@vertesia/common 1.4.0-dev.20260615.051508Z → 1.4.0-dev.20260629.130134Z

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (100) hide show
  1. package/lib/access-control.d.ts +2 -6
  2. package/lib/access-control.d.ts.map +1 -1
  3. package/lib/access-control.js +3 -0
  4. package/lib/access-control.js.map +1 -1
  5. package/lib/apikey.d.ts +4 -5
  6. package/lib/apikey.d.ts.map +1 -1
  7. package/lib/apikey.js.map +1 -1
  8. package/lib/apps.d.ts +15 -275
  9. package/lib/apps.d.ts.map +1 -1
  10. package/lib/apps.js.map +1 -1
  11. package/lib/ask-user.d.ts +29 -1
  12. package/lib/ask-user.d.ts.map +1 -1
  13. package/lib/data-platform.d.ts +33 -121
  14. package/lib/data-platform.d.ts.map +1 -1
  15. package/lib/data-platform.js.map +1 -1
  16. package/lib/environment.d.ts +11 -1
  17. package/lib/environment.d.ts.map +1 -1
  18. package/lib/environment.js.map +1 -1
  19. package/lib/index.d.ts +1 -1
  20. package/lib/index.d.ts.map +1 -1
  21. package/lib/index.js +1 -1
  22. package/lib/index.js.map +1 -1
  23. package/lib/interaction.d.ts +11 -7
  24. package/lib/interaction.d.ts.map +1 -1
  25. package/lib/interaction.js.map +1 -1
  26. package/lib/json-schema.d.ts +1 -1
  27. package/lib/json-schema.d.ts.map +1 -1
  28. package/lib/oauth-scopes.d.ts +5 -0
  29. package/lib/oauth-scopes.d.ts.map +1 -1
  30. package/lib/oauth-scopes.js +10 -1
  31. package/lib/oauth-scopes.js.map +1 -1
  32. package/lib/oauth-server.d.ts +17 -0
  33. package/lib/oauth-server.d.ts.map +1 -1
  34. package/lib/project.d.ts +1 -1
  35. package/lib/project.d.ts.map +1 -1
  36. package/lib/project.js +26 -26
  37. package/lib/project.js.map +1 -1
  38. package/lib/roles/types.d.ts +54 -0
  39. package/lib/roles/types.d.ts.map +1 -0
  40. package/lib/roles/types.js +17 -0
  41. package/lib/roles/types.js.map +1 -0
  42. package/lib/store/agent-approval.d.ts +18 -0
  43. package/lib/store/agent-approval.d.ts.map +1 -0
  44. package/lib/store/agent-approval.js +11 -0
  45. package/lib/store/agent-approval.js.map +1 -0
  46. package/lib/store/agent-run.d.ts +18 -4
  47. package/lib/store/agent-run.d.ts.map +1 -1
  48. package/lib/store/conversation-state.d.ts +54 -30
  49. package/lib/store/conversation-state.d.ts.map +1 -1
  50. package/lib/store/conversation-state.js +0 -3
  51. package/lib/store/conversation-state.js.map +1 -1
  52. package/lib/store/index.d.ts +1 -0
  53. package/lib/store/index.d.ts.map +1 -1
  54. package/lib/store/index.js +1 -0
  55. package/lib/store/index.js.map +1 -1
  56. package/lib/store/signals.d.ts +15 -0
  57. package/lib/store/signals.d.ts.map +1 -1
  58. package/lib/store/workflow.d.ts +41 -2
  59. package/lib/store/workflow.d.ts.map +1 -1
  60. package/lib/store/workflow.js +8 -5
  61. package/lib/store/workflow.js.map +1 -1
  62. package/lib/sts-token-types.d.ts +2 -2
  63. package/lib/sts-token-types.d.ts.map +1 -1
  64. package/lib/transient-tokens.d.ts +2 -2
  65. package/lib/transient-tokens.d.ts.map +1 -1
  66. package/lib/user.d.ts +2 -2
  67. package/lib/user.d.ts.map +1 -1
  68. package/lib/vertesia-common.js +1 -1
  69. package/lib/vertesia-common.js.map +1 -1
  70. package/package.json +7 -6
  71. package/src/access-control.ts +5 -6
  72. package/src/apikey.ts +4 -5
  73. package/src/apps.ts +15 -298
  74. package/src/ask-user.ts +31 -1
  75. package/src/data-platform.ts +35 -129
  76. package/src/environment.ts +12 -1
  77. package/src/index.ts +1 -1
  78. package/src/interaction.ts +13 -7
  79. package/src/json-schema.ts +1 -0
  80. package/src/oauth-scopes.ts +13 -1
  81. package/src/oauth-server.ts +17 -0
  82. package/src/project.ts +8 -8
  83. package/src/roles/types.ts +58 -0
  84. package/src/store/agent-approval.test.ts +18 -0
  85. package/src/store/agent-approval.ts +33 -0
  86. package/src/store/agent-run.ts +20 -3
  87. package/src/store/conversation-state.ts +62 -36
  88. package/src/store/index.ts +1 -0
  89. package/src/store/signals.ts +16 -0
  90. package/src/store/workflow.test.ts +60 -0
  91. package/src/store/workflow.ts +51 -7
  92. package/src/sts-token-types.ts +2 -2
  93. package/src/transient-tokens.ts +2 -2
  94. package/src/user.ts +2 -2
  95. package/lib/roles.d.ts +0 -19
  96. package/lib/roles.d.ts.map +0 -1
  97. package/lib/roles.js +0 -228
  98. package/lib/roles.js.map +0 -1
  99. package/src/roles.test.ts +0 -30
  100. package/src/roles.ts +0 -251
package/lib/roles.js DELETED
@@ -1,228 +0,0 @@
1
- import { Permission } from './access-control.js';
2
- import { ProjectRoles } from './project.js';
3
- export class Role {
4
- name;
5
- permissions;
6
- constructor(name, permissions) {
7
- this.name = name;
8
- this.permissions = new Set(permissions);
9
- }
10
- hasPermission(permission) {
11
- return this.permissions.has(permission);
12
- }
13
- }
14
- export class RoleList {
15
- roles;
16
- constructor(roles) {
17
- this.roles = roles;
18
- }
19
- static fromRoleNames(roleNames) {
20
- const roles = roleNames.map((r) => getRoleByName(r));
21
- return new RoleList(roles);
22
- }
23
- static fromRoleName(roleName) {
24
- const roles = [getRoleByName(roleName)];
25
- return new RoleList(roles);
26
- }
27
- hasPermission(perm) {
28
- return this.roles.some((role) => role.hasPermission(perm));
29
- }
30
- }
31
- class OrgMemberRole extends Role {
32
- name;
33
- constructor(name, permissions) {
34
- super(name, [Permission.account_member, ...permissions]);
35
- this.name = name;
36
- }
37
- }
38
- class OwnerRole extends OrgMemberRole {
39
- constructor() {
40
- super(ProjectRoles.owner, Object.values(Permission));
41
- }
42
- }
43
- class AdminRole extends OrgMemberRole {
44
- constructor() {
45
- super(ProjectRoles.admin, Object.values(Permission));
46
- }
47
- }
48
- class ManagerRole extends OrgMemberRole {
49
- constructor() {
50
- super(ProjectRoles.manager, Object.values(Permission));
51
- this.permissions.delete(Permission.account_admin);
52
- this.permissions.delete(Permission.manage_billing);
53
- this.permissions.delete(Permission.audit_read);
54
- this.permissions.delete(Permission.agent_run_read);
55
- this.permissions.delete(Permission.content_read_all);
56
- this.permissions.delete(Permission.content_superadmin);
57
- this.permissions.delete(Permission.workflow_superadmin);
58
- }
59
- }
60
- class DeveloperRole extends OrgMemberRole {
61
- constructor() {
62
- super(ProjectRoles.developer, Object.values(Permission));
63
- this.permissions.delete(Permission.account_admin);
64
- this.permissions.delete(Permission.project_admin);
65
- this.permissions.delete(Permission.project_settings_write);
66
- this.permissions.delete(Permission.env_admin);
67
- this.permissions.delete(Permission.manage_billing);
68
- this.permissions.delete(Permission.audit_read);
69
- this.permissions.delete(Permission.agent_run_read);
70
- this.permissions.delete(Permission.content_read_all);
71
- this.permissions.delete(Permission.content_superadmin);
72
- this.permissions.delete(Permission.workflow_superadmin);
73
- }
74
- }
75
- class ApplicationRole extends OrgMemberRole {
76
- constructor() {
77
- super(ProjectRoles.application, [
78
- Permission.int_read,
79
- Permission.int_execute,
80
- Permission.int_write,
81
- Permission.run_read,
82
- Permission.content_write,
83
- Permission.content_read,
84
- Permission.content_write,
85
- Permission.content_admin, // required for now as we need to create types
86
- Permission.project_admin,
87
- Permission.workflow_run,
88
- Permission.project_settings_write,
89
- Permission.account_write,
90
- ]);
91
- }
92
- }
93
- class AutomationRole extends OrgMemberRole {
94
- constructor() {
95
- super(ProjectRoles.automation, [
96
- Permission.content_read,
97
- Permission.content_write,
98
- Permission.content_admin,
99
- Permission.int_read,
100
- Permission.int_execute,
101
- Permission.run_read,
102
- Permission.workflow_run,
103
- Permission.project_integration_read,
104
- ]);
105
- }
106
- }
107
- class ContentProcessorRole extends OrgMemberRole {
108
- constructor() {
109
- super(ProjectRoles.content_processor, [
110
- Permission.content_read,
111
- Permission.content_write,
112
- Permission.content_admin,
113
- Permission.content_superadmin,
114
- Permission.int_execute,
115
- Permission.workflow_read,
116
- Permission.workflow_run,
117
- Permission.run_read,
118
- ]);
119
- }
120
- }
121
- class ConsumerRole extends OrgMemberRole {
122
- constructor() {
123
- super(ProjectRoles.consumer, [
124
- Permission.content_admin, // Temporary permission; micro apps will need to create types instead via user roles
125
- Permission.content_read,
126
- Permission.content_write,
127
- Permission.content_delete,
128
- Permission.int_read,
129
- Permission.int_execute,
130
- Permission.run_read,
131
- Permission.workflow_run,
132
- ]);
133
- }
134
- }
135
- class ExecutorRole extends OrgMemberRole {
136
- constructor() {
137
- super(ProjectRoles.executor, [Permission.int_execute, Permission.run_read, Permission.workflow_run]);
138
- }
139
- }
140
- class ReaderRole extends OrgMemberRole {
141
- constructor() {
142
- super(ProjectRoles.reader, [Permission.int_read, Permission.run_read, Permission.content_read]);
143
- }
144
- }
145
- const READ_ONLY_AUDIT_PERMISSIONS = [
146
- Permission.studio_access,
147
- Permission.account_read,
148
- Permission.project_integration_read,
149
- Permission.api_key_read,
150
- Permission.billing_read,
151
- Permission.audit_read,
152
- Permission.int_read,
153
- Permission.run_read,
154
- Permission.content_read,
155
- Permission.content_read_all,
156
- Permission.task_read,
157
- Permission.workflow_read,
158
- Permission.agent_run_read,
159
- ];
160
- class ReadOnlyAuditRole extends OrgMemberRole {
161
- constructor(name) {
162
- super(name, READ_ONLY_AUDIT_PERMISSIONS);
163
- }
164
- }
165
- class BillingRole extends OrgMemberRole {
166
- constructor() {
167
- super(ProjectRoles.billing, [Permission.manage_billing]);
168
- }
169
- }
170
- class AppMemberRole extends OrgMemberRole {
171
- constructor() {
172
- super(ProjectRoles.app_member, [
173
- Permission.int_read,
174
- Permission.int_execute,
175
- Permission.int_write,
176
- Permission.run_read,
177
- Permission.content_write,
178
- Permission.content_read,
179
- Permission.content_delete,
180
- Permission.workflow_run,
181
- ]);
182
- }
183
- }
184
- class ContentSuperAdmin extends DeveloperRole {
185
- constructor() {
186
- super();
187
- this.name = ProjectRoles.content_superadmin;
188
- this.permissions.add(Permission.content_superadmin);
189
- }
190
- }
191
- const roles = {
192
- [ProjectRoles.owner]: new OwnerRole(),
193
- [ProjectRoles.admin]: new AdminRole(),
194
- [ProjectRoles.manager]: new ManagerRole(),
195
- [ProjectRoles.developer]: new DeveloperRole(),
196
- [ProjectRoles.application]: new ApplicationRole(),
197
- [ProjectRoles.automation]: new AutomationRole(),
198
- [ProjectRoles.content_processor]: new ContentProcessorRole(),
199
- [ProjectRoles.consumer]: new ConsumerRole(),
200
- [ProjectRoles.executor]: new ExecutorRole(),
201
- [ProjectRoles.reader]: new ReaderRole(),
202
- [ProjectRoles.auditor]: new ReadOnlyAuditRole(ProjectRoles.auditor),
203
- [ProjectRoles.support]: new ReadOnlyAuditRole(ProjectRoles.support),
204
- [ProjectRoles.billing]: new BillingRole(),
205
- [ProjectRoles.app_member]: new AppMemberRole(),
206
- [ProjectRoles.member]: new OrgMemberRole(ProjectRoles.member, []),
207
- [ProjectRoles.content_superadmin]: new ContentSuperAdmin(),
208
- };
209
- export function getRoleByName(name) {
210
- const role = roles[name];
211
- if (!role)
212
- throw new Error(`Role ${name} not found`);
213
- return role;
214
- }
215
- export function listRoles() {
216
- return Object.values(roles);
217
- }
218
- export function getPermissionsForRoles(roleNames) {
219
- const permissions = new Set();
220
- for (const roleName of roleNames) {
221
- const role = getRoleByName(roleName);
222
- for (const permission of role.permissions) {
223
- permissions.add(permission);
224
- }
225
- }
226
- return Array.from(permissions);
227
- }
228
- //# sourceMappingURL=roles.js.map
package/lib/roles.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"roles.js","sourceRoot":"","sources":["../src/roles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAE5C,MAAM,OAAO,IAAI;IAGF;IAFX,WAAW,CAAkB;IAC7B,YACW,IAAkB,EACzB,WAAyB;QADlB,SAAI,GAAJ,IAAI,CAAc;QAGzB,IAAI,CAAC,WAAW,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAC5C,CAAC;IAED,aAAa,CAAC,UAAsB;QAChC,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC5C,CAAC;CACJ;AAED,MAAM,OAAO,QAAQ;IACmB;IAApC,YAAoC,KAAa;QAAb,UAAK,GAAL,KAAK,CAAQ;IAAG,CAAC;IAErD,MAAM,CAAC,aAAa,CAAC,SAAyB;QAC1C,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;QACrD,OAAO,IAAI,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,MAAM,CAAC,YAAY,CAAC,QAAsB;QACtC,MAAM,KAAK,GAAG,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC;QACxC,OAAO,IAAI,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,aAAa,CAAC,IAAgB;QAC1B,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,CAAC;CACJ;AAED,MAAM,aAAc,SAAQ,IAAI;IAEjB;IADX,YACW,IAAkB,EACzB,WAAyB;QAEzB,KAAK,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,cAAc,EAAE,GAAG,WAAW,CAAC,CAAC,CAAC;QAHlD,SAAI,GAAJ,IAAI,CAAc;IAI7B,CAAC;CACJ;AAED,MAAM,SAAU,SAAQ,aAAa;IACjC;QACI,KAAK,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;IACzD,CAAC;CACJ;AAED,MAAM,SAAU,SAAQ,aAAa;IACjC;QACI,KAAK,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;IACzD,CAAC;CACJ;AAED,MAAM,WAAY,SAAQ,aAAa;IACnC;QACI,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QACvD,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;QAClD,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;QACnD,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;QAC/C,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;QACnD,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;QACrD,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;QACvD,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC;IAC5D,CAAC;CACJ;AAED,MAAM,aAAc,SAAQ,aAAa;IACrC;QACI,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;QAClD,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;QAClD,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,sBAAsB,CAAC,CAAC;QAC3D,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;QACnD,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;QAC/C,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;QACnD,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;QACrD,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;QACvD,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC;IAC5D,CAAC;CACJ;AAED,MAAM,eAAgB,SAAQ,aAAa;IACvC;QACI,KAAK,CAAC,YAAY,CAAC,WAAW,EAAE;YAC5B,UAAU,CAAC,QAAQ;YACnB,UAAU,CAAC,WAAW;YACtB,UAAU,CAAC,SAAS;YACpB,UAAU,CAAC,QAAQ;YACnB,UAAU,CAAC,aAAa;YACxB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,aAAa;YACxB,UAAU,CAAC,aAAa,EAAE,8CAA8C;YACxE,UAAU,CAAC,aAAa;YACxB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,sBAAsB;YACjC,UAAU,CAAC,aAAa;SAC3B,CAAC,CAAC;IACP,CAAC;CACJ;AAED,MAAM,cAAe,SAAQ,aAAa;IACtC;QACI,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE;YAC3B,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,aAAa;YACxB,UAAU,CAAC,aAAa;YACxB,UAAU,CAAC,QAAQ;YACnB,UAAU,CAAC,WAAW;YACtB,UAAU,CAAC,QAAQ;YACnB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,wBAAwB;SACtC,CAAC,CAAC;IACP,CAAC;CACJ;AAED,MAAM,oBAAqB,SAAQ,aAAa;IAC5C;QACI,KAAK,CAAC,YAAY,CAAC,iBAAiB,EAAE;YAClC,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,aAAa;YACxB,UAAU,CAAC,aAAa;YACxB,UAAU,CAAC,kBAAkB;YAC7B,UAAU,CAAC,WAAW;YACtB,UAAU,CAAC,aAAa;YACxB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,QAAQ;SACtB,CAAC,CAAC;IACP,CAAC;CACJ;AAED,MAAM,YAAa,SAAQ,aAAa;IACpC;QACI,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE;YACzB,UAAU,CAAC,aAAa,EAAE,oFAAoF;YAC9G,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,aAAa;YACxB,UAAU,CAAC,cAAc;YACzB,UAAU,CAAC,QAAQ;YACnB,UAAU,CAAC,WAAW;YACtB,UAAU,CAAC,QAAQ;YACnB,UAAU,CAAC,YAAY;SAC1B,CAAC,CAAC;IACP,CAAC;CACJ;AAED,MAAM,YAAa,SAAQ,aAAa;IACpC;QACI,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,UAAU,CAAC,WAAW,EAAE,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;IACzG,CAAC;CACJ;AAED,MAAM,UAAW,SAAQ,aAAa;IAClC;QACI,KAAK,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;IACpG,CAAC;CACJ;AAED,MAAM,2BAA2B,GAAG;IAChC,UAAU,CAAC,aAAa;IACxB,UAAU,CAAC,YAAY;IACvB,UAAU,CAAC,wBAAwB;IACnC,UAAU,CAAC,YAAY;IACvB,UAAU,CAAC,YAAY;IACvB,UAAU,CAAC,UAAU;IACrB,UAAU,CAAC,QAAQ;IACnB,UAAU,CAAC,QAAQ;IACnB,UAAU,CAAC,YAAY;IACvB,UAAU,CAAC,gBAAgB;IAC3B,UAAU,CAAC,SAAS;IACpB,UAAU,CAAC,aAAa;IACxB,UAAU,CAAC,cAAc;CAC5B,CAAC;AAEF,MAAM,iBAAkB,SAAQ,aAAa;IACzC,YAAY,IAAiD;QACzD,KAAK,CAAC,IAAI,EAAE,2BAA2B,CAAC,CAAC;IAC7C,CAAC;CACJ;AAED,MAAM,WAAY,SAAQ,aAAa;IACnC;QACI,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC;IAC7D,CAAC;CACJ;AAED,MAAM,aAAc,SAAQ,aAAa;IACrC;QACI,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE;YAC3B,UAAU,CAAC,QAAQ;YACnB,UAAU,CAAC,WAAW;YACtB,UAAU,CAAC,SAAS;YACpB,UAAU,CAAC,QAAQ;YACnB,UAAU,CAAC,aAAa;YACxB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,cAAc;YACzB,UAAU,CAAC,YAAY;SAC1B,CAAC,CAAC;IACP,CAAC;CACJ;AAED,MAAM,iBAAkB,SAAQ,aAAa;IACzC;QACI,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,IAAI,GAAG,YAAY,CAAC,kBAAkB,CAAC;QAC5C,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;IACxD,CAAC;CACJ;AAED,MAAM,KAAK,GAA+B;IACtC,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,IAAI,SAAS,EAAE;IACrC,CAAC,YAAY,CAAC,KAAK,CAAC,EAAE,IAAI,SAAS,EAAE;IACrC,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,IAAI,WAAW,EAAE;IACzC,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,IAAI,aAAa,EAAE;IAC7C,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE,IAAI,eAAe,EAAE;IACjD,CAAC,YAAY,CAAC,UAAU,CAAC,EAAE,IAAI,cAAc,EAAE;IAC/C,CAAC,YAAY,CAAC,iBAAiB,CAAC,EAAE,IAAI,oBAAoB,EAAE;IAC5D,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,IAAI,YAAY,EAAE;IAC3C,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,IAAI,YAAY,EAAE;IAC3C,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,IAAI,UAAU,EAAE;IACvC,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,IAAI,iBAAiB,CAAC,YAAY,CAAC,OAAO,CAAC;IACnE,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,IAAI,iBAAiB,CAAC,YAAY,CAAC,OAAO,CAAC;IACnE,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,IAAI,WAAW,EAAE;IACzC,CAAC,YAAY,CAAC,UAAU,CAAC,EAAE,IAAI,aAAa,EAAE;IAC9C,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,IAAI,aAAa,CAAC,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC;IACjE,CAAC,YAAY,CAAC,kBAAkB,CAAC,EAAE,IAAI,iBAAiB,EAAE;CAC7D,CAAC;AAEF,MAAM,UAAU,aAAa,CAAC,IAAkB;IAC5C,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;IACzB,IAAI,CAAC,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,QAAQ,IAAI,YAAY,CAAC,CAAC;IACrD,OAAO,IAAI,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,SAAS;IACrB,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,SAAiC;IACpE,MAAM,WAAW,GAAG,IAAI,GAAG,EAAc,CAAC;IAC1C,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;QACrC,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACxC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAChC,CAAC;IACL,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;AACnC,CAAC"}
package/src/roles.test.ts DELETED
@@ -1,30 +0,0 @@
1
- import { describe, expect, test } from 'vitest';
2
- import { Permission } from './access-control.js';
3
- import { ProjectRoles } from './project.js';
4
- import { getPermissionsForRoles, getRoleByName, listRoles } from './roles.js';
5
-
6
- describe('role permission catalog', () => {
7
- test('lists all project roles', () => {
8
- expect(
9
- listRoles()
10
- .map((role) => role.name)
11
- .sort(),
12
- ).toEqual(Object.values(ProjectRoles).sort());
13
- });
14
-
15
- test('derives developer permissions without administrative grants', () => {
16
- const developer = getRoleByName(ProjectRoles.developer);
17
-
18
- expect(developer.hasPermission(Permission.int_read)).toBe(true);
19
- expect(developer.hasPermission(Permission.account_admin)).toBe(false);
20
- expect(developer.hasPermission(Permission.project_admin)).toBe(false);
21
- });
22
-
23
- test('deduplicates permissions across multiple roles', () => {
24
- const permissions = getPermissionsForRoles([ProjectRoles.reader, ProjectRoles.executor]);
25
-
26
- expect(permissions).toContain(Permission.account_member);
27
- expect(permissions).toContain(Permission.content_read);
28
- expect(permissions.filter((permission) => permission === Permission.account_member)).toHaveLength(1);
29
- });
30
- });
package/src/roles.ts DELETED
@@ -1,251 +0,0 @@
1
- import { Permission } from './access-control.js';
2
- import { ProjectRoles } from './project.js';
3
-
4
- export class Role {
5
- permissions: Set<Permission>;
6
- constructor(
7
- public name: ProjectRoles,
8
- permissions: Permission[],
9
- ) {
10
- this.permissions = new Set(permissions);
11
- }
12
-
13
- hasPermission(permission: Permission) {
14
- return this.permissions.has(permission);
15
- }
16
- }
17
-
18
- export class RoleList {
19
- private constructor(public readonly roles: Role[]) {}
20
-
21
- static fromRoleNames(roleNames: ProjectRoles[]): RoleList {
22
- const roles = roleNames.map((r) => getRoleByName(r));
23
- return new RoleList(roles);
24
- }
25
-
26
- static fromRoleName(roleName: ProjectRoles): RoleList {
27
- const roles = [getRoleByName(roleName)];
28
- return new RoleList(roles);
29
- }
30
-
31
- hasPermission(perm: Permission): boolean {
32
- return this.roles.some((role) => role.hasPermission(perm));
33
- }
34
- }
35
-
36
- class OrgMemberRole extends Role {
37
- constructor(
38
- public name: ProjectRoles,
39
- permissions: Permission[],
40
- ) {
41
- super(name, [Permission.account_member, ...permissions]);
42
- }
43
- }
44
-
45
- class OwnerRole extends OrgMemberRole {
46
- constructor() {
47
- super(ProjectRoles.owner, Object.values(Permission));
48
- }
49
- }
50
-
51
- class AdminRole extends OrgMemberRole {
52
- constructor() {
53
- super(ProjectRoles.admin, Object.values(Permission));
54
- }
55
- }
56
-
57
- class ManagerRole extends OrgMemberRole {
58
- constructor() {
59
- super(ProjectRoles.manager, Object.values(Permission));
60
- this.permissions.delete(Permission.account_admin);
61
- this.permissions.delete(Permission.manage_billing);
62
- this.permissions.delete(Permission.audit_read);
63
- this.permissions.delete(Permission.agent_run_read);
64
- this.permissions.delete(Permission.content_read_all);
65
- this.permissions.delete(Permission.content_superadmin);
66
- this.permissions.delete(Permission.workflow_superadmin);
67
- }
68
- }
69
-
70
- class DeveloperRole extends OrgMemberRole {
71
- constructor() {
72
- super(ProjectRoles.developer, Object.values(Permission));
73
- this.permissions.delete(Permission.account_admin);
74
- this.permissions.delete(Permission.project_admin);
75
- this.permissions.delete(Permission.project_settings_write);
76
- this.permissions.delete(Permission.env_admin);
77
- this.permissions.delete(Permission.manage_billing);
78
- this.permissions.delete(Permission.audit_read);
79
- this.permissions.delete(Permission.agent_run_read);
80
- this.permissions.delete(Permission.content_read_all);
81
- this.permissions.delete(Permission.content_superadmin);
82
- this.permissions.delete(Permission.workflow_superadmin);
83
- }
84
- }
85
-
86
- class ApplicationRole extends OrgMemberRole {
87
- constructor() {
88
- super(ProjectRoles.application, [
89
- Permission.int_read,
90
- Permission.int_execute,
91
- Permission.int_write,
92
- Permission.run_read,
93
- Permission.content_write,
94
- Permission.content_read,
95
- Permission.content_write,
96
- Permission.content_admin, // required for now as we need to create types
97
- Permission.project_admin,
98
- Permission.workflow_run,
99
- Permission.project_settings_write,
100
- Permission.account_write,
101
- ]);
102
- }
103
- }
104
-
105
- class AutomationRole extends OrgMemberRole {
106
- constructor() {
107
- super(ProjectRoles.automation, [
108
- Permission.content_read,
109
- Permission.content_write,
110
- Permission.content_admin,
111
- Permission.int_read,
112
- Permission.int_execute,
113
- Permission.run_read,
114
- Permission.workflow_run,
115
- Permission.project_integration_read,
116
- ]);
117
- }
118
- }
119
-
120
- class ContentProcessorRole extends OrgMemberRole {
121
- constructor() {
122
- super(ProjectRoles.content_processor, [
123
- Permission.content_read,
124
- Permission.content_write,
125
- Permission.content_admin,
126
- Permission.content_superadmin,
127
- Permission.int_execute,
128
- Permission.workflow_read,
129
- Permission.workflow_run,
130
- Permission.run_read,
131
- ]);
132
- }
133
- }
134
-
135
- class ConsumerRole extends OrgMemberRole {
136
- constructor() {
137
- super(ProjectRoles.consumer, [
138
- Permission.content_admin, // Temporary permission; micro apps will need to create types instead via user roles
139
- Permission.content_read,
140
- Permission.content_write,
141
- Permission.content_delete,
142
- Permission.int_read,
143
- Permission.int_execute,
144
- Permission.run_read,
145
- Permission.workflow_run,
146
- ]);
147
- }
148
- }
149
-
150
- class ExecutorRole extends OrgMemberRole {
151
- constructor() {
152
- super(ProjectRoles.executor, [Permission.int_execute, Permission.run_read, Permission.workflow_run]);
153
- }
154
- }
155
-
156
- class ReaderRole extends OrgMemberRole {
157
- constructor() {
158
- super(ProjectRoles.reader, [Permission.int_read, Permission.run_read, Permission.content_read]);
159
- }
160
- }
161
-
162
- const READ_ONLY_AUDIT_PERMISSIONS = [
163
- Permission.studio_access,
164
- Permission.account_read,
165
- Permission.project_integration_read,
166
- Permission.api_key_read,
167
- Permission.billing_read,
168
- Permission.audit_read,
169
- Permission.int_read,
170
- Permission.run_read,
171
- Permission.content_read,
172
- Permission.content_read_all,
173
- Permission.task_read,
174
- Permission.workflow_read,
175
- Permission.agent_run_read,
176
- ];
177
-
178
- class ReadOnlyAuditRole extends OrgMemberRole {
179
- constructor(name: ProjectRoles.auditor | ProjectRoles.support) {
180
- super(name, READ_ONLY_AUDIT_PERMISSIONS);
181
- }
182
- }
183
-
184
- class BillingRole extends OrgMemberRole {
185
- constructor() {
186
- super(ProjectRoles.billing, [Permission.manage_billing]);
187
- }
188
- }
189
-
190
- class AppMemberRole extends OrgMemberRole {
191
- constructor() {
192
- super(ProjectRoles.app_member, [
193
- Permission.int_read,
194
- Permission.int_execute,
195
- Permission.int_write,
196
- Permission.run_read,
197
- Permission.content_write,
198
- Permission.content_read,
199
- Permission.content_delete,
200
- Permission.workflow_run,
201
- ]);
202
- }
203
- }
204
-
205
- class ContentSuperAdmin extends DeveloperRole {
206
- constructor() {
207
- super();
208
- this.name = ProjectRoles.content_superadmin;
209
- this.permissions.add(Permission.content_superadmin);
210
- }
211
- }
212
-
213
- const roles: Record<ProjectRoles, Role> = {
214
- [ProjectRoles.owner]: new OwnerRole(),
215
- [ProjectRoles.admin]: new AdminRole(),
216
- [ProjectRoles.manager]: new ManagerRole(),
217
- [ProjectRoles.developer]: new DeveloperRole(),
218
- [ProjectRoles.application]: new ApplicationRole(),
219
- [ProjectRoles.automation]: new AutomationRole(),
220
- [ProjectRoles.content_processor]: new ContentProcessorRole(),
221
- [ProjectRoles.consumer]: new ConsumerRole(),
222
- [ProjectRoles.executor]: new ExecutorRole(),
223
- [ProjectRoles.reader]: new ReaderRole(),
224
- [ProjectRoles.auditor]: new ReadOnlyAuditRole(ProjectRoles.auditor),
225
- [ProjectRoles.support]: new ReadOnlyAuditRole(ProjectRoles.support),
226
- [ProjectRoles.billing]: new BillingRole(),
227
- [ProjectRoles.app_member]: new AppMemberRole(),
228
- [ProjectRoles.member]: new OrgMemberRole(ProjectRoles.member, []),
229
- [ProjectRoles.content_superadmin]: new ContentSuperAdmin(),
230
- };
231
-
232
- export function getRoleByName(name: ProjectRoles): Role {
233
- const role = roles[name];
234
- if (!role) throw new Error(`Role ${name} not found`);
235
- return role;
236
- }
237
-
238
- export function listRoles(): Role[] {
239
- return Object.values(roles);
240
- }
241
-
242
- export function getPermissionsForRoles(roleNames: Iterable<ProjectRoles>): Permission[] {
243
- const permissions = new Set<Permission>();
244
- for (const roleName of roleNames) {
245
- const role = getRoleByName(roleName);
246
- for (const permission of role.permissions) {
247
- permissions.add(permission);
248
- }
249
- }
250
- return Array.from(permissions);
251
- }