@lelu-auth/lelu 0.1.5 → 0.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{client-DY93sy4F.d.mts → client-DauLJ9a4.d.mts} +90 -0
- package/dist/{client-DY93sy4F.d.ts → client-DauLJ9a4.d.ts} +90 -0
- package/dist/express/index.d.mts +1 -1
- package/dist/express/index.d.ts +1 -1
- package/dist/express/index.js +84 -2
- package/dist/express/index.js.map +1 -1
- package/dist/express/index.mjs +84 -2
- package/dist/express/index.mjs.map +1 -1
- package/dist/index.d.mts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.js +84 -2
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +84 -2
- package/dist/index.mjs.map +1 -1
- package/dist/langchain/index.d.mts +1 -1
- package/dist/langchain/index.d.ts +1 -1
- package/dist/react/index.js +84 -2
- package/dist/react/index.js.map +1 -1
- package/dist/react/index.mjs +84 -2
- package/dist/react/index.mjs.map +1 -1
- package/package.json +1 -1
- package/scripts/audit-log.js +52 -11
- package/scripts/lelu.js +31 -8
- package/scripts/policies.js +241 -0
|
@@ -212,6 +212,92 @@ declare class AuthEngineError extends Error {
|
|
|
212
212
|
readonly details?: unknown | undefined;
|
|
213
213
|
constructor(message: string, status?: number | undefined, details?: unknown | undefined);
|
|
214
214
|
}
|
|
215
|
+
interface Policy {
|
|
216
|
+
id: string;
|
|
217
|
+
tenantId: string;
|
|
218
|
+
name: string;
|
|
219
|
+
content: string;
|
|
220
|
+
version: string;
|
|
221
|
+
hmacSha256: string;
|
|
222
|
+
createdAt: string;
|
|
223
|
+
updatedAt: string;
|
|
224
|
+
}
|
|
225
|
+
interface Policy {
|
|
226
|
+
id: string;
|
|
227
|
+
tenantId: string;
|
|
228
|
+
name: string;
|
|
229
|
+
content: string;
|
|
230
|
+
version: string;
|
|
231
|
+
hmacSha256: string;
|
|
232
|
+
createdAt: string;
|
|
233
|
+
updatedAt: string;
|
|
234
|
+
}
|
|
235
|
+
interface ListPoliciesRequest {
|
|
236
|
+
/** Tenant ID (defaults to "default") */
|
|
237
|
+
tenantId?: string;
|
|
238
|
+
}
|
|
239
|
+
interface ListPoliciesRequest {
|
|
240
|
+
/** Tenant ID (defaults to "default") */
|
|
241
|
+
tenantId?: string;
|
|
242
|
+
}
|
|
243
|
+
interface ListPoliciesResult {
|
|
244
|
+
policies: Policy[];
|
|
245
|
+
count: number;
|
|
246
|
+
}
|
|
247
|
+
interface ListPoliciesResult {
|
|
248
|
+
policies: Policy[];
|
|
249
|
+
count: number;
|
|
250
|
+
}
|
|
251
|
+
interface GetPolicyRequest {
|
|
252
|
+
/** Policy name */
|
|
253
|
+
name: string;
|
|
254
|
+
/** Tenant ID (defaults to "default") */
|
|
255
|
+
tenantId?: string;
|
|
256
|
+
}
|
|
257
|
+
interface GetPolicyRequest {
|
|
258
|
+
/** Policy name */
|
|
259
|
+
name: string;
|
|
260
|
+
/** Tenant ID (defaults to "default") */
|
|
261
|
+
tenantId?: string;
|
|
262
|
+
}
|
|
263
|
+
interface UpsertPolicyRequest {
|
|
264
|
+
/** Policy name */
|
|
265
|
+
name: string;
|
|
266
|
+
/** Policy content (Rego code) */
|
|
267
|
+
content: string;
|
|
268
|
+
/** Policy version (defaults to "1.0") */
|
|
269
|
+
version?: string;
|
|
270
|
+
/** Tenant ID (defaults to "default") */
|
|
271
|
+
tenantId?: string;
|
|
272
|
+
}
|
|
273
|
+
interface UpsertPolicyRequest {
|
|
274
|
+
/** Policy name */
|
|
275
|
+
name: string;
|
|
276
|
+
/** Policy content (Rego code) */
|
|
277
|
+
content: string;
|
|
278
|
+
/** Policy version (defaults to "1.0") */
|
|
279
|
+
version?: string;
|
|
280
|
+
/** Tenant ID (defaults to "default") */
|
|
281
|
+
tenantId?: string;
|
|
282
|
+
}
|
|
283
|
+
interface DeletePolicyRequest {
|
|
284
|
+
/** Policy name */
|
|
285
|
+
name: string;
|
|
286
|
+
/** Tenant ID (defaults to "default") */
|
|
287
|
+
tenantId?: string;
|
|
288
|
+
}
|
|
289
|
+
interface DeletePolicyRequest {
|
|
290
|
+
/** Policy name */
|
|
291
|
+
name: string;
|
|
292
|
+
/** Tenant ID (defaults to "default") */
|
|
293
|
+
tenantId?: string;
|
|
294
|
+
}
|
|
295
|
+
interface DeletePolicyResult {
|
|
296
|
+
deleted: boolean;
|
|
297
|
+
}
|
|
298
|
+
interface DeletePolicyResult {
|
|
299
|
+
deleted: boolean;
|
|
300
|
+
}
|
|
215
301
|
|
|
216
302
|
/**
|
|
217
303
|
* LeluClient is the core SDK entry-point. It communicates with the local
|
|
@@ -274,6 +360,10 @@ declare class LeluClient {
|
|
|
274
360
|
* Requires the platform service to be running (not just the engine).
|
|
275
361
|
*/
|
|
276
362
|
listAuditEvents(req?: ListAuditEventsRequest): Promise<ListAuditEventsResult>;
|
|
363
|
+
listPolicies(req?: ListPoliciesRequest): Promise<ListPoliciesResult>;
|
|
364
|
+
getPolicy(req: GetPolicyRequest): Promise<Policy>;
|
|
365
|
+
upsertPolicy(req: UpsertPolicyRequest): Promise<Policy>;
|
|
366
|
+
deletePolicy(req: DeletePolicyRequest): Promise<DeletePolicyResult>;
|
|
277
367
|
private headers;
|
|
278
368
|
private post;
|
|
279
369
|
private delete;
|
|
@@ -212,6 +212,92 @@ declare class AuthEngineError extends Error {
|
|
|
212
212
|
readonly details?: unknown | undefined;
|
|
213
213
|
constructor(message: string, status?: number | undefined, details?: unknown | undefined);
|
|
214
214
|
}
|
|
215
|
+
interface Policy {
|
|
216
|
+
id: string;
|
|
217
|
+
tenantId: string;
|
|
218
|
+
name: string;
|
|
219
|
+
content: string;
|
|
220
|
+
version: string;
|
|
221
|
+
hmacSha256: string;
|
|
222
|
+
createdAt: string;
|
|
223
|
+
updatedAt: string;
|
|
224
|
+
}
|
|
225
|
+
interface Policy {
|
|
226
|
+
id: string;
|
|
227
|
+
tenantId: string;
|
|
228
|
+
name: string;
|
|
229
|
+
content: string;
|
|
230
|
+
version: string;
|
|
231
|
+
hmacSha256: string;
|
|
232
|
+
createdAt: string;
|
|
233
|
+
updatedAt: string;
|
|
234
|
+
}
|
|
235
|
+
interface ListPoliciesRequest {
|
|
236
|
+
/** Tenant ID (defaults to "default") */
|
|
237
|
+
tenantId?: string;
|
|
238
|
+
}
|
|
239
|
+
interface ListPoliciesRequest {
|
|
240
|
+
/** Tenant ID (defaults to "default") */
|
|
241
|
+
tenantId?: string;
|
|
242
|
+
}
|
|
243
|
+
interface ListPoliciesResult {
|
|
244
|
+
policies: Policy[];
|
|
245
|
+
count: number;
|
|
246
|
+
}
|
|
247
|
+
interface ListPoliciesResult {
|
|
248
|
+
policies: Policy[];
|
|
249
|
+
count: number;
|
|
250
|
+
}
|
|
251
|
+
interface GetPolicyRequest {
|
|
252
|
+
/** Policy name */
|
|
253
|
+
name: string;
|
|
254
|
+
/** Tenant ID (defaults to "default") */
|
|
255
|
+
tenantId?: string;
|
|
256
|
+
}
|
|
257
|
+
interface GetPolicyRequest {
|
|
258
|
+
/** Policy name */
|
|
259
|
+
name: string;
|
|
260
|
+
/** Tenant ID (defaults to "default") */
|
|
261
|
+
tenantId?: string;
|
|
262
|
+
}
|
|
263
|
+
interface UpsertPolicyRequest {
|
|
264
|
+
/** Policy name */
|
|
265
|
+
name: string;
|
|
266
|
+
/** Policy content (Rego code) */
|
|
267
|
+
content: string;
|
|
268
|
+
/** Policy version (defaults to "1.0") */
|
|
269
|
+
version?: string;
|
|
270
|
+
/** Tenant ID (defaults to "default") */
|
|
271
|
+
tenantId?: string;
|
|
272
|
+
}
|
|
273
|
+
interface UpsertPolicyRequest {
|
|
274
|
+
/** Policy name */
|
|
275
|
+
name: string;
|
|
276
|
+
/** Policy content (Rego code) */
|
|
277
|
+
content: string;
|
|
278
|
+
/** Policy version (defaults to "1.0") */
|
|
279
|
+
version?: string;
|
|
280
|
+
/** Tenant ID (defaults to "default") */
|
|
281
|
+
tenantId?: string;
|
|
282
|
+
}
|
|
283
|
+
interface DeletePolicyRequest {
|
|
284
|
+
/** Policy name */
|
|
285
|
+
name: string;
|
|
286
|
+
/** Tenant ID (defaults to "default") */
|
|
287
|
+
tenantId?: string;
|
|
288
|
+
}
|
|
289
|
+
interface DeletePolicyRequest {
|
|
290
|
+
/** Policy name */
|
|
291
|
+
name: string;
|
|
292
|
+
/** Tenant ID (defaults to "default") */
|
|
293
|
+
tenantId?: string;
|
|
294
|
+
}
|
|
295
|
+
interface DeletePolicyResult {
|
|
296
|
+
deleted: boolean;
|
|
297
|
+
}
|
|
298
|
+
interface DeletePolicyResult {
|
|
299
|
+
deleted: boolean;
|
|
300
|
+
}
|
|
215
301
|
|
|
216
302
|
/**
|
|
217
303
|
* LeluClient is the core SDK entry-point. It communicates with the local
|
|
@@ -274,6 +360,10 @@ declare class LeluClient {
|
|
|
274
360
|
* Requires the platform service to be running (not just the engine).
|
|
275
361
|
*/
|
|
276
362
|
listAuditEvents(req?: ListAuditEventsRequest): Promise<ListAuditEventsResult>;
|
|
363
|
+
listPolicies(req?: ListPoliciesRequest): Promise<ListPoliciesResult>;
|
|
364
|
+
getPolicy(req: GetPolicyRequest): Promise<Policy>;
|
|
365
|
+
upsertPolicy(req: UpsertPolicyRequest): Promise<Policy>;
|
|
366
|
+
deletePolicy(req: DeletePolicyRequest): Promise<DeletePolicyResult>;
|
|
277
367
|
private headers;
|
|
278
368
|
private post;
|
|
279
369
|
private delete;
|
package/dist/express/index.d.mts
CHANGED
package/dist/express/index.d.ts
CHANGED
package/dist/express/index.js
CHANGED
|
@@ -194,7 +194,7 @@ var LeluClient = class {
|
|
|
194
194
|
const ctrl = new AbortController();
|
|
195
195
|
const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);
|
|
196
196
|
try {
|
|
197
|
-
const url = `${this.baseUrl}/v1/audit${params.toString() ? `?${params.toString()}` : ""}`;
|
|
197
|
+
const url = `${this.baseUrl}/api/v1/audit${params.toString() ? `?${params.toString()}` : ""}`;
|
|
198
198
|
const res = await fetch(url, {
|
|
199
199
|
method: "GET",
|
|
200
200
|
headers,
|
|
@@ -202,7 +202,7 @@ var LeluClient = class {
|
|
|
202
202
|
});
|
|
203
203
|
const data = await this.parseResponse(res);
|
|
204
204
|
return {
|
|
205
|
-
events: data.events,
|
|
205
|
+
events: data.events || [],
|
|
206
206
|
count: data.count,
|
|
207
207
|
limit: data.limit,
|
|
208
208
|
cursor: data.cursor,
|
|
@@ -212,6 +212,88 @@ var LeluClient = class {
|
|
|
212
212
|
clearTimeout(timer);
|
|
213
213
|
}
|
|
214
214
|
}
|
|
215
|
+
// ─── Policy Management ────────────────────────────────────────────────────────
|
|
216
|
+
async listPolicies(req = {}) {
|
|
217
|
+
const headers = this.headers();
|
|
218
|
+
if (req.tenantId) {
|
|
219
|
+
headers["X-Tenant-ID"] = req.tenantId;
|
|
220
|
+
}
|
|
221
|
+
const ctrl = new AbortController();
|
|
222
|
+
const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);
|
|
223
|
+
try {
|
|
224
|
+
const res = await fetch(`${this.baseUrl}/api/v1/policies`, {
|
|
225
|
+
method: "GET",
|
|
226
|
+
headers,
|
|
227
|
+
signal: ctrl.signal
|
|
228
|
+
});
|
|
229
|
+
const data = await this.parseResponse(res);
|
|
230
|
+
return {
|
|
231
|
+
policies: data.policies || [],
|
|
232
|
+
count: data.count
|
|
233
|
+
};
|
|
234
|
+
} finally {
|
|
235
|
+
clearTimeout(timer);
|
|
236
|
+
}
|
|
237
|
+
}
|
|
238
|
+
async getPolicy(req) {
|
|
239
|
+
const headers = this.headers();
|
|
240
|
+
if (req.tenantId) {
|
|
241
|
+
headers["X-Tenant-ID"] = req.tenantId;
|
|
242
|
+
}
|
|
243
|
+
const ctrl = new AbortController();
|
|
244
|
+
const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);
|
|
245
|
+
try {
|
|
246
|
+
const res = await fetch(`${this.baseUrl}/api/v1/policies/${encodeURIComponent(req.name)}`, {
|
|
247
|
+
method: "GET",
|
|
248
|
+
headers,
|
|
249
|
+
signal: ctrl.signal
|
|
250
|
+
});
|
|
251
|
+
return await this.parseResponse(res);
|
|
252
|
+
} finally {
|
|
253
|
+
clearTimeout(timer);
|
|
254
|
+
}
|
|
255
|
+
}
|
|
256
|
+
async upsertPolicy(req) {
|
|
257
|
+
const headers = this.headers();
|
|
258
|
+
if (req.tenantId) {
|
|
259
|
+
headers["X-Tenant-ID"] = req.tenantId;
|
|
260
|
+
}
|
|
261
|
+
const body = {
|
|
262
|
+
content: req.content,
|
|
263
|
+
version: req.version || "1.0"
|
|
264
|
+
};
|
|
265
|
+
const ctrl = new AbortController();
|
|
266
|
+
const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);
|
|
267
|
+
try {
|
|
268
|
+
const res = await fetch(`${this.baseUrl}/api/v1/policies/${encodeURIComponent(req.name)}`, {
|
|
269
|
+
method: "PUT",
|
|
270
|
+
headers,
|
|
271
|
+
body: JSON.stringify(body),
|
|
272
|
+
signal: ctrl.signal
|
|
273
|
+
});
|
|
274
|
+
return await this.parseResponse(res);
|
|
275
|
+
} finally {
|
|
276
|
+
clearTimeout(timer);
|
|
277
|
+
}
|
|
278
|
+
}
|
|
279
|
+
async deletePolicy(req) {
|
|
280
|
+
const headers = this.headers();
|
|
281
|
+
if (req.tenantId) {
|
|
282
|
+
headers["X-Tenant-ID"] = req.tenantId;
|
|
283
|
+
}
|
|
284
|
+
const ctrl = new AbortController();
|
|
285
|
+
const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);
|
|
286
|
+
try {
|
|
287
|
+
const res = await fetch(`${this.baseUrl}/api/v1/policies/${encodeURIComponent(req.name)}`, {
|
|
288
|
+
method: "DELETE",
|
|
289
|
+
headers,
|
|
290
|
+
signal: ctrl.signal
|
|
291
|
+
});
|
|
292
|
+
return await this.parseResponse(res);
|
|
293
|
+
} finally {
|
|
294
|
+
clearTimeout(timer);
|
|
295
|
+
}
|
|
296
|
+
}
|
|
215
297
|
// ── HTTP helpers ───────────────────────────────────────────────────────────
|
|
216
298
|
headers() {
|
|
217
299
|
const h = { "Content-Type": "application/json" };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/types.ts","../../src/client.ts","../../src/express/index.ts"],"names":["z"],"mappings":";;;;;AAIO,IAAM,iBAAA,GAAoBA,MAAE,MAAA,CAAO;AAAA,EACxC,QAAQA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,oBAAoB,CAAA;AAAA,EAC9C,QAAQA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,oBAAoB,CAAA;AAAA,EAC9C,UAAUA,KAAA,CAAE,MAAA,CAAOA,MAAE,MAAA,EAAQ,EAAE,QAAA;AACjC,CAAC,CAAA;AAEM,IAAM,kBAAA,GAAqBA,MAAE,MAAA,CAAO;AAAA;AAAA,EAEzC,UAAA,EAAYA,MAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA;AAAA,EAEnC,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAE/B,KAAA,EAAOA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACpB,CAAC,CAAA;AAEM,IAAM,sBAAA,GAAyBA,MAAE,MAAA,CAAO;AAAA,EAC7C,OAAOA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,mBAAmB,CAAA;AAAA,EAC5C,QAAQA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,oBAAoB,CAAA;AAAA,EAC9C,UAAUA,KAAA,CAAE,MAAA,CAAOA,MAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA,EACxC,OAAA,EAAS;AACX,CAAC,CAAA;AAEM,IAAM,sBAAA,GAAyBA,MAAE,MAAA,CAAO;AAAA,EAC7C,KAAA,EAAOA,KAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACvB,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,UAAA,EAAYA,MAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA;AAC1C,CAAC,CAAA;AAEM,IAAM,0BAAA,GAA6BA,MAAE,MAAA,CAAO;AAAA,EACjD,WAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,uBAAuB,CAAA;AAAA,EACpD,WAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,uBAAuB,CAAA;AAAA,EACpD,QAAA,EAAUA,KAAA,CAAE,KAAA,CAAMA,KAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EAC9C,UAAA,EAAYA,MAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EACjD,UAAA,EAAYA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EAC9C,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,QAAA,EAAUA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACvB,CAAC,CAAA;AA4HM,IAAM,eAAA,GAAN,cAA8B,KAAA,CAAM;AAAA,EACzC,WAAA,CACE,OAAA,EACgB,MAAA,EACA,OAAA,EAChB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAHG,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAGhB,IAAA,IAAA,CAAK,IAAA,GAAO,iBAAA;AAAA,EACd;AACF,CAAA;;;ACnIO,IAAM,aAAN,MAAiB;AAAA,EACL,OAAA;AAAA,EACA,SAAA;AAAA,EACA,MAAA;AAAA,EAEjB,WAAA,CAAY,GAAA,GAAoB,EAAC,EAAG;AAClC,IAAA,MAAM,UAAA,GACJ,OAAO,OAAA,KAAY,WAAA,IAAe,QAAQ,GAAA,GACtC,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA,GAC3B,MAAA;AACN,IAAA,IAAA,CAAK,WAAW,GAAA,CAAI,OAAA,IAAW,cAAc,uBAAA,EAAyB,OAAA,CAAQ,OAAO,EAAE,CAAA;AACvF,IAAA,IAAA,CAAK,SAAA,GAAY,IAAI,SAAA,IAAa,GAAA;AAClC,IAAA,IAAA,CAAK,SAAS,GAAA,CAAI,MAAA;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,UAAU,GAAA,EAAyC;AACvD,IAAA,MAAM,SAAA,GAAY,iBAAA,CAAkB,KAAA,CAAM,GAAG,CAAA;AAC7C,IAAA,MAAM,IAAA,GAAO;AAAA,MACX,SAAS,SAAA,CAAU,MAAA;AAAA,MACnB,QAAQ,SAAA,CAAU,MAAA;AAAA,MAClB,UAAU,SAAA,CAAU;AAAA,KACtB;AACA,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,IAAA,CAIrB,iBAAiB,IAAI,CAAA;AAExB,IAAA,OAAO;AAAA,MACL,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,SAAS,IAAA,CAAK;AAAA,KAChB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,eAAe,GAAA,EAAmD;AACtE,IAAA,MAAM,SAAA,GAAY,sBAAA,CAAuB,KAAA,CAAM,GAAG,CAAA;AAClD,IAAA,MAAM,IAAA,GAAO;AAAA,MACX,OAAO,SAAA,CAAU,KAAA;AAAA,MACjB,QAAQ,SAAA,CAAU,MAAA;AAAA,MAClB,UAAU,SAAA,CAAU,QAAA;AAAA,MACpB,UAAA,EAAY,UAAU,OAAA,CAAQ,UAAA;AAAA,MAC9B,UAAA,EAAY,UAAU,OAAA,CAAQ,SAAA;AAAA,MAC9B,KAAA,EAAO,UAAU,OAAA,CAAQ;AAAA,KAC3B;AACA,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,IAAA,CAOrB,uBAAuB,IAAI,CAAA;AAE9B,IAAA,OAAO;AAAA,MACL,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,SAAS,IAAA,CAAK,QAAA;AAAA,MACd,iBAAiB,IAAA,CAAK,gBAAA;AAAA,MACtB,qBAAqB,IAAA,CAAK,qBAAA;AAAA,MAC1B,gBAAgB,IAAA,CAAK;AAAA,KACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,UAAU,GAAA,EAAiD;AAC/D,IAAA,MAAM,SAAA,GAAY,sBAAA,CAAuB,KAAA,CAAM,GAAG,CAAA;AAClD,IAAA,MAAM,IAAA,GAAO;AAAA,MACX,OAAO,SAAA,CAAU,KAAA;AAAA,MACjB,YAAY,SAAA,CAAU,SAAA;AAAA,MACtB,WAAA,EAAa,UAAU,UAAA,IAAc;AAAA,KACvC;AACA,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,IAAA,CAIrB,mBAAmB,IAAI,CAAA;AAE1B,IAAA,OAAO;AAAA,MACL,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,SAAS,IAAA,CAAK,QAAA;AAAA,MACd,SAAA,EAAW,IAAI,IAAA,CAAK,IAAA,CAAK,aAAa,GAAI;AAAA,KAC5C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,YAAY,OAAA,EAA6C;AAC7D,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,MAAA;AAAA,MACtB,CAAA,WAAA,EAAc,kBAAA,CAAmB,OAAO,CAAC,CAAA;AAAA,KAC3C;AACA,IAAA,OAAO,EAAE,OAAA,EAAS,IAAA,CAAK,OAAA,EAAQ;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,cAAc,GAAA,EAAyD;AAC3E,IAAA,MAAM,SAAA,GAAY,0BAAA,CAA2B,KAAA,CAAM,GAAG,CAAA;AACtD,IAAA,MAAM,IAAA,GAAO;AAAA,MACX,WAAW,SAAA,CAAU,SAAA;AAAA,MACrB,WAAW,SAAA,CAAU,SAAA;AAAA,MACrB,SAAA,EAAW,SAAA,CAAU,QAAA,IAAY,EAAC;AAAA,MAClC,WAAA,EAAa,UAAU,UAAA,IAAc,EAAA;AAAA,MACrC,UAAA,EAAY,UAAU,UAAA,IAAc,CAAA;AAAA,MACpC,UAAA,EAAY,UAAU,SAAA,IAAa,EAAA;AAAA,MACnC,SAAA,EAAW,UAAU,QAAA,IAAY;AAAA,KACnC;AACA,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,IAAA,CAQrB,sBAAsB,IAAI,CAAA;AAE7B,IAAA,OAAO;AAAA,MACL,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,SAAS,IAAA,CAAK,QAAA;AAAA,MACd,SAAA,EAAW,IAAI,IAAA,CAAK,IAAA,CAAK,aAAa,GAAI,CAAA;AAAA,MAC1C,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,eAAe,IAAA,CAAK,cAAA;AAAA,MACpB,SAAS,IAAA,CAAK;AAAA,KAChB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,SAAA,GAA8B;AAClC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,GAAA,CAAwB,UAAU,CAAA;AAC1D,MAAA,OAAO,KAAK,MAAA,KAAW,IAAA;AAAA,IACzB,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,eAAA,CAAgB,GAAA,GAA8B,EAAC,EAAmC;AACtF,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,EAAgB;AAEnC,IAAA,IAAI,GAAA,CAAI,UAAU,MAAA,EAAW,MAAA,CAAO,IAAI,OAAA,EAAS,GAAA,CAAI,KAAA,CAAM,QAAA,EAAU,CAAA;AACrE,IAAA,IAAI,GAAA,CAAI,WAAW,MAAA,EAAW,MAAA,CAAO,IAAI,QAAA,EAAU,GAAA,CAAI,MAAA,CAAO,QAAA,EAAU,CAAA;AACxE,IAAA,IAAI,IAAI,KAAA,EAAO,MAAA,CAAO,GAAA,CAAI,OAAA,EAAS,IAAI,KAAK,CAAA;AAC5C,IAAA,IAAI,IAAI,MAAA,EAAQ,MAAA,CAAO,GAAA,CAAI,QAAA,EAAU,IAAI,MAAM,CAAA;AAC/C,IAAA,IAAI,IAAI,QAAA,EAAU,MAAA,CAAO,GAAA,CAAI,UAAA,EAAY,IAAI,QAAQ,CAAA;AACrD,IAAA,IAAI,IAAI,OAAA,EAAS,MAAA,CAAO,GAAA,CAAI,UAAA,EAAY,IAAI,OAAO,CAAA;AACnD,IAAA,IAAI,IAAI,IAAA,EAAM,MAAA,CAAO,GAAA,CAAI,MAAA,EAAQ,IAAI,IAAI,CAAA;AACzC,IAAA,IAAI,IAAI,EAAA,EAAI,MAAA,CAAO,GAAA,CAAI,IAAA,EAAM,IAAI,EAAE,CAAA;AAEnC,IAAA,MAAM,OAAA,GAAU,KAAK,OAAA,EAAQ;AAC7B,IAAA,IAAI,IAAI,QAAA,EAAU;AAChB,MAAA,OAAA,CAAQ,aAAa,IAAI,GAAA,CAAI,QAAA;AAAA,IAC/B;AAEA,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,KAAK,KAAA,EAAM,EAAG,KAAK,SAAS,CAAA;AAC3D,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,CAAA,EAAG,IAAA,CAAK,OAAO,CAAA,SAAA,EAAY,MAAA,CAAO,QAAA,EAAS,GAAI,CAAA,CAAA,EAAI,MAAA,CAAO,QAAA,EAAU,KAAK,EAAE,CAAA,CAAA;AACvF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,EAAK;AAAA,QAC3B,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA;AAAA,QACA,QAAQ,IAAA,CAAK;AAAA,OACd,CAAA;AAED,MAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,aAAA,CAMrB,GAAG,CAAA;AAEN,MAAA,OAAO;AAAA,QACL,QAAQ,IAAA,CAAK,MAAA;AAAA,QACb,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,QAAQ,IAAA,CAAK,MAAA;AAAA,QACb,YAAY,IAAA,CAAK;AAAA,OACnB;AAAA,IACF,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA;AAAA,EAIQ,OAAA,GAAkC;AACxC,IAAA,MAAM,CAAA,GAA4B,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AACvE,IAAA,IAAI,KAAK,MAAA,EAAQ;AACf,MAAA,CAAA,CAAE,eAAe,CAAA,GAAI,CAAA,OAAA,EAAU,IAAA,CAAK,MAAM,CAAA,CAAA;AAAA,IAC5C;AACA,IAAA,OAAO,CAAA;AAAA,EACT;AAAA,EAEA,MAAc,IAAA,CAAQ,IAAA,EAAc,IAAA,EAA2B;AAC7D,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,KAAK,KAAA,EAAM,EAAG,KAAK,SAAS,CAAA;AAC3D,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,KAAK,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI;AAAA,QAChD,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS,KAAK,OAAA,EAAQ;AAAA,QACtB,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,QACzB,QAAQ,IAAA,CAAK;AAAA,OACd,CAAA;AACD,MAAA,OAAO,IAAA,CAAK,cAAiB,GAAG,CAAA;AAAA,IAClC,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA,EAEA,MAAc,OAAU,IAAA,EAA0B;AAChD,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,KAAK,KAAA,EAAM,EAAG,KAAK,SAAS,CAAA;AAC3D,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,KAAK,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI;AAAA,QAChD,MAAA,EAAQ,QAAA;AAAA,QACR,OAAA,EAAS,KAAK,OAAA,EAAQ;AAAA,QACtB,QAAQ,IAAA,CAAK;AAAA,OACd,CAAA;AACD,MAAA,OAAO,IAAA,CAAK,cAAiB,GAAG,CAAA;AAAA,IAClC,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA,EAEA,MAAc,IAAO,IAAA,EAA0B;AAC7C,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,KAAK,KAAA,EAAM,EAAG,KAAK,SAAS,CAAA;AAC3D,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,KAAK,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI;AAAA,QAChD,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA,EAAS,KAAK,OAAA,EAAQ;AAAA,QACtB,QAAQ,IAAA,CAAK;AAAA,OACd,CAAA;AACD,MAAA,OAAO,IAAA,CAAK,cAAiB,GAAG,CAAA;AAAA,IAClC,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA,EAEA,MAAc,cAAiB,GAAA,EAA2B;AACxD,IAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAC7B,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,IAAI,eAAA;AAAA,QACP,IAAA,CAAK,OAAO,CAAA,IAAgB,cAAA;AAAA,QAC7B,GAAA,CAAI,MAAA;AAAA,QACJ;AAAA,OACF;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AACF,CAAA;;;AChTO,SAAS,SAAA,CAAU,MAAA,EAAgB,IAAA,GAAyB,EAAC,EAAmB;AACrF,EAAA,MAAM,YAAA,GAAoB;AAAA,IACxB,SAAS,IAAA,CAAK,OAAA,IAAW,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA,IAAK;AAAA,GAC3D;AACA,EAAA,MAAM,MAAA,GAAS,IAAA,CAAK,MAAA,IAAU,OAAA,CAAQ,IAAI,cAAc,CAAA;AACxD,EAAA,IAAI,WAAW,MAAA,EAAW;AACxB,IAAA,YAAA,CAAa,MAAA,GAAS,MAAA;AAAA,EACxB;AACA,EAAA,MAAM,MAAA,GAAS,IAAA,CAAK,MAAA,IAAU,IAAI,WAAW,YAAY,CAAA;AAEzD,EAAA,MAAM,WAAA,GAAc,KAAK,WAAA,IAAe,SAAA;AACxC,EAAA,MAAM,UAAA,GAAa,KAAK,UAAA,IAAc,CAAA;AAEtC,EAAA,OAAO,eAAe,aAAA,CACpB,GAAA,EACA,GAAA,EACA,IAAA,EACe;AACf,IAAA,MAAM,KAAA,GAAS,GAAA,CAAI,OAAA,CAAQ,WAAW,CAAA,IAA4B,WAAA;AAElE,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAAW,MAAM,MAAA,CAAO,cAAA,CAAe,EAAE,KAAA,EAAO,MAAA,EAAQ,OAAA,EAAS,EAAE,UAAA,EAAW,EAAG,CAAA;AAEvF,MAAA,IAAI,SAAS,OAAA,EAAS;AAEpB,QAAC,IAAoD,YAAA,GAAe,QAAA;AACpE,QAAA,IAAA,EAAK;AACL,QAAA;AAAA,MACF;AAEA,MAAA,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,CAAK;AAAA,QACnB,KAAA,EAAO,WAAA;AAAA,QACP,UAAU,QAAA,CAAS,OAAA;AAAA,QACnB,MAAA,EAAQ,SAAS,MAAA,IAAU,kBAAA;AAAA,QAC3B,KAAA;AAAA,QACA;AAAA,OACD,CAAA;AAAA,IACH,SAAS,GAAA,EAAK;AACZ,MAAA,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,CAAK;AAAA,QACnB,KAAA,EAAO,kBAAA;AAAA,QACP,SAAS,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,OAAO,GAAG;AAAA,OACzD,CAAA;AAAA,IACH;AAAA,EACF,CAAA;AACF","file":"index.js","sourcesContent":["import { z } from \"zod\";\r\n\r\n// ─── Request / Response schemas ───────────────────────────────────────────────\r\n\r\nexport const AuthRequestSchema = z.object({\r\n userId: z.string().min(1, \"userId is required\"),\r\n action: z.string().min(1, \"action is required\"),\r\n resource: z.record(z.string()).optional(),\r\n});\r\n\r\nexport const AgentContextSchema = z.object({\r\n /** LLM confidence score — 0.0 to 1.0 */\r\n confidence: z.number().min(0).max(1),\r\n /** User the agent is acting on behalf of */\r\n actingFor: z.string().optional(),\r\n /** Requested agent scope */\r\n scope: z.string().optional(),\r\n});\r\n\r\nexport const AgentAuthRequestSchema = z.object({\r\n actor: z.string().min(1, \"actor is required\"),\r\n action: z.string().min(1, \"action is required\"),\r\n resource: z.record(z.string()).optional(),\r\n context: AgentContextSchema,\r\n});\r\n\r\nexport const MintTokenRequestSchema = z.object({\r\n scope: z.string().min(1),\r\n actingFor: z.string().optional(),\r\n ttlSeconds: z.number().int().positive().optional(),\r\n});\r\n\r\nexport const DelegateScopeRequestSchema = z.object({\r\n delegator: z.string().min(1, \"delegator is required\"),\r\n delegatee: z.string().min(1, \"delegatee is required\"),\r\n scopedTo: z.array(z.string().min(1)).optional(),\r\n ttlSeconds: z.number().int().positive().optional(),\r\n confidence: z.number().min(0).max(1).optional(),\r\n actingFor: z.string().optional(),\r\n tenantId: z.string().optional(),\r\n});\r\n\r\n// ─── Decision types ───────────────────────────────────────────────────────────\r\n\r\nexport interface AuthDecision {\r\n allowed: boolean;\r\n reason: string;\r\n traceId: string;\r\n}\r\n\r\nexport interface AgentAuthDecision {\r\n allowed: boolean;\r\n reason: string;\r\n traceId: string;\r\n downgradedScope: string | undefined;\r\n requiresHumanReview: boolean;\r\n confidenceUsed: number;\r\n}\r\n\r\nexport interface MintTokenResult {\r\n token: string;\r\n tokenId: string;\r\n expiresAt: Date;\r\n}\r\n\r\nexport interface DelegateScopeRequest {\r\n /** Agent delegating the scope */\r\n delegator: string;\r\n /** Agent receiving the constrained sub-scope */\r\n delegatee: string;\r\n /** Actions to grant (must be subset of policy's can_delegate.scoped_to) */\r\n scopedTo?: string[];\r\n /** Token TTL in seconds — capped by the policy's max_ttl_seconds */\r\n ttlSeconds?: number;\r\n /** Delegator's confidence score — checked against require_confidence_above */\r\n confidence?: number;\r\n /** User the delegated agent acts on behalf of */\r\n actingFor?: string;\r\n tenantId?: string;\r\n}\r\n\r\nexport interface DelegateScopeResult {\r\n token: string;\r\n tokenId: string;\r\n expiresAt: Date;\r\n delegator: string;\r\n delegatee: string;\r\n grantedScopes: string[];\r\n traceId: string;\r\n}\r\n\r\nexport interface RevokeTokenResult {\r\n success: boolean;\r\n}\r\n\r\n// ─── Audit types ──────────────────────────────────────────────────────────────\r\n\r\nexport interface AuditEvent {\r\n id: number;\r\n tenantId: string;\r\n traceId: string;\r\n timestamp: string;\r\n actor: string;\r\n action: string;\r\n resource?: Record<string, string>;\r\n confidenceScore?: number;\r\n decision: string; // \"allowed\" | \"denied\" | \"human_review\"\r\n reason?: string;\r\n downgradedScope?: string;\r\n latencyMs: number;\r\n engineVersion?: string;\r\n policyVersion?: string;\r\n createdAt: string;\r\n}\r\n\r\nexport interface ListAuditEventsRequest {\r\n /** Maximum number of events to return (default: 20, max: 500) */\r\n limit?: number;\r\n /** Pagination cursor (offset) */\r\n cursor?: number;\r\n /** Filter by actor */\r\n actor?: string;\r\n /** Filter by action */\r\n action?: string;\r\n /** Filter by decision */\r\n decision?: string;\r\n /** Filter by trace ID */\r\n traceId?: string;\r\n /** Filter events from this timestamp (ISO 8601) */\r\n from?: string;\r\n /** Filter events to this timestamp (ISO 8601) */\r\n to?: string;\r\n /** Tenant ID (defaults to \"default\") */\r\n tenantId?: string;\r\n}\r\n\r\nexport interface ListAuditEventsResult {\r\n events: AuditEvent[];\r\n count: number;\r\n limit: number;\r\n cursor: number;\r\n nextCursor: number;\r\n}\r\n\r\n// ─── Typed Input types ───────────────────────────────────────────────────────\r\n\r\nexport type AuthRequest = z.infer<typeof AuthRequestSchema>;\r\nexport type AgentAuthRequest = z.infer<typeof AgentAuthRequestSchema>;\r\nexport type AgentContext = z.infer<typeof AgentContextSchema>;\r\nexport type MintTokenRequest = z.infer<typeof MintTokenRequestSchema>;\r\n\r\n// ─── Client config ────────────────────────────────────────────────────────────\r\n\r\nexport interface ClientConfig {\r\n /** Base URL of the Auth Permission Engine (defaults to LELU_BASE_URL env var, else http://localhost:8080) */\r\n baseUrl?: string;\r\n /** Request timeout in milliseconds (default: 5000) */\r\n timeoutMs?: number;\r\n /** Optional bearer token for authenticating with the engine */\r\n apiKey?: string;\r\n}\r\n\r\n// ─── Error type ───────────────────────────────────────────────────────────────\r\n\r\nexport class AuthEngineError extends Error {\r\n constructor(\r\n message: string,\r\n public readonly status?: number,\r\n public readonly details?: unknown\r\n ) {\r\n super(message);\r\n this.name = \"AuthEngineError\";\r\n }\r\n}\r\n","import {\r\n AuthEngineError,\r\n AuthRequestSchema,\r\n AgentAuthRequestSchema,\r\n MintTokenRequestSchema,\r\n DelegateScopeRequestSchema,\r\n type AuthDecision,\r\n type AgentAuthDecision,\r\n type MintTokenResult,\r\n type DelegateScopeResult,\r\n type DelegateScopeRequest,\r\n type RevokeTokenResult,\r\n type AuthRequest,\r\n type AgentAuthRequest,\r\n type MintTokenRequest,\r\n type ClientConfig,\r\n type AuditEvent,\r\n type ListAuditEventsRequest,\r\n type ListAuditEventsResult,\r\n} from \"./types.js\";\r\n\r\n// ─── Client ───────────────────────────────────────────────────────────────────\r\n\r\n/**\r\n * LeluClient is the core SDK entry-point. It communicates with the local\r\n * Auth Permission Engine sidecar over HTTP/JSON.\r\n *\r\n * @example\r\n * ```ts\r\n * const lelu = new LeluClient({ baseUrl: \"http://localhost:8080\" });\r\n *\r\n * const decision = await lelu.agentAuthorize({\r\n * actor: \"invoice_bot\",\r\n * action: \"approve_refunds\",\r\n * context: { confidence: 0.92, actingFor: \"user_123\" },\r\n * });\r\n *\r\n * if (!decision.allowed) {\r\n * console.log(decision.reason);\r\n * }\r\n * ```\r\n */\r\nexport class LeluClient {\r\n private readonly baseUrl: string;\r\n private readonly timeoutMs: number;\r\n private readonly apiKey: string | undefined;\r\n\r\n constructor(cfg: ClientConfig = {}) {\r\n const envBaseUrl =\r\n typeof process !== \"undefined\" && process.env\r\n ? process.env[\"LELU_BASE_URL\"]\r\n : undefined;\r\n this.baseUrl = (cfg.baseUrl ?? envBaseUrl ?? \"http://localhost:8080\").replace(/\\/$/, \"\");\r\n this.timeoutMs = cfg.timeoutMs ?? 5_000;\r\n this.apiKey = cfg.apiKey;\r\n }\r\n\r\n // ── Human authorization ────────────────────────────────────────────────────\r\n\r\n /**\r\n * Checks whether a human user is permitted to perform an action.\r\n */\r\n async authorize(req: AuthRequest): Promise<AuthDecision> {\r\n const validated = AuthRequestSchema.parse(req);\r\n const body = {\r\n user_id: validated.userId,\r\n action: validated.action,\r\n resource: validated.resource,\r\n };\r\n const data = await this.post<{\r\n allowed: boolean;\r\n reason: string;\r\n trace_id: string;\r\n }>(\"/v1/authorize\", body);\r\n\r\n return {\r\n allowed: data.allowed,\r\n reason: data.reason,\r\n traceId: data.trace_id,\r\n };\r\n }\r\n\r\n // ── Agent authorization ────────────────────────────────────────────────────\r\n\r\n /**\r\n * Checks whether an AI agent is permitted to perform an action, taking the\r\n * confidence score into account (Confidence-Aware Auth ★).\r\n */\r\n async agentAuthorize(req: AgentAuthRequest): Promise<AgentAuthDecision> {\r\n const validated = AgentAuthRequestSchema.parse(req);\r\n const body = {\r\n actor: validated.actor,\r\n action: validated.action,\r\n resource: validated.resource,\r\n confidence: validated.context.confidence,\r\n acting_for: validated.context.actingFor,\r\n scope: validated.context.scope,\r\n };\r\n const data = await this.post<{\r\n allowed: boolean;\r\n reason: string;\r\n trace_id: string;\r\n downgraded_scope?: string;\r\n requires_human_review: boolean;\r\n confidence_used: number;\r\n }>(\"/v1/agent/authorize\", body);\r\n\r\n return {\r\n allowed: data.allowed,\r\n reason: data.reason,\r\n traceId: data.trace_id,\r\n downgradedScope: data.downgraded_scope,\r\n requiresHumanReview: data.requires_human_review,\r\n confidenceUsed: data.confidence_used,\r\n };\r\n }\r\n\r\n // ── JIT Token minting ──────────────────────────────────────────────────────\r\n\r\n /**\r\n * Mints a scoped JWT for an agent with an optional TTL.\r\n * Default TTL is 60 seconds.\r\n */\r\n async mintToken(req: MintTokenRequest): Promise<MintTokenResult> {\r\n const validated = MintTokenRequestSchema.parse(req);\r\n const body = {\r\n scope: validated.scope,\r\n acting_for: validated.actingFor,\r\n ttl_seconds: validated.ttlSeconds ?? 60,\r\n };\r\n const data = await this.post<{\r\n token: string;\r\n token_id: string;\r\n expires_at: number;\r\n }>(\"/v1/tokens/mint\", body);\r\n\r\n return {\r\n token: data.token,\r\n tokenId: data.token_id,\r\n expiresAt: new Date(data.expires_at * 1000),\r\n };\r\n }\r\n\r\n // ── Token revocation ───────────────────────────────────────────────────────\r\n\r\n /**\r\n * Immediately revokes a JIT token by its ID.\r\n */\r\n async revokeToken(tokenId: string): Promise<RevokeTokenResult> {\r\n const data = await this.delete<{ success: boolean }>(\r\n `/v1/tokens/${encodeURIComponent(tokenId)}`\r\n );\r\n return { success: data.success };\r\n }\r\n\r\n // ── Multi-agent delegation ─────────────────────────────────────────────────\r\n\r\n /**\r\n * Delegates a constrained sub-scope from one agent to another.\r\n *\r\n * Validates the delegation rule in the loaded policy, caps the TTL to the\r\n * policy maximum, and mints a child JIT token scoped to the granted actions.\r\n *\r\n * The delegator's `confidence` score is checked against the policy's\r\n * `require_confidence_above` before delegation is granted.\r\n */\r\n async delegateScope(req: DelegateScopeRequest): Promise<DelegateScopeResult> {\r\n const validated = DelegateScopeRequestSchema.parse(req);\r\n const body = {\r\n delegator: validated.delegator,\r\n delegatee: validated.delegatee,\r\n scoped_to: validated.scopedTo ?? [],\r\n ttl_seconds: validated.ttlSeconds ?? 60,\r\n confidence: validated.confidence ?? 1.0,\r\n acting_for: validated.actingFor ?? \"\",\r\n tenant_id: validated.tenantId ?? \"\",\r\n };\r\n const data = await this.post<{\r\n token: string;\r\n token_id: string;\r\n expires_at: number;\r\n delegator: string;\r\n delegatee: string;\r\n granted_scopes: string[];\r\n trace_id: string;\r\n }>(\"/v1/agent/delegate\", body);\r\n\r\n return {\r\n token: data.token,\r\n tokenId: data.token_id,\r\n expiresAt: new Date(data.expires_at * 1000),\r\n delegator: data.delegator,\r\n delegatee: data.delegatee,\r\n grantedScopes: data.granted_scopes,\r\n traceId: data.trace_id,\r\n };\r\n }\r\n\r\n // ── Health check ───────────────────────────────────────────────────────────\r\n\r\n /**\r\n * Returns true if the engine is reachable and healthy.\r\n */\r\n async isHealthy(): Promise<boolean> {\r\n try {\r\n const data = await this.get<{ status: string }>(\"/healthz\");\r\n return data.status === \"ok\";\r\n } catch {\r\n return false;\r\n }\r\n }\r\n\r\n // ── Audit log ──────────────────────────────────────────────────────────────\r\n\r\n /**\r\n * Lists audit events from the platform API.\r\n * Requires the platform service to be running (not just the engine).\r\n */\r\n async listAuditEvents(req: ListAuditEventsRequest = {}): Promise<ListAuditEventsResult> {\r\n const params = new URLSearchParams();\r\n \r\n if (req.limit !== undefined) params.set(\"limit\", req.limit.toString());\r\n if (req.cursor !== undefined) params.set(\"cursor\", req.cursor.toString());\r\n if (req.actor) params.set(\"actor\", req.actor);\r\n if (req.action) params.set(\"action\", req.action);\r\n if (req.decision) params.set(\"decision\", req.decision);\r\n if (req.traceId) params.set(\"trace_id\", req.traceId);\r\n if (req.from) params.set(\"from\", req.from);\r\n if (req.to) params.set(\"to\", req.to);\r\n\r\n const headers = this.headers();\r\n if (req.tenantId) {\r\n headers[\"X-Tenant-ID\"] = req.tenantId;\r\n }\r\n\r\n const ctrl = new AbortController();\r\n const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);\r\n try {\r\n const url = `${this.baseUrl}/v1/audit${params.toString() ? `?${params.toString()}` : \"\"}`;\r\n const res = await fetch(url, {\r\n method: \"GET\",\r\n headers,\r\n signal: ctrl.signal,\r\n });\r\n \r\n const data = await this.parseResponse<{\r\n events: AuditEvent[];\r\n count: number;\r\n limit: number;\r\n cursor: number;\r\n next_cursor: number;\r\n }>(res);\r\n\r\n return {\r\n events: data.events,\r\n count: data.count,\r\n limit: data.limit,\r\n cursor: data.cursor,\r\n nextCursor: data.next_cursor,\r\n };\r\n } finally {\r\n clearTimeout(timer);\r\n }\r\n }\r\n\r\n // ── HTTP helpers ───────────────────────────────────────────────────────────\r\n\r\n private headers(): Record<string, string> {\r\n const h: Record<string, string> = { \"Content-Type\": \"application/json\" };\r\n if (this.apiKey) {\r\n h[\"Authorization\"] = `Bearer ${this.apiKey}`;\r\n }\r\n return h;\r\n }\r\n\r\n private async post<T>(path: string, body: unknown): Promise<T> {\r\n const ctrl = new AbortController();\r\n const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);\r\n try {\r\n const res = await fetch(`${this.baseUrl}${path}`, {\r\n method: \"POST\",\r\n headers: this.headers(),\r\n body: JSON.stringify(body),\r\n signal: ctrl.signal,\r\n });\r\n return this.parseResponse<T>(res);\r\n } finally {\r\n clearTimeout(timer);\r\n }\r\n }\r\n\r\n private async delete<T>(path: string): Promise<T> {\r\n const ctrl = new AbortController();\r\n const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);\r\n try {\r\n const res = await fetch(`${this.baseUrl}${path}`, {\r\n method: \"DELETE\",\r\n headers: this.headers(),\r\n signal: ctrl.signal,\r\n });\r\n return this.parseResponse<T>(res);\r\n } finally {\r\n clearTimeout(timer);\r\n }\r\n }\r\n\r\n private async get<T>(path: string): Promise<T> {\r\n const ctrl = new AbortController();\r\n const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);\r\n try {\r\n const res = await fetch(`${this.baseUrl}${path}`, {\r\n method: \"GET\",\r\n headers: this.headers(),\r\n signal: ctrl.signal,\r\n });\r\n return this.parseResponse<T>(res);\r\n } finally {\r\n clearTimeout(timer);\r\n }\r\n }\r\n\r\n private async parseResponse<T>(res: Response): Promise<T> {\r\n const json = (await res.json()) as Record<string, unknown>;\r\n if (!res.ok) {\r\n throw new AuthEngineError(\r\n (json[\"error\"] as string) ?? \"engine error\",\r\n res.status,\r\n json\r\n );\r\n }\r\n return json as T;\r\n }\r\n}\r\n","import type { Request, Response, NextFunction, RequestHandler } from \"express\";\r\nimport { LeluClient } from \"../client\";\r\n\r\nexport interface AuthorizeOptions {\r\n /** Base URL of the Lelu engine (default: http://localhost:8080) */\r\n baseUrl?: string;\r\n /** API key for the Lelu engine */\r\n apiKey?: string;\r\n /** HTTP header that carries the actor identifier (default: x-actor) */\r\n actorHeader?: string;\r\n /** Confidence score to pass to the engine (default: 1.0) */\r\n confidence?: number;\r\n /** Explicit LeluClient instance (overrides baseUrl/apiKey) */\r\n client?: LeluClient;\r\n}\r\n\r\n/**\r\n * Express middleware factory that calls the Lelu engine and either calls\r\n * `next()` (allowed) or returns a 403 JSON response (denied / human_review).\r\n *\r\n * ```ts\r\n * import express from \"express\";\r\n * import { authorize } from \"@lelu/sdk/express\";\r\n *\r\n * const app = express();\r\n * app.get(\"/sensitive\", authorize(\"files.read\", { confidence: 0.9 }), handler);\r\n * ```\r\n */\r\nexport function authorize(action: string, opts: AuthorizeOptions = {}): RequestHandler {\r\n const clientConfig: any = {\r\n baseUrl: opts.baseUrl ?? process.env[\"LELU_BASE_URL\"] ?? \"http://localhost:8080\",\r\n };\r\n const apiKey = opts.apiKey ?? process.env[\"LELU_API_KEY\"];\r\n if (apiKey !== undefined) {\r\n clientConfig.apiKey = apiKey;\r\n }\r\n const client = opts.client ?? new LeluClient(clientConfig);\r\n\r\n const actorHeader = opts.actorHeader ?? \"x-actor\";\r\n const confidence = opts.confidence ?? 1.0;\r\n\r\n return async function leluAuthorize(\r\n req: Request,\r\n res: Response,\r\n next: NextFunction\r\n ): Promise<void> {\r\n const actor = (req.headers[actorHeader] as string | undefined) ?? \"anonymous\";\r\n\r\n try {\r\n const decision = await client.agentAuthorize({ actor, action, context: { confidence } });\r\n\r\n if (decision.allowed) {\r\n // Attach decision to request for downstream handlers\r\n (req as Request & { leluDecision: typeof decision }).leluDecision = decision;\r\n next();\r\n return;\r\n }\r\n\r\n res.status(403).json({\r\n error: \"forbidden\",\r\n decision: decision.allowed,\r\n reason: decision.reason ?? \"denied by policy\",\r\n actor,\r\n action,\r\n });\r\n } catch (err) {\r\n res.status(503).json({\r\n error: \"lelu_unavailable\",\r\n message: err instanceof Error ? err.message : String(err),\r\n });\r\n }\r\n };\r\n}\r\n"]}
|
|
1
|
+
{"version":3,"sources":["../../src/types.ts","../../src/client.ts","../../src/express/index.ts"],"names":["z"],"mappings":";;;;;AAIO,IAAM,iBAAA,GAAoBA,MAAE,MAAA,CAAO;AAAA,EACxC,QAAQA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,oBAAoB,CAAA;AAAA,EAC9C,QAAQA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,oBAAoB,CAAA;AAAA,EAC9C,UAAUA,KAAA,CAAE,MAAA,CAAOA,MAAE,MAAA,EAAQ,EAAE,QAAA;AACjC,CAAC,CAAA;AAEM,IAAM,kBAAA,GAAqBA,MAAE,MAAA,CAAO;AAAA;AAAA,EAEzC,UAAA,EAAYA,MAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA,CAAE,IAAI,CAAC,CAAA;AAAA;AAAA,EAEnC,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAE/B,KAAA,EAAOA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACpB,CAAC,CAAA;AAEM,IAAM,sBAAA,GAAyBA,MAAE,MAAA,CAAO;AAAA,EAC7C,OAAOA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,mBAAmB,CAAA;AAAA,EAC5C,QAAQA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,oBAAoB,CAAA;AAAA,EAC9C,UAAUA,KAAA,CAAE,MAAA,CAAOA,MAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA,EACxC,OAAA,EAAS;AACX,CAAC,CAAA;AAEM,IAAM,sBAAA,GAAyBA,MAAE,MAAA,CAAO;AAAA,EAC7C,KAAA,EAAOA,KAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EACvB,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,UAAA,EAAYA,MAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA;AAC1C,CAAC,CAAA;AAEM,IAAM,0BAAA,GAA6BA,MAAE,MAAA,CAAO;AAAA,EACjD,WAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,uBAAuB,CAAA;AAAA,EACpD,WAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,GAAG,uBAAuB,CAAA;AAAA,EACpD,QAAA,EAAUA,KAAA,CAAE,KAAA,CAAMA,KAAA,CAAE,MAAA,GAAS,GAAA,CAAI,CAAC,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EAC9C,UAAA,EAAYA,MAAE,MAAA,EAAO,CAAE,KAAI,CAAE,QAAA,GAAW,QAAA,EAAS;AAAA,EACjD,UAAA,EAAYA,KAAA,CAAE,MAAA,EAAO,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EAC9C,SAAA,EAAWA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,QAAA,EAAUA,KAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACvB,CAAC,CAAA;AAkLM,IAAM,eAAA,GAAN,cAA8B,KAAA,CAAM;AAAA,EACzC,WAAA,CACE,OAAA,EACgB,MAAA,EACA,OAAA,EAChB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAHG,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAGhB,IAAA,IAAA,CAAK,IAAA,GAAO,iBAAA;AAAA,EACd;AACF,CAAA;;;AClLO,IAAM,aAAN,MAAiB;AAAA,EACL,OAAA;AAAA,EACA,SAAA;AAAA,EACA,MAAA;AAAA,EAEjB,WAAA,CAAY,GAAA,GAAoB,EAAC,EAAG;AAClC,IAAA,MAAM,UAAA,GACJ,OAAO,OAAA,KAAY,WAAA,IAAe,QAAQ,GAAA,GACtC,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA,GAC3B,MAAA;AACN,IAAA,IAAA,CAAK,WAAW,GAAA,CAAI,OAAA,IAAW,cAAc,uBAAA,EAAyB,OAAA,CAAQ,OAAO,EAAE,CAAA;AACvF,IAAA,IAAA,CAAK,SAAA,GAAY,IAAI,SAAA,IAAa,GAAA;AAClC,IAAA,IAAA,CAAK,SAAS,GAAA,CAAI,MAAA;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,UAAU,GAAA,EAAyC;AACvD,IAAA,MAAM,SAAA,GAAY,iBAAA,CAAkB,KAAA,CAAM,GAAG,CAAA;AAC7C,IAAA,MAAM,IAAA,GAAO;AAAA,MACX,SAAS,SAAA,CAAU,MAAA;AAAA,MACnB,QAAQ,SAAA,CAAU,MAAA;AAAA,MAClB,UAAU,SAAA,CAAU;AAAA,KACtB;AACA,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,IAAA,CAIrB,iBAAiB,IAAI,CAAA;AAExB,IAAA,OAAO;AAAA,MACL,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,SAAS,IAAA,CAAK;AAAA,KAChB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,eAAe,GAAA,EAAmD;AACtE,IAAA,MAAM,SAAA,GAAY,sBAAA,CAAuB,KAAA,CAAM,GAAG,CAAA;AAClD,IAAA,MAAM,IAAA,GAAO;AAAA,MACX,OAAO,SAAA,CAAU,KAAA;AAAA,MACjB,QAAQ,SAAA,CAAU,MAAA;AAAA,MAClB,UAAU,SAAA,CAAU,QAAA;AAAA,MACpB,UAAA,EAAY,UAAU,OAAA,CAAQ,UAAA;AAAA,MAC9B,UAAA,EAAY,UAAU,OAAA,CAAQ,SAAA;AAAA,MAC9B,KAAA,EAAO,UAAU,OAAA,CAAQ;AAAA,KAC3B;AACA,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,IAAA,CAOrB,uBAAuB,IAAI,CAAA;AAE9B,IAAA,OAAO;AAAA,MACL,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,SAAS,IAAA,CAAK,QAAA;AAAA,MACd,iBAAiB,IAAA,CAAK,gBAAA;AAAA,MACtB,qBAAqB,IAAA,CAAK,qBAAA;AAAA,MAC1B,gBAAgB,IAAA,CAAK;AAAA,KACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,UAAU,GAAA,EAAiD;AAC/D,IAAA,MAAM,SAAA,GAAY,sBAAA,CAAuB,KAAA,CAAM,GAAG,CAAA;AAClD,IAAA,MAAM,IAAA,GAAO;AAAA,MACX,OAAO,SAAA,CAAU,KAAA;AAAA,MACjB,YAAY,SAAA,CAAU,SAAA;AAAA,MACtB,WAAA,EAAa,UAAU,UAAA,IAAc;AAAA,KACvC;AACA,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,IAAA,CAIrB,mBAAmB,IAAI,CAAA;AAE1B,IAAA,OAAO;AAAA,MACL,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,SAAS,IAAA,CAAK,QAAA;AAAA,MACd,SAAA,EAAW,IAAI,IAAA,CAAK,IAAA,CAAK,aAAa,GAAI;AAAA,KAC5C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,YAAY,OAAA,EAA6C;AAC7D,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,MAAA;AAAA,MACtB,CAAA,WAAA,EAAc,kBAAA,CAAmB,OAAO,CAAC,CAAA;AAAA,KAC3C;AACA,IAAA,OAAO,EAAE,OAAA,EAAS,IAAA,CAAK,OAAA,EAAQ;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,cAAc,GAAA,EAAyD;AAC3E,IAAA,MAAM,SAAA,GAAY,0BAAA,CAA2B,KAAA,CAAM,GAAG,CAAA;AACtD,IAAA,MAAM,IAAA,GAAO;AAAA,MACX,WAAW,SAAA,CAAU,SAAA;AAAA,MACrB,WAAW,SAAA,CAAU,SAAA;AAAA,MACrB,SAAA,EAAW,SAAA,CAAU,QAAA,IAAY,EAAC;AAAA,MAClC,WAAA,EAAa,UAAU,UAAA,IAAc,EAAA;AAAA,MACrC,UAAA,EAAY,UAAU,UAAA,IAAc,CAAA;AAAA,MACpC,UAAA,EAAY,UAAU,SAAA,IAAa,EAAA;AAAA,MACnC,SAAA,EAAW,UAAU,QAAA,IAAY;AAAA,KACnC;AACA,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,IAAA,CAQrB,sBAAsB,IAAI,CAAA;AAE7B,IAAA,OAAO;AAAA,MACL,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,SAAS,IAAA,CAAK,QAAA;AAAA,MACd,SAAA,EAAW,IAAI,IAAA,CAAK,IAAA,CAAK,aAAa,GAAI,CAAA;AAAA,MAC1C,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,eAAe,IAAA,CAAK,cAAA;AAAA,MACpB,SAAS,IAAA,CAAK;AAAA,KAChB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,SAAA,GAA8B;AAClC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,GAAA,CAAwB,UAAU,CAAA;AAC1D,MAAA,OAAO,KAAK,MAAA,KAAW,IAAA;AAAA,IACzB,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,eAAA,CAAgB,GAAA,GAA8B,EAAC,EAAmC;AACtF,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,EAAgB;AAEnC,IAAA,IAAI,GAAA,CAAI,UAAU,MAAA,EAAW,MAAA,CAAO,IAAI,OAAA,EAAS,GAAA,CAAI,KAAA,CAAM,QAAA,EAAU,CAAA;AACrE,IAAA,IAAI,GAAA,CAAI,WAAW,MAAA,EAAW,MAAA,CAAO,IAAI,QAAA,EAAU,GAAA,CAAI,MAAA,CAAO,QAAA,EAAU,CAAA;AACxE,IAAA,IAAI,IAAI,KAAA,EAAO,MAAA,CAAO,GAAA,CAAI,OAAA,EAAS,IAAI,KAAK,CAAA;AAC5C,IAAA,IAAI,IAAI,MAAA,EAAQ,MAAA,CAAO,GAAA,CAAI,QAAA,EAAU,IAAI,MAAM,CAAA;AAC/C,IAAA,IAAI,IAAI,QAAA,EAAU,MAAA,CAAO,GAAA,CAAI,UAAA,EAAY,IAAI,QAAQ,CAAA;AACrD,IAAA,IAAI,IAAI,OAAA,EAAS,MAAA,CAAO,GAAA,CAAI,UAAA,EAAY,IAAI,OAAO,CAAA;AACnD,IAAA,IAAI,IAAI,IAAA,EAAM,MAAA,CAAO,GAAA,CAAI,MAAA,EAAQ,IAAI,IAAI,CAAA;AACzC,IAAA,IAAI,IAAI,EAAA,EAAI,MAAA,CAAO,GAAA,CAAI,IAAA,EAAM,IAAI,EAAE,CAAA;AAEnC,IAAA,MAAM,OAAA,GAAU,KAAK,OAAA,EAAQ;AAC7B,IAAA,IAAI,IAAI,QAAA,EAAU;AAChB,MAAA,OAAA,CAAQ,aAAa,IAAI,GAAA,CAAI,QAAA;AAAA,IAC/B;AAEA,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,KAAK,KAAA,EAAM,EAAG,KAAK,SAAS,CAAA;AAC3D,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,CAAA,EAAG,IAAA,CAAK,OAAO,CAAA,aAAA,EAAgB,MAAA,CAAO,QAAA,EAAS,GAAI,CAAA,CAAA,EAAI,MAAA,CAAO,QAAA,EAAU,KAAK,EAAE,CAAA,CAAA;AAC3F,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,EAAK;AAAA,QAC3B,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA;AAAA,QACA,QAAQ,IAAA,CAAK;AAAA,OACd,CAAA;AAED,MAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,aAAA,CAMrB,GAAG,CAAA;AAEN,MAAA,OAAO;AAAA,QACL,MAAA,EAAQ,IAAA,CAAK,MAAA,IAAU,EAAC;AAAA,QACxB,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,QAAQ,IAAA,CAAK,MAAA;AAAA,QACb,YAAY,IAAA,CAAK;AAAA,OACnB;AAAA,IACF,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA;AAAA,EAIA,MAAM,YAAA,CAAa,GAAA,GAA2B,EAAC,EAAgC;AAC7E,IAAA,MAAM,OAAA,GAAU,KAAK,OAAA,EAAQ;AAC7B,IAAA,IAAI,IAAI,QAAA,EAAU;AAChB,MAAA,OAAA,CAAQ,aAAa,IAAI,GAAA,CAAI,QAAA;AAAA,IAC/B;AAEA,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,KAAK,KAAA,EAAM,EAAG,KAAK,SAAS,CAAA;AAC3D,IAAA,IAAI;AACF,MAAA,MAAM,MAAM,MAAM,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,OAAO,CAAA,gBAAA,CAAA,EAAoB;AAAA,QACzD,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA;AAAA,QACA,QAAQ,IAAA,CAAK;AAAA,OACd,CAAA;AAED,MAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,aAAA,CAGrB,GAAG,CAAA;AAEN,MAAA,OAAO;AAAA,QACL,QAAA,EAAU,IAAA,CAAK,QAAA,IAAY,EAAC;AAAA,QAC5B,OAAO,IAAA,CAAK;AAAA,OACd;AAAA,IACF,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA,EAEA,MAAM,UAAU,GAAA,EAAwC;AACtD,IAAA,MAAM,OAAA,GAAU,KAAK,OAAA,EAAQ;AAC7B,IAAA,IAAI,IAAI,QAAA,EAAU;AAChB,MAAA,OAAA,CAAQ,aAAa,IAAI,GAAA,CAAI,QAAA;AAAA,IAC/B;AAEA,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,KAAK,KAAA,EAAM,EAAG,KAAK,SAAS,CAAA;AAC3D,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,OAAO,CAAA,iBAAA,EAAoB,kBAAA,CAAmB,GAAA,CAAI,IAAI,CAAC,CAAA,CAAA,EAAI;AAAA,QACzF,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA;AAAA,QACA,QAAQ,IAAA,CAAK;AAAA,OACd,CAAA;AAED,MAAA,OAAO,MAAM,IAAA,CAAK,aAAA,CAAsB,GAAG,CAAA;AAAA,IAC7C,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA,EAEA,MAAM,aAAa,GAAA,EAA2C;AAC5D,IAAA,MAAM,OAAA,GAAU,KAAK,OAAA,EAAQ;AAC7B,IAAA,IAAI,IAAI,QAAA,EAAU;AAChB,MAAA,OAAA,CAAQ,aAAa,IAAI,GAAA,CAAI,QAAA;AAAA,IAC/B;AAEA,IAAA,MAAM,IAAA,GAAO;AAAA,MACX,SAAS,GAAA,CAAI,OAAA;AAAA,MACb,OAAA,EAAS,IAAI,OAAA,IAAW;AAAA,KAC1B;AAEA,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,KAAK,KAAA,EAAM,EAAG,KAAK,SAAS,CAAA;AAC3D,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,OAAO,CAAA,iBAAA,EAAoB,kBAAA,CAAmB,GAAA,CAAI,IAAI,CAAC,CAAA,CAAA,EAAI;AAAA,QACzF,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA;AAAA,QACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,QACzB,QAAQ,IAAA,CAAK;AAAA,OACd,CAAA;AAED,MAAA,OAAO,MAAM,IAAA,CAAK,aAAA,CAAsB,GAAG,CAAA;AAAA,IAC7C,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA,EAEA,MAAM,aAAa,GAAA,EAAuD;AACxE,IAAA,MAAM,OAAA,GAAU,KAAK,OAAA,EAAQ;AAC7B,IAAA,IAAI,IAAI,QAAA,EAAU;AAChB,MAAA,OAAA,CAAQ,aAAa,IAAI,GAAA,CAAI,QAAA;AAAA,IAC/B;AAEA,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,KAAK,KAAA,EAAM,EAAG,KAAK,SAAS,CAAA;AAC3D,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,OAAO,CAAA,iBAAA,EAAoB,kBAAA,CAAmB,GAAA,CAAI,IAAI,CAAC,CAAA,CAAA,EAAI;AAAA,QACzF,MAAA,EAAQ,QAAA;AAAA,QACR,OAAA;AAAA,QACA,QAAQ,IAAA,CAAK;AAAA,OACd,CAAA;AAED,MAAA,OAAO,MAAM,IAAA,CAAK,aAAA,CAAkC,GAAG,CAAA;AAAA,IACzD,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA;AAAA,EAIQ,OAAA,GAAkC;AACxC,IAAA,MAAM,CAAA,GAA4B,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AACvE,IAAA,IAAI,KAAK,MAAA,EAAQ;AACf,MAAA,CAAA,CAAE,eAAe,CAAA,GAAI,CAAA,OAAA,EAAU,IAAA,CAAK,MAAM,CAAA,CAAA;AAAA,IAC5C;AACA,IAAA,OAAO,CAAA;AAAA,EACT;AAAA,EAEA,MAAc,IAAA,CAAQ,IAAA,EAAc,IAAA,EAA2B;AAC7D,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,KAAK,KAAA,EAAM,EAAG,KAAK,SAAS,CAAA;AAC3D,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,KAAK,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI;AAAA,QAChD,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS,KAAK,OAAA,EAAQ;AAAA,QACtB,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI,CAAA;AAAA,QACzB,QAAQ,IAAA,CAAK;AAAA,OACd,CAAA;AACD,MAAA,OAAO,IAAA,CAAK,cAAiB,GAAG,CAAA;AAAA,IAClC,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA,EAEA,MAAc,OAAU,IAAA,EAA0B;AAChD,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,KAAK,KAAA,EAAM,EAAG,KAAK,SAAS,CAAA;AAC3D,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,KAAK,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI;AAAA,QAChD,MAAA,EAAQ,QAAA;AAAA,QACR,OAAA,EAAS,KAAK,OAAA,EAAQ;AAAA,QACtB,QAAQ,IAAA,CAAK;AAAA,OACd,CAAA;AACD,MAAA,OAAO,IAAA,CAAK,cAAiB,GAAG,CAAA;AAAA,IAClC,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA,EAEA,MAAc,IAAO,IAAA,EAA0B;AAC7C,IAAA,MAAM,IAAA,GAAO,IAAI,eAAA,EAAgB;AACjC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,KAAK,KAAA,EAAM,EAAG,KAAK,SAAS,CAAA;AAC3D,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,KAAK,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI;AAAA,QAChD,MAAA,EAAQ,KAAA;AAAA,QACR,OAAA,EAAS,KAAK,OAAA,EAAQ;AAAA,QACtB,QAAQ,IAAA,CAAK;AAAA,OACd,CAAA;AACD,MAAA,OAAO,IAAA,CAAK,cAAiB,GAAG,CAAA;AAAA,IAClC,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAAA,EACF;AAAA,EAEA,MAAc,cAAiB,GAAA,EAA2B;AACxD,IAAA,MAAM,IAAA,GAAQ,MAAM,GAAA,CAAI,IAAA,EAAK;AAC7B,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,IAAI,eAAA;AAAA,QACP,IAAA,CAAK,OAAO,CAAA,IAAgB,cAAA;AAAA,QAC7B,GAAA,CAAI,MAAA;AAAA,QACJ;AAAA,OACF;AAAA,IACF;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AACF,CAAA;;;AC3ZO,SAAS,SAAA,CAAU,MAAA,EAAgB,IAAA,GAAyB,EAAC,EAAmB;AACrF,EAAA,MAAM,YAAA,GAAoB;AAAA,IACxB,SAAS,IAAA,CAAK,OAAA,IAAW,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA,IAAK;AAAA,GAC3D;AACA,EAAA,MAAM,MAAA,GAAS,IAAA,CAAK,MAAA,IAAU,OAAA,CAAQ,IAAI,cAAc,CAAA;AACxD,EAAA,IAAI,WAAW,MAAA,EAAW;AACxB,IAAA,YAAA,CAAa,MAAA,GAAS,MAAA;AAAA,EACxB;AACA,EAAA,MAAM,MAAA,GAAS,IAAA,CAAK,MAAA,IAAU,IAAI,WAAW,YAAY,CAAA;AAEzD,EAAA,MAAM,WAAA,GAAc,KAAK,WAAA,IAAe,SAAA;AACxC,EAAA,MAAM,UAAA,GAAa,KAAK,UAAA,IAAc,CAAA;AAEtC,EAAA,OAAO,eAAe,aAAA,CACpB,GAAA,EACA,GAAA,EACA,IAAA,EACe;AACf,IAAA,MAAM,KAAA,GAAS,GAAA,CAAI,OAAA,CAAQ,WAAW,CAAA,IAA4B,WAAA;AAElE,IAAA,IAAI;AACF,MAAA,MAAM,QAAA,GAAW,MAAM,MAAA,CAAO,cAAA,CAAe,EAAE,KAAA,EAAO,MAAA,EAAQ,OAAA,EAAS,EAAE,UAAA,EAAW,EAAG,CAAA;AAEvF,MAAA,IAAI,SAAS,OAAA,EAAS;AAEpB,QAAC,IAAoD,YAAA,GAAe,QAAA;AACpE,QAAA,IAAA,EAAK;AACL,QAAA;AAAA,MACF;AAEA,MAAA,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,CAAK;AAAA,QACnB,KAAA,EAAO,WAAA;AAAA,QACP,UAAU,QAAA,CAAS,OAAA;AAAA,QACnB,MAAA,EAAQ,SAAS,MAAA,IAAU,kBAAA;AAAA,QAC3B,KAAA;AAAA,QACA;AAAA,OACD,CAAA;AAAA,IACH,SAAS,GAAA,EAAK;AACZ,MAAA,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,IAAA,CAAK;AAAA,QACnB,KAAA,EAAO,kBAAA;AAAA,QACP,SAAS,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,OAAO,GAAG;AAAA,OACzD,CAAA;AAAA,IACH;AAAA,EACF,CAAA;AACF","file":"index.js","sourcesContent":["import { z } from \"zod\";\r\n\r\n// ─── Request / Response schemas ───────────────────────────────────────────────\r\n\r\nexport const AuthRequestSchema = z.object({\r\n userId: z.string().min(1, \"userId is required\"),\r\n action: z.string().min(1, \"action is required\"),\r\n resource: z.record(z.string()).optional(),\r\n});\r\n\r\nexport const AgentContextSchema = z.object({\r\n /** LLM confidence score — 0.0 to 1.0 */\r\n confidence: z.number().min(0).max(1),\r\n /** User the agent is acting on behalf of */\r\n actingFor: z.string().optional(),\r\n /** Requested agent scope */\r\n scope: z.string().optional(),\r\n});\r\n\r\nexport const AgentAuthRequestSchema = z.object({\r\n actor: z.string().min(1, \"actor is required\"),\r\n action: z.string().min(1, \"action is required\"),\r\n resource: z.record(z.string()).optional(),\r\n context: AgentContextSchema,\r\n});\r\n\r\nexport const MintTokenRequestSchema = z.object({\r\n scope: z.string().min(1),\r\n actingFor: z.string().optional(),\r\n ttlSeconds: z.number().int().positive().optional(),\r\n});\r\n\r\nexport const DelegateScopeRequestSchema = z.object({\r\n delegator: z.string().min(1, \"delegator is required\"),\r\n delegatee: z.string().min(1, \"delegatee is required\"),\r\n scopedTo: z.array(z.string().min(1)).optional(),\r\n ttlSeconds: z.number().int().positive().optional(),\r\n confidence: z.number().min(0).max(1).optional(),\r\n actingFor: z.string().optional(),\r\n tenantId: z.string().optional(),\r\n});\r\n\r\n// ─── Decision types ───────────────────────────────────────────────────────────\r\n\r\nexport interface AuthDecision {\r\n allowed: boolean;\r\n reason: string;\r\n traceId: string;\r\n}\r\n\r\nexport interface AgentAuthDecision {\r\n allowed: boolean;\r\n reason: string;\r\n traceId: string;\r\n downgradedScope: string | undefined;\r\n requiresHumanReview: boolean;\r\n confidenceUsed: number;\r\n}\r\n\r\nexport interface MintTokenResult {\r\n token: string;\r\n tokenId: string;\r\n expiresAt: Date;\r\n}\r\n\r\nexport interface DelegateScopeRequest {\r\n /** Agent delegating the scope */\r\n delegator: string;\r\n /** Agent receiving the constrained sub-scope */\r\n delegatee: string;\r\n /** Actions to grant (must be subset of policy's can_delegate.scoped_to) */\r\n scopedTo?: string[];\r\n /** Token TTL in seconds — capped by the policy's max_ttl_seconds */\r\n ttlSeconds?: number;\r\n /** Delegator's confidence score — checked against require_confidence_above */\r\n confidence?: number;\r\n /** User the delegated agent acts on behalf of */\r\n actingFor?: string;\r\n tenantId?: string;\r\n}\r\n\r\nexport interface DelegateScopeResult {\r\n token: string;\r\n tokenId: string;\r\n expiresAt: Date;\r\n delegator: string;\r\n delegatee: string;\r\n grantedScopes: string[];\r\n traceId: string;\r\n}\r\n\r\nexport interface RevokeTokenResult {\r\n success: boolean;\r\n}\r\n\r\n// ─── Audit types ──────────────────────────────────────────────────────────────\r\n\r\nexport interface AuditEvent {\r\n id: number;\r\n tenantId: string;\r\n traceId: string;\r\n timestamp: string;\r\n actor: string;\r\n action: string;\r\n resource?: Record<string, string>;\r\n confidenceScore?: number;\r\n decision: string; // \"allowed\" | \"denied\" | \"human_review\"\r\n reason?: string;\r\n downgradedScope?: string;\r\n latencyMs: number;\r\n engineVersion?: string;\r\n policyVersion?: string;\r\n createdAt: string;\r\n}\r\n\r\nexport interface ListAuditEventsRequest {\r\n /** Maximum number of events to return (default: 20, max: 500) */\r\n limit?: number;\r\n /** Pagination cursor (offset) */\r\n cursor?: number;\r\n /** Filter by actor */\r\n actor?: string;\r\n /** Filter by action */\r\n action?: string;\r\n /** Filter by decision */\r\n decision?: string;\r\n /** Filter by trace ID */\r\n traceId?: string;\r\n /** Filter events from this timestamp (ISO 8601) */\r\n from?: string;\r\n /** Filter events to this timestamp (ISO 8601) */\r\n to?: string;\r\n /** Tenant ID (defaults to \"default\") */\r\n tenantId?: string;\r\n}\r\n\r\nexport interface ListAuditEventsResult {\r\n events: AuditEvent[];\r\n count: number;\r\n limit: number;\r\n cursor: number;\r\n nextCursor: number;\r\n}\r\n\r\n// ─── Typed Input types ───────────────────────────────────────────────────────\r\n\r\nexport type AuthRequest = z.infer<typeof AuthRequestSchema>;\r\nexport type AgentAuthRequest = z.infer<typeof AgentAuthRequestSchema>;\r\nexport type AgentContext = z.infer<typeof AgentContextSchema>;\r\nexport type MintTokenRequest = z.infer<typeof MintTokenRequestSchema>;\r\n\r\n// ─── Client config ────────────────────────────────────────────────────────────\r\n\r\nexport interface ClientConfig {\r\n /** Base URL of the Auth Permission Engine (defaults to LELU_BASE_URL env var, else http://localhost:8080) */\r\n baseUrl?: string;\r\n /** Request timeout in milliseconds (default: 5000) */\r\n timeoutMs?: number;\r\n /** Optional bearer token for authenticating with the engine */\r\n apiKey?: string;\r\n}\r\n\r\n// ─── Error type ───────────────────────────────────────────────────────────────\r\n\r\n// ─── Policy types ─────────────────────────────────────────────────────────────\r\n\r\nexport interface Policy {\r\n id: string;\r\n tenantId: string;\r\n name: string;\r\n content: string;\r\n version: string;\r\n hmacSha256: string;\r\n createdAt: string;\r\n updatedAt: string;\r\n}\r\n\r\nexport interface ListPoliciesRequest {\r\n /** Tenant ID (defaults to \"default\") */\r\n tenantId?: string;\r\n}\r\n\r\nexport interface ListPoliciesResult {\r\n policies: Policy[];\r\n count: number;\r\n}\r\n\r\nexport interface GetPolicyRequest {\r\n /** Policy name */\r\n name: string;\r\n /** Tenant ID (defaults to \"default\") */\r\n tenantId?: string;\r\n}\r\n\r\nexport interface UpsertPolicyRequest {\r\n /** Policy name */\r\n name: string;\r\n /** Policy content (Rego code) */\r\n content: string;\r\n /** Policy version (defaults to \"1.0\") */\r\n version?: string;\r\n /** Tenant ID (defaults to \"default\") */\r\n tenantId?: string;\r\n}\r\n\r\nexport interface DeletePolicyRequest {\r\n /** Policy name */\r\n name: string;\r\n /** Tenant ID (defaults to \"default\") */\r\n tenantId?: string;\r\n}\r\n\r\nexport interface DeletePolicyResult {\r\n deleted: boolean;\r\n}\r\n\r\n// ─── Error type ───────────────────────────────────────────────────────────────\r\n\r\nexport class AuthEngineError extends Error {\r\n constructor(\r\n message: string,\r\n public readonly status?: number,\r\n public readonly details?: unknown\r\n ) {\r\n super(message);\r\n this.name = \"AuthEngineError\";\r\n }\r\n}\r\n// ─── Policy types ─────────────────────────────────────────────────────────────\r\n\r\nexport interface Policy {\r\n id: string;\r\n tenantId: string;\r\n name: string;\r\n content: string;\r\n version: string;\r\n hmacSha256: string;\r\n createdAt: string;\r\n updatedAt: string;\r\n}\r\n\r\nexport interface ListPoliciesRequest {\r\n /** Tenant ID (defaults to \"default\") */\r\n tenantId?: string;\r\n}\r\n\r\nexport interface ListPoliciesResult {\r\n policies: Policy[];\r\n count: number;\r\n}\r\n\r\nexport interface GetPolicyRequest {\r\n /** Policy name */\r\n name: string;\r\n /** Tenant ID (defaults to \"default\") */\r\n tenantId?: string;\r\n}\r\n\r\nexport interface UpsertPolicyRequest {\r\n /** Policy name */\r\n name: string;\r\n /** Policy content (Rego code) */\r\n content: string;\r\n /** Policy version (defaults to \"1.0\") */\r\n version?: string;\r\n /** Tenant ID (defaults to \"default\") */\r\n tenantId?: string;\r\n}\r\n\r\nexport interface DeletePolicyRequest {\r\n /** Policy name */\r\n name: string;\r\n /** Tenant ID (defaults to \"default\") */\r\n tenantId?: string;\r\n}\r\n\r\nexport interface DeletePolicyResult {\r\n deleted: boolean;\r\n}\r\n","import {\r\n AuthEngineError,\r\n AuthRequestSchema,\r\n AgentAuthRequestSchema,\r\n MintTokenRequestSchema,\r\n DelegateScopeRequestSchema,\r\n type AuthDecision,\r\n type AgentAuthDecision,\r\n type MintTokenResult,\r\n type DelegateScopeResult,\r\n type DelegateScopeRequest,\r\n type RevokeTokenResult,\r\n type AuthRequest,\r\n type AgentAuthRequest,\r\n type MintTokenRequest,\r\n type ClientConfig,\r\n type AuditEvent,\r\n type ListAuditEventsRequest,\r\n type ListAuditEventsResult,\r\n type Policy,\r\n type ListPoliciesRequest,\r\n type ListPoliciesResult,\r\n type GetPolicyRequest,\r\n type UpsertPolicyRequest,\r\n type DeletePolicyRequest,\r\n type DeletePolicyResult,\r\n} from \"./types.js\";\r\n\r\n// ─── Client ───────────────────────────────────────────────────────────────────\r\n\r\n/**\r\n * LeluClient is the core SDK entry-point. It communicates with the local\r\n * Auth Permission Engine sidecar over HTTP/JSON.\r\n *\r\n * @example\r\n * ```ts\r\n * const lelu = new LeluClient({ baseUrl: \"http://localhost:8080\" });\r\n *\r\n * const decision = await lelu.agentAuthorize({\r\n * actor: \"invoice_bot\",\r\n * action: \"approve_refunds\",\r\n * context: { confidence: 0.92, actingFor: \"user_123\" },\r\n * });\r\n *\r\n * if (!decision.allowed) {\r\n * console.log(decision.reason);\r\n * }\r\n * ```\r\n */\r\nexport class LeluClient {\r\n private readonly baseUrl: string;\r\n private readonly timeoutMs: number;\r\n private readonly apiKey: string | undefined;\r\n\r\n constructor(cfg: ClientConfig = {}) {\r\n const envBaseUrl =\r\n typeof process !== \"undefined\" && process.env\r\n ? process.env[\"LELU_BASE_URL\"]\r\n : undefined;\r\n this.baseUrl = (cfg.baseUrl ?? envBaseUrl ?? \"http://localhost:8080\").replace(/\\/$/, \"\");\r\n this.timeoutMs = cfg.timeoutMs ?? 5_000;\r\n this.apiKey = cfg.apiKey;\r\n }\r\n\r\n // ── Human authorization ────────────────────────────────────────────────────\r\n\r\n /**\r\n * Checks whether a human user is permitted to perform an action.\r\n */\r\n async authorize(req: AuthRequest): Promise<AuthDecision> {\r\n const validated = AuthRequestSchema.parse(req);\r\n const body = {\r\n user_id: validated.userId,\r\n action: validated.action,\r\n resource: validated.resource,\r\n };\r\n const data = await this.post<{\r\n allowed: boolean;\r\n reason: string;\r\n trace_id: string;\r\n }>(\"/v1/authorize\", body);\r\n\r\n return {\r\n allowed: data.allowed,\r\n reason: data.reason,\r\n traceId: data.trace_id,\r\n };\r\n }\r\n\r\n // ── Agent authorization ────────────────────────────────────────────────────\r\n\r\n /**\r\n * Checks whether an AI agent is permitted to perform an action, taking the\r\n * confidence score into account (Confidence-Aware Auth ★).\r\n */\r\n async agentAuthorize(req: AgentAuthRequest): Promise<AgentAuthDecision> {\r\n const validated = AgentAuthRequestSchema.parse(req);\r\n const body = {\r\n actor: validated.actor,\r\n action: validated.action,\r\n resource: validated.resource,\r\n confidence: validated.context.confidence,\r\n acting_for: validated.context.actingFor,\r\n scope: validated.context.scope,\r\n };\r\n const data = await this.post<{\r\n allowed: boolean;\r\n reason: string;\r\n trace_id: string;\r\n downgraded_scope?: string;\r\n requires_human_review: boolean;\r\n confidence_used: number;\r\n }>(\"/v1/agent/authorize\", body);\r\n\r\n return {\r\n allowed: data.allowed,\r\n reason: data.reason,\r\n traceId: data.trace_id,\r\n downgradedScope: data.downgraded_scope,\r\n requiresHumanReview: data.requires_human_review,\r\n confidenceUsed: data.confidence_used,\r\n };\r\n }\r\n\r\n // ── JIT Token minting ──────────────────────────────────────────────────────\r\n\r\n /**\r\n * Mints a scoped JWT for an agent with an optional TTL.\r\n * Default TTL is 60 seconds.\r\n */\r\n async mintToken(req: MintTokenRequest): Promise<MintTokenResult> {\r\n const validated = MintTokenRequestSchema.parse(req);\r\n const body = {\r\n scope: validated.scope,\r\n acting_for: validated.actingFor,\r\n ttl_seconds: validated.ttlSeconds ?? 60,\r\n };\r\n const data = await this.post<{\r\n token: string;\r\n token_id: string;\r\n expires_at: number;\r\n }>(\"/v1/tokens/mint\", body);\r\n\r\n return {\r\n token: data.token,\r\n tokenId: data.token_id,\r\n expiresAt: new Date(data.expires_at * 1000),\r\n };\r\n }\r\n\r\n // ── Token revocation ───────────────────────────────────────────────────────\r\n\r\n /**\r\n * Immediately revokes a JIT token by its ID.\r\n */\r\n async revokeToken(tokenId: string): Promise<RevokeTokenResult> {\r\n const data = await this.delete<{ success: boolean }>(\r\n `/v1/tokens/${encodeURIComponent(tokenId)}`\r\n );\r\n return { success: data.success };\r\n }\r\n\r\n // ── Multi-agent delegation ─────────────────────────────────────────────────\r\n\r\n /**\r\n * Delegates a constrained sub-scope from one agent to another.\r\n *\r\n * Validates the delegation rule in the loaded policy, caps the TTL to the\r\n * policy maximum, and mints a child JIT token scoped to the granted actions.\r\n *\r\n * The delegator's `confidence` score is checked against the policy's\r\n * `require_confidence_above` before delegation is granted.\r\n */\r\n async delegateScope(req: DelegateScopeRequest): Promise<DelegateScopeResult> {\r\n const validated = DelegateScopeRequestSchema.parse(req);\r\n const body = {\r\n delegator: validated.delegator,\r\n delegatee: validated.delegatee,\r\n scoped_to: validated.scopedTo ?? [],\r\n ttl_seconds: validated.ttlSeconds ?? 60,\r\n confidence: validated.confidence ?? 1.0,\r\n acting_for: validated.actingFor ?? \"\",\r\n tenant_id: validated.tenantId ?? \"\",\r\n };\r\n const data = await this.post<{\r\n token: string;\r\n token_id: string;\r\n expires_at: number;\r\n delegator: string;\r\n delegatee: string;\r\n granted_scopes: string[];\r\n trace_id: string;\r\n }>(\"/v1/agent/delegate\", body);\r\n\r\n return {\r\n token: data.token,\r\n tokenId: data.token_id,\r\n expiresAt: new Date(data.expires_at * 1000),\r\n delegator: data.delegator,\r\n delegatee: data.delegatee,\r\n grantedScopes: data.granted_scopes,\r\n traceId: data.trace_id,\r\n };\r\n }\r\n\r\n // ── Health check ───────────────────────────────────────────────────────────\r\n\r\n /**\r\n * Returns true if the engine is reachable and healthy.\r\n */\r\n async isHealthy(): Promise<boolean> {\r\n try {\r\n const data = await this.get<{ status: string }>(\"/healthz\");\r\n return data.status === \"ok\";\r\n } catch {\r\n return false;\r\n }\r\n }\r\n\r\n // ── Audit log ──────────────────────────────────────────────────────────────\r\n\r\n /**\r\n * Lists audit events from the platform API.\r\n * Requires the platform service to be running (not just the engine).\r\n */\r\n async listAuditEvents(req: ListAuditEventsRequest = {}): Promise<ListAuditEventsResult> {\r\n const params = new URLSearchParams();\r\n \r\n if (req.limit !== undefined) params.set(\"limit\", req.limit.toString());\r\n if (req.cursor !== undefined) params.set(\"cursor\", req.cursor.toString());\r\n if (req.actor) params.set(\"actor\", req.actor);\r\n if (req.action) params.set(\"action\", req.action);\r\n if (req.decision) params.set(\"decision\", req.decision);\r\n if (req.traceId) params.set(\"trace_id\", req.traceId);\r\n if (req.from) params.set(\"from\", req.from);\r\n if (req.to) params.set(\"to\", req.to);\r\n\r\n const headers = this.headers();\r\n if (req.tenantId) {\r\n headers[\"X-Tenant-ID\"] = req.tenantId;\r\n }\r\n\r\n const ctrl = new AbortController();\r\n const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);\r\n try {\r\n const url = `${this.baseUrl}/api/v1/audit${params.toString() ? `?${params.toString()}` : \"\"}`;\r\n const res = await fetch(url, {\r\n method: \"GET\",\r\n headers,\r\n signal: ctrl.signal,\r\n });\r\n \r\n const data = await this.parseResponse<{\r\n events: AuditEvent[];\r\n count: number;\r\n limit: number;\r\n cursor: number;\r\n next_cursor: number;\r\n }>(res);\r\n\r\n return {\r\n events: data.events || [],\r\n count: data.count,\r\n limit: data.limit,\r\n cursor: data.cursor,\r\n nextCursor: data.next_cursor,\r\n };\r\n } finally {\r\n clearTimeout(timer);\r\n }\r\n }\r\n\r\n // ─── Policy Management ────────────────────────────────────────────────────────\r\n\r\n async listPolicies(req: ListPoliciesRequest = {}): Promise<ListPoliciesResult> {\r\n const headers = this.headers();\r\n if (req.tenantId) {\r\n headers[\"X-Tenant-ID\"] = req.tenantId;\r\n }\r\n\r\n const ctrl = new AbortController();\r\n const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);\r\n try {\r\n const res = await fetch(`${this.baseUrl}/api/v1/policies`, {\r\n method: \"GET\",\r\n headers,\r\n signal: ctrl.signal,\r\n });\r\n \r\n const data = await this.parseResponse<{\r\n policies: Policy[];\r\n count: number;\r\n }>(res);\r\n\r\n return {\r\n policies: data.policies || [],\r\n count: data.count,\r\n };\r\n } finally {\r\n clearTimeout(timer);\r\n }\r\n }\r\n\r\n async getPolicy(req: GetPolicyRequest): Promise<Policy> {\r\n const headers = this.headers();\r\n if (req.tenantId) {\r\n headers[\"X-Tenant-ID\"] = req.tenantId;\r\n }\r\n\r\n const ctrl = new AbortController();\r\n const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);\r\n try {\r\n const res = await fetch(`${this.baseUrl}/api/v1/policies/${encodeURIComponent(req.name)}`, {\r\n method: \"GET\",\r\n headers,\r\n signal: ctrl.signal,\r\n });\r\n \r\n return await this.parseResponse<Policy>(res);\r\n } finally {\r\n clearTimeout(timer);\r\n }\r\n }\r\n\r\n async upsertPolicy(req: UpsertPolicyRequest): Promise<Policy> {\r\n const headers = this.headers();\r\n if (req.tenantId) {\r\n headers[\"X-Tenant-ID\"] = req.tenantId;\r\n }\r\n\r\n const body = {\r\n content: req.content,\r\n version: req.version || \"1.0\"\r\n };\r\n\r\n const ctrl = new AbortController();\r\n const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);\r\n try {\r\n const res = await fetch(`${this.baseUrl}/api/v1/policies/${encodeURIComponent(req.name)}`, {\r\n method: \"PUT\",\r\n headers,\r\n body: JSON.stringify(body),\r\n signal: ctrl.signal,\r\n });\r\n \r\n return await this.parseResponse<Policy>(res);\r\n } finally {\r\n clearTimeout(timer);\r\n }\r\n }\r\n\r\n async deletePolicy(req: DeletePolicyRequest): Promise<DeletePolicyResult> {\r\n const headers = this.headers();\r\n if (req.tenantId) {\r\n headers[\"X-Tenant-ID\"] = req.tenantId;\r\n }\r\n\r\n const ctrl = new AbortController();\r\n const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);\r\n try {\r\n const res = await fetch(`${this.baseUrl}/api/v1/policies/${encodeURIComponent(req.name)}`, {\r\n method: \"DELETE\",\r\n headers,\r\n signal: ctrl.signal,\r\n });\r\n \r\n return await this.parseResponse<DeletePolicyResult>(res);\r\n } finally {\r\n clearTimeout(timer);\r\n }\r\n }\r\n\r\n // ── HTTP helpers ───────────────────────────────────────────────────────────\r\n\r\n private headers(): Record<string, string> {\r\n const h: Record<string, string> = { \"Content-Type\": \"application/json\" };\r\n if (this.apiKey) {\r\n h[\"Authorization\"] = `Bearer ${this.apiKey}`;\r\n }\r\n return h;\r\n }\r\n\r\n private async post<T>(path: string, body: unknown): Promise<T> {\r\n const ctrl = new AbortController();\r\n const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);\r\n try {\r\n const res = await fetch(`${this.baseUrl}${path}`, {\r\n method: \"POST\",\r\n headers: this.headers(),\r\n body: JSON.stringify(body),\r\n signal: ctrl.signal,\r\n });\r\n return this.parseResponse<T>(res);\r\n } finally {\r\n clearTimeout(timer);\r\n }\r\n }\r\n\r\n private async delete<T>(path: string): Promise<T> {\r\n const ctrl = new AbortController();\r\n const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);\r\n try {\r\n const res = await fetch(`${this.baseUrl}${path}`, {\r\n method: \"DELETE\",\r\n headers: this.headers(),\r\n signal: ctrl.signal,\r\n });\r\n return this.parseResponse<T>(res);\r\n } finally {\r\n clearTimeout(timer);\r\n }\r\n }\r\n\r\n private async get<T>(path: string): Promise<T> {\r\n const ctrl = new AbortController();\r\n const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);\r\n try {\r\n const res = await fetch(`${this.baseUrl}${path}`, {\r\n method: \"GET\",\r\n headers: this.headers(),\r\n signal: ctrl.signal,\r\n });\r\n return this.parseResponse<T>(res);\r\n } finally {\r\n clearTimeout(timer);\r\n }\r\n }\r\n\r\n private async parseResponse<T>(res: Response): Promise<T> {\r\n const json = (await res.json()) as Record<string, unknown>;\r\n if (!res.ok) {\r\n throw new AuthEngineError(\r\n (json[\"error\"] as string) ?? \"engine error\",\r\n res.status,\r\n json\r\n );\r\n }\r\n return json as T;\r\n }\r\n}\r\n","import type { Request, Response, NextFunction, RequestHandler } from \"express\";\r\nimport { LeluClient } from \"../client\";\r\n\r\nexport interface AuthorizeOptions {\r\n /** Base URL of the Lelu engine (default: http://localhost:8080) */\r\n baseUrl?: string;\r\n /** API key for the Lelu engine */\r\n apiKey?: string;\r\n /** HTTP header that carries the actor identifier (default: x-actor) */\r\n actorHeader?: string;\r\n /** Confidence score to pass to the engine (default: 1.0) */\r\n confidence?: number;\r\n /** Explicit LeluClient instance (overrides baseUrl/apiKey) */\r\n client?: LeluClient;\r\n}\r\n\r\n/**\r\n * Express middleware factory that calls the Lelu engine and either calls\r\n * `next()` (allowed) or returns a 403 JSON response (denied / human_review).\r\n *\r\n * ```ts\r\n * import express from \"express\";\r\n * import { authorize } from \"@lelu/sdk/express\";\r\n *\r\n * const app = express();\r\n * app.get(\"/sensitive\", authorize(\"files.read\", { confidence: 0.9 }), handler);\r\n * ```\r\n */\r\nexport function authorize(action: string, opts: AuthorizeOptions = {}): RequestHandler {\r\n const clientConfig: any = {\r\n baseUrl: opts.baseUrl ?? process.env[\"LELU_BASE_URL\"] ?? \"http://localhost:8080\",\r\n };\r\n const apiKey = opts.apiKey ?? process.env[\"LELU_API_KEY\"];\r\n if (apiKey !== undefined) {\r\n clientConfig.apiKey = apiKey;\r\n }\r\n const client = opts.client ?? new LeluClient(clientConfig);\r\n\r\n const actorHeader = opts.actorHeader ?? \"x-actor\";\r\n const confidence = opts.confidence ?? 1.0;\r\n\r\n return async function leluAuthorize(\r\n req: Request,\r\n res: Response,\r\n next: NextFunction\r\n ): Promise<void> {\r\n const actor = (req.headers[actorHeader] as string | undefined) ?? \"anonymous\";\r\n\r\n try {\r\n const decision = await client.agentAuthorize({ actor, action, context: { confidence } });\r\n\r\n if (decision.allowed) {\r\n // Attach decision to request for downstream handlers\r\n (req as Request & { leluDecision: typeof decision }).leluDecision = decision;\r\n next();\r\n return;\r\n }\r\n\r\n res.status(403).json({\r\n error: \"forbidden\",\r\n decision: decision.allowed,\r\n reason: decision.reason ?? \"denied by policy\",\r\n actor,\r\n action,\r\n });\r\n } catch (err) {\r\n res.status(503).json({\r\n error: \"lelu_unavailable\",\r\n message: err instanceof Error ? err.message : String(err),\r\n });\r\n }\r\n };\r\n}\r\n"]}
|
package/dist/express/index.mjs
CHANGED
|
@@ -192,7 +192,7 @@ var LeluClient = class {
|
|
|
192
192
|
const ctrl = new AbortController();
|
|
193
193
|
const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);
|
|
194
194
|
try {
|
|
195
|
-
const url = `${this.baseUrl}/v1/audit${params.toString() ? `?${params.toString()}` : ""}`;
|
|
195
|
+
const url = `${this.baseUrl}/api/v1/audit${params.toString() ? `?${params.toString()}` : ""}`;
|
|
196
196
|
const res = await fetch(url, {
|
|
197
197
|
method: "GET",
|
|
198
198
|
headers,
|
|
@@ -200,7 +200,7 @@ var LeluClient = class {
|
|
|
200
200
|
});
|
|
201
201
|
const data = await this.parseResponse(res);
|
|
202
202
|
return {
|
|
203
|
-
events: data.events,
|
|
203
|
+
events: data.events || [],
|
|
204
204
|
count: data.count,
|
|
205
205
|
limit: data.limit,
|
|
206
206
|
cursor: data.cursor,
|
|
@@ -210,6 +210,88 @@ var LeluClient = class {
|
|
|
210
210
|
clearTimeout(timer);
|
|
211
211
|
}
|
|
212
212
|
}
|
|
213
|
+
// ─── Policy Management ────────────────────────────────────────────────────────
|
|
214
|
+
async listPolicies(req = {}) {
|
|
215
|
+
const headers = this.headers();
|
|
216
|
+
if (req.tenantId) {
|
|
217
|
+
headers["X-Tenant-ID"] = req.tenantId;
|
|
218
|
+
}
|
|
219
|
+
const ctrl = new AbortController();
|
|
220
|
+
const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);
|
|
221
|
+
try {
|
|
222
|
+
const res = await fetch(`${this.baseUrl}/api/v1/policies`, {
|
|
223
|
+
method: "GET",
|
|
224
|
+
headers,
|
|
225
|
+
signal: ctrl.signal
|
|
226
|
+
});
|
|
227
|
+
const data = await this.parseResponse(res);
|
|
228
|
+
return {
|
|
229
|
+
policies: data.policies || [],
|
|
230
|
+
count: data.count
|
|
231
|
+
};
|
|
232
|
+
} finally {
|
|
233
|
+
clearTimeout(timer);
|
|
234
|
+
}
|
|
235
|
+
}
|
|
236
|
+
async getPolicy(req) {
|
|
237
|
+
const headers = this.headers();
|
|
238
|
+
if (req.tenantId) {
|
|
239
|
+
headers["X-Tenant-ID"] = req.tenantId;
|
|
240
|
+
}
|
|
241
|
+
const ctrl = new AbortController();
|
|
242
|
+
const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);
|
|
243
|
+
try {
|
|
244
|
+
const res = await fetch(`${this.baseUrl}/api/v1/policies/${encodeURIComponent(req.name)}`, {
|
|
245
|
+
method: "GET",
|
|
246
|
+
headers,
|
|
247
|
+
signal: ctrl.signal
|
|
248
|
+
});
|
|
249
|
+
return await this.parseResponse(res);
|
|
250
|
+
} finally {
|
|
251
|
+
clearTimeout(timer);
|
|
252
|
+
}
|
|
253
|
+
}
|
|
254
|
+
async upsertPolicy(req) {
|
|
255
|
+
const headers = this.headers();
|
|
256
|
+
if (req.tenantId) {
|
|
257
|
+
headers["X-Tenant-ID"] = req.tenantId;
|
|
258
|
+
}
|
|
259
|
+
const body = {
|
|
260
|
+
content: req.content,
|
|
261
|
+
version: req.version || "1.0"
|
|
262
|
+
};
|
|
263
|
+
const ctrl = new AbortController();
|
|
264
|
+
const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);
|
|
265
|
+
try {
|
|
266
|
+
const res = await fetch(`${this.baseUrl}/api/v1/policies/${encodeURIComponent(req.name)}`, {
|
|
267
|
+
method: "PUT",
|
|
268
|
+
headers,
|
|
269
|
+
body: JSON.stringify(body),
|
|
270
|
+
signal: ctrl.signal
|
|
271
|
+
});
|
|
272
|
+
return await this.parseResponse(res);
|
|
273
|
+
} finally {
|
|
274
|
+
clearTimeout(timer);
|
|
275
|
+
}
|
|
276
|
+
}
|
|
277
|
+
async deletePolicy(req) {
|
|
278
|
+
const headers = this.headers();
|
|
279
|
+
if (req.tenantId) {
|
|
280
|
+
headers["X-Tenant-ID"] = req.tenantId;
|
|
281
|
+
}
|
|
282
|
+
const ctrl = new AbortController();
|
|
283
|
+
const timer = setTimeout(() => ctrl.abort(), this.timeoutMs);
|
|
284
|
+
try {
|
|
285
|
+
const res = await fetch(`${this.baseUrl}/api/v1/policies/${encodeURIComponent(req.name)}`, {
|
|
286
|
+
method: "DELETE",
|
|
287
|
+
headers,
|
|
288
|
+
signal: ctrl.signal
|
|
289
|
+
});
|
|
290
|
+
return await this.parseResponse(res);
|
|
291
|
+
} finally {
|
|
292
|
+
clearTimeout(timer);
|
|
293
|
+
}
|
|
294
|
+
}
|
|
213
295
|
// ── HTTP helpers ───────────────────────────────────────────────────────────
|
|
214
296
|
headers() {
|
|
215
297
|
const h = { "Content-Type": "application/json" };
|