@eide/foir-cli 0.42.0 → 0.44.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +15 -5
- package/dist/lib/config-helpers.d.ts +13 -1
- package/package.json +2 -2
package/dist/cli.js
CHANGED
|
@@ -980,7 +980,8 @@ function createIdentityMethods(client) {
|
|
|
980
980
|
rateLimitPerHour: params.rateLimitPerHour,
|
|
981
981
|
allowedModels: params.allowedModels,
|
|
982
982
|
allowedFileTypes: params.allowedFileTypes,
|
|
983
|
-
scopes: params.scopes
|
|
983
|
+
scopes: params.scopes,
|
|
984
|
+
configId: params.configId
|
|
984
985
|
})
|
|
985
986
|
);
|
|
986
987
|
return { apiKey: resp.apiKey ?? null };
|
|
@@ -1339,7 +1340,11 @@ function jsFieldToProto(f) {
|
|
|
1339
1340
|
itemType: f.itemType,
|
|
1340
1341
|
storage: f.storage,
|
|
1341
1342
|
templateZone: f.templateZone,
|
|
1342
|
-
zoneOrder: f.zoneOrder
|
|
1343
|
+
zoneOrder: f.zoneOrder,
|
|
1344
|
+
// Per-field {read, write} principal policy. foir.config.ts authors set
|
|
1345
|
+
// e.g. access: { write: ['service', 'admin'] } to lock a field; the
|
|
1346
|
+
// platform enforces it on every write path.
|
|
1347
|
+
access: f.access
|
|
1343
1348
|
});
|
|
1344
1349
|
}
|
|
1345
1350
|
function jsConfigToProto(c) {
|
|
@@ -2421,7 +2426,10 @@ function createSettingsMethods(client) {
|
|
|
2421
2426
|
required: f.required,
|
|
2422
2427
|
helpText: f.helpText,
|
|
2423
2428
|
placeholder: f.placeholder,
|
|
2424
|
-
config: f.config
|
|
2429
|
+
config: f.config,
|
|
2430
|
+
// Per-field write/read principal policy — e.g. lock `plan` to
|
|
2431
|
+
// write:[service, admin] so a customer can't self-grant.
|
|
2432
|
+
access: f.access
|
|
2425
2433
|
})),
|
|
2426
2434
|
publicFields: params.publicFields
|
|
2427
2435
|
})
|
|
@@ -5192,6 +5200,7 @@ async function reconcileConfig(client, configId, manifest, options = {}) {
|
|
|
5192
5200
|
await reconcileDesignTokens(client, manifest, summary, options.publishDesignTokens ?? false);
|
|
5193
5201
|
await reconcileApiKeys(
|
|
5194
5202
|
client,
|
|
5203
|
+
configId,
|
|
5195
5204
|
manifest.key,
|
|
5196
5205
|
manifest.apiKeys ?? [],
|
|
5197
5206
|
summary,
|
|
@@ -5645,7 +5654,7 @@ async function reconcileDesignTokens(client, manifest, summary, publishAfterAppl
|
|
|
5645
5654
|
summary.designTokensPublished = true;
|
|
5646
5655
|
}
|
|
5647
5656
|
}
|
|
5648
|
-
async function reconcileApiKeys(client, configKey, apiKeys, summary, rotateKeys) {
|
|
5657
|
+
async function reconcileApiKeys(client, configId, configKey, apiKeys, summary, rotateKeys) {
|
|
5649
5658
|
if (apiKeys.length === 0) return;
|
|
5650
5659
|
const existing = await client.identity.listApiKeys({ first: 200 });
|
|
5651
5660
|
const existingByName = new Map(
|
|
@@ -5677,7 +5686,8 @@ async function reconcileApiKeys(client, configKey, apiKeys, summary, rotateKeys)
|
|
|
5677
5686
|
keyType: key.keyType === "secret" ? 2 : 1,
|
|
5678
5687
|
allowedModels: key.allowedModels,
|
|
5679
5688
|
allowedFileTypes: key.allowedFileTypes,
|
|
5680
|
-
scopes: key.scopes
|
|
5689
|
+
scopes: key.scopes,
|
|
5690
|
+
configId
|
|
5681
5691
|
});
|
|
5682
5692
|
rawKey = result?.apiKey?.rawKey;
|
|
5683
5693
|
}
|
|
@@ -40,6 +40,17 @@ interface EnumFieldConfig {
|
|
|
40
40
|
multiple?: boolean;
|
|
41
41
|
default?: string | string[];
|
|
42
42
|
}
|
|
43
|
+
/**
|
|
44
|
+
* Per-field {read, write} principal allow-lists. A non-empty `write` names
|
|
45
|
+
* the only principals permitted to write the field — "public" | "self" |
|
|
46
|
+
* "scoped" | "service" | "admin" — and any other principal is rejected by the
|
|
47
|
+
* platform on every write path. Omit for the default (writable by any
|
|
48
|
+
* authenticated principal). `read` governs client API exposure only.
|
|
49
|
+
*/
|
|
50
|
+
interface FieldAccessInput {
|
|
51
|
+
read?: string[];
|
|
52
|
+
write?: string[];
|
|
53
|
+
}
|
|
43
54
|
interface BaseFieldDefinitionInput {
|
|
44
55
|
key: string;
|
|
45
56
|
label?: string;
|
|
@@ -51,6 +62,7 @@ interface BaseFieldDefinitionInput {
|
|
|
51
62
|
storage?: string;
|
|
52
63
|
templateZone?: string;
|
|
53
64
|
zoneOrder?: number;
|
|
65
|
+
access?: FieldAccessInput;
|
|
54
66
|
}
|
|
55
67
|
type SelectFieldDefinitionInput = BaseFieldDefinitionInput & {
|
|
56
68
|
type: 'select';
|
|
@@ -554,4 +566,4 @@ interface FoirSecretsConfig {
|
|
|
554
566
|
*/
|
|
555
567
|
declare function defineSecrets(config: FoirSecretsConfig): FoirSecretsConfig;
|
|
556
568
|
|
|
557
|
-
export { type AppInput, type AppPlacementFieldChoiceInput, type AppSinkMappingInput, type AppSourceMappingInput, type ApplyConfigApiKeyInput, type ApplyConfigAuthProviderInput, type ApplyConfigDesignTokensInput, type ApplyConfigHookInput, type ApplyConfigInput, type ApplyConfigModelInput, type ApplyConfigOperationInput, type ApplyConfigPlacementInput, type ApplyConfigProjectInput, type ApplyConfigProjectSettingsInput, type ApplyConfigScheduleInput, type ApplyConfigSegmentInput, type EnumFieldConfig, type EnumFieldDefinitionInput, type EnumFieldOption, type ExpressionPrecondition, type FieldDefinitionInput, type FoirSecretsConfig, type LookupDefinitionInput, type Precondition, type QuotaRule, type SecretDeclaration, type SecretOwnerKind, type SegmentPrecondition, type SelectFieldConfig, type SelectFieldDefinitionInput, defineAuthProvider, defineConfig, defineDesignTokens, defineEnumField, defineField, defineHook, defineModel, defineOperation, definePlacement, defineSchedule, defineSecrets, defineSegment, defineSelectField };
|
|
569
|
+
export { type AppInput, type AppPlacementFieldChoiceInput, type AppSinkMappingInput, type AppSourceMappingInput, type ApplyConfigApiKeyInput, type ApplyConfigAuthProviderInput, type ApplyConfigDesignTokensInput, type ApplyConfigHookInput, type ApplyConfigInput, type ApplyConfigModelInput, type ApplyConfigOperationInput, type ApplyConfigPlacementInput, type ApplyConfigProjectInput, type ApplyConfigProjectSettingsInput, type ApplyConfigScheduleInput, type ApplyConfigSegmentInput, type EnumFieldConfig, type EnumFieldDefinitionInput, type EnumFieldOption, type ExpressionPrecondition, type FieldAccessInput, type FieldDefinitionInput, type FoirSecretsConfig, type LookupDefinitionInput, type Precondition, type QuotaRule, type SecretDeclaration, type SecretOwnerKind, type SegmentPrecondition, type SelectFieldConfig, type SelectFieldDefinitionInput, defineAuthProvider, defineConfig, defineDesignTokens, defineEnumField, defineField, defineHook, defineModel, defineOperation, definePlacement, defineSchedule, defineSecrets, defineSegment, defineSelectField };
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@eide/foir-cli",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.44.0",
|
|
4
4
|
"description": "Universal platform CLI for Foir platform",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"publishConfig": {
|
|
@@ -50,7 +50,7 @@
|
|
|
50
50
|
"@bufbuild/protovalidate": "^1.1.1",
|
|
51
51
|
"@connectrpc/connect": "^2.0.0",
|
|
52
52
|
"@connectrpc/connect-node": "^2.0.0",
|
|
53
|
-
"@eide/foir-proto-ts": "^0.
|
|
53
|
+
"@eide/foir-proto-ts": "^0.100.0",
|
|
54
54
|
"chalk": "^5.3.0",
|
|
55
55
|
"commander": "^12.1.0",
|
|
56
56
|
"dotenv": "^16.4.5",
|