npm - @cloud-copilot/iam-policy - Versions diffs - 0.1.87 → 0.1.88 - Mend

@cloud-copilot/iam-policy 0.1.87 → 0.1.88

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/dist/cjs/index.d.ts +1 -0
package/dist/cjs/index.d.ts.map +1 -1
package/dist/cjs/index.js +4 -1
package/dist/cjs/index.js.map +1 -1
package/dist/cjs/parser.d.ts +6 -2
package/dist/cjs/parser.d.ts.map +1 -1
package/dist/cjs/parser.js +10 -2
package/dist/cjs/parser.js.map +1 -1
package/dist/cjs/validatedPolicy.d.ts +40 -0
package/dist/cjs/validatedPolicy.d.ts.map +1 -0
package/dist/cjs/validatedPolicy.js +30 -0
package/dist/cjs/validatedPolicy.js.map +1 -0
package/dist/esm/index.d.ts +1 -0
package/dist/esm/index.d.ts.map +1 -1
package/dist/esm/index.js +1 -0
package/dist/esm/index.js.map +1 -1
package/dist/esm/parser.d.ts +6 -2
package/dist/esm/parser.d.ts.map +1 -1
package/dist/esm/parser.js +10 -2
package/dist/esm/parser.js.map +1 -1
package/dist/esm/validatedPolicy.d.ts +40 -0
package/dist/esm/validatedPolicy.d.ts.map +1 -0
package/dist/esm/validatedPolicy.js +26 -0
package/dist/esm/validatedPolicy.js.map +1 -0
package/package.json +1 -1

package/dist/cjs/index.d.ts CHANGED Viewed

@@ -7,6 +7,7 @@ export type { AccountPrincipal, AwsPrincipal, CanonicalUserPrincipal, FederatedP
 export type { Resource, ArnResource } from './resources/resource.js';
 export type { ActionStatement, NotActionStatement, NotPrincipalStatement, NotResourceStatement, PrincipalStatement, ResourceStatement, Statement } from './statements/statement.js';
 export { lintPolicy } from './lint/lint.js';
+export { createValidatedPolicy, isValidatedPolicy, type ValidatedPolicy } from './validatedPolicy.js';
 export { validatePolicySyntax, type ValidationError } from './validate/validate.js';
 export { validateEndpointPolicy, validateIdentityPolicy, validateResourceControlPolicy, validateResourcePolicy, validateServiceControlPolicy, validateSessionPolicy, validateTrustPolicy } from './validate/validateTypes.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/cjs/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAC5F,YAAY,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAClD,YAAY,EACV,gBAAgB,EAChB,YAAY,EACZ,sBAAsB,EACtB,kBAAkB,EAClB,SAAS,EACT,aAAa,EACb,gBAAgB,EAChB,iBAAiB,EAClB,MAAM,2BAA2B,CAAA;AAClC,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACpE,YAAY,EACV,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACV,MAAM,2BAA2B,CAAA;AAClC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAC3C,OAAO,EAAE,oBAAoB,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAA;AACnF,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAC5B,qBAAqB,EACrB,mBAAmB,EACpB,MAAM,6BAA6B,CAAA"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAC5F,YAAY,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAClD,YAAY,EACV,gBAAgB,EAChB,YAAY,EACZ,sBAAsB,EACtB,kBAAkB,EAClB,SAAS,EACT,aAAa,EACb,gBAAgB,EAChB,iBAAiB,EAClB,MAAM,2BAA2B,CAAA;AAClC,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACpE,YAAY,EACV,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACV,MAAM,2BAA2B,CAAA;AAClC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAC3C,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,KAAK,eAAe,EACrB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,oBAAoB,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAA;AACnF,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAC5B,qBAAqB,EACrB,mBAAmB,EACpB,MAAM,6BAA6B,CAAA"}

package/dist/cjs/index.js CHANGED Viewed

@@ -1,10 +1,13 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.validateTrustPolicy = exports.validateSessionPolicy = exports.validateServiceControlPolicy = exports.validateResourcePolicy = exports.validateResourceControlPolicy = exports.validateIdentityPolicy = exports.validateEndpointPolicy = exports.validatePolicySyntax = exports.lintPolicy = exports.loadPolicy = void 0;
+exports.validateTrustPolicy = exports.validateSessionPolicy = exports.validateServiceControlPolicy = exports.validateResourcePolicy = exports.validateResourceControlPolicy = exports.validateIdentityPolicy = exports.validateEndpointPolicy = exports.validatePolicySyntax = exports.isValidatedPolicy = exports.createValidatedPolicy = exports.lintPolicy = exports.loadPolicy = void 0;
 var parser_js_1 = require("./parser.js");
 Object.defineProperty(exports, "loadPolicy", { enumerable: true, get: function () { return parser_js_1.loadPolicy; } });
 var lint_js_1 = require("./lint/lint.js");
 Object.defineProperty(exports, "lintPolicy", { enumerable: true, get: function () { return lint_js_1.lintPolicy; } });
+var validatedPolicy_js_1 = require("./validatedPolicy.js");
+Object.defineProperty(exports, "createValidatedPolicy", { enumerable: true, get: function () { return validatedPolicy_js_1.createValidatedPolicy; } });
+Object.defineProperty(exports, "isValidatedPolicy", { enumerable: true, get: function () { return validatedPolicy_js_1.isValidatedPolicy; } });
 var validate_js_1 = require("./validate/validate.js");
 Object.defineProperty(exports, "validatePolicySyntax", { enumerable: true, get: function () { return validate_js_1.validatePolicySyntax; } });
 var validateTypes_js_1 = require("./validate/validateTypes.js");

package/dist/cjs/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAGA,yCAAwC;AAA/B,uGAAA,UAAU,OAAA;AAsBnB,0CAA2C;AAAlC,qGAAA,UAAU,OAAA;AACnB,sDAAmF;AAA1E,mHAAA,oBAAoB,OAAA;AAC7B,gEAQoC;AAPlC,0HAAA,sBAAsB,OAAA;AACtB,0HAAA,sBAAsB,OAAA;AACtB,iIAAA,6BAA6B,OAAA;AAC7B,0HAAA,sBAAsB,OAAA;AACtB,gIAAA,4BAA4B,OAAA;AAC5B,yHAAA,qBAAqB,OAAA;AACrB,uHAAA,mBAAmB,OAAA"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAGA,yCAAwC;AAA/B,uGAAA,UAAU,OAAA;AAsBnB,0CAA2C;AAAlC,qGAAA,UAAU,OAAA;AACnB,2DAI6B;AAH3B,2HAAA,qBAAqB,OAAA;AACrB,uHAAA,iBAAiB,OAAA;AAGnB,sDAAmF;AAA1E,mHAAA,oBAAoB,OAAA;AAC7B,gEAQoC;AAPlC,0HAAA,sBAAsB,OAAA;AACtB,0HAAA,sBAAsB,OAAA;AACtB,iIAAA,6BAA6B,OAAA;AAC7B,0HAAA,sBAAsB,OAAA;AACtB,gIAAA,4BAA4B,OAAA;AAC5B,yHAAA,qBAAqB,OAAA;AACrB,uHAAA,mBAAmB,OAAA"}

package/dist/cjs/parser.d.ts CHANGED Viewed

@@ -1,8 +1,12 @@
 import { type Policy } from './policies/policy.js';
 /**
- * Load a Policy from a policy document
+ * Load a Policy from a policy document. If a {@link ValidatedPolicy} is passed,
+ * the raw document and metadata are extracted from it automatically. When both
+ * the ValidatedPolicy carries metadata and the caller supplies explicit metadata,
+ * the explicit metadata takes precedence.
  *
- * @param policyDocument the policy document JSON object
+ * @param policyDocument the policy document JSON object, or a ValidatedPolicy
+ * @param metadata optional metadata to attach to the loaded Policy
  * @returns the Policy object for the backing policy document
  */
 export declare function loadPolicy<T = undefined>(policyDocument: any, metadata?: T): Policy<T>;

package/dist/cjs/parser.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,MAAM,EAAc,MAAM,sBAAsB,CAAA;~~AAE9D;;;;;GAKG~~;AACH,wBAAgB,UAAU,CAAC,CAAC,GAAG,SAAS,EAAE,cAAc,EAAE,GAAG,EAAE,QAAQ,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,~~CAEtF~~"}
1	+ {"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,MAAM,EAAc,MAAM,sBAAsB,CAAA;AAG9D;;;;;;;;;GASG;AACH,wBAAgB,UAAU,CAAC,CAAC,GAAG,SAAS,EAAE,cAAc,EAAE,GAAG,EAAE,QAAQ,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAKtF"}

package/dist/cjs/parser.js CHANGED Viewed

@@ -2,13 +2,21 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.loadPolicy = loadPolicy;
 const policy_js_1 = require("./policies/policy.js");
+const validatedPolicy_js_1 = require("./validatedPolicy.js");
 /**
- * Load a Policy from a policy document
+ * Load a Policy from a policy document. If a {@link ValidatedPolicy} is passed,
+ * the raw document and metadata are extracted from it automatically. When both
+ * the ValidatedPolicy carries metadata and the caller supplies explicit metadata,
+ * the explicit metadata takes precedence.
  *
- * @param policyDocument the policy document JSON object
+ * @param policyDocument the policy document JSON object, or a ValidatedPolicy
+ * @param metadata optional metadata to attach to the loaded Policy
  * @returns the Policy object for the backing policy document
  */
 function loadPolicy(policyDocument, metadata) {
+    if ((0, validatedPolicy_js_1.isValidatedPolicy)(policyDocument)) {
+        return new policy_js_1.PolicyImpl(policyDocument.policyDocument, metadata ?? policyDocument.metadata);
+    }
     return new policy_js_1.PolicyImpl(policyDocument, metadata);
 }
 //# sourceMappingURL=parser.js.map

package/dist/cjs/parser.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"parser.js","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":";;~~AAQA~~,~~gCAEC~~;~~AAVD~~,oDAA8D;~~AAE9D;;;;;GAKG~~;AACH,SAAgB,UAAU,CAAgB,cAAmB,EAAE,QAAY;IACzE,OAAO,IAAI,sBAAU,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAA;AACjD,CAAC"}
1	+ {"version":3,"file":"parser.js","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":";;AAaA,gCAKC;AAlBD,oDAA8D;AAC9D,6DAAwD;AAExD;;;;;;;;;GASG;AACH,SAAgB,UAAU,CAAgB,cAAmB,EAAE,QAAY;IACzE,IAAI,IAAA,sCAAiB,EAAC,cAAc,CAAC,EAAE,CAAC;QACtC,OAAO,IAAI,sBAAU,CAAC,cAAc,CAAC,cAAc,EAAE,QAAQ,IAAI,cAAc,CAAC,QAAQ,CAAC,CAAA;IAC3F,CAAC;IACD,OAAO,IAAI,sBAAU,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAA;AACjD,CAAC"}

package/dist/cjs/validatedPolicy.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import type { ValidationError } from './validate/validate.js';
+/**
+ * A policy document that has been validated. Carries the raw policy document,
+ * optional metadata, and the validation result so that downstream consumers
+ * can skip re-validation.
+ *
+ * Every field is a plain value — no class instances — so the entire object
+ * survives JSON serialization (e.g. through SharedArrayBuffer) unchanged.
+ */
+export interface ValidatedPolicy<T = undefined> {
+    /** Discriminant for runtime detection via {@link isValidatedPolicy}. */
+    readonly __validated: true;
+    /** The raw policy JSON document. */
+    readonly policyDocument: any;
+    /** Optional metadata carried through to {@link loadPolicy} (e.g. `{ name: string }` for error reporting). */
+    readonly metadata?: T;
+    /** Validation errors. An empty array means the policy is valid. */
+    readonly errors: readonly ValidationError[];
+}
+/**
+ * Validates a policy document using the provided validation function and
+ * bundles the result with the raw document and optional metadata.
+ *
+ * The caller chooses the validation function, so this factory is agnostic
+ * to the policy type (identity, SCP, RCP, resource, trust, endpoint, etc.).
+ *
+ * @param policyDocument the raw policy JSON document
+ * @param validateFn a validation function that returns an array of errors (empty if valid)
+ * @param metadata optional metadata to carry with the validated policy
+ * @returns a ValidatedPolicy containing the raw document, metadata, and validation errors
+ */
+export declare function createValidatedPolicy<T = undefined>(policyDocument: any, validateFn: (policy: any) => ValidationError[], metadata?: T): ValidatedPolicy<T>;
+/**
+ * Type guard that checks whether a value is a {@link ValidatedPolicy}.
+ *
+ * @param value the value to check
+ * @returns true if the value is a ValidatedPolicy
+ */
+export declare function isValidatedPolicy(value: any): value is ValidatedPolicy;
+//# sourceMappingURL=validatedPolicy.d.ts.map

package/dist/cjs/validatedPolicy.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"validatedPolicy.d.ts","sourceRoot":"","sources":["../../src/validatedPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAE7D;;;;;;;GAOG;AACH,MAAM,WAAW,eAAe,CAAC,CAAC,GAAG,SAAS;IAC5C,wEAAwE;IACxE,QAAQ,CAAC,WAAW,EAAE,IAAI,CAAA;IAE1B,oCAAoC;IACpC,QAAQ,CAAC,cAAc,EAAE,GAAG,CAAA;IAE5B,6GAA6G;IAC7G,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;IAErB,mEAAmE;IACnE,QAAQ,CAAC,MAAM,EAAE,SAAS,eAAe,EAAE,CAAA;CAC5C;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,qBAAqB,CAAC,CAAC,GAAG,SAAS,EACjD,cAAc,EAAE,GAAG,EACnB,UAAU,EAAE,CAAC,MAAM,EAAE,GAAG,KAAK,eAAe,EAAE,EAC9C,QAAQ,CAAC,EAAE,CAAC,GACX,eAAe,CAAC,CAAC,CAAC,CAGpB;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,GAAG,GAAG,KAAK,IAAI,eAAe,CAEtE"}

package/dist/cjs/validatedPolicy.js ADDED Viewed

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createValidatedPolicy = createValidatedPolicy;
+exports.isValidatedPolicy = isValidatedPolicy;
+/**
+ * Validates a policy document using the provided validation function and
+ * bundles the result with the raw document and optional metadata.
+ *
+ * The caller chooses the validation function, so this factory is agnostic
+ * to the policy type (identity, SCP, RCP, resource, trust, endpoint, etc.).
+ *
+ * @param policyDocument the raw policy JSON document
+ * @param validateFn a validation function that returns an array of errors (empty if valid)
+ * @param metadata optional metadata to carry with the validated policy
+ * @returns a ValidatedPolicy containing the raw document, metadata, and validation errors
+ */
+function createValidatedPolicy(policyDocument, validateFn, metadata) {
+    const errors = validateFn(policyDocument);
+    return { __validated: true, policyDocument, metadata, errors };
+}
+/**
+ * Type guard that checks whether a value is a {@link ValidatedPolicy}.
+ *
+ * @param value the value to check
+ * @returns true if the value is a ValidatedPolicy
+ */
+function isValidatedPolicy(value) {
+    return !!value && value.__validated === true;
+}
+//# sourceMappingURL=validatedPolicy.js.map

package/dist/cjs/validatedPolicy.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"validatedPolicy.js","sourceRoot":"","sources":["../../src/validatedPolicy.ts"],"names":[],"mappings":";;AAoCA,sDAOC;AAQD,8CAEC;AA7BD;;;;;;;;;;;GAWG;AACH,SAAgB,qBAAqB,CACnC,cAAmB,EACnB,UAA8C,EAC9C,QAAY;IAEZ,MAAM,MAAM,GAAG,UAAU,CAAC,cAAc,CAAC,CAAA;IACzC,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAA;AAChE,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,KAAU;IAC1C,OAAO,CAAC,CAAC,KAAK,IAAI,KAAK,CAAC,WAAW,KAAK,IAAI,CAAA;AAC9C,CAAC"}

package/dist/esm/index.d.ts CHANGED Viewed

@@ -7,6 +7,7 @@ export type { AccountPrincipal, AwsPrincipal, CanonicalUserPrincipal, FederatedP
 export type { Resource, ArnResource } from './resources/resource.js';
 export type { ActionStatement, NotActionStatement, NotPrincipalStatement, NotResourceStatement, PrincipalStatement, ResourceStatement, Statement } from './statements/statement.js';
 export { lintPolicy } from './lint/lint.js';
+export { createValidatedPolicy, isValidatedPolicy, type ValidatedPolicy } from './validatedPolicy.js';
 export { validatePolicySyntax, type ValidationError } from './validate/validate.js';
 export { validateEndpointPolicy, validateIdentityPolicy, validateResourceControlPolicy, validateResourcePolicy, validateServiceControlPolicy, validateSessionPolicy, validateTrustPolicy } from './validate/validateTypes.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/esm/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAC5F,YAAY,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAClD,YAAY,EACV,gBAAgB,EAChB,YAAY,EACZ,sBAAsB,EACtB,kBAAkB,EAClB,SAAS,EACT,aAAa,EACb,gBAAgB,EAChB,iBAAiB,EAClB,MAAM,2BAA2B,CAAA;AAClC,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACpE,YAAY,EACV,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACV,MAAM,2BAA2B,CAAA;AAClC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAC3C,OAAO,EAAE,oBAAoB,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAA;AACnF,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAC5B,qBAAqB,EACrB,mBAAmB,EACpB,MAAM,6BAA6B,CAAA"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAC5F,YAAY,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAClD,YAAY,EACV,gBAAgB,EAChB,YAAY,EACZ,sBAAsB,EACtB,kBAAkB,EAClB,SAAS,EACT,aAAa,EACb,gBAAgB,EAChB,iBAAiB,EAClB,MAAM,2BAA2B,CAAA;AAClC,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AACpE,YAAY,EACV,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACV,MAAM,2BAA2B,CAAA;AAClC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAC3C,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,KAAK,eAAe,EACrB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,oBAAoB,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAA;AACnF,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAC5B,qBAAqB,EACrB,mBAAmB,EACpB,MAAM,6BAA6B,CAAA"}

package/dist/esm/index.js CHANGED Viewed

@@ -1,5 +1,6 @@
 export { loadPolicy } from './parser.js';
 export { lintPolicy } from './lint/lint.js';
+export { createValidatedPolicy, isValidatedPolicy } from './validatedPolicy.js';
 export { validatePolicySyntax } from './validate/validate.js';
 export { validateEndpointPolicy, validateIdentityPolicy, validateResourceControlPolicy, validateResourcePolicy, validateServiceControlPolicy, validateSessionPolicy, validateTrustPolicy } from './validate/validateTypes.js';
 //# sourceMappingURL=index.js.map

package/dist/esm/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAsBxC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAC3C,OAAO,EAAE,oBAAoB,EAAwB,MAAM,wBAAwB,CAAA;AACnF,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAC5B,qBAAqB,EACrB,mBAAmB,EACpB,MAAM,6BAA6B,CAAA"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAsBxC,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAC3C,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EAElB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,oBAAoB,EAAwB,MAAM,wBAAwB,CAAA;AACnF,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAC5B,qBAAqB,EACrB,mBAAmB,EACpB,MAAM,6BAA6B,CAAA"}

package/dist/esm/parser.d.ts CHANGED Viewed

@@ -1,8 +1,12 @@
 import { type Policy } from './policies/policy.js';
 /**
- * Load a Policy from a policy document
+ * Load a Policy from a policy document. If a {@link ValidatedPolicy} is passed,
+ * the raw document and metadata are extracted from it automatically. When both
+ * the ValidatedPolicy carries metadata and the caller supplies explicit metadata,
+ * the explicit metadata takes precedence.
  *
- * @param policyDocument the policy document JSON object
+ * @param policyDocument the policy document JSON object, or a ValidatedPolicy
+ * @param metadata optional metadata to attach to the loaded Policy
  * @returns the Policy object for the backing policy document
  */
 export declare function loadPolicy<T = undefined>(policyDocument: any, metadata?: T): Policy<T>;

package/dist/esm/parser.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,MAAM,EAAc,MAAM,sBAAsB,CAAA;~~AAE9D;;;;;GAKG~~;AACH,wBAAgB,UAAU,CAAC,CAAC,GAAG,SAAS,EAAE,cAAc,EAAE,GAAG,EAAE,QAAQ,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,~~CAEtF~~"}
1	+ {"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,MAAM,EAAc,MAAM,sBAAsB,CAAA;AAG9D;;;;;;;;;GASG;AACH,wBAAgB,UAAU,CAAC,CAAC,GAAG,SAAS,EAAE,cAAc,EAAE,GAAG,EAAE,QAAQ,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAKtF"}

package/dist/esm/parser.js CHANGED Viewed

@@ -1,11 +1,19 @@
 import { PolicyImpl } from './policies/policy.js';
+import { isValidatedPolicy } from './validatedPolicy.js';
 /**
- * Load a Policy from a policy document
+ * Load a Policy from a policy document. If a {@link ValidatedPolicy} is passed,
+ * the raw document and metadata are extracted from it automatically. When both
+ * the ValidatedPolicy carries metadata and the caller supplies explicit metadata,
+ * the explicit metadata takes precedence.
  *
- * @param policyDocument the policy document JSON object
+ * @param policyDocument the policy document JSON object, or a ValidatedPolicy
+ * @param metadata optional metadata to attach to the loaded Policy
  * @returns the Policy object for the backing policy document
  */
 export function loadPolicy(policyDocument, metadata) {
+    if (isValidatedPolicy(policyDocument)) {
+        return new PolicyImpl(policyDocument.policyDocument, metadata ?? policyDocument.metadata);
+    }
     return new PolicyImpl(policyDocument, metadata);
 }
 //# sourceMappingURL=parser.js.map

package/dist/esm/parser.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"parser.js","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,UAAU,EAAE,MAAM,sBAAsB,CAAA;~~AAE9D;;;;;GAKG~~;AACH,MAAM,UAAU,UAAU,CAAgB,cAAmB,EAAE,QAAY;IACzE,OAAO,IAAI,UAAU,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAA;AACjD,CAAC"}
1	+ {"version":3,"file":"parser.js","sourceRoot":"","sources":["../../src/parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,UAAU,EAAE,MAAM,sBAAsB,CAAA;AAC9D,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AAExD;;;;;;;;;GASG;AACH,MAAM,UAAU,UAAU,CAAgB,cAAmB,EAAE,QAAY;IACzE,IAAI,iBAAiB,CAAC,cAAc,CAAC,EAAE,CAAC;QACtC,OAAO,IAAI,UAAU,CAAC,cAAc,CAAC,cAAc,EAAE,QAAQ,IAAI,cAAc,CAAC,QAAQ,CAAC,CAAA;IAC3F,CAAC;IACD,OAAO,IAAI,UAAU,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAA;AACjD,CAAC"}

package/dist/esm/validatedPolicy.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import type { ValidationError } from './validate/validate.js';
+/**
+ * A policy document that has been validated. Carries the raw policy document,
+ * optional metadata, and the validation result so that downstream consumers
+ * can skip re-validation.
+ *
+ * Every field is a plain value — no class instances — so the entire object
+ * survives JSON serialization (e.g. through SharedArrayBuffer) unchanged.
+ */
+export interface ValidatedPolicy<T = undefined> {
+    /** Discriminant for runtime detection via {@link isValidatedPolicy}. */
+    readonly __validated: true;
+    /** The raw policy JSON document. */
+    readonly policyDocument: any;
+    /** Optional metadata carried through to {@link loadPolicy} (e.g. `{ name: string }` for error reporting). */
+    readonly metadata?: T;
+    /** Validation errors. An empty array means the policy is valid. */
+    readonly errors: readonly ValidationError[];
+}
+/**
+ * Validates a policy document using the provided validation function and
+ * bundles the result with the raw document and optional metadata.
+ *
+ * The caller chooses the validation function, so this factory is agnostic
+ * to the policy type (identity, SCP, RCP, resource, trust, endpoint, etc.).
+ *
+ * @param policyDocument the raw policy JSON document
+ * @param validateFn a validation function that returns an array of errors (empty if valid)
+ * @param metadata optional metadata to carry with the validated policy
+ * @returns a ValidatedPolicy containing the raw document, metadata, and validation errors
+ */
+export declare function createValidatedPolicy<T = undefined>(policyDocument: any, validateFn: (policy: any) => ValidationError[], metadata?: T): ValidatedPolicy<T>;
+/**
+ * Type guard that checks whether a value is a {@link ValidatedPolicy}.
+ *
+ * @param value the value to check
+ * @returns true if the value is a ValidatedPolicy
+ */
+export declare function isValidatedPolicy(value: any): value is ValidatedPolicy;
+//# sourceMappingURL=validatedPolicy.d.ts.map

package/dist/esm/validatedPolicy.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

package/dist/esm/validatedPolicy.js ADDED Viewed

@@ -0,0 +1,26 @@
+/**
+ * Validates a policy document using the provided validation function and
+ * bundles the result with the raw document and optional metadata.
+ *
+ * The caller chooses the validation function, so this factory is agnostic
+ * to the policy type (identity, SCP, RCP, resource, trust, endpoint, etc.).
+ *
+ * @param policyDocument the raw policy JSON document
+ * @param validateFn a validation function that returns an array of errors (empty if valid)
+ * @param metadata optional metadata to carry with the validated policy
+ * @returns a ValidatedPolicy containing the raw document, metadata, and validation errors
+ */
+export function createValidatedPolicy(policyDocument, validateFn, metadata) {
+    const errors = validateFn(policyDocument);
+    return { __validated: true, policyDocument, metadata, errors };
+}
+/**
+ * Type guard that checks whether a value is a {@link ValidatedPolicy}.
+ *
+ * @param value the value to check
+ * @returns true if the value is a ValidatedPolicy
+ */
+export function isValidatedPolicy(value) {
+    return !!value && value.__validated === true;
+}
+//# sourceMappingURL=validatedPolicy.js.map

package/dist/esm/validatedPolicy.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"validatedPolicy.js","sourceRoot":"","sources":["../../src/validatedPolicy.ts"],"names":[],"mappings":"AAwBA;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,qBAAqB,CACnC,cAAmB,EACnB,UAA8C,EAC9C,QAAY;IAEZ,MAAM,MAAM,GAAG,UAAU,CAAC,cAAc,CAAC,CAAA;IACzC,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAA;AAChE,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAU;IAC1C,OAAO,CAAC,CAAC,KAAK,IAAI,KAAK,CAAC,WAAW,KAAK,IAAI,CAAA;AAC9C,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cloud-copilot/iam-policy",
-  "version": "0.1.87",
+  "version": "0.1.88",
   "description": "An ORM for AWS IAM policies",
   "repository": {
     "type": "git",