diff --git a/packages/core/src/policy/toml-loader.test.ts b/packages/core/src/policy/toml-loader.test.ts index 53b05fec25..5f0a0eab8d 100644 --- a/packages/core/src/policy/toml-loader.test.ts +++ b/packages/core/src/policy/toml-loader.test.ts @@ -172,7 +172,7 @@ allow_redirection = true expect(result.errors).toHaveLength(0); }); - it('should return error if modes property is used for Tier 2 and Tier 3 policies', async () => { + it('should support modes property for Tier 2 and Tier 3 policies', async () => { await fs.writeFile( path.join(tempDir, 'tier2.toml'), ` @@ -187,13 +187,10 @@ modes = ["autoEdit"] const getPolicyTier = (_dir: string) => 2; // Tier 2 const result = await loadPoliciesFromToml([tempDir], getPolicyTier); - // It still transforms the rule, but it should also report an error expect(result.rules).toHaveLength(1); expect(result.rules[0].toolName).toBe('tier2-tool'); - expect(result.rules[0].modes).toBeUndefined(); // Should be restricted - expect(result.errors).toHaveLength(1); - expect(result.errors[0].errorType).toBe('rule_validation'); - expect(result.errors[0].message).toContain('Restricted property "modes"'); + expect(result.rules[0].modes).toEqual(['autoEdit']); + expect(result.errors).toHaveLength(0); }); it('should handle TOML parse errors', async () => { diff --git a/packages/core/src/policy/toml-loader.ts b/packages/core/src/policy/toml-loader.ts index edb4614ff6..b731151424 100644 --- a/packages/core/src/policy/toml-loader.ts +++ b/packages/core/src/policy/toml-loader.ts @@ -293,7 +293,6 @@ export async function loadPoliciesFromToml( // Validate shell command convenience syntax const tomlRules = validationResult.data.rule ?? []; - const tomlCheckers = validationResult.data.safety_checker ?? []; for (let i = 0; i < tomlRules.length; i++) { const rule = tomlRules[i]; @@ -310,36 +309,6 @@ export async function loadPoliciesFromToml( }); // Continue to next rule, don't skip the entire file } - - if (tier > 1 && rule.modes && rule.modes.length > 0) { - errors.push({ - filePath, - fileName: file, - tier: tierName, - ruleIndex: i, - errorType: 'rule_validation', - message: 'Restricted property "modes"', - details: `Rule #${i + 1}: The "modes" property is currently reserved for Tier 1 (system) policies and cannot be used in ${tierName} policies.`, - suggestion: 'Remove the "modes" property from this rule.', - }); - } - } - - for (let i = 0; i < tomlCheckers.length; i++) { - const checker = tomlCheckers[i]; - if (tier > 1 && checker.modes && checker.modes.length > 0) { - errors.push({ - filePath, - fileName: file, - tier: tierName, - ruleIndex: i, - errorType: 'rule_validation', - message: 'Restricted property "modes" in safety checker', - details: `Safety Checker #${i + 1}: The "modes" property is currently reserved for Tier 1 (system) policies and cannot be used in ${tierName} policies.`, - suggestion: - 'Remove the "modes" property from this safety checker.', - }); - } } // Transform rules @@ -375,7 +344,7 @@ export async function loadPoliciesFromToml( toolName: effectiveToolName, decision: rule.decision, priority: transformPriority(rule.priority, tier), - modes: tier === 1 ? rule.modes : undefined, + modes: rule.modes, allowRedirection: rule.allow_redirection, }; @@ -440,7 +409,7 @@ export async function loadPoliciesFromToml( toolName: effectiveToolName, priority: checker.priority, checker: checker.checker as SafetyCheckerConfig, - modes: tier === 1 ? checker.modes : undefined, + modes: checker.modes, }; if (argsPattern) {