serverless-event-orchestrator 2.5.0 → 2.6.0

package/dist/dispatcher.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"dispatcher.d.ts","sourceRoot":"","sources":["../src/dispatcher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAgB,MAAM,4BAA4B,CAAC;AACrE,OAAO,EACL,cAAc,EASd,kBAAkB,EAEnB,MAAM,mBAAmB,CAAC;AAQ3B;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,GAAG,GAAG,SAAS,CAOrD;AAsUD;;GAEG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,GAAG,EACV,MAAM,EAAE,cAAc,EACtB,MAAM,GAAE,kBAAuB,GAC9B,OAAO,CAAC,GAAG,CAAC,CA8Md;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,GAAE,kBAAuB;sBAE5C,GAAG,UAAU,cAAc;;EAGhD"}
+{"version":3,"file":"dispatcher.d.ts","sourceRoot":"","sources":["../src/dispatcher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAgB,MAAM,4BAA4B,CAAC;AACrE,OAAO,EACL,cAAc,EASd,kBAAkB,EAEnB,MAAM,mBAAmB,CAAC;AAQ3B;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,GAAG,GAAG,SAAS,CAOrD;AAsUD;;GAEG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,GAAG,EACV,MAAM,EAAE,cAAc,EACtB,MAAM,GAAE,kBAAuB,GAC9B,OAAO,CAAC,GAAG,CAAC,CAqNd;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,GAAE,kBAAuB;sBAE5C,GAAG,UAAU,cAAc;;EAGhD"}

package/dist/dispatcher.js

@@ -398,6 +398,12 @@ async function dispatchEvent(event, routes, config = {}) {
             if (routeMatch.middleware?.length) {
                 normalized = await executeMiddleware(routeMatch.middleware, normalized);
             }
+            // Execute per-route middleware (RouteConfig.middleware) — runs LAST,
+            // after global and segment middleware, so route-level guards like
+            // requirePermission(...) and crmGuard see a fully-initialized context.
+            if (routeMatch.config.middleware?.length) {
+                normalized = await executeMiddleware(routeMatch.config.middleware, normalized);
+            }
         }
         catch (thrown) {
             // If middleware threw an HttpResponse (e.g., forbiddenResponse from tenantGuard), return it

package/dist/dispatcher.js.map

@@ -1 +1 @@
-{"version":3,"file":"dispatcher.js","sourceRoot":"","sources":["../src/dispatcher.ts"],"names":[],"mappings":";;AA6BA,0CAOC;AAyUD,sCAkNC;AAKD,gDAKC;AAzkBD,mEAAqE;AAcrE,6DAAmE;AACnE,mDAAsD;AACtD,0DAAwE;AACxE,0DAA0E;AAE1E,oDAAmH;AAEnH;;;;;;;GAOG;AACH,SAAgB,eAAe,CAAC,KAAU;IACxC,IAAI,KAAK,CAAC,MAAM,KAAK,YAAY,IAAI,KAAK,CAAC,aAAa,CAAC,KAAK,iBAAiB;QAAE,OAAO,8BAAS,CAAC,SAAS,CAAC;IAC5G,IAAI,kBAAkB,CAAC,KAAK,CAAC;QAAE,OAAO,8BAAS,CAAC,WAAW,CAAC;IAC5D,IAAI,KAAK,CAAC,cAAc,IAAI,KAAK,CAAC,UAAU;QAAE,OAAO,8BAAS,CAAC,UAAU,CAAC;IAC1E,IAAI,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,WAAW,KAAK,SAAS;QAAE,OAAO,8BAAS,CAAC,GAAG,CAAC;IACvH,IAAI,KAAK,CAAC,YAAY;QAAE,OAAO,8BAAS,CAAC,MAAM,CAAC;IAChD,OAAO,8BAAS,CAAC,OAAO,CAAC;AAC3B,CAAC;AAED;;;;GAIG;AACH,SAAS,kBAAkB,CAAC,KAAU;IACpC,OAAO,CACL,KAAK;QACL,OAAO,KAAK,KAAK,QAAQ;QACzB,KAAK,CAAC,OAAO,KAAK,GAAG;QACrB,OAAO,KAAK,CAAC,EAAE,KAAK,QAAQ;QAC5B,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ;QAChC,OAAO,KAAK,CAAC,aAAa,CAAC,KAAK,QAAQ;QACxC,KAAK,CAAC,MAAM,KAAK,SAAS,CAC3B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,MAAW;IACpC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACxD,MAAM,WAAW,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC;IACpE,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACvC,OAAO,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,MAAW;IAClC,OAAO,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,QAAQ,IAAI,MAAM,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,OAA+C;IAC3E,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAC/B,IAAI,eAAe,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC,MAAM,CAAC;IACpD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,OAA+C;IAC/E,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAC;IACxB,IAAI,eAAe,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC;IAC9D,OAAO,EAAE,CAAC;AACZ,CAAC;AAGD;;GAEG;AACH,SAAS,+BAA+B,CACtC,MAA8B,EAC9B,MAAkB,EAClB,YAAoB,EACpB,UAAkB;IAElB,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IACpC,IAAI,CAAC,YAAY;QAAE,OAAO,IAAI,CAAC;IAE/B,MAAM,iBAAiB,GAAG,IAAA,+BAAa,EAAC,YAAY,CAAC,CAAC;IACtD,MAAM,oBAAoB,GAAG,IAAA,+BAAa,EAAC,UAAU,CAAC,CAAC;IAEvD,0CAA0C;IAC1C,IAAI,YAAY,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACpC,wDAAwD;QACxD,MAAM,MAAM,GAAG,IAAA,2BAAS,EAAC,iBAAiB,EAAE,oBAAoB,CAAC,IAAI,EAAE,CAAC;QACxE,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7D,CAAC;IAED,6BAA6B;IAC7B,KAAK,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;QAC7D,MAAM,MAAM,GAAG,IAAA,2BAAS,EAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;QACxD,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,iCAAiC,CACxC,MAAqD,EACrD,MAAkB,EAClB,YAAoB,EACpB,UAAkB;IAElB,MAAM,QAAQ,GAAmB;QAC/B,iCAAY,CAAC,MAAM;QACnB,iCAAY,CAAC,OAAO;QACpB,iCAAY,CAAC,UAAU;QACvB,iCAAY,CAAC,QAAQ;KACtB,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;QACtC,MAAM,UAAU,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,+BAA+B,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC;QAE7F,IAAI,MAAM,EAAE,CAAC;YACX,OAAO;gBACL,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO;gBAC9B,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,OAAO;gBACP,UAAU,EAAE,wBAAwB,CAAC,aAAa,CAAC;gBACnD,MAAM,EAAE,MAAM,CAAC,MAAM;aACtB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAGD;;GAEG;AACH,KAAK,UAAU,wBAAwB,CACrC,KAAU,EACV,OAAqB,EACrB,eAAuC,EACvC,cAAuB,KAAK,EAC5B,qBAAiD;IAEjD,MAAM,QAAQ,GAAG,MAAM,IAAA,8BAAe,EAAC,KAAK,EAAE,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC,CAAC;IAEtF,mEAAmE;IACnE,MAAM,eAAe,GAA2B,KAAK,CAAC,cAAc,IAAI,OAAO,KAAK,CAAC,cAAc,KAAK,QAAQ;QAC9G,CAAC,CAAC,EAAE,GAAG,KAAK,CAAC,cAAc,EAAE;QAC7B,CAAC,CAAC,EAAE,CAAC;IAEP,gGAAgG;IAChG,MAAM,MAAM,GAAG,EAAE,GAAG,eAAe,EAAE,GAAG,eAAe,EAAE,CAAC;IAE1D,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,SAAS,EAAE,8BAAS,CAAC,UAAU;QAC/B,OAAO,EAAE;YACP,IAAI,EAAE,IAAA,8BAAa,EAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,eAAe,CAAC;YACtD,cAAc,EAAE,MAAM;YACtB,qBAAqB,EAAE,IAAA,iCAAgB,EAAC,KAAK,CAAC,qBAAqB,CAAC;YACpE,OAAO,EAAE,IAAA,6BAAgB,EAAC,KAAK,CAAC,OAAO,CAAC;SACzC;QACD,MAAM;QACN,OAAO,EAAE;YACP,OAAO;YACP,QAAQ;YACR,SAAS,EAAE,KAAK,CAAC,cAAc,EAAE,SAAS;SAC3C;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,yBAAyB,CAAC,KAAU;IAC3C,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,SAAS,EAAE,8BAAS,CAAC,WAAW;QAChC,OAAO,EAAE;YACP,IAAI,EAAE,KAAK,CAAC,MAAM;SACnB;QACD,MAAM,EAAE,EAAE;QACV,OAAO,EAAE;YACP,OAAO,EAAE,iCAAY,CAAC,QAAQ;YAC9B,SAAS,EAAE,KAAK,CAAC,EAAE;SACpB;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,KAAU;IACnC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAChC,IAAI,IAAI,GAAwB,EAAE,CAAC;IAEnC,IAAI,CAAC;QACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAwB,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,GAAG,EAAE,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;IAClC,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,SAAS,EAAE,8BAAS,CAAC,GAAG;QACxB,OAAO,EAAE;YACP,IAAI;SACL;QACD,MAAM,EAAE,EAAE;QACV,OAAO,EAAE;YACP,OAAO,EAAE,iCAAY,CAAC,QAAQ;YAC9B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAAC,KAAU;IACzC,oFAAoF;IACpF,MAAM,OAAO,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAG,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,IAAI,SAAS,CAAC;IAEzD,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,SAAS,EAAE,8BAAS,CAAC,SAAS;QAC9B,OAAO,EAAE;YACP,IAAI,EAAE,KAAK,CAAC,MAAM,IAAI,EAAE;SACzB;QACD,MAAM,EAAE,EAAE,QAAQ,EAAE;QACpB,OAAO,EAAE;YACP,OAAO,EAAE,iCAAY,CAAC,QAAQ;YAC9B,SAAS,EAAE,KAAK,CAAC,EAAE;SACpB;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,KAAU;IACtC,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,SAAS,EAAE,8BAAS,CAAC,MAAM;QAC3B,OAAO,EAAE;YACP,IAAI,EAAE,KAAK;SACZ;QACD,MAAM,EAAE,EAAE;QACV,OAAO,EAAE;YACP,OAAO,EAAE,iCAAY,CAAC,QAAQ;SAC/B;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAC9B,UAA2B,EAC3B,OAAqB,EACrB,MAA0B;IAE1B,yCAAyC;IACzC,IAAI,OAAO,KAAK,iCAAY,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEjD,0CAA0C;IAC1C,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC,OAAO,CAAC,CAAC;IACvD,IAAI,CAAC,kBAAkB;QAAE,OAAO,IAAI,CAAC;IAErC,6CAA6C;IAC7C,OAAO,IAAA,6BAAc,EAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAC;AACzE,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,KAAc;IACpC,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;QACzB,KAAK,KAAK,IAAI;QACd,YAAY,IAAI,KAAK;QACrB,OAAQ,KAAa,CAAC,UAAU,KAAK,QAAQ,CAC9C,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,iBAAiB,CAC9B,UAA0B,EAC1B,KAAsB;IAEtB,IAAI,YAAY,GAAG,KAAK,CAAC;IAEzB,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,CAAC;QACtC,IAAI,MAAM,EAAE,CAAC;YACX,YAAY,GAAG,MAAM,CAAC;QACxB,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,QAAa;IACxC,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE/D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,GAAG,CAAC;IAC3D,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB;QAClD,oIAAoI,CAAC;IACvI,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,mCAAmC,CAAC;IAE5F,MAAM,eAAe,GAAG,QAAQ,CAAC,OAAO,IAAI,EAAE,CAAC;IAE/C,OAAO;QACL,GAAG,QAAQ;QACX,OAAO,EAAE;YACP,6BAA6B,EAAE,UAAU;YACzC,8BAA8B,EAAE,WAAW;YAC3C,8BAA8B,EAAE,WAAW;YAC3C,GAAG,eAAe;SACnB;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,aAAa,CACjC,KAAU,EACV,MAAsB,EACtB,SAA6B,EAAE;IAE/B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,KAAK,CAAC;IAEpC,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IAEpC,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAC;IACzC,CAAC;IAED,4BAA4B;IAC5B,IAAI,IAAI,KAAK,8BAAS,CAAC,UAAU,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,KAAK,CAAC,UAAU,EAAE,WAAW,EAAgB,CAAC;QAC7D,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,IAAI,CAAC;QAClD,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,CAAC;QAEhD,+CAA+C;QAC/C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;YAC1D,CAAC;YACD,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,GAAG,CAAC;YAC3D,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB;gBAClD,oIAAoI,CAAC;YACvI,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,mCAAmC,CAAC;YAC5F,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,KAAK,CAAC;YAErD,OAAO;gBACL,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE;oBACP,6BAA6B,EAAE,UAAU;oBACzC,8BAA8B,EAAE,WAAW;oBAC3C,8BAA8B,EAAE,WAAW;oBAC3C,wBAAwB,EAAE,UAAU;iBACrC;gBACD,IAAI,EAAE,EAAE;aACT,CAAC;QACJ,CAAC;QAED,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QACrF,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC;QACpC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,mBAAmB,CAAC,MAAM,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,IAAI,IAAA,8BAAgB,EAAC,0BAA0B,CAAC,CAAC,CAAC;QAC7G,CAAC;QAED,IAAI,UAAU,GAAsB,IAAI,CAAC;QAEzC,0EAA0E;QAC1E,IAAI,iBAAiB,CAAC,SAAS,CAAC,EAAE,CAAC;YACjC,UAAU,GAAG,iCAAiC,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC;QAC9F,CAAC;aAAM,CAAC;YACN,gCAAgC;YAChC,MAAM,MAAM,GAAG,+BAA+B,CAAC,SAAuB,EAAE,MAAM,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC;YAC1G,IAAI,MAAM,EAAE,CAAC;gBACX,UAAU,GAAG;oBACX,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO;oBAC9B,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,OAAO,EAAE,iCAAY,CAAC,MAAM;oBAC5B,UAAU,EAAE,EAAE;oBACd,MAAM,EAAE,MAAM,CAAC,MAAM;iBACtB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,2BAA2B,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;YACjE,CAAC;YACD,OAAO,mBAAmB,CAAC,MAAM,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,IAAI,IAAA,8BAAgB,EAAC,oBAAoB,MAAM,CAAC,WAAW,EAAE,IAAI,YAAY,EAAE,CAAC,CAAC,CAAC;QAC7I,CAAC;QAED,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,sBAAsB,EAAE,UAAU,CAAC,OAAO,EAAE,SAAS,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;QACxF,CAAC;QAED,yEAAyE;QACzE,MAAM,qBAAqB,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC3E,IAAI,UAAU,GAAG,MAAM,wBAAwB,CAC7C,KAAK,EACL,UAAU,CAAC,OAAO,EAClB,UAAU,CAAC,MAAM,EACjB,MAAM,CAAC,mBAAmB,EAC1B,qBAAqB,CACtB,CAAC;QAEF,wEAAwE;QACxE,IAAI,qBAAqB,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC1D,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,gEAAgE,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC;YACpG,CAAC;YACD,OAAO,mBAAmB,CAAC,IAAA,kCAAoB,EAAC,yCAAyC,CAAC,CAAC,CAAC;QAC9F,CAAC;QAED,gDAAgD;QAChD,IAAI,CAAC,uBAAuB,CAAC,UAAU,EAAE,UAAU,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE,CAAC;YACrE,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,gDAAgD,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC;YACpF,CAAC;YACD,OAAO,mBAAmB,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,EAAE,EAAE,IAAI,IAAA,+BAAiB,EAAC,qCAAqC,CAAC,CAAC,CAAC;QAC1H,CAAC;QAED,kEAAkE;QAClE,IAAI,CAAC;YACH,4BAA4B;YAC5B,IAAI,MAAM,CAAC,gBAAgB,EAAE,MAAM,EAAE,CAAC;gBACpC,UAAU,GAAG,MAAM,iBAAiB,CAAC,MAAM,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;YAC5E,CAAC;YAED,6BAA6B;YAC7B,IAAI,UAAU,CAAC,UAAU,EAAE,MAAM,EAAE,CAAC;gBAClC,UAAU,GAAG,MAAM,iBAAiB,CAAC,UAAU,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC;QAAC,OAAO,MAAM,EAAE,CAAC;YAChB,4FAA4F;YAC5F,IAAI,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC3B,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC;YACrC,CAAC;YACD,yCAAyC;YACzC,MAAM,MAAM,CAAC;QACf,CAAC;QAED,qDAAqD;QACrD,MAAM,eAAe,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC7D,OAAO,mBAAmB,CAAC,eAAe,CAAC,CAAC;IAC9C,CAAC;IAED,4EAA4E;IAC5E,IAAI,IAAI,KAAK,8BAAS,CAAC,SAAS,EAAE,CAAC;QACjC,MAAM,UAAU,GAAG,uBAAuB,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC;QAC5C,MAAM,OAAO,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC;QAE1E,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE,QAAQ,CAAC,CAAC;YAChE,CAAC;YACD,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,IAAI,EAAE,6BAA6B,EAAE,CAAC;QAClE,CAAC;QAED,OAAO,OAAO,CAAC,UAAU,CAAC,CAAC;IAC7B,CAAC;IAED,6BAA6B;IAC7B,EAAE;IACF,gFAAgF;IAChF,6EAA6E;IAC7E,6EAA6E;IAC7E,IAAI,IAAI,KAAK,8BAAS,CAAC,WAAW,EAAE,CAAC;QACnC,MAAM,UAAU,GAAuB,KAAK,CAAC,aAAa,CAAC,CAAC;QAC5D,MAAM,aAAa,GAAuB,KAAK,CAAC,MAAM,EAAE,aAAa,CAAC;QACtE,MAAM,OAAO,GACX,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;eACxD,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;eACjE,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC;QAEjC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,mCAAmC,EAAE,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC;YAClF,CAAC;YACD,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,IAAI,EAAE,+BAA+B,EAAE,CAAC;QACpE,CAAC;QAED,MAAM,UAAU,GAAG,yBAAyB,CAAC,KAAK,CAAC,CAAC;QACpD,OAAO,OAAO,CAAC,UAAU,CAAC,CAAC;IAC7B,CAAC;IAED,oBAAoB;IACpB,IAAI,IAAI,KAAK,8BAAS,CAAC,GAAG,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC;QAClD,MAAM,SAAS,GAAG,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC;QAE/D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,iCAAiC,EAAE,SAAS,CAAC,CAAC;YAC5D,CAAC;YACD,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAAC;QAC5D,CAAC;QAED,MAAM,UAAU,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;QAC5C,OAAO,OAAO,CAAC,UAAU,CAAC,CAAC;IAC7B,CAAC;IAED,2BAA2B;IAC3B,IAAI,IAAI,KAAK,8BAAS,CAAC,MAAM,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;QAEvC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,IAAI,EAAE,0BAA0B,EAAE,CAAC;QAC/D,CAAC;QAED,MAAM,UAAU,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;QAC/C,OAAO,OAAO,CAAC,UAAU,CAAC,CAAC;IAC7B,CAAC;IAED,qBAAqB;IACrB,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,CAAC,oBAAoB,CAAC,IAAI,IAAA,gCAAkB,EAAC,oBAAoB,CAAC,CAAC;AAC1G,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,SAA6B,EAAE;IAChE,OAAO;QACL,QAAQ,EAAE,CAAC,KAAU,EAAE,MAAsB,EAAE,EAAE,CAAC,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC;QACtF,MAAM;KACP,CAAC;AACJ,CAAC"}
+{"version":3,"file":"dispatcher.js","sourceRoot":"","sources":["../src/dispatcher.ts"],"names":[],"mappings":";;AA6BA,0CAOC;AAyUD,sCAyNC;AAKD,gDAKC;AAhlBD,mEAAqE;AAcrE,6DAAmE;AACnE,mDAAsD;AACtD,0DAAwE;AACxE,0DAA0E;AAE1E,oDAAmH;AAEnH;;;;;;;GAOG;AACH,SAAgB,eAAe,CAAC,KAAU;IACxC,IAAI,KAAK,CAAC,MAAM,KAAK,YAAY,IAAI,KAAK,CAAC,aAAa,CAAC,KAAK,iBAAiB;QAAE,OAAO,8BAAS,CAAC,SAAS,CAAC;IAC5G,IAAI,kBAAkB,CAAC,KAAK,CAAC;QAAE,OAAO,8BAAS,CAAC,WAAW,CAAC;IAC5D,IAAI,KAAK,CAAC,cAAc,IAAI,KAAK,CAAC,UAAU;QAAE,OAAO,8BAAS,CAAC,UAAU,CAAC;IAC1E,IAAI,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,WAAW,KAAK,SAAS;QAAE,OAAO,8BAAS,CAAC,GAAG,CAAC;IACvH,IAAI,KAAK,CAAC,YAAY;QAAE,OAAO,8BAAS,CAAC,MAAM,CAAC;IAChD,OAAO,8BAAS,CAAC,OAAO,CAAC;AAC3B,CAAC;AAED;;;;GAIG;AACH,SAAS,kBAAkB,CAAC,KAAU;IACpC,OAAO,CACL,KAAK;QACL,OAAO,KAAK,KAAK,QAAQ;QACzB,KAAK,CAAC,OAAO,KAAK,GAAG;QACrB,OAAO,KAAK,CAAC,EAAE,KAAK,QAAQ;QAC5B,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ;QAChC,OAAO,KAAK,CAAC,aAAa,CAAC,KAAK,QAAQ;QACxC,KAAK,CAAC,MAAM,KAAK,SAAS,CAC3B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,MAAW;IACpC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACxD,MAAM,WAAW,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC;IACpE,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACvC,OAAO,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,MAAW;IAClC,OAAO,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,QAAQ,IAAI,MAAM,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,OAA+C;IAC3E,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAC/B,IAAI,eAAe,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC,MAAM,CAAC;IACpD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,OAA+C;IAC/E,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAC;IACxB,IAAI,eAAe,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC;IAC9D,OAAO,EAAE,CAAC;AACZ,CAAC;AAGD;;GAEG;AACH,SAAS,+BAA+B,CACtC,MAA8B,EAC9B,MAAkB,EAClB,YAAoB,EACpB,UAAkB;IAElB,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IACpC,IAAI,CAAC,YAAY;QAAE,OAAO,IAAI,CAAC;IAE/B,MAAM,iBAAiB,GAAG,IAAA,+BAAa,EAAC,YAAY,CAAC,CAAC;IACtD,MAAM,oBAAoB,GAAG,IAAA,+BAAa,EAAC,UAAU,CAAC,CAAC;IAEvD,0CAA0C;IAC1C,IAAI,YAAY,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACpC,wDAAwD;QACxD,MAAM,MAAM,GAAG,IAAA,2BAAS,EAAC,iBAAiB,EAAE,oBAAoB,CAAC,IAAI,EAAE,CAAC;QACxE,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7D,CAAC;IAED,6BAA6B;IAC7B,KAAK,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;QAC7D,MAAM,MAAM,GAAG,IAAA,2BAAS,EAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;QACxD,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,iCAAiC,CACxC,MAAqD,EACrD,MAAkB,EAClB,YAAoB,EACpB,UAAkB;IAElB,MAAM,QAAQ,GAAmB;QAC/B,iCAAY,CAAC,MAAM;QACnB,iCAAY,CAAC,OAAO;QACpB,iCAAY,CAAC,UAAU;QACvB,iCAAY,CAAC,QAAQ;KACtB,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;QACtC,MAAM,UAAU,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,+BAA+B,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC;QAE7F,IAAI,MAAM,EAAE,CAAC;YACX,OAAO;gBACL,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO;gBAC9B,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,OAAO;gBACP,UAAU,EAAE,wBAAwB,CAAC,aAAa,CAAC;gBACnD,MAAM,EAAE,MAAM,CAAC,MAAM;aACtB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAGD;;GAEG;AACH,KAAK,UAAU,wBAAwB,CACrC,KAAU,EACV,OAAqB,EACrB,eAAuC,EACvC,cAAuB,KAAK,EAC5B,qBAAiD;IAEjD,MAAM,QAAQ,GAAG,MAAM,IAAA,8BAAe,EAAC,KAAK,EAAE,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC,CAAC;IAEtF,mEAAmE;IACnE,MAAM,eAAe,GAA2B,KAAK,CAAC,cAAc,IAAI,OAAO,KAAK,CAAC,cAAc,KAAK,QAAQ;QAC9G,CAAC,CAAC,EAAE,GAAG,KAAK,CAAC,cAAc,EAAE;QAC7B,CAAC,CAAC,EAAE,CAAC;IAEP,gGAAgG;IAChG,MAAM,MAAM,GAAG,EAAE,GAAG,eAAe,EAAE,GAAG,eAAe,EAAE,CAAC;IAE1D,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,SAAS,EAAE,8BAAS,CAAC,UAAU;QAC/B,OAAO,EAAE;YACP,IAAI,EAAE,IAAA,8BAAa,EAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,eAAe,CAAC;YACtD,cAAc,EAAE,MAAM;YACtB,qBAAqB,EAAE,IAAA,iCAAgB,EAAC,KAAK,CAAC,qBAAqB,CAAC;YACpE,OAAO,EAAE,IAAA,6BAAgB,EAAC,KAAK,CAAC,OAAO,CAAC;SACzC;QACD,MAAM;QACN,OAAO,EAAE;YACP,OAAO;YACP,QAAQ;YACR,SAAS,EAAE,KAAK,CAAC,cAAc,EAAE,SAAS;SAC3C;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,yBAAyB,CAAC,KAAU;IAC3C,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,SAAS,EAAE,8BAAS,CAAC,WAAW;QAChC,OAAO,EAAE;YACP,IAAI,EAAE,KAAK,CAAC,MAAM;SACnB;QACD,MAAM,EAAE,EAAE;QACV,OAAO,EAAE;YACP,OAAO,EAAE,iCAAY,CAAC,QAAQ;YAC9B,SAAS,EAAE,KAAK,CAAC,EAAE;SACpB;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,KAAU;IACnC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAChC,IAAI,IAAI,GAAwB,EAAE,CAAC;IAEnC,IAAI,CAAC;QACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAwB,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,GAAG,EAAE,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;IAClC,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,SAAS,EAAE,8BAAS,CAAC,GAAG;QACxB,OAAO,EAAE;YACP,IAAI;SACL;QACD,MAAM,EAAE,EAAE;QACV,OAAO,EAAE;YACP,OAAO,EAAE,iCAAY,CAAC,QAAQ;YAC9B,SAAS,EAAE,MAAM,CAAC,SAAS;SAC5B;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAAC,KAAU;IACzC,oFAAoF;IACpF,MAAM,OAAO,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAG,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,IAAI,SAAS,CAAC;IAEzD,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,SAAS,EAAE,8BAAS,CAAC,SAAS;QAC9B,OAAO,EAAE;YACP,IAAI,EAAE,KAAK,CAAC,MAAM,IAAI,EAAE;SACzB;QACD,MAAM,EAAE,EAAE,QAAQ,EAAE;QACpB,OAAO,EAAE;YACP,OAAO,EAAE,iCAAY,CAAC,QAAQ;YAC9B,SAAS,EAAE,KAAK,CAAC,EAAE;SACpB;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,KAAU;IACtC,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,SAAS,EAAE,8BAAS,CAAC,MAAM;QAC3B,OAAO,EAAE;YACP,IAAI,EAAE,KAAK;SACZ;QACD,MAAM,EAAE,EAAE;QACV,OAAO,EAAE;YACP,OAAO,EAAE,iCAAY,CAAC,QAAQ;SAC/B;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAC9B,UAA2B,EAC3B,OAAqB,EACrB,MAA0B;IAE1B,yCAAyC;IACzC,IAAI,OAAO,KAAK,iCAAY,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEjD,0CAA0C;IAC1C,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC,OAAO,CAAC,CAAC;IACvD,IAAI,CAAC,kBAAkB;QAAE,OAAO,IAAI,CAAC;IAErC,6CAA6C;IAC7C,OAAO,IAAA,6BAAc,EAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAC;AACzE,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,KAAc;IACpC,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;QACzB,KAAK,KAAK,IAAI;QACd,YAAY,IAAI,KAAK;QACrB,OAAQ,KAAa,CAAC,UAAU,KAAK,QAAQ,CAC9C,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,iBAAiB,CAC9B,UAA0B,EAC1B,KAAsB;IAEtB,IAAI,YAAY,GAAG,KAAK,CAAC;IAEzB,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,CAAC;QACtC,IAAI,MAAM,EAAE,CAAC;YACX,YAAY,GAAG,MAAM,CAAC;QACxB,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,QAAa;IACxC,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE/D,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,GAAG,CAAC;IAC3D,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB;QAClD,oIAAoI,CAAC;IACvI,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,mCAAmC,CAAC;IAE5F,MAAM,eAAe,GAAG,QAAQ,CAAC,OAAO,IAAI,EAAE,CAAC;IAE/C,OAAO;QACL,GAAG,QAAQ;QACX,OAAO,EAAE;YACP,6BAA6B,EAAE,UAAU;YACzC,8BAA8B,EAAE,WAAW;YAC3C,8BAA8B,EAAE,WAAW;YAC3C,GAAG,eAAe;SACnB;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,aAAa,CACjC,KAAU,EACV,MAAsB,EACtB,SAA6B,EAAE;IAE/B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,KAAK,CAAC;IAEpC,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IAEpC,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAC;IACzC,CAAC;IAED,4BAA4B;IAC5B,IAAI,IAAI,KAAK,8BAAS,CAAC,UAAU,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,KAAK,CAAC,UAAU,EAAE,WAAW,EAAgB,CAAC;QAC7D,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,IAAI,CAAC;QAClD,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,CAAC;QAEhD,+CAA+C;QAC/C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;YAC1D,CAAC;YACD,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,GAAG,CAAC;YAC3D,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB;gBAClD,oIAAoI,CAAC;YACvI,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,mCAAmC,CAAC;YAC5F,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,KAAK,CAAC;YAErD,OAAO;gBACL,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE;oBACP,6BAA6B,EAAE,UAAU;oBACzC,8BAA8B,EAAE,WAAW;oBAC3C,8BAA8B,EAAE,WAAW;oBAC3C,wBAAwB,EAAE,UAAU;iBACrC;gBACD,IAAI,EAAE,EAAE;aACT,CAAC;QACJ,CAAC;QAED,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QACrF,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC;QACpC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,mBAAmB,CAAC,MAAM,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,IAAI,IAAA,8BAAgB,EAAC,0BAA0B,CAAC,CAAC,CAAC;QAC7G,CAAC;QAED,IAAI,UAAU,GAAsB,IAAI,CAAC;QAEzC,0EAA0E;QAC1E,IAAI,iBAAiB,CAAC,SAAS,CAAC,EAAE,CAAC;YACjC,UAAU,GAAG,iCAAiC,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC;QAC9F,CAAC;aAAM,CAAC;YACN,gCAAgC;YAChC,MAAM,MAAM,GAAG,+BAA+B,CAAC,SAAuB,EAAE,MAAM,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC;YAC1G,IAAI,MAAM,EAAE,CAAC;gBACX,UAAU,GAAG;oBACX,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO;oBAC9B,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,OAAO,EAAE,iCAAY,CAAC,MAAM;oBAC5B,UAAU,EAAE,EAAE;oBACd,MAAM,EAAE,MAAM,CAAC,MAAM;iBACtB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,2BAA2B,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;YACjE,CAAC;YACD,OAAO,mBAAmB,CAAC,MAAM,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,IAAI,IAAA,8BAAgB,EAAC,oBAAoB,MAAM,CAAC,WAAW,EAAE,IAAI,YAAY,EAAE,CAAC,CAAC,CAAC;QAC7I,CAAC;QAED,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,sBAAsB,EAAE,UAAU,CAAC,OAAO,EAAE,SAAS,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;QACxF,CAAC;QAED,yEAAyE;QACzE,MAAM,qBAAqB,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC3E,IAAI,UAAU,GAAG,MAAM,wBAAwB,CAC7C,KAAK,EACL,UAAU,CAAC,OAAO,EAClB,UAAU,CAAC,MAAM,EACjB,MAAM,CAAC,mBAAmB,EAC1B,qBAAqB,CACtB,CAAC;QAEF,wEAAwE;QACxE,IAAI,qBAAqB,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC1D,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,gEAAgE,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC;YACpG,CAAC;YACD,OAAO,mBAAmB,CAAC,IAAA,kCAAoB,EAAC,yCAAyC,CAAC,CAAC,CAAC;QAC9F,CAAC;QAED,gDAAgD;QAChD,IAAI,CAAC,uBAAuB,CAAC,UAAU,EAAE,UAAU,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE,CAAC;YACrE,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,gDAAgD,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC;YACpF,CAAC;YACD,OAAO,mBAAmB,CAAC,MAAM,CAAC,SAAS,EAAE,SAAS,EAAE,EAAE,IAAI,IAAA,+BAAiB,EAAC,qCAAqC,CAAC,CAAC,CAAC;QAC1H,CAAC;QAED,kEAAkE;QAClE,IAAI,CAAC;YACH,4BAA4B;YAC5B,IAAI,MAAM,CAAC,gBAAgB,EAAE,MAAM,EAAE,CAAC;gBACpC,UAAU,GAAG,MAAM,iBAAiB,CAAC,MAAM,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;YAC5E,CAAC;YAED,6BAA6B;YAC7B,IAAI,UAAU,CAAC,UAAU,EAAE,MAAM,EAAE,CAAC;gBAClC,UAAU,GAAG,MAAM,iBAAiB,CAAC,UAAU,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;YAC1E,CAAC;YAED,qEAAqE;YACrE,kEAAkE;YAClE,uEAAuE;YACvE,IAAI,UAAU,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,EAAE,CAAC;gBACzC,UAAU,GAAG,MAAM,iBAAiB,CAAC,UAAU,CAAC,MAAM,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;YACjF,CAAC;QACH,CAAC;QAAC,OAAO,MAAM,EAAE,CAAC;YAChB,4FAA4F;YAC5F,IAAI,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC3B,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC;YACrC,CAAC;YACD,yCAAyC;YACzC,MAAM,MAAM,CAAC;QACf,CAAC;QAED,qDAAqD;QACrD,MAAM,eAAe,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC7D,OAAO,mBAAmB,CAAC,eAAe,CAAC,CAAC;IAC9C,CAAC;IAED,4EAA4E;IAC5E,IAAI,IAAI,KAAK,8BAAS,CAAC,SAAS,EAAE,CAAC;QACjC,MAAM,UAAU,GAAG,uBAAuB,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC;QAC5C,MAAM,OAAO,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC;QAE1E,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,sCAAsC,EAAE,QAAQ,CAAC,CAAC;YAChE,CAAC;YACD,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,IAAI,EAAE,6BAA6B,EAAE,CAAC;QAClE,CAAC;QAED,OAAO,OAAO,CAAC,UAAU,CAAC,CAAC;IAC7B,CAAC;IAED,6BAA6B;IAC7B,EAAE;IACF,gFAAgF;IAChF,6EAA6E;IAC7E,6EAA6E;IAC7E,IAAI,IAAI,KAAK,8BAAS,CAAC,WAAW,EAAE,CAAC;QACnC,MAAM,UAAU,GAAuB,KAAK,CAAC,aAAa,CAAC,CAAC;QAC5D,MAAM,aAAa,GAAuB,KAAK,CAAC,MAAM,EAAE,aAAa,CAAC;QACtE,MAAM,OAAO,GACX,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;eACxD,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;eACjE,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC;QAEjC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,mCAAmC,EAAE,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,CAAC;YAClF,CAAC;YACD,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,IAAI,EAAE,+BAA+B,EAAE,CAAC;QACpE,CAAC;QAED,MAAM,UAAU,GAAG,yBAAyB,CAAC,KAAK,CAAC,CAAC;QACpD,OAAO,OAAO,CAAC,UAAU,CAAC,CAAC;IAC7B,CAAC;IAED,oBAAoB;IACpB,IAAI,IAAI,KAAK,8BAAS,CAAC,GAAG,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC;QAClD,MAAM,SAAS,GAAG,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC;QAE/D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,iCAAiC,EAAE,SAAS,CAAC,CAAC;YAC5D,CAAC;YACD,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAAC;QAC5D,CAAC;QAED,MAAM,UAAU,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;QAC5C,OAAO,OAAO,CAAC,UAAU,CAAC,CAAC;IAC7B,CAAC;IAED,2BAA2B;IAC3B,IAAI,IAAI,KAAK,8BAAS,CAAC,MAAM,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;QAEvC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,IAAI,EAAE,0BAA0B,EAAE,CAAC;QAC/D,CAAC;QAED,MAAM,UAAU,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;QAC/C,OAAO,OAAO,CAAC,UAAU,CAAC,CAAC;IAC7B,CAAC;IAED,qBAAqB;IACrB,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,CAAC,oBAAoB,CAAC,IAAI,IAAA,gCAAkB,EAAC,oBAAoB,CAAC,CAAC;AAC1G,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,SAA6B,EAAE;IAChE,OAAO;QACL,QAAQ,EAAE,CAAC,KAAU,EAAE,MAAsB,EAAE,EAAE,CAAC,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC;QACtF,MAAM;KACP,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -20,5 +20,5 @@ export { TenantContext } from './tenant/TenantContext.js';
 export type { TenantInfo, TenantType, Plan, TenantFeatures, TenantClaims, } from './tenant/types.js';
 export { isTenantType, isPlan, TENANT_HEADERS, } from './tenant/types.js';
 export { tenantInfoFromClaims, tenantInfoFromHeaders, tenantInfoToHeaders, } from './tenant/helpers.js';
-export { initTenantContext, tenantGuard, crmGuard, } from './middleware/index.js';
+export { initTenantContext, tenantGuard, crmGuard, requirePermission, requireFeature, } from './middleware/index.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAGrF,OAAO,EACL,SAAS,EACT,YAAY,GACb,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EACL,UAAU,EACV,YAAY,EACZ,WAAW,EACX,UAAU,EACV,eAAe,EACf,UAAU,EACV,mBAAmB,EACnB,aAAa,EACb,uBAAuB,EACvB,iBAAiB,EACjB,YAAY,EACZ,SAAS,EACT,eAAe,EACf,cAAc,EACd,eAAe,EACf,UAAU,EACV,eAAe,EACf,kBAAkB,EAClB,yBAAyB,GAC1B,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,UAAU,EACV,gBAAgB,EAChB,YAAY,EACZ,mBAAmB,EACnB,sBAAsB,EACtB,eAAe,EACf,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,uBAAuB,EACvB,qBAAqB,EACrB,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,gBAAgB,EAChB,QAAQ,GACT,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,cAAc,EACd,WAAW,EACX,YAAY,GACb,MAAM,yBAAyB,CAAC;AAEjC,YAAY,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AAEtE,OAAO,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AAGvD,OAAO,EACL,SAAS,EACT,cAAc,EACd,iBAAiB,EACjB,aAAa,GACd,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,gBAAgB,EAChB,SAAS,EACT,cAAc,GACf,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE1D,YAAY,EACV,UAAU,EACV,UAAU,EACV,IAAI,EACJ,cAAc,EACd,YAAY,GACb,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,YAAY,EACZ,MAAM,EACN,cAAc,GACf,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,iBAAiB,EACjB,WAAW,EACX,QAAQ,GACT,MAAM,uBAAuB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAGrF,OAAO,EACL,SAAS,EACT,YAAY,GACb,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EACL,UAAU,EACV,YAAY,EACZ,WAAW,EACX,UAAU,EACV,eAAe,EACf,UAAU,EACV,mBAAmB,EACnB,aAAa,EACb,uBAAuB,EACvB,iBAAiB,EACjB,YAAY,EACZ,SAAS,EACT,eAAe,EACf,cAAc,EACd,eAAe,EACf,UAAU,EACV,eAAe,EACf,kBAAkB,EAClB,yBAAyB,GAC1B,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,UAAU,EACV,gBAAgB,EAChB,YAAY,EACZ,mBAAmB,EACnB,sBAAsB,EACtB,eAAe,EACf,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,uBAAuB,EACvB,qBAAqB,EACrB,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,gBAAgB,EAChB,QAAQ,GACT,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,cAAc,EACd,WAAW,EACX,YAAY,GACb,MAAM,yBAAyB,CAAC;AAEjC,YAAY,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AAEtE,OAAO,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AAGvD,OAAO,EACL,SAAS,EACT,cAAc,EACd,iBAAiB,EACjB,aAAa,GACd,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,gBAAgB,EAChB,SAAS,EACT,cAAc,GACf,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAE1D,YAAY,EACV,UAAU,EACV,UAAU,EACV,IAAI,EACJ,cAAc,EACd,YAAY,GACb,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,YAAY,EACZ,MAAM,EACN,cAAc,GACf,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,iBAAiB,EACjB,WAAW,EACX,QAAQ,EACR,iBAAiB,EACjB,cAAc,GACf,MAAM,uBAAuB,CAAC"}

package/dist/index.js

@@ -7,7 +7,7 @@
  * Cognito User Pool validation, and built-in infrastructure middlewares.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.crmGuard = exports.tenantGuard = exports.initTenantContext = exports.tenantInfoToHeaders = exports.tenantInfoFromHeaders = exports.tenantInfoFromClaims = exports.TENANT_HEADERS = exports.isPlan = exports.isTenantType = exports.TenantContext = exports.getCorsHeaders = exports.getHeader = exports.normalizeHeaders = exports.normalizePath = exports.hasPathParameters = exports.patternToRegex = exports.matchPath = exports.verifyJwt = exports.hasAllGroups = exports.hasAnyGroup = exports.validateIssuer = exports.extractUserPoolId = exports.extractIdentity = exports.withCors = exports.applyCorsHeaders = exports.createPreflightResponse = exports.isPreflightRequest = exports.withJsonBodyParser = exports.parseQueryParams = exports.parseJsonBody = exports.customErrorResponse = exports.internalErrorResponse = exports.validationErrorResponse = exports.conflictResponse = exports.notFoundResponse = exports.forbiddenResponse = exports.unauthorizedResponse = exports.badRequestResponse = exports.createdResponse = exports.successResponse = exports.createStandardResponse = exports.DefaultResponseCode = exports.HttpStatus = exports.RouteSegment = exports.EventType = exports.createOrchestrator = exports.detectEventType = void 0;
+exports.requireFeature = exports.requirePermission = exports.crmGuard = exports.tenantGuard = exports.initTenantContext = exports.tenantInfoToHeaders = exports.tenantInfoFromHeaders = exports.tenantInfoFromClaims = exports.TENANT_HEADERS = exports.isPlan = exports.isTenantType = exports.TenantContext = exports.getCorsHeaders = exports.getHeader = exports.normalizeHeaders = exports.normalizePath = exports.hasPathParameters = exports.patternToRegex = exports.matchPath = exports.verifyJwt = exports.hasAllGroups = exports.hasAnyGroup = exports.validateIssuer = exports.extractUserPoolId = exports.extractIdentity = exports.withCors = exports.applyCorsHeaders = exports.createPreflightResponse = exports.isPreflightRequest = exports.withJsonBodyParser = exports.parseQueryParams = exports.parseJsonBody = exports.customErrorResponse = exports.internalErrorResponse = exports.validationErrorResponse = exports.conflictResponse = exports.notFoundResponse = exports.forbiddenResponse = exports.unauthorizedResponse = exports.badRequestResponse = exports.createdResponse = exports.successResponse = exports.createStandardResponse = exports.DefaultResponseCode = exports.HttpStatus = exports.RouteSegment = exports.EventType = exports.createOrchestrator = exports.detectEventType = void 0;
 // Core dispatcher
 var dispatcher_js_1 = require("./dispatcher.js");
 Object.defineProperty(exports, "dispatchEvent", { enumerable: true, get: function () { return dispatcher_js_1.dispatchEvent; } });
@@ -77,4 +77,6 @@ var index_js_1 = require("./middleware/index.js");
 Object.defineProperty(exports, "initTenantContext", { enumerable: true, get: function () { return index_js_1.initTenantContext; } });
 Object.defineProperty(exports, "tenantGuard", { enumerable: true, get: function () { return index_js_1.tenantGuard; } });
 Object.defineProperty(exports, "crmGuard", { enumerable: true, get: function () { return index_js_1.crmGuard; } });
+Object.defineProperty(exports, "requirePermission", { enumerable: true, get: function () { return index_js_1.requirePermission; } });
+Object.defineProperty(exports, "requireFeature", { enumerable: true, get: function () { return index_js_1.requireFeature; } });
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAEH,kBAAkB;AAClB,iDAAqF;AAA5E,8GAAA,aAAa,OAAA;AAAE,gHAAA,eAAe,OAAA;AAAE,mHAAA,kBAAkB,OAAA;AAE3D,QAAQ;AACR,iEAGoC;AAFlC,+GAAA,SAAS,OAAA;AACT,kHAAA,YAAY,OAAA;AAyBd,iBAAiB;AACjB,kDAgB4B;AAf1B,yGAAA,UAAU,OAAA;AAGV,kHAAA,mBAAmB,OAAA;AACnB,qHAAA,sBAAsB,OAAA;AACtB,8GAAA,eAAe,OAAA;AACf,8GAAA,eAAe,OAAA;AACf,iHAAA,kBAAkB,OAAA;AAClB,mHAAA,oBAAoB,OAAA;AACpB,gHAAA,iBAAiB,OAAA;AACjB,+GAAA,gBAAgB,OAAA;AAChB,+GAAA,gBAAgB,OAAA;AAChB,sHAAA,uBAAuB,OAAA;AACvB,oHAAA,qBAAqB,OAAA;AACrB,kHAAA,mBAAmB,OAAA;AAGrB,wDAI+B;AAH7B,+GAAA,aAAa,OAAA;AACb,kHAAA,gBAAgB,OAAA;AAChB,oHAAA,kBAAkB,OAAA;AAGpB,0CAKwB;AAJtB,6GAAA,kBAAkB,OAAA;AAClB,kHAAA,uBAAuB,OAAA;AACvB,2GAAA,gBAAgB,OAAA;AAChB,mGAAA,QAAQ,OAAA;AAGV,qBAAqB;AACrB,wDAMiC;AAL/B,+GAAA,eAAe,OAAA;AACf,iHAAA,iBAAiB,OAAA;AACjB,8GAAA,cAAc,OAAA;AACd,2GAAA,WAAW,OAAA;AACX,4GAAA,YAAY,OAAA;AAKd,8DAAuD;AAA9C,4GAAA,SAAS,OAAA;AAElB,iBAAiB;AACjB,2DAKiC;AAJ/B,4GAAA,SAAS,OAAA;AACT,iHAAA,cAAc,OAAA;AACd,oHAAA,iBAAiB,OAAA;AACjB,gHAAA,aAAa,OAAA;AAGf,mBAAmB;AACnB,iDAI4B;AAH1B,8GAAA,gBAAgB,OAAA;AAChB,uGAAA,SAAS,OAAA;AACT,4GAAA,cAAc,OAAA;AAGhB,iBAAiB;AACjB,8DAA0D;AAAjD,iHAAA,aAAa,OAAA;AAUtB,8CAI2B;AAHzB,wGAAA,YAAY,OAAA;AACZ,kGAAA,MAAM,OAAA;AACN,0GAAA,cAAc,OAAA;AAGhB,kDAI6B;AAH3B,kHAAA,oBAAoB,OAAA;AACpB,mHAAA,qBAAqB,OAAA;AACrB,iHAAA,mBAAmB,OAAA;AAGrB,oBAAoB;AACpB,kDAI+B;AAH7B,6GAAA,iBAAiB,OAAA;AACjB,uGAAA,WAAW,OAAA;AACX,oGAAA,QAAQ,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAEH,kBAAkB;AAClB,iDAAqF;AAA5E,8GAAA,aAAa,OAAA;AAAE,gHAAA,eAAe,OAAA;AAAE,mHAAA,kBAAkB,OAAA;AAE3D,QAAQ;AACR,iEAGoC;AAFlC,+GAAA,SAAS,OAAA;AACT,kHAAA,YAAY,OAAA;AAyBd,iBAAiB;AACjB,kDAgB4B;AAf1B,yGAAA,UAAU,OAAA;AAGV,kHAAA,mBAAmB,OAAA;AACnB,qHAAA,sBAAsB,OAAA;AACtB,8GAAA,eAAe,OAAA;AACf,8GAAA,eAAe,OAAA;AACf,iHAAA,kBAAkB,OAAA;AAClB,mHAAA,oBAAoB,OAAA;AACpB,gHAAA,iBAAiB,OAAA;AACjB,+GAAA,gBAAgB,OAAA;AAChB,+GAAA,gBAAgB,OAAA;AAChB,sHAAA,uBAAuB,OAAA;AACvB,oHAAA,qBAAqB,OAAA;AACrB,kHAAA,mBAAmB,OAAA;AAGrB,wDAI+B;AAH7B,+GAAA,aAAa,OAAA;AACb,kHAAA,gBAAgB,OAAA;AAChB,oHAAA,kBAAkB,OAAA;AAGpB,0CAKwB;AAJtB,6GAAA,kBAAkB,OAAA;AAClB,kHAAA,uBAAuB,OAAA;AACvB,2GAAA,gBAAgB,OAAA;AAChB,mGAAA,QAAQ,OAAA;AAGV,qBAAqB;AACrB,wDAMiC;AAL/B,+GAAA,eAAe,OAAA;AACf,iHAAA,iBAAiB,OAAA;AACjB,8GAAA,cAAc,OAAA;AACd,2GAAA,WAAW,OAAA;AACX,4GAAA,YAAY,OAAA;AAKd,8DAAuD;AAA9C,4GAAA,SAAS,OAAA;AAElB,iBAAiB;AACjB,2DAKiC;AAJ/B,4GAAA,SAAS,OAAA;AACT,iHAAA,cAAc,OAAA;AACd,oHAAA,iBAAiB,OAAA;AACjB,gHAAA,aAAa,OAAA;AAGf,mBAAmB;AACnB,iDAI4B;AAH1B,8GAAA,gBAAgB,OAAA;AAChB,uGAAA,SAAS,OAAA;AACT,4GAAA,cAAc,OAAA;AAGhB,iBAAiB;AACjB,8DAA0D;AAAjD,iHAAA,aAAa,OAAA;AAUtB,8CAI2B;AAHzB,wGAAA,YAAY,OAAA;AACZ,kGAAA,MAAM,OAAA;AACN,0GAAA,cAAc,OAAA;AAGhB,kDAI6B;AAH3B,kHAAA,oBAAoB,OAAA;AACpB,mHAAA,qBAAqB,OAAA;AACrB,iHAAA,mBAAmB,OAAA;AAGrB,oBAAoB;AACpB,kDAM+B;AAL7B,6GAAA,iBAAiB,OAAA;AACjB,uGAAA,WAAW,OAAA;AACX,oGAAA,QAAQ,OAAA;AACR,6GAAA,iBAAiB,OAAA;AACjB,0GAAA,cAAc,OAAA"}

package/dist/middleware/index.d.ts

@@ -1,4 +1,6 @@
 export { initTenantContext } from './init-tenant-context.js';
 export { tenantGuard } from './tenant-guard.js';
 export { crmGuard } from './crm-guard.js';
+export { requirePermission } from './require-permission.js';
+export { requireFeature } from './require-feature.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/middleware/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAC1C,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC"}

package/dist/middleware/index.js

@@ -1,10 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.crmGuard = exports.tenantGuard = exports.initTenantContext = void 0;
+exports.requireFeature = exports.requirePermission = exports.crmGuard = exports.tenantGuard = exports.initTenantContext = void 0;
 var init_tenant_context_js_1 = require("./init-tenant-context.js");
 Object.defineProperty(exports, "initTenantContext", { enumerable: true, get: function () { return init_tenant_context_js_1.initTenantContext; } });
 var tenant_guard_js_1 = require("./tenant-guard.js");
 Object.defineProperty(exports, "tenantGuard", { enumerable: true, get: function () { return tenant_guard_js_1.tenantGuard; } });
 var crm_guard_js_1 = require("./crm-guard.js");
 Object.defineProperty(exports, "crmGuard", { enumerable: true, get: function () { return crm_guard_js_1.crmGuard; } });
+var require_permission_js_1 = require("./require-permission.js");
+Object.defineProperty(exports, "requirePermission", { enumerable: true, get: function () { return require_permission_js_1.requirePermission; } });
+var require_feature_js_1 = require("./require-feature.js");
+Object.defineProperty(exports, "requireFeature", { enumerable: true, get: function () { return require_feature_js_1.requireFeature; } });
 //# sourceMappingURL=index.js.map

package/dist/middleware/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":";;;AAAA,mEAA6D;AAApD,2HAAA,iBAAiB,OAAA;AAC1B,qDAAgD;AAAvC,8GAAA,WAAW,OAAA;AACpB,+CAA0C;AAAjC,wGAAA,QAAQ,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":";;;AAAA,mEAA6D;AAApD,2HAAA,iBAAiB,OAAA;AAC1B,qDAAgD;AAAvC,8GAAA,WAAW,OAAA;AACpB,+CAA0C;AAAjC,wGAAA,QAAQ,OAAA;AACjB,iEAA4D;AAAnD,0HAAA,iBAAiB,OAAA;AAC1B,2DAAsD;AAA7C,oHAAA,cAAc,OAAA"}

package/dist/middleware/require-feature.d.ts

@@ -0,0 +1,36 @@
+import type { MiddlewareFn } from '../types/routes.js';
+/**
+ * Factory that builds a route-level premium-feature guard.
+ *
+ * Reads the `features` claim (a CSV of feature CODES) from
+ * event.context.identity.claims.features, minted by ml-auth's
+ * PreTokenGeneration. The claim holds the premium feature codes the tenant's
+ * plan TIER unlocks (tenant-wide). Passes when the identity holds AT LEAST ONE
+ * of the required codes. PLATFORM_ADMIN always bypasses.
+ *
+ * The features model is DEFAULT-OPEN: only premium endpoints attach this guard;
+ * unrestricted (free) endpoints attach nothing. So a feature that is not gated
+ * never reaches this middleware.
+ *
+ * Attach ONLY on private/backoffice routes — NEVER on internal routes
+ * (those are Lambda-to-Lambda IAM-authed and carry no JWT features claim).
+ *
+ * Throws forbiddenResponse (403, code FEATURE_NOT_IN_PLAN) on a miss; the
+ * dispatcher catches the thrown HttpResponse and returns it.
+ *
+ * Usage:
+ * ```typescript
+ * private: {
+ *   post: {
+ *     '/properties/{id}/ai-description': {
+ *       handler: generateAiDescription,
+ *       middleware: [requireFeature('aiDescriptions')],
+ *     },
+ *   },
+ * }
+ * ```
+ *
+ * @param code - A single feature code, or an array (ANY match passes).
+ */
+export declare function requireFeature(code: string | string[]): MiddlewareFn;
+//# sourceMappingURL=require-feature.d.ts.map

package/dist/middleware/require-feature.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"require-feature.d.ts","sourceRoot":"","sources":["../../src/middleware/require-feature.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAmB,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAqBxE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,YAAY,CAqBpE"}

package/dist/middleware/require-feature.js

@@ -0,0 +1,71 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireFeature = requireFeature;
+const response_js_1 = require("../http/response.js");
+const extractor_js_1 = require("../identity/extractor.js");
+/**
+ * Groups that bypass the feature check.
+ * PLATFORM_ADMIN = MLHolding employees in the Backoffice pool.
+ */
+const FEATURE_BYPASS_ROLES = ['PLATFORM_ADMIN'];
+/**
+ * Parses the `features` JWT claim into a string[] of feature CODES.
+ * The claim can arrive as a comma-separated string (Cognito) or an array,
+ * mirroring how parseGroups handles cognito:groups.
+ */
+function parseFeatures(features) {
+    if (!features)
+        return [];
+    if (Array.isArray(features))
+        return features;
+    return features.split(',').map(f => f.trim()).filter(Boolean);
+}
+/**
+ * Factory that builds a route-level premium-feature guard.
+ *
+ * Reads the `features` claim (a CSV of feature CODES) from
+ * event.context.identity.claims.features, minted by ml-auth's
+ * PreTokenGeneration. The claim holds the premium feature codes the tenant's
+ * plan TIER unlocks (tenant-wide). Passes when the identity holds AT LEAST ONE
+ * of the required codes. PLATFORM_ADMIN always bypasses.
+ *
+ * The features model is DEFAULT-OPEN: only premium endpoints attach this guard;
+ * unrestricted (free) endpoints attach nothing. So a feature that is not gated
+ * never reaches this middleware.
+ *
+ * Attach ONLY on private/backoffice routes — NEVER on internal routes
+ * (those are Lambda-to-Lambda IAM-authed and carry no JWT features claim).
+ *
+ * Throws forbiddenResponse (403, code FEATURE_NOT_IN_PLAN) on a miss; the
+ * dispatcher catches the thrown HttpResponse and returns it.
+ *
+ * Usage:
+ * ```typescript
+ * private: {
+ *   post: {
+ *     '/properties/{id}/ai-description': {
+ *       handler: generateAiDescription,
+ *       middleware: [requireFeature('aiDescriptions')],
+ *     },
+ *   },
+ * }
+ * ```
+ *
+ * @param code - A single feature code, or an array (ANY match passes).
+ */
+function requireFeature(code) {
+    const requiredCodes = Array.isArray(code) ? code : [code];
+    return async (event) => {
+        // PLATFORM_ADMIN bypasses the feature check
+        if ((0, extractor_js_1.hasAnyGroup)(event.context.identity, FEATURE_BYPASS_ROLES)) {
+            return event;
+        }
+        const unlocked = parseFeatures(event.context.identity?.claims?.features);
+        const hasAny = requiredCodes.some(required => unlocked.includes(required));
+        if (!hasAny) {
+            throw (0, response_js_1.forbiddenResponse)(`Missing required feature: ${requiredCodes.join(' or ')}`, 'FEATURE_NOT_IN_PLAN');
+        }
+        return event;
+    };
+}
+//# sourceMappingURL=require-feature.js.map

package/dist/middleware/require-feature.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"require-feature.js","sourceRoot":"","sources":["../../src/middleware/require-feature.ts"],"names":[],"mappings":";;AAsDA,wCAqBC;AA1ED,qDAAwD;AACxD,2DAAuD;AAEvD;;;GAGG;AACH,MAAM,oBAAoB,GAAG,CAAC,gBAAgB,CAAC,CAAC;AAEhD;;;;GAIG;AACH,SAAS,aAAa,CAAC,QAAuC;IAC5D,IAAI,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IACzB,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC7C,OAAO,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AAChE,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,SAAgB,cAAc,CAAC,IAAuB;IACpD,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAE1D,OAAO,KAAK,EAAE,KAAsB,EAA4B,EAAE;QAChE,4CAA4C;QAC5C,IAAI,IAAA,0BAAW,EAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,oBAAoB,CAAC,EAAE,CAAC;YAC9D,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAEzE,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC3E,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAA,+BAAiB,EACrB,6BAA6B,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,EACzD,qBAA4B,CAC7B,CAAC;QACJ,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;AACJ,CAAC"}

package/dist/middleware/require-permission.d.ts

@@ -0,0 +1,31 @@
+import type { MiddlewareFn } from '../types/routes.js';
+/**
+ * Factory that builds a route-level authorization guard.
+ *
+ * Reads the `permissions` claim (a CSV of permission CODES) from
+ * event.context.identity.claims.permissions, minted by ml-auth's
+ * PreTokenGeneration. Passes when the identity holds AT LEAST ONE of the
+ * required codes. PLATFORM_ADMIN always bypasses.
+ *
+ * Attach ONLY on private/backoffice routes — NEVER on internal routes
+ * (those are Lambda-to-Lambda IAM-authed and carry no JWT permissions claim).
+ *
+ * Throws forbiddenResponse (403, code PERMISSION_DENIED) on a miss; the
+ * dispatcher catches the thrown HttpResponse and returns it.
+ *
+ * Usage:
+ * ```typescript
+ * backoffice: {
+ *   post: {
+ *     '/backoffice/plans': {
+ *       handler: createPlan,
+ *       middleware: [requirePermission('MANAGE_PLANS')],
+ *     },
+ *   },
+ * }
+ * ```
+ *
+ * @param code - A single permission code, or an array (ANY match passes).
+ */
+export declare function requirePermission(code: string | string[]): MiddlewareFn;
+//# sourceMappingURL=require-permission.d.ts.map

package/dist/middleware/require-permission.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"require-permission.d.ts","sourceRoot":"","sources":["../../src/middleware/require-permission.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAmB,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAqBxE;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,YAAY,CAqBvE"}

package/dist/middleware/require-permission.js

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requirePermission = requirePermission;
+const response_js_1 = require("../http/response.js");
+const extractor_js_1 = require("../identity/extractor.js");
+/**
+ * Groups that bypass the permission check.
+ * PLATFORM_ADMIN = MLHolding employees in the Backoffice pool.
+ */
+const PERMISSION_BYPASS_ROLES = ['PLATFORM_ADMIN'];
+/**
+ * Parses the `permissions` JWT claim into a string[] of permission CODES.
+ * The claim can arrive as a comma-separated string (Cognito) or an array,
+ * mirroring how parseGroups handles cognito:groups.
+ */
+function parsePermissions(permissions) {
+    if (!permissions)
+        return [];
+    if (Array.isArray(permissions))
+        return permissions;
+    return permissions.split(',').map(p => p.trim()).filter(Boolean);
+}
+/**
+ * Factory that builds a route-level authorization guard.
+ *
+ * Reads the `permissions` claim (a CSV of permission CODES) from
+ * event.context.identity.claims.permissions, minted by ml-auth's
+ * PreTokenGeneration. Passes when the identity holds AT LEAST ONE of the
+ * required codes. PLATFORM_ADMIN always bypasses.
+ *
+ * Attach ONLY on private/backoffice routes — NEVER on internal routes
+ * (those are Lambda-to-Lambda IAM-authed and carry no JWT permissions claim).
+ *
+ * Throws forbiddenResponse (403, code PERMISSION_DENIED) on a miss; the
+ * dispatcher catches the thrown HttpResponse and returns it.
+ *
+ * Usage:
+ * ```typescript
+ * backoffice: {
+ *   post: {
+ *     '/backoffice/plans': {
+ *       handler: createPlan,
+ *       middleware: [requirePermission('MANAGE_PLANS')],
+ *     },
+ *   },
+ * }
+ * ```
+ *
+ * @param code - A single permission code, or an array (ANY match passes).
+ */
+function requirePermission(code) {
+    const requiredCodes = Array.isArray(code) ? code : [code];
+    return async (event) => {
+        // PLATFORM_ADMIN bypasses the permission check
+        if ((0, extractor_js_1.hasAnyGroup)(event.context.identity, PERMISSION_BYPASS_ROLES)) {
+            return event;
+        }
+        const granted = parsePermissions(event.context.identity?.claims?.permissions);
+        const hasAny = requiredCodes.some(required => granted.includes(required));
+        if (!hasAny) {
+            throw (0, response_js_1.forbiddenResponse)(`Missing required permission: ${requiredCodes.join(' or ')}`, 'PERMISSION_DENIED');
+        }
+        return event;
+    };
+}
+//# sourceMappingURL=require-permission.js.map

package/dist/middleware/require-permission.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"require-permission.js","sourceRoot":"","sources":["../../src/middleware/require-permission.ts"],"names":[],"mappings":";;AAiDA,8CAqBC;AArED,qDAAwD;AACxD,2DAAuD;AAEvD;;;GAGG;AACH,MAAM,uBAAuB,GAAG,CAAC,gBAAgB,CAAC,CAAC;AAEnD;;;;GAIG;AACH,SAAS,gBAAgB,CAAC,WAA0C;IAClE,IAAI,CAAC,WAAW;QAAE,OAAO,EAAE,CAAC;IAC5B,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC;QAAE,OAAO,WAAW,CAAC;IACnD,OAAO,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AACnE,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,SAAgB,iBAAiB,CAAC,IAAuB;IACvD,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAE1D,OAAO,KAAK,EAAE,KAAsB,EAA4B,EAAE;QAChE,+CAA+C;QAC/C,IAAI,IAAA,0BAAW,EAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,uBAAuB,CAAC,EAAE,CAAC;YACjE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;QAE9E,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC1E,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAA,+BAAiB,EACrB,gCAAgC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,EAC5D,mBAA0B,CAC3B,CAAC;QACJ,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "serverless-event-orchestrator",
-  "version": "2.5.0",
+  "version": "2.6.0",
   "description": "A lightweight, type-safe event dispatcher and middleware orchestrator for AWS Lambda. Designed for hexagonal architectures with support for segmented routing (public, private, backoffice), Cognito User Pool validation, and built-in infrastructure middlewares.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/dispatcher.ts

@@ -485,6 +485,13 @@ export async function dispatchEvent(
       if (routeMatch.middleware?.length) {
         normalized = await executeMiddleware(routeMatch.middleware, normalized);
       }
+
+      // Execute per-route middleware (RouteConfig.middleware) — runs LAST,
+      // after global and segment middleware, so route-level guards like
+      // requirePermission(...) and crmGuard see a fully-initialized context.
+      if (routeMatch.config.middleware?.length) {
+        normalized = await executeMiddleware(routeMatch.config.middleware, normalized);
+      }
     } catch (thrown) {
       // If middleware threw an HttpResponse (e.g., forbiddenResponse from tenantGuard), return it
       if (isHttpResponse(thrown)) {

package/src/index.ts

@@ -125,4 +125,6 @@ export {
   initTenantContext,
   tenantGuard,
   crmGuard,
+  requirePermission,
+  requireFeature,
 } from './middleware/index.js';

package/src/middleware/index.ts

@@ -1,3 +1,5 @@
 export { initTenantContext } from './init-tenant-context.js';
 export { tenantGuard } from './tenant-guard.js';
 export { crmGuard } from './crm-guard.js';
+export { requirePermission } from './require-permission.js';
+export { requireFeature } from './require-feature.js';

package/src/middleware/require-feature.ts

@@ -0,0 +1,76 @@
+import type { NormalizedEvent, MiddlewareFn } from '../types/routes.js';
+import { forbiddenResponse } from '../http/response.js';
+import { hasAnyGroup } from '../identity/extractor.js';
+
+/**
+ * Groups that bypass the feature check.
+ * PLATFORM_ADMIN = MLHolding employees in the Backoffice pool.
+ */
+const FEATURE_BYPASS_ROLES = ['PLATFORM_ADMIN'];
+
+/**
+ * Parses the `features` JWT claim into a string[] of feature CODES.
+ * The claim can arrive as a comma-separated string (Cognito) or an array,
+ * mirroring how parseGroups handles cognito:groups.
+ */
+function parseFeatures(features: string | string[] | undefined): string[] {
+  if (!features) return [];
+  if (Array.isArray(features)) return features;
+  return features.split(',').map(f => f.trim()).filter(Boolean);
+}
+
+/**
+ * Factory that builds a route-level premium-feature guard.
+ *
+ * Reads the `features` claim (a CSV of feature CODES) from
+ * event.context.identity.claims.features, minted by ml-auth's
+ * PreTokenGeneration. The claim holds the premium feature codes the tenant's
+ * plan TIER unlocks (tenant-wide). Passes when the identity holds AT LEAST ONE
+ * of the required codes. PLATFORM_ADMIN always bypasses.
+ *
+ * The features model is DEFAULT-OPEN: only premium endpoints attach this guard;
+ * unrestricted (free) endpoints attach nothing. So a feature that is not gated
+ * never reaches this middleware.
+ *
+ * Attach ONLY on private/backoffice routes — NEVER on internal routes
+ * (those are Lambda-to-Lambda IAM-authed and carry no JWT features claim).
+ *
+ * Throws forbiddenResponse (403, code FEATURE_NOT_IN_PLAN) on a miss; the
+ * dispatcher catches the thrown HttpResponse and returns it.
+ *
+ * Usage:
+ * ```typescript
+ * private: {
+ *   post: {
+ *     '/properties/{id}/ai-description': {
+ *       handler: generateAiDescription,
+ *       middleware: [requireFeature('aiDescriptions')],
+ *     },
+ *   },
+ * }
+ * ```
+ *
+ * @param code - A single feature code, or an array (ANY match passes).
+ */
+export function requireFeature(code: string | string[]): MiddlewareFn {
+  const requiredCodes = Array.isArray(code) ? code : [code];
+
+  return async (event: NormalizedEvent): Promise<NormalizedEvent> => {
+    // PLATFORM_ADMIN bypasses the feature check
+    if (hasAnyGroup(event.context.identity, FEATURE_BYPASS_ROLES)) {
+      return event;
+    }
+
+    const unlocked = parseFeatures(event.context.identity?.claims?.features);
+
+    const hasAny = requiredCodes.some(required => unlocked.includes(required));
+    if (!hasAny) {
+      throw forbiddenResponse(
+        `Missing required feature: ${requiredCodes.join(' or ')}`,
+        'FEATURE_NOT_IN_PLAN' as any
+      );
+    }
+
+    return event;
+  };
+}

package/src/middleware/require-permission.ts

@@ -0,0 +1,71 @@
+import type { NormalizedEvent, MiddlewareFn } from '../types/routes.js';
+import { forbiddenResponse } from '../http/response.js';
+import { hasAnyGroup } from '../identity/extractor.js';
+
+/**
+ * Groups that bypass the permission check.
+ * PLATFORM_ADMIN = MLHolding employees in the Backoffice pool.
+ */
+const PERMISSION_BYPASS_ROLES = ['PLATFORM_ADMIN'];
+
+/**
+ * Parses the `permissions` JWT claim into a string[] of permission CODES.
+ * The claim can arrive as a comma-separated string (Cognito) or an array,
+ * mirroring how parseGroups handles cognito:groups.
+ */
+function parsePermissions(permissions: string | string[] | undefined): string[] {
+  if (!permissions) return [];
+  if (Array.isArray(permissions)) return permissions;
+  return permissions.split(',').map(p => p.trim()).filter(Boolean);
+}
+
+/**
+ * Factory that builds a route-level authorization guard.
+ *
+ * Reads the `permissions` claim (a CSV of permission CODES) from
+ * event.context.identity.claims.permissions, minted by ml-auth's
+ * PreTokenGeneration. Passes when the identity holds AT LEAST ONE of the
+ * required codes. PLATFORM_ADMIN always bypasses.
+ *
+ * Attach ONLY on private/backoffice routes — NEVER on internal routes
+ * (those are Lambda-to-Lambda IAM-authed and carry no JWT permissions claim).
+ *
+ * Throws forbiddenResponse (403, code PERMISSION_DENIED) on a miss; the
+ * dispatcher catches the thrown HttpResponse and returns it.
+ *
+ * Usage:
+ * ```typescript
+ * backoffice: {
+ *   post: {
+ *     '/backoffice/plans': {
+ *       handler: createPlan,
+ *       middleware: [requirePermission('MANAGE_PLANS')],
+ *     },
+ *   },
+ * }
+ * ```
+ *
+ * @param code - A single permission code, or an array (ANY match passes).
+ */
+export function requirePermission(code: string | string[]): MiddlewareFn {
+  const requiredCodes = Array.isArray(code) ? code : [code];
+
+  return async (event: NormalizedEvent): Promise<NormalizedEvent> => {
+    // PLATFORM_ADMIN bypasses the permission check
+    if (hasAnyGroup(event.context.identity, PERMISSION_BYPASS_ROLES)) {
+      return event;
+    }
+
+    const granted = parsePermissions(event.context.identity?.claims?.permissions);
+
+    const hasAny = requiredCodes.some(required => granted.includes(required));
+    if (!hasAny) {
+      throw forbiddenResponse(
+        `Missing required permission: ${requiredCodes.join(' or ')}`,
+        'PERMISSION_DENIED' as any
+      );
+    }
+
+    return event;
+  };
+}

package/tests/dispatcher.test.ts

@@ -679,6 +679,108 @@ describe('dispatchEvent - User Pool Validation', () => {
   });
 });
 
+describe('dispatchEvent - Per-Route Middleware (RouteConfig.middleware)', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should execute middleware declared on an individual route', async () => {
+    const handler = jest.fn().mockResolvedValue({ statusCode: 200, body: '{}' });
+    const routeMw = jest.fn().mockImplementation((event: NormalizedEvent) => event);
+
+    const routes: DispatchRoutes = {
+      apigateway: {
+        private: {
+          get: {
+            '/profile': { handler, middleware: [routeMw] },
+          },
+        },
+      } as SegmentedHttpRouter,
+    };
+
+    const event = {
+      requestContext: { requestId: '123' },
+      httpMethod: 'GET',
+      resource: '/profile',
+      path: '/profile',
+      headers: {},
+      body: null,
+    };
+
+    await dispatchEvent(event, routes);
+
+    expect(routeMw).toHaveBeenCalledTimes(1);
+    expect(handler).toHaveBeenCalledTimes(1);
+  });
+
+  it('should run middleware in order: global -> segment -> route', async () => {
+    const callOrder: string[] = [];
+    const globalMw = jest.fn().mockImplementation((e: NormalizedEvent) => { callOrder.push('global'); return e; });
+    const segmentMw = jest.fn().mockImplementation((e: NormalizedEvent) => { callOrder.push('segment'); return e; });
+    const routeMw = jest.fn().mockImplementation((e: NormalizedEvent) => { callOrder.push('route'); return e; });
+    const handler = jest.fn().mockImplementation((_e: NormalizedEvent) => { callOrder.push('handler'); return { statusCode: 200, body: '{}' }; });
+
+    const routes: DispatchRoutes = {
+      apigateway: {
+        private: {
+          middleware: [segmentMw],
+          routes: {
+            get: {
+              '/profile': { handler, middleware: [routeMw] },
+            },
+          },
+        },
+      } as any,
+    };
+
+    const event = {
+      requestContext: { requestId: '123' },
+      httpMethod: 'GET',
+      resource: '/profile',
+      path: '/profile',
+      headers: {},
+      body: null,
+    };
+
+    await dispatchEvent(event, routes, { globalMiddleware: [globalMw] });
+
+    expect(callOrder).toEqual(['global', 'segment', 'route', 'handler']);
+  });
+
+  it('should short-circuit and return the HttpResponse a per-route middleware throws', async () => {
+    const handler = jest.fn().mockResolvedValue({ statusCode: 200, body: '{}' });
+    const blockingMw = jest.fn().mockImplementation(async () => {
+      throw { statusCode: 403, body: JSON.stringify({ status: 403, code: 'PERMISSION_DENIED' }) };
+    });
+
+    const routes: DispatchRoutes = {
+      apigateway: {
+        backoffice: {
+          post: {
+            '/backoffice/plans': { handler, middleware: [blockingMw] },
+          },
+        },
+      } as SegmentedHttpRouter,
+    };
+
+    const event = {
+      requestContext: { requestId: '123' },
+      httpMethod: 'POST',
+      resource: '/backoffice/plans',
+      path: '/backoffice/plans',
+      headers: {},
+      body: null,
+    };
+
+    const result = await dispatchEvent(event, routes);
+
+    expect(blockingMw).toHaveBeenCalledTimes(1);
+    expect(handler).not.toHaveBeenCalled();
+    expect(result.statusCode).toBe(403);
+    expect(JSON.parse(result.body).code).toBe('PERMISSION_DENIED');
+  });
+});
+
 describe('dispatchEvent - Internal Segment', () => {
   const mockHandler = jest.fn().mockResolvedValue({ statusCode: 200, body: '{}' });
 

package/tests/middleware/require-feature.test.ts

@@ -0,0 +1,110 @@
+import { requireFeature } from '../../src/middleware/require-feature';
+import { RouteSegment } from '../../src/types/event-type.enum';
+import type { NormalizedEvent } from '../../src/types/routes';
+
+function createEvent(options: {
+  features?: string | string[];
+  groups?: string[];
+}): NormalizedEvent {
+  const claims: Record<string, any> = {};
+  if (options.features !== undefined) {
+    claims.features = options.features;
+  }
+
+  return {
+    eventRaw: {},
+    eventType: 'apigateway',
+    payload: { headers: {} },
+    params: {},
+    context: {
+      segment: RouteSegment.Private,
+      identity: {
+        userId: 'user-1',
+        groups: options.groups ?? [],
+        claims,
+      },
+      requestId: 'req-test',
+    },
+  };
+}
+
+describe('requireFeature', () => {
+  it('allows access when the required code is present (CSV claim)', async () => {
+    const mw = requireFeature('aiDescriptions');
+    const event = createEvent({ features: 'virtualTours,aiDescriptions,bulkExport' });
+    const result = await mw(event);
+    expect(result).toBeDefined();
+  });
+
+  it('allows access when the required code is present (array claim)', async () => {
+    const mw = requireFeature('aiDescriptions');
+    const event = createEvent({ features: ['virtualTours', 'aiDescriptions'] });
+    const result = await mw(event);
+    expect(result).toBeDefined();
+  });
+
+  it('throws 403 when the required code is missing', async () => {
+    const mw = requireFeature('aiDescriptions');
+    const event = createEvent({ features: 'virtualTours,bulkExport' });
+    await expect(mw(event)).rejects.toMatchObject({ statusCode: 403 });
+  });
+
+  it('throws 403 when the features claim is absent', async () => {
+    const mw = requireFeature('aiDescriptions');
+    const event = createEvent({});
+    await expect(mw(event)).rejects.toMatchObject({ statusCode: 403 });
+  });
+
+  it('error body includes FEATURE_NOT_IN_PLAN code and the missing feature', async () => {
+    const mw = requireFeature('bulkExport');
+    const event = createEvent({ features: 'aiDescriptions' });
+    try {
+      await mw(event);
+      fail('Should have thrown');
+    } catch (err: any) {
+      expect(err.statusCode).toBe(403);
+      const body = JSON.parse(err.body);
+      expect(body.code).toBe('FEATURE_NOT_IN_PLAN');
+      expect(body.message).toContain('bulkExport');
+    }
+  });
+
+  it('PLATFORM_ADMIN bypasses the feature check even with no features claim', async () => {
+    const mw = requireFeature('aiDescriptions');
+    const event = createEvent({ groups: ['PLATFORM_ADMIN'] });
+    const result = await mw(event);
+    expect(result).toBeDefined();
+  });
+
+  it('accepts string[] arg and passes when ANY required code is present', async () => {
+    const mw = requireFeature(['virtualTours', 'aiDescriptions']);
+    const event = createEvent({ features: 'bulkExport,aiDescriptions' });
+    const result = await mw(event);
+    expect(result).toBeDefined();
+  });
+
+  it('throws 403 with string[] arg when NONE of the required codes are present', async () => {
+    const mw = requireFeature(['virtualTours', 'aiDescriptions']);
+    const event = createEvent({ features: 'bulkExport,advancedSearch' });
+    await expect(mw(event)).rejects.toMatchObject({ statusCode: 403 });
+  });
+
+  it('trims whitespace in CSV claim values', async () => {
+    const mw = requireFeature('aiDescriptions');
+    const event = createEvent({ features: ' virtualTours , aiDescriptions , bulkExport ' });
+    const result = await mw(event);
+    expect(result).toBeDefined();
+  });
+});
+
+describe('requireFeature barrel exports', () => {
+  it('is exported from the middleware barrel', async () => {
+    const barrel = await import('../../src/middleware/index');
+    expect(typeof barrel.requireFeature).toBe('function');
+  });
+
+  it('is exported from the root barrel', async () => {
+    const root = await import('../../src/index');
+    expect(typeof root.requireFeature).toBe('function');
+  });
+});

package/tests/middleware/require-permission.test.ts

@@ -0,0 +1,110 @@
+import { requirePermission } from '../../src/middleware/require-permission';
+import { RouteSegment } from '../../src/types/event-type.enum';
+import type { NormalizedEvent } from '../../src/types/routes';
+
+function createEvent(options: {
+  permissions?: string | string[];
+  groups?: string[];
+}): NormalizedEvent {
+  const claims: Record<string, any> = {};
+  if (options.permissions !== undefined) {
+    claims.permissions = options.permissions;
+  }
+
+  return {
+    eventRaw: {},
+    eventType: 'apigateway',
+    payload: { headers: {} },
+    params: {},
+    context: {
+      segment: RouteSegment.Backoffice,
+      identity: {
+        userId: 'user-1',
+        groups: options.groups ?? [],
+        claims,
+      },
+      requestId: 'req-test',
+    },
+  };
+}
+
+describe('requirePermission', () => {
+  it('allows access when the required code is present (CSV claim)', async () => {
+    const mw = requirePermission('MANAGE_PLANS');
+    const event = createEvent({ permissions: 'READ_PROPERTY,MANAGE_PLANS,MANAGE_ROLES' });
+    const result = await mw(event);
+    expect(result).toBeDefined();
+  });
+
+  it('allows access when the required code is present (array claim)', async () => {
+    const mw = requirePermission('MANAGE_PLANS');
+    const event = createEvent({ permissions: ['READ_PROPERTY', 'MANAGE_PLANS'] });
+    const result = await mw(event);
+    expect(result).toBeDefined();
+  });
+
+  it('throws 403 when the required code is missing', async () => {
+    const mw = requirePermission('MANAGE_PLANS');
+    const event = createEvent({ permissions: 'READ_PROPERTY,CREATE_PROPERTY' });
+    await expect(mw(event)).rejects.toMatchObject({ statusCode: 403 });
+  });
+
+  it('throws 403 when the permissions claim is absent', async () => {
+    const mw = requirePermission('MANAGE_PLANS');
+    const event = createEvent({});
+    await expect(mw(event)).rejects.toMatchObject({ statusCode: 403 });
+  });
+
+  it('error body includes PERMISSION_DENIED code and the missing permission', async () => {
+    const mw = requirePermission('MANAGE_PERMISSIONS');
+    const event = createEvent({ permissions: 'READ_PROPERTY' });
+    try {
+      await mw(event);
+      fail('Should have thrown');
+    } catch (err: any) {
+      expect(err.statusCode).toBe(403);
+      const body = JSON.parse(err.body);
+      expect(body.code).toBe('PERMISSION_DENIED');
+      expect(body.message).toContain('MANAGE_PERMISSIONS');
+    }
+  });
+
+  it('PLATFORM_ADMIN bypasses the permission check even with no permissions claim', async () => {
+    const mw = requirePermission('MANAGE_PLANS');
+    const event = createEvent({ groups: ['PLATFORM_ADMIN'] });
+    const result = await mw(event);
+    expect(result).toBeDefined();
+  });
+
+  it('accepts string[] arg and passes when ANY required code is present', async () => {
+    const mw = requirePermission(['MANAGE_ROLES', 'MANAGE_USERS']);
+    const event = createEvent({ permissions: 'READ_PROPERTY,MANAGE_USERS' });
+    const result = await mw(event);
+    expect(result).toBeDefined();
+  });
+
+  it('throws 403 with string[] arg when NONE of the required codes are present', async () => {
+    const mw = requirePermission(['MANAGE_ROLES', 'MANAGE_USERS']);
+    const event = createEvent({ permissions: 'READ_PROPERTY,CREATE_PROPERTY' });
+    await expect(mw(event)).rejects.toMatchObject({ statusCode: 403 });
+  });
+
+  it('trims whitespace in CSV claim values', async () => {
+    const mw = requirePermission('MANAGE_PLANS');
+    const event = createEvent({ permissions: ' READ_PROPERTY , MANAGE_PLANS , MANAGE_ROLES ' });
+    const result = await mw(event);
+    expect(result).toBeDefined();
+  });
+});
+
+describe('requirePermission barrel exports', () => {
+  it('is exported from the middleware barrel', async () => {
+    const barrel = await import('../../src/middleware/index');
+    expect(typeof barrel.requirePermission).toBe('function');
+  });
+
+  it('is exported from the root barrel', async () => {
+    const root = await import('../../src/index');
+    expect(typeof root.requirePermission).toBe('function');
+  });
+});