@nwire/rbac 0.8.0 → 0.9.0

package/dist/__tests__/polish.test.js

@@ -6,7 +6,7 @@
  *   - conditionsFor (CASL rulesToQuery surface)
  */
 import { describe, it, expect } from "vitest";
-import { permission, parsePermission, resolver, ownedBy, sameTenant, authorize, conditionsFor, defineAbility, ActionDeniedError, OwnershipMismatchError, RoleMissingError, isOwnershipMismatchError, } from "../rbac";
+import { permission, parsePermission, resolver, ownedBy, sameTenant, authorize, conditionsFor, defineAbility, ActionDeniedError, OwnershipMismatchError, RoleMissingError, isOwnershipMismatchError, } from "../rbac.js";
 describe("permission() — typed strings", () => {
     it("produces resource:action format", () => {
         expect(permission("update", "Post")).toBe("update:Post");

package/dist/__tests__/rbac.test.js

@@ -15,7 +15,7 @@ import { describe, it, expect } from "vitest";
 import { z } from "zod";
 import { createApp, defineAction, defineHandler, defineModule, seedEnvelope } from "@nwire/forge";
 import { ForbiddenError } from "@nwire/auth";
-import { defineAbility, rbacPlugin, abilityFor, abilityFromCtx, subject } from "../rbac";
+import { defineAbility, rbacPlugin, abilityFor, abilityFromCtx, subject } from "../rbac.js";
 // ─── Shared fixtures ─────────────────────────────────────────────
 const buildAbility = defineAbility((user, { allow }) => {
     if (!user)

package/dist/filters.d.ts

@@ -20,7 +20,7 @@
  * bridges (`@casl/mongoose`, `@casl/prisma`, `@casl/drizzle`) drop right
  * in. We expose it; users pick their bridge.
  */
-import type { Ability } from "./rbac";
+import type { Ability } from "./rbac.js";
 /**
  * The MongoDB-style disjunctive query the ability allows for the given
  * (action, subjectType). Three return shapes:

package/dist/rbac.d.ts

@@ -109,8 +109,8 @@ export declare function abilityFor(buildAbility: (user: User | null) => Ability,
  */
 export declare function canKoa(verb: string, subj: string): import("koa").Middleware;
 export declare function abilityFromCtx(ctx: HandlerContext): Ability | null;
-export { permission, parsePermission, type Permission } from "./typed";
-export { resolver, ownedBy, sameTenant, authorize, type Resolver, type ResolverFn, } from "./resolvers";
-export { conditionsFor, type DrizzleFilterBuilder } from "./filters";
-export { ActionDeniedError, OwnershipMismatchError, ScopeMissingError, RoleMissingError, isOwnershipMismatchError, isScopeMissingError, isRoleMissingError, } from "./errors";
+export { permission, parsePermission, type Permission } from "./typed.js";
+export { resolver, ownedBy, sameTenant, authorize, type Resolver, type ResolverFn, } from "./resolvers.js";
+export { conditionsFor, type DrizzleFilterBuilder } from "./filters.js";
+export { ActionDeniedError, OwnershipMismatchError, ScopeMissingError, RoleMissingError, isOwnershipMismatchError, isScopeMissingError, isRoleMissingError, } from "./errors.js";
 //# sourceMappingURL=rbac.d.ts.map

package/dist/rbac.js

@@ -170,8 +170,8 @@ export function abilityFromCtx(ctx) {
 //   - conditionsFor → CASL accessibleBy for query-time filtering (no N+1)
 //   - structured error subclasses (OwnershipMismatchError, ScopeMissing,
 //     RoleMissing) so the API can tell the UI *why* a denial happened
-export { permission, parsePermission } from "./typed";
-export { resolver, ownedBy, sameTenant, authorize, } from "./resolvers";
-export { conditionsFor } from "./filters";
-export { ActionDeniedError, OwnershipMismatchError, ScopeMissingError, RoleMissingError, isOwnershipMismatchError, isScopeMissingError, isRoleMissingError, } from "./errors";
+export { permission, parsePermission } from "./typed.js";
+export { resolver, ownedBy, sameTenant, authorize, } from "./resolvers.js";
+export { conditionsFor } from "./filters.js";
+export { ActionDeniedError, OwnershipMismatchError, ScopeMissingError, RoleMissingError, isOwnershipMismatchError, isScopeMissingError, isRoleMissingError, } from "./errors.js";
 //# sourceMappingURL=rbac.js.map

package/dist/resolvers.js

@@ -78,7 +78,7 @@ export function sameTenant() {
  *   import { authorize, ownedBy } from "@nwire/rbac";
  *   await authorize(user, "update", post, ownedBy());
  */
-import { OwnershipMismatchError } from "./errors";
+import { OwnershipMismatchError } from "./errors.js";
 export async function authorize(user, action, subject, rule, opts = {}) {
     if (!user) {
         throw new OwnershipMismatchError({

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nwire/rbac",
-  "version": "0.8.0",
+  "version": "0.9.0",
   "description": "Nwire — RBAC + permissions wrapped around CASL. defineAbility(user => ...) declares what each user can do; rbacPlugin enforces it on every dispatch.",
   "keywords": [
     "authorization",
@@ -30,9 +30,9 @@
   "dependencies": {
     "@casl/ability": "^6.8.1",
     "koa": "^2.16.4",
-    "@nwire/auth": "0.8.0",
-    "@nwire/forge": "0.8.0",
-    "@nwire/http": "0.8.0"
+    "@nwire/auth": "0.9.0",
+    "@nwire/forge": "0.9.0",
+    "@nwire/http": "0.9.0"
   },
   "devDependencies": {
     "@types/node": "^22.19.9",
@@ -40,7 +40,7 @@
     "vitest": "^4.1.6"
   },
   "scripts": {
-    "build": "tsc",
+    "build": "tsc && node ../../scripts/fix-dist-extensions.mjs dist",
     "dev": "tsc --watch",
     "typecheck": "tsc --noEmit"
   }