@inductionai/framework

v1.0.0

Published

2 months ago

Build-time authorization framework using TypeScript conditional types

0High
0Medium
0Low

garrick0

authorization typescript compile-time conditional-types zero-cost type-safety

@induction/framework

Build-time authorization framework using TypeScript's conditional types for zero-overhead access control.

Features

✅ Compile-time enforcement - Authorization violations are TypeScript errors
✅ Zero runtime overhead - No checks, no proxies, just direct function calls
✅ Full type safety - Complete IntelliSense and type inference
✅ Generic - Works with any caller/callee types
✅ Flexible - Policy as code or generated from JSON

Installation

# From npm
npm install @induction/framework

# From source (monorepo development)
# Framework is available via path aliases in tsconfig.base.json:
{
  "paths": {
    "@induction/framework": ["packages/framework/src/index.ts"]
  }
}

Quick Start

import { createRegistry, defineCallee } from '@induction/framework';

// 1. Define your IDs
type CallerId = 'AdminUser' | 'RegularUser';
type CalleeId = 'Database' | 'API';

// 2. Define your policy
const policy = {
  AdminUser: ['Database', 'API'] as const,
  RegularUser: ['API'] as const,
} as const;

// 3. Define your API types
interface DatabaseAPI {
  query(sql: string): Promise<any[]>;
}

interface APIAPI {
  get(url: string): Promise<Response>;
}

interface CalleeRegistry {
  Database: DatabaseAPI;
  API: APIAPI;
}

// 4. Create registry
const { register, authorize } = createRegistry<
  CallerId,
  CalleeId,
  typeof policy,
  CalleeRegistry
>({ policy });

// 5. Define your services
const Database = defineCallee('Database', {
  async query(sql) {
    // Implementation
    return [];
  }
} satisfies DatabaseAPI);

// 6. Register them
register(Database.id, Database.api);

// 7. Use authorization
// ✅ Allowed - returns DatabaseAPI
const db = authorize('AdminUser', 'Database');
await db.query('SELECT * FROM users');

// ❌ Forbidden - returns 'never', causes TypeScript error
const forbidden = authorize('RegularUser', 'Database');
//                ~~~~~~~~~~ Type 'never' is not assignable...

API

`createRegistry<CallerIds, CalleeIds, Policy, Registry>(config)`

Creates a type-safe authorization registry.

Returns:

register(id, implementation) - Register a callee
authorize(caller, callee) - Get callee with authorization check
debugRegistry() - Print registry status
clearRegistry() - Clear all registrations
isRegistered(id) - Check if callee is registered
getRegisteredIds() - List all registered IDs

`defineCallee(id, api)`

Helper to define a callee with its ID and implementation.

Type Utilities

PolicyMap<CallerIds, CalleeIds> - Policy map type
IsAllowed<Policy, C, T> - Check if caller can access callee
AllowedFor<Policy, C> - Get allowed callees for caller
Authorize<Policy, Registry, C, T> - Authorize result type

Examples

See /examples/authorization-system-nx/ for complete working example with Nx integration.

License

MIT

Published

Vulnerabilities

Links

Maintainers

Keywords

Readme