authzed 0.0.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d9075c7150852dae34510b7e08f6000b5fef15c53908d68e48eb30a38952ca66
-  data.tar.gz: a08da7d303c4d43441cb45cca1bc15a21fd4945425d0067203f7082a502c73ba
+  metadata.gz: c84eb0a5b270d92b397e72bb0d30858b0150dfcf6926f1eb5f9a9d504413029b
+  data.tar.gz: 5fcc1eafdebcc07a2dc29de9eb460a2b2ccbf5a25145bba612a5d89110ae6ca5
 SHA512:
-  metadata.gz: c2d302f5c93cd931b68af5945c9b8211bf086c2e5f8a833ca091e2d5c76ffbc23be3882263a3ada9111bad41aa02051e086b2af68a81c2d7e1bc757974a05a1a
-  data.tar.gz: 002ae50d35ffc1ee1e60aa9959d05e2a680b30ad968966478756964d94b4f680dabe54fffeba3ec42c37b01cd2c76cd00c1047f206058fd46d1a62efc9c2145f
+  metadata.gz: 9cd40cbb79721e5f38bfc78439d81f9ebc19a292cac56e378adcee2ede4be5af7df5ab1b3777960c86f59cdecba2a519ac306cdc684e113c7f6695a31d9b68a3
+  data.tar.gz: 8341299464b007b8e6184fd95d55eb63cbe77625736f795677a99fbe6f1bc604409a002bae29a9805499b65c121d5df8ea3790dcec4bc6e7db642cc094de501c

data/README.md

@@ -14,8 +14,9 @@ This repository houses the Ruby client library for Authzed.
 Developers create a schema that models their permissions requirements and use a client library, such as this one, to apply the schema to the database, insert data into the database, and query the data to efficiently check permissions in their applications.
 
 Supported client API versions:
+- [v1](https://docs.authzed.com/reference/api#authzedapiv1)
 - [v1alpha1](https://docs.authzed.com/reference/api#authzedapiv1alpha1)
-- [v0](https://docs.authzed.com/reference/api#authzedapiv0)
+- "v0" - deprecated
 
 You can find more info on each API on the [Authzed API reference documentation].
 Additionally, Protobuf API documentation can be found on the [Buf Registry Authzed API repository].
@@ -31,10 +32,10 @@ See [CONTRIBUTING.md] for instructions on how to contribute and perform common t
 
 We highly recommend following the **[Protecting Your First App]** guide to learn the latest best practice to integrate an application with Authzed.
 
-If you're interested in examples of a specific version of the API, they can be found in their respective folders in the [examples directory].
+If you're interested in example uses of the API, see the spec files in the [spec directory].
 
 [Protecting Your First App]: https://docs.authzed.com/guides/first-app
-[examples directory]: /examples
+[spec directory]: /spec
 
 ## Basic Usage
 
@@ -58,11 +59,34 @@ In order to successfully connect, you will have to provide a [Bearer Token] with
 [Authzed Dashboard]: https://app.authzed.com
 
 ```rb
-TODO
+require 'authzed'
+
+
+client = Authzed::Api::V1::Client.new(
+    target: "localhost:50051",
+    credentials: :this_channel_is_insecure,
+    interceptors: [Authzed::GrpcUtil::BearerToken.new(token: "somerandomkeyhere")],
+)
 ```
 
 ### Performing an API call
 
 ```rb
-TODO
+require 'authzed'
+
+# Is Emilia in the set of users that can read post #1?
+resp = client.permissions_service.check_permission(
+  Authzed::Api::V1::CheckPermissionRequest.new(
+    consistency: Authzed::Api::V1::Consistency.new(
+      at_least_as_fresh: Authzed::Api::V1::ZedToken.new(token: zed_token)
+    ),
+    resource: Authzed::Api::V1::ObjectReference.new(object_type: 'blog/post', object_id: '1'),
+    permission: 'read',
+    subject: Authzed::Api::V1::SubjectReference.new(
+      object: Authzed::Api::V1::ObjectReference.new(object_type: 'blog/user', object_id: 'emilia')
+    )
+  )
+)
+can_read = Authzed::Api::V1::CheckPermissionResponse::Permissionship.resolve(resp.permissionship)) ==
+  Authzed::Api::V1::CheckPermissionResponse::Permissionship::PERMISSIONSHIP_HAS_PERMISSION
 ```

data/lib/authzed/api/v0/acl_service_pb.rb

@@ -3,7 +3,9 @@
 
 require 'google/protobuf'
 
+require 'validate/validate_pb'
 require 'authzed/api/v0/core_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v0/acl_service.proto", :syntax => :proto3) do
     add_message "authzed.api.v0.RelationTupleFilter" do

data/lib/authzed/api/v0/client.rb

@@ -0,0 +1,61 @@
+require 'grpc'
+
+module Authzed
+  module Api
+    module V0
+      class Client
+        attr_reader :acl_service, :developer_service, :namespace_service, :watch_service
+
+        def initialize(target:, credentials: nil, interceptors: [], options: {}, timeout: nil)
+          creds = credentials || GRPC::Core::ChannelCredentials.new
+
+          @acl_service = ACLService::Stub.new(
+            target,
+            creds,
+            timeout: timeout,
+            interceptors: interceptors,
+            channel_args: options,
+          )
+          @developer_service = DeveloperService::Stub.new(
+            target,
+            creds,
+            timeout: timeout,
+            interceptors: interceptors,
+            channel_args: options,
+          )
+          @namespace_service = NamespaceService::Stub.new(
+            target,
+            creds,
+            timeout: timeout,
+            interceptors: interceptors,
+            channel_args: options,
+          )
+          @watch_service = WatchService::Stub.new(
+            target,
+            creds,
+            timeout: timeout,
+            interceptors: interceptors,
+            channel_args: options,
+          )
+        end
+      end
+
+      # Utility method for creating usersets
+      module UserPatch
+        def self.included(base)
+          def base.for(namespace:, object_id:)
+            Authzed::Api::V0::User.new(
+              userset: Authzed::Api::V0::ObjectAndRelation.new(
+                namespace: namespace,
+                object_id: object_id,
+                relation: '...',
+              )
+            )
+          end
+        end
+      end
+
+      User.include(UserPatch)
+    end
+  end
+end

data/lib/authzed/api/v0/core_pb.rb

@@ -3,6 +3,8 @@
 
 require 'google/protobuf'
 
+require 'validate/validate_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v0/core.proto", :syntax => :proto3) do
     add_message "authzed.api.v0.RelationTuple" do

data/lib/authzed/api/v0/developer_pb.rb

@@ -5,8 +5,16 @@ require 'google/protobuf'
 
 require 'authzed/api/v0/core_pb'
 require 'authzed/api/v0/namespace_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v0/developer.proto", :syntax => :proto3) do
+    add_message "authzed.api.v0.FormatSchemaRequest" do
+      optional :schema, :string, 1, json_name: "schema"
+    end
+    add_message "authzed.api.v0.FormatSchemaResponse" do
+      optional :error, :message, 1, "authzed.api.v0.DeveloperError", json_name: "error"
+      optional :formatted_schema, :string, 2, json_name: "formattedSchema"
+    end
     add_message "authzed.api.v0.UpgradeSchemaRequest" do
       repeated :namespace_configs, :string, 1, json_name: "namespaceConfigs"
     end
@@ -42,6 +50,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "authzed.api.v0.RequestContext" do
       optional :schema, :string, 1, json_name: "schema"
       repeated :relationships, :message, 2, "authzed.api.v0.RelationTuple", json_name: "relationships"
+      repeated :legacy_ns_configs, :message, 3, "authzed.api.v0.NamespaceDefinition", json_name: "legacyNsConfigs"
     end
     add_message "authzed.api.v0.EditCheckRequest" do
       optional :context, :message, 1, "authzed.api.v0.RequestContext", json_name: "context"
@@ -102,6 +111,8 @@ end
 module Authzed
   module Api
     module V0
+      FormatSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.FormatSchemaRequest").msgclass
+      FormatSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.FormatSchemaResponse").msgclass
       UpgradeSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.UpgradeSchemaRequest").msgclass
       UpgradeSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.UpgradeSchemaResponse").msgclass
       ShareRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.ShareRequest").msgclass

data/lib/authzed/api/v0/developer_services_pb.rb

@@ -21,6 +21,7 @@ module Authzed
           rpc :Share, ::Authzed::Api::V0::ShareRequest, ::Authzed::Api::V0::ShareResponse
           rpc :LookupShared, ::Authzed::Api::V0::LookupShareRequest, ::Authzed::Api::V0::LookupShareResponse
           rpc :UpgradeSchema, ::Authzed::Api::V0::UpgradeSchemaRequest, ::Authzed::Api::V0::UpgradeSchemaResponse
+          rpc :FormatSchema, ::Authzed::Api::V0::FormatSchemaRequest, ::Authzed::Api::V0::FormatSchemaResponse
         end
 
         Stub = Service.rpc_stub_class

data/lib/authzed/api/v0/namespace_pb.rb

@@ -4,7 +4,9 @@
 require 'google/protobuf'
 
 require 'google/protobuf/any_pb'
+require 'validate/validate_pb'
 require 'authzed/api/v0/core_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v0/namespace.proto", :syntax => :proto3) do
     add_message "authzed.api.v0.Metadata" do
@@ -22,7 +24,16 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :metadata, :message, 4, "authzed.api.v0.Metadata", json_name: "metadata"
     end
     add_message "authzed.api.v0.TypeInformation" do
-      repeated :allowed_direct_relations, :message, 1, "authzed.api.v0.RelationReference", json_name: "allowedDirectRelations"
+      repeated :allowed_direct_relations, :message, 1, "authzed.api.v0.AllowedRelation", json_name: "allowedDirectRelations"
+    end
+    add_message "authzed.api.v0.AllowedRelation" do
+      optional :namespace, :string, 1, json_name: "namespace"
+      oneof :relation_or_wildcard do
+        optional :relation, :string, 3, json_name: "relation"
+        optional :public_wildcard, :message, 4, "authzed.api.v0.AllowedRelation.PublicWildcard", json_name: "publicWildcard"
+      end
+    end
+    add_message "authzed.api.v0.AllowedRelation.PublicWildcard" do
     end
     add_message "authzed.api.v0.UsersetRewrite" do
       oneof :rewrite_operation do
@@ -69,6 +80,8 @@ module Authzed
       NamespaceDefinition = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.NamespaceDefinition").msgclass
       Relation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.Relation").msgclass
       TypeInformation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.TypeInformation").msgclass
+      AllowedRelation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.AllowedRelation").msgclass
+      AllowedRelation::PublicWildcard = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.AllowedRelation.PublicWildcard").msgclass
       UsersetRewrite = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.UsersetRewrite").msgclass
       SetOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperation").msgclass
       SetOperation::Child = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.SetOperation.Child").msgclass

data/lib/authzed/api/v0/namespace_service_pb.rb

@@ -3,8 +3,10 @@
 
 require 'google/protobuf'
 
+require 'validate/validate_pb'
 require 'authzed/api/v0/core_pb'
 require 'authzed/api/v0/namespace_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v0/namespace_service.proto", :syntax => :proto3) do
     add_message "authzed.api.v0.ReadConfigRequest" do
@@ -22,6 +24,12 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     add_message "authzed.api.v0.WriteConfigResponse" do
       optional :revision, :message, 1, "authzed.api.v0.Zookie", json_name: "revision"
     end
+    add_message "authzed.api.v0.DeleteConfigsRequest" do
+      repeated :namespaces, :string, 1, json_name: "namespaces"
+    end
+    add_message "authzed.api.v0.DeleteConfigsResponse" do
+      optional :revision, :message, 1, "authzed.api.v0.Zookie", json_name: "revision"
+    end
   end
 end
 
@@ -32,6 +40,8 @@ module Authzed
       ReadConfigResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.ReadConfigResponse").msgclass
       WriteConfigRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.WriteConfigRequest").msgclass
       WriteConfigResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.WriteConfigResponse").msgclass
+      DeleteConfigsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.DeleteConfigsRequest").msgclass
+      DeleteConfigsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v0.DeleteConfigsResponse").msgclass
     end
   end
 end

data/lib/authzed/api/v0/namespace_service_services_pb.rb

@@ -18,6 +18,7 @@ module Authzed
 
           rpc :ReadConfig, ::Authzed::Api::V0::ReadConfigRequest, ::Authzed::Api::V0::ReadConfigResponse
           rpc :WriteConfig, ::Authzed::Api::V0::WriteConfigRequest, ::Authzed::Api::V0::WriteConfigResponse
+          rpc :DeleteConfigs, ::Authzed::Api::V0::DeleteConfigsRequest, ::Authzed::Api::V0::DeleteConfigsResponse
         end
 
         Stub = Service.rpc_stub_class

data/lib/authzed/api/v0/watch_service_pb.rb

@@ -3,7 +3,9 @@
 
 require 'google/protobuf'
 
+require 'validate/validate_pb'
 require 'authzed/api/v0/core_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v0/watch_service.proto", :syntax => :proto3) do
     add_message "authzed.api.v0.WatchRequest" do

data/lib/authzed/api/v1/client.rb

@@ -0,0 +1,37 @@
+require 'grpc'
+
+module Authzed
+  module Api
+    module V1
+      class Client
+        attr_reader :permissions_service, :schema_service, :watch_service
+
+        def initialize(target:, credentials: nil, interceptors: [], options: {}, timeout: nil)
+          creds = credentials || GRPC::Core::ChannelCredentials.new
+
+          @permissions_service = Authzed::Api::V1::PermissionsService::Stub.new(
+            target,
+            creds,
+            timeout: timeout,
+            interceptors: interceptors,
+            channel_args: options,
+          )
+          @schema_service = Authzed::Api::V1::SchemaService::Stub.new(
+            target,
+            creds,
+            timeout: timeout,
+            interceptors: interceptors,
+            channel_args: options,
+          )
+          @watch_service = Authzed::Api::V1::WatchService::Stub.new(
+            target,
+            creds,
+            timeout: timeout,
+            interceptors: interceptors,
+            channel_args: options,
+          )
+        end
+      end
+    end
+  end
+end

data/lib/authzed/api/v1/core_pb.rb

@@ -0,0 +1,75 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: authzed/api/v1/core.proto
+
+require 'google/protobuf'
+
+require 'validate/validate_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("authzed/api/v1/core.proto", :syntax => :proto3) do
+    add_message "authzed.api.v1.Relationship" do
+      optional :resource, :message, 1, "authzed.api.v1.ObjectReference", json_name: "resource"
+      optional :relation, :string, 2, json_name: "relation"
+      optional :subject, :message, 3, "authzed.api.v1.SubjectReference", json_name: "subject"
+    end
+    add_message "authzed.api.v1.SubjectReference" do
+      optional :object, :message, 1, "authzed.api.v1.ObjectReference", json_name: "object"
+      optional :optional_relation, :string, 2, json_name: "optionalRelation"
+    end
+    add_message "authzed.api.v1.ObjectReference" do
+      optional :object_type, :string, 1, json_name: "objectType"
+      optional :object_id, :string, 2, json_name: "objectId"
+    end
+    add_message "authzed.api.v1.ZedToken" do
+      optional :token, :string, 1, json_name: "token"
+    end
+    add_message "authzed.api.v1.RelationshipUpdate" do
+      optional :operation, :enum, 1, "authzed.api.v1.RelationshipUpdate.Operation", json_name: "operation"
+      optional :relationship, :message, 2, "authzed.api.v1.Relationship", json_name: "relationship"
+    end
+    add_enum "authzed.api.v1.RelationshipUpdate.Operation" do
+      value :OPERATION_UNSPECIFIED, 0
+      value :OPERATION_CREATE, 1
+      value :OPERATION_TOUCH, 2
+      value :OPERATION_DELETE, 3
+    end
+    add_message "authzed.api.v1.PermissionRelationshipTree" do
+      optional :expanded_object, :message, 3, "authzed.api.v1.ObjectReference", json_name: "expandedObject"
+      optional :expanded_relation, :string, 4, json_name: "expandedRelation"
+      oneof :tree_type do
+        optional :intermediate, :message, 1, "authzed.api.v1.AlgebraicSubjectSet", json_name: "intermediate"
+        optional :leaf, :message, 2, "authzed.api.v1.DirectSubjectSet", json_name: "leaf"
+      end
+    end
+    add_message "authzed.api.v1.AlgebraicSubjectSet" do
+      optional :operation, :enum, 1, "authzed.api.v1.AlgebraicSubjectSet.Operation", json_name: "operation"
+      repeated :children, :message, 2, "authzed.api.v1.PermissionRelationshipTree", json_name: "children"
+    end
+    add_enum "authzed.api.v1.AlgebraicSubjectSet.Operation" do
+      value :OPERATION_UNSPECIFIED, 0
+      value :OPERATION_UNION, 1
+      value :OPERATION_INTERSECTION, 2
+      value :OPERATION_EXCLUSION, 3
+    end
+    add_message "authzed.api.v1.DirectSubjectSet" do
+      repeated :subjects, :message, 1, "authzed.api.v1.SubjectReference", json_name: "subjects"
+    end
+  end
+end
+
+module Authzed
+  module Api
+    module V1
+      Relationship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.Relationship").msgclass
+      SubjectReference = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.SubjectReference").msgclass
+      ObjectReference = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ObjectReference").msgclass
+      ZedToken = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ZedToken").msgclass
+      RelationshipUpdate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.RelationshipUpdate").msgclass
+      RelationshipUpdate::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.RelationshipUpdate.Operation").enummodule
+      PermissionRelationshipTree = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.PermissionRelationshipTree").msgclass
+      AlgebraicSubjectSet = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.AlgebraicSubjectSet").msgclass
+      AlgebraicSubjectSet::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.AlgebraicSubjectSet.Operation").enummodule
+      DirectSubjectSet = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DirectSubjectSet").msgclass
+    end
+  end
+end

data/lib/authzed/api/v1/openapi_pb.rb

@@ -0,0 +1,18 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: authzed/api/v1/openapi.proto
+
+require 'google/protobuf'
+
+require 'protoc-gen-openapiv2/options/annotations_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("authzed/api/v1/openapi.proto", :syntax => :proto3) do
+  end
+end
+
+module Authzed
+  module Api
+    module V1
+    end
+  end
+end

data/lib/authzed/api/v1/permission_service_pb.rb

@@ -0,0 +1,126 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: authzed/api/v1/permission_service.proto
+
+require 'google/protobuf'
+
+require 'google/api/annotations_pb'
+require 'validate/validate_pb'
+require 'authzed/api/v1/core_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("authzed/api/v1/permission_service.proto", :syntax => :proto3) do
+    add_message "authzed.api.v1.Consistency" do
+      oneof :requirement do
+        optional :minimize_latency, :bool, 1, json_name: "minimizeLatency"
+        optional :at_least_as_fresh, :message, 2, "authzed.api.v1.ZedToken", json_name: "atLeastAsFresh"
+        optional :at_exact_snapshot, :message, 3, "authzed.api.v1.ZedToken", json_name: "atExactSnapshot"
+        optional :fully_consistent, :bool, 4, json_name: "fullyConsistent"
+      end
+    end
+    add_message "authzed.api.v1.RelationshipFilter" do
+      optional :resource_type, :string, 1, json_name: "resourceType"
+      optional :optional_resource_id, :string, 2, json_name: "optionalResourceId"
+      optional :optional_relation, :string, 3, json_name: "optionalRelation"
+      optional :optional_subject_filter, :message, 4, "authzed.api.v1.SubjectFilter", json_name: "optionalSubjectFilter"
+    end
+    add_message "authzed.api.v1.SubjectFilter" do
+      optional :subject_type, :string, 1, json_name: "subjectType"
+      optional :optional_subject_id, :string, 2, json_name: "optionalSubjectId"
+      optional :optional_relation, :message, 3, "authzed.api.v1.SubjectFilter.RelationFilter", json_name: "optionalRelation"
+    end
+    add_message "authzed.api.v1.SubjectFilter.RelationFilter" do
+      optional :relation, :string, 1, json_name: "relation"
+    end
+    add_message "authzed.api.v1.ReadRelationshipsRequest" do
+      optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
+      optional :relationship_filter, :message, 2, "authzed.api.v1.RelationshipFilter", json_name: "relationshipFilter"
+    end
+    add_message "authzed.api.v1.ReadRelationshipsResponse" do
+      optional :read_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "readAt"
+      optional :relationship, :message, 2, "authzed.api.v1.Relationship", json_name: "relationship"
+    end
+    add_message "authzed.api.v1.Precondition" do
+      optional :operation, :enum, 1, "authzed.api.v1.Precondition.Operation", json_name: "operation"
+      optional :filter, :message, 2, "authzed.api.v1.RelationshipFilter", json_name: "filter"
+    end
+    add_enum "authzed.api.v1.Precondition.Operation" do
+      value :OPERATION_UNSPECIFIED, 0
+      value :OPERATION_MUST_NOT_MATCH, 1
+      value :OPERATION_MUST_MATCH, 2
+    end
+    add_message "authzed.api.v1.WriteRelationshipsRequest" do
+      repeated :updates, :message, 1, "authzed.api.v1.RelationshipUpdate", json_name: "updates"
+      repeated :optional_preconditions, :message, 2, "authzed.api.v1.Precondition", json_name: "optionalPreconditions"
+    end
+    add_message "authzed.api.v1.WriteRelationshipsResponse" do
+      optional :written_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "writtenAt"
+    end
+    add_message "authzed.api.v1.DeleteRelationshipsRequest" do
+      optional :relationship_filter, :message, 1, "authzed.api.v1.RelationshipFilter", json_name: "relationshipFilter"
+      repeated :optional_preconditions, :message, 2, "authzed.api.v1.Precondition", json_name: "optionalPreconditions"
+    end
+    add_message "authzed.api.v1.DeleteRelationshipsResponse" do
+      optional :deleted_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "deletedAt"
+    end
+    add_message "authzed.api.v1.CheckPermissionRequest" do
+      optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
+      optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
+      optional :permission, :string, 3, json_name: "permission"
+      optional :subject, :message, 4, "authzed.api.v1.SubjectReference", json_name: "subject"
+    end
+    add_message "authzed.api.v1.CheckPermissionResponse" do
+      optional :checked_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "checkedAt"
+      optional :permissionship, :enum, 2, "authzed.api.v1.CheckPermissionResponse.Permissionship", json_name: "permissionship"
+    end
+    add_enum "authzed.api.v1.CheckPermissionResponse.Permissionship" do
+      value :PERMISSIONSHIP_UNSPECIFIED, 0
+      value :PERMISSIONSHIP_NO_PERMISSION, 1
+      value :PERMISSIONSHIP_HAS_PERMISSION, 2
+    end
+    add_message "authzed.api.v1.ExpandPermissionTreeRequest" do
+      optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
+      optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
+      optional :permission, :string, 3, json_name: "permission"
+    end
+    add_message "authzed.api.v1.ExpandPermissionTreeResponse" do
+      optional :expanded_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "expandedAt"
+      optional :tree_root, :message, 2, "authzed.api.v1.PermissionRelationshipTree", json_name: "treeRoot"
+    end
+    add_message "authzed.api.v1.LookupResourcesRequest" do
+      optional :consistency, :message, 1, "authzed.api.v1.Consistency", json_name: "consistency"
+      optional :resource_object_type, :string, 2, json_name: "resourceObjectType"
+      optional :permission, :string, 3, json_name: "permission"
+      optional :subject, :message, 4, "authzed.api.v1.SubjectReference", json_name: "subject"
+    end
+    add_message "authzed.api.v1.LookupResourcesResponse" do
+      optional :looked_up_at, :message, 1, "authzed.api.v1.ZedToken", json_name: "lookedUpAt"
+      optional :resource_object_id, :string, 2, json_name: "resourceObjectId"
+    end
+  end
+end
+
+module Authzed
+  module Api
+    module V1
+      Consistency = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.Consistency").msgclass
+      RelationshipFilter = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.RelationshipFilter").msgclass
+      SubjectFilter = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.SubjectFilter").msgclass
+      SubjectFilter::RelationFilter = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.SubjectFilter.RelationFilter").msgclass
+      ReadRelationshipsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadRelationshipsRequest").msgclass
+      ReadRelationshipsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadRelationshipsResponse").msgclass
+      Precondition = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.Precondition").msgclass
+      Precondition::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.Precondition.Operation").enummodule
+      WriteRelationshipsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteRelationshipsRequest").msgclass
+      WriteRelationshipsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteRelationshipsResponse").msgclass
+      DeleteRelationshipsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DeleteRelationshipsRequest").msgclass
+      DeleteRelationshipsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DeleteRelationshipsResponse").msgclass
+      CheckPermissionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckPermissionRequest").msgclass
+      CheckPermissionResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckPermissionResponse").msgclass
+      CheckPermissionResponse::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckPermissionResponse.Permissionship").enummodule
+      ExpandPermissionTreeRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExpandPermissionTreeRequest").msgclass
+      ExpandPermissionTreeResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ExpandPermissionTreeResponse").msgclass
+      LookupResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupResourcesRequest").msgclass
+      LookupResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.LookupResourcesResponse").msgclass
+    end
+  end
+end

data/lib/authzed/api/v1/permission_service_services_pb.rb

@@ -0,0 +1,48 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: authzed/api/v1/permission_service.proto for package 'authzed.api.v1'
+
+require 'grpc'
+require 'authzed/api/v1/permission_service_pb'
+
+module Authzed
+  module Api
+    module V1
+      module PermissionsService
+        # PermissionsService implements a set of RPCs that perform operations on
+        # relationships and permissions.
+        class Service
+
+          include ::GRPC::GenericService
+
+          self.marshal_class_method = :encode
+          self.unmarshal_class_method = :decode
+          self.service_name = 'authzed.api.v1.PermissionsService'
+
+          # ReadRelationships reads a set of the relationships matching one or more
+          # filters.
+          rpc :ReadRelationships, ::Authzed::Api::V1::ReadRelationshipsRequest, stream(::Authzed::Api::V1::ReadRelationshipsResponse)
+          # WriteRelationships atomically writes and/or deletes a set of specified
+          # relationships. An optional set of preconditions can be provided that must
+          # be satisfied for the operation to commit.
+          rpc :WriteRelationships, ::Authzed::Api::V1::WriteRelationshipsRequest, ::Authzed::Api::V1::WriteRelationshipsResponse
+          # DeleteRelationships atomically bulk deletes relationships matching one or
+          # more filters. An optional set of preconditions can be provided that must
+          # be satisfied for the operation to commit.
+          rpc :DeleteRelationships, ::Authzed::Api::V1::DeleteRelationshipsRequest, ::Authzed::Api::V1::DeleteRelationshipsResponse
+          # CheckPermission determines for a given resource whether a subject computes
+          # to having a permission or is a direct member of a particular relation.
+          rpc :CheckPermission, ::Authzed::Api::V1::CheckPermissionRequest, ::Authzed::Api::V1::CheckPermissionResponse
+          # ExpandPermissionTree reveals the graph structure for a resource's
+          # permission or relation. This RPC does not recurse infinitely deep and may
+          # require multiple calls to fully unnest a deeply nested graph.
+          rpc :ExpandPermissionTree, ::Authzed::Api::V1::ExpandPermissionTreeRequest, ::Authzed::Api::V1::ExpandPermissionTreeResponse
+          # LookupResources returns all the resources of a given type that a subject
+          # can access whether via a computed permission or relation membership.
+          rpc :LookupResources, ::Authzed::Api::V1::LookupResourcesRequest, stream(::Authzed::Api::V1::LookupResourcesResponse)
+        end
+
+        Stub = Service.rpc_stub_class
+      end
+    end
+  end
+end

data/lib/authzed/api/v1/schema_pb.rb

@@ -0,0 +1,30 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: authzed/api/v1/schema.proto
+
+require 'google/protobuf'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("authzed/api/v1/schema.proto", :syntax => :proto3) do
+    add_message "authzed.api.v1.ReadSchemaRequest" do
+    end
+    add_message "authzed.api.v1.ReadSchemaResponse" do
+      optional :schema_text, :string, 1, json_name: "schemaText"
+    end
+    add_message "authzed.api.v1.WriteSchemaRequest" do
+      optional :schema, :string, 1, json_name: "schema"
+    end
+    add_message "authzed.api.v1.WriteSchemaResponse" do
+    end
+  end
+end
+
+module Authzed
+  module Api
+    module V1
+      ReadSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaRequest").msgclass
+      ReadSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaResponse").msgclass
+      WriteSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaRequest").msgclass
+      WriteSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaResponse").msgclass
+    end
+  end
+end

data/lib/authzed/api/v1/schema_service_pb.rb

@@ -0,0 +1,33 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: authzed/api/v1/schema_service.proto
+
+require 'google/protobuf'
+
+require 'google/api/annotations_pb'
+require 'validate/validate_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("authzed/api/v1/schema_service.proto", :syntax => :proto3) do
+    add_message "authzed.api.v1.ReadSchemaRequest" do
+    end
+    add_message "authzed.api.v1.ReadSchemaResponse" do
+      optional :schema_text, :string, 1, json_name: "schemaText"
+    end
+    add_message "authzed.api.v1.WriteSchemaRequest" do
+      optional :schema, :string, 1, json_name: "schema"
+    end
+    add_message "authzed.api.v1.WriteSchemaResponse" do
+    end
+  end
+end
+
+module Authzed
+  module Api
+    module V1
+      ReadSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaRequest").msgclass
+      ReadSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ReadSchemaResponse").msgclass
+      WriteSchemaRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaRequest").msgclass
+      WriteSchemaResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WriteSchemaResponse").msgclass
+    end
+  end
+end

data/lib/authzed/api/v1/schema_service_services_pb.rb

@@ -0,0 +1,34 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: authzed/api/v1/schema_service.proto for package 'authzed.api.v1'
+
+require 'grpc'
+require 'authzed/api/v1/schema_service_pb'
+
+module Authzed
+  module Api
+    module V1
+      module SchemaService
+        # SchemaService implements operations on a Permissions System's Schema.
+        class Service
+
+          include ::GRPC::GenericService
+
+          self.marshal_class_method = :encode
+          self.unmarshal_class_method = :decode
+          self.service_name = 'authzed.api.v1.SchemaService'
+
+          # Read returns the current Object Definitions for a Permissions System.
+          #
+          # Errors include:
+          # - INVALID_ARGUMENT: a provided value has failed to semantically validate
+          # - NOT_FOUND: no schema has been defined
+          rpc :ReadSchema, ::Authzed::Api::V1::ReadSchemaRequest, ::Authzed::Api::V1::ReadSchemaResponse
+          # Write overwrites the current Object Definitions for a Permissions System.
+          rpc :WriteSchema, ::Authzed::Api::V1::WriteSchemaRequest, ::Authzed::Api::V1::WriteSchemaResponse
+        end
+
+        Stub = Service.rpc_stub_class
+      end
+    end
+  end
+end

data/lib/authzed/api/v1/schema_services_pb.rb

@@ -0,0 +1,34 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: authzed/api/v1/schema.proto for package 'authzed.api.v1'
+
+require 'grpc'
+require 'authzed/api/v1/schema_pb'
+
+module Authzed
+  module Api
+    module V1
+      module SchemaService
+        # SchemaService implements operations on a Permissions System's Schema.
+        class Service
+
+          include ::GRPC::GenericService
+
+          self.marshal_class_method = :encode
+          self.unmarshal_class_method = :decode
+          self.service_name = 'authzed.api.v1.SchemaService'
+
+          # Read returns the current Object Definitions for a Permissions System.
+          #
+          # Errors include:
+          # - INVALID_ARGUMENT: a provided value has failed to semantically validate
+          # - NOT_FOUND: no schema has been defined
+          rpc :ReadSchema, ::Authzed::Api::V1::ReadSchemaRequest, ::Authzed::Api::V1::ReadSchemaResponse
+          # Write overwrites the current Object Definitions for a Permissions System.
+          rpc :WriteSchema, ::Authzed::Api::V1::WriteSchemaRequest, ::Authzed::Api::V1::WriteSchemaResponse
+        end
+
+        Stub = Service.rpc_stub_class
+      end
+    end
+  end
+end

data/lib/authzed/api/v1/watch_service_pb.rb

@@ -0,0 +1,30 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: authzed/api/v1/watch_service.proto
+
+require 'google/protobuf'
+
+require 'google/api/annotations_pb'
+require 'validate/validate_pb'
+require 'authzed/api/v1/core_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("authzed/api/v1/watch_service.proto", :syntax => :proto3) do
+    add_message "authzed.api.v1.WatchRequest" do
+      repeated :optional_object_types, :string, 1, json_name: "optionalObjectTypes"
+      optional :optional_start_cursor, :message, 2, "authzed.api.v1.ZedToken", json_name: "optionalStartCursor"
+    end
+    add_message "authzed.api.v1.WatchResponse" do
+      repeated :updates, :message, 1, "authzed.api.v1.RelationshipUpdate", json_name: "updates"
+      optional :changes_through, :message, 2, "authzed.api.v1.ZedToken", json_name: "changesThrough"
+    end
+  end
+end
+
+module Authzed
+  module Api
+    module V1
+      WatchRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WatchRequest").msgclass
+      WatchResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.WatchResponse").msgclass
+    end
+  end
+end

data/lib/authzed/api/v1/watch_service_services_pb.rb

@@ -0,0 +1,26 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: authzed/api/v1/watch_service.proto for package 'authzed.api.v1'
+
+require 'grpc'
+require 'authzed/api/v1/watch_service_pb'
+
+module Authzed
+  module Api
+    module V1
+      module WatchService
+        class Service
+
+          include ::GRPC::GenericService
+
+          self.marshal_class_method = :encode
+          self.unmarshal_class_method = :decode
+          self.service_name = 'authzed.api.v1.WatchService'
+
+          rpc :Watch, ::Authzed::Api::V1::WatchRequest, stream(::Authzed::Api::V1::WatchResponse)
+        end
+
+        Stub = Service.rpc_stub_class
+      end
+    end
+  end
+end

data/lib/authzed/api/v1alpha1/client.rb

@@ -0,0 +1,25 @@
+require 'grpc'
+
+module Authzed
+  module Api
+    module V1alpha1
+      class Client
+
+        attr_reader :schema_service
+
+        def initialize(target:, credentials: nil, interceptors: [], options: {}, timeout: nil)
+          creds = credentials || GRPC::Core::ChannelCredentials.new
+
+          @schema_service = Authzed::Api::V1alpha1::SchemaService::Stub.new(
+            target,
+            creds,
+            timeout: timeout,
+            interceptors: interceptors,
+            channel_args: options,
+          )
+        end
+      end
+    end
+  end
+end
+

data/lib/authzed/api/v1alpha1/schema_pb.rb

@@ -3,6 +3,8 @@
 
 require 'google/protobuf'
 
+require 'validate/validate_pb'
+
 Google::Protobuf::DescriptorPool.generated_pool.build do
   add_file("authzed/api/v1alpha1/schema.proto", :syntax => :proto3) do
     add_message "authzed.api.v1alpha1.ReadSchemaRequest" do
@@ -10,12 +12,15 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
     end
     add_message "authzed.api.v1alpha1.ReadSchemaResponse" do
       repeated :object_definitions, :string, 1, json_name: "objectDefinitions"
+      optional :computed_definitions_revision, :string, 2, json_name: "computedDefinitionsRevision"
     end
     add_message "authzed.api.v1alpha1.WriteSchemaRequest" do
       optional :schema, :string, 1, json_name: "schema"
+      optional :optional_definitions_revision_precondition, :string, 2, json_name: "optionalDefinitionsRevisionPrecondition"
     end
     add_message "authzed.api.v1alpha1.WriteSchemaResponse" do
       repeated :object_definitions_names, :string, 1, json_name: "objectDefinitionsNames"
+      optional :computed_definitions_revision, :string, 2, json_name: "computedDefinitionsRevision"
     end
   end
 end

data/lib/authzed/api/v1alpha1/watchresources_service_pb.rb

@@ -0,0 +1,46 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: authzed/api/v1alpha1/watchresources_service.proto
+
+require 'google/protobuf'
+
+require 'google/api/annotations_pb'
+require 'validate/validate_pb'
+require 'authzed/api/v1/core_pb'
+
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("authzed/api/v1alpha1/watchresources_service.proto", :syntax => :proto3) do
+    add_message "authzed.api.v1alpha1.WatchResourcesRequest" do
+      optional :resource_object_type, :string, 1, json_name: "resourceObjectType"
+      optional :permission, :string, 2, json_name: "permission"
+      optional :subject_object_type, :string, 3, json_name: "subjectObjectType"
+      optional :optional_subject_relation, :string, 4, json_name: "optionalSubjectRelation"
+      optional :optional_start_cursor, :message, 5, "authzed.api.v1.ZedToken", json_name: "optionalStartCursor"
+    end
+    add_message "authzed.api.v1alpha1.PermissionUpdate" do
+      optional :subject, :message, 1, "authzed.api.v1.SubjectReference", json_name: "subject"
+      optional :resource, :message, 2, "authzed.api.v1.ObjectReference", json_name: "resource"
+      optional :relation, :string, 3, json_name: "relation"
+      optional :updated_permission, :enum, 4, "authzed.api.v1alpha1.PermissionUpdate.Permissionship", json_name: "updatedPermission"
+    end
+    add_enum "authzed.api.v1alpha1.PermissionUpdate.Permissionship" do
+      value :PERMISSIONSHIP_UNSPECIFIED, 0
+      value :PERMISSIONSHIP_NO_PERMISSION, 1
+      value :PERMISSIONSHIP_HAS_PERMISSION, 2
+    end
+    add_message "authzed.api.v1alpha1.WatchResourcesResponse" do
+      repeated :updates, :message, 1, "authzed.api.v1alpha1.PermissionUpdate", json_name: "updates"
+      optional :changes_through, :message, 2, "authzed.api.v1.ZedToken", json_name: "changesThrough"
+    end
+  end
+end
+
+module Authzed
+  module Api
+    module V1alpha1
+      WatchResourcesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.WatchResourcesRequest").msgclass
+      PermissionUpdate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.PermissionUpdate").msgclass
+      PermissionUpdate::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.PermissionUpdate.Permissionship").enummodule
+      WatchResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1alpha1.WatchResourcesResponse").msgclass
+    end
+  end
+end

data/lib/authzed/api/v1alpha1/watchresources_service_services_pb.rb

@@ -0,0 +1,30 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: authzed/api/v1alpha1/watchresources_service.proto for package 'authzed.api.v1alpha1'
+
+require 'grpc'
+require 'authzed/api/v1alpha1/watchresources_service_pb'
+
+module Authzed
+  module Api
+    module V1alpha1
+      module WatchResourcesService
+        # WatchResourcesService is used to receive a stream of updates for resources of a
+        # specific (resource type, permission, subject) combination.
+        class Service
+
+          include ::GRPC::GenericService
+
+          self.marshal_class_method = :encode
+          self.unmarshal_class_method = :decode
+          self.service_name = 'authzed.api.v1alpha1.WatchResourcesService'
+
+          # WatchResources initiates a watch for permission changes for the provided
+          # (resource type, permission, subject) pair.
+          rpc :WatchResources, ::Authzed::Api::V1alpha1::WatchResourcesRequest, stream(::Authzed::Api::V1alpha1::WatchResourcesResponse)
+        end
+
+        Stub = Service.rpc_stub_class
+      end
+    end
+  end
+end

data/lib/authzed.rb

@@ -1,14 +1,11 @@
-require 'authzed/api/v0/acl_service_pb'
-require 'authzed/api/v0/acl_service_services_pb'
-require 'authzed/api/v0/core_pb'
-require 'authzed/api/v0/developer_pb'
-require 'authzed/api/v0/developer_services_pb'
-require 'authzed/api/v0/namespace_pb'
-require 'authzed/api/v0/namespace_service_pb'
-require 'authzed/api/v0/namespace_service_services_pb'
-require 'authzed/api/v0/watch_service_pb'
-require 'authzed/api/v0/watch_service_services_pb'
 require 'authzed/api/v1alpha1/schema_pb'
+require 'authzed/api/v1alpha1/schema_services_pb'
+require 'authzed/api/v1alpha1/client'
+require 'authzed/api/v1/schema_services_pb'
+require 'authzed/api/v1/watch_service_services_pb'
+require 'authzed/api/v1/permission_service_services_pb'
+require 'authzed/api/v1/client'
+require 'grpcutil/bearer_token'
 
 module Authzed
-end
+end

data/lib/grpcutil/bearer_token.rb

@@ -0,0 +1,75 @@
+require 'grpc'
+
+module Authzed
+  module GrpcUtil
+    class BearerToken < GRPC::ClientInterceptor
+
+      AUTHORIZATION_HEADER = 'authorization'
+      SCHEMA = 'Bearer'
+
+      attr_reader :token
+
+      def initialize(token:)
+        @token = token
+      end
+
+      ##
+      # Intercept a unary request response call
+      #
+      # @param [Object] request
+      # @param [GRPC::ActiveCall] call
+      # @param [String] method
+      # @param [Hash] metadata
+      #
+      def request_response(request: nil, call: nil, method: nil, metadata: nil)
+        metadata[AUTHORIZATION_HEADER] = bearer_token_header
+        yield
+      end
+
+      ##
+      # Intercept a client streaming call
+      #
+      # @param [Enumerable] requests
+      # @param [GRPC::ActiveCall] call
+      # @param [String] method
+      # @param [Hash] metadata
+      #
+      def client_streamer(requests: nil, call: nil, method: nil, metadata: nil)
+        metadata[AUTHORIZATION_HEADER] = bearer_token_header
+        yield
+      end
+
+      ##
+      # Intercept a server streaming call
+      #
+      # @param [Object] request
+      # @param [GRPC::ActiveCall] call
+      # @param [String] method
+      # @param [Hash] metadata
+      #
+      def server_streamer(request: nil, call: nil, method: nil, metadata: nil)
+        metadata[AUTHORIZATION_HEADER] = bearer_token_header
+        yield
+      end
+
+      ##
+      # Intercept a BiDi streaming call
+      #
+      # @param [Enumerable] requests
+      # @param [GRPC::ActiveCall] call
+      # @param [String] method
+      # @param [Hash] metadata
+      #
+      def bidi_streamer(requests: nil, call: nil, method: nil, metadata: nil)
+        metadata[AUTHORIZATION_HEADER] = bearer_token_header
+        yield
+      end
+
+      private
+
+      def bearer_token_header
+        "#{SCHEMA} #{token}"
+      end
+    end
+  end
+end

data/lib/validate/validate_pb.rb

@@ -0,0 +1,4 @@
+module Validate
+  module ValidatePb
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authzed
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Authzed
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-08-24 00:00:00.000000000 Z
+date: 2022-05-26 00:00:00.000000000 Z
 dependencies: []
 description: Authzed is the best way to build robust and scalable permissions systems.
   See https://authzed.com for more details.
@@ -22,6 +22,7 @@ files:
 - lib/authzed.rb
 - lib/authzed/api/v0/acl_service_pb.rb
 - lib/authzed/api/v0/acl_service_services_pb.rb
+- lib/authzed/api/v0/client.rb
 - lib/authzed/api/v0/core_pb.rb
 - lib/authzed/api/v0/developer_pb.rb
 - lib/authzed/api/v0/developer_services_pb.rb
@@ -30,8 +31,24 @@ files:
 - lib/authzed/api/v0/namespace_service_services_pb.rb
 - lib/authzed/api/v0/watch_service_pb.rb
 - lib/authzed/api/v0/watch_service_services_pb.rb
+- lib/authzed/api/v1/client.rb
+- lib/authzed/api/v1/core_pb.rb
+- lib/authzed/api/v1/openapi_pb.rb
+- lib/authzed/api/v1/permission_service_pb.rb
+- lib/authzed/api/v1/permission_service_services_pb.rb
+- lib/authzed/api/v1/schema_pb.rb
+- lib/authzed/api/v1/schema_service_pb.rb
+- lib/authzed/api/v1/schema_service_services_pb.rb
+- lib/authzed/api/v1/schema_services_pb.rb
+- lib/authzed/api/v1/watch_service_pb.rb
+- lib/authzed/api/v1/watch_service_services_pb.rb
+- lib/authzed/api/v1alpha1/client.rb
 - lib/authzed/api/v1alpha1/schema_pb.rb
 - lib/authzed/api/v1alpha1/schema_services_pb.rb
+- lib/authzed/api/v1alpha1/watchresources_service_pb.rb
+- lib/authzed/api/v1alpha1/watchresources_service_services_pb.rb
+- lib/grpcutil/bearer_token.rb
+- lib/validate/validate_pb.rb
 homepage: https://authzed.com
 licenses:
 - Apache-2.0