@safeapi/safeapi/dist/SafeApiTypes.d.ts

SafeAPI: Secure, deterministic, and tamper-resistant API policy engine for Node and browser.

/**
 * @internal
 * Execution trace for SafeAPI guard evaluation.
 */
export interface SafeApiGuardExecutionTrace {
    guardId: string;
    matched: boolean;
    effect: "allow" | "deny";
    evaluatedConditions: ReadonlyArray<{
        field: string;
        operator: SafeApiGuardOperator;
        value: unknown;
        matched: boolean;
    }>;
    evaluatedAt: string;
}
/** @internal */
export type SafeApiGuardOperator = "equals" | "not_equals" | "gt" | "lt" | "contains" | "in";
/** @internal */
export interface SafeApiGuardCondition {
    readonly field: string;
    readonly operator: SafeApiGuardOperator;
    readonly value: unknown;
}
/** @internal */
export interface SafeApiGuardRule {
    readonly guardId: string;
    readonly description?: string;
    readonly conditions: ReadonlyArray<SafeApiGuardCondition>;
    readonly effect: "allow" | "deny";
}
/** @internal */
export interface SafeApiRequest {
    readonly requestId: string;
    readonly timestamp: string;
    readonly source: string;
    readonly payload: unknown;
    readonly headers?: Readonly<Record<string, string>>;
}
/** @internal */
export interface SafeApiResponse {
    readonly requestId: string;
    readonly status: "allowed" | "blocked" | "modified";
    readonly payload?: unknown;
    readonly reason?: string;
    readonly policyId?: string;
    readonly auditId?: string;
}
/** @internal */
export interface SafeApiContext {
    readonly clientId: string;
    readonly environment: "dev" | "staging" | "prod";
    readonly region?: string;
    readonly metadata?: Readonly<Record<string, unknown>>;
}
/** @internal */
export interface SafeApiPolicy {
    /** Stable hash-friendly ID for the rule set */
    readonly ruleSetId: string;
    /** Semantic version string (e.g., 1.0.0) */
    readonly policyVersion: string;
    /** Policy kind: auth, rate-limit, data-filter, routing */
    readonly policyKind: "auth" | "rate-limit" | "data-filter" | "routing";
    /** Optional legacy policyId (deprecated, use ruleSetId) */
    readonly policyId?: string;
    /** Optional legacy version (deprecated, use policyVersion) */
    readonly version?: string;
    readonly description?: string;
    readonly rules: ReadonlyArray<SafeApiPolicyRule>;
    /** @internal */
    readonly guards?: ReadonlyArray<SafeApiGuardRule>;
}
/** @internal */
export interface SafeApiPolicyRule {
    readonly ruleId: string;
    readonly ruleType: "validate" | "transform" | "block";
    readonly expression: string;
    readonly severity?: "low" | "medium" | "critical";
}
/** @internal */
export interface SafeApiGuardResult {
    readonly allowed: boolean;
    readonly reason?: string;
    readonly modifiedPayload?: unknown;
    readonly matchedRules?: ReadonlyArray<string>;
}