@xemahq/kernel-contracts 0.17.0 → 0.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent-workspace/awp-spec.json +1 -1
- package/dist/contribution/lib/contribution-kind.d.ts +1 -0
- package/dist/contribution/lib/contribution-kind.d.ts.map +1 -1
- package/dist/contribution/lib/contribution-kind.js +1 -0
- package/dist/contribution/lib/contribution-kind.js.map +1 -1
- package/dist/resource/index.d.ts +2 -0
- package/dist/resource/index.d.ts.map +1 -1
- package/dist/resource/index.js +2 -0
- package/dist/resource/index.js.map +1 -1
- package/dist/resource/lib/resource-ownership-contribution.d.ts +29 -0
- package/dist/resource/lib/resource-ownership-contribution.d.ts.map +1 -0
- package/dist/resource/lib/resource-ownership-contribution.js +35 -0
- package/dist/resource/lib/resource-ownership-contribution.js.map +1 -0
- package/dist/resource/lib/resource-ref.d.ts +9 -0
- package/dist/resource/lib/resource-ref.d.ts.map +1 -0
- package/dist/resource/lib/resource-ref.js +33 -0
- package/dist/resource/lib/resource-ref.js.map +1 -0
- package/package.json +1 -1
- package/src/contribution/lib/contribution-kind.ts +15 -0
- package/src/resource/index.ts +12 -5
- package/src/resource/lib/resource-ownership-contribution.ts +127 -0
- package/src/resource/lib/resource-ref.ts +75 -0
|
@@ -38,6 +38,7 @@ export declare enum ContributionKind {
|
|
|
38
38
|
DeliverableSpecKind = "deliverable-spec-kind",
|
|
39
39
|
RuntimeMountKind = "runtime-mount-kind",
|
|
40
40
|
Capability = "capability",
|
|
41
|
+
ResourceOwnership = "resource-ownership",
|
|
41
42
|
StageMachine = "stage-machine"
|
|
42
43
|
}
|
|
43
44
|
export declare const ContributionKindSchema: z.ZodEnum<typeof ContributionKind>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contribution-kind.d.ts","sourceRoot":"","sources":["../../../src/contribution/lib/contribution-kind.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAexB,oBAAY,gBAAgB;IAE1B,gBAAgB,sBAAsB;IACtC,WAAW,iBAAiB;IAC5B,OAAO,aAAa;IACpB,gBAAgB,sBAAsB;IACtC,aAAa,mBAAmB;IAChC,YAAY,kBAAkB;IAC9B,UAAU,gBAAgB;IAC1B,YAAY,kBAAkB;IAC9B,mBAAmB,yBAAyB;IAC5C,UAAU,gBAAgB;IAC1B,WAAW,iBAAiB;IAC5B,wBAAwB,+BAA+B;IACvD,UAAU,gBAAgB;IAI1B,YAAY,kBAAkB;IAE9B,WAAW,iBAAiB;IAQ5B,YAAY,kBAAkB;IAM9B,WAAW,iBAAiB;IAW5B,cAAc,oBAAoB;IAElC,kBAAkB,yBAAyB;IAE3C,IAAI,SAAS;IAEb,UAAU,gBAAgB;IAE1B,oBAAoB,0BAA0B;IAE9C,oBAAoB,2BAA2B;IAE/C,yBAAyB,gCAAgC;IAGzD,mBAAmB,yBAAyB;IAI5C,cAAc,oBAAoB;IAElC,eAAe,qBAAqB;IAEpC,iBAAiB,uBAAuB;IAExC,yBAAyB,gCAAgC;IAEzD,WAAW,iBAAiB;IAI5B,UAAU,gBAAgB;IAE1B,YAAY,kBAAkB;IAE9B,cAAc,oBAAoB;IAElC,WAAW,iBAAiB;IAI5B,eAAe,sBAAsB;IAErC,mBAAmB,0BAA0B;IAE7C,gBAAgB,uBAAuB;IAiBvC,UAAU,eAAe;
|
|
1
|
+
{"version":3,"file":"contribution-kind.d.ts","sourceRoot":"","sources":["../../../src/contribution/lib/contribution-kind.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAexB,oBAAY,gBAAgB;IAE1B,gBAAgB,sBAAsB;IACtC,WAAW,iBAAiB;IAC5B,OAAO,aAAa;IACpB,gBAAgB,sBAAsB;IACtC,aAAa,mBAAmB;IAChC,YAAY,kBAAkB;IAC9B,UAAU,gBAAgB;IAC1B,YAAY,kBAAkB;IAC9B,mBAAmB,yBAAyB;IAC5C,UAAU,gBAAgB;IAC1B,WAAW,iBAAiB;IAC5B,wBAAwB,+BAA+B;IACvD,UAAU,gBAAgB;IAI1B,YAAY,kBAAkB;IAE9B,WAAW,iBAAiB;IAQ5B,YAAY,kBAAkB;IAM9B,WAAW,iBAAiB;IAW5B,cAAc,oBAAoB;IAElC,kBAAkB,yBAAyB;IAE3C,IAAI,SAAS;IAEb,UAAU,gBAAgB;IAE1B,oBAAoB,0BAA0B;IAE9C,oBAAoB,2BAA2B;IAE/C,yBAAyB,gCAAgC;IAGzD,mBAAmB,yBAAyB;IAI5C,cAAc,oBAAoB;IAElC,eAAe,qBAAqB;IAEpC,iBAAiB,uBAAuB;IAExC,yBAAyB,gCAAgC;IAEzD,WAAW,iBAAiB;IAI5B,UAAU,gBAAgB;IAE1B,YAAY,kBAAkB;IAE9B,cAAc,oBAAoB;IAElC,WAAW,iBAAiB;IAI5B,eAAe,sBAAsB;IAErC,mBAAmB,0BAA0B;IAE7C,gBAAgB,uBAAuB;IAiBvC,UAAU,eAAe;IAezB,iBAAiB,uBAAuB;IAcxC,YAAY,kBAAkB;CAC/B;AAMD,eAAO,MAAM,sBAAsB,oCAAiC,CAAC;AAErE,MAAM,MAAM,qBAAqB,GAAG,GAAG,gBAAgB,EAAE,CAAC"}
|
|
@@ -42,6 +42,7 @@ var ContributionKind;
|
|
|
42
42
|
ContributionKind["DeliverableSpecKind"] = "deliverable-spec-kind";
|
|
43
43
|
ContributionKind["RuntimeMountKind"] = "runtime-mount-kind";
|
|
44
44
|
ContributionKind["Capability"] = "capability";
|
|
45
|
+
ContributionKind["ResourceOwnership"] = "resource-ownership";
|
|
45
46
|
ContributionKind["StageMachine"] = "stage-machine";
|
|
46
47
|
})(ContributionKind || (exports.ContributionKind = ContributionKind = {}));
|
|
47
48
|
exports.ContributionKindSchema = zod_1.z.nativeEnum(ContributionKind);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contribution-kind.js","sourceRoot":"","sources":["../../../src/contribution/lib/contribution-kind.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAexB,IAAY,
|
|
1
|
+
{"version":3,"file":"contribution-kind.js","sourceRoot":"","sources":["../../../src/contribution/lib/contribution-kind.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAexB,IAAY,gBAyIX;AAzID,WAAY,gBAAgB;IAE1B,0DAAsC,CAAA;IACtC,gDAA4B,CAAA;IAC5B,wCAAoB,CAAA;IACpB,0DAAsC,CAAA;IACtC,oDAAgC,CAAA;IAChC,kDAA8B,CAAA;IAC9B,8CAA0B,CAAA;IAC1B,kDAA8B,CAAA;IAC9B,gEAA4C,CAAA;IAC5C,8CAA0B,CAAA;IAC1B,gDAA4B,CAAA;IAC5B,2EAAuD,CAAA;IACvD,8CAA0B,CAAA;IAI1B,kDAA8B,CAAA;IAE9B,gDAA4B,CAAA;IAQ5B,kDAA8B,CAAA;IAM9B,gDAA4B,CAAA;IAW5B,sDAAkC,CAAA;IAElC,+DAA2C,CAAA;IAE3C,iCAAa,CAAA;IAEb,8CAA0B,CAAA;IAE1B,kEAA8C,CAAA;IAE9C,mEAA+C,CAAA;IAE/C,6EAAyD,CAAA;IAGzD,gEAA4C,CAAA;IAI5C,sDAAkC,CAAA;IAElC,wDAAoC,CAAA;IAEpC,4DAAwC,CAAA;IAExC,6EAAyD,CAAA;IAEzD,gDAA4B,CAAA;IAI5B,8CAA0B,CAAA;IAE1B,kDAA8B,CAAA;IAE9B,sDAAkC,CAAA;IAElC,gDAA4B,CAAA;IAI5B,yDAAqC,CAAA;IAErC,iEAA6C,CAAA;IAE7C,2DAAuC,CAAA;IAiBvC,6CAAyB,CAAA;IAezB,4DAAwC,CAAA;IAcxC,kDAA8B,CAAA;AAChC,CAAC,EAzIW,gBAAgB,gCAAhB,gBAAgB,QAyI3B;AAMY,QAAA,sBAAsB,GAAG,OAAC,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC"}
|
package/dist/resource/index.d.ts
CHANGED
|
@@ -4,4 +4,6 @@ export * from './lib/resource-declaration';
|
|
|
4
4
|
export * from './lib/xema-manifest';
|
|
5
5
|
export * from './lib/stack';
|
|
6
6
|
export * from './lib/plan';
|
|
7
|
+
export * from './lib/resource-ownership-contribution';
|
|
8
|
+
export * from './lib/resource-ref';
|
|
7
9
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/resource/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/resource/index.ts"],"names":[],"mappings":"AAqBA,cAAc,qBAAqB,CAAC;AACpC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,4BAA4B,CAAC;AAC3C,cAAc,qBAAqB,CAAC;AACpC,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC;AAC3B,cAAc,uCAAuC,CAAC;AACtD,cAAc,oBAAoB,CAAC"}
|
package/dist/resource/index.js
CHANGED
|
@@ -20,4 +20,6 @@ __exportStar(require("./lib/resource-declaration"), exports);
|
|
|
20
20
|
__exportStar(require("./lib/xema-manifest"), exports);
|
|
21
21
|
__exportStar(require("./lib/stack"), exports);
|
|
22
22
|
__exportStar(require("./lib/plan"), exports);
|
|
23
|
+
__exportStar(require("./lib/resource-ownership-contribution"), exports);
|
|
24
|
+
__exportStar(require("./lib/resource-ref"), exports);
|
|
23
25
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/resource/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/resource/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAqBA,sDAAoC;AACpC,4DAA0C;AAC1C,6DAA2C;AAC3C,sDAAoC;AACpC,8CAA4B;AAC5B,6CAA2B;AAC3B,wEAAsD;AACtD,qDAAmC"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
import { SubjectKind } from '../../subject';
|
|
3
|
+
export declare enum ResourceVisibilityPattern {
|
|
4
|
+
OwnerOnly = "owner-only",
|
|
5
|
+
OrgShared = "org-shared",
|
|
6
|
+
ProjectShared = "project-shared",
|
|
7
|
+
SpaceShared = "space-shared",
|
|
8
|
+
ExplicitShare = "explicit-share"
|
|
9
|
+
}
|
|
10
|
+
export declare const ResourceVisibilityPatternSchema: z.ZodEnum<typeof ResourceVisibilityPattern>;
|
|
11
|
+
export interface OwnerRef {
|
|
12
|
+
readonly kind: SubjectKind;
|
|
13
|
+
readonly ref: string;
|
|
14
|
+
}
|
|
15
|
+
export declare const OwnerRefSchema: z.ZodType<OwnerRef>;
|
|
16
|
+
export interface ExplicitShareRef {
|
|
17
|
+
readonly kind: SubjectKind;
|
|
18
|
+
readonly ref: string;
|
|
19
|
+
}
|
|
20
|
+
export declare const ExplicitShareRefSchema: z.ZodType<ExplicitShareRef>;
|
|
21
|
+
export interface ResourceOwnershipContributionManifest {
|
|
22
|
+
readonly resourceType: string;
|
|
23
|
+
readonly resourceId: string;
|
|
24
|
+
readonly visibility: ResourceVisibilityPattern;
|
|
25
|
+
readonly owners: readonly OwnerRef[];
|
|
26
|
+
readonly explicitShares?: readonly ExplicitShareRef[];
|
|
27
|
+
}
|
|
28
|
+
export declare const ResourceOwnershipContributionManifestSchema: z.ZodType<ResourceOwnershipContributionManifest>;
|
|
29
|
+
//# sourceMappingURL=resource-ownership-contribution.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resource-ownership-contribution.d.ts","sourceRoot":"","sources":["../../../src/resource/lib/resource-ownership-contribution.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,WAAW,EAAqB,MAAM,eAAe,CAAC;AA0B/D,oBAAY,yBAAyB;IAEnC,SAAS,eAAe;IAExB,SAAS,eAAe;IAExB,aAAa,mBAAmB;IAEhC,WAAW,iBAAiB;IAE5B,aAAa,mBAAmB;CACjC;AAED,eAAO,MAAM,+BAA+B,6CAE3C,CAAC;AAQF,MAAM,WAAW,QAAQ;IACvB,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC;IAC3B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB;AAED,eAAO,MAAM,cAAc,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAGtB,CAAC;AAS1B,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC;IAC3B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB;AAED,eAAO,MAAM,sBAAsB,EAAE,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAG9B,CAAC;AAgBlC,MAAM,WAAW,qCAAqC;IAEpD,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAE9B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAE5B,QAAQ,CAAC,UAAU,EAAE,yBAAyB,CAAC;IAE/C,QAAQ,CAAC,MAAM,EAAE,SAAS,QAAQ,EAAE,CAAC;IAMrC,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,gBAAgB,EAAE,CAAC;CACvD;AASD,eAAO,MAAM,2CAA2C,EAAE,CAAC,CAAC,OAAO,CAAC,qCAAqC,CAUjD,CAAC"}
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ResourceOwnershipContributionManifestSchema = exports.ExplicitShareRefSchema = exports.OwnerRefSchema = exports.ResourceVisibilityPatternSchema = exports.ResourceVisibilityPattern = void 0;
|
|
4
|
+
const zod_1 = require("zod");
|
|
5
|
+
const subject_1 = require("../../subject");
|
|
6
|
+
const RESOURCE_IDENTIFIER_MAX = 200;
|
|
7
|
+
const RESOURCE_PRINCIPALS_MAX = 100;
|
|
8
|
+
var ResourceVisibilityPattern;
|
|
9
|
+
(function (ResourceVisibilityPattern) {
|
|
10
|
+
ResourceVisibilityPattern["OwnerOnly"] = "owner-only";
|
|
11
|
+
ResourceVisibilityPattern["OrgShared"] = "org-shared";
|
|
12
|
+
ResourceVisibilityPattern["ProjectShared"] = "project-shared";
|
|
13
|
+
ResourceVisibilityPattern["SpaceShared"] = "space-shared";
|
|
14
|
+
ResourceVisibilityPattern["ExplicitShare"] = "explicit-share";
|
|
15
|
+
})(ResourceVisibilityPattern || (exports.ResourceVisibilityPattern = ResourceVisibilityPattern = {}));
|
|
16
|
+
exports.ResourceVisibilityPatternSchema = zod_1.z.nativeEnum(ResourceVisibilityPattern);
|
|
17
|
+
exports.OwnerRefSchema = zod_1.z.object({
|
|
18
|
+
kind: subject_1.SubjectKindSchema,
|
|
19
|
+
ref: zod_1.z.string().min(1).max(RESOURCE_IDENTIFIER_MAX),
|
|
20
|
+
});
|
|
21
|
+
exports.ExplicitShareRefSchema = zod_1.z.object({
|
|
22
|
+
kind: subject_1.SubjectKindSchema,
|
|
23
|
+
ref: zod_1.z.string().min(1).max(RESOURCE_IDENTIFIER_MAX),
|
|
24
|
+
});
|
|
25
|
+
exports.ResourceOwnershipContributionManifestSchema = zod_1.z.object({
|
|
26
|
+
resourceType: zod_1.z.string().min(1).max(RESOURCE_IDENTIFIER_MAX),
|
|
27
|
+
resourceId: zod_1.z.string().min(1).max(RESOURCE_IDENTIFIER_MAX),
|
|
28
|
+
visibility: exports.ResourceVisibilityPatternSchema,
|
|
29
|
+
owners: zod_1.z.array(exports.OwnerRefSchema).min(1).max(RESOURCE_PRINCIPALS_MAX),
|
|
30
|
+
explicitShares: zod_1.z
|
|
31
|
+
.array(exports.ExplicitShareRefSchema)
|
|
32
|
+
.max(RESOURCE_PRINCIPALS_MAX)
|
|
33
|
+
.optional(),
|
|
34
|
+
});
|
|
35
|
+
//# sourceMappingURL=resource-ownership-contribution.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resource-ownership-contribution.js","sourceRoot":"","sources":["../../../src/resource/lib/resource-ownership-contribution.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAExB,2CAA+D;AAO/D,MAAM,uBAAuB,GAAG,GAAG,CAAC;AAQpC,MAAM,uBAAuB,GAAG,GAAG,CAAC;AAWpC,IAAY,yBAWX;AAXD,WAAY,yBAAyB;IAEnC,qDAAwB,CAAA;IAExB,qDAAwB,CAAA;IAExB,6DAAgC,CAAA;IAEhC,yDAA4B,CAAA;IAE5B,6DAAgC,CAAA;AAClC,CAAC,EAXW,yBAAyB,yCAAzB,yBAAyB,QAWpC;AAEY,QAAA,+BAA+B,GAAG,OAAC,CAAC,UAAU,CACzD,yBAAyB,CAC1B,CAAC;AAaW,QAAA,cAAc,GAAwB,OAAC,CAAC,MAAM,CAAC;IAC1D,IAAI,EAAE,2BAAiB;IACvB,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,uBAAuB,CAAC;CACpD,CAAwB,CAAC;AAcb,QAAA,sBAAsB,GAAgC,OAAC,CAAC,MAAM,CAAC;IAC1E,IAAI,EAAE,2BAAiB;IACvB,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,uBAAuB,CAAC;CACpD,CAAgC,CAAC;AAwCrB,QAAA,2CAA2C,GACtD,OAAC,CAAC,MAAM,CAAC;IACP,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,uBAAuB,CAAC;IAC5D,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,uBAAuB,CAAC;IAC1D,UAAU,EAAE,uCAA+B;IAC3C,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,sBAAc,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,uBAAuB,CAAC;IACnE,cAAc,EAAE,OAAC;SACd,KAAK,CAAC,8BAAsB,CAAC;SAC7B,GAAG,CAAC,uBAAuB,CAAC;SAC5B,QAAQ,EAAE;CACd,CAAqD,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
export declare const RESOURCE_REF_PREFIX: "resource";
|
|
2
|
+
export declare const RESOURCE_REF_DELIMITER: ":";
|
|
3
|
+
export interface ResourceRefParts {
|
|
4
|
+
readonly type: string;
|
|
5
|
+
readonly id: string;
|
|
6
|
+
}
|
|
7
|
+
export declare function composeResourceRef(type: string, id: string): string;
|
|
8
|
+
export declare function parseResourceRef(ref: string): ResourceRefParts;
|
|
9
|
+
//# sourceMappingURL=resource-ref.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resource-ref.d.ts","sourceRoot":"","sources":["../../../src/resource/lib/resource-ref.ts"],"names":[],"mappings":"AAaA,eAAO,MAAM,mBAAmB,EAAG,UAAmB,CAAC;AAGvD,eAAO,MAAM,sBAAsB,EAAG,GAAY,CAAC;AAKnD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;CACrB;AAOD,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,GAAG,MAAM,CAiBnE;AAQD,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB,CAkB9D"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.RESOURCE_REF_DELIMITER = exports.RESOURCE_REF_PREFIX = void 0;
|
|
4
|
+
exports.composeResourceRef = composeResourceRef;
|
|
5
|
+
exports.parseResourceRef = parseResourceRef;
|
|
6
|
+
exports.RESOURCE_REF_PREFIX = 'resource';
|
|
7
|
+
exports.RESOURCE_REF_DELIMITER = ':';
|
|
8
|
+
function composeResourceRef(type, id) {
|
|
9
|
+
if (type.length === 0 || id.length === 0) {
|
|
10
|
+
throw new Error(`Invalid resource ref segments: "type" and "id" must both be non-empty (got type="${type}", id="${id}").`);
|
|
11
|
+
}
|
|
12
|
+
if (type.includes(exports.RESOURCE_REF_DELIMITER)) {
|
|
13
|
+
throw new Error(`Invalid resource type "${type}": must not contain the "${exports.RESOURCE_REF_DELIMITER}" delimiter.`);
|
|
14
|
+
}
|
|
15
|
+
if (id.includes(exports.RESOURCE_REF_DELIMITER)) {
|
|
16
|
+
throw new Error(`Invalid resource id "${id}": must not contain the "${exports.RESOURCE_REF_DELIMITER}" delimiter.`);
|
|
17
|
+
}
|
|
18
|
+
return `${exports.RESOURCE_REF_PREFIX}${exports.RESOURCE_REF_DELIMITER}${type}${exports.RESOURCE_REF_DELIMITER}${id}`;
|
|
19
|
+
}
|
|
20
|
+
function parseResourceRef(ref) {
|
|
21
|
+
const [prefix, type, id, ...rest] = ref.split(exports.RESOURCE_REF_DELIMITER);
|
|
22
|
+
if (rest.length > 0 || prefix === undefined || type === undefined || id === undefined) {
|
|
23
|
+
throw new Error(`Invalid resource ref "${ref}": expected exactly "${exports.RESOURCE_REF_PREFIX}:<type>:<id>".`);
|
|
24
|
+
}
|
|
25
|
+
if (prefix !== exports.RESOURCE_REF_PREFIX) {
|
|
26
|
+
throw new Error(`Invalid resource ref "${ref}": must start with the "${exports.RESOURCE_REF_PREFIX}" prefix.`);
|
|
27
|
+
}
|
|
28
|
+
if (type.length === 0 || id.length === 0) {
|
|
29
|
+
throw new Error(`Invalid resource ref "${ref}": "type" and "id" segments must both be non-empty.`);
|
|
30
|
+
}
|
|
31
|
+
return { type, id };
|
|
32
|
+
}
|
|
33
|
+
//# sourceMappingURL=resource-ref.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resource-ref.js","sourceRoot":"","sources":["../../../src/resource/lib/resource-ref.ts"],"names":[],"mappings":";;;AA+BA,gDAiBC;AAQD,4CAkBC;AA7DY,QAAA,mBAAmB,GAAG,UAAmB,CAAC;AAG1C,QAAA,sBAAsB,GAAG,GAAY,CAAC;AAenD,SAAgB,kBAAkB,CAAC,IAAY,EAAE,EAAU;IACzD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CACb,oFAAoF,IAAI,UAAU,EAAE,KAAK,CAC1G,CAAC;IACJ,CAAC;IACD,IAAI,IAAI,CAAC,QAAQ,CAAC,8BAAsB,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,0BAA0B,IAAI,4BAA4B,8BAAsB,cAAc,CAC/F,CAAC;IACJ,CAAC;IACD,IAAI,EAAE,CAAC,QAAQ,CAAC,8BAAsB,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CACb,wBAAwB,EAAE,4BAA4B,8BAAsB,cAAc,CAC3F,CAAC;IACJ,CAAC;IACD,OAAO,GAAG,2BAAmB,GAAG,8BAAsB,GAAG,IAAI,GAAG,8BAAsB,GAAG,EAAE,EAAE,CAAC;AAChG,CAAC;AAQD,SAAgB,gBAAgB,CAAC,GAAW;IAC1C,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,8BAAsB,CAAC,CAAC;IACtE,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,KAAK,SAAS,IAAI,IAAI,KAAK,SAAS,IAAI,EAAE,KAAK,SAAS,EAAE,CAAC;QACtF,MAAM,IAAI,KAAK,CACb,yBAAyB,GAAG,wBAAwB,2BAAmB,gBAAgB,CACxF,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,KAAK,2BAAmB,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CACb,yBAAyB,GAAG,2BAA2B,2BAAmB,WAAW,CACtF,CAAC;IACJ,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CACb,yBAAyB,GAAG,qDAAqD,CAClF,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;AACtB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@xemahq/kernel-contracts",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.18.0",
|
|
4
4
|
"description": "Consolidated Xema OS kernel wire contracts — pure types + zod schemas for the 32 kernel protocol surfaces. One package, one npm scope, wildcard per-surface subpath exports. No framework/runtime deps.",
|
|
5
5
|
"publishConfig": {
|
|
6
6
|
"registry": "https://registry.npmjs.org/",
|
|
@@ -122,6 +122,21 @@ export enum ContributionKind {
|
|
|
122
122
|
*/
|
|
123
123
|
Capability = 'capability',
|
|
124
124
|
|
|
125
|
+
// -- Phase 5: resource-ownership self-registration -----------------------
|
|
126
|
+
/**
|
|
127
|
+
* A resource-instance ownership/visibility declaration contributed by a
|
|
128
|
+
* biome — `resourceType` + `resourceId` + a `ResourceVisibilityPattern` +
|
|
129
|
+
* the owning subjects (and optional explicit shares). The kernel owns this
|
|
130
|
+
* enum member AND the manifest schema
|
|
131
|
+
* (`ResourceOwnershipContributionManifestSchema`, exported from
|
|
132
|
+
* `@xemahq/kernel-contracts/resource`), mirroring the `Capability` kind: a
|
|
133
|
+
* single value-identical wire shape both the contribution-file parser and
|
|
134
|
+
* the owning domain service validate fail-fast. Provenance is stamped by the
|
|
135
|
+
* parser from the discovering biome's manifest — authors do not declare it
|
|
136
|
+
* inline.
|
|
137
|
+
*/
|
|
138
|
+
ResourceOwnership = 'resource-ownership',
|
|
139
|
+
|
|
125
140
|
// -- Domain stage machines (MailOps asset lifecycle) ---------------------
|
|
126
141
|
/**
|
|
127
142
|
* A deterministic asset stage machine contributed by a domain biome to a
|
package/src/resource/index.ts
CHANGED
|
@@ -7,11 +7,16 @@
|
|
|
7
7
|
// the `XemaManifest` (`xema.yaml`) document, plus the server-side `Stack` state
|
|
8
8
|
// and the `ResourcePlan` diff vocabulary.
|
|
9
9
|
//
|
|
10
|
-
//
|
|
11
|
-
//
|
|
12
|
-
//
|
|
13
|
-
//
|
|
14
|
-
//
|
|
10
|
+
// Per-kind `spec` bodies are validated by the owning domain service (which
|
|
11
|
+
// holds the authoritative DTO), so the IaC surface drags no cross-subpath
|
|
12
|
+
// dependency into the kernel. The Terraform provider, the first-party
|
|
13
|
+
// `xema.yaml` apply, and the frontend all converge on these contracts.
|
|
14
|
+
//
|
|
15
|
+
// This subpath also carries the resource-OWNERSHIP contribution contract (the
|
|
16
|
+
// `ContributionKind.ResourceOwnership` manifest + visibility enum) and the
|
|
17
|
+
// `resource:<type>:<id>` ref grammar. The ownership manifest reuses the kernel
|
|
18
|
+
// `SubjectKind` taxonomy, so this surface declares exactly ONE cross-subpath
|
|
19
|
+
// edge (`resource -> subject`). Zero runtime deps beyond `zod`.
|
|
15
20
|
// ═══════════════════════════════════════════════════════════════════════════
|
|
16
21
|
|
|
17
22
|
export * from './lib/resource-kind';
|
|
@@ -20,3 +25,5 @@ export * from './lib/resource-declaration';
|
|
|
20
25
|
export * from './lib/xema-manifest';
|
|
21
26
|
export * from './lib/stack';
|
|
22
27
|
export * from './lib/plan';
|
|
28
|
+
export * from './lib/resource-ownership-contribution';
|
|
29
|
+
export * from './lib/resource-ref';
|
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
|
|
3
|
+
import { SubjectKind, SubjectKindSchema } from '../../subject';
|
|
4
|
+
|
|
5
|
+
/**
|
|
6
|
+
* Maximum length of the `resourceType` / `resourceId` identifier strings on a
|
|
7
|
+
* resource-ownership manifest. Bounded so describe/list responses stay small
|
|
8
|
+
* and persisted rows have a predictable upper size.
|
|
9
|
+
*/
|
|
10
|
+
const RESOURCE_IDENTIFIER_MAX = 200;
|
|
11
|
+
|
|
12
|
+
/**
|
|
13
|
+
* Hard cap on the number of owners / explicit shares carried by a single
|
|
14
|
+
* resource-ownership manifest. Keeps a contribution envelope bounded; a
|
|
15
|
+
* resource that genuinely needs more sharees is a design smell (use an
|
|
16
|
+
* org/project-shared visibility instead of enumerating principals).
|
|
17
|
+
*/
|
|
18
|
+
const RESOURCE_PRINCIPALS_MAX = 100;
|
|
19
|
+
|
|
20
|
+
/**
|
|
21
|
+
* `ResourceVisibilityPattern` — the closed set of ownership/visibility shapes a
|
|
22
|
+
* biome may declare for a resource instance it contributes (plan §6 Phase 5).
|
|
23
|
+
*
|
|
24
|
+
* Precedence is NOT encoded here — this enum only names HOW a resource is
|
|
25
|
+
* shared; the PDP in `authorization-api` derives the effective verdict from the
|
|
26
|
+
* declared pattern plus the invocation's subject/scope. A closed set so the
|
|
27
|
+
* OpenAPI/zod schema stays a stable enum (never a free-form string).
|
|
28
|
+
*/
|
|
29
|
+
export enum ResourceVisibilityPattern {
|
|
30
|
+
/** Visible only to the declared owner subject(s). */
|
|
31
|
+
OwnerOnly = 'owner-only',
|
|
32
|
+
/** Visible to every member of the owning organization. */
|
|
33
|
+
OrgShared = 'org-shared',
|
|
34
|
+
/** Visible to every member of the owning project. */
|
|
35
|
+
ProjectShared = 'project-shared',
|
|
36
|
+
/** Visible to every member of the owning space. */
|
|
37
|
+
SpaceShared = 'space-shared',
|
|
38
|
+
/** Visible only to the subjects enumerated in `explicitShares`. */
|
|
39
|
+
ExplicitShare = 'explicit-share',
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
export const ResourceVisibilityPatternSchema = z.nativeEnum(
|
|
43
|
+
ResourceVisibilityPattern,
|
|
44
|
+
);
|
|
45
|
+
|
|
46
|
+
/**
|
|
47
|
+
* `OwnerRef` — a pointer to a subject that owns (or is explicitly shared) a
|
|
48
|
+
* resource. Reuses the kernel `SubjectKind` taxonomy so a resource may be owned
|
|
49
|
+
* by a user, an agent, a service account, a group, etc. `ref` is the bare
|
|
50
|
+
* per-kind identifier (mirrors `SubjectRef.id`), NOT a `kind:id` composite.
|
|
51
|
+
*/
|
|
52
|
+
export interface OwnerRef {
|
|
53
|
+
readonly kind: SubjectKind;
|
|
54
|
+
readonly ref: string;
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
export const OwnerRefSchema: z.ZodType<OwnerRef> = z.object({
|
|
58
|
+
kind: SubjectKindSchema,
|
|
59
|
+
ref: z.string().min(1).max(RESOURCE_IDENTIFIER_MAX),
|
|
60
|
+
}) as z.ZodType<OwnerRef>;
|
|
61
|
+
|
|
62
|
+
/**
|
|
63
|
+
* `ExplicitShareRef` — one entry in a manifest's `explicitShares` list. Only
|
|
64
|
+
* meaningful when `visibility` is `ResourceVisibilityPattern.ExplicitShare`;
|
|
65
|
+
* it names a subject the resource is shared with (the same shape as
|
|
66
|
+
* `OwnerRef`, kept as its own type so a future per-share grant level can be
|
|
67
|
+
* added without churning every owner site).
|
|
68
|
+
*/
|
|
69
|
+
export interface ExplicitShareRef {
|
|
70
|
+
readonly kind: SubjectKind;
|
|
71
|
+
readonly ref: string;
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
export const ExplicitShareRefSchema: z.ZodType<ExplicitShareRef> = z.object({
|
|
75
|
+
kind: SubjectKindSchema,
|
|
76
|
+
ref: z.string().min(1).max(RESOURCE_IDENTIFIER_MAX),
|
|
77
|
+
}) as z.ZodType<ExplicitShareRef>;
|
|
78
|
+
|
|
79
|
+
/**
|
|
80
|
+
* Manifest shape carried by every `ContributionKind.ResourceOwnership`
|
|
81
|
+
* envelope (plan §6 Phase 5). One contribution = one resource instance's
|
|
82
|
+
* ownership/visibility declaration.
|
|
83
|
+
*
|
|
84
|
+
* Mirrors `CapabilityContributionManifest` precisely: a value-identical subset
|
|
85
|
+
* of the wire body the owning domain service accepts, validated fail-fast at
|
|
86
|
+
* biome-discovery time. Provenance (`biome.id`, `biome.version`) is NOT a field
|
|
87
|
+
* here — the `CapabilityParser`-equivalent stamps it from the discovering
|
|
88
|
+
* biome's `xema-biome.json`. Authors do not declare provenance inline.
|
|
89
|
+
*
|
|
90
|
+
* Validation is fail-fast: a contribution that violates any constraint is
|
|
91
|
+
* rejected at boot. No silent coercion.
|
|
92
|
+
*/
|
|
93
|
+
export interface ResourceOwnershipContributionManifest {
|
|
94
|
+
/** The resource type slug (e.g. `document`, `dataset`). ≤ 200 chars. */
|
|
95
|
+
readonly resourceType: string;
|
|
96
|
+
/** The resource instance id within `resourceType`. ≤ 200 chars. */
|
|
97
|
+
readonly resourceId: string;
|
|
98
|
+
/** How the resource is shared — see `ResourceVisibilityPattern`. */
|
|
99
|
+
readonly visibility: ResourceVisibilityPattern;
|
|
100
|
+
/** The owning subject(s). At least one; hard-capped at 100. */
|
|
101
|
+
readonly owners: readonly OwnerRef[];
|
|
102
|
+
/**
|
|
103
|
+
* Subjects the resource is explicitly shared with. Only meaningful when
|
|
104
|
+
* `visibility` is `ResourceVisibilityPattern.ExplicitShare`. Hard-capped at
|
|
105
|
+
* 100. Omitted (not `[]`) when no explicit shares apply.
|
|
106
|
+
*/
|
|
107
|
+
readonly explicitShares?: readonly ExplicitShareRef[];
|
|
108
|
+
}
|
|
109
|
+
|
|
110
|
+
/**
|
|
111
|
+
* Zod validator for `ResourceOwnershipContributionManifest`. The
|
|
112
|
+
* biome-discovery parser AND the owning domain service's wire DTO BOTH route
|
|
113
|
+
* every candidate envelope through this schema, so a malformed contribution
|
|
114
|
+
* fails at the boundary instead of at the wire (mirrors
|
|
115
|
+
* `CapabilityContributionManifestSchema`).
|
|
116
|
+
*/
|
|
117
|
+
export const ResourceOwnershipContributionManifestSchema: z.ZodType<ResourceOwnershipContributionManifest> =
|
|
118
|
+
z.object({
|
|
119
|
+
resourceType: z.string().min(1).max(RESOURCE_IDENTIFIER_MAX),
|
|
120
|
+
resourceId: z.string().min(1).max(RESOURCE_IDENTIFIER_MAX),
|
|
121
|
+
visibility: ResourceVisibilityPatternSchema,
|
|
122
|
+
owners: z.array(OwnerRefSchema).min(1).max(RESOURCE_PRINCIPALS_MAX),
|
|
123
|
+
explicitShares: z
|
|
124
|
+
.array(ExplicitShareRefSchema)
|
|
125
|
+
.max(RESOURCE_PRINCIPALS_MAX)
|
|
126
|
+
.optional(),
|
|
127
|
+
}) as z.ZodType<ResourceOwnershipContributionManifest>;
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Resource-instance ref grammar — the canonical composite string for a single
|
|
3
|
+
* resource instance: `resource:<type>:<id>`.
|
|
4
|
+
*
|
|
5
|
+
* Mirrors the subject-ref grammar (`subjectRefToString` / `parseSubjectRef`)
|
|
6
|
+
* but is FIXED-arity: exactly three colon-delimited segments. Because the id
|
|
7
|
+
* sits in the final segment AND we forbid the delimiter inside both `type` and
|
|
8
|
+
* `id`, the encoding is unambiguous and losslessly round-trips — no
|
|
9
|
+
* split-on-first-colon ambiguity. Fail-fast on any malformed input; never
|
|
10
|
+
* silently coerce.
|
|
11
|
+
*/
|
|
12
|
+
|
|
13
|
+
/** The fixed prefix every resource ref carries. */
|
|
14
|
+
export const RESOURCE_REF_PREFIX = 'resource' as const;
|
|
15
|
+
|
|
16
|
+
/** The segment delimiter. Forbidden inside `type` and `id`. */
|
|
17
|
+
export const RESOURCE_REF_DELIMITER = ':' as const;
|
|
18
|
+
|
|
19
|
+
/**
|
|
20
|
+
* Parsed form of a resource ref.
|
|
21
|
+
*/
|
|
22
|
+
export interface ResourceRefParts {
|
|
23
|
+
readonly type: string;
|
|
24
|
+
readonly id: string;
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
/**
|
|
28
|
+
* Compose `resource:<type>:<id>` from a type + id. Fail-fast if either segment
|
|
29
|
+
* is empty or contains the `:` delimiter (which would make the ref ambiguous /
|
|
30
|
+
* un-round-trippable). Never coerce — an invalid segment throws.
|
|
31
|
+
*/
|
|
32
|
+
export function composeResourceRef(type: string, id: string): string {
|
|
33
|
+
if (type.length === 0 || id.length === 0) {
|
|
34
|
+
throw new Error(
|
|
35
|
+
`Invalid resource ref segments: "type" and "id" must both be non-empty (got type="${type}", id="${id}").`,
|
|
36
|
+
);
|
|
37
|
+
}
|
|
38
|
+
if (type.includes(RESOURCE_REF_DELIMITER)) {
|
|
39
|
+
throw new Error(
|
|
40
|
+
`Invalid resource type "${type}": must not contain the "${RESOURCE_REF_DELIMITER}" delimiter.`,
|
|
41
|
+
);
|
|
42
|
+
}
|
|
43
|
+
if (id.includes(RESOURCE_REF_DELIMITER)) {
|
|
44
|
+
throw new Error(
|
|
45
|
+
`Invalid resource id "${id}": must not contain the "${RESOURCE_REF_DELIMITER}" delimiter.`,
|
|
46
|
+
);
|
|
47
|
+
}
|
|
48
|
+
return `${RESOURCE_REF_PREFIX}${RESOURCE_REF_DELIMITER}${type}${RESOURCE_REF_DELIMITER}${id}`;
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
/**
|
|
52
|
+
* Parse `resource:<type>:<id>` back into its parts. Fail-fast on a wrong
|
|
53
|
+
* prefix, wrong arity, or an empty segment. The inverse of
|
|
54
|
+
* `composeResourceRef` — any string that `composeResourceRef` produced parses
|
|
55
|
+
* back to the identical `{ type, id }`.
|
|
56
|
+
*/
|
|
57
|
+
export function parseResourceRef(ref: string): ResourceRefParts {
|
|
58
|
+
const [prefix, type, id, ...rest] = ref.split(RESOURCE_REF_DELIMITER);
|
|
59
|
+
if (rest.length > 0 || prefix === undefined || type === undefined || id === undefined) {
|
|
60
|
+
throw new Error(
|
|
61
|
+
`Invalid resource ref "${ref}": expected exactly "${RESOURCE_REF_PREFIX}:<type>:<id>".`,
|
|
62
|
+
);
|
|
63
|
+
}
|
|
64
|
+
if (prefix !== RESOURCE_REF_PREFIX) {
|
|
65
|
+
throw new Error(
|
|
66
|
+
`Invalid resource ref "${ref}": must start with the "${RESOURCE_REF_PREFIX}" prefix.`,
|
|
67
|
+
);
|
|
68
|
+
}
|
|
69
|
+
if (type.length === 0 || id.length === 0) {
|
|
70
|
+
throw new Error(
|
|
71
|
+
`Invalid resource ref "${ref}": "type" and "id" segments must both be non-empty.`,
|
|
72
|
+
);
|
|
73
|
+
}
|
|
74
|
+
return { type, id };
|
|
75
|
+
}
|