@matter/protocol 0.12.4-alpha.0-20250210-ad8edf096 → 0.12.4-alpha.0-20250212-b2729c9eb

package/dist/cjs/action/server/AccessControl.js

@@ -0,0 +1,287 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var AccessControl_exports = {};
+__export(AccessControl_exports, {
+  AccessControl: () => AccessControl
+});
+module.exports = __toCommonJS(AccessControl_exports);
+var import_model = require("#model");
+var import_types = require("#types");
+var import_errors = require("../errors.js");
+/**
+ * @license
+ * Copyright 2022-2025 Matter.js Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+const cache = /* @__PURE__ */ new WeakMap();
+function AccessControl(schema) {
+  let enforcer = cache.get(schema);
+  if (enforcer === void 0) {
+    enforcer = enforcerFor(schema);
+  }
+  return enforcer;
+}
+((AccessControl2) => {
+  let Authority;
+  ((Authority2) => {
+    Authority2[Authority2["Granted"] = 1] = "Granted";
+    Authority2[Authority2["Unauthorized"] = 2] = "Unauthorized";
+    Authority2[Authority2["Restricted"] = 3] = "Restricted";
+  })(Authority = AccessControl2.Authority || (AccessControl2.Authority = {}));
+})(AccessControl || (AccessControl = {}));
+Object.freeze(AccessControl);
+Object.freeze(AccessControl.Authority);
+function enforcerFor(schema) {
+  if (schema.tag === import_model.ElementTag.Command) {
+    return commandEnforcerFor(schema);
+  }
+  return dataEnforcerFor(schema);
+}
+function dataEnforcerFor(schema) {
+  const limits = limitsFor(schema);
+  let mayRead = (session, location) => {
+    if (session.offline || session.command) {
+      return true;
+    }
+    return session.authorityAt(limits.readLevel, location) === 1 /* Granted */;
+  };
+  let mayWrite = (session, location) => {
+    if (session.offline || session.command) {
+      return true;
+    }
+    return session.authorityAt(limits.writeLevel, location) === 1 /* Granted */;
+  };
+  let authorizeRead = (session, location) => {
+    if (session.offline || session.command) {
+      return;
+    }
+    if (session.authorityAt(limits.readLevel, location) === 1 /* Granted */) {
+      return;
+    }
+    throw new import_errors.ReadError(location, "Permission denied", import_types.StatusCode.UnsupportedAccess);
+  };
+  let authorizeWrite = (session, location) => {
+    if (session.offline || session.command) {
+      return;
+    }
+    if (session.authorityAt(limits.writeLevel, location) === 1 /* Granted */) {
+      return;
+    }
+    throw new import_errors.WriteError(location, "Permission denied", import_types.StatusCode.UnsupportedAccess);
+  };
+  if (limits.timed) {
+    const wrappedAuthorizeWrite = authorizeWrite;
+    const wrappedMayWrite = mayWrite;
+    authorizeWrite = (session, location) => {
+      if (!session.offline && !session.timed) {
+        throw new import_errors.WriteError(
+          location,
+          "Permission denied because interaction is not timed",
+          import_types.StatusCode.NeedsTimedInteraction
+        );
+      }
+      wrappedAuthorizeWrite?.(session, location);
+    };
+    mayWrite = (session, location) => {
+      if (!session.offline && !session.timed) {
+        return false;
+      }
+      return wrappedMayWrite(session, location);
+    };
+  }
+  if (limits.fabricSensitive) {
+    const wrappedAuthorizeRead = authorizeRead;
+    const wrappedMayRead = mayRead;
+    const wrappedAuthorizeWrite = authorizeWrite;
+    const wrappedMayWrite = mayWrite;
+    authorizeRead = (session, location) => {
+      if (session.offline || session.command) {
+        return;
+      }
+      if (session.fabricFiltered) {
+        if (session.fabric === void 0) {
+          throw new import_errors.ReadError(
+            location,
+            "Permission denied: No accessing fabric",
+            import_types.StatusCode.UnsupportedAccess
+          );
+        }
+        if (location?.owningFabric && location.owningFabric !== session.fabric) {
+          throw new import_errors.ReadError(
+            location,
+            "Permission denied: Owning/accessing fabric mismatch",
+            import_types.StatusCode.UnsupportedAccess
+          );
+        }
+      }
+      wrappedAuthorizeRead(session, location);
+    };
+    mayRead = (session, location) => {
+      if (session.offline || session.command) {
+        return true;
+      }
+      if (session.fabric === void 0) {
+        return false;
+      }
+      if (location?.owningFabric && location.owningFabric !== session.fabric) {
+        return false;
+      }
+      return wrappedMayRead(session, location);
+    };
+    authorizeWrite = (session, location) => {
+      if (session.offline || session.command) {
+        return;
+      }
+      if (session.fabric === void 0) {
+        throw new import_errors.WriteError(location, "Permission denied: No accessing fabric", import_types.StatusCode.UnsupportedAccess);
+      }
+      if (location?.owningFabric && location.owningFabric !== session.fabric) {
+        throw new import_errors.WriteError(location, "Permission denied: Owning/accessing fabric mismatch");
+      }
+      wrappedAuthorizeWrite(session, location);
+    };
+    mayWrite = (session, location) => {
+      if (session.offline || session.command) {
+        return true;
+      }
+      if (session.fabric === void 0) {
+        return false;
+      }
+      if (location?.owningFabric && location.owningFabric !== session.fabric) {
+        return false;
+      }
+      return wrappedMayWrite(session, location);
+    };
+  }
+  if (!limits.readable) {
+    authorizeRead = (session, location) => {
+      if (session.offline || session.command) {
+        return;
+      }
+      throw new import_errors.ReadError(location, "Permission defined: Value is write-only");
+    };
+    mayRead = (session) => {
+      return !!session.offline || !!session.command;
+    };
+  }
+  if (!limits.writable) {
+    authorizeWrite = (session, location) => {
+      if (session.offline || session.command) {
+        return;
+      }
+      throw new import_errors.WriteError(location, "Permission denied: Value is read-only");
+    };
+    mayWrite = (session) => {
+      return !!session.offline || !!session.command;
+    };
+  }
+  return Object.freeze({
+    limits,
+    authorizeRead,
+    mayRead,
+    authorizeWrite,
+    mayWrite,
+    authorizeInvoke(_session, location) {
+      throw new import_errors.SchemaImplementationError(location, "Permission denied: Invoke request but non-command schema");
+    },
+    mayInvoke() {
+      return false;
+    }
+  });
+}
+function commandEnforcerFor(schema) {
+  const limits = limitsFor(schema);
+  const timed = schema.effectiveAccess.timed;
+  const fabric = schema.effectiveAccess.fabric;
+  return {
+    limits,
+    authorizeRead(_session, location) {
+      throw new import_errors.SchemaImplementationError(location, "Permission denied: Read request but command schema");
+    },
+    mayRead() {
+      return false;
+    },
+    authorizeWrite(_session, location) {
+      throw new import_errors.SchemaImplementationError(location, "Permission denied: Write request but command schema");
+    },
+    mayWrite() {
+      return false;
+    },
+    authorizeInvoke(session, location) {
+      if (session.offline) {
+        return;
+      }
+      if (!session.command) {
+        throw new import_errors.InvokeError(location, "Invoke attempt without command context");
+      }
+      if (timed && !session.timed) {
+        throw new import_errors.InvokeError(
+          location,
+          "Invoke attempt without required timed context",
+          import_types.StatusCode.TimedRequestMismatch
+        );
+      }
+      if (fabric && session.fabric === void 0) {
+        throw new import_errors.WriteError(location, "Permission denied: No accessing fabric", import_types.StatusCode.UnsupportedAccess);
+      }
+      if (session.authorityAt(limits.writeLevel, location) === 1 /* Granted */) {
+        return;
+      }
+      throw new import_errors.InvokeError(location, "Permission denied", import_types.StatusCode.UnsupportedAccess);
+    },
+    mayInvoke(session, location) {
+      if (session.offline) {
+        return true;
+      }
+      if (!session.command) {
+        return false;
+      }
+      if (timed && !session.timed) {
+        return false;
+      }
+      if (fabric && session.fabric === void 0) {
+        return false;
+      }
+      return session.authorityAt(limits.writeLevel, location) === 1 /* Granted */;
+    }
+  };
+}
+function limitsFor(schema) {
+  const access = schema.effectiveAccess;
+  const quality = schema instanceof import_model.ValueModel ? schema.effectiveQuality : void 0;
+  let fixed = quality?.fixed;
+  for (let s = schema.parent; !fixed && s instanceof import_model.ValueModel; s = s.parent) {
+    if (s.effectiveQuality.fixed) {
+      fixed = true;
+    }
+  }
+  const limits = Object.freeze({
+    readable: access.readable,
+    writable: access.writable && !fixed,
+    fabricScoped: access.fabric === import_model.Access.Fabric.Scoped || access.fabric === import_model.Access.Fabric.Sensitive,
+    fabricSensitive: access.fabric === import_model.Access.Fabric.Sensitive,
+    timed: access.timed === true,
+    // Official Matter defaults are View for read and Operate for write. However, the schema's effective access
+    // should already have these defaults.  Here we just adopt minimum needed rights as a safe fallback access level.
+    readLevel: access.readPriv === void 0 ? import_model.AccessLevel.View : import_model.Access.PrivilegeLevel[access.readPriv],
+    writeLevel: access.writePriv === void 0 ? import_model.AccessLevel.Operate : import_model.Access.PrivilegeLevel[access.writePriv]
+  });
+  return limits;
+}
+//# sourceMappingURL=AccessControl.js.map

package/dist/cjs/action/server/AccessControl.js.map

@@ -0,0 +1,6 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/action/server/AccessControl.ts"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,mBAAmF;AACnF,mBAA8E;AAC9E,oBAA8E;AAR9E;AAAA;AAAA;AAAA;AAAA;AAUA,MAAM,QAAQ,oBAAI,QAA+B;AAkD1C,SAAS,cAAc,QAAgB;AAC1C,MAAI,WAAW,MAAM,IAAI,MAAM;AAC/B,MAAI,aAAa,QAAW;AACxB,eAAW,YAAY,MAAM;AAAA,EACjC;AACA,SAAO;AACX;AAAA,CAEO,CAAUA,mBAAV;AAyGI,MAAK;AAAL,IAAKC,eAAL;AAIH,IAAAA,sBAAA,aAAU,KAAV;AAKA,IAAAA,sBAAA,kBAAe,KAAf;AAKA,IAAAA,sBAAA,gBAAa,KAAb;AAAA,KAdQ,YAAAD,eAAA,cAAAA,eAAA;AAAA,GAzGC;AA2HjB,OAAO,OAAO,aAAa;AAC3B,OAAO,OAAO,cAAc,SAAS;AAErC,SAAS,YAAY,QAA+B;AAChD,MAAI,OAAO,QAAQ,wBAAW,SAAS;AACnC,WAAO,mBAAmB,MAAM;AAAA,EACpC;AACA,SAAO,gBAAgB,MAAM;AACjC;AAEA,SAAS,gBAAgB,QAA+B;AACpD,QAAM,SAAS,UAAU,MAAM;AAE/B,MAAI,UAAsC,CAAC,SAAS,aAAa;AAC7D,QAAI,QAAQ,WAAW,QAAQ,SAAS;AACpC,aAAO;AAAA,IACX;AAEA,WAAO,QAAQ,YAAY,OAAO,WAAW,QAAQ,MAAM;AAAA,EAC/D;AAEA,MAAI,WAAuC,CAAC,SAAS,aAAa;AAC9D,QAAI,QAAQ,WAAW,QAAQ,SAAS;AACpC,aAAO;AAAA,IACX;AAEA,WAAO,QAAQ,YAAY,OAAO,YAAY,QAAQ,MAAM;AAAA,EAChE;AAEA,MAAI,gBAAyC,CAAC,SAAS,aAAa;AAChE,QAAI,QAAQ,WAAW,QAAQ,SAAS;AACpC;AAAA,IACJ;AAEA,QAAI,QAAQ,YAAY,OAAO,WAAW,QAAQ,MAAM,iBAAiC;AACrF;AAAA,IACJ;AAEA,UAAM,IAAI,wBAAU,UAAU,qBAAqB,wBAAW,iBAAiB;AAAA,EACnF;AAEA,MAAI,iBAA0C,CAAC,SAAS,aAAa;AACjE,QAAI,QAAQ,WAAW,QAAQ,SAAS;AACpC;AAAA,IACJ;AAEA,QAAI,QAAQ,YAAY,OAAO,YAAY,QAAQ,MAAM,iBAAiC;AACtF;AAAA,IACJ;AAEA,UAAM,IAAI,yBAAW,UAAU,qBAAqB,wBAAW,iBAAiB;AAAA,EACpF;AAEA,MAAI,OAAO,OAAO;AACd,UAAM,wBAAwB;AAC9B,UAAM,kBAAkB;AAExB,qBAAiB,CAAC,SAAS,aAAa;AACpC,UAAI,CAAC,QAAQ,WAAW,CAAC,QAAQ,OAAO;AACpC,cAAM,IAAI;AAAA,UACN;AAAA,UACA;AAAA,UACA,wBAAW;AAAA,QACf;AAAA,MACJ;AACA,8BAAwB,SAAS,QAAQ;AAAA,IAC7C;AAEA,eAAW,CAAC,SAAS,aAAa;AAC9B,UAAI,CAAC,QAAQ,WAAW,CAAC,QAAQ,OAAO;AACpC,eAAO;AAAA,MACX;AAEA,aAAO,gBAAgB,SAAS,QAAQ;AAAA,IAC5C;AAAA,EACJ;AAEA,MAAI,OAAO,iBAAiB;AACxB,UAAM,uBAAuB;AAC7B,UAAM,iBAAiB;AACvB,UAAM,wBAAwB;AAC9B,UAAM,kBAAkB;AAExB,oBAAgB,CAAC,SAAS,aAAa;AACnC,UAAI,QAAQ,WAAW,QAAQ,SAAS;AACpC;AAAA,MACJ;AAEA,UAAI,QAAQ,gBAAgB;AACxB,YAAI,QAAQ,WAAW,QAAW;AAC9B,gBAAM,IAAI;AAAA,YACN;AAAA,YACA;AAAA,YACA,wBAAW;AAAA,UACf;AAAA,QACJ;AAEA,YAAI,UAAU,gBAAgB,SAAS,iBAAiB,QAAQ,QAAQ;AACpE,gBAAM,IAAI;AAAA,YACN;AAAA,YACA;AAAA,YACA,wBAAW;AAAA,UACf;AAAA,QACJ;AAAA,MACJ;AAEA,2BAAqB,SAAS,QAAQ;AAAA,IAC1C;AAEA,cAAU,CAAC,SAAS,aAAa;AAC7B,UAAI,QAAQ,WAAW,QAAQ,SAAS;AACpC,eAAO;AAAA,MACX;AAEA,UAAI,QAAQ,WAAW,QAAW;AAC9B,eAAO;AAAA,MACX;AAEA,UAAI,UAAU,gBAAgB,SAAS,iBAAiB,QAAQ,QAAQ;AACpE,eAAO;AAAA,MACX;AAEA,aAAO,eAAe,SAAS,QAAQ;AAAA,IAC3C;AAEA,qBAAiB,CAAC,SAAS,aAAa;AACpC,UAAI,QAAQ,WAAW,QAAQ,SAAS;AACpC;AAAA,MACJ;AAEA,UAAI,QAAQ,WAAW,QAAW;AAC9B,cAAM,IAAI,yBAAW,UAAU,0CAA0C,wBAAW,iBAAiB;AAAA,MACzG;AAEA,UAAI,UAAU,gBAAgB,SAAS,iBAAiB,QAAQ,QAAQ;AACpE,cAAM,IAAI,yBAAW,UAAU,qDAAqD;AAAA,MACxF;AAEA,4BAAsB,SAAS,QAAQ;AAAA,IAC3C;AAEA,eAAW,CAAC,SAAS,aAAa;AAC9B,UAAI,QAAQ,WAAW,QAAQ,SAAS;AACpC,eAAO;AAAA,MACX;AAEA,UAAI,QAAQ,WAAW,QAAW;AAC9B,eAAO;AAAA,MACX;AAEA,UAAI,UAAU,gBAAgB,SAAS,iBAAiB,QAAQ,QAAQ;AACpE,eAAO;AAAA,MACX;AAEA,aAAO,gBAAgB,SAAS,QAAQ;AAAA,IAC5C;AAAA,EACJ;AAEA,MAAI,CAAC,OAAO,UAAU;AAClB,oBAAgB,CAAC,SAAS,aAAa;AACnC,UAAI,QAAQ,WAAW,QAAQ,SAAS;AACpC;AAAA,MACJ;AAEA,YAAM,IAAI,wBAAU,UAAU,yCAAyC;AAAA,IAC3E;AAEA,cAAU,aAAW;AACjB,aAAO,CAAC,CAAC,QAAQ,WAAW,CAAC,CAAC,QAAQ;AAAA,IAC1C;AAAA,EACJ;AAEA,MAAI,CAAC,OAAO,UAAU;AAClB,qBAAiB,CAAC,SAAS,aAAa;AACpC,UAAI,QAAQ,WAAW,QAAQ,SAAS;AACpC;AAAA,MACJ;AACA,YAAM,IAAI,yBAAW,UAAU,uCAAuC;AAAA,IAC1E;AAEA,eAAW,aAAW;AAClB,aAAO,CAAC,CAAC,QAAQ,WAAW,CAAC,CAAC,QAAQ;AAAA,IAC1C;AAAA,EACJ;AAEA,SAAO,OAAO,OAAO;AAAA,IACjB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IAEA,gBAAgB,UAAiC,UAAkC;AAC/E,YAAM,IAAI,wCAA0B,UAAU,0DAA0D;AAAA,IAC5G;AAAA,IAEA,YAAY;AACR,aAAO;AAAA,IACX;AAAA,EACJ,CAAyB;AAC7B;AAEA,SAAS,mBAAmB,QAA+B;AACvD,QAAM,SAAS,UAAU,MAAM;AAC/B,QAAM,QAAQ,OAAO,gBAAgB;AACrC,QAAM,SAAS,OAAO,gBAAgB;AAEtC,SAAO;AAAA,IACH;AAAA,IAEA,cAAc,UAAU,UAAU;AAC9B,YAAM,IAAI,wCAA0B,UAAU,oDAAoD;AAAA,IACtG;AAAA,IAEA,UAAU;AACN,aAAO;AAAA,IACX;AAAA,IAEA,eAAe,UAAU,UAAU;AAC/B,YAAM,IAAI,wCAA0B,UAAU,qDAAqD;AAAA,IACvG;AAAA,IAEA,WAAW;AACP,aAAO;AAAA,IACX;AAAA,IAEA,gBAAgB,SAAS,UAAU;AAC/B,UAAI,QAAQ,SAAS;AACjB;AAAA,MACJ;AAEA,UAAI,CAAC,QAAQ,SAAS;AAClB,cAAM,IAAI,0BAAY,UAAU,wCAAwC;AAAA,MAC5E;AAEA,UAAI,SAAS,CAAC,QAAQ,OAAO;AACzB,cAAM,IAAI;AAAA,UACN;AAAA,UACA;AAAA,UACA,wBAAW;AAAA,QACf;AAAA,MACJ;AAEA,UAAI,UAAU,QAAQ,WAAW,QAAW;AACxC,cAAM,IAAI,yBAAW,UAAU,0CAA0C,wBAAW,iBAAiB;AAAA,MACzG;AAEA,UAAI,QAAQ,YAAY,OAAO,YAAY,QAAQ,MAAM,iBAAiC;AACtF;AAAA,MACJ;AAEA,YAAM,IAAI,0BAAY,UAAU,qBAAqB,wBAAW,iBAAiB;AAAA,IACrF;AAAA,IAEA,UAAU,SAAS,UAAU;AACzB,UAAI,QAAQ,SAAS;AACjB,eAAO;AAAA,MACX;AAEA,UAAI,CAAC,QAAQ,SAAS;AAClB,eAAO;AAAA,MACX;AAEA,UAAI,SAAS,CAAC,QAAQ,OAAO;AACzB,eAAO;AAAA,MACX;AAEA,UAAI,UAAU,QAAQ,WAAW,QAAW;AACxC,eAAO;AAAA,MACX;AAEA,aAAO,QAAQ,YAAY,OAAO,YAAY,QAAQ,MAAM;AAAA,IAChE;AAAA,EACJ;AACJ;AAEA,SAAS,UAAU,QAAgB;AAC/B,QAAM,SAAS,OAAO;AACtB,QAAM,UAAU,kBAAkB,0BAAa,OAAO,mBAAmB;AAGzE,MAAI,QAAQ,SAAS;AACrB,WAAS,IAAI,OAAO,QAAQ,CAAC,SAAS,aAAa,yBAAY,IAAI,EAAE,QAAQ;AACzE,QAAI,EAAE,iBAAiB,OAAO;AAC1B,cAAQ;AAAA,IACZ;AAAA,EACJ;AAEA,QAAM,SAA+B,OAAO,OAAO;AAAA,IAC/C,UAAU,OAAO;AAAA,IACjB,UAAU,OAAO,YAAY,CAAC;AAAA,IAC9B,cAAc,OAAO,WAAW,oBAAO,OAAO,UAAU,OAAO,WAAW,oBAAO,OAAO;AAAA,IACxF,iBAAiB,OAAO,WAAW,oBAAO,OAAO;AAAA,IACjD,OAAO,OAAO,UAAU;AAAA;AAAA;AAAA,IAIxB,WAAW,OAAO,aAAa,SAAY,yBAAY,OAAO,oBAAO,eAAe,OAAO,QAAQ;AAAA,IACnG,YAAY,OAAO,cAAc,SAAY,yBAAY,UAAU,oBAAO,eAAe,OAAO,SAAS;AAAA,EAC7G,CAAC;AAED,SAAO;AACX;",
+  "names": ["AccessControl", "Authority"]
+}

package/dist/cjs/action/server/AttributeResponse.d.ts

@@ -0,0 +1,36 @@
+/**
+ * @license
+ * Copyright 2022-2025 Project CHIP Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { NodeProtocol } from "#action/protocols.js";
+import { Read } from "#action/request/Read.js";
+import { ReadResult } from "#action/response/ReadResult.js";
+import { AccessControl } from "#action/server/AccessControl.js";
+export declare const GlobalAttrIds: Set<any>;
+export declare const WildcardPathFlagsCodec: import("#types").BitmapSchemaInternal<{
+    skipRootNode: import("#types").BitFlag;
+    skipGlobalAttributes: import("#types").BitFlag;
+    skipAttributeList: import("#types").BitFlag;
+    reserved1: import("#types").BitFlag;
+    skipCommandLists: import("#types").BitFlag;
+    skipCustomElements: import("#types").BitFlag;
+    skipFixedAttributes: import("#types").BitFlag;
+    skipChangesOmittedAttributes: import("#types").BitFlag;
+    skipDiagnosticsClusters: import("#types").BitFlag;
+}>;
+export declare const FallbackLimits: AccessControl.Limits;
+/**
+ * Implements read of attribute data for Matter "read" and "subscribe" interactions.
+ *
+ * TODO - profile; ensure nested functions are properly JITed and/or inlined
+ */
+export declare class AttributeResponse<SessionT extends AccessControl.Session = AccessControl.Session> {
+    #private;
+    constructor(node: NodeProtocol, session: SessionT, { dataVersionFilters, attributeRequests }: Read.Attributes);
+    /**
+     * Emits chunks produced by paths added via {@link #addWildcard} and {@link #addConcrete}.
+     */
+    [Symbol.iterator](): Generator<ReadResult.Chunk, void, void>;
+}
+//# sourceMappingURL=AttributeResponse.d.ts.map

package/dist/cjs/action/server/AttributeResponse.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AttributeResponse.d.ts","sourceRoot":"","sources":["../../../../src/action/server/AttributeResponse.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAA4D,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAC9G,OAAO,EAAE,IAAI,EAAE,MAAM,yBAAyB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAgBhE,eAAO,MAAM,aAAa,UAAgE,CAAC;AAC3F,eAAO,MAAM,sBAAsB;;;;;;;;;;EAAwC,CAAC;AAC5E,eAAO,MAAM,cAAc,EAAE,aAAa,CAAC,MAQ1C,CAAC;AAEF;;;;GAIG;AACH,qBAAa,iBAAiB,CAAC,QAAQ,SAAS,aAAa,CAAC,OAAO,GAAG,aAAa,CAAC,OAAO;;gBAwB7E,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,EAAE,IAAI,CAAC,UAAU;IAkC7G;;OAEG;IACF,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,UAAU,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC;CAqThE"}

package/dist/cjs/action/server/AttributeResponse.js

@@ -0,0 +1,352 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var AttributeResponse_exports = {};
+__export(AttributeResponse_exports, {
+  AttributeResponse: () => AttributeResponse,
+  FallbackLimits: () => FallbackLimits,
+  GlobalAttrIds: () => GlobalAttrIds,
+  WildcardPathFlagsCodec: () => WildcardPathFlagsCodec
+});
+module.exports = __toCommonJS(AttributeResponse_exports);
+var import_AccessControl = require("#action/server/AccessControl.js");
+var import_general = require("#general");
+var import_model = require("#model");
+var import_types = require("#types");
+/**
+ * @license
+ * Copyright 2022-2025 Project CHIP Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+const GlobalAttrIds = new Set(Object.values(import_types.GlobalAttributes).map((attr) => attr.id));
+const WildcardPathFlagsCodec = (0, import_types.BitmapSchema)(import_types.WildcardPathFlagsBitmap);
+const FallbackLimits = {
+  fabricScoped: false,
+  fabricSensitive: false,
+  readable: true,
+  readLevel: import_model.AccessLevel.View,
+  timed: false,
+  writable: true,
+  writeLevel: import_model.AccessLevel.Administer
+};
+class AttributeResponse {
+  // Configuration
+  #session;
+  #node;
+  #versions;
+  // Each input AttributePathIB that does not have an error installs a producer.  Producers run after validation and
+  // generate actual attribute data
+  #dataProducers;
+  // The initial "chunk" may be a list of errors.  As producers execute it is a set of records associated with the
+  // most recently touched endpoint.  When the endpoint changes the previous chunk emits
+  #chunk;
+  // The following state updates as data producers execute.  This serves both to convey state between functions and as
+  // a cache between producers that touch the same endpoint and/or cluster
+  #currentEndpoint;
+  #currentCluster;
+  #currentState;
+  #wildcardPathFlags = 0;
+  // The node ID may be expensive to retrieve and is invariant so we cache it here
+  #cachedNodeId;
+  constructor(node, session, { dataVersionFilters, attributeRequests }) {
+    this.#node = node;
+    this.#session = session;
+    const nodeId = session.fabric === void 0 ? import_types.NodeId.UNSPECIFIED_NODE_ID : this.#nodeId;
+    if (dataVersionFilters?.length) {
+      this.#versions = {};
+      for (const {
+        path: { nodeId: filterNodeId, endpointId, clusterId },
+        dataVersion
+      } of dataVersionFilters) {
+        if (filterNodeId !== void 0 && filterNodeId !== nodeId) {
+          continue;
+        }
+        if (typeof endpointId !== "number") {
+          continue;
+        }
+        (this.#versions[endpointId] ?? (this.#versions[endpointId] = {}))[clusterId] = dataVersion;
+      }
+    }
+    for (const path of attributeRequests) {
+      if (path.endpointId === void 0 || path.clusterId === void 0 || path.attributeId === void 0) {
+        this.#addWildcard(path);
+      } else {
+        this.#addConcrete(path);
+      }
+    }
+  }
+  /**
+   * Emits chunks produced by paths added via {@link #addWildcard} and {@link #addConcrete}.
+   */
+  *[Symbol.iterator]() {
+    if (this.#dataProducers) {
+      for (const producer of this.#dataProducers) {
+        yield* producer.apply(this);
+      }
+    }
+    if (this.#chunk !== void 0) {
+      yield this.#chunk;
+    }
+  }
+  /**
+   * Validate a wildcard path and update internal state.
+   */
+  #addWildcard(path) {
+    const { nodeId, endpointId, clusterId, attributeId, wildcardPathFlags } = path;
+    if (nodeId !== void 0 && nodeId !== this.#nodeId) {
+      return;
+    }
+    const wpf = wildcardPathFlags ? WildcardPathFlagsCodec.encode(wildcardPathFlags) : 0;
+    if (clusterId === void 0 && attributeId !== void 0 && !GlobalAttrIds.has(attributeId)) {
+      throw new import_types.StatusResponseError(
+        `Illegal read of wildcard cluster with non-global attribute #${attributeId}`,
+        import_types.Status.InvalidAction
+      );
+    }
+    if (endpointId === void 0) {
+      this.#addProducer(function* () {
+        this.#wildcardPathFlags = wpf;
+        for (const endpoint2 of this.#node) {
+          yield* this.#readEndpointForWildcard(endpoint2, path);
+        }
+      });
+      return;
+    }
+    const endpoint = this.#node[endpointId];
+    if (endpoint) {
+      this.#addProducer(function() {
+        this.#wildcardPathFlags = wpf;
+        return this.#readEndpointForWildcard(endpoint, path);
+      });
+    }
+  }
+  /**
+   * Validate a concrete path and update internal state.
+   */
+  #addConcrete(path) {
+    const { nodeId, endpointId, clusterId, attributeId } = path;
+    if (nodeId !== void 0 && this.#nodeId !== nodeId) {
+      this.#addStatus(path, import_types.Status.UnsupportedNode);
+    }
+    const endpoint = this.#node[endpointId];
+    const cluster = endpoint?.[clusterId];
+    const attribute = cluster?.type.attributes[attributeId];
+    let limits;
+    if (attribute === void 0) {
+      const modelAttr = this.#node.matter.member(path.clusterId, [import_model.ElementTag.Cluster])?.member(path.attributeId, [import_model.ElementTag.Attribute]);
+      if (modelAttr) {
+        limits = (0, import_AccessControl.AccessControl)(modelAttr).limits;
+      } else {
+        limits = FallbackLimits;
+      }
+    } else {
+      limits = attribute.limits;
+    }
+    switch (this.#session.authorityAt(limits.readLevel)) {
+      case import_AccessControl.AccessControl.Authority.Granted:
+        break;
+      case import_AccessControl.AccessControl.Authority.Unauthorized:
+        this.#addStatus(path, import_types.Status.UnsupportedAccess);
+        return;
+      case import_AccessControl.AccessControl.Authority.Restricted:
+        this.#addStatus(path, import_types.Status.AccessRestricted);
+        return;
+      default:
+        throw new import_general.InternalError(
+          `Unsupported authorization state ${this.#session.authorityAt(limits.readLevel)}`
+        );
+    }
+    if (endpoint === void 0) {
+      this.#addStatus(path, import_types.Status.UnsupportedEndpoint);
+      return;
+    }
+    if (cluster === void 0) {
+      this.#addStatus(path, import_types.Status.UnsupportedCluster);
+      return;
+    }
+    if (attribute === void 0) {
+      this.#addStatus(path, import_types.Status.UnsupportedAttribute);
+      return;
+    }
+    if (!limits.readable) {
+      this.#addStatus(path, import_types.Status.UnsupportedRead);
+      return;
+    }
+    const skipVersion = this.#versions?.[path.endpointId]?.[path.clusterId];
+    if (skipVersion !== void 0 && skipVersion === cluster.version) {
+      return;
+    }
+    this.#addProducer(function* () {
+      if (this.#currentEndpoint !== endpoint) {
+        if (this.#chunk) {
+          yield this.#chunk;
+          this.#chunk = void 0;
+        }
+        this.#currentEndpoint = endpoint;
+        this.#currentCluster = cluster;
+        this.#currentState = cluster.open(this.#session);
+      } else if (this.#currentCluster !== cluster) {
+        this.#currentCluster = cluster;
+        this.#currentState = cluster.open(this.#session);
+      } else if (this.#currentState === void 0) {
+        this.#currentState = cluster.open(this.#session);
+      }
+      this.#addValue(path, this.#currentState);
+    });
+  }
+  /**
+   * Starts new chunk or adds to current chunk all values from {@link endpoint} selected by {@link path}.
+   *
+   * Emits previous chunk if it exists and was not for this endpoint.  This means that our chunk size is one endpoint
+   * worth of data, except for the initial error chunk if there are path errors.
+   *
+   * {@link this.#wildcardPathFlags} to numeric bitmap must be set prior to invocation.
+   *
+   * TODO - skip endpoints for which subject is unauthorized
+   */
+  *#readEndpointForWildcard(endpoint, path) {
+    if (endpoint.wildcardPathFlags & this.#wildcardPathFlags) {
+      return;
+    }
+    if (this.#currentEndpoint !== endpoint) {
+      if (this.#chunk) {
+        yield this.#chunk;
+        this.#chunk = void 0;
+      }
+      this.#currentEndpoint = endpoint;
+      this.#currentCluster = void 0;
+    }
+    const { clusterId } = path;
+    if (clusterId === void 0) {
+      for (const cluster of endpoint) {
+        this.#readClusterForWildcard(cluster, path);
+      }
+    } else {
+      const cluster = endpoint[clusterId];
+      if (cluster !== void 0) {
+        this.#readClusterForWildcard(cluster, path);
+      }
+    }
+  }
+  /**
+   * Read values from a specific {@link cluster} for a wildcard path.
+   *
+   * Depends on state initialized by {@link #readEndpointForWildcard}.
+   *
+   * TODO - skip clusters for which subject is unauthorized
+   */
+  #readClusterForWildcard(cluster, path) {
+    if (cluster.type.wildcardPathFlags & this.#wildcardPathFlags) {
+      return;
+    }
+    if (this.#currentCluster !== cluster) {
+      this.#currentCluster = cluster;
+      this.#currentState = void 0;
+    }
+    const skipVersion = this.#versions?.[this.#currentEndpoint.id]?.[cluster.type.id];
+    if (skipVersion !== void 0 && skipVersion === cluster.version) {
+      return;
+    }
+    const { attributeId } = path;
+    if (attributeId === void 0) {
+      for (const attribute of cluster.type.attributes) {
+        this.#readAttributeForWildcard(attribute, path);
+      }
+    } else {
+      const attribute = cluster.type.attributes[attributeId];
+      if (attribute !== void 0) {
+        this.#readAttributeForWildcard(attribute, path);
+      }
+    }
+  }
+  /**
+   * Read values from a specific {@link attribute} for a wildcard path.
+   *
+   * Depends on state initialized by {@link #readClusterForWildcard}.
+   */
+  #readAttributeForWildcard(attribute, path) {
+    if (attribute.wildcardPathFlags & this.#wildcardPathFlags) {
+      return;
+    }
+    if (!attribute.limits.readable || this.#session.authorityAt(attribute.limits.readLevel, this.#currentCluster.location) !== import_AccessControl.AccessControl.Authority.Granted) {
+      return;
+    }
+    if (this.#currentState === void 0) {
+      this.#currentState = this.#currentCluster.open(this.#session);
+    }
+    this.#addValue(
+      {
+        ...path,
+        endpointId: this.#currentEndpoint?.id,
+        clusterId: this.#currentCluster?.type.id,
+        attributeId: attribute.id
+      },
+      this.#currentState[attribute.id]
+    );
+  }
+  /**
+   * Add a function that produces data.  These functions are run after validation of input paths.
+   */
+  #addProducer(producer) {
+    if (this.#dataProducers) {
+      this.#dataProducers.push(producer);
+    } else {
+      this.#dataProducers = [producer];
+    }
+  }
+  /**
+   * Add a status value.
+   */
+  #addStatus(path, status) {
+    const report = {
+      kind: "attr-status",
+      path,
+      status
+    };
+    if (this.#chunk) {
+      this.#chunk.push(report);
+    } else {
+      this.#chunk = [report];
+    }
+  }
+  /**
+   * Add an attribute value.
+   */
+  #addValue(path, value) {
+    const report = {
+      kind: "attr-value",
+      path,
+      value
+    };
+    if (this.#chunk) {
+      this.#chunk.push(report);
+    } else {
+      this.#chunk = [report];
+    }
+  }
+  /**
+   * The node ID used to filter paths with node ID specified.  Unsure if this is ever actually used.
+   */
+  get #nodeId() {
+    if (this.#cachedNodeId === void 0) {
+      this.#cachedNodeId = (this.#session.fabric && this.#node.nodeIdFor(this.#session.fabric)) ?? import_types.NodeId.UNSPECIFIED_NODE_ID;
+    }
+    return this.#cachedNodeId;
+  }
+}
+//# sourceMappingURL=AttributeResponse.js.map