[AAASM-2299] ✨ (scenarios): Add policy-enforcement/node/ TypeScript implementation

[Chisanan232]

What changed

Adds the Node.js/TypeScript sub-project for the scenarios/policy-enforcement/ scenario. Reads the shared policy.yaml at runtime using js-yaml, evaluates allow/deny rules before each tool call, and demonstrates the full ALLOW/DENY output cycle.

Files added (scenarios/policy-enforcement/node/):

• src/policy.ts — loads ../policy.yaml using js-yaml; exports evaluate(), POLICY_RULES, DEFAULT_ACTION
• src/tools.ts — typed tool functions returning ToolResult (safe + risky variants)
• src/index.ts — main demo: prints policy summary, then runs 4 governed tool calls
• tests/smoke.test.ts — 10 vitest tests covering policy rules, default deny, and tool outputs

All fully offline — no gateway or API key required.

Related ticket

Closes AAASM-2299

How to verify

cd scenarios/policy-enforcement/node
pnpm install
pnpm start      # shows ALLOW/DENY output
pnpm test       # 10 tests pass

Checklist

• PR title follows [AAASM-XXXX] <GitEmoji> (<scope>): <summary>
• No secrets, API keys, or .env files committed
• Example sub-projects include their own README via the scenario-level README
• SDK/runtime version dependencies are documented or pinned

[Chisanan232]

Code Review — Claude Code

CI status

Check	Result
build	✅ pass
run	✅ pass
SonarCloud	⚠️ fail (acceptance gate — not blocking)

Functional CI is green.

Scope completeness

Verified against AAASM-2299 ticket requirements. All 7 expected Node.js files are present:

• scenarios/policy-enforcement/node/package.json ✅
• scenarios/policy-enforcement/node/tsconfig.json ✅
• scenarios/policy-enforcement/node/src/tools.ts ✅
• scenarios/policy-enforcement/node/src/policy.ts — loads ../policy.yaml via js-yaml at runtime ✅
• scenarios/policy-enforcement/node/src/index.ts ✅
• scenarios/policy-enforcement/node/tests/smoke.test.ts — 10 tests ✅
• scenarios/policy-enforcement/node/pnpm-lock.yaml ✅

Note on diff size: The PR diff currently shows the Python/shared files from PR #26 as well, since this branch was stacked on top of that branch and #26 has not yet merged to master. This is expected stacking behaviour — the extra files will disappear from the diff once PR #26 merges first. The net-new scope of this PR is solely the node/ directory.

Code quality notes

• src/policy.ts uses fileURLToPath(import.meta.url) for ESM-safe __dirname — correct for "type": "module" ✅
• evaluate() returns a typed PolicyRule with action discriminant — clean pattern ✅
• @agent-assembly/sdk listed as optionalDependencies (not yet on npm) — consistent with every other Node example in the repo ✅
• 10 tests: policy rules, default deny, tool outputs ✅

Verdict

✅ Ready to merge (after PR #26 merges first). All functional CI green, AAASM-2299 scope fully covered.

[sonarqubecloud]

Quality Gate failed

Failed conditions
11.8% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud