@highflame/policy 1.1.3

package/dist/schema.gen.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Embedded Cedar schema for policy validation.
+ * This is the Highflame Cedar schema used across all services.
+ */
+export declare const CEDAR_SCHEMA = "// Highflame Cedar Schema\n// ======================\n// This is the SOURCE OF TRUTH for all entity types, actions, and their relationships\n// across the Highflame platform.\n//\n// All services (authz, Core, Guardian, Palisade) MUST use the types defined here.\n// The codegen tool parses this file and generates typed constants for Go, TypeScript,\n// and Python to ensure consistency.\n//\n// Usage:\n//   - Policies are validated against this schema when created/updated\n//   - Generated types prevent typos in application code\n//   - Cedar CLI can validate: cedar validate --schema highflame.cedarschema --policies policy.cedar\n\n// =============================================================================\n// PRINCIPAL TYPES (Who is making the request)\n// =============================================================================\n\n// Human user or service account making requests\n// Well-known IDs: \"mcp_client\", \"threat_processor\"\nentity User {\n    // User type: \"external\", \"internal\"\n    user_type: String,\n};\n\n// AI agent or bot\nentity Agent {\n    // Agent type: \"llm\", \"scanner\", \"bot\"\n    agent_type: String,\n};\n\n// Security scanner service\n// Well-known IDs: \"ramparts\", \"palisade\"\nentity Scanner {\n    // Scanner type: \"ramparts\", \"palisade\"\n    scanner_type: String,\n    // Scanner version\n    version: String,\n};\n\n// Backend service account\nentity Service {\n    // Service name\n    service_name: String,\n    // Environment: \"production\", \"staging\", \"development\"\n    environment: String,\n};\n\n// =============================================================================\n// RESOURCE TYPES (What is being accessed)\n// =============================================================================\n\n// Generic resource\n// Well-known IDs: \"threat_analysis\", \"tools/list\", \"tools/call\", \"resources/list\",\n//                 \"resources/read\", \"prompts/list\", \"unknown\"\nentity Resource {};\n\n// LLM response data\n// Well-known IDs: \"response_data\"\nentity ResponseData {};\n\n// MCP tool that can be called\nentity Tool {\n    // Tool name\n    tool_name: String,\n    // Risk level: \"safe\", \"moderate\", \"dangerous\"\n    risk_level: String,\n    // Category: \"file\", \"network\", \"shell\", \"api\"\n    category: String,\n};\n\n// File system path\nentity FilePath {\n    // Full path\n    path: String,\n    // File extension\n    extension: String,\n    // Whether file is sensitive (.env, credentials, etc.)\n    is_sensitive: Bool,\n};\n\n// HTTP endpoint\nentity HttpEndpoint {\n    // Hostname\n    hostname: String,\n    // Scheme: \"http\", \"https\"\n    scheme: String,\n    // Port number\n    port: Long,\n    // Whether endpoint is internal\n    is_internal: Bool,\n};\n\n// MCP Server\nentity Server {\n    // Server name\n    server_name: String,\n};\n\n// ML model artifact (for Palisade)\nentity Artifact {\n    // Format: \"safetensors\", \"pickle\", \"gguf\", \"onnx\"\n    artifact_type: String,\n    // Source URL or path\n    source: String,\n    // SHA256 hash\n    hash: String,\n    // Whether artifact is signed\n    is_signed: Bool,\n};\n\n// Code repository\nentity Repository {\n    // Repository URL\n    url: String,\n};\n\n// Software package\nentity Package {\n    // Package name\n    name: String,\n    // Package version\n    version: String,\n};\n\n// =============================================================================\n// ACTIONS\n// =============================================================================\n\n// --- LLM/Guardrails Actions ---\n\n// Process an LLM prompt\n// Context: prompt_text, yara_threats, threat_count, max_threat_severity,\n//          user_type, monitoring_enabled\naction process_prompt appliesTo {\n    principal: [User, Agent],\n    resource: [Resource],\n};\n\n// Process an LLM response\n// Context: response_size_mb\naction process_response appliesTo {\n    principal: [User, Agent],\n    resource: [ResponseData],\n};\n\n// --- MCP/Tool Actions ---\n\n// Call an MCP tool\n// Context: tool_name\naction call_tool appliesTo {\n    principal: [User, Agent, Service],\n    resource: [Tool, Resource],\n};\n\n// Connect to an MCP server\naction connect_server appliesTo {\n    principal: [User, Agent, Service],\n    resource: [Server, Resource],\n};\n\n// Access a server-specific resource\n// Context: tool_name, resource_name, prompt_name\naction access_server_resource appliesTo {\n    principal: [User, Agent, Service],\n    resource: [Resource],\n};\n\n// Skip guardrails for an operation\naction skip_guardrails appliesTo {\n    principal: [User, Agent, Service],\n    resource: [Resource],\n};\n\n// --- File System Actions ---\n\n// Read a file\n// Context: path\naction read_file appliesTo {\n    principal: [User, Agent, Scanner],\n    resource: [FilePath, Resource],\n};\n\n// Write a file\n// Context: path\naction write_file appliesTo {\n    principal: [User, Agent],\n    resource: [FilePath, Resource],\n};\n\n// --- HTTP Actions ---\n\n// Make an HTTP request\n// Context: hostname, ip_address, scheme, port\naction http_request appliesTo {\n    principal: [User, Agent, Service],\n    resource: [HttpEndpoint, Resource],\n};\n\n// --- Scanner Actions ---\n\n// Scan a target (MCP server, repository, etc.)\naction scan_target appliesTo {\n    principal: [Scanner, Service],\n    resource: [Resource, Repository, Server],\n};\n\n// Scan a software package\naction scan_package appliesTo {\n    principal: [Scanner, Service],\n    resource: [Package, Resource],\n};\n\n// --- Palisade/ML Actions ---\n\n// Scan an ML artifact\n// Context: environment, artifact_format, artifact_signed, severity, finding_type,\n//          provenance_signer, pickle_exec_path_detected, metadata_malicious_pattern,\n//          tokenizer_added_tokens_count, safetensors_integrity_violation,\n//          gguf_suspicious_metadata, adapter_base_digest_mismatch,\n//          metadata_cosai_level_numeric\naction scan_artifact appliesTo {\n    principal: [Scanner, Service],\n    resource: [Artifact, Resource],\n};\n\n// Validate artifact integrity\naction validate_integrity appliesTo {\n    principal: [Scanner, Service],\n    resource: [Artifact],\n};\n\n// Validate artifact provenance\naction validate_provenance appliesTo {\n    principal: [Scanner, Service],\n    resource: [Artifact],\n};\n\n// Quarantine an artifact\naction quarantine_artifact appliesTo {\n    principal: [Scanner, Service],\n    resource: [Artifact],\n};\n\n// Load an ML model\naction load_model appliesTo {\n    principal: [User, Agent, Service],\n    resource: [Artifact],\n};\n\n// Deploy an ML model\naction deploy_model appliesTo {\n    principal: [User, Service],\n    resource: [Artifact],\n};\n\n// =============================================================================\n// CONTEXT ATTRIBUTES REFERENCE (Documentation Only)\n// =============================================================================\n// Cedar context is dynamic and not enforced by schema, but these are the\n// standard attributes used across Highflame services:\n//\n// GUARDRAILS/CORE:\n//   tool_name: String           - Name of tool being called\n//   resource_name: String       - Name of resource being accessed\n//   prompt_name: String         - Name of prompt\n//   prompt_text: String         - Raw prompt text (for injection detection)\n//   response_size_mb: Long      - Response size in megabytes\n//   yara_threats: Set<String>   - Set of detected YARA threat names\n//   threat_count: Long          - Number of threats detected\n//   max_threat_severity: Long   - Highest severity (0=INFO, 4=CRITICAL)\n//   user_type: String           - \"external\" or \"internal\"\n//   monitoring_enabled: Bool    - Whether monitoring is active\n//   path: String                - File path\n//   hostname: String            - HTTP hostname\n//   ip_address: String          - IP address (for SSRF detection)\n//   scheme: String              - HTTP scheme\n//   port: Long                  - Port number\n//\n// PALISADE:\n//   environment: String                    - \"production\", \"development\", \"research\"\n//   artifact_format: String                - \"pickle\", \"safetensors\", \"gguf\", \"onnx\"\n//   artifact_signed: Bool                  - Whether artifact has signature\n//   severity: String                       - \"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\", \"INFO\"\n//   finding_type: String                   - Type of security finding\n//   provenance_signer: String              - Who signed (\"unknown\", \"unsigned\", or name)\n//   pickle_exec_path_detected: Bool        - RCE path found in pickle\n//   metadata_malicious_pattern: Bool       - Malicious pattern in metadata\n//   tokenizer_added_tokens_count: Long     - Number of added tokens\n//   safetensors_integrity_violation: Bool  - Safetensors integrity failed\n//   gguf_suspicious_metadata: Bool         - Suspicious GGUF metadata\n//   adapter_base_digest_mismatch: Bool     - LoRA adapter digest mismatch\n//   metadata_cosai_level_numeric: Long     - CoSAI maturity level (0-5)\n";
+//# sourceMappingURL=schema.gen.d.ts.map

package/dist/schema.gen.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.gen.d.ts","sourceRoot":"","sources":["../src/schema.gen.ts"],"names":[],"mappings":"AAGA;;;GAGG;AACH,eAAO,MAAM,YAAY,27RAqSxB,CAAC"}

package/dist/schema.gen.js

@@ -0,0 +1,301 @@
+// Code generated by highflame-policy-codegen. DO NOT EDIT.
+// Source: schema/highflame.cedarschema
+/**
+ * Embedded Cedar schema for policy validation.
+ * This is the Highflame Cedar schema used across all services.
+ */
+export const CEDAR_SCHEMA = `// Highflame Cedar Schema
+// ======================
+// This is the SOURCE OF TRUTH for all entity types, actions, and their relationships
+// across the Highflame platform.
+//
+// All services (authz, Core, Guardian, Palisade) MUST use the types defined here.
+// The codegen tool parses this file and generates typed constants for Go, TypeScript,
+// and Python to ensure consistency.
+//
+// Usage:
+//   - Policies are validated against this schema when created/updated
+//   - Generated types prevent typos in application code
+//   - Cedar CLI can validate: cedar validate --schema highflame.cedarschema --policies policy.cedar
+
+// =============================================================================
+// PRINCIPAL TYPES (Who is making the request)
+// =============================================================================
+
+// Human user or service account making requests
+// Well-known IDs: "mcp_client", "threat_processor"
+entity User {
+    // User type: "external", "internal"
+    user_type: String,
+};
+
+// AI agent or bot
+entity Agent {
+    // Agent type: "llm", "scanner", "bot"
+    agent_type: String,
+};
+
+// Security scanner service
+// Well-known IDs: "ramparts", "palisade"
+entity Scanner {
+    // Scanner type: "ramparts", "palisade"
+    scanner_type: String,
+    // Scanner version
+    version: String,
+};
+
+// Backend service account
+entity Service {
+    // Service name
+    service_name: String,
+    // Environment: "production", "staging", "development"
+    environment: String,
+};
+
+// =============================================================================
+// RESOURCE TYPES (What is being accessed)
+// =============================================================================
+
+// Generic resource
+// Well-known IDs: "threat_analysis", "tools/list", "tools/call", "resources/list",
+//                 "resources/read", "prompts/list", "unknown"
+entity Resource {};
+
+// LLM response data
+// Well-known IDs: "response_data"
+entity ResponseData {};
+
+// MCP tool that can be called
+entity Tool {
+    // Tool name
+    tool_name: String,
+    // Risk level: "safe", "moderate", "dangerous"
+    risk_level: String,
+    // Category: "file", "network", "shell", "api"
+    category: String,
+};
+
+// File system path
+entity FilePath {
+    // Full path
+    path: String,
+    // File extension
+    extension: String,
+    // Whether file is sensitive (.env, credentials, etc.)
+    is_sensitive: Bool,
+};
+
+// HTTP endpoint
+entity HttpEndpoint {
+    // Hostname
+    hostname: String,
+    // Scheme: "http", "https"
+    scheme: String,
+    // Port number
+    port: Long,
+    // Whether endpoint is internal
+    is_internal: Bool,
+};
+
+// MCP Server
+entity Server {
+    // Server name
+    server_name: String,
+};
+
+// ML model artifact (for Palisade)
+entity Artifact {
+    // Format: "safetensors", "pickle", "gguf", "onnx"
+    artifact_type: String,
+    // Source URL or path
+    source: String,
+    // SHA256 hash
+    hash: String,
+    // Whether artifact is signed
+    is_signed: Bool,
+};
+
+// Code repository
+entity Repository {
+    // Repository URL
+    url: String,
+};
+
+// Software package
+entity Package {
+    // Package name
+    name: String,
+    // Package version
+    version: String,
+};
+
+// =============================================================================
+// ACTIONS
+// =============================================================================
+
+// --- LLM/Guardrails Actions ---
+
+// Process an LLM prompt
+// Context: prompt_text, yara_threats, threat_count, max_threat_severity,
+//          user_type, monitoring_enabled
+action process_prompt appliesTo {
+    principal: [User, Agent],
+    resource: [Resource],
+};
+
+// Process an LLM response
+// Context: response_size_mb
+action process_response appliesTo {
+    principal: [User, Agent],
+    resource: [ResponseData],
+};
+
+// --- MCP/Tool Actions ---
+
+// Call an MCP tool
+// Context: tool_name
+action call_tool appliesTo {
+    principal: [User, Agent, Service],
+    resource: [Tool, Resource],
+};
+
+// Connect to an MCP server
+action connect_server appliesTo {
+    principal: [User, Agent, Service],
+    resource: [Server, Resource],
+};
+
+// Access a server-specific resource
+// Context: tool_name, resource_name, prompt_name
+action access_server_resource appliesTo {
+    principal: [User, Agent, Service],
+    resource: [Resource],
+};
+
+// Skip guardrails for an operation
+action skip_guardrails appliesTo {
+    principal: [User, Agent, Service],
+    resource: [Resource],
+};
+
+// --- File System Actions ---
+
+// Read a file
+// Context: path
+action read_file appliesTo {
+    principal: [User, Agent, Scanner],
+    resource: [FilePath, Resource],
+};
+
+// Write a file
+// Context: path
+action write_file appliesTo {
+    principal: [User, Agent],
+    resource: [FilePath, Resource],
+};
+
+// --- HTTP Actions ---
+
+// Make an HTTP request
+// Context: hostname, ip_address, scheme, port
+action http_request appliesTo {
+    principal: [User, Agent, Service],
+    resource: [HttpEndpoint, Resource],
+};
+
+// --- Scanner Actions ---
+
+// Scan a target (MCP server, repository, etc.)
+action scan_target appliesTo {
+    principal: [Scanner, Service],
+    resource: [Resource, Repository, Server],
+};
+
+// Scan a software package
+action scan_package appliesTo {
+    principal: [Scanner, Service],
+    resource: [Package, Resource],
+};
+
+// --- Palisade/ML Actions ---
+
+// Scan an ML artifact
+// Context: environment, artifact_format, artifact_signed, severity, finding_type,
+//          provenance_signer, pickle_exec_path_detected, metadata_malicious_pattern,
+//          tokenizer_added_tokens_count, safetensors_integrity_violation,
+//          gguf_suspicious_metadata, adapter_base_digest_mismatch,
+//          metadata_cosai_level_numeric
+action scan_artifact appliesTo {
+    principal: [Scanner, Service],
+    resource: [Artifact, Resource],
+};
+
+// Validate artifact integrity
+action validate_integrity appliesTo {
+    principal: [Scanner, Service],
+    resource: [Artifact],
+};
+
+// Validate artifact provenance
+action validate_provenance appliesTo {
+    principal: [Scanner, Service],
+    resource: [Artifact],
+};
+
+// Quarantine an artifact
+action quarantine_artifact appliesTo {
+    principal: [Scanner, Service],
+    resource: [Artifact],
+};
+
+// Load an ML model
+action load_model appliesTo {
+    principal: [User, Agent, Service],
+    resource: [Artifact],
+};
+
+// Deploy an ML model
+action deploy_model appliesTo {
+    principal: [User, Service],
+    resource: [Artifact],
+};
+
+// =============================================================================
+// CONTEXT ATTRIBUTES REFERENCE (Documentation Only)
+// =============================================================================
+// Cedar context is dynamic and not enforced by schema, but these are the
+// standard attributes used across Highflame services:
+//
+// GUARDRAILS/CORE:
+//   tool_name: String           - Name of tool being called
+//   resource_name: String       - Name of resource being accessed
+//   prompt_name: String         - Name of prompt
+//   prompt_text: String         - Raw prompt text (for injection detection)
+//   response_size_mb: Long      - Response size in megabytes
+//   yara_threats: Set<String>   - Set of detected YARA threat names
+//   threat_count: Long          - Number of threats detected
+//   max_threat_severity: Long   - Highest severity (0=INFO, 4=CRITICAL)
+//   user_type: String           - "external" or "internal"
+//   monitoring_enabled: Bool    - Whether monitoring is active
+//   path: String                - File path
+//   hostname: String            - HTTP hostname
+//   ip_address: String          - IP address (for SSRF detection)
+//   scheme: String              - HTTP scheme
+//   port: Long                  - Port number
+//
+// PALISADE:
+//   environment: String                    - "production", "development", "research"
+//   artifact_format: String                - "pickle", "safetensors", "gguf", "onnx"
+//   artifact_signed: Bool                  - Whether artifact has signature
+//   severity: String                       - "CRITICAL", "HIGH", "MEDIUM", "LOW", "INFO"
+//   finding_type: String                   - Type of security finding
+//   provenance_signer: String              - Who signed ("unknown", "unsigned", or name)
+//   pickle_exec_path_detected: Bool        - RCE path found in pickle
+//   metadata_malicious_pattern: Bool       - Malicious pattern in metadata
+//   tokenizer_added_tokens_count: Long     - Number of added tokens
+//   safetensors_integrity_violation: Bool  - Safetensors integrity failed
+//   gguf_suspicious_metadata: Bool         - Suspicious GGUF metadata
+//   adapter_base_digest_mismatch: Bool     - LoRA adapter digest mismatch
+//   metadata_cosai_level_numeric: Long     - CoSAI maturity level (0-5)
+`;
+//# sourceMappingURL=schema.gen.js.map

package/dist/schema.gen.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.gen.js","sourceRoot":"","sources":["../src/schema.gen.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,uCAAuC;AAEvC;;;GAGG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAqS3B,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,6 @@
+export * from './entities.gen.js';
+export * from './actions.gen.js';
+export * from './context.gen.js';
+export * from './schema.gen.js';
+export * from './builder.js';
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAQA,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAGhC,cAAc,cAAc,CAAC"}

package/dist/types.js

@@ -0,0 +1,14 @@
+// Code generated by highflame-policy-codegen. DO NOT EDIT.
+// Source: schema/highflame.cedarschema
+//
+// Browser-safe exports - no WASM dependency.
+// Use this entry point in browser environments:
+//   import { EntityType, PolicyBuilder } from '@highflame/policy/types';
+// Generated types - work in browser and Node.js
+export * from './entities.gen.js';
+export * from './actions.gen.js';
+export * from './context.gen.js';
+export * from './schema.gen.js';
+// PolicyBuilder - works in browser (no WASM dependency)
+export * from './builder.js';
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,uCAAuC;AACvC,EAAE;AACF,6CAA6C;AAC7C,gDAAgD;AAChD,yEAAyE;AAEzE,gDAAgD;AAChD,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAEhC,wDAAwD;AACxD,cAAc,cAAc,CAAC"}

package/package.json

@@ -0,0 +1,69 @@
+{
+  "name": "@highflame/policy",
+  "version": "1.1.3",
+  "description": "Highflame Cedar policy types and engine wrapper",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "type": "module",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    },
+    "./types": {
+      "import": "./dist/types.js",
+      "types": "./dist/types.d.ts"
+    },
+    "./server": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    },
+    "./entities": {
+      "import": "./dist/entities.gen.js",
+      "types": "./dist/entities.gen.d.ts"
+    },
+    "./actions": {
+      "import": "./dist/actions.gen.js",
+      "types": "./dist/actions.gen.d.ts"
+    },
+    "./context": {
+      "import": "./dist/context.gen.js",
+      "types": "./dist/context.gen.d.ts"
+    },
+    "./engine": {
+      "import": "./dist/engine.js",
+      "types": "./dist/engine.d.ts"
+    },
+    "./builder": {
+      "import": "./dist/builder.js",
+      "types": "./dist/builder.d.ts"
+    }
+  },
+  "scripts": {
+    "build": "tsc",
+    "clean": "rm -rf dist",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "@cedar-policy/cedar-wasm": "^4.0.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.3.0"
+  },
+  "files": [
+    "dist",
+    "src"
+  ],
+  "keywords": [
+    "cedar",
+    "policy",
+    "authorization",
+    "highflame"
+  ],
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/highflame-ai/highflame-policy.git",
+    "directory": "packages/typescript"
+  }
+}

package/src/actions.gen.ts

@@ -0,0 +1,36 @@
+// Code generated by highflame-policy-codegen. DO NOT EDIT.
+// Source: schema/highflame.cedarschema
+
+import { EntityUID } from './entities.gen.js';
+
+/**
+ * Action types defined in the Highflame Cedar schema.
+ */
+export const ActionType = {
+    AccessServerResource: 'access_server_resource',
+    CallTool: 'call_tool',
+    ConnectServer: 'connect_server',
+    DeployModel: 'deploy_model',
+    HttpRequest: 'http_request',
+    LoadModel: 'load_model',
+    ProcessPrompt: 'process_prompt',
+    ProcessResponse: 'process_response',
+    QuarantineArtifact: 'quarantine_artifact',
+    ReadFile: 'read_file',
+    ScanArtifact: 'scan_artifact',
+    ScanPackage: 'scan_package',
+    ScanTarget: 'scan_target',
+    SkipGuardrails: 'skip_guardrails',
+    ValidateIntegrity: 'validate_integrity',
+    ValidateProvenance: 'validate_provenance',
+    WriteFile: 'write_file',
+} as const;
+
+export type ActionType = (typeof ActionType)[keyof typeof ActionType];
+
+/**
+ * Create an EntityUID for an action.
+ */
+export function actionUID(action: ActionType): EntityUID {
+    return { type: 'Action', id: action };
+}