@holo-js/authorization 0.1.4 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/index.d.ts +1 -0
  2. package/dist/index.mjs +33 -1
  3. package/dist/index.mjs.map +1 -1
  4. package/package.json +2 -2
package/dist/index.d.ts CHANGED
@@ -10,6 +10,7 @@ type AuthorizationAuthIntegration = {
10
10
  hasGuard(guardName: string): boolean;
11
11
  resolveDefaultActor(): Promise<object | null> | object | null;
12
12
  resolveGuardActor(guardName: string): Promise<object | null> | object | null;
13
+ createError?(decision: AuthorizationDecision): Error;
13
14
  };
14
15
  type AuthorizationRuntimeState = {
15
16
  policiesByName: Map<string, RegisteredPolicy>;
package/dist/index.mjs CHANGED
@@ -2,6 +2,7 @@ import { AuthorizationError, deny, AuthorizationGuardNotFoundError, Authorizatio
2
2
  export { AuthorizationAbilityNotFoundError, AuthorizationAuthIntegrationMissingError, AuthorizationError, AuthorizationGuardNotFoundError, AuthorizationPolicyNotFoundError, allow, deny, denyAsNotFound, isAuthorizationAbilityDefinition, isAuthorizationDecision, isAuthorizationPolicyDefinition, normalizeAuthorizationDecision } from './chunk-WPHPV4WY.mjs';
3
3
 
4
4
  // src/runtime.ts
5
+ var HOLO_MODEL_REFERENCE_REGISTRY = /* @__PURE__ */ Symbol.for("holo-js.db.model-reference-registry");
5
6
  function createAuthorizationRuntimeState() {
6
7
  return {
7
8
  policiesByName: /* @__PURE__ */ new Map(),
@@ -214,6 +215,12 @@ function getPolicyByTarget(target) {
214
215
  }
215
216
  throw new AuthorizationPolicyNotFoundError("[@holo-js/authorization] Policy definition was not found for the target.");
216
217
  }
218
+ function assertPolicyMatchesTarget(policy, policyName, target) {
219
+ const targetPolicy = getPolicyByTarget(target);
220
+ if (targetPolicy !== policy) {
221
+ throw new AuthorizationPolicyNotFoundError(`[@holo-js/authorization] Policy "${policyName}" was not found for the selected target.`);
222
+ }
223
+ }
217
224
  function getTargetConstructor(target) {
218
225
  const candidate = target.constructor;
219
226
  return isAuthorizationTargetConstructor(candidate) ? candidate : null;
@@ -222,11 +229,31 @@ function isAuthorizationTargetConstructor(value) {
222
229
  return typeof value === "function" && "prototype" in value;
223
230
  }
224
231
  function isAuthorizationTargetModel(value) {
225
- return !!value && typeof value === "object" && "definition" in value && isAuthorizationTargetModelDefinition(value.definition);
232
+ if (!value || typeof value !== "object" || !("definition" in value)) {
233
+ return false;
234
+ }
235
+ const candidate = value;
236
+ const query = candidate.query;
237
+ if (!isAuthorizationTargetModelDefinition(candidate.definition) || typeof query !== "function") {
238
+ return false;
239
+ }
240
+ if (typeof candidate.getRepository === "function") {
241
+ return getHoloModelReferenceRegistry().has(value) && typeof candidate.newQuery === "function" && typeof candidate.newModelQuery === "function";
242
+ }
243
+ try {
244
+ const queryFacade = query.call(candidate);
245
+ return !!queryFacade && typeof queryFacade === "object" && typeof queryFacade.first === "function" && typeof queryFacade.firstOrFail === "function";
246
+ } catch {
247
+ return false;
248
+ }
226
249
  }
227
250
  function isAuthorizationTargetModelDefinition(value) {
228
251
  return !!value && typeof value === "object" && "name" in value && typeof value.name === "string";
229
252
  }
253
+ function getHoloModelReferenceRegistry() {
254
+ const registryGlobal = globalThis;
255
+ return registryGlobal[HOLO_MODEL_REFERENCE_REGISTRY] ?? /* @__PURE__ */ new WeakSet();
256
+ }
230
257
  function getDefinitionKeyForTarget(target) {
231
258
  if (!isAuthorizationTargetModel(target)) {
232
259
  return null;
@@ -264,6 +291,10 @@ function resolveContext(actor, guard2) {
264
291
  return Object.freeze(baseContext);
265
292
  }
266
293
  function createAuthorizationError(decision) {
294
+ const customError = getAuthorizationRuntimeState().authIntegration?.createError?.(decision);
295
+ if (customError) {
296
+ return customError;
297
+ }
267
298
  return new AuthorizationError(
268
299
  decision.message ?? "You are not authorized to perform this action.",
269
300
  decision
@@ -314,6 +345,7 @@ async function evaluatePolicyByTarget(actor, action, target, guard2) {
314
345
  }
315
346
  async function evaluatePolicyByName(actor, policyName, action, target, guard2) {
316
347
  const policy = getPolicyByName(policyName);
348
+ assertPolicyMatchesTarget(policy, policyName, target);
317
349
  const context = typeof guard2 === "string" ? resolveContext(actor, guard2) : resolveContext(actor);
318
350
  if (typeof target === "function" || isAuthorizationTargetModel(target)) {
319
351
  const beforeDecision2 = await evaluateBeforeHook(policy.before, context, target);
package/dist/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/runtime.ts","../src/index.ts"],"names":["guard","beforeDecision","handler"],"mappings":";;;;AAyEA,SAAS,+BAAA,GAA6D;AACpE,EAAA,OAAO;AAAA,IACL,cAAA,sBAAoB,GAAA,EAAI;AAAA,IACxB,sBAAA,sBAA4B,OAAA,EAAQ;AAAA,IACpC,uBAAA,sBAA6B,GAAA,EAAI;AAAA,IACjC,eAAA,sBAAqB,GAAA,EAAI;AAAA,IACzB,eAAA,EAAiB;AAAA,GACnB;AACF;AAEA,SAAS,4BAAA,GAA0D;AACjE,EAAA,MAAM,OAAA,GAAU,UAAA;AAIhB,EAAA,OAAA,CAAQ,iCAAiC,+BAAA,EAAgC;AACzE,EAAA,OAAO,OAAA,CAAQ,4BAAA;AACjB;AAEA,SAAS,8BAAA,GAAuC;AAC9C,EAAA,MAAM,OAAA,GAAU,UAAA;AAIhB,EAAA,OAAA,CAAQ,+BAA+B,+BAAA,EAAgC;AACzE;AAEA,SAAS,sCAAsC,WAAA,EAAkD;AAC/F,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,KAAA,CAAM,kBAAkB,WAAA,IAAe,IAAA;AACzC;AAEA,SAAS,iCAAA,GAA0C;AACjD,EAAA,4BAAA,GAA+B,eAAA,GAAkB,IAAA;AACnD;AAEA,SAAS,+BAAA,GAAgE;AACvE,EAAA,MAAM,WAAA,GAAc,8BAA6B,CAAE,eAAA;AACnD,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,MAAM,IAAI,yCAAyC,kEAAkE,CAAA;AAAA,EACvH;AAEA,EAAA,OAAO,WAAA;AACT;AAEA,SAAS,oBAA0C,IAAA,EAAoB;AACrE,EAAA,MAAM,OAAA,GAAU,KAAK,IAAA,EAAK;AAC1B,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,UAAU,kEAAkE,CAAA;AAAA,EACxF;AAEA,EAAA,OAAO,OAAA;AACT;AAEA,SAAS,qBAA2C,IAAA,EAAoB;AACtE,EAAA,MAAM,OAAA,GAAU,KAAK,IAAA,EAAK;AAC1B,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,UAAU,mEAAmE,CAAA;AAAA,EACzF;AAEA,EAAA,OAAO,OAAA;AACT;AAEA,SAAS,gBAA2D,MAAA,EAA0B;AAC5F,EAAA,IAAI,OAAO,WAAW,UAAA,EAAY;AAChC,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,IAAI,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACtC,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,IAAI,UAAU,yFAAyF,CAAA;AAC/G;AAEA,SAAS,mBAAA,CACP,OACA,KAAA,EACU;AACV,EAAA,IAAI,OAAO,UAAU,WAAA,EAAa;AAChC,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,CAAC,SAAS,OAAO,KAAA,KAAU,YAAY,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC/D,IAAA,MAAM,IAAI,SAAA,CAAU,CAAA,yBAAA,EAA4B,KAAK,CAAA,sCAAA,CAAwC,CAAA;AAAA,EAC/F;AAEA,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,kBAAA,CACP,OACA,KAAA,EACM;AACN,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA;AAAA,EACF;AAEA,EAAA,KAAA,MAAW,CAAC,IAAA,EAAM,OAAO,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AACnD,IAAA,IAAI,OAAO,YAAY,UAAA,EAAY;AACjC,MAAA,MAAM,IAAI,SAAA,CAAU,CAAA,yBAAA,EAA4B,KAAK,CAAA,CAAA,EAAI,IAAI,CAAA,oBAAA,CAAsB,CAAA;AAAA,IACrF;AAAA,EACF;AACF;AAEA,SAAS,yBAAyB,UAAA,EAA4G;AAC5I,EAAA,kBAAA,CAAmB,UAAA,CAAW,OAAO,cAAc,CAAA;AACnD,EAAA,kBAAA,CAAmB,UAAA,CAAW,QAAQ,eAAe,CAAA;AACrD,EAAA,IAAI,UAAA,CAAW,MAAA,IAAU,OAAO,UAAA,CAAW,WAAW,UAAA,EAAY;AAChE,IAAA,MAAM,IAAI,UAAU,0EAA0E,CAAA;AAAA,EAChG;AACF;AAEA,SAAS,0BAA0B,UAAA,EAA0E;AAC3G,EAAA,IAAI,OAAO,UAAA,CAAW,MAAA,KAAW,UAAA,EAAY;AAC3C,IAAA,MAAM,IAAI,UAAU,8DAA8D,CAAA;AAAA,EACpF;AACF;AAEA,SAAS,yBAA+D,UAAA,EAAsC;AAC5G,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,IAAI,KAAA,CAAM,cAAA,CAAe,GAAA,CAAI,UAAA,CAAW,IAAI,CAAA,EAAG;AAC7C,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,iCAAA,EAAoC,UAAA,CAAW,IAAI,CAAA,wBAAA,CAA0B,CAAA;AAAA,EAC/F;AAEA,EAAA,IAAI,KAAA,CAAM,sBAAA,CAAuB,GAAA,CAAI,UAAA,CAAW,MAAM,CAAA,EAAG;AACvD,IAAA,MAAM,IAAI,MAAM,0EAA0E,CAAA;AAAA,EAC5F;AAEA,EAAA,MAAM,aAAA,GAAgB,yBAAA,CAA0B,UAAA,CAAW,MAAM,CAAA;AACjE,EAAA,IAAI,aAAA,IAAiB,KAAA,CAAM,uBAAA,CAAwB,GAAA,CAAI,aAAa,CAAA,EAAG;AACrE,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,+EAAA,EAAkF,aAAa,CAAA,EAAA,CAAI,CAAA;AAAA,EACrH;AAEA,EAAA,KAAA,CAAM,cAAA,CAAe,GAAA,CAAI,UAAA,CAAW,IAAA,EAAM,UAAU,CAAA;AACpD,EAAA,KAAA,CAAM,sBAAA,CAAuB,GAAA,CAAI,UAAA,CAAW,MAAA,EAAQ,UAAU,CAAA;AAC9D,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,KAAA,CAAM,uBAAA,CAAwB,GAAA,CAAI,aAAA,EAAe,UAAU,CAAA;AAAA,EAC7D;AACA,EAAA,OAAO,UAAA;AACT;AAEA,SAAS,0BAAiE,UAAA,EAAsC;AAC9G,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,IAAI,KAAA,CAAM,eAAA,CAAgB,GAAA,CAAI,UAAA,CAAW,IAAI,CAAA,EAAG;AAC9C,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,kCAAA,EAAqC,UAAA,CAAW,IAAI,CAAA,wBAAA,CAA0B,CAAA;AAAA,EAChG;AAEA,EAAA,KAAA,CAAM,eAAA,CAAgB,GAAA,CAAI,UAAA,CAAW,IAAA,EAAM,UAAU,CAAA;AACrD,EAAA,OAAO,UAAA;AACT;AAEA,SAAS,2BAA2B,IAAA,EAAoB;AACtD,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,MAAM,UAAA,GAAa,KAAA,CAAM,cAAA,CAAe,GAAA,CAAI,IAAI,CAAA;AAChD,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA;AAAA,EACF;AAEA,EAAA,KAAA,CAAM,cAAA,CAAe,OAAO,IAAI,CAAA;AAChC,EAAA,KAAA,CAAM,sBAAA,CAAuB,MAAA,CAAO,UAAA,CAAW,MAAM,CAAA;AACrD,EAAA,MAAM,aAAA,GAAgB,yBAAA,CAA0B,UAAA,CAAW,MAAM,CAAA;AACjE,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,KAAA,CAAM,uBAAA,CAAwB,OAAO,aAAa,CAAA;AAAA,EACpD;AACF;AAEA,SAAS,4BAA4B,IAAA,EAAoB;AACvD,EAAA,4BAAA,EAA6B,CAAE,eAAA,CAAgB,MAAA,CAAO,IAAI,CAAA;AAC5D;AAEA,SAAS,uBAA6D,UAAA,EAAsC;AAC1G,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,GAAG,UAAA;AAAA,IACH,KAAA,EAAO,UAAA,CAAW,KAAA,GAAQ,MAAA,CAAO,MAAA,CAAO,EAAE,GAAG,UAAA,CAAW,KAAA,EAAO,CAAA,GAAI,UAAA,CAAW,KAAA;AAAA,IAC9E,MAAA,EAAQ,UAAA,CAAW,MAAA,GAAS,MAAA,CAAO,MAAA,CAAO,EAAE,GAAG,UAAA,CAAW,MAAA,EAAQ,CAAA,GAAI,UAAA,CAAW;AAAA,GAClF,CAAA;AACH;AAEA,SAAS,wBAA+D,UAAA,EAAsC;AAC5G,EAAA,OAAO,MAAA,CAAO,OAAO,UAAU,CAAA;AACjC;AAEO,SAAS,YAAA,CASd,IAAA,EACA,MAAA,EACA,UAAA,EAWA;AACA,EAAA,MAAM,cAAA,GAAiB,oBAAoB,IAAI,CAAA;AAC/C,EAAA,MAAM,gBAAA,GAAmB,gBAAgB,MAAM,CAAA;AAC/C,EAAA,MAAM,eAAA,GAAkB,mBAAA,CAAoB,UAAA,CAAW,KAAA,EAAO,cAAc,CAAA;AAC5E,EAAA,MAAM,gBAAA,GAAmB,mBAAA,CAAoB,UAAA,CAAW,MAAA,EAAQ,eAAe,CAAA;AAC/E,EAAA,MAAM,iBAAA,GAAoB;AAAA,IACxB,CAAC,2BAA2B,GAAG,IAAA;AAAA,IAC/B,IAAA,EAAM,cAAA;AAAA,IACN,MAAA,EAAQ,gBAAA;AAAA,IACR,QAAQ,UAAA,CAAW,MAAA;AAAA,IACnB,KAAA,EAAO,eAAA;AAAA,IACP,MAAA,EAAQ;AAAA,GACV;AACA,EAAA,wBAAA,CAAyB,iBAAiB,CAAA;AAE1C,EAAA,MAAM,UAAA,GAAa,wBAAA,CAAyB,sBAAA,CAAuB,iBAAiB,CAAC,CAAA;AAErF,EAAA,OAAO,UAAA;AAOT;AAEO,SAAS,aAAA,CAId,MACA,MAAA,EAC+C;AAC/C,EAAA,MAAM,cAAA,GAAiB,qBAAqB,IAAI,CAAA;AAChD,EAAA,MAAM,iBAAA,GAAoB;AAAA,IACxB,CAAC,4BAA4B,GAAG,IAAA;AAAA,IAChC,IAAA,EAAM,cAAA;AAAA,IACN;AAAA,GACF;AACA,EAAA,yBAAA,CAA0B,iBAAiB,CAAA;AAE3C,EAAA,MAAM,UAAA,GAAa,yBAAA,CAA0B,uBAAA,CAAwB,iBAAiB,CAAC,CAAA;AAEvF,EAAA,OAAO,UAAA;AACT;AAEA,SAAS,gBAAgB,IAAA,EAAgC;AACvD,EAAA,MAAM,MAAA,GAAS,4BAAA,EAA6B,CAAE,cAAA,CAAe,IAAI,IAAI,CAAA;AACrE,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,gCAAA,CAAoB,CAAA,iCAAA,EAAoC,IAAI,CAAA,gBAAA,CAAkB,CAAA;AAAA,EAC1F;AAEA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,iBAAiB,IAAA,EAAiC;AACzD,EAAA,MAAM,OAAA,GAAU,4BAAA,EAA6B,CAAE,eAAA,CAAgB,IAAI,IAAI,CAAA;AACvE,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,iCAAA,CAAkC,CAAA,kCAAA,EAAqC,IAAI,CAAA,gBAAA,CAAkB,CAAA;AAAA,EACzG;AAEA,EAAA,OAAO,OAAA;AACT;AAEA,SAAS,kBAAkB,MAAA,EAA8D;AACvF,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,IAAI,OAAO,MAAA,KAAW,UAAA,IAAc,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACtE,IAAA,MAAM,YAAA,GAAe,KAAA,CAAM,sBAAA,CAAuB,GAAA,CAAI,MAAM,CAAA;AAC5D,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,OAAO,YAAA;AAAA,IACT;AAEA,IAAA,MAAM,mBAAA,GAAsB,0BAA0B,MAAM,CAAA;AAC5D,IAAA,IAAI,mBAAA,EAAqB;AACvB,MAAA,MAAM,gBAAA,GAAmB,KAAA,CAAM,uBAAA,CAAwB,GAAA,CAAI,mBAAmB,CAAA;AAC9E,MAAA,IAAI,gBAAA,EAAkB;AACpB,QAAA,OAAO,gBAAA;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,EAAA,MAAM,iBAAA,GAAoB,qBAAqB,MAAM,CAAA;AACrD,EAAA,IAAI,iBAAA,EAAmB;AACrB,IAAA,MAAM,iBAAA,GAAoB,KAAA,CAAM,sBAAA,CAAuB,GAAA,CAAI,iBAAiB,CAAA;AAC5E,IAAA,IAAI,iBAAA,EAAmB;AACrB,MAAA,OAAO,iBAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,MAAM,qBAAA,GAAwB,kCAAkC,MAAM,CAAA;AACtE,EAAA,IAAI,qBAAA,EAAuB;AACzB,IAAA,MAAM,gBAAA,GAAmB,KAAA,CAAM,uBAAA,CAAwB,GAAA,CAAI,qBAAqB,CAAA;AAChF,IAAA,IAAI,gBAAA,EAAkB;AACpB,MAAA,OAAO,gBAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,iCAAoB,0EAA0E,CAAA;AAC1G;AAEA,SAAS,qBAAqB,MAAA,EAAuD;AACnF,EAAA,MAAM,YAAa,MAAA,CAAwE,WAAA;AAC3F,EAAA,OAAO,gCAAA,CAAiC,SAAS,CAAA,GAC7C,SAAA,GACA,IAAA;AACN;AAEA,SAAS,iCAAiC,KAAA,EAAyD;AACjG,EAAA,OAAO,OAAO,KAAA,KAAU,UAAA,IACnB,WAAA,IAAe,KAAA;AACtB;AAEA,SAAS,2BAA2B,KAAA,EAA2D;AAC7F,EAAA,OAAO,CAAC,CAAC,KAAA,IACJ,OAAO,KAAA,KAAU,YACjB,YAAA,IAAgB,KAAA,IAChB,oCAAA,CAAsC,KAAA,CAAmC,UAAU,CAAA;AAC1F;AAEA,SAAS,qCAAqC,KAAA,EAA6D;AACzG,EAAA,OAAO,CAAC,CAAC,KAAA,IACJ,OAAO,KAAA,KAAU,YACjB,MAAA,IAAU,KAAA,IACV,OAAQ,KAAA,CAA6B,IAAA,KAAS,QAAA;AACrD;AAEA,SAAS,0BAA0B,MAAA,EAAkD;AACnF,EAAA,IAAI,CAAC,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACvC,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO,kBAAA,CAAmB,OAAO,UAAU,CAAA;AAC7C;AAEA,SAAS,kCAAkC,MAAA,EAA+B;AACxE,EAAA,MAAM,SAAA,GAAY,MAAA;AAMlB,EAAA,IAAI,OAAO,SAAA,CAAU,aAAA,KAAkB,UAAA,EAAY;AACjD,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,UAAA,GAAa,UAAU,aAAA,EAAc;AAC3C,EAAA,IAAI,CAAC,UAAA,IAAc,OAAO,eAAe,QAAA,IAAY,EAAE,gBAAgB,UAAA,CAAA,EAAa;AAClF,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,aAAc,UAAA,CAAwC,UAAA;AAC5D,EAAA,OAAO,oCAAA,CAAqC,UAAU,CAAA,GAClD,kBAAA,CAAmB,UAAU,CAAA,GAC7B,IAAA;AACN;AAEA,SAAS,mBAAmB,UAAA,EAAwD;AAClF,EAAA,MAAM,SAAA,GAAY,UAAA,CAAW,KAAA,EAAO,SAAA,EAAW,IAAA,EAAK;AACpD,EAAA,MAAM,SAAA,GAAY,UAAA,CAAW,IAAA,CAAK,IAAA,EAAK;AACvC,EAAA,OAAO,SAAA,GACH,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,SAAS,CAAA,CAAA,GACzB,SAAA;AACN;AAOA,SAAS,cAAA,CACP,OACAA,MAAAA,EACwF;AACxF,EAAA,MAAM,WAAA,GAAc;AAAA,IAClB,IAAA,EAAM,KAAA;AAAA,IACN,eAAe,KAAA,KAAU;AAAA,GAC3B;AAEA,EAAA,IAAI,OAAOA,WAAU,QAAA,EAAU;AAC7B,IAAA,OAAO,OAAO,MAAA,CAAO;AAAA,MACnB,GAAG,WAAA;AAAA,MACH,KAAA,EAAAA;AAAA,KACD,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,MAAA,CAAO,OAAO,WAAW,CAAA;AAClC;AAEA,SAAS,yBAAyB,QAAA,EAAqD;AACrF,EAAA,OAAO,IAAI,kBAAA;AAAA,IACT,SAAS,OAAA,IAAW,gDAAA;AAAA,IACpB;AAAA,GACF;AACF;AAEA,SAAS,gBAAgB,OAAA,EAA2G;AAClI,EAAA,OAAO,OAAA,CAAQ,QAAQ,OAAO,CAAA,CAAE,KAAK,CAAA,MAAA,KAAU,8BAAA,CAA+B,MAAM,CAAC,CAAA;AACvF;AAEA,eAAe,kBAAA,CACb,MAAA,EACA,OAAA,EACA,MAAA,EAC4C;AAC5C,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,OAAA,EAAS,MAA4C,CAAA;AAClF,EAAA,IAAI,OAAO,YAAY,WAAA,EAAa;AAClC,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,OAAO,+BAA+B,OAAO,CAAA;AAC/C;AAEA,eAAe,sBAAA,CACb,KAAA,EACA,MAAA,EACA,MAAA,EACAA,MAAAA,EACgC;AAChC,EAAA,MAAM,MAAA,GAAS,kBAAkB,MAAM,CAAA;AACvC,EAAA,MAAM,OAAA,GAAU,OAAOA,MAAAA,KAAU,QAAA,GAC7B,eAAe,KAAA,EAAOA,MAAK,CAAA,GAC3B,cAAA,CAAe,KAAK,CAAA;AACxB,EAAA,IAAI,OAAO,MAAA,KAAW,UAAA,IAAc,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACtE,IAAA,MAAMC,kBAAiB,MAAM,kBAAA,CAAmB,MAAA,CAAO,MAAA,EAAQ,SAAS,MAAM,CAAA;AAC9E,IAAA,IAAIA,eAAAA,EAAgB;AAClB,MAAA,OAAOA,eAAAA;AAAA,IACT;AAEA,IAAA,MAAMC,QAAAA,GAAU,MAAA,CAAO,KAAA,GAAQ,MAAM,CAAA;AACrC,IAAA,IAAI,CAACA,QAAAA,EAAS;AACZ,MAAA,MAAM,IAAI,kBAAA;AAAA,QACR,2CAA2C,MAAM,CAAA,yCAAA,CAAA;AAAA,QACjD,IAAA;AAAK,OACP;AAAA,IACF;AAEA,IAAA,OAAO,MAAM,eAAA,CAAgBA,QAAAA,CAAQ,OAAA,EAAS,MAAM,CAAC,CAAA;AAAA,EACvD;AAEA,EAAA,MAAM,iBAAiB,MAAM,kBAAA,CAAmB,MAAA,CAAO,MAAA,EAAQ,SAAS,MAAM,CAAA;AAC9E,EAAA,IAAI,cAAA,EAAgB;AAClB,IAAA,OAAO,cAAA;AAAA,EACT;AAEA,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,MAAA,GAAS,MAAM,CAAA;AACtC,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,2CAA2C,MAAM,CAAA,yCAAA,CAAA;AAAA,MACjD,IAAA;AAAK,KACP;AAAA,EACF;AAEA,EAAA,OAAO,MAAM,eAAA,CAAgB,OAAA,CAAQ,OAAA,EAAS,MAAM,CAAC,CAAA;AACvD;AAEA,eAAe,oBAAA,CACb,KAAA,EACA,UAAA,EACA,MAAA,EACA,QACAF,MAAAA,EACgC;AAChC,EAAA,MAAM,MAAA,GAAS,gBAAgB,UAAU,CAAA;AACzC,EAAA,MAAM,OAAA,GAAU,OAAOA,MAAAA,KAAU,QAAA,GAC7B,eAAe,KAAA,EAAOA,MAAK,CAAA,GAC3B,cAAA,CAAe,KAAK,CAAA;AACxB,EAAA,IAAI,OAAO,MAAA,KAAW,UAAA,IAAc,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACtE,IAAA,MAAMC,kBAAiB,MAAM,kBAAA,CAAmB,MAAA,CAAO,MAAA,EAAQ,SAAS,MAAM,CAAA;AAC9E,IAAA,IAAIA,eAAAA,EAAgB;AAClB,MAAA,OAAOA,eAAAA;AAAA,IACT;AAEA,IAAA,MAAMC,QAAAA,GAAU,MAAA,CAAO,KAAA,GAAQ,MAAM,CAAA;AACrC,IAAA,IAAI,CAACA,QAAAA,EAAS;AACZ,MAAA,MAAM,IAAI,kBAAA;AAAA,QACR,CAAA,wCAAA,EAA2C,MAAM,CAAA,6BAAA,EAAgC,UAAU,CAAA,EAAA,CAAA;AAAA,QAC3F,IAAA;AAAK,OACP;AAAA,IACF;AAEA,IAAA,OAAO,MAAM,eAAA,CAAgBA,QAAAA,CAAQ,OAAA,EAAS,MAAM,CAAC,CAAA;AAAA,EACvD;AAEA,EAAA,MAAM,iBAAiB,MAAM,kBAAA,CAAmB,MAAA,CAAO,MAAA,EAAQ,SAAS,MAAM,CAAA;AAC9E,EAAA,IAAI,cAAA,EAAgB;AAClB,IAAA,OAAO,cAAA;AAAA,EACT;AAEA,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,MAAA,GAAS,MAAM,CAAA;AACtC,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,CAAA,wCAAA,EAA2C,MAAM,CAAA,6BAAA,EAAgC,UAAU,CAAA,EAAA,CAAA;AAAA,MAC3F,IAAA;AAAK,KACP;AAAA,EACF;AAEA,EAAA,OAAO,MAAM,eAAA,CAAgB,OAAA,CAAQ,OAAA,EAAS,MAAM,CAAC,CAAA;AACvD;AAEA,eAAe,eAAA,CACb,KAAA,EACA,WAAA,EACA,KAAA,EACAF,MAAAA,EACgC;AAChC,EAAA,MAAM,OAAA,GAAU,iBAAiB,WAAW,CAAA;AAC5C,EAAA,MAAM,OAAA,GAAU,OAAOA,MAAAA,KAAU,QAAA,GAC7B,eAAe,KAAA,EAAOA,MAAK,CAAA,GAC3B,cAAA,CAAe,KAAK,CAAA;AACxB,EAAA,OAAO,MAAM,eAAA,CAAgB,OAAA,CAAQ,MAAA,CAAO,OAAA,EAAS,KAAK,CAAC,CAAA;AAC7D;AAEA,SAAS,mBAAA,CACP,YAAA,EACA,UAAA,EACAA,MAAAA,EACyC;AACzC,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,MAAM,SAAA,CAAmB,MAAA,EAAqD,MAAA,EAAgC;AAC5G,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,oBAAA,CAAqB,KAAA,EAAO,MAAA,CAAO,UAAU,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,EAA8CA,MAAK,CAAA;AAC1I,MAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,QAAA,MAAM,yBAAyB,QAAQ,CAAA;AAAA,MACzC;AAAA,IACF,CAAA;AAAA,IACA,MAAM,GAAA,CAAa,MAAA,EAAqD,MAAA,EAAmC;AACzG,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,oBAAA,CAAqB,KAAA,EAAO,MAAA,CAAO,UAAU,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,EAA8CA,MAAK,CAAA;AAC1I,MAAA,OAAO,QAAA,CAAS,OAAA;AAAA,IAClB,CAAA;AAAA,IACA,MAAM,MAAA,CAAgB,MAAA,EAAqD,MAAA,EAAmC;AAC5G,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,oBAAA,CAAqB,KAAA,EAAO,MAAA,CAAO,UAAU,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,EAA8CA,MAAK,CAAA;AAC1I,MAAA,OAAO,CAAC,QAAA,CAAS,OAAA;AAAA,IACnB,CAAA;AAAA,IACA,MAAM,OAAA,CAAiB,MAAA,EAAqD,MAAA,EAAiD;AAC3H,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,OAAO,MAAM,oBAAA,CAAqB,KAAA,EAAO,MAAA,CAAO,UAAU,GAAG,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,EAA8CA,MAAK,CAAA;AAAA,IAClI;AAAA,GACD,CAAA;AACH;AAEA,SAAS,oBAAA,CACP,YAAA,EACA,WAAA,EACAA,MAAAA,EAC2C;AAC3C,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,MAAM,UAAU,KAAA,EAAkD;AAChE,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,eAAA,CAAgB,KAAA,EAAO,OAAO,WAAW,CAAA,EAAG,OAAOA,MAAK,CAAA;AAC/E,MAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,QAAA,MAAM,yBAAyB,QAAQ,CAAA;AAAA,MACzC;AAAA,IACF,CAAA;AAAA,IACA,MAAM,IAAI,KAAA,EAAqD;AAC7D,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,eAAA,CAAgB,KAAA,EAAO,OAAO,WAAW,CAAA,EAAG,OAAOA,MAAK,CAAA;AAC/E,MAAA,OAAO,QAAA,CAAS,OAAA;AAAA,IAClB,CAAA;AAAA,IACA,MAAM,OAAO,KAAA,EAAqD;AAChE,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,eAAA,CAAgB,KAAA,EAAO,OAAO,WAAW,CAAA,EAAG,OAAOA,MAAK,CAAA;AAC/E,MAAA,OAAO,CAAC,QAAA,CAAS,OAAA;AAAA,IACnB,CAAA;AAAA,IACA,MAAM,QAAQ,KAAA,EAAmE;AAC/E,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,OAAO,MAAM,eAAA,CAAgB,KAAA,EAAO,OAAO,WAAW,CAAA,EAAG,OAAOA,MAAK,CAAA;AAAA,IACvE;AAAA,GACD,CAAA;AACH;AAEA,SAAS,wBAAA,CACP,cACAA,MAAAA,EAC2B;AAC3B,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,MAAM,SAAA,CAA8D,MAAA,EAAkC,MAAA,EAAgC;AACpI,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,sBAAA,CAAuB,KAAA,EAAO,OAAO,MAAM,CAAA,EAAG,QAA8CA,MAAK,CAAA;AACxH,MAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,QAAA,MAAM,yBAAyB,QAAQ,CAAA;AAAA,MACzC;AAAA,IACF,CAAA;AAAA,IACA,MAAM,GAAA,CAAwD,MAAA,EAAkC,MAAA,EAAmC;AACjI,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,sBAAA,CAAuB,KAAA,EAAO,OAAO,MAAM,CAAA,EAAG,QAA8CA,MAAK,CAAA;AACxH,MAAA,OAAO,QAAA,CAAS,OAAA;AAAA,IAClB,CAAA;AAAA,IACA,MAAM,MAAA,CAA2D,MAAA,EAAkC,MAAA,EAAmC;AACpI,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,sBAAA,CAAuB,KAAA,EAAO,OAAO,MAAM,CAAA,EAAG,QAA8CA,MAAK,CAAA;AACxH,MAAA,OAAO,CAAC,QAAA,CAAS,OAAA;AAAA,IACnB,CAAA;AAAA,IACA,MAAM,OAAA,CAA4D,MAAA,EAAkC,MAAA,EAAiD;AACnJ,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,OAAO,MAAM,sBAAA,CAAuB,KAAA,EAAO,OAAO,MAAM,CAAA,EAAG,QAA8CA,MAAK,CAAA;AAAA,IAChH,CAAA;AAAA,IACA,OAA2C,IAAA,EAAmB;AAC5D,MAAA,OAAO,mBAAA,CAAoB,YAAA,EAAc,IAAA,EAAMA,MAAK,CAAA;AAAA,IACtD,CAAA;AAAA,IACA,QAA8C,IAAA,EAAoB;AAChE,MAAA,OAAO,oBAAA,CAAqB,YAAA,EAAc,IAAA,EAAMA,MAAK,CAAA;AAAA,IACvD;AAAA,GACD,CAAA;AACH;AAEO,SAAS,QAA+B,KAAA,EAAiD;AAC9F,EAAA,OAAO,wBAAA,CAAyB,MAAM,OAAA,CAAQ,OAAA,CAAQ,KAAK,CAAC,CAAA;AAC9D;AAEA,SAAS,2BAAA,GAGP;AACA,EAAA,MAAM,cAAc,+BAAA,EAAgC;AACpD,EAAA,OAAO;AAAA,IACL,cAAc,MAAM,OAAA,CAAQ,OAAA,CAAQ,WAAA,CAAY,qBAAqB,CAAA;AAAA,IACrE,KAAA,EAAO;AAAA,GACT;AACF;AAEA,SAAS,iCAAiC,IAAA,EAGxC;AACA,EAAA,MAAM,cAAc,+BAAA,EAAgC;AACpD,EAAA,IAAI,CAAC,WAAA,CAAY,QAAA,CAAS,IAAI,CAAA,EAAG;AAC/B,IAAA,MAAM,IAAI,+BAAA,CAAgC,CAAA,gCAAA,EAAmC,IAAI,CAAA,gBAAA,CAAkB,CAAA;AAAA,EACrG;AAEA,EAAA,OAAO;AAAA,IACL,cAAc,MAAM,OAAA,CAAQ,QAAQ,WAAA,CAAY,iBAAA,CAAkB,IAAI,CAAC,CAAA;AAAA,IACvE,KAAA,EAAO;AAAA,GACT;AACF;AAEA,eAAsB,SAAA,CACpB,QACA,MAAA,EACe;AACf,EAAA,MAAM,EAAE,YAAA,EAAa,GAAI,2BAAA,EAA4B;AACrD,EAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,EAAA,MAAM,WAAW,MAAM,sBAAA,CAAuB,OAAO,MAAA,CAAO,MAAM,GAAG,MAA4C,CAAA;AACjH,EAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,IAAA,MAAM,yBAAyB,QAAQ,CAAA;AAAA,EACzC;AACF;AAEA,eAAsB,GAAA,CACpB,QACA,MAAA,EACkB;AAClB,EAAA,MAAM,EAAE,YAAA,EAAa,GAAI,2BAAA,EAA4B;AACrD,EAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,EAAA,MAAM,WAAW,MAAM,sBAAA,CAAuB,OAAO,MAAA,CAAO,MAAM,GAAG,MAA4C,CAAA;AACjH,EAAA,OAAO,QAAA,CAAS,OAAA;AAClB;AAEA,eAAsB,MAAA,CACpB,QACA,MAAA,EACkB;AAClB,EAAA,MAAM,EAAE,YAAA,EAAa,GAAI,2BAAA,EAA4B;AACrD,EAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,EAAA,MAAM,WAAW,MAAM,sBAAA,CAAuB,OAAO,MAAA,CAAO,MAAM,GAAG,MAA4C,CAAA;AACjH,EAAA,OAAO,CAAC,QAAA,CAAS,OAAA;AACnB;AAEA,eAAsB,OAAA,CACpB,QACA,MAAA,EACgC;AAChC,EAAA,MAAM,EAAE,YAAA,EAAa,GAAI,2BAAA,EAA4B;AACrD,EAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,EAAA,OAAO,MAAM,sBAAA,CAAuB,KAAA,EAAO,MAAA,CAAO,MAAM,GAAG,MAA4C,CAAA;AACzG;AAEO,SAAS,MAAqD,IAAA,EAA6C;AAChH,EAAA,MAAM,EAAE,cAAc,KAAA,EAAO,aAAA,KAAkB,gCAAA,CAAiC,MAAA,CAAO,IAAI,CAAC,CAAA;AAC5F,EAAA,OAAO,wBAAA,CAAyB,cAAc,aAAa,CAAA;AAC7D;AAEO,IAAM,sBAAA,GAAyB,OAAO,MAAA,CAAO;AAAA,EAClD,4BAAA;AAAA,EACA,8BAAA;AAAA,EACA,qCAAA;AAAA,EACA,iCAAA;AAAA,EACA,+BAAA;AAAA,EACA,eAAA;AAAA,EACA,gBAAA;AAAA,EACA,iBAAA;AAAA,EACA,sBAAA;AAAA,EACA,oBAAA;AAAA,EACA,eAAA;AAAA,EACA,wBAAA;AAAA,EACA,yBAAA;AAAA,EACA,0BAAA;AAAA,EACA;AACF,CAAC;;;AC1sBD,IAAM,aAAA,GAAqC,OAAO,MAAA,CAAO;AAAA,EACvD,OAAA;AAAA,EACA,KAAA;AAAA,EACA,SAAA;AAAA,EACA,GAAA;AAAA,EACA,MAAA;AAAA,EACA;AACF,CAAC,CAAA;AAED,IAAO,WAAA,GAAQ","file":"index.mjs","sourcesContent":["import type {\n AuthorizationAbilityDefinition,\n AuthorizationAbilityBuilder,\n AuthorizationAbilityHandler,\n AuthorizationActorContext,\n AuthorizationActorBuilder,\n AuthorizationDecision,\n AuthorizationDecisionInput,\n AuthorizationError,\n AuthorizationGuardActorContext,\n AuthorizationPolicyClassHandler,\n AuthorizationPolicyBeforeHandler,\n AuthorizationPolicyBuilder,\n AuthorizationPolicyDefinition,\n AuthorizationPolicyRecordHandler,\n AuthorizationPolicyTarget,\n AuthorizationTargetModel,\n AuthorizationTargetModelDefinition,\n AuthorizationTargetConstructor,\n AuthorizationAbilityRegistry,\n AuthorizationPolicyRegistry,\n AbilityInput,\n HoloAbilityName,\n HoloPolicyName,\n HoloAuthorizationGuardName,\n PolicyActionFor,\n PolicyActionForPolicy,\n AbilityActorForName,\n PolicyActorForName,\n} from './contracts'\nimport {\n allow,\n deny,\n denyAsNotFound,\n AuthorizationAbilityNotFoundError,\n AuthorizationAuthIntegrationMissingError,\n AuthorizationError as AuthorizationErrorClass,\n AuthorizationPolicyNotFoundError as PolicyNotFoundError,\n AuthorizationGuardNotFoundError,\n AUTHORIZATION_POLICY_MARKER,\n AUTHORIZATION_ABILITY_MARKER,\n normalizeAuthorizationDecision,\n} from './contracts'\n\ntype RegisteredPolicy = AuthorizationPolicyDefinition<string, AuthorizationPolicyTarget, string, string, object>\ntype RegisteredAbility = AuthorizationAbilityDefinition<string, object, object>\n\ntype FallbackAuthorizationActor<TActor> = [TActor] extends [never]\n ? object\n : Extract<TActor, object>\n\ntype PolicyActorForDefinition<TName extends string> = [Extract<TName, keyof AuthorizationPolicyRegistry & string>] extends [never]\n ? object\n : FallbackAuthorizationActor<PolicyActorForName<Extract<TName, keyof AuthorizationPolicyRegistry & string>>>\n\ntype AbilityActorForDefinition<TName extends string> = [Extract<TName, keyof AuthorizationAbilityRegistry & string>] extends [never]\n ? object\n : FallbackAuthorizationActor<AbilityActorForName<Extract<TName, keyof AuthorizationAbilityRegistry & string>>>\n\ntype AuthorizationAuthIntegration = {\n hasGuard(guardName: string): boolean\n resolveDefaultActor(): Promise<object | null> | object | null\n resolveGuardActor(guardName: string): Promise<object | null> | object | null\n}\n\ntype AuthorizationRuntimeState = {\n policiesByName: Map<string, RegisteredPolicy>\n policiesByTargetObject: WeakMap<object, RegisteredPolicy>\n policiesByDefinitionKey: Map<string, RegisteredPolicy>\n abilitiesByName: Map<string, RegisteredAbility>\n authIntegration: AuthorizationAuthIntegration | null\n}\n\nfunction createAuthorizationRuntimeState(): AuthorizationRuntimeState {\n return {\n policiesByName: new Map(),\n policiesByTargetObject: new WeakMap(),\n policiesByDefinitionKey: new Map(),\n abilitiesByName: new Map(),\n authIntegration: null,\n }\n}\n\nfunction getAuthorizationRuntimeState(): AuthorizationRuntimeState {\n const runtime = globalThis as typeof globalThis & {\n __holoAuthorizationRuntime__?: AuthorizationRuntimeState\n }\n\n runtime.__holoAuthorizationRuntime__ ??= createAuthorizationRuntimeState()\n return runtime.__holoAuthorizationRuntime__\n}\n\nfunction resetAuthorizationRuntimeState(): void {\n const runtime = globalThis as typeof globalThis & {\n __holoAuthorizationRuntime__?: AuthorizationRuntimeState\n }\n\n runtime.__holoAuthorizationRuntime__ = createAuthorizationRuntimeState()\n}\n\nfunction configureAuthorizationAuthIntegration(integration?: AuthorizationAuthIntegration): void {\n const state = getAuthorizationRuntimeState()\n state.authIntegration = integration ?? null\n}\n\nfunction resetAuthorizationAuthIntegration(): void {\n getAuthorizationRuntimeState().authIntegration = null\n}\n\nfunction getAuthorizationAuthIntegration(): AuthorizationAuthIntegration {\n const integration = getAuthorizationRuntimeState().authIntegration\n if (!integration) {\n throw new AuthorizationAuthIntegrationMissingError('[@holo-js/authorization] Auth integration is not configured yet.')\n }\n\n return integration\n}\n\nfunction normalizePolicyName<TName extends string>(name: TName): TName {\n const trimmed = name.trim()\n if (!trimmed) {\n throw new TypeError('[@holo-js/authorization] Policy name must be a non-empty string.')\n }\n\n return trimmed as TName\n}\n\nfunction normalizeAbilityName<TName extends string>(name: TName): TName {\n const trimmed = name.trim()\n if (!trimmed) {\n throw new TypeError('[@holo-js/authorization] Ability name must be a non-empty string.')\n }\n\n return trimmed as TName\n}\n\nfunction normalizeTarget<TTarget extends AuthorizationPolicyTarget>(target: TTarget): TTarget {\n if (typeof target === 'function') {\n return target\n }\n\n if (isAuthorizationTargetModel(target)) {\n return target\n }\n\n throw new TypeError('[@holo-js/authorization] Policy targets must be class constructors or model references.')\n}\n\nfunction normalizeHandlerMap<THandler extends Record<string, unknown> | undefined>(\n value: THandler,\n label: string,\n): THandler {\n if (typeof value === 'undefined') {\n return value\n }\n\n if (!value || typeof value !== 'object' || Array.isArray(value)) {\n throw new TypeError(`[@holo-js/authorization] ${label} must be a plain object when provided.`)\n }\n\n return value\n}\n\nfunction validateHandlerMap(\n value: Readonly<Record<string, unknown>> | undefined,\n label: string,\n): void {\n if (!value) {\n return\n }\n\n for (const [name, handler] of Object.entries(value)) {\n if (typeof handler !== 'function') {\n throw new TypeError(`[@holo-js/authorization] ${label}.${name} must be a function.`)\n }\n }\n}\n\nfunction validatePolicyDefinition(definition: AuthorizationPolicyDefinition<string, AuthorizationPolicyTarget, string, string, object>): void {\n validateHandlerMap(definition.class, 'policy.class')\n validateHandlerMap(definition.record, 'policy.record')\n if (definition.before && typeof definition.before !== 'function') {\n throw new TypeError('[@holo-js/authorization] policy.before must be a function when provided.')\n }\n}\n\nfunction validateAbilityDefinition(definition: AuthorizationAbilityDefinition<string, object, object>): void {\n if (typeof definition.handle !== 'function') {\n throw new TypeError('[@holo-js/authorization] Ability handler must be a function.')\n }\n}\n\nfunction registerPolicyDefinition<TDefinition extends RegisteredPolicy>(definition: TDefinition): TDefinition {\n const state = getAuthorizationRuntimeState()\n if (state.policiesByName.has(definition.name)) {\n throw new Error(`[@holo-js/authorization] Policy \"${definition.name}\" is already registered.`)\n }\n\n if (state.policiesByTargetObject.get(definition.target)) {\n throw new Error('[@holo-js/authorization] A policy is already registered for this target.')\n }\n\n const definitionKey = getDefinitionKeyForTarget(definition.target)\n if (definitionKey && state.policiesByDefinitionKey.has(definitionKey)) {\n throw new Error(`[@holo-js/authorization] A policy is already registered for target definition \"${definitionKey}\".`)\n }\n\n state.policiesByName.set(definition.name, definition)\n state.policiesByTargetObject.set(definition.target, definition)\n if (definitionKey) {\n state.policiesByDefinitionKey.set(definitionKey, definition)\n }\n return definition\n}\n\nfunction registerAbilityDefinition<TDefinition extends RegisteredAbility>(definition: TDefinition): TDefinition {\n const state = getAuthorizationRuntimeState()\n if (state.abilitiesByName.has(definition.name)) {\n throw new Error(`[@holo-js/authorization] Ability \"${definition.name}\" is already registered.`)\n }\n\n state.abilitiesByName.set(definition.name, definition)\n return definition\n}\n\nfunction unregisterPolicyDefinition(name: string): void {\n const state = getAuthorizationRuntimeState()\n const definition = state.policiesByName.get(name)\n if (!definition) {\n return\n }\n\n state.policiesByName.delete(name)\n state.policiesByTargetObject.delete(definition.target)\n const definitionKey = getDefinitionKeyForTarget(definition.target)\n if (definitionKey) {\n state.policiesByDefinitionKey.delete(definitionKey)\n }\n}\n\nfunction unregisterAbilityDefinition(name: string): void {\n getAuthorizationRuntimeState().abilitiesByName.delete(name)\n}\n\nfunction freezePolicyDefinition<TDefinition extends RegisteredPolicy>(definition: TDefinition): TDefinition {\n return Object.freeze({\n ...definition,\n class: definition.class ? Object.freeze({ ...definition.class }) : definition.class,\n record: definition.record ? Object.freeze({ ...definition.record }) : definition.record,\n }) as TDefinition\n}\n\nfunction freezeAbilityDefinition<TDefinition extends RegisteredAbility>(definition: TDefinition): TDefinition {\n return Object.freeze(definition) as TDefinition\n}\n\nexport function definePolicy<\n TName extends string,\n TTarget extends AuthorizationPolicyTarget,\n TDefinition extends {\n readonly before?: AuthorizationPolicyBeforeHandler<PolicyActorForDefinition<TName>, TTarget>\n readonly class?: Readonly<Record<string, AuthorizationPolicyClassHandler<PolicyActorForDefinition<TName>, TTarget>>>\n readonly record?: Readonly<Record<string, AuthorizationPolicyRecordHandler<PolicyActorForDefinition<TName>, TTarget>>>\n },\n>(\n name: TName,\n target: TTarget,\n definition: TDefinition & {\n readonly before?: AuthorizationPolicyBeforeHandler<PolicyActorForDefinition<TName>, TTarget>\n readonly class?: Readonly<Record<string, AuthorizationPolicyClassHandler<PolicyActorForDefinition<TName>, TTarget>>>\n readonly record?: Readonly<Record<string, AuthorizationPolicyRecordHandler<PolicyActorForDefinition<TName>, TTarget>>>\n },\n): AuthorizationPolicyDefinition<\n TName,\n TTarget,\n Extract<keyof NonNullable<TDefinition['class']>, string>,\n Extract<keyof NonNullable<TDefinition['record']>, string>,\n PolicyActorForDefinition<TName>\n> {\n const normalizedName = normalizePolicyName(name)\n const normalizedTarget = normalizeTarget(target)\n const normalizedClass = normalizeHandlerMap(definition.class, 'policy.class')\n const normalizedRecord = normalizeHandlerMap(definition.record, 'policy.record')\n const runtimeDefinition = {\n [AUTHORIZATION_POLICY_MARKER]: true,\n name: normalizedName,\n target: normalizedTarget,\n before: definition.before,\n class: normalizedClass,\n record: normalizedRecord,\n } as RegisteredPolicy\n validatePolicyDefinition(runtimeDefinition)\n\n const registered = registerPolicyDefinition(freezePolicyDefinition(runtimeDefinition))\n\n return registered as AuthorizationPolicyDefinition<\n TName,\n TTarget,\n Extract<keyof NonNullable<TDefinition['class']>, string>,\n Extract<keyof NonNullable<TDefinition['record']>, string>,\n PolicyActorForDefinition<TName>\n >\n}\n\nexport function defineAbility<\n TName extends string,\n TInput extends object,\n>(\n name: TName,\n handle: AuthorizationAbilityHandler<AbilityActorForDefinition<TName>, TInput>,\n): AuthorizationAbilityDefinition<TName, TInput> {\n const normalizedName = normalizeAbilityName(name)\n const runtimeDefinition = {\n [AUTHORIZATION_ABILITY_MARKER]: true,\n name: normalizedName,\n handle,\n } as unknown as RegisteredAbility\n validateAbilityDefinition(runtimeDefinition)\n\n const registered = registerAbilityDefinition(freezeAbilityDefinition(runtimeDefinition))\n\n return registered as unknown as AuthorizationAbilityDefinition<TName, TInput>\n}\n\nfunction getPolicyByName(name: string): RegisteredPolicy {\n const policy = getAuthorizationRuntimeState().policiesByName.get(name)\n if (!policy) {\n throw new PolicyNotFoundError(`[@holo-js/authorization] Policy \"${name}\" was not found.`)\n }\n\n return policy\n}\n\nfunction getAbilityByName(name: string): RegisteredAbility {\n const ability = getAuthorizationRuntimeState().abilitiesByName.get(name)\n if (!ability) {\n throw new AuthorizationAbilityNotFoundError(`[@holo-js/authorization] Ability \"${name}\" was not found.`)\n }\n\n return ability\n}\n\nfunction getPolicyByTarget(target: AuthorizationPolicyTarget | object): RegisteredPolicy {\n const state = getAuthorizationRuntimeState()\n if (typeof target === 'function' || isAuthorizationTargetModel(target)) {\n const directPolicy = state.policiesByTargetObject.get(target)\n if (directPolicy) {\n return directPolicy\n }\n\n const directDefinitionKey = getDefinitionKeyForTarget(target)\n if (directDefinitionKey) {\n const definitionPolicy = state.policiesByDefinitionKey.get(directDefinitionKey)\n if (definitionPolicy) {\n return definitionPolicy\n }\n }\n }\n\n const targetConstructor = getTargetConstructor(target)\n if (targetConstructor) {\n const constructorPolicy = state.policiesByTargetObject.get(targetConstructor)\n if (constructorPolicy) {\n return constructorPolicy\n }\n }\n\n const instanceDefinitionKey = getDefinitionKeyForTargetInstance(target)\n if (instanceDefinitionKey) {\n const definitionPolicy = state.policiesByDefinitionKey.get(instanceDefinitionKey)\n if (definitionPolicy) {\n return definitionPolicy\n }\n }\n\n throw new PolicyNotFoundError('[@holo-js/authorization] Policy definition was not found for the target.')\n}\n\nfunction getTargetConstructor(target: object): AuthorizationTargetConstructor | null {\n const candidate = (target as { constructor?: AuthorizationTargetConstructor | undefined }).constructor\n return isAuthorizationTargetConstructor(candidate)\n ? candidate\n : null\n}\n\nfunction isAuthorizationTargetConstructor(value: unknown): value is AuthorizationTargetConstructor {\n return typeof value === 'function'\n && 'prototype' in value\n}\n\nfunction isAuthorizationTargetModel(value: unknown): value is AuthorizationTargetModel<object> {\n return !!value\n && typeof value === 'object'\n && 'definition' in value\n && isAuthorizationTargetModelDefinition((value as { definition?: unknown }).definition)\n}\n\nfunction isAuthorizationTargetModelDefinition(value: unknown): value is AuthorizationTargetModelDefinition {\n return !!value\n && typeof value === 'object'\n && 'name' in value\n && typeof (value as { name?: unknown }).name === 'string'\n}\n\nfunction getDefinitionKeyForTarget(target: AuthorizationPolicyTarget): string | null {\n if (!isAuthorizationTargetModel(target)) {\n return null\n }\n\n return buildDefinitionKey(target.definition)\n}\n\nfunction getDefinitionKeyForTargetInstance(target: object): string | null {\n const candidate = target as {\n getRepository?: (() => {\n definition?: unknown\n }) | undefined\n }\n\n if (typeof candidate.getRepository !== 'function') {\n return null\n }\n\n const repository = candidate.getRepository()\n if (!repository || typeof repository !== 'object' || !('definition' in repository)) {\n return null\n }\n\n const definition = (repository as { definition?: unknown }).definition\n return isAuthorizationTargetModelDefinition(definition)\n ? buildDefinitionKey(definition)\n : null\n}\n\nfunction buildDefinitionKey(definition: AuthorizationTargetModelDefinition): string {\n const tableName = definition.table?.tableName?.trim()\n const modelName = definition.name.trim()\n return tableName\n ? `${modelName}:${tableName}`\n : modelName\n}\n\nfunction resolveContext<TActor extends object>(actor: TActor | null): AuthorizationActorContext<TActor>\nfunction resolveContext<TActor extends object, TGuardName extends string>(\n actor: TActor | null,\n guard: TGuardName,\n): AuthorizationGuardActorContext<TActor, TGuardName>\nfunction resolveContext<TActor extends object, TGuardName extends string>(\n actor: TActor | null,\n guard?: TGuardName,\n): AuthorizationActorContext<TActor> | AuthorizationGuardActorContext<TActor, TGuardName> {\n const baseContext = {\n user: actor,\n authenticated: actor !== null,\n }\n\n if (typeof guard === 'string') {\n return Object.freeze({\n ...baseContext,\n guard,\n })\n }\n\n return Object.freeze(baseContext)\n}\n\nfunction createAuthorizationError(decision: AuthorizationDecision): AuthorizationError {\n return new AuthorizationErrorClass(\n decision.message ?? 'You are not authorized to perform this action.',\n decision,\n )\n}\n\nfunction normalizeResult(outcome: AuthorizationDecisionInput | Promise<AuthorizationDecisionInput>): Promise<AuthorizationDecision> {\n return Promise.resolve(outcome).then(result => normalizeAuthorizationDecision(result))\n}\n\nasync function evaluateBeforeHook(\n before: AuthorizationPolicyBeforeHandler<object, AuthorizationPolicyTarget> | undefined,\n context: AuthorizationActorContext<object> | AuthorizationGuardActorContext<object, string>,\n target: AuthorizationPolicyTarget | object,\n): Promise<AuthorizationDecision | undefined> {\n if (!before) {\n return undefined\n }\n\n const outcome = await before(context, target as AuthorizationPolicyTarget & object)\n if (typeof outcome === 'undefined') {\n return undefined\n }\n\n return normalizeAuthorizationDecision(outcome)\n}\n\nasync function evaluatePolicyByTarget(\n actor: object | null,\n action: string,\n target: AuthorizationPolicyTarget | object,\n guard?: string,\n): Promise<AuthorizationDecision> {\n const policy = getPolicyByTarget(target)\n const context = typeof guard === 'string'\n ? resolveContext(actor, guard)\n : resolveContext(actor)\n if (typeof target === 'function' || isAuthorizationTargetModel(target)) {\n const beforeDecision = await evaluateBeforeHook(policy.before, context, target)\n if (beforeDecision) {\n return beforeDecision\n }\n\n const handler = policy.class?.[action]\n if (!handler) {\n throw new AuthorizationErrorClass(\n `[@holo-js/authorization] Policy action \"${action}\" is not defined for the selected target.`,\n deny(),\n )\n }\n\n return await normalizeResult(handler(context, target))\n }\n\n const beforeDecision = await evaluateBeforeHook(policy.before, context, target)\n if (beforeDecision) {\n return beforeDecision\n }\n\n const handler = policy.record?.[action]\n if (!handler) {\n throw new AuthorizationErrorClass(\n `[@holo-js/authorization] Policy action \"${action}\" is not defined for the selected target.`,\n deny(),\n )\n }\n\n return await normalizeResult(handler(context, target))\n}\n\nasync function evaluatePolicyByName(\n actor: object | null,\n policyName: string,\n action: string,\n target: AuthorizationPolicyTarget | object,\n guard?: string,\n): Promise<AuthorizationDecision> {\n const policy = getPolicyByName(policyName)\n const context = typeof guard === 'string'\n ? resolveContext(actor, guard)\n : resolveContext(actor)\n if (typeof target === 'function' || isAuthorizationTargetModel(target)) {\n const beforeDecision = await evaluateBeforeHook(policy.before, context, target)\n if (beforeDecision) {\n return beforeDecision\n }\n\n const handler = policy.class?.[action]\n if (!handler) {\n throw new AuthorizationErrorClass(\n `[@holo-js/authorization] Policy action \"${action}\" is not defined for policy \"${policyName}\".`,\n deny(),\n )\n }\n\n return await normalizeResult(handler(context, target))\n }\n\n const beforeDecision = await evaluateBeforeHook(policy.before, context, target)\n if (beforeDecision) {\n return beforeDecision\n }\n\n const handler = policy.record?.[action]\n if (!handler) {\n throw new AuthorizationErrorClass(\n `[@holo-js/authorization] Policy action \"${action}\" is not defined for policy \"${policyName}\".`,\n deny(),\n )\n }\n\n return await normalizeResult(handler(context, target))\n}\n\nasync function evaluateAbility<TInput extends object>(\n actor: object | null,\n abilityName: string,\n input: TInput,\n guard?: string,\n): Promise<AuthorizationDecision> {\n const ability = getAbilityByName(abilityName)\n const context = typeof guard === 'string'\n ? resolveContext(actor, guard)\n : resolveContext(actor)\n return await normalizeResult(ability.handle(context, input))\n}\n\nfunction createPolicyBuilder<TPolicyName extends HoloPolicyName>(\n resolveActor: () => Promise<object | null> | object | null,\n policyName: TPolicyName,\n guard?: string,\n): AuthorizationPolicyBuilder<TPolicyName> {\n return Object.freeze({\n async authorize<TTarget>(action: PolicyActionForPolicy<TPolicyName, TTarget>, target: TTarget): Promise<void> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByName(actor, String(policyName), String(action), target as AuthorizationPolicyTarget | object, guard)\n if (!decision.allowed) {\n throw createAuthorizationError(decision)\n }\n },\n async can<TTarget>(action: PolicyActionForPolicy<TPolicyName, TTarget>, target: TTarget): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByName(actor, String(policyName), String(action), target as AuthorizationPolicyTarget | object, guard)\n return decision.allowed\n },\n async cannot<TTarget>(action: PolicyActionForPolicy<TPolicyName, TTarget>, target: TTarget): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByName(actor, String(policyName), String(action), target as AuthorizationPolicyTarget | object, guard)\n return !decision.allowed\n },\n async inspect<TTarget>(action: PolicyActionForPolicy<TPolicyName, TTarget>, target: TTarget): Promise<AuthorizationDecision> {\n const actor = await resolveActor()\n return await evaluatePolicyByName(actor, String(policyName), String(action), target as AuthorizationPolicyTarget | object, guard)\n },\n }) as unknown as AuthorizationPolicyBuilder<TPolicyName>\n}\n\nfunction createAbilityBuilder<TAbilityName extends HoloAbilityName>(\n resolveActor: () => Promise<object | null> | object | null,\n abilityName: TAbilityName,\n guard?: string,\n): AuthorizationAbilityBuilder<TAbilityName> {\n return Object.freeze({\n async authorize(input: AbilityInput<TAbilityName>): Promise<void> {\n const actor = await resolveActor()\n const decision = await evaluateAbility(actor, String(abilityName), input, guard)\n if (!decision.allowed) {\n throw createAuthorizationError(decision)\n }\n },\n async can(input: AbilityInput<TAbilityName>): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluateAbility(actor, String(abilityName), input, guard)\n return decision.allowed\n },\n async cannot(input: AbilityInput<TAbilityName>): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluateAbility(actor, String(abilityName), input, guard)\n return !decision.allowed\n },\n async inspect(input: AbilityInput<TAbilityName>): Promise<AuthorizationDecision> {\n const actor = await resolveActor()\n return await evaluateAbility(actor, String(abilityName), input, guard)\n },\n })\n}\n\nfunction createActorAuthorization(\n resolveActor: () => Promise<object | null> | object | null,\n guard?: string,\n): AuthorizationActorBuilder {\n return Object.freeze({\n async authorize<TTarget extends AuthorizationPolicyTarget | object>(action: PolicyActionFor<TTarget>, target: TTarget): Promise<void> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object, guard)\n if (!decision.allowed) {\n throw createAuthorizationError(decision)\n }\n },\n async can<TTarget extends AuthorizationPolicyTarget | object>(action: PolicyActionFor<TTarget>, target: TTarget): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object, guard)\n return decision.allowed\n },\n async cannot<TTarget extends AuthorizationPolicyTarget | object>(action: PolicyActionFor<TTarget>, target: TTarget): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object, guard)\n return !decision.allowed\n },\n async inspect<TTarget extends AuthorizationPolicyTarget | object>(action: PolicyActionFor<TTarget>, target: TTarget): Promise<AuthorizationDecision> {\n const actor = await resolveActor()\n return await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object, guard)\n },\n policy<TPolicyName extends HoloPolicyName>(name: TPolicyName) {\n return createPolicyBuilder(resolveActor, name, guard)\n },\n ability<TAbilityName extends HoloAbilityName>(name: TAbilityName) {\n return createAbilityBuilder(resolveActor, name, guard)\n },\n }) as AuthorizationActorBuilder\n}\n\nexport function forUser<TActor extends object>(actor: TActor | null): AuthorizationActorBuilder {\n return createActorAuthorization(() => Promise.resolve(actor))\n}\n\nfunction getResolvedAuthActorContext(): {\n readonly resolveActor: () => Promise<object | null>\n readonly guard: string | undefined\n} {\n const integration = getAuthorizationAuthIntegration()\n return {\n resolveActor: () => Promise.resolve(integration.resolveDefaultActor()),\n guard: undefined,\n }\n}\n\nfunction getResolvedAuthGuardActorContext(name: string): {\n readonly resolveActor: () => Promise<object | null>\n readonly guard: string\n} {\n const integration = getAuthorizationAuthIntegration()\n if (!integration.hasGuard(name)) {\n throw new AuthorizationGuardNotFoundError(`[@holo-js/authorization] Guard \"${name}\" was not found.`)\n }\n\n return {\n resolveActor: () => Promise.resolve(integration.resolveGuardActor(name)),\n guard: name,\n }\n}\n\nexport async function authorize<TTarget extends AuthorizationPolicyTarget | object>(\n action: PolicyActionFor<TTarget>,\n target: TTarget,\n): Promise<void> {\n const { resolveActor } = getResolvedAuthActorContext()\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object)\n if (!decision.allowed) {\n throw createAuthorizationError(decision)\n }\n}\n\nexport async function can<TTarget extends AuthorizationPolicyTarget | object>(\n action: PolicyActionFor<TTarget>,\n target: TTarget,\n): Promise<boolean> {\n const { resolveActor } = getResolvedAuthActorContext()\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object)\n return decision.allowed\n}\n\nexport async function cannot<TTarget extends AuthorizationPolicyTarget | object>(\n action: PolicyActionFor<TTarget>,\n target: TTarget,\n): Promise<boolean> {\n const { resolveActor } = getResolvedAuthActorContext()\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object)\n return !decision.allowed\n}\n\nexport async function inspect<TTarget extends AuthorizationPolicyTarget | object>(\n action: PolicyActionFor<TTarget>,\n target: TTarget,\n): Promise<AuthorizationDecision> {\n const { resolveActor } = getResolvedAuthActorContext()\n const actor = await resolveActor()\n return await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object)\n}\n\nexport function guard<TGuardName extends HoloAuthorizationGuardName>(name: TGuardName): AuthorizationActorBuilder {\n const { resolveActor, guard: resolvedGuard } = getResolvedAuthGuardActorContext(String(name))\n return createActorAuthorization(resolveActor, resolvedGuard)\n}\n\nexport const authorizationInternals = Object.freeze({\n getAuthorizationRuntimeState,\n resetAuthorizationRuntimeState,\n configureAuthorizationAuthIntegration,\n resetAuthorizationAuthIntegration,\n getAuthorizationAuthIntegration,\n getPolicyByName,\n getAbilityByName,\n getPolicyByTarget,\n evaluatePolicyByTarget,\n evaluatePolicyByName,\n evaluateAbility,\n registerPolicyDefinition,\n registerAbilityDefinition,\n unregisterPolicyDefinition,\n unregisterAbilityDefinition,\n})\n\nexport {\n allow,\n deny,\n denyAsNotFound,\n AuthorizationAbilityNotFoundError,\n AuthorizationAuthIntegrationMissingError,\n AuthorizationErrorClass as AuthorizationError,\n PolicyNotFoundError as AuthorizationPolicyNotFoundError,\n}\n","import type { AuthorizationFacade } from './contracts'\n\nexport {\n allow,\n deny,\n denyAsNotFound,\n isAuthorizationAbilityDefinition,\n isAuthorizationDecision,\n isAuthorizationPolicyDefinition,\n normalizeAuthorizationDecision,\n AuthorizationAbilityNotFoundError,\n AuthorizationAuthIntegrationMissingError,\n AuthorizationError,\n AuthorizationGuardNotFoundError,\n AuthorizationPolicyNotFoundError,\n} from './contracts'\nexport type {\n AbilityInput,\n AuthorizationActorBuilder,\n AuthorizationActorContext,\n AuthorizationAbilityBuilder,\n AuthorizationAbilityHandler,\n AuthorizationAbilityRegistry,\n AuthorizationAbilityRegistryEntry,\n AuthorizationDecision,\n AuthorizationDecisionInput,\n AuthorizationDecisionStatus,\n AuthorizationFacade,\n AuthorizationGuardActorContext,\n AuthorizationPolicyBeforeHandler,\n AuthorizationPolicyBuilder,\n AuthorizationPolicyClassHandler,\n AuthorizationPolicyDefinition,\n AuthorizationPolicyRegistry,\n AuthorizationPolicyRecordHandler,\n AuthorizationPolicyRegistryEntry,\n AuthorizationPolicyTarget,\n AuthorizationTargetConstructor,\n AuthorizationTargetInstance,\n AuthorizationTargetModel,\n AuthorizationTargetModelDefinition,\n HoloAbilityName,\n HoloAuthorizationGuardName,\n HoloPolicyName,\n PolicyActionFor,\n PolicyActionForPolicy,\n PolicyClassActionFor,\n PolicyClassActionForPolicy,\n PolicyInstanceForPolicy,\n PolicyRecordActionFor,\n PolicyRecordActionForPolicy,\n PolicyTargetForPolicy,\n} from './contracts'\nexport {\n authorize,\n authorizationInternals,\n can,\n cannot,\n defineAbility,\n definePolicy,\n forUser,\n guard,\n inspect,\n} from './runtime'\n\nimport { authorize, can, cannot, forUser, guard, inspect } from './runtime'\n\nconst authorization: AuthorizationFacade = Object.freeze({\n forUser,\n guard,\n authorize,\n can,\n cannot,\n inspect,\n})\n\nexport default authorization\n"]}
1
+ {"version":3,"sources":["../src/runtime.ts","../src/index.ts"],"names":["guard","beforeDecision","handler"],"mappings":";;;;AA6CA,IAAM,6BAAA,mBAAgC,MAAA,CAAO,GAAA,CAAI,qCAAqC,CAAA;AA6BtF,SAAS,+BAAA,GAA6D;AACpE,EAAA,OAAO;AAAA,IACL,cAAA,sBAAoB,GAAA,EAAI;AAAA,IACxB,sBAAA,sBAA4B,OAAA,EAAQ;AAAA,IACpC,uBAAA,sBAA6B,GAAA,EAAI;AAAA,IACjC,eAAA,sBAAqB,GAAA,EAAI;AAAA,IACzB,eAAA,EAAiB;AAAA,GACnB;AACF;AAEA,SAAS,4BAAA,GAA0D;AACjE,EAAA,MAAM,OAAA,GAAU,UAAA;AAIhB,EAAA,OAAA,CAAQ,iCAAiC,+BAAA,EAAgC;AACzE,EAAA,OAAO,OAAA,CAAQ,4BAAA;AACjB;AAEA,SAAS,8BAAA,GAAuC;AAC9C,EAAA,MAAM,OAAA,GAAU,UAAA;AAIhB,EAAA,OAAA,CAAQ,+BAA+B,+BAAA,EAAgC;AACzE;AAEA,SAAS,sCAAsC,WAAA,EAAkD;AAC/F,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,KAAA,CAAM,kBAAkB,WAAA,IAAe,IAAA;AACzC;AAEA,SAAS,iCAAA,GAA0C;AACjD,EAAA,4BAAA,GAA+B,eAAA,GAAkB,IAAA;AACnD;AAEA,SAAS,+BAAA,GAAgE;AACvE,EAAA,MAAM,WAAA,GAAc,8BAA6B,CAAE,eAAA;AACnD,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,MAAM,IAAI,yCAAyC,kEAAkE,CAAA;AAAA,EACvH;AAEA,EAAA,OAAO,WAAA;AACT;AAEA,SAAS,oBAA0C,IAAA,EAAoB;AACrE,EAAA,MAAM,OAAA,GAAU,KAAK,IAAA,EAAK;AAC1B,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,UAAU,kEAAkE,CAAA;AAAA,EACxF;AAEA,EAAA,OAAO,OAAA;AACT;AAEA,SAAS,qBAA2C,IAAA,EAAoB;AACtE,EAAA,MAAM,OAAA,GAAU,KAAK,IAAA,EAAK;AAC1B,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,UAAU,mEAAmE,CAAA;AAAA,EACzF;AAEA,EAAA,OAAO,OAAA;AACT;AAEA,SAAS,gBAA2D,MAAA,EAA0B;AAC5F,EAAA,IAAI,OAAO,WAAW,UAAA,EAAY;AAChC,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,IAAI,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACtC,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,IAAI,UAAU,yFAAyF,CAAA;AAC/G;AAEA,SAAS,mBAAA,CACP,OACA,KAAA,EACU;AACV,EAAA,IAAI,OAAO,UAAU,WAAA,EAAa;AAChC,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,CAAC,SAAS,OAAO,KAAA,KAAU,YAAY,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC/D,IAAA,MAAM,IAAI,SAAA,CAAU,CAAA,yBAAA,EAA4B,KAAK,CAAA,sCAAA,CAAwC,CAAA;AAAA,EAC/F;AAEA,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,kBAAA,CACP,OACA,KAAA,EACM;AACN,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA;AAAA,EACF;AAEA,EAAA,KAAA,MAAW,CAAC,IAAA,EAAM,OAAO,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AACnD,IAAA,IAAI,OAAO,YAAY,UAAA,EAAY;AACjC,MAAA,MAAM,IAAI,SAAA,CAAU,CAAA,yBAAA,EAA4B,KAAK,CAAA,CAAA,EAAI,IAAI,CAAA,oBAAA,CAAsB,CAAA;AAAA,IACrF;AAAA,EACF;AACF;AAEA,SAAS,yBAAyB,UAAA,EAA4G;AAC5I,EAAA,kBAAA,CAAmB,UAAA,CAAW,OAAO,cAAc,CAAA;AACnD,EAAA,kBAAA,CAAmB,UAAA,CAAW,QAAQ,eAAe,CAAA;AACrD,EAAA,IAAI,UAAA,CAAW,MAAA,IAAU,OAAO,UAAA,CAAW,WAAW,UAAA,EAAY;AAChE,IAAA,MAAM,IAAI,UAAU,0EAA0E,CAAA;AAAA,EAChG;AACF;AAEA,SAAS,0BAA0B,UAAA,EAA0E;AAC3G,EAAA,IAAI,OAAO,UAAA,CAAW,MAAA,KAAW,UAAA,EAAY;AAC3C,IAAA,MAAM,IAAI,UAAU,8DAA8D,CAAA;AAAA,EACpF;AACF;AAEA,SAAS,yBAA+D,UAAA,EAAsC;AAC5G,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,IAAI,KAAA,CAAM,cAAA,CAAe,GAAA,CAAI,UAAA,CAAW,IAAI,CAAA,EAAG;AAC7C,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,iCAAA,EAAoC,UAAA,CAAW,IAAI,CAAA,wBAAA,CAA0B,CAAA;AAAA,EAC/F;AAEA,EAAA,IAAI,KAAA,CAAM,sBAAA,CAAuB,GAAA,CAAI,UAAA,CAAW,MAAM,CAAA,EAAG;AACvD,IAAA,MAAM,IAAI,MAAM,0EAA0E,CAAA;AAAA,EAC5F;AAEA,EAAA,MAAM,aAAA,GAAgB,yBAAA,CAA0B,UAAA,CAAW,MAAM,CAAA;AACjE,EAAA,IAAI,aAAA,IAAiB,KAAA,CAAM,uBAAA,CAAwB,GAAA,CAAI,aAAa,CAAA,EAAG;AACrE,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,+EAAA,EAAkF,aAAa,CAAA,EAAA,CAAI,CAAA;AAAA,EACrH;AAEA,EAAA,KAAA,CAAM,cAAA,CAAe,GAAA,CAAI,UAAA,CAAW,IAAA,EAAM,UAAU,CAAA;AACpD,EAAA,KAAA,CAAM,sBAAA,CAAuB,GAAA,CAAI,UAAA,CAAW,MAAA,EAAQ,UAAU,CAAA;AAC9D,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,KAAA,CAAM,uBAAA,CAAwB,GAAA,CAAI,aAAA,EAAe,UAAU,CAAA;AAAA,EAC7D;AACA,EAAA,OAAO,UAAA;AACT;AAEA,SAAS,0BAAiE,UAAA,EAAsC;AAC9G,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,IAAI,KAAA,CAAM,eAAA,CAAgB,GAAA,CAAI,UAAA,CAAW,IAAI,CAAA,EAAG;AAC9C,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,kCAAA,EAAqC,UAAA,CAAW,IAAI,CAAA,wBAAA,CAA0B,CAAA;AAAA,EAChG;AAEA,EAAA,KAAA,CAAM,eAAA,CAAgB,GAAA,CAAI,UAAA,CAAW,IAAA,EAAM,UAAU,CAAA;AACrD,EAAA,OAAO,UAAA;AACT;AAEA,SAAS,2BAA2B,IAAA,EAAoB;AACtD,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,MAAM,UAAA,GAAa,KAAA,CAAM,cAAA,CAAe,GAAA,CAAI,IAAI,CAAA;AAChD,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA;AAAA,EACF;AAEA,EAAA,KAAA,CAAM,cAAA,CAAe,OAAO,IAAI,CAAA;AAChC,EAAA,KAAA,CAAM,sBAAA,CAAuB,MAAA,CAAO,UAAA,CAAW,MAAM,CAAA;AACrD,EAAA,MAAM,aAAA,GAAgB,yBAAA,CAA0B,UAAA,CAAW,MAAM,CAAA;AACjE,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,KAAA,CAAM,uBAAA,CAAwB,OAAO,aAAa,CAAA;AAAA,EACpD;AACF;AAEA,SAAS,4BAA4B,IAAA,EAAoB;AACvD,EAAA,4BAAA,EAA6B,CAAE,eAAA,CAAgB,MAAA,CAAO,IAAI,CAAA;AAC5D;AAEA,SAAS,uBAA6D,UAAA,EAAsC;AAC1G,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,GAAG,UAAA;AAAA,IACH,KAAA,EAAO,UAAA,CAAW,KAAA,GAAQ,MAAA,CAAO,MAAA,CAAO,EAAE,GAAG,UAAA,CAAW,KAAA,EAAO,CAAA,GAAI,UAAA,CAAW,KAAA;AAAA,IAC9E,MAAA,EAAQ,UAAA,CAAW,MAAA,GAAS,MAAA,CAAO,MAAA,CAAO,EAAE,GAAG,UAAA,CAAW,MAAA,EAAQ,CAAA,GAAI,UAAA,CAAW;AAAA,GAClF,CAAA;AACH;AAEA,SAAS,wBAA+D,UAAA,EAAsC;AAC5G,EAAA,OAAO,MAAA,CAAO,OAAO,UAAU,CAAA;AACjC;AAEO,SAAS,YAAA,CASd,IAAA,EACA,MAAA,EACA,UAAA,EAWA;AACA,EAAA,MAAM,cAAA,GAAiB,oBAAoB,IAAI,CAAA;AAC/C,EAAA,MAAM,gBAAA,GAAmB,gBAAgB,MAAM,CAAA;AAC/C,EAAA,MAAM,eAAA,GAAkB,mBAAA,CAAoB,UAAA,CAAW,KAAA,EAAO,cAAc,CAAA;AAC5E,EAAA,MAAM,gBAAA,GAAmB,mBAAA,CAAoB,UAAA,CAAW,MAAA,EAAQ,eAAe,CAAA;AAC/E,EAAA,MAAM,iBAAA,GAAoB;AAAA,IACxB,CAAC,2BAA2B,GAAG,IAAA;AAAA,IAC/B,IAAA,EAAM,cAAA;AAAA,IACN,MAAA,EAAQ,gBAAA;AAAA,IACR,QAAQ,UAAA,CAAW,MAAA;AAAA,IACnB,KAAA,EAAO,eAAA;AAAA,IACP,MAAA,EAAQ;AAAA,GACV;AACA,EAAA,wBAAA,CAAyB,iBAAiB,CAAA;AAE1C,EAAA,MAAM,UAAA,GAAa,wBAAA,CAAyB,sBAAA,CAAuB,iBAAiB,CAAC,CAAA;AAErF,EAAA,OAAO,UAAA;AAOT;AAEO,SAAS,aAAA,CAId,MACA,MAAA,EAC+C;AAC/C,EAAA,MAAM,cAAA,GAAiB,qBAAqB,IAAI,CAAA;AAChD,EAAA,MAAM,iBAAA,GAAoB;AAAA,IACxB,CAAC,4BAA4B,GAAG,IAAA;AAAA,IAChC,IAAA,EAAM,cAAA;AAAA,IACN;AAAA,GACF;AACA,EAAA,yBAAA,CAA0B,iBAAiB,CAAA;AAE3C,EAAA,MAAM,UAAA,GAAa,yBAAA,CAA0B,uBAAA,CAAwB,iBAAiB,CAAC,CAAA;AAEvF,EAAA,OAAO,UAAA;AACT;AAEA,SAAS,gBAAgB,IAAA,EAAgC;AACvD,EAAA,MAAM,MAAA,GAAS,4BAAA,EAA6B,CAAE,cAAA,CAAe,IAAI,IAAI,CAAA;AACrE,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,gCAAA,CAAoB,CAAA,iCAAA,EAAoC,IAAI,CAAA,gBAAA,CAAkB,CAAA;AAAA,EAC1F;AAEA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,iBAAiB,IAAA,EAAiC;AACzD,EAAA,MAAM,OAAA,GAAU,4BAAA,EAA6B,CAAE,eAAA,CAAgB,IAAI,IAAI,CAAA;AACvE,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,iCAAA,CAAkC,CAAA,kCAAA,EAAqC,IAAI,CAAA,gBAAA,CAAkB,CAAA;AAAA,EACzG;AAEA,EAAA,OAAO,OAAA;AACT;AAEA,SAAS,kBAAkB,MAAA,EAA8D;AACvF,EAAA,MAAM,QAAQ,4BAAA,EAA6B;AAC3C,EAAA,IAAI,OAAO,MAAA,KAAW,UAAA,IAAc,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACtE,IAAA,MAAM,YAAA,GAAe,KAAA,CAAM,sBAAA,CAAuB,GAAA,CAAI,MAAM,CAAA;AAC5D,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,OAAO,YAAA;AAAA,IACT;AAEA,IAAA,MAAM,mBAAA,GAAsB,0BAA0B,MAAM,CAAA;AAC5D,IAAA,IAAI,mBAAA,EAAqB;AACvB,MAAA,MAAM,gBAAA,GAAmB,KAAA,CAAM,uBAAA,CAAwB,GAAA,CAAI,mBAAmB,CAAA;AAC9E,MAAA,IAAI,gBAAA,EAAkB;AACpB,QAAA,OAAO,gBAAA;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,EAAA,MAAM,iBAAA,GAAoB,qBAAqB,MAAM,CAAA;AACrD,EAAA,IAAI,iBAAA,EAAmB;AACrB,IAAA,MAAM,iBAAA,GAAoB,KAAA,CAAM,sBAAA,CAAuB,GAAA,CAAI,iBAAiB,CAAA;AAC5E,IAAA,IAAI,iBAAA,EAAmB;AACrB,MAAA,OAAO,iBAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,MAAM,qBAAA,GAAwB,kCAAkC,MAAM,CAAA;AACtE,EAAA,IAAI,qBAAA,EAAuB;AACzB,IAAA,MAAM,gBAAA,GAAmB,KAAA,CAAM,uBAAA,CAAwB,GAAA,CAAI,qBAAqB,CAAA;AAChF,IAAA,IAAI,gBAAA,EAAkB;AACpB,MAAA,OAAO,gBAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,iCAAoB,0EAA0E,CAAA;AAC1G;AAEA,SAAS,yBAAA,CACP,MAAA,EACA,UAAA,EACA,MAAA,EACM;AACN,EAAA,MAAM,YAAA,GAAe,kBAAkB,MAAM,CAAA;AAC7C,EAAA,IAAI,iBAAiB,MAAA,EAAQ;AAC3B,IAAA,MAAM,IAAI,gCAAA,CAAoB,CAAA,iCAAA,EAAoC,UAAU,CAAA,wCAAA,CAA0C,CAAA;AAAA,EACxH;AACF;AAEA,SAAS,qBAAqB,MAAA,EAAuD;AACnF,EAAA,MAAM,YAAa,MAAA,CAAwE,WAAA;AAC3F,EAAA,OAAO,gCAAA,CAAiC,SAAS,CAAA,GAC7C,SAAA,GACA,IAAA;AACN;AAEA,SAAS,iCAAiC,KAAA,EAAyD;AACjG,EAAA,OAAO,OAAO,KAAA,KAAU,UAAA,IACnB,WAAA,IAAe,KAAA;AACtB;AAEA,SAAS,2BAA2B,KAAA,EAA2D;AAC7F,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,UAAU,QAAA,IAAY,EAAE,gBAAgB,KAAA,CAAA,EAAQ;AACnE,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,SAAA,GAAY,KAAA;AAQlB,EAAA,MAAM,QAAQ,SAAA,CAAU,KAAA;AACxB,EAAA,IAAI,CAAC,oCAAA,CAAqC,SAAA,CAAU,UAAU,CAAA,IAAK,OAAO,UAAU,UAAA,EAAY;AAC9F,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI,OAAO,SAAA,CAAU,aAAA,KAAkB,UAAA,EAAY;AACjD,IAAA,OAAO,6BAAA,EAA8B,CAAE,GAAA,CAAI,KAAK,CAAA,IAC3C,OAAO,SAAA,CAAU,QAAA,KAAa,UAAA,IAC9B,OAAO,SAAA,CAAU,aAAA,KAAkB,UAAA;AAAA,EAC1C;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,WAAA,GAAc,KAAA,CAAM,IAAA,CAAK,SAAS,CAAA;AACxC,IAAA,OAAO,CAAC,CAAC,WAAA,IACJ,OAAO,WAAA,KAAgB,QAAA,IACvB,OAAQ,WAAA,CAAoC,KAAA,KAAU,UAAA,IACtD,OAAQ,WAAA,CAA0C,WAAA,KAAgB,UAAA;AAAA,EACzE,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAEA,SAAS,qCAAqC,KAAA,EAA6D;AACzG,EAAA,OAAO,CAAC,CAAC,KAAA,IACJ,OAAO,KAAA,KAAU,YACjB,MAAA,IAAU,KAAA,IACV,OAAQ,KAAA,CAA6B,IAAA,KAAS,QAAA;AACrD;AAEA,SAAS,6BAAA,GAAiD;AACxD,EAAA,MAAM,cAAA,GAAiB,UAAA;AACvB,EAAA,OAAO,cAAA,CAAe,6BAA6B,CAAA,oBAAK,IAAI,OAAA,EAAgB;AAC9E;AAEA,SAAS,0BAA0B,MAAA,EAAkD;AACnF,EAAA,IAAI,CAAC,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACvC,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO,kBAAA,CAAmB,OAAO,UAAU,CAAA;AAC7C;AAEA,SAAS,kCAAkC,MAAA,EAA+B;AACxE,EAAA,MAAM,SAAA,GAAY,MAAA;AAMlB,EAAA,IAAI,OAAO,SAAA,CAAU,aAAA,KAAkB,UAAA,EAAY;AACjD,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,UAAA,GAAa,UAAU,aAAA,EAAc;AAC3C,EAAA,IAAI,CAAC,UAAA,IAAc,OAAO,eAAe,QAAA,IAAY,EAAE,gBAAgB,UAAA,CAAA,EAAa;AAClF,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,aAAc,UAAA,CAAwC,UAAA;AAC5D,EAAA,OAAO,oCAAA,CAAqC,UAAU,CAAA,GAClD,kBAAA,CAAmB,UAAU,CAAA,GAC7B,IAAA;AACN;AAEA,SAAS,mBAAmB,UAAA,EAAwD;AAClF,EAAA,MAAM,SAAA,GAAY,UAAA,CAAW,KAAA,EAAO,SAAA,EAAW,IAAA,EAAK;AACpD,EAAA,MAAM,SAAA,GAAY,UAAA,CAAW,IAAA,CAAK,IAAA,EAAK;AACvC,EAAA,OAAO,SAAA,GACH,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,SAAS,CAAA,CAAA,GACzB,SAAA;AACN;AAOA,SAAS,cAAA,CACP,OACAA,MAAAA,EACwF;AACxF,EAAA,MAAM,WAAA,GAAc;AAAA,IAClB,IAAA,EAAM,KAAA;AAAA,IACN,eAAe,KAAA,KAAU;AAAA,GAC3B;AAEA,EAAA,IAAI,OAAOA,WAAU,QAAA,EAAU;AAC7B,IAAA,OAAO,OAAO,MAAA,CAAO;AAAA,MACnB,GAAG,WAAA;AAAA,MACH,KAAA,EAAAA;AAAA,KACD,CAAA;AAAA,EACH;AAEA,EAAA,OAAO,MAAA,CAAO,OAAO,WAAW,CAAA;AAClC;AAEA,SAAS,yBAAyB,QAAA,EAAwC;AACxE,EAAA,MAAM,WAAA,GAAc,4BAAA,EAA6B,CAAE,eAAA,EAAiB,cAAc,QAAQ,CAAA;AAC1F,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO,WAAA;AAAA,EACT;AAEA,EAAA,OAAO,IAAI,kBAAA;AAAA,IACT,SAAS,OAAA,IAAW,gDAAA;AAAA,IACpB;AAAA,GACF;AACF;AAEA,SAAS,gBAAgB,OAAA,EAA2G;AAClI,EAAA,OAAO,OAAA,CAAQ,QAAQ,OAAO,CAAA,CAAE,KAAK,CAAA,MAAA,KAAU,8BAAA,CAA+B,MAAM,CAAC,CAAA;AACvF;AAEA,eAAe,kBAAA,CACb,MAAA,EACA,OAAA,EACA,MAAA,EAC4C;AAC5C,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,OAAA,EAAS,MAA4C,CAAA;AAClF,EAAA,IAAI,OAAO,YAAY,WAAA,EAAa;AAClC,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,OAAO,+BAA+B,OAAO,CAAA;AAC/C;AAEA,eAAe,sBAAA,CACb,KAAA,EACA,MAAA,EACA,MAAA,EACAA,MAAAA,EACgC;AAChC,EAAA,MAAM,MAAA,GAAS,kBAAkB,MAAM,CAAA;AACvC,EAAA,MAAM,OAAA,GAAU,OAAOA,MAAAA,KAAU,QAAA,GAC7B,eAAe,KAAA,EAAOA,MAAK,CAAA,GAC3B,cAAA,CAAe,KAAK,CAAA;AACxB,EAAA,IAAI,OAAO,MAAA,KAAW,UAAA,IAAc,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACtE,IAAA,MAAMC,kBAAiB,MAAM,kBAAA,CAAmB,MAAA,CAAO,MAAA,EAAQ,SAAS,MAAM,CAAA;AAC9E,IAAA,IAAIA,eAAAA,EAAgB;AAClB,MAAA,OAAOA,eAAAA;AAAA,IACT;AAEA,IAAA,MAAMC,QAAAA,GAAU,MAAA,CAAO,KAAA,GAAQ,MAAM,CAAA;AACrC,IAAA,IAAI,CAACA,QAAAA,EAAS;AACZ,MAAA,MAAM,IAAI,kBAAA;AAAA,QACR,2CAA2C,MAAM,CAAA,yCAAA,CAAA;AAAA,QACjD,IAAA;AAAK,OACP;AAAA,IACF;AAEA,IAAA,OAAO,MAAM,eAAA,CAAgBA,QAAAA,CAAQ,OAAA,EAAS,MAAM,CAAC,CAAA;AAAA,EACvD;AAEA,EAAA,MAAM,iBAAiB,MAAM,kBAAA,CAAmB,MAAA,CAAO,MAAA,EAAQ,SAAS,MAAM,CAAA;AAC9E,EAAA,IAAI,cAAA,EAAgB;AAClB,IAAA,OAAO,cAAA;AAAA,EACT;AAEA,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,MAAA,GAAS,MAAM,CAAA;AACtC,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,2CAA2C,MAAM,CAAA,yCAAA,CAAA;AAAA,MACjD,IAAA;AAAK,KACP;AAAA,EACF;AAEA,EAAA,OAAO,MAAM,eAAA,CAAgB,OAAA,CAAQ,OAAA,EAAS,MAAM,CAAC,CAAA;AACvD;AAEA,eAAe,oBAAA,CACb,KAAA,EACA,UAAA,EACA,MAAA,EACA,QACAF,MAAAA,EACgC;AAChC,EAAA,MAAM,MAAA,GAAS,gBAAgB,UAAU,CAAA;AACzC,EAAA,yBAAA,CAA0B,MAAA,EAAQ,YAAY,MAAM,CAAA;AAEpD,EAAA,MAAM,OAAA,GAAU,OAAOA,MAAAA,KAAU,QAAA,GAC7B,eAAe,KAAA,EAAOA,MAAK,CAAA,GAC3B,cAAA,CAAe,KAAK,CAAA;AACxB,EAAA,IAAI,OAAO,MAAA,KAAW,UAAA,IAAc,0BAAA,CAA2B,MAAM,CAAA,EAAG;AACtE,IAAA,MAAMC,kBAAiB,MAAM,kBAAA,CAAmB,MAAA,CAAO,MAAA,EAAQ,SAAS,MAAM,CAAA;AAC9E,IAAA,IAAIA,eAAAA,EAAgB;AAClB,MAAA,OAAOA,eAAAA;AAAA,IACT;AAEA,IAAA,MAAMC,QAAAA,GAAU,MAAA,CAAO,KAAA,GAAQ,MAAM,CAAA;AACrC,IAAA,IAAI,CAACA,QAAAA,EAAS;AACZ,MAAA,MAAM,IAAI,kBAAA;AAAA,QACR,CAAA,wCAAA,EAA2C,MAAM,CAAA,6BAAA,EAAgC,UAAU,CAAA,EAAA,CAAA;AAAA,QAC3F,IAAA;AAAK,OACP;AAAA,IACF;AAEA,IAAA,OAAO,MAAM,eAAA,CAAgBA,QAAAA,CAAQ,OAAA,EAAS,MAAM,CAAC,CAAA;AAAA,EACvD;AAEA,EAAA,MAAM,iBAAiB,MAAM,kBAAA,CAAmB,MAAA,CAAO,MAAA,EAAQ,SAAS,MAAM,CAAA;AAC9E,EAAA,IAAI,cAAA,EAAgB;AAClB,IAAA,OAAO,cAAA;AAAA,EACT;AAEA,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,MAAA,GAAS,MAAM,CAAA;AACtC,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAI,kBAAA;AAAA,MACR,CAAA,wCAAA,EAA2C,MAAM,CAAA,6BAAA,EAAgC,UAAU,CAAA,EAAA,CAAA;AAAA,MAC3F,IAAA;AAAK,KACP;AAAA,EACF;AAEA,EAAA,OAAO,MAAM,eAAA,CAAgB,OAAA,CAAQ,OAAA,EAAS,MAAM,CAAC,CAAA;AACvD;AAEA,eAAe,eAAA,CACb,KAAA,EACA,WAAA,EACA,KAAA,EACAF,MAAAA,EACgC;AAChC,EAAA,MAAM,OAAA,GAAU,iBAAiB,WAAW,CAAA;AAC5C,EAAA,MAAM,OAAA,GAAU,OAAOA,MAAAA,KAAU,QAAA,GAC7B,eAAe,KAAA,EAAOA,MAAK,CAAA,GAC3B,cAAA,CAAe,KAAK,CAAA;AACxB,EAAA,OAAO,MAAM,eAAA,CAAgB,OAAA,CAAQ,MAAA,CAAO,OAAA,EAAS,KAAK,CAAC,CAAA;AAC7D;AAEA,SAAS,mBAAA,CACP,YAAA,EACA,UAAA,EACAA,MAAAA,EACyC;AACzC,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,MAAM,SAAA,CAAmB,MAAA,EAAqD,MAAA,EAAgC;AAC5G,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,oBAAA,CAAqB,KAAA,EAAO,MAAA,CAAO,UAAU,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,EAA8CA,MAAK,CAAA;AAC1I,MAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,QAAA,MAAM,yBAAyB,QAAQ,CAAA;AAAA,MACzC;AAAA,IACF,CAAA;AAAA,IACA,MAAM,GAAA,CAAa,MAAA,EAAqD,MAAA,EAAmC;AACzG,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,oBAAA,CAAqB,KAAA,EAAO,MAAA,CAAO,UAAU,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,EAA8CA,MAAK,CAAA;AAC1I,MAAA,OAAO,QAAA,CAAS,OAAA;AAAA,IAClB,CAAA;AAAA,IACA,MAAM,MAAA,CAAgB,MAAA,EAAqD,MAAA,EAAmC;AAC5G,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,oBAAA,CAAqB,KAAA,EAAO,MAAA,CAAO,UAAU,CAAA,EAAG,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,EAA8CA,MAAK,CAAA;AAC1I,MAAA,OAAO,CAAC,QAAA,CAAS,OAAA;AAAA,IACnB,CAAA;AAAA,IACA,MAAM,OAAA,CAAiB,MAAA,EAAqD,MAAA,EAAiD;AAC3H,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,OAAO,MAAM,oBAAA,CAAqB,KAAA,EAAO,MAAA,CAAO,UAAU,GAAG,MAAA,CAAO,MAAM,CAAA,EAAG,MAAA,EAA8CA,MAAK,CAAA;AAAA,IAClI;AAAA,GACD,CAAA;AACH;AAEA,SAAS,oBAAA,CACP,YAAA,EACA,WAAA,EACAA,MAAAA,EAC2C;AAC3C,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,MAAM,UAAU,KAAA,EAAkD;AAChE,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,eAAA,CAAgB,KAAA,EAAO,OAAO,WAAW,CAAA,EAAG,OAAOA,MAAK,CAAA;AAC/E,MAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,QAAA,MAAM,yBAAyB,QAAQ,CAAA;AAAA,MACzC;AAAA,IACF,CAAA;AAAA,IACA,MAAM,IAAI,KAAA,EAAqD;AAC7D,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,eAAA,CAAgB,KAAA,EAAO,OAAO,WAAW,CAAA,EAAG,OAAOA,MAAK,CAAA;AAC/E,MAAA,OAAO,QAAA,CAAS,OAAA;AAAA,IAClB,CAAA;AAAA,IACA,MAAM,OAAO,KAAA,EAAqD;AAChE,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,eAAA,CAAgB,KAAA,EAAO,OAAO,WAAW,CAAA,EAAG,OAAOA,MAAK,CAAA;AAC/E,MAAA,OAAO,CAAC,QAAA,CAAS,OAAA;AAAA,IACnB,CAAA;AAAA,IACA,MAAM,QAAQ,KAAA,EAAmE;AAC/E,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,OAAO,MAAM,eAAA,CAAgB,KAAA,EAAO,OAAO,WAAW,CAAA,EAAG,OAAOA,MAAK,CAAA;AAAA,IACvE;AAAA,GACD,CAAA;AACH;AAEA,SAAS,wBAAA,CACP,cACAA,MAAAA,EAC2B;AAC3B,EAAA,OAAO,OAAO,MAAA,CAAO;AAAA,IACnB,MAAM,SAAA,CAA8D,MAAA,EAAkC,MAAA,EAAgC;AACpI,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,sBAAA,CAAuB,KAAA,EAAO,OAAO,MAAM,CAAA,EAAG,QAA8CA,MAAK,CAAA;AACxH,MAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,QAAA,MAAM,yBAAyB,QAAQ,CAAA;AAAA,MACzC;AAAA,IACF,CAAA;AAAA,IACA,MAAM,GAAA,CAAwD,MAAA,EAAkC,MAAA,EAAmC;AACjI,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,sBAAA,CAAuB,KAAA,EAAO,OAAO,MAAM,CAAA,EAAG,QAA8CA,MAAK,CAAA;AACxH,MAAA,OAAO,QAAA,CAAS,OAAA;AAAA,IAClB,CAAA;AAAA,IACA,MAAM,MAAA,CAA2D,MAAA,EAAkC,MAAA,EAAmC;AACpI,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,MAAM,QAAA,GAAW,MAAM,sBAAA,CAAuB,KAAA,EAAO,OAAO,MAAM,CAAA,EAAG,QAA8CA,MAAK,CAAA;AACxH,MAAA,OAAO,CAAC,QAAA,CAAS,OAAA;AAAA,IACnB,CAAA;AAAA,IACA,MAAM,OAAA,CAA4D,MAAA,EAAkC,MAAA,EAAiD;AACnJ,MAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,MAAA,OAAO,MAAM,sBAAA,CAAuB,KAAA,EAAO,OAAO,MAAM,CAAA,EAAG,QAA8CA,MAAK,CAAA;AAAA,IAChH,CAAA;AAAA,IACA,OAA2C,IAAA,EAAmB;AAC5D,MAAA,OAAO,mBAAA,CAAoB,YAAA,EAAc,IAAA,EAAMA,MAAK,CAAA;AAAA,IACtD,CAAA;AAAA,IACA,QAA8C,IAAA,EAAoB;AAChE,MAAA,OAAO,oBAAA,CAAqB,YAAA,EAAc,IAAA,EAAMA,MAAK,CAAA;AAAA,IACvD;AAAA,GACD,CAAA;AACH;AAEO,SAAS,QAA+B,KAAA,EAAiD;AAC9F,EAAA,OAAO,wBAAA,CAAyB,MAAM,OAAA,CAAQ,OAAA,CAAQ,KAAK,CAAC,CAAA;AAC9D;AAEA,SAAS,2BAAA,GAGP;AACA,EAAA,MAAM,cAAc,+BAAA,EAAgC;AACpD,EAAA,OAAO;AAAA,IACL,cAAc,MAAM,OAAA,CAAQ,OAAA,CAAQ,WAAA,CAAY,qBAAqB,CAAA;AAAA,IACrE,KAAA,EAAO;AAAA,GACT;AACF;AAEA,SAAS,iCAAiC,IAAA,EAGxC;AACA,EAAA,MAAM,cAAc,+BAAA,EAAgC;AACpD,EAAA,IAAI,CAAC,WAAA,CAAY,QAAA,CAAS,IAAI,CAAA,EAAG;AAC/B,IAAA,MAAM,IAAI,+BAAA,CAAgC,CAAA,gCAAA,EAAmC,IAAI,CAAA,gBAAA,CAAkB,CAAA;AAAA,EACrG;AAEA,EAAA,OAAO;AAAA,IACL,cAAc,MAAM,OAAA,CAAQ,QAAQ,WAAA,CAAY,iBAAA,CAAkB,IAAI,CAAC,CAAA;AAAA,IACvE,KAAA,EAAO;AAAA,GACT;AACF;AAEA,eAAsB,SAAA,CACpB,QACA,MAAA,EACe;AACf,EAAA,MAAM,EAAE,YAAA,EAAa,GAAI,2BAAA,EAA4B;AACrD,EAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,EAAA,MAAM,WAAW,MAAM,sBAAA,CAAuB,OAAO,MAAA,CAAO,MAAM,GAAG,MAA4C,CAAA;AACjH,EAAA,IAAI,CAAC,SAAS,OAAA,EAAS;AACrB,IAAA,MAAM,yBAAyB,QAAQ,CAAA;AAAA,EACzC;AACF;AAEA,eAAsB,GAAA,CACpB,QACA,MAAA,EACkB;AAClB,EAAA,MAAM,EAAE,YAAA,EAAa,GAAI,2BAAA,EAA4B;AACrD,EAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,EAAA,MAAM,WAAW,MAAM,sBAAA,CAAuB,OAAO,MAAA,CAAO,MAAM,GAAG,MAA4C,CAAA;AACjH,EAAA,OAAO,QAAA,CAAS,OAAA;AAClB;AAEA,eAAsB,MAAA,CACpB,QACA,MAAA,EACkB;AAClB,EAAA,MAAM,EAAE,YAAA,EAAa,GAAI,2BAAA,EAA4B;AACrD,EAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,EAAA,MAAM,WAAW,MAAM,sBAAA,CAAuB,OAAO,MAAA,CAAO,MAAM,GAAG,MAA4C,CAAA;AACjH,EAAA,OAAO,CAAC,QAAA,CAAS,OAAA;AACnB;AAEA,eAAsB,OAAA,CACpB,QACA,MAAA,EACgC;AAChC,EAAA,MAAM,EAAE,YAAA,EAAa,GAAI,2BAAA,EAA4B;AACrD,EAAA,MAAM,KAAA,GAAQ,MAAM,YAAA,EAAa;AACjC,EAAA,OAAO,MAAM,sBAAA,CAAuB,KAAA,EAAO,MAAA,CAAO,MAAM,GAAG,MAA4C,CAAA;AACzG;AAEO,SAAS,MAAqD,IAAA,EAA6C;AAChH,EAAA,MAAM,EAAE,cAAc,KAAA,EAAO,aAAA,KAAkB,gCAAA,CAAiC,MAAA,CAAO,IAAI,CAAC,CAAA;AAC5F,EAAA,OAAO,wBAAA,CAAyB,cAAc,aAAa,CAAA;AAC7D;AAEO,IAAM,sBAAA,GAAyB,OAAO,MAAA,CAAO;AAAA,EAClD,4BAAA;AAAA,EACA,8BAAA;AAAA,EACA,qCAAA;AAAA,EACA,iCAAA;AAAA,EACA,+BAAA;AAAA,EACA,eAAA;AAAA,EACA,gBAAA;AAAA,EACA,iBAAA;AAAA,EACA,sBAAA;AAAA,EACA,oBAAA;AAAA,EACA,eAAA;AAAA,EACA,wBAAA;AAAA,EACA,yBAAA;AAAA,EACA,0BAAA;AAAA,EACA;AACF,CAAC;;;AC9vBD,IAAM,aAAA,GAAqC,OAAO,MAAA,CAAO;AAAA,EACvD,OAAA;AAAA,EACA,KAAA;AAAA,EACA,SAAA;AAAA,EACA,GAAA;AAAA,EACA,MAAA;AAAA,EACA;AACF,CAAC,CAAA;AAED,IAAO,WAAA,GAAQ","file":"index.mjs","sourcesContent":["import type {\n AuthorizationAbilityDefinition,\n AuthorizationAbilityBuilder,\n AuthorizationAbilityHandler,\n AuthorizationActorContext,\n AuthorizationActorBuilder,\n AuthorizationDecision,\n AuthorizationDecisionInput,\n AuthorizationGuardActorContext,\n AuthorizationPolicyClassHandler,\n AuthorizationPolicyBeforeHandler,\n AuthorizationPolicyBuilder,\n AuthorizationPolicyDefinition,\n AuthorizationPolicyRecordHandler,\n AuthorizationPolicyTarget,\n AuthorizationTargetModel,\n AuthorizationTargetModelDefinition,\n AuthorizationTargetConstructor,\n AuthorizationAbilityRegistry,\n AuthorizationPolicyRegistry,\n AbilityInput,\n HoloAbilityName,\n HoloPolicyName,\n HoloAuthorizationGuardName,\n PolicyActionFor,\n PolicyActionForPolicy,\n AbilityActorForName,\n PolicyActorForName,\n} from './contracts'\nimport {\n allow,\n deny,\n denyAsNotFound,\n AuthorizationAbilityNotFoundError,\n AuthorizationAuthIntegrationMissingError,\n AuthorizationError as AuthorizationErrorClass,\n AuthorizationPolicyNotFoundError as PolicyNotFoundError,\n AuthorizationGuardNotFoundError,\n AUTHORIZATION_POLICY_MARKER,\n AUTHORIZATION_ABILITY_MARKER,\n normalizeAuthorizationDecision,\n} from './contracts'\n\ntype RegisteredPolicy = AuthorizationPolicyDefinition<string, AuthorizationPolicyTarget, string, string, object>\ntype RegisteredAbility = AuthorizationAbilityDefinition<string, object, object>\nconst HOLO_MODEL_REFERENCE_REGISTRY = Symbol.for('holo-js.db.model-reference-registry')\n\ntype FallbackAuthorizationActor<TActor> = [TActor] extends [never]\n ? object\n : Extract<TActor, object>\n\ntype PolicyActorForDefinition<TName extends string> = [Extract<TName, keyof AuthorizationPolicyRegistry & string>] extends [never]\n ? object\n : FallbackAuthorizationActor<PolicyActorForName<Extract<TName, keyof AuthorizationPolicyRegistry & string>>>\n\ntype AbilityActorForDefinition<TName extends string> = [Extract<TName, keyof AuthorizationAbilityRegistry & string>] extends [never]\n ? object\n : FallbackAuthorizationActor<AbilityActorForName<Extract<TName, keyof AuthorizationAbilityRegistry & string>>>\n\ntype AuthorizationAuthIntegration = {\n hasGuard(guardName: string): boolean\n resolveDefaultActor(): Promise<object | null> | object | null\n resolveGuardActor(guardName: string): Promise<object | null> | object | null\n createError?(decision: AuthorizationDecision): Error\n}\n\ntype AuthorizationRuntimeState = {\n policiesByName: Map<string, RegisteredPolicy>\n policiesByTargetObject: WeakMap<object, RegisteredPolicy>\n policiesByDefinitionKey: Map<string, RegisteredPolicy>\n abilitiesByName: Map<string, RegisteredAbility>\n authIntegration: AuthorizationAuthIntegration | null\n}\n\nfunction createAuthorizationRuntimeState(): AuthorizationRuntimeState {\n return {\n policiesByName: new Map(),\n policiesByTargetObject: new WeakMap(),\n policiesByDefinitionKey: new Map(),\n abilitiesByName: new Map(),\n authIntegration: null,\n }\n}\n\nfunction getAuthorizationRuntimeState(): AuthorizationRuntimeState {\n const runtime = globalThis as typeof globalThis & {\n __holoAuthorizationRuntime__?: AuthorizationRuntimeState\n }\n\n runtime.__holoAuthorizationRuntime__ ??= createAuthorizationRuntimeState()\n return runtime.__holoAuthorizationRuntime__\n}\n\nfunction resetAuthorizationRuntimeState(): void {\n const runtime = globalThis as typeof globalThis & {\n __holoAuthorizationRuntime__?: AuthorizationRuntimeState\n }\n\n runtime.__holoAuthorizationRuntime__ = createAuthorizationRuntimeState()\n}\n\nfunction configureAuthorizationAuthIntegration(integration?: AuthorizationAuthIntegration): void {\n const state = getAuthorizationRuntimeState()\n state.authIntegration = integration ?? null\n}\n\nfunction resetAuthorizationAuthIntegration(): void {\n getAuthorizationRuntimeState().authIntegration = null\n}\n\nfunction getAuthorizationAuthIntegration(): AuthorizationAuthIntegration {\n const integration = getAuthorizationRuntimeState().authIntegration\n if (!integration) {\n throw new AuthorizationAuthIntegrationMissingError('[@holo-js/authorization] Auth integration is not configured yet.')\n }\n\n return integration\n}\n\nfunction normalizePolicyName<TName extends string>(name: TName): TName {\n const trimmed = name.trim()\n if (!trimmed) {\n throw new TypeError('[@holo-js/authorization] Policy name must be a non-empty string.')\n }\n\n return trimmed as TName\n}\n\nfunction normalizeAbilityName<TName extends string>(name: TName): TName {\n const trimmed = name.trim()\n if (!trimmed) {\n throw new TypeError('[@holo-js/authorization] Ability name must be a non-empty string.')\n }\n\n return trimmed as TName\n}\n\nfunction normalizeTarget<TTarget extends AuthorizationPolicyTarget>(target: TTarget): TTarget {\n if (typeof target === 'function') {\n return target\n }\n\n if (isAuthorizationTargetModel(target)) {\n return target\n }\n\n throw new TypeError('[@holo-js/authorization] Policy targets must be class constructors or model references.')\n}\n\nfunction normalizeHandlerMap<THandler extends Record<string, unknown> | undefined>(\n value: THandler,\n label: string,\n): THandler {\n if (typeof value === 'undefined') {\n return value\n }\n\n if (!value || typeof value !== 'object' || Array.isArray(value)) {\n throw new TypeError(`[@holo-js/authorization] ${label} must be a plain object when provided.`)\n }\n\n return value\n}\n\nfunction validateHandlerMap(\n value: Readonly<Record<string, unknown>> | undefined,\n label: string,\n): void {\n if (!value) {\n return\n }\n\n for (const [name, handler] of Object.entries(value)) {\n if (typeof handler !== 'function') {\n throw new TypeError(`[@holo-js/authorization] ${label}.${name} must be a function.`)\n }\n }\n}\n\nfunction validatePolicyDefinition(definition: AuthorizationPolicyDefinition<string, AuthorizationPolicyTarget, string, string, object>): void {\n validateHandlerMap(definition.class, 'policy.class')\n validateHandlerMap(definition.record, 'policy.record')\n if (definition.before && typeof definition.before !== 'function') {\n throw new TypeError('[@holo-js/authorization] policy.before must be a function when provided.')\n }\n}\n\nfunction validateAbilityDefinition(definition: AuthorizationAbilityDefinition<string, object, object>): void {\n if (typeof definition.handle !== 'function') {\n throw new TypeError('[@holo-js/authorization] Ability handler must be a function.')\n }\n}\n\nfunction registerPolicyDefinition<TDefinition extends RegisteredPolicy>(definition: TDefinition): TDefinition {\n const state = getAuthorizationRuntimeState()\n if (state.policiesByName.has(definition.name)) {\n throw new Error(`[@holo-js/authorization] Policy \"${definition.name}\" is already registered.`)\n }\n\n if (state.policiesByTargetObject.get(definition.target)) {\n throw new Error('[@holo-js/authorization] A policy is already registered for this target.')\n }\n\n const definitionKey = getDefinitionKeyForTarget(definition.target)\n if (definitionKey && state.policiesByDefinitionKey.has(definitionKey)) {\n throw new Error(`[@holo-js/authorization] A policy is already registered for target definition \"${definitionKey}\".`)\n }\n\n state.policiesByName.set(definition.name, definition)\n state.policiesByTargetObject.set(definition.target, definition)\n if (definitionKey) {\n state.policiesByDefinitionKey.set(definitionKey, definition)\n }\n return definition\n}\n\nfunction registerAbilityDefinition<TDefinition extends RegisteredAbility>(definition: TDefinition): TDefinition {\n const state = getAuthorizationRuntimeState()\n if (state.abilitiesByName.has(definition.name)) {\n throw new Error(`[@holo-js/authorization] Ability \"${definition.name}\" is already registered.`)\n }\n\n state.abilitiesByName.set(definition.name, definition)\n return definition\n}\n\nfunction unregisterPolicyDefinition(name: string): void {\n const state = getAuthorizationRuntimeState()\n const definition = state.policiesByName.get(name)\n if (!definition) {\n return\n }\n\n state.policiesByName.delete(name)\n state.policiesByTargetObject.delete(definition.target)\n const definitionKey = getDefinitionKeyForTarget(definition.target)\n if (definitionKey) {\n state.policiesByDefinitionKey.delete(definitionKey)\n }\n}\n\nfunction unregisterAbilityDefinition(name: string): void {\n getAuthorizationRuntimeState().abilitiesByName.delete(name)\n}\n\nfunction freezePolicyDefinition<TDefinition extends RegisteredPolicy>(definition: TDefinition): TDefinition {\n return Object.freeze({\n ...definition,\n class: definition.class ? Object.freeze({ ...definition.class }) : definition.class,\n record: definition.record ? Object.freeze({ ...definition.record }) : definition.record,\n }) as TDefinition\n}\n\nfunction freezeAbilityDefinition<TDefinition extends RegisteredAbility>(definition: TDefinition): TDefinition {\n return Object.freeze(definition) as TDefinition\n}\n\nexport function definePolicy<\n TName extends string,\n TTarget extends AuthorizationPolicyTarget,\n TDefinition extends {\n readonly before?: AuthorizationPolicyBeforeHandler<PolicyActorForDefinition<TName>, TTarget>\n readonly class?: Readonly<Record<string, AuthorizationPolicyClassHandler<PolicyActorForDefinition<TName>, TTarget>>>\n readonly record?: Readonly<Record<string, AuthorizationPolicyRecordHandler<PolicyActorForDefinition<TName>, TTarget>>>\n },\n>(\n name: TName,\n target: TTarget,\n definition: TDefinition & {\n readonly before?: AuthorizationPolicyBeforeHandler<PolicyActorForDefinition<TName>, TTarget>\n readonly class?: Readonly<Record<string, AuthorizationPolicyClassHandler<PolicyActorForDefinition<TName>, TTarget>>>\n readonly record?: Readonly<Record<string, AuthorizationPolicyRecordHandler<PolicyActorForDefinition<TName>, TTarget>>>\n },\n): AuthorizationPolicyDefinition<\n TName,\n TTarget,\n Extract<keyof NonNullable<TDefinition['class']>, string>,\n Extract<keyof NonNullable<TDefinition['record']>, string>,\n PolicyActorForDefinition<TName>\n> {\n const normalizedName = normalizePolicyName(name)\n const normalizedTarget = normalizeTarget(target)\n const normalizedClass = normalizeHandlerMap(definition.class, 'policy.class')\n const normalizedRecord = normalizeHandlerMap(definition.record, 'policy.record')\n const runtimeDefinition = {\n [AUTHORIZATION_POLICY_MARKER]: true,\n name: normalizedName,\n target: normalizedTarget,\n before: definition.before,\n class: normalizedClass,\n record: normalizedRecord,\n } as RegisteredPolicy\n validatePolicyDefinition(runtimeDefinition)\n\n const registered = registerPolicyDefinition(freezePolicyDefinition(runtimeDefinition))\n\n return registered as AuthorizationPolicyDefinition<\n TName,\n TTarget,\n Extract<keyof NonNullable<TDefinition['class']>, string>,\n Extract<keyof NonNullable<TDefinition['record']>, string>,\n PolicyActorForDefinition<TName>\n >\n}\n\nexport function defineAbility<\n TName extends string,\n TInput extends object,\n>(\n name: TName,\n handle: AuthorizationAbilityHandler<AbilityActorForDefinition<TName>, TInput>,\n): AuthorizationAbilityDefinition<TName, TInput> {\n const normalizedName = normalizeAbilityName(name)\n const runtimeDefinition = {\n [AUTHORIZATION_ABILITY_MARKER]: true,\n name: normalizedName,\n handle,\n } as unknown as RegisteredAbility\n validateAbilityDefinition(runtimeDefinition)\n\n const registered = registerAbilityDefinition(freezeAbilityDefinition(runtimeDefinition))\n\n return registered as unknown as AuthorizationAbilityDefinition<TName, TInput>\n}\n\nfunction getPolicyByName(name: string): RegisteredPolicy {\n const policy = getAuthorizationRuntimeState().policiesByName.get(name)\n if (!policy) {\n throw new PolicyNotFoundError(`[@holo-js/authorization] Policy \"${name}\" was not found.`)\n }\n\n return policy\n}\n\nfunction getAbilityByName(name: string): RegisteredAbility {\n const ability = getAuthorizationRuntimeState().abilitiesByName.get(name)\n if (!ability) {\n throw new AuthorizationAbilityNotFoundError(`[@holo-js/authorization] Ability \"${name}\" was not found.`)\n }\n\n return ability\n}\n\nfunction getPolicyByTarget(target: AuthorizationPolicyTarget | object): RegisteredPolicy {\n const state = getAuthorizationRuntimeState()\n if (typeof target === 'function' || isAuthorizationTargetModel(target)) {\n const directPolicy = state.policiesByTargetObject.get(target)\n if (directPolicy) {\n return directPolicy\n }\n\n const directDefinitionKey = getDefinitionKeyForTarget(target)\n if (directDefinitionKey) {\n const definitionPolicy = state.policiesByDefinitionKey.get(directDefinitionKey)\n if (definitionPolicy) {\n return definitionPolicy\n }\n }\n }\n\n const targetConstructor = getTargetConstructor(target)\n if (targetConstructor) {\n const constructorPolicy = state.policiesByTargetObject.get(targetConstructor)\n if (constructorPolicy) {\n return constructorPolicy\n }\n }\n\n const instanceDefinitionKey = getDefinitionKeyForTargetInstance(target)\n if (instanceDefinitionKey) {\n const definitionPolicy = state.policiesByDefinitionKey.get(instanceDefinitionKey)\n if (definitionPolicy) {\n return definitionPolicy\n }\n }\n\n throw new PolicyNotFoundError('[@holo-js/authorization] Policy definition was not found for the target.')\n}\n\nfunction assertPolicyMatchesTarget(\n policy: RegisteredPolicy,\n policyName: string,\n target: AuthorizationPolicyTarget | object,\n): void {\n const targetPolicy = getPolicyByTarget(target)\n if (targetPolicy !== policy) {\n throw new PolicyNotFoundError(`[@holo-js/authorization] Policy \"${policyName}\" was not found for the selected target.`)\n }\n}\n\nfunction getTargetConstructor(target: object): AuthorizationTargetConstructor | null {\n const candidate = (target as { constructor?: AuthorizationTargetConstructor | undefined }).constructor\n return isAuthorizationTargetConstructor(candidate)\n ? candidate\n : null\n}\n\nfunction isAuthorizationTargetConstructor(value: unknown): value is AuthorizationTargetConstructor {\n return typeof value === 'function'\n && 'prototype' in value\n}\n\nfunction isAuthorizationTargetModel(value: unknown): value is AuthorizationTargetModel<object> {\n if (!value || typeof value !== 'object' || !('definition' in value)) {\n return false\n }\n\n const candidate = value as {\n definition?: unknown\n getRepository?: unknown\n newModelQuery?: unknown\n newQuery?: unknown\n query?: () => unknown\n }\n\n const query = candidate.query\n if (!isAuthorizationTargetModelDefinition(candidate.definition) || typeof query !== 'function') {\n return false\n }\n\n if (typeof candidate.getRepository === 'function') {\n return getHoloModelReferenceRegistry().has(value)\n && typeof candidate.newQuery === 'function'\n && typeof candidate.newModelQuery === 'function'\n }\n\n try {\n const queryFacade = query.call(candidate)\n return !!queryFacade\n && typeof queryFacade === 'object'\n && typeof (queryFacade as { first?: unknown }).first === 'function'\n && typeof (queryFacade as { firstOrFail?: unknown }).firstOrFail === 'function'\n } catch {\n return false\n }\n}\n\nfunction isAuthorizationTargetModelDefinition(value: unknown): value is AuthorizationTargetModelDefinition {\n return !!value\n && typeof value === 'object'\n && 'name' in value\n && typeof (value as { name?: unknown }).name === 'string'\n}\n\nfunction getHoloModelReferenceRegistry(): WeakSet<object> {\n const registryGlobal = globalThis as typeof globalThis & Record<symbol, WeakSet<object> | undefined>\n return registryGlobal[HOLO_MODEL_REFERENCE_REGISTRY] ?? new WeakSet<object>()\n}\n\nfunction getDefinitionKeyForTarget(target: AuthorizationPolicyTarget): string | null {\n if (!isAuthorizationTargetModel(target)) {\n return null\n }\n\n return buildDefinitionKey(target.definition)\n}\n\nfunction getDefinitionKeyForTargetInstance(target: object): string | null {\n const candidate = target as {\n getRepository?: (() => {\n definition?: unknown\n }) | undefined\n }\n\n if (typeof candidate.getRepository !== 'function') {\n return null\n }\n\n const repository = candidate.getRepository()\n if (!repository || typeof repository !== 'object' || !('definition' in repository)) {\n return null\n }\n\n const definition = (repository as { definition?: unknown }).definition\n return isAuthorizationTargetModelDefinition(definition)\n ? buildDefinitionKey(definition)\n : null\n}\n\nfunction buildDefinitionKey(definition: AuthorizationTargetModelDefinition): string {\n const tableName = definition.table?.tableName?.trim()\n const modelName = definition.name.trim()\n return tableName\n ? `${modelName}:${tableName}`\n : modelName\n}\n\nfunction resolveContext<TActor extends object>(actor: TActor | null): AuthorizationActorContext<TActor>\nfunction resolveContext<TActor extends object, TGuardName extends string>(\n actor: TActor | null,\n guard: TGuardName,\n): AuthorizationGuardActorContext<TActor, TGuardName>\nfunction resolveContext<TActor extends object, TGuardName extends string>(\n actor: TActor | null,\n guard?: TGuardName,\n): AuthorizationActorContext<TActor> | AuthorizationGuardActorContext<TActor, TGuardName> {\n const baseContext = {\n user: actor,\n authenticated: actor !== null,\n }\n\n if (typeof guard === 'string') {\n return Object.freeze({\n ...baseContext,\n guard,\n })\n }\n\n return Object.freeze(baseContext)\n}\n\nfunction createAuthorizationError(decision: AuthorizationDecision): Error {\n const customError = getAuthorizationRuntimeState().authIntegration?.createError?.(decision)\n if (customError) {\n return customError\n }\n\n return new AuthorizationErrorClass(\n decision.message ?? 'You are not authorized to perform this action.',\n decision,\n )\n}\n\nfunction normalizeResult(outcome: AuthorizationDecisionInput | Promise<AuthorizationDecisionInput>): Promise<AuthorizationDecision> {\n return Promise.resolve(outcome).then(result => normalizeAuthorizationDecision(result))\n}\n\nasync function evaluateBeforeHook(\n before: AuthorizationPolicyBeforeHandler<object, AuthorizationPolicyTarget> | undefined,\n context: AuthorizationActorContext<object> | AuthorizationGuardActorContext<object, string>,\n target: AuthorizationPolicyTarget | object,\n): Promise<AuthorizationDecision | undefined> {\n if (!before) {\n return undefined\n }\n\n const outcome = await before(context, target as AuthorizationPolicyTarget & object)\n if (typeof outcome === 'undefined') {\n return undefined\n }\n\n return normalizeAuthorizationDecision(outcome)\n}\n\nasync function evaluatePolicyByTarget(\n actor: object | null,\n action: string,\n target: AuthorizationPolicyTarget | object,\n guard?: string,\n): Promise<AuthorizationDecision> {\n const policy = getPolicyByTarget(target)\n const context = typeof guard === 'string'\n ? resolveContext(actor, guard)\n : resolveContext(actor)\n if (typeof target === 'function' || isAuthorizationTargetModel(target)) {\n const beforeDecision = await evaluateBeforeHook(policy.before, context, target)\n if (beforeDecision) {\n return beforeDecision\n }\n\n const handler = policy.class?.[action]\n if (!handler) {\n throw new AuthorizationErrorClass(\n `[@holo-js/authorization] Policy action \"${action}\" is not defined for the selected target.`,\n deny(),\n )\n }\n\n return await normalizeResult(handler(context, target))\n }\n\n const beforeDecision = await evaluateBeforeHook(policy.before, context, target)\n if (beforeDecision) {\n return beforeDecision\n }\n\n const handler = policy.record?.[action]\n if (!handler) {\n throw new AuthorizationErrorClass(\n `[@holo-js/authorization] Policy action \"${action}\" is not defined for the selected target.`,\n deny(),\n )\n }\n\n return await normalizeResult(handler(context, target))\n}\n\nasync function evaluatePolicyByName(\n actor: object | null,\n policyName: string,\n action: string,\n target: AuthorizationPolicyTarget | object,\n guard?: string,\n): Promise<AuthorizationDecision> {\n const policy = getPolicyByName(policyName)\n assertPolicyMatchesTarget(policy, policyName, target)\n\n const context = typeof guard === 'string'\n ? resolveContext(actor, guard)\n : resolveContext(actor)\n if (typeof target === 'function' || isAuthorizationTargetModel(target)) {\n const beforeDecision = await evaluateBeforeHook(policy.before, context, target)\n if (beforeDecision) {\n return beforeDecision\n }\n\n const handler = policy.class?.[action]\n if (!handler) {\n throw new AuthorizationErrorClass(\n `[@holo-js/authorization] Policy action \"${action}\" is not defined for policy \"${policyName}\".`,\n deny(),\n )\n }\n\n return await normalizeResult(handler(context, target))\n }\n\n const beforeDecision = await evaluateBeforeHook(policy.before, context, target)\n if (beforeDecision) {\n return beforeDecision\n }\n\n const handler = policy.record?.[action]\n if (!handler) {\n throw new AuthorizationErrorClass(\n `[@holo-js/authorization] Policy action \"${action}\" is not defined for policy \"${policyName}\".`,\n deny(),\n )\n }\n\n return await normalizeResult(handler(context, target))\n}\n\nasync function evaluateAbility<TInput extends object>(\n actor: object | null,\n abilityName: string,\n input: TInput,\n guard?: string,\n): Promise<AuthorizationDecision> {\n const ability = getAbilityByName(abilityName)\n const context = typeof guard === 'string'\n ? resolveContext(actor, guard)\n : resolveContext(actor)\n return await normalizeResult(ability.handle(context, input))\n}\n\nfunction createPolicyBuilder<TPolicyName extends HoloPolicyName>(\n resolveActor: () => Promise<object | null> | object | null,\n policyName: TPolicyName,\n guard?: string,\n): AuthorizationPolicyBuilder<TPolicyName> {\n return Object.freeze({\n async authorize<TTarget>(action: PolicyActionForPolicy<TPolicyName, TTarget>, target: TTarget): Promise<void> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByName(actor, String(policyName), String(action), target as AuthorizationPolicyTarget | object, guard)\n if (!decision.allowed) {\n throw createAuthorizationError(decision)\n }\n },\n async can<TTarget>(action: PolicyActionForPolicy<TPolicyName, TTarget>, target: TTarget): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByName(actor, String(policyName), String(action), target as AuthorizationPolicyTarget | object, guard)\n return decision.allowed\n },\n async cannot<TTarget>(action: PolicyActionForPolicy<TPolicyName, TTarget>, target: TTarget): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByName(actor, String(policyName), String(action), target as AuthorizationPolicyTarget | object, guard)\n return !decision.allowed\n },\n async inspect<TTarget>(action: PolicyActionForPolicy<TPolicyName, TTarget>, target: TTarget): Promise<AuthorizationDecision> {\n const actor = await resolveActor()\n return await evaluatePolicyByName(actor, String(policyName), String(action), target as AuthorizationPolicyTarget | object, guard)\n },\n }) as unknown as AuthorizationPolicyBuilder<TPolicyName>\n}\n\nfunction createAbilityBuilder<TAbilityName extends HoloAbilityName>(\n resolveActor: () => Promise<object | null> | object | null,\n abilityName: TAbilityName,\n guard?: string,\n): AuthorizationAbilityBuilder<TAbilityName> {\n return Object.freeze({\n async authorize(input: AbilityInput<TAbilityName>): Promise<void> {\n const actor = await resolveActor()\n const decision = await evaluateAbility(actor, String(abilityName), input, guard)\n if (!decision.allowed) {\n throw createAuthorizationError(decision)\n }\n },\n async can(input: AbilityInput<TAbilityName>): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluateAbility(actor, String(abilityName), input, guard)\n return decision.allowed\n },\n async cannot(input: AbilityInput<TAbilityName>): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluateAbility(actor, String(abilityName), input, guard)\n return !decision.allowed\n },\n async inspect(input: AbilityInput<TAbilityName>): Promise<AuthorizationDecision> {\n const actor = await resolveActor()\n return await evaluateAbility(actor, String(abilityName), input, guard)\n },\n })\n}\n\nfunction createActorAuthorization(\n resolveActor: () => Promise<object | null> | object | null,\n guard?: string,\n): AuthorizationActorBuilder {\n return Object.freeze({\n async authorize<TTarget extends AuthorizationPolicyTarget | object>(action: PolicyActionFor<TTarget>, target: TTarget): Promise<void> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object, guard)\n if (!decision.allowed) {\n throw createAuthorizationError(decision)\n }\n },\n async can<TTarget extends AuthorizationPolicyTarget | object>(action: PolicyActionFor<TTarget>, target: TTarget): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object, guard)\n return decision.allowed\n },\n async cannot<TTarget extends AuthorizationPolicyTarget | object>(action: PolicyActionFor<TTarget>, target: TTarget): Promise<boolean> {\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object, guard)\n return !decision.allowed\n },\n async inspect<TTarget extends AuthorizationPolicyTarget | object>(action: PolicyActionFor<TTarget>, target: TTarget): Promise<AuthorizationDecision> {\n const actor = await resolveActor()\n return await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object, guard)\n },\n policy<TPolicyName extends HoloPolicyName>(name: TPolicyName) {\n return createPolicyBuilder(resolveActor, name, guard)\n },\n ability<TAbilityName extends HoloAbilityName>(name: TAbilityName) {\n return createAbilityBuilder(resolveActor, name, guard)\n },\n }) as AuthorizationActorBuilder\n}\n\nexport function forUser<TActor extends object>(actor: TActor | null): AuthorizationActorBuilder {\n return createActorAuthorization(() => Promise.resolve(actor))\n}\n\nfunction getResolvedAuthActorContext(): {\n readonly resolveActor: () => Promise<object | null>\n readonly guard: string | undefined\n} {\n const integration = getAuthorizationAuthIntegration()\n return {\n resolveActor: () => Promise.resolve(integration.resolveDefaultActor()),\n guard: undefined,\n }\n}\n\nfunction getResolvedAuthGuardActorContext(name: string): {\n readonly resolveActor: () => Promise<object | null>\n readonly guard: string\n} {\n const integration = getAuthorizationAuthIntegration()\n if (!integration.hasGuard(name)) {\n throw new AuthorizationGuardNotFoundError(`[@holo-js/authorization] Guard \"${name}\" was not found.`)\n }\n\n return {\n resolveActor: () => Promise.resolve(integration.resolveGuardActor(name)),\n guard: name,\n }\n}\n\nexport async function authorize<TTarget extends AuthorizationPolicyTarget | object>(\n action: PolicyActionFor<TTarget>,\n target: TTarget,\n): Promise<void> {\n const { resolveActor } = getResolvedAuthActorContext()\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object)\n if (!decision.allowed) {\n throw createAuthorizationError(decision)\n }\n}\n\nexport async function can<TTarget extends AuthorizationPolicyTarget | object>(\n action: PolicyActionFor<TTarget>,\n target: TTarget,\n): Promise<boolean> {\n const { resolveActor } = getResolvedAuthActorContext()\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object)\n return decision.allowed\n}\n\nexport async function cannot<TTarget extends AuthorizationPolicyTarget | object>(\n action: PolicyActionFor<TTarget>,\n target: TTarget,\n): Promise<boolean> {\n const { resolveActor } = getResolvedAuthActorContext()\n const actor = await resolveActor()\n const decision = await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object)\n return !decision.allowed\n}\n\nexport async function inspect<TTarget extends AuthorizationPolicyTarget | object>(\n action: PolicyActionFor<TTarget>,\n target: TTarget,\n): Promise<AuthorizationDecision> {\n const { resolveActor } = getResolvedAuthActorContext()\n const actor = await resolveActor()\n return await evaluatePolicyByTarget(actor, String(action), target as AuthorizationPolicyTarget | object)\n}\n\nexport function guard<TGuardName extends HoloAuthorizationGuardName>(name: TGuardName): AuthorizationActorBuilder {\n const { resolveActor, guard: resolvedGuard } = getResolvedAuthGuardActorContext(String(name))\n return createActorAuthorization(resolveActor, resolvedGuard)\n}\n\nexport const authorizationInternals = Object.freeze({\n getAuthorizationRuntimeState,\n resetAuthorizationRuntimeState,\n configureAuthorizationAuthIntegration,\n resetAuthorizationAuthIntegration,\n getAuthorizationAuthIntegration,\n getPolicyByName,\n getAbilityByName,\n getPolicyByTarget,\n evaluatePolicyByTarget,\n evaluatePolicyByName,\n evaluateAbility,\n registerPolicyDefinition,\n registerAbilityDefinition,\n unregisterPolicyDefinition,\n unregisterAbilityDefinition,\n})\n\nexport {\n allow,\n deny,\n denyAsNotFound,\n AuthorizationAbilityNotFoundError,\n AuthorizationAuthIntegrationMissingError,\n AuthorizationErrorClass as AuthorizationError,\n PolicyNotFoundError as AuthorizationPolicyNotFoundError,\n}\n","import type { AuthorizationFacade } from './contracts'\n\nexport {\n allow,\n deny,\n denyAsNotFound,\n isAuthorizationAbilityDefinition,\n isAuthorizationDecision,\n isAuthorizationPolicyDefinition,\n normalizeAuthorizationDecision,\n AuthorizationAbilityNotFoundError,\n AuthorizationAuthIntegrationMissingError,\n AuthorizationError,\n AuthorizationGuardNotFoundError,\n AuthorizationPolicyNotFoundError,\n} from './contracts'\nexport type {\n AbilityInput,\n AuthorizationActorBuilder,\n AuthorizationActorContext,\n AuthorizationAbilityBuilder,\n AuthorizationAbilityHandler,\n AuthorizationAbilityRegistry,\n AuthorizationAbilityRegistryEntry,\n AuthorizationDecision,\n AuthorizationDecisionInput,\n AuthorizationDecisionStatus,\n AuthorizationFacade,\n AuthorizationGuardActorContext,\n AuthorizationPolicyBeforeHandler,\n AuthorizationPolicyBuilder,\n AuthorizationPolicyClassHandler,\n AuthorizationPolicyDefinition,\n AuthorizationPolicyRegistry,\n AuthorizationPolicyRecordHandler,\n AuthorizationPolicyRegistryEntry,\n AuthorizationPolicyTarget,\n AuthorizationTargetConstructor,\n AuthorizationTargetInstance,\n AuthorizationTargetModel,\n AuthorizationTargetModelDefinition,\n HoloAbilityName,\n HoloAuthorizationGuardName,\n HoloPolicyName,\n PolicyActionFor,\n PolicyActionForPolicy,\n PolicyClassActionFor,\n PolicyClassActionForPolicy,\n PolicyInstanceForPolicy,\n PolicyRecordActionFor,\n PolicyRecordActionForPolicy,\n PolicyTargetForPolicy,\n} from './contracts'\nexport {\n authorize,\n authorizationInternals,\n can,\n cannot,\n defineAbility,\n definePolicy,\n forUser,\n guard,\n inspect,\n} from './runtime'\n\nimport { authorize, can, cannot, forUser, guard, inspect } from './runtime'\n\nconst authorization: AuthorizationFacade = Object.freeze({\n forUser,\n guard,\n authorize,\n can,\n cannot,\n inspect,\n})\n\nexport default authorization\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@holo-js/authorization",
3
- "version": "0.1.4",
3
+ "version": "0.1.6",
4
4
  "description": "Holo-JS Framework - policy contracts, abilities, and typed authorization surfaces",
5
5
  "type": "module",
6
6
  "license": "MIT",
@@ -37,6 +37,6 @@
37
37
  "@types/node": "^22.10.2",
38
38
  "tsup": "^8.3.5",
39
39
  "typescript": "^5.7.2",
40
- "vitest": "^2.1.8"
40
+ "vitest": "^4.1.5"
41
41
  }
42
42
  }