@cullet/erp-core 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/KIT_CONTEXT.md +39 -0
- package/README.md +110 -0
- package/dist/errors/index.d.ts +2 -0
- package/dist/errors/index.js +3 -0
- package/dist/exceptions/validation-field.d.ts +2 -0
- package/dist/exceptions/validation-field.js +2 -0
- package/dist/gate-engine-registry.js +260 -0
- package/dist/gate-engine-registry.js.map +1 -0
- package/dist/gate-types.d.ts +307 -0
- package/dist/gate-v1-payload.schema.js +677 -0
- package/dist/gate-v1-payload.schema.js.map +1 -0
- package/dist/index.d.ts +88 -0
- package/dist/index.js +153 -0
- package/dist/index.js.map +1 -0
- package/dist/outcome.js +92 -0
- package/dist/outcome.js.map +1 -0
- package/dist/parse-gate-payload.d.ts +136 -0
- package/dist/policies/engines/index.d.ts +3 -0
- package/dist/policies/engines/index.js +2 -0
- package/dist/policies/engines/v1/gate/index.d.ts +115 -0
- package/dist/policies/engines/v1/gate/index.js +84 -0
- package/dist/policies/engines/v1/gate/index.js.map +1 -0
- package/dist/policies/index.d.ts +4 -0
- package/dist/policies/index.js +5 -0
- package/dist/policy-service.d.ts +541 -0
- package/dist/policy-service.js +992 -0
- package/dist/policy-service.js.map +1 -0
- package/dist/validation-code.js +210 -0
- package/dist/validation-code.js.map +1 -0
- package/dist/validation-error.d.ts +686 -0
- package/dist/validation-error.js +757 -0
- package/dist/validation-error.js.map +1 -0
- package/dist/validation-field.d.ts +12 -0
- package/dist/validation-field.js +23 -0
- package/dist/validation-field.js.map +1 -0
- package/meta.json +66 -0
- package/package.json +59 -0
- package/src/core/application/commands/command.ts +28 -0
- package/src/core/application/commands/index.ts +2 -0
- package/src/core/application/commands/requested-by.ts +97 -0
- package/src/core/application/index.ts +31 -0
- package/src/core/application/policy-error-mapper.ts +60 -0
- package/src/core/application/ports/index.ts +14 -0
- package/src/core/application/ports/logger.port.ts +10 -0
- package/src/core/application/ports/metrics.port.ts +9 -0
- package/src/core/application/ports/policy-port.ts +20 -0
- package/src/core/application/ports/repository.port.ts +7 -0
- package/src/core/application/ports/temporal-repository.port.ts +14 -0
- package/src/core/application/ports/tracer.port.ts +16 -0
- package/src/core/application/queries/index.ts +2 -0
- package/src/core/application/queries/query.ts +53 -0
- package/src/core/application/temporal/index.ts +11 -0
- package/src/core/application/temporal/temporal-context.ts +41 -0
- package/src/core/application/temporal/temporal-use-case.ts +41 -0
- package/src/core/application/use-case.ts +24 -0
- package/src/core/config/core-config.instance.ts +14 -0
- package/src/core/config/core-config.ts +87 -0
- package/src/core/config/index.ts +12 -0
- package/src/core/config/policy-reporter.ts +60 -0
- package/src/core/config/silent-policy-reporter.ts +5 -0
- package/src/core/domain/entity.ts +69 -0
- package/src/core/domain/rulesets/entity-ruleset.contracts.ts +16 -0
- package/src/core/domain/rulesets/ruleset-registry.ts +71 -0
- package/src/core/domain/rulesets/ruleset.contracts.ts +15 -0
- package/src/core/domain/rulesets/value-object-ruleset.contracts.ts +13 -0
- package/src/core/domain/temporal/index.ts +18 -0
- package/src/core/domain/temporal/temporal-range.ts +53 -0
- package/src/core/domain/temporal/temporal-snapshot.ts +47 -0
- package/src/core/domain/temporal/transaction-time.ts +60 -0
- package/src/core/domain/temporal/valid-time.ts +57 -0
- package/src/core/domain/value-object.ts +30 -0
- package/src/core/errors/app-error.ts +85 -0
- package/src/core/errors/authentication-error.ts +171 -0
- package/src/core/errors/authorization-error.ts +204 -0
- package/src/core/errors/business-rule-violation-error.ts +28 -0
- package/src/core/errors/conflict-error.ts +246 -0
- package/src/core/errors/error-codes.ts +60 -0
- package/src/core/errors/idempotency-error.ts +372 -0
- package/src/core/errors/index.ts +99 -0
- package/src/core/errors/integration-error.ts +157 -0
- package/src/core/errors/legacy-incompatible-error.ts +26 -0
- package/src/core/errors/not-found-error.ts +27 -0
- package/src/core/errors/serialization-error.ts +233 -0
- package/src/core/errors/temporal-error.ts +145 -0
- package/src/core/errors/types.ts +74 -0
- package/src/core/errors/unexpected-error.ts +22 -0
- package/src/core/errors/utils/index.ts +4 -0
- package/src/core/errors/utils/json-safe.ts +93 -0
- package/src/core/errors/validation-error.ts +34 -0
- package/src/core/exceptions/business-rule-violation-exception.ts +12 -0
- package/src/core/exceptions/domain-exception.ts +9 -0
- package/src/core/exceptions/entity-not-found-exception.ts +12 -0
- package/src/core/exceptions/invalid-state-transition-exception.ts +15 -0
- package/src/core/exceptions/invariant-violation-exception.ts +9 -0
- package/src/core/exceptions/validation-code.ts +39 -0
- package/src/core/exceptions/validation-exception.ts +39 -0
- package/src/core/exceptions/validation-field.ts +32 -0
- package/src/core/index.ts +15 -0
- package/src/core/policies/asof/asof.ts +68 -0
- package/src/core/policies/asof/index.ts +2 -0
- package/src/core/policies/catalog/catalog-types.ts +12 -0
- package/src/core/policies/catalog/catalog.instance.ts +21 -0
- package/src/core/policies/catalog/index.ts +11 -0
- package/src/core/policies/catalog/policy-catalog-entry.ts +220 -0
- package/src/core/policies/catalog/policy-catalog.ts +124 -0
- package/src/core/policies/catalog/policy-key.ts +78 -0
- package/src/core/policies/context/context-builder.ts +391 -0
- package/src/core/policies/context/context-registry.instance.ts +26 -0
- package/src/core/policies/context/context-registry.ts +95 -0
- package/src/core/policies/context/context-resolver.ts +31 -0
- package/src/core/policies/context/context-seed.ts +32 -0
- package/src/core/policies/context/index.ts +21 -0
- package/src/core/policies/context/path.ts +152 -0
- package/src/core/policies/defs/in-memory-policy-definition-repo.ts +73 -0
- package/src/core/policies/defs/index.ts +20 -0
- package/src/core/policies/defs/policy-definition-repository.ts +8 -0
- package/src/core/policies/defs/policy-definition.ts +192 -0
- package/src/core/policies/defs/policy-payload.contracts.ts +13 -0
- package/src/core/policies/defs/policy-scope.ts +53 -0
- package/src/core/policies/defs/policy-semver.ts +83 -0
- package/src/core/policies/engines/compute-engine-registry.ts +57 -0
- package/src/core/policies/engines/compute-evaluator-registry.ts +28 -0
- package/src/core/policies/engines/compute-payload.ts +5 -0
- package/src/core/policies/engines/compute-registry.ts +67 -0
- package/src/core/policies/engines/compute-types.ts +51 -0
- package/src/core/policies/engines/condition-evaluator-reporter.ts +34 -0
- package/src/core/policies/engines/gate-engine-registry.ts +38 -0
- package/src/core/policies/engines/gate-payload.ts +5 -0
- package/src/core/policies/engines/gate-types.ts +63 -0
- package/src/core/policies/engines/index.ts +48 -0
- package/src/core/policies/engines/parse-compute-payload.ts +71 -0
- package/src/core/policies/engines/parse-gate-payload.ts +68 -0
- package/src/core/policies/engines/v1/compute/compute-engine-v1.ts +55 -0
- package/src/core/policies/engines/v1/compute/compute-payload.schema.ts +75 -0
- package/src/core/policies/engines/v1/compute/index.ts +12 -0
- package/src/core/policies/engines/v1/compute/resolve-decision-table-v1.ts +54 -0
- package/src/core/policies/engines/v1/condition-evaluator.ts +592 -0
- package/src/core/policies/engines/v1/condition-schema.ts +50 -0
- package/src/core/policies/engines/v1/condition-types.ts +41 -0
- package/src/core/policies/engines/v1/gate/gate-engine-v1.ts +157 -0
- package/src/core/policies/engines/v1/gate/gate-types-v1.ts +12 -0
- package/src/core/policies/engines/v1/gate/gate-v1-payload.schema.ts +46 -0
- package/src/core/policies/engines/v1/gate/index.ts +9 -0
- package/src/core/policies/engines/v1/index.ts +13 -0
- package/src/core/policies/index.ts +132 -0
- package/src/core/policies/package/policy-package.ts +17 -0
- package/src/core/policies/policy-ids.ts +60 -0
- package/src/core/policies/resolver/index.ts +1 -0
- package/src/core/policies/resolver/policy-resolver.ts +57 -0
- package/src/core/policies/service/index.ts +10 -0
- package/src/core/policies/service/policy-evaluation-error.ts +148 -0
- package/src/core/policies/service/policy-service.ts +493 -0
- package/src/core/policies/utils/date.ts +7 -0
- package/src/core/policies/utils/hash.ts +90 -0
- package/src/core/policies/utils/index.ts +3 -0
- package/src/core/policies/utils/result.ts +4 -0
- package/src/core/result/outcome.ts +158 -0
- package/src/core/result/result.ts +153 -0
- package/src/core/shared/aggregate-version.ts +11 -0
- package/src/core/shared/hashing.ts +38 -0
- package/src/core/shared/immutable.ts +46 -0
- package/src/core/shared/temporal-guards.ts +22 -0
- package/src/core/versioning/domain-event-contracts.ts +73 -0
- package/src/core/versioning/version.ts +34 -0
- package/src/errors/index.ts +1 -0
- package/src/examples/rulesets/entity/order-creation-rules-v1.ts +31 -0
- package/src/examples/rulesets/entity/order-invariants-v1.ts +48 -0
- package/src/examples/rulesets/entity/order-invariants-v2.ts +28 -0
- package/src/examples/rulesets/entity/order.ts +162 -0
- package/src/examples/rulesets/value-object/cpf-rules-v1.ts +52 -0
- package/src/examples/rulesets/value-object/cpf-rules-v2.ts +27 -0
- package/src/examples/rulesets/value-object/cpf.ts +37 -0
- package/src/examples/rulesets/value-object/customer.ts +67 -0
- package/src/examples/rulesets/value-object/person-name-rules-v1.ts +37 -0
- package/src/examples/rulesets/value-object/person-name-rules-v2.ts +27 -0
- package/src/examples/rulesets/value-object/person-name.ts +39 -0
- package/src/exceptions/validation-field.ts +1 -0
- package/src/index.ts +11 -0
- package/src/policies/engines/index.ts +1 -0
- package/src/policies/engines/v1/gate/index.ts +1 -0
- package/src/policies/index.ts +1 -0
- package/src/version.ts +7 -0
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
import { A as ConditionEvaluationReport, M as ConditionEvaluationReportTag, N as ConditionEvaluatorReporter, O as ConditionEvaluationCause, a as GateTraceNodeSnapshot, c as PolicyViolation, d as GatePayloadV1, i as GateTraceLeafSnapshot, j as ConditionEvaluationReportLevel, k as ConditionEvaluationOptions, l as VersionedGateEngine, n as GateOutcomeData, o as GateViolationTrace, r as GateStatus, s as PolicyContext, t as GateOutcome, u as GatePayload } from "../../gate-types.js";
|
|
2
|
+
import { _ as ComputePayload, a as ComputePayloadParserRegistry, b as ComputeParamsPayload, c as ComputeRegistry, d as ComputeEvaluator, f as ComputeEvaluatorRegistration, g as VersionedComputeEngine, h as ComputeStatus, i as ComputePayloadParser, l as ComputeEngineRegistry, m as ComputeOutcomeData, n as GatePayloadParserRegistry, o as ComputePayloadParsers, p as ComputeOutcome, r as GatePayloadParsers, s as GateEngineRegistry, t as GatePayloadParser, u as ComputeEvaluatorRegistry, v as ComputeDecisionTablePayload, x as ComputePayloadV1, y as ComputeDecisionTableRule } from "../../parse-gate-payload.js";
|
|
3
|
+
export { ComputeDecisionTablePayload, ComputeDecisionTableRule, ComputeEngineRegistry, ComputeEvaluator, ComputeEvaluatorRegistration, ComputeEvaluatorRegistry, ComputeOutcome, ComputeOutcomeData, ComputeParamsPayload, ComputePayload, ComputePayloadParser, ComputePayloadParserRegistry, ComputePayloadParsers, ComputePayloadV1, ComputeRegistry, ComputeStatus, ConditionEvaluationCause, ConditionEvaluationOptions, ConditionEvaluationReport, ConditionEvaluationReportLevel, ConditionEvaluationReportTag, ConditionEvaluatorReporter, GateEngineRegistry, GateOutcome, GateOutcomeData, GatePayload, GatePayloadParser, GatePayloadParserRegistry, GatePayloadParsers, GatePayloadV1, GateStatus, GateTraceLeafSnapshot, GateTraceNodeSnapshot, GateViolationTrace, PolicyContext, PolicyViolation, VersionedComputeEngine, VersionedGateEngine };
|
|
@@ -0,0 +1,2 @@
|
|
|
1
|
+
import { a as ComputeEvaluatorRegistry, c as ComputePayloadParsers, i as ComputeRegistry, n as GatePayloadParserRegistry, o as ComputeEngineRegistry, r as GatePayloadParsers, s as ComputePayloadParserRegistry, t as GateEngineRegistry } from "../../gate-engine-registry.js";
|
|
2
|
+
export { ComputeEngineRegistry, ComputeEvaluatorRegistry, ComputePayloadParserRegistry, ComputePayloadParsers, ComputeRegistry, GateEngineRegistry, GatePayloadParserRegistry, GatePayloadParsers };
|
|
@@ -0,0 +1,115 @@
|
|
|
1
|
+
import { I as Result, d as GatePayloadV1, f as ConditionLeafNode, g as CoreConfig, k as ConditionEvaluationOptions, l as VersionedGateEngine, p as ConditionNode, s as PolicyContext, t as GateOutcome, u as GatePayload } from "../../../../gate-types.js";
|
|
2
|
+
import { z } from "zod";
|
|
3
|
+
|
|
4
|
+
//#region src/core/policies/engines/v1/condition-evaluator.d.ts
|
|
5
|
+
interface ConditionEvaluationTrace {
|
|
6
|
+
readonly conditionPath: string;
|
|
7
|
+
readonly decisiveNode: ConditionNode;
|
|
8
|
+
readonly lastEvaluatedLeaf: ConditionLeafNode;
|
|
9
|
+
readonly lastEvaluatedLeafPath: string;
|
|
10
|
+
readonly lastEvaluatedLeafResult: boolean;
|
|
11
|
+
}
|
|
12
|
+
interface TracedConditionEvaluation {
|
|
13
|
+
readonly matched: boolean;
|
|
14
|
+
readonly trace: ConditionEvaluationTrace;
|
|
15
|
+
}
|
|
16
|
+
declare class ConditionEvaluatorV1 {
|
|
17
|
+
private readonly context;
|
|
18
|
+
private readonly options;
|
|
19
|
+
constructor(context: PolicyContext, options: ConditionEvaluationOptions);
|
|
20
|
+
private static isLeafNode;
|
|
21
|
+
private static isAndNode;
|
|
22
|
+
private static isOrNode;
|
|
23
|
+
private static isNotNode;
|
|
24
|
+
private static isRelationalOperator;
|
|
25
|
+
private static describeError;
|
|
26
|
+
private static buildNullishNumericOperandMessage;
|
|
27
|
+
private static buildNullishDateOperandMessage;
|
|
28
|
+
private static buildInvalidDateOperandMessage;
|
|
29
|
+
private static buildEmptyOrConditionMessage;
|
|
30
|
+
private static parseComparableDate;
|
|
31
|
+
private static evaluateRelationalNumbers;
|
|
32
|
+
private buildReport;
|
|
33
|
+
private conditionEvalErr;
|
|
34
|
+
private reportDateOperandError;
|
|
35
|
+
private evaluateDateRelationalNode;
|
|
36
|
+
private evaluateOperator;
|
|
37
|
+
private evaluateNumericRelationalNode;
|
|
38
|
+
private evaluateLeafNode;
|
|
39
|
+
private buildTrace;
|
|
40
|
+
private evaluateWithTraceInternal;
|
|
41
|
+
evaluate(node: ConditionNode): Result<boolean, string>;
|
|
42
|
+
evaluateWithTrace(node: ConditionNode): Result<TracedConditionEvaluation, string>;
|
|
43
|
+
static extractFields(node: ConditionNode): string[];
|
|
44
|
+
}
|
|
45
|
+
//#endregion
|
|
46
|
+
//#region src/core/policies/engines/v1/gate/gate-engine-v1.d.ts
|
|
47
|
+
declare class GateEngineV1 implements VersionedGateEngine {
|
|
48
|
+
readonly version = 1;
|
|
49
|
+
private readonly coreConfig;
|
|
50
|
+
constructor(params?: {
|
|
51
|
+
readonly coreConfig?: CoreConfig;
|
|
52
|
+
});
|
|
53
|
+
private allow;
|
|
54
|
+
private deny;
|
|
55
|
+
private outcomeFromStatus;
|
|
56
|
+
private isLeafNode;
|
|
57
|
+
private toLeafSnapshot;
|
|
58
|
+
private toNodeSnapshot;
|
|
59
|
+
private buildDenyViolation;
|
|
60
|
+
private normalizePayload;
|
|
61
|
+
/**
|
|
62
|
+
* Evaluates a GATE payload against a context object.
|
|
63
|
+
* Pure function — no side effects.
|
|
64
|
+
*
|
|
65
|
+
* Receives an already-parsed `GatePayload`; the registry is responsible
|
|
66
|
+
* for parsing from raw `unknown` before calling this method.
|
|
67
|
+
* Returns Result for technical failures (condition evaluation errors).
|
|
68
|
+
* The Outcome inside carries the business decision (ALLOW/DENY).
|
|
69
|
+
*/
|
|
70
|
+
evaluate(payload: GatePayload, context: PolicyContext): Result<GateOutcome, string>;
|
|
71
|
+
}
|
|
72
|
+
//#endregion
|
|
73
|
+
//#region src/core/policies/engines/v1/condition-schema.d.ts
|
|
74
|
+
declare const conditionLeafNodeSchema: z.ZodType<ConditionLeafNode>;
|
|
75
|
+
declare const conditionNodeSchema: z.ZodType<ConditionNode>;
|
|
76
|
+
//#endregion
|
|
77
|
+
//#region src/core/policies/engines/v1/gate/gate-v1-payload.schema.d.ts
|
|
78
|
+
declare class GatePayloadSchemaV1 {
|
|
79
|
+
static readonly schema: z.ZodUnion<[z.ZodObject<{
|
|
80
|
+
condition: z.ZodType<ConditionNode, z.ZodTypeDef, ConditionNode>;
|
|
81
|
+
}, "strict", z.ZodTypeAny, {
|
|
82
|
+
condition: ConditionNode;
|
|
83
|
+
}, {
|
|
84
|
+
condition: ConditionNode;
|
|
85
|
+
}>, z.ZodObject<{
|
|
86
|
+
allowIf: z.ZodType<ConditionNode, z.ZodTypeDef, ConditionNode>;
|
|
87
|
+
defaultOutcome: z.ZodEnum<["ALLOW", "DENY"]>;
|
|
88
|
+
}, "strict", z.ZodTypeAny, {
|
|
89
|
+
allowIf: ConditionNode;
|
|
90
|
+
defaultOutcome: "ALLOW" | "DENY";
|
|
91
|
+
}, {
|
|
92
|
+
allowIf: ConditionNode;
|
|
93
|
+
defaultOutcome: "ALLOW" | "DENY";
|
|
94
|
+
}>]>;
|
|
95
|
+
static parse(payload: unknown): Result<GatePayloadV1, string>;
|
|
96
|
+
}
|
|
97
|
+
declare const gatePayloadSchema: z.ZodUnion<[z.ZodObject<{
|
|
98
|
+
condition: z.ZodType<ConditionNode, z.ZodTypeDef, ConditionNode>;
|
|
99
|
+
}, "strict", z.ZodTypeAny, {
|
|
100
|
+
condition: ConditionNode;
|
|
101
|
+
}, {
|
|
102
|
+
condition: ConditionNode;
|
|
103
|
+
}>, z.ZodObject<{
|
|
104
|
+
allowIf: z.ZodType<ConditionNode, z.ZodTypeDef, ConditionNode>;
|
|
105
|
+
defaultOutcome: z.ZodEnum<["ALLOW", "DENY"]>;
|
|
106
|
+
}, "strict", z.ZodTypeAny, {
|
|
107
|
+
allowIf: ConditionNode;
|
|
108
|
+
defaultOutcome: "ALLOW" | "DENY";
|
|
109
|
+
}, {
|
|
110
|
+
allowIf: ConditionNode;
|
|
111
|
+
defaultOutcome: "ALLOW" | "DENY";
|
|
112
|
+
}>]>;
|
|
113
|
+
//#endregion
|
|
114
|
+
export { ConditionEvaluatorV1, GateEngineV1, GatePayloadSchemaV1, GatePayloadV1, conditionLeafNodeSchema, conditionNodeSchema, gatePayloadSchema };
|
|
115
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
import { a as conditionNodeSchema, i as conditionLeafNodeSchema, l as Result, n as gatePayloadSchema, r as ConditionEvaluatorV1, t as GatePayloadSchemaV1, u as coreConfig } from "../../../../gate-v1-payload.schema.js";
|
|
2
|
+
import { t as Outcome } from "../../../../outcome.js";
|
|
3
|
+
//#region src/core/policies/engines/v1/gate/gate-engine-v1.ts
|
|
4
|
+
var GateEngineV1 = class {
|
|
5
|
+
constructor(params = {}) {
|
|
6
|
+
this.version = 1;
|
|
7
|
+
this.coreConfig = params.coreConfig ?? coreConfig;
|
|
8
|
+
}
|
|
9
|
+
allow() {
|
|
10
|
+
return Result.ok(Outcome.of("ALLOW", { violations: [] }));
|
|
11
|
+
}
|
|
12
|
+
deny(violation) {
|
|
13
|
+
return Result.ok(Outcome.of("DENY", { violations: [violation] }));
|
|
14
|
+
}
|
|
15
|
+
outcomeFromStatus(status, violation) {
|
|
16
|
+
return status === "ALLOW" ? this.allow() : this.deny(violation);
|
|
17
|
+
}
|
|
18
|
+
isLeafNode(node) {
|
|
19
|
+
return "field" in node && "op" in node;
|
|
20
|
+
}
|
|
21
|
+
toLeafSnapshot(node) {
|
|
22
|
+
return {
|
|
23
|
+
kind: "LEAF",
|
|
24
|
+
field: node.field,
|
|
25
|
+
op: node.op,
|
|
26
|
+
...node.allowNull === true ? { allowNull: true } : {}
|
|
27
|
+
};
|
|
28
|
+
}
|
|
29
|
+
toNodeSnapshot(node) {
|
|
30
|
+
if (this.isLeafNode(node)) return this.toLeafSnapshot(node);
|
|
31
|
+
if ("and" in node) return {
|
|
32
|
+
kind: "AND",
|
|
33
|
+
childCount: node.and.length
|
|
34
|
+
};
|
|
35
|
+
if ("or" in node) return {
|
|
36
|
+
kind: "OR",
|
|
37
|
+
childCount: node.or.length
|
|
38
|
+
};
|
|
39
|
+
return { kind: "NOT" };
|
|
40
|
+
}
|
|
41
|
+
buildDenyViolation(conditionResult) {
|
|
42
|
+
return {
|
|
43
|
+
code: "DENY_CONDITION_MET",
|
|
44
|
+
message: `Gate denied at ${conditionResult.trace.conditionPath}`,
|
|
45
|
+
trace: {
|
|
46
|
+
conditionPath: conditionResult.trace.conditionPath,
|
|
47
|
+
decisiveNode: this.toNodeSnapshot(conditionResult.trace.decisiveNode),
|
|
48
|
+
lastEvaluatedLeaf: this.toLeafSnapshot(conditionResult.trace.lastEvaluatedLeaf),
|
|
49
|
+
lastEvaluatedLeafPath: conditionResult.trace.lastEvaluatedLeafPath,
|
|
50
|
+
lastEvaluatedLeafResult: conditionResult.trace.lastEvaluatedLeafResult,
|
|
51
|
+
field: conditionResult.trace.lastEvaluatedLeaf.field,
|
|
52
|
+
op: conditionResult.trace.lastEvaluatedLeaf.op
|
|
53
|
+
}
|
|
54
|
+
};
|
|
55
|
+
}
|
|
56
|
+
normalizePayload(payload) {
|
|
57
|
+
if ("condition" in payload) return {
|
|
58
|
+
allowIf: payload.condition,
|
|
59
|
+
defaultOutcome: "DENY"
|
|
60
|
+
};
|
|
61
|
+
return payload;
|
|
62
|
+
}
|
|
63
|
+
/**
|
|
64
|
+
* Evaluates a GATE payload against a context object.
|
|
65
|
+
* Pure function — no side effects.
|
|
66
|
+
*
|
|
67
|
+
* Receives an already-parsed `GatePayload`; the registry is responsible
|
|
68
|
+
* for parsing from raw `unknown` before calling this method.
|
|
69
|
+
* Returns Result for technical failures (condition evaluation errors).
|
|
70
|
+
* The Outcome inside carries the business decision (ALLOW/DENY).
|
|
71
|
+
*/
|
|
72
|
+
evaluate(payload, context) {
|
|
73
|
+
const gatePayload = this.normalizePayload(payload);
|
|
74
|
+
const isAllowedResult = new ConditionEvaluatorV1(context, this.coreConfig.getConditionEvaluationOptions(this.version)).evaluateWithTrace(gatePayload.allowIf);
|
|
75
|
+
if (isAllowedResult.isErr()) return Result.err(isAllowedResult.errorOrNull());
|
|
76
|
+
const isAllowed = isAllowedResult.getOrNull();
|
|
77
|
+
if (isAllowed.matched) return this.allow();
|
|
78
|
+
return this.outcomeFromStatus(gatePayload.defaultOutcome, this.buildDenyViolation(isAllowed));
|
|
79
|
+
}
|
|
80
|
+
};
|
|
81
|
+
//#endregion
|
|
82
|
+
export { ConditionEvaluatorV1, GateEngineV1, GatePayloadSchemaV1, conditionLeafNodeSchema, conditionNodeSchema, gatePayloadSchema };
|
|
83
|
+
|
|
84
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","names":[],"sources":["../../../../../src/core/policies/engines/v1/gate/gate-engine-v1.ts"],"sourcesContent":["import { type CoreConfig, coreConfig } from \"../../../../config\";\nimport { Outcome } from \"../../../../result/outcome\";\nimport { Result } from \"../../../../result/result\";\n\nimport {\n ConditionEvaluatorV1,\n type TracedConditionEvaluation,\n} from \"../condition-evaluator\";\nimport type { ConditionLeafNode, ConditionNode } from \"../condition-types\";\nimport type { GatePayload } from \"../../gate-payload\";\nimport type {\n GateOutcome,\n GateStatus,\n GateTraceLeafSnapshot,\n GateTraceNodeSnapshot,\n PolicyContext,\n PolicyViolation,\n VersionedGateEngine,\n} from \"../../gate-types\";\n\n// ─── Gate engine v1 ─────────────────────────────────────────────────────────\n\nexport class GateEngineV1 implements VersionedGateEngine {\n public readonly version = 1;\n private readonly coreConfig: CoreConfig;\n\n constructor(params: { readonly coreConfig?: CoreConfig } = {}) {\n this.coreConfig = params.coreConfig ?? coreConfig;\n }\n\n private allow(): Result<GateOutcome, string> {\n return Result.ok(Outcome.of(\"ALLOW\", { violations: [] }));\n }\n\n private deny(violation: PolicyViolation): Result<GateOutcome, string> {\n return Result.ok(\n Outcome.of(\"DENY\", {\n violations: [violation],\n }),\n );\n }\n\n private outcomeFromStatus(\n status: GateStatus,\n violation: PolicyViolation,\n ): Result<GateOutcome, string> {\n return status === \"ALLOW\" ? this.allow() : this.deny(violation);\n }\n\n private isLeafNode(node: ConditionNode): node is ConditionLeafNode {\n return \"field\" in node && \"op\" in node;\n }\n\n private toLeafSnapshot(node: ConditionLeafNode): GateTraceLeafSnapshot {\n return {\n kind: \"LEAF\",\n field: node.field,\n op: node.op,\n ...(node.allowNull === true ? { allowNull: true } : {}),\n };\n }\n\n private toNodeSnapshot(node: ConditionNode): GateTraceNodeSnapshot {\n if (this.isLeafNode(node)) {\n return this.toLeafSnapshot(node);\n }\n\n if (\"and\" in node) {\n return {\n kind: \"AND\",\n childCount: node.and.length,\n };\n }\n\n if (\"or\" in node) {\n return {\n kind: \"OR\",\n childCount: node.or.length,\n };\n }\n\n return {\n kind: \"NOT\",\n };\n }\n\n private buildDenyViolation(\n conditionResult: TracedConditionEvaluation,\n ): PolicyViolation {\n return {\n code: \"DENY_CONDITION_MET\",\n message: `Gate denied at ${conditionResult.trace.conditionPath}`,\n trace: {\n conditionPath: conditionResult.trace.conditionPath,\n decisiveNode: this.toNodeSnapshot(conditionResult.trace.decisiveNode),\n lastEvaluatedLeaf: this.toLeafSnapshot(\n conditionResult.trace.lastEvaluatedLeaf,\n ),\n lastEvaluatedLeafPath: conditionResult.trace.lastEvaluatedLeafPath,\n lastEvaluatedLeafResult: conditionResult.trace.lastEvaluatedLeafResult,\n field: conditionResult.trace.lastEvaluatedLeaf.field,\n op: conditionResult.trace.lastEvaluatedLeaf.op,\n },\n };\n }\n\n private normalizePayload(payload: GatePayload): {\n readonly allowIf: ConditionNode;\n readonly defaultOutcome: \"ALLOW\" | \"DENY\";\n } {\n if (\"condition\" in payload) {\n return {\n allowIf: payload.condition,\n defaultOutcome: \"DENY\",\n };\n }\n\n return payload;\n }\n\n /**\n * Evaluates a GATE payload against a context object.\n * Pure function — no side effects.\n *\n * Receives an already-parsed `GatePayload`; the registry is responsible\n * for parsing from raw `unknown` before calling this method.\n * Returns Result for technical failures (condition evaluation errors).\n * The Outcome inside carries the business decision (ALLOW/DENY).\n */\n evaluate(\n payload: GatePayload,\n context: PolicyContext,\n ): Result<GateOutcome, string> {\n const gatePayload = this.normalizePayload(payload);\n const conditionEvaluator = new ConditionEvaluatorV1(\n context,\n this.coreConfig.getConditionEvaluationOptions(this.version),\n );\n\n const isAllowedResult = conditionEvaluator.evaluateWithTrace(\n gatePayload.allowIf,\n );\n if (isAllowedResult.isErr()) {\n return Result.err(isAllowedResult.errorOrNull()!);\n }\n\n const isAllowed = isAllowedResult.getOrNull()!;\n if (isAllowed.matched) {\n return this.allow();\n }\n\n return this.outcomeFromStatus(\n gatePayload.defaultOutcome,\n this.buildDenyViolation(isAllowed),\n );\n }\n}\n"],"mappings":";;;AAsBA,IAAa,eAAb,MAAyD;CAIvD,YAAY,SAA+C,CAAC,GAAG;iBAHrC;EAIxB,KAAK,aAAa,OAAO,cAAc;CACzC;CAEA,QAA6C;EAC3C,OAAO,OAAO,GAAG,QAAQ,GAAG,SAAS,EAAE,YAAY,CAAC,EAAE,CAAC,CAAC;CAC1D;CAEA,KAAa,WAAyD;EACpE,OAAO,OAAO,GACZ,QAAQ,GAAG,QAAQ,EACjB,YAAY,CAAC,SAAS,EACxB,CAAC,CACH;CACF;CAEA,kBACE,QACA,WAC6B;EAC7B,OAAO,WAAW,UAAU,KAAK,MAAM,IAAI,KAAK,KAAK,SAAS;CAChE;CAEA,WAAmB,MAAgD;EACjE,OAAO,WAAW,QAAQ,QAAQ;CACpC;CAEA,eAAuB,MAAgD;EACrE,OAAO;GACL,MAAM;GACN,OAAO,KAAK;GACZ,IAAI,KAAK;GACT,GAAI,KAAK,cAAc,OAAO,EAAE,WAAW,KAAK,IAAI,CAAC;EACvD;CACF;CAEA,eAAuB,MAA4C;EACjE,IAAI,KAAK,WAAW,IAAI,GACtB,OAAO,KAAK,eAAe,IAAI;EAGjC,IAAI,SAAS,MACX,OAAO;GACL,MAAM;GACN,YAAY,KAAK,IAAI;EACvB;EAGF,IAAI,QAAQ,MACV,OAAO;GACL,MAAM;GACN,YAAY,KAAK,GAAG;EACtB;EAGF,OAAO,EACL,MAAM,MACR;CACF;CAEA,mBACE,iBACiB;EACjB,OAAO;GACL,MAAM;GACN,SAAS,kBAAkB,gBAAgB,MAAM;GACjD,OAAO;IACL,eAAe,gBAAgB,MAAM;IACrC,cAAc,KAAK,eAAe,gBAAgB,MAAM,YAAY;IACpE,mBAAmB,KAAK,eACtB,gBAAgB,MAAM,iBACxB;IACA,uBAAuB,gBAAgB,MAAM;IAC7C,yBAAyB,gBAAgB,MAAM;IAC/C,OAAO,gBAAgB,MAAM,kBAAkB;IAC/C,IAAI,gBAAgB,MAAM,kBAAkB;GAC9C;EACF;CACF;CAEA,iBAAyB,SAGvB;EACA,IAAI,eAAe,SACjB,OAAO;GACL,SAAS,QAAQ;GACjB,gBAAgB;EAClB;EAGF,OAAO;CACT;;;;;;;;;;CAWA,SACE,SACA,SAC6B;EAC7B,MAAM,cAAc,KAAK,iBAAiB,OAAO;EAMjD,MAAM,kBAAkB,IALO,qBAC7B,SACA,KAAK,WAAW,8BAA8B,KAAK,OAAO,CAGnB,EAAE,kBACzC,YAAY,OACd;EACA,IAAI,gBAAgB,MAAM,GACxB,OAAO,OAAO,IAAI,gBAAgB,YAAY,CAAE;EAGlD,MAAM,YAAY,gBAAgB,UAAU;EAC5C,IAAI,UAAU,SACZ,OAAO,KAAK,MAAM;EAGpB,OAAO,KAAK,kBACV,YAAY,gBACZ,KAAK,mBAAmB,SAAS,CACnC;CACF;AACF"}
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
import { A as ConditionEvaluationReport, C as TenantId, D as asTenantId, E as asSchoolId, F as Ok, I as Result, M as ConditionEvaluationReportTag, N as ConditionEvaluatorReporter, O as ConditionEvaluationCause, P as Err, S as SchoolId, T as asPolicyDefinitionId, _ as CoreConfigOptions, a as GateTraceNodeSnapshot, b as PolicyDecisionId, c as PolicyViolation, g as CoreConfig, h as Outcome, i as GateTraceLeafSnapshot, j as ConditionEvaluationReportLevel, k as ConditionEvaluationOptions, l as VersionedGateEngine, m as CommonOutcomeStatus, n as GateOutcomeData, o as GateViolationTrace, r as GateStatus, s as PolicyContext, t as GateOutcome, u as GatePayload, v as CoreObservabilityConfig, w as asPolicyDecisionId, x as PolicyDefinitionId } from "../gate-types.js";
|
|
2
|
+
import { A as FindCandidatesParams, B as PolicyKey, C as ContextSeed, D as InMemoryPolicyDefinitionRepository, E as PolicyPackage, F as PolicyScope, G as PolicyHashing, H as PolicyKind, I as PolicyScopeMatcher, K as coreConfig, L as ScopeChain, M as PolicyDefinition, N as PolicyDefinitionProps, O as BasePolicyDefinitionProps, P as PolicyDefinitionStatus, R as PolicyCatalog, S as ContextValueResolver, T as PolicyCatalogFactory, U as PolicyOwner, V as AsOfSource, W as PolicyScopeLevel, _ as ContextResolverRegistry, a as PolicyServiceOptions, b as ContextResolverResilienceOptions, c as PolicyEvaluationErrors, d as PolicyAsOfResolver, f as PolicyContextPath, g as PolicyContextBuilderOptions, h as PolicyContextBuilder, i as PolicyService, j as GatePolicyDefinitionProps, k as ComputePolicyDefinitionProps, l as PolicyResolver, m as registerNamespacedContextResolvers, n as PolicyDecision, o as PolicyServiceParams, p as contextResolverRegistry, r as PolicyEvaluationResult, s as PolicyEvaluationError, t as EvaluateInput, u as DeriveAsOfOptions, v as registerNamespacedContextResolversIn, w as ContextSeedValidator, x as ContextResolverRetryOptions, y as ContextResolverCircuitBreakerOptions, z as PolicyCatalogEntryProps } from "../policy-service.js";
|
|
3
|
+
import { a as ComputePayloadParserRegistry, c as ComputeRegistry, d as ComputeEvaluator, f as ComputeEvaluatorRegistration, g as VersionedComputeEngine, h as ComputeStatus, l as ComputeEngineRegistry, m as ComputeOutcomeData, o as ComputePayloadParsers, p as ComputeOutcome, r as GatePayloadParsers, s as GateEngineRegistry, u as ComputeEvaluatorRegistry } from "../parse-gate-payload.js";
|
|
4
|
+
export { AsOfSource, BasePolicyDefinitionProps, CommonOutcomeStatus, ComputeEngineRegistry, ComputeEvaluator, ComputeEvaluatorRegistration, ComputeEvaluatorRegistry, ComputeOutcome, ComputeOutcomeData, ComputePayloadParserRegistry, ComputePayloadParsers, ComputePolicyDefinitionProps, ComputeRegistry, ComputeStatus, ConditionEvaluationCause, ConditionEvaluationOptions, ConditionEvaluationReport, ConditionEvaluationReportLevel, ConditionEvaluationReportTag, ConditionEvaluatorReporter, ContextResolverCircuitBreakerOptions, ContextResolverRegistry, ContextResolverResilienceOptions, ContextResolverRetryOptions, ContextSeed, ContextSeedValidator, ContextValueResolver, CoreConfig, CoreConfigOptions, CoreObservabilityConfig, DeriveAsOfOptions, Err, EvaluateInput, FindCandidatesParams, GateEngineRegistry, GateOutcome, GateOutcomeData, GatePayload, GatePayloadParsers, GatePolicyDefinitionProps, GateStatus, GateTraceLeafSnapshot, GateTraceNodeSnapshot, GateViolationTrace, InMemoryPolicyDefinitionRepository, Ok, Outcome, PolicyAsOfResolver, PolicyCatalog, PolicyCatalogEntryProps, PolicyCatalogFactory, PolicyContext, PolicyContextBuilder, PolicyContextBuilderOptions, PolicyContextPath, PolicyDecision, PolicyDecisionId, PolicyDefinition, PolicyDefinitionId, PolicyDefinitionProps, PolicyDefinitionStatus, PolicyEvaluationError, PolicyEvaluationErrors, PolicyEvaluationResult, PolicyHashing, PolicyKey, PolicyKind, PolicyOwner, PolicyPackage, PolicyResolver, PolicyScope, PolicyScopeLevel, PolicyScopeMatcher, PolicyService, PolicyServiceOptions, PolicyServiceParams, PolicyViolation, Result, SchoolId, ScopeChain, TenantId, VersionedComputeEngine, VersionedGateEngine, asPolicyDecisionId, asPolicyDefinitionId, asSchoolId, asTenantId, contextResolverRegistry, coreConfig, registerNamespacedContextResolvers, registerNamespacedContextResolversIn };
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import { c as Ok, d as CoreConfig, l as Result, o as PolicyContextPath, s as Err, u as coreConfig } from "../gate-v1-payload.schema.js";
|
|
2
|
+
import { t as Outcome } from "../outcome.js";
|
|
3
|
+
import { _ as asPolicyDecisionId, a as ContextSeedValidator, b as asTenantId, c as ContextResolverRegistry, d as PolicyDefinition, f as InMemoryPolicyDefinitionRepository, g as PolicyCatalog, h as PolicyCatalogFactory, i as PolicyAsOfResolver, l as registerNamespacedContextResolversIn, m as PolicyKey, n as PolicyEvaluationErrors, o as contextResolverRegistry, p as PolicyScopeMatcher, r as PolicyResolver, s as registerNamespacedContextResolvers, t as PolicyService, u as PolicyContextBuilder, v as asPolicyDefinitionId, x as PolicyHashing, y as asSchoolId } from "../policy-service.js";
|
|
4
|
+
import { a as ComputeEvaluatorRegistry, c as ComputePayloadParsers, i as ComputeRegistry, o as ComputeEngineRegistry, r as GatePayloadParsers, s as ComputePayloadParserRegistry, t as GateEngineRegistry } from "../gate-engine-registry.js";
|
|
5
|
+
export { ComputeEngineRegistry, ComputeEvaluatorRegistry, ComputePayloadParserRegistry, ComputePayloadParsers, ComputeRegistry, ContextResolverRegistry, ContextSeedValidator, CoreConfig, Err, GateEngineRegistry, GatePayloadParsers, InMemoryPolicyDefinitionRepository, Ok, Outcome, PolicyAsOfResolver, PolicyCatalog, PolicyCatalogFactory, PolicyContextBuilder, PolicyContextPath, PolicyDefinition, PolicyEvaluationErrors, PolicyHashing, PolicyKey, PolicyResolver, PolicyScopeMatcher, PolicyService, Result, asPolicyDecisionId, asPolicyDefinitionId, asSchoolId, asTenantId, contextResolverRegistry, coreConfig, registerNamespacedContextResolvers, registerNamespacedContextResolversIn };
|