feat(policy-loader): 8.7 — env-var deprecation warnings (v8.0.0 removal)

plugins/llm-security/hooks/scripts/pre-prompt-inject-scan.mjs

@@ -21,16 +21,17 @@
 
 import { readFileSync } from 'node:fs';
 import { scanForInjection } from '../../scanners/lib/injection-patterns.mjs';
-import { getPolicyValue } from '../../scanners/lib/policy-loader.mjs';
+import { getPolicyValueWithEnvWarn } from '../../scanners/lib/policy-loader.mjs';
 
 // ---------------------------------------------------------------------------
-// Mode configuration (env var takes precedence over policy file)
+// Mode configuration (env var takes precedence over policy file; env-var path
+// emits a v8.0.0 deprecation warning when policy.json also sets the key).
 // ---------------------------------------------------------------------------
 const VALID_MODES = new Set(['block', 'warn', 'off']);
-const policyMode = getPolicyValue('injection', 'mode', 'block');
-const mode = VALID_MODES.has(process.env.LLM_SECURITY_INJECTION_MODE)
-  ? process.env.LLM_SECURITY_INJECTION_MODE
-  : VALID_MODES.has(policyMode) ? policyMode : 'block';
+const resolved = getPolicyValueWithEnvWarn(
+  'injection', 'mode', 'LLM_SECURITY_INJECTION_MODE', 'block'
+);
+const mode = VALID_MODES.has(resolved) ? resolved : 'block';
 
 // Off mode: skip scanning entirely
 if (mode === 'off') {