fix: integrate DiscoveredTool with Policy Engine (#12646)

packages/core/src/policy/config.test.ts

@@ -641,4 +641,33 @@ priority = 150
 
     vi.doUnmock('node:fs/promises');
   });
+
+  it('should have default ASK_USER rule for discovered tools', async () => {
+    vi.resetModules();
+    vi.doUnmock('node:fs/promises');
+    const { createPolicyEngineConfig: createConfig } = await import(
+      './config.js'
+    );
+    // Re-mock Storage after resetModules because it was reloaded
+    const { Storage: FreshStorage } = await import('../config/storage.js');
+    vi.spyOn(FreshStorage, 'getUserPoliciesDir').mockReturnValue(
+      '/non/existent/user/policies',
+    );
+    vi.spyOn(FreshStorage, 'getSystemPoliciesDir').mockReturnValue(
+      '/non/existent/system/policies',
+    );
+
+    const settings: PolicySettings = {};
+    // Use default policy dir to load real discovered.toml
+    const config = await createConfig(settings, ApprovalMode.DEFAULT);
+
+    const discoveredRule = config.rules?.find(
+      (r) =>
+        r.toolName === 'discovered_tool_*' &&
+        r.decision === PolicyDecision.ASK_USER,
+    );
+    expect(discoveredRule).toBeDefined();
+    // Priority 10 in default tier → 1.010
+    expect(discoveredRule?.priority).toBeCloseTo(1.01, 5);
+  });
 });

packages/core/src/policy/policies/discovered.toml

@@ -0,0 +1,8 @@
+# Default policy for tools discovered via toolDiscoveryCommand.
+# These tools are potentially dangerous as they are arbitrary scripts.
+# We default them to ASK_USER for safety.
+
+[[rule]]
+toolName = "discovered_tool_*"
+decision = "ask_user"
+priority = 10