@classytic/arc 1.1.0 → 2.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (200) hide show
  1. package/README.md +247 -794
  2. package/bin/arc.js +91 -52
  3. package/dist/EventTransport-BkUDYZEb.d.mts +99 -0
  4. package/dist/HookSystem-BsGV-j2l.mjs +404 -0
  5. package/dist/ResourceRegistry-7Ic20ZMw.mjs +249 -0
  6. package/dist/adapters/index.d.mts +5 -0
  7. package/dist/adapters/index.mjs +3 -0
  8. package/dist/audit/index.d.mts +81 -0
  9. package/dist/audit/index.mjs +275 -0
  10. package/dist/audit/mongodb.d.mts +5 -0
  11. package/dist/audit/mongodb.mjs +3 -0
  12. package/dist/audited-CGdLiSlE.mjs +140 -0
  13. package/dist/auth/index.d.mts +188 -0
  14. package/dist/auth/index.mjs +1096 -0
  15. package/dist/auth/redis-session.d.mts +43 -0
  16. package/dist/auth/redis-session.mjs +75 -0
  17. package/dist/betterAuthOpenApi-DjWDddNc.mjs +249 -0
  18. package/dist/cache/index.d.mts +145 -0
  19. package/dist/cache/index.mjs +91 -0
  20. package/dist/caching-GSDJcA6-.mjs +93 -0
  21. package/dist/chunk-C7Uep-_p.mjs +20 -0
  22. package/dist/circuitBreaker-DYhWBW_D.mjs +1096 -0
  23. package/dist/cli/commands/describe.d.mts +18 -0
  24. package/dist/cli/commands/describe.mjs +238 -0
  25. package/dist/cli/commands/docs.d.mts +13 -0
  26. package/dist/cli/commands/docs.mjs +52 -0
  27. package/dist/cli/commands/{generate.d.ts → generate.d.mts} +3 -2
  28. package/dist/cli/commands/generate.mjs +357 -0
  29. package/dist/cli/commands/{init.d.ts → init.d.mts} +11 -8
  30. package/dist/cli/commands/{init.js → init.mjs} +807 -617
  31. package/dist/cli/commands/introspect.d.mts +10 -0
  32. package/dist/cli/commands/introspect.mjs +75 -0
  33. package/dist/cli/index.d.mts +16 -0
  34. package/dist/cli/index.mjs +156 -0
  35. package/dist/constants-DdXFXQtN.mjs +84 -0
  36. package/dist/core/index.d.mts +5 -0
  37. package/dist/core/index.mjs +4 -0
  38. package/dist/createApp-D2D5XXaV.mjs +559 -0
  39. package/dist/defineResource-PXzSJ15_.mjs +2197 -0
  40. package/dist/discovery/index.d.mts +46 -0
  41. package/dist/discovery/index.mjs +109 -0
  42. package/dist/docs/index.d.mts +162 -0
  43. package/dist/docs/index.mjs +74 -0
  44. package/dist/elevation-DGo5shaX.d.mts +87 -0
  45. package/dist/elevation-DSTbVvYj.mjs +113 -0
  46. package/dist/errorHandler-C3GY3_ow.mjs +108 -0
  47. package/dist/errorHandler-CW3OOeYq.d.mts +72 -0
  48. package/dist/errors-DAWRdiYP.d.mts +124 -0
  49. package/dist/errors-DBANPbGr.mjs +211 -0
  50. package/dist/eventPlugin-BEOvaDqo.mjs +229 -0
  51. package/dist/eventPlugin-H6wDDjGO.d.mts +124 -0
  52. package/dist/events/index.d.mts +53 -0
  53. package/dist/events/index.mjs +51 -0
  54. package/dist/events/transports/redis-stream-entry.d.mts +2 -0
  55. package/dist/events/transports/redis-stream-entry.mjs +177 -0
  56. package/dist/events/transports/redis.d.mts +76 -0
  57. package/dist/events/transports/redis.mjs +124 -0
  58. package/dist/externalPaths-SyPF2tgK.d.mts +50 -0
  59. package/dist/factory/index.d.mts +63 -0
  60. package/dist/factory/index.mjs +3 -0
  61. package/dist/fastifyAdapter-C8DlE0YH.d.mts +216 -0
  62. package/dist/fields-Bi_AVKSo.d.mts +109 -0
  63. package/dist/fields-CTd_CrKr.mjs +114 -0
  64. package/dist/hooks/index.d.mts +4 -0
  65. package/dist/hooks/index.mjs +3 -0
  66. package/dist/idempotency/index.d.mts +96 -0
  67. package/dist/idempotency/index.mjs +319 -0
  68. package/dist/idempotency/mongodb.d.mts +2 -0
  69. package/dist/idempotency/mongodb.mjs +114 -0
  70. package/dist/idempotency/redis.d.mts +2 -0
  71. package/dist/idempotency/redis.mjs +103 -0
  72. package/dist/index.d.mts +260 -0
  73. package/dist/index.mjs +104 -0
  74. package/dist/integrations/event-gateway.d.mts +46 -0
  75. package/dist/integrations/event-gateway.mjs +43 -0
  76. package/dist/integrations/index.d.mts +5 -0
  77. package/dist/integrations/index.mjs +1 -0
  78. package/dist/integrations/jobs.d.mts +103 -0
  79. package/dist/integrations/jobs.mjs +123 -0
  80. package/dist/integrations/streamline.d.mts +60 -0
  81. package/dist/integrations/streamline.mjs +125 -0
  82. package/dist/integrations/websocket.d.mts +82 -0
  83. package/dist/integrations/websocket.mjs +288 -0
  84. package/dist/interface-CSNjltAc.d.mts +77 -0
  85. package/dist/interface-DTbsvIWe.d.mts +54 -0
  86. package/dist/interface-e9XfSsUV.d.mts +1097 -0
  87. package/dist/introspectionPlugin-B3JkrjwU.mjs +53 -0
  88. package/dist/keys-DhqDRxv3.mjs +42 -0
  89. package/dist/logger-ByrvQWZO.mjs +78 -0
  90. package/dist/memory-B2v7KrCB.mjs +143 -0
  91. package/dist/migrations/index.d.mts +156 -0
  92. package/dist/migrations/index.mjs +260 -0
  93. package/dist/mongodb-ClykrfGo.d.mts +118 -0
  94. package/dist/mongodb-DNKEExbf.mjs +93 -0
  95. package/dist/mongodb-Dg8O_gvd.d.mts +71 -0
  96. package/dist/openapi-9nB_kiuR.mjs +525 -0
  97. package/dist/org/index.d.mts +68 -0
  98. package/dist/org/index.mjs +513 -0
  99. package/dist/org/types.d.mts +82 -0
  100. package/dist/org/types.mjs +1 -0
  101. package/dist/permissions/index.d.mts +278 -0
  102. package/dist/permissions/index.mjs +579 -0
  103. package/dist/plugins/index.d.mts +172 -0
  104. package/dist/plugins/index.mjs +522 -0
  105. package/dist/plugins/response-cache.d.mts +87 -0
  106. package/dist/plugins/response-cache.mjs +283 -0
  107. package/dist/plugins/tracing-entry.d.mts +2 -0
  108. package/dist/plugins/tracing-entry.mjs +185 -0
  109. package/dist/pluralize-CM-jZg7p.mjs +86 -0
  110. package/dist/policies/{index.d.ts → index.d.mts} +204 -170
  111. package/dist/policies/index.mjs +321 -0
  112. package/dist/presets/{index.d.ts → index.d.mts} +62 -131
  113. package/dist/presets/index.mjs +143 -0
  114. package/dist/presets/multiTenant.d.mts +24 -0
  115. package/dist/presets/multiTenant.mjs +113 -0
  116. package/dist/presets-BTeYbw7h.d.mts +57 -0
  117. package/dist/presets-CeFtfDR8.mjs +119 -0
  118. package/dist/prisma-C3iornoK.d.mts +274 -0
  119. package/dist/prisma-DJbMt3yf.mjs +627 -0
  120. package/dist/queryCachePlugin-B6R0d4av.mjs +138 -0
  121. package/dist/queryCachePlugin-Q6SYuHZ6.d.mts +71 -0
  122. package/dist/redis-UwjEp8Ea.d.mts +49 -0
  123. package/dist/redis-stream-CBg0upHI.d.mts +103 -0
  124. package/dist/registry/index.d.mts +11 -0
  125. package/dist/registry/index.mjs +4 -0
  126. package/dist/requestContext-xi6OKBL-.mjs +55 -0
  127. package/dist/schemaConverter-Dtg0Kt9T.mjs +98 -0
  128. package/dist/schemas/index.d.mts +63 -0
  129. package/dist/schemas/index.mjs +82 -0
  130. package/dist/scope/index.d.mts +21 -0
  131. package/dist/scope/index.mjs +65 -0
  132. package/dist/sessionManager-D_iEHjQl.d.mts +186 -0
  133. package/dist/sse-DkqQ1uxb.mjs +123 -0
  134. package/dist/testing/index.d.mts +907 -0
  135. package/dist/testing/index.mjs +1976 -0
  136. package/dist/tracing-8CEbhF0w.d.mts +70 -0
  137. package/dist/typeGuards-DwxA1t_L.mjs +9 -0
  138. package/dist/types/index.d.mts +946 -0
  139. package/dist/types/index.mjs +14 -0
  140. package/dist/types-B0dhNrnd.d.mts +445 -0
  141. package/dist/types-Beqn1Un7.mjs +38 -0
  142. package/dist/types-DelU6kln.mjs +25 -0
  143. package/dist/types-RLkFVgaw.d.mts +101 -0
  144. package/dist/utils/index.d.mts +747 -0
  145. package/dist/utils/index.mjs +6 -0
  146. package/package.json +194 -68
  147. package/dist/BaseController-DVAiHxEQ.d.ts +0 -233
  148. package/dist/adapters/index.d.ts +0 -237
  149. package/dist/adapters/index.js +0 -668
  150. package/dist/arcCorePlugin-CsShQdyP.d.ts +0 -273
  151. package/dist/audit/index.d.ts +0 -195
  152. package/dist/audit/index.js +0 -319
  153. package/dist/auth/index.d.ts +0 -47
  154. package/dist/auth/index.js +0 -174
  155. package/dist/cli/commands/docs.d.ts +0 -11
  156. package/dist/cli/commands/docs.js +0 -474
  157. package/dist/cli/commands/generate.js +0 -334
  158. package/dist/cli/commands/introspect.d.ts +0 -8
  159. package/dist/cli/commands/introspect.js +0 -338
  160. package/dist/cli/index.d.ts +0 -4
  161. package/dist/cli/index.js +0 -3269
  162. package/dist/core/index.d.ts +0 -220
  163. package/dist/core/index.js +0 -2786
  164. package/dist/createApp-Ce9wl8W9.d.ts +0 -77
  165. package/dist/docs/index.d.ts +0 -166
  166. package/dist/docs/index.js +0 -658
  167. package/dist/errors-8WIxGS_6.d.ts +0 -122
  168. package/dist/events/index.d.ts +0 -117
  169. package/dist/events/index.js +0 -89
  170. package/dist/factory/index.d.ts +0 -38
  171. package/dist/factory/index.js +0 -1652
  172. package/dist/hooks/index.d.ts +0 -4
  173. package/dist/hooks/index.js +0 -199
  174. package/dist/idempotency/index.d.ts +0 -323
  175. package/dist/idempotency/index.js +0 -500
  176. package/dist/index-B4t03KQ0.d.ts +0 -1366
  177. package/dist/index.d.ts +0 -135
  178. package/dist/index.js +0 -4756
  179. package/dist/migrations/index.d.ts +0 -185
  180. package/dist/migrations/index.js +0 -274
  181. package/dist/org/index.d.ts +0 -129
  182. package/dist/org/index.js +0 -220
  183. package/dist/permissions/index.d.ts +0 -144
  184. package/dist/permissions/index.js +0 -103
  185. package/dist/plugins/index.d.ts +0 -46
  186. package/dist/plugins/index.js +0 -1069
  187. package/dist/policies/index.js +0 -196
  188. package/dist/presets/index.js +0 -384
  189. package/dist/presets/multiTenant.d.ts +0 -39
  190. package/dist/presets/multiTenant.js +0 -112
  191. package/dist/registry/index.d.ts +0 -16
  192. package/dist/registry/index.js +0 -253
  193. package/dist/testing/index.d.ts +0 -618
  194. package/dist/testing/index.js +0 -48020
  195. package/dist/types/index.d.ts +0 -4
  196. package/dist/types/index.js +0 -8
  197. package/dist/types-B99TBmFV.d.ts +0 -76
  198. package/dist/types-BvckRbs2.d.ts +0 -143
  199. package/dist/utils/index.d.ts +0 -679
  200. package/dist/utils/index.js +0 -931
package/dist/permissions/index.d.mts ADDED
@@ -0,0 +1,278 @@
1
+ import { a as applyFieldWritePermissions, i as applyFieldReadPermissions, n as FieldPermissionMap, o as fields, r as FieldPermissionType, s as resolveEffectiveRoles, t as FieldPermission } from "../fields-Bi_AVKSo.mjs";
2
+ import { a as getUserRoles, i as UserBase, n as PermissionContext, o as normalizeRoles, r as PermissionResult, t as PermissionCheck } from "../types-RLkFVgaw.mjs";
3
+ import { i as CacheStore, t as CacheLogger } from "../interface-DTbsvIWe.mjs";
4
+ import { a as presets_d_exports, c as readOnly, i as ownerWithAdminBypass, n as authenticated, o as publicRead, r as fullPublic, s as publicReadAdminWrite, t as adminOnly } from "../presets-BTeYbw7h.mjs";
5
+
6
+ //#region src/permissions/index.d.ts
7
+ interface DynamicPermissionMatrixConfig {
8
+ /**
9
+ * Resolve role → resource → actions map dynamically (DB/API/config service).
10
+ * Called at permission-check time (or cache miss if cache enabled).
11
+ */
12
+ resolveRolePermissions: (ctx: PermissionContext) => Record<string, Record<string, readonly string[]>> | Promise<Record<string, Record<string, readonly string[]>>>;
13
+ /**
14
+ * Optional cache store adapter.
15
+ * Use MemoryCacheStore for single-instance apps or RedisCacheStore for distributed setups.
16
+ */
17
+ cacheStore?: CacheStore<Record<string, Record<string, readonly string[]>>>;
18
+ /** Optional logger for cache/runtime failures (default: console) */
19
+ logger?: CacheLogger;
20
+ /**
21
+ * Legacy convenience in-memory cache config.
22
+ * If `cacheStore` is not provided and ttlMs > 0, Arc creates an internal MemoryCacheStore.
23
+ */
24
+ cache?: {
25
+ /** Cache TTL in milliseconds */ttlMs: number; /** Optional custom cache key builder */
26
+ key?: (ctx: PermissionContext) => string | null | undefined; /** Hard entry cap for internal memory store (default: 1000) */
27
+ maxEntries?: number;
28
+ };
29
+ }
30
+ /** Minimal publish/subscribe interface for cross-node cache invalidation. */
31
+ interface PermissionEventBus {
32
+ publish: <T>(type: string, payload: T) => Promise<void>;
33
+ subscribe: (pattern: string, handler: (event: {
34
+ payload: unknown;
35
+ }) => void | Promise<void>) => Promise<(() => void) | void>;
36
+ }
37
+ interface ConnectEventsOptions {
38
+ /** Called on remote invalidation for app-specific cleanup (e.g., resolver cache) */
39
+ onRemoteInvalidation?: (orgId: string) => void | Promise<void>;
40
+ /** Custom event type (default: 'arc.permissions.invalidated') */
41
+ eventType?: string;
42
+ }
43
+ interface DynamicPermissionMatrix {
44
+ can: (permissions: Record<string, readonly string[]>) => PermissionCheck;
45
+ canAction: (resource: string, action: string) => PermissionCheck;
46
+ requireRole: (...roles: string[]) => PermissionCheck;
47
+ requireMembership: () => PermissionCheck;
48
+ requireTeamMembership: () => PermissionCheck;
49
+ /** Invalidate cached permissions for a specific organization */
50
+ invalidateByOrg: (orgId: string) => Promise<void>;
51
+ clearCache: () => Promise<void>;
52
+ /**
53
+ * Connect to an event system for cross-node cache invalidation.
54
+ *
55
+ * Late-binding: call after the event plugin is registered (e.g., in onReady hook).
56
+ * Once connected, `invalidateByOrg()` auto-publishes an event, and incoming
57
+ * events from other nodes trigger local cache invalidation.
58
+ * Echo is suppressed via per-process nodeId matching.
59
+ */
60
+ connectEvents(events: PermissionEventBus, options?: ConnectEventsOptions): Promise<void>;
61
+ /** Disconnect from the event system. Safe to call even if never connected. */
62
+ disconnectEvents(): Promise<void>;
63
+ /** Whether events are currently connected. */
64
+ readonly eventsConnected: boolean;
65
+ }
66
+ /**
67
+ * Allow public access (no authentication required)
68
+ *
69
+ * @example
70
+ * ```typescript
71
+ * permissions: {
72
+ * list: allowPublic(),
73
+ * get: allowPublic(),
74
+ * }
75
+ * ```
76
+ */
77
+ declare function allowPublic(): PermissionCheck;
78
+ /**
79
+ * Require authentication (any authenticated user)
80
+ *
81
+ * @example
82
+ * ```typescript
83
+ * permissions: {
84
+ * create: requireAuth(),
85
+ * update: requireAuth(),
86
+ * }
87
+ * ```
88
+ */
89
+ declare function requireAuth(): PermissionCheck;
90
+ /**
91
+ * Require specific roles
92
+ *
93
+ * @param roles - Required roles (user needs at least one)
94
+ * @param options - Optional bypass roles
95
+ *
96
+ * @example
97
+ * ```typescript
98
+ * permissions: {
99
+ * create: requireRoles(['admin', 'editor']),
100
+ * delete: requireRoles(['admin']),
101
+ * }
102
+ *
103
+ * // With bypass roles
104
+ * permissions: {
105
+ * update: requireRoles(['owner'], { bypassRoles: ['admin', 'superadmin'] }),
106
+ * }
107
+ * ```
108
+ */
109
+ declare function requireRoles(roles: readonly string[], options?: {
110
+ bypassRoles?: readonly string[];
111
+ }): PermissionCheck;
112
+ /**
113
+ * Require resource ownership
114
+ *
115
+ * Returns filters to scope queries to user's owned resources.
116
+ *
117
+ * @param ownerField - Field containing owner ID (default: 'userId')
118
+ * @param options - Optional bypass roles
119
+ *
120
+ * @example
121
+ * ```typescript
122
+ * permissions: {
123
+ * update: requireOwnership('userId'),
124
+ * delete: requireOwnership('createdBy', { bypassRoles: ['admin'] }),
125
+ * }
126
+ * ```
127
+ */
128
+ declare function requireOwnership<TDoc = any>(ownerField?: Extract<keyof TDoc, string> | string, options?: {
129
+ bypassRoles?: readonly string[];
130
+ }): PermissionCheck<TDoc>;
131
+ /**
132
+ * Combine multiple checks - ALL must pass (AND logic)
133
+ *
134
+ * @example
135
+ * ```typescript
136
+ * permissions: {
137
+ * update: allOf(
138
+ * requireAuth(),
139
+ * requireRoles(['editor']),
140
+ * requireOwnership('createdBy')
141
+ * ),
142
+ * }
143
+ * ```
144
+ */
145
+ declare function allOf(...checks: PermissionCheck[]): PermissionCheck;
146
+ /**
147
+ * Combine multiple checks - ANY must pass (OR logic)
148
+ *
149
+ * @example
150
+ * ```typescript
151
+ * permissions: {
152
+ * update: anyOf(
153
+ * requireRoles(['admin']),
154
+ * requireOwnership('createdBy')
155
+ * ),
156
+ * }
157
+ * ```
158
+ */
159
+ declare function anyOf(...checks: PermissionCheck[]): PermissionCheck;
160
+ /**
161
+ * Deny all access
162
+ *
163
+ * @example
164
+ * ```typescript
165
+ * permissions: {
166
+ * delete: denyAll('Deletion not allowed'),
167
+ * }
168
+ * ```
169
+ */
170
+ declare function denyAll(reason?: string): PermissionCheck;
171
+ /**
172
+ * Dynamic permission based on context
173
+ *
174
+ * @example
175
+ * ```typescript
176
+ * permissions: {
177
+ * update: when((ctx) => ctx.data?.status === 'draft'),
178
+ * }
179
+ * ```
180
+ */
181
+ declare function when<TDoc = any>(condition: (ctx: PermissionContext<TDoc>) => boolean | Promise<boolean>): PermissionCheck<TDoc>;
182
+ /**
183
+ * Require membership in the active organization.
184
+ * User must be authenticated AND have an active org (member or elevated scope).
185
+ *
186
+ * Reads `request.scope` set by auth adapters.
187
+ *
188
+ * @example
189
+ * ```typescript
190
+ * permissions: {
191
+ * list: requireOrgMembership(),
192
+ * get: requireOrgMembership(),
193
+ * }
194
+ * ```
195
+ */
196
+ declare function requireOrgMembership<TDoc = any>(): PermissionCheck<TDoc>;
197
+ /**
198
+ * Require specific org-level roles.
199
+ * Reads `request.scope.orgRoles` (set by auth adapters).
200
+ * Elevated scope always passes (platform admin bypass).
201
+ *
202
+ * @param roles - Required org roles (user needs at least one)
203
+ *
204
+ * @example
205
+ * ```typescript
206
+ * permissions: {
207
+ * create: requireOrgRole('admin', 'owner'),
208
+ * delete: requireOrgRole('owner'),
209
+ * }
210
+ * ```
211
+ */
212
+ declare function requireOrgRole<TDoc = any>(...args: string[] | [readonly string[]]): PermissionCheck<TDoc>;
213
+ /**
214
+ * Create a scoped permission system for resource-action patterns.
215
+ * Maps org roles to fine-grained permissions without external API calls.
216
+ *
217
+ * @example
218
+ * ```typescript
219
+ * const perms = createOrgPermissions({
220
+ * statements: {
221
+ * product: ['create', 'update', 'delete'],
222
+ * order: ['create', 'approve'],
223
+ * },
224
+ * roles: {
225
+ * owner: { product: ['create', 'update', 'delete'], order: ['create', 'approve'] },
226
+ * admin: { product: ['create', 'update'], order: ['create'] },
227
+ * member: { product: [], order: [] },
228
+ * },
229
+ * });
230
+ *
231
+ * defineResource({
232
+ * permissions: {
233
+ * create: perms.can({ product: ['create'] }),
234
+ * delete: perms.can({ product: ['delete'] }),
235
+ * }
236
+ * });
237
+ * ```
238
+ */
239
+ declare function createOrgPermissions(config: {
240
+ statements: Record<string, readonly string[]>;
241
+ roles: Record<string, Record<string, readonly string[]>>;
242
+ }): {
243
+ can: (permissions: Record<string, string[]>) => PermissionCheck;
244
+ requireRole: (...roles: string[]) => PermissionCheck;
245
+ requireMembership: () => PermissionCheck;
246
+ requireTeamMembership: () => PermissionCheck;
247
+ };
248
+ /**
249
+ * Create a dynamic role-based permission matrix.
250
+ *
251
+ * Use this when role/action mappings are managed outside code
252
+ * (e.g., admin UI matrix, DB-stored ACLs, remote policy service).
253
+ *
254
+ * Supports:
255
+ * - org role union (any assigned org role can grant)
256
+ * - global bypass roles
257
+ * - wildcard resource/action (`*`)
258
+ * - optional in-memory cache
259
+ */
260
+ declare function createDynamicPermissionMatrix(config: DynamicPermissionMatrixConfig): DynamicPermissionMatrix;
261
+ /**
262
+ * Require membership in the active team.
263
+ * User must be authenticated, a member of the active org, AND have an active team.
264
+ *
265
+ * Better Auth teams are flat member groups (no team-level roles).
266
+ * Reads `request.scope.teamId` set by the Better Auth adapter.
267
+ *
268
+ * @example
269
+ * ```typescript
270
+ * permissions: {
271
+ * list: requireTeamMembership(),
272
+ * create: requireTeamMembership(),
273
+ * }
274
+ * ```
275
+ */
276
+ declare function requireTeamMembership<TDoc = any>(): PermissionCheck<TDoc>;
277
+ //#endregion
278
+ export { ConnectEventsOptions, DynamicPermissionMatrix, DynamicPermissionMatrixConfig, type FieldPermission, type FieldPermissionMap, type FieldPermissionType, type PermissionCheck, type PermissionContext, PermissionEventBus, type PermissionResult, type UserBase, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, authenticated, createDynamicPermissionMatrix, createOrgPermissions, denyAll, fields, fullPublic, getUserRoles, normalizeRoles, ownerWithAdminBypass, presets_d_exports as permissions, publicRead, publicReadAdminWrite, readOnly, requireAuth, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireTeamMembership, resolveEffectiveRoles, when };