@keboola/api-client 8.0.2 → 11.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/API-SURFACE.md +488 -0
- package/dist/ai/index.cjs +3 -4
- package/dist/ai/index.js +2 -3
- package/dist/assets/index.cjs +3 -4
- package/dist/assets/index.js +2 -3
- package/dist/backends-BgUzAQul.d.cts +16 -0
- package/dist/backends-BgUzAQul.d.ts +16 -0
- package/dist/chat/index.cjs +3 -4
- package/dist/chat/index.js +2 -3
- package/dist/{chunk-HUMEK64L.cjs → chunk-2ZXOVTCN.cjs} +59 -16
- package/dist/chunk-2ZXOVTCN.cjs.map +1 -0
- package/dist/chunk-3FZHFTLG.cjs +12 -0
- package/dist/chunk-3FZHFTLG.cjs.map +1 -0
- package/dist/{chunk-Y26EBVMH.js → chunk-47CIRFCO.js} +3 -4
- package/dist/chunk-47CIRFCO.js.map +1 -0
- package/dist/chunk-AHYMMDIC.cjs +29 -0
- package/dist/chunk-AHYMMDIC.cjs.map +1 -0
- package/dist/{chunk-QKCFPPQS.js → chunk-APILLKET.js} +3 -3
- package/dist/{chunk-QKCFPPQS.js.map → chunk-APILLKET.js.map} +1 -1
- package/dist/{chunk-WILFTDTS.js → chunk-ATVNCGTO.js} +3 -3
- package/dist/{chunk-WILFTDTS.js.map → chunk-ATVNCGTO.js.map} +1 -1
- package/dist/{chunk-OYSQWNNG.cjs → chunk-AU2OPVRI.cjs} +8 -9
- package/dist/chunk-AU2OPVRI.cjs.map +1 -0
- package/dist/chunk-B7BBPROF.js +51 -0
- package/dist/chunk-B7BBPROF.js.map +1 -0
- package/dist/{chunk-OVGB3W3A.cjs → chunk-BADSOKHM.cjs} +5 -6
- package/dist/chunk-BADSOKHM.cjs.map +1 -0
- package/dist/{chunk-YLK5KBXD.js → chunk-BUY6KV2P.js} +3 -4
- package/dist/chunk-BUY6KV2P.js.map +1 -0
- package/dist/{chunk-CSWK4LWY.js → chunk-CQRPG6ZN.js} +3 -4
- package/dist/chunk-CQRPG6ZN.js.map +1 -0
- package/dist/chunk-CZEB3EGU.cjs +401 -0
- package/dist/chunk-CZEB3EGU.cjs.map +1 -0
- package/dist/chunk-D33KMSJH.cjs +53 -0
- package/dist/chunk-D33KMSJH.cjs.map +1 -0
- package/dist/{chunk-4KJRGFNV.cjs → chunk-DRIO222J.cjs} +5 -6
- package/dist/chunk-DRIO222J.cjs.map +1 -0
- package/dist/{chunk-D2SWTZFS.js → chunk-FBGUBMJ7.js} +20 -4
- package/dist/chunk-FBGUBMJ7.js.map +1 -0
- package/dist/chunk-GM3AKU5T.js +10 -0
- package/dist/chunk-GM3AKU5T.js.map +1 -0
- package/dist/{chunk-YIWAUNKU.js → chunk-GOWOD3O4.js} +3 -4
- package/dist/chunk-GOWOD3O4.js.map +1 -0
- package/dist/{chunk-J5JUQRPD.js → chunk-GUJ5RTYJ.js} +3 -4
- package/dist/chunk-GUJ5RTYJ.js.map +1 -0
- package/dist/{chunk-TXDMA4CT.cjs → chunk-H466MBV4.cjs} +5 -6
- package/dist/chunk-H466MBV4.cjs.map +1 -0
- package/dist/{chunk-KCGEV4ZA.cjs → chunk-HZSJXB5C.cjs} +5 -6
- package/dist/chunk-HZSJXB5C.cjs.map +1 -0
- package/dist/{chunk-H5DZOHH7.js → chunk-I7BLN5NZ.js} +3 -4
- package/dist/chunk-I7BLN5NZ.js.map +1 -0
- package/dist/{chunk-V2MQG3FZ.js → chunk-IA7WBVH3.js} +3 -4
- package/dist/chunk-IA7WBVH3.js.map +1 -0
- package/dist/{chunk-XLFQJDYZ.cjs → chunk-IQOXQMON.cjs} +4 -4
- package/dist/{chunk-XLFQJDYZ.cjs.map → chunk-IQOXQMON.cjs.map} +1 -1
- package/dist/{chunk-YGAWVMHH.cjs → chunk-IVIWWOM4.cjs} +5 -6
- package/dist/chunk-IVIWWOM4.cjs.map +1 -0
- package/dist/{chunk-4PT6E6VA.js → chunk-J5WWYWPL.js} +3 -4
- package/dist/chunk-J5WWYWPL.js.map +1 -0
- package/dist/{chunk-NFGQHJVB.cjs → chunk-KZLC2XSZ.cjs} +5 -6
- package/dist/chunk-KZLC2XSZ.cjs.map +1 -0
- package/dist/{chunk-4HORTOGH.js → chunk-LUHYZXJH.js} +3 -4
- package/dist/chunk-LUHYZXJH.js.map +1 -0
- package/dist/{chunk-VFZVLZC6.js → chunk-LY7IR43M.js} +3 -4
- package/dist/chunk-LY7IR43M.js.map +1 -0
- package/dist/{chunk-LUQJU3I3.js → chunk-MIAVX53Y.js} +49 -6
- package/dist/chunk-MIAVX53Y.js.map +1 -0
- package/dist/{chunk-NBUPHAAO.cjs → chunk-MQZT4HJH.cjs} +6 -7
- package/dist/chunk-MQZT4HJH.cjs.map +1 -0
- package/dist/{chunk-A5IFX4KC.js → chunk-MUKQ6HZE.js} +3 -4
- package/dist/chunk-MUKQ6HZE.js.map +1 -0
- package/dist/chunk-NFA5ITNG.cjs +14 -0
- package/dist/chunk-NFA5ITNG.cjs.map +1 -0
- package/dist/{chunk-J7EQLDUU.cjs → chunk-NRDZL6JO.cjs} +8 -9
- package/dist/chunk-NRDZL6JO.cjs.map +1 -0
- package/dist/{chunk-5YTV36EI.js → chunk-NXYJKXJ4.js} +3 -4
- package/dist/chunk-NXYJKXJ4.js.map +1 -0
- package/dist/{chunk-IDYRJ4K3.cjs → chunk-OWGJ3PVA.cjs} +23 -4
- package/dist/chunk-OWGJ3PVA.cjs.map +1 -0
- package/dist/{chunk-W3AFDHXQ.cjs → chunk-PG4D5KCD.cjs} +6 -7
- package/dist/chunk-PG4D5KCD.cjs.map +1 -0
- package/dist/{chunk-AK4ZHM77.cjs → chunk-PHQ66FNI.cjs} +5 -6
- package/dist/chunk-PHQ66FNI.cjs.map +1 -0
- package/dist/{chunk-MQABO6OL.cjs → chunk-Q24BTT5D.cjs} +4 -4
- package/dist/{chunk-MQABO6OL.cjs.map → chunk-Q24BTT5D.cjs.map} +1 -1
- package/dist/{chunk-EEG7YZUY.js → chunk-RHZK7AL7.js} +3 -4
- package/dist/chunk-RHZK7AL7.js.map +1 -0
- package/dist/{chunk-BBRS2HLH.cjs → chunk-SBWZKVAG.cjs} +5 -6
- package/dist/chunk-SBWZKVAG.cjs.map +1 -0
- package/dist/chunk-SCSYXYVM.js +397 -0
- package/dist/chunk-SCSYXYVM.js.map +1 -0
- package/dist/{chunk-S4PI2LUQ.cjs → chunk-SDN6SU7K.cjs} +4 -4
- package/dist/{chunk-S4PI2LUQ.cjs.map → chunk-SDN6SU7K.cjs.map} +1 -1
- package/dist/{chunk-6S4JS7OJ.js → chunk-SUA3D6YF.js} +3 -3
- package/dist/{chunk-6S4JS7OJ.js.map → chunk-SUA3D6YF.js.map} +1 -1
- package/dist/{chunk-FB3E7VS6.cjs → chunk-U3W6XYQQ.cjs} +5 -6
- package/dist/chunk-U3W6XYQQ.cjs.map +1 -0
- package/dist/{chunk-5XKPYMQL.cjs → chunk-ULZPXG4L.cjs} +4 -4
- package/dist/{chunk-5XKPYMQL.cjs.map → chunk-ULZPXG4L.cjs.map} +1 -1
- package/dist/{chunk-2Q75RQ3X.js → chunk-VVDMWSSL.js} +3 -4
- package/dist/chunk-VVDMWSSL.js.map +1 -0
- package/dist/{chunk-VUVBYSYM.js → chunk-W2VWZGA3.js} +3 -4
- package/dist/chunk-W2VWZGA3.js.map +1 -0
- package/dist/{chunk-N37PZ2MB.js → chunk-WDAQJ346.js} +3 -3
- package/dist/{chunk-N37PZ2MB.js.map → chunk-WDAQJ346.js.map} +1 -1
- package/dist/{chunk-53WUPUXH.cjs → chunk-XBCR6YKE.cjs} +8 -9
- package/dist/chunk-XBCR6YKE.cjs.map +1 -0
- package/dist/{chunk-CONUMVLZ.cjs → chunk-XP5FQTAA.cjs} +6 -7
- package/dist/chunk-XP5FQTAA.cjs.map +1 -0
- package/dist/{chunk-MQ554O4E.js → chunk-XZAUQZIO.js} +3 -4
- package/dist/chunk-XZAUQZIO.js.map +1 -0
- package/dist/chunk-Y5QJJWDQ.js +12 -0
- package/dist/chunk-Y5QJJWDQ.js.map +1 -0
- package/dist/{chunk-PWA6XFXA.cjs → chunk-YTF4RQ52.cjs} +5 -6
- package/dist/chunk-YTF4RQ52.cjs.map +1 -0
- package/dist/{chunk-BZO2GTJP.js → chunk-ZIQM4R3L.js} +3 -4
- package/dist/chunk-ZIQM4R3L.js.map +1 -0
- package/dist/constants/index.cjs +23 -0
- package/dist/constants/index.cjs.map +1 -1
- package/dist/constants/index.d.cts +56 -1
- package/dist/constants/index.d.ts +56 -1
- package/dist/constants/index.js +11 -1
- package/dist/constants/index.js.map +1 -1
- package/dist/dataScience/index.cjs +4 -5
- package/dist/dataScience/index.js +2 -3
- package/dist/domain/permissions/index.cjs +5 -5
- package/dist/domain/permissions/index.cjs.map +1 -1
- package/dist/domain/permissions/index.d.cts +3 -2
- package/dist/domain/permissions/index.d.ts +3 -2
- package/dist/domain/permissions/index.js +5 -5
- package/dist/domain/permissions/index.js.map +1 -1
- package/dist/editor/index.cjs +3 -4
- package/dist/editor/index.js +2 -3
- package/dist/encryption/index.cjs +3 -4
- package/dist/encryption/index.d.cts +2 -1
- package/dist/encryption/index.d.ts +2 -1
- package/dist/encryption/index.js +2 -3
- package/dist/encryption/types.d.cts +2 -1
- package/dist/encryption/types.d.ts +2 -1
- package/dist/import/index.cjs +3 -4
- package/dist/import/index.js +2 -3
- package/dist/index.cjs +181 -84
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +3971 -656
- package/dist/index.d.ts +3971 -656
- package/dist/index.js +131 -35
- package/dist/index.js.map +1 -1
- package/dist/management/index.cjs +6 -7
- package/dist/management/index.d.cts +7 -1
- package/dist/management/index.d.ts +7 -1
- package/dist/management/index.js +4 -5
- package/dist/management/types.d.cts +2 -2
- package/dist/management/types.d.ts +2 -2
- package/dist/metastore/index.cjs +3 -4
- package/dist/metastore/index.js +2 -3
- package/dist/notifications/index.cjs +3 -4
- package/dist/notifications/index.js +2 -3
- package/dist/oauth/index.cjs +3 -4
- package/dist/oauth/index.js +2 -3
- package/dist/{project-BKbb7xWn.d.ts → project-BxSa1Ci9.d.ts} +2 -1
- package/dist/{project-cYJhOvzB.d.cts → project-NJuUPx8-.d.cts} +2 -1
- package/dist/queryService/index.cjs +3 -4
- package/dist/queryService/index.js +2 -3
- package/dist/queue/index.cjs +3 -4
- package/dist/queue/index.js +2 -3
- package/dist/registry-nH4Zhbcp.d.cts +886 -0
- package/dist/registry-nH4Zhbcp.d.ts +886 -0
- package/dist/scheduler/index.cjs +3 -4
- package/dist/scheduler/index.js +2 -3
- package/dist/sdk/configurations/index.cjs +3 -3
- package/dist/sdk/configurations/index.d.cts +1629 -221
- package/dist/sdk/configurations/index.d.ts +1629 -221
- package/dist/sdk/configurations/index.js +2 -2
- package/dist/sdk/storage/index.d.cts +4 -3
- package/dist/sdk/storage/index.d.ts +4 -3
- package/dist/sdk/vault/index.d.cts +3 -2
- package/dist/sdk/vault/index.d.ts +3 -2
- package/dist/status/index.cjs +3 -4
- package/dist/status/index.js +2 -3
- package/dist/storage/index.cjs +10 -11
- package/dist/storage/index.d.cts +3 -2
- package/dist/storage/index.d.ts +3 -2
- package/dist/storage/index.js +3 -4
- package/dist/storage/types.d.cts +4 -3
- package/dist/storage/types.d.ts +4 -3
- package/dist/{storageClient-DAglYVkx.d.ts → storageClient-Bk4H2HIw.d.ts} +1 -1
- package/dist/{storageClient-CZpLyDuY.d.cts → storageClient-CB4U57Pr.d.cts} +1 -1
- package/dist/{storageSdk-CoqeaoSG.d.ts → storageSdk-BDrsuMDA.d.ts} +1 -1
- package/dist/{storageSdk-uL-u41Dm.d.cts → storageSdk-wn97Zloc.d.cts} +1 -1
- package/dist/stream/index.cjs +3 -4
- package/dist/stream/index.js +2 -3
- package/dist/syncActions/index.cjs +3 -4
- package/dist/syncActions/index.js +2 -3
- package/dist/telemetry/index.cjs +3 -4
- package/dist/telemetry/index.js +2 -3
- package/dist/{types-Bu8AEdZo.d.cts → types-CMEwVQ78.d.cts} +2 -20
- package/dist/{types-CWK543pL.d.ts → types-D64zThBJ.d.ts} +1 -1
- package/dist/{types-D5FF6mS6.d.cts → types-DsqDUWJn.d.cts} +1 -1
- package/dist/{types-bjHzGr0s.d.ts → types-GmAeMsok.d.ts} +2 -20
- package/dist/{types-DMC601TE.d.cts → types-YEfQ5pAy.d.cts} +20 -1
- package/dist/{types-DMC601TE.d.ts → types-YEfQ5pAy.d.ts} +20 -1
- package/dist/vault/index.cjs +3 -4
- package/dist/vault/index.js +2 -3
- package/dist/verify/index.cjs +3 -4
- package/dist/verify/index.d.cts +2 -1
- package/dist/verify/index.d.ts +2 -1
- package/dist/verify/index.js +2 -3
- package/package.json +7 -3
- package/surface/ai.md +14 -0
- package/surface/assets.md +7 -0
- package/surface/chat.md +19 -0
- package/surface/context.md +40 -0
- package/surface/dataScience.md +19 -0
- package/surface/editor.md +17 -0
- package/surface/encryption.md +9 -0
- package/surface/import.md +7 -0
- package/surface/kaiAgent.md +26 -0
- package/surface/management.md +109 -0
- package/surface/notifications.md +10 -0
- package/surface/oauth.md +10 -0
- package/surface/queryService.md +12 -0
- package/surface/queue.md +8 -0
- package/surface/scheduler.md +12 -0
- package/surface/sdk.md +62 -0
- package/surface/status.md +7 -0
- package/surface/storage.md +182 -0
- package/surface/stream.md +42 -0
- package/surface/syncActions.md +16 -0
- package/surface/telemetry.md +10 -0
- package/surface/vault.md +11 -0
- package/dist/chunk-2Q75RQ3X.js.map +0 -1
- package/dist/chunk-4HORTOGH.js.map +0 -1
- package/dist/chunk-4KJRGFNV.cjs.map +0 -1
- package/dist/chunk-4PT6E6VA.js.map +0 -1
- package/dist/chunk-53WUPUXH.cjs.map +0 -1
- package/dist/chunk-5YTV36EI.js.map +0 -1
- package/dist/chunk-A5IFX4KC.js.map +0 -1
- package/dist/chunk-AK4ZHM77.cjs.map +0 -1
- package/dist/chunk-BBRS2HLH.cjs.map +0 -1
- package/dist/chunk-BZO2GTJP.js.map +0 -1
- package/dist/chunk-CONUMVLZ.cjs.map +0 -1
- package/dist/chunk-CSWK4LWY.js.map +0 -1
- package/dist/chunk-D2SWTZFS.js.map +0 -1
- package/dist/chunk-EEG7YZUY.js.map +0 -1
- package/dist/chunk-FB3E7VS6.cjs.map +0 -1
- package/dist/chunk-H5DZOHH7.js.map +0 -1
- package/dist/chunk-HUMEK64L.cjs.map +0 -1
- package/dist/chunk-IDYRJ4K3.cjs.map +0 -1
- package/dist/chunk-J5JUQRPD.js.map +0 -1
- package/dist/chunk-J7EQLDUU.cjs.map +0 -1
- package/dist/chunk-KCGEV4ZA.cjs.map +0 -1
- package/dist/chunk-LUQJU3I3.js.map +0 -1
- package/dist/chunk-MQ554O4E.js.map +0 -1
- package/dist/chunk-NBUPHAAO.cjs.map +0 -1
- package/dist/chunk-NFGQHJVB.cjs.map +0 -1
- package/dist/chunk-OVGB3W3A.cjs.map +0 -1
- package/dist/chunk-OYSQWNNG.cjs.map +0 -1
- package/dist/chunk-PWA6XFXA.cjs.map +0 -1
- package/dist/chunk-R7MQGDLC.cjs +0 -61
- package/dist/chunk-R7MQGDLC.cjs.map +0 -1
- package/dist/chunk-SI5TFV5M.js +0 -54
- package/dist/chunk-SI5TFV5M.js.map +0 -1
- package/dist/chunk-TD2PFSP6.js +0 -248
- package/dist/chunk-TD2PFSP6.js.map +0 -1
- package/dist/chunk-TXDMA4CT.cjs.map +0 -1
- package/dist/chunk-UYZTOVYS.cjs +0 -252
- package/dist/chunk-UYZTOVYS.cjs.map +0 -1
- package/dist/chunk-V2MQG3FZ.js.map +0 -1
- package/dist/chunk-VFZVLZC6.js.map +0 -1
- package/dist/chunk-VKHQ6BWE.cjs +0 -30
- package/dist/chunk-VKHQ6BWE.cjs.map +0 -1
- package/dist/chunk-VUVBYSYM.js.map +0 -1
- package/dist/chunk-W3AFDHXQ.cjs.map +0 -1
- package/dist/chunk-Y26EBVMH.js.map +0 -1
- package/dist/chunk-YGAWVMHH.cjs.map +0 -1
- package/dist/chunk-YIWAUNKU.js.map +0 -1
- package/dist/chunk-YLK5KBXD.js.map +0 -1
- package/dist/registry-Xwk-vCjf.d.cts +0 -417
- package/dist/registry-Xwk-vCjf.d.ts +0 -417
|
@@ -1,3 +1,58 @@
|
|
|
1
|
+
export { A as AdminRole, B as Backend } from '../backends-BgUzAQul.js';
|
|
2
|
+
|
|
3
|
+
declare const ComponentId: {
|
|
4
|
+
readonly WR_DB_MYSQL: "keboola.wr-db-mysql";
|
|
5
|
+
readonly WR_DB_PGSQL: "keboola.wr-db-pgsql";
|
|
6
|
+
readonly WR_DB_ORACLE: "keboola.wr-db-oracle";
|
|
7
|
+
readonly WR_DB_SNOWFLAKE: "keboola.wr-db-snowflake";
|
|
8
|
+
readonly WR_DB_SNOWFLAKE_GCS: "keboola.wr-db-snowflake-gcs";
|
|
9
|
+
readonly WR_DB_SNOWFLAKE_GCS_S3: "keboola.wr-db-snowflake-gcs-s3";
|
|
10
|
+
readonly WR_SNOWFLAKE_BLOB_STORAGE: "keboola.wr-snowflake-blob-storage";
|
|
11
|
+
readonly WR_LOOKER_V2: "keboola.wr-looker-v2";
|
|
12
|
+
readonly APP_DATA_GATEWAY: "keboola.app-data-gateway";
|
|
13
|
+
readonly WR_SYNAPSE: "keboola.wr-synapse";
|
|
14
|
+
readonly WR_REDSHIFT: "keboola.wr-redshift-v2";
|
|
15
|
+
readonly WR_DB_MSSQL: "keboola.wr-db-mssql-v2";
|
|
16
|
+
readonly WR_DB_HIVE: "keboola.wr-db-hive";
|
|
17
|
+
readonly WR_DB_IMPALA: "keboola.wr-db-impala";
|
|
18
|
+
readonly WR_PAIRITY: "kds-team.wr-pairity";
|
|
19
|
+
readonly WR_EXASOL: "kds-team.wr-exasol";
|
|
20
|
+
readonly WR_FIREBOLT: "kds-team.wr-firebolt";
|
|
21
|
+
readonly WR_HIVE_CSAS: "kds-team.wr-hive-csas";
|
|
22
|
+
readonly WR_THOUGHTSPOT: "keboola.wr-thoughtspot";
|
|
23
|
+
readonly WR_SISENSE: "keboola.wr-sisense";
|
|
24
|
+
readonly SCHEDULER: "keboola.scheduler";
|
|
25
|
+
readonly APP_SNOWFLAKE_DWH_MANAGER: "keboola.app-snowflake-dwh-manager";
|
|
26
|
+
readonly GOODDATA_WRITER: "keboola.gooddata-writer";
|
|
27
|
+
readonly EX_DB_MYSQL: "keboola.ex-db-mysql";
|
|
28
|
+
readonly EX_DB_PGSQL: "keboola.ex-db-pgsql";
|
|
29
|
+
readonly EX_DB_REDSHIFT: "keboola.ex-db-redshift";
|
|
30
|
+
readonly EX_DB_FIREBIRD: "keboola.ex-db-firebird";
|
|
31
|
+
readonly EX_DB_DB2: "keboola.ex-db-db2";
|
|
32
|
+
readonly EX_DB_DB2_BATA: "keboola.ex-db-db2-bata";
|
|
33
|
+
readonly EX_DB_MSSQL: "keboola.ex-db-mssql";
|
|
34
|
+
readonly EX_DB_MSSQL_CDATA: "keboola.ex-db-mssql-cdata";
|
|
35
|
+
readonly EX_DB_ORACLE: "keboola.ex-db-oracle";
|
|
36
|
+
readonly EX_DB_SNOWFLAKE: "keboola.ex-db-snowflake";
|
|
37
|
+
readonly EX_DB_NETSUITE: "keboola.ex-db-netsuite";
|
|
38
|
+
readonly EX_DB_INFORMIX: "keboola.ex-db-informix";
|
|
39
|
+
readonly EX_DB_IMPALA: "keboola.ex-db-impala";
|
|
40
|
+
readonly EX_DB_HIVE: "keboola.ex-db-hive";
|
|
41
|
+
readonly EX_DB_HIVE_CSAS: "keboola.ex-db-hive-csas";
|
|
42
|
+
readonly EX_DB_HIVE_CSAS_TEST: "keboola.ex-db-hive-csas-test";
|
|
43
|
+
readonly EX_TERADATA: "keboola.ex-teradata";
|
|
44
|
+
readonly KDS_EX_NETSUITE: "kds-team.ex-netsuite";
|
|
45
|
+
readonly KDS_EX_PROGRESS_DB: "kds-team.ex-progress-db";
|
|
46
|
+
};
|
|
47
|
+
type ComponentId = (typeof ComponentId)[keyof typeof ComponentId];
|
|
48
|
+
|
|
49
|
+
declare const ProjectFeature: {
|
|
50
|
+
readonly DisableLegacyBucketPrefix: "disable-legacy-bucket-prefix";
|
|
51
|
+
readonly SoxProtectedDefaultBranch: "protected-default-branch";
|
|
52
|
+
readonly StorageBranches: "storage-branches";
|
|
53
|
+
};
|
|
54
|
+
type ProjectFeature = (typeof ProjectFeature)[keyof typeof ProjectFeature];
|
|
55
|
+
|
|
1
56
|
type Provider = 'aws' | 'azure' | 'gcp';
|
|
2
57
|
type Continent = 'us' | 'europe';
|
|
3
58
|
type KeboolaStack = {
|
|
@@ -25,4 +80,4 @@ declare const URLS: {
|
|
|
25
80
|
readonly CLAUDE_CONNECTORS: "https://claude.ai/customize/connectors";
|
|
26
81
|
};
|
|
27
82
|
|
|
28
|
-
export { type Continent, type KeboolaStack, type Provider, STACKS, URLS };
|
|
83
|
+
export { ComponentId, type Continent, type KeboolaStack, ProjectFeature, type Provider, STACKS, URLS };
|
package/dist/constants/index.js
CHANGED
|
@@ -1,3 +1,13 @@
|
|
|
1
|
+
export { AdminRole } from '../chunk-Y5QJJWDQ.js';
|
|
2
|
+
export { ProjectFeature } from '../chunk-GM3AKU5T.js';
|
|
3
|
+
export { ComponentId } from '../chunk-B7BBPROF.js';
|
|
4
|
+
|
|
5
|
+
// src/constants/backends.ts
|
|
6
|
+
var Backend = {
|
|
7
|
+
Snowflake: "snowflake",
|
|
8
|
+
Bigquery: "bigquery"
|
|
9
|
+
};
|
|
10
|
+
|
|
1
11
|
// src/constants/index.ts
|
|
2
12
|
var STACKS = {
|
|
3
13
|
NORTH_EUROPE_AZURE: {
|
|
@@ -137,6 +147,6 @@ var URLS = {
|
|
|
137
147
|
CLAUDE_CONNECTORS: "https://claude.ai/customize/connectors"
|
|
138
148
|
};
|
|
139
149
|
|
|
140
|
-
export { STACKS, URLS };
|
|
150
|
+
export { Backend, STACKS, URLS };
|
|
141
151
|
//# sourceMappingURL=index.js.map
|
|
142
152
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/constants/index.ts"],"names":[],"mappings":";
|
|
1
|
+
{"version":3,"sources":["../../src/constants/backends.ts","../../src/constants/index.ts"],"names":[],"mappings":";;;;;AAAO,IAAM,OAAA,GAAU;AAAA,EACrB,SAAA,EAAW,WAAA;AAAA,EACX,QAAA,EAAU;AACZ;;;ACiBO,IAAM,MAAA,GAAiD;AAAA,EAC5D,kBAAA,EAAoB;AAAA,IAClB,EAAA,EAAI,gCAAA;AAAA,IACJ,MAAA,EAAQ,cAAA;AAAA,IACR,IAAA,EAAM,2CAAA;AAAA,IACN,QAAA,EAAU,OAAA;AAAA,IACV,SAAA,EAAW,QAAA;AAAA,IACX,MAAA,EAAQ;AAAA,GACV;AAAA,EACA,gBAAA,EAAkB;AAAA,IAChB,EAAA,EAAI,kBAAA;AAAA,IACJ,MAAA,EAAQ,cAAA;AAAA,IACR,IAAA,EAAM,qCAAA;AAAA,IACN,QAAA,EAAU,KAAA;AAAA,IACV,SAAA,EAAW;AAAA,GACb;AAAA,EACA,aAAA,EAAe;AAAA,IACb,EAAA,EAAI,eAAA;AAAA,IACJ,MAAA,EAAQ,WAAA;AAAA,IACR,IAAA,EAAM,wBAAA;AAAA,IACN,QAAA,EAAU,KAAA;AAAA,IACV,SAAA,EAAW;AAAA,GACb;AAAA,EACA,gBAAA,EAAkB;AAAA,IAChB,EAAA,EAAI,8BAAA;AAAA,IACJ,MAAA,EAAQ,cAAA;AAAA,IACR,IAAA,EAAM,yCAAA;AAAA,IACN,QAAA,EAAU,KAAA;AAAA,IACV,SAAA,EAAW;AAAA,GACb;AAAA,EACA,aAAA,EAAe;AAAA,IACb,EAAA,EAAI,0BAAA;AAAA,IACJ,MAAA,EAAQ,UAAA;AAAA,IACR,IAAA,EAAM,qCAAA;AAAA,IACN,QAAA,EAAU,KAAA;AAAA,IACV,SAAA,EAAW,IAAA;AAAA,IACX,MAAA,EAAQ;AAAA,GACV;AAAA;AAAA;AAAA,EAIA,GAAA,EAAK;AAAA,IACH,EAAA,EAAI,mBAAA;AAAA,IACJ,IAAA,EAAM,8BAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,SAAA,EAAW;AAAA,IACT,EAAA,EAAI,kBAAA;AAAA,IACJ,IAAA,EAAM,6BAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,SAAA,EAAW;AAAA,IACT,EAAA,EAAI,uBAAA;AAAA,IACJ,IAAA,EAAM,kCAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,MAAA,EAAQ;AAAA,IACN,EAAA,EAAI,0BAAA;AAAA,IACJ,IAAA,EAAM,qCAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,OAAA,EAAS;AAAA,IACP,EAAA,EAAI,uBAAA;AAAA,IACJ,IAAA,EAAM,kCAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,WAAA,EAAa;AAAA,IACX,EAAA,EAAI,0BAAA;AAAA,IACJ,IAAA,EAAM,qCAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,MAAA,EAAQ;AAAA,IACN,EAAA,EAAI,sBAAA;AAAA,IACJ,IAAA,EAAM,iCAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,IAAA,EAAM;AAAA,IACJ,EAAA,EAAI,oBAAA;AAAA,IACJ,IAAA,EAAM,+BAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,IAAA,EAAM;AAAA,IACJ,EAAA,EAAI,oBAAA;AAAA,IACJ,IAAA,EAAM,+BAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,KAAA,EAAO;AAAA,IACL,EAAA,EAAI,qBAAA;AAAA,IACJ,IAAA,EAAM,gCAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,GAAA,EAAK;AAAA,IACH,EAAA,EAAI,mBAAA;AAAA,IACJ,IAAA,EAAM,8BAAA;AAAA,IACN,cAAA,EAAgB;AAAA,GAClB;AAAA,EACA,GAAA,EAAK;AAAA,IACH,EAAA,EAAI,mBAAA;AAAA,IACJ,IAAA,EAAM,8BAAA;AAAA,IACN,cAAA,EAAgB,IAAA;AAAA,IAChB,QAAA,EAAU,OAAA;AAAA,IACV,SAAA,EAAW;AAAA,GACb;AAAA;AAAA;AAAA,EAIA,oBAAA,EAAsB;AAAA,IACpB,EAAA,EAAI,6BAAA;AAAA,IACJ,IAAA,EAAM,wCAAA;AAAA,IACN,SAAA,EAAW;AAAA,GACb;AAAA,EACA,iBAAA,EAAmB;AAAA,IACjB,EAAA,EAAI,2BAAA;AAAA,IACJ,IAAA,EAAM,sCAAA;AAAA,IACN,SAAA,EAAW;AAAA,GACb;AAAA,EACA,mBAAA,EAAqB;AAAA,IACnB,EAAA,EAAI,6BAAA;AAAA,IACJ,IAAA,EAAM,gDAAA;AAAA,IACN,SAAA,EAAW;AAAA,GACb;AAAA,EACA,wBAAA,EAA0B;AAAA,IACxB,EAAA,EAAI,0BAAA;AAAA,IACJ,IAAA,EAAM,qCAAA;AAAA,IACN,QAAA,EAAU;AAAA;AAEd;AAEO,IAAM,IAAA,GAAO;AAAA,EAClB,kBAAA,EAAoB,0BAAA;AAAA,EACpB,UAAA,EAAY,gCAAA;AAAA,EACZ,wBAAA,EAA0B,gCAAA;AAAA,EAC1B,OAAA,EAAS,6BAAA;AAAA,EACT,kBAAA,EAAoB,6BAAA;AAAA,EACpB,SAAA,EAAW,2BAAA;AAAA,EACX,cAAA,EAAgB,4BAAA;AAAA,EAChB,GAAA,EAAK,6BAAA;AAAA,EACL,OAAA,EAAS,uBAAA;AAAA,EACT,iBAAA,EAAmB;AACrB","file":"index.js","sourcesContent":["export const Backend = {\n Snowflake: 'snowflake',\n Bigquery: 'bigquery',\n} as const;\n\nexport type Backend = (typeof Backend)[keyof typeof Backend];\n","export { ComponentId } from './componentId';\nexport { ProjectFeature } from './projectFeatures';\nexport { Backend } from './backends';\nexport { AdminRole } from './adminRoles';\n\nexport type Provider = 'aws' | 'azure' | 'gcp';\nexport type Continent = 'us' | 'europe';\n\nexport type KeboolaStack = {\n id: string;\n host: string;\n isSingleTenant?: boolean;\n isTesting?: boolean;\n isPayg?: boolean;\n provider?: Provider;\n continent?: Continent;\n region?: string;\n isCanary?: boolean;\n};\n\nexport const STACKS: Record<string, Readonly<KeboolaStack>> = {\n NORTH_EUROPE_AZURE: {\n id: 'com-keboola-azure-north-europe',\n region: 'north-europe',\n host: 'connection.north-europe.azure.keboola.com',\n provider: 'azure',\n continent: 'europe',\n isPayg: true,\n },\n EU_CENTRAL_1_AWS: {\n id: 'kbc-eu-central-1',\n region: 'eu-central-1',\n host: 'connection.eu-central-1.keboola.com',\n provider: 'aws',\n continent: 'europe',\n },\n US_EAST_1_AWS: {\n id: 'kbc-us-east-1',\n region: 'us-east-1',\n host: 'connection.keboola.com',\n provider: 'aws',\n continent: 'us',\n },\n EUROPE_WEST3_GCP: {\n id: 'com-keboola-gcp-europe-west3',\n region: 'europe-west3',\n host: 'connection.europe-west3.gcp.keboola.com',\n provider: 'gcp',\n continent: 'europe',\n },\n US_EAST_4_GCP: {\n id: 'com-keboola-gcp-us-east4',\n region: 'us-east4',\n host: 'connection.us-east4.gcp.keboola.com',\n provider: 'gcp',\n continent: 'us',\n isPayg: true,\n },\n\n /* PRIVATE SINGLE TENANT STACKS\n ---------------------------- */\n HCI: {\n id: 'cloud-keboola-hci',\n host: 'connection.hci.keboola.cloud',\n isSingleTenant: true,\n },\n CSAS_PROD: {\n id: 'cloud-keboola-cs',\n host: 'connection.cs.keboola.cloud',\n isSingleTenant: true,\n },\n CSAS_TEST: {\n id: 'cloud-keboola-cs-test',\n host: 'connection.cs-test.keboola.cloud',\n isSingleTenant: true,\n },\n INNOGY: {\n id: 'cloud-keboola-innogy-hub',\n host: 'connection.innogy-hub.keboola.cloud',\n isSingleTenant: true,\n },\n GROUPON: {\n id: 'cloud-keboola-groupon',\n host: 'connection.groupon.keboola.cloud',\n isSingleTenant: true,\n },\n CREDIT_INFO: {\n id: 'cloud-keboola-creditinfo',\n host: 'connection.creditinfo.keboola.cloud',\n isSingleTenant: true,\n },\n COATES: {\n id: 'cloud-keboola-coates',\n host: 'connection.coates.keboola.cloud',\n isSingleTenant: true,\n },\n SLSP: {\n id: 'cloud-keboola-slsp',\n host: 'connection.slsp.keboola.cloud',\n isSingleTenant: true,\n },\n HCKZ: {\n id: 'cloud-keboola-hckz',\n host: 'connection.hckz.keboola.cloud',\n isSingleTenant: true,\n },\n PASHA: {\n id: 'cloud-keboola-pasha',\n host: 'connection.pasha.keboola.cloud',\n isSingleTenant: true,\n },\n RBI: {\n id: 'cloud-keboola-rbi',\n host: 'connection.rbi.keboola.cloud',\n isSingleTenant: true,\n },\n NAH: {\n id: 'cloud-keboola-nah',\n host: 'connection.nah.keboola.cloud',\n isSingleTenant: true,\n provider: 'azure',\n continent: 'us',\n },\n\n /* DEV STACKS\n ---------------------------- */\n DEV_US_CENTRAL_1_GCP: {\n id: 'dev-keboola-gcp-us-central1',\n host: 'connection.us-central1.gcp.keboola.dev',\n isTesting: true,\n },\n DEV_EU_WEST_1_AWS: {\n id: 'dev-keboola-aws-eu-west-1',\n host: 'connection.eu-west-1.aws.keboola.dev',\n isTesting: true,\n },\n DEV_US_EAST_2_AZURE: {\n id: 'kbc-testing-azure-east-us-2',\n host: 'connection.east-us-2.azure.keboola-testing.com',\n isTesting: true,\n },\n DEV_KEBOOLA_CANARY_ORION: {\n id: 'dev-keboola-canary-orion',\n host: 'connection.canary-orion.keboola.dev',\n isCanary: true,\n },\n};\n\nexport const URLS = {\n USER_DOCUMENTATION: 'https://help.keboola.com',\n COMPONENTS: 'https://components.keboola.com',\n DEVELOPERS_DOCUMENTATION: 'https://developers.keboola.com',\n ACADEMY: 'https://academy.keboola.com',\n SALES_CONTACT_FORM: 'https://keboola.com/contact',\n SNOWFLAKE: 'https://www.snowflake.com',\n SNOWFLAKE_DOCS: 'https://docs.snowflake.com',\n MCP: 'https://www.keboola.com/mcp',\n NODE_JS: 'https://nodejs.org/en',\n CLAUDE_CONNECTORS: 'https://claude.ai/customize/connectors',\n} as const;\n"]}
|
|
@@ -1,19 +1,18 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
var
|
|
3
|
+
var chunkAU2OPVRI_cjs = require('../chunk-AU2OPVRI.cjs');
|
|
4
4
|
require('../chunk-MRHQJNWF.cjs');
|
|
5
|
-
require('../chunk-
|
|
6
|
-
require('../chunk-R7MQGDLC.cjs');
|
|
5
|
+
require('../chunk-OWGJ3PVA.cjs');
|
|
7
6
|
|
|
8
7
|
|
|
9
8
|
|
|
10
9
|
Object.defineProperty(exports, "createDataScienceClient", {
|
|
11
10
|
enumerable: true,
|
|
12
|
-
get: function () { return
|
|
11
|
+
get: function () { return chunkAU2OPVRI_cjs.createDataScienceClient; }
|
|
13
12
|
});
|
|
14
13
|
Object.defineProperty(exports, "parseLogLines", {
|
|
15
14
|
enumerable: true,
|
|
16
|
-
get: function () { return
|
|
15
|
+
get: function () { return chunkAU2OPVRI_cjs.parseLogLines; }
|
|
17
16
|
});
|
|
18
17
|
//# sourceMappingURL=index.cjs.map
|
|
19
18
|
//# sourceMappingURL=index.cjs.map
|
|
@@ -1,6 +1,5 @@
|
|
|
1
|
-
export { createDataScienceClient, parseLogLines } from '../chunk-
|
|
1
|
+
export { createDataScienceClient, parseLogLines } from '../chunk-MUKQ6HZE.js';
|
|
2
2
|
import '../chunk-MSI6FVGG.js';
|
|
3
|
-
import '../chunk-
|
|
4
|
-
import '../chunk-SI5TFV5M.js';
|
|
3
|
+
import '../chunk-FBGUBMJ7.js';
|
|
5
4
|
//# sourceMappingURL=index.js.map
|
|
6
5
|
//# sourceMappingURL=index.js.map
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
+
var chunkNFA5ITNG_cjs = require('../../chunk-NFA5ITNG.cjs');
|
|
3
4
|
var chunkGF4XZK5N_cjs = require('../../chunk-GF4XZK5N.cjs');
|
|
4
|
-
var chunkR7MQGDLC_cjs = require('../../chunk-R7MQGDLC.cjs');
|
|
5
5
|
|
|
6
6
|
// src/domain/permissions/errors.ts
|
|
7
7
|
var PermissionDeniedError = class extends Error {
|
|
@@ -19,10 +19,10 @@ var PermissionDeniedError = class extends Error {
|
|
|
19
19
|
|
|
20
20
|
// src/domain/permissions/admin.ts
|
|
21
21
|
var role = (token) => token.admin.role;
|
|
22
|
-
var isAdmin = (token) => role(token) ===
|
|
23
|
-
var isAdminOrShare = (token) => role(token) ===
|
|
24
|
-
var isProductionManager = (token) => role(token) ===
|
|
25
|
-
var isDeveloperOrReviewer = (token) => role(token) ===
|
|
22
|
+
var isAdmin = (token) => role(token) === chunkNFA5ITNG_cjs.AdminRole.Admin;
|
|
23
|
+
var isAdminOrShare = (token) => role(token) === chunkNFA5ITNG_cjs.AdminRole.Admin || role(token) === chunkNFA5ITNG_cjs.AdminRole.Share;
|
|
24
|
+
var isProductionManager = (token) => role(token) === chunkNFA5ITNG_cjs.AdminRole.ProductionManager;
|
|
25
|
+
var isDeveloperOrReviewer = (token) => role(token) === chunkNFA5ITNG_cjs.AdminRole.Developer || role(token) === chunkNFA5ITNG_cjs.AdminRole.Reviewer;
|
|
26
26
|
var assertCanAdmin = (token) => {
|
|
27
27
|
if (!isAdmin(token)) {
|
|
28
28
|
throw new PermissionDeniedError({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/domain/permissions/errors.ts","../../../src/domain/permissions/admin.ts","../../../src/domain/permissions/configurations.ts"],"names":["AdminRoles"],"mappings":";;;;;;AAgBO,IAAM,qBAAA,GAAN,cAAoC,KAAA,CAAM;AAAA,EAC/B,MAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EAEhB,WAAA,CAAY,EAAE,MAAA,EAAQ,MAAA,EAAQ,SAAQ,EAA0D;AAC9F,IAAA,KAAA,CAAM,MAAA,GAAS,sBAAsB,MAAM,CAAA,EAAA,EAAK,MAAM,CAAA,CAAA,CAAA,GAAM,CAAA,mBAAA,EAAsB,MAAM,CAAA,CAAE,CAAA;AAC1F,IAAA,IAAA,CAAK,IAAA,GAAO,uBAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AACF;;;ACfA,IAAM,IAAA,GAAO,CAAC,KAAA,KAAgC,KAAA,CAAM,KAAA,CAAM,IAAA;AAEnD,IAAM,UAAU,CAAC,KAAA,KAAiC,IAAA,CAAK,KAAK,MAAMA,4BAAA,CAAW;AAE7E,IAAM,cAAA,GAAiB,CAAC,KAAA,KAC7B,IAAA,CAAK,KAAK,CAAA,KAAMA,4BAAA,CAAW,KAAA,IAAS,IAAA,CAAK,KAAK,CAAA,KAAMA,4BAAA,CAAW;AAE1D,IAAM,sBAAsB,CAAC,KAAA,KAClC,IAAA,CAAK,KAAK,MAAMA,4BAAA,CAAW;AAEtB,IAAM,qBAAA,GAAwB,CAAC,KAAA,KACpC,IAAA,CAAK,KAAK,CAAA,KAAMA,4BAAA,CAAW,SAAA,IAAa,IAAA,CAAK,KAAK,CAAA,KAAMA,4BAAA,CAAW;AAE9D,IAAM,cAAA,GAAiB,CAAC,KAAA,KAA8B;AAC3D,EAAA,IAAI,CAAC,OAAA,CAAQ,KAAK,CAAA,EAAG;AACnB,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,OAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,cAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,KAA8B;AAClE,EAAA,IAAI,CAAC,cAAA,CAAe,KAAK,CAAA,EAAG;AAC1B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,gBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,uBAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,yBAAA,GAA4B,CAAC,KAAA,KAA8B;AACtE,EAAA,IAAI,CAAC,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC/B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,0BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,wBAAA,GAA2B,CAAC,KAAA,KAA8B;AACrE,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAK,CAAA,EAAG;AACjC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,8BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;;;ACJA,IAAM,aAAA,GAAgB,CAAC,KAAA,EAAqB,GAAA,KAC1C,GAAA,CAAI,kBAAkB,qBAAA,CAAsB,KAAK,CAAA,GAAI,mBAAA,CAAoB,KAAK,CAAA;AAEhF,IAAM,gBAAA,GAAmB,CAAC,GAAA,KACxB,GAAA,CAAI,kBACA,gDAAA,GACA,4CAAA;AAEC,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,uBAAuB,CAAC,KAAA,EAAqB,GAAA,KACxD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,qBAAA,GAAiF,CAC5F,KAAA,KACG,OAAA,CAAQ,KAAK;AAEX,IAAM,kBAAkB,CAAC,KAAA,EAAqB,GAAA,KACnD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,sBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,0BAAA,GAA6B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC9F,EAAA,IAAI,CAAC,oBAAA,CAAqB,KAAA,EAAO,GAAG,CAAA,EAAG;AACrC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,oBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,uBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,2BAAA,GAA8B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC/F,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAU,CAAA,EAAG;AACtC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,qBAAA;AAAA,MACR,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,EAAqB,GAAA,KAAgC;AACzF,EAAA,IAAI,CAAC,eAAA,CAAgB,KAAA,EAAO,GAAG,CAAA,EAAG;AAChC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,eAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF","file":"index.cjs","sourcesContent":["/**\n * @module domain/permissions/errors\n *\n * Stable error contract for permission denials.\n *\n * `PermissionDeniedError` is what every `assertCan*` pair throws on denial. The\n * three public fields are part of the SDK's published contract — consumers\n * (kbc-ui, kai-agent, third-party TS callers) may pattern-match on `action`\n * and surface `reason` in UI, so renames here are breaking changes.\n *\n * PII boundary on `subject`:\n * `subject` is optional and intended for debugging hints only — admin id,\n * role name, configuration id, branch id, etc. It MUST NOT carry the full\n * `StorageToken`, raw tokens, secrets, or any value that could be logged or\n * surfaced to a user without further redaction.\n */\nexport class PermissionDeniedError extends Error {\n public readonly action: string;\n public readonly reason?: string;\n public readonly subject?: string;\n\n constructor({ action, reason, subject }: { action: string; reason?: string; subject?: string }) {\n super(reason ? `Permission denied: ${action} (${reason})` : `Permission denied: ${action}`);\n this.name = 'PermissionDeniedError';\n this.action = action;\n this.reason = reason;\n this.subject = subject;\n }\n}\n","/**\n * @module domain/permissions/admin\n *\n * Baseline admin-role predicates. Token-only — depend purely on the admin\n * role string carried in `StorageToken.admin.role`. Each predicate has an\n * `assertCan*` pair that throws `PermissionDeniedError` with a stable\n * kebab-case `action` field documented per pair.\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\nimport { AdminRoles } from '../../constants';\n\nimport { PermissionDeniedError } from './errors';\n\nconst role = (token: StorageToken): string => token.admin.role;\n\nexport const isAdmin = (token: StorageToken): boolean => role(token) === AdminRoles.ADMIN;\n\nexport const isAdminOrShare = (token: StorageToken): boolean =>\n role(token) === AdminRoles.ADMIN || role(token) === AdminRoles.SHARE;\n\nexport const isProductionManager = (token: StorageToken): boolean =>\n role(token) === AdminRoles.PRODUCTION_MANAGER;\n\nexport const isDeveloperOrReviewer = (token: StorageToken): boolean =>\n role(token) === AdminRoles.DEVELOPER || role(token) === AdminRoles.REVIEWER;\n\nexport const assertCanAdmin = (token: StorageToken): void => {\n if (!isAdmin(token)) {\n throw new PermissionDeniedError({\n action: 'admin',\n reason: `role '${role(token)}' is not admin`,\n });\n }\n};\n\nexport const assertCanAdminOrShare = (token: StorageToken): void => {\n if (!isAdminOrShare(token)) {\n throw new PermissionDeniedError({\n action: 'admin-or-share',\n reason: `role '${role(token)}' is not admin or share`,\n });\n }\n};\n\nexport const assertCanProductionManage = (token: StorageToken): void => {\n if (!isProductionManager(token)) {\n throw new PermissionDeniedError({\n action: 'production-manage',\n reason: `role '${role(token)}' is not productionManager`,\n });\n }\n};\n\nexport const assertCanDevelopOrReview = (token: StorageToken): void => {\n if (!isDeveloperOrReviewer(token)) {\n throw new PermissionDeniedError({\n action: 'develop-or-review',\n reason: `role '${role(token)}' is not developer or reviewer`,\n });\n }\n};\n","/**\n * @module domain/permissions/configurations\n *\n * Predicate pairs guarding the Core SDK configuration workflow methods\n * (create / copy / migrate-from-template / purge / assign-folder). Each\n * predicate composes the baseline admin role predicates with the caller-\n * supplied dev-mode flag from `ctx`.\n *\n * Rule shape:\n * - In a dev branch (`ctx.isDevModeActive === true`) → caller must be a\n * developer or reviewer.\n * - In production (`ctx.isDevModeActive === false`) → caller must be a\n * production manager.\n * - `canPurgeConfiguration` is **admin-only**, regardless of branch mode.\n * Purge is destructive and the situational base rule does not apply —\n * `token.admin.role` is a single scalar, so requiring both \"admin\" and\n * \"developer/reviewer/productionManager\" simultaneously would be an\n * impossible conjunction. The `ctx` parameter is accepted for signature\n * symmetry with the other configuration predicates and ignored.\n *\n * `ctx` is the trailing object argument convention for composed predicates;\n * extra fields land here as future rules grow (see AGENTS.md).\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\n\nimport { isAdmin, isDeveloperOrReviewer, isProductionManager } from './admin';\nimport { PermissionDeniedError } from './errors';\n\n/**\n * Caller-supplied context for configuration predicates.\n *\n * @property isDevModeActive — `true` when the user is operating inside a\n * development branch (any storage branch other than the protected default /\n * production branch); `false` when operating on the default branch in\n * production.\n *\n * How the caller determines this:\n * - The active branch comes from the caller's own routing / app state\n * (e.g. `/branch/:branchId` in kbc-ui).\n * - A branch is \"dev mode\" when it is **not** the default branch returned by\n * `apiClient.storage.devBranches.list()` (where `isDefault === true`).\n * - kbc-ui exposes this through its `RoutesStore.getCurrentRouteParam('branchId')`\n * compared against the default branch id; the api-client itself stays\n * isomorphic and never reads that state directly.\n *\n * Why it changes the rule:\n * - In dev branches Keboola allows broader write access — `developer` and\n * `reviewer` roles may create / copy / migrate configurations because the\n * branch is sandboxed from production.\n * - On the default branch only `productionManager` (or `admin`) may perform\n * the same writes, since changes ship live to production.\n */\nexport type ConfigurationCtx = {\n isDevModeActive: boolean;\n};\n\nconst meetsBaseRule = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n ctx.isDevModeActive ? isDeveloperOrReviewer(token) : isProductionManager(token);\n\nconst baseDenialReason = (ctx: ConfigurationCtx): string =>\n ctx.isDevModeActive\n ? 'dev branch requires developer or reviewer role'\n : 'production requires productionManager role';\n\nexport const canCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canPurgeConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean = (\n token,\n) => isAdmin(token);\n\nexport const canAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const assertCanCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCreateConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'create-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCopyConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'copy-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canMigrateFromTemplate(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'migrate-from-template',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanPurgeConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canPurgeConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'purge-configuration',\n reason: 'purge requires admin role',\n });\n }\n};\n\nexport const assertCanAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canAssignFolder(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'assign-folder',\n reason: baseDenialReason(ctx),\n });\n }\n};\n"]}
|
|
1
|
+
{"version":3,"sources":["../../../src/domain/permissions/errors.ts","../../../src/domain/permissions/admin.ts","../../../src/domain/permissions/configurations.ts"],"names":["AdminRole"],"mappings":";;;;;;AAgBO,IAAM,qBAAA,GAAN,cAAoC,KAAA,CAAM;AAAA,EAC/B,MAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EAEhB,WAAA,CAAY,EAAE,MAAA,EAAQ,MAAA,EAAQ,SAAQ,EAA0D;AAC9F,IAAA,KAAA,CAAM,MAAA,GAAS,sBAAsB,MAAM,CAAA,EAAA,EAAK,MAAM,CAAA,CAAA,CAAA,GAAM,CAAA,mBAAA,EAAsB,MAAM,CAAA,CAAE,CAAA;AAC1F,IAAA,IAAA,CAAK,IAAA,GAAO,uBAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AACF;;;ACfA,IAAM,IAAA,GAAO,CAAC,KAAA,KAAgC,KAAA,CAAM,KAAA,CAAM,IAAA;AAEnD,IAAM,UAAU,CAAC,KAAA,KAAiC,IAAA,CAAK,KAAK,MAAMA,2BAAA,CAAU;AAE5E,IAAM,cAAA,GAAiB,CAAC,KAAA,KAC7B,IAAA,CAAK,KAAK,CAAA,KAAMA,2BAAA,CAAU,KAAA,IAAS,IAAA,CAAK,KAAK,CAAA,KAAMA,2BAAA,CAAU;AAExD,IAAM,sBAAsB,CAAC,KAAA,KAClC,IAAA,CAAK,KAAK,MAAMA,2BAAA,CAAU;AAErB,IAAM,qBAAA,GAAwB,CAAC,KAAA,KACpC,IAAA,CAAK,KAAK,CAAA,KAAMA,2BAAA,CAAU,SAAA,IAAa,IAAA,CAAK,KAAK,CAAA,KAAMA,2BAAA,CAAU;AAE5D,IAAM,cAAA,GAAiB,CAAC,KAAA,KAA8B;AAC3D,EAAA,IAAI,CAAC,OAAA,CAAQ,KAAK,CAAA,EAAG;AACnB,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,OAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,cAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,KAA8B;AAClE,EAAA,IAAI,CAAC,cAAA,CAAe,KAAK,CAAA,EAAG;AAC1B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,gBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,uBAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,yBAAA,GAA4B,CAAC,KAAA,KAA8B;AACtE,EAAA,IAAI,CAAC,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC/B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,0BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,wBAAA,GAA2B,CAAC,KAAA,KAA8B;AACrE,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAK,CAAA,EAAG;AACjC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,8BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;;;ACJA,IAAM,aAAA,GAAgB,CAAC,KAAA,EAAqB,GAAA,KAC1C,GAAA,CAAI,kBAAkB,qBAAA,CAAsB,KAAK,CAAA,GAAI,mBAAA,CAAoB,KAAK,CAAA;AAEhF,IAAM,gBAAA,GAAmB,CAAC,GAAA,KACxB,GAAA,CAAI,kBACA,gDAAA,GACA,4CAAA;AAEC,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,uBAAuB,CAAC,KAAA,EAAqB,GAAA,KACxD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,qBAAA,GAAiF,CAC5F,KAAA,KACG,OAAA,CAAQ,KAAK;AAEX,IAAM,kBAAkB,CAAC,KAAA,EAAqB,GAAA,KACnD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,sBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,0BAAA,GAA6B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC9F,EAAA,IAAI,CAAC,oBAAA,CAAqB,KAAA,EAAO,GAAG,CAAA,EAAG;AACrC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,oBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,uBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,2BAAA,GAA8B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC/F,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAU,CAAA,EAAG;AACtC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,qBAAA;AAAA,MACR,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,EAAqB,GAAA,KAAgC;AACzF,EAAA,IAAI,CAAC,eAAA,CAAgB,KAAA,EAAO,GAAG,CAAA,EAAG;AAChC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,eAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF","file":"index.cjs","sourcesContent":["/**\n * @module domain/permissions/errors\n *\n * Stable error contract for permission denials.\n *\n * `PermissionDeniedError` is what every `assertCan*` pair throws on denial. The\n * three public fields are part of the SDK's published contract — consumers\n * (kbc-ui, kai-agent, third-party TS callers) may pattern-match on `action`\n * and surface `reason` in UI, so renames here are breaking changes.\n *\n * PII boundary on `subject`:\n * `subject` is optional and intended for debugging hints only — admin id,\n * role name, configuration id, branch id, etc. It MUST NOT carry the full\n * `StorageToken`, raw tokens, secrets, or any value that could be logged or\n * surfaced to a user without further redaction.\n */\nexport class PermissionDeniedError extends Error {\n public readonly action: string;\n public readonly reason?: string;\n public readonly subject?: string;\n\n constructor({ action, reason, subject }: { action: string; reason?: string; subject?: string }) {\n super(reason ? `Permission denied: ${action} (${reason})` : `Permission denied: ${action}`);\n this.name = 'PermissionDeniedError';\n this.action = action;\n this.reason = reason;\n this.subject = subject;\n }\n}\n","/**\n * @module domain/permissions/admin\n *\n * Baseline admin-role predicates. Token-only — depend purely on the admin\n * role string carried in `StorageToken.admin.role`. Each predicate has an\n * `assertCan*` pair that throws `PermissionDeniedError` with a stable\n * kebab-case `action` field documented per pair.\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\nimport { AdminRole } from '../../constants/adminRoles';\n\nimport { PermissionDeniedError } from './errors';\n\nconst role = (token: StorageToken): string => token.admin.role;\n\nexport const isAdmin = (token: StorageToken): boolean => role(token) === AdminRole.Admin;\n\nexport const isAdminOrShare = (token: StorageToken): boolean =>\n role(token) === AdminRole.Admin || role(token) === AdminRole.Share;\n\nexport const isProductionManager = (token: StorageToken): boolean =>\n role(token) === AdminRole.ProductionManager;\n\nexport const isDeveloperOrReviewer = (token: StorageToken): boolean =>\n role(token) === AdminRole.Developer || role(token) === AdminRole.Reviewer;\n\nexport const assertCanAdmin = (token: StorageToken): void => {\n if (!isAdmin(token)) {\n throw new PermissionDeniedError({\n action: 'admin',\n reason: `role '${role(token)}' is not admin`,\n });\n }\n};\n\nexport const assertCanAdminOrShare = (token: StorageToken): void => {\n if (!isAdminOrShare(token)) {\n throw new PermissionDeniedError({\n action: 'admin-or-share',\n reason: `role '${role(token)}' is not admin or share`,\n });\n }\n};\n\nexport const assertCanProductionManage = (token: StorageToken): void => {\n if (!isProductionManager(token)) {\n throw new PermissionDeniedError({\n action: 'production-manage',\n reason: `role '${role(token)}' is not productionManager`,\n });\n }\n};\n\nexport const assertCanDevelopOrReview = (token: StorageToken): void => {\n if (!isDeveloperOrReviewer(token)) {\n throw new PermissionDeniedError({\n action: 'develop-or-review',\n reason: `role '${role(token)}' is not developer or reviewer`,\n });\n }\n};\n","/**\n * @module domain/permissions/configurations\n *\n * Predicate pairs guarding the Core SDK configuration workflow methods\n * (create / copy / migrate-from-template / purge / assign-folder). Each\n * predicate composes the baseline admin role predicates with the caller-\n * supplied dev-mode flag from `ctx`.\n *\n * Rule shape:\n * - In a dev branch (`ctx.isDevModeActive === true`) → caller must be a\n * developer or reviewer.\n * - In production (`ctx.isDevModeActive === false`) → caller must be a\n * production manager.\n * - `canPurgeConfiguration` is **admin-only**, regardless of branch mode.\n * Purge is destructive and the situational base rule does not apply —\n * `token.admin.role` is a single scalar, so requiring both \"admin\" and\n * \"developer/reviewer/productionManager\" simultaneously would be an\n * impossible conjunction. The `ctx` parameter is accepted for signature\n * symmetry with the other configuration predicates and ignored.\n *\n * `ctx` is the trailing object argument convention for composed predicates;\n * extra fields land here as future rules grow (see AGENTS.md).\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\n\nimport { isAdmin, isDeveloperOrReviewer, isProductionManager } from './admin';\nimport { PermissionDeniedError } from './errors';\n\n/**\n * Caller-supplied context for configuration predicates.\n *\n * @property isDevModeActive — `true` when the user is operating inside a\n * development branch (any storage branch other than the protected default /\n * production branch); `false` when operating on the default branch in\n * production.\n *\n * How the caller determines this:\n * - The active branch comes from the caller's own routing / app state\n * (e.g. `/branch/:branchId` in kbc-ui).\n * - A branch is \"dev mode\" when it is **not** the default branch returned by\n * `apiClient.storage.devBranches.list()` (where `isDefault === true`).\n * - kbc-ui exposes this through its `RoutesStore.getCurrentRouteParam('branchId')`\n * compared against the default branch id; the api-client itself stays\n * isomorphic and never reads that state directly.\n *\n * Why it changes the rule:\n * - In dev branches Keboola allows broader write access — `developer` and\n * `reviewer` roles may create / copy / migrate configurations because the\n * branch is sandboxed from production.\n * - On the default branch only `productionManager` (or `admin`) may perform\n * the same writes, since changes ship live to production.\n */\nexport type ConfigurationCtx = {\n isDevModeActive: boolean;\n};\n\nconst meetsBaseRule = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n ctx.isDevModeActive ? isDeveloperOrReviewer(token) : isProductionManager(token);\n\nconst baseDenialReason = (ctx: ConfigurationCtx): string =>\n ctx.isDevModeActive\n ? 'dev branch requires developer or reviewer role'\n : 'production requires productionManager role';\n\nexport const canCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canPurgeConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean = (\n token,\n) => isAdmin(token);\n\nexport const canAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const assertCanCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCreateConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'create-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCopyConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'copy-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canMigrateFromTemplate(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'migrate-from-template',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanPurgeConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canPurgeConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'purge-configuration',\n reason: 'purge requires admin role',\n });\n }\n};\n\nexport const assertCanAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canAssignFolder(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'assign-folder',\n reason: baseDenialReason(ctx),\n });\n }\n};\n"]}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
|
-
import { S as StorageToken } from '../../types-
|
|
2
|
-
export { h as hasAdminFeature, a as hasFeature } from '../../project-
|
|
1
|
+
import { S as StorageToken } from '../../types-CMEwVQ78.cjs';
|
|
2
|
+
export { h as hasAdminFeature, a as hasFeature } from '../../project-NJuUPx8-.cjs';
|
|
3
|
+
import '../../backends-BgUzAQul.cjs';
|
|
3
4
|
import '../../types-jKnx7Tm_.cjs';
|
|
4
5
|
|
|
5
6
|
/**
|
|
@@ -1,5 +1,6 @@
|
|
|
1
|
-
import { S as StorageToken } from '../../types-
|
|
2
|
-
export { h as hasAdminFeature, a as hasFeature } from '../../project-
|
|
1
|
+
import { S as StorageToken } from '../../types-GmAeMsok.js';
|
|
2
|
+
export { h as hasAdminFeature, a as hasFeature } from '../../project-BxSa1Ci9.js';
|
|
3
|
+
import '../../backends-BgUzAQul.js';
|
|
3
4
|
import '../../types-jKnx7Tm_.js';
|
|
4
5
|
|
|
5
6
|
/**
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
+
import { AdminRole } from '../../chunk-Y5QJJWDQ.js';
|
|
1
2
|
export { hasAdminFeature, hasFeature } from '../../chunk-UABYNGBZ.js';
|
|
2
|
-
import { AdminRoles } from '../../chunk-SI5TFV5M.js';
|
|
3
3
|
|
|
4
4
|
// src/domain/permissions/errors.ts
|
|
5
5
|
var PermissionDeniedError = class extends Error {
|
|
@@ -17,10 +17,10 @@ var PermissionDeniedError = class extends Error {
|
|
|
17
17
|
|
|
18
18
|
// src/domain/permissions/admin.ts
|
|
19
19
|
var role = (token) => token.admin.role;
|
|
20
|
-
var isAdmin = (token) => role(token) ===
|
|
21
|
-
var isAdminOrShare = (token) => role(token) ===
|
|
22
|
-
var isProductionManager = (token) => role(token) ===
|
|
23
|
-
var isDeveloperOrReviewer = (token) => role(token) ===
|
|
20
|
+
var isAdmin = (token) => role(token) === AdminRole.Admin;
|
|
21
|
+
var isAdminOrShare = (token) => role(token) === AdminRole.Admin || role(token) === AdminRole.Share;
|
|
22
|
+
var isProductionManager = (token) => role(token) === AdminRole.ProductionManager;
|
|
23
|
+
var isDeveloperOrReviewer = (token) => role(token) === AdminRole.Developer || role(token) === AdminRole.Reviewer;
|
|
24
24
|
var assertCanAdmin = (token) => {
|
|
25
25
|
if (!isAdmin(token)) {
|
|
26
26
|
throw new PermissionDeniedError({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/domain/permissions/errors.ts","../../../src/domain/permissions/admin.ts","../../../src/domain/permissions/configurations.ts"],"names":[],"mappings":";;;;AAgBO,IAAM,qBAAA,GAAN,cAAoC,KAAA,CAAM;AAAA,EAC/B,MAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EAEhB,WAAA,CAAY,EAAE,MAAA,EAAQ,MAAA,EAAQ,SAAQ,EAA0D;AAC9F,IAAA,KAAA,CAAM,MAAA,GAAS,sBAAsB,MAAM,CAAA,EAAA,EAAK,MAAM,CAAA,CAAA,CAAA,GAAM,CAAA,mBAAA,EAAsB,MAAM,CAAA,CAAE,CAAA;AAC1F,IAAA,IAAA,CAAK,IAAA,GAAO,uBAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AACF;;;ACfA,IAAM,IAAA,GAAO,CAAC,KAAA,KAAgC,KAAA,CAAM,KAAA,CAAM,IAAA;AAEnD,IAAM,UAAU,CAAC,KAAA,KAAiC,IAAA,CAAK,KAAK,MAAM,UAAA,CAAW;AAE7E,IAAM,cAAA,GAAiB,CAAC,KAAA,KAC7B,IAAA,CAAK,KAAK,CAAA,KAAM,UAAA,CAAW,KAAA,IAAS,IAAA,CAAK,KAAK,CAAA,KAAM,UAAA,CAAW;AAE1D,IAAM,sBAAsB,CAAC,KAAA,KAClC,IAAA,CAAK,KAAK,MAAM,UAAA,CAAW;AAEtB,IAAM,qBAAA,GAAwB,CAAC,KAAA,KACpC,IAAA,CAAK,KAAK,CAAA,KAAM,UAAA,CAAW,SAAA,IAAa,IAAA,CAAK,KAAK,CAAA,KAAM,UAAA,CAAW;AAE9D,IAAM,cAAA,GAAiB,CAAC,KAAA,KAA8B;AAC3D,EAAA,IAAI,CAAC,OAAA,CAAQ,KAAK,CAAA,EAAG;AACnB,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,OAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,cAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,KAA8B;AAClE,EAAA,IAAI,CAAC,cAAA,CAAe,KAAK,CAAA,EAAG;AAC1B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,gBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,uBAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,yBAAA,GAA4B,CAAC,KAAA,KAA8B;AACtE,EAAA,IAAI,CAAC,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC/B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,0BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,wBAAA,GAA2B,CAAC,KAAA,KAA8B;AACrE,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAK,CAAA,EAAG;AACjC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,8BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;;;ACJA,IAAM,aAAA,GAAgB,CAAC,KAAA,EAAqB,GAAA,KAC1C,GAAA,CAAI,kBAAkB,qBAAA,CAAsB,KAAK,CAAA,GAAI,mBAAA,CAAoB,KAAK,CAAA;AAEhF,IAAM,gBAAA,GAAmB,CAAC,GAAA,KACxB,GAAA,CAAI,kBACA,gDAAA,GACA,4CAAA;AAEC,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,uBAAuB,CAAC,KAAA,EAAqB,GAAA,KACxD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,qBAAA,GAAiF,CAC5F,KAAA,KACG,OAAA,CAAQ,KAAK;AAEX,IAAM,kBAAkB,CAAC,KAAA,EAAqB,GAAA,KACnD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,sBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,0BAAA,GAA6B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC9F,EAAA,IAAI,CAAC,oBAAA,CAAqB,KAAA,EAAO,GAAG,CAAA,EAAG;AACrC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,oBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,uBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,2BAAA,GAA8B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC/F,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAU,CAAA,EAAG;AACtC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,qBAAA;AAAA,MACR,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,EAAqB,GAAA,KAAgC;AACzF,EAAA,IAAI,CAAC,eAAA,CAAgB,KAAA,EAAO,GAAG,CAAA,EAAG;AAChC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,eAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF","file":"index.js","sourcesContent":["/**\n * @module domain/permissions/errors\n *\n * Stable error contract for permission denials.\n *\n * `PermissionDeniedError` is what every `assertCan*` pair throws on denial. The\n * three public fields are part of the SDK's published contract — consumers\n * (kbc-ui, kai-agent, third-party TS callers) may pattern-match on `action`\n * and surface `reason` in UI, so renames here are breaking changes.\n *\n * PII boundary on `subject`:\n * `subject` is optional and intended for debugging hints only — admin id,\n * role name, configuration id, branch id, etc. It MUST NOT carry the full\n * `StorageToken`, raw tokens, secrets, or any value that could be logged or\n * surfaced to a user without further redaction.\n */\nexport class PermissionDeniedError extends Error {\n public readonly action: string;\n public readonly reason?: string;\n public readonly subject?: string;\n\n constructor({ action, reason, subject }: { action: string; reason?: string; subject?: string }) {\n super(reason ? `Permission denied: ${action} (${reason})` : `Permission denied: ${action}`);\n this.name = 'PermissionDeniedError';\n this.action = action;\n this.reason = reason;\n this.subject = subject;\n }\n}\n","/**\n * @module domain/permissions/admin\n *\n * Baseline admin-role predicates. Token-only — depend purely on the admin\n * role string carried in `StorageToken.admin.role`. Each predicate has an\n * `assertCan*` pair that throws `PermissionDeniedError` with a stable\n * kebab-case `action` field documented per pair.\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\nimport { AdminRoles } from '../../constants';\n\nimport { PermissionDeniedError } from './errors';\n\nconst role = (token: StorageToken): string => token.admin.role;\n\nexport const isAdmin = (token: StorageToken): boolean => role(token) === AdminRoles.ADMIN;\n\nexport const isAdminOrShare = (token: StorageToken): boolean =>\n role(token) === AdminRoles.ADMIN || role(token) === AdminRoles.SHARE;\n\nexport const isProductionManager = (token: StorageToken): boolean =>\n role(token) === AdminRoles.PRODUCTION_MANAGER;\n\nexport const isDeveloperOrReviewer = (token: StorageToken): boolean =>\n role(token) === AdminRoles.DEVELOPER || role(token) === AdminRoles.REVIEWER;\n\nexport const assertCanAdmin = (token: StorageToken): void => {\n if (!isAdmin(token)) {\n throw new PermissionDeniedError({\n action: 'admin',\n reason: `role '${role(token)}' is not admin`,\n });\n }\n};\n\nexport const assertCanAdminOrShare = (token: StorageToken): void => {\n if (!isAdminOrShare(token)) {\n throw new PermissionDeniedError({\n action: 'admin-or-share',\n reason: `role '${role(token)}' is not admin or share`,\n });\n }\n};\n\nexport const assertCanProductionManage = (token: StorageToken): void => {\n if (!isProductionManager(token)) {\n throw new PermissionDeniedError({\n action: 'production-manage',\n reason: `role '${role(token)}' is not productionManager`,\n });\n }\n};\n\nexport const assertCanDevelopOrReview = (token: StorageToken): void => {\n if (!isDeveloperOrReviewer(token)) {\n throw new PermissionDeniedError({\n action: 'develop-or-review',\n reason: `role '${role(token)}' is not developer or reviewer`,\n });\n }\n};\n","/**\n * @module domain/permissions/configurations\n *\n * Predicate pairs guarding the Core SDK configuration workflow methods\n * (create / copy / migrate-from-template / purge / assign-folder). Each\n * predicate composes the baseline admin role predicates with the caller-\n * supplied dev-mode flag from `ctx`.\n *\n * Rule shape:\n * - In a dev branch (`ctx.isDevModeActive === true`) → caller must be a\n * developer or reviewer.\n * - In production (`ctx.isDevModeActive === false`) → caller must be a\n * production manager.\n * - `canPurgeConfiguration` is **admin-only**, regardless of branch mode.\n * Purge is destructive and the situational base rule does not apply —\n * `token.admin.role` is a single scalar, so requiring both \"admin\" and\n * \"developer/reviewer/productionManager\" simultaneously would be an\n * impossible conjunction. The `ctx` parameter is accepted for signature\n * symmetry with the other configuration predicates and ignored.\n *\n * `ctx` is the trailing object argument convention for composed predicates;\n * extra fields land here as future rules grow (see AGENTS.md).\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\n\nimport { isAdmin, isDeveloperOrReviewer, isProductionManager } from './admin';\nimport { PermissionDeniedError } from './errors';\n\n/**\n * Caller-supplied context for configuration predicates.\n *\n * @property isDevModeActive — `true` when the user is operating inside a\n * development branch (any storage branch other than the protected default /\n * production branch); `false` when operating on the default branch in\n * production.\n *\n * How the caller determines this:\n * - The active branch comes from the caller's own routing / app state\n * (e.g. `/branch/:branchId` in kbc-ui).\n * - A branch is \"dev mode\" when it is **not** the default branch returned by\n * `apiClient.storage.devBranches.list()` (where `isDefault === true`).\n * - kbc-ui exposes this through its `RoutesStore.getCurrentRouteParam('branchId')`\n * compared against the default branch id; the api-client itself stays\n * isomorphic and never reads that state directly.\n *\n * Why it changes the rule:\n * - In dev branches Keboola allows broader write access — `developer` and\n * `reviewer` roles may create / copy / migrate configurations because the\n * branch is sandboxed from production.\n * - On the default branch only `productionManager` (or `admin`) may perform\n * the same writes, since changes ship live to production.\n */\nexport type ConfigurationCtx = {\n isDevModeActive: boolean;\n};\n\nconst meetsBaseRule = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n ctx.isDevModeActive ? isDeveloperOrReviewer(token) : isProductionManager(token);\n\nconst baseDenialReason = (ctx: ConfigurationCtx): string =>\n ctx.isDevModeActive\n ? 'dev branch requires developer or reviewer role'\n : 'production requires productionManager role';\n\nexport const canCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canPurgeConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean = (\n token,\n) => isAdmin(token);\n\nexport const canAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const assertCanCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCreateConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'create-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCopyConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'copy-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canMigrateFromTemplate(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'migrate-from-template',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanPurgeConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canPurgeConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'purge-configuration',\n reason: 'purge requires admin role',\n });\n }\n};\n\nexport const assertCanAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canAssignFolder(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'assign-folder',\n reason: baseDenialReason(ctx),\n });\n }\n};\n"]}
|
|
1
|
+
{"version":3,"sources":["../../../src/domain/permissions/errors.ts","../../../src/domain/permissions/admin.ts","../../../src/domain/permissions/configurations.ts"],"names":[],"mappings":";;;;AAgBO,IAAM,qBAAA,GAAN,cAAoC,KAAA,CAAM;AAAA,EAC/B,MAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EAEhB,WAAA,CAAY,EAAE,MAAA,EAAQ,MAAA,EAAQ,SAAQ,EAA0D;AAC9F,IAAA,KAAA,CAAM,MAAA,GAAS,sBAAsB,MAAM,CAAA,EAAA,EAAK,MAAM,CAAA,CAAA,CAAA,GAAM,CAAA,mBAAA,EAAsB,MAAM,CAAA,CAAE,CAAA;AAC1F,IAAA,IAAA,CAAK,IAAA,GAAO,uBAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AACF;;;ACfA,IAAM,IAAA,GAAO,CAAC,KAAA,KAAgC,KAAA,CAAM,KAAA,CAAM,IAAA;AAEnD,IAAM,UAAU,CAAC,KAAA,KAAiC,IAAA,CAAK,KAAK,MAAM,SAAA,CAAU;AAE5E,IAAM,cAAA,GAAiB,CAAC,KAAA,KAC7B,IAAA,CAAK,KAAK,CAAA,KAAM,SAAA,CAAU,KAAA,IAAS,IAAA,CAAK,KAAK,CAAA,KAAM,SAAA,CAAU;AAExD,IAAM,sBAAsB,CAAC,KAAA,KAClC,IAAA,CAAK,KAAK,MAAM,SAAA,CAAU;AAErB,IAAM,qBAAA,GAAwB,CAAC,KAAA,KACpC,IAAA,CAAK,KAAK,CAAA,KAAM,SAAA,CAAU,SAAA,IAAa,IAAA,CAAK,KAAK,CAAA,KAAM,SAAA,CAAU;AAE5D,IAAM,cAAA,GAAiB,CAAC,KAAA,KAA8B;AAC3D,EAAA,IAAI,CAAC,OAAA,CAAQ,KAAK,CAAA,EAAG;AACnB,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,OAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,cAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,KAA8B;AAClE,EAAA,IAAI,CAAC,cAAA,CAAe,KAAK,CAAA,EAAG;AAC1B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,gBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,uBAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,yBAAA,GAA4B,CAAC,KAAA,KAA8B;AACtE,EAAA,IAAI,CAAC,mBAAA,CAAoB,KAAK,CAAA,EAAG;AAC/B,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,0BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,wBAAA,GAA2B,CAAC,KAAA,KAA8B;AACrE,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAK,CAAA,EAAG;AACjC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,mBAAA;AAAA,MACR,MAAA,EAAQ,CAAA,MAAA,EAAS,IAAA,CAAK,KAAK,CAAC,CAAA,8BAAA;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;;;ACJA,IAAM,aAAA,GAAgB,CAAC,KAAA,EAAqB,GAAA,KAC1C,GAAA,CAAI,kBAAkB,qBAAA,CAAsB,KAAK,CAAA,GAAI,mBAAA,CAAoB,KAAK,CAAA;AAEhF,IAAM,gBAAA,GAAmB,CAAC,GAAA,KACxB,GAAA,CAAI,kBACA,gDAAA,GACA,4CAAA;AAEC,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,uBAAuB,CAAC,KAAA,EAAqB,GAAA,KACxD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,yBAAyB,CAAC,KAAA,EAAqB,GAAA,KAC1D,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,qBAAA,GAAiF,CAC5F,KAAA,KACG,OAAA,CAAQ,KAAK;AAEX,IAAM,kBAAkB,CAAC,KAAA,EAAqB,GAAA,KACnD,aAAA,CAAc,OAAO,GAAG;AAEnB,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,sBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,0BAAA,GAA6B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC9F,EAAA,IAAI,CAAC,oBAAA,CAAqB,KAAA,EAAO,GAAG,CAAA,EAAG;AACrC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,oBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,4BAAA,GAA+B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAChG,EAAA,IAAI,CAAC,sBAAA,CAAuB,KAAA,EAAO,GAAG,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,uBAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF;AAEO,IAAM,2BAAA,GAA8B,CAAC,KAAA,EAAqB,GAAA,KAAgC;AAC/F,EAAA,IAAI,CAAC,qBAAA,CAAsB,KAAU,CAAA,EAAG;AACtC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,qBAAA;AAAA,MACR,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH;AACF;AAEO,IAAM,qBAAA,GAAwB,CAAC,KAAA,EAAqB,GAAA,KAAgC;AACzF,EAAA,IAAI,CAAC,eAAA,CAAgB,KAAA,EAAO,GAAG,CAAA,EAAG;AAChC,IAAA,MAAM,IAAI,qBAAA,CAAsB;AAAA,MAC9B,MAAA,EAAQ,eAAA;AAAA,MACR,MAAA,EAAQ,iBAAiB,GAAG;AAAA,KAC7B,CAAA;AAAA,EACH;AACF","file":"index.js","sourcesContent":["/**\n * @module domain/permissions/errors\n *\n * Stable error contract for permission denials.\n *\n * `PermissionDeniedError` is what every `assertCan*` pair throws on denial. The\n * three public fields are part of the SDK's published contract — consumers\n * (kbc-ui, kai-agent, third-party TS callers) may pattern-match on `action`\n * and surface `reason` in UI, so renames here are breaking changes.\n *\n * PII boundary on `subject`:\n * `subject` is optional and intended for debugging hints only — admin id,\n * role name, configuration id, branch id, etc. It MUST NOT carry the full\n * `StorageToken`, raw tokens, secrets, or any value that could be logged or\n * surfaced to a user without further redaction.\n */\nexport class PermissionDeniedError extends Error {\n public readonly action: string;\n public readonly reason?: string;\n public readonly subject?: string;\n\n constructor({ action, reason, subject }: { action: string; reason?: string; subject?: string }) {\n super(reason ? `Permission denied: ${action} (${reason})` : `Permission denied: ${action}`);\n this.name = 'PermissionDeniedError';\n this.action = action;\n this.reason = reason;\n this.subject = subject;\n }\n}\n","/**\n * @module domain/permissions/admin\n *\n * Baseline admin-role predicates. Token-only — depend purely on the admin\n * role string carried in `StorageToken.admin.role`. Each predicate has an\n * `assertCan*` pair that throws `PermissionDeniedError` with a stable\n * kebab-case `action` field documented per pair.\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\nimport { AdminRole } from '../../constants/adminRoles';\n\nimport { PermissionDeniedError } from './errors';\n\nconst role = (token: StorageToken): string => token.admin.role;\n\nexport const isAdmin = (token: StorageToken): boolean => role(token) === AdminRole.Admin;\n\nexport const isAdminOrShare = (token: StorageToken): boolean =>\n role(token) === AdminRole.Admin || role(token) === AdminRole.Share;\n\nexport const isProductionManager = (token: StorageToken): boolean =>\n role(token) === AdminRole.ProductionManager;\n\nexport const isDeveloperOrReviewer = (token: StorageToken): boolean =>\n role(token) === AdminRole.Developer || role(token) === AdminRole.Reviewer;\n\nexport const assertCanAdmin = (token: StorageToken): void => {\n if (!isAdmin(token)) {\n throw new PermissionDeniedError({\n action: 'admin',\n reason: `role '${role(token)}' is not admin`,\n });\n }\n};\n\nexport const assertCanAdminOrShare = (token: StorageToken): void => {\n if (!isAdminOrShare(token)) {\n throw new PermissionDeniedError({\n action: 'admin-or-share',\n reason: `role '${role(token)}' is not admin or share`,\n });\n }\n};\n\nexport const assertCanProductionManage = (token: StorageToken): void => {\n if (!isProductionManager(token)) {\n throw new PermissionDeniedError({\n action: 'production-manage',\n reason: `role '${role(token)}' is not productionManager`,\n });\n }\n};\n\nexport const assertCanDevelopOrReview = (token: StorageToken): void => {\n if (!isDeveloperOrReviewer(token)) {\n throw new PermissionDeniedError({\n action: 'develop-or-review',\n reason: `role '${role(token)}' is not developer or reviewer`,\n });\n }\n};\n","/**\n * @module domain/permissions/configurations\n *\n * Predicate pairs guarding the Core SDK configuration workflow methods\n * (create / copy / migrate-from-template / purge / assign-folder). Each\n * predicate composes the baseline admin role predicates with the caller-\n * supplied dev-mode flag from `ctx`.\n *\n * Rule shape:\n * - In a dev branch (`ctx.isDevModeActive === true`) → caller must be a\n * developer or reviewer.\n * - In production (`ctx.isDevModeActive === false`) → caller must be a\n * production manager.\n * - `canPurgeConfiguration` is **admin-only**, regardless of branch mode.\n * Purge is destructive and the situational base rule does not apply —\n * `token.admin.role` is a single scalar, so requiring both \"admin\" and\n * \"developer/reviewer/productionManager\" simultaneously would be an\n * impossible conjunction. The `ctx` parameter is accepted for signature\n * symmetry with the other configuration predicates and ignored.\n *\n * `ctx` is the trailing object argument convention for composed predicates;\n * extra fields land here as future rules grow (see AGENTS.md).\n */\nimport type { StorageToken } from '../../clients/storage/tokens/types';\n\nimport { isAdmin, isDeveloperOrReviewer, isProductionManager } from './admin';\nimport { PermissionDeniedError } from './errors';\n\n/**\n * Caller-supplied context for configuration predicates.\n *\n * @property isDevModeActive — `true` when the user is operating inside a\n * development branch (any storage branch other than the protected default /\n * production branch); `false` when operating on the default branch in\n * production.\n *\n * How the caller determines this:\n * - The active branch comes from the caller's own routing / app state\n * (e.g. `/branch/:branchId` in kbc-ui).\n * - A branch is \"dev mode\" when it is **not** the default branch returned by\n * `apiClient.storage.devBranches.list()` (where `isDefault === true`).\n * - kbc-ui exposes this through its `RoutesStore.getCurrentRouteParam('branchId')`\n * compared against the default branch id; the api-client itself stays\n * isomorphic and never reads that state directly.\n *\n * Why it changes the rule:\n * - In dev branches Keboola allows broader write access — `developer` and\n * `reviewer` roles may create / copy / migrate configurations because the\n * branch is sandboxed from production.\n * - On the default branch only `productionManager` (or `admin`) may perform\n * the same writes, since changes ship live to production.\n */\nexport type ConfigurationCtx = {\n isDevModeActive: boolean;\n};\n\nconst meetsBaseRule = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n ctx.isDevModeActive ? isDeveloperOrReviewer(token) : isProductionManager(token);\n\nconst baseDenialReason = (ctx: ConfigurationCtx): string =>\n ctx.isDevModeActive\n ? 'dev branch requires developer or reviewer role'\n : 'production requires productionManager role';\n\nexport const canCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const canPurgeConfiguration: (token: StorageToken, ctx: ConfigurationCtx) => boolean = (\n token,\n) => isAdmin(token);\n\nexport const canAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): boolean =>\n meetsBaseRule(token, ctx);\n\nexport const assertCanCreateConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCreateConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'create-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanCopyConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canCopyConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'copy-configuration',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanMigrateFromTemplate = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canMigrateFromTemplate(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'migrate-from-template',\n reason: baseDenialReason(ctx),\n });\n }\n};\n\nexport const assertCanPurgeConfiguration = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canPurgeConfiguration(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'purge-configuration',\n reason: 'purge requires admin role',\n });\n }\n};\n\nexport const assertCanAssignFolder = (token: StorageToken, ctx: ConfigurationCtx): void => {\n if (!canAssignFolder(token, ctx)) {\n throw new PermissionDeniedError({\n action: 'assign-folder',\n reason: baseDenialReason(ctx),\n });\n }\n};\n"]}
|
package/dist/editor/index.cjs
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
var
|
|
4
|
-
require('../chunk-
|
|
5
|
-
require('../chunk-R7MQGDLC.cjs');
|
|
3
|
+
var chunkH466MBV4_cjs = require('../chunk-H466MBV4.cjs');
|
|
4
|
+
require('../chunk-OWGJ3PVA.cjs');
|
|
6
5
|
|
|
7
6
|
|
|
8
7
|
|
|
9
8
|
Object.defineProperty(exports, "createEditorClient", {
|
|
10
9
|
enumerable: true,
|
|
11
|
-
get: function () { return
|
|
10
|
+
get: function () { return chunkH466MBV4_cjs.createEditorClient; }
|
|
12
11
|
});
|
|
13
12
|
//# sourceMappingURL=index.cjs.map
|
|
14
13
|
//# sourceMappingURL=index.cjs.map
|
package/dist/editor/index.js
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
export { createEditorClient } from '../chunk-
|
|
2
|
-
import '../chunk-
|
|
3
|
-
import '../chunk-SI5TFV5M.js';
|
|
1
|
+
export { createEditorClient } from '../chunk-GOWOD3O4.js';
|
|
2
|
+
import '../chunk-FBGUBMJ7.js';
|
|
4
3
|
//# sourceMappingURL=index.js.map
|
|
5
4
|
//# sourceMappingURL=index.js.map
|
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
var
|
|
4
|
-
require('../chunk-
|
|
5
|
-
require('../chunk-R7MQGDLC.cjs');
|
|
3
|
+
var chunkULZPXG4L_cjs = require('../chunk-ULZPXG4L.cjs');
|
|
4
|
+
require('../chunk-OWGJ3PVA.cjs');
|
|
6
5
|
|
|
7
6
|
|
|
8
7
|
|
|
9
8
|
Object.defineProperty(exports, "createEncryptionClient", {
|
|
10
9
|
enumerable: true,
|
|
11
|
-
get: function () { return
|
|
10
|
+
get: function () { return chunkULZPXG4L_cjs.createEncryptionClient; }
|
|
12
11
|
});
|
|
13
12
|
//# sourceMappingURL=index.cjs.map
|
|
14
13
|
//# sourceMappingURL=index.cjs.map
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import { C as ClientInitOptions } from '../types-BLJoO6YL.cjs';
|
|
2
2
|
import { EncryptQuery, ScopedSecrets } from './types.cjs';
|
|
3
3
|
import 'qs';
|
|
4
|
-
import '../types-
|
|
4
|
+
import '../types-CMEwVQ78.cjs';
|
|
5
|
+
import '../backends-BgUzAQul.cjs';
|
|
5
6
|
import '../types-jKnx7Tm_.cjs';
|
|
6
7
|
|
|
7
8
|
declare const createEncryptionClient: ({ baseUrl, middlewares, }: Omit<ClientInitOptions, "token">) => {
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import { C as ClientInitOptions } from '../types-BLJoO6YL.js';
|
|
2
2
|
import { EncryptQuery, ScopedSecrets } from './types.js';
|
|
3
3
|
import 'qs';
|
|
4
|
-
import '../types-
|
|
4
|
+
import '../types-GmAeMsok.js';
|
|
5
|
+
import '../backends-BgUzAQul.js';
|
|
5
6
|
import '../types-jKnx7Tm_.js';
|
|
6
7
|
|
|
7
8
|
declare const createEncryptionClient: ({ baseUrl, middlewares, }: Omit<ClientInitOptions, "token">) => {
|
package/dist/encryption/index.js
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
export { createEncryptionClient } from '../chunk-
|
|
2
|
-
import '../chunk-
|
|
3
|
-
import '../chunk-SI5TFV5M.js';
|
|
1
|
+
export { createEncryptionClient } from '../chunk-ATVNCGTO.js';
|
|
2
|
+
import '../chunk-FBGUBMJ7.js';
|
|
4
3
|
//# sourceMappingURL=index.js.map
|
|
5
4
|
//# sourceMappingURL=index.js.map
|
package/dist/import/index.cjs
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
var
|
|
4
|
-
require('../chunk-
|
|
5
|
-
require('../chunk-R7MQGDLC.cjs');
|
|
3
|
+
var chunkYTF4RQ52_cjs = require('../chunk-YTF4RQ52.cjs');
|
|
4
|
+
require('../chunk-OWGJ3PVA.cjs');
|
|
6
5
|
|
|
7
6
|
|
|
8
7
|
|
|
9
8
|
Object.defineProperty(exports, "createImportClient", {
|
|
10
9
|
enumerable: true,
|
|
11
|
-
get: function () { return
|
|
10
|
+
get: function () { return chunkYTF4RQ52_cjs.createImportClient; }
|
|
12
11
|
});
|
|
13
12
|
//# sourceMappingURL=index.cjs.map
|
|
14
13
|
//# sourceMappingURL=index.cjs.map
|
package/dist/import/index.js
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
export { createImportClient } from '../chunk-
|
|
2
|
-
import '../chunk-
|
|
3
|
-
import '../chunk-SI5TFV5M.js';
|
|
1
|
+
export { createImportClient } from '../chunk-RHZK7AL7.js';
|
|
2
|
+
import '../chunk-FBGUBMJ7.js';
|
|
4
3
|
//# sourceMappingURL=index.js.map
|
|
5
4
|
//# sourceMappingURL=index.js.map
|