@graphit/cli 0.1.21 → 0.1.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@graphit/cli",
3
- "version": "0.1.21",
3
+ "version": "0.1.22",
4
4
  "description": "Graphit CLI - Build custom dashboards from any AI coding assistant",
5
5
  "type": "module",
6
6
  "bin": {
@@ -22,6 +22,16 @@ If the output includes an "Update available" banner, tell the user to update bef
22
22
  When any `graphit` command fails with an unexpected error (unknown command, unrecognized flag, non-zero exit with unclear message), suggest `npm update -g @graphit/cli` before investigating further. Outdated CLI versions are the most common cause of unexpected errors.
23
23
  Do NOT suggest updating for normal operational failures (expired auth, bad SQL syntax, network timeout, entity not found).
24
24
 
25
+ ## Permission Errors
26
+
27
+ The CLI enforces the same permission model as the platform. Three error codes to know:
28
+
29
+ - **403 "This feature requires an Analyst seat"** - viewer-seat users are blocked from all CLI commands except `graphit auth` and `graphit me`. The CLI is an analyst tool; viewers use the platform UI.
30
+ - **404 "not found"** - returned for dashboards the user cannot access (private dashboards owned by others, team dashboards the user is not on). The API intentionally does not distinguish "does not exist" from "you cannot access it" to prevent ID enumeration.
31
+ - **423 "Shared dashboard requires an active editing session"** - shared dashboard mutations require the user to enter Edit mode on the platform first (see constraint #4 below).
32
+
33
+ Connector create/delete are restricted to org admins (owner/admin role). Non-admin analysts get 403 on these commands.
34
+
25
35
  ## After Setup
26
36
 
27
37
  After `graphit setup` completes successfully, offer to add a Graphit section to the project's CLAUDE.md (or AGENTS.md for Codex) so future sessions know Graphit is available without activating the skill. Suggested snippet:
@@ -52,8 +52,12 @@ KB asset references are derived automatically from `{{metric:X}}` / `{{dim:X}}`
52
52
 
53
53
  **Label = visible title.** The `data-graphit-label` MUST match the card's visible heading exactly.
54
54
 
55
- ### 4. Shared dashboards require Edit mode on the platform
56
- Dashboards shared with teams are protected by an editing session lock. The CLI cannot acquire editing sessions - mutations (`dashboard update-html`, `dashboard update-entity`) on a shared dashboard will fail with 423. Tell the user to open the dashboard on the Graphit platform and click **Edit** first. Private dashboards are unaffected.
55
+ ### 4. Permission errors
56
+ The CLI enforces the same permission model as the platform:
57
+ - **403 "Analyst seat required"** - viewer-seat users are blocked from all CLI commands except `graphit auth` and `graphit me`. Viewers use the platform UI.
58
+ - **404 "not found"** - returned for dashboards the user cannot access (private dashboards owned by others, team dashboards the user is not on). The API does not distinguish "does not exist" from "you cannot access it."
59
+ - **423 "Shared dashboard requires an active editing session"** - shared dashboard mutations require the user to enter Edit mode on the platform first. Tell the user to open the dashboard and click **Edit**. Private dashboards are unaffected.
60
+ - Connector create/delete are restricted to org admins (owner/admin role).
57
61
 
58
62
  ### 5. ALWAYS use graphit.resolve() for live data
59
63
  NEVER embed query results as static JS variables. The dashboard iframe provides `graphit.resolve()` which fetches live data from cached data sources on every page load.