npm - @prosopo/user-access-policy - Versions diffs - 3.8.1 → 3.9.1 - Mend

@prosopo/user-access-policy 3.8.1 → 3.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

package/.turbo/turbo-build$colon$cjs.log +8 -8
package/.turbo/turbo-build$colon$tsc.log +14 -14
package/.turbo/turbo-build.log +9 -9
package/CHANGELOG.md +33 -0
package/dist/api/read/fetchRules.d.ts +1 -30
package/dist/api/read/fetchRules.d.ts.map +1 -1
package/dist/api/read/fetchRules.js.map +1 -1
package/dist/api/write/insertRules.d.ts +2 -2
package/dist/api/write/insertRules.d.ts.map +1 -1
package/dist/api/write/insertRules.js.map +1 -1
package/dist/cjs/mongoose/mongooseRuleSchema.cjs +2 -1
package/dist/cjs/redis/reader/redisAggregate.cjs +22 -4
package/dist/cjs/redis/reader/redisRulesReader.cjs +22 -27
package/dist/cjs/ruleInput/policyInput.cjs +5 -1
package/dist/cjs/ruleInput/userScopeInput.cjs +1 -1
package/dist/cjs/transformRule.cjs +2 -1
package/dist/mongoose/mongooseRuleSchema.d.ts.map +1 -1
package/dist/mongoose/mongooseRuleSchema.js +2 -1
package/dist/mongoose/mongooseRuleSchema.js.map +1 -1
package/dist/redis/reader/redisAggregate.d.ts +1 -1
package/dist/redis/reader/redisAggregate.d.ts.map +1 -1
package/dist/redis/reader/redisAggregate.js +22 -4
package/dist/redis/reader/redisAggregate.js.map +1 -1
package/dist/redis/reader/redisRulesReader.d.ts +1 -0
package/dist/redis/reader/redisRulesReader.d.ts.map +1 -1
package/dist/redis/reader/redisRulesReader.js +24 -29
package/dist/redis/reader/redisRulesReader.js.map +1 -1
package/dist/redis/redisClient.d.ts +2 -2
package/dist/redis/redisClient.d.ts.map +1 -1
package/dist/redis/redisClient.js.map +1 -1
package/dist/rule.d.ts +1 -0
package/dist/rule.d.ts.map +1 -1
package/dist/ruleInput/policyInput.d.ts +3 -0
package/dist/ruleInput/policyInput.d.ts.map +1 -1
package/dist/ruleInput/policyInput.js +5 -1
package/dist/ruleInput/policyInput.js.map +1 -1
package/dist/ruleInput/ruleInput.d.ts +3 -16
package/dist/ruleInput/ruleInput.d.ts.map +1 -1
package/dist/ruleInput/ruleInput.js.map +1 -1
package/dist/ruleInput/userScopeInput.js +2 -2
package/dist/ruleInput/userScopeInput.js.map +1 -1
package/dist/tests/redis/redisRulesStorage.integration.test.js +31 -0
package/dist/tests/redis/redisRulesStorage.integration.test.js.map +1 -1
package/dist/tests/transformRule.unit.test.js +45 -1
package/dist/tests/transformRule.unit.test.js.map +1 -1
package/dist/transformRule.d.ts.map +1 -1
package/dist/transformRule.js +3 -2
package/dist/transformRule.js.map +1 -1
package/package.json +3 -3
package/src/api/read/fetchRules.ts +10 -2
package/src/api/write/insertRules.ts +4 -2
package/src/mongoose/mongooseRuleSchema.ts +1 -0
package/src/redis/reader/redisAggregate.ts +27 -1
package/src/redis/reader/redisRulesReader.ts +42 -40
package/src/redis/redisClient.ts +7 -2
package/src/rule.ts +12 -0
package/src/ruleInput/policyInput.ts +12 -1
package/src/ruleInput/ruleInput.ts +11 -6
package/src/ruleInput/userScopeInput.ts +7 -7
package/src/tests/redis/redisRulesStorage.integration.test.ts +52 -0
package/src/tests/transformRule.unit.test.ts +68 -1
package/src/transformRule.ts +7 -2
package/tsconfig.tsbuildinfo +1 -1

package/.turbo/turbo-build$colon$cjs.log CHANGED Viewed

@@ -1,5 +1,5 @@
-> @prosopo/user-access-policy@3.8.1 build:cjs
+> @prosopo/user-access-policy@3.9.1 build:cjs
 > NODE_ENV=${NODE_ENV:-development}; vite build --config vite.cjs.config.ts --mode $NODE_ENV
 ViteCommonJSConfig: .
@@ -50,22 +50,22 @@ rendering chunks...
 [2mdist/cjs/[22m[36mapi/read/fetchRules.cjs            [39m[1m[2m1.22 kB[22m[1m[22m
 [2mdist/cjs/[22m[36m.export.cjs                        [39m[1m[2m1.24 kB[22m[1m[22m
 [2mdist/cjs/[22m[36mredis/redisRulesStorage.cjs        [39m[1m[2m1.35 kB[22m[1m[22m
-[2mdist/cjs/[22m[36mruleInput/policyInput.cjs          [39m[1m[2m1.40 kB[22m[1m[22m
-[2mdist/cjs/[22m[36mmongoose/mongooseRuleSchema.cjs    [39m[1m[2m1.42 kB[22m[1m[22m
+[2mdist/cjs/[22m[36mmongoose/mongooseRuleSchema.cjs    [39m[1m[2m1.48 kB[22m[1m[22m
 [2mdist/cjs/[22m[36mapi/delete/deleteRules.cjs         [39m[1m[2m1.51 kB[22m[1m[22m
 [2mdist/cjs/[22m[36mapi/delete/deleteRuleGroups.cjs    [39m[1m[2m1.57 kB[22m[1m[22m
 [2mdist/cjs/[22m[36mapi/write/rehashRules.cjs          [39m[1m[2m1.64 kB[22m[1m[22m
 [2mdist/cjs/[22m[36mapi/read/findRuleIds.cjs           [39m[1m[2m1.65 kB[22m[1m[22m
-[2mdist/cjs/[22m[36mredis/reader/redisAggregate.cjs    [39m[1m[2m1.95 kB[22m[1m[22m
+[2mdist/cjs/[22m[36mruleInput/policyInput.cjs          [39m[1m[2m1.70 kB[22m[1m[22m
 [2mdist/cjs/[22m[36mruleInput/ruleInput.cjs            [39m[1m[2m2.07 kB[22m[1m[22m
 [2mdist/cjs/[22m[36mredis/redisClient.cjs              [39m[1m[2m2.09 kB[22m[1m[22m
-[2mdist/cjs/[22m[36mruleInput/userScopeInput.cjs       [39m[1m[2m2.38 kB[22m[1m[22m
+[2mdist/cjs/[22m[36mruleInput/userScopeInput.cjs       [39m[1m[2m2.45 kB[22m[1m[22m
 [2mdist/cjs/[22m[36mredis/redisRuleIndex.cjs           [39m[1m[2m2.46 kB[22m[1m[22m
 [2mdist/cjs/[22m[36mapi/rulesApiClient.cjs             [39m[1m[2m2.60 kB[22m[1m[22m
-[2mdist/cjs/[22m[36mtransformRule.cjs                  [39m[1m[2m2.91 kB[22m[1m[22m
+[2mdist/cjs/[22m[36mredis/reader/redisAggregate.cjs    [39m[1m[2m2.61 kB[22m[1m[22m
+[2mdist/cjs/[22m[36mtransformRule.cjs                  [39m[1m[2m3.05 kB[22m[1m[22m
 [2mdist/cjs/[22m[36mapi/write/insertRules.cjs          [39m[1m[2m3.38 kB[22m[1m[22m
 [2mdist/cjs/[22m[36mredis/redisRulesWriter.cjs         [39m[1m[2m3.44 kB[22m[1m[22m
 [2mdist/cjs/[22m[36mredis/reader/redisRulesQuery.cjs   [39m[1m[2m4.34 kB[22m[1m[22m
 [2mdist/cjs/[22m[36mapi/ruleApiRoutes.cjs              [39m[1m[2m4.55 kB[22m[1m[22m
-[2mdist/cjs/[22m[36mredis/reader/redisRulesReader.cjs  [39m[1m[2m7.01 kB[22m[1m[22m
-[32m✓ built in 454ms[39m
+[2mdist/cjs/[22m[36mredis/reader/redisRulesReader.cjs  [39m[1m[2m6.87 kB[22m[1m[22m
+[32m✓ built in 451ms[39m

package/.turbo/turbo-build$colon$tsc.log CHANGED Viewed

@@ -1,8 +1,8 @@
-> @prosopo/user-access-policy@3.8.1 build:tsc
+> @prosopo/user-access-policy@3.9.1 build:tsc
 > tsc --build --verbose
-5:56:01 PM - Projects in this build:
+1:19:54 PM - Projects in this build:
     * ../../dev/config/tsconfig.json
     * ../locale/tsconfig.json
     * ../util/tsconfig.json
@@ -15,27 +15,27 @@
     * ../api/tsconfig.json
     * tsconfig.json
-5:56:01 PM - Project '../../dev/config/tsconfig.json' is up to date because newest input '../../dev/config/src/webpack/webpack.config.ts' is older than output '../../dev/config/tsconfig.tsbuildinfo'
+1:19:54 PM - Project '../../dev/config/tsconfig.json' is up to date because newest input '../../dev/config/src/webpack/webpack.config.ts' is older than output '../../dev/config/tsconfig.tsbuildinfo'
-5:56:01 PM - Project '../locale/tsconfig.json' is up to date because newest input '../locale/src/translationKey.ts' is older than output '../locale/tsconfig.tsbuildinfo'
+1:19:54 PM - Project '../locale/tsconfig.json' is up to date because newest input '../locale/src/translationKey.ts' is older than output '../locale/tsconfig.tsbuildinfo'
-5:56:01 PM - Project '../util/tsconfig.json' is up to date because newest input '../util/src/url.ts' is older than output '../util/tsconfig.tsbuildinfo'
+1:19:54 PM - Project '../util/tsconfig.json' is up to date because newest input '../util/src/url.ts' is older than output '../util/tsconfig.tsbuildinfo'
-5:56:01 PM - Project '../logger/tsconfig.json' is up to date because newest input '../logger/src/index.ts' is older than output '../logger/tsconfig.tsbuildinfo'
+1:19:54 PM - Project '../logger/tsconfig.json' is up to date because newest input '../logger/src/index.ts' is older than output '../logger/tsconfig.tsbuildinfo'
-5:56:01 PM - Project '../util-crypto/tsconfig.json' is up to date because newest input '../util-crypto/src/types.ts' is older than output '../util-crypto/tsconfig.tsbuildinfo'
+1:19:54 PM - Project '../util-crypto/tsconfig.json' is up to date because newest input '../util-crypto/src/types.ts' is older than output '../util-crypto/tsconfig.tsbuildinfo'
-5:56:01 PM - Project '../types/tsconfig.json' is up to date because newest input '../types/src/provider/api.ts' is older than output '../types/tsconfig.tsbuildinfo'
+1:19:55 PM - Project '../types/tsconfig.json' is up to date because newest input '../types/src/keyring/keyring/types.ts' is older than output '../types/tsconfig.tsbuildinfo'
-5:56:01 PM - Project '../common/tsconfig.json' is up to date because newest input '../common/src/index.ts' is older than output '../common/tsconfig.tsbuildinfo'
+1:19:55 PM - Project '../common/tsconfig.json' is up to date because newest input '../common/src/index.ts' is older than output '../common/tsconfig.tsbuildinfo'
-5:56:01 PM - Project '../api-route/tsconfig.json' is up to date because newest input '../api-route/src/apiRoutes.ts' is older than output '../api-route/tsconfig.tsbuildinfo'
+1:19:55 PM - Project '../api-route/tsconfig.json' is up to date because newest input '../api-route/src/apiRoutes.ts' is older than output '../api-route/tsconfig.tsbuildinfo'
-5:56:01 PM - Project '../redis-client/tsconfig.json' is up to date because newest input '../redis-client/src/index.ts' is older than output '../redis-client/tsconfig.tsbuildinfo'
+1:19:55 PM - Project '../redis-client/tsconfig.json' is up to date because newest input '../redis-client/src/index.ts' is older than output '../redis-client/tsconfig.tsbuildinfo'
-5:56:01 PM - Project '../api/tsconfig.json' is up to date because newest input '../api/src/index.ts' is older than output '../api/tsconfig.tsbuildinfo'
+1:19:55 PM - Project '../api/tsconfig.json' is up to date because newest input '../api/src/index.ts' is older than output '../api/tsconfig.tsbuildinfo'
-5:56:01 PM - Project 'tsconfig.json' is out of date because output file 'tsconfig.tsbuildinfo' does not exist
+1:19:55 PM - Project 'tsconfig.json' is out of date because output file 'tsconfig.tsbuildinfo' does not exist
-5:56:01 PM - Building project '/home/runner/work/captcha/captcha/packages/user-access-policy/tsconfig.json'...
+1:19:55 PM - Building project '/home/runner/work/captcha/captcha/packages/user-access-policy/tsconfig.json'...

package/.turbo/turbo-build.log CHANGED Viewed

@@ -1,9 +1,9 @@
-> @prosopo/user-access-policy@3.8.1 build
+> @prosopo/user-access-policy@3.9.1 build
 > npm run build:cross-env -- --mode ${NODE_ENV:-development}
-> @prosopo/user-access-policy@3.8.1 build:cross-env
+> @prosopo/user-access-policy@3.9.1 build:cross-env
 > vite build --config vite.esm.config.ts --mode production
 ViteEsmConfig: .
@@ -53,23 +53,23 @@ rendering chunks...
 [2mdist/[22m[36m.export.js                        [39m[1m[2m0.85 kB[22m[1m[22m
 [2mdist/[22m[36mapi/read/getMissingIds.js         [39m[1m[2m1.01 kB[22m[1m[22m
 [2mdist/[22m[36mapi/read/fetchRules.js            [39m[1m[2m1.08 kB[22m[1m[22m
-[2mdist/[22m[36mruleInput/policyInput.js          [39m[1m[2m1.20 kB[22m[1m[22m
 [2mdist/[22m[36mredis/redisRulesStorage.js        [39m[1m[2m1.21 kB[22m[1m[22m
-[2mdist/[22m[36mmongoose/mongooseRuleSchema.js    [39m[1m[2m1.31 kB[22m[1m[22m
+[2mdist/[22m[36mmongoose/mongooseRuleSchema.js    [39m[1m[2m1.37 kB[22m[1m[22m
 [2mdist/[22m[36mapi/delete/deleteRules.js         [39m[1m[2m1.44 kB[22m[1m[22m
 [2mdist/[22m[36mapi/delete/deleteRuleGroups.js    [39m[1m[2m1.44 kB[22m[1m[22m
+[2mdist/[22m[36mruleInput/policyInput.js          [39m[1m[2m1.50 kB[22m[1m[22m
 [2mdist/[22m[36mapi/read/findRuleIds.js           [39m[1m[2m1.54 kB[22m[1m[22m
 [2mdist/[22m[36mapi/write/rehashRules.js          [39m[1m[2m1.54 kB[22m[1m[22m
 [2mdist/[22m[36mruleInput/ruleInput.js            [39m[1m[2m1.72 kB[22m[1m[22m
-[2mdist/[22m[36mredis/reader/redisAggregate.js    [39m[1m[2m1.80 kB[22m[1m[22m
 [2mdist/[22m[36mredis/redisClient.js              [39m[1m[2m1.90 kB[22m[1m[22m
 [2mdist/[22m[36mredis/redisRuleIndex.js           [39m[1m[2m2.01 kB[22m[1m[22m
-[2mdist/[22m[36mruleInput/userScopeInput.js       [39m[1m[2m2.16 kB[22m[1m[22m
+[2mdist/[22m[36mruleInput/userScopeInput.js       [39m[1m[2m2.22 kB[22m[1m[22m
 [2mdist/[22m[36mapi/rulesApiClient.js             [39m[1m[2m2.36 kB[22m[1m[22m
-[2mdist/[22m[36mtransformRule.js                  [39m[1m[2m2.63 kB[22m[1m[22m
+[2mdist/[22m[36mredis/reader/redisAggregate.js    [39m[1m[2m2.46 kB[22m[1m[22m
+[2mdist/[22m[36mtransformRule.js                  [39m[1m[2m2.76 kB[22m[1m[22m
 [2mdist/[22m[36mapi/write/insertRules.js          [39m[1m[2m3.22 kB[22m[1m[22m
 [2mdist/[22m[36mredis/redisRulesWriter.js         [39m[1m[2m3.22 kB[22m[1m[22m
 [2mdist/[22m[36mredis/reader/redisRulesQuery.js   [39m[1m[2m4.15 kB[22m[1m[22m
 [2mdist/[22m[36mapi/ruleApiRoutes.js              [39m[1m[2m4.33 kB[22m[1m[22m
-[2mdist/[22m[36mredis/reader/redisRulesReader.js  [39m[1m[2m6.23 kB[22m[1m[22m
-[32m✓ built in 516ms[39m
+[2mdist/[22m[36mredis/reader/redisRulesReader.js  [39m[1m[2m6.02 kB[22m[1m[22m
+[32m✓ built in 473ms[39m

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,38 @@
 # @prosopo/user-access-policy
+## 3.9.1
+### Patch Changes
+- b520cd9: Paginate the greedy `findRules` RediSearch query via `FT.AGGREGATE WITHCURSOR` so the candidate set is no longer truncated at `REDIS_BATCH_SIZE` (1000). Under high-volume bot traffic, a single popular ja4 fingerprint can be carried by thousands of rules; the OR-style greedy query returned > 1000 candidates and `FT.SEARCH`'s LIMIT silently dropped the tail — block rules emitted by less-frequent detectors sat past offset 1000 and never reached the JS-side specificity sort, letting matching requests through. Aggregation cursors return the full result set, so ranking sees every candidate.
+## 3.9.0
+### Minor Changes
+- 4da8941: Add `deferToVerify` flag on `AccessPolicy` so a Block policy can skip the request-time `blockMiddleware` (no 401 at the captcha endpoint) and fire instead at the verify step. The behaviour mirrors the existing coords-rule deferral pattern: today the middleware blanks out coords from the userScope, so coords-only rules can only ever match in the verify path. `deferToVerify` is the explicit version of that for other signals (ja4Hash, headersHash, etc.) — useful when you want the attacker to pay the captcha-solving cost and the dApp to silently receive `{verified: false}` instead of the bot's frontend seeing a 401.
+  Wiring:
+  - `BlacklistRequestInspector.shouldAbortRequest` filters out matching policies that have `deferToVerify` before picking the top hit. Those policies never short-circuit the middleware.
+  - `CaptchaManager.findHardBlockPolicy` widens its matcher: a Block policy now counts as a hard block when it has either no `captchaType` (existing behaviour) **or** `deferToVerify === true`. The check is invoked from `imgCaptchaTasks.dappUserSolution`, `powTasks.serverVerifyPowCaptcha`, and `puzzleTasks.verifyPuzzleCaptchaSolution`, so the deferral applies to all three captcha types.
+  - Persistence: `deferToVerify` lands on the mongo `accessPolicySchema` (Boolean) and the zod `accessPolicyInput` (with a string→boolean preprocess so the Redis round-trip works).
+  Motivating use case: a set of spoofed-JA4 hard-block rules pushed 2026-06-12. Marking those `deferToVerify: true` would still reject the attacker at verify but force them to complete N image captcha rounds and surface behavioural data on the commitment record before the rejection — useful for both telemetry and operator-side friction.
+### Patch Changes
+- 70ef67a: Add explicit `ZodType<T, ZodTypeDef, unknown>` annotations to `accessRuleInput`, `ruleEntryInput`, and `fetchRulesResponse`. The `z.preprocess` on `deferToVerify` widens the input position to `unknown`; without an explicit annotation TS emits an unnameable inferred type and parent repos that import these schemas fail typecheck with TS2742.
+- 4226c59: Support IPv6 in access rule input transforms.
+  The portal-side ticket [prosopo/captcha-private#3379](https://github.com/prosopo/captcha-private/issues/3379) enables IPv6 rule creation. The CIDR parser in `userScopeInput` and the numeric→string reverse path in `transformRule` were both IPv4-only and would crash or produce wrong addresses when an IPv6 rule reached the provider.
+  - `userScopeInput.ts`: dispatch CIDR parsing to `Address4` vs `Address6` via `Address4.isValid`; both expose `startAddress()/endAddress().bigInt()`.
+  - `transformRule.ts`: `getStringIpFromNumeric` now uses `Address6.fromBigInt(...).correctForm()` for numeric values above `2^32 - 1`, keeping `Address4.fromInteger(...)` for IPv4 range.
+  - Adds a round-trip unit test for `2001:db8::1` + `/32` mask, plus three IPv6 CIDR cases (`/32`, `/64`, `/10`) alongside the existing IPv4 set.
+- Updated dependencies [f69724f]
+- Updated dependencies [3973078]
+  - @prosopo/types@4.4.1
+  - @prosopo/api@3.4.11
 ## 3.8.1
 ### Patch Changes

package/dist/api/read/fetchRules.d.ts CHANGED Viewed

@@ -9,36 +9,7 @@ type FetchRulesSchema = ZodType<FetchRulesOptions>;
 export type FetchRulesResponse = {
     ruleEntries: AccessRuleEntry[];
 };
-export declare const fetchRulesResponse: z.ZodObject<{
-    ruleEntries: z.ZodArray<z.ZodObject<{
-        rule: ZodType<import("../../rule.js").AccessRule, z.ZodTypeDef, import("../../rule.js").AccessRule>;
-        expiresUnixTimestamp: z.ZodOptional<z.ZodNumber>;
-    }, "strip", z.ZodTypeAny, {
-        rule: import("../../rule.js").AccessPolicy & import("../../rule.js").PolicyScope & import("../../rule.js").UserAttributes & import("../../rule.js").UserIp & {
-            groupId?: string;
-        };
-        expiresUnixTimestamp?: number | undefined;
-    }, {
-        rule: import("../../rule.js").AccessPolicy & import("../../rule.js").PolicyScope & import("../../rule.js").UserAttributes & import("../../rule.js").UserIp & {
-            groupId?: string;
-        };
-        expiresUnixTimestamp?: number | undefined;
-    }>, "many">;
-}, "strip", z.ZodTypeAny, {
-    ruleEntries: {
-        rule: import("../../rule.js").AccessPolicy & import("../../rule.js").PolicyScope & import("../../rule.js").UserAttributes & import("../../rule.js").UserIp & {
-            groupId?: string;
-        };
-        expiresUnixTimestamp?: number | undefined;
-    }[];
-}, {
-    ruleEntries: {
-        rule: import("../../rule.js").AccessPolicy & import("../../rule.js").PolicyScope & import("../../rule.js").UserAttributes & import("../../rule.js").UserIp & {
-            groupId?: string;
-        };
-        expiresUnixTimestamp?: number | undefined;
-    }[];
-}>;
+export declare const fetchRulesResponse: ZodType<FetchRulesResponse, z.ZodTypeDef, unknown>;
 export type FetchRulesEndpointResponse = ApiEndpointResponse & {
     data?: FetchRulesResponse;
 };

package/dist/api/read/fetchRules.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"fetchRules.d.ts","sourceRoot":"","sources":["../../../src/api/read/fetchRules.ts"],"names":[],"mappings":"AAcA,OAAO,EACN,KAAK,WAAW,EAChB,KAAK,mBAAmB,EAExB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,KAAK,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAEtC,OAAO,KAAK,EACX,eAAe,EACf,kBAAkB,EAClB,MAAM,yBAAyB,CAAC;AAEjC,MAAM,MAAM,iBAAiB,GAAG;IAC/B,GAAG,EAAE,MAAM,EAAE,CAAC;CACd,CAAC;AAEF,KAAK,gBAAgB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEnD,MAAM,MAAM,kBAAkB,GAAG;IAChC,WAAW,EAAE,eAAe,EAAE,CAAC;CAC/B,CAAC;~~AAEF~~,eAAO,MAAM,kBAAkB~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE+C~~,CAAC;~~AAE/E~~,MAAM,MAAM,0BAA0B,GAAG,mBAAmB,GAAG;IAC9D,IAAI,CAAC,EAAE,kBAAkB,CAAC;CAC1B,CAAC;AAEF,qBAAa,kBAAmB,YAAW,WAAW,CAAC,gBAAgB,CAAC;IAEtE,OAAO,CAAC,QAAQ,CAAC,kBAAkB;IACnC,OAAO,CAAC,QAAQ,CAAC,MAAM;gBADN,kBAAkB,EAAE,kBAAkB,EACtC,MAAM,EAAE,MAAM;IAGzB,oBAAoB,IAAI,gBAAgB;IAMzC,cAAc,CACnB,IAAI,EAAE,iBAAiB,EACvB,MAAM,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,0BAA0B,CAAC;CA0BtC"}
1	+ {"version":3,"file":"fetchRules.d.ts","sourceRoot":"","sources":["../../../src/api/read/fetchRules.ts"],"names":[],"mappings":"AAcA,OAAO,EACN,KAAK,WAAW,EAChB,KAAK,mBAAmB,EAExB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,KAAK,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAEtC,OAAO,KAAK,EACX,eAAe,EACf,kBAAkB,EAClB,MAAM,yBAAyB,CAAC;AAEjC,MAAM,MAAM,iBAAiB,GAAG;IAC/B,GAAG,EAAE,MAAM,EAAE,CAAC;CACd,CAAC;AAEF,KAAK,gBAAgB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEnD,MAAM,MAAM,kBAAkB,GAAG;IAChC,WAAW,EAAE,eAAe,EAAE,CAAC;CAC/B,CAAC;AAMF,eAAO,MAAM,kBAAkB,EAAE,OAAO,CACvC,kBAAkB,EAClB,CAAC,CAAC,UAAU,EACZ,OAAO,CAGgC,CAAC;AAEzC,MAAM,MAAM,0BAA0B,GAAG,mBAAmB,GAAG;IAC9D,IAAI,CAAC,EAAE,kBAAkB,CAAC;CAC1B,CAAC;AAEF,qBAAa,kBAAmB,YAAW,WAAW,CAAC,gBAAgB,CAAC;IAEtE,OAAO,CAAC,QAAQ,CAAC,kBAAkB;IACnC,OAAO,CAAC,QAAQ,CAAC,MAAM;gBADN,kBAAkB,EAAE,kBAAkB,EACtC,MAAM,EAAE,MAAM;IAGzB,oBAAoB,IAAI,gBAAgB;IAMzC,cAAc,CACnB,IAAI,EAAE,iBAAiB,EACvB,MAAM,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,0BAA0B,CAAC;CA0BtC"}

package/dist/api/read/fetchRules.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"fetchRules.js","sourceRoot":"","sources":["../../../src/api/read/fetchRules.ts"],"names":[],"mappings":"AAcA,OAAO,EAGN,yBAAyB,GACzB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAC;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;~~AAgBhE~~,MAAM,CAAC,MAAM,kBAAkB,~~GAAG~~,CAAC,CAAC,MAAM,CAAC;~~IAC1C~~,WAAW,EAAE,cAAc,CAAC,KAAK,EAAE;CACG,~~CAAuC~~,CAAC;~~AAM/E~~,MAAM,OAAO,kBAAkB;IAC9B,YACkB,kBAAsC,EACtC,MAAc;QADd,uBAAkB,GAAlB,kBAAkB,CAAoB;QACtC,WAAM,GAAN,MAAM,CAAQ;IAC7B,CAAC;IAEG,oBAAoB;QAC1B,OAAO,CAAC,CAAC,MAAM,CAAC;YACf,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE;SACc,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc,CACnB,IAAuB,EACvB,MAAe;QAEf,MAAM,GAAG,GAAG,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC;QAClC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEvE,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACf,GAAG,EAAE,wBAAwB;YAC7B,IAAI,EAAE;gBACL,cAAc,EAAE,IAAI,CAAC,GAAG,CAAC,MAAM;gBAC/B,UAAU,EAAE,WAAW,CAAC,MAAM;aAC9B;SACD,CAAC,CAAC,CAAC;QAEJ,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;YAChB,GAAG,EAAE,sBAAsB;YAC3B,IAAI,EAAE;gBACL,WAAW,EAAE,WAAW;aACxB;SACD,CAAC,CAAC,CAAC;QAEJ,OAAO;YACN,MAAM,EAAE,yBAAyB,CAAC,OAAO;YACzC,IAAI,EAAE;gBACL,WAAW,EAAE,WAAW;aACxB;SACD,CAAC;IACH,CAAC;CACD"}
1	+ {"version":3,"file":"fetchRules.js","sourceRoot":"","sources":["../../../src/api/read/fetchRules.ts"],"names":[],"mappings":"AAcA,OAAO,EAGN,yBAAyB,GACzB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAgB,CAAC,EAAE,MAAM,KAAK,CAAC;AACtC,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAoBhE,MAAM,CAAC,MAAM,kBAAkB,GAI3B,CAAC,CAAC,MAAM,CAAC;IACZ,WAAW,EAAE,cAAc,CAAC,KAAK,EAAE;CACG,CAAC,CAAC;AAMzC,MAAM,OAAO,kBAAkB;IAC9B,YACkB,kBAAsC,EACtC,MAAc;QADd,uBAAkB,GAAlB,kBAAkB,CAAoB;QACtC,WAAM,GAAN,MAAM,CAAQ;IAC7B,CAAC;IAEG,oBAAoB;QAC1B,OAAO,CAAC,CAAC,MAAM,CAAC;YACf,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE;SACc,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,cAAc,CACnB,IAAuB,EACvB,MAAe;QAEf,MAAM,GAAG,GAAG,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC;QAClC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEvE,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YACf,GAAG,EAAE,wBAAwB;YAC7B,IAAI,EAAE;gBACL,cAAc,EAAE,IAAI,CAAC,GAAG,CAAC,MAAM;gBAC/B,UAAU,EAAE,WAAW,CAAC,MAAM;aAC9B;SACD,CAAC,CAAC,CAAC;QAEJ,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;YAChB,GAAG,EAAE,sBAAsB;YAC3B,IAAI,EAAE;gBACL,WAAW,EAAE,WAAW;aACxB;SACD,CAAC,CAAC,CAAC;QAEJ,OAAO;YACN,MAAM,EAAE,yBAAyB,CAAC,OAAO;YACzC,IAAI,EAAE;gBACL,WAAW,EAAE,WAAW;aACxB;SACD,CAAC;IACH,CAAC;CACD"}

package/dist/api/write/insertRules.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { type ApiEndpoint, type ApiEndpointResponse } from "@prosopo/api-route";
 import { type Logger } from "@prosopo/logger";
-import { type ZodType } from "zod";
+import { type ZodType, type ZodTypeDef } from "zod";
 import type { AccessPolicy, PolicyScope, UserScope } from "#policy/rule.js";
 import { type UserScopeInput } from "#policy/ruleInput/userScopeInput.js";
 import type { AccessRulesWriter } from "#policy/rulesStorage.js";
@@ -15,7 +15,7 @@ type ParsedInsertRulesGroup = InsertRulesGroup & {
     userScopes: UserScope[];
 };
 type ParsedInsertRuleGroups = ParsedInsertRulesGroup[];
-type InsertRulesSchema = ZodType<InsertRulesGroup[]>;
+type InsertRulesSchema = ZodType<InsertRulesGroup[], ZodTypeDef, unknown>;
 export declare class InsertRulesEndpoint implements ApiEndpoint<InsertRulesSchema> {
     private readonly accessRulesWriter;
     private readonly logger;

package/dist/api/write/insertRules.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"insertRules.d.ts","sourceRoot":"","sources":["../../../src/api/write/insertRules.ts"],"names":[],"mappings":"AAcA,OAAO,EACN,KAAK,WAAW,EAChB,KAAK,mBAAmB,EAExB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAY,KAAK,MAAM,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EAAE,KAAK,OAAO,EAAK,MAAM,KAAK,CAAC;~~AACtC~~,OAAO,KAAK,EACX,YAAY,EAEZ,WAAW,EACX,SAAS,EACT,MAAM,iBAAiB,CAAC;AAMzB,OAAO,EACN,KAAK,cAAc,EAEnB,MAAM,qCAAqC,CAAC;AAC7C,OAAO,KAAK,EAEX,iBAAiB,EACjB,MAAM,yBAAyB,CAAC;AAEjC,MAAM,MAAM,gBAAgB,GAAG;IAC9B,YAAY,EAAE,YAAY,CAAC;IAC3B,UAAU,EAAE,cAAc,EAAE,CAAC;IAG7B,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC9B,CAAC;AAEF,KAAK,sBAAsB,GAAG,gBAAgB,GAAG;IAChD,UAAU,EAAE,SAAS,EAAE,CAAC;CACxB,CAAC;AAEF,KAAK,sBAAsB,GAAG,sBAAsB,EAAE,CAAC;~~AAEvD~~,KAAK,iBAAiB,GAAG,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC;~~AAErD~~,qBAAa,mBAAoB,YAAW,WAAW,CAAC,iBAAiB,CAAC;IAExE,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM;gBADN,iBAAiB,EAAE,iBAAiB,EACpC,MAAM,EAAE,MAAM;IAGzB,oBAAoB,IAAI,iBAAiB;IAY1C,cAAc,CACnB,IAAI,EAAE,sBAAsB,EAC5B,MAAM,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,mBAAmB,CAAC;cAwDf,gBAAgB,CAC/B,MAAM,EAAE,sBAAsB,GAC5B,OAAO,CAAC,MAAM,EAAE,CAAC;cAQJ,gBAAgB,CAC/B,KAAK,EAAE,sBAAsB,GAC3B,OAAO,CAAC,MAAM,EAAE,CAAC;CAiCpB"}
1	+ {"version":3,"file":"insertRules.d.ts","sourceRoot":"","sources":["../../../src/api/write/insertRules.ts"],"names":[],"mappings":"AAcA,OAAO,EACN,KAAK,WAAW,EAChB,KAAK,mBAAmB,EAExB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAY,KAAK,MAAM,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,EAAE,KAAK,OAAO,EAAE,KAAK,UAAU,EAAK,MAAM,KAAK,CAAC;AACvD,OAAO,KAAK,EACX,YAAY,EAEZ,WAAW,EACX,SAAS,EACT,MAAM,iBAAiB,CAAC;AAMzB,OAAO,EACN,KAAK,cAAc,EAEnB,MAAM,qCAAqC,CAAC;AAC7C,OAAO,KAAK,EAEX,iBAAiB,EACjB,MAAM,yBAAyB,CAAC;AAEjC,MAAM,MAAM,gBAAgB,GAAG;IAC9B,YAAY,EAAE,YAAY,CAAC;IAC3B,UAAU,EAAE,cAAc,EAAE,CAAC;IAG7B,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC9B,CAAC;AAEF,KAAK,sBAAsB,GAAG,gBAAgB,GAAG;IAChD,UAAU,EAAE,SAAS,EAAE,CAAC;CACxB,CAAC;AAEF,KAAK,sBAAsB,GAAG,sBAAsB,EAAE,CAAC;AAIvD,KAAK,iBAAiB,GAAG,OAAO,CAAC,gBAAgB,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;AAE1E,qBAAa,mBAAoB,YAAW,WAAW,CAAC,iBAAiB,CAAC;IAExE,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM;gBADN,iBAAiB,EAAE,iBAAiB,EACpC,MAAM,EAAE,MAAM;IAGzB,oBAAoB,IAAI,iBAAiB;IAY1C,cAAc,CACnB,IAAI,EAAE,sBAAsB,EAC5B,MAAM,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,mBAAmB,CAAC;cAwDf,gBAAgB,CAC/B,MAAM,EAAE,sBAAsB,GAC5B,OAAO,CAAC,MAAM,EAAE,CAAC;cAQJ,gBAAgB,CAC/B,KAAK,EAAE,sBAAsB,GAC3B,OAAO,CAAC,MAAM,EAAE,CAAC;CAiCpB"}

package/dist/api/write/insertRules.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"insertRules.js","sourceRoot":"","sources":["../../../src/api/write/insertRules.ts"],"names":[],"mappings":"AAcA,OAAO,EAGN,yBAAyB,GACzB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,QAAQ,EAAe,MAAM,iBAAiB,CAAC;AACxD,OAAO,~~EAAgB~~,CAAC,EAAE,MAAM,KAAK,CAAC;~~AAOtC~~,OAAO,EACN,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,GACpB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAEN,cAAc,GACd,MAAM,qCAAqC,CAAC;~~AAwB7C~~,MAAM,OAAO,mBAAmB;IAC/B,YACkB,iBAAoC,EACpC,MAAc;QADd,sBAAiB,GAAjB,iBAAiB,CAAmB;QACpC,WAAM,GAAN,MAAM,CAAQ;IAC7B,CAAC;IAEG,oBAAoB;QAC1B,OAAO,CAAC,CAAC,KAAK,CACb,CAAC,CAAC,MAAM,CAAC;YACR,YAAY,EAAE,iBAAiB;YAC/B,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,QAAQ,EAAE;YAClD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC9B,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC;YACnC,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;SACP,CAAC,CACtC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,cAAc,CACnB,IAA4B,EAC5B,MAAe;QAEf,MAAM,GAAG,GAAG,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC;QAElC,MAAM,cAAc,GAAG,IAAI,OAAO,CAAsB,CAAC,OAAO,EAAE,EAAE;YACnE,UAAU,CAAC,GAAG,EAAE;gBACf,OAAO,CAAC;oBACP,MAAM,EAAE,yBAAyB,CAAC,UAAU;iBAC5C,CAAC,CAAC;YACJ,CAAC,EAAE,IAAI,CAAC,CAAC;QACV,CAAC,CAAC,CAAC;QAEH,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAClC,CAAC,eAAe,EAAE,KAAK,EAAE,EAAE,CAAC,eAAe,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,EACrE,CAAC,CACD,CAAC;QAEF,MAAM,kBAAkB,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;aACpD,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE;YACrB,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBACf,GAAG,EAAE,gCAAgC;gBACrC,IAAI,EAAE;oBACL,eAAe,EAAE,eAAe;oBAChC,aAAa,EAAE,WAAW,CAAC,MAAM;oBACjC,cAAc,EAAE,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC,IAAI;iBACzC;aACD,CAAC,CAAC,CAAC;YAEJ,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;gBAChB,GAAG,EAAE,+BAA+B;gBACpC,IAAI,EAAE;oBACL,WAAW;oBACX,KAAK,EAAE,IAAI;iBACX;aACD,CAAC,CAAC,CAAC;YAEJ,OAAO;gBACN,MAAM,EAAE,yBAAyB,CAAC,OAAO;aACzC,CAAC;QACH,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YAChB,IAAI,QAAQ,CAAC,IAAI,CAAC,KAAK,KAAK,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC;gBAC/C,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;oBAChB,GAAG,EAAE,KAAK;oBACV,IAAI,EAAE,EAAE,IAAI,EAAE;oBACd,GAAG,EAAE,+BAA+B;iBACpC,CAAC,CAAC,CAAC;YACL,CAAC;YACD,OAAO;gBACN,MAAM,EAAE,yBAAyB,CAAC,IAAI;aACtC,CAAC;QACH,CAAC,CAAC,CAAC;QAGJ,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAC3D,CAAC;IAES,KAAK,CAAC,gBAAgB,CAC/B,MAA8B;QAE9B,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC;QAE3E,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAErD,OAAO,UAAU,CAAC,IAAI,EAAE,CAAC;IAC1B,CAAC;IAES,KAAK,CAAC,gBAAgB,CAC/B,KAA6B;QAE7B,MAAM,WAAW,GAAsB,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,KAAK,CAAC,YAAY,IAAI,EAAE,CAAC;QAE9C,MAAM,eAAe,GAAG,oBAAoB,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAEjE,KAAK,MAAM,SAAS,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;YAC1C,MAAM,QAAQ,GAAe;gBAC5B,GAAG,eAAe;gBAClB,GAAG,SAAS;gBACZ,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACpD,CAAC;YAEF,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7B,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;oBACxC,WAAW,CAAC,IAAI,CAAC;wBAChB,IAAI,EAAE;4BACL,GAAG,QAAQ;4BACX,GAAG,WAAW;yBACd;wBACD,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;qBAChD,CAAC,CAAC;gBACJ,CAAC;YACF,CAAC;iBAAM,CAAC;gBACP,WAAW,CAAC,IAAI,CAAC;oBAChB,IAAI,EAAE,QAAQ;oBACd,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;iBAChD,CAAC,CAAC;YACJ,CAAC;QACF,CAAC;QAED,OAAO,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;IACxD,CAAC;CACD"}
1	+ {"version":3,"file":"insertRules.js","sourceRoot":"","sources":["../../../src/api/write/insertRules.ts"],"names":[],"mappings":"AAcA,OAAO,EAGN,yBAAyB,GACzB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,QAAQ,EAAe,MAAM,iBAAiB,CAAC;AACxD,OAAO,EAAiC,CAAC,EAAE,MAAM,KAAK,CAAC;AAOvD,OAAO,EACN,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,GACpB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAEN,cAAc,GACd,MAAM,qCAAqC,CAAC;AA0B7C,MAAM,OAAO,mBAAmB;IAC/B,YACkB,iBAAoC,EACpC,MAAc;QADd,sBAAiB,GAAjB,iBAAiB,CAAmB;QACpC,WAAM,GAAN,MAAM,CAAQ;IAC7B,CAAC;IAEG,oBAAoB;QAC1B,OAAO,CAAC,CAAC,KAAK,CACb,CAAC,CAAC,MAAM,CAAC;YACR,YAAY,EAAE,iBAAiB;YAC/B,YAAY,EAAE,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,QAAQ,EAAE;YAClD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC9B,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC;YACnC,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;SACP,CAAC,CACtC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,cAAc,CACnB,IAA4B,EAC5B,MAAe;QAEf,MAAM,GAAG,GAAG,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC;QAElC,MAAM,cAAc,GAAG,IAAI,OAAO,CAAsB,CAAC,OAAO,EAAE,EAAE;YACnE,UAAU,CAAC,GAAG,EAAE;gBACf,OAAO,CAAC;oBACP,MAAM,EAAE,yBAAyB,CAAC,UAAU;iBAC5C,CAAC,CAAC;YACJ,CAAC,EAAE,IAAI,CAAC,CAAC;QACV,CAAC,CAAC,CAAC;QAEH,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAClC,CAAC,eAAe,EAAE,KAAK,EAAE,EAAE,CAAC,eAAe,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,EACrE,CAAC,CACD,CAAC;QAEF,MAAM,kBAAkB,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC;aACpD,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE;YACrB,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBACf,GAAG,EAAE,gCAAgC;gBACrC,IAAI,EAAE;oBACL,eAAe,EAAE,eAAe;oBAChC,aAAa,EAAE,WAAW,CAAC,MAAM;oBACjC,cAAc,EAAE,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC,IAAI;iBACzC;aACD,CAAC,CAAC,CAAC;YAEJ,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;gBAChB,GAAG,EAAE,+BAA+B;gBACpC,IAAI,EAAE;oBACL,WAAW;oBACX,KAAK,EAAE,IAAI;iBACX;aACD,CAAC,CAAC,CAAC;YAEJ,OAAO;gBACN,MAAM,EAAE,yBAAyB,CAAC,OAAO;aACzC,CAAC;QACH,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YAChB,IAAI,QAAQ,CAAC,IAAI,CAAC,KAAK,KAAK,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC;gBAC/C,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;oBAChB,GAAG,EAAE,KAAK;oBACV,IAAI,EAAE,EAAE,IAAI,EAAE;oBACd,GAAG,EAAE,+BAA+B;iBACpC,CAAC,CAAC,CAAC;YACL,CAAC;YACD,OAAO;gBACN,MAAM,EAAE,yBAAyB,CAAC,IAAI;aACtC,CAAC;QACH,CAAC,CAAC,CAAC;QAGJ,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC,CAAC;IAC3D,CAAC;IAES,KAAK,CAAC,gBAAgB,CAC/B,MAA8B;QAE9B,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC;QAE3E,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAErD,OAAO,UAAU,CAAC,IAAI,EAAE,CAAC;IAC1B,CAAC;IAES,KAAK,CAAC,gBAAgB,CAC/B,KAA6B;QAE7B,MAAM,WAAW,GAAsB,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,KAAK,CAAC,YAAY,IAAI,EAAE,CAAC;QAE9C,MAAM,eAAe,GAAG,oBAAoB,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAEjE,KAAK,MAAM,SAAS,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;YAC1C,MAAM,QAAQ,GAAe;gBAC5B,GAAG,eAAe;gBAClB,GAAG,SAAS;gBACZ,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACpD,CAAC;YAEF,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7B,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;oBACxC,WAAW,CAAC,IAAI,CAAC;wBAChB,IAAI,EAAE;4BACL,GAAG,QAAQ;4BACX,GAAG,WAAW;yBACd;wBACD,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;qBAChD,CAAC,CAAC;gBACJ,CAAC;YACF,CAAC;iBAAM,CAAC;gBACP,WAAW,CAAC,IAAI,CAAC;oBAChB,IAAI,EAAE,QAAQ;oBACd,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;iBAChD,CAAC,CAAC;YACJ,CAAC;QACF,CAAC;QAED,OAAO,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;IACxD,CAAC;CACD"}

package/dist/cjs/mongoose/mongooseRuleSchema.cjs CHANGED Viewed

@@ -29,7 +29,8 @@ const accessPolicySchema = {
   imageThreshold: { type: Number, required: false },
   powDifficulty: { type: Number, required: false },
   unsolvedImagesCount: { type: Number, required: false },
-  frictionlessScore: { type: Number, required: false }
+  frictionlessScore: { type: Number, required: false },
+  deferToVerify: { type: Boolean, required: false }
 };
 const accessRuleMongooseSchema = {
   ...accessPolicySchema,

package/dist/cjs/redis/reader/redisAggregate.cjs CHANGED Viewed

@@ -4,19 +4,36 @@ const zod = require("zod");
 const redisRulesQuery = require("./redisRulesQuery.cjs");
 const redisClient = require("../redisClient.cjs");
 const redisRuleIndex = require("../redisRuleIndex.cjs");
-const aggregateRedisKeys = async (client, query, logger, batchHandler) => {
+const aggregateRedisKeys = async (client, query, logger, batchHandler, maxKeys) => {
   const keyField = "__key";
   const recordSchema = zod.z.object({
     // it's a reserved name for the record key
     [keyField]: zod.z.string()
   });
   const foundKeys = [];
+  let stopRequested = false;
   const addRecordKeys = async (records) => {
+    if (stopRequested) {
+      return;
+    }
     const parsedRecords = redisClient.parseRedisRecords(records, recordSchema, logger);
     const recordKeys = parsedRecords.map((record) => record[keyField]);
     if (batchHandler) {
       await batchHandler(recordKeys);
     } else {
+      if (maxKeys !== void 0 && foundKeys.length + recordKeys.length > maxKeys) {
+        const remaining = Math.max(0, maxKeys - foundKeys.length);
+        foundKeys.push(...recordKeys.slice(0, remaining));
+        stopRequested = true;
+        logger.warn(() => ({
+          msg: "Redis aggregation candidate cap hit; truncating result set. This can suppress less-frequent rules and should be investigated.",
+          data: {
+            maxKeys,
+            query
+          }
+        }));
+        return;
+      }
       foundKeys.push(...recordKeys);
       logger.debug(() => ({
         msg: "Processed aggregation batch",
@@ -35,11 +52,12 @@ const aggregateRedisKeys = async (client, query, logger, batchHandler) => {
       COUNT: redisClient.REDIS_BATCH_SIZE,
       LOAD: `@${keyField}`
     },
-    addRecordKeys
+    addRecordKeys,
+    () => stopRequested
   );
   return foundKeys;
 };
-const executeAggregation = async (client, query, aggregateOptions, handleBatch) => {
+const executeAggregation = async (client, query, aggregateOptions, handleBatch, shouldStop) => {
   const initialReply = await client.ft.aggregateWithCursor(
     redisRuleIndex.ACCESS_RULES_REDIS_INDEX_NAME,
     query,
@@ -47,7 +65,7 @@ const executeAggregation = async (client, query, aggregateOptions, handleBatch)
   );
   await handleBatch(initialReply.results);
   let cursor = initialReply.cursor;
-  while (0 !== cursor) {
+  while (0 !== cursor && !shouldStop?.()) {
     const batchReply = await client.ft.cursorRead(
       redisRuleIndex.ACCESS_RULES_REDIS_INDEX_NAME,
       cursor,

package/dist/cjs/redis/reader/redisRulesReader.cjs CHANGED Viewed

@@ -24,6 +24,7 @@ function _interopNamespaceDefault(e) {
   return Object.freeze(n);
 }
 const util__namespace = /* @__PURE__ */ _interopNamespaceDefault(util);
+const FIND_RULES_MAX_CANDIDATES = redisClient.REDIS_BATCH_SIZE * 10;
 class RedisRulesReader {
   constructor(client, logger) {
     this.client = client;
@@ -53,39 +54,32 @@ class RedisRulesReader {
       return [];
     }
     try {
-      const searchReply = await this.client.ft.searchNoContent(
-        redisRuleIndex.ACCESS_RULES_REDIS_INDEX_NAME,
+      const ruleKeys = await redisAggregate.aggregateRedisKeys(
+        this.client,
         query,
-        {
-          DIALECT: redisRulesQuery.REDIS_QUERY_DIALECT,
-          // FT.search doesn't support "unlimited" selects
-          LIMIT: {
-            from: 0,
-            size: redisClient.REDIS_BATCH_SIZE
-          }
-        }
+        this.logger,
+        void 0,
+        FIND_RULES_MAX_CANDIDATES
       );
-      if (searchReply.total > 0) {
-        this.logger.debug(() => ({
-          msg: "Executed search query",
-          data: {
-            inspect: util__namespace.inspect(
-              {
-                filter,
-                searchReply,
-                query
-              },
-              { depth: null }
-            )
-          }
-        }));
-      }
-      if (searchReply.documents.length === 0) {
+      if (ruleKeys.length === 0) {
         return [];
       }
+      this.logger.debug(() => ({
+        msg: "Executed search query",
+        data: {
+          inspect: util__namespace.inspect(
+            {
+              filter,
+              foundCount: ruleKeys.length,
+              query
+            },
+            { depth: null }
+          )
+        }
+      }));
       const { records } = await redisClient.fetchRedisHashRecords(
         this.client,
-        searchReply.documents,
+        ruleKeys,
         this.logger
       );
       const nonEmptyRecords = records.filter(
@@ -236,4 +230,5 @@ class DummyRedisRulesReader {
   }
 }
 exports.DummyRedisRulesReader = DummyRedisRulesReader;
+exports.FIND_RULES_MAX_CANDIDATES = FIND_RULES_MAX_CANDIDATES;
 exports.RedisRulesReader = RedisRulesReader;

package/dist/cjs/ruleInput/policyInput.cjs CHANGED Viewed

@@ -16,7 +16,11 @@ const accessPolicyInput = zod.z.object({
   // the number of unsolved image CAPTCHA challenges to serve
   unsolvedImagesCount: zod.z.coerce.number().optional(),
   // used to increase the user's score
-  frictionlessScore: zod.z.coerce.number().optional()
+  frictionlessScore: zod.z.coerce.number().optional(),
+  // Skip the request-time block middleware and only fire at verify.
+  // Redis stores booleans as strings — preprocess so "true"/"false"
+  // round-trip to the JS boolean the matcher expects.
+  deferToVerify: zod.z.preprocess((v) => typeof v === "string" ? v === "true" : v, zod.z.boolean()).optional()
 });
 const sanitizeAccessPolicy = (policy) => {
   if (policy.type === rule.AccessPolicyType.Block) {

package/dist/cjs/ruleInput/userScopeInput.cjs CHANGED Viewed

@@ -41,7 +41,7 @@ const userIpInput = zod.z.object({
     numericUserIp.numericIp = util.getIPAddress(ip).bigInt();
   }
   if ("string" === typeof ipMask) {
-    const ipObject = new ipAddress.Address4(ipMask);
+    const ipObject = ipAddress.Address4.isValid(ipMask) ? new ipAddress.Address4(ipMask) : new ipAddress.Address6(ipMask);
     numericUserIp.numericIpMaskMin = ipObject.startAddress().bigInt();
     numericUserIp.numericIpMaskMax = ipObject.endAddress().bigInt();
   }

package/dist/cjs/transformRule.cjs CHANGED Viewed

@@ -8,6 +8,7 @@ const policyInput = require("./ruleInput/policyInput.cjs");
 const ruleInput = require("./ruleInput/ruleInput.cjs");
 const userScopeInput = require("./ruleInput/userScopeInput.cjs");
 const RULE_HASH_ALGORITHM = "md5";
+const MAX_IPV4_NUMERIC = (1n << 32n) - 1n;
 const makeAccessRuleHash = (rule) => {
   const valueProperties = Object.entries(rule).filter(
     ([key, value]) => "undefined" !== typeof value
@@ -62,7 +63,7 @@ const hashObject = (object, algorithm) => crypto.createHash(algorithm).update(
     )
   )
 ).digest("hex");
-const getStringIpFromNumeric = (numericIp) => ipAddress.Address4.fromInteger(Number(numericIp)).address;
+const getStringIpFromNumeric = (numericIp) => numericIp > MAX_IPV4_NUMERIC ? ipAddress.Address6.fromBigInt(numericIp).correctForm() : ipAddress.Address4.fromInteger(Number(numericIp)).address;
 const getCidrFromNumericIpRange = (startIp, endIp) => {
   const ipRange = new cidrCalc.IpRange(
     cidrCalc.IpAddress.of(getStringIpFromNumeric(startIp)),

package/dist/mongoose/mongooseRuleSchema.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"mongooseRuleSchema.d.ts","sourceRoot":"","sources":["../../src/mongoose/mongooseRuleSchema.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAEjD,OAAO,KAAK,EACX,gBAAgB,EAIhB,MAAM,uBAAuB,CAAC;~~AAsC~~/B,eAAO,MAAM,wBAAwB,EAAE,gBAAgB,CAAC,gBAAgB,CAKtC,CAAC"}
1	+ {"version":3,"file":"mongooseRuleSchema.d.ts","sourceRoot":"","sources":["../../src/mongoose/mongooseRuleSchema.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAEjD,OAAO,KAAK,EACX,gBAAgB,EAIhB,MAAM,uBAAuB,CAAC;AAuC/B,eAAO,MAAM,wBAAwB,EAAE,gBAAgB,CAAC,gBAAgB,CAKtC,CAAC"}

package/dist/mongoose/mongooseRuleSchema.js CHANGED Viewed

@@ -27,7 +27,8 @@ const accessPolicySchema = {
   imageThreshold: { type: Number, required: false },
   powDifficulty: { type: Number, required: false },
   unsolvedImagesCount: { type: Number, required: false },
-  frictionlessScore: { type: Number, required: false }
+  frictionlessScore: { type: Number, required: false },
+  deferToVerify: { type: Boolean, required: false }
 };
 const accessRuleMongooseSchema = {
   ...accessPolicySchema,

package/dist/mongoose/mongooseRuleSchema.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"mongooseRuleSchema.js","sourceRoot":"","sources":["../../src/mongoose/mongooseRuleSchema.ts"],"names":[],"mappings":"AAwBA,MAAM,oBAAoB,GAA2C;IACpE,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACzC,OAAO,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC1C,SAAS,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC5C,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC9C,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC3C,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACzC,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC9C,GAAG,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;CACE,CAAC;AAE1C,MAAM,YAAY,GAAmC;IACpD,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACrC,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;CACT,CAAC;AAElC,MAAM,eAAe,GAAsC;IAC1D,GAAG,oBAAoB;IACvB,GAAG,YAAY;CACiB,CAAC;AAElC,MAAM,iBAAiB,GAAkC;IACxD,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;CACZ,CAAC;AAEjC,MAAM,kBAAkB,GAAmC;IAC1D,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;IACtC,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC9C,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC9C,iBAAiB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACpD,cAAc,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACjD,aAAa,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAChD,mBAAmB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACtD,iBAAiB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;~~CACpB~~,CAAC;AAElC,MAAM,CAAC,MAAM,wBAAwB,GAAuC;IAC3E,GAAG,kBAAkB;IACrB,GAAG,iBAAiB;IACpB,GAAG,eAAe;IAClB,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;CACb,CAAC"}
1	+ {"version":3,"file":"mongooseRuleSchema.js","sourceRoot":"","sources":["../../src/mongoose/mongooseRuleSchema.ts"],"names":[],"mappings":"AAwBA,MAAM,oBAAoB,GAA2C;IACpE,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACzC,OAAO,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC1C,SAAS,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC5C,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC9C,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC3C,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACzC,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC9C,GAAG,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;CACE,CAAC;AAE1C,MAAM,YAAY,GAAmC;IACpD,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACrC,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;CACT,CAAC;AAElC,MAAM,eAAe,GAAsC;IAC1D,GAAG,oBAAoB;IACvB,GAAG,YAAY;CACiB,CAAC;AAElC,MAAM,iBAAiB,GAAkC;IACxD,QAAQ,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;CACZ,CAAC;AAEjC,MAAM,kBAAkB,GAAmC;IAC1D,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE;IACtC,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC9C,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAC9C,iBAAiB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACpD,cAAc,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACjD,aAAa,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IAChD,mBAAmB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACtD,iBAAiB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;IACpD,aAAa,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE;CACjB,CAAC;AAElC,MAAM,CAAC,MAAM,wBAAwB,GAAuC;IAC3E,GAAG,kBAAkB;IACrB,GAAG,iBAAiB;IACpB,GAAG,eAAe;IAClB,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE;CACb,CAAC"}

package/dist/redis/reader/redisAggregate.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
 import type { Logger } from "@prosopo/logger";
 import type { RedisClientType } from "redis";
-export declare const aggregateRedisKeys: (client: RedisClientType, query: string, logger: Logger, batchHandler?: (keys: string[]) => Promise<void>) => Promise<string[]>;
+export declare const aggregateRedisKeys: (client: RedisClientType, query: string, logger: Logger, batchHandler?: (keys: string[]) => Promise<void>, maxKeys?: number) => Promise<string[]>;
 //# sourceMappingURL=redisAggregate.d.ts.map

package/dist/redis/reader/redisAggregate.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"redisAggregate.d.ts","sourceRoot":"","sources":["../../../src/redis/reader/redisAggregate.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAE9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;AAU7C,eAAO,MAAM,kBAAkB,WACtB,eAAe,SAChB,MAAM,UACL,MAAM,iBACC,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,~~KAC9C~~,OAAO,CAAC,MAAM,EAAE,~~CA0ClB~~,CAAC"}
1	+ {"version":3,"file":"redisAggregate.d.ts","sourceRoot":"","sources":["../../../src/redis/reader/redisAggregate.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAE9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;AAU7C,eAAO,MAAM,kBAAkB,WACtB,eAAe,SAChB,MAAM,UACL,MAAM,iBACC,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,YACtC,MAAM,KACd,OAAO,CAAC,MAAM,EAAE,CAkElB,CAAC"}

package/dist/redis/reader/redisAggregate.js CHANGED Viewed

@@ -2,19 +2,36 @@ import { z } from "zod";
 import { REDIS_QUERY_DIALECT } from "./redisRulesQuery.js";
 import { parseRedisRecords, REDIS_BATCH_SIZE } from "../redisClient.js";
 import { ACCESS_RULES_REDIS_INDEX_NAME } from "../redisRuleIndex.js";
-const aggregateRedisKeys = async (client, query, logger, batchHandler) => {
+const aggregateRedisKeys = async (client, query, logger, batchHandler, maxKeys) => {
   const keyField = "__key";
   const recordSchema = z.object({
     // it's a reserved name for the record key
     [keyField]: z.string()
   });
   const foundKeys = [];
+  let stopRequested = false;
   const addRecordKeys = async (records) => {
+    if (stopRequested) {
+      return;
+    }
     const parsedRecords = parseRedisRecords(records, recordSchema, logger);
     const recordKeys = parsedRecords.map((record) => record[keyField]);
     if (batchHandler) {
       await batchHandler(recordKeys);
     } else {
+      if (maxKeys !== void 0 && foundKeys.length + recordKeys.length > maxKeys) {
+        const remaining = Math.max(0, maxKeys - foundKeys.length);
+        foundKeys.push(...recordKeys.slice(0, remaining));
+        stopRequested = true;
+        logger.warn(() => ({
+          msg: "Redis aggregation candidate cap hit; truncating result set. This can suppress less-frequent rules and should be investigated.",
+          data: {
+            maxKeys,
+            query
+          }
+        }));
+        return;
+      }
       foundKeys.push(...recordKeys);
       logger.debug(() => ({
         msg: "Processed aggregation batch",
@@ -33,11 +50,12 @@ const aggregateRedisKeys = async (client, query, logger, batchHandler) => {
       COUNT: REDIS_BATCH_SIZE,
       LOAD: `@${keyField}`
     },
-    addRecordKeys
+    addRecordKeys,
+    () => stopRequested
   );
   return foundKeys;
 };
-const executeAggregation = async (client, query, aggregateOptions, handleBatch) => {
+const executeAggregation = async (client, query, aggregateOptions, handleBatch, shouldStop) => {
   const initialReply = await client.ft.aggregateWithCursor(
     ACCESS_RULES_REDIS_INDEX_NAME,
     query,
@@ -45,7 +63,7 @@ const executeAggregation = async (client, query, aggregateOptions, handleBatch)
   );
   await handleBatch(initialReply.results);
   let cursor = initialReply.cursor;
-  while (0 !== cursor) {
+  while (0 !== cursor && !shouldStop?.()) {
     const batchReply = await client.ft.cursorRead(
       ACCESS_RULES_REDIS_INDEX_NAME,
       cursor,

package/dist/redis/reader/redisAggregate.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"redisAggregate.js","sourceRoot":"","sources":["../../../src/redis/reader/redisAggregate.ts"],"names":[],"mappings":"AAiBA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,mBAAmB,EAAE,MAAM,yCAAyC,CAAC;AAC9E,OAAO,EACN,gBAAgB,EAChB,iBAAiB,GACjB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,6BAA6B,EAAE,MAAM,iCAAiC,CAAC;AAGhF,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACtC,MAAuB,EACvB,KAAa,EACb,MAAc,EACd,YAAgD,~~EAC5B~~,EAAE;IACtB,MAAM,QAAQ,GAAG,OAAO,CAAC;IAEzB,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;QAE7B,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE;KACtB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAa,EAAE,CAAC;~~IAE~~/B,MAAM,aAAa,GAAG,KAAK,EAAE,OAAiB,EAAE,EAAE;QACjD,MAAM,aAAa,GAAG,iBAAiB,CAAC,OAAO,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;QAEvE,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAEnE,IAAI,YAAY,EAAE,CAAC;YAClB,MAAM,YAAY,CAAC,UAAU,CAAC,CAAC;QAChC,CAAC;aAAM,CAAC;YACP,SAAS,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;YAE9B,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;gBACnB,GAAG,EAAE,6BAA6B;gBAClC,IAAI,EAAE;oBACL,IAAI,EAAE,UAAU,CAAC,MAAM;iBACvB;aACD,CAAC,CAAC,CAAC;QACL,CAAC;IACF,CAAC,CAAC;IAEF,MAAM,kBAAkB,CACvB,MAAM,EACN,KAAK,EACL;QAEC,OAAO,EAAE,mBAAmB;QAC5B,KAAK,EAAE,gBAAgB;QACvB,IAAI,EAAE,IAAI,QAAQ,EAAE;KACpB,EACD,aAAa,~~CACb~~,CAAC;IAEF,OAAO,SAAS,CAAC;AAClB,CAAC,CAAC;AAEF,MAAM,kBAAkB,GAAG,KAAK,EAC/B,MAAuB,EACvB,KAAa,EACb,gBAA8C,EAC9C,WAAiD,~~EACjC~~,EAAE;IAClB,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,EAAE,CAAC,mBAAmB,CACvD,6BAA6B,EAC7B,KAAK,EACL,gBAAgB,CAChB,CAAC;IAEF,MAAM,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IAExC,IAAI,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;IAEjC,OAAO,CAAC,KAAK,MAAM,EAAE,CAAC;~~QACrB~~,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,EAAE,CAAC,UAAU,CAC5C,6BAA6B,EAC7B,MAAM,EACN,EAAE,KAAK,EAAE,gBAAgB,CAAC,KAAK,EAAE,CACjC,CAAC;QAEF,MAAM,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAEtC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;IAC5B,CAAC;AACF,CAAC,CAAC"}
1	+ {"version":3,"file":"redisAggregate.js","sourceRoot":"","sources":["../../../src/redis/reader/redisAggregate.ts"],"names":[],"mappings":"AAiBA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,mBAAmB,EAAE,MAAM,yCAAyC,CAAC;AAC9E,OAAO,EACN,gBAAgB,EAChB,iBAAiB,GACjB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,6BAA6B,EAAE,MAAM,iCAAiC,CAAC;AAGhF,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,EACtC,MAAuB,EACvB,KAAa,EACb,MAAc,EACd,YAAgD,EAChD,OAAgB,EACI,EAAE;IACtB,MAAM,QAAQ,GAAG,OAAO,CAAC;IAEzB,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;QAE7B,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE;KACtB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,IAAI,aAAa,GAAG,KAAK,CAAC;IAE1B,MAAM,aAAa,GAAG,KAAK,EAAE,OAAiB,EAAE,EAAE;QACjD,IAAI,aAAa,EAAE,CAAC;YACnB,OAAO;QACR,CAAC;QAED,MAAM,aAAa,GAAG,iBAAiB,CAAC,OAAO,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;QAEvE,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAEnE,IAAI,YAAY,EAAE,CAAC;YAClB,MAAM,YAAY,CAAC,UAAU,CAAC,CAAC;QAChC,CAAC;aAAM,CAAC;YACP,IACC,OAAO,KAAK,SAAS;gBACrB,SAAS,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,GAAG,OAAO,EAC7C,CAAC;gBACF,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;gBAC1D,SAAS,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;gBAClD,aAAa,GAAG,IAAI,CAAC;gBAErB,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;oBAClB,GAAG,EAAE,+HAA+H;oBACpI,IAAI,EAAE;wBACL,OAAO;wBACP,KAAK;qBACL;iBACD,CAAC,CAAC,CAAC;gBACJ,OAAO;YACR,CAAC;YAED,SAAS,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;YAE9B,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;gBACnB,GAAG,EAAE,6BAA6B;gBAClC,IAAI,EAAE;oBACL,IAAI,EAAE,UAAU,CAAC,MAAM;iBACvB;aACD,CAAC,CAAC,CAAC;QACL,CAAC;IACF,CAAC,CAAC;IAEF,MAAM,kBAAkB,CACvB,MAAM,EACN,KAAK,EACL;QAEC,OAAO,EAAE,mBAAmB;QAC5B,KAAK,EAAE,gBAAgB;QACvB,IAAI,EAAE,IAAI,QAAQ,EAAE;KACpB,EACD,aAAa,EACb,GAAG,EAAE,CAAC,aAAa,CACnB,CAAC;IAEF,OAAO,SAAS,CAAC;AAClB,CAAC,CAAC;AAEF,MAAM,kBAAkB,GAAG,KAAK,EAC/B,MAAuB,EACvB,KAAa,EACb,gBAA8C,EAC9C,WAAiD,EACjD,UAA0B,EACV,EAAE;IAClB,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,EAAE,CAAC,mBAAmB,CACvD,6BAA6B,EAC7B,KAAK,EACL,gBAAgB,CAChB,CAAC;IAEF,MAAM,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IAExC,IAAI,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;IAEjC,OAAO,CAAC,KAAK,MAAM,IAAI,CAAC,UAAU,EAAE,EAAE,EAAE,CAAC;QACxC,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,EAAE,CAAC,UAAU,CAC5C,6BAA6B,EAC7B,MAAM,EACN,EAAE,KAAK,EAAE,gBAAgB,CAAC,KAAK,EAAE,CACjC,CAAC;QAEF,MAAM,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAEtC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC;IAC5B,CAAC;AACF,CAAC,CAAC"}

package/dist/redis/reader/redisRulesReader.d.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import type { Logger } from "@prosopo/logger";
 import type { RedisClientType } from "redis";
 import type { AccessRule } from "#policy/rule.js";
 import type { AccessRuleEntry, AccessRulesFilter, AccessRulesReader } from "#policy/rulesStorage.js";
+export declare const FIND_RULES_MAX_CANDIDATES: number;
 export declare class RedisRulesReader implements AccessRulesReader {
     private readonly client;
     private readonly logger;

package/dist/redis/reader/redisRulesReader.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"redisRulesReader.d.ts","sourceRoot":"","sources":["../../../src/redis/reader/redisRulesReader.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;~~AAe7C~~,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAElD,OAAO,KAAK,EACX,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,MAAM,yBAAyB,CAAC;~~AAGjC~~,qBAAa,gBAAiB,YAAW,iBAAiB;IAExD,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBADN,MAAM,EAAE,eAAe,EACvB,MAAM,EAAE,MAAM;IAG1B,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAcvD,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAazD,SAAS,CACd,MAAM,EAAE,iBAAiB,EACzB,kBAAkB,UAAQ,EAC1B,mBAAmB,UAAO,GACxB,OAAO,CAAC,UAAU,EAAE,CAAC;~~IA8ElB~~,WAAW,CAChB,MAAM,EAAE,iBAAiB,EACzB,kBAAkB,UAAQ,GACxB,OAAO,CAAC,MAAM,EAAE,CAAC;IAgDd,eAAe,CACpB,YAAY,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,GAChD,OAAO,CAAC,IAAI,CAAC;cAYA,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IA8B5E,SAAS,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE;CAGlD;AAED,qBAAa,qBAAsB,YAAW,iBAAiB;IAClD,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAErC,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAWvD,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAWzD,SAAS,CACd,MAAM,EAAE,iBAAiB,EACzB,kBAAkB,UAAQ,EAC1B,mBAAmB,UAAO,GACxB,OAAO,CAAC,UAAU,EAAE,CAAC;IAWlB,WAAW,CAChB,MAAM,EAAE,iBAAiB,EACzB,kBAAkB,UAAQ,GACxB,OAAO,CAAC,MAAM,EAAE,CAAC;IAWd,eAAe,CACpB,YAAY,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,GAChD,OAAO,CAAC,IAAI,CAAC;CAKhB"}
1	+ {"version":3,"file":"redisRulesReader.d.ts","sourceRoot":"","sources":["../../../src/redis/reader/redisRulesReader.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;AAS7C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAElD,OAAO,KAAK,EACX,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,MAAM,yBAAyB,CAAC;AAUjC,eAAO,MAAM,yBAAyB,QAAwB,CAAC;AAE/D,qBAAa,gBAAiB,YAAW,iBAAiB;IAExD,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBADN,MAAM,EAAE,eAAe,EACvB,MAAM,EAAE,MAAM;IAG1B,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAcvD,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAazD,SAAS,CACd,MAAM,EAAE,iBAAiB,EACzB,kBAAkB,UAAQ,EAC1B,mBAAmB,UAAO,GACxB,OAAO,CAAC,UAAU,EAAE,CAAC;IA6ElB,WAAW,CAChB,MAAM,EAAE,iBAAiB,EACzB,kBAAkB,UAAQ,GACxB,OAAO,CAAC,MAAM,EAAE,CAAC;IAgDd,eAAe,CACpB,YAAY,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,GAChD,OAAO,CAAC,IAAI,CAAC;cAYA,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IA8B5E,SAAS,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE;CAGlD;AAED,qBAAa,qBAAsB,YAAW,iBAAiB;IAClD,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAErC,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAWvD,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAWzD,SAAS,CACd,MAAM,EAAE,iBAAiB,EACzB,kBAAkB,UAAQ,EAC1B,mBAAmB,UAAO,GACxB,OAAO,CAAC,UAAU,EAAE,CAAC;IAWlB,WAAW,CAChB,MAAM,EAAE,iBAAiB,EACzB,kBAAkB,UAAQ,GACxB,OAAO,CAAC,MAAM,EAAE,CAAC;IAWd,eAAe,CACpB,YAAY,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,GAChD,OAAO,CAAC,IAAI,CAAC;CAKhB"}