@eide/foir-cli 0.43.0 → 0.44.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +9 -2
- package/dist/lib/config-helpers.d.ts +13 -1
- package/package.json +2 -2
package/dist/cli.js
CHANGED
|
@@ -1340,7 +1340,11 @@ function jsFieldToProto(f) {
|
|
|
1340
1340
|
itemType: f.itemType,
|
|
1341
1341
|
storage: f.storage,
|
|
1342
1342
|
templateZone: f.templateZone,
|
|
1343
|
-
zoneOrder: f.zoneOrder
|
|
1343
|
+
zoneOrder: f.zoneOrder,
|
|
1344
|
+
// Per-field {read, write} principal policy. foir.config.ts authors set
|
|
1345
|
+
// e.g. access: { write: ['service', 'admin'] } to lock a field; the
|
|
1346
|
+
// platform enforces it on every write path.
|
|
1347
|
+
access: f.access
|
|
1344
1348
|
});
|
|
1345
1349
|
}
|
|
1346
1350
|
function jsConfigToProto(c) {
|
|
@@ -2422,7 +2426,10 @@ function createSettingsMethods(client) {
|
|
|
2422
2426
|
required: f.required,
|
|
2423
2427
|
helpText: f.helpText,
|
|
2424
2428
|
placeholder: f.placeholder,
|
|
2425
|
-
config: f.config
|
|
2429
|
+
config: f.config,
|
|
2430
|
+
// Per-field write/read principal policy — e.g. lock `plan` to
|
|
2431
|
+
// write:[service, admin] so a customer can't self-grant.
|
|
2432
|
+
access: f.access
|
|
2426
2433
|
})),
|
|
2427
2434
|
publicFields: params.publicFields
|
|
2428
2435
|
})
|
|
@@ -40,6 +40,17 @@ interface EnumFieldConfig {
|
|
|
40
40
|
multiple?: boolean;
|
|
41
41
|
default?: string | string[];
|
|
42
42
|
}
|
|
43
|
+
/**
|
|
44
|
+
* Per-field {read, write} principal allow-lists. A non-empty `write` names
|
|
45
|
+
* the only principals permitted to write the field — "public" | "self" |
|
|
46
|
+
* "scoped" | "service" | "admin" — and any other principal is rejected by the
|
|
47
|
+
* platform on every write path. Omit for the default (writable by any
|
|
48
|
+
* authenticated principal). `read` governs client API exposure only.
|
|
49
|
+
*/
|
|
50
|
+
interface FieldAccessInput {
|
|
51
|
+
read?: string[];
|
|
52
|
+
write?: string[];
|
|
53
|
+
}
|
|
43
54
|
interface BaseFieldDefinitionInput {
|
|
44
55
|
key: string;
|
|
45
56
|
label?: string;
|
|
@@ -51,6 +62,7 @@ interface BaseFieldDefinitionInput {
|
|
|
51
62
|
storage?: string;
|
|
52
63
|
templateZone?: string;
|
|
53
64
|
zoneOrder?: number;
|
|
65
|
+
access?: FieldAccessInput;
|
|
54
66
|
}
|
|
55
67
|
type SelectFieldDefinitionInput = BaseFieldDefinitionInput & {
|
|
56
68
|
type: 'select';
|
|
@@ -554,4 +566,4 @@ interface FoirSecretsConfig {
|
|
|
554
566
|
*/
|
|
555
567
|
declare function defineSecrets(config: FoirSecretsConfig): FoirSecretsConfig;
|
|
556
568
|
|
|
557
|
-
export { type AppInput, type AppPlacementFieldChoiceInput, type AppSinkMappingInput, type AppSourceMappingInput, type ApplyConfigApiKeyInput, type ApplyConfigAuthProviderInput, type ApplyConfigDesignTokensInput, type ApplyConfigHookInput, type ApplyConfigInput, type ApplyConfigModelInput, type ApplyConfigOperationInput, type ApplyConfigPlacementInput, type ApplyConfigProjectInput, type ApplyConfigProjectSettingsInput, type ApplyConfigScheduleInput, type ApplyConfigSegmentInput, type EnumFieldConfig, type EnumFieldDefinitionInput, type EnumFieldOption, type ExpressionPrecondition, type FieldDefinitionInput, type FoirSecretsConfig, type LookupDefinitionInput, type Precondition, type QuotaRule, type SecretDeclaration, type SecretOwnerKind, type SegmentPrecondition, type SelectFieldConfig, type SelectFieldDefinitionInput, defineAuthProvider, defineConfig, defineDesignTokens, defineEnumField, defineField, defineHook, defineModel, defineOperation, definePlacement, defineSchedule, defineSecrets, defineSegment, defineSelectField };
|
|
569
|
+
export { type AppInput, type AppPlacementFieldChoiceInput, type AppSinkMappingInput, type AppSourceMappingInput, type ApplyConfigApiKeyInput, type ApplyConfigAuthProviderInput, type ApplyConfigDesignTokensInput, type ApplyConfigHookInput, type ApplyConfigInput, type ApplyConfigModelInput, type ApplyConfigOperationInput, type ApplyConfigPlacementInput, type ApplyConfigProjectInput, type ApplyConfigProjectSettingsInput, type ApplyConfigScheduleInput, type ApplyConfigSegmentInput, type EnumFieldConfig, type EnumFieldDefinitionInput, type EnumFieldOption, type ExpressionPrecondition, type FieldAccessInput, type FieldDefinitionInput, type FoirSecretsConfig, type LookupDefinitionInput, type Precondition, type QuotaRule, type SecretDeclaration, type SecretOwnerKind, type SegmentPrecondition, type SelectFieldConfig, type SelectFieldDefinitionInput, defineAuthProvider, defineConfig, defineDesignTokens, defineEnumField, defineField, defineHook, defineModel, defineOperation, definePlacement, defineSchedule, defineSecrets, defineSegment, defineSelectField };
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@eide/foir-cli",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.44.0",
|
|
4
4
|
"description": "Universal platform CLI for Foir platform",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"publishConfig": {
|
|
@@ -50,7 +50,7 @@
|
|
|
50
50
|
"@bufbuild/protovalidate": "^1.1.1",
|
|
51
51
|
"@connectrpc/connect": "^2.0.0",
|
|
52
52
|
"@connectrpc/connect-node": "^2.0.0",
|
|
53
|
-
"@eide/foir-proto-ts": "^0.
|
|
53
|
+
"@eide/foir-proto-ts": "^0.100.0",
|
|
54
54
|
"chalk": "^5.3.0",
|
|
55
55
|
"commander": "^12.1.0",
|
|
56
56
|
"dotenv": "^16.4.5",
|