npm - @stratal/framework - Versions diffs - 0.0.18 → 0.0.19 - Mend

@stratal/framework 0.0.18 → 0.0.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (52) hide show

package/dist/access-control/index.d.mts +180 -0
package/dist/access-control/index.d.mts.map +1 -0
package/dist/access-control/index.mjs +71 -0
package/dist/access-control/index.mjs.map +1 -0
package/dist/access.service-BjYVtUJw.mjs +145 -0
package/dist/access.service-BjYVtUJw.mjs.map +1 -0
package/dist/auth/index.d.mts +122 -4
package/dist/auth/index.d.mts.map +1 -1
package/dist/auth/index.mjs +237 -65
package/dist/auth/index.mjs.map +1 -1
package/dist/{auth-context-BD2ApWg1.d.mts → auth-context-BXSkiJ56.d.mts} +14 -1
package/dist/auth-context-BXSkiJ56.d.mts.map +1 -0
package/dist/{auth-context-BfekHvM9.mjs → auth-context-BberoPal.mjs} +25 -4
package/dist/auth-context-BberoPal.mjs.map +1 -0
package/dist/context/index.d.mts +1 -1
package/dist/context/index.mjs +2 -2
package/dist/database/index.d.mts +3 -3
package/dist/database/index.mjs +49 -43
package/dist/database/index.mjs.map +1 -1
package/dist/{decorate-C12QolJF.mjs → decorate-CdfCRvAc.mjs} +1 -1
package/dist/{decorateMetadata-rWbWGUuO.mjs → decorateMetadata-CqtSx3_1.mjs} +1 -1
package/dist/decorateParam-Dc5DGEpb.mjs +18 -0
package/dist/decorateParam-Dc5DGEpb.mjs.map +1 -0
package/dist/{errors-C_KIIU1v.mjs → errors-B1vVXc1T.mjs} +1 -1
package/dist/{errors-C_KIIU1v.mjs.map → errors-B1vVXc1T.mjs.map} +1 -1
package/dist/factory/index.d.mts +1 -1
package/dist/guards/index.d.mts +7 -6
package/dist/guards/index.d.mts.map +1 -1
package/dist/guards/index.mjs +38 -29
package/dist/guards/index.mjs.map +1 -1
package/dist/{index-B1iGBJcO.d.mts → index-CpFBG0Ws.d.mts} +23 -41
package/dist/index-CpFBG0Ws.d.mts.map +1 -0
package/dist/index.d.mts +2 -2
package/dist/insufficient-permissions.error-CRnOHYvq.mjs +23 -0
package/dist/insufficient-permissions.error-CRnOHYvq.mjs.map +1 -0
package/dist/types-BLyu9dAd.d.mts +11 -0
package/dist/types-BLyu9dAd.d.mts.map +1 -0
package/dist/types-BZlcRR2M.d.mts +92 -0
package/dist/types-BZlcRR2M.d.mts.map +1 -0
package/package.json +22 -22
package/dist/auth-context-BD2ApWg1.d.mts.map +0 -1
package/dist/auth-context-BfekHvM9.mjs.map +0 -1
package/dist/decorateParam-WGqsyT5s.mjs +0 -8
package/dist/index-B1iGBJcO.d.mts.map +0 -1
package/dist/rbac/index.d.mts +0 -206
package/dist/rbac/index.d.mts.map +0 -1
package/dist/rbac/index.mjs +0 -346
package/dist/rbac/index.mjs.map +0 -1
package/dist/tokens-Di1ofovy.mjs +0 -32
package/dist/tokens-Di1ofovy.mjs.map +0 -1
package/dist/types-Gjk0d2qB.d.mts +0 -47
package/dist/types-Gjk0d2qB.d.mts.map +0 -1

package/dist/decorateParam-WGqsyT5s.mjs DELETED Viewed

@@ -1,8 +0,0 @@
-//#region \0@oxc-project+runtime@0.122.0/helpers/decorateParam.js
-function __decorateParam(paramIndex, decorator) {
-	return function(target, key) {
-		decorator(target, key, paramIndex);
-	};
-}
-//#endregion
-export { __decorateParam as t };

package/dist/index-B1iGBJcO.d.mts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index-B1iGBJcO.d.mts","names":[],"sources":["../src/database/database.module.ts","../src/database/database.service.ts","../src/database/database.tokens.ts","../src/database/decorators/inject-db.decorator.ts","../src/database/errors/database-error.ts","../src/database/errors/database-config.error.ts","../src/database/errors/foreign-key-constraint.error.ts","../src/database/errors/invalid-error-code-range.error.ts","../src/database/errors/record-not-found.error.ts","../src/database/errors/unique-constraint.error.ts","../src/database/errors/from-zenstack-error.ts","../src/database/event-types.ts","../src/database/i18n/en.ts","../src/database/plugins/error-handler.plugin.ts","../src/database/plugins/event-emitter.plugin.ts","../src/database/plugins/schema-switcher.plugin.ts","../src/database/commands/zenstack.command.ts","../src/database/commands/db-generate.command.ts","../src/database/commands/db-pull.command.ts","../src/database/commands/db-push.command.ts","../src/database/commands/migrate-deploy.command.ts","../src/database/commands/migrate-dev.command.ts","../src/database/commands/migrate-reset.command.ts","../src/database/commands/migrate-status.command.ts"],"mappings":";;;;;;;;;;;UAwBiB,wBAAA,gBACA,SAAA,GAAY,SAAA,eACd,cAAA,GAAiB,cAAA;EAE9B,IAAA,EAAM,IAAA;EACN,MAAA,EAAQ,MAAA;EACR,OAAA,QAAe,aAAA,CAAc,SAAA;EAC7B,OAAA,GAAU,SAAA;AAAA;AAAA,UAGK,oBAAA;EACf,OAAA,EAAS,qBAAA;EACT,WAAA,EAAa,wBAAA;AAAA;AAAA,cAcF,cAAA,YAA0B,YAAA,EAAc,UAAA;EAAA,OAC5C,OAAA,CAAQ,MAAA,EAAQ,oBAAA,GAAuB,aAAA;EAAA,OASvC,YAAA,CAAa,OAAA,EAAS,kBAAA,CAAmB,oBAAA,IAAwB,aAAA;EAaxE,YAAA,CAAa,OAAA,EAAS,aAAA;EAmBtB,UAAA,CAAW,OAAA,EAAS,aAAA;AAAA;;;;;;;;;;;;AApEtB;;;;;KCPY,eAAA,WACA,cAAA,GAAiB,qBAAA,IACzB,cAAA,CACF,qBAAA,CAAsB,CAAA,GACtB,aAAA,CAAc,qBAAA,CAAsB,CAAA;;;cCrBzB,eAAA;EAAA,SAGH,OAAA;EAAA,SAAA,QAAA;AAAA;AAAA,iBAIM,gBAAA,CAAiB,IAAA,EAAM,cAAA;;;iBCHvB,QAAA,CAAS,IAAA,EAAM,cAAA,GAAiB,kBAAA;;;;;;;;;;;cCQnC,aAAA,SAAsB,gBAAA;cAE/B,UAAA,GAAY,WAAA,EACZ,IAAA,GAAM,SAAA,EACN,QAAA,GAAW,MAAA;AAAA;;;cCbF,mBAAA,SAA4B,aAAA;cAC3B,OAAA;AAAA;;;;;;;;;;;;cCQD,yBAAA,SAAkC,aAAA;cACjC,KAAA;AAAA;;;;;;;;;;cCJD,0BAAA,SAAmC,gBAAA;cAClC,IAAA,UAAc,aAAA;AAAA;;;;;;;;;;;;;cCGf,mBAAA,SAA4B,aAAA;cAC3B,OAAA;AAAA;;;;;;;;;;;;;cCDD,qBAAA,SAA8B,aAAA;cAC7B,MAAA;AAAA;;;;;;;;;;;;;ATUd;;;;;;;;;iBUEgB,iBAAA,CAAkB,KAAA,YAAiB,aAAA;;;;;;KCavC,UAAA;;;;KAKA,iBAAA,GAAoB,iBAAA;;;;;;KAO3B,kBAAA,MAAwB,CAAA;EAAY,MAAA;AAAA,IAAoB,OAAA,OAAc,CAAA;;;;;KAM/D,SAAA,GAAY,kBAAA,CAAmB,cAAA;;;;KAS/B,iBAAA,MACL,UAAA,IAAc,SAAA,IAAa,iBAAA,QAC3B,UAAA,IAAc,SAAA,QACd,UAAA,IAAc,iBAAA,KACjB,UAAA;;;;KASC,gBAAA,WACO,SAAA,YACA,OAAA,OAAc,CAAA,+BACd,iBAAA,IAEV,CAAA,oBAAqB,UAAA,CAAW,CAAA,EAAG,CAAA,IACnC,CAAA,wBAAyB,cAAA,CAAe,CAAA,EAAG,CAAA,IAC3C,CAAA,oBAAqB,UAAA,CAAW,CAAA,EAAG,CAAA,IACnC,CAAA,wBAAyB,cAAA,CAAe,CAAA,EAAG,CAAA,IAC3C,CAAA,oBAAqB,UAAA,CAAW,CAAA,EAAG,CAAA,IACnC,CAAA,wBAAyB,cAAA,CAAe,CAAA,EAAG,CAAA,IAC3C,CAAA,wBAAyB,cAAA,CAAe,CAAA,EAAG,CAAA,IAC3C,CAAA,uBAAwB,aAAA,CAAc,CAAA,EAAG,CAAA,IACzC,CAAA,sBAAuB,YAAA,CAAa,CAAA,EAAG,CAAA,IACvC,CAAA,oBAAqB,UAAA,CAAW,CAAA,EAAG,CAAA,IACnC,CAAA,mBAAoB,SAAA,CAAU,CAAA,EAAG,CAAA,IACjC,CAAA,uBAAwB,aAAA,CAAc,CAAA,EAAG,CAAA,IACzC,CAAA,qBAAsB,WAAA,CAAY,CAAA,EAAG,CAAA;;;;KAMlC,YAAA,gCAA4C,iBAAA,IAC/C,CAAA,SAAU,SAAA,GACR,CAAA,SAAU,OAAA,OAAc,CAAA,sBACxB,gBAAA,CAAiB,CAAA,EAAG,CAAA,EAAG,CAAA;EAAa,IAAA;AAAA,IACpC,CAAA,GACA,gBAAA,CAAiB,CAAA,EAAG,CAAA,EAAG,CAAA;EAAa,KAAA;AAAA,IACpC,CAAA,GACA,gBAAA,CAAiB,CAAA,EAAG,CAAA,EAAG,CAAA;;AXtE3B;;;KW8EY,OAAA,WAAkB,SAAA,YAAqB,iBAAA,IACjD,YAAA,CAAa,cAAA,EAAgB,CAAA,EAAG,CAAA,4BAA6B,YAAA,CAAa,cAAA,EAAgB,CAAA,EAAG,CAAA;;;;KAK1F,cAAA,gCAA8C,iBAAA,IACjD,CAAA,SAAU,SAAA,GACR,CAAA,SAAU,OAAA,OAAc,CAAA,sBACxB,CAAA,mEACA,WAAA,CAAY,CAAA,EAAG,CAAA,MACf,CAAA,4BAEA,WAAA,CAAY,CAAA,EAAG,CAAA;;;;;KAQP,SAAA,WAAoB,SAAA,YAAqB,iBAAA,IACnD,cAAA,CAAe,cAAA,EAAgB,CAAA,EAAG,CAAA,4BAA6B,cAAA,CAAe,cAAA,EAAgB,CAAA,EAAG,CAAA;;;;KASvF,UAAA,qBACV,CAAA,gCAAiC,UAAA,wBAAkC,SAAA,qBAA8B,iBAAA;EAC7F,KAAA,EAAO,KAAA;EAAO,KAAA,EAAO,KAAA;EAAO,SAAA,EAAW,EAAA;EAAI,IAAA;AAAA,IAC7C,CAAA,gCAAiC,UAAA,qBACjC,MAAA,SAAe,SAAA;EACb,KAAA,EAAO,KAAA;EAAO,KAAA,EAAO,MAAA;EAAQ,IAAA;AAAA,IAC/B,MAAA,SAAe,iBAAA;EACb,KAAA,EAAO,KAAA;EAAO,SAAA,EAAW,MAAA;EAAQ,IAAA;AAAA,YAEnC,CAAA,SAAU,UAAA;EACR,KAAA,EAAO,CAAA;EAAG,IAAA;AAAA;;UAQN,gBAAA;AVrJV;AAAA,UUyJU,yBAAA,WACE,SAAA,YACA,iBAAA,gBACI,UAAA,UACN,gBAAA;EACR,IAAA,EAAM,KAAA,oBAAyB,OAAA,CAAQ,CAAA,EAAG,CAAA,IAAK,QAAA,CAAS,OAAA,CAAQ,CAAA,EAAG,CAAA;EACnE,MAAA,EAAQ,KAAA,mBAAwB,SAAA,CAAU,CAAA,EAAG,CAAA;AAAA;;UAIrC,yBAAA,eACM,UAAA,UACN,gBAAA;EACR,SAAA,EAAW,iBAAA;EACX,IAAA,EAAM,KAAA,8BAAmC,QAAA;EACzC,MAAA,EAAQ,KAAA;AAAA;;UAIA,6BAAA,eACM,UAAA,UACN,gBAAA;EACR,KAAA,EAAO,SAAA;EACP,IAAA,EAAM,KAAA,8BAAmC,QAAA;EACzC,MAAA,EAAQ,KAAA;AAAA;;UAIA,yBAAA,eACM,UAAA,UACN,gBAAA;EACR,KAAA,EAAO,SAAA;EACP,SAAA,EAAW,iBAAA;EACX,IAAA,EAAM,KAAA,8BAAmC,QAAA;EACzC,MAAA,EAAQ,KAAA;AAAA;;;;KAUL,oBAAA,qBACH,UAAA,CAAW,CAAA;EACT,KAAA,kBAAuB,UAAA;EACvB,KAAA,kBAAuB,SAAA;EACvB,SAAA,kBAA2B,iBAAA;EAC3B,IAAA;AAAA,IAEA,yBAAA,CAA0B,CAAA,EAAG,CAAA,EAAG,CAAA,IAChC,UAAA,CAAW,CAAA;EACX,KAAA,kBAAuB,UAAA;EACvB,KAAA,mBAAwB,SAAA;EACxB,IAAA;AAAA,IAEA,yBAAA,CAA0B,CAAA,IAC1B,UAAA,CAAW,CAAA;EACX,KAAA,kBAAuB,UAAA;EACvB,SAAA,mBAA4B,iBAAA;EAC5B,IAAA;AAAA,IAEA,6BAAA,CAA8B,CAAA,IAC9B,UAAA,CAAW,CAAA;EAAa,KAAA,kBAAuB,UAAA;EAAY,IAAA;AAAA,IAC3D,yBAAA,CAA0B,CAAA,IAC1B,gBAAA;;;;;;;;;APhOJ;;;;KOkPY,cAAA,WACJ,iBAAA,GAAoB,oBAAA,CAAqB,CAAA;AAAA;EAAA,UAQrC,mBAAA,SAA4B,cAAA;AAAA;;;cCvQ3B,YAAA;EAAA;;;;;;;;;YAWD,WAAA;IACR,QAAA,SAAiB,YAAA;EAAA;AAAA;;;;;;;;;;;;AZYrB;;caTa,kBAAA,YAA8B,aAAA,CAAc,WAAA,EAAW,MAAA,mBAAyB,MAAA;EAAA,SAClF,EAAA;EAET,OAAA;IAAiB,IAAA;IAAA;EAAA;IACf,IAAA,EAAM,MAAA;IACN,OAAA,GAAU,IAAA,EAAM,MAAA,kCAAwC,OAAA;EAAA,MACtD,OAAA;AAAA;;;UCjBW,yBAAA;EACf,aAAA,EAAe,cAAA;AAAA;;;;;;AdmBjB;;;;;;;;;;;;;;ccGa,kBAAA,YAA8B,aAAA,CAAc,WAAA,EAAW,MAAA,mBAAyB,MAAA;EAAA,QAGvE,OAAA;EAAA,SAFX,EAAA;cAEW,OAAA,EAAS,yBAAA;EAE7B,OAAA;IAAiB,KAAA;IAAA,SAAA;IAAA,IAAA;IAAA;EAAA;IACf,KAAA;IACA,SAAA;IACA,IAAA,EAAM,MAAA;IACN,OAAA,GAAU,IAAA,EAAM,MAAA,kCAAwC,OAAA;EAAA,MACtD,OAAA;AAAA;;;UClCW,2BAAA;EACf,UAAA;AAAA;;;;;;;AfoBF;;;;;;;;ceHa,oBAAA,YAAgC,aAAA,CAAc,WAAA,EAAW,MAAA,mBAAyB,MAAA;EAAA,QAGzE,OAAA;EAAA,SAFX,EAAA;cAEW,OAAA,EAAS,2BAAA;EAE7B,OAAA;IAAiB,IAAA;IAAA,OAAA;IAAA;EAAA;IACf,IAAA,EAAM,MAAA;IACN,OAAA,GAAU,IAAA,EAAM,MAAA,kCAAwC,OAAA;IACxD,MAAA;MAAU,iBAAA,GAAoB,GAAA,aAAgB,OAAA;IAAA;EAAA,MAC5C,OAAA;AAAA;;;;;;;uBCxBgB,eAAA,SAAwB,OAAA;EAAA,UAC5B,QAAA,CAAS,IAAA,aAAiB,OAAA;AAAA;;;cCL/B,iBAAA,SAA0B,eAAA;EAAA,OAC9B,OAAA;EAAA,OACA,WAAA;EAED,MAAA,CAAA,GAAU,OAAA;AAAA;;;cCJL,aAAA,SAAsB,eAAA;EAAA,OAC1B,OAAA;EAAA,OACA,WAAA;EAED,MAAA,CAAA,GAAU,OAAA;AAAA;;;cCJL,aAAA,SAAsB,eAAA;EAAA,OAC1B,OAAA;EAAA,OACA,WAAA;EAED,MAAA,CAAA,GAAU,OAAA;AAAA;;;cCJL,oBAAA,SAA6B,eAAA;EAAA,OACjC,OAAA;EAAA,OACA,WAAA;EAED,MAAA,CAAA,GAAU,OAAA;AAAA;;;cCJL,iBAAA,SAA0B,eAAA;EAAA,OAC9B,OAAA;EAAA,OACA,WAAA;EAED,MAAA,CAAA,GAAU,OAAA;AAAA;;;cCJL,mBAAA,SAA4B,eAAA;EAAA,OAChC,OAAA;EAAA,OACA,WAAA;EAED,MAAA,CAAA,GAAU,OAAA;AAAA;;;cCJL,oBAAA,SAA6B,eAAA;EAAA,OACjC,OAAA;EAAA,OACA,WAAA;EAED,MAAA,CAAA,GAAU,OAAA;AAAA"}

package/dist/rbac/index.d.mts DELETED Viewed

@@ -1,206 +0,0 @@
-import { t as AuthContext } from "../auth-context-BD2ApWg1.mjs";
-import { AsyncModuleOptions, DynamicModule } from "stratal/module";
-import { ApplicationError } from "stratal/errors";
-import { Adapter, Enforcer, Model } from "casbin";
-//#region src/rbac/constants.d.ts
-/**
- * RBAC Constants
- */
-declare const RBAC_CONTEXT_KEYS: {
-  /** Key for storing required authorization scopes (permissions) in context */readonly AUTH_SCOPES: symbol;
-};
-//#endregion
-//#region src/rbac/errors/insufficient-permissions.error.d.ts
-/**
- * InsufficientPermissionsError
- *
- * Thrown when a user attempts to perform an action without the required permissions.
- * This error is used by the auth guard after authorization check fails.
- *
- * HTTP Status: 403 Forbidden
- * Error Code: 3102 (AUTHZ.INSUFFICIENT_PERMISSIONS)
- */
-declare class InsufficientPermissionsError extends ApplicationError {
-  constructor(requiredScopes: string[], userId?: string);
-}
-//#endregion
-//#region src/rbac/adapters/custom-zenstack-adapter.d.ts
-/**
- * Minimal interface for the database client used by the adapter.
- * The actual DatabaseService extends ZenStackClient which provides these methods
- * when the schema includes a `casbinRule` model.
- */
-interface CasbinDbClient {
-  casbinRule: {
-    findMany(args?: {
-      where?: Record<string, unknown>;
-    }): Promise<unknown[]>;
-    create(args: {
-      data: CasbinRuleCreateInput;
-    }): Promise<unknown>;
-    createMany(args: {
-      data: CasbinRuleCreateInput[];
-    }): Promise<unknown>;
-    deleteMany(args: {
-      where: CasbinRuleCreateInput;
-    }): Promise<{
-      count: number;
-    }>;
-  };
-  $executeRawUnsafe(query: string, ...values: unknown[]): Promise<unknown>;
-}
-interface CasbinRuleCreateInput {
-  ptype: string;
-  v0?: string | null;
-  v1?: string | null;
-  v2?: string | null;
-  v3?: string | null;
-  v4?: string | null;
-  v5?: string | null;
-}
-/**
- * Custom ZenStack adapter for Casbin that works with Cloudflare Workers.
- *
- * Based on the original casbin-prisma-adapter but modified to:
- * - Work with ZenStack v3 ORM clients
- * - Avoid bundling errors in Cloudflare Workers
- * - Accept pre-connected ZenStack clients (request-scoped)
- */
-declare class CustomZenStackAdapter implements Adapter {
-  #private;
-  filtered: boolean;
-  isFiltered(): boolean;
-  enableFiltered(enabled: boolean): void;
-  constructor(db: CasbinDbClient);
-  loadPolicy(model: Model): Promise<void>;
-  loadFilteredPolicy(model: Model, filter: Record<string, string[][]>): Promise<void>;
-  savePolicy(model: Model): Promise<boolean>;
-  addPolicy(_sec: string, ptype: string, rule: string[]): Promise<void>;
-  addPolicies(_sec: string, ptype: string, rules: string[][]): Promise<void>;
-  removePolicy(_sec: string, ptype: string, rule: string[]): Promise<void>;
-  removePolicies(_sec: string, ptype: string, rules: string[][]): Promise<void>;
-  removeFilteredPolicy(_sec: string, ptype: string, fieldIndex: number, ...fieldValues: string[]): Promise<void>;
-  close(): Promise<void>;
-  static newAdapter(db: CasbinDbClient): CustomZenStackAdapter;
-}
-//#endregion
-//#region src/rbac/types.d.ts
-/**
- * Configuration options for the RBAC module
- */
-interface RbacModuleOptions {
-  /** Casbin PERM model string */
-  model: string;
-  /** Default policies: [role, resource, action][] */
-  defaultPolicies?: readonly (readonly [string, string, string])[];
-  /** Role hierarchy: [childRole, parentRole][] */
-  roleHierarchy?: readonly (readonly [string, string])[];
-}
-//#endregion
-//#region src/rbac/services/casbin-enforcer.service.d.ts
-/**
- * CasbinEnforcerService
- *
- * Manages the Casbin enforcer instance for authorization.
- * Model, default policies, and role hierarchy are provided via DI options.
- */
-declare class CasbinEnforcerService {
-  protected readonly db: CasbinDbClient;
-  protected readonly options: RbacModuleOptions;
-  protected enforcer: Enforcer | null;
-  constructor(db: CasbinDbClient, options: RbacModuleOptions);
-  /**
-   * Get or create the enforcer instance
-   */
-  getEnforcer(): Promise<Enforcer>;
-  /**
-   * Create a new enforcer instance.
-   * Can be overridden by subclasses to customize enforcer creation.
-   */
-  protected createEnforcer(): Promise<Enforcer>;
-  /**
-   * Seed default policies into database
-   */
-  seedPolicies(): Promise<void>;
-  /**
-   * Clear cached enforcer instance
-   */
-  clearCache(): void;
-  /**
-   * Seed role hierarchy into database
-   */
-  seedRoleHierarchy(): Promise<void>;
-}
-//#endregion
-//#region src/rbac/services/casbin.service.d.ts
-/**
- * CasbinService
- *
- * Request-scoped service that provides the full Casbin RBAC API.
- * Uses AuthContext to get the current user.
- */
-declare class CasbinService {
-  protected readonly context: AuthContext;
-  protected readonly enforcerService: CasbinEnforcerService;
-  constructor(context: AuthContext, enforcerService: CasbinEnforcerService);
-  protected getEnforcer(): Promise<Enforcer>;
-  addRoleForUser(userId: string, role: string): Promise<boolean>;
-  deleteRoleForUser(userId: string, role: string): Promise<boolean>;
-  deleteRolesForUser(userId: string): Promise<boolean>;
-  getRolesForUser(userId: string): Promise<string[]>;
-  getImplicitRolesForUser(userId: string): Promise<string[]>;
-  getUsersForRole(role: string): Promise<string[]>;
-  getImplicitUsersForRole(role: string): Promise<string[]>;
-  hasRoleForUser(userId: string, role: string): Promise<boolean>;
-  addRoleInheritance(childRole: string, parentRole: string): Promise<boolean>;
-  deleteRoleInheritance(childRole: string, parentRole: string): Promise<boolean>;
-  deleteUser(userId: string): Promise<boolean>;
-  deleteRole(role: string): Promise<boolean>;
-  getCurrentUserRoles(): Promise<string[]>;
-  currentUserHasRole(role: string): Promise<boolean>;
-  setRolesForUser(userId: string, roles: string[]): Promise<void>;
-  hasPermission(userId: string, scope: string, action: string): Promise<boolean>;
-  currentUserHasPermission(scope: string, action: string): Promise<boolean>;
-  hasAnyPermission(userId: string, scopes: string[], action: string): Promise<boolean>;
-  currentUserHasAnyPermission(scopes: string[], action: string): Promise<boolean>;
-  getPermissionsForUserAsCasbinJs(userId: string): Promise<Record<string, string[]>>;
-  getCurrentUserPermissionsAsCasbinJs(): Promise<Record<string, string[]>>;
-}
-//#endregion
-//#region src/rbac/rbac.module.d.ts
-/**
- * RBAC Module
- *
- * Provides role-based access control using Casbin.
- * Fully configurable — no hardcoded roles, policies, or model.
- *
- * @example
- * ```typescript
- * @Module({
- *   imports: [
- *     RbacModule.forRoot({
- *       model: MY_RBAC_MODEL,
- *       defaultPolicies: [['admin', 'users:*', '.*']],
- *       roleHierarchy: [['super_admin', 'admin']],
- *     })
- *   ]
- * })
- * ```
- */
-declare class RbacModule {
-  static forRoot(options: RbacModuleOptions): DynamicModule;
-  static forRootAsync(options: AsyncModuleOptions<RbacModuleOptions>): DynamicModule;
-}
-//#endregion
-//#region src/rbac/tokens.d.ts
-/**
- * RBAC DI Tokens
- */
-declare const RBAC_TOKENS: {
-  /** Request-scoped Casbin service with auto context resolution */readonly CasbinService: symbol; /** RBAC module options (model, policies, hierarchy) */
-  readonly Options: symbol;
-};
-//#endregion
-export { CasbinEnforcerService, CasbinService, CustomZenStackAdapter, InsufficientPermissionsError, RBAC_CONTEXT_KEYS, RBAC_TOKENS, RbacModule, type RbacModuleOptions };
-//# sourceMappingURL=index.d.mts.map

package/dist/rbac/index.d.mts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.d.mts","names":[],"sources":["../../src/rbac/constants.ts","../../src/rbac/errors/insufficient-permissions.error.ts","../../src/rbac/adapters/custom-zenstack-adapter.ts","../../src/rbac/types.ts","../../src/rbac/services/casbin-enforcer.service.ts","../../src/rbac/services/casbin.service.ts","../../src/rbac/rbac.module.ts","../../src/rbac/tokens.ts"],"mappings":";;;;;;;;;cAGa,iBAAA;wFAGH,WAAA;AAAA;;;;;;;;AAHV;;;;cCQa,4BAAA,SAAqC,gBAAA;cACpC,cAAA,YAA0B,MAAA;AAAA;;;;;;;;UCHvB,cAAA;EACf,UAAA;IACE,QAAA,CAAS,IAAA;MAAS,KAAA,GAAQ,MAAA;IAAA,IAA4B,OAAA;IACtD,MAAA,CAAO,IAAA;MAAQ,IAAA,EAAM,qBAAA;IAAA,IAA0B,OAAA;IAC/C,UAAA,CAAW,IAAA;MAAQ,IAAA,EAAM,qBAAA;IAAA,IAA4B,OAAA;IACrD,UAAA,CAAW,IAAA;MAAQ,KAAA,EAAO,qBAAA;IAAA,IAA0B,OAAA;MAAU,KAAA;IAAA;EAAA;EAEhE,iBAAA,CAAkB,KAAA,aAAkB,MAAA,cAAoB,OAAA;AAAA;AAAA,UAGhD,qBAAA;EACR,KAAA;EACA,EAAA;EACA,EAAA;EACA,EAAA;EACA,EAAA;EACA,EAAA;EACA,EAAA;AAAA;;;;;;;;;cAsBW,qBAAA,YAAiC,OAAA;EAAA;EAG5C,QAAA;EAEO,UAAA,CAAA;EAIA,cAAA,CAAe,OAAA;cAIV,EAAA,EAAI,cAAA;EAIV,UAAA,CAAW,KAAA,EAAO,KAAA,GAAQ,OAAA;EAQ1B,kBAAA,CACJ,KAAA,EAAO,KAAA,EACP,MAAA,EAAQ,MAAA,uBACP,OAAA;EA0BG,UAAA,CAAW,KAAA,EAAO,KAAA,GAAQ,OAAA;EAyB1B,SAAA,CAAU,IAAA,UAAc,KAAA,UAAe,IAAA,aAAiB,OAAA;EAKxD,WAAA,CACJ,IAAA,UACA,KAAA,UACA,KAAA,eACC,OAAA;EAWG,YAAA,CACJ,IAAA,UACA,KAAA,UACA,IAAA,aACC,OAAA;EAKG,cAAA,CACJ,IAAA,UACA,KAAA,UACA,KAAA,eACC,OAAA;EAWG,oBAAA,CACJ,IAAA,UACA,KAAA,UACA,UAAA,aACG,WAAA,aACF,OAAA;EA0BG,KAAA,CAAA,GAAS,OAAA;EAAA,OAIR,UAAA,CAAW,EAAA,EAAI,cAAA,GAAiB,qBAAA;AAAA;;;;;;UC3MxB,iBAAA;;EAEf,KAAA;EHFW;EGIX,eAAA;;EAEA,aAAA;AAAA;;;;;;AHNF;;;cIWa,qBAAA;EAAA,mBAKU,EAAA,EAAI,cAAA;EAAA,mBAEJ,OAAA,EAAS,iBAAA;EAAA,UANpB,QAAA,EAAU,QAAA;cAIC,EAAA,EAAI,cAAA,EAEJ,OAAA,EAAS,iBAAA;EHVnB;;;EGgBL,WAAA,CAAA,GAAe,OAAA,CAAQ,QAAA;EHhBmB;;;;EAAA,UGyBhC,cAAA,CAAA,GAAkB,OAAA,CAAQ,QAAA;EHxBW;;;EGoC/C,YAAA,CAAA,GAAgB,OAAA;EFvCP;;;EEqDf,UAAA,CAAA;EFnDwD;;;EE0DlD,iBAAA,CAAA,GAAqB,OAAA;AAAA;;;;;;AJlE7B;;;cKWa,aAAA;EAAA,mBAGU,OAAA,EAAS,WAAA;EAAA,mBAET,eAAA,EAAiB,qBAAA;cAFjB,OAAA,EAAS,WAAA,EAET,eAAA,EAAiB,qBAAA;EAAA,UAGtB,WAAA,CAAA,GAAe,OAAA,CAAQ,QAAA;EAMjC,cAAA,CAAe,MAAA,UAAgB,IAAA,WAAe,OAAA;EAO9C,iBAAA,CAAkB,MAAA,UAAgB,IAAA,WAAe,OAAA;EAOjD,kBAAA,CAAmB,MAAA,WAAiB,OAAA;EAOpC,eAAA,CAAgB,MAAA,WAAiB,OAAA;EAKjC,uBAAA,CAAwB,MAAA,WAAiB,OAAA;EAKzC,eAAA,CAAgB,IAAA,WAAe,OAAA;EAK/B,uBAAA,CAAwB,IAAA,WAAe,OAAA;EAKvC,cAAA,CAAe,MAAA,UAAgB,IAAA,WAAe,OAAA;EAO9C,kBAAA,CAAmB,SAAA,UAAmB,UAAA,WAAqB,OAAA;EAO3D,qBAAA,CAAsB,SAAA,UAAmB,UAAA,WAAqB,OAAA;EAS9D,UAAA,CAAW,MAAA,WAAiB,OAAA;EAO5B,UAAA,CAAW,IAAA,WAAe,OAAA;EAS1B,mBAAA,CAAA,GAAuB,OAAA;EAMvB,kBAAA,CAAmB,IAAA,WAAe,OAAA;EAKlC,eAAA,CAAgB,MAAA,UAAgB,KAAA,aAAkB,OAAA;EAWlD,aAAA,CAAc,MAAA,UAAgB,KAAA,UAAe,MAAA,WAAiB,OAAA;EAK9D,wBAAA,CAAyB,KAAA,UAAe,MAAA,WAAiB,OAAA;EAMzD,gBAAA,CAAiB,MAAA,UAAgB,MAAA,YAAkB,MAAA,WAAiB,OAAA;EAOpE,2BAAA,CAA4B,MAAA,YAAkB,MAAA,WAAiB,OAAA;EAQ/D,+BAAA,CAAgC,MAAA,WAAiB,OAAA,CAAQ,MAAA;EAezD,mCAAA,CAAA,GAAuC,OAAA,CAAQ,MAAA;AAAA;;;;;;;ALxKvD;;;;;;;;ACQA;;;;;;;cKqBa,UAAA;EAAA,OACJ,OAAA,CAAQ,OAAA,EAAS,iBAAA,GAAoB,aAAA;EAAA,OASrC,YAAA,CAAa,OAAA,EAAS,kBAAA,CAAmB,iBAAA,IAAqB,aAAA;AAAA;;;;;;cCvC1D,WAAA;4EAKH,aAAA,UPLG;EAAA,SOKH,OAAA;AAAA"}

package/dist/rbac/index.mjs DELETED Viewed

@@ -1,346 +0,0 @@
-import { t as __decorate } from "../decorate-C12QolJF.mjs";
-import { t as __decorateMetadata } from "../decorateMetadata-rWbWGUuO.mjs";
-import { t as __decorateParam } from "../decorateParam-WGqsyT5s.mjs";
-import { n as InsufficientPermissionsError, t as RBAC_TOKENS } from "../tokens-Di1ofovy.mjs";
-import { Module } from "stratal/module";
-import { DI_TOKENS, Transient } from "stratal/di";
-import { inject } from "tsyringe";
-import { Helper, newCachedEnforcer, newModelFromString } from "casbin";
-//#region src/rbac/constants.ts
-/**
-* RBAC Constants
-*/
-const RBAC_CONTEXT_KEYS = { AUTH_SCOPES: Symbol("rbac:authScopes") };
-//#endregion
-//#region src/rbac/adapters/custom-zenstack-adapter.ts
-/**
-* Custom ZenStack adapter for Casbin that works with Cloudflare Workers.
-*
-* Based on the original casbin-prisma-adapter but modified to:
-* - Work with ZenStack v3 ORM clients
-* - Avoid bundling errors in Cloudflare Workers
-* - Accept pre-connected ZenStack clients (request-scoped)
-*/
-var CustomZenStackAdapter = class CustomZenStackAdapter {
-	#db;
-	filtered = false;
-	isFiltered() {
-		return this.filtered;
-	}
-	enableFiltered(enabled) {
-		this.filtered = enabled;
-	}
-	constructor(db) {
-		this.#db = db;
-	}
-	async loadPolicy(model) {
-		const lines = await this.#db.casbinRule.findMany();
-		for (const line of lines) this.#loadPolicyLine(line, model);
-	}
-	async loadFilteredPolicy(model, filter) {
-		const whereFilter = Object.keys(filter).map((ptype) => {
-			return filter[ptype].map((policyPattern) => {
-				return {
-					ptype,
-					...policyPattern[0] && { v0: policyPattern[0] },
-					...policyPattern[1] && { v1: policyPattern[1] },
-					...policyPattern[2] && { v2: policyPattern[2] },
-					...policyPattern[3] && { v3: policyPattern[3] },
-					...policyPattern[4] && { v4: policyPattern[4] },
-					...policyPattern[5] && { v5: policyPattern[5] }
-				};
-			});
-		}).flat();
-		(await this.#db.casbinRule.findMany({ where: { OR: whereFilter } })).forEach((line) => this.#loadPolicyLine(line, model));
-		this.enableFiltered(true);
-	}
-	async savePolicy(model) {
-		await this.#db.$executeRawUnsafe("DELETE FROM casbin_rule");
-		const lines = [];
-		const savePolicyType = (ptype) => {
-			const astMap = model.model.get(ptype);
-			if (astMap) for (const [ptype, ast] of astMap) for (const rule of ast.policy) {
-				const line = this.#savePolicyLine(ptype, rule);
-				lines.push(line);
-			}
-		};
-		savePolicyType("p");
-		savePolicyType("g");
-		await this.#db.casbinRule.createMany({ data: lines });
-		return true;
-	}
-	async addPolicy(_sec, ptype, rule) {
-		const line = this.#savePolicyLine(ptype, rule);
-		await this.#db.casbinRule.create({ data: line });
-	}
-	async addPolicies(_sec, ptype, rules) {
-		const processes = [];
-		for (const rule of rules) {
-			const line = this.#savePolicyLine(ptype, rule);
-			const p = this.#db.casbinRule.create({ data: line });
-			processes.push(p);
-		}
-		await Promise.all(processes);
-	}
-	async removePolicy(_sec, ptype, rule) {
-		const line = this.#savePolicyLine(ptype, rule);
-		await this.#db.casbinRule.deleteMany({ where: line });
-	}
-	async removePolicies(_sec, ptype, rules) {
-		const processes = [];
-		for (const rule of rules) {
-			const line = this.#savePolicyLine(ptype, rule);
-			const p = this.#db.casbinRule.deleteMany({ where: line });
-			processes.push(p);
-		}
-		await Promise.all(processes);
-	}
-	async removeFilteredPolicy(_sec, ptype, fieldIndex, ...fieldValues) {
-		const line = { ptype };
-		const idx = fieldIndex + fieldValues.length;
-		if (fieldIndex <= 0 && 0 < idx) line.v0 = fieldValues[0 - fieldIndex];
-		if (fieldIndex <= 1 && 1 < idx) line.v1 = fieldValues[1 - fieldIndex];
-		if (fieldIndex <= 2 && 2 < idx) line.v2 = fieldValues[2 - fieldIndex];
-		if (fieldIndex <= 3 && 3 < idx) line.v3 = fieldValues[3 - fieldIndex];
-		if (fieldIndex <= 4 && 4 < idx) line.v4 = fieldValues[4 - fieldIndex];
-		if (fieldIndex <= 5 && 5 < idx) line.v5 = fieldValues[5 - fieldIndex];
-		await this.#db.casbinRule.deleteMany({ where: line });
-	}
-	async close() {}
-	static newAdapter(db) {
-		return new CustomZenStackAdapter(db);
-	}
-	#loadPolicyLine = (line, model) => {
-		const result = line.ptype + ", " + [
-			line.v0,
-			line.v1,
-			line.v2,
-			line.v3,
-			line.v4,
-			line.v5
-		].filter((n) => n).join(", ");
-		Helper.loadPolicyLine(result, model);
-	};
-	#savePolicyLine = (ptype, rule) => {
-		const line = { ptype };
-		if (rule.length > 0) line.v0 = rule[0];
-		if (rule.length > 1) line.v1 = rule[1];
-		if (rule.length > 2) line.v2 = rule[2];
-		if (rule.length > 3) line.v3 = rule[3];
-		if (rule.length > 4) line.v4 = rule[4];
-		if (rule.length > 5) line.v5 = rule[5];
-		return line;
-	};
-};
-//#endregion
-//#region src/rbac/services/casbin-enforcer.service.ts
-let CasbinEnforcerService = class CasbinEnforcerService {
-	enforcer = null;
-	constructor(db, options) {
-		this.db = db;
-		this.options = options;
-	}
-	/**
-	* Get or create the enforcer instance
-	*/
-	async getEnforcer() {
-		this.enforcer ??= await this.createEnforcer();
-		return this.enforcer;
-	}
-	/**
-	* Create a new enforcer instance.
-	* Can be overridden by subclasses to customize enforcer creation.
-	*/
-	async createEnforcer() {
-		const enforcer = await newCachedEnforcer(newModelFromString(this.options.model), CustomZenStackAdapter.newAdapter(this.db));
-		await enforcer.loadPolicy();
-		return enforcer;
-	}
-	/**
-	* Seed default policies into database
-	*/
-	async seedPolicies() {
-		const enforcer = await this.getEnforcer();
-		const policies = this.options.defaultPolicies ?? [];
-		for (const [role, resource, action] of policies) await enforcer.addPolicy(role, resource, action);
-		await enforcer.savePolicy();
-	}
-	/**
-	* Clear cached enforcer instance
-	*/
-	clearCache() {
-		this.enforcer = null;
-	}
-	/**
-	* Seed role hierarchy into database
-	*/
-	async seedRoleHierarchy() {
-		const enforcer = await this.getEnforcer();
-		const hierarchy = this.options.roleHierarchy ?? [];
-		for (const [childRole, parentRole] of hierarchy) await enforcer.addGroupingPolicy(childRole, parentRole);
-		await enforcer.savePolicy();
-	}
-};
-CasbinEnforcerService = __decorate([
-	Transient(),
-	__decorateParam(0, inject(DI_TOKENS.Database)),
-	__decorateParam(1, inject(RBAC_TOKENS.Options)),
-	__decorateMetadata("design:paramtypes", [Object, Object])
-], CasbinEnforcerService);
-//#endregion
-//#region src/rbac/services/casbin.service.ts
-var _ref;
-let CasbinService = class CasbinService {
-	constructor(context, enforcerService) {
-		this.context = context;
-		this.enforcerService = enforcerService;
-	}
-	async getEnforcer() {
-		return this.enforcerService.getEnforcer();
-	}
-	async addRoleForUser(userId, role) {
-		const enforcer = await this.getEnforcer();
-		const added = await enforcer.addRoleForUser(userId, role);
-		if (added) await enforcer.savePolicy();
-		return added;
-	}
-	async deleteRoleForUser(userId, role) {
-		const enforcer = await this.getEnforcer();
-		const deleted = await enforcer.deleteRoleForUser(userId, role);
-		if (deleted) await enforcer.savePolicy();
-		return deleted;
-	}
-	async deleteRolesForUser(userId) {
-		const enforcer = await this.getEnforcer();
-		const deleted = await enforcer.deleteRolesForUser(userId);
-		if (deleted) await enforcer.savePolicy();
-		return deleted;
-	}
-	async getRolesForUser(userId) {
-		return (await this.getEnforcer()).getRolesForUser(userId);
-	}
-	async getImplicitRolesForUser(userId) {
-		return (await this.getEnforcer()).getImplicitRolesForUser(userId);
-	}
-	async getUsersForRole(role) {
-		return (await this.getEnforcer()).getUsersForRole(role);
-	}
-	async getImplicitUsersForRole(role) {
-		return (await this.getEnforcer()).getImplicitUsersForRole(role);
-	}
-	async hasRoleForUser(userId, role) {
-		return (await this.getEnforcer()).hasRoleForUser(userId, role);
-	}
-	async addRoleInheritance(childRole, parentRole) {
-		const enforcer = await this.getEnforcer();
-		const added = await enforcer.addGroupingPolicy(childRole, parentRole);
-		if (added) await enforcer.savePolicy();
-		return added;
-	}
-	async deleteRoleInheritance(childRole, parentRole) {
-		const enforcer = await this.getEnforcer();
-		const deleted = await enforcer.removeGroupingPolicy(childRole, parentRole);
-		if (deleted) await enforcer.savePolicy();
-		return deleted;
-	}
-	async deleteUser(userId) {
-		const enforcer = await this.getEnforcer();
-		const deleted = await enforcer.deleteUser(userId);
-		if (deleted) await enforcer.savePolicy();
-		return deleted;
-	}
-	async deleteRole(role) {
-		const enforcer = await this.getEnforcer();
-		const deleted = await enforcer.deleteRole(role);
-		if (deleted) await enforcer.savePolicy();
-		return deleted;
-	}
-	async getCurrentUserRoles() {
-		const userId = this.context.getUserId();
-		if (!userId) return [];
-		return this.getImplicitRolesForUser(userId);
-	}
-	async currentUserHasRole(role) {
-		return (await this.getCurrentUserRoles()).includes(role);
-	}
-	async setRolesForUser(userId, roles) {
-		const enforcer = await this.getEnforcer();
-		await enforcer.deleteRolesForUser(userId);
-		for (const role of roles) await enforcer.addRoleForUser(userId, role);
-		await enforcer.savePolicy();
-	}
-	async hasPermission(userId, scope, action) {
-		return (await this.getEnforcer()).enforce(userId, scope, action);
-	}
-	async currentUserHasPermission(scope, action) {
-		const userId = this.context.getUserId();
-		if (!userId) return false;
-		return this.hasPermission(userId, scope, action);
-	}
-	async hasAnyPermission(userId, scopes, action) {
-		const enforcer = await this.getEnforcer();
-		const requests = scopes.map((scope) => [
-			userId,
-			scope,
-			action
-		]);
-		return (await enforcer.batchEnforce(requests)).some((allowed) => allowed);
-	}
-	async currentUserHasAnyPermission(scopes, action) {
-		const userId = this.context.getUserId();
-		if (!userId) return false;
-		return this.hasAnyPermission(userId, scopes, action);
-	}
-	async getPermissionsForUserAsCasbinJs(userId) {
-		const permissions = await (await this.getEnforcer()).getImplicitPermissionsForUser(userId);
-		const result = {};
-		for (const [_role, resource, action] of permissions) {
-			result[action] ??= [];
-			if (!result[action].includes(resource)) result[action].push(resource);
-		}
-		return result;
-	}
-	async getCurrentUserPermissionsAsCasbinJs() {
-		const userId = this.context.getUserId();
-		if (!userId) return {};
-		return this.getPermissionsForUserAsCasbinJs(userId);
-	}
-};
-CasbinService = __decorate([
-	Transient(RBAC_TOKENS.CasbinService),
-	__decorateParam(0, inject(DI_TOKENS.AuthContext)),
-	__decorateParam(1, inject(CasbinEnforcerService)),
-	__decorateMetadata("design:paramtypes", [Object, typeof (_ref = typeof CasbinEnforcerService !== "undefined" && CasbinEnforcerService) === "function" ? _ref : Object])
-], CasbinService);
-//#endregion
-//#region src/rbac/rbac.module.ts
-var _RbacModule;
-let RbacModule = _RbacModule = class RbacModule {
-	static forRoot(options) {
-		return {
-			module: _RbacModule,
-			providers: [{
-				provide: RBAC_TOKENS.Options,
-				useValue: options
-			}]
-		};
-	}
-	static forRootAsync(options) {
-		return {
-			module: _RbacModule,
-			providers: [{
-				provide: RBAC_TOKENS.Options,
-				useFactory: options.useFactory,
-				inject: options.inject
-			}]
-		};
-	}
-};
-RbacModule = _RbacModule = __decorate([Module({ providers: [CasbinEnforcerService, {
-	provide: RBAC_TOKENS.CasbinService,
-	useClass: CasbinService
-}] })], RbacModule);
-//#endregion
-export { CasbinEnforcerService, CasbinService, CustomZenStackAdapter, InsufficientPermissionsError, RBAC_CONTEXT_KEYS, RBAC_TOKENS, RbacModule };
-//# sourceMappingURL=index.mjs.map

package/dist/rbac/index.mjs.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"index.mjs","names":["#db","#loadPolicyLine","#savePolicyLine"],"sources":["../../src/rbac/constants.ts","../../src/rbac/adapters/custom-zenstack-adapter.ts","../../src/rbac/services/casbin-enforcer.service.ts","../../src/rbac/services/casbin.service.ts","../../src/rbac/rbac.module.ts"],"sourcesContent":["/**\n * RBAC Constants\n */\nexport const RBAC_CONTEXT_KEYS = {\n /** Key for storing required authorization scopes (permissions) in context */\n AUTH_SCOPES: Symbol('rbac:authScopes'),\n} as const\n","import type { Adapter, Model } from 'casbin'\n\nimport { Helper } from 'casbin'\n\n/**\n * Minimal interface for the database client used by the adapter.\n * The actual DatabaseService extends ZenStackClient which provides these methods\n * when the schema includes a `casbinRule` model.\n */\nexport interface CasbinDbClient {\n casbinRule: {\n findMany(args?: { where?: Record<string, unknown> }): Promise<unknown[]>\n create(args: { data: CasbinRuleCreateInput }): Promise<unknown>\n createMany(args: { data: CasbinRuleCreateInput[] }): Promise<unknown>\n deleteMany(args: { where: CasbinRuleCreateInput }): Promise<{ count: number }>\n }\n $executeRawUnsafe(query: string, ...values: unknown[]): Promise<unknown>\n}\n\ninterface CasbinRuleCreateInput {\n ptype: string\n v0?: string | null\n v1?: string | null\n v2?: string | null\n v3?: string | null\n v4?: string | null\n v5?: string | null\n}\n\ninterface CasbinRuleRecord {\n id: number\n ptype: string\n v0: string | null\n v1: string | null\n v2: string | null\n v3: string | null\n v4: string | null\n v5: string | null\n}\n\n/**\n * Custom ZenStack adapter for Casbin that works with Cloudflare Workers.\n *\n * Based on the original casbin-prisma-adapter but modified to:\n * - Work with ZenStack v3 ORM clients\n * - Avoid bundling errors in Cloudflare Workers\n * - Accept pre-connected ZenStack clients (request-scoped)\n */\nexport class CustomZenStackAdapter implements Adapter {\n #db: CasbinDbClient\n\n filtered = false\n\n public isFiltered(): boolean {\n return this.filtered\n }\n\n public enableFiltered(enabled: boolean): void {\n this.filtered = enabled\n }\n\n constructor(db: CasbinDbClient) {\n this.#db = db\n }\n\n async loadPolicy(model: Model): Promise<void> {\n const lines = await this.#db.casbinRule.findMany()\n\n for (const line of lines) {\n this.#loadPolicyLine(line as CasbinRuleRecord, model)\n }\n }\n\n async loadFilteredPolicy(\n model: Model,\n filter: Record<string, string[][]>\n ): Promise<void> {\n const whereFilter = Object.keys(filter)\n .map((ptype) => {\n const policyPatterns = filter[ptype]\n return policyPatterns.map((policyPattern) => {\n return {\n ptype,\n ...(policyPattern[0] && { v0: policyPattern[0] }),\n ...(policyPattern[1] && { v1: policyPattern[1] }),\n ...(policyPattern[2] && { v2: policyPattern[2] }),\n ...(policyPattern[3] && { v3: policyPattern[3] }),\n ...(policyPattern[4] && { v4: policyPattern[4] }),\n ...(policyPattern[5] && { v5: policyPattern[5] }),\n }\n })\n })\n .flat()\n const lines = await this.#db.casbinRule.findMany({\n where: {\n OR: whereFilter,\n },\n })\n lines.forEach((line) => this.#loadPolicyLine(line as CasbinRuleRecord, model))\n this.enableFiltered(true)\n }\n\n async savePolicy(model: Model): Promise<boolean> {\n await this.#db.$executeRawUnsafe('DELETE FROM casbin_rule')\n\n const lines: CasbinRuleCreateInput[] = []\n\n const savePolicyType = (ptype: string): void => {\n const astMap = model.model.get(ptype)\n if (astMap) {\n for (const [ptype, ast] of astMap) {\n for (const rule of ast.policy) {\n const line = this.#savePolicyLine(ptype, rule)\n lines.push(line)\n }\n }\n }\n }\n\n savePolicyType('p')\n savePolicyType('g')\n\n await this.#db.casbinRule.createMany({ data: lines })\n\n return true\n }\n\n async addPolicy(_sec: string, ptype: string, rule: string[]): Promise<void> {\n const line = this.#savePolicyLine(ptype, rule)\n await this.#db.casbinRule.create({ data: line })\n }\n\n async addPolicies(\n _sec: string,\n ptype: string,\n rules: string[][]\n ): Promise<void> {\n const processes: Promise<CasbinRuleRecord>[] = []\n for (const rule of rules) {\n const line = this.#savePolicyLine(ptype, rule)\n const p = this.#db.casbinRule.create({ data: line }) as Promise<CasbinRuleRecord>\n processes.push(p)\n }\n\n await Promise.all(processes)\n }\n\n async removePolicy(\n _sec: string,\n ptype: string,\n rule: string[]\n ): Promise<void> {\n const line = this.#savePolicyLine(ptype, rule)\n await this.#db.casbinRule.deleteMany({ where: line })\n }\n\n async removePolicies(\n _sec: string,\n ptype: string,\n rules: string[][]\n ): Promise<void> {\n const processes: Promise<{ count: number }>[] = []\n for (const rule of rules) {\n const line = this.#savePolicyLine(ptype, rule)\n const p = this.#db.casbinRule.deleteMany({ where: line })\n processes.push(p)\n }\n\n await Promise.all(processes)\n }\n\n async removeFilteredPolicy(\n _sec: string,\n ptype: string,\n fieldIndex: number,\n ...fieldValues: string[]\n ): Promise<void> {\n const line: CasbinRuleCreateInput = { ptype }\n\n const idx = fieldIndex + fieldValues.length\n if (fieldIndex <= 0 && 0 < idx) {\n line.v0 = fieldValues[0 - fieldIndex]\n }\n if (fieldIndex <= 1 && 1 < idx) {\n line.v1 = fieldValues[1 - fieldIndex]\n }\n if (fieldIndex <= 2 && 2 < idx) {\n line.v2 = fieldValues[2 - fieldIndex]\n }\n if (fieldIndex <= 3 && 3 < idx) {\n line.v3 = fieldValues[3 - fieldIndex]\n }\n if (fieldIndex <= 4 && 4 < idx) {\n line.v4 = fieldValues[4 - fieldIndex]\n }\n if (fieldIndex <= 5 && 5 < idx) {\n line.v5 = fieldValues[5 - fieldIndex]\n }\n\n await this.#db.casbinRule.deleteMany({ where: line })\n }\n\n async close(): Promise<void> {\n // No-op: ZenStack uses pg.Pool for connection management\n }\n\n static newAdapter(db: CasbinDbClient): CustomZenStackAdapter {\n const adapter = new CustomZenStackAdapter(db)\n return adapter\n }\n\n #loadPolicyLine = (line: CasbinRuleRecord, model: Model): void => {\n const result =\n line.ptype +\n ', ' +\n [line.v0, line.v1, line.v2, line.v3, line.v4, line.v5]\n .filter((n) => n)\n .join(', ')\n Helper.loadPolicyLine(result, model)\n }\n\n #savePolicyLine = (\n ptype: string,\n rule: string[]\n ): CasbinRuleCreateInput => {\n const line: CasbinRuleCreateInput = { ptype }\n\n if (rule.length > 0) {\n line.v0 = rule[0]\n }\n if (rule.length > 1) {\n line.v1 = rule[1]\n }\n if (rule.length > 2) {\n line.v2 = rule[2]\n }\n if (rule.length > 3) {\n line.v3 = rule[3]\n }\n if (rule.length > 4) {\n line.v4 = rule[4]\n }\n if (rule.length > 5) {\n line.v5 = rule[5]\n }\n\n return line\n }\n}\n","import { newCachedEnforcer, newModelFromString, type Enforcer } from 'casbin'\nimport { DI_TOKENS, Transient } from 'stratal/di'\nimport { inject } from 'tsyringe'\nimport { CustomZenStackAdapter, type CasbinDbClient } from '../adapters/custom-zenstack-adapter'\nimport { RBAC_TOKENS } from '../tokens'\nimport type { RbacModuleOptions } from '../types'\n\n/**\n * CasbinEnforcerService\n *\n * Manages the Casbin enforcer instance for authorization.\n * Model, default policies, and role hierarchy are provided via DI options.\n */\n@Transient()\nexport class CasbinEnforcerService {\n protected enforcer: Enforcer | null = null\n\n constructor(\n @inject(DI_TOKENS.Database)\n protected readonly db: CasbinDbClient,\n @inject(RBAC_TOKENS.Options)\n protected readonly options: RbacModuleOptions,\n ) { }\n\n /**\n * Get or create the enforcer instance\n */\n async getEnforcer(): Promise<Enforcer> {\n this.enforcer ??= await this.createEnforcer();\n return this.enforcer\n }\n\n /**\n * Create a new enforcer instance.\n * Can be overridden by subclasses to customize enforcer creation.\n */\n protected async createEnforcer(): Promise<Enforcer> {\n const model = newModelFromString(this.options.model)\n\n const adapter = CustomZenStackAdapter.newAdapter(this.db)\n const enforcer = await newCachedEnforcer(model, adapter)\n await enforcer.loadPolicy()\n return enforcer\n }\n\n /**\n * Seed default policies into database\n */\n async seedPolicies(): Promise<void> {\n const enforcer = await this.getEnforcer()\n const policies = this.options.defaultPolicies ?? []\n\n for (const [role, resource, action] of policies) {\n await enforcer.addPolicy(role, resource, action)\n }\n\n await enforcer.savePolicy()\n }\n\n /**\n * Clear cached enforcer instance\n */\n clearCache(): void {\n this.enforcer = null\n }\n\n /**\n * Seed role hierarchy into database\n */\n async seedRoleHierarchy(): Promise<void> {\n const enforcer = await this.getEnforcer()\n const hierarchy = this.options.roleHierarchy ?? []\n\n for (const [childRole, parentRole] of hierarchy) {\n await enforcer.addGroupingPolicy(childRole, parentRole)\n }\n\n await enforcer.savePolicy()\n }\n}\n","import type { Enforcer } from 'casbin'\nimport { inject } from 'tsyringe'\nimport { Transient, DI_TOKENS } from 'stratal/di'\nimport type { AuthContext } from '../../context/auth-context'\nimport { RBAC_TOKENS } from '../tokens'\nimport { CasbinEnforcerService } from './casbin-enforcer.service'\n\n/**\n * CasbinService\n *\n * Request-scoped service that provides the full Casbin RBAC API.\n * Uses AuthContext to get the current user.\n */\n@Transient(RBAC_TOKENS.CasbinService)\nexport class CasbinService {\n constructor(\n @inject(DI_TOKENS.AuthContext)\n protected readonly context: AuthContext,\n @inject(CasbinEnforcerService)\n protected readonly enforcerService: CasbinEnforcerService\n ) {}\n\n protected async getEnforcer(): Promise<Enforcer> {\n return this.enforcerService.getEnforcer()\n }\n\n // ==================== USER-ROLE MANAGEMENT ====================\n\n async addRoleForUser(userId: string, role: string): Promise<boolean> {\n const enforcer = await this.getEnforcer()\n const added = await enforcer.addRoleForUser(userId, role)\n if (added) await enforcer.savePolicy()\n return added\n }\n\n async deleteRoleForUser(userId: string, role: string): Promise<boolean> {\n const enforcer = await this.getEnforcer()\n const deleted = await enforcer.deleteRoleForUser(userId, role)\n if (deleted) await enforcer.savePolicy()\n return deleted\n }\n\n async deleteRolesForUser(userId: string): Promise<boolean> {\n const enforcer = await this.getEnforcer()\n const deleted = await enforcer.deleteRolesForUser(userId)\n if (deleted) await enforcer.savePolicy()\n return deleted\n }\n\n async getRolesForUser(userId: string): Promise<string[]> {\n const enforcer = await this.getEnforcer()\n return enforcer.getRolesForUser(userId)\n }\n\n async getImplicitRolesForUser(userId: string): Promise<string[]> {\n const enforcer = await this.getEnforcer()\n return enforcer.getImplicitRolesForUser(userId)\n }\n\n async getUsersForRole(role: string): Promise<string[]> {\n const enforcer = await this.getEnforcer()\n return enforcer.getUsersForRole(role)\n }\n\n async getImplicitUsersForRole(role: string): Promise<string[]> {\n const enforcer = await this.getEnforcer()\n return enforcer.getImplicitUsersForRole(role)\n }\n\n async hasRoleForUser(userId: string, role: string): Promise<boolean> {\n const enforcer = await this.getEnforcer()\n return enforcer.hasRoleForUser(userId, role)\n }\n\n // ==================== ROLE HIERARCHY MANAGEMENT ====================\n\n async addRoleInheritance(childRole: string, parentRole: string): Promise<boolean> {\n const enforcer = await this.getEnforcer()\n const added = await enforcer.addGroupingPolicy(childRole, parentRole)\n if (added) await enforcer.savePolicy()\n return added\n }\n\n async deleteRoleInheritance(childRole: string, parentRole: string): Promise<boolean> {\n const enforcer = await this.getEnforcer()\n const deleted = await enforcer.removeGroupingPolicy(childRole, parentRole)\n if (deleted) await enforcer.savePolicy()\n return deleted\n }\n\n // ==================== USER/ROLE DELETION ====================\n\n async deleteUser(userId: string): Promise<boolean> {\n const enforcer = await this.getEnforcer()\n const deleted = await enforcer.deleteUser(userId)\n if (deleted) await enforcer.savePolicy()\n return deleted\n }\n\n async deleteRole(role: string): Promise<boolean> {\n const enforcer = await this.getEnforcer()\n const deleted = await enforcer.deleteRole(role)\n if (deleted) await enforcer.savePolicy()\n return deleted\n }\n\n // ==================== CONVENIENCE METHODS ====================\n\n async getCurrentUserRoles(): Promise<string[]> {\n const userId = this.context.getUserId()\n if (!userId) return []\n return this.getImplicitRolesForUser(userId)\n }\n\n async currentUserHasRole(role: string): Promise<boolean> {\n const roles = await this.getCurrentUserRoles()\n return roles.includes(role)\n }\n\n async setRolesForUser(userId: string, roles: string[]): Promise<void> {\n const enforcer = await this.getEnforcer()\n await enforcer.deleteRolesForUser(userId)\n for (const role of roles) {\n await enforcer.addRoleForUser(userId, role)\n }\n await enforcer.savePolicy()\n }\n\n // ==================== PERMISSION CHECKING ====================\n\n async hasPermission(userId: string, scope: string, action: string): Promise<boolean> {\n const enforcer = await this.getEnforcer()\n return enforcer.enforce(userId, scope, action)\n }\n\n async currentUserHasPermission(scope: string, action: string): Promise<boolean> {\n const userId = this.context.getUserId()\n if (!userId) return false\n return this.hasPermission(userId, scope, action)\n }\n\n async hasAnyPermission(userId: string, scopes: string[], action: string): Promise<boolean> {\n const enforcer = await this.getEnforcer()\n const requests = scopes.map(scope => [userId, scope, action])\n const results = await enforcer.batchEnforce(requests)\n return results.some(allowed => allowed)\n }\n\n async currentUserHasAnyPermission(scopes: string[], action: string): Promise<boolean> {\n const userId = this.context.getUserId()\n if (!userId) return false\n return this.hasAnyPermission(userId, scopes, action)\n }\n\n // ==================== CASBIN.JS FRONTEND SUPPORT ====================\n\n async getPermissionsForUserAsCasbinJs(userId: string): Promise<Record<string, string[]>> {\n const enforcer = await this.getEnforcer()\n const permissions = await enforcer.getImplicitPermissionsForUser(userId)\n\n const result: Record<string, string[]> = {}\n for (const [_role, resource, action] of permissions) {\n result[action] ??= []\n if (!result[action].includes(resource)) {\n result[action].push(resource)\n }\n }\n\n return result\n }\n\n async getCurrentUserPermissionsAsCasbinJs(): Promise<Record<string, string[]>> {\n const userId = this.context.getUserId()\n if (!userId) return {}\n return this.getPermissionsForUserAsCasbinJs(userId)\n }\n}\n","import { Module } from 'stratal/module'\nimport type { AsyncModuleOptions, DynamicModule } from 'stratal/module'\nimport { CasbinEnforcerService } from './services/casbin-enforcer.service'\nimport { CasbinService } from './services/casbin.service'\nimport { RBAC_TOKENS } from './tokens'\nimport type { RbacModuleOptions } from './types'\n\n/**\n * RBAC Module\n *\n * Provides role-based access control using Casbin.\n * Fully configurable — no hardcoded roles, policies, or model.\n *\n * @example\n * ```typescript\n * @Module({\n * imports: [\n * RbacModule.forRoot({\n * model: MY_RBAC_MODEL,\n * defaultPolicies: [['admin', 'users:*', '.*']],\n * roleHierarchy: [['super_admin', 'admin']],\n * })\n * ]\n * })\n * ```\n */\n@Module({\n providers: [\n CasbinEnforcerService,\n { provide: RBAC_TOKENS.CasbinService, useClass: CasbinService },\n ],\n})\nexport class RbacModule {\n static forRoot(options: RbacModuleOptions): DynamicModule {\n return {\n module: RbacModule,\n providers: [\n { provide: RBAC_TOKENS.Options, useValue: options as unknown as object },\n ],\n }\n }\n\n static forRootAsync(options: AsyncModuleOptions<RbacModuleOptions>): DynamicModule {\n return {\n module: RbacModule,\n providers: [\n {\n provide: RBAC_TOKENS.Options,\n useFactory: options.useFactory,\n inject: options.inject,\n },\n ],\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;AAGA,MAAa,oBAAoB,EAE/B,aAAa,OAAO,kBAAkB,EACvC;;;;;;;;;;;AC0CD,IAAa,wBAAb,MAAa,sBAAyC;CACpD;CAEA,WAAW;CAEX,aAA6B;AAC3B,SAAO,KAAK;;CAGd,eAAsB,SAAwB;AAC5C,OAAK,WAAW;;CAGlB,YAAY,IAAoB;AAC9B,QAAA,KAAW;;CAGb,MAAM,WAAW,OAA6B;EAC5C,MAAM,QAAQ,MAAM,MAAA,GAAS,WAAW,UAAU;AAElD,OAAK,MAAM,QAAQ,MACjB,OAAA,eAAqB,MAA0B,MAAM;;CAIzD,MAAM,mBACJ,OACA,QACe;EACf,MAAM,cAAc,OAAO,KAAK,OAAO,CACpC,KAAK,UAAU;AAEd,UADuB,OAAO,OACR,KAAK,kBAAkB;AAC3C,WAAO;KACL;KACA,GAAI,cAAc,MAAM,EAAE,IAAI,cAAc,IAAI;KAChD,GAAI,cAAc,MAAM,EAAE,IAAI,cAAc,IAAI;KAChD,GAAI,cAAc,MAAM,EAAE,IAAI,cAAc,IAAI;KAChD,GAAI,cAAc,MAAM,EAAE,IAAI,cAAc,IAAI;KAChD,GAAI,cAAc,MAAM,EAAE,IAAI,cAAc,IAAI;KAChD,GAAI,cAAc,MAAM,EAAE,IAAI,cAAc,IAAI;KACjD;KACD;IACF,CACD,MAAM;AAMT,GALc,MAAM,MAAA,GAAS,WAAW,SAAS,EAC/C,OAAO,EACL,IAAI,aACL,EACF,CAAC,EACI,SAAS,SAAS,MAAA,eAAqB,MAA0B,MAAM,CAAC;AAC9E,OAAK,eAAe,KAAK;;CAG3B,MAAM,WAAW,OAAgC;AAC/C,QAAM,MAAA,GAAS,kBAAkB,0BAA0B;EAE3D,MAAM,QAAiC,EAAE;EAEzC,MAAM,kBAAkB,UAAwB;GAC9C,MAAM,SAAS,MAAM,MAAM,IAAI,MAAM;AACrC,OAAI,OACF,MAAK,MAAM,CAAC,OAAO,QAAQ,OACzB,MAAK,MAAM,QAAQ,IAAI,QAAQ;IAC7B,MAAM,OAAO,MAAA,eAAqB,OAAO,KAAK;AAC9C,UAAM,KAAK,KAAK;;;AAMxB,iBAAe,IAAI;AACnB,iBAAe,IAAI;AAEnB,QAAM,MAAA,GAAS,WAAW,WAAW,EAAE,MAAM,OAAO,CAAC;AAErD,SAAO;;CAGT,MAAM,UAAU,MAAc,OAAe,MAA+B;EAC1E,MAAM,OAAO,MAAA,eAAqB,OAAO,KAAK;AAC9C,QAAM,MAAA,GAAS,WAAW,OAAO,EAAE,MAAM,MAAM,CAAC;;CAGlD,MAAM,YACJ,MACA,OACA,OACe;EACf,MAAM,YAAyC,EAAE;AACjD,OAAK,MAAM,QAAQ,OAAO;GACxB,MAAM,OAAO,MAAA,eAAqB,OAAO,KAAK;GAC9C,MAAM,IAAI,MAAA,GAAS,WAAW,OAAO,EAAE,MAAM,MAAM,CAAC;AACpD,aAAU,KAAK,EAAE;;AAGnB,QAAM,QAAQ,IAAI,UAAU;;CAG9B,MAAM,aACJ,MACA,OACA,MACe;EACf,MAAM,OAAO,MAAA,eAAqB,OAAO,KAAK;AAC9C,QAAM,MAAA,GAAS,WAAW,WAAW,EAAE,OAAO,MAAM,CAAC;;CAGvD,MAAM,eACJ,MACA,OACA,OACe;EACf,MAAM,YAA0C,EAAE;AAClD,OAAK,MAAM,QAAQ,OAAO;GACxB,MAAM,OAAO,MAAA,eAAqB,OAAO,KAAK;GAC9C,MAAM,IAAI,MAAA,GAAS,WAAW,WAAW,EAAE,OAAO,MAAM,CAAC;AACzD,aAAU,KAAK,EAAE;;AAGnB,QAAM,QAAQ,IAAI,UAAU;;CAG9B,MAAM,qBACJ,MACA,OACA,YACA,GAAG,aACY;EACf,MAAM,OAA8B,EAAE,OAAO;EAE7C,MAAM,MAAM,aAAa,YAAY;AACrC,MAAI,cAAc,KAAK,IAAI,IACzB,MAAK,KAAK,YAAY,IAAI;AAE5B,MAAI,cAAc,KAAK,IAAI,IACzB,MAAK,KAAK,YAAY,IAAI;AAE5B,MAAI,cAAc,KAAK,IAAI,IACzB,MAAK,KAAK,YAAY,IAAI;AAE5B,MAAI,cAAc,KAAK,IAAI,IACzB,MAAK,KAAK,YAAY,IAAI;AAE5B,MAAI,cAAc,KAAK,IAAI,IACzB,MAAK,KAAK,YAAY,IAAI;AAE5B,MAAI,cAAc,KAAK,IAAI,IACzB,MAAK,KAAK,YAAY,IAAI;AAG5B,QAAM,MAAA,GAAS,WAAW,WAAW,EAAE,OAAO,MAAM,CAAC;;CAGvD,MAAM,QAAuB;CAI7B,OAAO,WAAW,IAA2C;AAE3D,SADgB,IAAI,sBAAsB,GAAG;;CAI/C,mBAAmB,MAAwB,UAAuB;EAChE,MAAM,SACJ,KAAK,QACL,OACA;GAAC,KAAK;GAAI,KAAK;GAAI,KAAK;GAAI,KAAK;GAAI,KAAK;GAAI,KAAK;GAAG,CACnD,QAAQ,MAAM,EAAE,CAChB,KAAK,KAAK;AACf,SAAO,eAAe,QAAQ,MAAM;;CAGtC,mBACE,OACA,SAC0B;EAC1B,MAAM,OAA8B,EAAE,OAAO;AAE7C,MAAI,KAAK,SAAS,EAChB,MAAK,KAAK,KAAK;AAEjB,MAAI,KAAK,SAAS,EAChB,MAAK,KAAK,KAAK;AAEjB,MAAI,KAAK,SAAS,EAChB,MAAK,KAAK,KAAK;AAEjB,MAAI,KAAK,SAAS,EAChB,MAAK,KAAK,KAAK;AAEjB,MAAI,KAAK,SAAS,EAChB,MAAK,KAAK,KAAK;AAEjB,MAAI,KAAK,SAAS,EAChB,MAAK,KAAK,KAAK;AAGjB,SAAO;;;;;ACxOJ,IAAA,wBAAA,MAAM,sBAAsB;CACjC,WAAsC;CAEtC,YACE,IAEA,SAEA;AAHmB,OAAA,KAAA;AAEA,OAAA,UAAA;;;;;CAMrB,MAAM,cAAiC;AACrC,OAAK,aAAa,MAAM,KAAK,gBAAgB;AAC7C,SAAO,KAAK;;;;;;CAOd,MAAgB,iBAAoC;EAIlD,MAAM,WAAW,MAAM,kBAHT,mBAAmB,KAAK,QAAQ,MAAM,EAEpC,sBAAsB,WAAW,KAAK,GAAG,CACD;AACxD,QAAM,SAAS,YAAY;AAC3B,SAAO;;;;;CAMT,MAAM,eAA8B;EAClC,MAAM,WAAW,MAAM,KAAK,aAAa;EACzC,MAAM,WAAW,KAAK,QAAQ,mBAAmB,EAAE;AAEnD,OAAK,MAAM,CAAC,MAAM,UAAU,WAAW,SACrC,OAAM,SAAS,UAAU,MAAM,UAAU,OAAO;AAGlD,QAAM,SAAS,YAAY;;;;;CAM7B,aAAmB;AACjB,OAAK,WAAW;;;;;CAMlB,MAAM,oBAAmC;EACvC,MAAM,WAAW,MAAM,KAAK,aAAa;EACzC,MAAM,YAAY,KAAK,QAAQ,iBAAiB,EAAE;AAElD,OAAK,MAAM,CAAC,WAAW,eAAe,UACpC,OAAM,SAAS,kBAAkB,WAAW,WAAW;AAGzD,QAAM,SAAS,YAAY;;;;CAhE9B,WAAW;oBAKP,OAAO,UAAU,SAAS,CAAA;oBAE1B,OAAO,YAAY,QAAQ,CAAA;;;;;;ACNzB,IAAA,gBAAA,MAAM,cAAc;CACzB,YACE,SAEA,iBAEA;AAHmB,OAAA,UAAA;AAEA,OAAA,kBAAA;;CAGrB,MAAgB,cAAiC;AAC/C,SAAO,KAAK,gBAAgB,aAAa;;CAK3C,MAAM,eAAe,QAAgB,MAAgC;EACnE,MAAM,WAAW,MAAM,KAAK,aAAa;EACzC,MAAM,QAAQ,MAAM,SAAS,eAAe,QAAQ,KAAK;AACzD,MAAI,MAAO,OAAM,SAAS,YAAY;AACtC,SAAO;;CAGT,MAAM,kBAAkB,QAAgB,MAAgC;EACtE,MAAM,WAAW,MAAM,KAAK,aAAa;EACzC,MAAM,UAAU,MAAM,SAAS,kBAAkB,QAAQ,KAAK;AAC9D,MAAI,QAAS,OAAM,SAAS,YAAY;AACxC,SAAO;;CAGT,MAAM,mBAAmB,QAAkC;EACzD,MAAM,WAAW,MAAM,KAAK,aAAa;EACzC,MAAM,UAAU,MAAM,SAAS,mBAAmB,OAAO;AACzD,MAAI,QAAS,OAAM,SAAS,YAAY;AACxC,SAAO;;CAGT,MAAM,gBAAgB,QAAmC;AAEvD,UADiB,MAAM,KAAK,aAAa,EACzB,gBAAgB,OAAO;;CAGzC,MAAM,wBAAwB,QAAmC;AAE/D,UADiB,MAAM,KAAK,aAAa,EACzB,wBAAwB,OAAO;;CAGjD,MAAM,gBAAgB,MAAiC;AAErD,UADiB,MAAM,KAAK,aAAa,EACzB,gBAAgB,KAAK;;CAGvC,MAAM,wBAAwB,MAAiC;AAE7D,UADiB,MAAM,KAAK,aAAa,EACzB,wBAAwB,KAAK;;CAG/C,MAAM,eAAe,QAAgB,MAAgC;AAEnE,UADiB,MAAM,KAAK,aAAa,EACzB,eAAe,QAAQ,KAAK;;CAK9C,MAAM,mBAAmB,WAAmB,YAAsC;EAChF,MAAM,WAAW,MAAM,KAAK,aAAa;EACzC,MAAM,QAAQ,MAAM,SAAS,kBAAkB,WAAW,WAAW;AACrE,MAAI,MAAO,OAAM,SAAS,YAAY;AACtC,SAAO;;CAGT,MAAM,sBAAsB,WAAmB,YAAsC;EACnF,MAAM,WAAW,MAAM,KAAK,aAAa;EACzC,MAAM,UAAU,MAAM,SAAS,qBAAqB,WAAW,WAAW;AAC1E,MAAI,QAAS,OAAM,SAAS,YAAY;AACxC,SAAO;;CAKT,MAAM,WAAW,QAAkC;EACjD,MAAM,WAAW,MAAM,KAAK,aAAa;EACzC,MAAM,UAAU,MAAM,SAAS,WAAW,OAAO;AACjD,MAAI,QAAS,OAAM,SAAS,YAAY;AACxC,SAAO;;CAGT,MAAM,WAAW,MAAgC;EAC/C,MAAM,WAAW,MAAM,KAAK,aAAa;EACzC,MAAM,UAAU,MAAM,SAAS,WAAW,KAAK;AAC/C,MAAI,QAAS,OAAM,SAAS,YAAY;AACxC,SAAO;;CAKT,MAAM,sBAAyC;EAC7C,MAAM,SAAS,KAAK,QAAQ,WAAW;AACvC,MAAI,CAAC,OAAQ,QAAO,EAAE;AACtB,SAAO,KAAK,wBAAwB,OAAO;;CAG7C,MAAM,mBAAmB,MAAgC;AAEvD,UADc,MAAM,KAAK,qBAAqB,EACjC,SAAS,KAAK;;CAG7B,MAAM,gBAAgB,QAAgB,OAAgC;EACpE,MAAM,WAAW,MAAM,KAAK,aAAa;AACzC,QAAM,SAAS,mBAAmB,OAAO;AACzC,OAAK,MAAM,QAAQ,MACjB,OAAM,SAAS,eAAe,QAAQ,KAAK;AAE7C,QAAM,SAAS,YAAY;;CAK7B,MAAM,cAAc,QAAgB,OAAe,QAAkC;AAEnF,UADiB,MAAM,KAAK,aAAa,EACzB,QAAQ,QAAQ,OAAO,OAAO;;CAGhD,MAAM,yBAAyB,OAAe,QAAkC;EAC9E,MAAM,SAAS,KAAK,QAAQ,WAAW;AACvC,MAAI,CAAC,OAAQ,QAAO;AACpB,SAAO,KAAK,cAAc,QAAQ,OAAO,OAAO;;CAGlD,MAAM,iBAAiB,QAAgB,QAAkB,QAAkC;EACzF,MAAM,WAAW,MAAM,KAAK,aAAa;EACzC,MAAM,WAAW,OAAO,KAAI,UAAS;GAAC;GAAQ;GAAO;GAAO,CAAC;AAE7D,UADgB,MAAM,SAAS,aAAa,SAAS,EACtC,MAAK,YAAW,QAAQ;;CAGzC,MAAM,4BAA4B,QAAkB,QAAkC;EACpF,MAAM,SAAS,KAAK,QAAQ,WAAW;AACvC,MAAI,CAAC,OAAQ,QAAO;AACpB,SAAO,KAAK,iBAAiB,QAAQ,QAAQ,OAAO;;CAKtD,MAAM,gCAAgC,QAAmD;EAEvF,MAAM,cAAc,OADH,MAAM,KAAK,aAAa,EACN,8BAA8B,OAAO;EAExE,MAAM,SAAmC,EAAE;AAC3C,OAAK,MAAM,CAAC,OAAO,UAAU,WAAW,aAAa;AACnD,UAAO,YAAY,EAAE;AACrB,OAAI,CAAC,OAAO,QAAQ,SAAS,SAAS,CACpC,QAAO,QAAQ,KAAK,SAAS;;AAIjC,SAAO;;CAGT,MAAM,sCAAyE;EAC7E,MAAM,SAAS,KAAK,QAAQ,WAAW;AACvC,MAAI,CAAC,OAAQ,QAAO,EAAE;AACtB,SAAO,KAAK,gCAAgC,OAAO;;;;CAjKtD,UAAU,YAAY,cAAc;oBAGhC,OAAO,UAAU,YAAY,CAAA;oBAE7B,OAAO,sBAAsB,CAAA;;;;;;ACc3B,IAAA,aAAA,cAAA,MAAM,WAAW;CACtB,OAAO,QAAQ,SAA2C;AACxD,SAAO;GACL,QAAA;GACA,WAAW,CACT;IAAE,SAAS,YAAY;IAAS,UAAU;IAA8B,CACzE;GACF;;CAGH,OAAO,aAAa,SAA+D;AACjF,SAAO;GACL,QAAA;GACA,WAAW,CACT;IACE,SAAS,YAAY;IACrB,YAAY,QAAQ;IACpB,QAAQ,QAAQ;IACjB,CACF;GACF;;;uCA1BJ,OAAO,EACN,WAAW,CACT,uBACA;CAAE,SAAS,YAAY;CAAe,UAAU;CAAe,CAChE,EACF,CAAC,CAAA,EAAA,WAAA"}

package/dist/tokens-Di1ofovy.mjs DELETED Viewed

@@ -1,32 +0,0 @@
-import { ApplicationError, ERROR_CODES } from "stratal/errors";
-//#region src/rbac/errors/insufficient-permissions.error.ts
-/**
-* InsufficientPermissionsError
-*
-* Thrown when a user attempts to perform an action without the required permissions.
-* This error is used by the auth guard after authorization check fails.
-*
-* HTTP Status: 403 Forbidden
-* Error Code: 3102 (AUTHZ.INSUFFICIENT_PERMISSIONS)
-*/
-var InsufficientPermissionsError = class extends ApplicationError {
-	constructor(requiredScopes, userId) {
-		super("errors.insufficientPermissions", ERROR_CODES.AUTHZ.INSUFFICIENT_PERMISSIONS, {
-			requiredScopes: requiredScopes.join(", "),
-			userId: userId ?? "unknown"
-		});
-	}
-};
-//#endregion
-//#region src/rbac/tokens.ts
-/**
-* RBAC DI Tokens
-*/
-const RBAC_TOKENS = {
-	CasbinService: Symbol.for("stratal:rbac:casbin:service"),
-	Options: Symbol.for("stratal:rbac:options")
-};
-//#endregion
-export { InsufficientPermissionsError as n, RBAC_TOKENS as t };
-//# sourceMappingURL=tokens-Di1ofovy.mjs.map