npm - @auth-gate/rbac - Versions diffs - 0.10.0 → 0.12.0 - Mend

@auth-gate/rbac 0.10.0 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -1,5 +1,5 @@
 <p align="center">
-  <img src="icon.png" alt="AuthGate" width="120" height="120" />
+  <img src="https://raw.githubusercontent.com/f-starace/authgate/main/packages/rbac/icon.png" alt="AuthGate" width="120" height="120" />
 </p>
 # @auth-gate/rbac

package/dist/index.d.cts CHANGED Viewed

@@ -94,30 +94,28 @@ type UnionToIntersection<U> = (U extends any ? (k: U) => void : never) extends (
 type IsUnion<T> = [T] extends [UnionToIntersection<T>] ? false : true;
 /**
  * Compile-time constraint: if more than one role has `isDefault: true`,
- * intersect those roles' `isDefault` with an error string so TypeScript
- * produces a descriptive message.
+ * produce a descriptive error at the `roles` level naming the conflicting roles.
  *
- * Error reads: Type 'true' is not assignable to type '"ERROR: ..."'.
+ * The error string includes the names of all roles that have `isDefault: true`
+ * so the developer knows exactly which roles to fix.
  */
 type ValidateSingleDefault<T> = T extends {
     roles: infer Roles;
 } ? IsUnion<DefaultRoleKeys<Roles>> extends true ? {
-    roles: {
-        [K in DefaultRoleKeys<Roles> & keyof Roles]: {
-            isDefault: "ERROR: Only one role may have isDefault: true";
-        };
-    };
+    roles: `ERROR: multiple roles have isDefault: true ("${DefaultRoleKeys<Roles> & string}"). Only one role may be the default`;
 } : {} : {};
 /** Extract valid action string literals from a resource config. */
 type ValidActions<R> = R extends {
     actions: readonly (infer U)[];
 } ? U & string : never;
+/** Extract action keys that are NOT declared in the resource config. */
+type InvalidActions<Actions, Res extends ResourceConfig> = Exclude<keyof Actions & string, ValidActions<Res>>;
 /**
  * Compile-time constraint: validates grant resource/action keys against
  * declared resources at the type level.
  *
  * - **Invalid resource key** → descriptive error naming the resource.
- * - **Invalid action key** → descriptive error listing valid actions.
+ * - **Invalid action key** → descriptive error naming the specific invalid key(s).
  * - **Valid grants** → passes through original types transparently.
  *
  * Used as `T & ValidateConfig<T>` in the `defineRbac()` parameter type.
@@ -136,7 +134,7 @@ type ValidateConfig<T> = T extends {
             grants: {
                 [ResK in keyof G]: ResK extends keyof R ? keyof G[ResK] extends ValidActions<R[ResK & keyof R]> ? {
                     [ActK in keyof G[ResK]]: G[ResK][ActK];
-                } : `ERROR: invalid action(s) in "${ResK & string}" grants. Valid actions: ${ValidActions<R[ResK & keyof R]>}` : `ERROR: resource "${ResK & string}" is not declared in resources`;
+                } : `ERROR: unknown action(s) "${InvalidActions<G[ResK], R[ResK & keyof R]>}" in "${ResK & string}" grants. Valid actions: ${ValidActions<R[ResK & keyof R]>}` : `ERROR: resource "${ResK & string}" is not declared in resources`;
             };
         } : Roles[RK];
     };

package/dist/index.d.ts CHANGED Viewed

@@ -94,30 +94,28 @@ type UnionToIntersection<U> = (U extends any ? (k: U) => void : never) extends (
 type IsUnion<T> = [T] extends [UnionToIntersection<T>] ? false : true;
 /**
  * Compile-time constraint: if more than one role has `isDefault: true`,
- * intersect those roles' `isDefault` with an error string so TypeScript
- * produces a descriptive message.
+ * produce a descriptive error at the `roles` level naming the conflicting roles.
  *
- * Error reads: Type 'true' is not assignable to type '"ERROR: ..."'.
+ * The error string includes the names of all roles that have `isDefault: true`
+ * so the developer knows exactly which roles to fix.
  */
 type ValidateSingleDefault<T> = T extends {
     roles: infer Roles;
 } ? IsUnion<DefaultRoleKeys<Roles>> extends true ? {
-    roles: {
-        [K in DefaultRoleKeys<Roles> & keyof Roles]: {
-            isDefault: "ERROR: Only one role may have isDefault: true";
-        };
-    };
+    roles: `ERROR: multiple roles have isDefault: true ("${DefaultRoleKeys<Roles> & string}"). Only one role may be the default`;
 } : {} : {};
 /** Extract valid action string literals from a resource config. */
 type ValidActions<R> = R extends {
     actions: readonly (infer U)[];
 } ? U & string : never;
+/** Extract action keys that are NOT declared in the resource config. */
+type InvalidActions<Actions, Res extends ResourceConfig> = Exclude<keyof Actions & string, ValidActions<Res>>;
 /**
  * Compile-time constraint: validates grant resource/action keys against
  * declared resources at the type level.
  *
  * - **Invalid resource key** → descriptive error naming the resource.
- * - **Invalid action key** → descriptive error listing valid actions.
+ * - **Invalid action key** → descriptive error naming the specific invalid key(s).
  * - **Valid grants** → passes through original types transparently.
  *
  * Used as `T & ValidateConfig<T>` in the `defineRbac()` parameter type.
@@ -136,7 +134,7 @@ type ValidateConfig<T> = T extends {
             grants: {
                 [ResK in keyof G]: ResK extends keyof R ? keyof G[ResK] extends ValidActions<R[ResK & keyof R]> ? {
                     [ActK in keyof G[ResK]]: G[ResK][ActK];
-                } : `ERROR: invalid action(s) in "${ResK & string}" grants. Valid actions: ${ValidActions<R[ResK & keyof R]>}` : `ERROR: resource "${ResK & string}" is not declared in resources`;
+                } : `ERROR: unknown action(s) "${InvalidActions<G[ResK], R[ResK & keyof R]>}" in "${ResK & string}" grants. Valid actions: ${ValidActions<R[ResK & keyof R]>}` : `ERROR: resource "${ResK & string}" is not declared in resources`;
             };
         } : Roles[RK];
     };

package/package.json CHANGED Viewed

@@ -1,6 +1,7 @@
 {
   "name": "@auth-gate/rbac",
-  "version": "0.10.0",
+  "version": "0.12.0",
+  "description": "RBAC as code for AuthGate — define resources, roles, and permissions in TypeScript and sync them with a single CLI command.",
   "type": "module",
   "exports": {
     ".": {
@@ -23,7 +24,7 @@
     "chalk": "^5.4.0",
     "dotenv": "^17.2.4",
     "jiti": "^2.4.0",
-    "@auth-gate/core": "0.10.0"
+    "@auth-gate/core": "0.12.0"
   },
   "devDependencies": {
     "tsup": "^8.0.0",