@cullet/erp-core 1.4.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (306) hide show
  1. package/KIT_CONTEXT.md +7 -1
  2. package/dist/abac/index.d.cts +2 -2
  3. package/dist/abac/index.d.ts +2 -2
  4. package/dist/aggregate-version.cjs +14 -0
  5. package/dist/aggregate-version.cjs.map +1 -0
  6. package/dist/aggregate-version.js +9 -0
  7. package/dist/aggregate-version.js.map +1 -0
  8. package/dist/app-error.cjs +21 -6
  9. package/dist/app-error.cjs.map +1 -1
  10. package/dist/app-error.js +21 -6
  11. package/dist/app-error.js.map +1 -1
  12. package/dist/application/index.cjs +8 -4
  13. package/dist/application/index.d.cts +2 -2
  14. package/dist/application/index.d.ts +2 -2
  15. package/dist/application/index.js +1 -2
  16. package/dist/authorization-error.cjs +67 -17
  17. package/dist/authorization-error.cjs.map +1 -1
  18. package/dist/authorization-error.d.cts +6 -2
  19. package/dist/authorization-error.d.ts +6 -2
  20. package/dist/authorization-error.js +50 -18
  21. package/dist/authorization-error.js.map +1 -1
  22. package/dist/authorizer.port.d.cts +18 -3
  23. package/dist/authorizer.port.d.ts +18 -3
  24. package/dist/composite-authorizer.d.cts +63 -10
  25. package/dist/composite-authorizer.d.ts +63 -10
  26. package/dist/condition-evaluator.cjs +117 -172
  27. package/dist/condition-evaluator.cjs.map +1 -1
  28. package/dist/condition-evaluator.js +118 -167
  29. package/dist/condition-evaluator.js.map +1 -1
  30. package/dist/core-config.d.cts +53 -6
  31. package/dist/core-config.d.ts +53 -6
  32. package/dist/decorate.cjs +14 -0
  33. package/dist/decorate.js +9 -0
  34. package/dist/domain/index.cjs +107 -2
  35. package/dist/domain/index.cjs.map +1 -0
  36. package/dist/domain/index.d.cts +25 -1
  37. package/dist/domain/index.d.ts +25 -1
  38. package/dist/domain/index.js +99 -3
  39. package/dist/domain/index.js.map +1 -0
  40. package/dist/domain-event-contracts.cjs +12 -8
  41. package/dist/domain-event-contracts.cjs.map +1 -1
  42. package/dist/domain-event-contracts.d.cts +29 -4
  43. package/dist/domain-event-contracts.d.ts +29 -4
  44. package/dist/domain-event-contracts.js +11 -7
  45. package/dist/domain-event-contracts.js.map +1 -1
  46. package/dist/domain-exception.cjs +2 -1
  47. package/dist/domain-exception.cjs.map +1 -1
  48. package/dist/domain-exception.js +2 -1
  49. package/dist/domain-exception.js.map +1 -1
  50. package/dist/errors/index.cjs +3 -2
  51. package/dist/errors/index.d.cts +1 -1
  52. package/dist/errors/index.d.ts +1 -1
  53. package/dist/errors/index.js +3 -2
  54. package/dist/exceptions/index.cjs +2 -2
  55. package/dist/exceptions/index.d.cts +1 -2
  56. package/dist/exceptions/index.d.ts +1 -2
  57. package/dist/exceptions/index.js +2 -2
  58. package/dist/gate-engine-registry.cjs.map +1 -1
  59. package/dist/gate-engine-registry.d.cts +1 -1
  60. package/dist/gate-engine-registry.d.ts +1 -1
  61. package/dist/gate-engine-registry.js.map +1 -1
  62. package/dist/gate-v1-payload.schema.cjs +11 -6
  63. package/dist/gate-v1-payload.schema.cjs.map +1 -1
  64. package/dist/gate-v1-payload.schema.js +11 -6
  65. package/dist/gate-v1-payload.schema.js.map +1 -1
  66. package/dist/hashing.cjs +2 -44
  67. package/dist/hashing.cjs.map +1 -1
  68. package/dist/hashing.js +3 -39
  69. package/dist/hashing.js.map +1 -1
  70. package/dist/immutable.cjs +25 -12
  71. package/dist/immutable.cjs.map +1 -1
  72. package/dist/immutable.js +24 -11
  73. package/dist/immutable.js.map +1 -1
  74. package/dist/index.cjs +15 -11
  75. package/dist/index.cjs.map +1 -1
  76. package/dist/index.d.cts +9 -10
  77. package/dist/index.d.ts +9 -10
  78. package/dist/index.js +8 -9
  79. package/dist/index.js.map +1 -1
  80. package/dist/invalid-state-transition-exception.cjs +6 -6
  81. package/dist/invalid-state-transition-exception.cjs.map +1 -1
  82. package/dist/invalid-state-transition-exception.js +6 -6
  83. package/dist/invalid-state-transition-exception.js.map +1 -1
  84. package/dist/invariant-violation-exception.cjs +2 -2
  85. package/dist/invariant-violation-exception.cjs.map +1 -1
  86. package/dist/invariant-violation-exception.js +2 -2
  87. package/dist/invariant-violation-exception.js.map +1 -1
  88. package/dist/not-found-error.cjs +6 -4
  89. package/dist/not-found-error.cjs.map +1 -1
  90. package/dist/not-found-error.js +6 -4
  91. package/dist/not-found-error.js.map +1 -1
  92. package/dist/outcome.cjs +5 -5
  93. package/dist/outcome.cjs.map +1 -1
  94. package/dist/outcome.js +5 -5
  95. package/dist/outcome.js.map +1 -1
  96. package/dist/parse-gate-payload.d.cts +1 -1
  97. package/dist/parse-gate-payload.d.ts +1 -1
  98. package/dist/path.d.cts +2 -2
  99. package/dist/path.d.ts +2 -2
  100. package/dist/plugin.cjs +23 -13
  101. package/dist/plugin.cjs.map +1 -1
  102. package/dist/plugin.d.cts +22 -8
  103. package/dist/plugin.d.ts +22 -8
  104. package/dist/plugin.js +23 -13
  105. package/dist/plugin.js.map +1 -1
  106. package/dist/policies/engines/index.d.cts +1 -1
  107. package/dist/policies/engines/index.d.ts +1 -1
  108. package/dist/policies/engines/v1/gate/index.d.cts +3 -13
  109. package/dist/policies/engines/v1/gate/index.d.ts +3 -13
  110. package/dist/policies/index.d.cts +1 -1
  111. package/dist/policies/index.d.ts +1 -1
  112. package/dist/policy-bridge.cjs +30 -2
  113. package/dist/policy-bridge.cjs.map +1 -1
  114. package/dist/policy-bridge.d.cts +18 -0
  115. package/dist/policy-bridge.d.ts +18 -0
  116. package/dist/policy-bridge.js +30 -2
  117. package/dist/policy-bridge.js.map +1 -1
  118. package/dist/policy-service.cjs +41 -46
  119. package/dist/policy-service.cjs.map +1 -1
  120. package/dist/policy-service.d.cts +72 -9
  121. package/dist/policy-service.d.ts +72 -9
  122. package/dist/policy-service.js +43 -48
  123. package/dist/policy-service.js.map +1 -1
  124. package/dist/requested-by.cjs +4 -4
  125. package/dist/requested-by.cjs.map +1 -1
  126. package/dist/requested-by.js +2 -2
  127. package/dist/requested-by.js.map +1 -1
  128. package/dist/result.cjs +29 -1
  129. package/dist/result.cjs.map +1 -1
  130. package/dist/result.d.cts +12 -0
  131. package/dist/result.d.ts +12 -0
  132. package/dist/result.js +29 -1
  133. package/dist/result.js.map +1 -1
  134. package/dist/rule.cjs +94 -24
  135. package/dist/rule.cjs.map +1 -1
  136. package/dist/rule.js +94 -24
  137. package/dist/rule.js.map +1 -1
  138. package/dist/ruleset-registry.cjs +19 -0
  139. package/dist/ruleset-registry.cjs.map +1 -1
  140. package/dist/ruleset-registry.js +19 -0
  141. package/dist/ruleset-registry.js.map +1 -1
  142. package/dist/stable-stringify.cjs +87 -0
  143. package/dist/stable-stringify.cjs.map +1 -0
  144. package/dist/stable-stringify.js +76 -0
  145. package/dist/stable-stringify.js.map +1 -0
  146. package/dist/temporal-snapshot.d.cts +87 -0
  147. package/dist/temporal-snapshot.d.ts +87 -0
  148. package/dist/temporal-use-case.cjs +174 -16
  149. package/dist/temporal-use-case.cjs.map +1 -1
  150. package/dist/temporal-use-case.d.cts +82 -44
  151. package/dist/temporal-use-case.d.ts +82 -44
  152. package/dist/temporal-use-case.js +167 -15
  153. package/dist/temporal-use-case.js.map +1 -1
  154. package/dist/unexpected-error.cjs +4 -2
  155. package/dist/unexpected-error.cjs.map +1 -1
  156. package/dist/unexpected-error.js +4 -2
  157. package/dist/unexpected-error.js.map +1 -1
  158. package/dist/uuid-identifier.cjs +141 -8
  159. package/dist/uuid-identifier.cjs.map +1 -1
  160. package/dist/uuid-identifier.d.cts +26 -7
  161. package/dist/uuid-identifier.d.ts +26 -7
  162. package/dist/uuid-identifier.js +135 -8
  163. package/dist/uuid-identifier.js.map +1 -1
  164. package/dist/uuid.cjs +23 -0
  165. package/dist/uuid.cjs.map +1 -0
  166. package/dist/uuid.js +18 -0
  167. package/dist/uuid.js.map +1 -0
  168. package/dist/validation-code.cjs +9 -0
  169. package/dist/validation-code.cjs.map +1 -1
  170. package/dist/validation-code.d.cts +3 -0
  171. package/dist/validation-code.d.ts +3 -0
  172. package/dist/validation-code.js +9 -0
  173. package/dist/validation-code.js.map +1 -1
  174. package/dist/validation-error.cjs +42 -67
  175. package/dist/validation-error.cjs.map +1 -1
  176. package/dist/validation-error.d.cts +29 -8
  177. package/dist/validation-error.d.ts +29 -8
  178. package/dist/validation-error.js +41 -66
  179. package/dist/validation-error.js.map +1 -1
  180. package/dist/validation-exception.cjs +17 -6
  181. package/dist/validation-exception.cjs.map +1 -1
  182. package/dist/validation-exception.d.cts +33 -9
  183. package/dist/validation-exception.d.ts +33 -9
  184. package/dist/validation-exception.js +17 -6
  185. package/dist/validation-exception.js.map +1 -1
  186. package/dist/validation-field.cjs +3 -0
  187. package/dist/validation-field.cjs.map +1 -1
  188. package/dist/validation-field.d.cts +1 -0
  189. package/dist/validation-field.d.ts +1 -0
  190. package/dist/validation-field.js +3 -0
  191. package/dist/validation-field.js.map +1 -1
  192. package/dist/value-object-ruleset.contracts.d.cts +10 -0
  193. package/dist/value-object-ruleset.contracts.d.ts +10 -0
  194. package/dist/value-object.cjs +23 -4
  195. package/dist/value-object.cjs.map +1 -1
  196. package/dist/value-object.d.cts +25 -1
  197. package/dist/value-object.d.ts +25 -1
  198. package/dist/value-object.js +23 -4
  199. package/dist/value-object.js.map +1 -1
  200. package/dist/version.d.cts +27 -0
  201. package/dist/version.d.ts +27 -0
  202. package/dist/versioning/index.d.cts +2 -2
  203. package/dist/versioning/index.d.ts +2 -2
  204. package/meta.json +5 -2
  205. package/package.json +1 -1
  206. package/src/core/abac/authorizer.ts +60 -10
  207. package/src/core/abac/domain/policy-set.ts +52 -5
  208. package/src/core/abac/domain/rule.ts +28 -16
  209. package/src/core/abac/index.ts +7 -1
  210. package/src/core/application/commands/command.ts +14 -1
  211. package/src/core/application/commands/requested-by.ts +13 -5
  212. package/src/core/application/index.ts +2 -1
  213. package/src/core/application/policy-error-mapper.ts +6 -0
  214. package/src/core/application/ports/index.ts +7 -0
  215. package/src/core/application/ports/temporal-repository.port.ts +35 -2
  216. package/src/core/application/queries/index.ts +1 -1
  217. package/src/core/application/queries/query.ts +25 -3
  218. package/src/core/application/temporal/temporal-use-case.ts +31 -4
  219. package/src/core/application/use-case.ts +45 -8
  220. package/src/core/config/core-config.ts +46 -25
  221. package/src/core/config/index.ts +1 -0
  222. package/src/core/config/policy-reporter.ts +32 -1
  223. package/src/core/domain/entity.ts +51 -8
  224. package/src/core/domain/rulesets/entity-ruleset.contracts.ts +0 -2
  225. package/src/core/domain/rulesets/ruleset-registry.ts +24 -0
  226. package/src/core/domain/rulesets/value-object-ruleset.contracts.ts +1 -7
  227. package/src/core/domain/temporal/half-open-interval.ts +34 -0
  228. package/src/core/domain/temporal/temporal-snapshot.ts +13 -2
  229. package/src/core/domain/temporal/transaction-time.ts +19 -15
  230. package/src/core/domain/temporal/valid-time.ts +20 -15
  231. package/src/core/domain/uuid-identifier.ts +6 -11
  232. package/src/core/domain/value-object.ts +29 -3
  233. package/src/core/errors/authentication-error.ts +5 -31
  234. package/src/core/errors/authorization-error.ts +12 -20
  235. package/src/core/errors/business-rule-violation-error.ts +4 -1
  236. package/src/core/errors/idempotency-error.ts +5 -2
  237. package/src/core/errors/index.ts +4 -0
  238. package/src/core/errors/integration-error.ts +4 -24
  239. package/src/core/errors/legacy-incompatible-error.ts +1 -0
  240. package/src/core/errors/not-found-error.ts +4 -1
  241. package/src/core/errors/temporal-error.ts +22 -20
  242. package/src/core/errors/unexpected-error.ts +5 -1
  243. package/src/core/errors/utils/factory-helpers.ts +70 -0
  244. package/src/core/errors/utils/index.ts +5 -0
  245. package/src/core/errors/utils/json-safe.ts +35 -12
  246. package/src/core/errors/validation-error.ts +4 -1
  247. package/src/core/exceptions/business-rule-violation-exception.ts +2 -1
  248. package/src/core/exceptions/domain-exception.ts +9 -1
  249. package/src/core/exceptions/entity-not-found-exception.ts +5 -1
  250. package/src/core/exceptions/invalid-state-transition-exception.ts +5 -2
  251. package/src/core/exceptions/invariant-violation-exception.ts +2 -2
  252. package/src/core/exceptions/validation-code.ts +14 -0
  253. package/src/core/exceptions/validation-exception.ts +44 -5
  254. package/src/core/exceptions/validation-field.ts +11 -1
  255. package/src/core/plugins/plugin.ts +25 -15
  256. package/src/core/plugins/types.ts +4 -2
  257. package/src/core/policies/asof/asof.ts +12 -0
  258. package/src/core/policies/catalog/policy-catalog-entry.ts +3 -1
  259. package/src/core/policies/catalog/policy-catalog.ts +5 -1
  260. package/src/core/policies/context/context-builder.ts +20 -0
  261. package/src/core/policies/context/context-resolver.ts +5 -0
  262. package/src/core/policies/context/context-seed.ts +11 -0
  263. package/src/core/policies/defs/in-memory-policy-definition-repo.ts +0 -2
  264. package/src/core/policies/engines/parse-gate-payload.ts +9 -0
  265. package/src/core/policies/engines/v1/condition-date-operands.ts +112 -0
  266. package/src/core/policies/engines/v1/condition-evaluator.ts +120 -291
  267. package/src/core/policies/engines/v1/condition-schema.ts +23 -19
  268. package/src/core/policies/engines/v1/condition-types.ts +18 -11
  269. package/src/core/policies/index.ts +4 -6
  270. package/src/core/policies/service/policy-service.ts +46 -35
  271. package/src/core/policies/utils/hash.ts +5 -69
  272. package/src/core/policies/utils/result.ts +1 -1
  273. package/src/core/rbac/access-request.ts +12 -2
  274. package/src/core/rbac/authorizer.ts +8 -1
  275. package/src/core/rbac/domain/role.ts +20 -0
  276. package/src/core/rbac/domain/scope.ts +6 -1
  277. package/src/core/result/index.ts +5 -0
  278. package/src/core/result/outcome.ts +5 -7
  279. package/src/core/result/result.ts +34 -1
  280. package/src/core/shared/hashing.ts +6 -57
  281. package/src/core/shared/immutable.ts +22 -4
  282. package/src/core/shared/stable-stringify.ts +144 -0
  283. package/src/core/shared/uuid.ts +16 -0
  284. package/src/core/versioning/domain-event-contracts.ts +43 -15
  285. package/src/core/versioning/index.ts +1 -0
  286. package/src/core/versioning/version.ts +30 -1
  287. package/src/domain/index.ts +5 -0
  288. package/src/examples/rulesets/entity/order-creation-rules-v1.ts +1 -1
  289. package/src/examples/rulesets/entity/order-invariants-v1.ts +2 -4
  290. package/src/examples/rulesets/entity/order-invariants-v2.ts +2 -4
  291. package/src/examples/rulesets/value-object/cpf-rules-v1.ts +2 -4
  292. package/src/examples/rulesets/value-object/cpf-rules-v2.ts +2 -4
  293. package/src/examples/rulesets/value-object/person-name-rules-v1.ts +2 -4
  294. package/src/examples/rulesets/value-object/person-name-rules-v2.ts +2 -4
  295. package/src/result/index.ts +7 -2
  296. package/src/version.ts +1 -1
  297. package/dist/domain-exception.d.cts +0 -7
  298. package/dist/domain-exception.d.ts +0 -7
  299. package/dist/entity.cjs +0 -126
  300. package/dist/entity.cjs.map +0 -1
  301. package/dist/entity.js +0 -115
  302. package/dist/entity.js.map +0 -1
  303. package/dist/use-case.cjs +0 -96
  304. package/dist/use-case.cjs.map +0 -1
  305. package/dist/use-case.js +0 -91
  306. package/dist/use-case.js.map +0 -1
@@ -1,5 +1,5 @@
1
1
  import { r as Result } from "./result.cjs";
2
- import { O as GatePayload, a as PolicyDecisionId, c as TenantId, i as PolicyReporter, o as PolicyDefinitionId, s as SchoolId, y as GateOutcome } from "./core-config.cjs";
2
+ import { D as GatePayload, a as PolicyDefinitionId, i as PolicyDecisionId, o as SchoolId, s as TenantId, t as CoreConfig, v as GateOutcome } from "./core-config.cjs";
3
3
  import { a as ComputeOutcome, l as ComputePayload, n as ComputeRegistry, t as GateEngineRegistry } from "./gate-engine-registry.cjs";
4
4
 
5
5
  //#region src/core/policies/catalog/catalog-types.d.ts
@@ -265,6 +265,17 @@ interface PolicyDefinitionRepository {
265
265
  * Seed data provided by the use case / caller.
266
266
  * Contains raw IDs and inputs that the context system will resolve into paths.
267
267
  * Each resolver is responsible for validating and extracting what it needs from fields.
268
+ *
269
+ * `tenantId`/`schoolId` are required on every seed, including evaluations scoped
270
+ * at TENANT or GLOBAL level. The `schoolId`/`SCHOOL` vocabulary is deliberately
271
+ * school-first: erp-core is a school ERP core, and a full-control copy targeting
272
+ * another domain is expected to rename these ids to its own leaf scope.
273
+ *
274
+ * `fields` is an open bag, but two keys are reserved by the pipeline and carry
275
+ * meaning beyond "just data":
276
+ * - `now` (a `Date`) pins the evaluation clock;
277
+ * - `asOf` (a `Date`) supplies the instant for `asOfSource: "CALLER_PROVIDED"`.
278
+ * See {@link EvaluateInput} and {@link PolicyAsOfResolver}.
268
279
  */
269
280
  interface ContextSeed {
270
281
  readonly tenantId: TenantId;
@@ -295,6 +306,11 @@ interface ContextResolverResilienceOptions {
295
306
  /**
296
307
  * A resolver that knows how to produce a value for a specific context path.
297
308
  * Designed as async to allow future DB/API lookups without breaking the interface.
309
+ *
310
+ * Resolvers MUST be idempotent, side-effect-free reads. The builder's timeout
311
+ * is a race with no cancellation, so a timed-out resolver keeps running; with
312
+ * retry enabled it may also be invoked several times for one path. Anything but
313
+ * a pure lookup here risks duplicated effects.
298
314
  */
299
315
  interface ContextValueResolver {
300
316
  readonly path: string;
@@ -351,6 +367,13 @@ declare class PolicyContextBuilder {
351
367
  /**
352
368
  * Resolves all required context paths and returns a flat context object.
353
369
  * If any required path cannot be resolved, returns an error.
370
+ *
371
+ * Resolution is deliberately sequential and fail-fast: paths resolve in
372
+ * order and the first failure returns immediately, so later resolvers never
373
+ * run once one path fails. This trades the latency-hiding of parallel
374
+ * resolution for skipping downstream (potentially expensive) lookups on a
375
+ * doomed evaluation. It is a tested contract, not an oversight — flip it to
376
+ * `Promise.all` only if you also accept that every resolver always runs.
354
377
  */
355
378
  build(requirements: readonly string[], seed: ContextSeed): Promise<Result<Record<string, unknown>, string>>;
356
379
  }
@@ -359,6 +382,18 @@ declare class PolicyContextBuilder {
359
382
  interface DeriveAsOfOptions {
360
383
  readonly maxFutureYears?: number;
361
384
  }
385
+ /**
386
+ * Derives the `asOf` instant an evaluation is pinned to.
387
+ *
388
+ * With `asOfSource: "CALLER_PROVIDED"` the instant comes from the reserved
389
+ * `seed.fields.asOf` key (a `Date`); with `"NOW"` it is the evaluation clock.
390
+ *
391
+ * The bound is intentionally asymmetric: a caller-provided `asOf` may be at
392
+ * most `maxFutureYears` in the future (a fat-finger / clock-skew guard against
393
+ * selecting a not-yet-in-force policy), but is unbounded in the past — querying
394
+ * how a policy stood at any historical instant is a first-class use of a
395
+ * temporal engine, so back-dating is never capped.
396
+ */
362
397
  declare class PolicyAsOfResolver {
363
398
  private static resolveMaxFutureYears;
364
399
  static derive(source: AsOfSource, seed: ContextSeed, now: Date, options?: DeriveAsOfOptions): Result<Date, string>;
@@ -455,6 +490,21 @@ declare class PolicyEvaluationErrors {
455
490
  * `contextVersion` pins which context schema applies, and `seed` carries the
456
491
  * raw facts the context builder expands. `decisionId` is the caller's
457
492
  * idempotency/audit handle, echoed back on the result.
493
+ *
494
+ * `contextVersion` is a caller assertion, not a proof: it filters which
495
+ * definitions are compatible, but nothing checks that the context actually
496
+ * built matches the declared version — supplying the right number is the
497
+ * caller's contract.
498
+ *
499
+ * Two `seed.fields` keys are reserved and change what "now" means for this
500
+ * evaluation:
501
+ * - `now` (a `Date`) pins the evaluation clock — it feeds `evaluatedAt`, the
502
+ * `asOf` derivation, and therefore which effective-dated definitions are in
503
+ * force. Leave it unset to use wall-clock time.
504
+ * - `asOf` (a `Date`) is consumed when the policy's `asOfSource` is
505
+ * `CALLER_PROVIDED` (see {@link PolicyAsOfResolver}).
506
+ * Whoever assembles `fields` from untrusted input owns the consequence: a
507
+ * caller who can set these keys can shift which policy version is selected.
458
508
  */
459
509
  interface EvaluateInput {
460
510
  readonly decisionId: PolicyDecisionId;
@@ -464,14 +514,13 @@ interface EvaluateInput {
464
514
  readonly seed: ContextSeed;
465
515
  }
466
516
  /**
467
- * Cross-cutting knobs for a {@link PolicyService}: how the as-of instant is
468
- * derived ({@link asOf}) and where evaluation telemetry is sent
469
- * ({@link reporter}). Both are optional; the service defaults to a silent
470
- * reporter so telemetry is opt-in.
517
+ * Cross-cutting knobs for a {@link PolicyService}: today just how the as-of
518
+ * instant is derived ({@link asOf}). Telemetry is not configured here — it
519
+ * flows through the injected {@link CoreConfig}, the core's single
520
+ * observability seam, so a host wires reporting in one place.
471
521
  */
472
522
  interface PolicyServiceOptions {
473
523
  readonly asOf?: DeriveAsOfOptions;
474
- readonly reporter?: PolicyReporter;
475
524
  }
476
525
  /**
477
526
  * The collaborators a {@link PolicyService} is wired with. Each is an injected
@@ -486,6 +535,12 @@ interface PolicyServiceParams {
486
535
  readonly resolver: PolicyResolver;
487
536
  readonly gateEngines: GateEngineRegistry;
488
537
  readonly computeRegistry: ComputeRegistry;
538
+ /**
539
+ * The observability seam telemetry is emitted through. Defaults to the
540
+ * shared {@link coreConfig} singleton; inject an isolated instance for
541
+ * tests or multi-tenant hosts.
542
+ */
543
+ readonly coreConfig?: CoreConfig;
489
544
  readonly options?: PolicyServiceOptions;
490
545
  }
491
546
  /** Union of all possible policy decision Outcomes. */
@@ -494,8 +549,11 @@ type PolicyDecision = GateOutcome | ComputeOutcome;
494
549
  * The full record of one successful evaluation. Beyond the business
495
550
  * {@link decision}, it pins the exact definition that produced it — id, key,
496
551
  * version, payload hash, and engine version — together with the `asOf` instant
497
- * the policy was selected for and the wall-clock `evaluatedAt`. That provenance
498
- * is what makes a decision reproducible and auditable after the fact.
552
+ * the policy was selected for and `evaluatedAt`, the instant evaluation ran at.
553
+ * `evaluatedAt` is wall-clock time unless the caller pinned it via
554
+ * `seed.fields.now` (see {@link EvaluateInput}), in which case it echoes that.
555
+ * That provenance is what makes a decision reproducible and auditable after the
556
+ * fact.
499
557
  */
500
558
  interface PolicyEvaluationResult {
501
559
  readonly decisionId: PolicyDecisionId;
@@ -527,7 +585,7 @@ interface PolicyEvaluationResult {
527
585
  * evaluation — which keeps observability strictly side-band.
528
586
  */
529
587
  declare class PolicyService {
530
- #private;
588
+ private readonly coreConfig;
531
589
  private readonly catalog;
532
590
  private readonly contextBuilder;
533
591
  private readonly defRepo;
@@ -553,6 +611,11 @@ declare class PolicyService {
553
611
  * @returns A `Result` carrying the decision or the evaluation error.
554
612
  */
555
613
  evaluate(input: EvaluateInput): Promise<Result<PolicyEvaluationResult, PolicyEvaluationError>>;
614
+ private runEvaluation;
615
+ private resolveCatalogVariant;
616
+ private resolveCatalogFamily;
617
+ private findCandidates;
618
+ private executeEngine;
556
619
  }
557
620
  //#endregion
558
621
  export { PolicyScope as A, BasePolicyDefinitionProps as C, PolicyDefinition as D, GatePolicyDefinitionProps as E, PolicyKey as F, AsOfSource as I, PolicyKind as L, ScopeChain as M, PolicyCatalog as N, PolicyDefinitionProps as O, PolicyCatalogEntryProps as P, PolicyOwner as R, PolicyDefinitionRepository as S, FindCandidatesParams as T, ContextResolverResilienceOptions as _, PolicyServiceOptions as a, ContextSeed as b, PolicyEvaluationErrors as c, PolicyAsOfResolver as d, PolicyContextBuilder as f, ContextResolverCircuitBreakerOptions as g, registerNamespacedContextResolversIn as h, PolicyService as i, PolicyScopeMatcher as j, PolicyDefinitionStatus as k, PolicyResolver as l, ContextResolverRegistry as m, PolicyDecision as n, PolicyServiceParams as o, PolicyContextBuilderOptions as p, PolicyEvaluationResult as r, PolicyEvaluationError as s, EvaluateInput as t, DeriveAsOfOptions as u, ContextResolverRetryOptions as v, ComputePolicyDefinitionProps as w, ContextSeedValidator as x, ContextValueResolver as y, PolicyScopeLevel as z };
@@ -1,5 +1,5 @@
1
1
  import { r as Result } from "./result.js";
2
- import { O as GatePayload, a as PolicyDecisionId, c as TenantId, i as PolicyReporter, o as PolicyDefinitionId, s as SchoolId, y as GateOutcome } from "./core-config.js";
2
+ import { D as GatePayload, a as PolicyDefinitionId, i as PolicyDecisionId, o as SchoolId, s as TenantId, t as CoreConfig, v as GateOutcome } from "./core-config.js";
3
3
  import { a as ComputeOutcome, l as ComputePayload, n as ComputeRegistry, t as GateEngineRegistry } from "./gate-engine-registry.js";
4
4
 
5
5
  //#region src/core/policies/catalog/catalog-types.d.ts
@@ -265,6 +265,17 @@ interface PolicyDefinitionRepository {
265
265
  * Seed data provided by the use case / caller.
266
266
  * Contains raw IDs and inputs that the context system will resolve into paths.
267
267
  * Each resolver is responsible for validating and extracting what it needs from fields.
268
+ *
269
+ * `tenantId`/`schoolId` are required on every seed, including evaluations scoped
270
+ * at TENANT or GLOBAL level. The `schoolId`/`SCHOOL` vocabulary is deliberately
271
+ * school-first: erp-core is a school ERP core, and a full-control copy targeting
272
+ * another domain is expected to rename these ids to its own leaf scope.
273
+ *
274
+ * `fields` is an open bag, but two keys are reserved by the pipeline and carry
275
+ * meaning beyond "just data":
276
+ * - `now` (a `Date`) pins the evaluation clock;
277
+ * - `asOf` (a `Date`) supplies the instant for `asOfSource: "CALLER_PROVIDED"`.
278
+ * See {@link EvaluateInput} and {@link PolicyAsOfResolver}.
268
279
  */
269
280
  interface ContextSeed {
270
281
  readonly tenantId: TenantId;
@@ -295,6 +306,11 @@ interface ContextResolverResilienceOptions {
295
306
  /**
296
307
  * A resolver that knows how to produce a value for a specific context path.
297
308
  * Designed as async to allow future DB/API lookups without breaking the interface.
309
+ *
310
+ * Resolvers MUST be idempotent, side-effect-free reads. The builder's timeout
311
+ * is a race with no cancellation, so a timed-out resolver keeps running; with
312
+ * retry enabled it may also be invoked several times for one path. Anything but
313
+ * a pure lookup here risks duplicated effects.
298
314
  */
299
315
  interface ContextValueResolver {
300
316
  readonly path: string;
@@ -351,6 +367,13 @@ declare class PolicyContextBuilder {
351
367
  /**
352
368
  * Resolves all required context paths and returns a flat context object.
353
369
  * If any required path cannot be resolved, returns an error.
370
+ *
371
+ * Resolution is deliberately sequential and fail-fast: paths resolve in
372
+ * order and the first failure returns immediately, so later resolvers never
373
+ * run once one path fails. This trades the latency-hiding of parallel
374
+ * resolution for skipping downstream (potentially expensive) lookups on a
375
+ * doomed evaluation. It is a tested contract, not an oversight — flip it to
376
+ * `Promise.all` only if you also accept that every resolver always runs.
354
377
  */
355
378
  build(requirements: readonly string[], seed: ContextSeed): Promise<Result<Record<string, unknown>, string>>;
356
379
  }
@@ -359,6 +382,18 @@ declare class PolicyContextBuilder {
359
382
  interface DeriveAsOfOptions {
360
383
  readonly maxFutureYears?: number;
361
384
  }
385
+ /**
386
+ * Derives the `asOf` instant an evaluation is pinned to.
387
+ *
388
+ * With `asOfSource: "CALLER_PROVIDED"` the instant comes from the reserved
389
+ * `seed.fields.asOf` key (a `Date`); with `"NOW"` it is the evaluation clock.
390
+ *
391
+ * The bound is intentionally asymmetric: a caller-provided `asOf` may be at
392
+ * most `maxFutureYears` in the future (a fat-finger / clock-skew guard against
393
+ * selecting a not-yet-in-force policy), but is unbounded in the past — querying
394
+ * how a policy stood at any historical instant is a first-class use of a
395
+ * temporal engine, so back-dating is never capped.
396
+ */
362
397
  declare class PolicyAsOfResolver {
363
398
  private static resolveMaxFutureYears;
364
399
  static derive(source: AsOfSource, seed: ContextSeed, now: Date, options?: DeriveAsOfOptions): Result<Date, string>;
@@ -455,6 +490,21 @@ declare class PolicyEvaluationErrors {
455
490
  * `contextVersion` pins which context schema applies, and `seed` carries the
456
491
  * raw facts the context builder expands. `decisionId` is the caller's
457
492
  * idempotency/audit handle, echoed back on the result.
493
+ *
494
+ * `contextVersion` is a caller assertion, not a proof: it filters which
495
+ * definitions are compatible, but nothing checks that the context actually
496
+ * built matches the declared version — supplying the right number is the
497
+ * caller's contract.
498
+ *
499
+ * Two `seed.fields` keys are reserved and change what "now" means for this
500
+ * evaluation:
501
+ * - `now` (a `Date`) pins the evaluation clock — it feeds `evaluatedAt`, the
502
+ * `asOf` derivation, and therefore which effective-dated definitions are in
503
+ * force. Leave it unset to use wall-clock time.
504
+ * - `asOf` (a `Date`) is consumed when the policy's `asOfSource` is
505
+ * `CALLER_PROVIDED` (see {@link PolicyAsOfResolver}).
506
+ * Whoever assembles `fields` from untrusted input owns the consequence: a
507
+ * caller who can set these keys can shift which policy version is selected.
458
508
  */
459
509
  interface EvaluateInput {
460
510
  readonly decisionId: PolicyDecisionId;
@@ -464,14 +514,13 @@ interface EvaluateInput {
464
514
  readonly seed: ContextSeed;
465
515
  }
466
516
  /**
467
- * Cross-cutting knobs for a {@link PolicyService}: how the as-of instant is
468
- * derived ({@link asOf}) and where evaluation telemetry is sent
469
- * ({@link reporter}). Both are optional; the service defaults to a silent
470
- * reporter so telemetry is opt-in.
517
+ * Cross-cutting knobs for a {@link PolicyService}: today just how the as-of
518
+ * instant is derived ({@link asOf}). Telemetry is not configured here — it
519
+ * flows through the injected {@link CoreConfig}, the core's single
520
+ * observability seam, so a host wires reporting in one place.
471
521
  */
472
522
  interface PolicyServiceOptions {
473
523
  readonly asOf?: DeriveAsOfOptions;
474
- readonly reporter?: PolicyReporter;
475
524
  }
476
525
  /**
477
526
  * The collaborators a {@link PolicyService} is wired with. Each is an injected
@@ -486,6 +535,12 @@ interface PolicyServiceParams {
486
535
  readonly resolver: PolicyResolver;
487
536
  readonly gateEngines: GateEngineRegistry;
488
537
  readonly computeRegistry: ComputeRegistry;
538
+ /**
539
+ * The observability seam telemetry is emitted through. Defaults to the
540
+ * shared {@link coreConfig} singleton; inject an isolated instance for
541
+ * tests or multi-tenant hosts.
542
+ */
543
+ readonly coreConfig?: CoreConfig;
489
544
  readonly options?: PolicyServiceOptions;
490
545
  }
491
546
  /** Union of all possible policy decision Outcomes. */
@@ -494,8 +549,11 @@ type PolicyDecision = GateOutcome | ComputeOutcome;
494
549
  * The full record of one successful evaluation. Beyond the business
495
550
  * {@link decision}, it pins the exact definition that produced it — id, key,
496
551
  * version, payload hash, and engine version — together with the `asOf` instant
497
- * the policy was selected for and the wall-clock `evaluatedAt`. That provenance
498
- * is what makes a decision reproducible and auditable after the fact.
552
+ * the policy was selected for and `evaluatedAt`, the instant evaluation ran at.
553
+ * `evaluatedAt` is wall-clock time unless the caller pinned it via
554
+ * `seed.fields.now` (see {@link EvaluateInput}), in which case it echoes that.
555
+ * That provenance is what makes a decision reproducible and auditable after the
556
+ * fact.
499
557
  */
500
558
  interface PolicyEvaluationResult {
501
559
  readonly decisionId: PolicyDecisionId;
@@ -527,7 +585,7 @@ interface PolicyEvaluationResult {
527
585
  * evaluation — which keeps observability strictly side-band.
528
586
  */
529
587
  declare class PolicyService {
530
- #private;
588
+ private readonly coreConfig;
531
589
  private readonly catalog;
532
590
  private readonly contextBuilder;
533
591
  private readonly defRepo;
@@ -553,6 +611,11 @@ declare class PolicyService {
553
611
  * @returns A `Result` carrying the decision or the evaluation error.
554
612
  */
555
613
  evaluate(input: EvaluateInput): Promise<Result<PolicyEvaluationResult, PolicyEvaluationError>>;
614
+ private runEvaluation;
615
+ private resolveCatalogVariant;
616
+ private resolveCatalogFamily;
617
+ private findCandidates;
618
+ private executeEngine;
556
619
  }
557
620
  //#endregion
558
621
  export { PolicyScope as A, BasePolicyDefinitionProps as C, PolicyDefinition as D, GatePolicyDefinitionProps as E, PolicyKey as F, AsOfSource as I, PolicyKind as L, ScopeChain as M, PolicyCatalog as N, PolicyDefinitionProps as O, PolicyCatalogEntryProps as P, PolicyOwner as R, PolicyDefinitionRepository as S, FindCandidatesParams as T, ContextResolverResilienceOptions as _, PolicyServiceOptions as a, ContextSeed as b, PolicyEvaluationErrors as c, PolicyAsOfResolver as d, PolicyContextBuilder as f, ContextResolverCircuitBreakerOptions as g, registerNamespacedContextResolversIn as h, PolicyService as i, PolicyScopeMatcher as j, PolicyDefinitionStatus as k, PolicyResolver as l, ContextResolverRegistry as m, PolicyDecision as n, PolicyServiceParams as o, PolicyContextBuilderOptions as p, PolicyEvaluationResult as r, PolicyEvaluationError as s, EvaluateInput as t, DeriveAsOfOptions as u, ContextResolverRetryOptions as v, ComputePolicyDefinitionProps as w, ContextSeedValidator as x, ContextValueResolver as y, PolicyScopeLevel as z };
@@ -1,12 +1,13 @@
1
- import { n as sha256Hex, r as stableStringify } from "./hashing.js";
1
+ import { t as InvariantViolationException } from "./invariant-violation-exception.js";
2
+ import { r as isValidDate } from "./temporal-guards.js";
3
+ import { t as canonicalStringify } from "./stable-stringify.js";
4
+ import { n as sha256Hex } from "./hashing.js";
2
5
  import { t as UnexpectedError } from "./unexpected-error.js";
3
6
  import { t as ValidationCode } from "./validation-code.js";
4
7
  import { t as ValidationField } from "./validation-field.js";
5
- import { t as InvariantViolationException } from "./invariant-violation-exception.js";
6
8
  import { t as InvalidValueException } from "./validation-exception.js";
7
- import { r as isValidDate } from "./temporal-guards.js";
8
9
  import { r as Result } from "./result.js";
9
- import { a as SilentPolicyReporter, n as PolicyContextPath } from "./condition-evaluator.js";
10
+ import { n as PolicyContextPath, r as coreConfig } from "./condition-evaluator.js";
10
11
  //#region src/core/policies/context/context-builder.ts
11
12
  const DEFAULT_RESOLVER_RETRY_OPTIONS = {
12
13
  maxAttempts: 1,
@@ -153,6 +154,13 @@ var PolicyContextBuilder = class PolicyContextBuilder {
153
154
  /**
154
155
  * Resolves all required context paths and returns a flat context object.
155
156
  * If any required path cannot be resolved, returns an error.
157
+ *
158
+ * Resolution is deliberately sequential and fail-fast: paths resolve in
159
+ * order and the first failure returns immediately, so later resolvers never
160
+ * run once one path fails. This trades the latency-hiding of parallel
161
+ * resolution for skipping downstream (potentially expensive) lookups on a
162
+ * doomed evaluation. It is a tested contract, not an oversight — flip it to
163
+ * `Promise.all` only if you also accept that every resolver always runs.
156
164
  */
157
165
  async build(requirements, seed) {
158
166
  const context = {};
@@ -250,6 +258,8 @@ var ContextSeedValidator = class ContextSeedValidator {
250
258
  * Array item order is preserved on purpose; callers that treat arrays as sets
251
259
  * must normalize or sort them before hashing.
252
260
  *
261
+ * The strict canonical form is owned by `shared/stable-stringify`
262
+ * ({@link canonicalStringify}); this class just composes it with SHA-256.
253
263
  * Values that JSON.stringify would silently drop or coerce (undefined,
254
264
  * non-finite numbers, functions, symbols, bigint) are rejected up-front to
255
265
  * prevent semantically different payloads from collapsing to the same hash.
@@ -258,28 +268,8 @@ var PolicyHashing = class PolicyHashing {
258
268
  static sha256(input) {
259
269
  return sha256Hex(input);
260
270
  }
261
- static assertHashable(value, path, seen) {
262
- if (value === null) return;
263
- const type = typeof value;
264
- if (type === "undefined") throw new TypeError(`canonicalJson does not accept undefined values (at ${path})`);
265
- if (type === "number" && !Number.isFinite(value)) throw new TypeError(`canonicalJson does not accept non-finite numbers (at ${path}, value: ${String(value)})`);
266
- if (type === "bigint" || type === "function" || type === "symbol") throw new TypeError(`canonicalJson does not accept ${type} values (at ${path})`);
267
- if (type !== "object") return;
268
- if (value instanceof Date) {
269
- if (!isValidDate(value)) throw new TypeError(`canonicalJson does not accept Invalid Date (at ${path})`);
270
- return;
271
- }
272
- if (seen.has(value)) throw new TypeError(`canonicalJson does not accept circular references (at ${path})`);
273
- seen.add(value);
274
- if (Array.isArray(value)) value.forEach((item, index) => {
275
- PolicyHashing.assertHashable(item, `${path}[${index}]`, seen);
276
- });
277
- else for (const [key, nested] of Object.entries(value)) PolicyHashing.assertHashable(nested, `${path}.${key}`, seen);
278
- seen.delete(value);
279
- }
280
271
  static canonicalJson(value) {
281
- PolicyHashing.assertHashable(value, "$", /* @__PURE__ */ new WeakSet());
282
- return stableStringify(value);
272
+ return canonicalStringify(value);
283
273
  }
284
274
  static computePayloadHash(payload, policyKey, policyVersion) {
285
275
  const canonical = PolicyHashing.canonicalJson({
@@ -394,7 +384,7 @@ var PolicyCatalogEntry = class PolicyCatalogEntry {
394
384
  return this.tags.includes(tag);
395
385
  }
396
386
  equals(other) {
397
- return this.key.equals(other.key);
387
+ return this.toVariantKey() === other.toVariantKey();
398
388
  }
399
389
  toJSON() {
400
390
  return {
@@ -489,7 +479,7 @@ var PolicyCatalog = class {
489
479
  if (!family || family.length === 0) return Result.err(`Policy not found in catalog: "${params.key}"`);
490
480
  const exactMatch = family.find((entry) => entry.matchesVersion(params));
491
481
  if (exactMatch) return Result.ok(exactMatch);
492
- if (family.length === 1 && !family[0].hasExplicitVersionSelector()) return Result.ok(family[0]);
482
+ if (family.length === 1 && family[0].kind === params.kind && !family[0].hasExplicitVersionSelector()) return Result.ok(family[0]);
493
483
  const versionDetails = [
494
484
  params.kind,
495
485
  params.gateEngineVersion !== void 0 ? `gateEngineVersion=${params.gateEngineVersion}` : null,
@@ -581,7 +571,6 @@ var PolicyScopeMatcher = class PolicyScopeMatcher {
581
571
  //#region src/core/policies/defs/in-memory-policy-definition-repo.ts
582
572
  var InMemoryPolicyDefinitionRepository = class {
583
573
  constructor(definitions) {
584
- this.definitions = definitions;
585
574
  this.definitionsByPolicyKey = definitions.reduce((index, definition) => {
586
575
  const existingDefinitions = index.get(definition.policyKey) ?? [];
587
576
  existingDefinitions.push(definition);
@@ -725,6 +714,18 @@ var PolicyDefinition = class PolicyDefinition {
725
714
  //#endregion
726
715
  //#region src/core/policies/asof/asof.ts
727
716
  const DEFAULT_MAX_AS_OF_FUTURE_YEARS = 10;
717
+ /**
718
+ * Derives the `asOf` instant an evaluation is pinned to.
719
+ *
720
+ * With `asOfSource: "CALLER_PROVIDED"` the instant comes from the reserved
721
+ * `seed.fields.asOf` key (a `Date`); with `"NOW"` it is the evaluation clock.
722
+ *
723
+ * The bound is intentionally asymmetric: a caller-provided `asOf` may be at
724
+ * most `maxFutureYears` in the future (a fat-finger / clock-skew guard against
725
+ * selecting a not-yet-in-force policy), but is unbounded in the past — querying
726
+ * how a policy stood at any historical instant is a first-class use of a
727
+ * temporal engine, so back-dating is never capped.
728
+ */
728
729
  var PolicyAsOfResolver = class PolicyAsOfResolver {
729
730
  static resolveMaxFutureYears(options) {
730
731
  const maxFutureYears = options.maxFutureYears ?? DEFAULT_MAX_AS_OF_FUTURE_YEARS;
@@ -866,7 +867,6 @@ var PolicyEvaluationErrors = class {
866
867
  * evaluation — which keeps observability strictly side-band.
867
868
  */
868
869
  var PolicyService = class {
869
- #reporter;
870
870
  constructor(params) {
871
871
  this.catalog = params.catalog;
872
872
  this.contextBuilder = params.contextBuilder;
@@ -875,12 +875,7 @@ var PolicyService = class {
875
875
  this.gateEngines = params.gateEngines;
876
876
  this.computeRegistry = params.computeRegistry;
877
877
  this.options = params.options ?? {};
878
- this.#reporter = this.options.reporter ?? new SilentPolicyReporter();
879
- }
880
- #reportSafely(event) {
881
- try {
882
- this.#reporter.report(event);
883
- } catch {}
878
+ this.coreConfig = params.coreConfig ?? coreConfig;
884
879
  }
885
880
  resolveEvaluationNow(seed) {
886
881
  const candidate = seed.fields["now"];
@@ -904,10 +899,10 @@ var PolicyService = class {
904
899
  * @returns A `Result` carrying the decision or the evaluation error.
905
900
  */
906
901
  async evaluate(input) {
907
- const result = await this.#evaluate(input);
902
+ const result = await this.runEvaluation(input);
908
903
  if (result.isErr()) {
909
904
  const error = result.errorOrNull();
910
- this.#reportSafely({
905
+ this.coreConfig.reportSafely({
911
906
  kind: "policy-evaluation-failed",
912
907
  level: "error",
913
908
  policyKey: "policyKey" in error ? error.policyKey : void 0,
@@ -918,7 +913,7 @@ var PolicyService = class {
918
913
  });
919
914
  } else {
920
915
  const ok = result.getOrNull();
921
- this.#reportSafely({
916
+ this.coreConfig.reportSafely({
922
917
  kind: "policy-evaluation-completed",
923
918
  level: "info",
924
919
  policyKey: ok.ref.policyKey,
@@ -929,11 +924,11 @@ var PolicyService = class {
929
924
  }
930
925
  return result;
931
926
  }
932
- async #evaluate(input) {
927
+ async runEvaluation(input) {
933
928
  const seedResult = ContextSeedValidator.validate(input.seed);
934
929
  if (seedResult.isErr()) return Result.err(PolicyEvaluationErrors.invalidContext("SEED_VALIDATION", input.policyKey, seedResult.errorOrNull()));
935
930
  const seed = seedResult.getOrNull();
936
- const catalogFamilyResult = this.#resolveCatalogFamily(input.policyKey);
931
+ const catalogFamilyResult = this.resolveCatalogFamily(input.policyKey);
937
932
  if (catalogFamilyResult.isErr()) return Result.err(catalogFamilyResult.errorOrNull());
938
933
  const { key: policyKey, family } = catalogFamilyResult.getOrNull();
939
934
  const familyEntry = family[0];
@@ -943,10 +938,10 @@ var PolicyService = class {
943
938
  const asOfResult = PolicyAsOfResolver.derive(familyEntry.asOfSource, seed, now, this.options.asOf);
944
939
  if (asOfResult.isErr()) return Result.err(PolicyEvaluationErrors.invalidContext("AS_OF_DERIVATION", policyKey, asOfResult.errorOrNull()));
945
940
  const asOf = asOfResult.getOrNull();
946
- const definitionResult = this.#findCandidates(policyKey, familyEntry.kind, asOf, input);
941
+ const definitionResult = this.findCandidates(policyKey, familyEntry.kind, asOf, input);
947
942
  if (definitionResult.isErr()) return Result.err(definitionResult.errorOrNull());
948
943
  const { definition: policyDefinition, catalogEntry: versionedCatalogEntry } = definitionResult.getOrNull();
949
- this.#reportSafely({
944
+ this.coreConfig.reportSafely({
950
945
  kind: "policy-resolution",
951
946
  level: "info",
952
947
  policyKey,
@@ -959,7 +954,7 @@ var PolicyService = class {
959
954
  const ctxResult = await this.contextBuilder.build(versionedCatalogEntry.contextRequirements, seed);
960
955
  if (ctxResult.isErr()) return Result.err(PolicyEvaluationErrors.invalidContext("CONTEXT_BUILD", policyKey, ctxResult.errorOrNull()));
961
956
  const context = ctxResult.getOrNull();
962
- const decisionResult = this.#executeEngine(policyKey, policyDefinition, context);
957
+ const decisionResult = this.executeEngine(policyKey, policyDefinition, context);
963
958
  if (decisionResult.isErr()) return Result.err(decisionResult.errorOrNull());
964
959
  const decision = decisionResult.getOrNull();
965
960
  const result = {
@@ -979,7 +974,7 @@ var PolicyService = class {
979
974
  };
980
975
  return Result.ok(result);
981
976
  }
982
- #resolveCatalogVariant(definition) {
977
+ resolveCatalogVariant(definition) {
983
978
  return this.catalog.getVersioned({
984
979
  key: definition.policyKey,
985
980
  kind: definition.kind,
@@ -987,7 +982,7 @@ var PolicyService = class {
987
982
  payloadSchemaVersion: definition.payloadSchemaVersion
988
983
  });
989
984
  }
990
- #resolveCatalogFamily(rawKey) {
985
+ resolveCatalogFamily(rawKey) {
991
986
  const keyResult = PolicyKey.parse(rawKey);
992
987
  if (keyResult.isErr()) return Result.err(PolicyEvaluationErrors.invalidPolicyKey(rawKey, keyResult.errorOrNull()));
993
988
  const policyKey = keyResult.getOrNull().toString();
@@ -998,7 +993,7 @@ var PolicyService = class {
998
993
  family: catalogFamilyResult.getOrNull()
999
994
  });
1000
995
  }
1001
- #findCandidates(policyKey, policyKind, asOf, input) {
996
+ findCandidates(policyKey, policyKind, asOf, input) {
1002
997
  const candidates = this.defRepo.findCandidates({
1003
998
  policyKey,
1004
999
  kind: policyKind,
@@ -1010,7 +1005,7 @@ var PolicyService = class {
1010
1005
  const compatibleCandidatesByDefinitionId = /* @__PURE__ */ new Map();
1011
1006
  const incompatibleVariantErrorsByDefinitionId = /* @__PURE__ */ new Map();
1012
1007
  for (const candidate of candidates) {
1013
- const compatibilityResult = this.#resolveCatalogVariant(candidate);
1008
+ const compatibilityResult = this.resolveCatalogVariant(candidate);
1014
1009
  if (compatibilityResult.isErr()) {
1015
1010
  incompatibleVariantErrorsByDefinitionId.set(candidate.id, compatibilityResult.errorOrNull());
1016
1011
  continue;
@@ -1042,7 +1037,7 @@ var PolicyService = class {
1042
1037
  if (resolvedCandidate === void 0) return Result.err(PolicyEvaluationErrors.policyDefinitionNotFound(policyKey, asOf, input.contextVersion, `Resolved definition "${bestDefinition.id}" is not present among compatible catalog variants`));
1043
1038
  return Result.ok(resolvedCandidate);
1044
1039
  }
1045
- #executeEngine(policyKey, definition, context) {
1040
+ executeEngine(policyKey, definition, context) {
1046
1041
  if (definition.isGate()) {
1047
1042
  const gateResult = this.gateEngines.evaluate(definition.gateEngineVersion, definition.payloadJson, context);
1048
1043
  if (gateResult.isErr()) return Result.err(PolicyEvaluationErrors.engineFailure(policyKey, "GATE", definition.gateEngineVersion, gateResult.errorOrNull()));