@atom8n/permissions 0.45.0

package/dist/roles/scopes/credential-sharing-scopes.ee.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential-sharing-scopes.ee.js","sourceRoot":"","sources":["../../../src/roles/scopes/credential-sharing-scopes.ee.ts"],"names":[],"mappings":";;;AAEa,QAAA,gCAAgC,GAAY;IACxD,iBAAiB;IACjB,mBAAmB;IACnB,mBAAmB;IACnB,kBAAkB;IAClB,iBAAiB;CACjB,CAAC;AAEW,QAAA,+BAA+B,GAAY,CAAC,iBAAiB,CAAC,CAAC"}

package/dist/roles/scopes/global-scopes.ee.d.ts

@@ -0,0 +1,5 @@
+import type { Scope } from '../../types.ee';
+export declare const GLOBAL_OWNER_SCOPES: Scope[];
+export declare const GLOBAL_ADMIN_SCOPES: Scope[];
+export declare const GLOBAL_MEMBER_SCOPES: Scope[];
+export declare const GLOBAL_CHAT_USER_SCOPES: Scope[];

package/dist/roles/scopes/global-scopes.ee.js

@@ -0,0 +1,161 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GLOBAL_CHAT_USER_SCOPES = exports.GLOBAL_MEMBER_SCOPES = exports.GLOBAL_ADMIN_SCOPES = exports.GLOBAL_OWNER_SCOPES = void 0;
+exports.GLOBAL_OWNER_SCOPES = [
+    'annotationTag:create',
+    'annotationTag:read',
+    'annotationTag:update',
+    'annotationTag:delete',
+    'annotationTag:list',
+    'auditLogs:manage',
+    'banner:dismiss',
+    'credential:create',
+    'credential:read',
+    'credential:update',
+    'credential:delete',
+    'credential:list',
+    'credential:share',
+    'credential:shareGlobally',
+    'credential:move',
+    'community:register',
+    'communityPackage:install',
+    'communityPackage:uninstall',
+    'communityPackage:update',
+    'communityPackage:list',
+    'eventBusDestination:create',
+    'eventBusDestination:read',
+    'eventBusDestination:update',
+    'eventBusDestination:delete',
+    'eventBusDestination:list',
+    'eventBusDestination:test',
+    'externalSecretsProvider:create',
+    'externalSecretsProvider:read',
+    'externalSecretsProvider:update',
+    'externalSecretsProvider:delete',
+    'externalSecretsProvider:list',
+    'externalSecretsProvider:sync',
+    'externalSecret:list',
+    'externalSecret:use',
+    'ldap:manage',
+    'ldap:sync',
+    'license:manage',
+    'logStreaming:manage',
+    'orchestration:read',
+    'saml:manage',
+    'securityAudit:generate',
+    'sourceControl:pull',
+    'sourceControl:push',
+    'sourceControl:manage',
+    'tag:create',
+    'tag:read',
+    'tag:update',
+    'tag:delete',
+    'tag:list',
+    'user:create',
+    'user:read',
+    'user:update',
+    'user:delete',
+    'user:list',
+    'user:resetPassword',
+    'user:changeRole',
+    'user:enforceMfa',
+    'variable:create',
+    'variable:read',
+    'variable:update',
+    'variable:delete',
+    'variable:list',
+    'projectVariable:create',
+    'projectVariable:read',
+    'projectVariable:update',
+    'projectVariable:delete',
+    'projectVariable:list',
+    'workflow:create',
+    'workflow:read',
+    'workflow:update',
+    'workflow:publish',
+    'workflow:delete',
+    'workflow:list',
+    'workflow:share',
+    'workflow:execute',
+    'workflow:execute-chat',
+    'workflow:move',
+    'workersView:manage',
+    'project:list',
+    'project:create',
+    'project:read',
+    'project:update',
+    'project:delete',
+    'insights:list',
+    'folder:move',
+    'folder:read',
+    'folder:update',
+    'folder:delete',
+    'folder:create',
+    'folder:list',
+    'oidc:manage',
+    'provisioning:manage',
+    'dataTable:create',
+    'dataTable:delete',
+    'dataTable:read',
+    'dataTable:update',
+    'dataTable:list',
+    'dataTable:listProject',
+    'dataTable:readRow',
+    'dataTable:writeRow',
+    'role:manage',
+    'mcp:manage',
+    'mcp:oauth',
+    'mcpApiKey:create',
+    'mcpApiKey:rotate',
+    'chatHub:manage',
+    'chatHub:message',
+    'chatHubAgent:create',
+    'chatHubAgent:read',
+    'chatHubAgent:update',
+    'chatHubAgent:delete',
+    'chatHubAgent:list',
+    'breakingChanges:list',
+    'apiKey:manage',
+    'credentialResolver:create',
+    'credentialResolver:read',
+    'credentialResolver:update',
+    'credentialResolver:delete',
+    'credentialResolver:list',
+];
+exports.GLOBAL_ADMIN_SCOPES = exports.GLOBAL_OWNER_SCOPES.concat();
+exports.GLOBAL_MEMBER_SCOPES = [
+    'annotationTag:create',
+    'annotationTag:read',
+    'annotationTag:update',
+    'annotationTag:delete',
+    'annotationTag:list',
+    'eventBusDestination:list',
+    'eventBusDestination:test',
+    'tag:create',
+    'tag:read',
+    'tag:update',
+    'tag:list',
+    'user:list',
+    'variable:list',
+    'variable:read',
+    'dataTable:list',
+    'mcp:oauth',
+    'mcpApiKey:create',
+    'mcpApiKey:rotate',
+    'chatHub:message',
+    'chatHubAgent:create',
+    'chatHubAgent:read',
+    'chatHubAgent:update',
+    'chatHubAgent:delete',
+    'chatHubAgent:list',
+    'apiKey:manage',
+];
+exports.GLOBAL_CHAT_USER_SCOPES = [
+    'chatHub:message',
+    'chatHubAgent:create',
+    'chatHubAgent:read',
+    'chatHubAgent:update',
+    'chatHubAgent:delete',
+    'chatHubAgent:list',
+];
+//# sourceMappingURL=global-scopes.ee.js.map

package/dist/roles/scopes/global-scopes.ee.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"global-scopes.ee.js","sourceRoot":"","sources":["../../../src/roles/scopes/global-scopes.ee.ts"],"names":[],"mappings":";;;AAEa,QAAA,mBAAmB,GAAY;IAC3C,sBAAsB;IACtB,oBAAoB;IACpB,sBAAsB;IACtB,sBAAsB;IACtB,oBAAoB;IACpB,kBAAkB;IAClB,gBAAgB;IAChB,mBAAmB;IACnB,iBAAiB;IACjB,mBAAmB;IACnB,mBAAmB;IACnB,iBAAiB;IACjB,kBAAkB;IAClB,0BAA0B;IAC1B,iBAAiB;IACjB,oBAAoB;IACpB,0BAA0B;IAC1B,4BAA4B;IAC5B,yBAAyB;IACzB,uBAAuB;IACvB,4BAA4B;IAC5B,0BAA0B;IAC1B,4BAA4B;IAC5B,4BAA4B;IAC5B,0BAA0B;IAC1B,0BAA0B;IAC1B,gCAAgC;IAChC,8BAA8B;IAC9B,gCAAgC;IAChC,gCAAgC;IAChC,8BAA8B;IAC9B,8BAA8B;IAC9B,qBAAqB;IACrB,oBAAoB;IACpB,aAAa;IACb,WAAW;IACX,gBAAgB;IAChB,qBAAqB;IACrB,oBAAoB;IACpB,aAAa;IACb,wBAAwB;IACxB,oBAAoB;IACpB,oBAAoB;IACpB,sBAAsB;IACtB,YAAY;IACZ,UAAU;IACV,YAAY;IACZ,YAAY;IACZ,UAAU;IACV,aAAa;IACb,WAAW;IACX,aAAa;IACb,aAAa;IACb,WAAW;IACX,oBAAoB;IACpB,iBAAiB;IACjB,iBAAiB;IACjB,iBAAiB;IACjB,eAAe;IACf,iBAAiB;IACjB,iBAAiB;IACjB,eAAe;IACf,wBAAwB;IACxB,sBAAsB;IACtB,wBAAwB;IACxB,wBAAwB;IACxB,sBAAsB;IACtB,iBAAiB;IACjB,eAAe;IACf,iBAAiB;IACjB,kBAAkB;IAClB,iBAAiB;IACjB,eAAe;IACf,gBAAgB;IAChB,kBAAkB;IAClB,uBAAuB;IACvB,eAAe;IACf,oBAAoB;IACpB,cAAc;IACd,gBAAgB;IAChB,cAAc;IACd,gBAAgB;IAChB,gBAAgB;IAChB,eAAe;IACf,aAAa;IACb,aAAa;IACb,eAAe;IACf,eAAe;IACf,eAAe;IACf,aAAa;IACb,aAAa;IACb,qBAAqB;IACrB,kBAAkB;IAClB,kBAAkB;IAClB,gBAAgB;IAChB,kBAAkB;IAClB,gBAAgB;IAChB,uBAAuB;IACvB,mBAAmB;IACnB,oBAAoB;IACpB,aAAa;IACb,YAAY;IACZ,WAAW;IACX,kBAAkB;IAClB,kBAAkB;IAClB,gBAAgB;IAChB,iBAAiB;IACjB,qBAAqB;IACrB,mBAAmB;IACnB,qBAAqB;IACrB,qBAAqB;IACrB,mBAAmB;IACnB,sBAAsB;IACtB,eAAe;IACf,2BAA2B;IAC3B,yBAAyB;IACzB,2BAA2B;IAC3B,2BAA2B;IAC3B,yBAAyB;CACzB,CAAC;AAEW,QAAA,mBAAmB,GAAG,2BAAmB,CAAC,MAAM,EAAE,CAAC;AAEnD,QAAA,oBAAoB,GAAY;IAC5C,sBAAsB;IACtB,oBAAoB;IACpB,sBAAsB;IACtB,sBAAsB;IACtB,oBAAoB;IACpB,0BAA0B;IAC1B,0BAA0B;IAC1B,YAAY;IACZ,UAAU;IACV,YAAY;IACZ,UAAU;IACV,WAAW;IACX,eAAe;IACf,eAAe;IACf,gBAAgB;IAChB,WAAW;IACX,kBAAkB;IAClB,kBAAkB;IAClB,iBAAiB;IACjB,qBAAqB;IACrB,mBAAmB;IACnB,qBAAqB;IACrB,qBAAqB;IACrB,mBAAmB;IACnB,eAAe;CACf,CAAC;AAEW,QAAA,uBAAuB,GAAY;IAC/C,iBAAiB;IACjB,qBAAqB;IACrB,mBAAmB;IACnB,qBAAqB;IACrB,qBAAqB;IACrB,mBAAmB;CACnB,CAAC"}

package/dist/roles/scopes/project-scopes.ee.d.ts

@@ -0,0 +1,6 @@
+import type { Scope } from '../../types.ee';
+export declare const REGULAR_PROJECT_ADMIN_SCOPES: Scope[];
+export declare const PERSONAL_PROJECT_OWNER_SCOPES: Scope[];
+export declare const PROJECT_EDITOR_SCOPES: Scope[];
+export declare const PROJECT_VIEWER_SCOPES: Scope[];
+export declare const PROJECT_CHAT_USER_SCOPES: Scope[];

package/dist/roles/scopes/project-scopes.ee.js

@@ -0,0 +1,130 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PROJECT_CHAT_USER_SCOPES = exports.PROJECT_VIEWER_SCOPES = exports.PROJECT_EDITOR_SCOPES = exports.PERSONAL_PROJECT_OWNER_SCOPES = exports.REGULAR_PROJECT_ADMIN_SCOPES = void 0;
+exports.REGULAR_PROJECT_ADMIN_SCOPES = [
+    'workflow:create',
+    'workflow:read',
+    'workflow:update',
+    'workflow:publish',
+    'workflow:delete',
+    'workflow:list',
+    'workflow:execute',
+    'workflow:execute-chat',
+    'workflow:move',
+    'credential:create',
+    'credential:read',
+    'credential:update',
+    'credential:delete',
+    'credential:list',
+    'credential:move',
+    'credential:share',
+    'project:list',
+    'project:read',
+    'project:update',
+    'project:delete',
+    'folder:create',
+    'folder:read',
+    'folder:update',
+    'folder:delete',
+    'folder:list',
+    'folder:move',
+    'sourceControl:push',
+    'dataTable:create',
+    'dataTable:delete',
+    'dataTable:read',
+    'dataTable:update',
+    'dataTable:listProject',
+    'dataTable:readRow',
+    'dataTable:writeRow',
+    'projectVariable:list',
+    'projectVariable:read',
+    'projectVariable:create',
+    'projectVariable:update',
+    'projectVariable:delete',
+];
+exports.PERSONAL_PROJECT_OWNER_SCOPES = [
+    'workflow:create',
+    'workflow:read',
+    'workflow:update',
+    'workflow:publish',
+    'workflow:delete',
+    'workflow:list',
+    'workflow:execute',
+    'workflow:execute-chat',
+    'workflow:share',
+    'workflow:move',
+    'credential:create',
+    'credential:read',
+    'credential:update',
+    'credential:delete',
+    'credential:list',
+    'credential:share',
+    'credential:move',
+    'project:list',
+    'project:read',
+    'folder:create',
+    'folder:read',
+    'folder:update',
+    'folder:delete',
+    'folder:list',
+    'folder:move',
+    'dataTable:create',
+    'dataTable:delete',
+    'dataTable:read',
+    'dataTable:update',
+    'dataTable:listProject',
+    'dataTable:readRow',
+    'dataTable:writeRow',
+];
+exports.PROJECT_EDITOR_SCOPES = [
+    'workflow:create',
+    'workflow:read',
+    'workflow:update',
+    'workflow:publish',
+    'workflow:delete',
+    'workflow:list',
+    'workflow:execute',
+    'workflow:execute-chat',
+    'credential:create',
+    'credential:read',
+    'credential:update',
+    'credential:delete',
+    'credential:list',
+    'project:list',
+    'project:read',
+    'folder:create',
+    'folder:read',
+    'folder:update',
+    'folder:delete',
+    'folder:list',
+    'dataTable:create',
+    'dataTable:delete',
+    'dataTable:read',
+    'dataTable:update',
+    'dataTable:listProject',
+    'dataTable:readRow',
+    'dataTable:writeRow',
+    'projectVariable:list',
+    'projectVariable:read',
+    'projectVariable:create',
+    'projectVariable:update',
+    'projectVariable:delete',
+];
+exports.PROJECT_VIEWER_SCOPES = [
+    'credential:list',
+    'credential:read',
+    'project:list',
+    'project:read',
+    'workflow:list',
+    'workflow:read',
+    'workflow:execute-chat',
+    'folder:read',
+    'folder:list',
+    'dataTable:listProject',
+    'dataTable:read',
+    'dataTable:readRow',
+    'projectVariable:list',
+    'projectVariable:read',
+];
+exports.PROJECT_CHAT_USER_SCOPES = ['workflow:execute-chat'];
+//# sourceMappingURL=project-scopes.ee.js.map

package/dist/roles/scopes/project-scopes.ee.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"project-scopes.ee.js","sourceRoot":"","sources":["../../../src/roles/scopes/project-scopes.ee.ts"],"names":[],"mappings":";;;AAQa,QAAA,4BAA4B,GAAY;IACpD,iBAAiB;IACjB,eAAe;IACf,iBAAiB;IACjB,kBAAkB;IAClB,iBAAiB;IACjB,eAAe;IACf,kBAAkB;IAClB,uBAAuB;IACvB,eAAe;IACf,mBAAmB;IACnB,iBAAiB;IACjB,mBAAmB;IACnB,mBAAmB;IACnB,iBAAiB;IACjB,iBAAiB;IACjB,kBAAkB;IAClB,cAAc;IACd,cAAc;IACd,gBAAgB;IAChB,gBAAgB;IAChB,eAAe;IACf,aAAa;IACb,eAAe;IACf,eAAe;IACf,aAAa;IACb,aAAa;IACb,oBAAoB;IACpB,kBAAkB;IAClB,kBAAkB;IAClB,gBAAgB;IAChB,kBAAkB;IAClB,uBAAuB;IACvB,mBAAmB;IACnB,oBAAoB;IACpB,sBAAsB;IACtB,sBAAsB;IACtB,wBAAwB;IACxB,wBAAwB;IACxB,wBAAwB;CACxB,CAAC;AAEW,QAAA,6BAA6B,GAAY;IACrD,iBAAiB;IACjB,eAAe;IACf,iBAAiB;IACjB,kBAAkB;IAClB,iBAAiB;IACjB,eAAe;IACf,kBAAkB;IAClB,uBAAuB;IACvB,gBAAgB;IAChB,eAAe;IACf,mBAAmB;IACnB,iBAAiB;IACjB,mBAAmB;IACnB,mBAAmB;IACnB,iBAAiB;IACjB,kBAAkB;IAClB,iBAAiB;IACjB,cAAc;IACd,cAAc;IACd,eAAe;IACf,aAAa;IACb,eAAe;IACf,eAAe;IACf,aAAa;IACb,aAAa;IACb,kBAAkB;IAClB,kBAAkB;IAClB,gBAAgB;IAChB,kBAAkB;IAClB,uBAAuB;IACvB,mBAAmB;IACnB,oBAAoB;CACpB,CAAC;AAEW,QAAA,qBAAqB,GAAY;IAC7C,iBAAiB;IACjB,eAAe;IACf,iBAAiB;IACjB,kBAAkB;IAClB,iBAAiB;IACjB,eAAe;IACf,kBAAkB;IAClB,uBAAuB;IACvB,mBAAmB;IACnB,iBAAiB;IACjB,mBAAmB;IACnB,mBAAmB;IACnB,iBAAiB;IACjB,cAAc;IACd,cAAc;IACd,eAAe;IACf,aAAa;IACb,eAAe;IACf,eAAe;IACf,aAAa;IACb,kBAAkB;IAClB,kBAAkB;IAClB,gBAAgB;IAChB,kBAAkB;IAClB,uBAAuB;IACvB,mBAAmB;IACnB,oBAAoB;IACpB,sBAAsB;IACtB,sBAAsB;IACtB,wBAAwB;IACxB,wBAAwB;IACxB,wBAAwB;CACxB,CAAC;AAEW,QAAA,qBAAqB,GAAY;IAC7C,iBAAiB;IACjB,iBAAiB;IACjB,cAAc;IACd,cAAc;IACd,eAAe;IACf,eAAe;IACf,uBAAuB;IACvB,aAAa;IACb,aAAa;IACb,uBAAuB;IACvB,gBAAgB;IAChB,mBAAmB;IACnB,sBAAsB;IACtB,sBAAsB;CACtB,CAAC;AAEW,QAAA,wBAAwB,GAAY,CAAC,uBAAuB,CAAC,CAAC"}

package/dist/roles/scopes/workflow-sharing-scopes.ee.d.ts

@@ -0,0 +1,3 @@
+import type { Scope } from '../../types.ee';
+export declare const WORKFLOW_SHARING_OWNER_SCOPES: Scope[];
+export declare const WORKFLOW_SHARING_EDITOR_SCOPES: Scope[];

package/dist/roles/scopes/workflow-sharing-scopes.ee.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WORKFLOW_SHARING_EDITOR_SCOPES = exports.WORKFLOW_SHARING_OWNER_SCOPES = void 0;
+exports.WORKFLOW_SHARING_OWNER_SCOPES = [
+    'workflow:read',
+    'workflow:update',
+    'workflow:publish',
+    'workflow:delete',
+    'workflow:execute',
+    'workflow:share',
+    'workflow:move',
+    'workflow:execute-chat',
+];
+exports.WORKFLOW_SHARING_EDITOR_SCOPES = [
+    'workflow:read',
+    'workflow:update',
+    'workflow:publish',
+    'workflow:execute',
+    'workflow:execute-chat',
+];
+//# sourceMappingURL=workflow-sharing-scopes.ee.js.map

package/dist/roles/scopes/workflow-sharing-scopes.ee.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"workflow-sharing-scopes.ee.js","sourceRoot":"","sources":["../../../src/roles/scopes/workflow-sharing-scopes.ee.ts"],"names":[],"mappings":";;;AAEa,QAAA,6BAA6B,GAAY;IACrD,eAAe;IACf,iBAAiB;IACjB,kBAAkB;IAClB,iBAAiB;IACjB,kBAAkB;IAClB,gBAAgB;IAChB,eAAe;IACf,uBAAuB;CACvB,CAAC;AAEW,QAAA,8BAA8B,GAAY;IACtD,eAAe;IACf,iBAAiB;IACjB,kBAAkB;IAClB,kBAAkB;IAClB,uBAAuB;CACvB,CAAC"}

package/dist/schemas.ee.d.ts

@@ -0,0 +1,48 @@
+import { z } from 'zod';
+export declare const roleNamespaceSchema: z.ZodEnum<["global", "project", "credential", "workflow"]>;
+export declare const globalRoleSchema: z.ZodEnum<["global:owner", "global:admin", "global:member", "global:chatUser"]>;
+export declare const assignableGlobalRoleSchema: z.ZodUnion<[z.ZodEnum<["global:admin", "global:member", "global:chatUser"]>, z.ZodEffects<z.ZodString, string, string>]>;
+export declare const personalRoleSchema: z.ZodEnum<["project:personalOwner"]>;
+export declare const teamRoleSchema: z.ZodEnum<["project:admin", "project:editor", "project:viewer", "project:chatUser"]>;
+export declare const customProjectRoleSchema: z.ZodEffects<z.ZodString, string, string>;
+export declare const systemProjectRoleSchema: z.ZodUnion<[z.ZodEnum<["project:personalOwner"]>, z.ZodEnum<["project:admin", "project:editor", "project:viewer", "project:chatUser"]>]>;
+export declare const assignableProjectRoleSchema: z.ZodUnion<[z.ZodEnum<["project:admin", "project:editor", "project:viewer", "project:chatUser"]>, z.ZodEffects<z.ZodString, string, string>]>;
+export declare const projectRoleSchema: z.ZodUnion<[z.ZodUnion<[z.ZodEnum<["project:personalOwner"]>, z.ZodEnum<["project:admin", "project:editor", "project:viewer", "project:chatUser"]>]>, z.ZodEffects<z.ZodString, string, string>]>;
+export declare const credentialSharingRoleSchema: z.ZodEnum<["credential:owner", "credential:user"]>;
+export declare const workflowSharingRoleSchema: z.ZodEnum<["workflow:owner", "workflow:editor"]>;
+export declare const scopeSchema: z.ZodEffects<z.ZodString, string, string>;
+export declare const roleSchema: z.ZodObject<{
+    slug: z.ZodString;
+    displayName: z.ZodString;
+    description: z.ZodNullable<z.ZodString>;
+    systemRole: z.ZodBoolean;
+    roleType: z.ZodEnum<["global", "project", "credential", "workflow"]>;
+    licensed: z.ZodBoolean;
+    scopes: z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">;
+    createdAt: z.ZodOptional<z.ZodDate>;
+    updatedAt: z.ZodOptional<z.ZodDate>;
+    usedByUsers: z.ZodOptional<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    displayName: string;
+    description: string | null;
+    slug: string;
+    systemRole: boolean;
+    roleType: "credential" | "project" | "workflow" | "global";
+    licensed: boolean;
+    scopes: string[];
+    createdAt?: Date | undefined;
+    updatedAt?: Date | undefined;
+    usedByUsers?: number | undefined;
+}, {
+    displayName: string;
+    description: string | null;
+    slug: string;
+    systemRole: boolean;
+    roleType: "credential" | "project" | "workflow" | "global";
+    licensed: boolean;
+    scopes: string[];
+    createdAt?: Date | undefined;
+    updatedAt?: Date | undefined;
+    usedByUsers?: number | undefined;
+}>;
+export type Role = z.infer<typeof roleSchema>;

package/dist/schemas.ee.js

@@ -0,0 +1,61 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.roleSchema = exports.scopeSchema = exports.workflowSharingRoleSchema = exports.credentialSharingRoleSchema = exports.projectRoleSchema = exports.assignableProjectRoleSchema = exports.systemProjectRoleSchema = exports.customProjectRoleSchema = exports.teamRoleSchema = exports.personalRoleSchema = exports.assignableGlobalRoleSchema = exports.globalRoleSchema = exports.roleNamespaceSchema = void 0;
+const zod_1 = require("zod");
+const scope_information_1 = require("./scope-information");
+exports.roleNamespaceSchema = zod_1.z.enum(['global', 'project', 'credential', 'workflow']);
+exports.globalRoleSchema = zod_1.z.enum([
+    'global:owner',
+    'global:admin',
+    'global:member',
+    'global:chatUser',
+]);
+const customGlobalRoleSchema = zod_1.z
+    .string()
+    .nonempty()
+    .refine((val) => !exports.globalRoleSchema.safeParse(val).success, {
+    message: 'This global role value is not assignable',
+});
+exports.assignableGlobalRoleSchema = zod_1.z.union([
+    exports.globalRoleSchema.exclude([
+        'global:owner',
+    ]),
+    customGlobalRoleSchema,
+]);
+exports.personalRoleSchema = zod_1.z.enum([
+    'project:personalOwner',
+]);
+exports.teamRoleSchema = zod_1.z.enum([
+    'project:admin',
+    'project:editor',
+    'project:viewer',
+    'project:chatUser',
+]);
+exports.customProjectRoleSchema = zod_1.z
+    .string()
+    .nonempty()
+    .refine((val) => !exports.systemProjectRoleSchema.safeParse(val).success, {
+    message: 'This global role value is not assignable',
+});
+exports.systemProjectRoleSchema = zod_1.z.union([exports.personalRoleSchema, exports.teamRoleSchema]);
+exports.assignableProjectRoleSchema = zod_1.z.union([exports.teamRoleSchema, exports.customProjectRoleSchema]);
+exports.projectRoleSchema = zod_1.z.union([exports.systemProjectRoleSchema, exports.customProjectRoleSchema]);
+exports.credentialSharingRoleSchema = zod_1.z.enum(['credential:owner', 'credential:user']);
+exports.workflowSharingRoleSchema = zod_1.z.enum(['workflow:owner', 'workflow:editor']);
+const ALL_SCOPES_LOOKUP_SET = new Set(scope_information_1.ALL_SCOPES);
+exports.scopeSchema = zod_1.z.string().refine((val) => ALL_SCOPES_LOOKUP_SET.has(val), {
+    message: 'Invalid scope',
+});
+exports.roleSchema = zod_1.z.object({
+    slug: zod_1.z.string().min(1),
+    displayName: zod_1.z.string().min(1),
+    description: zod_1.z.string().nullable(),
+    systemRole: zod_1.z.boolean(),
+    roleType: exports.roleNamespaceSchema,
+    licensed: zod_1.z.boolean(),
+    scopes: zod_1.z.array(exports.scopeSchema),
+    createdAt: zod_1.z.date().optional(),
+    updatedAt: zod_1.z.date().optional(),
+    usedByUsers: zod_1.z.number().optional(),
+});
+//# sourceMappingURL=schemas.ee.js.map

package/dist/schemas.ee.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemas.ee.js","sourceRoot":"","sources":["../src/schemas.ee.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAExB,2DAAiD;AAEpC,QAAA,mBAAmB,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC,CAAC;AAE9E,QAAA,gBAAgB,GAAG,OAAC,CAAC,IAAI,CAAC;IACtC,cAAc;IACd,cAAc;IACd,eAAe;IACf,iBAAiB;CACjB,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,OAAC;KAC9B,MAAM,EAAE;KACR,QAAQ,EAAE;KACV,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,wBAAgB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE;IAC1D,OAAO,EAAE,0CAA0C;CACnD,CAAC,CAAC;AAES,QAAA,0BAA0B,GAAG,OAAC,CAAC,KAAK,CAAC;IACjD,wBAAgB,CAAC,OAAO,CAAC;QACxB,cAAc;KACd,CAAC;IACF,sBAAsB;CACtB,CAAC,CAAC;AAEU,QAAA,kBAAkB,GAAG,OAAC,CAAC,IAAI,CAAC;IACxC,uBAAuB;CACvB,CAAC,CAAC;AAGU,QAAA,cAAc,GAAG,OAAC,CAAC,IAAI,CAAC;IACpC,eAAe;IACf,gBAAgB;IAChB,gBAAgB;IAChB,kBAAkB;CAClB,CAAC,CAAC;AAGU,QAAA,uBAAuB,GAAG,OAAC;KACtC,MAAM,EAAE;KACR,QAAQ,EAAE;KACV,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,+BAAuB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE;IACjE,OAAO,EAAE,0CAA0C;CACnD,CAAC,CAAC;AAGS,QAAA,uBAAuB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,0BAAkB,EAAE,sBAAc,CAAC,CAAC,CAAC;AAGxE,QAAA,2BAA2B,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,sBAAc,EAAE,+BAAuB,CAAC,CAAC,CAAC;AAEjF,QAAA,iBAAiB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,+BAAuB,EAAE,+BAAuB,CAAC,CAAC,CAAC;AAEhF,QAAA,2BAA2B,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,kBAAkB,EAAE,iBAAiB,CAAC,CAAC,CAAC;AAE9E,QAAA,yBAAyB,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,gBAAgB,EAAE,iBAAiB,CAAC,CAAC,CAAC;AAEvF,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC,8BAAsB,CAAC,CAAC;AAEjD,QAAA,WAAW,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,qBAAqB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;IACrF,OAAO,EAAE,eAAe;CACxB,CAAC,CAAC;AAEU,QAAA,UAAU,GAAG,OAAC,CAAC,MAAM,CAAC;IAClC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9B,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE;IACvB,QAAQ,EAAE,2BAAmB;IAC7B,QAAQ,EAAE,OAAC,CAAC,OAAO,EAAE;IACrB,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,mBAAW,CAAC;IAC5B,SAAS,EAAE,OAAC,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE;IAC9B,SAAS,EAAE,OAAC,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE;IAC9B,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC,CAAC"}

package/dist/scope-information.d.ts

@@ -0,0 +1,4 @@
+import type { ApiKeyScope, Scope, ScopeInformation } from './types.ee';
+export declare const ALL_SCOPES: Scope[];
+export declare const ALL_API_KEY_SCOPES: Set<ApiKeyScope>;
+export declare const scopeInformation: Partial<Record<Scope, ScopeInformation>>;

package/dist/scope-information.js

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scopeInformation = exports.ALL_API_KEY_SCOPES = exports.ALL_SCOPES = void 0;
+const constants_ee_1 = require("./constants.ee");
+function buildResourceScopes() {
+    const resourceScopes = Object.entries(constants_ee_1.RESOURCES).flatMap(([resource, operations]) => [
+        ...operations.map((op) => `${resource}:${op}`),
+        `${resource}:*`,
+    ]);
+    resourceScopes.push('*');
+    return resourceScopes;
+}
+function buildApiKeyScopes() {
+    const apiKeyScopes = Object.entries(constants_ee_1.API_KEY_RESOURCES).flatMap(([resource, operations]) => [
+        ...operations.map((op) => `${resource}:${op}`),
+    ]);
+    return new Set(apiKeyScopes);
+}
+exports.ALL_SCOPES = buildResourceScopes();
+exports.ALL_API_KEY_SCOPES = buildApiKeyScopes();
+exports.scopeInformation = {
+    'annotationTag:create': {
+        displayName: 'Create Annotation Tag',
+        description: 'Allows creating new annotation tags.',
+    },
+    'workflow:publish': {
+        displayName: 'Publish Workflow',
+        description: 'Allows publishing and unpublishing workflows.',
+    },
+};
+//# sourceMappingURL=scope-information.js.map

package/dist/scope-information.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope-information.js","sourceRoot":"","sources":["../src/scope-information.ts"],"names":[],"mappings":";;;AAAA,iDAA8D;AAG9D,SAAS,mBAAmB;IAC3B,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC,wBAAS,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC;QACpF,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,QAAQ,IAAI,EAAE,EAAW,CAAC;QACvD,GAAG,QAAQ,IAAa;KACxB,CAAY,CAAC;IAEd,cAAc,CAAC,IAAI,CAAC,GAAY,CAAC,CAAC;IAClC,OAAO,cAAc,CAAC;AACvB,CAAC;AAED,SAAS,iBAAiB;IACzB,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,gCAAiB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC;QAC1F,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,QAAQ,IAAI,EAAE,EAAW,CAAC;KACvD,CAAkB,CAAC;IAEpB,OAAO,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;AAC9B,CAAC;AAEY,QAAA,UAAU,GAAG,mBAAmB,EAAE,CAAC;AAEnC,QAAA,kBAAkB,GAAG,iBAAiB,EAAE,CAAC;AAEzC,QAAA,gBAAgB,GAA6C;IACzE,sBAAsB,EAAE;QACvB,WAAW,EAAE,uBAAuB;QACpC,WAAW,EAAE,sCAAsC;KACnD;IACD,kBAAkB,EAAE;QACnB,WAAW,EAAE,kBAAkB;QAC/B,WAAW,EAAE,+CAA+C;KAC5D;CACD,CAAC"}

package/dist/types.ee.d.ts

@@ -0,0 +1,59 @@
+import type { z } from 'zod';
+import type { RESOURCES, API_KEY_RESOURCES } from './constants.ee';
+import type { assignableGlobalRoleSchema, credentialSharingRoleSchema, globalRoleSchema, Role, systemProjectRoleSchema, roleNamespaceSchema, teamRoleSchema, workflowSharingRoleSchema, assignableProjectRoleSchema } from './schemas.ee';
+export type ScopeInformation = {
+    displayName: string;
+    description?: string | null;
+};
+export type Resource = keyof typeof RESOURCES;
+type ResourceScope<R extends Resource, Operation extends (typeof RESOURCES)[R][number] = (typeof RESOURCES)[R][number]> = `${R}:${Operation}`;
+type WildcardScope = `${Resource}:*` | '*';
+type AllScopesObject = {
+    [R in Resource]: ResourceScope<R>;
+};
+export type Scope = AllScopesObject[Resource] | WildcardScope;
+export type ScopeLevels = {
+    global: Scope[];
+    project?: Scope[];
+    resource?: Scope[];
+};
+export type MaskLevels = {
+    sharing: Scope[];
+};
+export type ScopeOptions = {
+    mode: 'oneOf' | 'allOf';
+};
+export type RoleNamespace = z.infer<typeof roleNamespaceSchema>;
+export type GlobalRole = z.infer<typeof globalRoleSchema>;
+export type AssignableGlobalRole = z.infer<typeof assignableGlobalRoleSchema>;
+export type CredentialSharingRole = z.infer<typeof credentialSharingRoleSchema>;
+export type WorkflowSharingRole = z.infer<typeof workflowSharingRoleSchema>;
+export type TeamProjectRole = z.infer<typeof teamRoleSchema>;
+export type ProjectRole = z.infer<typeof systemProjectRoleSchema>;
+export type AssignableProjectRole = z.infer<typeof assignableProjectRoleSchema>;
+export declare function isAssignableProjectRoleSlug(slug: string): slug is AssignableProjectRole;
+export type AllRoleTypes = GlobalRole | ProjectRole | WorkflowSharingRole | CredentialSharingRole;
+export type AllRolesMap = {
+    global: Role[];
+    project: Role[];
+    credential: Role[];
+    workflow: Role[];
+};
+export type DbScope = {
+    slug: Scope;
+};
+export type DbRole = {
+    slug: string;
+    scopes: DbScope[];
+};
+export type AuthPrincipal = {
+    role: DbRole;
+};
+type PublicApiKeyResources = keyof typeof API_KEY_RESOURCES;
+type ApiKeyResourceScope<R extends PublicApiKeyResources, Operation extends (typeof API_KEY_RESOURCES)[R][number] = (typeof API_KEY_RESOURCES)[R][number]> = `${R}:${Operation}`;
+type AllApiKeyScopesObject = {
+    [R in PublicApiKeyResources]: ApiKeyResourceScope<R>;
+};
+export type ApiKeyScope = AllApiKeyScopesObject[PublicApiKeyResources];
+export declare function isApiKeyScope(scope: Scope): scope is ApiKeyScope;
+export {};

package/dist/types.ee.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isAssignableProjectRoleSlug = isAssignableProjectRoleSlug;
+exports.isApiKeyScope = isApiKeyScope;
+const constants_ee_1 = require("./constants.ee");
+const scope_information_1 = require("./scope-information");
+function isAssignableProjectRoleSlug(slug) {
+    return slug.startsWith('project:') && slug !== constants_ee_1.PROJECT_OWNER_ROLE_SLUG;
+}
+function isApiKeyScope(scope) {
+    return scope_information_1.ALL_API_KEY_SCOPES.has(scope);
+}
+//# sourceMappingURL=types.ee.js.map

package/dist/types.ee.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.ee.js","sourceRoot":"","sources":["../src/types.ee.ts"],"names":[],"mappings":";;AAyEA,kEAEC;AA8CD,sCAGC;AA9GD,iDAAyD;AACzD,2DAAyD;AA0DzD,SAAgB,2BAA2B,CAAC,IAAY;IACvD,OAAO,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,IAAI,KAAK,sCAAuB,CAAC;AACxE,CAAC;AA8CD,SAAgB,aAAa,CAAC,KAAY;IAEzC,OAAO,sCAAkB,CAAC,GAAG,CAAC,KAAoB,CAAC,CAAC;AACrD,CAAC"}

package/dist/utilities/combine-scopes.ee.d.ts

@@ -0,0 +1,2 @@
+import type { Scope, ScopeLevels, MaskLevels } from '../types.ee';
+export declare function combineScopes(userScopes: ScopeLevels, masks?: MaskLevels): Set<Scope>;

package/dist/utilities/combine-scopes.ee.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.combineScopes = combineScopes;
+function combineScopes(userScopes, masks) {
+    const maskedScopes = Object.fromEntries(Object.entries(userScopes).map((e) => [e[0], [...e[1]]]));
+    if (masks?.sharing) {
+        if (maskedScopes.project) {
+            maskedScopes.project = maskedScopes.project.filter((v) => masks.sharing.includes(v));
+        }
+        if (maskedScopes.resource) {
+            maskedScopes.resource = maskedScopes.resource.filter((v) => masks.sharing.includes(v));
+        }
+    }
+    return new Set(Object.values(maskedScopes).flat());
+}
+//# sourceMappingURL=combine-scopes.ee.js.map

package/dist/utilities/combine-scopes.ee.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"combine-scopes.ee.js","sourceRoot":"","sources":["../../src/utilities/combine-scopes.ee.ts"],"names":[],"mappings":";;AAeA,sCAeC;AAfD,SAAgB,aAAa,CAAC,UAAuB,EAAE,KAAkB;IACxE,MAAM,YAAY,GAAgB,MAAM,CAAC,WAAW,CACnD,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACzC,CAAC;IAEjB,IAAI,KAAK,EAAE,OAAO,EAAE,CAAC;QACpB,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;YAC1B,YAAY,CAAC,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QACtF,CAAC;QACD,IAAI,YAAY,CAAC,QAAQ,EAAE,CAAC;YAC3B,YAAY,CAAC,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QACxF,CAAC;IACF,CAAC;IAED,OAAO,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;AACpD,CAAC"}

package/dist/utilities/get-global-scopes.ee.d.ts

@@ -0,0 +1,2 @@
+import type { AuthPrincipal } from '../types.ee';
+export declare const getGlobalScopes: (principal: AuthPrincipal) => import("../types.ee").Scope[];

package/dist/utilities/get-global-scopes.ee.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getGlobalScopes = void 0;
+const getGlobalScopes = (principal) => principal.role.scopes.map((scope) => scope.slug) ?? [];
+exports.getGlobalScopes = getGlobalScopes;
+//# sourceMappingURL=get-global-scopes.ee.js.map

package/dist/utilities/get-global-scopes.ee.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-global-scopes.ee.js","sourceRoot":"","sources":["../../src/utilities/get-global-scopes.ee.ts"],"names":[],"mappings":";;;AAOO,MAAM,eAAe,GAAG,CAAC,SAAwB,EAAE,EAAE,CAC3D,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;AAD3C,QAAA,eAAe,mBAC4B"}

package/dist/utilities/get-resource-permissions.ee.d.ts

@@ -0,0 +1,10 @@
+import { RESOURCES } from '../constants.ee';
+import type { Scope } from '../types.ee';
+type ActionBooleans<T extends readonly string[]> = {
+    [K in T[number]]?: boolean;
+};
+export type PermissionsRecord = {
+    [K in keyof typeof RESOURCES]: ActionBooleans<(typeof RESOURCES)[K]>;
+};
+export declare const getResourcePermissions: (resourceScopes?: Scope[]) => PermissionsRecord;
+export {};