@geoly-ai/social-hub-cli 0.0.12 → 0.0.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +16 -0
- package/dist/admin-index-gates.test.d.ts +2 -0
- package/dist/admin-index-gates.test.d.ts.map +1 -0
- package/dist/admin-index-gates.test.js +33 -0
- package/dist/admin-index-gates.test.js.map +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +810 -63
- package/dist/index.js.map +1 -1
- package/dist/index.test.js +87 -5
- package/dist/index.test.js.map +1 -1
- package/dist/permission-runner.d.ts +11 -0
- package/dist/permission-runner.d.ts.map +1 -0
- package/dist/permission-runner.js +30 -0
- package/dist/permission-runner.js.map +1 -0
- package/dist/permission-runner.test.d.ts +2 -0
- package/dist/permission-runner.test.d.ts.map +1 -0
- package/dist/permission-runner.test.js +69 -0
- package/dist/permission-runner.test.js.map +1 -0
- package/dist/permissions-gates-admin.d.ts +4 -0
- package/dist/permissions-gates-admin.d.ts.map +1 -0
- package/dist/permissions-gates-admin.js +80 -0
- package/dist/permissions-gates-admin.js.map +1 -0
- package/dist/permissions-gates-admin.test.d.ts +2 -0
- package/dist/permissions-gates-admin.test.d.ts.map +1 -0
- package/dist/permissions-gates-admin.test.js +25 -0
- package/dist/permissions-gates-admin.test.js.map +1 -0
- package/dist/permissions.d.ts.map +1 -1
- package/dist/permissions.js +2 -3
- package/dist/permissions.js.map +1 -1
- package/dist/register-admin.d.ts.map +1 -1
- package/dist/register-admin.js +343 -29
- package/dist/register-admin.js.map +1 -1
- package/dist/register-extensions.d.ts.map +1 -1
- package/dist/register-extensions.js +26 -19
- package/dist/register-extensions.js.map +1 -1
- package/dist/register-shared.js +1 -1
- package/dist/register-shared.js.map +1 -1
- package/package.json +2 -2
- package/skills/README.md +7 -5
- package/skills/manifest.json +17 -7
- package/skills/social-hub-accounts/SKILL.md +46 -13
- package/skills/social-hub-admin/SKILL.md +76 -10
- package/skills/social-hub-calendar-jobs/SKILL.md +26 -10
- package/skills/social-hub-cli/SKILL.md +35 -191
- package/skills/social-hub-cli/evals/evals.json +4 -4
- package/skills/social-hub-events-observability/SKILL.md +50 -0
- package/skills/social-hub-graph-compliance/SKILL.md +60 -0
- package/skills/social-hub-intelligence/SKILL.md +72 -7
- package/skills/social-hub-migration/SKILL.md +18 -5
- package/skills/social-hub-openclaw-context/SKILL.md +23 -8
- package/skills/social-hub-ops-runtime/SKILL.md +10 -5
- package/skills/social-hub-posts/SKILL.md +56 -23
- package/skills/social-hub-posts/evals/evals.json +23 -0
- package/skills/social-hub-publishing/SKILL.md +75 -11
- package/skills/social-hub-shared/SKILL.md +8 -4
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
|
|
2
|
+
const mockGetAuthContext = vi.fn();
|
|
3
|
+
const mockListAgentTeams = vi.fn();
|
|
4
|
+
const mockListApiKeys = vi.fn();
|
|
5
|
+
vi.mock("./client.js", () => ({
|
|
6
|
+
requireClient: () => ({
|
|
7
|
+
getAuthContext: mockGetAuthContext,
|
|
8
|
+
listAgentTeams: mockListAgentTeams,
|
|
9
|
+
listApiKeys: mockListApiKeys,
|
|
10
|
+
}),
|
|
11
|
+
resolveTeamId: (id) => id ?? "team-ctx",
|
|
12
|
+
}));
|
|
13
|
+
describe("withPermissionGate", () => {
|
|
14
|
+
beforeEach(() => {
|
|
15
|
+
mockGetAuthContext.mockReset();
|
|
16
|
+
mockListAgentTeams.mockReset();
|
|
17
|
+
mockListApiKeys.mockReset();
|
|
18
|
+
vi.spyOn(process, "exit").mockImplementation((() => {
|
|
19
|
+
throw new Error("process.exit");
|
|
20
|
+
}));
|
|
21
|
+
vi.spyOn(console, "error").mockImplementation(() => { });
|
|
22
|
+
});
|
|
23
|
+
afterEach(() => {
|
|
24
|
+
vi.restoreAllMocks();
|
|
25
|
+
});
|
|
26
|
+
it("blocks client role from agent-teams list before SDK call", async () => {
|
|
27
|
+
mockGetAuthContext.mockResolvedValue({ role: "client", kind: "user" });
|
|
28
|
+
const { withPermissionGate } = await import("./permission-runner.js");
|
|
29
|
+
await expect(withPermissionGate({
|
|
30
|
+
command: "agent-teams list",
|
|
31
|
+
resource: "agentTeam",
|
|
32
|
+
action: "list",
|
|
33
|
+
}, async () => {
|
|
34
|
+
await mockListAgentTeams();
|
|
35
|
+
})).rejects.toThrow("process.exit");
|
|
36
|
+
expect(mockListAgentTeams).not.toHaveBeenCalled();
|
|
37
|
+
expect(process.exit).toHaveBeenCalledWith(1);
|
|
38
|
+
});
|
|
39
|
+
it("allows admin role and runs callback", async () => {
|
|
40
|
+
mockGetAuthContext.mockResolvedValue({ role: "admin", kind: "user" });
|
|
41
|
+
const { withPermissionGate } = await import("./permission-runner.js");
|
|
42
|
+
await withPermissionGate({
|
|
43
|
+
command: "agent-teams list",
|
|
44
|
+
resource: "agentTeam",
|
|
45
|
+
action: "list",
|
|
46
|
+
}, async () => {
|
|
47
|
+
await mockListAgentTeams();
|
|
48
|
+
});
|
|
49
|
+
expect(mockListAgentTeams).toHaveBeenCalledOnce();
|
|
50
|
+
});
|
|
51
|
+
it("rejects API key bound to a different team", async () => {
|
|
52
|
+
mockGetAuthContext.mockResolvedValue({
|
|
53
|
+
role: "admin",
|
|
54
|
+
kind: "api_key",
|
|
55
|
+
teamId: "team-a",
|
|
56
|
+
});
|
|
57
|
+
const { withPermissionGate } = await import("./permission-runner.js");
|
|
58
|
+
await expect(withPermissionGate({
|
|
59
|
+
command: "api-keys list",
|
|
60
|
+
resource: "apiKey",
|
|
61
|
+
action: "list",
|
|
62
|
+
teamId: "team-b",
|
|
63
|
+
}, async () => {
|
|
64
|
+
await mockListApiKeys();
|
|
65
|
+
})).rejects.toThrow("process.exit");
|
|
66
|
+
expect(mockListApiKeys).not.toHaveBeenCalled();
|
|
67
|
+
});
|
|
68
|
+
});
|
|
69
|
+
//# sourceMappingURL=permission-runner.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permission-runner.test.js","sourceRoot":"","sources":["../src/permission-runner.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAEzE,MAAM,kBAAkB,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;AACnC,MAAM,kBAAkB,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;AACnC,MAAM,eAAe,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;AAEhC,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,GAAG,EAAE,CAAC,CAAC;IAC5B,aAAa,EAAE,GAAG,EAAE,CAAC,CAAC;QACpB,cAAc,EAAE,kBAAkB;QAClC,cAAc,EAAE,kBAAkB;QAClC,WAAW,EAAE,eAAe;KAC7B,CAAC;IACF,aAAa,EAAE,CAAC,EAAW,EAAE,EAAE,CAAC,EAAE,IAAI,UAAU;CACjD,CAAC,CAAC,CAAC;AAEJ,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,UAAU,CAAC,GAAG,EAAE;QACd,kBAAkB,CAAC,SAAS,EAAE,CAAC;QAC/B,kBAAkB,CAAC,SAAS,EAAE,CAAC;QAC/B,eAAe,CAAC,SAAS,EAAE,CAAC;QAC5B,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,kBAAkB,CAAC,CAAC,GAAG,EAAE;YACjD,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;QAClC,CAAC,CAAU,CAAC,CAAC;QACb,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,EAAE,CAAC,eAAe,EAAE,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,kBAAkB,CAAC,iBAAiB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QACvE,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;QAEtE,MAAM,MAAM,CACV,kBAAkB,CAChB;YACE,OAAO,EAAE,kBAAkB;YAC3B,QAAQ,EAAE,WAAW;YACrB,MAAM,EAAE,MAAM;SACf,EACD,KAAK,IAAI,EAAE;YACT,MAAM,kBAAkB,EAAE,CAAC;QAC7B,CAAC,CACF,CACF,CAAC,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAElC,MAAM,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAClD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACnD,kBAAkB,CAAC,iBAAiB,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QACtE,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;QAEtE,MAAM,kBAAkB,CACtB;YACE,OAAO,EAAE,kBAAkB;YAC3B,QAAQ,EAAE,WAAW;YACrB,MAAM,EAAE,MAAM;SACf,EACD,KAAK,IAAI,EAAE;YACT,MAAM,kBAAkB,EAAE,CAAC;QAC7B,CAAC,CACF,CAAC;QAEF,MAAM,CAAC,kBAAkB,CAAC,CAAC,oBAAoB,EAAE,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;QACzD,kBAAkB,CAAC,iBAAiB,CAAC;YACnC,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,QAAQ;SACjB,CAAC,CAAC;QACH,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;QAEtE,MAAM,MAAM,CACV,kBAAkB,CAChB;YACE,OAAO,EAAE,eAAe;YACxB,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,QAAQ;SACjB,EACD,KAAK,IAAI,EAAE;YACT,MAAM,eAAe,EAAE,CAAC;QAC1B,CAAC,CACF,CACF,CAAC,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAElC,MAAM,CAAC,eAAe,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IACjD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permissions-gates-admin.d.ts","sourceRoot":"","sources":["../src/permissions-gates-admin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAE1D,uDAAuD;AACvD,eAAO,MAAM,sBAAsB,EAAE,iBAAiB,EA6ErD,CAAC"}
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
/** Admin-domain CLI gates (social-hub-admin skill). */
|
|
2
|
+
export const ADMIN_PERMISSION_GATES = [
|
|
3
|
+
{ command: "settings list", resource: "systemSetting", action: "list" },
|
|
4
|
+
{ command: "settings get", resource: "systemSetting", action: "read" },
|
|
5
|
+
{ command: "settings set", resource: "systemSetting", action: "update" },
|
|
6
|
+
{ command: "settings batch-set", resource: "systemSetting", action: "update" },
|
|
7
|
+
{ command: "invites list", resource: "invite", action: "list" },
|
|
8
|
+
{ command: "invites create", resource: "invite", action: "create" },
|
|
9
|
+
{ command: "invites revoke", resource: "invite", action: "delete" },
|
|
10
|
+
{ command: "members list", resource: "systemMember", action: "list" },
|
|
11
|
+
{ command: "members system-teams", resource: "systemMember", action: "list" },
|
|
12
|
+
{ command: "members update-role", resource: "systemMember", action: "update" },
|
|
13
|
+
{ command: "members remove", resource: "systemMember", action: "delete" },
|
|
14
|
+
{ command: "members teams-list", resource: "systemMember", action: "read" },
|
|
15
|
+
{ command: "members teams-add", resource: "systemMember", action: "create" },
|
|
16
|
+
{ command: "members teams-remove", resource: "systemMember", action: "delete" },
|
|
17
|
+
{ command: "members team-list", resource: "systemMember", action: "list" },
|
|
18
|
+
{
|
|
19
|
+
command: "members team-update-role",
|
|
20
|
+
resource: "systemMember",
|
|
21
|
+
action: "update",
|
|
22
|
+
},
|
|
23
|
+
{ command: "members team-remove", resource: "systemMember", action: "delete" },
|
|
24
|
+
{ command: "agent-teams list", resource: "agentTeam", action: "list" },
|
|
25
|
+
{
|
|
26
|
+
command: "agent-teams workspace-docs",
|
|
27
|
+
resource: "agentTeam",
|
|
28
|
+
action: "read",
|
|
29
|
+
},
|
|
30
|
+
{ command: "agent-teams create", resource: "agentTeam", action: "create" },
|
|
31
|
+
{ command: "agent-teams update", resource: "agentTeam", action: "update" },
|
|
32
|
+
{
|
|
33
|
+
command: "agent-teams add-member",
|
|
34
|
+
resource: "agentTeam",
|
|
35
|
+
action: "update",
|
|
36
|
+
},
|
|
37
|
+
{ command: "users list", resource: "systemMember", action: "list" },
|
|
38
|
+
{ command: "users create", resource: "systemMember", action: "create" },
|
|
39
|
+
{ command: "users system-list", resource: "systemMember", action: "list" },
|
|
40
|
+
{ command: "users system-create", resource: "systemMember", action: "create" },
|
|
41
|
+
{
|
|
42
|
+
command: "brand-members system-list",
|
|
43
|
+
resource: "systemBrand",
|
|
44
|
+
action: "list",
|
|
45
|
+
},
|
|
46
|
+
{
|
|
47
|
+
command: "brand-members system-create",
|
|
48
|
+
resource: "brandMember",
|
|
49
|
+
action: "create",
|
|
50
|
+
},
|
|
51
|
+
{
|
|
52
|
+
command: "brand-members system-remove",
|
|
53
|
+
resource: "brandMember",
|
|
54
|
+
action: "delete",
|
|
55
|
+
},
|
|
56
|
+
{ command: "brand-members list", resource: "brandMember", action: "list" },
|
|
57
|
+
{ command: "brand-members create", resource: "brandMember", action: "create" },
|
|
58
|
+
{ command: "brand-members remove", resource: "brandMember", action: "delete" },
|
|
59
|
+
{ command: "api-keys list", resource: "apiKey", action: "list" },
|
|
60
|
+
{ command: "api-keys create", resource: "apiKey", action: "create" },
|
|
61
|
+
{ command: "api-keys delete", resource: "apiKey", action: "delete" },
|
|
62
|
+
{ command: "api-keys rotate", resource: "apiKey", action: "update" },
|
|
63
|
+
{
|
|
64
|
+
command: "api-keys batch-revoke",
|
|
65
|
+
resource: "apiKey",
|
|
66
|
+
action: "delete",
|
|
67
|
+
},
|
|
68
|
+
{
|
|
69
|
+
command: "api-keys batch-rotate",
|
|
70
|
+
resource: "apiKey",
|
|
71
|
+
action: "update",
|
|
72
|
+
},
|
|
73
|
+
{
|
|
74
|
+
command: "permissions-update",
|
|
75
|
+
resource: "permissionMatrix",
|
|
76
|
+
action: "update",
|
|
77
|
+
note: "admin only",
|
|
78
|
+
},
|
|
79
|
+
];
|
|
80
|
+
//# sourceMappingURL=permissions-gates-admin.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permissions-gates-admin.js","sourceRoot":"","sources":["../src/permissions-gates-admin.ts"],"names":[],"mappings":"AAEA,uDAAuD;AACvD,MAAM,CAAC,MAAM,sBAAsB,GAAwB;IACzD,EAAE,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,EAAE;IACvE,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,EAAE;IACtE,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,EAAE;IACxE,EAAE,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,EAAE;IAC9E,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE;IAC/D,EAAE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE;IACnE,EAAE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE;IACnE,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE;IACrE,EAAE,OAAO,EAAE,sBAAsB,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE;IAC7E,EAAE,OAAO,EAAE,qBAAqB,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE;IAC9E,EAAE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE;IACzE,EAAE,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE;IAC3E,EAAE,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE;IAC5E,EAAE,OAAO,EAAE,sBAAsB,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE;IAC/E,EAAE,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE;IAC1E;QACE,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,cAAc;QACxB,MAAM,EAAE,QAAQ;KACjB;IACD,EAAE,OAAO,EAAE,qBAAqB,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE;IAC9E,EAAE,OAAO,EAAE,kBAAkB,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE;IACtE;QACE,OAAO,EAAE,4BAA4B;QACrC,QAAQ,EAAE,WAAW;QACrB,MAAM,EAAE,MAAM;KACf;IACD,EAAE,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE;IAC1E,EAAE,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE;IAC1E;QACE,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,WAAW;QACrB,MAAM,EAAE,QAAQ;KACjB;IACD,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE;IACnE,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE;IACvE,EAAE,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE;IAC1E,EAAE,OAAO,EAAE,qBAAqB,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE;IAC9E;QACE,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,aAAa;QACvB,MAAM,EAAE,MAAM;KACf;IACD;QACE,OAAO,EAAE,6BAA6B;QACtC,QAAQ,EAAE,aAAa;QACvB,MAAM,EAAE,QAAQ;KACjB;IACD;QACE,OAAO,EAAE,6BAA6B;QACtC,QAAQ,EAAE,aAAa;QACvB,MAAM,EAAE,QAAQ;KACjB;IACD,EAAE,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,EAAE;IAC1E,EAAE,OAAO,EAAE,sBAAsB,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,QAAQ,EAAE;IAC9E,EAAE,OAAO,EAAE,sBAAsB,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,QAAQ,EAAE;IAC9E,EAAE,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE;IAChE,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE;IACpE,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE;IACpE,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE;IACpE;QACE,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IACD;QACE,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IACD;QACE,OAAO,EAAE,oBAAoB;QAC7B,QAAQ,EAAE,kBAAkB;QAC5B,MAAM,EAAE,QAAQ;QAChB,IAAI,EAAE,YAAY;KACnB;CACF,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permissions-gates-admin.test.d.ts","sourceRoot":"","sources":["../src/permissions-gates-admin.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { describe, expect, it } from "vitest";
|
|
2
|
+
import { ADMIN_PERMISSION_GATES } from "./permissions-gates-admin.js";
|
|
3
|
+
import { CLI_PERMISSION_GATES, findGateForCommand } from "./permissions.js";
|
|
4
|
+
describe("admin permission gates", () => {
|
|
5
|
+
it("maps permissions-update to permissionMatrix:update", () => {
|
|
6
|
+
const gate = findGateForCommand("permissions-update");
|
|
7
|
+
expect(gate).toEqual(expect.objectContaining({
|
|
8
|
+
resource: "permissionMatrix",
|
|
9
|
+
action: "update",
|
|
10
|
+
}));
|
|
11
|
+
});
|
|
12
|
+
it("includes invite and member team visibility commands", () => {
|
|
13
|
+
const commands = ADMIN_PERMISSION_GATES.map((g) => g.command);
|
|
14
|
+
expect(commands).toContain("invites create");
|
|
15
|
+
expect(commands).toContain("members teams-add");
|
|
16
|
+
expect(commands).toContain("members teams-list");
|
|
17
|
+
expect(commands).toContain("settings batch-set");
|
|
18
|
+
expect(commands).toContain("brand-members system-remove");
|
|
19
|
+
});
|
|
20
|
+
it("merges admin gates into CLI_PERMISSION_GATES without duplicates", () => {
|
|
21
|
+
const inviteCreate = CLI_PERMISSION_GATES.filter((g) => g.command === "invites create");
|
|
22
|
+
expect(inviteCreate).toHaveLength(1);
|
|
23
|
+
});
|
|
24
|
+
});
|
|
25
|
+
//# sourceMappingURL=permissions-gates-admin.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permissions-gates-admin.test.js","sourceRoot":"","sources":["../src/permissions-gates-admin.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAE5E,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,MAAM,IAAI,GAAG,kBAAkB,CAAC,oBAAoB,CAAC,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAClB,MAAM,CAAC,gBAAgB,CAAC;YACtB,QAAQ,EAAE,kBAAkB;YAC5B,MAAM,EAAE,QAAQ;SACjB,CAAC,CACH,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,QAAQ,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAC9D,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QAC7C,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC;QAChD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;QACjD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;QACjD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,6BAA6B,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,GAAG,EAAE;QACzE,MAAM,YAAY,GAAG,oBAAoB,CAAC,MAAM,CAC9C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,gBAAgB,CACtC,CAAC;QACF,MAAM,CAAC,YAAY,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,MAAM,EACX,KAAK,QAAQ,EACb,KAAK,IAAI,EACT,qBAAqB,EAEtB,MAAM,4BAA4B,CAAC;
|
|
1
|
+
{"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,MAAM,EACX,KAAK,QAAQ,EACb,KAAK,IAAI,EACT,qBAAqB,EAEtB,MAAM,4BAA4B,CAAC;AAGpC,MAAM,MAAM,iBAAiB,GAAG;IAC9B,yDAAyD;IACzD,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,QAAQ,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,2DAA2D;IAC3D,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,yEAAyE;AACzE,eAAO,MAAM,oBAAoB,EAAE,iBAAiB,EA4DnD,CAAC;AAEF,wBAAgB,UAAU,CACxB,IAAI,EAAE,IAAI,EACV,QAAQ,EAAE,QAAQ,EAClB,MAAM,EAAE,MAAM,GACb,OAAO,CAET;AAED,wBAAgB,sBAAsB,CAAC,KAAK,EAAE;IAC5C,IAAI,EAAE,IAAI,CAAC;IACX,QAAQ,EAAE,QAAQ,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;CACjB,GAAG,MAAM,CAQT;AAED,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,IAAI,GAAG;IACjD,IAAI,EAAE,IAAI,CAAC;IACX,MAAM,EAAE,UAAU,CAAC,OAAO,qBAAqB,CAAC,CAAC;IACjD,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B,CAYA;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE;IACzC,IAAI,EAAE,IAAI,CAAC;IACX,QAAQ,EAAE,QAAQ,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;CACjB,GAAG,IAAI,CAIP;AAED,wBAAgB,kBAAkB,CAAC,WAAW,EAAE,MAAM,GAAG,iBAAiB,GAAG,SAAS,CAErF"}
|
package/dist/permissions.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { buildPermissionMatrix, canPerformAction, } from "@geoly-ai/social-hub-authz";
|
|
2
|
+
import { ADMIN_PERMISSION_GATES } from "./permissions-gates-admin.js";
|
|
2
3
|
/** Representative write/high-risk commands mapped to authz resources. */
|
|
3
4
|
export const CLI_PERMISSION_GATES = [
|
|
4
5
|
{ command: "accounts list", resource: "socialAccount", action: "list" },
|
|
@@ -58,10 +59,8 @@ export const CLI_PERMISSION_GATES = [
|
|
|
58
59
|
},
|
|
59
60
|
{ command: "events append", resource: "task", action: "create" },
|
|
60
61
|
{ command: "jobs create", resource: "task", action: "create" },
|
|
61
|
-
{ command: "api-keys list", resource: "apiKey", action: "list" },
|
|
62
|
-
{ command: "api-keys create", resource: "apiKey", action: "create" },
|
|
63
62
|
{ command: "permissions", resource: "apiKey", action: "list" },
|
|
64
|
-
|
|
63
|
+
...ADMIN_PERMISSION_GATES,
|
|
65
64
|
];
|
|
66
65
|
export function roleAllows(role, resource, action) {
|
|
67
66
|
return canPerformAction({ role, resource, action });
|
package/dist/permissions.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissions.js","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,qBAAqB,EACrB,gBAAgB,GACjB,MAAM,4BAA4B,CAAC;
|
|
1
|
+
{"version":3,"file":"permissions.js","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,qBAAqB,EACrB,gBAAgB,GACjB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAWtE,yEAAyE;AACzE,MAAM,CAAC,MAAM,oBAAoB,GAAwB;IACvD,EAAE,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,EAAE;IACvE,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,EAAE;IACtE,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,EAAE;IAC3E,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,EAAE;IAC3E,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,EAAE;IAC3E;QACE,OAAO,EAAE,8BAA8B;QACvC,QAAQ,EAAE,eAAe;QACzB,MAAM,EAAE,MAAM;KACf;IACD;QACE,OAAO,EAAE,6BAA6B;QACtC,QAAQ,EAAE,eAAe;QACzB,MAAM,EAAE,QAAQ;KACjB;IACD;QACE,OAAO,EAAE,gCAAgC;QACzC,QAAQ,EAAE,eAAe;QACzB,MAAM,EAAE,QAAQ;KACjB;IACD;QACE,OAAO,EAAE,gCAAgC;QACzC,QAAQ,EAAE,eAAe;QACzB,MAAM,EAAE,MAAM;KACf;IACD,EAAE,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE;IACpE,EAAE,OAAO,EAAE,wBAAwB,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE;IACjF,EAAE,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE;IACxE,EAAE,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE;IACxE,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,mBAAmB,EAAE,MAAM,EAAE,MAAM,EAAE;IAC1E;QACE,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,mBAAmB;QAC7B,MAAM,EAAE,MAAM;KACf;IACD;QACE,OAAO,EAAE,oBAAoB;QAC7B,QAAQ,EAAE,qBAAqB;QAC/B,MAAM,EAAE,QAAQ;KACjB;IACD;QACE,OAAO,EAAE,gBAAgB;QACzB,QAAQ,EAAE,qBAAqB;QAC/B,MAAM,EAAE,QAAQ;KACjB;IACD;QACE,OAAO,EAAE,yBAAyB;QAClC,QAAQ,EAAE,mBAAmB;QAC7B,MAAM,EAAE,MAAM;KACf;IACD;QACE,OAAO,EAAE,qBAAqB;QAC9B,QAAQ,EAAE,oBAAoB;QAC9B,MAAM,EAAE,QAAQ;KACjB;IACD,EAAE,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE;IAChE,EAAE,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE;IAC9D,EAAE,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE;IAC9D,GAAG,sBAAsB;CAC1B,CAAC;AAEF,MAAM,UAAU,UAAU,CACxB,IAAU,EACV,QAAkB,EAClB,MAAc;IAEd,OAAO,gBAAgB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;AACtD,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,KAKtC;IACC,MAAM,KAAK,GAAG;QACZ,2BAA2B,KAAK,CAAC,OAAO,KAAK;QAC7C,kBAAkB,KAAK,CAAC,IAAI,qBAAqB,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG;QAClF,uGAAuG;QACvG,sEAAsE;KACvE,CAAC;IACF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,IAAU;IAM9C,MAAM,MAAM,GAAG,qBAAqB,EAAE,CAAC;IACvC,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,MAAM,cAAc,GAAa,EAAE,CAAC;IACpC,KAAK,MAAM,IAAI,IAAI,oBAAoB,EAAE,CAAC;QACxC,IAAI,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACjD,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrC,CAAC;aAAM,CAAC;YACN,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAKnC;IACC,IAAI,UAAU,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC;QAAE,OAAO;IACjE,OAAO,CAAC,KAAK,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAAC;IAC7C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,WAAmB;IACpD,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,WAAW,CAAC,CAAC;AACrE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"register-admin.d.ts","sourceRoot":"","sources":["../src/register-admin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"register-admin.d.ts","sourceRoot":"","sources":["../src/register-admin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAiBzC,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAwgB5D"}
|