/** * ABAC Policy Builder * * Provides a fluent API for building ABAC policies programmatically. * This makes it easier to construct complex policies with proper type safety. /** * Policy Builder for creating ABAC policies with a fluent API */ import { ABACPolicy, Advice, AttributeReference, AttributeValue, ComparisonOperator, Condition, Effect, Obligation, PolicyTarget } from './types'; /** * Builder for creating policy conditions */ export declare class ConditionBuilder { private condition; constructor(condition?: Condition); /** * Create a comparison condition */ static compare(left: AttributeReference | AttributeValue, operator: ComparisonOperator, right: AttributeReference | AttributeValue): ConditionBuilder; /** * Create an equals condition */ static equals(left: AttributeReference | AttributeValue, right: AttributeReference | AttributeValue): ConditionBuilder; /** * Create a not equals condition */ static notEquals(left: AttributeReference | AttributeValue, right: AttributeReference | AttributeValue): ConditionBuilder; /** * Create a greater than condition */ static greaterThan(left: AttributeReference | AttributeValue, right: AttributeReference | AttributeValue): ConditionBuilder; /** * Create a less than condition */ static lessThan(left: AttributeReference | AttributeValue, right: AttributeReference | AttributeValue): ConditionBuilder; /** * Create a greater than or equal condition */ static greaterThanOrEqual(left: AttributeReference | AttributeValue, right: AttributeReference | AttributeValue): ConditionBuilder; /** * Create a less than or equal condition */ static lessThanOrEqual(left: AttributeReference | AttributeValue, right: AttributeReference | AttributeValue): ConditionBuilder; /** * Create an 'in' condition * * Accept either: * - an AttributeReference on the right-hand side (e.g. checking membership against another attribute) * - or an AttributeValue on the right-hand side (which may itself be an array like `string[]`) * * Examples: * - ConditionBuilder.in(AttributeRef.subject('role'), ['admin', 'editor']) * - ConditionBuilder.in(AttributeRef.resource('tags'), AttributeRef.subject('groups')) */ static in(left: AttributeReference | AttributeValue, right: AttributeReference | AttributeValue): ConditionBuilder; /** * Create a 'contains' condition */ static contains(left: AttributeReference | AttributeValue, right: AttributeReference | AttributeValue): ConditionBuilder; /** * Create an 'exists' condition */ static exists(attribute: AttributeReference): ConditionBuilder; /** * Create a function condition */ static function(functionName: string, ...args: (AttributeReference | AttributeValue | Condition)[]): ConditionBuilder; /** * Combine with AND logic */ and(...conditions: (ConditionBuilder | Condition)[]): ConditionBuilder; /** * Combine with OR logic */ or(...conditions: (ConditionBuilder | Condition)[]): ConditionBuilder; /** * Negate the condition */ not(): ConditionBuilder; /** * Build the final condition */ build(): Condition; } /** * Builder for creating policy targets */ export declare class TargetBuilder { private target; /** * Set subject target condition */ subject(condition: ConditionBuilder | Condition): TargetBuilder; /** * Set resource target condition */ resource(condition: ConditionBuilder | Condition): TargetBuilder; /** * Set action target condition */ action(condition: ConditionBuilder | Condition): TargetBuilder; /** * Set environment target condition */ environment(condition: ConditionBuilder | Condition): TargetBuilder; /** * Build the final target */ build(): PolicyTarget; } /** * Main policy builder class */ export declare class PolicyBuilder { private policy; constructor(id?: string); /** * Create a new policy builder */ static create(id?: string): PolicyBuilder; /** * Set policy ID */ id(id: string): PolicyBuilder; /** * Set policy version */ version(version: string): PolicyBuilder; /** * Set policy description */ description(description: string): PolicyBuilder; /** * Set policy effect */ effect(effect: Effect): PolicyBuilder; /** * Permit access */ permit(): PolicyBuilder; /** * Deny access */ deny(): PolicyBuilder; /** * Set policy target */ target(target: TargetBuilder | PolicyTarget): PolicyBuilder; /** * Set policy condition */ condition(condition: ConditionBuilder | Condition): PolicyBuilder; /** * Set policy priority */ priority(priority: number): PolicyBuilder; /** * Add an obligation */ obligation(obligation: Obligation): PolicyBuilder; /** * Add a logging obligation */ logObligation(parameters?: Record): PolicyBuilder; /** * Add a notification obligation */ notifyObligation(parameters?: Record): PolicyBuilder; /** * Add advice */ advice(advice: Advice): PolicyBuilder; /** * Add warning advice */ warning(parameters?: Record): PolicyBuilder; /** * Set metadata */ metadata(metadata: ABACPolicy['metadata']): PolicyBuilder; /** * Add tags */ tags(...tags: string[]): PolicyBuilder; /** * Build the final policy */ build(): ABACPolicy; } /** * Utility functions for creating attribute references */ export declare class AttributeRef { /** * Create a subject attribute reference */ static subject(attributeId: string, path?: string): AttributeReference; /** * Create a resource attribute reference */ static resource(attributeId: string, path?: string): AttributeReference; /** * Create an action attribute reference */ static action(attributeId: string, path?: string): AttributeReference; /** * Create an environment attribute reference */ static environment(attributeId: string, path?: string): AttributeReference; } /** * Common attribute references for convenience */ export declare const Attributes: { subject: { id: AttributeReference; userId: AttributeReference; username: AttributeReference; email: AttributeReference; roles: AttributeReference; department: AttributeReference; clearanceLevel: AttributeReference; groups: AttributeReference; employeeType: AttributeReference; }; resource: { id: AttributeReference; type: AttributeReference; owner: AttributeReference; classification: AttributeReference; department: AttributeReference; sensitivity: AttributeReference; status: AttributeReference; createdAt: AttributeReference; modifiedAt: AttributeReference; }; action: { id: AttributeReference; type: AttributeReference; }; environment: { currentTime: AttributeReference; ipAddress: AttributeReference; userAgent: AttributeReference; location: AttributeReference; sessionId: AttributeReference; }; }; /** * Example usage and common policy patterns */ export declare class PolicyPatterns { /** * Create a simple ownership policy */ static ownership(actions: string[]): ABACPolicy; /** * Create a department access policy */ static departmentAccess(actions: string[], allowedSensitivity: string[]): ABACPolicy; /** * Create a time-based access policy */ static businessHoursOnly(actions: string[]): ABACPolicy; /** * Create a clearance-based access policy */ static clearanceLevel(actions: string[]): ABACPolicy; /** * Create an emergency access policy */ static emergencyAccess(): ABACPolicy; } //# sourceMappingURL=policyBuilder.d.ts.map