@clawbureau/clawverify-core 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +12 -0
- package/dist/badge-health.d.ts +40 -0
- package/dist/badge-health.d.ts.map +1 -0
- package/dist/badge-health.js +56 -0
- package/dist/badge-health.js.map +1 -0
- package/dist/compliance.d.ts +106 -0
- package/dist/compliance.d.ts.map +1 -0
- package/dist/compliance.js +356 -0
- package/dist/compliance.js.map +1 -0
- package/dist/hashcash.d.ts +44 -0
- package/dist/hashcash.d.ts.map +1 -0
- package/dist/hashcash.js +97 -0
- package/dist/hashcash.js.map +1 -0
- package/dist/index.d.ts +10 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +10 -0
- package/dist/index.js.map +1 -1
- package/dist/policy-evaluator.d.ts +119 -0
- package/dist/policy-evaluator.d.ts.map +1 -0
- package/dist/policy-evaluator.js +452 -0
- package/dist/policy-evaluator.js.map +1 -0
- package/dist/schema-validators.generated.d.ts.map +1 -1
- package/dist/schema-validators.generated.js +2121 -1102
- package/dist/schema-validators.generated.js.map +1 -1
- package/dist/trace-compiler.d.ts +7 -0
- package/dist/trace-compiler.d.ts.map +1 -0
- package/dist/trace-compiler.js +46 -0
- package/dist/trace-compiler.js.map +1 -0
- package/dist/types.d.ts +68 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/verify-causal-integrity.d.ts +68 -0
- package/dist/verify-causal-integrity.d.ts.map +1 -0
- package/dist/verify-causal-integrity.js +186 -0
- package/dist/verify-causal-integrity.js.map +1 -0
- package/package.json +2 -2
|
@@ -0,0 +1,452 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* WPC v2 Policy Evaluator — IAM-style policy engine.
|
|
3
|
+
*
|
|
4
|
+
* Evaluation rules (matching AWS IAM semantics):
|
|
5
|
+
* 1. Default deny: if no statement explicitly allows, the action is denied.
|
|
6
|
+
* 2. Explicit Deny always wins over Allow.
|
|
7
|
+
* 3. Strict Intersection: when `inherits` is set, parent AND child must both allow.
|
|
8
|
+
*
|
|
9
|
+
* Pure TypeScript, zero external dependencies, deterministic, offline.
|
|
10
|
+
* Designed to run in Cloudflare Workers (<5ms for 20 statements).
|
|
11
|
+
*/
|
|
12
|
+
// ---------------------------------------------------------------------------
|
|
13
|
+
// Glob matching (minimal, no dependencies)
|
|
14
|
+
// ---------------------------------------------------------------------------
|
|
15
|
+
/**
|
|
16
|
+
* Match a value against a glob pattern.
|
|
17
|
+
* Supports:
|
|
18
|
+
* - '*' matches any sequence of characters (non-greedy per segment)
|
|
19
|
+
* - '**' matches any sequence including path separators
|
|
20
|
+
* - '?' matches exactly one character
|
|
21
|
+
*/
|
|
22
|
+
function globMatch(pattern, value) {
|
|
23
|
+
// Fast-path: exact wildcard
|
|
24
|
+
if (pattern === '*' || pattern === '**')
|
|
25
|
+
return true;
|
|
26
|
+
// Convert glob to regex
|
|
27
|
+
let regex = '^';
|
|
28
|
+
let i = 0;
|
|
29
|
+
while (i < pattern.length) {
|
|
30
|
+
const ch = pattern[i];
|
|
31
|
+
if (ch === '*') {
|
|
32
|
+
if (pattern[i + 1] === '*') {
|
|
33
|
+
// ** matches everything including /
|
|
34
|
+
regex += '.*';
|
|
35
|
+
i += 2;
|
|
36
|
+
// Skip trailing / after **
|
|
37
|
+
if (pattern[i] === '/')
|
|
38
|
+
i++;
|
|
39
|
+
}
|
|
40
|
+
else {
|
|
41
|
+
// * matches everything except /
|
|
42
|
+
regex += '[^/]*';
|
|
43
|
+
i++;
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
else if (ch === '?') {
|
|
47
|
+
regex += '[^/]';
|
|
48
|
+
i++;
|
|
49
|
+
}
|
|
50
|
+
else {
|
|
51
|
+
// Escape regex special chars
|
|
52
|
+
regex += ch.replace(/[.+^${}()|[\]\\]/g, '\\$&');
|
|
53
|
+
i++;
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
regex += '$';
|
|
57
|
+
return new RegExp(regex).test(value);
|
|
58
|
+
}
|
|
59
|
+
// ---------------------------------------------------------------------------
|
|
60
|
+
// CIDR matching (IPv4 only, sufficient for policy evaluation)
|
|
61
|
+
// ---------------------------------------------------------------------------
|
|
62
|
+
function ipToNumber(ip) {
|
|
63
|
+
const parts = ip.split('.');
|
|
64
|
+
if (parts.length !== 4)
|
|
65
|
+
return null;
|
|
66
|
+
let num = 0;
|
|
67
|
+
for (const part of parts) {
|
|
68
|
+
const n = parseInt(part, 10);
|
|
69
|
+
if (isNaN(n) || n < 0 || n > 255)
|
|
70
|
+
return null;
|
|
71
|
+
num = (num << 8) | n;
|
|
72
|
+
}
|
|
73
|
+
// Convert to unsigned 32-bit
|
|
74
|
+
return num >>> 0;
|
|
75
|
+
}
|
|
76
|
+
function cidrMatch(cidr, ip) {
|
|
77
|
+
const [network, prefixStr] = cidr.split('/');
|
|
78
|
+
const prefix = prefixStr !== undefined ? parseInt(prefixStr, 10) : 32;
|
|
79
|
+
if (isNaN(prefix) || prefix < 0 || prefix > 32)
|
|
80
|
+
return false;
|
|
81
|
+
const networkNum = ipToNumber(network);
|
|
82
|
+
const ipNum = ipToNumber(ip);
|
|
83
|
+
if (networkNum === null || ipNum === null)
|
|
84
|
+
return false;
|
|
85
|
+
if (prefix === 0)
|
|
86
|
+
return true;
|
|
87
|
+
const mask = (~0 << (32 - prefix)) >>> 0;
|
|
88
|
+
return (networkNum & mask) === (ipNum & mask);
|
|
89
|
+
}
|
|
90
|
+
// ---------------------------------------------------------------------------
|
|
91
|
+
// Condition evaluation
|
|
92
|
+
// ---------------------------------------------------------------------------
|
|
93
|
+
function evaluateConditionOperator(operator, conditionMap, context) {
|
|
94
|
+
for (const [key, expected] of Object.entries(conditionMap)) {
|
|
95
|
+
const actual = context[key];
|
|
96
|
+
switch (operator) {
|
|
97
|
+
case 'StringEquals':
|
|
98
|
+
if (actual !== expected)
|
|
99
|
+
return false;
|
|
100
|
+
break;
|
|
101
|
+
case 'StringNotEquals':
|
|
102
|
+
if (actual === expected)
|
|
103
|
+
return false;
|
|
104
|
+
break;
|
|
105
|
+
case 'StringLike':
|
|
106
|
+
if (actual === undefined || !globMatch(expected, actual))
|
|
107
|
+
return false;
|
|
108
|
+
break;
|
|
109
|
+
case 'StringNotLike':
|
|
110
|
+
if (actual !== undefined && globMatch(expected, actual))
|
|
111
|
+
return false;
|
|
112
|
+
break;
|
|
113
|
+
case 'NumericEquals': {
|
|
114
|
+
if (actual === undefined)
|
|
115
|
+
return false;
|
|
116
|
+
const numActual = parseFloat(actual);
|
|
117
|
+
const numExpected = parseFloat(expected);
|
|
118
|
+
if (isNaN(numActual) || isNaN(numExpected))
|
|
119
|
+
return false;
|
|
120
|
+
if (numActual !== numExpected)
|
|
121
|
+
return false;
|
|
122
|
+
break;
|
|
123
|
+
}
|
|
124
|
+
case 'NumericLessThan': {
|
|
125
|
+
if (actual === undefined)
|
|
126
|
+
return false;
|
|
127
|
+
const numActual = parseFloat(actual);
|
|
128
|
+
const numExpected = parseFloat(expected);
|
|
129
|
+
if (isNaN(numActual) || isNaN(numExpected))
|
|
130
|
+
return false;
|
|
131
|
+
if (numActual >= numExpected)
|
|
132
|
+
return false;
|
|
133
|
+
break;
|
|
134
|
+
}
|
|
135
|
+
case 'NumericGreaterThan': {
|
|
136
|
+
if (actual === undefined)
|
|
137
|
+
return false;
|
|
138
|
+
const numActual = parseFloat(actual);
|
|
139
|
+
const numExpected = parseFloat(expected);
|
|
140
|
+
if (isNaN(numActual) || isNaN(numExpected))
|
|
141
|
+
return false;
|
|
142
|
+
if (numActual <= numExpected)
|
|
143
|
+
return false;
|
|
144
|
+
break;
|
|
145
|
+
}
|
|
146
|
+
case 'Bool': {
|
|
147
|
+
if (actual === undefined)
|
|
148
|
+
return false;
|
|
149
|
+
const boolExpected = expected.toLowerCase() === 'true';
|
|
150
|
+
const boolActual = actual.toLowerCase() === 'true';
|
|
151
|
+
if (boolActual !== boolExpected)
|
|
152
|
+
return false;
|
|
153
|
+
break;
|
|
154
|
+
}
|
|
155
|
+
case 'IpAddress': {
|
|
156
|
+
if (actual === undefined)
|
|
157
|
+
return false;
|
|
158
|
+
if (!cidrMatch(expected, actual))
|
|
159
|
+
return false;
|
|
160
|
+
break;
|
|
161
|
+
}
|
|
162
|
+
default:
|
|
163
|
+
// Unknown operator: fail-closed
|
|
164
|
+
return false;
|
|
165
|
+
}
|
|
166
|
+
}
|
|
167
|
+
return true;
|
|
168
|
+
}
|
|
169
|
+
function evaluateConditions(conditions, context) {
|
|
170
|
+
if (!conditions)
|
|
171
|
+
return true;
|
|
172
|
+
// All condition operators must pass (AND logic)
|
|
173
|
+
for (const [operator, conditionMap] of Object.entries(conditions)) {
|
|
174
|
+
if (!conditionMap || typeof conditionMap !== 'object')
|
|
175
|
+
continue;
|
|
176
|
+
if (!evaluateConditionOperator(operator, conditionMap, context)) {
|
|
177
|
+
return false;
|
|
178
|
+
}
|
|
179
|
+
}
|
|
180
|
+
return true;
|
|
181
|
+
}
|
|
182
|
+
// ---------------------------------------------------------------------------
|
|
183
|
+
// Statement matching
|
|
184
|
+
// ---------------------------------------------------------------------------
|
|
185
|
+
function actionMatches(statementActions, requestedAction) {
|
|
186
|
+
return statementActions.some((pattern) => globMatch(pattern, requestedAction));
|
|
187
|
+
}
|
|
188
|
+
function resourceMatches(statementResources, requestedResource) {
|
|
189
|
+
return statementResources.some((pattern) => globMatch(pattern, requestedResource));
|
|
190
|
+
}
|
|
191
|
+
// ---------------------------------------------------------------------------
|
|
192
|
+
// v1 -> v2 conversion (inline, for backward compat evaluation)
|
|
193
|
+
// ---------------------------------------------------------------------------
|
|
194
|
+
/**
|
|
195
|
+
* Convert a WPC v1 to v2 statements for evaluation.
|
|
196
|
+
* This mirrors the logic in the migration helper but is kept inline
|
|
197
|
+
* to avoid circular deps.
|
|
198
|
+
*/
|
|
199
|
+
export function convertV1toV2(v1) {
|
|
200
|
+
const statements = [];
|
|
201
|
+
let sid = 0;
|
|
202
|
+
// allowed_providers -> model:invoke with StringEquals on Model:Provider
|
|
203
|
+
if (v1.allowed_providers && v1.allowed_providers.length > 0) {
|
|
204
|
+
for (const provider of v1.allowed_providers) {
|
|
205
|
+
statements.push({
|
|
206
|
+
sid: `v1-provider-${++sid}`,
|
|
207
|
+
effect: 'Allow',
|
|
208
|
+
actions: ['model:invoke'],
|
|
209
|
+
resources: ['*'],
|
|
210
|
+
conditions: {
|
|
211
|
+
StringEquals: { 'Model:Provider': provider },
|
|
212
|
+
},
|
|
213
|
+
});
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
else {
|
|
217
|
+
// No provider restriction -> allow all model invocations
|
|
218
|
+
statements.push({
|
|
219
|
+
sid: `v1-model-allow-all-${++sid}`,
|
|
220
|
+
effect: 'Allow',
|
|
221
|
+
actions: ['model:invoke'],
|
|
222
|
+
resources: ['*'],
|
|
223
|
+
});
|
|
224
|
+
}
|
|
225
|
+
// allowed_models -> model:invoke with StringLike on Model:Name
|
|
226
|
+
if (v1.allowed_models && v1.allowed_models.length > 0) {
|
|
227
|
+
// If allowed_models is set, deny all models first, then allow the listed ones
|
|
228
|
+
statements.push({
|
|
229
|
+
sid: `v1-model-deny-unlisted-${++sid}`,
|
|
230
|
+
effect: 'Deny',
|
|
231
|
+
actions: ['model:invoke'],
|
|
232
|
+
resources: ['*'],
|
|
233
|
+
conditions: {
|
|
234
|
+
// This deny applies when Model:Name does NOT match any allowed pattern.
|
|
235
|
+
// Since we can't express OR in a single condition, we add individual Allow
|
|
236
|
+
// statements for each model. The default deny covers the rest.
|
|
237
|
+
},
|
|
238
|
+
});
|
|
239
|
+
// Actually, for v1 compat we just allow specific models.
|
|
240
|
+
// Remove the deny (default deny handles unlisted).
|
|
241
|
+
statements.pop();
|
|
242
|
+
// Remove the blanket model allow we added above
|
|
243
|
+
const blanketIdx = statements.findIndex((s) => s.sid.startsWith('v1-model-allow-all-'));
|
|
244
|
+
if (blanketIdx >= 0) {
|
|
245
|
+
statements.splice(blanketIdx, 1);
|
|
246
|
+
}
|
|
247
|
+
// Also remove provider-specific allows and replace with model+provider combo
|
|
248
|
+
const providerIdxs = [];
|
|
249
|
+
statements.forEach((s, i) => {
|
|
250
|
+
if (s.sid.startsWith('v1-provider-'))
|
|
251
|
+
providerIdxs.push(i);
|
|
252
|
+
});
|
|
253
|
+
// Keep provider statements AND add model-specific ones
|
|
254
|
+
for (const model of v1.allowed_models) {
|
|
255
|
+
statements.push({
|
|
256
|
+
sid: `v1-model-${++sid}`,
|
|
257
|
+
effect: 'Allow',
|
|
258
|
+
actions: ['model:invoke'],
|
|
259
|
+
resources: ['*'],
|
|
260
|
+
conditions: {
|
|
261
|
+
StringLike: { 'Model:Name': model },
|
|
262
|
+
},
|
|
263
|
+
});
|
|
264
|
+
}
|
|
265
|
+
}
|
|
266
|
+
// egress_allowlist -> side_effect:network_egress
|
|
267
|
+
if (v1.egress_allowlist && v1.egress_allowlist.length > 0) {
|
|
268
|
+
for (const domain of v1.egress_allowlist) {
|
|
269
|
+
statements.push({
|
|
270
|
+
sid: `v1-egress-${++sid}`,
|
|
271
|
+
effect: 'Allow',
|
|
272
|
+
actions: ['side_effect:network_egress'],
|
|
273
|
+
resources: ['*'],
|
|
274
|
+
conditions: {
|
|
275
|
+
StringLike: { 'SideEffect:TargetDomain': domain },
|
|
276
|
+
},
|
|
277
|
+
});
|
|
278
|
+
}
|
|
279
|
+
}
|
|
280
|
+
else {
|
|
281
|
+
// No egress restriction -> allow all
|
|
282
|
+
statements.push({
|
|
283
|
+
sid: `v1-egress-allow-all-${++sid}`,
|
|
284
|
+
effect: 'Allow',
|
|
285
|
+
actions: ['side_effect:network_egress'],
|
|
286
|
+
resources: ['*'],
|
|
287
|
+
});
|
|
288
|
+
}
|
|
289
|
+
// Allow all tool execution and filesystem operations by default (v1 had no tool/fs restrictions)
|
|
290
|
+
statements.push({
|
|
291
|
+
sid: `v1-tools-allow-all-${++sid}`,
|
|
292
|
+
effect: 'Allow',
|
|
293
|
+
actions: ['tool:*', 'side_effect:filesystem_read', 'side_effect:filesystem_write'],
|
|
294
|
+
resources: ['*'],
|
|
295
|
+
});
|
|
296
|
+
// Ensure at least one statement exists
|
|
297
|
+
if (statements.length === 0) {
|
|
298
|
+
statements.push({
|
|
299
|
+
sid: 'v1-default-allow-all',
|
|
300
|
+
effect: 'Allow',
|
|
301
|
+
actions: ['*'],
|
|
302
|
+
resources: ['*'],
|
|
303
|
+
});
|
|
304
|
+
}
|
|
305
|
+
return {
|
|
306
|
+
policy_version: '2',
|
|
307
|
+
policy_id: v1.policy_id,
|
|
308
|
+
issuer_did: v1.issuer_did,
|
|
309
|
+
statements,
|
|
310
|
+
metadata: {
|
|
311
|
+
...v1.metadata,
|
|
312
|
+
_migrated_from: 'v1',
|
|
313
|
+
_original_policy_version: '1',
|
|
314
|
+
},
|
|
315
|
+
};
|
|
316
|
+
}
|
|
317
|
+
// ---------------------------------------------------------------------------
|
|
318
|
+
// Core evaluator
|
|
319
|
+
// ---------------------------------------------------------------------------
|
|
320
|
+
/**
|
|
321
|
+
* Evaluate a single WPC v2 policy (no inheritance resolution).
|
|
322
|
+
*/
|
|
323
|
+
function evaluateStatements(statements, action, resource, context) {
|
|
324
|
+
let hasAllow = false;
|
|
325
|
+
const matchedAllowSids = [];
|
|
326
|
+
const matchedDenySids = [];
|
|
327
|
+
for (const stmt of statements) {
|
|
328
|
+
// Check action match
|
|
329
|
+
if (!actionMatches(stmt.actions, action))
|
|
330
|
+
continue;
|
|
331
|
+
// Check resource match
|
|
332
|
+
if (!resourceMatches(stmt.resources, resource))
|
|
333
|
+
continue;
|
|
334
|
+
// Check conditions
|
|
335
|
+
if (!evaluateConditions(stmt.conditions, context))
|
|
336
|
+
continue;
|
|
337
|
+
// Statement matches
|
|
338
|
+
if (stmt.effect === 'Deny') {
|
|
339
|
+
// Explicit Deny always wins — short circuit
|
|
340
|
+
matchedDenySids.push(stmt.sid);
|
|
341
|
+
}
|
|
342
|
+
else {
|
|
343
|
+
hasAllow = true;
|
|
344
|
+
matchedAllowSids.push(stmt.sid);
|
|
345
|
+
}
|
|
346
|
+
}
|
|
347
|
+
// Deny wins over Allow (IAM semantics)
|
|
348
|
+
if (matchedDenySids.length > 0) {
|
|
349
|
+
return { effect: 'DENY', matchedSids: matchedDenySids };
|
|
350
|
+
}
|
|
351
|
+
if (hasAllow) {
|
|
352
|
+
return { effect: 'ALLOW', matchedSids: matchedAllowSids };
|
|
353
|
+
}
|
|
354
|
+
// Default deny
|
|
355
|
+
return { effect: 'DENY', matchedSids: [] };
|
|
356
|
+
}
|
|
357
|
+
/**
|
|
358
|
+
* Normalize a WPC (v1 or v2) to v2 for evaluation.
|
|
359
|
+
*/
|
|
360
|
+
function normalizeToV2(policy) {
|
|
361
|
+
if (policy.policy_version === '2')
|
|
362
|
+
return policy;
|
|
363
|
+
if (policy.policy_version === '1')
|
|
364
|
+
return convertV1toV2(policy);
|
|
365
|
+
// Unknown version: fail-closed with empty statements (deny all)
|
|
366
|
+
return {
|
|
367
|
+
policy_version: '2',
|
|
368
|
+
policy_id: policy.policy_id ?? 'unknown',
|
|
369
|
+
issuer_did: policy.issuer_did ?? 'unknown',
|
|
370
|
+
statements: [],
|
|
371
|
+
};
|
|
372
|
+
}
|
|
373
|
+
/**
|
|
374
|
+
* Evaluate a WPC policy against an action, resource, and context.
|
|
375
|
+
*
|
|
376
|
+
* Supports both WPC v1 (auto-converted) and v2 policies.
|
|
377
|
+
* When `inherits` is set and a `resolver` is provided, performs
|
|
378
|
+
* Strict Intersection (parent AND child must both allow).
|
|
379
|
+
*
|
|
380
|
+
* @param policy - The WPC policy (v1 or v2)
|
|
381
|
+
* @param action - The action being requested (e.g., "model:invoke")
|
|
382
|
+
* @param resource - The resource being acted upon (e.g., "src/index.ts")
|
|
383
|
+
* @param context - Context keys from the proof bundle / runtime
|
|
384
|
+
* @param resolver - Optional resolver for parent policies (Strict Intersection)
|
|
385
|
+
*/
|
|
386
|
+
export function evaluatePolicy(policy, action, resource, context, resolver) {
|
|
387
|
+
const v2 = normalizeToV2(policy);
|
|
388
|
+
const childResult = evaluateStatements(v2.statements, action, resource, context);
|
|
389
|
+
// If no inheritance, return child result directly
|
|
390
|
+
if (!v2.inherits || !resolver) {
|
|
391
|
+
return {
|
|
392
|
+
effect: childResult.effect,
|
|
393
|
+
reason: childResult.effect === 'ALLOW'
|
|
394
|
+
? `Allowed by statement(s): ${childResult.matchedSids.join(', ') || 'none'}`
|
|
395
|
+
: childResult.matchedSids.length > 0
|
|
396
|
+
? `Explicitly denied by statement(s): ${childResult.matchedSids.join(', ')}`
|
|
397
|
+
: `No statement allows action '${action}' on resource '${resource}' (default deny)`,
|
|
398
|
+
matched_statements: childResult.matchedSids,
|
|
399
|
+
};
|
|
400
|
+
}
|
|
401
|
+
// Strict Intersection: resolve parent and evaluate
|
|
402
|
+
const parentRaw = resolver(v2.inherits);
|
|
403
|
+
if (!parentRaw) {
|
|
404
|
+
// Cannot resolve parent: fail-closed
|
|
405
|
+
return {
|
|
406
|
+
effect: 'DENY',
|
|
407
|
+
reason: `Cannot resolve parent policy '${v2.inherits}' (fail-closed)`,
|
|
408
|
+
matched_statements: [],
|
|
409
|
+
};
|
|
410
|
+
}
|
|
411
|
+
const parent = normalizeToV2(parentRaw);
|
|
412
|
+
const parentResult = evaluateStatements(parent.statements, action, resource, context);
|
|
413
|
+
// Both must allow (Strict Intersection)
|
|
414
|
+
if (parentResult.effect === 'DENY') {
|
|
415
|
+
return {
|
|
416
|
+
effect: 'DENY',
|
|
417
|
+
reason: parentResult.matchedSids.length > 0
|
|
418
|
+
? `Parent policy '${v2.inherits}' explicitly denied by: ${parentResult.matchedSids.join(', ')}`
|
|
419
|
+
: `Parent policy '${v2.inherits}' has no statement allowing action '${action}' on '${resource}'`,
|
|
420
|
+
matched_statements: parentResult.matchedSids,
|
|
421
|
+
};
|
|
422
|
+
}
|
|
423
|
+
if (childResult.effect === 'DENY') {
|
|
424
|
+
return {
|
|
425
|
+
effect: 'DENY',
|
|
426
|
+
reason: childResult.matchedSids.length > 0
|
|
427
|
+
? `Explicitly denied by child statement(s): ${childResult.matchedSids.join(', ')}`
|
|
428
|
+
: `No child statement allows action '${action}' on resource '${resource}' (default deny)`,
|
|
429
|
+
matched_statements: childResult.matchedSids,
|
|
430
|
+
};
|
|
431
|
+
}
|
|
432
|
+
// Both allow
|
|
433
|
+
const allSids = [...parentResult.matchedSids, ...childResult.matchedSids];
|
|
434
|
+
return {
|
|
435
|
+
effect: 'ALLOW',
|
|
436
|
+
reason: `Allowed by parent (${parentResult.matchedSids.join(', ')}) AND child (${childResult.matchedSids.join(', ')})`,
|
|
437
|
+
matched_statements: allSids,
|
|
438
|
+
};
|
|
439
|
+
}
|
|
440
|
+
/**
|
|
441
|
+
* Convenience: evaluate multiple actions against a policy.
|
|
442
|
+
* Returns a map of action -> PolicyDecision.
|
|
443
|
+
*/
|
|
444
|
+
export function evaluatePolicyBatch(policy, requests, context, resolver) {
|
|
445
|
+
const results = new Map();
|
|
446
|
+
for (const { action, resource } of requests) {
|
|
447
|
+
const key = `${action}::${resource}`;
|
|
448
|
+
results.set(key, evaluatePolicy(policy, action, resource, context, resolver));
|
|
449
|
+
}
|
|
450
|
+
return results;
|
|
451
|
+
}
|
|
452
|
+
//# sourceMappingURL=policy-evaluator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"policy-evaluator.js","sourceRoot":"","sources":["../src/policy-evaluator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AA+FH,8EAA8E;AAC9E,2CAA2C;AAC3C,8EAA8E;AAE9E;;;;;;GAMG;AACH,SAAS,SAAS,CAAC,OAAe,EAAE,KAAa;IAC/C,4BAA4B;IAC5B,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAErD,wBAAwB;IACxB,IAAI,KAAK,GAAG,GAAG,CAAC;IAChB,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;QAC1B,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,IAAI,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBAC3B,oCAAoC;gBACpC,KAAK,IAAI,IAAI,CAAC;gBACd,CAAC,IAAI,CAAC,CAAC;gBACP,2BAA2B;gBAC3B,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,GAAG;oBAAE,CAAC,EAAE,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,gCAAgC;gBAChC,KAAK,IAAI,OAAO,CAAC;gBACjB,CAAC,EAAE,CAAC;YACN,CAAC;QACH,CAAC;aAAM,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACtB,KAAK,IAAI,MAAM,CAAC;YAChB,CAAC,EAAE,CAAC;QACN,CAAC;aAAM,CAAC;YACN,6BAA6B;YAC7B,KAAK,IAAI,EAAE,CAAC,OAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC;YACjD,CAAC,EAAE,CAAC;QACN,CAAC;IACH,CAAC;IACD,KAAK,IAAI,GAAG,CAAC;IAEb,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACvC,CAAC;AAED,8EAA8E;AAC9E,8DAA8D;AAC9D,8EAA8E;AAE9E,SAAS,UAAU,CAAC,EAAU;IAC5B,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC7B,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG;YAAE,OAAO,IAAI,CAAC;QAC9C,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;IACD,6BAA6B;IAC7B,OAAO,GAAG,KAAK,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,SAAS,CAAC,IAAY,EAAE,EAAU;IACzC,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACtE,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,MAAM,GAAG,CAAC,IAAI,MAAM,GAAG,EAAE;QAAE,OAAO,KAAK,CAAC;IAE7D,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,UAAU,CAAC,EAAE,CAAC,CAAC;IAC7B,IAAI,UAAU,KAAK,IAAI,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAExD,IAAI,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9B,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;IACzC,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC;AAChD,CAAC;AAED,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E,SAAS,yBAAyB,CAChC,QAAgB,EAChB,YAA0B,EAC1B,OAAsB;IAEtB,KAAK,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;QAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QAE5B,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,cAAc;gBACjB,IAAI,MAAM,KAAK,QAAQ;oBAAE,OAAO,KAAK,CAAC;gBACtC,MAAM;YAER,KAAK,iBAAiB;gBACpB,IAAI,MAAM,KAAK,QAAQ;oBAAE,OAAO,KAAK,CAAC;gBACtC,MAAM;YAER,KAAK,YAAY;gBACf,IAAI,MAAM,KAAK,SAAS,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC;oBAAE,OAAO,KAAK,CAAC;gBACvE,MAAM;YAER,KAAK,eAAe;gBAClB,IAAI,MAAM,KAAK,SAAS,IAAI,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC;oBAAE,OAAO,KAAK,CAAC;gBACtE,MAAM;YAER,KAAK,eAAe,CAAC,CAAC,CAAC;gBACrB,IAAI,MAAM,KAAK,SAAS;oBAAE,OAAO,KAAK,CAAC;gBACvC,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;gBACrC,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;gBACzC,IAAI,KAAK,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,WAAW,CAAC;oBAAE,OAAO,KAAK,CAAC;gBACzD,IAAI,SAAS,KAAK,WAAW;oBAAE,OAAO,KAAK,CAAC;gBAC5C,MAAM;YACR,CAAC;YAED,KAAK,iBAAiB,CAAC,CAAC,CAAC;gBACvB,IAAI,MAAM,KAAK,SAAS;oBAAE,OAAO,KAAK,CAAC;gBACvC,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;gBACrC,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;gBACzC,IAAI,KAAK,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,WAAW,CAAC;oBAAE,OAAO,KAAK,CAAC;gBACzD,IAAI,SAAS,IAAI,WAAW;oBAAE,OAAO,KAAK,CAAC;gBAC3C,MAAM;YACR,CAAC;YAED,KAAK,oBAAoB,CAAC,CAAC,CAAC;gBAC1B,IAAI,MAAM,KAAK,SAAS;oBAAE,OAAO,KAAK,CAAC;gBACvC,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;gBACrC,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;gBACzC,IAAI,KAAK,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,WAAW,CAAC;oBAAE,OAAO,KAAK,CAAC;gBACzD,IAAI,SAAS,IAAI,WAAW;oBAAE,OAAO,KAAK,CAAC;gBAC3C,MAAM;YACR,CAAC;YAED,KAAK,MAAM,CAAC,CAAC,CAAC;gBACZ,IAAI,MAAM,KAAK,SAAS;oBAAE,OAAO,KAAK,CAAC;gBACvC,MAAM,YAAY,GAAG,QAAQ,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC;gBACvD,MAAM,UAAU,GAAG,MAAM,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC;gBACnD,IAAI,UAAU,KAAK,YAAY;oBAAE,OAAO,KAAK,CAAC;gBAC9C,MAAM;YACR,CAAC;YAED,KAAK,WAAW,CAAC,CAAC,CAAC;gBACjB,IAAI,MAAM,KAAK,SAAS;oBAAE,OAAO,KAAK,CAAC;gBACvC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC;oBAAE,OAAO,KAAK,CAAC;gBAC/C,MAAM;YACR,CAAC;YAED;gBACE,gCAAgC;gBAChC,OAAO,KAAK,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,kBAAkB,CACzB,UAAwC,EACxC,OAAsB;IAEtB,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAE7B,gDAAgD;IAChD,KAAK,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QAClE,IAAI,CAAC,YAAY,IAAI,OAAO,YAAY,KAAK,QAAQ;YAAE,SAAS;QAChE,IAAI,CAAC,yBAAyB,CAAC,QAAQ,EAAE,YAA4B,EAAE,OAAO,CAAC,EAAE,CAAC;YAChF,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E,SAAS,aAAa,CAAC,gBAA0B,EAAE,eAAuB;IACxE,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC,CAAC;AACjF,CAAC;AAED,SAAS,eAAe,CAAC,kBAA4B,EAAE,iBAAyB;IAC9E,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC,CAAC;AACrF,CAAC;AAED,8EAA8E;AAC9E,+DAA+D;AAC/D,8EAA8E;AAE9E;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,EAAS;IACrC,MAAM,UAAU,GAAsB,EAAE,CAAC;IACzC,IAAI,GAAG,GAAG,CAAC,CAAC;IAEZ,wEAAwE;IACxE,IAAI,EAAE,CAAC,iBAAiB,IAAI,EAAE,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5D,KAAK,MAAM,QAAQ,IAAI,EAAE,CAAC,iBAAiB,EAAE,CAAC;YAC5C,UAAU,CAAC,IAAI,CAAC;gBACd,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE;gBAC3B,MAAM,EAAE,OAAO;gBACf,OAAO,EAAE,CAAC,cAAc,CAAC;gBACzB,SAAS,EAAE,CAAC,GAAG,CAAC;gBAChB,UAAU,EAAE;oBACV,YAAY,EAAE,EAAE,gBAAgB,EAAE,QAAQ,EAAE;iBAC7C;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;SAAM,CAAC;QACN,yDAAyD;QACzD,UAAU,CAAC,IAAI,CAAC;YACd,GAAG,EAAE,sBAAsB,EAAE,GAAG,EAAE;YAClC,MAAM,EAAE,OAAO;YACf,OAAO,EAAE,CAAC,cAAc,CAAC;YACzB,SAAS,EAAE,CAAC,GAAG,CAAC;SACjB,CAAC,CAAC;IACL,CAAC;IAED,+DAA+D;IAC/D,IAAI,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtD,8EAA8E;QAC9E,UAAU,CAAC,IAAI,CAAC;YACd,GAAG,EAAE,0BAA0B,EAAE,GAAG,EAAE;YACtC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,CAAC,cAAc,CAAC;YACzB,SAAS,EAAE,CAAC,GAAG,CAAC;YAChB,UAAU,EAAE;YACV,wEAAwE;YACxE,2EAA2E;YAC3E,+DAA+D;aAChE;SACF,CAAC,CAAC;QACH,yDAAyD;QACzD,mDAAmD;QACnD,UAAU,CAAC,GAAG,EAAE,CAAC;QACjB,gDAAgD;QAChD,MAAM,UAAU,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAC5C,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,qBAAqB,CAAC,CACxC,CAAC;QACF,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;YACpB,UAAU,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;QACnC,CAAC;QACD,6EAA6E;QAC7E,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YAC1B,IAAI,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC;gBAAE,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QACH,uDAAuD;QACvD,KAAK,MAAM,KAAK,IAAI,EAAE,CAAC,cAAc,EAAE,CAAC;YACtC,UAAU,CAAC,IAAI,CAAC;gBACd,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE;gBACxB,MAAM,EAAE,OAAO;gBACf,OAAO,EAAE,CAAC,cAAc,CAAC;gBACzB,SAAS,EAAE,CAAC,GAAG,CAAC;gBAChB,UAAU,EAAE;oBACV,UAAU,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE;iBACpC;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,iDAAiD;IACjD,IAAI,EAAE,CAAC,gBAAgB,IAAI,EAAE,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,KAAK,MAAM,MAAM,IAAI,EAAE,CAAC,gBAAgB,EAAE,CAAC;YACzC,UAAU,CAAC,IAAI,CAAC;gBACd,GAAG,EAAE,aAAa,EAAE,GAAG,EAAE;gBACzB,MAAM,EAAE,OAAO;gBACf,OAAO,EAAE,CAAC,4BAA4B,CAAC;gBACvC,SAAS,EAAE,CAAC,GAAG,CAAC;gBAChB,UAAU,EAAE;oBACV,UAAU,EAAE,EAAE,yBAAyB,EAAE,MAAM,EAAE;iBAClD;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;SAAM,CAAC;QACN,qCAAqC;QACrC,UAAU,CAAC,IAAI,CAAC;YACd,GAAG,EAAE,uBAAuB,EAAE,GAAG,EAAE;YACnC,MAAM,EAAE,OAAO;YACf,OAAO,EAAE,CAAC,4BAA4B,CAAC;YACvC,SAAS,EAAE,CAAC,GAAG,CAAC;SACjB,CAAC,CAAC;IACL,CAAC;IAED,iGAAiG;IACjG,UAAU,CAAC,IAAI,CAAC;QACd,GAAG,EAAE,sBAAsB,EAAE,GAAG,EAAE;QAClC,MAAM,EAAE,OAAO;QACf,OAAO,EAAE,CAAC,QAAQ,EAAE,6BAA6B,EAAE,8BAA8B,CAAC;QAClF,SAAS,EAAE,CAAC,GAAG,CAAC;KACjB,CAAC,CAAC;IAEH,uCAAuC;IACvC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,UAAU,CAAC,IAAI,CAAC;YACd,GAAG,EAAE,sBAAsB;YAC3B,MAAM,EAAE,OAAO;YACf,OAAO,EAAE,CAAC,GAAG,CAAC;YACd,SAAS,EAAE,CAAC,GAAG,CAAC;SACjB,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,cAAc,EAAE,GAAG;QACnB,SAAS,EAAE,EAAE,CAAC,SAAS;QACvB,UAAU,EAAE,EAAE,CAAC,UAAU;QACzB,UAAU;QACV,QAAQ,EAAE;YACR,GAAG,EAAE,CAAC,QAAQ;YACd,cAAc,EAAE,IAAI;YACpB,wBAAwB,EAAE,GAAG;SAC9B;KACF,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E;;GAEG;AACH,SAAS,kBAAkB,CACzB,UAA6B,EAC7B,MAAc,EACd,QAAgB,EAChB,OAAsB;IAEtB,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,qBAAqB;QACrB,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC;YAAE,SAAS;QAEnD,uBAAuB;QACvB,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC;YAAE,SAAS;QAEzD,mBAAmB;QACnB,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC;YAAE,SAAS;QAE5D,oBAAoB;QACpB,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAC3B,4CAA4C;YAC5C,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACjC,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,IAAI,CAAC;YAChB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,eAAe,EAAE,CAAC;IAC1D,CAAC;IAED,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,CAAC;IAC5D,CAAC;IAED,eAAe;IACf,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,MAAW;IAChC,IAAI,MAAM,CAAC,cAAc,KAAK,GAAG;QAAE,OAAO,MAAe,CAAC;IAC1D,IAAI,MAAM,CAAC,cAAc,KAAK,GAAG;QAAE,OAAO,aAAa,CAAC,MAAe,CAAC,CAAC;IACzE,gEAAgE;IAChE,OAAO;QACL,cAAc,EAAE,GAAG;QACnB,SAAS,EAAG,MAAiC,CAAC,SAAS,IAAI,SAAS;QACpE,UAAU,EAAG,MAAiC,CAAC,UAAU,IAAI,SAAS;QACtE,UAAU,EAAE,EAAE;KACf,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,cAAc,CAC5B,MAAW,EACX,MAAc,EACd,QAAgB,EAChB,OAAsB,EACtB,QAAyB;IAEzB,MAAM,EAAE,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,WAAW,GAAG,kBAAkB,CAAC,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IAEjF,kDAAkD;IAClD,IAAI,CAAC,EAAE,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC9B,OAAO;YACL,MAAM,EAAE,WAAW,CAAC,MAAM;YAC1B,MAAM,EACJ,WAAW,CAAC,MAAM,KAAK,OAAO;gBAC5B,CAAC,CAAC,4BAA4B,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,EAAE;gBAC5E,CAAC,CAAC,WAAW,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;oBAClC,CAAC,CAAC,sCAAsC,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;oBAC5E,CAAC,CAAC,+BAA+B,MAAM,kBAAkB,QAAQ,kBAAkB;YACzF,kBAAkB,EAAE,WAAW,CAAC,WAAW;SAC5C,CAAC;IACJ,CAAC;IAED,mDAAmD;IACnD,MAAM,SAAS,GAAG,QAAQ,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC;IACxC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,qCAAqC;QACrC,OAAO;YACL,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,iCAAiC,EAAE,CAAC,QAAQ,iBAAiB;YACrE,kBAAkB,EAAE,EAAE;SACvB,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;IACxC,MAAM,YAAY,GAAG,kBAAkB,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IAEtF,wCAAwC;IACxC,IAAI,YAAY,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QACnC,OAAO;YACL,MAAM,EAAE,MAAM;YACd,MAAM,EACJ,YAAY,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;gBACjC,CAAC,CAAC,kBAAkB,EAAE,CAAC,QAAQ,2BAA2B,YAAY,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAC/F,CAAC,CAAC,kBAAkB,EAAE,CAAC,QAAQ,uCAAuC,MAAM,SAAS,QAAQ,GAAG;YACpG,kBAAkB,EAAE,YAAY,CAAC,WAAW;SAC7C,CAAC;IACJ,CAAC;IAED,IAAI,WAAW,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAClC,OAAO;YACL,MAAM,EAAE,MAAM;YACd,MAAM,EACJ,WAAW,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;gBAChC,CAAC,CAAC,4CAA4C,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAClF,CAAC,CAAC,qCAAqC,MAAM,kBAAkB,QAAQ,kBAAkB;YAC7F,kBAAkB,EAAE,WAAW,CAAC,WAAW;SAC5C,CAAC;IACJ,CAAC;IAED,aAAa;IACb,MAAM,OAAO,GAAG,CAAC,GAAG,YAAY,CAAC,WAAW,EAAE,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IAC1E,OAAO;QACL,MAAM,EAAE,OAAO;QACf,MAAM,EAAE,sBAAsB,YAAY,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QACtH,kBAAkB,EAAE,OAAO;KAC5B,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CACjC,MAAW,EACX,QAAqD,EACrD,OAAsB,EACtB,QAAyB;IAEzB,MAAM,OAAO,GAAG,IAAI,GAAG,EAA0B,CAAC;IAClD,KAAK,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,QAAQ,EAAE,CAAC;QAC5C,MAAM,GAAG,GAAG,GAAG,MAAM,KAAK,QAAQ,EAAE,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;IAChF,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema-validators.generated.d.ts","sourceRoot":"","sources":["../src/schema-validators.generated.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"schema-validators.generated.d.ts","sourceRoot":"","sources":["../src/schema-validators.generated.ts"],"names":[],"mappings":"AAWa,eAAO,MAAM,6BAA6B,mBAAa,CAAC;AAA08yK,iBAAS,UAAU,CAAC,IAAI,KAAA,EAAE,EAAC,YAAe,EAAE,UAAU,EAAE,kBAAkB,EAAE,QAAa,EAAE,cAAiB,EAAC;;;;CAAG,WAAw0R;kBAA/6R,UAAU;;;;;;;AAAq/R,eAAO,MAAM,gCAAgC,mBAAa,CAAC;AAA4wzE,iBAAS,UAAU,CAAC,IAAI,KAAA,EAAE,EAAC,YAAe,EAAE,UAAU,EAAE,kBAAkB,EAAE,QAAa,EAAE,cAAiB,EAAC;;;;CAAG,WAAi1R;kBAAx7R,UAAU;;;;;;;AAA8/R,eAAO,MAAM,4BAA4B,mBAAa,CAAC;AAAutiB,iBAAS,UAAU,CAAC,IAAI,KAAA,EAAE,EAAC,YAAe,EAAE,UAAU,EAAE,kBAAkB,EAAE,QAAa,EAAE,cAAiB,EAAC;;;;CAAG,WAAq0R;kBAA56R,UAAU;;;;;;;AAAk/R,eAAO,MAAM,sCAAsC,mBAAa,CAAC;AAAowJ,iBAAS,UAAU,CAAC,IAAI,KAAA,EAAE,EAAC,YAAe,EAAE,UAAU,EAAE,kBAAkB,EAAE,QAAa,EAAE,cAAiB,EAAC;;;;CAAG,WAAo5/C;kBAA3//C,UAAU;;;;;;;AAAikgD,eAAO,MAAM,uCAAuC,mBAAa,CAAC;AAAuwqI,iBAAS,UAAU,CAAC,IAAI,KAAA,EAAE,EAAC,YAAe,EAAE,UAAU,EAAE,kBAAkB,EAAE,QAAa,EAAE,cAAiB,EAAC;;;;CAAG,WAAs2R;kBAA78R,UAAU;;;;;;;AAAmhS,eAAO,MAAM,wCAAwC,mBAAa,CAAC;AAAmogG,iBAAS,UAAU,CAAC,IAAI,KAAA,EAAE,EAAC,YAAe,EAAE,UAAU,EAAE,kBAAkB,EAAE,QAAa,EAAE,cAAiB,EAAC;;;;CAAG,WAA42R;kBAAn9R,UAAU;;;;;;;AAAyhS,eAAO,MAAM,2BAA2B,mBAAa,CAAC;AAAA,iBAAS,UAAU,CAAC,IAAI,KAAA,EAAE,EAAC,YAAe,EAAE,UAAU,EAAE,kBAAkB,EAAE,QAAa,EAAE,cAAiB,EAAC;;;;CAAG,WAAs9X;kBAA7jY,UAAU;;;;;;;AAAmoY,eAAO,MAAM,sBAAsB,mBAAa,CAAC;AAA4gG,iBAAS,UAAU,CAAC,IAAI,KAAA,EAAE,EAAC,YAAe,EAAE,UAAU,EAAE,kBAAkB,EAAE,QAAa,EAAE,cAAiB,EAAC;;;;CAAG,WAA++wB;kBAAtlxB,UAAU;;;;;;;AAA4pxB,eAAO,MAAM,uBAAuB,mBAAa,CAAC;AAAA,iBAAS,UAAU,CAAC,IAAI,KAAA,EAAE,EAAC,YAAe,EAAE,UAAU,EAAE,kBAAkB,EAAE,QAAa,EAAE,cAAiB,EAAC;;;;CAAG,WAAkvwC;kBAAz1wC,UAAU;;;;;;;AAA+5wC,eAAO,MAAM,aAAa,mBAAa,CAAC;AAAgmG,iBAAS,UAAU,CAAC,IAAI,KAAA,EAAE,EAAC,YAAe,EAAE,UAAU,EAAE,kBAAkB,EAAE,QAAa,EAAE,cAAiB,EAAC;;;;CAAG,WAA4ozB;kBAAnvzB,UAAU;;;;;;;AAAyzzB,eAAO,MAAM,oBAAoB,mBAAa,CAAC;AAA8kE,iBAAS,UAAU,CAAC,IAAI,KAAA,EAAE,EAAC,YAAe,EAAE,UAAU,EAAE,kBAAkB,EAAE,QAAa,EAAE,cAAiB,EAAC;;;;CAAG,WAAymU;kBAAhtU,UAAU;;;;;;;AAAsxU,eAAO,MAAM,4BAA4B,mBAAa,CAAC;AAAy6E,iBAAS,UAAU,CAAC,IAAI,KAAA,EAAE,EAAC,YAAe,EAAE,UAAU,EAAE,kBAAkB,EAAE,QAAa,EAAE,cAAiB,EAAC;;;;CAAG,WAA6tc;kBAAp0c,UAAU"}
|