field-guard 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Masaaki Ota
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,197 @@
+# field-guard
+
+A lightweight, fully type-safe, field-level access control library for TypeScript.
+
+Define **who** can see **which fields** of your data — with zero runtime dependencies.
+
+## Features
+
+- 🔒 **Field-level access control** — Grant or deny access per field, per access level
+- 🏗️ **Builder pattern API** — Chainable `.withDerive()` and `.withCheck()` for composable guards
+- 🔀 **Merge strategies** — Combine multiple verdicts via `union` or `intersection`
+- 🧩 **Composable** — Combine multiple guards into a single object with `combineGuards`
+- 🦺 **Fully type-safe** — All fields, levels, and results are inferred from your definitions
+
+## Installation
+
+```
+npm install field-guard
+```
+
+```
+import { defineGuard, combineGuards, mergeFieldVerdicts } from "field-guard";
+```
+
+## Core Concepts
+
+| Concept       | Description                                                                 |
+| ------------- | --------------------------------------------------------------------------- |
+| **Field**     | A string literal representing a property name (e.g. `"id"`, `"email"`)     |
+| **Level**     | An access level label (e.g. `"owner"`, `"public"`, `"admin"`)              |
+| **Policy**    | A mapping from levels to field permissions (`true`, `false`, or per-field)  |
+| **Verdict**   | The resolved result: a list of allowed fields with helper methods           |
+| **Context**   | Arbitrary user/session data passed into guards at evaluation time           |
+
+## Usage
+
+### 1. Define a Guard
+
+```ts
+import { defineGuard } from "field-guard";
+
+type Ctx = { userId: string; role: "admin" | "user" };
+type User = { id: string; email: string; name: string };
+
+const userGuard = defineGuard<"owner" | "other", Ctx>()({
+  fields: ["id", "email", "name"],
+  policy: {
+    owner: true,                    // all fields allowed
+    other: { id: true, name: true }, // whitelist mode — only id and name
+  },
+});
+```
+
+#### Policy Modes
+
+- **`true`** — Allow all fields for this level
+- **`false`** — Deny all fields for this level
+- **Whitelist** `{ id: true, name: true }` — Only explicitly listed fields are allowed
+- **Blacklist** `{ secretField: false }` — All fields allowed *except* those set to `false`
+
+> The mode is auto-detected: if any value is `true`, it's whitelist mode; if all values are `false`, it's blacklist mode.
+
+### 2. Add a Target Check
+
+Use `.withCheck<T>()` to resolve the access level based on the context and a target object:
+
+```ts
+const userGuard = defineGuard<"owner" | "other", Ctx>()({
+  fields: ["id", "email", "name"],
+  policy: {
+    owner: true,
+    other: { id: true, name: true },
+  },
+}).withCheck<User>()(({ ctx, target, verdictMap }) => {
+  const level = ctx.userId === target.id ? "owner" : "other";
+  return verdictMap[level];
+});
+```
+
+### 3. Evaluate the Guard
+
+```ts
+const guard = userGuard.for({ userId: "1", role: "user" });
+
+const verdict = guard.check({ id: "1", email: "me@example.com", name: "Me" });
+verdict.allowedFields; // ["id", "email", "name"]
+
+const verdict2 = guard.check({ id: "2", email: "other@example.com", name: "Other" });
+verdict2.allowedFields; // ["id", "name"]
+```
+
+### 4. Use Verdict Helpers
+
+Each `FieldVerdict` comes with two convenience methods:
+
+```ts
+verdict.coversAll(["id", "name"]);  // true — all requested fields are allowed
+verdict.coversSome(["email"]);      // true — at least one requested field is allowed
+```
+
+### 5. Derive Extra Properties
+
+Use `.withDerive()` to compute additional properties from the context:
+
+```ts
+const guard = defineGuard<"public", Ctx>()({
+  fields: ["id", "email"],
+  policy: { public: true },
+}).withDerive(({ ctx }) => ({
+  isAdmin: ctx.role === "admin",
+}));
+
+const g = guard.for({ userId: "1", role: "admin" });
+g.isAdmin; // true
+```
+
+### 6. Combine Multiple Guards
+
+Use `combineGuards` to bundle guards for different resources and bind them all at once:
+
+```ts
+import { combineGuards } from "field-guard";
+
+const guards = combineGuards<Ctx>()({
+  users: userGuard,
+  posts: postGuard,
+});
+
+const g = guards.for({ userId: "1", role: "user" });
+
+g.users.check({ id: "1", email: "a@b.com", name: "A" });
+g.posts.check({ id: "p1", content: "hello", authorId: "1" });
+```
+
+### 7. Merge Verdicts
+
+Merge multiple verdicts with `union` (any-of) or `intersection` (all-of) strategy:
+
+```ts
+import { mergeFieldVerdicts } from "field-guard";
+
+// Union: field is allowed if ANY verdict allows it
+mergeFieldVerdicts("union", [verdictA, verdictB], fields);
+
+// Intersection: field is allowed only if ALL verdicts allow it
+mergeFieldVerdicts("intersection", [verdictA, verdictB], fields);
+```
+
+This is also available as `mergeVerdicts` on every guard instance:
+
+```ts
+const guard = defineGuard<"owner" | "admin", Ctx>()({ /* ... */ });
+
+const verdict = guard.mergeVerdicts("union", { owner: true, admin: false });
+```
+
+## API Reference
+
+### `defineGuard<Levels, Context>()`
+
+Returns a factory function that accepts `{ fields, policy }` and returns a guard chain.
+
+### Guard Chain Methods
+
+| Method                    | Description                                                        |
+| ------------------------- | ------------------------------------------------------------------ |
+| `.withDerive(fn)`         | Add derived properties computed from context                       |
+| `.withCheck<Target>()(fn)` | Add a `check(target)` method that resolves a verdict per target   |
+| `.for(ctx)`               | Bind context and return the resolved guard object                  |
+
+### Guard Base Properties
+
+| Property        | Description                                              |
+| --------------- | -------------------------------------------------------- |
+| `fields`        | The full list of field names                             |
+| `verdictMap`    | Pre-computed `FieldVerdictMap` for each level            |
+| `mergeVerdicts` | Helper to merge verdicts by level flags                  |
+
+### `combineGuards<Context>()(guards)`
+
+Combines multiple guards into a single object with a shared `.for(ctx)` method.
+
+### `mergeFieldVerdicts(mode, verdicts, fields)`
+
+Merges an array of `FieldVerdict` objects using `"union"` or `"intersection"` strategy.
+
+### `FieldVerdict<F>`
+
+| Property         | Type                    | Description                              |
+| ---------------- | ----------------------- | ---------------------------------------- |
+| `allowedFields`  | `F[]`                   | List of allowed field names              |
+| `coversAll(fs)`  | `(fields: F[]) => boolean` | `true` if all given fields are allowed |
+| `coversSome(fs)` | `(fields: F[]) => boolean` | `true` if any given field is allowed   |
+
+## License
+
+MIT

package/dist/combineGuards.d.ts

@@ -0,0 +1,14 @@
+type GuardWithFor<A> = {
+    for: (actor: A) => Record<string, unknown>;
+};
+type Params<A> = Record<string, GuardWithFor<A>>;
+type BoundGuards<A, P extends Params<A>> = {
+    [K in keyof P]: P[K] extends {
+        for: (actor: A) => infer R;
+    } ? R : never;
+};
+export declare function combineGuards<A>(): <P extends Params<A>>(params: P) => {
+    for: (actor: A) => BoundGuards<A, P>;
+};
+export {};
+//# sourceMappingURL=combineGuards.d.ts.map

package/dist/combineGuards.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"combineGuards.d.ts","sourceRoot":"","sources":["../src/combineGuards.ts"],"names":[],"mappings":"AAAA,KAAK,YAAY,CAAC,CAAC,IAAI;IAAE,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,CAAC;AACtE,KAAK,MAAM,CAAC,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;AACjD,KAAK,WAAW,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,IAAI;KACxC,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;QAAE,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC,KAAK,MAAM,CAAC,CAAA;KAAE,GAAG,CAAC,GAAG,KAAK;CACxE,CAAC;AAEF,wBAAgB,aAAa,CAAC,CAAC,MACrB,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC;iBAErB,CAAC,KAAG,WAAW,CAAC,CAAC,EAAE,CAAC,CAAC;EAUvC"}

package/dist/combineGuards.js

@@ -0,0 +1,13 @@
+export function combineGuards() {
+    return (params) => {
+        return {
+            for: (actor) => {
+                return Object.fromEntries(Object.entries(params).map(([key, guard]) => [
+                    key,
+                    guard.for(actor),
+                ]));
+            },
+        };
+    };
+}
+//# sourceMappingURL=combineGuards.js.map

package/dist/combineGuards.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"combineGuards.js","sourceRoot":"","sources":["../src/combineGuards.ts"],"names":[],"mappings":"AAMA,MAAM,UAAU,aAAa;IAC3B,OAAO,CAAsB,MAAS,EAAE,EAAE;QACxC,OAAO;YACL,GAAG,EAAE,CAAC,KAAQ,EAAqB,EAAE;gBACnC,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC;oBAC3C,GAAG;oBACH,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC;iBACjB,CAAC,CACkB,CAAC;YACzB,CAAC;SACF,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}

package/dist/defineGuard.d.ts

@@ -0,0 +1,32 @@
+import { type MergeFieldVerdictsMode } from "./mergeFieldVerdicts.js";
+import { type FieldPolicy, type FieldVerdict, type FieldVerdictMap } from "./types.js";
+type BaseParams<C, L extends string, F extends string> = {
+    ctx: C;
+    fields: F[];
+    verdictMap: FieldVerdictMap<L, F>;
+    mergeVerdicts: (mode: MergeFieldVerdictsMode, flags: Partial<Record<L, boolean>>) => FieldVerdict<F>;
+};
+export type DeriveParams<C, L extends string, F extends string> = BaseParams<C, L, F>;
+export type ResolveParams<C, T, L extends string, F extends string> = BaseParams<C, L, F> & {
+    target: T;
+};
+export type GuardBase<L extends string, F extends string> = {
+    fields: F[];
+    verdictMap: FieldVerdictMap<L, F>;
+    mergeVerdicts: (mode: MergeFieldVerdictsMode, flags: Partial<Record<L, boolean>>) => FieldVerdict<F>;
+};
+export type GuardChain<C, L extends string, F extends string, R extends Record<string, unknown>, HasDerive extends boolean = false, HasResolve extends boolean = false> = GuardBase<L, F> & {
+    for(ctx: C): R;
+} & (HasDerive extends false ? {
+    withDerive<D extends Record<string, unknown>>(fn: (p: DeriveParams<C, L, F>) => D): GuardChain<C, L, F, R & D, true, HasResolve>;
+} : {}) & (HasResolve extends false ? {
+    withCheck<T>(): <M>(fn: (p: ResolveParams<C, T, L, F>) => M) => GuardChain<C, L, F, R & {
+        check: (target: T) => M;
+    }, HasDerive, true>;
+} : {});
+export declare function defineGuard<L extends string, C>(): <F extends string>(params: {
+    fields: F[];
+    policy: FieldPolicy<L, F>;
+}) => GuardChain<C, L, F, Record<string, never>, false, false>;
+export {};
+//# sourceMappingURL=defineGuard.d.ts.map

package/dist/defineGuard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"defineGuard.d.ts","sourceRoot":"","sources":["../src/defineGuard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAsB,KAAK,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AAC1F,OAAO,EAAiB,KAAK,WAAW,EAAkB,KAAK,YAAY,EAAE,KAAK,eAAe,EAAE,MAAM,YAAY,CAAC;AAEtH,KAAK,UAAU,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,EAAE,CAAC,SAAS,MAAM,IAAI;IACvD,GAAG,EAAE,CAAC,CAAC;IACP,MAAM,EAAE,CAAC,EAAE,CAAC;IACZ,UAAU,EAAE,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAClC,aAAa,EAAE,CAAC,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,KAAK,YAAY,CAAC,CAAC,CAAC,CAAC;CACtG,CAAC;AAEF,MAAM,MAAM,YAAY,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,EAAE,CAAC,SAAS,MAAM,IAAI,UAAU,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;AAEtF,MAAM,MAAM,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,MAAM,EAAE,CAAC,SAAS,MAAM,IAAI,UAAU,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,GAAG;IAC1F,MAAM,EAAE,CAAC,CAAC;CACX,CAAC;AAEF,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,MAAM,EAAE,CAAC,SAAS,MAAM,IAAI;IAC1D,MAAM,EAAE,CAAC,EAAE,CAAC;IACZ,UAAU,EAAE,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAClC,aAAa,EAAE,CAAC,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,KAAK,YAAY,CAAC,CAAC,CAAC,CAAC;CACtG,CAAC;AAEF,MAAM,MAAM,UAAU,CACpB,CAAC,EACD,CAAC,SAAS,MAAM,EAChB,CAAC,SAAS,MAAM,EAChB,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,SAAS,SAAS,OAAO,GAAG,KAAK,EACjC,UAAU,SAAS,OAAO,GAAG,KAAK,IAEhC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GACf;IACA,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;CAChB,GACC,CAAC,SAAS,SAAS,KAAK,GAAG;IACzB,UAAU,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC1C,EAAE,EAAE,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAClC,UAAU,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;CACjD,GACC,EAAE,CAAC,GACL,CAAC,UAAU,SAAS,KAAK,GAAG;IAC1B,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAChB,EAAE,EAAE,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,KACpC,UAAU,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,GAAG;QAAE,KAAK,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,CAAA;KAAE,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;CAC5E,GACC,EAAE,CAAC,CAAC;AAsEV,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,EAAE,CAAC,MACrC,CAAC,SAAS,MAAM,EAAE,QAAQ;IAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IAAC,MAAM,EAAE,WAAW,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;CAAE,8DAmB7E"}

package/dist/defineGuard.js

@@ -0,0 +1,57 @@
+import { mergeFieldVerdicts } from "./mergeFieldVerdicts.js";
+import { createVerdict } from "./types.js";
+function buildVerdictMap(policy, fields) {
+    return Object.fromEntries(Object.entries(policy).map(([_level, _mask]) => {
+        const level = _level;
+        const mask = _mask;
+        if (typeof mask === "boolean") {
+            return [level, createVerdict(mask ? fields : [])];
+        }
+        const isWhiteListMode = Object.values(mask).length === 0 || Object.values(mask).some((v) => v === true);
+        const allowedFields = isWhiteListMode
+            ? fields.filter((f) => mask[f] === true)
+            : fields.filter((f) => mask[f] !== false);
+        return [level, createVerdict(allowedFields)];
+    }));
+}
+function createChain(fields, verdictMap, mergeVerdicts, deriveFn, resolveFn) {
+    return {
+        fields,
+        verdictMap,
+        mergeVerdicts,
+        withDerive(fn) {
+            const prevDeriveFn = deriveFn;
+            const nextDeriveFn = (p) => ({
+                ...(prevDeriveFn ? prevDeriveFn(p) : {}),
+                ...fn(p),
+            });
+            return createChain(fields, verdictMap, mergeVerdicts, nextDeriveFn, resolveFn);
+        },
+        withCheck() {
+            return (fn) => {
+                return createChain(fields, verdictMap, mergeVerdicts, deriveFn, fn);
+            };
+        },
+        for(ctx) {
+            const baseParams = { ctx, fields, verdictMap, mergeVerdicts };
+            const derived = deriveFn ? deriveFn(baseParams) : {};
+            const result = resolveFn
+                ? { ...derived, check: (target) => resolveFn({ ...baseParams, target }) }
+                : { ...derived };
+            return result;
+        },
+    };
+}
+export function defineGuard() {
+    return (params) => {
+        const { fields, policy } = params;
+        const verdictMap = buildVerdictMap(policy, fields);
+        const _mergeVerdicts = (mode, flags) => {
+            const levels = Object.keys(flags).filter((l) => flags[l]);
+            const verdicts = levels.map((l) => verdictMap[l]);
+            return mergeFieldVerdicts(mode, verdicts, fields);
+        };
+        return createChain(fields, verdictMap, _mergeVerdicts, undefined, undefined);
+    };
+}
+//# sourceMappingURL=defineGuard.js.map

package/dist/defineGuard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"defineGuard.js","sourceRoot":"","sources":["../src/defineGuard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAA+B,MAAM,yBAAyB,CAAC;AAC1F,OAAO,EAAE,aAAa,EAA6E,MAAM,YAAY,CAAC;AA8CtH,SAAS,eAAe,CACtB,MAAyB,EACzB,MAAW;IAEX,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,EAAE;QAC7C,MAAM,KAAK,GAAG,MAAW,CAAC;QAC1B,MAAM,IAAI,GAAG,KAAwC,CAAC;QACtD,IAAI,OAAO,IAAI,KAAK,SAAS,EAAE,CAAC;YAC9B,OAAO,CAAC,KAAK,EAAE,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACpD,CAAC;QACD,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;QACxG,MAAM,aAAa,GAAG,eAAe;YACnC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;YACxC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC;QAC5C,OAAO,CAAC,KAAK,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC,CAAC;IAC/C,CAAC,CAAkC,CACX,CAAC;AAC7B,CAAC;AAED,SAAS,WAAW,CAQlB,MAAW,EACX,UAAiC,EACjC,aAAoG,EACpG,QAA6E,EAC7E,SAAgE;IAEhE,OAAO;QACL,MAAM;QACN,UAAU;QACV,aAAa;QACb,UAAU,CAAoC,EAAmC;YAC/E,MAAM,YAAY,GAAG,QAAQ,CAAC;YAC9B,MAAM,YAAY,GAAG,CAAC,CAAwB,EAAE,EAAE,CAAC,CAAC;gBAClD,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACxC,GAAG,EAAE,CAAC,CAAC,CAAC;aACT,CAAC,CAAC;YACH,OAAO,WAAW,CAAmC,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;QACnH,CAAC;QACD,SAAS;YACP,OAAO,CAAI,EAAuC,EAAE,EAAE;gBACpD,OAAO,WAAW,CAChB,MAAM,EACN,UAAU,EACV,aAAa,EACb,QAAQ,EACR,EAAE,CACH,CAAC;YACJ,CAAC,CAAC;QACJ,CAAC;QACD,GAAG,CAAC,GAAM;YACR,MAAM,UAAU,GAAwB,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC;YACnF,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACrD,MAAM,MAAM,GAAG,SAAS;gBACtB,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,KAAK,EAAE,CAAC,MAAW,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,CAAC,EAAE;gBAC9E,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,CAAC;YACnB,OAAO,MAAW,CAAC;QACrB,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,OAAO,CAAmB,MAAkD,EAAE,EAAE;QAC9E,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;QAClC,MAAM,UAAU,GAAG,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACnD,MAAM,cAAc,GAAG,CACrB,IAA4B,EAC5B,KAAkC,EACjB,EAAE;YACnB,MAAM,MAAM,GAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACnE,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;YAClD,OAAO,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QACpD,CAAC,CAAC;QACF,OAAO,WAAW,CAChB,MAAM,EACN,UAAU,EACV,cAAc,EACd,SAAS,EACT,SAAS,CACV,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+export * from "./combineGuards.js";
+export * from "./defineGuard.js";
+export * from "./mergeFieldVerdicts.js";
+export * from "./types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAC;AACnC,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,5 @@
+export * from "./combineGuards.js";
+export * from "./defineGuard.js";
+export * from "./mergeFieldVerdicts.js";
+export * from "./types.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAC;AACnC,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,YAAY,CAAC"}

package/dist/mergeFieldVerdicts.d.ts

@@ -0,0 +1,4 @@
+import { FieldVerdict } from "./types.js";
+export type MergeFieldVerdictsMode = "union" | "intersection";
+export declare function mergeFieldVerdicts<F extends string>(mode: MergeFieldVerdictsMode, verdicts: FieldVerdict<F>[], fields: F[]): FieldVerdict<F>;
+//# sourceMappingURL=mergeFieldVerdicts.d.ts.map

package/dist/mergeFieldVerdicts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mergeFieldVerdicts.d.ts","sourceRoot":"","sources":["../src/mergeFieldVerdicts.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,YAAY,EAAE,MAAM,YAAY,CAAC;AAEzD,MAAM,MAAM,sBAAsB,GAAG,OAAO,GAAG,cAAc,CAAC;AAE9D,wBAAgB,kBAAkB,CAAC,CAAC,SAAS,MAAM,EACjD,IAAI,EAAE,sBAAsB,EAC5B,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,EAC3B,MAAM,EAAE,CAAC,EAAE,GACV,YAAY,CAAC,CAAC,CAAC,CAYjB"}

package/dist/mergeFieldVerdicts.js

@@ -0,0 +1,12 @@
+import { createVerdict } from "./types.js";
+export function mergeFieldVerdicts(mode, verdicts, fields) {
+    if (verdicts.length === 0) {
+        return createVerdict([]);
+    }
+    const allowedSets = verdicts.map((v) => new Set(v.allowedFields));
+    const allowedFields = mode === "union"
+        ? fields.filter((f) => allowedSets.some((set) => set.has(f)))
+        : fields.filter((f) => allowedSets.every((set) => set.has(f)));
+    return createVerdict(allowedFields);
+}
+//# sourceMappingURL=mergeFieldVerdicts.js.map

package/dist/mergeFieldVerdicts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mergeFieldVerdicts.js","sourceRoot":"","sources":["../src/mergeFieldVerdicts.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAgB,MAAM,YAAY,CAAC;AAIzD,MAAM,UAAU,kBAAkB,CAChC,IAA4B,EAC5B,QAA2B,EAC3B,MAAW;IAEX,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,aAAa,CAAI,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,WAAW,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC;IAElE,MAAM,aAAa,GAAG,IAAI,KAAK,OAAO;QACpC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7D,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAEjE,OAAO,aAAa,CAAC,aAAa,CAAC,CAAC;AACtC,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,10 @@
+export type FieldRule<F extends string> = Record<F, boolean>;
+export type FieldPolicy<L extends string, F extends string> = Record<L, boolean | Partial<FieldRule<F>>>;
+export type FieldVerdict<F extends string> = {
+    allowedFields: F[];
+    coversAll: (fields: F[]) => boolean;
+    coversSome: (fields: F[]) => boolean;
+};
+export declare function createVerdict<F extends string>(allowedFields: F[]): FieldVerdict<F>;
+export type FieldVerdictMap<L extends string, F extends string> = Record<L, FieldVerdict<F>>;
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,MAAM,IAAI,MAAM,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;AAG7D,MAAM,MAAM,WAAW,CACrB,CAAC,SAAS,MAAM,EAChB,CAAC,SAAS,MAAM,IACd,MAAM,CAAC,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAM/C,MAAM,MAAM,YAAY,CAAC,CAAC,SAAS,MAAM,IAAI;IAC3C,aAAa,EAAE,CAAC,EAAE,CAAC;IACnB,SAAS,EAAE,CAAC,MAAM,EAAE,CAAC,EAAE,KAAK,OAAO,CAAC;IACpC,UAAU,EAAE,CAAC,MAAM,EAAE,CAAC,EAAE,KAAK,OAAO,CAAC;CACtC,CAAC;AAEF,wBAAgB,aAAa,CAAC,CAAC,SAAS,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC,CAOnF;AAED,MAAM,MAAM,eAAe,CAAC,CAAC,SAAS,MAAM,EAAE,CAAC,SAAS,MAAM,IAAI,MAAM,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC"}

package/dist/types.js

@@ -0,0 +1,14 @@
+const fieldRule = { f1: true, f2: false };
+const fieldPolicy = {
+    public: { f1: true },
+    private: { f1: true, f2: false },
+};
+export function createVerdict(allowedFields) {
+    const set = new Set(allowedFields);
+    return {
+        allowedFields,
+        coversAll: (fields) => fields.every((f) => set.has(f)),
+        coversSome: (fields) => fields.some((f) => set.has(f)),
+    };
+}
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AACA,MAAM,SAAS,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAA2B,CAAC;AAMnE,MAAM,WAAW,GAAG;IAClB,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE;IACpB,OAAO,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE;CACD,CAAC;AAQlC,MAAM,UAAU,aAAa,CAAmB,aAAkB;IAChE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAI,aAAa,CAAC,CAAC;IACtC,OAAO;QACL,aAAa;QACb,SAAS,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACtD,UAAU,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;KACvD,CAAC;AACJ,CAAC"}

package/package.json

@@ -0,0 +1,44 @@
+{
+  "name": "field-guard",
+  "version": "0.1.0",
+  "description": "A lightweight, fully type-safe, field-level access control library for TypeScript",
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist",
+    "LICENSE",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "test": "bun run vitest run",
+    "prepublishOnly": "bun run build"
+  },
+  "keywords": [
+    "field",
+    "guard",
+    "access-control",
+    "permission",
+    "authorization",
+    "field-level",
+    "typescript",
+    "type-safe"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/mohhh-ok/field-guard.git"
+  },
+  "sideEffects": false,
+  "devDependencies": {
+    "typescript": "^5.8.3",
+    "vitest": "^4.0.18"
+  }
+}