raffel 1.1.5 → 1.1.6

package/dist/middleware/policy/co-located/resolver.d.ts

@@ -0,0 +1,83 @@
+/**
+ * Co-located policy resolver — pure module, no I/O.
+ *
+ * Given a list of discovered route descriptors (handler file paths + procedure
+ * names) and a list of parsed policy file descriptors, return the ordered list
+ * of policies that apply to each route.
+ *
+ * Tracer-bullet (#92) supports only the `sibling` kind: a `<handler>.policy.*`
+ * file living next to a handler. Folder cascade (#93), resource (#94), channel
+ * (#95), and `match` patterns (#96) reuse the same descriptor shape and extend
+ * this resolver.
+ */
+import type { Policy } from '../types.js';
+export interface RouteDescriptor {
+    /** Resolved procedure name (e.g. `users/:id/get`). */
+    name: string;
+    /** Absolute path of the handler file. */
+    filePath: string;
+}
+export type PolicyFileKind = 'sibling' | 'folder';
+export interface PolicyFileDescriptor {
+    /** Absolute path of the policy file. */
+    filePath: string;
+    /** Parsed and validated policies from this file. */
+    policies: readonly Policy[];
+    /** Source kind for diagnostics and precedence. */
+    kind: PolicyFileKind;
+    /**
+     * For `folder` kind: the directory whose handlers (recursively) the file
+     * covers. Sibling files leave this undefined.
+     */
+    dir?: string;
+}
+export interface PolicySource {
+    filePath: string;
+    kind: PolicyFileKind;
+}
+export interface RoutePolicyDescriptor {
+    /** Procedure name this descriptor applies to. */
+    name: string;
+    /** Handler file path (1:1 with the route descriptor). */
+    filePath: string;
+    /** Policies in apply order. Tracer-bullet emits the sibling file's policies. */
+    policies: Policy[];
+    /** File paths contributing to this descriptor (diagnostics). */
+    sources: PolicySource[];
+}
+/**
+ * Strip a `.policy.{yaml,yml,json}` suffix from a path. Returns null when the
+ * file is not a policy file.
+ */
+export declare function policyFileBaseKey(policyPath: string): string | null;
+/**
+ * Strip the source extension from a handler path so it can be paired with a
+ * policy file. We compare on the extension-less prefix because handlers may
+ * be `.ts` or `.js` while sibling policies are `.yaml`/`.yml`/`.json`.
+ */
+export declare function handlerBaseKey(handlerPath: string): string;
+/**
+ * Walk ancestor directories from a handler file up to (and including) the
+ * provided root, returning the chain in broader→closer order. The handler's
+ * own directory is the last entry. When `rootDir` is omitted the walk stops
+ * at the filesystem root (loop guard via `parent === cur`).
+ */
+export declare function ancestorDirs(handlerPath: string, rootDir?: string): string[];
+/**
+ * Match policy files to routes. Resolves both sibling files (`<handler>.policy.*`)
+ * and folder cascades (`_policy.*` in any ancestor directory). Apply order
+ * inside each route descriptor is broader→closer, with the sibling (when
+ * present) appended last so deny semantics in the engine still bite.
+ */
+export declare function resolveCoLocatedPolicies(routes: readonly RouteDescriptor[], policyFiles: readonly PolicyFileDescriptor[]): RoutePolicyDescriptor[];
+/**
+ * Helper for the loader: list every supported policy filename for a given
+ * handler. Caller checks each candidate against its discovery source.
+ */
+export declare function siblingPolicyCandidates(handlerPath: string): string[];
+/**
+ * Helper for the loader: list every supported `_policy.*` filename inside a
+ * directory. Caller checks each candidate against its discovery source.
+ */
+export declare function folderPolicyCandidates(dir: string): string[];
+//# sourceMappingURL=resolver.d.ts.map

package/dist/middleware/policy/co-located/resolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolver.d.ts","sourceRoot":"","sources":["../../../../src/middleware/policy/co-located/resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAEzC,MAAM,WAAW,eAAe;IAC9B,sDAAsD;IACtD,IAAI,EAAE,MAAM,CAAA;IACZ,yCAAyC;IACzC,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,QAAQ,CAAA;AAEjD,MAAM,WAAW,oBAAoB;IACnC,wCAAwC;IACxC,QAAQ,EAAE,MAAM,CAAA;IAChB,oDAAoD;IACpD,QAAQ,EAAE,SAAS,MAAM,EAAE,CAAA;IAC3B,kDAAkD;IAClD,IAAI,EAAE,cAAc,CAAA;IACpB;;;OAGG;IACH,GAAG,CAAC,EAAE,MAAM,CAAA;CACb;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAA;IAChB,IAAI,EAAE,cAAc,CAAA;CACrB;AAED,MAAM,WAAW,qBAAqB;IACpC,iDAAiD;IACjD,IAAI,EAAE,MAAM,CAAA;IACZ,yDAAyD;IACzD,QAAQ,EAAE,MAAM,CAAA;IAChB,gFAAgF;IAChF,QAAQ,EAAE,MAAM,EAAE,CAAA;IAClB,gEAAgE;IAChE,OAAO,EAAE,YAAY,EAAE,CAAA;CACxB;AAMD;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAMnE;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAI1D;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAW5E;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,SAAS,eAAe,EAAE,EAClC,WAAW,EAAE,SAAS,oBAAoB,EAAE,GAC3C,qBAAqB,EAAE,CAuCzB;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,EAAE,CAGrE;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,CAE5D"}

package/dist/middleware/policy/co-located/resolver.js

@@ -0,0 +1,122 @@
+/**
+ * Co-located policy resolver — pure module, no I/O.
+ *
+ * Given a list of discovered route descriptors (handler file paths + procedure
+ * names) and a list of parsed policy file descriptors, return the ordered list
+ * of policies that apply to each route.
+ *
+ * Tracer-bullet (#92) supports only the `sibling` kind: a `<handler>.policy.*`
+ * file living next to a handler. Folder cascade (#93), resource (#94), channel
+ * (#95), and `match` patterns (#96) reuse the same descriptor shape and extend
+ * this resolver.
+ */
+import { dirname, extname } from 'node:path';
+const POLICY_EXTENSIONS = ['.yaml', '.yml', '.json'];
+const POLICY_INFIX = '.policy';
+const FOLDER_POLICY_BASENAME = '_policy';
+/**
+ * Strip a `.policy.{yaml,yml,json}` suffix from a path. Returns null when the
+ * file is not a policy file.
+ */
+export function policyFileBaseKey(policyPath) {
+    const ext = extname(policyPath);
+    if (!POLICY_EXTENSIONS.includes(ext))
+        return null;
+    const stem = policyPath.slice(0, -ext.length);
+    if (!stem.endsWith(POLICY_INFIX))
+        return null;
+    return stem.slice(0, -POLICY_INFIX.length);
+}
+/**
+ * Strip the source extension from a handler path so it can be paired with a
+ * policy file. We compare on the extension-less prefix because handlers may
+ * be `.ts` or `.js` while sibling policies are `.yaml`/`.yml`/`.json`.
+ */
+export function handlerBaseKey(handlerPath) {
+    const ext = extname(handlerPath);
+    if (!ext)
+        return handlerPath;
+    return handlerPath.slice(0, -ext.length);
+}
+/**
+ * Walk ancestor directories from a handler file up to (and including) the
+ * provided root, returning the chain in broader→closer order. The handler's
+ * own directory is the last entry. When `rootDir` is omitted the walk stops
+ * at the filesystem root (loop guard via `parent === cur`).
+ */
+export function ancestorDirs(handlerPath, rootDir) {
+    const chain = [];
+    let cur = dirname(handlerPath);
+    while (true) {
+        chain.unshift(cur);
+        if (rootDir !== undefined && cur === rootDir)
+            break;
+        const parent = dirname(cur);
+        if (parent === cur)
+            break;
+        cur = parent;
+    }
+    return chain;
+}
+/**
+ * Match policy files to routes. Resolves both sibling files (`<handler>.policy.*`)
+ * and folder cascades (`_policy.*` in any ancestor directory). Apply order
+ * inside each route descriptor is broader→closer, with the sibling (when
+ * present) appended last so deny semantics in the engine still bite.
+ */
+export function resolveCoLocatedPolicies(routes, policyFiles) {
+    const siblingByKey = new Map();
+    const folderByDir = new Map();
+    for (const file of policyFiles) {
+        if (file.kind === 'sibling') {
+            const key = policyFileBaseKey(file.filePath);
+            if (key)
+                siblingByKey.set(key, file);
+        }
+        else if (file.kind === 'folder' && file.dir) {
+            folderByDir.set(file.dir, file);
+        }
+    }
+    const out = [];
+    for (const route of routes) {
+        const policies = [];
+        const sources = [];
+        for (const dir of ancestorDirs(route.filePath)) {
+            const folder = folderByDir.get(dir);
+            if (!folder)
+                continue;
+            policies.push(...folder.policies);
+            sources.push({ filePath: folder.filePath, kind: 'folder' });
+        }
+        const sibling = siblingByKey.get(handlerBaseKey(route.filePath));
+        if (sibling) {
+            policies.push(...sibling.policies);
+            sources.push({ filePath: sibling.filePath, kind: 'sibling' });
+        }
+        if (sources.length === 0)
+            continue;
+        out.push({
+            name: route.name,
+            filePath: route.filePath,
+            policies,
+            sources,
+        });
+    }
+    return out;
+}
+/**
+ * Helper for the loader: list every supported policy filename for a given
+ * handler. Caller checks each candidate against its discovery source.
+ */
+export function siblingPolicyCandidates(handlerPath) {
+    const key = handlerBaseKey(handlerPath);
+    return POLICY_EXTENSIONS.map((ext) => `${key}${POLICY_INFIX}${ext}`);
+}
+/**
+ * Helper for the loader: list every supported `_policy.*` filename inside a
+ * directory. Caller checks each candidate against its discovery source.
+ */
+export function folderPolicyCandidates(dir) {
+    return POLICY_EXTENSIONS.map((ext) => `${dir}/${FOLDER_POLICY_BASENAME}${ext}`);
+}
+//# sourceMappingURL=resolver.js.map

package/dist/middleware/policy/co-located/resolver.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolver.js","sourceRoot":"","sources":["../../../../src/middleware/policy/co-located/resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AA0C5C,MAAM,iBAAiB,GAAsB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAA;AACvE,MAAM,YAAY,GAAG,SAAS,CAAA;AAC9B,MAAM,sBAAsB,GAAG,SAAS,CAAA;AAExC;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAkB;IAClD,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,CAAA;IAC/B,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IACjD,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;IAC7C,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAA;IAC7C,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;AAC5C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAAC,WAAmB;IAChD,MAAM,GAAG,GAAG,OAAO,CAAC,WAAW,CAAC,CAAA;IAChC,IAAI,CAAC,GAAG;QAAE,OAAO,WAAW,CAAA;IAC5B,OAAO,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;AAC1C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,WAAmB,EAAE,OAAgB;IAChE,MAAM,KAAK,GAAa,EAAE,CAAA;IAC1B,IAAI,GAAG,GAAG,OAAO,CAAC,WAAW,CAAC,CAAA;IAC9B,OAAO,IAAI,EAAE,CAAC;QACZ,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAClB,IAAI,OAAO,KAAK,SAAS,IAAI,GAAG,KAAK,OAAO;YAAE,MAAK;QACnD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,CAAA;QAC3B,IAAI,MAAM,KAAK,GAAG;YAAE,MAAK;QACzB,GAAG,GAAG,MAAM,CAAA;IACd,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CACtC,MAAkC,EAClC,WAA4C;IAE5C,MAAM,YAAY,GAAG,IAAI,GAAG,EAAgC,CAAA;IAC5D,MAAM,WAAW,GAAG,IAAI,GAAG,EAAgC,CAAA;IAC3D,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,GAAG,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;YAC5C,IAAI,GAAG;gBAAE,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;QACtC,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YAC9C,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;QACjC,CAAC;IACH,CAAC;IAED,MAAM,GAAG,GAA4B,EAAE,CAAA;IACvC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAa,EAAE,CAAA;QAC7B,MAAM,OAAO,GAAmB,EAAE,CAAA;QAElC,KAAK,MAAM,GAAG,IAAI,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/C,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YACnC,IAAI,CAAC,MAAM;gBAAE,SAAQ;YACrB,QAAQ,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAA;YACjC,OAAO,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAA;QAC7D,CAAC;QAED,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAA;QAChE,IAAI,OAAO,EAAE,CAAC;YACZ,QAAQ,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;YAClC,OAAO,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAA;QAC/D,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,SAAQ;QAClC,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,QAAQ;YACR,OAAO;SACR,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CAAC,WAAmB;IACzD,MAAM,GAAG,GAAG,cAAc,CAAC,WAAW,CAAC,CAAA;IACvC,OAAO,iBAAiB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,GAAG,GAAG,YAAY,GAAG,GAAG,EAAE,CAAC,CAAA;AACtE,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,GAAW;IAChD,OAAO,iBAAiB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,sBAAsB,GAAG,GAAG,EAAE,CAAC,CAAA;AACjF,CAAC"}

package/dist/middleware/policy/engine/compile.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"compile.d.ts","sourceRoot":"","sources":["../../../../src/middleware/policy/engine/compile.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAA0B,MAAM,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAI5E;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAa5D;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,CAGjF;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,SAAS,GAAG,SAAS,MAAM,EAAE,CAU3E"}
+{"version":3,"file":"compile.d.ts","sourceRoot":"","sources":["../../../../src/middleware/policy/engine/compile.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAA0B,MAAM,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAI5E;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAsB5D;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,SAAS,MAAM,EAAE,GAAG,SAAS,MAAM,EAAE,CAGjF;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,SAAS,GAAG,SAAS,MAAM,EAAE,CAU3E"}

package/dist/middleware/policy/engine/compile.js

@@ -19,6 +19,15 @@ export function compilePolicyPatterns(policy) {
             actions: policy.actions.map(compileGlob),
             resources: policy.resources.map(compileGlob),
         };
+        if (policy.scope?.routes && policy.scope.routes.length > 0) {
+            compiled.scopeRoutes = policy.scope.routes.map(compileGlob);
+        }
+        if (policy.scope?.channels && policy.scope.channels.length > 0) {
+            compiled.scopeChannels = policy.scope.channels.map(compileGlob);
+        }
+        if (policy.scope?.protocols && policy.scope.protocols.length > 0) {
+            compiled.scopeProtocols = policy.scope.protocols.map(compileGlob);
+        }
         policy._compiled = compiled;
     }
     if (policy.match && !policy._compiledMatch) {

package/dist/middleware/policy/engine/compile.js.map

@@ -1 +1 @@
-{"version":3,"file":"compile.js","sourceRoot":"","sources":["../../../../src/middleware/policy/engine/compile.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAA;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAExC;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAc;IAClD,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QACtB,MAAM,QAAQ,GAA2B;YACvC,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,WAAW,CAAC;YAC9C,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;YACxC,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC;SAC7C,CAAA;QACD,MAAM,CAAC,SAAS,GAAG,QAAQ,CAAA;IAC7B,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;QAC3C,MAAM,CAAC,cAAc,GAAG,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IACpD,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,QAA2B;IAC5D,KAAK,MAAM,CAAC,IAAI,QAAQ;QAAE,qBAAqB,CAAC,CAAC,CAAC,CAAA;IAClD,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,mBAAmB,CAAC,SAAoB;IACtD,IAAI,SAAS,CAAC,YAAY;QAAE,OAAO,SAAS,CAAC,YAAY,CAAA;IAEzD,MAAM,GAAG,GAAa,CAAC,SAAS,CAAC,EAAE,EAAE,QAAQ,SAAS,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,CAAA;IACjE,KAAK,MAAM,KAAK,IAAI,SAAS,CAAC,MAAM;QAAE,GAAG,CAAC,IAAI,CAAC,SAAS,KAAK,EAAE,CAAC,CAAA;IAChE,KAAK,MAAM,KAAK,IAAI,SAAS,CAAC,MAAM;QAAE,GAAG,CAAC,IAAI,CAAC,SAAS,KAAK,EAAE,CAAC,CAAA;IAEhE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;IACjC,SAAS,CAAC,YAAY,GAAG,MAAM,CAAA;IAC/B,OAAO,MAAM,CAAA;AACf,CAAC"}
+{"version":3,"file":"compile.js","sourceRoot":"","sources":["../../../../src/middleware/policy/engine/compile.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAA;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAExC;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAc;IAClD,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QACtB,MAAM,QAAQ,GAA2B;YACvC,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,WAAW,CAAC;YAC9C,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;YACxC,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC;SAC7C,CAAA;QACD,IAAI,MAAM,CAAC,KAAK,EAAE,MAAM,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3D,QAAQ,CAAC,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QAC7D,CAAC;QACD,IAAI,MAAM,CAAC,KAAK,EAAE,QAAQ,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/D,QAAQ,CAAC,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QACjE,CAAC;QACD,IAAI,MAAM,CAAC,KAAK,EAAE,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjE,QAAQ,CAAC,cAAc,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QACnE,CAAC;QACD,MAAM,CAAC,SAAS,GAAG,QAAQ,CAAA;IAC7B,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;QAC3C,MAAM,CAAC,cAAc,GAAG,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IACpD,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,QAA2B;IAC5D,KAAK,MAAM,CAAC,IAAI,QAAQ;QAAE,qBAAqB,CAAC,CAAC,CAAC,CAAA;IAClD,OAAO,QAAQ,CAAA;AACjB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,mBAAmB,CAAC,SAAoB;IACtD,IAAI,SAAS,CAAC,YAAY;QAAE,OAAO,SAAS,CAAC,YAAY,CAAA;IAEzD,MAAM,GAAG,GAAa,CAAC,SAAS,CAAC,EAAE,EAAE,QAAQ,SAAS,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,CAAA;IACjE,KAAK,MAAM,KAAK,IAAI,SAAS,CAAC,MAAM;QAAE,GAAG,CAAC,IAAI,CAAC,SAAS,KAAK,EAAE,CAAC,CAAA;IAChE,KAAK,MAAM,KAAK,IAAI,SAAS,CAAC,MAAM;QAAE,GAAG,CAAC,IAAI,CAAC,SAAS,KAAK,EAAE,CAAC,CAAA;IAEhE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;IACjC,SAAS,CAAC,YAAY,GAAG,MAAM,CAAA;IAC/B,OAAO,MAAM,CAAA;AACf,CAAC"}

package/dist/middleware/policy/engine/evaluate.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"evaluate.d.ts","sourceRoot":"","sources":["../../../../src/middleware/policy/engine/evaluate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EACV,UAAU,EAEV,QAAQ,EACR,MAAM,EACP,MAAM,aAAa,CAAA;AA2DpB,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,gBAAgB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,KAAK,IAAI,CAAA;CAC5D;AAED,wBAAgB,QAAQ,CACtB,KAAK,EAAE,UAAU,EACjB,QAAQ,EAAE,SAAS,MAAM,EAAE,EAC3B,OAAO,GAAE,eAAoB,GAC5B,QAAQ,CA4FV"}
+{"version":3,"file":"evaluate.d.ts","sourceRoot":"","sources":["../../../../src/middleware/policy/engine/evaluate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EACV,UAAU,EAEV,QAAQ,EACR,MAAM,EACP,MAAM,aAAa,CAAA;AAgFpB,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,gBAAgB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,KAAK,IAAI,CAAA;CAC5D;AAED,wBAAgB,QAAQ,CACtB,KAAK,EAAE,UAAU,EACjB,QAAQ,EAAE,SAAS,MAAM,EAAE,EAC3B,OAAO,GAAE,eAAoB,GAC5B,QAAQ,CA4FV"}

package/dist/middleware/policy/engine/evaluate.js

@@ -15,6 +15,26 @@ import { matchAnyCompiled, matchSetBidirectional } from './match.js';
 function checkPolicyPatterns(policy, input) {
     compilePolicyPatterns(policy);
     const compiled = policy._compiled;
+    // Scope filter (protocol/route/channel). When any scope facet is set the
+    // policy is short-circuited if the input does not match — this keeps the
+    // policy out of `candidatePolicies` diagnostics so reports stay quiet for
+    // non-applicable transports.
+    if (compiled.scopeProtocols && compiled.scopeProtocols.length > 0) {
+        const protocol = input.protocol ?? '';
+        if (!matchAnyCompiled(protocol, compiled.scopeProtocols)) {
+            return { fullMatch: false, missing: ['scope.protocols'] };
+        }
+    }
+    if (compiled.scopeRoutes && compiled.scopeRoutes.length > 0) {
+        if (!matchAnyCompiled(input.action, compiled.scopeRoutes)) {
+            return { fullMatch: false, missing: ['scope.routes'] };
+        }
+    }
+    if (compiled.scopeChannels && compiled.scopeChannels.length > 0) {
+        if (!matchAnyCompiled(input.action, compiled.scopeChannels)) {
+            return { fullMatch: false, missing: ['scope.channels'] };
+        }
+    }
     const principalSet = compilePrincipalSet(input.principal);
     const resourceTag = `${input.resource.type}:${input.resource.id}`;
     const principalsMatch = matchSetBidirectional(principalSet, policy.principals, compiled.principals);

package/dist/middleware/policy/engine/evaluate.js.map

@@ -1 +1 @@
-{"version":3,"file":"evaluate.js","sourceRoot":"","sources":["../../../../src/middleware/policy/engine/evaluate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAQH,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAA;AACzE,OAAO,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAA;AASpE,SAAS,mBAAmB,CAAC,MAAc,EAAE,KAAiB;IAC5D,qBAAqB,CAAC,MAAM,CAAC,CAAA;IAC7B,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAU,CAAA;IAElC,MAAM,YAAY,GAAG,mBAAmB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;IACzD,MAAM,WAAW,GAAG,GAAG,KAAK,CAAC,QAAQ,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAA;IAEjE,MAAM,eAAe,GAAG,qBAAqB,CAC3C,YAAY,EACZ,MAAM,CAAC,UAAU,EACjB,QAAQ,CAAC,UAAU,CACpB,CAAA;IACD,MAAM,YAAY,GAAG,gBAAgB,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAA;IACrE,MAAM,cAAc,GAAG,gBAAgB,CAAC,WAAW,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAA;IAExE,MAAM,OAAO,GAAa,EAAE,CAAA;IAC5B,IAAI,CAAC,eAAe;QAAE,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;IAChD,IAAI,CAAC,YAAY;QAAE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IAC1C,IAAI,CAAC,cAAc;QAAE,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IAE9C,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,OAAO,EAAE,CAAA;AACrD,CAAC;AAED,SAAS,aAAa,CACpB,MAAc,EACd,KAAiB,EACjB,OAA+B;IAE/B,kEAAkE;IAClE,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,IAAI,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAA;QAC5C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,CAAA;YACZ,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAA;QACjD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,CAAA;YACZ,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAUD,MAAM,UAAU,QAAQ,CACtB,KAAiB,EACjB,QAA2B,EAC3B,UAA2B,EAAE;IAE7B,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAA;IAEnC,qEAAqE;IACrE,MAAM,eAAe,GAAG,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAA;IAChD,MAAM,cAAc,GAAG,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAA;IAC9C,IACE,eAAe,IAAI,IAAI;QACvB,cAAc,IAAI,IAAI;QACtB,eAAe,KAAK,cAAc,EAClC,CAAC;QACD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,iBAAiB;YACzB,gBAAgB,EAAE,EAAE;YACpB,gBAAgB,EAAE,EAAE;YACpB,iBAAiB,EAAE,EAAE;YACrB,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;SAC1C,CAAA;IACH,CAAC;IAED,MAAM,YAAY,GAAa,EAAE,CAAA;IACjC,MAAM,WAAW,GAAa,EAAE,CAAA;IAChC,MAAM,OAAO,GAAa,EAAE,CAAA;IAC5B,MAAM,UAAU,GAAsB,EAAE,CAAA;IAExC,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;QAC9B,MAAM,aAAa,GAAG,mBAAmB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QAExD,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC;YAC7B,0EAA0E;YAC1E,IAAI,aAAa,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrC,UAAU,CAAC,IAAI,CAAC;oBACd,EAAE,EAAE,MAAM,CAAC,EAAE;oBACb,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,kBAAkB,EAAE,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC;oBAC1C,OAAO,EAAE,aAAa,CAAC,OAAO;iBAC/B,CAAC,CAAA;YACJ,CAAC;YACD,SAAQ;QACV,CAAC;QAED,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;YACpF,SAAQ;QACV,CAAC;QAED,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;YACtB,KAAK,OAAO;gBACV,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;gBAC5B,MAAK;YACP,KAAK,MAAM;gBACT,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;gBAC3B,MAAK;YACP,KAAK,OAAO;gBACV,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;gBACvB,MAAK;QACT,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAA;IAEhD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,eAAe;YACvB,gBAAgB,EAAE,WAAW;YAC7B,gBAAgB,EAAE,OAAO;YACzB,iBAAiB,EAAE,UAAU;YAC7B,UAAU;SACX,CAAA;IACH,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO;YACL,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,OAAO;YACf,gBAAgB,EAAE,YAAY;YAC9B,gBAAgB,EAAE,OAAO;YACzB,iBAAiB,EAAE,UAAU;YAC7B,UAAU;SACX,CAAA;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,MAAM,EAAE,eAAe;QACvB,gBAAgB,EAAE,EAAE;QACpB,gBAAgB,EAAE,OAAO;QACzB,iBAAiB,EAAE,UAAU;QAC7B,UAAU;KACX,CAAA;AACH,CAAC"}
+{"version":3,"file":"evaluate.js","sourceRoot":"","sources":["../../../../src/middleware/policy/engine/evaluate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAQH,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAA;AACzE,OAAO,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAA;AASpE,SAAS,mBAAmB,CAAC,MAAc,EAAE,KAAiB;IAC5D,qBAAqB,CAAC,MAAM,CAAC,CAAA;IAC7B,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAU,CAAA;IAElC,yEAAyE;IACzE,yEAAyE;IACzE,0EAA0E;IAC1E,6BAA6B;IAC7B,IAAI,QAAQ,CAAC,cAAc,IAAI,QAAQ,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClE,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,EAAE,CAAA;QACrC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACzD,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,iBAAiB,CAAC,EAAE,CAAA;QAC3D,CAAC;IACH,CAAC;IACD,IAAI,QAAQ,CAAC,WAAW,IAAI,QAAQ,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5D,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC1D,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,cAAc,CAAC,EAAE,CAAA;QACxD,CAAC;IACH,CAAC;IACD,IAAI,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChE,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YAC5D,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,gBAAgB,CAAC,EAAE,CAAA;QAC1D,CAAC;IACH,CAAC;IAED,MAAM,YAAY,GAAG,mBAAmB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;IACzD,MAAM,WAAW,GAAG,GAAG,KAAK,CAAC,QAAQ,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAA;IAEjE,MAAM,eAAe,GAAG,qBAAqB,CAC3C,YAAY,EACZ,MAAM,CAAC,UAAU,EACjB,QAAQ,CAAC,UAAU,CACpB,CAAA;IACD,MAAM,YAAY,GAAG,gBAAgB,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAA;IACrE,MAAM,cAAc,GAAG,gBAAgB,CAAC,WAAW,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAA;IAExE,MAAM,OAAO,GAAa,EAAE,CAAA;IAC5B,IAAI,CAAC,eAAe;QAAE,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;IAChD,IAAI,CAAC,YAAY;QAAE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IAC1C,IAAI,CAAC,cAAc;QAAE,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;IAE9C,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,OAAO,EAAE,CAAA;AACrD,CAAC;AAED,SAAS,aAAa,CACpB,MAAc,EACd,KAAiB,EACjB,OAA+B;IAE/B,kEAAkE;IAClE,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,IAAI,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAA;QAC5C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,CAAA;YACZ,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAA;QACjD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,CAAA;YACZ,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAUD,MAAM,UAAU,QAAQ,CACtB,KAAiB,EACjB,QAA2B,EAC3B,UAA2B,EAAE;IAE7B,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAA;IAEnC,qEAAqE;IACrE,MAAM,eAAe,GAAG,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAA;IAChD,MAAM,cAAc,GAAG,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAA;IAC9C,IACE,eAAe,IAAI,IAAI;QACvB,cAAc,IAAI,IAAI;QACtB,eAAe,KAAK,cAAc,EAClC,CAAC;QACD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,iBAAiB;YACzB,gBAAgB,EAAE,EAAE;YACpB,gBAAgB,EAAE,EAAE;YACpB,iBAAiB,EAAE,EAAE;YACrB,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;SAC1C,CAAA;IACH,CAAC;IAED,MAAM,YAAY,GAAa,EAAE,CAAA;IACjC,MAAM,WAAW,GAAa,EAAE,CAAA;IAChC,MAAM,OAAO,GAAa,EAAE,CAAA;IAC5B,MAAM,UAAU,GAAsB,EAAE,CAAA;IAExC,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;QAC9B,MAAM,aAAa,GAAG,mBAAmB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QAExD,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC;YAC7B,0EAA0E;YAC1E,IAAI,aAAa,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrC,UAAU,CAAC,IAAI,CAAC;oBACd,EAAE,EAAE,MAAM,CAAC,EAAE;oBACb,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,kBAAkB,EAAE,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC;oBAC1C,OAAO,EAAE,aAAa,CAAC,OAAO;iBAC/B,CAAC,CAAA;YACJ,CAAC;YACD,SAAQ;QACV,CAAC;QAED,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;YACpF,SAAQ;QACV,CAAC;QAED,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;YACtB,KAAK,OAAO;gBACV,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;gBAC5B,MAAK;YACP,KAAK,MAAM;gBACT,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;gBAC3B,MAAK;YACP,KAAK,OAAO;gBACV,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;gBACvB,MAAK;QACT,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAA;IAEhD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,eAAe;YACvB,gBAAgB,EAAE,WAAW;YAC7B,gBAAgB,EAAE,OAAO;YACzB,iBAAiB,EAAE,UAAU;YAC7B,UAAU;SACX,CAAA;IACH,CAAC;IAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO;YACL,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,OAAO;YACf,gBAAgB,EAAE,YAAY;YAC9B,gBAAgB,EAAE,OAAO;YACzB,iBAAiB,EAAE,UAAU;YAC7B,UAAU;SACX,CAAA;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,KAAK;QACd,MAAM,EAAE,eAAe;QACvB,gBAAgB,EAAE,EAAE;QACpB,gBAAgB,EAAE,OAAO;QACzB,iBAAiB,EAAE,UAAU;QAC7B,UAAU;KACX,CAAA;AACH,CAAC"}

package/dist/middleware/policy/engine/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/middleware/policy/engine/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,0CAA0C,CAAA;AAChF,OAAO,KAAK,EAAwB,MAAM,EAAE,MAAM,aAAa,CAAA;AAI/D,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;IAC5B;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,KAAK,IAAI,CAAA;CAC5D;AAED,wBAAgB,mBAAmB,CACjC,OAAO,GAAE,0BAA+B,GACvC,gBAAgB,CAYlB"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/middleware/policy/engine/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,0CAA0C,CAAA;AAChF,OAAO,KAAK,EAAwB,MAAM,EAAE,MAAM,aAAa,CAAA;AAI/D,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;IAC5B;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,KAAK,IAAI,CAAA;CAC5D;AAED,wBAAgB,mBAAmB,CACjC,OAAO,GAAE,0BAA+B,GACvC,gBAAgB,CA2BlB"}

package/dist/middleware/policy/engine/index.js

@@ -7,14 +7,31 @@
 import { compileAllPolicies } from './compile.js';
 import { evaluate } from './evaluate.js';
 export function createDefaultEngine(options = {}) {
-    const policies = Object.freeze([...compileAllPolicies(options.policies ?? [])]);
+    const policies = [...compileAllPolicies(options.policies ?? [])];
+    const seenIds = new Set(policies.map((p) => p.id));
     const onConditionError = options.onConditionError;
     return {
         evaluate(input) {
             return evaluate(input, policies, { onConditionError });
         },
         list() {
-            return policies;
+            return Object.freeze([...policies]);
+        },
+        addPolicies(extras) {
+            if (extras.length === 0)
+                return;
+            const compiled = compileAllPolicies(extras);
+            for (const p of compiled) {
+                if (seenIds.has(p.id)) {
+                    // Replace in-place to preserve list order semantics for duplicates.
+                    const idx = policies.findIndex((existing) => existing.id === p.id);
+                    if (idx >= 0)
+                        policies[idx] = p;
+                    continue;
+                }
+                seenIds.add(p.id);
+                policies.push(p);
+            }
         },
     };
 }

package/dist/middleware/policy/engine/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/middleware/policy/engine/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAA;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAYxC,MAAM,UAAU,mBAAmB,CACjC,UAAsC,EAAE;IAExC,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,kBAAkB,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;IAC/E,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAA;IAEjD,OAAO;QACL,QAAQ,CAAC,KAAiB;YACxB,OAAO,QAAQ,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE,gBAAgB,EAAE,CAAC,CAAA;QACxD,CAAC;QACD,IAAI;YACF,OAAO,QAAQ,CAAA;QACjB,CAAC;KACF,CAAA;AACH,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/middleware/policy/engine/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAA;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAYxC,MAAM,UAAU,mBAAmB,CACjC,UAAsC,EAAE;IAExC,MAAM,QAAQ,GAAa,CAAC,GAAG,kBAAkB,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,CAAA;IAC1E,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;IAClD,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAA;IAEjD,OAAO;QACL,QAAQ,CAAC,KAAiB;YACxB,OAAO,QAAQ,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE,gBAAgB,EAAE,CAAC,CAAA;QACxD,CAAC;QACD,IAAI;YACF,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAA;QACrC,CAAC;QACD,WAAW,CAAC,MAAyB;YACnC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAM;YAC/B,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAA;YAC3C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;gBACzB,IAAI,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;oBACtB,oEAAoE;oBACpE,MAAM,GAAG,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAA;oBAClE,IAAI,GAAG,IAAI,CAAC;wBAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;oBAC/B,SAAQ;gBACV,CAAC;gBACD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;gBACjB,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;YAClB,CAAC;QACH,CAAC;KACF,CAAA;AACH,CAAC"}

package/dist/middleware/policy/index.d.ts

@@ -36,5 +36,9 @@ export type { PolicyBootstrap, CreatePolicyBootstrapOptions } from './bootstrap.
 export type { PolicyCtxHelpers } from './ctx-helpers.js';
 export { loadPoliciesFromDir, mergePolicies } from './loader.js';
 export type { LoadOptions, LoadResult } from './loader.js';
+export { resolveCoLocatedPolicies, siblingPolicyCandidates, handlerBaseKey, policyFileBaseKey, } from './co-located/resolver.js';
+export type { RouteDescriptor as CoLocatedRouteDescriptor, PolicyFileDescriptor as CoLocatedPolicyFileDescriptor, PolicyFileKind as CoLocatedPolicyFileKind, PolicySource as CoLocatedPolicySource, RoutePolicyDescriptor as CoLocatedRoutePolicyDescriptor, } from './co-located/resolver.js';
+export { loadCoLocatedPolicies } from './co-located/loader.js';
+export type { CoLocatedLoadOptions, CoLocatedLoadResult, } from './co-located/loader.js';
 export type { AuthzInput, CandidatePolicy, CompiledPolicyPatterns, Decision, DecisionReason, EvalContext, JsonPolicy, MatchLiteral, MatchNode, MatchOperator, MatchValue, Policy, PolicyCondition, PolicyConfig, PolicyEffect, PolicyEnginePortLike, PolicyForbiddenBody, Principal, PrincipalConfig, PrincipalSource, ProcedurePolicyConfig, Resource, ResourceResolver, } from './types.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/middleware/policy/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/middleware/policy/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAGH,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AACvD,YAAY,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAA;AAMnE,OAAO,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAA;AACtD,YAAY,EAAE,eAAe,EAAE,4BAA4B,EAAE,MAAM,gBAAgB,CAAA;AAGnF,YAAY,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AAGxD,OAAO,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAChE,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAG1D,YAAY,EACV,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,QAAQ,EACR,cAAc,EACd,WAAW,EACX,UAAU,EACV,YAAY,EACZ,SAAS,EACT,aAAa,EACb,UAAU,EACV,MAAM,EACN,eAAe,EACf,YAAY,EACZ,YAAY,EACZ,oBAAoB,EACpB,mBAAmB,EACnB,SAAS,EACT,eAAe,EACf,eAAe,EACf,qBAAqB,EACrB,QAAQ,EACR,gBAAgB,GACjB,MAAM,YAAY,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/middleware/policy/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAGH,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AACvD,YAAY,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAA;AAMnE,OAAO,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAA;AACtD,YAAY,EAAE,eAAe,EAAE,4BAA4B,EAAE,MAAM,gBAAgB,CAAA;AAGnF,YAAY,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AAGxD,OAAO,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAChE,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAG1D,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,cAAc,EACd,iBAAiB,GAClB,MAAM,0BAA0B,CAAA;AACjC,YAAY,EACV,eAAe,IAAI,wBAAwB,EAC3C,oBAAoB,IAAI,6BAA6B,EACrD,cAAc,IAAI,uBAAuB,EACzC,YAAY,IAAI,qBAAqB,EACrC,qBAAqB,IAAI,8BAA8B,GACxD,MAAM,0BAA0B,CAAA;AACjC,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAA;AAC9D,YAAY,EACV,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,wBAAwB,CAAA;AAG/B,YAAY,EACV,UAAU,EACV,eAAe,EACf,sBAAsB,EACtB,QAAQ,EACR,cAAc,EACd,WAAW,EACX,UAAU,EACV,YAAY,EACZ,SAAS,EACT,aAAa,EACb,UAAU,EACV,MAAM,EACN,eAAe,EACf,YAAY,EACZ,YAAY,EACZ,oBAAoB,EACpB,mBAAmB,EACnB,SAAS,EACT,eAAe,EACf,eAAe,EACf,qBAAqB,EACrB,QAAQ,EACR,gBAAgB,GACjB,MAAM,YAAY,CAAA"}

package/dist/middleware/policy/index.js

@@ -38,4 +38,7 @@ export { createDefaultEngine } from './engine/index.js';
 export { createPolicyBootstrap } from './bootstrap.js';
 // JSON loader
 export { loadPoliciesFromDir, mergePolicies } from './loader.js';
+// Co-located policy discovery (sibling `<file>.policy.{yaml,yml,json}`)
+export { resolveCoLocatedPolicies, siblingPolicyCandidates, handlerBaseKey, policyFileBaseKey, } from './co-located/resolver.js';
+export { loadCoLocatedPolicies } from './co-located/loader.js';
 //# sourceMappingURL=index.js.map

package/dist/middleware/policy/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/middleware/policy/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAEH,iBAAiB;AACjB,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AAGvD,kEAAkE;AAClE,oEAAoE;AACpE,8DAA8D;AAC9D,2BAA2B;AAC3B,OAAO,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAA;AAMtD,cAAc;AACd,OAAO,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/middleware/policy/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAEH,iBAAiB;AACjB,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AAGvD,kEAAkE;AAClE,oEAAoE;AACpE,8DAA8D;AAC9D,2BAA2B;AAC3B,OAAO,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAA;AAMtD,cAAc;AACd,OAAO,EAAE,mBAAmB,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAGhE,wEAAwE;AACxE,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,cAAc,EACd,iBAAiB,GAClB,MAAM,0BAA0B,CAAA;AAQjC,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAA"}

package/dist/middleware/policy/interceptor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"interceptor.d.ts","sourceRoot":"","sources":["../../../src/middleware/policy/interceptor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAA;AAChE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAA;AAE7E,OAAO,KAAK,EAAY,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAEjE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AAC7D,OAAO,KAAK,EAKV,qBAAqB,EAEtB,MAAM,YAAY,CAAA;AAKnB,MAAM,WAAW,8BAA8B;IAC7C,MAAM,EAAE,gBAAgB,CAAA;IACxB,4DAA4D;IAC5D,aAAa,EAAE,MAAM,CAAA;IACrB,iDAAiD;IACjD,MAAM,EAAE,qBAAqB,CAAA;IAC7B,4DAA4D;IAC5D,iBAAiB,EAAE,iBAAiB,CAAA;IACpC,2EAA2E;IAC3E,mBAAmB,CAAC,EAAE,OAAO,CAAA;IAC7B,8CAA8C;IAC9C,MAAM,CAAC,EAAE,UAAU,CAAA;CACpB;AAwFD;;;;GAIG;AACH,wBAAgB,iCAAiC,CAC/C,aAAa,EAAE,MAAM,EACrB,mBAAmB,UAAQ,GAC1B,WAAW,CAYb;AAED,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,8BAA8B,GACtC,WAAW,CA+Fb"}
+{"version":3,"file":"interceptor.d.ts","sourceRoot":"","sources":["../../../src/middleware/policy/interceptor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAA;AAChE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAA;AAE7E,OAAO,KAAK,EAAY,WAAW,EAAE,MAAM,sBAAsB,CAAA;AAEjE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AAC7D,OAAO,KAAK,EAKV,qBAAqB,EAEtB,MAAM,YAAY,CAAA;AAKnB,MAAM,WAAW,8BAA8B;IAC7C,MAAM,EAAE,gBAAgB,CAAA;IACxB,4DAA4D;IAC5D,aAAa,EAAE,MAAM,CAAA;IACrB,iDAAiD;IACjD,MAAM,EAAE,qBAAqB,CAAA;IAC7B,4DAA4D;IAC5D,iBAAiB,EAAE,iBAAiB,CAAA;IACpC,2EAA2E;IAC3E,mBAAmB,CAAC,EAAE,OAAO,CAAA;IAC7B,8CAA8C;IAC9C,MAAM,CAAC,EAAE,UAAU,CAAA;CACpB;AAwFD;;;;GAIG;AACH,wBAAgB,iCAAiC,CAC/C,aAAa,EAAE,MAAM,EACrB,mBAAmB,UAAQ,GAC1B,WAAW,CAYb;AAED,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,8BAA8B,GACtC,WAAW,CAyGb"}

package/dist/middleware/policy/interceptor.js

@@ -122,6 +122,8 @@ export function createPolicyInterceptor(options) {
         }
         // Attach ctx.policy.{evaluate,filterResources} helpers (idempotent).
         attachPolicyHelpers(ctx, engine, principal);
+        const protocol = ctx.protocol;
+        const protocolValue = typeof protocol === 'string' ? protocol : undefined;
         const resources = await resolveResources(config, envelope, ctx);
         if (!resources) {
             // No resource → run a single eval with a synthetic placeholder so
@@ -135,6 +137,7 @@ export function createPolicyInterceptor(options) {
                 principal,
                 action,
                 resource: placeholderResource,
+                ...(protocolValue ? { protocol: protocolValue } : {}),
             });
             attachDecision(ctx, decision);
             logDecision(logger, decision, action, principal, placeholderResource);
@@ -148,7 +151,10 @@ export function createPolicyInterceptor(options) {
             let lastResource;
             let allowed = false;
             for (const resource of resources) {
-                const decision = await engine.evaluate({ principal, action, resource });
+                const decision = await engine.evaluate({
+                    principal, action, resource,
+                    ...(protocolValue ? { protocol: protocolValue } : {}),
+                });
                 lastDecision = decision;
                 lastResource = resource;
                 logDecision(logger, decision, action, principal, resource);
@@ -166,7 +172,10 @@ export function createPolicyInterceptor(options) {
         }
         // enforce — every resource must pass
         for (const resource of resources) {
-            const decision = await engine.evaluate({ principal, action, resource });
+            const decision = await engine.evaluate({
+                principal, action, resource,
+                ...(protocolValue ? { protocol: protocolValue } : {}),
+            });
             attachDecision(ctx, decision);
             logDecision(logger, decision, action, principal, resource);
             if (!decision.allowed) {

package/dist/middleware/policy/interceptor.js.map

@@ -1 +1 @@
-{"version":3,"file":"interceptor.js","sourceRoot":"","sources":["../../../src/middleware/policy/interceptor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AAKjD,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAA;AAWtD,MAAM,oBAAoB,GAAG,mBAA4B,CAAA;AACzD,MAAM,mBAAmB,GAAG,gBAAyB,CAAA;AAgBrD,SAAS,WAAW,CAClB,MAA8B,EAC9B,QAAuC,EACvC,MAAc,EACd,SAAoB,EACpB,QAAkB;IAElB,IAAI,CAAC,MAAM;QAAE,OAAM;IACnB,MAAM,IAAI,GAAG;QACX,MAAM;QACN,SAAS,EAAE,EAAE,EAAE,EAAE,SAAS,CAAC,EAAE,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE;QAC7D,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE;QAC/E,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;QAC3C,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;QAC3C,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5F,UAAU,EAAE,QAAQ,CAAC,UAAU;KAChC,CAAA;IACD,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;QACrB,IAAI,QAAQ,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,wCAAwC,CAAC,CAAA;QAC7D,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,eAAe,CAAC,CAAA;QACpC,CAAC;IACH,CAAC;SAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,iBAAiB,EAAE,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,yBAAyB,CAAC,CAAA;IAC9C,CAAC;SAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,eAAe,EAAE,CAAC;QAC/C,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,CAAC,CAAA;IAC5C,CAAC;SAAM,IAAI,QAAQ,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChD,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,4CAA4C,CAAC,CAAA;IAClE,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,CAAC,CAAA;IAC5C,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAY;IACvC,MAAM,GAAG,GAAG,GAAyC,CAAA;IACrD,OAAO,GAAG,CAAC,oBAAoB,CAA0B,CAAA;AAC3D,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAY,EAAE,SAAoB;IAC9D,MAAM,GAAG,GAAG,GAAyC,CAAA;IACrD,GAAG,CAAC,oBAAoB,CAAC,GAAG,SAAS,CAAA;IACrC,GAAG,CAAC,SAAS,GAAG,SAAS,CAAA;AAC3B,CAAC;AAED,SAAS,cAAc,CAAC,GAAY,EAAE,QAAkB;IACtD,MAAM,GAAG,GAAG,GAAyC,CAAA;IACrD,GAAG,CAAC,mBAAmB,CAAC,GAAG,QAAQ,CAAA;AACrC,CAAC;AAED,SAAS,kBAAkB,CACzB,QAAkB,EAClB,MAAc,EACd,SAAoB,EACpB,cAAuB;IAEvB,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,eAAe,EAAE,CAAA;IACtD,CAAC;IACD,OAAO;QACL,KAAK,EAAE,WAAW;QAClB,IAAI,EAAE,eAAe;QACrB,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,MAAM;QACN,SAAS,EAAE,EAAE,EAAE,EAAE,SAAS,CAAC,EAAE,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE;QAC7D,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;QAC3C,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACxD,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,OAAO,EAAE,CAAC,CAAC,OAAO;SACnB,CAAC,CAAC;KACJ,CAAA;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,MAA6B,EAC7B,QAAkB,EAClB,GAAY;IAEZ,IAAI,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAA;IACjC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IACxD,IAAI,GAAG,IAAI,IAAI;QAAE,OAAO,IAAI,CAAA;IAC5B,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAwB,CAAA;AAClE,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iCAAiC,CAC/C,aAAqB,EACrB,mBAAmB,GAAG,KAAK;IAE3B,OAAO,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE;QACtC,MAAM,IAAI,GAAwB,mBAAmB;YACnD,CAAC,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,oBAAoB,EAAE;YACpD,CAAC,CAAC;gBACE,KAAK,EAAE,WAAW;gBAClB,IAAI,EAAE,oBAAoB;gBAC1B,MAAM,EAAE,oBAA6B;gBACrC,MAAM,EAAE,aAAa;aACtB,CAAA;QACL,MAAM,IAAI,WAAW,CAAC,mBAAmB,EAAE,kCAAkC,EAAE,IAAI,CAAC,CAAA;IACtF,CAAC,CAAA;AACH,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,OAAuC;IAEvC,MAAM,EACJ,MAAM,EACN,aAAa,EACb,MAAM,EACN,iBAAiB,EACjB,mBAAmB,GAAG,KAAK,EAC3B,MAAM,GACP,GAAG,OAAO,CAAA;IACX,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,aAAa,CAAA;IAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,SAAS,CAAA;IAErC,OAAO,KAAK,EAAE,QAAQ,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACnC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,OAAO,IAAI,EAAE,CAAA;QACf,CAAC;QAED,IAAI,SAAS,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAA;QACxC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,SAAS,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAA;YACxC,oBAAoB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;QACtC,CAAC;QAED,qEAAqE;QACrE,mBAAmB,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC,CAAA;QAE3C,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAA;QAE/D,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,kEAAkE;YAClE,6DAA6D;YAC7D,MAAM,mBAAmB,GAAa;gBACpC,IAAI,EAAE,GAAG;gBACT,EAAE,EAAE,GAAG;gBACP,QAAQ,EAAE,SAAS,CAAC,QAAQ;aAC7B,CAAA;YACD,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC;gBACrC,SAAS;gBACT,MAAM;gBACN,QAAQ,EAAE,mBAAmB;aACT,CAAC,CAAA;YACvB,cAAc,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;YAC7B,WAAW,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,mBAAmB,CAAC,CAAA;YACrE,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACtB,MAAM,IAAI,WAAW,CACnB,mBAAmB,EACnB,eAAe,EACf,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,mBAAmB,CAAC,CACrE,CAAA;YACH,CAAC;YACD,OAAO,IAAI,EAAE,CAAA;QACf,CAAC;QAED,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;YACnB,IAAI,YAAkC,CAAA;YACtC,IAAI,YAAkC,CAAA;YACtC,IAAI,OAAO,GAAG,KAAK,CAAA;YACnB,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAA;gBACvE,YAAY,GAAG,QAAQ,CAAA;gBACvB,YAAY,GAAG,QAAQ,CAAA;gBACvB,WAAW,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAA;gBAC1D,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;oBACrB,OAAO,GAAG,IAAI,CAAA;oBACd,cAAc,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;oBAC7B,MAAK;gBACP,CAAC;YACH,CAAC;YACD,IAAI,CAAC,OAAO,IAAI,YAAY,IAAI,YAAY,EAAE,CAAC;gBAC7C,cAAc,CAAC,GAAG,EAAE,YAAY,CAAC,CAAA;gBACjC,MAAM,IAAI,WAAW,CACnB,mBAAmB,EACnB,oCAAoC,EACpC,kBAAkB,CAAC,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE,mBAAmB,CAAC,CACzE,CAAA;YACH,CAAC;YACD,OAAO,IAAI,EAAE,CAAA;QACf,CAAC;QAED,qCAAqC;QACrC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAA;YACvE,cAAc,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;YAC7B,WAAW,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAA;YAC1D,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACtB,MAAM,IAAI,WAAW,CACnB,mBAAmB,EACnB,eAAe,EACf,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,mBAAmB,CAAC,CACrE,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,EAAE,CAAA;IACf,CAAC,CAAA;AACH,CAAC"}
+{"version":3,"file":"interceptor.js","sourceRoot":"","sources":["../../../src/middleware/policy/interceptor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAA;AAKjD,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAA;AAWtD,MAAM,oBAAoB,GAAG,mBAA4B,CAAA;AACzD,MAAM,mBAAmB,GAAG,gBAAyB,CAAA;AAgBrD,SAAS,WAAW,CAClB,MAA8B,EAC9B,QAAuC,EACvC,MAAc,EACd,SAAoB,EACpB,QAAkB;IAElB,IAAI,CAAC,MAAM;QAAE,OAAM;IACnB,MAAM,IAAI,GAAG;QACX,MAAM;QACN,SAAS,EAAE,EAAE,EAAE,EAAE,SAAS,CAAC,EAAE,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE;QAC7D,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE;QAC/E,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;QAC3C,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;QAC3C,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5F,UAAU,EAAE,QAAQ,CAAC,UAAU;KAChC,CAAA;IACD,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;QACrB,IAAI,QAAQ,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,wCAAwC,CAAC,CAAA;QAC7D,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,eAAe,CAAC,CAAA;QACpC,CAAC;IACH,CAAC;SAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,iBAAiB,EAAE,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,yBAAyB,CAAC,CAAA;IAC9C,CAAC;SAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,eAAe,EAAE,CAAC;QAC/C,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,CAAC,CAAA;IAC5C,CAAC;SAAM,IAAI,QAAQ,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChD,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,4CAA4C,CAAC,CAAA;IAClE,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,CAAC,CAAA;IAC5C,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAY;IACvC,MAAM,GAAG,GAAG,GAAyC,CAAA;IACrD,OAAO,GAAG,CAAC,oBAAoB,CAA0B,CAAA;AAC3D,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAY,EAAE,SAAoB;IAC9D,MAAM,GAAG,GAAG,GAAyC,CAAA;IACrD,GAAG,CAAC,oBAAoB,CAAC,GAAG,SAAS,CAAA;IACrC,GAAG,CAAC,SAAS,GAAG,SAAS,CAAA;AAC3B,CAAC;AAED,SAAS,cAAc,CAAC,GAAY,EAAE,QAAkB;IACtD,MAAM,GAAG,GAAG,GAAyC,CAAA;IACrD,GAAG,CAAC,mBAAmB,CAAC,GAAG,QAAQ,CAAA;AACrC,CAAC;AAED,SAAS,kBAAkB,CACzB,QAAkB,EAClB,MAAc,EACd,SAAoB,EACpB,cAAuB;IAEvB,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,eAAe,EAAE,CAAA;IACtD,CAAC;IACD,OAAO;QACL,KAAK,EAAE,WAAW;QAClB,IAAI,EAAE,eAAe;QACrB,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,MAAM;QACN,SAAS,EAAE,EAAE,EAAE,EAAE,SAAS,CAAC,EAAE,EAAE,QAAQ,EAAE,SAAS,CAAC,QAAQ,EAAE;QAC7D,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;QAC3C,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACxD,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,OAAO,EAAE,CAAC,CAAC,OAAO;SACnB,CAAC,CAAC;KACJ,CAAA;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,MAA6B,EAC7B,QAAkB,EAClB,GAAY;IAEZ,IAAI,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAA;IACjC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IACxD,IAAI,GAAG,IAAI,IAAI;QAAE,OAAO,IAAI,CAAA;IAC5B,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAwB,CAAA;AAClE,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iCAAiC,CAC/C,aAAqB,EACrB,mBAAmB,GAAG,KAAK;IAE3B,OAAO,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE;QACtC,MAAM,IAAI,GAAwB,mBAAmB;YACnD,CAAC,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,oBAAoB,EAAE;YACpD,CAAC,CAAC;gBACE,KAAK,EAAE,WAAW;gBAClB,IAAI,EAAE,oBAAoB;gBAC1B,MAAM,EAAE,oBAA6B;gBACrC,MAAM,EAAE,aAAa;aACtB,CAAA;QACL,MAAM,IAAI,WAAW,CAAC,mBAAmB,EAAE,kCAAkC,EAAE,IAAI,CAAC,CAAA;IACtF,CAAC,CAAA;AACH,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,OAAuC;IAEvC,MAAM,EACJ,MAAM,EACN,aAAa,EACb,MAAM,EACN,iBAAiB,EACjB,mBAAmB,GAAG,KAAK,EAC3B,MAAM,GACP,GAAG,OAAO,CAAA;IACX,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,aAAa,CAAA;IAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,SAAS,CAAA;IAErC,OAAO,KAAK,EAAE,QAAQ,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACnC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,OAAO,IAAI,EAAE,CAAA;QACf,CAAC;QAED,IAAI,SAAS,GAAG,mBAAmB,CAAC,GAAG,CAAC,CAAA;QACxC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,SAAS,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAA;YACxC,oBAAoB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;QACtC,CAAC;QAED,qEAAqE;QACrE,mBAAmB,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC,CAAA;QAE3C,MAAM,QAAQ,GAAI,GAA8B,CAAC,QAAQ,CAAA;QACzD,MAAM,aAAa,GAAG,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAA;QAEzE,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAA;QAE/D,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,kEAAkE;YAClE,6DAA6D;YAC7D,MAAM,mBAAmB,GAAa;gBACpC,IAAI,EAAE,GAAG;gBACT,EAAE,EAAE,GAAG;gBACP,QAAQ,EAAE,SAAS,CAAC,QAAQ;aAC7B,CAAA;YACD,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC;gBACrC,SAAS;gBACT,MAAM;gBACN,QAAQ,EAAE,mBAAmB;gBAC7B,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACjC,CAAC,CAAA;YACvB,cAAc,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;YAC7B,WAAW,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,mBAAmB,CAAC,CAAA;YACrE,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACtB,MAAM,IAAI,WAAW,CACnB,mBAAmB,EACnB,eAAe,EACf,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,mBAAmB,CAAC,CACrE,CAAA;YACH,CAAC;YACD,OAAO,IAAI,EAAE,CAAA;QACf,CAAC;QAED,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;YACnB,IAAI,YAAkC,CAAA;YACtC,IAAI,YAAkC,CAAA;YACtC,IAAI,OAAO,GAAG,KAAK,CAAA;YACnB,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC;oBACrC,SAAS,EAAE,MAAM,EAAE,QAAQ;oBAC3B,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACtD,CAAC,CAAA;gBACF,YAAY,GAAG,QAAQ,CAAA;gBACvB,YAAY,GAAG,QAAQ,CAAA;gBACvB,WAAW,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAA;gBAC1D,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;oBACrB,OAAO,GAAG,IAAI,CAAA;oBACd,cAAc,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;oBAC7B,MAAK;gBACP,CAAC;YACH,CAAC;YACD,IAAI,CAAC,OAAO,IAAI,YAAY,IAAI,YAAY,EAAE,CAAC;gBAC7C,cAAc,CAAC,GAAG,EAAE,YAAY,CAAC,CAAA;gBACjC,MAAM,IAAI,WAAW,CACnB,mBAAmB,EACnB,oCAAoC,EACpC,kBAAkB,CAAC,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE,mBAAmB,CAAC,CACzE,CAAA;YACH,CAAC;YACD,OAAO,IAAI,EAAE,CAAA;QACf,CAAC;QAED,qCAAqC;QACrC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC;gBACrC,SAAS,EAAE,MAAM,EAAE,QAAQ;gBAC3B,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACtD,CAAC,CAAA;YACF,cAAc,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;YAC7B,WAAW,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAA;YAC1D,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACtB,MAAM,IAAI,WAAW,CACnB,mBAAmB,EACnB,eAAe,EACf,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,mBAAmB,CAAC,CACrE,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,EAAE,CAAA;IACf,CAAC,CAAA;AACH,CAAC"}

package/dist/middleware/policy/types.d.ts

@@ -47,6 +47,31 @@ export interface AuthzInput {
     action: string;
     resource: Resource;
     context?: EvalContext;
+    /**
+     * Transport that delivered the request: `'http'`, `'ws'`, `'grpc'`,
+     * `'jsonrpc'`, `'tcp'`, `'udp'`, etc. When present, policies declaring a
+     * `scope.protocols` filter must match this value (glob comparison).
+     */
+    protocol?: string;
+}
+/**
+ * Optional applicability scope. When any field is present, the policy is
+ * considered only for inputs whose corresponding facet matches at least one
+ * pattern. All declared facets must match (implicit AND); facets that are
+ * not declared are not filtered. Patterns are the same glob form used by
+ * `principals`/`actions`/`resources`.
+ *
+ * `routes` and `channels` are sugar over the existing `actions` patterns —
+ * they match against `AuthzInput.action`. Declaring both is fine; they OR
+ * together within their own facet but each facet still ANDs with the others.
+ */
+export interface PolicyScope {
+    /** Match against the procedure/route name (i.e. `AuthzInput.action`). */
+    routes?: string[];
+    /** Match against the channel name (also `AuthzInput.action` for channels). */
+    channels?: string[];
+    /** Match against the transport name (`AuthzInput.protocol`). */
+    protocols?: string[];
 }
 export type PolicyEffect = 'allow' | 'deny' | 'audit';
 /**
@@ -77,6 +102,12 @@ export interface Policy {
      * BOTH must pass (implicit AND).
      */
     match?: MatchNode;
+    /**
+     * Optional applicability filter (`scope.protocols`, `scope.routes`,
+     * `scope.channels`). When set, the policy is skipped entirely for inputs
+     * that do not match. See `PolicyScope`.
+     */
+    scope?: PolicyScope;
     /** @internal Source path — populated by the loader for diagnostics. */
     _source?: string;
     /** @internal Index within source — populated by the loader. */
@@ -93,6 +124,9 @@ export interface CompiledPolicyPatterns {
     principals: readonly RegExp[];
     actions: readonly RegExp[];
     resources: readonly RegExp[];
+    scopeRoutes?: readonly RegExp[];
+    scopeChannels?: readonly RegExp[];
+    scopeProtocols?: readonly RegExp[];
 }
 /**
  * JSON-loadable policy. Same as `Policy` but `condition` is replaced by
@@ -204,6 +238,13 @@ export interface PolicyConfig {
     engine?: PolicyEnginePortLike;
     /** Logger override (defaults to the server's `LoggerPort`). */
     logger?: LoggerPort;
+    /**
+     * Toggle co-located policy loading (`<handler>.policy.{yaml,yml,json}`,
+     * future folder cascades). Defaults to `true` whenever FS discovery is
+     * enabled, `false` otherwise. Pass `true` here to opt-in even without
+     * discovery (e.g. resolved manually) or `false` to disable globally.
+     */
+    coLocated?: boolean;
 }
 /**
  * Forward-declared port shape — full interface lives in

package/dist/middleware/policy/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/middleware/policy/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAA;AAMhE;;;;GAIG;AACH,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAA;IACV,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC/B,uEAAuE;IACvE,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;CACjC;AAED;;;;GAIG;AACH,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAA;IACZ,EAAE,EAAE,MAAM,CAAA;IACV,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAChC;AAED;;;GAGG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;AAEjD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,SAAS,CAAA;IACpB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,QAAQ,CAAA;IAClB,OAAO,CAAC,EAAE,WAAW,CAAA;CACtB;AAMD,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,MAAM,GAAG,OAAO,CAAA;AAErD;;;;;;GAMG;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,KAAK,EAAE,UAAU,KAAK,OAAO,CAAA;AAE5D;;;GAGG;AACH,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAA;IACV,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,YAAY,CAAA;IACpB,gEAAgE;IAChE,UAAU,EAAE,MAAM,EAAE,CAAA;IACpB,uDAAuD;IACvD,OAAO,EAAE,MAAM,EAAE,CAAA;IACjB,uEAAuE;IACvE,SAAS,EAAE,MAAM,EAAE,CAAA;IACnB,SAAS,CAAC,EAAE,eAAe,CAAA;IAC3B;;;OAGG;IACH,KAAK,CAAC,EAAE,SAAS,CAAA;IACjB,uEAAuE;IACvE,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,8DAA8D;IAC9D,SAAS,CAAC,EAAE,sBAAsB,CAAA;IAClC,kDAAkD;IAClD,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,OAAO,CAAA;CAChD;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,UAAU,EAAE,SAAS,MAAM,EAAE,CAAA;IAC7B,OAAO,EAAE,SAAS,MAAM,EAAE,CAAA;IAC1B,SAAS,EAAE,SAAS,MAAM,EAAE,CAAA;CAC7B;AAED;;;GAGG;AACH,MAAM,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,EAAE,WAAW,GAAG,WAAW,GAAG,gBAAgB,CAAC,GAAG;IACpF,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB,CAAA;AAMD;;;;;;;;GAQG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,CAAA;AAE3D;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,CAAC,EAAE,YAAY,CAAA;IACnB,IAAI,CAAC,EAAE,YAAY,CAAA;IACnB,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;IACrB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;IACtB,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;IACrB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;IACtB,EAAE,CAAC,EAAE,SAAS,YAAY,EAAE,GAAG,MAAM,CAAA;IACrC,KAAK,CAAC,EAAE,SAAS,YAAY,EAAE,GAAG,MAAM,CAAA;IACxC,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,YAAY,CAAA;IACvB,MAAM,CAAC,EAAE,OAAO,CAAA;CACjB;AAED,MAAM,MAAM,UAAU,GAAG,YAAY,GAAG,aAAa,CAAA;AAErD;;;;;;GAMG;AACH,MAAM,MAAM,SAAS,GACjB;IAAE,KAAK,EAAE,SAAS,EAAE,CAAA;CAAE,GACtB;IAAE,KAAK,EAAE,SAAS,EAAE,CAAA;CAAE,GACtB;IAAE,GAAG,EAAE,SAAS,CAAA;CAAE,GAClB;IAAE,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,GAAG,SAAS,EAAE,CAAA;CAAE,CAAA;AAM5D,MAAM,MAAM,cAAc,GACtB,OAAO,GACP,eAAe,GACf,eAAe,GACf,iBAAiB,CAAA;AAErB,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAA;IACV,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,YAAY,CAAA;IACpB,qEAAqE;IACrE,kBAAkB,EAAE,MAAM,EAAE,CAAA;IAC5B,+DAA+D;IAC/D,OAAO,EAAE,MAAM,EAAE,CAAA;CAClB;AAED,MAAM,WAAW,QAAQ;IACvB,OAAO,EAAE,OAAO,CAAA;IAChB,MAAM,EAAE,cAAc,CAAA;IACtB,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,iBAAiB,EAAE,eAAe,EAAE,CAAA;IACpC,+DAA+D;IAC/D,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAMD;;;;;;GAMG;AACH,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,QAAQ,GAAG,MAAM,GAAG,QAAQ,CAAA;AAEtE,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,eAAe,CAAA;IACrB,mFAAmF;IACnF,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,KAAK,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,CAAA;CACrE;AAED;;;;;GAKG;AACH,MAAM,WAAW,YAAY;IAC3B,yEAAyE;IACzE,QAAQ,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;IAC5B,sEAAsE;IACtE,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,8EAA8E;IAC9E,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IAClD,+EAA+E;IAC/E,SAAS,EAAE,eAAe,CAAA;IAC1B;;;;;OAKG;IACH,WAAW,CAAC,EAAE,OAAO,GAAG,MAAM,CAAA;IAC9B,0CAA0C;IAC1C,MAAM,CAAC,EAAE,oBAAoB,CAAA;IAC7B,+DAA+D;IAC/D,MAAM,CAAC,EAAE,UAAU,CAAA;CACpB;AAED;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,KAAK,EAAE,UAAU,GAAG,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;IACzD,IAAI,IAAI,SAAS,MAAM,EAAE,CAAA;CAC1B;AAMD;;;;;GAKG;AACH,MAAM,MAAM,gBAAgB,CAAC,MAAM,GAAG,OAAO,EAAE,IAAI,GAAG,OAAO,IAAI,CAC/D,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,IAAI,KACN,QAAQ,GAAG,SAAS,QAAQ,EAAE,GAAG,IAAI,GAAG,OAAO,CAAC,QAAQ,GAAG,SAAS,QAAQ,EAAE,GAAG,IAAI,CAAC,CAAA;AAE3F,MAAM,WAAW,qBAAqB,CAAC,MAAM,GAAG,OAAO,EAAE,IAAI,GAAG,OAAO;IACrE,kCAAkC;IAClC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,sCAAsC;IACtC,QAAQ,CAAC,EAAE,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IACzC;;;OAGG;IACH,IAAI,CAAC,EAAE,SAAS,GAAG,KAAK,CAAA;IACxB;;;OAGG;IACH,MAAM,CAAC,EAAE,OAAO,CAAA;CACjB;AAMD;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,WAAW,CAAA;IAClB,IAAI,EAAE,eAAe,GAAG,oBAAoB,CAAA;IAC5C,MAAM,CAAC,EAAE,cAAc,GAAG,oBAAoB,CAAA;IAC9C,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,SAAS,CAAC,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAA;IACnD,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAA;IAC3B,iBAAiB,CAAC,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,EAAE,CAAA;CACxD"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/middleware/policy/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,gCAAgC,CAAA;AAMhE;;;;GAIG;AACH,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAA;IACV,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC/B,uEAAuE;IACvE,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;CACjC;AAED;;;;GAIG;AACH,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAA;IACZ,EAAE,EAAE,MAAM,CAAA;IACV,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAChC;AAED;;;GAGG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;AAEjD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,SAAS,CAAA;IACpB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,QAAQ,CAAA;IAClB,OAAO,CAAC,EAAE,WAAW,CAAA;IACrB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,WAAW;IAC1B,yEAAyE;IACzE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;IACjB,8EAA8E;IAC9E,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;IACnB,gEAAgE;IAChE,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;CACrB;AAMD,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,MAAM,GAAG,OAAO,CAAA;AAErD;;;;;;GAMG;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,KAAK,EAAE,UAAU,KAAK,OAAO,CAAA;AAE5D;;;GAGG;AACH,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAA;IACV,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,YAAY,CAAA;IACpB,gEAAgE;IAChE,UAAU,EAAE,MAAM,EAAE,CAAA;IACpB,uDAAuD;IACvD,OAAO,EAAE,MAAM,EAAE,CAAA;IACjB,uEAAuE;IACvE,SAAS,EAAE,MAAM,EAAE,CAAA;IACnB,SAAS,CAAC,EAAE,eAAe,CAAA;IAC3B;;;OAGG;IACH,KAAK,CAAC,EAAE,SAAS,CAAA;IACjB;;;;OAIG;IACH,KAAK,CAAC,EAAE,WAAW,CAAA;IACnB,uEAAuE;IACvE,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,8DAA8D;IAC9D,SAAS,CAAC,EAAE,sBAAsB,CAAA;IAClC,kDAAkD;IAClD,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,OAAO,CAAA;CAChD;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,UAAU,EAAE,SAAS,MAAM,EAAE,CAAA;IAC7B,OAAO,EAAE,SAAS,MAAM,EAAE,CAAA;IAC1B,SAAS,EAAE,SAAS,MAAM,EAAE,CAAA;IAC5B,WAAW,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;IAC/B,aAAa,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;IACjC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;CACnC;AAED;;;GAGG;AACH,MAAM,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,EAAE,WAAW,GAAG,WAAW,GAAG,gBAAgB,CAAC,GAAG;IACpF,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB,CAAA;AAMD;;;;;;;;GAQG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,IAAI,CAAA;AAE3D;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,CAAC,EAAE,YAAY,CAAA;IACnB,IAAI,CAAC,EAAE,YAAY,CAAA;IACnB,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;IACrB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;IACtB,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;IACrB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;IACtB,EAAE,CAAC,EAAE,SAAS,YAAY,EAAE,GAAG,MAAM,CAAA;IACrC,KAAK,CAAC,EAAE,SAAS,YAAY,EAAE,GAAG,MAAM,CAAA;IACxC,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,YAAY,CAAA;IACvB,MAAM,CAAC,EAAE,OAAO,CAAA;CACjB;AAED,MAAM,MAAM,UAAU,GAAG,YAAY,GAAG,aAAa,CAAA;AAErD;;;;;;GAMG;AACH,MAAM,MAAM,SAAS,GACjB;IAAE,KAAK,EAAE,SAAS,EAAE,CAAA;CAAE,GACtB;IAAE,KAAK,EAAE,SAAS,EAAE,CAAA;CAAE,GACtB;IAAE,GAAG,EAAE,SAAS,CAAA;CAAE,GAClB;IAAE,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,GAAG,SAAS,EAAE,CAAA;CAAE,CAAA;AAM5D,MAAM,MAAM,cAAc,GACtB,OAAO,GACP,eAAe,GACf,eAAe,GACf,iBAAiB,CAAA;AAErB,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAA;IACV,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,YAAY,CAAA;IACpB,qEAAqE;IACrE,kBAAkB,EAAE,MAAM,EAAE,CAAA;IAC5B,+DAA+D;IAC/D,OAAO,EAAE,MAAM,EAAE,CAAA;CAClB;AAED,MAAM,WAAW,QAAQ;IACvB,OAAO,EAAE,OAAO,CAAA;IAChB,MAAM,EAAE,cAAc,CAAA;IACtB,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,iBAAiB,EAAE,eAAe,EAAE,CAAA;IACpC,+DAA+D;IAC/D,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAMD;;;;;;GAMG;AACH,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,QAAQ,GAAG,MAAM,GAAG,QAAQ,CAAA;AAEtE,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,eAAe,CAAA;IACrB,mFAAmF;IACnF,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,KAAK,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,CAAA;CACrE;AAED;;;;;GAKG;AACH,MAAM,WAAW,YAAY;IAC3B,yEAAyE;IACzE,QAAQ,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;IAC5B,sEAAsE;IACtE,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,8EAA8E;IAC9E,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IAClD,+EAA+E;IAC/E,SAAS,EAAE,eAAe,CAAA;IAC1B;;;;;OAKG;IACH,WAAW,CAAC,EAAE,OAAO,GAAG,MAAM,CAAA;IAC9B,0CAA0C;IAC1C,MAAM,CAAC,EAAE,oBAAoB,CAAA;IAC7B,+DAA+D;IAC/D,MAAM,CAAC,EAAE,UAAU,CAAA;IACnB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,OAAO,CAAA;CACpB;AAED;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,KAAK,EAAE,UAAU,GAAG,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;IACzD,IAAI,IAAI,SAAS,MAAM,EAAE,CAAA;CAC1B;AAMD;;;;;GAKG;AACH,MAAM,MAAM,gBAAgB,CAAC,MAAM,GAAG,OAAO,EAAE,IAAI,GAAG,OAAO,IAAI,CAC/D,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,IAAI,KACN,QAAQ,GAAG,SAAS,QAAQ,EAAE,GAAG,IAAI,GAAG,OAAO,CAAC,QAAQ,GAAG,SAAS,QAAQ,EAAE,GAAG,IAAI,CAAC,CAAA;AAE3F,MAAM,WAAW,qBAAqB,CAAC,MAAM,GAAG,OAAO,EAAE,IAAI,GAAG,OAAO;IACrE,kCAAkC;IAClC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,sCAAsC;IACtC,QAAQ,CAAC,EAAE,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IACzC;;;OAGG;IACH,IAAI,CAAC,EAAE,SAAS,GAAG,KAAK,CAAA;IACxB;;;OAGG;IACH,MAAM,CAAC,EAAE,OAAO,CAAA;CACjB;AAMD;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,WAAW,CAAA;IAClB,IAAI,EAAE,eAAe,GAAG,oBAAoB,CAAA;IAC5C,MAAM,CAAC,EAAE,cAAc,GAAG,oBAAoB,CAAA;IAC9C,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,SAAS,CAAC,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAA;IACnD,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAA;IAC3B,iBAAiB,CAAC,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE,EAAE,CAAA;CACxD"}

package/dist/ports/outbound/policy-engine.d.ts

@@ -20,6 +20,13 @@ export interface PolicyEnginePort extends PolicyEnginePortLike {
     evaluate(input: AuthzInput): Decision | Promise<Decision>;
     /** Read-only snapshot of all currently loaded policies. */
     list(): readonly Policy[];
+    /**
+     * Optional: append policies discovered after engine creation (e.g. from
+     * co-located policy files surfaced by FS discovery). Implementations that
+     * cannot accept new policies post-construction MAY omit this method; the
+     * server logs a warning and skips co-located bridging when absent.
+     */
+    addPolicies?(policies: readonly Policy[]): void;
 }
 export type { AuthzInput, Decision, DecisionReason, Policy, JsonPolicy, PolicyEffect, PolicyCondition, Principal, Resource, EvalContext, CandidatePolicy, MatchNode, MatchValue, MatchOperator, MatchLiteral, PolicyConfig, PrincipalConfig, PrincipalSource, ProcedurePolicyConfig, ResourceResolver, PolicyForbiddenBody, } from '../../middleware/policy/types.js';
 //# sourceMappingURL=policy-engine.d.ts.map

package/dist/ports/outbound/policy-engine.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"policy-engine.d.ts","sourceRoot":"","sources":["../../../src/ports/outbound/policy-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EACV,UAAU,EACV,QAAQ,EACR,MAAM,EACN,oBAAoB,EACrB,MAAM,kCAAkC,CAAA;AAEzC;;;;;GAKG;AACH,MAAM,WAAW,gBAAiB,SAAQ,oBAAoB;IAC5D,QAAQ,CAAC,KAAK,EAAE,UAAU,GAAG,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;IACzD,2DAA2D;IAC3D,IAAI,IAAI,SAAS,MAAM,EAAE,CAAA;CAC1B;AAED,YAAY,EACV,UAAU,EACV,QAAQ,EACR,cAAc,EACd,MAAM,EACN,UAAU,EACV,YAAY,EACZ,eAAe,EACf,SAAS,EACT,QAAQ,EACR,WAAW,EACX,eAAe,EACf,SAAS,EACT,UAAU,EACV,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,eAAe,EACf,eAAe,EACf,qBAAqB,EACrB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,kCAAkC,CAAA"}
+{"version":3,"file":"policy-engine.d.ts","sourceRoot":"","sources":["../../../src/ports/outbound/policy-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EACV,UAAU,EACV,QAAQ,EACR,MAAM,EACN,oBAAoB,EACrB,MAAM,kCAAkC,CAAA;AAEzC;;;;;GAKG;AACH,MAAM,WAAW,gBAAiB,SAAQ,oBAAoB;IAC5D,QAAQ,CAAC,KAAK,EAAE,UAAU,GAAG,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;IACzD,2DAA2D;IAC3D,IAAI,IAAI,SAAS,MAAM,EAAE,CAAA;IACzB;;;;;OAKG;IACH,WAAW,CAAC,CAAC,QAAQ,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAA;CAChD;AAED,YAAY,EACV,UAAU,EACV,QAAQ,EACR,cAAc,EACd,MAAM,EACN,UAAU,EACV,YAAY,EACZ,eAAe,EACf,SAAS,EACT,QAAQ,EACR,WAAW,EACX,eAAe,EACf,SAAS,EACT,UAAU,EACV,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,eAAe,EACf,eAAe,EACf,qBAAqB,EACrB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,kCAAkC,CAAA"}

package/dist/server/builder/execution-http-resources.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"execution-http-resources.d.ts","sourceRoot":"","sources":["../../../src/server/builder/execution-http-resources.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AAM5D,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAA;AACzE,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,sBAAsB,CAAA;AAE3E,KAAK,0BAA0B,GAAG,OAAO,CACvC,+BAA+B,EAC7B;IAAE,IAAI,EAAE,UAAU,CAAA;CAAE,GACpB;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CACnB,CAAA;AAED,wBAAgB,4BAA4B,CAAC,OAAO,EAAE,+BAA+B;oCAK3E,0BAA0B,kBAChB,cAAc,EAAE;EAsCnC"}
+{"version":3,"file":"execution-http-resources.d.ts","sourceRoot":"","sources":["../../../src/server/builder/execution-http-resources.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AAM5D,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,oBAAoB,CAAA;AACzE,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,sBAAsB,CAAA;AAE3E,KAAK,0BAA0B,GAAG,OAAO,CACvC,+BAA+B,EAC7B;IAAE,IAAI,EAAE,UAAU,CAAA;CAAE,GACpB;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CACnB,CAAA;AAED,wBAAgB,4BAA4B,CAAC,OAAO,EAAE,+BAA+B;oCAK3E,0BAA0B,kBAChB,cAAc,EAAE;EAuCnC"}

package/dist/server/builder/execution-http-resources.js

@@ -20,6 +20,7 @@ export function createExecutionHttpResources(context) {
                 httpMiddleware.push(createRestMiddleware({
                     restResources: restResourceRegistry,
                     router,
+                    registry,
                     basePath,
                     maxBodySize: step.feature.maxBodySize,
                     contextFactory: step.feature.contextFactory,

package/dist/server/builder/execution-http-resources.js.map

@@ -1 +1 @@
-{"version":3,"file":"execution-http-resources.js","sourceRoot":"","sources":["../../../src/server/builder/execution-http-resources.ts"],"names":[],"mappings":"AACA,OAAO,EACL,4BAA4B,EAC5B,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,uBAAuB,CAAA;AAU9B,MAAM,UAAU,4BAA4B,CAAC,OAAwC;IACnF,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAA;IACzC,MAAM,EAAE,oBAAoB,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,IAAI,CAAA;IAEvD,SAAS,uBAAuB,CAC9B,IAAgC,EAChC,cAAgC;QAEhC,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;YAClB,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,cAAc,CAAC,IAAI,CACjB,4BAA4B,CAAC;oBAC3B,MAAM;oBACN,QAAQ;oBACR,QAAQ;oBACR,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;oBACrC,cAAc,EAAE,IAAI,CAAC,OAAO,CAAC,cAAc;oBAC3C,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;oBAC3B,cAAc,EAAE,IAAI,CAAC,OAAO,CAAC,cAAc;iBAC5C,CAAC,CACH,CAAA;gBACD,OAAM;YACR,CAAC;YAED,KAAK,MAAM,CAAC,CAAC,CAAC;gBACZ,cAAc,CAAC,IAAI,CACjB,oBAAoB,CAAC;oBACnB,aAAa,EAAE,oBAAoB;oBACnC,MAAM;oBACN,QAAQ;oBACR,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;oBACrC,cAAc,EAAE,IAAI,CAAC,OAAO,CAAC,cAAc;oBAC3C,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;oBAC3B,cAAc,EAAE,IAAI,CAAC,OAAO,CAAC,cAAc;iBAC5C,CAAC,CACH,CAAA;gBACD,2BAA2B,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAA;YAC1D,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,uBAAuB;KACxB,CAAA;AACH,CAAC"}
+{"version":3,"file":"execution-http-resources.js","sourceRoot":"","sources":["../../../src/server/builder/execution-http-resources.ts"],"names":[],"mappings":"AACA,OAAO,EACL,4BAA4B,EAC5B,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,uBAAuB,CAAA;AAU9B,MAAM,UAAU,4BAA4B,CAAC,OAAwC;IACnF,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAA;IACzC,MAAM,EAAE,oBAAoB,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,IAAI,CAAA;IAEvD,SAAS,uBAAuB,CAC9B,IAAgC,EAChC,cAAgC;QAEhC,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;YAClB,KAAK,UAAU,CAAC,CAAC,CAAC;gBAChB,cAAc,CAAC,IAAI,CACjB,4BAA4B,CAAC;oBAC3B,MAAM;oBACN,QAAQ;oBACR,QAAQ;oBACR,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;oBACrC,cAAc,EAAE,IAAI,CAAC,OAAO,CAAC,cAAc;oBAC3C,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;oBAC3B,cAAc,EAAE,IAAI,CAAC,OAAO,CAAC,cAAc;iBAC5C,CAAC,CACH,CAAA;gBACD,OAAM;YACR,CAAC;YAED,KAAK,MAAM,CAAC,CAAC,CAAC;gBACZ,cAAc,CAAC,IAAI,CACjB,oBAAoB,CAAC;oBACnB,aAAa,EAAE,oBAAoB;oBACnC,MAAM;oBACN,QAAQ;oBACR,QAAQ;oBACR,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW;oBACrC,cAAc,EAAE,IAAI,CAAC,OAAO,CAAC,cAAc;oBAC3C,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;oBAC3B,cAAc,EAAE,IAAI,CAAC,OAAO,CAAC,cAAc;iBAC5C,CAAC,CACH,CAAA;gBACD,2BAA2B,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAA;YAC1D,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,uBAAuB;KACxB,CAAA;AACH,CAAC"}