npm - @checkstack/catalog-common - Versions diffs - 2.0.1 → 2.2.0 - Mend

@checkstack/catalog-common 2.0.1 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,107 @@
 # @checkstack/catalog-common
+## 2.2.0
+### Minor Changes
+- 9016526: Add a `/rest/:pluginId/*` HTTP mount that serves every plugin's oRPC contract
+  through the REST/OpenAPI shape described by `/api/openapi.json`. Queries are
+  `GET` with query parameters, mutations are `POST` with the input as the raw
+  JSON body. The existing `/api/:pluginId/*` mount continues to serve oRPC's
+  native wire protocol unchanged, so existing clients are not affected.
+  The OpenAPI spec at `/api/openapi.json` now reflects the real mount: every
+  `paths` entry is prefixed with `/rest` instead of `/api`.
+  Also fixes a SPA-fallback bug: the backend's `/api-docs` route previously
+  returned 404 on production deployments because the static-file middleware
+  skipped any path starting with `/api`, capturing `/api-docs` along with real
+  API routes. The skip now requires a trailing slash (`/api/`, `/rest/`).
+  Required access rules are now visible in the API Docs UI. The OpenAPI spec
+  generator was reading a non-existent `accessRules` field on procedure
+  metadata; the real field is `access: AccessRule[]`. Each procedure's access
+  rules are now flattened to fully-qualified IDs (e.g. `catalog.system.read`)
+  and emitted under `x-orpc-meta.accessRules`, which the existing
+  `Required Access Rules` section in the docs UI already knew how to render.
+  The API Docs schema renderer now handles record types (zod `z.record`),
+  `$ref`s into `components.schemas`, `oneOf`/`anyOf`/`allOf`, nullable union
+  types (`type: ["string", "null"]`), and `format` qualifiers. Previously
+  record outputs like `{ statuses: object }` masked the actual value type;
+  they now render as `{ [key]: <ResolvedType> { ... } }` with the inner
+  schema expanded, capped at 12 levels with cycle detection.
+  **REST method conventions.** `proc()` now defaults to `GET` for queries and
+  `POST` for mutations on the `/rest` mount, using bracket-notation query
+  params (`?filter[status]=active&ids[0]=a`) for GET inputs. Existing
+  procedures were updated to follow REST semantics:
+  - `update*` mutations → `PATCH`
+  - `delete*` / `remove*` mutations → `DELETE`
+  - `getBulk*` queries and any query taking a large array input → `POST`
+    (because `@orpc/openapi@1.13.x` has no GET→POST URL-length fallback)
+  GET endpoints require an `object` input — bare scalars like
+  `.input(z.string())` are not valid on GET. `getSystemConfigurations` was
+  refactored from `.input(z.string())` to `.input(z.object({ systemId: ... }))`
+  to fit the GET shape; the only call-site update was the in-process router
+  unpacking `input.systemId` instead of passing `input` directly.
+  The API Docs UI now renders query parameters (path/query/header/cookie) in a
+  dedicated table for GET endpoints, and the fetch example shows them in the
+  URL with `<required>` / `<optional>` placeholders.
+### Patch Changes
+- Updated dependencies [9016526]
+  - @checkstack/common@0.10.0
+  - @checkstack/auth-common@0.7.0
+  - @checkstack/notification-common@1.1.0
+  - @checkstack/frontend-api@0.5.1
+## 2.1.0
+### Minor Changes
+- 1ef2e79: feat: hotlinks on incidents/maintenances and additional links on systems
+  Users with `manage` access on an incident, maintenance, or system can now
+  attach free-form URL "hotlinks" — Jira tickets, runbooks, dashboards, ticket
+  tools, etc. — alongside the existing fields.
+  - **Incidents** & **maintenances**: links live on the entity itself and are
+    surfaced both in the editor dialog and on the public detail page. Two new
+    RPC procedures per plugin (`addLink`, `removeLink`) gated behind the
+    existing `manage` access rule. Links are returned as part of
+    `getIncident` / `getMaintenance` and cache-invalidated on every link
+    mutation.
+  - **Systems**: a parallel `system_links` table with `getSystemLinks`,
+    `addSystemLink`, `removeSystemLink` procedures. Surfaced inside the
+    system editor (next to contacts) and on the read-only system detail
+    sidebar. Cache-scoped per-system so list endpoints remain hot.
+  - **Shared UI**: a `LinksEditor` component in `@checkstack/ui` does the
+    presentation; the three plugins each own their own RPC wiring.
+  Database changes ship as additive migrations (new `incident_links`,
+  `maintenance_links`, `system_links` tables, all FK-cascaded on parent
+  delete). No existing columns or rows are touched.
+  The system incident and maintenance history pages now sort by relevance:
+  active entries (non-`resolved` incidents, `scheduled` or `in_progress`
+  maintenances) appear at the top, with creation date descending as the
+  tiebreaker.
+### Patch Changes
+- Updated dependencies [42abfff]
+- Updated dependencies [aa89bc5]
+- Updated dependencies [950d6ec]
+  - @checkstack/common@0.9.0
+  - @checkstack/frontend-api@0.5.0
+  - @checkstack/auth-common@0.6.6
+  - @checkstack/notification-common@1.0.2
 ## 2.0.1
 ### Patch Changes

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@checkstack/catalog-common",
-  "version": "2.0.1",
+  "version": "2.2.0",
   "license": "Elastic-2.0",
   "type": "module",
   "exports": {
@@ -9,17 +9,17 @@
     }
   },
   "dependencies": {
-    "@checkstack/common": "0.7.0",
-    "@checkstack/auth-common": "0.6.4",
-    "@checkstack/frontend-api": "0.4.1",
-    "@checkstack/notification-common": "1.0.0",
+    "@checkstack/common": "0.9.0",
+    "@checkstack/auth-common": "0.6.6",
+    "@checkstack/frontend-api": "0.5.0",
+    "@checkstack/notification-common": "1.0.2",
     "@orpc/contract": "^1.13.14",
     "zod": "^4.2.1"
   },
   "devDependencies": {
     "typescript": "^5.7.2",
-    "@checkstack/tsconfig": "0.0.6",
-    "@checkstack/scripts": "0.1.2"
+    "@checkstack/tsconfig": "0.0.7",
+    "@checkstack/scripts": "0.3.1"
   },
   "scripts": {
     "typecheck": "tsgo -b",

package/src/rpc-contract.ts CHANGED Viewed

@@ -7,6 +7,7 @@ import {
   ViewSchema,
   SystemContactSchema,
   ContactTypeSchema,
+  SystemLinkSchema,
 } from "./types";
 import { catalogAccess } from "./access";
@@ -115,6 +116,7 @@ export const catalogContract = {
     userType: "authenticated",
     access: [catalogAccess.system.manage],
   })
+    .route({ method: "PATCH" })
     .input(UpdateSystemInputSchema)
     .output(SystemSchema),
@@ -123,6 +125,7 @@ export const catalogContract = {
     userType: "authenticated",
     access: [catalogAccess.system.manage],
   })
+    .route({ method: "DELETE" })
     .input(z.string())
     .output(z.object({ success: z.boolean() })),
@@ -161,6 +164,45 @@ export const catalogContract = {
     userType: "authenticated",
     access: [catalogAccess.system.manage],
   })
+    .route({ method: "DELETE" })
+    .input(z.string())
+    .output(z.object({ success: z.boolean() })),
+  // ==========================================================================
+  // SYSTEM LINKS MANAGEMENT
+  // Free-form URLs (Jira boards, dashboards, runbooks) attached to a system.
+  // ==========================================================================
+  getSystemLinks: proc({
+    operationType: "query",
+    userType: "public",
+    access: [catalogAccess.system.read],
+    instanceAccess: { idParam: "systemId" },
+  })
+    .input(z.object({ systemId: z.string() }))
+    .output(z.array(SystemLinkSchema)),
+  addSystemLink: proc({
+    operationType: "mutation",
+    userType: "authenticated",
+    access: [catalogAccess.system.manage],
+    instanceAccess: { idParam: "systemId" },
+  })
+    .input(
+      z.object({
+        systemId: z.string(),
+        label: z.string().max(120).optional(),
+        url: z.string().url("Must be a valid URL"),
+      }),
+    )
+    .output(SystemLinkSchema),
+  removeSystemLink: proc({
+    operationType: "mutation",
+    userType: "authenticated",
+    access: [catalogAccess.system.manage],
+  })
+    .route({ method: "DELETE" })
     .input(z.string())
     .output(z.object({ success: z.boolean() })),
@@ -181,6 +223,7 @@ export const catalogContract = {
     userType: "authenticated",
     access: [catalogAccess.group.manage],
   })
+    .route({ method: "PATCH" })
     .input(UpdateGroupInputSchema)
     .output(GroupSchema),
@@ -189,6 +232,7 @@ export const catalogContract = {
     userType: "authenticated",
     access: [catalogAccess.group.manage],
   })
+    .route({ method: "DELETE" })
     .input(z.string())
     .output(z.object({ success: z.boolean() })),
@@ -214,6 +258,7 @@ export const catalogContract = {
     userType: "authenticated",
     access: [catalogAccess.system.manage],
   })
+    .route({ method: "DELETE" })
     .input(
       z.object({
         groupId: z.string(),

package/src/types.ts CHANGED Viewed

@@ -46,6 +46,16 @@ export const SystemContactSchema = z.discriminatedUnion("type", [
 ]);
 export type SystemContact = z.infer<typeof SystemContactSchema>;
+// System Links — free-form hotlinks attached to a system (Jira board, dashboards, etc.)
+export const SystemLinkSchema = z.object({
+  id: z.string(),
+  systemId: z.string(),
+  label: z.string().nullable(),
+  url: z.string(),
+  createdAt: z.date(),
+});
+export type SystemLink = z.infer<typeof SystemLinkSchema>;
 export const GroupSchema = z.object({
   id: z.string(),
   name: z.string(),