Interface TheCapabilityParser<M>

Combines this capability and the other into a capability group. This allows you to define right amplifications e.g file/read+write could be derived from file/read and file/write.

Example

const read = capability({
  can: "file/read",
  with: URI({ protocol: "file:" }),
  derives: (claimed, delegated) =>
  claimed.with.pathname.startsWith(delegated.with.pathname) ||
  new Failure(`'${claimed.with.href}' is not contained in '${delegated.with.href}'`)
})

const write = capability({
  can: "file/write",
  with: URI({ protocol: "file:" }),
  derives: (claimed, delegated) =>
    claimed.with.pathname.startsWith(delegated.with.pathname) ||
    new Failure(`'${claimed.with.href}' is not contained in '${delegated.with.href}'`)
})

const readwrite = read.and(write).derive({
  to: capability({
    can: "file/read+write",
    with: URI({ protocol: "file:" }),
    derives: (claimed, delegated) =>
      claimed.with.pathname.startsWith(delegated.with.pathname) ||
      new Failure(`'${claimed.with.href}' is not contained in '${delegated.with.href}'`)
    }),
  derives: (claimed, [read, write]) => {
    if (!claimed.with.pathname.startsWith(read.with.pathname)) {
      return new Failure(`'${claimed.with.href}' is not contained in '${read.with.href}'`)
    } else if (!claimed.with.pathname.startsWith(write.with.pathname)) {
      return new Failure(`'${claimed.with.href}' is not contained in '${write.with.href}'`)
    } else {
      return true
    }
  }
})

Defined a derived capability which can be delegated from this capability. For example if you define "account/validate" capability and derive "account/register" capability from it when validating claimed "account/register" capability it could be proved with either "account/register" delegation or "account/validate" delegation.

// capability issued by account verification service on email validation
const verify = capability({
  can: "account/verify",
  with: URI({ protocol: "mailto:" })
  derives: ({ with: url }, from) =>
    url.href.startsWith(from.with.href) ||
    new Failure(`${url.href} is not contained in ${from.with.href}`)
})

// derive registration capability from email verification
const register = validate.derive({
  to: capability({
    can: "account/register",
    with: URI({ protocol: "mailto:" }),
    derives: ({ with: url }, from) =>
      url.href.startsWith(from.with.href) ||
      new Failure(`${url.href} is not contained in ${from.with.href}`)
  }),
  derives: (registered, verified) =>
    registered.with.href === verified.with.href ||
    new Failure(`Registration email ${registered.pathname} does not match verified email ${verified.with.pathname}`)
})

Defines capability that is either this or the the given other. This allows you to compose multiple capabilities into one so that you could validate any of one of them without having to maintain list of supported capabilities. It is especially useful when dealiving with derived capability chains when you might derive capability from either one or the other.