npm - @cldmv/slothlet - Versions diffs - 3.3.0 → 3.4.0 - Mend

@cldmv/slothlet 3.3.0 → 3.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (139) hide show

package/README.md +9 -10
package/REFERENCE.md +23 -0
package/dist/lib/builders/api-assignment.mjs +1 -589
package/dist/lib/builders/api_builder.mjs +1 -1385
package/dist/lib/builders/builder.mjs +1 -78
package/dist/lib/builders/modes-processor.mjs +1 -1800
package/dist/lib/errors.mjs +9 -211
package/dist/lib/factories/component-base.mjs +1 -80
package/dist/lib/factories/context.mjs +1 -22
package/dist/lib/handlers/api-cache-manager.mjs +1 -200
package/dist/lib/handlers/api-manager.mjs +1 -2536
package/dist/lib/handlers/context-async.mjs +1 -172
package/dist/lib/handlers/context-live.mjs +1 -173
package/dist/lib/handlers/hook-manager.mjs +1 -667
package/dist/lib/handlers/lifecycle-token.mjs +1 -28
package/dist/lib/handlers/lifecycle.mjs +1 -115
package/dist/lib/handlers/materialize-manager.mjs +1 -48
package/dist/lib/handlers/metadata.mjs +1 -501
package/dist/lib/handlers/ownership.mjs +1 -322
package/dist/lib/handlers/permission-manager.mjs +1 -392
package/dist/lib/handlers/unified-wrapper.mjs +1 -3110
package/dist/lib/handlers/version-manager.mjs +1 -885
package/dist/lib/helpers/class-instance-wrapper.mjs +1 -109
package/dist/lib/helpers/config.mjs +1 -439
package/dist/lib/helpers/eventemitter-context.mjs +1 -349
package/dist/lib/helpers/hint-detector.mjs +1 -47
package/dist/lib/helpers/modes-utils.mjs +1 -37
package/dist/lib/helpers/pattern-matcher.mjs +1 -125
package/dist/lib/helpers/resolve-from-caller.mjs +1 -169
package/dist/lib/helpers/sanitize.mjs +1 -340
package/dist/lib/helpers/utilities.mjs +1 -70
package/dist/lib/i18n/languages/de-de.json +1 -0
package/dist/lib/i18n/languages/en-gb.json +1 -0
package/dist/lib/i18n/languages/en-us.json +1 -0
package/dist/lib/i18n/languages/es-es.json +412 -0
package/dist/lib/i18n/languages/es-mx.json +1 -0
package/dist/lib/i18n/languages/fr-fr.json +1 -0
package/dist/lib/i18n/languages/hi-in.json +2 -1
package/dist/lib/i18n/languages/ja-jp.json +1 -0
package/dist/lib/i18n/languages/ko-kr.json +1 -0
package/dist/lib/i18n/languages/pt-br.json +21 -20
package/dist/lib/i18n/languages/ru-ru.json +2 -1
package/dist/lib/i18n/languages/zh-cn.json +6 -5
package/dist/lib/i18n/translations.mjs +1 -126
package/dist/lib/modes/eager.mjs +1 -59
package/dist/lib/modes/lazy.mjs +1 -81
package/dist/lib/processors/flatten.mjs +1 -437
package/dist/lib/processors/loader.mjs +1 -339
package/dist/lib/processors/type-generator.mjs +1 -275
package/dist/lib/processors/typescript.mjs +1 -172
package/dist/lib/runtime/runtime-asynclocalstorage.mjs +1 -113
package/dist/lib/runtime/runtime-livebindings.mjs +1 -78
package/dist/lib/runtime/runtime.mjs +1 -102
package/dist/slothlet.mjs +1 -817
package/package.json +35 -31
package/types/dist/lib/builders/api-assignment.d.mts +3 -92
package/types/dist/lib/builders/api-assignment.d.mts.map +1 -1
package/types/dist/lib/builders/api_builder.d.mts +102 -91
package/types/dist/lib/builders/api_builder.d.mts.map +1 -1
package/types/dist/lib/builders/builder.d.mts +1 -55
package/types/dist/lib/builders/builder.d.mts.map +1 -1
package/types/dist/lib/builders/modes-processor.d.mts +3 -27
package/types/dist/lib/builders/modes-processor.d.mts.map +1 -1
package/types/dist/lib/errors.d.mts +19 -109
package/types/dist/lib/errors.d.mts.map +1 -1
package/types/dist/lib/factories/component-base.d.mts +7 -177
package/types/dist/lib/factories/component-base.d.mts.map +1 -1
package/types/dist/lib/factories/context.d.mts +4 -22
package/types/dist/lib/factories/context.d.mts.map +1 -1
package/types/dist/lib/handlers/api-cache-manager.d.mts +20 -203
package/types/dist/lib/handlers/api-cache-manager.d.mts.map +1 -1
package/types/dist/lib/handlers/api-manager.d.mts +34 -408
package/types/dist/lib/handlers/api-manager.d.mts.map +1 -1
package/types/dist/lib/handlers/context-async.d.mts +23 -61
package/types/dist/lib/handlers/context-async.d.mts.map +1 -1
package/types/dist/lib/handlers/context-live.d.mts +22 -59
package/types/dist/lib/handlers/context-live.d.mts.map +1 -1
package/types/dist/lib/handlers/hook-manager.d.mts +46 -185
package/types/dist/lib/handlers/hook-manager.d.mts.map +1 -1
package/types/dist/lib/handlers/lifecycle-token.d.mts +3 -48
package/types/dist/lib/handlers/lifecycle-token.d.mts.map +1 -1
package/types/dist/lib/handlers/lifecycle.d.mts +5 -82
package/types/dist/lib/handlers/lifecycle.d.mts.map +1 -1
package/types/dist/lib/handlers/materialize-manager.d.mts +8 -70
package/types/dist/lib/handlers/materialize-manager.d.mts.map +1 -1
package/types/dist/lib/handlers/metadata.d.mts +17 -221
package/types/dist/lib/handlers/metadata.d.mts.map +1 -1
package/types/dist/lib/handlers/ownership.d.mts +44 -160
package/types/dist/lib/handlers/ownership.d.mts.map +1 -1
package/types/dist/lib/handlers/permission-manager.d.mts +40 -141
package/types/dist/lib/handlers/permission-manager.d.mts.map +1 -1
package/types/dist/lib/handlers/unified-wrapper.d.mts +26 -239
package/types/dist/lib/handlers/unified-wrapper.d.mts.map +1 -1
package/types/dist/lib/handlers/version-manager.d.mts +28 -225
package/types/dist/lib/handlers/version-manager.d.mts.map +1 -1
package/types/dist/lib/helpers/class-instance-wrapper.d.mts +2 -52
package/types/dist/lib/helpers/class-instance-wrapper.d.mts.map +1 -1
package/types/dist/lib/helpers/config.d.mts +125 -139
package/types/dist/lib/helpers/config.d.mts.map +1 -1
package/types/dist/lib/helpers/eventemitter-context.d.mts +3 -29
package/types/dist/lib/helpers/eventemitter-context.d.mts.map +1 -1
package/types/dist/lib/helpers/hint-detector.d.mts +2 -15
package/types/dist/lib/helpers/hint-detector.d.mts.map +1 -1
package/types/dist/lib/helpers/modes-utils.d.mts +3 -30
package/types/dist/lib/helpers/modes-utils.d.mts.map +1 -1
package/types/dist/lib/helpers/pattern-matcher.d.mts +3 -43
package/types/dist/lib/helpers/pattern-matcher.d.mts.map +1 -1
package/types/dist/lib/helpers/resolve-from-caller.d.mts +3 -27
package/types/dist/lib/helpers/resolve-from-caller.d.mts.map +1 -1
package/types/dist/lib/helpers/sanitize.d.mts +4 -92
package/types/dist/lib/helpers/sanitize.d.mts.map +1 -1
package/types/dist/lib/helpers/utilities.d.mts +4 -52
package/types/dist/lib/helpers/utilities.d.mts.map +1 -1
package/types/dist/lib/i18n/translations.d.mts +4 -37
package/types/dist/lib/i18n/translations.d.mts.map +1 -1
package/types/dist/lib/modes/eager.d.mts +8 -30
package/types/dist/lib/modes/eager.d.mts.map +1 -1
package/types/dist/lib/modes/lazy.d.mts +10 -43
package/types/dist/lib/modes/lazy.d.mts.map +1 -1
package/types/dist/lib/processors/flatten.d.mts +56 -107
package/types/dist/lib/processors/flatten.d.mts.map +1 -1
package/types/dist/lib/processors/loader.d.mts +6 -41
package/types/dist/lib/processors/loader.d.mts.map +1 -1
package/types/dist/lib/processors/type-generator.d.mts +2 -16
package/types/dist/lib/processors/type-generator.d.mts.map +1 -1
package/types/dist/lib/processors/typescript.d.mts +6 -53
package/types/dist/lib/processors/typescript.d.mts.map +1 -1
package/types/dist/lib/runtime/runtime-asynclocalstorage.d.mts +3 -71
package/types/dist/lib/runtime/runtime-asynclocalstorage.d.mts.map +1 -1
package/types/dist/lib/runtime/runtime-livebindings.d.mts +2 -37
package/types/dist/lib/runtime/runtime-livebindings.d.mts.map +1 -1
package/types/dist/lib/runtime/runtime.d.mts +3 -39
package/types/dist/lib/runtime/runtime.d.mts.map +1 -1
package/types/dist/slothlet.d.mts +3 -249
package/types/dist/slothlet.d.mts.map +1 -1
package/types/index.d.mts +36 -16
package/types/index.d.mts.map +1 -0
package/AGENT-USAGE.md +0 -736
package/docs/API-RULES.md +0 -712

package/dist/lib/handlers/permission-manager.mjs CHANGED Viewed

@@ -14,395 +14,4 @@
 	limitations under the License.
 */
-import { ComponentBase } from "@cldmv/slothlet/factories/component-base";
-import { compilePattern } from "@cldmv/slothlet/helpers/pattern-matcher";
-import { translate } from "@cldmv/slothlet/i18n";
-let ruleIdCounter = 0;
-export class PermissionManager extends ComponentBase {
-	static slothletProperty = "permissionManager";
-	#rules = new Map();
-	#defaultPolicy = "allow";
-	#enabled = false;
-	#audit = "default";
-	#resolvedCache = new Map();
-	#compiledCache = new Map();
-	constructor(slothlet) {
-		super(slothlet);
-		const permConfig = slothlet.config?.permissions;
-		if (permConfig) {
-			this.#defaultPolicy = permConfig.defaultPolicy || "allow";
-			this.#enabled = permConfig.enabled !== false;
-			this.#audit = permConfig.audit || "default";
-			if (Array.isArray(permConfig.rules)) {
-				for (const rule of permConfig.rules) {
-					this.addRule(rule, null);
-				}
-			}
-		}
-		this.addRule({ caller: "**", target: "slothlet.permissions.control.**", effect: "deny" }, "__builtin__");
-	}
-	addRule(rule, ownerModuleID = null, ruleId = null) {
-		this.#validateRule(rule);
-		const id = ruleId || `perm-${++ruleIdCounter}`;
-		const entry = {
-			id,
-			caller: rule.caller,
-			target: rule.target,
-			effect: rule.effect,
-			ownerModuleID: ownerModuleID,
-			registeredAt: Date.now()
-		};
-		this.#rules.set(id, entry);
-		this.#clearCache();
-		this.debug("permissions", {
-			key: "DEBUG_PERMISSION_RULE_ADDED",
-			ruleId: id,
-			caller: rule.caller,
-			target: rule.target,
-			effect: rule.effect,
-			ownerModuleID
-		});
-		return id;
-	}
-	removeRule(ruleId, callerModuleID = null) {
-		const entry = this.#rules.get(ruleId);
-		if (!entry) return false;
-		if (callerModuleID && entry.ownerModuleID && callerModuleID === entry.ownerModuleID) {
-			throw new this.SlothletError("PERMISSION_SELF_MODIFY", {
-				ruleId,
-				moduleID: callerModuleID
-			});
-		}
-		this.#rules.delete(ruleId);
-		this.#clearCache();
-		this.debug("permissions", {
-			key: "DEBUG_PERMISSION_RULE_REMOVED",
-			ruleId,
-			caller: entry.caller,
-			target: entry.target,
-			effect: entry.effect
-		});
-		return true;
-	}
-	checkAccess(callerPath, targetPath, callerFilePath = null, targetFilePath = null) {
-		const isControlTarget = targetPath?.startsWith("slothlet.permissions.control.");
-		if (!this.#enabled && !isControlTarget) return true;
-		if (callerFilePath && targetFilePath && callerFilePath === targetFilePath) {
-			this.#emitAuditEvent("permission:self-bypass", {
-				caller: callerPath,
-				target: targetPath,
-				filePath: callerFilePath
-			});
-			return true;
-		}
-		const cacheKey = `${callerPath}::${targetPath}`;
-		if (this.#resolvedCache.has(cacheKey)) {
-			const cached = this.#resolvedCache.get(cacheKey);
-			this.#emitAuditEvent(cached.event, cached.payload);
-			return cached.allowed;
-		}
-		const entry = this.#evaluate(callerPath, targetPath);
-		this.#resolvedCache.set(cacheKey, entry);
-		this.#emitAuditEvent(entry.event, entry.payload);
-		return entry.allowed;
-	}
-	getRulesForPath(targetPath) {
-		const matching = [];
-		for (const entry of this.#rules.values()) {
-			const targetMatcher = this.#getCompiledPattern(entry.target);
-			if (targetMatcher(targetPath)) {
-				matching.push(this.#serializeRule(entry));
-			}
-		}
-		return matching;
-	}
-	getRulesByModule(moduleID) {
-		const matching = [];
-		for (const entry of this.#rules.values()) {
-			if (entry.ownerModuleID === moduleID) {
-				matching.push(this.#serializeRule(entry));
-			}
-		}
-		return matching;
-	}
-	getRulesForCaller(callerPath) {
-		const matching = [];
-		for (const entry of this.#rules.values()) {
-			const callerMatcher = this.#getCompiledPattern(entry.caller);
-			if (callerMatcher(callerPath)) {
-				matching.push(this.#serializeRule(entry));
-			}
-		}
-		return matching;
-	}
-	enable() {
-		this.#enabled = true;
-		this.#clearCache();
-	}
-	disable() {
-		this.#enabled = false;
-		this.#clearCache();
-	}
-	isEnabled() {
-		return this.#enabled;
-	}
-	exportRules() {
-		const rules = [];
-		for (const entry of this.#rules.values()) {
-			rules.push({
-				rule: { caller: entry.caller, target: entry.target, effect: entry.effect },
-				ownerModuleID: entry.ownerModuleID
-			});
-		}
-		return rules;
-	}
-	importRules(registrations) {
-		if (!Array.isArray(registrations)) return;
-		for (const reg of registrations) {
-			this.addRule(reg.rule, reg.ownerModuleID);
-		}
-	}
-	async shutdown() {
-		this.#rules.clear();
-		this.#resolvedCache.clear();
-		this.#compiledCache.clear();
-		this.#enabled = false;
-		this.#defaultPolicy = "allow";
-		this.#audit = "default";
-	}
-	#validateRule(rule) {
-		if (!rule || typeof rule !== "object") {
-			throw new this.SlothletError("INVALID_PERMISSION_RULE", {
-				reason: translate("PERM_RULE_NOT_OBJECT"),
-				received: typeof rule
-			});
-		}
-		if (typeof rule.caller !== "string" || !rule.caller) {
-			throw new this.SlothletError("INVALID_PERMISSION_RULE", {
-				reason: translate("PERM_RULE_CALLER_REQUIRED"),
-				received: typeof rule.caller
-			});
-		}
-		if (typeof rule.target !== "string" || !rule.target) {
-			throw new this.SlothletError("INVALID_PERMISSION_RULE", {
-				reason: translate("PERM_RULE_TARGET_REQUIRED"),
-				received: typeof rule.target
-			});
-		}
-		if (rule.effect !== "allow" && rule.effect !== "deny") {
-			throw new this.SlothletError("INVALID_PERMISSION_RULE", {
-				reason: translate("PERM_RULE_EFFECT_INVALID"),
-				received: rule.effect
-			});
-		}
-	}
-	#evaluate(callerPath, targetPath) {
-		const matches = [];
-		for (const entry of this.#rules.values()) {
-			const callerMatcher = this.#getCompiledPattern(entry.caller);
-			const targetMatcher = this.#getCompiledPattern(entry.target);
-			if (callerMatcher(callerPath) && targetMatcher(targetPath)) {
-				matches.push(entry);
-			}
-		}
-		if (matches.length === 0) {
-			const allowed = this.#defaultPolicy === "allow";
-			return {
-				allowed,
-				event: "permission:default",
-				payload: { caller: callerPath, target: targetPath, policy: this.#defaultPolicy }
-			};
-		}
-		matches.sort((a, b) => {
-			const specA = this.#computeSpecificity(a, callerPath, targetPath);
-			const specB = this.#computeSpecificity(b, callerPath, targetPath);
-			if (specA !== specB) return specB - specA;
-			return a.registeredAt - b.registeredAt;
-		});
-		const highestSpec = this.#computeSpecificity(matches[0], callerPath, targetPath);
-		const topTier = matches.filter((m) => this.#computeSpecificity(m, callerPath, targetPath) === highestSpec);
-		const winner = topTier[topTier.length - 1];
-		const allowed = winner.effect === "allow";
-		return {
-			allowed,
-			event: allowed ? "permission:allowed" : "permission:denied",
-			payload: { caller: callerPath, target: targetPath, rule: this.#serializeRule(winner) }
-		};
-	}
-	#computeSpecificity(entry, callerPath, targetPath) {
-		return this.#patternSpecificity(entry.caller, callerPath) + this.#patternSpecificity(entry.target, targetPath);
-	}
-	#patternSpecificity(pattern, _path) {
-		if (!pattern.includes("*") && !pattern.includes("?") && !pattern.includes("{")) {
-			return 3;
-		}
-		if (pattern.includes("**")) {
-			return 1;
-		}
-		return 2;
-	}
-	#getCompiledPattern(pattern) {
-		let matcher = this.#compiledCache.get(pattern);
-		if (!matcher) {
-			matcher = compilePattern(pattern);
-			this.#compiledCache.set(pattern, matcher);
-		}
-		return matcher;
-	}
-	#clearCache() {
-		this.#resolvedCache.clear();
-	}
-	#emitAuditEvent(event, payload) {
-		this.debug("permissions", {
-			key:
-				event === "permission:denied"
-					? "DEBUG_PERMISSION_DENIED"
-					: event === "permission:allowed"
-						? "DEBUG_PERMISSION_ALLOWED"
-						: event === "permission:self-bypass"
-							? "DEBUG_PERMISSION_SELF_BYPASS"
-							: "DEBUG_PERMISSION_DEFAULT",
-			...payload
-		});
-		const alwaysEmit = event === "permission:denied" || event === "permission:self-bypass";
-		if (!alwaysEmit && this.#audit !== "verbose") return;
-		const lifecycle = this.slothlet.handlers?.lifecycle;
-		if (lifecycle) {
-			lifecycle.emit(event, { ...payload, timestamp: Date.now() });
-		}
-	}
-	#serializeRule(entry) {
-		return {
-			id: entry.id,
-			caller: entry.caller,
-			target: entry.target,
-			effect: entry.effect,
-			ownerModuleID: entry.ownerModuleID,
-			registeredAt: entry.registeredAt
-		};
-	}
-	debug(category, data) {
-		this.slothlet.debug(category, data);
-	}
-}
+import{ComponentBase}from"@cldmv/slothlet/factories/component-base";import{compilePattern}from"@cldmv/slothlet/helpers/pattern-matcher";import{translate}from"@cldmv/slothlet/i18n";let ruleIdCounter=0;class PermissionManager extends ComponentBase{static slothletProperty="permissionManager";#rules=new Map;#defaultPolicy="allow";#enabled=false;#audit="default";#resolvedCache=new Map;#compiledCache=new Map;constructor(slothlet){super(slothlet);const permConfig=slothlet.config?.permissions;if(permConfig){this.#defaultPolicy=permConfig.defaultPolicy||"allow";this.#enabled=permConfig.enabled!==false;this.#audit=permConfig.audit||"default";if(Array.isArray(permConfig.rules)){for(const rule of permConfig.rules){this.addRule(rule,null)}}}this.addRule({caller:"**",target:"slothlet.permissions.control.**",effect:"deny"},"__builtin__")}addRule(rule,ownerModuleID=null,ruleId=null){this.#validateRule(rule);const id=ruleId||`perm-${++ruleIdCounter}`;const entry={id,caller:rule.caller,target:rule.target,effect:rule.effect,condition:rule.condition??null,ownerModuleID,registeredAt:Date.now()};this.#rules.set(id,entry);this.#clearCache();this.debug("permissions",{key:"DEBUG_PERMISSION_RULE_ADDED",ruleId:id,caller:rule.caller,target:rule.target,effect:rule.effect,ownerModuleID});return id}removeRule(ruleId,callerModuleID=null){const entry=this.#rules.get(ruleId);if(!entry)return false;if(callerModuleID&&entry.ownerModuleID&&callerModuleID===entry.ownerModuleID){throw new this.SlothletError("PERMISSION_SELF_MODIFY",{ruleId,moduleID:callerModuleID})}this.#rules.delete(ruleId);this.#clearCache();this.debug("permissions",{key:"DEBUG_PERMISSION_RULE_REMOVED",ruleId,caller:entry.caller,target:entry.target,effect:entry.effect});return true}checkAccess(callerPath,targetPath,callerFilePath=null,targetFilePath=null,runtimeContext=null){const isControlTarget=targetPath?.startsWith("slothlet.permissions.control.");if(!this.#enabled&&!isControlTarget)return true;if(callerFilePath&&targetFilePath&&callerFilePath===targetFilePath){this.#emitAuditEvent("permission:self-bypass",{caller:callerPath,target:targetPath,filePath:callerFilePath});return true}const cacheKey=`${callerPath}::${targetPath}`;if(this.#resolvedCache.has(cacheKey)){const cached=this.#resolvedCache.get(cacheKey);this.#emitAuditEvent(cached.event,cached.payload);return cached.allowed}const entry=this.#evaluate(callerPath,targetPath,runtimeContext);if(!entry.hasConditionalRules){this.#resolvedCache.set(cacheKey,entry)}this.#emitAuditEvent(entry.event,entry.payload);return entry.allowed}getRulesForPath(targetPath){const matching=[];for(const entry of this.#rules.values()){const targetMatcher=this.#getCompiledPattern(entry.target);if(targetMatcher(targetPath)){matching.push(this.#serializeRule(entry))}}return matching}getRulesByModule(moduleID){const matching=[];for(const entry of this.#rules.values()){if(entry.ownerModuleID===moduleID){matching.push(this.#serializeRule(entry))}}return matching}getRulesForCaller(callerPath){const matching=[];for(const entry of this.#rules.values()){const callerMatcher=this.#getCompiledPattern(entry.caller);if(callerMatcher(callerPath)){matching.push(this.#serializeRule(entry))}}return matching}enable(){this.#enabled=true;this.#clearCache()}disable(){this.#enabled=false;this.#clearCache()}isEnabled(){return this.#enabled}exportRules(){const rules=[];for(const entry of this.#rules.values()){rules.push({rule:{caller:entry.caller,target:entry.target,effect:entry.effect},ownerModuleID:entry.ownerModuleID})}return rules}importRules(registrations){if(!Array.isArray(registrations))return;for(const reg of registrations){this.addRule(reg.rule,reg.ownerModuleID)}}async shutdown(){this.#rules.clear();this.#resolvedCache.clear();this.#compiledCache.clear();this.#enabled=false;this.#defaultPolicy="allow";this.#audit="default"}#validateRule(rule){const getValueType=value=>{if(value===null)return"null";if(Array.isArray(value))return"array";return typeof value};if(!rule||typeof rule!=="object"){throw new this.SlothletError("INVALID_PERMISSION_RULE",{reason:translate("PERM_RULE_NOT_OBJECT"),received:typeof rule})}if(typeof rule.caller!=="string"||!rule.caller){throw new this.SlothletError("INVALID_PERMISSION_RULE",{reason:translate("PERM_RULE_CALLER_REQUIRED"),received:typeof rule.caller})}if(typeof rule.target!=="string"||!rule.target){throw new this.SlothletError("INVALID_PERMISSION_RULE",{reason:translate("PERM_RULE_TARGET_REQUIRED"),received:typeof rule.target})}if(rule.effect!=="allow"&&rule.effect!=="deny"){throw new this.SlothletError("INVALID_PERMISSION_RULE",{reason:translate("PERM_RULE_EFFECT_INVALID"),received:rule.effect})}if(rule.condition!==void 0&&rule.condition!==null){const isPlainObject=c=>{if(c===null||typeof c!=="object")return false;const proto=Object.getPrototypeOf(c);return proto===Object.prototype||proto===null};const isValidConditionEntry=c=>typeof c==="function"||isPlainObject(c);const entries=Array.isArray(rule.condition)?rule.condition:[rule.condition];const allValid=entries.length>0&&entries.every(isValidConditionEntry);if(!allValid){const conditionIndex=entries.findIndex(entry=>!isValidConditionEntry(entry));const invalidEntry=conditionIndex>=0?entries[conditionIndex]:rule.condition;throw new this.SlothletError("INVALID_PERMISSION_RULE",{reason:translate("PERM_RULE_CONDITION_INVALID"),received:getValueType(invalidEntry)})}}}#deepObjectMatches(pattern,ctx){if(ctx==null||typeof ctx!=="object")return false;for(const[key,val]of Object.entries(pattern)){const proto=val!==null&&typeof val==="object"?Object.getPrototypeOf(val):null;const isPlainNested=proto===Object.prototype||proto===null;if(val!==null&&typeof val==="object"&&isPlainNested){if(!this.#deepObjectMatches(val,ctx[key]))return false}else{if(ctx[key]!==val)return false}}return true}#singleConditionMatches(conditionEntry,ctx){if(typeof conditionEntry==="function"){try{return!!conditionEntry(ctx)}catch{return false}}return this.#deepObjectMatches(conditionEntry,ctx)}#conditionMatches(entry,runtimeContext){if(entry.condition==null)return true;const ctx=runtimeContext??{};if(Array.isArray(entry.condition)){return entry.condition.some(c=>this.#singleConditionMatches(c,ctx))}return this.#singleConditionMatches(entry.condition,ctx)}#evaluate(callerPath,targetPath,runtimeContext=null){const matches=[];for(const entry of this.#rules.values()){const callerMatcher=this.#getCompiledPattern(entry.caller);const targetMatcher=this.#getCompiledPattern(entry.target);if(callerMatcher(callerPath)&&targetMatcher(targetPath)){matches.push(entry)}}const hasConditionalRules=matches.some(m=>m.condition!=null);const conditioned=matches.filter(entry=>this.#conditionMatches(entry,runtimeContext));if(conditioned.length===0){const allowed2=this.#defaultPolicy==="allow";return{allowed:allowed2,event:"permission:default",payload:{caller:callerPath,target:targetPath,policy:this.#defaultPolicy},hasConditionalRules}}conditioned.sort((a,b)=>{const specA=this.#computeSpecificity(a,callerPath,targetPath);const specB=this.#computeSpecificity(b,callerPath,targetPath);if(specA!==specB)return specB-specA;return a.registeredAt-b.registeredAt});const highestSpec=this.#computeSpecificity(conditioned[0],callerPath,targetPath);const topTier=conditioned.filter(m=>this.#computeSpecificity(m,callerPath,targetPath)===highestSpec);const winner=topTier[topTier.length-1];const allowed=winner.effect==="allow";return{allowed,event:allowed?"permission:allowed":"permission:denied",payload:{caller:callerPath,target:targetPath,rule:this.#serializeRule(winner),conditionMatched:winner.condition!=null},hasConditionalRules}}#computeSpecificity(entry,callerPath,targetPath){return this.#patternSpecificity(entry.caller,callerPath)+this.#patternSpecificity(entry.target,targetPath)}#patternSpecificity(pattern,_path){if(!pattern.includes("*")&&!pattern.includes("?")&&!pattern.includes("{")){return 3}if(pattern.includes("**")){return 1}return 2}#getCompiledPattern(pattern){let matcher=this.#compiledCache.get(pattern);if(!matcher){matcher=compilePattern(pattern);this.#compiledCache.set(pattern,matcher)}return matcher}#clearCache(){this.#resolvedCache.clear()}#emitAuditEvent(event,payload){this.debug("permissions",{key:event==="permission:denied"?"DEBUG_PERMISSION_DENIED":event==="permission:allowed"?"DEBUG_PERMISSION_ALLOWED":event==="permission:self-bypass"?"DEBUG_PERMISSION_SELF_BYPASS":"DEBUG_PERMISSION_DEFAULT",...payload});const alwaysEmit=event==="permission:denied"||event==="permission:self-bypass";if(!alwaysEmit&&this.#audit!=="verbose")return;const lifecycle=this.slothlet.handlers?.lifecycle;if(lifecycle){lifecycle.emit(event,{...payload,timestamp:Date.now()})}}#serializeRule(entry){return{id:entry.id,caller:entry.caller,target:entry.target,effect:entry.effect,condition:entry.condition??null,ownerModuleID:entry.ownerModuleID,registeredAt:entry.registeredAt}}debug(category,data){this.slothlet.debug(category,data)}}export{PermissionManager};