@frontegg/entitlements-javascript-commons 1.0.0-alpha.4 → 1.0.0-alpha.6

package/src/operations/components/tests/sanitizers.resolver.spec.ts

@@ -0,0 +1,14 @@
+import { useSanitizer } from '../sanitizers.resolver';
+import { OperationEnum } from '../../types';
+
+describe('SanitizerResolver', () => {
+  it('should return undefined when operation is not supported', () => {
+    const sanitizer = useSanitizer('not supported' as any);
+    expect(sanitizer).toEqual(undefined);
+  });
+
+  it('should return sanitizer when operation is supported', () => {
+    const sanitizer = useSanitizer(OperationEnum.On);
+    expect(sanitizer).toEqual(expect.any(Function));
+  });
+});

package/src/operations/date/sanitizers.ts

@@ -0,0 +1,27 @@
+import { OperationEnum, Sanitizer, SanitizersMapper } from '../types';
+import { BetweenDateOperationPayload, DateOperationPayload, SingleDateOperationPayload } from './types';
+
+export const sanitizeSingleDate: Sanitizer<SingleDateOperationPayload> = (value) => {
+  const sanitizedValue = value.date ? { date: value.date as Date } : undefined;
+
+  return {
+    isSanitized: !!sanitizedValue,
+    sanitizedValue,
+  };
+};
+
+export const sanitizeDateRange: Sanitizer<BetweenDateOperationPayload> = (value) => {
+  const sanitizedValue = value.start && value.end ? { start: value.start as Date, end: value.end as Date } : undefined;
+
+  return {
+    isSanitized: !!sanitizedValue,
+    sanitizedValue,
+  };
+};
+
+export const DateSanitizersMapper: SanitizersMapper<DateOperationPayload> = {
+  [OperationEnum.On]: sanitizeSingleDate,
+  [OperationEnum.OnOrAfter]: sanitizeDateRange,
+  [OperationEnum.OnOrBefore]: sanitizeSingleDate,
+  [OperationEnum.BetweenDate]: sanitizeSingleDate,
+};

package/src/operations/date/{operations.spec.ts → tests/operations.spec.ts}

@@ -3,7 +3,7 @@ import {
   useDateOnOperation,
   useDateOnOrAfterOperation,
   useDateOnOrBeforeOperation,
-} from './index';
+} from '../index';
 import { fc, test } from '@fast-check/jest';
 
 describe('Date operations', () => {

package/src/operations/date/tests/sanitizers.spec.ts

@@ -0,0 +1,43 @@
+import { fc, test } from '@fast-check/jest';
+import { sanitizeDateRange, sanitizeSingleDate } from '../sanitizers';
+
+describe('Date sanitizers', () => {
+  test.prop([fc.record({ date: fc.date() })], { verbose: true })(
+    'should return sanitized when date value exists',
+    (value) => {
+      const sanitizationResult = sanitizeSingleDate(value);
+
+      expect(sanitizationResult.isSanitized).toBe(true);
+      expect(typeof sanitizationResult.sanitizedValue).toBe('object');
+      expect(sanitizationResult.sanitizedValue).toEqual({ date: value.date });
+    },
+  );
+
+  test.prop([fc.object()], { verbose: true })('should fail sanitization when date value does not exist', (value) => {
+    const sanitizationResult = sanitizeSingleDate(value);
+
+    expect(sanitizationResult.isSanitized).toBe(false);
+    expect(sanitizationResult.sanitizedValue).toBeUndefined();
+  });
+
+  test.prop([fc.record({ start: fc.date(), end: fc.date() })], { verbose: true })(
+    'should return sanitized when start and end values exist',
+    (value) => {
+      const sanitizationResult = sanitizeDateRange(value);
+
+      expect(sanitizationResult.isSanitized).toBe(true);
+      expect(typeof sanitizationResult.sanitizedValue).toBe('object');
+      expect(sanitizationResult.sanitizedValue).toEqual({ start: value.start, end: value.end });
+    },
+  );
+
+  test.prop([fc.object()], { verbose: true })(
+    'should fail sanitization when start and end values do not exist',
+    (value) => {
+      const sanitizationResult = sanitizeDateRange(value);
+
+      expect(sanitizationResult.isSanitized).toBe(false);
+      expect(sanitizationResult.sanitizedValue).toBeUndefined();
+    },
+  );
+});

package/src/operations/numeric/index.ts

@@ -10,6 +10,7 @@ import {
 import { BetweenNumericOperationPayload, SingleNumericOperationPayload } from './types';
 
 export * from './operations';
+export * from './sanitizers';
 export * from './types';
 
 export const NumericOperationsMapper: OperationsMapper = {

package/src/operations/numeric/sanitizers.ts

@@ -0,0 +1,34 @@
+import { OperationEnum, Sanitizer, SanitizersMapper } from '../types';
+import { BetweenNumericOperationPayload, NumericOperationPayload, SingleNumericOperationPayload } from './types';
+
+const isNumber = (value: unknown): value is number => typeof value === 'number';
+
+export const sanitizeSingleNumber: Sanitizer<SingleNumericOperationPayload> = (value) => {
+  const sanitizedValue = value.number !== undefined && isNumber(value.number) ? { number: value.number } : undefined;
+
+  return {
+    isSanitized: !!sanitizedValue,
+    sanitizedValue,
+  };
+};
+
+export const sanitizeNumericRange: Sanitizer<BetweenNumericOperationPayload> = (value) => {
+  const sanitizedValue =
+    value.start !== undefined && value.end !== undefined && isNumber(value.start) && isNumber(value.end)
+      ? { start: value.start, end: value.end }
+      : undefined;
+
+  return {
+    isSanitized: !!sanitizedValue,
+    sanitizedValue,
+  };
+};
+
+export const NumericSanitizersMapper: SanitizersMapper<NumericOperationPayload> = {
+  [OperationEnum.Equal]: sanitizeSingleNumber,
+  [OperationEnum.GreaterThan]: sanitizeNumericRange,
+  [OperationEnum.GreaterThanEqual]: sanitizeSingleNumber,
+  [OperationEnum.LesserThan]: sanitizeSingleNumber,
+  [OperationEnum.LesserThanEqual]: sanitizeNumericRange,
+  [OperationEnum.BetweenNumeric]: sanitizeNumericRange,
+};

package/src/operations/numeric/tests/sanitizers.spec.ts

@@ -0,0 +1,44 @@
+import { fc, test } from '@fast-check/jest';
+import { sanitizeNumericRange, sanitizeSingleNumber } from '../sanitizers';
+
+describe('Numeric sanitizers', () => {
+  test.prop([fc.record({ number: fc.integer() })], { verbose: true })('should return sanitized number', (value) => {
+    const sanitizationResult = sanitizeSingleNumber(value);
+
+    expect(sanitizationResult.isSanitized).toBe(true);
+    expect(typeof sanitizationResult.sanitizedValue?.number).toBe('number');
+    expect(sanitizationResult.sanitizedValue).toEqual({ number: value.number });
+  });
+
+  test.prop([fc.object()], { verbose: true })(
+    'should not return sanitization values when number does not exist in value',
+    (value) => {
+      const sanitizationResult = sanitizeSingleNumber(value);
+
+      expect(sanitizationResult.isSanitized).toBe(false);
+      expect(sanitizationResult.sanitizedValue).toBeUndefined();
+    },
+  );
+
+  test.prop([fc.record({ start: fc.integer(), end: fc.integer() })], { verbose: true })(
+    'should return sanitized range',
+    (value) => {
+      const sanitizationResult = sanitizeNumericRange(value);
+
+      expect(sanitizationResult.isSanitized).toBe(true);
+      expect(typeof sanitizationResult.sanitizedValue?.start).toBe('number');
+      expect(typeof sanitizationResult.sanitizedValue?.end).toBe('number');
+      expect(sanitizationResult.sanitizedValue).toEqual({ start: value.start, end: value.end });
+    },
+  );
+
+  test.prop([fc.object()], { verbose: true })(
+    'should not return sanitization values when start or end does not exist in value',
+    (value) => {
+      const sanitizationResult = sanitizeNumericRange(value);
+
+      expect(sanitizationResult.isSanitized).toBe(false);
+      expect(sanitizationResult.sanitizedValue).toBeUndefined();
+    },
+  );
+});

package/src/operations/string/sanitizers.ts

@@ -0,0 +1,33 @@
+import { OperationEnum, Sanitizer, SanitizersMapper } from '../types';
+import { ListStringOperationPayload, SingleStringOperationPayload, StringOperationPayload } from './types';
+
+const isString = (value: unknown): value is string => typeof value === 'string';
+
+export const sanitizeSingleString: Sanitizer<SingleStringOperationPayload> = (value) => {
+  const sanitizedValue = value.string !== undefined && isString(value.string) ? { string: value.string } : undefined;
+
+  return {
+    isSanitized: !!sanitizedValue,
+    sanitizedValue,
+  };
+};
+
+export const sanitizeListString: Sanitizer<ListStringOperationPayload> = (value) => {
+  const sanitizedValue =
+    value.list !== undefined && (<unknown[]>value.list).every((str) => isString(str))
+      ? { list: value.list as string[] }
+      : undefined;
+
+  return {
+    isSanitized: !!sanitizedValue,
+    sanitizedValue,
+  };
+};
+
+export const StringSanitizersMapper: SanitizersMapper<StringOperationPayload> = {
+  [OperationEnum.Matches]: sanitizeSingleString,
+  [OperationEnum.Contains]: sanitizeListString,
+  [OperationEnum.StartsWith]: sanitizeSingleString,
+  [OperationEnum.EndsWith]: sanitizeSingleString,
+  [OperationEnum.InList]: sanitizeListString,
+};

package/src/operations/string/tests/sanitizers.spec.ts

@@ -0,0 +1,45 @@
+import { fc, test } from '@fast-check/jest';
+import { sanitizeListString, sanitizeSingleString } from '../sanitizers';
+
+describe('String sanitizers', () => {
+  test.prop([fc.record({ list: fc.array(fc.string()) })], { verbose: true })(
+    'should return sanitized strings list',
+    (value) => {
+      const sanitizationResult = sanitizeListString(value);
+
+      expect(sanitizationResult.isSanitized).toBe(true);
+      expect(sanitizationResult.sanitizedValue?.list).toEqual(value.list);
+    },
+  );
+
+  test.prop([fc.object()], { verbose: true })(
+    'should not return sanitized strings list when list property does not exist',
+    (value) => {
+      const sanitizationResult = sanitizeListString(value);
+
+      expect(sanitizationResult.isSanitized).toBe(false);
+      expect(sanitizationResult.sanitizedValue).toBeUndefined();
+    },
+  );
+
+  test.prop([fc.record({ string: fc.string() })], { verbose: true })(
+    'should sanitized string string property exists',
+    (value) => {
+      const sanitizationResult = sanitizeSingleString(value);
+
+      expect(sanitizationResult.isSanitized).toBe(true);
+      expect(typeof sanitizationResult.sanitizedValue?.string).toEqual('string');
+      expect(sanitizationResult.sanitizedValue?.string).toEqual(value.string);
+    },
+  );
+
+  test.prop([fc.object()], { verbose: true })(
+    'should not return sanitized string when string property does not exist',
+    (value) => {
+      const sanitizationResult = sanitizeSingleString(value);
+
+      expect(sanitizationResult.isSanitized).toBe(false);
+      expect(sanitizationResult.sanitizedValue).toBeUndefined();
+    },
+  );
+});

package/src/operations/types/index.ts

@@ -8,6 +8,7 @@ export interface OperationResult {
   isValid: boolean;
 }
 
+export type RawConditionValue = Record<string, unknown>;
 export type ConditionValue =
   | StringOperationPayload
   | NumericOperationPayload
@@ -19,4 +20,11 @@ export type OperationHandler = (attribute: any) => OperationResult;
 export type OperationContextEnricher = (value: ConditionValue) => OperationHandler;
 export type OperationsMapper = { [key in OperationEnum]?: OperationContextEnricher };
 
+export interface SanitizationResult<T extends ConditionValue> {
+  isSanitized: boolean;
+  sanitizedValue: T | undefined;
+}
+export type Sanitizer<T extends ConditionValue> = (value: RawConditionValue) => SanitizationResult<T>;
+export type SanitizersMapper<T extends ConditionValue> = { [key in OperationEnum]?: Sanitizer<T> };
+
 export * from './operation.enum';

package/src/user-entitlements/index.ts

@@ -0,0 +1 @@
+export * from './is-entitled.evaluator';

package/src/user-entitlements/is-entitled.evaluator.ts

@@ -0,0 +1,71 @@
+import { Attributes, EntitlementResult, Justification, NO_EXPIRATION_TIME, UserEntitlementsContext } from './types';
+import { evaluateFeatureFlag } from '../feature-flags';
+import { TreatmentEnum } from '../rules';
+export function evaluateIsEntitledToFeature(
+  featureKey: string,
+  userEntitlementsContext: UserEntitlementsContext,
+  attributes: Attributes,
+): EntitlementResult {
+  const feature = userEntitlementsContext.features[featureKey];
+
+  let hasExpired = false;
+  if (feature && feature.expireTime !== null) {
+    hasExpired = feature.expireTime !== NO_EXPIRATION_TIME && feature.expireTime < Date.now();
+
+    if (!hasExpired) {
+      return { isEntitled: true };
+    }
+  }
+
+  if (feature && feature.featureFlag) {
+    const { treatment } = evaluateFeatureFlag(feature.featureFlag, attributes);
+    if (treatment === TreatmentEnum.True) {
+      return { isEntitled: true };
+    }
+  }
+
+  return { isEntitled: false, justification: hasExpired ? Justification.BundleExpired : Justification.MissingFeature };
+}
+
+export function evaluateIsEntitledToPermissions(
+  permissionKey: string,
+  userEntitlementsContext: UserEntitlementsContext,
+  attributes: Attributes,
+): EntitlementResult {
+  const permission = userEntitlementsContext.permissions[permissionKey];
+
+  if (!permission) {
+    return { isEntitled: false, justification: Justification.MissingPermission };
+  }
+
+  const linkedFeatures = getLinkedFeatures(permissionKey, userEntitlementsContext);
+
+  if (!linkedFeatures.length) {
+    return { isEntitled: true };
+  }
+
+  let hasExpired = false;
+
+  for (const featureKey of linkedFeatures) {
+    const { isEntitled, justification } = evaluateIsEntitledToFeature(featureKey, userEntitlementsContext, attributes);
+
+    if (isEntitled) {
+      return { isEntitled: true };
+    }
+
+    if (justification === Justification.BundleExpired) {
+      hasExpired = true;
+    }
+  }
+
+  return {
+    isEntitled: false,
+    justification: hasExpired ? Justification.BundleExpired : Justification.MissingFeature,
+  };
+}
+
+function getLinkedFeatures(permissionKey: string, userEntitlementsContext: UserEntitlementsContext): string[] {
+  return Object.keys(userEntitlementsContext.features).filter((featureKey) =>
+    userEntitlementsContext.features[featureKey].linkedPermissions.includes(permissionKey),
+  );
+}

package/src/user-entitlements/tests/is-entitled.evaluator.spec.ts

@@ -0,0 +1,291 @@
+import * as FeatureFlags from '../../feature-flags/feature-flag.evaluator';
+import * as IsEntitledEvaluators from '../is-entitled.evaluator';
+import { TreatmentEnum } from '../../rules';
+import { EntitlementResult, Justification, NO_EXPIRATION_TIME, UserEntitlementsContext } from '../types';
+import { FeatureFlag } from '../../feature-flags/types';
+const mockFeatureFlag: FeatureFlag = {
+  on: true,
+  defaultTreatment: TreatmentEnum.True,
+  offTreatment: TreatmentEnum.False,
+  rules: [],
+};
+const truthyEntitlementResult: EntitlementResult = {
+  isEntitled: true,
+};
+const falsyEntitlementResultMissingFeature: EntitlementResult = {
+  isEntitled: false,
+  justification: Justification.MissingFeature,
+};
+const falsyEntitlementResultBundleExpired: EntitlementResult = {
+  isEntitled: false,
+  justification: Justification.BundleExpired,
+};
+const falsyEntitlementResultMissingPermission: EntitlementResult = {
+  isEntitled: false,
+  justification: Justification.MissingPermission,
+};
+describe('evaluateIsEntitledToFeature', () => {
+  describe('entitled', () => {
+    describe('feature-flag evaluated truthy', () => {
+      beforeAll(async () => {
+        jest.spyOn(FeatureFlags, 'evaluateFeatureFlag').mockReturnValue({ treatment: TreatmentEnum.True });
+      });
+
+      test('feature granted with valid expiration date', async () => {
+        const userEntitlementContext: UserEntitlementsContext = {
+          features: {
+            'test-feature': {
+              expireTime: new Date().getTime() + 3600,
+              linkedPermissions: [],
+              featureFlag: mockFeatureFlag,
+            },
+          },
+          permissions: {},
+        };
+        const result = IsEntitledEvaluators.evaluateIsEntitledToFeature('test-feature', userEntitlementContext, {});
+
+        expect(result).toEqual(truthyEntitlementResult);
+      });
+      test('feature granted with expired expiration date', async () => {
+        const userEntitlementContext: UserEntitlementsContext = {
+          features: {
+            'test-feature': {
+              expireTime: new Date().getTime() - 3600,
+              linkedPermissions: [],
+              featureFlag: mockFeatureFlag,
+            },
+          },
+          permissions: {},
+        };
+        const result = IsEntitledEvaluators.evaluateIsEntitledToFeature('test-feature', userEntitlementContext, {});
+
+        expect(result).toEqual(truthyEntitlementResult);
+      });
+      test('feature granted with no expiration date', async () => {
+        const userEntitlementContext: UserEntitlementsContext = {
+          features: {
+            'test-feature': {
+              expireTime: NO_EXPIRATION_TIME,
+              linkedPermissions: [],
+              featureFlag: mockFeatureFlag,
+            },
+          },
+          permissions: {},
+        };
+        const result = IsEntitledEvaluators.evaluateIsEntitledToFeature('test-feature', userEntitlementContext, {});
+
+        expect(result).toEqual(truthyEntitlementResult);
+      });
+      test('feature has not been granted', async () => {
+        const userEntitlementContext: UserEntitlementsContext = {
+          features: {
+            'test-feature': {
+              expireTime: null,
+              linkedPermissions: [],
+              featureFlag: mockFeatureFlag,
+            },
+          },
+          permissions: {},
+        };
+        const result = IsEntitledEvaluators.evaluateIsEntitledToFeature('test-feature', userEntitlementContext, {});
+
+        expect(result).toEqual(truthyEntitlementResult);
+      });
+    });
+    describe('feature-flag evaluated falsy', () => {
+      beforeAll(async () => {
+        jest.spyOn(FeatureFlags, 'evaluateFeatureFlag').mockReturnValue({ treatment: TreatmentEnum.False });
+      });
+      test('feature granted with no expiration date', async () => {
+        const userEntitlementContext: UserEntitlementsContext = {
+          features: {
+            'test-feature': {
+              expireTime: NO_EXPIRATION_TIME,
+              linkedPermissions: [],
+              featureFlag: mockFeatureFlag,
+            },
+          },
+          permissions: {},
+        };
+        const result = IsEntitledEvaluators.evaluateIsEntitledToFeature('test-feature', userEntitlementContext, {});
+
+        expect(result).toEqual(truthyEntitlementResult);
+      });
+      test('feature granted with valid expiration date', async () => {
+        const userEntitlementContext: UserEntitlementsContext = {
+          features: {
+            'test-feature': {
+              expireTime: Date.now() + 3600,
+              linkedPermissions: [],
+              featureFlag: mockFeatureFlag,
+            },
+          },
+          permissions: {},
+        };
+        const result = IsEntitledEvaluators.evaluateIsEntitledToFeature('test-feature', userEntitlementContext, {});
+
+        expect(result).toEqual(truthyEntitlementResult);
+      });
+    });
+    describe('no feature flag', () => {
+      test('feature granted with no expiration date', async () => {
+        const userEntitlementContext: UserEntitlementsContext = {
+          features: {
+            'test-feature': {
+              expireTime: NO_EXPIRATION_TIME,
+              linkedPermissions: [],
+            },
+          },
+          permissions: {},
+        };
+        const result = IsEntitledEvaluators.evaluateIsEntitledToFeature('test-feature', userEntitlementContext, {});
+
+        expect(result).toEqual(truthyEntitlementResult);
+      });
+      test('feature granted with valid expiration date', async () => {
+        const userEntitlementContext: UserEntitlementsContext = {
+          features: {
+            'test-feature': {
+              expireTime: Date.now() + 3600,
+              linkedPermissions: [],
+            },
+          },
+          permissions: {},
+        };
+        const result = IsEntitledEvaluators.evaluateIsEntitledToFeature('test-feature', userEntitlementContext, {});
+
+        expect(result).toEqual(truthyEntitlementResult);
+      });
+    });
+  });
+
+  describe('not entitled', () => {
+    describe('feature-flag evaluated falsy', () => {
+      beforeAll(async () => {
+        jest.spyOn(FeatureFlags, 'evaluateFeatureFlag').mockReturnValue({ treatment: TreatmentEnum.False });
+      });
+      test('feature has not been granted', async () => {
+        const userEntitlementContext: UserEntitlementsContext = {
+          features: {
+            'test-feature': {
+              expireTime: null,
+              linkedPermissions: [],
+            },
+          },
+          permissions: {},
+        };
+        const result = IsEntitledEvaluators.evaluateIsEntitledToFeature('test-feature', userEntitlementContext, {});
+
+        expect(result).toEqual(falsyEntitlementResultMissingFeature);
+      });
+      test('feature granted with expired expiration date', async () => {
+        const userEntitlementContext: UserEntitlementsContext = {
+          features: {
+            'test-feature': {
+              expireTime: Date.now() - 3600,
+              linkedPermissions: [],
+            },
+          },
+          permissions: {},
+        };
+        const result = IsEntitledEvaluators.evaluateIsEntitledToFeature('test-feature', userEntitlementContext, {});
+
+        expect(result).toEqual(falsyEntitlementResultBundleExpired);
+      });
+    });
+
+    describe('no feature', () => {
+      test('feature does not exist', async () => {
+        const userEntitlementContext: UserEntitlementsContext = {
+          features: {},
+          permissions: {},
+        };
+        const result = IsEntitledEvaluators.evaluateIsEntitledToFeature('test-feature', userEntitlementContext, {});
+
+        expect(result).toEqual(falsyEntitlementResultMissingFeature);
+      });
+    });
+  });
+});
+
+describe('evaluateIsEntitledToPermission', () => {
+  describe('entitled', () => {
+    test('permission granted, no linked feature/s to it', async () => {
+      const userEntitlementContext: UserEntitlementsContext = {
+        features: {},
+        permissions: { 'test.permission': true },
+      };
+      const result = IsEntitledEvaluators.evaluateIsEntitledToPermissions(
+        'test.permission',
+        userEntitlementContext,
+        {},
+      );
+
+      expect(result).toEqual(truthyEntitlementResult);
+    });
+    test('permission granted with linked feature/s, feature is entitled', async () => {
+      jest.spyOn(IsEntitledEvaluators, 'evaluateIsEntitledToFeature').mockReturnValue({ isEntitled: true });
+
+      const userEntitlementContext: UserEntitlementsContext = {
+        features: { 'test-feature': { expireTime: NO_EXPIRATION_TIME, linkedPermissions: ['test.permission'] } },
+        permissions: { 'test.permission': true },
+      };
+
+      const result = IsEntitledEvaluators.evaluateIsEntitledToPermissions(
+        'test.permission',
+        userEntitlementContext,
+        {},
+      );
+
+      expect(result).toEqual(truthyEntitlementResult);
+    });
+  });
+
+  describe('not entitled', () => {
+    test('permission not granted', async () => {
+      const userEntitlementContext: UserEntitlementsContext = {
+        features: {},
+        permissions: {},
+      };
+      const result = IsEntitledEvaluators.evaluateIsEntitledToPermissions(
+        'test.permission',
+        userEntitlementContext,
+        {},
+      );
+
+      expect(result).toEqual(falsyEntitlementResultMissingPermission);
+    });
+    test('permission granted with linked feature/s, no feature is entiteld', async () => {
+      jest
+        .spyOn(IsEntitledEvaluators, 'evaluateIsEntitledToFeature')
+        .mockReturnValue({ isEntitled: false, justification: Justification.MissingFeature });
+
+      const userEntitlementContext: UserEntitlementsContext = {
+        features: { 'test-feature': { expireTime: null, linkedPermissions: ['test.permission'] } },
+        permissions: { 'test.permission': true },
+      };
+
+      const result = IsEntitledEvaluators.evaluateIsEntitledToPermissions(
+        'test.permission',
+        userEntitlementContext,
+        {},
+      );
+
+      expect(result).toEqual(falsyEntitlementResultMissingFeature);
+    });
+    test('permission granted with linked feature/s, no feature is entiteld with expired bundle', async () => {
+      jest
+        .spyOn(IsEntitledEvaluators, 'evaluateIsEntitledToFeature')
+        .mockReturnValue({ isEntitled: false, justification: Justification.BundleExpired });
+    });
+
+    const userEntitlementContext: UserEntitlementsContext = {
+      features: { 'test-feature': { expireTime: Date.now() - 3600, linkedPermissions: ['test.permission'] } },
+      permissions: { 'test.permission': true },
+    };
+
+    const result = IsEntitledEvaluators.evaluateIsEntitledToPermissions('test.permission', userEntitlementContext, {});
+
+    expect(result).toEqual(falsyEntitlementResultBundleExpired);
+  });
+});

package/src/user-entitlements/types.ts

@@ -0,0 +1,27 @@
+import { FeatureFlag } from '../feature-flags/types';
+export type UserEntitlementsContext = {
+  features: Record<
+    string,
+    {
+      expireTime: number | null;
+      linkedPermissions: string[];
+      featureFlag?: FeatureFlag;
+    }
+  >;
+  permissions: Record<string, true>;
+};
+
+export type EntitlementResult = {
+  isEntitled: boolean;
+  justification?: Justification;
+};
+
+export enum Justification {
+  MissingFeature = 'MISSING_FEATURE',
+  MissingPermission = 'MISSING_PERMISSION',
+  BundleExpired = 'BUNDLE_EXPIRED',
+}
+
+export type Attributes = Record<string, string | number | boolean | Date>;
+
+export const NO_EXPIRATION_TIME = -1;