@cullet/erp-core 1.4.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/KIT_CONTEXT.md +7 -1
- package/dist/abac/index.d.cts +2 -2
- package/dist/abac/index.d.ts +2 -2
- package/dist/aggregate-version.cjs +14 -0
- package/dist/aggregate-version.cjs.map +1 -0
- package/dist/aggregate-version.js +9 -0
- package/dist/aggregate-version.js.map +1 -0
- package/dist/app-error.cjs +21 -6
- package/dist/app-error.cjs.map +1 -1
- package/dist/app-error.js +21 -6
- package/dist/app-error.js.map +1 -1
- package/dist/application/index.cjs +8 -4
- package/dist/application/index.d.cts +2 -2
- package/dist/application/index.d.ts +2 -2
- package/dist/application/index.js +1 -2
- package/dist/authorization-error.cjs +67 -17
- package/dist/authorization-error.cjs.map +1 -1
- package/dist/authorization-error.d.cts +6 -2
- package/dist/authorization-error.d.ts +6 -2
- package/dist/authorization-error.js +50 -18
- package/dist/authorization-error.js.map +1 -1
- package/dist/authorizer.port.d.cts +18 -3
- package/dist/authorizer.port.d.ts +18 -3
- package/dist/composite-authorizer.d.cts +63 -10
- package/dist/composite-authorizer.d.ts +63 -10
- package/dist/condition-evaluator.cjs +117 -172
- package/dist/condition-evaluator.cjs.map +1 -1
- package/dist/condition-evaluator.js +118 -167
- package/dist/condition-evaluator.js.map +1 -1
- package/dist/core-config.d.cts +53 -6
- package/dist/core-config.d.ts +53 -6
- package/dist/decorate.cjs +14 -0
- package/dist/decorate.js +9 -0
- package/dist/domain/index.cjs +107 -2
- package/dist/domain/index.cjs.map +1 -0
- package/dist/domain/index.d.cts +25 -1
- package/dist/domain/index.d.ts +25 -1
- package/dist/domain/index.js +99 -3
- package/dist/domain/index.js.map +1 -0
- package/dist/domain-event-contracts.cjs +12 -8
- package/dist/domain-event-contracts.cjs.map +1 -1
- package/dist/domain-event-contracts.d.cts +29 -4
- package/dist/domain-event-contracts.d.ts +29 -4
- package/dist/domain-event-contracts.js +11 -7
- package/dist/domain-event-contracts.js.map +1 -1
- package/dist/domain-exception.cjs +2 -1
- package/dist/domain-exception.cjs.map +1 -1
- package/dist/domain-exception.js +2 -1
- package/dist/domain-exception.js.map +1 -1
- package/dist/errors/index.cjs +3 -2
- package/dist/errors/index.d.cts +1 -1
- package/dist/errors/index.d.ts +1 -1
- package/dist/errors/index.js +3 -2
- package/dist/exceptions/index.cjs +2 -2
- package/dist/exceptions/index.d.cts +1 -2
- package/dist/exceptions/index.d.ts +1 -2
- package/dist/exceptions/index.js +2 -2
- package/dist/gate-engine-registry.cjs.map +1 -1
- package/dist/gate-engine-registry.d.cts +1 -1
- package/dist/gate-engine-registry.d.ts +1 -1
- package/dist/gate-engine-registry.js.map +1 -1
- package/dist/gate-v1-payload.schema.cjs +11 -6
- package/dist/gate-v1-payload.schema.cjs.map +1 -1
- package/dist/gate-v1-payload.schema.js +11 -6
- package/dist/gate-v1-payload.schema.js.map +1 -1
- package/dist/hashing.cjs +2 -44
- package/dist/hashing.cjs.map +1 -1
- package/dist/hashing.js +3 -39
- package/dist/hashing.js.map +1 -1
- package/dist/immutable.cjs +25 -12
- package/dist/immutable.cjs.map +1 -1
- package/dist/immutable.js +24 -11
- package/dist/immutable.js.map +1 -1
- package/dist/index.cjs +15 -11
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +9 -10
- package/dist/index.d.ts +9 -10
- package/dist/index.js +8 -9
- package/dist/index.js.map +1 -1
- package/dist/invalid-state-transition-exception.cjs +6 -6
- package/dist/invalid-state-transition-exception.cjs.map +1 -1
- package/dist/invalid-state-transition-exception.js +6 -6
- package/dist/invalid-state-transition-exception.js.map +1 -1
- package/dist/invariant-violation-exception.cjs +2 -2
- package/dist/invariant-violation-exception.cjs.map +1 -1
- package/dist/invariant-violation-exception.js +2 -2
- package/dist/invariant-violation-exception.js.map +1 -1
- package/dist/not-found-error.cjs +6 -4
- package/dist/not-found-error.cjs.map +1 -1
- package/dist/not-found-error.js +6 -4
- package/dist/not-found-error.js.map +1 -1
- package/dist/outcome.cjs +5 -5
- package/dist/outcome.cjs.map +1 -1
- package/dist/outcome.js +5 -5
- package/dist/outcome.js.map +1 -1
- package/dist/parse-gate-payload.d.cts +1 -1
- package/dist/parse-gate-payload.d.ts +1 -1
- package/dist/path.d.cts +2 -2
- package/dist/path.d.ts +2 -2
- package/dist/plugin.cjs +23 -13
- package/dist/plugin.cjs.map +1 -1
- package/dist/plugin.d.cts +22 -8
- package/dist/plugin.d.ts +22 -8
- package/dist/plugin.js +23 -13
- package/dist/plugin.js.map +1 -1
- package/dist/policies/engines/index.d.cts +1 -1
- package/dist/policies/engines/index.d.ts +1 -1
- package/dist/policies/engines/v1/gate/index.d.cts +3 -13
- package/dist/policies/engines/v1/gate/index.d.ts +3 -13
- package/dist/policies/index.d.cts +1 -1
- package/dist/policies/index.d.ts +1 -1
- package/dist/policy-bridge.cjs +30 -2
- package/dist/policy-bridge.cjs.map +1 -1
- package/dist/policy-bridge.d.cts +18 -0
- package/dist/policy-bridge.d.ts +18 -0
- package/dist/policy-bridge.js +30 -2
- package/dist/policy-bridge.js.map +1 -1
- package/dist/policy-service.cjs +41 -46
- package/dist/policy-service.cjs.map +1 -1
- package/dist/policy-service.d.cts +72 -9
- package/dist/policy-service.d.ts +72 -9
- package/dist/policy-service.js +43 -48
- package/dist/policy-service.js.map +1 -1
- package/dist/requested-by.cjs +4 -4
- package/dist/requested-by.cjs.map +1 -1
- package/dist/requested-by.js +2 -2
- package/dist/requested-by.js.map +1 -1
- package/dist/result.cjs +29 -1
- package/dist/result.cjs.map +1 -1
- package/dist/result.d.cts +12 -0
- package/dist/result.d.ts +12 -0
- package/dist/result.js +29 -1
- package/dist/result.js.map +1 -1
- package/dist/rule.cjs +94 -24
- package/dist/rule.cjs.map +1 -1
- package/dist/rule.js +94 -24
- package/dist/rule.js.map +1 -1
- package/dist/ruleset-registry.cjs +19 -0
- package/dist/ruleset-registry.cjs.map +1 -1
- package/dist/ruleset-registry.js +19 -0
- package/dist/ruleset-registry.js.map +1 -1
- package/dist/stable-stringify.cjs +87 -0
- package/dist/stable-stringify.cjs.map +1 -0
- package/dist/stable-stringify.js +76 -0
- package/dist/stable-stringify.js.map +1 -0
- package/dist/temporal-snapshot.d.cts +87 -0
- package/dist/temporal-snapshot.d.ts +87 -0
- package/dist/temporal-use-case.cjs +174 -16
- package/dist/temporal-use-case.cjs.map +1 -1
- package/dist/temporal-use-case.d.cts +82 -44
- package/dist/temporal-use-case.d.ts +82 -44
- package/dist/temporal-use-case.js +167 -15
- package/dist/temporal-use-case.js.map +1 -1
- package/dist/unexpected-error.cjs +4 -2
- package/dist/unexpected-error.cjs.map +1 -1
- package/dist/unexpected-error.js +4 -2
- package/dist/unexpected-error.js.map +1 -1
- package/dist/uuid-identifier.cjs +141 -8
- package/dist/uuid-identifier.cjs.map +1 -1
- package/dist/uuid-identifier.d.cts +26 -7
- package/dist/uuid-identifier.d.ts +26 -7
- package/dist/uuid-identifier.js +135 -8
- package/dist/uuid-identifier.js.map +1 -1
- package/dist/uuid.cjs +23 -0
- package/dist/uuid.cjs.map +1 -0
- package/dist/uuid.js +18 -0
- package/dist/uuid.js.map +1 -0
- package/dist/validation-code.cjs +9 -0
- package/dist/validation-code.cjs.map +1 -1
- package/dist/validation-code.d.cts +3 -0
- package/dist/validation-code.d.ts +3 -0
- package/dist/validation-code.js +9 -0
- package/dist/validation-code.js.map +1 -1
- package/dist/validation-error.cjs +42 -67
- package/dist/validation-error.cjs.map +1 -1
- package/dist/validation-error.d.cts +29 -8
- package/dist/validation-error.d.ts +29 -8
- package/dist/validation-error.js +41 -66
- package/dist/validation-error.js.map +1 -1
- package/dist/validation-exception.cjs +17 -6
- package/dist/validation-exception.cjs.map +1 -1
- package/dist/validation-exception.d.cts +33 -9
- package/dist/validation-exception.d.ts +33 -9
- package/dist/validation-exception.js +17 -6
- package/dist/validation-exception.js.map +1 -1
- package/dist/validation-field.cjs +3 -0
- package/dist/validation-field.cjs.map +1 -1
- package/dist/validation-field.d.cts +1 -0
- package/dist/validation-field.d.ts +1 -0
- package/dist/validation-field.js +3 -0
- package/dist/validation-field.js.map +1 -1
- package/dist/value-object-ruleset.contracts.d.cts +10 -0
- package/dist/value-object-ruleset.contracts.d.ts +10 -0
- package/dist/value-object.cjs +23 -4
- package/dist/value-object.cjs.map +1 -1
- package/dist/value-object.d.cts +25 -1
- package/dist/value-object.d.ts +25 -1
- package/dist/value-object.js +23 -4
- package/dist/value-object.js.map +1 -1
- package/dist/version.d.cts +27 -0
- package/dist/version.d.ts +27 -0
- package/dist/versioning/index.d.cts +2 -2
- package/dist/versioning/index.d.ts +2 -2
- package/meta.json +5 -2
- package/package.json +1 -1
- package/src/core/abac/authorizer.ts +60 -10
- package/src/core/abac/domain/policy-set.ts +52 -5
- package/src/core/abac/domain/rule.ts +28 -16
- package/src/core/abac/index.ts +7 -1
- package/src/core/application/commands/command.ts +14 -1
- package/src/core/application/commands/requested-by.ts +13 -5
- package/src/core/application/index.ts +2 -1
- package/src/core/application/policy-error-mapper.ts +6 -0
- package/src/core/application/ports/index.ts +7 -0
- package/src/core/application/ports/temporal-repository.port.ts +35 -2
- package/src/core/application/queries/index.ts +1 -1
- package/src/core/application/queries/query.ts +25 -3
- package/src/core/application/temporal/temporal-use-case.ts +31 -4
- package/src/core/application/use-case.ts +45 -8
- package/src/core/config/core-config.ts +46 -25
- package/src/core/config/index.ts +1 -0
- package/src/core/config/policy-reporter.ts +32 -1
- package/src/core/domain/entity.ts +51 -8
- package/src/core/domain/rulesets/entity-ruleset.contracts.ts +0 -2
- package/src/core/domain/rulesets/ruleset-registry.ts +24 -0
- package/src/core/domain/rulesets/value-object-ruleset.contracts.ts +1 -7
- package/src/core/domain/temporal/half-open-interval.ts +34 -0
- package/src/core/domain/temporal/temporal-snapshot.ts +13 -2
- package/src/core/domain/temporal/transaction-time.ts +19 -15
- package/src/core/domain/temporal/valid-time.ts +20 -15
- package/src/core/domain/uuid-identifier.ts +6 -11
- package/src/core/domain/value-object.ts +29 -3
- package/src/core/errors/authentication-error.ts +5 -31
- package/src/core/errors/authorization-error.ts +12 -20
- package/src/core/errors/business-rule-violation-error.ts +4 -1
- package/src/core/errors/idempotency-error.ts +5 -2
- package/src/core/errors/index.ts +4 -0
- package/src/core/errors/integration-error.ts +4 -24
- package/src/core/errors/legacy-incompatible-error.ts +1 -0
- package/src/core/errors/not-found-error.ts +4 -1
- package/src/core/errors/temporal-error.ts +22 -20
- package/src/core/errors/unexpected-error.ts +5 -1
- package/src/core/errors/utils/factory-helpers.ts +70 -0
- package/src/core/errors/utils/index.ts +5 -0
- package/src/core/errors/utils/json-safe.ts +35 -12
- package/src/core/errors/validation-error.ts +4 -1
- package/src/core/exceptions/business-rule-violation-exception.ts +2 -1
- package/src/core/exceptions/domain-exception.ts +9 -1
- package/src/core/exceptions/entity-not-found-exception.ts +5 -1
- package/src/core/exceptions/invalid-state-transition-exception.ts +5 -2
- package/src/core/exceptions/invariant-violation-exception.ts +2 -2
- package/src/core/exceptions/validation-code.ts +14 -0
- package/src/core/exceptions/validation-exception.ts +44 -5
- package/src/core/exceptions/validation-field.ts +11 -1
- package/src/core/plugins/plugin.ts +25 -15
- package/src/core/plugins/types.ts +4 -2
- package/src/core/policies/asof/asof.ts +12 -0
- package/src/core/policies/catalog/policy-catalog-entry.ts +3 -1
- package/src/core/policies/catalog/policy-catalog.ts +5 -1
- package/src/core/policies/context/context-builder.ts +20 -0
- package/src/core/policies/context/context-resolver.ts +5 -0
- package/src/core/policies/context/context-seed.ts +11 -0
- package/src/core/policies/defs/in-memory-policy-definition-repo.ts +0 -2
- package/src/core/policies/engines/parse-gate-payload.ts +9 -0
- package/src/core/policies/engines/v1/condition-date-operands.ts +112 -0
- package/src/core/policies/engines/v1/condition-evaluator.ts +120 -291
- package/src/core/policies/engines/v1/condition-schema.ts +23 -19
- package/src/core/policies/engines/v1/condition-types.ts +18 -11
- package/src/core/policies/index.ts +4 -6
- package/src/core/policies/service/policy-service.ts +46 -35
- package/src/core/policies/utils/hash.ts +5 -69
- package/src/core/policies/utils/result.ts +1 -1
- package/src/core/rbac/access-request.ts +12 -2
- package/src/core/rbac/authorizer.ts +8 -1
- package/src/core/rbac/domain/role.ts +20 -0
- package/src/core/rbac/domain/scope.ts +6 -1
- package/src/core/result/index.ts +5 -0
- package/src/core/result/outcome.ts +5 -7
- package/src/core/result/result.ts +34 -1
- package/src/core/shared/hashing.ts +6 -57
- package/src/core/shared/immutable.ts +22 -4
- package/src/core/shared/stable-stringify.ts +144 -0
- package/src/core/shared/uuid.ts +16 -0
- package/src/core/versioning/domain-event-contracts.ts +43 -15
- package/src/core/versioning/index.ts +1 -0
- package/src/core/versioning/version.ts +30 -1
- package/src/domain/index.ts +5 -0
- package/src/examples/rulesets/entity/order-creation-rules-v1.ts +1 -1
- package/src/examples/rulesets/entity/order-invariants-v1.ts +2 -4
- package/src/examples/rulesets/entity/order-invariants-v2.ts +2 -4
- package/src/examples/rulesets/value-object/cpf-rules-v1.ts +2 -4
- package/src/examples/rulesets/value-object/cpf-rules-v2.ts +2 -4
- package/src/examples/rulesets/value-object/person-name-rules-v1.ts +2 -4
- package/src/examples/rulesets/value-object/person-name-rules-v2.ts +2 -4
- package/src/result/index.ts +7 -2
- package/src/version.ts +1 -1
- package/dist/domain-exception.d.cts +0 -7
- package/dist/domain-exception.d.ts +0 -7
- package/dist/entity.cjs +0 -126
- package/dist/entity.cjs.map +0 -1
- package/dist/entity.js +0 -115
- package/dist/entity.js.map +0 -1
- package/dist/use-case.cjs +0 -96
- package/dist/use-case.cjs.map +0 -1
- package/dist/use-case.js +0 -91
- package/dist/use-case.js.map +0 -1
package/dist/policy-service.cjs
CHANGED
|
@@ -1,10 +1,11 @@
|
|
|
1
|
+
const require_invariant_violation_exception = require("./invariant-violation-exception.cjs");
|
|
2
|
+
const require_temporal_guards = require("./temporal-guards.cjs");
|
|
3
|
+
const require_stable_stringify = require("./stable-stringify.cjs");
|
|
1
4
|
const require_hashing = require("./hashing.cjs");
|
|
2
5
|
const require_unexpected_error = require("./unexpected-error.cjs");
|
|
3
6
|
const require_validation_code = require("./validation-code.cjs");
|
|
4
7
|
const require_validation_field = require("./validation-field.cjs");
|
|
5
|
-
const require_invariant_violation_exception = require("./invariant-violation-exception.cjs");
|
|
6
8
|
const require_validation_exception = require("./validation-exception.cjs");
|
|
7
|
-
const require_temporal_guards = require("./temporal-guards.cjs");
|
|
8
9
|
const require_result = require("./result.cjs");
|
|
9
10
|
const require_condition_evaluator = require("./condition-evaluator.cjs");
|
|
10
11
|
//#region src/core/policies/context/context-builder.ts
|
|
@@ -153,6 +154,13 @@ var PolicyContextBuilder = class PolicyContextBuilder {
|
|
|
153
154
|
/**
|
|
154
155
|
* Resolves all required context paths and returns a flat context object.
|
|
155
156
|
* If any required path cannot be resolved, returns an error.
|
|
157
|
+
*
|
|
158
|
+
* Resolution is deliberately sequential and fail-fast: paths resolve in
|
|
159
|
+
* order and the first failure returns immediately, so later resolvers never
|
|
160
|
+
* run once one path fails. This trades the latency-hiding of parallel
|
|
161
|
+
* resolution for skipping downstream (potentially expensive) lookups on a
|
|
162
|
+
* doomed evaluation. It is a tested contract, not an oversight — flip it to
|
|
163
|
+
* `Promise.all` only if you also accept that every resolver always runs.
|
|
156
164
|
*/
|
|
157
165
|
async build(requirements, seed) {
|
|
158
166
|
const context = {};
|
|
@@ -250,6 +258,8 @@ var ContextSeedValidator = class ContextSeedValidator {
|
|
|
250
258
|
* Array item order is preserved on purpose; callers that treat arrays as sets
|
|
251
259
|
* must normalize or sort them before hashing.
|
|
252
260
|
*
|
|
261
|
+
* The strict canonical form is owned by `shared/stable-stringify`
|
|
262
|
+
* ({@link canonicalStringify}); this class just composes it with SHA-256.
|
|
253
263
|
* Values that JSON.stringify would silently drop or coerce (undefined,
|
|
254
264
|
* non-finite numbers, functions, symbols, bigint) are rejected up-front to
|
|
255
265
|
* prevent semantically different payloads from collapsing to the same hash.
|
|
@@ -258,28 +268,8 @@ var PolicyHashing = class PolicyHashing {
|
|
|
258
268
|
static sha256(input) {
|
|
259
269
|
return require_hashing.sha256Hex(input);
|
|
260
270
|
}
|
|
261
|
-
static assertHashable(value, path, seen) {
|
|
262
|
-
if (value === null) return;
|
|
263
|
-
const type = typeof value;
|
|
264
|
-
if (type === "undefined") throw new TypeError(`canonicalJson does not accept undefined values (at ${path})`);
|
|
265
|
-
if (type === "number" && !Number.isFinite(value)) throw new TypeError(`canonicalJson does not accept non-finite numbers (at ${path}, value: ${String(value)})`);
|
|
266
|
-
if (type === "bigint" || type === "function" || type === "symbol") throw new TypeError(`canonicalJson does not accept ${type} values (at ${path})`);
|
|
267
|
-
if (type !== "object") return;
|
|
268
|
-
if (value instanceof Date) {
|
|
269
|
-
if (!require_temporal_guards.isValidDate(value)) throw new TypeError(`canonicalJson does not accept Invalid Date (at ${path})`);
|
|
270
|
-
return;
|
|
271
|
-
}
|
|
272
|
-
if (seen.has(value)) throw new TypeError(`canonicalJson does not accept circular references (at ${path})`);
|
|
273
|
-
seen.add(value);
|
|
274
|
-
if (Array.isArray(value)) value.forEach((item, index) => {
|
|
275
|
-
PolicyHashing.assertHashable(item, `${path}[${index}]`, seen);
|
|
276
|
-
});
|
|
277
|
-
else for (const [key, nested] of Object.entries(value)) PolicyHashing.assertHashable(nested, `${path}.${key}`, seen);
|
|
278
|
-
seen.delete(value);
|
|
279
|
-
}
|
|
280
271
|
static canonicalJson(value) {
|
|
281
|
-
|
|
282
|
-
return require_hashing.stableStringify(value);
|
|
272
|
+
return require_stable_stringify.canonicalStringify(value);
|
|
283
273
|
}
|
|
284
274
|
static computePayloadHash(payload, policyKey, policyVersion) {
|
|
285
275
|
const canonical = PolicyHashing.canonicalJson({
|
|
@@ -394,7 +384,7 @@ var PolicyCatalogEntry = class PolicyCatalogEntry {
|
|
|
394
384
|
return this.tags.includes(tag);
|
|
395
385
|
}
|
|
396
386
|
equals(other) {
|
|
397
|
-
return this.
|
|
387
|
+
return this.toVariantKey() === other.toVariantKey();
|
|
398
388
|
}
|
|
399
389
|
toJSON() {
|
|
400
390
|
return {
|
|
@@ -489,7 +479,7 @@ var PolicyCatalog = class {
|
|
|
489
479
|
if (!family || family.length === 0) return require_result.Result.err(`Policy not found in catalog: "${params.key}"`);
|
|
490
480
|
const exactMatch = family.find((entry) => entry.matchesVersion(params));
|
|
491
481
|
if (exactMatch) return require_result.Result.ok(exactMatch);
|
|
492
|
-
if (family.length === 1 && !family[0].hasExplicitVersionSelector()) return require_result.Result.ok(family[0]);
|
|
482
|
+
if (family.length === 1 && family[0].kind === params.kind && !family[0].hasExplicitVersionSelector()) return require_result.Result.ok(family[0]);
|
|
493
483
|
const versionDetails = [
|
|
494
484
|
params.kind,
|
|
495
485
|
params.gateEngineVersion !== void 0 ? `gateEngineVersion=${params.gateEngineVersion}` : null,
|
|
@@ -581,7 +571,6 @@ var PolicyScopeMatcher = class PolicyScopeMatcher {
|
|
|
581
571
|
//#region src/core/policies/defs/in-memory-policy-definition-repo.ts
|
|
582
572
|
var InMemoryPolicyDefinitionRepository = class {
|
|
583
573
|
constructor(definitions) {
|
|
584
|
-
this.definitions = definitions;
|
|
585
574
|
this.definitionsByPolicyKey = definitions.reduce((index, definition) => {
|
|
586
575
|
const existingDefinitions = index.get(definition.policyKey) ?? [];
|
|
587
576
|
existingDefinitions.push(definition);
|
|
@@ -725,6 +714,18 @@ var PolicyDefinition = class PolicyDefinition {
|
|
|
725
714
|
//#endregion
|
|
726
715
|
//#region src/core/policies/asof/asof.ts
|
|
727
716
|
const DEFAULT_MAX_AS_OF_FUTURE_YEARS = 10;
|
|
717
|
+
/**
|
|
718
|
+
* Derives the `asOf` instant an evaluation is pinned to.
|
|
719
|
+
*
|
|
720
|
+
* With `asOfSource: "CALLER_PROVIDED"` the instant comes from the reserved
|
|
721
|
+
* `seed.fields.asOf` key (a `Date`); with `"NOW"` it is the evaluation clock.
|
|
722
|
+
*
|
|
723
|
+
* The bound is intentionally asymmetric: a caller-provided `asOf` may be at
|
|
724
|
+
* most `maxFutureYears` in the future (a fat-finger / clock-skew guard against
|
|
725
|
+
* selecting a not-yet-in-force policy), but is unbounded in the past — querying
|
|
726
|
+
* how a policy stood at any historical instant is a first-class use of a
|
|
727
|
+
* temporal engine, so back-dating is never capped.
|
|
728
|
+
*/
|
|
728
729
|
var PolicyAsOfResolver = class PolicyAsOfResolver {
|
|
729
730
|
static resolveMaxFutureYears(options) {
|
|
730
731
|
const maxFutureYears = options.maxFutureYears ?? DEFAULT_MAX_AS_OF_FUTURE_YEARS;
|
|
@@ -866,7 +867,6 @@ var PolicyEvaluationErrors = class {
|
|
|
866
867
|
* evaluation — which keeps observability strictly side-band.
|
|
867
868
|
*/
|
|
868
869
|
var PolicyService = class {
|
|
869
|
-
#reporter;
|
|
870
870
|
constructor(params) {
|
|
871
871
|
this.catalog = params.catalog;
|
|
872
872
|
this.contextBuilder = params.contextBuilder;
|
|
@@ -875,12 +875,7 @@ var PolicyService = class {
|
|
|
875
875
|
this.gateEngines = params.gateEngines;
|
|
876
876
|
this.computeRegistry = params.computeRegistry;
|
|
877
877
|
this.options = params.options ?? {};
|
|
878
|
-
this
|
|
879
|
-
}
|
|
880
|
-
#reportSafely(event) {
|
|
881
|
-
try {
|
|
882
|
-
this.#reporter.report(event);
|
|
883
|
-
} catch {}
|
|
878
|
+
this.coreConfig = params.coreConfig ?? require_condition_evaluator.coreConfig;
|
|
884
879
|
}
|
|
885
880
|
resolveEvaluationNow(seed) {
|
|
886
881
|
const candidate = seed.fields["now"];
|
|
@@ -904,10 +899,10 @@ var PolicyService = class {
|
|
|
904
899
|
* @returns A `Result` carrying the decision or the evaluation error.
|
|
905
900
|
*/
|
|
906
901
|
async evaluate(input) {
|
|
907
|
-
const result = await this
|
|
902
|
+
const result = await this.runEvaluation(input);
|
|
908
903
|
if (result.isErr()) {
|
|
909
904
|
const error = result.errorOrNull();
|
|
910
|
-
this
|
|
905
|
+
this.coreConfig.reportSafely({
|
|
911
906
|
kind: "policy-evaluation-failed",
|
|
912
907
|
level: "error",
|
|
913
908
|
policyKey: "policyKey" in error ? error.policyKey : void 0,
|
|
@@ -918,7 +913,7 @@ var PolicyService = class {
|
|
|
918
913
|
});
|
|
919
914
|
} else {
|
|
920
915
|
const ok = result.getOrNull();
|
|
921
|
-
this
|
|
916
|
+
this.coreConfig.reportSafely({
|
|
922
917
|
kind: "policy-evaluation-completed",
|
|
923
918
|
level: "info",
|
|
924
919
|
policyKey: ok.ref.policyKey,
|
|
@@ -929,11 +924,11 @@ var PolicyService = class {
|
|
|
929
924
|
}
|
|
930
925
|
return result;
|
|
931
926
|
}
|
|
932
|
-
async
|
|
927
|
+
async runEvaluation(input) {
|
|
933
928
|
const seedResult = ContextSeedValidator.validate(input.seed);
|
|
934
929
|
if (seedResult.isErr()) return require_result.Result.err(PolicyEvaluationErrors.invalidContext("SEED_VALIDATION", input.policyKey, seedResult.errorOrNull()));
|
|
935
930
|
const seed = seedResult.getOrNull();
|
|
936
|
-
const catalogFamilyResult = this
|
|
931
|
+
const catalogFamilyResult = this.resolveCatalogFamily(input.policyKey);
|
|
937
932
|
if (catalogFamilyResult.isErr()) return require_result.Result.err(catalogFamilyResult.errorOrNull());
|
|
938
933
|
const { key: policyKey, family } = catalogFamilyResult.getOrNull();
|
|
939
934
|
const familyEntry = family[0];
|
|
@@ -943,10 +938,10 @@ var PolicyService = class {
|
|
|
943
938
|
const asOfResult = PolicyAsOfResolver.derive(familyEntry.asOfSource, seed, now, this.options.asOf);
|
|
944
939
|
if (asOfResult.isErr()) return require_result.Result.err(PolicyEvaluationErrors.invalidContext("AS_OF_DERIVATION", policyKey, asOfResult.errorOrNull()));
|
|
945
940
|
const asOf = asOfResult.getOrNull();
|
|
946
|
-
const definitionResult = this
|
|
941
|
+
const definitionResult = this.findCandidates(policyKey, familyEntry.kind, asOf, input);
|
|
947
942
|
if (definitionResult.isErr()) return require_result.Result.err(definitionResult.errorOrNull());
|
|
948
943
|
const { definition: policyDefinition, catalogEntry: versionedCatalogEntry } = definitionResult.getOrNull();
|
|
949
|
-
this
|
|
944
|
+
this.coreConfig.reportSafely({
|
|
950
945
|
kind: "policy-resolution",
|
|
951
946
|
level: "info",
|
|
952
947
|
policyKey,
|
|
@@ -959,7 +954,7 @@ var PolicyService = class {
|
|
|
959
954
|
const ctxResult = await this.contextBuilder.build(versionedCatalogEntry.contextRequirements, seed);
|
|
960
955
|
if (ctxResult.isErr()) return require_result.Result.err(PolicyEvaluationErrors.invalidContext("CONTEXT_BUILD", policyKey, ctxResult.errorOrNull()));
|
|
961
956
|
const context = ctxResult.getOrNull();
|
|
962
|
-
const decisionResult = this
|
|
957
|
+
const decisionResult = this.executeEngine(policyKey, policyDefinition, context);
|
|
963
958
|
if (decisionResult.isErr()) return require_result.Result.err(decisionResult.errorOrNull());
|
|
964
959
|
const decision = decisionResult.getOrNull();
|
|
965
960
|
const result = {
|
|
@@ -979,7 +974,7 @@ var PolicyService = class {
|
|
|
979
974
|
};
|
|
980
975
|
return require_result.Result.ok(result);
|
|
981
976
|
}
|
|
982
|
-
|
|
977
|
+
resolveCatalogVariant(definition) {
|
|
983
978
|
return this.catalog.getVersioned({
|
|
984
979
|
key: definition.policyKey,
|
|
985
980
|
kind: definition.kind,
|
|
@@ -987,7 +982,7 @@ var PolicyService = class {
|
|
|
987
982
|
payloadSchemaVersion: definition.payloadSchemaVersion
|
|
988
983
|
});
|
|
989
984
|
}
|
|
990
|
-
|
|
985
|
+
resolveCatalogFamily(rawKey) {
|
|
991
986
|
const keyResult = PolicyKey.parse(rawKey);
|
|
992
987
|
if (keyResult.isErr()) return require_result.Result.err(PolicyEvaluationErrors.invalidPolicyKey(rawKey, keyResult.errorOrNull()));
|
|
993
988
|
const policyKey = keyResult.getOrNull().toString();
|
|
@@ -998,7 +993,7 @@ var PolicyService = class {
|
|
|
998
993
|
family: catalogFamilyResult.getOrNull()
|
|
999
994
|
});
|
|
1000
995
|
}
|
|
1001
|
-
|
|
996
|
+
findCandidates(policyKey, policyKind, asOf, input) {
|
|
1002
997
|
const candidates = this.defRepo.findCandidates({
|
|
1003
998
|
policyKey,
|
|
1004
999
|
kind: policyKind,
|
|
@@ -1010,7 +1005,7 @@ var PolicyService = class {
|
|
|
1010
1005
|
const compatibleCandidatesByDefinitionId = /* @__PURE__ */ new Map();
|
|
1011
1006
|
const incompatibleVariantErrorsByDefinitionId = /* @__PURE__ */ new Map();
|
|
1012
1007
|
for (const candidate of candidates) {
|
|
1013
|
-
const compatibilityResult = this
|
|
1008
|
+
const compatibilityResult = this.resolveCatalogVariant(candidate);
|
|
1014
1009
|
if (compatibilityResult.isErr()) {
|
|
1015
1010
|
incompatibleVariantErrorsByDefinitionId.set(candidate.id, compatibilityResult.errorOrNull());
|
|
1016
1011
|
continue;
|
|
@@ -1042,7 +1037,7 @@ var PolicyService = class {
|
|
|
1042
1037
|
if (resolvedCandidate === void 0) return require_result.Result.err(PolicyEvaluationErrors.policyDefinitionNotFound(policyKey, asOf, input.contextVersion, `Resolved definition "${bestDefinition.id}" is not present among compatible catalog variants`));
|
|
1043
1038
|
return require_result.Result.ok(resolvedCandidate);
|
|
1044
1039
|
}
|
|
1045
|
-
|
|
1040
|
+
executeEngine(policyKey, definition, context) {
|
|
1046
1041
|
if (definition.isGate()) {
|
|
1047
1042
|
const gateResult = this.gateEngines.evaluate(definition.gateEngineVersion, definition.payloadJson, context);
|
|
1048
1043
|
if (gateResult.isErr()) return require_result.Result.err(PolicyEvaluationErrors.engineFailure(policyKey, "GATE", definition.gateEngineVersion, gateResult.errorOrNull()));
|