/** * Scope Helpers * * Utilities for working with delegation scopes in the format: * - resource:action * - resource:action:sub-resource * - resource:* (wildcard) * * Examples: shopping:browse, email:read, calendar:write:events, files:* */ /** * Parsed scope structure. */ export interface ParsedScope { /** The resource (e.g., "shopping", "email", "calendar") */ resource: string; /** The action (e.g., "read", "write", "browse") or "*" for wildcard */ action: string; /** Optional sub-resource (e.g., "events" in "calendar:write:events") */ subResource?: string; /** Whether this scope is a wildcard (ends with :*) */ isWildcard: boolean; } /** * Scope pattern helpers for common actions. */ export declare const SCOPE_PATTERNS: { /** Read access to a resource */ readonly READ: (resource: string) => string; /** List access to a resource */ readonly LIST: (resource: string) => string; /** Write access to a resource */ readonly WRITE: (resource: string) => string; /** Create access to a resource */ readonly CREATE: (resource: string) => string; /** Update access to a resource */ readonly UPDATE: (resource: string) => string; /** Delete access to a resource */ readonly DELETE: (resource: string) => string; /** Browse access to a resource */ readonly BROWSE: (resource: string) => string; /** Execute access to a resource */ readonly EXECUTE: (resource: string) => string; /** Wildcard (all actions) for a resource */ readonly ALL: (resource: string) => string; /** Sub-resource scoped action */ readonly SUB: (resource: string, action: string, subResource: string) => string; }; /** * Parse a scope string into its components. * * @param scope - The scope string to parse * @returns Parsed scope object * @throws Error if scope format is invalid * * @example * ```typescript * parseScope('shopping:browse') * // { resource: 'shopping', action: 'browse', isWildcard: false } * * parseScope('calendar:write:events') * // { resource: 'calendar', action: 'write', subResource: 'events', isWildcard: false } * * parseScope('files:*') * // { resource: 'files', action: '*', isWildcard: true } * ``` */ export declare function parseScope(scope: string): ParsedScope; /** * Check if a scope string is valid. * * @param scope - The scope string to validate * @returns True if valid */ export declare function isValidScope(scope: string): boolean; /** * Check if a set of granted scopes covers a required scope. * * Rules: * - Exact match: granted contains required * - Wildcard match: granted "resource:*" covers "resource:action" * - Sub-resource wildcard: granted "resource:action:*" covers "resource:action:sub" * * @param grantedScopes - Array of scopes that have been granted * @param requiredScope - The scope that is required * @returns True if the granted scopes cover the required scope * * @example * ```typescript * scopeCovers(['email:read', 'email:send'], 'email:read') * // true (exact match) * * scopeCovers(['email:*'], 'email:read') * // true (wildcard covers) * * scopeCovers(['calendar:write:*'], 'calendar:write:events') * // true (sub-resource wildcard covers) * * scopeCovers(['email:read'], 'email:send') * // false (no match) * ``` */ export declare function scopeCovers(grantedScopes: string[], requiredScope: string): boolean; /** * Check if a set of granted scopes covers ALL required scopes. * * @param grantedScopes - Array of scopes that have been granted * @param requiredScopes - Array of scopes that are required * @returns True if all required scopes are covered */ export declare function scopeCoversAll(grantedScopes: string[], requiredScopes: string[]): boolean; /** * Check if a set of granted scopes covers ANY of the required scopes. * * @param grantedScopes - Array of scopes that have been granted * @param requiredScopes - Array of scopes that are required * @returns True if at least one required scope is covered */ export declare function scopeCoversAny(grantedScopes: string[], requiredScopes: string[]): boolean; /** * Filter scopes to only those that match a resource. * * @param scopes - Array of scopes to filter * @param resource - The resource to filter by * @returns Scopes that match the resource */ export declare function filterScopesByResource(scopes: string[], resource: string): string[]; /** * Get all unique resources from a set of scopes. * * @param scopes - Array of scopes * @returns Array of unique resource names */ export declare function getResources(scopes: string[]): string[]; /** * A scope registry for defining and validating scopes for a service. */ export declare class ScopeRegistry { private scopes; /** * Register a scope with its description. * * @param scope - The scope string * @param description - Human-readable description */ register(scope: string, description: string): void; /** * Check if a scope is registered. * * @param scope - The scope to check * @returns True if registered */ has(scope: string): boolean; /** * Get the description of a scope. * * @param scope - The scope * @returns Description or undefined */ describe(scope: string): string | undefined; /** * Get all registered scopes. * * @returns Array of [scope, description] tuples */ list(): Array<[string, string]>; /** * Validate that all scopes in an array are registered. * * @param scopes - Array of scopes to validate * @returns Object with valid flag and any invalid scopes */ validateAll(scopes: string[]): { valid: boolean; invalid: string[]; }; } /** * Create a new scope registry. * * @returns A new ScopeRegistry instance */ export declare function createScopeRegistry(): ScopeRegistry; //# sourceMappingURL=scopes.d.ts.map