@janssenproject/cedarling_wasm 2.0.0 → 2.0.1-nodejs

package/cedarling_wasm.d.ts

@@ -1,125 +1,405 @@
 /* tslint:disable */
 /* eslint-disable */
 /**
- * Create a new instance of the Cedarling application.
- * This function can take as config parameter the eather `Map` other `Object`
+ * The `ReadableStreamType` enum.
+ *
+ * *This API requires the following crate features to be activated: `ReadableStreamType`*
  */
-export function init(config: any): Promise<Cedarling>;
+
+type ReadableStreamType = "bytes";
+
 /**
  * A WASM wrapper for the Rust `cedarling::AuthorizeResult` struct.
  * Represents the result of an authorization request.
  */
 export class AuthorizeResult {
-  private constructor();
-  free(): void;
-  /**
-   * Convert `AuthorizeResult` to json string value
-   */
-  json_string(): string;
-  principal(principal: string): AuthorizeResultResponse | undefined;
-  /**
-   * Result of authorization where principal is `Jans::Workload`
-   */
-  get workload(): AuthorizeResultResponse | undefined;
-  /**
-   * Result of authorization where principal is `Jans::Workload`
-   */
-  set workload(value: AuthorizeResultResponse | null | undefined);
-  /**
-   * Result of authorization where principal is `Jans::User`
-   */
-  get person(): AuthorizeResultResponse | undefined;
-  /**
-   * Result of authorization where principal is `Jans::User`
-   */
-  set person(value: AuthorizeResultResponse | null | undefined);
-  /**
-   * Result of authorization
-   * true means `ALLOW`
-   * false means `Deny`
-   *
-   * this field is [`bool`] type to be compatible with [authzen Access Evaluation Decision](https://openid.github.io/authzen/#section-6.2.1).
-   */
-  decision: boolean;
-  /**
-   * Request ID of the authorization request
-   */
-  request_id: string;
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Convert `AuthorizeResult` to json string value
+     */
+    json_string(): string;
+    /**
+     * Result of authorization
+     * true means `ALLOW`
+     * false means `Deny`
+     *
+     * this field is [`bool`] type to be compatible with [authzen Access Evaluation Decision](https://openid.github.io/authzen/#section-6.2.1).
+     */
+    decision: boolean;
+    /**
+     * Request ID of the authorization request
+     */
+    request_id: string;
+    /**
+     * Cedar authorization response for the request.
+     */
+    response: AuthorizeResultResponse;
 }
+
 /**
  * A WASM wrapper for the Rust `cedar_policy::Response` struct.
  * Represents the result of an authorization request.
  */
 export class AuthorizeResultResponse {
-  private constructor();
-  free(): void;
-  /**
-   * Authorization decision
-   */
-  readonly decision: boolean;
-  /**
-   * Diagnostics providing more information on how this decision was reached
-   */
-  readonly diagnostics: Diagnostics;
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Authorization decision
+     */
+    readonly decision: boolean;
+    /**
+     * Diagnostics providing more information on how this decision was reached
+     */
+    readonly diagnostics: Diagnostics;
 }
+
 /**
  * The instance of the Cedarling application.
  */
 export class Cedarling {
-  private constructor();
-  free(): void;
-  /**
-   * Create a new instance of the Cedarling application.
-   * Assume that config is `Object`
-   */
-  static new(config: object): Promise<Cedarling>;
-  /**
-   * Create a new instance of the Cedarling application.
-   * Assume that config is `Map`
-   */
-  static new_from_map(config: Map<any, any>): Promise<Cedarling>;
-  /**
-   * Authorize request
-   * makes authorization decision based on the [`Request`]
-   */
-  authorize(request: any): Promise<AuthorizeResult>;
-  /**
-   * Authorize request for unsigned principals.
-   * makes authorization decision based on the [`RequestUnsigned`]
-   */
-  authorize_unsigned(request: any): Promise<AuthorizeResult>;
-  /**
-   * Get logs and remove them from the storage.
-   * Returns `Array` of `Map`
-   */
-  pop_logs(): Array<any>;
-  /**
-   * Get specific log entry.
-   * Returns `Map` with values or `null`.
-   */
-  get_log_by_id(id: string): any;
-  /**
-   * Returns a list of all log ids.
-   * Returns `Array` of `String`
-   */
-  get_log_ids(): Array<any>;
-  /**
-   * Get logs by tag, like `log_kind` or `log level`.
-   * Tag can be `log_kind`, `log_level`.
-   */
-  get_logs_by_tag(tag: string): any[];
-  /**
-   * Get logs by request_id.
-   * Return log entries that match the given request_id.
-   */
-  get_logs_by_request_id(request_id: string): any[];
-  /**
-   * Get log by request_id and tag, like composite key `request_id` + `log_kind`.
-   * Tag can be `log_kind`, `log_level`.
-   * Return log entries that match the given request_id and tag.
-   */
-  get_logs_by_request_id_and_tag(request_id: string, tag: string): any[];
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Authorize multi-issuer request.
+     * Makes authorization decision based on multiple JWT tokens from different issuers
+     */
+    authorize_multi_issuer(request: any): Promise<MultiIssuerAuthorizeResult>;
+    /**
+     * Authorize an unsigned request carrying an optional single principal.
+     * Makes an authorization decision based on the [`RequestUnsigned`].
+     *
+     * When `principal` is omitted / `null` on the JS side the core uses Cedar
+     * partial evaluation; residual-dependent requests fail closed with
+     * `Decision::Deny` and surface residual policy ids in
+     * `response.diagnostics.reason`.
+     */
+    authorize_unsigned(request: any): Promise<AuthorizeResult>;
+    /**
+     * Clear all entries from the data store.
+     *
+     * # Example
+     *
+     * ```javascript
+     * cedarling.clear_data_ctx();
+     * console.log("All data entries cleared");
+     * ```
+     */
+    clear_data_ctx(): void;
+    /**
+     * Get trusted issuer identifiers that failed to load.
+     *
+     * # Example
+     *
+     * ```javascript
+     * const ids = cedarling.failed_trusted_issuer_ids();
+     * ```
+     */
+    failed_trusted_issuer_ids(): Array<any>;
+    /**
+     * Get a value from the data store by key.
+     * Returns null if the key doesn't exist or the entry has expired.
+     *
+     * # Arguments
+     *
+     * * `key` - A string key for the data entry to retrieve
+     *
+     * # Example
+     *
+     * ```javascript
+     * const value = cedarling.get_data_ctx("user:123");
+     * if (value !== null) {
+     *     console.log(value.name); // "John"
+     * }
+     * ```
+     */
+    get_data_ctx(key: string): any;
+    /**
+     * Get a data entry with full metadata by key.
+     * Returns null if the key doesn't exist or the entry has expired.
+     *
+     * # Arguments
+     *
+     * * `key` - A string key for the data entry to retrieve
+     *
+     * # Example
+     *
+     * ```javascript
+     * const entry = cedarling.get_data_entry_ctx("user:123");
+     * if (entry !== null) {
+     *     console.log(entry.key); // "user:123"
+     *     console.log(entry.value); // { name: "John", age: 30 }
+     *     console.log(entry.data_type); // "Record"
+     *     console.log(entry.created_at); // "2024-01-01T12:00:00Z"
+     *     console.log(entry.access_count); // 5
+     * }
+     * ```
+     */
+    get_data_entry_ctx(key: string): DataEntry | undefined;
+    /**
+     * Get specific log entry.
+     * Returns `Map` with values or `null`.
+     */
+    get_log_by_id(id: string): any;
+    /**
+     * Returns a list of all log ids.
+     * Returns `Array` of `String`
+     */
+    get_log_ids(): Array<any>;
+    /**
+     * Get logs by request_id.
+     * Return log entries that match the given request_id.
+     */
+    get_logs_by_request_id(request_id: string): any[];
+    /**
+     * Get log by request_id and tag, like composite key `request_id` + `log_kind`.
+     * Tag can be `log_kind`, `log_level`.
+     * Return log entries that match the given request_id and tag.
+     */
+    get_logs_by_request_id_and_tag(request_id: string, tag: string): any[];
+    /**
+     * Get logs by tag, like `log_kind` or `log level`.
+     * Tag can be `log_kind`, `log_level`.
+     */
+    get_logs_by_tag(tag: string): any[];
+    /**
+     * Get statistics about the data store.
+     *
+     * # Example
+     *
+     * ```javascript
+     * const stats = cedarling.get_stats_ctx();
+     * console.log(`Entries: ${stats.entry_count}/${stats.max_entries || 'unlimited'}`);
+     * console.log(`Capacity: ${stats.capacity_usage_percent.toFixed(2)}%`);
+     * console.log(`Total size: ${stats.total_size_bytes} bytes`);
+     * ```
+     */
+    get_stats_ctx(): DataStoreStats;
+    /**
+     * Check whether a trusted issuer was loaded by `iss` claim.
+     *
+     * # Arguments
+     *
+     * * `iss_claim` - Issuer `iss` claim value to check.
+     *
+     * # Example
+     *
+     * ```javascript
+     * const ok = cedarling.is_trusted_issuer_loaded_by_iss("https://issuer.example.org");
+     * ```
+     */
+    is_trusted_issuer_loaded_by_iss(iss_claim: string): boolean;
+    /**
+     * Check whether a trusted issuer was loaded by issuer identifier.
+     *
+     * # Arguments
+     *
+     * * `issuer_id` - Trusted issuer identifier to check.
+     *
+     * # Example
+     *
+     * ```javascript
+     * const ok = cedarling.is_trusted_issuer_loaded_by_name("issuer_id");
+     * ```
+     */
+    is_trusted_issuer_loaded_by_name(issuer_id: string): boolean;
+    /**
+     * List all entries with their metadata.
+     * Returns an array of DataEntry objects.
+     *
+     * # Example
+     *
+     * ```javascript
+     * const entries = cedarling.list_data_ctx();
+     * entries.forEach(entry => {
+     *     console.log(`${entry.key}: ${entry.data_type} (accessed ${entry.access_count} times)`);
+     * });
+     * ```
+     */
+    list_data_ctx(): Array<any>;
+    /**
+     * Get trusted issuer identifiers loaded successfully.
+     *
+     * # Example
+     *
+     * ```javascript
+     * const ids = cedarling.loaded_trusted_issuer_ids();
+     * ```
+     */
+    loaded_trusted_issuer_ids(): Array<any>;
+    /**
+     * Get the number of trusted issuers loaded successfully.
+     *
+     * # Example
+     *
+     * ```javascript
+     * const loadedCount = cedarling.loaded_trusted_issuers_count();
+     * ```
+     */
+    loaded_trusted_issuers_count(): number;
+    /**
+     * Create a new instance of the Cedarling application.
+     * Assume that config is `Object`
+     */
+    static new(config: object): Promise<Cedarling>;
+    /**
+     * Create a new instance of the Cedarling application.
+     * Assume that config is `Map`
+     */
+    static new_from_map(config: Map<any, any>): Promise<Cedarling>;
+    /**
+     * Get logs and remove them from the storage.
+     * Returns `Array` of `Map`
+     */
+    pop_logs(): Array<any>;
+    /**
+     * Push a value into the data store with an optional TTL.
+     * If the key already exists, the value will be replaced.
+     * If TTL is not provided, the default TTL from configuration is used.
+     *
+     * # Arguments
+     *
+     * * `key` - A string key for the data entry (must not be empty)
+     * * `value` - The value to store (any JSON-serializable JavaScript value: object, array, string, number, boolean)
+     * * `ttl_secs` - Optional TTL in seconds (undefined/null uses default from config)
+     *
+     * # Example
+     *
+     * ```javascript
+     * cedarling.push_data_ctx("user:123", { name: "John", age: 30 }, 3600);
+     * cedarling.push_data_ctx("config", { setting: "value" }); // Uses default TTL
+     * ```
+     */
+    push_data_ctx(key: string, value: any, ttl_secs?: bigint | null): void;
+    /**
+     * Remove a value from the data store by key.
+     * Returns true if the key existed and was removed, false otherwise.
+     *
+     * # Arguments
+     *
+     * * `key` - A string key for the data entry to remove
+     *
+     * # Example
+     *
+     * ```javascript
+     * const removed = cedarling.remove_data_ctx("user:123");
+     * if (removed) {
+     *     console.log("Entry was successfully removed");
+     * }
+     * ```
+     */
+    remove_data_ctx(key: string): boolean;
+    /**
+     * Closes the connections to the Lock Server and pushes all available logs.
+     */
+    shut_down(): Promise<void>;
+    /**
+     * Get the total number of trusted issuer entries discovered.
+     *
+     * # Example
+     *
+     * ```javascript
+     * const total = cedarling.total_issuers();
+     * ```
+     */
+    total_issuers(): number;
 }
+
+/**
+ * A WASM wrapper for the Rust `cedarling::DataEntry` struct.
+ * Represents a data entry in the DataStore with value and metadata.
+ */
+export class DataEntry {
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Convert `DataEntry` to json string value
+     */
+    json_string(): string;
+    /**
+     * Get the value stored in this entry as a JavaScript object
+     */
+    value(): any;
+    /**
+     * Number of times this entry has been accessed
+     */
+    access_count: bigint;
+    /**
+     * Timestamp when this entry was created (RFC 3339 format)
+     */
+    created_at: string;
+    /**
+     * The inferred Cedar type of the value
+     */
+    data_type: string;
+    /**
+     * Timestamp when this entry expires (RFC 3339 format), or null if no TTL
+     */
+    get expires_at(): string | undefined;
+    /**
+     * Timestamp when this entry expires (RFC 3339 format), or null if no TTL
+     */
+    set expires_at(value: string | null | undefined);
+    /**
+     * The key for this entry
+     */
+    key: string;
+}
+
+/**
+ * A WASM wrapper for the Rust `cedarling::DataStoreStats` struct.
+ * Statistics about the DataStore.
+ */
+export class DataStoreStats {
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Convert `DataStoreStats` to json string value
+     */
+    json_string(): string;
+    /**
+     * Average size per entry in bytes (0 if no entries)
+     */
+    avg_entry_size_bytes: number;
+    /**
+     * Percentage of capacity used (0.0-100.0, based on entry count)
+     */
+    capacity_usage_percent: number;
+    /**
+     * Number of entries currently stored
+     */
+    entry_count: number;
+    /**
+     * Maximum number of entries allowed (0 = unlimited)
+     */
+    max_entries: number;
+    /**
+     * Maximum size per entry in bytes (0 = unlimited)
+     */
+    max_entry_size: number;
+    /**
+     * Memory usage threshold percentage (from config)
+     */
+    memory_alert_threshold: number;
+    /**
+     * Whether memory usage exceeds the alert threshold
+     */
+    memory_alert_triggered: boolean;
+    /**
+     * Whether metrics tracking is enabled
+     */
+    metrics_enabled: boolean;
+    /**
+     * Total size of all entries in bytes (approximate, based on JSON serialization)
+     */
+    total_size_bytes: number;
+}
+
 /**
  * Diagnostics
  * ===========
@@ -127,26 +407,79 @@ export class Cedarling {
  * Provides detailed information about how a policy decision was made, including policies that contributed to the decision and any errors encountered during evaluation.
  */
 export class Diagnostics {
-  private constructor();
-  free(): void;
-  /**
-   * `PolicyId`s of the policies that contributed to the decision.
-   * If no policies applied to the request, this set will be empty.
-   *
-   * The ids should be treated as unordered,
-   */
-  readonly reason: string[];
-  /**
-   * Errors that occurred during authorization. The errors should be
-   * treated as unordered, since policies may be evaluated in any order.
-   */
-  readonly errors: PolicyEvaluationError[];
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Errors that occurred during authorization. The errors should be
+     * treated as unordered, since policies may be evaluated in any order.
+     */
+    readonly errors: PolicyEvaluationError[];
+    /**
+     * `PolicyId`s of the policies that contributed to the decision.
+     * If no policies applied to the request, this set will be empty.
+     *
+     * The ids should be treated as unordered,
+     */
+    readonly reason: string[];
+}
+
+export class IntoUnderlyingByteSource {
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    cancel(): void;
+    pull(controller: ReadableByteStreamController): Promise<any>;
+    start(controller: ReadableByteStreamController): void;
+    readonly autoAllocateChunkSize: number;
+    readonly type: ReadableStreamType;
 }
-export class JsJsonLogic {
-  free(): void;
-  constructor();
-  apply(logic: any, data: any): any;
+
+export class IntoUnderlyingSink {
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    abort(reason: any): Promise<any>;
+    close(): Promise<any>;
+    write(chunk: any): Promise<any>;
+}
+
+export class IntoUnderlyingSource {
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    cancel(): void;
+    pull(controller: ReadableStreamDefaultController): Promise<any>;
+}
+
+/**
+ * A WASM wrapper for the Rust `cedarling::MultiIssuerAuthorizeResult` struct.
+ * Represents the result of a multi-issuer authorization request.
+ */
+export class MultiIssuerAuthorizeResult {
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Convert `MultiIssuerAuthorizeResult` to json string value
+     */
+    json_string(): string;
+    /**
+     * Result of authorization
+     * true means `ALLOW`
+     * false means `Deny`
+     */
+    decision: boolean;
+    /**
+     * Request ID of the authorization request
+     */
+    request_id: string;
+    /**
+     * Result of Cedar policy authorization
+     */
+    response: AuthorizeResultResponse;
 }
+
 /**
  * PolicyEvaluationError
  * =====================
@@ -154,86 +487,40 @@ export class JsJsonLogic {
  * Represents an error that occurred when evaluating a Cedar policy.
  */
 export class PolicyEvaluationError {
-  private constructor();
-  free(): void;
-  /**
-   * Id of the policy with an error
-   */
-  readonly id: string;
-  /**
-   * Underlying evaluation error string representation
-   */
-  readonly error: string;
+    private constructor();
+    free(): void;
+    [Symbol.dispose](): void;
+    /**
+     * Underlying evaluation error string representation
+     */
+    readonly error: string;
+    /**
+     * Id of the policy with an error
+     */
+    readonly id: string;
 }
 
-export type InitInput = RequestInfo | URL | Response | BufferSource | WebAssembly.Module;
-
-export interface InitOutput {
-  readonly memory: WebAssembly.Memory;
-  readonly __wbg_cedarling_free: (a: number, b: number) => void;
-  readonly init: (a: number) => number;
-  readonly cedarling_new: (a: number) => number;
-  readonly cedarling_new_from_map: (a: number) => number;
-  readonly cedarling_authorize: (a: number, b: number) => number;
-  readonly cedarling_authorize_unsigned: (a: number, b: number) => number;
-  readonly cedarling_pop_logs: (a: number, b: number) => void;
-  readonly cedarling_get_log_by_id: (a: number, b: number, c: number, d: number) => void;
-  readonly cedarling_get_log_ids: (a: number) => number;
-  readonly cedarling_get_logs_by_tag: (a: number, b: number, c: number, d: number) => void;
-  readonly cedarling_get_logs_by_request_id: (a: number, b: number, c: number, d: number) => void;
-  readonly cedarling_get_logs_by_request_id_and_tag: (a: number, b: number, c: number, d: number, e: number, f: number) => void;
-  readonly __wbg_authorizeresult_free: (a: number, b: number) => void;
-  readonly __wbg_get_authorizeresult_workload: (a: number) => number;
-  readonly __wbg_set_authorizeresult_workload: (a: number, b: number) => void;
-  readonly __wbg_get_authorizeresult_person: (a: number) => number;
-  readonly __wbg_set_authorizeresult_person: (a: number, b: number) => void;
-  readonly __wbg_get_authorizeresult_decision: (a: number) => number;
-  readonly __wbg_set_authorizeresult_decision: (a: number, b: number) => void;
-  readonly __wbg_get_authorizeresult_request_id: (a: number, b: number) => void;
-  readonly __wbg_set_authorizeresult_request_id: (a: number, b: number, c: number) => void;
-  readonly authorizeresult_json_string: (a: number, b: number) => void;
-  readonly authorizeresult_principal: (a: number, b: number, c: number) => number;
-  readonly __wbg_authorizeresultresponse_free: (a: number, b: number) => void;
-  readonly authorizeresultresponse_decision: (a: number) => number;
-  readonly authorizeresultresponse_diagnostics: (a: number) => number;
-  readonly __wbg_diagnostics_free: (a: number, b: number) => void;
-  readonly diagnostics_reason: (a: number, b: number) => void;
-  readonly diagnostics_errors: (a: number, b: number) => void;
-  readonly __wbg_policyevaluationerror_free: (a: number, b: number) => void;
-  readonly policyevaluationerror_id: (a: number, b: number) => void;
-  readonly policyevaluationerror_error: (a: number, b: number) => void;
-  readonly __wbg_jsjsonlogic_free: (a: number, b: number) => void;
-  readonly jsjsonlogic_new: () => number;
-  readonly jsjsonlogic_apply: (a: number, b: number, c: number, d: number) => void;
-  readonly ring_core_0_17_14__bn_mul_mont: (a: number, b: number, c: number, d: number, e: number, f: number) => void;
-  readonly __wbindgen_export_0: (a: number, b: number) => number;
-  readonly __wbindgen_export_1: (a: number, b: number, c: number, d: number) => number;
-  readonly __wbindgen_export_2: (a: number) => void;
-  readonly __wbindgen_export_3: WebAssembly.Table;
-  readonly __wbindgen_add_to_stack_pointer: (a: number) => number;
-  readonly __wbindgen_export_4: (a: number, b: number, c: number) => void;
-  readonly __wbindgen_export_5: (a: number, b: number) => void;
-  readonly __wbindgen_export_6: (a: number, b: number, c: number) => void;
-  readonly __wbindgen_export_7: (a: number, b: number, c: number, d: number) => void;
-}
-
-export type SyncInitInput = BufferSource | WebAssembly.Module;
 /**
-* Instantiates the given `module`, which can either be bytes or
-* a precompiled `WebAssembly.Module`.
-*
-* @param {{ module: SyncInitInput }} module - Passing `SyncInitInput` directly is deprecated.
-*
-* @returns {InitOutput}
-*/
-export function initSync(module: { module: SyncInitInput } | SyncInitInput): InitOutput;
+ * Create a new instance of the Cedarling application.
+ * This function can take as config parameter the eather `Map` other `Object`
+ */
+export function init(config: any): Promise<Cedarling>;
 
 /**
-* If `module_or_path` is {RequestInfo} or {URL}, makes a request and
-* for everything else, calls `WebAssembly.instantiate` directly.
-*
-* @param {{ module_or_path: InitInput | Promise<InitInput> }} module_or_path - Passing `InitInput` directly is deprecated.
-*
-* @returns {Promise<InitOutput>}
-*/
-export default function __wbg_init (module_or_path?: { module_or_path: InitInput | Promise<InitInput> } | InitInput | Promise<InitInput>): Promise<InitOutput>;
+ * Create a new instance of the Cedarling application from archive bytes.
+ *
+ * This function allows loading a policy store from a Cedar Archive (.cjar)
+ * that was fetched with custom logic (e.g., with authentication headers).
+ *
+ * # Arguments
+ * * `config` - Bootstrap configuration (Map or Object). Policy store config is ignored.
+ * * `archive_bytes` - The .cjar archive bytes (Uint8Array)
+ *
+ * # Example
+ * ```javascript
+ * const response = await fetch(url, { headers: { Authorization: 'Bearer ...' } });
+ * const bytes = new Uint8Array(await response.arrayBuffer());
+ * const cedarling = await init_from_archive_bytes(config, bytes);
+ * ```
+ */
+export function init_from_archive_bytes(config: any, archive_bytes: Uint8Array): Promise<Cedarling>;