@truefoundry/tfy-auth-handler-lib 0.1.0

package/dist/types.d.ts

@@ -0,0 +1,267 @@
+export interface AuthGrant {
+    subjectType: string;
+    subjectIdentifier: string;
+    subjectId: string;
+    resourceType: string;
+    resourceFqn: string;
+    resourceId: string;
+    roleId: string;
+    permissions: string[];
+}
+export interface CachedUser {
+    id: string;
+    email: string;
+    displayName?: string;
+    imageURL?: string;
+}
+export interface CachedTeam {
+    id: string;
+    name: string;
+    members: string[];
+}
+/** Subset of service-account NATS rows for virtual accounts (auth cache). */
+export interface CachedVirtualAccount {
+    id: string;
+    name: string;
+    tags?: Record<string, string>;
+    ownedBy?: string;
+    jwtIds: string[];
+}
+/** Subset of service-account NATS rows for PATs (auth cache). */
+export interface CachedPAT {
+    id: string;
+    name: string;
+    ownedBy?: string;
+    jwtIds: string[];
+}
+/** Mirrors `toNatsFormatExternalIdentity` (llmgateway/utils) — NATS KV external-identity row shape. */
+export interface CachedExternalIdentity {
+    id: string;
+    name: string;
+    manifest: object;
+    tenantName: string;
+}
+/** Nested `providerAccount` in `toNatsFormatIntegration` (llmgateway/utils). */
+export interface CachedIntegrationProviderAccount {
+    id: string;
+    fqn: string;
+    name: string;
+    provider: string;
+    tenantName: string;
+}
+/** Return shape of `toNatsFormatIntegration` — MCP server and guardrail rows under KV `data` (llmgateway/utils). */
+export interface CachedProviderIntegrationRow {
+    id: string;
+    name: string;
+    fqn: string;
+    providerAccount: CachedIntegrationProviderAccount;
+    manifest: object;
+    createdBy: string;
+}
+/** @see CachedProviderIntegrationRow */
+export type CachedMcpServer = CachedProviderIntegrationRow;
+/** @see CachedProviderIntegrationRow */
+export type CachedGuardrail = CachedProviderIntegrationRow;
+/** Mirrors `toNatsFormatRole` (llmgateway/utils) — NATS KV role row shape. */
+export interface CachedRole {
+    id: string;
+    name: string;
+    tenantName: string;
+    accountId: string;
+    resourceType: string;
+    manifest: object;
+}
+/**
+ * `toNatsFormatProviderAccount` plus `integrations` from `addModelsV2InNats` (llmgateway/natsUtilsV2).
+ * Each integration is `toNatsFormatIntegration` output.
+ */
+export interface CachedProviderAccountRow {
+    id: string;
+    fqn: string;
+    name: string;
+    provider: string;
+    tenantName: string;
+    manifest: object;
+    createdBy: string;
+    type: string;
+    integrations: CachedProviderIntegrationRow[];
+}
+export type CachedModel = CachedProviderAccountRow;
+/** Alias: nested integration under a cached provider account row. */
+export type CachedModelIntegration = CachedProviderIntegrationRow;
+/**
+ * Value shape in `addAgentsV2InNats` (llmgateway/natsUtilsV2). The map key is `agent.name`; the value has no top-level `name`.
+ */
+export interface CachedAgent {
+    manifest: object;
+    latestVersion: number;
+    metadata: object | null;
+    fqn: string;
+    id: string;
+}
+/**
+ * KV value is `config.manifest` from `GatewayConfiguration` (`addGatewayConfigsV2InNats`, llmgateway/entities/GatewayConfig `Config`).
+ */
+export interface CachedGatewayConfig {
+    name?: string;
+    type: string;
+    rules?: object;
+    otel_traces_exporter_config?: object;
+}
+/** Mirrors `toNatsFormatServiceAccount` (llmgateway/utils). */
+export interface CachedServiceAccount {
+    id: string;
+    name: string;
+    tenantName: string;
+    type: string;
+    shadowUserEmail: string;
+    authorizedModels: string[];
+    authorizedMCPServers: string[];
+    authorizedModelProviderAccounts: string[];
+    authorizedGuardrailGroupProviderAccounts: string[];
+    authorizedMCPGroups: string[];
+    authorizedAgents: string[];
+    ownedBy: object | undefined;
+    jwtIds: string[];
+    roleIds?: string[];
+    rolesWithResource?: object[];
+    metadata?: object;
+    tags?: object | undefined;
+}
+/** Row object in `addExternalIdentityProvidersV2InNats` (llmgateway/natsUtilsV2). Dates are JSON-serialized. */
+export interface CachedExternalIdentityProvider {
+    id: string;
+    tenantName: string;
+    manifest: object;
+    createdAt: string;
+    updatedAt: string;
+}
+export declare enum AuthCacheEntity {
+    AUTHORIZATION = "authorization",
+    USERS = "users",
+    TEAMS = "teams",
+    MCP_SERVER = "mcp-server",
+    AGENT = "agent",
+    EXTERNAL_IDENTITY = "external-identity",
+    ROLE = "role",
+    EXTERNAL_JWKS = "external-jwks",
+    PRIMARY_JWKS = "primary-jwks",
+    MODEL = "model",
+    GUARDRAIL = "guardrail",
+    GATEWAY_CONFIG = "gateway-config",
+    SERVICE_ACCOUNT = "serviceaccount",
+    VIRTUAL_ACCOUNT = "virtualaccount",
+    PAT = "pat",
+    EXTERNAL_IDENTITY_PROVIDER = "external-identity-provider"
+}
+export interface AuthCacheLogger {
+    log(message: string, ...args: unknown[]): void;
+    error(message: string, ...args: unknown[]): void;
+    warn(message: string, ...args: unknown[]): void;
+    debug(message: string, ...args: unknown[]): void;
+}
+export interface AuthCacheConfig {
+    /** Object Store bucket name. Defaults to 'auth-data'. */
+    bucketName?: string;
+    /** Retry interval when opening the bucket (ms). Defaults to 5000. */
+    openRetryIntervalMs?: number;
+    /** Max retries when opening the bucket. Defaults to 60. */
+    openRetryMaxAttempts?: number;
+    /** Logger instance. Defaults to console with prefixed messages. */
+    logger?: AuthCacheLogger;
+}
+export interface TenantCheckAccessByResourceIdOptions {
+    subjectIdentifier: string;
+    subjectType: 'user' | 'virtualaccount' | 'serviceaccount';
+    resourceId: string;
+    requiredPermission: string;
+}
+export interface CheckAccessByResourceIdOptions extends TenantCheckAccessByResourceIdOptions {
+    tenantName: string;
+}
+export interface ITenantCache {
+    /** Checks whether a subject has the required permission on a resource identified by ID. */
+    checkAccessForResourceId(opts: TenantCheckAccessByResourceIdOptions): boolean;
+    /** Returns the team names the user belongs to (from the in-memory reverse index). */
+    getUserTeams(userEmail: string): string[];
+    /** Substring search over cached users (email or displayName). */
+    searchUsers(substring: string, limit?: number): CachedUser[];
+    /** Substring search over cached teams (team name). */
+    searchTeams(substring: string, limit?: number): CachedTeam[];
+    /** Returns all cached grants for the tenant. */
+    getGrants(): AuthGrant[];
+    /** Returns all cached users for the tenant. */
+    getUsers(): CachedUser[];
+    /** Returns all cached teams for the tenant. */
+    getTeams(): CachedTeam[];
+    /** Returns cached MCP servers, parsed from the NATS KVStoreV2Data blob at write time. */
+    getMcpServers(): CachedMcpServer[];
+    /** Returns cached roles, parsed from the NATS KVStoreV2Data blob at write time. */
+    getRoles(): CachedRole[];
+    /** Returns raw NATS KVStoreV2Data for external JWKS public keys (wire format). */
+    getExternalJwks(): object | null;
+    /** Returns raw NATS KVStoreV2Data for primary JWKS public keys (wire format). */
+    getPrimaryJwks(): object | null;
+    /** Returns cached agents, parsed from the NATS KVStoreV2Data blob at write time. */
+    getAgents(): CachedAgent[];
+    /** Returns cached external identities, parsed from the NATS KVStoreV2Data blob at write time. */
+    getExternalIdentities(): CachedExternalIdentity[];
+    /** Returns cached models (provider accounts with nested integrations), parsed from the NATS KVStoreV2Data blob at write time. */
+    getModels(): CachedModel[];
+    /** Returns cached guardrails, parsed from the NATS KVStoreV2Data blob at write time. */
+    getGuardrails(): CachedGuardrail[];
+    /** Returns cached gateway configs, parsed from the NATS KVStoreV2Data blob at write time. */
+    getGatewayConfigs(): CachedGatewayConfig[];
+    /** Returns cached service accounts, parsed from the NATS KVStoreV2Data blob at write time. */
+    getServiceAccounts(): CachedServiceAccount[];
+    /** Virtual accounts, built from DB snapshot (id, name, tags, ownedBy, jwtIds). */
+    getVirtualAccounts(): CachedVirtualAccount[];
+    /** PATs, built from DB snapshot (id, name, ownedBy, jwtIds). */
+    getPats(): CachedPAT[];
+    /** Returns cached external identity providers, parsed from the NATS KVStoreV2Data blob at write time. */
+    getExternalIdentityProviders(): CachedExternalIdentityProvider[];
+}
+export interface IAuthCache {
+    /** Opens the Object Store bucket and starts the watch loop. Blocks until the bucket is available. */
+    start(): Promise<void>;
+    /** Stops the watch loop and releases resources. */
+    stop(): Promise<void>;
+    /**
+     * Returns true once the initial snapshot from the Object Store has been fully
+     * loaded into memory. Pods should gate readiness on this.
+     */
+    isReady(): boolean;
+    /** Returns the TenantCache for a given tenant, or undefined if no data has been loaded for it. */
+    getTenantCache(tenantName: string): ITenantCache | undefined;
+    /** Checks whether a subject has the required permission on a resource identified by ID. */
+    checkAccessForResourceId(opts: CheckAccessByResourceIdOptions): boolean;
+    /** Returns the team names the user belongs to (from the in-memory reverse index). */
+    getUserTeams(tenantName: string, userEmail: string): string[];
+    /** Substring search over cached users (email or displayName). */
+    searchUsers(tenantName: string, substring: string, limit?: number): CachedUser[];
+    /** Substring search over cached teams (team name). */
+    searchTeams(tenantName: string, substring: string, limit?: number): CachedTeam[];
+    /** Returns all cached users for a tenant. */
+    getUsers(tenantName: string): CachedUser[];
+    /** Returns all cached teams for a tenant. */
+    getTeams(tenantName: string): CachedTeam[];
+    getMcpServers(tenantName: string): CachedMcpServer[];
+    getRoles(tenantName: string): CachedRole[];
+    /** Returns raw NATS KVStoreV2Data for external JWKS public keys (wire format). */
+    getExternalJwks(tenantName: string): object | null;
+    /** Returns raw NATS KVStoreV2Data for primary JWKS public keys (wire format). */
+    getPrimaryJwks(tenantName: string): object | null;
+    getAgents(tenantName: string): CachedAgent[];
+    /** Returns cached external identities, parsed from the NATS KVStoreV2Data blob at write time. */
+    getExternalIdentities(tenantName: string): CachedExternalIdentity[];
+    getModels(tenantName: string): CachedModel[];
+    getGuardrails(tenantName: string): CachedGuardrail[];
+    getGatewayConfigs(tenantName: string): CachedGatewayConfig[];
+    getServiceAccounts(tenantName: string): CachedServiceAccount[];
+    getVirtualAccounts(tenantName: string): CachedVirtualAccount[];
+    getPats(tenantName: string): CachedPAT[];
+    getExternalIdentityProviders(tenantName: string): CachedExternalIdentityProvider[];
+    /** Returns the list of tenant names that have data in the cache. */
+    getTenantNames(): string[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,6EAA6E;AAC7E,MAAM,WAAW,oBAAoB;IACnC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,iEAAiE;AACjE,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,uGAAuG;AACvG,MAAM,WAAW,sBAAsB;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,gFAAgF;AAChF,MAAM,WAAW,gCAAgC;IAC/C,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,oHAAoH;AACpH,MAAM,WAAW,4BAA4B;IAC3C,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,eAAe,EAAE,gCAAgC,CAAC;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wCAAwC;AACxC,MAAM,MAAM,eAAe,GAAG,4BAA4B,CAAC;AAE3D,wCAAwC;AACxC,MAAM,MAAM,eAAe,GAAG,4BAA4B,CAAC;AAE3D,8EAA8E;AAC9E,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,wBAAwB;IACvC,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,4BAA4B,EAAE,CAAC;CAC9C;AAED,MAAM,MAAM,WAAW,GAAG,wBAAwB,CAAC;AAEnD,qEAAqE;AACrE,MAAM,MAAM,sBAAsB,GAAG,4BAA4B,CAAC;AAElE;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,CAAC;CACZ;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2BAA2B,CAAC,EAAE,MAAM,CAAC;CACtC;AAED,+DAA+D;AAC/D,MAAM,WAAW,oBAAoB;IACnC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,+BAA+B,EAAE,MAAM,EAAE,CAAC;IAC1C,wCAAwC,EAAE,MAAM,EAAE,CAAC;IACnD,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,OAAO,EAAE,MAAM,GAAG,SAAS,CAAC;IAC5B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC3B;AAED,gHAAgH;AAChH,MAAM,WAAW,8BAA8B;IAC7C,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,oBAAY,eAAe;IACzB,aAAa,kBAAkB;IAC/B,KAAK,UAAU;IACf,KAAK,UAAU;IACf,UAAU,eAAe;IACzB,KAAK,UAAU;IACf,iBAAiB,sBAAsB;IACvC,IAAI,SAAS;IACb,aAAa,kBAAkB;IAC/B,YAAY,iBAAiB;IAC7B,KAAK,UAAU;IACf,SAAS,cAAc;IACvB,cAAc,mBAAmB;IACjC,eAAe,mBAAmB;IAClC,eAAe,mBAAmB;IAClC,GAAG,QAAQ;IACX,0BAA0B,+BAA+B;CAC1D;AAED,MAAM,WAAW,eAAe;IAC9B,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAC/C,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACjD,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAChD,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;CAClD;AAED,MAAM,WAAW,eAAe;IAC9B,yDAAyD;IACzD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,qEAAqE;IACrE,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,2DAA2D;IAC3D,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,mEAAmE;IACnE,MAAM,CAAC,EAAE,eAAe,CAAC;CAC1B;AAMD,MAAM,WAAW,oCAAoC;IACnD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,EAAE,MAAM,GAAG,gBAAgB,GAAG,gBAAgB,CAAC;IAC1D,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAMD,MAAM,WAAW,8BAA+B,SAAQ,oCAAoC;IAC1F,UAAU,EAAE,MAAM,CAAC;CACpB;AAMD,MAAM,WAAW,YAAY;IAC3B,2FAA2F;IAC3F,wBAAwB,CAAC,IAAI,EAAE,oCAAoC,GAAG,OAAO,CAAC;IAE9E,qFAAqF;IACrF,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAE1C,iEAAiE;IACjE,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,UAAU,EAAE,CAAC;IAE7D,sDAAsD;IACtD,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,UAAU,EAAE,CAAC;IAE7D,gDAAgD;IAChD,SAAS,IAAI,SAAS,EAAE,CAAC;IAEzB,+CAA+C;IAC/C,QAAQ,IAAI,UAAU,EAAE,CAAC;IAEzB,+CAA+C;IAC/C,QAAQ,IAAI,UAAU,EAAE,CAAC;IAEzB,yFAAyF;IACzF,aAAa,IAAI,eAAe,EAAE,CAAC;IAEnC,mFAAmF;IACnF,QAAQ,IAAI,UAAU,EAAE,CAAC;IAEzB,kFAAkF;IAClF,eAAe,IAAI,MAAM,GAAG,IAAI,CAAC;IAEjC,iFAAiF;IACjF,cAAc,IAAI,MAAM,GAAG,IAAI,CAAC;IAEhC,oFAAoF;IACpF,SAAS,IAAI,WAAW,EAAE,CAAC;IAE3B,iGAAiG;IACjG,qBAAqB,IAAI,sBAAsB,EAAE,CAAC;IAElD,iIAAiI;IACjI,SAAS,IAAI,WAAW,EAAE,CAAC;IAE3B,wFAAwF;IACxF,aAAa,IAAI,eAAe,EAAE,CAAC;IAEnC,6FAA6F;IAC7F,iBAAiB,IAAI,mBAAmB,EAAE,CAAC;IAE3C,8FAA8F;IAC9F,kBAAkB,IAAI,oBAAoB,EAAE,CAAC;IAE7C,kFAAkF;IAClF,kBAAkB,IAAI,oBAAoB,EAAE,CAAC;IAE7C,gEAAgE;IAChE,OAAO,IAAI,SAAS,EAAE,CAAC;IAEvB,yGAAyG;IACzG,4BAA4B,IAAI,8BAA8B,EAAE,CAAC;CAClE;AAMD,MAAM,WAAW,UAAU;IACzB,qGAAqG;IACrG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEvB,mDAAmD;IACnD,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtB;;;OAGG;IACH,OAAO,IAAI,OAAO,CAAC;IAEnB,kGAAkG;IAClG,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS,CAAC;IAE7D,2FAA2F;IAC3F,wBAAwB,CAAC,IAAI,EAAE,8BAA8B,GAAG,OAAO,CAAC;IAExE,qFAAqF;IACrF,YAAY,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAE9D,iEAAiE;IACjE,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,UAAU,EAAE,CAAC;IAEjF,sDAAsD;IACtD,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,UAAU,EAAE,CAAC;IAEjF,6CAA6C;IAC7C,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,EAAE,CAAC;IAE3C,6CAA6C;IAC7C,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,EAAE,CAAC;IAE3C,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,eAAe,EAAE,CAAC;IAErD,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,EAAE,CAAC;IAE3C,kFAAkF;IAClF,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAEnD,iFAAiF;IACjF,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAElD,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,WAAW,EAAE,CAAC;IAE7C,iGAAiG;IACjG,qBAAqB,CAAC,UAAU,EAAE,MAAM,GAAG,sBAAsB,EAAE,CAAC;IAEpE,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,WAAW,EAAE,CAAC;IAE7C,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,eAAe,EAAE,CAAC;IAErD,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,mBAAmB,EAAE,CAAC;IAE7D,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,oBAAoB,EAAE,CAAC;IAE/D,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,oBAAoB,EAAE,CAAC;IAE/D,OAAO,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,EAAE,CAAC;IAEzC,4BAA4B,CAAC,UAAU,EAAE,MAAM,GAAG,8BAA8B,EAAE,CAAC;IAEnF,oEAAoE;IACpE,cAAc,IAAI,MAAM,EAAE,CAAC;CAC5B"}

package/dist/types.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthCacheEntity = void 0;
+var AuthCacheEntity;
+(function (AuthCacheEntity) {
+    AuthCacheEntity["AUTHORIZATION"] = "authorization";
+    AuthCacheEntity["USERS"] = "users";
+    AuthCacheEntity["TEAMS"] = "teams";
+    AuthCacheEntity["MCP_SERVER"] = "mcp-server";
+    AuthCacheEntity["AGENT"] = "agent";
+    AuthCacheEntity["EXTERNAL_IDENTITY"] = "external-identity";
+    AuthCacheEntity["ROLE"] = "role";
+    AuthCacheEntity["EXTERNAL_JWKS"] = "external-jwks";
+    AuthCacheEntity["PRIMARY_JWKS"] = "primary-jwks";
+    AuthCacheEntity["MODEL"] = "model";
+    AuthCacheEntity["GUARDRAIL"] = "guardrail";
+    AuthCacheEntity["GATEWAY_CONFIG"] = "gateway-config";
+    AuthCacheEntity["SERVICE_ACCOUNT"] = "serviceaccount";
+    AuthCacheEntity["VIRTUAL_ACCOUNT"] = "virtualaccount";
+    AuthCacheEntity["PAT"] = "pat";
+    AuthCacheEntity["EXTERNAL_IDENTITY_PROVIDER"] = "external-identity-provider";
+})(AuthCacheEntity || (exports.AuthCacheEntity = AuthCacheEntity = {}));
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":";;;AA4JA,IAAY,eAiBX;AAjBD,WAAY,eAAe;IACzB,kDAA+B,CAAA;IAC/B,kCAAe,CAAA;IACf,kCAAe,CAAA;IACf,4CAAyB,CAAA;IACzB,kCAAe,CAAA;IACf,0DAAuC,CAAA;IACvC,gCAAa,CAAA;IACb,kDAA+B,CAAA;IAC/B,gDAA6B,CAAA;IAC7B,kCAAe,CAAA;IACf,0CAAuB,CAAA;IACvB,oDAAiC,CAAA;IACjC,qDAAkC,CAAA;IAClC,qDAAkC,CAAA;IAClC,8BAAW,CAAA;IACX,4EAAyD,CAAA;AAC3D,CAAC,EAjBW,eAAe,+BAAf,eAAe,QAiB1B"}

package/package.json

@@ -0,0 +1,32 @@
+{
+  "name": "@truefoundry/tfy-auth-handler-lib",
+  "version": "0.1.0",
+  "description": "In-memory authorization cache backed by NATS Object Store for TrueFoundry services",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "clean": "rm -rf dist"
+  },
+  "peerDependencies": {
+    "@nats-io/nats-core": "^3.0.0",
+    "@nats-io/jetstream": "^3.0.0",
+    "@nats-io/obj": "^3.0.0",
+    "@sentry/node": "^9.0.0"
+  },
+  "devDependencies": {
+    "@nats-io/nats-core": "^3.0.0",
+    "@nats-io/jetstream": "^3.0.0",
+    "@nats-io/obj": "^3.0.0",
+    "@nats-io/transport-node": "^3.0.2",
+    "nats-jwt": "^0.0.9",
+    "nkeys.js": "^1.0.3",
+    "dotenv": "^16.4.5",
+    "typescript": "^5.4.5"
+  },
+  "files": [
+    "dist/**/*"
+  ],
+  "author": "Truefoundry",
+  "license": "UNLICENSED"
+}