npm - @objectstack/plugin-security - Versions diffs - 3.0.3 → 3.0.4 - Mend

@objectstack/plugin-security 3.0.3 → 3.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/.turbo/turbo-build.log CHANGED Viewed

@@ -1,5 +1,5 @@
-> @objectstack/plugin-security@3.0.3 build /home/runner/work/spec/spec/packages/plugins/plugin-security
+> @objectstack/plugin-security@3.0.4 build /home/runner/work/spec/spec/packages/plugins/plugin-security
 > tsup --config ../../../tsup.config.ts
 [34mCLI[39m Building entry: src/index.ts
@@ -12,11 +12,11 @@
 [34mCJS[39m Build start
 [32mESM[39m [1mdist/index.mjs     [22m[32m9.76 KB[39m
 [32mESM[39m [1mdist/index.mjs.map [22m[32m21.06 KB[39m
-[32mESM[39m ⚡️ Build success in 57ms
+[32mESM[39m ⚡️ Build success in 87ms
 [32mCJS[39m [1mdist/index.js     [22m[32m10.89 KB[39m
 [32mCJS[39m [1mdist/index.js.map [22m[32m21.59 KB[39m
-[32mCJS[39m ⚡️ Build success in 57ms
+[32mCJS[39m ⚡️ Build success in 83ms
 [34mDTS[39m Build start
-[32mDTS[39m ⚡️ Build success in 7856ms
+[32mDTS[39m ⚡️ Build success in 8856ms
 [32mDTS[39m [1mdist/index.d.mts [22m[32m4.30 KB[39m
 [32mDTS[39m [1mdist/index.d.ts  [22m[32m4.30 KB[39m

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,13 @@
 # @objectstack/plugin-security
+## 3.0.4
+### Patch Changes
+- Updated dependencies [d738987]
+  - @objectstack/spec@3.0.4
+  - @objectstack/core@3.0.4
 ## 3.0.3
 ### Patch Changes

package/README.md ADDED Viewed

@@ -0,0 +1,48 @@
+# @objectstack/plugin-security
+Security Plugin for ObjectStack — RBAC, Row-Level Security (RLS), and Field-Level Security runtime.
+## Features
+- **RBAC Permission Evaluator**: Checks object-level CRUD permissions per user role with most-permissive merging across multiple roles.
+- **Row-Level Security (RLS)**: Compiles RLS policy expressions into ObjectQL query filters, automatically injected into all read operations.
+- **Field-Level Masking**: Strips non-readable fields from query results and identifies non-editable fields.
+- **ObjectQL Middleware Integration**: Hooks into the ObjectQL pipeline to enforce security transparently on every operation.
+- **System Bypass**: System-level operations skip security checks for internal workflows.
+## Usage
+```typescript
+import { SecurityPlugin } from '@objectstack/plugin-security';
+import { ObjectKernel } from '@objectstack/core';
+const kernel = new ObjectKernel({
+  plugins: [
+    new SecurityPlugin(),
+  ],
+});
+```
+### Exported Components
+```typescript
+import {
+  SecurityPlugin,
+  PermissionEvaluator,
+  RLSCompiler,
+  FieldMasker,
+} from '@objectstack/plugin-security';
+```
+## Architecture
+The plugin registers three core services and executes a 4-step security chain on every data operation:
+1. **Resolve Permission Sets** — Match user roles to permission set definitions from metadata.
+2. **Check Object Permissions** — Validate CRUD access (`allowRead`, `allowCreate`, `allowEdit`, `allowDelete`).
+3. **Inject RLS Filters** — Compile row-level policy expressions and merge them into the query.
+4. **Mask Fields** — Remove restricted fields from results based on field-level permissions.
+## License
+Apache-2.0 © ObjectStack

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@objectstack/plugin-security",
-  "version": "3.0.3",
+  "version": "3.0.4",
   "license": "Apache-2.0",
   "description": "Security Plugin for ObjectStack — RBAC, RLS, and Field-Level Security Runtime",
   "main": "dist/index.js",
@@ -13,8 +13,8 @@
     }
   },
   "dependencies": {
-    "@objectstack/core": "3.0.3",
-    "@objectstack/spec": "3.0.3"
+    "@objectstack/core": "3.0.4",
+    "@objectstack/spec": "3.0.4"
   },
   "devDependencies": {
     "@types/node": "^25.2.2",