@naylence/runtime 0.4.3 → 0.4.4

package/dist/browser/index.cjs

@@ -525,12 +525,12 @@ async function ensureRuntimeFactoriesRegistered(registry = factory.Registry) {
 }
 
 // This file is auto-generated during build - do not edit manually
-// Generated from package.json version: 0.4.3
+// Generated from package.json version: 0.4.4
 /**
  * The package version, injected at build time.
  * @internal
  */
-const VERSION = '0.4.3';
+const VERSION = '0.4.4';
 
 let initialized = false;
 const runtimePlugin = {
@@ -22676,6 +22676,7 @@ class BasicAuthorizationPolicy {
         // Action must be explicitly provided; default to wildcard if omitted
         // for backward compatibility during transition
         const resolvedAction = action ?? '*';
+        const resolvedActionNormalized = this.normalizeActionToken(resolvedAction) ?? resolvedAction;
         const address = extractAddress(envelope);
         const grantedScopes = extractGrantedScopes(context);
         const rawFrameType = envelope.frame
@@ -22685,8 +22686,8 @@ class BasicAuthorizationPolicy {
             : '';
         // Extract and normalize origin type for rule matching
         const rawOriginType = context?.originType;
-        const originTypeNormalized = typeof rawOriginType === 'string' && rawOriginType.trim().length > 0
-            ? rawOriginType.trim().toLowerCase()
+        const originTypeNormalized = typeof rawOriginType === 'string'
+            ? this.normalizeOriginTypeToken(rawOriginType) ?? undefined
             : undefined;
         const evaluationTrace = [];
         // Evaluate rules in order (first match wins)
@@ -22733,8 +22734,8 @@ class BasicAuthorizationPolicy {
                 }
             }
             // Check action match
-            if (!rule.actions.has('*') && !rule.actions.has(resolvedAction)) {
-                step.expression = `action: ${resolvedAction} not in [${Array.from(rule.actions).join(', ')}]`;
+            if (!rule.actions.has('*') && !rule.actions.has(resolvedActionNormalized)) {
+                step.expression = `action: ${resolvedActionNormalized} not in [${Array.from(rule.actions).join(', ')}]`;
                 step.result = false;
                 evaluationTrace.push(step);
                 continue;
@@ -22801,6 +22802,9 @@ class BasicAuthorizationPolicy {
         };
     }
     validateDefaultEffect(effect) {
+        if (effect === undefined || effect === null) {
+            return 'deny';
+        }
         if (effect !== 'allow' && effect !== 'deny') {
             throw new Error(`Invalid default_effect: "${String(effect)}". Must be "allow" or "deny"`);
         }
@@ -22873,10 +22877,11 @@ class BasicAuthorizationPolicy {
         }
         // Handle single action
         if (typeof action === 'string') {
-            if (!VALID_ACTIONS.includes(action)) {
+            const normalized = this.normalizeActionToken(action);
+            if (!normalized) {
                 throw new Error(`Invalid action in rule "${ruleId}": "${action}". Must be one of: ${VALID_ACTIONS.join(', ')}`);
             }
-            return new Set([action]);
+            return new Set([normalized]);
         }
         // Handle array of actions
         if (!Array.isArray(action)) {
@@ -22890,10 +22895,11 @@ class BasicAuthorizationPolicy {
             if (typeof a !== 'string') {
                 throw new Error(`Invalid action in rule "${ruleId}": all values must be strings`);
             }
-            if (!VALID_ACTIONS.includes(a)) {
+            const normalized = this.normalizeActionToken(a);
+            if (!normalized) {
                 throw new Error(`Invalid action in rule "${ruleId}": "${a}". Must be one of: ${VALID_ACTIONS.join(', ')}`);
             }
-            actions.add(a);
+            actions.add(normalized);
         }
         return actions;
     }
@@ -22996,11 +23002,12 @@ class BasicAuthorizationPolicy {
         }
         // Handle single origin type
         if (typeof originType === 'string') {
-            const normalized = originType.trim().toLowerCase();
-            if (!normalized) {
+            const trimmed = originType.trim();
+            if (!trimmed) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": value must not be empty`);
             }
-            if (!VALID_ORIGIN_TYPES.includes(normalized)) {
+            const normalized = this.normalizeOriginTypeToken(trimmed);
+            if (!normalized) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": "${originType}". Must be one of: ${VALID_ORIGIN_TYPES.join(', ')}`);
             }
             return new Set([normalized]);
@@ -23017,17 +23024,50 @@ class BasicAuthorizationPolicy {
             if (typeof ot !== 'string') {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": all values must be strings`);
             }
-            const normalized = ot.trim().toLowerCase();
-            if (!normalized) {
+            const trimmed = ot.trim();
+            if (!trimmed) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": values must not be empty`);
             }
-            if (!VALID_ORIGIN_TYPES.includes(normalized)) {
+            const normalized = this.normalizeOriginTypeToken(trimmed);
+            if (!normalized) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": "${ot}". Must be one of: ${VALID_ORIGIN_TYPES.join(', ')}`);
             }
             originTypes.add(normalized);
         }
         return originTypes;
     }
+    normalizeActionToken(value) {
+        const trimmed = value.trim();
+        if (!trimmed) {
+            return null;
+        }
+        if (trimmed === '*') {
+            return '*';
+        }
+        const normalized = trimmed.replace(/[\s_-]+/g, '').toLowerCase();
+        const map = {
+            connect: 'Connect',
+            forwardupstream: 'ForwardUpstream',
+            forwarddownstream: 'ForwardDownstream',
+            forwardpeer: 'ForwardPeer',
+            deliverlocal: 'DeliverLocal',
+        };
+        return map[normalized] ?? null;
+    }
+    normalizeOriginTypeToken(value) {
+        const trimmed = value.trim();
+        if (!trimmed) {
+            return null;
+        }
+        const normalized = trimmed.replace(/[\s_-]+/g, '').toLowerCase();
+        const map = {
+            downstream: 'downstream',
+            upstream: 'upstream',
+            peer: 'peer',
+            local: 'local',
+        };
+        return map[normalized] ?? null;
+    }
 }
 
 var basicAuthorizationPolicy = /*#__PURE__*/Object.freeze({
@@ -42776,16 +42816,22 @@ class LocalFileAuthorizationPolicySource {
         const factoryConfig = this.policyFactoryConfig ?? policyDefinition;
         // Ensure we have a type field for the factory
         if (!('type' in factoryConfig) || typeof factoryConfig.type !== 'string') {
-            throw new Error(`Policy definition at ${this.path} must have a 'type' field, ` +
-                `or policyFactory config must be provided`);
+            logger$1.warning('policy_type_missing_defaulting_to_basic', {
+                path: this.path,
+            });
+            factoryConfig.type =
+                'BasicAuthorizationPolicy';
         }
         // Build the factory config with the policy definition
         // The file content IS the policy definition, so we extract the type
         // and wrap the remaining content as the policyDefinition
-        const { type, ...restOfFile } = policyDefinition;
+        const { type: fileType, ...restOfFile } = policyDefinition;
+        const resolvedType = typeof fileType === 'string' && fileType.trim().length > 0
+            ? fileType
+            : factoryConfig.type;
         const mergedConfig = this.policyFactoryConfig != null
             ? { ...this.policyFactoryConfig, policyDefinition }
-            : { type: factoryConfig.type, policyDefinition: restOfFile };
+            : { type: resolvedType, policyDefinition: restOfFile };
         // Create the policy using the factory system
         const policy = await AuthorizationPolicyFactory.createAuthorizationPolicy(mergedConfig);
         if (!policy) {

package/dist/browser/index.mjs

@@ -523,12 +523,12 @@ async function ensureRuntimeFactoriesRegistered(registry = Registry) {
 }
 
 // This file is auto-generated during build - do not edit manually
-// Generated from package.json version: 0.4.3
+// Generated from package.json version: 0.4.4
 /**
  * The package version, injected at build time.
  * @internal
  */
-const VERSION = '0.4.3';
+const VERSION = '0.4.4';
 
 let initialized = false;
 const runtimePlugin = {
@@ -22674,6 +22674,7 @@ class BasicAuthorizationPolicy {
         // Action must be explicitly provided; default to wildcard if omitted
         // for backward compatibility during transition
         const resolvedAction = action ?? '*';
+        const resolvedActionNormalized = this.normalizeActionToken(resolvedAction) ?? resolvedAction;
         const address = extractAddress(envelope);
         const grantedScopes = extractGrantedScopes(context);
         const rawFrameType = envelope.frame
@@ -22683,8 +22684,8 @@ class BasicAuthorizationPolicy {
             : '';
         // Extract and normalize origin type for rule matching
         const rawOriginType = context?.originType;
-        const originTypeNormalized = typeof rawOriginType === 'string' && rawOriginType.trim().length > 0
-            ? rawOriginType.trim().toLowerCase()
+        const originTypeNormalized = typeof rawOriginType === 'string'
+            ? this.normalizeOriginTypeToken(rawOriginType) ?? undefined
             : undefined;
         const evaluationTrace = [];
         // Evaluate rules in order (first match wins)
@@ -22731,8 +22732,8 @@ class BasicAuthorizationPolicy {
                 }
             }
             // Check action match
-            if (!rule.actions.has('*') && !rule.actions.has(resolvedAction)) {
-                step.expression = `action: ${resolvedAction} not in [${Array.from(rule.actions).join(', ')}]`;
+            if (!rule.actions.has('*') && !rule.actions.has(resolvedActionNormalized)) {
+                step.expression = `action: ${resolvedActionNormalized} not in [${Array.from(rule.actions).join(', ')}]`;
                 step.result = false;
                 evaluationTrace.push(step);
                 continue;
@@ -22799,6 +22800,9 @@ class BasicAuthorizationPolicy {
         };
     }
     validateDefaultEffect(effect) {
+        if (effect === undefined || effect === null) {
+            return 'deny';
+        }
         if (effect !== 'allow' && effect !== 'deny') {
             throw new Error(`Invalid default_effect: "${String(effect)}". Must be "allow" or "deny"`);
         }
@@ -22871,10 +22875,11 @@ class BasicAuthorizationPolicy {
         }
         // Handle single action
         if (typeof action === 'string') {
-            if (!VALID_ACTIONS.includes(action)) {
+            const normalized = this.normalizeActionToken(action);
+            if (!normalized) {
                 throw new Error(`Invalid action in rule "${ruleId}": "${action}". Must be one of: ${VALID_ACTIONS.join(', ')}`);
             }
-            return new Set([action]);
+            return new Set([normalized]);
         }
         // Handle array of actions
         if (!Array.isArray(action)) {
@@ -22888,10 +22893,11 @@ class BasicAuthorizationPolicy {
             if (typeof a !== 'string') {
                 throw new Error(`Invalid action in rule "${ruleId}": all values must be strings`);
             }
-            if (!VALID_ACTIONS.includes(a)) {
+            const normalized = this.normalizeActionToken(a);
+            if (!normalized) {
                 throw new Error(`Invalid action in rule "${ruleId}": "${a}". Must be one of: ${VALID_ACTIONS.join(', ')}`);
             }
-            actions.add(a);
+            actions.add(normalized);
         }
         return actions;
     }
@@ -22994,11 +23000,12 @@ class BasicAuthorizationPolicy {
         }
         // Handle single origin type
         if (typeof originType === 'string') {
-            const normalized = originType.trim().toLowerCase();
-            if (!normalized) {
+            const trimmed = originType.trim();
+            if (!trimmed) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": value must not be empty`);
             }
-            if (!VALID_ORIGIN_TYPES.includes(normalized)) {
+            const normalized = this.normalizeOriginTypeToken(trimmed);
+            if (!normalized) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": "${originType}". Must be one of: ${VALID_ORIGIN_TYPES.join(', ')}`);
             }
             return new Set([normalized]);
@@ -23015,17 +23022,50 @@ class BasicAuthorizationPolicy {
             if (typeof ot !== 'string') {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": all values must be strings`);
             }
-            const normalized = ot.trim().toLowerCase();
-            if (!normalized) {
+            const trimmed = ot.trim();
+            if (!trimmed) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": values must not be empty`);
             }
-            if (!VALID_ORIGIN_TYPES.includes(normalized)) {
+            const normalized = this.normalizeOriginTypeToken(trimmed);
+            if (!normalized) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": "${ot}". Must be one of: ${VALID_ORIGIN_TYPES.join(', ')}`);
             }
             originTypes.add(normalized);
         }
         return originTypes;
     }
+    normalizeActionToken(value) {
+        const trimmed = value.trim();
+        if (!trimmed) {
+            return null;
+        }
+        if (trimmed === '*') {
+            return '*';
+        }
+        const normalized = trimmed.replace(/[\s_-]+/g, '').toLowerCase();
+        const map = {
+            connect: 'Connect',
+            forwardupstream: 'ForwardUpstream',
+            forwarddownstream: 'ForwardDownstream',
+            forwardpeer: 'ForwardPeer',
+            deliverlocal: 'DeliverLocal',
+        };
+        return map[normalized] ?? null;
+    }
+    normalizeOriginTypeToken(value) {
+        const trimmed = value.trim();
+        if (!trimmed) {
+            return null;
+        }
+        const normalized = trimmed.replace(/[\s_-]+/g, '').toLowerCase();
+        const map = {
+            downstream: 'downstream',
+            upstream: 'upstream',
+            peer: 'peer',
+            local: 'local',
+        };
+        return map[normalized] ?? null;
+    }
 }
 
 var basicAuthorizationPolicy = /*#__PURE__*/Object.freeze({
@@ -42774,16 +42814,22 @@ class LocalFileAuthorizationPolicySource {
         const factoryConfig = this.policyFactoryConfig ?? policyDefinition;
         // Ensure we have a type field for the factory
         if (!('type' in factoryConfig) || typeof factoryConfig.type !== 'string') {
-            throw new Error(`Policy definition at ${this.path} must have a 'type' field, ` +
-                `or policyFactory config must be provided`);
+            logger$1.warning('policy_type_missing_defaulting_to_basic', {
+                path: this.path,
+            });
+            factoryConfig.type =
+                'BasicAuthorizationPolicy';
         }
         // Build the factory config with the policy definition
         // The file content IS the policy definition, so we extract the type
         // and wrap the remaining content as the policyDefinition
-        const { type, ...restOfFile } = policyDefinition;
+        const { type: fileType, ...restOfFile } = policyDefinition;
+        const resolvedType = typeof fileType === 'string' && fileType.trim().length > 0
+            ? fileType
+            : factoryConfig.type;
         const mergedConfig = this.policyFactoryConfig != null
             ? { ...this.policyFactoryConfig, policyDefinition }
-            : { type: factoryConfig.type, policyDefinition: restOfFile };
+            : { type: resolvedType, policyDefinition: restOfFile };
         // Create the policy using the factory system
         const policy = await AuthorizationPolicyFactory.createAuthorizationPolicy(mergedConfig);
         if (!policy) {

package/dist/cjs/naylence/fame/security/auth/policy/basic-authorization-policy.js

@@ -93,6 +93,7 @@ class BasicAuthorizationPolicy {
         // Action must be explicitly provided; default to wildcard if omitted
         // for backward compatibility during transition
         const resolvedAction = action ?? '*';
+        const resolvedActionNormalized = this.normalizeActionToken(resolvedAction) ?? resolvedAction;
         const address = extractAddress(envelope);
         const grantedScopes = extractGrantedScopes(context);
         const rawFrameType = envelope.frame
@@ -102,8 +103,8 @@ class BasicAuthorizationPolicy {
             : '';
         // Extract and normalize origin type for rule matching
         const rawOriginType = context?.originType;
-        const originTypeNormalized = typeof rawOriginType === 'string' && rawOriginType.trim().length > 0
-            ? rawOriginType.trim().toLowerCase()
+        const originTypeNormalized = typeof rawOriginType === 'string'
+            ? this.normalizeOriginTypeToken(rawOriginType) ?? undefined
             : undefined;
         const evaluationTrace = [];
         // Evaluate rules in order (first match wins)
@@ -150,8 +151,8 @@ class BasicAuthorizationPolicy {
                 }
             }
             // Check action match
-            if (!rule.actions.has('*') && !rule.actions.has(resolvedAction)) {
-                step.expression = `action: ${resolvedAction} not in [${Array.from(rule.actions).join(', ')}]`;
+            if (!rule.actions.has('*') && !rule.actions.has(resolvedActionNormalized)) {
+                step.expression = `action: ${resolvedActionNormalized} not in [${Array.from(rule.actions).join(', ')}]`;
                 step.result = false;
                 evaluationTrace.push(step);
                 continue;
@@ -218,6 +219,9 @@ class BasicAuthorizationPolicy {
         };
     }
     validateDefaultEffect(effect) {
+        if (effect === undefined || effect === null) {
+            return 'deny';
+        }
         if (effect !== 'allow' && effect !== 'deny') {
             throw new Error(`Invalid default_effect: "${String(effect)}". Must be "allow" or "deny"`);
         }
@@ -290,10 +294,11 @@ class BasicAuthorizationPolicy {
         }
         // Handle single action
         if (typeof action === 'string') {
-            if (!authorization_policy_definition_js_1.VALID_ACTIONS.includes(action)) {
+            const normalized = this.normalizeActionToken(action);
+            if (!normalized) {
                 throw new Error(`Invalid action in rule "${ruleId}": "${action}". Must be one of: ${authorization_policy_definition_js_1.VALID_ACTIONS.join(', ')}`);
             }
-            return new Set([action]);
+            return new Set([normalized]);
         }
         // Handle array of actions
         if (!Array.isArray(action)) {
@@ -307,10 +312,11 @@ class BasicAuthorizationPolicy {
             if (typeof a !== 'string') {
                 throw new Error(`Invalid action in rule "${ruleId}": all values must be strings`);
             }
-            if (!authorization_policy_definition_js_1.VALID_ACTIONS.includes(a)) {
+            const normalized = this.normalizeActionToken(a);
+            if (!normalized) {
                 throw new Error(`Invalid action in rule "${ruleId}": "${a}". Must be one of: ${authorization_policy_definition_js_1.VALID_ACTIONS.join(', ')}`);
             }
-            actions.add(a);
+            actions.add(normalized);
         }
         return actions;
     }
@@ -413,11 +419,12 @@ class BasicAuthorizationPolicy {
         }
         // Handle single origin type
         if (typeof originType === 'string') {
-            const normalized = originType.trim().toLowerCase();
-            if (!normalized) {
+            const trimmed = originType.trim();
+            if (!trimmed) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": value must not be empty`);
             }
-            if (!authorization_policy_definition_js_1.VALID_ORIGIN_TYPES.includes(normalized)) {
+            const normalized = this.normalizeOriginTypeToken(trimmed);
+            if (!normalized) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": "${originType}". Must be one of: ${authorization_policy_definition_js_1.VALID_ORIGIN_TYPES.join(', ')}`);
             }
             return new Set([normalized]);
@@ -434,16 +441,49 @@ class BasicAuthorizationPolicy {
             if (typeof ot !== 'string') {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": all values must be strings`);
             }
-            const normalized = ot.trim().toLowerCase();
-            if (!normalized) {
+            const trimmed = ot.trim();
+            if (!trimmed) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": values must not be empty`);
             }
-            if (!authorization_policy_definition_js_1.VALID_ORIGIN_TYPES.includes(normalized)) {
+            const normalized = this.normalizeOriginTypeToken(trimmed);
+            if (!normalized) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": "${ot}". Must be one of: ${authorization_policy_definition_js_1.VALID_ORIGIN_TYPES.join(', ')}`);
             }
             originTypes.add(normalized);
         }
         return originTypes;
     }
+    normalizeActionToken(value) {
+        const trimmed = value.trim();
+        if (!trimmed) {
+            return null;
+        }
+        if (trimmed === '*') {
+            return '*';
+        }
+        const normalized = trimmed.replace(/[\s_-]+/g, '').toLowerCase();
+        const map = {
+            connect: 'Connect',
+            forwardupstream: 'ForwardUpstream',
+            forwarddownstream: 'ForwardDownstream',
+            forwardpeer: 'ForwardPeer',
+            deliverlocal: 'DeliverLocal',
+        };
+        return map[normalized] ?? null;
+    }
+    normalizeOriginTypeToken(value) {
+        const trimmed = value.trim();
+        if (!trimmed) {
+            return null;
+        }
+        const normalized = trimmed.replace(/[\s_-]+/g, '').toLowerCase();
+        const map = {
+            downstream: 'downstream',
+            upstream: 'upstream',
+            peer: 'peer',
+            local: 'local',
+        };
+        return map[normalized] ?? null;
+    }
 }
 exports.BasicAuthorizationPolicy = BasicAuthorizationPolicy;

package/dist/cjs/naylence/fame/security/auth/policy/local-file-authorization-policy-source.js

@@ -123,16 +123,22 @@ class LocalFileAuthorizationPolicySource {
         const factoryConfig = this.policyFactoryConfig ?? policyDefinition;
         // Ensure we have a type field for the factory
         if (!('type' in factoryConfig) || typeof factoryConfig.type !== 'string') {
-            throw new Error(`Policy definition at ${this.path} must have a 'type' field, ` +
-                `or policyFactory config must be provided`);
+            logger.warning('policy_type_missing_defaulting_to_basic', {
+                path: this.path,
+            });
+            factoryConfig.type =
+                'BasicAuthorizationPolicy';
         }
         // Build the factory config with the policy definition
         // The file content IS the policy definition, so we extract the type
         // and wrap the remaining content as the policyDefinition
-        const { type, ...restOfFile } = policyDefinition;
+        const { type: fileType, ...restOfFile } = policyDefinition;
+        const resolvedType = typeof fileType === 'string' && fileType.trim().length > 0
+            ? fileType
+            : factoryConfig.type;
         const mergedConfig = this.policyFactoryConfig != null
             ? { ...this.policyFactoryConfig, policyDefinition }
-            : { type: factoryConfig.type, policyDefinition: restOfFile };
+            : { type: resolvedType, policyDefinition: restOfFile };
         // Create the policy using the factory system
         const policy = await authorization_policy_factory_js_1.AuthorizationPolicyFactory.createAuthorizationPolicy(mergedConfig);
         if (!policy) {

package/dist/cjs/version.js

@@ -1,10 +1,10 @@
 "use strict";
 // This file is auto-generated during build - do not edit manually
-// Generated from package.json version: 0.4.3
+// Generated from package.json version: 0.4.4
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VERSION = void 0;
 /**
  * The package version, injected at build time.
  * @internal
  */
-exports.VERSION = '0.4.3';
+exports.VERSION = '0.4.4';