@gatewaystack/validatabl-core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/README.md +145 -0
  2. package/dist/decision.d.ts +42 -0
  3. package/dist/decision.d.ts.map +1 -0
  4. package/dist/decision.js +67 -0
  5. package/dist/decision.js.map +1 -0
  6. package/dist/index.d.ts +8 -0
  7. package/dist/index.d.ts.map +1 -0
  8. package/dist/index.js +10 -0
  9. package/dist/index.js.map +1 -0
  10. package/dist/permissions.d.ts +17 -0
  11. package/dist/permissions.d.ts.map +1 -0
  12. package/dist/permissions.js +68 -0
  13. package/dist/permissions.js.map +1 -0
  14. package/dist/policy.d.ts +16 -0
  15. package/dist/policy.d.ts.map +1 -0
  16. package/dist/policy.js +120 -0
  17. package/dist/policy.js.map +1 -0
  18. package/dist/protectedResource.d.ts +7 -0
  19. package/dist/protectedResource.d.ts.map +1 -0
  20. package/dist/protectedResource.js +13 -0
  21. package/dist/protectedResource.js.map +1 -0
  22. package/dist/schema.d.ts +21 -0
  23. package/dist/schema.d.ts.map +1 -0
  24. package/dist/schema.js +58 -0
  25. package/dist/schema.js.map +1 -0
  26. package/dist/scopes.d.ts +13 -0
  27. package/dist/scopes.d.ts.map +1 -0
  28. package/dist/scopes.js +27 -0
  29. package/dist/scopes.js.map +1 -0
  30. package/dist/tsconfig.tsbuildinfo +1 -0
  31. package/dist/types.d.ts +78 -0
  32. package/dist/types.d.ts.map +1 -0
  33. package/dist/types.js +3 -0
  34. package/dist/types.js.map +1 -0
  35. package/package.json +24 -0
package/README.md ADDED
@@ -0,0 +1,145 @@
1
+ # @gatewaystack/validatabl-core
2
+
3
+ Framework-agnostic policy engine for AI gateway authorization. Deny-by-default, scope/role/permission checking, policy rules with conditions, and input schema validation.
4
+
5
+ `@gatewaystack/validatabl-core` is the low-level engine behind [@gatewaystack/validatabl](https://www.npmjs.com/package/@gatewaystack/validatabl). Use it directly when you need policy evaluation without Express.
6
+
7
+ ## Installation
8
+
9
+ ```bash
10
+ npm install @gatewaystack/validatabl-core
11
+ ```
12
+
13
+ ## Features
14
+
15
+ - **Deny-by-default** policy engine with priority-ordered rules
16
+ - **Permission checking** — verify scopes, permissions, and roles from JWT claims
17
+ - **Policy rules** with conditions (equals, contains, in, matches, exists)
18
+ - **Input schema validation** — type and required-field checking
19
+ - **Unified `decision()` function** — runs all checks in sequence, fails fast
20
+
21
+ ## Quick Start
22
+
23
+ ### Check permissions
24
+
25
+ ```ts
26
+ import { checkPermissions } from "@gatewaystack/validatabl-core";
27
+
28
+ const claims = {
29
+ scope: "tool:read tool:write",
30
+ permissions: ["admin"],
31
+ roles: ["editor"],
32
+ };
33
+
34
+ const result = checkPermissions(claims, ["tool:write", "admin"]);
35
+ // { allowed: true, missing: [], reason: "All permissions granted" }
36
+ ```
37
+
38
+ ### Evaluate policies
39
+
40
+ ```ts
41
+ import { applyPolicies } from "@gatewaystack/validatabl-core";
42
+
43
+ const policySet = {
44
+ defaultEffect: "deny" as const,
45
+ rules: [
46
+ {
47
+ id: "allow-read-tools",
48
+ effect: "allow" as const,
49
+ priority: 10,
50
+ conditions: [
51
+ { field: "scope", operator: "contains" as const, value: "tool:read" },
52
+ ],
53
+ },
54
+ {
55
+ id: "block-gpt4-for-free",
56
+ effect: "deny" as const,
57
+ priority: 5,
58
+ conditions: [
59
+ { field: "model", operator: "equals" as const, value: "gpt-4" },
60
+ { field: "identity.plan", operator: "equals" as const, value: "free" },
61
+ ],
62
+ reason: "GPT-4 requires a paid plan",
63
+ },
64
+ ],
65
+ };
66
+
67
+ const result = applyPolicies(policySet, {
68
+ identity: { sub: "user1", scope: "tool:read" },
69
+ tool: "search",
70
+ });
71
+ // { allowed: true, matchedRule: { id: "allow-read-tools", ... }, ... }
72
+ ```
73
+
74
+ ### Unified decision
75
+
76
+ ```ts
77
+ import { decision } from "@gatewaystack/validatabl-core";
78
+
79
+ const result = decision(
80
+ { identity: { sub: "user1", scope: "tool:read tool:write" }, tool: "search" },
81
+ {
82
+ requiredPermissions: ["tool:read"],
83
+ policies: policySet,
84
+ inputSchema: {
85
+ type: "object",
86
+ required: ["query"],
87
+ },
88
+ }
89
+ );
90
+ // Runs permission check, then policy evaluation, then schema validation
91
+ // Returns { allowed: boolean, reason: string, checks: { ... } }
92
+ ```
93
+
94
+ ## API
95
+
96
+ ### `checkPermissions(claims, required)`
97
+
98
+ Check that the identity has ALL required permissions. Merges scopes, permissions, and roles.
99
+
100
+ ### `checkAnyPermission(claims, anyOf)`
101
+
102
+ Check that the identity has at least ONE of the specified permissions.
103
+
104
+ ### `applyPolicies(policySet, request)`
105
+
106
+ Evaluate a policy set against a request. Rules sorted by priority (lowest first). First match wins. Deny by default if no rules match.
107
+
108
+ **Condition operators:**
109
+ | Operator | Description |
110
+ |----------|-------------|
111
+ | `equals` | Exact match |
112
+ | `contains` | Field (string or array) contains the value |
113
+ | `in` | Field value is in the provided array |
114
+ | `matches` | Field matches a regex pattern |
115
+ | `exists` | Field is present (or absent if `value: false`) |
116
+
117
+ **Field resolution** supports shorthand (`scope`, `sub`, `tool`, `model`) and dotted paths (`identity.org_id`).
118
+
119
+ ### `checkSchema(input, schema)`
120
+
121
+ Validate input against a simple schema (type checking, required fields).
122
+
123
+ ### `decision(request, options)`
124
+
125
+ Unified entry point. Runs checks in order and returns on first failure:
126
+ 1. Permission check
127
+ 2. Policy evaluation
128
+ 3. Schema validation
129
+
130
+ ### Scope Utilities
131
+
132
+ ```ts
133
+ hasScope(claims, "tool:read") // boolean
134
+ getScopeStringFromClaims(claims) // "tool:read tool:write"
135
+ ```
136
+
137
+ ## Related Packages
138
+
139
+ - [@gatewaystack/validatabl](https://www.npmjs.com/package/@gatewaystack/validatabl) — Express middleware wrapper
140
+ - [@gatewaystack/identifiabl-core](https://www.npmjs.com/package/@gatewaystack/identifiabl-core) — JWT identity (provides the claims)
141
+ - [@gatewaystack/limitabl-core](https://www.npmjs.com/package/@gatewaystack/limitabl-core) — Rate limiting and budget tracking
142
+
143
+ ## License
144
+
145
+ MIT
package/dist/decision.d.ts ADDED
@@ -0,0 +1,42 @@
1
+ import type { PolicySet, PolicyRequest, PolicyDecision, PermissionCheckResult, SchemaValidationResult } from "./types.js";
2
+ import { type SimpleSchema } from "./schema.js";
3
+ /** Full validation result combining all checks. */
4
+ export interface ValidationDecision {
5
+ /** Whether the request should proceed. */
6
+ allowed: boolean;
7
+ /** Summary reason for the decision. */
8
+ reason: string;
9
+ /** Individual check results. */
10
+ checks: {
11
+ permissions?: PermissionCheckResult;
12
+ policy?: PolicyDecision;
13
+ schema?: SchemaValidationResult;
14
+ };
15
+ }
16
+ /** Options for the decision function. */
17
+ export interface DecisionOptions {
18
+ /** Required permissions (all must be present). */
19
+ requiredPermissions?: string[];
20
+ /** Policy set to evaluate. */
21
+ policies?: PolicySet;
22
+ /** Schema to validate the input against. */
23
+ inputSchema?: SimpleSchema;
24
+ }
25
+ /**
26
+ * Unified entry point for validatabl.
27
+ *
28
+ * Runs all configured checks in order:
29
+ * 1. Permission check (are the required scopes/permissions present?)
30
+ * 2. Policy evaluation (does a policy rule allow or deny this request?)
31
+ * 3. Schema validation (does the input match the expected shape?)
32
+ *
33
+ * Returns denied on the first failure. All checks are optional —
34
+ * if no checks are configured, the request is allowed.
35
+ *
36
+ * FUTURE WORK:
37
+ * - checkSafety integration (depends on transformabl classification output)
38
+ * When transformabl adds safety labels to the request context, validatabl
39
+ * will be able to enforce policies based on content risk level.
40
+ */
41
+ export declare function decision(request: PolicyRequest, options: DecisionOptions): ValidationDecision;
42
+ //# sourceMappingURL=decision.d.ts.map
package/dist/decision.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"decision.d.ts","sourceRoot":"","sources":["../src/decision.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EACV,SAAS,EACT,aAAa,EACb,cAAc,EACd,qBAAqB,EACrB,sBAAsB,EACvB,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAe,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AAE7D,mDAAmD;AACnD,MAAM,WAAW,kBAAkB;IACjC,0CAA0C;IAC1C,OAAO,EAAE,OAAO,CAAC;IACjB,uCAAuC;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,gCAAgC;IAChC,MAAM,EAAE;QACN,WAAW,CAAC,EAAE,qBAAqB,CAAC;QACpC,MAAM,CAAC,EAAE,cAAc,CAAC;QACxB,MAAM,CAAC,EAAE,sBAAsB,CAAC;KACjC,CAAC;CACH;AAED,yCAAyC;AACzC,MAAM,WAAW,eAAe;IAC9B,kDAAkD;IAClD,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,8BAA8B;IAC9B,QAAQ,CAAC,EAAE,SAAS,CAAC;IACrB,4CAA4C;IAC5C,WAAW,CAAC,EAAE,YAAY,CAAC;CAC5B;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,QAAQ,CACtB,OAAO,EAAE,aAAa,EACtB,OAAO,EAAE,eAAe,GACvB,kBAAkB,CAkDpB"}
package/dist/decision.js ADDED
@@ -0,0 +1,67 @@
1
+ // packages/validatabl-core/src/decision.ts
2
+ //
3
+ // decision: the unified entry point that orchestrates all validation checks.
4
+ import { checkPermissions } from "./permissions.js";
5
+ import { applyPolicies } from "./policy.js";
6
+ import { checkSchema } from "./schema.js";
7
+ /**
8
+ * Unified entry point for validatabl.
9
+ *
10
+ * Runs all configured checks in order:
11
+ * 1. Permission check (are the required scopes/permissions present?)
12
+ * 2. Policy evaluation (does a policy rule allow or deny this request?)
13
+ * 3. Schema validation (does the input match the expected shape?)
14
+ *
15
+ * Returns denied on the first failure. All checks are optional —
16
+ * if no checks are configured, the request is allowed.
17
+ *
18
+ * FUTURE WORK:
19
+ * - checkSafety integration (depends on transformabl classification output)
20
+ * When transformabl adds safety labels to the request context, validatabl
21
+ * will be able to enforce policies based on content risk level.
22
+ */
23
+ export function decision(request, options) {
24
+ const checks = {};
25
+ // 1. Permission check
26
+ if (options.requiredPermissions && options.requiredPermissions.length > 0) {
27
+ const permResult = checkPermissions(request.identity, options.requiredPermissions);
28
+ checks.permissions = permResult;
29
+ if (!permResult.allowed) {
30
+ return {
31
+ allowed: false,
32
+ reason: permResult.reason,
33
+ checks,
34
+ };
35
+ }
36
+ }
37
+ // 2. Policy evaluation
38
+ if (options.policies) {
39
+ const policyResult = applyPolicies(options.policies, request);
40
+ checks.policy = policyResult;
41
+ if (!policyResult.allowed) {
42
+ return {
43
+ allowed: false,
44
+ reason: policyResult.reason,
45
+ checks,
46
+ };
47
+ }
48
+ }
49
+ // 3. Schema validation
50
+ if (options.inputSchema && request.input !== undefined) {
51
+ const schemaResult = checkSchema(request.input, options.inputSchema);
52
+ checks.schema = schemaResult;
53
+ if (!schemaResult.valid) {
54
+ return {
55
+ allowed: false,
56
+ reason: `Schema validation failed: ${schemaResult.errors.join("; ")}`,
57
+ checks,
58
+ };
59
+ }
60
+ }
61
+ return {
62
+ allowed: true,
63
+ reason: "All checks passed",
64
+ checks,
65
+ };
66
+ }
67
+ //# sourceMappingURL=decision.js.map
package/dist/decision.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"decision.js","sourceRoot":"","sources":["../src/decision.ts"],"names":[],"mappings":"AAAA,2CAA2C;AAC3C,EAAE;AACF,6EAA6E;AAS7E,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAqB,MAAM,aAAa,CAAC;AA0B7D;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,QAAQ,CACtB,OAAsB,EACtB,OAAwB;IAExB,MAAM,MAAM,GAAiC,EAAE,CAAC;IAEhD,sBAAsB;IACtB,IAAI,OAAO,CAAC,mBAAmB,IAAI,OAAO,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1E,MAAM,UAAU,GAAG,gBAAgB,CACjC,OAAO,CAAC,QAAQ,EAChB,OAAO,CAAC,mBAAmB,CAC5B,CAAC;QACF,MAAM,CAAC,WAAW,GAAG,UAAU,CAAC;QAChC,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;YACxB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,UAAU,CAAC,MAAM;gBACzB,MAAM;aACP,CAAC;QACJ,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,MAAM,YAAY,GAAG,aAAa,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9D,MAAM,CAAC,MAAM,GAAG,YAAY,CAAC;QAC7B,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;YAC1B,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,YAAY,CAAC,MAAM;gBAC3B,MAAM;aACP,CAAC;QACJ,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QACvD,MAAM,YAAY,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;QACrE,MAAM,CAAC,MAAM,GAAG,YAAY,CAAC;QAC7B,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;YACxB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,6BAA6B,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBACrE,MAAM;aACP,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,mBAAmB;QAC3B,MAAM;KACP,CAAC;AACJ,CAAC"}
package/dist/index.d.ts ADDED
@@ -0,0 +1,8 @@
1
+ export * from "./scopes.js";
2
+ export * from "./policy.js";
3
+ export * from "./schema.js";
4
+ export * from "./permissions.js";
5
+ export * from "./decision.js";
6
+ export * from "./protectedResource.js";
7
+ export type * from "./types.js";
8
+ //# sourceMappingURL=index.d.ts.map
package/dist/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,cAAc,wBAAwB,CAAC;AACvC,mBAAmB,YAAY,CAAC"}
package/dist/index.js ADDED
@@ -0,0 +1,10 @@
1
+ // packages/validatabl-core/src/index.ts
2
+ //
3
+ // Pure policy evaluation logic. No Express, no HTTP.
4
+ export * from "./scopes.js";
5
+ export * from "./policy.js";
6
+ export * from "./schema.js";
7
+ export * from "./permissions.js";
8
+ export * from "./decision.js";
9
+ export * from "./protectedResource.js";
10
+ //# sourceMappingURL=index.js.map
package/dist/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,wCAAwC;AACxC,EAAE;AACF,qDAAqD;AAErD,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,cAAc,wBAAwB,CAAC"}
package/dist/permissions.d.ts ADDED
@@ -0,0 +1,17 @@
1
+ import type { IdentityClaims, PermissionCheckResult } from "./types.js";
2
+ /**
3
+ * Check whether an identity has ALL the required permissions.
4
+ *
5
+ * Permissions are drawn from:
6
+ * - `scope` claim (space-delimited string or array)
7
+ * - `permissions` claim (array, used by Auth0 RBAC)
8
+ * - `roles` claim (array)
9
+ *
10
+ * All sources are merged and deduplicated.
11
+ */
12
+ export declare function checkPermissions(claims: IdentityClaims, required: string[]): PermissionCheckResult;
13
+ /**
14
+ * Check whether an identity has ANY of the specified permissions.
15
+ */
16
+ export declare function checkAnyPermission(claims: IdentityClaims, anyOf: string[]): PermissionCheckResult;
17
+ //# sourceMappingURL=permissions.d.ts.map
package/dist/permissions.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAGxE;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,cAAc,EACtB,QAAQ,EAAE,MAAM,EAAE,GACjB,qBAAqB,CAiBvB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,cAAc,EACtB,KAAK,EAAE,MAAM,EAAE,GACd,qBAAqB,CAiBvB"}
package/dist/permissions.js ADDED
@@ -0,0 +1,68 @@
1
+ // packages/validatabl-core/src/permissions.ts
2
+ //
3
+ // checkPermissions: verifies user/agent access to specific models, tools, or operations.
4
+ import { getScopeStringFromClaims } from "./scopes.js";
5
+ /**
6
+ * Check whether an identity has ALL the required permissions.
7
+ *
8
+ * Permissions are drawn from:
9
+ * - `scope` claim (space-delimited string or array)
10
+ * - `permissions` claim (array, used by Auth0 RBAC)
11
+ * - `roles` claim (array)
12
+ *
13
+ * All sources are merged and deduplicated.
14
+ */
15
+ export function checkPermissions(claims, required) {
16
+ if (required.length === 0) {
17
+ return { allowed: true, missing: [], reason: "No permissions required" };
18
+ }
19
+ const granted = getAllGrants(claims);
20
+ const missing = required.filter((r) => !granted.has(r));
21
+ if (missing.length === 0) {
22
+ return { allowed: true, missing: [], reason: "All permissions granted" };
23
+ }
24
+ return {
25
+ allowed: false,
26
+ missing,
27
+ reason: `Missing permissions: ${missing.join(", ")}`,
28
+ };
29
+ }
30
+ /**
31
+ * Check whether an identity has ANY of the specified permissions.
32
+ */
33
+ export function checkAnyPermission(claims, anyOf) {
34
+ if (anyOf.length === 0) {
35
+ return { allowed: true, missing: [], reason: "No permissions required" };
36
+ }
37
+ const granted = getAllGrants(claims);
38
+ const hasAny = anyOf.some((p) => granted.has(p));
39
+ if (hasAny) {
40
+ return { allowed: true, missing: [], reason: "Has required permission" };
41
+ }
42
+ return {
43
+ allowed: false,
44
+ missing: anyOf,
45
+ reason: `Requires one of: ${anyOf.join(", ")}`,
46
+ };
47
+ }
48
+ /** Merge all grant sources into a single Set. */
49
+ function getAllGrants(claims) {
50
+ const grants = new Set();
51
+ // Scopes
52
+ const scopeStr = getScopeStringFromClaims(claims);
53
+ for (const s of scopeStr.split(" ").filter(Boolean)) {
54
+ grants.add(s);
55
+ }
56
+ // Permissions (Auth0 RBAC style)
57
+ if (Array.isArray(claims.permissions)) {
58
+ for (const p of claims.permissions)
59
+ grants.add(p);
60
+ }
61
+ // Roles
62
+ if (Array.isArray(claims.roles)) {
63
+ for (const r of claims.roles)
64
+ grants.add(r);
65
+ }
66
+ return grants;
67
+ }
68
+ //# sourceMappingURL=permissions.js.map
package/dist/permissions.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"permissions.js","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AAAA,8CAA8C;AAC9C,EAAE;AACF,yFAAyF;AAGzF,OAAO,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AAEvD;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAC9B,MAAsB,EACtB,QAAkB;IAElB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;IAC3E,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACrC,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAExD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;IAC3E,CAAC;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,OAAO;QACP,MAAM,EAAE,wBAAwB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;KACrD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAChC,MAAsB,EACtB,KAAe;IAEf,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;IAC3E,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAEjD,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;IAC3E,CAAC;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,OAAO,EAAE,KAAK;QACd,MAAM,EAAE,oBAAoB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;KAC/C,CAAC;AACJ,CAAC;AAED,iDAAiD;AACjD,SAAS,YAAY,CAAC,MAAsB;IAC1C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjC,SAAS;IACT,MAAM,QAAQ,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;IAClD,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QACpD,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAChB,CAAC;IAED,iCAAiC;IACjC,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;QACtC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,WAAW;YAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACpD,CAAC;IAED,QAAQ;IACR,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAChC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,KAAK;YAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC9C,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
package/dist/policy.d.ts ADDED
@@ -0,0 +1,16 @@
1
+ import type { PolicyDecision, PolicySet, PolicyRequest } from "./types.js";
2
+ /**
3
+ * Evaluate a policy set against a request.
4
+ *
5
+ * Rules are sorted by priority (ascending). The first matching rule wins.
6
+ * If no rule matches, the default effect is applied (deny by default).
7
+ *
8
+ * FUTURE WORK:
9
+ * - YAML policy file loading (currently JSON only)
10
+ * - Compiled evaluation trees for high-throughput scenarios
11
+ * - Caching of decisions per (user, model, tool, scope) tuple with configurable TTL
12
+ * - Modification actions (strip fields, downgrade model, reduce token limits)
13
+ * beyond simple allow/deny
14
+ */
15
+ export declare function applyPolicies(policySet: PolicySet, request: PolicyRequest): PolicyDecision;
16
+ //# sourceMappingURL=policy.d.ts.map
package/dist/policy.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../src/policy.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAGV,cAAc,EACd,SAAS,EACT,aAAa,EACd,MAAM,YAAY,CAAC;AAGpB;;;;;;;;;;;;GAYG;AACH,wBAAgB,aAAa,CAC3B,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,aAAa,GACrB,cAAc,CAuBhB"}
package/dist/policy.js ADDED
@@ -0,0 +1,120 @@
1
+ // packages/validatabl-core/src/policy.ts
2
+ //
3
+ // applyPolicies: evaluate a policy set against a request.
4
+ // Deny-by-default. Rules evaluated in priority order (lowest number first).
5
+ import { getScopeStringFromClaims } from "./scopes.js";
6
+ /**
7
+ * Evaluate a policy set against a request.
8
+ *
9
+ * Rules are sorted by priority (ascending). The first matching rule wins.
10
+ * If no rule matches, the default effect is applied (deny by default).
11
+ *
12
+ * FUTURE WORK:
13
+ * - YAML policy file loading (currently JSON only)
14
+ * - Compiled evaluation trees for high-throughput scenarios
15
+ * - Caching of decisions per (user, model, tool, scope) tuple with configurable TTL
16
+ * - Modification actions (strip fields, downgrade model, reduce token limits)
17
+ * beyond simple allow/deny
18
+ */
19
+ export function applyPolicies(policySet, request) {
20
+ const sorted = [...policySet.rules].sort((a, b) => (a.priority ?? 100) - (b.priority ?? 100));
21
+ for (const rule of sorted) {
22
+ if (matchesAllConditions(rule.conditions, request)) {
23
+ return {
24
+ allowed: rule.effect === "allow",
25
+ matchedRule: rule,
26
+ reason: rule.reason ?? `Matched rule: ${rule.id} (${rule.effect})`,
27
+ evaluatedCount: sorted.indexOf(rule) + 1,
28
+ };
29
+ }
30
+ }
31
+ const defaultEffect = policySet.defaultEffect ?? "deny";
32
+ return {
33
+ allowed: defaultEffect === "allow",
34
+ matchedRule: undefined,
35
+ reason: `No rules matched; default: ${defaultEffect}`,
36
+ evaluatedCount: sorted.length,
37
+ };
38
+ }
39
+ function matchesAllConditions(conditions, request) {
40
+ return conditions.every((c) => matchesCondition(c, request));
41
+ }
42
+ function matchesCondition(condition, request) {
43
+ const fieldValue = resolveField(condition.field, request);
44
+ switch (condition.operator) {
45
+ case "equals":
46
+ return fieldValue === condition.value;
47
+ case "contains": {
48
+ // fieldValue is a space-delimited string or array; check if it contains the target
49
+ if (typeof fieldValue === "string") {
50
+ return fieldValue.split(" ").includes(String(condition.value));
51
+ }
52
+ if (Array.isArray(fieldValue)) {
53
+ return fieldValue.includes(condition.value);
54
+ }
55
+ return false;
56
+ }
57
+ case "in": {
58
+ // value is an array; check if fieldValue is in it
59
+ if (Array.isArray(condition.value)) {
60
+ return condition.value.includes(String(fieldValue));
61
+ }
62
+ return false;
63
+ }
64
+ case "matches": {
65
+ // value is a regex pattern
66
+ if (typeof fieldValue !== "string" || typeof condition.value !== "string") {
67
+ return false;
68
+ }
69
+ try {
70
+ return new RegExp(condition.value).test(fieldValue);
71
+ }
72
+ catch {
73
+ return false;
74
+ }
75
+ }
76
+ case "exists":
77
+ return condition.value
78
+ ? fieldValue !== undefined && fieldValue !== null
79
+ : fieldValue === undefined || fieldValue === null;
80
+ default:
81
+ return false;
82
+ }
83
+ }
84
+ /**
85
+ * Resolve a field name to a value from the request context.
86
+ * Supports dotted paths like "identity.org_id".
87
+ */
88
+ function resolveField(field, request) {
89
+ // Shorthand fields
90
+ switch (field) {
91
+ case "scope":
92
+ return getScopeStringFromClaims(request.identity);
93
+ case "permission":
94
+ case "permissions":
95
+ return request.identity.permissions ?? [];
96
+ case "role":
97
+ case "roles":
98
+ return request.identity.roles ?? [];
99
+ case "org_id":
100
+ return request.identity.org_id;
101
+ case "sub":
102
+ return request.identity.sub;
103
+ case "tool":
104
+ return request.tool;
105
+ case "model":
106
+ return request.model;
107
+ }
108
+ // Dotted path traversal
109
+ const parts = field.split(".");
110
+ let current = request;
111
+ for (const part of parts) {
112
+ if (current === null || current === undefined)
113
+ return undefined;
114
+ if (typeof current !== "object")
115
+ return undefined;
116
+ current = current[part];
117
+ }
118
+ return current;
119
+ }
120
+ //# sourceMappingURL=policy.js.map
package/dist/policy.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"policy.js","sourceRoot":"","sources":["../src/policy.ts"],"names":[],"mappings":"AAAA,yCAAyC;AACzC,EAAE;AACF,0DAA0D;AAC1D,4EAA4E;AAS5E,OAAO,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AAEvD;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,aAAa,CAC3B,SAAoB,EACpB,OAAsB;IAEtB,MAAM,MAAM,GAAG,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,IAAI,CACtC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC,CACpD,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;QAC1B,IAAI,oBAAoB,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,EAAE,CAAC;YACnD,OAAO;gBACL,OAAO,EAAE,IAAI,CAAC,MAAM,KAAK,OAAO;gBAChC,WAAW,EAAE,IAAI;gBACjB,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,iBAAiB,IAAI,CAAC,EAAE,KAAK,IAAI,CAAC,MAAM,GAAG;gBAClE,cAAc,EAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;aACzC,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,SAAS,CAAC,aAAa,IAAI,MAAM,CAAC;IACxD,OAAO;QACL,OAAO,EAAE,aAAa,KAAK,OAAO;QAClC,WAAW,EAAE,SAAS;QACtB,MAAM,EAAE,8BAA8B,aAAa,EAAE;QACrD,cAAc,EAAE,MAAM,CAAC,MAAM;KAC9B,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAC3B,UAA6B,EAC7B,OAAsB;IAEtB,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,SAAS,gBAAgB,CACvB,SAA0B,EAC1B,OAAsB;IAEtB,MAAM,UAAU,GAAG,YAAY,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAE1D,QAAQ,SAAS,CAAC,QAAQ,EAAE,CAAC;QAC3B,KAAK,QAAQ;YACX,OAAO,UAAU,KAAK,SAAS,CAAC,KAAK,CAAC;QAExC,KAAK,UAAU,CAAC,CAAC,CAAC;YAChB,mFAAmF;YACnF,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;gBACnC,OAAO,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;YACjE,CAAC;YACD,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9B,OAAO,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;YAC9C,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,KAAK,IAAI,CAAC,CAAC,CAAC;YACV,kDAAkD;YAClD,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;gBACnC,OAAO,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;YACtD,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,KAAK,SAAS,CAAC,CAAC,CAAC;YACf,2BAA2B;YAC3B,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,OAAO,SAAS,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC1E,OAAO,KAAK,CAAC;YACf,CAAC;YACD,IAAI,CAAC;gBACH,OAAO,IAAI,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACtD,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,KAAK,QAAQ;YACX,OAAO,SAAS,CAAC,KAAK;gBACpB,CAAC,CAAC,UAAU,KAAK,SAAS,IAAI,UAAU,KAAK,IAAI;gBACjD,CAAC,CAAC,UAAU,KAAK,SAAS,IAAI,UAAU,KAAK,IAAI,CAAC;QAEtD;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,YAAY,CAAC,KAAa,EAAE,OAAsB;IACzD,mBAAmB;IACnB,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,OAAO;YACV,OAAO,wBAAwB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACpD,KAAK,YAAY,CAAC;QAClB,KAAK,aAAa;YAChB,OAAO,OAAO,CAAC,QAAQ,CAAC,WAAW,IAAI,EAAE,CAAC;QAC5C,KAAK,MAAM,CAAC;QACZ,KAAK,OAAO;YACV,OAAO,OAAO,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC;QACtC,KAAK,QAAQ;YACX,OAAO,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;QACjC,KAAK,KAAK;YACR,OAAO,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QAC9B,KAAK,MAAM;YACT,OAAO,OAAO,CAAC,IAAI,CAAC;QACtB,KAAK,OAAO;YACV,OAAO,OAAO,CAAC,KAAK,CAAC;IACzB,CAAC;IAED,wBAAwB;IACxB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,OAAO,GAAY,OAAO,CAAC;IAC/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,SAAS;YAAE,OAAO,SAAS,CAAC;QAChE,IAAI,OAAO,OAAO,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QAClD,OAAO,GAAI,OAAmC,CAAC,IAAI,CAAC,CAAC;IACvD,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC"}
package/dist/protectedResource.d.ts ADDED
@@ -0,0 +1,7 @@
1
+ export interface ProtectedResourceConfig {
2
+ issuer: string;
3
+ audience?: string;
4
+ scopes: string[];
5
+ }
6
+ export declare function buildProtectedResourcePayload(cfg: ProtectedResourceConfig): Record<string, unknown>;
7
+ //# sourceMappingURL=protectedResource.d.ts.map
package/dist/protectedResource.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"protectedResource.d.ts","sourceRoot":"","sources":["../src/protectedResource.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,wBAAgB,6BAA6B,CAAC,GAAG,EAAE,uBAAuB,2BAOzE"}
package/dist/protectedResource.js ADDED
@@ -0,0 +1,13 @@
1
+ // packages/validatabl-core/src/protectedResource.ts
2
+ //
3
+ // Moved from the old index.ts location for better organization.
4
+ export function buildProtectedResourcePayload(cfg) {
5
+ const payload = {
6
+ authorization_servers: [cfg.issuer],
7
+ scopes_supported: cfg.scopes,
8
+ };
9
+ if (cfg.audience)
10
+ payload.resource = cfg.audience;
11
+ return payload;
12
+ }
13
+ //# sourceMappingURL=protectedResource.js.map
package/dist/protectedResource.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"protectedResource.js","sourceRoot":"","sources":["../src/protectedResource.ts"],"names":[],"mappings":"AAAA,oDAAoD;AACpD,EAAE;AACF,gEAAgE;AAQhE,MAAM,UAAU,6BAA6B,CAAC,GAA4B;IACxE,MAAM,OAAO,GAA4B;QACvC,qBAAqB,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC;QACnC,gBAAgB,EAAE,GAAG,CAAC,MAAM;KAC7B,CAAC;IACF,IAAI,GAAG,CAAC,QAAQ;QAAE,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;IAClD,OAAO,OAAO,CAAC;AACjB,CAAC"}
package/dist/schema.d.ts ADDED
@@ -0,0 +1,21 @@
1
+ import type { SchemaValidationResult } from "./types.js";
2
+ /**
3
+ * Validate an input payload against a JSON Schema-like descriptor.
4
+ *
5
+ * This is a lightweight validator for common cases. For full JSON Schema
6
+ * validation, use Ajv in the consuming application. This covers:
7
+ * - required fields
8
+ * - type checking (string, number, boolean, object, array)
9
+ * - enum values
10
+ */
11
+ export declare function checkSchema(input: unknown, schema: SimpleSchema): SchemaValidationResult;
12
+ /** Simplified JSON Schema type for lightweight validation. */
13
+ export interface SimplePropertySchema {
14
+ type?: "string" | "number" | "boolean" | "object" | "array";
15
+ enum?: (string | number)[];
16
+ }
17
+ export interface SimpleSchema extends SimplePropertySchema {
18
+ required?: string[];
19
+ properties?: Record<string, SimplePropertySchema>;
20
+ }
21
+ //# sourceMappingURL=schema.d.ts.map
package/dist/schema.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../src/schema.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,YAAY,CAAC;AAEzD;;;;;;;;GAQG;AACH,wBAAgB,WAAW,CACzB,KAAK,EAAE,OAAO,EACd,MAAM,EAAE,YAAY,GACnB,sBAAsB,CAkCxB;AAuBD,8DAA8D;AAC9D,MAAM,WAAW,oBAAoB;IACnC,IAAI,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,CAAC;IAC5D,IAAI,CAAC,EAAE,CAAC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,YAAa,SAAQ,oBAAoB;IACxD,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;CACnD"}
package/dist/schema.js ADDED
@@ -0,0 +1,58 @@
1
+ // packages/validatabl-core/src/schema.ts
2
+ //
3
+ // checkSchema: ensures tool calls and payloads conform to expected structures.
4
+ // Uses a simple JSON Schema subset (no external dependencies).
5
+ /**
6
+ * Validate an input payload against a JSON Schema-like descriptor.
7
+ *
8
+ * This is a lightweight validator for common cases. For full JSON Schema
9
+ * validation, use Ajv in the consuming application. This covers:
10
+ * - required fields
11
+ * - type checking (string, number, boolean, object, array)
12
+ * - enum values
13
+ */
14
+ export function checkSchema(input, schema) {
15
+ const errors = [];
16
+ if (schema.type === "object") {
17
+ if (typeof input !== "object" || input === null || Array.isArray(input)) {
18
+ return { valid: false, errors: ["Expected an object"] };
19
+ }
20
+ const obj = input;
21
+ // Check required fields
22
+ if (schema.required) {
23
+ for (const field of schema.required) {
24
+ if (!(field in obj) || obj[field] === undefined) {
25
+ errors.push(`Missing required field: ${field}`);
26
+ }
27
+ }
28
+ }
29
+ // Check property types
30
+ if (schema.properties) {
31
+ for (const [key, propSchema] of Object.entries(schema.properties)) {
32
+ if (key in obj && obj[key] !== undefined) {
33
+ const propErrors = validateValue(obj[key], propSchema, key);
34
+ errors.push(...propErrors);
35
+ }
36
+ }
37
+ }
38
+ }
39
+ else {
40
+ const topErrors = validateValue(input, schema, "input");
41
+ errors.push(...topErrors);
42
+ }
43
+ return { valid: errors.length === 0, errors };
44
+ }
45
+ function validateValue(value, schema, path) {
46
+ const errors = [];
47
+ if (schema.type) {
48
+ const actual = Array.isArray(value) ? "array" : typeof value;
49
+ if (actual !== schema.type) {
50
+ errors.push(`${path}: expected ${schema.type}, got ${actual}`);
51
+ }
52
+ }
53
+ if (schema.enum && !schema.enum.includes(value)) {
54
+ errors.push(`${path}: must be one of [${schema.enum.join(", ")}]`);
55
+ }
56
+ return errors;
57
+ }
58
+ //# sourceMappingURL=schema.js.map
package/dist/schema.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"schema.js","sourceRoot":"","sources":["../src/schema.ts"],"names":[],"mappings":"AAAA,yCAAyC;AACzC,EAAE;AACF,+EAA+E;AAC/E,+DAA+D;AAI/D;;;;;;;;GAQG;AACH,MAAM,UAAU,WAAW,CACzB,KAAc,EACd,MAAoB;IAEpB,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACxE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,oBAAoB,CAAC,EAAE,CAAC;QAC1D,CAAC;QAED,MAAM,GAAG,GAAG,KAAgC,CAAC;QAE7C,wBAAwB;QACxB,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpC,IAAI,CAAC,CAAC,KAAK,IAAI,GAAG,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,KAAK,SAAS,EAAE,CAAC;oBAChD,MAAM,CAAC,IAAI,CAAC,2BAA2B,KAAK,EAAE,CAAC,CAAC;gBAClD,CAAC;YACH,CAAC;QACH,CAAC;QAED,uBAAuB;QACvB,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YACtB,KAAK,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;gBAClE,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;oBACzC,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;oBAC5D,MAAM,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;gBAC7B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,SAAS,GAAG,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QACxD,MAAM,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,CAAC;IAC5B,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;AAChD,CAAC;AAED,SAAS,aAAa,CACpB,KAAc,EACd,MAA4B,EAC5B,IAAY;IAEZ,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QAChB,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,KAAK,CAAC;QAC7D,IAAI,MAAM,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,cAAc,MAAM,CAAC,IAAI,SAAS,MAAM,EAAE,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAe,CAAC,EAAE,CAAC;QAC1D,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,qBAAqB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACrE,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
package/dist/scopes.d.ts ADDED
@@ -0,0 +1,13 @@
1
+ export interface ScopeClaims {
2
+ scope?: string | string[];
3
+ scopes?: string[];
4
+ }
5
+ /**
6
+ * Normalize scopes from various JWT claim shapes into a single space-delimited string.
7
+ */
8
+ export declare function getScopeStringFromClaims(claims: ScopeClaims): string;
9
+ /**
10
+ * Check whether a given scope is present in the user's scopes.
11
+ */
12
+ export declare function hasScope(claims: ScopeClaims, scope: string): boolean;
13
+ //# sourceMappingURL=scopes.d.ts.map
package/dist/scopes.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scopes.d.ts","sourceRoot":"","sources":["../src/scopes.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,WAAW;IAC1B,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAWpE;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,MAAM,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAKpE"}
package/dist/scopes.js ADDED
@@ -0,0 +1,27 @@
1
+ // packages/validatabl-core/src/scopes.ts
2
+ /**
3
+ * Normalize scopes from various JWT claim shapes into a single space-delimited string.
4
+ */
5
+ export function getScopeStringFromClaims(claims) {
6
+ if (typeof claims.scope === "string") {
7
+ return claims.scope;
8
+ }
9
+ if (Array.isArray(claims.scope)) {
10
+ return claims.scope.join(" ");
11
+ }
12
+ if (Array.isArray(claims.scopes)) {
13
+ return claims.scopes.join(" ");
14
+ }
15
+ return "";
16
+ }
17
+ /**
18
+ * Check whether a given scope is present in the user's scopes.
19
+ */
20
+ export function hasScope(claims, scope) {
21
+ const s = getScopeStringFromClaims(claims);
22
+ if (!s)
23
+ return false;
24
+ const pattern = new RegExp(`(^|\\s)${scope}(\\s|$)`);
25
+ return pattern.test(s);
26
+ }
27
+ //# sourceMappingURL=scopes.js.map
package/dist/scopes.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scopes.js","sourceRoot":"","sources":["../src/scopes.ts"],"names":[],"mappings":"AAAA,yCAAyC;AAOzC;;GAEG;AACH,MAAM,UAAU,wBAAwB,CAAC,MAAmB;IAC1D,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACrC,OAAO,MAAM,CAAC,KAAK,CAAC;IACtB,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAChC,OAAO,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QACjC,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ,CAAC,MAAmB,EAAE,KAAa;IACzD,MAAM,CAAC,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;IAC3C,IAAI,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IACrB,MAAM,OAAO,GAAG,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC;IACrD,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACzB,CAAC"}
package/dist/tsconfig.tsbuildinfo ADDED
@@ -0,0 +1 @@
1
+ {"fileNames":["../../../node_modules/typescript/lib/lib.es5.d.ts","../../../node_modules/typescript/lib/lib.es2015.d.ts","../../../node_modules/typescript/lib/lib.es2016.d.ts","../../../node_modules/typescript/lib/lib.es2017.d.ts","../../../node_modules/typescript/lib/lib.es2018.d.ts","../../../node_modules/typescript/lib/lib.es2019.d.ts","../../../node_modules/typescript/lib/lib.es2020.d.ts","../../../node_modules/typescript/lib/lib.es2021.d.ts","../../../node_modules/typescript/lib/lib.es2022.d.ts","../../../node_modules/typescript/lib/lib.dom.d.ts","../../../node_modules/typescript/lib/lib.dom.iterable.d.ts","../../../node_modules/typescript/lib/lib.es2015.core.d.ts","../../../node_modules/typescript/lib/lib.es2015.collection.d.ts","../../../node_modules/typescript/lib/lib.es2015.generator.d.ts","../../../node_modules/typescript/lib/lib.es2015.iterable.d.ts","../../../node_modules/typescript/lib/lib.es2015.promise.d.ts","../../../node_modules/typescript/lib/lib.es2015.proxy.d.ts","../../../node_modules/typescript/lib/lib.es2015.reflect.d.ts","../../../node_modules/typescript/lib/lib.es2015.symbol.d.ts","../../../node_modules/typescript/lib/lib.es2015.symbol.wellknown.d.ts","../../../node_modules/typescript/lib/lib.es2016.array.include.d.ts","../../../node_modules/typescript/lib/lib.es2016.intl.d.ts","../../../node_modules/typescript/lib/lib.es2017.arraybuffer.d.ts","../../../node_modules/typescript/lib/lib.es2017.date.d.ts","../../../node_modules/typescript/lib/lib.es2017.object.d.ts","../../../node_modules/typescript/lib/lib.es2017.sharedmemory.d.ts","../../../node_modules/typescript/lib/lib.es2017.string.d.ts","../../../node_modules/typescript/lib/lib.es2017.intl.d.ts","../../../node_modules/typescript/lib/lib.es2017.typedarrays.d.ts","../../../node_modules/typescript/lib/lib.es2018.asyncgenerator.d.ts","../../../node_modules/typescript/lib/lib.es2018.asynciterable.d.ts","../../../node_modules/typescript/lib/lib.es2018.intl.d.ts","../../../node_modules/typescript/lib/lib.es2018.promise.d.ts","../../../node_modules/typescript/lib/lib.es2018.regexp.d.ts","../../../node_modules/typescript/lib/lib.es2019.array.d.ts","../../../node_modules/typescript/lib/lib.es2019.object.d.ts","../../../node_modules/typescript/lib/lib.es2019.string.d.ts","../../../node_modules/typescript/lib/lib.es2019.symbol.d.ts","../../../node_modules/typescript/lib/lib.es2019.intl.d.ts","../../../node_modules/typescript/lib/lib.es2020.bigint.d.ts","../../../node_modules/typescript/lib/lib.es2020.date.d.ts","../../../node_modules/typescript/lib/lib.es2020.promise.d.ts","../../../node_modules/typescript/lib/lib.es2020.sharedmemory.d.ts","../../../node_modules/typescript/lib/lib.es2020.string.d.ts","../../../node_modules/typescript/lib/lib.es2020.symbol.wellknown.d.ts","../../../node_modules/typescript/lib/lib.es2020.intl.d.ts","../../../node_modules/typescript/lib/lib.es2020.number.d.ts","../../../node_modules/typescript/lib/lib.es2021.promise.d.ts","../../../node_modules/typescript/lib/lib.es2021.string.d.ts","../../../node_modules/typescript/lib/lib.es2021.weakref.d.ts","../../../node_modules/typescript/lib/lib.es2021.intl.d.ts","../../../node_modules/typescript/lib/lib.es2022.array.d.ts","../../../node_modules/typescript/lib/lib.es2022.error.d.ts","../../../node_modules/typescript/lib/lib.es2022.intl.d.ts","../../../node_modules/typescript/lib/lib.es2022.object.d.ts","../../../node_modules/typescript/lib/lib.es2022.string.d.ts","../../../node_modules/typescript/lib/lib.es2022.regexp.d.ts","../../../node_modules/typescript/lib/lib.decorators.d.ts","../../../node_modules/typescript/lib/lib.decorators.legacy.d.ts","../../../node_modules/@types/react/global.d.ts","../../../node_modules/csstype/index.d.ts","../../../node_modules/@types/react/index.d.ts","../../../node_modules/@types/react/jsx-runtime.d.ts","../src/types.ts","../src/scopes.ts","../src/permissions.ts","../src/policy.ts","../src/schema.ts","../src/decision.ts","../src/protectedresource.ts","../src/index.ts","../../../node_modules/@types/node/compatibility/disposable.d.ts","../../../node_modules/@types/node/compatibility/indexable.d.ts","../../../node_modules/@types/node/compatibility/iterators.d.ts","../../../node_modules/@types/node/compatibility/index.d.ts","../../../node_modules/@types/node/globals.typedarray.d.ts","../../../node_modules/@types/node/buffer.buffer.d.ts","../../../node_modules/@types/node/globals.d.ts","../../../node_modules/@types/node/web-globals/abortcontroller.d.ts","../../../node_modules/@types/node/web-globals/domexception.d.ts","../../../node_modules/@types/node/web-globals/events.d.ts","../../../node_modules/undici-types/header.d.ts","../../../node_modules/undici-types/readable.d.ts","../../../node_modules/undici-types/file.d.ts","../../../node_modules/undici-types/fetch.d.ts","../../../node_modules/undici-types/formdata.d.ts","../../../node_modules/undici-types/connector.d.ts","../../../node_modules/undici-types/client.d.ts","../../../node_modules/undici-types/errors.d.ts","../../../node_modules/undici-types/dispatcher.d.ts","../../../node_modules/undici-types/global-dispatcher.d.ts","../../../node_modules/undici-types/global-origin.d.ts","../../../node_modules/undici-types/pool-stats.d.ts","../../../node_modules/undici-types/pool.d.ts","../../../node_modules/undici-types/handlers.d.ts","../../../node_modules/undici-types/balanced-pool.d.ts","../../../node_modules/undici-types/agent.d.ts","../../../node_modules/undici-types/mock-interceptor.d.ts","../../../node_modules/undici-types/mock-agent.d.ts","../../../node_modules/undici-types/mock-client.d.ts","../../../node_modules/undici-types/mock-pool.d.ts","../../../node_modules/undici-types/mock-errors.d.ts","../../../node_modules/undici-types/proxy-agent.d.ts","../../../node_modules/undici-types/env-http-proxy-agent.d.ts","../../../node_modules/undici-types/retry-handler.d.ts","../../../node_modules/undici-types/retry-agent.d.ts","../../../node_modules/undici-types/api.d.ts","../../../node_modules/undici-types/interceptors.d.ts","../../../node_modules/undici-types/util.d.ts","../../../node_modules/undici-types/cookies.d.ts","../../../node_modules/undici-types/patch.d.ts","../../../node_modules/undici-types/websocket.d.ts","../../../node_modules/undici-types/eventsource.d.ts","../../../node_modules/undici-types/filereader.d.ts","../../../node_modules/undici-types/diagnostics-channel.d.ts","../../../node_modules/undici-types/content-type.d.ts","../../../node_modules/undici-types/cache.d.ts","../../../node_modules/undici-types/index.d.ts","../../../node_modules/@types/node/web-globals/fetch.d.ts","../../../node_modules/@types/node/web-globals/navigator.d.ts","../../../node_modules/@types/node/web-globals/storage.d.ts","../../../node_modules/@types/node/assert.d.ts","../../../node_modules/@types/node/assert/strict.d.ts","../../../node_modules/@types/node/async_hooks.d.ts","../../../node_modules/@types/node/buffer.d.ts","../../../node_modules/@types/node/child_process.d.ts","../../../node_modules/@types/node/cluster.d.ts","../../../node_modules/@types/node/console.d.ts","../../../node_modules/@types/node/constants.d.ts","../../../node_modules/@types/node/crypto.d.ts","../../../node_modules/@types/node/dgram.d.ts","../../../node_modules/@types/node/diagnostics_channel.d.ts","../../../node_modules/@types/node/dns.d.ts","../../../node_modules/@types/node/dns/promises.d.ts","../../../node_modules/@types/node/domain.d.ts","../../../node_modules/@types/node/events.d.ts","../../../node_modules/@types/node/fs.d.ts","../../../node_modules/@types/node/fs/promises.d.ts","../../../node_modules/@types/node/http.d.ts","../../../node_modules/@types/node/http2.d.ts","../../../node_modules/@types/node/https.d.ts","../../../node_modules/@types/node/inspector.d.ts","../../../node_modules/@types/node/inspector.generated.d.ts","../../../node_modules/@types/node/module.d.ts","../../../node_modules/@types/node/net.d.ts","../../../node_modules/@types/node/os.d.ts","../../../node_modules/@types/node/path.d.ts","../../../node_modules/@types/node/perf_hooks.d.ts","../../../node_modules/@types/node/process.d.ts","../../../node_modules/@types/node/punycode.d.ts","../../../node_modules/@types/node/querystring.d.ts","../../../node_modules/@types/node/readline.d.ts","../../../node_modules/@types/node/readline/promises.d.ts","../../../node_modules/@types/node/repl.d.ts","../../../node_modules/@types/node/sea.d.ts","../../../node_modules/@types/node/sqlite.d.ts","../../../node_modules/@types/node/stream.d.ts","../../../node_modules/@types/node/stream/promises.d.ts","../../../node_modules/@types/node/stream/consumers.d.ts","../../../node_modules/@types/node/stream/web.d.ts","../../../node_modules/@types/node/string_decoder.d.ts","../../../node_modules/@types/node/test.d.ts","../../../node_modules/@types/node/timers.d.ts","../../../node_modules/@types/node/timers/promises.d.ts","../../../node_modules/@types/node/tls.d.ts","../../../node_modules/@types/node/trace_events.d.ts","../../../node_modules/@types/node/tty.d.ts","../../../node_modules/@types/node/url.d.ts","../../../node_modules/@types/node/util.d.ts","../../../node_modules/@types/node/v8.d.ts","../../../node_modules/@types/node/vm.d.ts","../../../node_modules/@types/node/wasi.d.ts","../../../node_modules/@types/node/worker_threads.d.ts","../../../node_modules/@types/node/zlib.d.ts","../../../node_modules/@types/node/index.d.ts"],"fileIdsList":[[77,122,123,125,142,143],[77,124,125,142,143],[125,142,143],[77,125,130,142,143,160],[77,125,126,131,136,142,143,145,157,168],[77,125,126,127,136,142,143,145],[77,125,142,143],[72,73,74,77,125,142,143],[77,125,128,142,143,169],[77,125,129,130,137,142,143,146],[77,125,130,142,143,157,165],[77,125,131,133,136,142,143,145],[77,124,125,132,142,143],[77,125,133,134,142,143],[77,125,135,136,142,143],[77,124,125,136,142,143],[77,125,136,137,138,142,143,157,168],[77,125,136,137,138,142,143,152,157,160],[77,118,125,133,136,139,142,143,145,157,168],[77,125,136,137,139,140,142,143,145,157,165,168],[77,125,139,141,142,143,157,165,168],[75,76,77,78,79,80,81,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174],[77,125,136,142,143],[77,125,142,143,144,168],[77,125,133,136,142,143,145,157],[77,125,142,143,146],[77,125,142,143,147],[77,124,125,142,143,148],[77,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174],[77,125,142,143,150],[77,125,142,143,151],[77,125,136,142,143,152,153],[77,125,142,143,152,154,169,171],[77,125,137,142,143],[77,125,136,142,143,157,158,160],[77,125,142,143,159,160],[77,125,142,143,157,158],[77,125,142,143,160],[77,125,142,143,161],[77,122,125,142,143,157,162],[77,125,136,142,143,163,164],[77,125,142,143,163,164],[77,125,130,142,143,145,157,165],[77,125,142,143,166],[77,125,142,143,145,167],[77,125,139,142,143,151,168],[77,125,130,142,143,169],[77,125,142,143,157,170],[77,125,142,143,144,171],[77,125,142,143,172],[77,118,125,142,143],[77,118,125,136,138,142,143,148,157,160,168,170,171,173],[77,125,142,143,157,174],[60,61,77,125,142,143],[62,77,125,142,143],[77,90,94,125,142,143,168],[77,90,125,142,143,157,168],[77,85,125,142,143],[77,87,90,125,142,143,165,168],[77,125,142,143,145,165],[77,125,142,143,175],[77,85,125,142,143,175],[77,87,90,125,142,143,145,168],[77,82,83,86,89,125,136,142,143,157,168],[77,90,97,125,142,143],[77,82,88,125,142,143],[77,90,111,112,125,142,143],[77,86,90,125,142,143,160,168,175],[77,111,125,142,143,175],[77,84,85,125,142,143,175],[77,90,125,142,143],[77,84,85,86,87,88,89,90,91,92,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,112,113,114,115,116,117,125,142,143],[77,90,105,125,142,143],[77,90,97,98,125,142,143],[77,88,90,98,99,125,142,143],[77,89,125,142,143],[77,82,85,90,125,142,143],[77,90,94,98,99,125,142,143],[77,94,125,142,143],[77,88,90,93,125,142,143,168],[77,82,87,90,97,125,142,143],[77,125,142,143,157],[77,85,90,111,125,142,143,173,175],[63,64,66,67,68,77,125,142,143],[63,64,65,66,67,68,69,70,77,125,142,143],[63,64,65,77,125,142,143],[63,77,125,142,143],[63,64,77,125,142,143]],"fileInfos":[{"version":"c430d44666289dae81f30fa7b2edebf186ecc91a2d4c71266ea6ae76388792e1","affectsGlobalScope":true,"impliedFormat":1},{"version":"45b7ab580deca34ae9729e97c13cfd999df04416a79116c3bfb483804f85ded4","impliedFormat":1},{"version":"3facaf05f0c5fc569c5649dd359892c98a85557e3e0c847964caeb67076f4d75","impliedFormat":1},{"version":"e44bb8bbac7f10ecc786703fe0a6a4b952189f908707980ba8f3c8975a760962","impliedFormat":1},{"version":"5e1c4c362065a6b95ff952c0eab010f04dcd2c3494e813b493ecfd4fcb9fc0d8","impliedFormat":1},{"version":"68d73b4a11549f9c0b7d352d10e91e5dca8faa3322bfb77b661839c42b1ddec7","impliedFormat":1},{"version":"5efce4fc3c29ea84e8928f97adec086e3dc876365e0982cc8479a07954a3efd4","impliedFormat":1},{"version":"feecb1be483ed332fad555aff858affd90a48ab19ba7272ee084704eb7167569","impliedFormat":1},{"version":"ee7bad0c15b58988daa84371e0b89d313b762ab83cb5b31b8a2d1162e8eb41c2","impliedFormat":1},{"version":"080941d9f9ff9307f7e27a83bcd888b7c8270716c39af943532438932ec1d0b9","affectsGlobalScope":true,"impliedFormat":1},{"version":"2e80ee7a49e8ac312cc11b77f1475804bee36b3b2bc896bead8b6e1266befb43","affectsGlobalScope":true,"impliedFormat":1},{"version":"c57796738e7f83dbc4b8e65132f11a377649c00dd3eee333f672b8f0a6bea671","affectsGlobalScope":true,"impliedFormat":1},{"version":"dc2df20b1bcdc8c2d34af4926e2c3ab15ffe1160a63e58b7e09833f616efff44","affectsGlobalScope":true,"impliedFormat":1},{"version":"515d0b7b9bea2e31ea4ec968e9edd2c39d3eebf4a2d5cbd04e88639819ae3b71","affectsGlobalScope":true,"impliedFormat":1},{"version":"0559b1f683ac7505ae451f9a96ce4c3c92bdc71411651ca6ddb0e88baaaad6a3","affectsGlobalScope":true,"impliedFormat":1},{"version":"0dc1e7ceda9b8b9b455c3a2d67b0412feab00bd2f66656cd8850e8831b08b537","affectsGlobalScope":true,"impliedFormat":1},{"version":"ce691fb9e5c64efb9547083e4a34091bcbe5bdb41027e310ebba8f7d96a98671","affectsGlobalScope":true,"impliedFormat":1},{"version":"8d697a2a929a5fcb38b7a65594020fcef05ec1630804a33748829c5ff53640d0","affectsGlobalScope":true,"impliedFormat":1},{"version":"4ff2a353abf8a80ee399af572debb8faab2d33ad38c4b4474cff7f26e7653b8d","affectsGlobalScope":true,"impliedFormat":1},{"version":"fb0f136d372979348d59b3f5020b4cdb81b5504192b1cacff5d1fbba29378aa1","affectsGlobalScope":true,"impliedFormat":1},{"version":"d15bea3d62cbbdb9797079416b8ac375ae99162a7fba5de2c6c505446486ac0a","affectsGlobalScope":true,"impliedFormat":1},{"version":"68d18b664c9d32a7336a70235958b8997ebc1c3b8505f4f1ae2b7e7753b87618","affectsGlobalScope":true,"impliedFormat":1},{"version":"eb3d66c8327153d8fa7dd03f9c58d351107fe824c79e9b56b462935176cdf12a","affectsGlobalScope":true,"impliedFormat":1},{"version":"38f0219c9e23c915ef9790ab1d680440d95419ad264816fa15009a8851e79119","affectsGlobalScope":true,"impliedFormat":1},{"version":"69ab18c3b76cd9b1be3d188eaf8bba06112ebbe2f47f6c322b5105a6fbc45a2e","affectsGlobalScope":true,"impliedFormat":1},{"version":"a680117f487a4d2f30ea46f1b4b7f58bef1480456e18ba53ee85c2746eeca012","affectsGlobalScope":true,"impliedFormat":1},{"version":"2f11ff796926e0832f9ae148008138ad583bd181899ab7dd768a2666700b1893","affectsGlobalScope":true,"impliedFormat":1},{"version":"4de680d5bb41c17f7f68e0419412ca23c98d5749dcaaea1896172f06435891fc","affectsGlobalScope":true,"impliedFormat":1},{"version":"954296b30da6d508a104a3a0b5d96b76495c709785c1d11610908e63481ee667","affectsGlobalScope":true,"impliedFormat":1},{"version":"ac9538681b19688c8eae65811b329d3744af679e0bdfa5d842d0e32524c73e1c","affectsGlobalScope":true,"impliedFormat":1},{"version":"0a969edff4bd52585473d24995c5ef223f6652d6ef46193309b3921d65dd4376","affectsGlobalScope":true,"impliedFormat":1},{"version":"9e9fbd7030c440b33d021da145d3232984c8bb7916f277e8ffd3dc2e3eae2bdb","affectsGlobalScope":true,"impliedFormat":1},{"version":"811ec78f7fefcabbda4bfa93b3eb67d9ae166ef95f9bff989d964061cbf81a0c","affectsGlobalScope":true,"impliedFormat":1},{"version":"717937616a17072082152a2ef351cb51f98802fb4b2fdabd32399843875974ca","affectsGlobalScope":true,"impliedFormat":1},{"version":"d7e7d9b7b50e5f22c915b525acc5a49a7a6584cf8f62d0569e557c5cfc4b2ac2","affectsGlobalScope":true,"impliedFormat":1},{"version":"71c37f4c9543f31dfced6c7840e068c5a5aacb7b89111a4364b1d5276b852557","affectsGlobalScope":true,"impliedFormat":1},{"version":"576711e016cf4f1804676043e6a0a5414252560eb57de9faceee34d79798c850","affectsGlobalScope":true,"impliedFormat":1},{"version":"89c1b1281ba7b8a96efc676b11b264de7a8374c5ea1e6617f11880a13fc56dc6","affectsGlobalScope":true,"impliedFormat":1},{"version":"74f7fa2d027d5b33eb0471c8e82a6c87216223181ec31247c357a3e8e2fddc5b","affectsGlobalScope":true,"impliedFormat":1},{"version":"d6d7ae4d1f1f3772e2a3cde568ed08991a8ae34a080ff1151af28b7f798e22ca","affectsGlobalScope":true,"impliedFormat":1},{"version":"063600664504610fe3e99b717a1223f8b1900087fab0b4cad1496a114744f8df","affectsGlobalScope":true,"impliedFormat":1},{"version":"934019d7e3c81950f9a8426d093458b65d5aff2c7c1511233c0fd5b941e608ab","affectsGlobalScope":true,"impliedFormat":1},{"version":"52ada8e0b6e0482b728070b7639ee42e83a9b1c22d205992756fe020fd9f4a47","affectsGlobalScope":true,"impliedFormat":1},{"version":"3bdefe1bfd4d6dee0e26f928f93ccc128f1b64d5d501ff4a8cf3c6371200e5e6","affectsGlobalScope":true,"impliedFormat":1},{"version":"59fb2c069260b4ba00b5643b907ef5d5341b167e7d1dbf58dfd895658bda2867","affectsGlobalScope":true,"impliedFormat":1},{"version":"639e512c0dfc3fad96a84caad71b8834d66329a1f28dc95e3946c9b58176c73a","affectsGlobalScope":true,"impliedFormat":1},{"version":"368af93f74c9c932edd84c58883e736c9e3d53cec1fe24c0b0ff451f529ceab1","affectsGlobalScope":true,"impliedFormat":1},{"version":"af3dd424cf267428f30ccfc376f47a2c0114546b55c44d8c0f1d57d841e28d74","affectsGlobalScope":true,"impliedFormat":1},{"version":"995c005ab91a498455ea8dfb63aa9f83fa2ea793c3d8aa344be4a1678d06d399","affectsGlobalScope":true,"impliedFormat":1},{"version":"959d36cddf5e7d572a65045b876f2956c973a586da58e5d26cde519184fd9b8a","affectsGlobalScope":true,"impliedFormat":1},{"version":"965f36eae237dd74e6cca203a43e9ca801ce38824ead814728a2807b1910117d","affectsGlobalScope":true,"impliedFormat":1},{"version":"3925a6c820dcb1a06506c90b1577db1fdbf7705d65b62b99dce4be75c637e26b","affectsGlobalScope":true,"impliedFormat":1},{"version":"0a3d63ef2b853447ec4f749d3f368ce642264246e02911fcb1590d8c161b8005","affectsGlobalScope":true,"impliedFormat":1},{"version":"8cdf8847677ac7d20486e54dd3fcf09eda95812ac8ace44b4418da1bbbab6eb8","affectsGlobalScope":true,"impliedFormat":1},{"version":"8444af78980e3b20b49324f4a16ba35024fef3ee069a0eb67616ea6ca821c47a","affectsGlobalScope":true,"impliedFormat":1},{"version":"3287d9d085fbd618c3971944b65b4be57859f5415f495b33a6adc994edd2f004","affectsGlobalScope":true,"impliedFormat":1},{"version":"b4b67b1a91182421f5df999988c690f14d813b9850b40acd06ed44691f6727ad","affectsGlobalScope":true,"impliedFormat":1},{"version":"8e7f8264d0fb4c5339605a15daadb037bf238c10b654bb3eee14208f860a32ea","affectsGlobalScope":true,"impliedFormat":1},{"version":"782dec38049b92d4e85c1585fbea5474a219c6984a35b004963b00beb1aab538","affectsGlobalScope":true,"impliedFormat":1},{"version":"170d4db14678c68178ee8a3d5a990d5afb759ecb6ec44dbd885c50f6da6204f6","affectsGlobalScope":true,"impliedFormat":1},{"version":"ac51dd7d31333793807a6abaa5ae168512b6131bd41d9c5b98477fc3b7800f9f","impliedFormat":1},{"version":"5e76305d58bcdc924ff2bf14f6a9dc2aa5441ed06464b7e7bd039e611d66a89b","impliedFormat":1},{"version":"42c169fb8c2d42f4f668c624a9a11e719d5d07dacbebb63cbcf7ef365b0a75b3","impliedFormat":1},{"version":"410f04530b9182713d7ab282f988d1ca828b7575dd2b71d506a0511655dd5848","signature":"6cee575f5691b74de1abd835bbc7bfaeaec96bede320aa10767b21b22c77fc32"},{"version":"2bc5c0f15645f156c0d6f57d5c59d8fa3c6132ef7c8d6eedef9d6ae334f8c8cb","signature":"f73d33d657c8a85d5df19bcdc58d3a7a58e1494382c29d659480850d088c041c"},{"version":"02e30238cee84b36e634697c8247ec796e15b09df001af6c94ea9a6a69f3227c","signature":"7914a02898d5d24a473ce613e7140f12f83caf08c7561293d1009cbec0a3ec38"},{"version":"680cf84e7dddc6df04e06d60a004d3f4a37c9f2fdb7b7bd0e39eb38366344b45","signature":"13b8e3f86e13e0a0beab1aeb57000405917d889cbfc0aefdbd7a887573ca7240"},{"version":"3e616dda6045a4b2c803845b8b261be9b25f22e9ccfef675a66bfc366746466c","signature":"62be96f01c33def837ac4728fb3eb22bd55e55b5b08acc3fec5460ee9e81b3fc"},{"version":"9b2849d32e6ab92e96e13c2901b22d628005ee89a8c9653143e178a2153d70fd","signature":"842043817414c57f91b581751083f3de4d79e987f87d4fdc9da89b7426e6a182"},{"version":"a738ee71ac9f7e4a9fdd2ef19668d7642182797a5357feba6585b84ea374e736","signature":"6d107acd790dda3c8ceeb79da9d31c29e83d77d8d405d4927d88044c04138ced"},{"version":"3755f91a3720c3adb71f14a02abee7a73d5506d535219297ee7fcd2ee36a98b7","signature":"38c235c01b68b8bc8a3b99e19ad7c13c2d7f53308314543c61b4188e8ff72e8d"},{"version":"6c7176368037af28cb72f2392010fa1cef295d6d6744bca8cfb54985f3a18c3e","affectsGlobalScope":true,"impliedFormat":1},{"version":"ab41ef1f2cdafb8df48be20cd969d875602483859dc194e9c97c8a576892c052","affectsGlobalScope":true,"impliedFormat":1},{"version":"437e20f2ba32abaeb7985e0afe0002de1917bc74e949ba585e49feba65da6ca1","affectsGlobalScope":true,"impliedFormat":1},{"version":"21d819c173c0cf7cc3ce57c3276e77fd9a8a01d35a06ad87158781515c9a438a","impliedFormat":1},{"version":"98cffbf06d6bab333473c70a893770dbe990783904002c4f1a960447b4b53dca","affectsGlobalScope":true,"impliedFormat":1},{"version":"3af97acf03cc97de58a3a4bc91f8f616408099bc4233f6d0852e72a8ffb91ac9","affectsGlobalScope":true,"impliedFormat":1},{"version":"808069bba06b6768b62fd22429b53362e7af342da4a236ed2d2e1c89fcca3b4a","affectsGlobalScope":true,"impliedFormat":1},{"version":"1db0b7dca579049ca4193d034d835f6bfe73096c73663e5ef9a0b5779939f3d0","affectsGlobalScope":true,"impliedFormat":1},{"version":"9798340ffb0d067d69b1ae5b32faa17ab31b82466a3fc00d8f2f2df0c8554aaa","affectsGlobalScope":true,"impliedFormat":1},{"version":"f26b11d8d8e4b8028f1c7d618b22274c892e4b0ef5b3678a8ccbad85419aef43","affectsGlobalScope":true,"impliedFormat":1},{"version":"5929864ce17fba74232584d90cb721a89b7ad277220627cc97054ba15a98ea8f","impliedFormat":1},{"version":"763fe0f42b3d79b440a9b6e51e9ba3f3f91352469c1e4b3b67bfa4ff6352f3f4","impliedFormat":1},{"version":"25c8056edf4314820382a5fdb4bb7816999acdcb929c8f75e3f39473b87e85bc","impliedFormat":1},{"version":"c464d66b20788266e5353b48dc4aa6bc0dc4a707276df1e7152ab0c9ae21fad8","impliedFormat":1},{"version":"78d0d27c130d35c60b5e5566c9f1e5be77caf39804636bc1a40133919a949f21","impliedFormat":1},{"version":"c6fd2c5a395f2432786c9cb8deb870b9b0e8ff7e22c029954fabdd692bff6195","impliedFormat":1},{"version":"1d6e127068ea8e104a912e42fc0a110e2aa5a66a356a917a163e8cf9a65e4a75","impliedFormat":1},{"version":"5ded6427296cdf3b9542de4471d2aa8d3983671d4cac0f4bf9c637208d1ced43","impliedFormat":1},{"version":"7f182617db458e98fc18dfb272d40aa2fff3a353c44a89b2c0ccb3937709bfb5","impliedFormat":1},{"version":"cadc8aced301244057c4e7e73fbcae534b0f5b12a37b150d80e5a45aa4bebcbd","impliedFormat":1},{"version":"385aab901643aa54e1c36f5ef3107913b10d1b5bb8cbcd933d4263b80a0d7f20","impliedFormat":1},{"version":"9670d44354bab9d9982eca21945686b5c24a3f893db73c0dae0fd74217a4c219","impliedFormat":1},{"version":"0b8a9268adaf4da35e7fa830c8981cfa22adbbe5b3f6f5ab91f6658899e657a7","impliedFormat":1},{"version":"11396ed8a44c02ab9798b7dca436009f866e8dae3c9c25e8c1fbc396880bf1bb","impliedFormat":1},{"version":"ba7bc87d01492633cb5a0e5da8a4a42a1c86270e7b3d2dea5d156828a84e4882","impliedFormat":1},{"version":"4893a895ea92c85345017a04ed427cbd6a1710453338df26881a6019432febdd","impliedFormat":1},{"version":"c21dc52e277bcfc75fac0436ccb75c204f9e1b3fa5e12729670910639f27343e","impliedFormat":1},{"version":"13f6f39e12b1518c6650bbb220c8985999020fe0f21d818e28f512b7771d00f9","impliedFormat":1},{"version":"9b5369969f6e7175740bf51223112ff209f94ba43ecd3bb09eefff9fd675624a","impliedFormat":1},{"version":"4fe9e626e7164748e8769bbf74b538e09607f07ed17c2f20af8d680ee49fc1da","impliedFormat":1},{"version":"24515859bc0b836719105bb6cc3d68255042a9f02a6022b3187948b204946bd2","impliedFormat":1},{"version":"ea0148f897b45a76544ae179784c95af1bd6721b8610af9ffa467a518a086a43","impliedFormat":1},{"version":"24c6a117721e606c9984335f71711877293a9651e44f59f3d21c1ea0856f9cc9","impliedFormat":1},{"version":"dd3273ead9fbde62a72949c97dbec2247ea08e0c6952e701a483d74ef92d6a17","impliedFormat":1},{"version":"405822be75ad3e4d162e07439bac80c6bcc6dbae1929e179cf467ec0b9ee4e2e","impliedFormat":1},{"version":"0db18c6e78ea846316c012478888f33c11ffadab9efd1cc8bcc12daded7a60b6","impliedFormat":1},{"version":"e61be3f894b41b7baa1fbd6a66893f2579bfad01d208b4ff61daef21493ef0a8","impliedFormat":1},{"version":"bd0532fd6556073727d28da0edfd1736417a3f9f394877b6d5ef6ad88fba1d1a","impliedFormat":1},{"version":"89167d696a849fce5ca508032aabfe901c0868f833a8625d5a9c6e861ef935d2","impliedFormat":1},{"version":"615ba88d0128ed16bf83ef8ccbb6aff05c3ee2db1cc0f89ab50a4939bfc1943f","impliedFormat":1},{"version":"a4d551dbf8746780194d550c88f26cf937caf8d56f102969a110cfaed4b06656","impliedFormat":1},{"version":"8bd86b8e8f6a6aa6c49b71e14c4ffe1211a0e97c80f08d2c8cc98838006e4b88","impliedFormat":1},{"version":"317e63deeb21ac07f3992f5b50cdca8338f10acd4fbb7257ebf56735bf52ab00","impliedFormat":1},{"version":"4732aec92b20fb28c5fe9ad99521fb59974289ed1e45aecb282616202184064f","impliedFormat":1},{"version":"2e85db9e6fd73cfa3d7f28e0ab6b55417ea18931423bd47b409a96e4a169e8e6","impliedFormat":1},{"version":"c46e079fe54c76f95c67fb89081b3e399da2c7d109e7dca8e4b58d83e332e605","impliedFormat":1},{"version":"bf67d53d168abc1298888693338cb82854bdb2e69ef83f8a0092093c2d562107","impliedFormat":1},{"version":"2cbe0621042e2a68c7cbce5dfed3906a1862a16a7d496010636cdbdb91341c0f","affectsGlobalScope":true,"impliedFormat":1},{"version":"f9501cc13ce624c72b61f12b3963e84fad210fbdf0ffbc4590e08460a3f04eba","affectsGlobalScope":true,"impliedFormat":1},{"version":"e7721c4f69f93c91360c26a0a84ee885997d748237ef78ef665b153e622b36c1","affectsGlobalScope":true,"impliedFormat":1},{"version":"0fa06ada475b910e2106c98c68b10483dc8811d0c14a8a8dd36efb2672485b29","impliedFormat":1},{"version":"33e5e9aba62c3193d10d1d33ae1fa75c46a1171cf76fef750777377d53b0303f","impliedFormat":1},{"version":"2b06b93fd01bcd49d1a6bd1f9b65ddcae6480b9a86e9061634d6f8e354c1468f","impliedFormat":1},{"version":"6a0cd27e5dc2cfbe039e731cf879d12b0e2dded06d1b1dedad07f7712de0d7f4","affectsGlobalScope":true,"impliedFormat":1},{"version":"13f5c844119c43e51ce777c509267f14d6aaf31eafb2c2b002ca35584cd13b29","impliedFormat":1},{"version":"e60477649d6ad21542bd2dc7e3d9ff6853d0797ba9f689ba2f6653818999c264","impliedFormat":1},{"version":"c2510f124c0293ab80b1777c44d80f812b75612f297b9857406468c0f4dafe29","affectsGlobalScope":true,"impliedFormat":1},{"version":"5524481e56c48ff486f42926778c0a3cce1cc85dc46683b92b1271865bcf015a","impliedFormat":1},{"version":"4c829ab315f57c5442c6667b53769975acbf92003a66aef19bce151987675bd1","affectsGlobalScope":true,"impliedFormat":1},{"version":"b2ade7657e2db96d18315694789eff2ddd3d8aea7215b181f8a0b303277cc579","impliedFormat":1},{"version":"9855e02d837744303391e5623a531734443a5f8e6e8755e018c41d63ad797db2","impliedFormat":1},{"version":"4d631b81fa2f07a0e63a9a143d6a82c25c5f051298651a9b69176ba28930756d","impliedFormat":1},{"version":"836a356aae992ff3c28a0212e3eabcb76dd4b0cc06bcb9607aeef560661b860d","impliedFormat":1},{"version":"1e0d1f8b0adfa0b0330e028c7941b5a98c08b600efe7f14d2d2a00854fb2f393","impliedFormat":1},{"version":"41670ee38943d9cbb4924e436f56fc19ee94232bc96108562de1a734af20dc2c","affectsGlobalScope":true,"impliedFormat":1},{"version":"c906fb15bd2aabc9ed1e3f44eb6a8661199d6c320b3aa196b826121552cb3695","impliedFormat":1},{"version":"22295e8103f1d6d8ea4b5d6211e43421fe4564e34d0dd8e09e520e452d89e659","impliedFormat":1},{"version":"bb45cd435da536500f1d9692a9b49d0c570b763ccbf00473248b777f5c1f353b","impliedFormat":1},{"version":"6b4e081d55ac24fc8a4631d5dd77fe249fa25900abd7d046abb87d90e3b45645","impliedFormat":1},{"version":"a10f0e1854f3316d7ee437b79649e5a6ae3ae14ffe6322b02d4987071a95362e","impliedFormat":1},{"version":"e208f73ef6a980104304b0d2ca5f6bf1b85de6009d2c7e404028b875020fa8f2","impliedFormat":1},{"version":"d163b6bc2372b4f07260747cbc6c0a6405ab3fbcea3852305e98ac43ca59f5bc","impliedFormat":1},{"version":"e6fa9ad47c5f71ff733744a029d1dc472c618de53804eae08ffc243b936f87ff","affectsGlobalScope":true,"impliedFormat":1},{"version":"83e63d6ccf8ec004a3bb6d58b9bb0104f60e002754b1e968024b320730cc5311","impliedFormat":1},{"version":"24826ed94a78d5c64bd857570fdbd96229ad41b5cb654c08d75a9845e3ab7dde","impliedFormat":1},{"version":"8b479a130ccb62e98f11f136d3ac80f2984fdc07616516d29881f3061f2dd472","impliedFormat":1},{"version":"928af3d90454bf656a52a48679f199f64c1435247d6189d1caf4c68f2eaf921f","affectsGlobalScope":true,"impliedFormat":1},{"version":"21145ce1c54e05ef9e52092b98a4ebfb326b92f52e76e47211c50cfcd2a2b4ad","affectsGlobalScope":true,"impliedFormat":1},{"version":"3f16a7e4deafa527ed9995a772bb380eb7d3c2c0fd4ae178c5263ed18394db2c","impliedFormat":1},{"version":"933921f0bb0ec12ef45d1062a1fc0f27635318f4d294e4d99de9a5493e618ca2","impliedFormat":1},{"version":"71a0f3ad612c123b57239a7749770017ecfe6b66411488000aba83e4546fde25","impliedFormat":1},{"version":"77fbe5eecb6fac4b6242bbf6eebfc43e98ce5ccba8fa44e0ef6a95c945ff4d98","impliedFormat":1},{"version":"4f9d8ca0c417b67b69eeb54c7ca1bedd7b56034bb9bfd27c5d4f3bc4692daca7","impliedFormat":1},{"version":"814118df420c4e38fe5ae1b9a3bafb6e9c2aa40838e528cde908381867be6466","impliedFormat":1},{"version":"a3fc63c0d7b031693f665f5494412ba4b551fe644ededccc0ab5922401079c95","impliedFormat":1},{"version":"f27524f4bef4b6519c604bdb23bf4465bddcccbf3f003abb901acbd0d7404d99","impliedFormat":1},{"version":"37ba7b45141a45ce6e80e66f2a96c8a5ab1bcef0fc2d0f56bb58df96ec67e972","impliedFormat":1},{"version":"45650f47bfb376c8a8ed39d4bcda5902ab899a3150029684ee4c10676d9fbaee","impliedFormat":1},{"version":"dba28a419aec76ed864ef43e5f577a5c99a010c32e5949fe4e17a4d57c58dd11","affectsGlobalScope":true,"impliedFormat":1},{"version":"18fd40412d102c5564136f29735e5d1c3b455b8a37f920da79561f1fde068208","impliedFormat":1},{"version":"c959a391a75be9789b43c8468f71e3fa06488b4d691d5729dde1416dcd38225b","impliedFormat":1},{"version":"f0be1b8078cd549d91f37c30c222c2a187ac1cf981d994fb476a1adc61387b14","affectsGlobalScope":true,"impliedFormat":1},{"version":"0aaed1d72199b01234152f7a60046bc947f1f37d78d182e9ae09c4289e06a592","impliedFormat":1},{"version":"5ebe6f4cc3b803cbfc962bae0d954f9c80e5078ca41eb3f1de41d92e7193ef37","impliedFormat":1},{"version":"66ba1b2c3e3a3644a1011cd530fb444a96b1b2dfe2f5e837a002d41a1a799e60","impliedFormat":1},{"version":"7e514f5b852fdbc166b539fdd1f4e9114f29911592a5eb10a94bb3a13ccac3c4","impliedFormat":1},{"version":"5b7aa3c4c1a5d81b411e8cb302b45507fea9358d3569196b27eb1a27ae3a90ef","affectsGlobalScope":true,"impliedFormat":1},{"version":"5987a903da92c7462e0b35704ce7da94d7fdc4b89a984871c0e2b87a8aae9e69","affectsGlobalScope":true,"impliedFormat":1},{"version":"ea08a0345023ade2b47fbff5a76d0d0ed8bff10bc9d22b83f40858a8e941501c","impliedFormat":1},{"version":"47613031a5a31510831304405af561b0ffaedb734437c595256bb61a90f9311b","impliedFormat":1},{"version":"ae062ce7d9510060c5d7e7952ae379224fb3f8f2dd74e88959878af2057c143b","impliedFormat":1},{"version":"8a1a0d0a4a06a8d278947fcb66bf684f117bf147f89b06e50662d79a53be3e9f","affectsGlobalScope":true,"impliedFormat":1},{"version":"9f663c2f91127ef7024e8ca4b3b4383ff2770e5f826696005de382282794b127","impliedFormat":1},{"version":"9f55299850d4f0921e79b6bf344b47c420ce0f507b9dcf593e532b09ea7eeea1","impliedFormat":1}],"root":[[64,71]],"options":{"allowSyntheticDefaultImports":true,"composite":true,"declaration":true,"declarationMap":true,"esModuleInterop":true,"jsx":4,"jsxImportSource":"react","module":99,"outDir":"./","rootDir":"../src","skipLibCheck":true,"sourceMap":true,"strict":true,"target":9,"tsBuildInfoFile":"./tsconfig.tsbuildinfo"},"referencedMap":[[122,1],[123,1],[124,2],[77,3],[125,4],[126,5],[127,6],[72,7],[75,8],[73,7],[74,7],[128,9],[129,10],[130,11],[131,12],[132,13],[133,14],[134,14],[135,15],[136,16],[137,17],[138,18],[78,7],[76,7],[139,19],[140,20],[141,21],[175,22],[142,23],[143,7],[144,24],[145,25],[146,26],[147,27],[148,28],[149,29],[150,30],[151,31],[152,32],[153,32],[154,33],[155,7],[156,34],[157,35],[159,36],[158,37],[160,38],[161,39],[162,40],[163,41],[164,42],[165,43],[166,44],[167,45],[168,46],[169,47],[170,48],[171,49],[172,50],[79,7],[80,7],[81,7],[119,51],[120,7],[121,7],[173,52],[174,53],[60,7],[62,54],[63,55],[61,7],[58,7],[59,7],[10,7],[11,7],[13,7],[12,7],[2,7],[14,7],[15,7],[16,7],[17,7],[18,7],[19,7],[20,7],[21,7],[3,7],[22,7],[23,7],[4,7],[24,7],[28,7],[25,7],[26,7],[27,7],[29,7],[30,7],[31,7],[5,7],[32,7],[33,7],[34,7],[35,7],[6,7],[39,7],[36,7],[37,7],[38,7],[40,7],[7,7],[41,7],[46,7],[47,7],[42,7],[43,7],[44,7],[45,7],[8,7],[51,7],[48,7],[49,7],[50,7],[52,7],[9,7],[53,7],[54,7],[55,7],[57,7],[56,7],[1,7],[97,56],[107,57],[96,56],[117,58],[88,59],[87,60],[116,61],[110,62],[115,63],[90,64],[104,65],[89,66],[113,67],[85,68],[84,61],[114,69],[86,70],[91,71],[92,7],[95,71],[82,7],[118,72],[108,73],[99,74],[100,75],[102,76],[98,77],[101,78],[111,61],[93,79],[94,80],[103,81],[83,82],[106,73],[105,71],[109,7],[112,83],[69,84],[71,85],[66,86],[67,86],[70,87],[68,88],[65,87],[64,87]],"latestChangedDtsFile":"./index.d.ts","version":"5.9.3"}
package/dist/types.d.ts ADDED
@@ -0,0 +1,78 @@
1
+ /** Identity claims as they arrive from identifiabl / JWT verification. */
2
+ export interface IdentityClaims {
3
+ sub?: string;
4
+ scope?: string | string[];
5
+ scopes?: string[];
6
+ permissions?: string[];
7
+ roles?: string[];
8
+ org_id?: string;
9
+ [key: string]: unknown;
10
+ }
11
+ /** A single policy rule. Evaluated in priority order (lowest number = highest priority). */
12
+ export interface PolicyRule {
13
+ /** Unique identifier for this rule. */
14
+ id: string;
15
+ /** Lower number = evaluated first. Default: 100. */
16
+ priority?: number;
17
+ /** "allow" | "deny". Deny-by-default: if no rule matches, the request is denied. */
18
+ effect: "allow" | "deny";
19
+ /** Conditions that must ALL be true for this rule to match. */
20
+ conditions: PolicyCondition[];
21
+ /** Human-readable reason (included in deny responses). */
22
+ reason?: string;
23
+ }
24
+ /**
25
+ * A condition within a policy rule.
26
+ * All conditions in a rule are ANDed together.
27
+ */
28
+ export interface PolicyCondition {
29
+ /** The field to check: "scope", "permission", "role", "org_id", "tool", "model", "sub". */
30
+ field: string;
31
+ /** The operator: "equals", "contains", "in", "matches", "exists". */
32
+ operator: "equals" | "contains" | "in" | "matches" | "exists";
33
+ /** The value to compare against. */
34
+ value: string | string[] | boolean;
35
+ }
36
+ /** The result of evaluating a policy set against a request. */
37
+ export interface PolicyDecision {
38
+ /** Whether the request is allowed. */
39
+ allowed: boolean;
40
+ /** The rule that matched (if any). */
41
+ matchedRule?: PolicyRule;
42
+ /** Why the request was allowed/denied. */
43
+ reason: string;
44
+ /** All rules that were evaluated. */
45
+ evaluatedCount: number;
46
+ }
47
+ /** A set of policies to evaluate. */
48
+ export interface PolicySet {
49
+ /** The rules in this policy set, evaluated in priority order. */
50
+ rules: PolicyRule[];
51
+ /** Default effect when no rules match. Default: "deny". */
52
+ defaultEffect?: "allow" | "deny";
53
+ }
54
+ /** Request context for policy evaluation. */
55
+ export interface PolicyRequest {
56
+ /** The identity claims from the verified JWT. */
57
+ identity: IdentityClaims;
58
+ /** The tool being invoked (if applicable). */
59
+ tool?: string;
60
+ /** The model being requested (if applicable). */
61
+ model?: string;
62
+ /** The input payload (for schema validation). */
63
+ input?: unknown;
64
+ /** Additional context fields for condition matching. */
65
+ [key: string]: unknown;
66
+ }
67
+ /** Configuration for schema validation. */
68
+ export interface SchemaValidationResult {
69
+ valid: boolean;
70
+ errors: string[];
71
+ }
72
+ /** Configuration for permission checks. */
73
+ export interface PermissionCheckResult {
74
+ allowed: boolean;
75
+ missing: string[];
76
+ reason: string;
77
+ }
78
+ //# sourceMappingURL=types.d.ts.map
package/dist/types.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAEA,0EAA0E;AAC1E,MAAM,WAAW,cAAc;IAC7B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,4FAA4F;AAC5F,MAAM,WAAW,UAAU;IACzB,uCAAuC;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,oDAAoD;IACpD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,oFAAoF;IACpF,MAAM,EAAE,OAAO,GAAG,MAAM,CAAC;IACzB,+DAA+D;IAC/D,UAAU,EAAE,eAAe,EAAE,CAAC;IAC9B,0DAA0D;IAC1D,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,2FAA2F;IAC3F,KAAK,EAAE,MAAM,CAAC;IACd,qEAAqE;IACrE,QAAQ,EAAE,QAAQ,GAAG,UAAU,GAAG,IAAI,GAAG,SAAS,GAAG,QAAQ,CAAC;IAC9D,oCAAoC;IACpC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC;CACpC;AAED,+DAA+D;AAC/D,MAAM,WAAW,cAAc;IAC7B,sCAAsC;IACtC,OAAO,EAAE,OAAO,CAAC;IACjB,sCAAsC;IACtC,WAAW,CAAC,EAAE,UAAU,CAAC;IACzB,0CAA0C;IAC1C,MAAM,EAAE,MAAM,CAAC;IACf,qCAAqC;IACrC,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,qCAAqC;AACrC,MAAM,WAAW,SAAS;IACxB,iEAAiE;IACjE,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,2DAA2D;IAC3D,aAAa,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;CAClC;AAED,6CAA6C;AAC7C,MAAM,WAAW,aAAa;IAC5B,iDAAiD;IACjD,QAAQ,EAAE,cAAc,CAAC;IACzB,8CAA8C;IAC9C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,iDAAiD;IACjD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iDAAiD;IACjD,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,wDAAwD;IACxD,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,2CAA2C;AAC3C,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,2CAA2C;AAC3C,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB"}
package/dist/types.js ADDED
@@ -0,0 +1,3 @@
1
+ // packages/validatabl-core/src/types.ts
2
+ export {};
3
+ //# sourceMappingURL=types.js.map
package/dist/types.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,wCAAwC"}
package/package.json ADDED
@@ -0,0 +1,24 @@
1
+ {
2
+ "name": "@gatewaystack/validatabl-core",
3
+ "version": "0.1.0",
4
+ "private": false,
5
+ "license": "MIT",
6
+ "type": "module",
7
+ "main": "dist/index.js",
8
+ "types": "dist/index.d.ts",
9
+ "exports": {
10
+ ".": "./dist/index.js"
11
+ },
12
+ "files": [
13
+ "dist",
14
+ "README.md",
15
+ "LICENSE"
16
+ ],
17
+ "scripts": {
18
+ "build": "tsc -p tsconfig.json",
19
+ "prepublishOnly": "npm run build"
20
+ },
21
+ "devDependencies": {
22
+ "typescript": "^5.6.3"
23
+ }
24
+ }