toride 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/{chunk-2AWXNP37.js → chunk-GRFSE3QO.js} +85 -26
  2. package/dist/cli.js +86 -2
  3. package/dist/{client-aExMng5T.d.ts → client-CBp3admQ.d.ts} +80 -4
  4. package/dist/client.d.ts +1 -1
  5. package/dist/index.d.ts +68 -11
  6. package/dist/index.js +124 -6
  7. package/package.json +3 -2
  8. package/schema/.gitkeep +0 -0
  9. package/schema/policy.schema.json +1308 -0
package/schema/policy.schema.json ADDED
@@ -0,0 +1,1308 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://toride-auth.github.io/toride/schema/policy.schema.json",
4
+ "title": "Toride Policy",
5
+ "description": "Schema for toride authorization policy files (YAML or JSON)",
6
+ "type": "object",
7
+ "properties": {
8
+ "version": {
9
+ "const": "1",
10
+ "title": "Policy Version",
11
+ "description": "The version of the policy format (must be '1')"
12
+ },
13
+ "actors": {
14
+ "type": "object",
15
+ "additionalProperties": {
16
+ "type": "object",
17
+ "properties": {
18
+ "attributes": {
19
+ "type": "object",
20
+ "additionalProperties": {
21
+ "anyOf": [
22
+ {
23
+ "type": "object",
24
+ "properties": {
25
+ "kind": {
26
+ "const": "primitive"
27
+ },
28
+ "type": {
29
+ "enum": [
30
+ "string",
31
+ "number",
32
+ "boolean",
33
+ "string[]",
34
+ "number[]",
35
+ "boolean[]"
36
+ ]
37
+ }
38
+ },
39
+ "required": [
40
+ "kind",
41
+ "type"
42
+ ],
43
+ "additionalProperties": false
44
+ },
45
+ {
46
+ "type": "object",
47
+ "properties": {
48
+ "kind": {
49
+ "const": "object"
50
+ },
51
+ "fields": {
52
+ "type": "object",
53
+ "additionalProperties": {
54
+ "$ref": "#/$defs/AttributeSchema"
55
+ }
56
+ }
57
+ },
58
+ "required": [
59
+ "kind",
60
+ "fields"
61
+ ],
62
+ "additionalProperties": false
63
+ },
64
+ {
65
+ "type": "object",
66
+ "properties": {
67
+ "kind": {
68
+ "const": "array"
69
+ },
70
+ "items": {
71
+ "$ref": "#/$defs/AttributeSchema"
72
+ }
73
+ },
74
+ "required": [
75
+ "kind",
76
+ "items"
77
+ ],
78
+ "additionalProperties": false
79
+ }
80
+ ]
81
+ },
82
+ "title": "Attributes",
83
+ "description": "Attribute definitions for this actor or resource type"
84
+ }
85
+ },
86
+ "required": [
87
+ "attributes"
88
+ ],
89
+ "additionalProperties": false
90
+ },
91
+ "title": "Actors",
92
+ "description": "Define actor types and their attributes that can perform actions"
93
+ },
94
+ "global_roles": {
95
+ "type": "object",
96
+ "additionalProperties": {
97
+ "type": "object",
98
+ "properties": {
99
+ "actor_type": {
100
+ "type": "string"
101
+ },
102
+ "when": {
103
+ "anyOf": [
104
+ {
105
+ "type": "object",
106
+ "properties": {
107
+ "any": {
108
+ "type": "array",
109
+ "items": {
110
+ "$ref": "#/$defs/ConditionExpression"
111
+ }
112
+ }
113
+ },
114
+ "required": [
115
+ "any"
116
+ ],
117
+ "additionalProperties": false
118
+ },
119
+ {
120
+ "type": "object",
121
+ "properties": {
122
+ "all": {
123
+ "type": "array",
124
+ "items": {
125
+ "$ref": "#/$defs/ConditionExpression"
126
+ }
127
+ }
128
+ },
129
+ "required": [
130
+ "all"
131
+ ],
132
+ "additionalProperties": false
133
+ },
134
+ {
135
+ "type": "object",
136
+ "additionalProperties": {
137
+ "anyOf": [
138
+ {
139
+ "type": "string"
140
+ },
141
+ {
142
+ "type": "number"
143
+ },
144
+ {
145
+ "type": "boolean"
146
+ },
147
+ {
148
+ "anyOf": [
149
+ {
150
+ "type": "object",
151
+ "properties": {
152
+ "eq": {}
153
+ },
154
+ "required": [
155
+ "eq"
156
+ ],
157
+ "additionalProperties": false
158
+ },
159
+ {
160
+ "type": "object",
161
+ "properties": {
162
+ "neq": {}
163
+ },
164
+ "required": [
165
+ "neq"
166
+ ],
167
+ "additionalProperties": false
168
+ },
169
+ {
170
+ "type": "object",
171
+ "properties": {
172
+ "gt": {}
173
+ },
174
+ "required": [
175
+ "gt"
176
+ ],
177
+ "additionalProperties": false
178
+ },
179
+ {
180
+ "type": "object",
181
+ "properties": {
182
+ "gte": {}
183
+ },
184
+ "required": [
185
+ "gte"
186
+ ],
187
+ "additionalProperties": false
188
+ },
189
+ {
190
+ "type": "object",
191
+ "properties": {
192
+ "lt": {}
193
+ },
194
+ "required": [
195
+ "lt"
196
+ ],
197
+ "additionalProperties": false
198
+ },
199
+ {
200
+ "type": "object",
201
+ "properties": {
202
+ "lte": {}
203
+ },
204
+ "required": [
205
+ "lte"
206
+ ],
207
+ "additionalProperties": false
208
+ },
209
+ {
210
+ "type": "object",
211
+ "properties": {
212
+ "in": {
213
+ "anyOf": [
214
+ {
215
+ "type": "array",
216
+ "items": {}
217
+ },
218
+ {
219
+ "type": "string"
220
+ }
221
+ ]
222
+ }
223
+ },
224
+ "required": [
225
+ "in"
226
+ ],
227
+ "additionalProperties": false
228
+ },
229
+ {
230
+ "type": "object",
231
+ "properties": {
232
+ "includes": {}
233
+ },
234
+ "required": [
235
+ "includes"
236
+ ],
237
+ "additionalProperties": false
238
+ },
239
+ {
240
+ "type": "object",
241
+ "properties": {
242
+ "exists": {
243
+ "type": "boolean"
244
+ }
245
+ },
246
+ "required": [
247
+ "exists"
248
+ ],
249
+ "additionalProperties": false
250
+ },
251
+ {
252
+ "type": "object",
253
+ "properties": {
254
+ "startsWith": {
255
+ "type": "string"
256
+ }
257
+ },
258
+ "required": [
259
+ "startsWith"
260
+ ],
261
+ "additionalProperties": false
262
+ },
263
+ {
264
+ "type": "object",
265
+ "properties": {
266
+ "endsWith": {
267
+ "type": "string"
268
+ }
269
+ },
270
+ "required": [
271
+ "endsWith"
272
+ ],
273
+ "additionalProperties": false
274
+ },
275
+ {
276
+ "type": "object",
277
+ "properties": {
278
+ "contains": {
279
+ "type": "string"
280
+ }
281
+ },
282
+ "required": [
283
+ "contains"
284
+ ],
285
+ "additionalProperties": false
286
+ },
287
+ {
288
+ "type": "object",
289
+ "properties": {
290
+ "custom": {
291
+ "type": "string"
292
+ }
293
+ },
294
+ "required": [
295
+ "custom"
296
+ ],
297
+ "additionalProperties": false
298
+ }
299
+ ]
300
+ }
301
+ ]
302
+ }
303
+ }
304
+ ],
305
+ "title": "Condition",
306
+ "description": "Condition expression that must evaluate to true for the rule to apply"
307
+ }
308
+ },
309
+ "required": [
310
+ "actor_type",
311
+ "when"
312
+ ],
313
+ "additionalProperties": false
314
+ },
315
+ "title": "Global Roles",
316
+ "description": "Define roles that apply based on actor attributes without requiring resource context"
317
+ },
318
+ "resources": {
319
+ "type": "object",
320
+ "additionalProperties": {
321
+ "type": "object",
322
+ "properties": {
323
+ "roles": {
324
+ "type": "array",
325
+ "items": {
326
+ "type": "string"
327
+ },
328
+ "title": "Roles",
329
+ "description": "List of roles defined for this resource"
330
+ },
331
+ "permissions": {
332
+ "type": "array",
333
+ "items": {
334
+ "type": "string"
335
+ },
336
+ "title": "Permissions",
337
+ "description": "List of permissions available for this resource"
338
+ },
339
+ "attributes": {
340
+ "type": "object",
341
+ "additionalProperties": {
342
+ "anyOf": [
343
+ {
344
+ "type": "object",
345
+ "properties": {
346
+ "kind": {
347
+ "const": "primitive"
348
+ },
349
+ "type": {
350
+ "enum": [
351
+ "string",
352
+ "number",
353
+ "boolean",
354
+ "string[]",
355
+ "number[]",
356
+ "boolean[]"
357
+ ]
358
+ }
359
+ },
360
+ "required": [
361
+ "kind",
362
+ "type"
363
+ ],
364
+ "additionalProperties": false
365
+ },
366
+ {
367
+ "type": "object",
368
+ "properties": {
369
+ "kind": {
370
+ "const": "object"
371
+ },
372
+ "fields": {
373
+ "type": "object",
374
+ "additionalProperties": {
375
+ "$ref": "#/$defs/AttributeSchema"
376
+ }
377
+ }
378
+ },
379
+ "required": [
380
+ "kind",
381
+ "fields"
382
+ ],
383
+ "additionalProperties": false
384
+ },
385
+ {
386
+ "type": "object",
387
+ "properties": {
388
+ "kind": {
389
+ "const": "array"
390
+ },
391
+ "items": {
392
+ "$ref": "#/$defs/AttributeSchema"
393
+ }
394
+ },
395
+ "required": [
396
+ "kind",
397
+ "items"
398
+ ],
399
+ "additionalProperties": false
400
+ }
401
+ ]
402
+ },
403
+ "title": "Attributes",
404
+ "description": "Attribute definitions for this actor or resource type"
405
+ },
406
+ "relations": {
407
+ "type": "object",
408
+ "additionalProperties": {
409
+ "type": "string"
410
+ },
411
+ "title": "Relations",
412
+ "description": "Define relations to other resource types for role derivation"
413
+ },
414
+ "grants": {
415
+ "type": "object",
416
+ "additionalProperties": {
417
+ "type": "array",
418
+ "items": {
419
+ "type": "string"
420
+ }
421
+ },
422
+ "title": "Grants",
423
+ "description": "Map roles to permissions (or 'all' for all permissions)"
424
+ },
425
+ "derived_roles": {
426
+ "type": "array",
427
+ "items": {
428
+ "type": "object",
429
+ "properties": {
430
+ "role": {
431
+ "type": "string",
432
+ "title": "Role",
433
+ "description": "The role name"
434
+ },
435
+ "from_global_role": {
436
+ "type": "string"
437
+ },
438
+ "from_role": {
439
+ "type": "string"
440
+ },
441
+ "on_relation": {
442
+ "type": "string"
443
+ },
444
+ "from_relation": {
445
+ "type": "string"
446
+ },
447
+ "actor_type": {
448
+ "type": "string"
449
+ },
450
+ "when": {
451
+ "anyOf": [
452
+ {
453
+ "type": "object",
454
+ "properties": {
455
+ "any": {
456
+ "type": "array",
457
+ "items": {
458
+ "$ref": "#/$defs/ConditionExpression"
459
+ }
460
+ }
461
+ },
462
+ "required": [
463
+ "any"
464
+ ],
465
+ "additionalProperties": false
466
+ },
467
+ {
468
+ "type": "object",
469
+ "properties": {
470
+ "all": {
471
+ "type": "array",
472
+ "items": {
473
+ "$ref": "#/$defs/ConditionExpression"
474
+ }
475
+ }
476
+ },
477
+ "required": [
478
+ "all"
479
+ ],
480
+ "additionalProperties": false
481
+ },
482
+ {
483
+ "type": "object",
484
+ "additionalProperties": {
485
+ "anyOf": [
486
+ {
487
+ "type": "string"
488
+ },
489
+ {
490
+ "type": "number"
491
+ },
492
+ {
493
+ "type": "boolean"
494
+ },
495
+ {
496
+ "anyOf": [
497
+ {
498
+ "type": "object",
499
+ "properties": {
500
+ "eq": {}
501
+ },
502
+ "required": [
503
+ "eq"
504
+ ],
505
+ "additionalProperties": false
506
+ },
507
+ {
508
+ "type": "object",
509
+ "properties": {
510
+ "neq": {}
511
+ },
512
+ "required": [
513
+ "neq"
514
+ ],
515
+ "additionalProperties": false
516
+ },
517
+ {
518
+ "type": "object",
519
+ "properties": {
520
+ "gt": {}
521
+ },
522
+ "required": [
523
+ "gt"
524
+ ],
525
+ "additionalProperties": false
526
+ },
527
+ {
528
+ "type": "object",
529
+ "properties": {
530
+ "gte": {}
531
+ },
532
+ "required": [
533
+ "gte"
534
+ ],
535
+ "additionalProperties": false
536
+ },
537
+ {
538
+ "type": "object",
539
+ "properties": {
540
+ "lt": {}
541
+ },
542
+ "required": [
543
+ "lt"
544
+ ],
545
+ "additionalProperties": false
546
+ },
547
+ {
548
+ "type": "object",
549
+ "properties": {
550
+ "lte": {}
551
+ },
552
+ "required": [
553
+ "lte"
554
+ ],
555
+ "additionalProperties": false
556
+ },
557
+ {
558
+ "type": "object",
559
+ "properties": {
560
+ "in": {
561
+ "anyOf": [
562
+ {
563
+ "type": "array",
564
+ "items": {}
565
+ },
566
+ {
567
+ "type": "string"
568
+ }
569
+ ]
570
+ }
571
+ },
572
+ "required": [
573
+ "in"
574
+ ],
575
+ "additionalProperties": false
576
+ },
577
+ {
578
+ "type": "object",
579
+ "properties": {
580
+ "includes": {}
581
+ },
582
+ "required": [
583
+ "includes"
584
+ ],
585
+ "additionalProperties": false
586
+ },
587
+ {
588
+ "type": "object",
589
+ "properties": {
590
+ "exists": {
591
+ "type": "boolean"
592
+ }
593
+ },
594
+ "required": [
595
+ "exists"
596
+ ],
597
+ "additionalProperties": false
598
+ },
599
+ {
600
+ "type": "object",
601
+ "properties": {
602
+ "startsWith": {
603
+ "type": "string"
604
+ }
605
+ },
606
+ "required": [
607
+ "startsWith"
608
+ ],
609
+ "additionalProperties": false
610
+ },
611
+ {
612
+ "type": "object",
613
+ "properties": {
614
+ "endsWith": {
615
+ "type": "string"
616
+ }
617
+ },
618
+ "required": [
619
+ "endsWith"
620
+ ],
621
+ "additionalProperties": false
622
+ },
623
+ {
624
+ "type": "object",
625
+ "properties": {
626
+ "contains": {
627
+ "type": "string"
628
+ }
629
+ },
630
+ "required": [
631
+ "contains"
632
+ ],
633
+ "additionalProperties": false
634
+ },
635
+ {
636
+ "type": "object",
637
+ "properties": {
638
+ "custom": {
639
+ "type": "string"
640
+ }
641
+ },
642
+ "required": [
643
+ "custom"
644
+ ],
645
+ "additionalProperties": false
646
+ }
647
+ ]
648
+ }
649
+ ]
650
+ }
651
+ }
652
+ ],
653
+ "title": "Condition",
654
+ "description": "Condition expression that must evaluate to true for the rule to apply"
655
+ }
656
+ },
657
+ "required": [
658
+ "role"
659
+ ],
660
+ "additionalProperties": false
661
+ },
662
+ "title": "Derived Roles",
663
+ "description": "Define roles derived from global roles, other roles, or relations"
664
+ },
665
+ "rules": {
666
+ "type": "array",
667
+ "items": {
668
+ "type": "object",
669
+ "properties": {
670
+ "effect": {
671
+ "enum": [
672
+ "permit",
673
+ "forbid"
674
+ ],
675
+ "title": "Effect",
676
+ "description": "The effect of the rule (allow or forbid)"
677
+ },
678
+ "roles": {
679
+ "type": "array",
680
+ "items": {
681
+ "type": "string"
682
+ },
683
+ "title": "Roles",
684
+ "description": "List of roles defined for this resource"
685
+ },
686
+ "permissions": {
687
+ "type": "array",
688
+ "items": {
689
+ "type": "string"
690
+ },
691
+ "title": "Permissions",
692
+ "description": "List of permissions available for this resource"
693
+ },
694
+ "when": {
695
+ "anyOf": [
696
+ {
697
+ "type": "object",
698
+ "properties": {
699
+ "any": {
700
+ "type": "array",
701
+ "items": {
702
+ "$ref": "#/$defs/ConditionExpression"
703
+ }
704
+ }
705
+ },
706
+ "required": [
707
+ "any"
708
+ ],
709
+ "additionalProperties": false
710
+ },
711
+ {
712
+ "type": "object",
713
+ "properties": {
714
+ "all": {
715
+ "type": "array",
716
+ "items": {
717
+ "$ref": "#/$defs/ConditionExpression"
718
+ }
719
+ }
720
+ },
721
+ "required": [
722
+ "all"
723
+ ],
724
+ "additionalProperties": false
725
+ },
726
+ {
727
+ "type": "object",
728
+ "additionalProperties": {
729
+ "anyOf": [
730
+ {
731
+ "type": "string"
732
+ },
733
+ {
734
+ "type": "number"
735
+ },
736
+ {
737
+ "type": "boolean"
738
+ },
739
+ {
740
+ "anyOf": [
741
+ {
742
+ "type": "object",
743
+ "properties": {
744
+ "eq": {}
745
+ },
746
+ "required": [
747
+ "eq"
748
+ ],
749
+ "additionalProperties": false
750
+ },
751
+ {
752
+ "type": "object",
753
+ "properties": {
754
+ "neq": {}
755
+ },
756
+ "required": [
757
+ "neq"
758
+ ],
759
+ "additionalProperties": false
760
+ },
761
+ {
762
+ "type": "object",
763
+ "properties": {
764
+ "gt": {}
765
+ },
766
+ "required": [
767
+ "gt"
768
+ ],
769
+ "additionalProperties": false
770
+ },
771
+ {
772
+ "type": "object",
773
+ "properties": {
774
+ "gte": {}
775
+ },
776
+ "required": [
777
+ "gte"
778
+ ],
779
+ "additionalProperties": false
780
+ },
781
+ {
782
+ "type": "object",
783
+ "properties": {
784
+ "lt": {}
785
+ },
786
+ "required": [
787
+ "lt"
788
+ ],
789
+ "additionalProperties": false
790
+ },
791
+ {
792
+ "type": "object",
793
+ "properties": {
794
+ "lte": {}
795
+ },
796
+ "required": [
797
+ "lte"
798
+ ],
799
+ "additionalProperties": false
800
+ },
801
+ {
802
+ "type": "object",
803
+ "properties": {
804
+ "in": {
805
+ "anyOf": [
806
+ {
807
+ "type": "array",
808
+ "items": {}
809
+ },
810
+ {
811
+ "type": "string"
812
+ }
813
+ ]
814
+ }
815
+ },
816
+ "required": [
817
+ "in"
818
+ ],
819
+ "additionalProperties": false
820
+ },
821
+ {
822
+ "type": "object",
823
+ "properties": {
824
+ "includes": {}
825
+ },
826
+ "required": [
827
+ "includes"
828
+ ],
829
+ "additionalProperties": false
830
+ },
831
+ {
832
+ "type": "object",
833
+ "properties": {
834
+ "exists": {
835
+ "type": "boolean"
836
+ }
837
+ },
838
+ "required": [
839
+ "exists"
840
+ ],
841
+ "additionalProperties": false
842
+ },
843
+ {
844
+ "type": "object",
845
+ "properties": {
846
+ "startsWith": {
847
+ "type": "string"
848
+ }
849
+ },
850
+ "required": [
851
+ "startsWith"
852
+ ],
853
+ "additionalProperties": false
854
+ },
855
+ {
856
+ "type": "object",
857
+ "properties": {
858
+ "endsWith": {
859
+ "type": "string"
860
+ }
861
+ },
862
+ "required": [
863
+ "endsWith"
864
+ ],
865
+ "additionalProperties": false
866
+ },
867
+ {
868
+ "type": "object",
869
+ "properties": {
870
+ "contains": {
871
+ "type": "string"
872
+ }
873
+ },
874
+ "required": [
875
+ "contains"
876
+ ],
877
+ "additionalProperties": false
878
+ },
879
+ {
880
+ "type": "object",
881
+ "properties": {
882
+ "custom": {
883
+ "type": "string"
884
+ }
885
+ },
886
+ "required": [
887
+ "custom"
888
+ ],
889
+ "additionalProperties": false
890
+ }
891
+ ]
892
+ }
893
+ ]
894
+ }
895
+ }
896
+ ],
897
+ "title": "Condition",
898
+ "description": "Condition expression that must evaluate to true for the rule to apply"
899
+ }
900
+ },
901
+ "required": [
902
+ "effect",
903
+ "permissions",
904
+ "when"
905
+ ],
906
+ "additionalProperties": false
907
+ },
908
+ "title": "Rules",
909
+ "description": "Access rules that can override grants with conditions"
910
+ },
911
+ "field_access": {
912
+ "type": "object",
913
+ "additionalProperties": {
914
+ "type": "object",
915
+ "properties": {
916
+ "read": {
917
+ "type": "array",
918
+ "items": {
919
+ "type": "string"
920
+ }
921
+ },
922
+ "update": {
923
+ "type": "array",
924
+ "items": {
925
+ "type": "string"
926
+ }
927
+ }
928
+ },
929
+ "additionalProperties": false
930
+ },
931
+ "title": "Field Access",
932
+ "description": "Define field-level access controls"
933
+ }
934
+ },
935
+ "required": [
936
+ "roles",
937
+ "permissions"
938
+ ],
939
+ "additionalProperties": false
940
+ },
941
+ "title": "Resources",
942
+ "description": "Define resource types, roles, permissions, and access rules"
943
+ },
944
+ "tests": {
945
+ "type": "array",
946
+ "items": {
947
+ "type": "object",
948
+ "properties": {
949
+ "name": {
950
+ "type": "string",
951
+ "title": "Name",
952
+ "description": "Name identifier"
953
+ },
954
+ "actor": {
955
+ "type": "object",
956
+ "properties": {
957
+ "type": {
958
+ "type": "string"
959
+ },
960
+ "id": {
961
+ "type": "string"
962
+ },
963
+ "attributes": {
964
+ "type": "object",
965
+ "additionalProperties": {},
966
+ "title": "Attributes",
967
+ "description": "Attribute definitions for this actor or resource type"
968
+ }
969
+ },
970
+ "required": [
971
+ "type",
972
+ "id",
973
+ "attributes"
974
+ ],
975
+ "additionalProperties": false,
976
+ "title": "Actor",
977
+ "description": "The actor performing the action"
978
+ },
979
+ "resolvers": {
980
+ "type": "object",
981
+ "additionalProperties": {
982
+ "type": "object",
983
+ "additionalProperties": {}
984
+ }
985
+ },
986
+ "action": {
987
+ "type": "string",
988
+ "title": "Action",
989
+ "description": "The action being performed"
990
+ },
991
+ "resource": {
992
+ "type": "object",
993
+ "properties": {
994
+ "type": {
995
+ "type": "string"
996
+ },
997
+ "id": {
998
+ "type": "string"
999
+ },
1000
+ "attributes": {
1001
+ "type": "object",
1002
+ "additionalProperties": {},
1003
+ "title": "Attributes",
1004
+ "description": "Attribute definitions for this actor or resource type"
1005
+ }
1006
+ },
1007
+ "required": [
1008
+ "type",
1009
+ "id"
1010
+ ],
1011
+ "additionalProperties": false,
1012
+ "title": "Resource",
1013
+ "description": "The resource being accessed"
1014
+ },
1015
+ "expected": {
1016
+ "enum": [
1017
+ "allow",
1018
+ "deny"
1019
+ ],
1020
+ "title": "Expected",
1021
+ "description": "Expected result (allow or deny)"
1022
+ }
1023
+ },
1024
+ "required": [
1025
+ "name",
1026
+ "actor",
1027
+ "action",
1028
+ "resource",
1029
+ "expected"
1030
+ ],
1031
+ "additionalProperties": false
1032
+ },
1033
+ "title": "Tests",
1034
+ "description": "Inline test cases to verify policy behavior"
1035
+ }
1036
+ },
1037
+ "required": [
1038
+ "version",
1039
+ "actors",
1040
+ "resources"
1041
+ ],
1042
+ "additionalProperties": false,
1043
+ "$defs": {
1044
+ "AttributeSchema": {
1045
+ "anyOf": [
1046
+ {
1047
+ "type": "object",
1048
+ "properties": {
1049
+ "kind": {
1050
+ "const": "primitive"
1051
+ },
1052
+ "type": {
1053
+ "enum": [
1054
+ "string",
1055
+ "number",
1056
+ "boolean"
1057
+ ]
1058
+ }
1059
+ },
1060
+ "required": [
1061
+ "kind",
1062
+ "type"
1063
+ ],
1064
+ "additionalProperties": false
1065
+ },
1066
+ {
1067
+ "type": "object",
1068
+ "properties": {
1069
+ "kind": {
1070
+ "const": "object"
1071
+ },
1072
+ "fields": {
1073
+ "type": "object",
1074
+ "additionalProperties": {
1075
+ "$ref": "#/$defs/AttributeSchema"
1076
+ }
1077
+ }
1078
+ },
1079
+ "required": [
1080
+ "kind",
1081
+ "fields"
1082
+ ],
1083
+ "additionalProperties": false
1084
+ },
1085
+ {
1086
+ "type": "object",
1087
+ "properties": {
1088
+ "kind": {
1089
+ "const": "array"
1090
+ },
1091
+ "items": {
1092
+ "$ref": "#/$defs/AttributeSchema"
1093
+ }
1094
+ },
1095
+ "required": [
1096
+ "kind",
1097
+ "items"
1098
+ ],
1099
+ "additionalProperties": false
1100
+ }
1101
+ ]
1102
+ },
1103
+ "ConditionExpression": {
1104
+ "anyOf": [
1105
+ {
1106
+ "type": "object",
1107
+ "properties": {
1108
+ "any": {
1109
+ "type": "array",
1110
+ "items": {
1111
+ "$ref": "#/$defs/ConditionExpression"
1112
+ }
1113
+ }
1114
+ },
1115
+ "required": [
1116
+ "any"
1117
+ ],
1118
+ "additionalProperties": false
1119
+ },
1120
+ {
1121
+ "type": "object",
1122
+ "properties": {
1123
+ "all": {
1124
+ "type": "array",
1125
+ "items": {
1126
+ "$ref": "#/$defs/ConditionExpression"
1127
+ }
1128
+ }
1129
+ },
1130
+ "required": [
1131
+ "all"
1132
+ ],
1133
+ "additionalProperties": false
1134
+ },
1135
+ {
1136
+ "type": "object",
1137
+ "additionalProperties": {
1138
+ "anyOf": [
1139
+ {
1140
+ "type": "string"
1141
+ },
1142
+ {
1143
+ "type": "number"
1144
+ },
1145
+ {
1146
+ "type": "boolean"
1147
+ },
1148
+ {
1149
+ "anyOf": [
1150
+ {
1151
+ "type": "object",
1152
+ "properties": {
1153
+ "eq": {}
1154
+ },
1155
+ "required": [
1156
+ "eq"
1157
+ ],
1158
+ "additionalProperties": false
1159
+ },
1160
+ {
1161
+ "type": "object",
1162
+ "properties": {
1163
+ "neq": {}
1164
+ },
1165
+ "required": [
1166
+ "neq"
1167
+ ],
1168
+ "additionalProperties": false
1169
+ },
1170
+ {
1171
+ "type": "object",
1172
+ "properties": {
1173
+ "gt": {}
1174
+ },
1175
+ "required": [
1176
+ "gt"
1177
+ ],
1178
+ "additionalProperties": false
1179
+ },
1180
+ {
1181
+ "type": "object",
1182
+ "properties": {
1183
+ "gte": {}
1184
+ },
1185
+ "required": [
1186
+ "gte"
1187
+ ],
1188
+ "additionalProperties": false
1189
+ },
1190
+ {
1191
+ "type": "object",
1192
+ "properties": {
1193
+ "lt": {}
1194
+ },
1195
+ "required": [
1196
+ "lt"
1197
+ ],
1198
+ "additionalProperties": false
1199
+ },
1200
+ {
1201
+ "type": "object",
1202
+ "properties": {
1203
+ "lte": {}
1204
+ },
1205
+ "required": [
1206
+ "lte"
1207
+ ],
1208
+ "additionalProperties": false
1209
+ },
1210
+ {
1211
+ "type": "object",
1212
+ "properties": {
1213
+ "in": {
1214
+ "anyOf": [
1215
+ {
1216
+ "type": "array",
1217
+ "items": {}
1218
+ },
1219
+ {
1220
+ "type": "string"
1221
+ }
1222
+ ]
1223
+ }
1224
+ },
1225
+ "required": [
1226
+ "in"
1227
+ ],
1228
+ "additionalProperties": false
1229
+ },
1230
+ {
1231
+ "type": "object",
1232
+ "properties": {
1233
+ "includes": {}
1234
+ },
1235
+ "required": [
1236
+ "includes"
1237
+ ],
1238
+ "additionalProperties": false
1239
+ },
1240
+ {
1241
+ "type": "object",
1242
+ "properties": {
1243
+ "exists": {
1244
+ "type": "boolean"
1245
+ }
1246
+ },
1247
+ "required": [
1248
+ "exists"
1249
+ ],
1250
+ "additionalProperties": false
1251
+ },
1252
+ {
1253
+ "type": "object",
1254
+ "properties": {
1255
+ "startsWith": {
1256
+ "type": "string"
1257
+ }
1258
+ },
1259
+ "required": [
1260
+ "startsWith"
1261
+ ],
1262
+ "additionalProperties": false
1263
+ },
1264
+ {
1265
+ "type": "object",
1266
+ "properties": {
1267
+ "endsWith": {
1268
+ "type": "string"
1269
+ }
1270
+ },
1271
+ "required": [
1272
+ "endsWith"
1273
+ ],
1274
+ "additionalProperties": false
1275
+ },
1276
+ {
1277
+ "type": "object",
1278
+ "properties": {
1279
+ "contains": {
1280
+ "type": "string"
1281
+ }
1282
+ },
1283
+ "required": [
1284
+ "contains"
1285
+ ],
1286
+ "additionalProperties": false
1287
+ },
1288
+ {
1289
+ "type": "object",
1290
+ "properties": {
1291
+ "custom": {
1292
+ "type": "string"
1293
+ }
1294
+ },
1295
+ "required": [
1296
+ "custom"
1297
+ ],
1298
+ "additionalProperties": false
1299
+ }
1300
+ ]
1301
+ }
1302
+ ]
1303
+ }
1304
+ }
1305
+ ]
1306
+ }
1307
+ }
1308
+ }