guardrail-core 1.0.0

package/dist/rbac/__tests__/permissions.test.js

@@ -0,0 +1,350 @@
+"use strict";
+/**
+ * RBAC Permission Tests
+ *
+ * Tests for role-based access control permission checking logic.
+ * Validates acceptance criteria for different roles.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+const permissions_1 = require("../permissions");
+const types_1 = require("../types");
+// =============================================================================
+// TEST HELPERS
+// =============================================================================
+function createContext(role, tier) {
+    return {
+        userId: 'user_123',
+        teamId: 'team_456',
+        role,
+        permissions: (0, permissions_1.getEffectivePermissions)(role),
+        tier,
+    };
+}
+// =============================================================================
+// ROLE VALIDATION TESTS
+// =============================================================================
+describe('Role Validation', () => {
+    test('isValidRole returns true for valid roles', () => {
+        expect((0, permissions_1.isValidRole)('owner')).toBe(true);
+        expect((0, permissions_1.isValidRole)('admin')).toBe(true);
+        expect((0, permissions_1.isValidRole)('dev')).toBe(true);
+        expect((0, permissions_1.isValidRole)('viewer')).toBe(true);
+        expect((0, permissions_1.isValidRole)('compliance-auditor')).toBe(true);
+    });
+    test('isValidRole returns false for invalid roles', () => {
+        expect((0, permissions_1.isValidRole)('superadmin')).toBe(false);
+        expect((0, permissions_1.isValidRole)('')).toBe(false);
+        expect((0, permissions_1.isValidRole)('ADMIN')).toBe(false);
+    });
+    test('parseRole returns role for valid input', () => {
+        expect((0, permissions_1.parseRole)('owner')).toBe('owner');
+        expect((0, permissions_1.parseRole)('admin')).toBe('admin');
+    });
+    test('parseRole returns null for invalid input', () => {
+        expect((0, permissions_1.parseRole)('invalid')).toBeNull();
+        expect((0, permissions_1.parseRole)('')).toBeNull();
+    });
+});
+// =============================================================================
+// PERMISSION VALIDATION TESTS
+// =============================================================================
+describe('Permission Validation', () => {
+    test('isValidPermission returns true for valid permissions', () => {
+        expect((0, permissions_1.isValidPermission)('manage_team')).toBe(true);
+        expect((0, permissions_1.isValidPermission)('view_audit')).toBe(true);
+        expect((0, permissions_1.isValidPermission)('run_autopilot')).toBe(true);
+    });
+    test('isValidPermission returns false for invalid permissions', () => {
+        expect((0, permissions_1.isValidPermission)('invalid_permission')).toBe(false);
+        expect((0, permissions_1.isValidPermission)('')).toBe(false);
+    });
+});
+// =============================================================================
+// ROLE HIERARCHY TESTS
+// =============================================================================
+describe('Role Hierarchy', () => {
+    test('compareRoles returns correct hierarchy order', () => {
+        expect((0, permissions_1.compareRoles)('owner', 'admin')).toBeGreaterThan(0);
+        expect((0, permissions_1.compareRoles)('admin', 'dev')).toBeGreaterThan(0);
+        expect((0, permissions_1.compareRoles)('dev', 'viewer')).toBeGreaterThan(0);
+        expect((0, permissions_1.compareRoles)('viewer', 'owner')).toBeLessThan(0);
+        expect((0, permissions_1.compareRoles)('admin', 'admin')).toBe(0);
+    });
+    test('isRoleAtLeast correctly compares roles', () => {
+        expect((0, permissions_1.isRoleAtLeast)('owner', 'admin')).toBe(true);
+        expect((0, permissions_1.isRoleAtLeast)('owner', 'owner')).toBe(true);
+        expect((0, permissions_1.isRoleAtLeast)('admin', 'owner')).toBe(false);
+        expect((0, permissions_1.isRoleAtLeast)('dev', 'viewer')).toBe(true);
+        expect((0, permissions_1.isRoleAtLeast)('viewer', 'dev')).toBe(false);
+    });
+});
+// =============================================================================
+// PERMISSION CHECKING TESTS
+// =============================================================================
+describe('Permission Checking', () => {
+    test('roleHasPermission returns correct values', () => {
+        expect((0, permissions_1.roleHasPermission)('owner', 'manage_billing')).toBe(true);
+        expect((0, permissions_1.roleHasPermission)('admin', 'manage_billing')).toBe(false);
+        expect((0, permissions_1.roleHasPermission)('viewer', 'view_dashboard')).toBe(true);
+        expect((0, permissions_1.roleHasPermission)('viewer', 'run_autopilot')).toBe(false);
+    });
+    test('hasPermission returns allowed for valid permissions', () => {
+        const ownerContext = createContext('owner');
+        const result = (0, permissions_1.hasPermission)(ownerContext, 'manage_billing');
+        expect(result.allowed).toBe(true);
+    });
+    test('hasPermission returns denied with reason for missing permissions', () => {
+        const viewerContext = createContext('viewer');
+        const result = (0, permissions_1.hasPermission)(viewerContext, 'manage_team');
+        expect(result.allowed).toBe(false);
+        expect(result.reason).toContain('manage_team');
+        expect(result.requiredPermissions).toContain('manage_team');
+    });
+    test('hasAllPermissions requires all permissions', () => {
+        const adminContext = createContext('admin');
+        const allPresent = (0, permissions_1.hasAllPermissions)(adminContext, ['manage_team', 'run_autopilot']);
+        expect(allPresent.allowed).toBe(true);
+        const someMissing = (0, permissions_1.hasAllPermissions)(adminContext, ['manage_team', 'manage_billing']);
+        expect(someMissing.allowed).toBe(false);
+    });
+    test('hasAnyPermission allows with any matching permission', () => {
+        const devContext = createContext('dev');
+        const onePresent = (0, permissions_1.hasAnyPermission)(devContext, ['run_scan', 'manage_billing']);
+        expect(onePresent.allowed).toBe(true);
+        const nonePresent = (0, permissions_1.hasAnyPermission)(devContext, ['manage_billing', 'admin_settings']);
+        expect(nonePresent.allowed).toBe(false);
+    });
+});
+// =============================================================================
+// ACCEPTANCE CRITERIA TESTS
+// =============================================================================
+describe('Acceptance Criteria: Compliance Auditor', () => {
+    const auditorContext = createContext('compliance-auditor');
+    test('can view audit logs', () => {
+        const result = (0, permissions_1.hasPermission)(auditorContext, 'view_audit');
+        expect(result.allowed).toBe(true);
+    });
+    test('can export audit logs', () => {
+        const result = (0, permissions_1.hasPermission)(auditorContext, 'export_audit');
+        expect(result.allowed).toBe(true);
+    });
+    test('cannot edit policies', () => {
+        const result = (0, permissions_1.hasPermission)(auditorContext, 'manage_policies');
+        expect(result.allowed).toBe(false);
+    });
+    test('cannot manage team', () => {
+        const result = (0, permissions_1.hasPermission)(auditorContext, 'manage_team');
+        expect(result.allowed).toBe(false);
+    });
+    test('cannot run autopilot', () => {
+        const result = (0, permissions_1.hasPermission)(auditorContext, 'run_autopilot');
+        expect(result.allowed).toBe(false);
+    });
+});
+describe('Acceptance Criteria: Viewer', () => {
+    const viewerContext = createContext('viewer');
+    test('can see dashboard', () => {
+        const result = (0, permissions_1.hasPermission)(viewerContext, 'view_dashboard');
+        expect(result.allowed).toBe(true);
+    });
+    test('can view reports', () => {
+        const result = (0, permissions_1.hasPermission)(viewerContext, 'view_reports');
+        expect(result.allowed).toBe(true);
+    });
+    test('cannot run Reality Mode', () => {
+        const result = (0, permissions_1.hasPermission)(viewerContext, 'run_reality');
+        expect(result.allowed).toBe(false);
+    });
+    test('cannot run Autopilot', () => {
+        const result = (0, permissions_1.hasPermission)(viewerContext, 'run_autopilot');
+        expect(result.allowed).toBe(false);
+    });
+    test('cannot run scans', () => {
+        const result = (0, permissions_1.hasPermission)(viewerContext, 'run_scan');
+        expect(result.allowed).toBe(false);
+    });
+    test('cannot manage policies', () => {
+        const result = (0, permissions_1.hasPermission)(viewerContext, 'manage_policies');
+        expect(result.allowed).toBe(false);
+    });
+});
+describe('Acceptance Criteria: Developer', () => {
+    const devContext = createContext('dev');
+    test('can run scans', () => {
+        const result = (0, permissions_1.hasPermission)(devContext, 'run_scan');
+        expect(result.allowed).toBe(true);
+    });
+    test('can run Reality Mode', () => {
+        const result = (0, permissions_1.hasPermission)(devContext, 'run_reality');
+        expect(result.allowed).toBe(true);
+    });
+    test('can run fixes', () => {
+        const result = (0, permissions_1.hasPermission)(devContext, 'run_fix');
+        expect(result.allowed).toBe(true);
+    });
+    test('cannot run Autopilot', () => {
+        const result = (0, permissions_1.hasPermission)(devContext, 'run_autopilot');
+        expect(result.allowed).toBe(false);
+    });
+    test('cannot manage team', () => {
+        const result = (0, permissions_1.hasPermission)(devContext, 'manage_team');
+        expect(result.allowed).toBe(false);
+    });
+});
+describe('Acceptance Criteria: Admin', () => {
+    const adminContext = createContext('admin');
+    test('can manage team', () => {
+        const result = (0, permissions_1.hasPermission)(adminContext, 'manage_team');
+        expect(result.allowed).toBe(true);
+    });
+    test('can run Autopilot', () => {
+        const result = (0, permissions_1.hasPermission)(adminContext, 'run_autopilot');
+        expect(result.allowed).toBe(true);
+    });
+    test('can manage policies', () => {
+        const result = (0, permissions_1.hasPermission)(adminContext, 'manage_policies');
+        expect(result.allowed).toBe(true);
+    });
+    test('cannot manage billing', () => {
+        const result = (0, permissions_1.hasPermission)(adminContext, 'manage_billing');
+        expect(result.allowed).toBe(false);
+    });
+});
+describe('Acceptance Criteria: Owner', () => {
+    const ownerContext = createContext('owner');
+    test('has all permissions', () => {
+        const permissions = [
+            'manage_team',
+            'manage_billing',
+            'run_autopilot',
+            'manage_policies',
+            'admin_settings',
+        ];
+        for (const permission of permissions) {
+            const result = (0, permissions_1.hasPermission)(ownerContext, permission);
+            expect(result.allowed).toBe(true);
+        }
+    });
+});
+// =============================================================================
+// ROLE ASSIGNMENT TESTS
+// =============================================================================
+describe('Role Assignment', () => {
+    test('owner can assign any role', () => {
+        expect((0, permissions_1.canAssignRole)('owner', 'admin').allowed).toBe(true);
+        expect((0, permissions_1.canAssignRole)('owner', 'dev').allowed).toBe(true);
+        expect((0, permissions_1.canAssignRole)('owner', 'viewer').allowed).toBe(true);
+        expect((0, permissions_1.canAssignRole)('owner', 'compliance-auditor').allowed).toBe(true);
+    });
+    test('admin can assign lower roles', () => {
+        expect((0, permissions_1.canAssignRole)('admin', 'dev').allowed).toBe(true);
+        expect((0, permissions_1.canAssignRole)('admin', 'viewer').allowed).toBe(true);
+    });
+    test('admin cannot assign admin or owner', () => {
+        expect((0, permissions_1.canAssignRole)('admin', 'admin').allowed).toBe(false);
+        expect((0, permissions_1.canAssignRole)('admin', 'owner').allowed).toBe(false);
+    });
+    test('dev cannot assign roles', () => {
+        expect((0, permissions_1.canAssignRole)('dev', 'viewer').allowed).toBe(false);
+    });
+    test('viewer cannot assign roles', () => {
+        expect((0, permissions_1.canAssignRole)('viewer', 'viewer').allowed).toBe(false);
+    });
+});
+// =============================================================================
+// MEMBER REMOVAL TESTS
+// =============================================================================
+describe('Member Removal', () => {
+    test('owner can remove any non-owner member', () => {
+        expect((0, permissions_1.canRemoveMember)('owner', 'admin').allowed).toBe(true);
+        expect((0, permissions_1.canRemoveMember)('owner', 'dev').allowed).toBe(true);
+        expect((0, permissions_1.canRemoveMember)('owner', 'viewer').allowed).toBe(true);
+    });
+    test('nobody can remove owner', () => {
+        expect((0, permissions_1.canRemoveMember)('owner', 'owner').allowed).toBe(false);
+        expect((0, permissions_1.canRemoveMember)('admin', 'owner').allowed).toBe(false);
+    });
+    test('admin can remove lower roles', () => {
+        expect((0, permissions_1.canRemoveMember)('admin', 'dev').allowed).toBe(true);
+        expect((0, permissions_1.canRemoveMember)('admin', 'viewer').allowed).toBe(true);
+    });
+    test('admin cannot remove admin', () => {
+        expect((0, permissions_1.canRemoveMember)('admin', 'admin').allowed).toBe(false);
+    });
+    test('dev cannot remove members', () => {
+        expect((0, permissions_1.canRemoveMember)('dev', 'viewer').allowed).toBe(false);
+    });
+});
+// =============================================================================
+// PERMISSION MATRIX TESTS
+// =============================================================================
+describe('Permission Matrix', () => {
+    test('generatePermissionMatrix returns valid structure', () => {
+        const matrix = (0, permissions_1.generatePermissionMatrix)();
+        expect(matrix.roles).toEqual(types_1.ROLES);
+        expect(matrix.permissions.length).toBeGreaterThan(0);
+        expect(typeof matrix.matrix).toBe('object');
+    });
+    test('matrix contains all role-permission combinations', () => {
+        const matrix = (0, permissions_1.generatePermissionMatrix)();
+        for (const role of types_1.ROLES) {
+            expect(matrix.matrix[role]).toBeDefined();
+            for (const permission of matrix.permissions) {
+                expect(typeof matrix.matrix[role][permission]).toBe('boolean');
+            }
+        }
+    });
+    test('matrix values match roleHasPermission', () => {
+        const matrix = (0, permissions_1.generatePermissionMatrix)();
+        for (const role of types_1.ROLES) {
+            for (const permission of matrix.permissions) {
+                const matrixValue = matrix.matrix[role][permission];
+                const functionValue = (0, permissions_1.roleHasPermission)(role, permission);
+                expect(matrixValue).toBe(functionValue);
+            }
+        }
+    });
+});
+// =============================================================================
+// MINIMUM ROLE TESTS
+// =============================================================================
+describe('Minimum Role for Permission', () => {
+    test('getMinimumRoleForPermission returns correct minimum role', () => {
+        expect((0, permissions_1.getMinimumRoleForPermission)('view_dashboard')).toBe('viewer');
+        expect((0, permissions_1.getMinimumRoleForPermission)('view_audit')).toBe('compliance-auditor');
+        expect((0, permissions_1.getMinimumRoleForPermission)('run_scan')).toBe('dev');
+        expect((0, permissions_1.getMinimumRoleForPermission)('manage_team')).toBe('admin');
+        expect((0, permissions_1.getMinimumRoleForPermission)('manage_billing')).toBe('owner');
+    });
+});
+// =============================================================================
+// EFFECTIVE PERMISSIONS TESTS
+// =============================================================================
+describe('Effective Permissions', () => {
+    test('getEffectivePermissions returns array for each role', () => {
+        for (const role of types_1.ROLES) {
+            const permissions = (0, permissions_1.getEffectivePermissions)(role);
+            expect(Array.isArray(permissions)).toBe(true);
+            expect(permissions.length).toBeGreaterThan(0);
+        }
+    });
+    test('owner has more permissions than admin', () => {
+        const ownerPerms = (0, permissions_1.getEffectivePermissions)('owner');
+        const adminPerms = (0, permissions_1.getEffectivePermissions)('admin');
+        expect(ownerPerms.length).toBeGreaterThan(adminPerms.length);
+    });
+    test('admin has more permissions than dev', () => {
+        const adminPerms = (0, permissions_1.getEffectivePermissions)('admin');
+        const devPerms = (0, permissions_1.getEffectivePermissions)('dev');
+        expect(adminPerms.length).toBeGreaterThan(devPerms.length);
+    });
+    test('viewer has fewest permissions', () => {
+        const viewerPerms = (0, permissions_1.getEffectivePermissions)('viewer');
+        for (const role of types_1.ROLES) {
+            if (role !== 'viewer') {
+                const otherPerms = (0, permissions_1.getEffectivePermissions)(role);
+                expect(viewerPerms.length).toBeLessThanOrEqual(otherPerms.length);
+            }
+        }
+    });
+});

package/dist/rbac/index.d.ts

@@ -0,0 +1,9 @@
+/**
+ * RBAC Module - Role-Based Access Control
+ *
+ * Exports all RBAC types, permissions, and utilities.
+ */
+export type { Permission, PermissionCheck, PermissionMatrix, RBACContext, Role, RoleAssignment, RoleMetadata, TeamInvitation, TeamMemberWithRole, } from './types';
+export { PERMISSIONS, ROLE_HIERARCHY, ROLE_METADATA, ROLE_PERMISSIONS, ROLES, } from './types';
+export { canAssignRole, canRemoveMember, checkTierAndPermission, compareRoles, generatePermissionMatrix, getEffectivePermissions, getMinimumRoleForPermission, hasAllPermissions, hasAnyPermission, hasPermission, isRoleAtLeast, isValidPermission, isValidRole, parseRole, roleHasPermission, } from './permissions';
+//# sourceMappingURL=index.d.ts.map

package/dist/rbac/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/rbac/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,YAAY,EACV,UAAU,EACV,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,IAAI,EACJ,cAAc,EACd,YAAY,EACZ,cAAc,EACd,kBAAkB,GACnB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,WAAW,EACX,cAAc,EACd,aAAa,EACb,gBAAgB,EAChB,KAAK,GACN,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,aAAa,EACb,eAAe,EACf,sBAAsB,EACtB,YAAY,EACZ,wBAAwB,EACxB,uBAAuB,EACvB,2BAA2B,EAC3B,iBAAiB,EACjB,gBAAgB,EAChB,aAAa,EACb,aAAa,EACb,iBAAiB,EACjB,WAAW,EACX,SAAS,EACT,iBAAiB,GAClB,MAAM,eAAe,CAAC"}

package/dist/rbac/index.js

@@ -0,0 +1,32 @@
+"use strict";
+/**
+ * RBAC Module - Role-Based Access Control
+ *
+ * Exports all RBAC types, permissions, and utilities.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.roleHasPermission = exports.parseRole = exports.isValidRole = exports.isValidPermission = exports.isRoleAtLeast = exports.hasPermission = exports.hasAnyPermission = exports.hasAllPermissions = exports.getMinimumRoleForPermission = exports.getEffectivePermissions = exports.generatePermissionMatrix = exports.compareRoles = exports.checkTierAndPermission = exports.canRemoveMember = exports.canAssignRole = exports.ROLES = exports.ROLE_PERMISSIONS = exports.ROLE_METADATA = exports.ROLE_HIERARCHY = exports.PERMISSIONS = void 0;
+// Values
+var types_1 = require("./types");
+Object.defineProperty(exports, "PERMISSIONS", { enumerable: true, get: function () { return types_1.PERMISSIONS; } });
+Object.defineProperty(exports, "ROLE_HIERARCHY", { enumerable: true, get: function () { return types_1.ROLE_HIERARCHY; } });
+Object.defineProperty(exports, "ROLE_METADATA", { enumerable: true, get: function () { return types_1.ROLE_METADATA; } });
+Object.defineProperty(exports, "ROLE_PERMISSIONS", { enumerable: true, get: function () { return types_1.ROLE_PERMISSIONS; } });
+Object.defineProperty(exports, "ROLES", { enumerable: true, get: function () { return types_1.ROLES; } });
+// Permission checking
+var permissions_1 = require("./permissions");
+Object.defineProperty(exports, "canAssignRole", { enumerable: true, get: function () { return permissions_1.canAssignRole; } });
+Object.defineProperty(exports, "canRemoveMember", { enumerable: true, get: function () { return permissions_1.canRemoveMember; } });
+Object.defineProperty(exports, "checkTierAndPermission", { enumerable: true, get: function () { return permissions_1.checkTierAndPermission; } });
+Object.defineProperty(exports, "compareRoles", { enumerable: true, get: function () { return permissions_1.compareRoles; } });
+Object.defineProperty(exports, "generatePermissionMatrix", { enumerable: true, get: function () { return permissions_1.generatePermissionMatrix; } });
+Object.defineProperty(exports, "getEffectivePermissions", { enumerable: true, get: function () { return permissions_1.getEffectivePermissions; } });
+Object.defineProperty(exports, "getMinimumRoleForPermission", { enumerable: true, get: function () { return permissions_1.getMinimumRoleForPermission; } });
+Object.defineProperty(exports, "hasAllPermissions", { enumerable: true, get: function () { return permissions_1.hasAllPermissions; } });
+Object.defineProperty(exports, "hasAnyPermission", { enumerable: true, get: function () { return permissions_1.hasAnyPermission; } });
+Object.defineProperty(exports, "hasPermission", { enumerable: true, get: function () { return permissions_1.hasPermission; } });
+Object.defineProperty(exports, "isRoleAtLeast", { enumerable: true, get: function () { return permissions_1.isRoleAtLeast; } });
+Object.defineProperty(exports, "isValidPermission", { enumerable: true, get: function () { return permissions_1.isValidPermission; } });
+Object.defineProperty(exports, "isValidRole", { enumerable: true, get: function () { return permissions_1.isValidRole; } });
+Object.defineProperty(exports, "parseRole", { enumerable: true, get: function () { return permissions_1.parseRole; } });
+Object.defineProperty(exports, "roleHasPermission", { enumerable: true, get: function () { return permissions_1.roleHasPermission; } });

package/dist/rbac/permissions.d.ts

@@ -0,0 +1,71 @@
+/**
+ * RBAC Permission Checker
+ *
+ * Core permission checking logic for role-based access control.
+ * Provides functions to verify user permissions against required permissions.
+ */
+import { Tier } from '../tier-config';
+import { Permission, PermissionCheck, PermissionMatrix, RBACContext, Role } from './types';
+/**
+ * Check if a role has a specific permission
+ */
+export declare function roleHasPermission(role: Role, permission: Permission): boolean;
+/**
+ * Check if a user has a specific permission based on their role
+ */
+export declare function hasPermission(context: RBACContext, permission: Permission): PermissionCheck;
+/**
+ * Check if a user has ALL of the specified permissions
+ */
+export declare function hasAllPermissions(context: RBACContext, permissions: Permission[]): PermissionCheck;
+/**
+ * Check if a user has ANY of the specified permissions
+ */
+export declare function hasAnyPermission(context: RBACContext, permissions: Permission[]): PermissionCheck;
+/**
+ * Compare two roles and return their relative hierarchy
+ * Returns positive if role1 > role2, negative if role1 < role2, 0 if equal
+ */
+export declare function compareRoles(role1: Role, role2: Role): number;
+/**
+ * Check if role1 is higher than or equal to role2 in the hierarchy
+ */
+export declare function isRoleAtLeast(role: Role, minimumRole: Role): boolean;
+/**
+ * Get the minimum role required for a specific permission
+ */
+export declare function getMinimumRoleForPermission(permission: Permission): Role;
+/**
+ * Get all permissions for a role (including inherited)
+ */
+export declare function getEffectivePermissions(role: Role): Permission[];
+/**
+ * Check if a tier allows a specific operation with RBAC
+ */
+export declare function checkTierAndPermission(context: RBACContext, permission: Permission, requiredTier: Tier): PermissionCheck;
+/**
+ * Generate a permission matrix for UI display
+ */
+export declare function generatePermissionMatrix(): PermissionMatrix;
+/**
+ * Check if a user can assign a specific role to another user
+ * Users can only assign roles lower than their own
+ */
+export declare function canAssignRole(assignerRole: Role, targetRole: Role): PermissionCheck;
+/**
+ * Check if a user can remove another user from the team
+ */
+export declare function canRemoveMember(removerRole: Role, targetRole: Role): PermissionCheck;
+/**
+ * Validate if a string is a valid role
+ */
+export declare function isValidRole(role: string): role is Role;
+/**
+ * Validate if a string is a valid permission
+ */
+export declare function isValidPermission(permission: string): permission is Permission;
+/**
+ * Get role from string with validation
+ */
+export declare function parseRole(role: string): Role | null;
+//# sourceMappingURL=permissions.d.ts.map

package/dist/rbac/permissions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../../src/rbac/permissions.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,IAAI,EAAc,MAAM,gBAAgB,CAAC;AAClD,OAAO,EACL,UAAU,EAEV,eAAe,EACf,gBAAgB,EAChB,WAAW,EACX,IAAI,EAIL,MAAM,SAAS,CAAC;AAMjB;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,UAAU,GAAG,OAAO,CAG7E;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,WAAW,EACpB,UAAU,EAAE,UAAU,GACrB,eAAe,CAqBjB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,WAAW,EACpB,WAAW,EAAE,UAAU,EAAE,GACxB,eAAe,CAkBjB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,WAAW,EACpB,WAAW,EAAE,UAAU,EAAE,GACxB,eAAe,CAYjB;AAMD;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,GAAG,MAAM,CAE7D;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,GAAG,OAAO,CAEpE;AAED;;GAEG;AACH,wBAAgB,2BAA2B,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI,CAYxE;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,IAAI,GAAG,UAAU,EAAE,CAEhE;AAMD;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,WAAW,EACpB,UAAU,EAAE,UAAU,EACtB,YAAY,EAAE,IAAI,GACjB,eAAe,CAqBjB;AAMD;;GAEG;AACH,wBAAgB,wBAAwB,IAAI,gBAAgB,CAe3D;AAMD;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,YAAY,EAAE,IAAI,EAClB,UAAU,EAAE,IAAI,GACf,eAAe,CAsBjB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,WAAW,EAAE,IAAI,EACjB,UAAU,EAAE,IAAI,GACf,eAAe,CA0BjB;AAMD;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,IAAI,IAAI,CAEtD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,IAAI,UAAU,CAE9E;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI,CAEnD"}