glm-5.1
e138866fcd
- Add access control to registry.execute(): checks requiredScopes, requiredScopesAny, and resourceType/resourceAction; rejects with ACCESS_DENIED when identity required but absent; skips when context.trusted is true - Add trusted field to OperationContext schema (internal, set by buildEnv for nested calls to skip redundant scope checks) - Simplify CallHandler to thin adapter: delegates to registry.execute() instead of duplicating lookup, validation, and access control - Remove callMap option from buildEnv(): always uses execute(), propagates context with trusted: true for nested calls - Add access control to subscribe(): same default-deny logic as execute() - Change execute() to throw CallError instead of plain Error for not found, no handler, and validation errors - Export checkAccess from call.ts and index.ts for external use - Remove CallMap type export, update EnvOptions - Update architecture docs: api-surface.md, call-protocol.md, ADR-006 status to implemented, source vs spec drift sections - All 228 tests passing
20 lines
1.8 KiB
TypeScript
20 lines
1.8 KiB
TypeScript
export { OperationType, OperationContextSchema, OperationSpecSchema, AccessControlSchema, ErrorDefinitionSchema } from "./types.js";
|
|
export type { IOperationDefinition, OperationHandler, SubscriptionHandler, Identity, OperationEnv, OperationContext, OperationSpec, AccessControl, ErrorDefinition } from "./types.js";
|
|
export { OperationRegistry } from "./registry.js";
|
|
export { formatValueErrors, assertIsSchema, validateOrThrow, collectErrors } from "./validation.js";
|
|
export { buildEnv } from "./env.js";
|
|
export type { EnvOptions } from "./env.js";
|
|
export { FromSchema } from "./from_schema.js";
|
|
export { FromOpenAPI, FromOpenAPIFile, FromOpenAPIUrl } from "./from_openapi.js";
|
|
export type { OpenAPISpec, OpenAPIOperation, OpenAPIParameter, HTTPServiceConfig, OpenAPIFS } from "./from_openapi.js";
|
|
export { scanOperations } from "./scanner.js";
|
|
export type { OperationManifest, ScannerFS } from "./scanner.js";
|
|
export { CallError, InfrastructureErrorCode, mapError } from "./error.js";
|
|
export type { CallErrorCode } from "./error.js";
|
|
export { PendingRequestMap, buildCallHandler, checkAccess } from "./call.js";
|
|
export type { CallEventMap, CallEventMapValue, CallRequestedEvent, CallRespondedEvent, CallAbortedEvent, CallErrorEvent, CallHandler, CallHandlerConfig } from "./call.js";
|
|
export { subscribe } from "./subscribe.js";
|
|
export { createMCPClient, closeMCPClient, MCPClientLoader } from "./from_mcp.js";
|
|
export type { MCPClientConfig, MCPClientWrapper } from "./from_mcp.js";
|
|
export { ResponseEnvelopeSchema, ResponseMetaSchema, RESPONSE_SOURCES, isResponseEnvelope, localEnvelope, httpEnvelope, mcpEnvelope, unwrap } from "./response-envelope.js";
|
|
export type { ResponseEnvelope, ResponseMeta, ResponseSource, LocalResponseMeta, HTTPResponseMeta, MCPResponseMeta, MCPContentBlock, MCPResourceContent, MCPAnnotations } from "./response-envelope.js"; |