npm - @classytic/arc - Versions diffs - 2.3.0 → 2.4.2 - Mend

@classytic/arc 2.3.0 → 2.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (175) hide show

package/README.md +187 -18
package/bin/arc.js +11 -3
package/dist/BaseController-CkM5dUh_.mjs +1031 -0
package/dist/{EventTransport-BkUDYZEb.d.mts → EventTransport-wc5hSLik.d.mts} +1 -1
package/dist/{HookSystem-BsGV-j2l.mjs → HookSystem-COkyWztM.mjs} +2 -3
package/dist/{ResourceRegistry-7Ic20ZMw.mjs → ResourceRegistry-DeCIFlix.mjs} +8 -5
package/dist/adapters/index.d.mts +3 -5
package/dist/adapters/index.mjs +2 -3
package/dist/{prisma-DJbMt3yf.mjs → adapters-DTC4Ug66.mjs} +45 -12
package/dist/audit/index.d.mts +4 -7
package/dist/audit/index.mjs +2 -29
package/dist/audit/mongodb.d.mts +1 -4
package/dist/audit/mongodb.mjs +2 -3
package/dist/auth/index.d.mts +7 -9
package/dist/auth/index.mjs +65 -63
package/dist/auth/redis-session.d.mts +1 -1
package/dist/auth/redis-session.mjs +1 -2
package/dist/{betterAuthOpenApi-DjWDddNc.mjs → betterAuthOpenApi-lz0IRbXJ.mjs} +4 -6
package/dist/cache/index.d.mts +23 -23
package/dist/cache/index.mjs +4 -6
package/dist/{caching-GSDJcA6-.mjs → caching-BSXB-Xr7.mjs} +2 -24
package/dist/chunk-BpYLSNr0.mjs +14 -0
package/dist/circuitBreaker-BOBOpN2w.mjs +284 -0
package/dist/circuitBreaker-JP2GdJ4b.d.mts +206 -0
package/dist/cli/commands/describe.mjs +24 -7
package/dist/cli/commands/docs.mjs +6 -7
package/dist/cli/commands/doctor.d.mts +10 -0
package/dist/cli/commands/doctor.mjs +156 -0
package/dist/cli/commands/generate.mjs +66 -17
package/dist/cli/commands/init.mjs +315 -45
package/dist/cli/commands/introspect.mjs +2 -4
package/dist/cli/index.d.mts +1 -10
package/dist/cli/index.mjs +4 -153
package/dist/{constants-DdXFXQtN.mjs → constants-Cxde4rpC.mjs} +1 -2
package/dist/core/index.d.mts +3 -5
package/dist/core/index.mjs +5 -4
package/dist/core-C1XCMtqM.mjs +185 -0
package/dist/{createApp-CgKOPhA4.mjs → createApp-ByWNRsZj.mjs} +64 -35
package/dist/{defineResource-DWbpJYtm.mjs → defineResource-D9aY5Cy6.mjs} +108 -1157
package/dist/discovery/index.mjs +37 -5
package/dist/docs/index.d.mts +6 -9
package/dist/docs/index.mjs +3 -21
package/dist/dynamic/index.d.mts +93 -0
package/dist/dynamic/index.mjs +122 -0
package/dist/{elevation-DSTbVvYj.mjs → elevation-BEdACOLB.mjs} +5 -36
package/dist/{elevation-DGo5shaX.d.mts → elevation-Ca_yveIO.d.mts} +41 -7
package/dist/{errorHandler-C3GY3_ow.mjs → errorHandler--zp54tGc.mjs} +3 -5
package/dist/errorHandler-Do4vVQ1f.d.mts +139 -0
package/dist/{errors-DBANPbGr.mjs → errors-rxhfP7Hf.mjs} +1 -2
package/dist/{eventPlugin-BEOvaDqo.mjs → eventPlugin-Ba00swHF.mjs} +25 -27
package/dist/{eventPlugin-H6wDDjGO.d.mts → eventPlugin-iGrSEmwJ.d.mts} +105 -5
package/dist/events/index.d.mts +72 -7
package/dist/events/index.mjs +216 -4
package/dist/events/transports/redis-stream-entry.d.mts +1 -1
package/dist/events/transports/redis-stream-entry.mjs +19 -7
package/dist/events/transports/redis.d.mts +1 -1
package/dist/events/transports/redis.mjs +3 -4
package/dist/factory/index.d.mts +23 -9
package/dist/factory/index.mjs +48 -3
package/dist/{fields-Bi_AVKSo.d.mts → fields-DFwdaWCq.d.mts} +1 -1
package/dist/{fields-CTd_CrKr.mjs → fields-ipsbIRPK.mjs} +1 -2
package/dist/hooks/index.d.mts +1 -3
package/dist/hooks/index.mjs +2 -3
package/dist/idempotency/index.d.mts +5 -5
package/dist/idempotency/index.mjs +3 -7
package/dist/idempotency/mongodb.d.mts +1 -1
package/dist/idempotency/mongodb.mjs +4 -5
package/dist/idempotency/redis.d.mts +1 -1
package/dist/idempotency/redis.mjs +2 -5
package/dist/{fastifyAdapter-6b_eRDBw.d.mts → index-BL8CaQih.d.mts} +56 -57
package/dist/index-Diqcm14c.d.mts +369 -0
package/dist/{prisma-Dy5S5F5i.d.mts → index-yhxyjqNb.d.mts} +4 -5
package/dist/index.d.mts +100 -105
package/dist/index.mjs +85 -58
package/dist/integrations/event-gateway.d.mts +1 -1
package/dist/integrations/event-gateway.mjs +8 -4
package/dist/integrations/index.d.mts +4 -2
package/dist/integrations/index.mjs +1 -1
package/dist/integrations/jobs.d.mts +2 -2
package/dist/integrations/jobs.mjs +63 -14
package/dist/integrations/mcp/index.d.mts +219 -0
package/dist/integrations/mcp/index.mjs +572 -0
package/dist/integrations/mcp/testing.d.mts +53 -0
package/dist/integrations/mcp/testing.mjs +104 -0
package/dist/integrations/streamline.mjs +39 -19
package/dist/integrations/webhooks.d.mts +56 -0
package/dist/integrations/webhooks.mjs +139 -0
package/dist/integrations/websocket-redis.d.mts +46 -0
package/dist/integrations/websocket-redis.mjs +50 -0
package/dist/integrations/websocket.d.mts +68 -2
package/dist/integrations/websocket.mjs +96 -13
package/dist/{interface-CSNjltAc.d.mts → interface-B4awm1RJ.d.mts} +2 -2
package/dist/interface-DGmPxakH.d.mts +2213 -0
package/dist/{keys-DhqDRxv3.mjs → keys-qcD-TVJl.mjs} +3 -4
package/dist/{logger-ByrvQWZO.mjs → logger-Dz3j1ItV.mjs} +2 -4
package/dist/{memory-B2v7KrCB.mjs → memory-Cb_7iy9e.mjs} +2 -4
package/dist/metrics-Csh4nsvv.mjs +224 -0
package/dist/migrations/index.d.mts +113 -44
package/dist/migrations/index.mjs +84 -102
package/dist/{mongodb-DNKEExbf.mjs → mongodb-BuQ7fNTg.mjs} +1 -4
package/dist/{mongodb-ClykrfGo.d.mts → mongodb-CUpYfxfD.d.mts} +2 -3
package/dist/{mongodb-Dg8O_gvd.d.mts → mongodb-bga9AbkD.d.mts} +2 -2
package/dist/{openapi-9nB_kiuR.mjs → openapi-CBmZ6EQN.mjs} +4 -21
package/dist/org/index.d.mts +12 -14
package/dist/org/index.mjs +92 -119
package/dist/org/types.d.mts +2 -2
package/dist/org/types.mjs +1 -1
package/dist/permissions/index.d.mts +4 -278
package/dist/permissions/index.mjs +4 -579
package/dist/permissions-CA5zg0yK.mjs +751 -0
package/dist/plugins/index.d.mts +104 -107
package/dist/plugins/index.mjs +203 -313
package/dist/plugins/response-cache.mjs +4 -69
package/dist/plugins/tracing-entry.d.mts +1 -1
package/dist/plugins/tracing-entry.mjs +24 -11
package/dist/{pluralize-CM-jZg7p.mjs → pluralize-CcT6qF0a.mjs} +12 -13
package/dist/policies/index.d.mts +2 -2
package/dist/policies/index.mjs +80 -83
package/dist/presets/index.d.mts +26 -19
package/dist/presets/index.mjs +2 -142
package/dist/presets/multiTenant.d.mts +1 -4
package/dist/presets/multiTenant.mjs +4 -6
package/dist/presets-C9QXJV1u.mjs +422 -0
package/dist/{queryCachePlugin-B6R0d4av.mjs → queryCachePlugin-ClosZdNS.mjs} +6 -27
package/dist/{queryCachePlugin-Q6SYuHZ6.d.mts → queryCachePlugin-DcmETvcB.d.mts} +3 -3
package/dist/queryParser-CgCtsjti.mjs +352 -0
package/dist/{redis-UwjEp8Ea.d.mts → redis-CQ5YxMC5.d.mts} +2 -2
package/dist/{redis-stream-CBg0upHI.d.mts → redis-stream-BW9UKLZM.d.mts} +9 -2
package/dist/registry/index.d.mts +1 -4
package/dist/registry/index.mjs +3 -4
package/dist/{introspectionPlugin-B3JkrjwU.mjs → registry-I-ogLgL9.mjs} +1 -8
package/dist/{requestContext-xi6OKBL-.mjs → requestContext-DYtmNpm5.mjs} +1 -3
package/dist/resourceToTools-PMFE8HIv.mjs +533 -0
package/dist/rpc/index.d.mts +90 -0
package/dist/rpc/index.mjs +248 -0
package/dist/{schemaConverter-Dtg0Kt9T.mjs → schemaConverter-DjzHpFam.mjs} +1 -2
package/dist/schemas/index.d.mts +30 -30
package/dist/schemas/index.mjs +2 -4
package/dist/scope/index.d.mts +13 -2
package/dist/scope/index.mjs +18 -5
package/dist/{sessionManager-D_iEHjQl.d.mts → sessionManager-wbkYj2HL.d.mts} +2 -2
package/dist/{sse-DkqQ1uxb.mjs → sse-BkViJPlT.mjs} +4 -25
package/dist/testing/index.d.mts +551 -567
package/dist/testing/index.mjs +1744 -1799
package/dist/{tracing-8CEbhF0w.d.mts → tracing-bz_U4EM1.d.mts} +6 -1
package/dist/{typeGuards-DwxA1t_L.mjs → typeGuards-Cj5Rgvlg.mjs} +1 -2
package/dist/types/index.d.mts +4 -946
package/dist/types/index.mjs +2 -4
package/dist/types-BJmgxNbF.d.mts +275 -0
package/dist/{types-RLkFVgaw.d.mts → types-BNUccdcf.d.mts} +2 -2
package/dist/{types-Beqn1Un7.mjs → types-C6TQjtdi.mjs} +30 -2
package/dist/{types-tKwaViYB.d.mts → types-Dt0-AI6E.d.mts} +68 -27
package/dist/{types-DelU6kln.mjs → types-ZUu_h0jp.mjs} +1 -2
package/dist/utils/index.d.mts +254 -351
package/dist/utils/index.mjs +7 -6
package/dist/utils-Dc0WhlIl.mjs +594 -0
package/dist/versioning-BzfeHmhj.mjs +37 -0
package/package.json +44 -10
package/skills/arc/SKILL.md +518 -0
package/skills/arc/references/auth.md +250 -0
package/skills/arc/references/events.md +272 -0
package/skills/arc/references/integrations.md +385 -0
package/skills/arc/references/mcp.md +431 -0
package/skills/arc/references/production.md +610 -0
package/skills/arc/references/testing.md +183 -0
package/dist/audited-CGdLiSlE.mjs +0 -140
package/dist/chunk-C7Uep-_p.mjs +0 -20
package/dist/circuitBreaker-CSS2VvL6.mjs +0 -1109
package/dist/errorHandler-CW3OOeYq.d.mts +0 -72
package/dist/interface-BtdYtQUA.d.mts +0 -1114
package/dist/presets-BTeYbw7h.d.mts +0 -57
package/dist/presets-CeFtfDR8.mjs +0 -119
/package/dist/{errors-DAWRdiYP.d.mts → errors-CPpvPHT0.d.mts} +0 -0
/package/dist/{externalPaths-SyPF2tgK.d.mts → externalPaths-DpO-s7r8.d.mts} +0 -0
/package/dist/{interface-DTbsvIWe.d.mts → interface-D_BWALyZ.d.mts} +0 -0

package/dist/permissions/index.d.mts CHANGED Viewed

@@ -1,278 +1,4 @@
-import { a as applyFieldWritePermissions, i as applyFieldReadPermissions, n as FieldPermissionMap, o as fields, r as FieldPermissionType, s as resolveEffectiveRoles, t as FieldPermission } from "../fields-Bi_AVKSo.mjs";
-import { a as getUserRoles, i as UserBase, n as PermissionContext, o as normalizeRoles, r as PermissionResult, t as PermissionCheck } from "../types-RLkFVgaw.mjs";
-import { i as CacheStore, t as CacheLogger } from "../interface-DTbsvIWe.mjs";
-import { a as presets_d_exports, c as readOnly, i as ownerWithAdminBypass, n as authenticated, o as publicRead, r as fullPublic, s as publicReadAdminWrite, t as adminOnly } from "../presets-BTeYbw7h.mjs";
-//#region src/permissions/index.d.ts
-interface DynamicPermissionMatrixConfig {
-  /**
-   * Resolve role → resource → actions map dynamically (DB/API/config service).
-   * Called at permission-check time (or cache miss if cache enabled).
-   */
-  resolveRolePermissions: (ctx: PermissionContext) => Record<string, Record<string, readonly string[]>> | Promise<Record<string, Record<string, readonly string[]>>>;
-  /**
-   * Optional cache store adapter.
-   * Use MemoryCacheStore for single-instance apps or RedisCacheStore for distributed setups.
-   */
-  cacheStore?: CacheStore<Record<string, Record<string, readonly string[]>>>;
-  /** Optional logger for cache/runtime failures (default: console) */
-  logger?: CacheLogger;
-  /**
-   * Legacy convenience in-memory cache config.
-   * If `cacheStore` is not provided and ttlMs > 0, Arc creates an internal MemoryCacheStore.
-   */
-  cache?: {
-    /** Cache TTL in milliseconds */ttlMs: number; /** Optional custom cache key builder */
-    key?: (ctx: PermissionContext) => string | null | undefined; /** Hard entry cap for internal memory store (default: 1000) */
-    maxEntries?: number;
-  };
-}
-/** Minimal publish/subscribe interface for cross-node cache invalidation. */
-interface PermissionEventBus {
-  publish: <T>(type: string, payload: T) => Promise<void>;
-  subscribe: (pattern: string, handler: (event: {
-    payload: unknown;
-  }) => void | Promise<void>) => Promise<(() => void) | void>;
-}
-interface ConnectEventsOptions {
-  /** Called on remote invalidation for app-specific cleanup (e.g., resolver cache) */
-  onRemoteInvalidation?: (orgId: string) => void | Promise<void>;
-  /** Custom event type (default: 'arc.permissions.invalidated') */
-  eventType?: string;
-}
-interface DynamicPermissionMatrix {
-  can: (permissions: Record<string, readonly string[]>) => PermissionCheck;
-  canAction: (resource: string, action: string) => PermissionCheck;
-  requireRole: (...roles: string[]) => PermissionCheck;
-  requireMembership: () => PermissionCheck;
-  requireTeamMembership: () => PermissionCheck;
-  /** Invalidate cached permissions for a specific organization */
-  invalidateByOrg: (orgId: string) => Promise<void>;
-  clearCache: () => Promise<void>;
-  /**
-   * Connect to an event system for cross-node cache invalidation.
-   *
-   * Late-binding: call after the event plugin is registered (e.g., in onReady hook).
-   * Once connected, `invalidateByOrg()` auto-publishes an event, and incoming
-   * events from other nodes trigger local cache invalidation.
-   * Echo is suppressed via per-process nodeId matching.
-   */
-  connectEvents(events: PermissionEventBus, options?: ConnectEventsOptions): Promise<void>;
-  /** Disconnect from the event system. Safe to call even if never connected. */
-  disconnectEvents(): Promise<void>;
-  /** Whether events are currently connected. */
-  readonly eventsConnected: boolean;
-}
-/**
- * Allow public access (no authentication required)
- *
- * @example
- * ```typescript
- * permissions: {
- *   list: allowPublic(),
- *   get: allowPublic(),
- * }
- * ```
- */
-declare function allowPublic(): PermissionCheck;
-/**
- * Require authentication (any authenticated user)
- *
- * @example
- * ```typescript
- * permissions: {
- *   create: requireAuth(),
- *   update: requireAuth(),
- * }
- * ```
- */
-declare function requireAuth(): PermissionCheck;
-/**
- * Require specific roles
- *
- * @param roles - Required roles (user needs at least one)
- * @param options - Optional bypass roles
- *
- * @example
- * ```typescript
- * permissions: {
- *   create: requireRoles(['admin', 'editor']),
- *   delete: requireRoles(['admin']),
- * }
- *
- * // With bypass roles
- * permissions: {
- *   update: requireRoles(['owner'], { bypassRoles: ['admin', 'superadmin'] }),
- * }
- * ```
- */
-declare function requireRoles(roles: readonly string[], options?: {
-  bypassRoles?: readonly string[];
-}): PermissionCheck;
-/**
- * Require resource ownership
- *
- * Returns filters to scope queries to user's owned resources.
- *
- * @param ownerField - Field containing owner ID (default: 'userId')
- * @param options - Optional bypass roles
- *
- * @example
- * ```typescript
- * permissions: {
- *   update: requireOwnership('userId'),
- *   delete: requireOwnership('createdBy', { bypassRoles: ['admin'] }),
- * }
- * ```
- */
-declare function requireOwnership<TDoc = any>(ownerField?: Extract<keyof TDoc, string> | string, options?: {
-  bypassRoles?: readonly string[];
-}): PermissionCheck<TDoc>;
-/**
- * Combine multiple checks - ALL must pass (AND logic)
- *
- * @example
- * ```typescript
- * permissions: {
- *   update: allOf(
- *     requireAuth(),
- *     requireRoles(['editor']),
- *     requireOwnership('createdBy')
- *   ),
- * }
- * ```
- */
-declare function allOf(...checks: PermissionCheck[]): PermissionCheck;
-/**
- * Combine multiple checks - ANY must pass (OR logic)
- *
- * @example
- * ```typescript
- * permissions: {
- *   update: anyOf(
- *     requireRoles(['admin']),
- *     requireOwnership('createdBy')
- *   ),
- * }
- * ```
- */
-declare function anyOf(...checks: PermissionCheck[]): PermissionCheck;
-/**
- * Deny all access
- *
- * @example
- * ```typescript
- * permissions: {
- *   delete: denyAll('Deletion not allowed'),
- * }
- * ```
- */
-declare function denyAll(reason?: string): PermissionCheck;
-/**
- * Dynamic permission based on context
- *
- * @example
- * ```typescript
- * permissions: {
- *   update: when((ctx) => ctx.data?.status === 'draft'),
- * }
- * ```
- */
-declare function when<TDoc = any>(condition: (ctx: PermissionContext<TDoc>) => boolean | Promise<boolean>): PermissionCheck<TDoc>;
-/**
- * Require membership in the active organization.
- * User must be authenticated AND have an active org (member or elevated scope).
- *
- * Reads `request.scope` set by auth adapters.
- *
- * @example
- * ```typescript
- * permissions: {
- *   list: requireOrgMembership(),
- *   get: requireOrgMembership(),
- * }
- * ```
- */
-declare function requireOrgMembership<TDoc = any>(): PermissionCheck<TDoc>;
-/**
- * Require specific org-level roles.
- * Reads `request.scope.orgRoles` (set by auth adapters).
- * Elevated scope always passes (platform admin bypass).
- *
- * @param roles - Required org roles (user needs at least one)
- *
- * @example
- * ```typescript
- * permissions: {
- *   create: requireOrgRole('admin', 'owner'),
- *   delete: requireOrgRole('owner'),
- * }
- * ```
- */
-declare function requireOrgRole<TDoc = any>(...args: string[] | [readonly string[]]): PermissionCheck<TDoc>;
-/**
- * Create a scoped permission system for resource-action patterns.
- * Maps org roles to fine-grained permissions without external API calls.
- *
- * @example
- * ```typescript
- * const perms = createOrgPermissions({
- *   statements: {
- *     product: ['create', 'update', 'delete'],
- *     order: ['create', 'approve'],
- *   },
- *   roles: {
- *     owner: { product: ['create', 'update', 'delete'], order: ['create', 'approve'] },
- *     admin: { product: ['create', 'update'], order: ['create'] },
- *     member: { product: [], order: [] },
- *   },
- * });
- *
- * defineResource({
- *   permissions: {
- *     create: perms.can({ product: ['create'] }),
- *     delete: perms.can({ product: ['delete'] }),
- *   }
- * });
- * ```
- */
-declare function createOrgPermissions(config: {
-  statements: Record<string, readonly string[]>;
-  roles: Record<string, Record<string, readonly string[]>>;
-}): {
-  can: (permissions: Record<string, string[]>) => PermissionCheck;
-  requireRole: (...roles: string[]) => PermissionCheck;
-  requireMembership: () => PermissionCheck;
-  requireTeamMembership: () => PermissionCheck;
-};
-/**
- * Create a dynamic role-based permission matrix.
- *
- * Use this when role/action mappings are managed outside code
- * (e.g., admin UI matrix, DB-stored ACLs, remote policy service).
- *
- * Supports:
- * - org role union (any assigned org role can grant)
- * - global bypass roles
- * - wildcard resource/action (`*`)
- * - optional in-memory cache
- */
-declare function createDynamicPermissionMatrix(config: DynamicPermissionMatrixConfig): DynamicPermissionMatrix;
-/**
- * Require membership in the active team.
- * User must be authenticated, a member of the active org, AND have an active team.
- *
- * Better Auth teams are flat member groups (no team-level roles).
- * Reads `request.scope.teamId` set by the Better Auth adapter.
- *
- * @example
- * ```typescript
- * permissions: {
- *   list: requireTeamMembership(),
- *   create: requireTeamMembership(),
- * }
- * ```
- */
-declare function requireTeamMembership<TDoc = any>(): PermissionCheck<TDoc>;
-//#endregion
-export { ConnectEventsOptions, DynamicPermissionMatrix, DynamicPermissionMatrixConfig, type FieldPermission, type FieldPermissionMap, type FieldPermissionType, type PermissionCheck, type PermissionContext, PermissionEventBus, type PermissionResult, type UserBase, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, authenticated, createDynamicPermissionMatrix, createOrgPermissions, denyAll, fields, fullPublic, getUserRoles, normalizeRoles, ownerWithAdminBypass, presets_d_exports as permissions, publicRead, publicReadAdminWrite, readOnly, requireAuth, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireTeamMembership, resolveEffectiveRoles, when };
+import { a as applyFieldWritePermissions, i as applyFieldReadPermissions, n as FieldPermissionMap, o as fields, r as FieldPermissionType, s as resolveEffectiveRoles, t as FieldPermission } from "../fields-DFwdaWCq.mjs";
+import { a as getUserRoles, i as UserBase, n as PermissionContext, o as normalizeRoles, r as PermissionResult, t as PermissionCheck } from "../types-BNUccdcf.mjs";
+import { C as publicRead, D as createRoleHierarchy, E as RoleHierarchy, S as presets_d_exports, T as readOnly, _ as when, a as allOf, b as fullPublic, c as createDynamicPermissionMatrix, d as requireAuth, f as requireOrgMembership, g as requireTeamMembership, h as requireRoles, i as PermissionEventBus, l as createOrgPermissions, m as requireOwnership, n as DynamicPermissionMatrix, o as allowPublic, p as requireOrgRole, r as DynamicPermissionMatrixConfig, s as anyOf, t as ConnectEventsOptions, u as denyAll, v as adminOnly, w as publicReadAdminWrite, x as ownerWithAdminBypass, y as authenticated } from "../index-Diqcm14c.mjs";
+export { ConnectEventsOptions, DynamicPermissionMatrix, DynamicPermissionMatrixConfig, FieldPermission, FieldPermissionMap, FieldPermissionType, PermissionCheck, PermissionContext, PermissionEventBus, PermissionResult, RoleHierarchy, UserBase, adminOnly, allOf, allowPublic, anyOf, applyFieldReadPermissions, applyFieldWritePermissions, authenticated, createDynamicPermissionMatrix, createOrgPermissions, createRoleHierarchy, denyAll, fields, fullPublic, getUserRoles, normalizeRoles, ownerWithAdminBypass, presets_d_exports as permissions, publicRead, publicReadAdminWrite, readOnly, requireAuth, requireOrgMembership, requireOrgRole, requireOwnership, requireRoles, requireTeamMembership, resolveEffectiveRoles, when };