@pax2pay/model-banking 0.1.508 → 0.1.510

package/Card/Creatable.ts

@@ -8,6 +8,7 @@ import { type as ruleType } from "../Rule/type"
 import { Expiry } from "./Expiry"
 import { Meta } from "./Meta"
 import { Preset } from "./Preset"
+import { Restriction } from "./Restriction"
 
 export interface Creatable {
 	account: string
@@ -21,6 +22,7 @@ export interface Creatable {
 	rules?: Rule[]
 	meta?: Meta
 	key?: isoly.Date | string
+	restricted?: { to?: Restriction }
 }
 
 export namespace Creatable {
@@ -28,24 +30,19 @@ export namespace Creatable {
 		account: isly.string(),
 		number: isly.string().optional(),
 		preset: Preset.type,
-		details: isly.object({
-			expiry: Expiry.type,
-			holder: isly.string(),
-		}),
+		details: isly.object({ expiry: Expiry.type, holder: isly.string() }),
 		limit: isly.tuple(isly.fromIs("isoly.Currency", isoly.Currency.is), isly.number()),
 		rules: ruleType.array().optional(),
 		meta: isly.fromIs("Card.Meta", Meta.is).optional(),
 		key: isly.string().optional(),
+		restricted: isly.object<Required<Creatable>["restricted"]>({ to: Restriction.type.optional() }).optional(),
 	})
 	export const type2 = isly2.object<Creatable>({
 		account: isly2.string().rename("Account").describe("The account id the card was created on."),
 		number: isly2.string().optional().rename("Number").describe("The card identifier of the user of the api."),
 		preset: Preset.type2,
 		details: isly2
-			.object({
-				expiry: Expiry.type2,
-				holder: isly2.string(),
-			})
+			.object({ expiry: Expiry.type2, holder: isly2.string() })
 			.rename("Details")
 			.describe("The card details, the information that will be displayed on the card."),
 		limit: isly2
@@ -60,5 +57,10 @@ export namespace Creatable {
 			.describe("Card rules that applies to authorizations made with the card."),
 		meta: isly2.from("Meta", Meta.is).optional(),
 		key: isly2.string().optional(),
+		restricted: isly2
+			.object<Required<Creatable>["restricted"]>({ to: Restriction.type2.optional() })
+			.optional()
+			.rename("Restrictions")
+			.describe("Set of restrictions that apply to the card."),
 	})
 }

package/Card/Restriction/Merchant.ts

@@ -0,0 +1,108 @@
+import { isly } from "isly"
+import { isly as isly2 } from "isly2"
+import type { Transaction } from "../../Transaction"
+
+export type Merchant = typeof Merchant.values[number]
+export namespace Merchant {
+	export const values = [
+		"united airlines",
+		"american air",
+		"british airways",
+		"air france",
+		"lufthansa",
+		"qantas",
+		"alitalia",
+		"saudi air",
+		"sas",
+		"air india",
+		"air algerie",
+		"emirates",
+		"air malta",
+		"etihad air",
+		"tap",
+		"avianca",
+		"gulf air",
+		"aer lingus",
+		"turkish air",
+		"royal air maroc",
+		"tunis air",
+		"austrian air",
+		"flydubai",
+		"cebu air",
+		"thai airways",
+		"china airlines",
+		"malaysia airlines",
+		"iberia",
+		"qatar air",
+		"ana air",
+		"jet blue",
+		"middle east airlines",
+		"lot polish airlines",
+		"norwegian air",
+		"air arabia",
+		"easyjet",
+		"ryanair",
+		"air china",
+		"ethiopian airlines",
+		"wizz air",
+	] as const
+	export const type = isly.string<Merchant>(values)
+	export const type2 = isly2.string<Merchant>("value", ...values)
+	export type Checker = (
+		merchant: Merchant,
+		transaction: Transaction.Creatable.CardTransaction | Transaction.PreTransaction.Authorization
+	) => boolean
+	export type Attribute = { mccs: string[]; checkers?: Checker[] }
+	export const attributes: Record<Merchant, Attribute> = {
+		"united airlines": { mccs: ["3000"] },
+		"american air": { mccs: ["3001"] },
+		"british airways": { mccs: ["3005"] },
+		"air france": { mccs: ["3007"] },
+		lufthansa: { mccs: ["3008"] },
+		qantas: { mccs: ["3012"] },
+		alitalia: { mccs: ["3013"] },
+		"saudi air": { mccs: ["3014"] },
+		sas: { mccs: ["3016"] },
+		"air india": { mccs: ["3020"] },
+		"air algerie": { mccs: ["3021"] },
+		emirates: { mccs: ["3026"] },
+		"air malta": { mccs: ["3028"] },
+		"etihad air": { mccs: ["3034"] },
+		tap: { mccs: ["3035"] },
+		avianca: { mccs: ["3039"] },
+		"gulf air": { mccs: ["3040"] },
+		"aer lingus": { mccs: ["3043"] },
+		"turkish air": { mccs: ["3047"] },
+		"royal air maroc": { mccs: ["3048"] },
+		"tunis air": { mccs: ["3049"] },
+		"austrian air": { mccs: ["3051"] },
+		flydubai: { mccs: ["3070"] },
+		"cebu air": { mccs: ["3072"] },
+		"thai airways": { mccs: ["3077"] },
+		"china airlines": { mccs: ["3078"] },
+		"malaysia airlines": { mccs: ["3100"] },
+		iberia: { mccs: ["3102"] },
+		"qatar air": { mccs: ["3136"] },
+		"ana air": { mccs: ["3161"] },
+		"jet blue": { mccs: ["3174"] },
+		"middle east airlines": { mccs: ["3175"] },
+		"lot polish airlines": { mccs: ["3182"] },
+		"norwegian air": { mccs: ["3211"] },
+		"air arabia": { mccs: ["3236"] },
+		easyjet: { mccs: ["3245"] },
+		ryanair: { mccs: ["3246"] },
+		"air china": { mccs: ["3261"] },
+		"ethiopian airlines": { mccs: ["3294"] },
+		"wizz air": { mccs: ["3301"] },
+	}
+	export function check(
+		merchant: Merchant,
+		transaction: Transaction.Creatable.CardTransaction | Transaction.PreTransaction.Authorization
+	): boolean {
+		const attribute = Merchant.attributes[merchant]
+		return (
+			attribute.mccs.some(mcc => transaction.counterpart.merchant.category == mcc) ||
+			(attribute.checkers ?? []).some(checker => checker(merchant, transaction))
+		)
+	}
+}

package/Card/Restriction/index.ts

@@ -0,0 +1,28 @@
+import { isly } from "isly"
+import { isly as isly2 } from "isly2"
+import type { Transaction } from "../../Transaction"
+import { Merchant as RestrictionsMerchant } from "./Merchant"
+
+export interface Restriction {
+	merchants?: Restriction.Merchant[]
+}
+export namespace Restriction {
+	export import Merchant = RestrictionsMerchant
+	export const type = isly.object<Restriction>({ merchants: Merchant.type.array().optional() })
+	export const type2 = isly2.object<Restriction>({
+		merchants: Merchant.type2
+			.array()
+			.optional()
+			.rename("Merchants")
+			.describe("List of merchants that the card can be used with."),
+	})
+	export function check(
+		restrictions: Restriction,
+		transaction: Transaction.Creatable.CardTransaction | Transaction.PreTransaction.Authorization
+	): boolean {
+		let result: boolean = true
+		if (restrictions.merchants?.length)
+			result = restrictions.merchants.some(merchant => Merchant.check(merchant, transaction))
+		return result
+	}
+}

package/Card/index.ts

@@ -12,6 +12,7 @@ import { Expiry as CardExpiry } from "./Expiry"
 import { Meta as CardMeta } from "./Meta"
 import { Operation as CardOperation } from "./Operation"
 import { Preset as CardPreset } from "./Preset"
+import { Restriction as CardRestriction } from "./Restriction"
 import { Scheme as CardScheme } from "./Scheme"
 import { Stack as CardStack } from "./Stack"
 
@@ -38,8 +39,18 @@ export interface Card {
 	history: CardOperation[]
 	rules: Rule[]
 	meta?: CardMeta
+	restricted?: { to?: CardRestriction }
 }
 export namespace Card {
+	export import Creatable = CardCreatable
+	export import Preset = CardPreset
+	export import Meta = CardMeta
+	export import Expiry = CardExpiry
+	export import Changeable = CardChangeable
+	export import Operation = CardOperation
+	export import Scheme = CardScheme
+	export import Stack = CardStack
+	export import Restriction = CardRestriction
 	export const type = isly.object<Card>({
 		id: isly.string(),
 		number: isly.string().optional(),
@@ -63,6 +74,7 @@ export namespace Card {
 		history: isly.array(CardOperation.type),
 		rules: ruleType.array(),
 		meta: isly.fromIs("Card.Meta", CardMeta.is).optional(),
+		restricted: isly.object<Required<Card>["restricted"]>({ to: CardRestriction.type.optional() }).optional(),
 	})
 	export const type2: isly2.Object<Card> = isly2
 		.object<Card>({
@@ -92,17 +104,14 @@ export namespace Card {
 				.rename("Rules")
 				.describe("Card rules that applies to authorizations made with the card."),
 			meta: isly2.from("Card.Meta", CardMeta.is).optional().rename("Meta").describe("Additional card information."),
+			restricted: isly2
+				.object<Required<Card>["restricted"]>({ to: CardRestriction.type2.optional() })
+				.optional()
+				.rename("Restrictions")
+				.describe("Set of restrictions that apply to the card."),
 		})
 		.rename("Card")
 		.describe("Card information.")
-	export import Creatable = CardCreatable
-	export import Preset = CardPreset
-	export import Meta = CardMeta
-	export import Expiry = CardExpiry
-	export import Changeable = CardChangeable
-	export import Operation = CardOperation
-	export import Scheme = CardScheme
-	export import Stack = CardStack
 	const csvMap: Record<string, (card: Card) => string | number | undefined> = {
 		id: card => card.id,
 		created: card => readableDate(card.created),

package/User/Access/Permission.ts

@@ -0,0 +1,47 @@
+import { isly } from "isly"
+import { typedly } from "typedly"
+
+export type Permission = Partial<Record<Permission.Collection, Permission.Level>>
+export namespace Permission {
+	export type Realm = Omit<Permission, "user">
+	export type Global = Pick<Permission, "user">
+	export function check(constraint: Permission, privilege: Permission): boolean {
+		return typedly.Object.entries(constraint).every(
+			([collection, level]) =>
+				Permission.Level.get(privilege[collection]) >= Permission.Level.get(level) ||
+				Permission.Level.get(privilege["*"]) >= Permission.Level.get(level)
+		)
+	}
+	export type Level = typeof Level.values[number]
+	export namespace Level {
+		export const values = ["read", "write", "developer", "admin"] as const
+		export const type = isly.string(values)
+		export function get(level: Level | undefined): number {
+			return level ? value[level] : 0
+		}
+		export const value: Record<Level, number> = {
+			read: 1,
+			write: 2,
+			developer: 3,
+			admin: 4,
+		} as const
+	}
+	export type Collection = typeof Collection.values[number]
+	export namespace Collection {
+		export const values = [
+			"account",
+			"card",
+			"log",
+			"operation",
+			"organization",
+			"rule", // realm rules
+			"settlement",
+			"transaction",
+			"treasury",
+			"user",
+			"*",
+		] as const
+		export const type = isly.string(values)
+	}
+	export const type = isly.record<Permission>(Collection.type, Level.type)
+}

package/User/Access/index.ts

@@ -0,0 +1,19 @@
+import { isly } from "isly"
+import { Permission as AccessPermission } from "./Permission"
+
+/** read < write < developer < admin */
+export interface Access {
+	uk?: Access.Permission.Realm
+	eea?: Access.Permission.Realm
+	test?: Access.Permission.Realm
+	"*"?: Access.Permission.Global
+}
+export namespace Access {
+	export import Permission = AccessPermission
+	export const type = isly.object({
+		uk: Access.Permission.type.optional(),
+		eea: Access.Permission.type.optional(),
+		test: Access.Permission.type.optional(),
+		"*": isly.object({ user: Access.Permission.Level.type.optional() }).optional(),
+	})
+}

package/User/Identity.ts

@@ -0,0 +1,32 @@
+import { gracely } from "gracely"
+import { http } from "cloudly-http"
+import { Realm } from "../Realm"
+import { Access } from "./Access"
+import { JWT } from "./JWT"
+
+export class Identity {
+	get realm(): Realm {
+		return this.payload.realm
+	}
+	constructor(public readonly payload: JWT.Payload, private readonly jwt: string) {}
+
+	authenticate(constraint: Access.Permission | Access.Permission[]): Identity | gracely.Error {
+		let allowed: boolean
+		if (Array.isArray(constraint))
+			allowed = constraint.some(c => this.authenticate(c))
+		else
+			allowed = Access.Permission.check(constraint, this.payload.permission)
+		return allowed ? this : gracely.client.forbidden()
+	}
+
+	/** Key will default to production jwt verification key */
+	static async open(
+		authorization: string | undefined,
+		options: { whitelist?: JWT.Whitelist; key?: string }
+	): Promise<Identity | gracely.Error> {
+		const jwt = authorization?.startsWith("Bearer ") ? authorization.replace("Bearer ", "") : undefined
+		const payload = jwt ? await JWT.open({ public: options.key }, options.whitelist).verify(jwt) : undefined
+		return jwt && payload ? new Identity(payload, jwt) : gracely.client.unauthorized()
+	}
+}
+export namespace Identity {}

package/User/JWT/Payload.ts

@@ -0,0 +1,56 @@
+import { authly } from "authly"
+import { isly } from "isly"
+import { Realm } from "../../Realm"
+import { Access } from "../Access"
+
+export type Payload = Payload.LongTerm | Payload.ShortTerm
+export namespace Payload {
+	export interface Creatable {
+		sub: string
+		permission: Access.Permission
+		realm: Realm
+	}
+	export namespace Creatable {
+		export const type = isly.object<Creatable>({
+			sub: isly.string(),
+			permission: Access.Permission.type,
+			realm: Realm.type,
+		})
+	}
+	export interface Base extends authly.Payload {
+		aud: string
+		iat: number
+		iss: string
+		sub: string
+		permission: Access.Permission
+		realm: Realm
+	}
+	export namespace Base {
+		export const type = isly.object<Payload>({
+			aud: isly.string(),
+			iat: isly.number(),
+			iss: isly.string(),
+			sub: isly.string(),
+			permission: Access.Permission.type,
+			realm: Realm.type,
+		})
+	}
+	export interface LongTerm extends Base {
+		id: string
+	}
+	export namespace LongTerm {
+		export const type = Base.type.extend<LongTerm>({ id: isly.string() })
+	}
+	export interface ShortTerm extends Base {
+		exp: number
+	}
+	export namespace ShortTerm {
+		export const type = Base.type.extend<ShortTerm>({ exp: isly.number() })
+	}
+
+	export const configuration = {
+		aud: "https://banking.pax2pay.app",
+		iss: "pax2pay",
+	}
+	export const type = isly.union<Payload>(LongTerm.type, ShortTerm.type)
+}

package/User/JWT/Signer.ts

@@ -0,0 +1,39 @@
+import { authly } from "authly"
+import { Payload } from "./Payload"
+
+export class Signer {
+	constructor(private readonly key?: { public?: string; private?: string }) {}
+
+	/** Duration in seconds */
+	async sign(data: Payload.Creatable, duration: number | "infinite" = 60 * 60 * 12): Promise<string | undefined> {
+		let result: string | undefined
+		if (duration === "infinite") {
+			const signer = Signer.create({ key: this.key })
+			result = await signer?.sign({ id: authly.Identifier.generate(16), ...data })
+		} else {
+			const signer = Signer.create({ key: this.key, duration })
+			result = await signer?.sign({ ...data })
+		}
+		return result
+	}
+
+	static open(key?: { public?: string; private?: string }): Signer {
+		return new this(key)
+	}
+}
+export namespace Signer {
+	export function create<T extends authly.Payload>(options: {
+		key?: { public?: string; private?: string }
+		duration?: number
+	}): authly.Issuer<T> | undefined {
+		const signer = authly.Issuer.create(
+			Payload.configuration.iss,
+			authly.Algorithm.RS256(options.key?.public, options.key?.private)
+		)
+		if (signer) {
+			signer.duration = options.duration
+			signer.audience = Payload.configuration.aud
+		}
+		return signer
+	}
+}

package/User/JWT/index.ts

@@ -0,0 +1,57 @@
+import { authly } from "authly"
+import { Realm } from "../../Realm"
+import { Payload as JWTPayload } from "./Payload"
+import { Signer as JWTSigner } from "./Signer"
+
+export class JWT {
+	#verifier?: authly.Verifier<JWT.Payload>
+	private get verifier(): authly.Verifier<JWT.Payload> | undefined {
+		if (!this.#verifier && this.key?.public) {
+			const algorithm = authly.Algorithm.RS256(this.key.public)
+			this.#verifier = algorithm ? authly.Verifier.create(algorithm) : undefined
+		}
+		return this.#verifier
+	}
+	#signer?: JWTSigner
+	private get signer(): JWTSigner | undefined {
+		return this.key?.private ? (this.#signer ??= JWTSigner.open(this.key)) : undefined
+	}
+	get sign() {
+		return this.signer?.sign
+	}
+	private constructor(
+		private readonly key?: { public?: string; private?: string },
+		readonly whitelist?: JWT.Whitelist
+	) {}
+
+	async verify(token: string): Promise<JWT.Payload | undefined> {
+		const verified = await this.verifier?.verify(token, JWT.Payload.configuration.aud)
+		delete verified?.token
+		return JWT.Payload.type.is(verified) &&
+			verified?.iss == JWT.Payload.configuration.iss &&
+			(verified.exp || (verified.id && this.whitelist?.[verified.realm]?.some(e => e.id === verified.id)))
+			? verified
+			: undefined
+	}
+	async unpack(token: string): Promise<JWT.Payload | undefined> {
+		const unpacked = await JWT.unpack(token)
+		delete unpacked?.token
+		return unpacked
+	}
+
+	static open(key?: { private?: string; public?: string }, whitelist?: JWT.Whitelist): JWT {
+		return new this({ private: key?.private, public: key?.public ?? JWT.key }, whitelist)
+	}
+}
+export namespace JWT {
+	export import Signer = JWTSigner
+	export type Whitelist = Partial<Record<Realm, Payload.LongTerm[]>>
+	export async function unpack(token: string): Promise<JWT.Payload | undefined> {
+		const algorithm = authly.Algorithm.RS256(undefined)
+		const verifier = algorithm ? authly.Verifier.create<JWT.Payload>(algorithm) : undefined
+		return verifier?.unpack(token)
+	}
+	export import Payload = JWTPayload
+	export const key =
+		"MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2W8CD2kpfS4QIRV2/rgm4NVvsvJsYNMHtnIl9ADvO3A81hAmRKvOAPVoXICe6+EuZ47jGjGL7f48GEoQuITfBPv/MosCDj1YhJ56ILDynCSd8FlxDrhv8pl5IquST7tcL6Hc6m+vuvoTLrFQ5QqNxv0a5eDd/YTrWv7SUuRfBEhYd/wMysGynN3QauHqy5ceBCt1nv1MJLGlSzczMRK7wjy1zi2g9NCHZBOoo1HXOpi727Xh+YXHc9EP2TN0oOXyxykv45nkGIDI0Qek3/pfkavClBffc1sEqA+rUx7YqRN9KGYxwLMLug+NOOh3ptqjfobXbR5fx/sUWhvcjUMTE1JreTrWYbGmVnjd/SeYSClfmGhdTBUfqnZbaABv0ruTXva18qRhP4y143vHMk/k8HzbuROTKAzrtEeLIjgwUgDcnE+JwDqcb8tKSGV6i++TiTldlSBCRTT4dK2hpHJje80b2abqtrbCkxbJlT98UsAAoiq2eW1X6lYmCfiGCJPkfswibQ2tPAKKNe/2xuHPsjx4FuXGmV0dbzmCwSIQoApXqOvKzoNFi6AaKIjxfNmiEigLwKpNrw08H0lVZbq/9MMxI3TzMTZjY9QmBKVLSGy3Z6IJqZpyK22lv7whJcllG0Qw8tv8+7wmC8SR3+4jpuxuFGZ+69CW+otx+CPMJjcCAwEAAQ=="
+}

package/User/Me.ts

@@ -0,0 +1,15 @@
+import { isly } from "isly"
+import { Realm } from "../Realm"
+
+export interface Me {
+	email: string
+	password: string
+	realm: Realm
+}
+export namespace Me {
+	export const type = isly.object<Me>({
+		email: isly.string(),
+		password: isly.string(),
+		realm: Realm.type,
+	})
+}

package/User/Password.ts

@@ -0,0 +1,43 @@
+import { cryptly } from "cryptly"
+import { gracely } from "gracely"
+import { isoly } from "isoly"
+import { isly } from "isly"
+
+export interface Password {
+	hash: cryptly.Password.Hash
+	changed: isoly.DateTime
+}
+export namespace Password {
+	export interface Creatable {
+		new: string
+		repeat: string
+	}
+	export namespace Creatable {
+		export const type = isly.object<Creatable>({
+			new: isly.string(),
+			repeat: isly.string(),
+		})
+	}
+	export async function create(creatable: Creatable, pepper: string | undefined): Promise<Password | gracely.Error> {
+		let result: Awaited<ReturnType<typeof create>>
+		if (creatable.new !== creatable.repeat)
+			result = gracely.client.forbidden("The new password and the repeated password do not match.")
+		else if (!pepper)
+			result = gracely.server.backendFailure("The password cannot be created without a pepper.")
+		else
+			result = { hash: await hash(creatable.new, pepper), changed: isoly.DateTime.now() }
+		return result
+	}
+	export function salt(): string {
+		return cryptly.Base64.encode(cryptly.RandomValue.generate(new Uint8Array(64)).toString())
+	}
+	export async function hash(password: string, pepper: string): Promise<cryptly.Password.Hash> {
+		return cryptly.Password.hash(signer(pepper), password, salt())
+	}
+	export async function verify(password: string, hash: cryptly.Password.Hash, pepper: string): Promise<boolean> {
+		return cryptly.Password.verify(signer(pepper), hash, password)
+	}
+	function signer(pepper: string): { sign: (data: string) => Promise<string> } {
+		return cryptly.Signer.create("HMAC", "SHA-512", pepper)
+	}
+}

package/User/index.ts

@@ -0,0 +1,68 @@
+import { isoly } from "isoly"
+import { isly } from "isly"
+import { Realm } from "../Realm"
+import { Access as UserAccess } from "./Access"
+import { Identity as UserIdentity } from "./Identity"
+import { JWT as UserJWT } from "./JWT"
+import { Me as UserMe } from "./Me"
+import { Password as UserPassword } from "./Password"
+
+export interface User {
+	email: string
+	access: User.Access
+	changed: isoly.DateTime
+	created: isoly.DateTime
+	password: {
+		changed: isoly.DateTime
+	}
+}
+export namespace User {
+	export import Access = UserAccess
+	export import Identity = UserIdentity
+	export import JWT = UserJWT
+	export import Me = UserMe
+	export import Password = UserPassword
+	export function fromInvite(invite: Invite): User {
+		const now = isoly.DateTime.now()
+		return {
+			email: invite.email,
+			access: invite.access,
+			changed: now,
+			created: now,
+			password: {
+				changed: now,
+			},
+		}
+	}
+	export function toJWTPayloadCreatable(user: User, realm: Realm): User.JWT.Payload.Creatable {
+		return {
+			sub: user.email,
+			permission: { ...(user.access[realm] ?? {}), ...(user.access["*"] ?? {}) },
+			realm,
+		}
+	}
+	export interface Creatable {
+		invite: string
+		password: Password.Creatable
+	}
+	export namespace Creatable {
+		export const type = isly.object<Creatable>({
+			invite: isly.string(),
+			password: isly.object({ new: isly.string(), repeat: isly.string() }),
+		})
+	}
+	export interface Invite {
+		id: string
+		email: string
+		access: Access
+	}
+	export namespace Invite {
+		export interface Creatable {
+			email: string
+			access: Access
+		}
+		export namespace Creatable {
+			export const type = isly.object<Creatable>({ email: isly.string(), access: Access.type })
+		}
+	}
+}

package/dist/cjs/Card/Creatable.d.ts

@@ -5,6 +5,7 @@ import type { Rule } from "../Rule";
 import { Expiry } from "./Expiry";
 import { Meta } from "./Meta";
 import { Preset } from "./Preset";
+import { Restriction } from "./Restriction";
 export interface Creatable {
     account: string;
     number?: string;
@@ -17,6 +18,9 @@ export interface Creatable {
     rules?: Rule[];
     meta?: Meta;
     key?: isoly.Date | string;
+    restricted?: {
+        to?: Restriction;
+    };
 }
 export declare namespace Creatable {
     const type: import("isly/dist/cjs/object").IslyObject<Creatable, object>;