@metamask-previews/permission-controller 12.3.0-preview-938fc5d87 → 12.3.0-preview-495c91e

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. package/CHANGELOG.md +16 -2
  2. package/dist/Permission.cjs.map +1 -1
  3. package/dist/Permission.d.cts +9 -15
  4. package/dist/Permission.d.cts.map +1 -1
  5. package/dist/Permission.d.mts +9 -15
  6. package/dist/Permission.d.mts.map +1 -1
  7. package/dist/Permission.mjs.map +1 -1
  8. package/dist/PermissionController-method-action-types.cjs.map +1 -1
  9. package/dist/PermissionController-method-action-types.d.cts +44 -25
  10. package/dist/PermissionController-method-action-types.d.cts.map +1 -1
  11. package/dist/PermissionController-method-action-types.d.mts +44 -25
  12. package/dist/PermissionController-method-action-types.d.mts.map +1 -1
  13. package/dist/PermissionController-method-action-types.mjs.map +1 -1
  14. package/dist/PermissionController.cjs +23 -65
  15. package/dist/PermissionController.cjs.map +1 -1
  16. package/dist/PermissionController.d.cts +12 -36
  17. package/dist/PermissionController.d.cts.map +1 -1
  18. package/dist/PermissionController.d.mts +12 -36
  19. package/dist/PermissionController.d.mts.map +1 -1
  20. package/dist/PermissionController.mjs +23 -65
  21. package/dist/PermissionController.mjs.map +1 -1
  22. package/dist/createRestrictedMethodMessenger.cjs +20 -0
  23. package/dist/createRestrictedMethodMessenger.cjs.map +1 -0
  24. package/dist/createRestrictedMethodMessenger.d.cts +42 -0
  25. package/dist/createRestrictedMethodMessenger.d.cts.map +1 -0
  26. package/dist/createRestrictedMethodMessenger.d.mts +42 -0
  27. package/dist/createRestrictedMethodMessenger.d.mts.map +1 -0
  28. package/dist/createRestrictedMethodMessenger.mjs +16 -0
  29. package/dist/createRestrictedMethodMessenger.mjs.map +1 -0
  30. package/dist/index.cjs +6 -1
  31. package/dist/index.cjs.map +1 -1
  32. package/dist/index.d.cts +3 -1
  33. package/dist/index.d.cts.map +1 -1
  34. package/dist/index.d.mts +3 -1
  35. package/dist/index.d.mts.map +1 -1
  36. package/dist/index.mjs +2 -0
  37. package/dist/index.mjs.map +1 -1
  38. package/dist/permission-middleware.cjs +59 -0
  39. package/dist/permission-middleware.cjs.map +1 -0
  40. package/dist/permission-middleware.d.cts +49 -0
  41. package/dist/permission-middleware.d.cts.map +1 -0
  42. package/dist/permission-middleware.d.mts +49 -0
  43. package/dist/permission-middleware.d.mts.map +1 -0
  44. package/dist/permission-middleware.mjs +54 -0
  45. package/dist/permission-middleware.mjs.map +1 -0
  46. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -9,14 +9,28 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
9
9
 
10
10
  ### Added
11
11
 
12
- - Expose `createPermissionMiddleware` through the messenger ([#8502](https://github.com/MetaMask/core/pull/8502))
12
+ - Add `createPermissionMiddlewareV2`, a `JsonRpcEngineV2` variant of the standalone permission middleware factory ([#8532](https://github.com/MetaMask/core/pull/8532))
13
+ - Add `messenger` option to permission specification builders, allowing restricted-method specs to receive a scoped messenger in place of `methodHooks` ([#8551](https://github.com/MetaMask/core/pull/8551))
14
+ - Use the `actionNames` field on the specification builder and `createRestrictedMethodMessenger` to construct the scoped messenger.
13
15
 
14
16
  ### Changed
15
17
 
18
+ - **BREAKING:** Decouple the permission middleware from `PermissionController` and expose it as a standalone function ([#8532](https://github.com/MetaMask/core/pull/8532))
19
+ - The standalone `createPermissionMiddleware` replaces the former `PermissionController.createPermissionMiddleware`; it is imported from `@metamask/permission-controller` and called with a messenger and subject metadata, and targets the legacy `JsonRpcEngine`.
20
+ - New integrations should prefer `createPermissionMiddlewareV2`, which targets `JsonRpcEngineV2`.
21
+ - `PermissionController.getRestrictedMethod` no longer serves a purpose, and is removed. Restricted methods should be invoked via the `:executeRestrictedMethod` action instead.
16
22
  - Bump `@metamask/controller-utils` from `^11.19.0` to `^11.20.0` ([#8344](https://github.com/MetaMask/core/pull/8344))
17
23
  - Bump `@metamask/messenger` from `^1.0.0` to `^1.1.1` ([#8364](https://github.com/MetaMask/core/pull/8364), [#8373](https://github.com/MetaMask/core/pull/8373))
18
24
  - Bump `@metamask/base-controller` from `^9.0.1` to `^9.1.0` ([#8457](https://github.com/MetaMask/core/pull/8457))
19
25
 
26
+ ### Deprecated
27
+
28
+ - Deprecate `createPermissionMiddleware` in favor of `createPermissionMiddlewareV2`, which targets `JsonRpcEngineV2` ([#8532](https://github.com/MetaMask/core/pull/8532))
29
+
30
+ ### Removed
31
+
32
+ - **BREAKING:** Remove `factoryHooks`, `validatorHooks`, and related fields from permission specification builders ([#8551](https://github.com/MetaMask/core/pull/8551))
33
+
20
34
  ## [12.3.0]
21
35
 
22
36
  ### Added
@@ -186,7 +200,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
186
200
  ["Are the Types Wrong?"](https://arethetypeswrong.github.io/) tool as
187
201
  ["masquerading as CJS"](https://github.com/arethetypeswrong/arethetypeswrong.github.io/blob/main/docs/problems/FalseCJS.md).
188
202
  All of the ATTW checks now pass.
189
- - Remove chunk files ([#4648](https://github.com/MetaMask/core/pull/4648)).
203
+ - Remove chunk files ([#4648](https://github.com/MetaMask/core/pull/4648))
190
204
  - Previously, the build tool we used to generate JavaScript files extracted
191
205
  common code to "chunk" files. While this was intended to make this package
192
206
  more tree-shakeable, it also made debugging more difficult for our
package/dist/Permission.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"Permission.cjs","sourceRoot":"","sources":["../src/Permission.ts"],"names":[],"mappings":";;;AAGA,mCAAgC;AAkJhC;;;;;;;;GAQG;AACH,SAAgB,mBAAmB,CAEjC,OAA4C;IAC5C,MAAM,EAAE,OAAO,GAAG,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAEpD,OAAO;QACL,EAAE,EAAE,IAAA,eAAM,GAAE;QACZ,gBAAgB,EAAE,MAAM;QACxB,OAAO;QACP,OAAO;QACP,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE;KACP,CAAC;AACxB,CAAC;AAZD,kDAYC;AAED;;;;;;GAMG;AACH,SAAgB,UAAU,CACxB,UAAgC,EAChC,UAAkB;IAElB,OAAO,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;AAC1E,CAAC;AALD,gCAKC;AAgKD;;GAEG;AACH,IAAY,cAYX;AAZD,WAAY,cAAc;IACxB;;;OAGG;IACH,uDAAqC,CAAA;IAErC;;;OAGG;IACH,yCAAuB,CAAA;AACzB,CAAC,EAZW,cAAc,8BAAd,cAAc,QAYzB;AA2MD;;;;;;;;GAQG;AACH,SAAgB,oBAAoB,CAIlC,aAA4B,EAC5B,YAAkB;IAIlB,OAAO,aAAa,CAAC,cAAc,KAAK,YAAY,CAAC;AACvD,CAAC;AAVD,oDAUC","sourcesContent":["import type { NonEmptyArray } from '@metamask/controller-utils';\nimport type { ActionConstraint, EventConstraint } from '@metamask/messenger';\nimport type { Json } from '@metamask/utils';\nimport { nanoid } from 'nanoid';\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nimport type { CaveatConstraint, Caveat } from './Caveat';\nimport type {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n PermissionController,\n PermissionsRequest,\n SideEffectMessenger,\n} from './PermissionController';\nimport type { SubjectType } from './SubjectMetadataController';\n\n/**\n * The origin of a subject.\n * Effectively the GUID of an entity that can have permissions.\n */\nexport type OriginString = string;\n\n/**\n * The name of a permission target.\n */\ntype TargetName = string;\n\n/**\n * A `ZCAP-LD`-like permission object. A permission is associated with a\n * particular `invoker`, which is the holder of the permission. Possessing the\n * permission grants access to a particular restricted resource, identified by\n * the `parentCapability`. The use of the restricted resource may be further\n * restricted by any `caveats` associated with the permission.\n *\n * See the README for details.\n */\nexport type PermissionConstraint = {\n /**\n * The context(s) in which this capability is meaningful.\n *\n * It is required by the standard, but we make it optional since there is only\n * one context in our usage (i.e. the user's MetaMask instance).\n */\n readonly '@context'?: NonEmptyArray<string>;\n\n /**\n * The caveats of the permission.\n *\n * @see {@link Caveat} For more information.\n */\n readonly caveats: null | NonEmptyArray<CaveatConstraint>;\n\n /**\n * The creation date of the permission, in UNIX epoch time.\n */\n readonly date: number;\n\n /**\n * The GUID of the permission object.\n */\n readonly id: string;\n\n /**\n * The origin string of the subject that has the permission.\n */\n readonly invoker: OriginString;\n\n /**\n * A pointer to the resource that possession of the capability grants\n * access to, for example a JSON-RPC method or endowment.\n */\n readonly parentCapability: string;\n};\n\n/**\n * A `ZCAP-LD`-like permission object. A permission is associated with a\n * particular `invoker`, which is the holder of the permission. Possessing the\n * permission grants access to a particular restricted resource, identified by\n * the `parentCapability`. The use of the restricted resource may be further\n * restricted by any `caveats` associated with the permission.\n *\n * See the README for details.\n *\n * @template Name - The name of the permission that the target corresponds to.\n * @template AllowedCaveat - A union of the allowed {@link Caveat} types\n * for the permission.\n */\nexport type ValidPermission<\n Name extends TargetName,\n AllowedCaveat extends CaveatConstraint,\n> = PermissionConstraint & {\n /**\n * The caveats of the permission.\n *\n * @see {@link Caveat} For more information.\n */\n readonly caveats: AllowedCaveat extends never\n ? null\n : NonEmptyArray<AllowedCaveat> | null;\n\n /**\n * A pointer to the resource that possession of the capability grants\n * access to, for example a JSON-RPC method or endowment.\n */\n readonly parentCapability: Name;\n};\n\n/**\n * Internal utility for extracting the members types of an array. The type\n * evalutes to `never` if the specified type is the empty tuple or neither\n * an array nor a tuple.\n *\n * @template ArrayType - The array type whose members to extract.\n */\ntype ExtractArrayMembers<ArrayType> = ArrayType extends []\n ? never\n : ArrayType extends unknown[] | readonly unknown[]\n ? ArrayType[number]\n : never;\n\n/**\n * A utility type for extracting the allowed caveat types for a particular\n * permission from a permission specification type.\n *\n * @template PermissionSpecification - The permission specification type to\n * extract valid caveat types from.\n */\nexport type ExtractAllowedCaveatTypes<\n PermissionSpecification extends PermissionSpecificationConstraint,\n> = ExtractArrayMembers<PermissionSpecification['allowedCaveats']>;\n\n/**\n * The options object of {@link constructPermission}.\n *\n * @template TargetPermission - The {@link Permission} that will be constructed.\n */\nexport type PermissionOptions<TargetPermission extends PermissionConstraint> = {\n target: TargetPermission['parentCapability'];\n /**\n * The origin string of the subject that has the permission.\n */\n invoker: OriginString;\n\n /**\n * The caveats of the permission.\n * See {@link Caveat}.\n */\n caveats?: NonEmptyArray<CaveatConstraint>;\n};\n\n/**\n * The default permission factory function. Naively constructs a permission from\n * the inputs. Sets a default, random `id` if none is provided.\n *\n * @see {@link Permission} For more details.\n * @template TargetPermission- - The {@link Permission} that will be constructed.\n * @param options - The options for the permission.\n * @returns The new permission object.\n */\nexport function constructPermission<\n TargetPermission extends PermissionConstraint,\n>(options: PermissionOptions<TargetPermission>): TargetPermission {\n const { caveats = null, invoker, target } = options;\n\n return {\n id: nanoid(),\n parentCapability: target,\n invoker,\n caveats,\n date: new Date().getTime(),\n } as TargetPermission;\n}\n\n/**\n * Gets the caveat of the specified type belonging to the specified permission.\n *\n * @param permission - The permission whose caveat to retrieve.\n * @param caveatType - The type of the caveat to retrieve.\n * @returns The caveat, or undefined if no such caveat exists.\n */\nexport function findCaveat(\n permission: PermissionConstraint,\n caveatType: string,\n): CaveatConstraint | undefined {\n return permission.caveats?.find((caveat) => caveat.type === caveatType);\n}\n\n/**\n * A requested permission object. Just an object with any of the properties\n * of a {@link PermissionConstraint} object.\n */\ntype RequestedPermission = Partial<PermissionConstraint>;\n\n/**\n * A record of target names and their {@link RequestedPermission} objects.\n */\nexport type RequestedPermissions = Record<TargetName, RequestedPermission>;\n\n/**\n * The restricted method context object. Essentially a way to pass internal\n * arguments to restricted methods and caveat functions, most importantly the\n * requesting origin.\n */\ntype RestrictedMethodContext = Readonly<{\n origin: OriginString;\n [key: string]: unknown;\n}>;\n\nexport type RestrictedMethodParameters = Json[] | Record<string, Json>;\n\n/**\n * The arguments passed to a restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n */\nexport type RestrictedMethodOptions<\n Params extends RestrictedMethodParameters | null,\n> = {\n method: TargetName;\n params?: Params;\n context: RestrictedMethodContext;\n};\n\n/**\n * A synchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type SyncRestrictedMethod<\n Params extends RestrictedMethodParameters,\n Result extends Json,\n> = (args: RestrictedMethodOptions<Params>) => Result;\n\n/**\n * An asynchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type AsyncRestrictedMethod<\n Params extends RestrictedMethodParameters,\n Result extends Json,\n> = (args: RestrictedMethodOptions<Params>) => Promise<Result>;\n\n/**\n * A synchronous or asynchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type RestrictedMethod<\n Params extends RestrictedMethodParameters,\n Result extends Json,\n> =\n | SyncRestrictedMethod<Params, Result>\n | AsyncRestrictedMethod<Params, Result>;\n\nexport type ValidRestrictedMethod<\n MethodImplementation extends RestrictedMethod<\n RestrictedMethodParameters,\n Json\n >,\n> = MethodImplementation extends (args: infer Options) => Json | Promise<Json>\n ? Options extends RestrictedMethodOptions<RestrictedMethodParameters>\n ? MethodImplementation\n : never\n : never;\n\n/**\n * {@link EndowmentGetter} parameter object.\n */\nexport type EndowmentGetterParams = {\n /**\n * The origin of the requesting subject.\n */\n origin: string;\n\n /**\n * Any additional data associated with the request.\n */\n requestData?: unknown;\n\n [key: string]: unknown;\n};\n\n/**\n * A synchronous or asynchronous function that gets the endowments for a\n * particular endowment permission. The getter receives the origin of the\n * requesting subject and, optionally, additional request metadata.\n */\nexport type EndowmentGetter<Endowments extends Json> = (\n options: EndowmentGetterParams,\n) => Endowments | Promise<Endowments>;\n\nexport type PermissionFactory<\n TargetPermission extends PermissionConstraint,\n RequestData extends Record<string, unknown>,\n> = (\n options: PermissionOptions<TargetPermission>,\n requestData?: RequestData,\n) => TargetPermission;\n\nexport type PermissionValidatorConstraint = (\n permission: PermissionConstraint,\n origin?: OriginString,\n target?: string,\n) => void;\n\n/**\n * The parameters passed to the side-effect function.\n */\nexport type SideEffectParams<\n Actions extends ActionConstraint,\n Events extends EventConstraint,\n> = {\n requestData: PermissionsRequest;\n messenger: SideEffectMessenger<Actions, Events>;\n};\n\n/**\n * A function that will execute actions as a permission side-effect.\n */\nexport type SideEffectHandler<\n Actions extends ActionConstraint,\n Events extends EventConstraint,\n> = (params: SideEffectParams<Actions, Events>) => Promise<unknown>;\n\n/**\n * The permissions side effects.\n */\nexport type PermissionSideEffect<\n Actions extends ActionConstraint,\n Events extends EventConstraint,\n> = {\n /**\n * A method triggered when the permission is accepted by the user\n */\n onPermitted: SideEffectHandler<Actions, Events>;\n /**\n * A method triggered if a `onPermitted` method rejected.\n */\n onFailure?: SideEffectHandler<Actions, Events>;\n};\n\n/**\n * The different possible types of permissions.\n */\nexport enum PermissionType {\n /**\n * A restricted JSON-RPC method. A subject must have the requisite permission\n * to call a restricted JSON-RPC method.\n */\n RestrictedMethod = 'RestrictedMethod',\n\n /**\n * An \"endowment\" granted to subjects that possess the requisite permission,\n * such as a global environment variable exposing a restricted API, etc.\n */\n Endowment = 'Endowment',\n}\n\n/**\n * The base constraint for permission specification objects. Every\n * {@link Permission} supported by a {@link PermissionController} must have an\n * associated specification, which is the source of truth for all permission-\n * related types. A permission specification includes the list of permitted\n * caveats, and any factory and validation functions specified by the consumer.\n * A concrete permission specification may specify further fields as necessary.\n *\n * See the README for more details.\n */\ntype PermissionSpecificationBase<Type extends PermissionType> = {\n /**\n * The type of the specified permission.\n */\n permissionType: Type;\n\n /**\n * The name of the target resource of the permission.\n */\n targetName: string;\n\n /**\n * An array of the caveat types that may be added to instances of this\n * permission.\n */\n allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n\n /**\n * The factory function used to get permission objects. Permissions returned\n * by this function are presumed to valid, and they will not be passed to the\n * validator function associated with this specification (if any). In other\n * words, the factory function should validate the permissions it creates.\n *\n * If no factory is specified, the {@link Permission} constructor will be\n * used, and the validator function (if specified) will be called on newly\n * constructed permissions.\n */\n // TODO: Replace `any` with type\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n factory?: PermissionFactory<any, Record<string, unknown>>;\n\n /**\n * The validator function used to validate permissions of the associated type\n * whenever they are granted or their caveat arrays are mutated.\n *\n * Permission validators are **not** invoked when a caveat is mutated, provided\n * the caveat array has not changed. For this reason, permission validators\n * **must not** be used to validate caveats. To validate caveats, use the\n * corresponding caveat specification property.\n *\n * The validator should throw an appropriate JSON-RPC error if validation fails.\n */\n validator?: PermissionValidatorConstraint;\n\n /**\n * The side-effect triggered by the {@link PermissionController} once the user approved it.\n * The side-effect can only be an action allowed to be called inside the {@link PermissionController}.\n *\n * If the side-effect action fails, the permission that triggered it is revoked.\n */\n sideEffect?: PermissionSideEffect<ActionConstraint, EventConstraint>;\n\n /**\n * The Permission may be available to only a subset of the subject types. If so, specify the subject types as an array.\n * If a subject with a type not in this array tries to request the permission, the call will fail.\n *\n * Leaving this as undefined uses default behaviour where the permission is available to request for all subject types.\n */\n subjectTypes?: readonly SubjectType[];\n};\n\n/**\n * The constraint for restricted method permission specification objects.\n * Permissions that correspond to JSON-RPC methods are specified using objects\n * that conform to this type.\n *\n * See the README for more details.\n */\nexport type RestrictedMethodSpecificationConstraint =\n PermissionSpecificationBase<PermissionType.RestrictedMethod> & {\n /**\n * The implementation of the restricted method that the permission\n * corresponds to.\n */\n // TODO: Replace `any` with type\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n methodImplementation: RestrictedMethod<any, Json>;\n };\n\n/**\n * The constraint for endowment permission specification objects. Permissions\n * that endow callers with some restricted resource are specified using objects\n * that conform to this type.\n *\n * See the README for more details.\n */\nexport type EndowmentSpecificationConstraint =\n PermissionSpecificationBase<PermissionType.Endowment> & {\n /**\n * The {@link EndowmentGetter} function for the permission. This function\n * will be called by the {@link PermissionController} whenever the\n * permission is invoked, after which the host can apply the endowments to\n * the requesting subject in the intended manner.\n */\n endowmentGetter: EndowmentGetter<Json>;\n };\n\n/**\n * The constraint for permission specification objects. Every {@link Permission}\n * supported by a {@link PermissionController} must have an associated\n * specification, which is the source of truth for all permission-related types.\n * All specifications must adhere to the {@link PermissionSpecificationBase}\n * interface, but specifications may have different fields depending on the\n * {@link PermissionType}.\n *\n * See the README for more details.\n */\nexport type PermissionSpecificationConstraint =\n | EndowmentSpecificationConstraint\n | RestrictedMethodSpecificationConstraint;\n\n/**\n * Options for {@link PermissionSpecificationBuilder} functions.\n */\ntype PermissionSpecificationBuilderOptions<\n FactoryHooks extends Record<string, unknown>,\n MethodHooks extends Record<string, unknown>,\n ValidatorHooks extends Record<string, unknown>,\n> = {\n targetName?: string;\n allowedCaveats?: Readonly<NonEmptyArray<string>> | null;\n factoryHooks?: FactoryHooks;\n methodHooks?: MethodHooks;\n validatorHooks?: ValidatorHooks;\n};\n\n/**\n * A function that builds a permission specification. Modules that specify\n * permissions for external consumption should make this their primary /\n * default export so that host applications can use them to generate concrete\n * specifications tailored to their requirements.\n */\nexport type PermissionSpecificationBuilder<\n Type extends PermissionType,\n Options extends PermissionSpecificationBuilderOptions<\n Record<string, unknown>,\n Record<string, unknown>,\n Record<string, unknown>\n >,\n Specification extends PermissionSpecificationConstraint & {\n permissionType: Type;\n },\n> = (options: Options) => Specification;\n\n/**\n * A restricted method permission export object, containing the\n * {@link PermissionSpecificationBuilder} function and \"hook name\" objects.\n */\nexport type PermissionSpecificationBuilderExportConstraint = {\n targetName: string;\n specificationBuilder: PermissionSpecificationBuilder<\n PermissionType,\n PermissionSpecificationBuilderOptions<\n Record<string, unknown>,\n Record<string, unknown>,\n Record<string, unknown>\n >,\n PermissionSpecificationConstraint\n >;\n factoryHookNames?: Record<string, true>;\n methodHookNames?: Record<string, true>;\n validatorHookNames?: Record<string, true>;\n};\n\ntype ValidRestrictedMethodSpecification<\n Specification extends RestrictedMethodSpecificationConstraint,\n> =\n Specification['methodImplementation'] extends ValidRestrictedMethod<\n Specification['methodImplementation']\n >\n ? Specification\n : never;\n\n/**\n * Constraint for {@link PermissionSpecificationConstraint} objects that\n * evaluates to `never` if the specification contains any invalid fields.\n *\n * @template Specification - The permission specification to validate.\n */\nexport type ValidPermissionSpecification<\n Specification extends PermissionSpecificationConstraint,\n> = Specification['targetName'] extends TargetName\n ? Specification['permissionType'] extends PermissionType.Endowment\n ? Specification\n : Specification['permissionType'] extends PermissionType.RestrictedMethod\n ? ValidRestrictedMethodSpecification<\n Extract<Specification, RestrictedMethodSpecificationConstraint>\n >\n : never\n : never;\n\n/**\n * Checks that the specification has the expected permission type.\n *\n * @param specification - The specification to check.\n * @param expectedType - The expected permission type.\n * @template Specification - The specification to check.\n * @template Type - The expected permission type.\n * @returns Whether or not the specification is of the expected type.\n */\nexport function hasSpecificationType<\n Specification extends PermissionSpecificationConstraint,\n Type extends PermissionType,\n>(\n specification: Specification,\n expectedType: Type,\n): specification is Specification & {\n permissionType: Type;\n} {\n return specification.permissionType === expectedType;\n}\n\n/**\n * The specifications for all permissions supported by a particular\n * {@link PermissionController}.\n *\n * @template Specifications - The union of all {@link PermissionSpecificationConstraint} types.\n */\nexport type PermissionSpecificationMap<\n Specification extends PermissionSpecificationConstraint,\n> = {\n [Name in Specification['targetName']]: Specification extends {\n targetName: Name;\n }\n ? Specification\n : never;\n};\n\n/**\n * Extracts a specific {@link PermissionSpecificationConstraint} from a union of\n * permission specifications.\n *\n * @template Specification - The specification union type to extract from.\n * @template Name - The `targetName` of the specification to extract.\n */\nexport type ExtractPermissionSpecification<\n Specification extends PermissionSpecificationConstraint,\n Name extends Specification['targetName'],\n> = Specification extends {\n targetName: Name;\n}\n ? Specification\n : never;\n"]}
1
+ {"version":3,"file":"Permission.cjs","sourceRoot":"","sources":["../src/Permission.ts"],"names":[],"mappings":";;;AAGA,mCAAgC;AAkJhC;;;;;;;;GAQG;AACH,SAAgB,mBAAmB,CAEjC,OAA4C;IAC5C,MAAM,EAAE,OAAO,GAAG,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAEpD,OAAO;QACL,EAAE,EAAE,IAAA,eAAM,GAAE;QACZ,gBAAgB,EAAE,MAAM;QACxB,OAAO;QACP,OAAO;QACP,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE;KACP,CAAC;AACxB,CAAC;AAZD,kDAYC;AAED;;;;;;GAMG;AACH,SAAgB,UAAU,CACxB,UAAgC,EAChC,UAAkB;IAElB,OAAO,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;AAC1E,CAAC;AALD,gCAKC;AAgKD;;GAEG;AACH,IAAY,cAYX;AAZD,WAAY,cAAc;IACxB;;;OAGG;IACH,uDAAqC,CAAA;IAErC;;;OAGG;IACH,yCAAuB,CAAA;AACzB,CAAC,EAZW,cAAc,8BAAd,cAAc,QAYzB;AAyLD;;;;;;;;GAQG;AACH,SAAgB,oBAAoB,CAIlC,aAA4B,EAC5B,YAAkB;IAIlB,OAAO,aAAa,CAAC,cAAc,KAAK,YAAY,CAAC;AACvD,CAAC;AAVD,oDAUC","sourcesContent":["import type { NonEmptyArray } from '@metamask/controller-utils';\nimport type { ActionConstraint, EventConstraint } from '@metamask/messenger';\nimport type { Json } from '@metamask/utils';\nimport { nanoid } from 'nanoid';\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nimport type { CaveatConstraint, Caveat } from './Caveat';\nimport type {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n PermissionController,\n PermissionsRequest,\n SideEffectMessenger,\n} from './PermissionController';\nimport type { SubjectType } from './SubjectMetadataController';\n\n/**\n * The origin of a subject.\n * Effectively the GUID of an entity that can have permissions.\n */\nexport type OriginString = string;\n\n/**\n * The name of a permission target.\n */\ntype TargetName = string;\n\n/**\n * A `ZCAP-LD`-like permission object. A permission is associated with a\n * particular `invoker`, which is the holder of the permission. Possessing the\n * permission grants access to a particular restricted resource, identified by\n * the `parentCapability`. The use of the restricted resource may be further\n * restricted by any `caveats` associated with the permission.\n *\n * See the README for details.\n */\nexport type PermissionConstraint = {\n /**\n * The context(s) in which this capability is meaningful.\n *\n * It is required by the standard, but we make it optional since there is only\n * one context in our usage (i.e. the user's MetaMask instance).\n */\n readonly '@context'?: NonEmptyArray<string>;\n\n /**\n * The caveats of the permission.\n *\n * @see {@link Caveat} For more information.\n */\n readonly caveats: null | NonEmptyArray<CaveatConstraint>;\n\n /**\n * The creation date of the permission, in UNIX epoch time.\n */\n readonly date: number;\n\n /**\n * The GUID of the permission object.\n */\n readonly id: string;\n\n /**\n * The origin string of the subject that has the permission.\n */\n readonly invoker: OriginString;\n\n /**\n * A pointer to the resource that possession of the capability grants\n * access to, for example a JSON-RPC method or endowment.\n */\n readonly parentCapability: string;\n};\n\n/**\n * A `ZCAP-LD`-like permission object. A permission is associated with a\n * particular `invoker`, which is the holder of the permission. Possessing the\n * permission grants access to a particular restricted resource, identified by\n * the `parentCapability`. The use of the restricted resource may be further\n * restricted by any `caveats` associated with the permission.\n *\n * See the README for details.\n *\n * @template Name - The name of the permission that the target corresponds to.\n * @template AllowedCaveat - A union of the allowed {@link Caveat} types\n * for the permission.\n */\nexport type ValidPermission<\n Name extends TargetName,\n AllowedCaveat extends CaveatConstraint,\n> = PermissionConstraint & {\n /**\n * The caveats of the permission.\n *\n * @see {@link Caveat} For more information.\n */\n readonly caveats: AllowedCaveat extends never\n ? null\n : NonEmptyArray<AllowedCaveat> | null;\n\n /**\n * A pointer to the resource that possession of the capability grants\n * access to, for example a JSON-RPC method or endowment.\n */\n readonly parentCapability: Name;\n};\n\n/**\n * Internal utility for extracting the members types of an array. The type\n * evalutes to `never` if the specified type is the empty tuple or neither\n * an array nor a tuple.\n *\n * @template ArrayType - The array type whose members to extract.\n */\ntype ExtractArrayMembers<ArrayType> = ArrayType extends []\n ? never\n : ArrayType extends unknown[] | readonly unknown[]\n ? ArrayType[number]\n : never;\n\n/**\n * A utility type for extracting the allowed caveat types for a particular\n * permission from a permission specification type.\n *\n * @template PermissionSpecification - The permission specification type to\n * extract valid caveat types from.\n */\nexport type ExtractAllowedCaveatTypes<\n PermissionSpecification extends PermissionSpecificationConstraint,\n> = ExtractArrayMembers<PermissionSpecification['allowedCaveats']>;\n\n/**\n * The options object of {@link constructPermission}.\n *\n * @template TargetPermission - The {@link Permission} that will be constructed.\n */\nexport type PermissionOptions<TargetPermission extends PermissionConstraint> = {\n target: TargetPermission['parentCapability'];\n /**\n * The origin string of the subject that has the permission.\n */\n invoker: OriginString;\n\n /**\n * The caveats of the permission.\n * See {@link Caveat}.\n */\n caveats?: NonEmptyArray<CaveatConstraint>;\n};\n\n/**\n * The default permission factory function. Naively constructs a permission from\n * the inputs. Sets a default, random `id` if none is provided.\n *\n * @see {@link Permission} For more details.\n * @template TargetPermission- - The {@link Permission} that will be constructed.\n * @param options - The options for the permission.\n * @returns The new permission object.\n */\nexport function constructPermission<\n TargetPermission extends PermissionConstraint,\n>(options: PermissionOptions<TargetPermission>): TargetPermission {\n const { caveats = null, invoker, target } = options;\n\n return {\n id: nanoid(),\n parentCapability: target,\n invoker,\n caveats,\n date: new Date().getTime(),\n } as TargetPermission;\n}\n\n/**\n * Gets the caveat of the specified type belonging to the specified permission.\n *\n * @param permission - The permission whose caveat to retrieve.\n * @param caveatType - The type of the caveat to retrieve.\n * @returns The caveat, or undefined if no such caveat exists.\n */\nexport function findCaveat(\n permission: PermissionConstraint,\n caveatType: string,\n): CaveatConstraint | undefined {\n return permission.caveats?.find((caveat) => caveat.type === caveatType);\n}\n\n/**\n * A requested permission object. Just an object with any of the properties\n * of a {@link PermissionConstraint} object.\n */\ntype RequestedPermission = Partial<PermissionConstraint>;\n\n/**\n * A record of target names and their {@link RequestedPermission} objects.\n */\nexport type RequestedPermissions = Record<TargetName, RequestedPermission>;\n\n/**\n * The restricted method context object. Essentially a way to pass internal\n * arguments to restricted methods and caveat functions, most importantly the\n * requesting origin.\n */\ntype RestrictedMethodContext = Readonly<{\n origin: OriginString;\n [key: string]: unknown;\n}>;\n\nexport type RestrictedMethodParameters = Json[] | Record<string, Json>;\n\n/**\n * The arguments passed to a restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n */\nexport type RestrictedMethodOptions<\n Params extends RestrictedMethodParameters | null,\n> = {\n method: TargetName;\n params?: Params;\n context: RestrictedMethodContext;\n};\n\n/**\n * A synchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type SyncRestrictedMethod<\n Params extends RestrictedMethodParameters,\n Result extends Json,\n> = (args: RestrictedMethodOptions<Params>) => Result;\n\n/**\n * An asynchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type AsyncRestrictedMethod<\n Params extends RestrictedMethodParameters,\n Result extends Json,\n> = (args: RestrictedMethodOptions<Params>) => Promise<Result>;\n\n/**\n * A synchronous or asynchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type RestrictedMethod<\n Params extends RestrictedMethodParameters,\n Result extends Json,\n> =\n | SyncRestrictedMethod<Params, Result>\n | AsyncRestrictedMethod<Params, Result>;\n\nexport type ValidRestrictedMethod<\n MethodImplementation extends RestrictedMethod<\n RestrictedMethodParameters,\n Json\n >,\n> = MethodImplementation extends (args: infer Options) => Json | Promise<Json>\n ? Options extends RestrictedMethodOptions<RestrictedMethodParameters>\n ? MethodImplementation\n : never\n : never;\n\n/**\n * {@link EndowmentGetter} parameter object.\n */\nexport type EndowmentGetterParams = {\n /**\n * The origin of the requesting subject.\n */\n origin: string;\n\n /**\n * Any additional data associated with the request.\n */\n requestData?: unknown;\n\n [key: string]: unknown;\n};\n\n/**\n * A synchronous or asynchronous function that gets the endowments for a\n * particular endowment permission. The getter receives the origin of the\n * requesting subject and, optionally, additional request metadata.\n */\nexport type EndowmentGetter<Endowments extends Json> = (\n options: EndowmentGetterParams,\n) => Endowments | Promise<Endowments>;\n\nexport type PermissionFactory<\n TargetPermission extends PermissionConstraint,\n RequestData extends Record<string, unknown>,\n> = (\n options: PermissionOptions<TargetPermission>,\n requestData?: RequestData,\n) => TargetPermission;\n\nexport type PermissionValidatorConstraint = (\n permission: PermissionConstraint,\n origin?: OriginString,\n target?: string,\n) => void;\n\n/**\n * The parameters passed to the side-effect function.\n */\nexport type SideEffectParams<\n Actions extends ActionConstraint,\n Events extends EventConstraint,\n> = {\n requestData: PermissionsRequest;\n messenger: SideEffectMessenger<Actions, Events>;\n};\n\n/**\n * A function that will execute actions as a permission side-effect.\n */\nexport type SideEffectHandler<\n Actions extends ActionConstraint,\n Events extends EventConstraint,\n> = (params: SideEffectParams<Actions, Events>) => Promise<unknown>;\n\n/**\n * The permissions side effects.\n */\nexport type PermissionSideEffect<\n Actions extends ActionConstraint,\n Events extends EventConstraint,\n> = {\n /**\n * A method triggered when the permission is accepted by the user\n */\n onPermitted: SideEffectHandler<Actions, Events>;\n /**\n * A method triggered if a `onPermitted` method rejected.\n */\n onFailure?: SideEffectHandler<Actions, Events>;\n};\n\n/**\n * The different possible types of permissions.\n */\nexport enum PermissionType {\n /**\n * A restricted JSON-RPC method. A subject must have the requisite permission\n * to call a restricted JSON-RPC method.\n */\n RestrictedMethod = 'RestrictedMethod',\n\n /**\n * An \"endowment\" granted to subjects that possess the requisite permission,\n * such as a global environment variable exposing a restricted API, etc.\n */\n Endowment = 'Endowment',\n}\n\n/**\n * The base constraint for permission specification objects. Every\n * {@link Permission} supported by a {@link PermissionController} must have an\n * associated specification, which is the source of truth for all permission-\n * related types. A permission specification includes the list of permitted\n * caveats, and any factory and validation functions specified by the consumer.\n * A concrete permission specification may specify further fields as necessary.\n *\n * See the README for more details.\n */\ntype PermissionSpecificationBase<Type extends PermissionType> = {\n /**\n * The type of the specified permission.\n */\n permissionType: Type;\n\n /**\n * The name of the target resource of the permission.\n */\n targetName: string;\n\n /**\n * An array of the caveat types that may be added to instances of this\n * permission.\n */\n allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n\n /**\n * The factory function used to get permission objects. Permissions returned\n * by this function are presumed to valid, and they will not be passed to the\n * validator function associated with this specification (if any). In other\n * words, the factory function should validate the permissions it creates.\n *\n * If no factory is specified, the {@link Permission} constructor will be\n * used, and the validator function (if specified) will be called on newly\n * constructed permissions.\n */\n // TODO: Replace `any` with type\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n factory?: PermissionFactory<any, Record<string, unknown>>;\n\n /**\n * The validator function used to validate permissions of the associated type\n * whenever they are granted or their caveat arrays are mutated.\n *\n * Permission validators are **not** invoked when a caveat is mutated, provided\n * the caveat array has not changed. For this reason, permission validators\n * **must not** be used to validate caveats. To validate caveats, use the\n * corresponding caveat specification property.\n *\n * The validator should throw an appropriate JSON-RPC error if validation fails.\n */\n validator?: PermissionValidatorConstraint;\n\n /**\n * The side-effect triggered by the {@link PermissionController} once the user approved it.\n * The side-effect can only be an action allowed to be called inside the {@link PermissionController}.\n *\n * If the side-effect action fails, the permission that triggered it is revoked.\n */\n sideEffect?: PermissionSideEffect<ActionConstraint, EventConstraint>;\n\n /**\n * The Permission may be available to only a subset of the subject types. If so, specify the subject types as an array.\n * If a subject with a type not in this array tries to request the permission, the call will fail.\n *\n * Leaving this as undefined uses default behaviour where the permission is available to request for all subject types.\n */\n subjectTypes?: readonly SubjectType[];\n};\n\n/**\n * The constraint for restricted method permission specification objects.\n * Permissions that correspond to JSON-RPC methods are specified using objects\n * that conform to this type.\n *\n * See the README for more details.\n */\nexport type RestrictedMethodSpecificationConstraint =\n PermissionSpecificationBase<PermissionType.RestrictedMethod> & {\n /**\n * The implementation of the restricted method that the permission\n * corresponds to.\n */\n // TODO: Replace `any` with type\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n methodImplementation: RestrictedMethod<any, Json>;\n };\n\n/**\n * The constraint for endowment permission specification objects. Permissions\n * that endow callers with some restricted resource are specified using objects\n * that conform to this type.\n *\n * See the README for more details.\n */\nexport type EndowmentSpecificationConstraint =\n PermissionSpecificationBase<PermissionType.Endowment> & {\n /**\n * The {@link EndowmentGetter} function for the permission. This function\n * will be called by the {@link PermissionController} whenever the\n * permission is invoked, after which the host can apply the endowments to\n * the requesting subject in the intended manner.\n */\n endowmentGetter: EndowmentGetter<Json>;\n };\n\n/**\n * The constraint for permission specification objects. Every {@link Permission}\n * supported by a {@link PermissionController} must have an associated\n * specification, which is the source of truth for all permission-related types.\n * All specifications must adhere to the {@link PermissionSpecificationBase}\n * interface, but specifications may have different fields depending on the\n * {@link PermissionType}.\n *\n * See the README for more details.\n */\nexport type PermissionSpecificationConstraint =\n | EndowmentSpecificationConstraint\n | RestrictedMethodSpecificationConstraint;\n\n/**\n * Options for {@link PermissionSpecificationBuilder} functions.\n */\ntype PermissionSpecificationBuilderOptions<\n MethodHooks extends Record<string, unknown>,\n SpecMessenger = unknown,\n> = {\n targetName?: string;\n allowedCaveats?: Readonly<NonEmptyArray<string>> | null;\n methodHooks?: MethodHooks;\n /**\n * A messenger scoped to this permission specification. The messenger is\n * expected to have exactly the actions declared by the spec's `actionNames`\n * delegated to it; {@link createRestrictedMethodMessenger} is the canonical\n * way to construct it.\n */\n messenger?: SpecMessenger;\n};\n\n/**\n * A function that builds a permission specification. Modules that specify\n * permissions for external consumption should make this their primary /\n * default export so that host applications can use them to generate concrete\n * specifications tailored to their requirements.\n */\nexport type PermissionSpecificationBuilder<\n Type extends PermissionType,\n Options extends PermissionSpecificationBuilderOptions<\n Record<string, unknown>\n >,\n Specification extends PermissionSpecificationConstraint & {\n permissionType: Type;\n },\n> = (options: Options) => Specification;\n\ntype ValidRestrictedMethodSpecification<\n Specification extends RestrictedMethodSpecificationConstraint,\n> =\n Specification['methodImplementation'] extends ValidRestrictedMethod<\n Specification['methodImplementation']\n >\n ? Specification\n : never;\n\n/**\n * Constraint for {@link PermissionSpecificationConstraint} objects that\n * evaluates to `never` if the specification contains any invalid fields.\n *\n * @template Specification - The permission specification to validate.\n */\nexport type ValidPermissionSpecification<\n Specification extends PermissionSpecificationConstraint,\n> = Specification['targetName'] extends TargetName\n ? Specification['permissionType'] extends PermissionType.Endowment\n ? Specification\n : Specification['permissionType'] extends PermissionType.RestrictedMethod\n ? ValidRestrictedMethodSpecification<\n Extract<Specification, RestrictedMethodSpecificationConstraint>\n >\n : never\n : never;\n\n/**\n * Checks that the specification has the expected permission type.\n *\n * @param specification - The specification to check.\n * @param expectedType - The expected permission type.\n * @template Specification - The specification to check.\n * @template Type - The expected permission type.\n * @returns Whether or not the specification is of the expected type.\n */\nexport function hasSpecificationType<\n Specification extends PermissionSpecificationConstraint,\n Type extends PermissionType,\n>(\n specification: Specification,\n expectedType: Type,\n): specification is Specification & {\n permissionType: Type;\n} {\n return specification.permissionType === expectedType;\n}\n\n/**\n * The specifications for all permissions supported by a particular\n * {@link PermissionController}.\n *\n * @template Specifications - The union of all {@link PermissionSpecificationConstraint} types.\n */\nexport type PermissionSpecificationMap<\n Specification extends PermissionSpecificationConstraint,\n> = {\n [Name in Specification['targetName']]: Specification extends {\n targetName: Name;\n }\n ? Specification\n : never;\n};\n\n/**\n * Extracts a specific {@link PermissionSpecificationConstraint} from a union of\n * permission specifications.\n *\n * @template Specification - The specification union type to extract from.\n * @template Name - The `targetName` of the specification to extract.\n */\nexport type ExtractPermissionSpecification<\n Specification extends PermissionSpecificationConstraint,\n Name extends Specification['targetName'],\n> = Specification extends {\n targetName: Name;\n}\n ? Specification\n : never;\n"]}
package/dist/Permission.d.cts CHANGED
@@ -349,12 +349,17 @@ export type PermissionSpecificationConstraint = EndowmentSpecificationConstraint
349
349
  /**
350
350
  * Options for {@link PermissionSpecificationBuilder} functions.
351
351
  */
352
- type PermissionSpecificationBuilderOptions<FactoryHooks extends Record<string, unknown>, MethodHooks extends Record<string, unknown>, ValidatorHooks extends Record<string, unknown>> = {
352
+ type PermissionSpecificationBuilderOptions<MethodHooks extends Record<string, unknown>, SpecMessenger = unknown> = {
353
353
  targetName?: string;
354
354
  allowedCaveats?: Readonly<NonEmptyArray<string>> | null;
355
- factoryHooks?: FactoryHooks;
356
355
  methodHooks?: MethodHooks;
357
- validatorHooks?: ValidatorHooks;
356
+ /**
357
+ * A messenger scoped to this permission specification. The messenger is
358
+ * expected to have exactly the actions declared by the spec's `actionNames`
359
+ * delegated to it; {@link createRestrictedMethodMessenger} is the canonical
360
+ * way to construct it.
361
+ */
362
+ messenger?: SpecMessenger;
358
363
  };
359
364
  /**
360
365
  * A function that builds a permission specification. Modules that specify
@@ -362,20 +367,9 @@ type PermissionSpecificationBuilderOptions<FactoryHooks extends Record<string, u
362
367
  * default export so that host applications can use them to generate concrete
363
368
  * specifications tailored to their requirements.
364
369
  */
365
- export type PermissionSpecificationBuilder<Type extends PermissionType, Options extends PermissionSpecificationBuilderOptions<Record<string, unknown>, Record<string, unknown>, Record<string, unknown>>, Specification extends PermissionSpecificationConstraint & {
370
+ export type PermissionSpecificationBuilder<Type extends PermissionType, Options extends PermissionSpecificationBuilderOptions<Record<string, unknown>>, Specification extends PermissionSpecificationConstraint & {
366
371
  permissionType: Type;
367
372
  }> = (options: Options) => Specification;
368
- /**
369
- * A restricted method permission export object, containing the
370
- * {@link PermissionSpecificationBuilder} function and "hook name" objects.
371
- */
372
- export type PermissionSpecificationBuilderExportConstraint = {
373
- targetName: string;
374
- specificationBuilder: PermissionSpecificationBuilder<PermissionType, PermissionSpecificationBuilderOptions<Record<string, unknown>, Record<string, unknown>, Record<string, unknown>>, PermissionSpecificationConstraint>;
375
- factoryHookNames?: Record<string, true>;
376
- methodHookNames?: Record<string, true>;
377
- validatorHookNames?: Record<string, true>;
378
- };
379
373
  type ValidRestrictedMethodSpecification<Specification extends RestrictedMethodSpecificationConstraint> = Specification['methodImplementation'] extends ValidRestrictedMethod<Specification['methodImplementation']> ? Specification : never;
380
374
  /**
381
375
  * Constraint for {@link PermissionSpecificationConstraint} objects that
package/dist/Permission.d.cts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"Permission.d.cts","sourceRoot":"","sources":["../src/Permission.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,mCAAmC;AAChE,OAAO,KAAK,EAAE,gBAAgB,EAAE,eAAe,EAAE,4BAA4B;AAC7E,OAAO,KAAK,EAAE,IAAI,EAAE,wBAAwB;AAI5C,OAAO,KAAK,EAAE,gBAAgB,EAAU,qBAAiB;AACzD,OAAO,KAAK,EAGV,kBAAkB,EAClB,mBAAmB,EACpB,mCAA+B;AAChC,OAAO,KAAK,EAAE,WAAW,EAAE,wCAAoC;AAE/D;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAElC;;GAEG;AACH,KAAK,UAAU,GAAG,MAAM,CAAC;AAEzB;;;;;;;;GAQG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAE5C;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,IAAI,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAEzD;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAC;IAE/B;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;CACnC,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,eAAe,CACzB,IAAI,SAAS,UAAU,EACvB,aAAa,SAAS,gBAAgB,IACpC,oBAAoB,GAAG;IACzB;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,aAAa,SAAS,KAAK,GACzC,IAAI,GACJ,aAAa,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC;IAExC;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC;CACjC,CAAC;AAEF;;;;;;GAMG;AACH,KAAK,mBAAmB,CAAC,SAAS,IAAI,SAAS,SAAS,EAAE,GACtD,KAAK,GACL,SAAS,SAAS,OAAO,EAAE,GAAG,SAAS,OAAO,EAAE,GAC9C,SAAS,CAAC,MAAM,CAAC,GACjB,KAAK,CAAC;AAEZ;;;;;;GAMG;AACH,MAAM,MAAM,yBAAyB,CACnC,uBAAuB,SAAS,iCAAiC,IAC/D,mBAAmB,CAAC,uBAAuB,CAAC,gBAAgB,CAAC,CAAC,CAAC;AAEnE;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,CAAC,gBAAgB,SAAS,oBAAoB,IAAI;IAC7E,MAAM,EAAE,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;IAC7C;;OAEG;IACH,OAAO,EAAE,YAAY,CAAC;IAEtB;;;OAGG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC,gBAAgB,CAAC,CAAC;CAC3C,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CACjC,gBAAgB,SAAS,oBAAoB,EAC7C,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,GAAG,gBAAgB,CAUhE;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CACxB,UAAU,EAAE,oBAAoB,EAChC,UAAU,EAAE,MAAM,GACjB,gBAAgB,GAAG,SAAS,CAE9B;AAED;;;GAGG;AACH,KAAK,mBAAmB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAEzD;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;AAE3E;;;;GAIG;AACH,KAAK,uBAAuB,GAAG,QAAQ,CAAC;IACtC,MAAM,EAAE,YAAY,CAAC;IACrB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC,CAAC;AAEH,MAAM,MAAM,0BAA0B,GAAG,IAAI,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AAEvE;;;;GAIG;AACH,MAAM,MAAM,uBAAuB,CACjC,MAAM,SAAS,0BAA0B,GAAG,IAAI,IAC9C;IACF,MAAM,EAAE,UAAU,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,uBAAuB,CAAC;CAClC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,oBAAoB,CAC9B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IACjB,CAAC,IAAI,EAAE,uBAAuB,CAAC,MAAM,CAAC,KAAK,MAAM,CAAC;AAEtD;;;;;GAKG;AACH,MAAM,MAAM,qBAAqB,CAC/B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IACjB,CAAC,IAAI,EAAE,uBAAuB,CAAC,MAAM,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE/D;;;;;GAKG;AACH,MAAM,MAAM,gBAAgB,CAC1B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IAEjB,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,GACpC,qBAAqB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAE1C,MAAM,MAAM,qBAAqB,CAC/B,oBAAoB,SAAS,gBAAgB,CAC3C,0BAA0B,EAC1B,IAAI,CACL,IACC,oBAAoB,SAAS,CAAC,IAAI,EAAE,MAAM,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,GAC1E,OAAO,SAAS,uBAAuB,CAAC,0BAA0B,CAAC,GACjE,oBAAoB,GACpB,KAAK,GACP,KAAK,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,eAAe,CAAC,UAAU,SAAS,IAAI,IAAI,CACrD,OAAO,EAAE,qBAAqB,KAC3B,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AAEtC,MAAM,MAAM,iBAAiB,CAC3B,gBAAgB,SAAS,oBAAoB,EAC7C,WAAW,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IACzC,CACF,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,EAC5C,WAAW,CAAC,EAAE,WAAW,KACtB,gBAAgB,CAAC;AAEtB,MAAM,MAAM,6BAA6B,GAAG,CAC1C,UAAU,EAAE,oBAAoB,EAChC,MAAM,CAAC,EAAE,YAAY,EACrB,MAAM,CAAC,EAAE,MAAM,KACZ,IAAI,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,gBAAgB,CAC1B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B;IACF,WAAW,EAAE,kBAAkB,CAAC;IAChC,SAAS,EAAE,mBAAmB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CACjD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAC3B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B,CAAC,MAAM,EAAE,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpE;;GAEG;AACH,MAAM,MAAM,oBAAoB,CAC9B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B;IACF;;OAEG;IACH,WAAW,EAAE,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChD;;OAEG;IACH,SAAS,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CAChD,CAAC;AAEF;;GAEG;AACH,oBAAY,cAAc;IACxB;;;OAGG;IACH,gBAAgB,qBAAqB;IAErC;;;OAGG;IACH,SAAS,cAAc;CACxB;AAED;;;;;;;;;GASG;AACH,KAAK,2BAA2B,CAAC,IAAI,SAAS,cAAc,IAAI;IAC9D;;OAEG;IACH,cAAc,EAAE,IAAI,CAAC;IAErB;;OAEG;IACH,UAAU,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,cAAc,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC;IAEvD;;;;;;;;;OASG;IAGH,OAAO,CAAC,EAAE,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAE1D;;;;;;;;;;OAUG;IACH,SAAS,CAAC,EAAE,6BAA6B,CAAC;IAE1C;;;;;OAKG;IACH,UAAU,CAAC,EAAE,oBAAoB,CAAC,gBAAgB,EAAE,eAAe,CAAC,CAAC;IAErE;;;;;OAKG;IACH,YAAY,CAAC,EAAE,SAAS,WAAW,EAAE,CAAC;CACvC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,uCAAuC,GACjD,2BAA2B,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG;IAC7D;;;OAGG;IAGH,oBAAoB,EAAE,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;CACnD,CAAC;AAEJ;;;;;;GAMG;AACH,MAAM,MAAM,gCAAgC,GAC1C,2BAA2B,CAAC,cAAc,CAAC,SAAS,CAAC,GAAG;IACtD;;;;;OAKG;IACH,eAAe,EAAE,eAAe,CAAC,IAAI,CAAC,CAAC;CACxC,CAAC;AAEJ;;;;;;;;;GASG;AACH,MAAM,MAAM,iCAAiC,GACzC,gCAAgC,GAChC,uCAAuC,CAAC;AAE5C;;GAEG;AACH,KAAK,qCAAqC,CACxC,YAAY,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC5C,WAAW,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC3C,cAAc,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAC5C;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC;IACxD,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,8BAA8B,CACxC,IAAI,SAAS,cAAc,EAC3B,OAAO,SAAS,qCAAqC,CACnD,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CACxB,EACD,aAAa,SAAS,iCAAiC,GAAG;IACxD,cAAc,EAAE,IAAI,CAAC;CACtB,IACC,CAAC,OAAO,EAAE,OAAO,KAAK,aAAa,CAAC;AAExC;;;GAGG;AACH,MAAM,MAAM,8CAA8C,GAAG;IAC3D,UAAU,EAAE,MAAM,CAAC;IACnB,oBAAoB,EAAE,8BAA8B,CAClD,cAAc,EACd,qCAAqC,CACnC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CACxB,EACD,iCAAiC,CAClC,CAAC;IACF,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACxC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACvC,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;CAC3C,CAAC;AAEF,KAAK,kCAAkC,CACrC,aAAa,SAAS,uCAAuC,IAE7D,aAAa,CAAC,sBAAsB,CAAC,SAAS,qBAAqB,CACjE,aAAa,CAAC,sBAAsB,CAAC,CACtC,GACG,aAAa,GACb,KAAK,CAAC;AAEZ;;;;;GAKG;AACH,MAAM,MAAM,4BAA4B,CACtC,aAAa,SAAS,iCAAiC,IACrD,aAAa,CAAC,YAAY,CAAC,SAAS,UAAU,GAC9C,aAAa,CAAC,gBAAgB,CAAC,SAAS,cAAc,CAAC,SAAS,GAC9D,aAAa,GACb,aAAa,CAAC,gBAAgB,CAAC,SAAS,cAAc,CAAC,gBAAgB,GACrE,kCAAkC,CAChC,OAAO,CAAC,aAAa,EAAE,uCAAuC,CAAC,CAChE,GACD,KAAK,GACT,KAAK,CAAC;AAEV;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,aAAa,SAAS,iCAAiC,EACvD,IAAI,SAAS,cAAc,EAE3B,aAAa,EAAE,aAAa,EAC5B,YAAY,EAAE,IAAI,GACjB,aAAa,IAAI,aAAa,GAAG;IAClC,cAAc,EAAE,IAAI,CAAC;CACtB,CAEA;AAED;;;;;GAKG;AACH,MAAM,MAAM,0BAA0B,CACpC,aAAa,SAAS,iCAAiC,IACrD;KACD,IAAI,IAAI,aAAa,CAAC,YAAY,CAAC,GAAG,aAAa,SAAS;QAC3D,UAAU,EAAE,IAAI,CAAC;KAClB,GACG,aAAa,GACb,KAAK;CACV,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,8BAA8B,CACxC,aAAa,SAAS,iCAAiC,EACvD,IAAI,SAAS,aAAa,CAAC,YAAY,CAAC,IACtC,aAAa,SAAS;IACxB,UAAU,EAAE,IAAI,CAAC;CAClB,GACG,aAAa,GACb,KAAK,CAAC"}
1
+ {"version":3,"file":"Permission.d.cts","sourceRoot":"","sources":["../src/Permission.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,mCAAmC;AAChE,OAAO,KAAK,EAAE,gBAAgB,EAAE,eAAe,EAAE,4BAA4B;AAC7E,OAAO,KAAK,EAAE,IAAI,EAAE,wBAAwB;AAI5C,OAAO,KAAK,EAAE,gBAAgB,EAAU,qBAAiB;AACzD,OAAO,KAAK,EAGV,kBAAkB,EAClB,mBAAmB,EACpB,mCAA+B;AAChC,OAAO,KAAK,EAAE,WAAW,EAAE,wCAAoC;AAE/D;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAElC;;GAEG;AACH,KAAK,UAAU,GAAG,MAAM,CAAC;AAEzB;;;;;;;;GAQG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAE5C;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,IAAI,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAEzD;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAC;IAE/B;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;CACnC,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,eAAe,CACzB,IAAI,SAAS,UAAU,EACvB,aAAa,SAAS,gBAAgB,IACpC,oBAAoB,GAAG;IACzB;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,aAAa,SAAS,KAAK,GACzC,IAAI,GACJ,aAAa,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC;IAExC;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC;CACjC,CAAC;AAEF;;;;;;GAMG;AACH,KAAK,mBAAmB,CAAC,SAAS,IAAI,SAAS,SAAS,EAAE,GACtD,KAAK,GACL,SAAS,SAAS,OAAO,EAAE,GAAG,SAAS,OAAO,EAAE,GAC9C,SAAS,CAAC,MAAM,CAAC,GACjB,KAAK,CAAC;AAEZ;;;;;;GAMG;AACH,MAAM,MAAM,yBAAyB,CACnC,uBAAuB,SAAS,iCAAiC,IAC/D,mBAAmB,CAAC,uBAAuB,CAAC,gBAAgB,CAAC,CAAC,CAAC;AAEnE;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,CAAC,gBAAgB,SAAS,oBAAoB,IAAI;IAC7E,MAAM,EAAE,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;IAC7C;;OAEG;IACH,OAAO,EAAE,YAAY,CAAC;IAEtB;;;OAGG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC,gBAAgB,CAAC,CAAC;CAC3C,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CACjC,gBAAgB,SAAS,oBAAoB,EAC7C,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,GAAG,gBAAgB,CAUhE;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CACxB,UAAU,EAAE,oBAAoB,EAChC,UAAU,EAAE,MAAM,GACjB,gBAAgB,GAAG,SAAS,CAE9B;AAED;;;GAGG;AACH,KAAK,mBAAmB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAEzD;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;AAE3E;;;;GAIG;AACH,KAAK,uBAAuB,GAAG,QAAQ,CAAC;IACtC,MAAM,EAAE,YAAY,CAAC;IACrB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC,CAAC;AAEH,MAAM,MAAM,0BAA0B,GAAG,IAAI,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AAEvE;;;;GAIG;AACH,MAAM,MAAM,uBAAuB,CACjC,MAAM,SAAS,0BAA0B,GAAG,IAAI,IAC9C;IACF,MAAM,EAAE,UAAU,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,uBAAuB,CAAC;CAClC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,oBAAoB,CAC9B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IACjB,CAAC,IAAI,EAAE,uBAAuB,CAAC,MAAM,CAAC,KAAK,MAAM,CAAC;AAEtD;;;;;GAKG;AACH,MAAM,MAAM,qBAAqB,CAC/B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IACjB,CAAC,IAAI,EAAE,uBAAuB,CAAC,MAAM,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE/D;;;;;GAKG;AACH,MAAM,MAAM,gBAAgB,CAC1B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IAEjB,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,GACpC,qBAAqB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAE1C,MAAM,MAAM,qBAAqB,CAC/B,oBAAoB,SAAS,gBAAgB,CAC3C,0BAA0B,EAC1B,IAAI,CACL,IACC,oBAAoB,SAAS,CAAC,IAAI,EAAE,MAAM,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,GAC1E,OAAO,SAAS,uBAAuB,CAAC,0BAA0B,CAAC,GACjE,oBAAoB,GACpB,KAAK,GACP,KAAK,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,eAAe,CAAC,UAAU,SAAS,IAAI,IAAI,CACrD,OAAO,EAAE,qBAAqB,KAC3B,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AAEtC,MAAM,MAAM,iBAAiB,CAC3B,gBAAgB,SAAS,oBAAoB,EAC7C,WAAW,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IACzC,CACF,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,EAC5C,WAAW,CAAC,EAAE,WAAW,KACtB,gBAAgB,CAAC;AAEtB,MAAM,MAAM,6BAA6B,GAAG,CAC1C,UAAU,EAAE,oBAAoB,EAChC,MAAM,CAAC,EAAE,YAAY,EACrB,MAAM,CAAC,EAAE,MAAM,KACZ,IAAI,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,gBAAgB,CAC1B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B;IACF,WAAW,EAAE,kBAAkB,CAAC;IAChC,SAAS,EAAE,mBAAmB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CACjD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAC3B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B,CAAC,MAAM,EAAE,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpE;;GAEG;AACH,MAAM,MAAM,oBAAoB,CAC9B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B;IACF;;OAEG;IACH,WAAW,EAAE,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChD;;OAEG;IACH,SAAS,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CAChD,CAAC;AAEF;;GAEG;AACH,oBAAY,cAAc;IACxB;;;OAGG;IACH,gBAAgB,qBAAqB;IAErC;;;OAGG;IACH,SAAS,cAAc;CACxB;AAED;;;;;;;;;GASG;AACH,KAAK,2BAA2B,CAAC,IAAI,SAAS,cAAc,IAAI;IAC9D;;OAEG;IACH,cAAc,EAAE,IAAI,CAAC;IAErB;;OAEG;IACH,UAAU,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,cAAc,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC;IAEvD;;;;;;;;;OASG;IAGH,OAAO,CAAC,EAAE,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAE1D;;;;;;;;;;OAUG;IACH,SAAS,CAAC,EAAE,6BAA6B,CAAC;IAE1C;;;;;OAKG;IACH,UAAU,CAAC,EAAE,oBAAoB,CAAC,gBAAgB,EAAE,eAAe,CAAC,CAAC;IAErE;;;;;OAKG;IACH,YAAY,CAAC,EAAE,SAAS,WAAW,EAAE,CAAC;CACvC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,uCAAuC,GACjD,2BAA2B,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG;IAC7D;;;OAGG;IAGH,oBAAoB,EAAE,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;CACnD,CAAC;AAEJ;;;;;;GAMG;AACH,MAAM,MAAM,gCAAgC,GAC1C,2BAA2B,CAAC,cAAc,CAAC,SAAS,CAAC,GAAG;IACtD;;;;;OAKG;IACH,eAAe,EAAE,eAAe,CAAC,IAAI,CAAC,CAAC;CACxC,CAAC;AAEJ;;;;;;;;;GASG;AACH,MAAM,MAAM,iCAAiC,GACzC,gCAAgC,GAChC,uCAAuC,CAAC;AAE5C;;GAEG;AACH,KAAK,qCAAqC,CACxC,WAAW,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC3C,aAAa,GAAG,OAAO,IACrB;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC;IACxD,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B;;;;;OAKG;IACH,SAAS,CAAC,EAAE,aAAa,CAAC;CAC3B,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,8BAA8B,CACxC,IAAI,SAAS,cAAc,EAC3B,OAAO,SAAS,qCAAqC,CACnD,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CACxB,EACD,aAAa,SAAS,iCAAiC,GAAG;IACxD,cAAc,EAAE,IAAI,CAAC;CACtB,IACC,CAAC,OAAO,EAAE,OAAO,KAAK,aAAa,CAAC;AAExC,KAAK,kCAAkC,CACrC,aAAa,SAAS,uCAAuC,IAE7D,aAAa,CAAC,sBAAsB,CAAC,SAAS,qBAAqB,CACjE,aAAa,CAAC,sBAAsB,CAAC,CACtC,GACG,aAAa,GACb,KAAK,CAAC;AAEZ;;;;;GAKG;AACH,MAAM,MAAM,4BAA4B,CACtC,aAAa,SAAS,iCAAiC,IACrD,aAAa,CAAC,YAAY,CAAC,SAAS,UAAU,GAC9C,aAAa,CAAC,gBAAgB,CAAC,SAAS,cAAc,CAAC,SAAS,GAC9D,aAAa,GACb,aAAa,CAAC,gBAAgB,CAAC,SAAS,cAAc,CAAC,gBAAgB,GACrE,kCAAkC,CAChC,OAAO,CAAC,aAAa,EAAE,uCAAuC,CAAC,CAChE,GACD,KAAK,GACT,KAAK,CAAC;AAEV;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,aAAa,SAAS,iCAAiC,EACvD,IAAI,SAAS,cAAc,EAE3B,aAAa,EAAE,aAAa,EAC5B,YAAY,EAAE,IAAI,GACjB,aAAa,IAAI,aAAa,GAAG;IAClC,cAAc,EAAE,IAAI,CAAC;CACtB,CAEA;AAED;;;;;GAKG;AACH,MAAM,MAAM,0BAA0B,CACpC,aAAa,SAAS,iCAAiC,IACrD;KACD,IAAI,IAAI,aAAa,CAAC,YAAY,CAAC,GAAG,aAAa,SAAS;QAC3D,UAAU,EAAE,IAAI,CAAC;KAClB,GACG,aAAa,GACb,KAAK;CACV,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,8BAA8B,CACxC,aAAa,SAAS,iCAAiC,EACvD,IAAI,SAAS,aAAa,CAAC,YAAY,CAAC,IACtC,aAAa,SAAS;IACxB,UAAU,EAAE,IAAI,CAAC;CAClB,GACG,aAAa,GACb,KAAK,CAAC"}
package/dist/Permission.d.mts CHANGED
@@ -349,12 +349,17 @@ export type PermissionSpecificationConstraint = EndowmentSpecificationConstraint
349
349
  /**
350
350
  * Options for {@link PermissionSpecificationBuilder} functions.
351
351
  */
352
- type PermissionSpecificationBuilderOptions<FactoryHooks extends Record<string, unknown>, MethodHooks extends Record<string, unknown>, ValidatorHooks extends Record<string, unknown>> = {
352
+ type PermissionSpecificationBuilderOptions<MethodHooks extends Record<string, unknown>, SpecMessenger = unknown> = {
353
353
  targetName?: string;
354
354
  allowedCaveats?: Readonly<NonEmptyArray<string>> | null;
355
- factoryHooks?: FactoryHooks;
356
355
  methodHooks?: MethodHooks;
357
- validatorHooks?: ValidatorHooks;
356
+ /**
357
+ * A messenger scoped to this permission specification. The messenger is
358
+ * expected to have exactly the actions declared by the spec's `actionNames`
359
+ * delegated to it; {@link createRestrictedMethodMessenger} is the canonical
360
+ * way to construct it.
361
+ */
362
+ messenger?: SpecMessenger;
358
363
  };
359
364
  /**
360
365
  * A function that builds a permission specification. Modules that specify
@@ -362,20 +367,9 @@ type PermissionSpecificationBuilderOptions<FactoryHooks extends Record<string, u
362
367
  * default export so that host applications can use them to generate concrete
363
368
  * specifications tailored to their requirements.
364
369
  */
365
- export type PermissionSpecificationBuilder<Type extends PermissionType, Options extends PermissionSpecificationBuilderOptions<Record<string, unknown>, Record<string, unknown>, Record<string, unknown>>, Specification extends PermissionSpecificationConstraint & {
370
+ export type PermissionSpecificationBuilder<Type extends PermissionType, Options extends PermissionSpecificationBuilderOptions<Record<string, unknown>>, Specification extends PermissionSpecificationConstraint & {
366
371
  permissionType: Type;
367
372
  }> = (options: Options) => Specification;
368
- /**
369
- * A restricted method permission export object, containing the
370
- * {@link PermissionSpecificationBuilder} function and "hook name" objects.
371
- */
372
- export type PermissionSpecificationBuilderExportConstraint = {
373
- targetName: string;
374
- specificationBuilder: PermissionSpecificationBuilder<PermissionType, PermissionSpecificationBuilderOptions<Record<string, unknown>, Record<string, unknown>, Record<string, unknown>>, PermissionSpecificationConstraint>;
375
- factoryHookNames?: Record<string, true>;
376
- methodHookNames?: Record<string, true>;
377
- validatorHookNames?: Record<string, true>;
378
- };
379
373
  type ValidRestrictedMethodSpecification<Specification extends RestrictedMethodSpecificationConstraint> = Specification['methodImplementation'] extends ValidRestrictedMethod<Specification['methodImplementation']> ? Specification : never;
380
374
  /**
381
375
  * Constraint for {@link PermissionSpecificationConstraint} objects that
package/dist/Permission.d.mts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"Permission.d.mts","sourceRoot":"","sources":["../src/Permission.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,mCAAmC;AAChE,OAAO,KAAK,EAAE,gBAAgB,EAAE,eAAe,EAAE,4BAA4B;AAC7E,OAAO,KAAK,EAAE,IAAI,EAAE,wBAAwB;AAI5C,OAAO,KAAK,EAAE,gBAAgB,EAAU,qBAAiB;AACzD,OAAO,KAAK,EAGV,kBAAkB,EAClB,mBAAmB,EACpB,mCAA+B;AAChC,OAAO,KAAK,EAAE,WAAW,EAAE,wCAAoC;AAE/D;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAElC;;GAEG;AACH,KAAK,UAAU,GAAG,MAAM,CAAC;AAEzB;;;;;;;;GAQG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAE5C;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,IAAI,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAEzD;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAC;IAE/B;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;CACnC,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,eAAe,CACzB,IAAI,SAAS,UAAU,EACvB,aAAa,SAAS,gBAAgB,IACpC,oBAAoB,GAAG;IACzB;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,aAAa,SAAS,KAAK,GACzC,IAAI,GACJ,aAAa,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC;IAExC;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC;CACjC,CAAC;AAEF;;;;;;GAMG;AACH,KAAK,mBAAmB,CAAC,SAAS,IAAI,SAAS,SAAS,EAAE,GACtD,KAAK,GACL,SAAS,SAAS,OAAO,EAAE,GAAG,SAAS,OAAO,EAAE,GAC9C,SAAS,CAAC,MAAM,CAAC,GACjB,KAAK,CAAC;AAEZ;;;;;;GAMG;AACH,MAAM,MAAM,yBAAyB,CACnC,uBAAuB,SAAS,iCAAiC,IAC/D,mBAAmB,CAAC,uBAAuB,CAAC,gBAAgB,CAAC,CAAC,CAAC;AAEnE;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,CAAC,gBAAgB,SAAS,oBAAoB,IAAI;IAC7E,MAAM,EAAE,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;IAC7C;;OAEG;IACH,OAAO,EAAE,YAAY,CAAC;IAEtB;;;OAGG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC,gBAAgB,CAAC,CAAC;CAC3C,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CACjC,gBAAgB,SAAS,oBAAoB,EAC7C,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,GAAG,gBAAgB,CAUhE;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CACxB,UAAU,EAAE,oBAAoB,EAChC,UAAU,EAAE,MAAM,GACjB,gBAAgB,GAAG,SAAS,CAE9B;AAED;;;GAGG;AACH,KAAK,mBAAmB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAEzD;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;AAE3E;;;;GAIG;AACH,KAAK,uBAAuB,GAAG,QAAQ,CAAC;IACtC,MAAM,EAAE,YAAY,CAAC;IACrB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC,CAAC;AAEH,MAAM,MAAM,0BAA0B,GAAG,IAAI,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AAEvE;;;;GAIG;AACH,MAAM,MAAM,uBAAuB,CACjC,MAAM,SAAS,0BAA0B,GAAG,IAAI,IAC9C;IACF,MAAM,EAAE,UAAU,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,uBAAuB,CAAC;CAClC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,oBAAoB,CAC9B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IACjB,CAAC,IAAI,EAAE,uBAAuB,CAAC,MAAM,CAAC,KAAK,MAAM,CAAC;AAEtD;;;;;GAKG;AACH,MAAM,MAAM,qBAAqB,CAC/B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IACjB,CAAC,IAAI,EAAE,uBAAuB,CAAC,MAAM,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE/D;;;;;GAKG;AACH,MAAM,MAAM,gBAAgB,CAC1B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IAEjB,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,GACpC,qBAAqB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAE1C,MAAM,MAAM,qBAAqB,CAC/B,oBAAoB,SAAS,gBAAgB,CAC3C,0BAA0B,EAC1B,IAAI,CACL,IACC,oBAAoB,SAAS,CAAC,IAAI,EAAE,MAAM,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,GAC1E,OAAO,SAAS,uBAAuB,CAAC,0BAA0B,CAAC,GACjE,oBAAoB,GACpB,KAAK,GACP,KAAK,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,eAAe,CAAC,UAAU,SAAS,IAAI,IAAI,CACrD,OAAO,EAAE,qBAAqB,KAC3B,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AAEtC,MAAM,MAAM,iBAAiB,CAC3B,gBAAgB,SAAS,oBAAoB,EAC7C,WAAW,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IACzC,CACF,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,EAC5C,WAAW,CAAC,EAAE,WAAW,KACtB,gBAAgB,CAAC;AAEtB,MAAM,MAAM,6BAA6B,GAAG,CAC1C,UAAU,EAAE,oBAAoB,EAChC,MAAM,CAAC,EAAE,YAAY,EACrB,MAAM,CAAC,EAAE,MAAM,KACZ,IAAI,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,gBAAgB,CAC1B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B;IACF,WAAW,EAAE,kBAAkB,CAAC;IAChC,SAAS,EAAE,mBAAmB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CACjD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAC3B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B,CAAC,MAAM,EAAE,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpE;;GAEG;AACH,MAAM,MAAM,oBAAoB,CAC9B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B;IACF;;OAEG;IACH,WAAW,EAAE,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChD;;OAEG;IACH,SAAS,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CAChD,CAAC;AAEF;;GAEG;AACH,oBAAY,cAAc;IACxB;;;OAGG;IACH,gBAAgB,qBAAqB;IAErC;;;OAGG;IACH,SAAS,cAAc;CACxB;AAED;;;;;;;;;GASG;AACH,KAAK,2BAA2B,CAAC,IAAI,SAAS,cAAc,IAAI;IAC9D;;OAEG;IACH,cAAc,EAAE,IAAI,CAAC;IAErB;;OAEG;IACH,UAAU,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,cAAc,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC;IAEvD;;;;;;;;;OASG;IAGH,OAAO,CAAC,EAAE,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAE1D;;;;;;;;;;OAUG;IACH,SAAS,CAAC,EAAE,6BAA6B,CAAC;IAE1C;;;;;OAKG;IACH,UAAU,CAAC,EAAE,oBAAoB,CAAC,gBAAgB,EAAE,eAAe,CAAC,CAAC;IAErE;;;;;OAKG;IACH,YAAY,CAAC,EAAE,SAAS,WAAW,EAAE,CAAC;CACvC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,uCAAuC,GACjD,2BAA2B,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG;IAC7D;;;OAGG;IAGH,oBAAoB,EAAE,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;CACnD,CAAC;AAEJ;;;;;;GAMG;AACH,MAAM,MAAM,gCAAgC,GAC1C,2BAA2B,CAAC,cAAc,CAAC,SAAS,CAAC,GAAG;IACtD;;;;;OAKG;IACH,eAAe,EAAE,eAAe,CAAC,IAAI,CAAC,CAAC;CACxC,CAAC;AAEJ;;;;;;;;;GASG;AACH,MAAM,MAAM,iCAAiC,GACzC,gCAAgC,GAChC,uCAAuC,CAAC;AAE5C;;GAEG;AACH,KAAK,qCAAqC,CACxC,YAAY,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC5C,WAAW,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC3C,cAAc,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IAC5C;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC;IACxD,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,8BAA8B,CACxC,IAAI,SAAS,cAAc,EAC3B,OAAO,SAAS,qCAAqC,CACnD,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CACxB,EACD,aAAa,SAAS,iCAAiC,GAAG;IACxD,cAAc,EAAE,IAAI,CAAC;CACtB,IACC,CAAC,OAAO,EAAE,OAAO,KAAK,aAAa,CAAC;AAExC;;;GAGG;AACH,MAAM,MAAM,8CAA8C,GAAG;IAC3D,UAAU,EAAE,MAAM,CAAC;IACnB,oBAAoB,EAAE,8BAA8B,CAClD,cAAc,EACd,qCAAqC,CACnC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACvB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CACxB,EACD,iCAAiC,CAClC,CAAC;IACF,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACxC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACvC,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;CAC3C,CAAC;AAEF,KAAK,kCAAkC,CACrC,aAAa,SAAS,uCAAuC,IAE7D,aAAa,CAAC,sBAAsB,CAAC,SAAS,qBAAqB,CACjE,aAAa,CAAC,sBAAsB,CAAC,CACtC,GACG,aAAa,GACb,KAAK,CAAC;AAEZ;;;;;GAKG;AACH,MAAM,MAAM,4BAA4B,CACtC,aAAa,SAAS,iCAAiC,IACrD,aAAa,CAAC,YAAY,CAAC,SAAS,UAAU,GAC9C,aAAa,CAAC,gBAAgB,CAAC,SAAS,cAAc,CAAC,SAAS,GAC9D,aAAa,GACb,aAAa,CAAC,gBAAgB,CAAC,SAAS,cAAc,CAAC,gBAAgB,GACrE,kCAAkC,CAChC,OAAO,CAAC,aAAa,EAAE,uCAAuC,CAAC,CAChE,GACD,KAAK,GACT,KAAK,CAAC;AAEV;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,aAAa,SAAS,iCAAiC,EACvD,IAAI,SAAS,cAAc,EAE3B,aAAa,EAAE,aAAa,EAC5B,YAAY,EAAE,IAAI,GACjB,aAAa,IAAI,aAAa,GAAG;IAClC,cAAc,EAAE,IAAI,CAAC;CACtB,CAEA;AAED;;;;;GAKG;AACH,MAAM,MAAM,0BAA0B,CACpC,aAAa,SAAS,iCAAiC,IACrD;KACD,IAAI,IAAI,aAAa,CAAC,YAAY,CAAC,GAAG,aAAa,SAAS;QAC3D,UAAU,EAAE,IAAI,CAAC;KAClB,GACG,aAAa,GACb,KAAK;CACV,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,8BAA8B,CACxC,aAAa,SAAS,iCAAiC,EACvD,IAAI,SAAS,aAAa,CAAC,YAAY,CAAC,IACtC,aAAa,SAAS;IACxB,UAAU,EAAE,IAAI,CAAC;CAClB,GACG,aAAa,GACb,KAAK,CAAC"}
1
+ {"version":3,"file":"Permission.d.mts","sourceRoot":"","sources":["../src/Permission.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,mCAAmC;AAChE,OAAO,KAAK,EAAE,gBAAgB,EAAE,eAAe,EAAE,4BAA4B;AAC7E,OAAO,KAAK,EAAE,IAAI,EAAE,wBAAwB;AAI5C,OAAO,KAAK,EAAE,gBAAgB,EAAU,qBAAiB;AACzD,OAAO,KAAK,EAGV,kBAAkB,EAClB,mBAAmB,EACpB,mCAA+B;AAChC,OAAO,KAAK,EAAE,WAAW,EAAE,wCAAoC;AAE/D;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAElC;;GAEG;AACH,KAAK,UAAU,GAAG,MAAM,CAAC;AAEzB;;;;;;;;GAQG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC;;;;;OAKG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAE5C;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,IAAI,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAEzD;;OAEG;IACH,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAC;IAE/B;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;CACnC,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,eAAe,CACzB,IAAI,SAAS,UAAU,EACvB,aAAa,SAAS,gBAAgB,IACpC,oBAAoB,GAAG;IACzB;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,aAAa,SAAS,KAAK,GACzC,IAAI,GACJ,aAAa,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC;IAExC;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC;CACjC,CAAC;AAEF;;;;;;GAMG;AACH,KAAK,mBAAmB,CAAC,SAAS,IAAI,SAAS,SAAS,EAAE,GACtD,KAAK,GACL,SAAS,SAAS,OAAO,EAAE,GAAG,SAAS,OAAO,EAAE,GAC9C,SAAS,CAAC,MAAM,CAAC,GACjB,KAAK,CAAC;AAEZ;;;;;;GAMG;AACH,MAAM,MAAM,yBAAyB,CACnC,uBAAuB,SAAS,iCAAiC,IAC/D,mBAAmB,CAAC,uBAAuB,CAAC,gBAAgB,CAAC,CAAC,CAAC;AAEnE;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,CAAC,gBAAgB,SAAS,oBAAoB,IAAI;IAC7E,MAAM,EAAE,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;IAC7C;;OAEG;IACH,OAAO,EAAE,YAAY,CAAC;IAEtB;;;OAGG;IACH,OAAO,CAAC,EAAE,aAAa,CAAC,gBAAgB,CAAC,CAAC;CAC3C,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CACjC,gBAAgB,SAAS,oBAAoB,EAC7C,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,GAAG,gBAAgB,CAUhE;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CACxB,UAAU,EAAE,oBAAoB,EAChC,UAAU,EAAE,MAAM,GACjB,gBAAgB,GAAG,SAAS,CAE9B;AAED;;;GAGG;AACH,KAAK,mBAAmB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAEzD;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;AAE3E;;;;GAIG;AACH,KAAK,uBAAuB,GAAG,QAAQ,CAAC;IACtC,MAAM,EAAE,YAAY,CAAC;IACrB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC,CAAC;AAEH,MAAM,MAAM,0BAA0B,GAAG,IAAI,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AAEvE;;;;GAIG;AACH,MAAM,MAAM,uBAAuB,CACjC,MAAM,SAAS,0BAA0B,GAAG,IAAI,IAC9C;IACF,MAAM,EAAE,UAAU,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,uBAAuB,CAAC;CAClC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,oBAAoB,CAC9B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IACjB,CAAC,IAAI,EAAE,uBAAuB,CAAC,MAAM,CAAC,KAAK,MAAM,CAAC;AAEtD;;;;;GAKG;AACH,MAAM,MAAM,qBAAqB,CAC/B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IACjB,CAAC,IAAI,EAAE,uBAAuB,CAAC,MAAM,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAE/D;;;;;GAKG;AACH,MAAM,MAAM,gBAAgB,CAC1B,MAAM,SAAS,0BAA0B,EACzC,MAAM,SAAS,IAAI,IAEjB,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,GACpC,qBAAqB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAE1C,MAAM,MAAM,qBAAqB,CAC/B,oBAAoB,SAAS,gBAAgB,CAC3C,0BAA0B,EAC1B,IAAI,CACL,IACC,oBAAoB,SAAS,CAAC,IAAI,EAAE,MAAM,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,GAC1E,OAAO,SAAS,uBAAuB,CAAC,0BAA0B,CAAC,GACjE,oBAAoB,GACpB,KAAK,GACP,KAAK,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IAEtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,eAAe,CAAC,UAAU,SAAS,IAAI,IAAI,CACrD,OAAO,EAAE,qBAAqB,KAC3B,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AAEtC,MAAM,MAAM,iBAAiB,CAC3B,gBAAgB,SAAS,oBAAoB,EAC7C,WAAW,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,IACzC,CACF,OAAO,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,EAC5C,WAAW,CAAC,EAAE,WAAW,KACtB,gBAAgB,CAAC;AAEtB,MAAM,MAAM,6BAA6B,GAAG,CAC1C,UAAU,EAAE,oBAAoB,EAChC,MAAM,CAAC,EAAE,YAAY,EACrB,MAAM,CAAC,EAAE,MAAM,KACZ,IAAI,CAAC;AAEV;;GAEG;AACH,MAAM,MAAM,gBAAgB,CAC1B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B;IACF,WAAW,EAAE,kBAAkB,CAAC;IAChC,SAAS,EAAE,mBAAmB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CACjD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAC3B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B,CAAC,MAAM,EAAE,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpE;;GAEG;AACH,MAAM,MAAM,oBAAoB,CAC9B,OAAO,SAAS,gBAAgB,EAChC,MAAM,SAAS,eAAe,IAC5B;IACF;;OAEG;IACH,WAAW,EAAE,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChD;;OAEG;IACH,SAAS,CAAC,EAAE,iBAAiB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CAChD,CAAC;AAEF;;GAEG;AACH,oBAAY,cAAc;IACxB;;;OAGG;IACH,gBAAgB,qBAAqB;IAErC;;;OAGG;IACH,SAAS,cAAc;CACxB;AAED;;;;;;;;;GASG;AACH,KAAK,2BAA2B,CAAC,IAAI,SAAS,cAAc,IAAI;IAC9D;;OAEG;IACH,cAAc,EAAE,IAAI,CAAC;IAErB;;OAEG;IACH,UAAU,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,cAAc,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC;IAEvD;;;;;;;;;OASG;IAGH,OAAO,CAAC,EAAE,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAE1D;;;;;;;;;;OAUG;IACH,SAAS,CAAC,EAAE,6BAA6B,CAAC;IAE1C;;;;;OAKG;IACH,UAAU,CAAC,EAAE,oBAAoB,CAAC,gBAAgB,EAAE,eAAe,CAAC,CAAC;IAErE;;;;;OAKG;IACH,YAAY,CAAC,EAAE,SAAS,WAAW,EAAE,CAAC;CACvC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,uCAAuC,GACjD,2BAA2B,CAAC,cAAc,CAAC,gBAAgB,CAAC,GAAG;IAC7D;;;OAGG;IAGH,oBAAoB,EAAE,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;CACnD,CAAC;AAEJ;;;;;;GAMG;AACH,MAAM,MAAM,gCAAgC,GAC1C,2BAA2B,CAAC,cAAc,CAAC,SAAS,CAAC,GAAG;IACtD;;;;;OAKG;IACH,eAAe,EAAE,eAAe,CAAC,IAAI,CAAC,CAAC;CACxC,CAAC;AAEJ;;;;;;;;;GASG;AACH,MAAM,MAAM,iCAAiC,GACzC,gCAAgC,GAChC,uCAAuC,CAAC;AAE5C;;GAEG;AACH,KAAK,qCAAqC,CACxC,WAAW,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC3C,aAAa,GAAG,OAAO,IACrB;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC;IACxD,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B;;;;;OAKG;IACH,SAAS,CAAC,EAAE,aAAa,CAAC;CAC3B,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,8BAA8B,CACxC,IAAI,SAAS,cAAc,EAC3B,OAAO,SAAS,qCAAqC,CACnD,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CACxB,EACD,aAAa,SAAS,iCAAiC,GAAG;IACxD,cAAc,EAAE,IAAI,CAAC;CACtB,IACC,CAAC,OAAO,EAAE,OAAO,KAAK,aAAa,CAAC;AAExC,KAAK,kCAAkC,CACrC,aAAa,SAAS,uCAAuC,IAE7D,aAAa,CAAC,sBAAsB,CAAC,SAAS,qBAAqB,CACjE,aAAa,CAAC,sBAAsB,CAAC,CACtC,GACG,aAAa,GACb,KAAK,CAAC;AAEZ;;;;;GAKG;AACH,MAAM,MAAM,4BAA4B,CACtC,aAAa,SAAS,iCAAiC,IACrD,aAAa,CAAC,YAAY,CAAC,SAAS,UAAU,GAC9C,aAAa,CAAC,gBAAgB,CAAC,SAAS,cAAc,CAAC,SAAS,GAC9D,aAAa,GACb,aAAa,CAAC,gBAAgB,CAAC,SAAS,cAAc,CAAC,gBAAgB,GACrE,kCAAkC,CAChC,OAAO,CAAC,aAAa,EAAE,uCAAuC,CAAC,CAChE,GACD,KAAK,GACT,KAAK,CAAC;AAEV;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,aAAa,SAAS,iCAAiC,EACvD,IAAI,SAAS,cAAc,EAE3B,aAAa,EAAE,aAAa,EAC5B,YAAY,EAAE,IAAI,GACjB,aAAa,IAAI,aAAa,GAAG;IAClC,cAAc,EAAE,IAAI,CAAC;CACtB,CAEA;AAED;;;;;GAKG;AACH,MAAM,MAAM,0BAA0B,CACpC,aAAa,SAAS,iCAAiC,IACrD;KACD,IAAI,IAAI,aAAa,CAAC,YAAY,CAAC,GAAG,aAAa,SAAS;QAC3D,UAAU,EAAE,IAAI,CAAC;KAClB,GACG,aAAa,GACb,KAAK;CACV,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,8BAA8B,CACxC,aAAa,SAAS,iCAAiC,EACvD,IAAI,SAAS,aAAa,CAAC,YAAY,CAAC,IACtC,aAAa,SAAS;IACxB,UAAU,EAAE,IAAI,CAAC;CAClB,GACG,aAAa,GACb,KAAK,CAAC"}
package/dist/Permission.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"Permission.mjs","sourceRoot":"","sources":["../src/Permission.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,MAAM,EAAE,eAAe;AAkJhC;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CAEjC,OAA4C;IAC5C,MAAM,EAAE,OAAO,GAAG,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAEpD,OAAO;QACL,EAAE,EAAE,MAAM,EAAE;QACZ,gBAAgB,EAAE,MAAM;QACxB,OAAO;QACP,OAAO;QACP,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE;KACP,CAAC;AACxB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,UAAU,CACxB,UAAgC,EAChC,UAAkB;IAElB,OAAO,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;AAC1E,CAAC;AAgKD;;GAEG;AACH,MAAM,CAAN,IAAY,cAYX;AAZD,WAAY,cAAc;IACxB;;;OAGG;IACH,uDAAqC,CAAA;IAErC;;;OAGG;IACH,yCAAuB,CAAA;AACzB,CAAC,EAZW,cAAc,KAAd,cAAc,QAYzB;AA2MD;;;;;;;;GAQG;AACH,MAAM,UAAU,oBAAoB,CAIlC,aAA4B,EAC5B,YAAkB;IAIlB,OAAO,aAAa,CAAC,cAAc,KAAK,YAAY,CAAC;AACvD,CAAC","sourcesContent":["import type { NonEmptyArray } from '@metamask/controller-utils';\nimport type { ActionConstraint, EventConstraint } from '@metamask/messenger';\nimport type { Json } from '@metamask/utils';\nimport { nanoid } from 'nanoid';\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nimport type { CaveatConstraint, Caveat } from './Caveat';\nimport type {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n PermissionController,\n PermissionsRequest,\n SideEffectMessenger,\n} from './PermissionController';\nimport type { SubjectType } from './SubjectMetadataController';\n\n/**\n * The origin of a subject.\n * Effectively the GUID of an entity that can have permissions.\n */\nexport type OriginString = string;\n\n/**\n * The name of a permission target.\n */\ntype TargetName = string;\n\n/**\n * A `ZCAP-LD`-like permission object. A permission is associated with a\n * particular `invoker`, which is the holder of the permission. Possessing the\n * permission grants access to a particular restricted resource, identified by\n * the `parentCapability`. The use of the restricted resource may be further\n * restricted by any `caveats` associated with the permission.\n *\n * See the README for details.\n */\nexport type PermissionConstraint = {\n /**\n * The context(s) in which this capability is meaningful.\n *\n * It is required by the standard, but we make it optional since there is only\n * one context in our usage (i.e. the user's MetaMask instance).\n */\n readonly '@context'?: NonEmptyArray<string>;\n\n /**\n * The caveats of the permission.\n *\n * @see {@link Caveat} For more information.\n */\n readonly caveats: null | NonEmptyArray<CaveatConstraint>;\n\n /**\n * The creation date of the permission, in UNIX epoch time.\n */\n readonly date: number;\n\n /**\n * The GUID of the permission object.\n */\n readonly id: string;\n\n /**\n * The origin string of the subject that has the permission.\n */\n readonly invoker: OriginString;\n\n /**\n * A pointer to the resource that possession of the capability grants\n * access to, for example a JSON-RPC method or endowment.\n */\n readonly parentCapability: string;\n};\n\n/**\n * A `ZCAP-LD`-like permission object. A permission is associated with a\n * particular `invoker`, which is the holder of the permission. Possessing the\n * permission grants access to a particular restricted resource, identified by\n * the `parentCapability`. The use of the restricted resource may be further\n * restricted by any `caveats` associated with the permission.\n *\n * See the README for details.\n *\n * @template Name - The name of the permission that the target corresponds to.\n * @template AllowedCaveat - A union of the allowed {@link Caveat} types\n * for the permission.\n */\nexport type ValidPermission<\n Name extends TargetName,\n AllowedCaveat extends CaveatConstraint,\n> = PermissionConstraint & {\n /**\n * The caveats of the permission.\n *\n * @see {@link Caveat} For more information.\n */\n readonly caveats: AllowedCaveat extends never\n ? null\n : NonEmptyArray<AllowedCaveat> | null;\n\n /**\n * A pointer to the resource that possession of the capability grants\n * access to, for example a JSON-RPC method or endowment.\n */\n readonly parentCapability: Name;\n};\n\n/**\n * Internal utility for extracting the members types of an array. The type\n * evalutes to `never` if the specified type is the empty tuple or neither\n * an array nor a tuple.\n *\n * @template ArrayType - The array type whose members to extract.\n */\ntype ExtractArrayMembers<ArrayType> = ArrayType extends []\n ? never\n : ArrayType extends unknown[] | readonly unknown[]\n ? ArrayType[number]\n : never;\n\n/**\n * A utility type for extracting the allowed caveat types for a particular\n * permission from a permission specification type.\n *\n * @template PermissionSpecification - The permission specification type to\n * extract valid caveat types from.\n */\nexport type ExtractAllowedCaveatTypes<\n PermissionSpecification extends PermissionSpecificationConstraint,\n> = ExtractArrayMembers<PermissionSpecification['allowedCaveats']>;\n\n/**\n * The options object of {@link constructPermission}.\n *\n * @template TargetPermission - The {@link Permission} that will be constructed.\n */\nexport type PermissionOptions<TargetPermission extends PermissionConstraint> = {\n target: TargetPermission['parentCapability'];\n /**\n * The origin string of the subject that has the permission.\n */\n invoker: OriginString;\n\n /**\n * The caveats of the permission.\n * See {@link Caveat}.\n */\n caveats?: NonEmptyArray<CaveatConstraint>;\n};\n\n/**\n * The default permission factory function. Naively constructs a permission from\n * the inputs. Sets a default, random `id` if none is provided.\n *\n * @see {@link Permission} For more details.\n * @template TargetPermission- - The {@link Permission} that will be constructed.\n * @param options - The options for the permission.\n * @returns The new permission object.\n */\nexport function constructPermission<\n TargetPermission extends PermissionConstraint,\n>(options: PermissionOptions<TargetPermission>): TargetPermission {\n const { caveats = null, invoker, target } = options;\n\n return {\n id: nanoid(),\n parentCapability: target,\n invoker,\n caveats,\n date: new Date().getTime(),\n } as TargetPermission;\n}\n\n/**\n * Gets the caveat of the specified type belonging to the specified permission.\n *\n * @param permission - The permission whose caveat to retrieve.\n * @param caveatType - The type of the caveat to retrieve.\n * @returns The caveat, or undefined if no such caveat exists.\n */\nexport function findCaveat(\n permission: PermissionConstraint,\n caveatType: string,\n): CaveatConstraint | undefined {\n return permission.caveats?.find((caveat) => caveat.type === caveatType);\n}\n\n/**\n * A requested permission object. Just an object with any of the properties\n * of a {@link PermissionConstraint} object.\n */\ntype RequestedPermission = Partial<PermissionConstraint>;\n\n/**\n * A record of target names and their {@link RequestedPermission} objects.\n */\nexport type RequestedPermissions = Record<TargetName, RequestedPermission>;\n\n/**\n * The restricted method context object. Essentially a way to pass internal\n * arguments to restricted methods and caveat functions, most importantly the\n * requesting origin.\n */\ntype RestrictedMethodContext = Readonly<{\n origin: OriginString;\n [key: string]: unknown;\n}>;\n\nexport type RestrictedMethodParameters = Json[] | Record<string, Json>;\n\n/**\n * The arguments passed to a restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n */\nexport type RestrictedMethodOptions<\n Params extends RestrictedMethodParameters | null,\n> = {\n method: TargetName;\n params?: Params;\n context: RestrictedMethodContext;\n};\n\n/**\n * A synchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type SyncRestrictedMethod<\n Params extends RestrictedMethodParameters,\n Result extends Json,\n> = (args: RestrictedMethodOptions<Params>) => Result;\n\n/**\n * An asynchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type AsyncRestrictedMethod<\n Params extends RestrictedMethodParameters,\n Result extends Json,\n> = (args: RestrictedMethodOptions<Params>) => Promise<Result>;\n\n/**\n * A synchronous or asynchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type RestrictedMethod<\n Params extends RestrictedMethodParameters,\n Result extends Json,\n> =\n | SyncRestrictedMethod<Params, Result>\n | AsyncRestrictedMethod<Params, Result>;\n\nexport type ValidRestrictedMethod<\n MethodImplementation extends RestrictedMethod<\n RestrictedMethodParameters,\n Json\n >,\n> = MethodImplementation extends (args: infer Options) => Json | Promise<Json>\n ? Options extends RestrictedMethodOptions<RestrictedMethodParameters>\n ? MethodImplementation\n : never\n : never;\n\n/**\n * {@link EndowmentGetter} parameter object.\n */\nexport type EndowmentGetterParams = {\n /**\n * The origin of the requesting subject.\n */\n origin: string;\n\n /**\n * Any additional data associated with the request.\n */\n requestData?: unknown;\n\n [key: string]: unknown;\n};\n\n/**\n * A synchronous or asynchronous function that gets the endowments for a\n * particular endowment permission. The getter receives the origin of the\n * requesting subject and, optionally, additional request metadata.\n */\nexport type EndowmentGetter<Endowments extends Json> = (\n options: EndowmentGetterParams,\n) => Endowments | Promise<Endowments>;\n\nexport type PermissionFactory<\n TargetPermission extends PermissionConstraint,\n RequestData extends Record<string, unknown>,\n> = (\n options: PermissionOptions<TargetPermission>,\n requestData?: RequestData,\n) => TargetPermission;\n\nexport type PermissionValidatorConstraint = (\n permission: PermissionConstraint,\n origin?: OriginString,\n target?: string,\n) => void;\n\n/**\n * The parameters passed to the side-effect function.\n */\nexport type SideEffectParams<\n Actions extends ActionConstraint,\n Events extends EventConstraint,\n> = {\n requestData: PermissionsRequest;\n messenger: SideEffectMessenger<Actions, Events>;\n};\n\n/**\n * A function that will execute actions as a permission side-effect.\n */\nexport type SideEffectHandler<\n Actions extends ActionConstraint,\n Events extends EventConstraint,\n> = (params: SideEffectParams<Actions, Events>) => Promise<unknown>;\n\n/**\n * The permissions side effects.\n */\nexport type PermissionSideEffect<\n Actions extends ActionConstraint,\n Events extends EventConstraint,\n> = {\n /**\n * A method triggered when the permission is accepted by the user\n */\n onPermitted: SideEffectHandler<Actions, Events>;\n /**\n * A method triggered if a `onPermitted` method rejected.\n */\n onFailure?: SideEffectHandler<Actions, Events>;\n};\n\n/**\n * The different possible types of permissions.\n */\nexport enum PermissionType {\n /**\n * A restricted JSON-RPC method. A subject must have the requisite permission\n * to call a restricted JSON-RPC method.\n */\n RestrictedMethod = 'RestrictedMethod',\n\n /**\n * An \"endowment\" granted to subjects that possess the requisite permission,\n * such as a global environment variable exposing a restricted API, etc.\n */\n Endowment = 'Endowment',\n}\n\n/**\n * The base constraint for permission specification objects. Every\n * {@link Permission} supported by a {@link PermissionController} must have an\n * associated specification, which is the source of truth for all permission-\n * related types. A permission specification includes the list of permitted\n * caveats, and any factory and validation functions specified by the consumer.\n * A concrete permission specification may specify further fields as necessary.\n *\n * See the README for more details.\n */\ntype PermissionSpecificationBase<Type extends PermissionType> = {\n /**\n * The type of the specified permission.\n */\n permissionType: Type;\n\n /**\n * The name of the target resource of the permission.\n */\n targetName: string;\n\n /**\n * An array of the caveat types that may be added to instances of this\n * permission.\n */\n allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n\n /**\n * The factory function used to get permission objects. Permissions returned\n * by this function are presumed to valid, and they will not be passed to the\n * validator function associated with this specification (if any). In other\n * words, the factory function should validate the permissions it creates.\n *\n * If no factory is specified, the {@link Permission} constructor will be\n * used, and the validator function (if specified) will be called on newly\n * constructed permissions.\n */\n // TODO: Replace `any` with type\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n factory?: PermissionFactory<any, Record<string, unknown>>;\n\n /**\n * The validator function used to validate permissions of the associated type\n * whenever they are granted or their caveat arrays are mutated.\n *\n * Permission validators are **not** invoked when a caveat is mutated, provided\n * the caveat array has not changed. For this reason, permission validators\n * **must not** be used to validate caveats. To validate caveats, use the\n * corresponding caveat specification property.\n *\n * The validator should throw an appropriate JSON-RPC error if validation fails.\n */\n validator?: PermissionValidatorConstraint;\n\n /**\n * The side-effect triggered by the {@link PermissionController} once the user approved it.\n * The side-effect can only be an action allowed to be called inside the {@link PermissionController}.\n *\n * If the side-effect action fails, the permission that triggered it is revoked.\n */\n sideEffect?: PermissionSideEffect<ActionConstraint, EventConstraint>;\n\n /**\n * The Permission may be available to only a subset of the subject types. If so, specify the subject types as an array.\n * If a subject with a type not in this array tries to request the permission, the call will fail.\n *\n * Leaving this as undefined uses default behaviour where the permission is available to request for all subject types.\n */\n subjectTypes?: readonly SubjectType[];\n};\n\n/**\n * The constraint for restricted method permission specification objects.\n * Permissions that correspond to JSON-RPC methods are specified using objects\n * that conform to this type.\n *\n * See the README for more details.\n */\nexport type RestrictedMethodSpecificationConstraint =\n PermissionSpecificationBase<PermissionType.RestrictedMethod> & {\n /**\n * The implementation of the restricted method that the permission\n * corresponds to.\n */\n // TODO: Replace `any` with type\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n methodImplementation: RestrictedMethod<any, Json>;\n };\n\n/**\n * The constraint for endowment permission specification objects. Permissions\n * that endow callers with some restricted resource are specified using objects\n * that conform to this type.\n *\n * See the README for more details.\n */\nexport type EndowmentSpecificationConstraint =\n PermissionSpecificationBase<PermissionType.Endowment> & {\n /**\n * The {@link EndowmentGetter} function for the permission. This function\n * will be called by the {@link PermissionController} whenever the\n * permission is invoked, after which the host can apply the endowments to\n * the requesting subject in the intended manner.\n */\n endowmentGetter: EndowmentGetter<Json>;\n };\n\n/**\n * The constraint for permission specification objects. Every {@link Permission}\n * supported by a {@link PermissionController} must have an associated\n * specification, which is the source of truth for all permission-related types.\n * All specifications must adhere to the {@link PermissionSpecificationBase}\n * interface, but specifications may have different fields depending on the\n * {@link PermissionType}.\n *\n * See the README for more details.\n */\nexport type PermissionSpecificationConstraint =\n | EndowmentSpecificationConstraint\n | RestrictedMethodSpecificationConstraint;\n\n/**\n * Options for {@link PermissionSpecificationBuilder} functions.\n */\ntype PermissionSpecificationBuilderOptions<\n FactoryHooks extends Record<string, unknown>,\n MethodHooks extends Record<string, unknown>,\n ValidatorHooks extends Record<string, unknown>,\n> = {\n targetName?: string;\n allowedCaveats?: Readonly<NonEmptyArray<string>> | null;\n factoryHooks?: FactoryHooks;\n methodHooks?: MethodHooks;\n validatorHooks?: ValidatorHooks;\n};\n\n/**\n * A function that builds a permission specification. Modules that specify\n * permissions for external consumption should make this their primary /\n * default export so that host applications can use them to generate concrete\n * specifications tailored to their requirements.\n */\nexport type PermissionSpecificationBuilder<\n Type extends PermissionType,\n Options extends PermissionSpecificationBuilderOptions<\n Record<string, unknown>,\n Record<string, unknown>,\n Record<string, unknown>\n >,\n Specification extends PermissionSpecificationConstraint & {\n permissionType: Type;\n },\n> = (options: Options) => Specification;\n\n/**\n * A restricted method permission export object, containing the\n * {@link PermissionSpecificationBuilder} function and \"hook name\" objects.\n */\nexport type PermissionSpecificationBuilderExportConstraint = {\n targetName: string;\n specificationBuilder: PermissionSpecificationBuilder<\n PermissionType,\n PermissionSpecificationBuilderOptions<\n Record<string, unknown>,\n Record<string, unknown>,\n Record<string, unknown>\n >,\n PermissionSpecificationConstraint\n >;\n factoryHookNames?: Record<string, true>;\n methodHookNames?: Record<string, true>;\n validatorHookNames?: Record<string, true>;\n};\n\ntype ValidRestrictedMethodSpecification<\n Specification extends RestrictedMethodSpecificationConstraint,\n> =\n Specification['methodImplementation'] extends ValidRestrictedMethod<\n Specification['methodImplementation']\n >\n ? Specification\n : never;\n\n/**\n * Constraint for {@link PermissionSpecificationConstraint} objects that\n * evaluates to `never` if the specification contains any invalid fields.\n *\n * @template Specification - The permission specification to validate.\n */\nexport type ValidPermissionSpecification<\n Specification extends PermissionSpecificationConstraint,\n> = Specification['targetName'] extends TargetName\n ? Specification['permissionType'] extends PermissionType.Endowment\n ? Specification\n : Specification['permissionType'] extends PermissionType.RestrictedMethod\n ? ValidRestrictedMethodSpecification<\n Extract<Specification, RestrictedMethodSpecificationConstraint>\n >\n : never\n : never;\n\n/**\n * Checks that the specification has the expected permission type.\n *\n * @param specification - The specification to check.\n * @param expectedType - The expected permission type.\n * @template Specification - The specification to check.\n * @template Type - The expected permission type.\n * @returns Whether or not the specification is of the expected type.\n */\nexport function hasSpecificationType<\n Specification extends PermissionSpecificationConstraint,\n Type extends PermissionType,\n>(\n specification: Specification,\n expectedType: Type,\n): specification is Specification & {\n permissionType: Type;\n} {\n return specification.permissionType === expectedType;\n}\n\n/**\n * The specifications for all permissions supported by a particular\n * {@link PermissionController}.\n *\n * @template Specifications - The union of all {@link PermissionSpecificationConstraint} types.\n */\nexport type PermissionSpecificationMap<\n Specification extends PermissionSpecificationConstraint,\n> = {\n [Name in Specification['targetName']]: Specification extends {\n targetName: Name;\n }\n ? Specification\n : never;\n};\n\n/**\n * Extracts a specific {@link PermissionSpecificationConstraint} from a union of\n * permission specifications.\n *\n * @template Specification - The specification union type to extract from.\n * @template Name - The `targetName` of the specification to extract.\n */\nexport type ExtractPermissionSpecification<\n Specification extends PermissionSpecificationConstraint,\n Name extends Specification['targetName'],\n> = Specification extends {\n targetName: Name;\n}\n ? Specification\n : never;\n"]}
1
+ {"version":3,"file":"Permission.mjs","sourceRoot":"","sources":["../src/Permission.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,MAAM,EAAE,eAAe;AAkJhC;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CAEjC,OAA4C;IAC5C,MAAM,EAAE,OAAO,GAAG,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAEpD,OAAO;QACL,EAAE,EAAE,MAAM,EAAE;QACZ,gBAAgB,EAAE,MAAM;QACxB,OAAO;QACP,OAAO;QACP,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE;KACP,CAAC;AACxB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,UAAU,CACxB,UAAgC,EAChC,UAAkB;IAElB,OAAO,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;AAC1E,CAAC;AAgKD;;GAEG;AACH,MAAM,CAAN,IAAY,cAYX;AAZD,WAAY,cAAc;IACxB;;;OAGG;IACH,uDAAqC,CAAA;IAErC;;;OAGG;IACH,yCAAuB,CAAA;AACzB,CAAC,EAZW,cAAc,KAAd,cAAc,QAYzB;AAyLD;;;;;;;;GAQG;AACH,MAAM,UAAU,oBAAoB,CAIlC,aAA4B,EAC5B,YAAkB;IAIlB,OAAO,aAAa,CAAC,cAAc,KAAK,YAAY,CAAC;AACvD,CAAC","sourcesContent":["import type { NonEmptyArray } from '@metamask/controller-utils';\nimport type { ActionConstraint, EventConstraint } from '@metamask/messenger';\nimport type { Json } from '@metamask/utils';\nimport { nanoid } from 'nanoid';\n\n// eslint-disable-next-line @typescript-eslint/no-unused-vars\nimport type { CaveatConstraint, Caveat } from './Caveat';\nimport type {\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n PermissionController,\n PermissionsRequest,\n SideEffectMessenger,\n} from './PermissionController';\nimport type { SubjectType } from './SubjectMetadataController';\n\n/**\n * The origin of a subject.\n * Effectively the GUID of an entity that can have permissions.\n */\nexport type OriginString = string;\n\n/**\n * The name of a permission target.\n */\ntype TargetName = string;\n\n/**\n * A `ZCAP-LD`-like permission object. A permission is associated with a\n * particular `invoker`, which is the holder of the permission. Possessing the\n * permission grants access to a particular restricted resource, identified by\n * the `parentCapability`. The use of the restricted resource may be further\n * restricted by any `caveats` associated with the permission.\n *\n * See the README for details.\n */\nexport type PermissionConstraint = {\n /**\n * The context(s) in which this capability is meaningful.\n *\n * It is required by the standard, but we make it optional since there is only\n * one context in our usage (i.e. the user's MetaMask instance).\n */\n readonly '@context'?: NonEmptyArray<string>;\n\n /**\n * The caveats of the permission.\n *\n * @see {@link Caveat} For more information.\n */\n readonly caveats: null | NonEmptyArray<CaveatConstraint>;\n\n /**\n * The creation date of the permission, in UNIX epoch time.\n */\n readonly date: number;\n\n /**\n * The GUID of the permission object.\n */\n readonly id: string;\n\n /**\n * The origin string of the subject that has the permission.\n */\n readonly invoker: OriginString;\n\n /**\n * A pointer to the resource that possession of the capability grants\n * access to, for example a JSON-RPC method or endowment.\n */\n readonly parentCapability: string;\n};\n\n/**\n * A `ZCAP-LD`-like permission object. A permission is associated with a\n * particular `invoker`, which is the holder of the permission. Possessing the\n * permission grants access to a particular restricted resource, identified by\n * the `parentCapability`. The use of the restricted resource may be further\n * restricted by any `caveats` associated with the permission.\n *\n * See the README for details.\n *\n * @template Name - The name of the permission that the target corresponds to.\n * @template AllowedCaveat - A union of the allowed {@link Caveat} types\n * for the permission.\n */\nexport type ValidPermission<\n Name extends TargetName,\n AllowedCaveat extends CaveatConstraint,\n> = PermissionConstraint & {\n /**\n * The caveats of the permission.\n *\n * @see {@link Caveat} For more information.\n */\n readonly caveats: AllowedCaveat extends never\n ? null\n : NonEmptyArray<AllowedCaveat> | null;\n\n /**\n * A pointer to the resource that possession of the capability grants\n * access to, for example a JSON-RPC method or endowment.\n */\n readonly parentCapability: Name;\n};\n\n/**\n * Internal utility for extracting the members types of an array. The type\n * evalutes to `never` if the specified type is the empty tuple or neither\n * an array nor a tuple.\n *\n * @template ArrayType - The array type whose members to extract.\n */\ntype ExtractArrayMembers<ArrayType> = ArrayType extends []\n ? never\n : ArrayType extends unknown[] | readonly unknown[]\n ? ArrayType[number]\n : never;\n\n/**\n * A utility type for extracting the allowed caveat types for a particular\n * permission from a permission specification type.\n *\n * @template PermissionSpecification - The permission specification type to\n * extract valid caveat types from.\n */\nexport type ExtractAllowedCaveatTypes<\n PermissionSpecification extends PermissionSpecificationConstraint,\n> = ExtractArrayMembers<PermissionSpecification['allowedCaveats']>;\n\n/**\n * The options object of {@link constructPermission}.\n *\n * @template TargetPermission - The {@link Permission} that will be constructed.\n */\nexport type PermissionOptions<TargetPermission extends PermissionConstraint> = {\n target: TargetPermission['parentCapability'];\n /**\n * The origin string of the subject that has the permission.\n */\n invoker: OriginString;\n\n /**\n * The caveats of the permission.\n * See {@link Caveat}.\n */\n caveats?: NonEmptyArray<CaveatConstraint>;\n};\n\n/**\n * The default permission factory function. Naively constructs a permission from\n * the inputs. Sets a default, random `id` if none is provided.\n *\n * @see {@link Permission} For more details.\n * @template TargetPermission- - The {@link Permission} that will be constructed.\n * @param options - The options for the permission.\n * @returns The new permission object.\n */\nexport function constructPermission<\n TargetPermission extends PermissionConstraint,\n>(options: PermissionOptions<TargetPermission>): TargetPermission {\n const { caveats = null, invoker, target } = options;\n\n return {\n id: nanoid(),\n parentCapability: target,\n invoker,\n caveats,\n date: new Date().getTime(),\n } as TargetPermission;\n}\n\n/**\n * Gets the caveat of the specified type belonging to the specified permission.\n *\n * @param permission - The permission whose caveat to retrieve.\n * @param caveatType - The type of the caveat to retrieve.\n * @returns The caveat, or undefined if no such caveat exists.\n */\nexport function findCaveat(\n permission: PermissionConstraint,\n caveatType: string,\n): CaveatConstraint | undefined {\n return permission.caveats?.find((caveat) => caveat.type === caveatType);\n}\n\n/**\n * A requested permission object. Just an object with any of the properties\n * of a {@link PermissionConstraint} object.\n */\ntype RequestedPermission = Partial<PermissionConstraint>;\n\n/**\n * A record of target names and their {@link RequestedPermission} objects.\n */\nexport type RequestedPermissions = Record<TargetName, RequestedPermission>;\n\n/**\n * The restricted method context object. Essentially a way to pass internal\n * arguments to restricted methods and caveat functions, most importantly the\n * requesting origin.\n */\ntype RestrictedMethodContext = Readonly<{\n origin: OriginString;\n [key: string]: unknown;\n}>;\n\nexport type RestrictedMethodParameters = Json[] | Record<string, Json>;\n\n/**\n * The arguments passed to a restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n */\nexport type RestrictedMethodOptions<\n Params extends RestrictedMethodParameters | null,\n> = {\n method: TargetName;\n params?: Params;\n context: RestrictedMethodContext;\n};\n\n/**\n * A synchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type SyncRestrictedMethod<\n Params extends RestrictedMethodParameters,\n Result extends Json,\n> = (args: RestrictedMethodOptions<Params>) => Result;\n\n/**\n * An asynchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type AsyncRestrictedMethod<\n Params extends RestrictedMethodParameters,\n Result extends Json,\n> = (args: RestrictedMethodOptions<Params>) => Promise<Result>;\n\n/**\n * A synchronous or asynchronous restricted method implementation.\n *\n * @template Params - The JSON-RPC parameters of the restricted method.\n * @template Result - The JSON-RPC result of the restricted method.\n */\nexport type RestrictedMethod<\n Params extends RestrictedMethodParameters,\n Result extends Json,\n> =\n | SyncRestrictedMethod<Params, Result>\n | AsyncRestrictedMethod<Params, Result>;\n\nexport type ValidRestrictedMethod<\n MethodImplementation extends RestrictedMethod<\n RestrictedMethodParameters,\n Json\n >,\n> = MethodImplementation extends (args: infer Options) => Json | Promise<Json>\n ? Options extends RestrictedMethodOptions<RestrictedMethodParameters>\n ? MethodImplementation\n : never\n : never;\n\n/**\n * {@link EndowmentGetter} parameter object.\n */\nexport type EndowmentGetterParams = {\n /**\n * The origin of the requesting subject.\n */\n origin: string;\n\n /**\n * Any additional data associated with the request.\n */\n requestData?: unknown;\n\n [key: string]: unknown;\n};\n\n/**\n * A synchronous or asynchronous function that gets the endowments for a\n * particular endowment permission. The getter receives the origin of the\n * requesting subject and, optionally, additional request metadata.\n */\nexport type EndowmentGetter<Endowments extends Json> = (\n options: EndowmentGetterParams,\n) => Endowments | Promise<Endowments>;\n\nexport type PermissionFactory<\n TargetPermission extends PermissionConstraint,\n RequestData extends Record<string, unknown>,\n> = (\n options: PermissionOptions<TargetPermission>,\n requestData?: RequestData,\n) => TargetPermission;\n\nexport type PermissionValidatorConstraint = (\n permission: PermissionConstraint,\n origin?: OriginString,\n target?: string,\n) => void;\n\n/**\n * The parameters passed to the side-effect function.\n */\nexport type SideEffectParams<\n Actions extends ActionConstraint,\n Events extends EventConstraint,\n> = {\n requestData: PermissionsRequest;\n messenger: SideEffectMessenger<Actions, Events>;\n};\n\n/**\n * A function that will execute actions as a permission side-effect.\n */\nexport type SideEffectHandler<\n Actions extends ActionConstraint,\n Events extends EventConstraint,\n> = (params: SideEffectParams<Actions, Events>) => Promise<unknown>;\n\n/**\n * The permissions side effects.\n */\nexport type PermissionSideEffect<\n Actions extends ActionConstraint,\n Events extends EventConstraint,\n> = {\n /**\n * A method triggered when the permission is accepted by the user\n */\n onPermitted: SideEffectHandler<Actions, Events>;\n /**\n * A method triggered if a `onPermitted` method rejected.\n */\n onFailure?: SideEffectHandler<Actions, Events>;\n};\n\n/**\n * The different possible types of permissions.\n */\nexport enum PermissionType {\n /**\n * A restricted JSON-RPC method. A subject must have the requisite permission\n * to call a restricted JSON-RPC method.\n */\n RestrictedMethod = 'RestrictedMethod',\n\n /**\n * An \"endowment\" granted to subjects that possess the requisite permission,\n * such as a global environment variable exposing a restricted API, etc.\n */\n Endowment = 'Endowment',\n}\n\n/**\n * The base constraint for permission specification objects. Every\n * {@link Permission} supported by a {@link PermissionController} must have an\n * associated specification, which is the source of truth for all permission-\n * related types. A permission specification includes the list of permitted\n * caveats, and any factory and validation functions specified by the consumer.\n * A concrete permission specification may specify further fields as necessary.\n *\n * See the README for more details.\n */\ntype PermissionSpecificationBase<Type extends PermissionType> = {\n /**\n * The type of the specified permission.\n */\n permissionType: Type;\n\n /**\n * The name of the target resource of the permission.\n */\n targetName: string;\n\n /**\n * An array of the caveat types that may be added to instances of this\n * permission.\n */\n allowedCaveats: Readonly<NonEmptyArray<string>> | null;\n\n /**\n * The factory function used to get permission objects. Permissions returned\n * by this function are presumed to valid, and they will not be passed to the\n * validator function associated with this specification (if any). In other\n * words, the factory function should validate the permissions it creates.\n *\n * If no factory is specified, the {@link Permission} constructor will be\n * used, and the validator function (if specified) will be called on newly\n * constructed permissions.\n */\n // TODO: Replace `any` with type\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n factory?: PermissionFactory<any, Record<string, unknown>>;\n\n /**\n * The validator function used to validate permissions of the associated type\n * whenever they are granted or their caveat arrays are mutated.\n *\n * Permission validators are **not** invoked when a caveat is mutated, provided\n * the caveat array has not changed. For this reason, permission validators\n * **must not** be used to validate caveats. To validate caveats, use the\n * corresponding caveat specification property.\n *\n * The validator should throw an appropriate JSON-RPC error if validation fails.\n */\n validator?: PermissionValidatorConstraint;\n\n /**\n * The side-effect triggered by the {@link PermissionController} once the user approved it.\n * The side-effect can only be an action allowed to be called inside the {@link PermissionController}.\n *\n * If the side-effect action fails, the permission that triggered it is revoked.\n */\n sideEffect?: PermissionSideEffect<ActionConstraint, EventConstraint>;\n\n /**\n * The Permission may be available to only a subset of the subject types. If so, specify the subject types as an array.\n * If a subject with a type not in this array tries to request the permission, the call will fail.\n *\n * Leaving this as undefined uses default behaviour where the permission is available to request for all subject types.\n */\n subjectTypes?: readonly SubjectType[];\n};\n\n/**\n * The constraint for restricted method permission specification objects.\n * Permissions that correspond to JSON-RPC methods are specified using objects\n * that conform to this type.\n *\n * See the README for more details.\n */\nexport type RestrictedMethodSpecificationConstraint =\n PermissionSpecificationBase<PermissionType.RestrictedMethod> & {\n /**\n * The implementation of the restricted method that the permission\n * corresponds to.\n */\n // TODO: Replace `any` with type\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n methodImplementation: RestrictedMethod<any, Json>;\n };\n\n/**\n * The constraint for endowment permission specification objects. Permissions\n * that endow callers with some restricted resource are specified using objects\n * that conform to this type.\n *\n * See the README for more details.\n */\nexport type EndowmentSpecificationConstraint =\n PermissionSpecificationBase<PermissionType.Endowment> & {\n /**\n * The {@link EndowmentGetter} function for the permission. This function\n * will be called by the {@link PermissionController} whenever the\n * permission is invoked, after which the host can apply the endowments to\n * the requesting subject in the intended manner.\n */\n endowmentGetter: EndowmentGetter<Json>;\n };\n\n/**\n * The constraint for permission specification objects. Every {@link Permission}\n * supported by a {@link PermissionController} must have an associated\n * specification, which is the source of truth for all permission-related types.\n * All specifications must adhere to the {@link PermissionSpecificationBase}\n * interface, but specifications may have different fields depending on the\n * {@link PermissionType}.\n *\n * See the README for more details.\n */\nexport type PermissionSpecificationConstraint =\n | EndowmentSpecificationConstraint\n | RestrictedMethodSpecificationConstraint;\n\n/**\n * Options for {@link PermissionSpecificationBuilder} functions.\n */\ntype PermissionSpecificationBuilderOptions<\n MethodHooks extends Record<string, unknown>,\n SpecMessenger = unknown,\n> = {\n targetName?: string;\n allowedCaveats?: Readonly<NonEmptyArray<string>> | null;\n methodHooks?: MethodHooks;\n /**\n * A messenger scoped to this permission specification. The messenger is\n * expected to have exactly the actions declared by the spec's `actionNames`\n * delegated to it; {@link createRestrictedMethodMessenger} is the canonical\n * way to construct it.\n */\n messenger?: SpecMessenger;\n};\n\n/**\n * A function that builds a permission specification. Modules that specify\n * permissions for external consumption should make this their primary /\n * default export so that host applications can use them to generate concrete\n * specifications tailored to their requirements.\n */\nexport type PermissionSpecificationBuilder<\n Type extends PermissionType,\n Options extends PermissionSpecificationBuilderOptions<\n Record<string, unknown>\n >,\n Specification extends PermissionSpecificationConstraint & {\n permissionType: Type;\n },\n> = (options: Options) => Specification;\n\ntype ValidRestrictedMethodSpecification<\n Specification extends RestrictedMethodSpecificationConstraint,\n> =\n Specification['methodImplementation'] extends ValidRestrictedMethod<\n Specification['methodImplementation']\n >\n ? Specification\n : never;\n\n/**\n * Constraint for {@link PermissionSpecificationConstraint} objects that\n * evaluates to `never` if the specification contains any invalid fields.\n *\n * @template Specification - The permission specification to validate.\n */\nexport type ValidPermissionSpecification<\n Specification extends PermissionSpecificationConstraint,\n> = Specification['targetName'] extends TargetName\n ? Specification['permissionType'] extends PermissionType.Endowment\n ? Specification\n : Specification['permissionType'] extends PermissionType.RestrictedMethod\n ? ValidRestrictedMethodSpecification<\n Extract<Specification, RestrictedMethodSpecificationConstraint>\n >\n : never\n : never;\n\n/**\n * Checks that the specification has the expected permission type.\n *\n * @param specification - The specification to check.\n * @param expectedType - The expected permission type.\n * @template Specification - The specification to check.\n * @template Type - The expected permission type.\n * @returns Whether or not the specification is of the expected type.\n */\nexport function hasSpecificationType<\n Specification extends PermissionSpecificationConstraint,\n Type extends PermissionType,\n>(\n specification: Specification,\n expectedType: Type,\n): specification is Specification & {\n permissionType: Type;\n} {\n return specification.permissionType === expectedType;\n}\n\n/**\n * The specifications for all permissions supported by a particular\n * {@link PermissionController}.\n *\n * @template Specifications - The union of all {@link PermissionSpecificationConstraint} types.\n */\nexport type PermissionSpecificationMap<\n Specification extends PermissionSpecificationConstraint,\n> = {\n [Name in Specification['targetName']]: Specification extends {\n targetName: Name;\n }\n ? Specification\n : never;\n};\n\n/**\n * Extracts a specific {@link PermissionSpecificationConstraint} from a union of\n * permission specifications.\n *\n * @template Specification - The specification union type to extract from.\n * @template Name - The `targetName` of the specification to extract.\n */\nexport type ExtractPermissionSpecification<\n Specification extends PermissionSpecificationConstraint,\n Name extends Specification['targetName'],\n> = Specification extends {\n targetName: Name;\n}\n ? Specification\n : never;\n"]}
package/dist/PermissionController-method-action-types.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"PermissionController-method-action-types.cjs","sourceRoot":"","sources":["../src/PermissionController-method-action-types.ts"],"names":[],"mappings":";AAAA;;;GAGG","sourcesContent":["/**\n * This file is auto generated.\n * Do not edit manually.\n */\n\nimport type { PermissionController } from './PermissionController';\n\n/**\n * Clears the state of the controller.\n */\nexport type PermissionControllerClearStateAction = {\n type: `PermissionController:clearState`;\n handler: PermissionController['clearState'];\n};\n\n/**\n * Creates a permission middleware function. Like any {@link JsonRpcEngine}\n * middleware, each middleware will only receive requests from a particular\n * subject / origin.\n *\n * The middlewares returned will pass through requests for\n * unrestricted methods, and attempt to execute restricted methods. If a method\n * is neither restricted nor unrestricted, a \"method not found\" error will be\n * returned.\n * If a method is restricted, the middleware will first attempt to retrieve the\n * subject's permission for that method. If the permission is found, the method\n * will be executed. Otherwise, an \"unauthorized\" error will be returned.\n *\n * The middleware **must** be added in the correct place in the middleware\n * stack in order for it to work. See the README for an example.\n *\n * @param subject The permission subject.\n * @returns A `json-rpc-engine` middleware.\n */\nexport type PermissionControllerCreatePermissionMiddlewareAction = {\n type: `PermissionController:createPermissionMiddleware`;\n handler: PermissionController['createPermissionMiddleware'];\n};\n\n/**\n * Gets a list of all origins of subjects.\n *\n * @returns The origins (i.e. IDs) of all subjects.\n */\nexport type PermissionControllerGetSubjectNamesAction = {\n type: `PermissionController:getSubjectNames`;\n handler: PermissionController['getSubjectNames'];\n};\n\n/**\n * Gets all permissions for the specified subject, if any.\n *\n * @param origin - The origin of the subject.\n * @returns The permissions of the subject, if any.\n */\nexport type PermissionControllerGetPermissionsAction = {\n type: `PermissionController:getPermissions`;\n handler: PermissionController['getPermissions'];\n};\n\n/**\n * Checks whether the subject with the specified origin has the specified\n * permission.\n *\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @returns Whether the subject has the permission.\n */\nexport type PermissionControllerHasPermissionAction = {\n type: `PermissionController:hasPermission`;\n handler: PermissionController['hasPermission'];\n};\n\n/**\n * Checks whether the subject with the specified origin has any permissions.\n * Use this if you want to know if a subject \"exists\".\n *\n * @param origin - The origin of the subject to check.\n * @returns Whether the subject has any permissions.\n */\nexport type PermissionControllerHasPermissionsAction = {\n type: `PermissionController:hasPermissions`;\n handler: PermissionController['hasPermissions'];\n};\n\n/**\n * Revokes all permissions from the specified origin.\n *\n * Throws an error of the origin has no permissions.\n *\n * @param origin - The origin whose permissions to revoke.\n */\nexport type PermissionControllerRevokeAllPermissionsAction = {\n type: `PermissionController:revokeAllPermissions`;\n handler: PermissionController['revokeAllPermissions'];\n};\n\n/**\n * Revokes the specified permissions from the specified subjects.\n *\n * Throws an error if any of the subjects or permissions do not exist.\n *\n * @param subjectsAndPermissions - An object mapping subject origins\n * to arrays of permission target names to revoke.\n */\nexport type PermissionControllerRevokePermissionsAction = {\n type: `PermissionController:revokePermissions`;\n handler: PermissionController['revokePermissions'];\n};\n\n/**\n * Revokes all permissions corresponding to the specified target for all subjects.\n * Does nothing if no subjects or no such permission exists.\n *\n * @param target - The name of the target to revoke all permissions for.\n */\nexport type PermissionControllerRevokePermissionForAllSubjectsAction = {\n type: `PermissionController:revokePermissionForAllSubjects`;\n handler: PermissionController['revokePermissionForAllSubjects'];\n};\n\n/**\n * Gets the caveat of the specified type, if any, for the permission of\n * the subject corresponding to the given origin.\n *\n * Throws an error if the subject does not have a permission with the\n * specified target name.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to get.\n * @returns The caveat, or `undefined` if no such caveat exists.\n */\nexport type PermissionControllerGetCaveatAction = {\n type: `PermissionController:getCaveat`;\n handler: PermissionController['getCaveat'];\n};\n\n/**\n * Updates the value of the caveat of the specified type belonging to the\n * permission corresponding to the given subject origin and permission\n * target.\n *\n * For adding new caveats, use\n * {@link PermissionController.addCaveat}.\n *\n * Throws an error if no such permission or caveat exists.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to update.\n * @param caveatValue - The new value of the caveat.\n */\nexport type PermissionControllerUpdateCaveatAction = {\n type: `PermissionController:updateCaveat`;\n handler: PermissionController['updateCaveat'];\n};\n\n/**\n * Grants _approved_ permissions to the specified subject. Every permission and\n * caveat is stringently validated—including by calling their specification\n * validators—and an error is thrown if validation fails.\n *\n * ATTN: This method does **not** prompt the user for approval. User consent must\n * first be obtained through some other means.\n *\n * @see {@link PermissionController.requestPermissions} For initiating a\n * permissions request requiring user approval.\n * @param options - Options bag.\n * @param options.approvedPermissions - The requested permissions approved by\n * the user.\n * @param options.requestData - Permission request data. Passed to permission\n * factory functions.\n * @param options.preserveExistingPermissions - Whether to preserve the\n * subject's existing permissions.\n * @param options.subject - The subject to grant permissions to.\n * @returns The subject's new permission state. It may or may not have changed.\n */\nexport type PermissionControllerGrantPermissionsAction = {\n type: `PermissionController:grantPermissions`;\n handler: PermissionController['grantPermissions'];\n};\n\n/**\n * Incrementally grants _approved_ permissions to the specified subject. Every\n * permission and caveat is stringently validated—including by calling their\n * specification validators—and an error is thrown if validation fails.\n *\n * ATTN: This method does **not** prompt the user for approval. User consent must\n * first be obtained through some other means.\n *\n * @see {@link PermissionController.requestPermissionsIncremental} For initiating\n * an incremental permissions request requiring user approval.\n * @param options - Options bag.\n * @param options.approvedPermissions - The requested permissions approved by\n * the user.\n * @param options.requestData - Permission request data. Passed to permission\n * factory functions.\n * @param options.subject - The subject to grant permissions to.\n * @returns The subject's new permission state. It may or may not have changed.\n */\nexport type PermissionControllerGrantPermissionsIncrementalAction = {\n type: `PermissionController:grantPermissionsIncremental`;\n handler: PermissionController['grantPermissionsIncremental'];\n};\n\n/**\n * Initiates a permission request that requires user approval.\n *\n * Either this or {@link PermissionController.requestPermissionsIncremental}\n * should always be used to grant additional permissions to a subject,\n * unless user approval has been obtained through some other means.\n *\n * Permissions are validated at every step of the approval process, and this\n * method will reject if validation fails.\n *\n * @see {@link ApprovalController} For the user approval logic.\n * @see {@link PermissionController.acceptPermissionsRequest} For the method\n * that _accepts_ the request and resolves the user approval promise.\n * @see {@link PermissionController.rejectPermissionsRequest} For the method\n * that _rejects_ the request and the user approval promise.\n * @param subject - The grantee subject.\n * @param requestedPermissions - The requested permissions.\n * @param options - Additional options.\n * @param options.id - The id of the permissions request. Defaults to a unique\n * id.\n * @param options.preserveExistingPermissions - Whether to preserve the\n * subject's existing permissions. Defaults to `true`.\n * @param options.metadata - Additional metadata about the permission request.\n * @returns The granted permissions and request metadata.\n */\nexport type PermissionControllerRequestPermissionsAction = {\n type: `PermissionController:requestPermissions`;\n handler: PermissionController['requestPermissions'];\n};\n\n/**\n * Initiates an incremental permission request that prompts for user approval.\n * Incremental permission requests allow the caller to replace existing and/or\n * add brand new permissions and caveats for the specified subject.\n *\n * Incremental permission request are merged with the subject's existing permissions\n * through a right-biased union, where the incremental permission are the right-hand\n * side of the merger. If both sides of the merger specify the same caveats for a\n * given permission, the caveats are merged using their specification's caveat value\n * merger property.\n *\n * Either this or {@link PermissionController.requestPermissions} should\n * always be used to grant additional permissions to a subject, unless user\n * approval has been obtained through some other means.\n *\n * Permissions are validated at every step of the approval process, and this\n * method will reject if validation fails.\n *\n * @see {@link ApprovalController} For the user approval logic.\n * @see {@link PermissionController.acceptPermissionsRequest} For the method\n * that _accepts_ the request and resolves the user approval promise.\n * @see {@link PermissionController.rejectPermissionsRequest} For the method\n * that _rejects_ the request and the user approval promise.\n * @param subject - The grantee subject.\n * @param requestedPermissions - The requested permissions.\n * @param options - Additional options.\n * @param options.id - The id of the permissions request. Defaults to a unique\n * id.\n * @param options.metadata - Additional metadata about the permission request.\n * @returns The granted permissions and request metadata.\n */\nexport type PermissionControllerRequestPermissionsIncrementalAction = {\n type: `PermissionController:requestPermissionsIncremental`;\n handler: PermissionController['requestPermissionsIncremental'];\n};\n\n/**\n * Gets the subject's endowments per the specified endowment permission.\n * Throws if the subject does not have the required permission or if the\n * permission is not an endowment permission.\n *\n * @param origin - The origin of the subject whose endowments to retrieve.\n * @param targetName - The name of the endowment permission. This must be a\n * valid permission target name.\n * @param requestData - Additional data associated with the request, if any.\n * Forwarded to the endowment getter function for the permission.\n * @returns The endowments, if any.\n */\nexport type PermissionControllerGetEndowmentsAction = {\n type: `PermissionController:getEndowments`;\n handler: PermissionController['getEndowments'];\n};\n\n/**\n * Union of all PermissionController action types.\n */\nexport type PermissionControllerMethodActions =\n | PermissionControllerClearStateAction\n | PermissionControllerCreatePermissionMiddlewareAction\n | PermissionControllerGetSubjectNamesAction\n | PermissionControllerGetPermissionsAction\n | PermissionControllerHasPermissionAction\n | PermissionControllerHasPermissionsAction\n | PermissionControllerRevokeAllPermissionsAction\n | PermissionControllerRevokePermissionsAction\n | PermissionControllerRevokePermissionForAllSubjectsAction\n | PermissionControllerGetCaveatAction\n | PermissionControllerUpdateCaveatAction\n | PermissionControllerGrantPermissionsAction\n | PermissionControllerGrantPermissionsIncrementalAction\n | PermissionControllerRequestPermissionsAction\n | PermissionControllerRequestPermissionsIncrementalAction\n | PermissionControllerGetEndowmentsAction;\n"]}
1
+ {"version":3,"file":"PermissionController-method-action-types.cjs","sourceRoot":"","sources":["../src/PermissionController-method-action-types.ts"],"names":[],"mappings":";AAAA;;;GAGG","sourcesContent":["/**\n * This file is auto generated.\n * Do not edit manually.\n */\n\nimport type { PermissionController } from './PermissionController';\n\n/**\n * Checks whether the given method was declared as unrestricted at\n * construction time. Methods unknown to the controller return `false` and\n * would be treated as restricted by callers such as the permission\n * middleware.\n *\n * @param method - The name of the method to check.\n * @returns Whether the method is unrestricted.\n */\nexport type PermissionControllerHasUnrestrictedMethodAction = {\n type: `PermissionController:hasUnrestrictedMethod`;\n handler: PermissionController['hasUnrestrictedMethod'];\n};\n\n/**\n * Clears the state of the controller.\n */\nexport type PermissionControllerClearStateAction = {\n type: `PermissionController:clearState`;\n handler: PermissionController['clearState'];\n};\n\n/**\n * Gets a list of all origins of subjects.\n *\n * @returns The origins (i.e. IDs) of all subjects.\n */\nexport type PermissionControllerGetSubjectNamesAction = {\n type: `PermissionController:getSubjectNames`;\n handler: PermissionController['getSubjectNames'];\n};\n\n/**\n * Gets all permissions for the specified subject, if any.\n *\n * @param origin - The origin of the subject.\n * @returns The permissions of the subject, if any.\n */\nexport type PermissionControllerGetPermissionsAction = {\n type: `PermissionController:getPermissions`;\n handler: PermissionController['getPermissions'];\n};\n\n/**\n * Checks whether the subject with the specified origin has the specified\n * permission.\n *\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @returns Whether the subject has the permission.\n */\nexport type PermissionControllerHasPermissionAction = {\n type: `PermissionController:hasPermission`;\n handler: PermissionController['hasPermission'];\n};\n\n/**\n * Checks whether the subject with the specified origin has any permissions.\n * Use this if you want to know if a subject \"exists\".\n *\n * @param origin - The origin of the subject to check.\n * @returns Whether the subject has any permissions.\n */\nexport type PermissionControllerHasPermissionsAction = {\n type: `PermissionController:hasPermissions`;\n handler: PermissionController['hasPermissions'];\n};\n\n/**\n * Revokes all permissions from the specified origin.\n *\n * Throws an error if the origin has no permissions.\n *\n * @param origin - The origin whose permissions to revoke.\n */\nexport type PermissionControllerRevokeAllPermissionsAction = {\n type: `PermissionController:revokeAllPermissions`;\n handler: PermissionController['revokeAllPermissions'];\n};\n\n/**\n * Revokes the specified permissions from the specified subjects.\n *\n * Throws an error if any of the subjects or permissions do not exist.\n *\n * @param subjectsAndPermissions - An object mapping subject origins\n * to arrays of permission target names to revoke.\n */\nexport type PermissionControllerRevokePermissionsAction = {\n type: `PermissionController:revokePermissions`;\n handler: PermissionController['revokePermissions'];\n};\n\n/**\n * Revokes all permissions corresponding to the specified target for all subjects.\n * Does nothing if no subjects or no such permission exists.\n *\n * @param target - The name of the target to revoke all permissions for.\n */\nexport type PermissionControllerRevokePermissionForAllSubjectsAction = {\n type: `PermissionController:revokePermissionForAllSubjects`;\n handler: PermissionController['revokePermissionForAllSubjects'];\n};\n\n/**\n * Gets the caveat of the specified type, if any, for the permission of\n * the subject corresponding to the given origin.\n *\n * Throws an error if the subject does not have a permission with the\n * specified target name.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to get.\n * @returns The caveat, or `undefined` if no such caveat exists.\n */\nexport type PermissionControllerGetCaveatAction = {\n type: `PermissionController:getCaveat`;\n handler: PermissionController['getCaveat'];\n};\n\n/**\n * Updates the value of the caveat of the specified type belonging to the\n * permission corresponding to the given subject origin and permission\n * target.\n *\n * For adding new caveats, use\n * {@link PermissionController.addCaveat}.\n *\n * Throws an error if no such permission or caveat exists.\n *\n * @template TargetName - The permission target name. Should be inferred.\n * @template CaveatType - The valid caveat types for the permission. Should\n * be inferred.\n * @param origin - The origin of the subject.\n * @param target - The target name of the permission.\n * @param caveatType - The type of the caveat to update.\n * @param caveatValue - The new value of the caveat.\n */\nexport type PermissionControllerUpdateCaveatAction = {\n type: `PermissionController:updateCaveat`;\n handler: PermissionController['updateCaveat'];\n};\n\n/**\n * Grants _approved_ permissions to the specified subject. Every permission and\n * caveat is stringently validated—including by calling their specification\n * validators—and an error is thrown if validation fails.\n *\n * ATTN: This method does **not** prompt the user for approval. User consent must\n * first be obtained through some other means.\n *\n * @see {@link PermissionController.requestPermissions} For initiating a\n * permissions request requiring user approval.\n * @param options - Options bag.\n * @param options.approvedPermissions - The requested permissions approved by\n * the user.\n * @param options.requestData - Permission request data. Passed to permission\n * factory functions.\n * @param options.preserveExistingPermissions - Whether to preserve the\n * subject's existing permissions.\n * @param options.subject - The subject to grant permissions to.\n * @returns The subject's new permission state. It may or may not have changed.\n */\nexport type PermissionControllerGrantPermissionsAction = {\n type: `PermissionController:grantPermissions`;\n handler: PermissionController['grantPermissions'];\n};\n\n/**\n * Incrementally grants _approved_ permissions to the specified subject. Every\n * permission and caveat is stringently validated—including by calling their\n * specification validators—and an error is thrown if validation fails.\n *\n * ATTN: This method does **not** prompt the user for approval. User consent must\n * first be obtained through some other means.\n *\n * @see {@link PermissionController.requestPermissionsIncremental} For initiating\n * an incremental permissions request requiring user approval.\n * @param options - Options bag.\n * @param options.approvedPermissions - The requested permissions approved by\n * the user.\n * @param options.requestData - Permission request data. Passed to permission\n * factory functions.\n * @param options.subject - The subject to grant permissions to.\n * @returns The subject's new permission state. It may or may not have changed.\n */\nexport type PermissionControllerGrantPermissionsIncrementalAction = {\n type: `PermissionController:grantPermissionsIncremental`;\n handler: PermissionController['grantPermissionsIncremental'];\n};\n\n/**\n * Initiates a permission request that requires user approval.\n *\n * Either this or {@link PermissionController.requestPermissionsIncremental}\n * should always be used to grant additional permissions to a subject,\n * unless user approval has been obtained through some other means.\n *\n * Permissions are validated at every step of the approval process, and this\n * method will reject if validation fails.\n *\n * @see {@link ApprovalController} For the user approval logic.\n * @see {@link PermissionController.acceptPermissionsRequest} For the method\n * that _accepts_ the request and resolves the user approval promise.\n * @see {@link PermissionController.rejectPermissionsRequest} For the method\n * that _rejects_ the request and the user approval promise.\n * @param subject - The grantee subject.\n * @param requestedPermissions - The requested permissions.\n * @param options - Additional options.\n * @param options.id - The id of the permissions request. Defaults to a unique\n * id.\n * @param options.preserveExistingPermissions - Whether to preserve the\n * subject's existing permissions. Defaults to `true`.\n * @param options.metadata - Additional metadata about the permission request.\n * @returns The granted permissions and request metadata.\n */\nexport type PermissionControllerRequestPermissionsAction = {\n type: `PermissionController:requestPermissions`;\n handler: PermissionController['requestPermissions'];\n};\n\n/**\n * Initiates an incremental permission request that prompts for user approval.\n * Incremental permission requests allow the caller to replace existing and/or\n * add brand new permissions and caveats for the specified subject.\n *\n * Incremental permission request are merged with the subject's existing permissions\n * through a right-biased union, where the incremental permission are the right-hand\n * side of the merger. If both sides of the merger specify the same caveats for a\n * given permission, the caveats are merged using their specification's caveat value\n * merger property.\n *\n * Either this or {@link PermissionController.requestPermissions} should\n * always be used to grant additional permissions to a subject, unless user\n * approval has been obtained through some other means.\n *\n * Permissions are validated at every step of the approval process, and this\n * method will reject if validation fails.\n *\n * @see {@link ApprovalController} For the user approval logic.\n * @see {@link PermissionController.acceptPermissionsRequest} For the method\n * that _accepts_ the request and resolves the user approval promise.\n * @see {@link PermissionController.rejectPermissionsRequest} For the method\n * that _rejects_ the request and the user approval promise.\n * @param subject - The grantee subject.\n * @param requestedPermissions - The requested permissions.\n * @param options - Additional options.\n * @param options.id - The id of the permissions request. Defaults to a unique\n * id.\n * @param options.metadata - Additional metadata about the permission request.\n * @returns The granted permissions and request metadata.\n */\nexport type PermissionControllerRequestPermissionsIncrementalAction = {\n type: `PermissionController:requestPermissionsIncremental`;\n handler: PermissionController['requestPermissionsIncremental'];\n};\n\n/**\n * Gets the subject's endowments per the specified endowment permission.\n * Throws if the subject does not have the required permission or if the\n * permission is not an endowment permission.\n *\n * @param origin - The origin of the subject whose endowments to retrieve.\n * @param targetName - The name of the endowment permission. This must be a\n * valid permission target name.\n * @param requestData - Additional data associated with the request, if any.\n * Forwarded to the endowment getter function for the permission.\n * @returns The endowments, if any.\n */\nexport type PermissionControllerGetEndowmentsAction = {\n type: `PermissionController:getEndowments`;\n handler: PermissionController['getEndowments'];\n};\n\n/**\n * Executes a restricted method as the subject with the given origin.\n * The specified params, if any, will be passed to the method implementation.\n *\n * ATTN: Great caution should be exercised in the use of this method.\n * Methods that cause side effects or affect application state should\n * be avoided.\n *\n * This method will first attempt to retrieve the requested restricted method\n * implementation, throwing if it does not exist. The method will then be\n * invoked as though the subject with the specified origin had invoked it with\n * the specified parameters. This means that any existing caveats will be\n * applied to the restricted method, and this method will throw if the\n * restricted method or its caveat decorators throw.\n *\n * In addition, this method will throw if the subject does not have a\n * permission for the specified restricted method.\n *\n * @param origin - The origin of the subject to execute the method on behalf\n * of.\n * @param targetName - The name of the method to execute. This must be a valid\n * permission target name.\n * @param params - The parameters to pass to the method implementation.\n * @returns The result of the executed method.\n */\nexport type PermissionControllerExecuteRestrictedMethodAction = {\n type: `PermissionController:executeRestrictedMethod`;\n handler: PermissionController['executeRestrictedMethod'];\n};\n\n/**\n * Union of all PermissionController action types.\n */\nexport type PermissionControllerMethodActions =\n | PermissionControllerHasUnrestrictedMethodAction\n | PermissionControllerClearStateAction\n | PermissionControllerGetSubjectNamesAction\n | PermissionControllerGetPermissionsAction\n | PermissionControllerHasPermissionAction\n | PermissionControllerHasPermissionsAction\n | PermissionControllerRevokeAllPermissionsAction\n | PermissionControllerRevokePermissionsAction\n | PermissionControllerRevokePermissionForAllSubjectsAction\n | PermissionControllerGetCaveatAction\n | PermissionControllerUpdateCaveatAction\n | PermissionControllerGrantPermissionsAction\n | PermissionControllerGrantPermissionsIncrementalAction\n | PermissionControllerRequestPermissionsAction\n | PermissionControllerRequestPermissionsIncrementalAction\n | PermissionControllerGetEndowmentsAction\n | PermissionControllerExecuteRestrictedMethodAction;\n"]}
package/dist/PermissionController-method-action-types.d.cts CHANGED
@@ -3,6 +3,19 @@
3
3
  * Do not edit manually.
4
4
  */
5
5
  import type { PermissionController } from "./PermissionController.cjs";
6
+ /**
7
+ * Checks whether the given method was declared as unrestricted at
8
+ * construction time. Methods unknown to the controller return `false` and
9
+ * would be treated as restricted by callers such as the permission
10
+ * middleware.
11
+ *
12
+ * @param method - The name of the method to check.
13
+ * @returns Whether the method is unrestricted.
14
+ */
15
+ export type PermissionControllerHasUnrestrictedMethodAction = {
16
+ type: `PermissionController:hasUnrestrictedMethod`;
17
+ handler: PermissionController['hasUnrestrictedMethod'];
18
+ };
6
19
  /**
7
20
  * Clears the state of the controller.
8
21
  */
@@ -10,29 +23,6 @@ export type PermissionControllerClearStateAction = {
10
23
  type: `PermissionController:clearState`;
11
24
  handler: PermissionController['clearState'];
12
25
  };
13
- /**
14
- * Creates a permission middleware function. Like any {@link JsonRpcEngine}
15
- * middleware, each middleware will only receive requests from a particular
16
- * subject / origin.
17
- *
18
- * The middlewares returned will pass through requests for
19
- * unrestricted methods, and attempt to execute restricted methods. If a method
20
- * is neither restricted nor unrestricted, a "method not found" error will be
21
- * returned.
22
- * If a method is restricted, the middleware will first attempt to retrieve the
23
- * subject's permission for that method. If the permission is found, the method
24
- * will be executed. Otherwise, an "unauthorized" error will be returned.
25
- *
26
- * The middleware **must** be added in the correct place in the middleware
27
- * stack in order for it to work. See the README for an example.
28
- *
29
- * @param subject The permission subject.
30
- * @returns A `json-rpc-engine` middleware.
31
- */
32
- export type PermissionControllerCreatePermissionMiddlewareAction = {
33
- type: `PermissionController:createPermissionMiddleware`;
34
- handler: PermissionController['createPermissionMiddleware'];
35
- };
36
26
  /**
37
27
  * Gets a list of all origins of subjects.
38
28
  *
@@ -78,7 +68,7 @@ export type PermissionControllerHasPermissionsAction = {
78
68
  /**
79
69
  * Revokes all permissions from the specified origin.
80
70
  *
81
- * Throws an error of the origin has no permissions.
71
+ * Throws an error if the origin has no permissions.
82
72
  *
83
73
  * @param origin - The origin whose permissions to revoke.
84
74
  */
@@ -275,8 +265,37 @@ export type PermissionControllerGetEndowmentsAction = {
275
265
  type: `PermissionController:getEndowments`;
276
266
  handler: PermissionController['getEndowments'];
277
267
  };
268
+ /**
269
+ * Executes a restricted method as the subject with the given origin.
270
+ * The specified params, if any, will be passed to the method implementation.
271
+ *
272
+ * ATTN: Great caution should be exercised in the use of this method.
273
+ * Methods that cause side effects or affect application state should
274
+ * be avoided.
275
+ *
276
+ * This method will first attempt to retrieve the requested restricted method
277
+ * implementation, throwing if it does not exist. The method will then be
278
+ * invoked as though the subject with the specified origin had invoked it with
279
+ * the specified parameters. This means that any existing caveats will be
280
+ * applied to the restricted method, and this method will throw if the
281
+ * restricted method or its caveat decorators throw.
282
+ *
283
+ * In addition, this method will throw if the subject does not have a
284
+ * permission for the specified restricted method.
285
+ *
286
+ * @param origin - The origin of the subject to execute the method on behalf
287
+ * of.
288
+ * @param targetName - The name of the method to execute. This must be a valid
289
+ * permission target name.
290
+ * @param params - The parameters to pass to the method implementation.
291
+ * @returns The result of the executed method.
292
+ */
293
+ export type PermissionControllerExecuteRestrictedMethodAction = {
294
+ type: `PermissionController:executeRestrictedMethod`;
295
+ handler: PermissionController['executeRestrictedMethod'];
296
+ };
278
297
  /**
279
298
  * Union of all PermissionController action types.
280
299
  */
281
- export type PermissionControllerMethodActions = PermissionControllerClearStateAction | PermissionControllerCreatePermissionMiddlewareAction | PermissionControllerGetSubjectNamesAction | PermissionControllerGetPermissionsAction | PermissionControllerHasPermissionAction | PermissionControllerHasPermissionsAction | PermissionControllerRevokeAllPermissionsAction | PermissionControllerRevokePermissionsAction | PermissionControllerRevokePermissionForAllSubjectsAction | PermissionControllerGetCaveatAction | PermissionControllerUpdateCaveatAction | PermissionControllerGrantPermissionsAction | PermissionControllerGrantPermissionsIncrementalAction | PermissionControllerRequestPermissionsAction | PermissionControllerRequestPermissionsIncrementalAction | PermissionControllerGetEndowmentsAction;
300
+ export type PermissionControllerMethodActions = PermissionControllerHasUnrestrictedMethodAction | PermissionControllerClearStateAction | PermissionControllerGetSubjectNamesAction | PermissionControllerGetPermissionsAction | PermissionControllerHasPermissionAction | PermissionControllerHasPermissionsAction | PermissionControllerRevokeAllPermissionsAction | PermissionControllerRevokePermissionsAction | PermissionControllerRevokePermissionForAllSubjectsAction | PermissionControllerGetCaveatAction | PermissionControllerUpdateCaveatAction | PermissionControllerGrantPermissionsAction | PermissionControllerGrantPermissionsIncrementalAction | PermissionControllerRequestPermissionsAction | PermissionControllerRequestPermissionsIncrementalAction | PermissionControllerGetEndowmentsAction | PermissionControllerExecuteRestrictedMethodAction;
282
301
  //# sourceMappingURL=PermissionController-method-action-types.d.cts.map
package/dist/PermissionController-method-action-types.d.cts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"PermissionController-method-action-types.d.cts","sourceRoot":"","sources":["../src/PermissionController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,mCAA+B;AAEnE;;GAEG;AACH,MAAM,MAAM,oCAAoC,GAAG;IACjD,IAAI,EAAE,iCAAiC,CAAC;IACxC,OAAO,EAAE,oBAAoB,CAAC,YAAY,CAAC,CAAC;CAC7C,CAAC;AAEF;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,MAAM,oDAAoD,GAAG;IACjE,IAAI,EAAE,iDAAiD,CAAC;IACxD,OAAO,EAAE,oBAAoB,CAAC,4BAA4B,CAAC,CAAC;CAC7D,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,yCAAyC,GAAG;IACtD,IAAI,EAAE,sCAAsC,CAAC;IAC7C,OAAO,EAAE,oBAAoB,CAAC,iBAAiB,CAAC,CAAC;CAClD,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,oBAAoB,CAAC,gBAAgB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,uCAAuC,GAAG;IACpD,IAAI,EAAE,oCAAoC,CAAC;IAC3C,OAAO,EAAE,oBAAoB,CAAC,eAAe,CAAC,CAAC;CAChD,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,oBAAoB,CAAC,gBAAgB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,8CAA8C,GAAG;IAC3D,IAAI,EAAE,2CAA2C,CAAC;IAClD,OAAO,EAAE,oBAAoB,CAAC,sBAAsB,CAAC,CAAC;CACvD,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,2CAA2C,GAAG;IACxD,IAAI,EAAE,wCAAwC,CAAC;IAC/C,OAAO,EAAE,oBAAoB,CAAC,mBAAmB,CAAC,CAAC;CACpD,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,wDAAwD,GAAG;IACrE,IAAI,EAAE,qDAAqD,CAAC;IAC5D,OAAO,EAAE,oBAAoB,CAAC,gCAAgC,CAAC,CAAC;CACjE,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,MAAM,MAAM,mCAAmC,GAAG;IAChD,IAAI,EAAE,gCAAgC,CAAC;IACvC,OAAO,EAAE,oBAAoB,CAAC,WAAW,CAAC,CAAC;CAC5C,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,MAAM,sCAAsC,GAAG;IACnD,IAAI,EAAE,mCAAmC,CAAC;IAC1C,OAAO,EAAE,oBAAoB,CAAC,cAAc,CAAC,CAAC;CAC/C,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,MAAM,0CAA0C,GAAG;IACvD,IAAI,EAAE,uCAAuC,CAAC;IAC9C,OAAO,EAAE,oBAAoB,CAAC,kBAAkB,CAAC,CAAC;CACnD,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,MAAM,qDAAqD,GAAG;IAClE,IAAI,EAAE,kDAAkD,CAAC;IACzD,OAAO,EAAE,oBAAoB,CAAC,6BAA6B,CAAC,CAAC;CAC9D,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,MAAM,4CAA4C,GAAG;IACzD,IAAI,EAAE,yCAAyC,CAAC;IAChD,OAAO,EAAE,oBAAoB,CAAC,oBAAoB,CAAC,CAAC;CACrD,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,MAAM,MAAM,uDAAuD,GAAG;IACpE,IAAI,EAAE,oDAAoD,CAAC;IAC3D,OAAO,EAAE,oBAAoB,CAAC,+BAA+B,CAAC,CAAC;CAChE,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,uCAAuC,GAAG;IACpD,IAAI,EAAE,oCAAoC,CAAC;IAC3C,OAAO,EAAE,oBAAoB,CAAC,eAAe,CAAC,CAAC;CAChD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iCAAiC,GACzC,oCAAoC,GACpC,oDAAoD,GACpD,yCAAyC,GACzC,wCAAwC,GACxC,uCAAuC,GACvC,wCAAwC,GACxC,8CAA8C,GAC9C,2CAA2C,GAC3C,wDAAwD,GACxD,mCAAmC,GACnC,sCAAsC,GACtC,0CAA0C,GAC1C,qDAAqD,GACrD,4CAA4C,GAC5C,uDAAuD,GACvD,uCAAuC,CAAC"}
1
+ {"version":3,"file":"PermissionController-method-action-types.d.cts","sourceRoot":"","sources":["../src/PermissionController-method-action-types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,mCAA+B;AAEnE;;;;;;;;GAQG;AACH,MAAM,MAAM,+CAA+C,GAAG;IAC5D,IAAI,EAAE,4CAA4C,CAAC;IACnD,OAAO,EAAE,oBAAoB,CAAC,uBAAuB,CAAC,CAAC;CACxD,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,oCAAoC,GAAG;IACjD,IAAI,EAAE,iCAAiC,CAAC;IACxC,OAAO,EAAE,oBAAoB,CAAC,YAAY,CAAC,CAAC;CAC7C,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,yCAAyC,GAAG;IACtD,IAAI,EAAE,sCAAsC,CAAC;IAC7C,OAAO,EAAE,oBAAoB,CAAC,iBAAiB,CAAC,CAAC;CAClD,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,oBAAoB,CAAC,gBAAgB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,uCAAuC,GAAG;IACpD,IAAI,EAAE,oCAAoC,CAAC;IAC3C,OAAO,EAAE,oBAAoB,CAAC,eAAe,CAAC,CAAC;CAChD,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,wCAAwC,GAAG;IACrD,IAAI,EAAE,qCAAqC,CAAC;IAC5C,OAAO,EAAE,oBAAoB,CAAC,gBAAgB,CAAC,CAAC;CACjD,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,8CAA8C,GAAG;IAC3D,IAAI,EAAE,2CAA2C,CAAC;IAClD,OAAO,EAAE,oBAAoB,CAAC,sBAAsB,CAAC,CAAC;CACvD,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,2CAA2C,GAAG;IACxD,IAAI,EAAE,wCAAwC,CAAC;IAC/C,OAAO,EAAE,oBAAoB,CAAC,mBAAmB,CAAC,CAAC;CACpD,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,wDAAwD,GAAG;IACrE,IAAI,EAAE,qDAAqD,CAAC;IAC5D,OAAO,EAAE,oBAAoB,CAAC,gCAAgC,CAAC,CAAC;CACjE,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,MAAM,MAAM,mCAAmC,GAAG;IAChD,IAAI,EAAE,gCAAgC,CAAC;IACvC,OAAO,EAAE,oBAAoB,CAAC,WAAW,CAAC,CAAC;CAC5C,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,MAAM,sCAAsC,GAAG;IACnD,IAAI,EAAE,mCAAmC,CAAC;IAC1C,OAAO,EAAE,oBAAoB,CAAC,cAAc,CAAC,CAAC;CAC/C,CAAC;AAEF;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,MAAM,0CAA0C,GAAG;IACvD,IAAI,EAAE,uCAAuC,CAAC;IAC9C,OAAO,EAAE,oBAAoB,CAAC,kBAAkB,CAAC,CAAC;CACnD,CAAC;AAEF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,MAAM,qDAAqD,GAAG;IAClE,IAAI,EAAE,kDAAkD,CAAC;IACzD,OAAO,EAAE,oBAAoB,CAAC,6BAA6B,CAAC,CAAC;CAC9D,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,MAAM,4CAA4C,GAAG;IACzD,IAAI,EAAE,yCAAyC,CAAC;IAChD,OAAO,EAAE,oBAAoB,CAAC,oBAAoB,CAAC,CAAC;CACrD,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,MAAM,MAAM,uDAAuD,GAAG;IACpE,IAAI,EAAE,oDAAoD,CAAC;IAC3D,OAAO,EAAE,oBAAoB,CAAC,+BAA+B,CAAC,CAAC;CAChE,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,uCAAuC,GAAG;IACpD,IAAI,EAAE,oCAAoC,CAAC;IAC3C,OAAO,EAAE,oBAAoB,CAAC,eAAe,CAAC,CAAC;CAChD,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,MAAM,iDAAiD,GAAG;IAC9D,IAAI,EAAE,8CAA8C,CAAC;IACrD,OAAO,EAAE,oBAAoB,CAAC,yBAAyB,CAAC,CAAC;CAC1D,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iCAAiC,GACzC,+CAA+C,GAC/C,oCAAoC,GACpC,yCAAyC,GACzC,wCAAwC,GACxC,uCAAuC,GACvC,wCAAwC,GACxC,8CAA8C,GAC9C,2CAA2C,GAC3C,wDAAwD,GACxD,mCAAmC,GACnC,sCAAsC,GACtC,0CAA0C,GAC1C,qDAAqD,GACrD,4CAA4C,GAC5C,uDAAuD,GACvD,uCAAuC,GACvC,iDAAiD,CAAC"}