@keboola/api-client 8.0.2 → 10.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/API-SURFACE.md +488 -0
- package/dist/ai/index.cjs +3 -4
- package/dist/ai/index.js +2 -3
- package/dist/assets/index.cjs +3 -4
- package/dist/assets/index.js +2 -3
- package/dist/backends-BgUzAQul.d.cts +16 -0
- package/dist/backends-BgUzAQul.d.ts +16 -0
- package/dist/chat/index.cjs +3 -4
- package/dist/chat/index.js +2 -3
- package/dist/{chunk-HUMEK64L.cjs → chunk-2ZXOVTCN.cjs} +59 -16
- package/dist/chunk-2ZXOVTCN.cjs.map +1 -0
- package/dist/chunk-37VZRDNG.cjs +50 -0
- package/dist/chunk-37VZRDNG.cjs.map +1 -0
- package/dist/chunk-3FZHFTLG.cjs +12 -0
- package/dist/chunk-3FZHFTLG.cjs.map +1 -0
- package/dist/{chunk-Y26EBVMH.js → chunk-47CIRFCO.js} +3 -4
- package/dist/chunk-47CIRFCO.js.map +1 -0
- package/dist/chunk-64BDZOM2.js +48 -0
- package/dist/chunk-64BDZOM2.js.map +1 -0
- package/dist/chunk-AHYMMDIC.cjs +29 -0
- package/dist/chunk-AHYMMDIC.cjs.map +1 -0
- package/dist/{chunk-QKCFPPQS.js → chunk-APILLKET.js} +3 -3
- package/dist/{chunk-QKCFPPQS.js.map → chunk-APILLKET.js.map} +1 -1
- package/dist/{chunk-WILFTDTS.js → chunk-ATVNCGTO.js} +3 -3
- package/dist/{chunk-WILFTDTS.js.map → chunk-ATVNCGTO.js.map} +1 -1
- package/dist/{chunk-OYSQWNNG.cjs → chunk-AU2OPVRI.cjs} +8 -9
- package/dist/chunk-AU2OPVRI.cjs.map +1 -0
- package/dist/{chunk-OVGB3W3A.cjs → chunk-BADSOKHM.cjs} +5 -6
- package/dist/chunk-BADSOKHM.cjs.map +1 -0
- package/dist/{chunk-YLK5KBXD.js → chunk-BUY6KV2P.js} +3 -4
- package/dist/chunk-BUY6KV2P.js.map +1 -0
- package/dist/{chunk-CSWK4LWY.js → chunk-CQRPG6ZN.js} +3 -4
- package/dist/chunk-CQRPG6ZN.js.map +1 -0
- package/dist/{chunk-4KJRGFNV.cjs → chunk-DRIO222J.cjs} +5 -6
- package/dist/chunk-DRIO222J.cjs.map +1 -0
- package/dist/{chunk-UYZTOVYS.cjs → chunk-EKG3AIWF.cjs} +117 -28
- package/dist/chunk-EKG3AIWF.cjs.map +1 -0
- package/dist/{chunk-D2SWTZFS.js → chunk-FBGUBMJ7.js} +20 -4
- package/dist/chunk-FBGUBMJ7.js.map +1 -0
- package/dist/chunk-GM3AKU5T.js +10 -0
- package/dist/chunk-GM3AKU5T.js.map +1 -0
- package/dist/{chunk-YIWAUNKU.js → chunk-GOWOD3O4.js} +3 -4
- package/dist/chunk-GOWOD3O4.js.map +1 -0
- package/dist/{chunk-J5JUQRPD.js → chunk-GUJ5RTYJ.js} +3 -4
- package/dist/chunk-GUJ5RTYJ.js.map +1 -0
- package/dist/{chunk-TXDMA4CT.cjs → chunk-H466MBV4.cjs} +5 -6
- package/dist/chunk-H466MBV4.cjs.map +1 -0
- package/dist/{chunk-KCGEV4ZA.cjs → chunk-HZSJXB5C.cjs} +5 -6
- package/dist/chunk-HZSJXB5C.cjs.map +1 -0
- package/dist/{chunk-H5DZOHH7.js → chunk-I7BLN5NZ.js} +3 -4
- package/dist/chunk-I7BLN5NZ.js.map +1 -0
- package/dist/{chunk-V2MQG3FZ.js → chunk-IA7WBVH3.js} +3 -4
- package/dist/chunk-IA7WBVH3.js.map +1 -0
- package/dist/{chunk-XLFQJDYZ.cjs → chunk-IQOXQMON.cjs} +4 -4
- package/dist/{chunk-XLFQJDYZ.cjs.map → chunk-IQOXQMON.cjs.map} +1 -1
- package/dist/{chunk-YGAWVMHH.cjs → chunk-IVIWWOM4.cjs} +5 -6
- package/dist/chunk-IVIWWOM4.cjs.map +1 -0
- package/dist/{chunk-4PT6E6VA.js → chunk-J5WWYWPL.js} +3 -4
- package/dist/chunk-J5WWYWPL.js.map +1 -0
- package/dist/{chunk-NFGQHJVB.cjs → chunk-KZLC2XSZ.cjs} +5 -6
- package/dist/chunk-KZLC2XSZ.cjs.map +1 -0
- package/dist/{chunk-4HORTOGH.js → chunk-LUHYZXJH.js} +3 -4
- package/dist/chunk-LUHYZXJH.js.map +1 -0
- package/dist/{chunk-VFZVLZC6.js → chunk-LY7IR43M.js} +3 -4
- package/dist/chunk-LY7IR43M.js.map +1 -0
- package/dist/{chunk-LUQJU3I3.js → chunk-MIAVX53Y.js} +49 -6
- package/dist/chunk-MIAVX53Y.js.map +1 -0
- package/dist/{chunk-NBUPHAAO.cjs → chunk-MQZT4HJH.cjs} +6 -7
- package/dist/chunk-MQZT4HJH.cjs.map +1 -0
- package/dist/{chunk-A5IFX4KC.js → chunk-MUKQ6HZE.js} +3 -4
- package/dist/chunk-MUKQ6HZE.js.map +1 -0
- package/dist/chunk-NFA5ITNG.cjs +14 -0
- package/dist/chunk-NFA5ITNG.cjs.map +1 -0
- package/dist/{chunk-J7EQLDUU.cjs → chunk-NRDZL6JO.cjs} +8 -9
- package/dist/chunk-NRDZL6JO.cjs.map +1 -0
- package/dist/{chunk-5YTV36EI.js → chunk-NXYJKXJ4.js} +3 -4
- package/dist/chunk-NXYJKXJ4.js.map +1 -0
- package/dist/{chunk-IDYRJ4K3.cjs → chunk-OWGJ3PVA.cjs} +23 -4
- package/dist/chunk-OWGJ3PVA.cjs.map +1 -0
- package/dist/{chunk-W3AFDHXQ.cjs → chunk-PG4D5KCD.cjs} +6 -7
- package/dist/chunk-PG4D5KCD.cjs.map +1 -0
- package/dist/{chunk-AK4ZHM77.cjs → chunk-PHQ66FNI.cjs} +5 -6
- package/dist/chunk-PHQ66FNI.cjs.map +1 -0
- package/dist/{chunk-MQABO6OL.cjs → chunk-Q24BTT5D.cjs} +4 -4
- package/dist/{chunk-MQABO6OL.cjs.map → chunk-Q24BTT5D.cjs.map} +1 -1
- package/dist/{chunk-EEG7YZUY.js → chunk-RHZK7AL7.js} +3 -4
- package/dist/chunk-RHZK7AL7.js.map +1 -0
- package/dist/{chunk-BBRS2HLH.cjs → chunk-SBWZKVAG.cjs} +5 -6
- package/dist/chunk-SBWZKVAG.cjs.map +1 -0
- package/dist/{chunk-S4PI2LUQ.cjs → chunk-SDN6SU7K.cjs} +4 -4
- package/dist/{chunk-S4PI2LUQ.cjs.map → chunk-SDN6SU7K.cjs.map} +1 -1
- package/dist/{chunk-6S4JS7OJ.js → chunk-SUA3D6YF.js} +3 -3
- package/dist/{chunk-6S4JS7OJ.js.map → chunk-SUA3D6YF.js.map} +1 -1
- package/dist/{chunk-FB3E7VS6.cjs → chunk-U3W6XYQQ.cjs} +5 -6
- package/dist/chunk-U3W6XYQQ.cjs.map +1 -0
- package/dist/{chunk-5XKPYMQL.cjs → chunk-ULZPXG4L.cjs} +4 -4
- package/dist/{chunk-5XKPYMQL.cjs.map → chunk-ULZPXG4L.cjs.map} +1 -1
- package/dist/{chunk-2Q75RQ3X.js → chunk-VVDMWSSL.js} +3 -4
- package/dist/chunk-VVDMWSSL.js.map +1 -0
- package/dist/{chunk-VUVBYSYM.js → chunk-W2VWZGA3.js} +3 -4
- package/dist/chunk-W2VWZGA3.js.map +1 -0
- package/dist/{chunk-N37PZ2MB.js → chunk-WDAQJ346.js} +3 -3
- package/dist/{chunk-N37PZ2MB.js.map → chunk-WDAQJ346.js.map} +1 -1
- package/dist/{chunk-53WUPUXH.cjs → chunk-XBCR6YKE.cjs} +8 -9
- package/dist/chunk-XBCR6YKE.cjs.map +1 -0
- package/dist/{chunk-CONUMVLZ.cjs → chunk-XP5FQTAA.cjs} +6 -7
- package/dist/chunk-XP5FQTAA.cjs.map +1 -0
- package/dist/{chunk-MQ554O4E.js → chunk-XZAUQZIO.js} +3 -4
- package/dist/chunk-XZAUQZIO.js.map +1 -0
- package/dist/chunk-Y5QJJWDQ.js +12 -0
- package/dist/chunk-Y5QJJWDQ.js.map +1 -0
- package/dist/{chunk-TD2PFSP6.js → chunk-YJHFK3MV.js} +117 -28
- package/dist/chunk-YJHFK3MV.js.map +1 -0
- package/dist/{chunk-PWA6XFXA.cjs → chunk-YTF4RQ52.cjs} +5 -6
- package/dist/chunk-YTF4RQ52.cjs.map +1 -0
- package/dist/{chunk-BZO2GTJP.js → chunk-ZIQM4R3L.js} +3 -4
- package/dist/chunk-ZIQM4R3L.js.map +1 -0
- package/dist/constants/index.cjs +23 -0
- package/dist/constants/index.cjs.map +1 -1
- package/dist/constants/index.d.cts +54 -1
- package/dist/constants/index.d.ts +54 -1
- package/dist/constants/index.js +11 -1
- package/dist/constants/index.js.map +1 -1
- package/dist/dataScience/index.cjs +4 -5
- package/dist/dataScience/index.js +2 -3
- package/dist/domain/permissions/index.cjs +5 -5
- package/dist/domain/permissions/index.cjs.map +1 -1
- package/dist/domain/permissions/index.d.cts +3 -2
- package/dist/domain/permissions/index.d.ts +3 -2
- package/dist/domain/permissions/index.js +5 -5
- package/dist/domain/permissions/index.js.map +1 -1
- package/dist/editor/index.cjs +3 -4
- package/dist/editor/index.js +2 -3
- package/dist/encryption/index.cjs +3 -4
- package/dist/encryption/index.d.cts +2 -1
- package/dist/encryption/index.d.ts +2 -1
- package/dist/encryption/index.js +2 -3
- package/dist/encryption/types.d.cts +2 -1
- package/dist/encryption/types.d.ts +2 -1
- package/dist/import/index.cjs +3 -4
- package/dist/import/index.js +2 -3
- package/dist/index.cjs +181 -84
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +3461 -657
- package/dist/index.d.ts +3461 -657
- package/dist/index.js +131 -35
- package/dist/index.js.map +1 -1
- package/dist/management/index.cjs +6 -7
- package/dist/management/index.d.cts +7 -1
- package/dist/management/index.d.ts +7 -1
- package/dist/management/index.js +4 -5
- package/dist/management/types.d.cts +2 -2
- package/dist/management/types.d.ts +2 -2
- package/dist/metastore/index.cjs +3 -4
- package/dist/metastore/index.js +2 -3
- package/dist/notifications/index.cjs +3 -4
- package/dist/notifications/index.js +2 -3
- package/dist/oauth/index.cjs +3 -4
- package/dist/oauth/index.js +2 -3
- package/dist/{project-BKbb7xWn.d.ts → project-BxSa1Ci9.d.ts} +2 -1
- package/dist/{project-cYJhOvzB.d.cts → project-NJuUPx8-.d.cts} +2 -1
- package/dist/queryService/index.cjs +3 -4
- package/dist/queryService/index.js +2 -3
- package/dist/queue/index.cjs +3 -4
- package/dist/queue/index.js +2 -3
- package/dist/{registry-Xwk-vCjf.d.ts → registry-ClVf-Wb3.d.cts} +416 -20
- package/dist/{registry-Xwk-vCjf.d.cts → registry-ClVf-Wb3.d.ts} +416 -20
- package/dist/scheduler/index.cjs +3 -4
- package/dist/scheduler/index.js +2 -3
- package/dist/sdk/configurations/index.cjs +3 -3
- package/dist/sdk/configurations/index.d.cts +1413 -224
- package/dist/sdk/configurations/index.d.ts +1413 -224
- package/dist/sdk/configurations/index.js +2 -2
- package/dist/sdk/storage/index.d.cts +4 -3
- package/dist/sdk/storage/index.d.ts +4 -3
- package/dist/sdk/vault/index.d.cts +3 -2
- package/dist/sdk/vault/index.d.ts +3 -2
- package/dist/status/index.cjs +3 -4
- package/dist/status/index.js +2 -3
- package/dist/storage/index.cjs +10 -11
- package/dist/storage/index.d.cts +3 -2
- package/dist/storage/index.d.ts +3 -2
- package/dist/storage/index.js +3 -4
- package/dist/storage/types.d.cts +4 -3
- package/dist/storage/types.d.ts +4 -3
- package/dist/{storageClient-DAglYVkx.d.ts → storageClient-Bk4H2HIw.d.ts} +1 -1
- package/dist/{storageClient-CZpLyDuY.d.cts → storageClient-CB4U57Pr.d.cts} +1 -1
- package/dist/{storageSdk-CoqeaoSG.d.ts → storageSdk-BDrsuMDA.d.ts} +1 -1
- package/dist/{storageSdk-uL-u41Dm.d.cts → storageSdk-wn97Zloc.d.cts} +1 -1
- package/dist/stream/index.cjs +3 -4
- package/dist/stream/index.js +2 -3
- package/dist/syncActions/index.cjs +3 -4
- package/dist/syncActions/index.js +2 -3
- package/dist/telemetry/index.cjs +3 -4
- package/dist/telemetry/index.js +2 -3
- package/dist/{types-Bu8AEdZo.d.cts → types-CMEwVQ78.d.cts} +2 -20
- package/dist/{types-CWK543pL.d.ts → types-D64zThBJ.d.ts} +1 -1
- package/dist/{types-D5FF6mS6.d.cts → types-DsqDUWJn.d.cts} +1 -1
- package/dist/{types-bjHzGr0s.d.ts → types-GmAeMsok.d.ts} +2 -20
- package/dist/{types-DMC601TE.d.cts → types-YEfQ5pAy.d.cts} +20 -1
- package/dist/{types-DMC601TE.d.ts → types-YEfQ5pAy.d.ts} +20 -1
- package/dist/vault/index.cjs +3 -4
- package/dist/vault/index.js +2 -3
- package/dist/verify/index.cjs +3 -4
- package/dist/verify/index.d.cts +2 -1
- package/dist/verify/index.d.ts +2 -1
- package/dist/verify/index.js +2 -3
- package/package.json +7 -3
- package/surface/ai.md +14 -0
- package/surface/assets.md +7 -0
- package/surface/chat.md +19 -0
- package/surface/context.md +40 -0
- package/surface/dataScience.md +19 -0
- package/surface/editor.md +17 -0
- package/surface/encryption.md +9 -0
- package/surface/import.md +7 -0
- package/surface/kaiAgent.md +26 -0
- package/surface/management.md +109 -0
- package/surface/notifications.md +10 -0
- package/surface/oauth.md +10 -0
- package/surface/queryService.md +12 -0
- package/surface/queue.md +8 -0
- package/surface/scheduler.md +12 -0
- package/surface/sdk.md +62 -0
- package/surface/status.md +7 -0
- package/surface/storage.md +182 -0
- package/surface/stream.md +42 -0
- package/surface/syncActions.md +16 -0
- package/surface/telemetry.md +10 -0
- package/surface/vault.md +11 -0
- package/dist/chunk-2Q75RQ3X.js.map +0 -1
- package/dist/chunk-4HORTOGH.js.map +0 -1
- package/dist/chunk-4KJRGFNV.cjs.map +0 -1
- package/dist/chunk-4PT6E6VA.js.map +0 -1
- package/dist/chunk-53WUPUXH.cjs.map +0 -1
- package/dist/chunk-5YTV36EI.js.map +0 -1
- package/dist/chunk-A5IFX4KC.js.map +0 -1
- package/dist/chunk-AK4ZHM77.cjs.map +0 -1
- package/dist/chunk-BBRS2HLH.cjs.map +0 -1
- package/dist/chunk-BZO2GTJP.js.map +0 -1
- package/dist/chunk-CONUMVLZ.cjs.map +0 -1
- package/dist/chunk-CSWK4LWY.js.map +0 -1
- package/dist/chunk-D2SWTZFS.js.map +0 -1
- package/dist/chunk-EEG7YZUY.js.map +0 -1
- package/dist/chunk-FB3E7VS6.cjs.map +0 -1
- package/dist/chunk-H5DZOHH7.js.map +0 -1
- package/dist/chunk-HUMEK64L.cjs.map +0 -1
- package/dist/chunk-IDYRJ4K3.cjs.map +0 -1
- package/dist/chunk-J5JUQRPD.js.map +0 -1
- package/dist/chunk-J7EQLDUU.cjs.map +0 -1
- package/dist/chunk-KCGEV4ZA.cjs.map +0 -1
- package/dist/chunk-LUQJU3I3.js.map +0 -1
- package/dist/chunk-MQ554O4E.js.map +0 -1
- package/dist/chunk-NBUPHAAO.cjs.map +0 -1
- package/dist/chunk-NFGQHJVB.cjs.map +0 -1
- package/dist/chunk-OVGB3W3A.cjs.map +0 -1
- package/dist/chunk-OYSQWNNG.cjs.map +0 -1
- package/dist/chunk-PWA6XFXA.cjs.map +0 -1
- package/dist/chunk-R7MQGDLC.cjs +0 -61
- package/dist/chunk-R7MQGDLC.cjs.map +0 -1
- package/dist/chunk-SI5TFV5M.js +0 -54
- package/dist/chunk-SI5TFV5M.js.map +0 -1
- package/dist/chunk-TD2PFSP6.js.map +0 -1
- package/dist/chunk-TXDMA4CT.cjs.map +0 -1
- package/dist/chunk-UYZTOVYS.cjs.map +0 -1
- package/dist/chunk-V2MQG3FZ.js.map +0 -1
- package/dist/chunk-VFZVLZC6.js.map +0 -1
- package/dist/chunk-VKHQ6BWE.cjs +0 -30
- package/dist/chunk-VKHQ6BWE.cjs.map +0 -1
- package/dist/chunk-VUVBYSYM.js.map +0 -1
- package/dist/chunk-W3AFDHXQ.cjs.map +0 -1
- package/dist/chunk-Y26EBVMH.js.map +0 -1
- package/dist/chunk-YGAWVMHH.cjs.map +0 -1
- package/dist/chunk-YIWAUNKU.js.map +0 -1
- package/dist/chunk-YLK5KBXD.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/constants/index.ts"],"names":[],"mappings":";
|
|
1
|
+
{"version":3,"sources":["../../src/constants/backends.ts","../../src/constants/index.ts"],"names":[],"mappings":";;;;;AAAO,IAAM,OAAA,GAAU;AAAA,EACrB,SAAA,EAAW,WAAA;AAAA,EACX,QAAA,EAAU;AACZ;;;ACiBO,IAAM,MAAA,GAAiD;AAAA,EAC5D,kBAAA,EAAoB;AAAA,IAClB,EAAA,EAAI,gCAAA;AAAA,IACJ,MAAA,EAAQ,cAAA;AAAA,IACR,IAAA,EAAM,2CAAA;AAAA,IACN,QAAA,EAAU,OAAA;AAAA,IACV,SAAA,EAAW,QAAA;AAAA,IACX,MAAA,EAAQ;AAAA,GACV;AAAA,EACA,gBAAA,EAAkB;AAAA,IAChB,EAAA,EAAI,kBAAA;AAAA,IACJ,MAAA,EAAQ,cAAA;AAAA,IACR,IAAA,EAAM,qCAAA;AAAA,IACN,QAAA,EAAU,KAAA;AAAA,IACV,SAAA,EAAW;AAAA,GACb;AAAA,EACA,aAAA,EAAe;AAAA,IACb,EAAA,EAAI,eAAA;AAAA,IACJ,MAAA,EAAQ,WAAA;AAAA,IACR,IAAA,EAAM,wBAAA;AAAA,IACN,QAAA,EAAU,KAAA;AAAA,IACV,SAAA,EAAW;AAAA,GACb;AAAA,EACA,gBAAA,EAAkB;AAAA,IAChB,EAAA,EAAI,8BAAA;AAAA,IACJ,MAAA,EAAQ,cAAA;AAAA,IACR,IAAA,EAAM,yCAAA;AAAA,IACN,QAAA,EAAU,KAAA;AAAA,IACV,SAAA,EAAW;AAAA,GACb;AAAA,EACA,aAAA,EAAe;AAAA,IACb,EAAA,EAAI,0BAAA;AAAA,IACJ,MAAA,EAAQ,UAAA;AAAA,IACR,IAAA,EAAM,qCAAA;AAAA,IACN,QAAA,EAAU,KAAA;AAAA,IACV,SAAA,EAAW,IAAA;AAAA,IACX,MAAA,EAAQ;AAAA,GACV;AAAA;AAAA;AAAA,EAIA,GAAA,EAAK;AAAA,IACH,EAAA,EAAI,mBAAA;AAAA,IACJ,IAAA,EAAM,8BAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,SAAA,EAAW;AAAA,IACT,EAAA,EAAI,kBAAA;AAAA,IACJ,IAAA,EAAM,6BAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,SAAA,EAAW;AAAA,IACT,EAAA,EAAI,uBAAA;AAAA,IACJ,IAAA,EAAM,kCAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,MAAA,EAAQ;AAAA,IACN,EAAA,EAAI,0BAAA;AAAA,IACJ,IAAA,EAAM,qCAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,OAAA,EAAS;AAAA,IACP,EAAA,EAAI,uBAAA;AAAA,IACJ,IAAA,EAAM,kCAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,WAAA,EAAa;AAAA,IACX,EAAA,EAAI,0BAAA;AAAA,IACJ,IAAA,EAAM,qCAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,MAAA,EAAQ;AAAA,IACN,EAAA,EAAI,sBAAA;AAAA,IACJ,IAAA,EAAM,iCAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,IAAA,EAAM;AAAA,IACJ,EAAA,EAAI,oBAAA;AAAA,IACJ,IAAA,EAAM,+BAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,IAAA,EAAM;AAAA,IACJ,EAAA,EAAI,oBAAA;AAAA,IACJ,IAAA,EAAM,+BAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,KAAA,EAAO;AAAA,IACL,EAAA,EAAI,qBAAA;AAAA,IACJ,IAAA,EAAM,gCAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,GAAA,EAAK;AAAA,IACH,EAAA,EAAI,mBAAA;AAAA,IACJ,IAAA,EAAM,8BAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,GAAA,EAAK;AAAA,IACH,EAAA,EAAI,mBAAA;AAAA,IACJ,IAAA,EAAM,8BAAA;AAAA,IACN,cAAA,EAAgB,IAAA;AAAA,IAChB,QAAA,EAAU,OAAA;AAAA,IACV,SAAA,EAAW;AAAA,GACb;AAAA;AAAA;AAAA,EAIA,oBAAA,EAAsB;AAAA,IACpB,EAAA,EAAI,6BAAA;AAAA,IACJ,IAAA,EAAM,wCAAA;AAAA,IACN,SAAA,EAAW;AAAA,GACb;AAAA,EACA,iBAAA,EAAmB;AAAA,IACjB,EAAA,EAAI,2BAAA;AAAA,IACJ,IAAA,EAAM,sCAAA;AAAA,IACN,SAAA,EAAW;AAAA,GACb;AAAA,EACA,mBAAA,EAAqB;AAAA,IACnB,EAAA,EAAI,6BAAA;AAAA,IACJ,IAAA,EAAM,gDAAA;AAAA,IACN,SAAA,EAAW;AAAA,GACb;AAAA,EACA,wBAAA,EAA0B;AAAA,IACxB,EAAA,EAAI,0BAAA;AAAA,IACJ,IAAA,EAAM,qCAAA;AAAA,IACN,QAAA,EAAU;AAAA;AAEd;AAEO,IAAM,IAAA,GAAO;AAAA,EAClB,kBAAA,EAAoB,0BAAA;AAAA,EACpB,UAAA,EAAY,gCAAA;AAAA,EACZ,wBAAA,EAA0B,gCAAA;AAAA,EAC1B,OAAA,EAAS,6BAAA;AAAA,EACT,kBAAA,EAAoB,6BAAA;AAAA,EACpB,SAAA,EAAW,2BAAA;AAAA,EACX,cAAA,EAAgB,4BAAA;AAAA,EAChB,GAAA,EAAK,6BAAA;AAAA,EACL,OAAA,EAAS,uBAAA;AAAA,EACT,iBAAA,EAAmB;AACrB","file":"index.js","sourcesContent":["export const Backend = {\n Snowflake: 'snowflake',\n Bigquery: 'bigquery',\n} as const;\n\nexport type Backend = (typeof Backend)[keyof typeof Backend];\n","export { ComponentId } from './componentId';\nexport { ProjectFeature } from './projectFeatures';\nexport { Backend } from './backends';\nexport { AdminRole } from './adminRoles';\n\nexport type Provider = 'aws' | 'azure' | 'gcp';\nexport type Continent = 'us' | 'europe';\n\nexport type KeboolaStack = {\n id: string;\n host: string;\n isSingleTenant?: boolean;\n isTesting?: boolean;\n isPayg?: boolean;\n provider?: Provider;\n continent?: Continent;\n region?: string;\n isCanary?: boolean;\n};\n\nexport const STACKS: Record<string, Readonly<KeboolaStack>> = {\n NORTH_EUROPE_AZURE: {\n id: 'com-keboola-azure-north-europe',\n region: 'north-europe',\n host: 'connection.north-europe.azure.keboola.com',\n provider: 'azure',\n continent: 'europe',\n isPayg: true,\n },\n EU_CENTRAL_1_AWS: {\n id: 'kbc-eu-central-1',\n region: 'eu-central-1',\n host: 'connection.eu-central-1.keboola.com',\n provider: 'aws',\n continent: 'europe',\n },\n US_EAST_1_AWS: {\n id: 'kbc-us-east-1',\n region: 'us-east-1',\n host: 'connection.keboola.com',\n provider: 'aws',\n continent: 'us',\n },\n EUROPE_WEST3_GCP: {\n id: 'com-keboola-gcp-europe-west3',\n region: 'europe-west3',\n host: 'connection.europe-west3.gcp.keboola.com',\n provider: 'gcp',\n continent: 'europe',\n },\n US_EAST_4_GCP: {\n id: 'com-keboola-gcp-us-east4',\n region: 'us-east4',\n host: 'connection.us-east4.gcp.keboola.com',\n provider: 'gcp',\n continent: 'us',\n isPayg: true,\n },\n\n /* PRIVATE SINGLE TENANT STACKS\n ---------------------------- */\n HCI: {\n id: 'cloud-keboola-hci',\n host: 'connection.hci.keboola.cloud',\n isSingleTenant: true,\n },\n CSAS_PROD: {\n id: 'cloud-keboola-cs',\n host: 'connection.cs.keboola.cloud',\n isSingleTenant: true,\n },\n CSAS_TEST: {\n id: 'cloud-keboola-cs-test',\n host: 'connection.cs-test.keboola.cloud',\n isSingleTenant: true,\n },\n INNOGY: {\n id: 'cloud-keboola-innogy-hub',\n host: 'connection.innogy-hub.keboola.cloud',\n isSingleTenant: true,\n },\n GROUPON: {\n id: 'cloud-keboola-groupon',\n host: 'connection.groupon.keboola.cloud',\n isSingleTenant: true,\n },\n CREDIT_INFO: {\n id: 'cloud-keboola-creditinfo',\n host: 'connection.creditinfo.keboola.cloud',\n isSingleTenant: true,\n },\n COATES: {\n id: 'cloud-keboola-coates',\n host: 'connection.coates.keboola.cloud',\n isSingleTenant: true,\n },\n SLSP: {\n id: 'cloud-keboola-slsp',\n host: 'connection.slsp.keboola.cloud',\n isSingleTenant: true,\n },\n HCKZ: {\n id: 'cloud-keboola-hckz',\n host: 'connection.hckz.keboola.cloud',\n isSingleTenant: true,\n },\n PASHA: {\n id: 'cloud-keboola-pasha',\n host: 'connection.pasha.keboola.cloud',\n isSingleTenant: true,\n },\n RBI: {\n id: 'cloud-keboola-rbi',\n host: 'connection.rbi.keboola.cloud',\n isSingleTenant: true,\n },\n NAH: {\n id: 'cloud-keboola-nah',\n host: 'connection.nah.keboola.cloud',\n isSingleTenant: true,\n provider: 'azure',\n continent: 'us',\n },\n\n /* DEV STACKS\n ---------------------------- */\n DEV_US_CENTRAL_1_GCP: {\n id: 'dev-keboola-gcp-us-central1',\n host: 'connection.us-central1.gcp.keboola.dev',\n isTesting: true,\n },\n DEV_EU_WEST_1_AWS: {\n id: 'dev-keboola-aws-eu-west-1',\n host: 'connection.eu-west-1.aws.keboola.dev',\n isTesting: true,\n },\n DEV_US_EAST_2_AZURE: {\n id: 'kbc-testing-azure-east-us-2',\n host: 'connection.east-us-2.azure.keboola-testing.com',\n isTesting: true,\n },\n DEV_KEBOOLA_CANARY_ORION: {\n id: 'dev-keboola-canary-orion',\n host: 'connection.canary-orion.keboola.dev',\n isCanary: true,\n },\n};\n\nexport const URLS = {\n USER_DOCUMENTATION: 'https://help.keboola.com',\n COMPONENTS: 'https://components.keboola.com',\n DEVELOPERS_DOCUMENTATION: 'https://developers.keboola.com',\n ACADEMY: 'https://academy.keboola.com',\n SALES_CONTACT_FORM: 'https://keboola.com/contact',\n SNOWFLAKE: 'https://www.snowflake.com',\n SNOWFLAKE_DOCS: 'https://docs.snowflake.com',\n MCP: 'https://www.keboola.com/mcp',\n NODE_JS: 'https://nodejs.org/en',\n CLAUDE_CONNECTORS: 'https://claude.ai/customize/connectors',\n} as const;\n"]}
|
|
@@ -1,19 +1,18 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
var
|
|
3
|
+
var chunkAU2OPVRI_cjs = require('../chunk-AU2OPVRI.cjs');
|
|
4
4
|
require('../chunk-MRHQJNWF.cjs');
|
|
5
|
-
require('../chunk-
|
|
6
|
-
require('../chunk-R7MQGDLC.cjs');
|
|
5
|
+
require('../chunk-OWGJ3PVA.cjs');
|
|
7
6
|
|
|
8
7
|
|
|
9
8
|
|
|
10
9
|
Object.defineProperty(exports, "createDataScienceClient", {
|
|
11
10
|
enumerable: true,
|
|
12
|
-
get: function () { return
|
|
11
|
+
get: function () { return chunkAU2OPVRI_cjs.createDataScienceClient; }
|
|
13
12
|
});
|
|
14
13
|
Object.defineProperty(exports, "parseLogLines", {
|
|
15
14
|
enumerable: true,
|
|
16
|
-
get: function () { return
|
|
15
|
+
get: function () { return chunkAU2OPVRI_cjs.parseLogLines; }
|
|
17
16
|
});
|
|
18
17
|
//# sourceMappingURL=index.cjs.map
|
|
19
18
|
//# sourceMappingURL=index.cjs.map
|
|
@@ -1,6 +1,5 @@
|
|
|
1
|
-
export { createDataScienceClient, parseLogLines } from '../chunk-
|
|
1
|
+
export { createDataScienceClient, parseLogLines } from '../chunk-MUKQ6HZE.js';
|
|
2
2
|
import '../chunk-MSI6FVGG.js';
|
|
3
|
-
import '../chunk-
|
|
4
|
-
import '../chunk-SI5TFV5M.js';
|
|
3
|
+
import '../chunk-FBGUBMJ7.js';
|
|
5
4
|
//# sourceMappingURL=index.js.map
|
|
6
5
|
//# sourceMappingURL=index.js.map
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
+
var chunkNFA5ITNG_cjs = require('../../chunk-NFA5ITNG.cjs');
|
|
3
4
|
var chunkGF4XZK5N_cjs = require('../../chunk-GF4XZK5N.cjs');
|
|
4
|
-
var chunkR7MQGDLC_cjs = require('../../chunk-R7MQGDLC.cjs');
|
|
5
5
|
|
|
6
6
|
// src/domain/permissions/errors.ts
|
|
7
7
|
var PermissionDeniedError = class extends Error {
|
|
@@ -19,10 +19,10 @@ var PermissionDeniedError = class extends Error {
|
|
|
19
19
|
|
|
20
20
|
// src/domain/permissions/admin.ts
|
|
21
21
|
var role = (token) => token.admin.role;
|
|
22
|
-
var isAdmin = (token) => role(token) ===
|
|
23
|
-
var isAdminOrShare = (token) => role(token) ===
|
|
24
|
-
var isProductionManager = (token) => role(token) ===
|
|
25
|
-
var isDeveloperOrReviewer = (token) => role(token) ===
|
|
22
|
+
var isAdmin = (token) => role(token) === chunkNFA5ITNG_cjs.AdminRole.Admin;
|
|
23
|
+
var isAdminOrShare = (token) => role(token) === chunkNFA5ITNG_cjs.AdminRole.Admin || role(token) === chunkNFA5ITNG_cjs.AdminRole.Share;
|
|
24
|
+
var isProductionManager = (token) => role(token) === chunkNFA5ITNG_cjs.AdminRole.ProductionManager;
|
|
25
|
+
var isDeveloperOrReviewer = (token) => role(token) === chunkNFA5ITNG_cjs.AdminRole.Developer || role(token) === chunkNFA5ITNG_cjs.AdminRole.Reviewer;
|
|
26
26
|
var assertCanAdmin = (token) => {
|
|
27
27
|
if (!isAdmin(token)) {
|
|
28
28
|
throw new PermissionDeniedError({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/domain/permissions/errors.ts","../../../src/domain/permissions/admin.ts","../../../src/domain/permissions/configurations.ts"],"names":["AdminRoles"],"mappings":";;;;;;AAgBO,IAAM,qBAAA,GAAN,cAAoC,KAAA,CAAM;AAAA,EAC/B,MAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EAEhB,WAAA,CAAY,EAAE,MAAA,EAAQ,MAAA,EAAQ,SAAQ,EAA0D;AAC9F,IAAA,KAAA,CAAM,MAAA,GAAS,sBAAsB,MAAM,CAAA,EAAA,EAAK,MAAM,CAAA,CAAA,CAAA,GAAM,CAAA,mBAAA,EAAsB,MAAM,CAAA,CAAE,CAAA;AAC1F,IAAA,IAAA,CAAK,IAAA,GAAO,uBAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AACF;;;ACfA,IAAM,IAAA,GAAO,CAAC,KAAA,KAAgC,KAAA,CAAM,KAAA,CAAM,IAAA;AAEnD,IAAM,UAAU,CAAC,KAAA,KAAiC,IAAA,CAAK,KAAK,MAAMA,4BAAA,CAAW;AAE7E,IAAM,cAAA,GAAiB,CAAC,KAAA,KAC7B,IAAA,CAAK,KAAK,CAAA,KAAMA,4BAAA,CAAW,KAAA,IAAS,IAAA,CAAK,KAAK,CAAA,KAAMA,4BAAA,CAAW;AAE1D,IAAM,sBAAsB,CAAC,KAAA,KAClC,IAAA,CAAK,KAAK,MAAMA,4BAAA,CAAW;AAEtB,IAAM,qBAAA,GAAwB,CAAC,KAAA,KACpC,IAAA,CAAK,KAAK,CAAA,KAAMA,4BAAA,CAAW,SAAA,IAAa,IAAA,CAAK,KAAK,CAAA,KAAMA,4BAAA,CAAW;AAE9D,IAAM,cAAA,GAAiB,CAAC,KAAA,KAA8B;AAC3D,EAAA,IAAI,CAAC,OAAA,CAAQ,KAAK,CAAA,EAAG;AACnB,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,OAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,cAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,KAA8B;AAClE,EAAA,IAAI,CAAC,cAAA,CAAe,KAAK,CAAA,EAAG;AAC1B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,gBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,uBAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,yBAAA,GAA4B,CAAC,KAAA,KAA8B;AACtE,EAAA,IAAI,CAAC,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC/B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,0BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,wBAAA,GAA2B,CAAC,KAAA,KAA8B;AACrE,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAK,CAAA,EAAG;AACjC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,8BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;;;ACJA,IAAM,aAAA,GAAgB,CAAC,KAAA,EAAqB,GAAA,KAC1C,GAAA,CAAI,kBAAkB,qBAAA,CAAsB,KAAK,CAAA,GAAI,mBAAA,CAAoB,KAAK,CAAA;AAEhF,IAAM,gBAAA,GAAmB,CAAC,GAAA,KACxB,GAAA,CAAI,kBACA,gDAAA,GACA,4CAAA;AAEC,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,uBAAuB,CAAC,KAAA,EAAqB,GAAA,KACxD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,qBAAA,GAAiF,CAC5F,KAAA,KACG,OAAA,CAAQ,KAAK;AAEX,IAAM,kBAAkB,CAAC,KAAA,EAAqB,GAAA,KACnD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,sBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,0BAAA,GAA6B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC9F,EAAA,IAAI,CAAC,oBAAA,CAAqB,KAAA,EAAO,GAAG,CAAA,EAAG;AACrC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,oBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,uBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,2BAAA,GAA8B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC/F,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAU,CAAA,EAAG;AACtC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,qBAAA;AAAA,MACR,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,EAAqB,GAAA,KAAgC;AACzF,EAAA,IAAI,CAAC,eAAA,CAAgB,KAAA,EAAO,GAAG,CAAA,EAAG;AAChC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,eAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF","file":"index.cjs","sourcesContent":["/**\n * @module domain/permissions/errors\n *\n * Stable error contract for permission denials.\n *\n * `PermissionDeniedError` is what every `assertCan*` pair throws on denial. The\n * three public fields are part of the SDK's published contract — consumers\n * (kbc-ui, kai-agent, third-party TS callers) may pattern-match on `action`\n * and surface `reason` in UI, so renames here are breaking changes.\n *\n * PII boundary on `subject`:\n * `subject` is optional and intended for debugging hints only — admin id,\n * role name, configuration id, branch id, etc. It MUST NOT carry the full\n * `StorageToken`, raw tokens, secrets, or any value that could be logged or\n * surfaced to a user without further redaction.\n */\nexport class PermissionDeniedError extends Error {\n public readonly action: string;\n public readonly reason?: string;\n public readonly subject?: string;\n\n constructor({ action, reason, subject }: { action: string; reason?: string; subject?: string }) {\n super(reason ? `Permission denied: ${action} (${reason})` : `Permission denied: ${action}`);\n this.name = 'PermissionDeniedError';\n this.action = action;\n this.reason = reason;\n this.subject = subject;\n }\n}\n","/**\n * @module domain/permissions/admin\n *\n * Baseline admin-role predicates. Token-only — depend purely on the admin\n * role string carried in `StorageToken.admin.role`. Each predicate has an\n * `assertCan*` pair that throws `PermissionDeniedError` with a stable\n * kebab-case `action` field documented per pair.\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\nimport { AdminRoles } from '../../constants';\n\nimport { PermissionDeniedError } from './errors';\n\nconst role = (token: StorageToken): string => token.admin.role;\n\nexport const isAdmin = (token: StorageToken): boolean => role(token) === AdminRoles.ADMIN;\n\nexport const isAdminOrShare = (token: StorageToken): boolean =>\n role(token) === AdminRoles.ADMIN || role(token) === AdminRoles.SHARE;\n\nexport const isProductionManager = (token: StorageToken): boolean =>\n role(token) === AdminRoles.PRODUCTION_MANAGER;\n\nexport const isDeveloperOrReviewer = (token: StorageToken): boolean =>\n role(token) === AdminRoles.DEVELOPER || role(token) === AdminRoles.REVIEWER;\n\nexport const assertCanAdmin = (token: StorageToken): void => {\n if (!isAdmin(token)) {\n throw new PermissionDeniedError({\n action: 'admin',\n reason: `role '${role(token)}' is not admin`,\n });\n }\n};\n\nexport const assertCanAdminOrShare = (token: StorageToken): void => {\n if (!isAdminOrShare(token)) {\n throw new PermissionDeniedError({\n action: 'admin-or-share',\n reason: `role '${role(token)}' is not admin or share`,\n });\n }\n};\n\nexport const assertCanProductionManage = (token: StorageToken): void => {\n if (!isProductionManager(token)) {\n throw new PermissionDeniedError({\n action: 'production-manage',\n reason: `role '${role(token)}' is not productionManager`,\n });\n }\n};\n\nexport const assertCanDevelopOrReview = (token: StorageToken): void => {\n if (!isDeveloperOrReviewer(token)) {\n throw new PermissionDeniedError({\n action: 'develop-or-review',\n reason: `role '${role(token)}' is not developer or reviewer`,\n });\n }\n};\n","/**\n * @module domain/permissions/configurations\n *\n * Predicate pairs guarding the Core SDK configuration workflow methods\n * (create / copy / migrate-from-template / purge / assign-folder). Each\n * predicate composes the baseline admin role predicates with the caller-\n * supplied dev-mode flag from `ctx`.\n *\n * Rule shape:\n * - In a dev branch (`ctx.isDevModeActive === true`) → caller must be a\n * developer or reviewer.\n * - In production (`ctx.isDevModeActive === false`) → caller must be a\n * production manager.\n * - `canPurgeConfiguration` is **admin-only**, regardless of branch mode.\n * Purge is destructive and the situational base rule does not apply —\n * `token.admin.role` is a single scalar, so requiring both \"admin\" and\n * \"developer/reviewer/productionManager\" simultaneously would be an\n * impossible conjunction. The `ctx` parameter is accepted for signature\n * symmetry with the other configuration predicates and ignored.\n *\n * `ctx` is the trailing object argument convention for composed predicates;\n * extra fields land here as future rules grow (see AGENTS.md).\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\n\nimport { isAdmin, isDeveloperOrReviewer, isProductionManager } from './admin';\nimport { PermissionDeniedError } from './errors';\n\n/**\n * Caller-supplied context for configuration predicates.\n *\n * @property isDevModeActive — `true` when the user is operating inside a\n * development branch (any storage branch other than the protected default /\n * production branch); `false` when operating on the default branch in\n * production.\n *\n * How the caller determines this:\n * - The active branch comes from the caller's own routing / app state\n * (e.g. `/branch/:branchId` in kbc-ui).\n * - A branch is \"dev mode\" when it is **not** the default branch returned by\n * `apiClient.storage.devBranches.list()` (where `isDefault === true`).\n * - kbc-ui exposes this through its `RoutesStore.getCurrentRouteParam('branchId')`\n * compared against the default branch id; the api-client itself stays\n * isomorphic and never reads that state directly.\n *\n * Why it changes the rule:\n * - In dev branches Keboola allows broader write access — `developer` and\n * `reviewer` roles may create / copy / migrate configurations because the\n * branch is sandboxed from production.\n * - On the default branch only `productionManager` (or `admin`) may perform\n * the same writes, since changes ship live to production.\n */\nexport type ConfigurationCtx = {\n isDevModeActive: boolean;\n};\n\nconst meetsBaseRule = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n ctx.isDevModeActive ? isDeveloperOrReviewer(token) : isProductionManager(token);\n\nconst baseDenialReason = (ctx: ConfigurationCtx): string =>\n ctx.isDevModeActive\n ? 'dev branch requires developer or reviewer role'\n : 'production requires productionManager role';\n\nexport const canCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canPurgeConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean = (\n token,\n) => isAdmin(token);\n\nexport const canAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const assertCanCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCreateConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'create-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCopyConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'copy-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canMigrateFromTemplate(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'migrate-from-template',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanPurgeConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canPurgeConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'purge-configuration',\n reason: 'purge requires admin role',\n });\n }\n};\n\nexport const assertCanAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canAssignFolder(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'assign-folder',\n reason: baseDenialReason(ctx),\n });\n }\n};\n"]}
|
|
1
|
+
{"version":3,"sources":["../../../src/domain/permissions/errors.ts","../../../src/domain/permissions/admin.ts","../../../src/domain/permissions/configurations.ts"],"names":["AdminRole"],"mappings":";;;;;;AAgBO,IAAM,qBAAA,GAAN,cAAoC,KAAA,CAAM;AAAA,EAC/B,MAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EAEhB,WAAA,CAAY,EAAE,MAAA,EAAQ,MAAA,EAAQ,SAAQ,EAA0D;AAC9F,IAAA,KAAA,CAAM,MAAA,GAAS,sBAAsB,MAAM,CAAA,EAAA,EAAK,MAAM,CAAA,CAAA,CAAA,GAAM,CAAA,mBAAA,EAAsB,MAAM,CAAA,CAAE,CAAA;AAC1F,IAAA,IAAA,CAAK,IAAA,GAAO,uBAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AACF;;;ACfA,IAAM,IAAA,GAAO,CAAC,KAAA,KAAgC,KAAA,CAAM,KAAA,CAAM,IAAA;AAEnD,IAAM,UAAU,CAAC,KAAA,KAAiC,IAAA,CAAK,KAAK,MAAMA,2BAAA,CAAU;AAE5E,IAAM,cAAA,GAAiB,CAAC,KAAA,KAC7B,IAAA,CAAK,KAAK,CAAA,KAAMA,2BAAA,CAAU,KAAA,IAAS,IAAA,CAAK,KAAK,CAAA,KAAMA,2BAAA,CAAU;AAExD,IAAM,sBAAsB,CAAC,KAAA,KAClC,IAAA,CAAK,KAAK,MAAMA,2BAAA,CAAU;AAErB,IAAM,qBAAA,GAAwB,CAAC,KAAA,KACpC,IAAA,CAAK,KAAK,CAAA,KAAMA,2BAAA,CAAU,SAAA,IAAa,IAAA,CAAK,KAAK,CAAA,KAAMA,2BAAA,CAAU;AAE5D,IAAM,cAAA,GAAiB,CAAC,KAAA,KAA8B;AAC3D,EAAA,IAAI,CAAC,OAAA,CAAQ,KAAK,CAAA,EAAG;AACnB,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,OAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,cAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,KAA8B;AAClE,EAAA,IAAI,CAAC,cAAA,CAAe,KAAK,CAAA,EAAG;AAC1B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,gBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,uBAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,yBAAA,GAA4B,CAAC,KAAA,KAA8B;AACtE,EAAA,IAAI,CAAC,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC/B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,0BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,wBAAA,GAA2B,CAAC,KAAA,KAA8B;AACrE,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAK,CAAA,EAAG;AACjC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,8BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;;;ACJA,IAAM,aAAA,GAAgB,CAAC,KAAA,EAAqB,GAAA,KAC1C,GAAA,CAAI,kBAAkB,qBAAA,CAAsB,KAAK,CAAA,GAAI,mBAAA,CAAoB,KAAK,CAAA;AAEhF,IAAM,gBAAA,GAAmB,CAAC,GAAA,KACxB,GAAA,CAAI,kBACA,gDAAA,GACA,4CAAA;AAEC,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,uBAAuB,CAAC,KAAA,EAAqB,GAAA,KACxD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,qBAAA,GAAiF,CAC5F,KAAA,KACG,OAAA,CAAQ,KAAK;AAEX,IAAM,kBAAkB,CAAC,KAAA,EAAqB,GAAA,KACnD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,sBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,0BAAA,GAA6B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC9F,EAAA,IAAI,CAAC,oBAAA,CAAqB,KAAA,EAAO,GAAG,CAAA,EAAG;AACrC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,oBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,uBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,2BAAA,GAA8B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC/F,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAU,CAAA,EAAG;AACtC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,qBAAA;AAAA,MACR,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,EAAqB,GAAA,KAAgC;AACzF,EAAA,IAAI,CAAC,eAAA,CAAgB,KAAA,EAAO,GAAG,CAAA,EAAG;AAChC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,eAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF","file":"index.cjs","sourcesContent":["/**\n * @module domain/permissions/errors\n *\n * Stable error contract for permission denials.\n *\n * `PermissionDeniedError` is what every `assertCan*` pair throws on denial. The\n * three public fields are part of the SDK's published contract — consumers\n * (kbc-ui, kai-agent, third-party TS callers) may pattern-match on `action`\n * and surface `reason` in UI, so renames here are breaking changes.\n *\n * PII boundary on `subject`:\n * `subject` is optional and intended for debugging hints only — admin id,\n * role name, configuration id, branch id, etc. It MUST NOT carry the full\n * `StorageToken`, raw tokens, secrets, or any value that could be logged or\n * surfaced to a user without further redaction.\n */\nexport class PermissionDeniedError extends Error {\n public readonly action: string;\n public readonly reason?: string;\n public readonly subject?: string;\n\n constructor({ action, reason, subject }: { action: string; reason?: string; subject?: string }) {\n super(reason ? `Permission denied: ${action} (${reason})` : `Permission denied: ${action}`);\n this.name = 'PermissionDeniedError';\n this.action = action;\n this.reason = reason;\n this.subject = subject;\n }\n}\n","/**\n * @module domain/permissions/admin\n *\n * Baseline admin-role predicates. Token-only — depend purely on the admin\n * role string carried in `StorageToken.admin.role`. Each predicate has an\n * `assertCan*` pair that throws `PermissionDeniedError` with a stable\n * kebab-case `action` field documented per pair.\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\nimport { AdminRole } from '../../constants/adminRoles';\n\nimport { PermissionDeniedError } from './errors';\n\nconst role = (token: StorageToken): string => token.admin.role;\n\nexport const isAdmin = (token: StorageToken): boolean => role(token) === AdminRole.Admin;\n\nexport const isAdminOrShare = (token: StorageToken): boolean =>\n role(token) === AdminRole.Admin || role(token) === AdminRole.Share;\n\nexport const isProductionManager = (token: StorageToken): boolean =>\n role(token) === AdminRole.ProductionManager;\n\nexport const isDeveloperOrReviewer = (token: StorageToken): boolean =>\n role(token) === AdminRole.Developer || role(token) === AdminRole.Reviewer;\n\nexport const assertCanAdmin = (token: StorageToken): void => {\n if (!isAdmin(token)) {\n throw new PermissionDeniedError({\n action: 'admin',\n reason: `role '${role(token)}' is not admin`,\n });\n }\n};\n\nexport const assertCanAdminOrShare = (token: StorageToken): void => {\n if (!isAdminOrShare(token)) {\n throw new PermissionDeniedError({\n action: 'admin-or-share',\n reason: `role '${role(token)}' is not admin or share`,\n });\n }\n};\n\nexport const assertCanProductionManage = (token: StorageToken): void => {\n if (!isProductionManager(token)) {\n throw new PermissionDeniedError({\n action: 'production-manage',\n reason: `role '${role(token)}' is not productionManager`,\n });\n }\n};\n\nexport const assertCanDevelopOrReview = (token: StorageToken): void => {\n if (!isDeveloperOrReviewer(token)) {\n throw new PermissionDeniedError({\n action: 'develop-or-review',\n reason: `role '${role(token)}' is not developer or reviewer`,\n });\n }\n};\n","/**\n * @module domain/permissions/configurations\n *\n * Predicate pairs guarding the Core SDK configuration workflow methods\n * (create / copy / migrate-from-template / purge / assign-folder). Each\n * predicate composes the baseline admin role predicates with the caller-\n * supplied dev-mode flag from `ctx`.\n *\n * Rule shape:\n * - In a dev branch (`ctx.isDevModeActive === true`) → caller must be a\n * developer or reviewer.\n * - In production (`ctx.isDevModeActive === false`) → caller must be a\n * production manager.\n * - `canPurgeConfiguration` is **admin-only**, regardless of branch mode.\n * Purge is destructive and the situational base rule does not apply —\n * `token.admin.role` is a single scalar, so requiring both \"admin\" and\n * \"developer/reviewer/productionManager\" simultaneously would be an\n * impossible conjunction. The `ctx` parameter is accepted for signature\n * symmetry with the other configuration predicates and ignored.\n *\n * `ctx` is the trailing object argument convention for composed predicates;\n * extra fields land here as future rules grow (see AGENTS.md).\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\n\nimport { isAdmin, isDeveloperOrReviewer, isProductionManager } from './admin';\nimport { PermissionDeniedError } from './errors';\n\n/**\n * Caller-supplied context for configuration predicates.\n *\n * @property isDevModeActive — `true` when the user is operating inside a\n * development branch (any storage branch other than the protected default /\n * production branch); `false` when operating on the default branch in\n * production.\n *\n * How the caller determines this:\n * - The active branch comes from the caller's own routing / app state\n * (e.g. `/branch/:branchId` in kbc-ui).\n * - A branch is \"dev mode\" when it is **not** the default branch returned by\n * `apiClient.storage.devBranches.list()` (where `isDefault === true`).\n * - kbc-ui exposes this through its `RoutesStore.getCurrentRouteParam('branchId')`\n * compared against the default branch id; the api-client itself stays\n * isomorphic and never reads that state directly.\n *\n * Why it changes the rule:\n * - In dev branches Keboola allows broader write access — `developer` and\n * `reviewer` roles may create / copy / migrate configurations because the\n * branch is sandboxed from production.\n * - On the default branch only `productionManager` (or `admin`) may perform\n * the same writes, since changes ship live to production.\n */\nexport type ConfigurationCtx = {\n isDevModeActive: boolean;\n};\n\nconst meetsBaseRule = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n ctx.isDevModeActive ? isDeveloperOrReviewer(token) : isProductionManager(token);\n\nconst baseDenialReason = (ctx: ConfigurationCtx): string =>\n ctx.isDevModeActive\n ? 'dev branch requires developer or reviewer role'\n : 'production requires productionManager role';\n\nexport const canCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canPurgeConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean = (\n token,\n) => isAdmin(token);\n\nexport const canAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const assertCanCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCreateConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'create-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCopyConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'copy-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canMigrateFromTemplate(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'migrate-from-template',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanPurgeConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canPurgeConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'purge-configuration',\n reason: 'purge requires admin role',\n });\n }\n};\n\nexport const assertCanAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canAssignFolder(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'assign-folder',\n reason: baseDenialReason(ctx),\n });\n }\n};\n"]}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
|
-
import { S as StorageToken } from '../../types-
|
|
2
|
-
export { h as hasAdminFeature, a as hasFeature } from '../../project-
|
|
1
|
+
import { S as StorageToken } from '../../types-CMEwVQ78.cjs';
|
|
2
|
+
export { h as hasAdminFeature, a as hasFeature } from '../../project-NJuUPx8-.cjs';
|
|
3
|
+
import '../../backends-BgUzAQul.cjs';
|
|
3
4
|
import '../../types-jKnx7Tm_.cjs';
|
|
4
5
|
|
|
5
6
|
/**
|
|
@@ -1,5 +1,6 @@
|
|
|
1
|
-
import { S as StorageToken } from '../../types-
|
|
2
|
-
export { h as hasAdminFeature, a as hasFeature } from '../../project-
|
|
1
|
+
import { S as StorageToken } from '../../types-GmAeMsok.js';
|
|
2
|
+
export { h as hasAdminFeature, a as hasFeature } from '../../project-BxSa1Ci9.js';
|
|
3
|
+
import '../../backends-BgUzAQul.js';
|
|
3
4
|
import '../../types-jKnx7Tm_.js';
|
|
4
5
|
|
|
5
6
|
/**
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
+
import { AdminRole } from '../../chunk-Y5QJJWDQ.js';
|
|
1
2
|
export { hasAdminFeature, hasFeature } from '../../chunk-UABYNGBZ.js';
|
|
2
|
-
import { AdminRoles } from '../../chunk-SI5TFV5M.js';
|
|
3
3
|
|
|
4
4
|
// src/domain/permissions/errors.ts
|
|
5
5
|
var PermissionDeniedError = class extends Error {
|
|
@@ -17,10 +17,10 @@ var PermissionDeniedError = class extends Error {
|
|
|
17
17
|
|
|
18
18
|
// src/domain/permissions/admin.ts
|
|
19
19
|
var role = (token) => token.admin.role;
|
|
20
|
-
var isAdmin = (token) => role(token) ===
|
|
21
|
-
var isAdminOrShare = (token) => role(token) ===
|
|
22
|
-
var isProductionManager = (token) => role(token) ===
|
|
23
|
-
var isDeveloperOrReviewer = (token) => role(token) ===
|
|
20
|
+
var isAdmin = (token) => role(token) === AdminRole.Admin;
|
|
21
|
+
var isAdminOrShare = (token) => role(token) === AdminRole.Admin || role(token) === AdminRole.Share;
|
|
22
|
+
var isProductionManager = (token) => role(token) === AdminRole.ProductionManager;
|
|
23
|
+
var isDeveloperOrReviewer = (token) => role(token) === AdminRole.Developer || role(token) === AdminRole.Reviewer;
|
|
24
24
|
var assertCanAdmin = (token) => {
|
|
25
25
|
if (!isAdmin(token)) {
|
|
26
26
|
throw new PermissionDeniedError({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/domain/permissions/errors.ts","../../../src/domain/permissions/admin.ts","../../../src/domain/permissions/configurations.ts"],"names":[],"mappings":";;;;AAgBO,IAAM,qBAAA,GAAN,cAAoC,KAAA,CAAM;AAAA,EAC/B,MAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EAEhB,WAAA,CAAY,EAAE,MAAA,EAAQ,MAAA,EAAQ,SAAQ,EAA0D;AAC9F,IAAA,KAAA,CAAM,MAAA,GAAS,sBAAsB,MAAM,CAAA,EAAA,EAAK,MAAM,CAAA,CAAA,CAAA,GAAM,CAAA,mBAAA,EAAsB,MAAM,CAAA,CAAE,CAAA;AAC1F,IAAA,IAAA,CAAK,IAAA,GAAO,uBAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AACF;;;ACfA,IAAM,IAAA,GAAO,CAAC,KAAA,KAAgC,KAAA,CAAM,KAAA,CAAM,IAAA;AAEnD,IAAM,UAAU,CAAC,KAAA,KAAiC,IAAA,CAAK,KAAK,MAAM,UAAA,CAAW;AAE7E,IAAM,cAAA,GAAiB,CAAC,KAAA,KAC7B,IAAA,CAAK,KAAK,CAAA,KAAM,UAAA,CAAW,KAAA,IAAS,IAAA,CAAK,KAAK,CAAA,KAAM,UAAA,CAAW;AAE1D,IAAM,sBAAsB,CAAC,KAAA,KAClC,IAAA,CAAK,KAAK,MAAM,UAAA,CAAW;AAEtB,IAAM,qBAAA,GAAwB,CAAC,KAAA,KACpC,IAAA,CAAK,KAAK,CAAA,KAAM,UAAA,CAAW,SAAA,IAAa,IAAA,CAAK,KAAK,CAAA,KAAM,UAAA,CAAW;AAE9D,IAAM,cAAA,GAAiB,CAAC,KAAA,KAA8B;AAC3D,EAAA,IAAI,CAAC,OAAA,CAAQ,KAAK,CAAA,EAAG;AACnB,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,OAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,cAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,KAA8B;AAClE,EAAA,IAAI,CAAC,cAAA,CAAe,KAAK,CAAA,EAAG;AAC1B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,gBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,uBAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,yBAAA,GAA4B,CAAC,KAAA,KAA8B;AACtE,EAAA,IAAI,CAAC,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC/B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,0BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,wBAAA,GAA2B,CAAC,KAAA,KAA8B;AACrE,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAK,CAAA,EAAG;AACjC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,8BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;;;ACJA,IAAM,aAAA,GAAgB,CAAC,KAAA,EAAqB,GAAA,KAC1C,GAAA,CAAI,kBAAkB,qBAAA,CAAsB,KAAK,CAAA,GAAI,mBAAA,CAAoB,KAAK,CAAA;AAEhF,IAAM,gBAAA,GAAmB,CAAC,GAAA,KACxB,GAAA,CAAI,kBACA,gDAAA,GACA,4CAAA;AAEC,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,uBAAuB,CAAC,KAAA,EAAqB,GAAA,KACxD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,qBAAA,GAAiF,CAC5F,KAAA,KACG,OAAA,CAAQ,KAAK;AAEX,IAAM,kBAAkB,CAAC,KAAA,EAAqB,GAAA,KACnD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,sBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,0BAAA,GAA6B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC9F,EAAA,IAAI,CAAC,oBAAA,CAAqB,KAAA,EAAO,GAAG,CAAA,EAAG;AACrC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,oBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,uBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,2BAAA,GAA8B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC/F,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAU,CAAA,EAAG;AACtC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,qBAAA;AAAA,MACR,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,EAAqB,GAAA,KAAgC;AACzF,EAAA,IAAI,CAAC,eAAA,CAAgB,KAAA,EAAO,GAAG,CAAA,EAAG;AAChC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,eAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF","file":"index.js","sourcesContent":["/**\n * @module domain/permissions/errors\n *\n * Stable error contract for permission denials.\n *\n * `PermissionDeniedError` is what every `assertCan*` pair throws on denial. The\n * three public fields are part of the SDK's published contract — consumers\n * (kbc-ui, kai-agent, third-party TS callers) may pattern-match on `action`\n * and surface `reason` in UI, so renames here are breaking changes.\n *\n * PII boundary on `subject`:\n * `subject` is optional and intended for debugging hints only — admin id,\n * role name, configuration id, branch id, etc. It MUST NOT carry the full\n * `StorageToken`, raw tokens, secrets, or any value that could be logged or\n * surfaced to a user without further redaction.\n */\nexport class PermissionDeniedError extends Error {\n public readonly action: string;\n public readonly reason?: string;\n public readonly subject?: string;\n\n constructor({ action, reason, subject }: { action: string; reason?: string; subject?: string }) {\n super(reason ? `Permission denied: ${action} (${reason})` : `Permission denied: ${action}`);\n this.name = 'PermissionDeniedError';\n this.action = action;\n this.reason = reason;\n this.subject = subject;\n }\n}\n","/**\n * @module domain/permissions/admin\n *\n * Baseline admin-role predicates. Token-only — depend purely on the admin\n * role string carried in `StorageToken.admin.role`. Each predicate has an\n * `assertCan*` pair that throws `PermissionDeniedError` with a stable\n * kebab-case `action` field documented per pair.\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\nimport { AdminRoles } from '../../constants';\n\nimport { PermissionDeniedError } from './errors';\n\nconst role = (token: StorageToken): string => token.admin.role;\n\nexport const isAdmin = (token: StorageToken): boolean => role(token) === AdminRoles.ADMIN;\n\nexport const isAdminOrShare = (token: StorageToken): boolean =>\n role(token) === AdminRoles.ADMIN || role(token) === AdminRoles.SHARE;\n\nexport const isProductionManager = (token: StorageToken): boolean =>\n role(token) === AdminRoles.PRODUCTION_MANAGER;\n\nexport const isDeveloperOrReviewer = (token: StorageToken): boolean =>\n role(token) === AdminRoles.DEVELOPER || role(token) === AdminRoles.REVIEWER;\n\nexport const assertCanAdmin = (token: StorageToken): void => {\n if (!isAdmin(token)) {\n throw new PermissionDeniedError({\n action: 'admin',\n reason: `role '${role(token)}' is not admin`,\n });\n }\n};\n\nexport const assertCanAdminOrShare = (token: StorageToken): void => {\n if (!isAdminOrShare(token)) {\n throw new PermissionDeniedError({\n action: 'admin-or-share',\n reason: `role '${role(token)}' is not admin or share`,\n });\n }\n};\n\nexport const assertCanProductionManage = (token: StorageToken): void => {\n if (!isProductionManager(token)) {\n throw new PermissionDeniedError({\n action: 'production-manage',\n reason: `role '${role(token)}' is not productionManager`,\n });\n }\n};\n\nexport const assertCanDevelopOrReview = (token: StorageToken): void => {\n if (!isDeveloperOrReviewer(token)) {\n throw new PermissionDeniedError({\n action: 'develop-or-review',\n reason: `role '${role(token)}' is not developer or reviewer`,\n });\n }\n};\n","/**\n * @module domain/permissions/configurations\n *\n * Predicate pairs guarding the Core SDK configuration workflow methods\n * (create / copy / migrate-from-template / purge / assign-folder). Each\n * predicate composes the baseline admin role predicates with the caller-\n * supplied dev-mode flag from `ctx`.\n *\n * Rule shape:\n * - In a dev branch (`ctx.isDevModeActive === true`) → caller must be a\n * developer or reviewer.\n * - In production (`ctx.isDevModeActive === false`) → caller must be a\n * production manager.\n * - `canPurgeConfiguration` is **admin-only**, regardless of branch mode.\n * Purge is destructive and the situational base rule does not apply —\n * `token.admin.role` is a single scalar, so requiring both \"admin\" and\n * \"developer/reviewer/productionManager\" simultaneously would be an\n * impossible conjunction. The `ctx` parameter is accepted for signature\n * symmetry with the other configuration predicates and ignored.\n *\n * `ctx` is the trailing object argument convention for composed predicates;\n * extra fields land here as future rules grow (see AGENTS.md).\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\n\nimport { isAdmin, isDeveloperOrReviewer, isProductionManager } from './admin';\nimport { PermissionDeniedError } from './errors';\n\n/**\n * Caller-supplied context for configuration predicates.\n *\n * @property isDevModeActive — `true` when the user is operating inside a\n * development branch (any storage branch other than the protected default /\n * production branch); `false` when operating on the default branch in\n * production.\n *\n * How the caller determines this:\n * - The active branch comes from the caller's own routing / app state\n * (e.g. `/branch/:branchId` in kbc-ui).\n * - A branch is \"dev mode\" when it is **not** the default branch returned by\n * `apiClient.storage.devBranches.list()` (where `isDefault === true`).\n * - kbc-ui exposes this through its `RoutesStore.getCurrentRouteParam('branchId')`\n * compared against the default branch id; the api-client itself stays\n * isomorphic and never reads that state directly.\n *\n * Why it changes the rule:\n * - In dev branches Keboola allows broader write access — `developer` and\n * `reviewer` roles may create / copy / migrate configurations because the\n * branch is sandboxed from production.\n * - On the default branch only `productionManager` (or `admin`) may perform\n * the same writes, since changes ship live to production.\n */\nexport type ConfigurationCtx = {\n isDevModeActive: boolean;\n};\n\nconst meetsBaseRule = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n ctx.isDevModeActive ? isDeveloperOrReviewer(token) : isProductionManager(token);\n\nconst baseDenialReason = (ctx: ConfigurationCtx): string =>\n ctx.isDevModeActive\n ? 'dev branch requires developer or reviewer role'\n : 'production requires productionManager role';\n\nexport const canCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canPurgeConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean = (\n token,\n) => isAdmin(token);\n\nexport const canAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const assertCanCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCreateConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'create-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCopyConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'copy-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canMigrateFromTemplate(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'migrate-from-template',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanPurgeConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canPurgeConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'purge-configuration',\n reason: 'purge requires admin role',\n });\n }\n};\n\nexport const assertCanAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canAssignFolder(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'assign-folder',\n reason: baseDenialReason(ctx),\n });\n }\n};\n"]}
|
|
1
|
+
{"version":3,"sources":["../../../src/domain/permissions/errors.ts","../../../src/domain/permissions/admin.ts","../../../src/domain/permissions/configurations.ts"],"names":[],"mappings":";;;;AAgBO,IAAM,qBAAA,GAAN,cAAoC,KAAA,CAAM;AAAA,EAC/B,MAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EAEhB,WAAA,CAAY,EAAE,MAAA,EAAQ,MAAA,EAAQ,SAAQ,EAA0D;AAC9F,IAAA,KAAA,CAAM,MAAA,GAAS,sBAAsB,MAAM,CAAA,EAAA,EAAK,MAAM,CAAA,CAAA,CAAA,GAAM,CAAA,mBAAA,EAAsB,MAAM,CAAA,CAAE,CAAA;AAC1F,IAAA,IAAA,CAAK,IAAA,GAAO,uBAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AACF;;;ACfA,IAAM,IAAA,GAAO,CAAC,KAAA,KAAgC,KAAA,CAAM,KAAA,CAAM,IAAA;AAEnD,IAAM,UAAU,CAAC,KAAA,KAAiC,IAAA,CAAK,KAAK,MAAM,SAAA,CAAU;AAE5E,IAAM,cAAA,GAAiB,CAAC,KAAA,KAC7B,IAAA,CAAK,KAAK,CAAA,KAAM,SAAA,CAAU,KAAA,IAAS,IAAA,CAAK,KAAK,CAAA,KAAM,SAAA,CAAU;AAExD,IAAM,sBAAsB,CAAC,KAAA,KAClC,IAAA,CAAK,KAAK,MAAM,SAAA,CAAU;AAErB,IAAM,qBAAA,GAAwB,CAAC,KAAA,KACpC,IAAA,CAAK,KAAK,CAAA,KAAM,SAAA,CAAU,SAAA,IAAa,IAAA,CAAK,KAAK,CAAA,KAAM,SAAA,CAAU;AAE5D,IAAM,cAAA,GAAiB,CAAC,KAAA,KAA8B;AAC3D,EAAA,IAAI,CAAC,OAAA,CAAQ,KAAK,CAAA,EAAG;AACnB,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,OAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,cAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,KAA8B;AAClE,EAAA,IAAI,CAAC,cAAA,CAAe,KAAK,CAAA,EAAG;AAC1B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,gBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,uBAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,yBAAA,GAA4B,CAAC,KAAA,KAA8B;AACtE,EAAA,IAAI,CAAC,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC/B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,0BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,wBAAA,GAA2B,CAAC,KAAA,KAA8B;AACrE,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAK,CAAA,EAAG;AACjC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,8BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;;;ACJA,IAAM,aAAA,GAAgB,CAAC,KAAA,EAAqB,GAAA,KAC1C,GAAA,CAAI,kBAAkB,qBAAA,CAAsB,KAAK,CAAA,GAAI,mBAAA,CAAoB,KAAK,CAAA;AAEhF,IAAM,gBAAA,GAAmB,CAAC,GAAA,KACxB,GAAA,CAAI,kBACA,gDAAA,GACA,4CAAA;AAEC,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,uBAAuB,CAAC,KAAA,EAAqB,GAAA,KACxD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,qBAAA,GAAiF,CAC5F,KAAA,KACG,OAAA,CAAQ,KAAK;AAEX,IAAM,kBAAkB,CAAC,KAAA,EAAqB,GAAA,KACnD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,sBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,0BAAA,GAA6B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC9F,EAAA,IAAI,CAAC,oBAAA,CAAqB,KAAA,EAAO,GAAG,CAAA,EAAG;AACrC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,oBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,uBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,2BAAA,GAA8B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC/F,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAU,CAAA,EAAG;AACtC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,qBAAA;AAAA,MACR,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,EAAqB,GAAA,KAAgC;AACzF,EAAA,IAAI,CAAC,eAAA,CAAgB,KAAA,EAAO,GAAG,CAAA,EAAG;AAChC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,eAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF","file":"index.js","sourcesContent":["/**\n * @module domain/permissions/errors\n *\n * Stable error contract for permission denials.\n *\n * `PermissionDeniedError` is what every `assertCan*` pair throws on denial. The\n * three public fields are part of the SDK's published contract — consumers\n * (kbc-ui, kai-agent, third-party TS callers) may pattern-match on `action`\n * and surface `reason` in UI, so renames here are breaking changes.\n *\n * PII boundary on `subject`:\n * `subject` is optional and intended for debugging hints only — admin id,\n * role name, configuration id, branch id, etc. It MUST NOT carry the full\n * `StorageToken`, raw tokens, secrets, or any value that could be logged or\n * surfaced to a user without further redaction.\n */\nexport class PermissionDeniedError extends Error {\n public readonly action: string;\n public readonly reason?: string;\n public readonly subject?: string;\n\n constructor({ action, reason, subject }: { action: string; reason?: string; subject?: string }) {\n super(reason ? `Permission denied: ${action} (${reason})` : `Permission denied: ${action}`);\n this.name = 'PermissionDeniedError';\n this.action = action;\n this.reason = reason;\n this.subject = subject;\n }\n}\n","/**\n * @module domain/permissions/admin\n *\n * Baseline admin-role predicates. Token-only — depend purely on the admin\n * role string carried in `StorageToken.admin.role`. Each predicate has an\n * `assertCan*` pair that throws `PermissionDeniedError` with a stable\n * kebab-case `action` field documented per pair.\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\nimport { AdminRole } from '../../constants/adminRoles';\n\nimport { PermissionDeniedError } from './errors';\n\nconst role = (token: StorageToken): string => token.admin.role;\n\nexport const isAdmin = (token: StorageToken): boolean => role(token) === AdminRole.Admin;\n\nexport const isAdminOrShare = (token: StorageToken): boolean =>\n role(token) === AdminRole.Admin || role(token) === AdminRole.Share;\n\nexport const isProductionManager = (token: StorageToken): boolean =>\n role(token) === AdminRole.ProductionManager;\n\nexport const isDeveloperOrReviewer = (token: StorageToken): boolean =>\n role(token) === AdminRole.Developer || role(token) === AdminRole.Reviewer;\n\nexport const assertCanAdmin = (token: StorageToken): void => {\n if (!isAdmin(token)) {\n throw new PermissionDeniedError({\n action: 'admin',\n reason: `role '${role(token)}' is not admin`,\n });\n }\n};\n\nexport const assertCanAdminOrShare = (token: StorageToken): void => {\n if (!isAdminOrShare(token)) {\n throw new PermissionDeniedError({\n action: 'admin-or-share',\n reason: `role '${role(token)}' is not admin or share`,\n });\n }\n};\n\nexport const assertCanProductionManage = (token: StorageToken): void => {\n if (!isProductionManager(token)) {\n throw new PermissionDeniedError({\n action: 'production-manage',\n reason: `role '${role(token)}' is not productionManager`,\n });\n }\n};\n\nexport const assertCanDevelopOrReview = (token: StorageToken): void => {\n if (!isDeveloperOrReviewer(token)) {\n throw new PermissionDeniedError({\n action: 'develop-or-review',\n reason: `role '${role(token)}' is not developer or reviewer`,\n });\n }\n};\n","/**\n * @module domain/permissions/configurations\n *\n * Predicate pairs guarding the Core SDK configuration workflow methods\n * (create / copy / migrate-from-template / purge / assign-folder). Each\n * predicate composes the baseline admin role predicates with the caller-\n * supplied dev-mode flag from `ctx`.\n *\n * Rule shape:\n * - In a dev branch (`ctx.isDevModeActive === true`) → caller must be a\n * developer or reviewer.\n * - In production (`ctx.isDevModeActive === false`) → caller must be a\n * production manager.\n * - `canPurgeConfiguration` is **admin-only**, regardless of branch mode.\n * Purge is destructive and the situational base rule does not apply —\n * `token.admin.role` is a single scalar, so requiring both \"admin\" and\n * \"developer/reviewer/productionManager\" simultaneously would be an\n * impossible conjunction. The `ctx` parameter is accepted for signature\n * symmetry with the other configuration predicates and ignored.\n *\n * `ctx` is the trailing object argument convention for composed predicates;\n * extra fields land here as future rules grow (see AGENTS.md).\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\n\nimport { isAdmin, isDeveloperOrReviewer, isProductionManager } from './admin';\nimport { PermissionDeniedError } from './errors';\n\n/**\n * Caller-supplied context for configuration predicates.\n *\n * @property isDevModeActive — `true` when the user is operating inside a\n * development branch (any storage branch other than the protected default /\n * production branch); `false` when operating on the default branch in\n * production.\n *\n * How the caller determines this:\n * - The active branch comes from the caller's own routing / app state\n * (e.g. `/branch/:branchId` in kbc-ui).\n * - A branch is \"dev mode\" when it is **not** the default branch returned by\n * `apiClient.storage.devBranches.list()` (where `isDefault === true`).\n * - kbc-ui exposes this through its `RoutesStore.getCurrentRouteParam('branchId')`\n * compared against the default branch id; the api-client itself stays\n * isomorphic and never reads that state directly.\n *\n * Why it changes the rule:\n * - In dev branches Keboola allows broader write access — `developer` and\n * `reviewer` roles may create / copy / migrate configurations because the\n * branch is sandboxed from production.\n * - On the default branch only `productionManager` (or `admin`) may perform\n * the same writes, since changes ship live to production.\n */\nexport type ConfigurationCtx = {\n isDevModeActive: boolean;\n};\n\nconst meetsBaseRule = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n ctx.isDevModeActive ? isDeveloperOrReviewer(token) : isProductionManager(token);\n\nconst baseDenialReason = (ctx: ConfigurationCtx): string =>\n ctx.isDevModeActive\n ? 'dev branch requires developer or reviewer role'\n : 'production requires productionManager role';\n\nexport const canCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canPurgeConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean = (\n token,\n) => isAdmin(token);\n\nexport const canAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const assertCanCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCreateConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'create-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCopyConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'copy-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canMigrateFromTemplate(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'migrate-from-template',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanPurgeConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canPurgeConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'purge-configuration',\n reason: 'purge requires admin role',\n });\n }\n};\n\nexport const assertCanAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canAssignFolder(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'assign-folder',\n reason: baseDenialReason(ctx),\n });\n }\n};\n"]}
|
package/dist/editor/index.cjs
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
var
|
|
4
|
-
require('../chunk-
|
|
5
|
-
require('../chunk-R7MQGDLC.cjs');
|
|
3
|
+
var chunkH466MBV4_cjs = require('../chunk-H466MBV4.cjs');
|
|
4
|
+
require('../chunk-OWGJ3PVA.cjs');
|
|
6
5
|
|
|
7
6
|
|
|
8
7
|
|
|
9
8
|
Object.defineProperty(exports, "createEditorClient", {
|
|
10
9
|
enumerable: true,
|
|
11
|
-
get: function () { return
|
|
10
|
+
get: function () { return chunkH466MBV4_cjs.createEditorClient; }
|
|
12
11
|
});
|
|
13
12
|
//# sourceMappingURL=index.cjs.map
|
|
14
13
|
//# sourceMappingURL=index.cjs.map
|
package/dist/editor/index.js
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
export { createEditorClient } from '../chunk-
|
|
2
|
-
import '../chunk-
|
|
3
|
-
import '../chunk-SI5TFV5M.js';
|
|
1
|
+
export { createEditorClient } from '../chunk-GOWOD3O4.js';
|
|
2
|
+
import '../chunk-FBGUBMJ7.js';
|
|
4
3
|
//# sourceMappingURL=index.js.map
|
|
5
4
|
//# sourceMappingURL=index.js.map
|
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
var
|
|
4
|
-
require('../chunk-
|
|
5
|
-
require('../chunk-R7MQGDLC.cjs');
|
|
3
|
+
var chunkULZPXG4L_cjs = require('../chunk-ULZPXG4L.cjs');
|
|
4
|
+
require('../chunk-OWGJ3PVA.cjs');
|
|
6
5
|
|
|
7
6
|
|
|
8
7
|
|
|
9
8
|
Object.defineProperty(exports, "createEncryptionClient", {
|
|
10
9
|
enumerable: true,
|
|
11
|
-
get: function () { return
|
|
10
|
+
get: function () { return chunkULZPXG4L_cjs.createEncryptionClient; }
|
|
12
11
|
});
|
|
13
12
|
//# sourceMappingURL=index.cjs.map
|
|
14
13
|
//# sourceMappingURL=index.cjs.map
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import { C as ClientInitOptions } from '../types-BLJoO6YL.cjs';
|
|
2
2
|
import { EncryptQuery, ScopedSecrets } from './types.cjs';
|
|
3
3
|
import 'qs';
|
|
4
|
-
import '../types-
|
|
4
|
+
import '../types-CMEwVQ78.cjs';
|
|
5
|
+
import '../backends-BgUzAQul.cjs';
|
|
5
6
|
import '../types-jKnx7Tm_.cjs';
|
|
6
7
|
|
|
7
8
|
declare const createEncryptionClient: ({ baseUrl, middlewares, }: Omit<ClientInitOptions, "token">) => {
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import { C as ClientInitOptions } from '../types-BLJoO6YL.js';
|
|
2
2
|
import { EncryptQuery, ScopedSecrets } from './types.js';
|
|
3
3
|
import 'qs';
|
|
4
|
-
import '../types-
|
|
4
|
+
import '../types-GmAeMsok.js';
|
|
5
|
+
import '../backends-BgUzAQul.js';
|
|
5
6
|
import '../types-jKnx7Tm_.js';
|
|
6
7
|
|
|
7
8
|
declare const createEncryptionClient: ({ baseUrl, middlewares, }: Omit<ClientInitOptions, "token">) => {
|
package/dist/encryption/index.js
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
export { createEncryptionClient } from '../chunk-
|
|
2
|
-
import '../chunk-
|
|
3
|
-
import '../chunk-SI5TFV5M.js';
|
|
1
|
+
export { createEncryptionClient } from '../chunk-ATVNCGTO.js';
|
|
2
|
+
import '../chunk-FBGUBMJ7.js';
|
|
4
3
|
//# sourceMappingURL=index.js.map
|
|
5
4
|
//# sourceMappingURL=index.js.map
|
package/dist/import/index.cjs
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
var
|
|
4
|
-
require('../chunk-
|
|
5
|
-
require('../chunk-R7MQGDLC.cjs');
|
|
3
|
+
var chunkYTF4RQ52_cjs = require('../chunk-YTF4RQ52.cjs');
|
|
4
|
+
require('../chunk-OWGJ3PVA.cjs');
|
|
6
5
|
|
|
7
6
|
|
|
8
7
|
|
|
9
8
|
Object.defineProperty(exports, "createImportClient", {
|
|
10
9
|
enumerable: true,
|
|
11
|
-
get: function () { return
|
|
10
|
+
get: function () { return chunkYTF4RQ52_cjs.createImportClient; }
|
|
12
11
|
});
|
|
13
12
|
//# sourceMappingURL=index.cjs.map
|
|
14
13
|
//# sourceMappingURL=index.cjs.map
|
package/dist/import/index.js
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
export { createImportClient } from '../chunk-
|
|
2
|
-
import '../chunk-
|
|
3
|
-
import '../chunk-SI5TFV5M.js';
|
|
1
|
+
export { createImportClient } from '../chunk-RHZK7AL7.js';
|
|
2
|
+
import '../chunk-FBGUBMJ7.js';
|
|
4
3
|
//# sourceMappingURL=index.js.map
|
|
5
4
|
//# sourceMappingURL=index.js.map
|