npm - @donkeylabs/cli - Versions diffs - 2.0.14 → 2.0.16 - Mend

@donkeylabs/cli 2.0.14 → 2.0.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (85) hide show

package/templates/sveltekit-app/src/server/routes/permissions/index.ts DELETED Viewed

@@ -1,248 +0,0 @@
-/**
- * Permissions Routes - Client-side permission checking
- *
- * These routes allow the frontend to check permissions for UI locking.
- */
-import { createRouter, defineRoute } from "@donkeylabs/server";
-import { z } from "zod";
-const permissions = createRouter("permissions");
-/**
- * Get current user's permission context for a tenant
- * Returns roles and all static permissions
- */
-permissions.route("context").typed(
-  defineRoute({
-    input: z.object({
-      tenantId: z.string(),
-    }),
-    output: z.object({
-      tenantId: z.string(),
-      roles: z.array(z.object({
-        id: z.string(),
-        name: z.string(),
-      })),
-      permissions: z.array(z.string()),
-    }),
-    handle: async (input, ctx) => {
-      if (!ctx.user?.id) {
-        throw ctx.errors.Unauthorized("Authentication required");
-      }
-      return (ctx.plugins as any).permissions.getClientContext(ctx.user.id, input.tenantId);
-    },
-  })
-);
-/**
- * Check if user has specific static permissions
- * Returns a map of permission -> boolean
- */
-permissions.route("check").typed(
-  defineRoute({
-    input: z.object({
-      tenantId: z.string(),
-      permissions: z.array(z.string()),
-    }),
-    output: z.record(z.string(), z.boolean()),
-    handle: async (input, ctx) => {
-      if (!ctx.user?.id) {
-        throw ctx.errors.Unauthorized("Authentication required");
-      }
-      const results: Record<string, boolean> = {};
-      for (const permission of input.permissions) {
-        results[permission] = await (ctx.plugins as any).permissions.hasPermission(
-          ctx.user.id,
-          input.tenantId,
-          permission
-        );
-      }
-      return results;
-    },
-  })
-);
-/**
- * Check if user can access specific resources
- * Returns a map of "resourceType:resourceId:action" -> boolean
- */
-permissions.route("canAccess").typed(
-  defineRoute({
-    input: z.object({
-      tenantId: z.string(),
-      checks: z.array(z.object({
-        resourceType: z.string(),
-        resourceId: z.string(),
-        action: z.enum(["create", "read", "write", "delete", "admin"]),
-        ownerId: z.string().optional(), // For owner check
-      })),
-    }),
-    output: z.record(z.string(), z.boolean()),
-    handle: async (input, ctx) => {
-      if (!ctx.user?.id) {
-        throw ctx.errors.Unauthorized("Authentication required");
-      }
-      const results: Record<string, boolean> = {};
-      for (const check of input.checks) {
-        const key = `${check.resourceType}:${check.resourceId}:${check.action}`;
-        results[key] = await (ctx.plugins as any).permissions.canAccess(
-          ctx.user.id,
-          input.tenantId,
-          check.resourceType,
-          check.resourceId,
-          check.action,
-          check.ownerId
-        );
-      }
-      return results;
-    },
-  })
-);
-/**
- * Get all grants for a specific resource
- * Useful for showing "shared with" UI
- */
-permissions.route("grants").typed(
-  defineRoute({
-    input: z.object({
-      tenantId: z.string(),
-      resourceType: z.string(),
-      resourceId: z.string(),
-    }),
-    output: z.array(z.object({
-      resourceType: z.string(),
-      resourceId: z.string(),
-      granteeType: z.enum(["user", "role"]),
-      granteeId: z.string(),
-      permissions: z.array(z.enum(["create", "read", "write", "delete", "admin"])),
-    })),
-    handle: async (input, ctx) => {
-      if (!ctx.user?.id) {
-        throw ctx.errors.Unauthorized("Authentication required");
-      }
-      // Check if user can admin this resource (to see grants)
-      const canAdmin = await (ctx.plugins as any).permissions.canAccess(
-        ctx.user.id,
-        input.tenantId,
-        input.resourceType,
-        input.resourceId,
-        "admin"
-      );
-      if (!canAdmin) {
-        throw ctx.errors.Forbidden("Cannot view grants for this resource");
-      }
-      return (ctx.plugins as any).permissions.getResourceGrants(
-        input.tenantId,
-        input.resourceType,
-        input.resourceId
-      );
-    },
-  })
-);
-/**
- * Grant access to a resource
- */
-permissions.route("grant").typed(
-  defineRoute({
-    input: z.object({
-      tenantId: z.string(),
-      resourceType: z.string(),
-      resourceId: z.string(),
-      granteeType: z.enum(["user", "role"]),
-      granteeId: z.string(),
-      permissions: z.array(z.enum(["create", "read", "write", "delete", "admin"])),
-    }),
-    output: z.object({ success: z.boolean() }),
-    handle: async (input, ctx) => {
-      if (!ctx.user?.id) {
-        throw ctx.errors.Unauthorized("Authentication required");
-      }
-      // Check if user can admin this resource
-      const canAdmin = await (ctx.plugins as any).permissions.canAccess(
-        ctx.user.id,
-        input.tenantId,
-        input.resourceType,
-        input.resourceId,
-        "admin"
-      );
-      if (!canAdmin) {
-        throw ctx.errors.Forbidden("Cannot grant access to this resource");
-      }
-      await (ctx.plugins as any).permissions.grantAccess({
-        tenantId: input.tenantId,
-        resourceType: input.resourceType,
-        resourceId: input.resourceId,
-        granteeType: input.granteeType,
-        granteeId: input.granteeId,
-        permissions: input.permissions,
-        grantedBy: ctx.user.id,
-      });
-      return { success: true };
-    },
-  })
-);
-/**
- * Revoke access to a resource
- */
-permissions.route("revoke").typed(
-  defineRoute({
-    input: z.object({
-      tenantId: z.string(),
-      resourceType: z.string(),
-      resourceId: z.string(),
-      granteeType: z.enum(["user", "role"]),
-      granteeId: z.string(),
-      permissions: z.array(z.enum(["create", "read", "write", "delete", "admin"])).optional(),
-    }),
-    output: z.object({ success: z.boolean() }),
-    handle: async (input, ctx) => {
-      if (!ctx.user?.id) {
-        throw ctx.errors.Unauthorized("Authentication required");
-      }
-      // Check if user can admin this resource
-      const canAdmin = await (ctx.plugins as any).permissions.canAccess(
-        ctx.user.id,
-        input.tenantId,
-        input.resourceType,
-        input.resourceId,
-        "admin"
-      );
-      if (!canAdmin) {
-        throw ctx.errors.Forbidden("Cannot revoke access to this resource");
-      }
-      await (ctx.plugins as any).permissions.revokeAccess({
-        tenantId: input.tenantId,
-        resourceType: input.resourceType,
-        resourceId: input.resourceId,
-        granteeType: input.granteeType,
-        granteeId: input.granteeId,
-        permissions: input.permissions,
-      });
-      return { success: true };
-    },
-  })
-);
-export { permissions as permissionsRouter };

package/templates/sveltekit-app/src/server/routes/tenants/index.ts DELETED Viewed

@@ -1,339 +0,0 @@
-/**
- * Tenants Routes - Multi-tenant management
- */
-import { createRouter, defineRoute } from "@donkeylabs/server";
-import { z } from "zod";
-const tenants = createRouter("tenants");
-/**
- * Get all tenants the current user is a member of
- */
-tenants.route("mine").typed(
-  defineRoute({
-    input: z.object({}),
-    output: z.array(z.object({
-      id: z.string(),
-      name: z.string(),
-      slug: z.string(),
-      settings: z.record(z.string(), z.unknown()).nullable(),
-    })),
-    handle: async (input, ctx) => {
-      if (!ctx.user?.id) {
-        throw ctx.errors.Unauthorized("Authentication required");
-      }
-      return (ctx.plugins as any).permissions.getUserTenants(ctx.user.id);
-    },
-  })
-);
-/**
- * Create a new tenant (user becomes owner/admin)
- */
-tenants.route("create").typed(
-  defineRoute({
-    input: z.object({
-      name: z.string().min(1).max(100),
-      slug: z.string().min(1).max(50).regex(/^[a-z0-9-]+$/, "Slug must be lowercase alphanumeric with hyphens"),
-      settings: z.record(z.string(), z.unknown()).optional(),
-    }),
-    output: z.object({
-      id: z.string(),
-      name: z.string(),
-      slug: z.string(),
-      settings: z.record(z.string(), z.unknown()).nullable(),
-    }),
-    handle: async (input, ctx) => {
-      if (!ctx.user?.id) {
-        throw ctx.errors.Unauthorized("Authentication required");
-      }
-      // Check if slug is taken
-      const existing = await (ctx.plugins as any).permissions.getTenantBySlug(input.slug);
-      if (existing) {
-        throw ctx.errors.BadRequest("Tenant slug already taken");
-      }
-      return (ctx.plugins as any).permissions.createTenant({
-        name: input.name,
-        slug: input.slug,
-        ownerId: ctx.user.id,
-        settings: input.settings,
-      });
-    },
-  })
-);
-/**
- * Get tenant by ID
- */
-tenants.route("get").typed(
-  defineRoute({
-    input: z.object({
-      tenantId: z.string(),
-    }),
-    output: z.object({
-      id: z.string(),
-      name: z.string(),
-      slug: z.string(),
-      settings: z.record(z.string(), z.unknown()).nullable(),
-    }).nullable(),
-    handle: async (input, ctx) => {
-      if (!ctx.user?.id) {
-        throw ctx.errors.Unauthorized("Authentication required");
-      }
-      // Verify membership
-      const isMember = await (ctx.plugins as any).permissions.isTenantMember(ctx.user.id, input.tenantId);
-      if (!isMember) {
-        throw ctx.errors.Forbidden("Not a member of this tenant");
-      }
-      return (ctx.plugins as any).permissions.getTenant(input.tenantId);
-    },
-  })
-);
-/**
- * Get tenant roles
- */
-tenants.route("roles").typed(
-  defineRoute({
-    input: z.object({
-      tenantId: z.string(),
-    }),
-    output: z.array(z.object({
-      id: z.string(),
-      name: z.string(),
-      description: z.string().nullable(),
-      permissions: z.array(z.string()),
-      inheritsFrom: z.string().nullable(),
-      isDefault: z.boolean(),
-    })),
-    handle: async (input, ctx) => {
-      if (!ctx.user?.id) {
-        throw ctx.errors.Unauthorized("Authentication required");
-      }
-      // Verify membership
-      const isMember = await (ctx.plugins as any).permissions.isTenantMember(ctx.user.id, input.tenantId);
-      if (!isMember) {
-        throw ctx.errors.Forbidden("Not a member of this tenant");
-      }
-      const roles = await (ctx.plugins as any).permissions.getTenantRoles(input.tenantId);
-      return roles.map((r: any) => ({
-        id: r.id,
-        name: r.name,
-        description: r.description,
-        permissions: r.permissions,
-        inheritsFrom: r.inheritsFrom,
-        isDefault: r.isDefault,
-      }));
-    },
-  })
-);
-/**
- * Create a role in a tenant
- */
-tenants.route("createRole").typed(
-  defineRoute({
-    input: z.object({
-      tenantId: z.string(),
-      name: z.string().min(1).max(50),
-      description: z.string().max(200).optional(),
-      permissions: z.array(z.string()),
-      inheritsFrom: z.string().optional(),
-      isDefault: z.boolean().optional(),
-    }),
-    output: z.object({
-      id: z.string(),
-      name: z.string(),
-      description: z.string().nullable(),
-      permissions: z.array(z.string()),
-      inheritsFrom: z.string().nullable(),
-      isDefault: z.boolean(),
-    }),
-    handle: async (input, ctx) => {
-      if (!ctx.user?.id) {
-        throw ctx.errors.Unauthorized("Authentication required");
-      }
-      // Check admin permission
-      const hasAdmin = await (ctx.plugins as any).permissions.hasPermission(
-        ctx.user.id,
-        input.tenantId,
-        "roles.manage"
-      );
-      if (!hasAdmin) {
-        throw ctx.errors.Forbidden("Cannot manage roles");
-      }
-      const role = await (ctx.plugins as any).permissions.createRole({
-        tenantId: input.tenantId,
-        name: input.name,
-        description: input.description,
-        permissions: input.permissions,
-        inheritsFrom: input.inheritsFrom,
-        isDefault: input.isDefault,
-      });
-      return {
-        id: role.id,
-        name: role.name,
-        description: role.description,
-        permissions: role.permissions,
-        inheritsFrom: role.inheritsFrom,
-        isDefault: role.isDefault,
-      };
-    },
-  })
-);
-/**
- * Invite user to tenant (add as member)
- */
-tenants.route("addMember").typed(
-  defineRoute({
-    input: z.object({
-      tenantId: z.string(),
-      userId: z.string(),
-    }),
-    output: z.object({ success: z.boolean() }),
-    handle: async (input, ctx) => {
-      if (!ctx.user?.id) {
-        throw ctx.errors.Unauthorized("Authentication required");
-      }
-      // Check permission
-      const canInvite = await (ctx.plugins as any).permissions.hasPermission(
-        ctx.user.id,
-        input.tenantId,
-        "members.invite"
-      );
-      if (!canInvite) {
-        throw ctx.errors.Forbidden("Cannot invite members");
-      }
-      await (ctx.plugins as any).permissions.addTenantMember(
-        input.tenantId,
-        input.userId,
-        ctx.user.id
-      );
-      return { success: true };
-    },
-  })
-);
-/**
- * Remove user from tenant
- */
-tenants.route("removeMember").typed(
-  defineRoute({
-    input: z.object({
-      tenantId: z.string(),
-      userId: z.string(),
-    }),
-    output: z.object({ success: z.boolean() }),
-    handle: async (input, ctx) => {
-      if (!ctx.user?.id) {
-        throw ctx.errors.Unauthorized("Authentication required");
-      }
-      // Check permission
-      const canRemove = await (ctx.plugins as any).permissions.hasPermission(
-        ctx.user.id,
-        input.tenantId,
-        "members.remove"
-      );
-      if (!canRemove) {
-        throw ctx.errors.Forbidden("Cannot remove members");
-      }
-      await (ctx.plugins as any).permissions.removeTenantMember(input.tenantId, input.userId);
-      return { success: true };
-    },
-  })
-);
-/**
- * Assign role to user
- */
-tenants.route("assignRole").typed(
-  defineRoute({
-    input: z.object({
-      tenantId: z.string(),
-      userId: z.string(),
-      roleId: z.string(),
-    }),
-    output: z.object({ success: z.boolean() }),
-    handle: async (input, ctx) => {
-      if (!ctx.user?.id) {
-        throw ctx.errors.Unauthorized("Authentication required");
-      }
-      // Check permission
-      const canManage = await (ctx.plugins as any).permissions.hasPermission(
-        ctx.user.id,
-        input.tenantId,
-        "roles.assign"
-      );
-      if (!canManage) {
-        throw ctx.errors.Forbidden("Cannot assign roles");
-      }
-      await (ctx.plugins as any).permissions.assignRole(
-        input.userId,
-        input.roleId,
-        input.tenantId,
-        ctx.user.id
-      );
-      return { success: true };
-    },
-  })
-);
-/**
- * Revoke role from user
- */
-tenants.route("revokeRole").typed(
-  defineRoute({
-    input: z.object({
-      tenantId: z.string(),
-      userId: z.string(),
-      roleId: z.string(),
-    }),
-    output: z.object({ success: z.boolean() }),
-    handle: async (input, ctx) => {
-      if (!ctx.user?.id) {
-        throw ctx.errors.Unauthorized("Authentication required");
-      }
-      // Check permission
-      const canManage = await (ctx.plugins as any).permissions.hasPermission(
-        ctx.user.id,
-        input.tenantId,
-        "roles.assign"
-      );
-      if (!canManage) {
-        throw ctx.errors.Forbidden("Cannot revoke roles");
-      }
-      await (ctx.plugins as any).permissions.revokeRole(
-        input.userId,
-        input.roleId,
-        input.tenantId
-      );
-      return { success: true };
-    },
-  })
-);
-export { tenants as tenantsRouter };

package/templates/sveltekit-app/static/robots.txt DELETED Viewed

@@ -1,3 +0,0 @@
-# allow crawling everything by default
-User-agent: *
-Disallow:

package/templates/sveltekit-app/svelte.config.ts DELETED Viewed

@@ -1,17 +0,0 @@
-import adapter from '@donkeylabs/adapter-sveltekit';
-import { vitePreprocess } from '@sveltejs/vite-plugin-svelte';
-import type { Config } from '@sveltejs/kit';
-const config: Config = {
-	preprocess: vitePreprocess(),
-	kit: {
-		adapter: adapter(),
-		alias: {
-			$server: '.@donkeylabs/server',
-		}
-	}
-};
-export default config;

package/templates/sveltekit-app/tsconfig.json DELETED Viewed

@@ -1,20 +0,0 @@
-{
-  "extends": "./.svelte-kit/tsconfig.json",
-  "compilerOptions": {
-    "allowJs": true,
-    "checkJs": true,
-    "esModuleInterop": true,
-    "forceConsistentCasingInFileNames": true,
-    "resolveJsonModule": true,
-    "skipLibCheck": true,
-    "sourceMap": true,
-    "strict": true,
-    "moduleResolution": "bundler"
-  },
-  "include": [
-    ".@donkeylabs/server/**/*.ts",
-    ".@donkeylabs/server/**/*.d.ts",
-    "src/**/*.ts",
-    "src/**/*.svelte"
-  ]
-}

package/templates/sveltekit-app/vite.config.ts DELETED Viewed

@@ -1,12 +0,0 @@
-import { sveltekit } from '@sveltejs/kit/vite';
-import tailwindcss from '@tailwindcss/vite';
-import { defineConfig } from 'vite';
-import { donkeylabsDev } from '@donkeylabs/adapter-sveltekit/vite';
-export default defineConfig({
-	plugins: [donkeylabsDev(), tailwindcss(), sveltekit()],
-	ssr: {
-		// Bundle @donkeylabs packages in SSR so TypeScript files get transpiled
-		noExternal: ['@donkeylabs/adapter-sveltekit', '@donkeylabs/server'],
-	},
-});