@objectstack/core 1.0.4 → 1.0.5

package/dist/security/permission-manager.test.js

@@ -1,220 +0,0 @@
-import { describe, it, expect, beforeEach } from 'vitest';
-import { PluginPermissionManager } from './permission-manager.js';
-import { createLogger } from '../logger.js';
-describe('PluginPermissionManager', () => {
-    let manager;
-    let logger;
-    beforeEach(() => {
-        logger = createLogger({ level: 'silent' });
-        manager = new PluginPermissionManager(logger);
-    });
-    describe('registerPermissions', () => {
-        it('should register permissions for a plugin', () => {
-            const permissionSet = {
-                permissions: [
-                    {
-                        id: 'read-data',
-                        resource: 'data.object',
-                        actions: ['read'],
-                        scope: 'plugin',
-                        description: 'Read object data',
-                        required: true,
-                    },
-                ],
-                defaultGrant: 'prompt',
-            };
-            manager.registerPermissions('test-plugin', permissionSet);
-            const permissions = manager.getPluginPermissions('test-plugin');
-            expect(permissions).toHaveLength(1);
-            expect(permissions[0].id).toBe('read-data');
-        });
-    });
-    describe('grantPermission', () => {
-        it('should grant a permission to a plugin', () => {
-            const permissionSet = {
-                permissions: [
-                    {
-                        id: 'read-data',
-                        resource: 'data.object',
-                        actions: ['read'],
-                        scope: 'plugin',
-                        description: 'Read object data',
-                        required: true,
-                    },
-                ],
-                defaultGrant: 'prompt',
-            };
-            manager.registerPermissions('test-plugin', permissionSet);
-            manager.grantPermission('test-plugin', 'read-data');
-            expect(manager.hasPermission('test-plugin', 'read-data')).toBe(true);
-        });
-        it('should throw error for non-existent permission', () => {
-            const permissionSet = {
-                permissions: [],
-                defaultGrant: 'prompt',
-            };
-            manager.registerPermissions('test-plugin', permissionSet);
-            expect(() => {
-                manager.grantPermission('test-plugin', 'invalid-permission');
-            }).toThrow();
-        });
-    });
-    describe('revokePermission', () => {
-        it('should revoke a permission from a plugin', () => {
-            const permissionSet = {
-                permissions: [
-                    {
-                        id: 'read-data',
-                        resource: 'data.object',
-                        actions: ['read'],
-                        scope: 'plugin',
-                        description: 'Read object data',
-                        required: true,
-                    },
-                ],
-                defaultGrant: 'prompt',
-            };
-            manager.registerPermissions('test-plugin', permissionSet);
-            manager.grantPermission('test-plugin', 'read-data');
-            manager.revokePermission('test-plugin', 'read-data');
-            expect(manager.hasPermission('test-plugin', 'read-data')).toBe(false);
-        });
-    });
-    describe('checkAccess', () => {
-        it('should allow access when permission is granted', () => {
-            const permissionSet = {
-                permissions: [
-                    {
-                        id: 'read-data',
-                        resource: 'data.object',
-                        actions: ['read'],
-                        scope: 'plugin',
-                        description: 'Read object data',
-                        required: true,
-                    },
-                ],
-                defaultGrant: 'prompt',
-            };
-            manager.registerPermissions('test-plugin', permissionSet);
-            manager.grantPermission('test-plugin', 'read-data');
-            const result = manager.checkAccess('test-plugin', 'data.object', 'read');
-            expect(result.allowed).toBe(true);
-        });
-        it('should deny access when permission is not granted', () => {
-            const permissionSet = {
-                permissions: [
-                    {
-                        id: 'read-data',
-                        resource: 'data.object',
-                        actions: ['read'],
-                        scope: 'plugin',
-                        description: 'Read object data',
-                        required: true,
-                    },
-                ],
-                defaultGrant: 'prompt',
-            };
-            manager.registerPermissions('test-plugin', permissionSet);
-            const result = manager.checkAccess('test-plugin', 'data.object', 'read');
-            expect(result.allowed).toBe(false);
-        });
-        it('should deny access when permission does not exist', () => {
-            const permissionSet = {
-                permissions: [],
-                defaultGrant: 'prompt',
-            };
-            manager.registerPermissions('test-plugin', permissionSet);
-            const result = manager.checkAccess('test-plugin', 'data.object', 'read');
-            expect(result.allowed).toBe(false);
-        });
-    });
-    describe('getMissingPermissions', () => {
-        it('should return missing required permissions', () => {
-            const permissionSet = {
-                permissions: [
-                    {
-                        id: 'read-data',
-                        resource: 'data.object',
-                        actions: ['read'],
-                        scope: 'plugin',
-                        description: 'Read object data',
-                        required: true,
-                    },
-                    {
-                        id: 'write-data',
-                        resource: 'data.object',
-                        actions: ['create', 'update'],
-                        scope: 'plugin',
-                        description: 'Write object data',
-                        required: true,
-                    },
-                ],
-                defaultGrant: 'prompt',
-            };
-            manager.registerPermissions('test-plugin', permissionSet);
-            manager.grantPermission('test-plugin', 'read-data');
-            const missing = manager.getMissingPermissions('test-plugin');
-            expect(missing).toHaveLength(1);
-            expect(missing[0].id).toBe('write-data');
-        });
-    });
-    describe('hasAllRequiredPermissions', () => {
-        it('should return true when all required permissions are granted', () => {
-            const permissionSet = {
-                permissions: [
-                    {
-                        id: 'read-data',
-                        resource: 'data.object',
-                        actions: ['read'],
-                        scope: 'plugin',
-                        description: 'Read object data',
-                        required: true,
-                    },
-                ],
-                defaultGrant: 'prompt',
-            };
-            manager.registerPermissions('test-plugin', permissionSet);
-            manager.grantPermission('test-plugin', 'read-data');
-            expect(manager.hasAllRequiredPermissions('test-plugin')).toBe(true);
-        });
-        it('should return false when required permissions are missing', () => {
-            const permissionSet = {
-                permissions: [
-                    {
-                        id: 'read-data',
-                        resource: 'data.object',
-                        actions: ['read'],
-                        scope: 'plugin',
-                        description: 'Read object data',
-                        required: true,
-                    },
-                ],
-                defaultGrant: 'prompt',
-            };
-            manager.registerPermissions('test-plugin', permissionSet);
-            expect(manager.hasAllRequiredPermissions('test-plugin')).toBe(false);
-        });
-    });
-    describe('clearPluginPermissions', () => {
-        it('should clear all permissions for a plugin', () => {
-            const permissionSet = {
-                permissions: [
-                    {
-                        id: 'read-data',
-                        resource: 'data.object',
-                        actions: ['read'],
-                        scope: 'plugin',
-                        description: 'Read object data',
-                        required: true,
-                    },
-                ],
-                defaultGrant: 'prompt',
-            };
-            manager.registerPermissions('test-plugin', permissionSet);
-            manager.grantPermission('test-plugin', 'read-data');
-            manager.clearPluginPermissions('test-plugin');
-            expect(manager.getPluginPermissions('test-plugin')).toHaveLength(0);
-            expect(manager.getGrantedPermissions('test-plugin')).toHaveLength(0);
-        });
-    });
-});

package/dist/security/plugin-config-validator.d.ts

@@ -1,79 +0,0 @@
-import type { Logger } from '@objectstack/spec/contracts';
-import type { PluginMetadata } from '../plugin-loader.js';
-/**
- * Plugin Configuration Validator
- *
- * Validates plugin configurations against Zod schemas to ensure:
- * 1. Type safety - all config values have correct types
- * 2. Business rules - values meet constraints (min/max, regex, etc.)
- * 3. Required fields - all mandatory configuration is provided
- * 4. Default values - missing optional fields get defaults
- *
- * Architecture:
- * - Uses Zod for runtime validation
- * - Provides detailed error messages with field paths
- * - Supports nested configuration objects
- * - Allows partial validation for incremental updates
- *
- * Usage:
- * ```typescript
- * const validator = new PluginConfigValidator(logger);
- * const validConfig = validator.validatePluginConfig(plugin, userConfig);
- * ```
- */
-export declare class PluginConfigValidator {
-    private logger;
-    constructor(logger: Logger);
-    /**
-     * Validate plugin configuration against its Zod schema
-     *
-     * @param plugin - Plugin metadata with configSchema
-     * @param config - User-provided configuration
-     * @returns Validated and typed configuration
-     * @throws Error with detailed validation errors
-     */
-    validatePluginConfig<T = any>(plugin: PluginMetadata, config: any): T;
-    /**
-     * Validate partial configuration (for incremental updates)
-     *
-     * @param plugin - Plugin metadata
-     * @param partialConfig - Partial configuration to validate
-     * @returns Validated partial configuration
-     */
-    validatePartialConfig<T = any>(plugin: PluginMetadata, partialConfig: any): Partial<T>;
-    /**
-     * Get default configuration from schema
-     *
-     * @param plugin - Plugin metadata
-     * @returns Default configuration object
-     */
-    getDefaultConfig<T = any>(plugin: PluginMetadata): T | undefined;
-    /**
-     * Check if configuration is valid without throwing
-     *
-     * @param plugin - Plugin metadata
-     * @param config - Configuration to check
-     * @returns True if valid, false otherwise
-     */
-    isConfigValid(plugin: PluginMetadata, config: any): boolean;
-    /**
-     * Get configuration errors without throwing
-     *
-     * @param plugin - Plugin metadata
-     * @param config - Configuration to check
-     * @returns Array of validation errors, or empty array if valid
-     */
-    getConfigErrors(plugin: PluginMetadata, config: any): Array<{
-        path: string;
-        message: string;
-    }>;
-    private formatZodErrors;
-}
-/**
- * Create a plugin config validator
- *
- * @param logger - Logger instance
- * @returns Plugin config validator
- */
-export declare function createPluginConfigValidator(logger: Logger): PluginConfigValidator;
-//# sourceMappingURL=plugin-config-validator.d.ts.map

package/dist/security/plugin-config-validator.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"plugin-config-validator.d.ts","sourceRoot":"","sources":["../../src/security/plugin-config-validator.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,6BAA6B,CAAC;AAC1D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAE1D;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,qBAAa,qBAAqB;IAChC,OAAO,CAAC,MAAM,CAAS;gBAEX,MAAM,EAAE,MAAM;IAI1B;;;;;;;OAOG;IACH,oBAAoB,CAAC,CAAC,GAAG,GAAG,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC;IAqCrE;;;;;;OAMG;IACH,qBAAqB,CAAC,CAAC,GAAG,GAAG,EAAE,MAAM,EAAE,cAAc,EAAE,aAAa,EAAE,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC;IA4BtF;;;;;OAKG;IACH,gBAAgB,CAAC,CAAC,GAAG,GAAG,EAAE,MAAM,EAAE,cAAc,GAAG,CAAC,GAAG,SAAS;IAiBhE;;;;;;OAMG;IACH,aAAa,CAAC,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,GAAG,OAAO;IAS3D;;;;;;OAMG;IACH,eAAe,CAAC,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,GAAG,KAAK,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAC,CAAC;IAgB5F,OAAO,CAAC,eAAe;CAMxB;AAED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CAAC,MAAM,EAAE,MAAM,GAAG,qBAAqB,CAEjF"}

package/dist/security/plugin-config-validator.js

@@ -1,166 +0,0 @@
-import { z } from 'zod';
-/**
- * Plugin Configuration Validator
- *
- * Validates plugin configurations against Zod schemas to ensure:
- * 1. Type safety - all config values have correct types
- * 2. Business rules - values meet constraints (min/max, regex, etc.)
- * 3. Required fields - all mandatory configuration is provided
- * 4. Default values - missing optional fields get defaults
- *
- * Architecture:
- * - Uses Zod for runtime validation
- * - Provides detailed error messages with field paths
- * - Supports nested configuration objects
- * - Allows partial validation for incremental updates
- *
- * Usage:
- * ```typescript
- * const validator = new PluginConfigValidator(logger);
- * const validConfig = validator.validatePluginConfig(plugin, userConfig);
- * ```
- */
-export class PluginConfigValidator {
-    constructor(logger) {
-        this.logger = logger;
-    }
-    /**
-     * Validate plugin configuration against its Zod schema
-     *
-     * @param plugin - Plugin metadata with configSchema
-     * @param config - User-provided configuration
-     * @returns Validated and typed configuration
-     * @throws Error with detailed validation errors
-     */
-    validatePluginConfig(plugin, config) {
-        if (!plugin.configSchema) {
-            this.logger.debug(`Plugin ${plugin.name} has no config schema - skipping validation`);
-            return config;
-        }
-        try {
-            // Use Zod to parse and validate
-            const validatedConfig = plugin.configSchema.parse(config);
-            this.logger.debug(`✅ Plugin config validated: ${plugin.name}`, {
-                plugin: plugin.name,
-                configKeys: Object.keys(config || {}).length,
-            });
-            return validatedConfig;
-        }
-        catch (error) {
-            if (error instanceof z.ZodError) {
-                const formattedErrors = this.formatZodErrors(error);
-                const errorMessage = [
-                    `Plugin ${plugin.name} configuration validation failed:`,
-                    ...formattedErrors.map(e => `  - ${e.path}: ${e.message}`),
-                ].join('\n');
-                this.logger.error(errorMessage, undefined, {
-                    plugin: plugin.name,
-                    errors: formattedErrors,
-                });
-                throw new Error(errorMessage);
-            }
-            // Re-throw other errors
-            throw error;
-        }
-    }
-    /**
-     * Validate partial configuration (for incremental updates)
-     *
-     * @param plugin - Plugin metadata
-     * @param partialConfig - Partial configuration to validate
-     * @returns Validated partial configuration
-     */
-    validatePartialConfig(plugin, partialConfig) {
-        if (!plugin.configSchema) {
-            return partialConfig;
-        }
-        try {
-            // Use Zod's partial() method for partial validation
-            // Cast to ZodObject to access partial() method
-            const partialSchema = plugin.configSchema.partial();
-            const validatedConfig = partialSchema.parse(partialConfig);
-            this.logger.debug(`✅ Partial config validated: ${plugin.name}`);
-            return validatedConfig;
-        }
-        catch (error) {
-            if (error instanceof z.ZodError) {
-                const formattedErrors = this.formatZodErrors(error);
-                const errorMessage = [
-                    `Plugin ${plugin.name} partial configuration validation failed:`,
-                    ...formattedErrors.map(e => `  - ${e.path}: ${e.message}`),
-                ].join('\n');
-                throw new Error(errorMessage);
-            }
-            throw error;
-        }
-    }
-    /**
-     * Get default configuration from schema
-     *
-     * @param plugin - Plugin metadata
-     * @returns Default configuration object
-     */
-    getDefaultConfig(plugin) {
-        if (!plugin.configSchema) {
-            return undefined;
-        }
-        try {
-            // Parse empty object to get defaults
-            const defaults = plugin.configSchema.parse({});
-            this.logger.debug(`Default config extracted: ${plugin.name}`);
-            return defaults;
-        }
-        catch (error) {
-            // Schema may require some fields - return undefined
-            this.logger.debug(`No default config available: ${plugin.name}`);
-            return undefined;
-        }
-    }
-    /**
-     * Check if configuration is valid without throwing
-     *
-     * @param plugin - Plugin metadata
-     * @param config - Configuration to check
-     * @returns True if valid, false otherwise
-     */
-    isConfigValid(plugin, config) {
-        if (!plugin.configSchema) {
-            return true;
-        }
-        const result = plugin.configSchema.safeParse(config);
-        return result.success;
-    }
-    /**
-     * Get configuration errors without throwing
-     *
-     * @param plugin - Plugin metadata
-     * @param config - Configuration to check
-     * @returns Array of validation errors, or empty array if valid
-     */
-    getConfigErrors(plugin, config) {
-        if (!plugin.configSchema) {
-            return [];
-        }
-        const result = plugin.configSchema.safeParse(config);
-        if (result.success) {
-            return [];
-        }
-        return this.formatZodErrors(result.error);
-    }
-    // Private methods
-    formatZodErrors(error) {
-        return error.issues.map((e) => ({
-            path: e.path.join('.') || 'root',
-            message: e.message,
-        }));
-    }
-}
-/**
- * Create a plugin config validator
- *
- * @param logger - Logger instance
- * @returns Plugin config validator
- */
-export function createPluginConfigValidator(logger) {
-    return new PluginConfigValidator(logger);
-}

package/dist/security/plugin-config-validator.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=plugin-config-validator.test.d.ts.map

package/dist/security/plugin-config-validator.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"plugin-config-validator.test.d.ts","sourceRoot":"","sources":["../../src/security/plugin-config-validator.test.ts"],"names":[],"mappings":""}