permissions-contractx 1.0.2 → 1.1.0

package/dist/constants/security.constants.d.ts

@@ -3,75 +3,75 @@
  * Implements complete role hierarchy for client/provider contract management
  */
 export declare const CONTRACTX_ROLES: {
-    readonly SUPERADMIN: "superadmin";
-    readonly CLIENT_CONTRACT_ADMIN: "client_contract_admin";
-    readonly CLIENT_PERFORMANCE_RESP: "client_performance_resp";
-    readonly CLIENT_FINANCE_RESP: "client_finance_resp";
-    readonly CLIENT_REPORTS_RESP: "client_reports_resp";
-    readonly CLIENT_RELATIONSHIP_RESP: "client_relationship_resp";
-    readonly CLIENT_RISK_RESP: "client_risk_resp";
-    readonly PROVIDER_CONTRACT_ADMIN: "provider_contract_admin";
-    readonly PROVIDER_PERFORMANCE_RESP: "provider_performance_resp";
-    readonly PROVIDER_FINANCE_RESP: "provider_finance_resp";
-    readonly PROVIDER_REPORTS_RESP: "provider_reports_resp";
-    readonly PROVIDER_RELATIONSHIP_RESP: "provider_relationship_resp";
-    readonly PROVIDER_RISK_RESP: "provider_risk_resp";
-    readonly SUPPORT: "support";
+    SUPERADMIN: string;
+    CLIENT_CONTRACT_ADMIN: string;
+    CLIENT_PERFORMANCE_RESP: string;
+    CLIENT_FINANCE_RESP: string;
+    CLIENT_REPORTS_RESP: string;
+    CLIENT_RELATIONSHIP_RESP: string;
+    CLIENT_RISK_RESP: string;
+    PROVIDER_CONTRACT_ADMIN: string;
+    PROVIDER_PERFORMANCE_RESP: string;
+    PROVIDER_FINANCE_RESP: string;
+    PROVIDER_REPORTS_RESP: string;
+    PROVIDER_RELATIONSHIP_RESP: string;
+    PROVIDER_RISK_RESP: string;
+    SUPPORT: string;
 };
 /**
  * ODS Role Hierarchy Levels - Exact hierarchy from Excel specification
  * Higher numbers indicate higher privileges
  */
 export declare const ROLE_HIERARCHY: {
-    readonly superadmin: 100;
-    readonly support: 85;
-    readonly client_contract_admin: 80;
-    readonly client_performance_resp: 70;
-    readonly client_finance_resp: 70;
-    readonly client_reports_resp: 65;
-    readonly client_relationship_resp: 65;
-    readonly client_risk_resp: 65;
-    readonly provider_contract_admin: 80;
-    readonly provider_performance_resp: 70;
-    readonly provider_finance_resp: 70;
-    readonly provider_reports_resp: 65;
-    readonly provider_relationship_resp: 65;
-    readonly provider_risk_resp: 65;
+    [CONTRACTX_ROLES.SUPERADMIN]: number;
+    [CONTRACTX_ROLES.SUPPORT]: number;
+    [CONTRACTX_ROLES.CLIENT_CONTRACT_ADMIN]: number;
+    [CONTRACTX_ROLES.CLIENT_PERFORMANCE_RESP]: number;
+    [CONTRACTX_ROLES.CLIENT_FINANCE_RESP]: number;
+    [CONTRACTX_ROLES.CLIENT_REPORTS_RESP]: number;
+    [CONTRACTX_ROLES.CLIENT_RELATIONSHIP_RESP]: number;
+    [CONTRACTX_ROLES.CLIENT_RISK_RESP]: number;
+    [CONTRACTX_ROLES.PROVIDER_CONTRACT_ADMIN]: number;
+    [CONTRACTX_ROLES.PROVIDER_PERFORMANCE_RESP]: number;
+    [CONTRACTX_ROLES.PROVIDER_FINANCE_RESP]: number;
+    [CONTRACTX_ROLES.PROVIDER_REPORTS_RESP]: number;
+    [CONTRACTX_ROLES.PROVIDER_RELATIONSHIP_RESP]: number;
+    [CONTRACTX_ROLES.PROVIDER_RISK_RESP]: number;
 };
 /**
  * Permission Categories for organization
  */
 export declare const PERMISSION_CATEGORIES: {
-    readonly USER_MANAGEMENT: "User Management";
-    readonly ROLE_MANAGEMENT: "Role Management";
-    readonly PERMISSION_MANAGEMENT: "Permission Management";
-    readonly CLIENT_MANAGEMENT: "Client Management";
-    readonly PROVIDER_MANAGEMENT: "Provider Management";
-    readonly CONTRACT_MANAGEMENT: "Contract Management";
-    readonly DOCUMENT_MANAGEMENT: "Document Management";
-    readonly DELIVERABLE_MANAGEMENT: "Deliverable Management";
-    readonly PERFORMANCE_MANAGEMENT: "Performance Management";
-    readonly FINANCIAL_MANAGEMENT: "Financial Management";
-    readonly COMMUNICATION_MANAGEMENT: "Communication Management";
-    readonly SYSTEM_ADMINISTRATION: "System Administration";
+    USER_MANAGEMENT: string;
+    ROLE_MANAGEMENT: string;
+    PERMISSION_MANAGEMENT: string;
+    CLIENT_MANAGEMENT: string;
+    PROVIDER_MANAGEMENT: string;
+    CONTRACT_MANAGEMENT: string;
+    DOCUMENT_MANAGEMENT: string;
+    DELIVERABLE_MANAGEMENT: string;
+    PERFORMANCE_MANAGEMENT: string;
+    FINANCIAL_MANAGEMENT: string;
+    COMMUNICATION_MANAGEMENT: string;
+    SYSTEM_ADMINISTRATION: string;
 };
 /**
  * ODS Role Groups for easy assignment and management
  */
 export declare const ROLE_GROUPS: {
-    readonly ADMIN_ROLES: readonly ["superadmin", "client_contract_admin", "provider_contract_admin"];
-    readonly CLIENT_ROLES: readonly ["client_contract_admin", "client_performance_resp", "client_finance_resp", "client_reports_resp", "client_relationship_resp", "client_risk_resp"];
-    readonly PROVIDER_ROLES: readonly ["provider_contract_admin", "provider_performance_resp", "provider_finance_resp", "provider_reports_resp", "provider_relationship_resp", "provider_risk_resp"];
-    readonly MANAGER_ROLES: readonly ["client_contract_admin", "provider_contract_admin", "client_performance_resp", "provider_performance_resp", "client_finance_resp", "provider_finance_resp"];
-    readonly VIEWER_ROLES: readonly ["client_reports_resp", "provider_reports_resp"];
-    readonly RESPONSIBILITY_ROLES: readonly ["client_performance_resp", "client_finance_resp", "client_reports_resp", "client_relationship_resp", "client_risk_resp", "provider_performance_resp", "provider_finance_resp", "provider_reports_resp", "provider_relationship_resp", "provider_risk_resp"];
-    readonly SYSTEM_ROLES: readonly ["superadmin", "support"];
+    ADMIN_ROLES: string[];
+    CLIENT_ROLES: string[];
+    PROVIDER_ROLES: string[];
+    MANAGER_ROLES: string[];
+    VIEWER_ROLES: string[];
+    RESPONSIBILITY_ROLES: string[];
+    SYSTEM_ROLES: string[];
 };
 /**
  * Module constants for metadata
  */
 export declare const MODULE_CONSTANTS: {
-    readonly MODULE_OPTIONS_TOKEN: "PERMISSIONS_CONTRACTX_MODULE_OPTIONS";
-    readonly JWT_CONFIG_TOKEN: "PERMISSIONS_CONTRACTX_JWT_CONFIG";
+    MODULE_OPTIONS_TOKEN: string;
+    JWT_CONFIG_TOKEN: string;
 };
 //# sourceMappingURL=security.constants.d.ts.map

package/dist/constants/security.constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"security.constants.d.ts","sourceRoot":"","sources":["../../src/constants/security.constants.ts"],"names":[],"mappings":"AAaA;;;GAGG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;CAsBlB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;CAmBjB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;CAaxB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,WAAW;;;;;;;;CAwDd,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;CAGnB,CAAC"}
+{"version":3,"file":"security.constants.d.ts","sourceRoot":"","sources":["../../src/constants/security.constants.ts"],"names":[],"mappings":"AAYA;;;GAGG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;CAmB3B,CAAC;AACF;;;GAGG;AACH,eAAO,MAAM,cAAc;IACvB,CAAC,eAAe,CAAC,UAAU,CAAC,SAAK;IACjC,CAAC,eAAe,CAAC,OAAO,CAAC,SAAI;IAE7B,CAAC,eAAe,CAAC,qBAAqB,CAAC,SAAI;IAC3C,CAAC,eAAe,CAAC,uBAAuB,CAAC,SAAI;IAC7C,CAAC,eAAe,CAAC,mBAAmB,CAAC,SAAI;IACzC,CAAC,eAAe,CAAC,mBAAmB,CAAC,SAAI;IACzC,CAAC,eAAe,CAAC,wBAAwB,CAAC,SAAI;IAC9C,CAAC,eAAe,CAAC,gBAAgB,CAAC,SAAI;IAEtC,CAAC,eAAe,CAAC,uBAAuB,CAAC,SAAI;IAC7C,CAAC,eAAe,CAAC,yBAAyB,CAAC,SAAI;IAC/C,CAAC,eAAe,CAAC,qBAAqB,CAAC,SAAI;IAC3C,CAAC,eAAe,CAAC,qBAAqB,CAAC,SAAI;IAC3C,CAAC,eAAe,CAAC,0BAA0B,CAAC,SAAI;IAChD,CAAC,eAAe,CAAC,kBAAkB,CAAC,SAAI;CAC3C,CAAC;AACF;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;CAajC,CAAC;AACF;;GAEG;AACH,eAAO,MAAM,WAAW;;;;;;;;CAkDvB,CAAC;AACF;;GAEG;AACH,eAAO,MAAM,gBAAgB;;;CAG5B,CAAC"}

package/dist/constants/security.constants.js

@@ -1,4 +1,6 @@
 "use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MODULE_CONSTANTS = exports.ROLE_GROUPS = exports.PERMISSION_CATEGORIES = exports.ROLE_HIERARCHY = exports.CONTRACTX_ROLES = void 0;
 // ===================================================================
 // ContractX ODS (Operational Data Store) Security Constants
 // ===================================================================
@@ -11,8 +13,6 @@
 //
 // Version: 2.0.0 - ODS Complete Implementation
 // ===================================================================
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.MODULE_CONSTANTS = exports.ROLE_GROUPS = exports.PERMISSION_CATEGORIES = exports.ROLE_HIERARCHY = exports.CONTRACTX_ROLES = void 0;
 /**
  * ODS Roles - Exact 16 roles from Excel specification
  * Implements complete role hierarchy for client/provider contract management

package/dist/decorators/current-user.decorator.d.ts

@@ -1,4 +1,3 @@
-import { JwtPayload } from '../interfaces';
 /**
  * Parameter decorator to inject the current authenticated user into a route handler
  *
@@ -8,66 +7,19 @@ import { JwtPayload } from '../interfaces';
  *
  * @example
  * ```typescript
- * // Get full user object
  * @Get('profile')
  * getProfile(@CurrentUser() user: JwtPayload) {
  *   return user;
  * }
- *
- * // Get specific user property
- * @Post('action')
- * performAction(@CurrentUser('sub') userId: string) {
- *   // Only gets the user ID
- * }
- * ```
- */
-export declare const CurrentUser: (...dataOrPipes: (keyof JwtPayload | import("@nestjs/common").PipeTransform<any, any> | import("@nestjs/common").Type<import("@nestjs/common").PipeTransform<any, any>> | undefined)[]) => ParameterDecorator;
-/**
- * Decorator to get current user's ID
- *
- * @example
- * ```typescript
- * @Post('create')
- * createResource(@UserId() userId: string) {
- *   // Gets user.sub as userId
- * }
  * ```
  */
+export declare const CurrentUser: (...dataOrPipes: (string | import("@nestjs/common").PipeTransform<any, any> | import("@nestjs/common").Type<import("@nestjs/common").PipeTransform<any, any>>)[]) => ParameterDecorator;
+/** Decorator to get current user's ID */
 export declare const UserId: (...dataOrPipes: unknown[]) => ParameterDecorator;
-/**
- * Decorator to get current user's roles
- *
- * @example
- * ```typescript
- * @Get('roles')
- * getUserRoles(@UserRoles() roles: string[]) {
- *   return { roles };
- * }
- * ```
- */
+/** Decorator to get current user's roles */
 export declare const UserRoles: (...dataOrPipes: unknown[]) => ParameterDecorator;
-/**
- * Decorator to get current user's permissions
- *
- * @example
- * ```typescript
- * @Get('permissions')
- * getUserPermissions(@UserPermissions() permissions: string[]) {
- *   return { permissions };
- * }
- * ```
- */
+/** Decorator to get current user's permissions */
 export declare const UserPermissions: (...dataOrPipes: unknown[]) => ParameterDecorator;
-/**
- * Decorator to get current user's client ID
- *
- * @example
- * ```typescript
- * @Get('client-data')
- * getClientData(@UserClientId() clientId: string) {
- *   // Gets user.clientId
- * }
- * ```
- */
+/** Decorator to get current user's client ID */
 export declare const UserClientId: (...dataOrPipes: unknown[]) => ParameterDecorator;
 //# sourceMappingURL=current-user.decorator.d.ts.map

package/dist/decorators/current-user.decorator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"current-user.decorator.d.ts","sourceRoot":"","sources":["../../src/decorators/current-user.decorator.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE3C;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,eAAO,MAAM,WAAW,+MAOvB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,MAAM,mDAKlB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,SAAS,mDAKrB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,eAAe,mDAK3B,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,YAAY,mDAKxB,CAAC"}
+{"version":3,"file":"current-user.decorator.d.ts","sourceRoot":"","sources":["../../src/decorators/current-user.decorator.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,WAAW,yLAItB,CAAC;AAEH,yCAAyC;AACzC,eAAO,MAAM,MAAM,mDAGjB,CAAC;AAEH,4CAA4C;AAC5C,eAAO,MAAM,SAAS,mDAGpB,CAAC;AAEH,kDAAkD;AAClD,eAAO,MAAM,eAAe,mDAG1B,CAAC;AAEH,gDAAgD;AAChD,eAAO,MAAM,YAAY,mDAGvB,CAAC"}

package/dist/decorators/current-user.decorator.js

@@ -11,17 +11,10 @@ const common_1 = require("@nestjs/common");
  *
  * @example
  * ```typescript
- * // Get full user object
  * @Get('profile')
  * getProfile(@CurrentUser() user: JwtPayload) {
  *   return user;
  * }
- *
- * // Get specific user property
- * @Post('action')
- * performAction(@CurrentUser('sub') userId: string) {
- *   // Only gets the user ID
- * }
  * ```
  */
 exports.CurrentUser = (0, common_1.createParamDecorator)((data, ctx) => {
@@ -29,62 +22,22 @@ exports.CurrentUser = (0, common_1.createParamDecorator)((data, ctx) => {
     const user = request.user;
     return data ? user?.[data] : user;
 });
-/**
- * Decorator to get current user's ID
- *
- * @example
- * ```typescript
- * @Post('create')
- * createResource(@UserId() userId: string) {
- *   // Gets user.sub as userId
- * }
- * ```
- */
+/** Decorator to get current user's ID */
 exports.UserId = (0, common_1.createParamDecorator)((_data, ctx) => {
     const request = ctx.switchToHttp().getRequest();
     return request.user?.sub;
 });
-/**
- * Decorator to get current user's roles
- *
- * @example
- * ```typescript
- * @Get('roles')
- * getUserRoles(@UserRoles() roles: string[]) {
- *   return { roles };
- * }
- * ```
- */
+/** Decorator to get current user's roles */
 exports.UserRoles = (0, common_1.createParamDecorator)((_data, ctx) => {
     const request = ctx.switchToHttp().getRequest();
     return request.user?.role || [];
 });
-/**
- * Decorator to get current user's permissions
- *
- * @example
- * ```typescript
- * @Get('permissions')
- * getUserPermissions(@UserPermissions() permissions: string[]) {
- *   return { permissions };
- * }
- * ```
- */
+/** Decorator to get current user's permissions */
 exports.UserPermissions = (0, common_1.createParamDecorator)((_data, ctx) => {
     const request = ctx.switchToHttp().getRequest();
     return request.user?.permissions || [];
 });
-/**
- * Decorator to get current user's client ID
- *
- * @example
- * ```typescript
- * @Get('client-data')
- * getClientData(@UserClientId() clientId: string) {
- *   // Gets user.clientId
- * }
- * ```
- */
+/** Decorator to get current user's client ID */
 exports.UserClientId = (0, common_1.createParamDecorator)((_data, ctx) => {
     const request = ctx.switchToHttp().getRequest();
     return request.user?.clientId;

package/dist/decorators/index.d.ts

@@ -2,4 +2,5 @@ export * from './public.decorator';
 export * from './roles.decorator';
 export * from './permissions.decorator';
 export * from './current-user.decorator';
+export * from './permission-writes.decorator';
 //# sourceMappingURL=index.d.ts.map

package/dist/decorators/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/decorators/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/decorators/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,yBAAyB,CAAC;AACxC,cAAc,0BAA0B,CAAC;AACzC,cAAc,+BAA+B,CAAC"}

package/dist/decorators/index.js

@@ -18,3 +18,4 @@ __exportStar(require("./public.decorator"), exports);
 __exportStar(require("./roles.decorator"), exports);
 __exportStar(require("./permissions.decorator"), exports);
 __exportStar(require("./current-user.decorator"), exports);
+__exportStar(require("./permission-writes.decorator"), exports);

package/dist/decorators/permission-writes.decorator.d.ts

@@ -0,0 +1,14 @@
+/**
+ * [ADR-004 Fase 2 / Bloque 1] Override del eje lectura/escritura (D3) que usa el
+ * AuthorizationGuard para clasificar la petición, cuando el método HTTP no basta:
+ *  - @PermissionWrites(true)  → tratar como ESCRITURA (p.ej. un GET que muta).
+ *  - @PermissionWrites(false) → tratar como LECTURA (p.ej. búsqueda por POST).
+ * Sin el decorador, la clasificación cae por método HTTP (GET/HEAD/OPTIONS = lectura).
+ *
+ * Nota: `RequirePermissions` NO se define aquí — ya existe en
+ * permissions.decorator.ts (mismo metadata key 'permissions' que lee el guard).
+ * Este archivo solo añade lo que faltaba en el paquete.
+ */
+export declare const PERMISSION_WRITES_KEY = "permission_writes";
+export declare const PermissionWrites: (writes: boolean) => import("@nestjs/common").CustomDecorator<string>;
+//# sourceMappingURL=permission-writes.decorator.d.ts.map

package/dist/decorators/permission-writes.decorator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"permission-writes.decorator.d.ts","sourceRoot":"","sources":["../../src/decorators/permission-writes.decorator.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;GAUG;AACH,eAAO,MAAM,qBAAqB,sBAAsB,CAAC;AAEzD,eAAO,MAAM,gBAAgB,GAAI,QAAQ,OAAO,qDAA+C,CAAC"}

package/dist/decorators/permission-writes.decorator.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PermissionWrites = exports.PERMISSION_WRITES_KEY = void 0;
+const common_1 = require("@nestjs/common");
+/**
+ * [ADR-004 Fase 2 / Bloque 1] Override del eje lectura/escritura (D3) que usa el
+ * AuthorizationGuard para clasificar la petición, cuando el método HTTP no basta:
+ *  - @PermissionWrites(true)  → tratar como ESCRITURA (p.ej. un GET que muta).
+ *  - @PermissionWrites(false) → tratar como LECTURA (p.ej. búsqueda por POST).
+ * Sin el decorador, la clasificación cae por método HTTP (GET/HEAD/OPTIONS = lectura).
+ *
+ * Nota: `RequirePermissions` NO se define aquí — ya existe en
+ * permissions.decorator.ts (mismo metadata key 'permissions' que lee el guard).
+ * Este archivo solo añade lo que faltaba en el paquete.
+ */
+exports.PERMISSION_WRITES_KEY = 'permission_writes';
+const PermissionWrites = (writes) => (0, common_1.SetMetadata)(exports.PERMISSION_WRITES_KEY, writes);
+exports.PermissionWrites = PermissionWrites;

package/dist/decorators/permissions.decorator.d.ts

@@ -8,90 +8,32 @@ export declare const PERMISSIONS_KEY = "permissions";
  * User must have all specified permissions (AND logic).
  *
  * @param permissions - Array of permission codes required to access the route
- *
- * @example
- * ```typescript
- * @RequirePermissions('users.create', 'users.update')
- * @Post('users')
- * createUser() {
- *   // User must have both users.create AND users.update permissions
- * }
- * ```
  */
 export declare const RequirePermissions: (...permissions: string[]) => import("@nestjs/common").CustomDecorator<string>;
 /**
  * Decorator requiring any of the specified permissions (OR logic)
  *
  * @param permissions - Array of permission codes, user needs at least one
- *
- * @example
- * ```typescript
- * @RequireAnyPermission('users.read', 'users.show')
- * @Get('users/:id')
- * getUser() {
- *   // User needs either users.read OR users.show permission
- * }
- * ```
  */
 export declare const RequireAnyPermission: (...permissions: string[]) => import("@nestjs/common").CustomDecorator<string>;
 /**
  * Decorator for read access (show, read, filter)
- *
  * @param module - Module name (e.g., 'users', 'contracts')
- *
- * @example
- * ```typescript
- * @ReadAccess('users')
- * @Get('users')
- * getUsers() {
- *   // User needs users.read, users.show, or users.filter permission
- * }
- * ```
  */
 export declare const ReadAccess: (module: string) => import("@nestjs/common").CustomDecorator<string>;
 /**
  * Decorator for write access (create, update)
- *
  * @param module - Module name (e.g., 'users', 'contracts')
- *
- * @example
- * ```typescript
- * @WriteAccess('users')
- * @Put('users/:id')
- * updateUser() {
- *   // User needs users.create or users.update permission
- * }
- * ```
  */
 export declare const WriteAccess: (module: string) => import("@nestjs/common").CustomDecorator<string>;
 /**
  * Decorator for delete access
- *
  * @param module - Module name (e.g., 'users', 'contracts')
- *
- * @example
- * ```typescript
- * @DeleteAccess('users')
- * @Delete('users/:id')
- * deleteUser() {
- *   // User needs users.delete permission
- * }
- * ```
  */
 export declare const DeleteAccess: (module: string) => import("@nestjs/common").CustomDecorator<string>;
 /**
  * Decorator for full CRUD access to a module
- *
  * @param module - Module name (e.g., 'users', 'contracts')
- *
- * @example
- * ```typescript
- * @FullAccess('users')
- * @Controller('users')
- * export class UsersController {
- *   // All methods require full user module access
- * }
- * ```
  */
 export declare const FullAccess: (module: string) => import("@nestjs/common").CustomDecorator<string>;
 //# sourceMappingURL=permissions.decorator.d.ts.map

package/dist/decorators/permissions.decorator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"permissions.decorator.d.ts","sourceRoot":"","sources":["../../src/decorators/permissions.decorator.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,eAAe,gBAAgB,CAAC;AAE7C;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,kBAAkB,GAAI,GAAG,aAAa,MAAM,EAAE,qDAChB,CAAC;AAE5C;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,oBAAoB,GAAI,GAAG,aAAa,MAAM,EAAE,qDACjB,CAAC;AAE7C;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,UAAU,GAAI,QAAQ,MAAM,qDAKtC,CAAC;AAEJ;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,WAAW,GAAI,QAAQ,MAAM,qDAIvC,CAAC;AAEJ;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,YAAY,GAAI,QAAQ,MAAM,qDACH,CAAC;AAEzC;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,UAAU,GAAI,QAAQ,MAAM,qDAQtC,CAAC"}
+{"version":3,"file":"permissions.decorator.d.ts","sourceRoot":"","sources":["../../src/decorators/permissions.decorator.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,eAAe,gBAAgB,CAAC;AAE7C;;;;;;GAMG;AACH,eAAO,MAAM,kBAAkB,GAAI,GAAG,aAAa,MAAM,EAAE,qDAA8C,CAAC;AAE1G;;;;GAIG;AACH,eAAO,MAAM,oBAAoB,GAAI,GAAG,aAAa,MAAM,EAAE,qDAA+C,CAAC;AAE7G;;;GAGG;AACH,eAAO,MAAM,UAAU,GAAI,QAAQ,MAAM,qDACqC,CAAC;AAE/E;;;GAGG;AACH,eAAO,MAAM,WAAW,GAAI,QAAQ,MAAM,qDAAiE,CAAC;AAE5G;;;GAGG;AACH,eAAO,MAAM,YAAY,GAAI,QAAQ,MAAM,qDAA2C,CAAC;AAEvF;;;GAGG;AACH,eAAO,MAAM,UAAU,GAAI,QAAQ,MAAM,qDAQtC,CAAC"}

package/dist/decorators/permissions.decorator.js

@@ -12,15 +12,6 @@ exports.PERMISSIONS_KEY = 'permissions';
  * User must have all specified permissions (AND logic).
  *
  * @param permissions - Array of permission codes required to access the route
- *
- * @example
- * ```typescript
- * @RequirePermissions('users.create', 'users.update')
- * @Post('users')
- * createUser() {
- *   // User must have both users.create AND users.update permissions
- * }
- * ```
  */
 const RequirePermissions = (...permissions) => (0, common_1.SetMetadata)(exports.PERMISSIONS_KEY, permissions);
 exports.RequirePermissions = RequirePermissions;
@@ -28,79 +19,30 @@ exports.RequirePermissions = RequirePermissions;
  * Decorator requiring any of the specified permissions (OR logic)
  *
  * @param permissions - Array of permission codes, user needs at least one
- *
- * @example
- * ```typescript
- * @RequireAnyPermission('users.read', 'users.show')
- * @Get('users/:id')
- * getUser() {
- *   // User needs either users.read OR users.show permission
- * }
- * ```
  */
 const RequireAnyPermission = (...permissions) => (0, common_1.SetMetadata)('anyPermissions', permissions);
 exports.RequireAnyPermission = RequireAnyPermission;
 /**
  * Decorator for read access (show, read, filter)
- *
  * @param module - Module name (e.g., 'users', 'contracts')
- *
- * @example
- * ```typescript
- * @ReadAccess('users')
- * @Get('users')
- * getUsers() {
- *   // User needs users.read, users.show, or users.filter permission
- * }
- * ```
  */
 const ReadAccess = (module) => (0, exports.RequireAnyPermission)(`${module}.read`, `${module}.show`, `${module}.filter`);
 exports.ReadAccess = ReadAccess;
 /**
  * Decorator for write access (create, update)
- *
  * @param module - Module name (e.g., 'users', 'contracts')
- *
- * @example
- * ```typescript
- * @WriteAccess('users')
- * @Put('users/:id')
- * updateUser() {
- *   // User needs users.create or users.update permission
- * }
- * ```
  */
 const WriteAccess = (module) => (0, exports.RequireAnyPermission)(`${module}.create`, `${module}.update`);
 exports.WriteAccess = WriteAccess;
 /**
  * Decorator for delete access
- *
  * @param module - Module name (e.g., 'users', 'contracts')
- *
- * @example
- * ```typescript
- * @DeleteAccess('users')
- * @Delete('users/:id')
- * deleteUser() {
- *   // User needs users.delete permission
- * }
- * ```
  */
 const DeleteAccess = (module) => (0, exports.RequirePermissions)(`${module}.delete`);
 exports.DeleteAccess = DeleteAccess;
 /**
  * Decorator for full CRUD access to a module
- *
  * @param module - Module name (e.g., 'users', 'contracts')
- *
- * @example
- * ```typescript
- * @FullAccess('users')
- * @Controller('users')
- * export class UsersController {
- *   // All methods require full user module access
- * }
- * ```
  */
 const FullAccess = (module) => (0, exports.RequireAnyPermission)(`${module}.create`, `${module}.read`, `${module}.update`, `${module}.delete`, `${module}.show`, `${module}.filter`);
 exports.FullAccess = FullAccess;

package/dist/decorators/roles.decorator.d.ts

@@ -8,68 +8,15 @@ export declare const ROLES_KEY = "roles";
  * User must have at least one of the specified roles (OR logic).
  *
  * @param roles - Array of role names required to access the route
- *
- * @example
- * ```typescript
- * @Roles('superadmin', 'client_contract_admin')
- * @Get('admin-data')
- * getAdminData() {
- *   // Only users with superadmin OR client_contract_admin role
- * }
- * ```
  */
 export declare const Roles: (...roles: string[]) => import("@nestjs/common").CustomDecorator<string>;
-/**
- * Decorator for ContractX specific admin roles
- *
- * @example
- * ```typescript
- * @AdminOnly()
- * @Delete(':id')
- * deleteResource() {
- *   // Only admin roles can access
- * }
- * ```
- */
+/** Decorator for ContractX specific admin roles */
 export declare const AdminOnly: () => import("@nestjs/common").CustomDecorator<string>;
-/**
- * Decorator for client-side roles only
- *
- * @example
- * ```typescript
- * @ClientOnly()
- * @Get('client-data')
- * getClientData() {
- *   // Only client-side roles can access
- * }
- * ```
- */
+/** Decorator for client-side roles only */
 export declare const ClientOnly: () => import("@nestjs/common").CustomDecorator<string>;
-/**
- * Decorator for provider-side roles only
- *
- * @example
- * ```typescript
- * @ProviderOnly()
- * @Get('provider-data')
- * getProviderData() {
- *   // Only provider-side roles can access
- * }
- * ```
- */
+/** Decorator for provider-side roles only */
 export declare const ProviderOnly: () => import("@nestjs/common").CustomDecorator<string>;
-/**
- * Decorator for superadmin access only
- *
- * @example
- * ```typescript
- * @SuperAdminOnly()
- * @Post('system/configure')
- * configureSystem() {
- *   // Only superadmin can access
- * }
- * ```
- */
+/** Decorator for superadmin access only */
 export declare const SuperAdminOnly: () => import("@nestjs/common").CustomDecorator<string>;
 /**
  * Alias for Roles decorator for backward compatibility

package/dist/decorators/roles.decorator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"roles.decorator.d.ts","sourceRoot":"","sources":["../../src/decorators/roles.decorator.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,SAAS,UAAU,CAAC;AAEjC;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,KAAK,GAAI,GAAG,OAAO,MAAM,EAAE,qDAAkC,CAAC;AAE3E;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,SAAS,wDAIrB,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,UAAU,wDAOtB,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,YAAY,wDAOxB,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,cAAc,wDAA4B,CAAC;AAExD;;;GAGG;AACH,eAAO,MAAM,YAAY,aAhFO,MAAM,EAAE,qDAgFP,CAAC"}
+{"version":3,"file":"roles.decorator.d.ts","sourceRoot":"","sources":["../../src/decorators/roles.decorator.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,eAAO,MAAM,SAAS,UAAU,CAAC;AAEjC;;;;;;GAMG;AACH,eAAO,MAAM,KAAK,GAAI,GAAG,OAAO,MAAM,EAAE,qDAAkC,CAAC;AAK3E,mDAAmD;AACnD,eAAO,MAAM,SAAS,wDAAgF,CAAC;AAEvG,2CAA2C;AAC3C,eAAO,MAAM,UAAU,wDAQpB,CAAC;AAEJ,6CAA6C;AAC7C,eAAO,MAAM,YAAY,wDAQtB,CAAC;AAEJ,2CAA2C;AAC3C,eAAO,MAAM,cAAc,wDAA4B,CAAC;AAExD;;;GAGG;AACH,eAAO,MAAM,YAAY,aArCO,MAAM,EAAE,qDAqCP,CAAC"}