@cullet/erp-core 1.4.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/KIT_CONTEXT.md +6 -0
  2. package/dist/app-error.cjs +14 -6
  3. package/dist/app-error.cjs.map +1 -1
  4. package/dist/app-error.js +14 -6
  5. package/dist/app-error.js.map +1 -1
  6. package/dist/condition-evaluator.cjs +14 -0
  7. package/dist/condition-evaluator.cjs.map +1 -1
  8. package/dist/condition-evaluator.js +14 -0
  9. package/dist/condition-evaluator.js.map +1 -1
  10. package/dist/entity.cjs +2 -6
  11. package/dist/entity.cjs.map +1 -1
  12. package/dist/entity.js +2 -6
  13. package/dist/entity.js.map +1 -1
  14. package/dist/errors/index.cjs +2 -1
  15. package/dist/errors/index.js +2 -1
  16. package/dist/hashing.cjs +2 -44
  17. package/dist/hashing.cjs.map +1 -1
  18. package/dist/hashing.js +2 -38
  19. package/dist/hashing.js.map +1 -1
  20. package/dist/index.cjs +3 -2
  21. package/dist/index.cjs.map +1 -1
  22. package/dist/index.d.cts +2 -2
  23. package/dist/index.d.ts +2 -2
  24. package/dist/index.js +3 -2
  25. package/dist/index.js.map +1 -1
  26. package/dist/policies/engines/v1/gate/index.d.cts +2 -0
  27. package/dist/policies/engines/v1/gate/index.d.ts +2 -0
  28. package/dist/policy-service.cjs +2 -1
  29. package/dist/policy-service.cjs.map +1 -1
  30. package/dist/policy-service.js +2 -1
  31. package/dist/policy-service.js.map +1 -1
  32. package/dist/requested-by.cjs +3 -3
  33. package/dist/requested-by.cjs.map +1 -1
  34. package/dist/requested-by.js +1 -1
  35. package/dist/requested-by.js.map +1 -1
  36. package/dist/stable-stringify.cjs +47 -0
  37. package/dist/stable-stringify.cjs.map +1 -0
  38. package/dist/stable-stringify.js +42 -0
  39. package/dist/stable-stringify.js.map +1 -0
  40. package/dist/temporal-use-case.cjs +5 -0
  41. package/dist/temporal-use-case.cjs.map +1 -1
  42. package/dist/temporal-use-case.d.cts +6 -1
  43. package/dist/temporal-use-case.d.ts +6 -1
  44. package/dist/temporal-use-case.js +5 -0
  45. package/dist/temporal-use-case.js.map +1 -1
  46. package/dist/use-case.cjs +2 -6
  47. package/dist/use-case.cjs.map +1 -1
  48. package/dist/use-case.js +2 -6
  49. package/dist/use-case.js.map +1 -1
  50. package/dist/uuid-identifier.cjs +2 -7
  51. package/dist/uuid-identifier.cjs.map +1 -1
  52. package/dist/uuid-identifier.js +1 -6
  53. package/dist/uuid-identifier.js.map +1 -1
  54. package/dist/uuid.cjs +18 -0
  55. package/dist/uuid.cjs.map +1 -0
  56. package/dist/uuid.js +13 -0
  57. package/dist/uuid.js.map +1 -0
  58. package/dist/validation-error.d.cts +10 -5
  59. package/dist/validation-error.d.ts +10 -5
  60. package/dist/value-object.cjs +12 -3
  61. package/dist/value-object.cjs.map +1 -1
  62. package/dist/value-object.d.cts +9 -1
  63. package/dist/value-object.d.ts +9 -1
  64. package/dist/value-object.js +12 -3
  65. package/dist/value-object.js.map +1 -1
  66. package/meta.json +4 -2
  67. package/package.json +1 -1
  68. package/src/core/application/commands/requested-by.ts +3 -4
  69. package/src/core/application/queries/query.ts +6 -1
  70. package/src/core/application/use-case.ts +1 -1
  71. package/src/core/domain/entity.ts +1 -1
  72. package/src/core/domain/uuid-identifier.ts +1 -8
  73. package/src/core/domain/value-object.ts +12 -3
  74. package/src/core/errors/utils/json-safe.ts +20 -11
  75. package/src/core/policies/engines/v1/condition-evaluator.ts +56 -1
  76. package/src/core/shared/hashing.ts +1 -55
  77. package/src/core/shared/stable-stringify.ts +57 -0
  78. package/src/core/shared/uuid.ts +11 -0
  79. package/src/version.ts +1 -1
package/KIT_CONTEXT.md CHANGED
@@ -34,6 +34,12 @@ Implemente as portas em `application/ports/` para conectar a stack real:
34
34
  - Repositórios do seu domínio, sempre com verbo mínimo.
35
35
  - `AuthorizerPort`/`AbacAuthorizerPort`/`AuthenticatorPort`.
36
36
 
37
+ ## [known-limits] Limitações conhecidas
38
+
39
+ - **Dois registries são estado global de processo** (a promessa "composição sem singletons" não os cobre): `GatePayloadParsers` (parsers de payload gate) e `ValueObject.plugins` (plugin de igualdade) valem para o processo inteiro — hosts multi-tenant no mesmo processo compartilham esses registros mesmo usando `CoreConfig`/registries isolados.
40
+ - **ABAC é fail-closed por regra não-avaliável**: toda condição do set é avaliada, independente do algoritmo de combinação — adicionar uma regra que referencia um atributo que um call site não fornece passa a negar (403 `forbidden`) nesses call sites até o atributo ser suprido.
41
+ - **`Date` aninhado em `ValueObject` não é congelável** (`Object.freeze` não bloqueia `setTime`): o clone protege do caller, mas quem lê `value` consegue mutar o `Date` interno. Prefira ISO string/timestamp no estado do VO.
42
+
37
43
  ## [non-goals] Não-objetivos
38
44
 
39
45
  - **Não é ORM.** Nenhuma mágica de mapeamento, nenhum decorator de persistência.
@@ -58,8 +58,10 @@ function isPlainObject(value) {
58
58
  function sanitizeValue(value, seen) {
59
59
  if (value === null) return null;
60
60
  const type = typeof value;
61
- if (type === "string" || type === "number" || type === "boolean") return value;
62
- if (type === "bigint" || type === "function" || type === "symbol" || value === void 0) return NON_SERIALIZABLE_PLACEHOLDER;
61
+ if (type === "number") return Number.isFinite(value) ? value : NON_SERIALIZABLE_PLACEHOLDER;
62
+ if (type === "string" || type === "boolean") return value;
63
+ if (value === void 0) return null;
64
+ if (type === "bigint" || type === "function" || type === "symbol") return NON_SERIALIZABLE_PLACEHOLDER;
63
65
  if (Array.isArray(value)) {
64
66
  if (seen.has(value)) return CIRCULAR_REFERENCE_PLACEHOLDER;
65
67
  seen.add(value);
@@ -72,18 +74,24 @@ function sanitizeValue(value, seen) {
72
74
  if (seen.has(value)) return CIRCULAR_REFERENCE_PLACEHOLDER;
73
75
  seen.add(value);
74
76
  const result = {};
75
- for (const [key, val] of Object.entries(value)) result[key] = sanitizeValue(val, seen);
77
+ for (const [key, val] of Object.entries(value)) {
78
+ if (val === void 0) continue;
79
+ result[key] = sanitizeValue(val, seen);
80
+ }
76
81
  seen.delete(value);
77
82
  return result;
78
83
  }
79
84
  /**
80
85
  * Ensures metadata is JSON-serializable.
81
86
  *
82
- * **Allowed:** string, number, boolean, null, arrays, and plain objects.
87
+ * **Allowed:** finite number, string, boolean, null, arrays, and plain objects.
88
+ *
89
+ * **Dropped (mirroring `JSON.stringify`):** object properties whose value is
90
+ * `undefined` (the key is omitted); an `undefined` array item becomes `null`.
83
91
  *
84
92
  * **Converted to placeholder:** Date, BigInt, class instances, functions,
85
- * symbols, undefined, and circular references (which would otherwise make
86
- * `JSON.stringify` throw).
93
+ * symbols, non-finite numbers (`NaN`/`Infinity`), and circular references
94
+ * (which would otherwise make `JSON.stringify` throw).
87
95
  *
88
96
  * @throws {TypeError} If `input` is not a plain object at the root level.
89
97
  */
@@ -1 +1 @@
1
- {"version":3,"file":"app-error.cjs","names":[],"sources":["../src/core/errors/error-codes.ts","../src/core/errors/utils/json-safe.ts","../src/core/errors/app-error.ts"],"sourcesContent":["const ErrorCodes = {\n authentication: {\n missingToken: \"sec.authn.missing_token\",\n invalidToken: \"sec.authn.invalid_token\",\n expiredToken: \"sec.authn.expired_token\",\n invalidCredentials: \"sec.authn.invalid_credentials\",\n },\n authorization: {\n forbidden: \"sec.authz.forbidden\",\n policyDenied: \"sec.authz.policy_denied\",\n missingRole: \"sec.authz.missing_role\",\n missingCapability: \"sec.authz.missing_capability\",\n outOfScope: \"sec.authz.out_of_scope\",\n },\n businessRuleViolation: \"business_rule_violation\",\n conflict: {\n alreadyExists: \"conf.already_exists\",\n duplicate: \"conf.duplicate\",\n uniqueViolation: \"conf.unique_violation\",\n },\n idempotency: {\n keyMissing: \"idemp.key_missing\",\n inProgress: \"idemp.in_progress\",\n payloadMismatch: \"idemp.payload_mismatch\",\n replayNotSupported: \"idemp.replay_not_supported\",\n },\n integration: {\n timeout: \"int.timeout\",\n unreachable: \"int.unreachable\",\n badResponse: \"int.bad_response\",\n },\n legacyIncompatible: \"legacy_incompatible\",\n notFound: \"not_found\",\n serialization: {\n deserializePrefix: \"ser.des\",\n serializePrefix: \"ser.ser\",\n },\n temporal: {\n expired: \"tmp.expired\",\n notYetValid: \"tmp.not_yet_valid\",\n },\n unexpected: \"unexpected\",\n validation: \"validation_error\",\n} as const;\n\ntype SerializationCodeDirection = \"deserialize\" | \"serialize\";\n\nfunction serializationErrorCode(\n direction: SerializationCodeDirection,\n category: string,\n): string {\n const prefix =\n direction === \"deserialize\"\n ? ErrorCodes.serialization.deserializePrefix\n : ErrorCodes.serialization.serializePrefix;\n\n return `${prefix}.${category}`;\n}\n\nexport { ErrorCodes, serializationErrorCode };\nexport type { SerializationCodeDirection };\n","// Utilities for ensuring metadata is JSON-serializable.\n\nimport type { JsonSafeRecord, JsonSafeValue } from \"../types.js\";\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Constants\n// ─────────────────────────────────────────────────────────────────────────────\n\nconst NON_SERIALIZABLE_PLACEHOLDER = \"[NonSerializable]\";\nconst CIRCULAR_REFERENCE_PLACEHOLDER = \"[Circular]\";\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Internal helpers\n// ─────────────────────────────────────────────────────────────────────────────\n\nfunction isPlainObject(value: unknown): value is Record<string, unknown> {\n if (value === null || typeof value !== \"object\") return false;\n const proto = Object.getPrototypeOf(value);\n return proto === Object.prototype || proto === null;\n}\n\n// `seen` tracks the ancestors on the current traversal branch (a DFS path), not\n// every object visited. This collapses true circular references to a placeholder\n// while still serializing the same object referenced more than once across\n// sibling branches (a DAG) — matching `JSON.stringify`, which only rejects\n// cycles, not shared references.\nfunction sanitizeValue(value: unknown, seen: WeakSet<object>): JsonSafeValue {\n // Null passthrough\n if (value === null) return null;\n\n const type = typeof value;\n\n // Primitives\n if (type === \"string\" || type === \"number\" || type === \"boolean\") {\n return value as JsonSafeValue;\n }\n\n // Non-serializable primitives\n if (\n type === \"bigint\" ||\n type === \"function\" ||\n type === \"symbol\" ||\n value === undefined\n ) {\n return NON_SERIALIZABLE_PLACEHOLDER;\n }\n\n // Arrays (recursive)\n if (Array.isArray(value)) {\n if (seen.has(value)) return CIRCULAR_REFERENCE_PLACEHOLDER;\n seen.add(value);\n const sanitized = value.map((item) => sanitizeValue(item, seen));\n seen.delete(value);\n return sanitized;\n }\n\n // Date → placeholder (could also use .toISOString() if preferred)\n if (value instanceof Date) {\n return NON_SERIALIZABLE_PLACEHOLDER;\n }\n\n // Class instances and non-plain objects → placeholder\n if (!isPlainObject(value)) {\n return NON_SERIALIZABLE_PLACEHOLDER;\n }\n\n // Plain object (recursive)\n if (seen.has(value)) return CIRCULAR_REFERENCE_PLACEHOLDER;\n seen.add(value);\n const result: Record<string, JsonSafeValue> = {};\n for (const [key, val] of Object.entries(value)) {\n result[key] = sanitizeValue(val, seen);\n }\n seen.delete(value);\n return result;\n}\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Public API\n// ─────────────────────────────────────────────────────────────────────────────\n\n/**\n * Ensures metadata is JSON-serializable.\n *\n * **Allowed:** string, number, boolean, null, arrays, and plain objects.\n *\n * **Converted to placeholder:** Date, BigInt, class instances, functions,\n * symbols, undefined, and circular references (which would otherwise make\n * `JSON.stringify` throw).\n *\n * @throws {TypeError} If `input` is not a plain object at the root level.\n */\nfunction assertJsonSafeMetadata(input: unknown): JsonSafeRecord {\n if (input === undefined) {\n return {};\n }\n\n if (!isPlainObject(input)) {\n throw new TypeError(\n \"metadata must be a plain object (Record<string, unknown>).\",\n );\n }\n\n return sanitizeValue(input, new WeakSet<object>()) as JsonSafeRecord;\n}\n\nexport {\n assertJsonSafeMetadata,\n CIRCULAR_REFERENCE_PLACEHOLDER,\n NON_SERIALIZABLE_PLACEHOLDER,\n};\n","// Base application error for the domain/application layer.\n// Encapsulates a code, optional cause, and JSON-safe metadata.\n\nimport type {\n AppErrorOptions,\n ErrorSeverity,\n JsonSafeRecord,\n} from \"./types.js\";\nimport { assertJsonSafeMetadata } from \"./utils/index.js\";\n\n// ─────────────────────────────────────────────────────────────────────────────\n// AppError (abstract base class)\n// ─────────────────────────────────────────────────────────────────────────────\n\n/**\n * Root of the application/domain error hierarchy. Every error the system raises\n * on purpose extends `AppError`, which gives callers a single `instanceof` to\n * catch and a uniform, serializable shape to log and transport.\n *\n * Beyond the native `Error` message it carries a stable `code` (the contract the\n * outside world matches on), an optional non-leaking `publicMessage`, a\n * severity, JSON-safe `metadata`, and the correlation/request/command ids that\n * stitch an error back to the request that produced it. The metadata is\n * validated as JSON-safe on construction, so a logger can serialize any\n * `AppError` without hitting a circular reference or a non-serializable value.\n *\n * Abstract on purpose: callers should throw a specific subclass (e.g.\n * {@link ValidationError}, {@link NotFoundError}) so the `code` and shape are\n * meaningful, never a bare `AppError`.\n */\nabstract class AppError extends Error {\n public readonly code: string;\n public readonly cause?: unknown;\n public readonly metadata?: JsonSafeRecord;\n public readonly type?: string;\n public readonly severity?: ErrorSeverity;\n public readonly createdAtIso: string;\n public readonly publicMessage?: string;\n /**\n * Identifies a single execution \"story\" in the system. All operations\n * related to the same logical flow must share the same correlationId.\n */\n public readonly correlationId?: string;\n /**\n * Identifies a specific technical request attempt (each retry may produce\n * a new requestId), even when the correlationId stays the same.\n */\n public readonly requestId?: string;\n /**\n * Marks the business intent / idempotency key; stays the same across\n * technical retries and multiple requests that represent the same intent.\n */\n public readonly commandId?: string;\n\n /**\n * Builds the common error envelope shared by every subclass.\n *\n * `name` is taken from `new.target` so the thrown instance reports its\n * concrete subclass name (not `\"AppError\"`), and the prototype is re-pinned\n * via `setPrototypeOf` so `instanceof` keeps working after transpilation to\n * older targets where extending built-ins breaks the chain. `createdAtIso`\n * defaults to now, and `metadata` is validated as JSON-safe so the error is\n * always serializable.\n *\n * Declared `protected`: instantiate a concrete subclass, never `AppError`.\n *\n * @param message - The internal, developer-facing message.\n * @param code - The stable machine-readable code callers match on.\n * @param options - Optional cause, metadata, severity, and correlation ids.\n * @throws When `options.metadata` contains a value that is not JSON-safe.\n */\n protected constructor(\n message: string,\n code: string,\n options?: AppErrorOptions,\n ) {\n super(message);\n\n this.name = new.target.name;\n this.code = code;\n this.cause = options?.cause;\n this.type = options?.type;\n this.severity = options?.severity;\n this.correlationId = options?.correlationId;\n this.requestId = options?.requestId;\n this.commandId = options?.commandId;\n this.createdAtIso = options?.createdAtIso ?? new Date().toISOString();\n this.publicMessage = options?.publicMessage;\n\n this.metadata = options?.metadata\n ? assertJsonSafeMetadata(options.metadata)\n : undefined;\n\n Object.setPrototypeOf(this, new.target.prototype);\n }\n\n /**\n * Returns a JSON-safe representation of the error.\n * Does NOT include `cause` by default (to avoid leaking internal details).\n */\n public toJSON(): Record<string, unknown> {\n const payload: Record<string, unknown> = {\n name: this.name,\n code: this.code,\n message: this.message,\n createdAtIso: this.createdAtIso,\n };\n\n // Optional fields are emitted only when defined, so the serialized\n // shape never carries `undefined`-valued keys (consistent with how the\n // correlation/request/command ids are handled).\n if (this.type !== undefined) payload.type = this.type;\n if (this.severity !== undefined) payload.severity = this.severity;\n if (this.publicMessage !== undefined)\n payload.publicMessage = this.publicMessage;\n if (this.metadata !== undefined) payload.metadata = this.metadata;\n if (this.correlationId !== undefined)\n payload.correlationId = this.correlationId;\n if (this.requestId !== undefined) payload.requestId = this.requestId;\n if (this.commandId !== undefined) payload.commandId = this.commandId;\n\n return payload;\n }\n}\n\nexport { AppError };\n"],"mappings":";AAAA,MAAM,aAAa;CACf,gBAAgB;EACZ,cAAc;EACd,cAAc;EACd,cAAc;EACd,oBAAoB;CACxB;CACA,eAAe;EACX,WAAW;EACX,cAAc;EACd,aAAa;EACb,mBAAmB;EACnB,YAAY;CAChB;CACA,uBAAuB;CACvB,UAAU;EACN,eAAe;EACf,WAAW;EACX,iBAAiB;CACrB;CACA,aAAa;EACT,YAAY;EACZ,YAAY;EACZ,iBAAiB;EACjB,oBAAoB;CACxB;CACA,aAAa;EACT,SAAS;EACT,aAAa;EACb,aAAa;CACjB;CACA,oBAAoB;CACpB,UAAU;CACV,eAAe;EACX,mBAAmB;EACnB,iBAAiB;CACrB;CACA,UAAU;EACN,SAAS;EACT,aAAa;CACjB;CACA,YAAY;CACZ,YAAY;AAChB;AAIA,SAAS,uBACL,WACA,UACM;CAMN,OAAO,GAJH,cAAc,gBACR,WAAW,cAAc,oBACzB,WAAW,cAAc,gBAElB,GAAG;AACxB;;;ACjDA,MAAM,+BAA+B;AACrC,MAAM,iCAAiC;AAMvC,SAAS,cAAc,OAAkD;CACrE,IAAI,UAAU,QAAQ,OAAO,UAAU,UAAU,OAAO;CACxD,MAAM,QAAQ,OAAO,eAAe,KAAK;CACzC,OAAO,UAAU,OAAO,aAAa,UAAU;AACnD;AAOA,SAAS,cAAc,OAAgB,MAAsC;CAEzE,IAAI,UAAU,MAAM,OAAO;CAE3B,MAAM,OAAO,OAAO;CAGpB,IAAI,SAAS,YAAY,SAAS,YAAY,SAAS,WACnD,OAAO;CAIX,IACI,SAAS,YACT,SAAS,cACT,SAAS,YACT,UAAU,KAAA,GAEV,OAAO;CAIX,IAAI,MAAM,QAAQ,KAAK,GAAG;EACtB,IAAI,KAAK,IAAI,KAAK,GAAG,OAAO;EAC5B,KAAK,IAAI,KAAK;EACd,MAAM,YAAY,MAAM,KAAK,SAAS,cAAc,MAAM,IAAI,CAAC;EAC/D,KAAK,OAAO,KAAK;EACjB,OAAO;CACX;CAGA,IAAI,iBAAiB,MACjB,OAAO;CAIX,IAAI,CAAC,cAAc,KAAK,GACpB,OAAO;CAIX,IAAI,KAAK,IAAI,KAAK,GAAG,OAAO;CAC5B,KAAK,IAAI,KAAK;CACd,MAAM,SAAwC,CAAC;CAC/C,KAAK,MAAM,CAAC,KAAK,QAAQ,OAAO,QAAQ,KAAK,GACzC,OAAO,OAAO,cAAc,KAAK,IAAI;CAEzC,KAAK,OAAO,KAAK;CACjB,OAAO;AACX;;;;;;;;;;;;AAiBA,SAAS,uBAAuB,OAAgC;CAC5D,IAAI,UAAU,KAAA,GACV,OAAO,CAAC;CAGZ,IAAI,CAAC,cAAc,KAAK,GACpB,MAAM,IAAI,UACN,4DACJ;CAGJ,OAAO,cAAc,uBAAO,IAAI,QAAgB,CAAC;AACrD;;;;;;;;;;;;;;;;;;;AC1EA,IAAe,WAAf,cAAgC,MAAM;;;;;;;;;;;;;;;;;;CAyClC,YACI,SACA,MACA,SACF;EACE,MAAM,OAAO;EAEb,KAAK,OAAO,IAAI,OAAO;EACvB,KAAK,OAAO;EACZ,KAAK,QAAQ,SAAS;EACtB,KAAK,OAAO,SAAS;EACrB,KAAK,WAAW,SAAS;EACzB,KAAK,gBAAgB,SAAS;EAC9B,KAAK,YAAY,SAAS;EAC1B,KAAK,YAAY,SAAS;EAC1B,KAAK,eAAe,SAAS,iCAAgB,IAAI,KAAK,GAAE,YAAY;EACpE,KAAK,gBAAgB,SAAS;EAE9B,KAAK,WAAW,SAAS,WACnB,uBAAuB,QAAQ,QAAQ,IACvC,KAAA;EAEN,OAAO,eAAe,MAAM,IAAI,OAAO,SAAS;CACpD;;;;;CAMA,SAAyC;EACrC,MAAM,UAAmC;GACrC,MAAM,KAAK;GACX,MAAM,KAAK;GACX,SAAS,KAAK;GACd,cAAc,KAAK;EACvB;EAKA,IAAI,KAAK,SAAS,KAAA,GAAW,QAAQ,OAAO,KAAK;EACjD,IAAI,KAAK,aAAa,KAAA,GAAW,QAAQ,WAAW,KAAK;EACzD,IAAI,KAAK,kBAAkB,KAAA,GACvB,QAAQ,gBAAgB,KAAK;EACjC,IAAI,KAAK,aAAa,KAAA,GAAW,QAAQ,WAAW,KAAK;EACzD,IAAI,KAAK,kBAAkB,KAAA,GACvB,QAAQ,gBAAgB,KAAK;EACjC,IAAI,KAAK,cAAc,KAAA,GAAW,QAAQ,YAAY,KAAK;EAC3D,IAAI,KAAK,cAAc,KAAA,GAAW,QAAQ,YAAY,KAAK;EAE3D,OAAO;CACX;AACJ"}
1
+ {"version":3,"file":"app-error.cjs","names":[],"sources":["../src/core/errors/error-codes.ts","../src/core/errors/utils/json-safe.ts","../src/core/errors/app-error.ts"],"sourcesContent":["const ErrorCodes = {\n authentication: {\n missingToken: \"sec.authn.missing_token\",\n invalidToken: \"sec.authn.invalid_token\",\n expiredToken: \"sec.authn.expired_token\",\n invalidCredentials: \"sec.authn.invalid_credentials\",\n },\n authorization: {\n forbidden: \"sec.authz.forbidden\",\n policyDenied: \"sec.authz.policy_denied\",\n missingRole: \"sec.authz.missing_role\",\n missingCapability: \"sec.authz.missing_capability\",\n outOfScope: \"sec.authz.out_of_scope\",\n },\n businessRuleViolation: \"business_rule_violation\",\n conflict: {\n alreadyExists: \"conf.already_exists\",\n duplicate: \"conf.duplicate\",\n uniqueViolation: \"conf.unique_violation\",\n },\n idempotency: {\n keyMissing: \"idemp.key_missing\",\n inProgress: \"idemp.in_progress\",\n payloadMismatch: \"idemp.payload_mismatch\",\n replayNotSupported: \"idemp.replay_not_supported\",\n },\n integration: {\n timeout: \"int.timeout\",\n unreachable: \"int.unreachable\",\n badResponse: \"int.bad_response\",\n },\n legacyIncompatible: \"legacy_incompatible\",\n notFound: \"not_found\",\n serialization: {\n deserializePrefix: \"ser.des\",\n serializePrefix: \"ser.ser\",\n },\n temporal: {\n expired: \"tmp.expired\",\n notYetValid: \"tmp.not_yet_valid\",\n },\n unexpected: \"unexpected\",\n validation: \"validation_error\",\n} as const;\n\ntype SerializationCodeDirection = \"deserialize\" | \"serialize\";\n\nfunction serializationErrorCode(\n direction: SerializationCodeDirection,\n category: string,\n): string {\n const prefix =\n direction === \"deserialize\"\n ? ErrorCodes.serialization.deserializePrefix\n : ErrorCodes.serialization.serializePrefix;\n\n return `${prefix}.${category}`;\n}\n\nexport { ErrorCodes, serializationErrorCode };\nexport type { SerializationCodeDirection };\n","// Utilities for ensuring metadata is JSON-serializable.\n\nimport type { JsonSafeRecord, JsonSafeValue } from \"../types.js\";\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Constants\n// ─────────────────────────────────────────────────────────────────────────────\n\nconst NON_SERIALIZABLE_PLACEHOLDER = \"[NonSerializable]\";\nconst CIRCULAR_REFERENCE_PLACEHOLDER = \"[Circular]\";\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Internal helpers\n// ─────────────────────────────────────────────────────────────────────────────\n\nfunction isPlainObject(value: unknown): value is Record<string, unknown> {\n if (value === null || typeof value !== \"object\") return false;\n const proto = Object.getPrototypeOf(value);\n return proto === Object.prototype || proto === null;\n}\n\n// `seen` tracks the ancestors on the current traversal branch (a DFS path), not\n// every object visited. This collapses true circular references to a placeholder\n// while still serializing the same object referenced more than once across\n// sibling branches (a DAG) — matching `JSON.stringify`, which only rejects\n// cycles, not shared references.\nfunction sanitizeValue(value: unknown, seen: WeakSet<object>): JsonSafeValue {\n // Null passthrough\n if (value === null) return null;\n\n const type = typeof value;\n\n // Primitives (non-finite numbers are not JSON-representable — placeholder)\n if (type === \"number\") {\n return Number.isFinite(value)\n ? (value as number)\n : NON_SERIALIZABLE_PLACEHOLDER;\n }\n if (type === \"string\" || type === \"boolean\") {\n return value as JsonSafeValue;\n }\n\n // `undefined` only reaches here as an array item: object properties with\n // undefined values are omitted by the plain-object branch below. Both\n // mirror `JSON.stringify` semantics.\n if (value === undefined) return null;\n\n // Non-serializable primitives\n if (type === \"bigint\" || type === \"function\" || type === \"symbol\") {\n return NON_SERIALIZABLE_PLACEHOLDER;\n }\n\n // Arrays (recursive)\n if (Array.isArray(value)) {\n if (seen.has(value)) return CIRCULAR_REFERENCE_PLACEHOLDER;\n seen.add(value);\n const sanitized = value.map((item) => sanitizeValue(item, seen));\n seen.delete(value);\n return sanitized;\n }\n\n // Date → placeholder (could also use .toISOString() if preferred)\n if (value instanceof Date) {\n return NON_SERIALIZABLE_PLACEHOLDER;\n }\n\n // Class instances and non-plain objects → placeholder\n if (!isPlainObject(value)) {\n return NON_SERIALIZABLE_PLACEHOLDER;\n }\n\n // Plain object (recursive)\n if (seen.has(value)) return CIRCULAR_REFERENCE_PLACEHOLDER;\n seen.add(value);\n const result: Record<string, JsonSafeValue> = {};\n for (const [key, val] of Object.entries(value)) {\n if (val === undefined) continue;\n result[key] = sanitizeValue(val, seen);\n }\n seen.delete(value);\n return result;\n}\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Public API\n// ─────────────────────────────────────────────────────────────────────────────\n\n/**\n * Ensures metadata is JSON-serializable.\n *\n * **Allowed:** finite number, string, boolean, null, arrays, and plain objects.\n *\n * **Dropped (mirroring `JSON.stringify`):** object properties whose value is\n * `undefined` (the key is omitted); an `undefined` array item becomes `null`.\n *\n * **Converted to placeholder:** Date, BigInt, class instances, functions,\n * symbols, non-finite numbers (`NaN`/`Infinity`), and circular references\n * (which would otherwise make `JSON.stringify` throw).\n *\n * @throws {TypeError} If `input` is not a plain object at the root level.\n */\nfunction assertJsonSafeMetadata(input: unknown): JsonSafeRecord {\n if (input === undefined) {\n return {};\n }\n\n if (!isPlainObject(input)) {\n throw new TypeError(\n \"metadata must be a plain object (Record<string, unknown>).\",\n );\n }\n\n return sanitizeValue(input, new WeakSet<object>()) as JsonSafeRecord;\n}\n\nexport {\n assertJsonSafeMetadata,\n CIRCULAR_REFERENCE_PLACEHOLDER,\n NON_SERIALIZABLE_PLACEHOLDER,\n};\n","// Base application error for the domain/application layer.\n// Encapsulates a code, optional cause, and JSON-safe metadata.\n\nimport type {\n AppErrorOptions,\n ErrorSeverity,\n JsonSafeRecord,\n} from \"./types.js\";\nimport { assertJsonSafeMetadata } from \"./utils/index.js\";\n\n// ─────────────────────────────────────────────────────────────────────────────\n// AppError (abstract base class)\n// ─────────────────────────────────────────────────────────────────────────────\n\n/**\n * Root of the application/domain error hierarchy. Every error the system raises\n * on purpose extends `AppError`, which gives callers a single `instanceof` to\n * catch and a uniform, serializable shape to log and transport.\n *\n * Beyond the native `Error` message it carries a stable `code` (the contract the\n * outside world matches on), an optional non-leaking `publicMessage`, a\n * severity, JSON-safe `metadata`, and the correlation/request/command ids that\n * stitch an error back to the request that produced it. The metadata is\n * validated as JSON-safe on construction, so a logger can serialize any\n * `AppError` without hitting a circular reference or a non-serializable value.\n *\n * Abstract on purpose: callers should throw a specific subclass (e.g.\n * {@link ValidationError}, {@link NotFoundError}) so the `code` and shape are\n * meaningful, never a bare `AppError`.\n */\nabstract class AppError extends Error {\n public readonly code: string;\n public readonly cause?: unknown;\n public readonly metadata?: JsonSafeRecord;\n public readonly type?: string;\n public readonly severity?: ErrorSeverity;\n public readonly createdAtIso: string;\n public readonly publicMessage?: string;\n /**\n * Identifies a single execution \"story\" in the system. All operations\n * related to the same logical flow must share the same correlationId.\n */\n public readonly correlationId?: string;\n /**\n * Identifies a specific technical request attempt (each retry may produce\n * a new requestId), even when the correlationId stays the same.\n */\n public readonly requestId?: string;\n /**\n * Marks the business intent / idempotency key; stays the same across\n * technical retries and multiple requests that represent the same intent.\n */\n public readonly commandId?: string;\n\n /**\n * Builds the common error envelope shared by every subclass.\n *\n * `name` is taken from `new.target` so the thrown instance reports its\n * concrete subclass name (not `\"AppError\"`), and the prototype is re-pinned\n * via `setPrototypeOf` so `instanceof` keeps working after transpilation to\n * older targets where extending built-ins breaks the chain. `createdAtIso`\n * defaults to now, and `metadata` is validated as JSON-safe so the error is\n * always serializable.\n *\n * Declared `protected`: instantiate a concrete subclass, never `AppError`.\n *\n * @param message - The internal, developer-facing message.\n * @param code - The stable machine-readable code callers match on.\n * @param options - Optional cause, metadata, severity, and correlation ids.\n * @throws When `options.metadata` contains a value that is not JSON-safe.\n */\n protected constructor(\n message: string,\n code: string,\n options?: AppErrorOptions,\n ) {\n super(message);\n\n this.name = new.target.name;\n this.code = code;\n this.cause = options?.cause;\n this.type = options?.type;\n this.severity = options?.severity;\n this.correlationId = options?.correlationId;\n this.requestId = options?.requestId;\n this.commandId = options?.commandId;\n this.createdAtIso = options?.createdAtIso ?? new Date().toISOString();\n this.publicMessage = options?.publicMessage;\n\n this.metadata = options?.metadata\n ? assertJsonSafeMetadata(options.metadata)\n : undefined;\n\n Object.setPrototypeOf(this, new.target.prototype);\n }\n\n /**\n * Returns a JSON-safe representation of the error.\n * Does NOT include `cause` by default (to avoid leaking internal details).\n */\n public toJSON(): Record<string, unknown> {\n const payload: Record<string, unknown> = {\n name: this.name,\n code: this.code,\n message: this.message,\n createdAtIso: this.createdAtIso,\n };\n\n // Optional fields are emitted only when defined, so the serialized\n // shape never carries `undefined`-valued keys (consistent with how the\n // correlation/request/command ids are handled).\n if (this.type !== undefined) payload.type = this.type;\n if (this.severity !== undefined) payload.severity = this.severity;\n if (this.publicMessage !== undefined)\n payload.publicMessage = this.publicMessage;\n if (this.metadata !== undefined) payload.metadata = this.metadata;\n if (this.correlationId !== undefined)\n payload.correlationId = this.correlationId;\n if (this.requestId !== undefined) payload.requestId = this.requestId;\n if (this.commandId !== undefined) payload.commandId = this.commandId;\n\n return payload;\n }\n}\n\nexport { AppError };\n"],"mappings":";AAAA,MAAM,aAAa;CACf,gBAAgB;EACZ,cAAc;EACd,cAAc;EACd,cAAc;EACd,oBAAoB;CACxB;CACA,eAAe;EACX,WAAW;EACX,cAAc;EACd,aAAa;EACb,mBAAmB;EACnB,YAAY;CAChB;CACA,uBAAuB;CACvB,UAAU;EACN,eAAe;EACf,WAAW;EACX,iBAAiB;CACrB;CACA,aAAa;EACT,YAAY;EACZ,YAAY;EACZ,iBAAiB;EACjB,oBAAoB;CACxB;CACA,aAAa;EACT,SAAS;EACT,aAAa;EACb,aAAa;CACjB;CACA,oBAAoB;CACpB,UAAU;CACV,eAAe;EACX,mBAAmB;EACnB,iBAAiB;CACrB;CACA,UAAU;EACN,SAAS;EACT,aAAa;CACjB;CACA,YAAY;CACZ,YAAY;AAChB;AAIA,SAAS,uBACL,WACA,UACM;CAMN,OAAO,GAJH,cAAc,gBACR,WAAW,cAAc,oBACzB,WAAW,cAAc,gBAElB,GAAG;AACxB;;;ACjDA,MAAM,+BAA+B;AACrC,MAAM,iCAAiC;AAMvC,SAAS,cAAc,OAAkD;CACrE,IAAI,UAAU,QAAQ,OAAO,UAAU,UAAU,OAAO;CACxD,MAAM,QAAQ,OAAO,eAAe,KAAK;CACzC,OAAO,UAAU,OAAO,aAAa,UAAU;AACnD;AAOA,SAAS,cAAc,OAAgB,MAAsC;CAEzE,IAAI,UAAU,MAAM,OAAO;CAE3B,MAAM,OAAO,OAAO;CAGpB,IAAI,SAAS,UACT,OAAO,OAAO,SAAS,KAAK,IACrB,QACD;CAEV,IAAI,SAAS,YAAY,SAAS,WAC9B,OAAO;CAMX,IAAI,UAAU,KAAA,GAAW,OAAO;CAGhC,IAAI,SAAS,YAAY,SAAS,cAAc,SAAS,UACrD,OAAO;CAIX,IAAI,MAAM,QAAQ,KAAK,GAAG;EACtB,IAAI,KAAK,IAAI,KAAK,GAAG,OAAO;EAC5B,KAAK,IAAI,KAAK;EACd,MAAM,YAAY,MAAM,KAAK,SAAS,cAAc,MAAM,IAAI,CAAC;EAC/D,KAAK,OAAO,KAAK;EACjB,OAAO;CACX;CAGA,IAAI,iBAAiB,MACjB,OAAO;CAIX,IAAI,CAAC,cAAc,KAAK,GACpB,OAAO;CAIX,IAAI,KAAK,IAAI,KAAK,GAAG,OAAO;CAC5B,KAAK,IAAI,KAAK;CACd,MAAM,SAAwC,CAAC;CAC/C,KAAK,MAAM,CAAC,KAAK,QAAQ,OAAO,QAAQ,KAAK,GAAG;EAC5C,IAAI,QAAQ,KAAA,GAAW;EACvB,OAAO,OAAO,cAAc,KAAK,IAAI;CACzC;CACA,KAAK,OAAO,KAAK;CACjB,OAAO;AACX;;;;;;;;;;;;;;;AAoBA,SAAS,uBAAuB,OAAgC;CAC5D,IAAI,UAAU,KAAA,GACV,OAAO,CAAC;CAGZ,IAAI,CAAC,cAAc,KAAK,GACpB,MAAM,IAAI,UACN,4DACJ;CAGJ,OAAO,cAAc,uBAAO,IAAI,QAAgB,CAAC;AACrD;;;;;;;;;;;;;;;;;;;ACnFA,IAAe,WAAf,cAAgC,MAAM;;;;;;;;;;;;;;;;;;CAyClC,YACI,SACA,MACA,SACF;EACE,MAAM,OAAO;EAEb,KAAK,OAAO,IAAI,OAAO;EACvB,KAAK,OAAO;EACZ,KAAK,QAAQ,SAAS;EACtB,KAAK,OAAO,SAAS;EACrB,KAAK,WAAW,SAAS;EACzB,KAAK,gBAAgB,SAAS;EAC9B,KAAK,YAAY,SAAS;EAC1B,KAAK,YAAY,SAAS;EAC1B,KAAK,eAAe,SAAS,iCAAgB,IAAI,KAAK,GAAE,YAAY;EACpE,KAAK,gBAAgB,SAAS;EAE9B,KAAK,WAAW,SAAS,WACnB,uBAAuB,QAAQ,QAAQ,IACvC,KAAA;EAEN,OAAO,eAAe,MAAM,IAAI,OAAO,SAAS;CACpD;;;;;CAMA,SAAyC;EACrC,MAAM,UAAmC;GACrC,MAAM,KAAK;GACX,MAAM,KAAK;GACX,SAAS,KAAK;GACd,cAAc,KAAK;EACvB;EAKA,IAAI,KAAK,SAAS,KAAA,GAAW,QAAQ,OAAO,KAAK;EACjD,IAAI,KAAK,aAAa,KAAA,GAAW,QAAQ,WAAW,KAAK;EACzD,IAAI,KAAK,kBAAkB,KAAA,GACvB,QAAQ,gBAAgB,KAAK;EACjC,IAAI,KAAK,aAAa,KAAA,GAAW,QAAQ,WAAW,KAAK;EACzD,IAAI,KAAK,kBAAkB,KAAA,GACvB,QAAQ,gBAAgB,KAAK;EACjC,IAAI,KAAK,cAAc,KAAA,GAAW,QAAQ,YAAY,KAAK;EAC3D,IAAI,KAAK,cAAc,KAAA,GAAW,QAAQ,YAAY,KAAK;EAE3D,OAAO;CACX;AACJ"}
package/dist/app-error.js CHANGED
@@ -58,8 +58,10 @@ function isPlainObject(value) {
58
58
  function sanitizeValue(value, seen) {
59
59
  if (value === null) return null;
60
60
  const type = typeof value;
61
- if (type === "string" || type === "number" || type === "boolean") return value;
62
- if (type === "bigint" || type === "function" || type === "symbol" || value === void 0) return NON_SERIALIZABLE_PLACEHOLDER;
61
+ if (type === "number") return Number.isFinite(value) ? value : NON_SERIALIZABLE_PLACEHOLDER;
62
+ if (type === "string" || type === "boolean") return value;
63
+ if (value === void 0) return null;
64
+ if (type === "bigint" || type === "function" || type === "symbol") return NON_SERIALIZABLE_PLACEHOLDER;
63
65
  if (Array.isArray(value)) {
64
66
  if (seen.has(value)) return CIRCULAR_REFERENCE_PLACEHOLDER;
65
67
  seen.add(value);
@@ -72,18 +74,24 @@ function sanitizeValue(value, seen) {
72
74
  if (seen.has(value)) return CIRCULAR_REFERENCE_PLACEHOLDER;
73
75
  seen.add(value);
74
76
  const result = {};
75
- for (const [key, val] of Object.entries(value)) result[key] = sanitizeValue(val, seen);
77
+ for (const [key, val] of Object.entries(value)) {
78
+ if (val === void 0) continue;
79
+ result[key] = sanitizeValue(val, seen);
80
+ }
76
81
  seen.delete(value);
77
82
  return result;
78
83
  }
79
84
  /**
80
85
  * Ensures metadata is JSON-serializable.
81
86
  *
82
- * **Allowed:** string, number, boolean, null, arrays, and plain objects.
87
+ * **Allowed:** finite number, string, boolean, null, arrays, and plain objects.
88
+ *
89
+ * **Dropped (mirroring `JSON.stringify`):** object properties whose value is
90
+ * `undefined` (the key is omitted); an `undefined` array item becomes `null`.
83
91
  *
84
92
  * **Converted to placeholder:** Date, BigInt, class instances, functions,
85
- * symbols, undefined, and circular references (which would otherwise make
86
- * `JSON.stringify` throw).
93
+ * symbols, non-finite numbers (`NaN`/`Infinity`), and circular references
94
+ * (which would otherwise make `JSON.stringify` throw).
87
95
  *
88
96
  * @throws {TypeError} If `input` is not a plain object at the root level.
89
97
  */
@@ -1 +1 @@
1
- {"version":3,"file":"app-error.js","names":[],"sources":["../src/core/errors/error-codes.ts","../src/core/errors/utils/json-safe.ts","../src/core/errors/app-error.ts"],"sourcesContent":["const ErrorCodes = {\n authentication: {\n missingToken: \"sec.authn.missing_token\",\n invalidToken: \"sec.authn.invalid_token\",\n expiredToken: \"sec.authn.expired_token\",\n invalidCredentials: \"sec.authn.invalid_credentials\",\n },\n authorization: {\n forbidden: \"sec.authz.forbidden\",\n policyDenied: \"sec.authz.policy_denied\",\n missingRole: \"sec.authz.missing_role\",\n missingCapability: \"sec.authz.missing_capability\",\n outOfScope: \"sec.authz.out_of_scope\",\n },\n businessRuleViolation: \"business_rule_violation\",\n conflict: {\n alreadyExists: \"conf.already_exists\",\n duplicate: \"conf.duplicate\",\n uniqueViolation: \"conf.unique_violation\",\n },\n idempotency: {\n keyMissing: \"idemp.key_missing\",\n inProgress: \"idemp.in_progress\",\n payloadMismatch: \"idemp.payload_mismatch\",\n replayNotSupported: \"idemp.replay_not_supported\",\n },\n integration: {\n timeout: \"int.timeout\",\n unreachable: \"int.unreachable\",\n badResponse: \"int.bad_response\",\n },\n legacyIncompatible: \"legacy_incompatible\",\n notFound: \"not_found\",\n serialization: {\n deserializePrefix: \"ser.des\",\n serializePrefix: \"ser.ser\",\n },\n temporal: {\n expired: \"tmp.expired\",\n notYetValid: \"tmp.not_yet_valid\",\n },\n unexpected: \"unexpected\",\n validation: \"validation_error\",\n} as const;\n\ntype SerializationCodeDirection = \"deserialize\" | \"serialize\";\n\nfunction serializationErrorCode(\n direction: SerializationCodeDirection,\n category: string,\n): string {\n const prefix =\n direction === \"deserialize\"\n ? ErrorCodes.serialization.deserializePrefix\n : ErrorCodes.serialization.serializePrefix;\n\n return `${prefix}.${category}`;\n}\n\nexport { ErrorCodes, serializationErrorCode };\nexport type { SerializationCodeDirection };\n","// Utilities for ensuring metadata is JSON-serializable.\n\nimport type { JsonSafeRecord, JsonSafeValue } from \"../types.js\";\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Constants\n// ─────────────────────────────────────────────────────────────────────────────\n\nconst NON_SERIALIZABLE_PLACEHOLDER = \"[NonSerializable]\";\nconst CIRCULAR_REFERENCE_PLACEHOLDER = \"[Circular]\";\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Internal helpers\n// ─────────────────────────────────────────────────────────────────────────────\n\nfunction isPlainObject(value: unknown): value is Record<string, unknown> {\n if (value === null || typeof value !== \"object\") return false;\n const proto = Object.getPrototypeOf(value);\n return proto === Object.prototype || proto === null;\n}\n\n// `seen` tracks the ancestors on the current traversal branch (a DFS path), not\n// every object visited. This collapses true circular references to a placeholder\n// while still serializing the same object referenced more than once across\n// sibling branches (a DAG) — matching `JSON.stringify`, which only rejects\n// cycles, not shared references.\nfunction sanitizeValue(value: unknown, seen: WeakSet<object>): JsonSafeValue {\n // Null passthrough\n if (value === null) return null;\n\n const type = typeof value;\n\n // Primitives\n if (type === \"string\" || type === \"number\" || type === \"boolean\") {\n return value as JsonSafeValue;\n }\n\n // Non-serializable primitives\n if (\n type === \"bigint\" ||\n type === \"function\" ||\n type === \"symbol\" ||\n value === undefined\n ) {\n return NON_SERIALIZABLE_PLACEHOLDER;\n }\n\n // Arrays (recursive)\n if (Array.isArray(value)) {\n if (seen.has(value)) return CIRCULAR_REFERENCE_PLACEHOLDER;\n seen.add(value);\n const sanitized = value.map((item) => sanitizeValue(item, seen));\n seen.delete(value);\n return sanitized;\n }\n\n // Date → placeholder (could also use .toISOString() if preferred)\n if (value instanceof Date) {\n return NON_SERIALIZABLE_PLACEHOLDER;\n }\n\n // Class instances and non-plain objects → placeholder\n if (!isPlainObject(value)) {\n return NON_SERIALIZABLE_PLACEHOLDER;\n }\n\n // Plain object (recursive)\n if (seen.has(value)) return CIRCULAR_REFERENCE_PLACEHOLDER;\n seen.add(value);\n const result: Record<string, JsonSafeValue> = {};\n for (const [key, val] of Object.entries(value)) {\n result[key] = sanitizeValue(val, seen);\n }\n seen.delete(value);\n return result;\n}\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Public API\n// ─────────────────────────────────────────────────────────────────────────────\n\n/**\n * Ensures metadata is JSON-serializable.\n *\n * **Allowed:** string, number, boolean, null, arrays, and plain objects.\n *\n * **Converted to placeholder:** Date, BigInt, class instances, functions,\n * symbols, undefined, and circular references (which would otherwise make\n * `JSON.stringify` throw).\n *\n * @throws {TypeError} If `input` is not a plain object at the root level.\n */\nfunction assertJsonSafeMetadata(input: unknown): JsonSafeRecord {\n if (input === undefined) {\n return {};\n }\n\n if (!isPlainObject(input)) {\n throw new TypeError(\n \"metadata must be a plain object (Record<string, unknown>).\",\n );\n }\n\n return sanitizeValue(input, new WeakSet<object>()) as JsonSafeRecord;\n}\n\nexport {\n assertJsonSafeMetadata,\n CIRCULAR_REFERENCE_PLACEHOLDER,\n NON_SERIALIZABLE_PLACEHOLDER,\n};\n","// Base application error for the domain/application layer.\n// Encapsulates a code, optional cause, and JSON-safe metadata.\n\nimport type {\n AppErrorOptions,\n ErrorSeverity,\n JsonSafeRecord,\n} from \"./types.js\";\nimport { assertJsonSafeMetadata } from \"./utils/index.js\";\n\n// ─────────────────────────────────────────────────────────────────────────────\n// AppError (abstract base class)\n// ─────────────────────────────────────────────────────────────────────────────\n\n/**\n * Root of the application/domain error hierarchy. Every error the system raises\n * on purpose extends `AppError`, which gives callers a single `instanceof` to\n * catch and a uniform, serializable shape to log and transport.\n *\n * Beyond the native `Error` message it carries a stable `code` (the contract the\n * outside world matches on), an optional non-leaking `publicMessage`, a\n * severity, JSON-safe `metadata`, and the correlation/request/command ids that\n * stitch an error back to the request that produced it. The metadata is\n * validated as JSON-safe on construction, so a logger can serialize any\n * `AppError` without hitting a circular reference or a non-serializable value.\n *\n * Abstract on purpose: callers should throw a specific subclass (e.g.\n * {@link ValidationError}, {@link NotFoundError}) so the `code` and shape are\n * meaningful, never a bare `AppError`.\n */\nabstract class AppError extends Error {\n public readonly code: string;\n public readonly cause?: unknown;\n public readonly metadata?: JsonSafeRecord;\n public readonly type?: string;\n public readonly severity?: ErrorSeverity;\n public readonly createdAtIso: string;\n public readonly publicMessage?: string;\n /**\n * Identifies a single execution \"story\" in the system. All operations\n * related to the same logical flow must share the same correlationId.\n */\n public readonly correlationId?: string;\n /**\n * Identifies a specific technical request attempt (each retry may produce\n * a new requestId), even when the correlationId stays the same.\n */\n public readonly requestId?: string;\n /**\n * Marks the business intent / idempotency key; stays the same across\n * technical retries and multiple requests that represent the same intent.\n */\n public readonly commandId?: string;\n\n /**\n * Builds the common error envelope shared by every subclass.\n *\n * `name` is taken from `new.target` so the thrown instance reports its\n * concrete subclass name (not `\"AppError\"`), and the prototype is re-pinned\n * via `setPrototypeOf` so `instanceof` keeps working after transpilation to\n * older targets where extending built-ins breaks the chain. `createdAtIso`\n * defaults to now, and `metadata` is validated as JSON-safe so the error is\n * always serializable.\n *\n * Declared `protected`: instantiate a concrete subclass, never `AppError`.\n *\n * @param message - The internal, developer-facing message.\n * @param code - The stable machine-readable code callers match on.\n * @param options - Optional cause, metadata, severity, and correlation ids.\n * @throws When `options.metadata` contains a value that is not JSON-safe.\n */\n protected constructor(\n message: string,\n code: string,\n options?: AppErrorOptions,\n ) {\n super(message);\n\n this.name = new.target.name;\n this.code = code;\n this.cause = options?.cause;\n this.type = options?.type;\n this.severity = options?.severity;\n this.correlationId = options?.correlationId;\n this.requestId = options?.requestId;\n this.commandId = options?.commandId;\n this.createdAtIso = options?.createdAtIso ?? new Date().toISOString();\n this.publicMessage = options?.publicMessage;\n\n this.metadata = options?.metadata\n ? assertJsonSafeMetadata(options.metadata)\n : undefined;\n\n Object.setPrototypeOf(this, new.target.prototype);\n }\n\n /**\n * Returns a JSON-safe representation of the error.\n * Does NOT include `cause` by default (to avoid leaking internal details).\n */\n public toJSON(): Record<string, unknown> {\n const payload: Record<string, unknown> = {\n name: this.name,\n code: this.code,\n message: this.message,\n createdAtIso: this.createdAtIso,\n };\n\n // Optional fields are emitted only when defined, so the serialized\n // shape never carries `undefined`-valued keys (consistent with how the\n // correlation/request/command ids are handled).\n if (this.type !== undefined) payload.type = this.type;\n if (this.severity !== undefined) payload.severity = this.severity;\n if (this.publicMessage !== undefined)\n payload.publicMessage = this.publicMessage;\n if (this.metadata !== undefined) payload.metadata = this.metadata;\n if (this.correlationId !== undefined)\n payload.correlationId = this.correlationId;\n if (this.requestId !== undefined) payload.requestId = this.requestId;\n if (this.commandId !== undefined) payload.commandId = this.commandId;\n\n return payload;\n }\n}\n\nexport { AppError };\n"],"mappings":";AAAA,MAAM,aAAa;CACf,gBAAgB;EACZ,cAAc;EACd,cAAc;EACd,cAAc;EACd,oBAAoB;CACxB;CACA,eAAe;EACX,WAAW;EACX,cAAc;EACd,aAAa;EACb,mBAAmB;EACnB,YAAY;CAChB;CACA,uBAAuB;CACvB,UAAU;EACN,eAAe;EACf,WAAW;EACX,iBAAiB;CACrB;CACA,aAAa;EACT,YAAY;EACZ,YAAY;EACZ,iBAAiB;EACjB,oBAAoB;CACxB;CACA,aAAa;EACT,SAAS;EACT,aAAa;EACb,aAAa;CACjB;CACA,oBAAoB;CACpB,UAAU;CACV,eAAe;EACX,mBAAmB;EACnB,iBAAiB;CACrB;CACA,UAAU;EACN,SAAS;EACT,aAAa;CACjB;CACA,YAAY;CACZ,YAAY;AAChB;AAIA,SAAS,uBACL,WACA,UACM;CAMN,OAAO,GAJH,cAAc,gBACR,WAAW,cAAc,oBACzB,WAAW,cAAc,gBAElB,GAAG;AACxB;;;ACjDA,MAAM,+BAA+B;AACrC,MAAM,iCAAiC;AAMvC,SAAS,cAAc,OAAkD;CACrE,IAAI,UAAU,QAAQ,OAAO,UAAU,UAAU,OAAO;CACxD,MAAM,QAAQ,OAAO,eAAe,KAAK;CACzC,OAAO,UAAU,OAAO,aAAa,UAAU;AACnD;AAOA,SAAS,cAAc,OAAgB,MAAsC;CAEzE,IAAI,UAAU,MAAM,OAAO;CAE3B,MAAM,OAAO,OAAO;CAGpB,IAAI,SAAS,YAAY,SAAS,YAAY,SAAS,WACnD,OAAO;CAIX,IACI,SAAS,YACT,SAAS,cACT,SAAS,YACT,UAAU,KAAA,GAEV,OAAO;CAIX,IAAI,MAAM,QAAQ,KAAK,GAAG;EACtB,IAAI,KAAK,IAAI,KAAK,GAAG,OAAO;EAC5B,KAAK,IAAI,KAAK;EACd,MAAM,YAAY,MAAM,KAAK,SAAS,cAAc,MAAM,IAAI,CAAC;EAC/D,KAAK,OAAO,KAAK;EACjB,OAAO;CACX;CAGA,IAAI,iBAAiB,MACjB,OAAO;CAIX,IAAI,CAAC,cAAc,KAAK,GACpB,OAAO;CAIX,IAAI,KAAK,IAAI,KAAK,GAAG,OAAO;CAC5B,KAAK,IAAI,KAAK;CACd,MAAM,SAAwC,CAAC;CAC/C,KAAK,MAAM,CAAC,KAAK,QAAQ,OAAO,QAAQ,KAAK,GACzC,OAAO,OAAO,cAAc,KAAK,IAAI;CAEzC,KAAK,OAAO,KAAK;CACjB,OAAO;AACX;;;;;;;;;;;;AAiBA,SAAS,uBAAuB,OAAgC;CAC5D,IAAI,UAAU,KAAA,GACV,OAAO,CAAC;CAGZ,IAAI,CAAC,cAAc,KAAK,GACpB,MAAM,IAAI,UACN,4DACJ;CAGJ,OAAO,cAAc,uBAAO,IAAI,QAAgB,CAAC;AACrD;;;;;;;;;;;;;;;;;;;AC1EA,IAAe,WAAf,cAAgC,MAAM;;;;;;;;;;;;;;;;;;CAyClC,YACI,SACA,MACA,SACF;EACE,MAAM,OAAO;EAEb,KAAK,OAAO,IAAI,OAAO;EACvB,KAAK,OAAO;EACZ,KAAK,QAAQ,SAAS;EACtB,KAAK,OAAO,SAAS;EACrB,KAAK,WAAW,SAAS;EACzB,KAAK,gBAAgB,SAAS;EAC9B,KAAK,YAAY,SAAS;EAC1B,KAAK,YAAY,SAAS;EAC1B,KAAK,eAAe,SAAS,iCAAgB,IAAI,KAAK,GAAE,YAAY;EACpE,KAAK,gBAAgB,SAAS;EAE9B,KAAK,WAAW,SAAS,WACnB,uBAAuB,QAAQ,QAAQ,IACvC,KAAA;EAEN,OAAO,eAAe,MAAM,IAAI,OAAO,SAAS;CACpD;;;;;CAMA,SAAyC;EACrC,MAAM,UAAmC;GACrC,MAAM,KAAK;GACX,MAAM,KAAK;GACX,SAAS,KAAK;GACd,cAAc,KAAK;EACvB;EAKA,IAAI,KAAK,SAAS,KAAA,GAAW,QAAQ,OAAO,KAAK;EACjD,IAAI,KAAK,aAAa,KAAA,GAAW,QAAQ,WAAW,KAAK;EACzD,IAAI,KAAK,kBAAkB,KAAA,GACvB,QAAQ,gBAAgB,KAAK;EACjC,IAAI,KAAK,aAAa,KAAA,GAAW,QAAQ,WAAW,KAAK;EACzD,IAAI,KAAK,kBAAkB,KAAA,GACvB,QAAQ,gBAAgB,KAAK;EACjC,IAAI,KAAK,cAAc,KAAA,GAAW,QAAQ,YAAY,KAAK;EAC3D,IAAI,KAAK,cAAc,KAAA,GAAW,QAAQ,YAAY,KAAK;EAE3D,OAAO;CACX;AACJ"}
1
+ {"version":3,"file":"app-error.js","names":[],"sources":["../src/core/errors/error-codes.ts","../src/core/errors/utils/json-safe.ts","../src/core/errors/app-error.ts"],"sourcesContent":["const ErrorCodes = {\n authentication: {\n missingToken: \"sec.authn.missing_token\",\n invalidToken: \"sec.authn.invalid_token\",\n expiredToken: \"sec.authn.expired_token\",\n invalidCredentials: \"sec.authn.invalid_credentials\",\n },\n authorization: {\n forbidden: \"sec.authz.forbidden\",\n policyDenied: \"sec.authz.policy_denied\",\n missingRole: \"sec.authz.missing_role\",\n missingCapability: \"sec.authz.missing_capability\",\n outOfScope: \"sec.authz.out_of_scope\",\n },\n businessRuleViolation: \"business_rule_violation\",\n conflict: {\n alreadyExists: \"conf.already_exists\",\n duplicate: \"conf.duplicate\",\n uniqueViolation: \"conf.unique_violation\",\n },\n idempotency: {\n keyMissing: \"idemp.key_missing\",\n inProgress: \"idemp.in_progress\",\n payloadMismatch: \"idemp.payload_mismatch\",\n replayNotSupported: \"idemp.replay_not_supported\",\n },\n integration: {\n timeout: \"int.timeout\",\n unreachable: \"int.unreachable\",\n badResponse: \"int.bad_response\",\n },\n legacyIncompatible: \"legacy_incompatible\",\n notFound: \"not_found\",\n serialization: {\n deserializePrefix: \"ser.des\",\n serializePrefix: \"ser.ser\",\n },\n temporal: {\n expired: \"tmp.expired\",\n notYetValid: \"tmp.not_yet_valid\",\n },\n unexpected: \"unexpected\",\n validation: \"validation_error\",\n} as const;\n\ntype SerializationCodeDirection = \"deserialize\" | \"serialize\";\n\nfunction serializationErrorCode(\n direction: SerializationCodeDirection,\n category: string,\n): string {\n const prefix =\n direction === \"deserialize\"\n ? ErrorCodes.serialization.deserializePrefix\n : ErrorCodes.serialization.serializePrefix;\n\n return `${prefix}.${category}`;\n}\n\nexport { ErrorCodes, serializationErrorCode };\nexport type { SerializationCodeDirection };\n","// Utilities for ensuring metadata is JSON-serializable.\n\nimport type { JsonSafeRecord, JsonSafeValue } from \"../types.js\";\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Constants\n// ─────────────────────────────────────────────────────────────────────────────\n\nconst NON_SERIALIZABLE_PLACEHOLDER = \"[NonSerializable]\";\nconst CIRCULAR_REFERENCE_PLACEHOLDER = \"[Circular]\";\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Internal helpers\n// ─────────────────────────────────────────────────────────────────────────────\n\nfunction isPlainObject(value: unknown): value is Record<string, unknown> {\n if (value === null || typeof value !== \"object\") return false;\n const proto = Object.getPrototypeOf(value);\n return proto === Object.prototype || proto === null;\n}\n\n// `seen` tracks the ancestors on the current traversal branch (a DFS path), not\n// every object visited. This collapses true circular references to a placeholder\n// while still serializing the same object referenced more than once across\n// sibling branches (a DAG) — matching `JSON.stringify`, which only rejects\n// cycles, not shared references.\nfunction sanitizeValue(value: unknown, seen: WeakSet<object>): JsonSafeValue {\n // Null passthrough\n if (value === null) return null;\n\n const type = typeof value;\n\n // Primitives (non-finite numbers are not JSON-representable — placeholder)\n if (type === \"number\") {\n return Number.isFinite(value)\n ? (value as number)\n : NON_SERIALIZABLE_PLACEHOLDER;\n }\n if (type === \"string\" || type === \"boolean\") {\n return value as JsonSafeValue;\n }\n\n // `undefined` only reaches here as an array item: object properties with\n // undefined values are omitted by the plain-object branch below. Both\n // mirror `JSON.stringify` semantics.\n if (value === undefined) return null;\n\n // Non-serializable primitives\n if (type === \"bigint\" || type === \"function\" || type === \"symbol\") {\n return NON_SERIALIZABLE_PLACEHOLDER;\n }\n\n // Arrays (recursive)\n if (Array.isArray(value)) {\n if (seen.has(value)) return CIRCULAR_REFERENCE_PLACEHOLDER;\n seen.add(value);\n const sanitized = value.map((item) => sanitizeValue(item, seen));\n seen.delete(value);\n return sanitized;\n }\n\n // Date → placeholder (could also use .toISOString() if preferred)\n if (value instanceof Date) {\n return NON_SERIALIZABLE_PLACEHOLDER;\n }\n\n // Class instances and non-plain objects → placeholder\n if (!isPlainObject(value)) {\n return NON_SERIALIZABLE_PLACEHOLDER;\n }\n\n // Plain object (recursive)\n if (seen.has(value)) return CIRCULAR_REFERENCE_PLACEHOLDER;\n seen.add(value);\n const result: Record<string, JsonSafeValue> = {};\n for (const [key, val] of Object.entries(value)) {\n if (val === undefined) continue;\n result[key] = sanitizeValue(val, seen);\n }\n seen.delete(value);\n return result;\n}\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Public API\n// ─────────────────────────────────────────────────────────────────────────────\n\n/**\n * Ensures metadata is JSON-serializable.\n *\n * **Allowed:** finite number, string, boolean, null, arrays, and plain objects.\n *\n * **Dropped (mirroring `JSON.stringify`):** object properties whose value is\n * `undefined` (the key is omitted); an `undefined` array item becomes `null`.\n *\n * **Converted to placeholder:** Date, BigInt, class instances, functions,\n * symbols, non-finite numbers (`NaN`/`Infinity`), and circular references\n * (which would otherwise make `JSON.stringify` throw).\n *\n * @throws {TypeError} If `input` is not a plain object at the root level.\n */\nfunction assertJsonSafeMetadata(input: unknown): JsonSafeRecord {\n if (input === undefined) {\n return {};\n }\n\n if (!isPlainObject(input)) {\n throw new TypeError(\n \"metadata must be a plain object (Record<string, unknown>).\",\n );\n }\n\n return sanitizeValue(input, new WeakSet<object>()) as JsonSafeRecord;\n}\n\nexport {\n assertJsonSafeMetadata,\n CIRCULAR_REFERENCE_PLACEHOLDER,\n NON_SERIALIZABLE_PLACEHOLDER,\n};\n","// Base application error for the domain/application layer.\n// Encapsulates a code, optional cause, and JSON-safe metadata.\n\nimport type {\n AppErrorOptions,\n ErrorSeverity,\n JsonSafeRecord,\n} from \"./types.js\";\nimport { assertJsonSafeMetadata } from \"./utils/index.js\";\n\n// ─────────────────────────────────────────────────────────────────────────────\n// AppError (abstract base class)\n// ─────────────────────────────────────────────────────────────────────────────\n\n/**\n * Root of the application/domain error hierarchy. Every error the system raises\n * on purpose extends `AppError`, which gives callers a single `instanceof` to\n * catch and a uniform, serializable shape to log and transport.\n *\n * Beyond the native `Error` message it carries a stable `code` (the contract the\n * outside world matches on), an optional non-leaking `publicMessage`, a\n * severity, JSON-safe `metadata`, and the correlation/request/command ids that\n * stitch an error back to the request that produced it. The metadata is\n * validated as JSON-safe on construction, so a logger can serialize any\n * `AppError` without hitting a circular reference or a non-serializable value.\n *\n * Abstract on purpose: callers should throw a specific subclass (e.g.\n * {@link ValidationError}, {@link NotFoundError}) so the `code` and shape are\n * meaningful, never a bare `AppError`.\n */\nabstract class AppError extends Error {\n public readonly code: string;\n public readonly cause?: unknown;\n public readonly metadata?: JsonSafeRecord;\n public readonly type?: string;\n public readonly severity?: ErrorSeverity;\n public readonly createdAtIso: string;\n public readonly publicMessage?: string;\n /**\n * Identifies a single execution \"story\" in the system. All operations\n * related to the same logical flow must share the same correlationId.\n */\n public readonly correlationId?: string;\n /**\n * Identifies a specific technical request attempt (each retry may produce\n * a new requestId), even when the correlationId stays the same.\n */\n public readonly requestId?: string;\n /**\n * Marks the business intent / idempotency key; stays the same across\n * technical retries and multiple requests that represent the same intent.\n */\n public readonly commandId?: string;\n\n /**\n * Builds the common error envelope shared by every subclass.\n *\n * `name` is taken from `new.target` so the thrown instance reports its\n * concrete subclass name (not `\"AppError\"`), and the prototype is re-pinned\n * via `setPrototypeOf` so `instanceof` keeps working after transpilation to\n * older targets where extending built-ins breaks the chain. `createdAtIso`\n * defaults to now, and `metadata` is validated as JSON-safe so the error is\n * always serializable.\n *\n * Declared `protected`: instantiate a concrete subclass, never `AppError`.\n *\n * @param message - The internal, developer-facing message.\n * @param code - The stable machine-readable code callers match on.\n * @param options - Optional cause, metadata, severity, and correlation ids.\n * @throws When `options.metadata` contains a value that is not JSON-safe.\n */\n protected constructor(\n message: string,\n code: string,\n options?: AppErrorOptions,\n ) {\n super(message);\n\n this.name = new.target.name;\n this.code = code;\n this.cause = options?.cause;\n this.type = options?.type;\n this.severity = options?.severity;\n this.correlationId = options?.correlationId;\n this.requestId = options?.requestId;\n this.commandId = options?.commandId;\n this.createdAtIso = options?.createdAtIso ?? new Date().toISOString();\n this.publicMessage = options?.publicMessage;\n\n this.metadata = options?.metadata\n ? assertJsonSafeMetadata(options.metadata)\n : undefined;\n\n Object.setPrototypeOf(this, new.target.prototype);\n }\n\n /**\n * Returns a JSON-safe representation of the error.\n * Does NOT include `cause` by default (to avoid leaking internal details).\n */\n public toJSON(): Record<string, unknown> {\n const payload: Record<string, unknown> = {\n name: this.name,\n code: this.code,\n message: this.message,\n createdAtIso: this.createdAtIso,\n };\n\n // Optional fields are emitted only when defined, so the serialized\n // shape never carries `undefined`-valued keys (consistent with how the\n // correlation/request/command ids are handled).\n if (this.type !== undefined) payload.type = this.type;\n if (this.severity !== undefined) payload.severity = this.severity;\n if (this.publicMessage !== undefined)\n payload.publicMessage = this.publicMessage;\n if (this.metadata !== undefined) payload.metadata = this.metadata;\n if (this.correlationId !== undefined)\n payload.correlationId = this.correlationId;\n if (this.requestId !== undefined) payload.requestId = this.requestId;\n if (this.commandId !== undefined) payload.commandId = this.commandId;\n\n return payload;\n }\n}\n\nexport { AppError };\n"],"mappings":";AAAA,MAAM,aAAa;CACf,gBAAgB;EACZ,cAAc;EACd,cAAc;EACd,cAAc;EACd,oBAAoB;CACxB;CACA,eAAe;EACX,WAAW;EACX,cAAc;EACd,aAAa;EACb,mBAAmB;EACnB,YAAY;CAChB;CACA,uBAAuB;CACvB,UAAU;EACN,eAAe;EACf,WAAW;EACX,iBAAiB;CACrB;CACA,aAAa;EACT,YAAY;EACZ,YAAY;EACZ,iBAAiB;EACjB,oBAAoB;CACxB;CACA,aAAa;EACT,SAAS;EACT,aAAa;EACb,aAAa;CACjB;CACA,oBAAoB;CACpB,UAAU;CACV,eAAe;EACX,mBAAmB;EACnB,iBAAiB;CACrB;CACA,UAAU;EACN,SAAS;EACT,aAAa;CACjB;CACA,YAAY;CACZ,YAAY;AAChB;AAIA,SAAS,uBACL,WACA,UACM;CAMN,OAAO,GAJH,cAAc,gBACR,WAAW,cAAc,oBACzB,WAAW,cAAc,gBAElB,GAAG;AACxB;;;ACjDA,MAAM,+BAA+B;AACrC,MAAM,iCAAiC;AAMvC,SAAS,cAAc,OAAkD;CACrE,IAAI,UAAU,QAAQ,OAAO,UAAU,UAAU,OAAO;CACxD,MAAM,QAAQ,OAAO,eAAe,KAAK;CACzC,OAAO,UAAU,OAAO,aAAa,UAAU;AACnD;AAOA,SAAS,cAAc,OAAgB,MAAsC;CAEzE,IAAI,UAAU,MAAM,OAAO;CAE3B,MAAM,OAAO,OAAO;CAGpB,IAAI,SAAS,UACT,OAAO,OAAO,SAAS,KAAK,IACrB,QACD;CAEV,IAAI,SAAS,YAAY,SAAS,WAC9B,OAAO;CAMX,IAAI,UAAU,KAAA,GAAW,OAAO;CAGhC,IAAI,SAAS,YAAY,SAAS,cAAc,SAAS,UACrD,OAAO;CAIX,IAAI,MAAM,QAAQ,KAAK,GAAG;EACtB,IAAI,KAAK,IAAI,KAAK,GAAG,OAAO;EAC5B,KAAK,IAAI,KAAK;EACd,MAAM,YAAY,MAAM,KAAK,SAAS,cAAc,MAAM,IAAI,CAAC;EAC/D,KAAK,OAAO,KAAK;EACjB,OAAO;CACX;CAGA,IAAI,iBAAiB,MACjB,OAAO;CAIX,IAAI,CAAC,cAAc,KAAK,GACpB,OAAO;CAIX,IAAI,KAAK,IAAI,KAAK,GAAG,OAAO;CAC5B,KAAK,IAAI,KAAK;CACd,MAAM,SAAwC,CAAC;CAC/C,KAAK,MAAM,CAAC,KAAK,QAAQ,OAAO,QAAQ,KAAK,GAAG;EAC5C,IAAI,QAAQ,KAAA,GAAW;EACvB,OAAO,OAAO,cAAc,KAAK,IAAI;CACzC;CACA,KAAK,OAAO,KAAK;CACjB,OAAO;AACX;;;;;;;;;;;;;;;AAoBA,SAAS,uBAAuB,OAAgC;CAC5D,IAAI,UAAU,KAAA,GACV,OAAO,CAAC;CAGZ,IAAI,CAAC,cAAc,KAAK,GACpB,MAAM,IAAI,UACN,4DACJ;CAGJ,OAAO,cAAc,uBAAO,IAAI,QAAgB,CAAC;AACrD;;;;;;;;;;;;;;;;;;;ACnFA,IAAe,WAAf,cAAgC,MAAM;;;;;;;;;;;;;;;;;;CAyClC,YACI,SACA,MACA,SACF;EACE,MAAM,OAAO;EAEb,KAAK,OAAO,IAAI,OAAO;EACvB,KAAK,OAAO;EACZ,KAAK,QAAQ,SAAS;EACtB,KAAK,OAAO,SAAS;EACrB,KAAK,WAAW,SAAS;EACzB,KAAK,gBAAgB,SAAS;EAC9B,KAAK,YAAY,SAAS;EAC1B,KAAK,YAAY,SAAS;EAC1B,KAAK,eAAe,SAAS,iCAAgB,IAAI,KAAK,GAAE,YAAY;EACpE,KAAK,gBAAgB,SAAS;EAE9B,KAAK,WAAW,SAAS,WACnB,uBAAuB,QAAQ,QAAQ,IACvC,KAAA;EAEN,OAAO,eAAe,MAAM,IAAI,OAAO,SAAS;CACpD;;;;;CAMA,SAAyC;EACrC,MAAM,UAAmC;GACrC,MAAM,KAAK;GACX,MAAM,KAAK;GACX,SAAS,KAAK;GACd,cAAc,KAAK;EACvB;EAKA,IAAI,KAAK,SAAS,KAAA,GAAW,QAAQ,OAAO,KAAK;EACjD,IAAI,KAAK,aAAa,KAAA,GAAW,QAAQ,WAAW,KAAK;EACzD,IAAI,KAAK,kBAAkB,KAAA,GACvB,QAAQ,gBAAgB,KAAK;EACjC,IAAI,KAAK,aAAa,KAAA,GAAW,QAAQ,WAAW,KAAK;EACzD,IAAI,KAAK,kBAAkB,KAAA,GACvB,QAAQ,gBAAgB,KAAK;EACjC,IAAI,KAAK,cAAc,KAAA,GAAW,QAAQ,YAAY,KAAK;EAC3D,IAAI,KAAK,cAAc,KAAA,GAAW,QAAQ,YAAY,KAAK;EAE3D,OAAO;CACX;AACJ"}
@@ -264,6 +264,16 @@ var ConditionEvaluatorV1 = class ConditionEvaluatorV1 {
264
264
  }));
265
265
  return require_result.Result.err(message);
266
266
  }
267
+ static containsInvalidDate(value) {
268
+ if (value instanceof Date) return !PolicyDateUtils.isValid(value);
269
+ if (Array.isArray(value)) return value.some((item) => ConditionEvaluatorV1.containsInvalidDate(item));
270
+ return false;
271
+ }
272
+ static normalizeDateOperand(value) {
273
+ if (value instanceof Date) return value.toISOString();
274
+ if (Array.isArray(value)) return value.map((item) => ConditionEvaluatorV1.normalizeDateOperand(item));
275
+ return value;
276
+ }
267
277
  reportDateOperandError(node, actual) {
268
278
  const message = ConditionEvaluatorV1.buildInvalidDateOperandMessage(node);
269
279
  this.options.reporter.error(this.buildReport({
@@ -415,6 +425,10 @@ var ConditionEvaluatorV1 = class ConditionEvaluatorV1 {
415
425
  return this.evaluateNumericRelationalNode(node, actual);
416
426
  }
417
427
  if ((node.op === "in" || node.op === "notIn") && !Array.isArray(node.value)) return this.reportInvalidSetOperand(node, actual);
428
+ if (node.op === "eq" || node.op === "neq" || node.op === "in" || node.op === "notIn") {
429
+ if (ConditionEvaluatorV1.containsInvalidDate(actual) || ConditionEvaluatorV1.containsInvalidDate(node.value)) return this.reportDateOperandError(node, actual);
430
+ return require_result.Result.ok(this.evaluateOperator(ConditionEvaluatorV1.normalizeDateOperand(actual), node.op, ConditionEvaluatorV1.normalizeDateOperand(node.value)));
431
+ }
418
432
  return require_result.Result.ok(this.evaluateOperator(actual, node.op, node.value));
419
433
  } catch (error) {
420
434
  return this.conditionEvalErr(node, error);
@@ -1 +1 @@
1
- {"version":3,"file":"condition-evaluator.cjs","names":["#initialReporter","#currentReporter","#bridgeToConditionReporter","Result","isValidDate","Result"],"sources":["../src/core/config/silent-policy-reporter.ts","../src/core/config/core-config.ts","../src/core/config/core-config.instance.ts","../src/core/policies/context/path.ts","../src/core/policies/utils/date.ts","../src/core/policies/engines/v1/condition-evaluator.ts"],"sourcesContent":["import type { PolicyReporter } from \"./policy-reporter.js\";\n\nexport class SilentPolicyReporter implements PolicyReporter {\n report(_event: Parameters<PolicyReporter[\"report\"]>[0]): void {}\n}\n","import type {\n ConditionEvaluationOptions,\n ConditionEvaluatorReporter,\n} from \"../policies/engines/condition-evaluator-reporter.js\";\nimport type { PolicyEvent, PolicyReporter } from \"./policy-reporter.js\";\nimport { SilentPolicyReporter } from \"./silent-policy-reporter.js\";\n\nexport interface CoreObservabilityConfig {\n readonly reporter?: PolicyReporter;\n}\n\nexport interface CoreConfigOptions {\n readonly observability?: CoreObservabilityConfig;\n}\n\nfunction reportSafely(\n policyReporter: PolicyReporter,\n event: PolicyEvent,\n): void {\n try {\n policyReporter.report(event);\n } catch {\n // Falhas de telemetria nao podem interromper o fluxo de dominio.\n }\n}\n\n/**\n * Centraliza a configuracao pura do core sem depender de implementacoes\n * concretas de logging, tracing ou report.\n */\nexport class CoreConfig {\n readonly #initialReporter: PolicyReporter;\n #currentReporter: PolicyReporter;\n\n constructor(options: CoreConfigOptions = {}) {\n const reporter =\n options.observability?.reporter ?? new SilentPolicyReporter();\n this.#initialReporter = reporter;\n this.#currentReporter = reporter;\n }\n\n configure(options: CoreConfigOptions): this {\n const reporter = options.observability?.reporter;\n if (reporter) {\n this.#currentReporter = reporter;\n }\n return this;\n }\n\n // Restores the reporter captured at construction time.\n reset(): this {\n this.#currentReporter = this.#initialReporter;\n return this;\n }\n\n getPolicyReporter(): PolicyReporter {\n return this.#currentReporter;\n }\n\n getConditionEvaluationOptions(\n engineVersion: number,\n ): ConditionEvaluationOptions {\n return {\n reporter: this.#bridgeToConditionReporter(this.#currentReporter),\n engineVersion,\n };\n }\n\n #bridgeToConditionReporter(\n policyReporter: PolicyReporter,\n ): ConditionEvaluatorReporter {\n return {\n warn(report) {\n reportSafely(policyReporter, {\n kind: \"condition-eval\",\n ...report,\n } satisfies PolicyEvent);\n },\n error(report) {\n reportSafely(policyReporter, {\n kind: \"condition-eval\",\n ...report,\n } satisfies PolicyEvent);\n },\n };\n }\n}\n","import { CoreConfig } from \"./core-config.js\";\nimport { SilentPolicyReporter } from \"./silent-policy-reporter.js\";\n\n/**\n * Shared instance for the application composition root.\n * Use `new CoreConfig()` for isolated runtimes, tests, or multi-tenant hosts.\n *\n * The default reporter is silent so the core has no runtime logging dependency.\n * Hosts can swap in their own `PolicyReporter` via\n * `coreConfig.configure({ observability: { reporter } })`.\n */\nexport const coreConfig = new CoreConfig({\n observability: { reporter: new SilentPolicyReporter() },\n});\n","/**\n * Utilities for reading/writing values at dot-separated paths\n * in plain objects, e.g. \"installment.dueDate\".\n */\n\nimport { Result } from \"../../result/result.js\";\n\nexport class PolicyContextPath {\n private static readonly FORBIDDEN_SEGMENTS = new Set([\n \"__proto__\",\n \"prototype\",\n \"constructor\",\n ]);\n\n private static resolve(\n obj: Record<string, unknown>,\n path: string,\n ): Result<\n {\n readonly found: boolean;\n readonly value: unknown;\n },\n string\n > {\n const segmentsResult = PolicyContextPath.parseSegments(path);\n if (segmentsResult.isErr()) {\n return Result.err(segmentsResult.errorOrNull()!);\n }\n\n const segments = segmentsResult.getOrNull()!;\n let current: unknown = obj;\n\n for (const segment of segments) {\n if (\n current === null ||\n current === undefined ||\n typeof current !== \"object\"\n ) {\n return Result.ok({ found: false, value: undefined });\n }\n\n const record = current as Record<string, unknown>;\n if (!Object.prototype.hasOwnProperty.call(record, segment)) {\n return Result.ok({ found: false, value: undefined });\n }\n\n current = record[segment];\n }\n\n return Result.ok({ found: true, value: current });\n }\n\n private static parseSegments(\n path: string,\n ): Result<readonly string[], string> {\n if (path.trim().length === 0) {\n return Result.err(\"Path cannot be empty\");\n }\n\n const segments = path.split(\".\");\n if (segments.some((segment) => segment.length === 0)) {\n return Result.err(`Path \"${path}\" contains an empty segment`);\n }\n\n const forbiddenSegment = segments.find((segment) =>\n PolicyContextPath.FORBIDDEN_SEGMENTS.has(segment),\n );\n if (forbiddenSegment !== undefined) {\n return Result.err(\n `Path \"${path}\" contains forbidden segment \"${forbiddenSegment}\"`,\n );\n }\n\n return Result.ok(segments);\n }\n\n private static isPlainRecord(\n value: unknown,\n ): value is Record<string, unknown> {\n if (\n typeof value !== \"object\" ||\n value === null ||\n Array.isArray(value)\n ) {\n return false;\n }\n\n const prototype = Object.getPrototypeOf(value);\n return prototype === Object.prototype || prototype === null;\n }\n\n static getOrAbsent(\n obj: Record<string, unknown>,\n path: string,\n ): Result<unknown, \"absent\"> {\n const resolvedPath = PolicyContextPath.resolve(obj, path);\n if (resolvedPath.isErr()) {\n return Result.err(\"absent\");\n }\n\n const { found, value } = resolvedPath.getOrNull()!;\n if (!found) {\n return Result.err(\"absent\");\n }\n\n return Result.ok(value);\n }\n\n static has(obj: Record<string, unknown>, path: string): boolean {\n const resolvedPath = PolicyContextPath.resolve(obj, path);\n if (resolvedPath.isErr()) {\n return false;\n }\n\n return resolvedPath.getOrNull()!.found;\n }\n\n static set(\n obj: Record<string, unknown>,\n path: string,\n value: unknown,\n ): Result<void, string> {\n const segmentsResult = PolicyContextPath.parseSegments(path);\n if (segmentsResult.isErr()) {\n return Result.err(segmentsResult.errorOrNull()!);\n }\n\n const segments = segmentsResult.getOrNull()!;\n let current: Record<string, unknown> = obj;\n\n for (let i = 0; i < segments.length - 1; i++) {\n const seg = segments[i];\n const next = current[seg];\n\n if (next === undefined) {\n const container = Object.create(null) as Record<\n string,\n unknown\n >;\n current[seg] = container;\n current = container;\n continue;\n }\n\n if (!PolicyContextPath.isPlainRecord(next)) {\n return Result.err(\n `Cannot create nested path \"${path}\" because \"${segments\n .slice(0, i + 1)\n .join(\".\")}\" already contains a non-plain object`,\n );\n }\n\n current = next;\n }\n\n current[segments[segments.length - 1]] = value;\n return Result.ok(undefined);\n }\n}\n","import { isValidDate } from \"../../shared/temporal-guards.js\";\n\nexport class PolicyDateUtils {\n static isValid(value: Date): boolean {\n return isValidDate(value);\n }\n}\n","import { PolicyContextPath } from \"../../context/index.js\";\nimport { PolicyDateUtils } from \"../../utils/index.js\";\nimport { Result } from \"../../../result/result.js\";\n\nimport type {\n ConditionAndNode,\n ConditionLeafNode,\n ConditionNode,\n ConditionNotNode,\n ConditionOp,\n ConditionOrNode,\n} from \"./condition-types.js\";\nimport type {\n ConditionEvaluationOptions,\n ConditionEvaluationReport,\n} from \"../condition-evaluator-reporter.js\";\nimport type { PolicyContext } from \"../gate-types.js\";\n\nconst CONDITION_EVAL_THROWN_TAG = \"CONDITION_EVAL_THREW\";\nconst NULLISH_NUMERIC_OPERAND_NOT_ALLOWED_TAG =\n \"NULLISH_NUMERIC_OPERAND_NOT_ALLOWED\";\nconst NULLISH_DATE_OPERAND_NOT_ALLOWED_TAG = \"NULLISH_DATE_OPERAND_NOT_ALLOWED\";\nconst INVALID_DATE_OPERAND_TAG = \"INVALID_DATE_OPERAND\";\nconst INVALID_NUMERIC_OPERAND_TAG = \"INVALID_NUMERIC_OPERAND\";\nconst INVALID_SET_OPERAND_TAG = \"INVALID_SET_OPERAND\";\nconst EMPTY_OR_CONDITION_TAG = \"EMPTY_OR_CONDITION\";\nconst EMPTY_AND_CONDITION_TAG = \"EMPTY_AND_CONDITION\";\nconst ISO_8601_UTC_DATE_PATTERN =\n /^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$/;\n\nexport interface ConditionEvaluationTrace {\n readonly conditionPath: string;\n readonly decisiveNode: ConditionNode;\n readonly lastEvaluatedLeaf: ConditionLeafNode;\n readonly lastEvaluatedLeafPath: string;\n readonly lastEvaluatedLeafResult: boolean;\n}\n\nexport interface TracedConditionEvaluation {\n readonly matched: boolean;\n readonly trace: ConditionEvaluationTrace;\n}\n\ntype RelationalOperator = Extract<ConditionOp, \"gt\" | \"gte\" | \"lt\" | \"lte\">;\n\nexport class ConditionEvaluatorV1 {\n constructor(\n private readonly context: PolicyContext,\n private readonly options: ConditionEvaluationOptions,\n ) {}\n\n private static isLeafNode(node: ConditionNode): node is ConditionLeafNode {\n return \"field\" in node && \"op\" in node;\n }\n\n private static isAndNode(node: ConditionNode): node is ConditionAndNode {\n return \"and\" in node;\n }\n\n private static isOrNode(node: ConditionNode): node is ConditionOrNode {\n return \"or\" in node;\n }\n\n private static isNotNode(node: ConditionNode): node is ConditionNotNode {\n return \"not\" in node;\n }\n\n private static isRelationalOperator(\n op: ConditionOp,\n ): op is RelationalOperator {\n return op === \"gt\" || op === \"gte\" || op === \"lt\" || op === \"lte\";\n }\n\n private static describeError(error: unknown): {\n name: string;\n message: string;\n } {\n if (error instanceof Error) {\n return {\n name: error.name,\n message: error.message,\n };\n }\n\n return {\n name: \"NonErrorThrown\",\n message: String(error),\n };\n }\n\n private static buildNullishNumericOperandMessage(\n node: ConditionLeafNode,\n actual: null | undefined,\n ): string {\n const resolvedValue = actual === null ? \"null\" : \"undefined\";\n\n return `${NULLISH_NUMERIC_OPERAND_NOT_ALLOWED_TAG}: \"${node.field}\" resolved to ${resolvedValue} for numeric operator \"${node.op}\"`;\n }\n\n private static buildNullishDateOperandMessage(\n node: ConditionLeafNode,\n actual: null | undefined,\n ): string {\n const resolvedValue = actual === null ? \"null\" : \"undefined\";\n\n return `${NULLISH_DATE_OPERAND_NOT_ALLOWED_TAG}: \"${node.field}\" resolved to ${resolvedValue} for date comparison operator \"${node.op}\"`;\n }\n\n private static buildInvalidDateOperandMessage(\n node: ConditionLeafNode,\n ): string {\n return `${INVALID_DATE_OPERAND_TAG}: \"${node.field}\" with operator \"${node.op}\" requires Date or ISO 8601 UTC string operands`;\n }\n\n private static buildInvalidNumericOperandMessage(\n node: ConditionLeafNode,\n ): string {\n return `${INVALID_NUMERIC_OPERAND_TAG}: \"${node.field}\" with operator \"${node.op}\" requires numeric operands`;\n }\n\n private static buildInvalidSetOperandMessage(\n node: ConditionLeafNode,\n ): string {\n return `${INVALID_SET_OPERAND_TAG}: \"${node.field}\" with operator \"${node.op}\" requires an array operand`;\n }\n\n private static buildEmptyOrConditionMessage(): string {\n return `${EMPTY_OR_CONDITION_TAG}: OR nodes must contain at least one child condition`;\n }\n\n private static buildEmptyAndConditionMessage(): string {\n return `${EMPTY_AND_CONDITION_TAG}: AND nodes must contain at least one child condition`;\n }\n\n private static parseComparableDate(\n value: unknown,\n ): Result<Date, string> | null {\n if (value instanceof Date) {\n if (!PolicyDateUtils.isValid(value)) {\n return Result.err(\"Invalid Date instance\");\n }\n\n return Result.ok(value);\n }\n\n if (\n typeof value !== \"string\" ||\n !ISO_8601_UTC_DATE_PATTERN.test(value)\n ) {\n return null;\n }\n\n const parsed = new Date(value);\n if (\n !PolicyDateUtils.isValid(parsed) ||\n parsed.toISOString() !== value\n ) {\n return Result.err(\"Invalid ISO 8601 UTC date string\");\n }\n\n return Result.ok(parsed);\n }\n\n private static evaluateRelationalNumbers(\n actual: number,\n op: RelationalOperator,\n expected: number,\n ): boolean {\n switch (op) {\n case \"gt\":\n return actual > expected;\n case \"gte\":\n return actual >= expected;\n case \"lt\":\n return actual < expected;\n case \"lte\":\n return actual <= expected;\n }\n }\n\n private buildReport(params: {\n readonly level: ConditionEvaluationReport[\"level\"];\n readonly tag: ConditionEvaluationReport[\"tag\"];\n readonly message: string;\n readonly details: Readonly<Record<string, unknown>>;\n }): ConditionEvaluationReport {\n return {\n occurredAt: new Date(),\n level: params.level,\n tag: params.tag,\n message: params.message,\n engineVersion: this.options.engineVersion,\n details: params.details,\n };\n }\n\n private conditionEvalErr<TValue>(\n node: ConditionNode,\n error: unknown,\n ): Result<TValue, string> {\n const cause = ConditionEvaluatorV1.describeError(error);\n const message = `${CONDITION_EVAL_THROWN_TAG}: ${cause.name}: ${cause.message}`;\n\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: CONDITION_EVAL_THROWN_TAG,\n message,\n details: { node, cause },\n }),\n );\n\n return Result.err(message);\n }\n\n private reportDateOperandError(\n node: ConditionLeafNode,\n actual: unknown,\n ): Result<boolean, string> {\n const message =\n ConditionEvaluatorV1.buildInvalidDateOperandMessage(node);\n\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: INVALID_DATE_OPERAND_TAG,\n message,\n details: {\n field: node.field,\n op: node.op,\n actual,\n expected: node.value,\n node,\n },\n }),\n );\n\n return Result.err(message);\n }\n\n private reportInvalidNumericOperand(\n node: ConditionLeafNode,\n actual: unknown,\n ): Result<boolean, string> {\n const message =\n ConditionEvaluatorV1.buildInvalidNumericOperandMessage(node);\n\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: INVALID_NUMERIC_OPERAND_TAG,\n message,\n details: {\n field: node.field,\n op: node.op,\n actual,\n expected: node.value,\n node,\n },\n }),\n );\n\n return Result.err(message);\n }\n\n private reportInvalidSetOperand(\n node: ConditionLeafNode,\n actual: unknown,\n ): Result<boolean, string> {\n const message =\n ConditionEvaluatorV1.buildInvalidSetOperandMessage(node);\n\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: INVALID_SET_OPERAND_TAG,\n message,\n details: {\n field: node.field,\n op: node.op,\n actual,\n expected: node.value,\n node,\n },\n }),\n );\n\n return Result.err(message);\n }\n\n private evaluateDateRelationalNode(\n node: ConditionLeafNode,\n actual: unknown,\n ): Result<boolean, string> | null {\n if (!ConditionEvaluatorV1.isRelationalOperator(node.op)) {\n return null;\n }\n\n const actualDateResult =\n ConditionEvaluatorV1.parseComparableDate(actual);\n const expectedDateResult = ConditionEvaluatorV1.parseComparableDate(\n node.value,\n );\n\n if (actualDateResult === null && expectedDateResult === null) {\n return null;\n }\n\n const allowsNull = node.allowNull === true;\n\n if (actual === null) {\n if (allowsNull) {\n return Result.ok(false);\n }\n\n const message = ConditionEvaluatorV1.buildNullishDateOperandMessage(\n node,\n actual,\n );\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: NULLISH_DATE_OPERAND_NOT_ALLOWED_TAG,\n message,\n details: {\n field: node.field,\n op: node.op,\n actual,\n expected: node.value,\n allowNull: allowsNull,\n node,\n },\n }),\n );\n\n return Result.err(message);\n }\n\n if (actual === undefined) {\n const message = ConditionEvaluatorV1.buildNullishDateOperandMessage(\n node,\n actual,\n );\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: NULLISH_DATE_OPERAND_NOT_ALLOWED_TAG,\n message,\n details: {\n field: node.field,\n op: node.op,\n actual,\n expected: node.value,\n allowNull: allowsNull,\n node,\n },\n }),\n );\n\n return Result.err(message);\n }\n\n if (\n actualDateResult === null ||\n actualDateResult.isErr() ||\n expectedDateResult === null ||\n expectedDateResult.isErr()\n ) {\n return this.reportDateOperandError(node, actual);\n }\n\n return Result.ok(\n ConditionEvaluatorV1.evaluateRelationalNumbers(\n actualDateResult.getOrNull()!.getTime(),\n node.op,\n expectedDateResult.getOrNull()!.getTime(),\n ),\n );\n }\n\n private evaluateOperator(\n actual: unknown,\n op: ConditionOp,\n expected: unknown,\n ): boolean {\n switch (op) {\n case \"eq\":\n return actual === expected;\n case \"neq\":\n return actual !== expected;\n case \"gt\":\n return (\n typeof actual === \"number\" &&\n typeof expected === \"number\" &&\n ConditionEvaluatorV1.evaluateRelationalNumbers(\n actual,\n op,\n expected,\n )\n );\n case \"gte\":\n return (\n typeof actual === \"number\" &&\n typeof expected === \"number\" &&\n ConditionEvaluatorV1.evaluateRelationalNumbers(\n actual,\n op,\n expected,\n )\n );\n case \"lt\":\n return (\n typeof actual === \"number\" &&\n typeof expected === \"number\" &&\n ConditionEvaluatorV1.evaluateRelationalNumbers(\n actual,\n op,\n expected,\n )\n );\n case \"lte\":\n return (\n typeof actual === \"number\" &&\n typeof expected === \"number\" &&\n ConditionEvaluatorV1.evaluateRelationalNumbers(\n actual,\n op,\n expected,\n )\n );\n case \"in\":\n return Array.isArray(expected) && expected.includes(actual);\n case \"notIn\":\n return Array.isArray(expected) && !expected.includes(actual);\n case \"isNull\":\n return actual === null;\n case \"isNotNull\":\n return actual !== null && actual !== undefined;\n }\n }\n\n private evaluateNumericRelationalNode(\n node: ConditionLeafNode,\n actual: unknown,\n ): Result<boolean, string> {\n const allowsNull = node.allowNull === true;\n if (actual === undefined || (actual === null && !allowsNull)) {\n const message =\n ConditionEvaluatorV1.buildNullishNumericOperandMessage(\n node,\n actual as null | undefined,\n );\n\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: NULLISH_NUMERIC_OPERAND_NOT_ALLOWED_TAG,\n message,\n details: {\n field: node.field,\n op: node.op,\n actual,\n expected: node.value,\n allowNull: allowsNull,\n node,\n },\n }),\n );\n\n return Result.err(message);\n }\n\n // null + allowNull: a relational comparison against a missing value\n // never matches.\n if (actual === null) {\n return Result.ok(false);\n }\n\n // Both operands must be numbers. A present but wrong-typed operand is a\n // context/configuration error, surfaced like the date path instead of\n // silently collapsing to \"no match\".\n if (typeof actual !== \"number\" || typeof node.value !== \"number\") {\n return this.reportInvalidNumericOperand(node, actual);\n }\n\n return Result.ok(this.evaluateOperator(actual, node.op, node.value));\n }\n\n private evaluateLeafNode(node: ConditionLeafNode): Result<boolean, string> {\n const actualResult = PolicyContextPath.getOrAbsent(\n this.context,\n node.field,\n );\n if (actualResult.isErr()) {\n this.options.reporter.warn(\n this.buildReport({\n level: \"warn\",\n tag: \"MISSING_CONTEXT_FIELD\",\n message: `MISSING_CONTEXT_FIELD: \"${node.field}\" not found in context`,\n details: { field: node.field, node },\n }),\n );\n\n return Result.err(\n `MISSING_CONTEXT_FIELD: \"${node.field}\" not found in context`,\n );\n }\n\n try {\n const actual = actualResult.getOrThrow();\n if (ConditionEvaluatorV1.isRelationalOperator(node.op)) {\n const dateResult = this.evaluateDateRelationalNode(\n node,\n actual,\n );\n if (dateResult !== null) {\n return dateResult;\n }\n\n return this.evaluateNumericRelationalNode(node, actual);\n }\n\n if (\n (node.op === \"in\" || node.op === \"notIn\") &&\n !Array.isArray(node.value)\n ) {\n return this.reportInvalidSetOperand(node, actual);\n }\n\n return Result.ok(\n this.evaluateOperator(actual, node.op, node.value),\n );\n } catch (error) {\n return this.conditionEvalErr(node, error);\n }\n }\n\n private buildTrace(params: {\n readonly conditionPath: string;\n readonly decisiveNode: ConditionNode;\n readonly lastEvaluatedLeaf: ConditionLeafNode;\n readonly lastEvaluatedLeafPath: string;\n readonly lastEvaluatedLeafResult: boolean;\n }): ConditionEvaluationTrace {\n return {\n conditionPath: params.conditionPath,\n decisiveNode: params.decisiveNode,\n lastEvaluatedLeaf: params.lastEvaluatedLeaf,\n lastEvaluatedLeafPath: params.lastEvaluatedLeafPath,\n lastEvaluatedLeafResult: params.lastEvaluatedLeafResult,\n };\n }\n\n private evaluateWithTraceInternal(\n node: ConditionNode,\n path: string,\n ): Result<TracedConditionEvaluation, string> {\n if (ConditionEvaluatorV1.isLeafNode(node)) {\n const leafResult = this.evaluateLeafNode(node);\n if (leafResult.isErr()) {\n return Result.err(leafResult.errorOrNull()!);\n }\n\n const matched = leafResult.getOrNull()!;\n return Result.ok({\n matched,\n trace: this.buildTrace({\n conditionPath: path,\n decisiveNode: node,\n lastEvaluatedLeaf: node,\n lastEvaluatedLeafPath: path,\n lastEvaluatedLeafResult: matched,\n }),\n });\n }\n\n if (ConditionEvaluatorV1.isAndNode(node)) {\n if (node.and.length === 0) {\n return Result.err(\n ConditionEvaluatorV1.buildEmptyAndConditionMessage(),\n );\n }\n\n let lastTracedChild: TracedConditionEvaluation | null = null;\n\n for (const [index, child] of node.and.entries()) {\n const childPath = `${path}.and[${index}]`;\n const childResult = this.evaluateWithTraceInternal(\n child,\n childPath,\n );\n if (childResult.isErr()) {\n return Result.err(childResult.errorOrNull()!);\n }\n\n const tracedChild = childResult.getOrNull()!;\n lastTracedChild = tracedChild;\n if (!tracedChild.matched) {\n return Result.ok({\n matched: false,\n trace: this.buildTrace({\n conditionPath: childPath,\n decisiveNode: child,\n lastEvaluatedLeaf:\n tracedChild.trace.lastEvaluatedLeaf,\n lastEvaluatedLeafPath:\n tracedChild.trace.lastEvaluatedLeafPath,\n lastEvaluatedLeafResult:\n tracedChild.trace.lastEvaluatedLeafResult,\n }),\n });\n }\n }\n\n return Result.ok({\n matched: true,\n trace: lastTracedChild!.trace,\n });\n }\n\n if (ConditionEvaluatorV1.isOrNode(node)) {\n let lastTrace: ConditionEvaluationTrace | null = null;\n\n for (const [index, child] of node.or.entries()) {\n const childResult = this.evaluateWithTraceInternal(\n child,\n `${path}.or[${index}]`,\n );\n if (childResult.isErr()) {\n return Result.err(childResult.errorOrNull()!);\n }\n\n const tracedChild = childResult.getOrNull()!;\n lastTrace = tracedChild.trace;\n if (tracedChild.matched) {\n return Result.ok({\n matched: true,\n trace: tracedChild.trace,\n });\n }\n }\n\n if (lastTrace === null) {\n return Result.err(\n ConditionEvaluatorV1.buildEmptyOrConditionMessage(),\n );\n }\n\n return Result.ok({ matched: false, trace: lastTrace! });\n }\n\n if (ConditionEvaluatorV1.isNotNode(node)) {\n const childPath = `${path}.not`;\n const childResult = this.evaluateWithTraceInternal(\n node.not,\n childPath,\n );\n if (childResult.isErr()) {\n return Result.err(childResult.errorOrNull()!);\n }\n\n const tracedChild = childResult.getOrNull()!;\n return Result.ok({\n matched: !tracedChild.matched,\n trace: this.buildTrace({\n conditionPath: path,\n decisiveNode: node,\n lastEvaluatedLeaf: tracedChild.trace.lastEvaluatedLeaf,\n lastEvaluatedLeafPath:\n tracedChild.trace.lastEvaluatedLeafPath,\n lastEvaluatedLeafResult:\n tracedChild.trace.lastEvaluatedLeafResult,\n }),\n });\n }\n\n return this.conditionEvalErr(\n node,\n new TypeError(\"Invalid condition node shape\"),\n );\n }\n\n evaluate(node: ConditionNode): Result<boolean, string> {\n try {\n const result = this.evaluateWithTraceInternal(node, \"$\");\n if (result.isErr()) {\n return Result.err(result.errorOrNull()!);\n }\n\n return Result.ok(result.getOrNull()!.matched);\n } catch (error) {\n return this.conditionEvalErr(node, error);\n }\n }\n\n evaluateWithTrace(\n node: ConditionNode,\n ): Result<TracedConditionEvaluation, string> {\n try {\n return this.evaluateWithTraceInternal(node, \"$\");\n } catch (error) {\n return this.conditionEvalErr(node, error);\n }\n }\n\n static extractFields(node: ConditionNode): string[] {\n if (ConditionEvaluatorV1.isLeafNode(node)) {\n return [node.field];\n }\n\n if (ConditionEvaluatorV1.isAndNode(node)) {\n return node.and.flatMap((child) =>\n ConditionEvaluatorV1.extractFields(child),\n );\n }\n\n if (ConditionEvaluatorV1.isOrNode(node)) {\n return node.or.flatMap((child) =>\n ConditionEvaluatorV1.extractFields(child),\n );\n }\n\n if (ConditionEvaluatorV1.isNotNode(node)) {\n return ConditionEvaluatorV1.extractFields(node.not);\n }\n\n return [];\n }\n}\n"],"mappings":";;;AAEA,IAAa,uBAAb,MAA4D;CACxD,OAAO,QAAuD,CAAC;AACnE;;;ACWA,SAAS,aACL,gBACA,OACI;CACJ,IAAI;EACA,eAAe,OAAO,KAAK;CAC/B,QAAQ,CAER;AACJ;;;;;AAMA,IAAa,aAAb,MAAwB;CACpB;CACA;CAEA,YAAY,UAA6B,CAAC,GAAG;EACzC,MAAM,WACF,QAAQ,eAAe,YAAY,IAAI,qBAAqB;EAChE,KAAKA,mBAAmB;EACxB,KAAKC,mBAAmB;CAC5B;CAEA,UAAU,SAAkC;EACxC,MAAM,WAAW,QAAQ,eAAe;EACxC,IAAI,UACA,KAAKA,mBAAmB;EAE5B,OAAO;CACX;CAGA,QAAc;EACV,KAAKA,mBAAmB,KAAKD;EAC7B,OAAO;CACX;CAEA,oBAAoC;EAChC,OAAO,KAAKC;CAChB;CAEA,8BACI,eAC0B;EAC1B,OAAO;GACH,UAAU,KAAKC,2BAA2B,KAAKD,gBAAgB;GAC/D;EACJ;CACJ;CAEA,2BACI,gBAC0B;EAC1B,OAAO;GACH,KAAK,QAAQ;IACT,aAAa,gBAAgB;KACzB,MAAM;KACN,GAAG;IACP,CAAuB;GAC3B;GACA,MAAM,QAAQ;IACV,aAAa,gBAAgB;KACzB,MAAM;KACN,GAAG;IACP,CAAuB;GAC3B;EACJ;CACJ;AACJ;;;;;;;;;;;AC3EA,MAAa,aAAa,IAAI,WAAW,EACrC,eAAe,EAAE,UAAU,IAAI,qBAAqB,EAAE,EAC1D,CAAC;;;;;;;ACND,IAAa,oBAAb,MAAa,kBAAkB;;4BACkB,IAAI,IAAI;GACjD;GACA;GACA;EACJ,CAAC;;CAED,OAAe,QACX,KACA,MAOF;EACE,MAAM,iBAAiB,kBAAkB,cAAc,IAAI;EAC3D,IAAI,eAAe,MAAM,GACrB,OAAOE,eAAAA,OAAO,IAAI,eAAe,YAAY,CAAE;EAGnD,MAAM,WAAW,eAAe,UAAU;EAC1C,IAAI,UAAmB;EAEvB,KAAK,MAAM,WAAW,UAAU;GAC5B,IACI,YAAY,QACZ,YAAY,KAAA,KACZ,OAAO,YAAY,UAEnB,OAAOA,eAAAA,OAAO,GAAG;IAAE,OAAO;IAAO,OAAO,KAAA;GAAU,CAAC;GAGvD,MAAM,SAAS;GACf,IAAI,CAAC,OAAO,UAAU,eAAe,KAAK,QAAQ,OAAO,GACrD,OAAOA,eAAAA,OAAO,GAAG;IAAE,OAAO;IAAO,OAAO,KAAA;GAAU,CAAC;GAGvD,UAAU,OAAO;EACrB;EAEA,OAAOA,eAAAA,OAAO,GAAG;GAAE,OAAO;GAAM,OAAO;EAAQ,CAAC;CACpD;CAEA,OAAe,cACX,MACiC;EACjC,IAAI,KAAK,KAAK,EAAE,WAAW,GACvB,OAAOA,eAAAA,OAAO,IAAI,sBAAsB;EAG5C,MAAM,WAAW,KAAK,MAAM,GAAG;EAC/B,IAAI,SAAS,MAAM,YAAY,QAAQ,WAAW,CAAC,GAC/C,OAAOA,eAAAA,OAAO,IAAI,SAAS,KAAK,4BAA4B;EAGhE,MAAM,mBAAmB,SAAS,MAAM,YACpC,kBAAkB,mBAAmB,IAAI,OAAO,CACpD;EACA,IAAI,qBAAqB,KAAA,GACrB,OAAOA,eAAAA,OAAO,IACV,SAAS,KAAK,gCAAgC,iBAAiB,EACnE;EAGJ,OAAOA,eAAAA,OAAO,GAAG,QAAQ;CAC7B;CAEA,OAAe,cACX,OACgC;EAChC,IACI,OAAO,UAAU,YACjB,UAAU,QACV,MAAM,QAAQ,KAAK,GAEnB,OAAO;EAGX,MAAM,YAAY,OAAO,eAAe,KAAK;EAC7C,OAAO,cAAc,OAAO,aAAa,cAAc;CAC3D;CAEA,OAAO,YACH,KACA,MACyB;EACzB,MAAM,eAAe,kBAAkB,QAAQ,KAAK,IAAI;EACxD,IAAI,aAAa,MAAM,GACnB,OAAOA,eAAAA,OAAO,IAAI,QAAQ;EAG9B,MAAM,EAAE,OAAO,UAAU,aAAa,UAAU;EAChD,IAAI,CAAC,OACD,OAAOA,eAAAA,OAAO,IAAI,QAAQ;EAG9B,OAAOA,eAAAA,OAAO,GAAG,KAAK;CAC1B;CAEA,OAAO,IAAI,KAA8B,MAAuB;EAC5D,MAAM,eAAe,kBAAkB,QAAQ,KAAK,IAAI;EACxD,IAAI,aAAa,MAAM,GACnB,OAAO;EAGX,OAAO,aAAa,UAAU,EAAG;CACrC;CAEA,OAAO,IACH,KACA,MACA,OACoB;EACpB,MAAM,iBAAiB,kBAAkB,cAAc,IAAI;EAC3D,IAAI,eAAe,MAAM,GACrB,OAAOA,eAAAA,OAAO,IAAI,eAAe,YAAY,CAAE;EAGnD,MAAM,WAAW,eAAe,UAAU;EAC1C,IAAI,UAAmC;EAEvC,KAAK,IAAI,IAAI,GAAG,IAAI,SAAS,SAAS,GAAG,KAAK;GAC1C,MAAM,MAAM,SAAS;GACrB,MAAM,OAAO,QAAQ;GAErB,IAAI,SAAS,KAAA,GAAW;IACpB,MAAM,YAAY,OAAO,OAAO,IAAI;IAIpC,QAAQ,OAAO;IACf,UAAU;IACV;GACJ;GAEA,IAAI,CAAC,kBAAkB,cAAc,IAAI,GACrC,OAAOA,eAAAA,OAAO,IACV,8BAA8B,KAAK,aAAa,SAC3C,MAAM,GAAG,IAAI,CAAC,EACd,KAAK,GAAG,EAAE,sCACnB;GAGJ,UAAU;EACd;EAEA,QAAQ,SAAS,SAAS,SAAS,MAAM;EACzC,OAAOA,eAAAA,OAAO,GAAG,KAAA,CAAS;CAC9B;AACJ;;;AC5JA,IAAa,kBAAb,MAA6B;CACzB,OAAO,QAAQ,OAAsB;EACjC,OAAOC,wBAAAA,YAAY,KAAK;CAC5B;AACJ;;;ACYA,MAAM,4BAA4B;AAClC,MAAM,0CACF;AACJ,MAAM,uCAAuC;AAC7C,MAAM,2BAA2B;AACjC,MAAM,8BAA8B;AACpC,MAAM,0BAA0B;AAChC,MAAM,yBAAyB;AAC/B,MAAM,0BAA0B;AAChC,MAAM,4BACF;AAiBJ,IAAa,uBAAb,MAAa,qBAAqB;CAC9B,YACI,SACA,SACF;EAFmB,KAAA,UAAA;EACA,KAAA,UAAA;CAClB;CAEH,OAAe,WAAW,MAAgD;EACtE,OAAO,WAAW,QAAQ,QAAQ;CACtC;CAEA,OAAe,UAAU,MAA+C;EACpE,OAAO,SAAS;CACpB;CAEA,OAAe,SAAS,MAA8C;EAClE,OAAO,QAAQ;CACnB;CAEA,OAAe,UAAU,MAA+C;EACpE,OAAO,SAAS;CACpB;CAEA,OAAe,qBACX,IACwB;EACxB,OAAO,OAAO,QAAQ,OAAO,SAAS,OAAO,QAAQ,OAAO;CAChE;CAEA,OAAe,cAAc,OAG3B;EACE,IAAI,iBAAiB,OACjB,OAAO;GACH,MAAM,MAAM;GACZ,SAAS,MAAM;EACnB;EAGJ,OAAO;GACH,MAAM;GACN,SAAS,OAAO,KAAK;EACzB;CACJ;CAEA,OAAe,kCACX,MACA,QACM;EACN,MAAM,gBAAgB,WAAW,OAAO,SAAS;EAEjD,OAAO,GAAG,wCAAwC,KAAK,KAAK,MAAM,gBAAgB,cAAc,yBAAyB,KAAK,GAAG;CACrI;CAEA,OAAe,+BACX,MACA,QACM;EACN,MAAM,gBAAgB,WAAW,OAAO,SAAS;EAEjD,OAAO,GAAG,qCAAqC,KAAK,KAAK,MAAM,gBAAgB,cAAc,iCAAiC,KAAK,GAAG;CAC1I;CAEA,OAAe,+BACX,MACM;EACN,OAAO,GAAG,yBAAyB,KAAK,KAAK,MAAM,mBAAmB,KAAK,GAAG;CAClF;CAEA,OAAe,kCACX,MACM;EACN,OAAO,GAAG,4BAA4B,KAAK,KAAK,MAAM,mBAAmB,KAAK,GAAG;CACrF;CAEA,OAAe,8BACX,MACM;EACN,OAAO,GAAG,wBAAwB,KAAK,KAAK,MAAM,mBAAmB,KAAK,GAAG;CACjF;CAEA,OAAe,+BAAuC;EAClD,OAAO,GAAG,uBAAuB;CACrC;CAEA,OAAe,gCAAwC;EACnD,OAAO,GAAG,wBAAwB;CACtC;CAEA,OAAe,oBACX,OAC2B;EAC3B,IAAI,iBAAiB,MAAM;GACvB,IAAI,CAAC,gBAAgB,QAAQ,KAAK,GAC9B,OAAOC,eAAAA,OAAO,IAAI,uBAAuB;GAG7C,OAAOA,eAAAA,OAAO,GAAG,KAAK;EAC1B;EAEA,IACI,OAAO,UAAU,YACjB,CAAC,0BAA0B,KAAK,KAAK,GAErC,OAAO;EAGX,MAAM,SAAS,IAAI,KAAK,KAAK;EAC7B,IACI,CAAC,gBAAgB,QAAQ,MAAM,KAC/B,OAAO,YAAY,MAAM,OAEzB,OAAOA,eAAAA,OAAO,IAAI,kCAAkC;EAGxD,OAAOA,eAAAA,OAAO,GAAG,MAAM;CAC3B;CAEA,OAAe,0BACX,QACA,IACA,UACO;EACP,QAAQ,IAAR;GACI,KAAK,MACD,OAAO,SAAS;GACpB,KAAK,OACD,OAAO,UAAU;GACrB,KAAK,MACD,OAAO,SAAS;GACpB,KAAK,OACD,OAAO,UAAU;EACzB;CACJ;CAEA,YAAoB,QAKU;EAC1B,OAAO;GACH,4BAAY,IAAI,KAAK;GACrB,OAAO,OAAO;GACd,KAAK,OAAO;GACZ,SAAS,OAAO;GAChB,eAAe,KAAK,QAAQ;GAC5B,SAAS,OAAO;EACpB;CACJ;CAEA,iBACI,MACA,OACsB;EACtB,MAAM,QAAQ,qBAAqB,cAAc,KAAK;EACtD,MAAM,UAAU,GAAG,0BAA0B,IAAI,MAAM,KAAK,IAAI,MAAM;EAEtE,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;GACb,OAAO;GACP,KAAK;GACL;GACA,SAAS;IAAE;IAAM;GAAM;EAC3B,CAAC,CACL;EAEA,OAAOA,eAAAA,OAAO,IAAI,OAAO;CAC7B;CAEA,uBACI,MACA,QACuB;EACvB,MAAM,UACF,qBAAqB,+BAA+B,IAAI;EAE5D,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;GACb,OAAO;GACP,KAAK;GACL;GACA,SAAS;IACL,OAAO,KAAK;IACZ,IAAI,KAAK;IACT;IACA,UAAU,KAAK;IACf;GACJ;EACJ,CAAC,CACL;EAEA,OAAOA,eAAAA,OAAO,IAAI,OAAO;CAC7B;CAEA,4BACI,MACA,QACuB;EACvB,MAAM,UACF,qBAAqB,kCAAkC,IAAI;EAE/D,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;GACb,OAAO;GACP,KAAK;GACL;GACA,SAAS;IACL,OAAO,KAAK;IACZ,IAAI,KAAK;IACT;IACA,UAAU,KAAK;IACf;GACJ;EACJ,CAAC,CACL;EAEA,OAAOA,eAAAA,OAAO,IAAI,OAAO;CAC7B;CAEA,wBACI,MACA,QACuB;EACvB,MAAM,UACF,qBAAqB,8BAA8B,IAAI;EAE3D,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;GACb,OAAO;GACP,KAAK;GACL;GACA,SAAS;IACL,OAAO,KAAK;IACZ,IAAI,KAAK;IACT;IACA,UAAU,KAAK;IACf;GACJ;EACJ,CAAC,CACL;EAEA,OAAOA,eAAAA,OAAO,IAAI,OAAO;CAC7B;CAEA,2BACI,MACA,QAC8B;EAC9B,IAAI,CAAC,qBAAqB,qBAAqB,KAAK,EAAE,GAClD,OAAO;EAGX,MAAM,mBACF,qBAAqB,oBAAoB,MAAM;EACnD,MAAM,qBAAqB,qBAAqB,oBAC5C,KAAK,KACT;EAEA,IAAI,qBAAqB,QAAQ,uBAAuB,MACpD,OAAO;EAGX,MAAM,aAAa,KAAK,cAAc;EAEtC,IAAI,WAAW,MAAM;GACjB,IAAI,YACA,OAAOA,eAAAA,OAAO,GAAG,KAAK;GAG1B,MAAM,UAAU,qBAAqB,+BACjC,MACA,MACJ;GACA,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;IACb,OAAO;IACP,KAAK;IACL;IACA,SAAS;KACL,OAAO,KAAK;KACZ,IAAI,KAAK;KACT;KACA,UAAU,KAAK;KACf,WAAW;KACX;IACJ;GACJ,CAAC,CACL;GAEA,OAAOA,eAAAA,OAAO,IAAI,OAAO;EAC7B;EAEA,IAAI,WAAW,KAAA,GAAW;GACtB,MAAM,UAAU,qBAAqB,+BACjC,MACA,MACJ;GACA,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;IACb,OAAO;IACP,KAAK;IACL;IACA,SAAS;KACL,OAAO,KAAK;KACZ,IAAI,KAAK;KACT;KACA,UAAU,KAAK;KACf,WAAW;KACX;IACJ;GACJ,CAAC,CACL;GAEA,OAAOA,eAAAA,OAAO,IAAI,OAAO;EAC7B;EAEA,IACI,qBAAqB,QACrB,iBAAiB,MAAM,KACvB,uBAAuB,QACvB,mBAAmB,MAAM,GAEzB,OAAO,KAAK,uBAAuB,MAAM,MAAM;EAGnD,OAAOA,eAAAA,OAAO,GACV,qBAAqB,0BACjB,iBAAiB,UAAU,EAAG,QAAQ,GACtC,KAAK,IACL,mBAAmB,UAAU,EAAG,QAAQ,CAC5C,CACJ;CACJ;CAEA,iBACI,QACA,IACA,UACO;EACP,QAAQ,IAAR;GACI,KAAK,MACD,OAAO,WAAW;GACtB,KAAK,OACD,OAAO,WAAW;GACtB,KAAK,MACD,OACI,OAAO,WAAW,YAClB,OAAO,aAAa,YACpB,qBAAqB,0BACjB,QACA,IACA,QACJ;GAER,KAAK,OACD,OACI,OAAO,WAAW,YAClB,OAAO,aAAa,YACpB,qBAAqB,0BACjB,QACA,IACA,QACJ;GAER,KAAK,MACD,OACI,OAAO,WAAW,YAClB,OAAO,aAAa,YACpB,qBAAqB,0BACjB,QACA,IACA,QACJ;GAER,KAAK,OACD,OACI,OAAO,WAAW,YAClB,OAAO,aAAa,YACpB,qBAAqB,0BACjB,QACA,IACA,QACJ;GAER,KAAK,MACD,OAAO,MAAM,QAAQ,QAAQ,KAAK,SAAS,SAAS,MAAM;GAC9D,KAAK,SACD,OAAO,MAAM,QAAQ,QAAQ,KAAK,CAAC,SAAS,SAAS,MAAM;GAC/D,KAAK,UACD,OAAO,WAAW;GACtB,KAAK,aACD,OAAO,WAAW,QAAQ,WAAW,KAAA;EAC7C;CACJ;CAEA,8BACI,MACA,QACuB;EACvB,MAAM,aAAa,KAAK,cAAc;EACtC,IAAI,WAAW,KAAA,KAAc,WAAW,QAAQ,CAAC,YAAa;GAC1D,MAAM,UACF,qBAAqB,kCACjB,MACA,MACJ;GAEJ,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;IACb,OAAO;IACP,KAAK;IACL;IACA,SAAS;KACL,OAAO,KAAK;KACZ,IAAI,KAAK;KACT;KACA,UAAU,KAAK;KACf,WAAW;KACX;IACJ;GACJ,CAAC,CACL;GAEA,OAAOA,eAAAA,OAAO,IAAI,OAAO;EAC7B;EAIA,IAAI,WAAW,MACX,OAAOA,eAAAA,OAAO,GAAG,KAAK;EAM1B,IAAI,OAAO,WAAW,YAAY,OAAO,KAAK,UAAU,UACpD,OAAO,KAAK,4BAA4B,MAAM,MAAM;EAGxD,OAAOA,eAAAA,OAAO,GAAG,KAAK,iBAAiB,QAAQ,KAAK,IAAI,KAAK,KAAK,CAAC;CACvE;CAEA,iBAAyB,MAAkD;EACvE,MAAM,eAAe,kBAAkB,YACnC,KAAK,SACL,KAAK,KACT;EACA,IAAI,aAAa,MAAM,GAAG;GACtB,KAAK,QAAQ,SAAS,KAClB,KAAK,YAAY;IACb,OAAO;IACP,KAAK;IACL,SAAS,2BAA2B,KAAK,MAAM;IAC/C,SAAS;KAAE,OAAO,KAAK;KAAO;IAAK;GACvC,CAAC,CACL;GAEA,OAAOA,eAAAA,OAAO,IACV,2BAA2B,KAAK,MAAM,uBAC1C;EACJ;EAEA,IAAI;GACA,MAAM,SAAS,aAAa,WAAW;GACvC,IAAI,qBAAqB,qBAAqB,KAAK,EAAE,GAAG;IACpD,MAAM,aAAa,KAAK,2BACpB,MACA,MACJ;IACA,IAAI,eAAe,MACf,OAAO;IAGX,OAAO,KAAK,8BAA8B,MAAM,MAAM;GAC1D;GAEA,KACK,KAAK,OAAO,QAAQ,KAAK,OAAO,YACjC,CAAC,MAAM,QAAQ,KAAK,KAAK,GAEzB,OAAO,KAAK,wBAAwB,MAAM,MAAM;GAGpD,OAAOA,eAAAA,OAAO,GACV,KAAK,iBAAiB,QAAQ,KAAK,IAAI,KAAK,KAAK,CACrD;EACJ,SAAS,OAAO;GACZ,OAAO,KAAK,iBAAiB,MAAM,KAAK;EAC5C;CACJ;CAEA,WAAmB,QAMU;EACzB,OAAO;GACH,eAAe,OAAO;GACtB,cAAc,OAAO;GACrB,mBAAmB,OAAO;GAC1B,uBAAuB,OAAO;GAC9B,yBAAyB,OAAO;EACpC;CACJ;CAEA,0BACI,MACA,MACyC;EACzC,IAAI,qBAAqB,WAAW,IAAI,GAAG;GACvC,MAAM,aAAa,KAAK,iBAAiB,IAAI;GAC7C,IAAI,WAAW,MAAM,GACjB,OAAOA,eAAAA,OAAO,IAAI,WAAW,YAAY,CAAE;GAG/C,MAAM,UAAU,WAAW,UAAU;GACrC,OAAOA,eAAAA,OAAO,GAAG;IACb;IACA,OAAO,KAAK,WAAW;KACnB,eAAe;KACf,cAAc;KACd,mBAAmB;KACnB,uBAAuB;KACvB,yBAAyB;IAC7B,CAAC;GACL,CAAC;EACL;EAEA,IAAI,qBAAqB,UAAU,IAAI,GAAG;GACtC,IAAI,KAAK,IAAI,WAAW,GACpB,OAAOA,eAAAA,OAAO,IACV,qBAAqB,8BAA8B,CACvD;GAGJ,IAAI,kBAAoD;GAExD,KAAK,MAAM,CAAC,OAAO,UAAU,KAAK,IAAI,QAAQ,GAAG;IAC7C,MAAM,YAAY,GAAG,KAAK,OAAO,MAAM;IACvC,MAAM,cAAc,KAAK,0BACrB,OACA,SACJ;IACA,IAAI,YAAY,MAAM,GAClB,OAAOA,eAAAA,OAAO,IAAI,YAAY,YAAY,CAAE;IAGhD,MAAM,cAAc,YAAY,UAAU;IAC1C,kBAAkB;IAClB,IAAI,CAAC,YAAY,SACb,OAAOA,eAAAA,OAAO,GAAG;KACb,SAAS;KACT,OAAO,KAAK,WAAW;MACnB,eAAe;MACf,cAAc;MACd,mBACI,YAAY,MAAM;MACtB,uBACI,YAAY,MAAM;MACtB,yBACI,YAAY,MAAM;KAC1B,CAAC;IACL,CAAC;GAET;GAEA,OAAOA,eAAAA,OAAO,GAAG;IACb,SAAS;IACT,OAAO,gBAAiB;GAC5B,CAAC;EACL;EAEA,IAAI,qBAAqB,SAAS,IAAI,GAAG;GACrC,IAAI,YAA6C;GAEjD,KAAK,MAAM,CAAC,OAAO,UAAU,KAAK,GAAG,QAAQ,GAAG;IAC5C,MAAM,cAAc,KAAK,0BACrB,OACA,GAAG,KAAK,MAAM,MAAM,EACxB;IACA,IAAI,YAAY,MAAM,GAClB,OAAOA,eAAAA,OAAO,IAAI,YAAY,YAAY,CAAE;IAGhD,MAAM,cAAc,YAAY,UAAU;IAC1C,YAAY,YAAY;IACxB,IAAI,YAAY,SACZ,OAAOA,eAAAA,OAAO,GAAG;KACb,SAAS;KACT,OAAO,YAAY;IACvB,CAAC;GAET;GAEA,IAAI,cAAc,MACd,OAAOA,eAAAA,OAAO,IACV,qBAAqB,6BAA6B,CACtD;GAGJ,OAAOA,eAAAA,OAAO,GAAG;IAAE,SAAS;IAAO,OAAO;GAAW,CAAC;EAC1D;EAEA,IAAI,qBAAqB,UAAU,IAAI,GAAG;GACtC,MAAM,YAAY,GAAG,KAAK;GAC1B,MAAM,cAAc,KAAK,0BACrB,KAAK,KACL,SACJ;GACA,IAAI,YAAY,MAAM,GAClB,OAAOA,eAAAA,OAAO,IAAI,YAAY,YAAY,CAAE;GAGhD,MAAM,cAAc,YAAY,UAAU;GAC1C,OAAOA,eAAAA,OAAO,GAAG;IACb,SAAS,CAAC,YAAY;IACtB,OAAO,KAAK,WAAW;KACnB,eAAe;KACf,cAAc;KACd,mBAAmB,YAAY,MAAM;KACrC,uBACI,YAAY,MAAM;KACtB,yBACI,YAAY,MAAM;IAC1B,CAAC;GACL,CAAC;EACL;EAEA,OAAO,KAAK,iBACR,sBACA,IAAI,UAAU,8BAA8B,CAChD;CACJ;CAEA,SAAS,MAA8C;EACnD,IAAI;GACA,MAAM,SAAS,KAAK,0BAA0B,MAAM,GAAG;GACvD,IAAI,OAAO,MAAM,GACb,OAAOA,eAAAA,OAAO,IAAI,OAAO,YAAY,CAAE;GAG3C,OAAOA,eAAAA,OAAO,GAAG,OAAO,UAAU,EAAG,OAAO;EAChD,SAAS,OAAO;GACZ,OAAO,KAAK,iBAAiB,MAAM,KAAK;EAC5C;CACJ;CAEA,kBACI,MACyC;EACzC,IAAI;GACA,OAAO,KAAK,0BAA0B,MAAM,GAAG;EACnD,SAAS,OAAO;GACZ,OAAO,KAAK,iBAAiB,MAAM,KAAK;EAC5C;CACJ;CAEA,OAAO,cAAc,MAA+B;EAChD,IAAI,qBAAqB,WAAW,IAAI,GACpC,OAAO,CAAC,KAAK,KAAK;EAGtB,IAAI,qBAAqB,UAAU,IAAI,GACnC,OAAO,KAAK,IAAI,SAAS,UACrB,qBAAqB,cAAc,KAAK,CAC5C;EAGJ,IAAI,qBAAqB,SAAS,IAAI,GAClC,OAAO,KAAK,GAAG,SAAS,UACpB,qBAAqB,cAAc,KAAK,CAC5C;EAGJ,IAAI,qBAAqB,UAAU,IAAI,GACnC,OAAO,qBAAqB,cAAc,KAAK,GAAG;EAGtD,OAAO,CAAC;CACZ;AACJ"}
1
+ {"version":3,"file":"condition-evaluator.cjs","names":["#initialReporter","#currentReporter","#bridgeToConditionReporter","Result","isValidDate","Result"],"sources":["../src/core/config/silent-policy-reporter.ts","../src/core/config/core-config.ts","../src/core/config/core-config.instance.ts","../src/core/policies/context/path.ts","../src/core/policies/utils/date.ts","../src/core/policies/engines/v1/condition-evaluator.ts"],"sourcesContent":["import type { PolicyReporter } from \"./policy-reporter.js\";\n\nexport class SilentPolicyReporter implements PolicyReporter {\n report(_event: Parameters<PolicyReporter[\"report\"]>[0]): void {}\n}\n","import type {\n ConditionEvaluationOptions,\n ConditionEvaluatorReporter,\n} from \"../policies/engines/condition-evaluator-reporter.js\";\nimport type { PolicyEvent, PolicyReporter } from \"./policy-reporter.js\";\nimport { SilentPolicyReporter } from \"./silent-policy-reporter.js\";\n\nexport interface CoreObservabilityConfig {\n readonly reporter?: PolicyReporter;\n}\n\nexport interface CoreConfigOptions {\n readonly observability?: CoreObservabilityConfig;\n}\n\nfunction reportSafely(\n policyReporter: PolicyReporter,\n event: PolicyEvent,\n): void {\n try {\n policyReporter.report(event);\n } catch {\n // Falhas de telemetria nao podem interromper o fluxo de dominio.\n }\n}\n\n/**\n * Centraliza a configuracao pura do core sem depender de implementacoes\n * concretas de logging, tracing ou report.\n */\nexport class CoreConfig {\n readonly #initialReporter: PolicyReporter;\n #currentReporter: PolicyReporter;\n\n constructor(options: CoreConfigOptions = {}) {\n const reporter =\n options.observability?.reporter ?? new SilentPolicyReporter();\n this.#initialReporter = reporter;\n this.#currentReporter = reporter;\n }\n\n configure(options: CoreConfigOptions): this {\n const reporter = options.observability?.reporter;\n if (reporter) {\n this.#currentReporter = reporter;\n }\n return this;\n }\n\n // Restores the reporter captured at construction time.\n reset(): this {\n this.#currentReporter = this.#initialReporter;\n return this;\n }\n\n getPolicyReporter(): PolicyReporter {\n return this.#currentReporter;\n }\n\n getConditionEvaluationOptions(\n engineVersion: number,\n ): ConditionEvaluationOptions {\n return {\n reporter: this.#bridgeToConditionReporter(this.#currentReporter),\n engineVersion,\n };\n }\n\n #bridgeToConditionReporter(\n policyReporter: PolicyReporter,\n ): ConditionEvaluatorReporter {\n return {\n warn(report) {\n reportSafely(policyReporter, {\n kind: \"condition-eval\",\n ...report,\n } satisfies PolicyEvent);\n },\n error(report) {\n reportSafely(policyReporter, {\n kind: \"condition-eval\",\n ...report,\n } satisfies PolicyEvent);\n },\n };\n }\n}\n","import { CoreConfig } from \"./core-config.js\";\nimport { SilentPolicyReporter } from \"./silent-policy-reporter.js\";\n\n/**\n * Shared instance for the application composition root.\n * Use `new CoreConfig()` for isolated runtimes, tests, or multi-tenant hosts.\n *\n * The default reporter is silent so the core has no runtime logging dependency.\n * Hosts can swap in their own `PolicyReporter` via\n * `coreConfig.configure({ observability: { reporter } })`.\n */\nexport const coreConfig = new CoreConfig({\n observability: { reporter: new SilentPolicyReporter() },\n});\n","/**\n * Utilities for reading/writing values at dot-separated paths\n * in plain objects, e.g. \"installment.dueDate\".\n */\n\nimport { Result } from \"../../result/result.js\";\n\nexport class PolicyContextPath {\n private static readonly FORBIDDEN_SEGMENTS = new Set([\n \"__proto__\",\n \"prototype\",\n \"constructor\",\n ]);\n\n private static resolve(\n obj: Record<string, unknown>,\n path: string,\n ): Result<\n {\n readonly found: boolean;\n readonly value: unknown;\n },\n string\n > {\n const segmentsResult = PolicyContextPath.parseSegments(path);\n if (segmentsResult.isErr()) {\n return Result.err(segmentsResult.errorOrNull()!);\n }\n\n const segments = segmentsResult.getOrNull()!;\n let current: unknown = obj;\n\n for (const segment of segments) {\n if (\n current === null ||\n current === undefined ||\n typeof current !== \"object\"\n ) {\n return Result.ok({ found: false, value: undefined });\n }\n\n const record = current as Record<string, unknown>;\n if (!Object.prototype.hasOwnProperty.call(record, segment)) {\n return Result.ok({ found: false, value: undefined });\n }\n\n current = record[segment];\n }\n\n return Result.ok({ found: true, value: current });\n }\n\n private static parseSegments(\n path: string,\n ): Result<readonly string[], string> {\n if (path.trim().length === 0) {\n return Result.err(\"Path cannot be empty\");\n }\n\n const segments = path.split(\".\");\n if (segments.some((segment) => segment.length === 0)) {\n return Result.err(`Path \"${path}\" contains an empty segment`);\n }\n\n const forbiddenSegment = segments.find((segment) =>\n PolicyContextPath.FORBIDDEN_SEGMENTS.has(segment),\n );\n if (forbiddenSegment !== undefined) {\n return Result.err(\n `Path \"${path}\" contains forbidden segment \"${forbiddenSegment}\"`,\n );\n }\n\n return Result.ok(segments);\n }\n\n private static isPlainRecord(\n value: unknown,\n ): value is Record<string, unknown> {\n if (\n typeof value !== \"object\" ||\n value === null ||\n Array.isArray(value)\n ) {\n return false;\n }\n\n const prototype = Object.getPrototypeOf(value);\n return prototype === Object.prototype || prototype === null;\n }\n\n static getOrAbsent(\n obj: Record<string, unknown>,\n path: string,\n ): Result<unknown, \"absent\"> {\n const resolvedPath = PolicyContextPath.resolve(obj, path);\n if (resolvedPath.isErr()) {\n return Result.err(\"absent\");\n }\n\n const { found, value } = resolvedPath.getOrNull()!;\n if (!found) {\n return Result.err(\"absent\");\n }\n\n return Result.ok(value);\n }\n\n static has(obj: Record<string, unknown>, path: string): boolean {\n const resolvedPath = PolicyContextPath.resolve(obj, path);\n if (resolvedPath.isErr()) {\n return false;\n }\n\n return resolvedPath.getOrNull()!.found;\n }\n\n static set(\n obj: Record<string, unknown>,\n path: string,\n value: unknown,\n ): Result<void, string> {\n const segmentsResult = PolicyContextPath.parseSegments(path);\n if (segmentsResult.isErr()) {\n return Result.err(segmentsResult.errorOrNull()!);\n }\n\n const segments = segmentsResult.getOrNull()!;\n let current: Record<string, unknown> = obj;\n\n for (let i = 0; i < segments.length - 1; i++) {\n const seg = segments[i];\n const next = current[seg];\n\n if (next === undefined) {\n const container = Object.create(null) as Record<\n string,\n unknown\n >;\n current[seg] = container;\n current = container;\n continue;\n }\n\n if (!PolicyContextPath.isPlainRecord(next)) {\n return Result.err(\n `Cannot create nested path \"${path}\" because \"${segments\n .slice(0, i + 1)\n .join(\".\")}\" already contains a non-plain object`,\n );\n }\n\n current = next;\n }\n\n current[segments[segments.length - 1]] = value;\n return Result.ok(undefined);\n }\n}\n","import { isValidDate } from \"../../shared/temporal-guards.js\";\n\nexport class PolicyDateUtils {\n static isValid(value: Date): boolean {\n return isValidDate(value);\n }\n}\n","import { PolicyContextPath } from \"../../context/index.js\";\n// Import the date util directly (not the utils barrel): the barrel re-exports\n// PolicyHashing, whose node:crypto import would needlessly drag a Node-only\n// API into the zod-free ./abac subpath.\nimport { PolicyDateUtils } from \"../../utils/date.js\";\nimport { Result } from \"../../../result/result.js\";\n\nimport type {\n ConditionAndNode,\n ConditionLeafNode,\n ConditionNode,\n ConditionNotNode,\n ConditionOp,\n ConditionOrNode,\n} from \"./condition-types.js\";\nimport type {\n ConditionEvaluationOptions,\n ConditionEvaluationReport,\n} from \"../condition-evaluator-reporter.js\";\nimport type { PolicyContext } from \"../gate-types.js\";\n\nconst CONDITION_EVAL_THROWN_TAG = \"CONDITION_EVAL_THREW\";\nconst NULLISH_NUMERIC_OPERAND_NOT_ALLOWED_TAG =\n \"NULLISH_NUMERIC_OPERAND_NOT_ALLOWED\";\nconst NULLISH_DATE_OPERAND_NOT_ALLOWED_TAG = \"NULLISH_DATE_OPERAND_NOT_ALLOWED\";\nconst INVALID_DATE_OPERAND_TAG = \"INVALID_DATE_OPERAND\";\nconst INVALID_NUMERIC_OPERAND_TAG = \"INVALID_NUMERIC_OPERAND\";\nconst INVALID_SET_OPERAND_TAG = \"INVALID_SET_OPERAND\";\nconst EMPTY_OR_CONDITION_TAG = \"EMPTY_OR_CONDITION\";\nconst EMPTY_AND_CONDITION_TAG = \"EMPTY_AND_CONDITION\";\nconst ISO_8601_UTC_DATE_PATTERN =\n /^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$/;\n\nexport interface ConditionEvaluationTrace {\n readonly conditionPath: string;\n readonly decisiveNode: ConditionNode;\n readonly lastEvaluatedLeaf: ConditionLeafNode;\n readonly lastEvaluatedLeafPath: string;\n readonly lastEvaluatedLeafResult: boolean;\n}\n\nexport interface TracedConditionEvaluation {\n readonly matched: boolean;\n readonly trace: ConditionEvaluationTrace;\n}\n\ntype RelationalOperator = Extract<ConditionOp, \"gt\" | \"gte\" | \"lt\" | \"lte\">;\n\nexport class ConditionEvaluatorV1 {\n constructor(\n private readonly context: PolicyContext,\n private readonly options: ConditionEvaluationOptions,\n ) {}\n\n private static isLeafNode(node: ConditionNode): node is ConditionLeafNode {\n return \"field\" in node && \"op\" in node;\n }\n\n private static isAndNode(node: ConditionNode): node is ConditionAndNode {\n return \"and\" in node;\n }\n\n private static isOrNode(node: ConditionNode): node is ConditionOrNode {\n return \"or\" in node;\n }\n\n private static isNotNode(node: ConditionNode): node is ConditionNotNode {\n return \"not\" in node;\n }\n\n private static isRelationalOperator(\n op: ConditionOp,\n ): op is RelationalOperator {\n return op === \"gt\" || op === \"gte\" || op === \"lt\" || op === \"lte\";\n }\n\n private static describeError(error: unknown): {\n name: string;\n message: string;\n } {\n if (error instanceof Error) {\n return {\n name: error.name,\n message: error.message,\n };\n }\n\n return {\n name: \"NonErrorThrown\",\n message: String(error),\n };\n }\n\n private static buildNullishNumericOperandMessage(\n node: ConditionLeafNode,\n actual: null | undefined,\n ): string {\n const resolvedValue = actual === null ? \"null\" : \"undefined\";\n\n return `${NULLISH_NUMERIC_OPERAND_NOT_ALLOWED_TAG}: \"${node.field}\" resolved to ${resolvedValue} for numeric operator \"${node.op}\"`;\n }\n\n private static buildNullishDateOperandMessage(\n node: ConditionLeafNode,\n actual: null | undefined,\n ): string {\n const resolvedValue = actual === null ? \"null\" : \"undefined\";\n\n return `${NULLISH_DATE_OPERAND_NOT_ALLOWED_TAG}: \"${node.field}\" resolved to ${resolvedValue} for date comparison operator \"${node.op}\"`;\n }\n\n private static buildInvalidDateOperandMessage(\n node: ConditionLeafNode,\n ): string {\n return `${INVALID_DATE_OPERAND_TAG}: \"${node.field}\" with operator \"${node.op}\" requires Date or ISO 8601 UTC string operands`;\n }\n\n private static buildInvalidNumericOperandMessage(\n node: ConditionLeafNode,\n ): string {\n return `${INVALID_NUMERIC_OPERAND_TAG}: \"${node.field}\" with operator \"${node.op}\" requires numeric operands`;\n }\n\n private static buildInvalidSetOperandMessage(\n node: ConditionLeafNode,\n ): string {\n return `${INVALID_SET_OPERAND_TAG}: \"${node.field}\" with operator \"${node.op}\" requires an array operand`;\n }\n\n private static buildEmptyOrConditionMessage(): string {\n return `${EMPTY_OR_CONDITION_TAG}: OR nodes must contain at least one child condition`;\n }\n\n private static buildEmptyAndConditionMessage(): string {\n return `${EMPTY_AND_CONDITION_TAG}: AND nodes must contain at least one child condition`;\n }\n\n private static parseComparableDate(\n value: unknown,\n ): Result<Date, string> | null {\n if (value instanceof Date) {\n if (!PolicyDateUtils.isValid(value)) {\n return Result.err(\"Invalid Date instance\");\n }\n\n return Result.ok(value);\n }\n\n if (\n typeof value !== \"string\" ||\n !ISO_8601_UTC_DATE_PATTERN.test(value)\n ) {\n return null;\n }\n\n const parsed = new Date(value);\n if (\n !PolicyDateUtils.isValid(parsed) ||\n parsed.toISOString() !== value\n ) {\n return Result.err(\"Invalid ISO 8601 UTC date string\");\n }\n\n return Result.ok(parsed);\n }\n\n private static evaluateRelationalNumbers(\n actual: number,\n op: RelationalOperator,\n expected: number,\n ): boolean {\n switch (op) {\n case \"gt\":\n return actual > expected;\n case \"gte\":\n return actual >= expected;\n case \"lt\":\n return actual < expected;\n case \"lte\":\n return actual <= expected;\n }\n }\n\n private buildReport(params: {\n readonly level: ConditionEvaluationReport[\"level\"];\n readonly tag: ConditionEvaluationReport[\"tag\"];\n readonly message: string;\n readonly details: Readonly<Record<string, unknown>>;\n }): ConditionEvaluationReport {\n return {\n occurredAt: new Date(),\n level: params.level,\n tag: params.tag,\n message: params.message,\n engineVersion: this.options.engineVersion,\n details: params.details,\n };\n }\n\n private conditionEvalErr<TValue>(\n node: ConditionNode,\n error: unknown,\n ): Result<TValue, string> {\n const cause = ConditionEvaluatorV1.describeError(error);\n const message = `${CONDITION_EVAL_THROWN_TAG}: ${cause.name}: ${cause.message}`;\n\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: CONDITION_EVAL_THROWN_TAG,\n message,\n details: { node, cause },\n }),\n );\n\n return Result.err(message);\n }\n\n private static containsInvalidDate(value: unknown): boolean {\n if (value instanceof Date) {\n return !PolicyDateUtils.isValid(value);\n }\n if (Array.isArray(value)) {\n return value.some((item) =>\n ConditionEvaluatorV1.containsInvalidDate(item),\n );\n }\n return false;\n }\n\n // Valid Dates become their ISO string so equality/set operators compare\n // instants instead of references; every other value passes through.\n private static normalizeDateOperand(value: unknown): unknown {\n if (value instanceof Date) {\n return value.toISOString();\n }\n if (Array.isArray(value)) {\n return value.map((item) =>\n ConditionEvaluatorV1.normalizeDateOperand(item),\n );\n }\n return value;\n }\n\n private reportDateOperandError(\n node: ConditionLeafNode,\n actual: unknown,\n ): Result<boolean, string> {\n const message =\n ConditionEvaluatorV1.buildInvalidDateOperandMessage(node);\n\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: INVALID_DATE_OPERAND_TAG,\n message,\n details: {\n field: node.field,\n op: node.op,\n actual,\n expected: node.value,\n node,\n },\n }),\n );\n\n return Result.err(message);\n }\n\n private reportInvalidNumericOperand(\n node: ConditionLeafNode,\n actual: unknown,\n ): Result<boolean, string> {\n const message =\n ConditionEvaluatorV1.buildInvalidNumericOperandMessage(node);\n\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: INVALID_NUMERIC_OPERAND_TAG,\n message,\n details: {\n field: node.field,\n op: node.op,\n actual,\n expected: node.value,\n node,\n },\n }),\n );\n\n return Result.err(message);\n }\n\n private reportInvalidSetOperand(\n node: ConditionLeafNode,\n actual: unknown,\n ): Result<boolean, string> {\n const message =\n ConditionEvaluatorV1.buildInvalidSetOperandMessage(node);\n\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: INVALID_SET_OPERAND_TAG,\n message,\n details: {\n field: node.field,\n op: node.op,\n actual,\n expected: node.value,\n node,\n },\n }),\n );\n\n return Result.err(message);\n }\n\n private evaluateDateRelationalNode(\n node: ConditionLeafNode,\n actual: unknown,\n ): Result<boolean, string> | null {\n if (!ConditionEvaluatorV1.isRelationalOperator(node.op)) {\n return null;\n }\n\n const actualDateResult =\n ConditionEvaluatorV1.parseComparableDate(actual);\n const expectedDateResult = ConditionEvaluatorV1.parseComparableDate(\n node.value,\n );\n\n if (actualDateResult === null && expectedDateResult === null) {\n return null;\n }\n\n const allowsNull = node.allowNull === true;\n\n if (actual === null) {\n if (allowsNull) {\n return Result.ok(false);\n }\n\n const message = ConditionEvaluatorV1.buildNullishDateOperandMessage(\n node,\n actual,\n );\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: NULLISH_DATE_OPERAND_NOT_ALLOWED_TAG,\n message,\n details: {\n field: node.field,\n op: node.op,\n actual,\n expected: node.value,\n allowNull: allowsNull,\n node,\n },\n }),\n );\n\n return Result.err(message);\n }\n\n if (actual === undefined) {\n const message = ConditionEvaluatorV1.buildNullishDateOperandMessage(\n node,\n actual,\n );\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: NULLISH_DATE_OPERAND_NOT_ALLOWED_TAG,\n message,\n details: {\n field: node.field,\n op: node.op,\n actual,\n expected: node.value,\n allowNull: allowsNull,\n node,\n },\n }),\n );\n\n return Result.err(message);\n }\n\n if (\n actualDateResult === null ||\n actualDateResult.isErr() ||\n expectedDateResult === null ||\n expectedDateResult.isErr()\n ) {\n return this.reportDateOperandError(node, actual);\n }\n\n return Result.ok(\n ConditionEvaluatorV1.evaluateRelationalNumbers(\n actualDateResult.getOrNull()!.getTime(),\n node.op,\n expectedDateResult.getOrNull()!.getTime(),\n ),\n );\n }\n\n private evaluateOperator(\n actual: unknown,\n op: ConditionOp,\n expected: unknown,\n ): boolean {\n switch (op) {\n case \"eq\":\n return actual === expected;\n case \"neq\":\n return actual !== expected;\n case \"gt\":\n return (\n typeof actual === \"number\" &&\n typeof expected === \"number\" &&\n ConditionEvaluatorV1.evaluateRelationalNumbers(\n actual,\n op,\n expected,\n )\n );\n case \"gte\":\n return (\n typeof actual === \"number\" &&\n typeof expected === \"number\" &&\n ConditionEvaluatorV1.evaluateRelationalNumbers(\n actual,\n op,\n expected,\n )\n );\n case \"lt\":\n return (\n typeof actual === \"number\" &&\n typeof expected === \"number\" &&\n ConditionEvaluatorV1.evaluateRelationalNumbers(\n actual,\n op,\n expected,\n )\n );\n case \"lte\":\n return (\n typeof actual === \"number\" &&\n typeof expected === \"number\" &&\n ConditionEvaluatorV1.evaluateRelationalNumbers(\n actual,\n op,\n expected,\n )\n );\n case \"in\":\n return Array.isArray(expected) && expected.includes(actual);\n case \"notIn\":\n return Array.isArray(expected) && !expected.includes(actual);\n case \"isNull\":\n return actual === null;\n case \"isNotNull\":\n return actual !== null && actual !== undefined;\n }\n }\n\n private evaluateNumericRelationalNode(\n node: ConditionLeafNode,\n actual: unknown,\n ): Result<boolean, string> {\n const allowsNull = node.allowNull === true;\n if (actual === undefined || (actual === null && !allowsNull)) {\n const message =\n ConditionEvaluatorV1.buildNullishNumericOperandMessage(\n node,\n actual as null | undefined,\n );\n\n this.options.reporter.error(\n this.buildReport({\n level: \"error\",\n tag: NULLISH_NUMERIC_OPERAND_NOT_ALLOWED_TAG,\n message,\n details: {\n field: node.field,\n op: node.op,\n actual,\n expected: node.value,\n allowNull: allowsNull,\n node,\n },\n }),\n );\n\n return Result.err(message);\n }\n\n // null + allowNull: a relational comparison against a missing value\n // never matches.\n if (actual === null) {\n return Result.ok(false);\n }\n\n // Both operands must be numbers. A present but wrong-typed operand is a\n // context/configuration error, surfaced like the date path instead of\n // silently collapsing to \"no match\".\n if (typeof actual !== \"number\" || typeof node.value !== \"number\") {\n return this.reportInvalidNumericOperand(node, actual);\n }\n\n return Result.ok(this.evaluateOperator(actual, node.op, node.value));\n }\n\n private evaluateLeafNode(node: ConditionLeafNode): Result<boolean, string> {\n const actualResult = PolicyContextPath.getOrAbsent(\n this.context,\n node.field,\n );\n if (actualResult.isErr()) {\n this.options.reporter.warn(\n this.buildReport({\n level: \"warn\",\n tag: \"MISSING_CONTEXT_FIELD\",\n message: `MISSING_CONTEXT_FIELD: \"${node.field}\" not found in context`,\n details: { field: node.field, node },\n }),\n );\n\n return Result.err(\n `MISSING_CONTEXT_FIELD: \"${node.field}\" not found in context`,\n );\n }\n\n try {\n const actual = actualResult.getOrThrow();\n if (ConditionEvaluatorV1.isRelationalOperator(node.op)) {\n const dateResult = this.evaluateDateRelationalNode(\n node,\n actual,\n );\n if (dateResult !== null) {\n return dateResult;\n }\n\n return this.evaluateNumericRelationalNode(node, actual);\n }\n\n if (\n (node.op === \"in\" || node.op === \"notIn\") &&\n !Array.isArray(node.value)\n ) {\n return this.reportInvalidSetOperand(node, actual);\n }\n\n if (\n node.op === \"eq\" ||\n node.op === \"neq\" ||\n node.op === \"in\" ||\n node.op === \"notIn\"\n ) {\n // A Date operand would otherwise compare by reference and\n // silently never match. Normalize valid Dates (either side,\n // including set items) to their ISO string; an invalid Date is\n // a context/configuration error, like the relational path.\n if (\n ConditionEvaluatorV1.containsInvalidDate(actual) ||\n ConditionEvaluatorV1.containsInvalidDate(node.value)\n ) {\n return this.reportDateOperandError(node, actual);\n }\n\n return Result.ok(\n this.evaluateOperator(\n ConditionEvaluatorV1.normalizeDateOperand(actual),\n node.op,\n ConditionEvaluatorV1.normalizeDateOperand(node.value),\n ),\n );\n }\n\n return Result.ok(\n this.evaluateOperator(actual, node.op, node.value),\n );\n } catch (error) {\n return this.conditionEvalErr(node, error);\n }\n }\n\n private buildTrace(params: {\n readonly conditionPath: string;\n readonly decisiveNode: ConditionNode;\n readonly lastEvaluatedLeaf: ConditionLeafNode;\n readonly lastEvaluatedLeafPath: string;\n readonly lastEvaluatedLeafResult: boolean;\n }): ConditionEvaluationTrace {\n return {\n conditionPath: params.conditionPath,\n decisiveNode: params.decisiveNode,\n lastEvaluatedLeaf: params.lastEvaluatedLeaf,\n lastEvaluatedLeafPath: params.lastEvaluatedLeafPath,\n lastEvaluatedLeafResult: params.lastEvaluatedLeafResult,\n };\n }\n\n private evaluateWithTraceInternal(\n node: ConditionNode,\n path: string,\n ): Result<TracedConditionEvaluation, string> {\n if (ConditionEvaluatorV1.isLeafNode(node)) {\n const leafResult = this.evaluateLeafNode(node);\n if (leafResult.isErr()) {\n return Result.err(leafResult.errorOrNull()!);\n }\n\n const matched = leafResult.getOrNull()!;\n return Result.ok({\n matched,\n trace: this.buildTrace({\n conditionPath: path,\n decisiveNode: node,\n lastEvaluatedLeaf: node,\n lastEvaluatedLeafPath: path,\n lastEvaluatedLeafResult: matched,\n }),\n });\n }\n\n if (ConditionEvaluatorV1.isAndNode(node)) {\n if (node.and.length === 0) {\n return Result.err(\n ConditionEvaluatorV1.buildEmptyAndConditionMessage(),\n );\n }\n\n let lastTracedChild: TracedConditionEvaluation | null = null;\n\n for (const [index, child] of node.and.entries()) {\n const childPath = `${path}.and[${index}]`;\n const childResult = this.evaluateWithTraceInternal(\n child,\n childPath,\n );\n if (childResult.isErr()) {\n return Result.err(childResult.errorOrNull()!);\n }\n\n const tracedChild = childResult.getOrNull()!;\n lastTracedChild = tracedChild;\n if (!tracedChild.matched) {\n return Result.ok({\n matched: false,\n trace: this.buildTrace({\n conditionPath: childPath,\n decisiveNode: child,\n lastEvaluatedLeaf:\n tracedChild.trace.lastEvaluatedLeaf,\n lastEvaluatedLeafPath:\n tracedChild.trace.lastEvaluatedLeafPath,\n lastEvaluatedLeafResult:\n tracedChild.trace.lastEvaluatedLeafResult,\n }),\n });\n }\n }\n\n return Result.ok({\n matched: true,\n trace: lastTracedChild!.trace,\n });\n }\n\n if (ConditionEvaluatorV1.isOrNode(node)) {\n let lastTrace: ConditionEvaluationTrace | null = null;\n\n for (const [index, child] of node.or.entries()) {\n const childResult = this.evaluateWithTraceInternal(\n child,\n `${path}.or[${index}]`,\n );\n if (childResult.isErr()) {\n return Result.err(childResult.errorOrNull()!);\n }\n\n const tracedChild = childResult.getOrNull()!;\n lastTrace = tracedChild.trace;\n if (tracedChild.matched) {\n return Result.ok({\n matched: true,\n trace: tracedChild.trace,\n });\n }\n }\n\n if (lastTrace === null) {\n return Result.err(\n ConditionEvaluatorV1.buildEmptyOrConditionMessage(),\n );\n }\n\n return Result.ok({ matched: false, trace: lastTrace! });\n }\n\n if (ConditionEvaluatorV1.isNotNode(node)) {\n const childPath = `${path}.not`;\n const childResult = this.evaluateWithTraceInternal(\n node.not,\n childPath,\n );\n if (childResult.isErr()) {\n return Result.err(childResult.errorOrNull()!);\n }\n\n const tracedChild = childResult.getOrNull()!;\n return Result.ok({\n matched: !tracedChild.matched,\n trace: this.buildTrace({\n conditionPath: path,\n decisiveNode: node,\n lastEvaluatedLeaf: tracedChild.trace.lastEvaluatedLeaf,\n lastEvaluatedLeafPath:\n tracedChild.trace.lastEvaluatedLeafPath,\n lastEvaluatedLeafResult:\n tracedChild.trace.lastEvaluatedLeafResult,\n }),\n });\n }\n\n return this.conditionEvalErr(\n node,\n new TypeError(\"Invalid condition node shape\"),\n );\n }\n\n evaluate(node: ConditionNode): Result<boolean, string> {\n try {\n const result = this.evaluateWithTraceInternal(node, \"$\");\n if (result.isErr()) {\n return Result.err(result.errorOrNull()!);\n }\n\n return Result.ok(result.getOrNull()!.matched);\n } catch (error) {\n return this.conditionEvalErr(node, error);\n }\n }\n\n evaluateWithTrace(\n node: ConditionNode,\n ): Result<TracedConditionEvaluation, string> {\n try {\n return this.evaluateWithTraceInternal(node, \"$\");\n } catch (error) {\n return this.conditionEvalErr(node, error);\n }\n }\n\n static extractFields(node: ConditionNode): string[] {\n if (ConditionEvaluatorV1.isLeafNode(node)) {\n return [node.field];\n }\n\n if (ConditionEvaluatorV1.isAndNode(node)) {\n return node.and.flatMap((child) =>\n ConditionEvaluatorV1.extractFields(child),\n );\n }\n\n if (ConditionEvaluatorV1.isOrNode(node)) {\n return node.or.flatMap((child) =>\n ConditionEvaluatorV1.extractFields(child),\n );\n }\n\n if (ConditionEvaluatorV1.isNotNode(node)) {\n return ConditionEvaluatorV1.extractFields(node.not);\n }\n\n return [];\n }\n}\n"],"mappings":";;;AAEA,IAAa,uBAAb,MAA4D;CACxD,OAAO,QAAuD,CAAC;AACnE;;;ACWA,SAAS,aACL,gBACA,OACI;CACJ,IAAI;EACA,eAAe,OAAO,KAAK;CAC/B,QAAQ,CAER;AACJ;;;;;AAMA,IAAa,aAAb,MAAwB;CACpB;CACA;CAEA,YAAY,UAA6B,CAAC,GAAG;EACzC,MAAM,WACF,QAAQ,eAAe,YAAY,IAAI,qBAAqB;EAChE,KAAKA,mBAAmB;EACxB,KAAKC,mBAAmB;CAC5B;CAEA,UAAU,SAAkC;EACxC,MAAM,WAAW,QAAQ,eAAe;EACxC,IAAI,UACA,KAAKA,mBAAmB;EAE5B,OAAO;CACX;CAGA,QAAc;EACV,KAAKA,mBAAmB,KAAKD;EAC7B,OAAO;CACX;CAEA,oBAAoC;EAChC,OAAO,KAAKC;CAChB;CAEA,8BACI,eAC0B;EAC1B,OAAO;GACH,UAAU,KAAKC,2BAA2B,KAAKD,gBAAgB;GAC/D;EACJ;CACJ;CAEA,2BACI,gBAC0B;EAC1B,OAAO;GACH,KAAK,QAAQ;IACT,aAAa,gBAAgB;KACzB,MAAM;KACN,GAAG;IACP,CAAuB;GAC3B;GACA,MAAM,QAAQ;IACV,aAAa,gBAAgB;KACzB,MAAM;KACN,GAAG;IACP,CAAuB;GAC3B;EACJ;CACJ;AACJ;;;;;;;;;;;AC3EA,MAAa,aAAa,IAAI,WAAW,EACrC,eAAe,EAAE,UAAU,IAAI,qBAAqB,EAAE,EAC1D,CAAC;;;;;;;ACND,IAAa,oBAAb,MAAa,kBAAkB;;4BACkB,IAAI,IAAI;GACjD;GACA;GACA;EACJ,CAAC;;CAED,OAAe,QACX,KACA,MAOF;EACE,MAAM,iBAAiB,kBAAkB,cAAc,IAAI;EAC3D,IAAI,eAAe,MAAM,GACrB,OAAOE,eAAAA,OAAO,IAAI,eAAe,YAAY,CAAE;EAGnD,MAAM,WAAW,eAAe,UAAU;EAC1C,IAAI,UAAmB;EAEvB,KAAK,MAAM,WAAW,UAAU;GAC5B,IACI,YAAY,QACZ,YAAY,KAAA,KACZ,OAAO,YAAY,UAEnB,OAAOA,eAAAA,OAAO,GAAG;IAAE,OAAO;IAAO,OAAO,KAAA;GAAU,CAAC;GAGvD,MAAM,SAAS;GACf,IAAI,CAAC,OAAO,UAAU,eAAe,KAAK,QAAQ,OAAO,GACrD,OAAOA,eAAAA,OAAO,GAAG;IAAE,OAAO;IAAO,OAAO,KAAA;GAAU,CAAC;GAGvD,UAAU,OAAO;EACrB;EAEA,OAAOA,eAAAA,OAAO,GAAG;GAAE,OAAO;GAAM,OAAO;EAAQ,CAAC;CACpD;CAEA,OAAe,cACX,MACiC;EACjC,IAAI,KAAK,KAAK,EAAE,WAAW,GACvB,OAAOA,eAAAA,OAAO,IAAI,sBAAsB;EAG5C,MAAM,WAAW,KAAK,MAAM,GAAG;EAC/B,IAAI,SAAS,MAAM,YAAY,QAAQ,WAAW,CAAC,GAC/C,OAAOA,eAAAA,OAAO,IAAI,SAAS,KAAK,4BAA4B;EAGhE,MAAM,mBAAmB,SAAS,MAAM,YACpC,kBAAkB,mBAAmB,IAAI,OAAO,CACpD;EACA,IAAI,qBAAqB,KAAA,GACrB,OAAOA,eAAAA,OAAO,IACV,SAAS,KAAK,gCAAgC,iBAAiB,EACnE;EAGJ,OAAOA,eAAAA,OAAO,GAAG,QAAQ;CAC7B;CAEA,OAAe,cACX,OACgC;EAChC,IACI,OAAO,UAAU,YACjB,UAAU,QACV,MAAM,QAAQ,KAAK,GAEnB,OAAO;EAGX,MAAM,YAAY,OAAO,eAAe,KAAK;EAC7C,OAAO,cAAc,OAAO,aAAa,cAAc;CAC3D;CAEA,OAAO,YACH,KACA,MACyB;EACzB,MAAM,eAAe,kBAAkB,QAAQ,KAAK,IAAI;EACxD,IAAI,aAAa,MAAM,GACnB,OAAOA,eAAAA,OAAO,IAAI,QAAQ;EAG9B,MAAM,EAAE,OAAO,UAAU,aAAa,UAAU;EAChD,IAAI,CAAC,OACD,OAAOA,eAAAA,OAAO,IAAI,QAAQ;EAG9B,OAAOA,eAAAA,OAAO,GAAG,KAAK;CAC1B;CAEA,OAAO,IAAI,KAA8B,MAAuB;EAC5D,MAAM,eAAe,kBAAkB,QAAQ,KAAK,IAAI;EACxD,IAAI,aAAa,MAAM,GACnB,OAAO;EAGX,OAAO,aAAa,UAAU,EAAG;CACrC;CAEA,OAAO,IACH,KACA,MACA,OACoB;EACpB,MAAM,iBAAiB,kBAAkB,cAAc,IAAI;EAC3D,IAAI,eAAe,MAAM,GACrB,OAAOA,eAAAA,OAAO,IAAI,eAAe,YAAY,CAAE;EAGnD,MAAM,WAAW,eAAe,UAAU;EAC1C,IAAI,UAAmC;EAEvC,KAAK,IAAI,IAAI,GAAG,IAAI,SAAS,SAAS,GAAG,KAAK;GAC1C,MAAM,MAAM,SAAS;GACrB,MAAM,OAAO,QAAQ;GAErB,IAAI,SAAS,KAAA,GAAW;IACpB,MAAM,YAAY,OAAO,OAAO,IAAI;IAIpC,QAAQ,OAAO;IACf,UAAU;IACV;GACJ;GAEA,IAAI,CAAC,kBAAkB,cAAc,IAAI,GACrC,OAAOA,eAAAA,OAAO,IACV,8BAA8B,KAAK,aAAa,SAC3C,MAAM,GAAG,IAAI,CAAC,EACd,KAAK,GAAG,EAAE,sCACnB;GAGJ,UAAU;EACd;EAEA,QAAQ,SAAS,SAAS,SAAS,MAAM;EACzC,OAAOA,eAAAA,OAAO,GAAG,KAAA,CAAS;CAC9B;AACJ;;;AC5JA,IAAa,kBAAb,MAA6B;CACzB,OAAO,QAAQ,OAAsB;EACjC,OAAOC,wBAAAA,YAAY,KAAK;CAC5B;AACJ;;;ACeA,MAAM,4BAA4B;AAClC,MAAM,0CACF;AACJ,MAAM,uCAAuC;AAC7C,MAAM,2BAA2B;AACjC,MAAM,8BAA8B;AACpC,MAAM,0BAA0B;AAChC,MAAM,yBAAyB;AAC/B,MAAM,0BAA0B;AAChC,MAAM,4BACF;AAiBJ,IAAa,uBAAb,MAAa,qBAAqB;CAC9B,YACI,SACA,SACF;EAFmB,KAAA,UAAA;EACA,KAAA,UAAA;CAClB;CAEH,OAAe,WAAW,MAAgD;EACtE,OAAO,WAAW,QAAQ,QAAQ;CACtC;CAEA,OAAe,UAAU,MAA+C;EACpE,OAAO,SAAS;CACpB;CAEA,OAAe,SAAS,MAA8C;EAClE,OAAO,QAAQ;CACnB;CAEA,OAAe,UAAU,MAA+C;EACpE,OAAO,SAAS;CACpB;CAEA,OAAe,qBACX,IACwB;EACxB,OAAO,OAAO,QAAQ,OAAO,SAAS,OAAO,QAAQ,OAAO;CAChE;CAEA,OAAe,cAAc,OAG3B;EACE,IAAI,iBAAiB,OACjB,OAAO;GACH,MAAM,MAAM;GACZ,SAAS,MAAM;EACnB;EAGJ,OAAO;GACH,MAAM;GACN,SAAS,OAAO,KAAK;EACzB;CACJ;CAEA,OAAe,kCACX,MACA,QACM;EACN,MAAM,gBAAgB,WAAW,OAAO,SAAS;EAEjD,OAAO,GAAG,wCAAwC,KAAK,KAAK,MAAM,gBAAgB,cAAc,yBAAyB,KAAK,GAAG;CACrI;CAEA,OAAe,+BACX,MACA,QACM;EACN,MAAM,gBAAgB,WAAW,OAAO,SAAS;EAEjD,OAAO,GAAG,qCAAqC,KAAK,KAAK,MAAM,gBAAgB,cAAc,iCAAiC,KAAK,GAAG;CAC1I;CAEA,OAAe,+BACX,MACM;EACN,OAAO,GAAG,yBAAyB,KAAK,KAAK,MAAM,mBAAmB,KAAK,GAAG;CAClF;CAEA,OAAe,kCACX,MACM;EACN,OAAO,GAAG,4BAA4B,KAAK,KAAK,MAAM,mBAAmB,KAAK,GAAG;CACrF;CAEA,OAAe,8BACX,MACM;EACN,OAAO,GAAG,wBAAwB,KAAK,KAAK,MAAM,mBAAmB,KAAK,GAAG;CACjF;CAEA,OAAe,+BAAuC;EAClD,OAAO,GAAG,uBAAuB;CACrC;CAEA,OAAe,gCAAwC;EACnD,OAAO,GAAG,wBAAwB;CACtC;CAEA,OAAe,oBACX,OAC2B;EAC3B,IAAI,iBAAiB,MAAM;GACvB,IAAI,CAAC,gBAAgB,QAAQ,KAAK,GAC9B,OAAOC,eAAAA,OAAO,IAAI,uBAAuB;GAG7C,OAAOA,eAAAA,OAAO,GAAG,KAAK;EAC1B;EAEA,IACI,OAAO,UAAU,YACjB,CAAC,0BAA0B,KAAK,KAAK,GAErC,OAAO;EAGX,MAAM,SAAS,IAAI,KAAK,KAAK;EAC7B,IACI,CAAC,gBAAgB,QAAQ,MAAM,KAC/B,OAAO,YAAY,MAAM,OAEzB,OAAOA,eAAAA,OAAO,IAAI,kCAAkC;EAGxD,OAAOA,eAAAA,OAAO,GAAG,MAAM;CAC3B;CAEA,OAAe,0BACX,QACA,IACA,UACO;EACP,QAAQ,IAAR;GACI,KAAK,MACD,OAAO,SAAS;GACpB,KAAK,OACD,OAAO,UAAU;GACrB,KAAK,MACD,OAAO,SAAS;GACpB,KAAK,OACD,OAAO,UAAU;EACzB;CACJ;CAEA,YAAoB,QAKU;EAC1B,OAAO;GACH,4BAAY,IAAI,KAAK;GACrB,OAAO,OAAO;GACd,KAAK,OAAO;GACZ,SAAS,OAAO;GAChB,eAAe,KAAK,QAAQ;GAC5B,SAAS,OAAO;EACpB;CACJ;CAEA,iBACI,MACA,OACsB;EACtB,MAAM,QAAQ,qBAAqB,cAAc,KAAK;EACtD,MAAM,UAAU,GAAG,0BAA0B,IAAI,MAAM,KAAK,IAAI,MAAM;EAEtE,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;GACb,OAAO;GACP,KAAK;GACL;GACA,SAAS;IAAE;IAAM;GAAM;EAC3B,CAAC,CACL;EAEA,OAAOA,eAAAA,OAAO,IAAI,OAAO;CAC7B;CAEA,OAAe,oBAAoB,OAAyB;EACxD,IAAI,iBAAiB,MACjB,OAAO,CAAC,gBAAgB,QAAQ,KAAK;EAEzC,IAAI,MAAM,QAAQ,KAAK,GACnB,OAAO,MAAM,MAAM,SACf,qBAAqB,oBAAoB,IAAI,CACjD;EAEJ,OAAO;CACX;CAIA,OAAe,qBAAqB,OAAyB;EACzD,IAAI,iBAAiB,MACjB,OAAO,MAAM,YAAY;EAE7B,IAAI,MAAM,QAAQ,KAAK,GACnB,OAAO,MAAM,KAAK,SACd,qBAAqB,qBAAqB,IAAI,CAClD;EAEJ,OAAO;CACX;CAEA,uBACI,MACA,QACuB;EACvB,MAAM,UACF,qBAAqB,+BAA+B,IAAI;EAE5D,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;GACb,OAAO;GACP,KAAK;GACL;GACA,SAAS;IACL,OAAO,KAAK;IACZ,IAAI,KAAK;IACT;IACA,UAAU,KAAK;IACf;GACJ;EACJ,CAAC,CACL;EAEA,OAAOA,eAAAA,OAAO,IAAI,OAAO;CAC7B;CAEA,4BACI,MACA,QACuB;EACvB,MAAM,UACF,qBAAqB,kCAAkC,IAAI;EAE/D,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;GACb,OAAO;GACP,KAAK;GACL;GACA,SAAS;IACL,OAAO,KAAK;IACZ,IAAI,KAAK;IACT;IACA,UAAU,KAAK;IACf;GACJ;EACJ,CAAC,CACL;EAEA,OAAOA,eAAAA,OAAO,IAAI,OAAO;CAC7B;CAEA,wBACI,MACA,QACuB;EACvB,MAAM,UACF,qBAAqB,8BAA8B,IAAI;EAE3D,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;GACb,OAAO;GACP,KAAK;GACL;GACA,SAAS;IACL,OAAO,KAAK;IACZ,IAAI,KAAK;IACT;IACA,UAAU,KAAK;IACf;GACJ;EACJ,CAAC,CACL;EAEA,OAAOA,eAAAA,OAAO,IAAI,OAAO;CAC7B;CAEA,2BACI,MACA,QAC8B;EAC9B,IAAI,CAAC,qBAAqB,qBAAqB,KAAK,EAAE,GAClD,OAAO;EAGX,MAAM,mBACF,qBAAqB,oBAAoB,MAAM;EACnD,MAAM,qBAAqB,qBAAqB,oBAC5C,KAAK,KACT;EAEA,IAAI,qBAAqB,QAAQ,uBAAuB,MACpD,OAAO;EAGX,MAAM,aAAa,KAAK,cAAc;EAEtC,IAAI,WAAW,MAAM;GACjB,IAAI,YACA,OAAOA,eAAAA,OAAO,GAAG,KAAK;GAG1B,MAAM,UAAU,qBAAqB,+BACjC,MACA,MACJ;GACA,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;IACb,OAAO;IACP,KAAK;IACL;IACA,SAAS;KACL,OAAO,KAAK;KACZ,IAAI,KAAK;KACT;KACA,UAAU,KAAK;KACf,WAAW;KACX;IACJ;GACJ,CAAC,CACL;GAEA,OAAOA,eAAAA,OAAO,IAAI,OAAO;EAC7B;EAEA,IAAI,WAAW,KAAA,GAAW;GACtB,MAAM,UAAU,qBAAqB,+BACjC,MACA,MACJ;GACA,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;IACb,OAAO;IACP,KAAK;IACL;IACA,SAAS;KACL,OAAO,KAAK;KACZ,IAAI,KAAK;KACT;KACA,UAAU,KAAK;KACf,WAAW;KACX;IACJ;GACJ,CAAC,CACL;GAEA,OAAOA,eAAAA,OAAO,IAAI,OAAO;EAC7B;EAEA,IACI,qBAAqB,QACrB,iBAAiB,MAAM,KACvB,uBAAuB,QACvB,mBAAmB,MAAM,GAEzB,OAAO,KAAK,uBAAuB,MAAM,MAAM;EAGnD,OAAOA,eAAAA,OAAO,GACV,qBAAqB,0BACjB,iBAAiB,UAAU,EAAG,QAAQ,GACtC,KAAK,IACL,mBAAmB,UAAU,EAAG,QAAQ,CAC5C,CACJ;CACJ;CAEA,iBACI,QACA,IACA,UACO;EACP,QAAQ,IAAR;GACI,KAAK,MACD,OAAO,WAAW;GACtB,KAAK,OACD,OAAO,WAAW;GACtB,KAAK,MACD,OACI,OAAO,WAAW,YAClB,OAAO,aAAa,YACpB,qBAAqB,0BACjB,QACA,IACA,QACJ;GAER,KAAK,OACD,OACI,OAAO,WAAW,YAClB,OAAO,aAAa,YACpB,qBAAqB,0BACjB,QACA,IACA,QACJ;GAER,KAAK,MACD,OACI,OAAO,WAAW,YAClB,OAAO,aAAa,YACpB,qBAAqB,0BACjB,QACA,IACA,QACJ;GAER,KAAK,OACD,OACI,OAAO,WAAW,YAClB,OAAO,aAAa,YACpB,qBAAqB,0BACjB,QACA,IACA,QACJ;GAER,KAAK,MACD,OAAO,MAAM,QAAQ,QAAQ,KAAK,SAAS,SAAS,MAAM;GAC9D,KAAK,SACD,OAAO,MAAM,QAAQ,QAAQ,KAAK,CAAC,SAAS,SAAS,MAAM;GAC/D,KAAK,UACD,OAAO,WAAW;GACtB,KAAK,aACD,OAAO,WAAW,QAAQ,WAAW,KAAA;EAC7C;CACJ;CAEA,8BACI,MACA,QACuB;EACvB,MAAM,aAAa,KAAK,cAAc;EACtC,IAAI,WAAW,KAAA,KAAc,WAAW,QAAQ,CAAC,YAAa;GAC1D,MAAM,UACF,qBAAqB,kCACjB,MACA,MACJ;GAEJ,KAAK,QAAQ,SAAS,MAClB,KAAK,YAAY;IACb,OAAO;IACP,KAAK;IACL;IACA,SAAS;KACL,OAAO,KAAK;KACZ,IAAI,KAAK;KACT;KACA,UAAU,KAAK;KACf,WAAW;KACX;IACJ;GACJ,CAAC,CACL;GAEA,OAAOA,eAAAA,OAAO,IAAI,OAAO;EAC7B;EAIA,IAAI,WAAW,MACX,OAAOA,eAAAA,OAAO,GAAG,KAAK;EAM1B,IAAI,OAAO,WAAW,YAAY,OAAO,KAAK,UAAU,UACpD,OAAO,KAAK,4BAA4B,MAAM,MAAM;EAGxD,OAAOA,eAAAA,OAAO,GAAG,KAAK,iBAAiB,QAAQ,KAAK,IAAI,KAAK,KAAK,CAAC;CACvE;CAEA,iBAAyB,MAAkD;EACvE,MAAM,eAAe,kBAAkB,YACnC,KAAK,SACL,KAAK,KACT;EACA,IAAI,aAAa,MAAM,GAAG;GACtB,KAAK,QAAQ,SAAS,KAClB,KAAK,YAAY;IACb,OAAO;IACP,KAAK;IACL,SAAS,2BAA2B,KAAK,MAAM;IAC/C,SAAS;KAAE,OAAO,KAAK;KAAO;IAAK;GACvC,CAAC,CACL;GAEA,OAAOA,eAAAA,OAAO,IACV,2BAA2B,KAAK,MAAM,uBAC1C;EACJ;EAEA,IAAI;GACA,MAAM,SAAS,aAAa,WAAW;GACvC,IAAI,qBAAqB,qBAAqB,KAAK,EAAE,GAAG;IACpD,MAAM,aAAa,KAAK,2BACpB,MACA,MACJ;IACA,IAAI,eAAe,MACf,OAAO;IAGX,OAAO,KAAK,8BAA8B,MAAM,MAAM;GAC1D;GAEA,KACK,KAAK,OAAO,QAAQ,KAAK,OAAO,YACjC,CAAC,MAAM,QAAQ,KAAK,KAAK,GAEzB,OAAO,KAAK,wBAAwB,MAAM,MAAM;GAGpD,IACI,KAAK,OAAO,QACZ,KAAK,OAAO,SACZ,KAAK,OAAO,QACZ,KAAK,OAAO,SACd;IAKE,IACI,qBAAqB,oBAAoB,MAAM,KAC/C,qBAAqB,oBAAoB,KAAK,KAAK,GAEnD,OAAO,KAAK,uBAAuB,MAAM,MAAM;IAGnD,OAAOA,eAAAA,OAAO,GACV,KAAK,iBACD,qBAAqB,qBAAqB,MAAM,GAChD,KAAK,IACL,qBAAqB,qBAAqB,KAAK,KAAK,CACxD,CACJ;GACJ;GAEA,OAAOA,eAAAA,OAAO,GACV,KAAK,iBAAiB,QAAQ,KAAK,IAAI,KAAK,KAAK,CACrD;EACJ,SAAS,OAAO;GACZ,OAAO,KAAK,iBAAiB,MAAM,KAAK;EAC5C;CACJ;CAEA,WAAmB,QAMU;EACzB,OAAO;GACH,eAAe,OAAO;GACtB,cAAc,OAAO;GACrB,mBAAmB,OAAO;GAC1B,uBAAuB,OAAO;GAC9B,yBAAyB,OAAO;EACpC;CACJ;CAEA,0BACI,MACA,MACyC;EACzC,IAAI,qBAAqB,WAAW,IAAI,GAAG;GACvC,MAAM,aAAa,KAAK,iBAAiB,IAAI;GAC7C,IAAI,WAAW,MAAM,GACjB,OAAOA,eAAAA,OAAO,IAAI,WAAW,YAAY,CAAE;GAG/C,MAAM,UAAU,WAAW,UAAU;GACrC,OAAOA,eAAAA,OAAO,GAAG;IACb;IACA,OAAO,KAAK,WAAW;KACnB,eAAe;KACf,cAAc;KACd,mBAAmB;KACnB,uBAAuB;KACvB,yBAAyB;IAC7B,CAAC;GACL,CAAC;EACL;EAEA,IAAI,qBAAqB,UAAU,IAAI,GAAG;GACtC,IAAI,KAAK,IAAI,WAAW,GACpB,OAAOA,eAAAA,OAAO,IACV,qBAAqB,8BAA8B,CACvD;GAGJ,IAAI,kBAAoD;GAExD,KAAK,MAAM,CAAC,OAAO,UAAU,KAAK,IAAI,QAAQ,GAAG;IAC7C,MAAM,YAAY,GAAG,KAAK,OAAO,MAAM;IACvC,MAAM,cAAc,KAAK,0BACrB,OACA,SACJ;IACA,IAAI,YAAY,MAAM,GAClB,OAAOA,eAAAA,OAAO,IAAI,YAAY,YAAY,CAAE;IAGhD,MAAM,cAAc,YAAY,UAAU;IAC1C,kBAAkB;IAClB,IAAI,CAAC,YAAY,SACb,OAAOA,eAAAA,OAAO,GAAG;KACb,SAAS;KACT,OAAO,KAAK,WAAW;MACnB,eAAe;MACf,cAAc;MACd,mBACI,YAAY,MAAM;MACtB,uBACI,YAAY,MAAM;MACtB,yBACI,YAAY,MAAM;KAC1B,CAAC;IACL,CAAC;GAET;GAEA,OAAOA,eAAAA,OAAO,GAAG;IACb,SAAS;IACT,OAAO,gBAAiB;GAC5B,CAAC;EACL;EAEA,IAAI,qBAAqB,SAAS,IAAI,GAAG;GACrC,IAAI,YAA6C;GAEjD,KAAK,MAAM,CAAC,OAAO,UAAU,KAAK,GAAG,QAAQ,GAAG;IAC5C,MAAM,cAAc,KAAK,0BACrB,OACA,GAAG,KAAK,MAAM,MAAM,EACxB;IACA,IAAI,YAAY,MAAM,GAClB,OAAOA,eAAAA,OAAO,IAAI,YAAY,YAAY,CAAE;IAGhD,MAAM,cAAc,YAAY,UAAU;IAC1C,YAAY,YAAY;IACxB,IAAI,YAAY,SACZ,OAAOA,eAAAA,OAAO,GAAG;KACb,SAAS;KACT,OAAO,YAAY;IACvB,CAAC;GAET;GAEA,IAAI,cAAc,MACd,OAAOA,eAAAA,OAAO,IACV,qBAAqB,6BAA6B,CACtD;GAGJ,OAAOA,eAAAA,OAAO,GAAG;IAAE,SAAS;IAAO,OAAO;GAAW,CAAC;EAC1D;EAEA,IAAI,qBAAqB,UAAU,IAAI,GAAG;GACtC,MAAM,YAAY,GAAG,KAAK;GAC1B,MAAM,cAAc,KAAK,0BACrB,KAAK,KACL,SACJ;GACA,IAAI,YAAY,MAAM,GAClB,OAAOA,eAAAA,OAAO,IAAI,YAAY,YAAY,CAAE;GAGhD,MAAM,cAAc,YAAY,UAAU;GAC1C,OAAOA,eAAAA,OAAO,GAAG;IACb,SAAS,CAAC,YAAY;IACtB,OAAO,KAAK,WAAW;KACnB,eAAe;KACf,cAAc;KACd,mBAAmB,YAAY,MAAM;KACrC,uBACI,YAAY,MAAM;KACtB,yBACI,YAAY,MAAM;IAC1B,CAAC;GACL,CAAC;EACL;EAEA,OAAO,KAAK,iBACR,sBACA,IAAI,UAAU,8BAA8B,CAChD;CACJ;CAEA,SAAS,MAA8C;EACnD,IAAI;GACA,MAAM,SAAS,KAAK,0BAA0B,MAAM,GAAG;GACvD,IAAI,OAAO,MAAM,GACb,OAAOA,eAAAA,OAAO,IAAI,OAAO,YAAY,CAAE;GAG3C,OAAOA,eAAAA,OAAO,GAAG,OAAO,UAAU,EAAG,OAAO;EAChD,SAAS,OAAO;GACZ,OAAO,KAAK,iBAAiB,MAAM,KAAK;EAC5C;CACJ;CAEA,kBACI,MACyC;EACzC,IAAI;GACA,OAAO,KAAK,0BAA0B,MAAM,GAAG;EACnD,SAAS,OAAO;GACZ,OAAO,KAAK,iBAAiB,MAAM,KAAK;EAC5C;CACJ;CAEA,OAAO,cAAc,MAA+B;EAChD,IAAI,qBAAqB,WAAW,IAAI,GACpC,OAAO,CAAC,KAAK,KAAK;EAGtB,IAAI,qBAAqB,UAAU,IAAI,GACnC,OAAO,KAAK,IAAI,SAAS,UACrB,qBAAqB,cAAc,KAAK,CAC5C;EAGJ,IAAI,qBAAqB,SAAS,IAAI,GAClC,OAAO,KAAK,GAAG,SAAS,UACpB,qBAAqB,cAAc,KAAK,CAC5C;EAGJ,IAAI,qBAAqB,UAAU,IAAI,GACnC,OAAO,qBAAqB,cAAc,KAAK,GAAG;EAGtD,OAAO,CAAC;CACZ;AACJ"}
@@ -264,6 +264,16 @@ var ConditionEvaluatorV1 = class ConditionEvaluatorV1 {
264
264
  }));
265
265
  return Result.err(message);
266
266
  }
267
+ static containsInvalidDate(value) {
268
+ if (value instanceof Date) return !PolicyDateUtils.isValid(value);
269
+ if (Array.isArray(value)) return value.some((item) => ConditionEvaluatorV1.containsInvalidDate(item));
270
+ return false;
271
+ }
272
+ static normalizeDateOperand(value) {
273
+ if (value instanceof Date) return value.toISOString();
274
+ if (Array.isArray(value)) return value.map((item) => ConditionEvaluatorV1.normalizeDateOperand(item));
275
+ return value;
276
+ }
267
277
  reportDateOperandError(node, actual) {
268
278
  const message = ConditionEvaluatorV1.buildInvalidDateOperandMessage(node);
269
279
  this.options.reporter.error(this.buildReport({
@@ -415,6 +425,10 @@ var ConditionEvaluatorV1 = class ConditionEvaluatorV1 {
415
425
  return this.evaluateNumericRelationalNode(node, actual);
416
426
  }
417
427
  if ((node.op === "in" || node.op === "notIn") && !Array.isArray(node.value)) return this.reportInvalidSetOperand(node, actual);
428
+ if (node.op === "eq" || node.op === "neq" || node.op === "in" || node.op === "notIn") {
429
+ if (ConditionEvaluatorV1.containsInvalidDate(actual) || ConditionEvaluatorV1.containsInvalidDate(node.value)) return this.reportDateOperandError(node, actual);
430
+ return Result.ok(this.evaluateOperator(ConditionEvaluatorV1.normalizeDateOperand(actual), node.op, ConditionEvaluatorV1.normalizeDateOperand(node.value)));
431
+ }
418
432
  return Result.ok(this.evaluateOperator(actual, node.op, node.value));
419
433
  } catch (error) {
420
434
  return this.conditionEvalErr(node, error);