@maravilla-labs/platform 0.3.3 → 0.3.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config.d.ts +30 -1
- package/dist/config.js.map +1 -1
- package/dist/index.d.ts +287 -1
- package/dist/index.js +287 -40
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
- package/src/config.ts +40 -0
- package/src/index.ts +7 -1
- package/src/media.ts +2 -1
- package/src/remote-client.ts +268 -43
- package/src/ren.ts +8 -1
- package/src/request-scope.ts +133 -0
- package/src/types.ts +293 -0
package/src/types.ts
CHANGED
|
@@ -929,6 +929,245 @@ export interface UpdateUserOptions {
|
|
|
929
929
|
profile?: Record<string, any>;
|
|
930
930
|
}
|
|
931
931
|
|
|
932
|
+
// ── Groups ──
|
|
933
|
+
|
|
934
|
+
export interface AuthGroup {
|
|
935
|
+
id: string;
|
|
936
|
+
name: string;
|
|
937
|
+
description: string | null;
|
|
938
|
+
permissions: string[];
|
|
939
|
+
member_count: number;
|
|
940
|
+
created_at: number;
|
|
941
|
+
updated_at: number;
|
|
942
|
+
}
|
|
943
|
+
|
|
944
|
+
export interface CreateGroupOptions {
|
|
945
|
+
name: string;
|
|
946
|
+
description?: string;
|
|
947
|
+
permissions?: string[];
|
|
948
|
+
}
|
|
949
|
+
|
|
950
|
+
export interface UpdateGroupOptions {
|
|
951
|
+
name?: string;
|
|
952
|
+
description?: string;
|
|
953
|
+
permissions?: string[];
|
|
954
|
+
}
|
|
955
|
+
|
|
956
|
+
export interface GroupPermission {
|
|
957
|
+
resource_name: string;
|
|
958
|
+
actions: string[];
|
|
959
|
+
}
|
|
960
|
+
|
|
961
|
+
// ── Circles ──
|
|
962
|
+
|
|
963
|
+
export interface AuthCircle {
|
|
964
|
+
id: string;
|
|
965
|
+
name: string;
|
|
966
|
+
metadata: Record<string, any> | null;
|
|
967
|
+
member_count: number;
|
|
968
|
+
created_at: number;
|
|
969
|
+
updated_at: number;
|
|
970
|
+
}
|
|
971
|
+
|
|
972
|
+
export interface CreateCircleOptions {
|
|
973
|
+
name: string;
|
|
974
|
+
metadata?: Record<string, any>;
|
|
975
|
+
}
|
|
976
|
+
|
|
977
|
+
export interface UpdateCircleOptions {
|
|
978
|
+
name?: string;
|
|
979
|
+
metadata?: Record<string, any>;
|
|
980
|
+
}
|
|
981
|
+
|
|
982
|
+
export interface AddCircleMemberOptions {
|
|
983
|
+
user_id: string;
|
|
984
|
+
relationship: string;
|
|
985
|
+
is_primary_contact?: boolean;
|
|
986
|
+
}
|
|
987
|
+
|
|
988
|
+
export interface CircleMembership {
|
|
989
|
+
user_id: string;
|
|
990
|
+
email: string;
|
|
991
|
+
relationship: string;
|
|
992
|
+
is_primary_contact: boolean;
|
|
993
|
+
joined_at: number;
|
|
994
|
+
}
|
|
995
|
+
|
|
996
|
+
// ── Resources ──
|
|
997
|
+
|
|
998
|
+
export type ResourceServiceType =
|
|
999
|
+
| 'kv'
|
|
1000
|
+
| 'database'
|
|
1001
|
+
| 'realtime'
|
|
1002
|
+
| 'media'
|
|
1003
|
+
| 'vector'
|
|
1004
|
+
| 'storage'
|
|
1005
|
+
| 'queue'
|
|
1006
|
+
| 'push'
|
|
1007
|
+
| 'workflow'
|
|
1008
|
+
| 'transforms';
|
|
1009
|
+
|
|
1010
|
+
export interface Resource {
|
|
1011
|
+
id: string;
|
|
1012
|
+
resource_name: string;
|
|
1013
|
+
title: string;
|
|
1014
|
+
description: string | null;
|
|
1015
|
+
actions: string[];
|
|
1016
|
+
policy: string | null;
|
|
1017
|
+
service_type: ResourceServiceType | null;
|
|
1018
|
+
read_filter: string | null;
|
|
1019
|
+
created_at: number;
|
|
1020
|
+
updated_at: number;
|
|
1021
|
+
}
|
|
1022
|
+
|
|
1023
|
+
export interface CreateResourceOptions {
|
|
1024
|
+
resource_name: string;
|
|
1025
|
+
title: string;
|
|
1026
|
+
description?: string;
|
|
1027
|
+
actions?: string[];
|
|
1028
|
+
policy?: string;
|
|
1029
|
+
service_type?: ResourceServiceType;
|
|
1030
|
+
read_filter?: string;
|
|
1031
|
+
}
|
|
1032
|
+
|
|
1033
|
+
export interface UpdateResourceOptions {
|
|
1034
|
+
title?: string;
|
|
1035
|
+
description?: string;
|
|
1036
|
+
actions?: string[];
|
|
1037
|
+
policy?: string;
|
|
1038
|
+
service_type?: ResourceServiceType;
|
|
1039
|
+
read_filter?: string;
|
|
1040
|
+
}
|
|
1041
|
+
|
|
1042
|
+
// ── Relation types ──
|
|
1043
|
+
|
|
1044
|
+
export interface RelationType {
|
|
1045
|
+
id: string;
|
|
1046
|
+
relation_name: string;
|
|
1047
|
+
title: string;
|
|
1048
|
+
description: string | null;
|
|
1049
|
+
category: string;
|
|
1050
|
+
icon: string | null;
|
|
1051
|
+
color: string | null;
|
|
1052
|
+
inverse_relation_id: string | null;
|
|
1053
|
+
implies_stewardship: boolean;
|
|
1054
|
+
requires_minor: boolean;
|
|
1055
|
+
bidirectional: boolean;
|
|
1056
|
+
is_system: boolean;
|
|
1057
|
+
created_at: number;
|
|
1058
|
+
updated_at: number;
|
|
1059
|
+
}
|
|
1060
|
+
|
|
1061
|
+
export interface CreateRelationTypeOptions {
|
|
1062
|
+
relation_name: string;
|
|
1063
|
+
title: string;
|
|
1064
|
+
description?: string;
|
|
1065
|
+
category?: string;
|
|
1066
|
+
icon?: string;
|
|
1067
|
+
color?: string;
|
|
1068
|
+
inverse_relation_id?: string;
|
|
1069
|
+
implies_stewardship?: boolean;
|
|
1070
|
+
requires_minor?: boolean;
|
|
1071
|
+
bidirectional?: boolean;
|
|
1072
|
+
is_system?: boolean;
|
|
1073
|
+
}
|
|
1074
|
+
|
|
1075
|
+
export interface UpdateRelationTypeOptions {
|
|
1076
|
+
title?: string;
|
|
1077
|
+
description?: string;
|
|
1078
|
+
category?: string;
|
|
1079
|
+
icon?: string;
|
|
1080
|
+
color?: string;
|
|
1081
|
+
inverse_relation_id?: string;
|
|
1082
|
+
implies_stewardship?: boolean;
|
|
1083
|
+
requires_minor?: boolean;
|
|
1084
|
+
bidirectional?: boolean;
|
|
1085
|
+
}
|
|
1086
|
+
|
|
1087
|
+
// ── Auth config (extended) ──
|
|
1088
|
+
|
|
1089
|
+
export interface AuthConfig {
|
|
1090
|
+
fields: AuthField[];
|
|
1091
|
+
oauth_providers: any[];
|
|
1092
|
+
branding: Record<string, any>;
|
|
1093
|
+
password_policy: Record<string, any>;
|
|
1094
|
+
session_config: Record<string, any>;
|
|
1095
|
+
}
|
|
1096
|
+
|
|
1097
|
+
// ── Stewardship ──
|
|
1098
|
+
|
|
1099
|
+
export type DelegationMode = 'full' | 'scoped';
|
|
1100
|
+
export type StewardshipStatus = 'active' | 'suspended' | 'revoked' | 'expired';
|
|
1101
|
+
|
|
1102
|
+
export interface ScopedPermission {
|
|
1103
|
+
resource: string;
|
|
1104
|
+
actions: string[];
|
|
1105
|
+
}
|
|
1106
|
+
|
|
1107
|
+
export interface StewardshipOverride {
|
|
1108
|
+
id: string;
|
|
1109
|
+
steward_id: string;
|
|
1110
|
+
ward_id: string;
|
|
1111
|
+
delegation_mode: DelegationMode;
|
|
1112
|
+
scoped_permissions: ScopedPermission[];
|
|
1113
|
+
valid_from: number | null;
|
|
1114
|
+
valid_until: number | null;
|
|
1115
|
+
status: StewardshipStatus;
|
|
1116
|
+
reason: string | null;
|
|
1117
|
+
source: string;
|
|
1118
|
+
source_circle_id: string | null;
|
|
1119
|
+
source_relation_type_id: string | null;
|
|
1120
|
+
created_at: number;
|
|
1121
|
+
updated_at: number;
|
|
1122
|
+
}
|
|
1123
|
+
|
|
1124
|
+
export interface CreateStewardshipOverrideOptions {
|
|
1125
|
+
steward_id: string;
|
|
1126
|
+
ward_id: string;
|
|
1127
|
+
delegation_mode?: DelegationMode;
|
|
1128
|
+
scoped_permissions?: ScopedPermission[];
|
|
1129
|
+
valid_from?: number;
|
|
1130
|
+
valid_until?: number;
|
|
1131
|
+
reason?: string;
|
|
1132
|
+
}
|
|
1133
|
+
|
|
1134
|
+
export interface StewardshipResolution {
|
|
1135
|
+
stewards: StewardshipOverride[];
|
|
1136
|
+
wards: StewardshipOverride[];
|
|
1137
|
+
}
|
|
1138
|
+
|
|
1139
|
+
export interface ActAsContext {
|
|
1140
|
+
steward_id: string;
|
|
1141
|
+
ward_id: string;
|
|
1142
|
+
delegation_mode: DelegationMode;
|
|
1143
|
+
scoped_permissions: ScopedPermission[];
|
|
1144
|
+
session_token: string;
|
|
1145
|
+
expires_at: number;
|
|
1146
|
+
}
|
|
1147
|
+
|
|
1148
|
+
export interface StewardshipAuditEntry {
|
|
1149
|
+
id: string;
|
|
1150
|
+
performed_by: string;
|
|
1151
|
+
on_behalf_of: string;
|
|
1152
|
+
action: string;
|
|
1153
|
+
resource: string | null;
|
|
1154
|
+
details: Record<string, any> | null;
|
|
1155
|
+
created_at: number;
|
|
1156
|
+
}
|
|
1157
|
+
|
|
1158
|
+
/**
|
|
1159
|
+
* Sub-namespace exposed at `platform.auth.stewardship` mirroring the
|
|
1160
|
+
* runtime's `globalThis.platform.auth.stewardship.*` surface.
|
|
1161
|
+
*/
|
|
1162
|
+
export interface AuthStewardshipApi {
|
|
1163
|
+
resolve(userId: string): Promise<StewardshipResolution>;
|
|
1164
|
+
createOverride(opts: CreateStewardshipOverrideOptions): Promise<StewardshipOverride>;
|
|
1165
|
+
revoke(id: string): Promise<void>;
|
|
1166
|
+
checkPermission(stewardId: string, wardId: string, resource: string, action: string): Promise<boolean>;
|
|
1167
|
+
createActAs(stewardId: string, wardId: string): Promise<ActAsContext>;
|
|
1168
|
+
listAudit(userId: string, options?: { limit?: number; offset?: number }): Promise<StewardshipAuditEntry[]>;
|
|
1169
|
+
}
|
|
1170
|
+
|
|
932
1171
|
/**
|
|
933
1172
|
* Auth service for end-user authentication and user management.
|
|
934
1173
|
*
|
|
@@ -1091,6 +1330,60 @@ export interface AuthService {
|
|
|
1091
1330
|
handler: T
|
|
1092
1331
|
): (request: Request) => Promise<Response>;
|
|
1093
1332
|
|
|
1333
|
+
// ── Groups (RBAC) ──
|
|
1334
|
+
|
|
1335
|
+
createGroup(options: CreateGroupOptions): Promise<AuthGroup>;
|
|
1336
|
+
listGroups(): Promise<AuthGroup[]>;
|
|
1337
|
+
getGroup(groupId: string): Promise<AuthGroup | null>;
|
|
1338
|
+
updateGroup(groupId: string, options: UpdateGroupOptions): Promise<AuthGroup>;
|
|
1339
|
+
deleteGroup(groupId: string): Promise<void>;
|
|
1340
|
+
addUserToGroup(userId: string, groupId: string): Promise<void>;
|
|
1341
|
+
removeUserFromGroup(userId: string, groupId: string): Promise<void>;
|
|
1342
|
+
getUserGroups(userId: string): Promise<AuthGroup[]>;
|
|
1343
|
+
getGroupMembers(groupId: string): Promise<AuthUser[]>;
|
|
1344
|
+
getGroupPermissions(groupId: string): Promise<GroupPermission[]>;
|
|
1345
|
+
setGroupPermissions(groupId: string, permissions: GroupPermission[]): Promise<void>;
|
|
1346
|
+
|
|
1347
|
+
// ── Circles ──
|
|
1348
|
+
|
|
1349
|
+
createCircle(options: CreateCircleOptions): Promise<AuthCircle>;
|
|
1350
|
+
listCircles(): Promise<AuthCircle[]>;
|
|
1351
|
+
getCircle(circleId: string): Promise<AuthCircle | null>;
|
|
1352
|
+
updateCircle(circleId: string, options: UpdateCircleOptions): Promise<AuthCircle>;
|
|
1353
|
+
deleteCircle(circleId: string): Promise<void>;
|
|
1354
|
+
addCircleMember(circleId: string, options: AddCircleMemberOptions): Promise<void>;
|
|
1355
|
+
removeCircleMember(circleId: string, userId: string): Promise<void>;
|
|
1356
|
+
getCircleMembers(circleId: string): Promise<CircleMembership[]>;
|
|
1357
|
+
getUserCircles(userId: string): Promise<AuthCircle[]>;
|
|
1358
|
+
|
|
1359
|
+
// ── Resources ──
|
|
1360
|
+
|
|
1361
|
+
createResource(options: CreateResourceOptions): Promise<Resource>;
|
|
1362
|
+
listResources(): Promise<Resource[]>;
|
|
1363
|
+
updateResource(resourceId: string, options: UpdateResourceOptions): Promise<Resource>;
|
|
1364
|
+
deleteResource(resourceId: string): Promise<void>;
|
|
1365
|
+
|
|
1366
|
+
// ── Relation types ──
|
|
1367
|
+
|
|
1368
|
+
createRelationType(options: CreateRelationTypeOptions): Promise<RelationType>;
|
|
1369
|
+
listRelationTypes(): Promise<RelationType[]>;
|
|
1370
|
+
updateRelationType(id: string, options: UpdateRelationTypeOptions): Promise<RelationType>;
|
|
1371
|
+
deleteRelationType(id: string): Promise<void>;
|
|
1372
|
+
|
|
1373
|
+
// ── Profile ──
|
|
1374
|
+
|
|
1375
|
+
getProfile(userId: string): Promise<Record<string, any>>;
|
|
1376
|
+
setProfile(userId: string, data: Record<string, any>): Promise<void>;
|
|
1377
|
+
|
|
1378
|
+
// ── Auth config ──
|
|
1379
|
+
|
|
1380
|
+
getAuthConfig(): Promise<AuthConfig>;
|
|
1381
|
+
setAuthConfig(config: AuthConfig): Promise<void>;
|
|
1382
|
+
|
|
1383
|
+
// ── Stewardship (sub-namespace mirroring the runtime bridge) ──
|
|
1384
|
+
|
|
1385
|
+
readonly stewardship: AuthStewardshipApi;
|
|
1386
|
+
|
|
1094
1387
|
// ── Request-scoped identity + authorization ──
|
|
1095
1388
|
//
|
|
1096
1389
|
// These methods operate on the **current request's** caller context.
|