@cullet/erp-core 1.3.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (197) hide show
  1. package/KIT_CONTEXT.md +11 -3
  2. package/README.md +160 -0
  3. package/dist/abac/index.cjs +7 -0
  4. package/dist/abac/index.d.cts +2 -0
  5. package/dist/abac/index.d.ts +2 -0
  6. package/dist/abac/index.js +2 -0
  7. package/dist/app-error.cjs +201 -0
  8. package/dist/app-error.cjs.map +1 -0
  9. package/dist/app-error.js +178 -0
  10. package/dist/app-error.js.map +1 -0
  11. package/dist/application/index.cjs +2 -1
  12. package/dist/application/index.d.cts +2 -1
  13. package/dist/application/index.d.ts +2 -1
  14. package/dist/application/index.js +2 -1
  15. package/dist/authorization-error.cjs +157 -0
  16. package/dist/authorization-error.cjs.map +1 -0
  17. package/dist/authorization-error.d.cts +113 -0
  18. package/dist/authorization-error.d.ts +113 -0
  19. package/dist/authorization-error.js +152 -0
  20. package/dist/authorization-error.js.map +1 -0
  21. package/dist/authorizer.port.d.cts +130 -0
  22. package/dist/authorizer.port.d.ts +130 -0
  23. package/dist/composite-authorizer.d.cts +216 -0
  24. package/dist/composite-authorizer.d.ts +216 -0
  25. package/dist/condition-evaluator.cjs +579 -0
  26. package/dist/condition-evaluator.cjs.map +1 -0
  27. package/dist/condition-evaluator.js +550 -0
  28. package/dist/condition-evaluator.js.map +1 -0
  29. package/dist/{gate-types.d.ts → core-config.d.cts} +78 -77
  30. package/dist/{gate-types.d.cts → core-config.d.ts} +78 -77
  31. package/dist/domain/index.cjs +2 -1
  32. package/dist/domain/index.d.cts +2 -1
  33. package/dist/domain/index.d.ts +2 -1
  34. package/dist/domain/index.js +2 -1
  35. package/dist/domain-event-contracts.cjs +3 -2
  36. package/dist/domain-event-contracts.cjs.map +1 -1
  37. package/dist/domain-event-contracts.js +2 -1
  38. package/dist/domain-event-contracts.js.map +1 -1
  39. package/dist/entity.cjs +122 -0
  40. package/dist/entity.cjs.map +1 -0
  41. package/dist/entity.js +111 -0
  42. package/dist/entity.js.map +1 -0
  43. package/dist/errors/index.cjs +10 -7
  44. package/dist/errors/index.d.cts +2 -1
  45. package/dist/errors/index.d.ts +2 -1
  46. package/dist/errors/index.js +6 -3
  47. package/dist/gate-engine-registry.cjs +5 -4
  48. package/dist/gate-engine-registry.cjs.map +1 -1
  49. package/dist/gate-engine-registry.d.cts +3 -2
  50. package/dist/gate-engine-registry.d.ts +3 -2
  51. package/dist/gate-engine-registry.js +2 -1
  52. package/dist/gate-engine-registry.js.map +1 -1
  53. package/dist/gate-v1-payload.schema.cjs +0 -562
  54. package/dist/gate-v1-payload.schema.cjs.map +1 -1
  55. package/dist/gate-v1-payload.schema.js +1 -533
  56. package/dist/gate-v1-payload.schema.js.map +1 -1
  57. package/dist/hashing.cjs +2 -44
  58. package/dist/hashing.cjs.map +1 -1
  59. package/dist/hashing.js +2 -38
  60. package/dist/hashing.js.map +1 -1
  61. package/dist/index.cjs +36 -17
  62. package/dist/index.cjs.map +1 -1
  63. package/dist/index.d.cts +19 -12
  64. package/dist/index.d.ts +19 -12
  65. package/dist/index.js +17 -10
  66. package/dist/index.js.map +1 -1
  67. package/dist/not-found-error.cjs +5 -5
  68. package/dist/not-found-error.cjs.map +1 -1
  69. package/dist/not-found-error.js +1 -1
  70. package/dist/outcome.d.cts +1 -83
  71. package/dist/outcome.d.ts +1 -83
  72. package/dist/parse-gate-payload.d.cts +2 -2
  73. package/dist/parse-gate-payload.d.ts +2 -2
  74. package/dist/path.d.cts +2 -2
  75. package/dist/path.d.ts +2 -2
  76. package/dist/policies/engines/index.d.cts +1 -1
  77. package/dist/policies/engines/index.d.ts +1 -1
  78. package/dist/policies/engines/v1/gate/index.cjs +5 -4
  79. package/dist/policies/engines/v1/gate/index.cjs.map +1 -1
  80. package/dist/policies/engines/v1/gate/index.d.cts +4 -2
  81. package/dist/policies/engines/v1/gate/index.d.ts +4 -2
  82. package/dist/policies/engines/v1/gate/index.js +2 -1
  83. package/dist/policies/engines/v1/gate/index.js.map +1 -1
  84. package/dist/policies/index.cjs +5 -5
  85. package/dist/policies/index.d.cts +3 -2
  86. package/dist/policies/index.d.ts +3 -2
  87. package/dist/policies/index.js +2 -2
  88. package/dist/policy-bridge.cjs +437 -0
  89. package/dist/policy-bridge.cjs.map +1 -0
  90. package/dist/policy-bridge.d.cts +185 -0
  91. package/dist/policy-bridge.d.ts +185 -0
  92. package/dist/policy-bridge.js +396 -0
  93. package/dist/policy-bridge.js.map +1 -0
  94. package/dist/policy-service.cjs +241 -240
  95. package/dist/policy-service.cjs.map +1 -1
  96. package/dist/policy-service.d.cts +2 -2
  97. package/dist/policy-service.d.ts +2 -2
  98. package/dist/policy-service.js +240 -239
  99. package/dist/policy-service.js.map +1 -1
  100. package/dist/rbac/index.cjs +9 -0
  101. package/dist/rbac/index.d.cts +3 -0
  102. package/dist/rbac/index.d.ts +3 -0
  103. package/dist/rbac/index.js +2 -0
  104. package/dist/requested-by.cjs +54 -0
  105. package/dist/requested-by.cjs.map +1 -0
  106. package/dist/requested-by.d.cts +25 -0
  107. package/dist/requested-by.d.ts +25 -0
  108. package/dist/requested-by.js +49 -0
  109. package/dist/requested-by.js.map +1 -0
  110. package/dist/result/index.d.cts +2 -1
  111. package/dist/result/index.d.ts +2 -1
  112. package/dist/result.d.cts +84 -0
  113. package/dist/result.d.ts +84 -0
  114. package/dist/rule.cjs +327 -0
  115. package/dist/rule.cjs.map +1 -0
  116. package/dist/rule.js +298 -0
  117. package/dist/rule.js.map +1 -0
  118. package/dist/stable-stringify.cjs +47 -0
  119. package/dist/stable-stringify.cjs.map +1 -0
  120. package/dist/stable-stringify.js +42 -0
  121. package/dist/stable-stringify.js.map +1 -0
  122. package/dist/temporal-use-case.cjs +6 -53
  123. package/dist/temporal-use-case.cjs.map +1 -1
  124. package/dist/temporal-use-case.d.cts +11 -28
  125. package/dist/temporal-use-case.d.ts +11 -28
  126. package/dist/temporal-use-case.js +7 -48
  127. package/dist/temporal-use-case.js.map +1 -1
  128. package/dist/unexpected-error.cjs +3 -192
  129. package/dist/unexpected-error.cjs.map +1 -1
  130. package/dist/unexpected-error.js +2 -167
  131. package/dist/unexpected-error.js.map +1 -1
  132. package/dist/use-case.cjs +2 -6
  133. package/dist/use-case.cjs.map +1 -1
  134. package/dist/use-case.js +2 -6
  135. package/dist/use-case.js.map +1 -1
  136. package/dist/uuid-identifier.cjs +2 -7
  137. package/dist/uuid-identifier.cjs.map +1 -1
  138. package/dist/uuid-identifier.d.cts +2 -85
  139. package/dist/uuid-identifier.d.ts +2 -85
  140. package/dist/uuid-identifier.js +1 -6
  141. package/dist/uuid-identifier.js.map +1 -1
  142. package/dist/uuid.cjs +18 -0
  143. package/dist/uuid.cjs.map +1 -0
  144. package/dist/uuid.js +13 -0
  145. package/dist/uuid.js.map +1 -0
  146. package/dist/validation-error.cjs +33 -166
  147. package/dist/validation-error.cjs.map +1 -1
  148. package/dist/validation-error.d.cts +12 -103
  149. package/dist/validation-error.d.ts +12 -103
  150. package/dist/validation-error.js +7 -134
  151. package/dist/validation-error.js.map +1 -1
  152. package/dist/value-object.cjs +12 -126
  153. package/dist/value-object.cjs.map +1 -1
  154. package/dist/value-object.d.cts +97 -0
  155. package/dist/value-object.d.ts +97 -0
  156. package/dist/value-object.js +13 -115
  157. package/dist/value-object.js.map +1 -1
  158. package/meta.json +20 -4
  159. package/package.json +27 -1
  160. package/src/abac/index.ts +1 -0
  161. package/src/core/abac/abac-request.ts +29 -0
  162. package/src/core/abac/attributes.ts +39 -0
  163. package/src/core/abac/authorizer.ts +108 -0
  164. package/src/core/abac/combining.ts +63 -0
  165. package/src/core/abac/composite-authorizer.ts +45 -0
  166. package/src/core/abac/domain/policy-set.ts +52 -0
  167. package/src/core/abac/domain/rule.ts +197 -0
  168. package/src/core/abac/index.ts +21 -0
  169. package/src/core/application/commands/requested-by.ts +3 -4
  170. package/src/core/application/ports/abac-authorizer.port.ts +20 -0
  171. package/src/core/application/ports/authorizer.port.ts +22 -0
  172. package/src/core/application/queries/query.ts +6 -1
  173. package/src/core/application/use-case.ts +1 -1
  174. package/src/core/domain/entity.ts +1 -1
  175. package/src/core/domain/uuid-identifier.ts +1 -8
  176. package/src/core/domain/value-object.ts +12 -3
  177. package/src/core/errors/authorization-error.ts +26 -0
  178. package/src/core/errors/error-codes.ts +1 -0
  179. package/src/core/errors/utils/json-safe.ts +20 -11
  180. package/src/core/index.ts +7 -0
  181. package/src/core/policies/engines/v1/condition-evaluator.ts +56 -1
  182. package/src/core/rbac/access-request.ts +32 -0
  183. package/src/core/rbac/authorizer.ts +91 -0
  184. package/src/core/rbac/domain/grant.ts +96 -0
  185. package/src/core/rbac/domain/permission-set.ts +67 -0
  186. package/src/core/rbac/domain/permission.ts +119 -0
  187. package/src/core/rbac/domain/role.ts +101 -0
  188. package/src/core/rbac/domain/scope.ts +84 -0
  189. package/src/core/rbac/index.ts +15 -0
  190. package/src/core/rbac/policy-bridge.ts +44 -0
  191. package/src/core/shared/hashing.ts +1 -55
  192. package/src/core/shared/stable-stringify.ts +57 -0
  193. package/src/core/shared/uuid.ts +11 -0
  194. package/src/examples/application/authorize-cancel-order-abac.example.ts +107 -0
  195. package/src/examples/application/authorize-cancel-order.example.ts +101 -0
  196. package/src/rbac/index.ts +1 -0
  197. package/src/version.ts +1 -1
@@ -1 +1 @@
1
- {"version":3,"file":"gate-v1-payload.schema.js","names":["#initialReporter","#currentReporter","#bridgeToConditionReporter"],"sources":["../src/core/config/silent-policy-reporter.ts","../src/core/config/core-config.ts","../src/core/config/core-config.instance.ts","../src/core/policies/utils/date.ts","../src/core/policies/context/path.ts","../src/core/policies/engines/v1/condition-schema.ts","../src/core/policies/engines/v1/condition-evaluator.ts","../src/core/policies/engines/v1/gate/gate-v1-payload.schema.ts"],"sourcesContent":["import type { PolicyReporter } from \"./policy-reporter.js\";\n\nexport class SilentPolicyReporter implements PolicyReporter {\n report(_event: Parameters<PolicyReporter[\"report\"]>[0]): void {}\n}\n","import type {\n ConditionEvaluationOptions,\n ConditionEvaluatorReporter,\n} from \"../policies/engines/condition-evaluator-reporter.js\";\nimport type { PolicyEvent, PolicyReporter } from \"./policy-reporter.js\";\nimport { SilentPolicyReporter } from \"./silent-policy-reporter.js\";\n\nexport interface CoreObservabilityConfig {\n readonly reporter?: PolicyReporter;\n}\n\nexport interface CoreConfigOptions {\n readonly observability?: CoreObservabilityConfig;\n}\n\nfunction reportSafely(\n policyReporter: PolicyReporter,\n event: PolicyEvent,\n): void {\n try {\n policyReporter.report(event);\n } catch {\n // Falhas de telemetria nao podem interromper o fluxo de dominio.\n }\n}\n\n/**\n * Centraliza a configuracao pura do core sem depender de implementacoes\n * concretas de logging, tracing ou report.\n */\nexport class CoreConfig {\n readonly #initialReporter: PolicyReporter;\n #currentReporter: PolicyReporter;\n\n constructor(options: CoreConfigOptions = {}) {\n const reporter =\n options.observability?.reporter ?? new SilentPolicyReporter();\n this.#initialReporter = reporter;\n this.#currentReporter = reporter;\n }\n\n configure(options: CoreConfigOptions): this {\n const reporter = options.observability?.reporter;\n if (reporter) {\n this.#currentReporter = reporter;\n }\n return this;\n }\n\n // Restores the reporter captured at construction time.\n reset(): this {\n this.#currentReporter = this.#initialReporter;\n return this;\n }\n\n getPolicyReporter(): PolicyReporter {\n return this.#currentReporter;\n }\n\n getConditionEvaluationOptions(\n engineVersion: number,\n ): ConditionEvaluationOptions {\n return {\n reporter: this.#bridgeToConditionReporter(this.#currentReporter),\n engineVersion,\n };\n }\n\n #bridgeToConditionReporter(\n policyReporter: PolicyReporter,\n ): ConditionEvaluatorReporter {\n return {\n warn(report) {\n reportSafely(policyReporter, {\n kind: \"condition-eval\",\n ...report,\n } satisfies PolicyEvent);\n },\n error(report) {\n reportSafely(policyReporter, {\n kind: \"condition-eval\",\n ...report,\n } satisfies PolicyEvent);\n },\n };\n }\n}\n","import { CoreConfig } from \"./core-config.js\";\nimport { SilentPolicyReporter } from \"./silent-policy-reporter.js\";\n\n/**\n * Shared instance for the application composition root.\n * Use `new CoreConfig()` for isolated runtimes, tests, or multi-tenant hosts.\n *\n * The default reporter is silent so the core has no runtime logging dependency.\n * Hosts can swap in their own `PolicyReporter` via\n * `coreConfig.configure({ observability: { reporter } })`.\n */\nexport const coreConfig = new CoreConfig({\n observability: { reporter: new SilentPolicyReporter() },\n});\n","import { isValidDate } from \"../../shared/temporal-guards.js\";\n\nexport class PolicyDateUtils {\n static isValid(value: Date): boolean {\n return isValidDate(value);\n }\n}\n","/**\n * Utilities for reading/writing values at dot-separated paths\n * in plain objects, e.g. \"installment.dueDate\".\n */\n\nimport { Result } from \"../../result/result.js\";\n\nexport class PolicyContextPath {\n private static readonly FORBIDDEN_SEGMENTS = new Set([\n \"__proto__\",\n \"prototype\",\n \"constructor\",\n ]);\n\n private static resolve(\n obj: Record<string, unknown>,\n path: string,\n ): Result<\n {\n readonly found: boolean;\n readonly value: unknown;\n },\n string\n > {\n const segmentsResult = PolicyContextPath.parseSegments(path);\n if (segmentsResult.isErr()) {\n return Result.err(segmentsResult.errorOrNull()!);\n }\n\n const segments = segmentsResult.getOrNull()!;\n let current: unknown = obj;\n\n for (const segment of segments) {\n if (\n current === null ||\n current === undefined ||\n typeof current !== \"object\"\n ) {\n return Result.ok({ found: false, value: undefined });\n }\n\n const record = current as Record<string, unknown>;\n if (!Object.prototype.hasOwnProperty.call(record, segment)) {\n return Result.ok({ found: false, value: undefined });\n }\n\n current = record[segment];\n }\n\n return Result.ok({ found: true, value: current });\n }\n\n private static parseSegments(\n path: string,\n ): Result<readonly string[], string> {\n if (path.trim().length === 0) {\n return Result.err(\"Path cannot be empty\");\n }\n\n const segments = path.split(\".\");\n if (segments.some((segment) => segment.length === 0)) {\n return Result.err(`Path \"${path}\" contains an empty segment`);\n }\n\n const forbiddenSegment = segments.find((segment) =>\n PolicyContextPath.FORBIDDEN_SEGMENTS.has(segment),\n );\n if (forbiddenSegment !== undefined) {\n return Result.err(\n `Path \"${path}\" contains forbidden segment \"${forbiddenSegment}\"`,\n );\n }\n\n return Result.ok(segments);\n }\n\n private static isPlainRecord(\n value: unknown,\n ): value is Record<string, unknown> {\n if (\n typeof value !== \"object\" ||\n value === null ||\n Array.isArray(value)\n ) {\n return false;\n }\n\n const prototype = Object.getPrototypeOf(value);\n return prototype === Object.prototype || prototype === null;\n }\n\n static getOrAbsent(\n obj: Record<string, unknown>,\n path: string,\n ): Result<unknown, \"absent\"> {\n const resolvedPath = PolicyContextPath.resolve(obj, path);\n if (resolvedPath.isErr()) {\n return Result.err(\"absent\");\n }\n\n const { found, value } = resolvedPath.getOrNull()!;\n if (!found) {\n return Result.err(\"absent\");\n }\n\n return Result.ok(value);\n }\n\n static has(obj: Record<string, unknown>, path: string): boolean {\n const resolvedPath = PolicyContextPath.resolve(obj, path);\n if (resolvedPath.isErr()) {\n return false;\n }\n\n return resolvedPath.getOrNull()!.found;\n }\n\n static set(\n obj: Record<string, unknown>,\n path: string,\n value: unknown,\n ): Result<void, string> {\n const segmentsResult = PolicyContextPath.parseSegments(path);\n if (segmentsResult.isErr()) {\n return Result.err(segmentsResult.errorOrNull()!);\n }\n\n const segments = segmentsResult.getOrNull()!;\n let current: Record<string, unknown> = obj;\n\n for (let i = 0; i < segments.length - 1; i++) {\n const seg = segments[i];\n const next = current[seg];\n\n if (next === undefined) {\n const container = Object.create(null) as Record<\n string,\n unknown\n >;\n current[seg] = container;\n current = container;\n continue;\n }\n\n if (!PolicyContextPath.isPlainRecord(next)) {\n return Result.err(\n `Cannot create nested path \"${path}\" because \"${segments\n .slice(0, i + 1)\n .join(\".\")}\" already contains a non-plain object`,\n );\n }\n\n current = next;\n }\n\n current[segments[segments.length - 1]] = value;\n return Result.ok(undefined);\n }\n}\n","import { z } from \"zod\";\n\nimport type { ConditionLeafNode, ConditionNode } from \"./condition-types.js\";\n\n// ─── Shared v1 condition Zod schemas ─────────────────────────────────────────\n// Extracted from gate/v1 so both gate/v1 and compute/v1 can validate\n// condition nodes without either engine depending on the other.\n\nconst conditionOpSchema = z.enum([\n \"eq\",\n \"neq\",\n \"gt\",\n \"gte\",\n \"lt\",\n \"lte\",\n \"in\",\n \"notIn\",\n \"isNull\",\n \"isNotNull\",\n]);\n\nexport const conditionLeafNodeSchema: z.ZodType<ConditionLeafNode> = z\n .object({\n field: z.string().min(1),\n op: conditionOpSchema,\n value: z.unknown(),\n allowNull: z.literal(true).optional(),\n })\n .strict() as z.ZodType<ConditionLeafNode>;\n\nexport const conditionNodeSchema: z.ZodType<ConditionNode> = z.lazy(() =>\n z.union([\n conditionLeafNodeSchema,\n z\n .object({\n and: z.array(conditionNodeSchema).min(1),\n })\n .strict(),\n z\n .object({\n or: z.array(conditionNodeSchema).min(1),\n })\n .strict(),\n z\n .object({\n not: conditionNodeSchema,\n })\n .strict(),\n ]),\n);\n","import { PolicyContextPath } from \"../../context/index.js\";\nimport { PolicyDateUtils } from \"../../utils/index.js\";\nimport { Result } from \"../../../result/result.js\";\n\nimport type {\n ConditionAndNode,\n ConditionLeafNode,\n ConditionNode,\n ConditionNotNode,\n ConditionOp,\n ConditionOrNode,\n} from \"./condition-types.js\";\nimport type {\n ConditionEvaluationOptions,\n ConditionEvaluationReport,\n} from \"../condition-evaluator-reporter.js\";\nimport type { PolicyContext } from \"../gate-types.js\";\n\nconst CONDITION_EVAL_THROWN_TAG = \"CONDITION_EVAL_THREW\";\nconst NULLISH_NUMERIC_OPERAND_NOT_ALLOWED_TAG =\n \"NULLISH_NUMERIC_OPERAND_NOT_ALLOWED\";\nconst NULLISH_DATE_OPERAND_NOT_ALLOWED_TAG = \"NULLISH_DATE_OPERAND_NOT_ALLOWED\";\nconst INVALID_DATE_OPERAND_TAG = \"INVALID_DATE_OPERAND\";\nconst INVALID_NUMERIC_OPERAND_TAG = \"INVALID_NUMERIC_OPERAND\";\nconst INVALID_SET_OPERAND_TAG = \"INVALID_SET_OPERAND\";\nconst EMPTY_OR_CONDITION_TAG = \"EMPTY_OR_CONDITION\";\nconst EMPTY_AND_CONDITION_TAG = \"EMPTY_AND_CONDITION\";\nconst ISO_8601_UTC_DATE_PATTERN =\n /^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$/;\n\nexport interface ConditionEvaluationTrace {\n readonly conditionPath: string;\n readonly decisiveNode: ConditionNode;\n readonly lastEvaluatedLeaf: ConditionLeafNode;\n readonly lastEvaluatedLeafPath: string;\n readonly lastEvaluatedLeafResult: boolean;\n}\n\nexport interface TracedConditionEvaluation {\n readonly matched: boolean;\n readonly trace: ConditionEvaluationTrace;\n}\n\ntype RelationalOperator = Extract<ConditionOp, \"gt\" | \"gte\" | \"lt\" | \"lte\">;\n\nexport class ConditionEvaluatorV1 {\n constructor(\n private readonly context: PolicyContext,\n private readonly options: ConditionEvaluationOptions,\n ) {}\n\n private static isLeafNode(node: ConditionNode): node is ConditionLeafNode {\n return \"field\" in node && \"op\" in node;\n }\n\n private static isAndNode(node: ConditionNode): node is ConditionAndNode {\n return \"and\" in node;\n }\n\n private static isOrNode(node: ConditionNode): node is ConditionOrNode {\n return \"or\" in node;\n }\n\n private static isNotNode(node: ConditionNode): node is ConditionNotNode {\n return \"not\" in node;\n }\n\n private static isRelationalOperator(\n op: ConditionOp,\n ): op is RelationalOperator {\n return op === \"gt\" || op === \"gte\" || op === \"lt\" || op === \"lte\";\n }\n\n private static describeError(error: unknown): {\n name: string;\n message: string;\n } {\n if (error instanceof Error) {\n return {\n name: error.name,\n message: error.message,\n };\n }\n\n return {\n name: \"NonErrorThrown\",\n message: String(error),\n };\n }\n\n private static buildNullishNumericOperandMessage(\n node: ConditionLeafNode,\n actual: null | undefined,\n ): string {\n const resolvedValue = actual === null ? \"null\" : \"undefined\";\n\n return `${NULLISH_NUMERIC_OPERAND_NOT_ALLOWED_TAG}: \"${node.field}\" resolved to ${resolvedValue} for numeric operator \"${node.op}\"`;\n }\n\n private static buildNullishDateOperandMessage(\n node: ConditionLeafNode,\n actual: null | undefined,\n ): string {\n const resolvedValue = actual === null ? \"null\" : \"undefined\";\n\n return `${NULLISH_DATE_OPERAND_NOT_ALLOWED_TAG}: \"${node.field}\" resolved to ${resolvedValue} for date comparison operator \"${node.op}\"`;\n }\n\n private static buildInvalidDateOperandMessage(\n node: ConditionLeafNode,\n ): string {\n return `${INVALID_DATE_OPERAND_TAG}: \"${node.field}\" with operator \"${node.op}\" requires Date or ISO 8601 UTC string operands`;\n }\n\n private static buildInvalidNumericOperandMessage(\n node: ConditionLeafNode,\n ): string {\n return `${INVALID_NUMERIC_OPERAND_TAG}: \"${node.field}\" with operator \"${node.op}\" requires numeric operands`;\n }\n\n private static buildInvalidSetOperandMessage(\n node: ConditionLeafNode,\n ): string {\n return `${INVALID_SET_OPERAND_TAG}: \"${node.field}\" with operator \"${node.op}\" requires an array operand`;\n }\n\n private static buildEmptyOrConditionMessage(): string {\n return `${EMPTY_OR_CONDITION_TAG}: OR nodes must contain at least one child condition`;\n }\n\n private static buildEmptyAndConditionMessage(): string {\n return `${EMPTY_AND_CONDITION_TAG}: AND nodes must contain at least one child condition`;\n }\n\n private static parseComparableDate(\n value: unknown,\n ): Result<Date, string> | null {\n if (value instanceof Date) {\n if (!PolicyDateUtils.isValid(value)) {\n return Result.err(\"Invalid Date instance\");\n }\n\n return Result.ok(value);\n }\n\n if (\n typeof value !== \"string\" ||\n !ISO_8601_UTC_DATE_PATTERN.test(value)\n ) {\n return null;\n }\n\n const parsed = new Date(value);\n if (\n !PolicyDateUtils.isValid(parsed) ||\n parsed.toISOString() !== value\n ) {\n return Result.err(\"Invalid ISO 8601 UTC date string\");\n }\n\n return Result.ok(parsed);\n }\n\n private static evaluateRelationalNumbers(\n actual: number,\n op: RelationalOperator,\n expected: number,\n ): boolean {\n switch (op) {\n case \"gt\":\n return actual > expected;\n case \"gte\":\n return actual >= expected;\n case \"lt\":\n return actual < expected;\n case \"lte\":\n return actual <= expected;\n }\n }\n\n private buildReport(params: {\n readonly level: ConditionEvaluationReport[\"level\"];\n readonly tag: ConditionEvaluationReport[\"tag\"];\n readonly message: string;\n readonly details: Readonly<Record<string, unknown>>;\n }): ConditionEvaluationReport {\n return {\n occurredAt: new Date(),\n level: params.level,\n tag: params.tag,\n message: params.message,\n engineVersion: this.options.engineVersion,\n details: params.details,\n };\n }\n\n private conditionEvalErr<TValue>(\n node: ConditionNode,\n error: unknown,\n ): Result<TValue, string> {\n const cause = ConditionEvaluatorV1.describeError(error);\n const message = `${CONDITION_EVAL_THROWN_TAG}: ${cause.name}: ${cause.message}`;\n\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: CONDITION_EVAL_THROWN_TAG,\n message,\n details: { node, cause },\n }),\n );\n\n return Result.err(message);\n }\n\n private reportDateOperandError(\n node: ConditionLeafNode,\n actual: unknown,\n ): Result<boolean, string> {\n const message =\n ConditionEvaluatorV1.buildInvalidDateOperandMessage(node);\n\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: INVALID_DATE_OPERAND_TAG,\n message,\n details: {\n field: node.field,\n op: node.op,\n actual,\n expected: node.value,\n node,\n },\n }),\n );\n\n return Result.err(message);\n }\n\n private reportInvalidNumericOperand(\n node: ConditionLeafNode,\n actual: unknown,\n ): Result<boolean, string> {\n const message =\n ConditionEvaluatorV1.buildInvalidNumericOperandMessage(node);\n\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: INVALID_NUMERIC_OPERAND_TAG,\n message,\n details: {\n field: node.field,\n op: node.op,\n actual,\n expected: node.value,\n node,\n },\n }),\n );\n\n return Result.err(message);\n }\n\n private reportInvalidSetOperand(\n node: ConditionLeafNode,\n actual: unknown,\n ): Result<boolean, string> {\n const message =\n ConditionEvaluatorV1.buildInvalidSetOperandMessage(node);\n\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: INVALID_SET_OPERAND_TAG,\n message,\n details: {\n field: node.field,\n op: node.op,\n actual,\n expected: node.value,\n node,\n },\n }),\n );\n\n return Result.err(message);\n }\n\n private evaluateDateRelationalNode(\n node: ConditionLeafNode,\n actual: unknown,\n ): Result<boolean, string> | null {\n if (!ConditionEvaluatorV1.isRelationalOperator(node.op)) {\n return null;\n }\n\n const actualDateResult =\n ConditionEvaluatorV1.parseComparableDate(actual);\n const expectedDateResult = ConditionEvaluatorV1.parseComparableDate(\n node.value,\n );\n\n if (actualDateResult === null && expectedDateResult === null) {\n return null;\n }\n\n const allowsNull = node.allowNull === true;\n\n if (actual === null) {\n if (allowsNull) {\n return Result.ok(false);\n }\n\n const message = ConditionEvaluatorV1.buildNullishDateOperandMessage(\n node,\n actual,\n );\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: NULLISH_DATE_OPERAND_NOT_ALLOWED_TAG,\n message,\n details: {\n field: node.field,\n op: node.op,\n actual,\n expected: node.value,\n allowNull: allowsNull,\n node,\n },\n }),\n );\n\n return Result.err(message);\n }\n\n if (actual === undefined) {\n const message = ConditionEvaluatorV1.buildNullishDateOperandMessage(\n node,\n actual,\n );\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: NULLISH_DATE_OPERAND_NOT_ALLOWED_TAG,\n message,\n details: {\n field: node.field,\n op: node.op,\n actual,\n expected: node.value,\n allowNull: allowsNull,\n node,\n },\n }),\n );\n\n return Result.err(message);\n }\n\n if (\n actualDateResult === null ||\n actualDateResult.isErr() ||\n expectedDateResult === null ||\n expectedDateResult.isErr()\n ) {\n return this.reportDateOperandError(node, actual);\n }\n\n return Result.ok(\n ConditionEvaluatorV1.evaluateRelationalNumbers(\n actualDateResult.getOrNull()!.getTime(),\n node.op,\n expectedDateResult.getOrNull()!.getTime(),\n ),\n );\n }\n\n private evaluateOperator(\n actual: unknown,\n op: ConditionOp,\n expected: unknown,\n ): boolean {\n switch (op) {\n case \"eq\":\n return actual === expected;\n case \"neq\":\n return actual !== expected;\n case \"gt\":\n return (\n typeof actual === \"number\" &&\n typeof expected === \"number\" &&\n ConditionEvaluatorV1.evaluateRelationalNumbers(\n actual,\n op,\n expected,\n )\n );\n case \"gte\":\n return (\n typeof actual === \"number\" &&\n typeof expected === \"number\" &&\n ConditionEvaluatorV1.evaluateRelationalNumbers(\n actual,\n op,\n expected,\n )\n );\n case \"lt\":\n return (\n typeof actual === \"number\" &&\n typeof expected === \"number\" &&\n ConditionEvaluatorV1.evaluateRelationalNumbers(\n actual,\n op,\n expected,\n )\n );\n case \"lte\":\n return (\n typeof actual === \"number\" &&\n typeof expected === \"number\" &&\n ConditionEvaluatorV1.evaluateRelationalNumbers(\n actual,\n op,\n expected,\n )\n );\n case \"in\":\n return Array.isArray(expected) && expected.includes(actual);\n case \"notIn\":\n return Array.isArray(expected) && !expected.includes(actual);\n case \"isNull\":\n return actual === null;\n case \"isNotNull\":\n return actual !== null && actual !== undefined;\n }\n }\n\n private evaluateNumericRelationalNode(\n node: ConditionLeafNode,\n actual: unknown,\n ): Result<boolean, string> {\n const allowsNull = node.allowNull === true;\n if (actual === undefined || (actual === null && !allowsNull)) {\n const message =\n ConditionEvaluatorV1.buildNullishNumericOperandMessage(\n node,\n actual as null | undefined,\n );\n\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: NULLISH_NUMERIC_OPERAND_NOT_ALLOWED_TAG,\n message,\n details: {\n field: node.field,\n op: node.op,\n actual,\n expected: node.value,\n allowNull: allowsNull,\n node,\n },\n }),\n );\n\n return Result.err(message);\n }\n\n // null + allowNull: a relational comparison against a missing value\n // never matches.\n if (actual === null) {\n return Result.ok(false);\n }\n\n // Both operands must be numbers. A present but wrong-typed operand is a\n // context/configuration error, surfaced like the date path instead of\n // silently collapsing to \"no match\".\n if (typeof actual !== \"number\" || typeof node.value !== \"number\") {\n return this.reportInvalidNumericOperand(node, actual);\n }\n\n return Result.ok(this.evaluateOperator(actual, node.op, node.value));\n }\n\n private evaluateLeafNode(node: ConditionLeafNode): Result<boolean, string> {\n const actualResult = PolicyContextPath.getOrAbsent(\n this.context,\n node.field,\n );\n if (actualResult.isErr()) {\n this.options.reporter.warn(\n this.buildReport({\n level: \"warn\",\n tag: \"MISSING_CONTEXT_FIELD\",\n message: `MISSING_CONTEXT_FIELD: \"${node.field}\" not found in context`,\n details: { field: node.field, node },\n }),\n );\n\n return Result.err(\n `MISSING_CONTEXT_FIELD: \"${node.field}\" not found in context`,\n );\n }\n\n try {\n const actual = actualResult.getOrThrow();\n if (ConditionEvaluatorV1.isRelationalOperator(node.op)) {\n const dateResult = this.evaluateDateRelationalNode(\n node,\n actual,\n );\n if (dateResult !== null) {\n return dateResult;\n }\n\n return this.evaluateNumericRelationalNode(node, actual);\n }\n\n if (\n (node.op === \"in\" || node.op === \"notIn\") &&\n !Array.isArray(node.value)\n ) {\n return this.reportInvalidSetOperand(node, actual);\n }\n\n return Result.ok(\n this.evaluateOperator(actual, node.op, node.value),\n );\n } catch (error) {\n return this.conditionEvalErr(node, error);\n }\n }\n\n private buildTrace(params: {\n readonly conditionPath: string;\n readonly decisiveNode: ConditionNode;\n readonly lastEvaluatedLeaf: ConditionLeafNode;\n readonly lastEvaluatedLeafPath: string;\n readonly lastEvaluatedLeafResult: boolean;\n }): ConditionEvaluationTrace {\n return {\n conditionPath: params.conditionPath,\n decisiveNode: params.decisiveNode,\n lastEvaluatedLeaf: params.lastEvaluatedLeaf,\n lastEvaluatedLeafPath: params.lastEvaluatedLeafPath,\n lastEvaluatedLeafResult: params.lastEvaluatedLeafResult,\n };\n }\n\n private evaluateWithTraceInternal(\n node: ConditionNode,\n path: string,\n ): Result<TracedConditionEvaluation, string> {\n if (ConditionEvaluatorV1.isLeafNode(node)) {\n const leafResult = this.evaluateLeafNode(node);\n if (leafResult.isErr()) {\n return Result.err(leafResult.errorOrNull()!);\n }\n\n const matched = leafResult.getOrNull()!;\n return Result.ok({\n matched,\n trace: this.buildTrace({\n conditionPath: path,\n decisiveNode: node,\n lastEvaluatedLeaf: node,\n lastEvaluatedLeafPath: path,\n lastEvaluatedLeafResult: matched,\n }),\n });\n }\n\n if (ConditionEvaluatorV1.isAndNode(node)) {\n if (node.and.length === 0) {\n return Result.err(\n ConditionEvaluatorV1.buildEmptyAndConditionMessage(),\n );\n }\n\n let lastTracedChild: TracedConditionEvaluation | null = null;\n\n for (const [index, child] of node.and.entries()) {\n const childPath = `${path}.and[${index}]`;\n const childResult = this.evaluateWithTraceInternal(\n child,\n childPath,\n );\n if (childResult.isErr()) {\n return Result.err(childResult.errorOrNull()!);\n }\n\n const tracedChild = childResult.getOrNull()!;\n lastTracedChild = tracedChild;\n if (!tracedChild.matched) {\n return Result.ok({\n matched: false,\n trace: this.buildTrace({\n conditionPath: childPath,\n decisiveNode: child,\n lastEvaluatedLeaf:\n tracedChild.trace.lastEvaluatedLeaf,\n lastEvaluatedLeafPath:\n tracedChild.trace.lastEvaluatedLeafPath,\n lastEvaluatedLeafResult:\n tracedChild.trace.lastEvaluatedLeafResult,\n }),\n });\n }\n }\n\n return Result.ok({\n matched: true,\n trace: lastTracedChild!.trace,\n });\n }\n\n if (ConditionEvaluatorV1.isOrNode(node)) {\n let lastTrace: ConditionEvaluationTrace | null = null;\n\n for (const [index, child] of node.or.entries()) {\n const childResult = this.evaluateWithTraceInternal(\n child,\n `${path}.or[${index}]`,\n );\n if (childResult.isErr()) {\n return Result.err(childResult.errorOrNull()!);\n }\n\n const tracedChild = childResult.getOrNull()!;\n lastTrace = tracedChild.trace;\n if (tracedChild.matched) {\n return Result.ok({\n matched: true,\n trace: tracedChild.trace,\n });\n }\n }\n\n if (lastTrace === null) {\n return Result.err(\n ConditionEvaluatorV1.buildEmptyOrConditionMessage(),\n );\n }\n\n return Result.ok({ matched: false, trace: lastTrace! });\n }\n\n if (ConditionEvaluatorV1.isNotNode(node)) {\n const childPath = `${path}.not`;\n const childResult = this.evaluateWithTraceInternal(\n node.not,\n childPath,\n );\n if (childResult.isErr()) {\n return Result.err(childResult.errorOrNull()!);\n }\n\n const tracedChild = childResult.getOrNull()!;\n return Result.ok({\n matched: !tracedChild.matched,\n trace: this.buildTrace({\n conditionPath: path,\n decisiveNode: node,\n lastEvaluatedLeaf: tracedChild.trace.lastEvaluatedLeaf,\n lastEvaluatedLeafPath:\n tracedChild.trace.lastEvaluatedLeafPath,\n lastEvaluatedLeafResult:\n tracedChild.trace.lastEvaluatedLeafResult,\n }),\n });\n }\n\n return this.conditionEvalErr(\n node,\n new TypeError(\"Invalid condition node shape\"),\n );\n }\n\n evaluate(node: ConditionNode): Result<boolean, string> {\n try {\n const result = this.evaluateWithTraceInternal(node, \"$\");\n if (result.isErr()) {\n return Result.err(result.errorOrNull()!);\n }\n\n return Result.ok(result.getOrNull()!.matched);\n } catch (error) {\n return this.conditionEvalErr(node, error);\n }\n }\n\n evaluateWithTrace(\n node: ConditionNode,\n ): Result<TracedConditionEvaluation, string> {\n try {\n return this.evaluateWithTraceInternal(node, \"$\");\n } catch (error) {\n return this.conditionEvalErr(node, error);\n }\n }\n\n static extractFields(node: ConditionNode): string[] {\n if (ConditionEvaluatorV1.isLeafNode(node)) {\n return [node.field];\n }\n\n if (ConditionEvaluatorV1.isAndNode(node)) {\n return node.and.flatMap((child) =>\n ConditionEvaluatorV1.extractFields(child),\n );\n }\n\n if (ConditionEvaluatorV1.isOrNode(node)) {\n return node.or.flatMap((child) =>\n ConditionEvaluatorV1.extractFields(child),\n );\n }\n\n if (ConditionEvaluatorV1.isNotNode(node)) {\n return ConditionEvaluatorV1.extractFields(node.not);\n }\n\n return [];\n }\n}\n","import { z } from \"zod\";\n\nimport { Result } from \"../../../../result/result.js\";\n\nimport type { GatePayloadV1 } from \"./gate-types-v1.js\";\nimport {\n conditionLeafNodeSchema,\n conditionNodeSchema,\n} from \"../condition-schema.js\";\n\n// Re-export so gate/v1 public API remains unchanged.\nexport { conditionLeafNodeSchema, conditionNodeSchema };\n\nexport class GatePayloadSchemaV1 {\n static readonly schema = z.union([\n z\n .object({\n condition: conditionNodeSchema,\n })\n .strict(),\n z\n .object({\n allowIf: conditionNodeSchema,\n defaultOutcome: z.enum([\"ALLOW\", \"DENY\"]),\n })\n .strict(),\n ]);\n\n static parse(payload: unknown): Result<GatePayloadV1, string> {\n const parsed = GatePayloadSchemaV1.schema.safeParse(payload);\n if (!parsed.success) {\n const details = parsed.error.issues\n .map((issue) => {\n const path = issue.path.join(\".\");\n return path.length > 0\n ? `${path}: ${issue.message}`\n : issue.message;\n })\n .join(\"; \");\n\n return Result.err(`Invalid gate payload: ${details}`);\n }\n\n return Result.ok(parsed.data as GatePayloadV1);\n }\n}\n\nexport const gatePayloadSchema = GatePayloadSchemaV1.schema;\n"],"mappings":";;;;AAEA,IAAa,uBAAb,MAA4D;CACxD,OAAO,QAAuD,CAAC;AACnE;;;ACWA,SAAS,aACL,gBACA,OACI;CACJ,IAAI;EACA,eAAe,OAAO,KAAK;CAC/B,QAAQ,CAER;AACJ;;;;;AAMA,IAAa,aAAb,MAAwB;CACpB;CACA;CAEA,YAAY,UAA6B,CAAC,GAAG;EACzC,MAAM,WACF,QAAQ,eAAe,YAAY,IAAI,qBAAqB;EAChE,KAAKA,mBAAmB;EACxB,KAAKC,mBAAmB;CAC5B;CAEA,UAAU,SAAkC;EACxC,MAAM,WAAW,QAAQ,eAAe;EACxC,IAAI,UACA,KAAKA,mBAAmB;EAE5B,OAAO;CACX;CAGA,QAAc;EACV,KAAKA,mBAAmB,KAAKD;EAC7B,OAAO;CACX;CAEA,oBAAoC;EAChC,OAAO,KAAKC;CAChB;CAEA,8BACI,eAC0B;EAC1B,OAAO;GACH,UAAU,KAAKC,2BAA2B,KAAKD,gBAAgB;GAC/D;EACJ;CACJ;CAEA,2BACI,gBAC0B;EAC1B,OAAO;GACH,KAAK,QAAQ;IACT,aAAa,gBAAgB;KACzB,MAAM;KACN,GAAG;IACP,CAAuB;GAC3B;GACA,MAAM,QAAQ;IACV,aAAa,gBAAgB;KACzB,MAAM;KACN,GAAG;IACP,CAAuB;GAC3B;EACJ;CACJ;AACJ;;;;;;;;;;;AC3EA,MAAa,aAAa,IAAI,WAAW,EACrC,eAAe,EAAE,UAAU,IAAI,qBAAqB,EAAE,EAC1D,CAAC;;;ACXD,IAAa,kBAAb,MAA6B;CACzB,OAAO,QAAQ,OAAsB;EACjC,OAAO,YAAY,KAAK;CAC5B;AACJ;;;;;;;ACCA,IAAa,oBAAb,MAAa,kBAAkB;;4BACkB,IAAI,IAAI;GACjD;GACA;GACA;EACJ,CAAC;;CAED,OAAe,QACX,KACA,MAOF;EACE,MAAM,iBAAiB,kBAAkB,cAAc,IAAI;EAC3D,IAAI,eAAe,MAAM,GACrB,OAAO,OAAO,IAAI,eAAe,YAAY,CAAE;EAGnD,MAAM,WAAW,eAAe,UAAU;EAC1C,IAAI,UAAmB;EAEvB,KAAK,MAAM,WAAW,UAAU;GAC5B,IACI,YAAY,QACZ,YAAY,KAAA,KACZ,OAAO,YAAY,UAEnB,OAAO,OAAO,GAAG;IAAE,OAAO;IAAO,OAAO,KAAA;GAAU,CAAC;GAGvD,MAAM,SAAS;GACf,IAAI,CAAC,OAAO,UAAU,eAAe,KAAK,QAAQ,OAAO,GACrD,OAAO,OAAO,GAAG;IAAE,OAAO;IAAO,OAAO,KAAA;GAAU,CAAC;GAGvD,UAAU,OAAO;EACrB;EAEA,OAAO,OAAO,GAAG;GAAE,OAAO;GAAM,OAAO;EAAQ,CAAC;CACpD;CAEA,OAAe,cACX,MACiC;EACjC,IAAI,KAAK,KAAK,EAAE,WAAW,GACvB,OAAO,OAAO,IAAI,sBAAsB;EAG5C,MAAM,WAAW,KAAK,MAAM,GAAG;EAC/B,IAAI,SAAS,MAAM,YAAY,QAAQ,WAAW,CAAC,GAC/C,OAAO,OAAO,IAAI,SAAS,KAAK,4BAA4B;EAGhE,MAAM,mBAAmB,SAAS,MAAM,YACpC,kBAAkB,mBAAmB,IAAI,OAAO,CACpD;EACA,IAAI,qBAAqB,KAAA,GACrB,OAAO,OAAO,IACV,SAAS,KAAK,gCAAgC,iBAAiB,EACnE;EAGJ,OAAO,OAAO,GAAG,QAAQ;CAC7B;CAEA,OAAe,cACX,OACgC;EAChC,IACI,OAAO,UAAU,YACjB,UAAU,QACV,MAAM,QAAQ,KAAK,GAEnB,OAAO;EAGX,MAAM,YAAY,OAAO,eAAe,KAAK;EAC7C,OAAO,cAAc,OAAO,aAAa,cAAc;CAC3D;CAEA,OAAO,YACH,KACA,MACyB;EACzB,MAAM,eAAe,kBAAkB,QAAQ,KAAK,IAAI;EACxD,IAAI,aAAa,MAAM,GACnB,OAAO,OAAO,IAAI,QAAQ;EAG9B,MAAM,EAAE,OAAO,UAAU,aAAa,UAAU;EAChD,IAAI,CAAC,OACD,OAAO,OAAO,IAAI,QAAQ;EAG9B,OAAO,OAAO,GAAG,KAAK;CAC1B;CAEA,OAAO,IAAI,KAA8B,MAAuB;EAC5D,MAAM,eAAe,kBAAkB,QAAQ,KAAK,IAAI;EACxD,IAAI,aAAa,MAAM,GACnB,OAAO;EAGX,OAAO,aAAa,UAAU,EAAG;CACrC;CAEA,OAAO,IACH,KACA,MACA,OACoB;EACpB,MAAM,iBAAiB,kBAAkB,cAAc,IAAI;EAC3D,IAAI,eAAe,MAAM,GACrB,OAAO,OAAO,IAAI,eAAe,YAAY,CAAE;EAGnD,MAAM,WAAW,eAAe,UAAU;EAC1C,IAAI,UAAmC;EAEvC,KAAK,IAAI,IAAI,GAAG,IAAI,SAAS,SAAS,GAAG,KAAK;GAC1C,MAAM,MAAM,SAAS;GACrB,MAAM,OAAO,QAAQ;GAErB,IAAI,SAAS,KAAA,GAAW;IACpB,MAAM,YAAY,OAAO,OAAO,IAAI;IAIpC,QAAQ,OAAO;IACf,UAAU;IACV;GACJ;GAEA,IAAI,CAAC,kBAAkB,cAAc,IAAI,GACrC,OAAO,OAAO,IACV,8BAA8B,KAAK,aAAa,SAC3C,MAAM,GAAG,IAAI,CAAC,EACd,KAAK,GAAG,EAAE,sCACnB;GAGJ,UAAU;EACd;EAEA,QAAQ,SAAS,SAAS,SAAS,MAAM;EACzC,OAAO,OAAO,GAAG,KAAA,CAAS;CAC9B;AACJ;;;ACtJA,MAAM,oBAAoB,EAAE,KAAK;CAC7B;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;AACJ,CAAC;AAED,MAAa,0BAAwD,EAChE,OAAO;CACJ,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC;CACvB,IAAI;CACJ,OAAO,EAAE,QAAQ;CACjB,WAAW,EAAE,QAAQ,IAAI,EAAE,SAAS;AACxC,CAAC,EACA,OAAO;AAEZ,MAAa,sBAAgD,EAAE,WAC3D,EAAE,MAAM;CACJ;CACA,EACK,OAAO,EACJ,KAAK,EAAE,MAAM,mBAAmB,EAAE,IAAI,CAAC,EAC3C,CAAC,EACA,OAAO;CACZ,EACK,OAAO,EACJ,IAAI,EAAE,MAAM,mBAAmB,EAAE,IAAI,CAAC,EAC1C,CAAC,EACA,OAAO;CACZ,EACK,OAAO,EACJ,KAAK,oBACT,CAAC,EACA,OAAO;AAChB,CAAC,CACL;;;AC/BA,MAAM,4BAA4B;AAClC,MAAM,0CACF;AACJ,MAAM,uCAAuC;AAC7C,MAAM,2BAA2B;AACjC,MAAM,8BAA8B;AACpC,MAAM,0BAA0B;AAChC,MAAM,yBAAyB;AAC/B,MAAM,0BAA0B;AAChC,MAAM,4BACF;AAiBJ,IAAa,uBAAb,MAAa,qBAAqB;CAC9B,YACI,SACA,SACF;EAFmB,KAAA,UAAA;EACA,KAAA,UAAA;CAClB;CAEH,OAAe,WAAW,MAAgD;EACtE,OAAO,WAAW,QAAQ,QAAQ;CACtC;CAEA,OAAe,UAAU,MAA+C;EACpE,OAAO,SAAS;CACpB;CAEA,OAAe,SAAS,MAA8C;EAClE,OAAO,QAAQ;CACnB;CAEA,OAAe,UAAU,MAA+C;EACpE,OAAO,SAAS;CACpB;CAEA,OAAe,qBACX,IACwB;EACxB,OAAO,OAAO,QAAQ,OAAO,SAAS,OAAO,QAAQ,OAAO;CAChE;CAEA,OAAe,cAAc,OAG3B;EACE,IAAI,iBAAiB,OACjB,OAAO;GACH,MAAM,MAAM;GACZ,SAAS,MAAM;EACnB;EAGJ,OAAO;GACH,MAAM;GACN,SAAS,OAAO,KAAK;EACzB;CACJ;CAEA,OAAe,kCACX,MACA,QACM;EACN,MAAM,gBAAgB,WAAW,OAAO,SAAS;EAEjD,OAAO,GAAG,wCAAwC,KAAK,KAAK,MAAM,gBAAgB,cAAc,yBAAyB,KAAK,GAAG;CACrI;CAEA,OAAe,+BACX,MACA,QACM;EACN,MAAM,gBAAgB,WAAW,OAAO,SAAS;EAEjD,OAAO,GAAG,qCAAqC,KAAK,KAAK,MAAM,gBAAgB,cAAc,iCAAiC,KAAK,GAAG;CAC1I;CAEA,OAAe,+BACX,MACM;EACN,OAAO,GAAG,yBAAyB,KAAK,KAAK,MAAM,mBAAmB,KAAK,GAAG;CAClF;CAEA,OAAe,kCACX,MACM;EACN,OAAO,GAAG,4BAA4B,KAAK,KAAK,MAAM,mBAAmB,KAAK,GAAG;CACrF;CAEA,OAAe,8BACX,MACM;EACN,OAAO,GAAG,wBAAwB,KAAK,KAAK,MAAM,mBAAmB,KAAK,GAAG;CACjF;CAEA,OAAe,+BAAuC;EAClD,OAAO,GAAG,uBAAuB;CACrC;CAEA,OAAe,gCAAwC;EACnD,OAAO,GAAG,wBAAwB;CACtC;CAEA,OAAe,oBACX,OAC2B;EAC3B,IAAI,iBAAiB,MAAM;GACvB,IAAI,CAAC,gBAAgB,QAAQ,KAAK,GAC9B,OAAO,OAAO,IAAI,uBAAuB;GAG7C,OAAO,OAAO,GAAG,KAAK;EAC1B;EAEA,IACI,OAAO,UAAU,YACjB,CAAC,0BAA0B,KAAK,KAAK,GAErC,OAAO;EAGX,MAAM,SAAS,IAAI,KAAK,KAAK;EAC7B,IACI,CAAC,gBAAgB,QAAQ,MAAM,KAC/B,OAAO,YAAY,MAAM,OAEzB,OAAO,OAAO,IAAI,kCAAkC;EAGxD,OAAO,OAAO,GAAG,MAAM;CAC3B;CAEA,OAAe,0BACX,QACA,IACA,UACO;EACP,QAAQ,IAAR;GACI,KAAK,MACD,OAAO,SAAS;GACpB,KAAK,OACD,OAAO,UAAU;GACrB,KAAK,MACD,OAAO,SAAS;GACpB,KAAK,OACD,OAAO,UAAU;EACzB;CACJ;CAEA,YAAoB,QAKU;EAC1B,OAAO;GACH,4BAAY,IAAI,KAAK;GACrB,OAAO,OAAO;GACd,KAAK,OAAO;GACZ,SAAS,OAAO;GAChB,eAAe,KAAK,QAAQ;GAC5B,SAAS,OAAO;EACpB;CACJ;CAEA,iBACI,MACA,OACsB;EACtB,MAAM,QAAQ,qBAAqB,cAAc,KAAK;EACtD,MAAM,UAAU,GAAG,0BAA0B,IAAI,MAAM,KAAK,IAAI,MAAM;EAEtE,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;GACb,OAAO;GACP,KAAK;GACL;GACA,SAAS;IAAE;IAAM;GAAM;EAC3B,CAAC,CACL;EAEA,OAAO,OAAO,IAAI,OAAO;CAC7B;CAEA,uBACI,MACA,QACuB;EACvB,MAAM,UACF,qBAAqB,+BAA+B,IAAI;EAE5D,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;GACb,OAAO;GACP,KAAK;GACL;GACA,SAAS;IACL,OAAO,KAAK;IACZ,IAAI,KAAK;IACT;IACA,UAAU,KAAK;IACf;GACJ;EACJ,CAAC,CACL;EAEA,OAAO,OAAO,IAAI,OAAO;CAC7B;CAEA,4BACI,MACA,QACuB;EACvB,MAAM,UACF,qBAAqB,kCAAkC,IAAI;EAE/D,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;GACb,OAAO;GACP,KAAK;GACL;GACA,SAAS;IACL,OAAO,KAAK;IACZ,IAAI,KAAK;IACT;IACA,UAAU,KAAK;IACf;GACJ;EACJ,CAAC,CACL;EAEA,OAAO,OAAO,IAAI,OAAO;CAC7B;CAEA,wBACI,MACA,QACuB;EACvB,MAAM,UACF,qBAAqB,8BAA8B,IAAI;EAE3D,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;GACb,OAAO;GACP,KAAK;GACL;GACA,SAAS;IACL,OAAO,KAAK;IACZ,IAAI,KAAK;IACT;IACA,UAAU,KAAK;IACf;GACJ;EACJ,CAAC,CACL;EAEA,OAAO,OAAO,IAAI,OAAO;CAC7B;CAEA,2BACI,MACA,QAC8B;EAC9B,IAAI,CAAC,qBAAqB,qBAAqB,KAAK,EAAE,GAClD,OAAO;EAGX,MAAM,mBACF,qBAAqB,oBAAoB,MAAM;EACnD,MAAM,qBAAqB,qBAAqB,oBAC5C,KAAK,KACT;EAEA,IAAI,qBAAqB,QAAQ,uBAAuB,MACpD,OAAO;EAGX,MAAM,aAAa,KAAK,cAAc;EAEtC,IAAI,WAAW,MAAM;GACjB,IAAI,YACA,OAAO,OAAO,GAAG,KAAK;GAG1B,MAAM,UAAU,qBAAqB,+BACjC,MACA,MACJ;GACA,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;IACb,OAAO;IACP,KAAK;IACL;IACA,SAAS;KACL,OAAO,KAAK;KACZ,IAAI,KAAK;KACT;KACA,UAAU,KAAK;KACf,WAAW;KACX;IACJ;GACJ,CAAC,CACL;GAEA,OAAO,OAAO,IAAI,OAAO;EAC7B;EAEA,IAAI,WAAW,KAAA,GAAW;GACtB,MAAM,UAAU,qBAAqB,+BACjC,MACA,MACJ;GACA,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;IACb,OAAO;IACP,KAAK;IACL;IACA,SAAS;KACL,OAAO,KAAK;KACZ,IAAI,KAAK;KACT;KACA,UAAU,KAAK;KACf,WAAW;KACX;IACJ;GACJ,CAAC,CACL;GAEA,OAAO,OAAO,IAAI,OAAO;EAC7B;EAEA,IACI,qBAAqB,QACrB,iBAAiB,MAAM,KACvB,uBAAuB,QACvB,mBAAmB,MAAM,GAEzB,OAAO,KAAK,uBAAuB,MAAM,MAAM;EAGnD,OAAO,OAAO,GACV,qBAAqB,0BACjB,iBAAiB,UAAU,EAAG,QAAQ,GACtC,KAAK,IACL,mBAAmB,UAAU,EAAG,QAAQ,CAC5C,CACJ;CACJ;CAEA,iBACI,QACA,IACA,UACO;EACP,QAAQ,IAAR;GACI,KAAK,MACD,OAAO,WAAW;GACtB,KAAK,OACD,OAAO,WAAW;GACtB,KAAK,MACD,OACI,OAAO,WAAW,YAClB,OAAO,aAAa,YACpB,qBAAqB,0BACjB,QACA,IACA,QACJ;GAER,KAAK,OACD,OACI,OAAO,WAAW,YAClB,OAAO,aAAa,YACpB,qBAAqB,0BACjB,QACA,IACA,QACJ;GAER,KAAK,MACD,OACI,OAAO,WAAW,YAClB,OAAO,aAAa,YACpB,qBAAqB,0BACjB,QACA,IACA,QACJ;GAER,KAAK,OACD,OACI,OAAO,WAAW,YAClB,OAAO,aAAa,YACpB,qBAAqB,0BACjB,QACA,IACA,QACJ;GAER,KAAK,MACD,OAAO,MAAM,QAAQ,QAAQ,KAAK,SAAS,SAAS,MAAM;GAC9D,KAAK,SACD,OAAO,MAAM,QAAQ,QAAQ,KAAK,CAAC,SAAS,SAAS,MAAM;GAC/D,KAAK,UACD,OAAO,WAAW;GACtB,KAAK,aACD,OAAO,WAAW,QAAQ,WAAW,KAAA;EAC7C;CACJ;CAEA,8BACI,MACA,QACuB;EACvB,MAAM,aAAa,KAAK,cAAc;EACtC,IAAI,WAAW,KAAA,KAAc,WAAW,QAAQ,CAAC,YAAa;GAC1D,MAAM,UACF,qBAAqB,kCACjB,MACA,MACJ;GAEJ,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;IACb,OAAO;IACP,KAAK;IACL;IACA,SAAS;KACL,OAAO,KAAK;KACZ,IAAI,KAAK;KACT;KACA,UAAU,KAAK;KACf,WAAW;KACX;IACJ;GACJ,CAAC,CACL;GAEA,OAAO,OAAO,IAAI,OAAO;EAC7B;EAIA,IAAI,WAAW,MACX,OAAO,OAAO,GAAG,KAAK;EAM1B,IAAI,OAAO,WAAW,YAAY,OAAO,KAAK,UAAU,UACpD,OAAO,KAAK,4BAA4B,MAAM,MAAM;EAGxD,OAAO,OAAO,GAAG,KAAK,iBAAiB,QAAQ,KAAK,IAAI,KAAK,KAAK,CAAC;CACvE;CAEA,iBAAyB,MAAkD;EACvE,MAAM,eAAe,kBAAkB,YACnC,KAAK,SACL,KAAK,KACT;EACA,IAAI,aAAa,MAAM,GAAG;GACtB,KAAK,QAAQ,SAAS,KAClB,KAAK,YAAY;IACb,OAAO;IACP,KAAK;IACL,SAAS,2BAA2B,KAAK,MAAM;IAC/C,SAAS;KAAE,OAAO,KAAK;KAAO;IAAK;GACvC,CAAC,CACL;GAEA,OAAO,OAAO,IACV,2BAA2B,KAAK,MAAM,uBAC1C;EACJ;EAEA,IAAI;GACA,MAAM,SAAS,aAAa,WAAW;GACvC,IAAI,qBAAqB,qBAAqB,KAAK,EAAE,GAAG;IACpD,MAAM,aAAa,KAAK,2BACpB,MACA,MACJ;IACA,IAAI,eAAe,MACf,OAAO;IAGX,OAAO,KAAK,8BAA8B,MAAM,MAAM;GAC1D;GAEA,KACK,KAAK,OAAO,QAAQ,KAAK,OAAO,YACjC,CAAC,MAAM,QAAQ,KAAK,KAAK,GAEzB,OAAO,KAAK,wBAAwB,MAAM,MAAM;GAGpD,OAAO,OAAO,GACV,KAAK,iBAAiB,QAAQ,KAAK,IAAI,KAAK,KAAK,CACrD;EACJ,SAAS,OAAO;GACZ,OAAO,KAAK,iBAAiB,MAAM,KAAK;EAC5C;CACJ;CAEA,WAAmB,QAMU;EACzB,OAAO;GACH,eAAe,OAAO;GACtB,cAAc,OAAO;GACrB,mBAAmB,OAAO;GAC1B,uBAAuB,OAAO;GAC9B,yBAAyB,OAAO;EACpC;CACJ;CAEA,0BACI,MACA,MACyC;EACzC,IAAI,qBAAqB,WAAW,IAAI,GAAG;GACvC,MAAM,aAAa,KAAK,iBAAiB,IAAI;GAC7C,IAAI,WAAW,MAAM,GACjB,OAAO,OAAO,IAAI,WAAW,YAAY,CAAE;GAG/C,MAAM,UAAU,WAAW,UAAU;GACrC,OAAO,OAAO,GAAG;IACb;IACA,OAAO,KAAK,WAAW;KACnB,eAAe;KACf,cAAc;KACd,mBAAmB;KACnB,uBAAuB;KACvB,yBAAyB;IAC7B,CAAC;GACL,CAAC;EACL;EAEA,IAAI,qBAAqB,UAAU,IAAI,GAAG;GACtC,IAAI,KAAK,IAAI,WAAW,GACpB,OAAO,OAAO,IACV,qBAAqB,8BAA8B,CACvD;GAGJ,IAAI,kBAAoD;GAExD,KAAK,MAAM,CAAC,OAAO,UAAU,KAAK,IAAI,QAAQ,GAAG;IAC7C,MAAM,YAAY,GAAG,KAAK,OAAO,MAAM;IACvC,MAAM,cAAc,KAAK,0BACrB,OACA,SACJ;IACA,IAAI,YAAY,MAAM,GAClB,OAAO,OAAO,IAAI,YAAY,YAAY,CAAE;IAGhD,MAAM,cAAc,YAAY,UAAU;IAC1C,kBAAkB;IAClB,IAAI,CAAC,YAAY,SACb,OAAO,OAAO,GAAG;KACb,SAAS;KACT,OAAO,KAAK,WAAW;MACnB,eAAe;MACf,cAAc;MACd,mBACI,YAAY,MAAM;MACtB,uBACI,YAAY,MAAM;MACtB,yBACI,YAAY,MAAM;KAC1B,CAAC;IACL,CAAC;GAET;GAEA,OAAO,OAAO,GAAG;IACb,SAAS;IACT,OAAO,gBAAiB;GAC5B,CAAC;EACL;EAEA,IAAI,qBAAqB,SAAS,IAAI,GAAG;GACrC,IAAI,YAA6C;GAEjD,KAAK,MAAM,CAAC,OAAO,UAAU,KAAK,GAAG,QAAQ,GAAG;IAC5C,MAAM,cAAc,KAAK,0BACrB,OACA,GAAG,KAAK,MAAM,MAAM,EACxB;IACA,IAAI,YAAY,MAAM,GAClB,OAAO,OAAO,IAAI,YAAY,YAAY,CAAE;IAGhD,MAAM,cAAc,YAAY,UAAU;IAC1C,YAAY,YAAY;IACxB,IAAI,YAAY,SACZ,OAAO,OAAO,GAAG;KACb,SAAS;KACT,OAAO,YAAY;IACvB,CAAC;GAET;GAEA,IAAI,cAAc,MACd,OAAO,OAAO,IACV,qBAAqB,6BAA6B,CACtD;GAGJ,OAAO,OAAO,GAAG;IAAE,SAAS;IAAO,OAAO;GAAW,CAAC;EAC1D;EAEA,IAAI,qBAAqB,UAAU,IAAI,GAAG;GACtC,MAAM,YAAY,GAAG,KAAK;GAC1B,MAAM,cAAc,KAAK,0BACrB,KAAK,KACL,SACJ;GACA,IAAI,YAAY,MAAM,GAClB,OAAO,OAAO,IAAI,YAAY,YAAY,CAAE;GAGhD,MAAM,cAAc,YAAY,UAAU;GAC1C,OAAO,OAAO,GAAG;IACb,SAAS,CAAC,YAAY;IACtB,OAAO,KAAK,WAAW;KACnB,eAAe;KACf,cAAc;KACd,mBAAmB,YAAY,MAAM;KACrC,uBACI,YAAY,MAAM;KACtB,yBACI,YAAY,MAAM;IAC1B,CAAC;GACL,CAAC;EACL;EAEA,OAAO,KAAK,iBACR,sBACA,IAAI,UAAU,8BAA8B,CAChD;CACJ;CAEA,SAAS,MAA8C;EACnD,IAAI;GACA,MAAM,SAAS,KAAK,0BAA0B,MAAM,GAAG;GACvD,IAAI,OAAO,MAAM,GACb,OAAO,OAAO,IAAI,OAAO,YAAY,CAAE;GAG3C,OAAO,OAAO,GAAG,OAAO,UAAU,EAAG,OAAO;EAChD,SAAS,OAAO;GACZ,OAAO,KAAK,iBAAiB,MAAM,KAAK;EAC5C;CACJ;CAEA,kBACI,MACyC;EACzC,IAAI;GACA,OAAO,KAAK,0BAA0B,MAAM,GAAG;EACnD,SAAS,OAAO;GACZ,OAAO,KAAK,iBAAiB,MAAM,KAAK;EAC5C;CACJ;CAEA,OAAO,cAAc,MAA+B;EAChD,IAAI,qBAAqB,WAAW,IAAI,GACpC,OAAO,CAAC,KAAK,KAAK;EAGtB,IAAI,qBAAqB,UAAU,IAAI,GACnC,OAAO,KAAK,IAAI,SAAS,UACrB,qBAAqB,cAAc,KAAK,CAC5C;EAGJ,IAAI,qBAAqB,SAAS,IAAI,GAClC,OAAO,KAAK,GAAG,SAAS,UACpB,qBAAqB,cAAc,KAAK,CAC5C;EAGJ,IAAI,qBAAqB,UAAU,IAAI,GACnC,OAAO,qBAAqB,cAAc,KAAK,GAAG;EAGtD,OAAO,CAAC;CACZ;AACJ;;;AC3sBA,IAAa,sBAAb,MAAa,oBAAoB;;gBACJ,EAAE,MAAM,CAC7B,EACK,OAAO,EACJ,WAAW,oBACf,CAAC,EACA,OAAO,GACZ,EACK,OAAO;GACJ,SAAS;GACT,gBAAgB,EAAE,KAAK,CAAC,SAAS,MAAM,CAAC;EAC5C,CAAC,EACA,OAAO,CAChB,CAAC;;CAED,OAAO,MAAM,SAAiD;EAC1D,MAAM,SAAS,oBAAoB,OAAO,UAAU,OAAO;EAC3D,IAAI,CAAC,OAAO,SAAS;GACjB,MAAM,UAAU,OAAO,MAAM,OACxB,KAAK,UAAU;IACZ,MAAM,OAAO,MAAM,KAAK,KAAK,GAAG;IAChC,OAAO,KAAK,SAAS,IACf,GAAG,KAAK,IAAI,MAAM,YAClB,MAAM;GAChB,CAAC,EACA,KAAK,IAAI;GAEd,OAAO,OAAO,IAAI,yBAAyB,SAAS;EACxD;EAEA,OAAO,OAAO,GAAG,OAAO,IAAqB;CACjD;AACJ;AAEA,MAAa,oBAAoB,oBAAoB"}
1
+ {"version":3,"file":"gate-v1-payload.schema.js","names":[],"sources":["../src/core/policies/engines/v1/condition-schema.ts","../src/core/policies/engines/v1/gate/gate-v1-payload.schema.ts"],"sourcesContent":["import { z } from \"zod\";\n\nimport type { ConditionLeafNode, ConditionNode } from \"./condition-types.js\";\n\n// ─── Shared v1 condition Zod schemas ─────────────────────────────────────────\n// Extracted from gate/v1 so both gate/v1 and compute/v1 can validate\n// condition nodes without either engine depending on the other.\n\nconst conditionOpSchema = z.enum([\n \"eq\",\n \"neq\",\n \"gt\",\n \"gte\",\n \"lt\",\n \"lte\",\n \"in\",\n \"notIn\",\n \"isNull\",\n \"isNotNull\",\n]);\n\nexport const conditionLeafNodeSchema: z.ZodType<ConditionLeafNode> = z\n .object({\n field: z.string().min(1),\n op: conditionOpSchema,\n value: z.unknown(),\n allowNull: z.literal(true).optional(),\n })\n .strict() as z.ZodType<ConditionLeafNode>;\n\nexport const conditionNodeSchema: z.ZodType<ConditionNode> = z.lazy(() =>\n z.union([\n conditionLeafNodeSchema,\n z\n .object({\n and: z.array(conditionNodeSchema).min(1),\n })\n .strict(),\n z\n .object({\n or: z.array(conditionNodeSchema).min(1),\n })\n .strict(),\n z\n .object({\n not: conditionNodeSchema,\n })\n .strict(),\n ]),\n);\n","import { z } from \"zod\";\n\nimport { Result } from \"../../../../result/result.js\";\n\nimport type { GatePayloadV1 } from \"./gate-types-v1.js\";\nimport {\n conditionLeafNodeSchema,\n conditionNodeSchema,\n} from \"../condition-schema.js\";\n\n// Re-export so gate/v1 public API remains unchanged.\nexport { conditionLeafNodeSchema, conditionNodeSchema };\n\nexport class GatePayloadSchemaV1 {\n static readonly schema = z.union([\n z\n .object({\n condition: conditionNodeSchema,\n })\n .strict(),\n z\n .object({\n allowIf: conditionNodeSchema,\n defaultOutcome: z.enum([\"ALLOW\", \"DENY\"]),\n })\n .strict(),\n ]);\n\n static parse(payload: unknown): Result<GatePayloadV1, string> {\n const parsed = GatePayloadSchemaV1.schema.safeParse(payload);\n if (!parsed.success) {\n const details = parsed.error.issues\n .map((issue) => {\n const path = issue.path.join(\".\");\n return path.length > 0\n ? `${path}: ${issue.message}`\n : issue.message;\n })\n .join(\"; \");\n\n return Result.err(`Invalid gate payload: ${details}`);\n }\n\n return Result.ok(parsed.data as GatePayloadV1);\n }\n}\n\nexport const gatePayloadSchema = GatePayloadSchemaV1.schema;\n"],"mappings":";;;AAQA,MAAM,oBAAoB,EAAE,KAAK;CAC7B;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;AACJ,CAAC;AAED,MAAa,0BAAwD,EAChE,OAAO;CACJ,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC;CACvB,IAAI;CACJ,OAAO,EAAE,QAAQ;CACjB,WAAW,EAAE,QAAQ,IAAI,EAAE,SAAS;AACxC,CAAC,EACA,OAAO;AAEZ,MAAa,sBAAgD,EAAE,WAC3D,EAAE,MAAM;CACJ;CACA,EACK,OAAO,EACJ,KAAK,EAAE,MAAM,mBAAmB,EAAE,IAAI,CAAC,EAC3C,CAAC,EACA,OAAO;CACZ,EACK,OAAO,EACJ,IAAI,EAAE,MAAM,mBAAmB,EAAE,IAAI,CAAC,EAC1C,CAAC,EACA,OAAO;CACZ,EACK,OAAO,EACJ,KAAK,oBACT,CAAC,EACA,OAAO;AAChB,CAAC,CACL;;;ACpCA,IAAa,sBAAb,MAAa,oBAAoB;;gBACJ,EAAE,MAAM,CAC7B,EACK,OAAO,EACJ,WAAW,oBACf,CAAC,EACA,OAAO,GACZ,EACK,OAAO;GACJ,SAAS;GACT,gBAAgB,EAAE,KAAK,CAAC,SAAS,MAAM,CAAC;EAC5C,CAAC,EACA,OAAO,CAChB,CAAC;;CAED,OAAO,MAAM,SAAiD;EAC1D,MAAM,SAAS,oBAAoB,OAAO,UAAU,OAAO;EAC3D,IAAI,CAAC,OAAO,SAAS;GACjB,MAAM,UAAU,OAAO,MAAM,OACxB,KAAK,UAAU;IACZ,MAAM,OAAO,MAAM,KAAK,KAAK,GAAG;IAChC,OAAO,KAAK,SAAS,IACf,GAAG,KAAK,IAAI,MAAM,YAClB,MAAM;GAChB,CAAC,EACA,KAAK,IAAI;GAEd,OAAO,OAAO,IAAI,yBAAyB,SAAS;EACxD;EAEA,OAAO,OAAO,GAAG,OAAO,IAAqB;CACjD;AACJ;AAEA,MAAa,oBAAoB,oBAAoB"}
package/dist/hashing.cjs CHANGED
@@ -1,47 +1,11 @@
1
+ const require_stable_stringify = require("./stable-stringify.cjs");
1
2
  let node_crypto = require("node:crypto");
2
3
  //#region src/core/shared/hashing.ts
3
- const CIRCULAR_STRUCTURE_MESSAGE = "Cannot stably stringify a circular structure";
4
4
  function sha256Hex(value) {
5
5
  return (0, node_crypto.createHash)("sha256").update(value, "utf8").digest("hex");
6
6
  }
7
- function sortKeysDeep(value, seen) {
8
- if (Array.isArray(value)) {
9
- if (seen.has(value)) throw new TypeError(CIRCULAR_STRUCTURE_MESSAGE);
10
- seen.add(value);
11
- const mapped = value.map((item) => sortKeysDeep(item, seen));
12
- seen.delete(value);
13
- return mapped;
14
- }
15
- if (value instanceof Date) return value;
16
- if (value && typeof value === "object") {
17
- if (seen.has(value)) throw new TypeError(CIRCULAR_STRUCTURE_MESSAGE);
18
- seen.add(value);
19
- const record = value;
20
- const ordered = Object.create(null);
21
- for (const key of Object.keys(record).sort()) ordered[key] = sortKeysDeep(record[key], seen);
22
- seen.delete(value);
23
- return ordered;
24
- }
25
- return value;
26
- }
27
- /**
28
- * Deterministic JSON string with object keys sorted recursively, so key order
29
- * does not affect the output.
30
- *
31
- * Follows `JSON.stringify` semantics for the values it serializes: `undefined`,
32
- * functions and symbols are dropped, non-finite numbers become `null`, `bigint`
33
- * throws, and `Map`/`Set` serialize as `{}`. Distinct payloads can therefore
34
- * collapse to the same string — for collision-resistant hashing use
35
- * `PolicyHashing.canonicalJson` (policies/utils), which rejects those values
36
- * up front.
37
- *
38
- * @throws {TypeError} On circular references (mirroring `JSON.stringify`).
39
- */
40
- function stableStringify(value) {
41
- return JSON.stringify(sortKeysDeep(value, /* @__PURE__ */ new WeakSet()));
42
- }
43
7
  function payloadHash(value) {
44
- return sha256Hex(stableStringify(value));
8
+ return sha256Hex(require_stable_stringify.stableStringify(value));
45
9
  }
46
10
  //#endregion
47
11
  Object.defineProperty(exports, "payloadHash", {
@@ -56,11 +20,5 @@ Object.defineProperty(exports, "sha256Hex", {
56
20
  return sha256Hex;
57
21
  }
58
22
  });
59
- Object.defineProperty(exports, "stableStringify", {
60
- enumerable: true,
61
- get: function() {
62
- return stableStringify;
63
- }
64
- });
65
23
 
66
24
  //# sourceMappingURL=hashing.cjs.map
@@ -1 +1 @@
1
- {"version":3,"file":"hashing.cjs","names":[],"sources":["../src/core/shared/hashing.ts"],"sourcesContent":["import { createHash } from \"node:crypto\";\n\nconst CIRCULAR_STRUCTURE_MESSAGE =\n \"Cannot stably stringify a circular structure\";\n\nfunction sha256Hex(value: string): string {\n return createHash(\"sha256\").update(value, \"utf8\").digest(\"hex\");\n}\n\n// `seen` holds the current traversal branch so true cycles are rejected while\n// repeated (acyclic) references are still serialized — matching JSON.stringify.\nfunction sortKeysDeep(value: unknown, seen: WeakSet<object>): unknown {\n if (Array.isArray(value)) {\n if (seen.has(value)) {\n throw new TypeError(CIRCULAR_STRUCTURE_MESSAGE);\n }\n seen.add(value);\n const mapped = value.map((item) => sortKeysDeep(item, seen));\n seen.delete(value);\n return mapped;\n }\n\n if (value instanceof Date) {\n return value;\n }\n\n if (value && typeof value === \"object\") {\n if (seen.has(value)) {\n throw new TypeError(CIRCULAR_STRUCTURE_MESSAGE);\n }\n seen.add(value);\n const record = value as Record<string, unknown>;\n const ordered = Object.create(null) as Record<string, unknown>;\n\n for (const key of Object.keys(record).sort()) {\n ordered[key] = sortKeysDeep(record[key], seen);\n }\n seen.delete(value);\n\n return ordered;\n }\n\n return value;\n}\n\n/**\n * Deterministic JSON string with object keys sorted recursively, so key order\n * does not affect the output.\n *\n * Follows `JSON.stringify` semantics for the values it serializes: `undefined`,\n * functions and symbols are dropped, non-finite numbers become `null`, `bigint`\n * throws, and `Map`/`Set` serialize as `{}`. Distinct payloads can therefore\n * collapse to the same string — for collision-resistant hashing use\n * `PolicyHashing.canonicalJson` (policies/utils), which rejects those values\n * up front.\n *\n * @throws {TypeError} On circular references (mirroring `JSON.stringify`).\n */\nfunction stableStringify(value: unknown): string {\n return JSON.stringify(sortKeysDeep(value, new WeakSet<object>()));\n}\n\nfunction payloadHash(value: unknown): string {\n return sha256Hex(stableStringify(value));\n}\n\nexport { payloadHash, sha256Hex, stableStringify };\n"],"mappings":";;AAEA,MAAM,6BACF;AAEJ,SAAS,UAAU,OAAuB;CACtC,QAAA,GAAA,YAAA,YAAkB,QAAQ,EAAE,OAAO,OAAO,MAAM,EAAE,OAAO,KAAK;AAClE;AAIA,SAAS,aAAa,OAAgB,MAAgC;CAClE,IAAI,MAAM,QAAQ,KAAK,GAAG;EACtB,IAAI,KAAK,IAAI,KAAK,GACd,MAAM,IAAI,UAAU,0BAA0B;EAElD,KAAK,IAAI,KAAK;EACd,MAAM,SAAS,MAAM,KAAK,SAAS,aAAa,MAAM,IAAI,CAAC;EAC3D,KAAK,OAAO,KAAK;EACjB,OAAO;CACX;CAEA,IAAI,iBAAiB,MACjB,OAAO;CAGX,IAAI,SAAS,OAAO,UAAU,UAAU;EACpC,IAAI,KAAK,IAAI,KAAK,GACd,MAAM,IAAI,UAAU,0BAA0B;EAElD,KAAK,IAAI,KAAK;EACd,MAAM,SAAS;EACf,MAAM,UAAU,OAAO,OAAO,IAAI;EAElC,KAAK,MAAM,OAAO,OAAO,KAAK,MAAM,EAAE,KAAK,GACvC,QAAQ,OAAO,aAAa,OAAO,MAAM,IAAI;EAEjD,KAAK,OAAO,KAAK;EAEjB,OAAO;CACX;CAEA,OAAO;AACX;;;;;;;;;;;;;;AAeA,SAAS,gBAAgB,OAAwB;CAC7C,OAAO,KAAK,UAAU,aAAa,uBAAO,IAAI,QAAgB,CAAC,CAAC;AACpE;AAEA,SAAS,YAAY,OAAwB;CACzC,OAAO,UAAU,gBAAgB,KAAK,CAAC;AAC3C"}
1
+ {"version":3,"file":"hashing.cjs","names":["stableStringify"],"sources":["../src/core/shared/hashing.ts"],"sourcesContent":["import { createHash } from \"node:crypto\";\n\nimport { stableStringify } from \"./stable-stringify.js\";\n\nfunction sha256Hex(value: string): string {\n return createHash(\"sha256\").update(value, \"utf8\").digest(\"hex\");\n}\n\nfunction payloadHash(value: unknown): string {\n return sha256Hex(stableStringify(value));\n}\n\nexport { payloadHash, sha256Hex, stableStringify };\n"],"mappings":";;;AAIA,SAAS,UAAU,OAAuB;CACtC,QAAA,GAAA,YAAA,YAAkB,QAAQ,EAAE,OAAO,OAAO,MAAM,EAAE,OAAO,KAAK;AAClE;AAEA,SAAS,YAAY,OAAwB;CACzC,OAAO,UAAUA,yBAAAA,gBAAgB,KAAK,CAAC;AAC3C"}
package/dist/hashing.js CHANGED
@@ -1,49 +1,13 @@
1
+ import { t as stableStringify } from "./stable-stringify.js";
1
2
  import { createHash } from "node:crypto";
2
3
  //#region src/core/shared/hashing.ts
3
- const CIRCULAR_STRUCTURE_MESSAGE = "Cannot stably stringify a circular structure";
4
4
  function sha256Hex(value) {
5
5
  return createHash("sha256").update(value, "utf8").digest("hex");
6
6
  }
7
- function sortKeysDeep(value, seen) {
8
- if (Array.isArray(value)) {
9
- if (seen.has(value)) throw new TypeError(CIRCULAR_STRUCTURE_MESSAGE);
10
- seen.add(value);
11
- const mapped = value.map((item) => sortKeysDeep(item, seen));
12
- seen.delete(value);
13
- return mapped;
14
- }
15
- if (value instanceof Date) return value;
16
- if (value && typeof value === "object") {
17
- if (seen.has(value)) throw new TypeError(CIRCULAR_STRUCTURE_MESSAGE);
18
- seen.add(value);
19
- const record = value;
20
- const ordered = Object.create(null);
21
- for (const key of Object.keys(record).sort()) ordered[key] = sortKeysDeep(record[key], seen);
22
- seen.delete(value);
23
- return ordered;
24
- }
25
- return value;
26
- }
27
- /**
28
- * Deterministic JSON string with object keys sorted recursively, so key order
29
- * does not affect the output.
30
- *
31
- * Follows `JSON.stringify` semantics for the values it serializes: `undefined`,
32
- * functions and symbols are dropped, non-finite numbers become `null`, `bigint`
33
- * throws, and `Map`/`Set` serialize as `{}`. Distinct payloads can therefore
34
- * collapse to the same string — for collision-resistant hashing use
35
- * `PolicyHashing.canonicalJson` (policies/utils), which rejects those values
36
- * up front.
37
- *
38
- * @throws {TypeError} On circular references (mirroring `JSON.stringify`).
39
- */
40
- function stableStringify(value) {
41
- return JSON.stringify(sortKeysDeep(value, /* @__PURE__ */ new WeakSet()));
42
- }
43
7
  function payloadHash(value) {
44
8
  return sha256Hex(stableStringify(value));
45
9
  }
46
10
  //#endregion
47
- export { sha256Hex as n, stableStringify as r, payloadHash as t };
11
+ export { sha256Hex as n, payloadHash as t };
48
12
 
49
13
  //# sourceMappingURL=hashing.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"hashing.js","names":[],"sources":["../src/core/shared/hashing.ts"],"sourcesContent":["import { createHash } from \"node:crypto\";\n\nconst CIRCULAR_STRUCTURE_MESSAGE =\n \"Cannot stably stringify a circular structure\";\n\nfunction sha256Hex(value: string): string {\n return createHash(\"sha256\").update(value, \"utf8\").digest(\"hex\");\n}\n\n// `seen` holds the current traversal branch so true cycles are rejected while\n// repeated (acyclic) references are still serialized — matching JSON.stringify.\nfunction sortKeysDeep(value: unknown, seen: WeakSet<object>): unknown {\n if (Array.isArray(value)) {\n if (seen.has(value)) {\n throw new TypeError(CIRCULAR_STRUCTURE_MESSAGE);\n }\n seen.add(value);\n const mapped = value.map((item) => sortKeysDeep(item, seen));\n seen.delete(value);\n return mapped;\n }\n\n if (value instanceof Date) {\n return value;\n }\n\n if (value && typeof value === \"object\") {\n if (seen.has(value)) {\n throw new TypeError(CIRCULAR_STRUCTURE_MESSAGE);\n }\n seen.add(value);\n const record = value as Record<string, unknown>;\n const ordered = Object.create(null) as Record<string, unknown>;\n\n for (const key of Object.keys(record).sort()) {\n ordered[key] = sortKeysDeep(record[key], seen);\n }\n seen.delete(value);\n\n return ordered;\n }\n\n return value;\n}\n\n/**\n * Deterministic JSON string with object keys sorted recursively, so key order\n * does not affect the output.\n *\n * Follows `JSON.stringify` semantics for the values it serializes: `undefined`,\n * functions and symbols are dropped, non-finite numbers become `null`, `bigint`\n * throws, and `Map`/`Set` serialize as `{}`. Distinct payloads can therefore\n * collapse to the same string — for collision-resistant hashing use\n * `PolicyHashing.canonicalJson` (policies/utils), which rejects those values\n * up front.\n *\n * @throws {TypeError} On circular references (mirroring `JSON.stringify`).\n */\nfunction stableStringify(value: unknown): string {\n return JSON.stringify(sortKeysDeep(value, new WeakSet<object>()));\n}\n\nfunction payloadHash(value: unknown): string {\n return sha256Hex(stableStringify(value));\n}\n\nexport { payloadHash, sha256Hex, stableStringify };\n"],"mappings":";;AAEA,MAAM,6BACF;AAEJ,SAAS,UAAU,OAAuB;CACtC,OAAO,WAAW,QAAQ,EAAE,OAAO,OAAO,MAAM,EAAE,OAAO,KAAK;AAClE;AAIA,SAAS,aAAa,OAAgB,MAAgC;CAClE,IAAI,MAAM,QAAQ,KAAK,GAAG;EACtB,IAAI,KAAK,IAAI,KAAK,GACd,MAAM,IAAI,UAAU,0BAA0B;EAElD,KAAK,IAAI,KAAK;EACd,MAAM,SAAS,MAAM,KAAK,SAAS,aAAa,MAAM,IAAI,CAAC;EAC3D,KAAK,OAAO,KAAK;EACjB,OAAO;CACX;CAEA,IAAI,iBAAiB,MACjB,OAAO;CAGX,IAAI,SAAS,OAAO,UAAU,UAAU;EACpC,IAAI,KAAK,IAAI,KAAK,GACd,MAAM,IAAI,UAAU,0BAA0B;EAElD,KAAK,IAAI,KAAK;EACd,MAAM,SAAS;EACf,MAAM,UAAU,OAAO,OAAO,IAAI;EAElC,KAAK,MAAM,OAAO,OAAO,KAAK,MAAM,EAAE,KAAK,GACvC,QAAQ,OAAO,aAAa,OAAO,MAAM,IAAI;EAEjD,KAAK,OAAO,KAAK;EAEjB,OAAO;CACX;CAEA,OAAO;AACX;;;;;;;;;;;;;;AAeA,SAAS,gBAAgB,OAAwB;CAC7C,OAAO,KAAK,UAAU,aAAa,uBAAO,IAAI,QAAgB,CAAC,CAAC;AACpE;AAEA,SAAS,YAAY,OAAwB;CACzC,OAAO,UAAU,gBAAgB,KAAK,CAAC;AAC3C"}
1
+ {"version":3,"file":"hashing.js","names":[],"sources":["../src/core/shared/hashing.ts"],"sourcesContent":["import { createHash } from \"node:crypto\";\n\nimport { stableStringify } from \"./stable-stringify.js\";\n\nfunction sha256Hex(value: string): string {\n return createHash(\"sha256\").update(value, \"utf8\").digest(\"hex\");\n}\n\nfunction payloadHash(value: unknown): string {\n return sha256Hex(stableStringify(value));\n}\n\nexport { payloadHash, sha256Hex, stableStringify };\n"],"mappings":";;;AAIA,SAAS,UAAU,OAAuB;CACtC,OAAO,WAAW,QAAQ,EAAE,OAAO,OAAO,MAAM,EAAE,OAAO,KAAK;AAClE;AAEA,SAAS,YAAY,OAAwB;CACzC,OAAO,UAAU,gBAAgB,KAAK,CAAC;AAC3C"}
package/dist/index.cjs CHANGED
@@ -1,8 +1,11 @@
1
1
  Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
2
- const require_unexpected_error = require("./unexpected-error.cjs");
2
+ const require_app_error = require("./app-error.cjs");
3
3
  const require_validation_error = require("./validation-error.cjs");
4
+ const require_authorization_error = require("./authorization-error.cjs");
4
5
  const require_not_found_error = require("./not-found-error.cjs");
6
+ const require_stable_stringify = require("./stable-stringify.cjs");
5
7
  const require_hashing = require("./hashing.cjs");
8
+ const require_unexpected_error = require("./unexpected-error.cjs");
6
9
  const require_validation_code = require("./validation-code.cjs");
7
10
  const require_validation_field = require("./validation-field.cjs");
8
11
  const require_domain_exception = require("./domain-exception.cjs");
@@ -11,19 +14,23 @@ const require_invariant_violation_exception = require("./invariant-violation-exc
11
14
  const require_validation_exception = require("./validation-exception.cjs");
12
15
  const require_immutable = require("./immutable.cjs");
13
16
  const require_use_case = require("./use-case.cjs");
17
+ const require_requested_by = require("./requested-by.cjs");
14
18
  const require_temporal_use_case = require("./temporal-use-case.cjs");
15
- const require_value_object = require("./value-object.cjs");
19
+ const require_entity = require("./entity.cjs");
16
20
  const require_plugin = require("./plugin.cjs");
21
+ const require_value_object = require("./value-object.cjs");
17
22
  const require_uuid_identifier = require("./uuid-identifier.cjs");
18
23
  const require_ruleset_registry = require("./ruleset-registry.cjs");
19
- const require_domain_event_contracts = require("./domain-event-contracts.cjs");
20
- const require_gate_v1_payload_schema = require("./gate-v1-payload.schema.cjs");
21
24
  const require_result = require("./result.cjs");
22
- const require_outcome = require("./outcome.cjs");
25
+ const require_policy_bridge = require("./policy-bridge.cjs");
26
+ const require_rule = require("./rule.cjs");
27
+ const require_condition_evaluator = require("./condition-evaluator.cjs");
23
28
  const require_policy_service = require("./policy-service.cjs");
29
+ const require_domain_event_contracts = require("./domain-event-contracts.cjs");
30
+ const require_outcome = require("./outcome.cjs");
24
31
  const require_gate_engine_registry = require("./gate-engine-registry.cjs");
25
32
  //#region src/version.ts
26
- const version$1 = "1.3.0";
33
+ const version$1 = "1.5.0";
27
34
  //#endregion
28
35
  //#region src/index.ts
29
36
  const ERP_CORE_NAME = "erp-core";
@@ -33,10 +40,13 @@ const erpCoreRelease = {
33
40
  version: ERP_CORE_VERSION
34
41
  };
35
42
  //#endregion
43
+ exports.AbacAuthorizer = require_rule.AbacAuthorizer;
44
+ exports.AbacPolicySet = require_rule.AbacPolicySet;
45
+ exports.AbacRule = require_rule.AbacRule;
36
46
  exports.AlreadyExistsError = require_validation_error.AlreadyExistsError;
37
- exports.AppError = require_unexpected_error.AppError;
47
+ exports.AppError = require_app_error.AppError;
38
48
  exports.AuthenticationError = require_validation_error.AuthenticationError;
39
- exports.AuthorizationError = require_validation_error.AuthorizationError;
49
+ exports.AuthorizationError = require_authorization_error.AuthorizationError;
40
50
  exports.BusinessRuleViolationError = require_not_found_error.BusinessRuleViolationError;
41
51
  exports.BusinessRuleViolationException = require_invalid_state_transition_exception.BusinessRuleViolationException;
42
52
  exports.CONTRACT_VERSION_PROPERTY = require_immutable.CONTRACT_VERSION_PROPERTY;
@@ -46,6 +56,7 @@ Object.defineProperty(exports, "Command", {
46
56
  return require_temporal_use_case.Command;
47
57
  }
48
58
  });
59
+ exports.CompositeAuthorizer = require_rule.CompositeAuthorizer;
49
60
  exports.ComputeEngineRegistry = require_gate_engine_registry.ComputeEngineRegistry;
50
61
  exports.ComputeEvaluatorRegistry = require_gate_engine_registry.ComputeEvaluatorRegistry;
51
62
  exports.ComputePayloadParserRegistry = require_gate_engine_registry.ComputePayloadParserRegistry;
@@ -54,7 +65,7 @@ exports.ComputeRegistry = require_gate_engine_registry.ComputeRegistry;
54
65
  exports.ConflictError = require_validation_error.ConflictError;
55
66
  exports.ContextResolverRegistry = require_policy_service.ContextResolverRegistry;
56
67
  exports.ContextSeedValidator = require_policy_service.ContextSeedValidator;
57
- exports.CoreConfig = require_gate_v1_payload_schema.CoreConfig;
68
+ exports.CoreConfig = require_condition_evaluator.CoreConfig;
58
69
  exports.DeserializationError = require_validation_error.SerializationInError;
59
70
  exports.DomainException = require_domain_exception.DomainException;
60
71
  exports.DuplicateError = require_validation_error.DuplicateError;
@@ -63,15 +74,16 @@ exports.ERP_CORE_VERSION = ERP_CORE_VERSION;
63
74
  Object.defineProperty(exports, "Entity", {
64
75
  enumerable: true,
65
76
  get: function() {
66
- return require_value_object.Entity;
77
+ return require_entity.Entity;
67
78
  }
68
79
  });
69
80
  exports.EntityNotFoundException = require_invalid_state_transition_exception.EntityNotFoundException;
70
81
  exports.Err = require_result.Err;
71
- exports.ErrorCodes = require_unexpected_error.ErrorCodes;
82
+ exports.ErrorCodes = require_app_error.ErrorCodes;
72
83
  exports.ExpiredError = require_validation_error.ExpiredError;
73
84
  exports.GateEngineRegistry = require_gate_engine_registry.GateEngineRegistry;
74
85
  exports.GatePayloadParsers = require_gate_engine_registry.GatePayloadParsers;
86
+ exports.Grant = require_policy_bridge.Grant;
75
87
  exports.IdempotencyError = require_validation_error.IdempotencyError;
76
88
  exports.IdempotencyInProgressError = require_validation_error.IdempotencyInProgressError;
77
89
  exports.IdempotencyKeyMissingError = require_validation_error.IdempotencyKeyMissingError;
@@ -88,12 +100,14 @@ exports.NotFoundError = require_not_found_error.NotFoundError;
88
100
  exports.NotYetValidError = require_validation_error.NotYetValidError;
89
101
  exports.Ok = require_result.Ok;
90
102
  exports.Outcome = require_outcome.Outcome;
103
+ exports.Permission = require_policy_bridge.Permission;
104
+ exports.PermissionSet = require_policy_bridge.PermissionSet;
91
105
  exports.PluginManager = require_plugin.PluginManager;
92
106
  exports.PolicyAsOfResolver = require_policy_service.PolicyAsOfResolver;
93
107
  exports.PolicyCatalog = require_policy_service.PolicyCatalog;
94
108
  exports.PolicyCatalogFactory = require_policy_service.PolicyCatalogFactory;
95
109
  exports.PolicyContextBuilder = require_policy_service.PolicyContextBuilder;
96
- exports.PolicyContextPath = require_gate_v1_payload_schema.PolicyContextPath;
110
+ exports.PolicyContextPath = require_condition_evaluator.PolicyContextPath;
97
111
  exports.PolicyDefinition = require_policy_service.PolicyDefinition;
98
112
  exports.PolicyEvaluationErrors = require_policy_service.PolicyEvaluationErrors;
99
113
  exports.PolicyHashing = require_policy_service.PolicyHashing;
@@ -107,9 +121,12 @@ Object.defineProperty(exports, "Query", {
107
121
  return require_temporal_use_case.Query;
108
122
  }
109
123
  });
110
- exports.RequestedBy = require_temporal_use_case.RequestedBy;
124
+ exports.RbacAuthorizer = require_policy_bridge.RbacAuthorizer;
125
+ exports.RequestedBy = require_requested_by.RequestedBy;
111
126
  exports.Result = require_result.Result;
127
+ exports.Role = require_policy_bridge.Role;
112
128
  exports.RulesetRegistry = require_ruleset_registry.RulesetRegistry;
129
+ exports.Scope = require_policy_bridge.Scope;
113
130
  exports.SerializationCodes = require_validation_error.SerializationCodes;
114
131
  exports.SerializationError = require_validation_error.SerializationError;
115
132
  exports.SerializationInError = require_validation_error.SerializationInError;
@@ -136,27 +153,29 @@ Object.defineProperty(exports, "ValueObject", {
136
153
  return require_value_object.ValueObject;
137
154
  }
138
155
  });
156
+ exports.abacContext = require_rule.abacContext;
139
157
  exports.asPolicyDecisionId = require_policy_service.asPolicyDecisionId;
140
158
  exports.asPolicyDefinitionId = require_policy_service.asPolicyDefinitionId;
141
159
  exports.asSchoolId = require_policy_service.asSchoolId;
142
160
  exports.asTenantId = require_policy_service.asTenantId;
143
- exports.assertJsonSafeMetadata = require_unexpected_error.assertJsonSafeMetadata;
161
+ exports.assertJsonSafeMetadata = require_app_error.assertJsonSafeMetadata;
144
162
  exports.assertTemporalContext = require_temporal_use_case.assertTemporalContext;
145
163
  exports.buildDomainEventContractVersions = require_domain_event_contracts.buildDomainEventContractVersions;
146
164
  exports.contextResolverRegistry = require_policy_service.contextResolverRegistry;
147
- exports.coreConfig = require_gate_v1_payload_schema.coreConfig;
165
+ exports.coreConfig = require_condition_evaluator.coreConfig;
148
166
  exports.createDomainEventEnvelope = require_domain_event_contracts.createDomainEventEnvelope;
149
167
  exports.createTemporalContext = require_temporal_use_case.createTemporalContext;
150
168
  exports.erpCoreRelease = erpCoreRelease;
151
169
  exports.evaluateTemporalWindow = require_validation_error.evaluateTemporalWindow;
152
170
  exports.mapPolicyEvaluationError = require_temporal_use_case.mapPolicyEvaluationError;
153
171
  exports.payloadHash = require_hashing.payloadHash;
172
+ exports.rbacContextFields = require_policy_bridge.rbacContextFields;
154
173
  exports.registerNamespacedContextResolvers = require_policy_service.registerNamespacedContextResolvers;
155
174
  exports.registerNamespacedContextResolversIn = require_policy_service.registerNamespacedContextResolversIn;
156
175
  exports.safePreview = require_validation_error.safePreview;
157
- exports.serializationErrorCode = require_unexpected_error.serializationErrorCode;
176
+ exports.serializationErrorCode = require_app_error.serializationErrorCode;
158
177
  exports.sha256Hex = require_hashing.sha256Hex;
159
- exports.stableStringify = require_hashing.stableStringify;
178
+ exports.stableStringify = require_stable_stringify.stableStringify;
160
179
  exports.translateUniqueViolationToDuplicate = require_validation_error.translateUniqueViolationToDuplicate;
161
180
  exports.version = require_immutable.version;
162
181
 
@@ -1 +1 @@
1
- {"version":3,"file":"index.cjs","names":["version","version"],"sources":["../src/version.ts","../src/index.ts"],"sourcesContent":["// Versao do kit, sincronizada com package.json por scripts/sync-kit-version.mjs.\n// Nao edite a mao: rode `npm run sync-kit-version` (ou e regenerado no release).\n//\n// Mantemos a versao aqui, dentro de src/, para que a copia full-control seja\n// auto-contida: ao copiar so o conteudo de src/, o entry nao depende de um\n// `../package.json` que deixaria de existir no projeto consumidor.\nexport const version = \"1.3.0\";\n","import { version } from \"./version.js\";\n\nexport * from \"./core/index.js\";\n\nexport const ERP_CORE_NAME = \"erp-core\";\nexport const ERP_CORE_VERSION = version;\n\nexport const erpCoreRelease = {\n name: ERP_CORE_NAME,\n version: ERP_CORE_VERSION,\n} as const;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAMA,MAAaA,YAAU;;;ACFvB,MAAa,gBAAgB;AAC7B,MAAa,mBAAmBC;AAEhC,MAAa,iBAAiB;CAC1B,MAAM;CACN,SAAS;AACb"}
1
+ {"version":3,"file":"index.cjs","names":["version","version"],"sources":["../src/version.ts","../src/index.ts"],"sourcesContent":["// Versao do kit, sincronizada com package.json por scripts/sync-kit-version.mjs.\n// Nao edite a mao: rode `npm run sync-kit-version` (ou e regenerado no release).\n//\n// Mantemos a versao aqui, dentro de src/, para que a copia full-control seja\n// auto-contida: ao copiar so o conteudo de src/, o entry nao depende de um\n// `../package.json` que deixaria de existir no projeto consumidor.\nexport const version = \"1.5.0\";\n","import { version } from \"./version.js\";\n\nexport * from \"./core/index.js\";\n\nexport const ERP_CORE_NAME = \"erp-core\";\nexport const ERP_CORE_VERSION = version;\n\nexport const erpCoreRelease = {\n name: ERP_CORE_NAME,\n version: ERP_CORE_VERSION,\n} as const;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAMA,MAAaA,YAAU;;;ACFvB,MAAa,gBAAgB;AAC7B,MAAa,mBAAmBC;AAEhC,MAAa,iBAAiB;CAC1B,MAAM;CACN,SAAS;AACb"}
package/dist/index.d.cts CHANGED
@@ -1,30 +1,37 @@
1
- import { i as version, n as ContractVersion, r as VersionedTarget, t as CONTRACT_VERSION_PROPERTY } from "./version.cjs";
2
- import { a as Result, i as Ok, n as Outcome, r as Err, t as CommonOutcomeStatus } from "./outcome.cjs";
3
- import { A as MetricLabels, C as RequestedByKind, D as TraceAttributeValue, E as UseCaseObservability, M as LogPayload, N as LoggerPort, O as TraceSpan, S as RequestedBy, T as UseCase, _ as PolicyEvaluationOutput, a as TemporalContext, b as Command, c as CacheStrategy, d as mapPolicyEvaluationError, f as TemporalHistory, g as PolicyEvaluationInput, h as ResultRepository, i as CreateTemporalContextInput, j as MetricsPort, k as TracerPort, l as Page, m as Repository, n as TemporalUseCaseInput, o as assertTemporalContext, p as TemporalRepository, r as TemporalizedContextSeed, s as createTemporalContext, t as TemporalUseCase, u as Query, v as PolicyPort, w as MaybePromise, x as CommandInput, y as PolicyPortError } from "./temporal-use-case.cjs";
1
+ import { n as RequestedByKind, t as RequestedBy } from "./requested-by.cjs";
2
+ import { a as AbacPolicySet, c as AbacRuleProps, d as AbacAuthorizerPort, f as AbacAttributes, i as AbacDecision, l as RuleEffect, n as CompositeAuthorizer, o as CombiningAlgorithm, p as AbacRequest, r as AbacAuthorizer, s as AbacRule, t as CompositeAccessRequest, u as abacContext } from "./composite-authorizer.cjs";
4
3
  import { a as JsonSafeRecord, i as JsonSafePrimitive, n as AppErrorOptions, o as JsonSafeValue, r as ErrorSeverity, t as AppError } from "./app-error.cjs";
5
- import { $ as serializationErrorCode, A as IdempotencyPayloadMismatchError, B as UniqueConstraintViolation, C as IntegrationErrorMetadata, D as IdempotencyFailureKind, E as IdempotencyErrorMetadata, F as AlreadyExistsError, G as AuthorizationErrorMetadata, H as translateUniqueViolationToDuplicate, I as ConflictError, J as AuthenticationError, K as AuthorizationErrorReason, L as ConflictErrorMetadata, M as payloadHash, N as sha256Hex, O as IdempotencyInProgressError, P as stableStringify, Q as ErrorCodes, R as ConflictKind, S as IntegrationError, T as IdempotencyError, U as BusinessRuleViolationError, V as UniqueConstraintViolationError, W as AuthorizationError, X as AuthenticationErrorReason, Y as AuthenticationErrorMetadata, Z as assertJsonSafeMetadata, _ as SerializationMessages, a as TemporalError, b as NotFoundError, c as TemporalPrecision, d as SerializationCodes, f as SerializationDirection, g as SerializationInError, h as SerializationFailureCategory, i as NotYetValidError, j as IdempotencyReplayNotSupportedError, k as IdempotencyKeyMissingError, l as evaluateTemporalWindow, m as SerializationErrorMetadata, n as UnexpectedError, o as TemporalErrorMetadata, p as SerializationError, q as AuthorizationRequirement, r as ExpiredError, s as TemporalKind, t as ValidationError, u as SerializationBoundary, v as SerializationOutError, w as IntegrationErrorReason, x as LegacyIncompatibleError, y as safePreview, z as DuplicateError } from "./validation-error.cjs";
4
+ import { i as AuthorizationRequirement, n as AuthorizationErrorMetadata, r as AuthorizationErrorReason, t as AuthorizationError } from "./authorization-error.cjs";
5
+ import { n as Ok, r as Result, t as Err } from "./result.cjs";
6
+ import { n as Outcome, t as CommonOutcomeStatus } from "./outcome.cjs";
7
+ import { C as GateTraceNodeSnapshot, D as VersionedGateEngine, E as PolicyViolation, O as GatePayload, S as GateTraceLeafSnapshot, T as PolicyContext, _ as ConditionEvaluationReportTag, a as PolicyDecisionId, b as GateOutcomeData, c as TenantId, d as asSchoolId, f as asTenantId, g as ConditionEvaluationReportLevel, h as ConditionEvaluationReport, l as asPolicyDecisionId, m as ConditionEvaluationOptions, n as CoreConfigOptions, o as PolicyDefinitionId, p as ConditionEvaluationCause, r as CoreObservabilityConfig, s as SchoolId, t as CoreConfig, u as asPolicyDefinitionId, v as ConditionEvaluatorReporter, w as GateViolationTrace, x as GateStatus, y as GateOutcome } from "./core-config.cjs";
8
+ import { a as PolicyPackage, c as coreConfig, i as PolicyCatalogFactory, n as contextResolverRegistry, o as InMemoryPolicyDefinitionRepository, r as registerNamespacedContextResolvers, s as PolicyHashing, t as PolicyContextPath } from "./path.cjs";
9
+ import { a as PluginContract, i as PipelineReducer, n as BasePlugin, r as InvokeOptions, t as PluginManager } from "./plugin.cjs";
10
+ import { t as DeepReadonly } from "./immutable.cjs";
11
+ import { i as version, n as ContractVersion, r as VersionedTarget, t as CONTRACT_VERSION_PROPERTY } from "./version.cjs";
12
+ import { n as ValueObjectPluginContract, t as ValueObject } from "./value-object.cjs";
13
+ import { a as Permission, i as ScopeProps, n as AccessRequest, o as PermissionProps, r as Scope, t as AuthorizerPort } from "./authorizer.port.cjs";
14
+ import { A as LogPayload, C as UseCase, D as TracerPort, E as TraceSpan, O as MetricLabels, S as MaybePromise, T as TraceAttributeValue, _ as PolicyEvaluationOutput, a as TemporalContext, b as Command, c as CacheStrategy, d as mapPolicyEvaluationError, f as TemporalHistory, g as PolicyEvaluationInput, h as ResultRepository, i as CreateTemporalContextInput, j as LoggerPort, k as MetricsPort, l as Page, m as Repository, n as TemporalUseCaseInput, o as assertTemporalContext, p as TemporalRepository, r as TemporalizedContextSeed, s as createTemporalContext, t as TemporalUseCase, u as Query, v as PolicyPort, w as UseCaseObservability, x as CommandInput, y as PolicyPortError } from "./temporal-use-case.cjs";
15
+ import { A as IdempotencyPayloadMismatchError, B as UniqueConstraintViolation, C as IntegrationErrorMetadata, D as IdempotencyFailureKind, E as IdempotencyErrorMetadata, F as AlreadyExistsError, G as AuthenticationErrorMetadata, H as translateUniqueViolationToDuplicate, I as ConflictError, J as ErrorCodes, K as AuthenticationErrorReason, L as ConflictErrorMetadata, M as payloadHash, N as sha256Hex, O as IdempotencyInProgressError, P as stableStringify, R as ConflictKind, S as IntegrationError, T as IdempotencyError, U as BusinessRuleViolationError, V as UniqueConstraintViolationError, W as AuthenticationError, Y as serializationErrorCode, _ as SerializationMessages, a as TemporalError, b as NotFoundError, c as TemporalPrecision, d as SerializationCodes, f as SerializationDirection, g as SerializationInError, h as SerializationFailureCategory, i as NotYetValidError, j as IdempotencyReplayNotSupportedError, k as IdempotencyKeyMissingError, l as evaluateTemporalWindow, m as SerializationErrorMetadata, n as UnexpectedError, o as TemporalErrorMetadata, p as SerializationError, q as assertJsonSafeMetadata, r as ExpiredError, s as TemporalKind, t as ValidationError, u as SerializationBoundary, v as SerializationOutError, w as IntegrationErrorReason, x as LegacyIncompatibleError, y as safePreview, z as DuplicateError } from "./validation-error.cjs";
6
16
  import { t as ValidationCode } from "./validation-code.cjs";
7
17
  import { t as ValidationField } from "./validation-field.cjs";
8
- import { A as ConditionEvaluationReportTag, C as asPolicyDefinitionId, D as ConditionEvaluationOptions, E as ConditionEvaluationCause, O as ConditionEvaluationReport, S as asPolicyDecisionId, T as asTenantId, a as GateTraceNodeSnapshot, b as SchoolId, c as PolicyViolation, g as CoreObservabilityConfig, h as CoreConfigOptions, i as GateTraceLeafSnapshot, j as ConditionEvaluatorReporter, k as ConditionEvaluationReportLevel, l as VersionedGateEngine, m as CoreConfig, n as GateOutcomeData, o as GateViolationTrace, r as GateStatus, s as PolicyContext, t as GateOutcome, u as GatePayload, v as PolicyDecisionId, w as asSchoolId, x as TenantId, y as PolicyDefinitionId } from "./gate-types.cjs";
9
- import { a as PolicyPackage, c as coreConfig, i as PolicyCatalogFactory, n as contextResolverRegistry, o as InMemoryPolicyDefinitionRepository, r as registerNamespacedContextResolvers, s as PolicyHashing, t as PolicyContextPath } from "./path.cjs";
10
18
  import { A as PolicyScope, C as BasePolicyDefinitionProps, D as PolicyDefinition, E as GatePolicyDefinitionProps, F as PolicyKey, I as AsOfSource, L as PolicyKind, M as ScopeChain, N as PolicyCatalog, O as PolicyDefinitionProps, P as PolicyCatalogEntryProps, R as PolicyOwner, T as FindCandidatesParams, _ as ContextResolverResilienceOptions, a as PolicyServiceOptions, b as ContextSeed, c as PolicyEvaluationErrors, d as PolicyAsOfResolver, f as PolicyContextBuilder, g as ContextResolverCircuitBreakerOptions, h as registerNamespacedContextResolversIn, i as PolicyService, j as PolicyScopeMatcher, k as PolicyDefinitionStatus, l as PolicyResolver, m as ContextResolverRegistry, n as PolicyDecision, o as PolicyServiceParams, p as PolicyContextBuilderOptions, r as PolicyEvaluationResult, s as PolicyEvaluationError, t as EvaluateInput, u as DeriveAsOfOptions, v as ContextResolverRetryOptions, w as ComputePolicyDefinitionProps, x as ContextSeedValidator, y as ContextValueResolver, z as PolicyScopeLevel } from "./policy-service.cjs";
11
19
  import { a as ComputeOutcome, c as VersionedComputeEngine, i as ComputeEvaluatorRegistration, n as ComputeRegistry, o as ComputeOutcomeData, r as ComputeEvaluator, s as ComputeStatus, t as GateEngineRegistry } from "./gate-engine-registry.cjs";
12
20
  import { a as ComputePayloadParserRegistry, c as ComputeEvaluatorRegistry, o as ComputePayloadParsers, r as GatePayloadParsers, s as ComputeEngineRegistry } from "./parse-gate-payload.cjs";
13
- import { t as DeepReadonly } from "./immutable.cjs";
14
- import { a as EntityState, i as Entity, n as ValueObject, r as ValueObjectPluginContract, t as UuidIdentifier } from "./uuid-identifier.cjs";
15
- import { a as PluginContract, i as PipelineReducer, n as BasePlugin, r as InvokeOptions, t as PluginManager } from "./plugin.cjs";
21
+ import { n as Entity, r as EntityState, t as UuidIdentifier } from "./uuid-identifier.cjs";
16
22
  import { t as DomainException } from "./domain-exception.cjs";
17
23
  import { a as InvariantViolationException, c as BusinessRuleViolationException, i as ValidationViolation, n as MultipleValidationException, o as InvalidStateTransitionException, r as ValidationException, s as EntityNotFoundException, t as InvalidValueException } from "./validation-exception.cjs";
18
24
  import { a as Ruleset, i as InvariantRuleset, n as RulesetRegistry, o as RulesetId, r as CreationRuleset, t as ValueObjectRuleset } from "./value-object-ruleset.contracts.cjs";
25
+ import { a as GrantProps, i as Grant, n as PermissionSet, o as Role, r as RbacAuthorizer, s as RoleProps, t as rbacContextFields } from "./policy-bridge.cjs";
19
26
  import { a as buildDomainEventContractVersions, i as DomainEventEnvelope, n as DomainEventContractSelection, o as createDomainEventEnvelope, r as DomainEventContractVersions, t as CreateDomainEventEnvelopeInput } from "./domain-event-contracts.cjs";
20
27
 
21
28
  //#region src/index.d.ts
22
29
  declare const ERP_CORE_NAME = "erp-core";
23
- declare const ERP_CORE_VERSION = "1.3.0";
30
+ declare const ERP_CORE_VERSION = "1.5.0";
24
31
  declare const erpCoreRelease: {
25
32
  readonly name: "erp-core";
26
- readonly version: "1.3.0";
33
+ readonly version: "1.5.0";
27
34
  };
28
35
  //#endregion
29
- export { AlreadyExistsError, AppError, AppErrorOptions, AsOfSource, AuthenticationError, AuthenticationErrorMetadata, AuthenticationErrorReason, AuthorizationError, AuthorizationErrorMetadata, AuthorizationErrorReason, AuthorizationRequirement, BasePlugin, BasePolicyDefinitionProps, BusinessRuleViolationError, BusinessRuleViolationException, CONTRACT_VERSION_PROPERTY, CacheStrategy, Command, CommandInput, CommonOutcomeStatus, ComputeEngineRegistry, ComputeEvaluator, ComputeEvaluatorRegistration, ComputeEvaluatorRegistry, ComputeOutcome, ComputeOutcomeData, ComputePayloadParserRegistry, ComputePayloadParsers, ComputePolicyDefinitionProps, ComputeRegistry, ComputeStatus, ConditionEvaluationCause, ConditionEvaluationOptions, ConditionEvaluationReport, ConditionEvaluationReportLevel, ConditionEvaluationReportTag, ConditionEvaluatorReporter, ConflictError, ConflictErrorMetadata, ConflictKind, ContextResolverCircuitBreakerOptions, ContextResolverRegistry, ContextResolverResilienceOptions, ContextResolverRetryOptions, ContextSeed, ContextSeedValidator, ContextValueResolver, ContractVersion, CoreConfig, CoreConfigOptions, CoreObservabilityConfig, CreateDomainEventEnvelopeInput, CreateTemporalContextInput, CreationRuleset, DeepReadonly, DeriveAsOfOptions, SerializationInError as DeserializationError, SerializationInError, DomainEventContractSelection, DomainEventContractVersions, DomainEventEnvelope, DomainException, DuplicateError, ERP_CORE_NAME, ERP_CORE_VERSION, Entity, EntityNotFoundException, EntityState, Err, ErrorCodes, ErrorSeverity, EvaluateInput, ExpiredError, TemporalErrorMetadata as ExpiredErrorMetadata, TemporalErrorMetadata, TemporalPrecision as ExpiredErrorPrecision, TemporalPrecision, FindCandidatesParams, GateEngineRegistry, GateOutcome, GateOutcomeData, GatePayload, GatePayloadParsers, GatePolicyDefinitionProps, GateStatus, GateTraceLeafSnapshot, GateTraceNodeSnapshot, GateViolationTrace, IdempotencyError, IdempotencyErrorMetadata, IdempotencyFailureKind, IdempotencyInProgressError, IdempotencyKeyMissingError, IdempotencyPayloadMismatchError, IdempotencyReplayNotSupportedError, InMemoryPolicyDefinitionRepository, IntegrationError, IntegrationErrorMetadata, IntegrationErrorReason, InvalidStateTransitionException, InvalidValueException, InvariantRuleset, InvariantViolationException, InvokeOptions, JsonSafePrimitive, JsonSafeRecord, JsonSafeValue, LegacyIncompatibleError, LogPayload, LoggerPort, MaybePromise, MetricLabels, MetricsPort, MultipleValidationException, NotFoundError, NotYetValidError, Ok, Outcome, Page, PipelineReducer, PluginContract, PluginManager, PolicyAsOfResolver, PolicyCatalog, PolicyCatalogEntryProps, PolicyCatalogFactory, PolicyContext, PolicyContextBuilder, PolicyContextBuilderOptions, PolicyContextPath, PolicyDecision, PolicyDecisionId, PolicyDefinition, PolicyDefinitionId, PolicyDefinitionProps, PolicyDefinitionStatus, PolicyEvaluationError, PolicyEvaluationErrors, PolicyEvaluationInput, PolicyEvaluationOutput, PolicyEvaluationResult, PolicyHashing, PolicyKey, PolicyKind, PolicyOwner, PolicyPackage, PolicyPort, PolicyPortError, PolicyResolver, PolicyScope, PolicyScopeLevel, PolicyScopeMatcher, PolicyService, PolicyServiceOptions, PolicyServiceParams, PolicyViolation, Query, Repository, RequestedBy, RequestedByKind, Result, ResultRepository, Ruleset, RulesetId, RulesetRegistry, SchoolId, ScopeChain, SerializationBoundary, SerializationCodes, SerializationDirection, SerializationError, SerializationErrorMetadata, SerializationFailureCategory, SerializationMessages, SerializationOutError, TemporalContext, TemporalError, TemporalHistory, TemporalKind, TemporalRepository, TemporalUseCase, TemporalUseCaseInput, TemporalizedContextSeed, TenantId, TraceAttributeValue, TraceSpan, TracerPort, UnexpectedError, UniqueConstraintViolation, UniqueConstraintViolationError, UseCase, UseCaseObservability, UuidIdentifier, ValidationCode, ValidationError, ValidationException, ValidationField, ValidationViolation, ValueObject, ValueObjectPluginContract, ValueObjectRuleset, VersionedComputeEngine, VersionedGateEngine, VersionedTarget, asPolicyDecisionId, asPolicyDefinitionId, asSchoolId, asTenantId, assertJsonSafeMetadata, assertTemporalContext, buildDomainEventContractVersions, contextResolverRegistry, coreConfig, createDomainEventEnvelope, createTemporalContext, erpCoreRelease, evaluateTemporalWindow, mapPolicyEvaluationError, payloadHash, registerNamespacedContextResolvers, registerNamespacedContextResolversIn, safePreview, serializationErrorCode, sha256Hex, stableStringify, translateUniqueViolationToDuplicate, version };
36
+ export { AbacAttributes, AbacAuthorizer, AbacAuthorizerPort, AbacDecision, AbacPolicySet, AbacRequest, AbacRule, AbacRuleProps, AccessRequest, AlreadyExistsError, AppError, AppErrorOptions, AsOfSource, AuthenticationError, AuthenticationErrorMetadata, AuthenticationErrorReason, AuthorizationError, AuthorizationErrorMetadata, AuthorizationErrorReason, AuthorizationRequirement, AuthorizerPort, BasePlugin, BasePolicyDefinitionProps, BusinessRuleViolationError, BusinessRuleViolationException, CONTRACT_VERSION_PROPERTY, CacheStrategy, CombiningAlgorithm, Command, CommandInput, CommonOutcomeStatus, CompositeAccessRequest, CompositeAuthorizer, ComputeEngineRegistry, ComputeEvaluator, ComputeEvaluatorRegistration, ComputeEvaluatorRegistry, ComputeOutcome, ComputeOutcomeData, ComputePayloadParserRegistry, ComputePayloadParsers, ComputePolicyDefinitionProps, ComputeRegistry, ComputeStatus, ConditionEvaluationCause, ConditionEvaluationOptions, ConditionEvaluationReport, ConditionEvaluationReportLevel, ConditionEvaluationReportTag, ConditionEvaluatorReporter, ConflictError, ConflictErrorMetadata, ConflictKind, ContextResolverCircuitBreakerOptions, ContextResolverRegistry, ContextResolverResilienceOptions, ContextResolverRetryOptions, ContextSeed, ContextSeedValidator, ContextValueResolver, ContractVersion, CoreConfig, CoreConfigOptions, CoreObservabilityConfig, CreateDomainEventEnvelopeInput, CreateTemporalContextInput, CreationRuleset, DeepReadonly, DeriveAsOfOptions, SerializationInError as DeserializationError, SerializationInError, DomainEventContractSelection, DomainEventContractVersions, DomainEventEnvelope, DomainException, DuplicateError, ERP_CORE_NAME, ERP_CORE_VERSION, Entity, EntityNotFoundException, EntityState, Err, ErrorCodes, ErrorSeverity, EvaluateInput, ExpiredError, TemporalErrorMetadata as ExpiredErrorMetadata, TemporalErrorMetadata, TemporalPrecision as ExpiredErrorPrecision, TemporalPrecision, FindCandidatesParams, GateEngineRegistry, GateOutcome, GateOutcomeData, GatePayload, GatePayloadParsers, GatePolicyDefinitionProps, GateStatus, GateTraceLeafSnapshot, GateTraceNodeSnapshot, GateViolationTrace, Grant, GrantProps, IdempotencyError, IdempotencyErrorMetadata, IdempotencyFailureKind, IdempotencyInProgressError, IdempotencyKeyMissingError, IdempotencyPayloadMismatchError, IdempotencyReplayNotSupportedError, InMemoryPolicyDefinitionRepository, IntegrationError, IntegrationErrorMetadata, IntegrationErrorReason, InvalidStateTransitionException, InvalidValueException, InvariantRuleset, InvariantViolationException, InvokeOptions, JsonSafePrimitive, JsonSafeRecord, JsonSafeValue, LegacyIncompatibleError, LogPayload, LoggerPort, MaybePromise, MetricLabels, MetricsPort, MultipleValidationException, NotFoundError, NotYetValidError, Ok, Outcome, Page, Permission, PermissionProps, PermissionSet, PipelineReducer, PluginContract, PluginManager, PolicyAsOfResolver, PolicyCatalog, PolicyCatalogEntryProps, PolicyCatalogFactory, PolicyContext, PolicyContextBuilder, PolicyContextBuilderOptions, PolicyContextPath, PolicyDecision, PolicyDecisionId, PolicyDefinition, PolicyDefinitionId, PolicyDefinitionProps, PolicyDefinitionStatus, PolicyEvaluationError, PolicyEvaluationErrors, PolicyEvaluationInput, PolicyEvaluationOutput, PolicyEvaluationResult, PolicyHashing, PolicyKey, PolicyKind, PolicyOwner, PolicyPackage, PolicyPort, PolicyPortError, PolicyResolver, PolicyScope, PolicyScopeLevel, PolicyScopeMatcher, PolicyService, PolicyServiceOptions, PolicyServiceParams, PolicyViolation, Query, RbacAuthorizer, Repository, RequestedBy, RequestedByKind, Result, ResultRepository, Role, RoleProps, RuleEffect, Ruleset, RulesetId, RulesetRegistry, SchoolId, Scope, ScopeChain, ScopeProps, SerializationBoundary, SerializationCodes, SerializationDirection, SerializationError, SerializationErrorMetadata, SerializationFailureCategory, SerializationMessages, SerializationOutError, TemporalContext, TemporalError, TemporalHistory, TemporalKind, TemporalRepository, TemporalUseCase, TemporalUseCaseInput, TemporalizedContextSeed, TenantId, TraceAttributeValue, TraceSpan, TracerPort, UnexpectedError, UniqueConstraintViolation, UniqueConstraintViolationError, UseCase, UseCaseObservability, UuidIdentifier, ValidationCode, ValidationError, ValidationException, ValidationField, ValidationViolation, ValueObject, ValueObjectPluginContract, ValueObjectRuleset, VersionedComputeEngine, VersionedGateEngine, VersionedTarget, abacContext, asPolicyDecisionId, asPolicyDefinitionId, asSchoolId, asTenantId, assertJsonSafeMetadata, assertTemporalContext, buildDomainEventContractVersions, contextResolverRegistry, coreConfig, createDomainEventEnvelope, createTemporalContext, erpCoreRelease, evaluateTemporalWindow, mapPolicyEvaluationError, payloadHash, rbacContextFields, registerNamespacedContextResolvers, registerNamespacedContextResolversIn, safePreview, serializationErrorCode, sha256Hex, stableStringify, translateUniqueViolationToDuplicate, version };
30
37
  //# sourceMappingURL=index.d.cts.map
package/dist/index.d.ts CHANGED
@@ -1,30 +1,37 @@
1
- import { i as version, n as ContractVersion, r as VersionedTarget, t as CONTRACT_VERSION_PROPERTY } from "./version.js";
2
- import { a as Result, i as Ok, n as Outcome, r as Err, t as CommonOutcomeStatus } from "./outcome.js";
3
- import { A as MetricLabels, C as RequestedByKind, D as TraceAttributeValue, E as UseCaseObservability, M as LogPayload, N as LoggerPort, O as TraceSpan, S as RequestedBy, T as UseCase, _ as PolicyEvaluationOutput, a as TemporalContext, b as Command, c as CacheStrategy, d as mapPolicyEvaluationError, f as TemporalHistory, g as PolicyEvaluationInput, h as ResultRepository, i as CreateTemporalContextInput, j as MetricsPort, k as TracerPort, l as Page, m as Repository, n as TemporalUseCaseInput, o as assertTemporalContext, p as TemporalRepository, r as TemporalizedContextSeed, s as createTemporalContext, t as TemporalUseCase, u as Query, v as PolicyPort, w as MaybePromise, x as CommandInput, y as PolicyPortError } from "./temporal-use-case.js";
1
+ import { n as RequestedByKind, t as RequestedBy } from "./requested-by.js";
2
+ import { a as AbacPolicySet, c as AbacRuleProps, d as AbacAuthorizerPort, f as AbacAttributes, i as AbacDecision, l as RuleEffect, n as CompositeAuthorizer, o as CombiningAlgorithm, p as AbacRequest, r as AbacAuthorizer, s as AbacRule, t as CompositeAccessRequest, u as abacContext } from "./composite-authorizer.js";
4
3
  import { a as JsonSafeRecord, i as JsonSafePrimitive, n as AppErrorOptions, o as JsonSafeValue, r as ErrorSeverity, t as AppError } from "./app-error.js";
5
- import { $ as serializationErrorCode, A as IdempotencyPayloadMismatchError, B as UniqueConstraintViolation, C as IntegrationErrorMetadata, D as IdempotencyFailureKind, E as IdempotencyErrorMetadata, F as AlreadyExistsError, G as AuthorizationErrorMetadata, H as translateUniqueViolationToDuplicate, I as ConflictError, J as AuthenticationError, K as AuthorizationErrorReason, L as ConflictErrorMetadata, M as payloadHash, N as sha256Hex, O as IdempotencyInProgressError, P as stableStringify, Q as ErrorCodes, R as ConflictKind, S as IntegrationError, T as IdempotencyError, U as BusinessRuleViolationError, V as UniqueConstraintViolationError, W as AuthorizationError, X as AuthenticationErrorReason, Y as AuthenticationErrorMetadata, Z as assertJsonSafeMetadata, _ as SerializationMessages, a as TemporalError, b as NotFoundError, c as TemporalPrecision, d as SerializationCodes, f as SerializationDirection, g as SerializationInError, h as SerializationFailureCategory, i as NotYetValidError, j as IdempotencyReplayNotSupportedError, k as IdempotencyKeyMissingError, l as evaluateTemporalWindow, m as SerializationErrorMetadata, n as UnexpectedError, o as TemporalErrorMetadata, p as SerializationError, q as AuthorizationRequirement, r as ExpiredError, s as TemporalKind, t as ValidationError, u as SerializationBoundary, v as SerializationOutError, w as IntegrationErrorReason, x as LegacyIncompatibleError, y as safePreview, z as DuplicateError } from "./validation-error.js";
4
+ import { i as AuthorizationRequirement, n as AuthorizationErrorMetadata, r as AuthorizationErrorReason, t as AuthorizationError } from "./authorization-error.js";
5
+ import { n as Ok, r as Result, t as Err } from "./result.js";
6
+ import { n as Outcome, t as CommonOutcomeStatus } from "./outcome.js";
7
+ import { C as GateTraceNodeSnapshot, D as VersionedGateEngine, E as PolicyViolation, O as GatePayload, S as GateTraceLeafSnapshot, T as PolicyContext, _ as ConditionEvaluationReportTag, a as PolicyDecisionId, b as GateOutcomeData, c as TenantId, d as asSchoolId, f as asTenantId, g as ConditionEvaluationReportLevel, h as ConditionEvaluationReport, l as asPolicyDecisionId, m as ConditionEvaluationOptions, n as CoreConfigOptions, o as PolicyDefinitionId, p as ConditionEvaluationCause, r as CoreObservabilityConfig, s as SchoolId, t as CoreConfig, u as asPolicyDefinitionId, v as ConditionEvaluatorReporter, w as GateViolationTrace, x as GateStatus, y as GateOutcome } from "./core-config.js";
8
+ import { a as PolicyPackage, c as coreConfig, i as PolicyCatalogFactory, n as contextResolverRegistry, o as InMemoryPolicyDefinitionRepository, r as registerNamespacedContextResolvers, s as PolicyHashing, t as PolicyContextPath } from "./path.js";
9
+ import { a as PluginContract, i as PipelineReducer, n as BasePlugin, r as InvokeOptions, t as PluginManager } from "./plugin.js";
10
+ import { t as DeepReadonly } from "./immutable.js";
11
+ import { i as version, n as ContractVersion, r as VersionedTarget, t as CONTRACT_VERSION_PROPERTY } from "./version.js";
12
+ import { n as ValueObjectPluginContract, t as ValueObject } from "./value-object.js";
13
+ import { a as Permission, i as ScopeProps, n as AccessRequest, o as PermissionProps, r as Scope, t as AuthorizerPort } from "./authorizer.port.js";
14
+ import { A as LogPayload, C as UseCase, D as TracerPort, E as TraceSpan, O as MetricLabels, S as MaybePromise, T as TraceAttributeValue, _ as PolicyEvaluationOutput, a as TemporalContext, b as Command, c as CacheStrategy, d as mapPolicyEvaluationError, f as TemporalHistory, g as PolicyEvaluationInput, h as ResultRepository, i as CreateTemporalContextInput, j as LoggerPort, k as MetricsPort, l as Page, m as Repository, n as TemporalUseCaseInput, o as assertTemporalContext, p as TemporalRepository, r as TemporalizedContextSeed, s as createTemporalContext, t as TemporalUseCase, u as Query, v as PolicyPort, w as UseCaseObservability, x as CommandInput, y as PolicyPortError } from "./temporal-use-case.js";
15
+ import { A as IdempotencyPayloadMismatchError, B as UniqueConstraintViolation, C as IntegrationErrorMetadata, D as IdempotencyFailureKind, E as IdempotencyErrorMetadata, F as AlreadyExistsError, G as AuthenticationErrorMetadata, H as translateUniqueViolationToDuplicate, I as ConflictError, J as ErrorCodes, K as AuthenticationErrorReason, L as ConflictErrorMetadata, M as payloadHash, N as sha256Hex, O as IdempotencyInProgressError, P as stableStringify, R as ConflictKind, S as IntegrationError, T as IdempotencyError, U as BusinessRuleViolationError, V as UniqueConstraintViolationError, W as AuthenticationError, Y as serializationErrorCode, _ as SerializationMessages, a as TemporalError, b as NotFoundError, c as TemporalPrecision, d as SerializationCodes, f as SerializationDirection, g as SerializationInError, h as SerializationFailureCategory, i as NotYetValidError, j as IdempotencyReplayNotSupportedError, k as IdempotencyKeyMissingError, l as evaluateTemporalWindow, m as SerializationErrorMetadata, n as UnexpectedError, o as TemporalErrorMetadata, p as SerializationError, q as assertJsonSafeMetadata, r as ExpiredError, s as TemporalKind, t as ValidationError, u as SerializationBoundary, v as SerializationOutError, w as IntegrationErrorReason, x as LegacyIncompatibleError, y as safePreview, z as DuplicateError } from "./validation-error.js";
6
16
  import { t as ValidationCode } from "./validation-code.js";
7
17
  import { t as ValidationField } from "./validation-field.js";
8
- import { A as ConditionEvaluationReportTag, C as asPolicyDefinitionId, D as ConditionEvaluationOptions, E as ConditionEvaluationCause, O as ConditionEvaluationReport, S as asPolicyDecisionId, T as asTenantId, a as GateTraceNodeSnapshot, b as SchoolId, c as PolicyViolation, g as CoreObservabilityConfig, h as CoreConfigOptions, i as GateTraceLeafSnapshot, j as ConditionEvaluatorReporter, k as ConditionEvaluationReportLevel, l as VersionedGateEngine, m as CoreConfig, n as GateOutcomeData, o as GateViolationTrace, r as GateStatus, s as PolicyContext, t as GateOutcome, u as GatePayload, v as PolicyDecisionId, w as asSchoolId, x as TenantId, y as PolicyDefinitionId } from "./gate-types.js";
9
- import { a as PolicyPackage, c as coreConfig, i as PolicyCatalogFactory, n as contextResolverRegistry, o as InMemoryPolicyDefinitionRepository, r as registerNamespacedContextResolvers, s as PolicyHashing, t as PolicyContextPath } from "./path.js";
10
18
  import { A as PolicyScope, C as BasePolicyDefinitionProps, D as PolicyDefinition, E as GatePolicyDefinitionProps, F as PolicyKey, I as AsOfSource, L as PolicyKind, M as ScopeChain, N as PolicyCatalog, O as PolicyDefinitionProps, P as PolicyCatalogEntryProps, R as PolicyOwner, T as FindCandidatesParams, _ as ContextResolverResilienceOptions, a as PolicyServiceOptions, b as ContextSeed, c as PolicyEvaluationErrors, d as PolicyAsOfResolver, f as PolicyContextBuilder, g as ContextResolverCircuitBreakerOptions, h as registerNamespacedContextResolversIn, i as PolicyService, j as PolicyScopeMatcher, k as PolicyDefinitionStatus, l as PolicyResolver, m as ContextResolverRegistry, n as PolicyDecision, o as PolicyServiceParams, p as PolicyContextBuilderOptions, r as PolicyEvaluationResult, s as PolicyEvaluationError, t as EvaluateInput, u as DeriveAsOfOptions, v as ContextResolverRetryOptions, w as ComputePolicyDefinitionProps, x as ContextSeedValidator, y as ContextValueResolver, z as PolicyScopeLevel } from "./policy-service.js";
11
19
  import { a as ComputeOutcome, c as VersionedComputeEngine, i as ComputeEvaluatorRegistration, n as ComputeRegistry, o as ComputeOutcomeData, r as ComputeEvaluator, s as ComputeStatus, t as GateEngineRegistry } from "./gate-engine-registry.js";
12
20
  import { a as ComputePayloadParserRegistry, c as ComputeEvaluatorRegistry, o as ComputePayloadParsers, r as GatePayloadParsers, s as ComputeEngineRegistry } from "./parse-gate-payload.js";
13
- import { t as DeepReadonly } from "./immutable.js";
14
- import { a as EntityState, i as Entity, n as ValueObject, r as ValueObjectPluginContract, t as UuidIdentifier } from "./uuid-identifier.js";
15
- import { a as PluginContract, i as PipelineReducer, n as BasePlugin, r as InvokeOptions, t as PluginManager } from "./plugin.js";
21
+ import { n as Entity, r as EntityState, t as UuidIdentifier } from "./uuid-identifier.js";
16
22
  import { t as DomainException } from "./domain-exception.js";
17
23
  import { a as InvariantViolationException, c as BusinessRuleViolationException, i as ValidationViolation, n as MultipleValidationException, o as InvalidStateTransitionException, r as ValidationException, s as EntityNotFoundException, t as InvalidValueException } from "./validation-exception.js";
18
24
  import { a as Ruleset, i as InvariantRuleset, n as RulesetRegistry, o as RulesetId, r as CreationRuleset, t as ValueObjectRuleset } from "./value-object-ruleset.contracts.js";
25
+ import { a as GrantProps, i as Grant, n as PermissionSet, o as Role, r as RbacAuthorizer, s as RoleProps, t as rbacContextFields } from "./policy-bridge.js";
19
26
  import { a as buildDomainEventContractVersions, i as DomainEventEnvelope, n as DomainEventContractSelection, o as createDomainEventEnvelope, r as DomainEventContractVersions, t as CreateDomainEventEnvelopeInput } from "./domain-event-contracts.js";
20
27
 
21
28
  //#region src/index.d.ts
22
29
  declare const ERP_CORE_NAME = "erp-core";
23
- declare const ERP_CORE_VERSION = "1.3.0";
30
+ declare const ERP_CORE_VERSION = "1.5.0";
24
31
  declare const erpCoreRelease: {
25
32
  readonly name: "erp-core";
26
- readonly version: "1.3.0";
33
+ readonly version: "1.5.0";
27
34
  };
28
35
  //#endregion
29
- export { AlreadyExistsError, AppError, AppErrorOptions, AsOfSource, AuthenticationError, AuthenticationErrorMetadata, AuthenticationErrorReason, AuthorizationError, AuthorizationErrorMetadata, AuthorizationErrorReason, AuthorizationRequirement, BasePlugin, BasePolicyDefinitionProps, BusinessRuleViolationError, BusinessRuleViolationException, CONTRACT_VERSION_PROPERTY, CacheStrategy, Command, CommandInput, CommonOutcomeStatus, ComputeEngineRegistry, ComputeEvaluator, ComputeEvaluatorRegistration, ComputeEvaluatorRegistry, ComputeOutcome, ComputeOutcomeData, ComputePayloadParserRegistry, ComputePayloadParsers, ComputePolicyDefinitionProps, ComputeRegistry, ComputeStatus, ConditionEvaluationCause, ConditionEvaluationOptions, ConditionEvaluationReport, ConditionEvaluationReportLevel, ConditionEvaluationReportTag, ConditionEvaluatorReporter, ConflictError, ConflictErrorMetadata, ConflictKind, ContextResolverCircuitBreakerOptions, ContextResolverRegistry, ContextResolverResilienceOptions, ContextResolverRetryOptions, ContextSeed, ContextSeedValidator, ContextValueResolver, ContractVersion, CoreConfig, CoreConfigOptions, CoreObservabilityConfig, CreateDomainEventEnvelopeInput, CreateTemporalContextInput, CreationRuleset, DeepReadonly, DeriveAsOfOptions, SerializationInError as DeserializationError, SerializationInError, DomainEventContractSelection, DomainEventContractVersions, DomainEventEnvelope, DomainException, DuplicateError, ERP_CORE_NAME, ERP_CORE_VERSION, Entity, EntityNotFoundException, EntityState, Err, ErrorCodes, ErrorSeverity, EvaluateInput, ExpiredError, TemporalErrorMetadata as ExpiredErrorMetadata, TemporalErrorMetadata, TemporalPrecision as ExpiredErrorPrecision, TemporalPrecision, FindCandidatesParams, GateEngineRegistry, GateOutcome, GateOutcomeData, GatePayload, GatePayloadParsers, GatePolicyDefinitionProps, GateStatus, GateTraceLeafSnapshot, GateTraceNodeSnapshot, GateViolationTrace, IdempotencyError, IdempotencyErrorMetadata, IdempotencyFailureKind, IdempotencyInProgressError, IdempotencyKeyMissingError, IdempotencyPayloadMismatchError, IdempotencyReplayNotSupportedError, InMemoryPolicyDefinitionRepository, IntegrationError, IntegrationErrorMetadata, IntegrationErrorReason, InvalidStateTransitionException, InvalidValueException, InvariantRuleset, InvariantViolationException, InvokeOptions, JsonSafePrimitive, JsonSafeRecord, JsonSafeValue, LegacyIncompatibleError, LogPayload, LoggerPort, MaybePromise, MetricLabels, MetricsPort, MultipleValidationException, NotFoundError, NotYetValidError, Ok, Outcome, Page, PipelineReducer, PluginContract, PluginManager, PolicyAsOfResolver, PolicyCatalog, PolicyCatalogEntryProps, PolicyCatalogFactory, PolicyContext, PolicyContextBuilder, PolicyContextBuilderOptions, PolicyContextPath, PolicyDecision, PolicyDecisionId, PolicyDefinition, PolicyDefinitionId, PolicyDefinitionProps, PolicyDefinitionStatus, PolicyEvaluationError, PolicyEvaluationErrors, PolicyEvaluationInput, PolicyEvaluationOutput, PolicyEvaluationResult, PolicyHashing, PolicyKey, PolicyKind, PolicyOwner, PolicyPackage, PolicyPort, PolicyPortError, PolicyResolver, PolicyScope, PolicyScopeLevel, PolicyScopeMatcher, PolicyService, PolicyServiceOptions, PolicyServiceParams, PolicyViolation, Query, Repository, RequestedBy, RequestedByKind, Result, ResultRepository, Ruleset, RulesetId, RulesetRegistry, SchoolId, ScopeChain, SerializationBoundary, SerializationCodes, SerializationDirection, SerializationError, SerializationErrorMetadata, SerializationFailureCategory, SerializationMessages, SerializationOutError, TemporalContext, TemporalError, TemporalHistory, TemporalKind, TemporalRepository, TemporalUseCase, TemporalUseCaseInput, TemporalizedContextSeed, TenantId, TraceAttributeValue, TraceSpan, TracerPort, UnexpectedError, UniqueConstraintViolation, UniqueConstraintViolationError, UseCase, UseCaseObservability, UuidIdentifier, ValidationCode, ValidationError, ValidationException, ValidationField, ValidationViolation, ValueObject, ValueObjectPluginContract, ValueObjectRuleset, VersionedComputeEngine, VersionedGateEngine, VersionedTarget, asPolicyDecisionId, asPolicyDefinitionId, asSchoolId, asTenantId, assertJsonSafeMetadata, assertTemporalContext, buildDomainEventContractVersions, contextResolverRegistry, coreConfig, createDomainEventEnvelope, createTemporalContext, erpCoreRelease, evaluateTemporalWindow, mapPolicyEvaluationError, payloadHash, registerNamespacedContextResolvers, registerNamespacedContextResolversIn, safePreview, serializationErrorCode, sha256Hex, stableStringify, translateUniqueViolationToDuplicate, version };
36
+ export { AbacAttributes, AbacAuthorizer, AbacAuthorizerPort, AbacDecision, AbacPolicySet, AbacRequest, AbacRule, AbacRuleProps, AccessRequest, AlreadyExistsError, AppError, AppErrorOptions, AsOfSource, AuthenticationError, AuthenticationErrorMetadata, AuthenticationErrorReason, AuthorizationError, AuthorizationErrorMetadata, AuthorizationErrorReason, AuthorizationRequirement, AuthorizerPort, BasePlugin, BasePolicyDefinitionProps, BusinessRuleViolationError, BusinessRuleViolationException, CONTRACT_VERSION_PROPERTY, CacheStrategy, CombiningAlgorithm, Command, CommandInput, CommonOutcomeStatus, CompositeAccessRequest, CompositeAuthorizer, ComputeEngineRegistry, ComputeEvaluator, ComputeEvaluatorRegistration, ComputeEvaluatorRegistry, ComputeOutcome, ComputeOutcomeData, ComputePayloadParserRegistry, ComputePayloadParsers, ComputePolicyDefinitionProps, ComputeRegistry, ComputeStatus, ConditionEvaluationCause, ConditionEvaluationOptions, ConditionEvaluationReport, ConditionEvaluationReportLevel, ConditionEvaluationReportTag, ConditionEvaluatorReporter, ConflictError, ConflictErrorMetadata, ConflictKind, ContextResolverCircuitBreakerOptions, ContextResolverRegistry, ContextResolverResilienceOptions, ContextResolverRetryOptions, ContextSeed, ContextSeedValidator, ContextValueResolver, ContractVersion, CoreConfig, CoreConfigOptions, CoreObservabilityConfig, CreateDomainEventEnvelopeInput, CreateTemporalContextInput, CreationRuleset, DeepReadonly, DeriveAsOfOptions, SerializationInError as DeserializationError, SerializationInError, DomainEventContractSelection, DomainEventContractVersions, DomainEventEnvelope, DomainException, DuplicateError, ERP_CORE_NAME, ERP_CORE_VERSION, Entity, EntityNotFoundException, EntityState, Err, ErrorCodes, ErrorSeverity, EvaluateInput, ExpiredError, TemporalErrorMetadata as ExpiredErrorMetadata, TemporalErrorMetadata, TemporalPrecision as ExpiredErrorPrecision, TemporalPrecision, FindCandidatesParams, GateEngineRegistry, GateOutcome, GateOutcomeData, GatePayload, GatePayloadParsers, GatePolicyDefinitionProps, GateStatus, GateTraceLeafSnapshot, GateTraceNodeSnapshot, GateViolationTrace, Grant, GrantProps, IdempotencyError, IdempotencyErrorMetadata, IdempotencyFailureKind, IdempotencyInProgressError, IdempotencyKeyMissingError, IdempotencyPayloadMismatchError, IdempotencyReplayNotSupportedError, InMemoryPolicyDefinitionRepository, IntegrationError, IntegrationErrorMetadata, IntegrationErrorReason, InvalidStateTransitionException, InvalidValueException, InvariantRuleset, InvariantViolationException, InvokeOptions, JsonSafePrimitive, JsonSafeRecord, JsonSafeValue, LegacyIncompatibleError, LogPayload, LoggerPort, MaybePromise, MetricLabels, MetricsPort, MultipleValidationException, NotFoundError, NotYetValidError, Ok, Outcome, Page, Permission, PermissionProps, PermissionSet, PipelineReducer, PluginContract, PluginManager, PolicyAsOfResolver, PolicyCatalog, PolicyCatalogEntryProps, PolicyCatalogFactory, PolicyContext, PolicyContextBuilder, PolicyContextBuilderOptions, PolicyContextPath, PolicyDecision, PolicyDecisionId, PolicyDefinition, PolicyDefinitionId, PolicyDefinitionProps, PolicyDefinitionStatus, PolicyEvaluationError, PolicyEvaluationErrors, PolicyEvaluationInput, PolicyEvaluationOutput, PolicyEvaluationResult, PolicyHashing, PolicyKey, PolicyKind, PolicyOwner, PolicyPackage, PolicyPort, PolicyPortError, PolicyResolver, PolicyScope, PolicyScopeLevel, PolicyScopeMatcher, PolicyService, PolicyServiceOptions, PolicyServiceParams, PolicyViolation, Query, RbacAuthorizer, Repository, RequestedBy, RequestedByKind, Result, ResultRepository, Role, RoleProps, RuleEffect, Ruleset, RulesetId, RulesetRegistry, SchoolId, Scope, ScopeChain, ScopeProps, SerializationBoundary, SerializationCodes, SerializationDirection, SerializationError, SerializationErrorMetadata, SerializationFailureCategory, SerializationMessages, SerializationOutError, TemporalContext, TemporalError, TemporalHistory, TemporalKind, TemporalRepository, TemporalUseCase, TemporalUseCaseInput, TemporalizedContextSeed, TenantId, TraceAttributeValue, TraceSpan, TracerPort, UnexpectedError, UniqueConstraintViolation, UniqueConstraintViolationError, UseCase, UseCaseObservability, UuidIdentifier, ValidationCode, ValidationError, ValidationException, ValidationField, ValidationViolation, ValueObject, ValueObjectPluginContract, ValueObjectRuleset, VersionedComputeEngine, VersionedGateEngine, VersionedTarget, abacContext, asPolicyDecisionId, asPolicyDefinitionId, asSchoolId, asTenantId, assertJsonSafeMetadata, assertTemporalContext, buildDomainEventContractVersions, contextResolverRegistry, coreConfig, createDomainEventEnvelope, createTemporalContext, erpCoreRelease, evaluateTemporalWindow, mapPolicyEvaluationError, payloadHash, rbacContextFields, registerNamespacedContextResolvers, registerNamespacedContextResolversIn, safePreview, serializationErrorCode, sha256Hex, stableStringify, translateUniqueViolationToDuplicate, version };
30
37
  //# sourceMappingURL=index.d.ts.map