npm - @naylence/advanced-security - Versions diffs - 0.3.14 → 0.4.0 - Mend

@naylence/advanced-security 0.3.14 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (136) hide show

package/dist/types/naylence/fame/security/auth/policy/advanced-authorization-policy-factory.d.ts ADDED Viewed

@@ -0,0 +1,47 @@
+/**
+ * Factory for creating AdvancedAuthorizationPolicy instances.
+ */
+import type { AuthorizationPolicy, AuthorizationPolicyDefinition } from "@naylence/runtime";
+import { AuthorizationPolicyFactory, type AuthorizationPolicyConfig } from "@naylence/runtime";
+import type { ExpressionLimits } from "../../../expr/limits.js";
+/**
+ * Configuration for creating an AdvancedAuthorizationPolicy via factory.
+ */
+export interface AdvancedAuthorizationPolicyConfig extends AuthorizationPolicyConfig {
+    type: "AdvancedAuthorizationPolicy";
+    /**
+     * The policy definition to evaluate.
+     */
+    policyDefinition: AuthorizationPolicyDefinition;
+    /**
+     * Whether to log warnings for unknown fields.
+     * @default true
+     */
+    warnOnUnknownFields?: boolean;
+    /**
+     * Expression limits for parsing and evaluation.
+     */
+    expressionLimits?: Partial<ExpressionLimits>;
+}
+/**
+ * Factory metadata for registration.
+ */
+export declare const FACTORY_META: {
+    readonly base: "AuthorizationPolicyFactory";
+    readonly key: "AdvancedAuthorizationPolicy";
+};
+/**
+ * Factory for creating AdvancedAuthorizationPolicy instances.
+ */
+export declare class AdvancedAuthorizationPolicyFactory extends AuthorizationPolicyFactory<AdvancedAuthorizationPolicyConfig> {
+    readonly type = "AdvancedAuthorizationPolicy";
+    /**
+     * Creates an AdvancedAuthorizationPolicy from the given configuration.
+     *
+     * @param config - Configuration with policyDefinition
+     * @returns The created authorization policy
+     */
+    create(config?: AdvancedAuthorizationPolicyConfig | Record<string, unknown> | null): Promise<AuthorizationPolicy>;
+}
+export default AdvancedAuthorizationPolicyFactory;
+//# sourceMappingURL=advanced-authorization-policy-factory.d.ts.map

package/dist/types/naylence/fame/security/auth/policy/advanced-authorization-policy-factory.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"advanced-authorization-policy-factory.d.ts","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/auth/policy/advanced-authorization-policy-factory.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,mBAAmB,EAAE,6BAA6B,EAAE,MAAM,mBAAmB,CAAC;AAC5F,OAAO,EAEL,0BAA0B,EAC1B,KAAK,yBAAyB,EAC/B,MAAM,mBAAmB,CAAC;AAE3B,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAEhE;;GAEG;AACH,MAAM,WAAW,iCACf,SAAQ,yBAAyB;IACjC,IAAI,EAAE,6BAA6B,CAAC;IAEpC;;OAEG;IACH,gBAAgB,EAAE,6BAA6B,CAAC;IAEhD;;;OAGG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAE9B;;OAEG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;CAC9C;AA6DD;;GAEG;AACH,eAAO,MAAM,YAAY;;;CAGf,CAAC;AAEX;;GAEG;AACH,qBAAa,kCAAmC,SAAQ,0BAA0B,CAAC,iCAAiC,CAAC;IACnH,SAAgB,IAAI,iCAAiC;IAErD;;;;;OAKG;IACU,MAAM,CACjB,MAAM,CAAC,EAAE,iCAAiC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,GAC1E,OAAO,CAAC,mBAAmB,CAAC;CAWhC;AAED,eAAe,kCAAkC,CAAC"}

package/dist/types/naylence/fame/security/auth/policy/advanced-authorization-policy.d.ts ADDED Viewed

@@ -0,0 +1,73 @@
+/**
+ * Expression-based authorization policy implementation.
+ *
+ * Extends the basic policy with support for `when` expression evaluation.
+ * This is part of the BSL-licensed Advanced Security package.
+ */
+import type { FameDeliveryContext, FameEnvelope } from "@naylence/core";
+import type { AuthorizationPolicy, AuthorizationDecision, AuthorizationPolicyDefinition, RuleAction } from "@naylence/runtime";
+import type { NodeLike } from "@naylence/runtime";
+import type { ExpressionLimits } from "../../../expr/limits.js";
+/**
+ * Logger interface for minimal logging dependency.
+ */
+interface Logger {
+    debug(event: string, data?: Record<string, unknown>): void;
+    warning(event: string, data?: Record<string, unknown>): void;
+}
+/**
+ * Options for creating an AdvancedAuthorizationPolicy.
+ */
+export interface AdvancedAuthorizationPolicyOptions {
+    /**
+     * The policy definition to evaluate.
+     */
+    policyDefinition: AuthorizationPolicyDefinition;
+    /**
+     * Whether to log warnings for unknown fields.
+     * @default true
+     */
+    warnOnUnknownFields?: boolean;
+    /**
+     * Expression limits for parsing and evaluation.
+     * @default DEFAULT_EXPRESSION_LIMITS
+     */
+    expressionLimits?: ExpressionLimits;
+    /**
+     * Custom logger implementation.
+     */
+    logger?: Logger;
+}
+/**
+ * Expression-based authorization policy that evaluates rules with `when` expressions.
+ *
+ * Features:
+ * - All features of BasicAuthorizationPolicy
+ * - Expression evaluation for `when` clauses
+ * - Deterministic, side-effect-free evaluation
+ * - Missing fields evaluate to null (not error)
+ * - Parse/evaluation errors cause rule to not match
+ */
+export declare class AdvancedAuthorizationPolicy implements AuthorizationPolicy {
+    private readonly defaultEffect;
+    private readonly compiledRules;
+    private readonly expressionLimits;
+    private readonly logger;
+    constructor(options: AdvancedAuthorizationPolicyOptions);
+    /**
+     * Evaluates the policy against a request.
+     */
+    evaluateRequest(_node: NodeLike, envelope: FameEnvelope, context?: FameDeliveryContext, action?: RuleAction): Promise<AuthorizationDecision>;
+    private validateDefaultEffect;
+    private warnUnknownPolicyFields;
+    private compileRules;
+    private compileRule;
+    private compileActions;
+    private compileAddress;
+    private compileFrameTypes;
+    private compileOriginTypes;
+    private normalizeActionToken;
+    private normalizeOriginTypeToken;
+}
+export {};
+//# sourceMappingURL=advanced-authorization-policy.d.ts.map

package/dist/types/naylence/fame/security/auth/policy/advanced-authorization-policy.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"advanced-authorization-policy.d.ts","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/auth/policy/advanced-authorization-policy.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,mBAAmB,EACnB,YAAY,EACb,MAAM,gBAAgB,CAAC;AAExB,OAAO,KAAK,EACV,mBAAmB,EACnB,qBAAqB,EAErB,6BAA6B,EAE7B,UAAU,EAGX,MAAM,mBAAmB,CAAC;AAY3B,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAQlD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAIhE;;GAEG;AACH,UAAU,MAAM;IACd,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC3D,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAC9D;AA4ID;;GAEG;AACH,MAAM,WAAW,kCAAkC;IACjD;;OAEG;IACH,gBAAgB,EAAE,6BAA6B,CAAC;IAEhD;;;OAGG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAE9B;;;OAGG;IACH,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IAEpC;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;GASG;AACH,qBAAa,2BAA4B,YAAW,mBAAmB;IACrE,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAmB;IACjD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAA2B;IACzD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAmB;IACpD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;gBAEpB,OAAO,EAAE,kCAAkC;IAkCvD;;OAEG;IACG,eAAe,CACnB,KAAK,EAAE,QAAQ,EACf,QAAQ,EAAE,YAAY,EACtB,OAAO,CAAC,EAAE,mBAAmB,EAC7B,MAAM,CAAC,EAAE,UAAU,GAClB,OAAO,CAAC,qBAAqB,CAAC;IA6MjC,OAAO,CAAC,qBAAqB;IAY7B,OAAO,CAAC,uBAAuB;IAU/B,OAAO,CAAC,YAAY;IAOpB,OAAO,CAAC,WAAW;IAuFnB,OAAO,CAAC,cAAc;IAiDtB,OAAO,CAAC,cAAc;IA+DtB,OAAO,CAAC,iBAAiB;IAiDzB,OAAO,CAAC,kBAAkB;IA6D1B,OAAO,CAAC,oBAAoB;IAmB5B,OAAO,CAAC,wBAAwB;CAcjC"}

package/dist/types/naylence/fame/security/auth/policy/expr-builtins.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * Authorization-specific expression built-ins.
+ *
+ * Null handling semantics:
+ * - Scope predicate builtins (has_scope, has_any_scope, has_all_scopes)
+ *   return `false` when passed `null` for required args.
+ * - Wrong non-null types still raise BuiltinError to surface real bugs.
+ */
+import { type FunctionRegistry } from "../../../expr/index.js";
+/**
+ * Creates a function registry with auth helpers installed.
+ */
+export declare function createAuthFunctionRegistry(grantedScopes?: readonly string[]): FunctionRegistry;
+//# sourceMappingURL=expr-builtins.d.ts.map

package/dist/types/naylence/fame/security/auth/policy/expr-builtins.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"expr-builtins.d.ts","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/auth/policy/expr-builtins.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAKL,KAAK,gBAAgB,EACtB,MAAM,wBAAwB,CAAC;AAUhC;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,aAAa,GAAE,SAAS,MAAM,EAAO,GACpC,gBAAgB,CAiElB"}

package/dist/types/naylence/fame/security/auth/policy/index.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+/**
+ * Advanced authorization policy module exports.
+ *
+ * This module provides expression-based authorization policies
+ * for the Naylence Advanced Security package.
+ *
+ * @packageDocumentation
+ */
+export { createAuthFunctionRegistry } from "./expr-builtins.js";
+export { AdvancedAuthorizationPolicy, type AdvancedAuthorizationPolicyOptions, } from "./advanced-authorization-policy.js";
+export { AdvancedAuthorizationPolicyFactory, FACTORY_META as ADVANCED_AUTHORIZATION_POLICY_FACTORY_META, type AdvancedAuthorizationPolicyConfig, } from "./advanced-authorization-policy-factory.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/types/naylence/fame/security/auth/policy/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/auth/policy/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AAGhE,OAAO,EACL,2BAA2B,EAC3B,KAAK,kCAAkC,GACxC,MAAM,oCAAoC,CAAC;AAG5C,OAAO,EACL,kCAAkC,EAClC,YAAY,IAAI,0CAA0C,EAC1D,KAAK,iCAAiC,GACvC,MAAM,4CAA4C,CAAC"}

package/dist/types/naylence/fame/security/index.d.ts CHANGED Viewed

@@ -1,6 +1,8 @@
+export * from "./auth/index.js";
 export * from "./cert/index.js";
 export * from "./encryption/index.js";
 export * from "./keys/index.js";
 export * from "./signing/eddsa-envelope-verifier.js";
 export { registerAdvancedSecurityFactories } from "./register-advanced-security-factories.js";
+export { PROFILE_NAME_STRICT_OVERLAY } from "./strict-overlay-security-profile.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/types/naylence/fame/security/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/naylence/fame/security/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,uBAAuB,CAAC;AACtC,cAAc,iBAAiB,CAAC;AAChC,cAAc,sCAAsC,CAAC;AACrD,OAAO,EAAE,iCAAiC,EAAE,MAAM,2CAA2C,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/naylence/fame/security/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,uBAAuB,CAAC;AACtC,cAAc,iBAAiB,CAAC;AAChC,cAAc,sCAAsC,CAAC;AACrD,OAAO,EAAE,iCAAiC,EAAE,MAAM,2CAA2C,CAAC;AAC9F,OAAO,EAAE,2BAA2B,EAAE,MAAM,sCAAsC,CAAC"}

package/dist/types/naylence/fame/security/register-advanced-security-factories.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { Registry } from "@naylence/factory";
+import "./strict-overlay-security-profile.js";
 type FactoryRegistrar = Pick<typeof Registry, "registerFactory">;
 export interface RegisterAdvancedSecurityFactoriesOptions {
     readonly includeExtras?: boolean;

package/dist/types/naylence/fame/security/register-advanced-security-factories.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"register-advanced-security-factories.d.ts","sourceRoot":"","sources":["../../../../../src/naylence/fame/security/register-advanced-security-factories.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAU7C,KAAK,gBAAgB,GAAG,IAAI,CAAC,OAAO,QAAQ,EAAE,iBAAiB,CAAC,CAAC;AA0YjE,MAAM,WAAW,wCAAwC;IACvD,QAAQ,CAAC,aAAa,CAAC,EAAE,OAAO,CAAC;CAClC;AAED,wBAAsB,iCAAiC,CACrD,SAAS,GAAE,gBAA2B,EACtC,OAAO,CAAC,EAAE,wCAAwC,GACjD,OAAO,CAAC,IAAI,CAAC,CAaf"}
1	+ {"version":3,"file":"register-advanced-security-factories.d.ts","sourceRoot":"","sources":["../../../../../src/naylence/fame/security/register-advanced-security-factories.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAU7C,OAAO,sCAAsC,CAAC;AAE9C,KAAK,gBAAgB,GAAG,IAAI,CAAC,OAAO,QAAQ,EAAE,iBAAiB,CAAC,CAAC;AA0YjE,MAAM,WAAW,wCAAwC;IACvD,QAAQ,CAAC,aAAa,CAAC,EAAE,OAAO,CAAC;CAClC;AAED,wBAAsB,iCAAiC,CACrD,SAAS,GAAE,gBAA2B,EACtC,OAAO,CAAC,EAAE,wCAAwC,GACjD,OAAO,CAAC,IAAI,CAAC,CAaf"}

package/dist/types/naylence/fame/security/strict-overlay-security-profile.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+/**
+ * Strict Overlay Security Profile
+ *
+ * Provides the strict-overlay security profile for advanced security scenarios.
+ * This profile requires X.509 certificate-based signing and supports both
+ * channel and sealed encryption modes.
+ */
+export declare const ENV_VAR_DEFAULT_ENCRYPTION_LEVEL = "FAME_DEFAULT_ENCRYPTION_LEVEL";
+export declare const ENV_VAR_AUTHORIZATION_PROFILE = "FAME_AUTHORIZATION_PROFILE";
+export declare const PROFILE_NAME_STRICT_OVERLAY = "strict-overlay";
+//# sourceMappingURL=strict-overlay-security-profile.d.ts.map

package/dist/types/naylence/fame/security/strict-overlay-security-profile.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"strict-overlay-security-profile.d.ts","sourceRoot":"","sources":["../../../../../src/naylence/fame/security/strict-overlay-security-profile.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,eAAO,MAAM,gCAAgC,kCAAkC,CAAC;AAChF,eAAO,MAAM,6BAA6B,+BAA+B,CAAC;AAC1E,eAAO,MAAM,2BAA2B,mBAAmB,CAAC"}

package/dist/types/node.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"node.d.ts","sourceRoot":"","sources":["../../src/node.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;~~AAEH~~,cAAc,mCAAmC,CAAC;AAElD,cAAc,mCAAmC,CAAC;AAClD,cAAc,qCAAqC,CAAC;AACpD,cAAc,kCAAkC,CAAC"}
1	+ {"version":3,"file":"node.d.ts","sourceRoot":"","sources":["../../src/node.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAiCH,cAAc,mCAAmC,CAAC;AAElD,cAAc,mCAAmC,CAAC;AAClD,cAAc,qCAAqC,CAAC;AACpD,cAAc,kCAAkC,CAAC"}

package/dist/types/plugin.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../../src/plugin.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAK7C,KAAK,gBAAgB,GAAG,IAAI,CAAC,OAAO,QAAQ,EAAE,iBAAiB,CAAC,CAAC;AAEjE,wBAAsB,uCAAuC,CAC3D,SAAS,GAAE,gBAA2B,GACrC,OAAO,CAAC,IAAI,CAAC,CAEf;AAKD,QAAA,MAAM,sBAAsB,EAAE,~~UA+B7B~~,CAAC;AAEF,eAAe,sBAAsB,CAAC;AAEtC,eAAO,MAAM,kCAAkC,QAA8B,CAAC"}
1	+ {"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../../src/plugin.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAK7C,KAAK,gBAAgB,GAAG,IAAI,CAAC,OAAO,QAAQ,EAAE,iBAAiB,CAAC,CAAC;AAEjE,wBAAsB,uCAAuC,CAC3D,SAAS,GAAE,gBAA2B,GACrC,OAAO,CAAC,IAAI,CAAC,CAEf;AAKD,QAAA,MAAM,sBAAsB,EAAE,UAmC7B,CAAC;AAEF,eAAe,sBAAsB,CAAC;AAEtC,eAAO,MAAM,kCAAkC,QAA8B,CAAC"}

package/dist/types/version.d.ts CHANGED Viewed

@@ -2,5 +2,5 @@
  * The package version, injected at build time.
  * @internal
  */
-export declare const VERSION = "0.3.14";
+export declare const VERSION = "0.4.0";
 //# sourceMappingURL=version.d.ts.map

package/dist/types/version.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../src/version.ts"],"names":[],"mappings":"AAGA;;;GAGG;AACH,eAAO,MAAM,OAAO,~~WAAW~~,CAAC"}
1	+ {"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../../src/version.ts"],"names":[],"mappings":"AAGA;;;GAGG;AACH,eAAO,MAAM,OAAO,UAAU,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@naylence/advanced-security",
-  "version": "0.3.14",
+  "version": "0.4.0",
   "type": "module",
   "description": "Advanced security utilities for the Naylence Fame runtime implemented in TypeScript.",
   "author": "Naylence Dev <naylencedev@gmail.com>",
@@ -142,7 +142,7 @@
     "prepublishOnly": "npm run build && npm test"
   },
   "dependencies": {
-    "@naylence/runtime": "^0.3.12",
+    "@naylence/runtime": "^0.4.10",
     "@noble/ciphers": "^2.0.1",
     "@noble/curves": "^1.4.0",
     "@noble/ed25519": "^2.1.0",
@@ -195,7 +195,7 @@
     "ts-jest": "^29.4.4",
     "tslib": "^2.6.2",
     "typescript": "^5.3.2",
-    "vitest": "^2.1.4",
+    "vitest": "^4.0.16",
     "ws": "^8.18.0"
   },
   "engines": {