@checkstack/infrastructure-frontend 0.3.3 → 0.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +64 -0
  2. package/package.json +8 -8
  3. package/src/index.tsx +21 -5
package/CHANGELOG.md CHANGED
@@ -1,5 +1,69 @@
1
1
  # @checkstack/infrastructure-frontend
2
2
 
3
+ ## 0.3.5
4
+
5
+ ### Patch Changes
6
+
7
+ - 56e7c75: Hide navigation, actions and links that the current user cannot use, so anonymous
8
+ and read-only users no longer see entries that lead to "Access Denied" or to
9
+ actions the server would reject.
10
+
11
+ - **Sidebar**: a nav entry can now declare a dynamic `nav.isVisible({ accessRules, isAuthenticated })` predicate (in addition to the static `accessRule`). A group whose every entry is filtered out is no longer rendered. The filtering/grouping logic is extracted to a pure, unit-tested helper.
12
+ - **Infrastructure**: its sidebar entry is shown only when the user can READ at least one contributed tab (queue, cache, …), instead of always (it previously had no static rule because tabs are contributed at runtime).
13
+ - **Notification Settings**: hidden from anonymous users - notifications are per-user, so an anonymous visitor can't have any.
14
+ - **Anomaly Mute / Suppress**: the "Mute" / "Mute all" controls (a per-user preference) are hidden from anonymous visitors; the "Suppress" control is gated on `anomalyAccess.feed.manage`. Both were previously always visible.
15
+ - **Dashboard**: the "Open Catalog" actions (which open the manage-only Catalog config page) are hidden from users without `catalogAccess.system.manage`, and the "View catalog" link is gated on `catalogAccess.system.read`.
16
+ - **Dashboard status signals**: the per-system status rows contributed by plugins (`SystemSignalsSlot`) now render as a LINK only when the user can open the target, and as plain text otherwise. `SystemSignal` gains an optional `accessRule`; the healthcheck, anomaly, and dependency fillers set it for their gated targets (check-history / assignments / dependency-map). Signals pointing at ungated pages (incident / maintenance / SLO detail) stay links.
17
+ - **Plugin Manager**: the "Install plugin" button (which opens the install-gated page) is hidden from users with only `plugin` view access.
18
+ - **Satellites**: the page is entirely manage-gated, but its route/sidebar entry was gated on `read`, so read-only users saw the nav item and hit "Access Denied" on click. The route and nav entry now require `satellite.manage`.
19
+
20
+ The `@checkstack/ai-backend` bump is only the regenerated bundled docs index
21
+ (the frontend routing guide gained the `nav.isVisible` section); no code change.
22
+
23
+ **BREAKING (`@checkstack/frontend-api`):** the `AccessApi` interface gains a
24
+ required `useIsAuthenticated()` method. Custom `AccessApi` implementations must
25
+ add it (it returns `{ loading, isAuthenticated }`). The built-in auth
26
+ implementation and the no-auth fallback already do. `NavEntry` also gains an
27
+ optional `isVisible` predicate (purely additive).
28
+
29
+ - Updated dependencies [56e7c75]
30
+ - Updated dependencies [56e7c75]
31
+ - @checkstack/frontend-api@0.9.0
32
+ - @checkstack/ui@1.15.1
33
+ - @checkstack/common@0.15.0
34
+ - @checkstack/infrastructure-common@0.3.8
35
+
36
+ ## 0.3.4
37
+
38
+ ### Patch Changes
39
+
40
+ - fb705df: Upgrade React 18 to React 19 across the platform.
41
+
42
+ **BREAKING (runtime frontend plugins):** React is shared as a Module Federation
43
+ singleton, so the host now provides **React 19** to every runtime plugin.
44
+ Frontend plugins built against React 18 must be rebuilt against React 19
45
+ (`react` / `react-dom` `^19`). The scaffold templates and the host/plugin MF
46
+ `requiredVersion` are updated to `^19`. `react` (and now `react-dom`) are pinned
47
+ to a single version across the workspace via syncpack so the singleton can never
48
+ skew (react and react-dom must match exactly).
49
+
50
+ The React 19 removed-API surface was audited - the codebase used only no-arg
51
+ `useRef()` (now `useRef<T | undefined>(undefined)`); no `ReactDOM.render`,
52
+ legacy context, string refs, or function-component `defaultProps`. This also
53
+ clears the `IMPORT_IS_UNDEFINED` build warnings for `React.use` /
54
+ `React.useOptimistic` (react-router 7 feature-detection), which React 19 exports.
55
+
56
+ The downstream `*-frontend` packages (and `@checkstack/infrastructure-common`)
57
+ receive only the mechanical `react` dependency bump (`patch`); the framework
58
+ packages carrying the shared-singleton change are bumped `minor`.
59
+
60
+ - Updated dependencies [9d8961c]
61
+ - Updated dependencies [fb705df]
62
+ - @checkstack/ui@1.15.0
63
+ - @checkstack/frontend-api@0.8.0
64
+ - @checkstack/infrastructure-common@0.3.7
65
+ - @checkstack/common@0.14.1
66
+
3
67
  ## 0.3.3
4
68
 
5
69
  ### Patch Changes
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@checkstack/infrastructure-frontend",
3
- "version": "0.3.3",
3
+ "version": "0.3.5",
4
4
  "license": "Elastic-2.0",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",
@@ -21,18 +21,18 @@
21
21
  "lint:code": "eslint . --max-warnings 0"
22
22
  },
23
23
  "dependencies": {
24
- "@checkstack/common": "0.14.1",
25
- "@checkstack/frontend-api": "0.7.2",
26
- "@checkstack/infrastructure-common": "0.3.6",
27
- "@checkstack/ui": "1.14.0",
24
+ "@checkstack/common": "0.15.0",
25
+ "@checkstack/frontend-api": "0.9.0",
26
+ "@checkstack/infrastructure-common": "0.3.8",
27
+ "@checkstack/ui": "1.15.1",
28
28
  "lucide-react": "^1.17.0",
29
- "react": "^18.3.1",
29
+ "react": "19.2.7",
30
30
  "react-router-dom": "^7.16.0"
31
31
  },
32
32
  "devDependencies": {
33
- "@types/react": "^18.3.18",
33
+ "@types/react": "^19.0.0",
34
34
  "typescript": "^5.7.2",
35
35
  "@checkstack/tsconfig": "0.0.7",
36
- "@checkstack/scripts": "0.5.0"
36
+ "@checkstack/scripts": "0.6.1"
37
37
  }
38
38
  }
package/src/index.tsx CHANGED
@@ -1,8 +1,11 @@
1
- import { createFrontendPlugin } from "@checkstack/frontend-api";
1
+ import { createFrontendPlugin, pluginRegistry } from "@checkstack/frontend-api";
2
+ import { isAccessRuleSatisfied } from "@checkstack/common";
2
3
  import { Server } from "lucide-react";
3
4
  import {
4
5
  pluginMetadata,
5
6
  infrastructureRoutes,
7
+ InfrastructureTabsSlot,
8
+ type InfrastructureTabMetadata,
6
9
  } from "@checkstack/infrastructure-common";
7
10
 
8
11
  export const infrastructurePlugin = createFrontendPlugin({
@@ -15,13 +18,26 @@ export const infrastructurePlugin = createFrontendPlugin({
15
18
  default: m.InfrastructureConfigPage,
16
19
  })),
17
20
  title: "Infrastructure",
18
- // No accessRule here — the page handles per-tab access internally
21
+ // No static accessRule — the tabs are contributed by other plugins at
22
+ // runtime. Show the sidebar entry only when the user can READ at least one
23
+ // contributed tab; otherwise the page would just render "Access Denied".
19
24
  nav: {
20
25
  group: "Configuration",
21
26
  icon: Server,
22
- // Per-tab access is gated inside the page (tabs are contributed by
23
- // other plugins), so there is no single static rule to gate the
24
- // sidebar entry on.
27
+ isVisible: ({ accessRules }) =>
28
+ pluginRegistry
29
+ .getExtensions(InfrastructureTabsSlot.id)
30
+ .some((extension) => {
31
+ // `getExtensions` is keyed by slot id and therefore untyped; every
32
+ // extension in THIS slot carries InfrastructureTabMetadata by the
33
+ // slot contract, so reading `readAccess` off it is sound.
34
+ const metadata = extension.metadata as
35
+ | InfrastructureTabMetadata
36
+ | undefined;
37
+ return metadata
38
+ ? isAccessRuleSatisfied(accessRules, metadata.readAccess)
39
+ : false;
40
+ }),
25
41
  },
26
42
  },
27
43
  ],