@cullet/erp-core 1.5.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/KIT_CONTEXT.md +2 -2
- package/dist/abac/index.d.cts +2 -2
- package/dist/abac/index.d.ts +2 -2
- package/dist/aggregate-version.cjs +14 -0
- package/dist/aggregate-version.cjs.map +1 -0
- package/dist/aggregate-version.js +9 -0
- package/dist/aggregate-version.js.map +1 -0
- package/dist/app-error.cjs +8 -1
- package/dist/app-error.cjs.map +1 -1
- package/dist/app-error.js +8 -1
- package/dist/app-error.js.map +1 -1
- package/dist/application/index.cjs +8 -4
- package/dist/application/index.d.cts +2 -2
- package/dist/application/index.d.ts +2 -2
- package/dist/application/index.js +1 -2
- package/dist/authorization-error.cjs +67 -17
- package/dist/authorization-error.cjs.map +1 -1
- package/dist/authorization-error.d.cts +6 -2
- package/dist/authorization-error.d.ts +6 -2
- package/dist/authorization-error.js +50 -18
- package/dist/authorization-error.js.map +1 -1
- package/dist/authorizer.port.d.cts +18 -3
- package/dist/authorizer.port.d.ts +18 -3
- package/dist/composite-authorizer.d.cts +63 -10
- package/dist/composite-authorizer.d.ts +63 -10
- package/dist/condition-evaluator.cjs +115 -184
- package/dist/condition-evaluator.cjs.map +1 -1
- package/dist/condition-evaluator.js +116 -179
- package/dist/condition-evaluator.js.map +1 -1
- package/dist/core-config.d.cts +53 -6
- package/dist/core-config.d.ts +53 -6
- package/dist/decorate.cjs +14 -0
- package/dist/decorate.js +9 -0
- package/dist/domain/index.cjs +107 -2
- package/dist/domain/index.cjs.map +1 -0
- package/dist/domain/index.d.cts +25 -1
- package/dist/domain/index.d.ts +25 -1
- package/dist/domain/index.js +99 -3
- package/dist/domain/index.js.map +1 -0
- package/dist/domain-event-contracts.cjs +12 -8
- package/dist/domain-event-contracts.cjs.map +1 -1
- package/dist/domain-event-contracts.d.cts +29 -4
- package/dist/domain-event-contracts.d.ts +29 -4
- package/dist/domain-event-contracts.js +11 -7
- package/dist/domain-event-contracts.js.map +1 -1
- package/dist/domain-exception.cjs +2 -1
- package/dist/domain-exception.cjs.map +1 -1
- package/dist/domain-exception.js +2 -1
- package/dist/domain-exception.js.map +1 -1
- package/dist/errors/index.cjs +1 -1
- package/dist/errors/index.d.cts +1 -1
- package/dist/errors/index.d.ts +1 -1
- package/dist/errors/index.js +2 -2
- package/dist/exceptions/index.cjs +2 -2
- package/dist/exceptions/index.d.cts +1 -2
- package/dist/exceptions/index.d.ts +1 -2
- package/dist/exceptions/index.js +2 -2
- package/dist/gate-engine-registry.cjs.map +1 -1
- package/dist/gate-engine-registry.d.cts +1 -1
- package/dist/gate-engine-registry.d.ts +1 -1
- package/dist/gate-engine-registry.js.map +1 -1
- package/dist/gate-v1-payload.schema.cjs +11 -6
- package/dist/gate-v1-payload.schema.cjs.map +1 -1
- package/dist/gate-v1-payload.schema.js +11 -6
- package/dist/gate-v1-payload.schema.js.map +1 -1
- package/dist/hashing.cjs +1 -1
- package/dist/hashing.cjs.map +1 -1
- package/dist/hashing.js +2 -2
- package/dist/hashing.js.map +1 -1
- package/dist/immutable.cjs +25 -12
- package/dist/immutable.cjs.map +1 -1
- package/dist/immutable.js +24 -11
- package/dist/immutable.js.map +1 -1
- package/dist/index.cjs +13 -10
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +9 -10
- package/dist/index.d.ts +9 -10
- package/dist/index.js +7 -9
- package/dist/index.js.map +1 -1
- package/dist/invalid-state-transition-exception.cjs +6 -6
- package/dist/invalid-state-transition-exception.cjs.map +1 -1
- package/dist/invalid-state-transition-exception.js +6 -6
- package/dist/invalid-state-transition-exception.js.map +1 -1
- package/dist/invariant-violation-exception.cjs +2 -2
- package/dist/invariant-violation-exception.cjs.map +1 -1
- package/dist/invariant-violation-exception.js +2 -2
- package/dist/invariant-violation-exception.js.map +1 -1
- package/dist/not-found-error.cjs +6 -4
- package/dist/not-found-error.cjs.map +1 -1
- package/dist/not-found-error.js +6 -4
- package/dist/not-found-error.js.map +1 -1
- package/dist/outcome.cjs +5 -5
- package/dist/outcome.cjs.map +1 -1
- package/dist/outcome.js +5 -5
- package/dist/outcome.js.map +1 -1
- package/dist/parse-gate-payload.d.cts +1 -1
- package/dist/parse-gate-payload.d.ts +1 -1
- package/dist/path.d.cts +2 -2
- package/dist/path.d.ts +2 -2
- package/dist/plugin.cjs +23 -13
- package/dist/plugin.cjs.map +1 -1
- package/dist/plugin.d.cts +22 -8
- package/dist/plugin.d.ts +22 -8
- package/dist/plugin.js +23 -13
- package/dist/plugin.js.map +1 -1
- package/dist/policies/engines/index.d.cts +1 -1
- package/dist/policies/engines/index.d.ts +1 -1
- package/dist/policies/engines/v1/gate/index.d.cts +3 -15
- package/dist/policies/engines/v1/gate/index.d.ts +3 -15
- package/dist/policies/index.d.cts +1 -1
- package/dist/policies/index.d.ts +1 -1
- package/dist/policy-bridge.cjs +30 -2
- package/dist/policy-bridge.cjs.map +1 -1
- package/dist/policy-bridge.d.cts +18 -0
- package/dist/policy-bridge.d.ts +18 -0
- package/dist/policy-bridge.js +30 -2
- package/dist/policy-bridge.js.map +1 -1
- package/dist/policy-service.cjs +40 -46
- package/dist/policy-service.cjs.map +1 -1
- package/dist/policy-service.d.cts +72 -9
- package/dist/policy-service.d.ts +72 -9
- package/dist/policy-service.js +42 -48
- package/dist/policy-service.js.map +1 -1
- package/dist/requested-by.cjs +1 -1
- package/dist/requested-by.cjs.map +1 -1
- package/dist/requested-by.js +1 -1
- package/dist/requested-by.js.map +1 -1
- package/dist/result.cjs +29 -1
- package/dist/result.cjs.map +1 -1
- package/dist/result.d.cts +12 -0
- package/dist/result.d.ts +12 -0
- package/dist/result.js +29 -1
- package/dist/result.js.map +1 -1
- package/dist/rule.cjs +94 -24
- package/dist/rule.cjs.map +1 -1
- package/dist/rule.js +94 -24
- package/dist/rule.js.map +1 -1
- package/dist/ruleset-registry.cjs +19 -0
- package/dist/ruleset-registry.cjs.map +1 -1
- package/dist/ruleset-registry.js +19 -0
- package/dist/ruleset-registry.js.map +1 -1
- package/dist/stable-stringify.cjs +43 -3
- package/dist/stable-stringify.cjs.map +1 -1
- package/dist/stable-stringify.js +38 -4
- package/dist/stable-stringify.js.map +1 -1
- package/dist/temporal-snapshot.d.cts +87 -0
- package/dist/temporal-snapshot.d.ts +87 -0
- package/dist/temporal-use-case.cjs +169 -16
- package/dist/temporal-use-case.cjs.map +1 -1
- package/dist/temporal-use-case.d.cts +76 -43
- package/dist/temporal-use-case.d.ts +76 -43
- package/dist/temporal-use-case.js +162 -15
- package/dist/temporal-use-case.js.map +1 -1
- package/dist/unexpected-error.cjs +4 -2
- package/dist/unexpected-error.cjs.map +1 -1
- package/dist/unexpected-error.js +4 -2
- package/dist/unexpected-error.js.map +1 -1
- package/dist/uuid-identifier.cjs +140 -2
- package/dist/uuid-identifier.cjs.map +1 -1
- package/dist/uuid-identifier.d.cts +26 -7
- package/dist/uuid-identifier.d.ts +26 -7
- package/dist/uuid-identifier.js +135 -3
- package/dist/uuid-identifier.js.map +1 -1
- package/dist/uuid.cjs +11 -6
- package/dist/uuid.cjs.map +1 -1
- package/dist/uuid.js +11 -6
- package/dist/uuid.js.map +1 -1
- package/dist/validation-code.cjs +9 -0
- package/dist/validation-code.cjs.map +1 -1
- package/dist/validation-code.d.cts +3 -0
- package/dist/validation-code.d.ts +3 -0
- package/dist/validation-code.js +9 -0
- package/dist/validation-code.js.map +1 -1
- package/dist/validation-error.cjs +42 -67
- package/dist/validation-error.cjs.map +1 -1
- package/dist/validation-error.d.cts +24 -8
- package/dist/validation-error.d.ts +24 -8
- package/dist/validation-error.js +41 -66
- package/dist/validation-error.js.map +1 -1
- package/dist/validation-exception.cjs +17 -6
- package/dist/validation-exception.cjs.map +1 -1
- package/dist/validation-exception.d.cts +33 -9
- package/dist/validation-exception.d.ts +33 -9
- package/dist/validation-exception.js +17 -6
- package/dist/validation-exception.js.map +1 -1
- package/dist/validation-field.cjs +3 -0
- package/dist/validation-field.cjs.map +1 -1
- package/dist/validation-field.d.cts +1 -0
- package/dist/validation-field.d.ts +1 -0
- package/dist/validation-field.js +3 -0
- package/dist/validation-field.js.map +1 -1
- package/dist/value-object-ruleset.contracts.d.cts +10 -0
- package/dist/value-object-ruleset.contracts.d.ts +10 -0
- package/dist/value-object.cjs +12 -2
- package/dist/value-object.cjs.map +1 -1
- package/dist/value-object.d.cts +16 -0
- package/dist/value-object.d.ts +16 -0
- package/dist/value-object.js +13 -3
- package/dist/value-object.js.map +1 -1
- package/dist/version.d.cts +27 -0
- package/dist/version.d.ts +27 -0
- package/dist/versioning/index.d.cts +2 -2
- package/dist/versioning/index.d.ts +2 -2
- package/meta.json +3 -2
- package/package.json +1 -1
- package/src/core/abac/authorizer.ts +60 -10
- package/src/core/abac/domain/policy-set.ts +52 -5
- package/src/core/abac/domain/rule.ts +28 -16
- package/src/core/abac/index.ts +7 -1
- package/src/core/application/commands/command.ts +14 -1
- package/src/core/application/commands/requested-by.ts +12 -3
- package/src/core/application/index.ts +2 -1
- package/src/core/application/policy-error-mapper.ts +6 -0
- package/src/core/application/ports/index.ts +7 -0
- package/src/core/application/ports/temporal-repository.port.ts +35 -2
- package/src/core/application/queries/index.ts +1 -1
- package/src/core/application/queries/query.ts +19 -2
- package/src/core/application/temporal/temporal-use-case.ts +31 -4
- package/src/core/application/use-case.ts +44 -7
- package/src/core/config/core-config.ts +46 -25
- package/src/core/config/index.ts +1 -0
- package/src/core/config/policy-reporter.ts +32 -1
- package/src/core/domain/entity.ts +50 -7
- package/src/core/domain/rulesets/entity-ruleset.contracts.ts +0 -2
- package/src/core/domain/rulesets/ruleset-registry.ts +24 -0
- package/src/core/domain/rulesets/value-object-ruleset.contracts.ts +1 -7
- package/src/core/domain/temporal/half-open-interval.ts +34 -0
- package/src/core/domain/temporal/temporal-snapshot.ts +13 -2
- package/src/core/domain/temporal/transaction-time.ts +19 -15
- package/src/core/domain/temporal/valid-time.ts +20 -15
- package/src/core/domain/uuid-identifier.ts +5 -3
- package/src/core/domain/value-object.ts +17 -0
- package/src/core/errors/authentication-error.ts +5 -31
- package/src/core/errors/authorization-error.ts +12 -20
- package/src/core/errors/business-rule-violation-error.ts +4 -1
- package/src/core/errors/idempotency-error.ts +5 -2
- package/src/core/errors/index.ts +4 -0
- package/src/core/errors/integration-error.ts +4 -24
- package/src/core/errors/legacy-incompatible-error.ts +1 -0
- package/src/core/errors/not-found-error.ts +4 -1
- package/src/core/errors/temporal-error.ts +22 -20
- package/src/core/errors/unexpected-error.ts +5 -1
- package/src/core/errors/utils/factory-helpers.ts +70 -0
- package/src/core/errors/utils/index.ts +5 -0
- package/src/core/errors/utils/json-safe.ts +15 -1
- package/src/core/errors/validation-error.ts +4 -1
- package/src/core/exceptions/business-rule-violation-exception.ts +2 -1
- package/src/core/exceptions/domain-exception.ts +9 -1
- package/src/core/exceptions/entity-not-found-exception.ts +5 -1
- package/src/core/exceptions/invalid-state-transition-exception.ts +5 -2
- package/src/core/exceptions/invariant-violation-exception.ts +2 -2
- package/src/core/exceptions/validation-code.ts +14 -0
- package/src/core/exceptions/validation-exception.ts +44 -5
- package/src/core/exceptions/validation-field.ts +11 -1
- package/src/core/plugins/plugin.ts +25 -15
- package/src/core/plugins/types.ts +4 -2
- package/src/core/policies/asof/asof.ts +12 -0
- package/src/core/policies/catalog/policy-catalog-entry.ts +3 -1
- package/src/core/policies/catalog/policy-catalog.ts +5 -1
- package/src/core/policies/context/context-builder.ts +20 -0
- package/src/core/policies/context/context-resolver.ts +5 -0
- package/src/core/policies/context/context-seed.ts +11 -0
- package/src/core/policies/defs/in-memory-policy-definition-repo.ts +0 -2
- package/src/core/policies/engines/parse-gate-payload.ts +9 -0
- package/src/core/policies/engines/v1/condition-date-operands.ts +112 -0
- package/src/core/policies/engines/v1/condition-evaluator.ts +99 -325
- package/src/core/policies/engines/v1/condition-schema.ts +23 -19
- package/src/core/policies/engines/v1/condition-types.ts +18 -11
- package/src/core/policies/index.ts +4 -6
- package/src/core/policies/service/policy-service.ts +46 -35
- package/src/core/policies/utils/hash.ts +5 -69
- package/src/core/policies/utils/result.ts +1 -1
- package/src/core/rbac/access-request.ts +12 -2
- package/src/core/rbac/authorizer.ts +8 -1
- package/src/core/rbac/domain/role.ts +20 -0
- package/src/core/rbac/domain/scope.ts +6 -1
- package/src/core/result/index.ts +5 -0
- package/src/core/result/outcome.ts +5 -7
- package/src/core/result/result.ts +34 -1
- package/src/core/shared/hashing.ts +6 -3
- package/src/core/shared/immutable.ts +22 -4
- package/src/core/shared/stable-stringify.ts +91 -4
- package/src/core/shared/uuid.ts +11 -6
- package/src/core/versioning/domain-event-contracts.ts +43 -15
- package/src/core/versioning/index.ts +1 -0
- package/src/core/versioning/version.ts +30 -1
- package/src/domain/index.ts +5 -0
- package/src/examples/rulesets/entity/order-creation-rules-v1.ts +1 -1
- package/src/examples/rulesets/entity/order-invariants-v1.ts +2 -4
- package/src/examples/rulesets/entity/order-invariants-v2.ts +2 -4
- package/src/examples/rulesets/value-object/cpf-rules-v1.ts +2 -4
- package/src/examples/rulesets/value-object/cpf-rules-v2.ts +2 -4
- package/src/examples/rulesets/value-object/person-name-rules-v1.ts +2 -4
- package/src/examples/rulesets/value-object/person-name-rules-v2.ts +2 -4
- package/src/result/index.ts +7 -2
- package/src/version.ts +1 -1
- package/dist/domain-exception.d.cts +0 -7
- package/dist/domain-exception.d.ts +0 -7
- package/dist/entity.cjs +0 -122
- package/dist/entity.cjs.map +0 -1
- package/dist/entity.js +0 -111
- package/dist/entity.js.map +0 -1
- package/dist/use-case.cjs +0 -92
- package/dist/use-case.cjs.map +0 -1
- package/dist/use-case.js +0 -87
- package/dist/use-case.js.map +0 -1
package/dist/policy-service.cjs
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
|
+
const require_invariant_violation_exception = require("./invariant-violation-exception.cjs");
|
|
2
|
+
const require_temporal_guards = require("./temporal-guards.cjs");
|
|
1
3
|
const require_stable_stringify = require("./stable-stringify.cjs");
|
|
2
4
|
const require_hashing = require("./hashing.cjs");
|
|
3
5
|
const require_unexpected_error = require("./unexpected-error.cjs");
|
|
4
6
|
const require_validation_code = require("./validation-code.cjs");
|
|
5
7
|
const require_validation_field = require("./validation-field.cjs");
|
|
6
|
-
const require_invariant_violation_exception = require("./invariant-violation-exception.cjs");
|
|
7
8
|
const require_validation_exception = require("./validation-exception.cjs");
|
|
8
|
-
const require_temporal_guards = require("./temporal-guards.cjs");
|
|
9
9
|
const require_result = require("./result.cjs");
|
|
10
10
|
const require_condition_evaluator = require("./condition-evaluator.cjs");
|
|
11
11
|
//#region src/core/policies/context/context-builder.ts
|
|
@@ -154,6 +154,13 @@ var PolicyContextBuilder = class PolicyContextBuilder {
|
|
|
154
154
|
/**
|
|
155
155
|
* Resolves all required context paths and returns a flat context object.
|
|
156
156
|
* If any required path cannot be resolved, returns an error.
|
|
157
|
+
*
|
|
158
|
+
* Resolution is deliberately sequential and fail-fast: paths resolve in
|
|
159
|
+
* order and the first failure returns immediately, so later resolvers never
|
|
160
|
+
* run once one path fails. This trades the latency-hiding of parallel
|
|
161
|
+
* resolution for skipping downstream (potentially expensive) lookups on a
|
|
162
|
+
* doomed evaluation. It is a tested contract, not an oversight — flip it to
|
|
163
|
+
* `Promise.all` only if you also accept that every resolver always runs.
|
|
157
164
|
*/
|
|
158
165
|
async build(requirements, seed) {
|
|
159
166
|
const context = {};
|
|
@@ -251,6 +258,8 @@ var ContextSeedValidator = class ContextSeedValidator {
|
|
|
251
258
|
* Array item order is preserved on purpose; callers that treat arrays as sets
|
|
252
259
|
* must normalize or sort them before hashing.
|
|
253
260
|
*
|
|
261
|
+
* The strict canonical form is owned by `shared/stable-stringify`
|
|
262
|
+
* ({@link canonicalStringify}); this class just composes it with SHA-256.
|
|
254
263
|
* Values that JSON.stringify would silently drop or coerce (undefined,
|
|
255
264
|
* non-finite numbers, functions, symbols, bigint) are rejected up-front to
|
|
256
265
|
* prevent semantically different payloads from collapsing to the same hash.
|
|
@@ -259,28 +268,8 @@ var PolicyHashing = class PolicyHashing {
|
|
|
259
268
|
static sha256(input) {
|
|
260
269
|
return require_hashing.sha256Hex(input);
|
|
261
270
|
}
|
|
262
|
-
static assertHashable(value, path, seen) {
|
|
263
|
-
if (value === null) return;
|
|
264
|
-
const type = typeof value;
|
|
265
|
-
if (type === "undefined") throw new TypeError(`canonicalJson does not accept undefined values (at ${path})`);
|
|
266
|
-
if (type === "number" && !Number.isFinite(value)) throw new TypeError(`canonicalJson does not accept non-finite numbers (at ${path}, value: ${String(value)})`);
|
|
267
|
-
if (type === "bigint" || type === "function" || type === "symbol") throw new TypeError(`canonicalJson does not accept ${type} values (at ${path})`);
|
|
268
|
-
if (type !== "object") return;
|
|
269
|
-
if (value instanceof Date) {
|
|
270
|
-
if (!require_temporal_guards.isValidDate(value)) throw new TypeError(`canonicalJson does not accept Invalid Date (at ${path})`);
|
|
271
|
-
return;
|
|
272
|
-
}
|
|
273
|
-
if (seen.has(value)) throw new TypeError(`canonicalJson does not accept circular references (at ${path})`);
|
|
274
|
-
seen.add(value);
|
|
275
|
-
if (Array.isArray(value)) value.forEach((item, index) => {
|
|
276
|
-
PolicyHashing.assertHashable(item, `${path}[${index}]`, seen);
|
|
277
|
-
});
|
|
278
|
-
else for (const [key, nested] of Object.entries(value)) PolicyHashing.assertHashable(nested, `${path}.${key}`, seen);
|
|
279
|
-
seen.delete(value);
|
|
280
|
-
}
|
|
281
271
|
static canonicalJson(value) {
|
|
282
|
-
|
|
283
|
-
return require_stable_stringify.stableStringify(value);
|
|
272
|
+
return require_stable_stringify.canonicalStringify(value);
|
|
284
273
|
}
|
|
285
274
|
static computePayloadHash(payload, policyKey, policyVersion) {
|
|
286
275
|
const canonical = PolicyHashing.canonicalJson({
|
|
@@ -395,7 +384,7 @@ var PolicyCatalogEntry = class PolicyCatalogEntry {
|
|
|
395
384
|
return this.tags.includes(tag);
|
|
396
385
|
}
|
|
397
386
|
equals(other) {
|
|
398
|
-
return this.
|
|
387
|
+
return this.toVariantKey() === other.toVariantKey();
|
|
399
388
|
}
|
|
400
389
|
toJSON() {
|
|
401
390
|
return {
|
|
@@ -490,7 +479,7 @@ var PolicyCatalog = class {
|
|
|
490
479
|
if (!family || family.length === 0) return require_result.Result.err(`Policy not found in catalog: "${params.key}"`);
|
|
491
480
|
const exactMatch = family.find((entry) => entry.matchesVersion(params));
|
|
492
481
|
if (exactMatch) return require_result.Result.ok(exactMatch);
|
|
493
|
-
if (family.length === 1 && !family[0].hasExplicitVersionSelector()) return require_result.Result.ok(family[0]);
|
|
482
|
+
if (family.length === 1 && family[0].kind === params.kind && !family[0].hasExplicitVersionSelector()) return require_result.Result.ok(family[0]);
|
|
494
483
|
const versionDetails = [
|
|
495
484
|
params.kind,
|
|
496
485
|
params.gateEngineVersion !== void 0 ? `gateEngineVersion=${params.gateEngineVersion}` : null,
|
|
@@ -582,7 +571,6 @@ var PolicyScopeMatcher = class PolicyScopeMatcher {
|
|
|
582
571
|
//#region src/core/policies/defs/in-memory-policy-definition-repo.ts
|
|
583
572
|
var InMemoryPolicyDefinitionRepository = class {
|
|
584
573
|
constructor(definitions) {
|
|
585
|
-
this.definitions = definitions;
|
|
586
574
|
this.definitionsByPolicyKey = definitions.reduce((index, definition) => {
|
|
587
575
|
const existingDefinitions = index.get(definition.policyKey) ?? [];
|
|
588
576
|
existingDefinitions.push(definition);
|
|
@@ -726,6 +714,18 @@ var PolicyDefinition = class PolicyDefinition {
|
|
|
726
714
|
//#endregion
|
|
727
715
|
//#region src/core/policies/asof/asof.ts
|
|
728
716
|
const DEFAULT_MAX_AS_OF_FUTURE_YEARS = 10;
|
|
717
|
+
/**
|
|
718
|
+
* Derives the `asOf` instant an evaluation is pinned to.
|
|
719
|
+
*
|
|
720
|
+
* With `asOfSource: "CALLER_PROVIDED"` the instant comes from the reserved
|
|
721
|
+
* `seed.fields.asOf` key (a `Date`); with `"NOW"` it is the evaluation clock.
|
|
722
|
+
*
|
|
723
|
+
* The bound is intentionally asymmetric: a caller-provided `asOf` may be at
|
|
724
|
+
* most `maxFutureYears` in the future (a fat-finger / clock-skew guard against
|
|
725
|
+
* selecting a not-yet-in-force policy), but is unbounded in the past — querying
|
|
726
|
+
* how a policy stood at any historical instant is a first-class use of a
|
|
727
|
+
* temporal engine, so back-dating is never capped.
|
|
728
|
+
*/
|
|
729
729
|
var PolicyAsOfResolver = class PolicyAsOfResolver {
|
|
730
730
|
static resolveMaxFutureYears(options) {
|
|
731
731
|
const maxFutureYears = options.maxFutureYears ?? DEFAULT_MAX_AS_OF_FUTURE_YEARS;
|
|
@@ -867,7 +867,6 @@ var PolicyEvaluationErrors = class {
|
|
|
867
867
|
* evaluation — which keeps observability strictly side-band.
|
|
868
868
|
*/
|
|
869
869
|
var PolicyService = class {
|
|
870
|
-
#reporter;
|
|
871
870
|
constructor(params) {
|
|
872
871
|
this.catalog = params.catalog;
|
|
873
872
|
this.contextBuilder = params.contextBuilder;
|
|
@@ -876,12 +875,7 @@ var PolicyService = class {
|
|
|
876
875
|
this.gateEngines = params.gateEngines;
|
|
877
876
|
this.computeRegistry = params.computeRegistry;
|
|
878
877
|
this.options = params.options ?? {};
|
|
879
|
-
this
|
|
880
|
-
}
|
|
881
|
-
#reportSafely(event) {
|
|
882
|
-
try {
|
|
883
|
-
this.#reporter.report(event);
|
|
884
|
-
} catch {}
|
|
878
|
+
this.coreConfig = params.coreConfig ?? require_condition_evaluator.coreConfig;
|
|
885
879
|
}
|
|
886
880
|
resolveEvaluationNow(seed) {
|
|
887
881
|
const candidate = seed.fields["now"];
|
|
@@ -905,10 +899,10 @@ var PolicyService = class {
|
|
|
905
899
|
* @returns A `Result` carrying the decision or the evaluation error.
|
|
906
900
|
*/
|
|
907
901
|
async evaluate(input) {
|
|
908
|
-
const result = await this
|
|
902
|
+
const result = await this.runEvaluation(input);
|
|
909
903
|
if (result.isErr()) {
|
|
910
904
|
const error = result.errorOrNull();
|
|
911
|
-
this
|
|
905
|
+
this.coreConfig.reportSafely({
|
|
912
906
|
kind: "policy-evaluation-failed",
|
|
913
907
|
level: "error",
|
|
914
908
|
policyKey: "policyKey" in error ? error.policyKey : void 0,
|
|
@@ -919,7 +913,7 @@ var PolicyService = class {
|
|
|
919
913
|
});
|
|
920
914
|
} else {
|
|
921
915
|
const ok = result.getOrNull();
|
|
922
|
-
this
|
|
916
|
+
this.coreConfig.reportSafely({
|
|
923
917
|
kind: "policy-evaluation-completed",
|
|
924
918
|
level: "info",
|
|
925
919
|
policyKey: ok.ref.policyKey,
|
|
@@ -930,11 +924,11 @@ var PolicyService = class {
|
|
|
930
924
|
}
|
|
931
925
|
return result;
|
|
932
926
|
}
|
|
933
|
-
async
|
|
927
|
+
async runEvaluation(input) {
|
|
934
928
|
const seedResult = ContextSeedValidator.validate(input.seed);
|
|
935
929
|
if (seedResult.isErr()) return require_result.Result.err(PolicyEvaluationErrors.invalidContext("SEED_VALIDATION", input.policyKey, seedResult.errorOrNull()));
|
|
936
930
|
const seed = seedResult.getOrNull();
|
|
937
|
-
const catalogFamilyResult = this
|
|
931
|
+
const catalogFamilyResult = this.resolveCatalogFamily(input.policyKey);
|
|
938
932
|
if (catalogFamilyResult.isErr()) return require_result.Result.err(catalogFamilyResult.errorOrNull());
|
|
939
933
|
const { key: policyKey, family } = catalogFamilyResult.getOrNull();
|
|
940
934
|
const familyEntry = family[0];
|
|
@@ -944,10 +938,10 @@ var PolicyService = class {
|
|
|
944
938
|
const asOfResult = PolicyAsOfResolver.derive(familyEntry.asOfSource, seed, now, this.options.asOf);
|
|
945
939
|
if (asOfResult.isErr()) return require_result.Result.err(PolicyEvaluationErrors.invalidContext("AS_OF_DERIVATION", policyKey, asOfResult.errorOrNull()));
|
|
946
940
|
const asOf = asOfResult.getOrNull();
|
|
947
|
-
const definitionResult = this
|
|
941
|
+
const definitionResult = this.findCandidates(policyKey, familyEntry.kind, asOf, input);
|
|
948
942
|
if (definitionResult.isErr()) return require_result.Result.err(definitionResult.errorOrNull());
|
|
949
943
|
const { definition: policyDefinition, catalogEntry: versionedCatalogEntry } = definitionResult.getOrNull();
|
|
950
|
-
this
|
|
944
|
+
this.coreConfig.reportSafely({
|
|
951
945
|
kind: "policy-resolution",
|
|
952
946
|
level: "info",
|
|
953
947
|
policyKey,
|
|
@@ -960,7 +954,7 @@ var PolicyService = class {
|
|
|
960
954
|
const ctxResult = await this.contextBuilder.build(versionedCatalogEntry.contextRequirements, seed);
|
|
961
955
|
if (ctxResult.isErr()) return require_result.Result.err(PolicyEvaluationErrors.invalidContext("CONTEXT_BUILD", policyKey, ctxResult.errorOrNull()));
|
|
962
956
|
const context = ctxResult.getOrNull();
|
|
963
|
-
const decisionResult = this
|
|
957
|
+
const decisionResult = this.executeEngine(policyKey, policyDefinition, context);
|
|
964
958
|
if (decisionResult.isErr()) return require_result.Result.err(decisionResult.errorOrNull());
|
|
965
959
|
const decision = decisionResult.getOrNull();
|
|
966
960
|
const result = {
|
|
@@ -980,7 +974,7 @@ var PolicyService = class {
|
|
|
980
974
|
};
|
|
981
975
|
return require_result.Result.ok(result);
|
|
982
976
|
}
|
|
983
|
-
|
|
977
|
+
resolveCatalogVariant(definition) {
|
|
984
978
|
return this.catalog.getVersioned({
|
|
985
979
|
key: definition.policyKey,
|
|
986
980
|
kind: definition.kind,
|
|
@@ -988,7 +982,7 @@ var PolicyService = class {
|
|
|
988
982
|
payloadSchemaVersion: definition.payloadSchemaVersion
|
|
989
983
|
});
|
|
990
984
|
}
|
|
991
|
-
|
|
985
|
+
resolveCatalogFamily(rawKey) {
|
|
992
986
|
const keyResult = PolicyKey.parse(rawKey);
|
|
993
987
|
if (keyResult.isErr()) return require_result.Result.err(PolicyEvaluationErrors.invalidPolicyKey(rawKey, keyResult.errorOrNull()));
|
|
994
988
|
const policyKey = keyResult.getOrNull().toString();
|
|
@@ -999,7 +993,7 @@ var PolicyService = class {
|
|
|
999
993
|
family: catalogFamilyResult.getOrNull()
|
|
1000
994
|
});
|
|
1001
995
|
}
|
|
1002
|
-
|
|
996
|
+
findCandidates(policyKey, policyKind, asOf, input) {
|
|
1003
997
|
const candidates = this.defRepo.findCandidates({
|
|
1004
998
|
policyKey,
|
|
1005
999
|
kind: policyKind,
|
|
@@ -1011,7 +1005,7 @@ var PolicyService = class {
|
|
|
1011
1005
|
const compatibleCandidatesByDefinitionId = /* @__PURE__ */ new Map();
|
|
1012
1006
|
const incompatibleVariantErrorsByDefinitionId = /* @__PURE__ */ new Map();
|
|
1013
1007
|
for (const candidate of candidates) {
|
|
1014
|
-
const compatibilityResult = this
|
|
1008
|
+
const compatibilityResult = this.resolveCatalogVariant(candidate);
|
|
1015
1009
|
if (compatibilityResult.isErr()) {
|
|
1016
1010
|
incompatibleVariantErrorsByDefinitionId.set(candidate.id, compatibilityResult.errorOrNull());
|
|
1017
1011
|
continue;
|
|
@@ -1043,7 +1037,7 @@ var PolicyService = class {
|
|
|
1043
1037
|
if (resolvedCandidate === void 0) return require_result.Result.err(PolicyEvaluationErrors.policyDefinitionNotFound(policyKey, asOf, input.contextVersion, `Resolved definition "${bestDefinition.id}" is not present among compatible catalog variants`));
|
|
1044
1038
|
return require_result.Result.ok(resolvedCandidate);
|
|
1045
1039
|
}
|
|
1046
|
-
|
|
1040
|
+
executeEngine(policyKey, definition, context) {
|
|
1047
1041
|
if (definition.isGate()) {
|
|
1048
1042
|
const gateResult = this.gateEngines.evaluate(definition.gateEngineVersion, definition.payloadJson, context);
|
|
1049
1043
|
if (gateResult.isErr()) return require_result.Result.err(PolicyEvaluationErrors.engineFailure(policyKey, "GATE", definition.gateEngineVersion, gateResult.errorOrNull()));
|