@resistdesign/voltra 3.0.0-alpha.4 → 3.0.0-alpha.6

package/api/index.d.ts

@@ -1,4 +1,4 @@
-export { D as DAC, a as Indexing, b as ORM, c as Routing } from '../index-DZ2BB4iX.js';
+export { D as DAC, a as Indexing, b as ORM, c as Routing } from '../index-DbLgMAxB.js';
 import '@aws-sdk/client-dynamodb';
 import '@aws-sdk/client-s3';
 import '../SearchTypes-DjN6YQzE.js';

package/api/index.js

@@ -6110,7 +6110,7 @@ var getDACPathsMatch = (dacPath, resourcePath) => {
   }
   return results;
 };
-var getFlattenedDACConstraints = (role, getDACRoleById, dacRoleCache) => {
+var getFlattenedDACConstraints = async (role, getDACRoleById, dacRoleCache) => {
   const { childRoleIds = [], constraints = [] } = role;
   let flattenedConstraints = [...constraints];
   for (const cRI of childRoleIds) {
@@ -6118,20 +6118,22 @@ var getFlattenedDACConstraints = (role, getDACRoleById, dacRoleCache) => {
     if (dacRoleCache && dacRoleCache[cRI]) {
       childRole = dacRoleCache[cRI];
     } else {
-      childRole = getDACRoleById(cRI);
+      childRole = await getDACRoleById(cRI);
       if (dacRoleCache) {
         dacRoleCache[cRI] = childRole;
       }
     }
-    flattenedConstraints = [
-      ...flattenedConstraints,
-      ...getFlattenedDACConstraints(childRole, getDACRoleById, dacRoleCache)
-    ];
+    const childConstraints = await getFlattenedDACConstraints(
+      childRole,
+      getDACRoleById,
+      dacRoleCache
+    );
+    flattenedConstraints = [...flattenedConstraints, ...childConstraints];
   }
   return flattenedConstraints;
 };
-var getResourceAccessByDACRole = (fullResourcePath, role, getDACRoleById, dacRoleCache) => {
-  const flattenedConstraints = getFlattenedDACConstraints(
+var getResourceAccessByDACRole = async (fullResourcePath, role, getDACRoleById, dacRoleCache) => {
+  const flattenedConstraints = await getFlattenedDACConstraints(
     role,
     getDACRoleById,
     dacRoleCache
@@ -6272,7 +6274,7 @@ var getFullORMDACRole = (prefixPath = [], constraintType) => ({
     }
   ]
 });
-var getDACRoleHasAccessToDataItem = (prefixPath, operation, typeName, dataItem, typeInfo, role, getDACRoleById, dacRoleCache) => {
+var getDACRoleHasAccessToDataItem = async (prefixPath, operation, typeName, dataItem, typeInfo, role, getDACRoleById, dacRoleCache) => {
   const cleanItemPathPrefix = prefixPath ? prefixPath : [];
   const resultMap = {
     allowed: false,
@@ -6295,7 +6297,7 @@ var getDACRoleHasAccessToDataItem = (prefixPath, operation, typeName, dataItem,
         const {
           allowed: primaryResourceAllowed,
           denied: primaryResourceDenied
-        } = getResourceAccessByDACRole(
+        } = await getResourceAccessByDACRole(
           primaryResourcePath,
           role,
           getDACRoleById,
@@ -6316,7 +6318,7 @@ var getDACRoleHasAccessToDataItem = (prefixPath, operation, typeName, dataItem,
               const {
                 allowed: fieldResourceAllowed,
                 denied: fieldResourceDenied
-              } = getResourceAccessByDACRole(
+              } = await getResourceAccessByDACRole(
                 fieldResourcePath,
                 role,
                 getDACRoleById,
@@ -6378,9 +6380,9 @@ var executeDriverListItems = async (driver, config, filter, transform, selectedF
     filter ? void 0 : selectedFields
   );
   for (const itm of items) {
-    const includeItem = filter ? filter(itm) : true;
+    const includeItem = filter ? await filter(itm) : true;
     if (includeItem) {
-      const transformedItem = transform ? transform(itm) : itm;
+      const transformedItem = transform ? await transform(itm) : itm;
       filteredItems.push(transformedItem);
     }
   }
@@ -6500,13 +6502,17 @@ var TypeInfoORMService = class {
   }
   dacRoleCache = {};
   indexingRelationshipDriver;
-  getItemDACValidation = (item, typeName, typeOperation) => {
+  getItemDACValidation = async (item, typeName, typeOperation) => {
     const { useDAC } = this.config;
     if (useDAC) {
       const typeInfo = this.getTypeInfo(typeName);
       const { dacConfig } = this.config;
       const { itemResourcePathPrefix, accessingRole, getDACRoleById } = dacConfig;
-      return mergeDACDataItemResourceAccessResultMaps(
+      const [
+        typeOperationAccess,
+        allItemOperationsAccess,
+        allOperationsAccess
+      ] = await Promise.all([
         getDACRoleHasAccessToDataItem(
           itemResourcePathPrefix,
           typeOperation,
@@ -6537,6 +6543,11 @@ var TypeInfoORMService = class {
           getDACRoleById,
           this.dacRoleCache
         )
+      ]);
+      return mergeDACDataItemResourceAccessResultMaps(
+        typeOperationAccess,
+        allItemOperationsAccess,
+        allOperationsAccess
       );
     } else {
       return {
@@ -6546,12 +6557,16 @@ var TypeInfoORMService = class {
       };
     }
   };
-  getRelationshipDACValidation = (itemRelationship, relationshipOperation) => {
+  getRelationshipDACValidation = async (itemRelationship, relationshipOperation) => {
     const { useDAC } = this.config;
     if (useDAC) {
       const { dacConfig } = this.config;
       const { relationshipResourcePathPrefix, accessingRole, getDACRoleById } = dacConfig;
-      return mergeDACAccessResults(
+      const [
+        operationAccess,
+        allRelationshipOperationsAccess,
+        allOperationsAccess
+      ] = await Promise.all([
         getResourceAccessByDACRole(
           getItemRelationshipDACResourcePath(
             relationshipResourcePathPrefix,
@@ -6582,6 +6597,11 @@ var TypeInfoORMService = class {
           getDACRoleById,
           this.dacRoleCache
         )
+      ]);
+      return mergeDACAccessResults(
+        operationAccess,
+        allRelationshipOperationsAccess,
+        allOperationsAccess
       );
     } else {
       return {
@@ -6980,7 +7000,7 @@ var TypeInfoORMService = class {
    * */
   createRelationship = async (relationshipItem) => {
     this.validateRelationshipItem(relationshipItem);
-    const { allowed: createAllowed, denied: createDenied } = this.getRelationshipDACValidation(
+    const { allowed: createAllowed, denied: createDenied } = await this.getRelationshipDACValidation(
       relationshipItem,
       "SET" /* SET */
     );
@@ -7063,7 +7083,7 @@ var TypeInfoORMService = class {
    * */
   deleteRelationship = async (relationshipItem) => {
     this.validateRelationshipItem(relationshipItem);
-    const { allowed: deleteAllowed, denied: deleteDenied } = this.getRelationshipDACValidation(
+    const { allowed: deleteAllowed, denied: deleteDenied } = await this.getRelationshipDACValidation(
       relationshipItem,
       "UNSET" /* UNSET */
     );
@@ -7197,7 +7217,7 @@ var TypeInfoORMService = class {
       const { items = [], cursor: nextCursor } = results;
       const revisedItems = [];
       for (const rItm of items) {
-        const { allowed: readAllowed, denied: readDenied } = this.getRelationshipDACValidation(
+        const { allowed: readAllowed, denied: readDenied } = await this.getRelationshipDACValidation(
           rItm,
           "GET" /* GET */
         );
@@ -7264,7 +7284,7 @@ var TypeInfoORMService = class {
       allowed: createAllowed,
       denied: createDenied,
       fieldsResources = {}
-    } = this.getItemDACValidation(item, typeName, "CREATE" /* CREATE */);
+    } = await this.getItemDACValidation(item, typeName, "CREATE" /* CREATE */);
     if (createDenied || !createAllowed) {
       throw {
         message: "INVALID_OPERATION" /* INVALID_OPERATION */,
@@ -7310,7 +7330,7 @@ var TypeInfoORMService = class {
       allowed: readAllowed,
       denied: readDenied,
       fieldsResources = {}
-    } = this.getItemDACValidation(item, typeName, "READ" /* READ */);
+    } = await this.getItemDACValidation(item, typeName, "READ" /* READ */);
     if (readDenied || !readAllowed) {
       throw {
         message: "INVALID_OPERATION" /* INVALID_OPERATION */,
@@ -7359,7 +7379,7 @@ var TypeInfoORMService = class {
         allowed: updateAllowed,
         denied: updateDenied,
         fieldsResources = {}
-      } = this.getItemDACValidation(
+      } = await this.getItemDACValidation(
         initialCleanItem,
         typeName,
         "UPDATE" /* UPDATE */
@@ -7371,7 +7391,7 @@ var TypeInfoORMService = class {
           item
         };
       } else {
-        const { fieldsResources: fieldsResourcesForDeleteOperation = {} } = this.getItemDACValidation(
+        const { fieldsResources: fieldsResourcesForDeleteOperation = {} } = await this.getItemDACValidation(
           initialCleanItem,
           typeName,
           "DELETE" /* DELETE */
@@ -7427,7 +7447,11 @@ var TypeInfoORMService = class {
     this.validate(typeName, itemWithPrimaryFieldOnly, "DELETE" /* DELETE */);
     const driver = this.getDriverInternal(typeName);
     const existingItem = await driver.readItem(primaryFieldValue);
-    const { allowed: deleteAllowed, denied: deleteDenied } = this.getItemDACValidation(existingItem, typeName, "DELETE" /* DELETE */);
+    const { allowed: deleteAllowed, denied: deleteDenied } = await this.getItemDACValidation(
+      existingItem,
+      typeName,
+      "DELETE" /* DELETE */
+    );
     if (deleteDenied || !deleteAllowed) {
       throw {
         message: "INVALID_OPERATION" /* INVALID_OPERATION */,
@@ -7568,7 +7592,11 @@ var TypeInfoORMService = class {
                 allowed: readAllowed,
                 denied: readDenied,
                 fieldsResources = {}
-              } = this.getItemDACValidation(item, typeName, "READ" /* READ */);
+              } = await this.getItemDACValidation(
+                item,
+                typeName,
+                "READ" /* READ */
+              );
               const listDenied = readDenied || !readAllowed;
               if (listDenied) {
                 continue;
@@ -7606,12 +7634,16 @@ var TypeInfoORMService = class {
       const results = await executeDriverListItems(
         driver,
         config,
-        useDAC ? (item) => {
+        useDAC ? async (item) => {
           const {
             allowed: readAllowed,
             denied: readDenied,
             fieldsResources = {}
-          } = this.getItemDACValidation(item, typeName, "READ" /* READ */);
+          } = await this.getItemDACValidation(
+            item,
+            typeName,
+            "READ" /* READ */
+          );
           const listDenied = readDenied || !readAllowed;
           if (!listDenied) {
             fieldsResourcesCache.push(fieldsResources);

package/iac/index.d.ts

@@ -1,2 +1,2 @@
-export { i as Packs, b as Utils } from '../index-DcvJOZ_c.js';
-export { a as SimpleCFT, S as SimpleCFTModification } from '../index-BkFZlfit.js';
+export { i as Packs, b as Utils } from '../index-DgOzPKdr.js';
+export { a as SimpleCFT, S as SimpleCFTModification } from '../index-BjFkoQmK.js';

package/iac/index.js

@@ -1076,7 +1076,8 @@ var addCloudFunction = createResourcePack(
           ]
         }
       }
-    ]
+    ],
+    memorySize = 128
   }) => {
     return {
       Resources: {
@@ -1111,7 +1112,8 @@ var addCloudFunction = createResourcePack(
             Role: {
               "Fn::GetAtt": [`${id}Role`, "Arn"]
             },
-            Runtime: runtime
+            Runtime: runtime,
+            MemorySize: memorySize
           }
         }
       }

package/iac/packs/index.d.ts

@@ -1 +1 @@
-export { A as AddAuthConfig, g as AddBuildPipelineConfig, w as AddCDNConfig, F as AddCloudFunctionConfig, J as AddDNSConfig, H as AddDatabaseConfig, Q as AddGatewayAuthorizerConfig, T as AddGatewayConfig, V as AddRepoConfig, X as AddSSLCertificateConfig, M as AddSecureFileStorageConfig, r as ArtifactIdentifier, s as Artifacts, j as AtLeastOne, m as Batch, B as BuildPipelineRepoConfig, u as BuildSpec, k as COMMAND_HELPERS, t as Cache, z as CloudFunctionRuntime, f as CodeBuildComputeType, e as CodeBuildEnvironmentType, d as CustomCodeBuildString, O as DEFAULT_AUTH_TYPE, D as DEFAULT_BUILD_PIPELINE_REPO_PROVIDER, E as Env, L as LinuxUserNameString, y as PLACEHOLDER_FUNCTION_CODE, n as Phase, o as PhaseConfig, l as Proxy, p as ReportGroupNameOrArn, q as Reports, S as SecondaryArtifacts, Y as YesOrNo, c as addAuth, h as addBuildPipeline, x as addCDN, G as addCloudFunction, K as addDNS, I as addDatabase, U as addGateway, W as addRepo, Z as addSSLCertificate, N as addSecureFileStorage, v as createBuildSpec } from '../../index-DcvJOZ_c.js';
+export { A as AddAuthConfig, g as AddBuildPipelineConfig, w as AddCDNConfig, F as AddCloudFunctionConfig, J as AddDNSConfig, H as AddDatabaseConfig, Q as AddGatewayAuthorizerConfig, T as AddGatewayConfig, V as AddRepoConfig, X as AddSSLCertificateConfig, M as AddSecureFileStorageConfig, r as ArtifactIdentifier, s as Artifacts, j as AtLeastOne, m as Batch, B as BuildPipelineRepoConfig, u as BuildSpec, k as COMMAND_HELPERS, t as Cache, z as CloudFunctionRuntime, f as CodeBuildComputeType, e as CodeBuildEnvironmentType, d as CustomCodeBuildString, O as DEFAULT_AUTH_TYPE, D as DEFAULT_BUILD_PIPELINE_REPO_PROVIDER, E as Env, L as LinuxUserNameString, y as PLACEHOLDER_FUNCTION_CODE, n as Phase, o as PhaseConfig, l as Proxy, p as ReportGroupNameOrArn, q as Reports, S as SecondaryArtifacts, Y as YesOrNo, c as addAuth, h as addBuildPipeline, x as addCDN, G as addCloudFunction, K as addDNS, I as addDatabase, U as addGateway, W as addRepo, Z as addSSLCertificate, N as addSecureFileStorage, v as createBuildSpec } from '../../index-DgOzPKdr.js';

package/iac/packs/index.js

@@ -1035,7 +1035,8 @@ var addCloudFunction = createResourcePack(
           ]
         }
       }
-    ]
+    ],
+    memorySize = 128
   }) => {
     return {
       Resources: {
@@ -1070,7 +1071,8 @@ var addCloudFunction = createResourcePack(
             Role: {
               "Fn::GetAtt": [`${id}Role`, "Arn"]
             },
-            Runtime: runtime
+            Runtime: runtime,
+            MemorySize: memorySize
           }
         }
       }

package/{index-BkFZlfit.d.ts → index-BjFkoQmK.d.ts}

@@ -1,4 +1,4 @@
-import { C as CloudFormationTemplate, R as ResourcePackApplier, P as ParameterInfo, a as ParameterGroup, i as index$1, b as index$2 } from './index-DcvJOZ_c.js';
+import { C as CloudFormationTemplate, R as ResourcePackApplier, P as ParameterInfo, a as ParameterGroup, i as index$1, b as index$2 } from './index-DgOzPKdr.js';
 
 /**
  * @packageDocumentation

package/{index-DZ2BB4iX.d.ts → index-DbLgMAxB.d.ts}

@@ -3995,6 +3995,7 @@ declare namespace index$3 {
  * import {
  *   DACConstraintType,
  *   DACRole,
+ *   getResourceAccessByDACRole,
  *   WILDCARD_SIGNIFIER_PROTOTYPE,
  * } from "./DataAccessControl";
  *
@@ -4014,6 +4015,15 @@ declare namespace index$3 {
  *     },
  *   ],
  * };
+ *
+ * const getDACRoleById = async (id: string) =>
+ *   id === readerRole.id ? readerRole : readerRole;
+ *
+ * const access = await getResourceAccessByDACRole(
+ *   ["books", "public"],
+ *   readerRole,
+ *   getDACRoleById,
+ * );
  * ```
  */
 
@@ -4024,9 +4034,23 @@ declare enum DACConstraintType {
     ALLOW = "ALLOW",
     DENY = "DENY"
 }
+/**
+ * A wildcard segment used in DAC resource paths.
+ * */
+type DACWildcardSignifier = {
+    WILD_CARD: "*";
+};
 /**
  * A data access control (DAC) constraint.
  * */
+type DACResourcePathPart = LiteralValue | DACWildcardSignifier;
+/**
+ * An ordered list of resource path segments used in DAC constraints.
+ */
+type DACResourcePath = DACResourcePathPart[];
+/**
+ * A data access control (DAC) constraint that defines an allow or deny rule for a resource path.
+ */
 type DACConstraint = {
     /**
      * Whether the constraint explicitly allows or denies access.
@@ -4035,7 +4059,7 @@ type DACConstraint = {
     /**
      * The resource path to match against, in order of path segments.
      */
-    resourcePath: LiteralValue[];
+    resourcePath: DACResourcePath;
     /**
      * When true, match the resource path as a prefix instead of an exact match.
      */
@@ -4101,7 +4125,7 @@ type DACPathMatchResults = {
 /**
  * The prototype of a DAC wildcard signifier.
  * */
-declare const WILDCARD_SIGNIFIER_PROTOTYPE: Record<string, string>;
+declare const WILDCARD_SIGNIFIER_PROTOTYPE: DACWildcardSignifier;
 /**
  * Check if a given DAC path part value is a DAC wildcard signifier.
  * @returns True when the value matches the wildcard signifier prototype.
@@ -4127,7 +4151,7 @@ declare const getDACPathsMatch: (
 /**
  * DAC constraint path to evaluate for prefix/exact matches.
  */
-dacPath: LiteralValue[], 
+dacPath: DACResourcePath, 
 /**
  * Resource path to compare against the DAC path.
  */
@@ -4144,11 +4168,11 @@ role: DACRole,
 /**
  * Lookup helper used to resolve child roles by id.
  */
-getDACRoleById: (id: string) => DACRole, 
+getDACRoleById: (id: string) => Promise<DACRole>, 
 /**
  * SECURITY: Don't use this if you want realtime role resolution.
  * */
-dacRoleCache?: Record<string, DACRole>) => DACConstraint[];
+dacRoleCache?: Record<string, DACRole>) => Promise<DACConstraint[]>;
 /**
  * Get the access to a given resource for a given DAC role.
  * @returns Allow/deny summary for the resource path.
@@ -4165,11 +4189,11 @@ role: DACRole,
 /**
  * Lookup helper used to resolve child roles by id.
  */
-getDACRoleById: (id: string) => DACRole, 
+getDACRoleById: (id: string) => Promise<DACRole>, 
 /**
  * Optional cache to reuse resolved roles across calls.
  */
-dacRoleCache?: Record<string, DACRole>) => DACAccessResult;
+dacRoleCache?: Record<string, DACRole>) => Promise<DACAccessResult>;
 /**
  * Merge multiple DAC access results.
  * @returns Combined allow/deny result.
@@ -4187,7 +4211,10 @@ type DataAccessControl_DACConstraintType = DACConstraintType;
 declare const DataAccessControl_DACConstraintType: typeof DACConstraintType;
 type DataAccessControl_DACDataItemResourceAccessResultMap = DACDataItemResourceAccessResultMap;
 type DataAccessControl_DACPathMatchResults = DACPathMatchResults;
+type DataAccessControl_DACResourcePath = DACResourcePath;
+type DataAccessControl_DACResourcePathPart = DACResourcePathPart;
 type DataAccessControl_DACRole = DACRole;
+type DataAccessControl_DACWildcardSignifier = DACWildcardSignifier;
 declare const DataAccessControl_WILDCARD_SIGNIFIER_PROTOTYPE: typeof WILDCARD_SIGNIFIER_PROTOTYPE;
 declare const DataAccessControl_getDACPathsMatch: typeof getDACPathsMatch;
 declare const DataAccessControl_getFlattenedDACConstraints: typeof getFlattenedDACConstraints;
@@ -4195,7 +4222,7 @@ declare const DataAccessControl_getResourceAccessByDACRole: typeof getResourceAc
 declare const DataAccessControl_getValueIsWildcardSignifier: typeof getValueIsWildcardSignifier;
 declare const DataAccessControl_mergeDACAccessResults: typeof mergeDACAccessResults;
 declare namespace DataAccessControl {
-  export { type DataAccessControl_BaseDACRole as BaseDACRole, type DataAccessControl_DACAccessResult as DACAccessResult, type DataAccessControl_DACConstraint as DACConstraint, DataAccessControl_DACConstraintType as DACConstraintType, type DataAccessControl_DACDataItemResourceAccessResultMap as DACDataItemResourceAccessResultMap, type DataAccessControl_DACPathMatchResults as DACPathMatchResults, type DataAccessControl_DACRole as DACRole, DataAccessControl_WILDCARD_SIGNIFIER_PROTOTYPE as WILDCARD_SIGNIFIER_PROTOTYPE, DataAccessControl_getDACPathsMatch as getDACPathsMatch, DataAccessControl_getFlattenedDACConstraints as getFlattenedDACConstraints, DataAccessControl_getResourceAccessByDACRole as getResourceAccessByDACRole, DataAccessControl_getValueIsWildcardSignifier as getValueIsWildcardSignifier, DataAccessControl_mergeDACAccessResults as mergeDACAccessResults };
+  export { type DataAccessControl_BaseDACRole as BaseDACRole, type DataAccessControl_DACAccessResult as DACAccessResult, type DataAccessControl_DACConstraint as DACConstraint, DataAccessControl_DACConstraintType as DACConstraintType, type DataAccessControl_DACDataItemResourceAccessResultMap as DACDataItemResourceAccessResultMap, type DataAccessControl_DACPathMatchResults as DACPathMatchResults, type DataAccessControl_DACResourcePath as DACResourcePath, type DataAccessControl_DACResourcePathPart as DACResourcePathPart, type DataAccessControl_DACRole as DACRole, type DataAccessControl_DACWildcardSignifier as DACWildcardSignifier, DataAccessControl_WILDCARD_SIGNIFIER_PROTOTYPE as WILDCARD_SIGNIFIER_PROTOTYPE, DataAccessControl_getDACPathsMatch as getDACPathsMatch, DataAccessControl_getFlattenedDACConstraints as getFlattenedDACConstraints, DataAccessControl_getResourceAccessByDACRole as getResourceAccessByDACRole, DataAccessControl_getValueIsWildcardSignifier as getValueIsWildcardSignifier, DataAccessControl_mergeDACAccessResults as mergeDACAccessResults };
 }
 
 /**
@@ -4251,7 +4278,7 @@ type TypeInfoORMDACConfig = {
     /**
      * Lookup helper used to resolve roles by id.
      */
-    getDACRoleById: (id: string) => DACRole;
+    getDACRoleById: (id: string) => Promise<DACRole>;
 };
 /**
  * Configuration for TypeInfoORM indexing integrations.
@@ -4378,7 +4405,7 @@ declare class TypeInfoORMService implements TypeInfoORMAPI {
     /**
      * Operation being evaluated.
      */
-    typeOperation: TypeOperation) => DACDataItemResourceAccessResultMap;
+    typeOperation: TypeOperation) => Promise<DACDataItemResourceAccessResultMap>;
     protected getRelationshipDACValidation: (
     /**
      * Relationship to evaluate for access.
@@ -4387,7 +4414,7 @@ declare class TypeInfoORMService implements TypeInfoORMAPI {
     /**
      * Relationship operation being evaluated.
      */
-    relationshipOperation: RelationshipOperation) => DACAccessResult;
+    relationshipOperation: RelationshipOperation) => Promise<DACAccessResult>;
     protected getWrappedDriverWithExtendedErrorData: <ItemType extends TypeInfoDataItem, UniquelyIdentifyingFieldName extends keyof ItemType>(
     /**
      * Driver instance to wrap.
@@ -4934,11 +4961,11 @@ role: DACRole,
 /**
  * Lookup helper used to resolve roles by id.
  */
-getDACRoleById: (id: string) => DACRole, 
+getDACRoleById: (id: string) => Promise<DACRole>, 
 /**
  * SECURITY: Don't use this if you want realtime role resolution.
  * */
-dacRoleCache?: Record<string, DACRole>) => DACDataItemResourceAccessResultMap;
+dacRoleCache?: Record<string, DACRole>) => Promise<DACDataItemResourceAccessResultMap>;
 /**
  * Merge multiple DAC data item resource access result maps.
  * @returns Merged access result map.

package/{index-DcvJOZ_c.d.ts → index-DgOzPKdr.d.ts}

@@ -235679,6 +235679,14 @@ type AddCloudFunctionConfig = {
      * IAM policy statements to attach to the role.
      */
     policies?: AWS.IAM.Role.Policy[];
+    /**
+     * Lambda function memory size in MB.
+     *
+     * You can configure memory between 128 MB and 10,240 MB in 1-MB increments.
+     *
+     * @default 128
+     */
+    memorySize?: number;
 };
 /**
  * Add a serverless cloud function to run part or all of your API (back-end) without always running servers.

package/index.d.ts

@@ -1,6 +1,6 @@
-export { i as API } from './index-DZ2BB4iX.js';
+export { i as API } from './index-DbLgMAxB.js';
 export { i as App } from './index-IokxSNxm.js';
-export { i as IaC } from './index-BkFZlfit.js';
+export { i as IaC } from './index-BjFkoQmK.js';
 export { i as Common } from './index-C3-iD9Mh.js';
 import '@aws-sdk/client-dynamodb';
 import '@aws-sdk/client-s3';
@@ -9,5 +9,5 @@ import './Validation-CFP59oIP.js';
 import './Types-C7XjUjoF.js';
 import 'react';
 import 'react/jsx-runtime';
-import './index-DcvJOZ_c.js';
+import './index-DgOzPKdr.js';
 import 'typescript';

package/index.js

@@ -6285,7 +6285,7 @@ var getDACPathsMatch = (dacPath, resourcePath) => {
   }
   return results;
 };
-var getFlattenedDACConstraints = (role, getDACRoleById, dacRoleCache) => {
+var getFlattenedDACConstraints = async (role, getDACRoleById, dacRoleCache) => {
   const { childRoleIds = [], constraints = [] } = role;
   let flattenedConstraints = [...constraints];
   for (const cRI of childRoleIds) {
@@ -6293,20 +6293,22 @@ var getFlattenedDACConstraints = (role, getDACRoleById, dacRoleCache) => {
     if (dacRoleCache && dacRoleCache[cRI]) {
       childRole = dacRoleCache[cRI];
     } else {
-      childRole = getDACRoleById(cRI);
+      childRole = await getDACRoleById(cRI);
       if (dacRoleCache) {
         dacRoleCache[cRI] = childRole;
       }
     }
-    flattenedConstraints = [
-      ...flattenedConstraints,
-      ...getFlattenedDACConstraints(childRole, getDACRoleById, dacRoleCache)
-    ];
+    const childConstraints = await getFlattenedDACConstraints(
+      childRole,
+      getDACRoleById,
+      dacRoleCache
+    );
+    flattenedConstraints = [...flattenedConstraints, ...childConstraints];
   }
   return flattenedConstraints;
 };
-var getResourceAccessByDACRole = (fullResourcePath, role, getDACRoleById, dacRoleCache) => {
-  const flattenedConstraints = getFlattenedDACConstraints(
+var getResourceAccessByDACRole = async (fullResourcePath, role, getDACRoleById, dacRoleCache) => {
+  const flattenedConstraints = await getFlattenedDACConstraints(
     role,
     getDACRoleById,
     dacRoleCache
@@ -6447,7 +6449,7 @@ var getFullORMDACRole = (prefixPath = [], constraintType) => ({
     }
   ]
 });
-var getDACRoleHasAccessToDataItem = (prefixPath, operation, typeName, dataItem, typeInfo, role, getDACRoleById, dacRoleCache) => {
+var getDACRoleHasAccessToDataItem = async (prefixPath, operation, typeName, dataItem, typeInfo, role, getDACRoleById, dacRoleCache) => {
   const cleanItemPathPrefix = prefixPath ? prefixPath : [];
   const resultMap = {
     allowed: false,
@@ -6470,7 +6472,7 @@ var getDACRoleHasAccessToDataItem = (prefixPath, operation, typeName, dataItem,
         const {
           allowed: primaryResourceAllowed,
           denied: primaryResourceDenied
-        } = getResourceAccessByDACRole(
+        } = await getResourceAccessByDACRole(
           primaryResourcePath,
           role,
           getDACRoleById,
@@ -6491,7 +6493,7 @@ var getDACRoleHasAccessToDataItem = (prefixPath, operation, typeName, dataItem,
               const {
                 allowed: fieldResourceAllowed,
                 denied: fieldResourceDenied
-              } = getResourceAccessByDACRole(
+              } = await getResourceAccessByDACRole(
                 fieldResourcePath,
                 role,
                 getDACRoleById,
@@ -6553,9 +6555,9 @@ var executeDriverListItems = async (driver, config, filter, transform, selectedF
     filter ? void 0 : selectedFields
   );
   for (const itm of items) {
-    const includeItem = filter ? filter(itm) : true;
+    const includeItem = filter ? await filter(itm) : true;
     if (includeItem) {
-      const transformedItem = transform ? transform(itm) : itm;
+      const transformedItem = transform ? await transform(itm) : itm;
       filteredItems.push(transformedItem);
     }
   }
@@ -6675,13 +6677,17 @@ var TypeInfoORMService = class {
   }
   dacRoleCache = {};
   indexingRelationshipDriver;
-  getItemDACValidation = (item, typeName, typeOperation) => {
+  getItemDACValidation = async (item, typeName, typeOperation) => {
     const { useDAC } = this.config;
     if (useDAC) {
       const typeInfo = this.getTypeInfo(typeName);
       const { dacConfig } = this.config;
       const { itemResourcePathPrefix, accessingRole, getDACRoleById } = dacConfig;
-      return mergeDACDataItemResourceAccessResultMaps(
+      const [
+        typeOperationAccess,
+        allItemOperationsAccess,
+        allOperationsAccess
+      ] = await Promise.all([
         getDACRoleHasAccessToDataItem(
           itemResourcePathPrefix,
           typeOperation,
@@ -6712,6 +6718,11 @@ var TypeInfoORMService = class {
           getDACRoleById,
           this.dacRoleCache
         )
+      ]);
+      return mergeDACDataItemResourceAccessResultMaps(
+        typeOperationAccess,
+        allItemOperationsAccess,
+        allOperationsAccess
       );
     } else {
       return {
@@ -6721,12 +6732,16 @@ var TypeInfoORMService = class {
       };
     }
   };
-  getRelationshipDACValidation = (itemRelationship, relationshipOperation) => {
+  getRelationshipDACValidation = async (itemRelationship, relationshipOperation) => {
     const { useDAC } = this.config;
     if (useDAC) {
       const { dacConfig } = this.config;
       const { relationshipResourcePathPrefix, accessingRole, getDACRoleById } = dacConfig;
-      return mergeDACAccessResults(
+      const [
+        operationAccess,
+        allRelationshipOperationsAccess,
+        allOperationsAccess
+      ] = await Promise.all([
         getResourceAccessByDACRole(
           getItemRelationshipDACResourcePath(
             relationshipResourcePathPrefix,
@@ -6757,6 +6772,11 @@ var TypeInfoORMService = class {
           getDACRoleById,
           this.dacRoleCache
         )
+      ]);
+      return mergeDACAccessResults(
+        operationAccess,
+        allRelationshipOperationsAccess,
+        allOperationsAccess
       );
     } else {
       return {
@@ -7155,7 +7175,7 @@ var TypeInfoORMService = class {
    * */
   createRelationship = async (relationshipItem) => {
     this.validateRelationshipItem(relationshipItem);
-    const { allowed: createAllowed, denied: createDenied } = this.getRelationshipDACValidation(
+    const { allowed: createAllowed, denied: createDenied } = await this.getRelationshipDACValidation(
       relationshipItem,
       "SET" /* SET */
     );
@@ -7238,7 +7258,7 @@ var TypeInfoORMService = class {
    * */
   deleteRelationship = async (relationshipItem) => {
     this.validateRelationshipItem(relationshipItem);
-    const { allowed: deleteAllowed, denied: deleteDenied } = this.getRelationshipDACValidation(
+    const { allowed: deleteAllowed, denied: deleteDenied } = await this.getRelationshipDACValidation(
       relationshipItem,
       "UNSET" /* UNSET */
     );
@@ -7372,7 +7392,7 @@ var TypeInfoORMService = class {
       const { items = [], cursor: nextCursor } = results;
       const revisedItems = [];
       for (const rItm of items) {
-        const { allowed: readAllowed, denied: readDenied } = this.getRelationshipDACValidation(
+        const { allowed: readAllowed, denied: readDenied } = await this.getRelationshipDACValidation(
           rItm,
           "GET" /* GET */
         );
@@ -7439,7 +7459,7 @@ var TypeInfoORMService = class {
       allowed: createAllowed,
       denied: createDenied,
       fieldsResources = {}
-    } = this.getItemDACValidation(item, typeName, "CREATE" /* CREATE */);
+    } = await this.getItemDACValidation(item, typeName, "CREATE" /* CREATE */);
     if (createDenied || !createAllowed) {
       throw {
         message: "INVALID_OPERATION" /* INVALID_OPERATION */,
@@ -7485,7 +7505,7 @@ var TypeInfoORMService = class {
       allowed: readAllowed,
       denied: readDenied,
       fieldsResources = {}
-    } = this.getItemDACValidation(item, typeName, "READ" /* READ */);
+    } = await this.getItemDACValidation(item, typeName, "READ" /* READ */);
     if (readDenied || !readAllowed) {
       throw {
         message: "INVALID_OPERATION" /* INVALID_OPERATION */,
@@ -7534,7 +7554,7 @@ var TypeInfoORMService = class {
         allowed: updateAllowed,
         denied: updateDenied,
         fieldsResources = {}
-      } = this.getItemDACValidation(
+      } = await this.getItemDACValidation(
         initialCleanItem,
         typeName,
         "UPDATE" /* UPDATE */
@@ -7546,7 +7566,7 @@ var TypeInfoORMService = class {
           item
         };
       } else {
-        const { fieldsResources: fieldsResourcesForDeleteOperation = {} } = this.getItemDACValidation(
+        const { fieldsResources: fieldsResourcesForDeleteOperation = {} } = await this.getItemDACValidation(
           initialCleanItem,
           typeName,
           "DELETE" /* DELETE */
@@ -7602,7 +7622,11 @@ var TypeInfoORMService = class {
     this.validate(typeName, itemWithPrimaryFieldOnly, "DELETE" /* DELETE */);
     const driver = this.getDriverInternal(typeName);
     const existingItem = await driver.readItem(primaryFieldValue);
-    const { allowed: deleteAllowed, denied: deleteDenied } = this.getItemDACValidation(existingItem, typeName, "DELETE" /* DELETE */);
+    const { allowed: deleteAllowed, denied: deleteDenied } = await this.getItemDACValidation(
+      existingItem,
+      typeName,
+      "DELETE" /* DELETE */
+    );
     if (deleteDenied || !deleteAllowed) {
       throw {
         message: "INVALID_OPERATION" /* INVALID_OPERATION */,
@@ -7743,7 +7767,11 @@ var TypeInfoORMService = class {
                 allowed: readAllowed,
                 denied: readDenied,
                 fieldsResources = {}
-              } = this.getItemDACValidation(item, typeName, "READ" /* READ */);
+              } = await this.getItemDACValidation(
+                item,
+                typeName,
+                "READ" /* READ */
+              );
               const listDenied = readDenied || !readAllowed;
               if (listDenied) {
                 continue;
@@ -7781,12 +7809,16 @@ var TypeInfoORMService = class {
       const results = await executeDriverListItems(
         driver,
         config,
-        useDAC ? (item) => {
+        useDAC ? async (item) => {
           const {
             allowed: readAllowed,
             denied: readDenied,
             fieldsResources = {}
-          } = this.getItemDACValidation(item, typeName, "READ" /* READ */);
+          } = await this.getItemDACValidation(
+            item,
+            typeName,
+            "READ" /* READ */
+          );
           const listDenied = readDenied || !readAllowed;
           if (!listDenied) {
             fieldsResourcesCache.push(fieldsResources);
@@ -9959,7 +9991,8 @@ var addCloudFunction = createResourcePack(
           ]
         }
       }
-    ]
+    ],
+    memorySize = 128
   }) => {
     return {
       Resources: {
@@ -9994,7 +10027,8 @@ var addCloudFunction = createResourcePack(
             Role: {
               "Fn::GetAtt": [`${id}Role`, "Arn"]
             },
-            Runtime: runtime
+            Runtime: runtime,
+            MemorySize: memorySize
           }
         }
       }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@resistdesign/voltra",
-  "version": "3.0.0-alpha.4",
+  "version": "3.0.0-alpha.6",
   "description": "With our powers combined!",
   "homepage": "https://voltra.app",
   "repository": "git@github.com:resistdesign/voltra.git",