@datacules/agent-identity 0.3.2 → 0.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/approval.js +11 -5
- package/dist/cjs/approval.js.map +1 -1
- package/dist/cjs/router.js +53 -4
- package/dist/cjs/router.js.map +1 -1
- package/dist/esm/approval.js +11 -5
- package/dist/esm/approval.js.map +1 -1
- package/dist/esm/router.js +53 -4
- package/dist/esm/router.js.map +1 -1
- package/dist/types/approval.d.ts +9 -4
- package/dist/types/approval.d.ts.map +1 -1
- package/dist/types/router.d.ts +22 -1
- package/dist/types/router.d.ts.map +1 -1
- package/dist/types/types.d.ts +25 -4
- package/dist/types/types.d.ts.map +1 -1
- package/package.json +1 -1
package/dist/cjs/approval.js
CHANGED
|
@@ -55,12 +55,14 @@ class SlackApprovalNotifier {
|
|
|
55
55
|
constructor(webhookUrl) {
|
|
56
56
|
this.webhookUrl = webhookUrl;
|
|
57
57
|
}
|
|
58
|
-
async notify(request,
|
|
58
|
+
async notify(request, policy) {
|
|
59
|
+
const approverTargets = policy.approvers.map((a) => a.target).join(', ');
|
|
59
60
|
const text = [
|
|
60
61
|
`*Approval required* — request \`${request.requestId}\``,
|
|
61
62
|
`User: ${request.context.userId}`,
|
|
62
63
|
`Action: ${request.context.action} on ${request.context.resourceId}`,
|
|
63
64
|
`Credential: ${request.credentialId}`,
|
|
65
|
+
`Required approvers: ${policy.requiredApprovers} (${approverTargets})`,
|
|
64
66
|
`Expires: ${request.expiresAt}`,
|
|
65
67
|
].join('\n');
|
|
66
68
|
try {
|
|
@@ -85,12 +87,16 @@ class ApprovalManager {
|
|
|
85
87
|
}
|
|
86
88
|
/**
|
|
87
89
|
* Gate a resolve() call behind an approval policy.
|
|
88
|
-
*
|
|
89
|
-
*
|
|
90
|
-
*
|
|
90
|
+
*
|
|
91
|
+
* Returns the current ApprovalStatus:
|
|
92
|
+
* 'approved' / 'break_glass' → caller should proceed with resolution
|
|
93
|
+
* 'pending' → caller should return null and retry later
|
|
94
|
+
* 'rejected' / 'timeout' → caller should return null permanently
|
|
95
|
+
*
|
|
96
|
+
* The requestId is derived deterministically from traceId + ruleId so that
|
|
97
|
+
* repeated calls within the same trace are idempotent.
|
|
91
98
|
*/
|
|
92
99
|
async request(ctx, policy, credentialId, ruleId) {
|
|
93
|
-
// Generate deterministic request ID for idempotency within the same trace
|
|
94
100
|
const requestId = `approval-${ctx.traceId}-${ruleId}`;
|
|
95
101
|
const existing = await this.store.get(requestId);
|
|
96
102
|
if (existing) {
|
package/dist/cjs/approval.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"approval.js","sourceRoot":"","sources":["../../src/approval.ts"],"names":[],"mappings":";;;AAqBA,iFAAiF;AAEjF,MAAa,mBAAmB;IAAhC;QACmB,UAAK,GAAG,IAAI,GAAG,EAA2B,CAAC;IA8B9D,CAAC;IA5BC,KAAK,CAAC,MAAM,CAAC,OAAwB;QACnC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,SAAiB;QACzB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,MAAM,CACV,SAAiB,EACjB,MAAsB,EACtB,UAAmB,EACnB,aAAsB;QAEtB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,CAAC,QAAQ;YAAE,OAAO;QACtB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE;YACxB,GAAG,QAAQ;YACX,MAAM;YACN,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,UAAU;YACV,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,WAAW;QACf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;IAC/E,CAAC;CACF;AA/BD,kDA+BC;AAED,iFAAiF;AAEjF,MAAa,uBAAuB;IAClC,YAA6B,UAAkB,EAAmB,MAAe;QAApD,eAAU,GAAV,UAAU,CAAQ;QAAmB,WAAM,GAAN,MAAM,CAAS;IAAG,CAAC;IAErF,KAAK,CAAC,MAAM,CAAC,OAAwB,EAAE,OAAuB;QAC5D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,OAAO,GAA2B,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC;QAC/E,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,OAAO,CAAC,4BAA4B,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC;QACtD,CAAC;QACD,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAClE,CAAC;QAAC,MAAM,CAAC;YACP,2DAA2D;QAC7D,CAAC;IACH,CAAC;CACF;AAfD,0DAeC;AAED,iFAAiF;AAEjF,MAAa,qBAAqB;IAChC,YAA6B,UAAkB;QAAlB,eAAU,GAAV,UAAU,CAAQ;IAAG,CAAC;IAEnD,KAAK,CAAC,MAAM,CAAC,OAAwB,EAAE,
|
|
1
|
+
{"version":3,"file":"approval.js","sourceRoot":"","sources":["../../src/approval.ts"],"names":[],"mappings":";;;AAqBA,iFAAiF;AAEjF,MAAa,mBAAmB;IAAhC;QACmB,UAAK,GAAG,IAAI,GAAG,EAA2B,CAAC;IA8B9D,CAAC;IA5BC,KAAK,CAAC,MAAM,CAAC,OAAwB;QACnC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,SAAiB;QACzB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,MAAM,CACV,SAAiB,EACjB,MAAsB,EACtB,UAAmB,EACnB,aAAsB;QAEtB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,CAAC,QAAQ;YAAE,OAAO;QACtB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE;YACxB,GAAG,QAAQ;YACX,MAAM;YACN,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,UAAU;YACV,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,WAAW;QACf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;IAC/E,CAAC;CACF;AA/BD,kDA+BC;AAED,iFAAiF;AAEjF,MAAa,uBAAuB;IAClC,YAA6B,UAAkB,EAAmB,MAAe;QAApD,eAAU,GAAV,UAAU,CAAQ;QAAmB,WAAM,GAAN,MAAM,CAAS;IAAG,CAAC;IAErF,KAAK,CAAC,MAAM,CAAC,OAAwB,EAAE,OAAuB;QAC5D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,OAAO,GAA2B,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC;QAC/E,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,OAAO,CAAC,4BAA4B,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC;QACtD,CAAC;QACD,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAClE,CAAC;QAAC,MAAM,CAAC;YACP,2DAA2D;QAC7D,CAAC;IACH,CAAC;CACF;AAfD,0DAeC;AAED,iFAAiF;AAEjF,MAAa,qBAAqB;IAChC,YAA6B,UAAkB;QAAlB,eAAU,GAAV,UAAU,CAAQ;IAAG,CAAC;IAEnD,KAAK,CAAC,MAAM,CAAC,OAAwB,EAAE,MAAsB;QAC3D,MAAM,eAAe,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzE,MAAM,IAAI,GAAG;YACX,mCAAmC,OAAO,CAAC,SAAS,IAAI;YACxD,SAAS,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE;YACjC,WAAW,OAAO,CAAC,OAAO,CAAC,MAAM,OAAO,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE;YACpE,eAAe,OAAO,CAAC,YAAY,EAAE;YACrC,uBAAuB,MAAM,CAAC,iBAAiB,KAAK,eAAe,GAAG;YACtE,YAAY,OAAO,CAAC,SAAS,EAAE;SAChC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACb,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE;gBAC3B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC;aAC/B,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;QACtC,CAAC;IACH,CAAC;CACF;AAvBD,sDAuBC;AAED,gFAAgF;AAEhF,MAAa,eAAe;IAC1B,YACmB,KAAoB,EACpB,YAAgC,EAAE,EAClC,WAAyB;QAFzB,UAAK,GAAL,KAAK,CAAe;QACpB,cAAS,GAAT,SAAS,CAAyB;QAClC,gBAAW,GAAX,WAAW,CAAc;IACzC,CAAC;IAEJ;;;;;;;;;;OAUG;IACH,KAAK,CAAC,OAAO,CACX,GAAwB,EACxB,MAAsB,EACtB,YAAoB,EACpB,MAAc;QAEd,MAAM,SAAS,GAAG,YAAY,GAAG,CAAC,OAAO,IAAI,MAAM,EAAE,CAAC;QACtD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAEjD,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,QAAQ,CAAC,MAAM,KAAK,UAAU,IAAI,QAAQ,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;gBACxE,OAAO,QAAQ,CAAC,MAAM,CAAC;YACzB,CAAC;YACD,IAAI,QAAQ,CAAC,MAAM,KAAK,UAAU;gBAAE,OAAO,UAAU,CAAC;YACtD,gBAAgB;YAChB,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBAC9C,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;gBAC9C,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC;wBACzB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;wBACnC,OAAO,EAAE,GAAG,CAAC,OAAO;wBACpB,MAAM,EAAE,GAAG,CAAC,MAAM;wBAClB,MAAM,EAAE,6BAA6B;wBACrC,UAAU,EAAE,GAAG,CAAC,UAAU;wBAC1B,YAAY,EAAE,GAAG,CAAC,YAAY;wBAC9B,QAAQ,EAAE,GAAG,CAAC,QAAQ;wBACtB,KAAK,EAAE,GAAG,CAAC,KAAK;wBAChB,YAAY;wBACZ,cAAc,EAAE,OAAO;wBACvB,WAAW,EAAE,GAAG,CAAC,MAAM;qBACxB,CAAC,CAAC;gBACL,CAAC;gBACD,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,qBAAqB;QACrB,MAAM,cAAc,GAAG,MAAM,CAAC,cAAc,IAAI,GAAG,CAAC;QACpD,MAAM,UAAU,GAAoB;YAClC,SAAS;YACT,YAAY;YACZ,MAAM;YACN,OAAO,EAAE,GAAG;YACZ,MAAM,EAAE,SAAS;YACjB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;SACtE,CAAC;QACF,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAEpC,uBAAuB;QACvB,MAAM,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;QAElF,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC;gBACzB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,MAAM,EAAE,+BAA+B;gBACvC,UAAU,EAAE,GAAG,CAAC,UAAU;gBAC1B,YAAY,EAAE,GAAG,CAAC,YAAY;gBAC9B,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,YAAY;gBACZ,cAAc,EAAE,OAAO;gBACvB,WAAW,EAAE,GAAG,CAAC,MAAM;aACxB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;CACF;AAzFD,0CAyFC"}
|
package/dist/cjs/router.js
CHANGED
|
@@ -2,11 +2,14 @@
|
|
|
2
2
|
/**
|
|
3
3
|
* Credential Router — core of @datacules/agent-identity.
|
|
4
4
|
*
|
|
5
|
-
* Key features
|
|
5
|
+
* Key features:
|
|
6
6
|
* - Canary routing: canaryRef + canaryWeight on RoutingRule
|
|
7
7
|
* - Attestation: optional AttestationSigner on router config
|
|
8
8
|
* - Budget enforcement: BudgetEnforcer check before resolving
|
|
9
9
|
* - Approval gate: ApprovalManager integration on rules with approval policy
|
|
10
|
+
* - resolveAsync(): full async resolution path for cloud stores
|
|
11
|
+
* - resolvePairAsync(): async migration pair resolution (async counterpart
|
|
12
|
+
* of resolvePair(), enabling budget + attestation on migration workflows)
|
|
10
13
|
*/
|
|
11
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
15
|
exports.CredentialRouter = exports.MemoryCredentialStore = void 0;
|
|
@@ -66,7 +69,6 @@ class CredentialRouter {
|
|
|
66
69
|
console.warn('[CredentialRouter] resolve() requires findByRefSync(). Use resolveAsync() for async stores.');
|
|
67
70
|
return null;
|
|
68
71
|
}
|
|
69
|
-
// Canary selection
|
|
70
72
|
const ref = this.selectRef(rule);
|
|
71
73
|
const isCanary = ref === rule.canaryRef;
|
|
72
74
|
const cred = store.findByRefSync(ref);
|
|
@@ -85,7 +87,8 @@ class CredentialRouter {
|
|
|
85
87
|
isCanary,
|
|
86
88
|
};
|
|
87
89
|
if (this.config.logger) {
|
|
88
|
-
this.
|
|
90
|
+
const entry = this.buildAuditEntry(ctx, resolved, rule, isCanary);
|
|
91
|
+
Promise.resolve(this.config.logger.log(entry)).catch(console.error);
|
|
89
92
|
}
|
|
90
93
|
return resolved;
|
|
91
94
|
}
|
|
@@ -139,7 +142,7 @@ class CredentialRouter {
|
|
|
139
142
|
}
|
|
140
143
|
return resolved;
|
|
141
144
|
}
|
|
142
|
-
// ─── Pair resolve for migration
|
|
145
|
+
// ─── Pair resolve for migration (sync) ───────────────────────────────────
|
|
143
146
|
resolvePair(ctx) {
|
|
144
147
|
const sourceCtx = { ...ctx, resourceId: ctx.sourceResourceId, action: 'read' };
|
|
145
148
|
const targetCtx = { ...ctx, resourceId: ctx.targetResourceId, action: ctx.dryRun ? 'read' : ctx.action };
|
|
@@ -149,6 +152,52 @@ class CredentialRouter {
|
|
|
149
152
|
return null;
|
|
150
153
|
return { source, target, migrationId: ctx.migrationId };
|
|
151
154
|
}
|
|
155
|
+
// ─── Pair resolve for migration (async) ──────────────────────────────────
|
|
156
|
+
/**
|
|
157
|
+
* Async counterpart of resolvePair(). Resolves source and target credentials
|
|
158
|
+
* in parallel using resolveAsync(), so both resolutions benefit from:
|
|
159
|
+
* - Budget enforcement (per-credential checks)
|
|
160
|
+
* - Attestation signing (if AttestationSigner is configured)
|
|
161
|
+
* - Approval gates (if ApprovalManager is configured)
|
|
162
|
+
* - Cloud credential stores (AWS Secrets Manager, Vault, Azure Key Vault)
|
|
163
|
+
*
|
|
164
|
+
* Use this instead of resolvePair() in any production migration workflow
|
|
165
|
+
* that uses a non-MemoryCredentialStore.
|
|
166
|
+
*
|
|
167
|
+
* The source context always uses action: 'read'.
|
|
168
|
+
* The target context uses action: 'read' when dryRun is true, otherwise
|
|
169
|
+
* the original action from the MigrationContext.
|
|
170
|
+
*
|
|
171
|
+
* Returns null if either source or target credential cannot be resolved.
|
|
172
|
+
*/
|
|
173
|
+
async resolvePairAsync(ctx) {
|
|
174
|
+
const sourceCtx = {
|
|
175
|
+
...ctx,
|
|
176
|
+
resourceId: ctx.sourceResourceId,
|
|
177
|
+
action: 'read',
|
|
178
|
+
};
|
|
179
|
+
const targetCtx = {
|
|
180
|
+
...ctx,
|
|
181
|
+
resourceId: ctx.targetResourceId,
|
|
182
|
+
action: ctx.dryRun ? 'read' : ctx.action,
|
|
183
|
+
};
|
|
184
|
+
// Resolve both in parallel — independent credentials, no ordering dependency
|
|
185
|
+
const [source, target] = await Promise.all([
|
|
186
|
+
this.resolveAsync(sourceCtx),
|
|
187
|
+
this.resolveAsync(targetCtx),
|
|
188
|
+
]);
|
|
189
|
+
if (!source || !target)
|
|
190
|
+
return null;
|
|
191
|
+
// expiresAt on the pair is the earlier of the two expiries
|
|
192
|
+
let expiresAt;
|
|
193
|
+
if (source.expiresAt && target.expiresAt) {
|
|
194
|
+
expiresAt = source.expiresAt < target.expiresAt ? source.expiresAt : target.expiresAt;
|
|
195
|
+
}
|
|
196
|
+
else {
|
|
197
|
+
expiresAt = source.expiresAt ?? target.expiresAt;
|
|
198
|
+
}
|
|
199
|
+
return { source, target, migrationId: ctx.migrationId, expiresAt };
|
|
200
|
+
}
|
|
152
201
|
// ─── Canary selection ─────────────────────────────────────────────────────
|
|
153
202
|
selectRef(rule) {
|
|
154
203
|
if (rule.canaryRef && rule.canaryWeight && rule.canaryWeight > 0) {
|
package/dist/cjs/router.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"router.js","sourceRoot":"","sources":["../../src/router.ts"],"names":[],"mappings":";AAAA
|
|
1
|
+
{"version":3,"file":"router.js","sourceRoot":"","sources":["../../src/router.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;AAwSH,oCAMC;AAED,sDAMC;AAED,wDAEC;AA5SD,+CAAiD;AAQjD,SAAS,aAAa,CAAC,KAAsB;IAC3C,OAAO,OAAQ,KAA0B,CAAC,aAAa,KAAK,UAAU,CAAC;AACzE,CAAC;AAcD,MAAa,qBAAqB;IAIhC,YAAY,WAAyB;QAFpB,iBAAY,GAAG,IAAI,GAAG,EAAsD,CAAC;QAG5F,IAAI,CAAC,KAAK,GAAG,WAAW,CAAC;IAC3B,CAAC;IAED,aAAa,CAAC,GAAW;QACvB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,IAAI,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,IAAI,IAAI,CAAC;IAChF,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAW;QACzB,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,UAAU;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,IAAwB;QACvC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,GAAW,EAAE,WAAmB,EAAE,UAAkB;QAChE,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,QAAQ,IAAI,QAAQ,CAAC,WAAW,KAAK,WAAW,IAAI,QAAQ,CAAC,SAAS,GAAG,GAAG;YAAE,OAAO,KAAK,CAAC;QAC/F,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,GAAG,UAAU,GAAG,IAAI,EAAE,CAAC,CAAC;QAChF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,GAAW,EAAE,WAAmB;QAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,QAAQ,EAAE,WAAW,KAAK,WAAW;YAAE,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC3E,CAAC;CACF;AApCD,sDAoCC;AAED,MAAa,gBAAgB;IAC3B,YAA6B,MAAoB;QAApB,WAAM,GAAN,MAAM,CAAc;IAAG,CAAC;IAErD,6EAA6E;IAE7E,OAAO,CAAC,GAAwB;QAC9B,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;QACrC,MAAM,QAAQ,GAAG,KAAK;aACnB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aACvC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;QAE3C,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACzB,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAEvB,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CAAC,6FAA6F,CAAC,CAAC;YAC5G,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACjC,MAAM,QAAQ,GAAG,GAAG,KAAK,IAAI,CAAC,SAAS,CAAC;QAExC,MAAM,IAAI,GAAG,KAAK,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QACvB,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,IAAI,EAAE;YAAE,OAAO,IAAI,CAAC;QACzE,IAAI,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,IAAI,CAAC;QAE7E,MAAM,QAAQ,GAAuB;YACnC,YAAY,EAAE,IAAI,CAAC,EAAE;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,WAAW,EAAE,IAAI,CAAC,IAAI,KAAK,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;YACpE,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,QAAQ;SACT,CAAC;QAEF,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;YAClE,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACtE,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,6EAA6E;IAE7E,KAAK,CAAC,YAAY,CAAC,GAAwB;QACzC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,iBAAiB,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;QACzF,MAAM,QAAQ,GAAG,KAAK;aACnB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aACvC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;QAE3C,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACzB,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAEvB,gBAAgB;QAChB,IAAI,IAAI,CAAC,QAAQ,IAAI,eAAe,EAAE,CAAC;YACrC,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;YAC9F,IAAI,MAAM,KAAK,UAAU,IAAI,MAAM,KAAK,aAAa;gBAAE,OAAO,IAAI,CAAC;QACrE,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACjC,MAAM,QAAQ,GAAG,GAAG,KAAK,IAAI,CAAC,SAAS,CAAC;QAExC,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QACvB,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,IAAI,EAAE;YAAE,OAAO,IAAI,CAAC;QACzE,IAAI,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,IAAI,CAAC;QAE7E,eAAe;QACf,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAChD,IAAI,CAAC,MAAM,CAAC,OAAO;gBAAE,OAAO,IAAI,CAAC;QACnC,CAAC;QAED,MAAM,QAAQ,GAAuB;YACnC,YAAY,EAAE,IAAI,CAAC,EAAE;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,WAAW,EAAE,IAAI,CAAC,IAAI,KAAK,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;YACpE,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,QAAQ;SACT,CAAC;QAEF,cAAc;QACd,IAAI,iBAAiB,EAAE,CAAC;YACtB,QAAQ,CAAC,qBAAqB,GAAG,MAAM,IAAA,8BAAgB,EAAC,GAAG,EAAE,QAAQ,EAAE;gBACrE,MAAM,EAAE,iBAAiB;gBACzB,MAAM,EAAE,IAAI,CAAC,EAAE;aAChB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACvB,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;QACpF,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,4EAA4E;IAE5E,WAAW,CAAC,GAAqB;QAC/B,MAAM,SAAS,GAAwB,EAAE,GAAG,GAAG,EAAE,UAAU,EAAE,GAAG,CAAC,gBAAgB,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QACpG,MAAM,SAAS,GAAwB,EAAE,GAAG,GAAG,EAAE,UAAU,EAAE,GAAG,CAAC,gBAAgB,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;QAE9H,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEpC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC;IAC1D,CAAC;IAED,4EAA4E;IAE5E;;;;;;;;;;;;;;;;OAgBG;IACH,KAAK,CAAC,gBAAgB,CAAC,GAAqB;QAC1C,MAAM,SAAS,GAAwB;YACrC,GAAG,GAAG;YACN,UAAU,EAAE,GAAG,CAAC,gBAAgB;YAChC,MAAM,EAAE,MAAM;SACf,CAAC;QACF,MAAM,SAAS,GAAwB;YACrC,GAAG,GAAG;YACN,UAAU,EAAE,GAAG,CAAC,gBAAgB;YAChC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM;SACzC,CAAC;QAEF,6EAA6E;QAC7E,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACzC,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC;YAC5B,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEpC,2DAA2D;QAC3D,IAAI,SAA6B,CAAC;QAClC,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACzC,SAAS,GAAG,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC;QACxF,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,CAAC;QACnD,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,CAAC,WAAW,EAAE,SAAS,EAAE,CAAC;IACrE,CAAC;IAED,6EAA6E;IAErE,SAAS,CAAC,IAAiB;QACjC,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC;YACjE,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC;YACjC,IAAI,IAAI,GAAG,IAAI,CAAC,YAAY;gBAAE,OAAO,IAAI,CAAC,SAAS,CAAC;QACtD,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAED,6EAA6E;IAErE,WAAW,CAAC,IAAiB,EAAE,GAAwB;QAC7D,IAAI,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,iBAAiB,KAAK,GAAG,CAAC,YAAY;YAAE,OAAO,KAAK,CAAC;QACxF,IAAI,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,aAAa,KAAK,GAAG,CAAC,QAAQ;YAAE,OAAO,KAAK,CAAC;QAC5E,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,KAAK,GAAG,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QACtE,IAAI,IAAI,CAAC,aAAa,IAAI,GAAG,CAAC,QAAQ,KAAK,IAAI,CAAC,aAAa;YAAE,OAAO,KAAK,CAAC;QAC5E,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACxF,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;QAClD,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,MAAM,MAAM,GAAG,GAAuB,CAAC;YACvC,IAAI,CAAC,MAAM,CAAC,KAAK;gBAAE,OAAO,KAAK,CAAC;YAChC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACpF,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;QACnD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,4EAA4E;IAEpE,eAAe,CACrB,GAAwB,EACxB,QAA4B,EAC5B,IAAiB,EACjB,QAAiB;QAEjB,OAAO;YACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,UAAU,EAAE,GAAG,CAAC,UAAU;YAC1B,YAAY,EAAE,GAAG,CAAC,YAAY;YAC9B,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,cAAc,EAAE,QAAQ,CAAC,IAAI;YAC7B,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,QAAQ;YACR,QAAQ,EAAE,GAAG,CAAC,QAAQ;SACvB,CAAC;IACJ,CAAC;CACF;AAxND,4CAwNC;AAED,iFAAiF;AAEjF,SAAgB,YAAY,CAC1B,WAAyB,EACzB,KAAoB,EACpB,MAAoB;IAEpB,OAAO,IAAI,gBAAgB,CAAC,EAAE,KAAK,EAAE,IAAI,qBAAqB,CAAC,WAAW,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;AAChG,CAAC;AAED,SAAgB,qBAAqB,CACnC,KAAsB,EACtB,KAAoB,EACpB,MAAoB;IAEpB,OAAO,IAAI,gBAAgB,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;AACxD,CAAC;AAED,SAAgB,sBAAsB,CAAC,MAAoB;IACzD,OAAO,IAAI,gBAAgB,CAAC,MAAM,CAAC,CAAC;AACtC,CAAC"}
|
package/dist/esm/approval.js
CHANGED
|
@@ -50,12 +50,14 @@ export class SlackApprovalNotifier {
|
|
|
50
50
|
constructor(webhookUrl) {
|
|
51
51
|
this.webhookUrl = webhookUrl;
|
|
52
52
|
}
|
|
53
|
-
async notify(request,
|
|
53
|
+
async notify(request, policy) {
|
|
54
|
+
const approverTargets = policy.approvers.map((a) => a.target).join(', ');
|
|
54
55
|
const text = [
|
|
55
56
|
`*Approval required* — request \`${request.requestId}\``,
|
|
56
57
|
`User: ${request.context.userId}`,
|
|
57
58
|
`Action: ${request.context.action} on ${request.context.resourceId}`,
|
|
58
59
|
`Credential: ${request.credentialId}`,
|
|
60
|
+
`Required approvers: ${policy.requiredApprovers} (${approverTargets})`,
|
|
59
61
|
`Expires: ${request.expiresAt}`,
|
|
60
62
|
].join('\n');
|
|
61
63
|
try {
|
|
@@ -79,12 +81,16 @@ export class ApprovalManager {
|
|
|
79
81
|
}
|
|
80
82
|
/**
|
|
81
83
|
* Gate a resolve() call behind an approval policy.
|
|
82
|
-
*
|
|
83
|
-
*
|
|
84
|
-
*
|
|
84
|
+
*
|
|
85
|
+
* Returns the current ApprovalStatus:
|
|
86
|
+
* 'approved' / 'break_glass' → caller should proceed with resolution
|
|
87
|
+
* 'pending' → caller should return null and retry later
|
|
88
|
+
* 'rejected' / 'timeout' → caller should return null permanently
|
|
89
|
+
*
|
|
90
|
+
* The requestId is derived deterministically from traceId + ruleId so that
|
|
91
|
+
* repeated calls within the same trace are idempotent.
|
|
85
92
|
*/
|
|
86
93
|
async request(ctx, policy, credentialId, ruleId) {
|
|
87
|
-
// Generate deterministic request ID for idempotency within the same trace
|
|
88
94
|
const requestId = `approval-${ctx.traceId}-${ruleId}`;
|
|
89
95
|
const existing = await this.store.get(requestId);
|
|
90
96
|
if (existing) {
|
package/dist/esm/approval.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"approval.js","sourceRoot":"","sources":["../../src/approval.ts"],"names":[],"mappings":"AAqBA,iFAAiF;AAEjF,MAAM,OAAO,mBAAmB;IAAhC;QACmB,UAAK,GAAG,IAAI,GAAG,EAA2B,CAAC;IA8B9D,CAAC;IA5BC,KAAK,CAAC,MAAM,CAAC,OAAwB;QACnC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,SAAiB;QACzB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,MAAM,CACV,SAAiB,EACjB,MAAsB,EACtB,UAAmB,EACnB,aAAsB;QAEtB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,CAAC,QAAQ;YAAE,OAAO;QACtB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE;YACxB,GAAG,QAAQ;YACX,MAAM;YACN,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,UAAU;YACV,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,WAAW;QACf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;IAC/E,CAAC;CACF;AAED,iFAAiF;AAEjF,MAAM,OAAO,uBAAuB;IAClC,YAA6B,UAAkB,EAAmB,MAAe;QAApD,eAAU,GAAV,UAAU,CAAQ;QAAmB,WAAM,GAAN,MAAM,CAAS;IAAG,CAAC;IAErF,KAAK,CAAC,MAAM,CAAC,OAAwB,EAAE,OAAuB;QAC5D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,OAAO,GAA2B,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC;QAC/E,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,OAAO,CAAC,4BAA4B,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC;QACtD,CAAC;QACD,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAClE,CAAC;QAAC,MAAM,CAAC;YACP,2DAA2D;QAC7D,CAAC;IACH,CAAC;CACF;AAED,iFAAiF;AAEjF,MAAM,OAAO,qBAAqB;IAChC,YAA6B,UAAkB;QAAlB,eAAU,GAAV,UAAU,CAAQ;IAAG,CAAC;IAEnD,KAAK,CAAC,MAAM,CAAC,OAAwB,EAAE,
|
|
1
|
+
{"version":3,"file":"approval.js","sourceRoot":"","sources":["../../src/approval.ts"],"names":[],"mappings":"AAqBA,iFAAiF;AAEjF,MAAM,OAAO,mBAAmB;IAAhC;QACmB,UAAK,GAAG,IAAI,GAAG,EAA2B,CAAC;IA8B9D,CAAC;IA5BC,KAAK,CAAC,MAAM,CAAC,OAAwB;QACnC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,SAAiB;QACzB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,MAAM,CACV,SAAiB,EACjB,MAAsB,EACtB,UAAmB,EACnB,aAAsB;QAEtB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,CAAC,QAAQ;YAAE,OAAO;QACtB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE;YACxB,GAAG,QAAQ;YACX,MAAM;YACN,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,UAAU;YACV,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,WAAW;QACf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;IAC/E,CAAC;CACF;AAED,iFAAiF;AAEjF,MAAM,OAAO,uBAAuB;IAClC,YAA6B,UAAkB,EAAmB,MAAe;QAApD,eAAU,GAAV,UAAU,CAAQ;QAAmB,WAAM,GAAN,MAAM,CAAS;IAAG,CAAC;IAErF,KAAK,CAAC,MAAM,CAAC,OAAwB,EAAE,OAAuB;QAC5D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,OAAO,GAA2B,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC;QAC/E,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,OAAO,CAAC,4BAA4B,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC;QACtD,CAAC;QACD,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAClE,CAAC;QAAC,MAAM,CAAC;YACP,2DAA2D;QAC7D,CAAC;IACH,CAAC;CACF;AAED,iFAAiF;AAEjF,MAAM,OAAO,qBAAqB;IAChC,YAA6B,UAAkB;QAAlB,eAAU,GAAV,UAAU,CAAQ;IAAG,CAAC;IAEnD,KAAK,CAAC,MAAM,CAAC,OAAwB,EAAE,MAAsB;QAC3D,MAAM,eAAe,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzE,MAAM,IAAI,GAAG;YACX,mCAAmC,OAAO,CAAC,SAAS,IAAI;YACxD,SAAS,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE;YACjC,WAAW,OAAO,CAAC,OAAO,CAAC,MAAM,OAAO,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE;YACpE,eAAe,OAAO,CAAC,YAAY,EAAE;YACrC,uBAAuB,MAAM,CAAC,iBAAiB,KAAK,eAAe,GAAG;YACtE,YAAY,OAAO,CAAC,SAAS,EAAE;SAChC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACb,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE;gBAC3B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC;aAC/B,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,oCAAoC;QACtC,CAAC;IACH,CAAC;CACF;AAED,gFAAgF;AAEhF,MAAM,OAAO,eAAe;IAC1B,YACmB,KAAoB,EACpB,YAAgC,EAAE,EAClC,WAAyB;QAFzB,UAAK,GAAL,KAAK,CAAe;QACpB,cAAS,GAAT,SAAS,CAAyB;QAClC,gBAAW,GAAX,WAAW,CAAc;IACzC,CAAC;IAEJ;;;;;;;;;;OAUG;IACH,KAAK,CAAC,OAAO,CACX,GAAwB,EACxB,MAAsB,EACtB,YAAoB,EACpB,MAAc;QAEd,MAAM,SAAS,GAAG,YAAY,GAAG,CAAC,OAAO,IAAI,MAAM,EAAE,CAAC;QACtD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAEjD,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,QAAQ,CAAC,MAAM,KAAK,UAAU,IAAI,QAAQ,CAAC,MAAM,KAAK,aAAa,EAAE,CAAC;gBACxE,OAAO,QAAQ,CAAC,MAAM,CAAC;YACzB,CAAC;YACD,IAAI,QAAQ,CAAC,MAAM,KAAK,UAAU;gBAAE,OAAO,UAAU,CAAC;YACtD,gBAAgB;YAChB,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBAC9C,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;gBAC9C,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC;wBACzB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;wBACnC,OAAO,EAAE,GAAG,CAAC,OAAO;wBACpB,MAAM,EAAE,GAAG,CAAC,MAAM;wBAClB,MAAM,EAAE,6BAA6B;wBACrC,UAAU,EAAE,GAAG,CAAC,UAAU;wBAC1B,YAAY,EAAE,GAAG,CAAC,YAAY;wBAC9B,QAAQ,EAAE,GAAG,CAAC,QAAQ;wBACtB,KAAK,EAAE,GAAG,CAAC,KAAK;wBAChB,YAAY;wBACZ,cAAc,EAAE,OAAO;wBACvB,WAAW,EAAE,GAAG,CAAC,MAAM;qBACxB,CAAC,CAAC;gBACL,CAAC;gBACD,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,qBAAqB;QACrB,MAAM,cAAc,GAAG,MAAM,CAAC,cAAc,IAAI,GAAG,CAAC;QACpD,MAAM,UAAU,GAAoB;YAClC,SAAS;YACT,YAAY;YACZ,MAAM;YACN,OAAO,EAAE,GAAG;YACZ,MAAM,EAAE,SAAS;YACjB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;SACtE,CAAC;QACF,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAEpC,uBAAuB;QACvB,MAAM,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC;QAElF,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC;gBACzB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,MAAM,EAAE,+BAA+B;gBACvC,UAAU,EAAE,GAAG,CAAC,UAAU;gBAC1B,YAAY,EAAE,GAAG,CAAC,YAAY;gBAC9B,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,YAAY;gBACZ,cAAc,EAAE,OAAO;gBACvB,WAAW,EAAE,GAAG,CAAC,MAAM;aACxB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;CACF"}
|
package/dist/esm/router.js
CHANGED
|
@@ -1,11 +1,14 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Credential Router — core of @datacules/agent-identity.
|
|
3
3
|
*
|
|
4
|
-
* Key features
|
|
4
|
+
* Key features:
|
|
5
5
|
* - Canary routing: canaryRef + canaryWeight on RoutingRule
|
|
6
6
|
* - Attestation: optional AttestationSigner on router config
|
|
7
7
|
* - Budget enforcement: BudgetEnforcer check before resolving
|
|
8
8
|
* - Approval gate: ApprovalManager integration on rules with approval policy
|
|
9
|
+
* - resolveAsync(): full async resolution path for cloud stores
|
|
10
|
+
* - resolvePairAsync(): async migration pair resolution (async counterpart
|
|
11
|
+
* of resolvePair(), enabling budget + attestation on migration workflows)
|
|
9
12
|
*/
|
|
10
13
|
import { buildAttestation } from './attestation';
|
|
11
14
|
function isSyncCapable(store) {
|
|
@@ -59,7 +62,6 @@ export class CredentialRouter {
|
|
|
59
62
|
console.warn('[CredentialRouter] resolve() requires findByRefSync(). Use resolveAsync() for async stores.');
|
|
60
63
|
return null;
|
|
61
64
|
}
|
|
62
|
-
// Canary selection
|
|
63
65
|
const ref = this.selectRef(rule);
|
|
64
66
|
const isCanary = ref === rule.canaryRef;
|
|
65
67
|
const cred = store.findByRefSync(ref);
|
|
@@ -78,7 +80,8 @@ export class CredentialRouter {
|
|
|
78
80
|
isCanary,
|
|
79
81
|
};
|
|
80
82
|
if (this.config.logger) {
|
|
81
|
-
this.
|
|
83
|
+
const entry = this.buildAuditEntry(ctx, resolved, rule, isCanary);
|
|
84
|
+
Promise.resolve(this.config.logger.log(entry)).catch(console.error);
|
|
82
85
|
}
|
|
83
86
|
return resolved;
|
|
84
87
|
}
|
|
@@ -132,7 +135,7 @@ export class CredentialRouter {
|
|
|
132
135
|
}
|
|
133
136
|
return resolved;
|
|
134
137
|
}
|
|
135
|
-
// ─── Pair resolve for migration
|
|
138
|
+
// ─── Pair resolve for migration (sync) ───────────────────────────────────
|
|
136
139
|
resolvePair(ctx) {
|
|
137
140
|
const sourceCtx = { ...ctx, resourceId: ctx.sourceResourceId, action: 'read' };
|
|
138
141
|
const targetCtx = { ...ctx, resourceId: ctx.targetResourceId, action: ctx.dryRun ? 'read' : ctx.action };
|
|
@@ -142,6 +145,52 @@ export class CredentialRouter {
|
|
|
142
145
|
return null;
|
|
143
146
|
return { source, target, migrationId: ctx.migrationId };
|
|
144
147
|
}
|
|
148
|
+
// ─── Pair resolve for migration (async) ──────────────────────────────────
|
|
149
|
+
/**
|
|
150
|
+
* Async counterpart of resolvePair(). Resolves source and target credentials
|
|
151
|
+
* in parallel using resolveAsync(), so both resolutions benefit from:
|
|
152
|
+
* - Budget enforcement (per-credential checks)
|
|
153
|
+
* - Attestation signing (if AttestationSigner is configured)
|
|
154
|
+
* - Approval gates (if ApprovalManager is configured)
|
|
155
|
+
* - Cloud credential stores (AWS Secrets Manager, Vault, Azure Key Vault)
|
|
156
|
+
*
|
|
157
|
+
* Use this instead of resolvePair() in any production migration workflow
|
|
158
|
+
* that uses a non-MemoryCredentialStore.
|
|
159
|
+
*
|
|
160
|
+
* The source context always uses action: 'read'.
|
|
161
|
+
* The target context uses action: 'read' when dryRun is true, otherwise
|
|
162
|
+
* the original action from the MigrationContext.
|
|
163
|
+
*
|
|
164
|
+
* Returns null if either source or target credential cannot be resolved.
|
|
165
|
+
*/
|
|
166
|
+
async resolvePairAsync(ctx) {
|
|
167
|
+
const sourceCtx = {
|
|
168
|
+
...ctx,
|
|
169
|
+
resourceId: ctx.sourceResourceId,
|
|
170
|
+
action: 'read',
|
|
171
|
+
};
|
|
172
|
+
const targetCtx = {
|
|
173
|
+
...ctx,
|
|
174
|
+
resourceId: ctx.targetResourceId,
|
|
175
|
+
action: ctx.dryRun ? 'read' : ctx.action,
|
|
176
|
+
};
|
|
177
|
+
// Resolve both in parallel — independent credentials, no ordering dependency
|
|
178
|
+
const [source, target] = await Promise.all([
|
|
179
|
+
this.resolveAsync(sourceCtx),
|
|
180
|
+
this.resolveAsync(targetCtx),
|
|
181
|
+
]);
|
|
182
|
+
if (!source || !target)
|
|
183
|
+
return null;
|
|
184
|
+
// expiresAt on the pair is the earlier of the two expiries
|
|
185
|
+
let expiresAt;
|
|
186
|
+
if (source.expiresAt && target.expiresAt) {
|
|
187
|
+
expiresAt = source.expiresAt < target.expiresAt ? source.expiresAt : target.expiresAt;
|
|
188
|
+
}
|
|
189
|
+
else {
|
|
190
|
+
expiresAt = source.expiresAt ?? target.expiresAt;
|
|
191
|
+
}
|
|
192
|
+
return { source, target, migrationId: ctx.migrationId, expiresAt };
|
|
193
|
+
}
|
|
145
194
|
// ─── Canary selection ─────────────────────────────────────────────────────
|
|
146
195
|
selectRef(rule) {
|
|
147
196
|
if (rule.canaryRef && rule.canaryWeight && rule.canaryWeight > 0) {
|
package/dist/esm/router.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"router.js","sourceRoot":"","sources":["../../src/router.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"router.js","sourceRoot":"","sources":["../../src/router.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAcH,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAQjD,SAAS,aAAa,CAAC,KAAsB;IAC3C,OAAO,OAAQ,KAA0B,CAAC,aAAa,KAAK,UAAU,CAAC;AACzE,CAAC;AAcD,MAAM,OAAO,qBAAqB;IAIhC,YAAY,WAAyB;QAFpB,iBAAY,GAAG,IAAI,GAAG,EAAsD,CAAC;QAG5F,IAAI,CAAC,KAAK,GAAG,WAAW,CAAC;IAC3B,CAAC;IAED,aAAa,CAAC,GAAW;QACvB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,IAAI,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,IAAI,IAAI,CAAC;IAChF,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAW;QACzB,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,UAAU;QACd,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,IAAwB;QACvC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,GAAW,EAAE,WAAmB,EAAE,UAAkB;QAChE,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,QAAQ,IAAI,QAAQ,CAAC,WAAW,KAAK,WAAW,IAAI,QAAQ,CAAC,SAAS,GAAG,GAAG;YAAE,OAAO,KAAK,CAAC;QAC/F,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,GAAG,UAAU,GAAG,IAAI,EAAE,CAAC,CAAC;QAChF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,GAAW,EAAE,WAAmB;QAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,QAAQ,EAAE,WAAW,KAAK,WAAW;YAAE,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC3E,CAAC;CACF;AAED,MAAM,OAAO,gBAAgB;IAC3B,YAA6B,MAAoB;QAApB,WAAM,GAAN,MAAM,CAAc;IAAG,CAAC;IAErD,6EAA6E;IAE7E,OAAO,CAAC,GAAwB;QAC9B,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;QACrC,MAAM,QAAQ,GAAG,KAAK;aACnB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aACvC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;QAE3C,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACzB,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAEvB,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CAAC,6FAA6F,CAAC,CAAC;YAC5G,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACjC,MAAM,QAAQ,GAAG,GAAG,KAAK,IAAI,CAAC,SAAS,CAAC;QAExC,MAAM,IAAI,GAAG,KAAK,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QACvB,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,IAAI,EAAE;YAAE,OAAO,IAAI,CAAC;QACzE,IAAI,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,IAAI,CAAC;QAE7E,MAAM,QAAQ,GAAuB;YACnC,YAAY,EAAE,IAAI,CAAC,EAAE;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,WAAW,EAAE,IAAI,CAAC,IAAI,KAAK,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;YACpE,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,QAAQ;SACT,CAAC;QAEF,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;YAClE,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACtE,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,6EAA6E;IAE7E,KAAK,CAAC,YAAY,CAAC,GAAwB;QACzC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,iBAAiB,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;QACzF,MAAM,QAAQ,GAAG,KAAK;aACnB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aACvC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;QAE3C,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QACzB,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAEvB,gBAAgB;QAChB,IAAI,IAAI,CAAC,QAAQ,IAAI,eAAe,EAAE,CAAC;YACrC,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;YAC9F,IAAI,MAAM,KAAK,UAAU,IAAI,MAAM,KAAK,aAAa;gBAAE,OAAO,IAAI,CAAC;QACrE,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACjC,MAAM,QAAQ,GAAG,GAAG,KAAK,IAAI,CAAC,SAAS,CAAC;QAExC,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QACvB,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,IAAI,EAAE;YAAE,OAAO,IAAI,CAAC;QACzE,IAAI,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;YAAE,OAAO,IAAI,CAAC;QAE7E,eAAe;QACf,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAChD,IAAI,CAAC,MAAM,CAAC,OAAO;gBAAE,OAAO,IAAI,CAAC;QACnC,CAAC;QAED,MAAM,QAAQ,GAAuB;YACnC,YAAY,EAAE,IAAI,CAAC,EAAE;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,WAAW,EAAE,IAAI,CAAC,IAAI,KAAK,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;YACpE,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,QAAQ;SACT,CAAC;QAEF,cAAc;QACd,IAAI,iBAAiB,EAAE,CAAC;YACtB,QAAQ,CAAC,qBAAqB,GAAG,MAAM,gBAAgB,CAAC,GAAG,EAAE,QAAQ,EAAE;gBACrE,MAAM,EAAE,iBAAiB;gBACzB,MAAM,EAAE,IAAI,CAAC,EAAE;aAChB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACvB,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;QACpF,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,4EAA4E;IAE5E,WAAW,CAAC,GAAqB;QAC/B,MAAM,SAAS,GAAwB,EAAE,GAAG,GAAG,EAAE,UAAU,EAAE,GAAG,CAAC,gBAAgB,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QACpG,MAAM,SAAS,GAAwB,EAAE,GAAG,GAAG,EAAE,UAAU,EAAE,GAAG,CAAC,gBAAgB,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;QAE9H,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEpC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC;IAC1D,CAAC;IAED,4EAA4E;IAE5E;;;;;;;;;;;;;;;;OAgBG;IACH,KAAK,CAAC,gBAAgB,CAAC,GAAqB;QAC1C,MAAM,SAAS,GAAwB;YACrC,GAAG,GAAG;YACN,UAAU,EAAE,GAAG,CAAC,gBAAgB;YAChC,MAAM,EAAE,MAAM;SACf,CAAC;QACF,MAAM,SAAS,GAAwB;YACrC,GAAG,GAAG;YACN,UAAU,EAAE,GAAG,CAAC,gBAAgB;YAChC,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM;SACzC,CAAC;QAEF,6EAA6E;QAC7E,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACzC,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC;YAC5B,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEpC,2DAA2D;QAC3D,IAAI,SAA6B,CAAC;QAClC,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACzC,SAAS,GAAG,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC;QACxF,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,CAAC;QACnD,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,CAAC,WAAW,EAAE,SAAS,EAAE,CAAC;IACrE,CAAC;IAED,6EAA6E;IAErE,SAAS,CAAC,IAAiB;QACjC,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC;YACjE,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC;YACjC,IAAI,IAAI,GAAG,IAAI,CAAC,YAAY;gBAAE,OAAO,IAAI,CAAC,SAAS,CAAC;QACtD,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAED,6EAA6E;IAErE,WAAW,CAAC,IAAiB,EAAE,GAAwB;QAC7D,IAAI,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,iBAAiB,KAAK,GAAG,CAAC,YAAY;YAAE,OAAO,KAAK,CAAC;QACxF,IAAI,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,aAAa,KAAK,GAAG,CAAC,QAAQ;YAAE,OAAO,KAAK,CAAC;QAC5E,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,KAAK,GAAG,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QACtE,IAAI,IAAI,CAAC,aAAa,IAAI,GAAG,CAAC,QAAQ,KAAK,IAAI,CAAC,aAAa;YAAE,OAAO,KAAK,CAAC;QAC5E,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACxF,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;QAClD,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,MAAM,MAAM,GAAG,GAAuB,CAAC;YACvC,IAAI,CAAC,MAAM,CAAC,KAAK;gBAAE,OAAO,KAAK,CAAC;YAChC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACpF,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;QACnD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,4EAA4E;IAEpE,eAAe,CACrB,GAAwB,EACxB,QAA4B,EAC5B,IAAiB,EACjB,QAAiB;QAEjB,OAAO;YACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,UAAU,EAAE,GAAG,CAAC,UAAU;YAC1B,YAAY,EAAE,GAAG,CAAC,YAAY;YAC9B,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,cAAc,EAAE,QAAQ,CAAC,IAAI;YAC7B,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,QAAQ;YACR,QAAQ,EAAE,GAAG,CAAC,QAAQ;SACvB,CAAC;IACJ,CAAC;CACF;AAED,iFAAiF;AAEjF,MAAM,UAAU,YAAY,CAC1B,WAAyB,EACzB,KAAoB,EACpB,MAAoB;IAEpB,OAAO,IAAI,gBAAgB,CAAC,EAAE,KAAK,EAAE,IAAI,qBAAqB,CAAC,WAAW,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;AAChG,CAAC;AAED,MAAM,UAAU,qBAAqB,CACnC,KAAsB,EACtB,KAAoB,EACpB,MAAoB;IAEpB,OAAO,IAAI,gBAAgB,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;AACxD,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,MAAoB;IACzD,OAAO,IAAI,gBAAgB,CAAC,MAAM,CAAC,CAAC;AACtC,CAAC"}
|
package/dist/types/approval.d.ts
CHANGED
|
@@ -30,7 +30,7 @@ export declare class WebhookApprovalNotifier implements ApprovalNotifier {
|
|
|
30
30
|
export declare class SlackApprovalNotifier implements ApprovalNotifier {
|
|
31
31
|
private readonly webhookUrl;
|
|
32
32
|
constructor(webhookUrl: string);
|
|
33
|
-
notify(request: ApprovalRequest,
|
|
33
|
+
notify(request: ApprovalRequest, policy: ApprovalPolicy): Promise<void>;
|
|
34
34
|
}
|
|
35
35
|
export declare class ApprovalManager {
|
|
36
36
|
private readonly store;
|
|
@@ -39,9 +39,14 @@ export declare class ApprovalManager {
|
|
|
39
39
|
constructor(store: ApprovalStore, notifiers?: ApprovalNotifier[], auditLogger?: AuditLogger | undefined);
|
|
40
40
|
/**
|
|
41
41
|
* Gate a resolve() call behind an approval policy.
|
|
42
|
-
*
|
|
43
|
-
*
|
|
44
|
-
*
|
|
42
|
+
*
|
|
43
|
+
* Returns the current ApprovalStatus:
|
|
44
|
+
* 'approved' / 'break_glass' → caller should proceed with resolution
|
|
45
|
+
* 'pending' → caller should return null and retry later
|
|
46
|
+
* 'rejected' / 'timeout' → caller should return null permanently
|
|
47
|
+
*
|
|
48
|
+
* The requestId is derived deterministically from traceId + ruleId so that
|
|
49
|
+
* repeated calls within the same trace are idempotent.
|
|
45
50
|
*/
|
|
46
51
|
request(ctx: AgentRequestContext, policy: ApprovalPolicy, credentialId: string, ruleId: string): Promise<ApprovalStatus>;
|
|
47
52
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"approval.d.ts","sourceRoot":"","sources":["../../src/approval.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,KAAK,EAAE,mBAAmB,EAAE,cAAc,EAAE,eAAe,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAIjH,MAAM,WAAW,aAAa;IAC5B,MAAM,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChD,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAC;IACxD,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9G,WAAW,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC;CAC3C;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,CAAC,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACzE;AAID,qBAAa,mBAAoB,YAAW,aAAa;IACvD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAsC;IAEtD,MAAM,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/C,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAIvD,MAAM,CACV,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,cAAc,EACtB,UAAU,CAAC,EAAE,MAAM,EACnB,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAAC,IAAI,CAAC;IAYV,WAAW,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;CAGhD;AAID,qBAAa,uBAAwB,YAAW,gBAAgB;IAClD,OAAO,CAAC,QAAQ,CAAC,UAAU;IAAU,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAA5C,UAAU,EAAE,MAAM,EAAmB,MAAM,CAAC,EAAE,MAAM,YAAA;IAE3E,MAAM,CAAC,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;CAY/E;AAID,qBAAa,qBAAsB,YAAW,gBAAgB;IAChD,OAAO,CAAC,QAAQ,CAAC,UAAU;gBAAV,UAAU,EAAE,MAAM;IAEzC,MAAM,CAAC,OAAO,EAAE,eAAe,EAAE,
|
|
1
|
+
{"version":3,"file":"approval.d.ts","sourceRoot":"","sources":["../../src/approval.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,KAAK,EAAE,mBAAmB,EAAE,cAAc,EAAE,eAAe,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAIjH,MAAM,WAAW,aAAa;IAC5B,MAAM,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChD,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAC;IACxD,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9G,WAAW,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC;CAC3C;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,CAAC,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACzE;AAID,qBAAa,mBAAoB,YAAW,aAAa;IACvD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAsC;IAEtD,MAAM,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/C,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAIvD,MAAM,CACV,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,cAAc,EACtB,UAAU,CAAC,EAAE,MAAM,EACnB,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAAC,IAAI,CAAC;IAYV,WAAW,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;CAGhD;AAID,qBAAa,uBAAwB,YAAW,gBAAgB;IAClD,OAAO,CAAC,QAAQ,CAAC,UAAU;IAAU,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAA5C,UAAU,EAAE,MAAM,EAAmB,MAAM,CAAC,EAAE,MAAM,YAAA;IAE3E,MAAM,CAAC,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;CAY/E;AAID,qBAAa,qBAAsB,YAAW,gBAAgB;IAChD,OAAO,CAAC,QAAQ,CAAC,UAAU;gBAAV,UAAU,EAAE,MAAM;IAEzC,MAAM,CAAC,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;CAoB9E;AAID,qBAAa,eAAe;IAExB,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAFZ,KAAK,EAAE,aAAa,EACpB,SAAS,GAAE,gBAAgB,EAAO,EAClC,WAAW,CAAC,EAAE,WAAW,YAAA;IAG5C;;;;;;;;;;OAUG;IACG,OAAO,CACX,GAAG,EAAE,mBAAmB,EACxB,MAAM,EAAE,cAAc,EACtB,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,cAAc,CAAC;CAkE3B"}
|
package/dist/types/router.d.ts
CHANGED
|
@@ -1,11 +1,14 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Credential Router — core of @datacules/agent-identity.
|
|
3
3
|
*
|
|
4
|
-
* Key features
|
|
4
|
+
* Key features:
|
|
5
5
|
* - Canary routing: canaryRef + canaryWeight on RoutingRule
|
|
6
6
|
* - Attestation: optional AttestationSigner on router config
|
|
7
7
|
* - Budget enforcement: BudgetEnforcer check before resolving
|
|
8
8
|
* - Approval gate: ApprovalManager integration on rules with approval policy
|
|
9
|
+
* - resolveAsync(): full async resolution path for cloud stores
|
|
10
|
+
* - resolvePairAsync(): async migration pair resolution (async counterpart
|
|
11
|
+
* of resolvePair(), enabling budget + attestation on migration workflows)
|
|
9
12
|
*/
|
|
10
13
|
import type { AgentRequestContext, AuditLogger, Credential, CredentialStore, MigrationContext, ResolvedCredential, ResolvedCredentialPair, RoutingRule, AttestationSigner } from './types';
|
|
11
14
|
import type { BudgetEnforcer } from './budget';
|
|
@@ -38,6 +41,24 @@ export declare class CredentialRouter {
|
|
|
38
41
|
resolve(ctx: AgentRequestContext): ResolvedCredential | null;
|
|
39
42
|
resolveAsync(ctx: AgentRequestContext): Promise<ResolvedCredential | null>;
|
|
40
43
|
resolvePair(ctx: MigrationContext): ResolvedCredentialPair | null;
|
|
44
|
+
/**
|
|
45
|
+
* Async counterpart of resolvePair(). Resolves source and target credentials
|
|
46
|
+
* in parallel using resolveAsync(), so both resolutions benefit from:
|
|
47
|
+
* - Budget enforcement (per-credential checks)
|
|
48
|
+
* - Attestation signing (if AttestationSigner is configured)
|
|
49
|
+
* - Approval gates (if ApprovalManager is configured)
|
|
50
|
+
* - Cloud credential stores (AWS Secrets Manager, Vault, Azure Key Vault)
|
|
51
|
+
*
|
|
52
|
+
* Use this instead of resolvePair() in any production migration workflow
|
|
53
|
+
* that uses a non-MemoryCredentialStore.
|
|
54
|
+
*
|
|
55
|
+
* The source context always uses action: 'read'.
|
|
56
|
+
* The target context uses action: 'read' when dryRun is true, otherwise
|
|
57
|
+
* the original action from the MigrationContext.
|
|
58
|
+
*
|
|
59
|
+
* Returns null if either source or target credential cannot be resolved.
|
|
60
|
+
*/
|
|
61
|
+
resolvePairAsync(ctx: MigrationContext): Promise<ResolvedCredentialPair | null>;
|
|
41
62
|
private selectRef;
|
|
42
63
|
private ruleMatches;
|
|
43
64
|
private buildAuditEntry;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../../src/router.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../../src/router.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EACV,mBAAmB,EAEnB,WAAW,EACX,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,WAAW,EACX,iBAAiB,EAClB,MAAM,SAAS,CAAC;AAEjB,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC/C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAUlD,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,eAAe,CAAC;IACvB,KAAK,EAAE,WAAW,EAAE,CAAC;IACrB,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,uEAAuE;IACvE,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,2CAA2C;IAC3C,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,uDAAuD;IACvD,eAAe,CAAC,EAAE,eAAe,CAAC;CACnC;AAED,qBAAa,qBAAsB,YAAW,eAAe;IAC3D,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAe;IACrC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAiE;gBAElF,WAAW,EAAE,UAAU,EAAE;IAIrC,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI;IAIvC,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAIlD,UAAU,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;IAInC,UAAU,CAAC,IAAI,EAAE,UAAU,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAI3D,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAQ/E,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAI/D;AAED,qBAAa,gBAAgB;IACf,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,YAAY;IAIjD,OAAO,CAAC,GAAG,EAAE,mBAAmB,GAAG,kBAAkB,GAAG,IAAI;IAyCtD,YAAY,CAAC,GAAG,EAAE,mBAAmB,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAuDhF,WAAW,CAAC,GAAG,EAAE,gBAAgB,GAAG,sBAAsB,GAAG,IAAI;IAajE;;;;;;;;;;;;;;;;OAgBG;IACG,gBAAgB,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC;IAiCrF,OAAO,CAAC,SAAS;IAUjB,OAAO,CAAC,WAAW;IAoBnB,OAAO,CAAC,eAAe;CAsBxB;AAID,wBAAgB,YAAY,CAC1B,WAAW,EAAE,UAAU,EAAE,EACzB,KAAK,EAAE,WAAW,EAAE,EACpB,MAAM,CAAC,EAAE,WAAW,GACnB,gBAAgB,CAElB;AAED,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,eAAe,EACtB,KAAK,EAAE,WAAW,EAAE,EACpB,MAAM,CAAC,EAAE,WAAW,GACnB,gBAAgB,CAElB;AAED,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,YAAY,GAAG,gBAAgB,CAE7E"}
|
package/dist/types/types.d.ts
CHANGED
|
@@ -67,14 +67,21 @@ export interface Approver {
|
|
|
67
67
|
target: string;
|
|
68
68
|
}
|
|
69
69
|
export interface ApprovalPolicy {
|
|
70
|
+
/**
|
|
71
|
+
* Minimum number of approvers that must approve before the credential
|
|
72
|
+
* resolves. Set to 1 for standard single-approver gates.
|
|
73
|
+
*/
|
|
70
74
|
requiredApprovers: number;
|
|
75
|
+
/**
|
|
76
|
+
* List of approvers to notify. Each entry specifies the channel (webhook,
|
|
77
|
+
* email, slack) and the target address or URL.
|
|
78
|
+
*/
|
|
71
79
|
approvers: Approver[];
|
|
72
|
-
/** Seconds before auto-
|
|
80
|
+
/** Seconds before the request auto-times-out (default: 300) */
|
|
73
81
|
timeoutSeconds?: number;
|
|
74
82
|
breakGlass?: {
|
|
75
|
-
/** User ID
|
|
83
|
+
/** User ID authorised for emergency override */
|
|
76
84
|
approver: string;
|
|
77
|
-
/** Whether to require a written justification */
|
|
78
85
|
requireJustification?: boolean;
|
|
79
86
|
};
|
|
80
87
|
}
|
|
@@ -186,8 +193,22 @@ export interface MigrationAuditLogEntry extends AuditLogEntry {
|
|
|
186
193
|
targetCredentialId: string;
|
|
187
194
|
errorSummary?: string;
|
|
188
195
|
}
|
|
196
|
+
/**
|
|
197
|
+
* AuditLogger — the core audit interface.
|
|
198
|
+
*
|
|
199
|
+
* log() accepts both synchronous (void) and asynchronous (Promise<void>)
|
|
200
|
+
* implementations. This union return type ensures that:
|
|
201
|
+
* - Synchronous loggers (ConsoleAuditLogger, HashChainAuditLogger) satisfy
|
|
202
|
+
* the interface without wrapping every call in a Promise.
|
|
203
|
+
* - Async loggers (WebhookAuditLogger, DatadogAuditLogger) can return a
|
|
204
|
+
* Promise that callers may await.
|
|
205
|
+
*
|
|
206
|
+
* Callers that need guaranteed delivery should await the result:
|
|
207
|
+
* await logger.log(entry);
|
|
208
|
+
* Callers using fire-and-forget patterns may call without await.
|
|
209
|
+
*/
|
|
189
210
|
export interface AuditLogger {
|
|
190
|
-
log(entry: AuditLogEntry): Promise<void>;
|
|
211
|
+
log(entry: AuditLogEntry): void | Promise<void>;
|
|
191
212
|
}
|
|
192
213
|
export interface MigrationAuditLogger extends AuditLogger {
|
|
193
214
|
summarize(migrationId: string): Promise<MigrationSummary>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,YAAY,GACpB,gBAAgB,GAChB,eAAe,GACf,QAAQ,GACR,kBAAkB,CAAC;AAEvB,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,YAAY,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAID,MAAM,MAAM,eAAe,GACvB,sBAAsB,GACtB,kBAAkB,GAClB,kBAAkB,GAClB,gBAAgB,CAAC;AAErB,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,eAAe,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,SAAS,EAAE,QAAQ,EAAE,CAAC;CACvB;AAED,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,SAAS,GAAG,MAAM,GAAG,KAAK,GAAG,OAAO,GAAG,OAAO,CAAC;CACzD;AAID,MAAM,WAAW,cAAc;IAC7B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,+CAA+C;IAC/C,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAID,MAAM,WAAW,YAAY;IAC3B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,oFAAoF;IACpF,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,uEAAuE;IACvE,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAID,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,gBAAgB,CAAC;AACxD,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;AAEhE,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,cAAc,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yDAAyD;IACzD,GAAG,EAAE,MAAM,CAAC;IACZ,iDAAiD;IACjD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,uEAAuE;IACvE,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,sCAAsC;IACtC,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,oFAAoF;IACpF,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAID,MAAM,MAAM,YAAY,GAAG,SAAS,GAAG,OAAO,GAAG,OAAO,CAAC;AAEzD,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,YAAY,CAAC;IACnB,sDAAsD;IACtD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,YAAY,GACpB,gBAAgB,GAChB,eAAe,GACf,QAAQ,GACR,kBAAkB,CAAC;AAEvB,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,YAAY,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAID,MAAM,MAAM,eAAe,GACvB,sBAAsB,GACtB,kBAAkB,GAClB,kBAAkB,GAClB,gBAAgB,CAAC;AAErB,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,eAAe,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,SAAS,EAAE,QAAQ,EAAE,CAAC;CACvB;AAED,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,SAAS,GAAG,MAAM,GAAG,KAAK,GAAG,OAAO,GAAG,OAAO,CAAC;CACzD;AAID,MAAM,WAAW,cAAc;IAC7B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,+CAA+C;IAC/C,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAID,MAAM,WAAW,YAAY;IAC3B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,oFAAoF;IACpF,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,uEAAuE;IACvE,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAID,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,gBAAgB,CAAC;AACxD,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;AAEhE,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,cAAc,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yDAAyD;IACzD,GAAG,EAAE,MAAM,CAAC;IACZ,iDAAiD;IACjD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,uEAAuE;IACvE,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,sCAAsC;IACtC,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,oFAAoF;IACpF,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAID,MAAM,MAAM,YAAY,GAAG,SAAS,GAAG,OAAO,GAAG,OAAO,CAAC;AAEzD,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,YAAY,CAAC;IACnB,sDAAsD;IACtD,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B;;;OAGG;IACH,iBAAiB,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,+DAA+D;IAC/D,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,CAAC,EAAE;QACX,gDAAgD;QAChD,QAAQ,EAAE,MAAM,CAAC;QACjB,oBAAoB,CAAC,EAAE,OAAO,CAAC;KAChC,CAAC;CACH;AAID,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEjD,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,cAAc,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,CAAC,EAAE,YAAY,CAAC;IACjC,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAChC,aAAa,CAAC,EAAE,iBAAiB,CAAC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,cAAc,GAAG,cAAc,EAAE,CAAC;IAC/C,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,mEAAmE;IACnE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qEAAqE;IACrE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,mDAAmD;IACnD,QAAQ,CAAC,EAAE,cAAc,CAAC;CAC3B;AAID,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,YAAY,CAAC;IAC3B,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,yEAAyE;IACzE,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,cAAc,CAAC;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,kDAAkD;IAClD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4EAA4E;IAC5E,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,6DAA6D;IAC7D,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAID,MAAM,MAAM,cAAc,GACtB,SAAS,GACT,SAAS,GACT,WAAW,GACX,MAAM,GACN,QAAQ,GACR,UAAU,CAAC;AAEf,MAAM,WAAW,gBAAiB,SAAQ,mBAAmB;IAC3D,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,cAAc,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,kBAAkB,CAAC;IAC3B,MAAM,EAAE,kBAAkB,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAID,MAAM,MAAM,iBAAiB,GACzB,QAAQ,GACR,WAAW,GACX,QAAQ,GACR,SAAS,GACT,OAAO,CAAC;AAEZ,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,iBAAiB,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,gBAAgB,CACd,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,UAAU,EAAE,kBAAkB,GAC7B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3B,QAAQ,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAClD,oBAAoB,CAAC,CACnB,UAAU,EAAE,kBAAkB,EAC9B,KAAK,EAAE,cAAc,GACpB,IAAI,CAAC;CACT;AAID,MAAM,WAAW,eAAe;IAC9B,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACnD,UAAU,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IACpC,UAAU,CAAC,IAAI,EAAE,cAAc,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IACxD,OAAO,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACjF,OAAO,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3D;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,YAAY,CAAC;IAC3B,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,cAAc,CAAC;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,iDAAiD;IACjD,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,+CAA+C;IAC/C,aAAa,CAAC,EAAE,kBAAkB,EAAE,CAAC;IACrC,wCAAwC;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,sBAAuB,SAAQ,aAAa;IAC3D,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,cAAc,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,OAAO,CAAC;IAChB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,KAAK,EAAE,aAAa,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjD;AAED,MAAM,WAAW,oBAAqB,SAAQ,WAAW;IACvD,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;CAC3D;AAED,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,cAAc,EAAE,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAID,MAAM,WAAW,eAAe;IAC9B,cAAc,EAAE,OAAO,GAAG,IAAI,CAAC;IAC/B,cAAc,EAAE,OAAO,GAAG,IAAI,CAAC;IAC/B,aAAa,EAAE,OAAO,GAAG,IAAI,CAAC;IAC9B,oBAAoB,EAAE,OAAO,GAAG,IAAI,CAAC;CACtC;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,eAAe,CAAC;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;CACrB;AAID,MAAM,WAAW,iBAAiB;IAChC,qDAAqD;IACrD,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACxD,0EAA0E;IAC1E,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;CAChE;AAED,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAID,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,UAAU,GAAG,UAAU,GAAG,SAAS,GAAG,aAAa,CAAC;AAE7F,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,mBAAmB,CAAC;IAC7B,MAAM,EAAE,cAAc,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,MAAM,WAAW,kBAAkB;IACjC,mCAAmC;IACnC,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,oDAAoD;IACpD,QAAQ,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAC/B,mCAAmC;IACnC,WAAW,EAAE,MAAM,CAAC;IACpB,8DAA8D;IAC9D,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACxC"}
|