@naylence/runtime 0.4.3 → 0.4.5

package/dist/browser/index.cjs

@@ -525,12 +525,12 @@ async function ensureRuntimeFactoriesRegistered(registry = factory.Registry) {
 }
 
 // This file is auto-generated during build - do not edit manually
-// Generated from package.json version: 0.4.3
+// Generated from package.json version: 0.4.5
 /**
  * The package version, injected at build time.
  * @internal
  */
-const VERSION = '0.4.3';
+const VERSION = '0.4.5';
 
 let initialized = false;
 const runtimePlugin = {
@@ -22062,13 +22062,21 @@ function normalizeConfig$w(config) {
     return { profile: canonicalProfile };
 }
 function resolveProfileName$2(candidate) {
-    const direct = coerceProfileString$2(candidate.profile);
+    let direct = coerceProfileString$2(candidate.profile);
+    if (direct && factory.ExpressionEvaluator.isExpression(direct)) {
+        const evaluated = factory.ExpressionEvaluator.evaluate(direct);
+        direct = coerceProfileString$2(evaluated);
+    }
     if (direct) {
         return direct;
     }
     const legacyKeys = ['profile_name', 'profileName'];
     for (const legacyKey of legacyKeys) {
-        const legacyValue = coerceProfileString$2(candidate[legacyKey]);
+        let legacyValue = coerceProfileString$2(candidate[legacyKey]);
+        if (legacyValue && factory.ExpressionEvaluator.isExpression(legacyValue)) {
+            const evaluated = factory.ExpressionEvaluator.evaluate(legacyValue);
+            legacyValue = coerceProfileString$2(evaluated);
+        }
         if (legacyValue) {
             return legacyValue;
         }
@@ -22676,6 +22684,7 @@ class BasicAuthorizationPolicy {
         // Action must be explicitly provided; default to wildcard if omitted
         // for backward compatibility during transition
         const resolvedAction = action ?? '*';
+        const resolvedActionNormalized = this.normalizeActionToken(resolvedAction) ?? resolvedAction;
         const address = extractAddress(envelope);
         const grantedScopes = extractGrantedScopes(context);
         const rawFrameType = envelope.frame
@@ -22685,8 +22694,8 @@ class BasicAuthorizationPolicy {
             : '';
         // Extract and normalize origin type for rule matching
         const rawOriginType = context?.originType;
-        const originTypeNormalized = typeof rawOriginType === 'string' && rawOriginType.trim().length > 0
-            ? rawOriginType.trim().toLowerCase()
+        const originTypeNormalized = typeof rawOriginType === 'string'
+            ? this.normalizeOriginTypeToken(rawOriginType) ?? undefined
             : undefined;
         const evaluationTrace = [];
         // Evaluate rules in order (first match wins)
@@ -22733,8 +22742,8 @@ class BasicAuthorizationPolicy {
                 }
             }
             // Check action match
-            if (!rule.actions.has('*') && !rule.actions.has(resolvedAction)) {
-                step.expression = `action: ${resolvedAction} not in [${Array.from(rule.actions).join(', ')}]`;
+            if (!rule.actions.has('*') && !rule.actions.has(resolvedActionNormalized)) {
+                step.expression = `action: ${resolvedActionNormalized} not in [${Array.from(rule.actions).join(', ')}]`;
                 step.result = false;
                 evaluationTrace.push(step);
                 continue;
@@ -22801,6 +22810,9 @@ class BasicAuthorizationPolicy {
         };
     }
     validateDefaultEffect(effect) {
+        if (effect === undefined || effect === null) {
+            return 'deny';
+        }
         if (effect !== 'allow' && effect !== 'deny') {
             throw new Error(`Invalid default_effect: "${String(effect)}". Must be "allow" or "deny"`);
         }
@@ -22873,10 +22885,11 @@ class BasicAuthorizationPolicy {
         }
         // Handle single action
         if (typeof action === 'string') {
-            if (!VALID_ACTIONS.includes(action)) {
+            const normalized = this.normalizeActionToken(action);
+            if (!normalized) {
                 throw new Error(`Invalid action in rule "${ruleId}": "${action}". Must be one of: ${VALID_ACTIONS.join(', ')}`);
             }
-            return new Set([action]);
+            return new Set([normalized]);
         }
         // Handle array of actions
         if (!Array.isArray(action)) {
@@ -22890,10 +22903,11 @@ class BasicAuthorizationPolicy {
             if (typeof a !== 'string') {
                 throw new Error(`Invalid action in rule "${ruleId}": all values must be strings`);
             }
-            if (!VALID_ACTIONS.includes(a)) {
+            const normalized = this.normalizeActionToken(a);
+            if (!normalized) {
                 throw new Error(`Invalid action in rule "${ruleId}": "${a}". Must be one of: ${VALID_ACTIONS.join(', ')}`);
             }
-            actions.add(a);
+            actions.add(normalized);
         }
         return actions;
     }
@@ -22996,11 +23010,12 @@ class BasicAuthorizationPolicy {
         }
         // Handle single origin type
         if (typeof originType === 'string') {
-            const normalized = originType.trim().toLowerCase();
-            if (!normalized) {
+            const trimmed = originType.trim();
+            if (!trimmed) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": value must not be empty`);
             }
-            if (!VALID_ORIGIN_TYPES.includes(normalized)) {
+            const normalized = this.normalizeOriginTypeToken(trimmed);
+            if (!normalized) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": "${originType}". Must be one of: ${VALID_ORIGIN_TYPES.join(', ')}`);
             }
             return new Set([normalized]);
@@ -23017,17 +23032,50 @@ class BasicAuthorizationPolicy {
             if (typeof ot !== 'string') {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": all values must be strings`);
             }
-            const normalized = ot.trim().toLowerCase();
-            if (!normalized) {
+            const trimmed = ot.trim();
+            if (!trimmed) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": values must not be empty`);
             }
-            if (!VALID_ORIGIN_TYPES.includes(normalized)) {
+            const normalized = this.normalizeOriginTypeToken(trimmed);
+            if (!normalized) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": "${ot}". Must be one of: ${VALID_ORIGIN_TYPES.join(', ')}`);
             }
             originTypes.add(normalized);
         }
         return originTypes;
     }
+    normalizeActionToken(value) {
+        const trimmed = value.trim();
+        if (!trimmed) {
+            return null;
+        }
+        if (trimmed === '*') {
+            return '*';
+        }
+        const normalized = trimmed.replace(/[\s_-]+/g, '').toLowerCase();
+        const map = {
+            connect: 'Connect',
+            forwardupstream: 'ForwardUpstream',
+            forwarddownstream: 'ForwardDownstream',
+            forwardpeer: 'ForwardPeer',
+            deliverlocal: 'DeliverLocal',
+        };
+        return map[normalized] ?? null;
+    }
+    normalizeOriginTypeToken(value) {
+        const trimmed = value.trim();
+        if (!trimmed) {
+            return null;
+        }
+        const normalized = trimmed.replace(/[\s_-]+/g, '').toLowerCase();
+        const map = {
+            downstream: 'downstream',
+            upstream: 'upstream',
+            peer: 'peer',
+            local: 'local',
+        };
+        return map[normalized] ?? null;
+    }
 }
 
 var basicAuthorizationPolicy = /*#__PURE__*/Object.freeze({
@@ -42776,16 +42824,22 @@ class LocalFileAuthorizationPolicySource {
         const factoryConfig = this.policyFactoryConfig ?? policyDefinition;
         // Ensure we have a type field for the factory
         if (!('type' in factoryConfig) || typeof factoryConfig.type !== 'string') {
-            throw new Error(`Policy definition at ${this.path} must have a 'type' field, ` +
-                `or policyFactory config must be provided`);
+            logger$1.warning('policy_type_missing_defaulting_to_basic', {
+                path: this.path,
+            });
+            factoryConfig.type =
+                'BasicAuthorizationPolicy';
         }
         // Build the factory config with the policy definition
         // The file content IS the policy definition, so we extract the type
         // and wrap the remaining content as the policyDefinition
-        const { type, ...restOfFile } = policyDefinition;
+        const { type: fileType, ...restOfFile } = policyDefinition;
+        const resolvedType = typeof fileType === 'string' && fileType.trim().length > 0
+            ? fileType
+            : factoryConfig.type;
         const mergedConfig = this.policyFactoryConfig != null
             ? { ...this.policyFactoryConfig, policyDefinition }
-            : { type: factoryConfig.type, policyDefinition: restOfFile };
+            : { type: resolvedType, policyDefinition: restOfFile };
         // Create the policy using the factory system
         const policy = await AuthorizationPolicyFactory.createAuthorizationPolicy(mergedConfig);
         if (!policy) {

package/dist/browser/index.mjs

@@ -1,7 +1,7 @@
 import { parseAddressComponents, FlowFlags, FameAddress, DEFAULT_POLLING_TIMEOUT_MS, extractEnvelopeAndContext, createChannelMessage, generateId, createFameEnvelope, parseAddress, formatAddress, formatAddressFromComponents, FameResponseType, localDeliveryContext, Binding, DeliveryOriginType, makeResponse, isFameMessageResponse, parseRequest, makeRequest, DEFAULT_INVOKE_TIMEOUT_MILLIS, parseResponse, ConnectorState, ConnectorStateUtils, FameFabric, isFameMessageService, isFameRPCService, FameServiceProxy, generateIdAsync, snakeToCamelObject, getDefaultFameConfigResolver, setDefaultFameConfigResolver, SigningMaterial, AuthorizationContextSchema, FameDeliveryContextSchema, SecurityContextSchema, withFabric, FameEnvelopeSchema, deserializeEnvelope, FameChannelMessage, SINK_CAPABILITY, FameFabricFactory, serializeEnvelope, createAuthorizationContext } from '@naylence/core';
 export * from '@naylence/core';
 import { z, ZodError } from 'zod';
-import { Registry, AbstractResourceFactory, createResource as createResource$1, createDefaultResource, registerFactory, Expressions, ExtensionManager, ExpressionEvaluationPolicy, configValidator } from '@naylence/factory';
+import { Registry, AbstractResourceFactory, createResource as createResource$1, createDefaultResource, registerFactory, Expressions, ExtensionManager, ExpressionEvaluationPolicy, ExpressionEvaluator, configValidator } from '@naylence/factory';
 import { sign, hashes, verify } from '@noble/ed25519';
 import { sha256, sha512 } from '@noble/hashes/sha2.js';
 import { chacha20poly1305 } from '@noble/ciphers/chacha.js';
@@ -523,12 +523,12 @@ async function ensureRuntimeFactoriesRegistered(registry = Registry) {
 }
 
 // This file is auto-generated during build - do not edit manually
-// Generated from package.json version: 0.4.3
+// Generated from package.json version: 0.4.5
 /**
  * The package version, injected at build time.
  * @internal
  */
-const VERSION = '0.4.3';
+const VERSION = '0.4.5';
 
 let initialized = false;
 const runtimePlugin = {
@@ -22060,13 +22060,21 @@ function normalizeConfig$w(config) {
     return { profile: canonicalProfile };
 }
 function resolveProfileName$2(candidate) {
-    const direct = coerceProfileString$2(candidate.profile);
+    let direct = coerceProfileString$2(candidate.profile);
+    if (direct && ExpressionEvaluator.isExpression(direct)) {
+        const evaluated = ExpressionEvaluator.evaluate(direct);
+        direct = coerceProfileString$2(evaluated);
+    }
     if (direct) {
         return direct;
     }
     const legacyKeys = ['profile_name', 'profileName'];
     for (const legacyKey of legacyKeys) {
-        const legacyValue = coerceProfileString$2(candidate[legacyKey]);
+        let legacyValue = coerceProfileString$2(candidate[legacyKey]);
+        if (legacyValue && ExpressionEvaluator.isExpression(legacyValue)) {
+            const evaluated = ExpressionEvaluator.evaluate(legacyValue);
+            legacyValue = coerceProfileString$2(evaluated);
+        }
         if (legacyValue) {
             return legacyValue;
         }
@@ -22674,6 +22682,7 @@ class BasicAuthorizationPolicy {
         // Action must be explicitly provided; default to wildcard if omitted
         // for backward compatibility during transition
         const resolvedAction = action ?? '*';
+        const resolvedActionNormalized = this.normalizeActionToken(resolvedAction) ?? resolvedAction;
         const address = extractAddress(envelope);
         const grantedScopes = extractGrantedScopes(context);
         const rawFrameType = envelope.frame
@@ -22683,8 +22692,8 @@ class BasicAuthorizationPolicy {
             : '';
         // Extract and normalize origin type for rule matching
         const rawOriginType = context?.originType;
-        const originTypeNormalized = typeof rawOriginType === 'string' && rawOriginType.trim().length > 0
-            ? rawOriginType.trim().toLowerCase()
+        const originTypeNormalized = typeof rawOriginType === 'string'
+            ? this.normalizeOriginTypeToken(rawOriginType) ?? undefined
             : undefined;
         const evaluationTrace = [];
         // Evaluate rules in order (first match wins)
@@ -22731,8 +22740,8 @@ class BasicAuthorizationPolicy {
                 }
             }
             // Check action match
-            if (!rule.actions.has('*') && !rule.actions.has(resolvedAction)) {
-                step.expression = `action: ${resolvedAction} not in [${Array.from(rule.actions).join(', ')}]`;
+            if (!rule.actions.has('*') && !rule.actions.has(resolvedActionNormalized)) {
+                step.expression = `action: ${resolvedActionNormalized} not in [${Array.from(rule.actions).join(', ')}]`;
                 step.result = false;
                 evaluationTrace.push(step);
                 continue;
@@ -22799,6 +22808,9 @@ class BasicAuthorizationPolicy {
         };
     }
     validateDefaultEffect(effect) {
+        if (effect === undefined || effect === null) {
+            return 'deny';
+        }
         if (effect !== 'allow' && effect !== 'deny') {
             throw new Error(`Invalid default_effect: "${String(effect)}". Must be "allow" or "deny"`);
         }
@@ -22871,10 +22883,11 @@ class BasicAuthorizationPolicy {
         }
         // Handle single action
         if (typeof action === 'string') {
-            if (!VALID_ACTIONS.includes(action)) {
+            const normalized = this.normalizeActionToken(action);
+            if (!normalized) {
                 throw new Error(`Invalid action in rule "${ruleId}": "${action}". Must be one of: ${VALID_ACTIONS.join(', ')}`);
             }
-            return new Set([action]);
+            return new Set([normalized]);
         }
         // Handle array of actions
         if (!Array.isArray(action)) {
@@ -22888,10 +22901,11 @@ class BasicAuthorizationPolicy {
             if (typeof a !== 'string') {
                 throw new Error(`Invalid action in rule "${ruleId}": all values must be strings`);
             }
-            if (!VALID_ACTIONS.includes(a)) {
+            const normalized = this.normalizeActionToken(a);
+            if (!normalized) {
                 throw new Error(`Invalid action in rule "${ruleId}": "${a}". Must be one of: ${VALID_ACTIONS.join(', ')}`);
             }
-            actions.add(a);
+            actions.add(normalized);
         }
         return actions;
     }
@@ -22994,11 +23008,12 @@ class BasicAuthorizationPolicy {
         }
         // Handle single origin type
         if (typeof originType === 'string') {
-            const normalized = originType.trim().toLowerCase();
-            if (!normalized) {
+            const trimmed = originType.trim();
+            if (!trimmed) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": value must not be empty`);
             }
-            if (!VALID_ORIGIN_TYPES.includes(normalized)) {
+            const normalized = this.normalizeOriginTypeToken(trimmed);
+            if (!normalized) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": "${originType}". Must be one of: ${VALID_ORIGIN_TYPES.join(', ')}`);
             }
             return new Set([normalized]);
@@ -23015,17 +23030,50 @@ class BasicAuthorizationPolicy {
             if (typeof ot !== 'string') {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": all values must be strings`);
             }
-            const normalized = ot.trim().toLowerCase();
-            if (!normalized) {
+            const trimmed = ot.trim();
+            if (!trimmed) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": values must not be empty`);
             }
-            if (!VALID_ORIGIN_TYPES.includes(normalized)) {
+            const normalized = this.normalizeOriginTypeToken(trimmed);
+            if (!normalized) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": "${ot}". Must be one of: ${VALID_ORIGIN_TYPES.join(', ')}`);
             }
             originTypes.add(normalized);
         }
         return originTypes;
     }
+    normalizeActionToken(value) {
+        const trimmed = value.trim();
+        if (!trimmed) {
+            return null;
+        }
+        if (trimmed === '*') {
+            return '*';
+        }
+        const normalized = trimmed.replace(/[\s_-]+/g, '').toLowerCase();
+        const map = {
+            connect: 'Connect',
+            forwardupstream: 'ForwardUpstream',
+            forwarddownstream: 'ForwardDownstream',
+            forwardpeer: 'ForwardPeer',
+            deliverlocal: 'DeliverLocal',
+        };
+        return map[normalized] ?? null;
+    }
+    normalizeOriginTypeToken(value) {
+        const trimmed = value.trim();
+        if (!trimmed) {
+            return null;
+        }
+        const normalized = trimmed.replace(/[\s_-]+/g, '').toLowerCase();
+        const map = {
+            downstream: 'downstream',
+            upstream: 'upstream',
+            peer: 'peer',
+            local: 'local',
+        };
+        return map[normalized] ?? null;
+    }
 }
 
 var basicAuthorizationPolicy = /*#__PURE__*/Object.freeze({
@@ -42774,16 +42822,22 @@ class LocalFileAuthorizationPolicySource {
         const factoryConfig = this.policyFactoryConfig ?? policyDefinition;
         // Ensure we have a type field for the factory
         if (!('type' in factoryConfig) || typeof factoryConfig.type !== 'string') {
-            throw new Error(`Policy definition at ${this.path} must have a 'type' field, ` +
-                `or policyFactory config must be provided`);
+            logger$1.warning('policy_type_missing_defaulting_to_basic', {
+                path: this.path,
+            });
+            factoryConfig.type =
+                'BasicAuthorizationPolicy';
         }
         // Build the factory config with the policy definition
         // The file content IS the policy definition, so we extract the type
         // and wrap the remaining content as the policyDefinition
-        const { type, ...restOfFile } = policyDefinition;
+        const { type: fileType, ...restOfFile } = policyDefinition;
+        const resolvedType = typeof fileType === 'string' && fileType.trim().length > 0
+            ? fileType
+            : factoryConfig.type;
         const mergedConfig = this.policyFactoryConfig != null
             ? { ...this.policyFactoryConfig, policyDefinition }
-            : { type: factoryConfig.type, policyDefinition: restOfFile };
+            : { type: resolvedType, policyDefinition: restOfFile };
         // Create the policy using the factory system
         const policy = await AuthorizationPolicyFactory.createAuthorizationPolicy(mergedConfig);
         if (!policy) {

package/dist/cjs/naylence/fame/security/auth/authorization-profile-factory.js

@@ -146,13 +146,21 @@ function normalizeConfig(config) {
     return { profile: canonicalProfile };
 }
 function resolveProfileName(candidate) {
-    const direct = coerceProfileString(candidate.profile);
+    let direct = coerceProfileString(candidate.profile);
+    if (direct && factory_1.ExpressionEvaluator.isExpression(direct)) {
+        const evaluated = factory_1.ExpressionEvaluator.evaluate(direct);
+        direct = coerceProfileString(evaluated);
+    }
     if (direct) {
         return direct;
     }
     const legacyKeys = ['profile_name', 'profileName'];
     for (const legacyKey of legacyKeys) {
-        const legacyValue = coerceProfileString(candidate[legacyKey]);
+        let legacyValue = coerceProfileString(candidate[legacyKey]);
+        if (legacyValue && factory_1.ExpressionEvaluator.isExpression(legacyValue)) {
+            const evaluated = factory_1.ExpressionEvaluator.evaluate(legacyValue);
+            legacyValue = coerceProfileString(evaluated);
+        }
         if (legacyValue) {
             return legacyValue;
         }

package/dist/cjs/naylence/fame/security/auth/policy/basic-authorization-policy.js

@@ -93,6 +93,7 @@ class BasicAuthorizationPolicy {
         // Action must be explicitly provided; default to wildcard if omitted
         // for backward compatibility during transition
         const resolvedAction = action ?? '*';
+        const resolvedActionNormalized = this.normalizeActionToken(resolvedAction) ?? resolvedAction;
         const address = extractAddress(envelope);
         const grantedScopes = extractGrantedScopes(context);
         const rawFrameType = envelope.frame
@@ -102,8 +103,8 @@ class BasicAuthorizationPolicy {
             : '';
         // Extract and normalize origin type for rule matching
         const rawOriginType = context?.originType;
-        const originTypeNormalized = typeof rawOriginType === 'string' && rawOriginType.trim().length > 0
-            ? rawOriginType.trim().toLowerCase()
+        const originTypeNormalized = typeof rawOriginType === 'string'
+            ? this.normalizeOriginTypeToken(rawOriginType) ?? undefined
             : undefined;
         const evaluationTrace = [];
         // Evaluate rules in order (first match wins)
@@ -150,8 +151,8 @@ class BasicAuthorizationPolicy {
                 }
             }
             // Check action match
-            if (!rule.actions.has('*') && !rule.actions.has(resolvedAction)) {
-                step.expression = `action: ${resolvedAction} not in [${Array.from(rule.actions).join(', ')}]`;
+            if (!rule.actions.has('*') && !rule.actions.has(resolvedActionNormalized)) {
+                step.expression = `action: ${resolvedActionNormalized} not in [${Array.from(rule.actions).join(', ')}]`;
                 step.result = false;
                 evaluationTrace.push(step);
                 continue;
@@ -218,6 +219,9 @@ class BasicAuthorizationPolicy {
         };
     }
     validateDefaultEffect(effect) {
+        if (effect === undefined || effect === null) {
+            return 'deny';
+        }
         if (effect !== 'allow' && effect !== 'deny') {
             throw new Error(`Invalid default_effect: "${String(effect)}". Must be "allow" or "deny"`);
         }
@@ -290,10 +294,11 @@ class BasicAuthorizationPolicy {
         }
         // Handle single action
         if (typeof action === 'string') {
-            if (!authorization_policy_definition_js_1.VALID_ACTIONS.includes(action)) {
+            const normalized = this.normalizeActionToken(action);
+            if (!normalized) {
                 throw new Error(`Invalid action in rule "${ruleId}": "${action}". Must be one of: ${authorization_policy_definition_js_1.VALID_ACTIONS.join(', ')}`);
             }
-            return new Set([action]);
+            return new Set([normalized]);
         }
         // Handle array of actions
         if (!Array.isArray(action)) {
@@ -307,10 +312,11 @@ class BasicAuthorizationPolicy {
             if (typeof a !== 'string') {
                 throw new Error(`Invalid action in rule "${ruleId}": all values must be strings`);
             }
-            if (!authorization_policy_definition_js_1.VALID_ACTIONS.includes(a)) {
+            const normalized = this.normalizeActionToken(a);
+            if (!normalized) {
                 throw new Error(`Invalid action in rule "${ruleId}": "${a}". Must be one of: ${authorization_policy_definition_js_1.VALID_ACTIONS.join(', ')}`);
             }
-            actions.add(a);
+            actions.add(normalized);
         }
         return actions;
     }
@@ -413,11 +419,12 @@ class BasicAuthorizationPolicy {
         }
         // Handle single origin type
         if (typeof originType === 'string') {
-            const normalized = originType.trim().toLowerCase();
-            if (!normalized) {
+            const trimmed = originType.trim();
+            if (!trimmed) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": value must not be empty`);
             }
-            if (!authorization_policy_definition_js_1.VALID_ORIGIN_TYPES.includes(normalized)) {
+            const normalized = this.normalizeOriginTypeToken(trimmed);
+            if (!normalized) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": "${originType}". Must be one of: ${authorization_policy_definition_js_1.VALID_ORIGIN_TYPES.join(', ')}`);
             }
             return new Set([normalized]);
@@ -434,16 +441,49 @@ class BasicAuthorizationPolicy {
             if (typeof ot !== 'string') {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": all values must be strings`);
             }
-            const normalized = ot.trim().toLowerCase();
-            if (!normalized) {
+            const trimmed = ot.trim();
+            if (!trimmed) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": values must not be empty`);
             }
-            if (!authorization_policy_definition_js_1.VALID_ORIGIN_TYPES.includes(normalized)) {
+            const normalized = this.normalizeOriginTypeToken(trimmed);
+            if (!normalized) {
                 throw new Error(`Invalid origin_type in rule "${ruleId}": "${ot}". Must be one of: ${authorization_policy_definition_js_1.VALID_ORIGIN_TYPES.join(', ')}`);
             }
             originTypes.add(normalized);
         }
         return originTypes;
     }
+    normalizeActionToken(value) {
+        const trimmed = value.trim();
+        if (!trimmed) {
+            return null;
+        }
+        if (trimmed === '*') {
+            return '*';
+        }
+        const normalized = trimmed.replace(/[\s_-]+/g, '').toLowerCase();
+        const map = {
+            connect: 'Connect',
+            forwardupstream: 'ForwardUpstream',
+            forwarddownstream: 'ForwardDownstream',
+            forwardpeer: 'ForwardPeer',
+            deliverlocal: 'DeliverLocal',
+        };
+        return map[normalized] ?? null;
+    }
+    normalizeOriginTypeToken(value) {
+        const trimmed = value.trim();
+        if (!trimmed) {
+            return null;
+        }
+        const normalized = trimmed.replace(/[\s_-]+/g, '').toLowerCase();
+        const map = {
+            downstream: 'downstream',
+            upstream: 'upstream',
+            peer: 'peer',
+            local: 'local',
+        };
+        return map[normalized] ?? null;
+    }
 }
 exports.BasicAuthorizationPolicy = BasicAuthorizationPolicy;

package/dist/cjs/naylence/fame/security/auth/policy/local-file-authorization-policy-source.js

@@ -123,16 +123,22 @@ class LocalFileAuthorizationPolicySource {
         const factoryConfig = this.policyFactoryConfig ?? policyDefinition;
         // Ensure we have a type field for the factory
         if (!('type' in factoryConfig) || typeof factoryConfig.type !== 'string') {
-            throw new Error(`Policy definition at ${this.path} must have a 'type' field, ` +
-                `or policyFactory config must be provided`);
+            logger.warning('policy_type_missing_defaulting_to_basic', {
+                path: this.path,
+            });
+            factoryConfig.type =
+                'BasicAuthorizationPolicy';
         }
         // Build the factory config with the policy definition
         // The file content IS the policy definition, so we extract the type
         // and wrap the remaining content as the policyDefinition
-        const { type, ...restOfFile } = policyDefinition;
+        const { type: fileType, ...restOfFile } = policyDefinition;
+        const resolvedType = typeof fileType === 'string' && fileType.trim().length > 0
+            ? fileType
+            : factoryConfig.type;
         const mergedConfig = this.policyFactoryConfig != null
             ? { ...this.policyFactoryConfig, policyDefinition }
-            : { type: factoryConfig.type, policyDefinition: restOfFile };
+            : { type: resolvedType, policyDefinition: restOfFile };
         // Create the policy using the factory system
         const policy = await authorization_policy_factory_js_1.AuthorizationPolicyFactory.createAuthorizationPolicy(mergedConfig);
         if (!policy) {

package/dist/cjs/version.js

@@ -1,10 +1,10 @@
 "use strict";
 // This file is auto-generated during build - do not edit manually
-// Generated from package.json version: 0.4.3
+// Generated from package.json version: 0.4.5
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VERSION = void 0;
 /**
  * The package version, injected at build time.
  * @internal
  */
-exports.VERSION = '0.4.3';
+exports.VERSION = '0.4.5';

package/dist/esm/naylence/fame/security/auth/authorization-profile-factory.js

@@ -1,4 +1,4 @@
-import { Expressions } from '@naylence/factory';
+import { Expressions, ExpressionEvaluator } from '@naylence/factory';
 import { getLogger } from '../../util/logging.js';
 import { AUTHORIZER_FACTORY_BASE_TYPE, AuthorizerFactory, } from './authorizer-factory.js';
 const logger = getLogger('naylence.fame.security.auth.authorization_profile_factory');
@@ -142,13 +142,21 @@ function normalizeConfig(config) {
     return { profile: canonicalProfile };
 }
 function resolveProfileName(candidate) {
-    const direct = coerceProfileString(candidate.profile);
+    let direct = coerceProfileString(candidate.profile);
+    if (direct && ExpressionEvaluator.isExpression(direct)) {
+        const evaluated = ExpressionEvaluator.evaluate(direct);
+        direct = coerceProfileString(evaluated);
+    }
     if (direct) {
         return direct;
     }
     const legacyKeys = ['profile_name', 'profileName'];
     for (const legacyKey of legacyKeys) {
-        const legacyValue = coerceProfileString(candidate[legacyKey]);
+        let legacyValue = coerceProfileString(candidate[legacyKey]);
+        if (legacyValue && ExpressionEvaluator.isExpression(legacyValue)) {
+            const evaluated = ExpressionEvaluator.evaluate(legacyValue);
+            legacyValue = coerceProfileString(evaluated);
+        }
         if (legacyValue) {
             return legacyValue;
         }