feat(policy): policy-as-code 门禁 .shellward.json (响应 issue #2) v0.7.21

- .shellward.json: failOn(类别/严重度)/maxFindings/allowOverseas 声明CI门禁
- scan --ci 据策略判定,无文件时默认有critical即失败
- 策略在push声明→运行时执行的纵深防御(外部开发者建议)
- src/compliance/policy.ts + 10项测试; 全套328

Author: jnMetaCode

CHANGELOG.md

@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/),
 and this project adheres to [Semantic Versioning](https://semver.org/).
 
+## [0.7.21] - 2026-06-23
+
+### Added — policy-as-code 门禁（响应 issue #2，首个外部需求）
+- 项目根放 **`.shellward.json`** 声明 CI 门禁规则：`failOn`（类别/严重度命中即失败）、`maxFindings`（发现数上限）、`allowOverseas`（豁免指定境外厂商）
+- `shellward scan --ci` 据策略判定通过/失败并打印违规项；无策略文件时默认「有 critical 即失败」
+- 实现「策略在 Git push 时声明 → 运行时执行」的纵深防御（外部开发者 cschanhniem 的建议）
+- `src/compliance/policy.ts` + 10 项策略测试；全套 **328 测试**全绿
+
 ## [0.7.20] - 2026-06-23
 
 ### Added — web 端中英文双语

README.md

@@ -8,7 +8,7 @@
 
 [![npm](https://img.shields.io/npm/v/shellward?color=cb0000&label=npm)](https://www.npmjs.com/package/shellward)
 [![license](https://img.shields.io/badge/license-Apache--2.0-blue)](./LICENSE)
-[![tests](https://img.shields.io/badge/tests-318%20passing-brightgreen)](#performance)
+[![tests](https://img.shields.io/badge/tests-328%20passing-brightgreen)](#performance)
 [![deps](https://img.shields.io/badge/dependencies-0-brightgreen)](#performance)
 
 **🌐 官网: https://jnmetacode.github.io/shellward/**
@@ -221,6 +221,24 @@ jobs:
 
 Or run it directly without the Action: `npx shellward scan --ci`.
 
+### Policy-as-code (`.shellward.json`)
+
+声明式 CI 门禁（[issue #2](https://github.com/jnMetaCode/shellward/issues/2)）— put a `.shellward.json` in your repo root:
+
+```json
+{
+  "failOn": ["secret", "pii"],
+  "maxFindings": 0,
+  "allowOverseas": ["OpenAI"]
+}
+```
+
+- `failOn` — fail CI if any finding matches these **kinds** (`secret`/`pii`/`overseas`/`env-perm`) or **severities** (`critical`/`high`/`medium`)
+- `maxFindings` — max total findings allowed
+- `allowOverseas` — overseas providers explicitly permitted (exempt from failure)
+
+`shellward scan --ci` reads it; without the file it defaults to "fail on any critical". 实现「策略在 Git push 时声明 → 运行时执行」的纵深防御。
+
 ## 8-Layer Defense
 
 ```

package.json

@@ -1,6 +1,6 @@
 {
   "name": "shellward",
-  "version": "0.7.20",
+  "version": "0.7.21",
   "mcpName": "io.github.jnMetaCode/shellward",
   "description": "AI agent security & MCP security middleware — prompt injection detection, AI firewall, runtime guardrails & data-loss prevention for LLM tool calls. 8-layer defense against data exfiltration & dangerous commands. Zero dependencies. SDK + OpenClaw plugin. Supports LangChain, AutoGPT, Claude Code, Cursor, OpenAI Agents, Hermes Agent.",
   "keywords": [

src/cli.ts

@@ -18,6 +18,7 @@ import { ShellWard } from './core/engine.js'
 import { runProjectComplianceAudit } from './compliance/audit.js'
 import { renderComplianceReport, renderProjectFindings } from './compliance/report.js'
 import { renderHtmlReport } from './compliance/html-report.js'
+import { checkPolicy } from './compliance/policy.js'
 import { runInit } from './init.js'
 import { resolveLocale } from './types.js'
 
@@ -162,10 +163,16 @@ function runScan(args: string[]) {
     }
   }
 
-  // CI 模式：有 critical 项目发现则非零退出
+  // CI 模式：按 .shellward.json 策略门禁（无策略文件则默认"有 critical 即失败"）
   if (ci) {
-    const criticals = scan.findings.filter(f => f.severity === 'critical').length
-    if (criticals > 0) process.exit(1)
+    const pol = checkPolicy(scan, root)
+    if (!json) {
+      process.stdout.write(zh
+        ? `\n🔒 策略门禁（${pol.source === 'file' ? '.shellward.json' : '默认'}）：${pol.pass ? '✅ 通过' : '❌ 未通过'}\n`
+        : `\n🔒 Policy gate (${pol.source === 'file' ? '.shellward.json' : 'default'}): ${pol.pass ? '✅ pass' : '❌ fail'}\n`)
+      for (const v of pol.violations) process.stdout.write(`   - ${v}\n`)
+    }
+    if (!pol.pass) process.exit(1)
   }
 }
 

src/compliance/policy.ts

@@ -0,0 +1,96 @@
+// src/compliance/policy.ts — policy-as-code 门禁（响应 GitHub issue #2）
+//
+// 在 Git/CI 边界用声明式策略约束扫描结果：项目根放 `.shellward.json`，
+// CI（shellward scan --ci）据此判定通过/失败。把"策略在 push 时声明 → 运行时执行"
+// 的纵深防御补上 push 这一端。无策略文件时回退到默认（有 critical 即失败）。
+//
+// 示例 .shellward.json：
+//   {
+//     "failOn": ["secret", "pii"],        // 命中这些"类别"或"严重度"即失败
+//     "maxFindings": 0,                     // 总发现数上限
+//     "allowOverseas": ["OpenAI"]          // 允许的境外厂商（不计入失败）
+//   }
+
+import { readFileSync } from 'fs'
+import { join } from 'path'
+import type { ProjectScanResult, ProjectFinding, FindingKind } from './project-scan.js'
+
+export interface ShellwardPolicy {
+  /** 命中即失败：可填类别(secret/pii/overseas/env-perm) 或 严重度(critical/high/medium) */
+  failOn?: string[]
+  /** 总发现数上限（含被 allowOverseas 豁免后的） */
+  maxFindings?: number
+  /** 允许的境外大模型厂商（provider 名，命中这些的 overseas 发现被豁免） */
+  allowOverseas?: string[]
+}
+
+export interface PolicyResult {
+  pass: boolean
+  source: 'file' | 'default'
+  violations: string[]
+  policy: ShellwardPolicy
+}
+
+const KINDS: FindingKind[] = ['overseas', 'secret', 'pii', 'env-perm']
+const SEVERITIES = ['critical', 'high', 'medium']
+
+/** 读取项目根的 .shellward.json；无/坏则返回默认策略（有 critical 即失败） */
+export function loadPolicy(root: string): { policy: ShellwardPolicy; source: 'file' | 'default' } {
+  try {
+    const raw = readFileSync(join(root, '.shellward.json'), 'utf-8')
+    const p = JSON.parse(raw)
+    if (p && typeof p === 'object') return { policy: sanitize(p), source: 'file' }
+  } catch { /* 无策略文件或解析失败 → 默认 */ }
+  return { policy: { failOn: ['critical'] }, source: 'default' }
+}
+
+function sanitize(p: any): ShellwardPolicy {
+  const out: ShellwardPolicy = {}
+  if (Array.isArray(p.failOn)) out.failOn = p.failOn.filter((x: any) => typeof x === 'string')
+  if (typeof p.maxFindings === 'number' && p.maxFindings >= 0) out.maxFindings = Math.floor(p.maxFindings)
+  if (Array.isArray(p.allowOverseas)) out.allowOverseas = p.allowOverseas.filter((x: any) => typeof x === 'string')
+  return out
+}
+
+/** 把被 allowOverseas 豁免的 overseas 发现去掉 */
+function effective(findings: ProjectFinding[], allow: string[]): ProjectFinding[] {
+  if (!allow.length) return findings
+  const allowLower = new Set(allow.map(a => a.toLowerCase()))
+  return findings.filter(f => {
+    if (f.kind !== 'overseas') return true
+    const prov = (f.provider_en || f.provider_zh || '').toLowerCase()
+    return !allowLower.has(prov)
+  })
+}
+
+/** 根据策略评估扫描结果，返回是否通过 + 违规说明 */
+export function evaluatePolicy(scan: ProjectScanResult, policy: ShellwardPolicy): PolicyResult {
+  const allow = policy.allowOverseas || []
+  const findings = effective(scan.findings, allow)
+  const violations: string[] = []
+
+  const failOn = policy.failOn || []
+  for (const token of failOn) {
+    if (KINDS.includes(token as FindingKind)) {
+      const n = findings.filter(f => f.kind === token).length
+      if (n > 0) violations.push(`failOn "${token}": 命中 ${n} 项`)
+    } else if (SEVERITIES.includes(token)) {
+      const n = findings.filter(f => f.severity === token).length
+      if (n > 0) violations.push(`failOn 严重度 "${token}": 命中 ${n} 项`)
+    }
+  }
+
+  if (typeof policy.maxFindings === 'number' && findings.length > policy.maxFindings) {
+    violations.push(`发现数 ${findings.length} 超过上限 maxFindings=${policy.maxFindings}`)
+  }
+
+  return { pass: violations.length === 0, source: 'default', violations, policy }
+}
+
+/** 加载 + 评估的便捷封装 */
+export function checkPolicy(scan: ProjectScanResult, root: string): PolicyResult {
+  const { policy, source } = loadPolicy(root)
+  const r = evaluatePolicy(scan, policy)
+  r.source = source
+  return r
+}

test-compliance.ts

@@ -13,6 +13,7 @@ import { renderComplianceReport, renderProjectFindings } from './src/compliance/
 import { scanProject } from './src/compliance/project-scan'
 import { renderHtmlReport } from './src/compliance/html-report'
 import { validateRepoUrl } from './src/web/scan-server'
+import { evaluatePolicy, loadPolicy } from './src/compliance/policy'
 import { suggestDomestic, DOMESTIC_MODELS } from './src/rules/domestic-alternatives'
 import { COMPLIANCE_CONTROLS } from './src/compliance/regulations'
 import { DEFAULT_CONFIG } from './src/types'
@@ -397,6 +398,46 @@ console.log('\n--- Markdown 策略 + 诚实评分 ---')
   } finally { rmSync(clean, { recursive: true, force: true }) }
 }
 
+// === 14. policy-as-code 门禁（issue #2）===
+console.log('\n--- 策略门禁 .shellward.json ---')
+{
+  const mk = (kind: any, sev: any, provider?: string) => ({ kind, file: 'a.ts', detail: 'x', severity: sev, provider_en: provider } as any)
+  const scanOf = (findings: any[]) => ({ root: '/x', filesScanned: 1, truncated: false, findings, counts: { overseas: 0, secret: 0, pii: 0, 'env-perm': 0 } } as any)
+
+  // failOn 类别
+  const r1 = evaluatePolicy(scanOf([mk('secret', 'critical')]), { failOn: ['secret'] })
+  test('failOn secret 命中 → 不通过', !r1.pass)
+  const r2 = evaluatePolicy(scanOf([mk('overseas', 'high', 'OpenAI')]), { failOn: ['secret'] })
+  test('failOn secret 无密钥 → 通过', r2.pass)
+
+  // failOn 严重度
+  const r3 = evaluatePolicy(scanOf([mk('secret', 'critical')]), { failOn: ['critical'] })
+  test('failOn critical 命中 → 不通过', !r3.pass)
+
+  // allowOverseas 豁免
+  const r4 = evaluatePolicy(scanOf([mk('overseas', 'high', 'OpenAI')]), { failOn: ['overseas'], allowOverseas: ['OpenAI'] })
+  test('allowOverseas 豁免该厂商 → 通过', r4.pass)
+  const r5 = evaluatePolicy(scanOf([mk('overseas', 'high', 'Anthropic Claude')]), { failOn: ['overseas'], allowOverseas: ['OpenAI'] })
+  test('allowOverseas 不含的厂商 → 不通过', !r5.pass)
+
+  // maxFindings
+  const r6 = evaluatePolicy(scanOf([mk('pii', 'high'), mk('pii', 'high')]), { maxFindings: 1 })
+  test('maxFindings 超标 → 不通过', !r6.pass)
+  const r7 = evaluatePolicy(scanOf([]), { failOn: ['secret', 'critical'], maxFindings: 0 })
+  test('干净项目 → 通过', r7.pass)
+
+  // loadPolicy 默认 + 文件
+  const dir = mkdtempSync(join(tmpdir(), 'sw-pol-'))
+  try {
+    test('无文件 → 默认策略(failOn critical)', loadPolicy(dir).source === 'default')
+    writeFileSync(join(dir, '.shellward.json'), '{"failOn":["pii"],"maxFindings":5}')
+    const lp = loadPolicy(dir)
+    test('有文件 → 读取策略', lp.source === 'file' && lp.policy.maxFindings === 5)
+    writeFileSync(join(dir, '.shellward.json'), '{bad json')
+    test('坏文件 → 回退默认(不崩溃)', loadPolicy(dir).source === 'default')
+  } finally { rmSync(dir, { recursive: true, force: true }) }
+}
+
 // === 总结 ===
 console.log(`\n========== 结果: ${passed} 通过, ${failed} 失败 ==========\n`)
 if (failed > 0) process.exit(1)