@openverb/policy 2.0.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.d.mts +32 -0
  2. package/dist/index.d.ts +32 -0
  3. package/dist/index.js +142 -0
  4. package/dist/index.mjs +104 -0
  5. package/package.json +25 -0
package/dist/index.d.mts ADDED
@@ -0,0 +1,32 @@
1
+ import { VerbDefinition, Actor, Context, PolicyDecision } from '@openverb/runtime';
2
+
3
+ type TierPolicy = {
4
+ id: string;
5
+ stripePriceId?: string;
6
+ allow?: {
7
+ verbs?: string[];
8
+ effects?: string[];
9
+ };
10
+ deny?: {
11
+ verbs?: string[];
12
+ effects?: string[];
13
+ };
14
+ quotas?: Record<string, number>;
15
+ rateLimits?: Record<string, string>;
16
+ };
17
+ type TierMap = {
18
+ tiers: TierPolicy[];
19
+ };
20
+ type QuotaTracker = {
21
+ getUsage: (tenantId: string, key: string, period: string) => Promise<number>;
22
+ incrementUsage: (tenantId: string, key: string, period: string, delta: number) => Promise<void>;
23
+ };
24
+
25
+ declare function createPolicyEngine(config: {
26
+ tiers: TierMap | TierMap['tiers'];
27
+ quotaTracker?: QuotaTracker;
28
+ }): (verb: VerbDefinition, actor: Actor, context: Context) => Promise<PolicyDecision>;
29
+
30
+ declare function loadTierMap(tiersPath?: string): TierMap;
31
+
32
+ export { type QuotaTracker, type TierMap, type TierPolicy, createPolicyEngine, loadTierMap };
package/dist/index.d.ts ADDED
@@ -0,0 +1,32 @@
1
+ import { VerbDefinition, Actor, Context, PolicyDecision } from '@openverb/runtime';
2
+
3
+ type TierPolicy = {
4
+ id: string;
5
+ stripePriceId?: string;
6
+ allow?: {
7
+ verbs?: string[];
8
+ effects?: string[];
9
+ };
10
+ deny?: {
11
+ verbs?: string[];
12
+ effects?: string[];
13
+ };
14
+ quotas?: Record<string, number>;
15
+ rateLimits?: Record<string, string>;
16
+ };
17
+ type TierMap = {
18
+ tiers: TierPolicy[];
19
+ };
20
+ type QuotaTracker = {
21
+ getUsage: (tenantId: string, key: string, period: string) => Promise<number>;
22
+ incrementUsage: (tenantId: string, key: string, period: string, delta: number) => Promise<void>;
23
+ };
24
+
25
+ declare function createPolicyEngine(config: {
26
+ tiers: TierMap | TierMap['tiers'];
27
+ quotaTracker?: QuotaTracker;
28
+ }): (verb: VerbDefinition, actor: Actor, context: Context) => Promise<PolicyDecision>;
29
+
30
+ declare function loadTierMap(tiersPath?: string): TierMap;
31
+
32
+ export { type QuotaTracker, type TierMap, type TierPolicy, createPolicyEngine, loadTierMap };
package/dist/index.js ADDED
@@ -0,0 +1,142 @@
1
+ "use strict";
2
+ var __create = Object.create;
3
+ var __defProp = Object.defineProperty;
4
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
+ var __getOwnPropNames = Object.getOwnPropertyNames;
6
+ var __getProtoOf = Object.getPrototypeOf;
7
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
8
+ var __export = (target, all) => {
9
+ for (var name in all)
10
+ __defProp(target, name, { get: all[name], enumerable: true });
11
+ };
12
+ var __copyProps = (to, from, except, desc) => {
13
+ if (from && typeof from === "object" || typeof from === "function") {
14
+ for (let key of __getOwnPropNames(from))
15
+ if (!__hasOwnProp.call(to, key) && key !== except)
16
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
17
+ }
18
+ return to;
19
+ };
20
+ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
21
+ // If the importer is in node compatibility mode or this is not an ESM
22
+ // file that has been converted to a CommonJS file using a Babel-
23
+ // compatible transform (i.e. "__esModule" has not been set), then set
24
+ // "default" to the CommonJS "module.exports" for node compatibility.
25
+ isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
26
+ mod
27
+ ));
28
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
29
+
30
+ // src/index.ts
31
+ var index_exports = {};
32
+ __export(index_exports, {
33
+ createPolicyEngine: () => createPolicyEngine,
34
+ loadTierMap: () => loadTierMap
35
+ });
36
+ module.exports = __toCommonJS(index_exports);
37
+
38
+ // src/engine.ts
39
+ function createPolicyEngine(config) {
40
+ const tiers = Array.isArray(config.tiers) ? config.tiers : config.tiers.tiers;
41
+ return async function evaluatePolicy(verb, actor, context) {
42
+ if (verb.policy?.rolesAllowed) {
43
+ const roles = actor.roles || [];
44
+ const allowed = verb.policy.rolesAllowed.some((r) => roles.includes(r));
45
+ if (!allowed) {
46
+ return {
47
+ decision: "deny",
48
+ reasons: ["role_not_allowed"],
49
+ code: "role_denied",
50
+ message: "Your role does not allow this action"
51
+ };
52
+ }
53
+ }
54
+ const tier = tiers.find((t) => t.id === context.planId);
55
+ if (!tier) {
56
+ return {
57
+ decision: "deny",
58
+ reasons: ["unknown_tier"],
59
+ code: "unknown_tier",
60
+ message: "Unknown subscription tier"
61
+ };
62
+ }
63
+ if (tier.deny?.verbs?.includes(verb.id)) {
64
+ return {
65
+ decision: "deny",
66
+ reasons: ["tier_denies_verb"],
67
+ code: "tier_denied",
68
+ message: "This action is not available on your plan",
69
+ upsell: { suggestedPlanId: "pro", cta: "Upgrade to access this feature" }
70
+ };
71
+ }
72
+ if (tier.deny?.effects) {
73
+ const denied = verb.effects.some((e) => tier.deny.effects.includes(e));
74
+ if (denied) {
75
+ return {
76
+ decision: "deny",
77
+ reasons: ["tier_denies_effect"],
78
+ code: "tier_denied",
79
+ message: "This action is not available on your plan",
80
+ upsell: { suggestedPlanId: "pro", cta: "Upgrade to access this feature" }
81
+ };
82
+ }
83
+ }
84
+ if (tier.allow) {
85
+ const verbAllowed = tier.allow.verbs?.includes(verb.id) || false;
86
+ const effectAllowed = tier.allow.effects?.some((e) => {
87
+ if (e.endsWith(".*")) {
88
+ const prefix = e.slice(0, -2);
89
+ return verb.effects.some((ve) => ve.startsWith(prefix));
90
+ }
91
+ return verb.effects.includes(e);
92
+ }) || false;
93
+ if (!verbAllowed && !effectAllowed) {
94
+ return {
95
+ decision: "deny",
96
+ reasons: ["not_in_tier_allowlist"],
97
+ code: "not_allowed",
98
+ message: "This action is not included in your plan",
99
+ upsell: { suggestedPlanId: "pro", cta: "Upgrade to unlock" }
100
+ };
101
+ }
102
+ }
103
+ const meterKey = verb.billing?.meterKey;
104
+ if (meterKey && tier.quotas?.[meterKey] && config.quotaTracker) {
105
+ const period = (/* @__PURE__ */ new Date()).toISOString().slice(0, 7);
106
+ const usage = await config.quotaTracker.getUsage(context.tenantId, meterKey, period);
107
+ const limit = tier.quotas[meterKey];
108
+ if (usage >= limit) {
109
+ return {
110
+ decision: "deny",
111
+ reasons: ["quota_exceeded"],
112
+ code: "quota_exceeded",
113
+ message: `You've reached your monthly limit of ${limit} for this action`,
114
+ upsell: { suggestedPlanId: "pro", cta: "Upgrade for higher limits" }
115
+ };
116
+ }
117
+ }
118
+ const meter = meterKey ? {
119
+ key: meterKey,
120
+ delta: verb.billing?.defaultDelta || 1
121
+ } : void 0;
122
+ return {
123
+ decision: "allow",
124
+ reasons: ["tier_allows"],
125
+ meter
126
+ };
127
+ };
128
+ }
129
+
130
+ // src/tiers.ts
131
+ var fs = __toESM(require("fs"));
132
+ var path = __toESM(require("path"));
133
+ function loadTierMap(tiersPath = "./openverb/policies/tiers.json") {
134
+ const resolvedPath = path.resolve(process.cwd(), tiersPath);
135
+ const content = fs.readFileSync(resolvedPath, "utf-8");
136
+ return JSON.parse(content);
137
+ }
138
+ // Annotate the CommonJS export names for ESM import in node:
139
+ 0 && (module.exports = {
140
+ createPolicyEngine,
141
+ loadTierMap
142
+ });
package/dist/index.mjs ADDED
@@ -0,0 +1,104 @@
1
+ // src/engine.ts
2
+ function createPolicyEngine(config) {
3
+ const tiers = Array.isArray(config.tiers) ? config.tiers : config.tiers.tiers;
4
+ return async function evaluatePolicy(verb, actor, context) {
5
+ if (verb.policy?.rolesAllowed) {
6
+ const roles = actor.roles || [];
7
+ const allowed = verb.policy.rolesAllowed.some((r) => roles.includes(r));
8
+ if (!allowed) {
9
+ return {
10
+ decision: "deny",
11
+ reasons: ["role_not_allowed"],
12
+ code: "role_denied",
13
+ message: "Your role does not allow this action"
14
+ };
15
+ }
16
+ }
17
+ const tier = tiers.find((t) => t.id === context.planId);
18
+ if (!tier) {
19
+ return {
20
+ decision: "deny",
21
+ reasons: ["unknown_tier"],
22
+ code: "unknown_tier",
23
+ message: "Unknown subscription tier"
24
+ };
25
+ }
26
+ if (tier.deny?.verbs?.includes(verb.id)) {
27
+ return {
28
+ decision: "deny",
29
+ reasons: ["tier_denies_verb"],
30
+ code: "tier_denied",
31
+ message: "This action is not available on your plan",
32
+ upsell: { suggestedPlanId: "pro", cta: "Upgrade to access this feature" }
33
+ };
34
+ }
35
+ if (tier.deny?.effects) {
36
+ const denied = verb.effects.some((e) => tier.deny.effects.includes(e));
37
+ if (denied) {
38
+ return {
39
+ decision: "deny",
40
+ reasons: ["tier_denies_effect"],
41
+ code: "tier_denied",
42
+ message: "This action is not available on your plan",
43
+ upsell: { suggestedPlanId: "pro", cta: "Upgrade to access this feature" }
44
+ };
45
+ }
46
+ }
47
+ if (tier.allow) {
48
+ const verbAllowed = tier.allow.verbs?.includes(verb.id) || false;
49
+ const effectAllowed = tier.allow.effects?.some((e) => {
50
+ if (e.endsWith(".*")) {
51
+ const prefix = e.slice(0, -2);
52
+ return verb.effects.some((ve) => ve.startsWith(prefix));
53
+ }
54
+ return verb.effects.includes(e);
55
+ }) || false;
56
+ if (!verbAllowed && !effectAllowed) {
57
+ return {
58
+ decision: "deny",
59
+ reasons: ["not_in_tier_allowlist"],
60
+ code: "not_allowed",
61
+ message: "This action is not included in your plan",
62
+ upsell: { suggestedPlanId: "pro", cta: "Upgrade to unlock" }
63
+ };
64
+ }
65
+ }
66
+ const meterKey = verb.billing?.meterKey;
67
+ if (meterKey && tier.quotas?.[meterKey] && config.quotaTracker) {
68
+ const period = (/* @__PURE__ */ new Date()).toISOString().slice(0, 7);
69
+ const usage = await config.quotaTracker.getUsage(context.tenantId, meterKey, period);
70
+ const limit = tier.quotas[meterKey];
71
+ if (usage >= limit) {
72
+ return {
73
+ decision: "deny",
74
+ reasons: ["quota_exceeded"],
75
+ code: "quota_exceeded",
76
+ message: `You've reached your monthly limit of ${limit} for this action`,
77
+ upsell: { suggestedPlanId: "pro", cta: "Upgrade for higher limits" }
78
+ };
79
+ }
80
+ }
81
+ const meter = meterKey ? {
82
+ key: meterKey,
83
+ delta: verb.billing?.defaultDelta || 1
84
+ } : void 0;
85
+ return {
86
+ decision: "allow",
87
+ reasons: ["tier_allows"],
88
+ meter
89
+ };
90
+ };
91
+ }
92
+
93
+ // src/tiers.ts
94
+ import * as fs from "fs";
95
+ import * as path from "path";
96
+ function loadTierMap(tiersPath = "./openverb/policies/tiers.json") {
97
+ const resolvedPath = path.resolve(process.cwd(), tiersPath);
98
+ const content = fs.readFileSync(resolvedPath, "utf-8");
99
+ return JSON.parse(content);
100
+ }
101
+ export {
102
+ createPolicyEngine,
103
+ loadTierMap
104
+ };
package/package.json ADDED
@@ -0,0 +1,25 @@
1
+ {
2
+ "name": "@openverb/policy",
3
+ "version": "2.0.0-alpha.2",
4
+ "description": "OpenVerb policy engine",
5
+ "main": "./dist/index.js",
6
+ "module": "./dist/index.mjs",
7
+ "types": "./dist/index.d.ts",
8
+ "files": [
9
+ "dist"
10
+ ],
11
+ "scripts": {
12
+ "build": "tsup src/index.ts --format cjs,esm --dts",
13
+ "dev": "tsup src/index.ts --format cjs,esm --dts --watch",
14
+ "lint": "tsc --noEmit"
15
+ },
16
+ "peerDependencies": {
17
+ "@openverb/runtime": "workspace:*"
18
+ },
19
+ "devDependencies": {
20
+ "@openverb/runtime": "workspace:*",
21
+ "tsup": "^8.0.1",
22
+ "typescript": "^5.3.2"
23
+ },
24
+ "license": "MIT"
25
+ }