cedar-mcp-server 1.0.0

package/dist/tools/link-template.js

@@ -0,0 +1,78 @@
+import { templateToJson, policyToText, policyToJson, validate } from "@cedar-policy/cedar-wasm/nodejs";
+function parseEntityRef(ref) {
+    // Expects: "Namespace::Type::\"id\"" or "Type::\"id\""
+    const match = ref.match(/^(.+)::"(.+)"$/);
+    if (!match)
+        return null;
+    return { type: match[1], id: match[2] };
+}
+export async function handleLinkTemplate(input) {
+    // Parse the template
+    const parseResult = templateToJson(input.template);
+    if (parseResult.type === "failure") {
+        const msg = parseResult.errors.map(e => e.message).join("; ");
+        return { slots_bound: {}, error: `Failed to parse template: ${msg}` };
+    }
+    const json = parseResult.json;
+    // Determine which slots are present
+    const principalSlot = json.principal?.slot === "?principal";
+    const resourceSlot = json.resource?.slot === "?resource";
+    const slots_bound = {};
+    // Validate that required slots are provided
+    if (principalSlot && !input.principal) {
+        return { slots_bound: {}, error: "Template has a ?principal slot but no principal value was provided." };
+    }
+    if (resourceSlot && !input.resource) {
+        return { slots_bound: {}, error: "Template has a ?resource slot but no resource value was provided." };
+    }
+    // Parse and substitute slots
+    const linked = { ...json };
+    if (principalSlot && input.principal) {
+        const entity = parseEntityRef(input.principal);
+        if (!entity) {
+            return { slots_bound: {}, error: `Invalid principal entity reference format: "${input.principal}". Expected format: Namespace::Type::"id"` };
+        }
+        linked.principal = { op: "==", entity };
+        slots_bound["?principal"] = input.principal;
+    }
+    if (resourceSlot && input.resource) {
+        const entity = parseEntityRef(input.resource);
+        if (!entity) {
+            return { slots_bound: {}, error: `Invalid resource entity reference format: "${input.resource}". Expected format: Namespace::Type::"id"` };
+        }
+        linked.resource = { op: "==", entity };
+        slots_bound["?resource"] = input.resource;
+    }
+    // Convert linked JSON to Cedar text
+    const textResult = policyToText(linked);
+    if (textResult.type === "failure") {
+        const msg = textResult.errors.map(e => e.message).join("; ");
+        return { slots_bound, error: `Failed to render linked policy: ${msg}` };
+    }
+    const linked_policy = textResult.text;
+    // Optionally validate the linked policy (now a regular policy, not a template) against schema
+    if (input.schema) {
+        const parsed = policyToJson(linked_policy);
+        if (parsed.type === "failure") {
+            return { linked_policy, slots_bound, valid: false, errors: parsed.errors.map(e => ({ message: e.message })) };
+        }
+        let validateResult;
+        try {
+            validateResult = validate({ schema: input.schema, policies: { staticPolicies: { p0: parsed.json }, templates: {} } });
+        }
+        catch (e) {
+            return { linked_policy, slots_bound, valid: false, errors: [{ message: e instanceof Error ? e.message : String(e) }] };
+        }
+        if (validateResult.type === "failure") {
+            return { linked_policy, slots_bound, valid: false, errors: validateResult.errors.map(e => ({ message: e.message })) };
+        }
+        return {
+            linked_policy,
+            slots_bound,
+            valid: validateResult.validationErrors.length === 0,
+            errors: validateResult.validationErrors.map(e => ({ message: e.error.message })),
+        };
+    }
+    return { linked_policy, slots_bound };
+}
+//# sourceMappingURL=link-template.js.map

package/dist/tools/link-template.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"link-template.js","sourceRoot":"","sources":["../../src/tools/link-template.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAuBvG,SAAS,cAAc,CAAC,GAAW;IACjC,uDAAuD;IACvD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAC1C,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAE,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC,CAAE,EAAE,CAAC;AAC5C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,KAAwB;IAC/D,qBAAqB;IACrB,MAAM,WAAW,GAAG,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACnD,IAAI,WAAW,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,GAAG,GAAG,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9D,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,KAAK,EAAE,6BAA6B,GAAG,EAAE,EAAE,CAAC;IACxE,CAAC;IAED,MAAM,IAAI,GAAG,WAAW,CAAC,IAA0C,CAAC;IAEpE,oCAAoC;IACpC,MAAM,aAAa,GAAI,IAAI,CAAC,SAAqC,EAAE,IAAI,KAAK,YAAY,CAAC;IACzF,MAAM,YAAY,GAAI,IAAI,CAAC,QAAoC,EAAE,IAAI,KAAK,WAAW,CAAC;IAEtF,MAAM,WAAW,GAA2B,EAAE,CAAC;IAE/C,4CAA4C;IAC5C,IAAI,aAAa,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;QACtC,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,KAAK,EAAE,qEAAqE,EAAE,CAAC;IAC3G,CAAC;IACD,IAAI,YAAY,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;QACpC,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,KAAK,EAAE,mEAAmE,EAAE,CAAC;IACzG,CAAC;IAED,6BAA6B;IAC7B,MAAM,MAAM,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;IAE3B,IAAI,aAAa,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC/C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,KAAK,EAAE,+CAA+C,KAAK,CAAC,SAAS,2CAA2C,EAAE,CAAC;QAC/I,CAAC;QACD,MAAM,CAAC,SAAS,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QACxC,WAAW,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,SAAS,CAAC;IAC9C,CAAC;IAED,IAAI,YAAY,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC9C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,KAAK,EAAE,8CAA8C,KAAK,CAAC,QAAQ,2CAA2C,EAAE,CAAC;QAC7I,CAAC;QACD,MAAM,CAAC,QAAQ,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QACvC,WAAW,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC;IAC5C,CAAC;IAED,oCAAoC;IACpC,MAAM,UAAU,GAAG,YAAY,CAAC,MAA+B,CAAC,CAAC;IACjE,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAClC,MAAM,GAAG,GAAI,UAAU,CAAC,MAA0B,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClF,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,mCAAmC,GAAG,EAAE,EAAE,CAAC;IAC1E,CAAC;IAED,MAAM,aAAa,GAAG,UAAU,CAAC,IAAI,CAAC;IAEtC,8FAA8F;IAC9F,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjB,MAAM,MAAM,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;QAC3C,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC9B,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,CAAC;QAChH,CAAC;QACD,IAAI,cAA2C,CAAC;QAChD,IAAI,CAAC;YACH,cAAc,GAAG,QAAQ,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QACxH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QACzH,CAAC;QACD,IAAI,cAAc,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACtC,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,CAAC;QACxH,CAAC;QACD,OAAO;YACL,aAAa;YACb,WAAW;YACX,KAAK,EAAE,cAAc,CAAC,gBAAgB,CAAC,MAAM,KAAK,CAAC;YACnD,MAAM,EAAE,cAAc,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;SACjF,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC;AACxC,CAAC"}

package/dist/tools/list-template-links.d.ts

@@ -0,0 +1,16 @@
+import { StoreManager } from "../resources/store-manager.js";
+export interface ListTemplateLinksInput {
+    store: string;
+}
+export interface TemplateLinkEntry {
+    id: string;
+    template_id: string;
+    slot_values: Record<string, string>;
+}
+export interface ListTemplateLinksResult {
+    store: string;
+    links: TemplateLinkEntry[];
+    error?: string;
+}
+export declare function handleListTemplateLinks(input: ListTemplateLinksInput, manager?: StoreManager): Promise<ListTemplateLinksResult>;
+//# sourceMappingURL=list-template-links.d.ts.map

package/dist/tools/list-template-links.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"list-template-links.d.ts","sourceRoot":"","sources":["../../src/tools/list-template-links.ts"],"names":[],"mappings":"AAAA,OAAO,EAAgB,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAE3E,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,uBAAuB;IACtC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,iBAAiB,EAAE,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,sBAAsB,EAC7B,OAAO,GAAE,YAA2B,GACnC,OAAO,CAAC,uBAAuB,CAAC,CAmBlC"}

package/dist/tools/list-template-links.js

@@ -0,0 +1,22 @@
+import { storeManager } from "../resources/store-manager.js";
+export async function handleListTemplateLinks(input, manager = storeManager) {
+    let ids;
+    try {
+        ids = manager.listTemplateLinks(input.store);
+    }
+    catch (e) {
+        return { store: input.store, links: [], error: e instanceof Error ? e.message : String(e) };
+    }
+    const links = [];
+    for (const id of ids) {
+        try {
+            const data = manager.readTemplateLink(input.store, id);
+            links.push({ id, template_id: data.template_id, slot_values: data.slot_values });
+        }
+        catch (e) {
+            return { store: input.store, links, error: `Failed to read link "${id}": ${e instanceof Error ? e.message : String(e)}` };
+        }
+    }
+    return { store: input.store, links };
+}
+//# sourceMappingURL=list-template-links.js.map

package/dist/tools/list-template-links.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"list-template-links.js","sourceRoot":"","sources":["../../src/tools/list-template-links.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAgB,MAAM,+BAA+B,CAAC;AAkB3E,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,KAA6B,EAC7B,UAAwB,YAAY;IAEpC,IAAI,GAAa,CAAC;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/C,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;IAC9F,CAAC;IAED,MAAM,KAAK,GAAwB,EAAE,CAAC;IACtC,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;QACrB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,OAAO,CAAC,gBAAgB,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACvD,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;QACnF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,wBAAwB,EAAE,MAAM,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QAC5H,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC;AACvC,CAAC"}

package/dist/tools/list-templates.d.ts

@@ -0,0 +1,16 @@
+import { StoreManager } from "../resources/store-manager.js";
+export interface ListTemplatesInput {
+    store: string;
+}
+export interface TemplateEntry {
+    id: string;
+    content: string;
+    slots: string[];
+}
+export interface ListTemplatesResult {
+    store: string;
+    templates: TemplateEntry[];
+    error?: string;
+}
+export declare function handleListTemplates(input: ListTemplatesInput, manager?: StoreManager): Promise<ListTemplatesResult>;
+//# sourceMappingURL=list-templates.d.ts.map

package/dist/tools/list-templates.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"list-templates.d.ts","sourceRoot":"","sources":["../../src/tools/list-templates.ts"],"names":[],"mappings":"AAEA,OAAO,EAAgB,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAE3E,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,aAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAWD,wBAAsB,mBAAmB,CACvC,KAAK,EAAE,kBAAkB,EACzB,OAAO,GAAE,YAA2B,GACnC,OAAO,CAAC,mBAAmB,CAAC,CAsB9B"}

package/dist/tools/list-templates.js

@@ -0,0 +1,36 @@
+import { templateToJson } from "@cedar-policy/cedar-wasm/nodejs";
+import { storeManager } from "../resources/store-manager.js";
+function detectSlots(json) {
+    const slots = [];
+    const p = json.principal;
+    const r = json.resource;
+    if (p?.slot === "?principal")
+        slots.push("?principal");
+    if (r?.slot === "?resource")
+        slots.push("?resource");
+    return slots;
+}
+export async function handleListTemplates(input, manager = storeManager) {
+    let ids;
+    try {
+        ids = manager.listTemplates(input.store);
+    }
+    catch (e) {
+        return { store: input.store, templates: [], error: e instanceof Error ? e.message : String(e) };
+    }
+    const templates = [];
+    for (const id of ids) {
+        let content;
+        try {
+            content = manager.readTemplate(input.store, id);
+        }
+        catch (e) {
+            return { store: input.store, templates, error: `Failed to read template "${id}": ${e instanceof Error ? e.message : String(e)}` };
+        }
+        const parsed = templateToJson(content);
+        const slots = parsed.type === "success" ? detectSlots(parsed.json) : [];
+        templates.push({ id, content, slots });
+    }
+    return { store: input.store, templates };
+}
+//# sourceMappingURL=list-templates.js.map

package/dist/tools/list-templates.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"list-templates.js","sourceRoot":"","sources":["../../src/tools/list-templates.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AAEjE,OAAO,EAAE,YAAY,EAAgB,MAAM,+BAA+B,CAAC;AAkB3E,SAAS,WAAW,CAAC,IAAgB;IACnC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,CAAC,GAAG,IAAI,CAAC,SAAoC,CAAC;IACpD,MAAM,CAAC,GAAG,IAAI,CAAC,QAAmC,CAAC;IACnD,IAAI,CAAC,EAAE,IAAI,KAAK,YAAY;QAAE,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACvD,IAAI,CAAC,EAAE,IAAI,KAAK,WAAW;QAAE,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACrD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,KAAyB,EACzB,UAAwB,YAAY;IAEpC,IAAI,GAAa,CAAC;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,OAAO,CAAC,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;IAClG,CAAC;IAED,MAAM,SAAS,GAAoB,EAAE,CAAC;IACtC,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;QACrB,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,4BAA4B,EAAE,MAAM,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QACpI,CAAC;QACD,MAAM,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,IAAkB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACtF,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC;AAC3C,CAAC"}

package/dist/tools/translate.d.ts

@@ -0,0 +1,11 @@
+export interface TranslateInput {
+    input: string;
+    type: "policy" | "schema";
+    direction: "to_json" | "to_cedar";
+}
+export interface TranslateResult {
+    output: string | null;
+    error: string | null;
+}
+export declare function handleTranslate(input: TranslateInput): Promise<TranslateResult>;
+//# sourceMappingURL=translate.d.ts.map

package/dist/tools/translate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"translate.d.ts","sourceRoot":"","sources":["../../src/tools/translate.ts"],"names":[],"mappings":"AAQA,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,QAAQ,GAAG,QAAQ,CAAC;IAC1B,SAAS,EAAE,SAAS,GAAG,UAAU,CAAC;CACnC;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAUD,wBAAsB,eAAe,CAAC,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,CAAC,CAsCrF"}

package/dist/tools/translate.js

@@ -0,0 +1,53 @@
+import { policyToJson, policyToText, schemaToJson, schemaToText, } from "@cedar-policy/cedar-wasm/nodejs";
+function parseSchemaInput(input) {
+    try {
+        return JSON.parse(input);
+    }
+    catch {
+        return input;
+    }
+}
+export async function handleTranslate(input) {
+    // per spike-report-wasm-api.md §5-6: function names are policyToJson/policyToText/schemaToJson/schemaToText,
+    // not translate_policy/translate_schema as the design doc assumed
+    if (input.type === "policy") {
+        if (input.direction === "to_json") {
+            const answer = policyToJson(input.input);
+            if (answer.type === "failure") {
+                return { output: null, error: answer.errors.map((e) => e.message).join("; ") };
+            }
+            return { output: JSON.stringify(answer.json, null, 2), error: null };
+        }
+        else {
+            let parsed;
+            try {
+                parsed = JSON.parse(input.input);
+            }
+            catch {
+                return { output: null, error: "Input must be a valid JSON policy object for to_cedar direction" };
+            }
+            const answer = policyToText(parsed);
+            if (answer.type === "failure") {
+                return { output: null, error: answer.errors.map((e) => e.message).join("; ") };
+            }
+            return { output: answer.text, error: null };
+        }
+    }
+    else {
+        if (input.direction === "to_json") {
+            const answer = schemaToJson(parseSchemaInput(input.input));
+            if (answer.type === "failure") {
+                return { output: null, error: answer.errors.map((e) => e.message).join("; ") };
+            }
+            return { output: JSON.stringify(answer.json, null, 2), error: null };
+        }
+        else {
+            const answer = schemaToText(parseSchemaInput(input.input));
+            if (answer.type === "failure") {
+                return { output: null, error: answer.errors.map((e) => e.message).join("; ") };
+            }
+            return { output: answer.text, error: null };
+        }
+    }
+}
+//# sourceMappingURL=translate.js.map

package/dist/tools/translate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"translate.js","sourceRoot":"","sources":["../../src/tools/translate.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,YAAY,EACZ,YAAY,GACb,MAAM,iCAAiC,CAAC;AAczC,SAAS,gBAAgB,CAAC,KAAa;IACrC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,KAAqB;IACzD,6GAA6G;IAC7G,kEAAkE;IAClE,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC5B,IAAI,KAAK,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YAClC,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACzC,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC9B,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACjF,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACvE,CAAC;aAAM,CAAC;YACN,IAAI,MAAe,CAAC;YACpB,IAAI,CAAC;gBACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACnC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,iEAAiE,EAAE,CAAC;YACpG,CAAC;YACD,MAAM,MAAM,GAAG,YAAY,CAAC,MAA4C,CAAC,CAAC;YAC1E,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC9B,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACjF,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAC9C,CAAC;IACH,CAAC;SAAM,CAAC;QACN,IAAI,KAAK,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YAClC,MAAM,MAAM,GAAG,YAAY,CAAC,gBAAgB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;YAC3D,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC9B,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACjF,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACvE,CAAC;aAAM,CAAC;YACN,MAAM,MAAM,GAAG,YAAY,CAAC,gBAAgB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;YAC3D,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC9B,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACjF,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAC9C,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/tools/validate-entities.d.ts

@@ -0,0 +1,19 @@
+export interface ValidateEntitiesInput {
+    entities: string;
+    schema?: string;
+}
+export type EntityErrorKind = "unknown_type" | "missing_required_attribute" | "type_mismatch" | "unknown_attribute" | "disallowed_parent_type" | "parse_error" | "other";
+export interface EntityError {
+    entity_uid: string;
+    error_kind: EntityErrorKind;
+    message: string;
+    attribute?: string;
+}
+export interface ValidateEntitiesResult {
+    valid: boolean;
+    entity_count: number;
+    errors: EntityError[];
+}
+export declare function classifyError(message: string): EntityError;
+export declare function handleValidateEntities(input: ValidateEntitiesInput): Promise<ValidateEntitiesResult>;
+//# sourceMappingURL=validate-entities.d.ts.map

package/dist/tools/validate-entities.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate-entities.d.ts","sourceRoot":"","sources":["../../src/tools/validate-entities.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,qBAAqB;IACpC,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,MAAM,eAAe,GACvB,cAAc,GACd,4BAA4B,GAC5B,eAAe,GACf,mBAAmB,GACnB,wBAAwB,GACxB,aAAa,GACb,OAAO,CAAC;AAEZ,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,eAAe,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,OAAO,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,WAAW,EAAE,CAAC;CACvB;AAkBD,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,CA6B1D;AAED,wBAAsB,sBAAsB,CAC1C,KAAK,EAAE,qBAAqB,GAC3B,OAAO,CAAC,sBAAsB,CAAC,CA6CjC"}

package/dist/tools/validate-entities.js

@@ -0,0 +1,88 @@
+import { checkParseEntities } from "@cedar-policy/cedar-wasm/nodejs";
+function parseSchema(schemaStr) {
+    if (!schemaStr)
+        return undefined;
+    try {
+        return JSON.parse(schemaStr);
+    }
+    catch {
+        return schemaStr;
+    }
+}
+// Each regex captures: 1) entity_uid (everything between backticks), 2) attribute name when present.
+const RE_TYPE_MISMATCH = /in attribute `([^`]+)` on `([^`]+)`, type mismatch/;
+const RE_MISSING_REQUIRED = /expected entity `([^`]+)` to have attribute `([^`]+)`, but it does not/;
+const RE_UNKNOWN_TYPE = /entity `([^`]+)` has type `[^`]+` which is not declared in the schema/;
+const RE_UNKNOWN_ATTR = /attribute `([^`]+)` on `([^`]+)` should not exist according to the schema/;
+const RE_DISALLOWED_PARENT = /`([^`]+)` is not allowed to have an ancestor of type `[^`]+` according to the schema/;
+export function classifyError(message) {
+    let m;
+    if ((m = message.match(RE_TYPE_MISMATCH))) {
+        return { entity_uid: m[2], error_kind: "type_mismatch", attribute: m[1], message };
+    }
+    if ((m = message.match(RE_MISSING_REQUIRED))) {
+        return {
+            entity_uid: m[1],
+            error_kind: "missing_required_attribute",
+            attribute: m[2],
+            message,
+        };
+    }
+    if ((m = message.match(RE_UNKNOWN_TYPE))) {
+        return { entity_uid: m[1], error_kind: "unknown_type", message };
+    }
+    if ((m = message.match(RE_UNKNOWN_ATTR))) {
+        return { entity_uid: m[2], error_kind: "unknown_attribute", attribute: m[1], message };
+    }
+    if ((m = message.match(RE_DISALLOWED_PARENT))) {
+        return { entity_uid: m[1], error_kind: "disallowed_parent_type", message };
+    }
+    return {
+        entity_uid: "",
+        error_kind: "other",
+        message: `[unrecognized error pattern; the regex classifier did not match this message, so error_kind defaulted to "other"] ${message}`,
+    };
+}
+export async function handleValidateEntities(input) {
+    // 1. Parse entities JSON
+    let entities;
+    try {
+        entities = JSON.parse(input.entities);
+    }
+    catch (e) {
+        return {
+            valid: false,
+            entity_count: 0,
+            errors: [
+                {
+                    entity_uid: "",
+                    error_kind: "parse_error",
+                    message: `Entities JSON failed to parse: ${e instanceof Error ? e.message : String(e)}`,
+                },
+            ],
+        };
+    }
+    if (!Array.isArray(entities)) {
+        return {
+            valid: false,
+            entity_count: 0,
+            errors: [
+                {
+                    entity_uid: "",
+                    error_kind: "parse_error",
+                    message: "Entities must be a JSON array of entity objects",
+                },
+            ],
+        };
+    }
+    const entity_count = entities.length;
+    const schema = parseSchema(input.schema);
+    const call = schema ? { entities: entities, schema } : { entities: entities };
+    const answer = checkParseEntities(call);
+    if (answer.type === "success") {
+        return { valid: true, entity_count, errors: [] };
+    }
+    const errors = answer.errors.map((e) => classifyError(e.message));
+    return { valid: false, entity_count, errors };
+}
+//# sourceMappingURL=validate-entities.js.map

package/dist/tools/validate-entities.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate-entities.js","sourceRoot":"","sources":["../../src/tools/validate-entities.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AA8BrE,SAAS,WAAW,CAAC,SAA6B;IAChD,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IACjC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,qGAAqG;AACrG,MAAM,gBAAgB,GAAG,oDAAoD,CAAC;AAC9E,MAAM,mBAAmB,GAAG,wEAAwE,CAAC;AACrG,MAAM,eAAe,GAAG,uEAAuE,CAAC;AAChG,MAAM,eAAe,GAAG,2EAA2E,CAAC;AACpG,MAAM,oBAAoB,GAAG,sFAAsF,CAAC;AAEpH,MAAM,UAAU,aAAa,CAAC,OAAe;IAC3C,IAAI,CAA0B,CAAC;IAE/B,IAAI,CAAC,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC;QAC1C,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,eAAe,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC;IACrF,CAAC;IACD,IAAI,CAAC,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,EAAE,CAAC;QAC7C,OAAO;YACL,UAAU,EAAE,CAAC,CAAC,CAAC,CAAC;YAChB,UAAU,EAAE,4BAA4B;YACxC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC;YACf,OAAO;SACR,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC;QACzC,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC;IACnE,CAAC;IACD,IAAI,CAAC,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC;QACzC,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,mBAAmB,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC;IACzF,CAAC;IACD,IAAI,CAAC,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,EAAE,CAAC;QAC9C,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,wBAAwB,EAAE,OAAO,EAAE,CAAC;IAC7E,CAAC;IAED,OAAO;QACL,UAAU,EAAE,EAAE;QACd,UAAU,EAAE,OAAO;QACnB,OAAO,EAAE,qHAAqH,OAAO,EAAE;KACxI,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,KAA4B;IAE5B,yBAAyB;IACzB,IAAI,QAAiB,CAAC;IACtB,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACxC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,YAAY,EAAE,CAAC;YACf,MAAM,EAAE;gBACN;oBACE,UAAU,EAAE,EAAE;oBACd,UAAU,EAAE,aAAa;oBACzB,OAAO,EAAE,kCAAkC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;iBACxF;aACF;SACF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,YAAY,EAAE,CAAC;YACf,MAAM,EAAE;gBACN;oBACE,UAAU,EAAE,EAAE;oBACd,UAAU,EAAE,aAAa;oBACzB,OAAO,EAAE,iDAAiD;iBAC3D;aACF;SACF,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC;IACrC,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEzC,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,QAAoB,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,QAAoB,EAAE,CAAC;IACtG,MAAM,MAAM,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAExC,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC9B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IACnD,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAClE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC;AAChD,CAAC"}

package/dist/tools/validate-schema.d.ts

@@ -0,0 +1,22 @@
+export interface ValidateSchemaInput {
+    schema: string;
+}
+export interface SchemaParseError {
+    message: string;
+    source_location?: {
+        start: number;
+        end: number;
+        label?: string | null;
+    };
+}
+export interface ValidateSchemaResult {
+    valid: boolean;
+    format: "json" | "cedarschema";
+    namespaces: string[];
+    entity_type_count: number;
+    action_count: number;
+    common_type_count: number;
+    errors: SchemaParseError[];
+}
+export declare function handleValidateSchema(input: ValidateSchemaInput): Promise<ValidateSchemaResult>;
+//# sourceMappingURL=validate-schema.d.ts.map

package/dist/tools/validate-schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate-schema.d.ts","sourceRoot":"","sources":["../../src/tools/validate-schema.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC;CACzE;AAED,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,GAAG,aAAa,CAAC;IAC/B,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,MAAM,EAAE,gBAAgB,EAAE,CAAC;CAC5B;AA2CD,wBAAsB,oBAAoB,CACxC,KAAK,EAAE,mBAAmB,GACzB,OAAO,CAAC,oBAAoB,CAAC,CA8D/B"}

package/dist/tools/validate-schema.js

@@ -0,0 +1,89 @@
+import { checkParseSchema } from "@cedar-policy/cedar-wasm/nodejs";
+function parseSchemaInput(schemaStr) {
+    try {
+        return { schema: JSON.parse(schemaStr), format: "json" };
+    }
+    catch {
+        return { schema: schemaStr, format: "cedarschema" };
+    }
+}
+function summarizeJsonSchema(json) {
+    const empty = { namespaces: [], entity_type_count: 0, action_count: 0, common_type_count: 0 };
+    if (!json || typeof json !== "object")
+        return empty;
+    const shape = json;
+    const namespaces = Object.keys(shape);
+    let entity_type_count = 0;
+    let action_count = 0;
+    let common_type_count = 0;
+    for (const ns of namespaces) {
+        const block = shape[ns];
+        if (block.entityTypes)
+            entity_type_count += Object.keys(block.entityTypes).length;
+        if (block.actions)
+            action_count += Object.keys(block.actions).length;
+        if (block.commonTypes)
+            common_type_count += Object.keys(block.commonTypes).length;
+    }
+    return { namespaces, entity_type_count, action_count, common_type_count };
+}
+export async function handleValidateSchema(input) {
+    if (!input.schema || input.schema.trim() === "") {
+        return {
+            valid: false,
+            format: "cedarschema",
+            namespaces: [],
+            entity_type_count: 0,
+            action_count: 0,
+            common_type_count: 0,
+            errors: [{ message: "Schema input is empty" }],
+        };
+    }
+    const { schema, format } = parseSchemaInput(input.schema);
+    const answer = checkParseSchema(schema);
+    if (answer.type === "failure") {
+        return {
+            valid: false,
+            format,
+            namespaces: [],
+            entity_type_count: 0,
+            action_count: 0,
+            common_type_count: 0,
+            errors: answer.errors.map((e) => ({
+                message: e.message,
+                ...(e.sourceLocations && e.sourceLocations.length > 0
+                    ? { source_location: { start: e.sourceLocations[0].start, end: e.sourceLocations[0].end, label: e.sourceLocations[0].label } }
+                    : {}),
+            })),
+        };
+    }
+    if (format === "json") {
+        const summary = summarizeJsonSchema(schema);
+        return { valid: true, format, ...summary, errors: [] };
+    }
+    // For cedarschema text, derive summary by translating to JSON form.
+    // schemaToJsonWithResolvedTypes only accepts string input (per spike-report §"Schema standalone ops spike").
+    if (typeof schema === "string") {
+        try {
+            const { schemaToJsonWithResolvedTypes } = await import("@cedar-policy/cedar-wasm/nodejs");
+            const jsonAnswer = schemaToJsonWithResolvedTypes(schema);
+            if (jsonAnswer.type === "success") {
+                const summary = summarizeJsonSchema(jsonAnswer.json);
+                return { valid: true, format, ...summary, errors: [] };
+            }
+        }
+        catch {
+            // fall through to summary-less success
+        }
+    }
+    return {
+        valid: true,
+        format,
+        namespaces: [],
+        entity_type_count: 0,
+        action_count: 0,
+        common_type_count: 0,
+        errors: [],
+    };
+}
+//# sourceMappingURL=validate-schema.js.map

package/dist/tools/validate-schema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate-schema.js","sourceRoot":"","sources":["../../src/tools/validate-schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AAsBnE,SAAS,gBAAgB,CAAC,SAAiB;IACzC,IAAI,CAAC;QACH,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;IACtD,CAAC;AACH,CAAC;AAUD,SAAS,mBAAmB,CAAC,IAAa;IAMxC,MAAM,KAAK,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,iBAAiB,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,iBAAiB,EAAE,CAAC,EAAE,CAAC;IAC9F,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACpD,MAAM,KAAK,GAAG,IAAuB,CAAC;IAEtC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtC,IAAI,iBAAiB,GAAG,CAAC,CAAC;IAC1B,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,iBAAiB,GAAG,CAAC,CAAC;IAE1B,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC;QACxB,IAAI,KAAK,CAAC,WAAW;YAAE,iBAAiB,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC;QAClF,IAAI,KAAK,CAAC,OAAO;YAAE,YAAY,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;QACrE,IAAI,KAAK,CAAC,WAAW;YAAE,iBAAiB,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC;IACpF,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,YAAY,EAAE,iBAAiB,EAAE,CAAC;AAC5E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,KAA0B;IAE1B,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAChD,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,aAAa;YACrB,UAAU,EAAE,EAAE;YACd,iBAAiB,EAAE,CAAC;YACpB,YAAY,EAAE,CAAC;YACf,iBAAiB,EAAE,CAAC;YACpB,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC;SAC/C,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,gBAAgB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC1D,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAExC,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC9B,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM;YACN,UAAU,EAAE,EAAE;YACd,iBAAiB,EAAE,CAAC;YACpB,YAAY,EAAE,CAAC;YACf,iBAAiB,EAAE,CAAC;YACpB,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAChC,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,GAAG,CAAC,CAAC,CAAC,eAAe,IAAI,CAAC,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC;oBACnD,CAAC,CAAC,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE;oBAC9H,CAAC,CAAC,EAAE,CAAC;aACR,CAAC,CAAC;SACJ,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,MAAM,OAAO,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC5C,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IACzD,CAAC;IAED,oEAAoE;IACpE,6GAA6G;IAC7G,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,IAAI,CAAC;YACH,MAAM,EAAE,6BAA6B,EAAE,GAAG,MAAM,MAAM,CAAC,iCAAiC,CAAC,CAAC;YAC1F,MAAM,UAAU,GAAG,6BAA6B,CAAC,MAAM,CAAC,CAAC;YACzD,IAAI,UAAU,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAClC,MAAM,OAAO,GAAG,mBAAmB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;gBACrD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;YACzD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,uCAAuC;QACzC,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK,EAAE,IAAI;QACX,MAAM;QACN,UAAU,EAAE,EAAE;QACd,iBAAiB,EAAE,CAAC;QACpB,YAAY,EAAE,CAAC;QACf,iBAAiB,EAAE,CAAC;QACpB,MAAM,EAAE,EAAE;KACX,CAAC;AACJ,CAAC"}

package/dist/tools/validate-template.d.ts

@@ -0,0 +1,18 @@
+export interface ValidateTemplateInput {
+    template: string;
+    schema: string;
+}
+export interface ValidateTemplateResult {
+    valid: boolean;
+    errors: Array<{
+        message: string;
+        help?: string;
+    }>;
+    warnings: Array<{
+        message: string;
+    }>;
+    slots_detected: string[];
+    error?: string;
+}
+export declare function handleValidateTemplate(input: ValidateTemplateInput): Promise<ValidateTemplateResult>;
+//# sourceMappingURL=validate-template.d.ts.map

package/dist/tools/validate-template.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate-template.d.ts","sourceRoot":"","sources":["../../src/tools/validate-template.ts"],"names":[],"mappings":"AAOA,MAAM,WAAW,qBAAqB;IACpC,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAClD,QAAQ,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrC,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAWD,wBAAsB,sBAAsB,CAAC,KAAK,EAAE,qBAAqB,GAAG,OAAO,CAAC,sBAAsB,CAAC,CA0C1G"}

package/dist/tools/validate-template.js

@@ -0,0 +1,59 @@
+import { templateToJson, validate } from "@cedar-policy/cedar-wasm/nodejs";
+function parseSchema(schemaStr) {
+    try {
+        return JSON.parse(schemaStr);
+    }
+    catch {
+        return schemaStr;
+    }
+}
+function detectSlots(json) {
+    const slots = [];
+    const p = json.principal;
+    const r = json.resource;
+    if (p?.slot === "?principal")
+        slots.push("?principal");
+    if (r?.slot === "?resource")
+        slots.push("?resource");
+    return slots;
+}
+export async function handleValidateTemplate(input) {
+    if (!input.schema?.trim()) {
+        return { valid: false, errors: [], warnings: [], slots_detected: [], error: "schema is required" };
+    }
+    // Parse the template
+    const parseResult = templateToJson(input.template);
+    if (parseResult.type === "failure") {
+        return {
+            valid: false,
+            errors: parseResult.errors.map(e => ({ message: e.message })),
+            warnings: [],
+            slots_detected: [],
+        };
+    }
+    const slots_detected = detectSlots(parseResult.json);
+    // Validate against schema using the JSON policy struct format with templates key
+    const templateId = "t0";
+    let validateResult;
+    try {
+        validateResult = validate({ schema: parseSchema(input.schema), policies: { staticPolicies: {}, templates: { [templateId]: parseResult.json } } });
+    }
+    catch (e) {
+        return { valid: false, errors: [{ message: e instanceof Error ? e.message : String(e) }], warnings: [], slots_detected };
+    }
+    if (validateResult.type === "failure") {
+        return {
+            valid: false,
+            errors: validateResult.errors.map(e => ({ message: e.message, help: e.help ?? undefined })),
+            warnings: [],
+            slots_detected,
+        };
+    }
+    return {
+        valid: validateResult.validationErrors.length === 0,
+        errors: validateResult.validationErrors.map(e => ({ message: e.error.message, help: e.error.help ?? undefined })),
+        warnings: validateResult.validationWarnings.map(w => ({ message: w.error.message })),
+        slots_detected,
+    };
+}
+//# sourceMappingURL=validate-template.js.map

package/dist/tools/validate-template.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate-template.js","sourceRoot":"","sources":["../../src/tools/validate-template.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAG3E,SAAS,WAAW,CAAC,SAAiB;IACpC,IAAI,CAAC;QAAC,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,SAAS,CAAC;IAAC,CAAC;AACnE,CAAC;AAeD,SAAS,WAAW,CAAC,IAAgB;IACnC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,CAAC,GAAG,IAAI,CAAC,SAAoC,CAAC;IACpD,MAAM,CAAC,GAAG,IAAI,CAAC,QAAmC,CAAC;IACnD,IAAI,CAAC,EAAE,IAAI,KAAK,YAAY;QAAE,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACvD,IAAI,CAAC,EAAE,IAAI,KAAK,WAAW;QAAE,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACrD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,KAA4B;IACvE,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC;QAC1B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;IACrG,CAAC;IAED,qBAAqB;IACrB,MAAM,WAAW,GAAG,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACnD,IAAI,WAAW,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACnC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7D,QAAQ,EAAE,EAAE;YACZ,cAAc,EAAE,EAAE;SACnB,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,WAAW,CAAC,WAAW,CAAC,IAAkB,CAAC,CAAC;IAEnE,iFAAiF;IACjF,MAAM,UAAU,GAAG,IAAI,CAAC;IACxB,IAAI,cAA2C,CAAC;IAChD,IAAI,CAAC;QACH,cAAc,GAAG,QAAQ,CAAC,EAAE,MAAM,EAAE,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,CAAC,UAAU,CAAC,EAAE,WAAW,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IACpJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,cAAc,EAAE,CAAC;IAC3H,CAAC;IAED,IAAI,cAAc,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACtC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,IAAI,SAAS,EAAE,CAAC,CAAC;YAC3F,QAAQ,EAAE,EAAE;YACZ,cAAc;SACf,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,EAAE,cAAc,CAAC,gBAAgB,CAAC,MAAM,KAAK,CAAC;QACnD,MAAM,EAAE,cAAc,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,IAAI,SAAS,EAAE,CAAC,CAAC;QACjH,QAAQ,EAAE,cAAc,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACpF,cAAc;KACf,CAAC;AACJ,CAAC"}