npm - @hearth-auth/sdk - Versions diffs - 0.0.1 - Mend

@hearth-auth/sdk 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

package/CHANGELOG.md +12 -0
package/README.md +680 -0
package/package.json +44 -0
package/src/admin.ts +157 -0
package/src/browser-auth.ts +130 -0
package/src/claims.ts +180 -0
package/src/client.ts +251 -0
package/src/errors.ts +173 -0
package/src/generated/google/api/annotations_pb.ts +44 -0
package/src/generated/google/api/http_pb.ts +467 -0
package/src/generated/hearth/authz/v1/authz_pb.ts +593 -0
package/src/generated/hearth/cluster/v1/raft_pb.ts +183 -0
package/src/generated/hearth/events/v1/audit_pb.ts +886 -0
package/src/generated/hearth/identity/v1/identity_pb.ts +1673 -0
package/src/generated/hearth/identity/v1/oauth_pb.ts +1138 -0
package/src/generated/hearth/rbac/v1/rbac_pb.ts +2000 -0
package/src/hearth-client.ts +288 -0
package/src/hearth.ts +224 -0
package/src/index.ts +106 -0
package/src/introspection-client.ts +83 -0
package/src/jwks-client.ts +45 -0
package/src/middleware.ts +82 -0
package/src/pkce.ts +129 -0
package/src/react.tsx +57 -0
package/src/session-version-cache.ts +167 -0
package/src/types.ts +188 -0
package/tests/admin-crud.test.ts +97 -0
package/tests/auth-flow.test.ts +75 -0
package/tests/authorize.test.ts +386 -0
package/tests/claims.test.ts +159 -0
package/tests/hasPermission.test.ts +152 -0
package/tests/hearth-client.test.ts +243 -0
package/tests/helpers.ts +90 -0
package/tests/jwks.test.ts +62 -0
package/tests/pkce.test.ts +210 -0
package/tests/react-useHasPermission.test.tsx +92 -0
package/tests/required-action.test.ts +276 -0
package/tests/session-version.test.ts +391 -0
package/tsconfig.json +16 -0
package/vitest.config.ts +8 -0

package/src/generated/hearth/authz/v1/authz_pb.ts ADDED Viewed

@@ -0,0 +1,593 @@
+// @generated by protoc-gen-es v2.12.0 with parameter "target=ts"
+// @generated from file hearth/authz/v1/authz.proto (package hearth.authz.v1, syntax proto3)
+/* eslint-disable */
+import type { GenEnum, GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv2";
+import { enumDesc, fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv2";
+import type { Message } from "@bufbuild/protobuf";
+/**
+ * Describes the file hearth/authz/v1/authz.proto.
+ */
+export const file_hearth_authz_v1_authz: GenFile = /*@__PURE__*/
+  fileDesc("ChtoZWFydGgvYXV0aHovdjEvYXV0aHoucHJvdG8SD2hlYXJ0aC5hdXRoei52MSIzCglPYmplY3RSZWYSEwoLb2JqZWN0X3R5cGUYASABKAkSEQoJb2JqZWN0X2lkGAIgASgJInIKClN1YmplY3RSZWYSLAoGZGlyZWN0GAEgASgLMhouaGVhcnRoLmF1dGh6LnYxLk9iamVjdFJlZkgAEi4KB3VzZXJzZXQYAiABKAsyGy5oZWFydGguYXV0aHoudjEuVXNlcnNldFJlZkgAQgYKBGtpbmQiSgoKVXNlcnNldFJlZhIqCgZvYmplY3QYASABKAsyGi5oZWFydGguYXV0aHoudjEuT2JqZWN0UmVmEhAKCHJlbGF0aW9uGAIgASgJIn8KEVJlbGF0aW9uc2hpcFR1cGxlEioKBm9iamVjdBgBIAEoCzIaLmhlYXJ0aC5hdXRoei52MS5PYmplY3RSZWYSEAoIcmVsYXRpb24YAiABKAkSLAoHc3ViamVjdBgDIAEoCzIbLmhlYXJ0aC5hdXRoei52MS5TdWJqZWN0UmVmIngKClR1cGxlV3JpdGUSNwoJb3BlcmF0aW9uGAEgASgOMiQuaGVhcnRoLmF1dGh6LnYxLlR1cGxlV3JpdGVPcGVyYXRpb24SMQoFdHVwbGUYAiABKAsyIi5oZWFydGguYXV0aHoudjEuUmVsYXRpb25zaGlwVHVwbGUiIwoQQ29uc2lzdGVuY3lUb2tlbhIPCgd2ZXJzaW9uGAEgASgEIssBChBUdXBsZUNoYW5nZUV2ZW50EhAKCHNlcXVlbmNlGAEgASgEEjIKBmFjdGlvbhgCIAEoDjIiLmhlYXJ0aC5hdXRoei52MS5UdXBsZUNoYW5nZUFjdGlvbhITCgtvYmplY3RfdHlwZRgDIAEoCRIRCglvYmplY3RfaWQYBCABKAkSEAoIcmVsYXRpb24YBSABKAkSDwoHc3ViamVjdBgGIAEoCRIQCghyZWFsbV9pZBgHIAEoCRIUCgx0aW1lc3RhbXBfdXMYCCABKAQiNwoLV2F0Y2hGaWx0ZXISGAoLb2JqZWN0X3R5cGUYASABKAlIAIgBAUIOCgxfb2JqZWN0X3R5cGUisQEKD05hbWVzcGFjZUNvbmZpZxJHCgxvYmplY3RfdHlwZXMYASADKAsyMS5oZWFydGguYXV0aHoudjEuTmFtZXNwYWNlQ29uZmlnLk9iamVjdFR5cGVzRW50cnkaVQoQT2JqZWN0VHlwZXNFbnRyeRILCgNrZXkYASABKAkSMAoFdmFsdWUYAiABKAsyIS5oZWFydGguYXV0aHoudjEuT2JqZWN0VHlwZUNvbmZpZzoCOAEiqgEKEE9iamVjdFR5cGVDb25maWcSQwoJcmVsYXRpb25zGAEgAygLMjAuaGVhcnRoLmF1dGh6LnYxLk9iamVjdFR5cGVDb25maWcuUmVsYXRpb25zRW50cnkaUQoOUmVsYXRpb25zRW50cnkSCwoDa2V5GAEgASgJEi4KBXZhbHVlGAIgASgLMh8uaGVhcnRoLmF1dGh6LnYxLlJlbGF0aW9uQ29uZmlnOgI4ASIvCg5SZWxhdGlvbkNvbmZpZxIdChVhbGxvd2VkX3N1YmplY3RfdHlwZXMYASADKAki2QEKDENoZWNrUmVxdWVzdBIqCgZvYmplY3QYASABKAsyGi5oZWFydGguYXV0aHoudjEuT2JqZWN0UmVmEhAKCHJlbGF0aW9uGAIgASgJEiwKB3N1YmplY3QYAyABKAsyGy5oZWFydGguYXV0aHoudjEuU3ViamVjdFJlZhJEChRhdF9sZWFzdF9hc19mcmVzaF9hcxgEIAEoCzIhLmhlYXJ0aC5hdXRoei52MS5Db25zaXN0ZW5jeVRva2VuSACIAQFCFwoVX2F0X2xlYXN0X2FzX2ZyZXNoX2FzIlIKDUNoZWNrUmVzcG9uc2USDwoHYWxsb3dlZBgBIAEoCBIwCgV0b2tlbhgCIAEoCzIhLmhlYXJ0aC5hdXRoei52MS5Db25zaXN0ZW5jeVRva2VuIqwBCg1FeHBhbmRSZXF1ZXN0EioKBm9iamVjdBgBIAEoCzIaLmhlYXJ0aC5hdXRoei52MS5PYmplY3RSZWYSEAoIcmVsYXRpb24YAiABKAkSRAoUYXRfbGVhc3RfYXNfZnJlc2hfYXMYAyABKAsyIS5oZWFydGguYXV0aHoudjEuQ29uc2lzdGVuY3lUb2tlbkgAiAEBQhcKFV9hdF9sZWFzdF9hc19mcmVzaF9hcyJxCg5FeHBhbmRSZXNwb25zZRIwCgV0b2tlbhgBIAEoCzIhLmhlYXJ0aC5hdXRoei52MS5Db25zaXN0ZW5jeVRva2VuEi0KCHN1YmplY3RzGAIgAygLMhsuaGVhcnRoLmF1dGh6LnYxLlN1YmplY3RSZWYiQQoSV3JpdGVUdXBsZXNSZXF1ZXN0EisKBndyaXRlcxgBIAMoCzIbLmhlYXJ0aC5hdXRoei52MS5UdXBsZVdyaXRlIkcKE1dyaXRlVHVwbGVzUmVzcG9uc2USMAoFdG9rZW4YASABKAsyIS5oZWFydGguYXV0aHoudjEuQ29uc2lzdGVuY3lUb2tlbiKZAQoMV2F0Y2hSZXF1ZXN0EjsKC3N0YXJ0X2FmdGVyGAEgASgLMiEuaGVhcnRoLmF1dGh6LnYxLkNvbnNpc3RlbmN5VG9rZW5IAIgBARIxCgZmaWx0ZXIYAiABKAsyHC5oZWFydGguYXV0aHoudjEuV2F0Y2hGaWx0ZXJIAYgBAUIOCgxfc3RhcnRfYWZ0ZXJCCQoHX2ZpbHRlciJwCgpXYXRjaEV2ZW50EjAKBWV2ZW50GAEgASgLMiEuaGVhcnRoLmF1dGh6LnYxLlR1cGxlQ2hhbmdlRXZlbnQSMAoFdG9rZW4YAiABKAsyIS5oZWFydGguYXV0aHoudjEuQ29uc2lzdGVuY3lUb2tlbirXAQoTVHVwbGVXcml0ZU9wZXJhdGlvbhIlCiFUVVBMRV9XUklURV9PUEVSQVRJT05fVU5TUEVDSUZJRUQQABIfChtUVVBMRV9XUklURV9PUEVSQVRJT05fVE9VQ0gQARIgChxUVVBMRV9XUklURV9PUEVSQVRJT05fREVMRVRFEAISKQolVFVQTEVfV1JJVEVfT1BFUkFUSU9OX1RPVUNIX0lGX0FCU0VOVBADEisKJ1RVUExFX1dSSVRFX09QRVJBVElPTl9ERUxFVEVfSUZfUFJFU0VOVBAEKncKEVR1cGxlQ2hhbmdlQWN0aW9uEiMKH1RVUExFX0NIQU5HRV9BQ1RJT05fVU5TUEVDSUZJRUQQABIdChlUVVBMRV9DSEFOR0VfQUNUSU9OX1RPVUNIEAESHgoaVFVQTEVfQ0hBTkdFX0FDVElPTl9ERUxFVEUQAjLKAgoUQXV0aG9yaXphdGlvblNlcnZpY2USRgoFQ2hlY2sSHS5oZWFydGguYXV0aHoudjEuQ2hlY2tSZXF1ZXN0Gh4uaGVhcnRoLmF1dGh6LnYxLkNoZWNrUmVzcG9uc2USSQoGRXhwYW5kEh4uaGVhcnRoLmF1dGh6LnYxLkV4cGFuZFJlcXVlc3QaHy5oZWFydGguYXV0aHoudjEuRXhwYW5kUmVzcG9uc2USWAoLV3JpdGVUdXBsZXMSIy5oZWFydGguYXV0aHoudjEuV3JpdGVUdXBsZXNSZXF1ZXN0GiQuaGVhcnRoLmF1dGh6LnYxLldyaXRlVHVwbGVzUmVzcG9uc2USRQoFV2F0Y2gSHS5oZWFydGguYXV0aHoudjEuV2F0Y2hSZXF1ZXN0GhsuaGVhcnRoLmF1dGh6LnYxLldhdGNoRXZlbnQwAUI/Wj1naXRodWIuY29tL2hlYXJ0aGRiL2hlYXJ0aC9zZGtzL2dvL2dlbmVyYXRlZC9hdXRoei92MTthdXRoenYxYgZwcm90bzM");
+/**
+ * A reference to an object: {type}:{id}.
+ *
+ * @generated from message hearth.authz.v1.ObjectRef
+ */
+export type ObjectRef = Message<"hearth.authz.v1.ObjectRef"> & {
+  /**
+   * @generated from field: string object_type = 1;
+   */
+  objectType: string;
+  /**
+   * @generated from field: string object_id = 2;
+   */
+  objectId: string;
+};
+/**
+ * Describes the message hearth.authz.v1.ObjectRef.
+ * Use `create(ObjectRefSchema)` to create a new message.
+ */
+export const ObjectRefSchema: GenMessage<ObjectRef> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 0);
+/**
+ * A reference to a subject: either a direct entity or a userset.
+ *
+ * @generated from message hearth.authz.v1.SubjectRef
+ */
+export type SubjectRef = Message<"hearth.authz.v1.SubjectRef"> & {
+  /**
+   * @generated from oneof hearth.authz.v1.SubjectRef.kind
+   */
+  kind: {
+    /**
+     * A direct entity reference (e.g., user:alice).
+     *
+     * @generated from field: hearth.authz.v1.ObjectRef direct = 1;
+     */
+    value: ObjectRef;
+    case: "direct";
+  } | {
+    /**
+     * A userset reference (e.g., group:eng#member).
+     *
+     * @generated from field: hearth.authz.v1.UsersetRef userset = 2;
+     */
+    value: UsersetRef;
+    case: "userset";
+  } | { case: undefined; value?: undefined };
+};
+/**
+ * Describes the message hearth.authz.v1.SubjectRef.
+ * Use `create(SubjectRefSchema)` to create a new message.
+ */
+export const SubjectRefSchema: GenMessage<SubjectRef> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 1);
+/**
+ * A userset reference: object#relation.
+ *
+ * @generated from message hearth.authz.v1.UsersetRef
+ */
+export type UsersetRef = Message<"hearth.authz.v1.UsersetRef"> & {
+  /**
+   * @generated from field: hearth.authz.v1.ObjectRef object = 1;
+   */
+  object?: ObjectRef | undefined;
+  /**
+   * @generated from field: string relation = 2;
+   */
+  relation: string;
+};
+/**
+ * Describes the message hearth.authz.v1.UsersetRef.
+ * Use `create(UsersetRefSchema)` to create a new message.
+ */
+export const UsersetRefSchema: GenMessage<UsersetRef> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 2);
+/**
+ * A complete relationship tuple: (object#relation@subject).
+ *
+ * @generated from message hearth.authz.v1.RelationshipTuple
+ */
+export type RelationshipTuple = Message<"hearth.authz.v1.RelationshipTuple"> & {
+  /**
+   * @generated from field: hearth.authz.v1.ObjectRef object = 1;
+   */
+  object?: ObjectRef | undefined;
+  /**
+   * @generated from field: string relation = 2;
+   */
+  relation: string;
+  /**
+   * @generated from field: hearth.authz.v1.SubjectRef subject = 3;
+   */
+  subject?: SubjectRef | undefined;
+};
+/**
+ * Describes the message hearth.authz.v1.RelationshipTuple.
+ * Use `create(RelationshipTupleSchema)` to create a new message.
+ */
+export const RelationshipTupleSchema: GenMessage<RelationshipTuple> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 3);
+/**
+ * A write operation on a relationship tuple.
+ *
+ * @generated from message hearth.authz.v1.TupleWrite
+ */
+export type TupleWrite = Message<"hearth.authz.v1.TupleWrite"> & {
+  /**
+   * @generated from field: hearth.authz.v1.TupleWriteOperation operation = 1;
+   */
+  operation: TupleWriteOperation;
+  /**
+   * @generated from field: hearth.authz.v1.RelationshipTuple tuple = 2;
+   */
+  tuple?: RelationshipTuple | undefined;
+};
+/**
+ * Describes the message hearth.authz.v1.TupleWrite.
+ * Use `create(TupleWriteSchema)` to create a new message.
+ */
+export const TupleWriteSchema: GenMessage<TupleWrite> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 4);
+/**
+ * An opaque consistency token (Zanzibar "zookie").
+ *
+ * @generated from message hearth.authz.v1.ConsistencyToken
+ */
+export type ConsistencyToken = Message<"hearth.authz.v1.ConsistencyToken"> & {
+  /**
+   * @generated from field: uint64 version = 1;
+   */
+  version: bigint;
+};
+/**
+ * Describes the message hearth.authz.v1.ConsistencyToken.
+ * Use `create(ConsistencyTokenSchema)` to create a new message.
+ */
+export const ConsistencyTokenSchema: GenMessage<ConsistencyToken> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 5);
+/**
+ * An event representing a change to a relationship tuple.
+ *
+ * @generated from message hearth.authz.v1.TupleChangeEvent
+ */
+export type TupleChangeEvent = Message<"hearth.authz.v1.TupleChangeEvent"> & {
+  /**
+   * @generated from field: uint64 sequence = 1;
+   */
+  sequence: bigint;
+  /**
+   * @generated from field: hearth.authz.v1.TupleChangeAction action = 2;
+   */
+  action: TupleChangeAction;
+  /**
+   * @generated from field: string object_type = 3;
+   */
+  objectType: string;
+  /**
+   * @generated from field: string object_id = 4;
+   */
+  objectId: string;
+  /**
+   * @generated from field: string relation = 5;
+   */
+  relation: string;
+  /**
+   * @generated from field: string subject = 6;
+   */
+  subject: string;
+  /**
+   * @generated from field: string realm_id = 7;
+   */
+  realmId: string;
+  /**
+   * @generated from field: uint64 timestamp_us = 8;
+   */
+  timestampUs: bigint;
+};
+/**
+ * Describes the message hearth.authz.v1.TupleChangeEvent.
+ * Use `create(TupleChangeEventSchema)` to create a new message.
+ */
+export const TupleChangeEventSchema: GenMessage<TupleChangeEvent> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 6);
+/**
+ * Filter for the watch operation.
+ *
+ * @generated from message hearth.authz.v1.WatchFilter
+ */
+export type WatchFilter = Message<"hearth.authz.v1.WatchFilter"> & {
+  /**
+   * @generated from field: optional string object_type = 1;
+   */
+  objectType?: string | undefined;
+};
+/**
+ * Describes the message hearth.authz.v1.WatchFilter.
+ * Use `create(WatchFilterSchema)` to create a new message.
+ */
+export const WatchFilterSchema: GenMessage<WatchFilter> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 7);
+/**
+ * Namespace configuration defining valid object types and relations.
+ *
+ * @generated from message hearth.authz.v1.NamespaceConfig
+ */
+export type NamespaceConfig = Message<"hearth.authz.v1.NamespaceConfig"> & {
+  /**
+   * @generated from field: map<string, hearth.authz.v1.ObjectTypeConfig> object_types = 1;
+   */
+  objectTypes: { [key: string]: ObjectTypeConfig };
+};
+/**
+ * Describes the message hearth.authz.v1.NamespaceConfig.
+ * Use `create(NamespaceConfigSchema)` to create a new message.
+ */
+export const NamespaceConfigSchema: GenMessage<NamespaceConfig> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 8);
+/**
+ * Configuration for a single object type within the namespace.
+ *
+ * @generated from message hearth.authz.v1.ObjectTypeConfig
+ */
+export type ObjectTypeConfig = Message<"hearth.authz.v1.ObjectTypeConfig"> & {
+  /**
+   * @generated from field: map<string, hearth.authz.v1.RelationConfig> relations = 1;
+   */
+  relations: { [key: string]: RelationConfig };
+};
+/**
+ * Describes the message hearth.authz.v1.ObjectTypeConfig.
+ * Use `create(ObjectTypeConfigSchema)` to create a new message.
+ */
+export const ObjectTypeConfigSchema: GenMessage<ObjectTypeConfig> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 9);
+/**
+ * Configuration for a single relation within an object type.
+ *
+ * @generated from message hearth.authz.v1.RelationConfig
+ */
+export type RelationConfig = Message<"hearth.authz.v1.RelationConfig"> & {
+  /**
+   * @generated from field: repeated string allowed_subject_types = 1;
+   */
+  allowedSubjectTypes: string[];
+};
+/**
+ * Describes the message hearth.authz.v1.RelationConfig.
+ * Use `create(RelationConfigSchema)` to create a new message.
+ */
+export const RelationConfigSchema: GenMessage<RelationConfig> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 10);
+/**
+ * @generated from message hearth.authz.v1.CheckRequest
+ */
+export type CheckRequest = Message<"hearth.authz.v1.CheckRequest"> & {
+  /**
+   * @generated from field: hearth.authz.v1.ObjectRef object = 1;
+   */
+  object?: ObjectRef | undefined;
+  /**
+   * @generated from field: string relation = 2;
+   */
+  relation: string;
+  /**
+   * @generated from field: hearth.authz.v1.SubjectRef subject = 3;
+   */
+  subject?: SubjectRef | undefined;
+  /**
+   * @generated from field: optional hearth.authz.v1.ConsistencyToken at_least_as_fresh_as = 4;
+   */
+  atLeastAsFreshAs?: ConsistencyToken | undefined;
+};
+/**
+ * Describes the message hearth.authz.v1.CheckRequest.
+ * Use `create(CheckRequestSchema)` to create a new message.
+ */
+export const CheckRequestSchema: GenMessage<CheckRequest> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 11);
+/**
+ * @generated from message hearth.authz.v1.CheckResponse
+ */
+export type CheckResponse = Message<"hearth.authz.v1.CheckResponse"> & {
+  /**
+   * @generated from field: bool allowed = 1;
+   */
+  allowed: boolean;
+  /**
+   * @generated from field: hearth.authz.v1.ConsistencyToken token = 2;
+   */
+  token?: ConsistencyToken | undefined;
+};
+/**
+ * Describes the message hearth.authz.v1.CheckResponse.
+ * Use `create(CheckResponseSchema)` to create a new message.
+ */
+export const CheckResponseSchema: GenMessage<CheckResponse> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 12);
+/**
+ * @generated from message hearth.authz.v1.ExpandRequest
+ */
+export type ExpandRequest = Message<"hearth.authz.v1.ExpandRequest"> & {
+  /**
+   * @generated from field: hearth.authz.v1.ObjectRef object = 1;
+   */
+  object?: ObjectRef | undefined;
+  /**
+   * @generated from field: string relation = 2;
+   */
+  relation: string;
+  /**
+   * @generated from field: optional hearth.authz.v1.ConsistencyToken at_least_as_fresh_as = 3;
+   */
+  atLeastAsFreshAs?: ConsistencyToken | undefined;
+};
+/**
+ * Describes the message hearth.authz.v1.ExpandRequest.
+ * Use `create(ExpandRequestSchema)` to create a new message.
+ */
+export const ExpandRequestSchema: GenMessage<ExpandRequest> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 13);
+/**
+ * A tree of subjects for a given (object, relation). Flattened from the
+ * engine's recursive expand tree; each node is keyed by its userset id.
+ *
+ * @generated from message hearth.authz.v1.ExpandResponse
+ */
+export type ExpandResponse = Message<"hearth.authz.v1.ExpandResponse"> & {
+  /**
+   * @generated from field: hearth.authz.v1.ConsistencyToken token = 1;
+   */
+  token?: ConsistencyToken | undefined;
+  /**
+   * @generated from field: repeated hearth.authz.v1.SubjectRef subjects = 2;
+   */
+  subjects: SubjectRef[];
+};
+/**
+ * Describes the message hearth.authz.v1.ExpandResponse.
+ * Use `create(ExpandResponseSchema)` to create a new message.
+ */
+export const ExpandResponseSchema: GenMessage<ExpandResponse> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 14);
+/**
+ * @generated from message hearth.authz.v1.WriteTuplesRequest
+ */
+export type WriteTuplesRequest = Message<"hearth.authz.v1.WriteTuplesRequest"> & {
+  /**
+   * @generated from field: repeated hearth.authz.v1.TupleWrite writes = 1;
+   */
+  writes: TupleWrite[];
+};
+/**
+ * Describes the message hearth.authz.v1.WriteTuplesRequest.
+ * Use `create(WriteTuplesRequestSchema)` to create a new message.
+ */
+export const WriteTuplesRequestSchema: GenMessage<WriteTuplesRequest> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 15);
+/**
+ * @generated from message hearth.authz.v1.WriteTuplesResponse
+ */
+export type WriteTuplesResponse = Message<"hearth.authz.v1.WriteTuplesResponse"> & {
+  /**
+   * @generated from field: hearth.authz.v1.ConsistencyToken token = 1;
+   */
+  token?: ConsistencyToken | undefined;
+};
+/**
+ * Describes the message hearth.authz.v1.WriteTuplesResponse.
+ * Use `create(WriteTuplesResponseSchema)` to create a new message.
+ */
+export const WriteTuplesResponseSchema: GenMessage<WriteTuplesResponse> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 16);
+/**
+ * @generated from message hearth.authz.v1.WatchRequest
+ */
+export type WatchRequest = Message<"hearth.authz.v1.WatchRequest"> & {
+  /**
+   * Start streaming events strictly after this token. When unset, the
+   * stream starts from "now" and only future events are delivered.
+   *
+   * @generated from field: optional hearth.authz.v1.ConsistencyToken start_after = 1;
+   */
+  startAfter?: ConsistencyToken | undefined;
+  /**
+   * @generated from field: optional hearth.authz.v1.WatchFilter filter = 2;
+   */
+  filter?: WatchFilter | undefined;
+};
+/**
+ * Describes the message hearth.authz.v1.WatchRequest.
+ * Use `create(WatchRequestSchema)` to create a new message.
+ */
+export const WatchRequestSchema: GenMessage<WatchRequest> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 17);
+/**
+ * A streamed tuple-change event.
+ *
+ * @generated from message hearth.authz.v1.WatchEvent
+ */
+export type WatchEvent = Message<"hearth.authz.v1.WatchEvent"> & {
+  /**
+   * @generated from field: hearth.authz.v1.TupleChangeEvent event = 1;
+   */
+  event?: TupleChangeEvent | undefined;
+  /**
+   * @generated from field: hearth.authz.v1.ConsistencyToken token = 2;
+   */
+  token?: ConsistencyToken | undefined;
+};
+/**
+ * Describes the message hearth.authz.v1.WatchEvent.
+ * Use `create(WatchEventSchema)` to create a new message.
+ */
+export const WatchEventSchema: GenMessage<WatchEvent> = /*@__PURE__*/
+  messageDesc(file_hearth_authz_v1_authz, 18);
+/**
+ * The operation type for a tuple write.
+ *
+ * @generated from enum hearth.authz.v1.TupleWriteOperation
+ */
+export enum TupleWriteOperation {
+  /**
+   * @generated from enum value: TUPLE_WRITE_OPERATION_UNSPECIFIED = 0;
+   */
+  UNSPECIFIED = 0,
+  /**
+   * @generated from enum value: TUPLE_WRITE_OPERATION_TOUCH = 1;
+   */
+  TOUCH = 1,
+  /**
+   * @generated from enum value: TUPLE_WRITE_OPERATION_DELETE = 2;
+   */
+  DELETE = 2,
+  /**
+   * @generated from enum value: TUPLE_WRITE_OPERATION_TOUCH_IF_ABSENT = 3;
+   */
+  TOUCH_IF_ABSENT = 3,
+  /**
+   * @generated from enum value: TUPLE_WRITE_OPERATION_DELETE_IF_PRESENT = 4;
+   */
+  DELETE_IF_PRESENT = 4,
+}
+/**
+ * Describes the enum hearth.authz.v1.TupleWriteOperation.
+ */
+export const TupleWriteOperationSchema: GenEnum<TupleWriteOperation> = /*@__PURE__*/
+  enumDesc(file_hearth_authz_v1_authz, 0);
+/**
+ * The action type in a tuple change event.
+ *
+ * @generated from enum hearth.authz.v1.TupleChangeAction
+ */
+export enum TupleChangeAction {
+  /**
+   * @generated from enum value: TUPLE_CHANGE_ACTION_UNSPECIFIED = 0;
+   */
+  UNSPECIFIED = 0,
+  /**
+   * @generated from enum value: TUPLE_CHANGE_ACTION_TOUCH = 1;
+   */
+  TOUCH = 1,
+  /**
+   * @generated from enum value: TUPLE_CHANGE_ACTION_DELETE = 2;
+   */
+  DELETE = 2,
+}
+/**
+ * Describes the enum hearth.authz.v1.TupleChangeAction.
+ */
+export const TupleChangeActionSchema: GenEnum<TupleChangeAction> = /*@__PURE__*/
+  enumDesc(file_hearth_authz_v1_authz, 1);
+/**
+ * @generated from service hearth.authz.v1.AuthorizationService
+ */
+export const AuthorizationService: GenService<{
+  /**
+   * @generated from rpc hearth.authz.v1.AuthorizationService.Check
+   */
+  check: {
+    methodKind: "unary";
+    input: typeof CheckRequestSchema;
+    output: typeof CheckResponseSchema;
+  },
+  /**
+   * @generated from rpc hearth.authz.v1.AuthorizationService.Expand
+   */
+  expand: {
+    methodKind: "unary";
+    input: typeof ExpandRequestSchema;
+    output: typeof ExpandResponseSchema;
+  },
+  /**
+   * @generated from rpc hearth.authz.v1.AuthorizationService.WriteTuples
+   */
+  writeTuples: {
+    methodKind: "unary";
+    input: typeof WriteTuplesRequestSchema;
+    output: typeof WriteTuplesResponseSchema;
+  },
+  /**
+   * @generated from rpc hearth.authz.v1.AuthorizationService.Watch
+   */
+  watch: {
+    methodKind: "server_streaming";
+    input: typeof WatchRequestSchema;
+    output: typeof WatchEventSchema;
+  },
+}> = /*@__PURE__*/
+  serviceDesc(file_hearth_authz_v1_authz, 0);