
+You can use any operator the Veto SDK supports. Unknown operators are passed through to cloud evaluation.
+## Action Types
+- "block" — prevent the action (hard limit)
+- "require_approval" — pause and ask the human to approve/deny
+- "warn" — log warning but allow
+- "log" — silently log
+- "allow" — explicitly allow (for exceptions)
+Use "block" for hard safety limits. Use "require_approval" when the user wants case-by-case review.
+## Rules
+1. Rules are evaluated per-action, not per-page
+2. Use "conditions" for AND logic, "condition_groups" for OR logic
+3. For URL matching, prefer "contains" or "matches" over "equals"
+4. For price thresholds, use "arguments.extracted_entities.max_price" with "greater_than"
+5. Generate the minimum number of rules needed
+6. For per-row/per-item enforcement (e.g. "block items in NYC", "hide funds from Acme"), use arguments.element_context.row_text with "contains" — this checks the specific row the agent is interacting with, NOT the entire page
+7. Use extracted_entities for page-wide checks (e.g. "block when credit cards visible"). Use element_context for item-level checks (e.g. "block clicking rows where location is NYC")
+## Output Format
+Return JSON with exactly two fields:
+{
+  "rules": [ ... ],
+  "explanation": "1-3 sentence plain-English explanation"
+}`;
+// --- Operator / tool validation sets ---
+const VALID_OPERATORS = new Set([
+    'equals',
+    'not_equals',
+    'contains',
+    'not_contains',
+    'starts_with',
+    'ends_with',
+    'matches',
+    'greater_than',
+    'less_than',
+    'percent_of',
+    'length_greater_than',
+    'in',
+    'not_in',
+    'outside_hours',
+    'within_hours',
+]);
+const KNOWN_TOOLS = new Set([
+    'browser_clickElement',
+    'browser_inputText',
+    'browser_goToUrl',
+    'browser_searchGoogle',
+    'browser_scrollToPercent',
+    'browser_switchTab',
+    'browser_openTab',
+    'browser_closeTab',
+    'browser_goBack',
+    'browser_sendKeys',
+    'browser_wait',
+    'browser_scrollToText',
+    'browser_selectDropdownOption',
+    'browser_getDropdownOptions',
+    'browser_cacheContent',
+    'browser_done',
+    'browser_scrollToTop',
+    'browser_scrollToBottom',
+    'browser_nextPage',
+    'browser_previousPage',
+]);
+// --- Zod schema for structured LLM output ---
+let _policyOutputSchema = null;
+/**
+ * Lazily create and return the Zod schema for policy output validation.
+ *
+ * Requires `zod` as a peer dependency. Throws if zod is not installed.
+ */
+export async function getPolicyOutputSchema() {
+    if (_policyOutputSchema)
+        return _policyOutputSchema;
+    const z = await import('zod').catch(() => {
+        throw new Error('zod is required for policy schema validation. Install it: npm install zod');
+    });
+    const conditionValueSchema = z.union([
+        z.string(),
+        z.number(),
+        z.boolean(),
+        z.array(z.string()),
+        z.array(z.number()),
+    ]);
+    const ruleConditionSchema = z.object({
+        field: z.string(),
+        operator: z.string(),
+        value: conditionValueSchema,
+    });
+    const generatedRuleSchema = z.object({
+        id: z.string(),
+        name: z.string(),
+        description: z.string().nullable().optional(),
+        enabled: z.literal(true).default(true),
+        severity: z.enum(['critical', 'high', 'medium', 'low', 'info']),
+        action: z.enum(['block', 'warn', 'log', 'allow', 'require_approval']),
+        tools: z.array(z.string()).nullable().optional(),
+        conditions: z.array(ruleConditionSchema).nullable().optional(),
+        condition_groups: z.array(z.array(ruleConditionSchema)).nullable().optional(),
+        tags: z.array(z.string()).nullable().optional(),
+    });
+    _policyOutputSchema = z.object({
+        rules: z.array(generatedRuleSchema).min(1),
+        explanation: z.string(),
+    });
+    return _policyOutputSchema;
+}
+// --- Sanitization ---
+/**
+ * Sanitize LLM-generated rules into valid SDK Rule objects.
+ *
+ * Normalizes IDs with `local-nl-` prefix, deduplicates, and passes through
+ * unknown operators/tools with warnings (returned in the warnings array).
+ */
+export function sanitizeGeneratedRules(parsed) {
+    const seenIds = new Set();
+    const warnings = [];
+    const rules = parsed.rules.map(r => {
+        let id = `local-nl-${r.id.replace(/[^a-z0-9-]/gi, '-').toLowerCase()}`;
+        while (seenIds.has(id)) {
+            id = `${id}-${Math.random().toString(36).slice(2, 10)}`;
+        }
+        seenIds.add(id);
+        if (r.tools) {
+            for (const t of r.tools) {
+                if (!KNOWN_TOOLS.has(t)) {
+                    warnings.push(`Unknown tool "${t}" in rule "${r.name}" — kept (may match future/cloud tools)`);
+                }
+            }
+        }
+        const toCondition = (c) => {
+            if (!VALID_OPERATORS.has(c.operator)) {
+                warnings.push(`Unrecognized operator "${c.operator}" in rule "${r.name}" — kept for cloud evaluation`);
+            }
+            return {
+                field: c.field,
+                operator: c.operator,
+                value: c.value,
+            };
+        };
+        const VALID_SEVERITIES = new Set(['low', 'medium', 'high', 'critical', 'info']);
+        const VALID_ACTIONS = new Set(['allow', 'block', 'require_approval', 'warn', 'log']);
+        let severity = 'medium';
+        if (VALID_SEVERITIES.has(r.severity)) {
+            severity = r.severity;
+        }
+        else {
+            warnings.push(`Invalid severity "${r.severity}" in rule "${r.name}" — defaulting to "medium"`);
+        }
+        let action = 'block';
+        if (VALID_ACTIONS.has(r.action)) {
+            action = r.action;
+        }
+        else {
+            warnings.push(`Invalid action "${r.action}" in rule "${r.name}" — defaulting to "block"`);
+        }
+        const rule = {
+            id,
+            name: r.name,
+            description: r.description ?? undefined,
+            enabled: true,
+            severity,
+            action,
+            tools: r.tools ?? undefined,
+            conditions: r.conditions?.map(toCondition),
+            condition_groups: r.condition_groups?.map(group => group.map(toCondition)),
+            tags: r.tags ?? ['nl-generated'],
+        };
+        return rule;
+    });
+    return { rules, warnings };
+}
+/**
+ * Validate raw LLM output against the policy schema and sanitize into Rules.
+ *
+ * Requires `zod` as a peer dependency.
+ */
+export async function validatePolicyOutput(raw) {
+    try {
+        const schema = await getPolicyOutputSchema();
+        const parsed = schema.parse(raw);
+        const { rules, warnings } = sanitizeGeneratedRules(parsed);
+        return { success: true, rules, explanation: parsed.explanation, warnings };
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        return { success: false, rules: [], explanation: '', error: msg };
+    }
+}
+function inferActionFromIntent(input) {
+    const lower = input.toLowerCase();
+    if (/\b(block|prohibit|deny|prevent|stop|restrict|forbid)/.test(lower))
+        return 'block';
+    if (/\b(warn|alert|notify|flag)/.test(lower))
+        return 'warn';
+    if (/\b(ask|approv|confirm|review|check with|permission)/.test(lower))
+        return 'require_approval';
+    if (/\b(log|track|monitor|record)/.test(lower))
+        return 'log';
+    return 'block';
+}
+function actionVerb(action) {
+    if (action === 'block')
+        return 'Blocks';
+    if (action === 'require_approval')
+        return 'Requires approval for';
+    if (action === 'warn')
+        return 'Warns about';
+    return 'Logs';
+}
+function extractPriceThreshold(input) {
+    const match = input.match(/\$\s*([0-9,]+(?:\.[0-9]{1,2})?)/);
+    if (match) {
+        const price = parseFloat(match[1].replace(/,/g, ''));
+        if (isNaN(price))
+            return null;
+        return price;
+    }
+    const wordMatch = input.match(/(\d+(?:\.\d{1,2})?)\s*(?:dollars?|usd)/i);
+    if (wordMatch) {
+        const price = parseFloat(wordMatch[1]);
+        if (isNaN(price))
+            return null;
+        return price;
+    }
+    return null;
+}
+function instantRule(id, name, description, severity, action, conditions) {
+    return { id, name, description, enabled: true, severity, action, conditions };
+}
+/**
+ * Zero-latency deterministic rule generation for common intents.
+ *
+ * Handles credit card shields, PII shields, gov ID shields, API key shields,
+ * price limits, and salary info shields. Returns null for anything that
+ * needs an LLM.
+ */
+export function tryInstantGeneration(input) {
+    const lower = input.toLowerCase();
+    const action = inferActionFromIntent(input);
+    const verb = actionVerb(action);
+    if (/\bcredit\s*cards?\b|\bcard\s*numbers?\b|\bcc\s*num/i.test(lower)) {
+        return {
+            rules: [
+                instantRule('instant-credit-card-shield', 'Credit Card Shield', 'Prevents actions when credit card numbers are detected on the page', 'critical', action, [{ field: 'arguments.extracted_entities.has_credit_cards', operator: 'equals', value: true }]),
+            ],
+            explanation: `${verb} all browser actions when credit card numbers are detected on the page.`,
+        };
+    }
+    if (/\b(pii|personal\s*(data|info(rmation)?)|sensitive\s*(data|info))\b/i.test(lower)) {
+        return {
+            rules: [
+                instantRule('instant-pii-shield', 'PII Shield', 'Prevents actions when sensitive personal information is detected', 'critical', action, [{ field: 'arguments.extracted_entities.has_sensitive_pii', operator: 'equals', value: true }]),
+            ],
+            explanation: `${verb} all browser actions when sensitive personal data is detected on the page.`,
+        };
+    }
+    if (/\b(gov(ernment)?\s*id|ssn|social\s*security|passport|driver'?s?\s*licen[sc]e)\b/i.test(lower)) {
+        return {
+            rules: [
+                instantRule('instant-gov-id-shield', 'Government ID Shield', 'Prevents actions when government ID patterns are detected', 'critical', action, [{ field: 'arguments.extracted_entities.has_gov_ids', operator: 'equals', value: true }]),
+            ],
+            explanation: `${verb} all browser actions when government ID patterns (SSN, passport, license numbers) are detected.`,
+        };
+    }
+    if (/\b(api\s*keys?|secret\s*keys?|access\s*tokens?|credentials?)\b/i.test(lower)) {
+        return {
+            rules: [
+                instantRule('instant-api-key-shield', 'API Key Shield', 'Prevents actions when API keys or secrets are detected', 'critical', action, [{ field: 'arguments.extracted_entities.has_api_keys', operator: 'equals', value: true }]),
+            ],
+            explanation: `${verb} all browser actions when API keys or secrets are detected on the page.`,
+        };
+    }
+    const price = extractPriceThreshold(input);
+    if (price !== null && /price|cost|spend|purchas|buy|order|checkout|cart|limit/i.test(lower)) {
+        const priceAction = /\b(block|stop|prevent|never|don'?t)\b/i.test(lower)
+            ? 'block'
+            : 'require_approval';
+        return {
+            rules: [
+                instantRule(`instant-price-limit-${price}`, `Price Limit ($${price})`, `Controls actions when prices exceed $${price}`, 'high', priceAction, [{ field: 'arguments.extracted_entities.max_price', operator: 'greater_than', value: price }]),
+            ],
+            explanation: `${actionVerb(priceAction)} actions when the highest price on the page exceeds $${price}.`,
+        };
+    }
+    if (/\b(salary|salaries|compensation|pay\s*(rate|scale|range)|wage)\b/i.test(lower)) {
+        return {
+            rules: [
+                instantRule('instant-salary-shield', 'Salary Info Shield', 'Prevents actions when salary or compensation data is detected', 'high', action, [{ field: 'arguments.extracted_entities.has_salary_figures', operator: 'equals', value: true }]),
+            ],
+            explanation: `${verb} all browser actions when salary or compensation figures are detected.`,
+        };
+    }
+    return null;
+}
+// --- Policy declaration detection ---
+/**
+ * Detect natural-language policy declarations — standing rules with conditions
+ * that should route to policy generation rather than the automation loop.
+ */
+export function looksLikePolicyDeclaration(task) {
+    const t = task.toLowerCase().trim();
+    const hasProhibition = /\b(?:don'?t|do\s*not|never)\b/.test(t);
+    const hasCondition = /\b(?:unless|until|without|except\s+(?:if|when)|only\s+(?:if|when))\b/.test(t);
+    const hasScope = /\b(?:any(?:thing|one|where)?|all|every(?:thing|one|where)?)\b/.test(t);
+    if (hasProhibition && hasCondition)
+        return true;
+    if (hasProhibition && hasScope)
+        return true;
+    // Imperative "never" at the start is a standing rule, not a one-off instruction.
+    // Excludes "never mind".
+    if (/^(?:please\s+)?never\b/.test(t) && !/^(?:please\s+)?never\s*mind\b/.test(t))
+        return true;
+    if (/\b(?:block|deny|restrict|prevent)\b/.test(t) && (hasScope || /\bfrom\s+\w+/.test(t)))
+        return true;
+    if (/\brequire\s+(?:my\s+)?(?:approval|permission)\b/.test(t))
+        return true;
+    if (/\b(?:warn|alert)\s+me\b/.test(t) && /\b(?:if|when|before|whenever)\b/.test(t))
+        return true;
+    return false;
+}
+// --- Review / clarification ---
+function hasExplicitDomainList(input) {
+    return /\b(x|twitter|reddit|instagram|facebook|tiktok|youtube|linkedin)\.com\b/i.test(input);
+}
+function hasSupportedRedirectFallback(input) {
+    return /\b(block only|just block|no redirect|don't redirect|do not redirect|skip redirect)\b/i.test(input);
+}
+/**
+ * Check if a policy request needs clarification before generation.
+ *
+ * Returns null if the request is clear enough to proceed.
+ */
+export function reviewPolicyRequest(input) {
+    const normalizedInput = input.replace(/\s+/g, ' ').trim();
+    const lowerInput = normalizedInput.toLowerCase();
+    const questions = [];
+    const mentionsRedirect = /\bredirect\b|\broute me to\b|\bsend me to\b|\btake me to\b|\bopen my\b|\bopen the\b/.test(lowerInput) &&
+        /(task list|todo|to-do|tasks|calendar|planner|inbox)/.test(lowerInput);
+    const mentionsSocialCategory = /social media|social tabs|social sites|social apps/.test(lowerInput);
+    const mentionsTimeThreshold = /\b\d+\s*(min|mins|minute|minutes|hour|hours|hr|hrs)\b/.test(lowerInput) ||
+        /\bmore than\b|\bover\b|\bafter\b/.test(lowerInput);
+    const mentionsCrossSiteWindow = /\btoday\b|\bdaily\b|\bacross\b|\ball social\b/.test(lowerInput);
+    const acceptsDefaultSocialDomains = /\bdefault\b|\bstandard set\b/.test(lowerInput);
+    if (mentionsSocialCategory && !hasExplicitDomainList(normalizedInput) && !acceptsDefaultSocialDomains) {
+        questions.push('Which domains should count as social media for this rule? If you want, say "use the default set" and I\'ll use x.com, twitter.com, reddit.com, instagram.com, facebook.com, tiktok.com, youtube.com, and linkedin.com.');
+    }
+    if (mentionsSocialCategory && mentionsTimeThreshold && mentionsCrossSiteWindow) {
+        questions.push('Should that time limit apply per domain (for example 3 minutes on x.com) or across all social sites combined? The current policy engine enforces per-domain time reliably.');
+    }
+    if (mentionsRedirect && !hasSupportedRedirectFallback(normalizedInput)) {
+        questions.push('Veto policies can block, require approval, warn, or log, but they do not perform redirects on their own. Do you want a block-only policy, or a separate follow-up automation? If you want the follow-up flow, what exact task-list URL should be used?');
+    }
+    if (questions.length === 0) {
+        return null;
+    }
+    return {
+        explanation: 'I need a couple of clarifications before I can create this policy without guessing or silently encoding the wrong behavior.',
+        questions,
+    };
+}
+//# sourceMappingURL=generator.js.map

package/dist/policy/generator.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"generator.js","sourceRoot":"","sources":["../../src/policy/generator.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AA0BH,wBAAwB;AAExB,MAAM,CAAC,MAAM,2BAA2B,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkHzC,CAAC;AAEH,0CAA0C;AAE1C,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,QAAQ;IACR,YAAY;IACZ,UAAU;IACV,cAAc;IACd,aAAa;IACb,WAAW;IACX,SAAS;IACT,cAAc;IACd,WAAW;IACX,YAAY;IACZ,qBAAqB;IACrB,IAAI;IACJ,QAAQ;IACR,eAAe;IACf,cAAc;CACf,CAAC,CAAC;AAEH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC;IAC1B,sBAAsB;IACtB,mBAAmB;IACnB,iBAAiB;IACjB,sBAAsB;IACtB,yBAAyB;IACzB,mBAAmB;IACnB,iBAAiB;IACjB,kBAAkB;IAClB,gBAAgB;IAChB,kBAAkB;IAClB,cAAc;IACd,sBAAsB;IACtB,8BAA8B;IAC9B,4BAA4B;IAC5B,sBAAsB;IACtB,cAAc;IACd,qBAAqB;IACrB,wBAAwB;IACxB,kBAAkB;IAClB,sBAAsB;CACvB,CAAC,CAAC;AAEH,+CAA+C;AAE/C,IAAI,mBAAmB,GAAY,IAAI,CAAC;AAExC;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,IAAI,mBAAmB;QAAE,OAAO,mBAAmB,CAAC;IAEpD,MAAM,CAAC,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;QACvC,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;IAC/F,CAAC,CAAC,CAAC;IAEH,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC;QACnC,CAAC,CAAC,MAAM,EAAE;QACV,CAAC,CAAC,MAAM,EAAE;QACV,CAAC,CAAC,OAAO,EAAE;QACX,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;QACnB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;KACpB,CAAC,CAAC;IAEH,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;QACnC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;QACjB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,KAAK,EAAE,oBAAoB;KAC5B,CAAC,CAAC;IAEH,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;QACnC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;QACd,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;QAC7C,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;QACtC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC/D,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,kBAAkB,CAAC,CAAC;QACrE,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;QAChD,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;QAC9D,gBAAgB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;QAC7E,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;KAChD,CAAC,CAAC;IAEH,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;QAC7B,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1C,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;KACxB,CAAC,CAAC;IAEH,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AAED,uBAAuB;AAEvB;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CACpC,MAAwW;IAExW,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QACjC,IAAI,EAAE,GAAG,YAAY,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QACvE,OAAO,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;YACvB,EAAE,GAAG,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QAC1D,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YACZ,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;gBACxB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;oBACxB,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC,IAAI,yCAAyC,CAAC,CAAC;gBACjG,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,CAAuD,EAAiB,EAAE;YAC7F,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACrC,QAAQ,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,QAAQ,cAAc,CAAC,CAAC,IAAI,+BAA+B,CAAC,CAAC;YACzG,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,QAAQ,EAAE,CAAC,CAAC,QAAqC;gBACjD,KAAK,EAAE,CAAC,CAAC,KAAK;aACf,CAAC;QACJ,CAAC,CAAC;QAEF,MAAM,gBAAgB,GAAgB,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC;QAC7F,MAAM,aAAa,GAAgB,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;QAElG,IAAI,QAAQ,GAAqB,QAAQ,CAAC;QAC1C,IAAI,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrC,QAAQ,GAAG,CAAC,CAAC,QAA4B,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,QAAQ,cAAc,CAAC,CAAC,IAAI,4BAA4B,CAAC,CAAC;QACjG,CAAC;QAED,IAAI,MAAM,GAAmB,OAAO,CAAC;QACrC,IAAI,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;YAChC,MAAM,GAAG,CAAC,CAAC,MAAwB,CAAC;QACtC,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,MAAM,cAAc,CAAC,CAAC,IAAI,2BAA2B,CAAC,CAAC;QAC5F,CAAC;QAED,MAAM,IAAI,GAAS;YACjB,EAAE;YACF,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,WAAW,EAAE,CAAC,CAAC,WAAW,IAAI,SAAS;YACvC,OAAO,EAAE,IAAI;YACb,QAAQ;YACR,MAAM;YACN,KAAK,EAAE,CAAC,CAAC,KAAK,IAAI,SAAS;YAC3B,UAAU,EAAE,CAAC,CAAC,UAAU,EAAE,GAAG,CAAC,WAAW,CAAC;YAC1C,gBAAgB,EAAE,CAAC,CAAC,gBAAgB,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YAC1E,IAAI,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,cAAc,CAAC;SACjC,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AAC7B,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,GAAY;IACrD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,qBAAqB,EAAE,CAAC;QAE7C,MAAM,MAAM,GAAI,MAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC1C,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;QAC3D,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,QAAQ,EAAE,CAAC;IAC7E,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;IACpE,CAAC;AACH,CAAC;AAMD,SAAS,qBAAqB,CAAC,KAAa;IAC1C,MAAM,KAAK,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IAClC,IAAI,sDAAsD,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC;IACvF,IAAI,4BAA4B,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC;IAC5D,IAAI,qDAAqD,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,kBAAkB,CAAC;IACjG,IAAI,8BAA8B,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7D,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,UAAU,CAAC,MAAc;IAChC,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO,QAAQ,CAAC;IACxC,IAAI,MAAM,KAAK,kBAAkB;QAAE,OAAO,uBAAuB,CAAC;IAClE,IAAI,MAAM,KAAK,MAAM;QAAE,OAAO,aAAa,CAAC;IAC5C,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAa;IAC1C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;IAC7D,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;QACrD,IAAI,KAAK,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAC9B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;IACzE,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,KAAK,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,IAAI,KAAK,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAC9B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAYD,SAAS,WAAW,CAClB,EAAU,EACV,IAAY,EACZ,WAAmB,EACnB,QAA6B,EAC7B,MAAqB,EACrB,UAAwF;IAExF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;AAChF,CAAC;AAOD;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAa;IAChD,MAAM,KAAK,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IAClC,MAAM,MAAM,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAEhC,IAAI,qDAAqD,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACtE,OAAO;YACL,KAAK,EAAE;gBACL,WAAW,CACT,4BAA4B,EAC5B,oBAAoB,EACpB,oEAAoE,EACpE,UAAU,EACV,MAAM,EACN,CAAC,EAAE,KAAK,EAAE,+CAA+C,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAC9F;aACF;YACD,WAAW,EAAE,GAAG,IAAI,yEAAyE;SAC9F,CAAC;IACJ,CAAC;IAED,IAAI,qEAAqE,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACtF,OAAO;YACL,KAAK,EAAE;gBACL,WAAW,CACT,oBAAoB,EACpB,YAAY,EACZ,kEAAkE,EAClE,UAAU,EACV,MAAM,EACN,CAAC,EAAE,KAAK,EAAE,gDAAgD,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAC/F;aACF;YACD,WAAW,EAAE,GAAG,IAAI,4EAA4E;SACjG,CAAC;IACJ,CAAC;IAED,IAAI,kFAAkF,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACnG,OAAO;YACL,KAAK,EAAE;gBACL,WAAW,CACT,uBAAuB,EACvB,sBAAsB,EACtB,2DAA2D,EAC3D,UAAU,EACV,MAAM,EACN,CAAC,EAAE,KAAK,EAAE,0CAA0C,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CACzF;aACF;YACD,WAAW,EAAE,GAAG,IAAI,iGAAiG;SACtH,CAAC;IACJ,CAAC;IAED,IAAI,iEAAiE,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAClF,OAAO;YACL,KAAK,EAAE;gBACL,WAAW,CACT,wBAAwB,EACxB,gBAAgB,EAChB,wDAAwD,EACxD,UAAU,EACV,MAAM,EACN,CAAC,EAAE,KAAK,EAAE,2CAA2C,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAC1F;aACF;YACD,WAAW,EAAE,GAAG,IAAI,yEAAyE;SAC9F,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;IAC3C,IAAI,KAAK,KAAK,IAAI,IAAI,yDAAyD,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5F,MAAM,WAAW,GAAkB,wCAAwC,CAAC,IAAI,CAAC,KAAK,CAAC;YACrF,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,kBAAkB,CAAC;QACvB,OAAO;YACL,KAAK,EAAE;gBACL,WAAW,CACT,uBAAuB,KAAK,EAAE,EAC9B,iBAAiB,KAAK,GAAG,EACzB,wCAAwC,KAAK,EAAE,EAC/C,MAAM,EACN,WAAW,EACX,CAAC,EAAE,KAAK,EAAE,wCAAwC,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAC9F;aACF;YACD,WAAW,EAAE,GAAG,UAAU,CAAC,WAAW,CAAC,wDAAwD,KAAK,GAAG;SACxG,CAAC;IACJ,CAAC;IAED,IAAI,mEAAmE,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACpF,OAAO;YACL,KAAK,EAAE;gBACL,WAAW,CACT,uBAAuB,EACvB,oBAAoB,EACpB,+DAA+D,EAC/D,MAAM,EACN,MAAM,EACN,CAAC,EAAE,KAAK,EAAE,iDAAiD,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAChG;aACF;YACD,WAAW,EAAE,GAAG,IAAI,wEAAwE;SAC7F,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,uCAAuC;AAEvC;;;GAGG;AACH,MAAM,UAAU,0BAA0B,CAAC,IAAY;IACrD,MAAM,CAAC,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAEpC,MAAM,cAAc,GAAG,+BAA+B,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC/D,MAAM,YAAY,GAAG,sEAAsE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpG,MAAM,QAAQ,GAAG,+DAA+D,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEzF,IAAI,cAAc,IAAI,YAAY;QAAE,OAAO,IAAI,CAAC;IAEhD,IAAI,cAAc,IAAI,QAAQ;QAAE,OAAO,IAAI,CAAC;IAE5C,iFAAiF;IACjF,yBAAyB;IACzB,IAAI,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,+BAA+B,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAE9F,IAAI,qCAAqC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAEvG,IAAI,iDAAiD,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAC3E,IAAI,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,iCAAiC,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAEhG,OAAO,KAAK,CAAC;AACf,CAAC;AAED,iCAAiC;AAEjC,SAAS,qBAAqB,CAAC,KAAa;IAC1C,OAAO,yEAAyE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC/F,CAAC;AAED,SAAS,4BAA4B,CAAC,KAAa;IACjD,OAAO,uFAAuF,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC7G,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAC/C,MAAM,eAAe,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAC1D,MAAM,UAAU,GAAG,eAAe,CAAC,WAAW,EAAE,CAAC;IACjD,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,MAAM,gBAAgB,GACpB,qFAAqF,CAAC,IAAI,CAAC,UAAU,CAAC;QACtG,qDAAqD,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAEzE,MAAM,sBAAsB,GAAG,mDAAmD,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACpG,MAAM,qBAAqB,GACzB,uDAAuD,CAAC,IAAI,CAAC,UAAU,CAAC;QACxE,kCAAkC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACtD,MAAM,uBAAuB,GAAG,+CAA+C,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACjG,MAAM,2BAA2B,GAAG,8BAA8B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAEpF,IAAI,sBAAsB,IAAI,CAAC,qBAAqB,CAAC,eAAe,CAAC,IAAI,CAAC,2BAA2B,EAAE,CAAC;QACtG,SAAS,CAAC,IAAI,CACZ,wNAAwN,CACzN,CAAC;IACJ,CAAC;IAED,IAAI,sBAAsB,IAAI,qBAAqB,IAAI,uBAAuB,EAAE,CAAC;QAC/E,SAAS,CAAC,IAAI,CACZ,4KAA4K,CAC7K,CAAC;IACJ,CAAC;IAED,IAAI,gBAAgB,IAAI,CAAC,4BAA4B,CAAC,eAAe,CAAC,EAAE,CAAC;QACvE,SAAS,CAAC,IAAI,CACZ,wPAAwP,CACzP,CAAC;IACJ,CAAC;IAED,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,WAAW,EACT,6HAA6H;QAC/H,SAAS;KACV,CAAC;AACJ,CAAC"}

package/dist/policy/index.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Policy generation utilities.
+ *
+ * @module policy
+ */
+export { BROWSER_AGENT_SYSTEM_PROMPT, getPolicyOutputSchema, sanitizeGeneratedRules, validatePolicyOutput, tryInstantGeneration, looksLikePolicyDeclaration, reviewPolicyRequest, type PolicyGenerationResult, type PolicyClarificationRequest, } from './generator.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/policy/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/policy/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,2BAA2B,EAC3B,qBAAqB,EACrB,sBAAsB,EACtB,oBAAoB,EACpB,oBAAoB,EACpB,0BAA0B,EAC1B,mBAAmB,EACnB,KAAK,sBAAsB,EAC3B,KAAK,0BAA0B,GAChC,MAAM,gBAAgB,CAAC"}

package/dist/policy/index.js ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Policy generation utilities.
+ *
+ * @module policy
+ */
+export { BROWSER_AGENT_SYSTEM_PROMPT, getPolicyOutputSchema, sanitizeGeneratedRules, validatePolicyOutput, tryInstantGeneration, looksLikePolicyDeclaration, reviewPolicyRequest, } from './generator.js';
+//# sourceMappingURL=index.js.map

package/dist/policy/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/policy/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,2BAA2B,EAC3B,qBAAqB,EACrB,sBAAsB,EACtB,oBAAoB,EACpB,oBAAoB,EACpB,0BAA0B,EAC1B,mBAAmB,GAGpB,MAAM,gBAAgB,CAAC"}