@byline/auth 1.8.1 → 1.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/abilities.d.ts +1 -1
  2. package/dist/actor.js +4 -4
  3. package/dist/context.d.ts +5 -4
  4. package/dist/session-provider.d.ts +1 -1
  5. package/package.json +1 -1
package/dist/abilities.d.ts CHANGED
@@ -25,7 +25,7 @@
25
25
  * collection registrar in `@byline/core`. Future plugins (media,
26
26
  * uploads, settings) contribute their own groups.
27
27
  *
28
- * See docs/analysis/AUTHN-AUTHZ-ANALYSIS.md §3.
28
+ * See docs/AUTHN-AUTHZ.md.
29
29
  */
30
30
  /**
31
31
  * A single registered ability.
package/dist/actor.js CHANGED
@@ -23,12 +23,12 @@
23
23
  * The `Actor` union (`AdminAuth | UserAuth | null`) is the canonical shape
24
24
  * carried on `RequestContext`. A `null` actor represents an
25
25
  * unauthenticated request — only permitted on public read paths
26
- * (`readMode === 'published'`) once service-layer enforcement lands
27
- * (the outstanding item in AUTHN-AUTHZ-ANALYSIS.md).
26
+ * (`readMode === 'published'`); service-layer enforcement is now in
27
+ * place (`assertActorCanPerform`, `assertAdminActor`).
28
28
  *
29
29
  * Ability keys are flat dotted strings (e.g. `collections.pages.publish`,
30
- * `media.manage`). See AUTHN-AUTHZ-ANALYSIS.md §4 for the rationale and
31
- * §1 (Phase 1) for the registry that mints them.
30
+ * `media.manage`). See docs/AUTHN-AUTHZ.md for the rationale and the
31
+ * registry that mints them.
32
32
  */
33
33
  import { ERR_FORBIDDEN } from './errors.js';
34
34
  /**
package/dist/context.d.ts CHANGED
@@ -11,10 +11,11 @@ import { type Actor } from './actor.js';
11
11
  * `document-lifecycle` service, `IDocumentQueries` method, `@byline/client`
12
12
  * entry point, and collection hook.
13
13
  *
14
- * The auth subsystem populates `actor`; downstream code reads it. Today
15
- * the threading is plumbing only — `actor.assertAbility(...)` is not yet
16
- * called at the `document-lifecycle` / `IDocumentQueries` boundary. See
17
- * the Phase status table in AUTHN-AUTHZ-ANALYSIS.md.
14
+ * The auth subsystem populates `actor`; downstream code reads it.
15
+ * Service-layer enforcement is live: `assertActorCanPerform` runs at
16
+ * every `document-lifecycle` write entry and on `@byline/client` reads;
17
+ * `assertAdminActor` runs inside every admin-management `*Command`.
18
+ * See docs/AUTHN-AUTHZ.md for the present-state reference.
18
19
  *
19
20
  * `RequestContext` is intentionally independent of the existing
20
21
  * `ReadContext` (populate / `afterRead` recursion guard) for now. Merging
package/dist/session-provider.d.ts CHANGED
@@ -19,7 +19,7 @@
19
19
  * the admin UI render affordances appropriate to whatever provider is
20
20
  * wired up.
21
21
  *
22
- * See docs/analysis/AUTHN-AUTHZ-ANALYSIS.md §7.
22
+ * See docs/AUTHN-AUTHZ.md.
23
23
  */
24
24
  import type { AdminAuth } from './actor.js';
25
25
  /**
package/package.json CHANGED
@@ -2,7 +2,7 @@
2
2
  "name": "@byline/auth",
3
3
  "private": false,
4
4
  "license": "MPL-2.0",
5
- "version": "1.8.1",
5
+ "version": "1.8.2",
6
6
  "engines": {
7
7
  "node": ">=20.9.0"
8
8
  },