@via-profit/ability 3.3.0 → 3.4.1

package/README.md

@@ -526,17 +526,6 @@ order.total
 | **contains** | `includes`, `has`         | `tags contains 'vip'` | Array contains the element | array |
 | **not contains** | `not includes`, `not has` | `tags not contains 'vip'` | Array does not contain the element | array |
 
-**String Operators**
-
-| DSL Operator | Synonyms | Example | Description | Types |
-|--------------|----------|---------|-------------|-------|
-| **starts with** | `begins with` | `email starts with 'admin@'` | String starts with | string |
-| **not starts with** | — | `email not starts with 'test'` | String does not start with | string |
-| **ends with** | — | `email ends with '.ru'` | String ends with | string |
-| **not ends with** | — | `email not ends with '.com'` | String does not end with | string |
-| **includes** | `contains substring` | `name includes 'lex'` | String contains substring | string |
-| **not includes** | — | `name not includes 'test'` | String does not contain substring | string |
-
 **Boolean Operators**
 
 | DSL Operator | Synonyms | Example | Description | Types |
@@ -552,6 +541,34 @@ order.total
 | **length greater than** | `len >` | `tags length greater than 2` | Length greater than | array, string |
 | **length less than** | `len <` | `tags length less than 5` | Length less than | array, string |
 
+Here is the English version, keeping the structure and tone consistent with your documentation style.
+
+**Special Operators**
+
+| DSL Operator | Synonyms | Example | Description | Types |
+|--------------|----------|---------|-------------|--------|
+| **always** | — | `always` | The condition is always true. Used for global allow rules or simplifying logic. | special operator |
+| **never** | — | `never` | The condition is always false. Used for global deny rules or disabling a rule. | special operator |
+
+
+**always**
+An operator that always returns `true`.  
+Used for:
+
+- global allow (`permit permission.* if all: always`)
+- testing
+- disabling complex conditions
+- creating fallback rules
+
+**never**
+An operator that always returns `false`.  
+Used for:
+
+- global deny (`deny permission.* if all: never`)
+- temporarily disabling a rule
+- explicit unconditional rejection
+
+
 #### Value
 
 Supported values:

package/dist/core/AbilityCondition.d.ts

@@ -1,6 +1,6 @@
 import AbilityCode from './AbilityCode';
-export type AbilityConditionCodeType = '=' | '<>' | '>' | '<' | '>=' | '<=' | 'in' | 'not in' | 'contains' | 'not contains' | 'length greater than' | 'length less than' | 'length equals';
-export type AbilityConditionLiteralType = 'equals' | 'not_equals' | 'contains' | 'no_contains' | 'in' | 'not_in' | 'greater_than' | 'less_than' | 'less_or_equal' | 'greater_or_equal' | 'length_greater_than' | 'length_less_than' | 'length_equals';
+export type AbilityConditionCodeType = '=' | '<>' | '>' | '<' | '>=' | '<=' | 'in' | 'not in' | 'contains' | 'not contains' | 'length greater than' | 'length less than' | 'length equals' | 'always' | 'never';
+export type AbilityConditionLiteralType = 'equals' | 'not_equals' | 'contains' | 'not_contains' | 'in' | 'not_in' | 'greater_than' | 'less_than' | 'less_or_equal' | 'greater_or_equal' | 'length_greater_than' | 'length_less_than' | 'length_equals' | 'always' | 'never';
 export declare class AbilityCondition extends AbilityCode<AbilityConditionCodeType> {
     static equals: AbilityCondition;
     static not_equals: AbilityCondition;
@@ -15,6 +15,8 @@ export declare class AbilityCondition extends AbilityCode<AbilityConditionCodeTy
     static length_greater_than: AbilityCondition;
     static length_less_than: AbilityCondition;
     static length_equals: AbilityCondition;
+    static always: AbilityCondition;
+    static never: AbilityCondition;
     static fromLiteral(literal: AbilityConditionLiteralType): AbilityCondition;
     get literal(): AbilityConditionLiteralType;
 }

package/dist/core/AbilityError.d.ts

@@ -1,6 +1,6 @@
 export declare class AbilityError extends Error {
-    constructor(message: string);
+    constructor(message: string, options?: ErrorOptions);
 }
 export declare class AbilityParserError extends Error {
-    constructor(message: string);
+    constructor(message: string, options?: ErrorOptions);
 }

package/dist/core/AbilityRule.d.ts

@@ -1,5 +1,5 @@
 import AbilityMatch from './AbilityMatch';
-import AbilityCondition, { AbilityConditionCodeType } from './AbilityCondition';
+import { AbilityCondition, AbilityConditionCodeType } from './AbilityCondition';
 export type AbilityRuleConfig = {
     readonly id?: string | null;
     readonly name?: string | null;
@@ -42,6 +42,11 @@ export declare class AbilityRule<Resources extends object = object, Environment
      * @param params
      */
     constructor(params: AbilityRuleConstructorProps);
+    private isPrimitive;
+    private isNumber;
+    private isString;
+    private valueLen;
+    private operatorHandlers;
     /**
      * Check if the rule is matched
      * @param resource - The resource to check

package/dist/index.js

@@ -22,69 +22,116 @@ class AbilityCompare extends AbilityCode {
 }
 
 class AbilityError extends Error {
-    constructor(message) {
-        super(message);
+    constructor(message, options) {
+        super(message, options);
+        this.name = 'AbilityError';
+        if (Error.captureStackTrace) {
+            Error.captureStackTrace(this, this.constructor);
+        }
     }
 }
 class AbilityParserError extends Error {
-    constructor(message) {
-        super(message);
+    constructor(message, options) {
+        super(message, options);
+        this.name = 'AbilityParserError';
+        if (Error.captureStackTrace) {
+            Error.captureStackTrace(this, this.constructor);
+        }
     }
 }
 
 class AbilityCondition extends AbilityCode {
-    static equals = new AbilityCondition('=');
-    static not_equals = new AbilityCondition('<>');
-    static greater_than = new AbilityCondition('>');
-    static less_than = new AbilityCondition('<');
-    static less_or_equal = new AbilityCondition('<=');
-    static greater_or_equal = new AbilityCondition('>=');
-    static in = new AbilityCondition('in');
-    static not_in = new AbilityCondition('not in');
-    static contains = new AbilityCondition('contains');
-    static not_contains = new AbilityCondition('not contains');
-    static length_greater_than = new AbilityCondition('length greater than');
-    static length_less_than = new AbilityCondition('length less than');
-    static length_equals = new AbilityCondition('length equals');
+    static equals;
+    static not_equals;
+    static greater_than;
+    static less_than;
+    static less_or_equal;
+    static greater_or_equal;
+    static in;
+    static not_in;
+    static contains;
+    static not_contains;
+    static length_greater_than;
+    static length_less_than;
+    static length_equals;
+    static always;
+    static never;
+    static {
+        this.equals = new AbilityCondition('=');
+        this.not_equals = new AbilityCondition('<>');
+        this.greater_than = new AbilityCondition('>');
+        this.less_than = new AbilityCondition('<');
+        this.less_or_equal = new AbilityCondition('<=');
+        this.greater_or_equal = new AbilityCondition('>=');
+        this.in = new AbilityCondition('in');
+        this.not_in = new AbilityCondition('not in');
+        this.contains = new AbilityCondition('contains');
+        this.not_contains = new AbilityCondition('not contains');
+        this.length_greater_than = new AbilityCondition('length greater than');
+        this.length_less_than = new AbilityCondition('length less than');
+        this.length_equals = new AbilityCondition('length equals');
+        this.always = new AbilityCondition('always');
+        this.never = new AbilityCondition('never');
+    }
     static fromLiteral(literal) {
-        switch (literal) {
-            case 'equals':
-                return this.equals;
-            case 'not_equals':
-                return this.not_equals;
-            case 'greater_than':
-                return this.greater_than;
-            case 'less_than':
-                return this.less_than;
-            case 'less_or_equal':
-                return this.less_or_equal;
-            case 'greater_or_equal':
-                return this.greater_or_equal;
-            case 'contains':
-                return this.contains;
-            case 'no_contains':
-                return this.not_contains;
-            case 'in':
-                return this.in;
-            case 'not_in':
-                return this.not_in;
-            case 'length_greater_than':
-                return this.length_greater_than;
-            case 'length_equals':
-                return this.length_equals;
-            default:
-                throw new AbilityParserError(`Literal ${literal} does not found in AbilityCondition class`);
+        const map = {
+            equals: this.equals,
+            not_equals: this.not_equals,
+            greater_than: this.greater_than,
+            less_than: this.less_than,
+            less_or_equal: this.less_or_equal,
+            greater_or_equal: this.greater_or_equal,
+            in: this.in,
+            not_in: this.not_in,
+            contains: this.contains,
+            not_contains: this.not_contains,
+            length_greater_than: this.length_greater_than,
+            length_equals: this.length_equals,
+            always: this.always,
+            never: this.never,
+            length_less_than: this.length_less_than,
+        };
+        const condition = map[literal];
+        if (!condition) {
+            throw new AbilityParserError(`Literal "${literal}" does not found in AbilityCondition class`);
         }
+        return condition;
     }
     get literal() {
-        const literal = Object.keys(AbilityCondition).find(member => {
-            const val = AbilityCondition[member];
-            return val.code === this.code;
-        });
-        if (typeof literal === 'undefined') {
-            throw new Error(`Literal value does not found in class AbilityCondition`);
+        switch (this.code) {
+            case '=':
+                return 'equals';
+            case '<>':
+                return 'not_equals';
+            case '>':
+                return 'greater_than';
+            case '<':
+                return 'less_than';
+            case '>=':
+                return 'greater_or_equal';
+            case '<=':
+                return 'less_or_equal';
+            case 'in':
+                return 'in';
+            case 'not in':
+                return 'not_in';
+            case 'contains':
+                return 'contains';
+            case 'not contains':
+                return 'not_contains';
+            case 'length greater than':
+                return 'length_greater_than';
+            case 'length less than':
+                return 'length_less_than';
+            case 'length equals':
+                return 'length_equals';
+            case 'always':
+                return 'always';
+            case 'never':
+                return 'never';
+            default:
+                throw new Error(`Unknown condition code: ${this.code}`);
         }
-        return literal;
     }
 }
 
@@ -618,145 +665,122 @@ class AbilityRule {
         this.resource = resource;
         this.condition = condition;
     }
-    /**
-     * Check if the rule is matched
-     * @param resource - The resource to check
-     * @param environment
-     */
-    async check(resource, environment) {
-        let is = false;
-        const [subjectValue, resourceValue] = this.extractValues(resource, environment);
-        const isValue = (v) => typeof v === 'string' || typeof v === 'number' || typeof v === 'boolean' || v === null;
-        // equals
-        if (AbilityCondition.equals.isEqual(this.condition)) {
-            is = subjectValue === resourceValue;
-        }
-        // not equals
-        if (AbilityCondition.not_equals.isEqual(this.condition)) {
-            is = subjectValue !== resourceValue;
-        }
-        // less than
-        if (AbilityCondition.less_than.isEqual(this.condition)) {
-            if (typeof subjectValue === 'number' && typeof resourceValue === 'number') {
-                is = subjectValue < resourceValue;
-            }
-        }
-        // less or equal
-        if (AbilityCondition.less_or_equal.isEqual(this.condition)) {
-            if (typeof subjectValue === 'number' && typeof resourceValue === 'number') {
-                is = subjectValue <= resourceValue;
-            }
-        }
-        // more than
-        if (AbilityCondition.greater_than.isEqual(this.condition)) {
-            if (typeof subjectValue === 'number' && typeof resourceValue === 'number') {
-                is = subjectValue > resourceValue;
-            }
-        }
-        // more or equal
-        if (AbilityCondition.greater_or_equal.isEqual(this.condition)) {
-            if (typeof subjectValue === 'number' && typeof resourceValue === 'number') {
-                is = subjectValue >= resourceValue;
-            }
-        }
-        // in
-        if (AbilityCondition.in.isEqual(this.condition)) {
-            // value in array
-            if (isValue(subjectValue) && Array.isArray(resourceValue)) {
-                is = resourceValue.includes(subjectValue);
-            }
-            // array intersects array
-            else if (Array.isArray(subjectValue) && Array.isArray(resourceValue)) {
-                is = subjectValue.some(v => resourceValue.includes(v));
-            }
-        }
-        // not in
-        if (AbilityCondition.not_in.isEqual(this.condition)) {
-            if (isValue(subjectValue) && Array.isArray(resourceValue)) {
-                is = !resourceValue.includes(subjectValue);
-            }
-            else if (Array.isArray(subjectValue) && Array.isArray(resourceValue)) {
-                is = !subjectValue.some(v => resourceValue.includes(v));
-            }
-        }
-        // contains
-        if (AbilityCondition.contains.isEqual(this.condition)) {
-            // array contains value
-            if (Array.isArray(subjectValue) && isValue(resourceValue)) {
-                is = subjectValue.includes(resourceValue);
-            }
-            // array intersects array
-            else if (Array.isArray(subjectValue) && Array.isArray(resourceValue)) {
-                is = subjectValue.some(v => resourceValue.includes(v));
+    isPrimitive(v) {
+        return typeof v === 'string' || typeof v === 'number' || typeof v === 'boolean' || v === null;
+    }
+    isNumber(v) {
+        return typeof v === 'number';
+    }
+    isString(v) {
+        return typeof v === 'string';
+    }
+    valueLen = (v) => this.isString(v) || Array.isArray(v) ? v.length : null;
+    operatorHandlers = {
+        [AbilityCondition.always.literal]: () => true,
+        [AbilityCondition.never.literal]: () => false,
+        [AbilityCondition.equals.literal]: (a, b) => a === b,
+        [AbilityCondition.not_equals.literal]: (a, b) => a !== b,
+        [AbilityCondition.contains.literal]: (a, b) => {
+            if (Array.isArray(a) && this.isPrimitive(b)) {
+                return a.includes(b);
             }
-        }
-        // not contains
-        if (AbilityCondition.not_contains.isEqual(this.condition)) {
-            if (Array.isArray(subjectValue) && isValue(resourceValue)) {
-                is = !subjectValue.includes(resourceValue);
+            if (Array.isArray(a) && Array.isArray(b)) {
+                return a.some(v => b.includes(v));
             }
-            else if (Array.isArray(subjectValue) && Array.isArray(resourceValue)) {
-                is = !subjectValue.some(v => resourceValue.includes(v));
+            return false;
+        },
+        [AbilityCondition.not_contains.literal]: (a, b) => {
+            if (Array.isArray(a) && this.isPrimitive(b)) {
+                return !a.includes(b);
             }
-        }
-        // length equals
-        if (AbilityCondition.length_equals.isEqual(this.condition)) {
-            // foo.bar == n
-            if (isValue(subjectValue) && typeof resourceValue === 'number') {
-                is = String(subjectValue).length === resourceValue;
+            if (Array.isArray(a) && Array.isArray(b)) {
+                return !a.some(v => b.includes(v));
             }
-            // ['foo', 'bar'] = n
-            else if (Array.isArray(subjectValue) && typeof resourceValue === 'number') {
-                is = subjectValue.length === resourceValue;
+            return false;
+        },
+        [AbilityCondition.in.literal]: (a, b) => {
+            if (this.isPrimitive(a) && Array.isArray(b)) {
+                return b.includes(a);
             }
-            // ['foo', 'bar'] = ['baz', 'taz']
-            else if (Array.isArray(subjectValue) && Array.isArray(resourceValue)) {
-                is = subjectValue.length === resourceValue.length;
+            if (Array.isArray(a) && Array.isArray(b)) {
+                return a.some(v => b.includes(v));
             }
-            // 'foo' = 'bar'
-            else if (typeof subjectValue === 'string' && typeof resourceValue === 'string') {
-                is = subjectValue.length === resourceValue.length;
+            return false;
+        },
+        [AbilityCondition.not_in.literal]: (a, b) => {
+            if (this.isPrimitive(a) && Array.isArray(b)) {
+                return !b.includes(a);
             }
-        }
-        // length greater than
-        if (AbilityCondition.length_greater_than.isEqual(this.condition)) {
-            // foo.bar > n
-            if (isValue(subjectValue) && typeof resourceValue === 'number') {
-                is = String(subjectValue).length > resourceValue;
+            if (Array.isArray(a) && Array.isArray(b)) {
+                return !a.some(v => b.includes(v));
             }
-            // ['foo', 'bar'] > n
-            else if (Array.isArray(subjectValue) && typeof resourceValue === 'number') {
-                is = subjectValue.length > resourceValue;
+            return false;
+        },
+        [AbilityCondition.greater_than.literal]: (a, b) => {
+            return this.isNumber(a) && this.isNumber(b) ? a > b : false;
+        },
+        [AbilityCondition.less_than.literal]: (a, b) => {
+            return this.isNumber(a) && this.isNumber(b) ? a < b : false;
+        },
+        [AbilityCondition.greater_or_equal.literal]: (a, b) => {
+            return this.isNumber(a) && this.isNumber(b) ? a >= b : false;
+        },
+        [AbilityCondition.less_or_equal.literal]: (a, b) => {
+            return this.isNumber(a) && this.isNumber(b) ? a <= b : false;
+        },
+        [AbilityCondition.length_greater_than.literal]: (a, b) => {
+            const alen = this.valueLen(a);
+            if (alen === null) {
+                return false;
+            }
+            if (this.isNumber(b)) {
+                return alen > b;
+            }
+            const bLen = this.valueLen(b);
+            if (bLen !== null) {
+                return alen > bLen;
             }
-            // ['foo', 'bar'] > ['baz', 'taz']
-            else if (Array.isArray(subjectValue) && Array.isArray(resourceValue)) {
-                is = subjectValue.length > resourceValue.length;
+            return false;
+        },
+        [AbilityCondition.length_less_than.literal]: (a, b) => {
+            const alen = this.valueLen(a);
+            if (alen === null) {
+                return false;
             }
-            // 'foo' > 'bar'
-            else if (typeof subjectValue === 'string' && typeof resourceValue === 'string') {
-                is = subjectValue.length > resourceValue.length;
+            if (this.isNumber(b)) {
+                return alen < b;
             }
-        }
-        // length greater than
-        if (AbilityCondition.length_less_than.isEqual(this.condition)) {
-            // foo.bar < n
-            if (isValue(subjectValue) && typeof resourceValue === 'number') {
-                is = String(subjectValue).length < resourceValue;
+            const bLen = this.valueLen(b);
+            if (bLen !== null) {
+                return alen < bLen;
             }
-            // ['foo', 'bar'] < n
-            else if (Array.isArray(subjectValue) && typeof resourceValue === 'number') {
-                is = subjectValue.length < resourceValue;
+            return false;
+        },
+        [AbilityCondition.length_equals.literal]: (a, b) => {
+            const alen = this.valueLen(a);
+            if (alen === null) {
+                return false;
             }
-            // ['foo', 'bar'] < ['baz', 'taz']
-            else if (Array.isArray(subjectValue) && Array.isArray(resourceValue)) {
-                is = subjectValue.length < resourceValue.length;
+            if (this.isNumber(b)) {
+                return alen === b;
             }
-            // 'foo' < 'bar'
-            else if (typeof subjectValue === 'string' && typeof resourceValue === 'string') {
-                is = subjectValue.length < resourceValue.length;
+            const bLen = this.valueLen(b);
+            if (bLen !== null) {
+                return alen === bLen;
             }
-        }
-        this.state = is ? AbilityMatch.match : AbilityMatch.mismatch;
+            return false;
+        },
+    };
+    /**
+     * Check if the rule is matched
+     * @param resource - The resource to check
+     * @param environment
+     */
+    async check(resource, environment) {
+        const [subjectValue, resourceValue] = this.extractValues(resource, environment);
+        const handler = this.operatorHandlers[this.condition.literal];
+        const result = handler(subjectValue, resourceValue);
+        this.state = result ? AbilityMatch.match : AbilityMatch.mismatch;
         return this.state;
     }
     /**
@@ -1221,6 +1245,8 @@ class AbilityDSLToken extends AbilityCode {
     static LEN_LT = 'LEN_LT';
     static LEN_EQ = 'LEN_EQ';
     static NOT_EQ = 'NOT_EQ';
+    static ALWAYS = 'ALWAYS';
+    static NEVER = 'NEVER';
     static STRING = 'STRING';
     static NUMBER = 'NUMBER';
     static BOOLEAN = 'BOOLEAN';
@@ -1263,6 +1289,8 @@ class AbilityDSLLexer {
         'is',
         'or',
         'than',
+        'always',
+        'never',
     ]);
     constructor(input) {
         this.input = input;
@@ -1408,6 +1436,12 @@ class AbilityDSLLexer {
             }
         }
         const word = this.input.slice(start, this.pos);
+        if (word === 'always') {
+            return new AbilityDSLToken(AbilityDSLToken.ALWAYS, word, startLine, startColumn);
+        }
+        if (word === 'never') {
+            return new AbilityDSLToken(AbilityDSLToken.NEVER, word, startLine, startColumn);
+        }
         // Если есть точка — это путь (identifier или permission)
         if (word.includes('.')) {
             const last = this.tokens[this.tokens.length - 1];
@@ -1670,7 +1704,9 @@ class AbilityDSLParser {
                 if (this.isStartOfGroup() || this.isStartOfPolicy()) {
                     break;
                 }
-                if (this.check(AbilityDSLToken.IDENTIFIER)) {
+                if (this.check(AbilityDSLToken.IDENTIFIER) ||
+                    this.check(AbilityDSLToken.ALWAYS) ||
+                    this.check(AbilityDSLToken.NEVER)) {
                     group.addRule(this.parseRule());
                 }
                 else {
@@ -1687,7 +1723,7 @@ class AbilityDSLParser {
     parseGroup() {
         this.consumeLeadingComments();
         const meta = this.takeAnnotations();
-        const compareToken = this.consumeOneOf([AbilityDSLToken.ALL, AbilityDSLToken.ANY], 'Expected "all" or "any"');
+        const compareToken = this.consumeOneOf([AbilityDSLToken.ALL, AbilityDSLToken.ANY, AbilityDSLToken.ALWAYS, AbilityDSLToken.NEVER], 'Expected "all" or "any" or "always" or "never"');
         const compareMethod = compareToken.code === AbilityDSLToken.ALL ? AbilityCompare.and : AbilityCompare.or;
         if (this.check(AbilityDSLToken.OF)) {
             this.advance();
@@ -1717,11 +1753,26 @@ class AbilityDSLParser {
     parseRule() {
         this.consumeLeadingComments();
         const meta = this.takeAnnotations();
-        if (!this.check(AbilityDSLToken.IDENTIFIER)) {
-            this.syntaxError(`Expected identifier, got ${this.peek().code}`, this.peek());
+        // if (this.check(AbilityDSLToken.ALWAYS) || this.check(AbilityDSLToken.NEVER)) {
+        //   // Checking that there are no extra tokens after the value
+        //   // (skip comments)
+        //   this.consumeLeadingComments();
+        //   const specOperator = this.consume();
+        //   // return new AbilityRule({
+        //   //   subject: '',
+        //   //   resource,
+        //   //   condition,
+        //   //   name: meta.name,
+        //   // });
+        // }
+        const isNeverAlways = this.check(AbilityDSLToken.ALWAYS) || this.check(AbilityDSLToken.NEVER);
+        if (!isNeverAlways && !this.check(AbilityDSLToken.IDENTIFIER)) {
+            this.syntaxError(`Expected identifier, but got ${this.peek().code}`, this.peek());
         }
         // Subject (e.g., "user.roles")
-        const subject = this.consume(AbilityDSLToken.IDENTIFIER, 'Expected field').value;
+        const subject = isNeverAlways
+            ? ''
+            : this.consume(AbilityDSLToken.IDENTIFIER, 'Expected field').value;
         // Operator (e.g., "contains", "equals", "is not null")
         const { condition, operator } = this.parseConditionOperator();
         let resource;
@@ -1729,7 +1780,9 @@ class AbilityDSLParser {
         // Special operators that don't consume a value token.
         if (operator === AbilityDSLToken.EQ_NULL ||
             operator === AbilityDSLToken.NOT_EQ_NULL ||
-            operator === AbilityDSLToken.NULL) {
+            operator === AbilityDSLToken.NULL ||
+            operator === AbilityDSLToken.ALWAYS ||
+            operator === AbilityDSLToken.NEVER) {
             resource = null;
         }
         else {
@@ -1761,6 +1814,16 @@ class AbilityDSLParser {
      */
     parseConditionOperator() {
         const savedPos = this.pos;
+        // "always"
+        if (this.matchWord('always')) {
+            return { condition: AbilityCondition.always, operator: AbilityDSLToken.ALWAYS };
+        }
+        this.pos = savedPos;
+        // "never"
+        if (this.matchWord('never')) {
+            return { condition: AbilityCondition.never, operator: AbilityDSLToken.NEVER };
+        }
+        this.pos = savedPos;
         // "length equals"
         if (this.matchWord('length') && this.matchWord('equals')) {
             return { condition: AbilityCondition.length_equals, operator: AbilityDSLToken.LEN_EQ };
@@ -1956,7 +2019,10 @@ class AbilityDSLParser {
             return false;
         }
         const token = this.peek();
-        if ((token.code === AbilityDSLToken.KEYWORD || token.code === AbilityDSLToken.IDENTIFIER) &&
+        if ((token.code === AbilityDSLToken.KEYWORD ||
+            token.code === AbilityDSLToken.IDENTIFIER ||
+            token.code === AbilityDSLToken.ALWAYS ||
+            token.code === AbilityDSLToken.NEVER) &&
             token.value === word) {
             this.advance();
             return true;
@@ -2101,9 +2167,6 @@ class AbilityDSLParser {
         }
         throw new AbilityDSLSyntaxError(token.line, token.column, context + '\n', finalDetails);
     }
-    getLine(lineNumber) {
-        return this.dsl.split(/\r?\n/)[lineNumber - 1] ?? '';
-    }
     suggest(actual, expectedTypes) {
         const candidates = [];
         for (const type of expectedTypes) {

package/dist/parsers/dsl/AbilityDSLParser.d.ts

@@ -72,7 +72,6 @@ export declare class AbilityDSLParser<Resource extends ResourceObject = Record<s
     private processCommentToken;
     private takeAnnotations;
     private syntaxError;
-    private getLine;
     private suggest;
     private levenshteinDistance;
     private consumeOneOf;

package/dist/parsers/dsl/AbilityDSLToken.d.ts

@@ -1,5 +1,5 @@
 import AbilityCode from '../../core/AbilityCode';
-export type TokenType = 'EFFECT' | 'IF' | 'PERMISSION' | 'IDENTIFIER' | 'COLON' | 'COMMA' | 'DOT' | 'LBRACKET' | 'RBRACKET' | 'ALL' | 'ANY' | 'OF' | 'EOF' | 'COMMENT' | 'EQ' | 'CONTAINS' | 'IN' | 'NOT_IN' | 'NOT_CONTAINS' | 'GT' | 'GTE' | 'LT' | 'LTE' | 'NULL' | 'EQ_NULL' | 'NOT_EQ_NULL' | 'NOT_EQ' | 'LEN_GT' | 'LEN_LT' | 'LEN_EQ' | 'STRING' | 'NUMBER' | 'BOOLEAN' | 'SYMBOL' | 'KEYWORD' | 'UNKNOWN';
+export type TokenType = 'EFFECT' | 'IF' | 'PERMISSION' | 'IDENTIFIER' | 'COLON' | 'COMMA' | 'DOT' | 'LBRACKET' | 'RBRACKET' | 'ALL' | 'ANY' | 'OF' | 'EOF' | 'COMMENT' | 'EQ' | 'CONTAINS' | 'IN' | 'NOT_IN' | 'NOT_CONTAINS' | 'GT' | 'GTE' | 'LT' | 'LTE' | 'NULL' | 'EQ_NULL' | 'NOT_EQ_NULL' | 'NOT_EQ' | 'LEN_GT' | 'LEN_LT' | 'LEN_EQ' | 'ALWAYS' | 'NEVER' | 'STRING' | 'NUMBER' | 'BOOLEAN' | 'SYMBOL' | 'KEYWORD' | 'UNKNOWN';
 /**
  * Represents a single token produced by the Ability DSL lexer.
  * Each token carries a type (e.g., EFFECT, IDENTIFIER, STRING) and its raw string value.
@@ -47,6 +47,8 @@ export declare class AbilityDSLToken<Code extends TokenType = TokenType> extends
     static readonly LEN_LT: TokenType;
     static readonly LEN_EQ: TokenType;
     static readonly NOT_EQ: TokenType;
+    static readonly ALWAYS: TokenType;
+    static readonly NEVER: TokenType;
     static readonly STRING: TokenType;
     static readonly NUMBER: TokenType;
     static readonly BOOLEAN: TokenType;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@via-profit/ability",
   "support": "https://via-profit.ru",
-  "version": "3.3.0",
+  "version": "3.4.1",
   "description": "Via-Profit Ability service",
   "keywords": [
     "ability",

package/dist/core/AbilityParser.d.ts

@@ -1,61 +0,0 @@
-import AbilityPolicy from './AbilityPolicy';
-export type Primitive = string | number | boolean | null | undefined;
-export type NestedDict<T = Primitive> = {
-    [key: string]: NestedDict<T> | T;
-};
-export type ResourceObject = Record<string, unknown>;
-export type ResourcesMap = Record<string, ResourceObject>;
-export declare class AbilityParser {
-    /**
-     * Sets a value in a nested object structure based on a dot/bracket notation path.
-     * @param object - The target object to modify.
-     * @param path - The path to the property in dot/bracket notation.
-     * @param value - The value to set at the specified path.
-     */
-    static setValueDotValue<T extends Primitive>(object: NestedDict<T>, path: string, value: T): void;
-    /**
-     * Generates TypeScript type definitions based on the provided policies.
-     * @param policies - An array of AbilityPolicy instances.
-     * @returns A generated type definitions.
-     */
-    static generateTypeDefs(policies: readonly AbilityPolicy[]): string;
-    /**
-     * Determines TypeScript type based on the rule
-     * @param rule - The rule to analyze
-     * @returns TypeScript type as string
-     */
-    private static determineTypeFromRule;
-    /**
-     * Gets TypeScript type for array values
-     * @param resource - The resource value to analyze
-     * @returns TypeScript array type as string
-     */
-    private static getArrayType;
-    /**
-     * Gets primitive TypeScript type for a value
-     * @param value - The value to analyze
-     * @returns TypeScript primitive type as string
-     */
-    private static getPrimitiveType;
-    /**
-     * Builds nested structure from flat paths
-     * Example: 'user.profile.name' -> { user: { profile: { name: 'string' } } }
-     * @param flatStructure - Flat structure with dot notation paths
-     * @returns Nested object structure
-     */
-    private static buildNestedStructure;
-    /**
-     * Formats type structure into a string
-     * @param structure - Nested type structure
-     * @returns Formatted TypeScript type definition string
-     */
-    private static formatTypeDefinitions;
-    /**
-     * Recursively formats nested object
-     * @param obj - Object to format
-     * @param indent - Current indentation level
-     * @returns Formatted string
-     */
-    private static formatNestedObject;
-}
-export default AbilityParser;