npm - @eide/foir-cli - Versions diffs - 0.50.0 → 0.52.0 - Mend

@eide/foir-cli 0.50.0 → 0.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/cli.js +573 -108
package/dist/lib/config-helpers.d.ts +63 -1
package/dist/lib/config-helpers.js +4 -0
package/package.json +2 -2

package/dist/lib/config-helpers.d.ts CHANGED Viewed

@@ -304,6 +304,65 @@ interface ApplyConfigAuthProviderInput {
     isDefault?: boolean;
     priority?: number;
 }
+/**
+ * Login-with-Foir customer-lane relying party. Each entry registers a
+ * storefront or third-party app that can launch the hosted customer
+ * login at auth.foir.dev/authorize?client_id=… and exchange the auth
+ * code at /customer/oauth/token.
+ *
+ * The reconciler is project-scoped (tenant + project come from the
+ * push context), so consumers only declare the per-RP fields. Pass to
+ * `relyingParties` on the manifest.
+ */
+/**
+ * Per-RP login method config (login-with-foir-full-workstream-plan.md
+ * §Per-RP login method toggle). All fields optional — missing keys
+ * default to enabled. Lets a project's storefront opt to only Sign in
+ * with Shopify (disable password/OTP + don't list Apple) without
+ * touching the project-level provider catalogue.
+ */
+interface ApplyConfigRelyingPartyLoginMethods {
+    /** Show the password tab on the hosted login? Defaults to true. */
+    password?: boolean;
+    /** Show the OTP tab on the hosted login? Defaults to true. */
+    otp?: boolean;
+    /**
+     * Provider keys to HIDE on this RP's login page. Empty/missing = show
+     * every provider configured at the project level. List a key (e.g.
+     * "google") to omit it from this RP only.
+     */
+    disabledProviders?: string[];
+}
+interface ApplyConfigRelyingPartyInput {
+    /**
+     * Which lane this RP authenticates. `foir push` is project-scoped, so
+     * RPs declared in config are customer-lane (the default); admin RPs are
+     * platform-managed and not part of project config.
+     */
+    kind?: 'customer' | 'admin';
+    /** Public RP slug, unique per project (e.g. `eide-clothing-storefront`). */
+    clientId: string;
+    /** Display name shown on the hosted login. */
+    name: string;
+    /** Allow-listed exact redirect URIs the platform will 302 to with the code. */
+    redirectUris: string[];
+    /** OAuth scopes the RP can request (intersection with caller scopes wins). */
+    allowedScopes?: string[];
+    /**
+     * Per-RP login method filter (customer-lane). Combines with the project-
+     * level customer auth settings (project may have password OFF entirely; an
+     * RP can't override-up, only override-down).
+     */
+    loginMethods?: ApplyConfigRelyingPartyLoginMethods;
+    /**
+     * White-label custom login domains for this RP (EID-46), e.g.
+     * `['login.eide.clothing']`. `foir push` registers each (creating a pending
+     * row + a DNS-TXT challenge) and prunes any not listed. Verification is a
+     * separate step — add the CNAME + `_foir-challenge` TXT records the push
+     * output prints, then verify. Customer-lane only.
+     */
+    customDomains?: string[];
+}
 interface ApplyConfigPlacementInput {
     type: string;
     url: string;
@@ -494,6 +553,7 @@ interface ApplyConfigInput {
     schedules?: ApplyConfigScheduleInput[];
     hooks?: ApplyConfigHookInput[];
     authProviders?: ApplyConfigAuthProviderInput[];
+    relyingParties?: ApplyConfigRelyingPartyInput[];
     placements?: ApplyConfigPlacementInput[];
     apiKeys?: ApplyConfigApiKeyInput[];
     /** Per-project app declarations, keyed by app name. */
@@ -531,6 +591,8 @@ declare function defineSegment(segment: ApplyConfigSegmentInput): ApplyConfigSeg
 declare function defineSchedule(schedule: ApplyConfigScheduleInput): ApplyConfigScheduleInput;
 /** Define an auth provider. */
 declare function defineAuthProvider(provider: ApplyConfigAuthProviderInput): ApplyConfigAuthProviderInput;
+/** Define a Login-with-Foir relying party (storefront / external app). */
+declare function defineRelyingParty(client: ApplyConfigRelyingPartyInput): ApplyConfigRelyingPartyInput;
 /** Define a lifecycle hook. */
 declare function defineHook(hook: ApplyConfigHookInput): ApplyConfigHookInput;
 /** Define an editor placement (sidebar or main-editor tab). */
@@ -569,4 +631,4 @@ interface FoirSecretsConfig {
  */
 declare function defineSecrets(config: FoirSecretsConfig): FoirSecretsConfig;
-export { type AppInput, type AppPlacementFieldChoiceInput, type AppSinkMappingInput, type AppSourceMappingInput, type ApplyConfigApiKeyInput, type ApplyConfigAuthProviderInput, type ApplyConfigDesignTokensInput, type ApplyConfigHookInput, type ApplyConfigInput, type ApplyConfigModelInput, type ApplyConfigOperationInput, type ApplyConfigPlacementInput, type ApplyConfigProjectInput, type ApplyConfigProjectSettingsInput, type ApplyConfigScheduleInput, type ApplyConfigSegmentInput, type EnumFieldConfig, type EnumFieldDefinitionInput, type EnumFieldOption, type FieldAccessInput, type FieldDefinitionInput, type FoirSecretsConfig, type LookupDefinitionInput, type QuotaRule, type SecretDeclaration, type SecretOwnerKind, type SelectFieldConfig, type SelectFieldDefinitionInput, defineAuthProvider, defineConfig, defineDesignTokens, defineEnumField, defineField, defineHook, defineModel, defineOperation, definePlacement, defineSchedule, defineSecrets, defineSegment, defineSelectField };
+export { type AppInput, type AppPlacementFieldChoiceInput, type AppSinkMappingInput, type AppSourceMappingInput, type ApplyConfigApiKeyInput, type ApplyConfigAuthProviderInput, type ApplyConfigDesignTokensInput, type ApplyConfigHookInput, type ApplyConfigInput, type ApplyConfigModelInput, type ApplyConfigOperationInput, type ApplyConfigPlacementInput, type ApplyConfigProjectInput, type ApplyConfigProjectSettingsInput, type ApplyConfigRelyingPartyInput, type ApplyConfigRelyingPartyLoginMethods, type ApplyConfigScheduleInput, type ApplyConfigSegmentInput, type EnumFieldConfig, type EnumFieldDefinitionInput, type EnumFieldOption, type FieldAccessInput, type FieldDefinitionInput, type FoirSecretsConfig, type LookupDefinitionInput, type QuotaRule, type SecretDeclaration, type SecretOwnerKind, type SelectFieldConfig, type SelectFieldDefinitionInput, defineAuthProvider, defineConfig, defineDesignTokens, defineEnumField, defineField, defineHook, defineModel, defineOperation, definePlacement, defineRelyingParty, defineSchedule, defineSecrets, defineSegment, defineSelectField };

package/dist/lib/config-helpers.js CHANGED Viewed

@@ -29,6 +29,9 @@ function defineSchedule(schedule) {
 function defineAuthProvider(provider) {
   return provider;
 }
+function defineRelyingParty(client) {
+  return client;
+}
 function defineHook(hook) {
   return hook;
 }
@@ -48,6 +51,7 @@ export {
   defineModel,
   defineOperation,
   definePlacement,
+  defineRelyingParty,
   defineSchedule,
   defineSecrets,
   defineSegment,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@eide/foir-cli",
-  "version": "0.50.0",
+  "version": "0.52.0",
   "description": "Universal platform CLI for Foir platform",
   "type": "module",
   "publishConfig": {
@@ -55,7 +55,7 @@
     "tsx": "^4.20.0",
     "typescript": "5.9.2",
     "vitest": "^3.2.4",
-    "@eide/foir-proto-ts": "0.103.0",
+    "@foir/proto-ts": "0.106.0",
     "@foir/rpc-node": "0.0.0"
   },
   "engines": {