feat(policy-loader): 8.7 — env-var deprecation warnings (v8.0.0 removal)

plugins/llm-security/hooks/scripts/post-session-guard.mjs

@@ -43,7 +43,7 @@ import { createHash } from 'node:crypto';
 import { extractMcpServer } from '../../scanners/lib/mcp-description-cache.mjs';
 import { jensenShannonDivergence, buildDistribution } from '../../scanners/lib/distribution-stats.mjs';
 import { writeAuditEvent } from '../../scanners/lib/audit-trail.mjs';
-import { getPolicyValue } from '../../scanners/lib/policy-loader.mjs';
+import { getPolicyValue, getPolicyValueWithEnvWarn } from '../../scanners/lib/policy-loader.mjs';
 
 // ---------------------------------------------------------------------------
 // Constants
@@ -66,16 +66,24 @@ const DRIFT_SAMPLE_SIZE = 20;
 // in the [primary, 20]-call range. Both reference an input_source; the
 // secondary catches slow-burn variants where the attacker waits past the
 // primary window before delegating.
+// D3 (v7.3.0): env-var path emits a v8.0.0 deprecation warning when
+// trifecta.escalation_window is also set in policy.json.
 const DELEGATION_ESCALATION_WINDOW = (() => {
-  const envVal = parseInt(process.env.LLM_SECURITY_ESCALATION_WINDOW, 10);
-  if (Number.isFinite(envVal) && envVal > 0) return envVal;
-  return getPolicyValue('trifecta', 'escalation_window', 5);
+  const resolved = getPolicyValueWithEnvWarn(
+    'trifecta', 'escalation_window', 'LLM_SECURITY_ESCALATION_WINDOW', 5
+  );
+  const parsed = typeof resolved === 'string' ? parseInt(resolved, 10) : resolved;
+  if (Number.isFinite(parsed) && parsed > 0) return parsed;
+  return 5;
 })();
 const DELEGATION_ESCALATION_WINDOW_MEDIUM = 20; // secondary longer-window advisory
 
-// Rule of Two enforcement mode: block | warn | off (env var takes precedence over policy)
-const policyTrifectaMode = getPolicyValue('trifecta', 'mode', 'warn');
-const TRIFECTA_MODE = (process.env.LLM_SECURITY_TRIFECTA_MODE || policyTrifectaMode).toLowerCase();
+// Rule of Two enforcement mode: block | warn | off (env var takes precedence over policy).
+// D3 (v7.3.0): env-var path emits a v8.0.0 deprecation warning when
+// trifecta.mode is also set in policy.json.
+const TRIFECTA_MODE = String(
+  getPolicyValueWithEnvWarn('trifecta', 'mode', 'LLM_SECURITY_TRIFECTA_MODE', 'warn')
+).toLowerCase();
 
 // Volume tracking thresholds (cumulative bytes per session)
 const VOLUME_THRESHOLDS = [

plugins/llm-security/hooks/scripts/pre-prompt-inject-scan.mjs

@@ -21,16 +21,17 @@
 
 import { readFileSync } from 'node:fs';
 import { scanForInjection } from '../../scanners/lib/injection-patterns.mjs';
-import { getPolicyValue } from '../../scanners/lib/policy-loader.mjs';
+import { getPolicyValueWithEnvWarn } from '../../scanners/lib/policy-loader.mjs';
 
 // ---------------------------------------------------------------------------
-// Mode configuration (env var takes precedence over policy file)
+// Mode configuration (env var takes precedence over policy file; env-var path
+// emits a v8.0.0 deprecation warning when policy.json also sets the key).
 // ---------------------------------------------------------------------------
 const VALID_MODES = new Set(['block', 'warn', 'off']);
-const policyMode = getPolicyValue('injection', 'mode', 'block');
-const mode = VALID_MODES.has(process.env.LLM_SECURITY_INJECTION_MODE)
-  ? process.env.LLM_SECURITY_INJECTION_MODE
-  : VALID_MODES.has(policyMode) ? policyMode : 'block';
+const resolved = getPolicyValueWithEnvWarn(
+  'injection', 'mode', 'LLM_SECURITY_INJECTION_MODE', 'block'
+);
+const mode = VALID_MODES.has(resolved) ? resolved : 'block';
 
 // Off mode: skip scanning entirely
 if (mode === 'off') {