@ampsec/platform-client 87.3.0 → 87.4.0

package/build/src/dto/index.d.ts

@@ -33,6 +33,7 @@ export * from './providers.dto';
 export * from './reportResults.dto';
 export * from './riskContributors.dto';
 export * from './rules.dto';
+export * from './ruleSet.dto';
 export * from './saasAssets.dto';
 export * from './saasComponents.dto';
 export * from './saasUsers.dto';

package/build/src/dto/index.js

@@ -49,6 +49,7 @@ __exportStar(require("./providers.dto"), exports);
 __exportStar(require("./reportResults.dto"), exports);
 __exportStar(require("./riskContributors.dto"), exports);
 __exportStar(require("./rules.dto"), exports);
+__exportStar(require("./ruleSet.dto"), exports);
 __exportStar(require("./saasAssets.dto"), exports);
 __exportStar(require("./saasComponents.dto"), exports);
 __exportStar(require("./saasUsers.dto"), exports);

package/build/src/dto/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/dto/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,kDAAgC;AAChC,+CAA6B;AAC7B,8CAA4B;AAC5B,6CAA2B;AAC3B,mDAAiC;AACjC,2DAAyC;AACzC,uDAAqC;AACrC,8CAA4B;AAC5B,iDAA+B;AAC/B,sDAAoC;AACpC,qDAAmC;AACnC,yDAAuC;AACvC,wCAAsB;AACtB,2DAAyC;AACzC,gEAA8C;AAC9C,uDAAqC;AACrC,2DAAyC;AACzC,0DAAwC;AACxC,6CAA2B;AAC3B,0CAAwB;AACxB,kDAAgC;AAChC,iDAA+B;AAC/B,yDAAuC;AACvC,qDAAmC;AACnC,8CAA4B;AAC5B,wCAAsB;AACtB,gDAA8B;AAC9B,qDAAmC;AACnC,6CAA2B;AAC3B,6CAA2B;AAC3B,kDAAgC;AAChC,sDAAoC;AACpC,yDAAuC;AACvC,8CAA4B;AAC5B,mDAAiC;AACjC,uDAAqC;AACrC,kDAAgC;AAChC,mDAAiC;AACjC,iDAA+B;AAC/B,gDAA8B;AAC9B,oDAAkC;AAClC,+CAA6B;AAC7B,wDAAsC;AACtC,kDAAgC;AAChC,8CAA4B;AAC5B,sDAAoC;AACpC,+CAA6B;AAC7B,wDAAsC;AACtC,sDAAoC;AACpC,iDAA+B;AAC/B,8DAA4C;AAC5C,yDAAuC;AACvC,6DAA2C"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/dto/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,kDAAgC;AAChC,+CAA6B;AAC7B,8CAA4B;AAC5B,6CAA2B;AAC3B,mDAAiC;AACjC,2DAAyC;AACzC,uDAAqC;AACrC,8CAA4B;AAC5B,iDAA+B;AAC/B,sDAAoC;AACpC,qDAAmC;AACnC,yDAAuC;AACvC,wCAAsB;AACtB,2DAAyC;AACzC,gEAA8C;AAC9C,uDAAqC;AACrC,2DAAyC;AACzC,0DAAwC;AACxC,6CAA2B;AAC3B,0CAAwB;AACxB,kDAAgC;AAChC,iDAA+B;AAC/B,yDAAuC;AACvC,qDAAmC;AACnC,8CAA4B;AAC5B,wCAAsB;AACtB,gDAA8B;AAC9B,qDAAmC;AACnC,6CAA2B;AAC3B,6CAA2B;AAC3B,kDAAgC;AAChC,sDAAoC;AACpC,yDAAuC;AACvC,8CAA4B;AAC5B,gDAA8B;AAC9B,mDAAiC;AACjC,uDAAqC;AACrC,kDAAgC;AAChC,mDAAiC;AACjC,iDAA+B;AAC/B,gDAA8B;AAC9B,oDAAkC;AAClC,+CAA6B;AAC7B,wDAAsC;AACtC,kDAAgC;AAChC,8CAA4B;AAC5B,sDAAoC;AACpC,+CAA6B;AAC7B,wDAAsC;AACtC,sDAAoC;AACpC,iDAA+B;AAC/B,8DAA4C;AAC5C,yDAAuC;AACvC,6DAA2C"}

package/build/src/dto/ruleSet.dto.d.ts

@@ -0,0 +1,38 @@
+import { z } from 'zod';
+export declare const RULESET_CREATE_SCHEMA: z.ZodObject<{
+    tid: z.ZodOptional<z.ZodString>;
+    cid: z.ZodNullable<z.ZodOptional<z.ZodString>>;
+    name: z.ZodString;
+    description: z.ZodNullable<z.ZodOptional<z.ZodString>>;
+    is_default: z.ZodDefault<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    is_default: boolean;
+    description?: string | null | undefined;
+    tid?: string | undefined;
+    cid?: string | null | undefined;
+}, {
+    name: string;
+    description?: string | null | undefined;
+    tid?: string | undefined;
+    cid?: string | null | undefined;
+    is_default?: boolean | undefined;
+}>;
+export declare const RULESET_UPDATE_SCHEMA: z.ZodObject<{
+    name: z.ZodOptional<z.ZodString>;
+    description: z.ZodNullable<z.ZodOptional<z.ZodString>>;
+    is_default: z.ZodOptional<z.ZodBoolean>;
+    cid: z.ZodNullable<z.ZodOptional<z.ZodString>>;
+}, "strip", z.ZodTypeAny, {
+    name?: string | undefined;
+    description?: string | null | undefined;
+    cid?: string | null | undefined;
+    is_default?: boolean | undefined;
+}, {
+    name?: string | undefined;
+    description?: string | null | undefined;
+    cid?: string | null | undefined;
+    is_default?: boolean | undefined;
+}>;
+export type RuleSetCreateDto = z.infer<typeof RULESET_CREATE_SCHEMA>;
+export type RuleSetUpdateDto = z.infer<typeof RULESET_UPDATE_SCHEMA>;

package/build/src/dto/ruleSet.dto.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RULESET_UPDATE_SCHEMA = exports.RULESET_CREATE_SCHEMA = void 0;
+const zod_1 = require("zod");
+exports.RULESET_CREATE_SCHEMA = zod_1.z.object({
+    tid: zod_1.z.string().optional(),
+    cid: zod_1.z.string().optional().nullable(),
+    name: zod_1.z.string(),
+    description: zod_1.z.string().optional().nullable(),
+    is_default: zod_1.z.boolean().default(false),
+});
+exports.RULESET_UPDATE_SCHEMA = zod_1.z.object({
+    name: zod_1.z.string().optional(),
+    description: zod_1.z.string().optional().nullable(),
+    is_default: zod_1.z.boolean().optional(),
+    cid: zod_1.z.string().optional().nullable(),
+});
+//# sourceMappingURL=ruleSet.dto.js.map

package/build/src/dto/ruleSet.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ruleSet.dto.js","sourceRoot":"","sources":["../../../src/dto/ruleSet.dto.ts"],"names":[],"mappings":";;;AAAA,6BAAsB;AAET,QAAA,qBAAqB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5C,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IACrC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE;IAChB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC7C,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CACvC,CAAC,CAAC;AAEU,QAAA,qBAAqB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5C,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC7C,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAC"}

package/build/src/dto/rules.dto.d.ts

@@ -1,51 +1,212 @@
 import { z } from 'zod';
+/**
+ * Flat condition format (backward compatible)
+ * Used when submitting simple or flat conditions
+ */
+export declare const _FlatConditionSchema: z.ZodObject<{
+    type: z.ZodEnum<["bool", "numeric", "string", "array", "datetime"]>;
+    name: z.ZodString;
+    operator: z.ZodString;
+    value: z.ZodOptional<z.ZodAny>;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    type: "string" | "numeric" | "array" | "datetime" | "bool";
+    operator: string;
+    value?: any;
+}, {
+    name: string;
+    type: "string" | "numeric" | "array" | "datetime" | "bool";
+    operator: string;
+    value?: any;
+}>;
+/**
+ * Hierarchical condition group format (new)
+ * Supports nested AND/OR logic with unlimited depth
+ */
+export declare const _ConditionGroupSchema: z.ZodType<any>;
+/**
+ * Action format
+ * Each action has a type and associated data
+ */
+export declare const _ActionSchema: z.ZodObject<{
+    action_type: z.ZodEnum<["then", "else"]>;
+    action_data: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+}, "strip", z.ZodTypeAny, {
+    action_type: "then" | "else";
+    action_data?: Record<string, any> | undefined;
+}, {
+    action_type: "then" | "else";
+    action_data?: Record<string, any> | undefined;
+}>;
+/**
+ * Create rule schema - supports both flat and hierarchical conditions
+ */
 export declare const _CreateRuleSchema: z.ZodObject<{
-    cid: z.ZodString;
+    rule_set_id: z.ZodString;
+    cid: z.ZodOptional<z.ZodString>;
+    tid: z.ZodOptional<z.ZodString>;
     priority: z.ZodDefault<z.ZodNumber>;
-    conditions: z.ZodOptional<z.ZodAny>;
-    actions: z.ZodOptional<z.ZodAny>;
+    conditions: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        type: z.ZodEnum<["bool", "numeric", "string", "array", "datetime"]>;
+        name: z.ZodString;
+        operator: z.ZodString;
+        value: z.ZodOptional<z.ZodAny>;
+    }, "strip", z.ZodTypeAny, {
+        name: string;
+        type: "string" | "numeric" | "array" | "datetime" | "bool";
+        operator: string;
+        value?: any;
+    }, {
+        name: string;
+        type: "string" | "numeric" | "array" | "datetime" | "bool";
+        operator: string;
+        value?: any;
+    }>, "many">>;
+    conditionGroups: z.ZodOptional<z.ZodArray<z.ZodType<any, z.ZodTypeDef, any>, "many">>;
+    actions: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        action_type: z.ZodEnum<["then", "else"]>;
+        action_data: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+    }, "strip", z.ZodTypeAny, {
+        action_type: "then" | "else";
+        action_data?: Record<string, any> | undefined;
+    }, {
+        action_type: "then" | "else";
+        action_data?: Record<string, any> | undefined;
+    }>, "many">>;
 }, "strip", z.ZodTypeAny, {
-    cid: string;
+    rule_set_id: string;
     priority: number;
-    actions?: any;
-    conditions?: any;
+    tid?: string | undefined;
+    cid?: string | undefined;
+    actions?: {
+        action_type: "then" | "else";
+        action_data?: Record<string, any> | undefined;
+    }[] | undefined;
+    conditions?: {
+        name: string;
+        type: "string" | "numeric" | "array" | "datetime" | "bool";
+        operator: string;
+        value?: any;
+    }[] | undefined;
+    conditionGroups?: any[] | undefined;
 }, {
-    cid: string;
-    actions?: any;
+    rule_set_id: string;
+    tid?: string | undefined;
+    cid?: string | undefined;
+    actions?: {
+        action_type: "then" | "else";
+        action_data?: Record<string, any> | undefined;
+    }[] | undefined;
+    conditions?: {
+        name: string;
+        type: "string" | "numeric" | "array" | "datetime" | "bool";
+        operator: string;
+        value?: any;
+    }[] | undefined;
     priority?: number | undefined;
-    conditions?: any;
+    conditionGroups?: any[] | undefined;
 }>;
+/**
+ * Upsert rule schema - for updates
+ */
 export declare const _RuleUpsertSchema: z.ZodObject<{
     id: z.ZodString;
     priority: z.ZodOptional<z.ZodNumber>;
-    conditions: z.ZodOptional<z.ZodAny>;
-    actions: z.ZodOptional<z.ZodAny>;
+    conditions: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        type: z.ZodEnum<["bool", "numeric", "string", "array", "datetime"]>;
+        name: z.ZodString;
+        operator: z.ZodString;
+        value: z.ZodOptional<z.ZodAny>;
+    }, "strip", z.ZodTypeAny, {
+        name: string;
+        type: "string" | "numeric" | "array" | "datetime" | "bool";
+        operator: string;
+        value?: any;
+    }, {
+        name: string;
+        type: "string" | "numeric" | "array" | "datetime" | "bool";
+        operator: string;
+        value?: any;
+    }>, "many">>;
+    conditionGroups: z.ZodOptional<z.ZodArray<z.ZodType<any, z.ZodTypeDef, any>, "many">>;
+    actions: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        action_type: z.ZodEnum<["then", "else"]>;
+        action_data: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>;
+    }, "strip", z.ZodTypeAny, {
+        action_type: "then" | "else";
+        action_data?: Record<string, any> | undefined;
+    }, {
+        action_type: "then" | "else";
+        action_data?: Record<string, any> | undefined;
+    }>, "many">>;
+    rule_set_id: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
     id: string;
-    actions?: any;
+    actions?: {
+        action_type: "then" | "else";
+        action_data?: Record<string, any> | undefined;
+    }[] | undefined;
+    conditions?: {
+        name: string;
+        type: "string" | "numeric" | "array" | "datetime" | "bool";
+        operator: string;
+        value?: any;
+    }[] | undefined;
+    rule_set_id?: string | undefined;
     priority?: number | undefined;
-    conditions?: any;
+    conditionGroups?: any[] | undefined;
 }, {
     id: string;
-    actions?: any;
+    actions?: {
+        action_type: "then" | "else";
+        action_data?: Record<string, any> | undefined;
+    }[] | undefined;
+    conditions?: {
+        name: string;
+        type: "string" | "numeric" | "array" | "datetime" | "bool";
+        operator: string;
+        value?: any;
+    }[] | undefined;
+    rule_set_id?: string | undefined;
     priority?: number | undefined;
-    conditions?: any;
+    conditionGroups?: any[] | undefined;
 }>;
 export type CreateRuleDtoSchema = z.infer<typeof _CreateRuleSchema> & {
     tid: string;
+    rule_set_id: string;
 };
 export type RuleUpsertDtoSchema = z.infer<typeof _RuleUpsertSchema>;
+export type FlatConditionSchema = z.infer<typeof _FlatConditionSchema>;
+export type ConditionGroupSchema = z.infer<typeof _ConditionGroupSchema>;
+export type ActionSchema = z.infer<typeof _ActionSchema>;
+/**
+ * Leaf condition (single condition)
+ * e.g. { type: "string", name: "severity", operator: "equal_to", value: "CRITICAL" }
+ */
 export type CompiledLeafCondition = {
     type: string;
     name: string;
     operator: string;
     value: unknown;
 };
+/**
+ * Composite condition (AND/OR grouping)
+ * e.g. { any: [...], all: [...] }
+ * Supports unlimited nesting
+ */
 export type CompiledCompositeCondition = {
     any?: CompiledConditionNode[];
     all?: CompiledConditionNode[];
 };
+/**
+ * A condition node is either a leaf condition or composite group
+ * Recursive type supporting arbitrary nesting depth
+ */
 export type CompiledConditionNode = CompiledLeafCondition | CompiledCompositeCondition;
+/**
+ * Action payload structure
+ * Each action has a type and arbitrary metadata
+ */
 export type CompiledActionData = {
     type: string;
     [key: string]: unknown;
@@ -57,13 +218,69 @@ export type CompiledActionData = {
 export type CompiledActions = {
     [action_type: string]: CompiledActionData[];
 };
-/** Compiled rule as produced by compileRulesToJson */
+/**
+ * Compiled rule as produced by compileRulesToJson()
+ * This is what RulesEngine.execute() receives
+ */
 export type CompiledRule = {
+    id: string;
     priority: number;
     conditions: CompiledConditionNode | null;
     actions: CompiledActions;
 };
+/**
+ * Result type for getRuleSetByRuleIds()
+ * Maps rule ID to its compiled ruleset
+ */
 export type RuleSetByIdResult = {
     ruleId: string;
     ruleSet: CompiledRule[];
 };
+/**
+ * Database representation of a condition group (hierarchical storage)
+ * NOT used by RulesEngine - only internal storage
+ */
+export type ConditionGroupEntity = {
+    id: string;
+    rule_id: string;
+    parent_group_id: string | null;
+    behavior: 'any' | 'all';
+    sort_order: number;
+    conditions?: FlatConditionSchema[];
+    childGroups?: ConditionGroupEntity[];
+};
+/**
+ * Database representation of a condition (flat storage)
+ * Can be used standalone (legacy) or within a ConditionGroup (new)
+ */
+export type ConditionEntity = {
+    id: string;
+    rule_id: string;
+    condition_group_id?: string | null;
+    type: string;
+    name: string;
+    operator: string;
+    value: unknown;
+};
+/**
+ * Compilation flow:
+ *
+ * Database Layer:
+ *   Rule.conditionGroups: ConditionGroupEntity[]  (hierarchical)
+ *   Rule.conditions: ConditionEntity[]             (flat - legacy fallback)
+ *
+ *   ↓ RuleService.compileRulesToJson()
+ *
+ * Compilation Layer:
+ *   buildConditionsFromGroups(conditionGroups, conditions)
+ *   - If conditionGroups exist: recursively build tree via buildGroupNode()
+ *   - If empty: fallback to flat conditions
+ *   buildActions() wraps in array-of-arrays
+ *
+ *   ↓ Returns CompiledRule[]
+ *
+ * RulesEngine Layer:
+ *   RulesEngine.execute(compiledRules, input)
+ *   - Processes CompiledConditionNode (any/all nested structure)
+ *   - Actions are array of arrays: `response.then.push(...rule.actions.then)`
+ */

package/build/src/dto/rules.dto.js

@@ -1,18 +1,80 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports._RuleUpsertSchema = exports._CreateRuleSchema = void 0;
+exports._RuleUpsertSchema = exports._CreateRuleSchema = exports._ActionSchema = exports._ConditionGroupSchema = exports._FlatConditionSchema = void 0;
 const zod_1 = require("zod");
-/* ─── Create / Upsert Schemas ──── */
+/* ─── Database Input Schemas (Create / Upsert) ──── */
+/**
+ * Flat condition format (backward compatible)
+ * Used when submitting simple or flat conditions
+ */
+exports._FlatConditionSchema = zod_1.z.object({
+    type: zod_1.z.enum(['bool', 'numeric', 'string', 'array', 'datetime']),
+    name: zod_1.z.string(),
+    operator: zod_1.z.string(),
+    value: zod_1.z.any().optional(),
+});
+/**
+ * Hierarchical condition group format (new)
+ * Supports nested AND/OR logic with unlimited depth
+ */
+exports._ConditionGroupSchema = zod_1.z.lazy(() => zod_1.z.object({
+    id: zod_1.z.string().optional(),
+    behavior: zod_1.z.enum(['any', 'all']),
+    sort_order: zod_1.z.number().default(0),
+    conditions: zod_1.z.array(exports._FlatConditionSchema).optional(),
+    childGroups: zod_1.z.array(exports._ConditionGroupSchema).optional(),
+}));
+/**
+ * Action format
+ * Each action has a type and associated data
+ */
+exports._ActionSchema = zod_1.z.object({
+    action_type: zod_1.z.enum(['then', 'else']),
+    action_data: zod_1.z.record(zod_1.z.any()).optional(),
+});
+/**
+ * Create rule schema - supports both flat and hierarchical conditions
+ */
 exports._CreateRuleSchema = zod_1.z.object({
-    cid: zod_1.z.string(),
+    rule_set_id: zod_1.z.string(),
+    cid: zod_1.z.string().optional(),
+    tid: zod_1.z.string().optional(),
     priority: zod_1.z.number().default(0),
-    conditions: zod_1.z.any().optional(),
-    actions: zod_1.z.any().optional(),
+    conditions: zod_1.z.array(exports._FlatConditionSchema).optional(),
+    conditionGroups: zod_1.z.array(exports._ConditionGroupSchema).optional(),
+    actions: zod_1.z.array(exports._ActionSchema).optional(),
 });
+/**
+ * Upsert rule schema - for updates
+ */
 exports._RuleUpsertSchema = zod_1.z.object({
     id: zod_1.z.string(),
     priority: zod_1.z.number().optional(),
-    conditions: zod_1.z.any().optional(),
-    actions: zod_1.z.any().optional(),
+    conditions: zod_1.z.array(exports._FlatConditionSchema).optional(),
+    conditionGroups: zod_1.z.array(exports._ConditionGroupSchema).optional(),
+    actions: zod_1.z.array(exports._ActionSchema).optional(),
+    rule_set_id: zod_1.z.string().optional(),
 });
+/**
+ * Compilation flow:
+ *
+ * Database Layer:
+ *   Rule.conditionGroups: ConditionGroupEntity[]  (hierarchical)
+ *   Rule.conditions: ConditionEntity[]             (flat - legacy fallback)
+ *
+ *   ↓ RuleService.compileRulesToJson()
+ *
+ * Compilation Layer:
+ *   buildConditionsFromGroups(conditionGroups, conditions)
+ *   - If conditionGroups exist: recursively build tree via buildGroupNode()
+ *   - If empty: fallback to flat conditions
+ *   buildActions() wraps in array-of-arrays
+ *
+ *   ↓ Returns CompiledRule[]
+ *
+ * RulesEngine Layer:
+ *   RulesEngine.execute(compiledRules, input)
+ *   - Processes CompiledConditionNode (any/all nested structure)
+ *   - Actions are array of arrays: `response.then.push(...rule.actions.then)`
+ */
 //# sourceMappingURL=rules.dto.js.map

package/build/src/dto/rules.dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"rules.dto.js","sourceRoot":"","sources":["../../../src/dto/rules.dto.ts"],"names":[],"mappings":";;;AAAA,6BAAsB;AAEtB,sCAAsC;AACzB,QAAA,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACxC,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;IACf,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IAC/B,UAAU,EAAE,OAAC,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAC9B,OAAO,EAAE,OAAC,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CAC5B,CAAC,CAAC;AAEU,QAAA,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACxC,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE;IACd,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,UAAU,EAAE,OAAC,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAC9B,OAAO,EAAE,OAAC,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CAC5B,CAAC,CAAC"}
+{"version":3,"file":"rules.dto.js","sourceRoot":"","sources":["../../../src/dto/rules.dto.ts"],"names":[],"mappings":";;;AAAA,6BAAsB;AAEtB,uDAAuD;AAEvD;;;GAGG;AACU,QAAA,oBAAoB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C,IAAI,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;IAChE,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE;IAChB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;IACpB,KAAK,EAAE,OAAC,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CAC1B,CAAC,CAAC;AAEH;;;GAGG;AACU,QAAA,qBAAqB,GAAmB,OAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAC/D,OAAC,CAAC,MAAM,CAAC;IACP,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzB,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAChC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IACjC,UAAU,EAAE,OAAC,CAAC,KAAK,CAAC,4BAAoB,CAAC,CAAC,QAAQ,EAAE;IACpD,WAAW,EAAE,OAAC,CAAC,KAAK,CAAC,6BAAqB,CAAC,CAAC,QAAQ,EAAE;CACvD,CAAC,CACH,CAAC;AAEF;;;GAGG;AACU,QAAA,aAAa,GAAG,OAAC,CAAC,MAAM,CAAC;IACpC,WAAW,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,WAAW,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC1C,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACxC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE;IACvB,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IAC/B,UAAU,EAAE,OAAC,CAAC,KAAK,CAAC,4BAAoB,CAAC,CAAC,QAAQ,EAAE;IACpD,eAAe,EAAE,OAAC,CAAC,KAAK,CAAC,6BAAqB,CAAC,CAAC,QAAQ,EAAE;IAC1D,OAAO,EAAE,OAAC,CAAC,KAAK,CAAC,qBAAa,CAAC,CAAC,QAAQ,EAAE;CAC3C,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACxC,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE;IACd,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,UAAU,EAAE,OAAC,CAAC,KAAK,CAAC,4BAAoB,CAAC,CAAC,QAAQ,EAAE;IACpD,eAAe,EAAE,OAAC,CAAC,KAAK,CAAC,6BAAqB,CAAC,CAAC,QAAQ,EAAE;IAC1D,OAAO,EAAE,OAAC,CAAC,KAAK,CAAC,qBAAa,CAAC,CAAC,QAAQ,EAAE;IAC1C,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACnC,CAAC,CAAC;AAoHH;;;;;;;;;;;;;;;;;;;;;GAqBG"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ampsec/platform-client",
-  "version": "87.3.0",
+  "version": "87.4.0",
   "description": "",
   "main": "build/src/index.js",
   "runkitExampleFilename": "example/main.js",

package/src/dto/index.ts

@@ -33,6 +33,7 @@ export * from './providers.dto';
 export * from './reportResults.dto';
 export * from './riskContributors.dto';
 export * from './rules.dto';
+export * from './ruleSet.dto';
 export * from './saasAssets.dto';
 export * from './saasComponents.dto';
 export * from './saasUsers.dto';

package/src/dto/ruleSet.dto.ts

@@ -0,0 +1,19 @@
+import {z} from 'zod';
+
+export const RULESET_CREATE_SCHEMA = z.object({
+  tid: z.string().optional(),
+  cid: z.string().optional().nullable(),
+  name: z.string(),
+  description: z.string().optional().nullable(),
+  is_default: z.boolean().default(false),
+});
+
+export const RULESET_UPDATE_SCHEMA = z.object({
+  name: z.string().optional(),
+  description: z.string().optional().nullable(),
+  is_default: z.boolean().optional(),
+  cid: z.string().optional().nullable(),
+});
+
+export type RuleSetCreateDto = z.infer<typeof RULESET_CREATE_SCHEMA>;
+export type RuleSetUpdateDto = z.infer<typeof RULESET_UPDATE_SCHEMA>;

package/src/dto/rules.dto.ts

@@ -1,31 +1,90 @@
 import {z} from 'zod';
 
-/* ─── Create / Upsert Schemas ──── */
+/* ─── Database Input Schemas (Create / Upsert) ──── */
+
+/**
+ * Flat condition format (backward compatible)
+ * Used when submitting simple or flat conditions
+ */
+export const _FlatConditionSchema = z.object({
+  type: z.enum(['bool', 'numeric', 'string', 'array', 'datetime']),
+  name: z.string(),
+  operator: z.string(),
+  value: z.any().optional(),
+});
+
+/**
+ * Hierarchical condition group format (new)
+ * Supports nested AND/OR logic with unlimited depth
+ */
+export const _ConditionGroupSchema: z.ZodType<any> = z.lazy(() =>
+  z.object({
+    id: z.string().optional(),
+    behavior: z.enum(['any', 'all']),
+    sort_order: z.number().default(0),
+    conditions: z.array(_FlatConditionSchema).optional(),
+    childGroups: z.array(_ConditionGroupSchema).optional(),
+  })
+);
+
+/**
+ * Action format
+ * Each action has a type and associated data
+ */
+export const _ActionSchema = z.object({
+  action_type: z.enum(['then', 'else']),
+  action_data: z.record(z.any()).optional(),
+});
+
+/**
+ * Create rule schema - supports both flat and hierarchical conditions
+ */
 export const _CreateRuleSchema = z.object({
-  cid: z.string(),
+  rule_set_id: z.string(),
+  cid: z.string().optional(),
+  tid: z.string().optional(),
   priority: z.number().default(0),
-  conditions: z.any().optional(),
-  actions: z.any().optional(),
+  conditions: z.array(_FlatConditionSchema).optional(),
+  conditionGroups: z.array(_ConditionGroupSchema).optional(),
+  actions: z.array(_ActionSchema).optional(),
 });
 
+/**
+ * Upsert rule schema - for updates
+ */
 export const _RuleUpsertSchema = z.object({
   id: z.string(),
   priority: z.number().optional(),
-  conditions: z.any().optional(),
-  actions: z.any().optional(),
+  conditions: z.array(_FlatConditionSchema).optional(),
+  conditionGroups: z.array(_ConditionGroupSchema).optional(),
+  actions: z.array(_ActionSchema).optional(),
+  rule_set_id: z.string().optional(),
 });
 
 export type CreateRuleDtoSchema = z.infer<typeof _CreateRuleSchema> & {
   tid: string;
+  rule_set_id: string;
 };
 
 export type RuleUpsertDtoSchema = z.infer<typeof _RuleUpsertSchema>;
 
+export type FlatConditionSchema = z.infer<typeof _FlatConditionSchema>;
+export type ConditionGroupSchema = z.infer<typeof _ConditionGroupSchema>;
+export type ActionSchema = z.infer<typeof _ActionSchema>;
+
 /* ─── Compiled Rule Types ─────────────────────────────────────────────────
  * Describe the JSON shape produced by RuleService.compileRulesToJson()
  * and consumed by the rules engine.
+ *
+ * NOTE: The RulesEngine receives COMPILED conditions (CompiledConditionNode),
+ * NOT raw database ConditionGroups. The compilation process converts the
+ * hierarchical ConditionGroup structure to this CompositeConditions format.
  * ────────────────────────────────────────────────────────────────────────── */
 
+/**
+ * Leaf condition (single condition)
+ * e.g. { type: "string", name: "severity", operator: "equal_to", value: "CRITICAL" }
+ */
 export type CompiledLeafCondition = {
   type: string;
   name: string;
@@ -33,13 +92,26 @@ export type CompiledLeafCondition = {
   value: unknown;
 };
 
+/**
+ * Composite condition (AND/OR grouping)
+ * e.g. { any: [...], all: [...] }
+ * Supports unlimited nesting
+ */
 export type CompiledCompositeCondition = {
   any?: CompiledConditionNode[];
   all?: CompiledConditionNode[];
 };
 
+/**
+ * A condition node is either a leaf condition or composite group
+ * Recursive type supporting arbitrary nesting depth
+ */
 export type CompiledConditionNode = CompiledLeafCondition | CompiledCompositeCondition;
 
+/**
+ * Action payload structure
+ * Each action has a type and arbitrary metadata
+ */
 export type CompiledActionData = {
   type: string;
   [key: string]: unknown;
@@ -53,14 +125,75 @@ export type CompiledActions = {
   [action_type: string]: CompiledActionData[];
 };
 
-/** Compiled rule as produced by compileRulesToJson */
+/**
+ * Compiled rule as produced by compileRulesToJson()
+ * This is what RulesEngine.execute() receives
+ */
 export type CompiledRule = {
+  id: string;
   priority: number;
   conditions: CompiledConditionNode | null;
   actions: CompiledActions;
 };
 
+/**
+ * Result type for getRuleSetByRuleIds()
+ * Maps rule ID to its compiled ruleset
+ */
 export type RuleSetByIdResult = {
   ruleId: string;
   ruleSet: CompiledRule[];
 };
+
+/* ─── Internal Database Types ──────────────────────────────────────────── */
+
+/**
+ * Database representation of a condition group (hierarchical storage)
+ * NOT used by RulesEngine - only internal storage
+ */
+export type ConditionGroupEntity = {
+  id: string;
+  rule_id: string;
+  parent_group_id: string | null;
+  behavior: 'any' | 'all';
+  sort_order: number;
+  conditions?: FlatConditionSchema[];
+  childGroups?: ConditionGroupEntity[];
+};
+
+/**
+ * Database representation of a condition (flat storage)
+ * Can be used standalone (legacy) or within a ConditionGroup (new)
+ */
+export type ConditionEntity = {
+  id: string;
+  rule_id: string;
+  condition_group_id?: string | null;
+  type: string;
+  name: string;
+  operator: string;
+  value: unknown;
+};
+
+/**
+ * Compilation flow:
+ *
+ * Database Layer:
+ *   Rule.conditionGroups: ConditionGroupEntity[]  (hierarchical)
+ *   Rule.conditions: ConditionEntity[]             (flat - legacy fallback)
+ *
+ *   ↓ RuleService.compileRulesToJson()
+ *
+ * Compilation Layer:
+ *   buildConditionsFromGroups(conditionGroups, conditions)
+ *   - If conditionGroups exist: recursively build tree via buildGroupNode()
+ *   - If empty: fallback to flat conditions
+ *   buildActions() wraps in array-of-arrays
+ *
+ *   ↓ Returns CompiledRule[]
+ *
+ * RulesEngine Layer:
+ *   RulesEngine.execute(compiledRules, input)
+ *   - Processes CompiledConditionNode (any/all nested structure)
+ *   - Actions are array of arrays: `response.then.push(...rule.actions.then)`
+ */