@naylence/runtime 0.4.3 → 0.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/dist/browser/index.cjs +66 -20
  2. package/dist/browser/index.mjs +66 -20
  3. package/dist/cjs/naylence/fame/security/auth/policy/basic-authorization-policy.js +54 -14
  4. package/dist/cjs/naylence/fame/security/auth/policy/local-file-authorization-policy-source.js +10 -4
  5. package/dist/cjs/version.js +2 -2
  6. package/dist/esm/naylence/fame/security/auth/policy/basic-authorization-policy.js +54 -14
  7. package/dist/esm/naylence/fame/security/auth/policy/local-file-authorization-policy-source.js +10 -4
  8. package/dist/esm/version.js +2 -2
  9. package/dist/node/index.cjs +66 -20
  10. package/dist/node/index.mjs +66 -20
  11. package/dist/node/node.cjs +66 -20
  12. package/dist/node/node.mjs +66 -20
  13. package/dist/types/naylence/fame/security/auth/policy/authorization-policy-definition.d.ts +8 -2
  14. package/dist/types/naylence/fame/security/auth/policy/basic-authorization-policy.d.ts +2 -0
  15. package/dist/types/version.d.ts +1 -1
  16. package/package.json +1 -1
package/dist/node/node.cjs CHANGED
@@ -4436,12 +4436,12 @@ async function ensureRuntimeFactoriesRegistered(registry = factory.Registry) {
4436
4436
  }
4437
4437
 
4438
4438
  // This file is auto-generated during build - do not edit manually
4439
- // Generated from package.json version: 0.4.3
4439
+ // Generated from package.json version: 0.4.4
4440
4440
  /**
4441
4441
  * The package version, injected at build time.
4442
4442
  * @internal
4443
4443
  */
4444
- const VERSION = '0.4.3';
4444
+ const VERSION = '0.4.4';
4445
4445
 
4446
4446
  let initialized = false;
4447
4447
  const runtimePlugin = {
@@ -23775,6 +23775,7 @@ class BasicAuthorizationPolicy {
23775
23775
  // Action must be explicitly provided; default to wildcard if omitted
23776
23776
  // for backward compatibility during transition
23777
23777
  const resolvedAction = action ?? '*';
23778
+ const resolvedActionNormalized = this.normalizeActionToken(resolvedAction) ?? resolvedAction;
23778
23779
  const address = extractAddress(envelope);
23779
23780
  const grantedScopes = extractGrantedScopes(context);
23780
23781
  const rawFrameType = envelope.frame
@@ -23784,8 +23785,8 @@ class BasicAuthorizationPolicy {
23784
23785
  : '';
23785
23786
  // Extract and normalize origin type for rule matching
23786
23787
  const rawOriginType = context?.originType;
23787
- const originTypeNormalized = typeof rawOriginType === 'string' && rawOriginType.trim().length > 0
23788
- ? rawOriginType.trim().toLowerCase()
23788
+ const originTypeNormalized = typeof rawOriginType === 'string'
23789
+ ? this.normalizeOriginTypeToken(rawOriginType) ?? undefined
23789
23790
  : undefined;
23790
23791
  const evaluationTrace = [];
23791
23792
  // Evaluate rules in order (first match wins)
@@ -23832,8 +23833,8 @@ class BasicAuthorizationPolicy {
23832
23833
  }
23833
23834
  }
23834
23835
  // Check action match
23835
- if (!rule.actions.has('*') && !rule.actions.has(resolvedAction)) {
23836
- step.expression = `action: ${resolvedAction} not in [${Array.from(rule.actions).join(', ')}]`;
23836
+ if (!rule.actions.has('*') && !rule.actions.has(resolvedActionNormalized)) {
23837
+ step.expression = `action: ${resolvedActionNormalized} not in [${Array.from(rule.actions).join(', ')}]`;
23837
23838
  step.result = false;
23838
23839
  evaluationTrace.push(step);
23839
23840
  continue;
@@ -23900,6 +23901,9 @@ class BasicAuthorizationPolicy {
23900
23901
  };
23901
23902
  }
23902
23903
  validateDefaultEffect(effect) {
23904
+ if (effect === undefined || effect === null) {
23905
+ return 'deny';
23906
+ }
23903
23907
  if (effect !== 'allow' && effect !== 'deny') {
23904
23908
  throw new Error(`Invalid default_effect: "${String(effect)}". Must be "allow" or "deny"`);
23905
23909
  }
@@ -23972,10 +23976,11 @@ class BasicAuthorizationPolicy {
23972
23976
  }
23973
23977
  // Handle single action
23974
23978
  if (typeof action === 'string') {
23975
- if (!VALID_ACTIONS.includes(action)) {
23979
+ const normalized = this.normalizeActionToken(action);
23980
+ if (!normalized) {
23976
23981
  throw new Error(`Invalid action in rule "${ruleId}": "${action}". Must be one of: ${VALID_ACTIONS.join(', ')}`);
23977
23982
  }
23978
- return new Set([action]);
23983
+ return new Set([normalized]);
23979
23984
  }
23980
23985
  // Handle array of actions
23981
23986
  if (!Array.isArray(action)) {
@@ -23989,10 +23994,11 @@ class BasicAuthorizationPolicy {
23989
23994
  if (typeof a !== 'string') {
23990
23995
  throw new Error(`Invalid action in rule "${ruleId}": all values must be strings`);
23991
23996
  }
23992
- if (!VALID_ACTIONS.includes(a)) {
23997
+ const normalized = this.normalizeActionToken(a);
23998
+ if (!normalized) {
23993
23999
  throw new Error(`Invalid action in rule "${ruleId}": "${a}". Must be one of: ${VALID_ACTIONS.join(', ')}`);
23994
24000
  }
23995
- actions.add(a);
24001
+ actions.add(normalized);
23996
24002
  }
23997
24003
  return actions;
23998
24004
  }
@@ -24095,11 +24101,12 @@ class BasicAuthorizationPolicy {
24095
24101
  }
24096
24102
  // Handle single origin type
24097
24103
  if (typeof originType === 'string') {
24098
- const normalized = originType.trim().toLowerCase();
24099
- if (!normalized) {
24104
+ const trimmed = originType.trim();
24105
+ if (!trimmed) {
24100
24106
  throw new Error(`Invalid origin_type in rule "${ruleId}": value must not be empty`);
24101
24107
  }
24102
- if (!VALID_ORIGIN_TYPES.includes(normalized)) {
24108
+ const normalized = this.normalizeOriginTypeToken(trimmed);
24109
+ if (!normalized) {
24103
24110
  throw new Error(`Invalid origin_type in rule "${ruleId}": "${originType}". Must be one of: ${VALID_ORIGIN_TYPES.join(', ')}`);
24104
24111
  }
24105
24112
  return new Set([normalized]);
@@ -24116,17 +24123,50 @@ class BasicAuthorizationPolicy {
24116
24123
  if (typeof ot !== 'string') {
24117
24124
  throw new Error(`Invalid origin_type in rule "${ruleId}": all values must be strings`);
24118
24125
  }
24119
- const normalized = ot.trim().toLowerCase();
24120
- if (!normalized) {
24126
+ const trimmed = ot.trim();
24127
+ if (!trimmed) {
24121
24128
  throw new Error(`Invalid origin_type in rule "${ruleId}": values must not be empty`);
24122
24129
  }
24123
- if (!VALID_ORIGIN_TYPES.includes(normalized)) {
24130
+ const normalized = this.normalizeOriginTypeToken(trimmed);
24131
+ if (!normalized) {
24124
24132
  throw new Error(`Invalid origin_type in rule "${ruleId}": "${ot}". Must be one of: ${VALID_ORIGIN_TYPES.join(', ')}`);
24125
24133
  }
24126
24134
  originTypes.add(normalized);
24127
24135
  }
24128
24136
  return originTypes;
24129
24137
  }
24138
+ normalizeActionToken(value) {
24139
+ const trimmed = value.trim();
24140
+ if (!trimmed) {
24141
+ return null;
24142
+ }
24143
+ if (trimmed === '*') {
24144
+ return '*';
24145
+ }
24146
+ const normalized = trimmed.replace(/[\s_-]+/g, '').toLowerCase();
24147
+ const map = {
24148
+ connect: 'Connect',
24149
+ forwardupstream: 'ForwardUpstream',
24150
+ forwarddownstream: 'ForwardDownstream',
24151
+ forwardpeer: 'ForwardPeer',
24152
+ deliverlocal: 'DeliverLocal',
24153
+ };
24154
+ return map[normalized] ?? null;
24155
+ }
24156
+ normalizeOriginTypeToken(value) {
24157
+ const trimmed = value.trim();
24158
+ if (!trimmed) {
24159
+ return null;
24160
+ }
24161
+ const normalized = trimmed.replace(/[\s_-]+/g, '').toLowerCase();
24162
+ const map = {
24163
+ downstream: 'downstream',
24164
+ upstream: 'upstream',
24165
+ peer: 'peer',
24166
+ local: 'local',
24167
+ };
24168
+ return map[normalized] ?? null;
24169
+ }
24130
24170
  }
24131
24171
 
24132
24172
  var basicAuthorizationPolicy = /*#__PURE__*/Object.freeze({
@@ -44928,16 +44968,22 @@ class LocalFileAuthorizationPolicySource {
44928
44968
  const factoryConfig = this.policyFactoryConfig ?? policyDefinition;
44929
44969
  // Ensure we have a type field for the factory
44930
44970
  if (!('type' in factoryConfig) || typeof factoryConfig.type !== 'string') {
44931
- throw new Error(`Policy definition at ${this.path} must have a 'type' field, ` +
44932
- `or policyFactory config must be provided`);
44971
+ logger$1.warning('policy_type_missing_defaulting_to_basic', {
44972
+ path: this.path,
44973
+ });
44974
+ factoryConfig.type =
44975
+ 'BasicAuthorizationPolicy';
44933
44976
  }
44934
44977
  // Build the factory config with the policy definition
44935
44978
  // The file content IS the policy definition, so we extract the type
44936
44979
  // and wrap the remaining content as the policyDefinition
44937
- const { type, ...restOfFile } = policyDefinition;
44980
+ const { type: fileType, ...restOfFile } = policyDefinition;
44981
+ const resolvedType = typeof fileType === 'string' && fileType.trim().length > 0
44982
+ ? fileType
44983
+ : factoryConfig.type;
44938
44984
  const mergedConfig = this.policyFactoryConfig != null
44939
44985
  ? { ...this.policyFactoryConfig, policyDefinition }
44940
- : { type: factoryConfig.type, policyDefinition: restOfFile };
44986
+ : { type: resolvedType, policyDefinition: restOfFile };
44941
44987
  // Create the policy using the factory system
44942
44988
  const policy = await AuthorizationPolicyFactory.createAuthorizationPolicy(mergedConfig);
44943
44989
  if (!policy) {
package/dist/node/node.mjs CHANGED
@@ -4435,12 +4435,12 @@ async function ensureRuntimeFactoriesRegistered(registry = Registry) {
4435
4435
  }
4436
4436
 
4437
4437
  // This file is auto-generated during build - do not edit manually
4438
- // Generated from package.json version: 0.4.3
4438
+ // Generated from package.json version: 0.4.4
4439
4439
  /**
4440
4440
  * The package version, injected at build time.
4441
4441
  * @internal
4442
4442
  */
4443
- const VERSION = '0.4.3';
4443
+ const VERSION = '0.4.4';
4444
4444
 
4445
4445
  let initialized = false;
4446
4446
  const runtimePlugin = {
@@ -23774,6 +23774,7 @@ class BasicAuthorizationPolicy {
23774
23774
  // Action must be explicitly provided; default to wildcard if omitted
23775
23775
  // for backward compatibility during transition
23776
23776
  const resolvedAction = action ?? '*';
23777
+ const resolvedActionNormalized = this.normalizeActionToken(resolvedAction) ?? resolvedAction;
23777
23778
  const address = extractAddress(envelope);
23778
23779
  const grantedScopes = extractGrantedScopes(context);
23779
23780
  const rawFrameType = envelope.frame
@@ -23783,8 +23784,8 @@ class BasicAuthorizationPolicy {
23783
23784
  : '';
23784
23785
  // Extract and normalize origin type for rule matching
23785
23786
  const rawOriginType = context?.originType;
23786
- const originTypeNormalized = typeof rawOriginType === 'string' && rawOriginType.trim().length > 0
23787
- ? rawOriginType.trim().toLowerCase()
23787
+ const originTypeNormalized = typeof rawOriginType === 'string'
23788
+ ? this.normalizeOriginTypeToken(rawOriginType) ?? undefined
23788
23789
  : undefined;
23789
23790
  const evaluationTrace = [];
23790
23791
  // Evaluate rules in order (first match wins)
@@ -23831,8 +23832,8 @@ class BasicAuthorizationPolicy {
23831
23832
  }
23832
23833
  }
23833
23834
  // Check action match
23834
- if (!rule.actions.has('*') && !rule.actions.has(resolvedAction)) {
23835
- step.expression = `action: ${resolvedAction} not in [${Array.from(rule.actions).join(', ')}]`;
23835
+ if (!rule.actions.has('*') && !rule.actions.has(resolvedActionNormalized)) {
23836
+ step.expression = `action: ${resolvedActionNormalized} not in [${Array.from(rule.actions).join(', ')}]`;
23836
23837
  step.result = false;
23837
23838
  evaluationTrace.push(step);
23838
23839
  continue;
@@ -23899,6 +23900,9 @@ class BasicAuthorizationPolicy {
23899
23900
  };
23900
23901
  }
23901
23902
  validateDefaultEffect(effect) {
23903
+ if (effect === undefined || effect === null) {
23904
+ return 'deny';
23905
+ }
23902
23906
  if (effect !== 'allow' && effect !== 'deny') {
23903
23907
  throw new Error(`Invalid default_effect: "${String(effect)}". Must be "allow" or "deny"`);
23904
23908
  }
@@ -23971,10 +23975,11 @@ class BasicAuthorizationPolicy {
23971
23975
  }
23972
23976
  // Handle single action
23973
23977
  if (typeof action === 'string') {
23974
- if (!VALID_ACTIONS.includes(action)) {
23978
+ const normalized = this.normalizeActionToken(action);
23979
+ if (!normalized) {
23975
23980
  throw new Error(`Invalid action in rule "${ruleId}": "${action}". Must be one of: ${VALID_ACTIONS.join(', ')}`);
23976
23981
  }
23977
- return new Set([action]);
23982
+ return new Set([normalized]);
23978
23983
  }
23979
23984
  // Handle array of actions
23980
23985
  if (!Array.isArray(action)) {
@@ -23988,10 +23993,11 @@ class BasicAuthorizationPolicy {
23988
23993
  if (typeof a !== 'string') {
23989
23994
  throw new Error(`Invalid action in rule "${ruleId}": all values must be strings`);
23990
23995
  }
23991
- if (!VALID_ACTIONS.includes(a)) {
23996
+ const normalized = this.normalizeActionToken(a);
23997
+ if (!normalized) {
23992
23998
  throw new Error(`Invalid action in rule "${ruleId}": "${a}". Must be one of: ${VALID_ACTIONS.join(', ')}`);
23993
23999
  }
23994
- actions.add(a);
24000
+ actions.add(normalized);
23995
24001
  }
23996
24002
  return actions;
23997
24003
  }
@@ -24094,11 +24100,12 @@ class BasicAuthorizationPolicy {
24094
24100
  }
24095
24101
  // Handle single origin type
24096
24102
  if (typeof originType === 'string') {
24097
- const normalized = originType.trim().toLowerCase();
24098
- if (!normalized) {
24103
+ const trimmed = originType.trim();
24104
+ if (!trimmed) {
24099
24105
  throw new Error(`Invalid origin_type in rule "${ruleId}": value must not be empty`);
24100
24106
  }
24101
- if (!VALID_ORIGIN_TYPES.includes(normalized)) {
24107
+ const normalized = this.normalizeOriginTypeToken(trimmed);
24108
+ if (!normalized) {
24102
24109
  throw new Error(`Invalid origin_type in rule "${ruleId}": "${originType}". Must be one of: ${VALID_ORIGIN_TYPES.join(', ')}`);
24103
24110
  }
24104
24111
  return new Set([normalized]);
@@ -24115,17 +24122,50 @@ class BasicAuthorizationPolicy {
24115
24122
  if (typeof ot !== 'string') {
24116
24123
  throw new Error(`Invalid origin_type in rule "${ruleId}": all values must be strings`);
24117
24124
  }
24118
- const normalized = ot.trim().toLowerCase();
24119
- if (!normalized) {
24125
+ const trimmed = ot.trim();
24126
+ if (!trimmed) {
24120
24127
  throw new Error(`Invalid origin_type in rule "${ruleId}": values must not be empty`);
24121
24128
  }
24122
- if (!VALID_ORIGIN_TYPES.includes(normalized)) {
24129
+ const normalized = this.normalizeOriginTypeToken(trimmed);
24130
+ if (!normalized) {
24123
24131
  throw new Error(`Invalid origin_type in rule "${ruleId}": "${ot}". Must be one of: ${VALID_ORIGIN_TYPES.join(', ')}`);
24124
24132
  }
24125
24133
  originTypes.add(normalized);
24126
24134
  }
24127
24135
  return originTypes;
24128
24136
  }
24137
+ normalizeActionToken(value) {
24138
+ const trimmed = value.trim();
24139
+ if (!trimmed) {
24140
+ return null;
24141
+ }
24142
+ if (trimmed === '*') {
24143
+ return '*';
24144
+ }
24145
+ const normalized = trimmed.replace(/[\s_-]+/g, '').toLowerCase();
24146
+ const map = {
24147
+ connect: 'Connect',
24148
+ forwardupstream: 'ForwardUpstream',
24149
+ forwarddownstream: 'ForwardDownstream',
24150
+ forwardpeer: 'ForwardPeer',
24151
+ deliverlocal: 'DeliverLocal',
24152
+ };
24153
+ return map[normalized] ?? null;
24154
+ }
24155
+ normalizeOriginTypeToken(value) {
24156
+ const trimmed = value.trim();
24157
+ if (!trimmed) {
24158
+ return null;
24159
+ }
24160
+ const normalized = trimmed.replace(/[\s_-]+/g, '').toLowerCase();
24161
+ const map = {
24162
+ downstream: 'downstream',
24163
+ upstream: 'upstream',
24164
+ peer: 'peer',
24165
+ local: 'local',
24166
+ };
24167
+ return map[normalized] ?? null;
24168
+ }
24129
24169
  }
24130
24170
 
24131
24171
  var basicAuthorizationPolicy = /*#__PURE__*/Object.freeze({
@@ -44927,16 +44967,22 @@ class LocalFileAuthorizationPolicySource {
44927
44967
  const factoryConfig = this.policyFactoryConfig ?? policyDefinition;
44928
44968
  // Ensure we have a type field for the factory
44929
44969
  if (!('type' in factoryConfig) || typeof factoryConfig.type !== 'string') {
44930
- throw new Error(`Policy definition at ${this.path} must have a 'type' field, ` +
44931
- `or policyFactory config must be provided`);
44970
+ logger$1.warning('policy_type_missing_defaulting_to_basic', {
44971
+ path: this.path,
44972
+ });
44973
+ factoryConfig.type =
44974
+ 'BasicAuthorizationPolicy';
44932
44975
  }
44933
44976
  // Build the factory config with the policy definition
44934
44977
  // The file content IS the policy definition, so we extract the type
44935
44978
  // and wrap the remaining content as the policyDefinition
44936
- const { type, ...restOfFile } = policyDefinition;
44979
+ const { type: fileType, ...restOfFile } = policyDefinition;
44980
+ const resolvedType = typeof fileType === 'string' && fileType.trim().length > 0
44981
+ ? fileType
44982
+ : factoryConfig.type;
44937
44983
  const mergedConfig = this.policyFactoryConfig != null
44938
44984
  ? { ...this.policyFactoryConfig, policyDefinition }
44939
- : { type: factoryConfig.type, policyDefinition: restOfFile };
44985
+ : { type: resolvedType, policyDefinition: restOfFile };
44940
44986
  // Create the policy using the factory system
44941
44987
  const policy = await AuthorizationPolicyFactory.createAuthorizationPolicy(mergedConfig);
44942
44988
  if (!policy) {
package/dist/types/naylence/fame/security/auth/policy/authorization-policy-definition.d.ts CHANGED
@@ -20,6 +20,11 @@ export type RuleEffect = 'allow' | 'deny';
20
20
  * - '*': Matches all actions (wildcard)
21
21
  */
22
22
  export type RuleAction = 'Connect' | 'ForwardUpstream' | 'ForwardDownstream' | 'ForwardPeer' | 'DeliverLocal' | '*';
23
+ /**
24
+ * Action input tokens accepted in policy definitions.
25
+ * Values are normalized case-insensitively and support snake_case.
26
+ */
27
+ export type RuleActionInput = RuleAction | string;
23
28
  /**
24
29
  * Scope requirement using logical operators.
25
30
  *
@@ -68,9 +73,10 @@ export interface AuthorizationRuleDefinition {
68
73
  /**
69
74
  * The action type this rule applies to.
70
75
  * Can be a single action or an array of actions (implicit any-of).
76
+ * Values are matched case-insensitively and support snake_case equivalents.
71
77
  * @default '*' (all actions)
72
78
  */
73
- action?: RuleAction | RuleAction[];
79
+ action?: RuleActionInput | RuleActionInput[];
74
80
  /**
75
81
  * Address pattern(s) to match using glob syntax.
76
82
  * Can be a single pattern or an array (implicit any-of).
@@ -128,7 +134,7 @@ export interface AuthorizationPolicyDefinition {
128
134
  /**
129
135
  * Default effect when no rule matches.
130
136
  */
131
- default_effect: RuleEffect;
137
+ default_effect?: RuleEffect;
132
138
  /**
133
139
  * List of authorization rules, evaluated in order.
134
140
  * First matching rule determines the outcome.
package/dist/types/naylence/fame/security/auth/policy/basic-authorization-policy.d.ts CHANGED
@@ -75,4 +75,6 @@ export declare class BasicAuthorizationPolicy implements AuthorizationPolicy {
75
75
  * Valid values: 'downstream', 'upstream', 'peer', 'local' (case-insensitive).
76
76
  */
77
77
  private compileOriginTypes;
78
+ private normalizeActionToken;
79
+ private normalizeOriginTypeToken;
78
80
  }
package/dist/types/version.d.ts CHANGED
@@ -2,4 +2,4 @@
2
2
  * The package version, injected at build time.
3
3
  * @internal
4
4
  */
5
- export declare const VERSION = "0.4.3";
5
+ export declare const VERSION = "0.4.4";
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@naylence/runtime",
3
- "version": "0.4.3",
3
+ "version": "0.4.4",
4
4
  "type": "module",
5
5
  "description": "Naylence Runtime - Complete TypeScript runtime",
6
6
  "author": "Naylence Dev <naylencedev@gmail.com>",