@cullet/erp-core 1.0.1 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +24 -24
- package/dist/gate-engine-registry.js.map +1 -1
- package/dist/gate-v1-payload.schema.js.map +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/outcome.js.map +1 -1
- package/dist/policies/engines/v1/gate/index.js.map +1 -1
- package/dist/policy-service.js.map +1 -1
- package/dist/validation-code.js.map +1 -1
- package/dist/validation-error.js.map +1 -1
- package/dist/validation-field.js.map +1 -1
- package/meta.json +67 -62
- package/package.json +56 -56
- package/src/core/application/commands/command.ts +3 -3
- package/src/core/application/commands/requested-by.ts +60 -60
- package/src/core/application/index.ts +21 -21
- package/src/core/application/policy-error-mapper.ts +54 -54
- package/src/core/application/ports/index.ts +6 -6
- package/src/core/application/ports/logger.port.ts +4 -4
- package/src/core/application/ports/metrics.port.ts +3 -3
- package/src/core/application/ports/policy-port.ts +7 -7
- package/src/core/application/ports/repository.port.ts +3 -3
- package/src/core/application/ports/temporal-repository.port.ts +4 -4
- package/src/core/application/ports/tracer.port.ts +7 -7
- package/src/core/application/queries/query.ts +13 -13
- package/src/core/application/temporal/index.ts +7 -7
- package/src/core/application/temporal/temporal-context.ts +20 -20
- package/src/core/application/temporal/temporal-use-case.ts +22 -22
- package/src/core/application/use-case.ts +10 -10
- package/src/core/config/core-config.instance.ts +1 -1
- package/src/core/config/core-config.ts +59 -59
- package/src/core/config/index.ts +6 -6
- package/src/core/config/policy-reporter.ts +31 -31
- package/src/core/config/silent-policy-reporter.ts +1 -1
- package/src/core/domain/entity.ts +44 -44
- package/src/core/domain/rulesets/entity-ruleset.contracts.ts +6 -6
- package/src/core/domain/rulesets/ruleset-registry.ts +49 -49
- package/src/core/domain/rulesets/ruleset.contracts.ts +6 -6
- package/src/core/domain/rulesets/value-object-ruleset.contracts.ts +5 -5
- package/src/core/domain/temporal/index.ts +11 -11
- package/src/core/domain/temporal/temporal-range.ts +16 -16
- package/src/core/domain/temporal/temporal-snapshot.ts +24 -24
- package/src/core/domain/temporal/transaction-time.ts +30 -30
- package/src/core/domain/temporal/valid-time.ts +29 -29
- package/src/core/domain/value-object.ts +16 -16
- package/src/core/errors/app-error.ts +64 -64
- package/src/core/errors/authentication-error.ts +134 -134
- package/src/core/errors/authorization-error.ts +154 -154
- package/src/core/errors/business-rule-violation-error.ts +15 -15
- package/src/core/errors/conflict-error.ts +202 -201
- package/src/core/errors/error-codes.ts +48 -48
- package/src/core/errors/idempotency-error.ts +324 -320
- package/src/core/errors/index.ts +50 -50
- package/src/core/errors/integration-error.ts +120 -120
- package/src/core/errors/legacy-incompatible-error.ts +13 -13
- package/src/core/errors/not-found-error.ts +14 -14
- package/src/core/errors/serialization-error.ts +167 -167
- package/src/core/errors/temporal-error.ts +109 -107
- package/src/core/errors/types.ts +35 -35
- package/src/core/errors/unexpected-error.ts +10 -10
- package/src/core/errors/utils/index.ts +2 -2
- package/src/core/errors/utils/json-safe.ts +53 -53
- package/src/core/errors/validation-error.ts +18 -18
- package/src/core/exceptions/business-rule-violation-exception.ts +6 -6
- package/src/core/exceptions/domain-exception.ts +5 -5
- package/src/core/exceptions/entity-not-found-exception.ts +6 -6
- package/src/core/exceptions/invalid-state-transition-exception.ts +8 -8
- package/src/core/exceptions/invariant-violation-exception.ts +3 -3
- package/src/core/exceptions/validation-code.ts +35 -29
- package/src/core/exceptions/validation-exception.ts +19 -19
- package/src/core/exceptions/validation-field.ts +20 -19
- package/src/core/index.ts +7 -7
- package/src/core/policies/asof/asof.ts +47 -47
- package/src/core/policies/catalog/catalog.instance.ts +8 -6
- package/src/core/policies/catalog/index.ts +4 -4
- package/src/core/policies/catalog/policy-catalog-entry.ts +199 -197
- package/src/core/policies/catalog/policy-catalog.ts +101 -101
- package/src/core/policies/catalog/policy-key.ts +51 -51
- package/src/core/policies/context/context-builder.ts +335 -313
- package/src/core/policies/context/context-registry.instance.ts +9 -9
- package/src/core/policies/context/context-registry.ts +61 -61
- package/src/core/policies/context/context-resolver.ts +12 -12
- package/src/core/policies/context/context-seed.ts +19 -15
- package/src/core/policies/context/index.ts +9 -9
- package/src/core/policies/context/path.ts +135 -128
- package/src/core/policies/defs/in-memory-policy-definition-repo.ts +56 -55
- package/src/core/policies/defs/index.ts +10 -10
- package/src/core/policies/defs/policy-definition-repository.ts +3 -3
- package/src/core/policies/defs/policy-definition.ts +143 -142
- package/src/core/policies/defs/policy-scope.ts +21 -19
- package/src/core/policies/defs/policy-semver.ts +51 -51
- package/src/core/policies/engines/compute-engine-registry.ts +43 -43
- package/src/core/policies/engines/compute-evaluator-registry.ts +20 -20
- package/src/core/policies/engines/compute-registry.ts +45 -45
- package/src/core/policies/engines/compute-types.ts +15 -15
- package/src/core/policies/engines/condition-evaluator-reporter.ts +17 -17
- package/src/core/policies/engines/gate-engine-registry.ts +27 -25
- package/src/core/policies/engines/gate-types.ts +28 -28
- package/src/core/policies/engines/index.ts +28 -28
- package/src/core/policies/engines/parse-compute-payload.ts +51 -45
- package/src/core/policies/engines/parse-gate-payload.ts +42 -42
- package/src/core/policies/engines/v1/compute/compute-engine-v1.ts +39 -37
- package/src/core/policies/engines/v1/compute/compute-payload.schema.ts +43 -41
- package/src/core/policies/engines/v1/compute/index.ts +6 -6
- package/src/core/policies/engines/v1/compute/resolve-decision-table-v1.ts +41 -39
- package/src/core/policies/engines/v1/condition-evaluator.ts +547 -505
- package/src/core/policies/engines/v1/condition-schema.ts +35 -35
- package/src/core/policies/engines/v1/condition-types.ts +21 -21
- package/src/core/policies/engines/v1/gate/gate-engine-v1.ts +134 -130
- package/src/core/policies/engines/v1/gate/gate-types-v1.ts +5 -5
- package/src/core/policies/engines/v1/gate/gate-v1-payload.schema.ts +32 -30
- package/src/core/policies/engines/v1/gate/index.ts +4 -4
- package/src/core/policies/engines/v1/index.ts +8 -8
- package/src/core/policies/index.ts +72 -72
- package/src/core/policies/package/policy-package.ts +3 -3
- package/src/core/policies/policy-ids.ts +25 -25
- package/src/core/policies/resolver/policy-resolver.ts +34 -34
- package/src/core/policies/service/index.ts +6 -6
- package/src/core/policies/service/policy-evaluation-error.ts +141 -133
- package/src/core/policies/service/policy-service.ts +432 -419
- package/src/core/policies/utils/date.ts +3 -3
- package/src/core/policies/utils/hash.ts +61 -61
- package/src/core/result/outcome.ts +131 -126
- package/src/core/result/result.ts +130 -127
- package/src/core/shared/aggregate-version.ts +5 -5
- package/src/core/shared/hashing.ts +18 -18
- package/src/core/shared/immutable.ts +29 -29
- package/src/core/shared/temporal-guards.ts +9 -9
- package/src/core/versioning/domain-event-contracts.ts +40 -40
- package/src/core/versioning/version.ts +19 -19
- package/src/examples/rulesets/entity/order-creation-rules-v1.ts +18 -18
- package/src/examples/rulesets/entity/order-invariants-v1.ts +31 -29
- package/src/examples/rulesets/entity/order-invariants-v2.ts +12 -12
- package/src/examples/rulesets/entity/order.ts +127 -127
- package/src/examples/rulesets/value-object/cpf-rules-v1.ts +41 -39
- package/src/examples/rulesets/value-object/cpf-rules-v2.ts +14 -12
- package/src/examples/rulesets/value-object/cpf.ts +24 -24
- package/src/examples/rulesets/value-object/customer.ts +42 -39
- package/src/examples/rulesets/value-object/person-name-rules-v1.ts +27 -27
- package/src/examples/rulesets/value-object/person-name-rules-v2.ts +13 -13
- package/src/examples/rulesets/value-object/person-name.ts +29 -26
- package/src/index.ts +2 -2
- package/src/version.ts +1 -1
|
@@ -7,44 +7,44 @@ import type { AppErrorOptions, ErrorSeverity } from "./types";
|
|
|
7
7
|
// ─────────────────────────────────────────────────────────────────────────────
|
|
8
8
|
|
|
9
9
|
type AuthorizationErrorReason =
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
10
|
+
| "forbidden"
|
|
11
|
+
| "missing_role"
|
|
12
|
+
| "missing_capability"
|
|
13
|
+
| "out_of_scope"
|
|
14
|
+
| "outside_time_window"
|
|
15
|
+
| "policy_denied"
|
|
16
|
+
| "unknown";
|
|
17
17
|
|
|
18
18
|
type AuthorizationRequirement = {
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
19
|
+
role?: string;
|
|
20
|
+
capability?: string;
|
|
21
|
+
scope?: string; // e.g.: "school:{id}" or "class:{id}"
|
|
22
22
|
};
|
|
23
23
|
|
|
24
24
|
type AuthorizationErrorMetadata = {
|
|
25
|
-
|
|
25
|
+
reason: AuthorizationErrorReason;
|
|
26
26
|
|
|
27
|
-
|
|
28
|
-
|
|
27
|
+
/** Stable action you evaluated (not an HTTP route — a "business action") */
|
|
28
|
+
action: string;
|
|
29
29
|
|
|
30
|
-
|
|
31
|
-
|
|
30
|
+
/** Resource identification (without leaking the full payload) */
|
|
31
|
+
resource?: { type: string; id?: string };
|
|
32
32
|
|
|
33
|
-
|
|
34
|
-
|
|
33
|
+
/** Optional: actor (do not include sensitive data) */
|
|
34
|
+
actor?: { userId: string; role?: string };
|
|
35
35
|
|
|
36
|
-
|
|
37
|
-
|
|
36
|
+
/** Optional: expected requirement */
|
|
37
|
+
required?: AuthorizationRequirement;
|
|
38
38
|
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
39
|
+
/** Optional: policy (when you already have PolicyEvaluation or similar) */
|
|
40
|
+
policyId?: string;
|
|
41
|
+
policyVersion?: number;
|
|
42
|
+
evaluatedAtIso?: string;
|
|
43
|
+
decision?: "allow" | "deny";
|
|
44
|
+
reasonCode?: string;
|
|
45
45
|
|
|
46
|
-
|
|
47
|
-
|
|
46
|
+
/** Optional: additional non-sensitive info */
|
|
47
|
+
details?: string;
|
|
48
48
|
};
|
|
49
49
|
|
|
50
50
|
/**
|
|
@@ -52,114 +52,114 @@ type AuthorizationErrorMetadata = {
|
|
|
52
52
|
* Combines metadata fields (except 'reason') with common AppError options.
|
|
53
53
|
*/
|
|
54
54
|
type AuthorizationErrorFactoryOptions = Omit<
|
|
55
|
-
|
|
56
|
-
|
|
55
|
+
AuthorizationErrorMetadata,
|
|
56
|
+
"reason"
|
|
57
57
|
> &
|
|
58
|
-
|
|
58
|
+
Omit<AppErrorOptions, "metadata">;
|
|
59
59
|
|
|
60
60
|
// ─────────────────────────────────────────────────────────────────────────────
|
|
61
61
|
// AuthorizationError
|
|
62
62
|
// ─────────────────────────────────────────────────────────────────────────────
|
|
63
63
|
|
|
64
64
|
class AuthorizationError extends AppError {
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
65
|
+
public readonly reason: AuthorizationErrorReason;
|
|
66
|
+
|
|
67
|
+
private constructor(params: {
|
|
68
|
+
message: string;
|
|
69
|
+
code: string;
|
|
70
|
+
reason: AuthorizationErrorReason;
|
|
71
|
+
metadata: AuthorizationErrorMetadata;
|
|
72
|
+
cause?: unknown;
|
|
73
|
+
type?: string;
|
|
74
|
+
severity?: ErrorSeverity;
|
|
75
|
+
correlationId?: string;
|
|
76
|
+
requestId?: string;
|
|
77
|
+
commandId?: string;
|
|
78
|
+
createdAtIso?: string;
|
|
79
|
+
publicMessage?: string;
|
|
80
|
+
}) {
|
|
81
|
+
super(params.message, params.code, {
|
|
82
|
+
cause: params.cause,
|
|
83
|
+
metadata: params.metadata,
|
|
84
|
+
type: params.type,
|
|
85
|
+
severity: params.severity,
|
|
86
|
+
correlationId: params.correlationId,
|
|
87
|
+
requestId: params.requestId,
|
|
88
|
+
commandId: params.commandId,
|
|
89
|
+
createdAtIso: params.createdAtIso,
|
|
90
|
+
publicMessage: params.publicMessage,
|
|
91
|
+
});
|
|
92
|
+
|
|
93
|
+
this.reason = params.reason;
|
|
94
|
+
Object.freeze(this);
|
|
95
|
+
}
|
|
96
|
+
|
|
97
|
+
// ─────────────────────────────────────────────────────────────────────────
|
|
98
|
+
// Factories
|
|
99
|
+
// ─────────────────────────────────────────────────────────────────────────
|
|
100
|
+
|
|
101
|
+
static forbidden(
|
|
102
|
+
input: AuthorizationErrorFactoryOptions,
|
|
103
|
+
): AuthorizationError {
|
|
104
|
+
return new AuthorizationError({
|
|
105
|
+
message: "Action not allowed",
|
|
106
|
+
code: ErrorCodes.authorization.forbidden,
|
|
107
|
+
reason: "forbidden",
|
|
108
|
+
metadata: { reason: "forbidden", ...extractMetadataOnly(input) },
|
|
109
|
+
...extractAppErrorOptions(input),
|
|
110
|
+
});
|
|
111
|
+
}
|
|
112
|
+
|
|
113
|
+
static policyDenied(
|
|
114
|
+
input: AuthorizationErrorFactoryOptions & {
|
|
115
|
+
policyId: string;
|
|
116
|
+
policyVersion: number;
|
|
117
|
+
evaluatedAtIso: string;
|
|
118
|
+
},
|
|
119
|
+
): AuthorizationError {
|
|
120
|
+
return new AuthorizationError({
|
|
121
|
+
message: "Action denied by policy",
|
|
122
|
+
code: ErrorCodes.authorization.policyDenied,
|
|
123
|
+
reason: "policy_denied",
|
|
124
|
+
metadata: {
|
|
125
|
+
reason: "policy_denied",
|
|
126
|
+
...extractMetadataOnly(input),
|
|
127
|
+
decision: "deny",
|
|
128
|
+
},
|
|
129
|
+
...extractAppErrorOptions(input),
|
|
130
|
+
});
|
|
131
|
+
}
|
|
132
|
+
|
|
133
|
+
static missingCapability(
|
|
134
|
+
input: AuthorizationErrorFactoryOptions & {
|
|
135
|
+
required: AuthorizationRequirement;
|
|
136
|
+
},
|
|
137
|
+
): AuthorizationError {
|
|
138
|
+
return new AuthorizationError({
|
|
139
|
+
message: "Insufficient capability to perform the action",
|
|
140
|
+
code: ErrorCodes.authorization.missingCapability,
|
|
141
|
+
reason: "missing_capability",
|
|
142
|
+
metadata: {
|
|
143
|
+
reason: "missing_capability",
|
|
144
|
+
...extractMetadataOnly(input),
|
|
145
|
+
},
|
|
146
|
+
...extractAppErrorOptions(input),
|
|
147
|
+
});
|
|
148
|
+
}
|
|
149
|
+
|
|
150
|
+
static outOfScope(
|
|
151
|
+
input: AuthorizationErrorFactoryOptions & {
|
|
152
|
+
required?: AuthorizationRequirement;
|
|
153
|
+
},
|
|
154
|
+
): AuthorizationError {
|
|
155
|
+
return new AuthorizationError({
|
|
156
|
+
message: "Action outside the allowed scope",
|
|
157
|
+
code: ErrorCodes.authorization.outOfScope,
|
|
158
|
+
reason: "out_of_scope",
|
|
159
|
+
metadata: { reason: "out_of_scope", ...extractMetadataOnly(input) },
|
|
160
|
+
...extractAppErrorOptions(input),
|
|
161
|
+
});
|
|
162
|
+
}
|
|
163
163
|
}
|
|
164
164
|
|
|
165
165
|
// ─────────────────────────────────────────────────────────────────────────────
|
|
@@ -167,38 +167,38 @@ class AuthorizationError extends AppError {
|
|
|
167
167
|
// ─────────────────────────────────────────────────────────────────────────────
|
|
168
168
|
|
|
169
169
|
function extractAppErrorOptions(options?: Partial<AppErrorOptions>) {
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
170
|
+
return {
|
|
171
|
+
cause: options?.cause,
|
|
172
|
+
type: options?.type,
|
|
173
|
+
severity: options?.severity,
|
|
174
|
+
correlationId: options?.correlationId,
|
|
175
|
+
requestId: options?.requestId,
|
|
176
|
+
commandId: options?.commandId,
|
|
177
|
+
createdAtIso: options?.createdAtIso,
|
|
178
|
+
publicMessage: options?.publicMessage,
|
|
179
|
+
};
|
|
180
180
|
}
|
|
181
181
|
|
|
182
182
|
function extractMetadataOnly(
|
|
183
|
-
|
|
183
|
+
input: AuthorizationErrorFactoryOptions,
|
|
184
184
|
): Omit<AuthorizationErrorMetadata, "reason"> {
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
185
|
+
const {
|
|
186
|
+
cause,
|
|
187
|
+
type,
|
|
188
|
+
severity,
|
|
189
|
+
correlationId,
|
|
190
|
+
requestId,
|
|
191
|
+
commandId,
|
|
192
|
+
createdAtIso,
|
|
193
|
+
publicMessage,
|
|
194
|
+
...metadata
|
|
195
|
+
} = input;
|
|
196
|
+
return metadata;
|
|
197
197
|
}
|
|
198
198
|
|
|
199
199
|
export { AuthorizationError };
|
|
200
200
|
export type {
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
201
|
+
AuthorizationErrorMetadata,
|
|
202
|
+
AuthorizationErrorReason,
|
|
203
|
+
AuthorizationRequirement,
|
|
204
204
|
};
|
|
@@ -7,22 +7,22 @@ import type { AppErrorOptions } from "./types";
|
|
|
7
7
|
// ─────────────────────────────────────────────────────────────────────────────
|
|
8
8
|
|
|
9
9
|
class BusinessRuleViolationError extends AppError {
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
10
|
+
constructor(
|
|
11
|
+
rule: string,
|
|
12
|
+
message: string,
|
|
13
|
+
detail?: Record<string, unknown>,
|
|
14
|
+
options?: AppErrorOptions,
|
|
15
|
+
) {
|
|
16
|
+
const baseMetadata = detail ? { rule, detail } : { rule };
|
|
17
|
+
const mergedMetadata = options?.metadata
|
|
18
|
+
? { ...baseMetadata, ...options.metadata }
|
|
19
|
+
: baseMetadata;
|
|
20
20
|
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
21
|
+
super(message, ErrorCodes.businessRuleViolation, {
|
|
22
|
+
...options,
|
|
23
|
+
metadata: mergedMetadata,
|
|
24
|
+
});
|
|
25
|
+
}
|
|
26
26
|
}
|
|
27
27
|
|
|
28
28
|
export { BusinessRuleViolationError };
|