npm - @lssm/lib.identity-rbac - Versions diffs - 0.0.0-canary-20251217080011 → 1.41.0 - Mend

@lssm/lib.identity-rbac 0.0.0-canary-20251217080011 → 1.41.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (148) hide show

package/dist/policies/engine.d.ts DELETED Viewed

@@ -1,132 +0,0 @@
-//#region src/policies/engine.d.ts
-/**
- * Standard permissions for identity-rbac module.
- */
-declare const Permission: {
-  readonly USER_CREATE: "user.create";
-  readonly USER_READ: "user.read";
-  readonly USER_UPDATE: "user.update";
-  readonly USER_DELETE: "user.delete";
-  readonly USER_LIST: "user.list";
-  readonly USER_MANAGE: "user.manage";
-  readonly ORG_CREATE: "org.create";
-  readonly ORG_READ: "org.read";
-  readonly ORG_UPDATE: "org.update";
-  readonly ORG_DELETE: "org.delete";
-  readonly ORG_LIST: "org.list";
-  readonly MEMBER_INVITE: "member.invite";
-  readonly MEMBER_REMOVE: "member.remove";
-  readonly MEMBER_UPDATE_ROLE: "member.update_role";
-  readonly MEMBER_LIST: "member.list";
-  readonly MANAGE_MEMBERS: "org.manage_members";
-  readonly TEAM_CREATE: "team.create";
-  readonly TEAM_UPDATE: "team.update";
-  readonly TEAM_DELETE: "team.delete";
-  readonly TEAM_MANAGE: "team.manage";
-  readonly ROLE_CREATE: "role.create";
-  readonly ROLE_UPDATE: "role.update";
-  readonly ROLE_DELETE: "role.delete";
-  readonly ROLE_ASSIGN: "role.assign";
-  readonly ROLE_REVOKE: "role.revoke";
-  readonly BILLING_VIEW: "billing.view";
-  readonly BILLING_MANAGE: "billing.manage";
-  readonly PROJECT_CREATE: "project.create";
-  readonly PROJECT_READ: "project.read";
-  readonly PROJECT_UPDATE: "project.update";
-  readonly PROJECT_DELETE: "project.delete";
-  readonly PROJECT_MANAGE: "project.manage";
-  readonly ADMIN_ACCESS: "admin.access";
-  readonly ADMIN_IMPERSONATE: "admin.impersonate";
-};
-type PermissionKey = (typeof Permission)[keyof typeof Permission];
-/**
- * Standard role definitions.
- */
-declare const StandardRole: {
-  readonly OWNER: {
-    readonly name: "owner";
-    readonly description: "Organization owner with full access";
-    readonly permissions: ("user.create" | "user.read" | "user.update" | "user.delete" | "user.list" | "user.manage" | "org.create" | "org.read" | "org.update" | "org.delete" | "org.list" | "member.invite" | "member.remove" | "member.update_role" | "member.list" | "org.manage_members" | "team.create" | "team.update" | "team.delete" | "team.manage" | "role.create" | "role.update" | "role.delete" | "role.assign" | "role.revoke" | "billing.view" | "billing.manage" | "project.create" | "project.read" | "project.update" | "project.delete" | "project.manage" | "admin.access" | "admin.impersonate")[];
-  };
-  readonly ADMIN: {
-    readonly name: "admin";
-    readonly description: "Administrator with most permissions";
-    readonly permissions: readonly ["user.read", "user.list", "org.read", "org.update", "member.invite", "member.remove", "member.update_role", "member.list", "org.manage_members", "team.create", "team.update", "team.delete", "team.manage", "project.create", "project.read", "project.update", "project.delete", "project.manage", "billing.view"];
-  };
-  readonly MEMBER: {
-    readonly name: "member";
-    readonly description: "Regular organization member";
-    readonly permissions: readonly ["user.read", "org.read", "member.list", "project.read", "project.create"];
-  };
-  readonly VIEWER: {
-    readonly name: "viewer";
-    readonly description: "Read-only access";
-    readonly permissions: readonly ["user.read", "org.read", "member.list", "project.read"];
-  };
-};
-/**
- * Permission check input.
- */
-interface PermissionCheckInput {
-  userId: string;
-  orgId?: string;
-  permission: PermissionKey | string;
-}
-/**
- * Permission check result.
- */
-interface PermissionCheckResult {
-  allowed: boolean;
-  reason?: string;
-  matchedRole?: string;
-}
-/**
- * Role with permissions.
- */
-interface RoleWithPermissions {
-  id: string;
-  name: string;
-  permissions: string[];
-}
-/**
- * Policy binding for permission evaluation.
- */
-interface PolicyBindingForEval {
-  roleId: string;
-  role: RoleWithPermissions;
-  targetType: 'user' | 'organization';
-  targetId: string;
-  expiresAt?: Date | null;
-}
-/**
- * RBAC Policy Engine for permission checks.
- */
-declare class RBACPolicyEngine {
-  private roleCache;
-  private bindingCache;
-  /**
-   * Check if a user has a specific permission.
-   */
-  checkPermission(input: PermissionCheckInput, bindings: PolicyBindingForEval[]): Promise<PermissionCheckResult>;
-  /**
-   * Get all permissions for a user in a context.
-   */
-  getPermissions(userId: string, orgId: string | undefined, bindings: PolicyBindingForEval[]): Promise<{
-    permissions: Set<string>;
-    roles: RoleWithPermissions[];
-  }>;
-  /**
-   * Check if user has any of the specified permissions.
-   */
-  hasAnyPermission(userId: string, orgId: string | undefined, permissions: string[], bindings: PolicyBindingForEval[]): Promise<boolean>;
-  /**
-   * Check if user has all of the specified permissions.
-   */
-  hasAllPermissions(userId: string, orgId: string | undefined, permissions: string[], bindings: PolicyBindingForEval[]): Promise<boolean>;
-}
-/**
- * Create a new RBAC policy engine instance.
- */
-declare function createRBACEngine(): RBACPolicyEngine;
-//#endregion
-export { Permission, PermissionCheckInput, PermissionCheckResult, PermissionKey, PolicyBindingForEval, RBACPolicyEngine, RoleWithPermissions, StandardRole, createRBACEngine };

package/dist/policies/index.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import { Permission, PermissionCheckInput, PermissionCheckResult, PermissionKey, PolicyBindingForEval, RBACPolicyEngine, RoleWithPermissions, StandardRole, createRBACEngine } from "./engine.js";
2	- export { Permission, type PermissionCheckInput, type PermissionCheckResult, type PermissionKey, type PolicyBindingForEval, RBACPolicyEngine, type RoleWithPermissions, StandardRole, createRBACEngine };

package/dist/schema/dist/EnumType.js DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import "zod";
2	- import "graphql";

package/dist/schema/dist/FieldType.js DELETED Viewed

@@ -1,49 +0,0 @@
-import "zod";
-import { GraphQLScalarType } from "graphql";
-//#region ../schema/dist/FieldType.js
-/**
-* GraphQL scalar wrapper that carries zod and JSON Schema metadata.
-*
-* TInternal is the runtime representation; TExternal is the GraphQL output.
-*/
-var FieldType = class extends GraphQLScalarType {
-	zodSchema;
-	jsonSchemaDef;
-	constructor(config) {
-		super(config);
-		this.zodSchema = config.zod;
-		this.jsonSchemaDef = config.jsonSchema;
-	}
-	/** Return the attached zod schema for validation. */
-	getZod() {
-		return this.zodSchema;
-	}
-	/** GraphQL scalar instance usable by Pothos or vanilla GraphQL. */
-	getPothos() {
-		return this;
-	}
-	/** Return the JSON Schema (evaluates factory if provided). */
-	getJson() {
-		return typeof this.jsonSchemaDef === "function" ? this.jsonSchemaDef() : this.jsonSchemaDef;
-	}
-	getJsonSchemaDef() {
-		return this.jsonSchemaDef;
-	}
-	getJsonSchema() {
-		const deepResolve = (v) => {
-			const value = typeof v === "function" ? v() : v;
-			if (Array.isArray(value)) return value.map((item) => deepResolve(item));
-			if (value && typeof value === "object") {
-				const obj = {};
-				for (const [k, val] of Object.entries(value)) obj[k] = deepResolve(val);
-				return obj;
-			}
-			return value;
-		};
-		return deepResolve(this.getJson());
-	}
-};
-//#endregion
-export { FieldType };

package/dist/schema/dist/ScalarTypeEnum.js DELETED Viewed

@@ -1,236 +0,0 @@
-import { FieldType } from "./FieldType.js";
-import * as z$1 from "zod";
-import { Kind } from "graphql";
-//#region ../schema/dist/ScalarTypeEnum.js
-const localeRegex = /^[A-Za-z]{2}(?:-[A-Za-z0-9]{2,8})*$/;
-const timezoneRegex = /^(?:UTC|[A-Za-z_]+\/[A-Za-z_]+)$/;
-const phoneRegex = /^[+]?\d[\d\s().-]{3,}$/;
-const currencyRegex = /^[A-Z]{3}$/;
-const countryRegex = /^[A-Z]{2}$/;
-const latMin = -90;
-const latMax = 90;
-const lonMin = -180;
-const lonMax = 180;
-/**
-* Factory functions for common scalar FieldTypes with zod/GraphQL/JSON Schema.
-*/
-const ScalarTypeEnum = {
-	String_unsecure: () => new FieldType({
-		name: "String_unsecure",
-		description: "Unvalidated string scalar",
-		zod: z$1.string(),
-		parseValue: (v) => z$1.string().parse(v),
-		serialize: (v) => String(v),
-		parseLiteral: (ast) => {
-			if (ast.kind !== Kind.STRING) throw new TypeError("Invalid literal");
-			return ast.value;
-		},
-		jsonSchema: { type: "string" }
-	}),
-	Int_unsecure: () => new FieldType({
-		name: "Int_unsecure",
-		description: "Unvalidated integer scalar",
-		zod: z$1.number().int(),
-		parseValue: (v) => {
-			const num = typeof v === "number" ? v : Number(v);
-			return z$1.number().int().parse(num);
-		},
-		serialize: (v) => Math.trunc(typeof v === "number" ? v : Number(v)),
-		parseLiteral: (ast) => {
-			if (ast.kind !== Kind.INT) throw new TypeError("Invalid literal");
-			return Number(ast.value);
-		},
-		jsonSchema: { type: "integer" }
-	}),
-	Float_unsecure: () => new FieldType({
-		name: "Float_unsecure",
-		description: "Unvalidated float scalar",
-		zod: z$1.number(),
-		parseValue: (v) => {
-			const num = typeof v === "number" ? v : Number(v);
-			return z$1.number().parse(num);
-		},
-		serialize: (v) => Number(v),
-		parseLiteral: (ast) => {
-			if (ast.kind !== Kind.FLOAT && ast.kind !== Kind.INT) throw new TypeError("Invalid literal");
-			return Number(ast.value);
-		},
-		jsonSchema: { type: "number" }
-	}),
-	Boolean: () => new FieldType({
-		name: "Boolean",
-		description: "Unvalidated boolean scalar",
-		zod: z$1.boolean(),
-		parseValue: (v) => z$1.coerce.boolean().parse(v),
-		serialize: (v) => Boolean(v),
-		parseLiteral: (ast) => {
-			if (ast.kind !== Kind.BOOLEAN) throw new TypeError("Invalid literal");
-			return ast.value;
-		},
-		jsonSchema: { type: "boolean" }
-	}),
-	ID: () => new FieldType({
-		name: "ID",
-		description: "Unvalidated id scalar",
-		zod: z$1.string(),
-		parseValue: (v) => z$1.string().parse(v),
-		serialize: (v) => String(v),
-		parseLiteral: (ast) => {
-			if (ast.kind !== Kind.STRING) throw new TypeError("Invalid literal");
-			return ast.value;
-		},
-		jsonSchema: { type: "string" }
-	}),
-	JSON: () => new FieldType({
-		name: "JSON",
-		zod: z$1.any(),
-		parseValue: (v) => v,
-		serialize: (v) => v,
-		jsonSchema: {}
-	}),
-	JSONObject: () => new FieldType({
-		name: "JSONObject",
-		zod: z$1.record(z$1.string(), z$1.any()),
-		parseValue: (v) => z$1.record(z$1.string(), z$1.any()).parse(v),
-		serialize: (v) => v ?? {},
-		jsonSchema: { type: "object" }
-	}),
-	Date: () => new FieldType({
-		name: "Date",
-		zod: z$1.date(),
-		parseValue: (v) => v instanceof Date ? v : new Date(String(v)),
-		serialize: (v) => v instanceof Date ? v.toISOString().split("T")[0] : String(v),
-		jsonSchema: {
-			type: "string",
-			format: "date"
-		}
-	}),
-	DateTime: () => new FieldType({
-		name: "DateTime",
-		zod: z$1.date(),
-		parseValue: (v) => v instanceof Date ? v : new Date(String(v)),
-		serialize: (v) => {
-			return v instanceof Date ? v.toISOString() : String(v);
-		},
-		jsonSchema: {
-			type: "string",
-			format: "date-time"
-		}
-	}),
-	Time: () => new FieldType({
-		name: "Time",
-		zod: z$1.string().regex(/^\d{2}:\d{2}(:\d{2})?$/),
-		parseValue: (v) => z$1.string().regex(/^\d{2}:\d{2}(:\d{2})?$/).parse(v),
-		serialize: (v) => String(v),
-		jsonSchema: {
-			type: "string",
-			pattern: "^\\d{2}:\\d{2}(:\\d{2})?$"
-		}
-	}),
-	EmailAddress: () => new FieldType({
-		name: "EmailAddress",
-		zod: z$1.string().email(),
-		parseValue: (v) => z$1.string().email().parse(v),
-		serialize: (v) => String(v),
-		jsonSchema: {
-			type: "string",
-			format: "email"
-		}
-	}),
-	URL: () => new FieldType({
-		name: "URL",
-		zod: z$1.string().url(),
-		parseValue: (v) => z$1.string().url().parse(v),
-		serialize: (v) => String(v),
-		jsonSchema: {
-			type: "string",
-			format: "uri"
-		}
-	}),
-	PhoneNumber: () => new FieldType({
-		name: "PhoneNumber",
-		zod: z$1.string().regex(phoneRegex),
-		parseValue: (v) => z$1.string().regex(phoneRegex).parse(v),
-		serialize: (v) => String(v),
-		jsonSchema: {
-			type: "string",
-			pattern: phoneRegex.source
-		}
-	}),
-	NonEmptyString: () => new FieldType({
-		name: "NonEmptyString",
-		zod: z$1.string().min(1),
-		parseValue: (v) => z$1.string().min(1).parse(v),
-		serialize: (v) => String(v),
-		jsonSchema: {
-			type: "string",
-			minLength: 1
-		}
-	}),
-	Locale: () => new FieldType({
-		name: "Locale",
-		zod: z$1.string().regex(localeRegex),
-		parseValue: (v) => z$1.string().regex(localeRegex).parse(v),
-		serialize: (v) => String(v),
-		jsonSchema: {
-			type: "string",
-			pattern: localeRegex.source
-		}
-	}),
-	TimeZone: () => new FieldType({
-		name: "TimeZone",
-		zod: z$1.string().regex(timezoneRegex),
-		parseValue: (v) => z$1.string().regex(timezoneRegex).parse(v),
-		serialize: (v) => String(v),
-		jsonSchema: {
-			type: "string",
-			pattern: timezoneRegex.source
-		}
-	}),
-	Latitude: () => new FieldType({
-		name: "Latitude",
-		zod: z$1.number().min(latMin).max(latMax),
-		parseValue: (v) => z$1.coerce.number().min(latMin).max(latMax).parse(v),
-		serialize: (v) => Number(v),
-		jsonSchema: {
-			type: "number",
-			minimum: latMin,
-			maximum: latMax
-		}
-	}),
-	Longitude: () => new FieldType({
-		name: "Longitude",
-		zod: z$1.number().min(lonMin).max(lonMax),
-		parseValue: (v) => z$1.coerce.number().min(lonMin).max(lonMax).parse(v),
-		serialize: (v) => Number(v),
-		jsonSchema: {
-			type: "number",
-			minimum: lonMin,
-			maximum: lonMax
-		}
-	}),
-	Currency: () => new FieldType({
-		name: "Currency",
-		zod: z$1.string().regex(currencyRegex),
-		parseValue: (v) => z$1.string().regex(currencyRegex).parse(v),
-		serialize: (v) => String(v),
-		jsonSchema: {
-			type: "string",
-			pattern: currencyRegex.source
-		}
-	}),
-	CountryCode: () => new FieldType({
-		name: "CountryCode",
-		zod: z$1.string().regex(countryRegex),
-		parseValue: (v) => z$1.string().regex(countryRegex).parse(v),
-		serialize: (v) => String(v),
-		jsonSchema: {
-			type: "string",
-			pattern: countryRegex.source
-		}
-	})
-};
-//#endregion
-export { ScalarTypeEnum };

package/dist/schema/dist/SchemaModel.js DELETED Viewed

@@ -1,34 +0,0 @@
-import "./EnumType.js";
-import "./FieldType.js";
-import * as z$1 from "zod";
-//#region ../schema/dist/SchemaModel.js
-/**
-* Named object model built from FieldType/EnumType/SchemaModel fields.
-* Provides zod and GraphQL input helpers, and supports arrays/optional fields.
-*/
-var SchemaModel = class {
-	constructor(config) {
-		this.config = config;
-	}
-	/**
-	* Build a typed ZodObject from the model fields, preserving each field's
-	* Zod schema and optionality at the type level when possible.
-	*/
-	getZod() {
-		const shape = Object.entries(this.config.fields).reduce((acc, [key, def]) => {
-			const base = def.type.getZod();
-			const withArray = def.isArray ? z$1.array(base) : base;
-			acc[key] = def.isOptional ? withArray.optional() : withArray;
-			return acc;
-		}, {});
-		return z$1.object(shape);
-	}
-	/** Input object name for GraphQL builder adapters. */
-	getPothosInput() {
-		return this.config.name;
-	}
-};
-//#endregion
-export { SchemaModel };

package/dist/schema/dist/entity/defineEntity.js DELETED Viewed

@@ -1,236 +0,0 @@
-import * as z$1 from "zod";
-//#region ../schema/dist/entity/defineEntity.js
-/**
-* Helper to define a database entity with full type safety.
-*
-* @example
-* ```typescript
-* const UserEntity = defineEntity({
-*   name: 'User',
-*   schema: 'lssm_sigil',
-*   description: 'A user of the platform.',
-*   fields: {
-*     id: field.id(),
-*     email: field.string({ isUnique: true, zod: z.string().email() }),
-*     name: field.string({ isOptional: true }),
-*     createdAt: field.createdAt(),
-*     updatedAt: field.updatedAt(),
-*     memberships: field.hasMany('Member'),
-*   },
-*   indexes: [{ fields: ['email'], unique: true }],
-* });
-* ```
-*/
-function defineEntity(spec) {
-	return spec;
-}
-/**
-* Helper to define an enum that can be shared across entities.
-*/
-function defineEntityEnum(def) {
-	return def;
-}
-/**
-* Field builder helpers for common field patterns.
-*/
-const field = {
-	string(opts) {
-		return {
-			kind: "scalar",
-			type: "String",
-			...opts
-		};
-	},
-	int(opts) {
-		return {
-			kind: "scalar",
-			type: "Int",
-			...opts
-		};
-	},
-	float(opts) {
-		return {
-			kind: "scalar",
-			type: "Float",
-			...opts
-		};
-	},
-	boolean(opts) {
-		return {
-			kind: "scalar",
-			type: "Boolean",
-			...opts
-		};
-	},
-	dateTime(opts) {
-		return {
-			kind: "scalar",
-			type: "DateTime",
-			...opts
-		};
-	},
-	json(opts) {
-		return {
-			kind: "scalar",
-			type: "Json",
-			...opts
-		};
-	},
-	bigInt(opts) {
-		return {
-			kind: "scalar",
-			type: "BigInt",
-			...opts
-		};
-	},
-	decimal(opts) {
-		return {
-			kind: "scalar",
-			type: "Decimal",
-			...opts
-		};
-	},
-	bytes(opts) {
-		return {
-			kind: "scalar",
-			type: "Bytes",
-			...opts
-		};
-	},
-	id(opts) {
-		return {
-			kind: "scalar",
-			type: "String",
-			isId: true,
-			default: "cuid()",
-			...opts
-		};
-	},
-	uuid(opts) {
-		return {
-			kind: "scalar",
-			type: "String",
-			isId: true,
-			default: "uuid()",
-			...opts
-		};
-	},
-	autoIncrement(opts) {
-		return {
-			kind: "scalar",
-			type: "Int",
-			isId: true,
-			default: "autoincrement()",
-			...opts
-		};
-	},
-	createdAt(opts) {
-		return {
-			kind: "scalar",
-			type: "DateTime",
-			default: "now()",
-			...opts
-		};
-	},
-	updatedAt(opts) {
-		return {
-			kind: "scalar",
-			type: "DateTime",
-			updatedAt: true,
-			...opts
-		};
-	},
-	email(opts) {
-		return {
-			kind: "scalar",
-			type: "String",
-			zod: z$1.email(),
-			...opts
-		};
-	},
-	url(opts) {
-		return {
-			kind: "scalar",
-			type: "String",
-			zod: z$1.url(),
-			...opts
-		};
-	},
-	enum(enumName, opts) {
-		return {
-			kind: "enum",
-			enumName,
-			...opts
-		};
-	},
-	inlineEnum(enumName, values, opts) {
-		return {
-			kind: "enum",
-			enumName,
-			values,
-			...opts
-		};
-	},
-	hasOne(target, opts) {
-		return {
-			kind: "relation",
-			type: "hasOne",
-			target,
-			...opts
-		};
-	},
-	hasMany(target, opts) {
-		return {
-			kind: "relation",
-			type: "hasMany",
-			target,
-			...opts
-		};
-	},
-	belongsTo(target, fields, references, opts) {
-		return {
-			kind: "relation",
-			type: "belongsTo",
-			target,
-			fields,
-			references,
-			...opts
-		};
-	},
-	foreignKey(opts) {
-		return {
-			kind: "scalar",
-			type: "String",
-			...opts
-		};
-	}
-};
-/**
-* Index builder helpers.
-*/
-const index = {
-	on(fields, opts) {
-		return {
-			fields,
-			...opts
-		};
-	},
-	unique(fields, opts) {
-		return {
-			fields,
-			unique: true,
-			...opts
-		};
-	},
-	compound(fields, sort, opts) {
-		return {
-			fields,
-			sort,
-			...opts
-		};
-	}
-};
-//#endregion
-export { defineEntity, defineEntityEnum, field, index };

package/dist/schema/dist/entity/index.js DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import { defineEntity, defineEntityEnum, field, index } from "./defineEntity.js";
2	- import "./types.js";

package/dist/schema/dist/entity/types.js DELETED Viewed

	@@ -1 +0,0 @@
1	- import "zod";

package/dist/schema/dist/index.js DELETED Viewed

@@ -1,6 +0,0 @@
-import "./EnumType.js";
-import { FieldType } from "./FieldType.js";
-import { ScalarTypeEnum } from "./ScalarTypeEnum.js";
-import { SchemaModel } from "./SchemaModel.js";
-import { defineEntity, defineEntityEnum, field, index } from "./entity/defineEntity.js";
-import "./entity/index.js";