npm - @naylence/advanced-security - Versions diffs - 0.4.4 → 0.4.6 - Mend

@naylence/advanced-security 0.4.4 → 0.4.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (85) hide show

package/dist/esm/naylence/fame/security/auth/policy/expr-builtins.js CHANGED Viewed

@@ -4,10 +4,88 @@
  * Null handling semantics:
  * - Scope predicate builtins (has_scope, has_any_scope, has_all_scopes)
  *   return `false` when passed `null` for required args.
+ * - Security predicate builtins (is_signed, is_encrypted, is_encrypted_at_least)
+ *   return `false` when the envelope lacks the required security posture.
  * - Wrong non-null types still raise BuiltinError to surface real bugs.
  */
 import { BUILTIN_FUNCTIONS, getTypeName, } from "../../../expr/index.js";
 import { BuiltinError } from "../../../expr/errors.js";
+/**
+ * Valid encryption levels for is_encrypted_at_least comparisons.
+ */
+const VALID_ENCRYPTION_LEVELS = [
+    "plaintext",
+    "channel",
+    "sealed",
+];
+/**
+ * Encryption level ordering for comparison.
+ * Higher number = stronger encryption.
+ */
+const ENCRYPTION_LEVEL_ORDER = {
+    plaintext: 0,
+    channel: 1,
+    sealed: 2,
+};
+/**
+ * Normalizes an encryption algorithm string to an EncryptionLevel.
+ *
+ * Mapping rules:
+ * - null/undefined => "plaintext" (no encryption present)
+ * - alg contains "-channel" => "channel" (e.g., "chacha20-poly1305-channel")
+ * - alg contains "-sealed" => "sealed" (explicit sealed marker)
+ * - alg matches ECDH-ES pattern with AEAD cipher => "sealed" (e.g., "ECDH-ES+A256GCM")
+ * - otherwise => "unknown"
+ *
+ * Currently supported algorithms:
+ * - Channel: "chacha20-poly1305-channel"
+ * - Sealed: "ECDH-ES+A256GCM"
+ *
+ * This helper is centralized to ensure consistent mapping across TS and Python.
+ */
+export function normalizeEncryptionLevelFromAlg(alg) {
+    if (alg === null || alg === undefined) {
+        return "plaintext";
+    }
+    const algLower = alg.toLowerCase();
+    // Check for channel encryption (e.g., "chacha20-poly1305-channel")
+    // Must check before other patterns since channel suffix is explicit
+    if (algLower.includes("-channel")) {
+        return "channel";
+    }
+    // Check for explicit sealed marker
+    if (algLower.includes("-sealed")) {
+        return "sealed";
+    }
+    // ECDH-ES key agreement with AEAD cipher => sealed encryption
+    // Pattern: "ECDH-ES+A256GCM", "ECDH-ES+A128GCM", etc.
+    if (algLower.startsWith("ecdh-es") && algLower.includes("+a")) {
+        return "sealed";
+    }
+    return "unknown";
+}
+/**
+ * Creates security bindings from an envelope's sec header.
+ * Exposes only metadata, never raw values like sig.val or enc.val.
+ */
+export function createSecurityBindings(sec) {
+    const sigPresent = sec?.sig !== undefined;
+    const encPresent = sec?.enc !== undefined;
+    return {
+        sig: {
+            present: sigPresent,
+            kid: sec?.sig?.kid ?? null,
+        },
+        enc: {
+            present: encPresent,
+            alg: sec?.enc?.alg ?? null,
+            kid: sec?.enc?.kid ?? null,
+            level: encPresent
+                ? normalizeEncryptionLevelFromAlg(sec?.enc?.alg ?? null)
+                : "plaintext",
+        },
+    };
+}
 /**
  * Checks if a value is null.
  */
@@ -16,9 +94,21 @@ function isNull(value) {
 }
 /**
  * Creates a function registry with auth helpers installed.
+ *
+ * This registry extends the base builtins with:
+ * - Scope builtins: has_scope, has_any_scope, has_all_scopes
+ * - Security builtins: is_signed, encryption_level, is_encrypted, is_encrypted_at_least
  */
-export function createAuthFunctionRegistry(grantedScopes = []) {
-    const scopes = grantedScopes ?? [];
+export function createAuthFunctionRegistry(grantedScopesOrOptions = []) {
+    // Handle both old signature (array) and new signature (options object)
+    const options = Array.isArray(grantedScopesOrOptions)
+        ? { grantedScopes: grantedScopesOrOptions }
+        : grantedScopesOrOptions;
+    const scopes = options.grantedScopes ?? [];
+    const secBindings = options.securityBindings ?? {
+        sig: { present: false, kid: null },
+        enc: { present: false, alg: null, kid: null, level: "plaintext" },
+    };
     /**
      * Checks if any granted scope matches a pattern (using glob syntax).
      */
@@ -74,11 +164,85 @@ export function createAuthFunctionRegistry(grantedScopes = []) {
         }
         return values.every((scope) => matchesScope(scope));
     };
+    // ============================================================
+    // Security posture builtins
+    // ============================================================
+    /**
+     * is_signed() -> bool
+     *
+     * Returns true if the envelope has a signature present.
+     * No arguments required.
+     */
+    const is_signed = (args) => {
+        assertArgCount(args, 0, "is_signed");
+        return secBindings.sig.present;
+    };
+    /**
+     * encryption_level() -> string
+     *
+     * Returns the normalized encryption level: "plaintext" | "channel" | "sealed" | "unknown"
+     * No arguments required.
+     */
+    const encryption_level = (args) => {
+        assertArgCount(args, 0, "encryption_level");
+        return secBindings.enc.level;
+    };
+    /**
+     * is_encrypted() -> bool
+     *
+     * Returns true if the encryption level is not "plaintext".
+     * This means the envelope has some form of encryption (channel, sealed, or unknown).
+     * No arguments required.
+     */
+    const is_encrypted = (args) => {
+        assertArgCount(args, 0, "is_encrypted");
+        return secBindings.enc.level !== "plaintext";
+    };
+    /**
+     * is_encrypted_at_least(level: string) -> bool
+     *
+     * Returns true if the envelope's encryption level meets or exceeds the required level.
+     *
+     * Level ordering: plaintext < channel < sealed
+     *
+     * Special handling:
+     * - "unknown" encryption level does NOT satisfy "channel" or "sealed" (conservative)
+     * - "plaintext" is always satisfied (any envelope meets at least plaintext)
+     * - null argument => false (predicate-style)
+     * - invalid level string => BuiltinError
+     */
+    const is_encrypted_at_least = (args) => {
+        assertArgCount(args, 1, "is_encrypted_at_least");
+        const requiredLevel = getArg(args, 0, "is_encrypted_at_least");
+        // Null-tolerant: return false if level is null
+        if (!assertStringOrNull(requiredLevel, "level", "is_encrypted_at_least")) {
+            return false;
+        }
+        // Validate required level
+        if (!VALID_ENCRYPTION_LEVELS.includes(requiredLevel)) {
+            throw new BuiltinError("is_encrypted_at_least", `level must be one of: ${VALID_ENCRYPTION_LEVELS.join(", ")}; got "${requiredLevel}"`);
+        }
+        const currentLevel = secBindings.enc.level;
+        const requiredOrder = ENCRYPTION_LEVEL_ORDER[requiredLevel] ?? 0;
+        const currentOrder = ENCRYPTION_LEVEL_ORDER[currentLevel];
+        // If current level is "unknown", it only satisfies "plaintext"
+        if (currentOrder === undefined) {
+            // "unknown" is treated as NOT meeting channel/sealed requirements
+            return requiredOrder === 0; // Only plaintext is satisfied by unknown
+        }
+        return currentOrder >= requiredOrder;
+    };
     return new Map([
         ...BUILTIN_FUNCTIONS,
+        // Scope builtins
         ["has_scope", has_scope],
         ["has_any_scope", has_any_scope],
         ["has_all_scopes", has_all_scopes],
+        // Security posture builtins
+        ["is_signed", is_signed],
+        ["encryption_level", encryption_level],
+        ["is_encrypted", is_encrypted],
+        ["is_encrypted_at_least", is_encrypted_at_least],
     ]);
 }
 /**

package/dist/esm/naylence/fame/security/auth/policy/expr-builtins.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"expr-builtins.js","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/auth/policy/expr-builtins.ts"],"names":[],"mappings":"AAAA~~;;;;;;;GAOG~~;AAEH,OAAO,EACL,iBAAiB,EACjB,WAAW,GAIZ,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;~~AAEvD~~;;GAEG;AACH,SAAS,MAAM,CAAC,~~KAAgB~~;~~IAC9B~~,OAAO,KAAK,KAAK,IAAI,CAAC;~~AACxB~~,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B,CACxC,~~gBAAmC~~,EAAE;~~IAErC~~,MAAM,MAAM,GAAG,aAAa,IAAI,EAAE,CAAC;~~IAEnC~~;;OAEG;IACH,MAAM,YAAY,GAAG,CAAC,KAAa,EAAW,EAAE;QAC9C,+CAA+C;QAC/C,OAAO,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC,CAAC;IAEF;;;;;OAKG;IACH,MAAM,SAAS,GAAoB,CAAC,IAAI,EAAE,EAAE;QAC1C,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,WAAW,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,EAAE,WAAW,CAAC,CAAC;QAC3C,+CAA+C;QAC/C,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,CAAC;YAAE,OAAO,KAAK,CAAC;QACnE,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC,CAAC;IAEF;;;;;OAKG;IACH,MAAM,aAAa,GAAoB,CAAC,IAAI,EAAE,EAAE;QAC9C,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,eAAe,CAAC,CAAC;QACzC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,EAAE,eAAe,CAAC,CAAC;QAChD,gDAAgD;QAChD,IAAI,CAAC,uBAAuB,CAAC,MAAM,EAAE,QAAQ,EAAE,eAAe,CAAC;YAAE,OAAO,KAAK,CAAC;QAC9E,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;IACrD,CAAC,CAAC;IAEF;;;;;OAKG;IACH,MAAM,cAAc,GAAoB,CAAC,IAAI,EAAE,EAAE;QAC/C,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,gBAAgB,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,EAAE,gBAAgB,CAAC,CAAC;QACjD,gDAAgD;QAChD,IAAI,CAAC,uBAAuB,CAAC,MAAM,EAAE,QAAQ,EAAE,gBAAgB,CAAC;YAAE,OAAO,KAAK,CAAC;QAC/E,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;IACtD,CAAC,CAAC;IAEF,OAAO,IAAI,GAAG,CAA0B;QACtC,GAAG,iBAAiB;QACpB,CAAC,WAAW,EAAE,SAAS,CAAC;QACxB,CAAC,eAAe,EAAE,aAAa,CAAC;QAChC,CAAC,gBAAgB,EAAE,cAAc,CAAC;~~KACnC~~,CAAC,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,SAAS,kBAAkB,CACzB,KAAgB,EAChB,OAAe,EACf,YAAoB;IAEpB,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,YAAY,CACpB,YAAY,EACZ,GAAG,OAAO,0BAA0B,WAAW,CAAC,KAAK,CAAC,EAAE,CACzD,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAS,uBAAuB,CAC9B,KAAgB,EAChB,OAAe,EACf,YAAoB;IAEpB,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,YAAY,CACpB,YAAY,EACZ,GAAG,OAAO,qCAAqC,WAAW,CAAC,KAAK,CAAC,EAAE,CACpE,CAAC;IACJ,CAAC;IACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,YAAY,CACpB,YAAY,EACZ,GAAG,OAAO,IAAI,CAAC,2BAA2B,WAAW,CAAC,KAAK,CAAC,CAAC,CAAc,CAAC,EAAE,CAC/E,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,MAAM,CACb,IAA0B,EAC1B,KAAa,EACb,YAAoB;IAEpB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,MAAM,IAAI,YAAY,CACpB,YAAY,EACZ,6BAA6B,KAAK,EAAE,CACrC,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CACrB,IAA0B,EAC1B,QAAgB,EAChB,YAAoB;IAEpB,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC7B,MAAM,IAAI,YAAY,CACpB,YAAY,EACZ,YAAY,QAAQ,qBAAqB,IAAI,CAAC,MAAM,EAAE,CACvD,CAAC;IACJ,CAAC;AACH,CAAC"}
1	+ {"version":3,"file":"expr-builtins.js","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/auth/policy/expr-builtins.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,iBAAiB,EACjB,WAAW,GAIZ,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAOvD;;GAEG;AACH,MAAM,uBAAuB,GAAsB;IACjD,WAAW;IACX,SAAS;IACT,QAAQ;CACT,CAAC;AAEF;;;GAGG;AACH,MAAM,sBAAsB,GAA2B;IACrD,SAAS,EAAE,CAAC;IACZ,OAAO,EAAE,CAAC;IACV,MAAM,EAAE,CAAC;CACV,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,+BAA+B,CAC7C,GAA8B;IAE9B,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtC,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAEnC,mEAAmE;IACnE,oEAAoE;IACpE,IAAI,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAClC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,mCAAmC;IACnC,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,8DAA8D;IAC9D,sDAAsD;IACtD,IAAI,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9D,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAmBD;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CACpC,GAAiF;IAEjF,MAAM,UAAU,GAAG,GAAG,EAAE,GAAG,KAAK,SAAS,CAAC;IAC1C,MAAM,UAAU,GAAG,GAAG,EAAE,GAAG,KAAK,SAAS,CAAC;IAE1C,OAAO;QACL,GAAG,EAAE;YACH,OAAO,EAAE,UAAU;YACnB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,IAAI;SAC3B;QACD,GAAG,EAAE;YACH,OAAO,EAAE,UAAU;YACnB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,IAAI;YAC1B,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,IAAI;YAC1B,KAAK,EAAE,UAAU;gBACf,CAAC,CAAC,+BAA+B,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC;gBACxD,CAAC,CAAC,WAAW;SAChB;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,MAAM,CAAC,KAAgB;IAC9B,OAAO,KAAK,KAAK,IAAI,CAAC;AACxB,CAAC;AAkBD;;;;;;GAMG;AACH,MAAM,UAAU,0BAA0B,CACxC,yBAA0E,EAAE;IAE5E,uEAAuE;IACvE,MAAM,OAAO,GAAgC,KAAK,CAAC,OAAO,CAAC,sBAAsB,CAAC;QAChF,CAAC,CAAC,EAAE,aAAa,EAAE,sBAA2C,EAAE;QAChE,CAAC,CAAC,sBAAqD,CAAC;IAE1D,MAAM,MAAM,GAAG,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC;IAC3C,MAAM,WAAW,GAAG,OAAO,CAAC,gBAAgB,IAAI;QAC9C,GAAG,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE;QAClC,GAAG,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,WAAoB,EAAE;KAC3E,CAAC;IAEF;;OAEG;IACH,MAAM,YAAY,GAAG,CAAC,KAAa,EAAW,EAAE;QAC9C,+CAA+C;QAC/C,OAAO,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC,CAAC;IAEF;;;;;OAKG;IACH,MAAM,SAAS,GAAoB,CAAC,IAAI,EAAE,EAAE;QAC1C,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,WAAW,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,EAAE,WAAW,CAAC,CAAC;QAC3C,+CAA+C;QAC/C,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,CAAC;YAAE,OAAO,KAAK,CAAC;QACnE,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC,CAAC;IAEF;;;;;OAKG;IACH,MAAM,aAAa,GAAoB,CAAC,IAAI,EAAE,EAAE;QAC9C,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,eAAe,CAAC,CAAC;QACzC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,EAAE,eAAe,CAAC,CAAC;QAChD,gDAAgD;QAChD,IAAI,CAAC,uBAAuB,CAAC,MAAM,EAAE,QAAQ,EAAE,eAAe,CAAC;YAAE,OAAO,KAAK,CAAC;QAC9E,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;IACrD,CAAC,CAAC;IAEF;;;;;OAKG;IACH,MAAM,cAAc,GAAoB,CAAC,IAAI,EAAE,EAAE;QAC/C,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,gBAAgB,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,EAAE,gBAAgB,CAAC,CAAC;QACjD,gDAAgD;QAChD,IAAI,CAAC,uBAAuB,CAAC,MAAM,EAAE,QAAQ,EAAE,gBAAgB,CAAC;YAAE,OAAO,KAAK,CAAC;QAC/E,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;IACtD,CAAC,CAAC;IAEF,+DAA+D;IAC/D,4BAA4B;IAC5B,+DAA+D;IAE/D;;;;;OAKG;IACH,MAAM,SAAS,GAAoB,CAAC,IAAI,EAAE,EAAE;QAC1C,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,WAAW,CAAC,CAAC;QACrC,OAAO,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC;IACjC,CAAC,CAAC;IAEF;;;;;OAKG;IACH,MAAM,gBAAgB,GAAoB,CAAC,IAAI,EAAE,EAAE;QACjD,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,kBAAkB,CAAC,CAAC;QAC5C,OAAO,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC;IAC/B,CAAC,CAAC;IAEF;;;;;;OAMG;IACH,MAAM,YAAY,GAAoB,CAAC,IAAI,EAAE,EAAE;QAC7C,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,cAAc,CAAC,CAAC;QACxC,OAAO,WAAW,CAAC,GAAG,CAAC,KAAK,KAAK,WAAW,CAAC;IAC/C,CAAC,CAAC;IAEF;;;;;;;;;;;;OAYG;IACH,MAAM,qBAAqB,GAAoB,CAAC,IAAI,EAAE,EAAE;QACtD,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,uBAAuB,CAAC,CAAC;QACjD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,EAAE,uBAAuB,CAAC,CAAC;QAE/D,+CAA+C;QAC/C,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,OAAO,EAAE,uBAAuB,CAAC,EAAE,CAAC;YACzE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,0BAA0B;QAC1B,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,YAAY,CACpB,uBAAuB,EACvB,yBAAyB,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,aAAa,GAAG,CACtF,CAAC;QACJ,CAAC;QAED,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC;QAC3C,MAAM,aAAa,GAAG,sBAAsB,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QACjE,MAAM,YAAY,GAAG,sBAAsB,CAAC,YAAY,CAAC,CAAC;QAE1D,+DAA+D;QAC/D,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC/B,kEAAkE;YAClE,OAAO,aAAa,KAAK,CAAC,CAAC,CAAC,yCAAyC;QACvE,CAAC;QAED,OAAO,YAAY,IAAI,aAAa,CAAC;IACvC,CAAC,CAAC;IAEF,OAAO,IAAI,GAAG,CAA0B;QACtC,GAAG,iBAAiB;QACpB,iBAAiB;QACjB,CAAC,WAAW,EAAE,SAAS,CAAC;QACxB,CAAC,eAAe,EAAE,aAAa,CAAC;QAChC,CAAC,gBAAgB,EAAE,cAAc,CAAC;QAClC,4BAA4B;QAC5B,CAAC,WAAW,EAAE,SAAS,CAAC;QACxB,CAAC,kBAAkB,EAAE,gBAAgB,CAAC;QACtC,CAAC,cAAc,EAAE,YAAY,CAAC;QAC9B,CAAC,uBAAuB,EAAE,qBAAqB,CAAC;KACjD,CAAC,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,SAAS,kBAAkB,CACzB,KAAgB,EAChB,OAAe,EACf,YAAoB;IAEpB,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,YAAY,CACpB,YAAY,EACZ,GAAG,OAAO,0BAA0B,WAAW,CAAC,KAAK,CAAC,EAAE,CACzD,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAS,uBAAuB,CAC9B,KAAgB,EAChB,OAAe,EACf,YAAoB;IAEpB,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,YAAY,CACpB,YAAY,EACZ,GAAG,OAAO,qCAAqC,WAAW,CAAC,KAAK,CAAC,EAAE,CACpE,CAAC;IACJ,CAAC;IACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,YAAY,CACpB,YAAY,EACZ,GAAG,OAAO,IAAI,CAAC,2BAA2B,WAAW,CAAC,KAAK,CAAC,CAAC,CAAc,CAAC,EAAE,CAC/E,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,MAAM,CACb,IAA0B,EAC1B,KAAa,EACb,YAAoB;IAEpB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,MAAM,IAAI,YAAY,CACpB,YAAY,EACZ,6BAA6B,KAAK,EAAE,CACrC,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CACrB,IAA0B,EAC1B,QAAgB,EAChB,YAAoB;IAEpB,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC7B,MAAM,IAAI,YAAY,CACpB,YAAY,EACZ,YAAY,QAAQ,qBAAqB,IAAI,CAAC,MAAM,EAAE,CACvD,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/esm/naylence/fame/security/auth/policy/http-authorization-policy-source-factory.js ADDED Viewed

@@ -0,0 +1,108 @@
+/**
+ * Factory for creating HttpAuthorizationPolicySource instances.
+ *
+ * @packageDocumentation
+ */
+import { AUTHORIZATION_POLICY_SOURCE_FACTORY_BASE_TYPE, AuthorizationPolicySourceFactory, TokenProviderFactory, } from "@naylence/runtime";
+let httpModulePromise = null;
+async function getHttpModule() {
+    if (!httpModulePromise) {
+        httpModulePromise = import("./http-authorization-policy-source.js");
+    }
+    return httpModulePromise;
+}
+function normalizeConfig(config) {
+    if (!config) {
+        throw new Error("HttpAuthorizationPolicySourceFactory requires a configuration with a url");
+    }
+    const candidate = config;
+    const url = candidate.url;
+    if (typeof url !== "string" || url.trim().length === 0) {
+        throw new Error("HttpAuthorizationPolicySourceConfig requires a non-empty url");
+    }
+    // Support both camelCase and snake_case
+    const method = candidate.method ?? "GET";
+    if (!["GET", "POST", "PUT"].includes(method)) {
+        throw new Error(`Invalid method "${String(method)}". Must be "GET", "POST", or "PUT"`);
+    }
+    const timeoutMs = candidate.timeout_ms ??
+        candidate.timeoutMs ??
+        30000;
+    if (typeof timeoutMs !== "number" || !Number.isFinite(timeoutMs) || timeoutMs <= 0) {
+        throw new Error("timeout_ms must be a positive number");
+    }
+    const headers = candidate.headers;
+    if (headers !== undefined && typeof headers !== "object") {
+        throw new Error("headers must be an object");
+    }
+    const tokenProviderConfig = candidate.token_provider ??
+        candidate.tokenProvider;
+    const bearerPrefix = candidate.bearer_prefix ??
+        candidate.bearerPrefix ??
+        "Bearer ";
+    const policyFactory = candidate.policy_factory ??
+        candidate.policyFactory;
+    const cacheTtlMs = candidate.cache_ttl_ms ??
+        candidate.cacheTtlMs ??
+        300000;
+    if (typeof cacheTtlMs !== "number" || !Number.isFinite(cacheTtlMs) || cacheTtlMs < 0) {
+        throw new Error("cache_ttl_ms must be a non-negative number");
+    }
+    return {
+        url: url.trim(),
+        method,
+        timeoutMs,
+        headers,
+        tokenProviderConfig,
+        bearerPrefix,
+        policyFactory,
+        cacheTtlMs,
+    };
+}
+/**
+ * Factory metadata for registration.
+ */
+export const FACTORY_META = {
+    base: AUTHORIZATION_POLICY_SOURCE_FACTORY_BASE_TYPE,
+    key: "HttpAuthorizationPolicySource",
+};
+/**
+ * Factory for creating HttpAuthorizationPolicySource instances.
+ *
+ * This factory uses lazy loading to avoid pulling in Node.js-specific
+ * code (fetch operations) in browser environments where it may not work.
+ */
+export class HttpAuthorizationPolicySourceFactory extends AuthorizationPolicySourceFactory {
+    constructor() {
+        super(...arguments);
+        this.type = "HttpAuthorizationPolicySource";
+    }
+    /**
+     * Creates an HttpAuthorizationPolicySource from the given configuration.
+     *
+     * @param config - Configuration specifying the policy URL and options
+     * @returns The created policy source
+     */
+    async create(config) {
+        const normalized = normalizeConfig(config);
+        // Create token provider if configured
+        let tokenProvider;
+        if (normalized.tokenProviderConfig) {
+            tokenProvider = await TokenProviderFactory.createTokenProvider(normalized.tokenProviderConfig);
+        }
+        const { HttpAuthorizationPolicySource } = await getHttpModule();
+        const options = {
+            url: normalized.url,
+            method: normalized.method,
+            timeoutMs: normalized.timeoutMs,
+            headers: normalized.headers,
+            tokenProvider,
+            bearerPrefix: normalized.bearerPrefix,
+            policyFactory: normalized.policyFactory,
+            cacheTtlMs: normalized.cacheTtlMs,
+        };
+        return new HttpAuthorizationPolicySource(options);
+    }
+}
+export default HttpAuthorizationPolicySourceFactory;
+//# sourceMappingURL=http-authorization-policy-source-factory.js.map

package/dist/esm/naylence/fame/security/auth/policy/http-authorization-policy-source-factory.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"http-authorization-policy-source-factory.js","sourceRoot":"","sources":["../../../../../../../src/naylence/fame/security/auth/policy/http-authorization-policy-source-factory.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EACL,6CAA6C,EAC7C,gCAAgC,EAGhC,oBAAoB,GAErB,MAAM,mBAAmB,CAAC;AAoE3B,IAAI,iBAAiB,GAAmC,IAAI,CAAC;AAE7D,KAAK,UAAU,aAAa;IAC1B,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,iBAAiB,GAAG,MAAM,CAAC,uCAAuC,CAAC,CAAC;IACtE,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAaD,SAAS,eAAe,CACtB,MAA6E;IAE7E,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,0EAA0E,CAC3E,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,MAAiC,CAAC;IAEpD,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC;IAC1B,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CACb,8DAA8D,CAC/D,CAAC;IACJ,CAAC;IAED,wCAAwC;IACxC,MAAM,MAAM,GAAI,SAAS,CAAC,MAAiC,IAAI,KAAK,CAAC;IACrE,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CACb,mBAAmB,MAAM,CAAC,MAAM,CAAC,oCAAoC,CACtE,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GACZ,SAAS,CAAC,UAAiC;QAC3C,SAAS,CAAC,SAAgC;QAC3C,KAAK,CAAC;IACR,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;QACnF,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,OAAO,GAAG,SAAS,CAAC,OAA6C,CAAC;IACxE,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,mBAAmB,GACtB,SAAS,CAAC,cAAkD;QAC5D,SAAS,CAAC,aAAiD,CAAC;IAE/D,MAAM,YAAY,GACf,SAAS,CAAC,aAAoC;QAC9C,SAAS,CAAC,YAAmC;QAC9C,SAAS,CAAC;IAEZ,MAAM,aAAa,GAChB,SAAS,CAAC,cAAwD;QAClE,SAAS,CAAC,aAAuD,CAAC;IAErE,MAAM,UAAU,GACb,SAAS,CAAC,YAAmC;QAC7C,SAAS,CAAC,UAAiC;QAC5C,MAAM,CAAC;IACT,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;QACrF,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IAED,OAAO;QACL,GAAG,EAAE,GAAG,CAAC,IAAI,EAAE;QACf,MAAM;QACN,SAAS;QACT,OAAO;QACP,mBAAmB;QACnB,YAAY;QACZ,aAAa;QACb,UAAU;KACX,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,IAAI,EAAE,6CAA6C;IACnD,GAAG,EAAE,+BAA+B;CAC5B,CAAC;AAEX;;;;;GAKG;AACH,MAAM,OAAO,oCAAqC,SAAQ,gCAAqE;IAA/H;;QACkB,SAAI,GAAG,+BAA+B,CAAC;IAuCzD,CAAC;IArCC;;;;;OAKG;IACI,KAAK,CAAC,MAAM,CACjB,MAGQ;QAER,MAAM,UAAU,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QAE3C,sCAAsC;QACtC,IAAI,aAAwC,CAAC;QAC7C,IAAI,UAAU,CAAC,mBAAmB,EAAE,CAAC;YACnC,aAAa,GAAG,MAAM,oBAAoB,CAAC,mBAAmB,CAC5D,UAAU,CAAC,mBAAmB,CAC/B,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,6BAA6B,EAAE,GAAG,MAAM,aAAa,EAAE,CAAC;QAEhE,MAAM,OAAO,GAAyC;YACpD,GAAG,EAAE,UAAU,CAAC,GAAG;YACnB,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,SAAS,EAAE,UAAU,CAAC,SAAS;YAC/B,OAAO,EAAE,UAAU,CAAC,OAAO;YAC3B,aAAa;YACb,YAAY,EAAE,UAAU,CAAC,YAAY;YACrC,aAAa,EAAE,UAAU,CAAC,aAAa;YACvC,UAAU,EAAE,UAAU,CAAC,UAAU;SAClC,CAAC;QAEF,OAAO,IAAI,6BAA6B,CAAC,OAAO,CAAC,CAAC;IACpD,CAAC;CACF;AAED,eAAe,oCAAoC,CAAC"}