Pure query functions over AppSurface data.
Usable in tests, the adversarial auth runner, and future surface explorer UI.
Replaces duplicated inline .filter() patterns.
Categorical filters (filter_authenticated_routes, filter_role_routes,
filter_keeper_routes) group the new flat-record RouteAuth shape into
the legacy categorical buckets ('authenticated', 'role', 'keeper')
for adversarial test runners and the surface explorer. The buckets are
derived views over the four axes (account, actor, roles,
credential_types) — see http/auth_shape.ts for the canonical shape.
16 declarations
http/surface_query.ts view source
(surface: AppSurface): AppSurfaceRoute[] Filter routes that require basic authentication only — account === 'required'
with no role / credential gate.
surfaceAppSurfaceRoute[] http/surface_query.ts view source
(surface: AppSurface): AppSurfaceRoute[] Filter routes that require keeper credentials (daemon_token).
surfaceAppSurfaceRoute[] http/surface_query.ts view source
(surface: AppSurface): AppSurfaceRoute[] Filter routes that are mutations (POST, PUT, DELETE, PATCH).
surfaceAppSurfaceRoute[] http/surface_query.ts view source
(surface: AppSurface): AppSurfaceRoute[] Filter routes that require any form of authentication.
surfaceAppSurfaceRoute[] http/surface_query.ts view source
(surface: AppSurface): AppSurfaceRoute[] Filter routes that are publicly accessible (no auth surface at all).
surfaceAppSurfaceRoute[] http/surface_query.ts view source
(surface: AppSurface): AppSurfaceRoute[] Filter routes that declare rate limiting.
surfaceAppSurfaceRoute[] http/surface_query.ts view source
(surface: AppSurface): AppSurfaceRoute[] Filter all role-guarded routes (any role declared on auth.roles).
surfaceAppSurfaceRoute[] http/surface_query.ts view source
(surface: AppSurface, prefix: string): AppSurfaceRoute[] Filter routes whose path starts with prefix.
surfaceprefixstringAppSurfaceRoute[] http/surface_query.ts view source
(surface: AppSurface, role: string): AppSurfaceRoute[] Filter routes whose auth.roles includes the named role.
surfacerolestringAppSurfaceRoute[] http/surface_query.ts view source
(surface: AppSurface): AppSurfaceRoute[] Filter routes that have a non-null input schema.
surfaceAppSurfaceRoute[] http/surface_query.ts view source
(surface: AppSurface): AppSurfaceRoute[] Filter routes that have a non-null params schema.
surfaceAppSurfaceRoute[] http/surface_query.ts view source
(surface: AppSurface): AppSurfaceRoute[] Filter routes that have a non-null query schema.
surfaceAppSurfaceRoute[] http/surface_query.ts view source
(route: AppSurfaceRoute): string Format a route as 'METHOD /path' (e.g. 'GET /health').
routestring http/surface_query.ts view source
RouteAuthCategory Categorize a RouteAuth into one of the legacy auth buckets.
Returns:
- 'none' for fully public routes (account === 'none' && actor === 'none')
- 'keeper' when credential_types includes 'daemon_token'
- 'role:<name>' for each role declared on auth.roles (multi-role specs
are emitted multiple times; callers that need single-bucket grouping
should pre-collapse)
- 'authenticated' for account === 'required' without role / credential gate
- 'optional' when either axis is 'optional' and no other bucket fits
- 'other' as a last-resort bucket for shapes that don't match above
http/surface_query.ts view source
(surface: AppSurface): Map<string, AppSurfaceRoute[]> Group routes by auth category (see RouteAuthCategory). Multi-role specs appear under each of their role buckets.
surfaceMap<string, AppSurfaceRoute[]> http/surface_query.ts view source
(surface: AppSurface): { none: number; authenticated: number; optional: number; role: Map<string, number>; keeper: number; other: number; } Summarize route auth distribution across the surface.
Categorical view over the four-axis flat record. Multi-role specs contribute one count per role they admit.
surface{ none: number; authenticated: number; optional: number; role: Map<string, number>; keeper: number; other: number; } counts by auth category, with role counts broken out by role name