@guildeducationinc/benefits-admin-policy-sdk 1.1.0

package/dist/clients/policy-client.js

@@ -0,0 +1,427 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PolicyClient = void 0;
+const client_ssm_1 = require("@aws-sdk/client-ssm");
+const client_sts_1 = require("@aws-sdk/client-sts");
+const s3_adapter_1 = require("../adapters/s3-adapter");
+const constants_1 = require("../constants");
+const errors_1 = require("../errors");
+/**
+ * Client for retrieving Policy documents from S3 storage.
+ *
+ * Provides methods to list policies for employers and retrieve policy versions
+ * from S3 storage. Automatically handles AWS credential management and S3
+ * client configuration with TTL-based caching.
+ *
+ * @example
+ * ```typescript
+ * // Create a client instance
+ * const client = new PolicyClient();
+ *
+ * // List all policies for an employer
+ * const policyUris = await client.listPolicies('employer-uuid');
+ *
+ * // Retrieve a specific policy version by URI
+ * const policyVersion = await client.retrievePolicyVersion('path/to/policy.json');
+ *
+ * // Retrieve the current active policy version
+ * const currentPolicy = await client.retrieveCurrentPolicyVersion('policy-uuid');
+ *
+ * // Retrieve policy version as of a specific date
+ * const historicalPolicy = await client.retrieveCurrentPolicyVersion('policy-uuid', '2025-01-15');
+ * ```
+ */
+class PolicyClient {
+    constructor() {
+        this.s3Adapter = null;
+        this.s3AdapterExpiresAt = 0;
+        this.bucketName = null;
+        this.policyUriPrefix = null;
+        this.policyUriPrefixExpiresAt = 0;
+        this.region = constants_1.DEFAULT_REGION;
+        // Validate STAGE environment variable early
+        this.getBucketName();
+    }
+    /**
+     * Get the AWS region
+     */
+    getRegion() {
+        return this.region;
+    }
+    // ============================================================================
+    // Public API Methods
+    // ============================================================================
+    /**
+     * List all policy URIs for a given employer.
+     *
+     * @param employerId - The UUID of the employer to list policies for
+     * @returns A list of full S3 URIs for all policies under the given employer
+     */
+    async listPolicies(employerId) {
+        const policyUriPrefix = await this.getPolicyUriPrefix();
+        const prefix = `${policyUriPrefix}/employers/${employerId}/policies/`;
+        const bucketName = this.getBucketName();
+        const s3Client = await this.getS3Client();
+        const keys = await s3Client.listAllUrisByPrefix(prefix);
+        return keys.map((key) => `s3://${bucketName}/${key}`);
+    }
+    /**
+     * Retrieve a PolicyVersion from S3 using the given URI.
+     *
+     * @param uri - The S3 URI or resource path for the PolicyVersion. Can be:
+     *   - Full S3 URI (e.g., "s3://bucket/path/file.json")
+     *   - Relative resource path (e.g., "path/to/policy.json")
+     *
+     * @returns The deserialized PolicyVersion object
+     *
+     * @throws PolicySdkConfigurationError - If the uri format is invalid
+     * @throws PolicyVersionNotFoundError - If the PolicyVersion resource is not found
+     * @throws PolicyVersionDeserializationError - If the JSON cannot be deserialized
+     */
+    async retrievePolicyVersion(uri) {
+        // Fast-fail validation
+        const resourcePath = this.validatePolicyVersionUri(uri);
+        const s3Client = await this.getS3Client();
+        const policyVersionJson = await s3Client.retrieveObject(resourcePath);
+        if (!policyVersionJson) {
+            throw new errors_1.PolicyVersionNotFoundError(uri);
+        }
+        return this.deserializePolicyVersion(policyVersionJson);
+    }
+    /**
+     * Retrieve the most recent active PolicyVersion for a given policy.
+     *
+     * This function finds the most recently published policy version for the specified date.
+     * If no date is provided, it defaults to the current "coverage day" (4am ET - 4am ET).
+     * If no policy version exists for the target date, it finds the most recently published
+     * version prior to that date.
+     *
+     * @param policyId - The policy identifier, which can be:
+     *   - UUID string (e.g., "a1b2c3d4-e5f6-7a8b-9c0d-1e2f3a4b5c6d")
+     *   - Full S3 URI (e.g., "s3://{bucket}/{dataset}/employers/{employer_id}/policies/{policy_uuid}.json")
+     *   - Relative resource path (e.g., "{dataset}/employers/{employer_id}/policies/{policy_uuid}.json")
+     *
+     * @param asOf - Optional date to use when finding the current policy version.
+     *   Can be a Date object or a date string in 'YYYY-MM-DD' format.
+     *   Defaults to the current coverage day (4am ET - 4am ET) if not provided.
+     *
+     * @returns The most recent active PolicyVersion for the specified date
+     *
+     * @throws PolicyVersionNotFoundError - If no active policy version is found
+     * @throws PolicyVersionDeserializationError - If the JSON cannot be deserialized
+     * @throws PolicySdkConfigurationError - If the policy_id or as_of format is invalid
+     */
+    async retrieveCurrentPolicyVersion(policyId, asOf) {
+        // Parse inputs
+        const { uuid: policyUuid, datasetPrefix: extractedDatasetPrefix } = this.parsePolicyId(policyId);
+        const targetDate = this.parseAsOfDate(asOf);
+        // Determine dataset prefix (use extracted or fetch from SSM)
+        const datasetPrefix = extractedDatasetPrefix ?? (await this.getPolicyUriPrefix());
+        // List all policy version keys
+        const basePrefix = `${datasetPrefix}/policies/${policyUuid}/active/`;
+        const s3Client = await this.getS3Client();
+        const allKeys = await s3Client.listAllUrisByPrefix(basePrefix);
+        if (allKeys.length === 0) {
+            throw new errors_1.PolicyVersionNotFoundError(`No active policy versions found for policy ${policyUuid}`);
+        }
+        // Filter versions by date
+        const validKeys = this.filterPolicyVersionsByDate(allKeys, targetDate);
+        if (validKeys.length === 0) {
+            throw new errors_1.PolicyVersionNotFoundError(`No active policy versions found for policy ${policyUuid} on or before ${this.formatDate(targetDate)}`);
+        }
+        // Get the most recent version (sort by date descending)
+        validKeys.sort((a, b) => b.date.getTime() - a.date.getTime());
+        const mostRecentKey = validKeys[0].key;
+        // Retrieve and return
+        const policyVersionJson = await s3Client.retrieveObject(mostRecentKey);
+        if (!policyVersionJson) {
+            throw new errors_1.PolicyVersionNotFoundError(mostRecentKey);
+        }
+        return this.deserializePolicyVersion(policyVersionJson);
+    }
+    // ============================================================================
+    // AWS Credential Management
+    // ============================================================================
+    /**
+     * Get the S3 bucket name based on the STAGE environment variable
+     */
+    getBucketName() {
+        if (this.bucketName) {
+            return this.bucketName;
+        }
+        const stage = process.env['STAGE'];
+        if (!stage) {
+            throw new errors_1.PolicySdkConfigurationError('STAGE env var must be set to determine S3 bucket');
+        }
+        this.bucketName = `${constants_1.POLICY_BUCKET_NAME_PREFIX}-${stage}`;
+        return this.bucketName;
+    }
+    /**
+     * Get the BA consumer role ARN from SSM parameter store
+     */
+    async getConsumerRoleArn() {
+        try {
+            const ssmClient = new client_ssm_1.SSMClient({ region: this.region });
+            const command = new client_ssm_1.GetParameterCommand({
+                Name: constants_1.BA_CONSUMER_ROLE_PARAMETER_NAME,
+                WithDecryption: false,
+            });
+            const response = await ssmClient.send(command);
+            const value = response.Parameter?.Value;
+            if (!value) {
+                throw new errors_1.PolicySdkAwsError(`SSM parameter ${constants_1.BA_CONSUMER_ROLE_PARAMETER_NAME} not found or has no value`);
+            }
+            return value;
+        }
+        catch (error) {
+            if (error instanceof Error && error.message.includes('AccessDenied')) {
+                throw new errors_1.PolicySdkSsmParameterAccessError(constants_1.BA_CONSUMER_ROLE_PARAMETER_NAME, undefined, error);
+            }
+            throw new errors_1.PolicySdkAwsError(`Failed to get BA consumer role ARN from SSM: ${error instanceof Error ? error.message : 'Unknown error'}`, error instanceof Error ? error : undefined);
+        }
+    }
+    /**
+     * Assume the BA consumer role using STS
+     */
+    async assumeRole(roleArn) {
+        try {
+            const stsClient = new client_sts_1.STSClient({ region: this.region });
+            const command = new client_sts_1.AssumeRoleCommand({
+                RoleArn: roleArn,
+                RoleSessionName: constants_1.ROLE_SESSION_NAME,
+                DurationSeconds: 3600, // 1 hour
+            });
+            const response = await stsClient.send(command);
+            const credentials = response.Credentials;
+            if (!credentials?.AccessKeyId ||
+                !credentials?.SecretAccessKey ||
+                !credentials?.SessionToken) {
+                throw new errors_1.PolicySdkAwsError('Failed to obtain valid credentials from STS');
+            }
+            return {
+                accessKeyId: credentials.AccessKeyId,
+                secretAccessKey: credentials.SecretAccessKey,
+                sessionToken: credentials.SessionToken,
+            };
+        }
+        catch (error) {
+            if (error instanceof errors_1.PolicySdkAwsError) {
+                throw error;
+            }
+            throw new errors_1.PolicySdkAwsError(`Failed to assume role ${roleArn}: ${error instanceof Error ? error.message : 'Unknown error'}`, error instanceof Error ? error : undefined);
+        }
+    }
+    /**
+     * Get or create the S3 adapter with caching
+     */
+    async getS3Client() {
+        const now = Date.now();
+        // Return cached client if still valid
+        if (this.s3Adapter && this.s3AdapterExpiresAt > now) {
+            return this.s3Adapter;
+        }
+        const bucketName = this.getBucketName();
+        const roleArn = await this.getConsumerRoleArn();
+        const credentials = await this.assumeRole(roleArn);
+        this.s3Adapter = new s3_adapter_1.S3Adapter(bucketName, this.region, credentials);
+        this.s3AdapterExpiresAt = now + constants_1.S3_CLIENT_TTL_MS;
+        return this.s3Adapter;
+    }
+    /**
+     * Get the policy URI prefix from SSM Parameter Store
+     */
+    async getPolicyUriPrefix() {
+        const now = Date.now();
+        const TTL_MS = 120 * 1000; // 2 minutes
+        // Return cached value if still valid
+        if (this.policyUriPrefix && this.policyUriPrefixExpiresAt > now) {
+            return this.policyUriPrefix;
+        }
+        try {
+            const ssmClient = new client_ssm_1.SSMClient({ region: this.region });
+            const command = new client_ssm_1.GetParameterCommand({
+                Name: constants_1.POLICY_URI_PREFIX_PARAMETER_NAME,
+                WithDecryption: false,
+            });
+            const response = await ssmClient.send(command);
+            const value = response.Parameter?.Value;
+            if (!value) {
+                throw new errors_1.PolicySdkAwsError(`SSM parameter ${constants_1.POLICY_URI_PREFIX_PARAMETER_NAME} not found or has no value`);
+            }
+            this.policyUriPrefix = value;
+            this.policyUriPrefixExpiresAt = now + TTL_MS;
+            return value;
+        }
+        catch (error) {
+            if (error instanceof Error && error.message.includes('AccessDenied')) {
+                throw new errors_1.PolicySdkSsmParameterAccessError(constants_1.POLICY_URI_PREFIX_PARAMETER_NAME, undefined, error);
+            }
+            throw new errors_1.PolicySdkAwsError(`Failed to get policy URI prefix from SSM: ${error instanceof Error ? error.message : 'Unknown error'}`, error instanceof Error ? error : undefined);
+        }
+    }
+    // ============================================================================
+    // Helper Methods
+    // ============================================================================
+    /**
+     * Get the current coverage day based on ET timezone.
+     *
+     * A "coverage day" runs from 4am ET to 4am ET the next calendar day.
+     * This prevents timezone-related edge cases where UTC midnight doesn't align
+     * with business operations.
+     */
+    getCoverageDay() {
+        const now = new Date();
+        const etFormatter = new Intl.DateTimeFormat('en-US', {
+            timeZone: 'America/New_York',
+            year: 'numeric',
+            month: '2-digit',
+            day: '2-digit',
+            hour: '2-digit',
+            hour12: false,
+        });
+        const parts = etFormatter.formatToParts(now);
+        const year = parseInt(parts.find((p) => p.type === 'year')?.value || '0', 10);
+        const month = parseInt(parts.find((p) => p.type === 'month')?.value || '0', 10);
+        const day = parseInt(parts.find((p) => p.type === 'day')?.value || '0', 10);
+        const hour = parseInt(parts.find((p) => p.type === 'hour')?.value || '0', 10);
+        const coverageDate = new Date(year, month - 1, day);
+        // If it's before 4am ET, the coverage day is the previous calendar day
+        if (hour < 4) {
+            coverageDate.setDate(coverageDate.getDate() - 1);
+        }
+        return coverageDate;
+    }
+    /**
+     * Format a date as YYYY-MM-DD string
+     */
+    formatDate(date) {
+        const year = date.getFullYear();
+        const month = String(date.getMonth() + 1).padStart(2, '0');
+        const day = String(date.getDate()).padStart(2, '0');
+        return `${year}-${month}-${day}`;
+    }
+    /**
+     * Parse a date string or Date object into a Date
+     */
+    parseAsOfDate(asOf) {
+        if (asOf === null || asOf === undefined) {
+            return this.getCoverageDay();
+        }
+        if (asOf instanceof Date) {
+            return asOf;
+        }
+        if (typeof asOf === 'string') {
+            const match = /^(\d{4})-(\d{2})-(\d{2})$/.exec(asOf);
+            if (!match) {
+                throw new errors_1.PolicySdkConfigurationError(`Invalid date format for as_of. Expected 'YYYY-MM-DD', got: ${asOf}`);
+            }
+            const [, yearStr, monthStr, dayStr] = match;
+            return new Date(parseInt(yearStr, 10), parseInt(monthStr, 10) - 1, parseInt(dayStr, 10));
+        }
+        throw new errors_1.PolicySdkConfigurationError(`Invalid type for as_of. Expected Date or string, got: ${typeof asOf}`);
+    }
+    /**
+     * Validate and convert a policy version URI to a resource path
+     */
+    validatePolicyVersionUri(uri) {
+        if (typeof uri !== 'string') {
+            throw new errors_1.PolicySdkConfigurationError(`Invalid uri type. Expected string, got: ${typeof uri}`);
+        }
+        if (!uri.includes('/')) {
+            throw new errors_1.PolicySdkConfigurationError(`Invalid uri format. Expected S3 URI (s3://bucket/path) or ` +
+                `resource path (path/to/file.json), got: ${uri}`);
+        }
+        const bucketName = this.getBucketName();
+        const s3BucketPrefix = `s3://${bucketName}/`;
+        if (uri.startsWith('s3://')) {
+            if (!uri.startsWith(s3BucketPrefix)) {
+                throw new errors_1.PolicySdkConfigurationError(`S3 URI must be for bucket ${bucketName}, got: ${uri}`);
+            }
+            return uri.substring(s3BucketPrefix.length);
+        }
+        return uri;
+    }
+    /**
+     * Parse policy_id and extract UUID and optional dataset prefix
+     */
+    parsePolicyId(policyId) {
+        const bucketName = this.getBucketName();
+        const s3BucketPrefix = `s3://${bucketName}/`;
+        if (policyId.startsWith('s3://')) {
+            if (!policyId.startsWith(s3BucketPrefix)) {
+                throw new errors_1.PolicySdkConfigurationError(`S3 URI must be for bucket ${bucketName}, got: ${policyId}`);
+            }
+            const resourcePath = policyId.substring(s3BucketPrefix.length);
+            return this.extractDatasetAndUuid(resourcePath);
+        }
+        else if (policyId.includes('/')) {
+            return this.extractDatasetAndUuid(policyId);
+        }
+        else {
+            const uuidRegex = /^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/i;
+            if (!uuidRegex.test(policyId)) {
+                throw new errors_1.PolicySdkConfigurationError(`Invalid policy_id format. Must be a UUID, S3 URI, or ` +
+                    `resource path, got: ${policyId}`);
+            }
+            return { uuid: policyId, datasetPrefix: null };
+        }
+    }
+    /**
+     * Extract dataset prefix and UUID from a resource path
+     */
+    extractDatasetAndUuid(resourcePath) {
+        const uriPattern = /^([^/]+)\/employers\/[a-f0-9-]+\/policies\/([a-f0-9-]+)\.json$/i;
+        const match = uriPattern.exec(resourcePath);
+        if (!match) {
+            throw new errors_1.PolicySdkConfigurationError('Invalid resource path format for policy_id. Expected format: ' +
+                '{dataset}/employers/{employer_id}/policies/{policy_uuid}.json or ' +
+                's3://{bucket}/{dataset}/employers/{employer_id}/policies/{policy_uuid}.json');
+        }
+        return {
+            datasetPrefix: match[1],
+            uuid: match[2],
+        };
+    }
+    /**
+     * Filter policy version keys by date, keeping only those on or before target_date
+     */
+    filterPolicyVersionsByDate(keys, targetDate) {
+        const datePattern = /\/(\d{4})\/(\d{2})\/(\d{2})\/[^/]+\.json$/;
+        const validKeys = [];
+        for (const key of keys) {
+            const match = datePattern.exec(key);
+            if (match) {
+                const year = parseInt(match[1], 10);
+                const month = parseInt(match[2], 10);
+                const day = parseInt(match[3], 10);
+                try {
+                    const keyDate = new Date(year, month - 1, day);
+                    if (keyDate.getFullYear() === year &&
+                        keyDate.getMonth() === month - 1 &&
+                        keyDate.getDate() === day) {
+                        if (keyDate <= targetDate) {
+                            validKeys.push({ key, date: keyDate });
+                        }
+                    }
+                }
+                catch {
+                    continue;
+                }
+            }
+        }
+        return validKeys;
+    }
+    /**
+     * Deserialize JSON string to PolicyVersion
+     */
+    deserializePolicyVersion(json) {
+        try {
+            return JSON.parse(json);
+        }
+        catch (error) {
+            throw new errors_1.PolicyVersionDeserializationError(error instanceof Error ? error : undefined);
+        }
+    }
+}
+exports.PolicyClient = PolicyClient;
+//# sourceMappingURL=policy-client.js.map

package/dist/clients/policy-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-client.js","sourceRoot":"","sources":["../../src/clients/policy-client.ts"],"names":[],"mappings":";;;AAAA,oDAAqE;AACrE,oDAAmE;AACnE,uDAAkE;AAClE,4CAOsB;AACtB,sCAMmB;AAGnB;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAa,YAAY;IAQvB;QAPQ,cAAS,GAAqB,IAAI,CAAC;QACnC,uBAAkB,GAAW,CAAC,CAAC;QAC/B,eAAU,GAAkB,IAAI,CAAC;QACjC,oBAAe,GAAkB,IAAI,CAAC;QACtC,6BAAwB,GAAW,CAAC,CAAC;QAI3C,IAAI,CAAC,MAAM,GAAG,0BAAc,CAAC;QAC7B,4CAA4C;QAC5C,IAAI,CAAC,aAAa,EAAE,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,+EAA+E;IAC/E,qBAAqB;IACrB,+EAA+E;IAE/E;;;;;OAKG;IACH,KAAK,CAAC,YAAY,CAAC,UAAkB;QACnC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxD,MAAM,MAAM,GAAG,GAAG,eAAe,cAAc,UAAU,YAAY,CAAC;QACtE,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAE1C,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,QAAQ,UAAU,IAAI,GAAG,EAAE,CAAC,CAAC;IACxD,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,qBAAqB,CAAC,GAAW;QACrC,uBAAuB;QACvB,MAAM,YAAY,GAAG,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC,CAAC;QAExD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAC1C,MAAM,iBAAiB,GAAG,MAAM,QAAQ,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;QAEtE,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvB,MAAM,IAAI,mCAA0B,CAAC,GAAG,CAAC,CAAC;QAC5C,CAAC;QAED,OAAO,IAAI,CAAC,wBAAwB,CAAC,iBAAiB,CAAC,CAAC;IAC1D,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,KAAK,CAAC,4BAA4B,CAChC,QAAgB,EAChB,IAA2B;QAE3B,eAAe;QACf,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,aAAa,EAAE,sBAAsB,EAAE,GAC/D,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QAE5C,6DAA6D;QAC7D,MAAM,aAAa,GACjB,sBAAsB,IAAI,CAAC,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC,CAAC;QAE9D,+BAA+B;QAC/B,MAAM,UAAU,GAAG,GAAG,aAAa,aAAa,UAAU,UAAU,CAAC;QACrE,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAC1C,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;QAE/D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,mCAA0B,CAClC,8CAA8C,UAAU,EAAE,CAC3D,CAAC;QACJ,CAAC;QAED,0BAA0B;QAC1B,MAAM,SAAS,GAAG,IAAI,CAAC,0BAA0B,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAEvE,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,mCAA0B,CAClC,8CAA8C,UAAU,iBAAiB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CACvG,CAAC;QACJ,CAAC;QAED,wDAAwD;QACxD,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QAC9D,MAAM,aAAa,GAAG,SAAS,CAAC,CAAC,CAAE,CAAC,GAAG,CAAC;QAExC,sBAAsB;QACtB,MAAM,iBAAiB,GAAG,MAAM,QAAQ,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;QAEvE,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvB,MAAM,IAAI,mCAA0B,CAAC,aAAa,CAAC,CAAC;QACtD,CAAC;QAED,OAAO,IAAI,CAAC,wBAAwB,CAAC,iBAAiB,CAAC,CAAC;IAC1D,CAAC;IAED,+EAA+E;IAC/E,4BAA4B;IAC5B,+EAA+E;IAE/E;;OAEG;IACK,aAAa;QACnB,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC,UAAU,CAAC;QACzB,CAAC;QAED,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACnC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,oCAA2B,CACnC,kDAAkD,CACnD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,UAAU,GAAG,GAAG,qCAAyB,IAAI,KAAK,EAAE,CAAC;QAC1D,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB;QAC9B,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,sBAAS,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;YACzD,MAAM,OAAO,GAAG,IAAI,gCAAmB,CAAC;gBACtC,IAAI,EAAE,2CAA+B;gBACrC,cAAc,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC/C,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,EAAE,KAAK,CAAC;YAExC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,0BAAiB,CACzB,iBAAiB,2CAA+B,4BAA4B,CAC7E,CAAC;YACJ,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;gBACrE,MAAM,IAAI,yCAAgC,CACxC,2CAA+B,EAC/B,SAAS,EACT,KAAK,CACN,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,0BAAiB,CACzB,gDAAgD,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,EAC1G,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAC3C,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU,CAAC,OAAe;QACtC,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,sBAAS,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;YACzD,MAAM,OAAO,GAAG,IAAI,8BAAiB,CAAC;gBACpC,OAAO,EAAE,OAAO;gBAChB,eAAe,EAAE,6BAAiB;gBAClC,eAAe,EAAE,IAAI,EAAE,SAAS;aACjC,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC/C,MAAM,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;YAEzC,IACE,CAAC,WAAW,EAAE,WAAW;gBACzB,CAAC,WAAW,EAAE,eAAe;gBAC7B,CAAC,WAAW,EAAE,YAAY,EAC1B,CAAC;gBACD,MAAM,IAAI,0BAAiB,CACzB,6CAA6C,CAC9C,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,WAAW,EAAE,WAAW,CAAC,WAAW;gBACpC,eAAe,EAAE,WAAW,CAAC,eAAe;gBAC5C,YAAY,EAAE,WAAW,CAAC,YAAY;aACvC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,0BAAiB,EAAE,CAAC;gBACvC,MAAM,KAAK,CAAC;YACd,CAAC;YACD,MAAM,IAAI,0BAAiB,CACzB,yBAAyB,OAAO,KAAK,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,EAC/F,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAC3C,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,WAAW;QACvB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,sCAAsC;QACtC,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,kBAAkB,GAAG,GAAG,EAAE,CAAC;YACpD,OAAO,IAAI,CAAC,SAAS,CAAC;QACxB,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACxC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAChD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAEnD,IAAI,CAAC,SAAS,GAAG,IAAI,sBAAS,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QACrE,IAAI,CAAC,kBAAkB,GAAG,GAAG,GAAG,4BAAgB,CAAC;QAEjD,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,CAAC,YAAY;QAEvC,qCAAqC;QACrC,IAAI,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,wBAAwB,GAAG,GAAG,EAAE,CAAC;YAChE,OAAO,IAAI,CAAC,eAAe,CAAC;QAC9B,CAAC;QAED,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,sBAAS,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;YACzD,MAAM,OAAO,GAAG,IAAI,gCAAmB,CAAC;gBACtC,IAAI,EAAE,4CAAgC;gBACtC,cAAc,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC/C,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,EAAE,KAAK,CAAC;YAExC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,0BAAiB,CACzB,iBAAiB,4CAAgC,4BAA4B,CAC9E,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,eAAe,GAAG,KAAK,CAAC;YAC7B,IAAI,CAAC,wBAAwB,GAAG,GAAG,GAAG,MAAM,CAAC;YAE7C,OAAO,KAAK,CAAC;QACf,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;gBACrE,MAAM,IAAI,yCAAgC,CACxC,4CAAgC,EAChC,SAAS,EACT,KAAK,CACN,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,0BAAiB,CACzB,6CAA6C,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,EACvG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAC3C,CAAC;QACJ,CAAC;IACH,CAAC;IAED,+EAA+E;IAC/E,iBAAiB;IACjB,+EAA+E;IAE/E;;;;;;OAMG;IACK,cAAc;QACpB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE;YACnD,QAAQ,EAAE,kBAAkB;YAC5B,IAAI,EAAE,SAAS;YACf,KAAK,EAAE,SAAS;YAChB,GAAG,EAAE,SAAS;YACd,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,KAAK;SACd,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,WAAW,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAC7C,MAAM,IAAI,GAAG,QAAQ,CACnB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,EAAE,KAAK,IAAI,GAAG,EAClD,EAAE,CACH,CAAC;QACF,MAAM,KAAK,GAAG,QAAQ,CACpB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,EAAE,KAAK,IAAI,GAAG,EACnD,EAAE,CACH,CAAC;QACF,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,KAAK,CAAC,EAAE,KAAK,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;QAC5E,MAAM,IAAI,GAAG,QAAQ,CACnB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,EAAE,KAAK,IAAI,GAAG,EAClD,EAAE,CACH,CAAC;QAEF,MAAM,YAAY,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;QAEpD,uEAAuE;QACvE,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;YACb,YAAY,CAAC,OAAO,CAAC,YAAY,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;QACnD,CAAC;QAED,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,IAAU;QAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAChC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAC3D,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACpD,OAAO,GAAG,IAAI,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;IACnC,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,IAAsC;QAC1D,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACxC,OAAO,IAAI,CAAC,cAAc,EAAE,CAAC;QAC/B,CAAC;QAED,IAAI,IAAI,YAAY,IAAI,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAG,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrD,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,oCAA2B,CACnC,8DAA8D,IAAI,EAAE,CACrE,CAAC;YACJ,CAAC;YACD,MAAM,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC;YAC5C,OAAO,IAAI,IAAI,CACb,QAAQ,CAAC,OAAQ,EAAE,EAAE,CAAC,EACtB,QAAQ,CAAC,QAAS,EAAE,EAAE,CAAC,GAAG,CAAC,EAC3B,QAAQ,CAAC,MAAO,EAAE,EAAE,CAAC,CACtB,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,oCAA2B,CACnC,yDAAyD,OAAO,IAAI,EAAE,CACvE,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,wBAAwB,CAAC,GAAW;QAC1C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,IAAI,oCAA2B,CACnC,2CAA2C,OAAO,GAAG,EAAE,CACxD,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,oCAA2B,CACnC,4DAA4D;gBAC1D,2CAA2C,GAAG,EAAE,CACnD,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACxC,MAAM,cAAc,GAAG,QAAQ,UAAU,GAAG,CAAC;QAE7C,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5B,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;gBACpC,MAAM,IAAI,oCAA2B,CACnC,6BAA6B,UAAU,UAAU,GAAG,EAAE,CACvD,CAAC;YACJ,CAAC;YACD,OAAO,GAAG,CAAC,SAAS,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAC9C,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACK,aAAa,CACnB,QAAgB;QAEhB,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACxC,MAAM,cAAc,GAAG,QAAQ,UAAU,GAAG,CAAC;QAE7C,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;gBACzC,MAAM,IAAI,oCAA2B,CACnC,6BAA6B,UAAU,UAAU,QAAQ,EAAE,CAC5D,CAAC;YACJ,CAAC;YACD,MAAM,YAAY,GAAG,QAAQ,CAAC,SAAS,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;YAC/D,OAAO,IAAI,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;QAClD,CAAC;aAAM,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAClC,OAAO,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,MAAM,SAAS,GACb,iEAAiE,CAAC;YACpE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC9B,MAAM,IAAI,oCAA2B,CACnC,uDAAuD;oBACrD,uBAAuB,QAAQ,EAAE,CACpC,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;QACjD,CAAC;IACH,CAAC;IAED;;OAEG;IACK,qBAAqB,CAC3B,YAAoB;QAEpB,MAAM,UAAU,GACd,iEAAiE,CAAC;QACpE,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAE5C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,oCAA2B,CACnC,+DAA+D;gBAC7D,mEAAmE;gBACnE,6EAA6E,CAChF,CAAC;QACJ,CAAC;QAED,OAAO;YACL,aAAa,EAAE,KAAK,CAAC,CAAC,CAAE;YACxB,IAAI,EAAE,KAAK,CAAC,CAAC,CAAE;SAChB,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,0BAA0B,CAChC,IAAc,EACd,UAAgB;QAEhB,MAAM,WAAW,GAAG,2CAA2C,CAAC;QAChE,MAAM,SAAS,GAAuC,EAAE,CAAC;QAEzD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACpC,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,EAAE,CAAC,CAAC;gBACrC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,EAAE,CAAC,CAAC;gBACtC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,EAAE,CAAC,CAAC;gBAEpC,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;oBAC/C,IACE,OAAO,CAAC,WAAW,EAAE,KAAK,IAAI;wBAC9B,OAAO,CAAC,QAAQ,EAAE,KAAK,KAAK,GAAG,CAAC;wBAChC,OAAO,CAAC,OAAO,EAAE,KAAK,GAAG,EACzB,CAAC;wBACD,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;4BAC1B,SAAS,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;wBACzC,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,SAAS;gBACX,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACK,wBAAwB,CAAC,IAAY;QAC3C,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAkB,CAAC;QAC3C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,0CAAiC,CACzC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAC3C,CAAC;QACJ,CAAC;IACH,CAAC;CACF;AAphBD,oCAohBC"}

package/dist/constants.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Constants used throughout the Benefits Admin Policy SDK
+ */
+/** SSM parameter name for the BA consumer role ARN */
+export declare const BA_CONSUMER_ROLE_PARAMETER_NAME = "/benefits-admin/consumer-role-arn";
+/** SSM parameter name for the policy URI prefix (dataset) */
+export declare const POLICY_URI_PREFIX_PARAMETER_NAME = "/benefits-admin-policy/policy-uri-prefix";
+/** S3 bucket name prefix for policy versions */
+export declare const POLICY_BUCKET_NAME_PREFIX = "benefits-admin-policy-versions";
+/** Default AWS region */
+export declare const DEFAULT_REGION = "us-west-2";
+/** S3 client TTL in milliseconds (55 minutes, 5 min before IAM session expires) */
+export declare const S3_CLIENT_TTL_MS: number;
+/** Role session name for STS assume role */
+export declare const ROLE_SESSION_NAME = "benefits-admin-policy-sdk";
+/** Page size for S3 list operations */
+export declare const S3_PAGE_SIZE = 1000;
+//# sourceMappingURL=constants.d.ts.map

package/dist/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,sDAAsD;AACtD,eAAO,MAAM,+BAA+B,sCACP,CAAC;AAEtC,6DAA6D;AAC7D,eAAO,MAAM,gCAAgC,6CACD,CAAC;AAE7C,gDAAgD;AAChD,eAAO,MAAM,yBAAyB,mCAAmC,CAAC;AAE1E,yBAAyB;AACzB,eAAO,MAAM,cAAc,cAAc,CAAC;AAE1C,mFAAmF;AACnF,eAAO,MAAM,gBAAgB,QAAiB,CAAC;AAE/C,4CAA4C;AAC5C,eAAO,MAAM,iBAAiB,8BAA8B,CAAC;AAE7D,uCAAuC;AACvC,eAAO,MAAM,YAAY,OAAO,CAAC"}

package/dist/constants.js

@@ -0,0 +1,21 @@
+"use strict";
+/**
+ * Constants used throughout the Benefits Admin Policy SDK
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.S3_PAGE_SIZE = exports.ROLE_SESSION_NAME = exports.S3_CLIENT_TTL_MS = exports.DEFAULT_REGION = exports.POLICY_BUCKET_NAME_PREFIX = exports.POLICY_URI_PREFIX_PARAMETER_NAME = exports.BA_CONSUMER_ROLE_PARAMETER_NAME = void 0;
+/** SSM parameter name for the BA consumer role ARN */
+exports.BA_CONSUMER_ROLE_PARAMETER_NAME = '/benefits-admin/consumer-role-arn';
+/** SSM parameter name for the policy URI prefix (dataset) */
+exports.POLICY_URI_PREFIX_PARAMETER_NAME = '/benefits-admin-policy/policy-uri-prefix';
+/** S3 bucket name prefix for policy versions */
+exports.POLICY_BUCKET_NAME_PREFIX = 'benefits-admin-policy-versions';
+/** Default AWS region */
+exports.DEFAULT_REGION = 'us-west-2';
+/** S3 client TTL in milliseconds (55 minutes, 5 min before IAM session expires) */
+exports.S3_CLIENT_TTL_MS = 55 * 60 * 1000;
+/** Role session name for STS assume role */
+exports.ROLE_SESSION_NAME = 'benefits-admin-policy-sdk';
+/** Page size for S3 list operations */
+exports.S3_PAGE_SIZE = 1000;
+//# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,sDAAsD;AACzC,QAAA,+BAA+B,GAC1C,mCAAmC,CAAC;AAEtC,6DAA6D;AAChD,QAAA,gCAAgC,GAC3C,0CAA0C,CAAC;AAE7C,gDAAgD;AACnC,QAAA,yBAAyB,GAAG,gCAAgC,CAAC;AAE1E,yBAAyB;AACZ,QAAA,cAAc,GAAG,WAAW,CAAC;AAE1C,mFAAmF;AACtE,QAAA,gBAAgB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAE/C,4CAA4C;AAC/B,QAAA,iBAAiB,GAAG,2BAA2B,CAAC;AAE7D,uCAAuC;AAC1B,QAAA,YAAY,GAAG,IAAI,CAAC"}

package/dist/errors/index.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Base error class for all Policy SDK errors
+ */
+export declare class PolicySdkError extends Error {
+    cause?: Error;
+    constructor(message: string);
+}
+/**
+ * Error thrown when a PolicyVersion is not found
+ */
+export declare class PolicyVersionNotFoundError extends PolicySdkError {
+    constructor(uri: string);
+}
+/**
+ * Error thrown when a PolicyVersion cannot be deserialized
+ */
+export declare class PolicyVersionDeserializationError extends PolicySdkError {
+    constructor(cause?: Error);
+}
+/**
+ * Error thrown when AWS operations fail
+ */
+export declare class PolicySdkAwsError extends PolicySdkError {
+    constructor(message: string, cause?: Error);
+}
+/**
+ * Error thrown when configuration is invalid
+ */
+export declare class PolicySdkConfigurationError extends PolicySdkError {
+    constructor(message: string);
+}
+/**
+ * Error thrown when SSM parameter access is not available
+ */
+export declare class PolicySdkSsmParameterAccessError extends PolicySdkError {
+    constructor(parameterName: string, message?: string, cause?: Error);
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/errors/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/errors/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,qBAAa,cAAe,SAAQ,KAAK;IAChC,KAAK,CAAC,EAAE,KAAK,CAAC;gBAET,OAAO,EAAE,MAAM;CAI5B;AAED;;GAEG;AACH,qBAAa,0BAA2B,SAAQ,cAAc;gBAChD,GAAG,EAAE,MAAM;CAIxB;AAED;;GAEG;AACH,qBAAa,iCAAkC,SAAQ,cAAc;gBACvD,KAAK,CAAC,EAAE,KAAK;CAO1B;AAED;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,cAAc;gBACvC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAO3C;AAED;;GAEG;AACH,qBAAa,2BAA4B,SAAQ,cAAc;gBACjD,OAAO,EAAE,MAAM;CAI5B;AAED;;GAEG;AACH,qBAAa,gCAAiC,SAAQ,cAAc;gBACtD,aAAa,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAWnE"}

package/dist/errors/index.js

@@ -0,0 +1,75 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PolicySdkSsmParameterAccessError = exports.PolicySdkConfigurationError = exports.PolicySdkAwsError = exports.PolicyVersionDeserializationError = exports.PolicyVersionNotFoundError = exports.PolicySdkError = void 0;
+/**
+ * Base error class for all Policy SDK errors
+ */
+class PolicySdkError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'PolicySdkError';
+    }
+}
+exports.PolicySdkError = PolicySdkError;
+/**
+ * Error thrown when a PolicyVersion is not found
+ */
+class PolicyVersionNotFoundError extends PolicySdkError {
+    constructor(uri) {
+        super(`PolicyVersion not found at URI: ${uri}`);
+        this.name = 'PolicyVersionNotFoundError';
+    }
+}
+exports.PolicyVersionNotFoundError = PolicyVersionNotFoundError;
+/**
+ * Error thrown when a PolicyVersion cannot be deserialized
+ */
+class PolicyVersionDeserializationError extends PolicySdkError {
+    constructor(cause) {
+        super('Failed to deserialize JSON string into PolicyVersion model.');
+        this.name = 'PolicyVersionDeserializationError';
+        if (cause) {
+            this.cause = cause;
+        }
+    }
+}
+exports.PolicyVersionDeserializationError = PolicyVersionDeserializationError;
+/**
+ * Error thrown when AWS operations fail
+ */
+class PolicySdkAwsError extends PolicySdkError {
+    constructor(message, cause) {
+        super(message);
+        this.name = 'PolicySdkAwsError';
+        if (cause) {
+            this.cause = cause;
+        }
+    }
+}
+exports.PolicySdkAwsError = PolicySdkAwsError;
+/**
+ * Error thrown when configuration is invalid
+ */
+class PolicySdkConfigurationError extends PolicySdkError {
+    constructor(message) {
+        super(message);
+        this.name = 'PolicySdkConfigurationError';
+    }
+}
+exports.PolicySdkConfigurationError = PolicySdkConfigurationError;
+/**
+ * Error thrown when SSM parameter access is not available
+ */
+class PolicySdkSsmParameterAccessError extends PolicySdkError {
+    constructor(parameterName, message, cause) {
+        const defaultMessage = `Access denied to SSM parameter: ${parameterName}. ` +
+            `Please check the README.md file for IAM policy examples to grant access to this parameter.`;
+        super(message || defaultMessage);
+        this.name = 'PolicySdkSsmParameterAccessError';
+        if (cause) {
+            this.cause = cause;
+        }
+    }
+}
+exports.PolicySdkSsmParameterAccessError = PolicySdkSsmParameterAccessError;
+//# sourceMappingURL=index.js.map

package/dist/errors/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/errors/index.ts"],"names":[],"mappings":";;;AAAA;;GAEG;AACH,MAAa,cAAe,SAAQ,KAAK;IAGvC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;IAC/B,CAAC;CACF;AAPD,wCAOC;AAED;;GAEG;AACH,MAAa,0BAA2B,SAAQ,cAAc;IAC5D,YAAY,GAAW;QACrB,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC,IAAI,GAAG,4BAA4B,CAAC;IAC3C,CAAC;CACF;AALD,gEAKC;AAED;;GAEG;AACH,MAAa,iCAAkC,SAAQ,cAAc;IACnE,YAAY,KAAa;QACvB,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACrE,IAAI,CAAC,IAAI,GAAG,mCAAmC,CAAC;QAChD,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACrB,CAAC;IACH,CAAC;CACF;AARD,8EAQC;AAED;;GAEG;AACH,MAAa,iBAAkB,SAAQ,cAAc;IACnD,YAAY,OAAe,EAAE,KAAa;QACxC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;QAChC,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACrB,CAAC;IACH,CAAC;CACF;AARD,8CAQC;AAED;;GAEG;AACH,MAAa,2BAA4B,SAAQ,cAAc;IAC7D,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,6BAA6B,CAAC;IAC5C,CAAC;CACF;AALD,kEAKC;AAED;;GAEG;AACH,MAAa,gCAAiC,SAAQ,cAAc;IAClE,YAAY,aAAqB,EAAE,OAAgB,EAAE,KAAa;QAChE,MAAM,cAAc,GAClB,mCAAmC,aAAa,IAAI;YACpD,4FAA4F,CAAC;QAE/F,KAAK,CAAC,OAAO,IAAI,cAAc,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI,GAAG,kCAAkC,CAAC;QAC/C,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACrB,CAAC;IACH,CAAC;CACF;AAZD,4EAYC"}

package/dist/index.d.ts

@@ -0,0 +1,7 @@
+export { PolicyClient } from './clients/policy-client';
+export type * from './models';
+export { PolicySdkError, PolicyVersionNotFoundError, PolicyVersionDeserializationError, PolicySdkAwsError, PolicySdkConfigurationError, PolicySdkSsmParameterAccessError, } from './errors';
+export { S3Adapter } from './adapters/s3-adapter';
+export type { S3Credentials } from './adapters/s3-adapter';
+export { policySchema, policyVersionSchema } from './schemas';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAGvD,mBAAmB,UAAU,CAAC;AAG9B,OAAO,EACL,cAAc,EACd,0BAA0B,EAC1B,iCAAiC,EACjC,iBAAiB,EACjB,2BAA2B,EAC3B,gCAAgC,GACjC,MAAM,UAAU,CAAC;AAGlB,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,YAAY,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAG3D,OAAO,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC"}

package/dist/index.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.policyVersionSchema = exports.policySchema = exports.S3Adapter = exports.PolicySdkSsmParameterAccessError = exports.PolicySdkConfigurationError = exports.PolicySdkAwsError = exports.PolicyVersionDeserializationError = exports.PolicyVersionNotFoundError = exports.PolicySdkError = exports.PolicyClient = void 0;
+// Policy Client export
+var policy_client_1 = require("./clients/policy-client");
+Object.defineProperty(exports, "PolicyClient", { enumerable: true, get: function () { return policy_client_1.PolicyClient; } });
+// Error exports
+var errors_1 = require("./errors");
+Object.defineProperty(exports, "PolicySdkError", { enumerable: true, get: function () { return errors_1.PolicySdkError; } });
+Object.defineProperty(exports, "PolicyVersionNotFoundError", { enumerable: true, get: function () { return errors_1.PolicyVersionNotFoundError; } });
+Object.defineProperty(exports, "PolicyVersionDeserializationError", { enumerable: true, get: function () { return errors_1.PolicyVersionDeserializationError; } });
+Object.defineProperty(exports, "PolicySdkAwsError", { enumerable: true, get: function () { return errors_1.PolicySdkAwsError; } });
+Object.defineProperty(exports, "PolicySdkConfigurationError", { enumerable: true, get: function () { return errors_1.PolicySdkConfigurationError; } });
+Object.defineProperty(exports, "PolicySdkSsmParameterAccessError", { enumerable: true, get: function () { return errors_1.PolicySdkSsmParameterAccessError; } });
+// Adapter exports (for advanced usage)
+var s3_adapter_1 = require("./adapters/s3-adapter");
+Object.defineProperty(exports, "S3Adapter", { enumerable: true, get: function () { return s3_adapter_1.S3Adapter; } });
+// JSON Schema exports (for runtime validation)
+var schemas_1 = require("./schemas");
+Object.defineProperty(exports, "policySchema", { enumerable: true, get: function () { return schemas_1.policySchema; } });
+Object.defineProperty(exports, "policyVersionSchema", { enumerable: true, get: function () { return schemas_1.policyVersionSchema; } });
+//# sourceMappingURL=index.js.map