@eide/foir-cli 0.25.0 → 0.26.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/cli.js +29 -5
  2. package/dist/lib/config-helpers.d.ts +22 -0
  3. package/package.json +2 -2
package/dist/cli.js CHANGED
@@ -1282,6 +1282,8 @@ import {
1282
1282
  SharingConfigSchema as ProtoSharingConfigSchema,
1283
1283
  ModelConfigSchema as ProtoModelConfigSchema,
1284
1284
  LookupDefinitionSchema as ProtoLookupDefinitionSchema,
1285
+ CacheControlConfigSchema as ProtoCacheControlConfigSchema,
1286
+ CacheControlScope as ProtoCacheControlScope,
1285
1287
  CreateModelRequestSchema,
1286
1288
  GetModelRequestSchema,
1287
1289
  GetModelByKeyRequestSchema,
@@ -1335,9 +1337,26 @@ function jsConfigToProto(c) {
1335
1337
  keyBy: l.keyBy ?? [],
1336
1338
  name: l.name
1337
1339
  })
1338
- ) : []
1340
+ ) : [],
1341
+ cacheControl: c.cacheControl ? create3(ProtoCacheControlConfigSchema, {
1342
+ maxAge: c.cacheControl.maxAge ?? 0,
1343
+ scope: cacheControlScopeFromJs(c.cacheControl.scope)
1344
+ }) : void 0
1339
1345
  });
1340
1346
  }
1347
+ function cacheControlScopeFromJs(scope) {
1348
+ if (typeof scope === "number") return scope;
1349
+ switch (scope) {
1350
+ case "PUBLIC":
1351
+ return ProtoCacheControlScope.PUBLIC;
1352
+ case "PRIVATE":
1353
+ return ProtoCacheControlScope.PRIVATE;
1354
+ case "NO_CACHE":
1355
+ return ProtoCacheControlScope.NO_CACHE;
1356
+ default:
1357
+ return ProtoCacheControlScope.UNSPECIFIED;
1358
+ }
1359
+ }
1341
1360
  function createModelsMethods(client) {
1342
1361
  return {
1343
1362
  // ── Queries ──────────────────────────────────────────────
@@ -2756,7 +2775,8 @@ function createOperationsMethods(client) {
2756
2775
  precondition: params.precondition,
2757
2776
  configId: params.configId,
2758
2777
  supportsAsync: params.supportsAsync,
2759
- callbackTtlSeconds: params.callbackTtlSeconds
2778
+ callbackTtlSeconds: params.callbackTtlSeconds,
2779
+ capabilities: params.capabilities ?? []
2760
2780
  })
2761
2781
  );
2762
2782
  return resp.operation ?? null;
@@ -2777,7 +2797,8 @@ function createOperationsMethods(client) {
2777
2797
  precondition: params.precondition,
2778
2798
  isActive: params.isActive,
2779
2799
  supportsAsync: params.supportsAsync,
2780
- callbackTtlSeconds: params.callbackTtlSeconds
2800
+ callbackTtlSeconds: params.callbackTtlSeconds,
2801
+ capabilities: params.capabilities
2781
2802
  })
2782
2803
  );
2783
2804
  return resp.operation ?? null;
@@ -5237,6 +5258,7 @@ async function reconcileOperations(client, configId, operations, operationBaseUr
5237
5258
  `\u26A0 operation "${op.key}": mode=async but timeoutMs=${op.timeoutMs} \u2014 ack should return in <10s; long timeouts mask slow extensions`
5238
5259
  );
5239
5260
  }
5261
+ const capabilities = op.capabilities ?? [];
5240
5262
  if (ex) {
5241
5263
  const empty = {};
5242
5264
  await client.operations.updateOperation({
@@ -5253,7 +5275,8 @@ async function reconcileOperations(client, configId, operations, operationBaseUr
5253
5275
  precondition: op.precondition ?? empty,
5254
5276
  isActive: op.isActive,
5255
5277
  supportsAsync,
5256
- callbackTtlSeconds: op.callbackTtlSeconds
5278
+ callbackTtlSeconds: op.callbackTtlSeconds,
5279
+ capabilities
5257
5280
  });
5258
5281
  summary.operations.updated++;
5259
5282
  summary.updatedOperationIds.push(ex.id);
@@ -5275,7 +5298,8 @@ async function reconcileOperations(client, configId, operations, operationBaseUr
5275
5298
  precondition: op.precondition,
5276
5299
  configId,
5277
5300
  supportsAsync,
5278
- callbackTtlSeconds: op.callbackTtlSeconds
5301
+ callbackTtlSeconds: op.callbackTtlSeconds,
5302
+ capabilities
5279
5303
  });
5280
5304
  summary.operations.created++;
5281
5305
  }
package/dist/lib/config-helpers.d.ts CHANGED
@@ -191,6 +191,28 @@ interface ApplyConfigOperationInput {
191
191
  callbackTimeoutRetryPolicy?: {
192
192
  maxRetries?: number;
193
193
  };
194
+ /**
195
+ * Capability strings stamped onto the scoped dispatch token (and its
196
+ * callback-window successor) so the extension can call back into
197
+ * api-public with the precise authorities it needs — nothing more.
198
+ *
199
+ * Per-model record access is three-part: `records:read:<model_key>`,
200
+ * `records:write:<model_key>`, `records:delete:<model_key>`,
201
+ * `records:publish:<model_key>`. List every model the operation
202
+ * touches; the unscoped two-part forms (`records:read` etc.) only
203
+ * work for admin API keys and won't satisfy customer-scoped tokens.
204
+ *
205
+ * Cross-cutting caps: `embeddings:read`, `embeddings:write`,
206
+ * `shares:read`, `shares:write`, `files:read`, `files:write`,
207
+ * `config:read`, `status:write`, and the secrets:* family. See
208
+ * `services/internal/scopedtoken/capabilities.go` for the full enum.
209
+ *
210
+ * `operations:complete` is auto-injected on callback tokens — never
211
+ * declare it here. Omitting `capabilities` (or passing an empty array)
212
+ * mints an authentic-but-unprivileged token; useful for operations
213
+ * whose extension makes no back-channel calls.
214
+ */
215
+ capabilities?: string[];
194
216
  }
195
217
  interface ApplyConfigSegmentInput {
196
218
  key: string;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@eide/foir-cli",
3
- "version": "0.25.0",
3
+ "version": "0.26.0",
4
4
  "description": "Universal platform CLI for Foir platform",
5
5
  "type": "module",
6
6
  "publishConfig": {
@@ -50,7 +50,7 @@
50
50
  "@bufbuild/protovalidate": "^1.1.1",
51
51
  "@connectrpc/connect": "^2.0.0",
52
52
  "@connectrpc/connect-node": "^2.0.0",
53
- "@eide/foir-proto-ts": "^0.66.0",
53
+ "@eide/foir-proto-ts": "^0.70.0",
54
54
  "chalk": "^5.3.0",
55
55
  "commander": "^12.1.0",
56
56
  "dotenv": "^16.4.5",