@api-client/core 0.18.56 → 0.18.58

package/build/src/modeling/rules/AccessRule.d.ts

@@ -0,0 +1,17 @@
+export interface AccessRuleSchema {
+    /**
+     * The unique identifier for the access rule.
+     * This is used to reference the rule in the API configuration.
+     */
+    type: string;
+}
+/**
+ * Base class for all access rules.
+ */
+export declare class AccessRule extends EventTarget implements AccessRuleSchema {
+    readonly type: string;
+    constructor(state?: Partial<AccessRuleSchema>);
+    toJSON(): AccessRuleSchema;
+    notifyChange(): void;
+}
+//# sourceMappingURL=AccessRule.d.ts.map

package/build/src/modeling/rules/AccessRule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AccessRule.d.ts","sourceRoot":"","sources":["../../../../src/modeling/rules/AccessRule.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,gBAAgB;IAC/B;;;OAGG;IACH,IAAI,EAAE,MAAM,CAAA;CACb;AAED;;GAEG;AACH,qBAAa,UAAW,SAAQ,WAAY,YAAW,gBAAgB;IACrE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;gBAET,KAAK,GAAE,OAAO,CAAC,gBAAgB,CAAM;IAKjD,MAAM,IAAI,gBAAgB;IAM1B,YAAY;CAGb"}

package/build/src/modeling/rules/AccessRule.js

@@ -0,0 +1,19 @@
+/**
+ * Base class for all access rules.
+ */
+export class AccessRule extends EventTarget {
+    type;
+    constructor(state = {}) {
+        super();
+        this.type = state.type ?? '';
+    }
+    toJSON() {
+        return {
+            type: this.type,
+        };
+    }
+    notifyChange() {
+        this.dispatchEvent(new Event('change'));
+    }
+}
+//# sourceMappingURL=AccessRule.js.map

package/build/src/modeling/rules/AccessRule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AccessRule.js","sourceRoot":"","sources":["../../../../src/modeling/rules/AccessRule.ts"],"names":[],"mappings":"AAQA;;GAEG;AACH,MAAM,OAAO,UAAW,SAAQ,WAAW;IAChC,IAAI,CAAQ;IAErB,YAAY,QAAmC,EAAE;QAC/C,KAAK,EAAE,CAAA;QACP,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,EAAE,CAAA;IAC9B,CAAC;IAED,MAAM;QACJ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,IAAI;SAChB,CAAA;IACH,CAAC;IAED,YAAY;QACV,IAAI,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAA;IACzC,CAAC;CACF","sourcesContent":["export interface AccessRuleSchema {\n  /**\n   * The unique identifier for the access rule.\n   * This is used to reference the rule in the API configuration.\n   */\n  type: string\n}\n\n/**\n * Base class for all access rules.\n */\nexport class AccessRule extends EventTarget implements AccessRuleSchema {\n  readonly type: string\n\n  constructor(state: Partial<AccessRuleSchema> = {}) {\n    super()\n    this.type = state.type ?? ''\n  }\n\n  toJSON(): AccessRuleSchema {\n    return {\n      type: this.type,\n    }\n  }\n\n  notifyChange() {\n    this.dispatchEvent(new Event('change'))\n  }\n}\n"]}

package/build/src/modeling/rules/AllowAuthenticated.d.ts

@@ -0,0 +1,19 @@
+import { AccessRule, type AccessRuleSchema } from './AccessRule.js';
+/**
+ * The action is allowed for any authenticated user.
+ * This rule does not impose any additional restrictions based on user properties or resource ownership.
+ * It is used for resources that should be accessible to all logged-in users.
+ */
+export interface AllowAuthenticatedAccessRuleSchema extends AccessRuleSchema {
+    type: 'authenticated';
+}
+/**
+ * The action is allowed for any authenticated user.
+ * This rule does not impose any additional restrictions based on user properties or resource ownership.
+ * It is used for resources that should be accessible to all logged-in users.
+ */
+export declare class AllowAuthenticatedAccessRule extends AccessRule implements AllowAuthenticatedAccessRuleSchema {
+    readonly type: 'authenticated';
+    constructor(state?: Partial<AllowAuthenticatedAccessRuleSchema>);
+}
+//# sourceMappingURL=AllowAuthenticated.d.ts.map

package/build/src/modeling/rules/AllowAuthenticated.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AllowAuthenticated.d.ts","sourceRoot":"","sources":["../../../../src/modeling/rules/AllowAuthenticated.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,KAAK,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAEnE;;;;GAIG;AACH,MAAM,WAAW,kCAAmC,SAAQ,gBAAgB;IAC1E,IAAI,EAAE,eAAe,CAAA;CACtB;AAED;;;;GAIG;AACH,qBAAa,4BAA6B,SAAQ,UAAW,YAAW,kCAAkC;IACxG,SAAkB,IAAI,EAAE,eAAe,CAAA;gBAE3B,KAAK,GAAE,OAAO,CAAC,kCAAkC,CAAM;CAIpE"}

package/build/src/modeling/rules/AllowAuthenticated.js

@@ -0,0 +1,14 @@
+import { AccessRule } from './AccessRule.js';
+/**
+ * The action is allowed for any authenticated user.
+ * This rule does not impose any additional restrictions based on user properties or resource ownership.
+ * It is used for resources that should be accessible to all logged-in users.
+ */
+export class AllowAuthenticatedAccessRule extends AccessRule {
+    type;
+    constructor(state = {}) {
+        super(state);
+        this.type = 'authenticated';
+    }
+}
+//# sourceMappingURL=AllowAuthenticated.js.map

package/build/src/modeling/rules/AllowAuthenticated.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AllowAuthenticated.js","sourceRoot":"","sources":["../../../../src/modeling/rules/AllowAuthenticated.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAyB,MAAM,iBAAiB,CAAA;AAWnE;;;;GAIG;AACH,MAAM,OAAO,4BAA6B,SAAQ,UAAU;IACxC,IAAI,CAAiB;IAEvC,YAAY,QAAqD,EAAE;QACjE,KAAK,CAAC,KAAK,CAAC,CAAA;QACZ,IAAI,CAAC,IAAI,GAAG,eAAe,CAAA;IAC7B,CAAC;CACF","sourcesContent":["import { AccessRule, type AccessRuleSchema } from './AccessRule.js'\n\n/**\n * The action is allowed for any authenticated user.\n * This rule does not impose any additional restrictions based on user properties or resource ownership.\n * It is used for resources that should be accessible to all logged-in users.\n */\nexport interface AllowAuthenticatedAccessRuleSchema extends AccessRuleSchema {\n  type: 'authenticated'\n}\n\n/**\n * The action is allowed for any authenticated user.\n * This rule does not impose any additional restrictions based on user properties or resource ownership.\n * It is used for resources that should be accessible to all logged-in users.\n */\nexport class AllowAuthenticatedAccessRule extends AccessRule implements AllowAuthenticatedAccessRuleSchema {\n  override readonly type: 'authenticated'\n\n  constructor(state: Partial<AllowAuthenticatedAccessRuleSchema> = {}) {\n    super(state)\n    this.type = 'authenticated'\n  }\n}\n"]}

package/build/src/modeling/rules/AllowPublic.d.ts

@@ -0,0 +1,19 @@
+import { AccessRule, type AccessRuleSchema } from './AccessRule.js';
+/**
+ * The action is allowed for all users, including unauthenticated ones.
+ * This is typically used for public APIs or resources that do not require authentication.
+ * It is the most permissive rule and should be used with caution.
+ */
+export interface AllowPublicAccessRuleSchema extends AccessRuleSchema {
+    type: 'public';
+}
+/**
+ * The action is allowed for all users, including unauthenticated ones.
+ * This is typically used for public APIs or resources that do not require authentication.
+ * It is the most permissive rule and should be used with caution.
+ */
+export declare class AllowPublicAccessRule extends AccessRule implements AllowPublicAccessRuleSchema {
+    readonly type: 'public';
+    constructor(state?: Partial<AllowPublicAccessRuleSchema>);
+}
+//# sourceMappingURL=AllowPublic.d.ts.map

package/build/src/modeling/rules/AllowPublic.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AllowPublic.d.ts","sourceRoot":"","sources":["../../../../src/modeling/rules/AllowPublic.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,KAAK,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAEnE;;;;GAIG;AACH,MAAM,WAAW,2BAA4B,SAAQ,gBAAgB;IACnE,IAAI,EAAE,QAAQ,CAAA;CACf;AAED;;;;GAIG;AACH,qBAAa,qBAAsB,SAAQ,UAAW,YAAW,2BAA2B;IAC1F,SAAkB,IAAI,EAAE,QAAQ,CAAA;gBAEpB,KAAK,GAAE,OAAO,CAAC,2BAA2B,CAAM;CAI7D"}

package/build/src/modeling/rules/AllowPublic.js

@@ -0,0 +1,14 @@
+import { AccessRule } from './AccessRule.js';
+/**
+ * The action is allowed for all users, including unauthenticated ones.
+ * This is typically used for public APIs or resources that do not require authentication.
+ * It is the most permissive rule and should be used with caution.
+ */
+export class AllowPublicAccessRule extends AccessRule {
+    type;
+    constructor(state = {}) {
+        super(state);
+        this.type = 'public';
+    }
+}
+//# sourceMappingURL=AllowPublic.js.map

package/build/src/modeling/rules/AllowPublic.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AllowPublic.js","sourceRoot":"","sources":["../../../../src/modeling/rules/AllowPublic.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAyB,MAAM,iBAAiB,CAAA;AAWnE;;;;GAIG;AACH,MAAM,OAAO,qBAAsB,SAAQ,UAAU;IACjC,IAAI,CAAU;IAEhC,YAAY,QAA8C,EAAE;QAC1D,KAAK,CAAC,KAAK,CAAC,CAAA;QACZ,IAAI,CAAC,IAAI,GAAG,QAAQ,CAAA;IACtB,CAAC;CACF","sourcesContent":["import { AccessRule, type AccessRuleSchema } from './AccessRule.js'\n\n/**\n * The action is allowed for all users, including unauthenticated ones.\n * This is typically used for public APIs or resources that do not require authentication.\n * It is the most permissive rule and should be used with caution.\n */\nexport interface AllowPublicAccessRuleSchema extends AccessRuleSchema {\n  type: 'public'\n}\n\n/**\n * The action is allowed for all users, including unauthenticated ones.\n * This is typically used for public APIs or resources that do not require authentication.\n * It is the most permissive rule and should be used with caution.\n */\nexport class AllowPublicAccessRule extends AccessRule implements AllowPublicAccessRuleSchema {\n  override readonly type: 'public'\n\n  constructor(state: Partial<AllowPublicAccessRuleSchema> = {}) {\n    super(state)\n    this.type = 'public'\n  }\n}\n"]}

package/build/src/modeling/rules/MatchEmailDomain.d.ts

@@ -0,0 +1,25 @@
+import { AccessRule, type AccessRuleSchema } from './AccessRule.js';
+/**
+ * The action is allowed if the authenticated user's email domain matches a specific domain.
+ * This is used to restrict access based on the user's email address.
+ * For example, only users with an email address from "my-company.com" can access certain resources.
+ */
+export interface MatchEmailDomainAccessRuleSchema extends AccessRuleSchema {
+    type: 'matchEmailDomain';
+    /**
+     * The email domains that the authenticated user's email must match.
+     */
+    domains: string[];
+}
+/**
+ * The action is allowed if the authenticated user's email domain matches a specific domain.
+ * This is used to restrict access based on the user's email address.
+ * For example, only users with an email address from "my-company.com" can access certain resources.
+ */
+export declare class MatchEmailDomainAccessRule extends AccessRule implements MatchEmailDomainAccessRuleSchema {
+    readonly type: 'matchEmailDomain';
+    accessor domains: string[];
+    constructor(state?: Partial<MatchEmailDomainAccessRuleSchema>);
+    toJSON(): MatchEmailDomainAccessRuleSchema;
+}
+//# sourceMappingURL=MatchEmailDomain.d.ts.map

package/build/src/modeling/rules/MatchEmailDomain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MatchEmailDomain.d.ts","sourceRoot":"","sources":["../../../../src/modeling/rules/MatchEmailDomain.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,KAAK,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAGnE;;;;GAIG;AACH,MAAM,WAAW,gCAAiC,SAAQ,gBAAgB;IACxE,IAAI,EAAE,kBAAkB,CAAA;IACxB;;OAEG;IACH,OAAO,EAAE,MAAM,EAAE,CAAA;CAClB;AAED;;;;GAIG;AACH,qBAAa,0BAA2B,SAAQ,UAAW,YAAW,gCAAgC;IACpG,SAAkB,IAAI,EAAE,kBAAkB,CAAA;IAEhB,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,CAAA;gBAExC,KAAK,GAAE,OAAO,CAAC,gCAAgC,CAAM;IAMxD,MAAM,IAAI,gCAAgC;CAMpD"}

package/build/src/modeling/rules/MatchEmailDomain.js

@@ -0,0 +1,40 @@
+import { __esDecorate, __runInitializers } from "tslib";
+import { AccessRule } from './AccessRule.js';
+import { observed, toRaw } from '../../decorators/observed.js';
+/**
+ * The action is allowed if the authenticated user's email domain matches a specific domain.
+ * This is used to restrict access based on the user's email address.
+ * For example, only users with an email address from "my-company.com" can access certain resources.
+ */
+let MatchEmailDomainAccessRule = (() => {
+    let _classSuper = AccessRule;
+    let _domains_decorators;
+    let _domains_initializers = [];
+    let _domains_extraInitializers = [];
+    return class MatchEmailDomainAccessRule extends _classSuper {
+        static {
+            const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(_classSuper[Symbol.metadata] ?? null) : void 0;
+            _domains_decorators = [observed({ deep: true })];
+            __esDecorate(this, null, _domains_decorators, { kind: "accessor", name: "domains", static: false, private: false, access: { has: obj => "domains" in obj, get: obj => obj.domains, set: (obj, value) => { obj.domains = value; } }, metadata: _metadata }, _domains_initializers, _domains_extraInitializers);
+            if (_metadata) Object.defineProperty(this, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
+        }
+        type;
+        #domains_accessor_storage = __runInitializers(this, _domains_initializers, void 0);
+        get domains() { return this.#domains_accessor_storage; }
+        set domains(value) { this.#domains_accessor_storage = value; }
+        constructor(state = {}) {
+            super(state);
+            __runInitializers(this, _domains_extraInitializers);
+            this.type = 'matchEmailDomain';
+            this.domains = state.domains ? [...state.domains] : [];
+        }
+        toJSON() {
+            return {
+                ...super.toJSON(),
+                domains: structuredClone(toRaw(this, this.domains)),
+            };
+        }
+    };
+})();
+export { MatchEmailDomainAccessRule };
+//# sourceMappingURL=MatchEmailDomain.js.map

package/build/src/modeling/rules/MatchEmailDomain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"MatchEmailDomain.js","sourceRoot":"","sources":["../../../../src/modeling/rules/MatchEmailDomain.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,UAAU,EAAyB,MAAM,iBAAiB,CAAA;AACnE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,8BAA8B,CAAA;AAe9D;;;;GAIG;IACU,0BAA0B;sBAAS,UAAU;;;;iBAA7C,0BAA2B,SAAQ,WAAU;;;mCAGvD,QAAQ,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YAAC,0KAAS,OAAO,6BAAP,OAAO,yFAAU;;;QAFlC,IAAI,CAAoB;QAEhB,mFAA0B;QAA1B,IAAS,OAAO,6CAAU;QAA1B,IAAS,OAAO,mDAAU;QAEpD,YAAY,QAAmD,EAAE;YAC/D,KAAK,CAAC,KAAK,CAAC,CAAA;;YACZ,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAA;YAC9B,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;SACvD;QAEQ,MAAM;YACb,OAAO;gBACL,GAAI,KAAK,CAAC,MAAM,EAAuC;gBACvD,OAAO,EAAE,eAAe,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,CAAa;aAChE,CAAA;QACH,CAAC;;;SAhBU,0BAA0B","sourcesContent":["import { AccessRule, type AccessRuleSchema } from './AccessRule.js'\nimport { observed, toRaw } from '../../decorators/observed.js'\n\n/**\n * The action is allowed if the authenticated user's email domain matches a specific domain.\n * This is used to restrict access based on the user's email address.\n * For example, only users with an email address from \"my-company.com\" can access certain resources.\n */\nexport interface MatchEmailDomainAccessRuleSchema extends AccessRuleSchema {\n  type: 'matchEmailDomain'\n  /**\n   * The email domains that the authenticated user's email must match.\n   */\n  domains: string[]\n}\n\n/**\n * The action is allowed if the authenticated user's email domain matches a specific domain.\n * This is used to restrict access based on the user's email address.\n * For example, only users with an email address from \"my-company.com\" can access certain resources.\n */\nexport class MatchEmailDomainAccessRule extends AccessRule implements MatchEmailDomainAccessRuleSchema {\n  override readonly type: 'matchEmailDomain'\n\n  @observed({ deep: true }) accessor domains: string[]\n\n  constructor(state: Partial<MatchEmailDomainAccessRuleSchema> = {}) {\n    super(state)\n    this.type = 'matchEmailDomain'\n    this.domains = state.domains ? [...state.domains] : []\n  }\n\n  override toJSON(): MatchEmailDomainAccessRuleSchema {\n    return {\n      ...(super.toJSON() as MatchEmailDomainAccessRuleSchema),\n      domains: structuredClone(toRaw(this, this.domains)) as string[],\n    }\n  }\n}\n"]}

package/build/src/modeling/rules/MatchResourceOwner.d.ts

@@ -0,0 +1,29 @@
+import { AccessRule, type AccessRuleSchema } from './AccessRule.js';
+/**
+ * The action is allowed if the authenticated user's ID matches a specific property on the resource.
+ * This is typically used to restrict access to resources owned by the user.
+ * For example, a user can only access their own profile or documents.
+ */
+export interface MatchResourceOwnerAccessRuleSchema extends AccessRuleSchema {
+    type: 'resourceOwner';
+    /**
+     * The property on the resource that should match the authenticated user's ID.
+     * This is typically the ID of the user who owns the resource.
+     *
+     * The domain model should annotate this property with the "ResourceOwnerIdentifier" semantic
+     * to indicate that it is used for ownership checks.
+     */
+    property: string;
+}
+/**
+ * The action is allowed if the authenticated user's ID matches a specific property on the resource.
+ * This is typically used to restrict access to resources owned by the user.
+ * For example, a user can only access their own profile or documents.
+ */
+export declare class MatchResourceOwnerAccessRule extends AccessRule implements MatchResourceOwnerAccessRuleSchema {
+    readonly type: 'resourceOwner';
+    accessor property: string;
+    constructor(state?: Partial<MatchResourceOwnerAccessRuleSchema>);
+    toJSON(): MatchResourceOwnerAccessRuleSchema;
+}
+//# sourceMappingURL=MatchResourceOwner.d.ts.map

package/build/src/modeling/rules/MatchResourceOwner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MatchResourceOwner.d.ts","sourceRoot":"","sources":["../../../../src/modeling/rules/MatchResourceOwner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,KAAK,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAGnE;;;;GAIG;AACH,MAAM,WAAW,kCAAmC,SAAQ,gBAAgB;IAC1E,IAAI,EAAE,eAAe,CAAA;IACrB;;;;;;OAMG;IACH,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED;;;;GAIG;AACH,qBAAa,4BAA6B,SAAQ,UAAW,YAAW,kCAAkC;IACxG,SAAkB,IAAI,EAAE,eAAe,CAAA;IAE3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;gBAEzB,KAAK,GAAE,OAAO,CAAC,kCAAkC,CAAM;IAM1D,MAAM,IAAI,kCAAkC;CAMtD"}

package/build/src/modeling/rules/MatchResourceOwner.js

@@ -0,0 +1,40 @@
+import { __esDecorate, __runInitializers } from "tslib";
+import { AccessRule } from './AccessRule.js';
+import { observed } from '../../decorators/observed.js';
+/**
+ * The action is allowed if the authenticated user's ID matches a specific property on the resource.
+ * This is typically used to restrict access to resources owned by the user.
+ * For example, a user can only access their own profile or documents.
+ */
+let MatchResourceOwnerAccessRule = (() => {
+    let _classSuper = AccessRule;
+    let _property_decorators;
+    let _property_initializers = [];
+    let _property_extraInitializers = [];
+    return class MatchResourceOwnerAccessRule extends _classSuper {
+        static {
+            const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(_classSuper[Symbol.metadata] ?? null) : void 0;
+            _property_decorators = [observed()];
+            __esDecorate(this, null, _property_decorators, { kind: "accessor", name: "property", static: false, private: false, access: { has: obj => "property" in obj, get: obj => obj.property, set: (obj, value) => { obj.property = value; } }, metadata: _metadata }, _property_initializers, _property_extraInitializers);
+            if (_metadata) Object.defineProperty(this, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
+        }
+        type;
+        #property_accessor_storage = __runInitializers(this, _property_initializers, void 0);
+        get property() { return this.#property_accessor_storage; }
+        set property(value) { this.#property_accessor_storage = value; }
+        constructor(state = {}) {
+            super(state);
+            __runInitializers(this, _property_extraInitializers);
+            this.type = 'resourceOwner';
+            this.property = state.property ?? '';
+        }
+        toJSON() {
+            return {
+                ...super.toJSON(),
+                property: this.property,
+            };
+        }
+    };
+})();
+export { MatchResourceOwnerAccessRule };
+//# sourceMappingURL=MatchResourceOwner.js.map

package/build/src/modeling/rules/MatchResourceOwner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"MatchResourceOwner.js","sourceRoot":"","sources":["../../../../src/modeling/rules/MatchResourceOwner.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,UAAU,EAAyB,MAAM,iBAAiB,CAAA;AACnE,OAAO,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAA;AAmBvD;;;;GAIG;IACU,4BAA4B;sBAAS,UAAU;;;;iBAA/C,4BAA6B,SAAQ,WAAU;;;oCAGzD,QAAQ,EAAE;YAAC,6KAAS,QAAQ,6BAAR,QAAQ,2FAAQ;;;QAFnB,IAAI,CAAiB;QAE3B,qFAAyB;QAAzB,IAAS,QAAQ,8CAAQ;QAAzB,IAAS,QAAQ,oDAAQ;QAErC,YAAY,QAAqD,EAAE;YACjE,KAAK,CAAC,KAAK,CAAC,CAAA;;YACZ,IAAI,CAAC,IAAI,GAAG,eAAe,CAAA;YAC3B,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,EAAE,CAAA;SACrC;QAEQ,MAAM;YACb,OAAO;gBACL,GAAI,KAAK,CAAC,MAAM,EAAyC;gBACzD,QAAQ,EAAE,IAAI,CAAC,QAAQ;aACxB,CAAA;QACH,CAAC;;;SAhBU,4BAA4B","sourcesContent":["import { AccessRule, type AccessRuleSchema } from './AccessRule.js'\nimport { observed } from '../../decorators/observed.js'\n\n/**\n * The action is allowed if the authenticated user's ID matches a specific property on the resource.\n * This is typically used to restrict access to resources owned by the user.\n * For example, a user can only access their own profile or documents.\n */\nexport interface MatchResourceOwnerAccessRuleSchema extends AccessRuleSchema {\n  type: 'resourceOwner'\n  /**\n   * The property on the resource that should match the authenticated user's ID.\n   * This is typically the ID of the user who owns the resource.\n   *\n   * The domain model should annotate this property with the \"ResourceOwnerIdentifier\" semantic\n   * to indicate that it is used for ownership checks.\n   */\n  property: string\n}\n\n/**\n * The action is allowed if the authenticated user's ID matches a specific property on the resource.\n * This is typically used to restrict access to resources owned by the user.\n * For example, a user can only access their own profile or documents.\n */\nexport class MatchResourceOwnerAccessRule extends AccessRule implements MatchResourceOwnerAccessRuleSchema {\n  override readonly type: 'resourceOwner'\n\n  @observed() accessor property: string\n\n  constructor(state: Partial<MatchResourceOwnerAccessRuleSchema> = {}) {\n    super(state)\n    this.type = 'resourceOwner'\n    this.property = state.property ?? ''\n  }\n\n  override toJSON(): MatchResourceOwnerAccessRuleSchema {\n    return {\n      ...(super.toJSON() as MatchResourceOwnerAccessRuleSchema),\n      property: this.property,\n    }\n  }\n}\n"]}

package/build/src/modeling/rules/MatchUserProperty.d.ts

@@ -0,0 +1,28 @@
+import { AccessRule, type AccessRuleSchema } from './AccessRule.js';
+/**
+ * The action is allowed if a specific property on the authenticated user matches an expected value.
+ * This is used to enforce other user-specific restrictions.
+ */
+export interface MatchUserPropertyAccessRuleSchema extends AccessRuleSchema {
+    type: 'matchUserProperty';
+    /**
+     * The property on the authenticated user that should match the expected value.
+     */
+    property: string;
+    /**
+     * The expected value for the user property.
+     */
+    value: string;
+}
+/**
+ * The action is allowed if a specific property on the authenticated user matches an expected value.
+ * This is used to enforce other user-specific restrictions.
+ */
+export declare class MatchUserPropertyAccessRule extends AccessRule implements MatchUserPropertyAccessRuleSchema {
+    readonly type: 'matchUserProperty';
+    accessor property: string;
+    accessor value: string;
+    constructor(state?: Partial<MatchUserPropertyAccessRuleSchema>);
+    toJSON(): MatchUserPropertyAccessRuleSchema;
+}
+//# sourceMappingURL=MatchUserProperty.d.ts.map

package/build/src/modeling/rules/MatchUserProperty.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MatchUserProperty.d.ts","sourceRoot":"","sources":["../../../../src/modeling/rules/MatchUserProperty.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,KAAK,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAGnE;;;GAGG;AACH,MAAM,WAAW,iCAAkC,SAAQ,gBAAgB;IACzE,IAAI,EAAE,mBAAmB,CAAA;IACzB;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAChB;;OAEG;IACH,KAAK,EAAE,MAAM,CAAA;CACd;AAED;;;GAGG;AACH,qBAAa,2BAA4B,SAAQ,UAAW,YAAW,iCAAiC;IACtG,SAAkB,IAAI,EAAE,mBAAmB,CAAA;IAE/B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;gBAEtB,KAAK,GAAE,OAAO,CAAC,iCAAiC,CAAM;IAOzD,MAAM,IAAI,iCAAiC;CAOrD"}

package/build/src/modeling/rules/MatchUserProperty.js

@@ -0,0 +1,49 @@
+import { __esDecorate, __runInitializers } from "tslib";
+import { AccessRule } from './AccessRule.js';
+import { observed } from '../../decorators/observed.js';
+/**
+ * The action is allowed if a specific property on the authenticated user matches an expected value.
+ * This is used to enforce other user-specific restrictions.
+ */
+let MatchUserPropertyAccessRule = (() => {
+    let _classSuper = AccessRule;
+    let _property_decorators;
+    let _property_initializers = [];
+    let _property_extraInitializers = [];
+    let _value_decorators;
+    let _value_initializers = [];
+    let _value_extraInitializers = [];
+    return class MatchUserPropertyAccessRule extends _classSuper {
+        static {
+            const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(_classSuper[Symbol.metadata] ?? null) : void 0;
+            _property_decorators = [observed()];
+            _value_decorators = [observed()];
+            __esDecorate(this, null, _property_decorators, { kind: "accessor", name: "property", static: false, private: false, access: { has: obj => "property" in obj, get: obj => obj.property, set: (obj, value) => { obj.property = value; } }, metadata: _metadata }, _property_initializers, _property_extraInitializers);
+            __esDecorate(this, null, _value_decorators, { kind: "accessor", name: "value", static: false, private: false, access: { has: obj => "value" in obj, get: obj => obj.value, set: (obj, value) => { obj.value = value; } }, metadata: _metadata }, _value_initializers, _value_extraInitializers);
+            if (_metadata) Object.defineProperty(this, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
+        }
+        type;
+        #property_accessor_storage = __runInitializers(this, _property_initializers, void 0);
+        get property() { return this.#property_accessor_storage; }
+        set property(value) { this.#property_accessor_storage = value; }
+        #value_accessor_storage = (__runInitializers(this, _property_extraInitializers), __runInitializers(this, _value_initializers, void 0));
+        get value() { return this.#value_accessor_storage; }
+        set value(value) { this.#value_accessor_storage = value; }
+        constructor(state = {}) {
+            super(state);
+            __runInitializers(this, _value_extraInitializers);
+            this.type = 'matchUserProperty';
+            this.property = state.property ?? '';
+            this.value = state.value ?? '';
+        }
+        toJSON() {
+            return {
+                ...super.toJSON(),
+                property: this.property,
+                value: this.value,
+            };
+        }
+    };
+})();
+export { MatchUserPropertyAccessRule };
+//# sourceMappingURL=MatchUserProperty.js.map

package/build/src/modeling/rules/MatchUserProperty.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"MatchUserProperty.js","sourceRoot":"","sources":["../../../../src/modeling/rules/MatchUserProperty.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,UAAU,EAAyB,MAAM,iBAAiB,CAAA;AACnE,OAAO,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAA;AAkBvD;;;GAGG;IACU,2BAA2B;sBAAS,UAAU;;;;;;;iBAA9C,2BAA4B,SAAQ,WAAU;;;oCAGxD,QAAQ,EAAE;iCACV,QAAQ,EAAE;YADC,6KAAS,QAAQ,6BAAR,QAAQ,2FAAQ;YACzB,oKAAS,KAAK,6BAAL,KAAK,qFAAQ;;;QAHhB,IAAI,CAAqB;QAE/B,qFAAyB;QAAzB,IAAS,QAAQ,8CAAQ;QAAzB,IAAS,QAAQ,oDAAQ;QACzB,uIAAsB;QAAtB,IAAS,KAAK,2CAAQ;QAAtB,IAAS,KAAK,iDAAQ;QAElC,YAAY,QAAoD,EAAE;YAChE,KAAK,CAAC,KAAK,CAAC,CAAA;;YACZ,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAA;YAC/B,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,EAAE,CAAA;YACpC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,EAAE,CAAA;SAC/B;QAEQ,MAAM;YACb,OAAO;gBACL,GAAI,KAAK,CAAC,MAAM,EAAwC;gBACxD,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,KAAK,EAAE,IAAI,CAAC,KAAK;aAClB,CAAA;QACH,CAAC;;;SAnBU,2BAA2B","sourcesContent":["import { AccessRule, type AccessRuleSchema } from './AccessRule.js'\nimport { observed } from '../../decorators/observed.js'\n\n/**\n * The action is allowed if a specific property on the authenticated user matches an expected value.\n * This is used to enforce other user-specific restrictions.\n */\nexport interface MatchUserPropertyAccessRuleSchema extends AccessRuleSchema {\n  type: 'matchUserProperty'\n  /**\n   * The property on the authenticated user that should match the expected value.\n   */\n  property: string\n  /**\n   * The expected value for the user property.\n   */\n  value: string\n}\n\n/**\n * The action is allowed if a specific property on the authenticated user matches an expected value.\n * This is used to enforce other user-specific restrictions.\n */\nexport class MatchUserPropertyAccessRule extends AccessRule implements MatchUserPropertyAccessRuleSchema {\n  override readonly type: 'matchUserProperty'\n\n  @observed() accessor property: string\n  @observed() accessor value: string\n\n  constructor(state: Partial<MatchUserPropertyAccessRuleSchema> = {}) {\n    super(state)\n    this.type = 'matchUserProperty'\n    this.property = state.property ?? ''\n    this.value = state.value ?? ''\n  }\n\n  override toJSON(): MatchUserPropertyAccessRuleSchema {\n    return {\n      ...(super.toJSON() as MatchUserPropertyAccessRuleSchema),\n      property: this.property,\n      value: this.value,\n    }\n  }\n}\n"]}

package/build/src/modeling/rules/MatchUserRole.d.ts

@@ -0,0 +1,29 @@
+import { AccessRule, type AccessRuleSchema } from './AccessRule.js';
+/**
+ * The action is allowed if the authenticated user has a specific role.
+ * This is used to enforce role-based access control (RBAC).
+ * For example, only users with the "admin" role can perform certain actions.
+ */
+export interface MatchUserRoleAccessRuleSchema extends AccessRuleSchema {
+    type: 'matchUserRole';
+    /**
+     * The role that the authenticated user must have to access the resource.
+     * This is typically a property on the user entity that defines their role.
+     *
+     * The domain model should annotate this property with the "UserRole" semantic
+     * to indicate that it is used for role-based access control.
+     */
+    role: string[];
+}
+/**
+ * The action is allowed if the authenticated user has a specific role.
+ * This is used to enforce role-based access control (RBAC).
+ * For example, only users with the "admin" role can perform certain actions.
+ */
+export declare class MatchUserRoleAccessRule extends AccessRule implements MatchUserRoleAccessRuleSchema {
+    readonly type: 'matchUserRole';
+    accessor role: string[];
+    constructor(state?: Partial<MatchUserRoleAccessRuleSchema>);
+    toJSON(): MatchUserRoleAccessRuleSchema;
+}
+//# sourceMappingURL=MatchUserRole.d.ts.map

package/build/src/modeling/rules/MatchUserRole.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"MatchUserRole.d.ts","sourceRoot":"","sources":["../../../../src/modeling/rules/MatchUserRole.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,KAAK,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAGnE;;;;GAIG;AACH,MAAM,WAAW,6BAA8B,SAAQ,gBAAgB;IACrE,IAAI,EAAE,eAAe,CAAA;IACrB;;;;;;OAMG;IACH,IAAI,EAAE,MAAM,EAAE,CAAA;CACf;AAED;;;;GAIG;AACH,qBAAa,uBAAwB,SAAQ,UAAW,YAAW,6BAA6B;IAC9F,SAAkB,IAAI,EAAE,eAAe,CAAA;IAEb,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,CAAA;gBAErC,KAAK,GAAE,OAAO,CAAC,6BAA6B,CAAM;IAMrD,MAAM,IAAI,6BAA6B;CAMjD"}

package/build/src/modeling/rules/MatchUserRole.js

@@ -0,0 +1,40 @@
+import { __esDecorate, __runInitializers } from "tslib";
+import { AccessRule } from './AccessRule.js';
+import { observed, toRaw } from '../../decorators/observed.js';
+/**
+ * The action is allowed if the authenticated user has a specific role.
+ * This is used to enforce role-based access control (RBAC).
+ * For example, only users with the "admin" role can perform certain actions.
+ */
+let MatchUserRoleAccessRule = (() => {
+    let _classSuper = AccessRule;
+    let _role_decorators;
+    let _role_initializers = [];
+    let _role_extraInitializers = [];
+    return class MatchUserRoleAccessRule extends _classSuper {
+        static {
+            const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(_classSuper[Symbol.metadata] ?? null) : void 0;
+            _role_decorators = [observed({ deep: true })];
+            __esDecorate(this, null, _role_decorators, { kind: "accessor", name: "role", static: false, private: false, access: { has: obj => "role" in obj, get: obj => obj.role, set: (obj, value) => { obj.role = value; } }, metadata: _metadata }, _role_initializers, _role_extraInitializers);
+            if (_metadata) Object.defineProperty(this, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
+        }
+        type;
+        #role_accessor_storage = __runInitializers(this, _role_initializers, void 0);
+        get role() { return this.#role_accessor_storage; }
+        set role(value) { this.#role_accessor_storage = value; }
+        constructor(state = {}) {
+            super(state);
+            __runInitializers(this, _role_extraInitializers);
+            this.type = 'matchUserRole';
+            this.role = state.role ? [...state.role] : [];
+        }
+        toJSON() {
+            return {
+                ...super.toJSON(),
+                role: structuredClone(toRaw(this, this.role)),
+            };
+        }
+    };
+})();
+export { MatchUserRoleAccessRule };
+//# sourceMappingURL=MatchUserRole.js.map

package/build/src/modeling/rules/MatchUserRole.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"MatchUserRole.js","sourceRoot":"","sources":["../../../../src/modeling/rules/MatchUserRole.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,UAAU,EAAyB,MAAM,iBAAiB,CAAA;AACnE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,8BAA8B,CAAA;AAmB9D;;;;GAIG;IACU,uBAAuB;sBAAS,UAAU;;;;iBAA1C,uBAAwB,SAAQ,WAAU;;;gCAGpD,QAAQ,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YAAC,iKAAS,IAAI,6BAAJ,IAAI,mFAAU;;;QAF/B,IAAI,CAAiB;QAEb,6EAAuB;QAAvB,IAAS,IAAI,0CAAU;QAAvB,IAAS,IAAI,gDAAU;QAEjD,YAAY,QAAgD,EAAE;YAC5D,KAAK,CAAC,KAAK,CAAC,CAAA;;YACZ,IAAI,CAAC,IAAI,GAAG,eAAe,CAAA;YAC3B,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;SAC9C;QAEQ,MAAM;YACb,OAAO;gBACL,GAAI,KAAK,CAAC,MAAM,EAAoC;gBACpD,IAAI,EAAE,eAAe,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAa;aAC1D,CAAA;QACH,CAAC;;;SAhBU,uBAAuB","sourcesContent":["import { AccessRule, type AccessRuleSchema } from './AccessRule.js'\nimport { observed, toRaw } from '../../decorators/observed.js'\n\n/**\n * The action is allowed if the authenticated user has a specific role.\n * This is used to enforce role-based access control (RBAC).\n * For example, only users with the \"admin\" role can perform certain actions.\n */\nexport interface MatchUserRoleAccessRuleSchema extends AccessRuleSchema {\n  type: 'matchUserRole'\n  /**\n   * The role that the authenticated user must have to access the resource.\n   * This is typically a property on the user entity that defines their role.\n   *\n   * The domain model should annotate this property with the \"UserRole\" semantic\n   * to indicate that it is used for role-based access control.\n   */\n  role: string[]\n}\n\n/**\n * The action is allowed if the authenticated user has a specific role.\n * This is used to enforce role-based access control (RBAC).\n * For example, only users with the \"admin\" role can perform certain actions.\n */\nexport class MatchUserRoleAccessRule extends AccessRule implements MatchUserRoleAccessRuleSchema {\n  override readonly type: 'matchUserRole'\n\n  @observed({ deep: true }) accessor role: string[]\n\n  constructor(state: Partial<MatchUserRoleAccessRuleSchema> = {}) {\n    super(state)\n    this.type = 'matchUserRole'\n    this.role = state.role ? [...state.role] : []\n  }\n\n  override toJSON(): MatchUserRoleAccessRuleSchema {\n    return {\n      ...(super.toJSON() as MatchUserRoleAccessRuleSchema),\n      role: structuredClone(toRaw(this, this.role)) as string[],\n    }\n  }\n}\n"]}

package/build/src/modeling/rules/RateLimitRule.d.ts

@@ -0,0 +1,61 @@
+export type RateLimitRuleKey = {
+    type: 'ip';
+} | {
+    type: 'userId';
+} | {
+    type: 'role';
+    value: string;
+};
+export type RateLimitRuleInterval = 'second' | 'minute' | 'hour' | 'day';
+/**
+ * Represents a single rate limiting rule that applies to a specific
+ * type of client, using a token bucket algorithm.
+ */
+export interface RateLimitRuleSchema {
+    /**
+     * A human-readable description of what this rule is for.
+     * e.g., "Limit anonymous users to 60 requests per hour."
+     */
+    description?: string;
+    /**
+     * Defines how to group requests for rate limiting. This determines
+     * who the limit applies to.
+     *
+     * - 'ip': Keys on the client's IP address. Best for anonymous traffic.
+     * - 'userId': Keys on the authenticated user's ID. Best for logged-in users.
+     * - 'role': Applies a shared limit to all users of a specific role.
+     */
+    key?: RateLimitRuleKey;
+    /**
+     * The number of requests allowed over the defined interval.
+     * This is the rate at which tokens are added to the bucket.
+     */
+    rate?: number;
+    /**
+     * The time interval for the rate.
+     */
+    interval?: RateLimitRuleInterval;
+    /**
+     * The maximum number of requests that can be made in a burst.
+     * This represents the "bucket size." A larger burst allows for
+     * more requests to be made in a short period before throttling begins.
+     */
+    burst?: number;
+}
+/**
+ * Represents a single rate limiting rule that applies to a specific
+ * type of client, using a token bucket algorithm.
+ */
+export declare class RateLimitRule extends EventTarget implements RateLimitRuleSchema {
+    accessor description: string | undefined;
+    accessor key: RateLimitRuleKey | undefined;
+    accessor rate: number | undefined;
+    accessor interval: RateLimitRuleInterval | undefined;
+    accessor burst: number | undefined;
+    constructor(state?: Partial<RateLimitRuleSchema>);
+    toJSON(): RateLimitRuleSchema;
+    notifyChange(): void;
+    static isRateLimitRuleInterval(value: unknown): value is RateLimitRuleInterval;
+    static isRateLimitRuleKey(value: unknown): value is RateLimitRuleKey;
+}
+//# sourceMappingURL=RateLimitRule.d.ts.map

package/build/src/modeling/rules/RateLimitRule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"RateLimitRule.d.ts","sourceRoot":"","sources":["../../../../src/modeling/rules/RateLimitRule.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,gBAAgB,GAAG;IAAE,IAAI,EAAE,IAAI,CAAA;CAAE,GAAG;IAAE,IAAI,EAAE,QAAQ,CAAA;CAAE,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAA;AACpG,MAAM,MAAM,qBAAqB,GAAG,QAAQ,GAAG,QAAQ,GAAG,MAAM,GAAG,KAAK,CAAA;AAExE;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAA;IAEpB;;;;;;;OAOG;IACH,GAAG,CAAC,EAAE,gBAAgB,CAAA;IAEtB;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAA;IAEb;;OAEG;IACH,QAAQ,CAAC,EAAE,qBAAqB,CAAA;IAEhC;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED;;;GAGG;AACH,qBAAa,aAAc,SAAQ,WAAY,YAAW,mBAAmB;IAC/D,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,SAAS,CAAA;IAC1B,QAAQ,CAAC,GAAG,EAAE,gBAAgB,GAAG,SAAS,CAAA;IACxD,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,CAAA;IACjC,QAAQ,CAAC,QAAQ,EAAE,qBAAqB,GAAG,SAAS,CAAA;IACpD,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,CAAA;gBAElC,KAAK,GAAE,OAAO,CAAC,mBAAmB,CAAM;IASpD,MAAM,IAAI,mBAAmB;IAoB7B,YAAY;IAIZ,MAAM,CAAC,uBAAuB,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,qBAAqB;IAO9E,MAAM,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,gBAAgB;CAOrE"}