@twin.org/rights-management-service 0.0.1 → 0.0.2-next.2

package/dist/cjs/index.cjs

@@ -227,7 +227,50 @@ function generateRestRoutesRightsManagement(baseRouteName, componentName) {
             }
         ]
     };
-    return [createRoute, updateRoute, retrieveRoute, removeRoute, queryRoute];
+    const interceptRoute = {
+        operationId: "pepIntercept",
+        summary: "Intercept a request",
+        tag: tags[0].name,
+        method: "POST",
+        path: `${baseRouteName}/pep/intercept`,
+        handler: async (httpRequestContext, request) => pepIntercept(httpRequestContext, componentName, request),
+        requestType: {
+            type: "IPepInterceptRequest",
+            examples: [
+                {
+                    id: "pepInterceptExample",
+                    request: {
+                        body: {
+                            assetType: "document",
+                            action: "view",
+                            data: {
+                                id: "document-1",
+                                param1: 1,
+                                param2: 2
+                            }
+                        }
+                    }
+                }
+            ]
+        },
+        responseType: [
+            {
+                type: "IPepInterceptResponse",
+                examples: [
+                    {
+                        id: "pepInterceptResponseExample",
+                        response: {
+                            body: {
+                                id: "document-1",
+                                param1: 1
+                            }
+                        }
+                    }
+                ]
+            }
+        ]
+    };
+    return [createRoute, updateRoute, retrieveRoute, removeRoute, queryRoute, interceptRoute];
 }
 /**
  * PAP: Create a policy.
@@ -322,6 +365,21 @@ async function papQuery(httpRequestContext, componentName, request) {
         }
     };
 }
+/**
+ * PEP: Intercept.
+ * @param httpRequestContext The request context for the API.
+ * @param componentName The name of the component to use in the routes.
+ * @param request The request.
+ * @returns The response object with additional http response properties.
+ */
+async function pepIntercept(httpRequestContext, componentName, request) {
+    core.Guards.object(ROUTES_SOURCE, "request", request);
+    const component = core.ComponentFactory.get(componentName);
+    const result = await component.pepIntercept(request.body.assetType, request.body.action, request.body.data, httpRequestContext.userIdentity ?? "", httpRequestContext.nodeIdentity ?? "");
+    return {
+        body: result
+    };
+}
 
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
@@ -330,10 +388,6 @@ async function papQuery(httpRequestContext, componentName, request) {
  * This is a unified service that provides access to all Rights Management components.
  */
 class RightsManagementService {
-    /**
-     * The namespace supported by the Rights Management service.
-     */
-    static NAMESPACE = "rights-management";
     /**
      * Runtime name for the class.
      */
@@ -342,13 +396,20 @@ class RightsManagementService {
      * The PAP component implementation.
      * @internal
      */
-    _papComponent;
+    _policyAdministrationPointComponent;
+    /**
+     * The PEP component implementation.
+     * @internal
+     */
+    _policyEnforcementPointComponent;
     /**
      * Create a new instance of RightsManagementService.
      * @param options The options for the service.
      */
     constructor(options) {
-        this._papComponent = core.ComponentFactory.get(options?.papComponentType ?? "pap");
+        this._policyAdministrationPointComponent =
+            core.ComponentFactory.get(options?.policyAdministrationPointComponentType ?? "policy-administration-point");
+        this._policyEnforcementPointComponent = core.ComponentFactory.get(options?.policyEnforcementPointComponentType ?? "policy-enforcement-point");
     }
     /**
      * PAP: Create a new policy with auto-generated UID.
@@ -356,9 +417,9 @@ class RightsManagementService {
      * @returns The UID of the created policy.
      */
     async papCreate(policy) {
+        core.Guards.object(this.CLASS_NAME, "policy", policy);
         try {
-            core.Guards.object(this.CLASS_NAME, "policy", policy);
-            const result = await this._papComponent.create(policy);
+            const result = await this._policyAdministrationPointComponent.create(policy);
             return result;
         }
         catch (error) {
@@ -371,9 +432,9 @@ class RightsManagementService {
      * @returns Nothing.
      */
     async papUpdate(policy) {
+        core.Guards.object(this.CLASS_NAME, "policy", policy);
         try {
-            core.Guards.object(this.CLASS_NAME, "policy", policy);
-            await this._papComponent.update(policy);
+            await this._policyAdministrationPointComponent.update(policy);
         }
         catch (error) {
             throw new core.GeneralError(this.CLASS_NAME, "papUpdateFailed", undefined, error);
@@ -385,9 +446,9 @@ class RightsManagementService {
      * @returns The policy.
      */
     async papRetrieve(policyId) {
+        core.Guards.stringValue(this.CLASS_NAME, "policyId", policyId);
         try {
-            core.Guards.stringValue(this.CLASS_NAME, "policyId", policyId);
-            const policy = await this._papComponent.retrieve(policyId);
+            const policy = await this._policyAdministrationPointComponent.retrieve(policyId);
             return policy;
         }
         catch (error) {
@@ -400,9 +461,9 @@ class RightsManagementService {
      * @returns Nothing.
      */
     async papRemove(policyId) {
+        core.Guards.stringValue(this.CLASS_NAME, "policyId", policyId);
         try {
-            core.Guards.stringValue(this.CLASS_NAME, "policyId", policyId);
-            await this._papComponent.remove(policyId);
+            await this._policyAdministrationPointComponent.remove(policyId);
         }
         catch (error) {
             throw new core.GeneralError(this.CLASS_NAME, "papRemoveFailed", undefined, error);
@@ -416,23 +477,43 @@ class RightsManagementService {
      * @returns Cursor for next page of results and the policies matching the query.
      */
     async papQuery(conditions, cursor, pageSize) {
+        if (!core.Is.empty(conditions)) {
+            core.Guards.object(this.CLASS_NAME, "conditions", conditions);
+        }
+        if (!core.Is.empty(cursor)) {
+            core.Guards.stringValue(this.CLASS_NAME, "cursor", cursor);
+        }
+        if (!core.Is.empty(pageSize)) {
+            core.Guards.integer(this.CLASS_NAME, "pageSize", pageSize);
+        }
         try {
-            if (!core.Is.empty(conditions)) {
-                core.Guards.object(this.CLASS_NAME, "conditions", conditions);
-            }
-            if (!core.Is.empty(cursor)) {
-                core.Guards.stringValue(this.CLASS_NAME, "cursor", cursor);
-            }
-            if (!core.Is.empty(pageSize)) {
-                core.Guards.integer(this.CLASS_NAME, "pageSize", pageSize);
-            }
-            const result = await this._papComponent.query(conditions, cursor, pageSize);
+            const result = await this._policyAdministrationPointComponent.query(conditions, cursor, pageSize);
             return result;
         }
         catch (error) {
             throw new core.GeneralError(this.CLASS_NAME, "papQueryFailed", undefined, error);
         }
     }
+    /**
+     * PEP: Process the data using Policy Decision Point (PDP) and return the manipulated data.
+     * @param assetType The type of asset being processed.
+     * @param action The action being performed on the asset.
+     * @param data The data to process.
+     * @param userIdentity The user identity to use in the decision making.
+     * @param nodeIdentity The node identity to use in the decision making.
+     * @returns The manipulated data with any policies applied.
+     */
+    async pepIntercept(assetType, action, data, userIdentity, nodeIdentity) {
+        core.Guards.stringValue(this.CLASS_NAME, "assetType", assetType);
+        core.Guards.stringValue(this.CLASS_NAME, "action", action);
+        try {
+            const result = await this._policyEnforcementPointComponent.intercept(assetType, action, data, userIdentity, nodeIdentity);
+            return result;
+        }
+        catch (error) {
+            throw new core.GeneralError(this.CLASS_NAME, "pepInterceptFailed", undefined, error);
+        }
+    }
 }
 
 /**
@@ -454,5 +535,6 @@ exports.papQuery = papQuery;
 exports.papRemove = papRemove;
 exports.papRetrieve = papRetrieve;
 exports.papUpdate = papUpdate;
+exports.pepIntercept = pepIntercept;
 exports.restEntryPoints = restEntryPoints;
 exports.tags = tags;

package/dist/esm/index.mjs

@@ -225,7 +225,50 @@ function generateRestRoutesRightsManagement(baseRouteName, componentName) {
             }
         ]
     };
-    return [createRoute, updateRoute, retrieveRoute, removeRoute, queryRoute];
+    const interceptRoute = {
+        operationId: "pepIntercept",
+        summary: "Intercept a request",
+        tag: tags[0].name,
+        method: "POST",
+        path: `${baseRouteName}/pep/intercept`,
+        handler: async (httpRequestContext, request) => pepIntercept(httpRequestContext, componentName, request),
+        requestType: {
+            type: "IPepInterceptRequest",
+            examples: [
+                {
+                    id: "pepInterceptExample",
+                    request: {
+                        body: {
+                            assetType: "document",
+                            action: "view",
+                            data: {
+                                id: "document-1",
+                                param1: 1,
+                                param2: 2
+                            }
+                        }
+                    }
+                }
+            ]
+        },
+        responseType: [
+            {
+                type: "IPepInterceptResponse",
+                examples: [
+                    {
+                        id: "pepInterceptResponseExample",
+                        response: {
+                            body: {
+                                id: "document-1",
+                                param1: 1
+                            }
+                        }
+                    }
+                ]
+            }
+        ]
+    };
+    return [createRoute, updateRoute, retrieveRoute, removeRoute, queryRoute, interceptRoute];
 }
 /**
  * PAP: Create a policy.
@@ -320,6 +363,21 @@ async function papQuery(httpRequestContext, componentName, request) {
         }
     };
 }
+/**
+ * PEP: Intercept.
+ * @param httpRequestContext The request context for the API.
+ * @param componentName The name of the component to use in the routes.
+ * @param request The request.
+ * @returns The response object with additional http response properties.
+ */
+async function pepIntercept(httpRequestContext, componentName, request) {
+    Guards.object(ROUTES_SOURCE, "request", request);
+    const component = ComponentFactory.get(componentName);
+    const result = await component.pepIntercept(request.body.assetType, request.body.action, request.body.data, httpRequestContext.userIdentity ?? "", httpRequestContext.nodeIdentity ?? "");
+    return {
+        body: result
+    };
+}
 
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
@@ -328,10 +386,6 @@ async function papQuery(httpRequestContext, componentName, request) {
  * This is a unified service that provides access to all Rights Management components.
  */
 class RightsManagementService {
-    /**
-     * The namespace supported by the Rights Management service.
-     */
-    static NAMESPACE = "rights-management";
     /**
      * Runtime name for the class.
      */
@@ -340,13 +394,20 @@ class RightsManagementService {
      * The PAP component implementation.
      * @internal
      */
-    _papComponent;
+    _policyAdministrationPointComponent;
+    /**
+     * The PEP component implementation.
+     * @internal
+     */
+    _policyEnforcementPointComponent;
     /**
      * Create a new instance of RightsManagementService.
      * @param options The options for the service.
      */
     constructor(options) {
-        this._papComponent = ComponentFactory.get(options?.papComponentType ?? "pap");
+        this._policyAdministrationPointComponent =
+            ComponentFactory.get(options?.policyAdministrationPointComponentType ?? "policy-administration-point");
+        this._policyEnforcementPointComponent = ComponentFactory.get(options?.policyEnforcementPointComponentType ?? "policy-enforcement-point");
     }
     /**
      * PAP: Create a new policy with auto-generated UID.
@@ -354,9 +415,9 @@ class RightsManagementService {
      * @returns The UID of the created policy.
      */
     async papCreate(policy) {
+        Guards.object(this.CLASS_NAME, "policy", policy);
         try {
-            Guards.object(this.CLASS_NAME, "policy", policy);
-            const result = await this._papComponent.create(policy);
+            const result = await this._policyAdministrationPointComponent.create(policy);
             return result;
         }
         catch (error) {
@@ -369,9 +430,9 @@ class RightsManagementService {
      * @returns Nothing.
      */
     async papUpdate(policy) {
+        Guards.object(this.CLASS_NAME, "policy", policy);
         try {
-            Guards.object(this.CLASS_NAME, "policy", policy);
-            await this._papComponent.update(policy);
+            await this._policyAdministrationPointComponent.update(policy);
         }
         catch (error) {
             throw new GeneralError(this.CLASS_NAME, "papUpdateFailed", undefined, error);
@@ -383,9 +444,9 @@ class RightsManagementService {
      * @returns The policy.
      */
     async papRetrieve(policyId) {
+        Guards.stringValue(this.CLASS_NAME, "policyId", policyId);
         try {
-            Guards.stringValue(this.CLASS_NAME, "policyId", policyId);
-            const policy = await this._papComponent.retrieve(policyId);
+            const policy = await this._policyAdministrationPointComponent.retrieve(policyId);
             return policy;
         }
         catch (error) {
@@ -398,9 +459,9 @@ class RightsManagementService {
      * @returns Nothing.
      */
     async papRemove(policyId) {
+        Guards.stringValue(this.CLASS_NAME, "policyId", policyId);
         try {
-            Guards.stringValue(this.CLASS_NAME, "policyId", policyId);
-            await this._papComponent.remove(policyId);
+            await this._policyAdministrationPointComponent.remove(policyId);
         }
         catch (error) {
             throw new GeneralError(this.CLASS_NAME, "papRemoveFailed", undefined, error);
@@ -414,23 +475,43 @@ class RightsManagementService {
      * @returns Cursor for next page of results and the policies matching the query.
      */
     async papQuery(conditions, cursor, pageSize) {
+        if (!Is.empty(conditions)) {
+            Guards.object(this.CLASS_NAME, "conditions", conditions);
+        }
+        if (!Is.empty(cursor)) {
+            Guards.stringValue(this.CLASS_NAME, "cursor", cursor);
+        }
+        if (!Is.empty(pageSize)) {
+            Guards.integer(this.CLASS_NAME, "pageSize", pageSize);
+        }
         try {
-            if (!Is.empty(conditions)) {
-                Guards.object(this.CLASS_NAME, "conditions", conditions);
-            }
-            if (!Is.empty(cursor)) {
-                Guards.stringValue(this.CLASS_NAME, "cursor", cursor);
-            }
-            if (!Is.empty(pageSize)) {
-                Guards.integer(this.CLASS_NAME, "pageSize", pageSize);
-            }
-            const result = await this._papComponent.query(conditions, cursor, pageSize);
+            const result = await this._policyAdministrationPointComponent.query(conditions, cursor, pageSize);
             return result;
         }
         catch (error) {
             throw new GeneralError(this.CLASS_NAME, "papQueryFailed", undefined, error);
         }
     }
+    /**
+     * PEP: Process the data using Policy Decision Point (PDP) and return the manipulated data.
+     * @param assetType The type of asset being processed.
+     * @param action The action being performed on the asset.
+     * @param data The data to process.
+     * @param userIdentity The user identity to use in the decision making.
+     * @param nodeIdentity The node identity to use in the decision making.
+     * @returns The manipulated data with any policies applied.
+     */
+    async pepIntercept(assetType, action, data, userIdentity, nodeIdentity) {
+        Guards.stringValue(this.CLASS_NAME, "assetType", assetType);
+        Guards.stringValue(this.CLASS_NAME, "action", action);
+        try {
+            const result = await this._policyEnforcementPointComponent.intercept(assetType, action, data, userIdentity, nodeIdentity);
+            return result;
+        }
+        catch (error) {
+            throw new GeneralError(this.CLASS_NAME, "pepInterceptFailed", undefined, error);
+        }
+    }
 }
 
 /**
@@ -445,4 +526,4 @@ const restEntryPoints = [
     }
 ];
 
-export { RightsManagementService, generateRestRoutesRightsManagement, papCreate, papQuery, papRemove, papRetrieve, papUpdate, restEntryPoints, tags };
+export { RightsManagementService, generateRestRoutesRightsManagement, papCreate, papQuery, papRemove, papRetrieve, papUpdate, pepIntercept, restEntryPoints, tags };

package/dist/types/models/IRightsManagementServiceConstructorOptions.d.ts

@@ -4,7 +4,12 @@
 export interface IRightsManagementServiceConstructorOptions {
     /**
      * The type of the Policy Administration Point (PAP) component.
-     * @default pap
+     * @default policy-administration-point
      */
-    papComponentType?: string;
+    policyAdministrationPointComponentType?: string;
+    /**
+     * The type of the Policy Enforcement Point (PEP) component.
+     * @default policy-enforcement-point
+     */
+    policyEnforcementPointComponentType?: string;
 }

package/dist/types/rightsManagementRoutes.d.ts

@@ -1,5 +1,5 @@
 import { type ICreatedResponse, type IHttpRequestContext, type INoContentResponse, type IRestRoute, type ITag } from "@twin.org/api-models";
-import type { IPapCreateRequest, IPapQueryRequest, IPapQueryResponse, IPapRemoveRequest, IPapRetrieveRequest, IPapRetrieveResponse, IPapUpdateRequest } from "@twin.org/rights-management-models";
+import type { IPapCreateRequest, IPapQueryRequest, IPapQueryResponse, IPapRemoveRequest, IPapRetrieveRequest, IPapRetrieveResponse, IPapUpdateRequest, IPepInterceptRequest, IPepInterceptResponse } from "@twin.org/rights-management-models";
 /**
  * The tag to associate with the routes.
  */
@@ -51,3 +51,11 @@ export declare function papRemove(httpRequestContext: IHttpRequestContext, compo
  * @returns The response object with additional http response properties.
  */
 export declare function papQuery(httpRequestContext: IHttpRequestContext, componentName: string, request: IPapQueryRequest): Promise<IPapQueryResponse>;
+/**
+ * PEP: Intercept.
+ * @param httpRequestContext The request context for the API.
+ * @param componentName The name of the component to use in the routes.
+ * @param request The request.
+ * @returns The response object with additional http response properties.
+ */
+export declare function pepIntercept(httpRequestContext: IHttpRequestContext, componentName: string, request: IPepInterceptRequest): Promise<IPepInterceptResponse>;

package/dist/types/rightsManagementService.d.ts

@@ -7,10 +7,6 @@ import type { IRightsManagementServiceConstructorOptions } from "./models/IRight
  * This is a unified service that provides access to all Rights Management components.
  */
 export declare class RightsManagementService implements IRightsManagementComponent {
-    /**
-     * The namespace supported by the Rights Management service.
-     */
-    static readonly NAMESPACE: string;
     /**
      * Runtime name for the class.
      */
@@ -55,4 +51,14 @@ export declare class RightsManagementService implements IRightsManagementCompone
         cursor?: string;
         policies: IOdrlPolicy[];
     }>;
+    /**
+     * PEP: Process the data using Policy Decision Point (PDP) and return the manipulated data.
+     * @param assetType The type of asset being processed.
+     * @param action The action being performed on the asset.
+     * @param data The data to process.
+     * @param userIdentity The user identity to use in the decision making.
+     * @param nodeIdentity The node identity to use in the decision making.
+     * @returns The manipulated data with any policies applied.
+     */
+    pepIntercept<T = unknown>(assetType: string, action: string, data: T | undefined, userIdentity: string | undefined, nodeIdentity: string | undefined): Promise<T | undefined>;
 }

package/docs/changelog.md

@@ -1,5 +1,56 @@
 # @twin.org/rights-management-pap-service - Changelog
 
+## [0.0.2-next.2](https://github.com/twinfoundation/rights-management/compare/rights-management-service-v0.0.2-next.1...rights-management-service-v0.0.2-next.2) (2025-08-22)
+
+
+### Features
+
+* add scaffold for other services ([de25f34](https://github.com/twinfoundation/rights-management/commit/de25f34c40fb65b6d73df98965ea4e368019da84))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/rights-management-models bumped from 0.0.2-next.1 to 0.0.2-next.2
+  * devDependencies
+    * @twin.org/rights-management-pap-service bumped from 0.0.2-next.1 to 0.0.2-next.2
+    * @twin.org/rights-management-pdp-service bumped from 0.0.2-next.1 to 0.0.2-next.2
+    * @twin.org/rights-management-pep-service bumped from 0.0.2-next.1 to 0.0.2-next.2
+    * @twin.org/rights-management-pip-service bumped from 0.0.2-next.1 to 0.0.2-next.2
+    * @twin.org/rights-management-pmp-service bumped from 0.0.2-next.1 to 0.0.2-next.2
+    * @twin.org/rights-management-pxp-service bumped from 0.0.2-next.1 to 0.0.2-next.2
+
+## [0.0.2-next.1](https://github.com/twinfoundation/rights-management/compare/rights-management-service-v0.0.2-next.0...rights-management-service-v0.0.2-next.1) (2025-08-20)
+
+
+### Features
+
+* pap create, update methods ([#13](https://github.com/twinfoundation/rights-management/issues/13)) ([edb6c9e](https://github.com/twinfoundation/rights-management/commit/edb6c9efcfda55ac96f7594253bf831b4f0e5993))
+* remove unnecessary config options from service ([31ef3a2](https://github.com/twinfoundation/rights-management/commit/31ef3a2eb2293efdad7e6b8b55f105cc62bba3ed))
+* remove unused namespace ([e8aa679](https://github.com/twinfoundation/rights-management/commit/e8aa679479231a49f86dd8dec5f9b811bd3f595f))
+* rename pap entity storage to pap service ([38a2c14](https://github.com/twinfoundation/rights-management/commit/38a2c14d8f63a86e398820166c83437be5aca1b8))
+* rights management pap ([#4](https://github.com/twinfoundation/rights-management/issues/4)) ([d1165a9](https://github.com/twinfoundation/rights-management/commit/d1165a92f57128731cfb308d977832e28cf33493))
+* update dependencies ([dd0a553](https://github.com/twinfoundation/rights-management/commit/dd0a553020b0dc5c41fb6865a2e36bd26045b0b9))
+* update framework core ([d0ffcba](https://github.com/twinfoundation/rights-management/commit/d0ffcba9cf1dc2b562193ee298f099612d100ce8))
+* update twindev schemas ([5d4edc1](https://github.com/twinfoundation/rights-management/commit/5d4edc1326fef611619d4b371a5d05a75ada719a))
+
+
+### Bug Fixes
+
+* adding missing dependency ([#15](https://github.com/twinfoundation/rights-management/issues/15)) ([c7e6267](https://github.com/twinfoundation/rights-management/commit/c7e62678b296ef8d28c31921cb78aeabe674cd84))
+* modifying the function name for the rest routes ([#6](https://github.com/twinfoundation/rights-management/issues/6)) ([7915111](https://github.com/twinfoundation/rights-management/commit/7915111ac608c9d69bcaa819c85b553fc9bace6a))
+* query params force coercion ([8590a0d](https://github.com/twinfoundation/rights-management/commit/8590a0da92584c04b67e73c448319f96f70c34a5))
+* slimline openapi spec ([aacb9d5](https://github.com/twinfoundation/rights-management/commit/aacb9d50f80d3652ef7419ca3777f53e542773f1))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/rights-management-models bumped from 0.0.2-next.0 to 0.0.2-next.1
+    * @twin.org/rights-management-pap-service bumped from 0.0.2-next.0 to 0.0.2-next.1
+
 ## 0.0.1 (2025-07-08)
 
 

package/docs/open-api/spec.json

@@ -1,5 +1,5 @@
 {
-	"openapi": "3.1.0",
+	"openapi": "3.1.1",
 	"info": {
 		"title": "TWIN - Test Endpoints",
 		"description": "REST API for TWIN - Test Endpoints.",
@@ -39,7 +39,7 @@
 					"content": {
 						"application/json": {
 							"schema": {
-								"$ref": "https://schema.twindev.org/odrl/OdrlPolicy"
+								"$ref": "https://schema.twindev.org/w3c-odrl/OdrlPolicy"
 							},
 							"examples": {
 								"papCreateExample": {
@@ -161,7 +161,7 @@
 					"content": {
 						"application/json": {
 							"schema": {
-								"$ref": "https://schema.twindev.org/odrl/OdrlPolicy"
+								"$ref": "https://schema.twindev.org/w3c-odrl/OdrlPolicy"
 							},
 							"examples": {
 								"papUpdateExample": {
@@ -274,7 +274,7 @@
 						"content": {
 							"application/json": {
 								"schema": {
-									"$ref": "https://schema.twindev.org/odrl/OdrlPolicy"
+									"$ref": "https://schema.twindev.org/w3c-odrl/OdrlPolicy"
 								},
 								"examples": {
 									"papRetrieveResponseExample": {
@@ -576,6 +576,121 @@
 					}
 				}
 			}
+		},
+		"/rights-management/pep/intercept": {
+			"post": {
+				"operationId": "pepIntercept",
+				"summary": "Intercept a request",
+				"tags": [
+					"Policy Administration Point"
+				],
+				"security": [
+					{
+						"jwtBearerAuthScheme": []
+					}
+				],
+				"requestBody": {
+					"description": "The request structure for intercepting a request and enforcing a policy.",
+					"required": true,
+					"content": {
+						"application/json": {
+							"schema": {
+								"$ref": "#/components/schemas/PepInterceptRequest"
+							},
+							"examples": {
+								"pepInterceptExample": {
+									"value": {
+										"assetType": "document",
+										"action": "view",
+										"data": {
+											"id": "document-1",
+											"param1": 1,
+											"param2": 2
+										}
+									}
+								}
+							}
+						}
+					}
+				},
+				"responses": {
+					"200": {
+						"description": "The response structure for intercepting a request and enforcing a policy.",
+						"content": {
+							"application/json": {
+								"schema": {
+									"$ref": "#/components/schemas/PepInterceptResponse"
+								},
+								"examples": {
+									"pepInterceptResponseExample": {
+										"value": {
+											"id": "document-1",
+											"param1": 1
+										}
+									}
+								}
+							}
+						}
+					},
+					"400": {
+						"description": "The server cannot process the request, see the content for more details.",
+						"content": {
+							"application/json": {
+								"schema": {
+									"$ref": "#/components/schemas/Error"
+								},
+								"examples": {
+									"exampleResponse": {
+										"value": {
+											"name": "GeneralError",
+											"message": "component.error",
+											"properties": {
+												"foo": "bar"
+											}
+										}
+									}
+								}
+							}
+						}
+					},
+					"401": {
+						"description": "You are not authorized to use the API or no credentials were supplied, see the content for more details.",
+						"content": {
+							"application/json": {
+								"schema": {
+									"$ref": "#/components/schemas/Error"
+								},
+								"examples": {
+									"exampleResponse": {
+										"value": {
+											"name": "UnauthorizedError",
+											"message": "component.error"
+										}
+									}
+								}
+							}
+						}
+					},
+					"500": {
+						"description": "The server has encountered a situation it does not know how to handle, see the content for more details.",
+						"content": {
+							"application/json": {
+								"schema": {
+									"$ref": "#/components/schemas/Error"
+								},
+								"examples": {
+									"exampleResponse": {
+										"value": {
+											"name": "InternalServerError",
+											"message": "component.error"
+										}
+									}
+								}
+							}
+						}
+					}
+				}
+			}
 		}
 	},
 	"components": {
@@ -604,7 +719,7 @@
 						"type": "string",
 						"description": "The stack trace for the error."
 					},
-					"inner": {
+					"cause": {
 						"$ref": "#/components/schemas/Error"
 					}
 				},
@@ -615,6 +730,357 @@
 				"additionalProperties": false,
 				"description": "Model to describe serialized error."
 			},
+			"OdrlPolicy": {
+				"type": "object",
+				"properties": {
+					"@context": {
+						"$ref": "https://schema.twindev.org/w3c-odrl/OdrlContextType"
+					},
+					"@type": {
+						"$ref": "https://schema.twindev.org/w3c-odrl/PolicyType"
+					},
+					"profile": {
+						"anyOf": [
+							{
+								"type": "string"
+							},
+							{
+								"type": "array",
+								"items": false,
+								"prefixItems": [
+									{
+										"type": "string"
+									}
+								]
+							}
+						],
+						"description": "The profile(s) this policy conforms to. IRIs identifying the ODRL Profile(s)."
+					},
+					"assigner": {
+						"anyOf": [
+							{
+								"type": "string"
+							},
+							{
+								"$ref": "https://schema.twindev.org/w3c-odrl/OdrlParty"
+							}
+						],
+						"description": "The assigner of the policy. Applies to all rules unless overridden at rule level."
+					},
+					"assignee": {
+						"anyOf": [
+							{
+								"type": "string"
+							},
+							{
+								"$ref": "https://schema.twindev.org/w3c-odrl/OdrlParty"
+							}
+						],
+						"description": "The assignee of the policy. Applies to all rules unless overridden at rule level."
+					},
+					"target": {
+						"anyOf": [
+							{
+								"type": "string"
+							},
+							{
+								"$ref": "https://schema.twindev.org/w3c-odrl/OdrlAsset"
+							},
+							{
+								"type": "array",
+								"items": false,
+								"prefixItems": [
+									{
+										"anyOf": [
+											{
+												"type": "string"
+											},
+											{
+												"$ref": "https://schema.twindev.org/w3c-odrl/OdrlAsset"
+											}
+										]
+									}
+								]
+							}
+						],
+						"description": "The target asset for the rule."
+					},
+					"action": {
+						"anyOf": [
+							{
+								"$ref": "https://schema.twindev.org/w3c-odrl/ActionType"
+							},
+							{
+								"$ref": "https://schema.twindev.org/w3c-odrl/OdrlAction"
+							},
+							{
+								"type": "array",
+								"items": false,
+								"prefixItems": [
+									{
+										"anyOf": [
+											{
+												"$ref": "https://schema.twindev.org/w3c-odrl/ActionType"
+											},
+											{
+												"$ref": "https://schema.twindev.org/w3c-odrl/OdrlAction"
+											}
+										]
+									}
+								]
+							}
+						],
+						"description": "The action associated with the rule."
+					},
+					"inheritFrom": {
+						"anyOf": [
+							{
+								"type": "string"
+							},
+							{
+								"type": "array",
+								"items": false,
+								"prefixItems": [
+									{
+										"type": "string"
+									}
+								]
+							}
+						],
+						"description": "The parent policy(ies) this policy inherits from. IRIs identifying the parent Policy(ies)."
+					},
+					"conflict": {
+						"$ref": "https://schema.twindev.org/w3c-odrl/ConflictStrategyType"
+					},
+					"permission": {
+						"type": "array",
+						"items": false,
+						"description": "The permissions in the policy. At least one of permission, prohibition, or obligation must be present.",
+						"prefixItems": [
+							{
+								"$ref": "https://schema.twindev.org/w3c-odrl/OdrlPermission"
+							}
+						]
+					},
+					"prohibition": {
+						"type": "array",
+						"items": false,
+						"description": "The prohibitions in the policy. At least one of permission, prohibition, or obligation must be present.",
+						"prefixItems": [
+							{
+								"$ref": "https://schema.twindev.org/w3c-odrl/OdrlProhibition"
+							}
+						]
+					},
+					"obligation": {
+						"type": "array",
+						"items": false,
+						"description": "The obligations in the policy. At least one of permission, prohibition, or obligation must be present.",
+						"prefixItems": [
+							{
+								"$ref": "https://schema.twindev.org/w3c-odrl/OdrlDuty"
+							}
+						]
+					},
+					"@id": {
+						"anyOf": [
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdNodePrimitive"
+							},
+							{
+								"type": "array",
+								"items": false,
+								"prefixItems": [
+									{
+										"$ref": "https://schema.twindev.org/json-ld/JsonLdNodePrimitive"
+									}
+								]
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdLanguageMap"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdIndexMap"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdIncludedBlock"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdIdMap"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdTypeMap"
+							}
+						]
+					},
+					"@included": {
+						"anyOf": [
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdNodePrimitive"
+							},
+							{
+								"type": "array",
+								"items": false,
+								"prefixItems": [
+									{
+										"$ref": "https://schema.twindev.org/json-ld/JsonLdNodePrimitive"
+									}
+								]
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdLanguageMap"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdIndexMap"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdIncludedBlock"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdIdMap"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdTypeMap"
+							}
+						]
+					},
+					"@graph": {
+						"anyOf": [
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdNodePrimitive"
+							},
+							{
+								"type": "array",
+								"items": false,
+								"prefixItems": [
+									{
+										"$ref": "https://schema.twindev.org/json-ld/JsonLdNodePrimitive"
+									}
+								]
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdLanguageMap"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdIndexMap"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdIncludedBlock"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdIdMap"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdTypeMap"
+							}
+						]
+					},
+					"@nest": {
+						"anyOf": [
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdNodePrimitive"
+							},
+							{
+								"type": "array",
+								"items": false,
+								"prefixItems": [
+									{
+										"$ref": "https://schema.twindev.org/json-ld/JsonLdNodePrimitive"
+									}
+								]
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdLanguageMap"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdIndexMap"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdIncludedBlock"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdIdMap"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdTypeMap"
+							}
+						]
+					},
+					"@reverse": {
+						"anyOf": [
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdNodePrimitive"
+							},
+							{
+								"type": "array",
+								"items": false,
+								"prefixItems": [
+									{
+										"$ref": "https://schema.twindev.org/json-ld/JsonLdNodePrimitive"
+									}
+								]
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdLanguageMap"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdIndexMap"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdIncludedBlock"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdIdMap"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdTypeMap"
+							}
+						]
+					},
+					"@index": {
+						"anyOf": [
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdNodePrimitive"
+							},
+							{
+								"type": "array",
+								"items": false,
+								"prefixItems": [
+									{
+										"$ref": "https://schema.twindev.org/json-ld/JsonLdNodePrimitive"
+									}
+								]
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdLanguageMap"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdIndexMap"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdIncludedBlock"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdIdMap"
+							},
+							{
+								"$ref": "https://schema.twindev.org/json-ld/JsonLdTypeMap"
+							}
+						]
+					}
+				},
+				"required": [
+					"@context",
+					"@type",
+					"@id",
+					"@included",
+					"@graph",
+					"@nest",
+					"@reverse",
+					"@index"
+				],
+				"additionalProperties": false
+			},
 			"PapQueryResponse": {
 				"type": "object",
 				"properties": {
@@ -624,10 +1090,11 @@
 					},
 					"policies": {
 						"type": "array",
+						"items": false,
 						"description": "The policies matching the query.",
 						"prefixItems": [
 							{
-								"$ref": "https://schema.twindev.org/odrl/OdrlPolicy"
+								"$ref": "https://schema.twindev.org/w3c-odrl/OdrlPolicy"
 							}
 						]
 					}
@@ -637,6 +1104,32 @@
 				],
 				"additionalProperties": false,
 				"description": "The body of the response."
+			},
+			"PepInterceptRequest": {
+				"type": "object",
+				"properties": {
+					"assetType": {
+						"type": "string",
+						"description": "The type of the asset to enforce the policy on."
+					},
+					"action": {
+						"type": "string",
+						"description": "The action to perform on the asset."
+					},
+					"data": {
+						"description": "The data to include in the request."
+					}
+				},
+				"required": [
+					"assetType",
+					"action",
+					"data"
+				],
+				"additionalProperties": false,
+				"description": "The body parameters of the request."
+			},
+			"PepInterceptResponse": {
+				"description": "The manipulated data with any policies applied."
 			}
 		},
 		"securitySchemes": {

package/docs/reference/classes/RightsManagementService.md

@@ -29,14 +29,6 @@ The options for the service.
 
 ## Properties
 
-### NAMESPACE
-
-> `readonly` `static` **NAMESPACE**: `string` = `"rights-management"`
-
-The namespace supported by the Rights Management service.
-
-***
-
 ### CLASS\_NAME
 
 > `readonly` **CLASS\_NAME**: `string`
@@ -188,3 +180,59 @@ Cursor for next page of results and the policies matching the query.
 #### Implementation of
 
 `IRightsManagementComponent.papQuery`
+
+***
+
+### pepIntercept()
+
+> **pepIntercept**\<`T`\>(`assetType`, `action`, `data`, `userIdentity`, `nodeIdentity`): `Promise`\<`undefined` \| `T`\>
+
+PEP: Process the data using Policy Decision Point (PDP) and return the manipulated data.
+
+#### Type Parameters
+
+##### T
+
+`T` = `unknown`
+
+#### Parameters
+
+##### assetType
+
+`string`
+
+The type of asset being processed.
+
+##### action
+
+`string`
+
+The action being performed on the asset.
+
+##### data
+
+The data to process.
+
+`undefined` | `T`
+
+##### userIdentity
+
+The user identity to use in the decision making.
+
+`undefined` | `string`
+
+##### nodeIdentity
+
+The node identity to use in the decision making.
+
+`undefined` | `string`
+
+#### Returns
+
+`Promise`\<`undefined` \| `T`\>
+
+The manipulated data with any policies applied.
+
+#### Implementation of
+
+`IRightsManagementComponent.pepIntercept`

package/docs/reference/functions/pepIntercept.md

@@ -0,0 +1,31 @@
+# Function: pepIntercept()
+
+> **pepIntercept**(`httpRequestContext`, `componentName`, `request`): `Promise`\<`IPepInterceptResponse`\>
+
+PEP: Intercept.
+
+## Parameters
+
+### httpRequestContext
+
+`IHttpRequestContext`
+
+The request context for the API.
+
+### componentName
+
+`string`
+
+The name of the component to use in the routes.
+
+### request
+
+`IPepInterceptRequest`
+
+The request.
+
+## Returns
+
+`Promise`\<`IPepInterceptResponse`\>
+
+The response object with additional http response properties.

package/docs/reference/index.md

@@ -21,3 +21,4 @@
 - [papRetrieve](functions/papRetrieve.md)
 - [papRemove](functions/papRemove.md)
 - [papQuery](functions/papQuery.md)
+- [pepIntercept](functions/pepIntercept.md)

package/docs/reference/interfaces/IRightsManagementServiceConstructorOptions.md

@@ -4,14 +4,28 @@ The constructor options for the RightsManagementService.
 
 ## Properties
 
-### papComponentType?
+### policyAdministrationPointComponentType?
 
-> `optional` **papComponentType**: `string`
+> `optional` **policyAdministrationPointComponentType**: `string`
 
 The type of the Policy Administration Point (PAP) component.
 
 #### Default
 
 ```ts
-pap
+policy-administration-point
+```
+
+***
+
+### policyEnforcementPointComponentType?
+
+> `optional` **policyEnforcementPointComponentType**: `string`
+
+The type of the Policy Enforcement Point (PEP) component.
+
+#### Default
+
+```ts
+policy-enforcement-point
 ```

package/locales/en.json

@@ -6,7 +6,8 @@
 			"papUpdateFailed": "Failed to update policy through PAP",
 			"papRetrieveFailed": "Failed to retrieve policy through PAP",
 			"papRemoveFailed": "Failed to remove policy through PAP",
-			"papQueryFailed": "Failed to query policies through PAP"
+			"papQueryFailed": "Failed to query policies through PAP",
+			"pepInterceptFailed": "Failed to intercept data through PEP"
 		}
 	}
 }

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@twin.org/rights-management-service",
-	"version": "0.0.1",
+	"version": "0.0.2-next.2",
 	"description": "Rights Management service implementation and REST endpoint definitions",
 	"repository": {
 		"type": "git",
@@ -14,14 +14,13 @@
 		"node": ">=20.0.0"
 	},
 	"dependencies": {
-		"@twin.org/api-models": "^0.0.2-next.1",
-		"@twin.org/core": "^0.0.1",
-		"@twin.org/entity": "^0.0.1",
-		"@twin.org/nameof": "^0.0.1",
-		"@twin.org/rights-management-models": "^0.0.1",
-		"@twin.org/rights-management-pap-service": "^0.0.1",
-		"@twin.org/standards-w3c-odrl": "^0.0.1",
-		"@twin.org/web": "^0.0.1"
+		"@twin.org/api-models": "next",
+		"@twin.org/core": "next",
+		"@twin.org/entity": "next",
+		"@twin.org/nameof": "next",
+		"@twin.org/rights-management-models": "0.0.2-next.2",
+		"@twin.org/standards-w3c-odrl": "next",
+		"@twin.org/web": "next"
 	},
 	"main": "./dist/cjs/index.cjs",
 	"module": "./dist/esm/index.mjs",