PyPI - PraisonAI - Versions diffs - 3.0.0__py3-none-any.whl - Mend

PraisonAI 3.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (393) hide show

praisonai/__init__.py +54 -0
praisonai/__main__.py +15 -0
praisonai/acp/__init__.py +54 -0
praisonai/acp/config.py +159 -0
praisonai/acp/server.py +587 -0
praisonai/acp/session.py +219 -0
praisonai/adapters/__init__.py +50 -0
praisonai/adapters/readers.py +395 -0
praisonai/adapters/rerankers.py +315 -0
praisonai/adapters/retrievers.py +394 -0
praisonai/adapters/vector_stores.py +409 -0
praisonai/agent_scheduler.py +337 -0
praisonai/agents_generator.py +903 -0
praisonai/api/call.py +292 -0
praisonai/auto.py +1197 -0
praisonai/capabilities/__init__.py +275 -0
praisonai/capabilities/a2a.py +140 -0
praisonai/capabilities/assistants.py +283 -0
praisonai/capabilities/audio.py +320 -0
praisonai/capabilities/batches.py +469 -0
praisonai/capabilities/completions.py +336 -0
praisonai/capabilities/container_files.py +155 -0
praisonai/capabilities/containers.py +93 -0
praisonai/capabilities/embeddings.py +158 -0
praisonai/capabilities/files.py +467 -0
praisonai/capabilities/fine_tuning.py +293 -0
praisonai/capabilities/guardrails.py +182 -0
praisonai/capabilities/images.py +330 -0
praisonai/capabilities/mcp.py +190 -0
praisonai/capabilities/messages.py +270 -0
praisonai/capabilities/moderations.py +154 -0
praisonai/capabilities/ocr.py +217 -0
praisonai/capabilities/passthrough.py +204 -0
praisonai/capabilities/rag.py +207 -0
praisonai/capabilities/realtime.py +160 -0
praisonai/capabilities/rerank.py +165 -0
praisonai/capabilities/responses.py +266 -0
praisonai/capabilities/search.py +109 -0
praisonai/capabilities/skills.py +133 -0
praisonai/capabilities/vector_store_files.py +334 -0
praisonai/capabilities/vector_stores.py +304 -0
praisonai/capabilities/videos.py +141 -0
praisonai/chainlit_ui.py +304 -0
praisonai/chat/__init__.py +106 -0
praisonai/chat/app.py +125 -0
praisonai/cli/__init__.py +26 -0
praisonai/cli/app.py +213 -0
praisonai/cli/commands/__init__.py +75 -0
praisonai/cli/commands/acp.py +70 -0
praisonai/cli/commands/completion.py +333 -0
praisonai/cli/commands/config.py +166 -0
praisonai/cli/commands/debug.py +142 -0
praisonai/cli/commands/diag.py +55 -0
praisonai/cli/commands/doctor.py +166 -0
praisonai/cli/commands/environment.py +179 -0
praisonai/cli/commands/lsp.py +112 -0
praisonai/cli/commands/mcp.py +210 -0
praisonai/cli/commands/profile.py +457 -0
praisonai/cli/commands/run.py +228 -0
praisonai/cli/commands/schedule.py +150 -0
praisonai/cli/commands/serve.py +97 -0
praisonai/cli/commands/session.py +212 -0
praisonai/cli/commands/traces.py +145 -0
praisonai/cli/commands/version.py +101 -0
praisonai/cli/configuration/__init__.py +18 -0
praisonai/cli/configuration/loader.py +353 -0
praisonai/cli/configuration/paths.py +114 -0
praisonai/cli/configuration/schema.py +164 -0
praisonai/cli/features/__init__.py +268 -0
praisonai/cli/features/acp.py +236 -0
praisonai/cli/features/action_orchestrator.py +546 -0
praisonai/cli/features/agent_scheduler.py +773 -0
praisonai/cli/features/agent_tools.py +474 -0
praisonai/cli/features/agents.py +375 -0
praisonai/cli/features/at_mentions.py +471 -0
praisonai/cli/features/auto_memory.py +182 -0
praisonai/cli/features/autonomy_mode.py +490 -0
praisonai/cli/features/background.py +356 -0
praisonai/cli/features/base.py +168 -0
praisonai/cli/features/capabilities.py +1326 -0
praisonai/cli/features/checkpoints.py +338 -0
praisonai/cli/features/code_intelligence.py +652 -0
praisonai/cli/features/compaction.py +294 -0
praisonai/cli/features/compare.py +534 -0
praisonai/cli/features/cost_tracker.py +514 -0
praisonai/cli/features/debug.py +810 -0
praisonai/cli/features/deploy.py +517 -0
praisonai/cli/features/diag.py +289 -0
praisonai/cli/features/doctor/__init__.py +63 -0
praisonai/cli/features/doctor/checks/__init__.py +24 -0
praisonai/cli/features/doctor/checks/acp_checks.py +240 -0
praisonai/cli/features/doctor/checks/config_checks.py +366 -0
praisonai/cli/features/doctor/checks/db_checks.py +366 -0
praisonai/cli/features/doctor/checks/env_checks.py +543 -0
praisonai/cli/features/doctor/checks/lsp_checks.py +199 -0
praisonai/cli/features/doctor/checks/mcp_checks.py +349 -0
praisonai/cli/features/doctor/checks/memory_checks.py +268 -0
praisonai/cli/features/doctor/checks/network_checks.py +251 -0
praisonai/cli/features/doctor/checks/obs_checks.py +328 -0
praisonai/cli/features/doctor/checks/performance_checks.py +235 -0
praisonai/cli/features/doctor/checks/permissions_checks.py +259 -0
praisonai/cli/features/doctor/checks/selftest_checks.py +322 -0
praisonai/cli/features/doctor/checks/serve_checks.py +426 -0
praisonai/cli/features/doctor/checks/skills_checks.py +231 -0
praisonai/cli/features/doctor/checks/tools_checks.py +371 -0
praisonai/cli/features/doctor/engine.py +266 -0
praisonai/cli/features/doctor/formatters.py +310 -0
praisonai/cli/features/doctor/handler.py +397 -0
praisonai/cli/features/doctor/models.py +264 -0
praisonai/cli/features/doctor/registry.py +239 -0
praisonai/cli/features/endpoints.py +1019 -0
praisonai/cli/features/eval.py +560 -0
praisonai/cli/features/external_agents.py +231 -0
praisonai/cli/features/fast_context.py +410 -0
praisonai/cli/features/flow_display.py +566 -0
praisonai/cli/features/git_integration.py +651 -0
praisonai/cli/features/guardrail.py +171 -0
praisonai/cli/features/handoff.py +185 -0
praisonai/cli/features/hooks.py +583 -0
praisonai/cli/features/image.py +384 -0
praisonai/cli/features/interactive_runtime.py +585 -0
praisonai/cli/features/interactive_tools.py +380 -0
praisonai/cli/features/interactive_tui.py +603 -0
praisonai/cli/features/jobs.py +632 -0
praisonai/cli/features/knowledge.py +531 -0
praisonai/cli/features/lite.py +244 -0
praisonai/cli/features/lsp_cli.py +225 -0
praisonai/cli/features/mcp.py +169 -0
praisonai/cli/features/message_queue.py +587 -0
praisonai/cli/features/metrics.py +211 -0
praisonai/cli/features/n8n.py +673 -0
praisonai/cli/features/observability.py +293 -0
praisonai/cli/features/ollama.py +361 -0
praisonai/cli/features/output_style.py +273 -0
praisonai/cli/features/package.py +631 -0
praisonai/cli/features/performance.py +308 -0
praisonai/cli/features/persistence.py +636 -0
praisonai/cli/features/profile.py +226 -0
praisonai/cli/features/profiler/__init__.py +81 -0
praisonai/cli/features/profiler/core.py +558 -0
praisonai/cli/features/profiler/optimizations.py +652 -0
praisonai/cli/features/profiler/suite.py +386 -0
praisonai/cli/features/profiling.py +350 -0
praisonai/cli/features/queue/__init__.py +73 -0
praisonai/cli/features/queue/manager.py +395 -0
praisonai/cli/features/queue/models.py +286 -0
praisonai/cli/features/queue/persistence.py +564 -0
praisonai/cli/features/queue/scheduler.py +484 -0
praisonai/cli/features/queue/worker.py +372 -0
praisonai/cli/features/recipe.py +1723 -0
praisonai/cli/features/recipes.py +449 -0
praisonai/cli/features/registry.py +229 -0
praisonai/cli/features/repo_map.py +860 -0
praisonai/cli/features/router.py +466 -0
praisonai/cli/features/sandbox_executor.py +515 -0
praisonai/cli/features/serve.py +829 -0
praisonai/cli/features/session.py +222 -0
praisonai/cli/features/skills.py +856 -0
praisonai/cli/features/slash_commands.py +650 -0
praisonai/cli/features/telemetry.py +179 -0
praisonai/cli/features/templates.py +1384 -0
praisonai/cli/features/thinking.py +305 -0
praisonai/cli/features/todo.py +334 -0
praisonai/cli/features/tools.py +680 -0
praisonai/cli/features/tui/__init__.py +83 -0
praisonai/cli/features/tui/app.py +580 -0
praisonai/cli/features/tui/cli.py +566 -0
praisonai/cli/features/tui/debug.py +511 -0
praisonai/cli/features/tui/events.py +99 -0
praisonai/cli/features/tui/mock_provider.py +328 -0
praisonai/cli/features/tui/orchestrator.py +652 -0
praisonai/cli/features/tui/screens/__init__.py +50 -0
praisonai/cli/features/tui/screens/main.py +245 -0
praisonai/cli/features/tui/screens/queue.py +174 -0
praisonai/cli/features/tui/screens/session.py +124 -0
praisonai/cli/features/tui/screens/settings.py +148 -0
praisonai/cli/features/tui/widgets/__init__.py +56 -0
praisonai/cli/features/tui/widgets/chat.py +261 -0
praisonai/cli/features/tui/widgets/composer.py +224 -0
praisonai/cli/features/tui/widgets/queue_panel.py +200 -0
praisonai/cli/features/tui/widgets/status.py +167 -0
praisonai/cli/features/tui/widgets/tool_panel.py +248 -0
praisonai/cli/features/workflow.py +720 -0
praisonai/cli/legacy.py +236 -0
praisonai/cli/main.py +5559 -0
praisonai/cli/schedule_cli.py +54 -0
praisonai/cli/state/__init__.py +31 -0
praisonai/cli/state/identifiers.py +161 -0
praisonai/cli/state/sessions.py +313 -0
praisonai/code/__init__.py +93 -0
praisonai/code/agent_tools.py +344 -0
praisonai/code/diff/__init__.py +21 -0
praisonai/code/diff/diff_strategy.py +432 -0
praisonai/code/tools/__init__.py +27 -0
praisonai/code/tools/apply_diff.py +221 -0
praisonai/code/tools/execute_command.py +275 -0
praisonai/code/tools/list_files.py +274 -0
praisonai/code/tools/read_file.py +206 -0
praisonai/code/tools/search_replace.py +248 -0
praisonai/code/tools/write_file.py +217 -0
praisonai/code/utils/__init__.py +46 -0
praisonai/code/utils/file_utils.py +307 -0
praisonai/code/utils/ignore_utils.py +308 -0
praisonai/code/utils/text_utils.py +276 -0
praisonai/db/__init__.py +64 -0
praisonai/db/adapter.py +531 -0
praisonai/deploy/__init__.py +62 -0
praisonai/deploy/api.py +231 -0
praisonai/deploy/docker.py +454 -0
praisonai/deploy/doctor.py +367 -0
praisonai/deploy/main.py +327 -0
praisonai/deploy/models.py +179 -0
praisonai/deploy/providers/__init__.py +33 -0
praisonai/deploy/providers/aws.py +331 -0
praisonai/deploy/providers/azure.py +358 -0
praisonai/deploy/providers/base.py +101 -0
praisonai/deploy/providers/gcp.py +314 -0
praisonai/deploy/schema.py +208 -0
praisonai/deploy.py +185 -0
praisonai/endpoints/__init__.py +53 -0
praisonai/endpoints/a2u_server.py +410 -0
praisonai/endpoints/discovery.py +165 -0
praisonai/endpoints/providers/__init__.py +28 -0
praisonai/endpoints/providers/a2a.py +253 -0
praisonai/endpoints/providers/a2u.py +208 -0
praisonai/endpoints/providers/agents_api.py +171 -0
praisonai/endpoints/providers/base.py +231 -0
praisonai/endpoints/providers/mcp.py +263 -0
praisonai/endpoints/providers/recipe.py +206 -0
praisonai/endpoints/providers/tools_mcp.py +150 -0
praisonai/endpoints/registry.py +131 -0
praisonai/endpoints/server.py +161 -0
praisonai/inbuilt_tools/__init__.py +24 -0
praisonai/inbuilt_tools/autogen_tools.py +117 -0
praisonai/inc/__init__.py +2 -0
praisonai/inc/config.py +96 -0
praisonai/inc/models.py +155 -0
praisonai/integrations/__init__.py +56 -0
praisonai/integrations/base.py +303 -0
praisonai/integrations/claude_code.py +270 -0
praisonai/integrations/codex_cli.py +255 -0
praisonai/integrations/cursor_cli.py +195 -0
praisonai/integrations/gemini_cli.py +222 -0
praisonai/jobs/__init__.py +67 -0
praisonai/jobs/executor.py +425 -0
praisonai/jobs/models.py +230 -0
praisonai/jobs/router.py +314 -0
praisonai/jobs/server.py +186 -0
praisonai/jobs/store.py +203 -0
praisonai/llm/__init__.py +66 -0
praisonai/llm/registry.py +382 -0
praisonai/mcp_server/__init__.py +152 -0
praisonai/mcp_server/adapters/__init__.py +74 -0
praisonai/mcp_server/adapters/agents.py +128 -0
praisonai/mcp_server/adapters/capabilities.py +168 -0
praisonai/mcp_server/adapters/cli_tools.py +568 -0
praisonai/mcp_server/adapters/extended_capabilities.py +462 -0
praisonai/mcp_server/adapters/knowledge.py +93 -0
praisonai/mcp_server/adapters/memory.py +104 -0
praisonai/mcp_server/adapters/prompts.py +306 -0
praisonai/mcp_server/adapters/resources.py +124 -0
praisonai/mcp_server/adapters/tools_bridge.py +280 -0
praisonai/mcp_server/auth/__init__.py +48 -0
praisonai/mcp_server/auth/api_key.py +291 -0
praisonai/mcp_server/auth/oauth.py +460 -0
praisonai/mcp_server/auth/oidc.py +289 -0
praisonai/mcp_server/auth/scopes.py +260 -0
praisonai/mcp_server/cli.py +852 -0
praisonai/mcp_server/elicitation.py +445 -0
praisonai/mcp_server/icons.py +302 -0
praisonai/mcp_server/recipe_adapter.py +573 -0
praisonai/mcp_server/recipe_cli.py +824 -0
praisonai/mcp_server/registry.py +703 -0
praisonai/mcp_server/sampling.py +422 -0
praisonai/mcp_server/server.py +490 -0
praisonai/mcp_server/tasks.py +443 -0
praisonai/mcp_server/transports/__init__.py +18 -0
praisonai/mcp_server/transports/http_stream.py +376 -0
praisonai/mcp_server/transports/stdio.py +132 -0
praisonai/persistence/__init__.py +84 -0
praisonai/persistence/config.py +238 -0
praisonai/persistence/conversation/__init__.py +25 -0
praisonai/persistence/conversation/async_mysql.py +427 -0
praisonai/persistence/conversation/async_postgres.py +410 -0
praisonai/persistence/conversation/async_sqlite.py +371 -0
praisonai/persistence/conversation/base.py +151 -0
praisonai/persistence/conversation/json_store.py +250 -0
praisonai/persistence/conversation/mysql.py +387 -0
praisonai/persistence/conversation/postgres.py +401 -0
praisonai/persistence/conversation/singlestore.py +240 -0
praisonai/persistence/conversation/sqlite.py +341 -0
praisonai/persistence/conversation/supabase.py +203 -0
praisonai/persistence/conversation/surrealdb.py +287 -0
praisonai/persistence/factory.py +301 -0
praisonai/persistence/hooks/__init__.py +18 -0
praisonai/persistence/hooks/agent_hooks.py +297 -0
praisonai/persistence/knowledge/__init__.py +26 -0
praisonai/persistence/knowledge/base.py +144 -0
praisonai/persistence/knowledge/cassandra.py +232 -0
praisonai/persistence/knowledge/chroma.py +295 -0
praisonai/persistence/knowledge/clickhouse.py +242 -0
praisonai/persistence/knowledge/cosmosdb_vector.py +438 -0
praisonai/persistence/knowledge/couchbase.py +286 -0
praisonai/persistence/knowledge/lancedb.py +216 -0
praisonai/persistence/knowledge/langchain_adapter.py +291 -0
praisonai/persistence/knowledge/lightrag_adapter.py +212 -0
praisonai/persistence/knowledge/llamaindex_adapter.py +256 -0
praisonai/persistence/knowledge/milvus.py +277 -0
praisonai/persistence/knowledge/mongodb_vector.py +306 -0
praisonai/persistence/knowledge/pgvector.py +335 -0
praisonai/persistence/knowledge/pinecone.py +253 -0
praisonai/persistence/knowledge/qdrant.py +301 -0
praisonai/persistence/knowledge/redis_vector.py +291 -0
praisonai/persistence/knowledge/singlestore_vector.py +299 -0
praisonai/persistence/knowledge/surrealdb_vector.py +309 -0
praisonai/persistence/knowledge/upstash_vector.py +266 -0
praisonai/persistence/knowledge/weaviate.py +223 -0
praisonai/persistence/migrations/__init__.py +10 -0
praisonai/persistence/migrations/manager.py +251 -0
praisonai/persistence/orchestrator.py +406 -0
praisonai/persistence/state/__init__.py +21 -0
praisonai/persistence/state/async_mongodb.py +200 -0
praisonai/persistence/state/base.py +107 -0
praisonai/persistence/state/dynamodb.py +226 -0
praisonai/persistence/state/firestore.py +175 -0
praisonai/persistence/state/gcs.py +155 -0
praisonai/persistence/state/memory.py +245 -0
praisonai/persistence/state/mongodb.py +158 -0
praisonai/persistence/state/redis.py +190 -0
praisonai/persistence/state/upstash.py +144 -0
praisonai/persistence/tests/__init__.py +3 -0
praisonai/persistence/tests/test_all_backends.py +633 -0
praisonai/profiler.py +1214 -0
praisonai/recipe/__init__.py +134 -0
praisonai/recipe/bridge.py +278 -0
praisonai/recipe/core.py +893 -0
praisonai/recipe/exceptions.py +54 -0
praisonai/recipe/history.py +402 -0
praisonai/recipe/models.py +266 -0
praisonai/recipe/operations.py +440 -0
praisonai/recipe/policy.py +422 -0
praisonai/recipe/registry.py +849 -0
praisonai/recipe/runtime.py +214 -0
praisonai/recipe/security.py +711 -0
praisonai/recipe/serve.py +859 -0
praisonai/recipe/server.py +613 -0
praisonai/scheduler/__init__.py +45 -0
praisonai/scheduler/agent_scheduler.py +552 -0
praisonai/scheduler/base.py +124 -0
praisonai/scheduler/daemon_manager.py +225 -0
praisonai/scheduler/state_manager.py +155 -0
praisonai/scheduler/yaml_loader.py +193 -0
praisonai/scheduler.py +194 -0
praisonai/setup/__init__.py +1 -0
praisonai/setup/build.py +21 -0
praisonai/setup/post_install.py +23 -0
praisonai/setup/setup_conda_env.py +25 -0
praisonai/setup.py +16 -0
praisonai/templates/__init__.py +116 -0
praisonai/templates/cache.py +364 -0
praisonai/templates/dependency_checker.py +358 -0
praisonai/templates/discovery.py +391 -0
praisonai/templates/loader.py +564 -0
praisonai/templates/registry.py +511 -0
praisonai/templates/resolver.py +206 -0
praisonai/templates/security.py +327 -0
praisonai/templates/tool_override.py +498 -0
praisonai/templates/tools_doctor.py +256 -0
praisonai/test.py +105 -0
praisonai/train.py +562 -0
praisonai/train_vision.py +306 -0
praisonai/ui/agents.py +824 -0
praisonai/ui/callbacks.py +57 -0
praisonai/ui/chainlit_compat.py +246 -0
praisonai/ui/chat.py +532 -0
praisonai/ui/code.py +717 -0
praisonai/ui/colab.py +474 -0
praisonai/ui/colab_chainlit.py +81 -0
praisonai/ui/components/aicoder.py +284 -0
praisonai/ui/context.py +283 -0
praisonai/ui/database_config.py +56 -0
praisonai/ui/db.py +294 -0
praisonai/ui/realtime.py +488 -0
praisonai/ui/realtimeclient/__init__.py +756 -0
praisonai/ui/realtimeclient/tools.py +242 -0
praisonai/ui/sql_alchemy.py +710 -0
praisonai/upload_vision.py +140 -0
praisonai/version.py +1 -0
praisonai-3.0.0.dist-info/METADATA +3493 -0
praisonai-3.0.0.dist-info/RECORD +393 -0
praisonai-3.0.0.dist-info/WHEEL +5 -0
praisonai-3.0.0.dist-info/entry_points.txt +4 -0
praisonai-3.0.0.dist-info/top_level.txt +1 -0

praisonai/recipe/policy.py ADDED Viewed

@@ -0,0 +1,422 @@
+"""
+Recipe Policy Module
+Provides policy management for recipes:
+- Policy packs (reusable org-wide policies)
+- Tool allow/deny enforcement
+- Network/file restrictions
+- PII defaults
+- Mode enforcement (dev/prod)
+"""
+import json
+from pathlib import Path
+from typing import Any, Dict, List, Optional, Set, Union
+import yaml
+class PolicyError(Exception):
+    """Base exception for policy operations."""
+    pass
+class PolicyDeniedError(PolicyError):
+    """Action denied by policy."""
+    pass
+# Default denied tools (dangerous by default)
+DEFAULT_DENIED_TOOLS: Set[str] = {
+    "shell.exec",
+    "shell.run",
+    "shell_tool",
+    "execute_command",
+    "file.write",
+    "file.delete",
+    "fs.write",
+    "fs.delete",
+    "network.unrestricted",
+    "db.write",
+    "db.delete",
+    "db.drop",
+}
+# Default allowed tools (safe by default)
+DEFAULT_ALLOWED_TOOLS: Set[str] = {
+    "web.search",
+    "web_search",
+    "tavily_search",
+    "file.read",
+    "fs.read",
+    "db.query",
+    "db.read",
+}
+class PolicyPack:
+    """
+    Reusable policy pack for org-wide policy management.
+    Policy pack YAML format:
+    ```yaml
+    name: my-org-policy
+    version: "1.0"
+    description: Organization-wide security policy
+    tools:
+      allow:
+        - web.search
+        - db.query
+      deny:
+        - shell.exec
+        - file.write
+    network:
+      allow_domains:
+        - api.openai.com
+        - api.anthropic.com
+      deny_domains:
+        - localhost
+        - 127.0.0.1
+    files:
+      allow_paths:
+        - /tmp
+        - ./outputs
+      deny_paths:
+        - /etc
+        - /var
+    pii:
+      mode: redact  # allow, deny, redact
+      fields:
+        - email
+        - phone
+        - ssn
+    data:
+      retention_days: 30
+      export_allowed: true
+    modes:
+      dev:
+        allow_interactive_prompts: true
+        strict_tool_enforcement: false
+      prod:
+        allow_interactive_prompts: false
+        strict_tool_enforcement: true
+        require_auth: true
+    ```
+    """
+    def __init__(
+        self,
+        name: str = "default",
+        config: Optional[Dict[str, Any]] = None,
+    ):
+        """Initialize policy pack."""
+        self.name = name
+        self.config = config or {}
+        # Tool policies
+        self.allowed_tools: Set[str] = set(self.config.get("tools", {}).get("allow", []))
+        self.denied_tools: Set[str] = set(self.config.get("tools", {}).get("deny", []))
+        # Add defaults
+        self.denied_tools.update(DEFAULT_DENIED_TOOLS)
+        # Network policies
+        self.allowed_domains: Set[str] = set(self.config.get("network", {}).get("allow_domains", []))
+        self.denied_domains: Set[str] = set(self.config.get("network", {}).get("deny_domains", []))
+        # File policies
+        self.allowed_paths: List[str] = self.config.get("files", {}).get("allow_paths", [])
+        self.denied_paths: List[str] = self.config.get("files", {}).get("deny_paths", [])
+        # PII policy
+        self.pii_mode: str = self.config.get("pii", {}).get("mode", "allow")
+        self.pii_fields: List[str] = self.config.get("pii", {}).get("fields", [])
+        # Data policy
+        self.retention_days: Optional[int] = self.config.get("data", {}).get("retention_days")
+        self.export_allowed: bool = self.config.get("data", {}).get("export_allowed", True)
+        # Mode-specific settings
+        self.modes: Dict[str, Dict[str, Any]] = self.config.get("modes", {})
+    @classmethod
+    def load(cls, path: Union[str, Path]) -> "PolicyPack":
+        """Load policy pack from file."""
+        path = Path(path)
+        if not path.exists():
+            raise PolicyError(f"Policy file not found: {path}")
+        with open(path) as f:
+            if path.suffix in (".yaml", ".yml"):
+                config = yaml.safe_load(f)
+            else:
+                config = json.load(f)
+        name = config.get("name", path.stem)
+        return cls(name=name, config=config)
+    def save(self, path: Union[str, Path]):
+        """Save policy pack to file."""
+        path = Path(path)
+        data = {
+            "name": self.name,
+            "version": self.config.get("version", "1.0"),
+            "description": self.config.get("description", ""),
+            "tools": {
+                "allow": list(self.allowed_tools),
+                "deny": list(self.denied_tools),
+            },
+            "network": {
+                "allow_domains": list(self.allowed_domains),
+                "deny_domains": list(self.denied_domains),
+            },
+            "files": {
+                "allow_paths": self.allowed_paths,
+                "deny_paths": self.denied_paths,
+            },
+            "pii": {
+                "mode": self.pii_mode,
+                "fields": self.pii_fields,
+            },
+            "data": {
+                "retention_days": self.retention_days,
+                "export_allowed": self.export_allowed,
+            },
+            "modes": self.modes,
+        }
+        with open(path, "w") as f:
+            if path.suffix in (".yaml", ".yml"):
+                yaml.dump(data, f, default_flow_style=False)
+            else:
+                json.dump(data, f, indent=2)
+    def check_tool(self, tool_id: str, mode: str = "dev") -> bool:
+        """
+        Check if a tool is allowed.
+        Args:
+            tool_id: Tool identifier
+            mode: Execution mode (dev/prod)
+        Returns:
+            True if allowed
+        Raises:
+            PolicyDeniedError: If tool is denied
+        """
+        # Explicit deny always wins
+        if tool_id in self.denied_tools:
+            raise PolicyDeniedError(f"Tool denied by policy: {tool_id}")
+        # Check mode-specific settings
+        mode_config = self.modes.get(mode, {})
+        strict = mode_config.get("strict_tool_enforcement", mode == "prod")
+        if strict:
+            # In strict mode, tool must be explicitly allowed
+            if tool_id not in self.allowed_tools and tool_id not in DEFAULT_ALLOWED_TOOLS:
+                raise PolicyDeniedError(f"Tool not in allowlist (strict mode): {tool_id}")
+        return True
+    def check_domain(self, domain: str) -> bool:
+        """Check if a network domain is allowed."""
+        if domain in self.denied_domains:
+            raise PolicyDeniedError(f"Domain denied by policy: {domain}")
+        if self.allowed_domains and domain not in self.allowed_domains:
+            raise PolicyDeniedError(f"Domain not in allowlist: {domain}")
+        return True
+    def check_path(self, path: str) -> bool:
+        """Check if a file path is allowed."""
+        path_obj = Path(path).resolve()
+        for denied in self.denied_paths:
+            if str(path_obj).startswith(str(Path(denied).resolve())):
+                raise PolicyDeniedError(f"Path denied by policy: {path}")
+        if self.allowed_paths:
+            allowed = False
+            for allow in self.allowed_paths:
+                if str(path_obj).startswith(str(Path(allow).resolve())):
+                    allowed = True
+                    break
+            if not allowed:
+                raise PolicyDeniedError(f"Path not in allowlist: {path}")
+        return True
+    def get_data_policy(self) -> Dict[str, Any]:
+        """Get data policy configuration."""
+        return {
+            "pii": {
+                "mode": self.pii_mode,
+                "fields": self.pii_fields,
+            },
+            "retention_days": self.retention_days,
+            "export_allowed": self.export_allowed,
+        }
+    def get_mode_config(self, mode: str) -> Dict[str, Any]:
+        """Get mode-specific configuration."""
+        return self.modes.get(mode, {})
+    def merge(self, other: "PolicyPack") -> "PolicyPack":
+        """
+        Merge another policy pack (other takes precedence).
+        Args:
+            other: Policy pack to merge
+        Returns:
+            New merged policy pack
+        """
+        merged_config = {
+            "name": f"{self.name}+{other.name}",
+            "tools": {
+                "allow": list(self.allowed_tools | other.allowed_tools),
+                "deny": list(self.denied_tools | other.denied_tools),
+            },
+            "network": {
+                "allow_domains": list(self.allowed_domains | other.allowed_domains),
+                "deny_domains": list(self.denied_domains | other.denied_domains),
+            },
+            "files": {
+                "allow_paths": self.allowed_paths + other.allowed_paths,
+                "deny_paths": self.denied_paths + other.denied_paths,
+            },
+            "pii": {
+                "mode": other.pii_mode or self.pii_mode,
+                "fields": list(set(self.pii_fields + other.pii_fields)),
+            },
+            "data": {
+                "retention_days": other.retention_days or self.retention_days,
+                "export_allowed": other.export_allowed and self.export_allowed,
+            },
+            "modes": {**self.modes, **other.modes},
+        }
+        return PolicyPack(name=merged_config["name"], config=merged_config)
+    def to_dict(self) -> Dict[str, Any]:
+        """Convert to dictionary."""
+        return {
+            "name": self.name,
+            "tools": {
+                "allow": list(self.allowed_tools),
+                "deny": list(self.denied_tools),
+            },
+            "network": {
+                "allow_domains": list(self.allowed_domains),
+                "deny_domains": list(self.denied_domains),
+            },
+            "files": {
+                "allow_paths": self.allowed_paths,
+                "deny_paths": self.denied_paths,
+            },
+            "pii": {
+                "mode": self.pii_mode,
+                "fields": self.pii_fields,
+            },
+            "data": {
+                "retention_days": self.retention_days,
+                "export_allowed": self.export_allowed,
+            },
+            "modes": self.modes,
+        }
+# Default policy packs
+DEFAULT_DEV_POLICY = PolicyPack(
+    name="default-dev",
+    config={
+        "tools": {
+            "allow": list(DEFAULT_ALLOWED_TOOLS),
+            "deny": list(DEFAULT_DENIED_TOOLS),
+        },
+        "pii": {"mode": "allow"},
+        "modes": {
+            "dev": {
+                "allow_interactive_prompts": True,
+                "strict_tool_enforcement": False,
+            },
+        },
+    },
+)
+DEFAULT_PROD_POLICY = PolicyPack(
+    name="default-prod",
+    config={
+        "tools": {
+            "allow": list(DEFAULT_ALLOWED_TOOLS),
+            "deny": list(DEFAULT_DENIED_TOOLS),
+        },
+        "pii": {"mode": "redact", "fields": ["email", "phone", "ssn"]},
+        "modes": {
+            "prod": {
+                "allow_interactive_prompts": False,
+                "strict_tool_enforcement": True,
+                "require_auth": True,
+            },
+        },
+    },
+)
+def get_default_policy(mode: str = "dev") -> PolicyPack:
+    """Get default policy for a mode."""
+    if mode == "prod":
+        return DEFAULT_PROD_POLICY
+    return DEFAULT_DEV_POLICY
+def load_policy(
+    policy_path: Optional[Union[str, Path]] = None,
+    mode: str = "dev",
+) -> PolicyPack:
+    """
+    Load policy from file or return default.
+    Args:
+        policy_path: Path to policy file (optional)
+        mode: Execution mode
+    Returns:
+        PolicyPack instance
+    """
+    if policy_path:
+        return PolicyPack.load(policy_path)
+    return get_default_policy(mode)
+def check_tool_policy(
+    tool_id: str,
+    policy: Optional[PolicyPack] = None,
+    mode: str = "dev",
+) -> bool:
+    """
+    Check if a tool is allowed by policy.
+    Args:
+        tool_id: Tool identifier
+        policy: Policy pack (optional, uses default)
+        mode: Execution mode
+    Returns:
+        True if allowed
+    Raises:
+        PolicyDeniedError: If tool is denied
+    """
+    policy = policy or get_default_policy(mode)
+    return policy.check_tool(tool_id, mode)