@naylence/runtime 0.4.8 → 0.4.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/browser/index.cjs +23 -118
- package/dist/browser/index.mjs +24 -118
- package/dist/cjs/naylence/fame/node/factory-commons.js +2 -3
- package/dist/cjs/naylence/fame/security/auth/policy/authorization-policy-definition.js +1 -1
- package/dist/cjs/naylence/fame/security/auth/policy/basic-authorization-policy.js +18 -59
- package/dist/cjs/naylence/fame/security/index.js +1 -2
- package/dist/cjs/naylence/fame/security/node-security-profile-factory.js +1 -52
- package/dist/cjs/version.js +2 -2
- package/dist/esm/naylence/fame/node/factory-commons.js +2 -3
- package/dist/esm/naylence/fame/security/auth/policy/authorization-policy-definition.js +1 -1
- package/dist/esm/naylence/fame/security/auth/policy/basic-authorization-policy.js +18 -59
- package/dist/esm/naylence/fame/security/index.js +1 -1
- package/dist/esm/naylence/fame/security/node-security-profile-factory.js +0 -51
- package/dist/esm/version.js +2 -2
- package/dist/node/index.cjs +23 -118
- package/dist/node/index.mjs +24 -118
- package/dist/node/node.cjs +23 -118
- package/dist/node/node.mjs +24 -118
- package/dist/types/naylence/fame/security/auth/policy/authorization-policy-definition.d.ts +5 -1
- package/dist/types/naylence/fame/security/auth/policy/basic-authorization-policy.d.ts +0 -6
- package/dist/types/naylence/fame/security/index.d.ts +1 -1
- package/dist/types/naylence/fame/security/node-security-profile-factory.d.ts +0 -1
- package/dist/types/version.d.ts +1 -1
- package/package.json +1 -1
package/dist/node/node.mjs
CHANGED
|
@@ -4435,12 +4435,12 @@ async function ensureRuntimeFactoriesRegistered(registry = Registry) {
|
|
|
4435
4435
|
}
|
|
4436
4436
|
|
|
4437
4437
|
// This file is auto-generated during build - do not edit manually
|
|
4438
|
-
// Generated from package.json version: 0.4.
|
|
4438
|
+
// Generated from package.json version: 0.4.10
|
|
4439
4439
|
/**
|
|
4440
4440
|
* The package version, injected at build time.
|
|
4441
4441
|
* @internal
|
|
4442
4442
|
*/
|
|
4443
|
-
const VERSION = '0.4.
|
|
4443
|
+
const VERSION = '0.4.10';
|
|
4444
4444
|
|
|
4445
4445
|
let initialized = false;
|
|
4446
4446
|
const runtimePlugin = {
|
|
@@ -15827,9 +15827,8 @@ function requiresCryptoProvider(config) {
|
|
|
15827
15827
|
const profile = record.profile;
|
|
15828
15828
|
if (typeof profile === 'string') {
|
|
15829
15829
|
const profileLower = profile.toLowerCase();
|
|
15830
|
-
// Overlay variants require crypto provider for envelope signing
|
|
15831
|
-
if (profileLower.includes('overlay')
|
|
15832
|
-
profileLower === 'strict-overlay') {
|
|
15830
|
+
// Overlay variants (including strict-overlay) require crypto provider for envelope signing
|
|
15831
|
+
if (profileLower.includes('overlay')) {
|
|
15833
15832
|
return true;
|
|
15834
15833
|
}
|
|
15835
15834
|
}
|
|
@@ -23330,7 +23329,7 @@ const KNOWN_RULE_FIELDS = new Set([
|
|
|
23330
23329
|
'effect',
|
|
23331
23330
|
'action',
|
|
23332
23331
|
'address',
|
|
23333
|
-
'frame_type',
|
|
23332
|
+
'frame_type', // Reserved for advanced-security
|
|
23334
23333
|
'origin_type',
|
|
23335
23334
|
'scope',
|
|
23336
23335
|
'when', // Reserved for advanced-security
|
|
@@ -23860,11 +23859,6 @@ class BasicAuthorizationPolicy {
|
|
|
23860
23859
|
const resolvedActionNormalized = this.normalizeActionToken(resolvedAction) ?? resolvedAction;
|
|
23861
23860
|
const address = extractAddress(envelope);
|
|
23862
23861
|
const grantedScopes = extractGrantedScopes(context);
|
|
23863
|
-
const rawFrameType = envelope.frame
|
|
23864
|
-
?.type;
|
|
23865
|
-
const frameTypeNormalized = typeof rawFrameType === 'string' && rawFrameType.trim().length > 0
|
|
23866
|
-
? rawFrameType.trim().toLowerCase()
|
|
23867
|
-
: '';
|
|
23868
23862
|
// Extract and normalize origin type for rule matching
|
|
23869
23863
|
const rawOriginType = context?.originType;
|
|
23870
23864
|
const originTypeNormalized = typeof rawOriginType === 'string'
|
|
@@ -23882,22 +23876,16 @@ class BasicAuthorizationPolicy {
|
|
|
23882
23876
|
step.expression = 'when clause (skipped by basic policy)';
|
|
23883
23877
|
step.result = false;
|
|
23884
23878
|
evaluationTrace.push(step);
|
|
23879
|
+
logger$M.debug('rule_skipped_when_clause', { ruleId: rule.id });
|
|
23885
23880
|
continue;
|
|
23886
23881
|
}
|
|
23887
|
-
//
|
|
23888
|
-
if (rule.
|
|
23889
|
-
|
|
23890
|
-
|
|
23891
|
-
|
|
23892
|
-
|
|
23893
|
-
|
|
23894
|
-
}
|
|
23895
|
-
if (!rule.frameTypes.has(frameTypeNormalized)) {
|
|
23896
|
-
step.expression = `frame_type: ${rawFrameType ?? 'unknown'} not in rule set`;
|
|
23897
|
-
step.result = false;
|
|
23898
|
-
evaluationTrace.push(step);
|
|
23899
|
-
continue;
|
|
23900
|
-
}
|
|
23882
|
+
// Skip rules with 'frame_type' clause (reserved for advanced-security package)
|
|
23883
|
+
if (rule.hasFrameTypeClause) {
|
|
23884
|
+
step.expression = 'frame_type clause (skipped by basic policy)';
|
|
23885
|
+
step.result = false;
|
|
23886
|
+
evaluationTrace.push(step);
|
|
23887
|
+
logger$M.debug('rule_skipped_frame_type_clause', { ruleId: rule.id });
|
|
23888
|
+
continue;
|
|
23901
23889
|
}
|
|
23902
23890
|
// Check origin type match (early gate for efficiency)
|
|
23903
23891
|
if (rule.originTypes) {
|
|
@@ -24012,8 +24000,14 @@ class BasicAuthorizationPolicy {
|
|
|
24012
24000
|
const actions = this.compileActions(rule.action, id);
|
|
24013
24001
|
// Compile address patterns (glob-only, no regex)
|
|
24014
24002
|
const addressPatterns = this.compileAddress(rule.address, id);
|
|
24015
|
-
//
|
|
24016
|
-
const
|
|
24003
|
+
// Check for frame_type clause (reserved for advanced-security)
|
|
24004
|
+
const hasFrameTypeClause = rule.frame_type !== undefined;
|
|
24005
|
+
if (hasFrameTypeClause && warnOnUnknown) {
|
|
24006
|
+
logger$M.warning('reserved_field_frame_type_will_be_skipped', {
|
|
24007
|
+
ruleId: id,
|
|
24008
|
+
message: `Rule "${id}" uses reserved field "frame_type" which is only supported in advanced-security package. This rule will be skipped during evaluation.`,
|
|
24009
|
+
});
|
|
24010
|
+
}
|
|
24017
24011
|
// Compile origin type gating
|
|
24018
24012
|
const originTypes = this.compileOriginTypes(rule.origin_type, id);
|
|
24019
24013
|
// Compile scope matcher (glob-only, no regex)
|
|
@@ -24040,11 +24034,12 @@ class BasicAuthorizationPolicy {
|
|
|
24040
24034
|
description: rule.description,
|
|
24041
24035
|
effect: rule.effect,
|
|
24042
24036
|
actions,
|
|
24043
|
-
frameTypes,
|
|
24037
|
+
frameTypes: undefined, // No longer used; reserved for advanced-security
|
|
24044
24038
|
originTypes,
|
|
24045
24039
|
addressPatterns,
|
|
24046
24040
|
scopeMatcher,
|
|
24047
24041
|
hasWhenClause: typeof rule.when === 'string' && rule.when.length > 0,
|
|
24042
|
+
hasFrameTypeClause,
|
|
24048
24043
|
};
|
|
24049
24044
|
}
|
|
24050
24045
|
/**
|
|
@@ -24134,43 +24129,6 @@ class BasicAuthorizationPolicy {
|
|
|
24134
24129
|
}
|
|
24135
24130
|
return patterns;
|
|
24136
24131
|
}
|
|
24137
|
-
/**
|
|
24138
|
-
* Compiles frame_type field into a Set of normalized frame types.
|
|
24139
|
-
* Supports single string or array of strings (implicit any-of).
|
|
24140
|
-
* Returns undefined if not specified (no frame type gating).
|
|
24141
|
-
*/
|
|
24142
|
-
compileFrameTypes(frameType, ruleId) {
|
|
24143
|
-
if (frameType === undefined) {
|
|
24144
|
-
return undefined;
|
|
24145
|
-
}
|
|
24146
|
-
// Handle single frame type
|
|
24147
|
-
if (typeof frameType === 'string') {
|
|
24148
|
-
const normalized = frameType.trim().toLowerCase();
|
|
24149
|
-
if (!normalized) {
|
|
24150
|
-
throw new Error(`Invalid frame_type in rule "${ruleId}": value must not be empty`);
|
|
24151
|
-
}
|
|
24152
|
-
return new Set([normalized]);
|
|
24153
|
-
}
|
|
24154
|
-
// Handle array of frame types
|
|
24155
|
-
if (!Array.isArray(frameType)) {
|
|
24156
|
-
throw new Error(`Invalid frame_type in rule "${ruleId}": must be a string or array of strings`);
|
|
24157
|
-
}
|
|
24158
|
-
if (frameType.length === 0) {
|
|
24159
|
-
throw new Error(`Invalid frame_type in rule "${ruleId}": array must not be empty`);
|
|
24160
|
-
}
|
|
24161
|
-
const frameTypes = new Set();
|
|
24162
|
-
for (const ft of frameType) {
|
|
24163
|
-
if (typeof ft !== 'string') {
|
|
24164
|
-
throw new Error(`Invalid frame_type in rule "${ruleId}": all values must be strings`);
|
|
24165
|
-
}
|
|
24166
|
-
const normalized = ft.trim().toLowerCase();
|
|
24167
|
-
if (!normalized) {
|
|
24168
|
-
throw new Error(`Invalid frame_type in rule "${ruleId}": values must not be empty`);
|
|
24169
|
-
}
|
|
24170
|
-
frameTypes.add(normalized);
|
|
24171
|
-
}
|
|
24172
|
-
return frameTypes;
|
|
24173
|
-
}
|
|
24174
24132
|
/**
|
|
24175
24133
|
* Compiles origin_type field into a Set of normalized origin types.
|
|
24176
24134
|
* Supports single string or array of strings (implicit any-of).
|
|
@@ -30832,61 +30790,11 @@ const ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = 'FAME_JWT_REVERSE_AUTH_AUDIENCE';
|
|
|
30832
30790
|
const ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY = 'FAME_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY';
|
|
30833
30791
|
const ENV_VAR_TRUSTED_CLIENT_SCOPE = 'FAME_TRUSTED_CLIENT_SCOPE';
|
|
30834
30792
|
const ENV_VAR_AUTHORIZATION_PROFILE = 'FAME_AUTHORIZATION_PROFILE';
|
|
30835
|
-
const PROFILE_NAME_STRICT_OVERLAY = 'strict-overlay';
|
|
30836
30793
|
const PROFILE_NAME_OVERLAY = 'overlay';
|
|
30837
30794
|
const PROFILE_NAME_OVERLAY_CALLBACK = 'overlay-callback';
|
|
30838
30795
|
const PROFILE_NAME_GATED = 'gated';
|
|
30839
30796
|
const PROFILE_NAME_GATED_CALLBACK = 'gated-callback';
|
|
30840
30797
|
const PROFILE_NAME_OPEN$1 = 'open';
|
|
30841
|
-
const STRICT_OVERLAY_PROFILE = {
|
|
30842
|
-
type: 'DefaultSecurityManager',
|
|
30843
|
-
security_policy: {
|
|
30844
|
-
type: 'DefaultSecurityPolicy',
|
|
30845
|
-
signing: {
|
|
30846
|
-
signing_material: 'x509-chain',
|
|
30847
|
-
require_cert_sid_match: true,
|
|
30848
|
-
inbound: {
|
|
30849
|
-
signature_policy: 'required',
|
|
30850
|
-
unsigned_violation_action: 'nack',
|
|
30851
|
-
invalid_signature_action: 'nack',
|
|
30852
|
-
},
|
|
30853
|
-
response: {
|
|
30854
|
-
mirror_request_signing: true,
|
|
30855
|
-
always_sign_responses: false,
|
|
30856
|
-
sign_error_responses: true,
|
|
30857
|
-
},
|
|
30858
|
-
outbound: {
|
|
30859
|
-
default_signing: true,
|
|
30860
|
-
sign_sensitive_operations: true,
|
|
30861
|
-
sign_if_recipient_expects: true,
|
|
30862
|
-
},
|
|
30863
|
-
},
|
|
30864
|
-
encryption: {
|
|
30865
|
-
inbound: {
|
|
30866
|
-
allow_plaintext: true,
|
|
30867
|
-
allow_channel: true,
|
|
30868
|
-
allow_sealed: true,
|
|
30869
|
-
plaintext_violation_action: 'nack',
|
|
30870
|
-
channel_violation_action: 'nack',
|
|
30871
|
-
sealed_violation_action: 'nack',
|
|
30872
|
-
},
|
|
30873
|
-
response: {
|
|
30874
|
-
mirror_request_level: true,
|
|
30875
|
-
minimum_response_level: 'plaintext',
|
|
30876
|
-
escalate_sealed_responses: false,
|
|
30877
|
-
},
|
|
30878
|
-
outbound: {
|
|
30879
|
-
default_level: Expressions.env(ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, 'channel'),
|
|
30880
|
-
escalate_if_peer_supports: false,
|
|
30881
|
-
prefer_sealed_for_sensitive: false,
|
|
30882
|
-
},
|
|
30883
|
-
},
|
|
30884
|
-
},
|
|
30885
|
-
authorizer: {
|
|
30886
|
-
type: 'AuthorizationProfile',
|
|
30887
|
-
profile: Expressions.env(ENV_VAR_AUTHORIZATION_PROFILE, 'jwt'),
|
|
30888
|
-
},
|
|
30889
|
-
};
|
|
30890
30798
|
const OVERLAY_PROFILE = {
|
|
30891
30799
|
type: 'DefaultSecurityManager',
|
|
30892
30800
|
security_policy: {
|
|
@@ -31089,7 +30997,6 @@ const OPEN_PROFILE$1 = {
|
|
|
31089
30997
|
};
|
|
31090
30998
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OVERLAY, OVERLAY_PROFILE, { source: 'node-security-profile-factory' });
|
|
31091
30999
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OVERLAY_CALLBACK, OVERLAY_CALLBACK_PROFILE, { source: 'node-security-profile-factory' });
|
|
31092
|
-
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_STRICT_OVERLAY, STRICT_OVERLAY_PROFILE, { source: 'node-security-profile-factory' });
|
|
31093
31000
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_GATED, GATED_PROFILE, { source: 'node-security-profile-factory' });
|
|
31094
31001
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_GATED_CALLBACK, GATED_CALLBACK_PROFILE, { source: 'node-security-profile-factory' });
|
|
31095
31002
|
registerProfile(SECURITY_MANAGER_FACTORY_BASE_TYPE, PROFILE_NAME_OPEN$1, OPEN_PROFILE$1, { source: 'node-security-profile-factory' });
|
|
@@ -31226,7 +31133,6 @@ var nodeSecurityProfileFactory = /*#__PURE__*/Object.freeze({
|
|
|
31226
31133
|
PROFILE_NAME_OPEN: PROFILE_NAME_OPEN$1,
|
|
31227
31134
|
PROFILE_NAME_OVERLAY: PROFILE_NAME_OVERLAY,
|
|
31228
31135
|
PROFILE_NAME_OVERLAY_CALLBACK: PROFILE_NAME_OVERLAY_CALLBACK,
|
|
31229
|
-
PROFILE_NAME_STRICT_OVERLAY: PROFILE_NAME_STRICT_OVERLAY,
|
|
31230
31136
|
default: NodeSecurityProfileFactory
|
|
31231
31137
|
});
|
|
31232
31138
|
|
|
@@ -45997,4 +45903,4 @@ var otelSetup = /*#__PURE__*/Object.freeze({
|
|
|
45997
45903
|
setupOtel: setupOtel
|
|
45998
45904
|
});
|
|
45999
45905
|
|
|
46000
|
-
export { ADMISSION_CLIENT_FACTORY_BASE_TYPE, ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE, AUTHORIZATION_POLICY_FACTORY_BASE_TYPE, AUTHORIZATION_POLICY_SOURCE_FACTORY_BASE_TYPE, AUTHORIZER_FACTORY_BASE_TYPE, AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE, ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY$1 as AUTH_PROFILE_ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY, ENV_VAR_HMAC_SECRET$1 as AUTH_PROFILE_ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL$1 as AUTH_PROFILE_ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM$3 as AUTH_PROFILE_ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$3 as AUTH_PROFILE_ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE$1 as AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER$1 as AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER$1 as AUTH_PROFILE_ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_TRUSTED_CLIENT_SCOPE$1 as AUTH_PROFILE_ENV_VAR_TRUSTED_CLIENT_SCOPE, PROFILE_NAME_DEFAULT as AUTH_PROFILE_NAME_DEFAULT, PROFILE_NAME_NOOP$2 as AUTH_PROFILE_NAME_NOOP, PROFILE_NAME_OAUTH2 as AUTH_PROFILE_NAME_OAUTH2, PROFILE_NAME_OAUTH2_CALLBACK as AUTH_PROFILE_NAME_OAUTH2_CALLBACK, PROFILE_NAME_OAUTH2_GATED as AUTH_PROFILE_NAME_OAUTH2_GATED, AnsiColor, AsyncLock, AttachmentKeyValidator, AuthInjectionStrategyFactory, AuthorizationPolicyFactory, AuthorizationPolicySourceFactory, AuthorizationProfileFactory, AuthorizerFactory, BROADCAST_CHANNEL_CONNECTION_GRANT_TYPE, BackPressureFull, BaseAsyncConnector, BaseNodeEventListener, BasicAuthorizationPolicy, BasicAuthorizationPolicyFactory, BindingManager, BindingStoreEntryRecord, BrowserAutoKeyCredentialProvider, BrowserWrappedKeyCredentialProvider, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CONNECTION_RETRY_POLICY_FACTORY_BASE_TYPE, CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE, CRYPTO_LEVEL_SECURITY_ORDER, CertificateManagerFactory, ConnectionRetryPolicyFactory, ConnectorConfigDefaults, ConnectorFactory, ConsoleMetricsEmitter, CryptoLevel, FACTORY_META$10 as DEFAULT_WELCOME_FACTORY_META, DefaultConnectionRetryPolicy, DefaultConnectionRetryPolicyFactory, DefaultCryptoProvider, DefaultHttpServer, DefaultKeyManager, DefaultNodeIdentityPolicy, DefaultNodeIdentityPolicyFactory, DefaultSecurityManager, DefaultSecurityPolicy, DefaultWelcomeService, DefaultWelcomeServiceFactory, DevFixedKeyCredentialProvider, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, ENV_VAR_AUTHORIZATION_PROFILE, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM$2 as ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$2 as ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_SESSION_MAX_INITIAL_ATTEMPTS, ENV_VAR_SHOW_ENVELOPES$1 as ENV_VAR_SHOW_ENVELOPES, EdDSAEnvelopeSigner, EncryptedKeyValueStore, EncryptedStorageProviderBase, EncryptedValue, EncryptionConfiguration, EncryptionManagerFactory, EncryptionResult, EncryptionStatus, EnvCredentialProvider, EnvelopeContext, EnvelopeListenerManager, EnvelopeSecurityHandler, EnvelopeSignerFactory, EnvelopeVerifierFactory, FACTORY_META$11 as FACTORY_META, FAME_FABRIC_FACTORY_BASE_TYPE, FIXED_PREFIX_LEN, FameAuthorizedDeliveryContextSchema, FameConnectError, FameEnvironmentContext, FameError, FameMessageTooLarge, FameNode, FameNodeAuthorizationContextSchema, FameProtocolError, FameTransportClose, FlowController, GRANT_PURPOSE_NODE_ATTACH, HTTP_CONNECTION_GRANT_TYPE, HTTP_STATELESS_CONNECTOR_TYPE, HttpListener, HttpStatelessConnector, INPAGE_CONNECTION_GRANT_TYPE, INPAGE_CONNECTOR_TYPE, InMemoryBinding, InMemoryFanoutBroker, InMemoryKeyValueStore, InMemoryReadWriteChannel, InMemoryStorageProvider, InPageConnector, InPageListener, InProcessFameFabric, InProcessFameFabricFactory, IndexedDBKeyValueStore, IndexedDBStorageProvider, InvalidPassphraseError, JWKValidationError, KEY_MANAGER_FACTORY_BASE_TYPE, KEY_STORE_FACTORY_BASE_TYPE, KNOWN_POLICY_FIELDS, KNOWN_RULE_FIELDS, KeyInfo, KeyManagementHandler, KeyManagerFactory, KeyStore, KeyStoreFactory, KeyValidationError, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, LogLevel, LogLevelNames, MAX_SCOPE_NESTING_DEPTH, MemoryMetricsEmitter, NODE_IDENTITY_POLICY_FACTORY_BASE_TYPE, NODE_LIKE_FACTORY_BASE_TYPE, NODE_PLACEMENT_STRATEGY_FACTORY_BASE_TYPE, NoOpMetricsEmitter, NoSecurityPolicy, NodeFactory, NodeIdentityPolicyFactory, NodeIdentityPolicyProfileFactory, NodePlacementStrategyFactory, NoneCredentialProvider, NoopEncryptionManager, NoopKeyValidator, NoopTrustStoreProvider, NotAuthorized, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN$1 as PROFILE_NAME_OPEN, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PROFILE_NAME_STRICT_OVERLAY, PromptCredentialProvider, QueueFullError, REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, REQUIRED_FIELDS_BY_KTY, ReplicaStickinessManagerFactory, RootSessionManager, RouteManager, RpcMixin, RpcProxy, SEALED_ENVELOPE_NONCE_LENGTH, SEALED_ENVELOPE_OVERHEAD, SEALED_ENVELOPE_PRIVATE_KEY_LENGTH, SEALED_ENVELOPE_PUBLIC_KEY_LENGTH, SEALED_ENVELOPE_TAG_LENGTH, SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE, SECURITY_MANAGER_FACTORY_BASE_TYPE, SECURITY_POLICY_FACTORY_BASE_TYPE, SQLiteKeyValueStore, SQLiteStorageProvider, STORAGE_PROVIDER_FACTORY_BASE_TYPE, SecretSource, SecretStoreCredentialProvider, SecureChannelFrameHandler, SecureChannelManagerFactory, SecurityAction, SecurityRequirements, Sentinel, SentinelFactory, SessionKeyCredentialProvider, SignaturePolicy, SigningConfig as SigningConfigClass, SigningConfiguration, SimpleLoadBalancerStickinessManager, SimpleLoadBalancerStickinessManagerFactory, StaticCredentialProvider, StorageAESEncryptionManager, TOKEN_ISSUER_FACTORY_BASE_TYPE, TOKEN_PROVIDER_FACTORY_BASE_TYPE, TOKEN_VERIFIER_FACTORY_BASE_TYPE, TRANSPORT_LISTENER_FACTORY_BASE_TYPE, TRANSPORT_PROVISIONER_FACTORY_BASE_TYPE, TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, TaskSpawner, TokenIssuerFactory, TokenProviderFactory, TokenSubjectNodeIdentityPolicy, TokenSubjectNodeIdentityPolicyFactory, TokenVerifierFactory, TransportListener, TransportListenerFactory, TransportProvisionerFactory, TrustStoreProviderFactory, TtlValidationError, UpstreamSessionManager, VALID_ACTIONS, VALID_CURVES_BY_KTY, VALID_EFFECTS, VALID_KEY_USES, VALID_ORIGIN_TYPES, VERSION, WEBSOCKET_CONNECTION_GRANT_TYPE, WELCOME_SERVICE_FACTORY_BASE_TYPE, WebSocketCloseCode, WebSocketConnector, WebSocketListener, WebSocketState, WelcomeServiceFactory, _NoopFlowController, __runtimePluginLoader, addEnvelopeFields, addLogLevel, addTimestamp, assertConnectionGrant, assertGrant, assertNotRegexPattern, basicConfig, broadcastChannelGrantToConnectorConfig, camelToSnakeCase, canonicalJson, capitalizeFirstLetter, clearProfiles, color, compareCryptoLevels, compileGlobOnlyScopeRequirement, compileGlobPattern, compilePattern, compileScopeRequirement, compiledPathPattern, consoleTransport, convertWildcardLogicalToDnsConstraint, createConnectorConfig, createEd25519Keypair, createHostLogicalUri, createJwksRouter, createLogicalUri, createNodeDeliveryContext, createApp as createOAuth2ServerApp, createOAuth2TokenRouter, createOpenIDConfigurationRouter, createResource, createRpcProxy, createRsaKeypair, createTransportCloseError, createX25519Keypair, credentialToString, currentTraceId$1 as currentTraceId, debounce, decodeBase64Url, decodeFameDataPayload, deepMerge, defaultJsonEncoder, delay, dropEmpty, enableLogging, encodeUtf8, ensureRuntimeFactoriesRegistered, evaluateScopeRequirement, extractId, extractPoolAddressBase, extractPoolBase, filterKeysByUse, formatTimestamp, formatTimestampForConsole$1 as formatTimestampForConsole, frameDigest, getCompiledGlobPattern, getCurrentEnvelope, getFabricForNode, getFameRoot, getHttpListenerInstance, getInPageListenerInstance, getKeyProvider, getKeyStore, getLogger, getProfile, getWebsocketListenerInstance, hasCryptoSupport, hostnameToLogical, hostnamesToLogicals, httpGrantToConnectorConfig, immutableHeaders, inPageGrantToConnectorConfig, isAuthInjectionStrategy, isBroadcastChannelConnectionGrant, isConnectionGrant, isConnectorConfig, isEnvelopeLoggingEnabled, isFameError, isFameErrorType, isGrant, isHttpConnectionGrant, isIdentityExposingTokenProvider, isInPageConnectionGrant, isNodeLike, isPlainObject$4 as isPlainObject, isPoolAddress, isPoolLogical, isRegexPattern, isRegisterable, isTokenExpired, isTokenProvider, isTokenValid, isWebSocketConnectionGrant, jsonDumps, listProfiles, logicalPatternsToDnsConstraints, logicalToHostname, logicalsToHostnames, matchPattern, matchesPoolAddress, matchesPoolLogical, maybeAwait, nodeWelcomeRouter, nodeWelcomeRouterPlugin, normalizeBroadcastChannelConnectionGrant, normalizeEncryptionConfig, normalizeEnvelopeSnapshot, normalizeExtendedFameConfig, normalizeHttpConnectionGrant, normalizeInPageConnectionGrant, normalizeInboundCryptoRules, normalizeInboundSigningRules, normalizeOutboundCryptoRules, normalizeOutboundSigningRules, normalizePath, normalizeResponseCryptoRules, normalizeResponseSigningRules, normalizeScopeRequirement, normalizeSecretSource, normalizeSecurityRequirements, normalizeSigningConfig, normalizeWebSocketConnectionGrant, objectToBytes, operation, parseSealedEnvelope, pinoTransport, prettyModel$1 as prettyModel, registerDefaultFactories, registerDefaultKeyStoreFactory, registerNodePlacementStrategyFactory, registerProfile, registerRuntimeFactories, requireCryptoSupport, retryWithBackoff, main as runOAuth2Server, safeColor, safeImport, sealedDecrypt, sealedEncrypt, secureDigest, setKeyStore, showEnvelopes$1 as showEnvelopes, sleep, snakeToCamelCase, stringifyNonPrimitives, supportsColor, throttle, urlsafeBase64Decode, urlsafeBase64Encode, validateCacheTtlSec, validateEncryptionKey, validateHostLogical, validateHostLogicals, validateJwkComplete, validateJwkStructure, validateJwkUseField, validateJwtTokenTtlSec, validateKeyCorrelationTtlSec, validateLogical, validateLogicalSegment, validateOAuth2TtlSec, validateSigningKey, validateTtlSec, waitForAll, waitForAllSettled, waitForAny, websocketGrantToConnectorConfig, withEnvelopeContext, withEnvelopeContextAsync, withLegacySnakeCaseKeys, withLock, withTimeout };
|
|
45906
|
+
export { ADMISSION_CLIENT_FACTORY_BASE_TYPE, ATTACHMENT_KEY_VALIDATOR_FACTORY_BASE_TYPE, AUTHORIZATION_POLICY_FACTORY_BASE_TYPE, AUTHORIZATION_POLICY_SOURCE_FACTORY_BASE_TYPE, AUTHORIZER_FACTORY_BASE_TYPE, AUTH_INJECTION_STRATEGY_FACTORY_BASE_TYPE, ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY$1 as AUTH_PROFILE_ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY, ENV_VAR_HMAC_SECRET$1 as AUTH_PROFILE_ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL$1 as AUTH_PROFILE_ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM$3 as AUTH_PROFILE_ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$3 as AUTH_PROFILE_ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE$1 as AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER$1 as AUTH_PROFILE_ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER$1 as AUTH_PROFILE_ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_TRUSTED_CLIENT_SCOPE$1 as AUTH_PROFILE_ENV_VAR_TRUSTED_CLIENT_SCOPE, PROFILE_NAME_DEFAULT as AUTH_PROFILE_NAME_DEFAULT, PROFILE_NAME_NOOP$2 as AUTH_PROFILE_NAME_NOOP, PROFILE_NAME_OAUTH2 as AUTH_PROFILE_NAME_OAUTH2, PROFILE_NAME_OAUTH2_CALLBACK as AUTH_PROFILE_NAME_OAUTH2_CALLBACK, PROFILE_NAME_OAUTH2_GATED as AUTH_PROFILE_NAME_OAUTH2_GATED, AnsiColor, AsyncLock, AttachmentKeyValidator, AuthInjectionStrategyFactory, AuthorizationPolicyFactory, AuthorizationPolicySourceFactory, AuthorizationProfileFactory, AuthorizerFactory, BROADCAST_CHANNEL_CONNECTION_GRANT_TYPE, BackPressureFull, BaseAsyncConnector, BaseNodeEventListener, BasicAuthorizationPolicy, BasicAuthorizationPolicyFactory, BindingManager, BindingStoreEntryRecord, BrowserAutoKeyCredentialProvider, BrowserWrappedKeyCredentialProvider, CERTIFICATE_MANAGER_FACTORY_BASE_TYPE, CONNECTION_RETRY_POLICY_FACTORY_BASE_TYPE, CREDENTIAL_PROVIDER_FACTORY_BASE_TYPE, CRYPTO_LEVEL_SECURITY_ORDER, CertificateManagerFactory, ConnectionRetryPolicyFactory, ConnectorConfigDefaults, ConnectorFactory, ConsoleMetricsEmitter, CryptoLevel, FACTORY_META$10 as DEFAULT_WELCOME_FACTORY_META, DefaultConnectionRetryPolicy, DefaultConnectionRetryPolicyFactory, DefaultCryptoProvider, DefaultHttpServer, DefaultKeyManager, DefaultNodeIdentityPolicy, DefaultNodeIdentityPolicyFactory, DefaultSecurityManager, DefaultSecurityPolicy, DefaultWelcomeService, DefaultWelcomeServiceFactory, DevFixedKeyCredentialProvider, ENCRYPTION_MANAGER_FACTORY_BASE_TYPE, ENVELOPE_SIGNER_FACTORY_BASE_TYPE, ENVELOPE_VERIFIER_FACTORY_BASE_TYPE, ENV_VAR_AUTHORIZATION_PROFILE, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWKS_URL, ENV_VAR_JWT_ALGORITHM$2 as ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE$2 as ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_SESSION_MAX_INITIAL_ATTEMPTS, ENV_VAR_SHOW_ENVELOPES$1 as ENV_VAR_SHOW_ENVELOPES, EdDSAEnvelopeSigner, EncryptedKeyValueStore, EncryptedStorageProviderBase, EncryptedValue, EncryptionConfiguration, EncryptionManagerFactory, EncryptionResult, EncryptionStatus, EnvCredentialProvider, EnvelopeContext, EnvelopeListenerManager, EnvelopeSecurityHandler, EnvelopeSignerFactory, EnvelopeVerifierFactory, FACTORY_META$11 as FACTORY_META, FAME_FABRIC_FACTORY_BASE_TYPE, FIXED_PREFIX_LEN, FameAuthorizedDeliveryContextSchema, FameConnectError, FameEnvironmentContext, FameError, FameMessageTooLarge, FameNode, FameNodeAuthorizationContextSchema, FameProtocolError, FameTransportClose, FlowController, GRANT_PURPOSE_NODE_ATTACH, HTTP_CONNECTION_GRANT_TYPE, HTTP_STATELESS_CONNECTOR_TYPE, HttpListener, HttpStatelessConnector, INPAGE_CONNECTION_GRANT_TYPE, INPAGE_CONNECTOR_TYPE, InMemoryBinding, InMemoryFanoutBroker, InMemoryKeyValueStore, InMemoryReadWriteChannel, InMemoryStorageProvider, InPageConnector, InPageListener, InProcessFameFabric, InProcessFameFabricFactory, IndexedDBKeyValueStore, IndexedDBStorageProvider, InvalidPassphraseError, JWKValidationError, KEY_MANAGER_FACTORY_BASE_TYPE, KEY_STORE_FACTORY_BASE_TYPE, KNOWN_POLICY_FIELDS, KNOWN_RULE_FIELDS, KeyInfo, KeyManagementHandler, KeyManagerFactory, KeyStore, KeyStoreFactory, KeyValidationError, LOAD_BALANCER_STICKINESS_MANAGER_FACTORY_BASE_TYPE, LoadBalancerStickinessManagerFactory, LogLevel, LogLevelNames, MAX_SCOPE_NESTING_DEPTH, MemoryMetricsEmitter, NODE_IDENTITY_POLICY_FACTORY_BASE_TYPE, NODE_LIKE_FACTORY_BASE_TYPE, NODE_PLACEMENT_STRATEGY_FACTORY_BASE_TYPE, NoOpMetricsEmitter, NoSecurityPolicy, NodeFactory, NodeIdentityPolicyFactory, NodeIdentityPolicyProfileFactory, NodePlacementStrategyFactory, NoneCredentialProvider, NoopEncryptionManager, NoopKeyValidator, NoopTrustStoreProvider, NotAuthorized, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN$1 as PROFILE_NAME_OPEN, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PromptCredentialProvider, QueueFullError, REPLICA_STICKINESS_MANAGER_FACTORY_BASE_TYPE, REQUIRED_FIELDS_BY_KTY, ReplicaStickinessManagerFactory, RootSessionManager, RouteManager, RpcMixin, RpcProxy, SEALED_ENVELOPE_NONCE_LENGTH, SEALED_ENVELOPE_OVERHEAD, SEALED_ENVELOPE_PRIVATE_KEY_LENGTH, SEALED_ENVELOPE_PUBLIC_KEY_LENGTH, SEALED_ENVELOPE_TAG_LENGTH, SECURE_CHANNEL_MANAGER_FACTORY_BASE_TYPE, SECURITY_MANAGER_FACTORY_BASE_TYPE, SECURITY_POLICY_FACTORY_BASE_TYPE, SQLiteKeyValueStore, SQLiteStorageProvider, STORAGE_PROVIDER_FACTORY_BASE_TYPE, SecretSource, SecretStoreCredentialProvider, SecureChannelFrameHandler, SecureChannelManagerFactory, SecurityAction, SecurityRequirements, Sentinel, SentinelFactory, SessionKeyCredentialProvider, SignaturePolicy, SigningConfig as SigningConfigClass, SigningConfiguration, SimpleLoadBalancerStickinessManager, SimpleLoadBalancerStickinessManagerFactory, StaticCredentialProvider, StorageAESEncryptionManager, TOKEN_ISSUER_FACTORY_BASE_TYPE, TOKEN_PROVIDER_FACTORY_BASE_TYPE, TOKEN_VERIFIER_FACTORY_BASE_TYPE, TRANSPORT_LISTENER_FACTORY_BASE_TYPE, TRANSPORT_PROVISIONER_FACTORY_BASE_TYPE, TRUST_STORE_PROVIDER_FACTORY_BASE_TYPE, TaskSpawner, TokenIssuerFactory, TokenProviderFactory, TokenSubjectNodeIdentityPolicy, TokenSubjectNodeIdentityPolicyFactory, TokenVerifierFactory, TransportListener, TransportListenerFactory, TransportProvisionerFactory, TrustStoreProviderFactory, TtlValidationError, UpstreamSessionManager, VALID_ACTIONS, VALID_CURVES_BY_KTY, VALID_EFFECTS, VALID_KEY_USES, VALID_ORIGIN_TYPES, VERSION, WEBSOCKET_CONNECTION_GRANT_TYPE, WELCOME_SERVICE_FACTORY_BASE_TYPE, WebSocketCloseCode, WebSocketConnector, WebSocketListener, WebSocketState, WelcomeServiceFactory, _NoopFlowController, __runtimePluginLoader, addEnvelopeFields, addLogLevel, addTimestamp, assertConnectionGrant, assertGrant, assertNotRegexPattern, basicConfig, broadcastChannelGrantToConnectorConfig, camelToSnakeCase, canonicalJson, capitalizeFirstLetter, clearProfiles, color, compareCryptoLevels, compileGlobOnlyScopeRequirement, compileGlobPattern, compilePattern, compileScopeRequirement, compiledPathPattern, consoleTransport, convertWildcardLogicalToDnsConstraint, createConnectorConfig, createEd25519Keypair, createHostLogicalUri, createJwksRouter, createLogicalUri, createNodeDeliveryContext, createApp as createOAuth2ServerApp, createOAuth2TokenRouter, createOpenIDConfigurationRouter, createResource, createRpcProxy, createRsaKeypair, createTransportCloseError, createX25519Keypair, credentialToString, currentTraceId$1 as currentTraceId, debounce, decodeBase64Url, decodeFameDataPayload, deepMerge, defaultJsonEncoder, delay, dropEmpty, enableLogging, encodeUtf8, ensureRuntimeFactoriesRegistered, evaluateScopeRequirement, extractId, extractPoolAddressBase, extractPoolBase, filterKeysByUse, formatTimestamp, formatTimestampForConsole$1 as formatTimestampForConsole, frameDigest, getCompiledGlobPattern, getCurrentEnvelope, getFabricForNode, getFameRoot, getHttpListenerInstance, getInPageListenerInstance, getKeyProvider, getKeyStore, getLogger, getProfile, getWebsocketListenerInstance, hasCryptoSupport, hostnameToLogical, hostnamesToLogicals, httpGrantToConnectorConfig, immutableHeaders, inPageGrantToConnectorConfig, isAuthInjectionStrategy, isBroadcastChannelConnectionGrant, isConnectionGrant, isConnectorConfig, isEnvelopeLoggingEnabled, isFameError, isFameErrorType, isGrant, isHttpConnectionGrant, isIdentityExposingTokenProvider, isInPageConnectionGrant, isNodeLike, isPlainObject$4 as isPlainObject, isPoolAddress, isPoolLogical, isRegexPattern, isRegisterable, isTokenExpired, isTokenProvider, isTokenValid, isWebSocketConnectionGrant, jsonDumps, listProfiles, logicalPatternsToDnsConstraints, logicalToHostname, logicalsToHostnames, matchPattern, matchesPoolAddress, matchesPoolLogical, maybeAwait, nodeWelcomeRouter, nodeWelcomeRouterPlugin, normalizeBroadcastChannelConnectionGrant, normalizeEncryptionConfig, normalizeEnvelopeSnapshot, normalizeExtendedFameConfig, normalizeHttpConnectionGrant, normalizeInPageConnectionGrant, normalizeInboundCryptoRules, normalizeInboundSigningRules, normalizeOutboundCryptoRules, normalizeOutboundSigningRules, normalizePath, normalizeResponseCryptoRules, normalizeResponseSigningRules, normalizeScopeRequirement, normalizeSecretSource, normalizeSecurityRequirements, normalizeSigningConfig, normalizeWebSocketConnectionGrant, objectToBytes, operation, parseSealedEnvelope, pinoTransport, prettyModel$1 as prettyModel, registerDefaultFactories, registerDefaultKeyStoreFactory, registerNodePlacementStrategyFactory, registerProfile, registerRuntimeFactories, requireCryptoSupport, retryWithBackoff, main as runOAuth2Server, safeColor, safeImport, sealedDecrypt, sealedEncrypt, secureDigest, setKeyStore, showEnvelopes$1 as showEnvelopes, sleep, snakeToCamelCase, stringifyNonPrimitives, supportsColor, throttle, urlsafeBase64Decode, urlsafeBase64Encode, validateCacheTtlSec, validateEncryptionKey, validateHostLogical, validateHostLogicals, validateJwkComplete, validateJwkStructure, validateJwkUseField, validateJwtTokenTtlSec, validateKeyCorrelationTtlSec, validateLogical, validateLogicalSegment, validateOAuth2TtlSec, validateSigningKey, validateTtlSec, waitForAll, waitForAllSettled, waitForAny, websocketGrantToConnectorConfig, withEnvelopeContext, withEnvelopeContextAsync, withLegacySnakeCaseKeys, withLock, withTimeout };
|
|
@@ -93,9 +93,13 @@ export interface AuthorizationRuleDefinition {
|
|
|
93
93
|
*/
|
|
94
94
|
address?: string | string[];
|
|
95
95
|
/**
|
|
96
|
-
* Optional frame type gating.
|
|
96
|
+
* Optional frame type gating (reserved for advanced-security package).
|
|
97
97
|
* Can be a single frame type string or an array (implicit any-of).
|
|
98
98
|
* Matching is case-insensitive.
|
|
99
|
+
*
|
|
100
|
+
* WARNING: Basic policy parser will skip rules containing this field
|
|
101
|
+
* and log a warning during policy construction. This field is only
|
|
102
|
+
* supported in the advanced-security package.
|
|
99
103
|
*/
|
|
100
104
|
frame_type?: string | string[];
|
|
101
105
|
/**
|
|
@@ -62,12 +62,6 @@ export declare class BasicAuthorizationPolicy implements AuthorizationPolicy {
|
|
|
62
62
|
* All patterns are treated as globs - `^` prefix is rejected as an error.
|
|
63
63
|
*/
|
|
64
64
|
private compileAddress;
|
|
65
|
-
/**
|
|
66
|
-
* Compiles frame_type field into a Set of normalized frame types.
|
|
67
|
-
* Supports single string or array of strings (implicit any-of).
|
|
68
|
-
* Returns undefined if not specified (no frame type gating).
|
|
69
|
-
*/
|
|
70
|
-
private compileFrameTypes;
|
|
71
65
|
/**
|
|
72
66
|
* Compiles origin_type field into a Set of normalized origin types.
|
|
73
67
|
* Supports single string or array of strings (implicit any-of).
|
|
@@ -80,4 +80,4 @@ export * from './credential/browser-auto-key-credential-provider.js';
|
|
|
80
80
|
export * from './credential/browser-wrapped-key-credential-provider.js';
|
|
81
81
|
export * from './credential/session-key-credential-provider.js';
|
|
82
82
|
export * from './credential/dev-fixed-key-credential-provider.js';
|
|
83
|
-
export { ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWKS_URL, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_AUTHORIZATION_PROFILE,
|
|
83
|
+
export { ENV_VAR_JWT_TRUSTED_ISSUER, ENV_VAR_JWT_ALGORITHM, ENV_VAR_JWT_AUDIENCE, ENV_VAR_JWKS_URL, ENV_VAR_DEFAULT_ENCRYPTION_LEVEL, ENV_VAR_HMAC_SECRET, ENV_VAR_JWT_REVERSE_AUTH_TRUSTED_ISSUER, ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE, ENV_VAR_AUTHORIZATION_PROFILE, PROFILE_NAME_OVERLAY, PROFILE_NAME_OVERLAY_CALLBACK, PROFILE_NAME_GATED, PROFILE_NAME_GATED_CALLBACK, PROFILE_NAME_OPEN, } from './node-security-profile-factory.js';
|
|
@@ -13,7 +13,6 @@ export declare const ENV_VAR_JWT_REVERSE_AUTH_AUDIENCE = "FAME_JWT_REVERSE_AUTH_
|
|
|
13
13
|
export declare const ENV_VAR_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY = "FAME_ENFORCE_TOKEN_SUBJECT_NODE_IDENTITY";
|
|
14
14
|
export declare const ENV_VAR_TRUSTED_CLIENT_SCOPE = "FAME_TRUSTED_CLIENT_SCOPE";
|
|
15
15
|
export declare const ENV_VAR_AUTHORIZATION_PROFILE = "FAME_AUTHORIZATION_PROFILE";
|
|
16
|
-
export declare const PROFILE_NAME_STRICT_OVERLAY = "strict-overlay";
|
|
17
16
|
export declare const PROFILE_NAME_OVERLAY = "overlay";
|
|
18
17
|
export declare const PROFILE_NAME_OVERLAY_CALLBACK = "overlay-callback";
|
|
19
18
|
export declare const PROFILE_NAME_GATED = "gated";
|
package/dist/types/version.d.ts
CHANGED