@knpkv/codecommit-core 0.5.1 → 0.7.0

package/dist/AwsClient/AwsClientGated.d.ts

@@ -0,0 +1,30 @@
+/**
+ * @title AwsClientGated — transparent permission proxy
+ *
+ * Wraps every AwsClient method with permission check + audit logging.
+ * Returns the same `AwsClient.Service` type — callers don't know it exists.
+ *
+ * Two patterns:
+ *   1. InnerAwsClient tag — holds the real implementation, avoids circular dep
+ *   2. Service capture at Layer construction — all services yielded once,
+ *      closed over in gate/wrapEffect/wrapStream, no R leakage
+ *
+ * PermissionDeniedError → AwsApiError at the boundary for type transparency.
+ * The actual PermissionDeniedError is preserved as the AwsApiError's `cause`.
+ *
+ * All operations — reads, writes, and approval rule CRUD — are gated with
+ * the appropriate category for UI badge color and prompt behavior.
+ *
+ * @module
+ */
+import { Context, Layer } from "effect";
+import { AuditLogRepo } from "../PermissionService/AuditLog.js";
+import { PermissionService } from "../PermissionService/index.js";
+import { PermissionGate } from "../PermissionService/PermissionGate.js";
+import { AwsClient } from "./index.js";
+declare const InnerAwsClient_base: Context.TagClass<InnerAwsClient, "@knpkv/codecommit-core/InnerAwsClient", AwsClient.Service>;
+export declare class InnerAwsClient extends InnerAwsClient_base {
+}
+export declare const AwsClientGatedLive: Layer.Layer<AwsClient, never, InnerAwsClient | PermissionService | PermissionGate | AuditLogRepo>;
+export {};
+//# sourceMappingURL=AwsClientGated.d.ts.map

package/dist/AwsClient/AwsClientGated.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AwsClientGated.d.ts","sourceRoot":"","sources":["../../src/AwsClient/AwsClientGated.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AACH,OAAO,EAAE,OAAO,EAAU,KAAK,EAAiB,MAAM,QAAQ,CAAA;AAG9D,OAAO,EAAE,YAAY,EAAyB,MAAM,kCAAkC,CAAA;AACtF,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAA;AAEjE,OAAO,EAAE,cAAc,EAAE,MAAM,wCAAwC,CAAA;AACvE,OAAO,EAAE,SAAS,EAAuB,MAAM,YAAY,CAAA;;AAG3D,qBAAa,cAAe,SAAQ,mBAGjC;CAAG;AAiBN,eAAO,MAAM,kBAAkB,EAAE,KAAK,CAAC,KAAK,CAC1C,SAAS,EACT,KAAK,EACL,cAAc,GAAG,iBAAiB,GAAG,cAAc,GAAG,YAAY,CAqLnE,CAAA"}

package/dist/AwsClient/AwsClientGated.js

@@ -0,0 +1,111 @@
+/**
+ * @title AwsClientGated — transparent permission proxy
+ *
+ * Wraps every AwsClient method with permission check + audit logging.
+ * Returns the same `AwsClient.Service` type — callers don't know it exists.
+ *
+ * Two patterns:
+ *   1. InnerAwsClient tag — holds the real implementation, avoids circular dep
+ *   2. Service capture at Layer construction — all services yielded once,
+ *      closed over in gate/wrapEffect/wrapStream, no R leakage
+ *
+ * PermissionDeniedError → AwsApiError at the boundary for type transparency.
+ * The actual PermissionDeniedError is preserved as the AwsApiError's `cause`.
+ *
+ * All operations — reads, writes, and approval rule CRUD — are gated with
+ * the appropriate category for UI badge color and prompt behavior.
+ *
+ * @module
+ */
+import { Context, Effect, Layer, Match, Stream } from "effect";
+import { AwsApiError, PermissionDeniedError } from "../Errors.js";
+import { AuditLogRepo } from "../PermissionService/AuditLog.js";
+import { PermissionService } from "../PermissionService/index.js";
+import { getOperationMeta } from "../PermissionService/operations.js";
+import { PermissionGate } from "../PermissionService/PermissionGate.js";
+import { AwsClient } from "./index.js";
+// Layer composition: AwsClientLive → InnerAwsClient (rename) → AwsClientGated → AwsClient
+export class InnerAwsClient extends Context.Tag("@knpkv/codecommit-core/InnerAwsClient")() {
+}
+const toDeniedError = (p, reason) => new AwsApiError({
+    operation: p.operation,
+    profile: p.accountProfile,
+    region: p.region,
+    cause: new PermissionDeniedError({ operation: p.operation, reason })
+});
+export const AwsClientGatedLive = Layer.effect(AwsClient, Effect.gen(function* () {
+    const inner = yield* InnerAwsClient;
+    const permService = yield* PermissionService;
+    const gateService = yield* PermissionGate;
+    const auditLog = yield* AuditLogRepo;
+    // --- Core gate logic (captured services, no R leakage) ---
+    // Reads auditEnabled dynamically from Ref on each call —
+    // toggling audit in settings takes effect without restart
+    const logAudit = (params, permissionState, durationMs) => permService.isAuditEnabled().pipe(Effect.flatMap((enabled) => enabled
+        ? auditLog.log({
+            timestamp: new Date().toISOString(),
+            operation: params.operation,
+            accountProfile: params.accountProfile,
+            region: params.region,
+            permissionState,
+            context: params.context,
+            durationMs
+        })
+        : Effect.void), Effect.catchAll(() => Effect.void));
+    const promptUser = (params) => Effect.gen(function* () {
+        const meta = getOperationMeta(params.operation);
+        const response = yield* gateService.request({
+            id: globalThis.crypto.randomUUID(),
+            operation: params.operation,
+            category: meta.category,
+            context: params.context
+        }).pipe(Effect.mapError(() => toDeniedError(params, "timeout")));
+        return yield* Match.value(response).pipe(Match.when("always_allow", () => permService.set(params.operation, "always_allow").pipe(Effect.as("always_allowed"))), Match.when("deny", () => Effect.gen(function* () {
+            yield* permService.set(params.operation, "deny");
+            yield* logAudit(params, "denied", null);
+            return yield* toDeniedError(params, "denied");
+        })), Match.when("allow_once", () => Effect.succeed("allowed")), Match.exhaustive);
+    });
+    const checkPermission = (params) => Effect.gen(function* () {
+        const state = yield* permService.check(params.operation);
+        return yield* Match.value(state).pipe(Match.when("always_allow", () => Effect.succeed("always_allowed")), Match.when("deny", () => logAudit(params, "denied", null).pipe(Effect.zipRight(toDeniedError(params, "denied")))), Match.when("allow", () => promptUser(params)), Match.exhaustive);
+    });
+    // --- Declarative wrapping: gated(op, ctx, acct, method) → wrapped method ---
+    // P inferred from `method` (last arg) — `acct` and `ctx` just extract strings
+    const gated = (op, ctx, acct, method) => (params) => {
+        const a = acct(params);
+        const g = { operation: op, context: ctx(params), accountProfile: a.profile, region: a.region };
+        return Effect.gen(function* () {
+            const ps = yield* checkPermission(g);
+            const start = Date.now();
+            const result = yield* method(params);
+            yield* logAudit(g, ps, Date.now() - start);
+            return result;
+        });
+    };
+    const gatedStream = (op, ctx, acct, method) => (params) => {
+        const a = acct(params);
+        const g = { operation: op, context: ctx(params), accountProfile: a.profile, region: a.region };
+        return Stream.unwrap(checkPermission(g).pipe(Effect.map((ps) => {
+            const start = Date.now();
+            return method(params).pipe(Stream.onDone(() => logAudit(g, ps, Date.now() - start)));
+        })));
+    };
+    const self = (a) => a;
+    const nested = (p) => p.account;
+    return {
+        getPullRequests: gatedStream("getPullRequests", (a) => `List PRs for ${a.profile}`, self, (a) => inner.getPullRequests(a)),
+        getCallerIdentity: gated("getCallerIdentity", (a) => `Get identity for ${a.profile}`, self, inner.getCallerIdentity),
+        createPullRequest: gated("createPullRequest", (p) => `Create PR on ${p.repositoryName}`, nested, inner.createPullRequest),
+        listBranches: gated("listBranches", (p) => `List branches in ${p.repositoryName}`, nested, inner.listBranches),
+        getCommentsForPullRequest: gated("getCommentsForPullRequest", (p) => `Comments for PR #${p.pullRequestId}`, nested, inner.getCommentsForPullRequest),
+        updatePullRequestTitle: gated("updatePullRequestTitle", (p) => `Edit title of PR #${p.pullRequestId}`, nested, inner.updatePullRequestTitle),
+        updatePullRequestDescription: gated("updatePullRequestDescription", (p) => `Edit desc of PR #${p.pullRequestId}`, nested, inner.updatePullRequestDescription),
+        getPullRequest: gated("getPullRequest", (p) => `Fetch PR #${p.pullRequestId}`, nested, inner.getPullRequest),
+        getDifferences: gated("getDifferences", (p) => `Diff for ${p.repositoryName}`, nested, inner.getDifferences),
+        createApprovalRule: gated("createApprovalRule", (p) => `Create rule "${p.approvalRuleName}" on PR #${p.pullRequestId}`, nested, inner.createApprovalRule),
+        updateApprovalRule: gated("updateApprovalRule", (p) => `Update rule "${p.approvalRuleName}" on PR #${p.pullRequestId}`, nested, inner.updateApprovalRule),
+        deleteApprovalRule: gated("deleteApprovalRule", (p) => `Delete rule "${p.approvalRuleName}" on PR #${p.pullRequestId}`, nested, inner.deleteApprovalRule)
+    };
+}));
+//# sourceMappingURL=AwsClientGated.js.map

package/dist/AwsClient/AwsClientGated.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AwsClientGated.js","sourceRoot":"","sources":["../../src/AwsClient/AwsClientGated.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AACH,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAE9D,OAAO,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAA;AACjE,OAAO,EAAE,YAAY,EAAyB,MAAM,kCAAkC,CAAA;AACtF,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAA;AACjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAA;AACrE,OAAO,EAAE,cAAc,EAAE,MAAM,wCAAwC,CAAA;AACvE,OAAO,EAAE,SAAS,EAAuB,MAAM,YAAY,CAAA;AAE3D,0FAA0F;AAC1F,MAAM,OAAO,cAAe,SAAQ,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,EAGrF;CAAG;AASN,MAAM,aAAa,GAAG,CAAC,CAAa,EAAE,MAA4B,EAAE,EAAE,CACpE,IAAI,WAAW,CAAC;IACd,SAAS,EAAE,CAAC,CAAC,SAAS;IACtB,OAAO,EAAE,CAAC,CAAC,cAAgC;IAC3C,MAAM,EAAE,CAAC,CAAC,MAAmB;IAC7B,KAAK,EAAE,IAAI,qBAAqB,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC;CACrE,CAAC,CAAA;AAEJ,MAAM,CAAC,MAAM,kBAAkB,GAI3B,KAAK,CAAC,MAAM,CACd,SAAS,EACT,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,cAAc,CAAA;IACnC,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,iBAAiB,CAAA;IAC5C,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,cAAc,CAAA;IACzC,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,YAAY,CAAA;IACpC,4DAA4D;IAE5D,yDAAyD;IACzD,0DAA0D;IAC1D,MAAM,QAAQ,GAAG,CACf,MAAkB,EAClB,eAAoD,EACpD,UAAyB,EACJ,EAAE,CACvB,WAAW,CAAC,cAAc,EAAE,CAAC,IAAI,CAC/B,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CACzB,OAAO;QACL,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;YACb,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,eAAe;YACf,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,UAAU;SACX,CAAC;QACF,CAAC,CAAC,MAAM,CAAC,IAAI,CAChB,EACD,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CACnC,CAAA;IAEH,MAAM,UAAU,GAAG,CAAC,MAAkB,EAA+D,EAAE,CACrG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;QAClB,MAAM,IAAI,GAAG,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAC/C,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC;YAC1C,EAAE,EAAE,UAAU,CAAC,MAAM,CAAC,UAAU,EAAE;YAClC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,MAAM,CAAC,OAAO;SACxB,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,CAAA;QAEhE,OAAO,KAAK,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,IAAI,CACtC,KAAK,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,EAAE,CAC9B,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC,IAAI,CACpD,MAAM,CAAC,EAAE,CAAC,gBAAyB,CAAC,CACrC,CAAC,EACJ,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CACtB,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;YAClB,KAAK,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;YAChD,KAAK,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAA;YACvC,OAAO,KAAK,CAAC,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;QAC/C,CAAC,CAAC,CAAC,EACL,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,SAAkB,CAAC,CAAC,EAClE,KAAK,CAAC,UAAU,CACjB,CAAA;IACH,CAAC,CAAC,CAAA;IAEJ,MAAM,eAAe,GAAG,CACtB,MAAkB,EAC2C,EAAE,CAC/D,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;QAClB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACxD,OAAO,KAAK,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CACnC,KAAK,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAyB,CAAC,CAAC,EAC3E,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CACtB,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC,IAAI,CACnC,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CACjD,CAAC,EACJ,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EAC7C,KAAK,CAAC,UAAU,CACjB,CAAA;IACH,CAAC,CAAC,CAAA;IAEJ,8EAA8E;IAE9E,8EAA8E;IAC9E,MAAM,KAAK,GAAG,CACZ,EAAU,EACV,GAA8B,EAC9B,IAA4D,EAC5D,MAAkD,EAClD,EAAE,CACJ,CAAC,MAAS,EAAoC,EAAE;QAC9C,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAA;QACtB,MAAM,CAAC,GAAe,EAAE,SAAS,EAAE,EAAE,EAAE,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAA;QAC1G,OAAO,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;YACzB,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAA;YACpC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;YACxB,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;YACpC,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAA;YAC1C,OAAO,MAAM,CAAA;QACf,CAAC,CAAC,CAAA;IACJ,CAAC,CAAA;IAED,MAAM,WAAW,GAAG,CAClB,EAAU,EACV,GAA8B,EAC9B,IAA4D,EAC5D,MAAkD,EAClD,EAAE,CACJ,CAAC,MAAS,EAAoC,EAAE;QAC9C,MAAM,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,CAAA;QACtB,MAAM,CAAC,GAAe,EAAE,SAAS,EAAE,EAAE,EAAE,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAA;QAC1G,OAAO,MAAM,CAAC,MAAM,CAClB,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,CACrB,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE;YAChB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;YACxB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CACxB,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC,CACzD,CAAA;QACH,CAAC,CAAC,CACH,CACF,CAAA;IACH,CAAC,CAAA;IAED,MAAM,IAAI,GAAG,CAAC,CAAsC,EAAE,EAAE,CAAC,CAAC,CAAA;IAC1D,MAAM,MAAM,GAAG,CAAC,CAAmD,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAA;IAEjF,OAAO;QACL,eAAe,EAAE,WAAW,CAC1B,iBAAiB,EACjB,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,OAAO,EAAE,EAClC,IAAI,EACJ,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,CAChC;QACD,iBAAiB,EAAE,KAAK,CACtB,mBAAmB,EACnB,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,CAAC,OAAO,EAAE,EACtC,IAAI,EACJ,KAAK,CAAC,iBAAiB,CACxB;QACD,iBAAiB,EAAE,KAAK,CACtB,mBAAmB,EACnB,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,cAAc,EAAE,EACzC,MAAM,EACN,KAAK,CAAC,iBAAiB,CACxB;QACD,YAAY,EAAE,KAAK,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,YAAY,CAAC;QAC9G,yBAAyB,EAAE,KAAK,CAC9B,2BAA2B,EAC3B,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,CAAC,aAAa,EAAE,EAC5C,MAAM,EACN,KAAK,CAAC,yBAAyB,CAChC;QACD,sBAAsB,EAAE,KAAK,CAC3B,wBAAwB,EACxB,CAAC,CAAC,EAAE,EAAE,CAAC,qBAAqB,CAAC,CAAC,aAAa,EAAE,EAC7C,MAAM,EACN,KAAK,CAAC,sBAAsB,CAC7B;QACD,4BAA4B,EAAE,KAAK,CACjC,8BAA8B,EAC9B,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,CAAC,aAAa,EAAE,EAC5C,MAAM,EACN,KAAK,CAAC,4BAA4B,CACnC;QACD,cAAc,EAAE,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,aAAa,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,cAAc,CAAC;QAC5G,cAAc,EAAE,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,cAAc,CAAC;QAC5G,kBAAkB,EAAE,KAAK,CACvB,oBAAoB,EACpB,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,gBAAgB,YAAY,CAAC,CAAC,aAAa,EAAE,EACtE,MAAM,EACN,KAAK,CAAC,kBAAkB,CACzB;QACD,kBAAkB,EAAE,KAAK,CACvB,oBAAoB,EACpB,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,gBAAgB,YAAY,CAAC,CAAC,aAAa,EAAE,EACtE,MAAM,EACN,KAAK,CAAC,kBAAkB,CACzB;QACD,kBAAkB,EAAE,KAAK,CACvB,oBAAoB,EACpB,CAAC,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,gBAAgB,YAAY,CAAC,CAAC,aAAa,EAAE,EACtE,MAAM,EACN,KAAK,CAAC,kBAAkB,CACzB;KAC0B,CAAA;AAC/B,CAAC,CAAC,CACH,CAAA"}

package/dist/AwsClient/createApprovalRule.d.ts

@@ -0,0 +1,4 @@
+import { Effect } from "effect";
+import { type CreateApprovalRuleParams } from "./internal.js";
+export declare const createApprovalRule: (params: CreateApprovalRuleParams) => Effect.Effect<void, import("./internal.js").AwsCredentialError | import("./internal.js").AwsApiError, import("../AwsClientConfig.ts").AwsClientConfig | import("@effect/platform/HttpClient").HttpClient>;
+//# sourceMappingURL=createApprovalRule.d.ts.map

package/dist/AwsClient/createApprovalRule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"createApprovalRule.d.ts","sourceRoot":"","sources":["../../src/AwsClient/createApprovalRule.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC/B,OAAO,EAAE,KAAK,wBAAwB,EAAgC,MAAM,eAAe,CAAA;AAY3F,eAAO,MAAM,kBAAkB,GAAI,QAAQ,wBAAwB,8MACmB,CAAA"}

package/dist/AwsClient/createApprovalRule.js

@@ -0,0 +1,17 @@
+/**
+ * Creates an approval rule on a pull request via
+ * `distilled-aws/codecommit.createPullRequestApprovalRule`, wrapped with
+ * {@link withAwsContext} for credential acquisition and retry.
+ *
+ * @internal
+ */
+import * as codecommit from "distilled-aws/codecommit";
+import { Effect } from "effect";
+import { makeApiError, withAwsContext } from "./internal.js";
+const callCreateApprovalRule = (params) => codecommit.createPullRequestApprovalRule({
+    pullRequestId: params.pullRequestId,
+    approvalRuleName: params.approvalRuleName,
+    approvalRuleContent: params.approvalRuleContent
+}).pipe(Effect.asVoid, Effect.mapError((cause) => makeApiError("createApprovalRule", params.account.profile, params.account.region, cause)));
+export const createApprovalRule = (params) => withAwsContext("createApprovalRule", params.account, callCreateApprovalRule(params));
+//# sourceMappingURL=createApprovalRule.js.map

package/dist/AwsClient/createApprovalRule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"createApprovalRule.js","sourceRoot":"","sources":["../../src/AwsClient/createApprovalRule.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,KAAK,UAAU,MAAM,0BAA0B,CAAA;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC/B,OAAO,EAAiC,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAE3F,MAAM,sBAAsB,GAAG,CAAC,MAAgC,EAAE,EAAE,CAClE,UAAU,CAAC,6BAA6B,CAAC;IACvC,aAAa,EAAE,MAAM,CAAC,aAAa;IACnC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;IACzC,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;CAChD,CAAC,CAAC,IAAI,CACL,MAAM,CAAC,MAAM,EACb,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,oBAAoB,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CACrH,CAAA;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,MAAgC,EAAE,EAAE,CACrE,cAAc,CAAC,oBAAoB,EAAE,MAAM,CAAC,OAAO,EAAE,sBAAsB,CAAC,MAAM,CAAC,CAAC,CAAA"}

package/dist/AwsClient/deleteApprovalRule.d.ts

@@ -0,0 +1,4 @@
+import { Effect } from "effect";
+import { type DeleteApprovalRuleParams } from "./internal.js";
+export declare const deleteApprovalRule: (params: DeleteApprovalRuleParams) => Effect.Effect<void, import("./internal.js").AwsCredentialError | import("./internal.js").AwsApiError, import("../AwsClientConfig.ts").AwsClientConfig | import("@effect/platform/HttpClient").HttpClient>;
+//# sourceMappingURL=deleteApprovalRule.d.ts.map

package/dist/AwsClient/deleteApprovalRule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"deleteApprovalRule.d.ts","sourceRoot":"","sources":["../../src/AwsClient/deleteApprovalRule.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC/B,OAAO,EAAE,KAAK,wBAAwB,EAAgC,MAAM,eAAe,CAAA;AAW3F,eAAO,MAAM,kBAAkB,GAAI,QAAQ,wBAAwB,8MACmB,CAAA"}

package/dist/AwsClient/deleteApprovalRule.js

@@ -0,0 +1,16 @@
+/**
+ * Deletes an approval rule from a pull request via
+ * `distilled-aws/codecommit.deletePullRequestApprovalRule`, wrapped with
+ * {@link withAwsContext} for credential acquisition and retry.
+ *
+ * @internal
+ */
+import * as codecommit from "distilled-aws/codecommit";
+import { Effect } from "effect";
+import { makeApiError, withAwsContext } from "./internal.js";
+const callDeleteApprovalRule = (params) => codecommit.deletePullRequestApprovalRule({
+    pullRequestId: params.pullRequestId,
+    approvalRuleName: params.approvalRuleName
+}).pipe(Effect.asVoid, Effect.mapError((cause) => makeApiError("deleteApprovalRule", params.account.profile, params.account.region, cause)));
+export const deleteApprovalRule = (params) => withAwsContext("deleteApprovalRule", params.account, callDeleteApprovalRule(params));
+//# sourceMappingURL=deleteApprovalRule.js.map

package/dist/AwsClient/deleteApprovalRule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"deleteApprovalRule.js","sourceRoot":"","sources":["../../src/AwsClient/deleteApprovalRule.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,KAAK,UAAU,MAAM,0BAA0B,CAAA;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC/B,OAAO,EAAiC,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAE3F,MAAM,sBAAsB,GAAG,CAAC,MAAgC,EAAE,EAAE,CAClE,UAAU,CAAC,6BAA6B,CAAC;IACvC,aAAa,EAAE,MAAM,CAAC,aAAa;IACnC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;CAC1C,CAAC,CAAC,IAAI,CACL,MAAM,CAAC,MAAM,EACb,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,oBAAoB,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CACrH,CAAA;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,MAAgC,EAAE,EAAE,CACrE,cAAc,CAAC,oBAAoB,EAAE,MAAM,CAAC,OAAO,EAAE,sBAAsB,CAAC,MAAM,CAAC,CAAC,CAAA"}

package/dist/AwsClient/getPullRequest.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"getPullRequest.d.ts","sourceRoot":"","sources":["../../src/AwsClient/getPullRequest.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,MAAM,EAAU,MAAM,QAAQ,CAAA;AACvC,OAAO,EACL,KAAK,oBAAoB,EAGzB,iBAAiB,EAElB,MAAM,eAAe,CAAA;AA+FtB,eAAO,MAAM,cAAc,GAAI,QAAQ,oBAAoB,2NACmB,CAAA"}
+{"version":3,"file":"getPullRequest.d.ts","sourceRoot":"","sources":["../../src/AwsClient/getPullRequest.ts"],"names":[],"mappings":"AA0BA,OAAO,EAAE,MAAM,EAAU,MAAM,QAAQ,CAAA;AAEvC,OAAO,EACL,KAAK,oBAAoB,EAGzB,iBAAiB,EAElB,MAAM,eAAe,CAAA;AA4FtB,eAAO,MAAM,cAAc,GAAI,QAAQ,oBAAoB,2NACmB,CAAA"}

package/dist/AwsClient/getPullRequest.js

@@ -1,8 +1,31 @@
 /**
+ * Fetches a single PR's full detail — metadata, approvers, approval rules,
+ * and repo account ID in parallel. Returns a {@link PullRequestDetail}
+ * transport object.
+ *
+ * **Mental model**
+ *
+ * ```
+ * codecommit.getPullRequest ─┬─► decodePullRequestDetail
+ *                            ├─► fetchApprovers          → { names, arns }
+ *                            ├─► fetchApprovalEvaluation → satisfiedNames
+ *                            └─► fetchRepoAccountId      → repo account ID
+ * ```
+ *
+ * - Shared: {@link buildApprovalRules}, {@link fetchApprovalEvaluation},
+ *   {@link fetchRepoAccountId} from getPullRequests.ts
+ * - Runs inside {@link withAwsContext} (Credentials + Region + AwsClientConfig)
+ *
+ * **Gotchas**
+ *
+ * - `PullRequestDetail.approvalRules` uses inline struct, not Schema.Class —
+ *   class constructors reject plain objects from `buildApprovalRules`
+ *
  * @internal
  */
 import * as codecommit from "distilled-aws/codecommit";
 import { Effect, Schema } from "effect";
+import { buildApprovalRules, fetchApprovalEvaluation, fetchApprovers, fetchRepoAccountId } from "./getPullRequests.js";
 import { makeApiError, normalizeAuthor, PullRequestDetail, withAwsContext } from "./internal.js";
 const EpochFallback = new Date(0);
 // Bidirectional Schema: raw AWS GetPullRequest response ↔ PullRequestDetail
@@ -63,19 +86,23 @@ const RawToPullRequestDetail = Schema.transform(RawGetPullRequestResponse, PullR
 });
 // Effectful decode — ParseError in error channel instead of thrown defect
 const decodePullRequestDetail = (raw) => Schema.decodeUnknown(RawToPullRequestDetail)(raw);
-const fetchApprovers = (pullRequestId, revisionId) => codecommit.getPullRequestApprovalStates({ pullRequestId, revisionId }).pipe(Effect.map((r) => (r.approvals ?? [])
-    .filter((a) => a.approvalState === "APPROVE" && a.userArn)
-    .map((a) => normalizeAuthor(a.userArn))), Effect.catchAll(() => Effect.succeed([])));
 const callGetPullRequest = (params) => Effect.gen(function* () {
     const resp = yield* codecommit.getPullRequest({ pullRequestId: params.pullRequestId });
     const revisionId = resp.pullRequest?.revisionId ?? "";
-    const [detail, approvers] = yield* Effect.all([
+    const repoName = resp.pullRequest?.pullRequestTargets?.[0]?.repositoryName ?? "";
+    const [detail, approvers, evaluation, repoAccountId] = yield* Effect.all([
         decodePullRequestDetail(resp),
-        fetchApprovers(params.pullRequestId, revisionId)
-    ], { concurrency: 2 });
+        fetchApprovers(params.pullRequestId, revisionId),
+        fetchApprovalEvaluation(params.pullRequestId, revisionId),
+        fetchRepoAccountId(repoName)
+    ], { concurrency: 4 });
+    const approvalRules = buildApprovalRules(resp.pullRequest?.approvalRules ?? [], evaluation.satisfiedNames);
     return new PullRequestDetail({
         ...detail,
-        approvedBy: approvers
+        approvedBy: approvers.names,
+        approvedByArns: approvers.arns,
+        approvalRules,
+        repoAccountId: repoAccountId || undefined
     });
 }).pipe(Effect.mapError((cause) => makeApiError("getPullRequest", params.account.profile, params.account.region, cause)));
 export const getPullRequest = (params) => withAwsContext("getPullRequest", params.account, callGetPullRequest(params));

package/dist/AwsClient/getPullRequest.js.map

@@ -1 +1 @@
-{"version":3,"file":"getPullRequest.js","sourceRoot":"","sources":["../../src/AwsClient/getPullRequest.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,UAAU,MAAM,0BAA0B,CAAA;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AACvC,OAAO,EAEL,YAAY,EACZ,eAAe,EACf,iBAAiB,EACjB,cAAc,EACf,MAAM,eAAe,CAAA;AAEtB,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,CAAA;AAEjC,4EAA4E;AAC5E,MAAM,yBAAyB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC9C,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QACzC,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QACrC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QAC3C,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QACzC,iBAAiB,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QACjD,kBAAkB,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC;YAC7D,cAAc,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;YAC9C,eAAe,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;YAC/C,oBAAoB,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;YACpD,aAAa,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;gBAC3C,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC;gBACzC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;aACzC,CAAC,CAAC;SACJ,CAAC,CAAC,CAAC;QACJ,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC;QAClD,gBAAgB,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC;KACvD,CAAC,CAAC;CACJ,CAAC,CAAA;AAEF,MAAM,sBAAsB,GAAG,MAAM,CAAC,SAAS,CAC7C,yBAAyB,EACzB,iBAAiB,EACjB;IACE,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE;QACd,MAAM,EAAE,GAAG,GAAG,CAAC,WAAW,CAAA;QAC1B,MAAM,MAAM,GAAG,EAAE,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAC,CAAA;QAC1C,MAAM,QAAQ,GAAG,MAAM,EAAE,aAAa,EAAE,QAAQ,KAAK,IAAI,CAAA;QACzD,MAAM,WAAW,GAAG,MAAM,EAAE,aAAa,EAAE,QAAQ,CAAA;QACnD,OAAO;YACL,KAAK,EAAE,EAAE,EAAE,KAAK,IAAI,EAAE;YACtB,WAAW,EAAE,EAAE,EAAE,WAAW;YAC5B,MAAM,EAAE,EAAE,EAAE,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;YACjE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,iBAAiB,IAAI,SAAS,CAAC;YAClE,cAAc,EAAE,MAAM,EAAE,cAAc,IAAI,EAAE;YAC5C,YAAY,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,IAAI,EAAE;YAC1E,iBAAiB,EAAE,MAAM,EAAE,oBAAoB,EAAE,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,IAAI,EAAE;YACpF,YAAY,EAAE,EAAE,EAAE,YAAY,IAAI,aAAa;YAC/C,gBAAgB,EAAE,EAAE,EAAE,gBAAgB,IAAI,EAAE,EAAE,YAAY,IAAI,aAAa;YAC3E,UAAU,EAAE,EAAE;YACd,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;SACjE,CAAA;IACH,CAAC;IACD,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACnB,WAAW,EAAE;YACX,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,SAAS,EAAE,MAAM,CAAC,MAAM;YACxB,iBAAiB,EAAE,MAAM,CAAC,MAAM;YAChC,kBAAkB,EAAE,CAAC;oBACnB,cAAc,EAAE,MAAM,CAAC,cAAc;oBACrC,eAAe,EAAE,MAAM,CAAC,YAAY;oBACpC,oBAAoB,EAAE,MAAM,CAAC,iBAAiB;iBAC/C,CAAC;YACF,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC1C;KACF,CAAC;CACH,CACF,CAAA;AAED,0EAA0E;AAC1E,MAAM,uBAAuB,GAAG,CAAC,GAAY,EAAE,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,sBAAsB,CAAC,CAAC,GAAG,CAAC,CAAA;AAEnG,MAAM,cAAc,GAAG,CAAC,aAAqB,EAAE,UAAkB,EAAE,EAAE,CACnE,UAAU,CAAC,4BAA4B,CAAC,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC,CAAC,IAAI,CACzE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACf,CAAC,CAAC,CAAC,SAAS,IAAI,EAAE,CAAC;KAChB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,KAAK,SAAS,IAAI,CAAC,CAAC,OAAO,CAAC;KACzD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,OAAQ,CAAC,CAAC,CAC3C,EACD,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,EAAmB,CAAC,CAAC,CAC3D,CAAA;AAEH,MAAM,kBAAkB,GAAG,CAAC,MAA4B,EAAE,EAAE,CAC1D,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,aAAa,EAAE,MAAM,CAAC,aAAa,EAAE,CAAC,CAAA;IACtF,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,EAAE,UAAU,IAAI,EAAE,CAAA;IACrD,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;QAC5C,uBAAuB,CAAC,IAAI,CAAC;QAC7B,cAAc,CAAC,MAAM,CAAC,aAAa,EAAE,UAAU,CAAC;KACjD,EAAE,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAA;IACtB,OAAO,IAAI,iBAAiB,CAAC;QAC3B,GAAG,MAAM;QACT,UAAU,EAAE,SAAS;KACtB,CAAC,CAAA;AACJ,CAAC,CAAC,CAAC,IAAI,CACL,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CACjH,CAAA;AAEH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,MAA4B,EAAE,EAAE,CAC7D,cAAc,CAAC,gBAAgB,EAAE,MAAM,CAAC,OAAO,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAA"}
+{"version":3,"file":"getPullRequest.js","sourceRoot":"","sources":["../../src/AwsClient/getPullRequest.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,OAAO,KAAK,UAAU,MAAM,0BAA0B,CAAA;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AACvC,OAAO,EAAE,kBAAkB,EAAE,uBAAuB,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAA;AACtH,OAAO,EAEL,YAAY,EACZ,eAAe,EACf,iBAAiB,EACjB,cAAc,EACf,MAAM,eAAe,CAAA;AAEtB,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,CAAA;AAEjC,4EAA4E;AAC5E,MAAM,yBAAyB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC9C,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QACzC,KAAK,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QACrC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QAC3C,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QACzC,iBAAiB,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QACjD,kBAAkB,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC;YAC7D,cAAc,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;YAC9C,eAAe,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;YAC/C,oBAAoB,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;YACpD,aAAa,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;gBAC3C,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC;gBACzC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;aACzC,CAAC,CAAC;SACJ,CAAC,CAAC,CAAC;QACJ,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC;QAClD,gBAAgB,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC;KACvD,CAAC,CAAC;CACJ,CAAC,CAAA;AAEF,MAAM,sBAAsB,GAAG,MAAM,CAAC,SAAS,CAC7C,yBAAyB,EACzB,iBAAiB,EACjB;IACE,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE;QACd,MAAM,EAAE,GAAG,GAAG,CAAC,WAAW,CAAA;QAC1B,MAAM,MAAM,GAAG,EAAE,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAC,CAAA;QAC1C,MAAM,QAAQ,GAAG,MAAM,EAAE,aAAa,EAAE,QAAQ,KAAK,IAAI,CAAA;QACzD,MAAM,WAAW,GAAG,MAAM,EAAE,aAAa,EAAE,QAAQ,CAAA;QACnD,OAAO;YACL,KAAK,EAAE,EAAE,EAAE,KAAK,IAAI,EAAE;YACtB,WAAW,EAAE,EAAE,EAAE,WAAW;YAC5B,MAAM,EAAE,EAAE,EAAE,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;YACjE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,iBAAiB,IAAI,SAAS,CAAC;YAClE,cAAc,EAAE,MAAM,EAAE,cAAc,IAAI,EAAE;YAC5C,YAAY,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,IAAI,EAAE;YAC1E,iBAAiB,EAAE,MAAM,EAAE,oBAAoB,EAAE,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,IAAI,EAAE;YACpF,YAAY,EAAE,EAAE,EAAE,YAAY,IAAI,aAAa;YAC/C,gBAAgB,EAAE,EAAE,EAAE,gBAAgB,IAAI,EAAE,EAAE,YAAY,IAAI,aAAa;YAC3E,UAAU,EAAE,EAAE;YACd,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS;SACjE,CAAA;IACH,CAAC;IACD,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACnB,WAAW,EAAE;YACX,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,SAAS,EAAE,MAAM,CAAC,MAAM;YACxB,iBAAiB,EAAE,MAAM,CAAC,MAAM;YAChC,kBAAkB,EAAE,CAAC;oBACnB,cAAc,EAAE,MAAM,CAAC,cAAc;oBACrC,eAAe,EAAE,MAAM,CAAC,YAAY;oBACpC,oBAAoB,EAAE,MAAM,CAAC,iBAAiB;iBAC/C,CAAC;YACF,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC1C;KACF,CAAC;CACH,CACF,CAAA;AAED,0EAA0E;AAC1E,MAAM,uBAAuB,GAAG,CAAC,GAAY,EAAE,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,sBAAsB,CAAC,CAAC,GAAG,CAAC,CAAA;AAEnG,MAAM,kBAAkB,GAAG,CAAC,MAA4B,EAAE,EAAE,CAC1D,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC;IAClB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,aAAa,EAAE,MAAM,CAAC,aAAa,EAAE,CAAC,CAAA;IACtF,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,EAAE,UAAU,IAAI,EAAE,CAAA;IACrD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,cAAc,IAAI,EAAE,CAAA;IAChF,MAAM,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;QACvE,uBAAuB,CAAC,IAAI,CAAC;QAC7B,cAAc,CAAC,MAAM,CAAC,aAAa,EAAE,UAAU,CAAC;QAChD,uBAAuB,CAAC,MAAM,CAAC,aAAa,EAAE,UAAU,CAAC;QACzD,kBAAkB,CAAC,QAAQ,CAAC;KAC7B,EAAE,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAA;IACtB,MAAM,aAAa,GAAG,kBAAkB,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,IAAI,EAAE,EAAE,UAAU,CAAC,cAAc,CAAC,CAAA;IAC1G,OAAO,IAAI,iBAAiB,CAAC;QAC3B,GAAG,MAAM;QACT,UAAU,EAAE,SAAS,CAAC,KAAK;QAC3B,cAAc,EAAE,SAAS,CAAC,IAAI;QAC9B,aAAa;QACb,aAAa,EAAE,aAAa,IAAI,SAAS;KAC1C,CAAC,CAAA;AACJ,CAAC,CAAC,CAAC,IAAI,CACL,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CACjH,CAAA;AAEH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,MAA4B,EAAE,EAAE,CAC7D,cAAc,CAAC,gBAAgB,EAAE,MAAM,CAAC,OAAO,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAA"}

package/dist/AwsClient/getPullRequests.d.ts

@@ -1,12 +1,92 @@
 /**
+ * Bulk PR fetch — streams all open PRs across repos for one account.
+ *
+ * Lists all repositories, discovers PR IDs per repo, then fetches full
+ * details (approval rules, evaluation state, merge conflicts, approvers,
+ * repo account ID) per PR and decodes into {@link PullRequest} domain objects.
+ *
+ * **Mental model**
+ *
+ * ```
+ * listRepos → listPRIds → fetchPRDetails → getRepoAccount → decodePullRequest
+ *                               │                  │
+ *                       evaluateApprovalRules   getRepository
+ *                       getPullRequest          (cached per repo)
+ *                       getApprovalStates
+ * ```
+ *
+ * - Two API responses merged per PR: `getPullRequest.approvalRules` (rule defs)
+ *   + `evaluateApprovalRules` (satisfied names). Cross-ref via {@link buildApprovalRules}.
+ * - {@link parseRuleContent}: AWS JSON `{Version, Statements[{ApprovalPoolMembers}]}`
+ *   → `poolMembers` (normalized) + `poolMemberArns` (raw ARNs).
+ * - {@link fetchRepoAccountId}: `getRepository` once per repo (cached). Needed for
+ *   cross-account SSO where `getCallerIdentity` ≠ CodeCommit account.
+ *
+ * **Gotchas**
+ *
+ * - `evaluateApprovalRules.approvalRulesSatisfied` is `string[]` of rule NAMES, not full objects
+ * - `parseRuleContent` falls back silently on malformed JSON (warns if content truthy)
+ * - `fetchApprovalEvaluation` uses `throttleRetry` — needs `AwsClientConfig` in context
+ *
  * @internal
  */
 import { HttpClient } from "@effect/platform";
-import { Stream } from "effect";
+import { Credentials, Region } from "distilled-aws";
+import { Effect, Stream } from "effect";
 import { AwsClientConfig } from "../AwsClientConfig.js";
 import { PullRequest } from "../Domain.js";
 import type { AwsClientError } from "../Errors.js";
 import { type AccountParams } from "./internal.js";
+/**
+ * Parse AWS approval rule content JSON into pool members + required count.
+ * Format: {"Version":"2018-11-08","Statements":[{"Type":"Approvers","NumberOfApprovalsNeeded":N,"ApprovalPoolMembers":["arn:..."]}]}
+ */
+export declare const parseRuleContent: (content?: string) => {
+    requiredApprovals: number;
+    poolMembers: Array<string>;
+    poolMemberArns: Array<string>;
+};
+/**
+ * Evaluate which approval rules are satisfied/not, returning just the boolean + satisfied rule names.
+ */
+export declare const fetchApprovalEvaluation: (pullRequestId: string, revisionId: string) => Effect.Effect<{
+    isApproved: boolean;
+    satisfiedNames: Set<string>;
+} | {
+    isApproved: boolean;
+    satisfiedNames: Set<string>;
+}, never, AwsClientConfig | HttpClient.HttpClient | Region.Region | Credentials.Credentials>;
+/** Plain data shape matching ApprovalRule — avoids Schema.Class branding. */
+export interface ApprovalRuleData {
+    readonly ruleName: string;
+    readonly satisfied: boolean;
+    readonly requiredApprovals: number;
+    readonly poolMembers: Array<string>;
+    readonly poolMemberArns: Array<string>;
+    readonly fromTemplate?: string;
+}
+/**
+ * Build ApprovalRule data from getPullRequest's raw rules + evaluation satisfaction state.
+ * Filters out rules with empty names (phantom rules from missing AWS data).
+ */
+export declare const buildApprovalRules: (rawRules: ReadonlyArray<{
+    approvalRuleName?: string;
+    approvalRuleContent?: string;
+    originApprovalRuleTemplate?: {
+        approvalRuleTemplateName?: string;
+    };
+}>, satisfiedNames: Set<string>) => Array<ApprovalRuleData>;
+/**
+ * Fetch who approved a PR (ARN list of approvers with APPROVE state).
+ */
+export declare const fetchApprovers: (pullRequestId: string, revisionId: string) => Effect.Effect<{
+    names: string[];
+    arns: string[];
+} | {
+    names: Array<string>;
+    arns: Array<string>;
+}, never, AwsClientConfig | HttpClient.HttpClient | Region.Region | Credentials.Credentials>;
+export declare const fetchRepoAccountId: (repoName: string) => Effect.Effect<string, never, HttpClient.HttpClient | Region.Region | Credentials.Credentials>;
 export declare const getPullRequests: (account: AccountParams, options?: {
     status?: "OPEN" | "CLOSED";
 }) => Stream.Stream<PullRequest, AwsClientError, AwsClientConfig | HttpClient.HttpClient>;

package/dist/AwsClient/getPullRequests.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"getPullRequests.d.ts","sourceRoot":"","sources":["../../src/AwsClient/getPullRequests.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAG7C,OAAO,EAAwB,MAAM,EAAE,MAAM,QAAQ,CAAA;AACrD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AACvD,OAAO,EAA4D,WAAW,EAAE,MAAM,cAAc,CAAA;AACpG,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAClD,OAAO,EAAE,KAAK,aAAa,EAAoE,MAAM,eAAe,CAAA;AAqLpH,eAAO,MAAM,eAAe,GAC1B,SAAS,aAAa,EACtB,UAAU;IAAE,MAAM,CAAC,EAAE,MAAM,GAAG,QAAQ,CAAA;CAAE,KACvC,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,cAAc,EAAE,eAAe,GAAG,UAAU,CAAC,UAAU,CA2BlF,CAAA"}
+{"version":3,"file":"getPullRequests.d.ts","sourceRoot":"","sources":["../../src/AwsClient/getPullRequests.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,eAAe,CAAA;AAEnD,OAAO,EAAQ,MAAM,EAAU,MAAM,EAAE,MAAM,QAAQ,CAAA;AACrD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AACvD,OAAO,EAA0E,WAAW,EAAE,MAAM,cAAc,CAAA;AAClH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAClD,OAAO,EAAE,KAAK,aAAa,EAAoE,MAAM,eAAe,CAAA;AAcpH;;;GAGG;AACH,eAAO,MAAM,gBAAgB,GAC3B,UAAU,MAAM,KACf;IAAE,iBAAiB,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAAC,cAAc,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;CAgBxF,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,uBAAuB,GAAI,eAAe,MAAM,EAAE,YAAY,MAAM;;;;;;4FAU9E,CAAA;AAEH,6EAA6E;AAC7E,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAA;IAC3B,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAA;IAClC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;IACnC,QAAQ,CAAC,cAAc,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;IACtC,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAC/B;AAED;;;GAGG;AACH,eAAO,MAAM,kBAAkB,GAC7B,UAAU,aAAa,CACrB;IACE,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,0BAA0B,CAAC,EAAE;QAAE,wBAAwB,CAAC,EAAE,MAAM,CAAA;KAAE,CAAA;CACnE,CACF,EACD,gBAAgB,GAAG,CAAC,MAAM,CAAC,KAC1B,KAAK,CAAC,gBAAgB,CAUlB,CAAA;AA8BP;;GAEG;AACH,eAAO,MAAM,cAAc,GAAI,eAAe,MAAM,EAAE,YAAY,MAAM;;;;WAYhB,KAAK,CAAC,MAAM,CAAC;UAAc,KAAK,CAAC,MAAM,CAAC;4FAC7F,CAAA;AA2HH,eAAO,MAAM,kBAAkB,GAAI,UAAU,MAAM,kGAKhD,CAAA;AAYH,eAAO,MAAM,eAAe,GAC1B,SAAS,aAAa,EACtB,UAAU;IAAE,MAAM,CAAC,EAAE,MAAM,GAAG,QAAQ,CAAA;CAAE,KACvC,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,cAAc,EAAE,eAAe,GAAG,UAAU,CAAC,UAAU,CA6ClF,CAAA"}