@janssenproject/cedarling_wasm 0.0.307-nodejs → 0.0.308-nodejs

package/README.md

@@ -70,6 +70,25 @@ Before using any function from library you need initialize WASM runtime by calli
  */
 export function init(config: any): Promise<Cedarling>;
 
+/**
+ * Create a new instance of the Cedarling application from archive bytes.
+ *
+ * This function allows loading a policy store from a Cedar Archive (.cjar)
+ * that was fetched with custom logic (e.g., with authentication headers).
+ *
+ * # Arguments
+ * * `config` - Bootstrap configuration (Map or Object). Policy store config is ignored.
+ * * `archive_bytes` - The .cjar archive bytes (Uint8Array)
+ *
+ * # Example
+ * ```javascript
+ * const response = await fetch(url, { headers: { Authorization: 'Bearer ...' } });
+ * const bytes = new Uint8Array(await response.arrayBuffer());
+ * const cedarling = await init_from_archive_bytes(config, bytes);
+ * ```
+ */
+export function init_from_archive_bytes(config: any, archive_bytes: Uint8Array): Promise<Cedarling>;
+
 /**
  * The instance of the Cedarling application.
  */
@@ -248,6 +267,50 @@ export class PolicyEvaluationError {
 
 ## Configuration
 
+### Policy Store Sources
+
+Cedarling supports multiple ways to load policy stores. **In WASM environments, only URL-based loading is available** (no filesystem access).
+
+#### WASM-Supported Options
+
+```javascript
+// Option 1: Fetch policy store from URL (simple)
+const BOOTSTRAP_CONFIG = {
+  CEDARLING_POLICY_STORE_URI: "https://example.com/policy-store.cjar",
+  // ... other config
+};
+const cedarling = await init(BOOTSTRAP_CONFIG);
+
+// Option 2: Inline JSON string (for embedded policy stores)
+// policyStoreJson is the policy store JSON as a string
+// See: https://docs.jans.io/stable/cedarling/reference/cedarling-policy-store/
+const policyStoreJson = '{"cedar_version":"4.0","policy_stores":{...}}';
+const BOOTSTRAP_CONFIG = {
+  CEDARLING_POLICY_STORE_LOCAL: policyStoreJson,
+  // ... other config
+};
+const cedarling = await init(BOOTSTRAP_CONFIG);
+
+// Option 3: Custom fetch with auth headers (use init_from_archive_bytes)
+const response = await fetch("https://example.com/policy-store.cjar", {
+  headers: { Authorization: `Bearer ${token}` },
+});
+const bytes = new Uint8Array(await response.arrayBuffer());
+const cedarling = await init_from_archive_bytes(BOOTSTRAP_CONFIG, bytes);
+```
+
+> **Note:** Directory-based loading and file-based loading are **NOT supported in WASM** (no filesystem access). Use URL-based loading or `init_from_archive_bytes` for custom fetch scenarios.
+
+#### Cedar Archive (.cjar) Format
+
+For the new directory-based format in WASM, package the directory structure as a `.cjar` file (ZIP archive):
+
+```bash
+cd policy-store && zip -r ../policy-store.cjar .
+```
+
+See [Policy Store Formats](../../../docs/cedarling/reference/cedarling-policy-store.md#policy-store-formats) for details on the directory structure and metadata.json format.
+
 ### ID Token Trust Mode
 
 The `CEDARLING_ID_TOKEN_TRUST_MODE` property controls how ID tokens are validated:
@@ -271,8 +334,4 @@ const BOOTSTRAP_CONFIG = {
 };
 ```
 
-For complete configuration documentation, see [cedarling-properties.md](../../../docs/cedarling/cedarling-properties.md) or on [our page](https://docs.jans.io/stable/cedarling/cedarling-properties/) .
-
-```
-
-```
+For complete configuration documentation, see [cedarling-properties.md](../../../docs/cedarling/cedarling-properties.md) or on [our page](https://docs.jans.io/stable/cedarling/cedarling-properties/).

package/cedarling_wasm.d.ts

@@ -1,186 +1,213 @@
 /* tslint:disable */
 /* eslint-disable */
 
+/**
+ * A WASM wrapper for the Rust `cedarling::AuthorizeResult` struct.
+ * Represents the result of an authorization request.
+ */
 export class AuthorizeResult {
-  private constructor();
-  free(): void;
-  [Symbol.dispose](): void;
-  /**
-   * Convert `AuthorizeResult` to json string value
-   */
-  json_string(): string;
-  principal(principal: string): AuthorizeResultResponse | undefined;
-  /**
-   * Result of authorization where principal is `Jans::Workload`
-   */
-  get workload(): AuthorizeResultResponse | undefined;
-  /**
-   * Result of authorization where principal is `Jans::Workload`
-   */
-  set workload(value: AuthorizeResultResponse | null | undefined);
-  /**
-   * Result of authorization where principal is `Jans::User`
-   */
-  get person(): AuthorizeResultResponse | undefined;
-  /**
-   * Result of authorization where principal is `Jans::User`
-   */
-  set person(value: AuthorizeResultResponse | null | undefined);
-  /**
-   * Result of authorization
-   * true means `ALLOW`
-   * false means `Deny`
-   *
-   * this field is [`bool`] type to be compatible with [authzen Access Evaluation Decision](https://openid.github.io/authzen/#section-6.2.1).
-   */
-  decision: boolean;
-  /**
-   * Request ID of the authorization request
-   */
-  request_id: string;
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Convert `AuthorizeResult` to json string value
+     */
+    json_string(): string;
+    principal(principal: string): AuthorizeResultResponse | undefined;
+    /**
+     * Result of authorization
+     * true means `ALLOW`
+     * false means `Deny`
+     *
+     * this field is [`bool`] type to be compatible with [authzen Access Evaluation Decision](https://openid.github.io/authzen/#section-6.2.1).
+     */
+    decision: boolean;
+    /**
+     * Result of authorization where principal is `Jans::User`
+     */
+    get person(): AuthorizeResultResponse | undefined;
+    /**
+     * Result of authorization where principal is `Jans::User`
+     */
+    set person(value: AuthorizeResultResponse | null | undefined);
+    /**
+     * Request ID of the authorization request
+     */
+    request_id: string;
+    /**
+     * Result of authorization where principal is `Jans::Workload`
+     */
+    get workload(): AuthorizeResultResponse | undefined;
+    /**
+     * Result of authorization where principal is `Jans::Workload`
+     */
+    set workload(value: AuthorizeResultResponse | null | undefined);
 }
 
+/**
+ * A WASM wrapper for the Rust `cedar_policy::Response` struct.
+ * Represents the result of an authorization request.
+ */
 export class AuthorizeResultResponse {
-  private constructor();
-  free(): void;
-  [Symbol.dispose](): void;
-  /**
-   * Authorization decision
-   */
-  readonly decision: boolean;
-  /**
-   * Diagnostics providing more information on how this decision was reached
-   */
-  readonly diagnostics: Diagnostics;
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Authorization decision
+     */
+    readonly decision: boolean;
+    /**
+     * Diagnostics providing more information on how this decision was reached
+     */
+    readonly diagnostics: Diagnostics;
 }
 
+/**
+ * The instance of the Cedarling application.
+ */
 export class Cedarling {
-  private constructor();
-  free(): void;
-  [Symbol.dispose](): void;
-  /**
-   * Create a new instance of the Cedarling application.
-   * Assume that config is `Object`
-   */
-  static new(config: object): Promise<Cedarling>;
-  /**
-   * Create a new instance of the Cedarling application.
-   * Assume that config is `Map`
-   */
-  static new_from_map(config: Map<any, any>): Promise<Cedarling>;
-  /**
-   * Authorize request
-   * makes authorization decision based on the [`Request`]
-   */
-  authorize(request: any): Promise<AuthorizeResult>;
-  /**
-   * Authorize request for unsigned principals.
-   * makes authorization decision based on the [`RequestUnsigned`]
-   */
-  authorize_unsigned(request: any): Promise<AuthorizeResult>;
-  /**
-   * Authorize multi-issuer request.
-   * Makes authorization decision based on multiple JWT tokens from different issuers
-   */
-  authorize_multi_issuer(request: any): Promise<MultiIssuerAuthorizeResult>;
-  /**
-   * Get logs and remove them from the storage.
-   * Returns `Array` of `Map`
-   */
-  pop_logs(): Array<any>;
-  /**
-   * Get specific log entry.
-   * Returns `Map` with values or `null`.
-   */
-  get_log_by_id(id: string): any;
-  /**
-   * Returns a list of all log ids.
-   * Returns `Array` of `String`
-   */
-  get_log_ids(): Array<any>;
-  /**
-   * Get logs by tag, like `log_kind` or `log level`.
-   * Tag can be `log_kind`, `log_level`.
-   */
-  get_logs_by_tag(tag: string): any[];
-  /**
-   * Get logs by request_id.
-   * Return log entries that match the given request_id.
-   */
-  get_logs_by_request_id(request_id: string): any[];
-  /**
-   * Get log by request_id and tag, like composite key `request_id` + `log_kind`.
-   * Tag can be `log_kind`, `log_level`.
-   * Return log entries that match the given request_id and tag.
-   */
-  get_logs_by_request_id_and_tag(request_id: string, tag: string): any[];
-  /**
-   * Closes the connections to the Lock Server and pushes all available logs.
-   */
-  shut_down(): Promise<void>;
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Authorize request
+     * makes authorization decision based on the [`Request`]
+     */
+    authorize(request: any): Promise<AuthorizeResult>;
+    /**
+     * Authorize multi-issuer request.
+     * Makes authorization decision based on multiple JWT tokens from different issuers
+     */
+    authorize_multi_issuer(request: any): Promise<MultiIssuerAuthorizeResult>;
+    /**
+     * Authorize request for unsigned principals.
+     * makes authorization decision based on the [`RequestUnsigned`]
+     */
+    authorize_unsigned(request: any): Promise<AuthorizeResult>;
+    /**
+     * Get specific log entry.
+     * Returns `Map` with values or `null`.
+     */
+    get_log_by_id(id: string): any;
+    /**
+     * Returns a list of all log ids.
+     * Returns `Array` of `String`
+     */
+    get_log_ids(): Array<any>;
+    /**
+     * Get logs by request_id.
+     * Return log entries that match the given request_id.
+     */
+    get_logs_by_request_id(request_id: string): any[];
+    /**
+     * Get log by request_id and tag, like composite key `request_id` + `log_kind`.
+     * Tag can be `log_kind`, `log_level`.
+     * Return log entries that match the given request_id and tag.
+     */
+    get_logs_by_request_id_and_tag(request_id: string, tag: string): any[];
+    /**
+     * Get logs by tag, like `log_kind` or `log level`.
+     * Tag can be `log_kind`, `log_level`.
+     */
+    get_logs_by_tag(tag: string): any[];
+    /**
+     * Create a new instance of the Cedarling application.
+     * Assume that config is `Object`
+     */
+    static new(config: object): Promise<Cedarling>;
+    /**
+     * Create a new instance of the Cedarling application.
+     * Assume that config is `Map`
+     */
+    static new_from_map(config: Map<any, any>): Promise<Cedarling>;
+    /**
+     * Get logs and remove them from the storage.
+     * Returns `Array` of `Map`
+     */
+    pop_logs(): Array<any>;
+    /**
+     * Closes the connections to the Lock Server and pushes all available logs.
+     */
+    shut_down(): Promise<void>;
 }
 
+/**
+ * Diagnostics
+ * ===========
+ *
+ * Provides detailed information about how a policy decision was made, including policies that contributed to the decision and any errors encountered during evaluation.
+ */
 export class Diagnostics {
-  private constructor();
-  free(): void;
-  [Symbol.dispose](): void;
-  /**
-   * `PolicyId`s of the policies that contributed to the decision.
-   * If no policies applied to the request, this set will be empty.
-   *
-   * The ids should be treated as unordered,
-   */
-  readonly reason: string[];
-  /**
-   * Errors that occurred during authorization. The errors should be
-   * treated as unordered, since policies may be evaluated in any order.
-   */
-  readonly errors: PolicyEvaluationError[];
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Errors that occurred during authorization. The errors should be
+     * treated as unordered, since policies may be evaluated in any order.
+     */
+    readonly errors: PolicyEvaluationError[];
+    /**
+     * `PolicyId`s of the policies that contributed to the decision.
+     * If no policies applied to the request, this set will be empty.
+     *
+     * The ids should be treated as unordered,
+     */
+    readonly reason: string[];
 }
 
 export class JsJsonLogic {
-  free(): void;
-  [Symbol.dispose](): void;
-  constructor();
-  apply(logic: any, data: any): any;
+    free(): void;
+    [Symbol.dispose](): void;
+    apply(logic: any, data: any): any;
+    constructor();
 }
 
+/**
+ * A WASM wrapper for the Rust `cedarling::MultiIssuerAuthorizeResult` struct.
+ * Represents the result of a multi-issuer authorization request.
+ */
 export class MultiIssuerAuthorizeResult {
-  private constructor();
-  free(): void;
-  [Symbol.dispose](): void;
-  /**
-   * Convert `MultiIssuerAuthorizeResult` to json string value
-   */
-  json_string(): string;
-  /**
-   * Result of Cedar policy authorization
-   */
-  response: AuthorizeResultResponse;
-  /**
-   * Result of authorization
-   * true means `ALLOW`
-   * false means `Deny`
-   */
-  decision: boolean;
-  /**
-   * Request ID of the authorization request
-   */
-  request_id: string;
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Convert `MultiIssuerAuthorizeResult` to json string value
+     */
+    json_string(): string;
+    /**
+     * Result of authorization
+     * true means `ALLOW`
+     * false means `Deny`
+     */
+    decision: boolean;
+    /**
+     * Request ID of the authorization request
+     */
+    request_id: string;
+    /**
+     * Result of Cedar policy authorization
+     */
+    response: AuthorizeResultResponse;
 }
 
+/**
+ * PolicyEvaluationError
+ * =====================
+ *
+ * Represents an error that occurred when evaluating a Cedar policy.
+ */
 export class PolicyEvaluationError {
-  private constructor();
-  free(): void;
-  [Symbol.dispose](): void;
-  /**
-   * Id of the policy with an error
-   */
-  readonly id: string;
-  /**
-   * Underlying evaluation error string representation
-   */
-  readonly error: string;
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Underlying evaluation error string representation
+     */
+    readonly error: string;
+    /**
+     * Id of the policy with an error
+     */
+    readonly id: string;
 }
 
 /**
@@ -188,3 +215,22 @@ export class PolicyEvaluationError {
  * This function can take as config parameter the eather `Map` other `Object`
  */
 export function init(config: any): Promise<Cedarling>;
+
+/**
+ * Create a new instance of the Cedarling application from archive bytes.
+ *
+ * This function allows loading a policy store from a Cedar Archive (.cjar)
+ * that was fetched with custom logic (e.g., with authentication headers).
+ *
+ * # Arguments
+ * * `config` - Bootstrap configuration (Map or Object). Policy store config is ignored.
+ * * `archive_bytes` - The .cjar archive bytes (Uint8Array)
+ *
+ * # Example
+ * ```javascript
+ * const response = await fetch(url, { headers: { Authorization: 'Bearer ...' } });
+ * const bytes = new Uint8Array(await response.arrayBuffer());
+ * const cedarling = await init_from_archive_bytes(config, bytes);
+ * ```
+ */
+export function init_from_archive_bytes(config: any, archive_bytes: Uint8Array): Promise<Cedarling>;