@valon-technologies/gestalt 0.0.1-alpha.35 → 0.0.1-alpha.36

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@valon-technologies/gestalt",
-  "version": "0.0.1-alpha.35",
+  "version": "0.0.1-alpha.36",
   "description": "TypeScript SDK for Gestalt executable providers",
   "type": "module",
   "repository": {

package/src/api.ts

@@ -7,6 +7,9 @@ export interface Subject {
   id: string;
   credentialSubjectId: string;
   email: string;
+  kind?: string | undefined;
+  displayName?: string | undefined;
+  authSource?: string | undefined;
 }
 
 /**
@@ -169,11 +172,17 @@ export function request(
       id: subject.id ?? "",
       credentialSubjectId: subject.credentialSubjectId ?? "",
       email: subject.email ?? "",
+      kind: subject.kind,
+      displayName: subject.displayName,
+      authSource: subject.authSource,
     },
     agentSubject: {
       id: agentSubject.id ?? "",
       credentialSubjectId: agentSubject.credentialSubjectId ?? "",
       email: agentSubject.email ?? "",
+      kind: agentSubject.kind,
+      displayName: agentSubject.displayName,
+      authSource: agentSubject.authSource,
     },
     credential: {
       mode: credential.mode ?? "",

package/src/authorization.ts

@@ -6,16 +6,25 @@ import {
   type Client,
   type ServiceImpl,
 } from "@connectrpc/connect";
+import { EmptySchema } from "@bufbuild/protobuf/wkt";
 
 import {
+  ActionSchema,
+  AddRelationshipRequestSchema,
   AddRelationshipResponseSchema,
+  AuthorizationModelSchema,
+  AuthorizationModelResourceTypeFilterSchema,
   AuthorizationModelRefSchema,
   AuthorizationModelResourceTypeSchema,
+  CheckAccessManyRequestSchema,
   CheckAccessManyResponseSchema,
+  CheckAccessRequestSchema,
   CheckAccessResponseSchema,
   DefaultAccessPolicy as ProtoDefaultAccessPolicy,
+  DeleteRelationshipRequestSchema,
   DeleteRelationshipResponseSchema,
   GetActiveModelRefResponseSchema,
+  ListActiveModelResourceTypesRequestSchema,
   ListRelationshipsRequestSchema,
   ListActiveModelResourceTypesResponseSchema,
   ListRelationshipsResponseSchema,
@@ -27,7 +36,9 @@ import {
   RelationshipTargetType as ProtoRelationshipTargetType,
   RelationshipTupleSchema,
   ResourceSchema,
+  SetActiveModelRequestSchema,
   SetActiveModelResponseSchema,
+  SetAuthorizationStateRequestSchema,
   SetAuthorizationStateResponseSchema,
   SourceLayer as ProtoSourceLayer,
   SubjectSchema,
@@ -35,12 +46,18 @@ import {
   SubjectSetTypeSchema,
   AuthorizationProvider as AuthorizationProviderService,
   type AddRelationshipRequest as ProtoAddRelationshipRequest,
+  type AddRelationshipResponse as ProtoAddRelationshipResponse,
   type AuthorizationModel as ProtoAuthorizationModel,
   type AuthorizationModelResourceType as ProtoAuthorizationModelResourceType,
   type CheckAccessManyRequest as ProtoCheckAccessManyRequest,
+  type CheckAccessManyResponse as ProtoCheckAccessManyResponse,
   type CheckAccessRequest as ProtoCheckAccessRequest,
+  type CheckAccessResponse as ProtoCheckAccessResponse,
   type DeleteRelationshipRequest as ProtoDeleteRelationshipRequest,
+  type DeleteRelationshipResponse as ProtoDeleteRelationshipResponse,
+  type GetActiveModelRefResponse as ProtoGetActiveModelRefResponse,
   type ListActiveModelResourceTypesRequest as ProtoListActiveModelResourceTypesRequest,
+  type ListActiveModelResourceTypesResponse as ProtoListActiveModelResourceTypesResponse,
   type ListRelationshipsRequest as ProtoListRelationshipsRequest,
   type ListRelationshipsResponse as ProtoListRelationshipsResponse,
   type ModelAllowedTarget as ProtoModelAllowedTarget,
@@ -48,13 +65,16 @@ import {
   type RelationshipFilter as ProtoRelationshipFilter,
   type RelationshipTarget as ProtoRelationshipTarget,
   type RelationshipTuple as ProtoRelationshipTuple,
+  type SetActiveModelResponse as ProtoSetActiveModelResponse,
   type SetActiveModelRequest as ProtoSetActiveModelRequest,
+  type SetAuthorizationStateResponse as ProtoSetAuthorizationStateResponse,
   type SetAuthorizationStateRequest as ProtoSetAuthorizationStateRequest,
   type SubjectSet as ProtoSubjectSet,
 } from "./internal/gen/v1/authorization_pb.ts";
 import { errorMessage, type MaybePromise } from "./api.ts";
 import { ProviderBase, type ProviderBaseOptions } from "./provider.ts";
 import {
+  dateFromTimestamp,
   jsonObjectFromStruct,
   structFromObject,
   timestampFromDate,
@@ -264,9 +284,29 @@ export interface ListActiveModelResourceTypesResponse {
 }
 
 export interface Authorization {
+  checkAccess(request: CheckAccessRequest): Promise<CheckAccessResponse>;
+  checkAccessMany(
+    request: CheckAccessManyRequest,
+  ): Promise<CheckAccessManyResponse>;
   listRelationships(
     request: ListRelationshipsRequest,
   ): Promise<ListRelationshipsResponse>;
+  addRelationship(
+    request: AddRelationshipRequest,
+  ): Promise<AddRelationshipResponse>;
+  deleteRelationship(
+    request: DeleteRelationshipRequest,
+  ): Promise<DeleteRelationshipResponse>;
+  setAuthorizationState(
+    request: SetAuthorizationStateRequest,
+  ): Promise<SetAuthorizationStateResponse>;
+  getActiveModelRef(): Promise<GetActiveModelRefResponse>;
+  setActiveModel(
+    request: SetActiveModelRequest,
+  ): Promise<SetActiveModelResponse>;
+  listActiveModelResourceTypes(
+    request: ListActiveModelResourceTypesRequest,
+  ): Promise<ListActiveModelResourceTypesResponse>;
 }
 
 class AuthorizationImpl implements Authorization {
@@ -283,6 +323,20 @@ class AuthorizationImpl implements Authorization {
     this.client = createClient(AuthorizationProviderService, transport);
   }
 
+  async checkAccess(request: CheckAccessRequest): Promise<CheckAccessResponse> {
+    return checkAccessResponseFromProto(
+      await this.client.checkAccess(checkAccessRequestToProto(request)),
+    );
+  }
+
+  async checkAccessMany(
+    request: CheckAccessManyRequest,
+  ): Promise<CheckAccessManyResponse> {
+    return checkAccessManyResponseFromProto(
+      await this.client.checkAccessMany(checkAccessManyRequestToProto(request)),
+    );
+  }
+
   async listRelationships(
     request: ListRelationshipsRequest,
   ): Promise<ListRelationshipsResponse> {
@@ -290,6 +344,56 @@ class AuthorizationImpl implements Authorization {
       await this.client.listRelationships(listRelationshipsRequestToProto(request)),
     );
   }
+
+  async addRelationship(
+    request: AddRelationshipRequest,
+  ): Promise<AddRelationshipResponse> {
+    return addRelationshipResponseFromProto(
+      await this.client.addRelationship(addRelationshipRequestToProto(request)),
+    );
+  }
+
+  async deleteRelationship(
+    request: DeleteRelationshipRequest,
+  ): Promise<DeleteRelationshipResponse> {
+    return deleteRelationshipResponseFromProto(
+      await this.client.deleteRelationship(deleteRelationshipRequestToProto(request)),
+    );
+  }
+
+  async setAuthorizationState(
+    request: SetAuthorizationStateRequest,
+  ): Promise<SetAuthorizationStateResponse> {
+    return setAuthorizationStateResponseFromProto(
+      await this.client.setAuthorizationState(
+        setAuthorizationStateRequestToProto(request),
+      ),
+    );
+  }
+
+  async getActiveModelRef(): Promise<GetActiveModelRefResponse> {
+    return getActiveModelRefResponseFromProto(
+      await this.client.getActiveModelRef(create(EmptySchema)),
+    );
+  }
+
+  async setActiveModel(
+    request: SetActiveModelRequest,
+  ): Promise<SetActiveModelResponse> {
+    return setActiveModelResponseFromProto(
+      await this.client.setActiveModel(setActiveModelRequestToProto(request)),
+    );
+  }
+
+  async listActiveModelResourceTypes(
+    request: ListActiveModelResourceTypesRequest,
+  ): Promise<ListActiveModelResourceTypesResponse> {
+    return listActiveModelResourceTypesResponseFromProto(
+      await this.client.listActiveModelResourceTypes(
+        listActiveModelResourceTypesRequestToProto(request),
+      ),
+    );
+  }
 }
 
 let sharedAuthorization:
@@ -529,6 +633,30 @@ function checkAccessRequestFromProto(
   };
 }
 
+function checkAccessRequestToProto(value: CheckAccessRequest) {
+  return create(CheckAccessRequestSchema, {
+    subject: subjectToProto(value.subject),
+    action: value.action
+      ? create(ActionSchema, {
+          name: value.action.name ?? "",
+          properties: value.action.properties === undefined
+            ? undefined
+            : structFromObject(value.action.properties),
+        })
+      : undefined,
+    resource: resourceToProto(value.resource),
+  });
+}
+
+function checkAccessResponseFromProto(
+  value: ProtoCheckAccessResponse,
+): CheckAccessResponse {
+  return {
+    allowed: value.allowed,
+    modelId: value.modelId,
+  };
+}
+
 function checkAccessResponseToProto(value: CheckAccessResponse | undefined) {
   if (!value) {
     throw new ConnectError(
@@ -550,6 +678,20 @@ function checkAccessManyRequestFromProto(
   };
 }
 
+function checkAccessManyRequestToProto(value: CheckAccessManyRequest) {
+  return create(CheckAccessManyRequestSchema, {
+    requests: (value.requests ?? []).map(checkAccessRequestToProto),
+  });
+}
+
+function checkAccessManyResponseFromProto(
+  value: ProtoCheckAccessManyResponse,
+): CheckAccessManyResponse {
+  return {
+    decisions: value.decisions.map(checkAccessResponseFromProto),
+  };
+}
+
 function checkAccessManyResponseToProto(
   value: CheckAccessManyResponse | undefined,
 ) {
@@ -616,6 +758,20 @@ function addRelationshipRequestFromProto(
   };
 }
 
+function addRelationshipRequestToProto(value: AddRelationshipRequest) {
+  return create(AddRelationshipRequestSchema, {
+    relationship: relationshipToProto(value.relationship),
+  });
+}
+
+function addRelationshipResponseFromProto(
+  value: ProtoAddRelationshipResponse,
+): AddRelationshipResponse {
+  return {
+    relationship: relationshipFromProto(value.relationship),
+  };
+}
+
 function addRelationshipResponseToProto(
   value: AddRelationshipResponse | undefined,
 ) {
@@ -640,6 +796,18 @@ function deleteRelationshipRequestFromProto(
   };
 }
 
+function deleteRelationshipRequestToProto(value: DeleteRelationshipRequest) {
+  return create(DeleteRelationshipRequestSchema, {
+    relationshipTuple: relationshipTupleToProto(value.relationshipTuple),
+  });
+}
+
+function deleteRelationshipResponseFromProto(
+  _value: ProtoDeleteRelationshipResponse,
+): DeleteRelationshipResponse {
+  return {};
+}
+
 function setAuthorizationStateRequestFromProto(
   value: ProtoSetAuthorizationStateRequest,
 ): SetAuthorizationStateRequest {
@@ -649,6 +817,23 @@ function setAuthorizationStateRequestFromProto(
   };
 }
 
+function setAuthorizationStateRequestToProto(
+  value: SetAuthorizationStateRequest,
+) {
+  return create(SetAuthorizationStateRequestSchema, {
+    model: authorizationModelToProto(value.model),
+    relationships: (value.relationships ?? []).map(relationshipToProtoRequired),
+  });
+}
+
+function setAuthorizationStateResponseFromProto(
+  value: ProtoSetAuthorizationStateResponse,
+): SetAuthorizationStateResponse {
+  return {
+    activeModel: authorizationModelRefFromProto(value.activeModel),
+  };
+}
+
 function setAuthorizationStateResponseToProto(
   value: SetAuthorizationStateResponse | undefined,
 ) {
@@ -665,6 +850,14 @@ function setAuthorizationStateResponseToProto(
   });
 }
 
+function getActiveModelRefResponseFromProto(
+  value: ProtoGetActiveModelRefResponse,
+): GetActiveModelRefResponse {
+  return {
+    model: authorizationModelRefFromProto(value.model),
+  };
+}
+
 function getActiveModelRefResponseToProto(
   value: GetActiveModelRefResponse | undefined,
 ) {
@@ -687,6 +880,20 @@ function setActiveModelRequestFromProto(
   };
 }
 
+function setActiveModelRequestToProto(value: SetActiveModelRequest) {
+  return create(SetActiveModelRequestSchema, {
+    model: authorizationModelToProto(value.model),
+  });
+}
+
+function setActiveModelResponseFromProto(
+  value: ProtoSetActiveModelResponse,
+): SetActiveModelResponse {
+  return {
+    model: authorizationModelRefFromProto(value.model),
+  };
+}
+
 function setActiveModelResponseToProto(value: SetActiveModelResponse | undefined) {
   if (!value) {
     throw new ConnectError(
@@ -714,6 +921,31 @@ function listActiveModelResourceTypesRequestFromProto(
   };
 }
 
+function listActiveModelResourceTypesRequestToProto(
+  value: ListActiveModelResourceTypesRequest,
+) {
+  return create(ListActiveModelResourceTypesRequestSchema, {
+    filter: value.filter
+      ? create(AuthorizationModelResourceTypeFilterSchema, {
+          name: value.filter.name ?? "",
+          sourceLayer: value.filter.sourceLayer ?? SourceLayer.UNSPECIFIED,
+        })
+      : undefined,
+    pageSize: value.pageSize ?? 0,
+    pageToken: value.pageToken ?? "",
+  });
+}
+
+function listActiveModelResourceTypesResponseFromProto(
+  value: ProtoListActiveModelResourceTypesResponse,
+): ListActiveModelResourceTypesResponse {
+  return {
+    resourceTypes: value.resourceTypes.map(authorizationModelResourceTypeFromProto),
+    nextPageToken: value.nextPageToken,
+    modelId: value.modelId,
+  };
+}
+
 function listActiveModelResourceTypesResponseToProto(
   value: ListActiveModelResourceTypesResponse | undefined,
 ) {
@@ -940,6 +1172,19 @@ function authorizationModelFromProto(
   };
 }
 
+function authorizationModelToProto(value: AuthorizationModel | undefined) {
+  if (!value) {
+    return undefined;
+  }
+  return create(AuthorizationModelSchema, {
+    id: value.id ?? "",
+    version: value.version ?? "",
+    resourceTypes: (value.resourceTypes ?? []).map(
+      authorizationModelResourceTypeToProto,
+    ),
+  });
+}
+
 function authorizationModelResourceTypeFromProto(
   value: ProtoAuthorizationModelResourceType,
 ): AuthorizationModelResourceType {
@@ -1027,6 +1272,19 @@ function modelAllowedTargetToProto(value: ModelAllowedTarget) {
   return create(ModelAllowedTargetSchema);
 }
 
+function authorizationModelRefFromProto(
+  value: ProtoGetActiveModelRefResponse["model"] | undefined,
+): AuthorizationModelRef | undefined {
+  if (!value) {
+    return undefined;
+  }
+  return {
+    id: value.id,
+    version: value.version,
+    createdAt: value.createdAt ? dateFromTimestamp(value.createdAt) : undefined,
+  };
+}
+
 function authorizationModelRefToProto(value: AuthorizationModelRef) {
   return create(AuthorizationModelRefSchema, {
     id: value.id ?? "",

package/src/runtime.ts

@@ -75,7 +75,7 @@ import {
 } from "./internal/gen/v1/runtime_pb.ts";
 import { S3 as S3Service } from "./internal/gen/v1/s3_pb.ts";
 import { WorkflowProvider as WorkflowProviderService } from "./internal/gen/v1/workflow_pb.ts";
-import { errorMessage, type OperationResult, type Request } from "./api.ts";
+import { errorMessage, parseSubjectId, type OperationResult, type Request } from "./api.ts";
 import {
   AgentProvider,
   createAgentProviderService,
@@ -835,11 +835,13 @@ function providerRequest(
       id: subject?.id ?? "",
       credentialSubjectId: subject?.credentialSubjectId ?? "",
       email: subject?.email ?? "",
+      kind: subjectKind(subject?.id ?? ""),
     },
     agentSubject: {
       id: agentSubject?.id ?? "",
       credentialSubjectId: agentSubject?.credentialSubjectId ?? "",
       email: agentSubject?.email ?? "",
+      kind: subjectKind(agentSubject?.id ?? ""),
     },
     credential: {
       mode: credential?.mode ?? "",
@@ -864,6 +866,10 @@ function providerRequest(
   };
 }
 
+function subjectKind(subjectID: string): string {
+  return parseSubjectId(subjectID)?.kind ?? "";
+}
+
 function providerRequestToolRefs(
   requestContext?: ProtoRequestContext,
 ): AgentToolRef[] {