@cloud-copilot/iam-lens 0.1.12 → 0.1.14

package/dist/esm/canWhat/permission.d.ts

@@ -0,0 +1,54 @@
+export type PermissionEffect = 'Allow' | 'Deny';
+export type PermissionConditions = Record<string, Record<string, string[]>>;
+/**
+ * An immutable representation of a single permission for a specific action.
+ *
+ * This will eventually have methods like "merge with another permission",
+ * "check if overlaps with another permission", "subtract a deny permission",
+ * etc and those will all return a new Permission instance.
+ */
+export declare class Permission {
+    readonly effect: PermissionEffect;
+    readonly service: string;
+    readonly action: string;
+    readonly resource: string[] | undefined;
+    readonly notResource: string[] | undefined;
+    readonly conditions: Record<string, Record<string, string[]>> | undefined;
+    constructor(effect: PermissionEffect, service: string, action: string, resource: string[] | undefined, notResource: string[] | undefined, conditions: Record<string, Record<string, string[]>> | undefined);
+    /**
+     * Returns true if this Permission completely includes the other Permission.
+     * Only supports merging of "Allow" permissions (same effect, service, action).
+     */
+    includes(other: Permission): boolean;
+    /**
+     * Returns the union of this Permission with another.
+     * If one includes the other, return the including Permission.
+     * Otherwise, attempt to merge conditions and resource/notResource.
+     * If merge yields a single Permission, return it; else return both.
+     */
+    union(other: Permission): Permission[];
+    /**
+     * Returns the intersection of this Permission with another.
+     * Always returns exactly one Permission. If there is no overlap,
+     * returns undefined.
+     */
+    intersection(other: Permission): Permission | undefined;
+    /**
+     * Subtract a Deny permission from this Allow permission.
+     * Returns an array of resulting Allow permissions (may be empty if fully denied).
+     */
+    subtract(other: Permission): Permission[];
+}
+/**
+ * Returns a new PermissionConditions object with all operator and context keys lowercased.
+ */
+export declare function normalizeConditionKeys(conds: PermissionConditions): PermissionConditions;
+/**
+ * Invert a set of IAM condition clauses for Deny → allow inversion.
+ * Preserves ForAllValues:/ForAnyValue: prefixes and IfExists suffixes.
+ *
+ * @param conds the condition clauses to invert
+ * @return a new set of inverted conditions
+ */
+export declare function invertConditions(conds: Record<string, Record<string, string[]>>): Record<string, Record<string, string[]>>;
+//# sourceMappingURL=permission.d.ts.map

package/dist/esm/canWhat/permission.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission.d.ts","sourceRoot":"","sources":["../../../src/canWhat/permission.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,gBAAgB,GAAG,OAAO,GAAG,MAAM,CAAA;AAE/C,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAA;AAU3E;;;;;;GAMG;AACH,qBAAa,UAAU;aAEH,MAAM,EAAE,gBAAgB;aACxB,OAAO,EAAE,MAAM;aACf,MAAM,EAAE,MAAM;aACd,QAAQ,EAAE,MAAM,EAAE,GAAG,SAAS;aAC9B,WAAW,EAAE,MAAM,EAAE,GAAG,SAAS;aACjC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,GAAG,SAAS;gBALhE,MAAM,EAAE,gBAAgB,EACxB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAAE,GAAG,SAAS,EAC9B,WAAW,EAAE,MAAM,EAAE,GAAG,SAAS,EACjC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,GAAG,SAAS;IASlF;;;OAGG;IACI,QAAQ,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO;IAyH3C;;;;;OAKG;IACI,KAAK,CAAC,KAAK,EAAE,UAAU,GAAG,UAAU,EAAE;IAiE7C;;;;OAIG;IACI,YAAY,CAAC,KAAK,EAAE,UAAU,GAAG,UAAU,GAAG,SAAS;IAkL9D;;;OAGG;IACI,QAAQ,CAAC,KAAK,EAAE,UAAU,GAAG,UAAU,EAAE;CA6HjD;AAmKD;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,oBAAoB,GAAG,oBAAoB,CAWxF;AA+BD;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,GAC9C,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAqB1C"}