@fiado/api-invoker 4.8.1 → 4.10.0

package/src/payroll-business/interfaces/IPayrollApi.ts

@@ -1,18 +1,18 @@
-import { PayrollBossStatusEnum } from "@fiado/type-kit/bin/payroll-business";
-
-/**
- * Interfaz para el servicio Payroll que permite operaciones sobre payroll.
- */
-export interface IPayrollApi {
-    
-    /**
-     * Obtiene registros de payroll por directorio.
-     * @param directoryId ID del directorio.
-     * @param index Indice de la página.
-     * @param pageSize Tamaño de la página.
-     * @param sort Orden de los resultados.
-     * @param status Estado del payroll. 
-     * @throws {Error} Lanza un error si los parámetros de entrada son inválidos.
-     */
-    getByDirectoryId(params: {directoryId: string,index?:string,pageSize?:number, sort?:string, status?:PayrollBossStatusEnum}): Promise<any>;
-}
+import { PayrollBossStatusEnum } from "@fiado/type-kit/bin/payroll-business";
+
+/**
+ * Interfaz para el servicio Payroll que permite operaciones sobre payroll.
+ */
+export interface IPayrollApi {
+    
+    /**
+     * Obtiene registros de payroll por directorio.
+     * @param directoryId ID del directorio.
+     * @param index Indice de la página.
+     * @param pageSize Tamaño de la página.
+     * @param sort Orden de los resultados.
+     * @param status Estado del payroll. 
+     * @throws {Error} Lanza un error si los parámetros de entrada son inválidos.
+     */
+    getByDirectoryId(params: {directoryId: string,index?:string,pageSize?:number, sort?:string, status?:PayrollBossStatusEnum}): Promise<any>;
+}

package/src/people-business/api/PeopleBusinessApi.ts

@@ -1,32 +1,32 @@
-import { inject, injectable } from "inversify";
-import { IHttpRequest } from "@fiado/http-client";
-import { IPeopleBusinessApi } from "./interfaces/IPeopleBusinessApi";
-import FiadoApiResponse from "@fiado/type-kit/bin/apiResponse/dtos/FiadoApiResponse";
-import { CPStatusEnum } from "@fiado/type-kit/bin/identity";
-
-
-@injectable()
-export default class PeopleBusinessApi implements IPeopleBusinessApi {
-
-    private readonly baseUrl = process.env.PEOPLE_BUSINESS_LAMBDA_URL || "";
-
-    constructor(@inject("IHttpRequest") private httpRequest: IHttpRequest) {
-    }
-    
-    getByCPStatus(params: { index?: string; pageSize?: number; cpStatus: CPStatusEnum; sort?: "ascending" | "descending"; }): Promise<FiadoApiResponse<{ items: { people: any; accountRequirementControl: any; }[]; index: string | null; }>> {
-        const queryParamsArray = [];
-        if (params.index) {
-            queryParamsArray.push(`index=${params.index}`);
-        }
-        if (params.pageSize) {
-            queryParamsArray.push(`pageSize=${params.pageSize}`);
-        }
-        if (params.sort) {
-            queryParamsArray.push(`sort=${params.sort}`);
-        }
-
-        const queryString = queryParamsArray.length > 0 ? '?' + queryParamsArray.join('&') : '';
-        return this.httpRequest.get(`${this.baseUrl}private/people/get/cpstatus/${params.cpStatus}${queryString}`);
-    }
-}
-
+import { inject, injectable } from "inversify";
+import { IHttpRequest } from "@fiado/http-client";
+import { IPeopleBusinessApi } from "./interfaces/IPeopleBusinessApi";
+import FiadoApiResponse from "@fiado/type-kit/bin/apiResponse/dtos/FiadoApiResponse";
+import { CPStatusEnum } from "@fiado/type-kit/bin/identity";
+
+
+@injectable()
+export default class PeopleBusinessApi implements IPeopleBusinessApi {
+
+    private readonly baseUrl = process.env.PEOPLE_BUSINESS_LAMBDA_URL || "";
+
+    constructor(@inject("IHttpRequest") private httpRequest: IHttpRequest) {
+    }
+    
+    getByCPStatus(params: { index?: string; pageSize?: number; cpStatus: CPStatusEnum; sort?: "ascending" | "descending"; }): Promise<FiadoApiResponse<{ items: { people: any; accountRequirementControl: any; }[]; index: string | null; }>> {
+        const queryParamsArray = [];
+        if (params.index) {
+            queryParamsArray.push(`index=${params.index}`);
+        }
+        if (params.pageSize) {
+            queryParamsArray.push(`pageSize=${params.pageSize}`);
+        }
+        if (params.sort) {
+            queryParamsArray.push(`sort=${params.sort}`);
+        }
+
+        const queryString = queryParamsArray.length > 0 ? '?' + queryParamsArray.join('&') : '';
+        return this.httpRequest.get(`${this.baseUrl}private/people/get/cpstatus/${params.cpStatus}${queryString}`);
+    }
+}
+

package/src/people-business/api/interfaces/IPeopleBusinessApi.ts

@@ -1,8 +1,8 @@
-import { CPStatusEnum } from "@fiado/type-kit/bin/identity";
-import FiadoApiResponse from "@fiado/type-kit/bin/apiResponse/dtos/FiadoApiResponse";
-
-
-export interface IPeopleBusinessApi {
-getByCPStatus(params: { index: string; pageSize: number; cpStatus: CPStatusEnum; sort: "ascending" | "descending"; }): Promise<FiadoApiResponse<{ items: {people: any, accountRequirementControl: any}[]; index: string | null; }>>;
-
+import { CPStatusEnum } from "@fiado/type-kit/bin/identity";
+import FiadoApiResponse from "@fiado/type-kit/bin/apiResponse/dtos/FiadoApiResponse";
+
+
+export interface IPeopleBusinessApi {
+getByCPStatus(params: { index: string; pageSize: number; cpStatus: CPStatusEnum; sort: "ascending" | "descending"; }): Promise<FiadoApiResponse<{ items: {people: any, accountRequirementControl: any}[]; index: string | null; }>>;
+
 }

package/src/people-business/index.ts

@@ -1,2 +1,2 @@
-export * from './api/PeopleBusinessApi';
+export * from './api/PeopleBusinessApi';
 export * from './api/interfaces/IPeopleBusinessApi';

package/src/platform-error-events/index.ts

@@ -1,2 +1,2 @@
-export * from './queue/PlatformErrorEventsPublisher';
-export * from './queue/interfaces/IPlatformErrorEventsPublisher';
+export * from './queue/PlatformErrorEventsPublisher';
+export * from './queue/interfaces/IPlatformErrorEventsPublisher';

package/src/platform-error-events/queue/PlatformErrorEventsPublisher.ts

@@ -1,24 +1,24 @@
-import { SendMessageCommand, SendMessageRequest, SQSClient } from "@aws-sdk/client-sqs";
-import { IPlatformErrorEventsPublisher } from "./interfaces/IPlatformErrorEventsPublisher";
-import { PlatformErrorEventMessage } from "@fiado/type-kit/bin/platformErrorEvents";
-import { injectable } from "inversify";
-
-@injectable()
-export default class PlatformErrorEventsPublisher implements IPlatformErrorEventsPublisher {
-    private readonly PLATFORM_ERROR_EVENTS_QUEUE = process.env.PLATFORM_ERROR_EVENTS_QUEUE;
-
-    async publish(message: PlatformErrorEventMessage): Promise<void> {
-        try {
-            const client: SQSClient = new SQSClient();
-            const sendMessageRequest: SendMessageRequest = {
-                QueueUrl: this.PLATFORM_ERROR_EVENTS_QUEUE,
-                MessageBody: JSON.stringify(message)
-            };
-            const command: SendMessageCommand = new SendMessageCommand(sendMessageRequest);
-            await client.send(command);
-        } catch (error) {
-            const errorMessage = error instanceof Error ? error.message : String(error);
-            throw new Error(`Error publishing message to PlatformErrorEventsQueue${': ' + errorMessage}`);
-        }
-    }
-}
+import { SendMessageCommand, SendMessageRequest, SQSClient } from "@aws-sdk/client-sqs";
+import { IPlatformErrorEventsPublisher } from "./interfaces/IPlatformErrorEventsPublisher";
+import { PlatformErrorEventMessage } from "@fiado/type-kit/bin/platformErrorEvents";
+import { injectable } from "inversify";
+
+@injectable()
+export default class PlatformErrorEventsPublisher implements IPlatformErrorEventsPublisher {
+    private readonly PLATFORM_ERROR_EVENTS_QUEUE = process.env.PLATFORM_ERROR_EVENTS_QUEUE;
+
+    async publish(message: PlatformErrorEventMessage): Promise<void> {
+        try {
+            const client: SQSClient = new SQSClient();
+            const sendMessageRequest: SendMessageRequest = {
+                QueueUrl: this.PLATFORM_ERROR_EVENTS_QUEUE,
+                MessageBody: JSON.stringify(message)
+            };
+            const command: SendMessageCommand = new SendMessageCommand(sendMessageRequest);
+            await client.send(command);
+        } catch (error) {
+            const errorMessage = error instanceof Error ? error.message : String(error);
+            throw new Error(`Error publishing message to PlatformErrorEventsQueue${': ' + errorMessage}`);
+        }
+    }
+}

package/src/platform-error-events/queue/interfaces/IPlatformErrorEventsPublisher.ts

@@ -1,5 +1,5 @@
-import { PlatformErrorEventMessage } from "@fiado/type-kit/bin/platformErrorEvents";
-
-export interface IPlatformErrorEventsPublisher {
-    publish(message: PlatformErrorEventMessage): Promise<void>;
-}
+import { PlatformErrorEventMessage } from "@fiado/type-kit/bin/platformErrorEvents";
+
+export interface IPlatformErrorEventsPublisher {
+    publish(message: PlatformErrorEventMessage): Promise<void>;
+}

package/src/platformRbac/api/PlatformRbacBusinessApi.ts

@@ -1,55 +1,64 @@
-import { inject, injectable } from "inversify";
-import { IHttpRequest } from "@fiado/http-client";
-import { ApiGatewayResponse } from "@fiado/gateway-adapter";
-// TD-AI-001: import de @fiado/type-kit/bin/platformRbac requiere npm link a type-kit 3.43.1 hasta publish final. Ver docs/TECH_DEBT.md.
-import {
-    DefineNextChallengeRequest,
-    DefineNextChallengeResponse,
-    PrepareChallengeRequest,
-    PrepareChallengeResponse,
-    VerifyChallengeRequest,
-    VerifyChallengeResponse,
-} from "@fiado/type-kit/bin/platformRbac";
-import { IPlatformRbacBusinessApi } from "./interfaces/IPlatformRbacBusinessApi";
-
-/**
- * Publisher HTTP del lambda `platform-rbac-business` (componente 06 SureKeep Fase 0)
- * para los 3 endpoints internos del Custom Auth Challenge flow.
- *
- * Env var requerida en el consumer: `PLATFORM_RBAC_BUSINESS_URL`.
- * El template.yml del consumer la setea con:
- *
- *   PLATFORM_RBAC_BUSINESS_URL: '{{resolve:ssm:platform-rbac-business}}'
- *
- * Convención CLAUDE.md global: SSM key = nombre del lambda owner de la URL.
- * El rbac-business publica su URL en SSM bajo la key `platform-rbac-business`
- * vía el `post_build` del buildspec.yml estándar Fiado.
- */
-@injectable()
-export default class PlatformRbacBusinessApi implements IPlatformRbacBusinessApi {
-    /** URL base del lambda. Leída de env var en cold start del consumer. */
-    private readonly baseUrl = process.env.PLATFORM_RBAC_BUSINESS_URL || "";
-
-    constructor(@inject("IHttpRequest") private httpRequest: IHttpRequest) {}
-
-    async defineNextChallenge(
-        input: DefineNextChallengeRequest,
-    ): Promise<ApiGatewayResponse<DefineNextChallengeResponse>> {
-        const url = `${this.baseUrl}/internal/auth/define-next-challenge`;
-        return await this.httpRequest.post(url, input);
-    }
-
-    async prepareChallenge(
-        input: PrepareChallengeRequest,
-    ): Promise<ApiGatewayResponse<PrepareChallengeResponse>> {
-        const url = `${this.baseUrl}/internal/auth/prepare-challenge`;
-        return await this.httpRequest.post(url, input);
-    }
-
-    async verifyChallenge(
-        input: VerifyChallengeRequest,
-    ): Promise<ApiGatewayResponse<VerifyChallengeResponse>> {
-        const url = `${this.baseUrl}/internal/auth/verify-challenge`;
-        return await this.httpRequest.post(url, input);
-    }
-}
+import { inject, injectable } from "inversify";
+import type { IHttpRequest } from "@fiado/http-client";
+import { ApiGatewayResponse } from "@fiado/gateway-adapter";
+// TD-AI-001: import de @fiado/type-kit/bin/platformRbac requiere npm link a type-kit 3.43.1 hasta publish final. Ver docs/TECH_DEBT.md.
+import {
+    DefineNextChallengeRequest,
+    DefineNextChallengeResponse,
+    PrepareChallengeRequest,
+    PrepareChallengeResponse,
+    VerifyChallengeRequest,
+    VerifyChallengeResponse,
+    AuthorizeRequest,
+    AuthorizeResponse,
+} from "@fiado/type-kit/bin/platformRbac";
+import { IPlatformRbacBusinessApi } from "./interfaces/IPlatformRbacBusinessApi";
+
+/**
+ * Publisher HTTP del lambda `platform-rbac-business` (componente 06 SureKeep Fase 0)
+ * para los 3 endpoints internos del Custom Auth Challenge flow.
+ *
+ * Env var requerida en el consumer: `PLATFORM_RBAC_BUSINESS_URL`.
+ * El template.yml del consumer la setea con:
+ *
+ *   PLATFORM_RBAC_BUSINESS_URL: '{{resolve:ssm:platform-rbac-business}}'
+ *
+ * Convención CLAUDE.md global: SSM key = nombre del lambda owner de la URL.
+ * El rbac-business publica su URL en SSM bajo la key `platform-rbac-business`
+ * vía el `post_build` del buildspec.yml estándar Fiado.
+ */
+@injectable()
+export default class PlatformRbacBusinessApi implements IPlatformRbacBusinessApi {
+    /** URL base del lambda. Leída de env var en cold start del consumer. */
+    private readonly baseUrl = process.env.PLATFORM_RBAC_BUSINESS_URL || "";
+
+    constructor(@inject("IHttpRequest") private httpRequest: IHttpRequest) {}
+
+    async defineNextChallenge(
+        input: DefineNextChallengeRequest,
+    ): Promise<ApiGatewayResponse<DefineNextChallengeResponse>> {
+        const url = `${this.baseUrl}/internal/auth/define-next-challenge`;
+        return await this.httpRequest.post(url, input);
+    }
+
+    async prepareChallenge(
+        input: PrepareChallengeRequest,
+    ): Promise<ApiGatewayResponse<PrepareChallengeResponse>> {
+        const url = `${this.baseUrl}/internal/auth/prepare-challenge`;
+        return await this.httpRequest.post(url, input);
+    }
+
+    async verifyChallenge(
+        input: VerifyChallengeRequest,
+    ): Promise<ApiGatewayResponse<VerifyChallengeResponse>> {
+        const url = `${this.baseUrl}/internal/auth/verify-challenge`;
+        return await this.httpRequest.post(url, input);
+    }
+
+    async authorize(
+        input: AuthorizeRequest,
+    ): Promise<ApiGatewayResponse<AuthorizeResponse>> {
+        const url = `${this.baseUrl}/internal/authorize`;
+        return await this.httpRequest.post(url, input);
+    }
+}

package/src/platformRbac/api/interfaces/IPlatformRbacBusinessApi.ts

@@ -1,56 +1,69 @@
-import { ApiGatewayResponse } from "@fiado/gateway-adapter";
-import {
-    DefineNextChallengeRequest,
-    DefineNextChallengeResponse,
-    PrepareChallengeRequest,
-    PrepareChallengeResponse,
-    VerifyChallengeRequest,
-    VerifyChallengeResponse,
-} from "@fiado/type-kit/bin/platformRbac";
-
-/**
- * Contrato del publisher HTTP del lambda `platform-rbac-business` (componente 06 SureKeep Fase 0)
- * para los 3 endpoints internos del Custom Auth Challenge flow (MFA).
- *
- * Consumidores: `cognito-backoffice-connector` desde los Lambda Triggers
- * `defineAuthChallenge`, `createAuthChallenge` y `verifyAuthChallengeResponse`
- * configurados en cada User Pool aprovisionado por la saga `TenantOnboardingManager`.
- *
- * Patrón de retorno: `Promise<ApiGatewayResponse<T>>` sin unwrap (v4 canonical Fiado).
- * El consumer accede `result.body.data` para llegar al payload tipado.
- *
- * Env var requerida en el consumer: `PLATFORM_RBAC_BUSINESS_URL`.
- * El template.yml del consumer la setea con:
- *
- *   PLATFORM_RBAC_BUSINESS_URL: '{{resolve:ssm:platform-rbac-business}}'
- *
- * Convención CLAUDE.md global: SSM key = nombre del lambda owner de la URL.
- */
-export interface IPlatformRbacBusinessApi {
-    /**
-     * POST /internal/auth/define-next-challenge — decide el próximo challenge MFA
-     * según los resultados acumulados en `session`. Invocado por el trigger
-     * `defineAuthChallenge` en cada paso del Custom Auth Challenge flow.
-     */
-    defineNextChallenge(
-        input: DefineNextChallengeRequest,
-    ): Promise<ApiGatewayResponse<DefineNextChallengeResponse>>;
-
-    /**
-     * POST /internal/auth/prepare-challenge — prepara el challenge (genera y envía
-     * código OTP por email/SMS, o computa el `privateChallenge` para TOTP).
-     * Invocado por el trigger `createAuthChallenge`.
-     */
-    prepareChallenge(
-        input: PrepareChallengeRequest,
-    ): Promise<ApiGatewayResponse<PrepareChallengeResponse>>;
-
-    /**
-     * POST /internal/auth/verify-challenge — verifica la respuesta del usuario
-     * contra el `privateChallenge`. Invocado por el trigger
-     * `verifyAuthChallengeResponse`.
-     */
-    verifyChallenge(
-        input: VerifyChallengeRequest,
-    ): Promise<ApiGatewayResponse<VerifyChallengeResponse>>;
-}
+import { ApiGatewayResponse } from "@fiado/gateway-adapter";
+import {
+    DefineNextChallengeRequest,
+    DefineNextChallengeResponse,
+    PrepareChallengeRequest,
+    PrepareChallengeResponse,
+    VerifyChallengeRequest,
+    VerifyChallengeResponse,
+    AuthorizeRequest,
+    AuthorizeResponse,
+} from "@fiado/type-kit/bin/platformRbac";
+
+/**
+ * Contrato del publisher HTTP del lambda `platform-rbac-business` (componente 06 SureKeep Fase 0)
+ * para los 3 endpoints internos del Custom Auth Challenge flow (MFA).
+ *
+ * Consumidores: `cognito-backoffice-connector` desde los Lambda Triggers
+ * `defineAuthChallenge`, `createAuthChallenge` y `verifyAuthChallengeResponse`
+ * configurados en cada User Pool aprovisionado por la saga `TenantOnboardingManager`.
+ *
+ * Patrón de retorno: `Promise<ApiGatewayResponse<T>>` sin unwrap (v4 canonical Fiado).
+ * El consumer accede `result.body.data` para llegar al payload tipado.
+ *
+ * Env var requerida en el consumer: `PLATFORM_RBAC_BUSINESS_URL`.
+ * El template.yml del consumer la setea con:
+ *
+ *   PLATFORM_RBAC_BUSINESS_URL: '{{resolve:ssm:platform-rbac-business}}'
+ *
+ * Convención CLAUDE.md global: SSM key = nombre del lambda owner de la URL.
+ */
+export interface IPlatformRbacBusinessApi {
+    /**
+     * POST /internal/auth/define-next-challenge — decide el próximo challenge MFA
+     * según los resultados acumulados en `session`. Invocado por el trigger
+     * `defineAuthChallenge` en cada paso del Custom Auth Challenge flow.
+     */
+    defineNextChallenge(
+        input: DefineNextChallengeRequest,
+    ): Promise<ApiGatewayResponse<DefineNextChallengeResponse>>;
+
+    /**
+     * POST /internal/auth/prepare-challenge — prepara el challenge (genera y envía
+     * código OTP por email/SMS, o computa el `privateChallenge` para TOTP).
+     * Invocado por el trigger `createAuthChallenge`.
+     */
+    prepareChallenge(
+        input: PrepareChallengeRequest,
+    ): Promise<ApiGatewayResponse<PrepareChallengeResponse>>;
+
+    /**
+     * POST /internal/auth/verify-challenge — verifica la respuesta del usuario
+     * contra el `privateChallenge`. Invocado por el trigger
+     * `verifyAuthChallengeResponse`.
+     */
+    verifyChallenge(
+        input: VerifyChallengeRequest,
+    ): Promise<ApiGatewayResponse<VerifyChallengeResponse>>;
+
+    /**
+     * POST /internal/authorize — decide allow/deny de un permiso (PDP del modelo
+     * PEP/PDP de RBAC enforcement). Invocado por el decorador `@RequirePermission`
+     * del `@fiado/gateway-adapter` vía la impl `IAuthorizer` de cada lambda consumidor.
+     * El rbac descubre el pool por `iss`, valida el token (vía connector introspect),
+     * resuelve permisos efectivos y devuelve `{ allow, reason?, context? }`.
+     */
+    authorize(
+        input: AuthorizeRequest,
+    ): Promise<ApiGatewayResponse<AuthorizeResponse>>;
+}