@generazioneai/authz 0.0.1

package/dist/codegen/authz-check.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export declare function runCheckCli(argv: string[]): number;
+//# sourceMappingURL=authz-check.d.ts.map

package/dist/codegen/authz-check.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authz-check.d.ts","sourceRoot":"","sources":["../../src/codegen/authz-check.ts"],"names":[],"mappings":";AA4DA,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,CAOlD"}

package/dist/codegen/authz-check.js

@@ -0,0 +1,76 @@
+#!/usr/bin/env node
+"use strict";
+// Step 1 DEC-19 / DEC-S8.21: `authz:check` CLI — manifest ↔ schema coherence gate.
+//
+// Usage:
+//   authz:check [--manifests <a.json> <b.json>...] [--dmmf <dmmf.json>] [--opt-out <Model>...]
+//
+// Manifest-only checks always run. When `--dmmf` (a JSON dump of
+// `Prisma.dmmf.datamodel`) is supplied, field-existence + 100% coverage checks
+// run too — services wire this in their own `authz:check` script. Exit 1 if any
+// error-level violation is found (warnings do not fail the gate).
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runCheckCli = runCheckCli;
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const manifest_io_1 = require("./manifest-io");
+const check_rules_1 = require("./check-rules");
+function parseArgs(argv) {
+    const args = { manifests: [], optOut: [] };
+    for (let i = 0; i < argv.length; i++) {
+        const a = argv[i];
+        if (a === '--dmmf')
+            args.dmmf = (0, node_path_1.resolve)(argv[++i]);
+        else if (a === '--manifests') {
+            while (i + 1 < argv.length && !argv[i + 1].startsWith('--'))
+                args.manifests.push((0, node_path_1.resolve)(argv[++i]));
+        }
+        else if (a === '--opt-out') {
+            while (i + 1 < argv.length && !argv[i + 1].startsWith('--'))
+                args.optOut.push(argv[++i]);
+        }
+    }
+    return args;
+}
+function loadDmmf(path) {
+    if (!(0, node_fs_1.existsSync)(path))
+        throw new Error(`[authz:check] dmmf file not found: ${path}`);
+    const parsed = JSON.parse((0, node_fs_1.readFileSync)(path, 'utf8'));
+    // Accept either the full datamodel ({models:[...]}) or a bare {models} dump.
+    const models = parsed?.models ?? parsed?.datamodel?.models;
+    if (!Array.isArray(models))
+        throw new Error(`[authz:check] ${path} has no .models array`);
+    return { models };
+}
+function report(violations) {
+    if (!violations.length) {
+        console.log('[authz:check] OK — no violations.');
+        return;
+    }
+    for (const v of violations) {
+        const tag = v.level === 'error' ? 'ERROR' : 'warn ';
+        const where = v.subject ? ` (${v.subject})` : '';
+        console.error(`[authz:check] ${tag} ${v.code}${where}: ${v.message}`);
+    }
+    const errs = violations.filter((v) => v.level === 'error').length;
+    const warns = violations.length - errs;
+    console.error(`[authz:check] ${errs} error(s), ${warns} warning(s).`);
+}
+function runCheckCli(argv) {
+    const args = parseArgs(argv);
+    const manifests = args.manifests.length ? (0, manifest_io_1.loadManifests)(args.manifests) : [];
+    const dmmf = args.dmmf ? loadDmmf(args.dmmf) : undefined;
+    const violations = (0, check_rules_1.runChecks)(manifests, { dmmf, optOut: args.optOut });
+    report(violations);
+    return (0, check_rules_1.hasErrors)(violations) ? 1 : 0;
+}
+if (require.main === module) {
+    try {
+        process.exit(runCheckCli(process.argv.slice(2)));
+    }
+    catch (e) {
+        console.error(`[authz:check] FATAL: ${e.message}`);
+        process.exit(2);
+    }
+}
+//# sourceMappingURL=authz-check.js.map

package/dist/codegen/authz-check.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authz-check.js","sourceRoot":"","sources":["../../src/codegen/authz-check.ts"],"names":[],"mappings":";;AACA,mFAAmF;AACnF,EAAE;AACF,SAAS;AACT,+FAA+F;AAC/F,EAAE;AACF,iEAAiE;AACjE,+EAA+E;AAC/E,gFAAgF;AAChF,kEAAkE;;AAmDlE,kCAOC;AAxDD,qCAAmD;AACnD,yCAAoC;AACpC,+CAA8C;AAC9C,+CAAoF;AAQpF,SAAS,SAAS,CAAC,IAAc;IAC/B,MAAM,IAAI,GAAY,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IACpD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,IAAI,CAAC,KAAK,QAAQ;YAAE,IAAI,CAAC,IAAI,GAAG,IAAA,mBAAO,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;aAC9C,IAAI,CAAC,KAAK,aAAa,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC;gBAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAA,mBAAO,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACvG,CAAC;aAAM,IAAI,CAAC,KAAK,WAAW,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC;gBAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3F,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,QAAQ,CAAC,IAAY;IAC5B,IAAI,CAAC,IAAA,oBAAU,EAAC,IAAI,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,sCAAsC,IAAI,EAAE,CAAC,CAAC;IACrF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,sBAAY,EAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IACtD,6EAA6E;IAC7E,MAAM,MAAM,GAAG,MAAM,EAAE,MAAM,IAAI,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC;IAC3D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,uBAAuB,CAAC,CAAC;IAC1F,OAAO,EAAE,MAAM,EAAE,CAAC;AACpB,CAAC;AAED,SAAS,MAAM,CAAC,UAAuB;IACrC,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;QACjD,OAAO;IACT,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;QACpD,MAAM,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,OAAO,CAAC,KAAK,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAC,IAAI,GAAG,KAAK,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC,CAAC,MAAM,CAAC;IAClE,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC;IACvC,OAAO,CAAC,KAAK,CAAC,iBAAiB,IAAI,cAAc,KAAK,cAAc,CAAC,CAAC;AACxE,CAAC;AAED,SAAgB,WAAW,CAAC,IAAc;IACxC,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,IAAA,2BAAa,EAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC7E,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACzD,MAAM,UAAU,GAAG,IAAA,uBAAS,EAAC,SAAS,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACvE,MAAM,CAAC,UAAU,CAAC,CAAC;IACnB,OAAO,IAAA,uBAAS,EAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;IAC5B,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACnD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,wBAAyB,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/codegen/check-rules.d.ts

@@ -0,0 +1,73 @@
+import type { ResourceManifest } from '../define-resource';
+export type ViolationLevel = 'error' | 'warn';
+export interface Violation {
+    level: ViolationLevel;
+    code: string;
+    subject?: string;
+    message: string;
+}
+/** Canonical `$ctx` paths (must stay in sync with `CtxPath` in authz-context.ts). */
+export declare const KNOWN_CTX_PATHS: readonly string[];
+export interface DmmfField {
+    name: string;
+    kind?: string;
+    relationName?: string;
+    type?: string;
+}
+export interface DmmfModel {
+    name: string;
+    fields: DmmfField[];
+}
+export interface DmmfLike {
+    models: DmmfModel[];
+}
+export interface CheckOptions {
+    dmmf?: DmmfLike;
+    /** Models intentionally excluded from authz (DEC-3 opt-out, e.g. OidcEntity). */
+    optOut?: string[];
+}
+/** Collect every `$ctx` path referenced anywhere inside the scope templates. */
+export declare function collectCtxPaths(template: unknown, acc?: string[]): string[];
+/** DEC-14/15: actions must be built-in, lifecycle-derived, or non-empty custom. */
+export declare function checkActions(m: ResourceManifest): Violation[];
+/** DEC-23/EDGE-24: softDelete:false ⇒ no delete/softDelete/restore/findDeleted. */
+export declare function checkSoftDelete(m: ResourceManifest): Violation[];
+/** DEC-19: every `$ctx` path in scopes must be a known AuthzContext path. */
+export declare function checkCtxPaths(m: ResourceManifest): Violation[];
+/** DEC-28: lifecycle states/transitions internally consistent. */
+export declare function checkLifecycle(m: ResourceManifest): Violation[];
+/**
+ * A lifecycle transition's `requires: [SCOPE]` must have a matching scope declared
+ * in `scopes`. Otherwise the transition is either unauthorizable or silently falls
+ * back to another scope (e.g. an owner self-approving). Catches the class the
+ * adversarial review flagged on IndividualCompetence (requires TENANT, only OWN).
+ */
+export declare function checkLifecycleRequiresScopes(m: ResourceManifest): Violation[];
+/** DEC-6..10: tenancy declaration shape is well-formed for its kind. */
+export declare function checkTenancyShape(m: ResourceManifest): Violation[];
+/**
+ * Every resource must declare at least one scope (else nothing is enforceable).
+ * A `global`-tenancy resource that exposes only OWN/TENANT (no GLOBAL) is a
+ * legitimate pattern — a table with no tenant column whose visibility is
+ * owner-based (e.g. EmployeeSurvey, JuridicalSurvey) — so it is NOT warned.
+ */
+export declare function checkScopesPresence(m: ResourceManifest): Violation[];
+/** DEC-S8.5: external link should be a multiRef whose fields cover provider/customer. */
+export declare function checkExternalConsistency(m: ResourceManifest): Violation[];
+/**
+ * DEC-3: Subject is unique GLOBALLY (the codegen Subject union spans all services).
+ * prismaModel is unique only WITHIN a service — two services legitimately own a
+ * `client`/`user`/`individual` model in separate databases, so the model key is
+ * scoped by service. Within one service the per-service check still catches dups.
+ */
+export declare function checkUniqueness(manifests: ResourceManifest[]): Violation[];
+/** DEC-25a / EDGE-S8.5: polymorphicMap targets must resolve to known subjects. */
+export declare function checkPolymorphicTargets(manifests: ResourceManifest[]): Violation[];
+/** DEC-19: model exists; tenancy/ownership fields exist; scope top-level fields exist. */
+export declare function checkAgainstDmmf(m: ResourceManifest, dmmf: DmmfLike): Violation[];
+/** DEC-3 / coverage gate: every datamodel model is covered or explicitly opted out. */
+export declare function checkCoverage(manifests: ResourceManifest[], dmmf: DmmfLike, optOut?: string[]): Violation[];
+/** Run every check (manifest-only always; DMMF-backed + coverage if `dmmf` given). */
+export declare function runChecks(manifests: ResourceManifest[], opts?: CheckOptions): Violation[];
+export declare function hasErrors(violations: Violation[]): boolean;
+//# sourceMappingURL=check-rules.d.ts.map

package/dist/codegen/check-rules.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-rules.d.ts","sourceRoot":"","sources":["../../src/codegen/check-rules.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,gBAAgB,EAAe,MAAM,oBAAoB,CAAC;AAGxE,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,MAAM,CAAC;AAE9C,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,cAAc,CAAC;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,qFAAqF;AACrF,eAAO,MAAM,eAAe,EAAE,SAAS,MAAM,EAa5C,CAAC;AAwBF,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AACD,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,SAAS,EAAE,CAAC;CACrB;AACD,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,SAAS,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,CAAC,EAAE,QAAQ,CAAC;IAChB,iFAAiF;IACjF,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AA0BD,gFAAgF;AAChF,wBAAgB,eAAe,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,GAAE,MAAM,EAAO,GAAG,MAAM,EAAE,CAU/E;AAID,mFAAmF;AACnF,wBAAgB,YAAY,CAAC,CAAC,EAAE,gBAAgB,GAAG,SAAS,EAAE,CAqB7D;AAED,mFAAmF;AACnF,wBAAgB,eAAe,CAAC,CAAC,EAAE,gBAAgB,GAAG,SAAS,EAAE,CAWhE;AAED,6EAA6E;AAC7E,wBAAgB,aAAa,CAAC,CAAC,EAAE,gBAAgB,GAAG,SAAS,EAAE,CAgB9D;AAED,kEAAkE;AAClE,wBAAgB,cAAc,CAAC,CAAC,EAAE,gBAAgB,GAAG,SAAS,EAAE,CA0B/D;AAED;;;;;GAKG;AACH,wBAAgB,4BAA4B,CAAC,CAAC,EAAE,gBAAgB,GAAG,SAAS,EAAE,CAkB7E;AAED,wEAAwE;AACxE,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,gBAAgB,GAAG,SAAS,EAAE,CAmClE;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,CAAC,EAAE,gBAAgB,GAAG,SAAS,EAAE,CAMpE;AAED,yFAAyF;AACzF,wBAAgB,wBAAwB,CAAC,CAAC,EAAE,gBAAgB,GAAG,SAAS,EAAE,CAgBzE;AAID;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,gBAAgB,EAAE,GAAG,SAAS,EAAE,CAa1E;AAED,kFAAkF;AAClF,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,gBAAgB,EAAE,GAAG,SAAS,EAAE,CAkBlF;AAWD,0FAA0F;AAC1F,wBAAgB,gBAAgB,CAAC,CAAC,EAAE,gBAAgB,EAAE,IAAI,EAAE,QAAQ,GAAG,SAAS,EAAE,CA+DjF;AAED,uFAAuF;AACvF,wBAAgB,aAAa,CAC3B,SAAS,EAAE,gBAAgB,EAAE,EAC7B,IAAI,EAAE,QAAQ,EACd,MAAM,GAAE,MAAM,EAAO,GACpB,SAAS,EAAE,CAeb;AAID,sFAAsF;AACtF,wBAAgB,SAAS,CACvB,SAAS,EAAE,gBAAgB,EAAE,EAC7B,IAAI,GAAE,YAAiB,GACtB,SAAS,EAAE,CAmBb;AAED,wBAAgB,SAAS,CAAC,UAAU,EAAE,SAAS,EAAE,GAAG,OAAO,CAE1D"}

package/dist/codegen/check-rules.js

@@ -0,0 +1,387 @@
+"use strict";
+// Step 1 DEC-19: manifest ↔ Prisma schema coherence checks (`authz:check`).
+//
+// Two tiers of checks:
+//   - manifest-only (no schema needed): action/softDelete/lifecycle/tenancy/ctx
+//     shape, plus cross-manifest uniqueness + polymorphic target resolution.
+//   - DMMF-backed (optional `dmmf`): model exists, tenancy/ownership/scope fields
+//     exist, inheritFrom chain resolvable, 100% model coverage.
+//
+// The SDK exposes the rules as pure functions; each service runs a thin script
+// that loads its own `Prisma.dmmf` + manifests and calls `runChecks`.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KNOWN_CTX_PATHS = void 0;
+exports.collectCtxPaths = collectCtxPaths;
+exports.checkActions = checkActions;
+exports.checkSoftDelete = checkSoftDelete;
+exports.checkCtxPaths = checkCtxPaths;
+exports.checkLifecycle = checkLifecycle;
+exports.checkLifecycleRequiresScopes = checkLifecycleRequiresScopes;
+exports.checkTenancyShape = checkTenancyShape;
+exports.checkScopesPresence = checkScopesPresence;
+exports.checkExternalConsistency = checkExternalConsistency;
+exports.checkUniqueness = checkUniqueness;
+exports.checkPolymorphicTargets = checkPolymorphicTargets;
+exports.checkAgainstDmmf = checkAgainstDmmf;
+exports.checkCoverage = checkCoverage;
+exports.runChecks = runChecks;
+exports.hasErrors = hasErrors;
+const effective_actions_1 = require("./effective-actions");
+/** Canonical `$ctx` paths (must stay in sync with `CtxPath` in authz-context.ts). */
+exports.KNOWN_CTX_PATHS = [
+    'userId',
+    'individualId',
+    'tenantId',
+    'juridicalIndividualId',
+    'connected.studentsOfTeacher',
+    'connected.reportsOfManager',
+    'connected.pendingApprovalResourceIds',
+    'connected.customRelations',
+    'accreditedAs.provider.accreditationIds',
+    'accreditedAs.provider.customerJuridicalIds',
+    'accreditedAs.customer.accreditationIds',
+    'accreditedAs.customer.providerJuridicalIds',
+];
+const KNOWN_CTX_SET = new Set(exports.KNOWN_CTX_PATHS);
+/** Prisma filter / logical operators to skip when treating object keys as fields. */
+const PRISMA_OPERATORS = new Set([
+    'AND', 'OR', 'NOT',
+    '$ctx',
+    'equals', 'not', 'in', 'notIn',
+    'lt', 'lte', 'gt', 'gte',
+    'contains', 'startsWith', 'endsWith', 'mode', 'search',
+    'some', 'every', 'none', 'is', 'isNot',
+    'has', 'hasSome', 'hasEvery', 'isEmpty',
+]);
+const SOFT_DELETE_ACTIONS = new Set([
+    'delete',
+    'softDelete',
+    'restore',
+    'findDeleted',
+]);
+const lowerFirst = (s) => s.length ? s.charAt(0).toLowerCase() + s.slice(1) : s;
+function findModel(dmmf, prismaModel) {
+    return dmmf.models.find((m) => m.name === prismaModel || lowerFirst(m.name) === prismaModel);
+}
+const err = (code, subject, message) => ({
+    level: 'error',
+    code,
+    subject,
+    message,
+});
+const warn = (code, subject, message) => ({
+    level: 'warn',
+    code,
+    subject,
+    message,
+});
+// ---- $ctx walking ------------------------------------------------------------
+/** Collect every `$ctx` path referenced anywhere inside the scope templates. */
+function collectCtxPaths(template, acc = []) {
+    if (template === null || typeof template !== 'object')
+        return acc;
+    if (Array.isArray(template)) {
+        for (const item of template)
+            collectCtxPaths(item, acc);
+        return acc;
+    }
+    const obj = template;
+    if (typeof obj.$ctx === 'string')
+        acc.push(obj.$ctx);
+    for (const value of Object.values(obj))
+        collectCtxPaths(value, acc);
+    return acc;
+}
+// ---- manifest-only checks ----------------------------------------------------
+/** DEC-14/15: actions must be built-in, lifecycle-derived, or non-empty custom. */
+function checkActions(m) {
+    const out = [];
+    const verbs = new Set((0, effective_actions_1.lifecycleVerbs)(m));
+    for (const a of m.actions) {
+        if (typeof a !== 'string' || a.length === 0) {
+            out.push(err('action-empty', m.subject, `empty/invalid action declared`));
+        }
+    }
+    // Lifecycle verbs should be surfaced in `actions` for clarity (DEC-15).
+    for (const verb of verbs) {
+        if (!m.actions.includes(verb)) {
+            out.push(warn('lifecycle-verb-missing-in-actions', m.subject, `lifecycle verb '${verb}' is not listed in actions[] (framework auto-adds it; list it for clarity)`));
+        }
+    }
+    return out;
+}
+/** DEC-23/EDGE-24: softDelete:false ⇒ no delete/softDelete/restore/findDeleted. */
+function checkSoftDelete(m) {
+    if (m.softDelete !== false)
+        return [];
+    return m.actions
+        .filter((a) => SOFT_DELETE_ACTIONS.has(a))
+        .map((a) => err('softdelete-action-conflict', m.subject, `softDelete:false but actions includes '${a}'`));
+}
+/** DEC-19: every `$ctx` path in scopes must be a known AuthzContext path. */
+function checkCtxPaths(m) {
+    const out = [];
+    for (const [scope, template] of Object.entries(m.scopes ?? {})) {
+        for (const path of collectCtxPaths(template)) {
+            if (!KNOWN_CTX_SET.has(path)) {
+                out.push(err('unknown-ctx-path', m.subject, `scope ${scope} references unknown $ctx path '${path}' (known: ${exports.KNOWN_CTX_PATHS.join(', ')})`));
+            }
+        }
+    }
+    return out;
+}
+/** DEC-28: lifecycle states/transitions internally consistent. */
+function checkLifecycle(m) {
+    const lc = m.lifecycle;
+    if (!lc)
+        return [];
+    const out = [];
+    if (!lc.field)
+        out.push(err('lifecycle-no-field', m.subject, 'lifecycle.field is empty'));
+    const states = new Set(lc.states ?? []);
+    if (!states.has(lc.initial)) {
+        out.push(err('lifecycle-bad-initial', m.subject, `initial state '${lc.initial}' not in states[]`));
+    }
+    for (const [verb, t] of Object.entries(lc.transitions ?? {})) {
+        if (!states.has(t.to)) {
+            out.push(err('lifecycle-bad-to', m.subject, `transition '${verb}' targets unknown state '${t.to}'`));
+        }
+        for (const f of t.from ?? []) {
+            if (!states.has(f)) {
+                out.push(err('lifecycle-bad-from', m.subject, `transition '${verb}' from unknown state '${f}'`));
+            }
+        }
+    }
+    return out;
+}
+/**
+ * A lifecycle transition's `requires: [SCOPE]` must have a matching scope declared
+ * in `scopes`. Otherwise the transition is either unauthorizable or silently falls
+ * back to another scope (e.g. an owner self-approving). Catches the class the
+ * adversarial review flagged on IndividualCompetence (requires TENANT, only OWN).
+ */
+function checkLifecycleRequiresScopes(m) {
+    if (!m.lifecycle)
+        return [];
+    const scopeKeys = new Set(Object.keys(m.scopes ?? {}));
+    const out = [];
+    for (const [verb, t] of Object.entries(m.lifecycle.transitions ?? {})) {
+        for (const req of t.requires ?? []) {
+            if (!scopeKeys.has(req)) {
+                out.push(err('lifecycle-requires-missing-scope', m.subject, `transition '${verb}' requires scope '${req}' but no '${req}' scope is declared (declared: ${[...scopeKeys].join(', ') || 'none'})`));
+            }
+        }
+    }
+    return out;
+}
+/** DEC-6..10: tenancy declaration shape is well-formed for its kind. */
+function checkTenancyShape(m) {
+    const out = [];
+    const t = m.tenancy;
+    if (!t || !('kind' in t)) {
+        out.push(err('tenancy-missing', m.subject, 'tenancy declaration missing'));
+        return out;
+    }
+    switch (t.kind) {
+        case 'single':
+            if (!t.field)
+                out.push(err('tenancy-single-no-field', m.subject, "tenancy.single requires 'field'"));
+            break;
+        case 'multiRef':
+            if (!Array.isArray(t.fields) || t.fields.length === 0)
+                out.push(err('tenancy-multiref-empty', m.subject, 'tenancy.multiRef requires non-empty fields[]'));
+            if (t.relation !== 'AND' && t.relation !== 'OR')
+                out.push(err('tenancy-multiref-relation', m.subject, "tenancy.multiRef.relation must be 'AND' or 'OR'"));
+            break;
+        case 'transitive':
+            if (!t.via || !t.through || !t.field)
+                out.push(err('tenancy-transitive-incomplete', m.subject, 'tenancy.transitive requires via/through/field'));
+            break;
+        case 'inheritFrom':
+            if (!t.relation)
+                out.push(err('tenancy-inheritfrom-no-relation', m.subject, "tenancy.inheritFrom requires 'relation'"));
+            break;
+        case 'global':
+            break;
+        default:
+            out.push(err('tenancy-unknown-kind', m.subject, `unknown tenancy kind '${t.kind}'`));
+    }
+    if (m.nested) {
+        if (!m.nested.parent)
+            out.push(err('nested-no-parent', m.subject, 'nested.parent is empty'));
+        if (!m.nested.via)
+            out.push(err('nested-no-via', m.subject, 'nested.via is empty'));
+    }
+    return out;
+}
+/**
+ * Every resource must declare at least one scope (else nothing is enforceable).
+ * A `global`-tenancy resource that exposes only OWN/TENANT (no GLOBAL) is a
+ * legitimate pattern — a table with no tenant column whose visibility is
+ * owner-based (e.g. EmployeeSurvey, JuridicalSurvey) — so it is NOT warned.
+ */
+function checkScopesPresence(m) {
+    const scopeKeys = Object.keys(m.scopes ?? {});
+    if (scopeKeys.length === 0) {
+        return [warn('no-scopes', m.subject, 'resource declares no scopes (nothing enforceable)')];
+    }
+    return [];
+}
+/** DEC-S8.5: external link should be a multiRef whose fields cover provider/customer. */
+function checkExternalConsistency(m) {
+    if (!m.external)
+        return [];
+    const out = [];
+    const t = m.tenancy;
+    if (t?.kind !== 'multiRef') {
+        out.push(warn('external-not-multiref', m.subject, 'external link declared but tenancy is not multiRef'));
+        return out;
+    }
+    for (const f of [m.external.providerField, m.external.customerField]) {
+        if (!t.fields.includes(f)) {
+            out.push(warn('external-field-not-in-tenancy', m.subject, `external field '${f}' not among tenancy.fields`));
+        }
+    }
+    return out;
+}
+// ---- cross-manifest checks ---------------------------------------------------
+/**
+ * DEC-3: Subject is unique GLOBALLY (the codegen Subject union spans all services).
+ * prismaModel is unique only WITHIN a service — two services legitimately own a
+ * `client`/`user`/`individual` model in separate databases, so the model key is
+ * scoped by service. Within one service the per-service check still catches dups.
+ */
+function checkUniqueness(manifests) {
+    const out = [];
+    const subjects = new Map();
+    const models = new Map(); // keyed `service:prismaModel`
+    for (const m of manifests) {
+        subjects.set(m.subject, (subjects.get(m.subject) ?? 0) + 1);
+        const key = `${m.service}:${m.prismaModel}`;
+        models.set(key, (models.get(key) ?? 0) + 1);
+    }
+    for (const [s, n] of subjects)
+        if (n > 1)
+            out.push(err('duplicate-subject', s, `subject '${s}' declared ${n}×`));
+    for (const [key, n] of models)
+        if (n > 1)
+            out.push({ level: 'error', code: 'duplicate-model', message: `prismaModel '${key}' declared ${n}×` });
+    return out;
+}
+/** DEC-25a / EDGE-S8.5: polymorphicMap targets must resolve to known subjects. */
+function checkPolymorphicTargets(manifests) {
+    const subjects = new Set(manifests.map((m) => m.subject));
+    const out = [];
+    for (const m of manifests) {
+        if (!m.polymorphicMap)
+            continue;
+        for (const [enumVal, target] of Object.entries(m.polymorphicMap)) {
+            if (!subjects.has(target)) {
+                out.push(warn('polymorphic-target-unknown', m.subject, `polymorphicMap['${enumVal}'] -> '${target}' is not a known subject (out-of-scope target?)`));
+            }
+        }
+    }
+    return out;
+}
+// ---- DMMF-backed checks ------------------------------------------------------
+function fieldNames(model) {
+    return new Set(model.fields.map((f) => f.name));
+}
+function relationNames(model) {
+    return new Set(model.fields.filter((f) => f.kind === 'object' || f.relationName).map((f) => f.name));
+}
+/** DEC-19: model exists; tenancy/ownership fields exist; scope top-level fields exist. */
+function checkAgainstDmmf(m, dmmf) {
+    const out = [];
+    const model = findModel(dmmf, m.prismaModel);
+    if (!model) {
+        out.push(err('model-not-found', m.subject, `prismaModel '${m.prismaModel}' not in datamodel`));
+        return out; // can't validate fields without the model
+    }
+    const fields = fieldNames(model);
+    const relations = relationNames(model);
+    // DEC-23: a model with default (active) soft-delete must actually have the
+    // soft-delete column, else the framework injects `deletedAt: null` into a
+    // non-existent field and every query throws at runtime (Step 3 extension).
+    if (m.softDelete !== false) {
+        const sdField = (m.softDelete && m.softDelete.field) || 'deletedAt';
+        if (!fields.has(sdField)) {
+            out.push(err('softdelete-field-missing', m.subject, `soft-delete is active but model has no '${sdField}' column — set softDelete:false (and drop delete/softDelete/restore/findDeleted from actions)`));
+        }
+    }
+    const t = m.tenancy;
+    if (t?.kind === 'single' && t.field && !fields.has(t.field)) {
+        out.push(err('tenancy-field-missing', m.subject, `tenancy field '${t.field}' not on model`));
+    }
+    if (t?.kind === 'multiRef') {
+        for (const f of t.fields ?? []) {
+            if (!fields.has(f))
+                out.push(err('tenancy-field-missing', m.subject, `multiRef field '${f}' not on model`));
+        }
+    }
+    if (t?.kind === 'transitive' && t.via && !relations.has(t.via)) {
+        out.push(err('tenancy-via-missing', m.subject, `transitive via relation '${t.via}' not on model`));
+    }
+    if (t?.kind === 'inheritFrom' && t.relation) {
+        const firstHop = t.relation.split('.')[0];
+        if (!relations.has(firstHop)) {
+            out.push(err('inheritfrom-relation-missing', m.subject, `inheritFrom relation '${firstHop}' not on model`));
+        }
+    }
+    for (const o of m.ownership ?? []) {
+        if (!fields.has(o.field)) {
+            out.push(err('ownership-field-missing', m.subject, `ownership field '${o.field}' not on model`));
+        }
+    }
+    // Top-level scope keys (excluding operators) must be a field or relation.
+    for (const [scope, template] of Object.entries(m.scopes ?? {})) {
+        if (!template || typeof template !== 'object')
+            continue;
+        for (const key of Object.keys(template)) {
+            if (PRISMA_OPERATORS.has(key))
+                continue;
+            if (!fields.has(key) && !relations.has(key)) {
+                out.push(err('scope-field-missing', m.subject, `scope ${scope} references unknown field/relation '${key}'`));
+            }
+        }
+    }
+    return out;
+}
+/** DEC-3 / coverage gate: every datamodel model is covered or explicitly opted out. */
+function checkCoverage(manifests, dmmf, optOut = []) {
+    const covered = new Set(manifests.map((m) => m.prismaModel));
+    const optOutSet = new Set(optOut);
+    const out = [];
+    for (const model of dmmf.models) {
+        const camel = lowerFirst(model.name);
+        if (covered.has(camel) || covered.has(model.name))
+            continue;
+        if (optOutSet.has(camel) || optOutSet.has(model.name))
+            continue;
+        out.push({
+            level: 'error',
+            code: 'model-uncovered',
+            message: `model '${model.name}' has no manifest and is not in the opt-out list`,
+        });
+    }
+    return out;
+}
+// ---- orchestrator ------------------------------------------------------------
+/** Run every check (manifest-only always; DMMF-backed + coverage if `dmmf` given). */
+function runChecks(manifests, opts = {}) {
+    const out = [];
+    for (const m of manifests) {
+        out.push(...checkActions(m), ...checkSoftDelete(m), ...checkCtxPaths(m), ...checkLifecycle(m), ...checkLifecycleRequiresScopes(m), ...checkTenancyShape(m), ...checkScopesPresence(m), ...checkExternalConsistency(m));
+        if (opts.dmmf)
+            out.push(...checkAgainstDmmf(m, opts.dmmf));
+    }
+    out.push(...checkUniqueness(manifests));
+    out.push(...checkPolymorphicTargets(manifests));
+    if (opts.dmmf)
+        out.push(...checkCoverage(manifests, opts.dmmf, opts.optOut));
+    return out;
+}
+function hasErrors(violations) {
+    return violations.some((v) => v.level === 'error');
+}
+//# sourceMappingURL=check-rules.js.map

package/dist/codegen/check-rules.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-rules.js","sourceRoot":"","sources":["../../src/codegen/check-rules.ts"],"names":[],"mappings":";AAAA,4EAA4E;AAC5E,EAAE;AACF,uBAAuB;AACvB,gFAAgF;AAChF,6EAA6E;AAC7E,kFAAkF;AAClF,gEAAgE;AAChE,EAAE;AACF,+EAA+E;AAC/E,sEAAsE;;;AAiGtE,0CAUC;AAKD,oCAqBC;AAGD,0CAWC;AAGD,sCAgBC;AAGD,wCA0BC;AAQD,oEAkBC;AAGD,8CAmCC;AAQD,kDAMC;AAGD,4DAgBC;AAUD,0CAaC;AAGD,0DAkBC;AAYD,4CA+DC;AAGD,sCAmBC;AAKD,8BAsBC;AAED,8BAEC;AA7cD,2DAAqD;AAWrD,qFAAqF;AACxE,QAAA,eAAe,GAAsB;IAChD,QAAQ;IACR,cAAc;IACd,UAAU;IACV,uBAAuB;IACvB,6BAA6B;IAC7B,4BAA4B;IAC5B,sCAAsC;IACtC,2BAA2B;IAC3B,wCAAwC;IACxC,4CAA4C;IAC5C,wCAAwC;IACxC,4CAA4C;CAC7C,CAAC;AAEF,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,uBAAe,CAAC,CAAC;AAE/C,qFAAqF;AACrF,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,KAAK,EAAE,IAAI,EAAE,KAAK;IAClB,MAAM;IACN,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO;IAC9B,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK;IACxB,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ;IACtD,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO;IACtC,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS;CACxC,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,QAAQ;IACR,YAAY;IACZ,SAAS;IACT,aAAa;CACd,CAAC,CAAC;AAwBH,MAAM,UAAU,GAAG,CAAC,CAAS,EAAU,EAAE,CACvC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAExD,SAAS,SAAS,CAAC,IAAc,EAAE,WAAmB;IACpD,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CACrB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,WAAW,IAAI,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,WAAW,CACpE,CAAC;AACJ,CAAC;AAED,MAAM,GAAG,GAAG,CAAC,IAAY,EAAE,OAAe,EAAE,OAAe,EAAa,EAAE,CAAC,CAAC;IAC1E,KAAK,EAAE,OAAO;IACd,IAAI;IACJ,OAAO;IACP,OAAO;CACR,CAAC,CAAC;AACH,MAAM,IAAI,GAAG,CAAC,IAAY,EAAE,OAAe,EAAE,OAAe,EAAa,EAAE,CAAC,CAAC;IAC3E,KAAK,EAAE,MAAM;IACb,IAAI;IACJ,OAAO;IACP,OAAO;CACR,CAAC,CAAC;AAEH,iFAAiF;AAEjF,gFAAgF;AAChF,SAAgB,eAAe,CAAC,QAAiB,EAAE,MAAgB,EAAE;IACnE,IAAI,QAAQ,KAAK,IAAI,IAAI,OAAO,QAAQ,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IAClE,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,KAAK,MAAM,IAAI,IAAI,QAAQ;YAAE,eAAe,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACxD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,MAAM,GAAG,GAAG,QAAmC,CAAC;IAChD,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ;QAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACrD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;QAAE,eAAe,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACpE,OAAO,GAAG,CAAC;AACb,CAAC;AAED,iFAAiF;AAEjF,mFAAmF;AACnF,SAAgB,YAAY,CAAC,CAAmB;IAC9C,MAAM,GAAG,GAAgB,EAAE,CAAC;IAC5B,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,IAAA,kCAAc,EAAC,CAAC,CAAC,CAAC,CAAC;IACzC,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;QAC1B,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5C,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE,+BAA+B,CAAC,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IACD,wEAAwE;IACxE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,GAAG,CAAC,IAAI,CACN,IAAI,CACF,mCAAmC,EACnC,CAAC,CAAC,OAAO,EACT,mBAAmB,IAAI,4EAA4E,CACpG,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,mFAAmF;AACnF,SAAgB,eAAe,CAAC,CAAmB;IACjD,IAAI,CAAC,CAAC,UAAU,KAAK,KAAK;QAAE,OAAO,EAAE,CAAC;IACtC,OAAO,CAAC,CAAC,OAAO;SACb,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;SACzC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACT,GAAG,CACD,4BAA4B,EAC5B,CAAC,CAAC,OAAO,EACT,0CAA0C,CAAC,GAAG,CAC/C,CACF,CAAC;AACN,CAAC;AAED,6EAA6E;AAC7E,SAAgB,aAAa,CAAC,CAAmB;IAC/C,MAAM,GAAG,GAAgB,EAAE,CAAC;IAC5B,KAAK,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC;QAC/D,KAAK,MAAM,IAAI,IAAI,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,GAAG,CAAC,IAAI,CACN,GAAG,CACD,kBAAkB,EAClB,CAAC,CAAC,OAAO,EACT,SAAS,KAAK,kCAAkC,IAAI,aAAa,uBAAe,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC/F,CACF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,kEAAkE;AAClE,SAAgB,cAAc,CAAC,CAAmB;IAChD,MAAM,EAAE,GAAG,CAAC,CAAC,SAAS,CAAC;IACvB,IAAI,CAAC,EAAE;QAAE,OAAO,EAAE,CAAC;IACnB,MAAM,GAAG,GAAgB,EAAE,CAAC;IAC5B,IAAI,CAAC,EAAE,CAAC,KAAK;QAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC,CAAC,OAAO,EAAE,0BAA0B,CAAC,CAAC,CAAC;IAC1F,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;IACxC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,GAAG,CAAC,IAAI,CACN,GAAG,CAAC,uBAAuB,EAAE,CAAC,CAAC,OAAO,EAAE,kBAAkB,EAAE,CAAC,OAAO,mBAAmB,CAAC,CACzF,CAAC;IACJ,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,WAAW,IAAI,EAAE,CAAC,EAAE,CAAC;QAC7D,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;YACtB,GAAG,CAAC,IAAI,CACN,GAAG,CAAC,kBAAkB,EAAE,CAAC,CAAC,OAAO,EAAE,eAAe,IAAI,4BAA4B,CAAC,CAAC,EAAE,GAAG,CAAC,CAC3F,CAAC;QACJ,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;YAC7B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnB,GAAG,CAAC,IAAI,CACN,GAAG,CAAC,oBAAoB,EAAE,CAAC,CAAC,OAAO,EAAE,eAAe,IAAI,yBAAyB,CAAC,GAAG,CAAC,CACvF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,SAAgB,4BAA4B,CAAC,CAAmB;IAC9D,IAAI,CAAC,CAAC,CAAC,SAAS;QAAE,OAAO,EAAE,CAAC;IAC5B,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC;IACvD,MAAM,GAAG,GAAgB,EAAE,CAAC;IAC5B,KAAK,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,WAAW,IAAI,EAAE,CAAC,EAAE,CAAC;QACtE,KAAK,MAAM,GAAG,IAAI,CAAC,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;YACnC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,GAAG,CAAC,IAAI,CACN,GAAG,CACD,kCAAkC,EAClC,CAAC,CAAC,OAAO,EACT,eAAe,IAAI,qBAAqB,GAAG,aAAa,GAAG,kCAAkC,CAAC,GAAG,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,GAAG,CACpI,CACF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,wEAAwE;AACxE,SAAgB,iBAAiB,CAAC,CAAmB;IACnD,MAAM,GAAG,GAAgB,EAAE,CAAC;IAC5B,MAAM,CAAC,GAAG,CAAC,CAAC,OAAsB,CAAC;IACnC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,EAAE,CAAC;QACzB,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,CAAC,OAAO,EAAE,6BAA6B,CAAC,CAAC,CAAC;QAC3E,OAAO,GAAG,CAAC;IACb,CAAC;IACD,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;QACf,KAAK,QAAQ;YACX,IAAI,CAAC,CAAC,CAAC,KAAK;gBAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,yBAAyB,EAAE,CAAC,CAAC,OAAO,EAAE,iCAAiC,CAAC,CAAC,CAAC;YACrG,MAAM;QACR,KAAK,UAAU;YACb,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC;gBACnD,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,wBAAwB,EAAE,CAAC,CAAC,OAAO,EAAE,8CAA8C,CAAC,CAAC,CAAC;YACrG,IAAI,CAAC,CAAC,QAAQ,KAAK,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,IAAI;gBAC7C,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,2BAA2B,EAAE,CAAC,CAAC,OAAO,EAAE,iDAAiD,CAAC,CAAC,CAAC;YAC3G,MAAM;QACR,KAAK,YAAY;YACf,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK;gBAClC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,+BAA+B,EAAE,CAAC,CAAC,OAAO,EAAE,+CAA+C,CAAC,CAAC,CAAC;YAC7G,MAAM;QACR,KAAK,aAAa;YAChB,IAAI,CAAC,CAAC,CAAC,QAAQ;gBACb,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,iCAAiC,EAAE,CAAC,CAAC,OAAO,EAAE,yCAAyC,CAAC,CAAC,CAAC;YACzG,MAAM;QACR,KAAK,QAAQ;YACX,MAAM;QACR;YACE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,sBAAsB,EAAE,CAAC,CAAC,OAAO,EAAE,yBAA0B,CAAsB,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC;IAC/G,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;QACb,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM;YAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,CAAC,OAAO,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAC7F,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG;YAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE,qBAAqB,CAAC,CAAC,CAAC;IACtF,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB,CAAC,CAAmB;IACrD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;IAC9C,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,mDAAmD,CAAC,CAAC,CAAC;IAC7F,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,yFAAyF;AACzF,SAAgB,wBAAwB,CAAC,CAAmB;IAC1D,IAAI,CAAC,CAAC,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAgB,EAAE,CAAC;IAC5B,MAAM,CAAC,GAAG,CAAC,CAAC,OAAsB,CAAC;IACnC,IAAI,CAAC,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;QAC3B,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,uBAAuB,EAAE,CAAC,CAAC,OAAO,EAAE,oDAAoD,CAAC,CAAC,CAAC;QACzG,OAAO,GAAG,CAAC;IACb,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QACrE,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1B,GAAG,CAAC,IAAI,CACN,IAAI,CAAC,+BAA+B,EAAE,CAAC,CAAC,OAAO,EAAE,mBAAmB,CAAC,4BAA4B,CAAC,CACnG,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,iFAAiF;AAEjF;;;;;GAKG;AACH,SAAgB,eAAe,CAAC,SAA6B;IAC3D,MAAM,GAAG,GAAgB,EAAE,CAAC;IAC5B,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC,CAAC,8BAA8B;IACxE,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;QAC1B,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5D,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAC5C,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9C,CAAC;IACD,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,QAAQ;QAAE,IAAI,CAAC,GAAG,CAAC;YAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC,EAAE,YAAY,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC;IACjH,KAAK,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,MAAM;QAC3B,IAAI,CAAC,GAAG,CAAC;YAAE,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,gBAAgB,GAAG,cAAc,CAAC,GAAG,EAAE,CAAC,CAAC;IACnH,OAAO,GAAG,CAAC;AACb,CAAC;AAED,kFAAkF;AAClF,SAAgB,uBAAuB,CAAC,SAA6B;IACnE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1D,MAAM,GAAG,GAAgB,EAAE,CAAC;IAC5B,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;QAC1B,IAAI,CAAC,CAAC,CAAC,cAAc;YAAE,SAAS;QAChC,KAAK,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,EAAE,CAAC;YACjE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC1B,GAAG,CAAC,IAAI,CACN,IAAI,CACF,4BAA4B,EAC5B,CAAC,CAAC,OAAO,EACT,mBAAmB,OAAO,UAAU,MAAM,iDAAiD,CAC5F,CACF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,iFAAiF;AAEjF,SAAS,UAAU,CAAC,KAAgB;IAClC,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;AAClD,CAAC;AACD,SAAS,aAAa,CAAC,KAAgB;IACrC,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;AACvG,CAAC;AAED,0FAA0F;AAC1F,SAAgB,gBAAgB,CAAC,CAAmB,EAAE,IAAc;IAClE,MAAM,GAAG,GAAgB,EAAE,CAAC;IAC5B,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC,WAAW,oBAAoB,CAAC,CAAC,CAAC;QAC/F,OAAO,GAAG,CAAC,CAAC,0CAA0C;IACxD,CAAC;IACD,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;IACjC,MAAM,SAAS,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAEvC,2EAA2E;IAC3E,0EAA0E;IAC1E,2EAA2E;IAC3E,IAAI,CAAC,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC;QAC3B,MAAM,OAAO,GACX,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,WAAW,CAAC;QACtD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YACzB,GAAG,CAAC,IAAI,CACN,GAAG,CACD,0BAA0B,EAC1B,CAAC,CAAC,OAAO,EACT,2CAA2C,OAAO,+FAA+F,CAClJ,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,CAAC,GAAG,CAAC,CAAC,OAAsB,CAAC;IACnC,IAAI,CAAC,EAAE,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QAC5D,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,uBAAuB,EAAE,CAAC,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC,KAAK,gBAAgB,CAAC,CAAC,CAAC;IAC/F,CAAC;IACD,IAAI,CAAC,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;QAC3B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAC/B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;gBAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,uBAAuB,EAAE,CAAC,CAAC,OAAO,EAAE,mBAAmB,CAAC,gBAAgB,CAAC,CAAC,CAAC;QAC9G,CAAC;IACH,CAAC;IACD,IAAI,CAAC,EAAE,IAAI,KAAK,YAAY,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/D,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAAC,CAAC,OAAO,EAAE,4BAA4B,CAAC,CAAC,GAAG,gBAAgB,CAAC,CAAC,CAAC;IACrG,CAAC;IACD,IAAI,CAAC,EAAE,IAAI,KAAK,aAAa,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC5C,MAAM,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,8BAA8B,EAAE,CAAC,CAAC,OAAO,EAAE,yBAAyB,QAAQ,gBAAgB,CAAC,CAAC,CAAC;QAC9G,CAAC;IACH,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,IAAI,EAAE,EAAE,CAAC;QAClC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,yBAAyB,EAAE,CAAC,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC,KAAK,gBAAgB,CAAC,CAAC,CAAC;QACnG,CAAC;IACH,CAAC;IAED,0EAA0E;IAC1E,KAAK,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC;QAC/D,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ;YAAE,SAAS;QACxD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,QAAmC,CAAC,EAAE,CAAC;YACnE,IAAI,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YACxC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5C,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAAC,CAAC,OAAO,EAAE,SAAS,KAAK,uCAAuC,GAAG,GAAG,CAAC,CAAC,CAAC;YAC/G,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,uFAAuF;AACvF,SAAgB,aAAa,CAC3B,SAA6B,EAC7B,IAAc,EACd,SAAmB,EAAE;IAErB,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;IAC7D,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IAClC,MAAM,GAAG,GAAgB,EAAE,CAAC;IAC5B,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACrC,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QAC5D,IAAI,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QAChE,GAAG,CAAC,IAAI,CAAC;YACP,KAAK,EAAE,OAAO;YACd,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,UAAU,KAAK,CAAC,IAAI,kDAAkD;SAChF,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,iFAAiF;AAEjF,sFAAsF;AACtF,SAAgB,SAAS,CACvB,SAA6B,EAC7B,OAAqB,EAAE;IAEvB,MAAM,GAAG,GAAgB,EAAE,CAAC;IAC5B,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;QAC1B,GAAG,CAAC,IAAI,CACN,GAAG,YAAY,CAAC,CAAC,CAAC,EAClB,GAAG,eAAe,CAAC,CAAC,CAAC,EACrB,GAAG,aAAa,CAAC,CAAC,CAAC,EACnB,GAAG,cAAc,CAAC,CAAC,CAAC,EACpB,GAAG,4BAA4B,CAAC,CAAC,CAAC,EAClC,GAAG,iBAAiB,CAAC,CAAC,CAAC,EACvB,GAAG,mBAAmB,CAAC,CAAC,CAAC,EACzB,GAAG,wBAAwB,CAAC,CAAC,CAAC,CAC/B,CAAC;QACF,IAAI,IAAI,CAAC,IAAI;YAAE,GAAG,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7D,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC;IACxC,GAAG,CAAC,IAAI,CAAC,GAAG,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC;IAChD,IAAI,IAAI,CAAC,IAAI;QAAE,GAAG,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IAC7E,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAgB,SAAS,CAAC,UAAuB;IAC/C,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC,CAAC;AACrD,CAAC"}

package/dist/codegen/effective-actions.d.ts

@@ -0,0 +1,13 @@
+import type { ResourceManifest } from '../define-resource';
+/** Step 1 DEC-14: built-in CRUD + soft-delete + wildcard actions. */
+export declare const BUILTIN_ACTIONS: readonly ["create", "read", "update", "delete", "softDelete", "restore", "findDeleted", "manage"];
+export type BuiltinAction = (typeof BUILTIN_ACTIONS)[number];
+export declare function isBuiltinAction(action: string): boolean;
+/** Lifecycle transition verbs declared by the manifest (DEC-15). */
+export declare function lifecycleVerbs(m: ResourceManifest): string[];
+/**
+ * Declared actions ∪ lifecycle verbs, de-duplicated and sorted for deterministic
+ * codegen output (drift detection relies on stable ordering).
+ */
+export declare function effectiveActions(m: ResourceManifest): string[];
+//# sourceMappingURL=effective-actions.d.ts.map

package/dist/codegen/effective-actions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"effective-actions.d.ts","sourceRoot":"","sources":["../../src/codegen/effective-actions.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAE3D,qEAAqE;AACrE,eAAO,MAAM,eAAe,mGASlB,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,eAAe,CAAC,CAAC,MAAM,CAAC,CAAC;AAI7D,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAEvD;AAED,oEAAoE;AACpE,wBAAgB,cAAc,CAAC,CAAC,EAAE,gBAAgB,GAAG,MAAM,EAAE,CAG5D;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,CAAC,EAAE,gBAAgB,GAAG,MAAM,EAAE,CAI9D"}

package/dist/codegen/effective-actions.js

@@ -0,0 +1,44 @@
+"use strict";
+// Step 1 DEC-14/15: effective action set for a manifest.
+//
+// The effective actions a Subject supports = the declared `actions` UNION the
+// keys of `lifecycle.transitions` (DEC-15: the framework auto-adds lifecycle
+// verbs like `submit`/`approve`/`reject`). Used by codegen (`ActionFor<S>`)
+// and by the coherence check.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BUILTIN_ACTIONS = void 0;
+exports.isBuiltinAction = isBuiltinAction;
+exports.lifecycleVerbs = lifecycleVerbs;
+exports.effectiveActions = effectiveActions;
+/** Step 1 DEC-14: built-in CRUD + soft-delete + wildcard actions. */
+exports.BUILTIN_ACTIONS = [
+    'create',
+    'read',
+    'update',
+    'delete',
+    'softDelete',
+    'restore',
+    'findDeleted',
+    'manage',
+];
+const BUILTIN_SET = new Set(exports.BUILTIN_ACTIONS);
+function isBuiltinAction(action) {
+    return BUILTIN_SET.has(action);
+}
+/** Lifecycle transition verbs declared by the manifest (DEC-15). */
+function lifecycleVerbs(m) {
+    if (!m.lifecycle)
+        return [];
+    return Object.keys(m.lifecycle.transitions);
+}
+/**
+ * Declared actions ∪ lifecycle verbs, de-duplicated and sorted for deterministic
+ * codegen output (drift detection relies on stable ordering).
+ */
+function effectiveActions(m) {
+    const set = new Set(m.actions);
+    for (const verb of lifecycleVerbs(m))
+        set.add(verb);
+    return Array.from(set).sort();
+}
+//# sourceMappingURL=effective-actions.js.map

package/dist/codegen/effective-actions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"effective-actions.js","sourceRoot":"","sources":["../../src/codegen/effective-actions.ts"],"names":[],"mappings":";AAAA,yDAAyD;AACzD,EAAE;AACF,8EAA8E;AAC9E,6EAA6E;AAC7E,4EAA4E;AAC5E,8BAA8B;;;AAoB9B,0CAEC;AAGD,wCAGC;AAMD,4CAIC;AAlCD,qEAAqE;AACxD,QAAA,eAAe,GAAG;IAC7B,QAAQ;IACR,MAAM;IACN,QAAQ;IACR,QAAQ;IACR,YAAY;IACZ,SAAS;IACT,aAAa;IACb,QAAQ;CACA,CAAC;AAIX,MAAM,WAAW,GAAwB,IAAI,GAAG,CAAC,uBAAe,CAAC,CAAC;AAElE,SAAgB,eAAe,CAAC,MAAc;IAC5C,OAAO,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC;AAED,oEAAoE;AACpE,SAAgB,cAAc,CAAC,CAAmB;IAChD,IAAI,CAAC,CAAC,CAAC,SAAS;QAAE,OAAO,EAAE,CAAC;IAC5B,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;AAC9C,CAAC;AAED;;;GAGG;AACH,SAAgB,gBAAgB,CAAC,CAAmB;IAClD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAS,CAAC,CAAC,OAAO,CAAC,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,cAAc,CAAC,CAAC,CAAC;QAAE,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACpD,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;AAChC,CAAC"}