Skip to content
reaatechREAATECH

@reaatech/tool-use-firewall-config

npm v0.1.0

Zod-based policy schema definitions and YAML policy file loader for the tool-use-firewall proxy. Exports `loadPolicyConfig(path)` to read and validate a YAML policy file, `validatePolicyFile(path)` to lint policies (including ReDoS safety checks), and typed `z.infer` config types for rate limits, costs, approvals, audits, and more.

mcpfirewallsecurityaiproxypolicyconfigyamlzod
npm →source →

@reaatech/tool-use-firewall-config

npm version License: MIT CI

Status: Pre-1.0 — APIs may change in minor versions. Pin to a specific version in production.

Zod-based policy schema definitions and YAML policy file loader for tool-use-firewall. Validates policy configurations at startup and provides typed interfaces for the policy engine.

Installation

terminal
npm install @reaatech/tool-use-firewall-config
# or
pnpm add @reaatech/tool-use-firewall-config

Feature Overview

  • Zod validation — Full policy config schema with nested rate limit, cost, validation, approval, audit, upstream, metrics, secret-scan, and anomaly subschemas
  • YAML loadingloadPolicyConfig(path) reads and validates a YAML policy file, throws typed ValidationError on parse failures
  • Policy lintingvalidatePolicyFile(path) checks a policy against the schema and verifies every regex is ReDoS-safe, returning structured errors/warnings (powers the --validate CLI flag)
  • Default values — Sensible defaults for settings, timeouts, budget actions, and audit levels
  • TypeScript types — All config shapes exported as z.infer types for compile-time safety
  • Dual ESM/CJS output

Quick Start

typescript
import { loadPolicyConfig, type PolicyConfig } from "@reaatech/tool-use-firewall-config";
 
const config: PolicyConfig = loadPolicyConfig("./policies/default.yaml");
console.log(config.settings?.default_action); // "block"

Lint a policy without booting the proxy (e.g. in CI):

typescript
import { validatePolicyFile } from "@reaatech/tool-use-firewall-config";
 
const result = validatePolicyFile("./policy.yaml");
if (!result.valid) {
  console.error(result.errors.join("\n"));
  process.exit(1);
}

Exports

ExportDescription
loadPolicyConfig(path)Read and validate a YAML policy file
validatePolicyFile(path) / PolicyValidationResultLint a policy (schema + ReDoS) without throwing; returns { valid, errors, warnings }
policyConfigSchemaRoot Zod schema for the full policy YAML
ruleSchema / RuleAllow/block/approval rule with conditions and priority
ruleConditionSchema / RuleConditionArgument-based condition with pattern/equals/contains/gt/lt
exceptionConditionSchema / ExceptionConditionRead-only exception condition (argument + regex pattern)
rateLimitConfigSchema / RateLimitConfigGlobal, per-tool, and per-session rate limits
costConfigSchema / CostConfigSession budgets and per-tool costs
validationRuleSchema / ValidationRuleRegex, shell-safe, and SQL-safe validation rules
approvalConfigSchema / ApprovalConfigMulti-level approval configuration
auditConfigSchema / AuditConfigAudit level, output targets, and redaction config

License

MIT

All packagestool-use-firewall overview