authzed 0.4.0 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0211dcb4e1b7cfc4f5aecca853548da0d6eef6d0198dd97e0f2ff44dae373429
-  data.tar.gz: 94e3b2c8cbd070654e88f0ce3ed02ecda045fe1156a14ceec210df5743b18a2e
+  metadata.gz: 471300e0b15428b18cc989e999dc0bfe4160a8d53bb1202b67297d9ec5e3372c
+  data.tar.gz: d907cf8be69946cc6c9e203fc25b8d0f093d55a8a591db2eaaba8c21e457be46
 SHA512:
-  metadata.gz: 2192c05e51d8abb91baddf0b29e27477cc1de6f0922a4fb6d1fed9b39fb14870e4ad7a32dd87964cea8724890d947bf6726b8bf358808478f50e32f9b380cd70
-  data.tar.gz: 3893665e9b69175317a990c6305166c3f25cb354bc04890ebf9b467dd0914d1c0a00943ac916cd183beddfae953b2653910d35060b121bfe32b69e19515205f9
+  metadata.gz: 02e864c03b388947db98cf344c6c4a7d4279332f8947069b7275641a159b63e08d47e888b542350ac7b74be4604b85295b6139d3bfe1757532306a14394de224
+  data.tar.gz: 3ba557b7abf4ffb568971821f18a36ccc05699cde69961ce82696a2a2b47a26aa73023df3c3e9c673dab7ca15186c3be9c440bd946ec173a328c21e7e2280d97

data/README.md

@@ -18,7 +18,6 @@ Once stored, data can be performantly queried to answer questions such as "Does
 
 Supported client API versions:
 - [v1](https://buf.build/authzed/api/docs/main/authzed.api.v1)
-- [v1alpha1](https://buf.build/authzed/api/docs/main/authzed.api.v1alpha1)
 
 You can find more info about the API in the [Authzed Documentation API Reference] or the [Authzed API Buf Registry repository].
 
@@ -96,6 +95,6 @@ resp = client.permissions_service.check_permission(
     )
   )
 )
-can_read = Authzed::Api::V1::CheckPermissionResponse::Permissionship.resolve(resp.permissionship)) ==
+can_read = Authzed::Api::V1::CheckPermissionResponse::Permissionship.resolve(resp.permissionship) ==
   Authzed::Api::V1::CheckPermissionResponse::Permissionship::PERMISSIONSHIP_HAS_PERMISSION
 ```

data/lib/authzed/api/v1/client.rb

@@ -4,7 +4,7 @@ module Authzed
   module Api
     module V1
       class Client
-        attr_reader :permissions_service, :schema_service, :watch_service
+        attr_reader :permissions_service, :schema_service, :watch_service, :experimental_service
 
         def initialize(target:, credentials: nil, interceptors: [], options: {}, timeout: nil)
           creds = credentials || GRPC::Core::ChannelCredentials.new
@@ -30,6 +30,13 @@ module Authzed
             interceptors: interceptors,
             channel_args: options,
           )
+          @experimental_service = Authzed::Api::V1::ExperimentalService::Stub.new(
+            target,
+            creds,
+            timeout: timeout,
+            interceptors: interceptors,
+            channel_args: options,
+          )
         end
       end
     end

data/lib/authzed/api/v1/core_pb.rb

@@ -1,75 +1,56 @@
+# frozen_string_literal: true
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: authzed/api/v1/core.proto
 
 require 'google/protobuf'
 
+require 'google/protobuf/struct_pb'
 require 'validate/validate_pb'
 
-Google::Protobuf::DescriptorPool.generated_pool.build do
-  add_file("authzed/api/v1/core.proto", :syntax => :proto3) do
-    add_message "authzed.api.v1.Relationship" do
-      optional :resource, :message, 1, "authzed.api.v1.ObjectReference", json_name: "resource"
-      optional :relation, :string, 2, json_name: "relation"
-      optional :subject, :message, 3, "authzed.api.v1.SubjectReference", json_name: "subject"
-    end
-    add_message "authzed.api.v1.SubjectReference" do
-      optional :object, :message, 1, "authzed.api.v1.ObjectReference", json_name: "object"
-      optional :optional_relation, :string, 2, json_name: "optionalRelation"
-    end
-    add_message "authzed.api.v1.ObjectReference" do
-      optional :object_type, :string, 1, json_name: "objectType"
-      optional :object_id, :string, 2, json_name: "objectId"
-    end
-    add_message "authzed.api.v1.ZedToken" do
-      optional :token, :string, 1, json_name: "token"
-    end
-    add_message "authzed.api.v1.RelationshipUpdate" do
-      optional :operation, :enum, 1, "authzed.api.v1.RelationshipUpdate.Operation", json_name: "operation"
-      optional :relationship, :message, 2, "authzed.api.v1.Relationship", json_name: "relationship"
-    end
-    add_enum "authzed.api.v1.RelationshipUpdate.Operation" do
-      value :OPERATION_UNSPECIFIED, 0
-      value :OPERATION_CREATE, 1
-      value :OPERATION_TOUCH, 2
-      value :OPERATION_DELETE, 3
-    end
-    add_message "authzed.api.v1.PermissionRelationshipTree" do
-      optional :expanded_object, :message, 3, "authzed.api.v1.ObjectReference", json_name: "expandedObject"
-      optional :expanded_relation, :string, 4, json_name: "expandedRelation"
-      oneof :tree_type do
-        optional :intermediate, :message, 1, "authzed.api.v1.AlgebraicSubjectSet", json_name: "intermediate"
-        optional :leaf, :message, 2, "authzed.api.v1.DirectSubjectSet", json_name: "leaf"
-      end
-    end
-    add_message "authzed.api.v1.AlgebraicSubjectSet" do
-      optional :operation, :enum, 1, "authzed.api.v1.AlgebraicSubjectSet.Operation", json_name: "operation"
-      repeated :children, :message, 2, "authzed.api.v1.PermissionRelationshipTree", json_name: "children"
-    end
-    add_enum "authzed.api.v1.AlgebraicSubjectSet.Operation" do
-      value :OPERATION_UNSPECIFIED, 0
-      value :OPERATION_UNION, 1
-      value :OPERATION_INTERSECTION, 2
-      value :OPERATION_EXCLUSION, 3
-    end
-    add_message "authzed.api.v1.DirectSubjectSet" do
-      repeated :subjects, :message, 1, "authzed.api.v1.SubjectReference", json_name: "subjects"
+
+descriptor_data = "\n\x19\x61uthzed/api/v1/core.proto\x12\x0e\x61uthzed.api.v1\x1a\x1cgoogle/protobuf/struct.proto\x1a\x17validate/validate.proto\"\xb9\x02\n\x0cRelationship\x12\x45\n\x08resource\x18\x01 \x01(\x0b\x32\x1f.authzed.api.v1.ObjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x08resource\x12\x43\n\x08relation\x18\x02 \x01(\tB\'\xfa\x42$r\"(@2\x1e^[a-z][a-z0-9_]{1,62}[a-z0-9]$R\x08relation\x12\x44\n\x07subject\x18\x03 \x01(\x0b\x32 .authzed.api.v1.SubjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x07subject\x12W\n\x0foptional_caveat\x18\x04 \x01(\x0b\x32$.authzed.api.v1.ContextualizedCaveatB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\x0eoptionalCaveat\"\xa6\x01\n\x14\x43ontextualizedCaveat\x12Q\n\x0b\x63\x61veat_name\x18\x01 \x01(\tB0\xfa\x42-r+(\x80\x01\x32&^([a-zA-Z0-9_][a-zA-Z0-9/_|-]{0,127})$R\ncaveatName\x12;\n\x07\x63ontext\x18\x02 \x01(\x0b\x32\x17.google.protobuf.StructB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\x07\x63ontext\"\xae\x01\n\x10SubjectReference\x12\x41\n\x06object\x18\x01 \x01(\x0b\x32\x1f.authzed.api.v1.ObjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x06object\x12W\n\x11optional_relation\x18\x02 \x01(\tB*\xfa\x42\'r%(@2!^([a-z][a-z0-9_]{1,62}[a-z0-9])?$R\x10optionalRelation\"\xc4\x01\n\x0fObjectReference\x12i\n\x0bobject_type\x18\x01 \x01(\tBH\xfa\x42\x45rC(\x80\x01\x32>^([a-z][a-z0-9_]{1,61}[a-z0-9]/)*[a-z][a-z0-9_]{1,62}[a-z0-9]$R\nobjectType\x12\x46\n\tobject_id\x18\x02 \x01(\tB)\xfa\x42&r$(\x80\x08\x32\x1f^(([a-zA-Z0-9/_|\\-=+]{1,})|\\*)$R\x08objectId\")\n\x08ZedToken\x12\x1d\n\x05token\x18\x01 \x01(\tB\x07\xfa\x42\x04r\x02 \x01R\x05token\"+\n\x06\x43ursor\x12!\n\x05token\x18\x01 \x01(\tB\x0b\xfa\x42\x08r\x06 \x01(\x80\xa0\x06R\x05token\"\xa1\x02\n\x12RelationshipUpdate\x12V\n\toperation\x18\x01 \x01(\x0e\x32,.authzed.api.v1.RelationshipUpdate.OperationB\n\xfa\x42\x07\x82\x01\x04\x10\x01 \x00R\toperation\x12J\n\x0crelationship\x18\x02 \x01(\x0b\x32\x1c.authzed.api.v1.RelationshipB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x0crelationship\"g\n\tOperation\x12\x19\n\x15OPERATION_UNSPECIFIED\x10\x00\x12\x14\n\x10OPERATION_CREATE\x10\x01\x12\x13\n\x0fOPERATION_TOUCH\x10\x02\x12\x14\n\x10OPERATION_DELETE\x10\x03\"\xa8\x02\n\x1aPermissionRelationshipTree\x12I\n\x0cintermediate\x18\x01 \x01(\x0b\x32#.authzed.api.v1.AlgebraicSubjectSetH\x00R\x0cintermediate\x12\x36\n\x04leaf\x18\x02 \x01(\x0b\x32 .authzed.api.v1.DirectSubjectSetH\x00R\x04leaf\x12H\n\x0f\x65xpanded_object\x18\x03 \x01(\x0b\x32\x1f.authzed.api.v1.ObjectReferenceR\x0e\x65xpandedObject\x12+\n\x11\x65xpanded_relation\x18\x04 \x01(\tR\x10\x65xpandedRelationB\x10\n\ttree_type\x12\x03\xf8\x42\x01\"\xb7\x02\n\x13\x41lgebraicSubjectSet\x12W\n\toperation\x18\x01 \x01(\x0e\x32-.authzed.api.v1.AlgebraicSubjectSet.OperationB\n\xfa\x42\x07\x82\x01\x04\x10\x01 \x00R\toperation\x12U\n\x08\x63hildren\x18\x02 \x03(\x0b\x32*.authzed.api.v1.PermissionRelationshipTreeB\r\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\x08\x63hildren\"p\n\tOperation\x12\x19\n\x15OPERATION_UNSPECIFIED\x10\x00\x12\x13\n\x0fOPERATION_UNION\x10\x01\x12\x1a\n\x16OPERATION_INTERSECTION\x10\x02\x12\x17\n\x13OPERATION_EXCLUSION\x10\x03\"P\n\x10\x44irectSubjectSet\x12<\n\x08subjects\x18\x01 \x03(\x0b\x32 .authzed.api.v1.SubjectReferenceR\x08subjects\"W\n\x11PartialCaveatInfo\x12\x42\n\x18missing_required_context\x18\x01 \x03(\tB\x08\xfa\x42\x05\x92\x01\x02\x08\x01R\x16missingRequiredContextBH\n\x12\x63om.authzed.api.v1Z2github.com/authzed/authzed-go/proto/authzed/api/v1b\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+
+begin
+  pool.add_serialized_file(descriptor_data)
+rescue TypeError => e
+  # Compatibility code: will be removed in the next major version.
+  require 'google/protobuf/descriptor_pb'
+  parsed = Google::Protobuf::FileDescriptorProto.decode(descriptor_data)
+  parsed.clear_dependency
+  serialized = parsed.class.encode(parsed)
+  file = pool.add_serialized_file(serialized)
+  warn "Warning: Protobuf detected an import path issue while loading generated file #{__FILE__}"
+  imports = [
+    ["google.protobuf.Struct", "google/protobuf/struct.proto"],
+  ]
+  imports.each do |type_name, expected_filename|
+    import_file = pool.lookup(type_name).file_descriptor
+    if import_file.name != expected_filename
+      warn "- #{file.name} imports #{expected_filename}, but that import was loaded as #{import_file.name}"
     end
   end
+  warn "Each proto file must use a consistent fully-qualified name."
+  warn "This will become an error in the next major version."
 end
 
 module Authzed
   module Api
     module V1
       Relationship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.Relationship").msgclass
+      ContextualizedCaveat = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ContextualizedCaveat").msgclass
       SubjectReference = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.SubjectReference").msgclass
       ObjectReference = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ObjectReference").msgclass
       ZedToken = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ZedToken").msgclass
+      Cursor = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.Cursor").msgclass
       RelationshipUpdate = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.RelationshipUpdate").msgclass
       RelationshipUpdate::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.RelationshipUpdate.Operation").enummodule
       PermissionRelationshipTree = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.PermissionRelationshipTree").msgclass
       AlgebraicSubjectSet = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.AlgebraicSubjectSet").msgclass
       AlgebraicSubjectSet::Operation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.AlgebraicSubjectSet.Operation").enummodule
       DirectSubjectSet = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.DirectSubjectSet").msgclass
+      PartialCaveatInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.PartialCaveatInfo").msgclass
     end
   end
 end

data/lib/authzed/api/v1/debug_pb.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: authzed/api/v1/debug.proto
 
@@ -5,38 +6,37 @@ require 'google/protobuf'
 
 require 'authzed/api/v1/core_pb'
 require 'validate/validate_pb'
+require 'google/protobuf/struct_pb'
+require 'google/protobuf/duration_pb'
 
-Google::Protobuf::DescriptorPool.generated_pool.build do
-  add_file("authzed/api/v1/debug.proto", :syntax => :proto3) do
-    add_message "authzed.api.v1.DebugInformation" do
-      optional :check, :message, 1, "authzed.api.v1.CheckDebugTrace", json_name: "check"
-      optional :schema_used, :string, 2, json_name: "schemaUsed"
-    end
-    add_message "authzed.api.v1.CheckDebugTrace" do
-      optional :resource, :message, 1, "authzed.api.v1.ObjectReference", json_name: "resource"
-      optional :permission, :string, 2, json_name: "permission"
-      optional :permission_type, :enum, 3, "authzed.api.v1.CheckDebugTrace.PermissionType", json_name: "permissionType"
-      optional :subject, :message, 4, "authzed.api.v1.SubjectReference", json_name: "subject"
-      optional :result, :enum, 5, "authzed.api.v1.CheckDebugTrace.Permissionship", json_name: "result"
-      oneof :resolution do
-        optional :was_cached_result, :bool, 6, json_name: "wasCachedResult"
-        optional :sub_problems, :message, 7, "authzed.api.v1.CheckDebugTrace.SubProblems", json_name: "subProblems"
-      end
-    end
-    add_message "authzed.api.v1.CheckDebugTrace.SubProblems" do
-      repeated :traces, :message, 1, "authzed.api.v1.CheckDebugTrace", json_name: "traces"
-    end
-    add_enum "authzed.api.v1.CheckDebugTrace.PermissionType" do
-      value :PERMISSION_TYPE_UNSPECIFIED, 0
-      value :PERMISSION_TYPE_RELATION, 1
-      value :PERMISSION_TYPE_PERMISSION, 2
-    end
-    add_enum "authzed.api.v1.CheckDebugTrace.Permissionship" do
-      value :PERMISSIONSHIP_UNSPECIFIED, 0
-      value :PERMISSIONSHIP_NO_PERMISSION, 1
-      value :PERMISSIONSHIP_HAS_PERMISSION, 2
+
+descriptor_data = "\n\x1a\x61uthzed/api/v1/debug.proto\x12\x0e\x61uthzed.api.v1\x1a\x19\x61uthzed/api/v1/core.proto\x1a\x17validate/validate.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1egoogle/protobuf/duration.proto\"j\n\x10\x44\x65\x62ugInformation\x12\x35\n\x05\x63heck\x18\x01 \x01(\x0b\x32\x1f.authzed.api.v1.CheckDebugTraceR\x05\x63heck\x12\x1f\n\x0bschema_used\x18\x02 \x01(\tR\nschemaUsed\"\xf3\x07\n\x0f\x43heckDebugTrace\x12\x45\n\x08resource\x18\x01 \x01(\x0b\x32\x1f.authzed.api.v1.ObjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x08resource\x12\x1e\n\npermission\x18\x02 \x01(\tR\npermission\x12\x63\n\x0fpermission_type\x18\x03 \x01(\x0e\x32..authzed.api.v1.CheckDebugTrace.PermissionTypeB\n\xfa\x42\x07\x82\x01\x04\x10\x01 \x00R\x0epermissionType\x12\x44\n\x07subject\x18\x04 \x01(\x0b\x32 .authzed.api.v1.SubjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x07subject\x12R\n\x06result\x18\x05 \x01(\x0e\x32..authzed.api.v1.CheckDebugTrace.PermissionshipB\n\xfa\x42\x07\x82\x01\x04\x10\x01 \x00R\x06result\x12T\n\x16\x63\x61veat_evaluation_info\x18\x08 \x01(\x0b\x32\x1e.authzed.api.v1.CaveatEvalInfoR\x14\x63\x61veatEvaluationInfo\x12\x35\n\x08\x64uration\x18\t \x01(\x0b\x32\x19.google.protobuf.DurationR\x08\x64uration\x12,\n\x11was_cached_result\x18\x06 \x01(\x08H\x00R\x0fwasCachedResult\x12P\n\x0csub_problems\x18\x07 \x01(\x0b\x32+.authzed.api.v1.CheckDebugTrace.SubProblemsH\x00R\x0bsubProblems\x1a\x46\n\x0bSubProblems\x12\x37\n\x06traces\x18\x01 \x03(\x0b\x32\x1f.authzed.api.v1.CheckDebugTraceR\x06traces\"o\n\x0ePermissionType\x12\x1f\n\x1bPERMISSION_TYPE_UNSPECIFIED\x10\x00\x12\x1c\n\x18PERMISSION_TYPE_RELATION\x10\x01\x12\x1e\n\x1aPERMISSION_TYPE_PERMISSION\x10\x02\"\xa0\x01\n\x0ePermissionship\x12\x1e\n\x1aPERMISSIONSHIP_UNSPECIFIED\x10\x00\x12 \n\x1cPERMISSIONSHIP_NO_PERMISSION\x10\x01\x12!\n\x1dPERMISSIONSHIP_HAS_PERMISSION\x10\x02\x12)\n%PERMISSIONSHIP_CONDITIONAL_PERMISSION\x10\x03\x42\x11\n\nresolution\x12\x03\xf8\x42\x01\"\x94\x03\n\x0e\x43\x61veatEvalInfo\x12\x1e\n\nexpression\x18\x01 \x01(\tR\nexpression\x12=\n\x06result\x18\x02 \x01(\x0e\x32%.authzed.api.v1.CaveatEvalInfo.ResultR\x06result\x12\x31\n\x07\x63ontext\x18\x03 \x01(\x0b\x32\x17.google.protobuf.StructR\x07\x63ontext\x12Q\n\x13partial_caveat_info\x18\x04 \x01(\x0b\x32!.authzed.api.v1.PartialCaveatInfoR\x11partialCaveatInfo\x12\x1f\n\x0b\x63\x61veat_name\x18\x05 \x01(\tR\ncaveatName\"|\n\x06Result\x12\x16\n\x12RESULT_UNSPECIFIED\x10\x00\x12\x16\n\x12RESULT_UNEVALUATED\x10\x01\x12\x10\n\x0cRESULT_FALSE\x10\x02\x12\x0f\n\x0bRESULT_TRUE\x10\x03\x12\x1f\n\x1bRESULT_MISSING_SOME_CONTEXT\x10\x04\x42H\n\x12\x63om.authzed.api.v1Z2github.com/authzed/authzed-go/proto/authzed/api/v1b\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+
+begin
+  pool.add_serialized_file(descriptor_data)
+rescue TypeError => e
+  # Compatibility code: will be removed in the next major version.
+  require 'google/protobuf/descriptor_pb'
+  parsed = Google::Protobuf::FileDescriptorProto.decode(descriptor_data)
+  parsed.clear_dependency
+  serialized = parsed.class.encode(parsed)
+  file = pool.add_serialized_file(serialized)
+  warn "Warning: Protobuf detected an import path issue while loading generated file #{__FILE__}"
+  imports = [
+    ["authzed.api.v1.ObjectReference", "authzed/api/v1/core.proto"],
+    ["google.protobuf.Duration", "google/protobuf/duration.proto"],
+    ["google.protobuf.Struct", "google/protobuf/struct.proto"],
+  ]
+  imports.each do |type_name, expected_filename|
+    import_file = pool.lookup(type_name).file_descriptor
+    if import_file.name != expected_filename
+      warn "- #{file.name} imports #{expected_filename}, but that import was loaded as #{import_file.name}"
     end
   end
+  warn "Each proto file must use a consistent fully-qualified name."
+  warn "This will become an error in the next major version."
 end
 
 module Authzed
@@ -47,6 +47,8 @@ module Authzed
       CheckDebugTrace::SubProblems = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace.SubProblems").msgclass
       CheckDebugTrace::PermissionType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace.PermissionType").enummodule
       CheckDebugTrace::Permissionship = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CheckDebugTrace.Permissionship").enummodule
+      CaveatEvalInfo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CaveatEvalInfo").msgclass
+      CaveatEvalInfo::Result = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.CaveatEvalInfo.Result").enummodule
     end
   end
 end

data/lib/authzed/api/v1/error_reason_pb.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: authzed/api/v1/error_reason.proto
+
+require 'google/protobuf'
+
+
+descriptor_data = "\n!authzed/api/v1/error_reason.proto\x12\x0e\x61uthzed.api.v1*\xf0\x06\n\x0b\x45rrorReason\x12\x1c\n\x18\x45RROR_REASON_UNSPECIFIED\x10\x00\x12#\n\x1f\x45RROR_REASON_SCHEMA_PARSE_ERROR\x10\x01\x12\"\n\x1e\x45RROR_REASON_SCHEMA_TYPE_ERROR\x10\x02\x12#\n\x1f\x45RROR_REASON_UNKNOWN_DEFINITION\x10\x03\x12/\n+ERROR_REASON_UNKNOWN_RELATION_OR_PERMISSION\x10\x04\x12,\n(ERROR_REASON_TOO_MANY_UPDATES_IN_REQUEST\x10\x05\x12\x32\n.ERROR_REASON_TOO_MANY_PRECONDITIONS_IN_REQUEST\x10\x06\x12\x35\n1ERROR_REASON_WRITE_OR_DELETE_PRECONDITION_FAILURE\x10\x07\x12\"\n\x1e\x45RROR_REASON_SERVICE_READ_ONLY\x10\x08\x12\x1f\n\x1b\x45RROR_REASON_UNKNOWN_CAVEAT\x10\t\x12%\n!ERROR_REASON_INVALID_SUBJECT_TYPE\x10\n\x12,\n(ERROR_REASON_CAVEAT_PARAMETER_TYPE_ERROR\x10\x0b\x12-\n)ERROR_REASON_UPDATES_ON_SAME_RELATIONSHIP\x10\x0c\x12)\n%ERROR_REASON_CANNOT_UPDATE_PERMISSION\x10\r\x12(\n$ERROR_REASON_CAVEAT_EVALUATION_ERROR\x10\x0e\x12\x1f\n\x1b\x45RROR_REASON_INVALID_CURSOR\x10\x0f\x12@\n<ERROR_REASON_TOO_MANY_RELATIONSHIPS_FOR_TRANSACTIONAL_DELETE\x10\x10\x12.\n*ERROR_REASON_MAX_RELATIONSHIP_CONTEXT_SIZE\x10\x11\x12\x31\n-ERROR_REASON_ATTEMPT_TO_RECREATE_RELATIONSHIP\x10\x12\x12\'\n#ERROR_REASON_MAXIMUM_DEPTH_EXCEEDED\x10\x13\x42H\n\x12\x63om.authzed.api.v1Z2github.com/authzed/authzed-go/proto/authzed/api/v1b\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+
+begin
+  pool.add_serialized_file(descriptor_data)
+rescue TypeError => e
+  # Compatibility code: will be removed in the next major version.
+  require 'google/protobuf/descriptor_pb'
+  parsed = Google::Protobuf::FileDescriptorProto.decode(descriptor_data)
+  parsed.clear_dependency
+  serialized = parsed.class.encode(parsed)
+  file = pool.add_serialized_file(serialized)
+  warn "Warning: Protobuf detected an import path issue while loading generated file #{__FILE__}"
+  imports = [
+  ]
+  imports.each do |type_name, expected_filename|
+    import_file = pool.lookup(type_name).file_descriptor
+    if import_file.name != expected_filename
+      warn "- #{file.name} imports #{expected_filename}, but that import was loaded as #{import_file.name}"
+    end
+  end
+  warn "Each proto file must use a consistent fully-qualified name."
+  warn "This will become an error in the next major version."
+end
+
+module Authzed
+  module Api
+    module V1
+      ErrorReason = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.ErrorReason").enummodule
+    end
+  end
+end

data/lib/authzed/api/v1/experimental_service_pb.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: authzed/api/v1/experimental_service.proto
+
+require 'google/protobuf'
+
+require 'google/api/annotations_pb'
+require 'validate/validate_pb'
+require 'google/protobuf/struct_pb'
+require 'google/rpc/status_pb'
+require 'authzed/api/v1/core_pb'
+require 'authzed/api/v1/permission_service_pb'
+
+
+descriptor_data = "\n)authzed/api/v1/experimental_service.proto\x12\x0e\x61uthzed.api.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17validate/validate.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x17google/rpc/status.proto\x1a\x19\x61uthzed/api/v1/core.proto\x1a\'authzed/api/v1/permission_service.proto\"\xb9\x01\n#StreamingBulkCheckPermissionRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12S\n\x05items\x18\x02 \x03(\x0b\x32..authzed.api.v1.BulkCheckPermissionRequestItemB\r\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\x05items\"\xb0\x01\n\x1a\x42ulkCheckPermissionRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12S\n\x05items\x18\x02 \x03(\x0b\x32..authzed.api.v1.BulkCheckPermissionRequestItemB\r\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\x05items\"\xb6\x02\n\x1e\x42ulkCheckPermissionRequestItem\x12\x45\n\x08resource\x18\x01 \x01(\x0b\x32\x1f.authzed.api.v1.ObjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x08resource\x12J\n\npermission\x18\x02 \x01(\tB*\xfa\x42\'r%(@2!^([a-z][a-z0-9_]{1,62}[a-z0-9])?$R\npermission\x12\x44\n\x07subject\x18\x03 \x01(\x0b\x32 .authzed.api.v1.SubjectReferenceB\x08\xfa\x42\x05\x8a\x01\x02\x10\x01R\x07subject\x12;\n\x07\x63ontext\x18\x04 \x01(\x0b\x32\x17.google.protobuf.StructB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\x07\x63ontext\"\xae\x01\n\x1b\x42ulkCheckPermissionResponse\x12\x41\n\nchecked_at\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\tcheckedAt\x12L\n\x05pairs\x18\x02 \x03(\x0b\x32\'.authzed.api.v1.BulkCheckPermissionPairB\r\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\x05pairs\"\xb7\x01\n$StreamingBulkCheckPermissionResponse\x12\x41\n\nchecked_at\x18\x01 \x01(\x0b\x32\x18.authzed.api.v1.ZedTokenB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\tcheckedAt\x12L\n\x05pairs\x18\x02 \x03(\x0b\x32\'.authzed.api.v1.BulkCheckPermissionPairB\r\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\x05pairs\"\xe2\x01\n\x17\x42ulkCheckPermissionPair\x12H\n\x07request\x18\x01 \x01(\x0b\x32..authzed.api.v1.BulkCheckPermissionRequestItemR\x07request\x12\x45\n\x04item\x18\x02 \x01(\x0b\x32/.authzed.api.v1.BulkCheckPermissionResponseItemH\x00R\x04item\x12*\n\x05\x65rror\x18\x03 \x01(\x0b\x32\x12.google.rpc.StatusH\x00R\x05\x65rrorB\n\n\x08response\"\xea\x01\n\x1f\x42ulkCheckPermissionResponseItem\x12j\n\x0epermissionship\x18\x01 \x01(\x0e\x32\x36.authzed.api.v1.CheckPermissionResponse.PermissionshipB\n\xfa\x42\x07\x82\x01\x04\x10\x01 \x00R\x0epermissionship\x12[\n\x13partial_caveat_info\x18\x02 \x01(\x0b\x32!.authzed.api.v1.PartialCaveatInfoB\x08\xfa\x42\x05\x8a\x01\x02\x10\x00R\x11partialCaveatInfo\"s\n\x1e\x42ulkImportRelationshipsRequest\x12Q\n\rrelationships\x18\x01 \x03(\x0b\x32\x1c.authzed.api.v1.RelationshipB\r\xfa\x42\n\x92\x01\x07\"\x05\x8a\x01\x02\x10\x01R\rrelationships\"@\n\x1f\x42ulkImportRelationshipsResponse\x12\x1d\n\nnum_loaded\x18\x01 \x01(\x04R\tnumLoaded\"\xd3\x01\n\x1e\x42ulkExportRelationshipsRequest\x12=\n\x0b\x63onsistency\x18\x01 \x01(\x0b\x32\x1b.authzed.api.v1.ConsistencyR\x0b\x63onsistency\x12\x31\n\x0eoptional_limit\x18\x02 \x01(\rB\n\xfa\x42\x07*\x05\x18\x90N(\x00R\roptionalLimit\x12?\n\x0foptional_cursor\x18\x03 \x01(\x0b\x32\x16.authzed.api.v1.CursorR\x0eoptionalCursor\"\xad\x01\n\x1f\x42ulkExportRelationshipsResponse\x12\x46\n\x13\x61\x66ter_result_cursor\x18\x01 \x01(\x0b\x32\x16.authzed.api.v1.CursorR\x11\x61\x66terResultCursor\x12\x42\n\rrelationships\x18\x02 \x03(\x0b\x32\x1c.authzed.api.v1.RelationshipR\rrelationships2\x81\x06\n\x13\x45xperimentalService\x12\xb2\x01\n\x17\x42ulkImportRelationships\x12..authzed.api.v1.BulkImportRelationshipsRequest\x1a/.authzed.api.v1.BulkImportRelationshipsResponse\"4\x82\xd3\xe4\x93\x02.:\x01*\")/v1/experimental/relationships/bulkimport(\x01\x12\xb2\x01\n\x17\x42ulkExportRelationships\x12..authzed.api.v1.BulkExportRelationshipsRequest\x1a/.authzed.api.v1.BulkExportRelationshipsResponse\"4\x82\xd3\xe4\x93\x02.:\x01*\")/v1/experimental/relationships/bulkexport0\x01\x12\xd1\x01\n\x1cStreamingBulkCheckPermission\x12\x33.authzed.api.v1.StreamingBulkCheckPermissionRequest\x1a\x34.authzed.api.v1.StreamingBulkCheckPermissionResponse\"D\x82\xd3\xe4\x93\x02>:\x01*\"9/v1/experimental/permissions/streamingbulkcheckpermission0\x01\x12\xab\x01\n\x13\x42ulkCheckPermission\x12*.authzed.api.v1.BulkCheckPermissionRequest\x1a+.authzed.api.v1.BulkCheckPermissionResponse\";\x82\xd3\xe4\x93\x02\x35:\x01*\"0/v1/experimental/permissions/bulkcheckpermissionBH\n\x12\x63om.authzed.api.v1Z2github.com/authzed/authzed-go/proto/authzed/api/v1b\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+
+begin
+  pool.add_serialized_file(descriptor_data)
+rescue TypeError => e
+  # Compatibility code: will be removed in the next major version.
+  require 'google/protobuf/descriptor_pb'
+  parsed = Google::Protobuf::FileDescriptorProto.decode(descriptor_data)
+  parsed.clear_dependency
+  serialized = parsed.class.encode(parsed)
+  file = pool.add_serialized_file(serialized)
+  warn "Warning: Protobuf detected an import path issue while loading generated file #{__FILE__}"
+  imports = [
+    ["authzed.api.v1.Consistency", "authzed/api/v1/permission_service.proto"],
+    ["authzed.api.v1.ObjectReference", "authzed/api/v1/core.proto"],
+    ["google.protobuf.Struct", "google/protobuf/struct.proto"],
+    ["google.rpc.Status", "google/rpc/status.proto"],
+  ]
+  imports.each do |type_name, expected_filename|
+    import_file = pool.lookup(type_name).file_descriptor
+    if import_file.name != expected_filename
+      warn "- #{file.name} imports #{expected_filename}, but that import was loaded as #{import_file.name}"
+    end
+  end
+  warn "Each proto file must use a consistent fully-qualified name."
+  warn "This will become an error in the next major version."
+end
+
+module Authzed
+  module Api
+    module V1
+      StreamingBulkCheckPermissionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.StreamingBulkCheckPermissionRequest").msgclass
+      BulkCheckPermissionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.BulkCheckPermissionRequest").msgclass
+      BulkCheckPermissionRequestItem = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.BulkCheckPermissionRequestItem").msgclass
+      BulkCheckPermissionResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.BulkCheckPermissionResponse").msgclass
+      StreamingBulkCheckPermissionResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.StreamingBulkCheckPermissionResponse").msgclass
+      BulkCheckPermissionPair = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.BulkCheckPermissionPair").msgclass
+      BulkCheckPermissionResponseItem = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.BulkCheckPermissionResponseItem").msgclass
+      BulkImportRelationshipsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.BulkImportRelationshipsRequest").msgclass
+      BulkImportRelationshipsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.BulkImportRelationshipsResponse").msgclass
+      BulkExportRelationshipsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.BulkExportRelationshipsRequest").msgclass
+      BulkExportRelationshipsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("authzed.api.v1.BulkExportRelationshipsResponse").msgclass
+    end
+  end
+end

data/lib/authzed/api/v1/experimental_service_services_pb.rb

@@ -0,0 +1,43 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: authzed/api/v1/experimental_service.proto for package 'authzed.api.v1'
+
+require 'grpc'
+require 'authzed/api/v1/experimental_service_pb'
+
+module Authzed
+  module Api
+    module V1
+      module ExperimentalService
+        # ExperimentalService exposes a number of APIs that are currently being
+        # prototyped and tested for future inclusion in the stable API.
+        class Service
+
+          include ::GRPC::GenericService
+
+          self.marshal_class_method = :encode
+          self.unmarshal_class_method = :decode
+          self.service_name = 'authzed.api.v1.ExperimentalService'
+
+          # BulkImportRelationships is a faster path to writing a large number of
+          # relationships at once. It is both batched and streaming. For maximum
+          # performance, the caller should attempt to write relationships in as close
+          # to relationship sort order as possible: (resource.object_type,
+          # resource.object_id, relation, subject.object.object_type,
+          # subject.object.object_id, subject.optional_relation)
+          # 
+          # EXPERIMENTAL
+          # https://github.com/authzed/spicedb/issues/1303
+          rpc :BulkImportRelationships, stream(::Authzed::Api::V1::BulkImportRelationshipsRequest), ::Authzed::Api::V1::BulkImportRelationshipsResponse
+          # BulkExportRelationships is the fastest path available to exporting
+          # relationships from the server. It is resumable, and will return results
+          # in an order determined by the server.
+          rpc :BulkExportRelationships, ::Authzed::Api::V1::BulkExportRelationshipsRequest, stream(::Authzed::Api::V1::BulkExportRelationshipsResponse)
+          rpc :StreamingBulkCheckPermission, ::Authzed::Api::V1::StreamingBulkCheckPermissionRequest, stream(::Authzed::Api::V1::StreamingBulkCheckPermissionResponse)
+          rpc :BulkCheckPermission, ::Authzed::Api::V1::BulkCheckPermissionRequest, ::Authzed::Api::V1::BulkCheckPermissionResponse
+        end
+
+        Stub = Service.rpc_stub_class
+      end
+    end
+  end
+end

data/lib/authzed/api/v1/openapi_pb.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: authzed/api/v1/openapi.proto
 
@@ -5,9 +6,31 @@ require 'google/protobuf'
 
 require 'protoc-gen-openapiv2/options/annotations_pb'
 
-Google::Protobuf::DescriptorPool.generated_pool.build do
-  add_file("authzed/api/v1/openapi.proto", :syntax => :proto3) do
+
+descriptor_data = "\n\x1c\x61uthzed/api/v1/openapi.proto\x12\x0e\x61uthzed.api.v1\x1a.protoc-gen-openapiv2/options/annotations.protoB\x80\x03\n\x12\x63om.authzed.api.v1Z2github.com/authzed/authzed-go/proto/authzed/api/v1\x92\x41\xb4\x02\x12\x9c\x01\n\x07\x41uthzed\"D\n\rAuthzed, Inc.\x12\x1ehttps://github.com/authzed/api\x1a\x13support@authzed.com*F\n\x12\x41pache 2.0 License\x12\x30https://github.com/authzed/api/blob/main/LICENSE2\x03\x31.0*\x03\x01\x02\x04\x32\x10\x61pplication/json:\x10\x61pplication/jsonZ#\n!\n\nApiKeyAuth\x12\x13\x08\x02\x1a\rAuthorization \x02rE\n\x1bMore about the Authzed API.\x12&https://docs.authzed.com/reference/apib\x06proto3"
+
+pool = Google::Protobuf::DescriptorPool.generated_pool
+
+begin
+  pool.add_serialized_file(descriptor_data)
+rescue TypeError => e
+  # Compatibility code: will be removed in the next major version.
+  require 'google/protobuf/descriptor_pb'
+  parsed = Google::Protobuf::FileDescriptorProto.decode(descriptor_data)
+  parsed.clear_dependency
+  serialized = parsed.class.encode(parsed)
+  file = pool.add_serialized_file(serialized)
+  warn "Warning: Protobuf detected an import path issue while loading generated file #{__FILE__}"
+  imports = [
+  ]
+  imports.each do |type_name, expected_filename|
+    import_file = pool.lookup(type_name).file_descriptor
+    if import_file.name != expected_filename
+      warn "- #{file.name} imports #{expected_filename}, but that import was loaded as #{import_file.name}"
+    end
   end
+  warn "Each proto file must use a consistent fully-qualified name."
+  warn "This will become an error in the next major version."
 end
 
 module Authzed