@siremzam/sentinel 0.3.0

package/dist/engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.js","sourceRoot":"","sources":["../src/engine.ts"],"names":[],"mappings":"AAiBA,OAAO,EAAe,KAAK,IAAI,MAAM,EAAE,IAAI,IAAI,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAYlF,SAAS,eAAe,CAAC,CAAS;IAChC,OAAO,CAAC,CAAC,OAAO,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,qBAAqB,CAAC,OAAuB;IACpD,IAAI,OAAO,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACjC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAChE,QAAQ,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,GAAG,GAAG,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;AAC/C,CAAC;AAgBD,MAAM,OAAO,YAAY;IACf,QAAQ,GAAsB,EAAE,CAAC;IACjC,SAAS,GAA0B,EAAE,CAAC;IACtC,eAAe,CAAU;IACzB,YAAY,CAAU;IACtB,cAAc,CAAU;IACxB,SAAS,CAAoB;IAC7B,KAAK,CAAyB;IAC9B,qBAAqB,CAAyB;IAEtD,YAAY,OAA+B;QACzC,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,KAAK,CAAC;QACxD,IAAI,CAAC,YAAY,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,MAAM,CAAC,KAAK,MAAM,CAAC;QACjE,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,aAAa,IAAI,KAAK,CAAC;QACrD,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC;QACvC,IAAI,CAAC,qBAAqB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACtD,IAAI,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,KAAK,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC/C,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACvB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,0EAA0E;IAC1E,kBAAkB;IAClB,0EAA0E;IAE1E,OAAO,CAAC,IAAmB;QACzB,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;QAC1C,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;YACjB,IAAI,EAAE,MAAM;YACZ,cAAc,EAAE,qBAAqB,CAAC,MAAM,CAAC,OAAyB,CAAC;SACxE,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,QAAQ,CAAC,GAAG,KAAsB;QAChC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;YAC1C,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACjB,IAAI,EAAE,MAAM;gBACZ,cAAc,EAAE,qBAAqB,CAAC,MAAM,CAAC,OAAyB,CAAC;aACxE,CAAC,CAAC;QACL,CAAC;QACD,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,UAAU,CAAC,MAAc;QACvB,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;QACjE,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QAC7B,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAC7B,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC1C,CAAC;IAED,UAAU;QACR,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;QACnB,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC;IACtB,CAAC;IAED,0EAA0E;IAC1E,gBAAgB;IAChB,0EAA0E;IAE1E,UAAU;QACR,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC;IACtB,CAAC;IAED,IAAI,UAAU;QACZ,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAC7B,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;IAChE,CAAC;IAED,0EAA0E;IAC1E,qDAAqD;IACrD,0EAA0E;IAE1E,KAAK;QACH,OAAO,MAAM,EAAK,CAAC;IACrB,CAAC;IAED,IAAI;QACF,OAAO,KAAK,EAAK,CAAC;IACpB,CAAC;IAED,0EAA0E;IAC1E,gBAAgB;IAChB,0EAA0E;IAE1E,UAAU,CAAC,QAA6B;QACtC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9B,OAAO,GAAG,EAAE;YACV,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC7C,IAAI,GAAG,KAAK,CAAC,CAAC;gBAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAChD,CAAC,CAAC;IACJ,CAAC;IAEO,IAAI,CAAC,QAAqB;QAChC,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBAClC,IAAI,MAAM,YAAY,OAAO,EAAE,CAAC;oBAC9B,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;gBACzB,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,sCAAsC;YACxC,CAAC;QACH,CAAC;IACH,CAAC;IAED,0EAA0E;IAC1E,aAAa;IACb,0EAA0E;IAE1E,QAAQ,CACN,OAAmB,EACnB,MAAsB,EACtB,QAA0B,EAC1B,kBAAmC,EAAE,EACrC,QAAiB;QAEjB,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC9C,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAEvC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK;YACzB,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,EAAE,MAAgB,EAAE,QAAkB,EAAE,QAAQ,CAAC;YAC3E,CAAC,CAAC,SAAS,CAAC;QACd,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,MAAM,GAAG,IAAI,CAAC,KAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACzC,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAClB,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE,QAAQ,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAExE,IAAI,OAAO,GAA2B,IAAI,CAAC;QAC3C,IAAI,oBAAoB,GAAG,KAAK,CAAC;QAEjC,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;YAClC,MAAM,EAAE,IAAI,EAAE,GAAG,QAAQ,CAAC;YAC1B,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACrD,OAAO,GAAG,QAAQ,CAAC;gBACnB,oBAAoB,GAAG,KAAK,CAAC;gBAC7B,MAAM;YACR,CAAC;YACD,MAAM,MAAM,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YACtD,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,GAAG,QAAQ,CAAC;gBACnB,oBAAoB,GAAG,IAAI,CAAC;gBAC5B,MAAM;YACR,CAAC;QACH,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,IAAI,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QAEvE,IAAI,QAAQ,IAAI,CAAC,oBAAoB,EAAE,CAAC;YACtC,IAAI,CAAC,KAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACtC,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,OAAmB,EACnB,MAAsB,EACtB,QAA0B,EAC1B,kBAAmC,EAAE,EACrC,QAAiB;QAEjB,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC9C,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACvC,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE,QAAQ,CAAC,CAAC;QACpF,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAExE,IAAI,OAAO,GAAyB,IAAI,CAAC;QAEzC,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;YAClC,MAAM,EAAE,IAAI,EAAE,GAAG,QAAQ,CAAC;YAC1B,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACrD,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM;YACR,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAC3B,OAAO,CAAC,OAAO,EAAE;iBACd,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;iBAClB,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACb,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;gBACzC,OAAO,KAAK,CAAC;YACf,CAAC,CAAC,CACL,CACF,CAAC;YACF,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3B,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM;YACR,CAAC;QACH,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACpB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,0EAA0E;IAC1E,oEAAoE;IACpE,0EAA0E;IAE1E,SAAS,CACP,OAAmB,EACnB,QAA0B,EAC1B,OAAyB,EACzB,kBAAmC,EAAE,EACrC,QAAiB;QAEjB,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC1C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe;gBACnC,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;gBACtF,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE,QAAQ,CAAC,CAAC;YACxE,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACrB,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,OAAmB,EACnB,QAA0B,EAC1B,OAAyB,EACzB,kBAAmC,EAAE,EACrC,QAAiB;QAEjB,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC1C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CACrB,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE,QAAQ,CAAC,CACzE,CACF,CAAC;QACF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,IAAI,OAAO,CAAC,CAAC,CAAE,CAAC,OAAO,EAAE,CAAC;gBACxB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAE,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,0EAA0E;IAC1E,kDAAkD;IAClD,0EAA0E;IAE1E,OAAO,CACL,OAAmB,EACnB,MAAsB,EACtB,QAA0B,EAC1B,kBAAmC,EAAE,EACrC,QAAiB;QAEjB,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,iEAAiE,CAClE,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACvC,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE,QAAQ,CAAC,CAAC;QACpF,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE1D,MAAM,cAAc,GAAwB,EAAE,CAAC;QAC/C,IAAI,UAAU,GAAyB,IAAI,CAAC;QAE5C,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAEvD,KAAK,MAAM,QAAQ,IAAI,MAAM,EAAE,CAAC;YAC9B,MAAM,EAAE,IAAI,EAAE,GAAG,QAAQ,CAAC;YAC1B,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,KAAK,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACtF,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,KAAK,GAAG,IAAI,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YACnF,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,KAAK,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAEpF,MAAM,gBAAgB,GAAsB,EAAE,CAAC;YAC/C,IAAI,mBAAmB,GAAG,IAAI,CAAC;YAE/B,IAAI,WAAW,IAAI,aAAa,IAAI,eAAe,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACvE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAChD,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAE,CAAC,GAAG,CAAC,CAAC;wBACxC,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;4BACpB,gBAAgB,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;4BACnD,mBAAmB,GAAG,KAAK,CAAC;wBAC9B,CAAC;6BAAM,CAAC;4BACN,gBAAgB,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;wBACpD,CAAC;oBACH,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,gBAAgB,CAAC,IAAI,CAAC;4BACpB,KAAK,EAAE,CAAC;4BACR,MAAM,EAAE,KAAK;4BACb,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;yBACxD,CAAC,CAAC;wBACH,mBAAmB,GAAG,KAAK,CAAC;oBAC9B,CAAC;gBACH,CAAC;YACH,CAAC;YAED,MAAM,OAAO,GACX,WAAW,IAAI,aAAa,IAAI,eAAe;gBAC/C,CAAC,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,mBAAmB,CAAC,CAAC;YAE5E,cAAc,CAAC,IAAI,CAAC;gBAClB,IAAI;gBACJ,WAAW;gBACX,aAAa;gBACb,eAAe;gBACf,gBAAgB;gBAChB,OAAO;aACR,CAAC,CAAC;YAEH,IAAI,OAAO,IAAI,CAAC,UAAU,EAAE,CAAC;gBAC3B,UAAU,GAAG,IAAI,CAAC;YACpB,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;QACxF,MAAM,MAAM,GAAG,UAAU,EAAE,MAAM,IAAI,cAAc,CAAC;QACpD,MAAM,MAAM,GAAG,UAAU;YACvB,CAAC,CAAC,iBAAiB,UAAU,CAAC,EAAE,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;YACjG,CAAC,CAAC,iCAAiC,CAAC;QAEtC,OAAO;YACL,OAAO;YACP,MAAM;YACN,MAAM;YACN,cAAc;YACd,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK;SACtC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,OAAmB,EACnB,MAAsB,EACtB,QAA0B,EAC1B,kBAAmC,EAAE,EACrC,QAAiB;QAEjB,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACvC,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE,QAAQ,CAAC,CAAC;QACpF,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE1D,MAAM,cAAc,GAAwB,EAAE,CAAC;QAC/C,IAAI,UAAU,GAAyB,IAAI,CAAC;QAE5C,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAEvD,KAAK,MAAM,QAAQ,IAAI,MAAM,EAAE,CAAC;YAC9B,MAAM,EAAE,IAAI,EAAE,GAAG,QAAQ,CAAC;YAC1B,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,KAAK,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACtF,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,KAAK,GAAG,IAAI,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;YACnF,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,KAAK,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAEpF,MAAM,gBAAgB,GAAsB,EAAE,CAAC;YAC/C,IAAI,mBAAmB,GAAG,IAAI,CAAC;YAE/B,IAAI,WAAW,IAAI,aAAa,IAAI,eAAe,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACvE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAChD,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,CAAC,CAAE,CAAC,GAAG,CAAC,CAAC;wBAC9C,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;4BACpB,gBAAgB,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;4BACnD,mBAAmB,GAAG,KAAK,CAAC;wBAC9B,CAAC;6BAAM,CAAC;4BACN,gBAAgB,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;wBACpD,CAAC;oBACH,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,gBAAgB,CAAC,IAAI,CAAC;4BACpB,KAAK,EAAE,CAAC;4BACR,MAAM,EAAE,KAAK;4BACb,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;yBACxD,CAAC,CAAC;wBACH,mBAAmB,GAAG,KAAK,CAAC;oBAC9B,CAAC;gBACH,CAAC;YACH,CAAC;YAED,MAAM,OAAO,GACX,WAAW,IAAI,aAAa,IAAI,eAAe;gBAC/C,CAAC,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,mBAAmB,CAAC,CAAC;YAE5E,cAAc,CAAC,IAAI,CAAC;gBAClB,IAAI;gBACJ,WAAW;gBACX,aAAa;gBACb,eAAe;gBACf,gBAAgB;gBAChB,OAAO;aACR,CAAC,CAAC;YAEH,IAAI,OAAO,IAAI,CAAC,UAAU,EAAE,CAAC;gBAC3B,UAAU,GAAG,IAAI,CAAC;YACpB,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;QACxF,MAAM,MAAM,GAAG,UAAU,EAAE,MAAM,IAAI,cAAc,CAAC;QACpD,MAAM,MAAM,GAAG,UAAU;YACvB,CAAC,CAAC,iBAAiB,UAAU,CAAC,EAAE,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;YACjG,CAAC,CAAC,iCAAiC,CAAC;QAEtC,OAAO;YACL,OAAO;YACP,MAAM;YACN,MAAM;YACN,cAAc;YACd,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK;SACtC,CAAC;IACJ,CAAC;IAED,0EAA0E;IAC1E,8DAA8D;IAC9D,0EAA0E;IAE1E,GAAG,CAAC,OAAmB;QACrB,OAAO,IAAI,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACxC,CAAC;IAED,0EAA0E;IAC1E,mBAAmB;IACnB,0EAA0E;IAElE,aAAa,CACnB,OAAmB,EACnB,MAAsB,EACtB,QAA0B;QAE1B,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,CAAC,EAAE,KAAK,QAAQ,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAEO,cAAc,CAAC,OAAmB,EAAE,QAAiB;QAC3D,IAAI,CAAC,IAAI,CAAC,cAAc,IAAI,QAAQ,IAAI,IAAI;YAAE,OAAO;QACrD,MAAM,eAAe,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC;QACtE,IAAI,eAAe,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CACb,gEAAgE;gBAChE,+DAA+D;gBAC/D,+DAA+D,CAChE,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,YAAY,CAClB,OAAmB,EACnB,MAAsB,EACtB,QAA0B,EAC1B,eAAgC,EAChC,QAAiB;QAEjB,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE,QAAQ,EAAE,CAAC;IAClE,CAAC;IAEO,sBAAsB,CAC5B,IAAmB,EACnB,GAAyB;QAEzB,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC;QAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAChD,IAAI,CAAC;gBACH,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,CAAE,CAAC,GAAG,CAAC,KAAK,IAAI;oBAAE,OAAO,KAAK,CAAC;YACtD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;gBACzC,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,kBAAkB,CAAC,MAAc,EAAE,cAAsB,EAAE,KAAc;QAC/E,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC/B,IAAI,CAAC;gBACH,IAAI,CAAC,qBAAqB,CAAC,EAAE,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC,CAAC;YAChE,CAAC;YAAC,MAAM,CAAC;gBACP,0CAA0C;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAEO,UAAU,CAChB,OAAmB,EACnB,MAAsB,EACtB,QAA0B,EAC1B,QAAiB;QAEjB,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAE1D,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;YAChD,MAAM,EAAE,IAAI,EAAE,GAAG,QAAQ,CAAC;YAC1B,IAAI,IAAI,CAAC,KAAK,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YACrF,IAAI,IAAI,CAAC,OAAO,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAChF,IAAI,IAAI,CAAC,SAAS,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC/E,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;IAEO,cAAc,CAAC,UAA6B;QAClD,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YAC9B,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC;YAChC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC;YAChC,IAAI,EAAE,KAAK,EAAE;gBAAE,OAAO,EAAE,GAAG,EAAE,CAAC;YAC9B,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,KAAK,OAAO;gBAAE,OAAO,CAAC,CAAC,CAAC;YACrE,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,KAAK,OAAO,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,KAAK,MAAM;gBAAE,OAAO,CAAC,CAAC;YACpE,OAAO,CAAC,CAAC;QACX,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CACnB,QAAyB,EACzB,MAAsB;QAEtB,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,QAAQ,CAAC;QAC1C,IAAI,IAAI,CAAC,OAAO,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QACtC,MAAM,SAAS,GAAG,MAAgB,CAAC;QACnC,IAAK,IAAI,CAAC,OAAoB,CAAC,QAAQ,CAAC,SAAS,CAAC;YAAE,OAAO,IAAI,CAAC;QAChE,IAAI,cAAc,EAAE,CAAC;YACnB,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;gBACrC,IAAI,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC;oBAAE,OAAO,IAAI,CAAC;YAC3C,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,YAAY,CAClB,OAAmB,EACnB,QAAiB;QAEjB,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;QACtC,KAAK,MAAM,UAAU,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YACvC,IAAI,QAAQ,IAAI,IAAI,IAAI,UAAU,CAAC,QAAQ,IAAI,IAAI,IAAI,UAAU,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACxF,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,SAAS;YAAE,OAAO,WAAW,CAAC;QAExC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;QACnC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAoB,CAAC,EAAE,CAAC;gBAC7D,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,aAAa,CACnB,OAA6B,EAC7B,GAAyB,EACzB,KAAa;QAEb,MAAM,OAAO,GACX,OAAO,IAAI,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;QACpE,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,cAAc,CAAC;QACjD,MAAM,MAAM,GAAG,OAAO;YACpB,CAAC,CAAC,iBAAiB,OAAO,CAAC,EAAE,IAAI,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;YACxF,CAAC,CAAC,iCAAiC,CAAC;QAEtC,OAAO;YACL,OAAO;YACP,MAAM;YACN,WAAW,EAAE,OAAO;YACpB,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,eAAe,EAAE,GAAG,CAAC,eAAe;YACpC,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK;YACrC,MAAM;SACP,CAAC;IACJ,CAAC;CACF;AAED,8EAA8E;AAC9E,6DAA6D;AAC7D,8EAA8E;AAE9E,MAAM,WAAW;IAEL;IACA;IAFV,YACU,MAAuB,EACvB,OAAmB;QADnB,WAAM,GAAN,MAAM,CAAiB;QACvB,YAAO,GAAP,OAAO,CAAY;IAC1B,CAAC;IAEJ,OAAO,CAAC,MAAsB;QAC5B,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACvD,CAAC;CACF;AAED,MAAM,MAAM;IAEA;IACA;IACA;IAHV,YACU,MAAuB,EACvB,OAAmB,EACnB,MAAsB;QAFtB,WAAM,GAAN,MAAM,CAAiB;QACvB,YAAO,GAAP,OAAO,CAAY;QACnB,WAAM,GAAN,MAAM,CAAgB;IAC7B,CAAC;IAEJ,EAAE,CACA,QAA0B,EAC1B,kBAAmC,EAAE,EACrC,QAAiB;QAEjB,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CACzB,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,MAAM,EACX,QAAQ,EACR,eAAe,EACf,QAAQ,CACT,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAO,CACX,QAA0B,EAC1B,kBAAmC,EAAE,EACrC,QAAiB;QAEjB,OAAO,IAAI,CAAC,MAAM,CAAC,aAAa,CAC9B,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,MAAM,EACX,QAAQ,EACR,eAAe,EACf,QAAQ,CACT,CAAC;IACJ,CAAC;CACF;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,SAAS,aAAa,CACpB,SAAiB,EACjB,MAAc,EACd,QAAgB,EAChB,QAAiB;IAEjB,OAAO,GAAG,SAAS,CAAC,MAAM,IAAI,SAAS,KAAK,MAAM,KAAK,QAAQ,KAAK,QAAQ,IAAI,EAAE,EAAE,CAAC;AACvF,CAAC;AAED,MAAM,QAAQ;IACJ,GAAG,GAAG,IAAI,GAAG,EAAa,CAAC;IAC1B,OAAO,CAAS;IAEzB,YAAY,OAAe;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;IACvB,CAAC;IAED,GAAG,CAAC,GAAW;QACb,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACrB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC3B,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,GAAG,CAAC,GAAW,EAAE,KAAQ;QACvB,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACvB,CAAC;aAAM,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACzC,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC;YAC5C,IAAI,MAAM,KAAK,SAAS;gBAAE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACpD,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC3B,CAAC;IAED,KAAK;QACH,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;IACnB,CAAC;CACF"}

package/dist/index.d.ts

@@ -0,0 +1,11 @@
+export { AccessEngine } from "./engine.js";
+export type { AccessEngineOptions } from "./engine.js";
+export { RuleBuilder, allow, deny, createPolicyFactory } from "./policy-builder.js";
+export { RoleHierarchy } from "./role-hierarchy.js";
+export { ConditionRegistry, exportRules, exportRulesToJson, importRules, importRulesFromJson, } from "./serialization.js";
+export { createAuthServer } from "./server.js";
+export { toAuditEntry } from "./types.js";
+export type { SchemaDefinition, ActionString, InferRole, InferResource, InferAction, InferTenantId, RoleAssignment, Subject, ResourceContext, EvaluationContext, Condition, PolicyEffect, PolicyRule, Decision, AuditEntry, DecisionListener, ConditionError, ConditionErrorHandler, EngineOptions, ExplainResult, RuleEvaluation, ConditionResult, } from "./types.js";
+export type { JsonPolicyRule, JsonPolicyDocument, } from "./serialization.js";
+export type { ServerOptions, EvalRequestBody } from "./server.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,YAAY,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AACpF,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EACL,iBAAiB,EACjB,WAAW,EACX,iBAAiB,EACjB,WAAW,EACX,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE1C,YAAY,EACV,gBAAgB,EAChB,YAAY,EACZ,SAAS,EACT,aAAa,EACb,WAAW,EACX,aAAa,EACb,cAAc,EACd,OAAO,EACP,eAAe,EACf,iBAAiB,EACjB,SAAS,EACT,YAAY,EACZ,UAAU,EACV,QAAQ,EACR,UAAU,EACV,gBAAgB,EAChB,cAAc,EACd,qBAAqB,EACrB,aAAa,EACb,aAAa,EACb,cAAc,EACd,eAAe,GAChB,MAAM,YAAY,CAAC;AAEpB,YAAY,EACV,cAAc,EACd,kBAAkB,GACnB,MAAM,oBAAoB,CAAC;AAE5B,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC"}

package/dist/index.js

@@ -0,0 +1,7 @@
+export { AccessEngine } from "./engine.js";
+export { RuleBuilder, allow, deny, createPolicyFactory } from "./policy-builder.js";
+export { RoleHierarchy } from "./role-hierarchy.js";
+export { ConditionRegistry, exportRules, exportRulesToJson, importRules, importRulesFromJson, } from "./serialization.js";
+export { createAuthServer } from "./server.js";
+export { toAuditEntry } from "./types.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AACpF,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EACL,iBAAiB,EACjB,WAAW,EACX,iBAAiB,EACjB,WAAW,EACX,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC"}

package/dist/middleware/express.d.ts

@@ -0,0 +1,35 @@
+import type { AccessEngine } from "../engine.js";
+import type { SchemaDefinition, InferAction, InferResource, Subject, ResourceContext } from "../types.js";
+/**
+ * Minimal Express-compatible types so we don't depend on @types/express at runtime.
+ */
+interface Request {
+    [key: string]: unknown;
+}
+interface Response {
+    status(code: number): Response;
+    json(body: unknown): void;
+}
+type NextFunction = (err?: unknown) => void;
+export interface GuardOptions<S extends SchemaDefinition> {
+    /** Extract the subject from the request. */
+    getSubject: (req: Request) => Subject<S> | undefined;
+    /** Extract the resource context from the request (optional). */
+    getResourceContext?: (req: Request) => ResourceContext;
+    /** Extract the tenant ID from the request (optional). */
+    getTenantId?: (req: Request) => string | undefined;
+    /** Custom denial handler. Defaults to 403 JSON response. */
+    onDenied?: (req: Request, res: Response, next: NextFunction) => void;
+}
+/**
+ * Express middleware factory.
+ *
+ * Usage:
+ *   app.post("/invoices/:id/approve",
+ *     guard(engine, "invoice:approve", "invoice", guardOptions),
+ *     handler
+ *   );
+ */
+export declare function guard<S extends SchemaDefinition>(engine: AccessEngine<S>, action: InferAction<S>, resource: InferResource<S>, options: GuardOptions<S>): (req: Request, res: Response, next: NextFunction) => void;
+export {};
+//# sourceMappingURL=express.d.ts.map

package/dist/middleware/express.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.d.ts","sourceRoot":"","sources":["../../src/middleware/express.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,KAAK,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE1G;;GAEG;AACH,UAAU,OAAO;IACf,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AACD,UAAU,QAAQ;IAChB,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,QAAQ,CAAC;IAC/B,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;CAC3B;AACD,KAAK,YAAY,GAAG,CAAC,GAAG,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;AAE5C,MAAM,WAAW,YAAY,CAAC,CAAC,SAAS,gBAAgB;IACtD,4CAA4C;IAC5C,UAAU,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC;IACrD,gEAAgE;IAChE,kBAAkB,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,eAAe,CAAC;IACvD,yDAAyD;IACzD,WAAW,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,MAAM,GAAG,SAAS,CAAC;IACnD,4DAA4D;IAC5D,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,KAAK,IAAI,CAAC;CACtE;AAED;;;;;;;;GAQG;AACH,wBAAgB,KAAK,CAAC,CAAC,SAAS,gBAAgB,EAC9C,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,EACvB,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,EACtB,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC,EAC1B,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,IAEhB,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,UA4BxD"}

package/dist/middleware/express.js

@@ -0,0 +1,41 @@
+/**
+ * Express middleware factory.
+ *
+ * Usage:
+ *   app.post("/invoices/:id/approve",
+ *     guard(engine, "invoice:approve", "invoice", guardOptions),
+ *     handler
+ *   );
+ */
+export function guard(engine, action, resource, options) {
+    return (req, res, next) => {
+        const subject = options.getSubject(req);
+        if (!subject) {
+            res.status(401).json({ error: "Unauthorized — no subject" });
+            return;
+        }
+        let decision;
+        try {
+            const resourceContext = options.getResourceContext?.(req) ?? {};
+            const tenantId = options.getTenantId?.(req);
+            decision = engine.evaluate(subject, action, resource, resourceContext, tenantId);
+        }
+        catch (err) {
+            next(err);
+            return;
+        }
+        if (decision.allowed) {
+            next();
+        }
+        else if (options.onDenied) {
+            options.onDenied(req, res, next);
+        }
+        else {
+            res.status(403).json({
+                error: "Forbidden",
+                reason: decision.reason,
+            });
+        }
+    };
+}
+//# sourceMappingURL=express.js.map

package/dist/middleware/express.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.js","sourceRoot":"","sources":["../../src/middleware/express.ts"],"names":[],"mappings":"AA0BA;;;;;;;;GAQG;AACH,MAAM,UAAU,KAAK,CACnB,MAAuB,EACvB,MAAsB,EACtB,QAA0B,EAC1B,OAAwB;IAExB,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QACzD,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC,CAAC;YAC7D,OAAO;QACT,CAAC;QAED,IAAI,QAAQ,CAAC;QACb,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YAChE,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,GAAG,CAAC,CAAC;YAC5C,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE,QAAQ,CAAC,CAAC;QACnF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,CAAC;YACV,OAAO;QACT,CAAC;QAED,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACrB,IAAI,EAAE,CAAC;QACT,CAAC;aAAM,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC5B,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QACnC,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,WAAW;gBAClB,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/middleware/fastify.d.ts

@@ -0,0 +1,29 @@
+import type { AccessEngine } from "../engine.js";
+import type { SchemaDefinition, InferAction, InferResource, Subject, ResourceContext } from "../types.js";
+/**
+ * Minimal Fastify-compatible types so we don't depend on fastify at runtime.
+ */
+interface FastifyRequest {
+    [key: string]: unknown;
+}
+interface FastifyReply {
+    code(statusCode: number): FastifyReply;
+    send(payload?: unknown): FastifyReply;
+}
+export interface FastifyGuardOptions<S extends SchemaDefinition> {
+    getSubject: (req: FastifyRequest) => Subject<S> | undefined;
+    getResourceContext?: (req: FastifyRequest) => ResourceContext;
+    getTenantId?: (req: FastifyRequest) => string | undefined;
+    onDenied?: (req: FastifyRequest, reply: FastifyReply) => void;
+}
+/**
+ * Fastify preHandler hook factory.
+ *
+ * Usage:
+ *   fastify.post("/invoices/:id/approve", {
+ *     preHandler: fastifyGuard(engine, "invoice:approve", "invoice", opts),
+ *   }, handler);
+ */
+export declare function fastifyGuard<S extends SchemaDefinition>(engine: AccessEngine<S>, action: InferAction<S>, resource: InferResource<S>, options: FastifyGuardOptions<S>): (req: FastifyRequest, reply: FastifyReply, done: (err?: Error) => void) => void;
+export {};
+//# sourceMappingURL=fastify.d.ts.map

package/dist/middleware/fastify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fastify.d.ts","sourceRoot":"","sources":["../../src/middleware/fastify.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,KAAK,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE1G;;GAEG;AACH,UAAU,cAAc;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AACD,UAAU,YAAY;IACpB,IAAI,CAAC,UAAU,EAAE,MAAM,GAAG,YAAY,CAAC;IACvC,IAAI,CAAC,OAAO,CAAC,EAAE,OAAO,GAAG,YAAY,CAAC;CACvC;AAED,MAAM,WAAW,mBAAmB,CAAC,CAAC,SAAS,gBAAgB;IAC7D,UAAU,EAAE,CAAC,GAAG,EAAE,cAAc,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC;IAC5D,kBAAkB,CAAC,EAAE,CAAC,GAAG,EAAE,cAAc,KAAK,eAAe,CAAC;IAC9D,WAAW,CAAC,EAAE,CAAC,GAAG,EAAE,cAAc,KAAK,MAAM,GAAG,SAAS,CAAC;IAC1D,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,YAAY,KAAK,IAAI,CAAC;CAC/D;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,CAAC,SAAS,gBAAgB,EACrD,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,EACvB,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,EACtB,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC,EAC1B,OAAO,EAAE,mBAAmB,CAAC,CAAC,CAAC,IAEvB,KAAK,cAAc,EAAE,OAAO,YAAY,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,KAAK,KAAK,IAAI,UA6B9E"}

package/dist/middleware/fastify.js

@@ -0,0 +1,41 @@
+/**
+ * Fastify preHandler hook factory.
+ *
+ * Usage:
+ *   fastify.post("/invoices/:id/approve", {
+ *     preHandler: fastifyGuard(engine, "invoice:approve", "invoice", opts),
+ *   }, handler);
+ */
+export function fastifyGuard(engine, action, resource, options) {
+    return (req, reply, done) => {
+        const subject = options.getSubject(req);
+        if (!subject) {
+            reply.code(401).send({ error: "Unauthorized — no subject" });
+            return;
+        }
+        let decision;
+        try {
+            const resourceContext = options.getResourceContext?.(req) ?? {};
+            const tenantId = options.getTenantId?.(req);
+            decision = engine.evaluate(subject, action, resource, resourceContext, tenantId);
+        }
+        catch (err) {
+            done(err instanceof Error ? err : new Error(String(err)));
+            return;
+        }
+        if (decision.allowed) {
+            done();
+        }
+        else if (options.onDenied) {
+            options.onDenied(req, reply);
+            done();
+        }
+        else {
+            reply.code(403).send({
+                error: "Forbidden",
+                reason: decision.reason,
+            });
+        }
+    };
+}
+//# sourceMappingURL=fastify.js.map

package/dist/middleware/fastify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fastify.js","sourceRoot":"","sources":["../../src/middleware/fastify.ts"],"names":[],"mappings":"AAqBA;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAC1B,MAAuB,EACvB,MAAsB,EACtB,QAA0B,EAC1B,OAA+B;IAE/B,OAAO,CAAC,GAAmB,EAAE,KAAmB,EAAE,IAA2B,EAAE,EAAE;QAC/E,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC,CAAC;YAC7D,OAAO;QACT,CAAC;QAED,IAAI,QAAQ,CAAC;QACb,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;YAChE,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,GAAG,CAAC,CAAC;YAC5C,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE,QAAQ,CAAC,CAAC;QACnF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAC1D,OAAO;QACT,CAAC;QAED,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACrB,IAAI,EAAE,CAAC;QACT,CAAC;aAAM,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC5B,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC7B,IAAI,EAAE,CAAC;QACT,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,WAAW;gBAClB,MAAM,EAAE,QAAQ,CAAC,MAAM;aACxB,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/middleware/nestjs.d.ts

@@ -0,0 +1,67 @@
+import type { AccessEngine } from "../engine.js";
+import type { SchemaDefinition, InferAction, InferResource, Subject, ResourceContext } from "../types.js";
+/**
+ * NestJS-compatible guard and decorator factory.
+ *
+ * Since we don't want a hard dependency on @nestjs/common or reflect-metadata,
+ * this module uses a WeakMap to store metadata and provides factory functions
+ * that produce NestJS-shaped guards and decorators.
+ */
+interface ExecutionContext {
+    switchToHttp(): {
+        getRequest(): Record<string, unknown>;
+        getResponse(): Record<string, unknown>;
+    };
+    getHandler(): (...args: unknown[]) => unknown;
+    getClass(): new (...args: unknown[]) => unknown;
+}
+interface CanActivate {
+    canActivate(context: ExecutionContext): boolean | Promise<boolean>;
+}
+export interface AuthorizeMetadata {
+    action: string;
+    resource: string;
+}
+/**
+ * Retrieve stored authorization metadata for a handler or class.
+ */
+export declare function getAuthorizeMetadata(...targets: object[]): AuthorizeMetadata | undefined;
+/**
+ * Creates a method decorator that stores authorization metadata.
+ *
+ * Usage in a NestJS controller:
+ * ```ts
+ * const Authorize = createAuthorizeDecorator<MySchema>();
+ *
+ * @Controller("invoices")
+ * class InvoiceController {
+ *   @Post(":id/approve")
+ *   @Authorize("invoice:approve", "invoice")
+ *   approve(@Param("id") id: string) { ... }
+ * }
+ * ```
+ */
+export declare function createAuthorizeDecorator<S extends SchemaDefinition>(): (action: InferAction<S>, resource: InferResource<S>) => MethodDecorator;
+export interface NestGuardOptions<S extends SchemaDefinition> {
+    engine: AccessEngine<S>;
+    getSubject: (request: Record<string, unknown>) => Subject<S> | undefined;
+    getResourceContext?: (request: Record<string, unknown>) => ResourceContext;
+    getTenantId?: (request: Record<string, unknown>) => string | undefined;
+}
+/**
+ * Creates a NestJS CanActivate guard class.
+ *
+ * Usage:
+ * ```ts
+ * const AuthGuard = createAuthGuard({
+ *   engine,
+ *   getSubject: (req) => req.user as Subject<MySchema>,
+ * });
+ *
+ * // Use as a global guard:
+ * app.useGlobalGuards(new AuthGuard());
+ * ```
+ */
+export declare function createAuthGuard<S extends SchemaDefinition>(options: NestGuardOptions<S>): new () => CanActivate;
+export {};
+//# sourceMappingURL=nestjs.d.ts.map

package/dist/middleware/nestjs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nestjs.d.ts","sourceRoot":"","sources":["../../src/middleware/nestjs.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,KAAK,EAAE,gBAAgB,EAAE,WAAW,EAAE,aAAa,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE1G;;;;;;GAMG;AAMH,UAAU,gBAAgB;IACxB,YAAY,IAAI;QACd,UAAU,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACtC,WAAW,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACxC,CAAC;IACF,UAAU,IAAI,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC;IAC9C,QAAQ,IAAI,KAAK,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC;CACjD;AAED,UAAU,WAAW;IACnB,WAAW,CAAC,OAAO,EAAE,gBAAgB,GAAG,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACpE;AAMD,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB;AAID;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,GAAG,OAAO,EAAE,MAAM,EAAE,GACnB,iBAAiB,GAAG,SAAS,CAM/B;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,wBAAwB,CAAC,CAAC,SAAS,gBAAgB,MAE/D,QAAQ,WAAW,CAAC,CAAC,CAAC,EACtB,UAAU,aAAa,CAAC,CAAC,CAAC,KACzB,eAAe,CAWnB;AAMD,MAAM,WAAW,gBAAgB,CAAC,CAAC,SAAS,gBAAgB;IAC1D,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC;IACxB,UAAU,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC;IACzE,kBAAkB,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,eAAe,CAAC;IAC3E,WAAW,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,MAAM,GAAG,SAAS,CAAC;CACxE;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,eAAe,CAAC,CAAC,SAAS,gBAAgB,EACxD,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,GAC3B,UAAU,WAAW,CAmCvB"}

package/dist/middleware/nestjs.js

@@ -0,0 +1,82 @@
+const metadataStore = new WeakMap();
+/**
+ * Retrieve stored authorization metadata for a handler or class.
+ */
+export function getAuthorizeMetadata(...targets) {
+    for (const target of targets) {
+        const meta = metadataStore.get(target);
+        if (meta)
+            return meta;
+    }
+    return undefined;
+}
+/**
+ * Creates a method decorator that stores authorization metadata.
+ *
+ * Usage in a NestJS controller:
+ * ```ts
+ * const Authorize = createAuthorizeDecorator<MySchema>();
+ *
+ * @Controller("invoices")
+ * class InvoiceController {
+ *   @Post(":id/approve")
+ *   @Authorize("invoice:approve", "invoice")
+ *   approve(@Param("id") id: string) { ... }
+ * }
+ * ```
+ */
+export function createAuthorizeDecorator() {
+    return function Authorize(action, resource) {
+        return (_target, _propertyKey, descriptor) => {
+            if (!descriptor?.value)
+                return descriptor;
+            const metadata = {
+                action: action,
+                resource: resource,
+            };
+            metadataStore.set(descriptor.value, metadata);
+            return descriptor;
+        };
+    };
+}
+/**
+ * Creates a NestJS CanActivate guard class.
+ *
+ * Usage:
+ * ```ts
+ * const AuthGuard = createAuthGuard({
+ *   engine,
+ *   getSubject: (req) => req.user as Subject<MySchema>,
+ * });
+ *
+ * // Use as a global guard:
+ * app.useGlobalGuards(new AuthGuard());
+ * ```
+ */
+export function createAuthGuard(options) {
+    const { engine, getSubject, getResourceContext, getTenantId } = options;
+    class AccessControlGuard {
+        canActivate(context) {
+            const handler = context.getHandler();
+            const cls = context.getClass();
+            const metadata = getAuthorizeMetadata(handler, cls);
+            if (!metadata)
+                return true;
+            const request = context.switchToHttp().getRequest();
+            const subject = getSubject(request);
+            if (!subject)
+                return false;
+            try {
+                const resourceContext = getResourceContext?.(request) ?? {};
+                const tenantId = getTenantId?.(request);
+                const decision = engine.evaluate(subject, metadata.action, metadata.resource, resourceContext, tenantId);
+                return decision.allowed;
+            }
+            catch {
+                return false;
+            }
+        }
+    }
+    return AccessControlGuard;
+}
+//# sourceMappingURL=nestjs.js.map

package/dist/middleware/nestjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nestjs.js","sourceRoot":"","sources":["../../src/middleware/nestjs.ts"],"names":[],"mappings":"AAqCA,MAAM,aAAa,GAAG,IAAI,OAAO,EAA6B,CAAC;AAE/D;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,GAAG,OAAiB;IAEpB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,IAAI;YAAE,OAAO,IAAI,CAAC;IACxB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,wBAAwB;IACtC,OAAO,SAAS,SAAS,CACvB,MAAsB,EACtB,QAA0B;QAE1B,OAAO,CAAC,OAAO,EAAE,YAAY,EAAE,UAA8B,EAAE,EAAE;YAC/D,IAAI,CAAC,UAAU,EAAE,KAAK;gBAAE,OAAO,UAAU,CAAC;YAC1C,MAAM,QAAQ,GAAsB;gBAClC,MAAM,EAAE,MAAgB;gBACxB,QAAQ,EAAE,QAAkB;aAC7B,CAAC;YACF,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,KAAe,EAAE,QAAQ,CAAC,CAAC;YACxD,OAAO,UAAU,CAAC;QACpB,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAaD;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,eAAe,CAC7B,OAA4B;IAE5B,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,kBAAkB,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IAExE,MAAM,kBAAkB;QACtB,WAAW,CAAC,OAAyB;YACnC,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;YACrC,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC/B,MAAM,QAAQ,GAAG,oBAAoB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAEpD,IAAI,CAAC,QAAQ;gBAAE,OAAO,IAAI,CAAC;YAE3B,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,UAAU,EAAE,CAAC;YACpD,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;YACpC,IAAI,CAAC,OAAO;gBAAE,OAAO,KAAK,CAAC;YAE3B,IAAI,CAAC;gBACH,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBAC5D,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC,OAAO,CAAC,CAAC;gBAExC,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAC9B,OAAO,EACP,QAAQ,CAAC,MAA+C,EACxD,QAAQ,CAAC,QAAiD,EAC1D,eAAe,EACf,QAAQ,CACT,CAAC;gBAEF,OAAO,QAAQ,CAAC,OAAO,CAAC;YAC1B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;KACF;IAED,OAAO,kBAAkB,CAAC;AAC5B,CAAC"}

package/dist/policy-builder.d.ts

@@ -0,0 +1,39 @@
+import type { SchemaDefinition, InferRole, InferAction, InferResource, PolicyRule, PolicyEffect, Condition } from "./types.js";
+export declare class RuleBuilder<S extends SchemaDefinition> {
+    private _effect;
+    private _roles;
+    private _actions;
+    private _resources;
+    private _conditions;
+    private _priority;
+    private _description?;
+    private _id;
+    constructor(effect: PolicyEffect);
+    id(id: string): this;
+    roles(...roles: InferRole<S>[]): this;
+    anyRole(): this;
+    actions(...actions: InferAction<S>[]): this;
+    anyAction(): this;
+    on(...resources: InferResource<S>[]): this;
+    anyResource(): this;
+    when(condition: Condition<S>): this;
+    priority(p: number): this;
+    describe(desc: string): this;
+    build(): PolicyRule<S>;
+}
+export declare function allow<S extends SchemaDefinition>(): RuleBuilder<S>;
+export declare function deny<S extends SchemaDefinition>(): RuleBuilder<S>;
+/**
+ * Creates schema-bound allow/deny factories so you don't need to pass
+ * the generic parameter on every call.
+ *
+ * ```ts
+ * const { allow, deny } = createPolicyFactory<MySchema>();
+ * allow().roles("admin").anyAction().anyResource().build();
+ * ```
+ */
+export declare function createPolicyFactory<S extends SchemaDefinition>(): {
+    allow: () => RuleBuilder<S>;
+    deny: () => RuleBuilder<S>;
+};
+//# sourceMappingURL=policy-builder.d.ts.map

package/dist/policy-builder.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-builder.d.ts","sourceRoot":"","sources":["../src/policy-builder.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,SAAS,EACT,WAAW,EACX,aAAa,EACb,UAAU,EACV,YAAY,EACZ,SAAS,EACV,MAAM,YAAY,CAAC;AAQpB,qBAAa,WAAW,CAAC,CAAC,SAAS,gBAAgB;IACjD,OAAO,CAAC,OAAO,CAAe;IAC9B,OAAO,CAAC,MAAM,CAA6B;IAC3C,OAAO,CAAC,QAAQ,CAA+B;IAC/C,OAAO,CAAC,UAAU,CAAiC;IACnD,OAAO,CAAC,WAAW,CAAsB;IACzC,OAAO,CAAC,SAAS,CAAK;IACtB,OAAO,CAAC,YAAY,CAAC,CAAS;IAC9B,OAAO,CAAC,GAAG,CAAS;gBAER,MAAM,EAAE,YAAY;IAKhC,EAAE,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;IAKpB,KAAK,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI;IAKrC,OAAO,IAAI,IAAI;IAKf,OAAO,CAAC,GAAG,OAAO,EAAE,WAAW,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI;IAK3C,SAAS,IAAI,IAAI;IAKjB,EAAE,CAAC,GAAG,SAAS,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI;IAK1C,WAAW,IAAI,IAAI;IAKnB,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI;IAKnC,QAAQ,CAAC,CAAC,EAAE,MAAM,GAAG,IAAI;IAKzB,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAK5B,KAAK,IAAI,UAAU,CAAC,CAAC,CAAC;CAYvB;AAED,wBAAgB,KAAK,CAAC,CAAC,SAAS,gBAAgB,KAAK,WAAW,CAAC,CAAC,CAAC,CAElE;AAED,wBAAgB,IAAI,CAAC,CAAC,SAAS,gBAAgB,KAAK,WAAW,CAAC,CAAC,CAAC,CAEjE;AAED;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CAAC,CAAC,SAAS,gBAAgB,KAAK;IACjE,KAAK,EAAE,MAAM,WAAW,CAAC,CAAC,CAAC,CAAC;IAC5B,IAAI,EAAE,MAAM,WAAW,CAAC,CAAC,CAAC,CAAC;CAC5B,CAKA"}

package/dist/policy-builder.js

@@ -0,0 +1,92 @@
+let ruleCounter = 0;
+function nextRuleId(prefix) {
+    return `${prefix}-${++ruleCounter}`;
+}
+export class RuleBuilder {
+    _effect;
+    _roles = "*";
+    _actions = "*";
+    _resources = "*";
+    _conditions = [];
+    _priority = 0;
+    _description;
+    _id;
+    constructor(effect) {
+        this._effect = effect;
+        this._id = nextRuleId(effect);
+    }
+    id(id) {
+        this._id = id;
+        return this;
+    }
+    roles(...roles) {
+        this._roles = roles;
+        return this;
+    }
+    anyRole() {
+        this._roles = "*";
+        return this;
+    }
+    actions(...actions) {
+        this._actions = actions;
+        return this;
+    }
+    anyAction() {
+        this._actions = "*";
+        return this;
+    }
+    on(...resources) {
+        this._resources = resources;
+        return this;
+    }
+    anyResource() {
+        this._resources = "*";
+        return this;
+    }
+    when(condition) {
+        this._conditions.push(condition);
+        return this;
+    }
+    priority(p) {
+        this._priority = p;
+        return this;
+    }
+    describe(desc) {
+        this._description = desc;
+        return this;
+    }
+    build() {
+        return {
+            id: this._id,
+            effect: this._effect,
+            roles: this._roles,
+            actions: this._actions,
+            resources: this._resources,
+            conditions: this._conditions.length > 0 ? this._conditions : undefined,
+            priority: this._priority,
+            description: this._description,
+        };
+    }
+}
+export function allow() {
+    return new RuleBuilder("allow");
+}
+export function deny() {
+    return new RuleBuilder("deny");
+}
+/**
+ * Creates schema-bound allow/deny factories so you don't need to pass
+ * the generic parameter on every call.
+ *
+ * ```ts
+ * const { allow, deny } = createPolicyFactory<MySchema>();
+ * allow().roles("admin").anyAction().anyResource().build();
+ * ```
+ */
+export function createPolicyFactory() {
+    return {
+        allow: () => new RuleBuilder("allow"),
+        deny: () => new RuleBuilder("deny"),
+    };
+}
+//# sourceMappingURL=policy-builder.js.map

package/dist/policy-builder.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-builder.js","sourceRoot":"","sources":["../src/policy-builder.ts"],"names":[],"mappings":"AAUA,IAAI,WAAW,GAAG,CAAC,CAAC;AAEpB,SAAS,UAAU,CAAC,MAAc;IAChC,OAAO,GAAG,MAAM,IAAI,EAAE,WAAW,EAAE,CAAC;AACtC,CAAC;AAED,MAAM,OAAO,WAAW;IACd,OAAO,CAAe;IACtB,MAAM,GAAyB,GAAG,CAAC;IACnC,QAAQ,GAA2B,GAAG,CAAC;IACvC,UAAU,GAA6B,GAAG,CAAC;IAC3C,WAAW,GAAmB,EAAE,CAAC;IACjC,SAAS,GAAG,CAAC,CAAC;IACd,YAAY,CAAU;IACtB,GAAG,CAAS;IAEpB,YAAY,MAAoB;QAC9B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,GAAG,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAChC,CAAC;IAED,EAAE,CAAC,EAAU;QACX,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC;QACd,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,GAAG,KAAqB;QAC5B,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC;QAClB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,GAAG,OAAyB;QAClC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,SAAS;QACP,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,EAAE,CAAC,GAAG,SAA6B;QACjC,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,WAAW;QACT,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,SAAuB;QAC1B,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,QAAQ,CAAC,CAAS;QAChB,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,QAAQ,CAAC,IAAY;QACnB,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK;QACH,OAAO;YACL,EAAE,EAAE,IAAI,CAAC,GAAG;YACZ,MAAM,EAAE,IAAI,CAAC,OAAO;YACpB,KAAK,EAAE,IAAI,CAAC,MAAM;YAClB,OAAO,EAAE,IAAI,CAAC,QAAQ;YACtB,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,UAAU,EAAE,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;YACtE,QAAQ,EAAE,IAAI,CAAC,SAAS;YACxB,WAAW,EAAE,IAAI,CAAC,YAAY;SAC/B,CAAC;IACJ,CAAC;CACF;AAED,MAAM,UAAU,KAAK;IACnB,OAAO,IAAI,WAAW,CAAI,OAAO,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,IAAI;IAClB,OAAO,IAAI,WAAW,CAAI,MAAM,CAAC,CAAC;AACpC,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB;IAIjC,OAAO;QACL,KAAK,EAAE,GAAG,EAAE,CAAC,IAAI,WAAW,CAAI,OAAO,CAAC;QACxC,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,WAAW,CAAI,MAAM,CAAC;KACvC,CAAC;AACJ,CAAC"}

package/dist/role-hierarchy.d.ts

@@ -0,0 +1,42 @@
+import type { SchemaDefinition, InferRole } from "./types.js";
+/**
+ * Defines a role inheritance hierarchy.
+ *
+ * When a role inherits from another, it gains all permissions of its parent roles.
+ * Cycles are detected and rejected at definition time.
+ *
+ * ```ts
+ * const hierarchy = new RoleHierarchy<MySchema>()
+ *   .define("admin", ["manager", "viewer"])
+ *   .define("manager", ["member"])
+ *   .define("member", ["viewer"]);
+ *
+ * hierarchy.resolve("admin");
+ * // Set { "admin", "manager", "member", "viewer" }
+ * ```
+ */
+export declare class RoleHierarchy<S extends SchemaDefinition> {
+    private parents;
+    private cache;
+    /**
+     * Define that `role` inherits permissions from `inheritsFrom` roles.
+     * Clears the resolution cache.
+     */
+    define(role: InferRole<S>, inheritsFrom: InferRole<S>[]): this;
+    /**
+     * Resolve the full set of roles a given role expands to,
+     * including all inherited roles (transitive).
+     */
+    resolve(role: InferRole<S>): Set<string>;
+    /**
+     * Resolve multiple roles at once, returning the merged set.
+     */
+    resolveAll(roles: Iterable<InferRole<S>>): Set<string>;
+    /**
+     * Get all defined roles that have inheritance rules.
+     */
+    definedRoles(): string[];
+    private walk;
+    private detectCycle;
+}
+//# sourceMappingURL=role-hierarchy.d.ts.map

package/dist/role-hierarchy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"role-hierarchy.d.ts","sourceRoot":"","sources":["../src/role-hierarchy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE9D;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,aAAa,CAAC,CAAC,SAAS,gBAAgB;IACnD,OAAO,CAAC,OAAO,CAA+B;IAC9C,OAAO,CAAC,KAAK,CAAkC;IAE/C;;;OAGG;IACH,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI;IAO9D;;;OAGG;IACH,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC;IAWxC;;OAEG;IACH,UAAU,CAAC,KAAK,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC;IAUtD;;OAEG;IACH,YAAY,IAAI,MAAM,EAAE;IAIxB,OAAO,CAAC,IAAI;IAWZ,OAAO,CAAC,WAAW;CAepB"}