@omnibase/core-js 0.7.6 → 0.8.0

package/dist/permissions/index.cjs

@@ -316,25 +316,56 @@ var PermissionsClient = class {
    * on an object. This API handles read operations and is optimized for fast
    * permission checks in your application logic.
    *
+   * All operations are proxied through Omnibase's API at `/api/v1/permissions/read`.
+   *
    * Key methods:
-   * - `checkPermission()` - Checks if a subject has permission on an object
-   * - `checkPermissionOrError()` - Same as above but throws error if denied
-   * - `expandPermissions()` - Expands relationships to show all granted permissions
+   * - `checkPermission(params)` - Checks if a subject has permission on an object
+   * - `checkPermissionOrError(params)` - Same as above but throws error if denied
+   * - `expandPermissions(namespace, object, relation, maxDepth?)` - Expands relationships to show all granted permissions
+   * - `postCheckPermission(maxDepth?, body)` - POST variant of permission check
    *
    * @example
+   * Check a single permission:
    * ```typescript
-   * // Check permission
-   * const result = await client.permissions.checkPermission(
-   *   undefined,
-   *   {
+   * const result = await omnibase.permissions.permissions.checkPermission({
+   *   namespace: 'Tenant',
+   *   object: 'tenant_123',
+   *   relation: 'view',
+   *   subjectId: 'user_456'
+   * });
+   *
+   * if (result.data.allowed) {
+   *   console.log('User has permission');
+   * }
+   * ```
+   *
+   * @example
+   * Expand permission tree:
+   * ```typescript
+   * const tree = await omnibase.permissions.permissions.expandPermissions(
+   *   'Tenant',
+   *   'tenant_123',
+   *   'view'
+   * );
+   *
+   * console.log('Permission tree:', tree.data);
+   * ```
+   *
+   * @example
+   * Check permission or throw error:
+   * ```typescript
+   * try {
+   *   await omnibase.permissions.permissions.checkPermissionOrError({
    *     namespace: 'Tenant',
    *     object: 'tenant_123',
-   *     relation: 'view',
+   *     relation: 'edit',
    *     subjectId: 'user_456'
-   *   }
-   * );
-   *
-   * console.log('Has permission:', result.data.allowed);
+   *   });
+   *   // Permission granted
+   * } catch (error) {
+   *   // Permission denied
+   *   console.error('Access denied');
+   * }
    * ```
    *
    * @since 1.0.0
@@ -348,20 +379,34 @@ var PermissionsClient = class {
    * and managing role assignments. Works alongside the Keto-based
    * permissions system to provide dynamic RBAC capabilities.
    *
+   * Roles are stored in the database and automatically synchronized with
+   * Ory Keto relationships, providing a higher-level abstraction over
+   * raw relationship tuples.
+   *
    * @example
+   * Create a custom role:
    * ```typescript
-   * // Create a custom role
    * const role = await omnibase.permissions.roles.create({
    *   role_name: 'billing_manager',
    *   permissions: ['tenant#manage_billing', 'tenant#view_invoices']
    * });
+   * ```
    *
-   * // Assign role to user
+   * @example
+   * Assign role to a user:
+   * ```typescript
    * await omnibase.permissions.roles.assign('user_123', {
    *   role_id: role.id
    * });
    * ```
    *
+   * @example
+   * List all roles:
+   * ```typescript
+   * const roles = await omnibase.permissions.roles.list();
+   * console.log('Available roles:', roles);
+   * ```
+   *
    * @since 0.7.0
    * @group Roles
    */
@@ -370,19 +415,43 @@ var PermissionsClient = class {
    * Creates a new PermissionsClient instance
    *
    * Initializes the client with separate endpoints for read and write operations.
-   * The client automatically appends the appropriate Keto API paths to the base URL
-   * for optimal performance and security separation.
+   * The client automatically configures the Ory Keto client libraries to use
+   * Omnibase's permission proxy endpoints:
+   * - Write endpoint: `${apiBaseUrl}/api/v1/permissions/write`
+   * - Read endpoint: `${apiBaseUrl}/api/v1/permissions/read`
    *
-   * @param apiBaseUrl - The base URL for your Omnibase API instance
-   * @param client - The main OmnibaseClient instance (for roles handler)
+   * This separation follows Ory Keto's recommended architecture for optimal
+   * performance and security.
+   *
+   * @param apiBaseUrl - The base URL for your Omnibase API instance (e.g., 'https://api.example.com')
+   * @param client - The main OmnibaseClient instance (required for roles handler)
    *
    * @throws {Error} When the base URL is invalid or cannot be reached
    *
    * @example
+   * Direct instantiation (not recommended - use OmnibaseClient instead):
    * ```typescript
    * const client = new PermissionsClient('https://api.example.com', omnibaseClient);
    * ```
    *
+   * @example
+   * Recommended usage via OmnibaseClient:
+   * ```typescript
+   * import { OmnibaseClient } from '@omnibase/core-js';
+   *
+   * const omnibase = new OmnibaseClient({
+   *   apiUrl: 'https://api.example.com'
+   * });
+   *
+   * // Use the permissions client
+   * await omnibase.permissions.permissions.checkPermission({
+   *   namespace: 'Tenant',
+   *   object: 'tenant_123',
+   *   relation: 'view',
+   *   subjectId: 'user_456'
+   * });
+   * ```
+   *
    * @since 1.0.0
    * @group Client
    */

package/dist/permissions/index.js

@@ -1,7 +1,7 @@
 import {
   PermissionsClient,
   RolesHandler
-} from "../chunk-V4FWENQQ.js";
+} from "../chunk-5B37CXXH.js";
 export {
   PermissionsClient,
   RolesHandler

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@omnibase/core-js",
-  "version": "0.7.6",
+  "version": "0.8.0",
   "description": "OmniBase core Javascript SDK - framework agnostic",
   "files": [
     "dist/**/*"