@navirondynamics/accord 1.0.0 → 1.1.1

package/README.md

@@ -1,49 +1,235 @@
-Accord
+# Accord
 
-Accord is a policy-first identity and access engine designed to unify identity representation, context resolution, and authorization under a single, declarative policy model.
+<p align="center">
+  <a href="https://www.npmjs.com/package/@navirondynamics/accord">
+    <img src="https://img.shields.io/npm/v/@navirondynamics/accord.svg" alt="npm version" />
+  </a>
+  <a href="https://www.npmjs.com/package/@navirondynamics/accord">
+    <img src="https://img.shields.io/npm/dm/@navirondynamics/accord.svg" alt="npm downloads" />
+  </a>
+  <a href="https://github.com/bsen-alt/Accord">
+    <img src="https://img.shields.io/github/license/bsen-alt/Accord" alt="license" />
+  </a>
+</p>
 
-Installation
+Accord is a **policy-first identity and access engine for Node.js**.
 
-`bashnpm install accord`
+It treats access not as scattered application logic, but as a formal agreement between identities, systems, and resources - evaluated through declarative, versioned policies.
 
-Quick Start
+**New in v1.1:** Observability, YAML configuration, hot reload, and native NestJS support.
 
-1. Initialize Configuration
+---
 
-   Create a config folder in your project root.
+## Table of Contents
 
-config/policies.json`json[ { "id": "policy-admin", "version": "1.0", "effect": "allow", "subject": { "type": "user", "attributes": { "role": "admin" } }, "action": ["delete"], "resource": { "type": "booking" } }]`
+- [Why Accord](#-why-accord)
+- [Key Features](#key-features)
+- [Installation](#-installation)
+- [Quick Start](#-quick-start-v11)
+- [Framework Integration](#-framework-integration)
+- [CLI Tool](#-cli-tool)
+- [Documentation](#-documentation)
+- [Roadmap](#-roadmap)
+- [Contributing](#-contributing)
+- [License](#-license)
 
-config/identities.json`json[ { "id": "admin_01", "type": "user", "status": "active", "attributes": { "role": "admin" } }]`
+---
 
-2. Use in Code
+## 🚀 Why Accord?
 
-````typescriptimport
+Modern authorization is fragmented:
 
-const accord = new Accord({ policyPath: './config/policies.json', identityPath: './config/identities.json'});
+- Authentication in one service
+- Roles in another
+- Access logic scattered across microservices
 
-async function deleteBooking(bookingId: string, userId: string) { const decision = await accord.check(userId, 'delete', { type: 'booking', id: bookingId });
+Accord centralizes authorization into a single **governance layer**, acting as the _System of Record_ for access control across your platform.
 
-if (decision.decision === 'allow') { console.log('Access Granted'); // Perform delete... } else { console.log('Access Denied:', decision.reason); }}```
+Instead of embedding authorization logic throughout your codebase, Accord externalizes it into auditable, inspectable, and versioned policy definitions.
 
-Express Middleware
-Protect your routes easily:
+---
 
-```typescriptimport express from 'express';import { Accord } from 'accord';import { protect } from 'accord/adapters/express'; // Note: Check actual path after build
+## Key Features
 
-const app = express();const accord = new Accord({ policyPath: './config/policies.json', ... });
+- 🔍 **Observability** – Built-in audit logging (console & file)
+- 📝 **Policy as Code** – JSON and YAML configuration support
+- 🛡️ **Reliability** – Zod-based schema validation to prevent invalid policies
+- 🔄 **Zero-Downtime Updates** – Hot reload policies without restarting services
+- 🧩 **Framework Adapters** – Express, NestJS, and Fastify integrations
+- 📦 **CLI Tooling** – Validate and simulate access decisions locally
 
-// Protect this routeapp.delete('/bookings/:id', protect({ accordInstance: accord, action: 'delete', resourceType: 'booking' }), (req, res) => { // Only allowed users reach here res.send('Booking deleted'); });```
+---
 
-CLI Tool
-Validate policies locally:
+## 📦 Installation
 
-```bashnpx accord-cli validate ./config/policies.json```
+```bash
+npm install @navirondynamics/accord
+```
 
-Test access logic:
+---
 
-```bashnpx accord-cli eval -i user_123 -a delete -r booking```
+## 🛠️ Quick Start (v1.1)
+
+### 1. Define Policies (YAML supported)
+
+Create `config/policies.yaml`:
+
+```yaml
+- id: 'admin-delete'
+  version: '1.1'
+  effect: 'allow'
+  subject:
+    type: 'user'
+    attributes:
+      role: 'admin'
+  action: ['delete']
+  resource:
+    type: 'booking'
+```
+
+---
+
+### 2. Initialize Accord
+
+```javascript
+const { Accord, ConsoleAuditLogger } = require('@navirondynamics/accord');
+
+const accord = new Accord({
+  policyPath: './config/policies.yaml',
+  identityPath: './config/identities.json',
+  logger: new ConsoleAuditLogger(),
+});
+```
+
+---
+
+### 3. Check Access
+
+```javascript
+async function deleteUser(userId) {
+  const decision = await accord.check(userId, 'delete', {
+    type: 'user',
+    id: userId,
+  });
+
+  if (decision.decision === 'allow') {
+    console.log('Permission Granted');
+    // Perform deletion...
+  } else {
+    console.log('Access Denied:', decision.reason);
+  }
+}
+```
+
+---
+
+## 🛡️ Framework Integration
+
+### NestJS
+
+```typescript
+import { AccordGuard } from '@navirondynamics/accord/adapters/nest';
+
+@Controller('bookings')
+export class BookingController {
+  @UseGuards(
+    new AccordGuard({
+      accordInstance: accord,
+      action: 'delete',
+      resourceType: 'booking',
+    })
+  )
+  @Delete(':id')
+  deleteBooking(@Param('id') id: string) {
+    // Only authorized users reach here
+  }
+}
+```
+
+---
+
+### Express
+
+```javascript
+const { protect } = require('@navirondynamics/accord/adapters/express');
+
+app.delete(
+  '/bookings/:id',
+  protect({
+    accordInstance: accord,
+    action: 'delete',
+    resourceType: 'booking',
+  }),
+  (req, res) => {
+    res.send('Deleted');
+  }
+);
+```
+
+Fastify support and advanced usage are available in the adapters documentation.
+
+---
+
+## 🔧 CLI Tool
+
+Validate policies or simulate access decisions directly from your terminal.
+
+```bash
+# Validate policy syntax
+npx @navirondynamics/accord validate ./config/policies.yaml
+
+# Test access logic
+npx @navirondynamics/accord eval -i user_123 -a delete -r booking
+```
+
+---
+
+## 📚 Documentation
+
+- **Getting Started** – Installation and core concepts
+- **Configuration Guide** – Identities, policies, JSON vs YAML
+- **Observability & Auditing** – Production logging setup
+- **Framework Adapters** – Express, NestJS, Fastify usage
+- **CLI Reference** – Full command list
+
+---
+
+## 🗺️ Roadmap
+
+Planned improvements:
+
+- Policy versioning & rollback
+- Database-backed policy storage
+- Web-based policy editor
+- Decision caching
+- OpenTelemetry tracing
+- Distributed policy synchronization
+
+---
+
+## 🤝 Contributing
+
+Contributions are welcome.
+
+1. Fork the repository
+2. Create a feature branch
+
+   ```bash
+   git checkout -b feature/my-feature
+   ```
+
+3. Commit your changes
+4. Push to your fork
+5. Open a Pull Request
+
+Please ensure tests pass and documentation is updated.
+
+---
+
+## 📜 License
 
-License
 ISC
-````
+
+```
+
+```

package/dist/accord.d.ts

@@ -1,16 +1,24 @@
 import { IdentityStore } from './store/identity';
+import { AuditLogger } from './core/logger';
 import { Decision } from './core/types';
 export interface AccordConfig {
     policyPath: string;
     identityPath: string;
+    logger?: AuditLogger;
 }
 export declare class Accord {
     private policies;
     private identityStore;
     private resolver;
     private config;
+    private logger;
     constructor(config: AccordConfig);
     check(externalId: string, action: string, resource: any, context?: any): Promise<Decision>;
     getStore(): IdentityStore;
+    /**
+     * Reloads Policies and Identities from disk.
+     * SAFETY: If the new config is invalid, the old config remains active.
+     */
+    reload(): void;
 }
 //# sourceMappingURL=accord.d.ts.map

package/dist/accord.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"accord.d.ts","sourceRoot":"","sources":["../src/accord.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGjD,OAAO,EAAiB,QAAQ,EAAkB,MAAM,cAAc,CAAC;AAEvE,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,qBAAa,MAAM;IACjB,OAAO,CAAC,QAAQ,CAAmB;IACnC,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,QAAQ,CAAmB;IACnC,OAAO,CAAC,MAAM,CAAe;gBAEjB,MAAM,EAAE,YAAY;IAc1B,KAAK,CACT,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,GAAG,EACb,OAAO,CAAC,EAAE,GAAG,GACZ,OAAO,CAAC,QAAQ,CAAC;IAyBpB,QAAQ,IAAI,aAAa;CAG1B"}
+{"version":3,"file":"accord.d.ts","sourceRoot":"","sources":["../src/accord.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGjD,OAAO,EAAE,WAAW,EAAkC,MAAM,eAAe,CAAC;AAC5E,OAAO,EAAiB,QAAQ,EAAkB,MAAM,cAAc,CAAC;AAEvE,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AAED,qBAAa,MAAM;IACjB,OAAO,CAAC,QAAQ,CAAmB;IACnC,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,QAAQ,CAAmB;IACnC,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,MAAM,CAAc;gBAEhB,MAAM,EAAE,YAAY;IAiB1B,KAAK,CACT,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,GAAG,EACb,OAAO,CAAC,EAAE,GAAG,GACZ,OAAO,CAAC,QAAQ,CAAC;IAwCpB,QAAQ,IAAI,aAAa;IAIzB;;;OAGG;IACH,MAAM,IAAI,IAAI;CAmBf"}

package/dist/accord.js

@@ -3,22 +3,26 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.Accord = void 0;
 // src/accord.ts
 const loader_1 = require("./core/loader");
-const compiler_1 = require("./core/compiler"); // NEW
+const compiler_1 = require("./core/compiler");
 const identity_1 = require("./store/identity");
 const resolver_1 = require("./core/resolver");
 const evaluator_1 = require("./core/evaluator");
+const logger_1 = require("./core/logger"); // NEW IMPORTS
 class Accord {
     constructor(config) {
         this.config = config;
-        // 1. Initialize Store
+        // 1. Initialize Logger (Default to ConsoleAuditLogger)
+        this.logger = config.logger || new logger_1.ConsoleAuditLogger();
+        // 2. Initialize Store
         this.identityStore = new identity_1.IdentityStore(config.identityPath);
-        // 2. Initialize Resolver
+        // 3. Initialize Resolver
         this.resolver = new resolver_1.IdentityResolver(this.identityStore);
-        // 3. Load and COMPILE Policies
+        // 4. Load and COMPILE Policies
         const rawPolicies = (0, loader_1.loadPolicies)(config.policyPath);
         this.policies = (0, compiler_1.compilePolicies)(rawPolicies);
     }
     async check(externalId, action, resource, context) {
+        let decision;
         try {
             // 1. Resolve Identity
             const identity = this.resolver.resolve(externalId);
@@ -30,19 +34,51 @@ class Accord {
                 context: context || {}
             };
             // 3. Evaluate
-            const decision = await (0, evaluator_1.evaluate)(request, this.policies);
-            return decision;
+            decision = await (0, evaluator_1.evaluate)(request, this.policies);
         }
         catch (error) {
-            return {
+            decision = {
                 decision: 'deny',
                 reason: error.message
             };
         }
+        // 4. AUDIT LOG (New Step)
+        this.logger.log({
+            timestamp: new Date(),
+            decision: decision.decision,
+            policyId: decision.policy_id,
+            reason: decision.reason,
+            userId: externalId,
+            action: action,
+            resourceType: resource.type,
+            resourceId: resource.id
+        });
+        return decision;
     }
     getStore() {
         return this.identityStore;
     }
+    /**
+     * Reloads Policies and Identities from disk.
+     * SAFETY: If the new config is invalid, the old config remains active.
+     */
+    reload() {
+        try {
+            // 1. Reload Policies
+            const newRawPolicies = (0, loader_1.loadPolicies)(this.config.policyPath);
+            const newCompiledPolicies = (0, compiler_1.compilePolicies)(newRawPolicies);
+            // 2. Reload Identities
+            this.identityStore.reload();
+            // 3. Swap Logic (Atomic Update)
+            this.policies = newCompiledPolicies;
+            console.log('✓ Accord Reloaded Successfully');
+        }
+        catch (error) {
+            console.error('✗ Reload Failed. Old config is still active.');
+            console.error('Reason:', error.message);
+            // We do NOT throw here. We want the app to keep running on old config.
+        }
+    }
 }
 exports.Accord = Accord;
 //# sourceMappingURL=accord.js.map

package/dist/accord.js.map

@@ -1 +1 @@
-{"version":3,"file":"accord.js","sourceRoot":"","sources":["../src/accord.ts"],"names":[],"mappings":";;;AAAA,gBAAgB;AAChB,0CAA6C;AAC7C,8CAAkD,CAAC,MAAM;AACzD,+CAAiD;AACjD,8CAAmD;AACnD,gDAA4C;AAQ5C,MAAa,MAAM;IAMjB,YAAY,MAAoB;QAC9B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,sBAAsB;QACtB,IAAI,CAAC,aAAa,GAAG,IAAI,wBAAa,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAE5D,yBAAyB;QACzB,IAAI,CAAC,QAAQ,GAAG,IAAI,2BAAgB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAEzD,+BAA+B;QAC/B,MAAM,WAAW,GAAG,IAAA,qBAAY,EAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACpD,IAAI,CAAC,QAAQ,GAAG,IAAA,0BAAe,EAAC,WAAW,CAAC,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,KAAK,CACT,UAAkB,EAClB,MAAc,EACd,QAAa,EACb,OAAa;QAEb,IAAI,CAAC;YACH,sBAAsB;YACtB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAEnD,6BAA6B;YAC7B,MAAM,OAAO,GAAkB;gBAC7B,OAAO,EAAE,QAAQ;gBACjB,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,QAAQ;gBAClB,OAAO,EAAE,OAAO,IAAI,EAAE;aACvB,CAAC;YAEF,cAAc;YACd,MAAM,QAAQ,GAAG,MAAM,IAAA,oBAAQ,EAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAExD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAG,KAAe,CAAC,OAAO;aACjC,CAAC;QACJ,CAAC;IACH,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;CACF;AArDD,wBAqDC"}
+{"version":3,"file":"accord.js","sourceRoot":"","sources":["../src/accord.ts"],"names":[],"mappings":";;;AAAA,gBAAgB;AAChB,0CAA6C;AAC7C,8CAAkD;AAClD,+CAAiD;AACjD,8CAAmD;AACnD,gDAA4C;AAC5C,0CAA4E,CAAC,cAAc;AAS3F,MAAa,MAAM;IAOjB,YAAY,MAAoB;QAC9B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,uDAAuD;QACvD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,IAAI,2BAAkB,EAAE,CAAC;QAExD,sBAAsB;QACtB,IAAI,CAAC,aAAa,GAAG,IAAI,wBAAa,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAE5D,yBAAyB;QACzB,IAAI,CAAC,QAAQ,GAAG,IAAI,2BAAgB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAEzD,+BAA+B;QAC/B,MAAM,WAAW,GAAG,IAAA,qBAAY,EAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACpD,IAAI,CAAC,QAAQ,GAAG,IAAA,0BAAe,EAAC,WAAW,CAAC,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,KAAK,CACT,UAAkB,EAClB,MAAc,EACd,QAAa,EACb,OAAa;QAEb,IAAI,QAAkB,CAAC;QAEvB,IAAI,CAAC;YACH,sBAAsB;YACtB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAEnD,6BAA6B;YAC7B,MAAM,OAAO,GAAkB;gBAC7B,OAAO,EAAE,QAAQ;gBACjB,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE,QAAQ;gBAClB,OAAO,EAAE,OAAO,IAAI,EAAE;aACvB,CAAC;YAEF,cAAc;YACd,QAAQ,GAAG,MAAM,IAAA,oBAAQ,EAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEpD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,QAAQ,GAAG;gBACT,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAG,KAAe,CAAC,OAAO;aACjC,CAAC;QACJ,CAAC;QAED,0BAA0B;QAC1B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;YACd,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,QAAQ,EAAE,QAAQ,CAAC,SAAS;YAC5B,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,MAAM,EAAE,UAAU;YAClB,MAAM,EAAE,MAAM;YACd,YAAY,EAAE,QAAQ,CAAC,IAAI;YAC3B,UAAU,EAAE,QAAQ,CAAC,EAAE;SACxB,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAED;;;OAGG;IACH,MAAM;QACJ,IAAI,CAAC;YACH,qBAAqB;YACrB,MAAM,cAAc,GAAG,IAAA,qBAAY,EAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAC5D,MAAM,mBAAmB,GAAG,IAAA,0BAAe,EAAC,cAAc,CAAC,CAAC;YAE5D,uBAAuB;YACvB,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;YAE5B,gCAAgC;YAChC,IAAI,CAAC,QAAQ,GAAG,mBAAmB,CAAC;YAEpC,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;QAChD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;YAC9D,OAAO,CAAC,KAAK,CAAC,SAAS,EAAG,KAAe,CAAC,OAAO,CAAC,CAAC;YACnD,uEAAuE;QACzE,CAAC;IACH,CAAC;CACF;AAhGD,wBAgGC"}

package/dist/adapters/fastify.d.ts

@@ -0,0 +1,14 @@
+import { FastifyRequest, FastifyReply } from 'fastify';
+import { Accord } from '../accord';
+export interface AccordHookOptions {
+    accordInstance: Accord;
+    action: string;
+    resourceType: string;
+    getId?: (req: FastifyRequest) => string;
+}
+/**
+ * Fastify Hook Factory
+ * Usage: fastify.addHook('onRequest', accordHook({ ... }))
+ */
+export declare function accordHook(options: AccordHookOptions): (req: FastifyRequest, reply: FastifyReply) => Promise<undefined>;
+//# sourceMappingURL=fastify.d.ts.map

package/dist/adapters/fastify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fastify.d.ts","sourceRoot":"","sources":["../../src/adapters/fastify.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvD,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAGnC,MAAM,WAAW,iBAAiB;IAChC,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IAErB,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,cAAc,KAAK,MAAM,CAAC;CACzC;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,iBAAiB,IACrC,KAAK,cAAc,EAAE,OAAO,YAAY,wBAwCvD"}

package/dist/adapters/fastify.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.accordHook = accordHook;
+/**
+ * Fastify Hook Factory
+ * Usage: fastify.addHook('onRequest', accordHook({ ... }))
+ */
+function accordHook(options) {
+    return async (req, reply) => {
+        try {
+            // 1. Determine User ID
+            const userId = options.getId
+                ? options.getId(req)
+                : req.headers['x-user-id'];
+            if (!userId) {
+                return reply.status(401).send({ error: 'User ID missing' });
+            }
+            // 2. Construct Resource
+            const resource = {
+                type: options.resourceType,
+                id: req.params.id,
+                attributes: req.body || {}
+            };
+            // 3. Check Policy
+            const decision = await options.accordInstance.check(userId, options.action, resource);
+            // 4. Enforce
+            if (decision.decision === 'allow') {
+                req.authDecision = decision;
+                return; // Continue
+            }
+            else {
+                return reply.status(403).send({
+                    error: 'Access Denied',
+                    reason: decision.reason
+                });
+            }
+        }
+        catch (error) {
+            console.error('Fastify Accord Hook Error:', error);
+            return reply.status(500).send({ error: 'Internal Server Error' });
+        }
+    };
+}
+//# sourceMappingURL=fastify.js.map

package/dist/adapters/fastify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fastify.js","sourceRoot":"","sources":["../../src/adapters/fastify.ts"],"names":[],"mappings":";;AAiBA,gCAyCC;AA7CD;;;GAGG;AACH,SAAgB,UAAU,CAAC,OAA0B;IACnD,OAAO,KAAK,EAAE,GAAmB,EAAE,KAAmB,EAAE,EAAE;QACxD,IAAI,CAAC;YACH,uBAAuB;YACvB,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK;gBAC1B,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC;gBACpB,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAW,CAAC;YAEvC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;YAC9D,CAAC;YAED,wBAAwB;YACxB,MAAM,QAAQ,GAAG;gBACf,IAAI,EAAE,OAAO,CAAC,YAAY;gBAC1B,EAAE,EAAG,GAAG,CAAC,MAAc,CAAC,EAAE;gBAC1B,UAAU,EAAE,GAAG,CAAC,IAAI,IAAI,EAAE;aAC3B,CAAC;YAEF,kBAAkB;YAClB,MAAM,QAAQ,GAAa,MAAM,OAAO,CAAC,cAAc,CAAC,KAAK,CAC3D,MAAM,EACN,OAAO,CAAC,MAAM,EACd,QAAQ,CACT,CAAC;YAEF,aAAa;YACb,IAAI,QAAQ,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;gBACjC,GAAW,CAAC,YAAY,GAAG,QAAQ,CAAC;gBACrC,OAAO,CAAC,WAAW;YACrB,CAAC;iBAAM,CAAC;gBACN,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBAC5B,KAAK,EAAE,eAAe;oBACtB,MAAM,EAAE,QAAQ,CAAC,MAAM;iBACxB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;YACnD,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/adapters/nest.d.ts

@@ -0,0 +1,19 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+import { Accord } from '../accord';
+/**
+ * Options for the NestJS Guard.
+ * For v1.1, we define Action/Resource statically on the guard.
+ * Future: Use Decorators to set metadata on routes.
+ */
+export interface AccordGuardOptions {
+    accordInstance: Accord;
+    action: string;
+    resourceType: string;
+    getId?: (req: any) => string;
+}
+export declare class AccordGuard implements CanActivate {
+    private options;
+    constructor(options: AccordGuardOptions);
+    canActivate(context: ExecutionContext): Promise<boolean>;
+}
+//# sourceMappingURL=nest.d.ts.map

package/dist/adapters/nest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nest.d.ts","sourceRoot":"","sources":["../../src/adapters/nest.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAc,MAAM,gBAAgB,CAAC;AAC3E,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AAGnC;;;;GAIG;AACH,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IAErB,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,MAAM,CAAC;CAC9B;AAED,qBACa,WAAY,YAAW,WAAW;IAC7C,OAAO,CAAC,OAAO,CAAqB;gBAExB,OAAO,EAAE,kBAAkB;IAIjC,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC;CAuC/D"}

package/dist/adapters/nest.js

@@ -0,0 +1,95 @@
+"use strict";
+var __esDecorate = (this && this.__esDecorate) || function (ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) {
+    function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; }
+    var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value";
+    var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null;
+    var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {});
+    var _, done = false;
+    for (var i = decorators.length - 1; i >= 0; i--) {
+        var context = {};
+        for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p];
+        for (var p in contextIn.access) context.access[p] = contextIn.access[p];
+        context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); };
+        var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context);
+        if (kind === "accessor") {
+            if (result === void 0) continue;
+            if (result === null || typeof result !== "object") throw new TypeError("Object expected");
+            if (_ = accept(result.get)) descriptor.get = _;
+            if (_ = accept(result.set)) descriptor.set = _;
+            if (_ = accept(result.init)) initializers.unshift(_);
+        }
+        else if (_ = accept(result)) {
+            if (kind === "field") initializers.unshift(_);
+            else descriptor[key] = _;
+        }
+    }
+    if (target) Object.defineProperty(target, contextIn.name, descriptor);
+    done = true;
+};
+var __runInitializers = (this && this.__runInitializers) || function (thisArg, initializers, value) {
+    var useValue = arguments.length > 2;
+    for (var i = 0; i < initializers.length; i++) {
+        value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg);
+    }
+    return useValue ? value : void 0;
+};
+var __setFunctionName = (this && this.__setFunctionName) || function (f, name, prefix) {
+    if (typeof name === "symbol") name = name.description ? "[".concat(name.description, "]") : "";
+    return Object.defineProperty(f, "name", { configurable: true, value: prefix ? "".concat(prefix, " ", name) : name });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccordGuard = void 0;
+// src/adapters/nest.ts
+const common_1 = require("@nestjs/common");
+let AccordGuard = (() => {
+    let _classDecorators = [(0, common_1.Injectable)()];
+    let _classDescriptor;
+    let _classExtraInitializers = [];
+    let _classThis;
+    var AccordGuard = _classThis = class {
+        constructor(options) {
+            this.options = options;
+        }
+        async canActivate(context) {
+            const req = context.switchToHttp().getRequest();
+            const res = context.switchToHttp().getResponse();
+            try {
+                // 1. Determine User ID
+                const userId = this.options.getId
+                    ? this.options.getId(req)
+                    : req.headers['x-user-id'];
+                if (!userId) {
+                    // Nest often handles exceptions via Exception Filters, 
+                    // but returning false is standard for guards.
+                    return false;
+                }
+                // 2. Construct Resource
+                const resource = {
+                    type: this.options.resourceType,
+                    id: req.params.id,
+                    attributes: req.body || {}
+                };
+                // 3. Check Policy
+                const decision = await this.options.accordInstance.check(userId, this.options.action, resource);
+                // 4. Attach decision to request (useful for downstream logic)
+                req.authDecision = decision;
+                return decision.decision === 'allow';
+            }
+            catch (error) {
+                console.error('NestJS Accord Guard Error:', error);
+                return false; // Fail safe: Deny
+            }
+        }
+    };
+    __setFunctionName(_classThis, "AccordGuard");
+    (() => {
+        const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(null) : void 0;
+        __esDecorate(null, _classDescriptor = { value: _classThis }, _classDecorators, { kind: "class", name: _classThis.name, metadata: _metadata }, null, _classExtraInitializers);
+        AccordGuard = _classThis = _classDescriptor.value;
+        if (_metadata) Object.defineProperty(_classThis, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
+        __runInitializers(_classThis, _classExtraInitializers);
+    })();
+    return AccordGuard = _classThis;
+})();
+exports.AccordGuard = AccordGuard;
+//# sourceMappingURL=nest.js.map

package/dist/adapters/nest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nest.js","sourceRoot":"","sources":["../../src/adapters/nest.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uBAAuB;AACvB,2CAA2E;IAkB9D,WAAW;4BADvB,IAAA,mBAAU,GAAE;;;;;QAIX,YAAY,OAA2B;YACrC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACzB,CAAC;QAED,KAAK,CAAC,WAAW,CAAC,OAAyB;YACzC,MAAM,GAAG,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;YAChD,MAAM,GAAG,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,WAAW,EAAE,CAAC;YAEjD,IAAI,CAAC;gBACH,uBAAuB;gBACvB,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK;oBAC/B,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC;oBACzB,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAW,CAAC;gBAEvC,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,wDAAwD;oBACxD,8CAA8C;oBAC9C,OAAO,KAAK,CAAC;gBACf,CAAC;gBAED,wBAAwB;gBACxB,MAAM,QAAQ,GAAG;oBACf,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,YAAY;oBAC/B,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE;oBACjB,UAAU,EAAE,GAAG,CAAC,IAAI,IAAI,EAAE;iBAC3B,CAAC;gBAEF,kBAAkB;gBAClB,MAAM,QAAQ,GAAa,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,KAAK,CAChE,MAAM,EACN,IAAI,CAAC,OAAO,CAAC,MAAM,EACnB,QAAQ,CACT,CAAC;gBAEF,8DAA8D;gBAC7D,GAAW,CAAC,YAAY,GAAG,QAAQ,CAAC;gBAErC,OAAO,QAAQ,CAAC,QAAQ,KAAK,OAAO,CAAC;YACvC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;gBACnD,OAAO,KAAK,CAAC,CAAC,kBAAkB;YAClC,CAAC;QACH,CAAC;;;;;QA7CH,6KA8CC;;;QA9CY,uDAAW;;;;AAAX,kCAAW"}

package/dist/core/loader.d.ts

@@ -1,6 +1,7 @@
 import { Policy } from './types';
 /**
- * Loads Policies from a JSON file.
+ * Loads Policies from a file (JSON or YAML).
+ * Validates structure using Zod.
  */
 export declare function loadPolicies(filePath: string): Policy[];
 //# sourceMappingURL=loader.d.ts.map

package/dist/core/loader.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../src/core/loader.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAY,MAAM,SAAS,CAAC;AAI3C;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,EAAE,CASvD"}
+{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../src/core/loader.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAY,MAAM,SAAS,CAAC;AAM3C;;;GAGG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,EAAE,CA+BvD"}

package/dist/core/loader.js

@@ -34,20 +34,42 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.loadPolicies = loadPolicies;
+const validation_1 = require("./validation");
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const yaml = __importStar(require("js-yaml"));
 /**
- * Loads Policies from a JSON file.
+ * Loads Policies from a file (JSON or YAML).
+ * Validates structure using Zod.
  */
 function loadPolicies(filePath) {
     try {
         const absolutePath = path.resolve(filePath);
         const fileContent = fs.readFileSync(absolutePath, 'utf-8');
-        return JSON.parse(fileContent);
+        let rawData;
+        // Detect extension and parse
+        if (filePath.endsWith('.yaml') || filePath.endsWith('.yml')) {
+            rawData = yaml.load(fileContent);
+            // Normalize to Array if YAML returns a single object (single policy in a file) -> wrapped in an array automatically.
+            if (!Array.isArray(rawData)) {
+                rawData = [rawData];
+            }
+        }
+        else {
+            // Default to JSON
+            rawData = JSON.parse(fileContent);
+        }
+        // VALIDATION STEP
+        const result = validation_1.Schemas.Policy.array().safeParse(rawData);
+        if (!result.success) {
+            console.error('Invalid Policy Structure:', result.error.format());
+            throw new Error(`Policy validation failed for ${filePath}`);
+        }
+        return result.data; // Return validated, typed data
     }
     catch (error) {
         console.error(`Failed to load policies from ${filePath}:`, error);
-        return []; // Return empty array on failure to be safe
+        throw error; // Let application fail hard if config is bad.
     }
 }
 //# sourceMappingURL=loader.js.map

package/dist/core/loader.js.map

@@ -1 +1 @@
-{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/core/loader.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAQA,oCASC;AAfD,uCAAyB;AACzB,2CAA6B;AAE7B;;GAEG;AACH,SAAgB,YAAY,CAAC,QAAgB;IAC3C,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC5C,MAAM,WAAW,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAC3D,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,gCAAgC,QAAQ,GAAG,EAAE,KAAK,CAAC,CAAC;QAClE,OAAO,EAAE,CAAC,CAAC,2CAA2C;IACxD,CAAC;AACH,CAAC"}
+{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/core/loader.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAWA,oCA+BC;AAxCD,6CAAuC;AACvC,uCAAyB;AACzB,2CAA6B;AAC7B,8CAAgC;AAEhC;;;GAGG;AACH,SAAgB,YAAY,CAAC,QAAgB;IAC3C,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC5C,MAAM,WAAW,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAC3D,IAAI,OAAY,CAAC;QAEjB,6BAA6B;QAC7B,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5D,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACnC,qHAAqH;YACnH,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5B,OAAO,GAAG,CAAC,OAAO,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,kBAAkB;YAClB,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACpC,CAAC;QAED,kBAAkB;QAClB,MAAM,MAAM,GAAG,oBAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAEzD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;YAClE,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,+BAA+B;IACrD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,gCAAgC,QAAQ,GAAG,EAAE,KAAK,CAAC,CAAC;QAClE,MAAM,KAAK,CAAC,CAAC,8CAA8C;IAC7D,CAAC;AACH,CAAC"}

package/dist/core/logger.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Data shape for a single Audit Event.
+ */
+export interface AuditEvent {
+    timestamp: Date;
+    decision: 'allow' | 'deny';
+    policyId?: string;
+    reason?: string;
+    userId: string;
+    action: string;
+    resourceType: string;
+    resourceId?: string;
+}
+/**
+ * Interface for Audit Loggers.
+ * Allows users to implement custom loggers (e.g., send to Splunk).
+ */
+export interface AuditLogger {
+    log(event: AuditEvent): void | Promise<void>;
+}
+/**
+ * Console Logger: For local development.
+ * Color codes output (Green = Allow, Red = Deny).
+ */
+export declare class ConsoleAuditLogger implements AuditLogger {
+    log(event: AuditEvent): void;
+}
+/**
+ * File Logger: For production/audit trails.
+ * Appends JSON lines to a file (Splunk/ELK friendly).
+ */
+export declare class FileAuditLogger implements AuditLogger {
+    private filePath;
+    constructor(filePath: string);
+    log(event: AuditEvent): void;
+}
+//# sourceMappingURL=logger.d.ts.map

package/dist/core/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/core/logger.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,EAAE,OAAO,GAAG,MAAM,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,GAAG,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9C;AAED;;;GAGG;AACH,qBAAa,kBAAmB,YAAW,WAAW;IACpD,GAAG,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI;CAY7B;AAED;;;GAGG;AACH,qBAAa,eAAgB,YAAW,WAAW;IACjD,OAAO,CAAC,QAAQ,CAAS;gBAEb,QAAQ,EAAE,MAAM;IAI5B,GAAG,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI;CAS7B"}

package/dist/core/logger.js

@@ -0,0 +1,77 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FileAuditLogger = exports.ConsoleAuditLogger = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+/**
+ * Console Logger: For local development.
+ * Color codes output (Green = Allow, Red = Deny).
+ */
+class ConsoleAuditLogger {
+    log(event) {
+        const color = event.decision === 'allow' ? '\x1b[32m' : '\x1b[31m'; // Green or Red
+        const reset = '\x1b[0m';
+        const message = `${color}[${event.decision.toUpperCase()}]${reset} ${event.userId} -> ${event.action} on ${event.resourceType}${event.resourceId ? `/${event.resourceId}` : ''}`;
+        if (event.decision === 'deny') {
+            console.warn(message, `| Reason: ${event.reason}`);
+        }
+        else {
+            console.log(message, `| Policy: ${event.policyId}`);
+        }
+    }
+}
+exports.ConsoleAuditLogger = ConsoleAuditLogger;
+/**
+ * File Logger: For production/audit trails.
+ * Appends JSON lines to a file (Splunk/ELK friendly).
+ */
+class FileAuditLogger {
+    constructor(filePath) {
+        this.filePath = path.resolve(filePath);
+    }
+    log(event) {
+        try {
+            const logLine = JSON.stringify(event) + '\n';
+            fs.appendFileSync(this.filePath, logLine, 'utf-8');
+        }
+        catch (error) {
+            // Don't crash the app if logging fails, just warn
+            console.error('Failed to write audit log:', error);
+        }
+    }
+}
+exports.FileAuditLogger = FileAuditLogger;
+//# sourceMappingURL=logger.js.map

package/dist/core/logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/core/logger.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,uCAAyB;AACzB,2CAA6B;AAwB7B;;;GAGG;AACH,MAAa,kBAAkB;IAC7B,GAAG,CAAC,KAAiB;QACnB,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,eAAe;QACnF,MAAM,KAAK,GAAG,SAAS,CAAC;QAExB,MAAM,OAAO,GAAG,GAAG,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,OAAO,KAAK,CAAC,MAAM,OAAO,KAAK,CAAC,YAAY,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QAEjL,IAAI,KAAK,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QACrD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,aAAa,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;CACF;AAbD,gDAaC;AAED;;;GAGG;AACH,MAAa,eAAe;IAG1B,YAAY,QAAgB;QAC1B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACzC,CAAC;IAED,GAAG,CAAC,KAAiB;QACnB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC;YAC7C,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,kDAAkD;YAClD,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;CACF;AAhBD,0CAgBC"}

package/dist/core/validation.d.ts

@@ -0,0 +1,39 @@
+import { z } from 'zod';
+export declare const Schemas: {
+    Policy: z.ZodObject<{
+        id: z.ZodString;
+        version: z.ZodString;
+        effect: z.ZodEnum<{
+            allow: "allow";
+            deny: "deny";
+        }>;
+        subject: z.ZodObject<{
+            type: z.ZodOptional<z.ZodString>;
+            id: z.ZodOptional<z.ZodString>;
+            attributes: z.ZodDefault<z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>>;
+        }, z.core.$strip>;
+        action: z.ZodArray<z.ZodString>;
+        resource: z.ZodObject<{
+            type: z.ZodOptional<z.ZodString>;
+            id: z.ZodOptional<z.ZodString>;
+            attributes: z.ZodDefault<z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>>;
+        }, z.core.$strip>;
+        condition: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>;
+    Identity: z.ZodObject<{
+        id: z.ZodString;
+        type: z.ZodEnum<{
+            user: "user";
+            service: "service";
+            system: "system";
+            agent: "agent";
+        }>;
+        status: z.ZodEnum<{
+            active: "active";
+            suspended: "suspended";
+            revoked: "revoked";
+        }>;
+        attributes: z.ZodDefault<z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodAny>>>;
+    }, z.core.$strip>;
+};
+//# sourceMappingURL=validation.d.ts.map

package/dist/core/validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../src/core/validation.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AA2CxB,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAGnB,CAAC"}

package/dist/core/validation.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Schemas = void 0;
+// src/core/validation.ts
+const zod_1 = require("zod");
+/**
+ * Zod Schemas for Accord v1.1
+ * These ensure that config files are structurally correct before the engine runs.
+ */
+// Enums
+const EffectSchema = zod_1.z.enum(['allow', 'deny']);
+const StatusSchema = zod_1.z.enum(['active', 'suspended', 'revoked']);
+const IdentityTypeSchema = zod_1.z.enum(['user', 'service', 'system', 'agent']);
+// Objects
+const ResourceSchema = zod_1.z.object({
+    type: zod_1.z.string().optional(),
+    id: zod_1.z.string().optional(),
+    attributes: zod_1.z.record(zod_1.z.string(), zod_1.z.any()).optional().default({}),
+});
+const SubjectSchema = zod_1.z.object({
+    type: zod_1.z.string().optional(),
+    id: zod_1.z.string().optional(),
+    attributes: zod_1.z.record(zod_1.z.string(), zod_1.z.any()).optional().default({}),
+});
+const PolicySchema = zod_1.z.object({
+    id: zod_1.z.string(),
+    version: zod_1.z.string(),
+    effect: EffectSchema,
+    subject: SubjectSchema,
+    action: zod_1.z.array(zod_1.z.string()),
+    resource: ResourceSchema,
+    condition: zod_1.z.string().optional(),
+});
+const IdentitySchema = zod_1.z.object({
+    id: zod_1.z.string(),
+    type: IdentityTypeSchema,
+    status: StatusSchema,
+    attributes: zod_1.z.record(zod_1.z.string(), zod_1.z.any()).optional().default({}),
+});
+// Export for use in Loaders
+exports.Schemas = {
+    Policy: PolicySchema,
+    Identity: IdentitySchema,
+};
+//# sourceMappingURL=validation.js.map

package/dist/core/validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.js","sourceRoot":"","sources":["../../src/core/validation.ts"],"names":[],"mappings":";;;AAAA,yBAAyB;AACzB,6BAAwB;AAExB;;;GAGG;AAEH,QAAQ;AACR,MAAM,YAAY,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;AAC/C,MAAM,YAAY,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC;AAChE,MAAM,kBAAkB,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;AAE1E,UAAU;AACV,MAAM,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9B,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzB,UAAU,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CACjE,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7B,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzB,UAAU,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CACjE,CAAC,CAAC;AAEH,MAAM,YAAY,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5B,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE;IACd,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;IACnB,MAAM,EAAE,YAAY;IACpB,OAAO,EAAE,aAAa;IACtB,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IAC3B,QAAQ,EAAE,cAAc;IACxB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACjC,CAAC,CAAC;AAEH,MAAM,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9B,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CACjE,CAAC,CAAC;AAEH,4BAA4B;AACf,QAAA,OAAO,GAAG;IACrB,MAAM,EAAE,YAAY;IACpB,QAAQ,EAAE,cAAc;CACzB,CAAC"}

package/dist/index.d.ts

@@ -1,3 +1,6 @@
 export { Accord, AccordConfig } from './accord';
 export * from './core/types';
+export * from './adapters/express';
+export { AccordGuard } from './adapters/nest';
+export { accordHook } from './adapters/fastify';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAEhD,cAAc,cAAc,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAEhD,cAAc,cAAc,CAAC;AAC7B,cAAc,oBAAoB,CAAC;AACnC,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC"}

package/dist/index.js

@@ -14,10 +14,15 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.Accord = void 0;
+exports.accordHook = exports.AccordGuard = exports.Accord = void 0;
 // src/index.ts
 var accord_1 = require("./accord");
 Object.defineProperty(exports, "Accord", { enumerable: true, get: function () { return accord_1.Accord; } });
 // Re-export types for convenience if needed
 __exportStar(require("./core/types"), exports);
+__exportStar(require("./adapters/express"), exports);
+var nest_1 = require("./adapters/nest");
+Object.defineProperty(exports, "AccordGuard", { enumerable: true, get: function () { return nest_1.AccordGuard; } });
+var fastify_1 = require("./adapters/fastify");
+Object.defineProperty(exports, "accordHook", { enumerable: true, get: function () { return fastify_1.accordHook; } });
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,eAAe;AACf,mCAAgD;AAAvC,gGAAA,MAAM,OAAA;AACf,4CAA4C;AAC5C,+CAA6B"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,eAAe;AACf,mCAAgD;AAAvC,gGAAA,MAAM,OAAA;AACf,4CAA4C;AAC5C,+CAA6B;AAC7B,qDAAmC;AACnC,wCAA8C;AAArC,mGAAA,WAAW,OAAA;AACpB,8CAAgD;AAAvC,qGAAA,UAAU,OAAA"}

package/dist/store/identity.d.ts

@@ -24,5 +24,10 @@ export declare class IdentityStore {
      * Helper to get all identities (useful for testing/debugging)
      */
     getAllIdentities(): Identity[];
+    /**
+   * Reloads identities from disk.
+   * Useful if the file was edited externally.
+   */
+    reload(): void;
 }
 //# sourceMappingURL=identity.d.ts.map

package/dist/store/identity.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../src/store/identity.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAIzC,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,UAAU,CAAkB;gBAExB,QAAQ,EAAE,MAAM;IAK5B;;OAEG;IACH,OAAO,CAAC,IAAI;IAeZ;;OAEG;IACH,OAAO,CAAC,IAAI;IASZ;;OAEG;IACH,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS;IAI7C;;;OAGG;IACH,cAAc,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,GAAG,QAAQ;IAyBhE;;OAEG;IACH,gBAAgB,IAAI,QAAQ,EAAE;CAG/B"}
+{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../src/store/identity.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAKzC,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,UAAU,CAAkB;gBAExB,QAAQ,EAAE,MAAM;IAK5B;;OAEG;IACH,OAAO,CAAC,IAAI;IA2BZ;;OAEG;IACH,OAAO,CAAC,IAAI;IASZ;;OAEG;IACH,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,QAAQ,GAAG,SAAS;IAI7C;;;OAGG;IACH,cAAc,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,GAAG,QAAQ;IAyBhE;;OAEG;IACH,gBAAgB,IAAI,QAAQ,EAAE;IAI5B;;;KAGC;IACH,MAAM,IAAI,IAAI;CAGf"}

package/dist/store/identity.js

@@ -34,6 +34,7 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.IdentityStore = void 0;
+const validation_1 = require("../core/validation");
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 class IdentityStore {
@@ -49,7 +50,16 @@ class IdentityStore {
         try {
             if (fs.existsSync(this.filePath)) {
                 const fileContent = fs.readFileSync(this.filePath, 'utf-8');
-                this.identities = JSON.parse(fileContent);
+                const rawData = JSON.parse(fileContent);
+                // VALIDATION STEP
+                const result = validation_1.Schemas.Identity.array().safeParse(rawData);
+                if (!result.success) {
+                    console.error('Invalid Identity Structure:', result.error.format());
+                    // For v1, we start empty on fail to be safe, or throw. 
+                    // Let's throw to match enterprise behavior.
+                    throw new Error(`Identity validation failed for ${this.filePath}`);
+                }
+                this.identities = result.data;
             }
             else {
                 this.identities = [];
@@ -110,6 +120,13 @@ class IdentityStore {
     getAllIdentities() {
         return this.identities;
     }
+    /**
+   * Reloads identities from disk.
+   * Useful if the file was edited externally.
+   */
+    reload() {
+        this.load(); // Re-run the load logic
+    }
 }
 exports.IdentityStore = IdentityStore;
 //# sourceMappingURL=identity.js.map

package/dist/store/identity.js.map

@@ -1 +1 @@
-{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/store/identity.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,uCAAyB;AACzB,2CAA6B;AAE7B,MAAa,aAAa;IAIxB,YAAY,QAAgB;QAFpB,eAAU,GAAe,EAAE,CAAC;QAGlC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACvC,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;IAED;;OAEG;IACK,IAAI;QACV,IAAI,CAAC;YACH,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjC,MAAM,WAAW,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBAC5D,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YAC5C,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;gBACrB,OAAO,CAAC,IAAI,CAAC,8BAA8B,IAAI,CAAC,QAAQ,mBAAmB,CAAC,CAAC;YAC/E,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;YACnD,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;QACvB,CAAC;IACH,CAAC;IAED;;OAEG;IACK,IAAI;QACV,IAAI,CAAC;YACH,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QACrF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,EAAU;QACpB,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IACxD,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,EAAU,EAAE,OAA0B;QACnD,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QAElE,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,oBAAoB,EAAE,aAAa,CAAC,CAAC;QACvD,CAAC;QAED,qDAAqD;QACrD,gGAAgG;QAChG,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAEvC,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG;gBACvB,GAAG,OAAO;gBACV,GAAG,OAAO;gBACV,UAAU,EAAE,EAAE,GAAG,OAAO,CAAC,UAAU,EAAE,GAAG,OAAO,CAAC,UAAU,EAAE;aAC7D,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,OAAO,EAAE,GAAG,OAAO,EAAE,CAAC;QACtD,CAAC;QAED,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,kBAAkB;QAC/B,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;CACF;AAjFD,sCAiFC"}
+{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/store/identity.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,mDAA6C;AAC7C,uCAAyB;AACzB,2CAA6B;AAE7B,MAAa,aAAa;IAIxB,YAAY,QAAgB;QAFpB,eAAU,GAAe,EAAE,CAAC;QAGlC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACvC,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;IAED;;OAEG;IACK,IAAI;QACV,IAAI,CAAC;YACH,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjC,MAAM,WAAW,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBAC5D,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;gBAEvC,kBAAkB;gBACnB,MAAM,MAAM,GAAG,oBAAO,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;gBAE3D,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;oBACpB,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;oBACpE,wDAAwD;oBACxD,4CAA4C;oBAC5C,MAAM,IAAI,KAAK,CAAC,kCAAkC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;gBACrE,CAAC;gBAED,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC;YAChC,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;gBACrB,OAAO,CAAC,IAAI,CAAC,8BAA8B,IAAI,CAAC,QAAQ,mBAAmB,CAAC,CAAC;YAC/E,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;YACnD,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;QACvB,CAAC;IACH,CAAC;IAED;;OAEG;IACK,IAAI;QACV,IAAI,CAAC;YACH,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QACrF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,EAAU;QACpB,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IACxD,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,EAAU,EAAE,OAA0B;QACnD,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QAElE,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,oBAAoB,EAAE,aAAa,CAAC,CAAC;QACvD,CAAC;QAED,qDAAqD;QACrD,gGAAgG;QAChG,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAEvC,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG;gBACvB,GAAG,OAAO;gBACV,GAAG,OAAO;gBACV,UAAU,EAAE,EAAE,GAAG,OAAO,CAAC,UAAU,EAAE,GAAG,OAAO,CAAC,UAAU,EAAE;aAC7D,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,OAAO,EAAE,GAAG,OAAO,EAAE,CAAC;QACtD,CAAC;QAED,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,kBAAkB;QAC/B,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAEC;;;KAGC;IACH,MAAM;QACJ,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,wBAAwB;IACvC,CAAC;CACF;AArGD,sCAqGC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@navirondynamics/accord",
-  "version": "1.0.0",
+  "version": "1.1.1",
   "description": "A policy-first identity and access engine for modular systems.",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -8,19 +8,38 @@
     "dist",
     "README.md"
   ],
+
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/bsen-alt/Accord.git"
+  },
+  "bugs": {
+    "url": "https://github.com/bsen-alt/Accord/issues"
+  },
+  "homepage": "https://github.com/bsen-alt/Accord#readme",
+
+
   "scripts": {
     "test": "jest",
     "build": "tsc",
     "prepublishOnly": "npm run build",
     "cli": "ts-node src/cli/index.ts"
   },
-  "keywords": ["authorization", "access-control", "rbac", "abac", "policy"],
+  "keywords": [
+    "authorization",
+    "access-control",
+    "rbac",
+    "abac",
+    "policy"
+  ],
   "author": "",
   "license": "ISC",
   "type": "commonjs",
   "devDependencies": {
+    "@nestjs/common": "^11.1.12",
     "@types/express": "^5.0.6",
     "@types/jest": "^30.0.0",
+    "@types/js-yaml": "^4.0.9",
     "@types/jsonata": "^1.3.1",
     "@types/node": "^25.0.10",
     "@typescript-eslint/eslint-plugin": "^8.53.1",
@@ -28,13 +47,19 @@
     "eslint": "^9.39.2",
     "jest": "^30.2.0",
     "prettier": "^3.8.1",
+    "reflect-metadata": "^0.2.2",
     "ts-jest": "^29.4.6",
     "ts-node": "^10.9.2",
+    "tslib": "^2.8.1",
     "typescript": "^5.9.3"
   },
   "dependencies": {
+    "@nestjs/common": "^11.1.12",
     "commander": "^14.0.2",
     "express": "^5.2.1",
-    "jsonata": "^2.1.0"
+    "fastify": "^5.7.1",
+    "js-yaml": "^4.1.1",
+    "jsonata": "^2.1.0",
+    "zod": "^4.3.6"
   }
 }