@checkstack/incident-frontend 0.0.4 → 0.2.0

package/CHANGELOG.md

@@ -1,5 +1,170 @@
 # @checkstack/incident-frontend
 
+## 0.2.0
+
+### Minor Changes
+
+- 9faec1f: # Unified AccessRule Terminology Refactoring
+
+  This release completes a comprehensive terminology refactoring from "permission" to "accessRule" across the entire codebase, establishing a consistent and modern access control vocabulary.
+
+  ## Changes
+
+  ### Core Infrastructure (`@checkstack/common`)
+
+  - Introduced `AccessRule` interface as the primary access control type
+  - Added `accessPair()` helper for creating read/manage access rule pairs
+  - Added `access()` builder for individual access rules
+  - Replaced `Permission` type with `AccessRule` throughout
+
+  ### API Changes
+
+  - `env.registerPermissions()` → `env.registerAccessRules()`
+  - `meta.permissions` → `meta.access` in RPC contracts
+  - `usePermission()` → `useAccess()` in frontend hooks
+  - Route `permission:` field → `accessRule:` field
+
+  ### UI Changes
+
+  - "Roles & Permissions" tab → "Roles & Access Rules"
+  - "You don't have permission..." → "You don't have access..."
+  - All permission-related UI text updated
+
+  ### Documentation & Templates
+
+  - Updated 18 documentation files with AccessRule terminology
+  - Updated 7 scaffolding templates with `accessPair()` pattern
+  - All code examples use new AccessRule API
+
+  ## Migration Guide
+
+  ### Backend Plugins
+
+  ```diff
+  - import { permissionList } from "./permissions";
+  - env.registerPermissions(permissionList);
+  + import { accessRules } from "./access";
+  + env.registerAccessRules(accessRules);
+  ```
+
+  ### RPC Contracts
+
+  ```diff
+  - .meta({ userType: "user", permissions: [permissions.read.id] })
+  + .meta({ userType: "user", access: [access.read] })
+  ```
+
+  ### Frontend Hooks
+
+  ```diff
+  - const canRead = accessApi.usePermission(permissions.read.id);
+  + const canRead = accessApi.useAccess(access.read);
+  ```
+
+  ### Routes
+
+  ```diff
+  - permission: permissions.entityRead.id,
+  + accessRule: access.read,
+  ```
+
+### Patch Changes
+
+- Updated dependencies [9faec1f]
+- Updated dependencies [95eeec7]
+- Updated dependencies [f533141]
+  - @checkstack/auth-frontend@0.2.0
+  - @checkstack/catalog-common@1.1.0
+  - @checkstack/common@0.2.0
+  - @checkstack/frontend-api@0.1.0
+  - @checkstack/incident-common@0.2.0
+  - @checkstack/ui@0.2.0
+  - @checkstack/signal-frontend@0.0.6
+
+## 0.1.0
+
+### Minor Changes
+
+- 8e43507: # Teams and Resource-Level Access Control
+
+  This release introduces a comprehensive Teams system for organizing users and controlling access to resources at a granular level.
+
+  ## Features
+
+  ### Team Management
+
+  - Create, update, and delete teams with name and description
+  - Add/remove users from teams
+  - Designate team managers with elevated privileges
+  - View team membership and manager status
+
+  ### Resource-Level Access Control
+
+  - Grant teams access to specific resources (systems, health checks, incidents, maintenances)
+  - Configure read-only or manage permissions per team
+  - Resource-level "Team Only" mode that restricts access exclusively to team members
+  - Separate `resourceAccessSettings` table for resource-level settings (not per-grant)
+  - Automatic cleanup of grants when teams are deleted (database cascade)
+
+  ### Middleware Integration
+
+  - Extended `autoAuthMiddleware` to support resource access checks
+  - Single-resource pre-handler validation for detail endpoints
+  - Automatic list filtering for collection endpoints
+  - S2S endpoints for access verification
+
+  ### Frontend Components
+
+  - `TeamsTab` component for managing teams in Auth Settings
+  - `TeamAccessEditor` component for assigning team access to resources
+  - Resource-level "Team Only" toggle in `TeamAccessEditor`
+  - Integration into System, Health Check, Incident, and Maintenance editors
+
+  ## Breaking Changes
+
+  ### API Response Format Changes
+
+  List endpoints now return objects with named keys instead of arrays directly:
+
+  ```typescript
+  // Before
+  const systems = await catalogApi.getSystems();
+
+  // After
+  const { systems } = await catalogApi.getSystems();
+  ```
+
+  Affected endpoints:
+
+  - `catalog.getSystems` → `{ systems: [...] }`
+  - `healthcheck.getConfigurations` → `{ configurations: [...] }`
+  - `incident.listIncidents` → `{ incidents: [...] }`
+  - `maintenance.listMaintenances` → `{ maintenances: [...] }`
+
+  ### User Identity Enrichment
+
+  `RealUser` and `ApplicationUser` types now include `teamIds: string[]` field with team memberships.
+
+  ## Documentation
+
+  See `docs/backend/teams.md` for complete API reference and integration guide.
+
+### Patch Changes
+
+- 97c5a6b: Fix Radix UI accessibility warning in dialog components by adding visually hidden DialogDescription components
+- Updated dependencies [8e43507]
+- Updated dependencies [97c5a6b]
+- Updated dependencies [97c5a6b]
+- Updated dependencies [8e43507]
+- Updated dependencies [8e43507]
+  - @checkstack/ui@0.1.0
+  - @checkstack/auth-frontend@0.1.0
+  - @checkstack/catalog-common@1.0.0
+  - @checkstack/common@0.1.0
+  - @checkstack/incident-common@0.1.0
+  - @checkstack/frontend-api@0.0.4
+  - @checkstack/signal-frontend@0.0.5
+
 ## 0.0.4
 
 ### Patch Changes

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@checkstack/incident-frontend",
-  "version": "0.0.4",
+  "version": "0.2.0",
   "type": "module",
   "main": "src/index.tsx",
   "scripts": {
@@ -9,6 +9,7 @@
     "lint:code": "eslint . --max-warnings 0"
   },
   "dependencies": {
+    "@checkstack/auth-frontend": "workspace:*",
     "@checkstack/catalog-common": "workspace:*",
     "@checkstack/common": "workspace:*",
     "@checkstack/frontend-api": "workspace:*",

package/src/components/IncidentEditor.tsx

@@ -10,6 +10,7 @@ import type { System } from "@checkstack/catalog-common";
 import {
   Dialog,
   DialogContent,
+  DialogDescription,
   DialogHeader,
   DialogTitle,
   DialogFooter,
@@ -29,6 +30,7 @@ import {
 import { Plus, MessageSquare, Loader2, AlertCircle } from "lucide-react";
 import { IncidentUpdateForm } from "./IncidentUpdateForm";
 import { getIncidentStatusBadge } from "../utils/badges";
+import { TeamAccessEditor } from "@checkstack/auth-frontend";
 
 interface Props {
   open: boolean;
@@ -165,6 +167,11 @@ export const IncidentEditor: React.FC<Props> = ({
           <DialogTitle>
             {incident ? "Edit Incident" : "Create Incident"}
           </DialogTitle>
+          <DialogDescription className="sr-only">
+            {incident
+              ? "Modify the details for this incident report"
+              : "Report a new incident affecting your systems"}
+          </DialogDescription>
         </DialogHeader>
 
         <div className="grid gap-6 py-4 max-h-[70vh] overflow-y-auto">
@@ -295,6 +302,16 @@ export const IncidentEditor: React.FC<Props> = ({
               )}
             </div>
           )}
+
+          {/* Team Access Editor - only shown when editing existing incident */}
+          {incident?.id && (
+            <TeamAccessEditor
+              resourceType="incident.incident"
+              resourceId={incident.id}
+              compact
+              expanded
+            />
+          )}
         </div>
 
         <DialogFooter>

package/src/components/IncidentMenuItems.tsx

@@ -3,20 +3,17 @@ import { Link } from "react-router-dom";
 import { AlertTriangle } from "lucide-react";
 import type { UserMenuItemsContext } from "@checkstack/frontend-api";
 import { DropdownMenuItem } from "@checkstack/ui";
-import { qualifyPermissionId, resolveRoute } from "@checkstack/common";
+import { resolveRoute } from "@checkstack/common";
 import {
   incidentRoutes,
-  permissions,
+  incidentAccess,
   pluginMetadata,
 } from "@checkstack/incident-common";
 
 export const IncidentMenuItems = ({
-  permissions: userPerms,
+  accessRules: userPerms,
 }: UserMenuItemsContext) => {
-  const qualifiedId = qualifyPermissionId(
-    pluginMetadata,
-    permissions.incidentManage
-  );
+  const qualifiedId = `${pluginMetadata.pluginId}.${incidentAccess.incident.manage.id}`;
   const canManage = userPerms.includes("*") || userPerms.includes(qualifiedId);
 
   if (!canManage) {

package/src/index.tsx

@@ -10,7 +10,7 @@ import {
   incidentRoutes,
   IncidentApi,
   pluginMetadata,
-  permissions,
+  incidentAccess,
 } from "@checkstack/incident-common";
 import {
   SystemDetailsTopSlot,
@@ -30,7 +30,7 @@ export default createFrontendPlugin({
       route: incidentRoutes.routes.config,
       element: <IncidentConfigPage />,
       title: "Incidents",
-      permission: permissions.incidentManage,
+      accessRule: incidentAccess.incident.manage,
     },
     {
       route: incidentRoutes.routes.detail,

package/src/pages/IncidentConfigPage.tsx

@@ -3,7 +3,7 @@ import { useSearchParams } from "react-router-dom";
 import {
   useApi,
   rpcApiRef,
-  permissionApiRef,
+  accessApiRef,
   wrapInSuspense,
 } from "@checkstack/frontend-api";
 import { incidentApiRef } from "../api";
@@ -11,6 +11,7 @@ import type {
   IncidentWithSystems,
   IncidentStatus,
 } from "@checkstack/incident-common";
+import { incidentAccess } from "@checkstack/incident-common";
 import { CatalogApi, type System } from "@checkstack/catalog-common";
 import {
   Card,
@@ -50,14 +51,14 @@ import { IncidentEditor } from "../components/IncidentEditor";
 const IncidentConfigPageContent: React.FC = () => {
   const api = useApi(incidentApiRef);
   const rpcApi = useApi(rpcApiRef);
-  const permissionApi = useApi(permissionApiRef);
+  const accessApi = useApi(accessApiRef);
   const [searchParams, setSearchParams] = useSearchParams();
 
   const catalogApi = useMemo(() => rpcApi.forPlugin(CatalogApi), [rpcApi]);
   const toast = useToast();
 
-  const { allowed: canManage, loading: permissionLoading } =
-    permissionApi.useResourcePermission("incident", "manage");
+  const { allowed: canManage, loading: accessLoading } =
+    accessApi.useAccess(incidentAccess.incident.manage);
 
   const [incidents, setIncidents] = useState<IncidentWithSystems[]>([]);
   const [systems, setSystems] = useState<System[]>([]);
@@ -84,14 +85,15 @@ const IncidentConfigPageContent: React.FC = () => {
   const loadData = async () => {
     setLoading(true);
     try {
-      const [incidentList, systemList] = await Promise.all([
-        api.listIncidents(
-          statusFilter === "all"
-            ? { includeResolved: showResolved }
-            : { status: statusFilter, includeResolved: showResolved }
-        ),
-        catalogApi.getSystems(),
-      ]);
+      const [{ incidents: incidentList }, { systems: systemList }] =
+        await Promise.all([
+          api.listIncidents(
+            statusFilter === "all"
+              ? { includeResolved: showResolved }
+              : { status: statusFilter, includeResolved: showResolved }
+          ),
+          catalogApi.getSystems(),
+        ]);
       setIncidents(incidentList);
       setSystems(systemList);
     } catch (error) {
@@ -219,7 +221,7 @@ const IncidentConfigPageContent: React.FC = () => {
     <PageLayout
       title="Incident Management"
       subtitle="Track and manage incidents affecting your systems"
-      loading={permissionLoading}
+      loading={accessLoading}
       allowed={canManage}
       actions={
         <Button onClick={handleCreate}>

package/src/pages/IncidentDetailPage.tsx

@@ -3,7 +3,7 @@ import { useParams, useNavigate, useSearchParams } from "react-router-dom";
 import {
   useApi,
   rpcApiRef,
-  permissionApiRef,
+  accessApiRef,
   wrapInSuspense,
 } from "@checkstack/frontend-api";
 import { useSignal } from "@checkstack/signal-frontend";
@@ -13,6 +13,7 @@ import {
   incidentRoutes,
   INCIDENT_UPDATED,
   type IncidentDetail,
+  incidentAccess,
 } from "@checkstack/incident-common";
 import { CatalogApi, type System } from "@checkstack/catalog-common";
 import {
@@ -50,14 +51,13 @@ const IncidentDetailPageContent: React.FC = () => {
   const [searchParams] = useSearchParams();
   const api = useApi(incidentApiRef);
   const rpcApi = useApi(rpcApiRef);
-  const permissionApi = useApi(permissionApiRef);
+  const accessApi = useApi(accessApiRef);
   const toast = useToast();
 
   const catalogApi = useMemo(() => rpcApi.forPlugin(CatalogApi), [rpcApi]);
 
-  const { allowed: canManage } = permissionApi.useResourcePermission(
-    "incident",
-    "manage"
+  const { allowed: canManage } = accessApi.useAccess(
+    incidentAccess.incident.manage
   );
 
   const [incident, setIncident] = useState<IncidentDetail | undefined>();
@@ -69,7 +69,7 @@ const IncidentDetailPageContent: React.FC = () => {
     if (!incidentId) return;
 
     try {
-      const [incidentData, systemList] = await Promise.all([
+      const [incidentData, { systems: systemList }] = await Promise.all([
         api.getIncident({ id: incidentId }),
         catalogApi.getSystems(),
       ]);

package/src/pages/SystemIncidentHistoryPage.tsx

@@ -1,10 +1,6 @@
 import React, { useEffect, useState, useMemo } from "react";
 import { useParams, Link } from "react-router-dom";
-import {
-  useApi,
-  rpcApiRef,
-  wrapInSuspense,
-} from "@checkstack/frontend-api";
+import { useApi, rpcApiRef, wrapInSuspense } from "@checkstack/frontend-api";
 import { useSignal } from "@checkstack/signal-frontend";
 import { resolveRoute } from "@checkstack/common";
 import { incidentApiRef } from "../api";
@@ -48,10 +44,11 @@ const SystemIncidentHistoryPageContent: React.FC = () => {
 
     setLoading(true);
     try {
-      const [incidentList, systemList] = await Promise.all([
-        api.listIncidents({ systemId, includeResolved: true }),
-        catalogApi.getSystems(),
-      ]);
+      const [{ incidents: incidentList }, { systems: systemList }] =
+        await Promise.all([
+          api.listIncidents({ systemId, includeResolved: true }),
+          catalogApi.getSystems(),
+        ]);
       const systemData = systemList.find((s) => s.id === systemId);
       setIncidents(incidentList);
       setSystem(systemData);