@checkstack/catalog-backend 0.0.3 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +118 -0
  2. package/package.json +1 -1
  3. package/src/index.ts +5 -5
  4. package/src/router.ts +8 -9
package/CHANGELOG.md CHANGED
@@ -1,5 +1,123 @@
1
1
  # @checkstack/catalog-backend
2
2
 
3
+ ## 0.2.0
4
+
5
+ ### Minor Changes
6
+
7
+ - 9faec1f: # Unified AccessRule Terminology Refactoring
8
+
9
+ This release completes a comprehensive terminology refactoring from "permission" to "accessRule" across the entire codebase, establishing a consistent and modern access control vocabulary.
10
+
11
+ ## Changes
12
+
13
+ ### Core Infrastructure (`@checkstack/common`)
14
+
15
+ - Introduced `AccessRule` interface as the primary access control type
16
+ - Added `accessPair()` helper for creating read/manage access rule pairs
17
+ - Added `access()` builder for individual access rules
18
+ - Replaced `Permission` type with `AccessRule` throughout
19
+
20
+ ### API Changes
21
+
22
+ - `env.registerPermissions()` → `env.registerAccessRules()`
23
+ - `meta.permissions` → `meta.access` in RPC contracts
24
+ - `usePermission()` → `useAccess()` in frontend hooks
25
+ - Route `permission:` field → `accessRule:` field
26
+
27
+ ### UI Changes
28
+
29
+ - "Roles & Permissions" tab → "Roles & Access Rules"
30
+ - "You don't have permission..." → "You don't have access..."
31
+ - All permission-related UI text updated
32
+
33
+ ### Documentation & Templates
34
+
35
+ - Updated 18 documentation files with AccessRule terminology
36
+ - Updated 7 scaffolding templates with `accessPair()` pattern
37
+ - All code examples use new AccessRule API
38
+
39
+ ## Migration Guide
40
+
41
+ ### Backend Plugins
42
+
43
+ ```diff
44
+ - import { permissionList } from "./permissions";
45
+ - env.registerPermissions(permissionList);
46
+ + import { accessRules } from "./access";
47
+ + env.registerAccessRules(accessRules);
48
+ ```
49
+
50
+ ### RPC Contracts
51
+
52
+ ```diff
53
+ - .meta({ userType: "user", permissions: [permissions.read.id] })
54
+ + .meta({ userType: "user", access: [access.read] })
55
+ ```
56
+
57
+ ### Frontend Hooks
58
+
59
+ ```diff
60
+ - const canRead = accessApi.usePermission(permissions.read.id);
61
+ + const canRead = accessApi.useAccess(access.read);
62
+ ```
63
+
64
+ ### Routes
65
+
66
+ ```diff
67
+ - permission: permissions.entityRead.id,
68
+ + accessRule: access.read,
69
+ ```
70
+
71
+ ### Patch Changes
72
+
73
+ - Updated dependencies [9faec1f]
74
+ - Updated dependencies [827b286]
75
+ - Updated dependencies [f533141]
76
+ - Updated dependencies [aa4a8ab]
77
+ - @checkstack/backend-api@0.3.0
78
+ - @checkstack/catalog-common@1.1.0
79
+ - @checkstack/command-backend@0.1.0
80
+ - @checkstack/common@0.2.0
81
+ - @checkstack/notification-common@0.1.0
82
+
83
+ ## 0.1.0
84
+
85
+ ### Minor Changes
86
+
87
+ - 8e43507: BREAKING: `getSystems` now returns `{ systems: [...] }` instead of plain array
88
+
89
+ This change enables resource-level access control filtering for the catalog plugin. The middleware needs a consistent object format with named keys to perform post-execution filtering on list endpoints.
90
+
91
+ ## Breaking Changes
92
+
93
+ - `getSystems()` now returns `{ systems: System[] }` instead of `System[]`
94
+ - All call sites must update to destructure: `const { systems } = await api.getSystems()`
95
+
96
+ ## New Features
97
+
98
+ - Added `resourceAccess` metadata to catalog endpoints:
99
+ - `getSystems`: List filtering by team access
100
+ - `getSystem`: Single resource pre-check by team access
101
+ - `getEntities`: List filtering for systems by team access
102
+
103
+ ## Migration
104
+
105
+ ```diff
106
+ - const systems = await catalogApi.getSystems();
107
+ + const { systems } = await catalogApi.getSystems();
108
+ ```
109
+
110
+ ### Patch Changes
111
+
112
+ - Updated dependencies [97c5a6b]
113
+ - Updated dependencies [8e43507]
114
+ - Updated dependencies [8e43507]
115
+ - @checkstack/backend-api@0.2.0
116
+ - @checkstack/catalog-common@1.0.0
117
+ - @checkstack/common@0.1.0
118
+ - @checkstack/command-backend@0.0.4
119
+ - @checkstack/notification-common@0.0.4
120
+
3
121
  ## 0.0.3
4
122
 
5
123
  ### Patch Changes
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@checkstack/catalog-backend",
3
- "version": "0.0.3",
3
+ "version": "0.2.0",
4
4
  "type": "module",
5
5
  "main": "src/index.ts",
6
6
  "scripts": {
package/src/index.ts CHANGED
@@ -2,11 +2,11 @@ import { createBackendPlugin } from "@checkstack/backend-api";
2
2
  import { type NodePgDatabase } from "drizzle-orm/node-postgres";
3
3
  import { coreServices } from "@checkstack/backend-api";
4
4
  import {
5
- permissionList,
5
+ catalogAccessRules,
6
+ catalogAccess,
6
7
  pluginMetadata,
7
8
  catalogContract,
8
9
  catalogRoutes,
9
- permissions,
10
10
  } from "@checkstack/catalog-common";
11
11
  import { createCatalogRouter } from "./router";
12
12
  import { NotificationApi } from "@checkstack/notification-common";
@@ -24,7 +24,7 @@ export { catalogHooks } from "./hooks";
24
24
  export default createBackendPlugin({
25
25
  metadata: pluginMetadata,
26
26
  register(env) {
27
- env.registerPermissions(permissionList);
27
+ env.registerAccessRules(catalogAccessRules);
28
28
 
29
29
  env.registerInit({
30
30
  schema,
@@ -89,7 +89,7 @@ export default createBackendPlugin({
89
89
  iconName: "Activity",
90
90
  route:
91
91
  resolveRoute(catalogRoutes.routes.config) + "?action=create",
92
- requiredPermissions: [permissions.catalogManage],
92
+ requiredAccessRules: [catalogAccess.system.manage],
93
93
  },
94
94
  {
95
95
  id: "manage",
@@ -98,7 +98,7 @@ export default createBackendPlugin({
98
98
  iconName: "Activity",
99
99
  shortcuts: ["meta+shift+s", "ctrl+shift+s"],
100
100
  route: resolveRoute(catalogRoutes.routes.config),
101
- requiredPermissions: [permissions.catalogManage],
101
+ requiredAccessRules: [catalogAccess.system.manage],
102
102
  },
103
103
  ],
104
104
  });
package/src/router.ts CHANGED
@@ -1,8 +1,5 @@
1
1
  import { implement, ORPCError } from "@orpc/server";
2
- import {
3
- autoAuthMiddleware,
4
- type RpcContext,
5
- } from "@checkstack/backend-api";
2
+ import { autoAuthMiddleware, type RpcContext } from "@checkstack/backend-api";
6
3
  import { catalogContract } from "@checkstack/catalog-common";
7
4
  import { EntityService } from "./services/entity-service";
8
5
  import type { NodePgDatabase } from "drizzle-orm/node-postgres";
@@ -15,8 +12,8 @@ import { eq } from "drizzle-orm";
15
12
  /**
16
13
  * Creates the catalog router using contract-based implementation.
17
14
  *
18
- * Auth and permissions are automatically enforced via autoAuthMiddleware
19
- * based on the contract's meta.userType and meta.permissions.
15
+ * Auth and access rules are automatically enforced via autoAuthMiddleware
16
+ * based on the contract's meta.userType and meta.access.
20
17
  */
21
18
  const os = implement(catalogContract)
22
19
  .$context<RpcContext>()
@@ -95,9 +92,11 @@ export const createCatalogRouter = ({
95
92
 
96
93
  const getSystems = os.getSystems.handler(async () => {
97
94
  const systems = await entityService.getSystems();
98
- return systems as unknown as Array<
99
- (typeof systems)[number] & { metadata: Record<string, unknown> | null }
100
- >;
95
+ return {
96
+ systems: systems as unknown as Array<
97
+ (typeof systems)[number] & { metadata: Record<string, unknown> | null }
98
+ >,
99
+ };
101
100
  });
102
101
 
103
102
  const getSystem = os.getSystem.handler(async ({ input }) => {