@naylence/runtime 0.4.0 → 0.4.2

package/dist/types/naylence/fame/factory-manifest.d.ts

@@ -4,7 +4,7 @@
  *
  * Provides the list of runtime factory modules for registration.
  */
-export declare const MODULES: readonly ["./connector/broadcast-channel-connector-factory.js", "./connector/broadcast-channel-listener-factory.js", "./connector/http-listener-factory.js", "./connector/http-stateless-connector-factory.js", "./connector/inpage-connector-factory.js", "./connector/inpage-listener-factory.js", "./connector/websocket-connector-factory.js", "./connector/websocket-listener-factory.js", "./delivery/at-least-once-delivery-policy-factory.js", "./delivery/at-most-once-delivery-policy-factory.js", "./delivery/delivery-profile-factory.js", "./fabric/in-process-fame-fabric-factory.js", "./node/admission/admission-profile-factory.js", "./node/admission/direct-admission-client-factory.js", "./node/admission/noop-admission-client-factory.js", "./node/admission/welcome-service-client-factory.js", "./node/default-connection-retry-policy-factory.js", "./node/default-node-identity-policy-factory.js", "./node/node-factory.js", "./node/node-identity-policy-profile-factory.js", "./node/token-subject-node-identity-policy-factory.js", "./placement/static-node-placement-strategy-factory.js", "./security/auth/bearer-token-header-auth-injection-strategy-factory.js", "./security/auth/default-authorizer-factory.js", "./security/auth/default-policy-authorizer-factory.js", "./security/auth/jwks-jwt-token-verifier-factory.js", "./security/auth/jwt-token-issuer-factory.js", "./security/auth/jwt-token-verifier-factory.js", "./security/auth/no-auth-injection-strategy-factory.js", "./security/auth/none-token-provider-factory.js", "./security/auth/noop-authorizer-factory.js", "./security/auth/noop-token-issuer-factory.js", "./security/auth/noop-token-verifier-factory.js", "./security/auth/oauth2-authorizer-factory.js", "./security/auth/oauth2-client-credentials-token-provider-factory.js", "./security/auth/oauth2-pkce-token-provider-factory.js", "./security/auth/policy/basic-authorization-policy-factory.js", "./security/auth/policy/local-file-authorization-policy-source-factory.js", "./security/auth/query-param-auth-injection-strategy-factory.js", "./security/auth/shared-secret-authorizer-factory.js", "./security/auth/shared-secret-token-provider-factory.js", "./security/auth/shared-secret-token-verifier-factory.js", "./security/auth/static-token-provider-factory.js", "./security/auth/websocket-subprotocol-auth-injection-strategy-factory.js", "./security/credential/dev-fixed-key-credential-provider-factory.js", "./security/credential/env-credential-provider-factory.js", "./security/credential/none-credential-provider-factory.js", "./security/credential/prompt-credential-provider-factory.js", "./security/credential/secret-store-credential-provider-factory.js", "./security/credential/session-key-credential-provider-factory.js", "./security/credential/static-credential-provider-factory.js", "./security/default-security-manager-factory.js", "./security/encryption/noop-encryption-manager-factory.js", "./security/encryption/noop-secure-channel-manager-factory.js", "./security/keys/default-key-manager-factory.js", "./security/keys/in-memory-key-store-factory.js", "./security/keys/noop-key-validator-factory.js", "./security/node-security-profile-factory.js", "./security/policy/default-security-policy-factory.js", "./security/policy/no-security-policy-factory.js", "./security/signing/eddsa-envelope-signer-factory.js", "./security/signing/eddsa-envelope-verifier-factory.js", "./security/trust-store/noop-trust-store-provider-factory.js", "./sentinel/capability-aware-routing-policy-factory.js", "./sentinel/composite-routing-policy-factory.js", "./sentinel/hybrid-path-routing-policy-factory.js", "./sentinel/load-balancing/composite-load-balancing-strategy-factory.js", "./sentinel/load-balancing/hrw-load-balancing-strategy-factory.js", "./sentinel/load-balancing/load-balancing-profile-factory.js", "./sentinel/load-balancing/random-load-balancing-strategy-factory.js", "./sentinel/load-balancing/round-robin-load-balancing-strategy-factory.js", "./sentinel/load-balancing/sticky-load-balancing-strategy-factory.js", "./sentinel/routing-profile-factory.js", "./sentinel/sentinel-factory.js", "./sentinel/store/route-store-factory.js", "./stickiness/simple-load-balancer-stickiness-manager-factory.js", "./telemetry/noop-trace-emitter-factory.js", "./telemetry/open-telemetry-trace-emitter-factory.js", "./telemetry/trace-emitter-profile-factory.js", "./welcome/default-welcome-service-factory.js"];
+export declare const MODULES: readonly ["./connector/broadcast-channel-connector-factory.js", "./connector/broadcast-channel-listener-factory.js", "./connector/http-listener-factory.js", "./connector/http-stateless-connector-factory.js", "./connector/inpage-connector-factory.js", "./connector/inpage-listener-factory.js", "./connector/websocket-connector-factory.js", "./connector/websocket-listener-factory.js", "./delivery/at-least-once-delivery-policy-factory.js", "./delivery/at-most-once-delivery-policy-factory.js", "./delivery/delivery-profile-factory.js", "./fabric/in-process-fame-fabric-factory.js", "./node/admission/admission-profile-factory.js", "./node/admission/direct-admission-client-factory.js", "./node/admission/noop-admission-client-factory.js", "./node/admission/welcome-service-client-factory.js", "./node/default-connection-retry-policy-factory.js", "./node/default-node-identity-policy-factory.js", "./node/node-factory.js", "./node/node-identity-policy-profile-factory.js", "./node/token-subject-node-identity-policy-factory.js", "./placement/static-node-placement-strategy-factory.js", "./security/auth/authorization-profile-factory.js", "./security/auth/bearer-token-header-auth-injection-strategy-factory.js", "./security/auth/default-authorizer-factory.js", "./security/auth/default-policy-authorizer-factory.js", "./security/auth/jwks-jwt-token-verifier-factory.js", "./security/auth/jwt-token-issuer-factory.js", "./security/auth/jwt-token-verifier-factory.js", "./security/auth/no-auth-injection-strategy-factory.js", "./security/auth/none-token-provider-factory.js", "./security/auth/noop-authorizer-factory.js", "./security/auth/noop-token-issuer-factory.js", "./security/auth/noop-token-verifier-factory.js", "./security/auth/oauth2-authorizer-factory.js", "./security/auth/oauth2-client-credentials-token-provider-factory.js", "./security/auth/oauth2-pkce-token-provider-factory.js", "./security/auth/policy/basic-authorization-policy-factory.js", "./security/auth/policy/local-file-authorization-policy-source-factory.js", "./security/auth/query-param-auth-injection-strategy-factory.js", "./security/auth/shared-secret-authorizer-factory.js", "./security/auth/shared-secret-token-provider-factory.js", "./security/auth/shared-secret-token-verifier-factory.js", "./security/auth/static-token-provider-factory.js", "./security/auth/websocket-subprotocol-auth-injection-strategy-factory.js", "./security/credential/dev-fixed-key-credential-provider-factory.js", "./security/credential/env-credential-provider-factory.js", "./security/credential/none-credential-provider-factory.js", "./security/credential/prompt-credential-provider-factory.js", "./security/credential/secret-store-credential-provider-factory.js", "./security/credential/session-key-credential-provider-factory.js", "./security/credential/static-credential-provider-factory.js", "./security/default-security-manager-factory.js", "./security/encryption/noop-encryption-manager-factory.js", "./security/encryption/noop-secure-channel-manager-factory.js", "./security/keys/default-key-manager-factory.js", "./security/keys/in-memory-key-store-factory.js", "./security/keys/noop-key-validator-factory.js", "./security/node-security-profile-factory.js", "./security/policy/default-security-policy-factory.js", "./security/policy/no-security-policy-factory.js", "./security/signing/eddsa-envelope-signer-factory.js", "./security/signing/eddsa-envelope-verifier-factory.js", "./security/trust-store/noop-trust-store-provider-factory.js", "./sentinel/capability-aware-routing-policy-factory.js", "./sentinel/composite-routing-policy-factory.js", "./sentinel/hybrid-path-routing-policy-factory.js", "./sentinel/load-balancing/composite-load-balancing-strategy-factory.js", "./sentinel/load-balancing/hrw-load-balancing-strategy-factory.js", "./sentinel/load-balancing/load-balancing-profile-factory.js", "./sentinel/load-balancing/random-load-balancing-strategy-factory.js", "./sentinel/load-balancing/round-robin-load-balancing-strategy-factory.js", "./sentinel/load-balancing/sticky-load-balancing-strategy-factory.js", "./sentinel/routing-profile-factory.js", "./sentinel/sentinel-factory.js", "./sentinel/store/route-store-factory.js", "./stickiness/simple-load-balancer-stickiness-manager-factory.js", "./telemetry/noop-trace-emitter-factory.js", "./telemetry/open-telemetry-trace-emitter-factory.js", "./telemetry/trace-emitter-profile-factory.js", "./welcome/default-welcome-service-factory.js"];
 export type FactoryModuleSpec = (typeof MODULES)[number];
 export type FactoryModuleLoader = () => Promise<Record<string, unknown>>;
 export declare const MODULE_LOADERS: Record<FactoryModuleSpec, FactoryModuleLoader>;

package/dist/types/naylence/fame/node/default-node-identity-policy.d.ts

@@ -1,4 +1,10 @@
 import type { InitialIdentityContext, NodeIdentityPolicy, NodeIdentityPolicyContext } from './node-identity-policy.js';
+/**
+ * Default node identity policy that preserves the current node ID.
+ *
+ * This policy does NOT derive identity from tokens or grants.
+ * For token-subject-based identity, use TokenSubjectNodeIdentityPolicy.
+ */
 export declare class DefaultNodeIdentityPolicy implements NodeIdentityPolicy {
     resolveInitialNodeId(context: InitialIdentityContext): Promise<string>;
     resolveAdmissionNodeId(context: NodeIdentityPolicyContext): Promise<string>;

package/dist/types/naylence/fame/security/auth/authorization-profile-factory.d.ts

@@ -0,0 +1,29 @@
+import type { Authorizer } from './authorizer.js';
+import { AuthorizerFactory, type AuthorizerConfig } from './authorizer-factory.js';
+export interface AuthorizationProfileConfig extends AuthorizerConfig {
+    type: 'AuthorizationProfile';
+    profile?: string | null;
+}
+export declare const PROFILE_NAME_DEFAULT = "jwt";
+export declare const PROFILE_NAME_OAUTH2 = "oauth2";
+export declare const PROFILE_NAME_OAUTH2_GATED = "oauth2-gated";
+export declare const PROFILE_NAME_OAUTH2_CALLBACK = "oauth2-callback";
+export declare const PROFILE_NAME_NOOP = "noop";
+export declare const ENV_VAR_JWT_TRUSTED_ISSUER = "FAME_JWT_TRUSTED_ISSUER";
+export declare const ENV_VAR_JWT_ALGORITHM = "FAME_JWT_ALGORITHM";
+export declare const ENV_VAR_JWT_AUDIENCE = "FAME_JWT_AUDIENCE";
+export declare const ENV_VAR_JWKS_URL = "FAME_JWKS_URL";
+export declare const ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY = "FAME_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY";
+export declare const ENV_VAR_TRUSTED_CLIENT_SCOPE = "FAME_TRUSTED_CLIENT_SCOPE";
+export declare const ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER = "FAME_JWT_REVERSE_AUTH_TRUSTED_ISSUER";
+export declare const ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = "FAME_JWT_REVERSE_AUTH_AUDIENCE";
+export declare const ENV_VAR_HMAC_SECRET = "FAME_HMAC_SECRET";
+export declare const FACTORY_META: {
+    readonly base: "AuthorizerFactory";
+    readonly key: "AuthorizationProfile";
+};
+export declare class AuthorizationProfileFactory extends AuthorizerFactory<AuthorizationProfileConfig> {
+    readonly type = "AuthorizationProfile";
+    create(config?: AuthorizationProfileConfig | Record<string, unknown> | null, ...factoryArgs: unknown[]): Promise<Authorizer>;
+}
+export default AuthorizationProfileFactory;

package/dist/types/naylence/fame/security/index.d.ts

@@ -3,6 +3,8 @@ export * from './auth/auth-identity.js';
 export * from './auth/policy-authorizer.js';
 export { AUTHORIZER_FACTORY_BASE_TYPE, AuthorizerFactory, } from './auth/authorizer-factory.js';
 export type * from './auth/authorizer-factory.js';
+export { AuthorizationProfileFactory, PROFILE_NAME_DEFAULT as AUTH_PROFILE_NAME_DEFAULT, PROFILE_NAME_OAUTH2 as AUTH_PROFILE_NAME_OAUTH2, PROFILE_NAME_OAUTH2_GATED as AUTH_PROFILE_NAME_OAUTH2_GATED, PROFILE_NAME_OAUTH2_CALLBACK as AUTH_PROFILE_NAME_OAUTH2_CALLBACK, PROFILE_NAME_NOOP as AUTH_PROFILE_NAME_NOOP, ENV_VAR_JWT_TRUSTED_ISSUER as AUTH_PROFILE_ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_JWT_ALGORITHM as AUTH_PROFILE_ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE as AUTH_PROFILE_ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWKS_URL as AUTH_PROFILE_ENV_VAR_JWKS_URL, ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY as AUTH_PROFILE_ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY, ENV_VAR_TRUSTED_CLIENT_SCOPE as AUTH_PROFILE_ENV_VAR_TRUSTED_CLIENT_SCOPE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER as AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE as AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_HMAC_SECRET as AUTH_PROFILE_ENV_VAR_HMAC_SECRET, } from './auth/authorization-profile-factory.js';
+export type { AuthorizationProfileConfig } from './auth/authorization-profile-factory.js';
 export * from './auth/auth-injection-strategy.js';
 export * from './auth/policy/index.js';
 export { AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE, AuthInjectionStrategyFactory, } from './auth/auth-injection-strategy-factory.js';
@@ -78,4 +80,4 @@ export * from './credential/browser-auto-key-credential-provider.js';
 export * from './credential/browser-wrapped-key-credential-provider.js';
 export * from './credential/session-key-credential-provider.js';
 export * from './credential/dev-fixed-key-credential-provider.js';
-export { ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWKS_URL, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, PROFILE_NAME_STRICT_OVERLAY, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN, } from './node-security-profile-factory.js';
+export { ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWKS_URL, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_AUTHORIZATION_PROFILE, PROFILE_NAME_STRICT_OVERLAY, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN, } from './node-security-profile-factory.js';

package/dist/types/naylence/fame/security/node-security-profile-factory.d.ts

@@ -12,6 +12,7 @@ export declare const ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER = "FAME_JWT_REVERSE
 export declare const ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = "FAME_JWT_REVERSE_AUTH_AUDIENCE";
 export declare const ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY = "FAME_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY";
 export declare const ENV_VAR_TRUSTED_CLIENT_SCOPE = "FAME_TRUSTED_CLIENT_SCOPE";
+export declare const ENV_VAR_AUTHORIZATION_PROFILE = "FAME_AUTHORIZATION_PROFILE";
 export declare const PROFILE_NAME_STRICT_OVERLAY = "strict-overlay";
 export declare const PROFILE_NAME_OVERLAY = "overlay";
 export declare const PROFILE_NAME_OVERLAY_CALLBACK = "overlay-callback";

package/dist/types/version.d.ts

@@ -2,4 +2,4 @@
  * The package version, injected at build time.
  * @internal
  */
-export declare const VERSION = "0.4.0";
+export declare const VERSION = "0.4.2";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@naylence/runtime",
-  "version": "0.4.0",
+  "version": "0.4.2",
   "type": "module",
   "description": "Naylence Runtime - Complete TypeScript runtime",
   "author": "Naylence Dev <naylencedev@gmail.com>",