@eide/foir-cli 0.25.0 → 0.25.1

package/dist/cli.js

@@ -2756,7 +2756,8 @@ function createOperationsMethods(client) {
           precondition: params.precondition,
           configId: params.configId,
           supportsAsync: params.supportsAsync,
-          callbackTtlSeconds: params.callbackTtlSeconds
+          callbackTtlSeconds: params.callbackTtlSeconds,
+          capabilities: params.capabilities ?? []
         })
       );
       return resp.operation ?? null;
@@ -2777,7 +2778,8 @@ function createOperationsMethods(client) {
           precondition: params.precondition,
           isActive: params.isActive,
           supportsAsync: params.supportsAsync,
-          callbackTtlSeconds: params.callbackTtlSeconds
+          callbackTtlSeconds: params.callbackTtlSeconds,
+          capabilities: params.capabilities
         })
       );
       return resp.operation ?? null;
@@ -5237,6 +5239,7 @@ async function reconcileOperations(client, configId, operations, operationBaseUr
         `\u26A0 operation "${op.key}": mode=async but timeoutMs=${op.timeoutMs} \u2014 ack should return in <10s; long timeouts mask slow extensions`
       );
     }
+    const capabilities = op.capabilities ?? [];
     if (ex) {
       const empty = {};
       await client.operations.updateOperation({
@@ -5253,7 +5256,8 @@ async function reconcileOperations(client, configId, operations, operationBaseUr
         precondition: op.precondition ?? empty,
         isActive: op.isActive,
         supportsAsync,
-        callbackTtlSeconds: op.callbackTtlSeconds
+        callbackTtlSeconds: op.callbackTtlSeconds,
+        capabilities
       });
       summary.operations.updated++;
       summary.updatedOperationIds.push(ex.id);
@@ -5275,7 +5279,8 @@ async function reconcileOperations(client, configId, operations, operationBaseUr
         precondition: op.precondition,
         configId,
         supportsAsync,
-        callbackTtlSeconds: op.callbackTtlSeconds
+        callbackTtlSeconds: op.callbackTtlSeconds,
+        capabilities
       });
       summary.operations.created++;
     }

package/dist/lib/config-helpers.d.ts

@@ -191,6 +191,28 @@ interface ApplyConfigOperationInput {
     callbackTimeoutRetryPolicy?: {
         maxRetries?: number;
     };
+    /**
+     * Capability strings stamped onto the scoped dispatch token (and its
+     * callback-window successor) so the extension can call back into
+     * api-public with the precise authorities it needs — nothing more.
+     *
+     * Per-model record access is three-part: `records:read:<model_key>`,
+     * `records:write:<model_key>`, `records:delete:<model_key>`,
+     * `records:publish:<model_key>`. List every model the operation
+     * touches; the unscoped two-part forms (`records:read` etc.) only
+     * work for admin API keys and won't satisfy customer-scoped tokens.
+     *
+     * Cross-cutting caps: `embeddings:read`, `embeddings:write`,
+     * `shares:read`, `shares:write`, `files:read`, `files:write`,
+     * `config:read`, `status:write`, and the secrets:* family. See
+     * `services/internal/scopedtoken/capabilities.go` for the full enum.
+     *
+     * `operations:complete` is auto-injected on callback tokens — never
+     * declare it here. Omitting `capabilities` (or passing an empty array)
+     * mints an authentic-but-unprivileged token; useful for operations
+     * whose extension makes no back-channel calls.
+     */
+    capabilities?: string[];
 }
 interface ApplyConfigSegmentInput {
     key: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@eide/foir-cli",
-  "version": "0.25.0",
+  "version": "0.25.1",
   "description": "Universal platform CLI for Foir platform",
   "type": "module",
   "publishConfig": {