within-enforcement-sdk 1.0.0 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/enforcement.d.ts.map +1 -1
- package/dist/enforcement.js +39 -5
- package/dist/enforcement.js.map +1 -1
- package/dist/types.d.ts +10 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforcement.d.ts","sourceRoot":"","sources":["../src/enforcement.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,iBAAiB,EAKjB,WAAW,EACZ,MAAM,YAAY,CAAC;AAEpB;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,iBAAiB,GAAG,WAAW,
|
|
1
|
+
{"version":3,"file":"enforcement.d.ts","sourceRoot":"","sources":["../src/enforcement.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,iBAAiB,EAKjB,WAAW,EACZ,MAAM,YAAY,CAAC;AAEpB;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,iBAAiB,GAAG,WAAW,CAqIxE"}
|
package/dist/enforcement.js
CHANGED
|
@@ -21,7 +21,30 @@
|
|
|
21
21
|
* ```
|
|
22
22
|
*/
|
|
23
23
|
export function createEnforcement(config) {
|
|
24
|
-
const { vendorId, apiUrl, apiKey, toolScopeMap } = config;
|
|
24
|
+
const { vendorId, apiUrl, apiKey, toolScopeMap, vendorName, upgradeUrl } = config;
|
|
25
|
+
function buildUsageMessage(toolName, remaining, limit) {
|
|
26
|
+
const used = limit - remaining;
|
|
27
|
+
return `[${vendorName ?? vendorId}] Used ${toolName} (${used + 1}/${limit} calls used). ${remaining - 1} remaining.`;
|
|
28
|
+
}
|
|
29
|
+
function buildDeniedMessage(reason) {
|
|
30
|
+
const name = vendorName ?? vendorId;
|
|
31
|
+
if (reason === 'quota_exceeded') {
|
|
32
|
+
const base = `You've reached your usage limit for ${name}.`;
|
|
33
|
+
return upgradeUrl
|
|
34
|
+
? `${base} Upgrade to a paid plan for unlimited access: ${upgradeUrl}`
|
|
35
|
+
: `${base} Contact ${name} to upgrade your plan for full access.`;
|
|
36
|
+
}
|
|
37
|
+
if (reason === 'scope_denied') {
|
|
38
|
+
const base = `This tool requires a higher access tier on ${name}.`;
|
|
39
|
+
return upgradeUrl
|
|
40
|
+
? `${base} Upgrade for full access: ${upgradeUrl}`
|
|
41
|
+
: `${base} Contact ${name} to upgrade your plan.`;
|
|
42
|
+
}
|
|
43
|
+
if (reason === 'inactive') {
|
|
44
|
+
return `Your access to ${name} is currently inactive. Please contact support.`;
|
|
45
|
+
}
|
|
46
|
+
return `Access denied. Contact ${name} for assistance.`;
|
|
47
|
+
}
|
|
25
48
|
async function authorize(toolName, claims) {
|
|
26
49
|
const userType = claims['https://within.com/user_type'];
|
|
27
50
|
// Customers pass straight through — Within is not involved
|
|
@@ -33,7 +56,7 @@ export function createEnforcement(config) {
|
|
|
33
56
|
if (requiredScope) {
|
|
34
57
|
const userScopes = claims['https://within.com/scopes'] ?? [];
|
|
35
58
|
if (!userScopes.includes(requiredScope)) {
|
|
36
|
-
return { allowed: false, reason: 'scope_denied' };
|
|
59
|
+
return { allowed: false, reason: 'scope_denied', message: buildDeniedMessage('scope_denied') };
|
|
37
60
|
}
|
|
38
61
|
}
|
|
39
62
|
// Quota check (live, hits the ledger)
|
|
@@ -48,12 +71,23 @@ export function createEnforcement(config) {
|
|
|
48
71
|
}
|
|
49
72
|
const ledger = (await res.json());
|
|
50
73
|
if (!ledger.isActive) {
|
|
51
|
-
return { allowed: false, reason: 'inactive' };
|
|
74
|
+
return { allowed: false, reason: 'inactive', message: buildDeniedMessage('inactive') };
|
|
52
75
|
}
|
|
53
76
|
if (ledger.quotaRemaining <= 0) {
|
|
54
|
-
return {
|
|
77
|
+
return {
|
|
78
|
+
allowed: false,
|
|
79
|
+
reason: 'quota_exceeded',
|
|
80
|
+
quotaRemaining: 0,
|
|
81
|
+
quotaLimit: ledger.quotaLimit,
|
|
82
|
+
message: buildDeniedMessage('quota_exceeded'),
|
|
83
|
+
};
|
|
55
84
|
}
|
|
56
|
-
return {
|
|
85
|
+
return {
|
|
86
|
+
allowed: true,
|
|
87
|
+
quotaRemaining: ledger.quotaRemaining,
|
|
88
|
+
quotaLimit: ledger.quotaLimit,
|
|
89
|
+
message: buildUsageMessage(toolName, ledger.quotaRemaining, ledger.quotaLimit),
|
|
90
|
+
};
|
|
57
91
|
}
|
|
58
92
|
catch {
|
|
59
93
|
// Network error — fail closed
|
package/dist/enforcement.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforcement.js","sourceRoot":"","sources":["../src/enforcement.ts"],"names":[],"mappings":"AASA;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAyB;IACzD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"enforcement.js","sourceRoot":"","sources":["../src/enforcement.ts"],"names":[],"mappings":"AASA;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAyB;IACzD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC;IAElF,SAAS,iBAAiB,CAAC,QAAgB,EAAE,SAAiB,EAAE,KAAa;QAC3E,MAAM,IAAI,GAAG,KAAK,GAAG,SAAS,CAAC;QAC/B,OAAO,IAAI,UAAU,IAAI,QAAQ,UAAU,QAAQ,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,iBAAiB,SAAS,GAAG,CAAC,aAAa,CAAC;IACvH,CAAC;IAED,SAAS,kBAAkB,CAAC,MAAc;QACxC,MAAM,IAAI,GAAG,UAAU,IAAI,QAAQ,CAAC;QACpC,IAAI,MAAM,KAAK,gBAAgB,EAAE,CAAC;YAChC,MAAM,IAAI,GAAG,uCAAuC,IAAI,GAAG,CAAC;YAC5D,OAAO,UAAU;gBACf,CAAC,CAAC,GAAG,IAAI,iDAAiD,UAAU,EAAE;gBACtE,CAAC,CAAC,GAAG,IAAI,YAAY,IAAI,wCAAwC,CAAC;QACtE,CAAC;QACD,IAAI,MAAM,KAAK,cAAc,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,8CAA8C,IAAI,GAAG,CAAC;YACnE,OAAO,UAAU;gBACf,CAAC,CAAC,GAAG,IAAI,6BAA6B,UAAU,EAAE;gBAClD,CAAC,CAAC,GAAG,IAAI,YAAY,IAAI,wBAAwB,CAAC;QACtD,CAAC;QACD,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;YAC1B,OAAO,kBAAkB,IAAI,iDAAiD,CAAC;QACjF,CAAC;QACD,OAAO,0BAA0B,IAAI,kBAAkB,CAAC;IAC1D,CAAC;IAED,KAAK,UAAU,SAAS,CACtB,QAAgB,EAChB,MAAoB;QAEpB,MAAM,QAAQ,GAAG,MAAM,CAAC,8BAA8B,CAAC,CAAC;QAExD,2DAA2D;QAC3D,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;YAC5B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC3C,CAAC;QAED,4CAA4C;QAC5C,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,UAAU,GAAG,MAAM,CAAC,2BAA2B,CAAC,IAAI,EAAE,CAAC;YAC7D,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBACxC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,kBAAkB,CAAC,cAAc,CAAC,EAAE,CAAC;YACjG,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;QACtD,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CACrB,GAAG,MAAM,eAAe,kBAAkB,CAAC,KAAK,CAAC,cAAc,QAAQ,EAAE,EACzE,EAAE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,MAAM,EAAE,EAAE,EAAE,CACnD,CAAC;YAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;YACtD,CAAC;YAED,MAAM,MAAM,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAI/B,CAAC;YAEF,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACrB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAAC;YACzF,CAAC;YAED,IAAI,MAAM,CAAC,cAAc,IAAI,CAAC,EAAE,CAAC;gBAC/B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,gBAAgB;oBACxB,cAAc,EAAE,CAAC;oBACjB,UAAU,EAAE,MAAM,CAAC,UAAU;oBAC7B,OAAO,EAAE,kBAAkB,CAAC,gBAAgB,CAAC;iBAC9C,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,OAAO,EAAE,iBAAiB,CAAC,QAAQ,EAAE,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,UAAU,CAAC;aAC/E,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,8BAA8B;YAC9B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;QACtD,CAAC;IACH,CAAC;IAED,KAAK,UAAU,QAAQ,CACrB,QAAgB,EAChB,MAAoB,EACpB,OAAgB,EAChB,IAAsB;QAEtB,MAAM,QAAQ,GAAG,MAAM,CAAC,8BAA8B,CAAC,CAAC;QAExD,sBAAsB;QACtB,IAAI,QAAQ,KAAK,UAAU;YAAE,OAAO;QAEpC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,KAAK;YAAE,OAAO;QAEnB,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,GAAG,MAAM,YAAY,EAAE;gBACjC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,aAAa,EAAE,UAAU,MAAM,EAAE;iBAClC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,SAAS,EAAE,QAAQ;oBACnB,KAAK;oBACL,MAAM,EAAE,MAAM,CAAC,2BAA2B,CAAC;oBAC3C,SAAS,EAAE,QAAQ;oBACnB,OAAO;oBACP,gBAAgB,EAAE,IAAI,EAAE,cAAc;oBACtC,UAAU,EAAE,IAAI,EAAE,SAAS;iBAC5B,CAAC;aACH,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,gEAAgE;QAClE,CAAC;IACH,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AACjC,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -18,6 +18,10 @@ export interface EnforcementConfig {
|
|
|
18
18
|
* Tier 4: crm:write_limited, analytics:read
|
|
19
19
|
*/
|
|
20
20
|
toolScopeMap: Record<string, string>;
|
|
21
|
+
/** Vendor display name shown in attribution messages (e.g. "Acme Realty"). */
|
|
22
|
+
vendorName?: string;
|
|
23
|
+
/** URL where prospects can sign up / upgrade to a paid plan. */
|
|
24
|
+
upgradeUrl?: string;
|
|
21
25
|
}
|
|
22
26
|
/** Within claims stamped into the Auth0 access token by the Auth0 Action. */
|
|
23
27
|
export interface WithinClaims {
|
|
@@ -38,6 +42,12 @@ export interface AuthorizeResult {
|
|
|
38
42
|
bypassed?: boolean;
|
|
39
43
|
/** Reason for denial, if not allowed. */
|
|
40
44
|
reason?: DenialReason;
|
|
45
|
+
/** Quota remaining after this check (prospects only). */
|
|
46
|
+
quotaRemaining?: number;
|
|
47
|
+
/** Total quota limit for this user (prospects only). */
|
|
48
|
+
quotaLimit?: number;
|
|
49
|
+
/** Attribution message to append to tool results (prospects only). */
|
|
50
|
+
message?: string;
|
|
41
51
|
}
|
|
42
52
|
export type DenialReason = 'scope_denied' | 'quota_exceeded' | 'inactive' | 'no_entitlement';
|
|
43
53
|
/** Options for the complete() call. */
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,6CAA6C;AAC7C,MAAM,WAAW,iBAAiB;IAChC,6EAA6E;IAC7E,QAAQ,EAAE,MAAM,CAAC;IAEjB,sEAAsE;IACtE,MAAM,EAAE,MAAM,CAAC;IAEf,uEAAuE;IACvE,MAAM,EAAE,MAAM,CAAC;IAEf;;;;;;;;;;OAUG;IACH,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,6CAA6C;AAC7C,MAAM,WAAW,iBAAiB;IAChC,6EAA6E;IAC7E,QAAQ,EAAE,MAAM,CAAC;IAEjB,sEAAsE;IACtE,MAAM,EAAE,MAAM,CAAC;IAEf,uEAAuE;IACvE,MAAM,EAAE,MAAM,CAAC;IAEf;;;;;;;;;;OAUG;IACH,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAErC,8EAA8E;IAC9E,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,gEAAgE;IAChE,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,6EAA6E;AAC7E,MAAM,WAAW,YAAY;IAC3B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,8BAA8B,CAAC,EAAE,UAAU,GAAG,UAAU,GAAG,UAAU,CAAC;IACtE,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,2BAA2B,CAAC,EAAE,MAAM,EAAE,CAAC;IACvC,8BAA8B,CAAC,EAAE,MAAM,CAAC;IACxC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,wCAAwC;AACxC,MAAM,WAAW,eAAe;IAC9B,wCAAwC;IACxC,OAAO,EAAE,OAAO,CAAC;IACjB,2EAA2E;IAC3E,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,yCAAyC;IACzC,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,yDAAyD;IACzD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,wDAAwD;IACxD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,sEAAsE;IACtE,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,MAAM,YAAY,GACpB,cAAc,GACd,gBAAgB,GAChB,UAAU,GACV,gBAAgB,CAAC;AAErB,uCAAuC;AACvC,MAAM,WAAW,eAAe;IAC9B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,OAAO,GAAG,SAAS,GAAG,SAAS,GAAG,gBAAgB,GAAG,cAAc,CAAC;AAEhF,gEAAgE;AAChE,MAAM,WAAW,WAAW;IAC1B;;;;;OAKG;IACH,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAE5E;;;;;;OAMG;IACH,QAAQ,CACN,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,YAAY,EACpB,OAAO,EAAE,OAAO,EAChB,IAAI,CAAC,EAAE,eAAe,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC;CAClB"}
|
package/package.json
CHANGED