@jcdubs/janus 1.1.0 → 1.2.0

package/README.md

@@ -1,5 +1,6 @@
 # Janus
 
+
 [![CI](https://github.com/JCDubs/Janus/actions/workflows/main.yaml/badge.svg?branch=main)](https://github.com/JCDubs/Janus/actions/workflows/main.yaml)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![Node.js Version](https://img.shields.io/badge/node-%3E%3D20-brightgreen)](https://nodejs.org)
@@ -16,6 +17,8 @@ Open source serverless authentication: A Cedar-based authorization engine for de
 
 Janus is a TypeScript library that provides fine-grained, policy-based authorization for AWS Lambda functions using [Cedar](https://www.cedarpolicy.com/). It enables you to define complex authorization rules and evaluate them efficiently within your serverless applications.
 
+Janus is based on the pattern discussed in this blog post: [Serverless: Granular Authorisation with Cedar — High control, minimal cost](https://medium.com/@jcdubs/serverless-granular-authorisation-with-cedar-high-control-minimal-cost-1149640f8cd9).
+
 ### Key Features
 
 - 🔐 **Cedar Policy Engine** - Leverage Amazon's Cedar policy language for authorization
@@ -115,31 +118,112 @@ namespace OrderService {
 }
 ```
 
+### Implement the Auth Lambda
+
+The following example demonstrates a simple AWS Lambda handler that uses the middleware
+to load Cedar authorization and then performs an authorization check inside the handler.
+
+```typescript
+import middy from '@middy/core';
+import type { APIGatewayProxyEvent, APIGatewayProxyResult } from 'aws-lambda';
+import {
+  loadCedarAuthorization,
+  AuthorizationService,
+  EntityBuilder,
+  getUserName,
+} from '@jcdubs/janus';
+
+const authorizationConfig = {
+  namespace: 'OrderService::',
+  principleType: 'User',
+  resourceType: 'Order',
+  roleType: 'Role',
+};
+
+const handler = async (
+  event: APIGatewayProxyEvent,
+): Promise<APIGatewayProxyResult> => {
+  // AuthorizationService is cached by the middleware, but retrieving it here is safe
+  // and inexpensive (cached) and makes the intent explicit in the handler.
+  const authService = await AuthorizationService.getService(authorizationConfig);
+
+  const resourceId = event.pathParameters?.orderId ?? 'order-123';
+
+  const isAuthorized = authService
+    .setAction('viewOrder')
+    .setResource(resourceId)
+    .addEntity(
+      new EntityBuilder(resourceId, authorizationConfig)
+        .withStringAttr('customerId', getUserName())
+        .build(),
+    )
+    .isAuthorized();
+
+  return {
+    statusCode: isAuthorized ? 200 : 403,
+    body: JSON.stringify({ allowed: isAuthorized }),
+  };
+};
+
+export const main = middy(handler).use(loadCedarAuthorization(authorizationConfig));
+```
+
 ### 3. Use the Authorization Service
 
 ```typescript
-import { AuthorizationService } from '@jcdubs/janus';
+import { AuthorizationService, EntityBuilder } from '@jcdubs/janus';
 
-// Initialize the service (cached as a singleton)
-const authService = await AuthorizationService.getService({
+// Define the authorization configuration and initialize the service (cached as a singleton)
+const authorizationConfig = {
   namespace: 'OrderService::',
   principleType: 'User',
   resourceType: 'Order',
   roleType: 'Role'
-});
+};
+
+const authService = await AuthorizationService.getService(authorizationConfig);
+
+// Examples showing varied `EntityBuilder` usage patterns
+
+// Minimal: build an entity with only UID
+const isAuthorizedMinimal = authService
+  .setAction('viewOrder')
+  .setResource('order-123')
+  .addEntity(new EntityBuilder('order-123', authorizationConfig).build())
+  .isAuthorized();
 
-// Evaluate authorization
-const isAuthorized = authService
+// Typical: add a few simple attributes
+const isAuthorizedTypical = authService
   .setAction('viewOrder')
   .setResource('order-123')
-  .addEntity({
-    uid: { type: 'OrderService::Order', id: 'order-123' },
-    attrs: { customerId: 'user-456', status: 'PENDING' },
-    parents: []
-  })
+  .addEntity(
+    new EntityBuilder('order-123', authorizationConfig)
+      .withStringAttr('customerId', 'user-456')
+      .withStringAttr('status', 'PENDING')
+      .withNumberAttr('items', 3)
+      .build()
+  )
   .isAuthorized();
 
-console.log(isAuthorized); // true or false
+// Full: include sets, references, extension attrs, parents and tags
+const isAuthorizedFull = authService
+  .setAction('viewOrder')
+  .setResource('order-123')
+  .addEntity(
+    new EntityBuilder('order-123', authorizationConfig)
+      .withStringAttr('customerId', 'user-456')
+      .withBooleanAttr('active', true)
+      .withNumberAttr('items', 5)
+      .withSetAttr('flags', ['flagA', 'flagB'])
+      .withAttr('owner', 'u1', authorizationConfig.principleType)
+      .withExtnAttr('ip', 'ipaddr', '192.168.1.10')
+      .withParent('role-1', 'Role')
+      .withTag('label', 'lbl1', 'Label')
+      .build()
+  )
+  .isAuthorized();
+
+logger.info('Create authorisation requests', isAuthorizedMinimal, isAuthorizedTypical, isAuthorizedFull);
 ```
 
 ## API Reference
@@ -243,6 +327,56 @@ const handler = middy(async (event) => {
   }));
 ```
 
+### Auth Lambda Construct
+
+Provides a CDK construct to bundle a Node.js Lambda with Cedar policy and schema files and the Cedar WASM runtime.
+
+- **Export:** `AuthLambda` (class)
+- **Props:** `AuthLambdaProps` — extends `NodejsFunctionProps` and adds `authorisation: { policyFilePath: string; schemaFilePath: string }`.
+
+Usage: Use `AuthLambda` in CDK stacks to ensure Cedar policies and schema are bundled with the Lambda package and the Cedar WASM runtime copied into `node_modules/@cedar-policy/cedar-wasm`. In particular, `AuthLambda` makes sure the `@cedar-policy/cedar-wasm` package, your Cedar policy file (for example `policies.cedar`) and your Cedar schema file (for example `schema.cedarschema`) are included in the Lambda deployment package so they are available at runtime.
+
+### EntityBuilder
+
+Fluent builder for creating Cedar entity JSON objects used in authorization requests.
+
+- **Export:** `EntityBuilder` (class)
+- **Constructor:** `new EntityBuilder(id: string, authorizationConfig: AuthorizationConfigType, type?: string)`
+- **Common Methods:** `withAttr(name, id, type)`, `withExtnAttr(name, fn, arg)`, `withBooleanAttr(name, value)`, `withNumberAttr(name, value)`, `withStringAttr(name, value)`, `withSetAttr(name, value)`, `withParent(id, type)`, `withTag(name, id, type)`, `build()` — returns `EntityJson`.
+
+Example usage is shown in the Quick Start section above.
+
+### File Loader
+
+Small utility to read bundled files (Cedar policy and schema) from the Lambda package.
+
+- **Export:** `loadFileAsString(fileName: string): string`
+
+Throws an `Error` if the file cannot be read. Typically used by the `AuthorizationService` to load `policies.cedar` and `schema.cedarschema`.
+
+### Types
+
+Shared TypeScript types used across the library.
+
+- `TypeAndId` — `{ type: string; id: string }`
+- `EntityUidJson` — `{ __entity: TypeAndId } | TypeAndId`
+- `CedarValueJson` — union of entity refs, extn values, primitives, arrays, objects, or null
+- `FnAndArg` — `{ fn: string; arg: CedarValueJson }`
+- `EntityJson` — `{ uid: EntityUidJson; attrs: Record<string, CedarValueJson>; parents: EntityUidJson[]; tags?: Record<string, CedarValueJson> }`
+
+### Errors
+
+The library exports a set of specific error classes used by the authorization flow.
+
+- `MissingAuthenticatedUserDetailsError`
+- `MissingAuthorizationActionError`
+- `MissingAuthorizationPolicyError`
+- `MissingAuthorizationResourceError`
+- `MissingAuthorizationSchemaError`
+- `UnauthorizedError`
+
+These are exported from the `errors` module and are thrown by the `AuthorizationService` and middleware where applicable.
+
 ## User Details
 
 The library provides utilities to extract user information from Lambda events:
@@ -267,6 +401,15 @@ The library provides specific error classes for different authorization failures
 
 ## Examples
 
+### Order Service Example
+
+The `examples/order-service` project demonstrates a complete integration of Janus in a real-world serverless service. It shows how the Janus CDK construct, middleware and SDK are used together to provide Cedar-based authorization for AWS Lambda CRUD handlers.
+
+- **Janus Integration**: The example uses the provided `Auth` Lambda construct and the `authorizationMiddleware` to bundle and load Cedar policy and schema files. The authorization checks inside the order CRUD Lambdas use the `AuthorizationService` from the Janus SDK (via the auth secondary adapter) to evaluate requests against the deployed Cedar policies and schema.
+- **Full CRUD API**: The example implements a full Create/Read/Update/Delete API for `orders` backed by the included lambda handlers.
+- **Scripts**: See the `examples/order-service/scripts` directory — it contains scripts to hydrate the database, create users and groups in the Cognito user pool, and login scripts for individual users associated with specific groups.
+- **Postman Collection**: A Postman collection (`Auth.postman_collection.json`) is included in the example. It contains requests that exercise each user and group against the Cedar policy and schema files deployed with the order CRUD Lambdas.
+
 See the [authorization-tests](./src/authorization-service/authorization-tests/) directory for comprehensive examples including:
 
 - Customer role permissions
@@ -282,6 +425,7 @@ See the [authorization-tests](./src/authorization-service/authorization-tests/)
 - [Cedar Policy Blog](https://www.cedarpolicy.com/blog)
 - [Cedar SDK](https://github.com/cedar-policy)
 - [Cedar Policy Playground](https://www.cedarpolicy.com/en/playground)
+ - [Serverless: Granular Authorisation with Cedar — High control, minimal cost (blog post)](https://medium.com/@jcdubs/serverless-granular-authorisation-with-cedar-high-control-minimal-cost-1149640f8cd9)
 
 ## Development
 

package/dist/auth-lambda/auth-lambda.js

@@ -96,7 +96,7 @@ class AuthLambda extends njsLambda.NodejsFunction {
                         return [
                             `echo "Copying node_modules/@cedar-policy/cedar-wasm directory to Lambda package..."`,
                             `mkdir -p ${outputDir}/node_modules/@cedar-policy/cedar-wasm/`,
-                            `cp -r ${inputDir}/node_modules/janus/vendor/@cedar-policy/cedar-wasm ${outputDir}/node_modules/@cedar-policy/`,
+                            `cp -r ${inputDir}/node_modules/@jcdubs/janus/vendor/@cedar-policy/cedar-wasm ${outputDir}/node_modules/@cedar-policy/`,
                             `echo "node_modules/@cedar-policy/cedar-wasm directory copied successfully to ${outputDir}/node_modules/@cedar-policy"`,
                             `echo "Copying policy and schema files to Lambda package..."`,
                             `cp ${props.authorisation.policyFilePath} ${outputDir}/policies.cedar`,

package/dist/auth-lambda/auth-lambda.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth-lambda.js","sourceRoot":"","sources":["../../src/auth-lambda/auth-lambda.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yEAA2D;AAuC3D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AACH,MAAa,UAAW,SAAQ,SAAS,CAAC,cAAc;IACvD;;;;;;;;OAQG;IACH,YAAY,KAAgB,EAAE,EAAU,EAAE,KAAsB;QAC/D,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE;YAChB,GAAG,KAAK;YACR,QAAQ,EAAE;gBACT,GAAG,KAAK,CAAC,QAAQ;gBACjB,YAAY,EAAE;oBACb,cAAc,CAAC,SAAiB,EAAE,UAAkB;wBACnD,OAAO,CAAC,0DAA0D,CAAC,CAAC;oBACrE,CAAC;oBACD,aAAa,CAAC,SAAiB,EAAE,UAAkB;wBAClD,OAAO,EAAE,CAAC;oBACX,CAAC;oBACD,aAAa,CAAC,QAAgB,EAAE,SAAiB;wBAChD,OAAO;4BACN,qFAAqF;4BACrF,YAAY,SAAS,yCAAyC;4BAC9D,SAAS,QAAQ,uDAAuD,SAAS,8BAA8B;4BAC/G,gFAAgF,SAAS,8BAA8B;4BACvH,6DAA6D;4BAC7D,MAAM,KAAK,CAAC,aAAa,CAAC,cAAc,IAAI,SAAS,iBAAiB;4BACtE,MAAM,KAAK,CAAC,aAAa,CAAC,cAAc,IAAI,SAAS,qBAAqB;4BAC1E,wDAAwD,SAAS,GAAG;yBACpE,CAAC;oBACH,CAAC;iBACD;gBACD,eAAe,EAAE;oBAChB,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,eAAe,IAAI,EAAE,CAAC;oBAC1C,WAAW;oBACX,0BAA0B;iBAC1B;aACD;SACD,CAAC,CAAC;IACJ,CAAC;CACD;AA3CD,gCA2CC"}
+{"version":3,"file":"auth-lambda.js","sourceRoot":"","sources":["../../src/auth-lambda/auth-lambda.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,yEAA2D;AAuC3D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AACH,MAAa,UAAW,SAAQ,SAAS,CAAC,cAAc;IACvD;;;;;;;;OAQG;IACH,YAAY,KAAgB,EAAE,EAAU,EAAE,KAAsB;QAC/D,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE;YAChB,GAAG,KAAK;YACR,QAAQ,EAAE;gBACT,GAAG,KAAK,CAAC,QAAQ;gBACjB,YAAY,EAAE;oBACb,cAAc,CAAC,SAAiB,EAAE,UAAkB;wBACnD,OAAO,CAAC,0DAA0D,CAAC,CAAC;oBACrE,CAAC;oBACD,aAAa,CAAC,SAAiB,EAAE,UAAkB;wBAClD,OAAO,EAAE,CAAC;oBACX,CAAC;oBACD,aAAa,CAAC,QAAgB,EAAE,SAAiB;wBAChD,OAAO;4BACN,qFAAqF;4BACrF,YAAY,SAAS,yCAAyC;4BAC9D,SAAS,QAAQ,+DAA+D,SAAS,8BAA8B;4BACvH,gFAAgF,SAAS,8BAA8B;4BACvH,6DAA6D;4BAC7D,MAAM,KAAK,CAAC,aAAa,CAAC,cAAc,IAAI,SAAS,iBAAiB;4BACtE,MAAM,KAAK,CAAC,aAAa,CAAC,cAAc,IAAI,SAAS,qBAAqB;4BAC1E,wDAAwD,SAAS,GAAG;yBACpE,CAAC;oBACH,CAAC;iBACD;gBACD,eAAe,EAAE;oBAChB,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,eAAe,IAAI,EAAE,CAAC;oBAC1C,WAAW;oBACX,0BAA0B;iBAC1B;aACD;SACD,CAAC,CAAC;IACJ,CAAC;CACD;AA3CD,gCA2CC"}

package/dist/authorization-service/authorization-service.d.ts

@@ -1,4 +1,4 @@
-import * as cedar from '@cedar-policy/cedar-wasm/nodejs';
+import type { EntityJson } from '../types';
 import type { AuthorizationConfigType } from './types';
 /**
  * Service for evaluating Cedar policy-based authorization requests.
@@ -124,7 +124,7 @@ export declare class AuthorizationService {
      * });
      * ```
      */
-    addEntity(entity: cedar.EntityJson): AuthorizationService;
+    addEntity(entity: EntityJson): AuthorizationService;
     /**
      * Replaces all entities with a new array of entities for the Cedar authorization request.
      *
@@ -135,7 +135,7 @@ export declare class AuthorizationService {
      * @remarks
      * This replaces any previously added entities. Use {@link addEntity} to append individual entities.
      */
-    setEntities(entities: cedar.EntityJson[]): AuthorizationService;
+    setEntities(entities: EntityJson[]): AuthorizationService;
     /**
      * Validates that all required authorization properties are set.
      *

package/dist/authorization-service/authorization-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,KAAK,MAAM,iCAAiC,CAAC;AAWzD,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,SAAS,CAAC;AAMvD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AACH,qBAAa,oBAAoB;IAChC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAuB;IAC7C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAA0B;IAC9D,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAwB;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,MAAM,CAAqB;IACnC,OAAO,CAAC,QAAQ,CAAqB;IACrC,OAAO,CAAC,OAAO,CAAmD;IAClE,OAAO,CAAC,QAAQ,CAAiC;IAEjD;;;;;;;;;;;OAWG;IACH,OAAO;IAUP;;;;;;;;;;;;;OAaG;IACH,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,oBAAoB;IAK/C;;;;;;;;;;;;;OAaG;IACH,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,oBAAoB;IAKnD;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,UAAU,GAAG,oBAAoB;IAQzD;;;;;;;;;OASG;IACH,WAAW,CAAC,QAAQ,EAAE,KAAK,CAAC,UAAU,EAAE,GAAG,oBAAoB;IAK/D;;;;;;;;OAQG;IACH,OAAO,CAAC,+BAA+B;IAsBvC;;;;;;;;;OASG;IACH,OAAO,CAAC,YAAY;IASpB;;;;;;;;;;OAUG;IACH,OAAO,CAAC,mBAAmB;IAoB3B;;;;;;;;OAQG;IACH,OAAO,CAAC,qBAAqB;IAa7B;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,KAAK;IA0Cb;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,YAAY,IAAI,OAAO;IAgBvB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAsCG;WACU,UAAU,CACtB,mBAAmB,EAAE,uBAAuB,EAC5C,OAAO,UAAQ,GACb,OAAO,CAAC,oBAAoB,CAAC;CAkChC"}
+{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service/authorization-service.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAG3C,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,SAAS,CAAC;AAMvD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AACH,qBAAa,oBAAoB;IAChC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAuB;IAC7C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAA0B;IAC9D,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAwB;IAC/C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,MAAM,CAAqB;IACnC,OAAO,CAAC,QAAQ,CAAqB;IACrC,OAAO,CAAC,OAAO,CAAmD;IAClE,OAAO,CAAC,QAAQ,CAA2B;IAE3C;;;;;;;;;;;OAWG;IACH,OAAO;IAUP;;;;;;;;;;;;;OAaG;IACH,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,oBAAoB;IAK/C;;;;;;;;;;;;;OAaG;IACH,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,oBAAoB;IAKnD;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,SAAS,CAAC,MAAM,EAAE,UAAU,GAAG,oBAAoB;IAQnD;;;;;;;;;OASG;IACH,WAAW,CAAC,QAAQ,EAAE,UAAU,EAAE,GAAG,oBAAoB;IAKzD;;;;;;;;OAQG;IACH,OAAO,CAAC,+BAA+B;IAsBvC;;;;;;;;;OASG;IACH,OAAO,CAAC,YAAY;IASpB;;;;;;;;;;OAUG;IACH,OAAO,CAAC,mBAAmB;IAoB3B;;;;;;;;OAQG;IACH,OAAO,CAAC,qBAAqB;IAa7B;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,KAAK;IA0Cb;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,YAAY,IAAI,OAAO;IAgBvB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAsCG;WACU,UAAU,CACtB,mBAAmB,EAAE,uBAAuB,EAC5C,OAAO,UAAQ,GACb,OAAO,CAAC,oBAAoB,CAAC;CAkChC"}

package/dist/authorization-service/authorization-service.js.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-service.js","sourceRoot":"","sources":["../../src/authorization-service/authorization-service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0DAAuD;AACvD,uEAAyD;AACzD,sCAMmB;AACnB,4DAA8D;AAC9D,kDAAwD;AACxD,mDAAqD;AAGrD,MAAM,MAAM,GAAG,IAAI,eAAM,CAAC,EAAE,WAAW,EAAE,uBAAuB,EAAE,CAAC,CAAC;AACpE,MAAM,gBAAgB,GAAG,gBAAgB,CAAC;AAC1C,MAAM,gBAAgB,GAAG,oBAAoB,CAAC;AAE9C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AACH,MAAa,oBAAoB;IAUhC;;;;;;;;;;;OAWG;IACH,YACC,MAAc,EACd,MAAc,EACd,mBAA4C;QAE5C,IAAI,CAAC,MAAM,GAAG,IAAA,kCAAkB,EAAC,MAAM,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,mBAAmB,GAAG,mBAAmB,CAAC;IAChD,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,SAAS,CAAC,MAAc;QACvB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,OAAO,IAAI,CAAC;IACb,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,WAAW,CAAC,QAAgB;QAC3B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,OAAO,IAAI,CAAC;IACb,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,SAAS,CAAC,MAAwB;QACjC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpB,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;QACpB,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3B,OAAO,IAAI,CAAC;IACb,CAAC;IAED;;;;;;;;;OASG;IACH,WAAW,CAAC,QAA4B;QACvC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,OAAO,IAAI,CAAC;IACb,CAAC;IAED;;;;;;;;OAQG;IACK,+BAA+B;QACtC,mDAAmD;QACnD,IAAI,CAAC,IAAA,0BAAW,GAAE,IAAI,CAAC,IAAA,uBAAQ,GAAE,EAAE,CAAC;YACnC,MAAM,CAAC,KAAK,CACX,4DAA4D,CAC5D,CAAC;YACF,MAAM,IAAI,6CAAoC,EAAE,CAAC;QAClD,CAAC;QAED,2BAA2B;QAC3B,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;YACjE,MAAM,IAAI,wCAA+B,EAAE,CAAC;QAC7C,CAAC;QAED,2BAA2B;QAC3B,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpB,MAAM,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;YACnE,MAAM,IAAI,0CAAiC,EAAE,CAAC;QAC/C,CAAC;IACF,CAAC;IAED;;;;;;;;;OASG;IACK,YAAY;QACnB,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACvC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QACzB,CAAC;QAAC,OAAO,IAAI,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,MAAM,CAAC;QACpB,CAAC;IACF,CAAC;IAED;;;;;;;;;;OAUG;IACK,mBAAmB;QAC1B,MAAM,QAAQ,GAAG,IAAA,0BAAW,GAAE,CAAC;QAC/B,IAAI,CAAC,QAAQ,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;YAClE,MAAM,IAAI,6CAAoC,EAAE,CAAC;QAClD,CAAC;QACD,OAAO;YACN,GAAG,EAAE;gBACJ,IAAI,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,aAAa,EAAE;gBACtF,EAAE,EAAE,QAAQ;aACZ;YACD,KAAK,EAAE,EAAE;YACT,OAAO,EACN,IAAA,uBAAQ,GAAE,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBAC1B,IAAI,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE;gBACjF,EAAE,EAAE,IAAI;aACR,CAAC,CAAC,IAAI,EAAE;SACV,CAAC;IACH,CAAC;IAED;;;;;;;;OAQG;IACK,qBAAqB;QAC5B,OAAO,CACN,IAAA,uBAAQ,GAAE,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC1B,GAAG,EAAE;gBACJ,IAAI,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE;gBACjF,EAAE,EAAE,IAAI;aACR;YACD,KAAK,EAAE,EAAE;YACT,OAAO,EAAE,EAAE;SACX,CAAC,CAAC,IAAI,EAAE,CACT,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;OAaG;IACK,KAAK;QACZ,IAAI,CAAC,+BAA+B,EAAE,CAAC;QAEvC,MAAM,IAAI,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAE3C,MAAM,QAAQ,GAAG,IAAA,0BAAW,GAAE,CAAC;QAC/B,IAAI,CAAC,QAAQ,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;YAClE,MAAM,IAAI,6CAAoC,EAAE,CAAC;QAClD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;YACjE,MAAM,IAAI,wCAA+B,EAAE,CAAC;QAC7C,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpB,MAAM,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;YACnE,MAAM,IAAI,0CAAiC,EAAE,CAAC;QAC/C,CAAC;QACD,OAAO;YACN,SAAS,EAAE;gBACV,IAAI,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,aAAa,EAAE;gBACtF,EAAE,EAAE,QAAQ;aACZ;YACD,MAAM,EAAE;gBACP,IAAI,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,QAAQ;gBACnD,EAAE,EAAE,IAAI,CAAC,MAAM;aACf;YACD,QAAQ,EAAE;gBACT,IAAI,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,YAAY,EAAE;gBACrF,EAAE,EAAE,IAAI,CAAC,QAAQ;aACjB;YACD,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE;YAC3B,MAAM,EAAE,IAAI,CAAC,YAAY,EAAE;YAC3B,eAAe,EAAE,IAAI;YACrB,QAAQ,EAAE;gBACT,cAAc,EAAE,IAAI,CAAC,MAAM;aAC3B;YACD,QAAQ,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC;SACpD,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,YAAY;QACX,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACvC,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;QACtC,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAClE,MAAM,UAAU,GAAG,KAAK,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC;QACxD,MAAM,CAAC,KAAK,CAAC,aAAa,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;QAE5C,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,CAAC,KAAK,CAAC,kDAAkD,EAAE;gBAChE,UAAU;aACV,CAAC,CAAC;YACH,MAAM,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACzE,CAAC;QACD,OAAO,UAAU,CAAC,QAAQ,CAAC,QAAQ,KAAM,OAA0B,CAAC;IACrE,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAsCG;IACH,MAAM,CAAC,KAAK,CAAC,UAAU,CACtB,mBAA4C,EAC5C,OAAO,GAAG,KAAK;QAEf,IAAI,CAAC,OAAO,IAAI,oBAAoB,CAAC,OAAO,EAAE,CAAC;YAC9C,MAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;YACvD,OAAO,oBAAoB,CAAC,OAAO,CAAC;QACrC,CAAC;QAED,IAAI,MAA0B,CAAC;QAC/B,IAAI,MAA0B,CAAC;QAE/B,IAAI,CAAC;YACJ,MAAM,GAAG,IAAA,8BAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,MAAM,CAAC,KAAK,CAAE,GAAa,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACrD,MAAM,IAAI,wCAA+B,EAAE,CAAC;QAC7C,CAAC;QAED,IAAI,CAAC;YACJ,MAAM,GAAG,IAAA,8BAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,MAAM,CAAC,KAAK,CAAE,GAAa,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACrD,MAAM,IAAI,wCAA+B,EAAE,CAAC;QAC7C,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE;YACxC,MAAM;YACN,MAAM;SACN,CAAC,CAAC;QACH,oBAAoB,CAAC,OAAO,GAAG,IAAI,oBAAoB,CACtD,MAAM,EACN,MAAM,EACN,mBAAmB,CACnB,CAAC;QACF,OAAO,oBAAoB,CAAC,OAAO,CAAC;IACrC,CAAC;CACD;AA1YD,oDA0YC"}
+{"version":3,"file":"authorization-service.js","sourceRoot":"","sources":["../../src/authorization-service/authorization-service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0DAAuD;AACvD,uEAAyD;AACzD,sCAMmB;AACnB,4DAA8D;AAE9D,kDAAwD;AACxD,mDAAqD;AAGrD,MAAM,MAAM,GAAG,IAAI,eAAM,CAAC,EAAE,WAAW,EAAE,uBAAuB,EAAE,CAAC,CAAC;AACpE,MAAM,gBAAgB,GAAG,gBAAgB,CAAC;AAC1C,MAAM,gBAAgB,GAAG,oBAAoB,CAAC;AAE9C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AACH,MAAa,oBAAoB;IAUhC;;;;;;;;;;;OAWG;IACH,YACC,MAAc,EACd,MAAc,EACd,mBAA4C;QAE5C,IAAI,CAAC,MAAM,GAAG,IAAA,kCAAkB,EAAC,MAAM,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,mBAAmB,GAAG,mBAAmB,CAAC;IAChD,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,SAAS,CAAC,MAAc;QACvB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,OAAO,IAAI,CAAC;IACb,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,WAAW,CAAC,QAAgB;QAC3B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,OAAO,IAAI,CAAC;IACb,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,SAAS,CAAC,MAAkB;QAC3B,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpB,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;QACpB,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3B,OAAO,IAAI,CAAC;IACb,CAAC;IAED;;;;;;;;;OASG;IACH,WAAW,CAAC,QAAsB;QACjC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,OAAO,IAAI,CAAC;IACb,CAAC;IAED;;;;;;;;OAQG;IACK,+BAA+B;QACtC,mDAAmD;QACnD,IAAI,CAAC,IAAA,0BAAW,GAAE,IAAI,CAAC,IAAA,uBAAQ,GAAE,EAAE,CAAC;YACnC,MAAM,CAAC,KAAK,CACX,4DAA4D,CAC5D,CAAC;YACF,MAAM,IAAI,6CAAoC,EAAE,CAAC;QAClD,CAAC;QAED,2BAA2B;QAC3B,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;YACjE,MAAM,IAAI,wCAA+B,EAAE,CAAC;QAC7C,CAAC;QAED,2BAA2B;QAC3B,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpB,MAAM,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;YACnE,MAAM,IAAI,0CAAiC,EAAE,CAAC;QAC/C,CAAC;IACF,CAAC;IAED;;;;;;;;;OASG;IACK,YAAY;QACnB,IAAI,CAAC;YACJ,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACvC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QACzB,CAAC;QAAC,OAAO,IAAI,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,MAAM,CAAC;QACpB,CAAC;IACF,CAAC;IAED;;;;;;;;;;OAUG;IACK,mBAAmB;QAC1B,MAAM,QAAQ,GAAG,IAAA,0BAAW,GAAE,CAAC;QAC/B,IAAI,CAAC,QAAQ,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;YAClE,MAAM,IAAI,6CAAoC,EAAE,CAAC;QAClD,CAAC;QACD,OAAO;YACN,GAAG,EAAE;gBACJ,IAAI,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,aAAa,EAAE;gBACtF,EAAE,EAAE,QAAQ;aACZ;YACD,KAAK,EAAE,EAAE;YACT,OAAO,EACN,IAAA,uBAAQ,GAAE,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBAC1B,IAAI,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE;gBACjF,EAAE,EAAE,IAAI;aACR,CAAC,CAAC,IAAI,EAAE;SACV,CAAC;IACH,CAAC;IAED;;;;;;;;OAQG;IACK,qBAAqB;QAC5B,OAAO,CACN,IAAA,uBAAQ,GAAE,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC1B,GAAG,EAAE;gBACJ,IAAI,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,EAAE;gBACjF,EAAE,EAAE,IAAI;aACR;YACD,KAAK,EAAE,EAAE;YACT,OAAO,EAAE,EAAE;SACX,CAAC,CAAC,IAAI,EAAE,CACT,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;OAaG;IACK,KAAK;QACZ,IAAI,CAAC,+BAA+B,EAAE,CAAC;QAEvC,MAAM,IAAI,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAE3C,MAAM,QAAQ,GAAG,IAAA,0BAAW,GAAE,CAAC;QAC/B,IAAI,CAAC,QAAQ,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;YAClE,MAAM,IAAI,6CAAoC,EAAE,CAAC;QAClD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;YACjE,MAAM,IAAI,wCAA+B,EAAE,CAAC;QAC7C,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACpB,MAAM,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;YACnE,MAAM,IAAI,0CAAiC,EAAE,CAAC;QAC/C,CAAC;QACD,OAAO;YACN,SAAS,EAAE;gBACV,IAAI,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,aAAa,EAAE;gBACtF,EAAE,EAAE,QAAQ;aACZ;YACD,MAAM,EAAE;gBACP,IAAI,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,QAAQ;gBACnD,EAAE,EAAE,IAAI,CAAC,MAAM;aACf;YACD,QAAQ,EAAE;gBACT,IAAI,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,YAAY,EAAE;gBACrF,EAAE,EAAE,IAAI,CAAC,QAAQ;aACjB;YACD,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE;YAC3B,MAAM,EAAE,IAAI,CAAC,YAAY,EAAE;YAC3B,eAAe,EAAE,IAAI;YACrB,QAAQ,EAAE;gBACT,cAAc,EAAE,IAAI,CAAC,MAAM;aAC3B;YACD,QAAQ,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC;SACpD,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,YAAY;QACX,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACvC,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;QACtC,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAClE,MAAM,UAAU,GAAG,KAAK,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC;QACxD,MAAM,CAAC,KAAK,CAAC,aAAa,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;QAE5C,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,CAAC,KAAK,CAAC,kDAAkD,EAAE;gBAChE,UAAU;aACV,CAAC,CAAC;YACH,MAAM,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QACzE,CAAC;QACD,OAAO,UAAU,CAAC,QAAQ,CAAC,QAAQ,KAAM,OAA0B,CAAC;IACrE,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAsCG;IACH,MAAM,CAAC,KAAK,CAAC,UAAU,CACtB,mBAA4C,EAC5C,OAAO,GAAG,KAAK;QAEf,IAAI,CAAC,OAAO,IAAI,oBAAoB,CAAC,OAAO,EAAE,CAAC;YAC9C,MAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;YACvD,OAAO,oBAAoB,CAAC,OAAO,CAAC;QACrC,CAAC;QAED,IAAI,MAA0B,CAAC;QAC/B,IAAI,MAA0B,CAAC;QAE/B,IAAI,CAAC;YACJ,MAAM,GAAG,IAAA,8BAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,MAAM,CAAC,KAAK,CAAE,GAAa,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACrD,MAAM,IAAI,wCAA+B,EAAE,CAAC;QAC7C,CAAC;QAED,IAAI,CAAC;YACJ,MAAM,GAAG,IAAA,8BAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,MAAM,CAAC,KAAK,CAAE,GAAa,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACrD,MAAM,IAAI,wCAA+B,EAAE,CAAC;QAC7C,CAAC;QAED,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE;YACxC,MAAM;YACN,MAAM;SACN,CAAC,CAAC;QACH,oBAAoB,CAAC,OAAO,GAAG,IAAI,oBAAoB,CACtD,MAAM,EACN,MAAM,EACN,mBAAmB,CACnB,CAAC;QACF,OAAO,oBAAoB,CAAC,OAAO,CAAC;IACrC,CAAC;CACD;AA1YD,oDA0YC"}

package/dist/entity-builder/entity-builder.d.ts

@@ -0,0 +1,90 @@
+import type { AuthorizationConfigType } from '../authorization-service/types';
+import type { EntityJson } from '../types';
+/**
+ * Builder for creating Cedar entity JSON objects used in authorization requests.
+ *
+ * The builder accumulates `uid`, `attrs`, `parents`, and optional `tags`, and
+ * returns a fully-formed `EntityJson` via `build()`.
+ */
+export declare class EntityBuilder {
+    private uid;
+    private attrs;
+    private parents;
+    private tags?;
+    private authorizationConfig;
+    constructor(id: string, authorizationConfig: AuthorizationConfigType, type?: string);
+    /**
+     * Add an attribute that references another entity by UID.
+     *
+     * @param name - Attribute name to set on the entity.
+     * @param id - The id of the referenced entity.
+     * @param type - The resource type of the referenced entity.
+     * @returns The `EntityBuilder` for chaining.
+     */
+    withAttr(name: string, id: string, type: string): EntityBuilder;
+    /**
+     * Add an extension attribute (`__extn`) with a function and argument.
+     *
+     * @param name - Attribute name.
+     * @param fn - Extension function name.
+     * @param arg - Argument for the extension function.
+     * @returns The `EntityBuilder` for chaining.
+     */
+    withExtnAttr(name: string, fn: string, arg: string): EntityBuilder;
+    /**
+     * Add a boolean attribute.
+     *
+     * @param name - Attribute name.
+     * @param value - Boolean value to set.
+     * @returns The `EntityBuilder` for chaining.
+     */
+    withBooleanAttr(name: string, value: boolean): EntityBuilder;
+    /**
+     * Add a numeric attribute.
+     *
+     * @param name - Attribute name.
+     * @param value - Number value to set.
+     * @returns The `EntityBuilder` for chaining.
+     */
+    withNumberAttr(name: string, value: number): EntityBuilder;
+    /**
+     * Add a string attribute.
+     *
+     * @param name - Attribute name.
+     * @param value - String value to set.
+     * @returns The `EntityBuilder` for chaining.
+     */
+    withStringAttr(name: string, value: string): EntityBuilder;
+    /**
+     * Add a set attribute (array wrapped in `{ set: [...] }`).
+     *
+     * @param name - Attribute name.
+     * @param value - Array of string values for the set.
+     * @returns The `EntityBuilder` for chaining.
+     */
+    withSetAttr(name: string, value: string[]): EntityBuilder;
+    /**
+     * Add a parent relationship referencing another entity UID.
+     *
+     * @param id - Parent entity id.
+     * @param type - Parent entity resource type.
+     * @returns The `EntityBuilder` for chaining.
+     */
+    withParent(id: string, type: string): EntityBuilder;
+    /**
+     * Add a tag to the entity. Initializes the `tags` map lazily.
+     *
+     * @param name - Tag name.
+     * @param id - Tagged entity id.
+     * @param type - Optional resource type for the tagged entity.
+     * @returns The `EntityBuilder` for chaining.
+     */
+    withTag(name: string, id: string, type?: string): EntityBuilder;
+    /**
+     * Build and return the `EntityJson` object.
+     *
+     * @returns A complete `EntityJson` representation suitable for Cedar requests.
+     */
+    build(): EntityJson;
+}
+//# sourceMappingURL=entity-builder.d.ts.map

package/dist/entity-builder/entity-builder.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"entity-builder.d.ts","sourceRoot":"","sources":["../../src/entity-builder/entity-builder.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AAC9E,OAAO,KAAK,EAAkB,UAAU,EAAiB,MAAM,UAAU,CAAC;AAE1E;;;;;GAKG;AACH,qBAAa,aAAa;IACzB,OAAO,CAAC,GAAG,CAAgB;IAC3B,OAAO,CAAC,KAAK,CAAsC;IACnD,OAAO,CAAC,OAAO,CAAuB;IACtC,OAAO,CAAC,IAAI,CAAC,CAAiC;IAC9C,OAAO,CAAC,mBAAmB,CAA0B;gBAGpD,EAAE,EAAE,MAAM,EACV,mBAAmB,EAAE,uBAAuB,EAC5C,IAAI,GAAE,MAAyC;IAgBhD;;;;;;;OAOG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,aAAa;IAU/D;;;;;;;OAOG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,aAAa;IAUlE;;;;;;OAMG;IACH,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,aAAa;IAK5D;;;;;;OAMG;IACH,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,aAAa;IAK1D;;;;;;OAMG;IACH,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,aAAa;IAK1D;;;;;;OAMG;IACH,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,aAAa;IAKzD;;;;;;OAMG;IACH,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,aAAa;IAUnD;;;;;;;OAOG;IACH,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,aAAa;IAa/D;;;;OAIG;IACH,KAAK,IAAI,UAAU;CAWnB"}

package/dist/entity-builder/entity-builder.js

@@ -0,0 +1,159 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EntityBuilder = void 0;
+/**
+ * Builder for creating Cedar entity JSON objects used in authorization requests.
+ *
+ * The builder accumulates `uid`, `attrs`, `parents`, and optional `tags`, and
+ * returns a fully-formed `EntityJson` via `build()`.
+ */
+class EntityBuilder {
+    constructor(id, authorizationConfig, type = authorizationConfig.resourceType) {
+        this.attrs = {};
+        this.parents = [];
+        /**
+         * Create a new `EntityBuilder`.
+         *
+         * @param id - The entity id portion of the UID.
+         * @param authorizationConfig - Authorization configuration providing namespace and defaults.
+         * @param type - Optional resource type (defaults to `authorizationConfig.resourceType`).
+         */
+        this.uid = {
+            type: `${authorizationConfig.namespace}${type}`,
+            id,
+        };
+        this.authorizationConfig = authorizationConfig;
+    }
+    /**
+     * Add an attribute that references another entity by UID.
+     *
+     * @param name - Attribute name to set on the entity.
+     * @param id - The id of the referenced entity.
+     * @param type - The resource type of the referenced entity.
+     * @returns The `EntityBuilder` for chaining.
+     */
+    withAttr(name, id, type) {
+        this.attrs[name] = {
+            __entity: {
+                type: `${this.authorizationConfig.namespace}${type}`,
+                id: id,
+            },
+        };
+        return this;
+    }
+    /**
+     * Add an extension attribute (`__extn`) with a function and argument.
+     *
+     * @param name - Attribute name.
+     * @param fn - Extension function name.
+     * @param arg - Argument for the extension function.
+     * @returns The `EntityBuilder` for chaining.
+     */
+    withExtnAttr(name, fn, arg) {
+        this.attrs[name] = {
+            __extn: {
+                fn,
+                arg,
+            },
+        };
+        return this;
+    }
+    /**
+     * Add a boolean attribute.
+     *
+     * @param name - Attribute name.
+     * @param value - Boolean value to set.
+     * @returns The `EntityBuilder` for chaining.
+     */
+    withBooleanAttr(name, value) {
+        this.attrs[name] = value;
+        return this;
+    }
+    /**
+     * Add a numeric attribute.
+     *
+     * @param name - Attribute name.
+     * @param value - Number value to set.
+     * @returns The `EntityBuilder` for chaining.
+     */
+    withNumberAttr(name, value) {
+        this.attrs[name] = value;
+        return this;
+    }
+    /**
+     * Add a string attribute.
+     *
+     * @param name - Attribute name.
+     * @param value - String value to set.
+     * @returns The `EntityBuilder` for chaining.
+     */
+    withStringAttr(name, value) {
+        this.attrs[name] = value;
+        return this;
+    }
+    /**
+     * Add a set attribute (array wrapped in `{ set: [...] }`).
+     *
+     * @param name - Attribute name.
+     * @param value - Array of string values for the set.
+     * @returns The `EntityBuilder` for chaining.
+     */
+    withSetAttr(name, value) {
+        this.attrs[name] = { set: value };
+        return this;
+    }
+    /**
+     * Add a parent relationship referencing another entity UID.
+     *
+     * @param id - Parent entity id.
+     * @param type - Parent entity resource type.
+     * @returns The `EntityBuilder` for chaining.
+     */
+    withParent(id, type) {
+        this.parents.push({
+            __entity: {
+                type: `${this.authorizationConfig.namespace}${type}`,
+                id,
+            },
+        });
+        return this;
+    }
+    /**
+     * Add a tag to the entity. Initializes the `tags` map lazily.
+     *
+     * @param name - Tag name.
+     * @param id - Tagged entity id.
+     * @param type - Optional resource type for the tagged entity.
+     * @returns The `EntityBuilder` for chaining.
+     */
+    withTag(name, id, type) {
+        if (!this.tags) {
+            this.tags = {};
+        }
+        this.tags[name] = {
+            __entity: {
+                type: `${this.authorizationConfig.namespace}${type}`,
+                id,
+            },
+        };
+        return this;
+    }
+    /**
+     * Build and return the `EntityJson` object.
+     *
+     * @returns A complete `EntityJson` representation suitable for Cedar requests.
+     */
+    build() {
+        const entity = {
+            uid: this.uid,
+            attrs: this.attrs,
+            parents: this.parents,
+        };
+        if (this.tags) {
+            entity.tags = this.tags;
+        }
+        return entity;
+    }
+}
+exports.EntityBuilder = EntityBuilder;
+//# sourceMappingURL=entity-builder.js.map

package/dist/entity-builder/entity-builder.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"entity-builder.js","sourceRoot":"","sources":["../../src/entity-builder/entity-builder.ts"],"names":[],"mappings":";;;AAGA;;;;;GAKG;AACH,MAAa,aAAa;IAOzB,YACC,EAAU,EACV,mBAA4C,EAC5C,OAAe,mBAAmB,CAAC,YAAY;QARxC,UAAK,GAAmC,EAAE,CAAC;QAC3C,YAAO,GAAoB,EAAE,CAAC;QASrC;;;;;;WAMG;QACH,IAAI,CAAC,GAAG,GAAG;YACV,IAAI,EAAE,GAAG,mBAAmB,CAAC,SAAS,GAAG,IAAI,EAAE;YAC/C,EAAE;SACF,CAAC;QACF,IAAI,CAAC,mBAAmB,GAAG,mBAAmB,CAAC;IAChD,CAAC;IAED;;;;;;;OAOG;IACH,QAAQ,CAAC,IAAY,EAAE,EAAU,EAAE,IAAY;QAC9C,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG;YAClB,QAAQ,EAAE;gBACT,IAAI,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,GAAG,IAAI,EAAE;gBACpD,EAAE,EAAE,EAAE;aACN;SACD,CAAC;QACF,OAAO,IAAI,CAAC;IACb,CAAC;IAED;;;;;;;OAOG;IACH,YAAY,CAAC,IAAY,EAAE,EAAU,EAAE,GAAW;QACjD,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG;YAClB,MAAM,EAAE;gBACP,EAAE;gBACF,GAAG;aACH;SACD,CAAC;QACF,OAAO,IAAI,CAAC;IACb,CAAC;IAED;;;;;;OAMG;IACH,eAAe,CAAC,IAAY,EAAE,KAAc;QAC3C,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;QACzB,OAAO,IAAI,CAAC;IACb,CAAC;IAED;;;;;;OAMG;IACH,cAAc,CAAC,IAAY,EAAE,KAAa;QACzC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;QACzB,OAAO,IAAI,CAAC;IACb,CAAC;IAED;;;;;;OAMG;IACH,cAAc,CAAC,IAAY,EAAE,KAAa;QACzC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;QACzB,OAAO,IAAI,CAAC;IACb,CAAC;IAED;;;;;;OAMG;IACH,WAAW,CAAC,IAAY,EAAE,KAAe;QACxC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IACb,CAAC;IAED;;;;;;OAMG;IACH,UAAU,CAAC,EAAU,EAAE,IAAY;QAClC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;YACjB,QAAQ,EAAE;gBACT,IAAI,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,GAAG,IAAI,EAAE;gBACpD,EAAE;aACF;SACD,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACb,CAAC;IAED;;;;;;;OAOG;IACH,OAAO,CAAC,IAAY,EAAE,EAAU,EAAE,IAAa;QAC9C,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAChB,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC;QAChB,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;YACjB,QAAQ,EAAE;gBACT,IAAI,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,GAAG,IAAI,EAAE;gBACpD,EAAE;aACF;SACD,CAAC;QACF,OAAO,IAAI,CAAC;IACb,CAAC;IAED;;;;OAIG;IACH,KAAK;QACJ,MAAM,MAAM,GAAe;YAC1B,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,OAAO,EAAE,IAAI,CAAC,OAAO;SACrB,CAAC;QACF,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACzB,CAAC;QACD,OAAO,MAAM,CAAC;IACf,CAAC;CACD;AApKD,sCAoKC"}

package/dist/entity-builder/index.d.ts

@@ -0,0 +1,2 @@
+export * from './entity-builder';
+//# sourceMappingURL=index.d.ts.map

package/dist/entity-builder/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/entity-builder/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC"}

package/dist/entity-builder/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./entity-builder"), exports);
+//# sourceMappingURL=index.js.map

package/dist/entity-builder/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/entity-builder/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,mDAAiC"}

package/dist/index.d.ts

@@ -1,7 +1,8 @@
-export { CedarValueJson, EntityJson, EntityUidJson, } from '@cedar-policy/cedar-wasm/nodejs';
 export * from './auth-lambda';
 export * from './authorization-middleware';
 export * from './authorization-service';
+export * from './entity-builder';
 export * from './errors';
+export * from './types';
 export * from './user-details';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,cAAc,EACd,UAAU,EACV,aAAa,GACb,MAAM,iCAAiC,CAAC;AACzC,cAAc,eAAe,CAAC;AAC9B,cAAc,4BAA4B,CAAC;AAC3C,cAAc,yBAAyB,CAAC;AACxC,cAAc,UAAU,CAAC;AACzB,cAAc,gBAAgB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,eAAe,CAAC;AAC9B,cAAc,4BAA4B,CAAC;AAC3C,cAAc,yBAAyB,CAAC;AACxC,cAAc,kBAAkB,CAAC;AACjC,cAAc,UAAU,CAAC;AACzB,cAAc,SAAS,CAAC;AACxB,cAAc,gBAAgB,CAAC"}

package/dist/index.js

@@ -17,6 +17,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./auth-lambda"), exports);
 __exportStar(require("./authorization-middleware"), exports);
 __exportStar(require("./authorization-service"), exports);
+__exportStar(require("./entity-builder"), exports);
 __exportStar(require("./errors"), exports);
+__exportStar(require("./types"), exports);
 __exportStar(require("./user-details"), exports);
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAKA,gDAA8B;AAC9B,6DAA2C;AAC3C,0DAAwC;AACxC,2CAAyB;AACzB,iDAA+B"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,gDAA8B;AAC9B,6DAA2C;AAC3C,0DAAwC;AACxC,mDAAiC;AACjC,2CAAyB;AACzB,0CAAwB;AACxB,iDAA+B"}

package/dist/types.d.ts

@@ -0,0 +1,25 @@
+export interface TypeAndId {
+    type: string;
+    id: string;
+}
+export type EntityUidJson = {
+    __entity: TypeAndId;
+} | TypeAndId;
+export type CedarValueJson = {
+    __entity: TypeAndId;
+} | {
+    __extn: FnAndArg;
+} | boolean | number | string | CedarValueJson[] | {
+    [key: string]: CedarValueJson;
+} | null;
+export interface FnAndArg {
+    fn: string;
+    arg: CedarValueJson;
+}
+export interface EntityJson {
+    uid: EntityUidJson;
+    attrs: Record<string, CedarValueJson>;
+    parents: EntityUidJson[];
+    tags?: Record<string, CedarValueJson>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,SAAS;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;CACX;AAED,MAAM,MAAM,aAAa,GAAG;IAAE,QAAQ,EAAE,SAAS,CAAA;CAAE,GAAG,SAAS,CAAC;AAEhE,MAAM,MAAM,cAAc,GACvB;IAAE,QAAQ,EAAE,SAAS,CAAA;CAAE,GACvB;IAAE,MAAM,EAAE,QAAQ,CAAA;CAAE,GACpB,OAAO,GACP,MAAM,GACN,MAAM,GACN,cAAc,EAAE,GAChB;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,CAAA;CAAE,GACjC,IAAI,CAAC;AAER,MAAM,WAAW,QAAQ;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,cAAc,CAAC;CACpB;AAED,MAAM,WAAW,UAAU;IAC1B,GAAG,EAAE,aAAa,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IACtC,OAAO,EAAE,aAAa,EAAE,CAAC;IACzB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;CACtC"}

package/dist/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jcdubs/janus",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "Open source Serverless authentication: A Cedar-based authorisation engine for deterministic, deny-by-default access decisions through a CDK construct and SDK libraries.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -38,11 +38,11 @@
   "homepage": "https://github.com/JCDubs/Janus#readme",
   "license": "MIT",
   "devDependencies": {
-    "@aws-lambda-powertools/logger": "2.15.0",
+    "@aws-lambda-powertools/logger": "2.30.1",
     "@biomejs/biome": "^2.3.10",
     "@commitlint/cli": "20.1.0",
     "@commitlint/config-conventional": "20.0.0",
-    "@middy/core": "^6.4.5",
+    "@middy/core": "6.4.5",
     "@semantic-release/changelog": "6.0.3",
     "@semantic-release/git": "10.0.1",
     "@swc/jest": "0.2.39",
@@ -60,11 +60,13 @@
     "typescript": "^5.9.3"
   },
   "dependencies": {
+    "@aws-lambda-powertools/logger": "2.30.1",
     "@cedar-policy/cedar-wasm": "4.3.3",
     "uuid": "^13.0.0"
   },
   "peerDependencies": {
-    "@aws-lambda-powertools/logger": "2.15.0",
+    "@aws-lambda-powertools/logger": "2.30.1",
+    "@middy/core": "6.4.5",
     "aws-cdk-lib": "2.219.0",
     "constructs": "10.4.2"
   },