@nodii/approval 0.1.14 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/errors.d.ts +21 -0
- package/dist/errors.d.ts.map +1 -1
- package/dist/errors.js +32 -0
- package/dist/errors.js.map +1 -1
- package/dist/index.d.ts +7 -5
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +6 -4
- package/dist/index.js.map +1 -1
- package/dist/init.d.ts +21 -1
- package/dist/init.d.ts.map +1 -1
- package/dist/init.js +30 -1
- package/dist/init.js.map +1 -1
- package/dist/kinds.d.ts +25 -0
- package/dist/kinds.d.ts.map +1 -1
- package/dist/kinds.js +44 -0
- package/dist/kinds.js.map +1 -1
- package/dist/policy-client.d.ts +70 -0
- package/dist/policy-client.d.ts.map +1 -0
- package/dist/policy-client.js +157 -0
- package/dist/policy-client.js.map +1 -0
- package/dist/preview-validation.d.ts +21 -0
- package/dist/preview-validation.d.ts.map +1 -0
- package/dist/preview-validation.js +179 -0
- package/dist/preview-validation.js.map +1 -0
- package/dist/request.d.ts.map +1 -1
- package/dist/request.js +207 -10
- package/dist/request.js.map +1 -1
- package/dist/types.d.ts +78 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js.map +1 -1
- package/package.json +1 -1
package/dist/errors.d.ts
CHANGED
|
@@ -44,8 +44,29 @@ export declare class DeferredActionNotFound extends ApprovalError {
|
|
|
44
44
|
readonly name = "DeferredActionNotFound";
|
|
45
45
|
constructor(taskId: string);
|
|
46
46
|
}
|
|
47
|
+
export declare class UndeclaredRequesterKind extends ApprovalError {
|
|
48
|
+
readonly kind: string;
|
|
49
|
+
readonly name = "UndeclaredRequesterKind";
|
|
50
|
+
/** Stable wire code mapped by downstream interceptors / error middleware. */
|
|
51
|
+
static readonly code = "UNDECLARED_REQUESTER_KIND";
|
|
52
|
+
constructor(kind: string, ownedKinds: readonly string[], requesterKinds: readonly string[]);
|
|
53
|
+
}
|
|
47
54
|
export declare class TenantPolicyKindUnknown extends ApprovalError {
|
|
48
55
|
readonly name = "TenantPolicyKindUnknown";
|
|
49
56
|
constructor(kind: string);
|
|
50
57
|
}
|
|
58
|
+
/**
|
|
59
|
+
* Raised by `requestApproval` (D236) when `deferredActionPayloadSummary` fails
|
|
60
|
+
* the structured non-PII allow-list, a per-kind `previewSchema` rule, or the
|
|
61
|
+
* defensive PII-pattern heuristic. Thrown BEFORE any deferred_action row is
|
|
62
|
+
* written or begin-event emitted, so the requester sees + fixes the bad shape.
|
|
63
|
+
*/
|
|
64
|
+
export declare class InvalidApprovalPreviewShape extends ApprovalError {
|
|
65
|
+
readonly kind: string;
|
|
66
|
+
readonly reason: string;
|
|
67
|
+
readonly name = "InvalidApprovalPreviewShape";
|
|
68
|
+
/** Stable wire code mapped by downstream interceptors / error middleware. */
|
|
69
|
+
static readonly code = "INVALID_APPROVAL_PREVIEW_SHAPE";
|
|
70
|
+
constructor(kind: string, reason: string);
|
|
71
|
+
}
|
|
51
72
|
//# sourceMappingURL=errors.d.ts.map
|
package/dist/errors.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAMA,qBAAa,aAAc,SAAQ,KAAK;IACtC,SAAkB,IAAI,EAAE,MAAM,CAAmB;CAClD;AAED,qBAAa,sBAAuB,SAAQ,aAAa;IACvD,SAAkB,IAAI,4BAA4B;;CAOnD;AAED,qBAAa,mBAAoB,SAAQ,aAAa;IACpD,SAAkB,IAAI,yBAAyB;gBACnC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,MAAM,EAAE;CAKxD;AAED,qBAAa,0BAA2B,SAAQ,aAAa;IAC3D,SAAkB,IAAI,gCAAgC;gBAC1C,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,MAAM,EAAE;CAKxD;AAED,qBAAa,oBAAqB,SAAQ,aAAa;IACrD,SAAkB,IAAI,0BAA0B;gBACpC,IAAI,EAAE,MAAM;CAKzB;AAED,qBAAa,sBAAuB,SAAQ,aAAa;IACvD,SAAkB,IAAI,4BAA4B;;CAMnD;AAED,qBAAa,4BAA6B,SAAQ,aAAa;IAC7D,SAAkB,IAAI,kCAAkC;gBAC5C,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,MAAM,EAAE;CAK7D;AAED,qBAAa,sBAAuB,SAAQ,aAAa;aAGrC,KAAK,EAAE,UAAU,GAAG,MAAM;aAC1B,KAAK,EAAE,MAAM;IAH/B,SAAkB,IAAI,4BAA4B;gBAEhC,KAAK,EAAE,UAAU,GAAG,MAAM,EAC1B,KAAK,EAAE,MAAM,EAC7B,GAAG,EAAE,MAAM;CAId;AAED,qBAAa,wBAAyB,SAAQ,aAAa;IACzD,SAAkB,IAAI,8BAA8B;gBAElD,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,SAAS,MAAM,EAAE;CAMhC;AAED,qBAAa,kBAAmB,SAAQ,aAAa;aAGjC,KAAK,EAAE,OAAO;IAFhC,SAAkB,IAAI,wBAAwB;gBAE5B,KAAK,EAAE,OAAO,EAC9B,GAAG,EAAE,MAAM;CAId;AAED,qBAAa,sBAAuB,SAAQ,aAAa;IACvD,SAAkB,IAAI,4BAA4B;gBACtC,MAAM,EAAE,MAAM;CAG3B;AAED,qBAAa,uBAAwB,SAAQ,aAAa;IACxD,SAAkB,IAAI,6BAA6B;gBACvC,IAAI,EAAE,MAAM;CAKzB"}
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAMA,qBAAa,aAAc,SAAQ,KAAK;IACtC,SAAkB,IAAI,EAAE,MAAM,CAAmB;CAClD;AAED,qBAAa,sBAAuB,SAAQ,aAAa;IACvD,SAAkB,IAAI,4BAA4B;;CAOnD;AAED,qBAAa,mBAAoB,SAAQ,aAAa;IACpD,SAAkB,IAAI,yBAAyB;gBACnC,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,MAAM,EAAE;CAKxD;AAED,qBAAa,0BAA2B,SAAQ,aAAa;IAC3D,SAAkB,IAAI,gCAAgC;gBAC1C,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,MAAM,EAAE;CAKxD;AAED,qBAAa,oBAAqB,SAAQ,aAAa;IACrD,SAAkB,IAAI,0BAA0B;gBACpC,IAAI,EAAE,MAAM;CAKzB;AAED,qBAAa,sBAAuB,SAAQ,aAAa;IACvD,SAAkB,IAAI,4BAA4B;;CAMnD;AAED,qBAAa,4BAA6B,SAAQ,aAAa;IAC7D,SAAkB,IAAI,kCAAkC;gBAC5C,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,MAAM,EAAE;CAK7D;AAED,qBAAa,sBAAuB,SAAQ,aAAa;aAGrC,KAAK,EAAE,UAAU,GAAG,MAAM;aAC1B,KAAK,EAAE,MAAM;IAH/B,SAAkB,IAAI,4BAA4B;gBAEhC,KAAK,EAAE,UAAU,GAAG,MAAM,EAC1B,KAAK,EAAE,MAAM,EAC7B,GAAG,EAAE,MAAM;CAId;AAED,qBAAa,wBAAyB,SAAQ,aAAa;IACzD,SAAkB,IAAI,8BAA8B;gBAElD,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,SAAS,MAAM,EAAE;CAMhC;AAED,qBAAa,kBAAmB,SAAQ,aAAa;aAGjC,KAAK,EAAE,OAAO;IAFhC,SAAkB,IAAI,wBAAwB;gBAE5B,KAAK,EAAE,OAAO,EAC9B,GAAG,EAAE,MAAM;CAId;AAED,qBAAa,sBAAuB,SAAQ,aAAa;IACvD,SAAkB,IAAI,4BAA4B;gBACtC,MAAM,EAAE,MAAM;CAG3B;AAED,qBAAa,uBAAwB,SAAQ,aAAa;aAKtC,IAAI,EAAE,MAAM;IAJ9B,SAAkB,IAAI,6BAA6B;IACnD,6EAA6E;IAC7E,MAAM,CAAC,QAAQ,CAAC,IAAI,+BAA+B;gBAEjC,IAAI,EAAE,MAAM,EAC5B,UAAU,EAAE,SAAS,MAAM,EAAE,EAC7B,cAAc,EAAE,SAAS,MAAM,EAAE;CAMpC;AAED,qBAAa,uBAAwB,SAAQ,aAAa;IACxD,SAAkB,IAAI,6BAA6B;gBACvC,IAAI,EAAE,MAAM;CAKzB;AAED;;;;;GAKG;AACH,qBAAa,2BAA4B,SAAQ,aAAa;aAK1C,IAAI,EAAE,MAAM;aACZ,MAAM,EAAE,MAAM;IALhC,SAAkB,IAAI,iCAAiC;IACvD,6EAA6E;IAC7E,MAAM,CAAC,QAAQ,CAAC,IAAI,oCAAoC;gBAEtC,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM;CAUjC"}
|
package/dist/errors.js
CHANGED
|
@@ -73,10 +73,42 @@ export class DeferredActionNotFound extends ApprovalError {
|
|
|
73
73
|
super(`No deferred-action row found for task_id '${taskId}'.`);
|
|
74
74
|
}
|
|
75
75
|
}
|
|
76
|
+
export class UndeclaredRequesterKind extends ApprovalError {
|
|
77
|
+
kind;
|
|
78
|
+
name = "UndeclaredRequesterKind";
|
|
79
|
+
/** Stable wire code mapped by downstream interceptors / error middleware. */
|
|
80
|
+
static code = "UNDECLARED_REQUESTER_KIND";
|
|
81
|
+
constructor(kind, ownedKinds, requesterKinds) {
|
|
82
|
+
super(`Approval kind '${kind}' is neither OWNED (defineApprovalKinds + registerKinds) nor declared via defineApprovalRequester. Owned: [${ownedKinds.join(", ")}]; requester-declared: [${requesterKinds.join(", ")}]. Call defineApprovalRequester('<owner>.<resource>.<verb>') at boot to request a cross-owner kind. See D231 Rule 1.`);
|
|
83
|
+
this.kind = kind;
|
|
84
|
+
}
|
|
85
|
+
}
|
|
76
86
|
export class TenantPolicyKindUnknown extends ApprovalError {
|
|
77
87
|
name = "TenantPolicyKindUnknown";
|
|
78
88
|
constructor(kind) {
|
|
79
89
|
super(`Tenant policy row exists for kind '${kind}', but the kind is not registered in the running service. Falling through to kind defaults; the policy row is stale and should be cleaned up.`);
|
|
80
90
|
}
|
|
81
91
|
}
|
|
92
|
+
/**
|
|
93
|
+
* Raised by `requestApproval` (D236) when `deferredActionPayloadSummary` fails
|
|
94
|
+
* the structured non-PII allow-list, a per-kind `previewSchema` rule, or the
|
|
95
|
+
* defensive PII-pattern heuristic. Thrown BEFORE any deferred_action row is
|
|
96
|
+
* written or begin-event emitted, so the requester sees + fixes the bad shape.
|
|
97
|
+
*/
|
|
98
|
+
export class InvalidApprovalPreviewShape extends ApprovalError {
|
|
99
|
+
kind;
|
|
100
|
+
reason;
|
|
101
|
+
name = "InvalidApprovalPreviewShape";
|
|
102
|
+
/** Stable wire code mapped by downstream interceptors / error middleware. */
|
|
103
|
+
static code = "INVALID_APPROVAL_PREVIEW_SHAPE";
|
|
104
|
+
constructor(kind, reason) {
|
|
105
|
+
super(`Invalid deferred_action_payload_summary for kind '${kind}': ${reason}. ` +
|
|
106
|
+
"The summary is a structured non-PII preview surfaced into task-tracking; " +
|
|
107
|
+
"only { preview_label (required, non-PII string), preview_subline (optional " +
|
|
108
|
+
"non-PII string), counts (optional string→number map) } are permitted, " +
|
|
109
|
+
"tightened per-kind by the kind's previewSchema. See D236.");
|
|
110
|
+
this.kind = kind;
|
|
111
|
+
this.reason = reason;
|
|
112
|
+
}
|
|
113
|
+
}
|
|
82
114
|
//# sourceMappingURL=errors.js.map
|
package/dist/errors.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,6DAA6D;AAC7D,EAAE;AACF,oEAAoE;AACpE,mEAAmE;AACnE,qBAAqB;AAErB,MAAM,OAAO,aAAc,SAAQ,KAAK;IACpB,IAAI,GAAW,eAAe,CAAC;CAClD;AAED,MAAM,OAAO,sBAAuB,SAAQ,aAAa;IACrC,IAAI,GAAG,wBAAwB,CAAC;IAClD;QACE,KAAK,CACH,yEAAyE;YACvE,8BAA8B,CACjC,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,mBAAoB,SAAQ,aAAa;IAClC,IAAI,GAAG,qBAAqB,CAAC;IAC/C,YAAY,IAAY,EAAE,UAA6B;QACrD,KAAK,CACH,kBAAkB,IAAI,iDAAiD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,kCAAkC,CAC/H,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,0BAA2B,SAAQ,aAAa;IACzC,IAAI,GAAG,4BAA4B,CAAC;IACtD,YAAY,IAAY,EAAE,UAA6B;QACrD,KAAK,CACH,+BAA+B,IAAI,mEAAmE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC/H,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,oBAAqB,SAAQ,aAAa;IACnC,IAAI,GAAG,sBAAsB,CAAC;IAChD,YAAY,IAAY;QACtB,KAAK,CACH,mCAAmC,IAAI,8CAA8C,CACtF,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,sBAAuB,SAAQ,aAAa;IACrC,IAAI,GAAG,wBAAwB,CAAC;IAClD;QACE,KAAK,CACH,+JAA+J,CAChK,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,4BAA6B,SAAQ,aAAa;IAC3C,IAAI,GAAG,8BAA8B,CAAC;IACxD,YAAY,WAAmB,EAAE,QAA2B;QAC1D,KAAK,CACH,qCAAqC,WAAW,uCAAuC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,sFAAsF,CACjM,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,sBAAuB,SAAQ,aAAa;IAGrC;IACA;IAHA,IAAI,GAAG,wBAAwB,CAAC;IAClD,YACkB,KAA0B,EAC1B,KAAa,EAC7B,GAAW;QAEX,KAAK,CAAC,GAAG,CAAC,CAAC;QAJK,UAAK,GAAL,KAAK,CAAqB;QAC1B,UAAK,GAAL,KAAK,CAAQ;IAI/B,CAAC;CACF;AAED,MAAM,OAAO,wBAAyB,SAAQ,aAAa;IACvC,IAAI,GAAG,0BAA0B,CAAC;IACpD,YACE,YAAoB,EACpB,QAAgB,EAChB,UAA6B;QAE7B,KAAK,CACH,SAAS,QAAQ,8BAA8B,YAAY,mEAAmE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,gCAAgC,CACpL,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,kBAAmB,SAAQ,aAAa;IAGjC;IAFA,IAAI,GAAG,oBAAoB,CAAC;IAC9C,YACkB,KAAc,EAC9B,GAAW;QAEX,KAAK,CAAC,GAAG,CAAC,CAAC;QAHK,UAAK,GAAL,KAAK,CAAS;IAIhC,CAAC;CACF;AAED,MAAM,OAAO,sBAAuB,SAAQ,aAAa;IACrC,IAAI,GAAG,wBAAwB,CAAC;IAClD,YAAY,MAAc;QACxB,KAAK,CAAC,6CAA6C,MAAM,IAAI,CAAC,CAAC;IACjE,CAAC;CACF;AAED,MAAM,OAAO,uBAAwB,SAAQ,aAAa;IACtC,IAAI,GAAG,yBAAyB,CAAC;IACnD,YAAY,IAAY;QACtB,KAAK,CACH,sCAAsC,IAAI,+IAA+I,CAC1L,CAAC;IACJ,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,6DAA6D;AAC7D,EAAE;AACF,oEAAoE;AACpE,mEAAmE;AACnE,qBAAqB;AAErB,MAAM,OAAO,aAAc,SAAQ,KAAK;IACpB,IAAI,GAAW,eAAe,CAAC;CAClD;AAED,MAAM,OAAO,sBAAuB,SAAQ,aAAa;IACrC,IAAI,GAAG,wBAAwB,CAAC;IAClD;QACE,KAAK,CACH,yEAAyE;YACvE,8BAA8B,CACjC,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,mBAAoB,SAAQ,aAAa;IAClC,IAAI,GAAG,qBAAqB,CAAC;IAC/C,YAAY,IAAY,EAAE,UAA6B;QACrD,KAAK,CACH,kBAAkB,IAAI,iDAAiD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,kCAAkC,CAC/H,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,0BAA2B,SAAQ,aAAa;IACzC,IAAI,GAAG,4BAA4B,CAAC;IACtD,YAAY,IAAY,EAAE,UAA6B;QACrD,KAAK,CACH,+BAA+B,IAAI,mEAAmE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC/H,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,oBAAqB,SAAQ,aAAa;IACnC,IAAI,GAAG,sBAAsB,CAAC;IAChD,YAAY,IAAY;QACtB,KAAK,CACH,mCAAmC,IAAI,8CAA8C,CACtF,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,sBAAuB,SAAQ,aAAa;IACrC,IAAI,GAAG,wBAAwB,CAAC;IAClD;QACE,KAAK,CACH,+JAA+J,CAChK,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,4BAA6B,SAAQ,aAAa;IAC3C,IAAI,GAAG,8BAA8B,CAAC;IACxD,YAAY,WAAmB,EAAE,QAA2B;QAC1D,KAAK,CACH,qCAAqC,WAAW,uCAAuC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,sFAAsF,CACjM,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,sBAAuB,SAAQ,aAAa;IAGrC;IACA;IAHA,IAAI,GAAG,wBAAwB,CAAC;IAClD,YACkB,KAA0B,EAC1B,KAAa,EAC7B,GAAW;QAEX,KAAK,CAAC,GAAG,CAAC,CAAC;QAJK,UAAK,GAAL,KAAK,CAAqB;QAC1B,UAAK,GAAL,KAAK,CAAQ;IAI/B,CAAC;CACF;AAED,MAAM,OAAO,wBAAyB,SAAQ,aAAa;IACvC,IAAI,GAAG,0BAA0B,CAAC;IACpD,YACE,YAAoB,EACpB,QAAgB,EAChB,UAA6B;QAE7B,KAAK,CACH,SAAS,QAAQ,8BAA8B,YAAY,mEAAmE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,gCAAgC,CACpL,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,kBAAmB,SAAQ,aAAa;IAGjC;IAFA,IAAI,GAAG,oBAAoB,CAAC;IAC9C,YACkB,KAAc,EAC9B,GAAW;QAEX,KAAK,CAAC,GAAG,CAAC,CAAC;QAHK,UAAK,GAAL,KAAK,CAAS;IAIhC,CAAC;CACF;AAED,MAAM,OAAO,sBAAuB,SAAQ,aAAa;IACrC,IAAI,GAAG,wBAAwB,CAAC;IAClD,YAAY,MAAc;QACxB,KAAK,CAAC,6CAA6C,MAAM,IAAI,CAAC,CAAC;IACjE,CAAC;CACF;AAED,MAAM,OAAO,uBAAwB,SAAQ,aAAa;IAKtC;IAJA,IAAI,GAAG,yBAAyB,CAAC;IACnD,6EAA6E;IAC7E,MAAM,CAAU,IAAI,GAAG,2BAA2B,CAAC;IACnD,YACkB,IAAY,EAC5B,UAA6B,EAC7B,cAAiC;QAEjC,KAAK,CACH,kBAAkB,IAAI,8GAA8G,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,2BAA2B,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,sHAAsH,CACpU,CAAC;QANc,SAAI,GAAJ,IAAI,CAAQ;IAO9B,CAAC;;AAGH,MAAM,OAAO,uBAAwB,SAAQ,aAAa;IACtC,IAAI,GAAG,yBAAyB,CAAC;IACnD,YAAY,IAAY;QACtB,KAAK,CACH,sCAAsC,IAAI,+IAA+I,CAC1L,CAAC;IACJ,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,OAAO,2BAA4B,SAAQ,aAAa;IAK1C;IACA;IALA,IAAI,GAAG,6BAA6B,CAAC;IACvD,6EAA6E;IAC7E,MAAM,CAAU,IAAI,GAAG,gCAAgC,CAAC;IACxD,YACkB,IAAY,EACZ,MAAc;QAE9B,KAAK,CACH,qDAAqD,IAAI,MAAM,MAAM,IAAI;YACvE,2EAA2E;YAC3E,6EAA6E;YAC7E,wEAAwE;YACxE,2DAA2D,CAC9D,CAAC;QATc,SAAI,GAAJ,IAAI,CAAQ;QACZ,WAAM,GAAN,MAAM,CAAQ;IAShC,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,13 +1,15 @@
|
|
|
1
1
|
export declare const LIB_NAME = "approval";
|
|
2
|
-
export declare const VERSION = "0.1
|
|
3
|
-
export { defineApprovalKinds, KindRegistry, type DefineApprovalKindsOpts, } from "./kinds";
|
|
4
|
-
export { initApproval, requireApproval, getApprovalOrNull, requireKindRegistry, requireHandlers, registerKinds, _resetForTests, } from "./init";
|
|
2
|
+
export declare const VERSION = "0.2.1";
|
|
3
|
+
export { defineApprovalKinds, KindRegistry, RequesterRegistry, validateCrossOwnerKind, type DefineApprovalKindsOpts, } from "./kinds";
|
|
4
|
+
export { initApproval, requireApproval, getApprovalOrNull, requireKindRegistry, requireHandlers, requesterRegistry, defineApprovalRequester, registerKinds, _resetForTests, } from "./init";
|
|
5
5
|
export { bindApprovalHandlers, type BindApprovalHandlersOpts, } from "./handlers";
|
|
6
6
|
export { requestApproval } from "./request";
|
|
7
|
+
export { validatePreviewSummary, PII_PATTERNS, } from "./preview-validation";
|
|
7
8
|
export { startApprovalConsumer, stopApprovalConsumer, defaultQueueName, _resetConsumerForTests, type StartApprovalConsumerOpts, type ApprovalConsumerHandle, } from "./consumer";
|
|
8
9
|
export { getApprovalMigrationSQL, splitStatements, type GetMigrationSQLOpts, } from "./migrations";
|
|
9
10
|
export { TaskTrackingGrpcClient, TASK_SERVICE_DESCRIPTOR, type TaskTrackingGrpcClientOpts, } from "./task-tracking-client";
|
|
10
|
-
export {
|
|
11
|
-
export
|
|
11
|
+
export { createApprovalPolicyClient, ApprovalPolicyGrpcClient, APPROVAL_POLICY_SERVICE, type CreateApprovalPolicyClientOpts, } from "./policy-client";
|
|
12
|
+
export { ApprovalError, ApprovalNotInitialized, ApproverRoleNotInCatalog, DeferredActionNotFound, HandlerForUnregisteredKind, HandlerNotRegistered, IdempotencyKeyRequired, InvalidApprovalPreviewShape, InvalidApprovalSegment, ReservedServiceNameViolation, TaskCreationFailed, TenantPolicyKindUnknown, UndeclaredRequesterKind, UnknownApprovalKind, } from "./errors";
|
|
13
|
+
export type { ApprovalKindDef, ApprovalKindDefInput, ApprovalPolicyRow, ApprovalPolicyServiceClient, ApproverKind, CreateTaskRequest, CreateTaskResponse, DbRlsLike, DeferredActionPayloadSummary, DeferredActionRow, DefinedKindMap, GetPolicyRequest, GetPolicyResponse, HandlerContext, HandlerSet, InitApprovalConfig, MembershipRolesLookup, PreviewFieldRule, PreviewSchema, RequestApprovalOpts, RequestApprovalResult, RequestApprovalResultStatus, ResolvedApprovalConfig, ResolvedPolicy, TaskCompletedEvent, TaskServiceClient, } from "./types";
|
|
12
14
|
export { DEFAULT_CONSUMER_LEASE_SECONDS, DEFAULT_CONSUMER_MAX_RETRIES, DEFAULT_EXPIRY_SECONDS, DEFAULT_IDEMPOTENCY_TTL_SECONDS, RESERVED_SERVICE_NAMES, } from "./types";
|
|
13
15
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,QAAQ,aAAa,CAAC;AACnC,eAAO,MAAM,OAAO,UAAU,CAAC;AAE/B,OAAO,EACL,mBAAmB,EACnB,YAAY,EACZ,KAAK,uBAAuB,GAC7B,MAAM,SAAS,CAAC;AAEjB,OAAO,EACL,YAAY,EACZ,eAAe,EACf,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,aAAa,EACb,cAAc,GACf,MAAM,QAAQ,CAAC;AAEhB,OAAO,EACL,oBAAoB,EACpB,KAAK,wBAAwB,GAC9B,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE5C,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,gBAAgB,EAChB,sBAAsB,EACtB,KAAK,yBAAyB,EAC9B,KAAK,sBAAsB,GAC5B,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,uBAAuB,EACvB,eAAe,EACf,KAAK,mBAAmB,GACzB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,KAAK,0BAA0B,GAChC,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,aAAa,EACb,sBAAsB,EACtB,wBAAwB,EACxB,sBAAsB,EACtB,0BAA0B,EAC1B,oBAAoB,EACpB,sBAAsB,EACtB,sBAAsB,EACtB,4BAA4B,EAC5B,kBAAkB,EAClB,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,eAAe,EACf,oBAAoB,EACpB,iBAAiB,EACjB,YAAY,EACZ,iBAAiB,EACjB,kBAAkB,EAClB,SAAS,EACT,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,UAAU,EACV,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,cAAc,EACd,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,SAAS,CAAC;AAEjB,OAAO,EACL,8BAA8B,EAC9B,4BAA4B,EAC5B,sBAAsB,EACtB,+BAA+B,EAC/B,sBAAsB,GACvB,MAAM,SAAS,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,QAAQ,aAAa,CAAC;AACnC,eAAO,MAAM,OAAO,UAAU,CAAC;AAE/B,OAAO,EACL,mBAAmB,EACnB,YAAY,EACZ,iBAAiB,EACjB,sBAAsB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,SAAS,CAAC;AAEjB,OAAO,EACL,YAAY,EACZ,eAAe,EACf,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,iBAAiB,EACjB,uBAAuB,EACvB,aAAa,EACb,cAAc,GACf,MAAM,QAAQ,CAAC;AAEhB,OAAO,EACL,oBAAoB,EACpB,KAAK,wBAAwB,GAC9B,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE5C,OAAO,EACL,sBAAsB,EACtB,YAAY,GACb,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,gBAAgB,EAChB,sBAAsB,EACtB,KAAK,yBAAyB,EAC9B,KAAK,sBAAsB,GAC5B,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,uBAAuB,EACvB,eAAe,EACf,KAAK,mBAAmB,GACzB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,KAAK,0BAA0B,GAChC,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,0BAA0B,EAC1B,wBAAwB,EACxB,uBAAuB,EACvB,KAAK,8BAA8B,GACpC,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,aAAa,EACb,sBAAsB,EACtB,wBAAwB,EACxB,sBAAsB,EACtB,0BAA0B,EAC1B,oBAAoB,EACpB,sBAAsB,EACtB,2BAA2B,EAC3B,sBAAsB,EACtB,4BAA4B,EAC5B,kBAAkB,EAClB,uBAAuB,EACvB,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,eAAe,EACf,oBAAoB,EACpB,iBAAiB,EACjB,2BAA2B,EAC3B,YAAY,EACZ,iBAAiB,EACjB,kBAAkB,EAClB,SAAS,EACT,4BAA4B,EAC5B,iBAAiB,EACjB,cAAc,EACd,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,EACd,UAAU,EACV,kBAAkB,EAClB,qBAAqB,EACrB,gBAAgB,EAChB,aAAa,EACb,mBAAmB,EACnB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,cAAc,EACd,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,SAAS,CAAC;AAEjB,OAAO,EACL,8BAA8B,EAC9B,4BAA4B,EAC5B,sBAAsB,EACtB,+BAA+B,EAC/B,sBAAsB,GACvB,MAAM,SAAS,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -3,14 +3,16 @@
|
|
|
3
3
|
// Spec: planning hub feature_doc serviceId=nodii-libs docKey=approval.
|
|
4
4
|
// Polyglot ship: TS + Python + Go in parity. This is the TypeScript impl.
|
|
5
5
|
export const LIB_NAME = "approval";
|
|
6
|
-
export const VERSION = "0.1
|
|
7
|
-
export { defineApprovalKinds, KindRegistry, } from "./kinds";
|
|
8
|
-
export { initApproval, requireApproval, getApprovalOrNull, requireKindRegistry, requireHandlers, registerKinds, _resetForTests, } from "./init";
|
|
6
|
+
export const VERSION = "0.2.1";
|
|
7
|
+
export { defineApprovalKinds, KindRegistry, RequesterRegistry, validateCrossOwnerKind, } from "./kinds";
|
|
8
|
+
export { initApproval, requireApproval, getApprovalOrNull, requireKindRegistry, requireHandlers, requesterRegistry, defineApprovalRequester, registerKinds, _resetForTests, } from "./init";
|
|
9
9
|
export { bindApprovalHandlers, } from "./handlers";
|
|
10
10
|
export { requestApproval } from "./request";
|
|
11
|
+
export { validatePreviewSummary, PII_PATTERNS, } from "./preview-validation";
|
|
11
12
|
export { startApprovalConsumer, stopApprovalConsumer, defaultQueueName, _resetConsumerForTests, } from "./consumer";
|
|
12
13
|
export { getApprovalMigrationSQL, splitStatements, } from "./migrations";
|
|
13
14
|
export { TaskTrackingGrpcClient, TASK_SERVICE_DESCRIPTOR, } from "./task-tracking-client";
|
|
14
|
-
export {
|
|
15
|
+
export { createApprovalPolicyClient, ApprovalPolicyGrpcClient, APPROVAL_POLICY_SERVICE, } from "./policy-client";
|
|
16
|
+
export { ApprovalError, ApprovalNotInitialized, ApproverRoleNotInCatalog, DeferredActionNotFound, HandlerForUnregisteredKind, HandlerNotRegistered, IdempotencyKeyRequired, InvalidApprovalPreviewShape, InvalidApprovalSegment, ReservedServiceNameViolation, TaskCreationFailed, TenantPolicyKindUnknown, UndeclaredRequesterKind, UnknownApprovalKind, } from "./errors";
|
|
15
17
|
export { DEFAULT_CONSUMER_LEASE_SECONDS, DEFAULT_CONSUMER_MAX_RETRIES, DEFAULT_EXPIRY_SECONDS, DEFAULT_IDEMPOTENCY_TTL_SECONDS, RESERVED_SERVICE_NAMES, } from "./types";
|
|
16
18
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,EAAE;AACF,uEAAuE;AACvE,0EAA0E;AAE1E,MAAM,CAAC,MAAM,QAAQ,GAAG,UAAU,CAAC;AACnC,MAAM,CAAC,MAAM,OAAO,GAAG,OAAO,CAAC;AAE/B,OAAO,EACL,mBAAmB,EACnB,YAAY,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,EAAE;AACF,uEAAuE;AACvE,0EAA0E;AAE1E,MAAM,CAAC,MAAM,QAAQ,GAAG,UAAU,CAAC;AACnC,MAAM,CAAC,MAAM,OAAO,GAAG,OAAO,CAAC;AAE/B,OAAO,EACL,mBAAmB,EACnB,YAAY,EACZ,iBAAiB,EACjB,sBAAsB,GAEvB,MAAM,SAAS,CAAC;AAEjB,OAAO,EACL,YAAY,EACZ,eAAe,EACf,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,iBAAiB,EACjB,uBAAuB,EACvB,aAAa,EACb,cAAc,GACf,MAAM,QAAQ,CAAC;AAEhB,OAAO,EACL,oBAAoB,GAErB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE5C,OAAO,EACL,sBAAsB,EACtB,YAAY,GACb,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,gBAAgB,EAChB,sBAAsB,GAGvB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,uBAAuB,EACvB,eAAe,GAEhB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,sBAAsB,EACtB,uBAAuB,GAExB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,0BAA0B,EAC1B,wBAAwB,EACxB,uBAAuB,GAExB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,aAAa,EACb,sBAAsB,EACtB,wBAAwB,EACxB,sBAAsB,EACtB,0BAA0B,EAC1B,oBAAoB,EACpB,sBAAsB,EACtB,2BAA2B,EAC3B,sBAAsB,EACtB,4BAA4B,EAC5B,kBAAkB,EAClB,uBAAuB,EACvB,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,UAAU,CAAC;AA+BlB,OAAO,EACL,8BAA8B,EAC9B,4BAA4B,EAC5B,sBAAsB,EACtB,+BAA+B,EAC/B,sBAAsB,GACvB,MAAM,SAAS,CAAC"}
|
package/dist/init.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { KindRegistry } from "./kinds";
|
|
1
|
+
import { KindRegistry, RequesterRegistry } from "./kinds";
|
|
2
2
|
import type { ApprovalKindDef, HandlerSet, InitApprovalConfig, ResolvedApprovalConfig } from "./types";
|
|
3
3
|
/**
|
|
4
4
|
* Initialise the approval library. Idempotent within a process — subsequent
|
|
@@ -10,6 +10,26 @@ export declare function requireApproval(): ResolvedApprovalConfig;
|
|
|
10
10
|
export declare function getApprovalOrNull(): ResolvedApprovalConfig | null;
|
|
11
11
|
export declare function requireKindRegistry(): KindRegistry;
|
|
12
12
|
export declare function requireHandlers(): Map<string, HandlerSet>;
|
|
13
|
+
/** The cross-owner requester registry. Never null — it's eagerly constructed
|
|
14
|
+
* so `defineApprovalRequester` can be called at module-load time, before
|
|
15
|
+
* `initApproval`. */
|
|
16
|
+
export declare function requesterRegistry(): RequesterRegistry;
|
|
17
|
+
/**
|
|
18
|
+
* Declare that the running service intends to REQUEST approvals for a
|
|
19
|
+
* cross-owner `kind` (a fully-qualified `<owner>.<resource>.<verb>` string,
|
|
20
|
+
* e.g. `tenant.impersonation.start`) per D231 Rule 1.
|
|
21
|
+
*
|
|
22
|
+
* This is the typo-prevention surface: `requestApproval` for a kind that is
|
|
23
|
+
* neither OWNED (declared via `defineApprovalKinds` + `registerKinds`) nor
|
|
24
|
+
* declared here throws `UndeclaredRequesterKind`. Owning a kind already
|
|
25
|
+
* implies the right to request it, so owned kinds do NOT also need this call.
|
|
26
|
+
*
|
|
27
|
+
* Idempotent: calling twice for the same kind is a no-op. Callable before
|
|
28
|
+
* `initApproval` (it's a static declaration, like `defineApprovalKinds`).
|
|
29
|
+
*
|
|
30
|
+
* @throws InvalidApprovalSegment if `kind` is not `<owner>.<resource>.<verb>`.
|
|
31
|
+
*/
|
|
32
|
+
export declare function defineApprovalRequester(kind: string): void;
|
|
13
33
|
/**
|
|
14
34
|
* Register a kind map produced by `defineApprovalKinds`. Cross-checks every
|
|
15
35
|
* kind's `approverRole` against the registered `knownRoles` set (spec § 5.3,
|
package/dist/init.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAE1D,OAAO,KAAK,EACV,eAAe,EACf,UAAU,EACV,kBAAkB,EAClB,sBAAsB,EACvB,MAAM,SAAS,CAAC;AA+BjB;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,kBAAkB,GAAG,IAAI,CAsE1D;AAED,wBAAgB,eAAe,IAAI,sBAAsB,CAGxD;AAED,wBAAgB,iBAAiB,IAAI,sBAAsB,GAAG,IAAI,CAEjE;AAED,wBAAgB,mBAAmB,IAAI,YAAY,CAGlD;AAED,wBAAgB,eAAe,IAAI,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAGzD;AAED;;sBAEsB;AACtB,wBAAgB,iBAAiB,IAAI,iBAAiB,CAErD;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAE1D;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAAG,IAAI,CAezE;AAED,8EAA8E;AAC9E,wBAAgB,cAAc,IAAI,IAAI,CAKrC"}
|
package/dist/init.js
CHANGED
|
@@ -11,13 +11,17 @@
|
|
|
11
11
|
//
|
|
12
12
|
// No Noop default. No InMemory default. Per R1.
|
|
13
13
|
import { ApprovalNotInitialized, ApproverRoleNotInCatalog } from "./errors";
|
|
14
|
-
import { KindRegistry } from "./kinds";
|
|
14
|
+
import { KindRegistry, RequesterRegistry } from "./kinds";
|
|
15
15
|
import { validateServiceName } from "./validation";
|
|
16
16
|
import { DEFAULT_CONSUMER_LEASE_SECONDS, DEFAULT_CONSUMER_MAX_RETRIES, DEFAULT_EXPIRY_SECONDS, } from "./types";
|
|
17
17
|
import { TaskTrackingGrpcClient } from "./task-tracking-client";
|
|
18
18
|
let RESOLVED = null;
|
|
19
19
|
let REGISTRY = null;
|
|
20
20
|
let HANDLERS = null;
|
|
21
|
+
// Cross-owner requester registry (D231 Rule 1). Process-global like the kind
|
|
22
|
+
// registry. Survives `initApproval` not being called yet — `defineApprovalRequester`
|
|
23
|
+
// is a static declaration callable at module load, before init.
|
|
24
|
+
let REQUESTERS = new RequesterRegistry();
|
|
21
25
|
const CONSOLE_LOGGER = {
|
|
22
26
|
info(msg, fields) {
|
|
23
27
|
// biome-ignore lint/suspicious/noConsole: default logger
|
|
@@ -113,6 +117,30 @@ export function requireHandlers() {
|
|
|
113
117
|
throw new ApprovalNotInitialized();
|
|
114
118
|
return HANDLERS;
|
|
115
119
|
}
|
|
120
|
+
/** The cross-owner requester registry. Never null — it's eagerly constructed
|
|
121
|
+
* so `defineApprovalRequester` can be called at module-load time, before
|
|
122
|
+
* `initApproval`. */
|
|
123
|
+
export function requesterRegistry() {
|
|
124
|
+
return REQUESTERS;
|
|
125
|
+
}
|
|
126
|
+
/**
|
|
127
|
+
* Declare that the running service intends to REQUEST approvals for a
|
|
128
|
+
* cross-owner `kind` (a fully-qualified `<owner>.<resource>.<verb>` string,
|
|
129
|
+
* e.g. `tenant.impersonation.start`) per D231 Rule 1.
|
|
130
|
+
*
|
|
131
|
+
* This is the typo-prevention surface: `requestApproval` for a kind that is
|
|
132
|
+
* neither OWNED (declared via `defineApprovalKinds` + `registerKinds`) nor
|
|
133
|
+
* declared here throws `UndeclaredRequesterKind`. Owning a kind already
|
|
134
|
+
* implies the right to request it, so owned kinds do NOT also need this call.
|
|
135
|
+
*
|
|
136
|
+
* Idempotent: calling twice for the same kind is a no-op. Callable before
|
|
137
|
+
* `initApproval` (it's a static declaration, like `defineApprovalKinds`).
|
|
138
|
+
*
|
|
139
|
+
* @throws InvalidApprovalSegment if `kind` is not `<owner>.<resource>.<verb>`.
|
|
140
|
+
*/
|
|
141
|
+
export function defineApprovalRequester(kind) {
|
|
142
|
+
REQUESTERS.add(kind);
|
|
143
|
+
}
|
|
116
144
|
/**
|
|
117
145
|
* Register a kind map produced by `defineApprovalKinds`. Cross-checks every
|
|
118
146
|
* kind's `approverRole` against the registered `knownRoles` set (spec § 5.3,
|
|
@@ -135,5 +163,6 @@ export function _resetForTests() {
|
|
|
135
163
|
RESOLVED = null;
|
|
136
164
|
REGISTRY = null;
|
|
137
165
|
HANDLERS = null;
|
|
166
|
+
REQUESTERS = new RequesterRegistry();
|
|
138
167
|
}
|
|
139
168
|
//# sourceMappingURL=init.js.map
|
package/dist/init.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":"AAAA,0DAA0D;AAC1D,EAAE;AACF,0EAA0E;AAC1E,qEAAqE;AACrE,EAAE;AACF,6BAA6B;AAC7B,uEAAuE;AACvE,kCAAkC;AAClC,+EAA+E;AAC/E,uCAAuC;AACvC,EAAE;AACF,gDAAgD;AAEhD,OAAO,EAAE,sBAAsB,EAAE,wBAAwB,EAAE,MAAM,UAAU,CAAC;AAC5E,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":"AAAA,0DAA0D;AAC1D,EAAE;AACF,0EAA0E;AAC1E,qEAAqE;AACrE,EAAE;AACF,6BAA6B;AAC7B,uEAAuE;AACvE,kCAAkC;AAClC,+EAA+E;AAC/E,uCAAuC;AACvC,EAAE;AACF,gDAAgD;AAEhD,OAAO,EAAE,sBAAsB,EAAE,wBAAwB,EAAE,MAAM,UAAU,CAAC;AAC5E,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAOnD,OAAO,EACL,8BAA8B,EAC9B,4BAA4B,EAC5B,sBAAsB,GACvB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAEhE,IAAI,QAAQ,GAAkC,IAAI,CAAC;AACnD,IAAI,QAAQ,GAAwB,IAAI,CAAC;AACzC,IAAI,QAAQ,GAAmC,IAAI,CAAC;AACpD,6EAA6E;AAC7E,qFAAqF;AACrF,gEAAgE;AAChE,IAAI,UAAU,GAAsB,IAAI,iBAAiB,EAAE,CAAC;AAE5D,MAAM,cAAc,GAAG;IACrB,IAAI,CAAC,GAAW,EAAE,MAAgC;QAChD,yDAAyD;QACzD,OAAO,CAAC,IAAI,CAAC,qBAAqB,GAAG,EAAE,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,IAAI,CAAC,GAAW,EAAE,MAAgC;QAChD,yDAAyD;QACzD,OAAO,CAAC,IAAI,CAAC,qBAAqB,GAAG,EAAE,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,KAAK,CAAC,GAAW,EAAE,MAAgC;QACjD,yDAAyD;QACzD,OAAO,CAAC,KAAK,CAAC,qBAAqB,GAAG,EAAE,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IAC1D,CAAC;CACF,CAAC;AAEF;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,GAAuB;IAClD,IAAI,QAAQ,EAAE,CAAC;QACb,cAAc,CAAC,IAAI,CACjB,iEAAiE,CAClE,CAAC;QACF,OAAO;IACT,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACtD,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAC;IAC/D,CAAC;IACD,iEAAiE;IACjE,uEAAuE;IACvE,qEAAqE;IACrE,6BAA6B;IAC7B,mBAAmB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACrC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,SAAS,CAAC,iCAAiC,CAAC,CAAC;IACzD,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QAC9B,MAAM,IAAI,SAAS,CACjB,uDAAuD,CACxD,CAAC;IACJ,CAAC;IACD,IACE,CAAC,GAAG,CAAC,iBAAiB;QACtB,CAAC,CAAC,GAAG,CAAC,cAAc,IAAI,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,EACzD,CAAC;QACD,MAAM,IAAI,SAAS,CACjB,uGAAuG,CACxG,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAAC;QAC/B,MAAM,IAAI,SAAS,CACjB,6FAA6F,CAC9F,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;IACvD,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,SAAS,CAAC,wCAAwC,CAAC,CAAC;IAE3E,MAAM,iBAAiB,GAAG,GAAG,CAAC,iBAAiB;QAC7C,CAAC,CAAC,GAAG,CAAC,iBAAiB;QACvB,CAAC,CAAC,IAAI,sBAAsB,CAAC;YACzB,GAAG,EAAE,GAAG,CAAC,cAAwB;YACjC,YAAY,EAAE,GAAG,CAAC,WAAW;YAC7B,8DAA8D;YAC9D,8DAA8D;YAC9D,YAAY,EAAE,GAAG,CAAC,iBAAiB,EAAE,YAAY;gBAC/C,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,iBAAiB,CAAC,YAAY,CAAC;gBAChD,CAAC,CAAC,SAAS;YACb,WAAW,EAAE,GAAG,CAAC,iBAAiB,EAAE,WAAW;YAC/C,UAAU,EAAE,GAAG,CAAC,iBAAiB,EAAE,UAAU;SAC9C,CAAC,CAAC;IAEP,QAAQ,GAAG;QACT,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,MAAM;QACN,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,iBAAiB;QACjB,qBAAqB,EAAE,GAAG,CAAC,qBAAqB;QAChD,oBAAoB,EAAE,GAAG,CAAC,oBAAoB,IAAI,sBAAsB;QACxE,oBAAoB,EAClB,GAAG,CAAC,oBAAoB,IAAI,8BAA8B;QAC5D,kBAAkB,EAAE,GAAG,CAAC,kBAAkB,IAAI,4BAA4B;QAC1E,UAAU,EAAE,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC;QACzC,MAAM,EAAE,GAAG,CAAC,MAAM,IAAI,cAAc;KACrC,CAAC;IACF,QAAQ,GAAG,IAAI,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAC7C,QAAQ,GAAG,IAAI,GAAG,EAAE,CAAC;AACvB,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,sBAAsB,EAAE,CAAC;IAClD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,sBAAsB,EAAE,CAAC;IAClD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,sBAAsB,EAAE,CAAC;IAClD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;sBAEsB;AACtB,MAAM,UAAU,iBAAiB;IAC/B,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAAY;IAClD,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACvB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,IAAqC;IACjE,MAAM,GAAG,GAAG,eAAe,EAAE,CAAC;IAC9B,MAAM,GAAG,GAAG,mBAAmB,EAAE,CAAC;IAClC,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC1C,MAAM,IAAI,wBAAwB,CAChC,GAAG,CAAC,YAAY,EAChB,IAAI,EACJ,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAC3B,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IACD,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AACrB,CAAC;AAED,8EAA8E;AAC9E,MAAM,UAAU,cAAc;IAC5B,QAAQ,GAAG,IAAI,CAAC;IAChB,QAAQ,GAAG,IAAI,CAAC;IAChB,QAAQ,GAAG,IAAI,CAAC;IAChB,UAAU,GAAG,IAAI,iBAAiB,EAAE,CAAC;AACvC,CAAC"}
|
package/dist/kinds.d.ts
CHANGED
|
@@ -17,4 +17,29 @@ export declare class KindRegistry {
|
|
|
17
17
|
values(): readonly ApprovalKindDef[];
|
|
18
18
|
size(): number;
|
|
19
19
|
}
|
|
20
|
+
/**
|
|
21
|
+
* Validate a fully-qualified cross-owner kind name `<owner>.<resource>.<verb>`.
|
|
22
|
+
*
|
|
23
|
+
* Per D231 Rule 1, a cross-owner kind is a string with at least three
|
|
24
|
+
* dot-separated, non-empty segments. The owner is `kind.split('.')[0]`.
|
|
25
|
+
* Throws `InvalidApprovalSegment` with `which='resource'` (the only segment
|
|
26
|
+
* kinds the typed error models) on a malformed kind — the message carries
|
|
27
|
+
* the full reason.
|
|
28
|
+
*/
|
|
29
|
+
export declare function validateCrossOwnerKind(kind: string): void;
|
|
30
|
+
/**
|
|
31
|
+
* Process-local registry of cross-owner kinds this service intends to REQUEST
|
|
32
|
+
* (per D231 Rule 1, `defineApprovalRequester`). Sibling to {@link KindRegistry}
|
|
33
|
+
* (which holds kinds this service OWNS). Owning a kind already implies the
|
|
34
|
+
* right to request it, so `requestApproval` accepts a kind that is in EITHER
|
|
35
|
+
* registry; only a kind in neither throws `UndeclaredRequesterKind`.
|
|
36
|
+
*/
|
|
37
|
+
export declare class RequesterRegistry {
|
|
38
|
+
private readonly set;
|
|
39
|
+
/** Declare a cross-owner kind as one this service intends to request. */
|
|
40
|
+
add(kind: string): void;
|
|
41
|
+
has(kind: string): boolean;
|
|
42
|
+
keys(): readonly string[];
|
|
43
|
+
size(): number;
|
|
44
|
+
}
|
|
20
45
|
//# sourceMappingURL=kinds.d.ts.map
|
package/dist/kinds.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"kinds.d.ts","sourceRoot":"","sources":["../src/kinds.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"kinds.d.ts","sourceRoot":"","sources":["../src/kinds.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EACV,eAAe,EACf,oBAAoB,EACpB,cAAc,EACf,MAAM,SAAS,CAAC;AAGjB,MAAM,WAAW,uBAAuB;IACtC,oEAAoE;IACpE,4BAA4B,CAAC,EAAE,OAAO,CAAC;CACxC;AAED,wBAAgB,mBAAmB,CACjC,CAAC,SAAS,MAAM,EAChB,KAAK,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,oBAAoB,CAAC,EAEpD,WAAW,EAAE,CAAC,EACd,IAAI,EAAE,CAAC,EACP,IAAI,GAAE,uBAA4B,GACjC,cAAc,CAAC,CAAC,EAAE,CAAC,CAAC,CAoCtB;AAED,mEAAmE;AACnE,qBAAa,YAAY;IACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAsC;gBAE9C,WAAW,EAAE,MAAM;IAI/B,8CAA8C;IAC9C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAAG,IAAI;IAWrD,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS;IAI9C,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAI1B,IAAI,IAAI,SAAS,MAAM,EAAE;IAIzB,MAAM,IAAI,SAAS,eAAe,EAAE;IAIpC,IAAI,IAAI,MAAM;CAGf;AAED;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAgBzD;AAED;;;;;;GAMG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAqB;IAEzC,yEAAyE;IACzE,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKvB,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAI1B,IAAI,IAAI,SAAS,MAAM,EAAE;IAIzB,IAAI,IAAI,MAAM;CAGf"}
|
package/dist/kinds.js
CHANGED
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
// exact string `${service}.${resource}.${verb}`.
|
|
5
5
|
// Runtime: validates serviceName + resource + verb segments via
|
|
6
6
|
// `validation.ts`. Rejects reserved namespaces unless explicitly bypassed.
|
|
7
|
+
import { InvalidApprovalSegment } from "./errors";
|
|
7
8
|
import { validatePermissionSegment, validateServiceName } from "./validation";
|
|
8
9
|
export function defineApprovalKinds(serviceName, defs, opts = {}) {
|
|
9
10
|
validateServiceName(serviceName, opts);
|
|
@@ -33,6 +34,7 @@ export function defineApprovalKinds(serviceName, defs, opts = {}) {
|
|
|
33
34
|
selfActionAllowed: def.selfActionAllowed ?? false,
|
|
34
35
|
expirySeconds: def.expirySeconds,
|
|
35
36
|
actionButtonLabel: def.actionButtonLabel,
|
|
37
|
+
previewSchema: def.previewSchema,
|
|
36
38
|
};
|
|
37
39
|
}
|
|
38
40
|
return out;
|
|
@@ -69,4 +71,46 @@ export class KindRegistry {
|
|
|
69
71
|
return this.map.size;
|
|
70
72
|
}
|
|
71
73
|
}
|
|
74
|
+
/**
|
|
75
|
+
* Validate a fully-qualified cross-owner kind name `<owner>.<resource>.<verb>`.
|
|
76
|
+
*
|
|
77
|
+
* Per D231 Rule 1, a cross-owner kind is a string with at least three
|
|
78
|
+
* dot-separated, non-empty segments. The owner is `kind.split('.')[0]`.
|
|
79
|
+
* Throws `InvalidApprovalSegment` with `which='resource'` (the only segment
|
|
80
|
+
* kinds the typed error models) on a malformed kind — the message carries
|
|
81
|
+
* the full reason.
|
|
82
|
+
*/
|
|
83
|
+
export function validateCrossOwnerKind(kind) {
|
|
84
|
+
if (typeof kind !== "string" || kind.length === 0) {
|
|
85
|
+
throw new InvalidApprovalSegment("resource", String(kind), "defineApprovalRequester: kind must be a non-empty string");
|
|
86
|
+
}
|
|
87
|
+
const segments = kind.split(".");
|
|
88
|
+
if (segments.length < 3 || segments.some((s) => s.length === 0)) {
|
|
89
|
+
throw new InvalidApprovalSegment("resource", kind, `defineApprovalRequester: kind '${kind}' must be a fully-qualified '<owner>.<resource>.<verb>' (>= 3 non-empty dot-separated segments). See D231 Rule 1.`);
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
/**
|
|
93
|
+
* Process-local registry of cross-owner kinds this service intends to REQUEST
|
|
94
|
+
* (per D231 Rule 1, `defineApprovalRequester`). Sibling to {@link KindRegistry}
|
|
95
|
+
* (which holds kinds this service OWNS). Owning a kind already implies the
|
|
96
|
+
* right to request it, so `requestApproval` accepts a kind that is in EITHER
|
|
97
|
+
* registry; only a kind in neither throws `UndeclaredRequesterKind`.
|
|
98
|
+
*/
|
|
99
|
+
export class RequesterRegistry {
|
|
100
|
+
set = new Set();
|
|
101
|
+
/** Declare a cross-owner kind as one this service intends to request. */
|
|
102
|
+
add(kind) {
|
|
103
|
+
validateCrossOwnerKind(kind);
|
|
104
|
+
this.set.add(kind);
|
|
105
|
+
}
|
|
106
|
+
has(kind) {
|
|
107
|
+
return this.set.has(kind);
|
|
108
|
+
}
|
|
109
|
+
keys() {
|
|
110
|
+
return Array.from(this.set);
|
|
111
|
+
}
|
|
112
|
+
size() {
|
|
113
|
+
return this.set.size;
|
|
114
|
+
}
|
|
115
|
+
}
|
|
72
116
|
//# sourceMappingURL=kinds.js.map
|
package/dist/kinds.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"kinds.js","sourceRoot":"","sources":["../src/kinds.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,EAAE;AACF,uEAAuE;AACvE,iDAAiD;AACjD,gEAAgE;AAChE,2EAA2E;
|
|
1
|
+
{"version":3,"file":"kinds.js","sourceRoot":"","sources":["../src/kinds.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,EAAE;AACF,uEAAuE;AACvE,iDAAiD;AACjD,gEAAgE;AAChE,2EAA2E;AAE3E,OAAO,EAAE,sBAAsB,EAAE,MAAM,UAAU,CAAC;AAMlD,OAAO,EAAE,yBAAyB,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAO9E,MAAM,UAAU,mBAAmB,CAIjC,WAAc,EACd,IAAO,EACP,OAAgC,EAAE;IAElC,mBAAmB,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IACvC,MAAM,GAAG,GAAoC,EAAE,CAAC;IAChD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/C,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5C,MAAM,IAAI,SAAS,CACjB,+BAA+B,IAAI,4BAA4B,OAAO,GAAG,EAAE,CAC5E,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,CAAC;QAChB,yBAAyB,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACpD,yBAAyB,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC5C,MAAM,SAAS,GAAG,GAAG,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QAChD,MAAM,IAAI,GAAG,GAAG,WAAW,IAAI,SAAS,EAAE,CAAC;QAC3C,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACnB,MAAM,IAAI,SAAS,CACjB,wCAAwC,IAAI,iBAAiB,WAAW,GAAG,CAC5E,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACf,GAAG,CAAC,IAAI,CAAC,GAAG;YACV,SAAS;YACT,IAAI;YACJ,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,WAAW,EAAE,GAAG,CAAC,WAAW,IAAI,EAAE;YAClC,YAAY,EAAE,GAAG,CAAC,YAAY;YAC9B,YAAY,EAAE,GAAG,CAAC,YAAY,IAAI,IAAI;YACtC,iBAAiB,EAAE,GAAG,CAAC,iBAAiB,IAAI,KAAK;YACjD,aAAa,EAAE,GAAG,CAAC,aAAa;YAChC,iBAAiB,EAAE,GAAG,CAAC,iBAAiB;YACxC,aAAa,EAAE,GAAG,CAAC,aAAa;SACjC,CAAC;IACJ,CAAC;IACD,OAAO,GAA2B,CAAC;AACrC,CAAC;AAED,mEAAmE;AACnE,MAAM,OAAO,YAAY;IACd,WAAW,CAAS;IACZ,GAAG,GAAG,IAAI,GAAG,EAA2B,CAAC;IAE1D,YAAY,WAAmB;QAC7B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IAED,8CAA8C;IAC9C,QAAQ,CAAC,IAAqC;QAC5C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACtC,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,MAAM,IAAI,SAAS,CACjB,uBAAuB,GAAG,CAAC,IAAI,sBAAsB,CACtD,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,GAAG,CAAC,IAAY;QACd,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAED,GAAG,CAAC,IAAY;QACd,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAED,IAAI;QACF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACrC,CAAC;IAED,MAAM;QACJ,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,IAAI;QACF,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;IACvB,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAAY;IACjD,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,sBAAsB,CAC9B,UAAU,EACV,MAAM,CAAC,IAAI,CAAC,EACZ,0DAA0D,CAC3D,CAAC;IACJ,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,sBAAsB,CAC9B,UAAU,EACV,IAAI,EACJ,kCAAkC,IAAI,mHAAmH,CAC1J,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,OAAO,iBAAiB;IACX,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAEzC,yEAAyE;IACzE,GAAG,CAAC,IAAY;QACd,sBAAsB,CAAC,IAAI,CAAC,CAAC;QAC7B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACrB,CAAC;IAED,GAAG,CAAC,IAAY;QACd,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAED,IAAI;QACF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC9B,CAAC;IAED,IAAI;QACF,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;IACvB,CAAC;CACF"}
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
import { type ChannelCredentials, type Interceptor } from "@grpc/grpc-js";
|
|
2
|
+
import type { ApprovalPolicyServiceClient, GetPolicyRequest, GetPolicyResponse } from "./types";
|
|
3
|
+
/** Wire shape of the GetPolicy request (snake_case per the proto). */
|
|
4
|
+
interface GetPolicyWireRequest {
|
|
5
|
+
tenant_id: string;
|
|
6
|
+
kind: string;
|
|
7
|
+
}
|
|
8
|
+
/** Wire shape of the GetPolicy response. Carries threshold_params in EITHER
|
|
9
|
+
* form per the D231 Addendum. */
|
|
10
|
+
interface GetPolicyWireResponse {
|
|
11
|
+
approver_role?: string;
|
|
12
|
+
/** google.protobuf.Struct form — a plain JSON object over the JSON wire. */
|
|
13
|
+
threshold_params?: Record<string, unknown> | null;
|
|
14
|
+
/** Owner-discretionary `string threshold_params_json` form (Addendum). */
|
|
15
|
+
threshold_params_json?: string | null;
|
|
16
|
+
pool_mode?: boolean;
|
|
17
|
+
enabled?: boolean;
|
|
18
|
+
expires_in_seconds?: number;
|
|
19
|
+
version?: number;
|
|
20
|
+
}
|
|
21
|
+
declare function encodeRequest(req: GetPolicyWireRequest): Buffer;
|
|
22
|
+
declare function decodeResponse(buf: Buffer): GetPolicyWireResponse;
|
|
23
|
+
/** The fully-qualified gRPC method name is owner-specific (e.g.
|
|
24
|
+
* `/nodii.tenant.v1.ApprovalPolicyService/GetPolicy`); the descriptor path
|
|
25
|
+
* is derived from the caller-supplied `serviceName`. */
|
|
26
|
+
declare function methodPath(serviceName: string): string;
|
|
27
|
+
export interface CreateApprovalPolicyClientOpts {
|
|
28
|
+
/** Channel credentials — defaults to insecure (dev). Production uses TLS. */
|
|
29
|
+
credentials?: ChannelCredentials;
|
|
30
|
+
/** Optional grpc-js interceptors — used by @nodii/grpc-auth's S2S envelope. */
|
|
31
|
+
interceptors?: Interceptor[];
|
|
32
|
+
/** Identifies this caller in the `x-source-module` metadata header. */
|
|
33
|
+
sourceModule?: string;
|
|
34
|
+
/** Per-RPC deadline in ms. Default 5s. */
|
|
35
|
+
deadlineMs?: number;
|
|
36
|
+
}
|
|
37
|
+
/** Production-default client. Speaks real gRPC against the owner service. */
|
|
38
|
+
export declare class ApprovalPolicyGrpcClient implements ApprovalPolicyServiceClient {
|
|
39
|
+
private readonly client;
|
|
40
|
+
private readonly path;
|
|
41
|
+
private readonly deadlineMs;
|
|
42
|
+
private readonly sourceModule;
|
|
43
|
+
private closed;
|
|
44
|
+
constructor(
|
|
45
|
+
/** Fully-qualified gRPC service name, e.g.
|
|
46
|
+
* `nodii.tenant.v1.ApprovalPolicyService`. Used as the descriptor path. */
|
|
47
|
+
serviceName: string,
|
|
48
|
+
/** Owner address `host:port`. */
|
|
49
|
+
address: string, opts?: CreateApprovalPolicyClientOpts);
|
|
50
|
+
getPolicy(req: GetPolicyRequest): Promise<GetPolicyResponse | null>;
|
|
51
|
+
close(): Promise<void>;
|
|
52
|
+
}
|
|
53
|
+
/**
|
|
54
|
+
* Construct a READ-only `ApprovalPolicyService.GetPolicy` client for an owner
|
|
55
|
+
* service (D231 Rule 2).
|
|
56
|
+
*
|
|
57
|
+
* @param serviceName fully-qualified gRPC service name, e.g.
|
|
58
|
+
* `nodii.tenant.v1.ApprovalPolicyService` (the descriptor path).
|
|
59
|
+
* @param address owner address `host:port`.
|
|
60
|
+
*/
|
|
61
|
+
export declare function createApprovalPolicyClient(serviceName: string, address: string, opts?: CreateApprovalPolicyClientOpts): ApprovalPolicyGrpcClient;
|
|
62
|
+
/** Descriptor metadata, exported for the in-process test server (parity with
|
|
63
|
+
* TASK_SERVICE_DESCRIPTOR). */
|
|
64
|
+
export declare const APPROVAL_POLICY_SERVICE: {
|
|
65
|
+
readonly methodPath: typeof methodPath;
|
|
66
|
+
readonly encodeRequest: typeof encodeRequest;
|
|
67
|
+
readonly decodeResponse: typeof decodeResponse;
|
|
68
|
+
};
|
|
69
|
+
export {};
|
|
70
|
+
//# sourceMappingURL=policy-client.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"policy-client.d.ts","sourceRoot":"","sources":["../src/policy-client.ts"],"names":[],"mappings":"AAoBA,OAAO,EACL,KAAK,kBAAkB,EAEvB,KAAK,WAAW,EAKjB,MAAM,eAAe,CAAC;AAEvB,OAAO,KAAK,EACV,2BAA2B,EAC3B,gBAAgB,EAChB,iBAAiB,EAClB,MAAM,SAAS,CAAC;AAEjB,sEAAsE;AACtE,UAAU,oBAAoB;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;kCACkC;AAClC,UAAU,qBAAqB;IAC7B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,4EAA4E;IAC5E,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAClD,0EAA0E;IAC1E,qBAAqB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,iBAAS,aAAa,CAAC,GAAG,EAAE,oBAAoB,GAAG,MAAM,CAExD;AAED,iBAAS,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,qBAAqB,CAM1D;AA4CD;;yDAEyD;AACzD,iBAAS,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAE/C;AAED,MAAM,WAAW,8BAA8B;IAC7C,6EAA6E;IAC7E,WAAW,CAAC,EAAE,kBAAkB,CAAC;IACjC,+EAA+E;IAC/E,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAC7B,uEAAuE;IACvE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,0CAA0C;IAC1C,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,6EAA6E;AAC7E,qBAAa,wBAAyB,YAAW,2BAA2B;IAC1E,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAqB;IAClD,OAAO,CAAC,MAAM,CAAS;;IAGrB;gFAC4E;IAC5E,WAAW,EAAE,MAAM;IACnB,iCAAiC;IACjC,OAAO,EAAE,MAAM,EACf,IAAI,GAAE,8BAAmC;IAyBrC,SAAS,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAyCnE,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAK7B;AAED;;;;;;;GAOG;AACH,wBAAgB,0BAA0B,CACxC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,EACf,IAAI,GAAE,8BAAmC,GACxC,wBAAwB,CAE1B;AAED;gCACgC;AAChC,eAAO,MAAM,uBAAuB;;;;CAI1B,CAAC"}
|
|
@@ -0,0 +1,157 @@
|
|
|
1
|
+
// Real grpc-js client for an owner service's
|
|
2
|
+
// `<owner>.ApprovalPolicyService.GetPolicy` per D231 Rule 2.
|
|
3
|
+
//
|
|
4
|
+
// GetPolicy is READ-only: it resolves the owner's per-tenant approval policy
|
|
5
|
+
// for a (tenantId, kind). A NOT_FOUND status means "no per-tenant override" —
|
|
6
|
+
// the caller defaults to the kind's `defaultApproverRole`. This client maps
|
|
7
|
+
// NOT_FOUND to `null` (distinct from an error) so the caller can default.
|
|
8
|
+
//
|
|
9
|
+
// Modeled on task-tracking-client.ts: a hand-written @grpc/grpc-js descriptor
|
|
10
|
+
// (no buf codegen) with a JSON-over-gRPC envelope. The proto is small + stable.
|
|
11
|
+
//
|
|
12
|
+
// Wire-format note (D231 Addendum, R2): the owner ships `threshold_params`
|
|
13
|
+
// EITHER as `google.protobuf.Struct threshold_params` OR as
|
|
14
|
+
// `string threshold_params_json` (a JSON-object string), at the owner's
|
|
15
|
+
// proto-convention discretion. This client parses BOTH forms into a plain
|
|
16
|
+
// JS object — tenant-service ships the `_json` form; others may ship Struct.
|
|
17
|
+
//
|
|
18
|
+
// Per R1: this is NOT a Noop. The client speaks real gRPC. When the URL points
|
|
19
|
+
// at an unreachable host, callers get a real UNAVAILABLE error.
|
|
20
|
+
import { Client, Metadata, credentials as grpcCredentials, status as grpcStatus, } from "@grpc/grpc-js";
|
|
21
|
+
function encodeRequest(req) {
|
|
22
|
+
return Buffer.from(JSON.stringify(req), "utf8");
|
|
23
|
+
}
|
|
24
|
+
function decodeResponse(buf) {
|
|
25
|
+
const parsed = JSON.parse(buf.toString("utf8"));
|
|
26
|
+
if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
|
|
27
|
+
throw new Error(`Malformed GetPolicyResponse: ${JSON.stringify(parsed)}`);
|
|
28
|
+
}
|
|
29
|
+
return parsed;
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Parse the threshold params from whichever wire form the owner shipped:
|
|
33
|
+
* - `threshold_params` (Struct → plain object) — used as-is,
|
|
34
|
+
* - `threshold_params_json` (string) — JSON.parse'd into an object,
|
|
35
|
+
* - neither / null → `null`.
|
|
36
|
+
* A malformed `threshold_params_json` string throws (loud, not silent).
|
|
37
|
+
*/
|
|
38
|
+
function parseThresholdParams(wire) {
|
|
39
|
+
if (typeof wire.threshold_params_json === "string") {
|
|
40
|
+
if (wire.threshold_params_json.length === 0)
|
|
41
|
+
return null;
|
|
42
|
+
const parsed = JSON.parse(wire.threshold_params_json);
|
|
43
|
+
if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
|
|
44
|
+
throw new Error(`GetPolicyResponse.threshold_params_json must be a JSON object string, got: ${wire.threshold_params_json}`);
|
|
45
|
+
}
|
|
46
|
+
return parsed;
|
|
47
|
+
}
|
|
48
|
+
if (wire.threshold_params != null &&
|
|
49
|
+
typeof wire.threshold_params === "object") {
|
|
50
|
+
return wire.threshold_params;
|
|
51
|
+
}
|
|
52
|
+
return null;
|
|
53
|
+
}
|
|
54
|
+
function toResponse(wire) {
|
|
55
|
+
return {
|
|
56
|
+
approverRole: typeof wire.approver_role === "string" ? wire.approver_role : "",
|
|
57
|
+
thresholdParams: parseThresholdParams(wire),
|
|
58
|
+
poolMode: Boolean(wire.pool_mode),
|
|
59
|
+
enabled: Boolean(wire.enabled),
|
|
60
|
+
expiresInSeconds: typeof wire.expires_in_seconds === "number" ? wire.expires_in_seconds : 0,
|
|
61
|
+
version: typeof wire.version === "number" ? wire.version : 0,
|
|
62
|
+
};
|
|
63
|
+
}
|
|
64
|
+
/** The fully-qualified gRPC method name is owner-specific (e.g.
|
|
65
|
+
* `/nodii.tenant.v1.ApprovalPolicyService/GetPolicy`); the descriptor path
|
|
66
|
+
* is derived from the caller-supplied `serviceName`. */
|
|
67
|
+
function methodPath(serviceName) {
|
|
68
|
+
return `/${serviceName}/GetPolicy`;
|
|
69
|
+
}
|
|
70
|
+
/** Production-default client. Speaks real gRPC against the owner service. */
|
|
71
|
+
export class ApprovalPolicyGrpcClient {
|
|
72
|
+
client;
|
|
73
|
+
path;
|
|
74
|
+
deadlineMs;
|
|
75
|
+
sourceModule;
|
|
76
|
+
closed = false;
|
|
77
|
+
constructor(
|
|
78
|
+
/** Fully-qualified gRPC service name, e.g.
|
|
79
|
+
* `nodii.tenant.v1.ApprovalPolicyService`. Used as the descriptor path. */
|
|
80
|
+
serviceName,
|
|
81
|
+
/** Owner address `host:port`. */
|
|
82
|
+
address, opts = {}) {
|
|
83
|
+
if (!serviceName || typeof serviceName !== "string") {
|
|
84
|
+
throw new TypeError("createApprovalPolicyClient: serviceName is required");
|
|
85
|
+
}
|
|
86
|
+
if (!address || typeof address !== "string") {
|
|
87
|
+
throw new TypeError("createApprovalPolicyClient: address is required");
|
|
88
|
+
}
|
|
89
|
+
const channelOpts = {
|
|
90
|
+
interceptors: opts.interceptors ?? [],
|
|
91
|
+
"grpc.keepalive_time_ms": 30_000,
|
|
92
|
+
"grpc.keepalive_timeout_ms": 10_000,
|
|
93
|
+
};
|
|
94
|
+
this.client = new Client(address, opts.credentials ?? grpcCredentials.createInsecure(), channelOpts);
|
|
95
|
+
this.path = methodPath(serviceName);
|
|
96
|
+
this.deadlineMs = opts.deadlineMs ?? 5_000;
|
|
97
|
+
this.sourceModule = opts.sourceModule;
|
|
98
|
+
}
|
|
99
|
+
async getPolicy(req) {
|
|
100
|
+
if (this.closed) {
|
|
101
|
+
throw new Error("ApprovalPolicyGrpcClient: client closed");
|
|
102
|
+
}
|
|
103
|
+
const md = new Metadata();
|
|
104
|
+
if (this.sourceModule)
|
|
105
|
+
md.add("x-source-module", this.sourceModule);
|
|
106
|
+
const wireReq = {
|
|
107
|
+
tenant_id: req.tenantId,
|
|
108
|
+
kind: req.kind,
|
|
109
|
+
};
|
|
110
|
+
const deadline = new Date(Date.now() + this.deadlineMs);
|
|
111
|
+
return new Promise((resolve, reject) => {
|
|
112
|
+
this.client.makeUnaryRequest(this.path, encodeRequest, decodeResponse, wireReq, md, { deadline }, (err, value) => {
|
|
113
|
+
if (err) {
|
|
114
|
+
// NOT_FOUND is a normal "no per-tenant override" signal, not a
|
|
115
|
+
// failure — resolve to null so the caller defaults to the kind's
|
|
116
|
+
// defaultApproverRole (D231 Rule 2).
|
|
117
|
+
if (err.code === grpcStatus.NOT_FOUND) {
|
|
118
|
+
resolve(null);
|
|
119
|
+
return;
|
|
120
|
+
}
|
|
121
|
+
reject(err);
|
|
122
|
+
return;
|
|
123
|
+
}
|
|
124
|
+
if (!value) {
|
|
125
|
+
resolve(null);
|
|
126
|
+
return;
|
|
127
|
+
}
|
|
128
|
+
resolve(toResponse(value));
|
|
129
|
+
});
|
|
130
|
+
});
|
|
131
|
+
}
|
|
132
|
+
async close() {
|
|
133
|
+
if (this.closed)
|
|
134
|
+
return;
|
|
135
|
+
this.closed = true;
|
|
136
|
+
this.client.close();
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
/**
|
|
140
|
+
* Construct a READ-only `ApprovalPolicyService.GetPolicy` client for an owner
|
|
141
|
+
* service (D231 Rule 2).
|
|
142
|
+
*
|
|
143
|
+
* @param serviceName fully-qualified gRPC service name, e.g.
|
|
144
|
+
* `nodii.tenant.v1.ApprovalPolicyService` (the descriptor path).
|
|
145
|
+
* @param address owner address `host:port`.
|
|
146
|
+
*/
|
|
147
|
+
export function createApprovalPolicyClient(serviceName, address, opts = {}) {
|
|
148
|
+
return new ApprovalPolicyGrpcClient(serviceName, address, opts);
|
|
149
|
+
}
|
|
150
|
+
/** Descriptor metadata, exported for the in-process test server (parity with
|
|
151
|
+
* TASK_SERVICE_DESCRIPTOR). */
|
|
152
|
+
export const APPROVAL_POLICY_SERVICE = {
|
|
153
|
+
methodPath,
|
|
154
|
+
encodeRequest,
|
|
155
|
+
decodeResponse,
|
|
156
|
+
};
|
|
157
|
+
//# sourceMappingURL=policy-client.js.map
|