@cullet/erp-core 1.2.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (218) hide show
  1. package/KIT_CONTEXT.md +5 -3
  2. package/README.md +160 -0
  3. package/dist/abac/index.cjs +7 -0
  4. package/dist/abac/index.d.cts +2 -0
  5. package/dist/abac/index.d.ts +2 -0
  6. package/dist/abac/index.js +2 -0
  7. package/dist/app-error.cjs +193 -0
  8. package/dist/app-error.cjs.map +1 -0
  9. package/dist/app-error.d.cts +108 -0
  10. package/dist/app-error.js +170 -0
  11. package/dist/app-error.js.map +1 -0
  12. package/dist/application/index.cjs +27 -0
  13. package/dist/application/index.d.cts +3 -0
  14. package/dist/application/index.d.ts +2 -1
  15. package/dist/application/index.js +2 -1
  16. package/dist/authorization-error.cjs +157 -0
  17. package/dist/authorization-error.cjs.map +1 -0
  18. package/dist/authorization-error.d.cts +113 -0
  19. package/dist/authorization-error.d.ts +113 -0
  20. package/dist/authorization-error.js +152 -0
  21. package/dist/authorization-error.js.map +1 -0
  22. package/dist/authorizer.port.d.cts +130 -0
  23. package/dist/authorizer.port.d.ts +130 -0
  24. package/dist/composite-authorizer.d.cts +216 -0
  25. package/dist/composite-authorizer.d.ts +216 -0
  26. package/dist/condition-evaluator.cjs +565 -0
  27. package/dist/condition-evaluator.cjs.map +1 -0
  28. package/dist/condition-evaluator.js +536 -0
  29. package/dist/condition-evaluator.js.map +1 -0
  30. package/dist/core-config.d.cts +172 -0
  31. package/dist/{gate-types.d.ts → core-config.d.ts} +78 -77
  32. package/dist/domain/index.cjs +17 -0
  33. package/dist/domain/index.d.cts +4 -0
  34. package/dist/domain/index.d.ts +2 -1
  35. package/dist/domain/index.js +2 -1
  36. package/dist/domain-event-contracts.cjs +34 -0
  37. package/dist/domain-event-contracts.cjs.map +1 -0
  38. package/dist/domain-event-contracts.d.cts +27 -0
  39. package/dist/domain-event-contracts.js +2 -1
  40. package/dist/domain-event-contracts.js.map +1 -1
  41. package/dist/domain-exception.cjs +17 -0
  42. package/dist/domain-exception.cjs.map +1 -0
  43. package/dist/domain-exception.d.cts +7 -0
  44. package/dist/entity.cjs +126 -0
  45. package/dist/entity.cjs.map +1 -0
  46. package/dist/entity.js +115 -0
  47. package/dist/entity.js.map +1 -0
  48. package/dist/errors/index.cjs +43 -0
  49. package/dist/errors/index.d.cts +4 -0
  50. package/dist/errors/index.d.ts +2 -1
  51. package/dist/errors/index.js +4 -2
  52. package/dist/exceptions/index.cjs +17 -0
  53. package/dist/exceptions/index.d.cts +5 -0
  54. package/dist/exceptions/validation-field.cjs +3 -0
  55. package/dist/exceptions/validation-field.d.cts +2 -0
  56. package/dist/gate-engine-registry.cjs +309 -0
  57. package/dist/gate-engine-registry.cjs.map +1 -0
  58. package/dist/gate-engine-registry.d.cts +82 -0
  59. package/dist/gate-engine-registry.d.ts +3 -2
  60. package/dist/gate-engine-registry.js +2 -1
  61. package/dist/gate-engine-registry.js.map +1 -1
  62. package/dist/gate-v1-payload.schema.cjs +76 -0
  63. package/dist/gate-v1-payload.schema.cjs.map +1 -0
  64. package/dist/gate-v1-payload.schema.js +1 -533
  65. package/dist/gate-v1-payload.schema.js.map +1 -1
  66. package/dist/hashing.cjs +66 -0
  67. package/dist/hashing.cjs.map +1 -0
  68. package/dist/immutable.cjs +77 -0
  69. package/dist/immutable.cjs.map +1 -0
  70. package/dist/immutable.d.cts +6 -0
  71. package/dist/index.cjs +181 -0
  72. package/dist/index.cjs.map +1 -0
  73. package/dist/index.d.cts +37 -0
  74. package/dist/index.d.ts +19 -12
  75. package/dist/index.js +15 -9
  76. package/dist/index.js.map +1 -1
  77. package/dist/invalid-state-transition-exception.cjs +47 -0
  78. package/dist/invalid-state-transition-exception.cjs.map +1 -0
  79. package/dist/invariant-violation-exception.cjs +16 -0
  80. package/dist/invariant-violation-exception.cjs.map +1 -0
  81. package/dist/not-found-error.cjs +65 -0
  82. package/dist/not-found-error.cjs.map +1 -0
  83. package/dist/not-found-error.js +1 -1
  84. package/dist/outcome.cjs +97 -0
  85. package/dist/outcome.cjs.map +1 -0
  86. package/dist/outcome.d.cts +58 -0
  87. package/dist/outcome.d.ts +1 -83
  88. package/dist/parse-gate-payload.d.cts +62 -0
  89. package/dist/parse-gate-payload.d.ts +2 -2
  90. package/dist/path.d.cts +90 -0
  91. package/dist/path.d.ts +2 -2
  92. package/dist/plugin.cjs +79 -0
  93. package/dist/plugin.cjs.map +1 -0
  94. package/dist/plugin.d.cts +85 -0
  95. package/dist/plugins/index.cjs +3 -0
  96. package/dist/plugins/index.d.cts +2 -0
  97. package/dist/policies/engines/index.cjs +10 -0
  98. package/dist/policies/engines/index.d.cts +4 -0
  99. package/dist/policies/engines/index.d.ts +1 -1
  100. package/dist/policies/engines/v1/gate/index.cjs +92 -0
  101. package/dist/policies/engines/v1/gate/index.cjs.map +1 -0
  102. package/dist/policies/engines/v1/gate/index.d.cts +121 -0
  103. package/dist/policies/engines/v1/gate/index.d.ts +2 -2
  104. package/dist/policies/engines/v1/gate/index.js +2 -1
  105. package/dist/policies/engines/v1/gate/index.js.map +1 -1
  106. package/dist/policies/index.cjs +41 -0
  107. package/dist/policies/index.d.cts +8 -0
  108. package/dist/policies/index.d.ts +3 -2
  109. package/dist/policies/index.js +2 -2
  110. package/dist/policy-bridge.cjs +437 -0
  111. package/dist/policy-bridge.cjs.map +1 -0
  112. package/dist/policy-bridge.d.cts +185 -0
  113. package/dist/policy-bridge.d.ts +185 -0
  114. package/dist/policy-bridge.js +396 -0
  115. package/dist/policy-bridge.js.map +1 -0
  116. package/dist/policy-service.cjs +1190 -0
  117. package/dist/policy-service.cjs.map +1 -0
  118. package/dist/policy-service.d.cts +559 -0
  119. package/dist/policy-service.d.ts +2 -2
  120. package/dist/policy-service.js +239 -239
  121. package/dist/policy-service.js.map +1 -1
  122. package/dist/rbac/index.cjs +9 -0
  123. package/dist/rbac/index.d.cts +3 -0
  124. package/dist/rbac/index.d.ts +3 -0
  125. package/dist/rbac/index.js +2 -0
  126. package/dist/requested-by.cjs +54 -0
  127. package/dist/requested-by.cjs.map +1 -0
  128. package/dist/requested-by.d.cts +25 -0
  129. package/dist/requested-by.d.ts +25 -0
  130. package/dist/requested-by.js +49 -0
  131. package/dist/requested-by.js.map +1 -0
  132. package/dist/result/index.cjs +7 -0
  133. package/dist/result/index.d.cts +3 -0
  134. package/dist/result/index.d.ts +2 -1
  135. package/dist/result.cjs +135 -0
  136. package/dist/result.cjs.map +1 -0
  137. package/dist/result.d.cts +84 -0
  138. package/dist/result.d.ts +84 -0
  139. package/dist/rule.cjs +327 -0
  140. package/dist/rule.cjs.map +1 -0
  141. package/dist/rule.js +298 -0
  142. package/dist/rule.js.map +1 -0
  143. package/dist/ruleset-registry.cjs +47 -0
  144. package/dist/ruleset-registry.cjs.map +1 -0
  145. package/dist/rulesets/index.cjs +3 -0
  146. package/dist/rulesets/index.d.cts +2 -0
  147. package/dist/temporal-guards.cjs +32 -0
  148. package/dist/temporal-guards.cjs.map +1 -0
  149. package/dist/temporal-use-case.cjs +139 -0
  150. package/dist/temporal-use-case.cjs.map +1 -0
  151. package/dist/temporal-use-case.d.cts +282 -0
  152. package/dist/temporal-use-case.d.ts +5 -27
  153. package/dist/temporal-use-case.js +2 -48
  154. package/dist/temporal-use-case.js.map +1 -1
  155. package/dist/unexpected-error.cjs +19 -0
  156. package/dist/unexpected-error.cjs.map +1 -0
  157. package/dist/unexpected-error.js +2 -167
  158. package/dist/unexpected-error.js.map +1 -1
  159. package/dist/use-case.cjs +96 -0
  160. package/dist/use-case.cjs.map +1 -0
  161. package/dist/uuid-identifier.cjs +65 -0
  162. package/dist/uuid-identifier.cjs.map +1 -0
  163. package/dist/uuid-identifier.d.cts +147 -0
  164. package/dist/uuid-identifier.d.ts +2 -85
  165. package/dist/validation-code.cjs +60 -0
  166. package/dist/validation-code.cjs.map +1 -0
  167. package/dist/validation-code.d.cts +23 -0
  168. package/dist/validation-error.cjs +887 -0
  169. package/dist/validation-error.cjs.map +1 -0
  170. package/dist/validation-error.d.cts +681 -0
  171. package/dist/validation-error.d.ts +2 -98
  172. package/dist/validation-error.js +7 -134
  173. package/dist/validation-error.js.map +1 -1
  174. package/dist/validation-exception.cjs +41 -0
  175. package/dist/validation-exception.cjs.map +1 -0
  176. package/dist/validation-exception.d.cts +50 -0
  177. package/dist/validation-field.cjs +28 -0
  178. package/dist/validation-field.cjs.map +1 -0
  179. package/dist/validation-field.d.cts +12 -0
  180. package/dist/value-object-ruleset.contracts.d.cts +36 -0
  181. package/dist/value-object.cjs +85 -0
  182. package/dist/value-object.cjs.map +1 -0
  183. package/dist/value-object.d.cts +89 -0
  184. package/dist/value-object.d.ts +89 -0
  185. package/dist/value-object.js +1 -112
  186. package/dist/value-object.js.map +1 -1
  187. package/dist/version.d.cts +10 -0
  188. package/dist/versioning/index.cjs +7 -0
  189. package/dist/versioning/index.d.cts +3 -0
  190. package/meta.json +19 -4
  191. package/package.json +173 -28
  192. package/src/abac/index.ts +1 -0
  193. package/src/core/abac/abac-request.ts +29 -0
  194. package/src/core/abac/attributes.ts +39 -0
  195. package/src/core/abac/authorizer.ts +108 -0
  196. package/src/core/abac/combining.ts +63 -0
  197. package/src/core/abac/composite-authorizer.ts +45 -0
  198. package/src/core/abac/domain/policy-set.ts +52 -0
  199. package/src/core/abac/domain/rule.ts +197 -0
  200. package/src/core/abac/index.ts +21 -0
  201. package/src/core/application/ports/abac-authorizer.port.ts +20 -0
  202. package/src/core/application/ports/authorizer.port.ts +22 -0
  203. package/src/core/errors/authorization-error.ts +26 -0
  204. package/src/core/errors/error-codes.ts +1 -0
  205. package/src/core/index.ts +7 -0
  206. package/src/core/rbac/access-request.ts +32 -0
  207. package/src/core/rbac/authorizer.ts +91 -0
  208. package/src/core/rbac/domain/grant.ts +96 -0
  209. package/src/core/rbac/domain/permission-set.ts +67 -0
  210. package/src/core/rbac/domain/permission.ts +119 -0
  211. package/src/core/rbac/domain/role.ts +101 -0
  212. package/src/core/rbac/domain/scope.ts +84 -0
  213. package/src/core/rbac/index.ts +15 -0
  214. package/src/core/rbac/policy-bridge.ts +44 -0
  215. package/src/examples/application/authorize-cancel-order-abac.example.ts +107 -0
  216. package/src/examples/application/authorize-cancel-order.example.ts +101 -0
  217. package/src/rbac/index.ts +1 -0
  218. package/src/version.ts +1 -1
@@ -0,0 +1,681 @@
1
+ import { a as JsonSafeRecord, n as AppErrorOptions, r as ErrorSeverity, t as AppError } from "./app-error.cjs";
2
+ import { t as ValidationCode } from "./validation-code.cjs";
3
+ import { t as ValidationField } from "./validation-field.cjs";
4
+
5
+ //#region src/core/errors/error-codes.d.ts
6
+ declare const ErrorCodes: {
7
+ readonly authentication: {
8
+ readonly missingToken: "sec.authn.missing_token";
9
+ readonly invalidToken: "sec.authn.invalid_token";
10
+ readonly expiredToken: "sec.authn.expired_token";
11
+ readonly invalidCredentials: "sec.authn.invalid_credentials";
12
+ };
13
+ readonly authorization: {
14
+ readonly forbidden: "sec.authz.forbidden";
15
+ readonly policyDenied: "sec.authz.policy_denied";
16
+ readonly missingRole: "sec.authz.missing_role";
17
+ readonly missingCapability: "sec.authz.missing_capability";
18
+ readonly outOfScope: "sec.authz.out_of_scope";
19
+ };
20
+ readonly businessRuleViolation: "business_rule_violation";
21
+ readonly conflict: {
22
+ readonly alreadyExists: "conf.already_exists";
23
+ readonly duplicate: "conf.duplicate";
24
+ readonly uniqueViolation: "conf.unique_violation";
25
+ };
26
+ readonly idempotency: {
27
+ readonly keyMissing: "idemp.key_missing";
28
+ readonly inProgress: "idemp.in_progress";
29
+ readonly payloadMismatch: "idemp.payload_mismatch";
30
+ readonly replayNotSupported: "idemp.replay_not_supported";
31
+ };
32
+ readonly integration: {
33
+ readonly timeout: "int.timeout";
34
+ readonly unreachable: "int.unreachable";
35
+ readonly badResponse: "int.bad_response";
36
+ };
37
+ readonly legacyIncompatible: "legacy_incompatible";
38
+ readonly notFound: "not_found";
39
+ readonly serialization: {
40
+ readonly deserializePrefix: "ser.des";
41
+ readonly serializePrefix: "ser.ser";
42
+ };
43
+ readonly temporal: {
44
+ readonly expired: "tmp.expired";
45
+ readonly notYetValid: "tmp.not_yet_valid";
46
+ };
47
+ readonly unexpected: "unexpected";
48
+ readonly validation: "validation_error";
49
+ };
50
+ type SerializationCodeDirection = "deserialize" | "serialize";
51
+ declare function serializationErrorCode(direction: SerializationCodeDirection, category: string): string;
52
+ //#endregion
53
+ //#region src/core/errors/utils/json-safe.d.ts
54
+ /**
55
+ * Ensures metadata is JSON-serializable.
56
+ *
57
+ * **Allowed:** string, number, boolean, null, arrays, and plain objects.
58
+ *
59
+ * **Converted to placeholder:** Date, BigInt, class instances, functions,
60
+ * symbols, undefined, and circular references (which would otherwise make
61
+ * `JSON.stringify` throw).
62
+ *
63
+ * @throws {TypeError} If `input` is not a plain object at the root level.
64
+ */
65
+ declare function assertJsonSafeMetadata(input: unknown): JsonSafeRecord;
66
+ //#endregion
67
+ //#region src/core/errors/authentication-error.d.ts
68
+ type AuthenticationErrorReason = "missing_token" | "malformed_token" | "invalid_token" | "expired_token" | "revoked_token" | "invalid_credentials" | "session_not_found" | "session_expired" | "unknown";
69
+ type AuthenticationErrorMetadata = {
70
+ reason: AuthenticationErrorReason;
71
+ authScheme?: "bearer" | "cookie" | "basic" | "unknown";
72
+ tokenLocation?: "header" | "cookie" | "query" | "unknown";
73
+ expiresAtIso?: string;
74
+ correlationId?: string;
75
+ requestId?: string;
76
+ details?: string;
77
+ };
78
+ type AuthenticationErrorFactoryOptions = Omit<AuthenticationErrorMetadata, "reason"> & Omit<AppErrorOptions, "metadata">;
79
+ declare class AuthenticationError extends AppError {
80
+ readonly reason: AuthenticationErrorReason;
81
+ private constructor();
82
+ static missingToken(options?: AuthenticationErrorFactoryOptions): AuthenticationError;
83
+ static invalidToken(options?: AuthenticationErrorFactoryOptions & {
84
+ cause?: unknown;
85
+ }): AuthenticationError;
86
+ static expiredToken(options?: AuthenticationErrorFactoryOptions & {
87
+ sessionId?: string;
88
+ }): AuthenticationError;
89
+ static invalidCredentials(options?: Pick<AuthenticationErrorFactoryOptions, "correlationId" | "requestId" | "type" | "severity" | "createdAtIso" | "publicMessage">): AuthenticationError;
90
+ }
91
+ //#endregion
92
+ //#region src/core/errors/business-rule-violation-error.d.ts
93
+ declare class BusinessRuleViolationError extends AppError {
94
+ constructor(rule: string, message: string, detail?: Record<string, unknown>, options?: AppErrorOptions);
95
+ }
96
+ //#endregion
97
+ //#region src/core/errors/conflict-error.d.ts
98
+ /**
99
+ * Conflict kinds we want to distinguish semantically.
100
+ */
101
+ type ConflictKind = "already_exists" | "duplicate" | "unique_violation";
102
+ /**
103
+ * Metadata attached to conflicts without exposing sensitive values.
104
+ */
105
+ type ConflictErrorMetadata = {
106
+ kind: ConflictKind;
107
+ entity: string;
108
+ operation?: string;
109
+ field?: string;
110
+ constraintName?: string;
111
+ existingId?: string;
112
+ valueHash?: string;
113
+ valuePreview?: string;
114
+ detectedAtIso?: string;
115
+ correlationId?: string;
116
+ requestId?: string;
117
+ commandId?: string;
118
+ hint?: string;
119
+ };
120
+ /**
121
+ * Storage-level description of a unique-constraint breach, as reported by a
122
+ * database driver. Used to translate a raw DB error into a domain
123
+ * {@link DuplicateError} via {@link translateUniqueViolationToDuplicate}.
124
+ */
125
+ type UniqueConstraintViolation = {
126
+ kind: "unique_violation";
127
+ constraintName?: string;
128
+ table?: string;
129
+ columns?: string[];
130
+ };
131
+ /**
132
+ * Base for errors that signal a state conflict — the request collides with data
133
+ * that already exists. Common at an HTTP 409 boundary.
134
+ *
135
+ * The discriminating {@link kind} lets a handler branch on *why* it conflicted
136
+ * (an already-existing record, a domain duplicate, or a raw storage uniqueness
137
+ * breach) without `instanceof` chains. Abstract: construct one of the concrete
138
+ * subclasses through its `detected(...)` factory, which fills in the right code,
139
+ * message, and metadata. Instances are frozen, so a conflict error can be shared
140
+ * and rethrown without risk of tampering.
141
+ */
142
+ declare abstract class ConflictError extends AppError {
143
+ readonly kind: ConflictKind;
144
+ protected constructor(params: {
145
+ message: string;
146
+ code: string;
147
+ kind: ConflictKind;
148
+ metadata: Omit<ConflictErrorMetadata, "kind">;
149
+ cause?: unknown;
150
+ } & AppErrorOptions);
151
+ }
152
+ /**
153
+ * The operation cannot proceed because a matching record already exists —
154
+ * e.g. creating something whose natural key is already taken. Construct via
155
+ * {@link AlreadyExistsError.detected}.
156
+ */
157
+ declare class AlreadyExistsError extends ConflictError {
158
+ private constructor();
159
+ /**
160
+ * Builds an {@link AlreadyExistsError} for a detected collision. `operation`
161
+ * defaults to `"create"` and a generic retry `hint` is supplied when none is
162
+ * given, so the error is actionable even from a minimal call site.
163
+ *
164
+ * @param input - The conflicting entity plus optional non-sensitive context
165
+ * (operation, field, existing id, value hash/preview, correlation ids).
166
+ */
167
+ static detected(input: {
168
+ entity: string;
169
+ operation?: string;
170
+ field?: string;
171
+ existingId?: string;
172
+ valueHash?: string;
173
+ valuePreview?: string;
174
+ detectedAtIso?: string;
175
+ correlationId?: string;
176
+ requestId?: string;
177
+ commandId?: string;
178
+ hint?: string;
179
+ cause?: unknown;
180
+ }): AlreadyExistsError;
181
+ }
182
+ /**
183
+ * A domain-level duplicate: the data being written would duplicate an existing
184
+ * record under the model's own uniqueness rules. Use this when the duplication
185
+ * is recognized in the domain, as opposed to a raw DB constraint
186
+ * ({@link UniqueConstraintViolationError}). Construct via
187
+ * {@link DuplicateError.detected}.
188
+ */
189
+ declare class DuplicateError extends ConflictError {
190
+ private constructor();
191
+ /**
192
+ * Builds a {@link DuplicateError} for a detected duplicate, defaulting to a
193
+ * "adjust the data so it does not duplicate" hint when none is provided.
194
+ *
195
+ * @param input - The conflicting entity plus optional non-sensitive context
196
+ * (field, constraint name, existing id, value hash/preview, correlation ids).
197
+ */
198
+ static detected(input: {
199
+ entity: string;
200
+ operation?: string;
201
+ field?: string;
202
+ constraintName?: string;
203
+ existingId?: string;
204
+ valueHash?: string;
205
+ valuePreview?: string;
206
+ detectedAtIso?: string;
207
+ correlationId?: string;
208
+ requestId?: string;
209
+ commandId?: string;
210
+ hint?: string;
211
+ cause?: unknown;
212
+ }): DuplicateError;
213
+ }
214
+ /**
215
+ * A uniqueness breach surfaced by the storage layer itself (a database unique
216
+ * index), carrying the raw {@link UniqueConstraintViolation} (constraint, table,
217
+ * columns). Keep this distinct from {@link DuplicateError}: this one is the
218
+ * infrastructure signal; translate it into a domain duplicate at the boundary
219
+ * with {@link translateUniqueViolationToDuplicate} when the model should own the
220
+ * message. Construct via {@link UniqueConstraintViolationError.detected}.
221
+ */
222
+ declare class UniqueConstraintViolationError extends ConflictError {
223
+ private constructor();
224
+ /**
225
+ * Builds a {@link UniqueConstraintViolationError} from the constraint details
226
+ * a driver reports, packaging them into a nested `violation` payload.
227
+ *
228
+ * @param input - The entity plus the offending constraint name, table, and
229
+ * columns, and optional correlation ids.
230
+ */
231
+ static detected(input: {
232
+ entity: string;
233
+ operation?: string;
234
+ constraintName?: string;
235
+ table?: string;
236
+ columns?: string[];
237
+ detectedAtIso?: string;
238
+ correlationId?: string;
239
+ requestId?: string;
240
+ commandId?: string;
241
+ cause?: unknown;
242
+ }): UniqueConstraintViolationError;
243
+ }
244
+ /**
245
+ * Translates a raw storage {@link UniqueConstraintViolation} into a domain-level
246
+ * {@link DuplicateError}. This is the seam where an infrastructure concern (a DB
247
+ * unique index firing) is re-expressed in the language of the model, so callers
248
+ * upstream catch a `DuplicateError` and never have to know a database was
249
+ * involved.
250
+ *
251
+ * @param input - The entity, the driver-reported `violation`, and optional
252
+ * request context (`ctx`) carrying correlation ids and a clock instant.
253
+ * @returns A {@link DuplicateError} carrying the constraint name as its field hint.
254
+ */
255
+ declare function translateUniqueViolationToDuplicate(input: {
256
+ entity: string;
257
+ operation?: string;
258
+ violation: UniqueConstraintViolation;
259
+ field?: string;
260
+ ctx?: {
261
+ correlationId?: string;
262
+ requestId?: string;
263
+ commandId?: string;
264
+ nowIso?: string;
265
+ };
266
+ cause?: unknown;
267
+ }): DuplicateError;
268
+ //#endregion
269
+ //#region src/core/shared/hashing.d.ts
270
+ declare function sha256Hex(value: string): string;
271
+ /**
272
+ * Deterministic JSON string with object keys sorted recursively, so key order
273
+ * does not affect the output.
274
+ *
275
+ * Follows `JSON.stringify` semantics for the values it serializes: `undefined`,
276
+ * functions and symbols are dropped, non-finite numbers become `null`, `bigint`
277
+ * throws, and `Map`/`Set` serialize as `{}`. Distinct payloads can therefore
278
+ * collapse to the same string — for collision-resistant hashing use
279
+ * `PolicyHashing.canonicalJson` (policies/utils), which rejects those values
280
+ * up front.
281
+ *
282
+ * @throws {TypeError} On circular references (mirroring `JSON.stringify`).
283
+ */
284
+ declare function stableStringify(value: unknown): string;
285
+ declare function payloadHash(value: unknown): string;
286
+ //#endregion
287
+ //#region src/core/errors/idempotency-error.d.ts
288
+ type IdempotencyFailureKind = "key_missing" | "in_progress" | "payload_mismatch" | "replay_not_supported" | "unknown";
289
+ type IdempotencyErrorMetadata = {
290
+ kind: IdempotencyFailureKind;
291
+ operation: string;
292
+ scope?: string;
293
+ entity?: string;
294
+ keyHash?: string;
295
+ keyPreview?: string;
296
+ incomingPayloadHash?: string;
297
+ existingPayloadHash?: string;
298
+ idempotencyRecordId?: string;
299
+ correlationId?: string;
300
+ requestId?: string;
301
+ commandId?: string;
302
+ detectedAtIso?: string;
303
+ hint?: string;
304
+ details?: string;
305
+ };
306
+ type IdempotencyErrorConstructorInput = {
307
+ message: string;
308
+ code: string;
309
+ kind: IdempotencyFailureKind;
310
+ metadata: Omit<IdempotencyErrorMetadata, "kind">;
311
+ cause?: unknown;
312
+ };
313
+ declare abstract class IdempotencyError extends AppError {
314
+ readonly kind: IdempotencyFailureKind;
315
+ protected constructor(input: IdempotencyErrorConstructorInput);
316
+ static keyMissing(input: {
317
+ operation: string;
318
+ scope?: string;
319
+ entity?: string;
320
+ correlationId?: string;
321
+ requestId?: string;
322
+ commandId?: string;
323
+ detectedAtIso?: string;
324
+ hint?: string;
325
+ details?: string;
326
+ cause?: unknown;
327
+ }): IdempotencyKeyMissingError;
328
+ static inProgress(input: {
329
+ operation: string;
330
+ scope?: string;
331
+ entity?: string;
332
+ key?: string;
333
+ keyHash?: string;
334
+ keyPreview?: string;
335
+ idempotencyRecordId?: string;
336
+ correlationId?: string;
337
+ requestId?: string;
338
+ commandId?: string;
339
+ detectedAtIso?: string;
340
+ hint?: string;
341
+ details?: string;
342
+ cause?: unknown;
343
+ }): IdempotencyInProgressError;
344
+ static payloadMismatch(input: {
345
+ operation: string;
346
+ scope?: string;
347
+ entity?: string;
348
+ key?: string;
349
+ keyHash?: string;
350
+ keyPreview?: string;
351
+ incomingPayloadHash?: string;
352
+ existingPayloadHash?: string;
353
+ idempotencyRecordId?: string;
354
+ correlationId?: string;
355
+ requestId?: string;
356
+ commandId?: string;
357
+ detectedAtIso?: string;
358
+ hint?: string;
359
+ details?: string;
360
+ cause?: unknown;
361
+ }): IdempotencyPayloadMismatchError;
362
+ static replayNotSupported(input: {
363
+ operation: string;
364
+ scope?: string;
365
+ entity?: string;
366
+ key?: string;
367
+ keyHash?: string;
368
+ keyPreview?: string;
369
+ idempotencyRecordId?: string;
370
+ correlationId?: string;
371
+ requestId?: string;
372
+ commandId?: string;
373
+ detectedAtIso?: string;
374
+ hint?: string;
375
+ details?: string;
376
+ cause?: unknown;
377
+ }): IdempotencyReplayNotSupportedError;
378
+ }
379
+ declare class IdempotencyKeyMissingError extends IdempotencyError {
380
+ private constructor();
381
+ static detected(input: {
382
+ operation: string;
383
+ scope?: string;
384
+ entity?: string;
385
+ correlationId?: string;
386
+ requestId?: string;
387
+ commandId?: string;
388
+ detectedAtIso?: string;
389
+ hint?: string;
390
+ details?: string;
391
+ cause?: unknown;
392
+ }): IdempotencyKeyMissingError;
393
+ }
394
+ declare class IdempotencyInProgressError extends IdempotencyError {
395
+ private constructor();
396
+ static detected(input: {
397
+ operation: string;
398
+ scope?: string;
399
+ entity?: string;
400
+ key?: string;
401
+ keyHash?: string;
402
+ keyPreview?: string;
403
+ idempotencyRecordId?: string;
404
+ correlationId?: string;
405
+ requestId?: string;
406
+ commandId?: string;
407
+ detectedAtIso?: string;
408
+ hint?: string;
409
+ details?: string;
410
+ cause?: unknown;
411
+ }): IdempotencyInProgressError;
412
+ }
413
+ declare class IdempotencyPayloadMismatchError extends IdempotencyError {
414
+ private constructor();
415
+ static detected(input: {
416
+ operation: string;
417
+ scope?: string;
418
+ entity?: string;
419
+ key?: string;
420
+ keyHash?: string;
421
+ keyPreview?: string;
422
+ incomingPayloadHash?: string;
423
+ existingPayloadHash?: string;
424
+ idempotencyRecordId?: string;
425
+ correlationId?: string;
426
+ requestId?: string;
427
+ commandId?: string;
428
+ detectedAtIso?: string;
429
+ hint?: string;
430
+ details?: string;
431
+ cause?: unknown;
432
+ }): IdempotencyPayloadMismatchError;
433
+ }
434
+ declare class IdempotencyReplayNotSupportedError extends IdempotencyError {
435
+ private constructor();
436
+ static detected(input: {
437
+ operation: string;
438
+ scope?: string;
439
+ entity?: string;
440
+ key?: string;
441
+ keyHash?: string;
442
+ keyPreview?: string;
443
+ idempotencyRecordId?: string;
444
+ correlationId?: string;
445
+ requestId?: string;
446
+ commandId?: string;
447
+ detectedAtIso?: string;
448
+ hint?: string;
449
+ details?: string;
450
+ cause?: unknown;
451
+ }): IdempotencyReplayNotSupportedError;
452
+ }
453
+ //#endregion
454
+ //#region src/core/errors/integration-error.d.ts
455
+ type IntegrationErrorReason = "timeout" | "unreachable" | "bad_response" | "unknown";
456
+ type IntegrationErrorMetadata = {
457
+ reason: IntegrationErrorReason;
458
+ provider: string;
459
+ operation: string;
460
+ startedAtIso: string;
461
+ durationMs: number;
462
+ detectedAtIso?: string;
463
+ correlationId?: string;
464
+ requestId?: string;
465
+ commandId?: string;
466
+ details?: string;
467
+ statusCode?: number;
468
+ responseCode?: string;
469
+ };
470
+ /**
471
+ * Raised when a call to an external provider fails — a timeout, an unreachable
472
+ * endpoint, or a malformed response. This is the boundary error that separates
473
+ * "our code is fine, the outside world misbehaved" from internal faults, which
474
+ * matters for retry and alerting decisions.
475
+ *
476
+ * Every instance records the `provider`, the `operation`, and timing
477
+ * (`startedAtIso` / `durationMs`) so failures are correlatable across services
478
+ * and a slow dependency is visible in the metadata. The discriminating
479
+ * {@link reason} lets callers decide whether a failure is worth retrying.
480
+ * Instances are frozen; construct through the static factories.
481
+ */
482
+ declare class IntegrationError extends AppError {
483
+ readonly reason: IntegrationErrorReason;
484
+ private constructor();
485
+ /**
486
+ * The provider did not respond within the allotted time. Usually retryable,
487
+ * since a timeout leaves the outcome unknown rather than known-failed.
488
+ */
489
+ static timeout(options: IntegrationErrorTimeoutOptions): IntegrationError;
490
+ /**
491
+ * The provider could not be reached at all (connection refused, DNS
492
+ * failure, network partition) — the request never landed.
493
+ */
494
+ static unreachable(options: IntegrationErrorEndpointOptions): IntegrationError;
495
+ /**
496
+ * The provider answered, but with something the system cannot use — an
497
+ * unexpected status, an unparsable body, or a contract mismatch. Unlike a
498
+ * timeout this is a definite failure, so blind retries rarely help.
499
+ */
500
+ static badResponse(options: IntegrationErrorEndpointOptions): IntegrationError;
501
+ }
502
+ type IntegrationErrorBaseOptions = {
503
+ provider: string;
504
+ operation: string;
505
+ startedAtIso: string;
506
+ durationMs: number;
507
+ detectedAtIso?: string;
508
+ correlationId?: string;
509
+ requestId?: string;
510
+ commandId?: string;
511
+ details?: string;
512
+ statusCode?: number;
513
+ responseCode?: string;
514
+ cause?: unknown;
515
+ type?: string;
516
+ severity?: ErrorSeverity;
517
+ createdAtIso?: string;
518
+ publicMessage?: string;
519
+ };
520
+ type IntegrationErrorTimeoutOptions = IntegrationErrorBaseOptions;
521
+ type IntegrationErrorEndpointOptions = IntegrationErrorBaseOptions;
522
+ //#endregion
523
+ //#region src/core/errors/legacy-incompatible-error.d.ts
524
+ declare class LegacyIncompatibleError extends AppError {
525
+ constructor(message: string, context?: Record<string, unknown>, options?: AppErrorOptions);
526
+ }
527
+ //#endregion
528
+ //#region src/core/errors/not-found-error.d.ts
529
+ /**
530
+ * Raised when a requested resource does not exist. Maps naturally onto an HTTP
531
+ * 404 at the edge, but stays transport-agnostic here.
532
+ *
533
+ * The `resource` name builds the message (`"<resource> not found"`) and, with
534
+ * the optional lookup `criteria`, lands in the metadata so logs show *what* was
535
+ * searched for without the caller having to restate it in the message.
536
+ */
537
+ declare class NotFoundError extends AppError {
538
+ /**
539
+ * @param resource - Human-readable name of the missing resource (e.g. `"Order"`).
540
+ * @param criteria - Optional lookup keys used in the search; recorded in
541
+ * metadata to aid debugging. Avoid putting sensitive values here.
542
+ * @param options - Optional cause, correlation ids, and extra metadata.
543
+ */
544
+ constructor(resource: string, criteria?: Record<string, unknown>, options?: AppErrorOptions);
545
+ }
546
+ //#endregion
547
+ //#region src/core/errors/serialization-error.d.ts
548
+ type SerializationDirection = "serialize" | "deserialize";
549
+ type SerializationFailureCategory = "invalid_json" | "invalid_shape" | "missing_field" | "unexpected_field" | "invalid_type" | "schema_version_missing" | "schema_version_unsupported" | "mapping_not_implemented" | "contract_mismatch" | "parse_failed" | "stringify_failed" | "unknown";
550
+ type SerializationBoundary = "http_in" | "http_out" | "graphql_in" | "graphql_out" | "dto_to_domain" | "domain_to_dto" | "persistence_to_domain" | "domain_to_persistence" | "event_in" | "event_out" | "projection" | "unknown";
551
+ /**
552
+ * Metadata shared by serialization/deserialization failures. Payload previews must be sanitized.
553
+ */
554
+ type SerializationErrorMetadata = {
555
+ direction: SerializationDirection;
556
+ category: SerializationFailureCategory;
557
+ boundary: SerializationBoundary;
558
+ contract: string;
559
+ schemaVersion?: number | string;
560
+ path?: string;
561
+ payloadPreview?: string;
562
+ correlationId?: string;
563
+ requestId?: string;
564
+ commandId?: string;
565
+ hint?: string;
566
+ details?: string;
567
+ };
568
+ type SerializationErrorOptions = Omit<AppErrorOptions, "metadata"> & {
569
+ message: string;
570
+ code: string;
571
+ metadata: Omit<SerializationErrorMetadata, "direction" | "category">;
572
+ direction: SerializationDirection;
573
+ category: SerializationFailureCategory;
574
+ };
575
+ declare abstract class SerializationError extends AppError {
576
+ readonly direction: SerializationDirection;
577
+ readonly category: SerializationFailureCategory;
578
+ readonly boundary: SerializationBoundary;
579
+ readonly contract: string;
580
+ protected constructor(input: SerializationErrorOptions);
581
+ }
582
+ declare class SerializationInError extends SerializationError {
583
+ private constructor();
584
+ static failure(category: SerializationFailureCategory, metadata: Omit<SerializationErrorMetadata, "direction" | "category"> & {
585
+ cause?: unknown;
586
+ }): SerializationInError;
587
+ }
588
+ declare class SerializationOutError extends SerializationError {
589
+ private constructor();
590
+ static failure(category: SerializationFailureCategory, metadata: Omit<SerializationErrorMetadata, "direction" | "category"> & {
591
+ cause?: unknown;
592
+ }): SerializationOutError;
593
+ }
594
+ declare class SerializationCodes {
595
+ static code(direction: SerializationDirection, category: SerializationFailureCategory): string;
596
+ }
597
+ declare class SerializationMessages {
598
+ static message(direction: SerializationDirection, category: SerializationFailureCategory): string;
599
+ }
600
+ declare function safePreview(value: unknown, limit?: number): string | undefined;
601
+ //#endregion
602
+ //#region src/core/errors/temporal-error.d.ts
603
+ type TemporalKind = "expired" | "not_yet_valid";
604
+ type TemporalPrecision = "EXACT" | "ESTIMATED" | "UNKNOWN" | "APPROXIMATE";
605
+ type TemporalErrorMetadata = {
606
+ resourceType: string;
607
+ resourceId?: string;
608
+ operation?: string;
609
+ validFromIso?: string | null;
610
+ validUntilIso?: string | null;
611
+ evaluatedAtIso: string;
612
+ policyId?: string;
613
+ precision?: TemporalPrecision;
614
+ hint?: string;
615
+ details?: string;
616
+ correlationId?: string;
617
+ requestId?: string;
618
+ commandId?: string;
619
+ };
620
+ type TemporalErrorOptions = {
621
+ message: string;
622
+ code: string;
623
+ kind: TemporalKind;
624
+ metadata: TemporalErrorMetadata;
625
+ } & AppErrorOptions;
626
+ declare abstract class TemporalError extends AppError {
627
+ readonly kind: TemporalKind;
628
+ readonly resourceType: string;
629
+ readonly evaluatedAtIso: string;
630
+ protected constructor(input: TemporalErrorOptions);
631
+ }
632
+ type TemporalCreationInput = TemporalErrorMetadata & Partial<Omit<AppErrorOptions, "metadata">> & {
633
+ cause?: unknown;
634
+ };
635
+ declare class ExpiredError extends TemporalError {
636
+ private constructor();
637
+ static detected(input: TemporalCreationInput): ExpiredError;
638
+ }
639
+ declare class NotYetValidError extends TemporalError {
640
+ private constructor();
641
+ static detected(input: TemporalCreationInput): NotYetValidError;
642
+ }
643
+ declare function evaluateTemporalWindow(input: {
644
+ validFromIso?: string | null;
645
+ validUntilIso?: string | null;
646
+ evaluatedAtIso: string;
647
+ }): {
648
+ expired: boolean;
649
+ notYetValid: boolean;
650
+ } | null;
651
+ //#endregion
652
+ //#region src/core/errors/unexpected-error.d.ts
653
+ declare class UnexpectedError extends AppError {
654
+ constructor(message?: string, cause?: unknown, options?: Omit<AppErrorOptions, "cause">);
655
+ }
656
+ //#endregion
657
+ //#region src/core/errors/validation-error.d.ts
658
+ /**
659
+ * Raised when a single input fails a validation rule — the canonical
660
+ * "this field is wrong, and here is why" error.
661
+ *
662
+ * It pins the offending `field` and a machine-readable `validationCode` into
663
+ * the metadata (merged ahead of any caller-supplied metadata) so an API layer
664
+ * can map the failure straight onto a form field without parsing the message.
665
+ * The fixed {@link ErrorCodes.validation} code lets callers catch all
666
+ * validation failures uniformly while still distinguishing the specific rule
667
+ * through `validationCode`.
668
+ */
669
+ declare class ValidationError extends AppError {
670
+ /**
671
+ * @param field - The input that failed validation; surfaced as `metadata.field`.
672
+ * @param code - The specific rule that was violated; surfaced as `metadata.validationCode`.
673
+ * @param message - The developer-facing description of the failure.
674
+ * @param options - Optional cause, correlation ids, and extra metadata
675
+ * (merged over the field/code metadata, never overwriting it by accident).
676
+ */
677
+ constructor(field: ValidationField, code: ValidationCode, message: string, options?: AppErrorOptions);
678
+ }
679
+ //#endregion
680
+ export { IdempotencyPayloadMismatchError as A, UniqueConstraintViolation as B, IntegrationErrorMetadata as C, IdempotencyFailureKind as D, IdempotencyErrorMetadata as E, AlreadyExistsError as F, AuthenticationErrorMetadata as G, translateUniqueViolationToDuplicate as H, ConflictError as I, ErrorCodes as J, AuthenticationErrorReason as K, ConflictErrorMetadata as L, payloadHash as M, sha256Hex as N, IdempotencyInProgressError as O, stableStringify as P, ConflictKind as R, IntegrationError as S, IdempotencyError as T, BusinessRuleViolationError as U, UniqueConstraintViolationError as V, AuthenticationError as W, serializationErrorCode as Y, SerializationMessages as _, TemporalError as a, NotFoundError as b, TemporalPrecision as c, SerializationCodes as d, SerializationDirection as f, SerializationInError as g, SerializationFailureCategory as h, NotYetValidError as i, IdempotencyReplayNotSupportedError as j, IdempotencyKeyMissingError as k, evaluateTemporalWindow as l, SerializationErrorMetadata as m, UnexpectedError as n, TemporalErrorMetadata as o, SerializationError as p, assertJsonSafeMetadata as q, ExpiredError as r, TemporalKind as s, ValidationError as t, SerializationBoundary as u, SerializationOutError as v, IntegrationErrorReason as w, LegacyIncompatibleError as x, safePreview as y, DuplicateError as z };
681
+ //# sourceMappingURL=validation-error.d.cts.map