@generazioneai/authz 0.0.5 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/nest/internal-auth.interceptor.d.ts +9 -0
- package/dist/nest/internal-auth.interceptor.d.ts.map +1 -1
- package/dist/nest/internal-auth.interceptor.js +10 -1
- package/dist/nest/internal-auth.interceptor.js.map +1 -1
- package/dist/snapshot/snapshot.envelope.d.ts +10 -0
- package/dist/snapshot/snapshot.envelope.d.ts.map +1 -1
- package/dist/snapshot/snapshot.envelope.js.map +1 -1
- package/package.json +1 -1
|
@@ -28,6 +28,15 @@ export interface InternalAuthOptions {
|
|
|
28
28
|
*/
|
|
29
29
|
snapshotStore?: SnapshotFetcher;
|
|
30
30
|
hydrate?: (rules: AbilityRule[]) => AuthzContext['ability'];
|
|
31
|
+
/**
|
|
32
|
+
* Cross-service substitution (optional). When the envelope carries raw `grants` and
|
|
33
|
+
* both `buildRules` (buildRulesFromGrants) and this service's `registry` are provided,
|
|
34
|
+
* scope templates are re-substituted with the LOCAL registry — so this service scopes
|
|
35
|
+
* subjects the builder (skillID) doesn't own. Falls back to the envelope's pre-built
|
|
36
|
+
* `rules` when absent. `buildRules`/`registry` are injected to avoid a static dep.
|
|
37
|
+
*/
|
|
38
|
+
buildRules?: (grants: unknown[], registry: unknown, ctx: AuthzContext) => AbilityRule[];
|
|
39
|
+
registry?: unknown;
|
|
31
40
|
}
|
|
32
41
|
export declare class InternalAuthInterceptor implements NestInterceptor {
|
|
33
42
|
private readonly opts;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"internal-auth.interceptor.d.ts","sourceRoot":"","sources":["../../src/nest/internal-auth.interceptor.ts"],"names":[],"mappings":"AAcA,OAAO,EAGL,KAAK,WAAW,EAChB,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACrB,MAAM,gBAAgB,CAAC;AAExB,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAuB,MAAM,MAAM,CAAC;AAGvD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAOL,KAAK,eAAe,EACrB,MAAM,wBAAwB,CAAC;AAChC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,KAAK,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AAGnF,MAAM,MAAM,gBAAgB,GAAG,KAAK,GAAG,QAAQ,GAAG,SAAS,CAAC;AAE5D,kEAAkE;AAClE,MAAM,WAAW,eAAe;IAC9B,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC;CAC/D;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,eAAe,CAAC;IACtB,MAAM,EAAE,WAAW,CAAC;IACpB,0DAA0D;IAC1D,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,SAAS,CAAC;IACrB,qEAAqE;IACrE,IAAI,CAAC,EAAE,gBAAgB,CAAC;IACxB,oEAAoE;IACpE,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;;;;OAKG;IACH,aAAa,CAAC,EAAE,eAAe,CAAC;IAChC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,WAAW,EAAE,KAAK,YAAY,CAAC,SAAS,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"internal-auth.interceptor.d.ts","sourceRoot":"","sources":["../../src/nest/internal-auth.interceptor.ts"],"names":[],"mappings":"AAcA,OAAO,EAGL,KAAK,WAAW,EAChB,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACrB,MAAM,gBAAgB,CAAC;AAExB,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAuB,MAAM,MAAM,CAAC;AAGvD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAOL,KAAK,eAAe,EACrB,MAAM,wBAAwB,CAAC;AAChC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,KAAK,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AAGnF,MAAM,MAAM,gBAAgB,GAAG,KAAK,GAAG,QAAQ,GAAG,SAAS,CAAC;AAE5D,kEAAkE;AAClE,MAAM,WAAW,eAAe;IAC9B,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC;CAC/D;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,eAAe,CAAC;IACtB,MAAM,EAAE,WAAW,CAAC;IACpB,0DAA0D;IAC1D,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,SAAS,CAAC;IACrB,qEAAqE;IACrE,IAAI,CAAC,EAAE,gBAAgB,CAAC;IACxB,oEAAoE;IACpE,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;;;;OAKG;IACH,aAAa,CAAC,EAAE,eAAe,CAAC;IAChC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,WAAW,EAAE,KAAK,YAAY,CAAC,SAAS,CAAC,CAAC;IAC5D;;;;;;OAMG;IACH,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,EAAE,YAAY,KAAK,WAAW,EAAE,CAAC;IACxF,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AA8BD,qBACa,uBAAwB,YAAW,eAAe;IAIjD,OAAO,CAAC,QAAQ,CAAC,IAAI;IAHjC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA8B;IACrD,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAmB;gBAEX,IAAI,EAAE,mBAAmB;IAKtD,SAAS,CAAC,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC;IAgC5E,yFAAyF;YAC3E,MAAM;IAqCpB;;;;OAIG;YACW,eAAe;IA+B7B,OAAO,CAAC,UAAU;IAKlB,OAAO,CAAC,aAAa;CAItB"}
|
|
@@ -154,9 +154,18 @@ let InternalAuthInterceptor = class InternalAuthInterceptor {
|
|
|
154
154
|
throw new internal_token_1.InternalAuthError('hash', 'permHash mismatch (snapshot rebuilt/revoked)');
|
|
155
155
|
this.logger.warn(`shadow: permHash mismatch snap='${claims.snap}'`);
|
|
156
156
|
}
|
|
157
|
-
ctx.ability = this.opts.hydrate(env.rules);
|
|
158
157
|
ctx.connected = env.connected;
|
|
159
158
|
ctx.accreditedAs = env.accreditedAs;
|
|
159
|
+
if (env.individualId !== undefined)
|
|
160
|
+
ctx.individualId = env.individualId;
|
|
161
|
+
if (env.juridicalIndividualId !== undefined)
|
|
162
|
+
ctx.juridicalIndividualId = env.juridicalIndividualId;
|
|
163
|
+
// Cross-service: re-substitute scope templates with the LOCAL registry when grants
|
|
164
|
+
// are available; otherwise use the builder's pre-substituted rules (same-service).
|
|
165
|
+
const rules = env.grants && this.opts.buildRules && this.opts.registry
|
|
166
|
+
? this.opts.buildRules(env.grants, this.opts.registry, ctx)
|
|
167
|
+
: env.rules;
|
|
168
|
+
ctx.ability = this.opts.hydrate(rules);
|
|
160
169
|
}
|
|
161
170
|
stripToken(context) {
|
|
162
171
|
const data = context.switchToRpc().getData();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"internal-auth.interceptor.js","sourceRoot":"","sources":["../../src/nest/internal-auth.interceptor.ts"],"names":[],"mappings":";AAAA,uFAAuF;AACvF,yFAAyF;AACzF,eAAe;AACf,EAAE;AACF,mDAAmD;AACnD,qGAAqG;AACrG,EAAE;AACF,6DAA6D;AAC7D,0FAA0F;AAC1F,8FAA8F;AAC9F,0FAA0F;AAC1F,4EAA4E;AAC5E,8FAA8F;;;;;;;;;;;;AAE9F,2CAMwB;AACxB,yDAAqD;AAErD,+BAAuD;AACvD,8CAA0C;AAC1C,wCAA0C;AAE1C,2DAQgC;AAGhC,iFAAwE;
|
|
1
|
+
{"version":3,"file":"internal-auth.interceptor.js","sourceRoot":"","sources":["../../src/nest/internal-auth.interceptor.ts"],"names":[],"mappings":";AAAA,uFAAuF;AACvF,yFAAyF;AACzF,eAAe;AACf,EAAE;AACF,mDAAmD;AACnD,qGAAqG;AACrG,EAAE;AACF,6DAA6D;AAC7D,0FAA0F;AAC1F,8FAA8F;AAC9F,0FAA0F;AAC1F,4EAA4E;AAC5E,8FAA8F;;;;;;;;;;;;AAE9F,2CAMwB;AACxB,yDAAqD;AAErD,+BAAuD;AACvD,8CAA0C;AAC1C,wCAA0C;AAE1C,2DAQgC;AAGhC,iFAAwE;AAsCxE,SAAS,YAAY,CAAC,OAA2B;IAC/C,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAC/B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;YAAE,OAAO,MAAM,CAAC,GAAG,CAAC;IAClE,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;IAClC,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,eAAe,CAAC,MAAsB;IAC7C,OAAO;QACL,MAAM,EAAE,MAAM,CAAC,GAAG;QAClB,qBAAqB,EAAE,MAAM,CAAC,EAAE;QAChC,QAAQ,EAAE,MAAM,CAAC,GAAG;QACpB,MAAM,EAAE,MAAM,CAAC,IAAI;QACnB,QAAQ,EAAE,MAAM,CAAC,EAAE;QACnB,+EAA+E;QAC/E,SAAS,EAAE,EAAE,iBAAiB,EAAE,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAE,0BAA0B,EAAE,EAAE,EAAE;QAC1F,YAAY,EAAE;YACZ,QAAQ,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAE,oBAAoB,EAAE,EAAE,EAAE;YAC5D,QAAQ,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAE,oBAAoB,EAAE,EAAE,EAAE;SAC7D;QACD,OAAO,EAAE,IAA0C;KACpD,CAAC;AACJ,CAAC;AAGM,IAAM,uBAAuB,GAA7B,MAAM,uBAAuB;IAIlC,YAA6B,IAAyB;QAAzB,SAAI,GAAJ,IAAI,CAAqB;QAHrC,WAAM,GAAG,IAAI,eAAM,CAAC,cAAc,CAAC,CAAC;QAInD,IAAI,CAAC,IAAI;YACP,IAAI,CAAC,IAAI,IAAK,OAAO,CAAC,GAAG,CAAC,wBAA6C,IAAI,KAAK,CAAC;IACrF,CAAC;IAED,SAAS,CAAC,OAAyB,EAAE,IAAiB;QACpD,IAAI,OAAO,CAAC,OAAO,EAAE,KAAK,KAAK;YAAE,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,aAAa;QAEpE,IAAI,IAAI,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YACxB,yEAAyE;YACzE,gFAAgF;YAChF,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YACzB,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAU,qDAAsB,EAAE;YAClF,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACnB,CAAC,CAAC;QACH,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YACzB,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,CAAC;QAED,OAAO,IAAA,WAAI,EAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CACpC,IAAA,oBAAQ,EAAC,CAAC,OAAO,EAAE,EAAE,CACnB,OAAO;YACL,CAAC,CAAC,2EAA2E;gBAC3E,0EAA0E;gBAC1E,2EAA2E;gBAC3E,8EAA8E;gBAC9E,IAAA,WAAI,EAAC,cAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,IAAA,oBAAa,EAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACjE,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,CAClB,CACF,CAAC;IACJ,CAAC;IAED,yFAAyF;IACjF,KAAK,CAAC,MAAM,CAAC,OAAyB;QAC5C,MAAM,GAAG,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,EAAyC,CAAC;QAClE,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;QAElD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,IAAK,IAAI,CAAC,mCAAkB,CAAwB,CAAC;YACrE,IAAI,CAAC,GAAG;gBAAE,MAAM,IAAI,kCAAiB,CAAC,SAAS,EAAE,4BAA4B,CAAC,CAAC;YAE/E,MAAM,MAAM,GAAG,MAAM,IAAA,oCAAmB,EAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAErF,OAAQ,IAAgC,CAAC,mCAAkB,CAAC,CAAC;YAC7D,IAAA,+BAAc,EAAC,MAAM,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;YACnC,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,KAAK,KAAK,IAAI,GAAG;gBAAE,IAAA,0BAAS,EAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YAEjE,IAAI,KAAc,CAAC;YACnB,IAAI,CAAC;gBACH,KAAK,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACvD,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,IAAI,kCAAiB,CAAC,SAAS,EAAE,+BAAgC,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAChG,CAAC;YACD,IAAI,CAAC,KAAK;gBAAE,MAAM,IAAI,kCAAiB,CAAC,QAAQ,EAAE,QAAQ,MAAM,CAAC,GAAG,gBAAgB,CAAC,CAAC;YAEtF,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;YACxC,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC5C,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,MAAM,GAAG,CAAC,YAAY,kCAAiB,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;YACjE,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAC3B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sBAAsB,MAAM,SAAS,GAAG,IAAI,GAAG,KAAM,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC7F,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,qCAAqC;gBAC/D,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,IAAI,4BAAY,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,OAAO,EAAG,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3F,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,eAAe,CAAC,GAAiB,EAAE,MAAsB;QACrE,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO,CAAC,sBAAsB;QAClF,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YACjB,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;gBAAE,MAAM,IAAI,kCAAiB,CAAC,SAAS,EAAE,yBAAyB,CAAC,CAAC;YAC/F,OAAO;QACT,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACnE,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;gBAAE,MAAM,IAAI,kCAAiB,CAAC,SAAS,EAAE,aAAa,MAAM,CAAC,IAAI,+BAA+B,CAAC,CAAC;YAC7H,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,qBAAqB,MAAM,CAAC,IAAI,gCAAgC,CAAC,CAAC;YACnF,OAAO;QACT,CAAC;QACD,IAAI,MAAM,CAAC,EAAE,IAAI,GAAG,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,EAAE,CAAC;YAC5C,iEAAiE;YACjE,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;gBAAE,MAAM,IAAI,kCAAiB,CAAC,MAAM,EAAE,8CAA8C,CAAC,CAAC;YACjH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mCAAmC,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC;QACtE,CAAC;QACD,GAAG,CAAC,SAAS,GAAG,GAAG,CAAC,SAAS,CAAC;QAC9B,GAAG,CAAC,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC;QACpC,IAAI,GAAG,CAAC,YAAY,KAAK,SAAS;YAAE,GAAG,CAAC,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC;QACxE,IAAI,GAAG,CAAC,qBAAqB,KAAK,SAAS;YAAE,GAAG,CAAC,qBAAqB,GAAG,GAAG,CAAC,qBAAqB,CAAC;QAEnG,mFAAmF;QACnF,mFAAmF;QACnF,MAAM,KAAK,GACT,GAAG,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ;YACtD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC;YAC3D,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC;QAChB,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACzC,CAAC;IAEO,UAAU,CAAC,OAAyB;QAC1C,MAAM,IAAI,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,OAAO,EAAyC,CAAC;QACpF,IAAI,IAAI,IAAI,mCAAkB,IAAI,IAAI;YAAE,OAAO,IAAI,CAAC,mCAAkB,CAAC,CAAC;IAC1E,CAAC;IAEO,aAAa,CAAC,GAAgD;QACpE,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,EAA+C,CAAC;QAC1E,OAAO,OAAO,GAAG,EAAE,UAAU,KAAK,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9E,CAAC;CACF,CAAA;AA5HY,0DAAuB;kCAAvB,uBAAuB;IADnC,IAAA,mBAAU,GAAE;;GACA,uBAAuB,CA4HnC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import type { AccreditedAs, ConnectedEdges } from '../context/authz-context';
|
|
2
|
+
import type { Grant } from './ability-builder';
|
|
2
3
|
export declare const SNAPSHOT_SCHEMA_VERSION = 1;
|
|
3
4
|
/** A serialized CASL rule (post $ctx-substitution). Shape accepted by createPrismaAbility. */
|
|
4
5
|
export interface AbilityRule {
|
|
@@ -22,7 +23,16 @@ export interface SnapshotEnvelope {
|
|
|
22
23
|
permHash: string;
|
|
23
24
|
/** epoch ms — drives refresh-ahead (DEC-S4.30). */
|
|
24
25
|
builtAt: number;
|
|
26
|
+
/** Rules pre-substituted by the BUILDER's registry (skillID). Fast path for same-service. */
|
|
25
27
|
rules: AbilityRule[];
|
|
28
|
+
/**
|
|
29
|
+
* Raw grants (action × subject × scope) — let a downstream service re-substitute scope
|
|
30
|
+
* templates with ITS OWN registry, so it can scope subjects the builder doesn't own
|
|
31
|
+
* (cross-service correctness). Builder also stores the ctx scalars needed for that.
|
|
32
|
+
*/
|
|
33
|
+
grants?: Grant[];
|
|
34
|
+
individualId?: string;
|
|
35
|
+
juridicalIndividualId?: string;
|
|
26
36
|
connected: ConnectedEdges;
|
|
27
37
|
accreditedAs: AccreditedAs;
|
|
28
38
|
/** Set when the rules blob was lz4-compressed (DEC-S4.27). Day-1: null. */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"snapshot.envelope.d.ts","sourceRoot":"","sources":["../../src/snapshot/snapshot.envelope.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;
|
|
1
|
+
{"version":3,"file":"snapshot.envelope.d.ts","sourceRoot":"","sources":["../../src/snapshot/snapshot.envelope.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC7E,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAC;AAE/C,eAAO,MAAM,uBAAuB,IAAI,CAAC;AAEzC,8FAA8F;AAC9F,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,2EAA2E;IAC3E,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,+EAA+E;IAC/E,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,0CAA0C;IAC1C,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,8EAA8E;IAC9E,QAAQ,EAAE,MAAM,CAAC;IACjB,mDAAmD;IACnD,OAAO,EAAE,MAAM,CAAC;IAChB,6FAA6F;IAC7F,KAAK,EAAE,WAAW,EAAE,CAAC;IACrB;;;;OAIG;IACH,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,SAAS,EAAE,cAAc,CAAC;IAC1B,YAAY,EAAE,YAAY,CAAC;IAC3B,2EAA2E;IAC3E,UAAU,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC;CAC3B;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,MAAM,EAAE,MAAM,EACd,iBAAiB,EAAE,MAAM,GAAG,SAAS,EACrC,SAAS,EAAE,MAAM,GAChB,MAAM,CAMR"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"snapshot.envelope.js","sourceRoot":"","sources":["../../src/snapshot/snapshot.envelope.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"snapshot.envelope.js","sourceRoot":"","sources":["../../src/snapshot/snapshot.envelope.ts"],"names":[],"mappings":";;;AAsDA,sCAUC;AAhED,wEAAwE;AACxE,EAAE;AACF,wFAAwF;AACxF,yFAAyF;AACzF,6DAA6D;AAC7D,6CAAyC;AAI5B,QAAA,uBAAuB,GAAG,CAAC,CAAC;AAyCzC;;;GAGG;AACH,SAAgB,aAAa,CAC3B,MAAc,EACd,iBAAqC,EACrC,SAAiB;IAEjB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAC5C,OAAO,IAAA,wBAAU,EAAC,QAAQ,CAAC;SACxB,MAAM,CAAC,GAAG,MAAM,IAAI,iBAAiB,IAAI,EAAE,IAAI,MAAM,EAAE,CAAC;SACxD,MAAM,CAAC,KAAK,CAAC;SACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAClB,CAAC"}
|