@stigmer/protos 0.0.34

package/ai/stigmer/iam/iampolicy/v1/query_connect.d.ts

@@ -0,0 +1,91 @@
+/**
+ * iam-policy query controller
+ *
+ * @generated from service ai.stigmer.iam.iampolicy.v1.IamPolicyQueryController
+ */
+export declare const IamPolicyQueryController: {
+    readonly typeName: "ai.stigmer.iam.iampolicy.v1.IamPolicyQueryController";
+    readonly methods: {
+        /**
+         * lookup iam-policy by id
+         *
+         * @generated from rpc ai.stigmer.iam.iampolicy.v1.IamPolicyQueryController.get
+         */
+        readonly get: {
+            readonly name: "get";
+            readonly I: any;
+            readonly O: any;
+            readonly kind: any;
+        };
+        /**
+         * Check if a principal is authorized to perform a relation on a resource
+         *
+         * This is the fundamental authorization check RPC that answers the question:
+         * "Does principal X have permission Y on resource Z?"
+         *
+         * It provides a simple boolean answer based on the complete authorization state,
+         * including existing IAM policies, inherited permissions, and group memberships.
+         *
+         * Use Cases:
+         * - Pre-flight UI checks before showing buttons/actions
+         * - API request authorization before processing operations
+         * - Service-to-service authorization
+         * - Team-based access checks
+         *
+         * Input: CheckAuthorizationInput with policy spec and optional contextual policies
+         * Output: CheckAuthorizationResult with is_authorized boolean
+         *
+         * @generated from rpc ai.stigmer.iam.iampolicy.v1.IamPolicyQueryController.checkAuthorization
+         */
+        readonly checkAuthorization: {
+            readonly name: "checkAuthorization";
+            readonly I: any;
+            readonly O: any;
+            readonly kind: any;
+        };
+        /**
+         * List all resource IDs of a specific kind that a principal is authorized to access
+         *
+         * This RPC answers: "What are all the [resource-kind] that [principal] can [relation] on?"
+         * Essential for building permission-aware UIs and filtering resource lists.
+         *
+         * Use Cases:
+         * - Resource list filtering in dropdowns
+         * - Permission-based navigation
+         * - Bulk authorization checks
+         *
+         * Input: ListAuthorizedResourceIdsInput with principal, resource_kind, and relation
+         * Output: AuthorizedResourceIdsList containing all accessible resource IDs
+         *
+         * @generated from rpc ai.stigmer.iam.iampolicy.v1.IamPolicyQueryController.listAuthorizedResourceIds
+         */
+        readonly listAuthorizedResourceIds: {
+            readonly name: "listAuthorizedResourceIds";
+            readonly I: any;
+            readonly O: any;
+            readonly kind: any;
+        };
+        /**
+         * List all principal IDs of a specific kind that are authorized to access a resource
+         *
+         * This RPC answers: "What are all the [principal-kind] that have [relation] access on [resource]?"
+         * Inverse of listAuthorizedResourceIds.
+         *
+         * Use Cases:
+         * - Resource access audit (who can access this?)
+         * - Team discovery for resources
+         * - Compliance and security audits
+         *
+         * Input: ListAuthorizedPrincipalIdsInput with resource, principal_kind, and relation
+         * Output: AuthorizedPrincipalIdsList containing all authorized principal IDs
+         *
+         * @generated from rpc ai.stigmer.iam.iampolicy.v1.IamPolicyQueryController.listAuthorizedPrincipalIds
+         */
+        readonly listAuthorizedPrincipalIds: {
+            readonly name: "listAuthorizedPrincipalIds";
+            readonly I: any;
+            readonly O: any;
+            readonly kind: any;
+        };
+    };
+};

package/ai/stigmer/iam/iampolicy/v1/query_connect.js

@@ -0,0 +1,97 @@
+// @generated by protoc-gen-connect-es v1.6.1 with parameter "target=ts"
+// @generated from file ai/stigmer/iam/iampolicy/v1/query.proto (package ai.stigmer.iam.iampolicy.v1, syntax proto3)
+/* eslint-disable */
+// @ts-nocheck
+import { MethodKind } from "@bufbuild/protobuf";
+/**
+ * iam-policy query controller
+ *
+ * @generated from service ai.stigmer.iam.iampolicy.v1.IamPolicyQueryController
+ */
+export const IamPolicyQueryController = {
+    typeName: "ai.stigmer.iam.iampolicy.v1.IamPolicyQueryController",
+    methods: {
+        /**
+         * lookup iam-policy by id
+         *
+         * @generated from rpc ai.stigmer.iam.iampolicy.v1.IamPolicyQueryController.get
+         */
+        get: {
+            name: "get",
+            I: IamPolicyId,
+            O: IamPolicy,
+            kind: MethodKind.Unary,
+        },
+        /**
+         * Check if a principal is authorized to perform a relation on a resource
+         *
+         * This is the fundamental authorization check RPC that answers the question:
+         * "Does principal X have permission Y on resource Z?"
+         *
+         * It provides a simple boolean answer based on the complete authorization state,
+         * including existing IAM policies, inherited permissions, and group memberships.
+         *
+         * Use Cases:
+         * - Pre-flight UI checks before showing buttons/actions
+         * - API request authorization before processing operations
+         * - Service-to-service authorization
+         * - Team-based access checks
+         *
+         * Input: CheckAuthorizationInput with policy spec and optional contextual policies
+         * Output: CheckAuthorizationResult with is_authorized boolean
+         *
+         * @generated from rpc ai.stigmer.iam.iampolicy.v1.IamPolicyQueryController.checkAuthorization
+         */
+        checkAuthorization: {
+            name: "checkAuthorization",
+            I: CheckAuthorizationInput,
+            O: CheckAuthorizationResult,
+            kind: MethodKind.Unary,
+        },
+        /**
+         * List all resource IDs of a specific kind that a principal is authorized to access
+         *
+         * This RPC answers: "What are all the [resource-kind] that [principal] can [relation] on?"
+         * Essential for building permission-aware UIs and filtering resource lists.
+         *
+         * Use Cases:
+         * - Resource list filtering in dropdowns
+         * - Permission-based navigation
+         * - Bulk authorization checks
+         *
+         * Input: ListAuthorizedResourceIdsInput with principal, resource_kind, and relation
+         * Output: AuthorizedResourceIdsList containing all accessible resource IDs
+         *
+         * @generated from rpc ai.stigmer.iam.iampolicy.v1.IamPolicyQueryController.listAuthorizedResourceIds
+         */
+        listAuthorizedResourceIds: {
+            name: "listAuthorizedResourceIds",
+            I: ListAuthorizedResourceIdsInput,
+            O: AuthorizedResourceIdsList,
+            kind: MethodKind.Unary,
+        },
+        /**
+         * List all principal IDs of a specific kind that are authorized to access a resource
+         *
+         * This RPC answers: "What are all the [principal-kind] that have [relation] access on [resource]?"
+         * Inverse of listAuthorizedResourceIds.
+         *
+         * Use Cases:
+         * - Resource access audit (who can access this?)
+         * - Team discovery for resources
+         * - Compliance and security audits
+         *
+         * Input: ListAuthorizedPrincipalIdsInput with resource, principal_kind, and relation
+         * Output: AuthorizedPrincipalIdsList containing all authorized principal IDs
+         *
+         * @generated from rpc ai.stigmer.iam.iampolicy.v1.IamPolicyQueryController.listAuthorizedPrincipalIds
+         */
+        listAuthorizedPrincipalIds: {
+            name: "listAuthorizedPrincipalIds",
+            I: ListAuthorizedPrincipalIdsInput,
+            O: AuthorizedPrincipalIdsList,
+            kind: MethodKind.Unary,
+        },
+    }
+};
+//# sourceMappingURL=query_connect.js.map

package/ai/stigmer/iam/iampolicy/v1/query_connect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"query_connect.js","sourceRoot":"","sources":["../../../../../../ai/stigmer/iam/iampolicy/v1/query_connect.ts"],"names":[],"mappings":"AAAA,wEAAwE;AACxE,oHAAoH;AACpH,oBAAoB;AACpB,cAAc;AAId,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD;;;;GAIG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,QAAQ,EAAE,sDAAsD;IAChE,OAAO,EAAE;QACP;;;;WAIG;QACH,GAAG,EAAE;YACH,IAAI,EAAE,KAAK;YACX,CAAC,EAAE,WAAW;YACd,CAAC,EAAE,SAAS;YACZ,IAAI,EAAE,UAAU,CAAC,KAAK;SACvB;QACD;;;;;;;;;;;;;;;;;;;WAmBG;QACH,kBAAkB,EAAE;YAClB,IAAI,EAAE,oBAAoB;YAC1B,CAAC,EAAE,uBAAuB;YAC1B,CAAC,EAAE,wBAAwB;YAC3B,IAAI,EAAE,UAAU,CAAC,KAAK;SACvB;QACD;;;;;;;;;;;;;;;WAeG;QACH,yBAAyB,EAAE;YACzB,IAAI,EAAE,2BAA2B;YACjC,CAAC,EAAE,8BAA8B;YACjC,CAAC,EAAE,yBAAyB;YAC5B,IAAI,EAAE,UAAU,CAAC,KAAK;SACvB;QACD;;;;;;;;;;;;;;;WAeG;QACH,0BAA0B,EAAE;YAC1B,IAAI,EAAE,4BAA4B;YAClC,CAAC,EAAE,+BAA+B;YAClC,CAAC,EAAE,0BAA0B;YAC7B,IAAI,EAAE,UAAU,CAAC,KAAK;SACvB;KACF;CACO,CAAC"}

package/ai/stigmer/iam/iampolicy/v1/query_pb.d.ts

@@ -0,0 +1,91 @@
+import type { GenFile, GenService } from "@bufbuild/protobuf/codegenv1";
+import type { IamPolicySchema } from "./api_pb";
+import type { AuthorizedPrincipalIdsListSchema, AuthorizedResourceIdsListSchema, CheckAuthorizationInputSchema, CheckAuthorizationResultSchema, IamPolicyIdSchema, ListAuthorizedPrincipalIdsInputSchema, ListAuthorizedResourceIdsInputSchema } from "./io_pb";
+/**
+ * Describes the file ai/stigmer/iam/iampolicy/v1/query.proto.
+ */
+export declare const file_ai_stigmer_iam_iampolicy_v1_query: GenFile;
+/**
+ * iam-policy query controller
+ *
+ * @generated from service ai.stigmer.iam.iampolicy.v1.IamPolicyQueryController
+ */
+export declare const IamPolicyQueryController: GenService<{
+    /**
+     * lookup iam-policy by id
+     *
+     * @generated from rpc ai.stigmer.iam.iampolicy.v1.IamPolicyQueryController.get
+     */
+    get: {
+        methodKind: "unary";
+        input: typeof IamPolicyIdSchema;
+        output: typeof IamPolicySchema;
+    };
+    /**
+     * Check if a principal is authorized to perform a relation on a resource
+     *
+     * This is the fundamental authorization check RPC that answers the question:
+     * "Does principal X have permission Y on resource Z?"
+     *
+     * It provides a simple boolean answer based on the complete authorization state,
+     * including existing IAM policies, inherited permissions, and group memberships.
+     *
+     * Use Cases:
+     * - Pre-flight UI checks before showing buttons/actions
+     * - API request authorization before processing operations
+     * - Service-to-service authorization
+     * - Team-based access checks
+     *
+     * Input: CheckAuthorizationInput with policy spec and optional contextual policies
+     * Output: CheckAuthorizationResult with is_authorized boolean
+     *
+     * @generated from rpc ai.stigmer.iam.iampolicy.v1.IamPolicyQueryController.checkAuthorization
+     */
+    checkAuthorization: {
+        methodKind: "unary";
+        input: typeof CheckAuthorizationInputSchema;
+        output: typeof CheckAuthorizationResultSchema;
+    };
+    /**
+     * List all resource IDs of a specific kind that a principal is authorized to access
+     *
+     * This RPC answers: "What are all the [resource-kind] that [principal] can [relation] on?"
+     * Essential for building permission-aware UIs and filtering resource lists.
+     *
+     * Use Cases:
+     * - Resource list filtering in dropdowns
+     * - Permission-based navigation
+     * - Bulk authorization checks
+     *
+     * Input: ListAuthorizedResourceIdsInput with principal, resource_kind, and relation
+     * Output: AuthorizedResourceIdsList containing all accessible resource IDs
+     *
+     * @generated from rpc ai.stigmer.iam.iampolicy.v1.IamPolicyQueryController.listAuthorizedResourceIds
+     */
+    listAuthorizedResourceIds: {
+        methodKind: "unary";
+        input: typeof ListAuthorizedResourceIdsInputSchema;
+        output: typeof AuthorizedResourceIdsListSchema;
+    };
+    /**
+     * List all principal IDs of a specific kind that are authorized to access a resource
+     *
+     * This RPC answers: "What are all the [principal-kind] that have [relation] access on [resource]?"
+     * Inverse of listAuthorizedResourceIds.
+     *
+     * Use Cases:
+     * - Resource access audit (who can access this?)
+     * - Team discovery for resources
+     * - Compliance and security audits
+     *
+     * Input: ListAuthorizedPrincipalIdsInput with resource, principal_kind, and relation
+     * Output: AuthorizedPrincipalIdsList containing all authorized principal IDs
+     *
+     * @generated from rpc ai.stigmer.iam.iampolicy.v1.IamPolicyQueryController.listAuthorizedPrincipalIds
+     */
+    listAuthorizedPrincipalIds: {
+        methodKind: "unary";
+        input: typeof ListAuthorizedPrincipalIdsInputSchema;
+        output: typeof AuthorizedPrincipalIdsListSchema;
+    };
+}>;

package/ai/stigmer/iam/iampolicy/v1/query_pb.js

@@ -0,0 +1,19 @@
+// @generated by protoc-gen-es v2.2.2 with parameter "target=ts"
+// @generated from file ai/stigmer/iam/iampolicy/v1/query.proto (package ai.stigmer.iam.iampolicy.v1, syntax proto3)
+/* eslint-disable */
+import { fileDesc, serviceDesc } from "@bufbuild/protobuf/codegenv1";
+import { file_ai_stigmer_commons_apiresource_rpc_service_options } from "../../../commons/apiresource/rpc_service_options_pb";
+import { file_ai_stigmer_iam_iampolicy_v1_api } from "./api_pb";
+import { file_ai_stigmer_iam_iampolicy_v1_io } from "./io_pb";
+import { file_ai_stigmer_iam_iampolicy_v1_rpcauthorization_method_options } from "./rpcauthorization/method_options_pb";
+/**
+ * Describes the file ai/stigmer/iam/iampolicy/v1/query.proto.
+ */
+export const file_ai_stigmer_iam_iampolicy_v1_query = /*@__PURE__*/ fileDesc("CidhaS9zdGlnbWVyL2lhbS9pYW1wb2xpY3kvdjEvcXVlcnkucHJvdG8SG2FpLnN0aWdtZXIuaWFtLmlhbXBvbGljeS52MTLIBQoYSWFtUG9saWN5UXVlcnlDb250cm9sbGVyEoUBCgNnZXQSKC5haS5zdGlnbWVyLmlhbS5pYW1wb2xpY3kudjEuSWFtUG9saWN5SWQaJi5haS5zdGlnbWVyLmlhbS5pYW1wb2xpY3kudjEuSWFtUG9saWN5IizCuBgoCAkqJHVuYXV0aG9yaXplZCB0byB2aWV3IGFjY2VzcyBwb2xpY2llcxKHAQoSY2hlY2tBdXRob3JpemF0aW9uEjQuYWkuc3RpZ21lci5pYW0uaWFtcG9saWN5LnYxLkNoZWNrQXV0aG9yaXphdGlvbklucHV0GjUuYWkuc3RpZ21lci5pYW0uaWFtcG9saWN5LnYxLkNoZWNrQXV0aG9yaXphdGlvblJlc3VsdCIE0LgYARLGAQoZbGlzdEF1dGhvcml6ZWRSZXNvdXJjZUlkcxI7LmFpLnN0aWdtZXIuaWFtLmlhbXBvbGljeS52MS5MaXN0QXV0aG9yaXplZFJlc291cmNlSWRzSW5wdXQaNi5haS5zdGlnbWVyLmlhbS5pYW1wb2xpY3kudjEuQXV0aG9yaXplZFJlc291cmNlSWRzTGlzdCI0wrgYMAgJKix1bmF1dGhvcml6ZWQgdG8gdmlldyBhdXRob3JpemVkIHJlc291cmNlIGlkcxLKAQoabGlzdEF1dGhvcml6ZWRQcmluY2lwYWxJZHMSPC5haS5zdGlnbWVyLmlhbS5pYW1wb2xpY3kudjEuTGlzdEF1dGhvcml6ZWRQcmluY2lwYWxJZHNJbnB1dBo3LmFpLnN0aWdtZXIuaWFtLmlhbXBvbGljeS52MS5BdXRob3JpemVkUHJpbmNpcGFsSWRzTGlzdCI1wrgYMQgJKi11bmF1dGhvcml6ZWQgdG8gdmlldyBhdXRob3JpemVkIHByaW5jaXBhbCBpZHMaBKD/KwpiBnByb3RvMw", [file_ai_stigmer_commons_apiresource_rpc_service_options, file_ai_stigmer_iam_iampolicy_v1_api, file_ai_stigmer_iam_iampolicy_v1_io, file_ai_stigmer_iam_iampolicy_v1_rpcauthorization_method_options]);
+/**
+ * iam-policy query controller
+ *
+ * @generated from service ai.stigmer.iam.iampolicy.v1.IamPolicyQueryController
+ */
+export const IamPolicyQueryController = /*@__PURE__*/ serviceDesc(file_ai_stigmer_iam_iampolicy_v1_query, 0);
+//# sourceMappingURL=query_pb.js.map

package/ai/stigmer/iam/iampolicy/v1/query_pb.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"query_pb.js","sourceRoot":"","sources":["../../../../../../ai/stigmer/iam/iampolicy/v1/query_pb.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,oHAAoH;AACpH,oBAAoB;AAGpB,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,uDAAuD,EAAE,MAAM,qDAAqD,CAAC;AAE9H,OAAO,EAAE,oCAAoC,EAAE,MAAM,UAAU,CAAC;AAEhE,OAAO,EAAE,mCAAmC,EAAE,MAAM,SAAS,CAAC;AAC9D,OAAO,EAAE,gEAAgE,EAAE,MAAM,sCAAsC,CAAC;AAExH;;GAEG;AACH,MAAM,CAAC,MAAM,sCAAsC,GAAY,aAAa,CAC1E,QAAQ,CAAC,oiCAAoiC,EAAE,CAAC,uDAAuD,EAAE,oCAAoC,EAAE,mCAAmC,EAAE,gEAAgE,CAAC,CAAC,CAAC;AAEzvC;;;;GAIG;AACH,MAAM,CAAC,MAAM,wBAAwB,GA8EhC,aAAa,CAChB,WAAW,CAAC,sCAAsC,EAAE,CAAC,CAAC,CAAC"}

package/ai/stigmer/iam/iampolicy/v1/rpcauthorization/iam_permission_pb.d.ts

@@ -0,0 +1,171 @@
+import type { GenEnum, GenFile } from "@bufbuild/protobuf/codegenv1";
+/**
+ * Describes the file ai/stigmer/iam/iampolicy/v1/rpcauthorization/iam_permission.proto.
+ */
+export declare const file_ai_stigmer_iam_iampolicy_v1_rpcauthorization_iam_permission: GenFile;
+/**
+ * ApiResourceIamPermission defines the core permissions used in the authorization model.
+ * This is a simplified set for a demo project, containing only essential permissions.
+ *
+ * @generated from enum ai.stigmer.iam.iampolicy.v1.rpcauthorization.ApiResourceIamPermission
+ */
+export declare enum ApiResourceIamPermission {
+    /**
+     * @generated from enum value: unspecified = 0;
+     */
+    unspecified = 0,
+    /**
+     * Basic CRUD permissions
+     *
+     * @generated from enum value: create = 1;
+     */
+    create = 1,
+    /**
+     * @generated from enum value: can_delete = 2;
+     */
+    can_delete = 2,
+    /**
+     * @generated from enum value: can_view = 3;
+     */
+    can_view = 3,
+    /**
+     * @generated from enum value: can_edit = 4;
+     */
+    can_edit = 4,
+    /**
+     * Platform-level permissions
+     *
+     * Platform operator with elevated privileges
+     *
+     * @generated from enum value: operator = 5;
+     */
+    operator = 5,
+    /**
+     * Platform-level access
+     *
+     * @generated from enum value: platform = 6;
+     */
+    platform = 6,
+    /**
+     * Permission to login to back office
+     *
+     * @generated from enum value: login_to_back_office = 7;
+     */
+    login_to_back_office = 7,
+    /**
+     * IAM policy management permissions (follows can_* pattern)
+     *
+     * Permission to grant/revoke access (create/delete IAM policies)
+     *
+     * @generated from enum value: can_grant_access = 8;
+     */
+    can_grant_access = 8,
+    /**
+     * Permission to view who has access (view IAM policies)
+     *
+     * @generated from enum value: can_view_access = 9;
+     */
+    can_view_access = 9,
+    /**
+     * Resource ownership and membership
+     *
+     * Resource owner
+     *
+     * @generated from enum value: owner = 10;
+     */
+    owner = 10,
+    /**
+     * Resource member (for teams, organizations)
+     *
+     * @generated from enum value: member = 11;
+     */
+    member = 11,
+    /**
+     * Structural relations (parent links)
+     *
+     * Link to identity account (user-scoped parent)
+     *
+     * @generated from enum value: identity_account = 12;
+     */
+    identity_account = 12,
+    /**
+     * Link to organization (org-scoped parent)
+     *
+     * @generated from enum value: organization = 13;
+     */
+    organization = 13,
+    /**
+     * Link to session (agent execution parent)
+     *
+     * @generated from enum value: session = 14;
+     */
+    session = 14,
+    /**
+     * Link to agent (agent instance parent)
+     *
+     * @generated from enum value: agent = 15;
+     */
+    agent = 15,
+    /**
+     * Resource-specific creation permissions
+     *
+     * Permission to create agents in an organization
+     *
+     * @generated from enum value: can_create_agent = 16;
+     */
+    can_create_agent = 16,
+    /**
+     * Permission to create workflows in an organization
+     *
+     * @generated from enum value: can_create_workflow = 17;
+     */
+    can_create_workflow = 17,
+    /**
+     * Permission to create sessions in an organization
+     *
+     * @generated from enum value: can_create_session = 18;
+     */
+    can_create_session = 18,
+    /**
+     * Permission to create agent executions in a session
+     *
+     * @generated from enum value: can_create_execution_in = 19;
+     */
+    can_create_execution_in = 19,
+    /**
+     * Permission to create agent instances (derived from can_execute on parent agent)
+     *
+     * @generated from enum value: can_create_instance = 20;
+     */
+    can_create_instance = 20,
+    /**
+     * Permission to create skills in an organization
+     *
+     * @generated from enum value: can_create_skill = 21;
+     */
+    can_create_skill = 21,
+    /**
+     * Permission to create projects in an organization
+     *
+     * @generated from enum value: can_create_project = 23;
+     */
+    can_create_project = 23,
+    /**
+     * Permission to create identity providers in an organization
+     *
+     * @generated from enum value: can_create_idp = 24;
+     */
+    can_create_idp = 24,
+    /**
+     * Resource-specific operation permissions
+     *
+     * Permission to execute agent/session operations
+     *
+     * @generated from enum value: can_execute = 22;
+     */
+    can_execute = 22
+}
+/**
+ * Describes the enum ai.stigmer.iam.iampolicy.v1.rpcauthorization.ApiResourceIamPermission.
+ */
+export declare const ApiResourceIamPermissionSchema: GenEnum<ApiResourceIamPermission>;

package/ai/stigmer/iam/iampolicy/v1/rpcauthorization/iam_permission_pb.js

@@ -0,0 +1,176 @@
+// @generated by protoc-gen-es v2.2.2 with parameter "target=ts"
+// @generated from file ai/stigmer/iam/iampolicy/v1/rpcauthorization/iam_permission.proto (package ai.stigmer.iam.iampolicy.v1.rpcauthorization, syntax proto3)
+/* eslint-disable */
+import { enumDesc, fileDesc } from "@bufbuild/protobuf/codegenv1";
+/**
+ * Describes the file ai/stigmer/iam/iampolicy/v1/rpcauthorization/iam_permission.proto.
+ */
+export const file_ai_stigmer_iam_iampolicy_v1_rpcauthorization_iam_permission = /*@__PURE__*/ fileDesc("CkFhaS9zdGlnbWVyL2lhbS9pYW1wb2xpY3kvdjEvcnBjYXV0aG9yaXphdGlvbi9pYW1fcGVybWlzc2lvbi5wcm90bxIsYWkuc3RpZ21lci5pYW0uaWFtcG9saWN5LnYxLnJwY2F1dGhvcml6YXRpb24q6wMKGEFwaVJlc291cmNlSWFtUGVybWlzc2lvbhIPCgt1bnNwZWNpZmllZBAAEgoKBmNyZWF0ZRABEg4KCmNhbl9kZWxldGUQAhIMCghjYW5fdmlldxADEgwKCGNhbl9lZGl0EAQSDAoIb3BlcmF0b3IQBRIMCghwbGF0Zm9ybRAGEhgKFGxvZ2luX3RvX2JhY2tfb2ZmaWNlEAcSFAoQY2FuX2dyYW50X2FjY2VzcxAIEhMKD2Nhbl92aWV3X2FjY2VzcxAJEgkKBW93bmVyEAoSCgoGbWVtYmVyEAsSFAoQaWRlbnRpdHlfYWNjb3VudBAMEhAKDG9yZ2FuaXphdGlvbhANEgsKB3Nlc3Npb24QDhIJCgVhZ2VudBAPEhQKEGNhbl9jcmVhdGVfYWdlbnQQEBIXChNjYW5fY3JlYXRlX3dvcmtmbG93EBESFgoSY2FuX2NyZWF0ZV9zZXNzaW9uEBISGwoXY2FuX2NyZWF0ZV9leGVjdXRpb25faW4QExIXChNjYW5fY3JlYXRlX2luc3RhbmNlEBQSFAoQY2FuX2NyZWF0ZV9za2lsbBAVEhYKEmNhbl9jcmVhdGVfcHJvamVjdBAXEhIKDmNhbl9jcmVhdGVfaWRwEBgSDwoLY2FuX2V4ZWN1dGUQFmIGcHJvdG8z");
+/**
+ * ApiResourceIamPermission defines the core permissions used in the authorization model.
+ * This is a simplified set for a demo project, containing only essential permissions.
+ *
+ * @generated from enum ai.stigmer.iam.iampolicy.v1.rpcauthorization.ApiResourceIamPermission
+ */
+export var ApiResourceIamPermission;
+(function (ApiResourceIamPermission) {
+    /**
+     * @generated from enum value: unspecified = 0;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["unspecified"] = 0] = "unspecified";
+    /**
+     * Basic CRUD permissions
+     *
+     * @generated from enum value: create = 1;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["create"] = 1] = "create";
+    /**
+     * @generated from enum value: can_delete = 2;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["can_delete"] = 2] = "can_delete";
+    /**
+     * @generated from enum value: can_view = 3;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["can_view"] = 3] = "can_view";
+    /**
+     * @generated from enum value: can_edit = 4;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["can_edit"] = 4] = "can_edit";
+    /**
+     * Platform-level permissions
+     *
+     * Platform operator with elevated privileges
+     *
+     * @generated from enum value: operator = 5;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["operator"] = 5] = "operator";
+    /**
+     * Platform-level access
+     *
+     * @generated from enum value: platform = 6;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["platform"] = 6] = "platform";
+    /**
+     * Permission to login to back office
+     *
+     * @generated from enum value: login_to_back_office = 7;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["login_to_back_office"] = 7] = "login_to_back_office";
+    /**
+     * IAM policy management permissions (follows can_* pattern)
+     *
+     * Permission to grant/revoke access (create/delete IAM policies)
+     *
+     * @generated from enum value: can_grant_access = 8;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["can_grant_access"] = 8] = "can_grant_access";
+    /**
+     * Permission to view who has access (view IAM policies)
+     *
+     * @generated from enum value: can_view_access = 9;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["can_view_access"] = 9] = "can_view_access";
+    /**
+     * Resource ownership and membership
+     *
+     * Resource owner
+     *
+     * @generated from enum value: owner = 10;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["owner"] = 10] = "owner";
+    /**
+     * Resource member (for teams, organizations)
+     *
+     * @generated from enum value: member = 11;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["member"] = 11] = "member";
+    /**
+     * Structural relations (parent links)
+     *
+     * Link to identity account (user-scoped parent)
+     *
+     * @generated from enum value: identity_account = 12;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["identity_account"] = 12] = "identity_account";
+    /**
+     * Link to organization (org-scoped parent)
+     *
+     * @generated from enum value: organization = 13;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["organization"] = 13] = "organization";
+    /**
+     * Link to session (agent execution parent)
+     *
+     * @generated from enum value: session = 14;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["session"] = 14] = "session";
+    /**
+     * Link to agent (agent instance parent)
+     *
+     * @generated from enum value: agent = 15;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["agent"] = 15] = "agent";
+    /**
+     * Resource-specific creation permissions
+     *
+     * Permission to create agents in an organization
+     *
+     * @generated from enum value: can_create_agent = 16;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["can_create_agent"] = 16] = "can_create_agent";
+    /**
+     * Permission to create workflows in an organization
+     *
+     * @generated from enum value: can_create_workflow = 17;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["can_create_workflow"] = 17] = "can_create_workflow";
+    /**
+     * Permission to create sessions in an organization
+     *
+     * @generated from enum value: can_create_session = 18;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["can_create_session"] = 18] = "can_create_session";
+    /**
+     * Permission to create agent executions in a session
+     *
+     * @generated from enum value: can_create_execution_in = 19;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["can_create_execution_in"] = 19] = "can_create_execution_in";
+    /**
+     * Permission to create agent instances (derived from can_execute on parent agent)
+     *
+     * @generated from enum value: can_create_instance = 20;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["can_create_instance"] = 20] = "can_create_instance";
+    /**
+     * Permission to create skills in an organization
+     *
+     * @generated from enum value: can_create_skill = 21;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["can_create_skill"] = 21] = "can_create_skill";
+    /**
+     * Permission to create projects in an organization
+     *
+     * @generated from enum value: can_create_project = 23;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["can_create_project"] = 23] = "can_create_project";
+    /**
+     * Permission to create identity providers in an organization
+     *
+     * @generated from enum value: can_create_idp = 24;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["can_create_idp"] = 24] = "can_create_idp";
+    /**
+     * Resource-specific operation permissions
+     *
+     * Permission to execute agent/session operations
+     *
+     * @generated from enum value: can_execute = 22;
+     */
+    ApiResourceIamPermission[ApiResourceIamPermission["can_execute"] = 22] = "can_execute";
+})(ApiResourceIamPermission || (ApiResourceIamPermission = {}));
+/**
+ * Describes the enum ai.stigmer.iam.iampolicy.v1.rpcauthorization.ApiResourceIamPermission.
+ */
+export const ApiResourceIamPermissionSchema = /*@__PURE__*/ enumDesc(file_ai_stigmer_iam_iampolicy_v1_rpcauthorization_iam_permission, 0);
+//# sourceMappingURL=iam_permission_pb.js.map

package/ai/stigmer/iam/iampolicy/v1/rpcauthorization/iam_permission_pb.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"iam_permission_pb.js","sourceRoot":"","sources":["../../../../../../../ai/stigmer/iam/iampolicy/v1/rpcauthorization/iam_permission_pb.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,+JAA+J;AAC/J,oBAAoB;AAGpB,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAC;AAElE;;GAEG;AACH,MAAM,CAAC,MAAM,gEAAgE,GAAY,aAAa,CACpG,QAAQ,CAAC,szBAAszB,CAAC,CAAC;AAEn0B;;;;;GAKG;AACH,MAAM,CAAN,IAAY,wBAmLX;AAnLD,WAAY,wBAAwB;IAClC;;OAEG;IACH,qFAAe,CAAA;IAEf;;;;OAIG;IACH,2EAAU,CAAA;IAEV;;OAEG;IACH,mFAAc,CAAA;IAEd;;OAEG;IACH,+EAAY,CAAA;IAEZ;;OAEG;IACH,+EAAY,CAAA;IAEZ;;;;;;OAMG;IACH,+EAAY,CAAA;IAEZ;;;;OAIG;IACH,+EAAY,CAAA;IAEZ;;;;OAIG;IACH,uGAAwB,CAAA;IAExB;;;;;;OAMG;IACH,+FAAoB,CAAA;IAEpB;;;;OAIG;IACH,6FAAmB,CAAA;IAEnB;;;;;;OAMG;IACH,0EAAU,CAAA;IAEV;;;;OAIG;IACH,4EAAW,CAAA;IAEX;;;;;;OAMG;IACH,gGAAqB,CAAA;IAErB;;;;OAIG;IACH,wFAAiB,CAAA;IAEjB;;;;OAIG;IACH,8EAAY,CAAA;IAEZ;;;;OAIG;IACH,0EAAU,CAAA;IAEV;;;;;;OAMG;IACH,gGAAqB,CAAA;IAErB;;;;OAIG;IACH,sGAAwB,CAAA;IAExB;;;;OAIG;IACH,oGAAuB,CAAA;IAEvB;;;;OAIG;IACH,8GAA4B,CAAA;IAE5B;;;;OAIG;IACH,sGAAwB,CAAA;IAExB;;;;OAIG;IACH,gGAAqB,CAAA;IAErB;;;;OAIG;IACH,oGAAuB,CAAA;IAEvB;;;;OAIG;IACH,4FAAmB,CAAA;IAEnB;;;;;;OAMG;IACH,sFAAgB,CAAA;AAClB,CAAC,EAnLW,wBAAwB,KAAxB,wBAAwB,QAmLnC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAsC,aAAa,CAC5F,QAAQ,CAAC,gEAAgE,EAAE,CAAC,CAAC,CAAC"}