@voyant-travel/action-ledger 0.104.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +201 -0
- package/dist/canary.d.ts +17 -0
- package/dist/canary.d.ts.map +1 -0
- package/dist/canary.js +77 -0
- package/dist/capability.d.ts +73 -0
- package/dist/capability.d.ts.map +1 -0
- package/dist/capability.js +206 -0
- package/dist/fingerprint.d.ts +26 -0
- package/dist/fingerprint.d.ts.map +1 -0
- package/dist/fingerprint.js +55 -0
- package/dist/index.d.ts +9 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +8 -0
- package/dist/request-context.d.ts +136 -0
- package/dist/request-context.d.ts.map +1 -0
- package/dist/request-context.js +237 -0
- package/dist/route-schemas.d.ts +745 -0
- package/dist/route-schemas.d.ts.map +1 -0
- package/dist/route-schemas.js +428 -0
- package/dist/routes.d.ts +1602 -0
- package/dist/routes.d.ts.map +1 -0
- package/dist/routes.js +271 -0
- package/dist/schema.d.ts +1759 -0
- package/dist/schema.d.ts.map +1 -0
- package/dist/schema.js +237 -0
- package/dist/service/approval-status.d.ts +3 -0
- package/dist/service/approval-status.d.ts.map +1 -0
- package/dist/service/approval-status.js +14 -0
- package/dist/service/cursors.d.ts +22 -0
- package/dist/service/cursors.d.ts.map +1 -0
- package/dist/service/cursors.js +48 -0
- package/dist/service/entries.d.ts +9 -0
- package/dist/service/entries.d.ts.map +1 -0
- package/dist/service/entries.js +75 -0
- package/dist/service/errors.d.ts +20 -0
- package/dist/service/errors.d.ts.map +1 -0
- package/dist/service/errors.js +36 -0
- package/dist/service/listing.d.ts +7 -0
- package/dist/service/listing.d.ts.map +1 -0
- package/dist/service/listing.js +77 -0
- package/dist/service/predicates.d.ts +8 -0
- package/dist/service/predicates.d.ts.map +1 -0
- package/dist/service/predicates.js +368 -0
- package/dist/service/records.d.ts +6 -0
- package/dist/service/records.d.ts.map +1 -0
- package/dist/service/records.js +51 -0
- package/dist/service/relay-lifecycle.d.ts +7 -0
- package/dist/service/relay-lifecycle.d.ts.map +1 -0
- package/dist/service/relay-lifecycle.js +78 -0
- package/dist/service/relay-outbox.d.ts +15 -0
- package/dist/service/relay-outbox.d.ts.map +1 -0
- package/dist/service/relay-outbox.js +15 -0
- package/dist/service/types.d.ts +249 -0
- package/dist/service/types.d.ts.map +1 -0
- package/dist/service/types.js +1 -0
- package/dist/service.d.ts +40 -0
- package/dist/service.d.ts.map +1 -0
- package/dist/service.js +283 -0
- package/dist/timeline.d.ts +67 -0
- package/dist/timeline.d.ts.map +1 -0
- package/dist/timeline.js +79 -0
- package/package.json +93 -0
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
export { type RunActionLedgerCanaryInput, type RunActionLedgerCanaryResult, runActionLedgerCanary, } from "./canary.js";
|
|
2
|
+
export { type ActionLedgerApprovalRequirementReason, type ActionLedgerApprovalRequirementResult, type ActionLedgerCapabilityAccessReason, type ActionLedgerCapabilityAccessResult, type ActionLedgerCapabilityApprovalPolicy, type ActionLedgerCapabilityDefinition, type ActionLedgerCapabilityGrant, type ActionLedgerCapabilityLedgerPolicy, type ActionLedgerCapabilityRegistry, ActionLedgerCapabilityRegistryError, type ActionLedgerCapabilityRisk, actionLedgerCapabilityApprovalPolicyValues, actionLedgerCapabilityKey, actionLedgerCapabilityLedgerPolicyValues, createActionLedgerCapabilityRegistry, type EvaluateActionLedgerApprovalRequirementInput, type EvaluateActionLedgerCapabilityAccessInput, evaluateActionLedgerApprovalRequirement, evaluateActionLedgerCapabilityAccess, evaluateActionLedgerCapabilityRisk, getActionLedgerCapability, } from "./capability.js";
|
|
3
|
+
export { type BuildActionApprovalCommandFingerprintInput, buildActionApprovalCommandFingerprint, buildIdempotencyFingerprint, canonicalize, canonicalJson, sha256, } from "./fingerprint.js";
|
|
4
|
+
export { ACTION_LEDGER_APPROVAL_ID_HEADER, type ActionLedgerActorFields, type ActionLedgerApprovedExecutionFields, type ActionLedgerRequestContextValues, type ActionLedgerRequestMappingOptions, appendActionLedgerMutation, appendActionLedgerSensitiveRead, type BuildActionLedgerApprovalDecisionInput, type BuildActionLedgerApprovalRequestInput, type BuildActionLedgerApprovedExecutionFieldsInput, type BuildActionLedgerMutationInput, type BuildActionLedgerSensitiveReadInput, type BuildActionLedgerSensitiveReadInputForValue, buildActionLedgerApprovalDecisionInput, buildActionLedgerApprovalRequestInput, buildActionLedgerApprovedExecutionFields, buildActionLedgerMutationEntryInput, buildActionLedgerSensitiveReadEntryInput, decideActionLedgerApproval, ledgerSensitiveRead, mapActionLedgerRequestContext, requestActionLedgerApproval, } from "./request-context.js";
|
|
5
|
+
export { type ActionApprovalDecisionResponse, type ActionApprovalDetailResponse, type ActionApprovalGetResponse, type ActionApprovalListResponse, type ActionApprovalRequestResponse, type ActionApprovalResponse, type ActionDelegationGetResponse, type ActionDelegationListResponse, type ActionDelegationResponse, type ActionLedgerAdminRoutes, type ActionLedgerEntryDetailResponse, type ActionLedgerEntryResponse, type ActionLedgerGetResponse, type ActionLedgerListResponse, type ActionLedgerPayloadResponse, type ActionLedgerRelayOutboxListResponse, type ActionLedgerRelayOutboxResponse, type ActionLedgerReversalResponse, actionLedgerAdminRoutes, actionLedgerHonoModule, actionLedgerModule, } from "./routes.js";
|
|
6
|
+
export { type ActionApproval, type ActionDelegation, type ActionLedgerEntry, type ActionLedgerPayload, type ActionLedgerRelayOutbox, type ActionMutationDetail, type ActionSensitiveReadDetail, actionApprovals, actionDelegations, actionLedgerActionKindEnum, actionLedgerApprovalStatusEnum, actionLedgerEntries, actionLedgerPayloads, actionLedgerPrincipalTypeEnum, actionLedgerRedactionStatusEnum, actionLedgerRelayOutbox, actionLedgerRelayStatusEnum, actionLedgerReversalKindEnum, actionLedgerReversalOutcomeEnum, actionLedgerReversalStateEnum, actionLedgerRiskEnum, actionLedgerStatusEnum, actionMutationDetails, actionSensitiveReadDetails, type NewActionApproval, type NewActionDelegation, type NewActionLedgerEntry, type NewActionLedgerPayload, type NewActionLedgerRelayOutbox, type NewActionMutationDetail, type NewActionSensitiveReadDetail, } from "./schema.js";
|
|
7
|
+
export { ActionApprovalDecisionConflictError, ActionApprovalDecisionStatusError, type ActionApprovalListCursor, type ActionDelegationListCursor, ActionLedgerIdempotencyConflictError, type ActionLedgerListCursor, type ActionLedgerRelayOutboxListCursor, ActionLedgerReversalTargetError, type AppendActionLedgerEntryInput, type AppendActionLedgerEntryResult, actionLedgerService, type ClaimActionLedgerRelayOutboxInput, type ClaimActionLedgerRelayOutboxResult, type DecideActionApprovalInput, type DecideActionApprovalResult, type GetActionApprovalResult, type GetActionDelegationResult, type GetActionLedgerEntryResult, type ListActionApprovalsInput, type ListActionApprovalsResult, type ListActionDelegationsInput, type ListActionDelegationsResult, type ListActionLedgerEntriesInput, type ListActionLedgerEntriesResult, type ListActionLedgerRelayOutboxInput, type ListActionLedgerRelayOutboxResult, type MarkActionLedgerRelayOutboxFailedInput, type MarkActionLedgerRelayOutboxSucceededInput, type RecordActionLedgerReversalInput, type RecordActionLedgerReversalResult, type RequestActionApprovalInput, type RequestActionApprovalResult, type ValidateApprovedActionFailureReason, type ValidateApprovedActionInput, type ValidateApprovedActionResult, } from "./service.js";
|
|
8
|
+
export { type ActionLedgerSerializedEntry, type ActionLedgerTargetTimelineEntry, type ActionLedgerTargetTimelinePage, type ActionLedgerTargetTimelineQuery, type ActionLedgerTimelineCursor, actionLedgerTargetTimelineQuerySchema, buildActionLedgerTargetTimelinePage, serializeActionLedgerDate, serializeActionLedgerEntry, sortActionLedgerTimelineEntries, toActionLedgerTimelineCursor, } from "./timeline.js";
|
|
9
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,0BAA0B,EAC/B,KAAK,2BAA2B,EAChC,qBAAqB,GACtB,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,KAAK,qCAAqC,EAC1C,KAAK,qCAAqC,EAC1C,KAAK,kCAAkC,EACvC,KAAK,kCAAkC,EACvC,KAAK,oCAAoC,EACzC,KAAK,gCAAgC,EACrC,KAAK,2BAA2B,EAChC,KAAK,kCAAkC,EACvC,KAAK,8BAA8B,EACnC,mCAAmC,EACnC,KAAK,0BAA0B,EAC/B,0CAA0C,EAC1C,yBAAyB,EACzB,wCAAwC,EACxC,oCAAoC,EACpC,KAAK,4CAA4C,EACjD,KAAK,yCAAyC,EAC9C,uCAAuC,EACvC,oCAAoC,EACpC,kCAAkC,EAClC,yBAAyB,GAC1B,MAAM,iBAAiB,CAAA;AACxB,OAAO,EACL,KAAK,0CAA0C,EAC/C,qCAAqC,EACrC,2BAA2B,EAC3B,YAAY,EACZ,aAAa,EACb,MAAM,GACP,MAAM,kBAAkB,CAAA;AACzB,OAAO,EACL,gCAAgC,EAChC,KAAK,uBAAuB,EAC5B,KAAK,mCAAmC,EACxC,KAAK,gCAAgC,EACrC,KAAK,iCAAiC,EACtC,0BAA0B,EAC1B,+BAA+B,EAC/B,KAAK,sCAAsC,EAC3C,KAAK,qCAAqC,EAC1C,KAAK,6CAA6C,EAClD,KAAK,8BAA8B,EACnC,KAAK,mCAAmC,EACxC,KAAK,2CAA2C,EAChD,sCAAsC,EACtC,qCAAqC,EACrC,wCAAwC,EACxC,mCAAmC,EACnC,wCAAwC,EACxC,0BAA0B,EAC1B,mBAAmB,EACnB,6BAA6B,EAC7B,2BAA2B,GAC5B,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,KAAK,8BAA8B,EACnC,KAAK,4BAA4B,EACjC,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,KAAK,6BAA6B,EAClC,KAAK,sBAAsB,EAC3B,KAAK,2BAA2B,EAChC,KAAK,4BAA4B,EACjC,KAAK,wBAAwB,EAC7B,KAAK,uBAAuB,EAC5B,KAAK,+BAA+B,EACpC,KAAK,yBAAyB,EAC9B,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,2BAA2B,EAChC,KAAK,mCAAmC,EACxC,KAAK,+BAA+B,EACpC,KAAK,4BAA4B,EACjC,uBAAuB,EACvB,sBAAsB,EACtB,kBAAkB,GACnB,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,mBAAmB,EACxB,KAAK,uBAAuB,EAC5B,KAAK,oBAAoB,EACzB,KAAK,yBAAyB,EAC9B,eAAe,EACf,iBAAiB,EACjB,0BAA0B,EAC1B,8BAA8B,EAC9B,mBAAmB,EACnB,oBAAoB,EACpB,6BAA6B,EAC7B,+BAA+B,EAC/B,uBAAuB,EACvB,2BAA2B,EAC3B,4BAA4B,EAC5B,+BAA+B,EAC/B,6BAA6B,EAC7B,oBAAoB,EACpB,sBAAsB,EACtB,qBAAqB,EACrB,0BAA0B,EAC1B,KAAK,iBAAiB,EACtB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,sBAAsB,EAC3B,KAAK,0BAA0B,EAC/B,KAAK,uBAAuB,EAC5B,KAAK,4BAA4B,GAClC,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,mCAAmC,EACnC,iCAAiC,EACjC,KAAK,wBAAwB,EAC7B,KAAK,0BAA0B,EAC/B,oCAAoC,EACpC,KAAK,sBAAsB,EAC3B,KAAK,iCAAiC,EACtC,+BAA+B,EAC/B,KAAK,4BAA4B,EACjC,KAAK,6BAA6B,EAClC,mBAAmB,EACnB,KAAK,iCAAiC,EACtC,KAAK,kCAAkC,EACvC,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,KAAK,uBAAuB,EAC5B,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,EAC9B,KAAK,0BAA0B,EAC/B,KAAK,2BAA2B,EAChC,KAAK,4BAA4B,EACjC,KAAK,6BAA6B,EAClC,KAAK,gCAAgC,EACrC,KAAK,iCAAiC,EACtC,KAAK,sCAAsC,EAC3C,KAAK,yCAAyC,EAC9C,KAAK,+BAA+B,EACpC,KAAK,gCAAgC,EACrC,KAAK,0BAA0B,EAC/B,KAAK,2BAA2B,EAChC,KAAK,mCAAmC,EACxC,KAAK,2BAA2B,EAChC,KAAK,4BAA4B,GAClC,MAAM,cAAc,CAAA;AACrB,OAAO,EACL,KAAK,2BAA2B,EAChC,KAAK,+BAA+B,EACpC,KAAK,8BAA8B,EACnC,KAAK,+BAA+B,EACpC,KAAK,0BAA0B,EAC/B,qCAAqC,EACrC,mCAAmC,EACnC,yBAAyB,EACzB,0BAA0B,EAC1B,+BAA+B,EAC/B,4BAA4B,GAC7B,MAAM,eAAe,CAAA"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
export { runActionLedgerCanary, } from "./canary.js";
|
|
2
|
+
export { ActionLedgerCapabilityRegistryError, actionLedgerCapabilityApprovalPolicyValues, actionLedgerCapabilityKey, actionLedgerCapabilityLedgerPolicyValues, createActionLedgerCapabilityRegistry, evaluateActionLedgerApprovalRequirement, evaluateActionLedgerCapabilityAccess, evaluateActionLedgerCapabilityRisk, getActionLedgerCapability, } from "./capability.js";
|
|
3
|
+
export { buildActionApprovalCommandFingerprint, buildIdempotencyFingerprint, canonicalize, canonicalJson, sha256, } from "./fingerprint.js";
|
|
4
|
+
export { ACTION_LEDGER_APPROVAL_ID_HEADER, appendActionLedgerMutation, appendActionLedgerSensitiveRead, buildActionLedgerApprovalDecisionInput, buildActionLedgerApprovalRequestInput, buildActionLedgerApprovedExecutionFields, buildActionLedgerMutationEntryInput, buildActionLedgerSensitiveReadEntryInput, decideActionLedgerApproval, ledgerSensitiveRead, mapActionLedgerRequestContext, requestActionLedgerApproval, } from "./request-context.js";
|
|
5
|
+
export { actionLedgerAdminRoutes, actionLedgerHonoModule, actionLedgerModule, } from "./routes.js";
|
|
6
|
+
export { actionApprovals, actionDelegations, actionLedgerActionKindEnum, actionLedgerApprovalStatusEnum, actionLedgerEntries, actionLedgerPayloads, actionLedgerPrincipalTypeEnum, actionLedgerRedactionStatusEnum, actionLedgerRelayOutbox, actionLedgerRelayStatusEnum, actionLedgerReversalKindEnum, actionLedgerReversalOutcomeEnum, actionLedgerReversalStateEnum, actionLedgerRiskEnum, actionLedgerStatusEnum, actionMutationDetails, actionSensitiveReadDetails, } from "./schema.js";
|
|
7
|
+
export { ActionApprovalDecisionConflictError, ActionApprovalDecisionStatusError, ActionLedgerIdempotencyConflictError, ActionLedgerReversalTargetError, actionLedgerService, } from "./service.js";
|
|
8
|
+
export { actionLedgerTargetTimelineQuerySchema, buildActionLedgerTargetTimelinePage, serializeActionLedgerDate, serializeActionLedgerEntry, sortActionLedgerTimelineEntries, toActionLedgerTimelineCursor, } from "./timeline.js";
|
|
@@ -0,0 +1,136 @@
|
|
|
1
|
+
import type { AnyDrizzleDb } from "@voyant-travel/db";
|
|
2
|
+
import type { ActionApproval, ActionLedgerEntry, NewActionMutationDetail } from "./schema.js";
|
|
3
|
+
import type { AppendActionLedgerEntryInput, AppendActionLedgerEntryResult, DecideActionApprovalInput, DecideActionApprovalResult, RequestActionApprovalInput, RequestActionApprovalResult } from "./service.js";
|
|
4
|
+
export declare const ACTION_LEDGER_APPROVAL_ID_HEADER = "action-approval-id";
|
|
5
|
+
export interface ActionLedgerRequestContextValues {
|
|
6
|
+
userId?: string | null;
|
|
7
|
+
agentId?: string | null;
|
|
8
|
+
workflowPrincipalId?: string | null;
|
|
9
|
+
principalSubtype?: string | null;
|
|
10
|
+
sessionId?: string | null;
|
|
11
|
+
apiTokenId?: string | null;
|
|
12
|
+
apiKeyId?: string | null;
|
|
13
|
+
callerType?: string | null;
|
|
14
|
+
actor?: string | null;
|
|
15
|
+
isInternalRequest?: boolean | null;
|
|
16
|
+
organizationId?: string | null;
|
|
17
|
+
workflowRunId?: string | null;
|
|
18
|
+
workflowStepId?: string | null;
|
|
19
|
+
correlationId?: string | null;
|
|
20
|
+
}
|
|
21
|
+
export interface ActionLedgerActorFields {
|
|
22
|
+
actorType: string | null;
|
|
23
|
+
principalType: ActionLedgerEntry["principalType"];
|
|
24
|
+
principalId: string;
|
|
25
|
+
principalSubtype: string | null;
|
|
26
|
+
sessionId: string | null;
|
|
27
|
+
apiTokenId: string | null;
|
|
28
|
+
internalRequest: boolean;
|
|
29
|
+
callerType: string | null;
|
|
30
|
+
organizationId: string | null;
|
|
31
|
+
workflowRunId: string | null;
|
|
32
|
+
workflowStepId: string | null;
|
|
33
|
+
correlationId: string | null;
|
|
34
|
+
}
|
|
35
|
+
export interface ActionLedgerRequestMappingOptions {
|
|
36
|
+
fallbackPrincipalId?: string;
|
|
37
|
+
}
|
|
38
|
+
export interface BuildActionLedgerSensitiveReadInput extends CommonActionLedgerRouteInput, ActionLedgerRequestMappingOptions {
|
|
39
|
+
status?: Extract<ActionLedgerEntry["status"], "succeeded" | "denied" | "failed">;
|
|
40
|
+
reasonCode?: string | null;
|
|
41
|
+
disclosedFieldSet?: string[] | null;
|
|
42
|
+
disclosureSummary?: string | null;
|
|
43
|
+
decisionPolicy?: string | null;
|
|
44
|
+
}
|
|
45
|
+
export type BuildActionLedgerSensitiveReadInputForValue<T> = BuildActionLedgerSensitiveReadInput | ((value: T) => BuildActionLedgerSensitiveReadInput);
|
|
46
|
+
export interface BuildActionLedgerMutationInput extends CommonActionLedgerRouteInput, ActionLedgerRequestMappingOptions {
|
|
47
|
+
actionKind: Extract<ActionLedgerEntry["actionKind"], "create" | "update" | "delete" | "execute">;
|
|
48
|
+
status?: ActionLedgerEntry["status"];
|
|
49
|
+
mutationDetail?: Omit<NewActionMutationDetail, "actionId">;
|
|
50
|
+
}
|
|
51
|
+
export interface BuildActionLedgerApprovalRequestInput extends Omit<BuildActionLedgerMutationInput, "status"> {
|
|
52
|
+
approval: {
|
|
53
|
+
requestedByPrincipalId?: string | null;
|
|
54
|
+
assignedToPrincipalId?: string | null;
|
|
55
|
+
delegatedFromPrincipalId?: string | null;
|
|
56
|
+
policyName: string;
|
|
57
|
+
policyVersion: string;
|
|
58
|
+
targetSnapshotRef?: string | null;
|
|
59
|
+
riskSnapshot?: ActionApproval["riskSnapshot"] | null;
|
|
60
|
+
reasonCode?: string | null;
|
|
61
|
+
expiresAt?: Date | string | null;
|
|
62
|
+
};
|
|
63
|
+
}
|
|
64
|
+
export interface BuildActionLedgerApprovalDecisionInput extends ActionLedgerRequestMappingOptions {
|
|
65
|
+
context: ActionLedgerRequestContextValues;
|
|
66
|
+
id: string;
|
|
67
|
+
status: Exclude<ActionApproval["status"], "pending">;
|
|
68
|
+
decidedByPrincipalId?: string | null;
|
|
69
|
+
decidedAt?: Date | string | null;
|
|
70
|
+
actionName: string;
|
|
71
|
+
actionVersion?: string;
|
|
72
|
+
evaluatedRisk?: ActionLedgerEntry["evaluatedRisk"];
|
|
73
|
+
targetType?: string;
|
|
74
|
+
targetId?: string;
|
|
75
|
+
routeOrToolName?: string | null;
|
|
76
|
+
capabilityId?: string | null;
|
|
77
|
+
capabilityVersion?: string | null;
|
|
78
|
+
authorizationSource?: string | null;
|
|
79
|
+
idempotencyScope?: string | null;
|
|
80
|
+
idempotencyKey?: string | null;
|
|
81
|
+
idempotencyFingerprint?: string | null;
|
|
82
|
+
payloads?: AppendActionLedgerEntryInput["payloads"];
|
|
83
|
+
enqueueRelay?: AppendActionLedgerEntryInput["enqueueRelay"];
|
|
84
|
+
organizationId?: string | null;
|
|
85
|
+
workflowRunId?: string | null;
|
|
86
|
+
workflowStepId?: string | null;
|
|
87
|
+
correlationId?: string | null;
|
|
88
|
+
}
|
|
89
|
+
export interface BuildActionLedgerApprovedExecutionFieldsInput {
|
|
90
|
+
requestedActionId: string;
|
|
91
|
+
approvalId: string;
|
|
92
|
+
idempotencyFingerprint: string;
|
|
93
|
+
}
|
|
94
|
+
export interface ActionLedgerApprovedExecutionFields {
|
|
95
|
+
causationActionId: string;
|
|
96
|
+
approvalId: string;
|
|
97
|
+
idempotencyScope: string;
|
|
98
|
+
idempotencyKey: string;
|
|
99
|
+
idempotencyFingerprint: string;
|
|
100
|
+
}
|
|
101
|
+
interface CommonActionLedgerRouteInput {
|
|
102
|
+
context: ActionLedgerRequestContextValues;
|
|
103
|
+
actionName: string;
|
|
104
|
+
actionVersion?: string;
|
|
105
|
+
evaluatedRisk?: ActionLedgerEntry["evaluatedRisk"];
|
|
106
|
+
targetType: string;
|
|
107
|
+
targetId: string;
|
|
108
|
+
routeOrToolName?: string | null;
|
|
109
|
+
capabilityId?: string | null;
|
|
110
|
+
capabilityVersion?: string | null;
|
|
111
|
+
authorizationSource?: string | null;
|
|
112
|
+
causationActionId?: string | null;
|
|
113
|
+
approvalId?: string | null;
|
|
114
|
+
idempotencyScope?: string | null;
|
|
115
|
+
idempotencyKey?: string | null;
|
|
116
|
+
idempotencyFingerprint?: string | null;
|
|
117
|
+
payloads?: AppendActionLedgerEntryInput["payloads"];
|
|
118
|
+
enqueueRelay?: AppendActionLedgerEntryInput["enqueueRelay"];
|
|
119
|
+
organizationId?: string | null;
|
|
120
|
+
workflowRunId?: string | null;
|
|
121
|
+
workflowStepId?: string | null;
|
|
122
|
+
correlationId?: string | null;
|
|
123
|
+
}
|
|
124
|
+
export declare function mapActionLedgerRequestContext(context: ActionLedgerRequestContextValues, options?: ActionLedgerRequestMappingOptions): ActionLedgerActorFields;
|
|
125
|
+
export declare function buildActionLedgerSensitiveReadEntryInput(input: BuildActionLedgerSensitiveReadInput): AppendActionLedgerEntryInput;
|
|
126
|
+
export declare function appendActionLedgerSensitiveRead(db: AnyDrizzleDb, input: BuildActionLedgerSensitiveReadInput): Promise<AppendActionLedgerEntryResult>;
|
|
127
|
+
export declare function ledgerSensitiveRead<T>(db: AnyDrizzleDb, input: BuildActionLedgerSensitiveReadInputForValue<T>, read: () => T | Promise<T>): Promise<T>;
|
|
128
|
+
export declare function buildActionLedgerMutationEntryInput(input: BuildActionLedgerMutationInput): AppendActionLedgerEntryInput;
|
|
129
|
+
export declare function appendActionLedgerMutation(db: AnyDrizzleDb, input: BuildActionLedgerMutationInput): Promise<AppendActionLedgerEntryResult>;
|
|
130
|
+
export declare function buildActionLedgerApprovalRequestInput(input: BuildActionLedgerApprovalRequestInput): RequestActionApprovalInput;
|
|
131
|
+
export declare function requestActionLedgerApproval(db: AnyDrizzleDb, input: BuildActionLedgerApprovalRequestInput): Promise<RequestActionApprovalResult>;
|
|
132
|
+
export declare function buildActionLedgerApprovalDecisionInput(input: BuildActionLedgerApprovalDecisionInput): DecideActionApprovalInput;
|
|
133
|
+
export declare function decideActionLedgerApproval(db: AnyDrizzleDb, input: BuildActionLedgerApprovalDecisionInput): Promise<DecideActionApprovalResult | null>;
|
|
134
|
+
export declare function buildActionLedgerApprovedExecutionFields(input: BuildActionLedgerApprovedExecutionFieldsInput): ActionLedgerApprovedExecutionFields;
|
|
135
|
+
export {};
|
|
136
|
+
//# sourceMappingURL=request-context.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"request-context.d.ts","sourceRoot":"","sources":["../src/request-context.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AACrD,OAAO,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAA;AAC7F,OAAO,KAAK,EACV,4BAA4B,EAC5B,6BAA6B,EAC7B,yBAAyB,EACzB,0BAA0B,EAC1B,0BAA0B,EAC1B,2BAA2B,EAC5B,MAAM,cAAc,CAAA;AAGrB,eAAO,MAAM,gCAAgC,uBAAuB,CAAA;AAEpE,MAAM,WAAW,gCAAgC;IAC/C,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACtB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,mBAAmB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACnC,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAChC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,iBAAiB,CAAC,EAAE,OAAO,GAAG,IAAI,CAAA;IAClC,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9B,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9B,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAC9B;AAED,MAAM,WAAW,uBAAuB;IACtC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,aAAa,EAAE,iBAAiB,CAAC,eAAe,CAAC,CAAA;IACjD,WAAW,EAAE,MAAM,CAAA;IACnB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAA;IAC/B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,eAAe,EAAE,OAAO,CAAA;IACxB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,cAAc,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;CAC7B;AAED,MAAM,WAAW,iCAAiC;IAChD,mBAAmB,CAAC,EAAE,MAAM,CAAA;CAC7B;AAED,MAAM,WAAW,mCACf,SAAQ,4BAA4B,EAClC,iCAAiC;IACnC,MAAM,CAAC,EAAE,OAAO,CAAC,iBAAiB,CAAC,QAAQ,CAAC,EAAE,WAAW,GAAG,QAAQ,GAAG,QAAQ,CAAC,CAAA;IAChF,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,iBAAiB,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;IACnC,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACjC,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAC/B;AAED,MAAM,MAAM,2CAA2C,CAAC,CAAC,IACrD,mCAAmC,GACnC,CAAC,CAAC,KAAK,EAAE,CAAC,KAAK,mCAAmC,CAAC,CAAA;AAEvD,MAAM,WAAW,8BACf,SAAQ,4BAA4B,EAClC,iCAAiC;IACnC,UAAU,EAAE,OAAO,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC,CAAA;IAChG,MAAM,CAAC,EAAE,iBAAiB,CAAC,QAAQ,CAAC,CAAA;IACpC,cAAc,CAAC,EAAE,IAAI,CAAC,uBAAuB,EAAE,UAAU,CAAC,CAAA;CAC3D;AAED,MAAM,WAAW,qCACf,SAAQ,IAAI,CAAC,8BAA8B,EAAE,QAAQ,CAAC;IACtD,QAAQ,EAAE;QACR,sBAAsB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;QACtC,qBAAqB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;QACrC,wBAAwB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;QACxC,UAAU,EAAE,MAAM,CAAA;QAClB,aAAa,EAAE,MAAM,CAAA;QACrB,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;QACjC,YAAY,CAAC,EAAE,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAA;QACpD,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;QAC1B,SAAS,CAAC,EAAE,IAAI,GAAG,MAAM,GAAG,IAAI,CAAA;KACjC,CAAA;CACF;AAED,MAAM,WAAW,sCAAuC,SAAQ,iCAAiC;IAC/F,OAAO,EAAE,gCAAgC,CAAA;IACzC,EAAE,EAAE,MAAM,CAAA;IACV,MAAM,EAAE,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,SAAS,CAAC,CAAA;IACpD,oBAAoB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACpC,SAAS,CAAC,EAAE,IAAI,GAAG,MAAM,GAAG,IAAI,CAAA;IAChC,UAAU,EAAE,MAAM,CAAA;IAClB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,aAAa,CAAC,EAAE,iBAAiB,CAAC,eAAe,CAAC,CAAA;IAClD,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC/B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACjC,mBAAmB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACnC,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAChC,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9B,sBAAsB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACtC,QAAQ,CAAC,EAAE,4BAA4B,CAAC,UAAU,CAAC,CAAA;IACnD,YAAY,CAAC,EAAE,4BAA4B,CAAC,cAAc,CAAC,CAAA;IAC3D,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9B,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9B,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAC9B;AAED,MAAM,WAAW,6CAA6C;IAC5D,iBAAiB,EAAE,MAAM,CAAA;IACzB,UAAU,EAAE,MAAM,CAAA;IAClB,sBAAsB,EAAE,MAAM,CAAA;CAC/B;AAED,MAAM,WAAW,mCAAmC;IAClD,iBAAiB,EAAE,MAAM,CAAA;IACzB,UAAU,EAAE,MAAM,CAAA;IAClB,gBAAgB,EAAE,MAAM,CAAA;IACxB,cAAc,EAAE,MAAM,CAAA;IACtB,sBAAsB,EAAE,MAAM,CAAA;CAC/B;AAED,UAAU,4BAA4B;IACpC,OAAO,EAAE,gCAAgC,CAAA;IACzC,UAAU,EAAE,MAAM,CAAA;IAClB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,aAAa,CAAC,EAAE,iBAAiB,CAAC,eAAe,CAAC,CAAA;IAClD,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;IAChB,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC/B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACjC,mBAAmB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACnC,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACjC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAChC,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9B,sBAAsB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACtC,QAAQ,CAAC,EAAE,4BAA4B,CAAC,UAAU,CAAC,CAAA;IACnD,YAAY,CAAC,EAAE,4BAA4B,CAAC,cAAc,CAAC,CAAA;IAC3D,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9B,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9B,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAC9B;AAED,wBAAgB,6BAA6B,CAC3C,OAAO,EAAE,gCAAgC,EACzC,OAAO,GAAE,iCAAsC,GAC9C,uBAAuB,CA8FzB;AAED,wBAAgB,wCAAwC,CACtD,KAAK,EAAE,mCAAmC,GACzC,4BAA4B,CAkC9B;AAED,wBAAsB,+BAA+B,CACnD,EAAE,EAAE,YAAY,EAChB,KAAK,EAAE,mCAAmC,GACzC,OAAO,CAAC,6BAA6B,CAAC,CAExC;AAED,wBAAsB,mBAAmB,CAAC,CAAC,EACzC,EAAE,EAAE,YAAY,EAChB,KAAK,EAAE,2CAA2C,CAAC,CAAC,CAAC,EACrD,IAAI,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,GACzB,OAAO,CAAC,CAAC,CAAC,CASZ;AAED,wBAAgB,mCAAmC,CACjD,KAAK,EAAE,8BAA8B,GACpC,4BAA4B,CA6B9B;AAED,wBAAsB,0BAA0B,CAC9C,EAAE,EAAE,YAAY,EAChB,KAAK,EAAE,8BAA8B,GACpC,OAAO,CAAC,6BAA6B,CAAC,CAExC;AAED,wBAAgB,qCAAqC,CACnD,KAAK,EAAE,qCAAqC,GAC3C,0BAA0B,CAqB5B;AAED,wBAAsB,2BAA2B,CAC/C,EAAE,EAAE,YAAY,EAChB,KAAK,EAAE,qCAAqC,GAC3C,OAAO,CAAC,2BAA2B,CAAC,CAEtC;AAED,wBAAgB,sCAAsC,CACpD,KAAK,EAAE,sCAAsC,GAC5C,yBAAyB,CA8B3B;AAED,wBAAsB,0BAA0B,CAC9C,EAAE,EAAE,YAAY,EAChB,KAAK,EAAE,sCAAsC,GAC5C,OAAO,CAAC,0BAA0B,GAAG,IAAI,CAAC,CAE5C;AAED,wBAAgB,wCAAwC,CACtD,KAAK,EAAE,6CAA6C,GACnD,mCAAmC,CAQrC"}
|
|
@@ -0,0 +1,237 @@
|
|
|
1
|
+
import { actionLedgerService } from "./service.js";
|
|
2
|
+
export const ACTION_LEDGER_APPROVAL_ID_HEADER = "action-approval-id";
|
|
3
|
+
export function mapActionLedgerRequestContext(context, options = {}) {
|
|
4
|
+
const actor = normalizeNullableString(context.actor);
|
|
5
|
+
const callerType = normalizeNullableString(context.callerType);
|
|
6
|
+
const userId = normalizeNullableString(context.userId);
|
|
7
|
+
const agentId = normalizeNullableString(context.agentId);
|
|
8
|
+
const workflowRunId = normalizeNullableString(context.workflowRunId);
|
|
9
|
+
const workflowPrincipalId = normalizeNullableString(context.workflowPrincipalId) ?? workflowRunId;
|
|
10
|
+
const principalSubtype = normalizeNullableString(context.principalSubtype);
|
|
11
|
+
const sessionId = normalizeNullableString(context.sessionId);
|
|
12
|
+
const apiTokenId = normalizeNullableString(context.apiTokenId ?? context.apiKeyId);
|
|
13
|
+
const internalRequest = context.isInternalRequest === true || callerType === "internal";
|
|
14
|
+
if (apiTokenId && callerType === "api_key") {
|
|
15
|
+
return {
|
|
16
|
+
actorType: actor,
|
|
17
|
+
principalType: "api_key",
|
|
18
|
+
principalId: apiTokenId,
|
|
19
|
+
principalSubtype,
|
|
20
|
+
sessionId,
|
|
21
|
+
apiTokenId,
|
|
22
|
+
internalRequest,
|
|
23
|
+
callerType,
|
|
24
|
+
organizationId: normalizeNullableString(context.organizationId),
|
|
25
|
+
workflowRunId,
|
|
26
|
+
workflowStepId: normalizeNullableString(context.workflowStepId),
|
|
27
|
+
correlationId: normalizeNullableString(context.correlationId),
|
|
28
|
+
};
|
|
29
|
+
}
|
|
30
|
+
if (agentId && callerType === "agent") {
|
|
31
|
+
return {
|
|
32
|
+
actorType: actor,
|
|
33
|
+
principalType: "agent",
|
|
34
|
+
principalId: agentId,
|
|
35
|
+
principalSubtype,
|
|
36
|
+
sessionId,
|
|
37
|
+
apiTokenId,
|
|
38
|
+
internalRequest,
|
|
39
|
+
callerType,
|
|
40
|
+
organizationId: normalizeNullableString(context.organizationId),
|
|
41
|
+
workflowRunId,
|
|
42
|
+
workflowStepId: normalizeNullableString(context.workflowStepId),
|
|
43
|
+
correlationId: normalizeNullableString(context.correlationId),
|
|
44
|
+
};
|
|
45
|
+
}
|
|
46
|
+
if (workflowPrincipalId && callerType === "workflow") {
|
|
47
|
+
return {
|
|
48
|
+
actorType: actor,
|
|
49
|
+
principalType: "workflow",
|
|
50
|
+
principalId: workflowPrincipalId,
|
|
51
|
+
principalSubtype,
|
|
52
|
+
sessionId,
|
|
53
|
+
apiTokenId,
|
|
54
|
+
internalRequest,
|
|
55
|
+
callerType,
|
|
56
|
+
organizationId: normalizeNullableString(context.organizationId),
|
|
57
|
+
workflowRunId,
|
|
58
|
+
workflowStepId: normalizeNullableString(context.workflowStepId),
|
|
59
|
+
correlationId: normalizeNullableString(context.correlationId),
|
|
60
|
+
};
|
|
61
|
+
}
|
|
62
|
+
if (internalRequest) {
|
|
63
|
+
return {
|
|
64
|
+
actorType: actor,
|
|
65
|
+
principalType: "system",
|
|
66
|
+
principalId: userId ?? apiTokenId ?? options.fallbackPrincipalId ?? "internal_request",
|
|
67
|
+
principalSubtype,
|
|
68
|
+
sessionId,
|
|
69
|
+
apiTokenId,
|
|
70
|
+
internalRequest,
|
|
71
|
+
callerType,
|
|
72
|
+
organizationId: normalizeNullableString(context.organizationId),
|
|
73
|
+
workflowRunId,
|
|
74
|
+
workflowStepId: normalizeNullableString(context.workflowStepId),
|
|
75
|
+
correlationId: normalizeNullableString(context.correlationId),
|
|
76
|
+
};
|
|
77
|
+
}
|
|
78
|
+
return {
|
|
79
|
+
actorType: actor,
|
|
80
|
+
principalType: userId ? "user" : "system",
|
|
81
|
+
principalId: userId ?? options.fallbackPrincipalId ?? "unknown_request",
|
|
82
|
+
principalSubtype,
|
|
83
|
+
sessionId,
|
|
84
|
+
apiTokenId,
|
|
85
|
+
internalRequest,
|
|
86
|
+
callerType,
|
|
87
|
+
organizationId: normalizeNullableString(context.organizationId),
|
|
88
|
+
workflowRunId,
|
|
89
|
+
workflowStepId: normalizeNullableString(context.workflowStepId),
|
|
90
|
+
correlationId: normalizeNullableString(context.correlationId),
|
|
91
|
+
};
|
|
92
|
+
}
|
|
93
|
+
export function buildActionLedgerSensitiveReadEntryInput(input) {
|
|
94
|
+
const actorFields = mapActionLedgerRequestContext(input.context, input);
|
|
95
|
+
return {
|
|
96
|
+
...actorFields,
|
|
97
|
+
actionName: input.actionName,
|
|
98
|
+
actionVersion: input.actionVersion ?? "v1",
|
|
99
|
+
actionKind: "read",
|
|
100
|
+
status: input.status ?? "succeeded",
|
|
101
|
+
evaluatedRisk: input.evaluatedRisk ?? "high",
|
|
102
|
+
targetType: input.targetType,
|
|
103
|
+
targetId: input.targetId,
|
|
104
|
+
routeOrToolName: input.routeOrToolName ?? null,
|
|
105
|
+
capabilityId: input.capabilityId ?? null,
|
|
106
|
+
capabilityVersion: input.capabilityVersion ?? null,
|
|
107
|
+
authorizationSource: input.authorizationSource ?? null,
|
|
108
|
+
causationActionId: input.causationActionId ?? null,
|
|
109
|
+
approvalId: input.approvalId ?? null,
|
|
110
|
+
idempotencyScope: input.idempotencyScope ?? null,
|
|
111
|
+
idempotencyKey: input.idempotencyKey ?? null,
|
|
112
|
+
idempotencyFingerprint: input.idempotencyFingerprint ?? null,
|
|
113
|
+
payloads: input.payloads,
|
|
114
|
+
enqueueRelay: input.enqueueRelay,
|
|
115
|
+
organizationId: input.organizationId ?? actorFields.organizationId,
|
|
116
|
+
workflowRunId: input.workflowRunId ?? actorFields.workflowRunId,
|
|
117
|
+
workflowStepId: input.workflowStepId ?? actorFields.workflowStepId,
|
|
118
|
+
correlationId: input.correlationId ?? actorFields.correlationId,
|
|
119
|
+
sensitiveReadDetail: {
|
|
120
|
+
reasonCode: input.reasonCode ?? null,
|
|
121
|
+
disclosedFieldSet: input.disclosedFieldSet ?? null,
|
|
122
|
+
disclosureSummary: input.disclosureSummary ?? null,
|
|
123
|
+
decisionPolicy: input.decisionPolicy ?? null,
|
|
124
|
+
},
|
|
125
|
+
};
|
|
126
|
+
}
|
|
127
|
+
export async function appendActionLedgerSensitiveRead(db, input) {
|
|
128
|
+
return actionLedgerService.appendEntry(db, buildActionLedgerSensitiveReadEntryInput(input));
|
|
129
|
+
}
|
|
130
|
+
export async function ledgerSensitiveRead(db, input, read) {
|
|
131
|
+
if (typeof input !== "function") {
|
|
132
|
+
await appendActionLedgerSensitiveRead(db, input);
|
|
133
|
+
return read();
|
|
134
|
+
}
|
|
135
|
+
const value = await read();
|
|
136
|
+
await appendActionLedgerSensitiveRead(db, input(value));
|
|
137
|
+
return value;
|
|
138
|
+
}
|
|
139
|
+
export function buildActionLedgerMutationEntryInput(input) {
|
|
140
|
+
const actorFields = mapActionLedgerRequestContext(input.context, input);
|
|
141
|
+
return {
|
|
142
|
+
...actorFields,
|
|
143
|
+
actionName: input.actionName,
|
|
144
|
+
actionVersion: input.actionVersion ?? "v1",
|
|
145
|
+
actionKind: input.actionKind,
|
|
146
|
+
status: input.status ?? "succeeded",
|
|
147
|
+
evaluatedRisk: input.evaluatedRisk ?? "medium",
|
|
148
|
+
targetType: input.targetType,
|
|
149
|
+
targetId: input.targetId,
|
|
150
|
+
routeOrToolName: input.routeOrToolName ?? null,
|
|
151
|
+
capabilityId: input.capabilityId ?? null,
|
|
152
|
+
capabilityVersion: input.capabilityVersion ?? null,
|
|
153
|
+
authorizationSource: input.authorizationSource ?? null,
|
|
154
|
+
causationActionId: input.causationActionId ?? null,
|
|
155
|
+
approvalId: input.approvalId ?? null,
|
|
156
|
+
idempotencyScope: input.idempotencyScope ?? null,
|
|
157
|
+
idempotencyKey: input.idempotencyKey ?? null,
|
|
158
|
+
idempotencyFingerprint: input.idempotencyFingerprint ?? null,
|
|
159
|
+
payloads: input.payloads,
|
|
160
|
+
enqueueRelay: input.enqueueRelay,
|
|
161
|
+
organizationId: input.organizationId ?? actorFields.organizationId,
|
|
162
|
+
workflowRunId: input.workflowRunId ?? actorFields.workflowRunId,
|
|
163
|
+
workflowStepId: input.workflowStepId ?? actorFields.workflowStepId,
|
|
164
|
+
correlationId: input.correlationId ?? actorFields.correlationId,
|
|
165
|
+
mutationDetail: input.mutationDetail,
|
|
166
|
+
};
|
|
167
|
+
}
|
|
168
|
+
export async function appendActionLedgerMutation(db, input) {
|
|
169
|
+
return actionLedgerService.appendEntry(db, buildActionLedgerMutationEntryInput(input));
|
|
170
|
+
}
|
|
171
|
+
export function buildActionLedgerApprovalRequestInput(input) {
|
|
172
|
+
const { status: _status, approvalId: _approvalId, ...requestedAction } = buildActionLedgerMutationEntryInput(input);
|
|
173
|
+
return {
|
|
174
|
+
requestedAction,
|
|
175
|
+
approval: {
|
|
176
|
+
requestedByPrincipalId: input.approval.requestedByPrincipalId ?? requestedAction.principalId,
|
|
177
|
+
assignedToPrincipalId: input.approval.assignedToPrincipalId ?? null,
|
|
178
|
+
delegatedFromPrincipalId: input.approval.delegatedFromPrincipalId ?? null,
|
|
179
|
+
policyName: input.approval.policyName,
|
|
180
|
+
policyVersion: input.approval.policyVersion,
|
|
181
|
+
targetSnapshotRef: input.approval.targetSnapshotRef ?? null,
|
|
182
|
+
riskSnapshot: input.approval.riskSnapshot ?? requestedAction.evaluatedRisk,
|
|
183
|
+
reasonCode: input.approval.reasonCode ?? null,
|
|
184
|
+
expiresAt: input.approval.expiresAt ?? null,
|
|
185
|
+
},
|
|
186
|
+
};
|
|
187
|
+
}
|
|
188
|
+
export async function requestActionLedgerApproval(db, input) {
|
|
189
|
+
return actionLedgerService.requestApproval(db, buildActionLedgerApprovalRequestInput(input));
|
|
190
|
+
}
|
|
191
|
+
export function buildActionLedgerApprovalDecisionInput(input) {
|
|
192
|
+
const actorFields = mapActionLedgerRequestContext(input.context, input);
|
|
193
|
+
return {
|
|
194
|
+
id: input.id,
|
|
195
|
+
status: input.status,
|
|
196
|
+
decidedByPrincipalId: input.decidedByPrincipalId ?? actorFields.principalId,
|
|
197
|
+
decidedAt: input.decidedAt ?? null,
|
|
198
|
+
decisionAction: {
|
|
199
|
+
...actorFields,
|
|
200
|
+
actionName: input.actionName,
|
|
201
|
+
actionVersion: input.actionVersion ?? "v1",
|
|
202
|
+
evaluatedRisk: input.evaluatedRisk,
|
|
203
|
+
targetType: input.targetType,
|
|
204
|
+
targetId: input.targetId,
|
|
205
|
+
routeOrToolName: input.routeOrToolName ?? null,
|
|
206
|
+
capabilityId: input.capabilityId ?? null,
|
|
207
|
+
capabilityVersion: input.capabilityVersion ?? null,
|
|
208
|
+
authorizationSource: input.authorizationSource ?? null,
|
|
209
|
+
idempotencyScope: input.idempotencyScope ?? null,
|
|
210
|
+
idempotencyKey: input.idempotencyKey ?? null,
|
|
211
|
+
idempotencyFingerprint: input.idempotencyFingerprint ?? null,
|
|
212
|
+
payloads: input.payloads,
|
|
213
|
+
enqueueRelay: input.enqueueRelay,
|
|
214
|
+
organizationId: input.organizationId ?? actorFields.organizationId,
|
|
215
|
+
workflowRunId: input.workflowRunId ?? actorFields.workflowRunId,
|
|
216
|
+
workflowStepId: input.workflowStepId ?? actorFields.workflowStepId,
|
|
217
|
+
correlationId: input.correlationId ?? actorFields.correlationId,
|
|
218
|
+
},
|
|
219
|
+
};
|
|
220
|
+
}
|
|
221
|
+
export async function decideActionLedgerApproval(db, input) {
|
|
222
|
+
return actionLedgerService.decideApproval(db, buildActionLedgerApprovalDecisionInput(input));
|
|
223
|
+
}
|
|
224
|
+
export function buildActionLedgerApprovedExecutionFields(input) {
|
|
225
|
+
return {
|
|
226
|
+
causationActionId: input.requestedActionId,
|
|
227
|
+
approvalId: input.approvalId,
|
|
228
|
+
idempotencyScope: `${input.approvalId}:execution`,
|
|
229
|
+
idempotencyKey: input.approvalId,
|
|
230
|
+
idempotencyFingerprint: input.idempotencyFingerprint,
|
|
231
|
+
};
|
|
232
|
+
}
|
|
233
|
+
function normalizeNullableString(value) {
|
|
234
|
+
if (value === undefined || value === null || value === "")
|
|
235
|
+
return null;
|
|
236
|
+
return value;
|
|
237
|
+
}
|