npm - @enbox/dwn-sdk-js - Versions diffs - 0.0.7 → 0.0.8 - Mend

@enbox/dwn-sdk-js 0.0.7 → 0.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (351) hide show

package/dist/esm/src/core/constants.js ADDED Viewed

@@ -0,0 +1,11 @@
+/**
+ * Cross-cutting constants that are shared between modules which cannot directly
+ * import each other without creating circular dependencies.
+ */
+/**
+ * Well-known protocol path for permission grant revocation records.
+ * Defined here (rather than on `PermissionsProtocol`) to avoid circular
+ * dependencies between `grant-authorization.ts` and `protocols/permissions.ts`.
+ */
+export const PERMISSIONS_REVOCATION_PATH = 'grant/revocation';
+//# sourceMappingURL=constants.js.map

package/dist/esm/src/core/constants.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../../src/core/constants.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;;;GAIG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG,kBAAkB,CAAC"}

package/dist/esm/src/core/core-protocol.js ADDED Viewed

@@ -0,0 +1,44 @@
+/**
+ * Registry of core protocols. Owned by a `Dwn` instance (not a static singleton)
+ * so that each DWN — including those in tests — gets an isolated registry.
+ */
+export class CoreProtocolRegistry {
+    _protocols = new Map();
+    /** Register a core protocol. */
+    register(protocol) {
+        this._protocols.set(protocol.uri, protocol);
+    }
+    /** Get a core protocol by URI, or `undefined` if not registered. */
+    get(uri) {
+        return this._protocols.get(uri);
+    }
+    /**
+     * Get the protocol definition for a core protocol, or `undefined`.
+     * Used by `fetchProtocolDefinition()` to bypass the message store for core protocols.
+     */
+    getDefinition(uri) {
+        return this._protocols.get(uri)?.definition;
+    }
+    /** Check whether a URI is a registered core protocol. */
+    has(uri) {
+        return this._protocols.has(uri);
+    }
+    /** Get all registered core protocols. */
+    all() {
+        return [...this._protocols.values()];
+    }
+    /**
+     * Delegate error code mapping to all registered core protocols.
+     * Returns the first non-`undefined` status code, or `undefined` if no protocol claims the error.
+     */
+    mapErrorToStatusCode(errorCode) {
+        for (const protocol of this._protocols.values()) {
+            const status = protocol.mapErrorToStatusCode?.(errorCode);
+            if (status !== undefined) {
+                return status;
+            }
+        }
+        return undefined;
+    }
+}
+//# sourceMappingURL=core-protocol.js.map

package/dist/esm/src/core/core-protocol.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"core-protocol.js","sourceRoot":"","sources":["../../../../src/core/core-protocol.ts"],"names":[],"mappings":"AAgFA;;;GAGG;AACH,MAAM,OAAO,oBAAoB;IACd,UAAU,GAA8B,IAAI,GAAG,EAAE,CAAC;IAEnE,gCAAgC;IACzB,QAAQ,CAAC,QAAsB;QACpC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IAED,oEAAoE;IAC7D,GAAG,CAAC,GAAW;QACpB,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAClC,CAAC;IAED;;;OAGG;IACI,aAAa,CAAC,GAAW;QAC9B,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,UAAU,CAAC;IAC9C,CAAC;IAED,yDAAyD;IAClD,GAAG,CAAC,GAAW;QACpB,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAClC,CAAC;IAED,yCAAyC;IAClC,GAAG;QACR,OAAO,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;IACvC,CAAC;IAED;;;OAGG;IACI,oBAAoB,CAAC,SAAiB;QAC3C,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,QAAQ,CAAC,oBAAoB,EAAE,CAAC,SAAS,CAAC,CAAC;YAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;CACF"}

package/dist/esm/src/core/dwn-error.js CHANGED Viewed

@@ -21,10 +21,10 @@ export var DwnErrorCode;
     DwnErrorCode["ComputeCidCodecNotSupported"] = "ComputeCidCodecNotSupported";
     DwnErrorCode["ComputeCidMultihashNotSupported"] = "ComputeCidMultihashNotSupported";
     DwnErrorCode["Ed25519InvalidJwk"] = "Ed25519InvalidJwk";
-    DwnErrorCode["EventEmitterStreamNotOpenError"] = "EventEmitterStreamNotOpenError";
+    DwnErrorCode["EventLogNotOpenError"] = "EventLogNotOpenError";
     DwnErrorCode["MessagesGrantAuthorizationMismatchedProtocol"] = "EventsGrantAuthorizationMismatchedProtocol";
     DwnErrorCode["MessagesSubscribeAuthorizationFailed"] = "MessagesSubscribeAuthorizationFailed";
-    DwnErrorCode["MessagesSubscribeEventStreamUnimplemented"] = "MessagesSubscribeEventStreamUnimplemented";
+    DwnErrorCode["MessagesSubscribeEventLogUnimplemented"] = "MessagesSubscribeEventLogUnimplemented";
     DwnErrorCode["GeneralJwsVerifierGetPublicKeyNotFound"] = "GeneralJwsVerifierGetPublicKeyNotFound";
     DwnErrorCode["GeneralJwsVerifierInvalidSignature"] = "GeneralJwsVerifierInvalidSignature";
     DwnErrorCode["GeneralJwsVerifierMissingAlg"] = "GeneralJwsVerifierMissingAlg";
@@ -79,11 +79,14 @@ export var DwnErrorCode;
     DwnErrorCode["ProtocolAuthorizationIncorrectProtocolPath"] = "ProtocolAuthorizationIncorrectProtocolPath";
     DwnErrorCode["ProtocolAuthorizationDuplicateRoleRecipient"] = "ProtocolAuthorizationDuplicateRoleRecipient";
     DwnErrorCode["ProtocolAuthorizationEncryptionRequired"] = "ProtocolAuthorizationEncryptionRequired";
+    DwnErrorCode["ProtocolAuthorizationImmutableRecord"] = "ProtocolAuthorizationImmutableRecord";
     DwnErrorCode["ProtocolAuthorizationInvalidSchema"] = "ProtocolAuthorizationInvalidSchema";
     DwnErrorCode["ProtocolAuthorizationInvalidType"] = "ProtocolAuthorizationInvalidType";
     DwnErrorCode["ProtocolAuthorizationMatchingRoleRecordNotFound"] = "ProtocolAuthorizationMatchingRoleRecordNotFound";
     DwnErrorCode["ProtocolAuthorizationMaxSizeInvalid"] = "ProtocolAuthorizationMaxSizeInvalid";
     DwnErrorCode["ProtocolAuthorizationMinSizeInvalid"] = "ProtocolAuthorizationMinSizeInvalid";
+    DwnErrorCode["ProtocolAuthorizationRecordLimitExceeded"] = "ProtocolAuthorizationRecordLimitExceeded";
+    DwnErrorCode["ProtocolAuthorizationRecordLimitStrategyNotImplemented"] = "ProtocolAuthorizationRecordLimitStrategyNotImplemented";
     DwnErrorCode["ProtocolAuthorizationMissingContextId"] = "ProtocolAuthorizationMissingContextId";
     DwnErrorCode["ProtocolAuthorizationMissingRuleSet"] = "ProtocolAuthorizationMissingRuleSet";
     DwnErrorCode["ProtocolAuthorizationParentlessIncorrectProtocolPath"] = "ProtocolAuthorizationParentlessIncorrectProtocolPath";
@@ -100,6 +103,8 @@ export var DwnErrorCode;
     DwnErrorCode["ProtocolsConfigureInvalidRefNodeHasDirectives"] = "ProtocolsConfigureInvalidRefNodeHasDirectives";
     DwnErrorCode["ProtocolsConfigureInvalidRefNotAtRoot"] = "ProtocolsConfigureInvalidRefNotAtRoot";
     DwnErrorCode["ProtocolsConfigureInvalidRefProtocolPath"] = "ProtocolsConfigureInvalidRefProtocolPath";
+    DwnErrorCode["ProtocolsConfigureInvalidRefTargetThroughRef"] = "ProtocolsConfigureInvalidRefTargetThroughRef";
+    DwnErrorCode["ProtocolsConfigureInvalidRecordLimit"] = "ProtocolsConfigureInvalidRecordLimit";
     DwnErrorCode["ProtocolsConfigureInvalidSize"] = "ProtocolsConfigureInvalidSize";
     DwnErrorCode["ProtocolsConfigureInvalidActionMissingOf"] = "ProtocolsConfigureInvalidActionMissingOf";
     DwnErrorCode["ProtocolsConfigureInvalidActionOfNotAnAncestor"] = "ProtocolsConfigureInvalidActionOfNotAnAncestor";
@@ -126,7 +131,6 @@ export var DwnErrorCode;
     DwnErrorCode["RecordsAuthorDelegatedGrantNotADelegatedGrant"] = "RecordsAuthorDelegatedGrantNotADelegatedGrant";
     DwnErrorCode["RecordsDecryptNoMatchingKeyEncryptedFound"] = "RecordsDecryptNoMatchingKeyEncryptedFound";
     DwnErrorCode["RecordsCountFilterMissingRequiredProperties"] = "RecordsCountFilterMissingRequiredProperties";
-    DwnErrorCode["RecordsDeleteAuthorizationFailed"] = "RecordsDeleteAuthorizationFailed";
     DwnErrorCode["RecordsQueryCreateFilterPublishedSortInvalid"] = "RecordsQueryCreateFilterPublishedSortInvalid";
     DwnErrorCode["RecordsQueryParseFilterPublishedSortInvalid"] = "RecordsQueryParseFilterPublishedSortInvalid";
     DwnErrorCode["RecordsGrantAuthorizationConditionPublicationProhibited"] = "RecordsGrantAuthorizationConditionPublicationProhibited";
@@ -142,23 +146,18 @@ export var DwnErrorCode;
     DwnErrorCode["RecordsOwnerDelegatedGrantCidMismatch"] = "RecordsOwnerDelegatedGrantCidMismatch";
     DwnErrorCode["RecordsOwnerDelegatedGrantGrantedToAndOwnerSignatureMismatch"] = "RecordsOwnerDelegatedGrantGrantedToAndOwnerSignatureMismatch";
     DwnErrorCode["RecordsOwnerDelegatedGrantNotADelegatedGrant"] = "RecordsOwnerDelegatedGrantNotADelegatedGrant";
-    DwnErrorCode["RecordsProtocolContextDerivationSchemeMissingContextId"] = "RecordsProtocolContextDerivationSchemeMissingContextId";
-    DwnErrorCode["RecordsProtocolPathDerivationSchemeMissingProtocol"] = "RecordsProtocolPathDerivationSchemeMissingProtocol";
     DwnErrorCode["RecordsQueryFilterMissingRequiredProperties"] = "RecordsQueryFilterMissingRequiredProperties";
-    DwnErrorCode["RecordsReadAuthorizationFailed"] = "RecordsReadAuthorizationFailed";
     DwnErrorCode["RecordsReadCreateFilterPublishedSortInvalid"] = "RecordsReadCreateFilterPublishedSortInvalid";
     DwnErrorCode["RecordsReadParseFilterPublishedSortInvalid"] = "RecordsReadParseFilterPublishedSortInvalid";
-    DwnErrorCode["RecordsSubscribeEventStreamUnimplemented"] = "RecordsSubscribeEventStreamUnimplemented";
+    DwnErrorCode["RecordsSubscribeEventLogUnimplemented"] = "RecordsSubscribeEventLogUnimplemented";
     DwnErrorCode["RecordsSubscribeFilterMissingRequiredProperties"] = "RecordsSubscribeFilterMissingRequiredProperties";
-    DwnErrorCode["RecordsSchemasDerivationSchemeMissingSchema"] = "RecordsSchemasDerivationSchemeMissingSchema";
     DwnErrorCode["RecordsWriteAttestationIntegrityMoreThanOneSignature"] = "RecordsWriteAttestationIntegrityMoreThanOneSignature";
     DwnErrorCode["RecordsWriteAttestationIntegrityDescriptorCidMismatch"] = "RecordsWriteAttestationIntegrityDescriptorCidMismatch";
     DwnErrorCode["RecordsWriteAttestationIntegrityInvalidPayloadProperty"] = "RecordsWriteAttestationIntegrityInvalidPayloadProperty";
-    DwnErrorCode["RecordsWriteAuthorizationFailed"] = "RecordsWriteAuthorizationFailed";
     DwnErrorCode["RecordsWriteCreateMissingSigner"] = "RecordsWriteCreateMissingSigner";
     DwnErrorCode["RecordsWriteCreateDataAndDataCidMutuallyExclusive"] = "RecordsWriteCreateDataAndDataCidMutuallyExclusive";
     DwnErrorCode["RecordsWriteCreateDataCidAndDataSizeMutuallyInclusive"] = "RecordsWriteCreateDataCidAndDataSizeMutuallyInclusive";
-    DwnErrorCode["RecordsWriteCreateProtocolAndProtocolPathMutuallyInclusive"] = "RecordsWriteCreateProtocolAndProtocolPathMutuallyInclusive";
+    DwnErrorCode["RecordsWriteCreateMissingProtocol"] = "RecordsWriteCreateMissingProtocol";
     DwnErrorCode["RecordsWriteDataCidMismatch"] = "RecordsWriteDataCidMismatch";
     DwnErrorCode["RecordsWriteDataSizeMismatch"] = "RecordsWriteDataSizeMismatch";
     DwnErrorCode["RecordsWriteGetEntryIdUndefinedAuthor"] = "RecordsWriteGetEntryIdUndefinedAuthor";
@@ -169,8 +168,6 @@ export var DwnErrorCode;
     DwnErrorCode["RecordsWriteMissingDataInPrevious"] = "RecordsWriteMissingDataInPrevious";
     DwnErrorCode["RecordsWriteMissingEncodedDataInPrevious"] = "RecordsWriteMissingEncodedDataInPrevious";
     DwnErrorCode["RecordsWriteMissingEncryption"] = "RecordsWriteMissingEncryption";
-    DwnErrorCode["RecordsWriteMissingProtocol"] = "RecordsWriteMissingProtocol";
-    DwnErrorCode["RecordsWriteMissingSchema"] = "RecordsWriteMissingSchema";
     DwnErrorCode["RecordsWriteNotAllowedAfterDelete"] = "RecordsWriteNotAllowedAfterDelete";
     DwnErrorCode["RecordsWriteOwnerAndTenantMismatch"] = "RecordsWriteOwnerAndTenantMismatch";
     DwnErrorCode["RecordsWriteSignAsOwnerDelegateUnknownAuthor"] = "RecordsWriteSignAsOwnerDelegateUnknownAuthor";

package/dist/esm/src/core/dwn-error.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"dwn-error.js","sourceRoot":"","sources":["../../../../src/core/dwn-error.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,OAAO,QAAS,SAAQ,KAAK;IACb;IAApB,YAAoB,IAAY,EAAE,OAAe;QAC/C,KAAK,CAAC,GAAG,IAAI,KAAK,OAAO,EAAE,CAAC,CAAC;QADX,SAAI,GAAJ,IAAI,CAAQ;QAG9B,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;IACzB,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAN,IAAY,~~YAmLX~~;~~AAnLD~~,WAAY,YAAY;IACtB,iEAAiD,CAAA;IACjD,uFAAuE,CAAA;IACvE,iHAAiG,CAAA;IACjG,mFAAmE,CAAA;IACnE,2EAA2D,CAAA;IAC3D,mFAAmE,CAAA;IACnE,uDAAuC,CAAA;IACvC,~~iFAAiE~~,CAAA;~~IACjE~~,2GAA2F,CAAA;IAC3F,6FAA6E,CAAA;IAC7E,~~uGAAuF~~,CAAA;~~IACvF~~,iGAAiF,CAAA;IACjF,yFAAyE,CAAA;IACzE,6EAA6D,CAAA;IAC7D,6EAA6D,CAAA;IAC7D,iFAAiE,CAAA;IACjE,iFAAiE,CAAA;IACjE,iFAAiE,CAAA;IACjE,2FAA2E,CAAA;IAC3E,qFAAqE,CAAA;IACrE,+FAA+E,CAAA;IAC/E,6FAA6E,CAAA;IAC7E,2FAA2E,CAAA;IAC3E,yEAAyD,CAAA;IACzD,qFAAqE,CAAA;IACrE,2EAA2D,CAAA;IAC3D,iFAAiE,CAAA;IACjE,qFAAqE,CAAA;IACrE,+EAA+D,CAAA;IAC/D,yFAAyE,CAAA;IACzE,iEAAiD,CAAA;IACjD,mFAAmE,CAAA;IACnE,6DAA6C,CAAA;IAC7C,+EAA+D,CAAA;IAC/D,mFAAmE,CAAA;IACnE,uEAAuD,CAAA;IACvD,uEAAuD,CAAA;IACvD,+EAA+D,CAAA;IAC/D,uIAAuH,CAAA;IACvH,2IAA2H,CAAA;IAC3H,yGAAyF,CAAA;IACzF,uHAAuG,CAAA;IACvG,+IAA+H,CAAA;IAC/H,qHAAqG,CAAA;IACrG,yHAAyG,CAAA;IACzG,qIAAqH,CAAA;IACrH,qGAAqF,CAAA;IACrF,iGAAiF,CAAA;IACjF,6FAA6E,CAAA;IAC7E,qFAAqE,CAAA;IACrE,iGAAiF,CAAA;IACjF,yGAAyF,CAAA;IACzF,qGAAqF,CAAA;IACrF,yFAAyE,CAAA;IACzE,mGAAmF,CAAA;IACnF,2FAA2E,CAAA;IAC3E,qFAAqE,CAAA;IACrE,+FAA+E,CAAA;IAC/E,qGAAqF,CAAA;IACrF,qHAAqG,CAAA;IACrG,qGAAqF,CAAA;IACrF,mGAAmF,CAAA;IACnF,yGAAyF,CAAA;IACzF,2GAA2F,CAAA;IAC3F,mGAAmF,CAAA;IACnF,yFAAyE,CAAA;IACzE,qFAAqE,CAAA;IACrE,mHAAmG,CAAA;IACnG,2FAA2E,CAAA;IAC3E,2FAA2E,CAAA;IAC3E,+FAA+E,CAAA;IAC/E,2FAA2E,CAAA;IAC3E,6HAA6G,CAAA;IAC7G,+EAA+D,CAAA;IAC/D,yIAAyH,CAAA;IACzH,+FAA+E,CAAA;IAC/E,uGAAuF,CAAA;IACvF,iGAAiF,CAAA;IACjF,+FAA+E,CAAA;IAC/E,iHAAiG,CAAA;IACjG,uGAAuF,CAAA;IACvF,qGAAqF,CAAA;IACrF,uFAAuE,CAAA;IACvE,+GAA+F,CAAA;IAC/F,+FAA+E,CAAA;IAC/E,qGAAqF,CAAA;IACrF,+EAA+D,CAAA;IAC/D,qGAAqF,CAAA;IACrF,iHAAiG,CAAA;IACjG,2GAA2F,CAAA;IAC3F,yHAAyG,CAAA;IACzG,uHAAuG,CAAA;IACvG,yHAAyG,CAAA;IACzG,qGAAqF,CAAA;IACrF,yGAAyF,CAAA;IACzF,yGAAyF,CAAA;IACzF,yGAAyF,CAAA;IACzF,yFAAyE,CAAA;IACzE,yFAAyE,CAAA;IACzE,qGAAqF,CAAA;IACrF,yGAAyF,CAAA;IACzF,6GAA6F,CAAA;IAC7F,+GAA+F,CAAA;IAC/F,+HAA+G,CAAA;IAC/G,qHAAqG,CAAA;IACrG,yEAAyD,CAAA;IACzD,uHAAuG,CAAA;IACvG,iGAAiF,CAAA;IACjF,+IAA+H,CAAA;IAC/H,+GAA+F,CAAA;IAC/F,uGAAuF,CAAA;IACvF,2GAA2F,CAAA;~~IAC3F~~,~~qFAAqE,CAAA;IACrE,~~6GAA6F,CAAA;IAC7F,2GAA2F,CAAA;IAC3F,mIAAmH,CAAA;IACnH,+HAA+G,CAAA;IAC/G,6HAA6G,CAAA;IAC7G,iJAAiI,CAAA;IACjI,mHAAmG,CAAA;IACnG,iHAAiG,CAAA;IACjG,yHAAyG,CAAA;IACzG,mGAAmF,CAAA;IACnF,yGAAyF,CAAA;IACzF,qHAAqG,CAAA;IACrG,+FAA+E,CAAA;IAC/E,6IAA6H,CAAA;IAC7H,6GAA6F,CAAA;~~IAC7F~~,~~iIAAiH,CAAA;IACjH,yHAAyG,CAAA;IACzG,~~2GAA2F,CAAA;~~IAC3F~~,~~iFAAiE,CAAA;IACjE,~~2GAA2F,CAAA;IAC3F,yGAAyF,CAAA;IACzF,~~qGAAqF,~~CAAA;~~IACrF~~,mHAAmG,CAAA;~~IACnG~~,~~2GAA2F,CAAA;IAC3F,~~6HAA6G,CAAA;IAC7G,+HAA+G,CAAA;IAC/G,iIAAiH,CAAA;~~IACjH~~,mFAAmE,CAAA;IACnE,~~mFAAmE,CAAA;IACnE,~~uHAAuG,CAAA;IACvG,+HAA+G,CAAA;IAC/G,~~yIAAyH~~,CAAA;~~IACzH~~,2EAA2D,CAAA;IAC3D,6EAA6D,CAAA;IAC7D,+FAA+E,CAAA;IAC/E,qGAAqF,CAAA;IACrF,2FAA2E,CAAA;IAC3E,6FAA6E,CAAA;IAC7E,uEAAuD,CAAA;IACvD,uFAAuE,CAAA;IACvE,qGAAqF,CAAA;IACrF,+EAA+D,CAAA;~~IAC~~/D,~~2EAA2D,CAAA;IAC3D,uEAAuD,CAAA;IACvD,~~uFAAuE,CAAA;IACvE,yFAAyE,CAAA;IACzE,6GAA6F,CAAA;IAC7F,6FAA6E,CAAA;IAC7E,qHAAqG,CAAA;IACrG,iHAAiG,CAAA;IACjG,uJAAuI,CAAA;IACvI,qHAAqG,CAAA;IACrG,yHAAyG,CAAA;IACzG,uHAAuG,CAAA;IACvG,2GAA2F,CAAA;IAC3F,iEAAiD,CAAA;IACjD,+EAA+D,CAAA;IAC/D,6GAA6F,CAAA;IAC7F,6DAA6C,CAAA;IAC7C,6DAA6C,CAAA;IAC7C,qDAAqC,CAAA;IACrC,qEAAqD,CAAA;IACrD,yEAAyD,CAAA;IACzD,iEAAiD,CAAA;IACjD,mFAAmE,CAAA;AACrE,CAAC,~~EAnLW~~,YAAY,KAAZ,YAAY,~~QAmLvB~~;AAAA,CAAC"}
1	+ {"version":3,"file":"dwn-error.js","sourceRoot":"","sources":["../../../../src/core/dwn-error.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,OAAO,QAAS,SAAQ,KAAK;IACb;IAApB,YAAoB,IAAY,EAAE,OAAe;QAC/C,KAAK,CAAC,GAAG,IAAI,KAAK,OAAO,EAAE,CAAC,CAAC;QADX,SAAI,GAAJ,IAAI,CAAQ;QAG9B,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;IACzB,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAN,IAAY,YAsLX;AAtLD,WAAY,YAAY;IACtB,iEAAiD,CAAA;IACjD,uFAAuE,CAAA;IACvE,iHAAiG,CAAA;IACjG,mFAAmE,CAAA;IACnE,2EAA2D,CAAA;IAC3D,mFAAmE,CAAA;IACnE,uDAAuC,CAAA;IACvC,6DAA6C,CAAA;IAC7C,2GAA2F,CAAA;IAC3F,6FAA6E,CAAA;IAC7E,iGAAiF,CAAA;IACjF,iGAAiF,CAAA;IACjF,yFAAyE,CAAA;IACzE,6EAA6D,CAAA;IAC7D,6EAA6D,CAAA;IAC7D,iFAAiE,CAAA;IACjE,iFAAiE,CAAA;IACjE,iFAAiE,CAAA;IACjE,2FAA2E,CAAA;IAC3E,qFAAqE,CAAA;IACrE,+FAA+E,CAAA;IAC/E,6FAA6E,CAAA;IAC7E,2FAA2E,CAAA;IAC3E,yEAAyD,CAAA;IACzD,qFAAqE,CAAA;IACrE,2EAA2D,CAAA;IAC3D,iFAAiE,CAAA;IACjE,qFAAqE,CAAA;IACrE,+EAA+D,CAAA;IAC/D,yFAAyE,CAAA;IACzE,iEAAiD,CAAA;IACjD,mFAAmE,CAAA;IACnE,6DAA6C,CAAA;IAC7C,+EAA+D,CAAA;IAC/D,mFAAmE,CAAA;IACnE,uEAAuD,CAAA;IACvD,uEAAuD,CAAA;IACvD,+EAA+D,CAAA;IAC/D,uIAAuH,CAAA;IACvH,2IAA2H,CAAA;IAC3H,yGAAyF,CAAA;IACzF,uHAAuG,CAAA;IACvG,+IAA+H,CAAA;IAC/H,qHAAqG,CAAA;IACrG,yHAAyG,CAAA;IACzG,qIAAqH,CAAA;IACrH,qGAAqF,CAAA;IACrF,iGAAiF,CAAA;IACjF,6FAA6E,CAAA;IAC7E,qFAAqE,CAAA;IACrE,iGAAiF,CAAA;IACjF,yGAAyF,CAAA;IACzF,qGAAqF,CAAA;IACrF,yFAAyE,CAAA;IACzE,mGAAmF,CAAA;IACnF,2FAA2E,CAAA;IAC3E,qFAAqE,CAAA;IACrE,+FAA+E,CAAA;IAC/E,qGAAqF,CAAA;IACrF,qHAAqG,CAAA;IACrG,qGAAqF,CAAA;IACrF,mGAAmF,CAAA;IACnF,yGAAyF,CAAA;IACzF,2GAA2F,CAAA;IAC3F,mGAAmF,CAAA;IACnF,6FAA6E,CAAA;IAC7E,yFAAyE,CAAA;IACzE,qFAAqE,CAAA;IACrE,mHAAmG,CAAA;IACnG,2FAA2E,CAAA;IAC3E,2FAA2E,CAAA;IAC3E,qGAAqF,CAAA;IACrF,iIAAiH,CAAA;IACjH,+FAA+E,CAAA;IAC/E,2FAA2E,CAAA;IAC3E,6HAA6G,CAAA;IAC7G,+EAA+D,CAAA;IAC/D,yIAAyH,CAAA;IACzH,+FAA+E,CAAA;IAC/E,uGAAuF,CAAA;IACvF,iGAAiF,CAAA;IACjF,+FAA+E,CAAA;IAC/E,iHAAiG,CAAA;IACjG,uGAAuF,CAAA;IACvF,qGAAqF,CAAA;IACrF,uFAAuE,CAAA;IACvE,+GAA+F,CAAA;IAC/F,+FAA+E,CAAA;IAC/E,qGAAqF,CAAA;IACrF,6GAA6F,CAAA;IAC7F,6FAA6E,CAAA;IAC7E,+EAA+D,CAAA;IAC/D,qGAAqF,CAAA;IACrF,iHAAiG,CAAA;IACjG,2GAA2F,CAAA;IAC3F,yHAAyG,CAAA;IACzG,uHAAuG,CAAA;IACvG,yHAAyG,CAAA;IACzG,qGAAqF,CAAA;IACrF,yGAAyF,CAAA;IACzF,yGAAyF,CAAA;IACzF,yGAAyF,CAAA;IACzF,yFAAyE,CAAA;IACzE,yFAAyE,CAAA;IACzE,qGAAqF,CAAA;IACrF,yGAAyF,CAAA;IACzF,6GAA6F,CAAA;IAC7F,+GAA+F,CAAA;IAC/F,+HAA+G,CAAA;IAC/G,qHAAqG,CAAA;IACrG,yEAAyD,CAAA;IACzD,uHAAuG,CAAA;IACvG,iGAAiF,CAAA;IACjF,+IAA+H,CAAA;IAC/H,+GAA+F,CAAA;IAC/F,uGAAuF,CAAA;IACvF,2GAA2F,CAAA;IAE3F,6GAA6F,CAAA;IAC7F,2GAA2F,CAAA;IAC3F,mIAAmH,CAAA;IACnH,+HAA+G,CAAA;IAC/G,6HAA6G,CAAA;IAC7G,iJAAiI,CAAA;IACjI,mHAAmG,CAAA;IACnG,iHAAiG,CAAA;IACjG,yHAAyG,CAAA;IACzG,mGAAmF,CAAA;IACnF,yGAAyF,CAAA;IACzF,qHAAqG,CAAA;IACrG,+FAA+E,CAAA;IAC/E,6IAA6H,CAAA;IAC7H,6GAA6F,CAAA;IAE7F,2GAA2F,CAAA;IAE3F,2GAA2F,CAAA;IAC3F,yGAAyF,CAAA;IACzF,+FAA+E,CAAA;IAC/E,mHAAmG,CAAA;IAEnG,6HAA6G,CAAA;IAC7G,+HAA+G,CAAA;IAC/G,iIAAiH,CAAA;IAEjH,mFAAmE,CAAA;IACnE,uHAAuG,CAAA;IACvG,+HAA+G,CAAA;IAC/G,uFAAuE,CAAA;IACvE,2EAA2D,CAAA;IAC3D,6EAA6D,CAAA;IAC7D,+FAA+E,CAAA;IAC/E,qGAAqF,CAAA;IACrF,2FAA2E,CAAA;IAC3E,6FAA6E,CAAA;IAC7E,uEAAuD,CAAA;IACvD,uFAAuE,CAAA;IACvE,qGAAqF,CAAA;IACrF,+EAA+D,CAAA;IAE/D,uFAAuE,CAAA;IACvE,yFAAyE,CAAA;IACzE,6GAA6F,CAAA;IAC7F,6FAA6E,CAAA;IAC7E,qHAAqG,CAAA;IACrG,iHAAiG,CAAA;IACjG,uJAAuI,CAAA;IACvI,qHAAqG,CAAA;IACrG,yHAAyG,CAAA;IACzG,uHAAuG,CAAA;IACvG,2GAA2F,CAAA;IAC3F,iEAAiD,CAAA;IACjD,+EAA+D,CAAA;IAC/D,6GAA6F,CAAA;IAC7F,6DAA6C,CAAA;IAC7C,6DAA6C,CAAA;IAC7C,qDAAqC,CAAA;IACrC,qEAAqD,CAAA;IACrD,yEAAyD,CAAA;IACzD,iEAAiD,CAAA;IACjD,mFAAmE,CAAA;AACrE,CAAC,EAtLW,YAAY,KAAZ,YAAY,QAsLvB;AAAA,CAAC"}

package/dist/esm/src/core/grant-authorization.js CHANGED Viewed

@@ -1,5 +1,7 @@
 import { Message } from './message.js';
+import { PERMISSIONS_REVOCATION_PATH } from './constants.js';
 import { DwnError, DwnErrorCode } from './dwn-error.js';
+import { DwnInterfaceName, DwnMethodName } from '../enums/dwn-interface-method.js';
 export class GrantAuthorization {
     /**
      * Performs base permissions-grant-based authorization against the given message:
@@ -56,7 +58,7 @@ export class GrantAuthorization {
         // Check if grant has been revoked
         const query = {
             parentId: permissionGrant.id,
-            protocolPath: `grant/revocation`, // NOTE: this is optional, not referencing PermissionsProtocol.revocationPath due to circular dependency
+            protocolPath: PERMISSIONS_REVOCATION_PATH,
             isLatestBaseState: true
         };
         const { messages: revokes } = await messageStore.query(grantedFor, [query]);
@@ -66,14 +68,25 @@ export class GrantAuthorization {
         }
     }
     /**
-     * Verify that the `interface` and `method` grant scopes match the incoming message
-     * @param permissionGrantId Purely being passed for logging purposes.
+     * Verify that the `interface` and `method` grant scopes match the incoming message.
+     *
+     * For the Messages interface, a `Read` scope is treated as a unified scope that also authorizes
+     * `Subscribe` and `Sync` operations. This mirrors how protocol `$actions` treats `read` as a
+     * unified action covering read, query, subscribe, and count.
+     *
      * @throws {DwnError} if the `interface` and `method` of the incoming message do not match the scope of the permission grant.
      */
     static async verifyGrantScopeInterfaceAndMethod(dwnInterface, dwnMethod, permissionGrant) {
         if (dwnInterface !== permissionGrant.scope.interface) {
             throw new DwnError(DwnErrorCode.GrantAuthorizationInterfaceMismatch, `DWN Interface of incoming message is outside the scope of permission grant with ID ${permissionGrant.id}`);
         }
+        // For the Messages interface, a `Read` scope is a unified scope that also covers `Subscribe` and `Sync`.
+        if (dwnInterface === DwnInterfaceName.Messages && permissionGrant.scope.method === DwnMethodName.Read) {
+            const allowedMethods = [DwnMethodName.Read, DwnMethodName.Subscribe, DwnMethodName.Sync];
+            if (!allowedMethods.includes(dwnMethod)) {
+                throw new DwnError(DwnErrorCode.GrantAuthorizationMethodMismatch, `DWN Method of incoming message is outside the scope of permission grant with ID ${permissionGrant.id}`);
+            }
+        }
         else if (dwnMethod !== permissionGrant.scope.method) {
             throw new DwnError(DwnErrorCode.GrantAuthorizationMethodMismatch, `DWN Method of incoming message is outside the scope of permission grant with ID ${permissionGrant.id}`);
         }

package/dist/esm/src/core/grant-authorization.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"grant-authorization.js","sourceRoot":"","sources":["../../../../src/core/grant-authorization.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;~~AAExD~~,MAAM,OAAO,kBAAkB;IAE7B;;;;;;;;;;OAUG;IACI,MAAM,CAAC,KAAK,CAAC,qBAAqB,CAAC,KAMvC;QACD,MAAM,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,YAAY,EAAE,GAAG,KAAK,CAAC;QAEnG,MAAM,yBAAyB,GAAG,eAAe,CAAC,UAAU,CAAC;QAE7D,kBAAkB,CAAC,+BAA+B,CAAC,eAAe,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;QAEtG,iEAAiE;QACjE,MAAM,UAAU,GAAG,eAAe,CAAC,CAAC,8EAA8E;QAClH,MAAM,kBAAkB,CAAC,iBAAiB,CACxC,UAAU,EACV,yBAAyB,CAAC,gBAAgB,EAC1C,eAAe,EACf,YAAY,CACb,CAAC;QAEF,6CAA6C;QAC7C,MAAM,kBAAkB,CAAC,kCAAkC,CACzD,yBAAyB,CAAC,SAAS,EACnC,yBAAyB,CAAC,MAAM,EAChC,eAAe,CAChB,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACK,MAAM,CAAC,+BAA+B,CAC5C,eAAuB,EACvB,eAAuB,EACvB,eAAgC;QAGhC,MAAM,aAAa,GAAG,eAAe,CAAC,OAAO,CAAC;QAC9C,IAAI,eAAe,KAAK,aAAa,EAAE,CAAC;YACtC,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,oCAAoC,EACjD,kCAAkC,aAAa,+BAA+B,eAAe,EAAE,CAChG,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,eAAe,CAAC,OAAO,CAAC;QAC9C,IAAI,eAAe,KAAK,aAAa,EAAE,CAAC;YACtC,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,qCAAqC,EAClD,kCAAkC,aAAa,+BAA+B,eAAe,EAAE,CAChG,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,KAAK,CAAC,iBAAiB,CACpC,UAAkB,EAClB,wBAAgC,EAChC,eAAgC,EAChC,YAA0B;QAE1B,8DAA8D;QAC9D,IAAI,wBAAwB,GAAG,eAAe,CAAC,WAAW,EAAE,CAAC;YAC3D,0BAA0B;YAC1B,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,mCAAmC,EAChD,mFAAmF,CACpF,CAAC;QACJ,CAAC;QAED,IAAI,wBAAwB,IAAI,eAAe,CAAC,WAAW,EAAE,CAAC;YAC5D,oBAAoB;YACpB,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,8BAA8B,EAC3C,+EAA+E,CAChF,CAAC;QACJ,CAAC;QAED,kCAAkC;QAClC,MAAM,KAAK,GAAG;YACZ,QAAQ,EAAY,eAAe,CAAC,EAAE;YACtC,YAAY,EAAQ,~~kBAAkB,EAAE,wGAAwG~~;~~YAChJ~~,iBAAiB,EAAG,IAAI;SACzB,CAAC;QACF,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5E,MAAM,oBAAoB,GAAG,MAAM,OAAO,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAErE,IAAI,oBAAoB,KAAK,SAAS,IAAI,oBAAoB,CAAC,UAAU,CAAC,gBAAgB,IAAI,wBAAwB,EAAE,CAAC;YACvH,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,8BAA8B,EAC3C,6BAA6B,eAAe,CAAC,EAAE,mBAAmB,CACnE,CAAC;QACJ,CAAC;IACH,CAAC;IAED~~;;;;OAIG~~;IACK,MAAM,CAAC,KAAK,CAAC,kCAAkC,CACrD,YAAoB,EACpB,SAAiB,EACjB,eAAgC;QAGhC,IAAI,YAAY,KAAK,eAAe,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;YACrD,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,mCAAmC,EAChD,sFAAsF,eAAe,CAAC,EAAE,EAAE,CAC3G,CAAC;QACJ,CAAC;aAAM,IAAI,SAAS,KAAK,eAAe,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YACtD,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,gCAAgC,EAC7C,mFAAmF,eAAe,CAAC,EAAE,EAAE,CACxG,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}
1	+ {"version":3,"file":"grant-authorization.js","sourceRoot":"","sources":["../../../../src/core/grant-authorization.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AACvC,OAAO,EAAE,2BAA2B,EAAE,MAAM,gBAAgB,CAAC;AAC7D,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AAEnF,MAAM,OAAO,kBAAkB;IAE7B;;;;;;;;;;OAUG;IACI,MAAM,CAAC,KAAK,CAAC,qBAAqB,CAAC,KAMvC;QACD,MAAM,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,YAAY,EAAE,GAAG,KAAK,CAAC;QAEnG,MAAM,yBAAyB,GAAG,eAAe,CAAC,UAAU,CAAC;QAE7D,kBAAkB,CAAC,+BAA+B,CAAC,eAAe,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;QAEtG,iEAAiE;QACjE,MAAM,UAAU,GAAG,eAAe,CAAC,CAAC,8EAA8E;QAClH,MAAM,kBAAkB,CAAC,iBAAiB,CACxC,UAAU,EACV,yBAAyB,CAAC,gBAAgB,EAC1C,eAAe,EACf,YAAY,CACb,CAAC;QAEF,6CAA6C;QAC7C,MAAM,kBAAkB,CAAC,kCAAkC,CACzD,yBAAyB,CAAC,SAAS,EACnC,yBAAyB,CAAC,MAAM,EAChC,eAAe,CAChB,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACK,MAAM,CAAC,+BAA+B,CAC5C,eAAuB,EACvB,eAAuB,EACvB,eAAgC;QAGhC,MAAM,aAAa,GAAG,eAAe,CAAC,OAAO,CAAC;QAC9C,IAAI,eAAe,KAAK,aAAa,EAAE,CAAC;YACtC,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,oCAAoC,EACjD,kCAAkC,aAAa,+BAA+B,eAAe,EAAE,CAChG,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,eAAe,CAAC,OAAO,CAAC;QAC9C,IAAI,eAAe,KAAK,aAAa,EAAE,CAAC;YACtC,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,qCAAqC,EAClD,kCAAkC,aAAa,+BAA+B,eAAe,EAAE,CAChG,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,KAAK,CAAC,iBAAiB,CACpC,UAAkB,EAClB,wBAAgC,EAChC,eAAgC,EAChC,YAA0B;QAE1B,8DAA8D;QAC9D,IAAI,wBAAwB,GAAG,eAAe,CAAC,WAAW,EAAE,CAAC;YAC3D,0BAA0B;YAC1B,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,mCAAmC,EAChD,mFAAmF,CACpF,CAAC;QACJ,CAAC;QAED,IAAI,wBAAwB,IAAI,eAAe,CAAC,WAAW,EAAE,CAAC;YAC5D,oBAAoB;YACpB,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,8BAA8B,EAC3C,+EAA+E,CAChF,CAAC;QACJ,CAAC;QAED,kCAAkC;QAClC,MAAM,KAAK,GAAG;YACZ,QAAQ,EAAY,eAAe,CAAC,EAAE;YACtC,YAAY,EAAQ,2BAA2B;YAC/C,iBAAiB,EAAG,IAAI;SACzB,CAAC;QACF,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5E,MAAM,oBAAoB,GAAG,MAAM,OAAO,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAErE,IAAI,oBAAoB,KAAK,SAAS,IAAI,oBAAoB,CAAC,UAAU,CAAC,gBAAgB,IAAI,wBAAwB,EAAE,CAAC;YACvH,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,8BAA8B,EAC3C,6BAA6B,eAAe,CAAC,EAAE,mBAAmB,CACnE,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;;;OAQG;IACK,MAAM,CAAC,KAAK,CAAC,kCAAkC,CACrD,YAAoB,EACpB,SAAiB,EACjB,eAAgC;QAGhC,IAAI,YAAY,KAAK,eAAe,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;YACrD,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,mCAAmC,EAChD,sFAAsF,eAAe,CAAC,EAAE,EAAE,CAC3G,CAAC;QACJ,CAAC;QAED,yGAAyG;QACzG,IAAI,YAAY,KAAK,gBAAgB,CAAC,QAAQ,IAAI,eAAe,CAAC,KAAK,CAAC,MAAM,KAAK,aAAa,CAAC,IAAI,EAAE,CAAC;YACtG,MAAM,cAAc,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,aAAa,CAAC,SAAS,EAAE,aAAa,CAAC,IAAI,CAAC,CAAC;YACzF,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,SAA0B,CAAC,EAAE,CAAC;gBACzD,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,gCAAgC,EAC7C,mFAAmF,eAAe,CAAC,EAAE,EAAE,CACxG,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,IAAI,SAAS,KAAK,eAAe,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YACtD,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,gCAAgC,EAC7C,mFAAmF,eAAe,CAAC,EAAE,EAAE,CACxG,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}

package/dist/esm/src/core/protocol-authorization-validation.js CHANGED Viewed

@@ -1,3 +1,4 @@
+import { ProtocolRecordLimitStrategy } from '../types/protocols-types.js';
 import Ajv from 'ajv/dist/2020.js';
 import { FilterUtility } from '../utils/filter.js';
 import { Records } from '../utils/records.js';
@@ -251,4 +252,70 @@ export async function verifyAsRoleRecordIfNeeded(tenant, incomingMessage, ruleSe
         throw new DwnError(DwnErrorCode.ProtocolAuthorizationDuplicateRoleRecipient, `DID '${recipient}' is already recipient of a role record at protocol path '${protocolPath} under the parent context ${parentContextId}.`);
     }
 }
+/**
+ * Verifies that a new record creation does not exceed the `$recordLimit` defined in the rule set.
+ *
+ * This check only applies to initial writes (new records). Updates to existing records are not counted.
+ * The count is scoped to the same `protocol + protocolPath` within the parent context:
+ * - For root-level records: counted across the entire protocol for the tenant.
+ * - For nested records: counted within the parent record's context.
+ *
+ * @throws {DwnError} with `ProtocolAuthorizationRecordLimitExceeded` if the limit is reached and strategy is `reject`.
+ * @throws {DwnError} with `ProtocolAuthorizationRecordLimitStrategyNotImplemented` if strategy is not yet implemented.
+ */
+export async function verifyRecordLimit(tenant, incomingMessage, ruleSet, messageStore) {
+    if (ruleSet.$recordLimit === undefined) {
+        return;
+    }
+    // Only enforce on initial writes — updates to existing records do not count as new records.
+    const isInitialWrite = await incomingMessage.isInitialWrite();
+    if (!isInitialWrite) {
+        return;
+    }
+    const { max, strategy } = ruleSet.$recordLimit;
+    // Build a filter to count existing records at the same protocol path and parent context.
+    const protocolPath = incomingMessage.message.descriptor.protocolPath;
+    const filter = {
+        interface: DwnInterfaceName.Records,
+        method: DwnMethodName.Write,
+        isLatestBaseState: true,
+        protocol: incomingMessage.message.descriptor.protocol,
+        protocolPath,
+    };
+    // Scope by parent context for nested records.
+    const parentContextId = Records.getParentContextFromOfContextId(incomingMessage.message.contextId);
+    if (parentContextId !== '') {
+        const prefixFilter = FilterUtility.constructPrefixFilterAsRangeFilter(parentContextId);
+        filter.contextId = prefixFilter;
+    }
+    const existingCount = await messageStore.count(tenant, [filter]);
+    if (existingCount >= max) {
+        if (strategy === ProtocolRecordLimitStrategy.Reject) {
+            throw new DwnError(DwnErrorCode.ProtocolAuthorizationRecordLimitExceeded, `record limit of ${max} reached at protocol path '${protocolPath}'` +
+                `${parentContextId !== '' ? ` under parent context '${parentContextId}'` : ''}` +
+                `: new records are rejected until existing records are deleted.`);
+        }
+        // Future strategies (e.g. purgeOldest) will be implemented here.
+        // For now, any non-reject strategy that somehow passes schema validation is rejected.
+        throw new DwnError(DwnErrorCode.ProtocolAuthorizationRecordLimitStrategyNotImplemented, `record limit strategy '${strategy}' is not yet implemented.`);
+    }
+}
+/**
+ * Verifies that an update is not attempted on a record whose protocol path has `$immutable: true`.
+ *
+ * Only non-initial writes (updates) are rejected — initial writes are always allowed.
+ * `RecordsDelete` is not affected by this check; immutability prevents data mutation, not removal.
+ *
+ * @throws {DwnError} with `ProtocolAuthorizationImmutableRecord` if an update is attempted on an immutable record.
+ */
+export async function verifyImmutability(incomingMessage, ruleSet) {
+    if (ruleSet.$immutable !== true) {
+        return;
+    }
+    const isInitialWrite = await incomingMessage.isInitialWrite();
+    if (isInitialWrite) {
+        return;
+    }
+    throw new DwnError(DwnErrorCode.ProtocolAuthorizationImmutableRecord, `record at protocol path '${incomingMessage.message.descriptor.protocolPath}' is immutable: updates are not allowed.`);
+}
 //# sourceMappingURL=protocol-authorization-validation.js.map

package/dist/esm/src/core/protocol-authorization-validation.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"protocol-authorization-validation.js","sourceRoot":"","sources":["../../../../src/core/protocol-authorization-validation.ts"],"names":[],"mappings":"AAOA,OAAO,GAAG,MAAM,kBAAkB,CAAC;AACnC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAI3E;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,MAAc,EACd,cAA4B,EAC5B,YAA0B,EAC1B,uBAAkD,EAClD,kBAA2B;IAE3B,MAAM,oBAAoB,GAAG,cAAc,CAAC,OAAO,CAAC,UAAU,CAAC,YAAa,CAAC;IAC7E,MAAM,gBAAgB,GAAG,WAAW,CAAC,oBAAoB,CAAC,CAAC;IAE3D,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC;IAC5D,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,IAAI,oBAAoB,KAAK,gBAAgB,EAAE,CAAC;YAC9C,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,oDAAoD,EACjE,2BAA2B,oBAAoB,6CAA6C,CAC7F,CAAC;QACJ,CAAC;QAED,OAAO;IACT,CAAC;IAED,mFAAmF;IAEnF,mDAAmD;IACnD,+GAA+G;IAC/G,MAAM,aAAa,GAAG,cAAc,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS,CAAC;IAClE,MAAM,iBAAiB,GAAG,MAAM,wBAAwB,CACtD,MAAM,EAAE,aAAa,EAAE,oBAAoB,EAAE,YAAY,EAAE,uBAAuB,EAAE,kBAAkB,CACvG,CAAC;IAEF,2BAA2B;IAC3B,MAAM,KAAK,GAAW;QACpB,iBAAiB,EAAG,IAAI,EAAE,kFAAkF;QAC5G,SAAS,EAAW,gBAAgB,CAAC,OAAO;QAC5C,MAAM,EAAc,aAAa,CAAC,KAAK;QACvC,QAAQ,EAAY,iBAAiB;QACrC,QAAQ,EAAY,QAAQ;KAC7B,CAAC;IACF,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/E,MAAM,aAAa,GAAI,cAAwC,CAAC,CAAC,CAAC,CAAC;IAEnE,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,+EAA+E;QAC/E,IAAI,iBAAiB,KAAK,aAAa,EAAE,CAAC;YACxC,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,gDAAgD,EAC7D,iCAAiC,QAAQ,kBAAkB,iBAAiB,IAAI;gBAChF,qCAAqC,oBAAoB,IAAI,CAC9D,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,0CAA0C,EACvD,2EAA2E,oBAAoB,IAAI,CACpG,CAAC;IACJ,CAAC;IAED,6FAA6F;IAC7F,MAAM,kBAAkB,GAAG,aAAa,CAAC,UAAU,CAAC,YAAY,CAAC;IACjE,MAAM,oBAAoB,GAAG,GAAG,kBAAkB,IAAI,gBAAgB,EAAE,CAAC;IACzE,IAAI,oBAAoB,KAAK,oBAAoB,EAAE,CAAC;QAClD,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,0CAA0C,EACvD,2EAA2E,oBAAoB,IAAI,CACpG,CAAC;IACJ,CAAC;IAED,uFAAuF;IACvF,MAAM,iBAAiB,GAAG,GAAG,aAAa,CAAC,SAAS,IAAI,cAAc,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;IAC1F,MAAM,eAAe,GAAG,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC;IACzD,IAAI,eAAe,KAAK,iBAAiB,EAAE,CAAC;QAC1C,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,uCAAuC,EACpD,uBAAuB,eAAe,mCAAmC,iBAAiB,IAAI,CAC/F,CAAC;IACJ,CAAC;AAEH,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,MAAc,EACd,gBAAwB,EACxB,iBAAyB,EACzB,YAA0B,EAC1B,uBAAkD,EAClD,kBAA2B;IAE3B,MAAM,QAAQ,GAAG,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAE9C,+EAA+E;IAC/E,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACzB,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,uEAAuE;IACvE,MAAM,mBAAmB,GAAG,MAAM,uBAAuB,CACvD,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,kBAAkB,CAC3D,CAAC;IAEF,uDAAuD;IACvD,gEAAgE;IAChE,gGAAgG;IAChG,MAAM,mBAAmB,GAAG,mBAAmB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACvE,IAAI,mBAAmB,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAG,qBAAqB,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAC/D,IAAI,MAAM,KAAK,SAAS,IAAI,mBAAmB,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACnE,MAAM,WAAW,GAAG,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC3D,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;gBAC9B,yFAAyF;gBACzF,6EAA6E;gBAC7E,uHAAuH;gBACvH,sGAAsG;gBACtG,+EAA+E;gBAC/E,4GAA4G;gBAC5G,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC1B,uFAAuF;oBACvF,OAAO,WAAW,CAAC;gBACrB,CAAC;gBACD,mEAAmE;gBACnE,OAAO,gBAAgB,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,cAAmC,EACnC,kBAAsC,EACtC,YAA0B,EAC1B,uBAAkD,EAClD,kBAA2B;IAE3B,MAAM,oBAAoB,GAAG,cAAc,CAAC,UAAU,CAAC,YAAa,CAAC;IACrE,MAAM,gBAAgB,GAAG,WAAW,CAAC,oBAAoB,CAAC,CAAC;IAE3D,2CAA2C;IAC3C,sGAAsG;IACtG,MAAM,aAAa,GAAG,MAAM,2BAA2B,CACrD,MAAM,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,YAAY,EAAE,uBAAuB,EAAE,kBAAkB,CAC5G,CAAC;IAEF,UAAU,CAAC,cAAc,EAAE,aAAa,EAAE,gBAAgB,CAAC,CAAC;AAC9D,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,YAAoB,EACpB,kBAAsC,EACtC,YAA0B,EAC1B,uBAAkD,EAClD,kBAA2B;IAE3B,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEzC,0CAA0C;IAC1C,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACtE,IAAI,mBAAmB,EAAE,IAAI,KAAK,SAAS,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrE,uFAAuF;QACvF,MAAM,MAAM,GAAG,qBAAqB,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAC/D,IAAI,MAAM,KAAK,SAAS,IAAI,kBAAkB,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAClE,MAAM,cAAc,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC7D,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;gBACjC,MAAM,aAAa,GAAG,MAAM,uBAAuB,CACjD,MAAM,EAAE,cAAc,EAAE,YAAY,EAAE,kBAAkB,CACzD,CAAC;gBACF,OAAO,aAAa,CAAC,KAAK,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,OAAO,kBAAkB,CAAC,KAAK,CAAC;AAClC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,UAAU,CACxB,cAAmC,EACnC,aAA4B,EAC5B,QAAiB;IAEjB,MAAM,gBAAgB,GAAG,QAAQ,IAAI,WAAW,CAAC,cAAc,CAAC,UAAU,CAAC,YAAa,CAAC,CAAC;IAC1F,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAE7C,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,gCAAgC,EAC9D,oBAAoB,gBAAgB,0BAA0B,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,YAAY,GAAiB,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAEnE,gFAAgF;IAChF,MAAM,EAAE,MAAM,EAAE,GAAG,cAAc,CAAC,UAAU,CAAC;IAC7C,IAAI,YAAY,CAAC,MAAM,KAAK,SAAS,IAAI,YAAY,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QACxE,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,kCAAkC,EAC/C,SAAS,gBAAgB,uBAAuB,YAAY,CAAC,MAAM;qBACpD,MAAM,GAAG,CACzB,CAAC;IACJ,CAAC;IAED,2FAA2F;IAC3F,MAAM,EAAE,UAAU,EAAE,GAAG,cAAc,CAAC,UAAU,CAAC;IACjD,IAAI,YAAY,CAAC,WAAW,KAAK,SAAS,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC7F,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,wCAAwC,EACrD,SAAS,gBAAgB,+BAA+B,YAAY,CAAC,WAAW;qBACjE,UAAU,GAAG,CAC7B,CAAC;IACJ,CAAC;IAED,wDAAwD;IACxD,IAAI,YAAY,CAAC,kBAAkB,KAAK,IAAI,IAAI,cAAc,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACxF,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,uCAAuC,EACpD,SAAS,gBAAgB,8DAA8D,CACxF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAC7B,eAA6B,EAC7B,OAAwB;IAExB,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC;IAE7C,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC;IAE7D,IAAI,QAAQ,GAAG,GAAG,EAAE,CAAC;QACnB,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,mCAAmC,EAAE,aAAa,QAAQ,yBAAyB,GAAG,EAAE,CAAC,CAAC;IAC5H,CAAC;IAED,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,OAAO;IACT,CAAC;IAED,IAAI,QAAQ,GAAG,GAAG,EAAE,CAAC;QACnB,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,mCAAmC,EAAE,aAAa,QAAQ,yBAAyB,GAAG,EAAE,CAAC,CAAC;IAC5H,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,eAA6B,EAC7B,OAAwB;IAExB,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAChC,MAAM,EAAE,IAAI,GAAG,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC;QAEjF,MAAM,EAAE,mBAAmB,EAAE,aAAa,EAAE,GAAG,UAAU,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC;QAE5E,gHAAgH;QAChH,MAAM,oBAAoB,GAAG,mBAAmB,IAAI,KAAK,CAAC;QAE1D,6DAA6D;QAC7D,MAAM,QAAQ,GAAG,aAAa,IAAI,EAAE,CAAC;QAErC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;QAC9B,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC;YAC/B,IAAI,EAAE,QAAQ;YACd,UAAU;YACV,QAAQ;YACR,oBAAoB;SACrB,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,iEAAiE;YACjE,uIAAuI;YACvI,uFAAuF;YACvF,mFAAmF;YACnF,MAAM,WAAW,GAAG,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,GAAG,QAAQ,IAAI,YAAY,QAAQ,EAAE,CAAC,CAAC;YAC1G,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,sCAAsC,EAAE,iCAAiC,WAAW,EAAE,CAAC,CAAC;QAC1H,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,MAAc,EACd,eAA6B,EAC7B,OAAwB,EACxB,YAA0B;IAE1B,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO;IACT,CAAC;IAED,6BAA6B;IAE7B,MAAM,oBAAoB,GAAG,eAAe,CAAC;IAC7C,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC;IACpE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,yCAAyC,EACtD,oCAAoC,CACrC,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,oBAAoB,CAAC,OAAO,CAAC,UAAU,CAAC,YAAa,CAAC;IAC3E,MAAM,MAAM,GAAW;QACrB,SAAS,EAAW,gBAAgB,CAAC,OAAO;QAC5C,MAAM,EAAc,aAAa,CAAC,KAAK;QACvC,iBAAiB,EAAG,IAAI;QACxB,QAAQ,EAAY,oBAAoB,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS;QACrE,YAAY;QACZ,SAAS;KACV,CAAC;IAEF,MAAM,eAAe,GAAG,OAAO,CAAC,+BAA+B,CAAC,oBAAoB,CAAC,OAAO,CAAC,SAAS,CAAE,CAAC;IAEzG,mEAAmE;IACnE,IAAI,eAAe,KAAK,EAAE,EAAE,CAAC;QAC3B,MAAM,YAAY,GAAG,aAAa,CAAC,kCAAkC,CAAC,eAAe,CAAC,CAAC;QACvF,MAAM,CAAC,SAAS,GAAG,YAAY,CAAC;IAClC,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,gBAAgB,EAAE,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IAClF,MAAM,eAAe,GAAG,gBAAyC,CAAC;IAClE,MAAM,qCAAqC,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,mBAAwC,EAAW,EAAE,CACzH,mBAAmB,CAAC,QAAQ,KAAK,oBAAoB,CAAC,OAAO,CAAC,QAAQ,CACvE,CAAC;IACF,IAAI,qCAAqC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,2CAA2C,EACxD,QAAQ,SAAS,6DAA6D,YAAY,6BAA6B,eAAe,GAAG,CAC1I,CAAC;IACJ,CAAC;AACH,CAAC"}
1	+ {"version":3,"file":"protocol-authorization-validation.js","sourceRoot":"","sources":["../../../../src/core/protocol-authorization-validation.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,2BAA2B,EAAE,MAAM,6BAA6B,CAAC;AAI1E,OAAO,GAAG,MAAM,kBAAkB,CAAC;AACnC,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAI3E;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,MAAc,EACd,cAA4B,EAC5B,YAA0B,EAC1B,uBAAkD,EAClD,kBAA2B;IAE3B,MAAM,oBAAoB,GAAG,cAAc,CAAC,OAAO,CAAC,UAAU,CAAC,YAAa,CAAC;IAC7E,MAAM,gBAAgB,GAAG,WAAW,CAAC,oBAAoB,CAAC,CAAC;IAE3D,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC;IAC5D,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,IAAI,oBAAoB,KAAK,gBAAgB,EAAE,CAAC;YAC9C,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,oDAAoD,EACjE,2BAA2B,oBAAoB,6CAA6C,CAC7F,CAAC;QACJ,CAAC;QAED,OAAO;IACT,CAAC;IAED,mFAAmF;IAEnF,mDAAmD;IACnD,+GAA+G;IAC/G,MAAM,aAAa,GAAG,cAAc,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS,CAAC;IAClE,MAAM,iBAAiB,GAAG,MAAM,wBAAwB,CACtD,MAAM,EAAE,aAAa,EAAE,oBAAoB,EAAE,YAAY,EAAE,uBAAuB,EAAE,kBAAkB,CACvG,CAAC;IAEF,2BAA2B;IAC3B,MAAM,KAAK,GAAW;QACpB,iBAAiB,EAAG,IAAI,EAAE,kFAAkF;QAC5G,SAAS,EAAW,gBAAgB,CAAC,OAAO;QAC5C,MAAM,EAAc,aAAa,CAAC,KAAK;QACvC,QAAQ,EAAY,iBAAiB;QACrC,QAAQ,EAAY,QAAQ;KAC7B,CAAC;IACF,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/E,MAAM,aAAa,GAAI,cAAwC,CAAC,CAAC,CAAC,CAAC;IAEnE,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,+EAA+E;QAC/E,IAAI,iBAAiB,KAAK,aAAa,EAAE,CAAC;YACxC,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,gDAAgD,EAC7D,iCAAiC,QAAQ,kBAAkB,iBAAiB,IAAI;gBAChF,qCAAqC,oBAAoB,IAAI,CAC9D,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,0CAA0C,EACvD,2EAA2E,oBAAoB,IAAI,CACpG,CAAC;IACJ,CAAC;IAED,6FAA6F;IAC7F,MAAM,kBAAkB,GAAG,aAAa,CAAC,UAAU,CAAC,YAAY,CAAC;IACjE,MAAM,oBAAoB,GAAG,GAAG,kBAAkB,IAAI,gBAAgB,EAAE,CAAC;IACzE,IAAI,oBAAoB,KAAK,oBAAoB,EAAE,CAAC;QAClD,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,0CAA0C,EACvD,2EAA2E,oBAAoB,IAAI,CACpG,CAAC;IACJ,CAAC;IAED,uFAAuF;IACvF,MAAM,iBAAiB,GAAG,GAAG,aAAa,CAAC,SAAS,IAAI,cAAc,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;IAC1F,MAAM,eAAe,GAAG,cAAc,CAAC,OAAO,CAAC,SAAS,CAAC;IACzD,IAAI,eAAe,KAAK,iBAAiB,EAAE,CAAC;QAC1C,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,uCAAuC,EACpD,uBAAuB,eAAe,mCAAmC,iBAAiB,IAAI,CAC/F,CAAC;IACJ,CAAC;AAEH,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,MAAc,EACd,gBAAwB,EACxB,iBAAyB,EACzB,YAA0B,EAC1B,uBAAkD,EAClD,kBAA2B;IAE3B,MAAM,QAAQ,GAAG,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAE9C,+EAA+E;IAC/E,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACzB,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,uEAAuE;IACvE,MAAM,mBAAmB,GAAG,MAAM,uBAAuB,CACvD,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,kBAAkB,CAC3D,CAAC;IAEF,uDAAuD;IACvD,gEAAgE;IAChE,gGAAgG;IAChG,MAAM,mBAAmB,GAAG,mBAAmB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACvE,IAAI,mBAAmB,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAG,qBAAqB,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAC/D,IAAI,MAAM,KAAK,SAAS,IAAI,mBAAmB,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACnE,MAAM,WAAW,GAAG,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC3D,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;gBAC9B,yFAAyF;gBACzF,6EAA6E;gBAC7E,uHAAuH;gBACvH,sGAAsG;gBACtG,+EAA+E;gBAC/E,4GAA4G;gBAC5G,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC1B,uFAAuF;oBACvF,OAAO,WAAW,CAAC;gBACrB,CAAC;gBACD,mEAAmE;gBACnE,OAAO,gBAAgB,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,cAAmC,EACnC,kBAAsC,EACtC,YAA0B,EAC1B,uBAAkD,EAClD,kBAA2B;IAE3B,MAAM,oBAAoB,GAAG,cAAc,CAAC,UAAU,CAAC,YAAa,CAAC;IACrE,MAAM,gBAAgB,GAAG,WAAW,CAAC,oBAAoB,CAAC,CAAC;IAE3D,2CAA2C;IAC3C,sGAAsG;IACtG,MAAM,aAAa,GAAG,MAAM,2BAA2B,CACrD,MAAM,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,YAAY,EAAE,uBAAuB,EAAE,kBAAkB,CAC5G,CAAC;IAEF,UAAU,CAAC,cAAc,EAAE,aAAa,EAAE,gBAAgB,CAAC,CAAC;AAC9D,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,YAAoB,EACpB,kBAAsC,EACtC,YAA0B,EAC1B,uBAAkD,EAClD,kBAA2B;IAE3B,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEzC,0CAA0C;IAC1C,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACtE,IAAI,mBAAmB,EAAE,IAAI,KAAK,SAAS,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrE,uFAAuF;QACvF,MAAM,MAAM,GAAG,qBAAqB,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAC/D,IAAI,MAAM,KAAK,SAAS,IAAI,kBAAkB,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAClE,MAAM,cAAc,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC7D,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;gBACjC,MAAM,aAAa,GAAG,MAAM,uBAAuB,CACjD,MAAM,EAAE,cAAc,EAAE,YAAY,EAAE,kBAAkB,CACzD,CAAC;gBACF,OAAO,aAAa,CAAC,KAAK,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,OAAO,kBAAkB,CAAC,KAAK,CAAC;AAClC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,UAAU,CACxB,cAAmC,EACnC,aAA4B,EAC5B,QAAiB;IAEjB,MAAM,gBAAgB,GAAG,QAAQ,IAAI,WAAW,CAAC,cAAc,CAAC,UAAU,CAAC,YAAa,CAAC,CAAC;IAC1F,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAE7C,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,gCAAgC,EAC9D,oBAAoB,gBAAgB,0BAA0B,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,YAAY,GAAiB,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAEnE,gFAAgF;IAChF,MAAM,EAAE,MAAM,EAAE,GAAG,cAAc,CAAC,UAAU,CAAC;IAC7C,IAAI,YAAY,CAAC,MAAM,KAAK,SAAS,IAAI,YAAY,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QACxE,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,kCAAkC,EAC/C,SAAS,gBAAgB,uBAAuB,YAAY,CAAC,MAAM;qBACpD,MAAM,GAAG,CACzB,CAAC;IACJ,CAAC;IAED,2FAA2F;IAC3F,MAAM,EAAE,UAAU,EAAE,GAAG,cAAc,CAAC,UAAU,CAAC;IACjD,IAAI,YAAY,CAAC,WAAW,KAAK,SAAS,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC7F,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,wCAAwC,EACrD,SAAS,gBAAgB,+BAA+B,YAAY,CAAC,WAAW;qBACjE,UAAU,GAAG,CAC7B,CAAC;IACJ,CAAC;IAED,wDAAwD;IACxD,IAAI,YAAY,CAAC,kBAAkB,KAAK,IAAI,IAAI,cAAc,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACxF,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,uCAAuC,EACpD,SAAS,gBAAgB,8DAA8D,CACxF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAC7B,eAA6B,EAC7B,OAAwB;IAExB,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC;IAE7C,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC;IAE7D,IAAI,QAAQ,GAAG,GAAG,EAAE,CAAC;QACnB,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,mCAAmC,EAAE,aAAa,QAAQ,yBAAyB,GAAG,EAAE,CAAC,CAAC;IAC5H,CAAC;IAED,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,OAAO;IACT,CAAC;IAED,IAAI,QAAQ,GAAG,GAAG,EAAE,CAAC;QACnB,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,mCAAmC,EAAE,aAAa,QAAQ,yBAAyB,GAAG,EAAE,CAAC,CAAC;IAC5H,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,eAA6B,EAC7B,OAAwB;IAExB,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAChC,MAAM,EAAE,IAAI,GAAG,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC;QAEjF,MAAM,EAAE,mBAAmB,EAAE,aAAa,EAAE,GAAG,UAAU,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC;QAE5E,gHAAgH;QAChH,MAAM,oBAAoB,GAAG,mBAAmB,IAAI,KAAK,CAAC;QAE1D,6DAA6D;QAC7D,MAAM,QAAQ,GAAG,aAAa,IAAI,EAAE,CAAC;QAErC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;QAC9B,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC;YAC/B,IAAI,EAAE,QAAQ;YACd,UAAU;YACV,QAAQ;YACR,oBAAoB;SACrB,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,iEAAiE;YACjE,uIAAuI;YACvI,uFAAuF;YACvF,mFAAmF;YACnF,MAAM,WAAW,GAAG,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,GAAG,QAAQ,IAAI,YAAY,QAAQ,EAAE,CAAC,CAAC;YAC1G,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,sCAAsC,EAAE,iCAAiC,WAAW,EAAE,CAAC,CAAC;QAC1H,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,MAAc,EACd,eAA6B,EAC7B,OAAwB,EACxB,YAA0B;IAE1B,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO;IACT,CAAC;IAED,6BAA6B;IAE7B,MAAM,oBAAoB,GAAG,eAAe,CAAC;IAC7C,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC;IACpE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,yCAAyC,EACtD,oCAAoC,CACrC,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,oBAAoB,CAAC,OAAO,CAAC,UAAU,CAAC,YAAa,CAAC;IAC3E,MAAM,MAAM,GAAW;QACrB,SAAS,EAAW,gBAAgB,CAAC,OAAO;QAC5C,MAAM,EAAc,aAAa,CAAC,KAAK;QACvC,iBAAiB,EAAG,IAAI;QACxB,QAAQ,EAAY,oBAAoB,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS;QACrE,YAAY;QACZ,SAAS;KACV,CAAC;IAEF,MAAM,eAAe,GAAG,OAAO,CAAC,+BAA+B,CAAC,oBAAoB,CAAC,OAAO,CAAC,SAAS,CAAE,CAAC;IAEzG,mEAAmE;IACnE,IAAI,eAAe,KAAK,EAAE,EAAE,CAAC;QAC3B,MAAM,YAAY,GAAG,aAAa,CAAC,kCAAkC,CAAC,eAAe,CAAC,CAAC;QACvF,MAAM,CAAC,SAAS,GAAG,YAAY,CAAC;IAClC,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,gBAAgB,EAAE,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IAClF,MAAM,eAAe,GAAG,gBAAyC,CAAC;IAClE,MAAM,qCAAqC,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,mBAAwC,EAAW,EAAE,CACzH,mBAAmB,CAAC,QAAQ,KAAK,oBAAoB,CAAC,OAAO,CAAC,QAAQ,CACvE,CAAC;IACF,IAAI,qCAAqC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,2CAA2C,EACxD,QAAQ,SAAS,6DAA6D,YAAY,6BAA6B,eAAe,GAAG,CAC1I,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,MAAc,EACd,eAA6B,EAC7B,OAAwB,EACxB,YAA0B;IAE1B,IAAI,OAAO,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QACvC,OAAO;IACT,CAAC;IAED,4FAA4F;IAC5F,MAAM,cAAc,GAAG,MAAM,eAAe,CAAC,cAAc,EAAE,CAAC;IAC9D,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO;IACT,CAAC;IAED,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,YAAY,CAAC;IAE/C,yFAAyF;IACzF,MAAM,YAAY,GAAG,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,YAAa,CAAC;IACtE,MAAM,MAAM,GAAW;QACrB,SAAS,EAAW,gBAAgB,CAAC,OAAO;QAC5C,MAAM,EAAc,aAAa,CAAC,KAAK;QACvC,iBAAiB,EAAG,IAAI;QACxB,QAAQ,EAAY,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS;QAChE,YAAY;KACb,CAAC;IAEF,8CAA8C;IAC9C,MAAM,eAAe,GAAG,OAAO,CAAC,+BAA+B,CAAC,eAAe,CAAC,OAAO,CAAC,SAAS,CAAE,CAAC;IACpG,IAAI,eAAe,KAAK,EAAE,EAAE,CAAC;QAC3B,MAAM,YAAY,GAAG,aAAa,CAAC,kCAAkC,CAAC,eAAe,CAAC,CAAC;QACvF,MAAM,CAAC,SAAS,GAAG,YAAY,CAAC;IAClC,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IAEjE,IAAI,aAAa,IAAI,GAAG,EAAE,CAAC;QACzB,IAAI,QAAQ,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;YACpD,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,wCAAwC,EACrD,mBAAmB,GAAG,8BAA8B,YAAY,GAAG;gBACnE,GAAG,eAAe,KAAK,EAAE,CAAC,CAAC,CAAC,0BAA0B,eAAe,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;gBAC/E,gEAAgE,CACjE,CAAC;QACJ,CAAC;QAED,iEAAiE;QACjE,sFAAsF;QACtF,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,sDAAsD,EACnE,0BAA0B,QAAQ,2BAA2B,CAC9D,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,eAA6B,EAC7B,OAAwB;IAExB,IAAI,OAAO,CAAC,UAAU,KAAK,IAAI,EAAE,CAAC;QAChC,OAAO;IACT,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,eAAe,CAAC,cAAc,EAAE,CAAC;IAC9D,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO;IACT,CAAC;IAED,MAAM,IAAI,QAAQ,CAChB,YAAY,CAAC,oCAAoC,EACjD,4BAA4B,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,YAAY,0CAA0C,CACtH,CAAC;AACJ,CAAC"}

package/dist/esm/src/core/protocol-authorization.js CHANGED Viewed

@@ -1,28 +1,29 @@
 import { getRuleSetAtPath } from '../utils/protocols.js';
-import { PermissionsProtocol } from '../protocols/permissions.js';
 import { SortDirection } from '../types/query-types.js';
 import { DwnError, DwnErrorCode } from './dwn-error.js';
 import { DwnInterfaceName, DwnMethodName } from '../enums/dwn-interface-method.js';
-import { authorizeAgainstAllowedActions, getActionsSeekingARuleMatch, verifyInvokedRole } from './protocol-authorization-action.js';
+import { authorizeAgainstAllowedActions, verifyInvokedRole } from './protocol-authorization-action.js';
 import { constructRecordChain, fetchInitialWrite, getGoverningTimestamp } from './record-chain.js';
-import { verifyAsRoleRecordIfNeeded, verifyProtocolPathAndContextId, verifySizeLimit, verifyTagsIfNeeded, verifyTypeWithComposition, } from './protocol-authorization-validation.js';
+import { verifyAsRoleRecordIfNeeded, verifyImmutability, verifyProtocolPathAndContextId, verifyRecordLimit, verifySizeLimit, verifyTagsIfNeeded, verifyTypeWithComposition, } from './protocol-authorization-validation.js';
 export class ProtocolAuthorization {
     /**
      * Performs validation on the structure of RecordsWrite messages that use a protocol.
      * @throws {Error} if validation fails.
      */
-    static async validateReferentialIntegrity(tenant, incomingMessage, messageStore) {
+    static async validateReferentialIntegrity(tenant, incomingMessage, messageStore, coreProtocols) {
         // Determine the governing timestamp for protocol definition lookup.
         // For an initial write, this is the message's own timestamp.
         // For an update, this is the initial write's timestamp (the protocol version is locked at creation time).
         const governingTimestamp = await getGoverningTimestamp(tenant, incomingMessage, messageStore);
         // fetch the protocol definition that was active at the governing timestamp
-        const protocolDefinition = await ProtocolAuthorization.fetchProtocolDefinition(tenant, incomingMessage.message.descriptor.protocol, messageStore, governingTimestamp);
+        const protocolDefinition = await ProtocolAuthorization.fetchProtocolDefinition(tenant, incomingMessage.message.descriptor.protocol, messageStore, governingTimestamp, coreProtocols);
+        // Create a bound fetch function that captures the registry for downstream callbacks.
+        const boundFetchDefinition = ProtocolAuthorization.createBoundFetchDefinition(coreProtocols);
         // verify declared protocol type exists in protocol and that it conforms to type specification.
         // For cross-protocol composition, the type may be defined in a referenced protocol.
-        await verifyTypeWithComposition(tenant, incomingMessage.message, protocolDefinition, messageStore, ProtocolAuthorization.fetchProtocolDefinition, governingTimestamp);
+        await verifyTypeWithComposition(tenant, incomingMessage.message, protocolDefinition, messageStore, boundFetchDefinition, governingTimestamp);
         // validate `protocolPath`
-        await verifyProtocolPathAndContextId(tenant, incomingMessage, messageStore, ProtocolAuthorization.fetchProtocolDefinition, governingTimestamp);
+        await verifyProtocolPathAndContextId(tenant, incomingMessage, messageStore, boundFetchDefinition, governingTimestamp);
         // get the rule set for the inbound message
         const ruleSet = ProtocolAuthorization.getRuleSet(incomingMessage.message.descriptor.protocolPath, protocolDefinition);
         // Validate as a role record if the incoming message is writing a role record
@@ -31,12 +32,16 @@ export class ProtocolAuthorization {
         verifySizeLimit(incomingMessage, ruleSet);
         // Verify protocol tags
         verifyTagsIfNeeded(incomingMessage, ruleSet);
+        // Verify immutability — reject updates to write-once records
+        await verifyImmutability(incomingMessage, ruleSet);
+        // Verify record count limit
+        await verifyRecordLimit(tenant, incomingMessage, ruleSet, messageStore);
     }
     /**
      * Performs protocol-based authorization against the incoming RecordsWrite message.
      * @throws {Error} if authorization fails.
      */
-    static async authorizeWrite(tenant, incomingMessage, messageStore) {
+    static async authorizeWrite(tenant, incomingMessage, messageStore, coreProtocols) {
         const existingInitialWrite = await fetchInitialWrite(tenant, incomingMessage.message.recordId, messageStore);
         let recordChain;
         if (existingInitialWrite === undefined) {
@@ -51,11 +56,12 @@ export class ProtocolAuthorization {
         // Determine the governing timestamp for protocol definition lookup.
         const governingTimestamp = await getGoverningTimestamp(tenant, incomingMessage, messageStore);
         // fetch the protocol definition that was active at the governing timestamp
-        const protocolDefinition = await ProtocolAuthorization.fetchProtocolDefinition(tenant, incomingMessage.message.descriptor.protocol, messageStore, governingTimestamp);
+        const protocolDefinition = await ProtocolAuthorization.fetchProtocolDefinition(tenant, incomingMessage.message.descriptor.protocol, messageStore, governingTimestamp, coreProtocols);
         // get the rule set for the inbound message
         const ruleSet = ProtocolAuthorization.getRuleSet(incomingMessage.message.descriptor.protocolPath, protocolDefinition);
+        const boundFetchDefinition = ProtocolAuthorization.createBoundFetchDefinition(coreProtocols);
         // If the incoming message has `protocolRole` in the descriptor, validate the invoked role
-        await verifyInvokedRole(tenant, incomingMessage, incomingMessage.message.descriptor.protocol, incomingMessage.message.contextId, protocolDefinition, messageStore, ProtocolAuthorization.fetchProtocolDefinition, governingTimestamp);
+        await verifyInvokedRole(tenant, incomingMessage, incomingMessage.message.descriptor.protocol, incomingMessage.message.contextId, protocolDefinition, messageStore, boundFetchDefinition, governingTimestamp);
         // verify method invoked against the allowed actions in the rule set
         await authorizeAgainstAllowedActions(tenant, incomingMessage, ruleSet, recordChain, messageStore, protocolDefinition);
     }
@@ -64,7 +70,7 @@ export class ProtocolAuthorization {
      * @param newestRecordsWrite The latest RecordsWrite associated with the recordId being read.
      * @throws {Error} if authorization fails.
      */
-    static async authorizeRead(tenant, incomingMessage, newestRecordsWrite, messageStore) {
+    static async authorizeRead(tenant, incomingMessage, newestRecordsWrite, messageStore, coreProtocols) {
         // fetch record chain
         const recordChain = await constructRecordChain(tenant, newestRecordsWrite.message.recordId, messageStore);
         // Use the initial write's timestamp to determine the governing protocol definition.
@@ -74,24 +80,26 @@ export class ProtocolAuthorization {
             ? initialWrite.descriptor.messageTimestamp
             : newestRecordsWrite.message.descriptor.messageTimestamp;
         // fetch the protocol definition that was active when the record was created
-        const protocolDefinition = await ProtocolAuthorization.fetchProtocolDefinition(tenant, newestRecordsWrite.message.descriptor.protocol, messageStore, governingTimestamp);
+        const protocolDefinition = await ProtocolAuthorization.fetchProtocolDefinition(tenant, newestRecordsWrite.message.descriptor.protocol, messageStore, governingTimestamp, coreProtocols);
         // get the rule set for the inbound message
         const ruleSet = ProtocolAuthorization.getRuleSet(newestRecordsWrite.message.descriptor.protocolPath, protocolDefinition);
+        const boundFetchDefinition = ProtocolAuthorization.createBoundFetchDefinition(coreProtocols);
         // If the incoming message has `protocolRole` in the descriptor, validate the invoked role
-        await verifyInvokedRole(tenant, incomingMessage, newestRecordsWrite.message.descriptor.protocol, newestRecordsWrite.message.contextId, protocolDefinition, messageStore, ProtocolAuthorization.fetchProtocolDefinition, governingTimestamp);
+        await verifyInvokedRole(tenant, incomingMessage, newestRecordsWrite.message.descriptor.protocol, newestRecordsWrite.message.contextId, protocolDefinition, messageStore, boundFetchDefinition, governingTimestamp);
         // verify method invoked against the allowed actions in the rule set
         await authorizeAgainstAllowedActions(tenant, incomingMessage, ruleSet, recordChain, messageStore, protocolDefinition);
     }
-    static async authorizeQueryOrSubscribe(tenant, incomingMessage, messageStore) {
+    static async authorizeQueryOrSubscribe(tenant, incomingMessage, messageStore, coreProtocols) {
         const { protocol, protocolPath, contextId } = incomingMessage.message.descriptor.filter;
         // fetch the protocol definition
         const protocolDefinition = await ProtocolAuthorization.fetchProtocolDefinition(tenant, protocol, // `authorizeQueryOrSubscribe` is only called if `protocol` is present
-        messageStore);
+        messageStore, undefined, coreProtocols);
         // get the rule set for the inbound message
         const ruleSet = ProtocolAuthorization.getRuleSet(protocolPath, // presence of `protocolPath` is verified in `parse()`
         protocolDefinition);
+        const boundFetchDefinition = ProtocolAuthorization.createBoundFetchDefinition(coreProtocols);
         // If the incoming message has `protocolRole` in the descriptor, validate the invoked role
-        await verifyInvokedRole(tenant, incomingMessage, protocol, contextId, protocolDefinition, messageStore, ProtocolAuthorization.fetchProtocolDefinition);
+        await verifyInvokedRole(tenant, incomingMessage, protocol, contextId, protocolDefinition, messageStore, boundFetchDefinition);
         // verify method invoked against the allowed actions in the rule set
         await authorizeAgainstAllowedActions(tenant, incomingMessage, ruleSet, [], // record chain is not relevant to queries or subscriptions
         messageStore, protocolDefinition);
@@ -100,7 +108,7 @@ export class ProtocolAuthorization {
      * Performs protocol-based authorization against the incoming `RecordsDelete` message.
      * @param recordsWrite A `RecordsWrite` of the record being deleted.
      */
-    static async authorizeDelete(tenant, incomingMessage, recordsWrite, messageStore) {
+    static async authorizeDelete(tenant, incomingMessage, recordsWrite, messageStore, coreProtocols) {
         // fetch record chain
         const recordChain = await constructRecordChain(tenant, incomingMessage.message.descriptor.recordId, messageStore);
         // Use the initial write's timestamp to determine the governing protocol definition.
@@ -109,11 +117,12 @@ export class ProtocolAuthorization {
             ? initialWrite.descriptor.messageTimestamp
             : recordsWrite.message.descriptor.messageTimestamp;
         // fetch the protocol definition that was active when the record was created
-        const protocolDefinition = await ProtocolAuthorization.fetchProtocolDefinition(tenant, recordsWrite.message.descriptor.protocol, messageStore, governingTimestamp);
+        const protocolDefinition = await ProtocolAuthorization.fetchProtocolDefinition(tenant, recordsWrite.message.descriptor.protocol, messageStore, governingTimestamp, coreProtocols);
         // get the rule set for the inbound message
         const ruleSet = ProtocolAuthorization.getRuleSet(recordsWrite.message.descriptor.protocolPath, protocolDefinition);
+        const boundFetchDefinition = ProtocolAuthorization.createBoundFetchDefinition(coreProtocols);
         // If the incoming message has `protocolRole` in the descriptor, validate the invoked role
-        await verifyInvokedRole(tenant, incomingMessage, recordsWrite.message.descriptor.protocol, recordsWrite.message.contextId, protocolDefinition, messageStore, ProtocolAuthorization.fetchProtocolDefinition, governingTimestamp);
+        await verifyInvokedRole(tenant, incomingMessage, recordsWrite.message.descriptor.protocol, recordsWrite.message.contextId, protocolDefinition, messageStore, boundFetchDefinition, governingTimestamp);
         // verify method invoked against the allowed actions in the rule set
         await authorizeAgainstAllowedActions(tenant, incomingMessage, ruleSet, recordChain, messageStore, protocolDefinition);
     }
@@ -122,11 +131,19 @@ export class ProtocolAuthorization {
      * When `messageTimestamp` is provided, returns the protocol definition that was active at that
      * point in time — i.e. the ProtocolsConfigure with the greatest `messageTimestamp` that is <= the
      * given timestamp. When not provided, returns the latest (current) protocol definition.
+     *
+     * When `coreProtocols` is provided, core protocol definitions are returned directly from the
+     * registry without a message store query. The extra parameter does not affect the
+     * `FetchProtocolDefinitionFn` callback type — callers that pass this function as a callback
+     * should bind the registry via a closure (see `createBoundFetchDefinition`).
      */
-    static async fetchProtocolDefinition(tenant, protocolUri, messageStore, messageTimestamp) {
-        // if first-class protocol, return the definition from const object directly without going to data store
-        if (protocolUri === PermissionsProtocol.uri) {
-            return PermissionsProtocol.definition;
+    static async fetchProtocolDefinition(tenant, protocolUri, messageStore, messageTimestamp, coreProtocols) {
+        // if the protocol is a registered core protocol, return the definition directly without a store query
+        if (coreProtocols !== undefined) {
+            const coreDefinition = coreProtocols.getDefinition(protocolUri);
+            if (coreDefinition !== undefined) {
+                return coreDefinition;
+            }
         }
         // fetch the corresponding protocol definition
         const query = {
@@ -149,6 +166,17 @@ export class ProtocolAuthorization {
         const protocolMessage = protocols[0];
         return protocolMessage.descriptor.definition;
     }
+    /**
+     * Creates a `FetchProtocolDefinitionFn` closure that binds the given `CoreProtocolRegistry`.
+     * This allows core protocol definitions to be resolved from the registry without changing
+     * the `FetchProtocolDefinitionFn` type signature — zero ripple to downstream consumers
+     * like `protocol-authorization-action.ts` and `protocol-authorization-validation.ts`.
+     */
+    static createBoundFetchDefinition(coreProtocols) {
+        return (tenant, protocolUri, messageStore, messageTimestamp) => {
+            return ProtocolAuthorization.fetchProtocolDefinition(tenant, protocolUri, messageStore, messageTimestamp, coreProtocols);
+        };
+    }
     /**
      * Gets the rule set corresponding to the given protocolPath.
      */
@@ -159,12 +187,5 @@ export class ProtocolAuthorization {
         }
         return ruleSet;
     }
-    /**
-     * Returns all the ProtocolActions that would authorize the incoming message.
-     * Delegates to the standalone function in `protocol-authorization-action.ts`.
-     */
-    static async getActionsSeekingARuleMatch(tenant, incomingMessage, messageStore) {
-        return getActionsSeekingARuleMatch(tenant, incomingMessage, messageStore);
-    }
 }
 //# sourceMappingURL=protocol-authorization.js.map

package/dist/esm/src/core/protocol-authorization.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"protocol-authorization.js","sourceRoot":"","sources":["../../../../src/core/protocol-authorization.ts"],"names":[],"mappings":"AAYA,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,~~mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,EAAE,~~aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AAEnF,OAAO,EAAE,8BAA8B,EAAE,~~2BAA2B,EAAE,~~iBAAiB,EAAE,MAAM,oCAAoC,CAAC;~~AACpI~~,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AACnG,OAAO,EACL,0BAA0B,EAC1B,8BAA8B,EAC9B,eAAe,EACf,kBAAkB,EAClB,yBAAyB,GAC1B,MAAM,wCAAwC,CAAC;AAahD,MAAM,OAAO,qBAAqB;IAEhC;;;OAGG;IACI,MAAM,CAAC,KAAK,CAAC,4BAA4B,CAC9C,MAAc,EACd,eAA6B,EAC7B,YAA0B;~~QAE1B~~,oEAAoE;QACpE,6DAA6D;QAC7D,0GAA0G;QAC1G,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CACpD,MAAM,EAAE,eAAe,EAAE,YAAY,CACtC,CAAC;QAEF,2EAA2E;QAC3E,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CAAC,uBAAuB,CAC5E,MAAM,EACN,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS,EAC5C,YAAY,EACZ,kBAAkB,~~CACnB~~,CAAC;QAEF,+FAA+F;QAC/F,oFAAoF;QACpF,MAAM,yBAAyB,CAC7B,MAAM,EAAE,eAAe,CAAC,OAAO,EAAE,kBAAkB,EAAE,YAAY,EACjE,~~qBAAqB~~,~~CAAC,uBAAuB,~~EAAE,kBAAkB,~~CAClE~~,CAAC;QAEF,0BAA0B;QAC1B,MAAM,8BAA8B,CAClC,MAAM,EAAE,eAAe,EAAE,YAAY,EACrC,~~qBAAqB~~,~~CAAC,uBAAuB,~~EAAE,kBAAkB,~~CAClE~~,CAAC;QAEF,2CAA2C;QAC3C,MAAM,OAAO,GAAG,qBAAqB,CAAC,UAAU,CAC9C,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,YAAa,EAChD,kBAAkB,CACnB,CAAC;QAEF,6EAA6E;QAC7E,MAAM,0BAA0B,CAC9B,MAAM,EACN,eAAe,EACf,OAAO,EACP,YAAY,CACb,CAAC;QAEF,oBAAoB;QACpB,eAAe,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAE1C,uBAAuB;QACvB,kBAAkB,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;~~IAC/C~~,CAAC;IAED;;;OAGG;IACI,MAAM,CAAC,KAAK,CAAC,cAAc,CAChC,MAAc,EACd,eAA6B,EAC7B,YAA0B;~~QAE1B~~,MAAM,oBAAoB,GAAG,MAAM,iBAAiB,CAAC,MAAM,EAAE,eAAe,CAAC,OAAO,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAE7G,IAAI,WAAW,CAAC;QAChB,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;YACvC,yGAAyG;YACzG,+GAA+G;YAC/G,6EAA6E;YAC7E,WAAW,GAAG,MAAM,oBAAoB,CAAC,MAAM,EAAE,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAC9G,CAAC;aAAM,CAAC;YACN,WAAW,GAAG,MAAM,oBAAoB,CAAC,MAAM,EAAE,eAAe,CAAC,OAAO,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QACnG,CAAC;QAED,oEAAoE;QACpE,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CACpD,MAAM,EAAE,eAAe,EAAE,YAAY,CACtC,CAAC;QAEF,2EAA2E;QAC3E,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CAAC,uBAAuB,CAC5E,MAAM,EACN,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS,EAC5C,YAAY,EACZ,kBAAkB,~~CACnB~~,CAAC;QAEF,2CAA2C;QAC3C,MAAM,OAAO,GAAG,qBAAqB,CAAC,UAAU,CAC9C,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,YAAa,EAChD,kBAAkB,CACnB,CAAC;QAEF,0FAA0F;QAC1F,MAAM,iBAAiB,CACrB,MAAM,EACN,eAAe,EACf,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS,EAC5C,eAAe,CAAC,OAAO,CAAC,SAAU,EAClC,kBAAkB,EAClB,YAAY,EACZ,~~qBAAqB~~,~~CAAC~~,~~uBAAuB,EAC7C,~~kBAAkB,CACnB,CAAC;QAEF,oEAAoE;QACpE,MAAM,8BAA8B,CAClC,MAAM,EACN,eAAe,EACf,OAAO,EACP,WAAW,EACX,YAAY,EACZ,kBAAkB,CACnB,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,KAAK,CAAC,aAAa,CAC/B,MAAc,EACd,eAA4B,EAC5B,kBAAgC,EAChC,YAA0B;~~QAE1B~~,qBAAqB;QACrB,MAAM,WAAW,GACf,MAAM,oBAAoB,CAAC,MAAM,EAAE,kBAAkB,CAAC,OAAO,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAExF,oFAAoF;QACpF,2EAA2E;QAC3E,MAAM,YAAY,GAAG,MAAM,iBAAiB,CAC1C,MAAM,EAAE,kBAAkB,CAAC,OAAO,CAAC,QAAQ,EAAE,YAAY,CAC1D,CAAC;QACF,MAAM,kBAAkB,GAAG,YAAY,KAAK,SAAS;YACnD,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC,gBAAgB;YAC1C,CAAC,CAAC,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC;QAE3D,4EAA4E;QAC5E,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CAAC,uBAAuB,CAC5E,MAAM,EACN,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS,EAC/C,YAAY,EACZ,kBAAkB,~~CACnB~~,CAAC;QAEF,2CAA2C;QAC3C,MAAM,OAAO,GAAG,qBAAqB,CAAC,UAAU,CAC9C,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,YAAa,EACnD,kBAAkB,CACnB,CAAC;QAEF,0FAA0F;QAC1F,MAAM,iBAAiB,CACrB,MAAM,EACN,eAAe,EACf,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS,EAC/C,kBAAkB,CAAC,OAAO,CAAC,SAAU,EACrC,kBAAkB,EAClB,YAAY,EACZ,~~qBAAqB~~,~~CAAC~~,~~uBAAuB,EAC7C,~~kBAAkB,CACnB,CAAC;QAEF,oEAAoE;QACpE,MAAM,8BAA8B,CAClC,MAAM,EACN,eAAe,EACf,OAAO,EACP,WAAW,EACX,YAAY,EACZ,kBAAkB,CACnB,CAAC;IACJ,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,yBAAyB,CAC3C,MAAc,EACd,eAA+D,EAC/D,YAA0B;~~QAE1B~~,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC;QAExF,gCAAgC;QAChC,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CAAC,uBAAuB,CAC5E,MAAM,EACN,QAAS,EAAE,sEAAsE;QACjF,YAAY,~~CACb~~,CAAC;QAEF,2CAA2C;QAC3C,MAAM,OAAO,GAAG,qBAAqB,CAAC,UAAU,CAC9C,YAAa,EAAE,sDAAsD;QACrE,kBAAkB,CACnB,CAAC;QAEF,0FAA0F;QAC1F,MAAM,iBAAiB,CACrB,MAAM,EACN,eAAe,EACf,QAAS,EACT,SAAS,EACT,kBAAkB,EAClB,YAAY,EACZ,~~qBAAqB~~,~~CAAC~~,~~uBAAuB,CAC9C,~~CAAC;QAEF,oEAAoE;QACpE,MAAM,8BAA8B,CAClC,MAAM,EACN,eAAe,EACf,OAAO,EACP,EAAE,EAAE,2DAA2D;QAC/D,YAAY,EACZ,kBAAkB,CACnB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACI,MAAM,CAAC,KAAK,CAAC,eAAe,CACjC,MAAc,EACd,eAA8B,EAC9B,YAA0B,EAC1B,YAA0B;~~QAG1B~~,qBAAqB;QACrB,MAAM,WAAW,GACf,MAAM,oBAAoB,CAAC,MAAM,EAAE,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAEhG,oFAAoF;QACpF,MAAM,YAAY,GAAG,MAAM,iBAAiB,CAC1C,MAAM,EAAE,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,EAAE,YAAY,CAClE,CAAC;QACF,MAAM,kBAAkB,GAAG,YAAY,KAAK,SAAS;YACnD,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC,gBAAgB;YAC1C,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC;QAErD,4EAA4E;QAC5E,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CAAC,uBAAuB,CAC5E,MAAM,EACN,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS,EACzC,YAAY,EACZ,kBAAkB,~~CACnB~~,CAAC;QAEF,2CAA2C;QAC3C,MAAM,OAAO,GAAG,qBAAqB,CAAC,UAAU,CAC9C,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC,YAAa,EAC7C,kBAAkB,CACnB,CAAC;QAEF,0FAA0F;QAC1F,MAAM,iBAAiB,CACrB,MAAM,EACN,eAAe,EACf,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS,EACzC,YAAY,CAAC,OAAO,CAAC,SAAU,EAC/B,kBAAkB,EAClB,YAAY,EACZ,~~qBAAqB~~,~~CAAC~~,~~uBAAuB,EAC7C,~~kBAAkB,CACnB,CAAC;QAEF,oEAAoE;QACpE,MAAM,8BAA8B,CAClC,MAAM,EACN,eAAe,EACf,OAAO,EACP,WAAW,EACX,YAAY,EACZ,kBAAkB,CACnB,CAAC;IACJ,CAAC;IAED~~;;;;;OAKG~~;IACI,MAAM,CAAC,KAAK,CAAC,uBAAuB,CACzC,MAAc,EACd,WAAmB,EACnB,YAA0B,EAC1B,gBAAyB;~~QAEzB~~,~~wGAAwG~~;~~QACxG~~,IAAI,~~WAAW~~,KAAK,~~mBAAmB~~,CAAC,GAAG,EAAE,CAAC;~~YAC5C~~,OAAO,~~mBAAmB~~,CAAC,~~UAAU,~~CAAC;~~QACxC~~,CAAC;QAED,8CAA8C;QAC9C,MAAM,KAAK,GAAW;YACpB,SAAS,EAAG,gBAAgB,CAAC,SAAS;YACtC,MAAM,EAAM,aAAa,CAAC,SAAS;YACnC,QAAQ,EAAI,WAAW;SACxB,CAAC;QAEF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,8EAA8E;YAC9E,KAAK,CAAC,gBAAgB,GAAG,EAAE,GAAG,EAAE,gBAAgB,EAAE,CAAC;QACrD,CAAC;aAAM,CAAC;YACN,sDAAsD;YACtD,KAAK,CAAC,iBAAiB,GAAG,IAAI,CAAC;QACjC,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,MAAM,YAAY,CAAC,KAAK,CACtD,MAAM,EACN,CAAC,KAAK,CAAC,EACP,EAAE,gBAAgB,EAAE,aAAa,CAAC,UAAU,EAAE,EAC9C,EAAE,KAAK,EAAE,CAAC,EAAE,CACb,CAAC;QAEF,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,qCAAqC,EAAE,0CAA0C,WAAW,EAAE,CAAC,CAAC;QAClI,CAAC;QAED,MAAM,eAAe,GAAG,SAAS,CAAC,CAAC,CAA8B,CAAC;QAClE,OAAO,eAAe,CAAC,UAAU,CAAC,UAAU,CAAC;IAC/C,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,UAAU,CACvB,YAAoB,EACpB,kBAAsC;QAEtC,MAAM,OAAO,GAAG,gBAAgB,CAAC,YAAY,EAAE,kBAAkB,CAAC,SAAS,CAAC,CAAC;QAC7E,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,mCAAmC,EACjE,wCAAwC,YAAY,EAAE,CAAC,CAAC;QAC5D,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;~~IAED;;;OAGG;IACK,MAAM,CAAC,KAAK,CAAC,2BAA2B,CAC9C,MAAc,EACd,eAA4G,EAC5G,YAA0B;QAE1B,OAAO,2BAA2B,CAAC,MAAM,EAAE,eAAe,EAAE,YAAY,CAAC,CAAC;IAC5E,CAAC;CACF~~"}
1	+ {"version":3,"file":"protocol-authorization.js","sourceRoot":"","sources":["../../../../src/core/protocol-authorization.ts"],"names":[],"mappings":"AAYA,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AACxD,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AAEnF,OAAO,EAAE,8BAA8B,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvG,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AACnG,OAAO,EACL,0BAA0B,EAC1B,kBAAkB,EAClB,8BAA8B,EAC9B,iBAAiB,EACjB,eAAe,EACf,kBAAkB,EAClB,yBAAyB,GAC1B,MAAM,wCAAwC,CAAC;AAahD,MAAM,OAAO,qBAAqB;IAEhC;;;OAGG;IACI,MAAM,CAAC,KAAK,CAAC,4BAA4B,CAC9C,MAAc,EACd,eAA6B,EAC7B,YAA0B,EAC1B,aAAoC;QAEpC,oEAAoE;QACpE,6DAA6D;QAC7D,0GAA0G;QAC1G,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CACpD,MAAM,EAAE,eAAe,EAAE,YAAY,CACtC,CAAC;QAEF,2EAA2E;QAC3E,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CAAC,uBAAuB,CAC5E,MAAM,EACN,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS,EAC5C,YAAY,EACZ,kBAAkB,EAClB,aAAa,CACd,CAAC;QAEF,qFAAqF;QACrF,MAAM,oBAAoB,GAAG,qBAAqB,CAAC,0BAA0B,CAAC,aAAa,CAAC,CAAC;QAE7F,+FAA+F;QAC/F,oFAAoF;QACpF,MAAM,yBAAyB,CAC7B,MAAM,EAAE,eAAe,CAAC,OAAO,EAAE,kBAAkB,EAAE,YAAY,EACjE,oBAAoB,EAAE,kBAAkB,CACzC,CAAC;QAEF,0BAA0B;QAC1B,MAAM,8BAA8B,CAClC,MAAM,EAAE,eAAe,EAAE,YAAY,EACrC,oBAAoB,EAAE,kBAAkB,CACzC,CAAC;QAEF,2CAA2C;QAC3C,MAAM,OAAO,GAAG,qBAAqB,CAAC,UAAU,CAC9C,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,YAAa,EAChD,kBAAkB,CACnB,CAAC;QAEF,6EAA6E;QAC7E,MAAM,0BAA0B,CAC9B,MAAM,EACN,eAAe,EACf,OAAO,EACP,YAAY,CACb,CAAC;QAEF,oBAAoB;QACpB,eAAe,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAE1C,uBAAuB;QACvB,kBAAkB,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAE7C,6DAA6D;QAC7D,MAAM,kBAAkB,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAEnD,4BAA4B;QAC5B,MAAM,iBAAiB,CAAC,MAAM,EAAE,eAAe,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;IAC1E,CAAC;IAED;;;OAGG;IACI,MAAM,CAAC,KAAK,CAAC,cAAc,CAChC,MAAc,EACd,eAA6B,EAC7B,YAA0B,EAC1B,aAAoC;QAEpC,MAAM,oBAAoB,GAAG,MAAM,iBAAiB,CAAC,MAAM,EAAE,eAAe,CAAC,OAAO,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAE7G,IAAI,WAAW,CAAC;QAChB,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;YACvC,yGAAyG;YACzG,+GAA+G;YAC/G,6EAA6E;YAC7E,WAAW,GAAG,MAAM,oBAAoB,CAAC,MAAM,EAAE,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAC9G,CAAC;aAAM,CAAC;YACN,WAAW,GAAG,MAAM,oBAAoB,CAAC,MAAM,EAAE,eAAe,CAAC,OAAO,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QACnG,CAAC;QAED,oEAAoE;QACpE,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CACpD,MAAM,EAAE,eAAe,EAAE,YAAY,CACtC,CAAC;QAEF,2EAA2E;QAC3E,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CAAC,uBAAuB,CAC5E,MAAM,EACN,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS,EAC5C,YAAY,EACZ,kBAAkB,EAClB,aAAa,CACd,CAAC;QAEF,2CAA2C;QAC3C,MAAM,OAAO,GAAG,qBAAqB,CAAC,UAAU,CAC9C,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,YAAa,EAChD,kBAAkB,CACnB,CAAC;QAEF,MAAM,oBAAoB,GAAG,qBAAqB,CAAC,0BAA0B,CAAC,aAAa,CAAC,CAAC;QAE7F,0FAA0F;QAC1F,MAAM,iBAAiB,CACrB,MAAM,EACN,eAAe,EACf,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS,EAC5C,eAAe,CAAC,OAAO,CAAC,SAAU,EAClC,kBAAkB,EAClB,YAAY,EACZ,oBAAoB,EACpB,kBAAkB,CACnB,CAAC;QAEF,oEAAoE;QACpE,MAAM,8BAA8B,CAClC,MAAM,EACN,eAAe,EACf,OAAO,EACP,WAAW,EACX,YAAY,EACZ,kBAAkB,CACnB,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,KAAK,CAAC,aAAa,CAC/B,MAAc,EACd,eAA4B,EAC5B,kBAAgC,EAChC,YAA0B,EAC1B,aAAoC;QAEpC,qBAAqB;QACrB,MAAM,WAAW,GACf,MAAM,oBAAoB,CAAC,MAAM,EAAE,kBAAkB,CAAC,OAAO,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAExF,oFAAoF;QACpF,2EAA2E;QAC3E,MAAM,YAAY,GAAG,MAAM,iBAAiB,CAC1C,MAAM,EAAE,kBAAkB,CAAC,OAAO,CAAC,QAAQ,EAAE,YAAY,CAC1D,CAAC;QACF,MAAM,kBAAkB,GAAG,YAAY,KAAK,SAAS;YACnD,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC,gBAAgB;YAC1C,CAAC,CAAC,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC;QAE3D,4EAA4E;QAC5E,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CAAC,uBAAuB,CAC5E,MAAM,EACN,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS,EAC/C,YAAY,EACZ,kBAAkB,EAClB,aAAa,CACd,CAAC;QAEF,2CAA2C;QAC3C,MAAM,OAAO,GAAG,qBAAqB,CAAC,UAAU,CAC9C,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,YAAa,EACnD,kBAAkB,CACnB,CAAC;QAEF,MAAM,oBAAoB,GAAG,qBAAqB,CAAC,0BAA0B,CAAC,aAAa,CAAC,CAAC;QAE7F,0FAA0F;QAC1F,MAAM,iBAAiB,CACrB,MAAM,EACN,eAAe,EACf,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS,EAC/C,kBAAkB,CAAC,OAAO,CAAC,SAAU,EACrC,kBAAkB,EAClB,YAAY,EACZ,oBAAoB,EACpB,kBAAkB,CACnB,CAAC;QAEF,oEAAoE;QACpE,MAAM,8BAA8B,CAClC,MAAM,EACN,eAAe,EACf,OAAO,EACP,WAAW,EACX,YAAY,EACZ,kBAAkB,CACnB,CAAC;IACJ,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,yBAAyB,CAC3C,MAAc,EACd,eAA+D,EAC/D,YAA0B,EAC1B,aAAoC;QAEpC,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC;QAExF,gCAAgC;QAChC,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CAAC,uBAAuB,CAC5E,MAAM,EACN,QAAS,EAAE,sEAAsE;QACjF,YAAY,EACZ,SAAS,EACT,aAAa,CACd,CAAC;QAEF,2CAA2C;QAC3C,MAAM,OAAO,GAAG,qBAAqB,CAAC,UAAU,CAC9C,YAAa,EAAE,sDAAsD;QACrE,kBAAkB,CACnB,CAAC;QAEF,MAAM,oBAAoB,GAAG,qBAAqB,CAAC,0BAA0B,CAAC,aAAa,CAAC,CAAC;QAE7F,0FAA0F;QAC1F,MAAM,iBAAiB,CACrB,MAAM,EACN,eAAe,EACf,QAAS,EACT,SAAS,EACT,kBAAkB,EAClB,YAAY,EACZ,oBAAoB,CACrB,CAAC;QAEF,oEAAoE;QACpE,MAAM,8BAA8B,CAClC,MAAM,EACN,eAAe,EACf,OAAO,EACP,EAAE,EAAE,2DAA2D;QAC/D,YAAY,EACZ,kBAAkB,CACnB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACI,MAAM,CAAC,KAAK,CAAC,eAAe,CACjC,MAAc,EACd,eAA8B,EAC9B,YAA0B,EAC1B,YAA0B,EAC1B,aAAoC;QAGpC,qBAAqB;QACrB,MAAM,WAAW,GACf,MAAM,oBAAoB,CAAC,MAAM,EAAE,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAEhG,oFAAoF;QACpF,MAAM,YAAY,GAAG,MAAM,iBAAiB,CAC1C,MAAM,EAAE,eAAe,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,EAAE,YAAY,CAClE,CAAC;QACF,MAAM,kBAAkB,GAAG,YAAY,KAAK,SAAS;YACnD,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC,gBAAgB;YAC1C,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC,gBAAgB,CAAC;QAErD,4EAA4E;QAC5E,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,CAAC,uBAAuB,CAC5E,MAAM,EACN,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS,EACzC,YAAY,EACZ,kBAAkB,EAClB,aAAa,CACd,CAAC;QAEF,2CAA2C;QAC3C,MAAM,OAAO,GAAG,qBAAqB,CAAC,UAAU,CAC9C,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC,YAAa,EAC7C,kBAAkB,CACnB,CAAC;QAEF,MAAM,oBAAoB,GAAG,qBAAqB,CAAC,0BAA0B,CAAC,aAAa,CAAC,CAAC;QAE7F,0FAA0F;QAC1F,MAAM,iBAAiB,CACrB,MAAM,EACN,eAAe,EACf,YAAY,CAAC,OAAO,CAAC,UAAU,CAAC,QAAS,EACzC,YAAY,CAAC,OAAO,CAAC,SAAU,EAC/B,kBAAkB,EAClB,YAAY,EACZ,oBAAoB,EACpB,kBAAkB,CACnB,CAAC;QAEF,oEAAoE;QACpE,MAAM,8BAA8B,CAClC,MAAM,EACN,eAAe,EACf,OAAO,EACP,WAAW,EACX,YAAY,EACZ,kBAAkB,CACnB,CAAC;IACJ,CAAC;IAED;;;;;;;;;;OAUG;IACI,MAAM,CAAC,KAAK,CAAC,uBAAuB,CACzC,MAAc,EACd,WAAmB,EACnB,YAA0B,EAC1B,gBAAyB,EACzB,aAAoC;QAEpC,sGAAsG;QACtG,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;YAChC,MAAM,cAAc,GAAG,aAAa,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;YAChE,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;gBACjC,OAAO,cAAc,CAAC;YACxB,CAAC;QACH,CAAC;QAED,8CAA8C;QAC9C,MAAM,KAAK,GAAW;YACpB,SAAS,EAAG,gBAAgB,CAAC,SAAS;YACtC,MAAM,EAAM,aAAa,CAAC,SAAS;YACnC,QAAQ,EAAI,WAAW;SACxB,CAAC;QAEF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,8EAA8E;YAC9E,KAAK,CAAC,gBAAgB,GAAG,EAAE,GAAG,EAAE,gBAAgB,EAAE,CAAC;QACrD,CAAC;aAAM,CAAC;YACN,sDAAsD;YACtD,KAAK,CAAC,iBAAiB,GAAG,IAAI,CAAC;QACjC,CAAC;QAED,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,MAAM,YAAY,CAAC,KAAK,CACtD,MAAM,EACN,CAAC,KAAK,CAAC,EACP,EAAE,gBAAgB,EAAE,aAAa,CAAC,UAAU,EAAE,EAC9C,EAAE,KAAK,EAAE,CAAC,EAAE,CACb,CAAC;QAEF,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,qCAAqC,EAAE,0CAA0C,WAAW,EAAE,CAAC,CAAC;QAClI,CAAC;QAED,MAAM,eAAe,GAAG,SAAS,CAAC,CAAC,CAA8B,CAAC;QAClE,OAAO,eAAe,CAAC,UAAU,CAAC,UAAU,CAAC;IAC/C,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,0BAA0B,CAAC,aAAoC;QAC5E,OAAO,CACL,MAAc,EACd,WAAmB,EACnB,YAA0B,EAC1B,gBAAyB,EACI,EAAE;YAC/B,OAAO,qBAAqB,CAAC,uBAAuB,CAAC,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,gBAAgB,EAAE,aAAa,CAAC,CAAC;QAC3H,CAAC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,UAAU,CACvB,YAAoB,EACpB,kBAAsC;QAEtC,MAAM,OAAO,GAAG,gBAAgB,CAAC,YAAY,EAAE,kBAAkB,CAAC,SAAS,CAAC,CAAC;QAC7E,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC,mCAAmC,EACjE,wCAAwC,YAAY,EAAE,CAAC,CAAC;QAC5D,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;CAEF"}