@highflame/policy 2.0.2 → 2.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/annotations.d.ts +127 -0
- package/dist/annotations.d.ts.map +1 -0
- package/dist/annotations.js +175 -0
- package/dist/annotations.js.map +1 -0
- package/dist/builder.d.ts +114 -25
- package/dist/builder.d.ts.map +1 -1
- package/dist/builder.js +295 -113
- package/dist/builder.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/parser.d.ts +1 -1
- package/dist/parser.d.ts.map +1 -1
- package/dist/parser.js +18 -11
- package/dist/parser.js.map +1 -1
- package/dist/parser.test.js +2 -2
- package/dist/parser.test.js.map +1 -1
- package/dist/studio-ui.test.js +436 -0
- package/dist/studio-ui.test.js.map +1 -1
- package/dist/types.d.ts +1 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +2 -0
- package/dist/types.js.map +1 -1
- package/package.json +1 -1
- package/src/annotations.ts +243 -0
- package/src/builder.ts +386 -127
- package/src/index.ts +1 -0
- package/src/parser.test.ts +2 -2
- package/src/parser.ts +20 -12
- package/src/studio-ui.test.ts +499 -0
- package/src/types.ts +3 -0
package/dist/builder.js
CHANGED
|
@@ -14,28 +14,114 @@
|
|
|
14
14
|
* .when("context.environment == \"production\"")
|
|
15
15
|
* .build();
|
|
16
16
|
*
|
|
17
|
-
* // Get Cedar policy text
|
|
17
|
+
* // Get Cedar policy text (with proper @annotations)
|
|
18
18
|
* const cedarText = policy.toCedar();
|
|
19
19
|
*
|
|
20
20
|
* // Get JSON representation (for storage/editing)
|
|
21
21
|
* const policyJson = policy.toJSON();
|
|
22
22
|
* ```
|
|
23
|
+
*
|
|
24
|
+
* Cedar Annotations:
|
|
25
|
+
* Policies include proper Cedar annotations that are embedded in the policy text:
|
|
26
|
+
* ```cedar
|
|
27
|
+
* @id("rule-001")
|
|
28
|
+
* @name("Block critical threats")
|
|
29
|
+
* @severity("high")
|
|
30
|
+
* permit(...) when {...};
|
|
31
|
+
* ```
|
|
32
|
+
*/
|
|
33
|
+
import { generateAnnotationLines, generateRuleId, } from './annotations.js';
|
|
34
|
+
// ============================================================================
|
|
35
|
+
// Security: Input Validation and Escaping
|
|
36
|
+
// ============================================================================
|
|
37
|
+
/**
|
|
38
|
+
* Valid identifier pattern for Cedar (alphanumeric, underscore, with optional namespace).
|
|
23
39
|
*/
|
|
40
|
+
const VALID_IDENTIFIER_REGEX = /^[A-Za-z_][A-Za-z0-9_]*(::[A-Za-z_][A-Za-z0-9_]*)*$/;
|
|
41
|
+
/**
|
|
42
|
+
* Pattern that matches potentially dangerous content in raw conditions.
|
|
43
|
+
*/
|
|
44
|
+
const DANGEROUS_PATTERN_REGEX = /[;}]|\/\/|\/\*|\*\/|permit\s*\(|forbid\s*\(/;
|
|
45
|
+
/**
|
|
46
|
+
* Escape a string value for use in Cedar string literals.
|
|
47
|
+
* This prevents injection attacks by escaping backslashes and double quotes.
|
|
48
|
+
*/
|
|
49
|
+
function escapeCedarString(value) {
|
|
50
|
+
return value.replace(/\\/g, '\\\\').replace(/"/g, '\\"');
|
|
51
|
+
}
|
|
52
|
+
/**
|
|
53
|
+
* Check if a string is a valid Cedar identifier.
|
|
54
|
+
*/
|
|
55
|
+
function isValidIdentifier(s) {
|
|
56
|
+
return VALID_IDENTIFIER_REGEX.test(s);
|
|
57
|
+
}
|
|
58
|
+
/**
|
|
59
|
+
* Sanitize an identifier, replacing invalid characters with underscores.
|
|
60
|
+
*/
|
|
61
|
+
function sanitizeIdentifier(s, context) {
|
|
62
|
+
if (isValidIdentifier(s)) {
|
|
63
|
+
return s;
|
|
64
|
+
}
|
|
65
|
+
// Replace invalid characters with underscores
|
|
66
|
+
const sanitized = s.replace(/[^A-Za-z0-9_:]/g, '_');
|
|
67
|
+
if (sanitized === '' || !isValidIdentifier(sanitized)) {
|
|
68
|
+
return `invalid_${context}`;
|
|
69
|
+
}
|
|
70
|
+
return sanitized;
|
|
71
|
+
}
|
|
72
|
+
/**
|
|
73
|
+
* Validate a raw condition string for potentially dangerous patterns.
|
|
74
|
+
* Returns true if the condition is safe to use.
|
|
75
|
+
*/
|
|
76
|
+
function isValidRawCondition(condition) {
|
|
77
|
+
return !DANGEROUS_PATTERN_REGEX.test(condition);
|
|
78
|
+
}
|
|
24
79
|
/**
|
|
25
80
|
* Format an action string for Cedar policy text.
|
|
26
81
|
* Detects if action is already namespaced (contains 'Action::"') and preserves it,
|
|
27
82
|
* otherwise wraps with Action::"...".
|
|
83
|
+
* Escapes the action name to prevent injection attacks.
|
|
28
84
|
*/
|
|
29
85
|
function formatAction(action) {
|
|
30
86
|
if (action.includes('Action::"')) {
|
|
31
|
-
// Already namespaced
|
|
87
|
+
// Already namespaced - extract and escape the action name
|
|
88
|
+
const parts = action.split('Action::"');
|
|
89
|
+
if (parts.length === 2) {
|
|
90
|
+
const actionName = parts[1].replace(/"$/, '');
|
|
91
|
+
return `${parts[0]}Action::"${escapeCedarString(actionName)}"`;
|
|
92
|
+
}
|
|
32
93
|
return action;
|
|
33
94
|
}
|
|
34
95
|
// Non-namespaced, wrap with Action::"..."
|
|
35
|
-
return `Action::"${action}"`;
|
|
96
|
+
return `Action::"${escapeCedarString(action)}"`;
|
|
97
|
+
}
|
|
98
|
+
/**
|
|
99
|
+
* Convert a legacy PolicyRule to the new annotations-based format.
|
|
100
|
+
*/
|
|
101
|
+
export function convertLegacyRule(legacy, index = 0) {
|
|
102
|
+
return {
|
|
103
|
+
annotations: {
|
|
104
|
+
id: legacy.id || generateRuleId(),
|
|
105
|
+
name: legacy.name || legacy.id || `Rule ${index + 1}`,
|
|
106
|
+
description: legacy.description,
|
|
107
|
+
severity: legacy.severity,
|
|
108
|
+
tags: legacy.tags,
|
|
109
|
+
},
|
|
110
|
+
effect: legacy.effect,
|
|
111
|
+
principal: legacy.principal,
|
|
112
|
+
action: legacy.action,
|
|
113
|
+
resource: legacy.resource,
|
|
114
|
+
conditions: legacy.conditions,
|
|
115
|
+
rawCondition: legacy.rawCondition,
|
|
116
|
+
enabled: legacy.enabled,
|
|
117
|
+
order: legacy.order,
|
|
118
|
+
};
|
|
36
119
|
}
|
|
37
120
|
/**
|
|
38
|
-
* A built policy that can be converted to Cedar text or JSON
|
|
121
|
+
* A built policy that can be converted to Cedar text or JSON.
|
|
122
|
+
* This class is used by PolicyBuilder for the legacy API.
|
|
123
|
+
*
|
|
124
|
+
* For new code, use ruleToCedar() and rulesToCedar() functions with PolicyRule.
|
|
39
125
|
*/
|
|
40
126
|
export class Policy {
|
|
41
127
|
data;
|
|
@@ -43,121 +129,23 @@ export class Policy {
|
|
|
43
129
|
this.data = data;
|
|
44
130
|
}
|
|
45
131
|
/**
|
|
46
|
-
* Convert to Cedar policy text
|
|
132
|
+
* Convert to Cedar policy text.
|
|
133
|
+
* Uses proper Cedar @annotation syntax.
|
|
47
134
|
*/
|
|
48
135
|
toCedar() {
|
|
49
136
|
const lines = [];
|
|
50
|
-
//
|
|
51
|
-
if (this.data.name) {
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
// Effect and principal
|
|
58
|
-
let policyLine = `${this.data.effect} (`;
|
|
59
|
-
// Principal
|
|
60
|
-
if (this.data.principal) {
|
|
61
|
-
if (this.data.principal.id) {
|
|
62
|
-
policyLine += `\n principal == ${this.data.principal.type}::\"${this.data.principal.id}\"`;
|
|
63
|
-
}
|
|
64
|
-
else {
|
|
65
|
-
policyLine += `\n principal is ${this.data.principal.type}`;
|
|
66
|
-
}
|
|
67
|
-
}
|
|
68
|
-
else {
|
|
69
|
-
policyLine += `\n principal`;
|
|
70
|
-
}
|
|
71
|
-
// Action
|
|
72
|
-
if (Array.isArray(this.data.action)) {
|
|
73
|
-
if (this.data.action.length === 1) {
|
|
74
|
-
policyLine += `,\n action == ${formatAction(this.data.action[0])}`;
|
|
75
|
-
}
|
|
76
|
-
else {
|
|
77
|
-
const actions = this.data.action.map(a => formatAction(a)).join(', ');
|
|
78
|
-
policyLine += `,\n action in [${actions}]`;
|
|
79
|
-
}
|
|
80
|
-
}
|
|
81
|
-
else {
|
|
82
|
-
policyLine += `,\n action == ${formatAction(this.data.action)}`;
|
|
83
|
-
}
|
|
84
|
-
// Resource
|
|
85
|
-
if (this.data.resource) {
|
|
86
|
-
if (this.data.resource.id) {
|
|
87
|
-
policyLine += `,\n resource == ${this.data.resource.type}::\"${this.data.resource.id}\"`;
|
|
88
|
-
}
|
|
89
|
-
else {
|
|
90
|
-
policyLine += `,\n resource is ${this.data.resource.type}`;
|
|
91
|
-
}
|
|
92
|
-
}
|
|
93
|
-
else {
|
|
94
|
-
policyLine += `,\n resource`;
|
|
95
|
-
}
|
|
96
|
-
policyLine += '\n)';
|
|
97
|
-
lines.push(policyLine);
|
|
98
|
-
// When clause
|
|
99
|
-
if (this.data.rawCondition) {
|
|
100
|
-
lines.push(`when { ${this.data.rawCondition} };`);
|
|
101
|
-
}
|
|
102
|
-
else if (this.data.conditions.length > 0) {
|
|
103
|
-
const conditionStr = this.data.conditions
|
|
104
|
-
.map(c => this.conditionToCedar(c))
|
|
105
|
-
.join(' && ');
|
|
106
|
-
lines.push(`when { ${conditionStr} };`);
|
|
107
|
-
}
|
|
108
|
-
else {
|
|
109
|
-
lines.push(';');
|
|
137
|
+
// Generate proper Cedar annotations
|
|
138
|
+
if (this.data.id || this.data.name) {
|
|
139
|
+
const annotations = {
|
|
140
|
+
id: this.data.id || generateRuleId(),
|
|
141
|
+
name: this.data.name || this.data.id || 'Unnamed Policy',
|
|
142
|
+
};
|
|
143
|
+
lines.push(...generateAnnotationLines(annotations));
|
|
110
144
|
}
|
|
145
|
+
// Generate policy body
|
|
146
|
+
lines.push(generatePolicyBody(this.data.effect, this.data.principal, this.data.action, this.data.resource, this.data.conditions, this.data.rawCondition));
|
|
111
147
|
return lines.join('\n');
|
|
112
148
|
}
|
|
113
|
-
/**
|
|
114
|
-
* Convert a condition to Cedar syntax
|
|
115
|
-
*/
|
|
116
|
-
conditionToCedar(condition) {
|
|
117
|
-
const { field, operator, value } = condition;
|
|
118
|
-
const valueStr = this.valueToString(value);
|
|
119
|
-
switch (operator) {
|
|
120
|
-
case 'eq':
|
|
121
|
-
return `context.${field} == ${valueStr}`;
|
|
122
|
-
case 'neq':
|
|
123
|
-
return `context.${field} != ${valueStr}`;
|
|
124
|
-
case 'lt':
|
|
125
|
-
return `context.${field} < ${valueStr}`;
|
|
126
|
-
case 'lte':
|
|
127
|
-
return `context.${field} <= ${valueStr}`;
|
|
128
|
-
case 'gt':
|
|
129
|
-
return `context.${field} > ${valueStr}`;
|
|
130
|
-
case 'gte':
|
|
131
|
-
return `context.${field} >= ${valueStr}`;
|
|
132
|
-
case 'contains':
|
|
133
|
-
return `context.${field}.contains(${valueStr})`;
|
|
134
|
-
case 'in':
|
|
135
|
-
if (Array.isArray(value)) {
|
|
136
|
-
const items = value.map(v => `\"${v}\"`).join(', ');
|
|
137
|
-
return `context.${field} in [${items}]`;
|
|
138
|
-
}
|
|
139
|
-
return `context.${field} in ${valueStr}`;
|
|
140
|
-
case 'like':
|
|
141
|
-
return `context.${field} like ${valueStr}`;
|
|
142
|
-
default:
|
|
143
|
-
return `context.${field} == ${valueStr}`;
|
|
144
|
-
}
|
|
145
|
-
}
|
|
146
|
-
/**
|
|
147
|
-
* Convert a value to Cedar string representation
|
|
148
|
-
*/
|
|
149
|
-
valueToString(value) {
|
|
150
|
-
if (typeof value === 'string') {
|
|
151
|
-
return `\"${value}\"`;
|
|
152
|
-
}
|
|
153
|
-
if (typeof value === 'number' || typeof value === 'boolean') {
|
|
154
|
-
return String(value);
|
|
155
|
-
}
|
|
156
|
-
if (Array.isArray(value)) {
|
|
157
|
-
return `[${value.map(v => `\"${v}\"`).join(', ')}]`;
|
|
158
|
-
}
|
|
159
|
-
return String(value);
|
|
160
|
-
}
|
|
161
149
|
/**
|
|
162
150
|
* Get JSON representation for storage
|
|
163
151
|
*/
|
|
@@ -177,6 +165,200 @@ export class Policy {
|
|
|
177
165
|
return this.data.name;
|
|
178
166
|
}
|
|
179
167
|
}
|
|
168
|
+
// ============================================================================
|
|
169
|
+
// Cedar Generation Functions
|
|
170
|
+
// ============================================================================
|
|
171
|
+
/**
|
|
172
|
+
* Convert a condition to Cedar syntax.
|
|
173
|
+
* Field names are sanitized to prevent injection attacks.
|
|
174
|
+
*/
|
|
175
|
+
function conditionToCedar(condition) {
|
|
176
|
+
const field = sanitizeIdentifier(condition.field, 'field');
|
|
177
|
+
const { operator, value } = condition;
|
|
178
|
+
const valueStr = valueToString(value);
|
|
179
|
+
switch (operator) {
|
|
180
|
+
case 'eq':
|
|
181
|
+
return `context.${field} == ${valueStr}`;
|
|
182
|
+
case 'neq':
|
|
183
|
+
return `context.${field} != ${valueStr}`;
|
|
184
|
+
case 'lt':
|
|
185
|
+
return `context.${field} < ${valueStr}`;
|
|
186
|
+
case 'lte':
|
|
187
|
+
return `context.${field} <= ${valueStr}`;
|
|
188
|
+
case 'gt':
|
|
189
|
+
return `context.${field} > ${valueStr}`;
|
|
190
|
+
case 'gte':
|
|
191
|
+
return `context.${field} >= ${valueStr}`;
|
|
192
|
+
case 'contains':
|
|
193
|
+
return `context.${field}.contains(${valueStr})`;
|
|
194
|
+
case 'in':
|
|
195
|
+
if (Array.isArray(value)) {
|
|
196
|
+
const items = value.map(v => `"${escapeCedarString(v)}"`).join(', ');
|
|
197
|
+
return `context.${field} in [${items}]`;
|
|
198
|
+
}
|
|
199
|
+
return `context.${field} in ${valueStr}`;
|
|
200
|
+
case 'like':
|
|
201
|
+
return `context.${field} like ${valueStr}`;
|
|
202
|
+
default:
|
|
203
|
+
return `context.${field} == ${valueStr}`;
|
|
204
|
+
}
|
|
205
|
+
}
|
|
206
|
+
/**
|
|
207
|
+
* Convert a value to Cedar string representation.
|
|
208
|
+
* String values are escaped to prevent injection attacks.
|
|
209
|
+
*/
|
|
210
|
+
function valueToString(value) {
|
|
211
|
+
if (typeof value === 'string') {
|
|
212
|
+
return `"${escapeCedarString(value)}"`;
|
|
213
|
+
}
|
|
214
|
+
if (typeof value === 'number' || typeof value === 'boolean') {
|
|
215
|
+
return String(value);
|
|
216
|
+
}
|
|
217
|
+
if (Array.isArray(value)) {
|
|
218
|
+
return `[${value.map(v => `"${escapeCedarString(v)}"`).join(', ')}]`;
|
|
219
|
+
}
|
|
220
|
+
return String(value);
|
|
221
|
+
}
|
|
222
|
+
/**
|
|
223
|
+
* Generate the Cedar policy body (permit/forbid statement).
|
|
224
|
+
* All inputs are sanitized/escaped to prevent injection attacks.
|
|
225
|
+
*/
|
|
226
|
+
function generatePolicyBody(effect, principal, action, resource, conditions, rawCondition) {
|
|
227
|
+
let policyLine = `${effect} (`;
|
|
228
|
+
// Principal
|
|
229
|
+
if (principal) {
|
|
230
|
+
const entityType = sanitizeIdentifier(principal.type, 'principal_type');
|
|
231
|
+
if (principal.id) {
|
|
232
|
+
policyLine += `\n principal == ${entityType}::"${escapeCedarString(principal.id)}"`;
|
|
233
|
+
}
|
|
234
|
+
else {
|
|
235
|
+
policyLine += `\n principal is ${entityType}`;
|
|
236
|
+
}
|
|
237
|
+
}
|
|
238
|
+
else {
|
|
239
|
+
policyLine += `\n principal`;
|
|
240
|
+
}
|
|
241
|
+
// Action
|
|
242
|
+
if (Array.isArray(action)) {
|
|
243
|
+
if (action.length === 1) {
|
|
244
|
+
policyLine += `,\n action == ${formatAction(action[0])}`;
|
|
245
|
+
}
|
|
246
|
+
else {
|
|
247
|
+
const actions = action.map(a => formatAction(a)).join(', ');
|
|
248
|
+
policyLine += `,\n action in [${actions}]`;
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
else {
|
|
252
|
+
policyLine += `,\n action == ${formatAction(action)}`;
|
|
253
|
+
}
|
|
254
|
+
// Resource
|
|
255
|
+
if (resource) {
|
|
256
|
+
const entityType = sanitizeIdentifier(resource.type, 'resource_type');
|
|
257
|
+
if (resource.id) {
|
|
258
|
+
policyLine += `,\n resource == ${entityType}::"${escapeCedarString(resource.id)}"`;
|
|
259
|
+
}
|
|
260
|
+
else {
|
|
261
|
+
policyLine += `,\n resource is ${entityType}`;
|
|
262
|
+
}
|
|
263
|
+
}
|
|
264
|
+
else {
|
|
265
|
+
policyLine += `,\n resource`;
|
|
266
|
+
}
|
|
267
|
+
policyLine += '\n)';
|
|
268
|
+
// When clause
|
|
269
|
+
// SECURITY: rawCondition is validated to prevent injection attacks.
|
|
270
|
+
// If validation fails, fall back to structured conditions.
|
|
271
|
+
if (rawCondition) {
|
|
272
|
+
if (isValidRawCondition(rawCondition)) {
|
|
273
|
+
policyLine += `\nwhen { ${rawCondition} };`;
|
|
274
|
+
}
|
|
275
|
+
else if (conditions.length > 0) {
|
|
276
|
+
// Fallback to structured conditions if rawCondition is rejected
|
|
277
|
+
const conditionStr = conditions.map(c => conditionToCedar(c)).join(' && ');
|
|
278
|
+
policyLine += `\nwhen { ${conditionStr} };`;
|
|
279
|
+
}
|
|
280
|
+
else {
|
|
281
|
+
policyLine += ';';
|
|
282
|
+
}
|
|
283
|
+
}
|
|
284
|
+
else if (conditions.length > 0) {
|
|
285
|
+
const conditionStr = conditions.map(c => conditionToCedar(c)).join(' && ');
|
|
286
|
+
policyLine += `\nwhen { ${conditionStr} };`;
|
|
287
|
+
}
|
|
288
|
+
else {
|
|
289
|
+
policyLine += ';';
|
|
290
|
+
}
|
|
291
|
+
return policyLine;
|
|
292
|
+
}
|
|
293
|
+
/**
|
|
294
|
+
* Convert a PolicyRule to Cedar policy text with proper annotations.
|
|
295
|
+
*
|
|
296
|
+
* @param rule - The PolicyRule to convert
|
|
297
|
+
* @returns Cedar policy text string
|
|
298
|
+
*
|
|
299
|
+
* @example
|
|
300
|
+
* ```typescript
|
|
301
|
+
* const rule: PolicyRule = {
|
|
302
|
+
* annotations: { id: 'rule-001', name: 'Block threats', severity: 'high' },
|
|
303
|
+
* effect: 'forbid',
|
|
304
|
+
* principal: null,
|
|
305
|
+
* action: 'call_tool',
|
|
306
|
+
* resource: null,
|
|
307
|
+
* conditions: [{ field: 'threat_count', operator: 'gt', value: 0 }],
|
|
308
|
+
* enabled: true,
|
|
309
|
+
* order: 0,
|
|
310
|
+
* };
|
|
311
|
+
*
|
|
312
|
+
* const cedar = ruleToCedar(rule);
|
|
313
|
+
* // Output:
|
|
314
|
+
* // @id("rule-001")
|
|
315
|
+
* // @name("Block threats")
|
|
316
|
+
* // @severity("high")
|
|
317
|
+
* // forbid (
|
|
318
|
+
* // principal,
|
|
319
|
+
* // action == Action::"call_tool",
|
|
320
|
+
* // resource
|
|
321
|
+
* // )
|
|
322
|
+
* // when { context.threat_count > 0 };
|
|
323
|
+
* ```
|
|
324
|
+
*/
|
|
325
|
+
export function ruleToCedar(rule) {
|
|
326
|
+
const lines = [];
|
|
327
|
+
// Generate Cedar annotations
|
|
328
|
+
lines.push(...generateAnnotationLines(rule.annotations, rule.customAnnotations));
|
|
329
|
+
// Generate policy body
|
|
330
|
+
lines.push(generatePolicyBody(rule.effect, rule.principal, rule.action, rule.resource, rule.conditions, rule.rawCondition));
|
|
331
|
+
return lines.join('\n');
|
|
332
|
+
}
|
|
333
|
+
/**
|
|
334
|
+
* Convert multiple PolicyRules to Cedar policy text.
|
|
335
|
+
* Only enabled rules are included, sorted by order.
|
|
336
|
+
*
|
|
337
|
+
* @param rules - Array of PolicyRules to convert
|
|
338
|
+
* @param includeDisabled - If true, include disabled rules as comments (default: false)
|
|
339
|
+
* @returns Cedar policy text with all rules separated by blank lines
|
|
340
|
+
*
|
|
341
|
+
* @example
|
|
342
|
+
* ```typescript
|
|
343
|
+
* const rules: PolicyRule[] = [...];
|
|
344
|
+
* const cedarText = rulesToCedar(rules);
|
|
345
|
+
* ```
|
|
346
|
+
*/
|
|
347
|
+
export function rulesToCedar(rules, includeDisabled = false) {
|
|
348
|
+
const sortedRules = [...rules].sort((a, b) => a.order - b.order);
|
|
349
|
+
const cedarPolicies = [];
|
|
350
|
+
for (const rule of sortedRules) {
|
|
351
|
+
if (rule.enabled) {
|
|
352
|
+
cedarPolicies.push(ruleToCedar(rule));
|
|
353
|
+
}
|
|
354
|
+
else if (includeDisabled) {
|
|
355
|
+
// Include disabled rules as comments
|
|
356
|
+
const cedarLines = ruleToCedar(rule).split('\n');
|
|
357
|
+
cedarPolicies.push(cedarLines.map(line => `// [DISABLED] ${line}`).join('\n'));
|
|
358
|
+
}
|
|
359
|
+
}
|
|
360
|
+
return cedarPolicies.join('\n\n');
|
|
361
|
+
}
|
|
180
362
|
/**
|
|
181
363
|
* Builder for constructing Cedar policies with type safety.
|
|
182
364
|
*/
|
package/dist/builder.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"builder.js","sourceRoot":"","sources":["../src/builder.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAKH;;;;GAIG;AACH,SAAS,YAAY,CAAC,MAAc;IAChC,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/B,8DAA8D;QAC9D,OAAO,MAAM,CAAC;IAClB,CAAC;IACD,0CAA0C;IAC1C,OAAO,YAAY,MAAM,GAAG,CAAC;AACjC,CAAC;AAuGD;;GAEG;AACH,MAAM,OAAO,MAAM;IACc;IAA7B,YAA6B,IAAgB;QAAhB,SAAI,GAAJ,IAAI,CAAY;IAAG,CAAC;IAEjD;;OAEG;IACH,OAAO;QACH,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,wCAAwC;QACxC,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACjB,KAAK,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAC9C,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACf,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QAC1C,CAAC;QAED,uBAAuB;QACvB,IAAI,UAAU,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC;QAEzC,YAAY;QACZ,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACtB,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;gBACzB,UAAU,IAAI,sBAAsB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC;YAClG,CAAC;iBAAM,CAAC;gBACJ,UAAU,IAAI,sBAAsB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;YACnE,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,UAAU,IAAI,iBAAiB,CAAC;QACpC,CAAC;QAED,SAAS;QACT,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAClC,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAChC,UAAU,IAAI,oBAAoB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1E,CAAC;iBAAM,CAAC;gBACJ,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACtE,UAAU,IAAI,qBAAqB,OAAO,GAAG,CAAC;YAClD,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,UAAU,IAAI,oBAAoB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACvE,CAAC;QAED,WAAW;QACX,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACrB,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACxB,UAAU,IAAI,sBAAsB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC;YAChG,CAAC;iBAAM,CAAC;gBACJ,UAAU,IAAI,sBAAsB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YAClE,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,UAAU,IAAI,iBAAiB,CAAC;QACpC,CAAC;QAED,UAAU,IAAI,KAAK,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAEvB,cAAc;QACd,IAAI,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACzB,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,YAAY,KAAK,CAAC,CAAC;QACtD,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzC,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU;iBACpC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;iBAClC,IAAI,CAAC,MAAM,CAAC,CAAC;YAClB,KAAK,CAAC,IAAI,CAAC,UAAU,YAAY,KAAK,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACJ,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,SAA0B;QAC/C,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,SAAS,CAAC;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAE3C,QAAQ,QAAQ,EAAE,CAAC;YACf,KAAK,IAAI;gBACL,OAAO,WAAW,KAAK,OAAO,QAAQ,EAAE,CAAC;YAC7C,KAAK,KAAK;gBACN,OAAO,WAAW,KAAK,OAAO,QAAQ,EAAE,CAAC;YAC7C,KAAK,IAAI;gBACL,OAAO,WAAW,KAAK,MAAM,QAAQ,EAAE,CAAC;YAC5C,KAAK,KAAK;gBACN,OAAO,WAAW,KAAK,OAAO,QAAQ,EAAE,CAAC;YAC7C,KAAK,IAAI;gBACL,OAAO,WAAW,KAAK,MAAM,QAAQ,EAAE,CAAC;YAC5C,KAAK,KAAK;gBACN,OAAO,WAAW,KAAK,OAAO,QAAQ,EAAE,CAAC;YAC7C,KAAK,UAAU;gBACX,OAAO,WAAW,KAAK,aAAa,QAAQ,GAAG,CAAC;YACpD,KAAK,IAAI;gBACL,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;oBACvB,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBACpD,OAAO,WAAW,KAAK,QAAQ,KAAK,GAAG,CAAC;gBAC5C,CAAC;gBACD,OAAO,WAAW,KAAK,OAAO,QAAQ,EAAE,CAAC;YAC7C,KAAK,MAAM;gBACP,OAAO,WAAW,KAAK,SAAS,QAAQ,EAAE,CAAC;YAC/C;gBACI,OAAO,WAAW,KAAK,OAAO,QAAQ,EAAE,CAAC;QACjD,CAAC;IACL,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,KAA2C;QAC7D,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC5B,OAAO,KAAK,KAAK,IAAI,CAAC;QAC1B,CAAC;QACD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;YAC1D,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;QACxD,CAAC;QACD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,MAAM;QACF,OAAO,EAAE,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,KAAK;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,OAAO;QACH,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;IAC1B,CAAC;CACJ;AAED;;GAEG;AACH,MAAM,OAAO,aAAa;IACd,IAAI,GAAe;QACvB,MAAM,EAAE,QAAQ;QAChB,SAAS,EAAE,IAAI;QACf,MAAM,EAAE,EAAE;QACV,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,EAAE;KACjB,CAAC;IAEF,YAAoB,MAAoB;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,MAAM;QACT,OAAO,IAAI,aAAa,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,MAAM;QACT,OAAO,IAAI,aAAa,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,IAAgB;QAC5B,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,IAAI,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;QAC3B,OAAO,OAAO,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,EAAE,CAAC,EAAU;QACT,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,IAAY;QACb,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACtB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,IAAyB;QACnC,IAAI,CAAC,IAAI,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,IAAyB,EAAE,EAAU;QAC3C,IAAI,CAAC,IAAI,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QACnC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,MAAiB;QAC7B,IAAI,CAAC,IAAI,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC;QAC3D,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,MAA2B;QAC9B,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAC1B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,OAAgC;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC;QAC3B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,IAAyB;QAClC,IAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,EAAE,IAAI,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,IAAyB,EAAE,EAAU;QAC1C,IAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,MAAiB;QAC5B,IAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC;QAC1D,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,KAAa,EAAE,QAA2B,EAAE,KAA2C;QACxF,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,SAAiB;QACrB,IAAI,CAAC,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;QACnC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,eAAe;QACX,IAAI,CAAC,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;QAC1B,IAAI,CAAC,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;QACnC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,KAAK;QACD,2BAA2B;QAC3B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;YAC1F,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,IAAI,MAAM,CAAC,EAAE,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,MAAM;QACF,OAAO,EAAE,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAC5B,CAAC;CACJ;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,SAAiB;IAC9C,IAAI,CAAC;QACD,MAAM,MAAM,GAAe;YACvB,MAAM,EAAE,QAAQ;YAChB,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,EAAE;YACV,QAAQ,EAAE,IAAI;YACd,UAAU,EAAE,EAAE;SACjB,CAAC;QAEF,+BAA+B;QAC/B,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACtD,IAAI,SAAS,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACtC,CAAC;QAED,6BAA6B;QAC7B,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAClD,IAAI,OAAO,EAAE,CAAC;YACV,MAAM,CAAC,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;QAED,iBAAiB;QACjB,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC;QAC7B,CAAC;QAED,oBAAoB;QACpB,MAAM,cAAc,GAAG,SAAS,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;QAC5E,IAAI,cAAc,EAAE,CAAC;YACjB,MAAM,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1E,CAAC;aAAM,CAAC;YACJ,MAAM,kBAAkB,GAAG,SAAS,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;YACrE,IAAI,kBAAkB,EAAE,CAAC;gBACrB,MAAM,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,CAAC,CAAC,EAAE,CAAC;YACvD,CAAC;QACL,CAAC;QAED,oBAAoB;QACpB,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACvE,IAAI,WAAW,EAAE,CAAC;YACd,MAAM,CAAC,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC;aAAM,CAAC;YACJ,MAAM,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;YACnE,IAAI,YAAY,EAAE,CAAC;gBACf,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;gBAC5D,IAAI,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAC,CAAC;gBAC3E,CAAC;YACL,CAAC;QACL,CAAC;QAED,mBAAmB;QACnB,MAAM,aAAa,GAAG,SAAS,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;QAC1E,IAAI,aAAa,EAAE,CAAC;YAChB,MAAM,CAAC,QAAQ,GAAG,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,CAAC;aAAM,CAAC;YACJ,MAAM,iBAAiB,GAAG,SAAS,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YACnE,IAAI,iBAAiB,EAAE,CAAC;gBACpB,MAAM,CAAC,QAAQ,GAAG,EAAE,IAAI,EAAE,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC;YACrD,CAAC;QACL,CAAC;QAED,yCAAyC;QACzC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACxD,IAAI,SAAS,EAAE,CAAC;YACZ,MAAM,CAAC,YAAY,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,CAAC;QAED,OAAO,MAAM,CAAC;IAClB,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,IAAI,CAAC;IAChB,CAAC;AACL,CAAC"}
|
|
1
|
+
{"version":3,"file":"builder.js","sourceRoot":"","sources":["../src/builder.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAIH,OAAO,EAIH,uBAAuB,EACvB,cAAc,GACjB,MAAM,kBAAkB,CAAC;AAE1B,+EAA+E;AAC/E,0CAA0C;AAC1C,+EAA+E;AAE/E;;GAEG;AACH,MAAM,sBAAsB,GAAG,qDAAqD,CAAC;AAErF;;GAEG;AACH,MAAM,uBAAuB,GAAG,6CAA6C,CAAC;AAE9E;;;GAGG;AACH,SAAS,iBAAiB,CAAC,KAAa;IACpC,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AAC7D,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,CAAS;IAChC,OAAO,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,CAAS,EAAE,OAAe;IAClD,IAAI,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC;QACvB,OAAO,CAAC,CAAC;IACb,CAAC;IACD,8CAA8C;IAC9C,MAAM,SAAS,GAAG,CAAC,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;IACpD,IAAI,SAAS,KAAK,EAAE,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,CAAC;QACpD,OAAO,WAAW,OAAO,EAAE,CAAC;IAChC,CAAC;IACD,OAAO,SAAS,CAAC;AACrB,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,SAAiB;IAC1C,OAAO,CAAC,uBAAuB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AACpD,CAAC;AAED;;;;;GAKG;AACH,SAAS,YAAY,CAAC,MAAc;IAChC,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/B,0DAA0D;QAC1D,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACxC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrB,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC9C,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,YAAY,iBAAiB,CAAC,UAAU,CAAC,GAAG,CAAC;QACnE,CAAC;QACD,OAAO,MAAM,CAAC;IAClB,CAAC;IACD,0CAA0C;IAC1C,OAAO,YAAY,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC;AACpD,CAAC;AA0ID;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAwB,EAAE,QAAgB,CAAC;IACzE,OAAO;QACH,WAAW,EAAE;YACT,EAAE,EAAE,MAAM,CAAC,EAAE,IAAI,cAAc,EAAE;YACjC,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,EAAE,IAAI,QAAQ,KAAK,GAAG,CAAC,EAAE;YACrD,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,IAAI,EAAE,MAAM,CAAC,IAAI;SACpB;QACD,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,KAAK,EAAE,MAAM,CAAC,KAAK;KACtB,CAAC;AACN,CAAC;AAED;;;;;GAKG;AACH,MAAM,OAAO,MAAM;IACc;IAA7B,YAA6B,IAAgB;QAAhB,SAAI,GAAJ,IAAI,CAAY;IAAG,CAAC;IAEjD;;;OAGG;IACH,OAAO;QACH,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,oCAAoC;QACpC,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACjC,MAAM,WAAW,GAAsB;gBACnC,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,cAAc,EAAE;gBACpC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,gBAAgB;aAC3D,CAAC;YACF,KAAK,CAAC,IAAI,CAAC,GAAG,uBAAuB,CAAC,WAAW,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,uBAAuB;QACvB,KAAK,CAAC,IAAI,CAAC,kBAAkB,CACzB,IAAI,CAAC,IAAI,CAAC,MAAM,EAChB,IAAI,CAAC,IAAI,CAAC,SAAS,EACnB,IAAI,CAAC,IAAI,CAAC,MAAM,EAChB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAClB,IAAI,CAAC,IAAI,CAAC,UAAU,EACpB,IAAI,CAAC,IAAI,CAAC,YAAY,CACzB,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,MAAM;QACF,OAAO,EAAE,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,KAAK;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,OAAO;QACH,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;IAC1B,CAAC;CACJ;AAED,+EAA+E;AAC/E,6BAA6B;AAC7B,+EAA+E;AAE/E;;;GAGG;AACH,SAAS,gBAAgB,CAAC,SAA0B;IAChD,MAAM,KAAK,GAAG,kBAAkB,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC3D,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,SAAS,CAAC;IACtC,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAEtC,QAAQ,QAAQ,EAAE,CAAC;QACf,KAAK,IAAI;YACL,OAAO,WAAW,KAAK,OAAO,QAAQ,EAAE,CAAC;QAC7C,KAAK,KAAK;YACN,OAAO,WAAW,KAAK,OAAO,QAAQ,EAAE,CAAC;QAC7C,KAAK,IAAI;YACL,OAAO,WAAW,KAAK,MAAM,QAAQ,EAAE,CAAC;QAC5C,KAAK,KAAK;YACN,OAAO,WAAW,KAAK,OAAO,QAAQ,EAAE,CAAC;QAC7C,KAAK,IAAI;YACL,OAAO,WAAW,KAAK,MAAM,QAAQ,EAAE,CAAC;QAC5C,KAAK,KAAK;YACN,OAAO,WAAW,KAAK,OAAO,QAAQ,EAAE,CAAC;QAC7C,KAAK,UAAU;YACX,OAAO,WAAW,KAAK,aAAa,QAAQ,GAAG,CAAC;QACpD,KAAK,IAAI;YACL,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACvB,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,iBAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACrE,OAAO,WAAW,KAAK,QAAQ,KAAK,GAAG,CAAC;YAC5C,CAAC;YACD,OAAO,WAAW,KAAK,OAAO,QAAQ,EAAE,CAAC;QAC7C,KAAK,MAAM;YACP,OAAO,WAAW,KAAK,SAAS,QAAQ,EAAE,CAAC;QAC/C;YACI,OAAO,WAAW,KAAK,OAAO,QAAQ,EAAE,CAAC;IACjD,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,KAA2C;IAC9D,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,IAAI,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC;IAC3C,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;QAC1D,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;IACzB,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,iBAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;IACzE,CAAC;IACD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;AACzB,CAAC;AAED;;;GAGG;AACH,SAAS,kBAAkB,CACvB,MAAoB,EACpB,SAA8B,EAC9B,MAAyB,EACzB,QAA6B,EAC7B,UAA6B,EAC7B,YAAqB;IAErB,IAAI,UAAU,GAAG,GAAG,MAAM,IAAI,CAAC;IAE/B,YAAY;IACZ,IAAI,SAAS,EAAE,CAAC;QACZ,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;QACxE,IAAI,SAAS,CAAC,EAAE,EAAE,CAAC;YACf,UAAU,IAAI,sBAAsB,UAAU,MAAM,iBAAiB,CAAC,SAAS,CAAC,EAAE,CAAC,GAAG,CAAC;QAC3F,CAAC;aAAM,CAAC;YACJ,UAAU,IAAI,sBAAsB,UAAU,EAAE,CAAC;QACrD,CAAC;IACL,CAAC;SAAM,CAAC;QACJ,UAAU,IAAI,iBAAiB,CAAC;IACpC,CAAC;IAED,SAAS;IACT,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACxB,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,UAAU,IAAI,oBAAoB,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAChE,CAAC;aAAM,CAAC;YACJ,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5D,UAAU,IAAI,qBAAqB,OAAO,GAAG,CAAC;QAClD,CAAC;IACL,CAAC;SAAM,CAAC;QACJ,UAAU,IAAI,oBAAoB,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC;IAC7D,CAAC;IAED,WAAW;IACX,IAAI,QAAQ,EAAE,CAAC;QACX,MAAM,UAAU,GAAG,kBAAkB,CAAC,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;QACtE,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YACd,UAAU,IAAI,sBAAsB,UAAU,MAAM,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC,GAAG,CAAC;QAC1F,CAAC;aAAM,CAAC;YACJ,UAAU,IAAI,sBAAsB,UAAU,EAAE,CAAC;QACrD,CAAC;IACL,CAAC;SAAM,CAAC;QACJ,UAAU,IAAI,iBAAiB,CAAC;IACpC,CAAC;IAED,UAAU,IAAI,KAAK,CAAC;IAEpB,cAAc;IACd,oEAAoE;IACpE,2DAA2D;IAC3D,IAAI,YAAY,EAAE,CAAC;QACf,IAAI,mBAAmB,CAAC,YAAY,CAAC,EAAE,CAAC;YACpC,UAAU,IAAI,YAAY,YAAY,KAAK,CAAC;QAChD,CAAC;aAAM,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,gEAAgE;YAChE,MAAM,YAAY,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC3E,UAAU,IAAI,YAAY,YAAY,KAAK,CAAC;QAChD,CAAC;aAAM,CAAC;YACJ,UAAU,IAAI,GAAG,CAAC;QACtB,CAAC;IACL,CAAC;SAAM,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,YAAY,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3E,UAAU,IAAI,YAAY,YAAY,KAAK,CAAC;IAChD,CAAC;SAAM,CAAC;QACJ,UAAU,IAAI,GAAG,CAAC;IACtB,CAAC;IAED,OAAO,UAAU,CAAC;AACtB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,MAAM,UAAU,WAAW,CAAC,IAAgB;IACxC,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,6BAA6B;IAC7B,KAAK,CAAC,IAAI,CAAC,GAAG,uBAAuB,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAEjF,uBAAuB;IACvB,KAAK,CAAC,IAAI,CAAC,kBAAkB,CACzB,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,QAAQ,EACb,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,YAAY,CACpB,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC5B,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,YAAY,CAAC,KAAmB,EAAE,kBAA2B,KAAK;IAC9E,MAAM,WAAW,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAEjE,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC7B,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACf,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;QAC1C,CAAC;aAAM,IAAI,eAAe,EAAE,CAAC;YACzB,qCAAqC;YACrC,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACjD,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACnF,CAAC;IACL,CAAC;IAED,OAAO,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,aAAa;IACd,IAAI,GAAe;QACvB,MAAM,EAAE,QAAQ;QAChB,SAAS,EAAE,IAAI;QACf,MAAM,EAAE,EAAE;QACV,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,EAAE;KACjB,CAAC;IAEF,YAAoB,MAAoB;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,MAAM;QACT,OAAO,IAAI,aAAa,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,MAAM;QACT,OAAO,IAAI,aAAa,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,IAAgB;QAC5B,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC/C,OAAO,CAAC,IAAI,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;QAC3B,OAAO,OAAO,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,EAAE,CAAC,EAAU;QACT,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,IAAY;QACb,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACtB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,IAAyB;QACnC,IAAI,CAAC,IAAI,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,IAAyB,EAAE,EAAU;QAC3C,IAAI,CAAC,IAAI,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QACnC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,MAAiB;QAC7B,IAAI,CAAC,IAAI,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC;QAC3D,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,MAA2B;QAC9B,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAC1B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,OAAgC;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC;QAC3B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,IAAyB;QAClC,IAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,EAAE,IAAI,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,IAAyB,EAAE,EAAU;QAC1C,IAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,MAAiB;QAC5B,IAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC;QAC1D,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,KAAa,EAAE,QAA2B,EAAE,KAA2C;QACxF,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,SAAiB;QACrB,IAAI,CAAC,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;QACnC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,eAAe;QACX,IAAI,CAAC,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;QAC1B,IAAI,CAAC,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;QACnC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,KAAK;QACD,2BAA2B;QAC3B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;YAC1F,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,IAAI,MAAM,CAAC,EAAE,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,MAAM;QACF,OAAO,EAAE,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAC5B,CAAC;CACJ;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,SAAiB;IAC9C,IAAI,CAAC;QACD,MAAM,MAAM,GAAe;YACvB,MAAM,EAAE,QAAQ;YAChB,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,EAAE;YACV,QAAQ,EAAE,IAAI;YACd,UAAU,EAAE,EAAE;SACjB,CAAC;QAEF,+BAA+B;QAC/B,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACtD,IAAI,SAAS,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACtC,CAAC;QAED,6BAA6B;QAC7B,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAClD,IAAI,OAAO,EAAE,CAAC;YACV,MAAM,CAAC,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;QAED,iBAAiB;QACjB,IAAI,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC;QAC7B,CAAC;QAED,oBAAoB;QACpB,MAAM,cAAc,GAAG,SAAS,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;QAC5E,IAAI,cAAc,EAAE,CAAC;YACjB,MAAM,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1E,CAAC;aAAM,CAAC;YACJ,MAAM,kBAAkB,GAAG,SAAS,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;YACrE,IAAI,kBAAkB,EAAE,CAAC;gBACrB,MAAM,CAAC,SAAS,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,CAAC,CAAC,EAAE,CAAC;YACvD,CAAC;QACL,CAAC;QAED,oBAAoB;QACpB,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACvE,IAAI,WAAW,EAAE,CAAC;YACd,MAAM,CAAC,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC;aAAM,CAAC;YACJ,MAAM,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;YACnE,IAAI,YAAY,EAAE,CAAC;gBACf,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;gBAC5D,IAAI,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAC,CAAC;gBAC3E,CAAC;YACL,CAAC;QACL,CAAC;QAED,mBAAmB;QACnB,MAAM,aAAa,GAAG,SAAS,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;QAC1E,IAAI,aAAa,EAAE,CAAC;YAChB,MAAM,CAAC,QAAQ,GAAG,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,CAAC;aAAM,CAAC;YACJ,MAAM,iBAAiB,GAAG,SAAS,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YACnE,IAAI,iBAAiB,EAAE,CAAC;gBACpB,MAAM,CAAC,QAAQ,GAAG,EAAE,IAAI,EAAE,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC;YACrD,CAAC;QACL,CAAC;QAED,yCAAyC;QACzC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACxD,IAAI,SAAS,EAAE,CAAC;YACZ,MAAM,CAAC,YAAY,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,CAAC;QAED,OAAO,MAAM,CAAC;IAClB,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,IAAI,CAAC;IAChB,CAAC;AACL,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -6,6 +6,7 @@ export * from './engine.js';
|
|
|
6
6
|
export * from './builder.js';
|
|
7
7
|
export * from './parser.js';
|
|
8
8
|
export * from './errors.js';
|
|
9
|
+
export * from './annotations.js';
|
|
9
10
|
export { OVERWATCH_SCHEMA, OVERWATCH_CONTEXT, PALISADE_SCHEMA, PALISADE_CONTEXT, } from './service-schemas.gen.js';
|
|
10
11
|
export type { ContextAttribute, ActionContext, ServiceContext, } from './service-schemas.gen.js';
|
|
11
12
|
export { OverwatchContextKey } from './overwatch-context.gen.js';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAMA,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAGhC,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAMA,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAGhC,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,kBAAkB,CAAC;AAGjC,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,gBAAgB,GACjB,MAAM,0BAA0B,CAAC;AAClC,YAAY,EACV,gBAAgB,EAChB,aAAa,EACb,cAAc,GACf,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAG/D,OAAO,EACL,kBAAkB,EAClB,yBAAyB,GAC1B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EACL,iBAAiB,EACjB,wBAAwB,GACzB,MAAM,4BAA4B,CAAC;AACpC,YAAY,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -12,6 +12,7 @@ export * from './engine.js';
|
|
|
12
12
|
export * from './builder.js';
|
|
13
13
|
export * from './parser.js';
|
|
14
14
|
export * from './errors.js';
|
|
15
|
+
export * from './annotations.js';
|
|
15
16
|
// Service-specific schemas and context (inlined)
|
|
16
17
|
export { OVERWATCH_SCHEMA, OVERWATCH_CONTEXT, PALISADE_SCHEMA, PALISADE_CONTEXT, } from './service-schemas.gen.js';
|
|
17
18
|
// Service-specific context key enums
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,uCAAuC;AACvC,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AAEpE,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAEhC,0CAA0C;AAC1C,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAC3D,uCAAuC;AACvC,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AAEpE,cAAc,mBAAmB,CAAC;AAClC,cAAc,kBAAkB,CAAC;AACjC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAEhC,0CAA0C;AAC1C,cAAc,aAAa,CAAC;AAC5B,cAAc,cAAc,CAAC;AAC7B,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,kBAAkB,CAAC;AAEjC,iDAAiD;AACjD,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,eAAe,EACf,gBAAgB,GACjB,MAAM,0BAA0B,CAAC;AAOlC,qCAAqC;AACrC,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAE/D,6EAA6E;AAC7E,OAAO,EACL,kBAAkB,EAClB,yBAAyB,GAC1B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EACL,iBAAiB,EACjB,wBAAwB,GACzB,MAAM,4BAA4B,CAAC"}
|
package/dist/parser.d.ts
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
*
|
|
7
7
|
* Architecture:
|
|
8
8
|
* 1. Cedar text → Cedar JSON (via cedar-wasm policyToJson)
|
|
9
|
-
* 2. Cedar JSON → PolicyRule (simple JSON mapping)
|
|
9
|
+
* 2. Cedar JSON → PolicyRule (simple JSON mapping with annotation extraction)
|
|
10
10
|
*/
|
|
11
11
|
import type { PolicyRule } from "./builder.js";
|
|
12
12
|
/**
|
package/dist/parser.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../src/parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAkE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"parser.d.ts","sourceRoot":"","sources":["../src/parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAkE,MAAM,cAAc,CAAC;AAI/G;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,2DAA2D;IAC3D,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,iFAAiF;IACjF,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,qCAAqC;IACrC,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAmDD;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,WAAW,CA6EhE"}
|
package/dist/parser.js
CHANGED
|
@@ -6,9 +6,10 @@
|
|
|
6
6
|
*
|
|
7
7
|
* Architecture:
|
|
8
8
|
* 1. Cedar text → Cedar JSON (via cedar-wasm policyToJson)
|
|
9
|
-
* 2. Cedar JSON → PolicyRule (simple JSON mapping)
|
|
9
|
+
* 2. Cedar JSON → PolicyRule (simple JSON mapping with annotation extraction)
|
|
10
10
|
*/
|
|
11
11
|
import * as cedar from "@cedar-policy/cedar-wasm/nodejs";
|
|
12
|
+
import { parseAnnotations, generateRuleId } from "./annotations.js";
|
|
12
13
|
import { ParserError, ErrorCodes } from "./errors.js";
|
|
13
14
|
/**
|
|
14
15
|
* Normalize entity reference to simple { type, id } format
|
|
@@ -81,10 +82,11 @@ export function parseCedarToRules(cedarText) {
|
|
|
81
82
|
// Check for duplicate policy IDs and add warnings
|
|
82
83
|
const idOccurrences = new Map();
|
|
83
84
|
result.rules.forEach((rule, idx) => {
|
|
84
|
-
|
|
85
|
-
|
|
85
|
+
const ruleId = rule.annotations.id;
|
|
86
|
+
if (ruleId) {
|
|
87
|
+
const indices = idOccurrences.get(ruleId) || [];
|
|
86
88
|
indices.push(idx);
|
|
87
|
-
idOccurrences.set(
|
|
89
|
+
idOccurrences.set(ruleId, indices);
|
|
88
90
|
}
|
|
89
91
|
});
|
|
90
92
|
for (const [id, indices] of idOccurrences) {
|
|
@@ -96,7 +98,7 @@ export function parseCedarToRules(cedarText) {
|
|
|
96
98
|
}
|
|
97
99
|
/**
|
|
98
100
|
* Convert Cedar JSON policy to PolicyRule.
|
|
99
|
-
* This is pure JSON mapping -
|
|
101
|
+
* This is pure JSON mapping - uses parseAnnotations to extract structured annotations.
|
|
100
102
|
*/
|
|
101
103
|
function cedarJsonToRule(policy, policyId, index, originalText) {
|
|
102
104
|
// Check if this policy can be represented as PolicyRule
|
|
@@ -106,9 +108,18 @@ function cedarJsonToRule(policy, policyId, index, originalText) {
|
|
|
106
108
|
return { raw };
|
|
107
109
|
}
|
|
108
110
|
try {
|
|
111
|
+
// Parse annotations using the shared utility
|
|
112
|
+
const { annotations, customAnnotations } = parseAnnotations(policy.annotations);
|
|
113
|
+
// Ensure id and name have sensible defaults
|
|
114
|
+
if (!annotations.id) {
|
|
115
|
+
annotations.id = policyId || generateRuleId();
|
|
116
|
+
}
|
|
117
|
+
if (!annotations.name) {
|
|
118
|
+
annotations.name = annotations.id;
|
|
119
|
+
}
|
|
109
120
|
const rule = {
|
|
110
|
-
|
|
111
|
-
|
|
121
|
+
annotations,
|
|
122
|
+
customAnnotations,
|
|
112
123
|
effect: policy.effect,
|
|
113
124
|
principal: mapScopeToEntity(policy.principal, "principal"),
|
|
114
125
|
action: mapActionScope(policy.action),
|
|
@@ -117,10 +128,6 @@ function cedarJsonToRule(policy, policyId, index, originalText) {
|
|
|
117
128
|
enabled: true,
|
|
118
129
|
order: index,
|
|
119
130
|
};
|
|
120
|
-
// Map description from annotations
|
|
121
|
-
if (policy.annotations?.description) {
|
|
122
|
-
rule.description = policy.annotations.description;
|
|
123
|
-
}
|
|
124
131
|
// Map conditions
|
|
125
132
|
const { conditions, rawCondition } = mapConditions(policy.conditions);
|
|
126
133
|
rule.conditions = conditions;
|