@base44-preview/sdk 0.8.34-pr.209.fe267c5 → 0.8.35-pr.186.347db95

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/client.d.ts CHANGED
@@ -12,12 +12,12 @@ export type { Base44Client, CreateClientConfig, CreateClientOptions };
12
12
  * The client supports three authentication modes:
13
13
  * - **Anonymous**: Access modules without authentication using `base44.moduleName`. Operations are scoped to public data and permissions.
14
14
  * - **User authentication**: Access modules with user-level permissions using `base44.moduleName`. Operations are scoped to the authenticated user's data and permissions. Use `base44.auth.loginViaEmailPassword()` or other auth methods to get a token.
15
- * - **Service role authentication**: Access modules with elevated permissions using `base44.asServiceRole.moduleName`. Operations can access any data available to the app's admin. Only available in Base44-hosted backend functions. Create a client with service role authentication using {@linkcode createClientFromRequest | createClientFromRequest()}.
15
+ * - **Service role authentication**: Access modules with elevated permissions using `base44.asServiceRole.moduleName`. Operations bypass entity access rules and field-level security, giving full read and write access to all of the app's data. Only available in Base44-hosted backend functions. Create a client with service role authentication using {@linkcode createClientFromRequest | createClientFromRequest()}.
16
16
  *
17
17
  * For example, when using the {@linkcode EntitiesModule | entities} module:
18
18
  * - **Anonymous**: Can only read public data.
19
19
  * - **User authentication**: Can access the current user's data.
20
- * - **Service role authentication**: Can access all data that admins can access.
20
+ * - **Service role authentication**: Can read and write any record, bypassing access rules.
21
21
  *
22
22
  * Most modules are available in all three modes, but with different permission levels. However, some modules are only available in specific authentication modes.
23
23
  *
@@ -43,7 +43,7 @@ export declare function createClient(config: CreateClientConfig): Base44Client;
43
43
  *
44
44
  * This function is designed for use in Base44-hosted backend functions. For frontends and external backends, use {@linkcode createClient | createClient()} instead.
45
45
  *
46
- * When used in a Base44-hosted backend function, `createClientFromRequest()` automatically extracts authentication tokens from the request headers that Base44 injects when forwarding requests. The returned client includes service role access using `base44.asServiceRole`, which provides admin-level permissions.
46
+ * When used in a Base44-hosted backend function, `createClientFromRequest()` automatically extracts authentication tokens from the request headers that Base44 injects when forwarding requests. The returned client includes service role access using `base44.asServiceRole`, which bypasses entity access rules and field-level security.
47
47
  *
48
48
  * To learn more about the Base44 client, see {@linkcode createClient | createClient()}.
49
49
  *
@@ -82,7 +82,7 @@ export declare function createClient(config: CreateClientConfig): Base44Client;
82
82
  * try {
83
83
  * const base44 = createClientFromRequest(req);
84
84
  *
85
- * // Access admin data with service role permissions
85
+ * // Read across all users, bypassing the Orders entity's access rules
86
86
  * const recentOrders = await base44.asServiceRole.entities.Orders.list('-created_at', 50);
87
87
  *
88
88
  * return Response.json({ orders: recentOrders });
package/dist/client.js CHANGED
@@ -23,12 +23,12 @@ import { createAnalyticsModule } from "./modules/analytics.js";
23
23
  * The client supports three authentication modes:
24
24
  * - **Anonymous**: Access modules without authentication using `base44.moduleName`. Operations are scoped to public data and permissions.
25
25
  * - **User authentication**: Access modules with user-level permissions using `base44.moduleName`. Operations are scoped to the authenticated user's data and permissions. Use `base44.auth.loginViaEmailPassword()` or other auth methods to get a token.
26
- * - **Service role authentication**: Access modules with elevated permissions using `base44.asServiceRole.moduleName`. Operations can access any data available to the app's admin. Only available in Base44-hosted backend functions. Create a client with service role authentication using {@linkcode createClientFromRequest | createClientFromRequest()}.
26
+ * - **Service role authentication**: Access modules with elevated permissions using `base44.asServiceRole.moduleName`. Operations bypass entity access rules and field-level security, giving full read and write access to all of the app's data. Only available in Base44-hosted backend functions. Create a client with service role authentication using {@linkcode createClientFromRequest | createClientFromRequest()}.
27
27
  *
28
28
  * For example, when using the {@linkcode EntitiesModule | entities} module:
29
29
  * - **Anonymous**: Can only read public data.
30
30
  * - **User authentication**: Can access the current user's data.
31
- * - **Service role authentication**: Can access all data that admins can access.
31
+ * - **Service role authentication**: Can read and write any record, bypassing access rules.
32
32
  *
33
33
  * Most modules are available in all three modes, but with different permission levels. However, some modules are only available in specific authentication modes.
34
34
  *
@@ -257,7 +257,7 @@ export function createClient(config) {
257
257
  /**
258
258
  * Provides access to service role modules.
259
259
  *
260
- * Service role authentication provides elevated permissions for backend operations. Unlike user authentication, which is scoped to a specific user's permissions, service role authentication has access to the data and operations available to the app's admin.
260
+ * Service role authentication provides elevated permissions for backend operations. Unlike user authentication, which is scoped to a specific user's permissions, service role authentication bypasses entity access rules and field-level security entirely, giving full read and write access to all of the app's data.
261
261
  *
262
262
  * @throws {Error} When accessed without providing a serviceToken during client creation.
263
263
  *
@@ -268,7 +268,7 @@ export function createClient(config) {
268
268
  * serviceToken: 'service-role-token'
269
269
  * });
270
270
  *
271
- * // Also access a module with elevated permissions
271
+ * // Read every user record, bypassing the User entity's access rules
272
272
  * const allUsers = await base44.asServiceRole.entities.User.list();
273
273
  * ```
274
274
  */
@@ -286,7 +286,7 @@ export function createClient(config) {
286
286
  *
287
287
  * This function is designed for use in Base44-hosted backend functions. For frontends and external backends, use {@linkcode createClient | createClient()} instead.
288
288
  *
289
- * When used in a Base44-hosted backend function, `createClientFromRequest()` automatically extracts authentication tokens from the request headers that Base44 injects when forwarding requests. The returned client includes service role access using `base44.asServiceRole`, which provides admin-level permissions.
289
+ * When used in a Base44-hosted backend function, `createClientFromRequest()` automatically extracts authentication tokens from the request headers that Base44 injects when forwarding requests. The returned client includes service role access using `base44.asServiceRole`, which bypasses entity access rules and field-level security.
290
290
  *
291
291
  * To learn more about the Base44 client, see {@linkcode createClient | createClient()}.
292
292
  *
@@ -325,7 +325,7 @@ export function createClient(config) {
325
325
  * try {
326
326
  * const base44 = createClientFromRequest(req);
327
327
  *
328
- * // Access admin data with service role permissions
328
+ * // Read across all users, bypassing the Orders entity's access rules
329
329
  * const recentOrders = await base44.asServiceRole.entities.Orders.list('-created_at', 50);
330
330
  *
331
331
  * return Response.json({ orders: recentOrders });
@@ -49,7 +49,7 @@ export interface CreateClientConfig {
49
49
  */
50
50
  token?: string;
51
51
  /**
52
- * Service role authentication token. Provides elevated permissions to access data available to the app's admin. Only available in Base44-hosted backend functions. Automatically added to client's created using {@linkcode createClientFromRequest | createClientFromRequest()}.
52
+ * Service role authentication token. Provides elevated permissions that bypass entity access rules and field-level security. Only available in Base44-hosted backend functions. Automatically added to clients created using {@linkcode createClientFromRequest | createClientFromRequest()}.
53
53
  * @internal
54
54
  */
55
55
  serviceToken?: string;
@@ -117,7 +117,7 @@ export interface Base44Client {
117
117
  /**
118
118
  * Provides access to supported modules with elevated permissions.
119
119
  *
120
- * Service role authentication provides elevated permissions for backend operations. Unlike user authentication, which is scoped to a specific user's permissions, service role authentication has access to the data and operations available to the app's admin.
120
+ * Service role authentication provides elevated permissions for backend operations. Unlike user authentication, which is scoped to a specific user's permissions, service role authentication bypasses entity access rules and field-level security entirely, giving full read and write access to all of the app's data.
121
121
  *
122
122
  * @throws {Error} When accessed without providing a serviceToken during client creation
123
123
  */
@@ -194,7 +194,7 @@ export interface AgentsModuleConfig {
194
194
  * This module is available to use with a client in all authentication modes:
195
195
  *
196
196
  * - **Anonymous or User authentication** (`base44.agents`): Access is scoped to the current user's permissions. Users must be authenticated to create and access conversations.
197
- * - **Service role authentication** (`base44.asServiceRole.agents`): Operations have elevated admin-level permissions. Can access all conversations that the app's admin role has access to.
197
+ * - **Service role authentication** (`base44.asServiceRole.agents`): Operations are invoked with the service role for backend code that needs elevated permissions.
198
198
  *
199
199
  * ## Generated Types
200
200
  *
@@ -665,7 +665,7 @@ type DynamicEntitiesModule = {
665
665
  * This module is available to use with a client in all authentication modes:
666
666
  *
667
667
  * - **Anonymous or User authentication** (`base44.entities`): Access is scoped to the current user's permissions. Anonymous users can only access public entities, while authenticated users can access entities they have permission to view or modify.
668
- * - **Service role authentication** (`base44.asServiceRole.entities`): Operations have elevated admin-level permissions. Can access all entities that the app's admin role has access to.
668
+ * - **Service role authentication** (`base44.asServiceRole.entities`): Operations bypass entity access rules and field-level security entirely. Can read and write any record in any entity.
669
669
  *
670
670
  * ## Entity Handlers
671
671
  *
@@ -694,7 +694,7 @@ type DynamicEntitiesModule = {
694
694
  *
695
695
  * @example
696
696
  * ```typescript
697
- * // List all users (admin only)
697
+ * // List every user, bypassing the User entity's access rules
698
698
  * const allUsers = await base44.asServiceRole.entities.User.list();
699
699
  * ```
700
700
  */
@@ -40,7 +40,7 @@ export interface FunctionsModuleConfig {
40
40
  * This module is available to use with a client in all authentication modes:
41
41
  *
42
42
  * - **Anonymous or User authentication** (`base44.functions`): Functions are invoked with the current user's permissions. Anonymous users invoke functions without authentication, while authenticated users invoke functions with their authentication context.
43
- * - **Service role authentication** (`base44.asServiceRole.functions`): Functions are invoked with elevated admin-level permissions. The function code receives a request with admin authentication context.
43
+ * - **Service role authentication** (`base44.asServiceRole.functions`): Functions are invoked with the service role for backend code that needs elevated permissions.
44
44
  *
45
45
  * ## Generated Types
46
46
  *
@@ -362,7 +362,7 @@ export interface CoreIntegrations {
362
362
  * This module is available to use with a client in all authentication modes:
363
363
  *
364
364
  * - **Anonymous or User authentication** (`base44.integrations`): Integration methods are invoked with the current user's permissions. Anonymous users invoke methods without authentication, while authenticated users invoke methods with their authentication context.
365
- * - **Service role authentication** (`base44.asServiceRole.integrations`): Integration methods are invoked with elevated admin-level permissions. The methods execute with admin authentication context.
365
+ * - **Service role authentication** (`base44.asServiceRole.integrations`): Integration methods are invoked with the service role for backend code that needs elevated permissions.
366
366
  */
367
367
  export type IntegrationsModule = {
368
368
  /**
@@ -130,16 +130,6 @@ export function createAxiosClient({ baseURL, headers = {}, token, interceptRespo
130
130
  }
131
131
  // Add origin URL in browser environment
132
132
  client.interceptors.request.use((config) => {
133
- var _a;
134
- // Axios selects its Node HTTP adapter in Deno, where DELETE requests with
135
- // a body fail in the node:http compatibility layer. deleteMany relies on
136
- // that request shape, while Deno's native fetch handles it correctly.
137
- if (typeof globalThis.Deno !==
138
- "undefined" &&
139
- ((_a = config.method) === null || _a === void 0 ? void 0 : _a.toLowerCase()) === "delete" &&
140
- config.data !== undefined) {
141
- config.adapter = "fetch";
142
- }
143
133
  if (typeof window !== "undefined") {
144
134
  config.headers.set("X-Origin-URL", window.location.href);
145
135
  // On unauthenticated requests, attach a stable anonymous visitor id so the
@@ -165,7 +155,7 @@ export function createAxiosClient({ baseURL, headers = {}, token, interceptRespo
165
155
  },
166
156
  }, "*");
167
157
  }
168
- catch (_b) {
158
+ catch (_a) {
169
159
  /* skip the logging */
170
160
  }
171
161
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@base44-preview/sdk",
3
- "version": "0.8.34-pr.209.fe267c5",
3
+ "version": "0.8.35-pr.186.347db95",
4
4
  "description": "JavaScript SDK for Base44 API",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -35,18 +35,18 @@
35
35
  "@types/node": "^25.0.1",
36
36
  "@types/unist": "^3.0.3",
37
37
  "@typescript-eslint/parser": "^8.51.0",
38
- "@vitest/coverage-istanbul": "^1.0.0",
39
- "@vitest/coverage-v8": "^1.0.0",
40
- "@vitest/ui": "^1.0.0",
38
+ "@vitest/coverage-istanbul": "^4.1.9",
39
+ "@vitest/coverage-v8": "^4.1.9",
40
+ "@vitest/ui": "^4.1.9",
41
41
  "dotenv": "^16.3.1",
42
42
  "eslint": "^9.39.2",
43
43
  "eslint-plugin-import": "^2.32.0",
44
- "nock": "^13.4.0",
44
+ "nock": "^14.0.16",
45
45
  "typedoc": "^0.28.14",
46
46
  "typedoc-plugin-markdown": "^4.9.0",
47
47
  "typescript": "^5.3.2",
48
48
  "typescript-eslint": "^8.51.0",
49
- "vitest": "^1.6.1"
49
+ "vitest": "^4.1.9"
50
50
  },
51
51
  "keywords": [
52
52
  "base44",