@omnibase/core-js 0.2.0 → 0.3.0

package/dist/permissions/index.cjs

@@ -0,0 +1,132 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/permissions/index.ts
+var permissions_exports = {};
+__export(permissions_exports, {
+  PermissionsClient: () => PermissionsClient
+});
+module.exports = __toCommonJS(permissions_exports);
+
+// src/permissions/handler.ts
+var import_client = require("@ory/client");
+var PermissionsClient = class {
+  /**
+   * Ory Keto RelationshipApi for managing subject-object relationships
+   *
+   * Provides methods for creating, updating, and deleting relationships between
+   * subjects (users, groups) and objects (tenants, resources). This API handles
+   * write operations and is used to establish permission structures.
+   *
+   * Key methods:
+   * - `createRelationship()` - Creates a new relationship tuple
+   * - `deleteRelationships()` - Removes existing relationship tuples
+   * - `getRelationships()` - Queries existing relationships
+   * - `patchRelationships()` - Updates multiple relationships atomically
+   *
+   * @example
+   * ```typescript
+   * // Create a relationship
+   * await client.relationships.createRelationship(
+   *   undefined,
+   *   {
+   *     namespace: 'Tenant',
+   *     object: 'tenant_123',
+   *     relation: 'members',
+   *     subjectId: 'user_456'
+   *   }
+   * );
+   * ```
+   *
+   * @since 1.0.0
+   * @group Relationships
+   */
+  relationships;
+  /**
+   * Ory Keto PermissionApi for checking permissions
+   *
+   * Provides methods for querying whether a subject has a specific permission
+   * on an object. This API handles read operations and is optimized for fast
+   * permission checks in your application logic.
+   *
+   * Key methods:
+   * - `checkPermission()` - Checks if a subject has permission on an object
+   * - `checkPermissionOrError()` - Same as above but throws error if denied
+   * - `expandPermissions()` - Expands relationships to show all granted permissions
+   *
+   * @example
+   * ```typescript
+   * // Check permission
+   * const result = await client.permissions.checkPermission(
+   *   undefined,
+   *   {
+   *     namespace: 'Tenant',
+   *     object: 'tenant_123',
+   *     relation: 'view',
+   *     subjectId: 'user_456'
+   *   }
+   * );
+   *
+   * console.log('Has permission:', result.data.allowed);
+   * ```
+   *
+   * @since 1.0.0
+   * @group Permissions
+   */
+  permissions;
+  /**
+   * Creates a new PermissionsClient instance
+   *
+   * Initializes the client with separate endpoints for read and write operations.
+   * The client automatically appends the appropriate Keto API paths to the base URL
+   * for optimal performance and security separation.
+   *
+   * @param apiBaseUrl - The base URL for your Omnibase API instance
+   *
+   * @throws {Error} When the base URL is invalid or cannot be reached
+   *
+   * @example
+   * ```typescript
+   * const client = new PermissionsClient('https://api.example.com');
+   * ```
+   *
+   * @example
+   * Local development:
+   * ```typescript
+   * const client = new PermissionsClient('http://localhost:8080');
+   * ```
+   *
+   * @since 1.0.0
+   * @group Client
+   */
+  constructor(apiBaseUrl) {
+    this.relationships = new import_client.RelationshipApi(
+      void 0,
+      `${apiBaseUrl}/api/v1/permissions/write`
+    );
+    this.permissions = new import_client.PermissionApi(
+      void 0,
+      `${apiBaseUrl}/api/v1/permissions/read`
+    );
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  PermissionsClient
+});

package/dist/permissions/index.d.cts

@@ -0,0 +1,195 @@
+import { RelationshipApi, PermissionApi } from '@ory/client';
+
+/**
+ * Client for managing permissions and relationships using Ory Keto
+ *
+ * This client provides access to Ory Keto's permission system, allowing you to
+ * create, manage, and check relationships between subjects and objects. It handles
+ * both read operations (permission checks) and write operations (relationship management).
+ *
+ * The client automatically configures separate endpoints for read and write operations
+ * to optimize performance and security by following Ory Keto's recommended architecture.
+ *
+ * @example
+ * Basic permission checking:
+ * ```typescript
+ * import { PermissionsClient } from '@omnibase/core-js/permissions';
+ *
+ * const permissionsClient = new PermissionsClient('https://api.example.com');
+ *
+ * // Check if a user can view a tenant
+ * const canView = await permissionsClient.permissions.checkPermission(
+ *   undefined,
+ *   {
+ *     namespace: 'Tenant',
+ *     object: 'tenant_123',
+ *     relation: 'view',
+ *     subjectId: 'user_456'
+ *   }
+ * );
+ *
+ * if (canView.data.allowed) {
+ *   console.log('User can view the tenant');
+ * }
+ * ```
+ *
+ * @example
+ * Creating tenant relationships:
+ * ```typescript
+ * // Create a relationship making a user an owner of a tenant
+ * await permissionsClient.relationships.createRelationship(
+ *   undefined,
+ *   {
+ *     namespace: 'Tenant',
+ *     object: 'tenant_123',
+ *     relation: 'owners',
+ *     subjectId: 'user_456'
+ *   }
+ * );
+ *
+ * // Now the user has owner permissions on the tenant
+ * console.log('User is now an owner of the tenant');
+ * ```
+ *
+ * @example
+ * Complex tenant permission management:
+ * ```typescript
+ * const tenantId = 'tenant_123';
+ * const userId = 'user_456';
+ *
+ * // Grant admin permissions to a user
+ * await permissionsClient.relationships.createRelationship(
+ *   undefined,
+ *   {
+ *     namespace: 'Tenant',
+ *     object: tenantId,
+ *     relation: 'admins',
+ *     subjectId: userId
+ *   }
+ * );
+ *
+ * // Check if user can manage members (admins and owners can)
+ * const canManageMembers = await permissionsClient.permissions.checkPermission(
+ *   undefined,
+ *   {
+ *     namespace: 'Tenant',
+ *     object: tenantId,
+ *     relation: 'manage_members',
+ *     subjectId: userId
+ *   }
+ * );
+ *
+ * if (canManageMembers.data.allowed) {
+ *   // User can invite/remove members
+ *   console.log('User can manage tenant members');
+ * }
+ *
+ * // Later, remove admin permissions
+ * await permissionsClient.relationships.deleteRelationships(
+ *   undefined,
+ *   {
+ *     namespace: 'Tenant',
+ *     object: tenantId,
+ *     relation: 'admins',
+ *     subjectId: userId
+ *   }
+ * );
+ * ```
+ *
+ * @since 1.0.0
+ * @public
+ * @group Client
+ */
+declare class PermissionsClient {
+    /**
+     * Ory Keto RelationshipApi for managing subject-object relationships
+     *
+     * Provides methods for creating, updating, and deleting relationships between
+     * subjects (users, groups) and objects (tenants, resources). This API handles
+     * write operations and is used to establish permission structures.
+     *
+     * Key methods:
+     * - `createRelationship()` - Creates a new relationship tuple
+     * - `deleteRelationships()` - Removes existing relationship tuples
+     * - `getRelationships()` - Queries existing relationships
+     * - `patchRelationships()` - Updates multiple relationships atomically
+     *
+     * @example
+     * ```typescript
+     * // Create a relationship
+     * await client.relationships.createRelationship(
+     *   undefined,
+     *   {
+     *     namespace: 'Tenant',
+     *     object: 'tenant_123',
+     *     relation: 'members',
+     *     subjectId: 'user_456'
+     *   }
+     * );
+     * ```
+     *
+     * @since 1.0.0
+     * @group Relationships
+     */
+    relationships: RelationshipApi;
+    /**
+     * Ory Keto PermissionApi for checking permissions
+     *
+     * Provides methods for querying whether a subject has a specific permission
+     * on an object. This API handles read operations and is optimized for fast
+     * permission checks in your application logic.
+     *
+     * Key methods:
+     * - `checkPermission()` - Checks if a subject has permission on an object
+     * - `checkPermissionOrError()` - Same as above but throws error if denied
+     * - `expandPermissions()` - Expands relationships to show all granted permissions
+     *
+     * @example
+     * ```typescript
+     * // Check permission
+     * const result = await client.permissions.checkPermission(
+     *   undefined,
+     *   {
+     *     namespace: 'Tenant',
+     *     object: 'tenant_123',
+     *     relation: 'view',
+     *     subjectId: 'user_456'
+     *   }
+     * );
+     *
+     * console.log('Has permission:', result.data.allowed);
+     * ```
+     *
+     * @since 1.0.0
+     * @group Permissions
+     */
+    permissions: PermissionApi;
+    /**
+     * Creates a new PermissionsClient instance
+     *
+     * Initializes the client with separate endpoints for read and write operations.
+     * The client automatically appends the appropriate Keto API paths to the base URL
+     * for optimal performance and security separation.
+     *
+     * @param apiBaseUrl - The base URL for your Omnibase API instance
+     *
+     * @throws {Error} When the base URL is invalid or cannot be reached
+     *
+     * @example
+     * ```typescript
+     * const client = new PermissionsClient('https://api.example.com');
+     * ```
+     *
+     * @example
+     * Local development:
+     * ```typescript
+     * const client = new PermissionsClient('http://localhost:8080');
+     * ```
+     *
+     * @since 1.0.0
+     * @group Client
+     */
+    constructor(apiBaseUrl: string);
+}
+
+export { PermissionsClient };

package/dist/permissions/index.d.ts

@@ -0,0 +1,195 @@
+import { RelationshipApi, PermissionApi } from '@ory/client';
+
+/**
+ * Client for managing permissions and relationships using Ory Keto
+ *
+ * This client provides access to Ory Keto's permission system, allowing you to
+ * create, manage, and check relationships between subjects and objects. It handles
+ * both read operations (permission checks) and write operations (relationship management).
+ *
+ * The client automatically configures separate endpoints for read and write operations
+ * to optimize performance and security by following Ory Keto's recommended architecture.
+ *
+ * @example
+ * Basic permission checking:
+ * ```typescript
+ * import { PermissionsClient } from '@omnibase/core-js/permissions';
+ *
+ * const permissionsClient = new PermissionsClient('https://api.example.com');
+ *
+ * // Check if a user can view a tenant
+ * const canView = await permissionsClient.permissions.checkPermission(
+ *   undefined,
+ *   {
+ *     namespace: 'Tenant',
+ *     object: 'tenant_123',
+ *     relation: 'view',
+ *     subjectId: 'user_456'
+ *   }
+ * );
+ *
+ * if (canView.data.allowed) {
+ *   console.log('User can view the tenant');
+ * }
+ * ```
+ *
+ * @example
+ * Creating tenant relationships:
+ * ```typescript
+ * // Create a relationship making a user an owner of a tenant
+ * await permissionsClient.relationships.createRelationship(
+ *   undefined,
+ *   {
+ *     namespace: 'Tenant',
+ *     object: 'tenant_123',
+ *     relation: 'owners',
+ *     subjectId: 'user_456'
+ *   }
+ * );
+ *
+ * // Now the user has owner permissions on the tenant
+ * console.log('User is now an owner of the tenant');
+ * ```
+ *
+ * @example
+ * Complex tenant permission management:
+ * ```typescript
+ * const tenantId = 'tenant_123';
+ * const userId = 'user_456';
+ *
+ * // Grant admin permissions to a user
+ * await permissionsClient.relationships.createRelationship(
+ *   undefined,
+ *   {
+ *     namespace: 'Tenant',
+ *     object: tenantId,
+ *     relation: 'admins',
+ *     subjectId: userId
+ *   }
+ * );
+ *
+ * // Check if user can manage members (admins and owners can)
+ * const canManageMembers = await permissionsClient.permissions.checkPermission(
+ *   undefined,
+ *   {
+ *     namespace: 'Tenant',
+ *     object: tenantId,
+ *     relation: 'manage_members',
+ *     subjectId: userId
+ *   }
+ * );
+ *
+ * if (canManageMembers.data.allowed) {
+ *   // User can invite/remove members
+ *   console.log('User can manage tenant members');
+ * }
+ *
+ * // Later, remove admin permissions
+ * await permissionsClient.relationships.deleteRelationships(
+ *   undefined,
+ *   {
+ *     namespace: 'Tenant',
+ *     object: tenantId,
+ *     relation: 'admins',
+ *     subjectId: userId
+ *   }
+ * );
+ * ```
+ *
+ * @since 1.0.0
+ * @public
+ * @group Client
+ */
+declare class PermissionsClient {
+    /**
+     * Ory Keto RelationshipApi for managing subject-object relationships
+     *
+     * Provides methods for creating, updating, and deleting relationships between
+     * subjects (users, groups) and objects (tenants, resources). This API handles
+     * write operations and is used to establish permission structures.
+     *
+     * Key methods:
+     * - `createRelationship()` - Creates a new relationship tuple
+     * - `deleteRelationships()` - Removes existing relationship tuples
+     * - `getRelationships()` - Queries existing relationships
+     * - `patchRelationships()` - Updates multiple relationships atomically
+     *
+     * @example
+     * ```typescript
+     * // Create a relationship
+     * await client.relationships.createRelationship(
+     *   undefined,
+     *   {
+     *     namespace: 'Tenant',
+     *     object: 'tenant_123',
+     *     relation: 'members',
+     *     subjectId: 'user_456'
+     *   }
+     * );
+     * ```
+     *
+     * @since 1.0.0
+     * @group Relationships
+     */
+    relationships: RelationshipApi;
+    /**
+     * Ory Keto PermissionApi for checking permissions
+     *
+     * Provides methods for querying whether a subject has a specific permission
+     * on an object. This API handles read operations and is optimized for fast
+     * permission checks in your application logic.
+     *
+     * Key methods:
+     * - `checkPermission()` - Checks if a subject has permission on an object
+     * - `checkPermissionOrError()` - Same as above but throws error if denied
+     * - `expandPermissions()` - Expands relationships to show all granted permissions
+     *
+     * @example
+     * ```typescript
+     * // Check permission
+     * const result = await client.permissions.checkPermission(
+     *   undefined,
+     *   {
+     *     namespace: 'Tenant',
+     *     object: 'tenant_123',
+     *     relation: 'view',
+     *     subjectId: 'user_456'
+     *   }
+     * );
+     *
+     * console.log('Has permission:', result.data.allowed);
+     * ```
+     *
+     * @since 1.0.0
+     * @group Permissions
+     */
+    permissions: PermissionApi;
+    /**
+     * Creates a new PermissionsClient instance
+     *
+     * Initializes the client with separate endpoints for read and write operations.
+     * The client automatically appends the appropriate Keto API paths to the base URL
+     * for optimal performance and security separation.
+     *
+     * @param apiBaseUrl - The base URL for your Omnibase API instance
+     *
+     * @throws {Error} When the base URL is invalid or cannot be reached
+     *
+     * @example
+     * ```typescript
+     * const client = new PermissionsClient('https://api.example.com');
+     * ```
+     *
+     * @example
+     * Local development:
+     * ```typescript
+     * const client = new PermissionsClient('http://localhost:8080');
+     * ```
+     *
+     * @since 1.0.0
+     * @group Client
+     */
+    constructor(apiBaseUrl: string);
+}
+
+export { PermissionsClient };

package/dist/permissions/index.js

@@ -0,0 +1,105 @@
+// src/permissions/handler.ts
+import { RelationshipApi, PermissionApi } from "@ory/client";
+var PermissionsClient = class {
+  /**
+   * Ory Keto RelationshipApi for managing subject-object relationships
+   *
+   * Provides methods for creating, updating, and deleting relationships between
+   * subjects (users, groups) and objects (tenants, resources). This API handles
+   * write operations and is used to establish permission structures.
+   *
+   * Key methods:
+   * - `createRelationship()` - Creates a new relationship tuple
+   * - `deleteRelationships()` - Removes existing relationship tuples
+   * - `getRelationships()` - Queries existing relationships
+   * - `patchRelationships()` - Updates multiple relationships atomically
+   *
+   * @example
+   * ```typescript
+   * // Create a relationship
+   * await client.relationships.createRelationship(
+   *   undefined,
+   *   {
+   *     namespace: 'Tenant',
+   *     object: 'tenant_123',
+   *     relation: 'members',
+   *     subjectId: 'user_456'
+   *   }
+   * );
+   * ```
+   *
+   * @since 1.0.0
+   * @group Relationships
+   */
+  relationships;
+  /**
+   * Ory Keto PermissionApi for checking permissions
+   *
+   * Provides methods for querying whether a subject has a specific permission
+   * on an object. This API handles read operations and is optimized for fast
+   * permission checks in your application logic.
+   *
+   * Key methods:
+   * - `checkPermission()` - Checks if a subject has permission on an object
+   * - `checkPermissionOrError()` - Same as above but throws error if denied
+   * - `expandPermissions()` - Expands relationships to show all granted permissions
+   *
+   * @example
+   * ```typescript
+   * // Check permission
+   * const result = await client.permissions.checkPermission(
+   *   undefined,
+   *   {
+   *     namespace: 'Tenant',
+   *     object: 'tenant_123',
+   *     relation: 'view',
+   *     subjectId: 'user_456'
+   *   }
+   * );
+   *
+   * console.log('Has permission:', result.data.allowed);
+   * ```
+   *
+   * @since 1.0.0
+   * @group Permissions
+   */
+  permissions;
+  /**
+   * Creates a new PermissionsClient instance
+   *
+   * Initializes the client with separate endpoints for read and write operations.
+   * The client automatically appends the appropriate Keto API paths to the base URL
+   * for optimal performance and security separation.
+   *
+   * @param apiBaseUrl - The base URL for your Omnibase API instance
+   *
+   * @throws {Error} When the base URL is invalid or cannot be reached
+   *
+   * @example
+   * ```typescript
+   * const client = new PermissionsClient('https://api.example.com');
+   * ```
+   *
+   * @example
+   * Local development:
+   * ```typescript
+   * const client = new PermissionsClient('http://localhost:8080');
+   * ```
+   *
+   * @since 1.0.0
+   * @group Client
+   */
+  constructor(apiBaseUrl) {
+    this.relationships = new RelationshipApi(
+      void 0,
+      `${apiBaseUrl}/api/v1/permissions/write`
+    );
+    this.permissions = new PermissionApi(
+      void 0,
+      `${apiBaseUrl}/api/v1/permissions/read`
+    );
+  }
+};
+export {
+  PermissionsClient
+};

package/package.json

@@ -1,20 +1,24 @@
 {
   "name": "@omnibase/core-js",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "OmniBase core Javascript SDK - framework agnostic",
   "files": [
     "dist/**/*"
   ],
   "type": "module",
   "scripts": {
-    "build": "tsup src/database/index.ts src/tenants/index.ts src/auth/index.ts src/stripe/index.ts --format cjs,esm --dts",
-    "prepublishOnly": "npm run build",
-    "build:docs": "bunx typedoc"
+    "build": "tsup src/permissions/index.ts src/database/index.ts src/tenants/index.ts src/auth/index.ts src/stripe/index.ts --format cjs,esm --dts",
+    "prepublishOnly": "npm run build"
   },
   "exports": {
     "./auth": {
       "types": "./dist/auth/index.d.ts"
     },
+    "./permissions": {
+      "import": "./dist/permissions/index.d.ts",
+      "require": "./dist/permissions/index.cjs",
+      "types": "./dist/permissions/index.d.ts"
+    },
     "./database": {
       "import": "./dist/database/index.js",
       "require": "./dist/database/index.cjs",
@@ -51,6 +55,7 @@
     "typescript": "^5.9.2"
   },
   "dependencies": {
+    "@ory/client": "^1.22.3",
     "@ory/client-fetch": "^1.22.2",
     "@supabase/postgrest-js": "^1.21.4"
   }