@palettelab/cli 0.3.52 → 0.3.53

package/README.md

@@ -783,6 +783,10 @@ If no plugin ID is provided, the CLI uses the current `palette-plugin.json` or `
 Inspect and generate OS-broker service integrations declared through
 `provides` and `consumes` in `palette-plugin.json`.
 
+Use this command family when one Palette app needs governed data, approvals, or
+events from another app. The CLI keeps the app manifest, local mocks, provider
+schema files, and generated clients aligned with the broker contract.
+
 ```bash
 pltt init employee-management --template provider-app
 pltt init leave-management --template consumer-app
@@ -810,6 +814,38 @@ Generated TypeScript clients use the SDK's default `palette` client. Generated
 Python clients call `palette_sdk.services(ctx)`, so backend routes still pass
 through Palette's broker permission and install checks.
 
+Recommended workflow:
+
+1. Provider app: implement backend methods with `@service(...)` and declare
+   event topics in `provides.events`.
+2. Provider app: run `pltt services sync` or `pltt services scaffold <method>`
+   to keep manifest methods and schema files current.
+3. Consumer app: run `pltt services add <target>` for each consumed service or
+   event, including a `--reason` for review and install UI.
+4. Consumer app: use `pltt services mock <target>` and `pltt services test
+   --offline` during local development.
+5. Consumer app: use `pltt services pull --env staging` to generate typed
+   clients from the live `/api/v1/os-broker/schemas` endpoint.
+6. Run `pltt test` before publish; contract checks include local
+   `provides`/`consumes`, mocks, schemas, and dependency-policy validation.
+
+Runtime behavior:
+
+- Service calls go through `POST /api/v1/os-broker/dispatch`.
+- Event publishes go through `POST /api/v1/os-broker/events/emit`.
+- Event subscriptions use `GET /api/v1/os-broker/events/stream`.
+- Catalog and generated client metadata come from `/api/v1/os-broker/catalog`
+  and `/api/v1/os-broker/schemas`.
+- Installs use `/api/v1/app-installs/<app_id>/dependency-plan` and can include
+  required provider apps with `?include_dependencies=true`.
+- Org owners/admins can revoke or restore individual cross-app grants from
+  Settings > Apps; the broker checks those grants on every call and stream.
+
+Provider methods can use inline JSON Schema objects or schema file paths in
+`input_schema`, `input`, `output_schema`, and `output`. Event topics can use
+`schema` or `payload_schema`. The CLI scaffolds schema files by default because
+they are easier to review and reuse for generated clients.
+
 ## Global Flags
 
 - `--json` emits machine-readable output for `package`, `publish`, `status`, `logs`, `test`, and `version`.

package/docs/python-backend-sdk.md

@@ -693,7 +693,18 @@ token = await ctx.connections.access_token("google_calendar")
 ## 11. App-To-App Services
 
 Apps can expose governed broker services and events, then consume them from
-other installed apps without knowing another app's URL.
+other installed apps without knowing another app's URL. The broker is the only
+supported integration path for cross-app business data. Do not read another
+app's database tables and do not call another app's private backend route
+directly.
+
+Palette enforces the app-to-app contract in four places:
+
+- Manifest review: providers declare `provides`, consumers declare `consumes`.
+- Install: required provider apps are resolved before the consumer is activated.
+- Org grants: owners/admins can allow or revoke each consumed service/event.
+- Runtime: every service call, event emit, and event stream is checked against
+  same-org install state, `consumes`, grants, and JSON Schemas.
 
 Provider apps declare a namespace and callable methods with `provides`:
 
@@ -705,25 +716,40 @@ Provider apps declare a namespace and callable methods with `provides`:
       {
         "id": "hr.directory",
         "methods": [
-          { "name": "approvalChain.get", "input_schema": "schemas/approval-chain.input.json" }
+          {
+            "name": "approvalChain.get",
+            "input_schema": "schemas/approval-chain.input.json",
+            "output_schema": "schemas/approval-chain.output.json"
+          }
         ]
       }
     ],
-    "events": [{ "topic": "hierarchy.updated" }]
+    "events": [
+      {
+        "topic": "hierarchy.updated",
+        "schema": "schemas/hierarchy-updated.json"
+      }
+    ]
   }
 }
 ```
 
-Expose the handler with `@service`:
+Expose the handler with `@service`. The platform registers handlers when the
+plugin loads and injects a full `PluginContext` at dispatch time:
 
 ```python
 from palette_sdk import PluginContext, service
 
-@service("approvalChain.get")
+@service("approvalChain.get", scope="members:read")
 async def approval_chain(ctx: PluginContext, payload: dict) -> dict:
     return {"approvers": [{"user_id": ctx.user_id, "step": 1}]}
 ```
 
+If a method also declares `route_method` and `route_path`, Palette can fall back
+to signed internal HTTP transport when no in-process handler is registered. New
+provider apps should prefer `@service(...)` because it avoids URL coupling and
+keeps dispatch inside the broker lifecycle.
+
 Consumers declare qualified targets with `consumes`:
 
 ```json
@@ -746,8 +772,11 @@ Consumers declare qualified targets with `consumes`:
 The CLI can update the manifest and generate typed clients for those targets:
 
 ```bash
+pltt services sync
 pltt services add hr/v1#approvalChain.get --reason "Route leave approvals through HR"
 pltt services add hr/v1#hierarchy.updated --event --optional
+pltt services mock hr/v1#approvalChain.get
+pltt services test --offline
 pltt services pull --env staging
 ```
 
@@ -764,12 +793,42 @@ from palette_sdk import services
 
 chain = await services(ctx).call("hr/v1#approvalChain.get", {"user_id": ctx.user_id})
 await ctx.events.emit("leave/v1#leave.requested", {"approval_chain": chain})
+await ctx.events.emit_durable("leave/v1#leave.requested", {"approval_chain": chain})
 ```
 
 At install time, Palette checks required `consumes` targets and can show the
 provider apps that must also be installed. The org-level grant is saved on the
 install and the broker checks it on every call, emit, or event stream.
 
+Useful platform endpoints when building or debugging integrations:
+
+```text
+GET  /api/v1/app-installs/{app_id}/dependency-plan
+POST /api/v1/app-installs/{app_id}?include_dependencies=true
+GET  /api/v1/app-installs/{app_id}/cross-app-grants
+PATCH /api/v1/app-installs/{app_id}/cross-app-grants
+GET  /api/v1/os-broker/catalog
+GET  /api/v1/os-broker/schemas?targets=hr/v1#approvalChain.get
+GET  /api/v1/os-broker/audit?app_id=leave-management
+```
+
+Local simulator workflows can use `.palette/app-services.local.json` mocks.
+The mock command writes the file for you:
+
+```bash
+pltt services mock hr/v1#approvalChain.get
+```
+
+Example mock:
+
+```json
+{
+  "hr/v1#approvalChain.get": {
+    "approvers": [{ "user_id": "manager-1", "step": 1 }]
+  }
+}
+```
+
 App storage is separate from Data Rooms. Use `ctx.storage` and `palette.storage` for app-owned files that go directly to the OS-configured storage backend, currently GCS in hosted environments. Use `ctx.data_rooms` or `palette.dataRooms` only when the file should be visible and governed as a Data Room document.
 
 Palette scopes storage the same way. Files written through `ctx.storage` or the

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@palettelab/cli",
-  "version": "0.3.52",
+  "version": "0.3.53",
   "description": "Developer CLI for building Palette platform plugins — no platform source access required.",
   "bin": {
     "pltt": "bin/pltt.js"

package/template-fallback/package.json

@@ -4,7 +4,7 @@
   "private": true,
   "description": "A Palette platform plugin",
   "dependencies": {
-    "@palettelab/sdk": "^0.1.22"
+    "@palettelab/sdk": "^0.1.23"
   },
   "devDependencies": {
     "typescript": "^5.0.0",

package/template-fallback/templates/consumer-app/package.json

@@ -2,7 +2,7 @@
   "private": true,
   "type": "module",
   "dependencies": {
-    "@palettelab/sdk": "^0.1.22",
+    "@palettelab/sdk": "^0.1.23",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"
   }

package/template-fallback/templates/dashboard/package.json

@@ -3,7 +3,7 @@
   "version": "1.0.0",
   "private": true,
   "dependencies": {
-    "@palettelab/sdk": "^0.1.22",
+    "@palettelab/sdk": "^0.1.23",
     "react": "^19.0.0"
   }
 }

package/template-fallback/templates/database/package.json

@@ -2,5 +2,5 @@
   "name": "my-db-plugin",
   "version": "1.0.0",
   "private": true,
-  "dependencies": { "@palettelab/sdk": "^0.1.22", "react": "^19.0.0" }
+  "dependencies": { "@palettelab/sdk": "^0.1.23", "react": "^19.0.0" }
 }

package/template-fallback/templates/external-service/package.json

@@ -2,5 +2,5 @@
   "name": "my-external-svc",
   "version": "1.0.0",
   "private": true,
-  "dependencies": { "@palettelab/sdk": "^0.1.22", "react": "^19.0.0" }
+  "dependencies": { "@palettelab/sdk": "^0.1.23", "react": "^19.0.0" }
 }

package/template-fallback/templates/frontend-only/package.json

@@ -3,7 +3,7 @@
   "version": "1.0.0",
   "private": true,
   "dependencies": {
-    "@palettelab/sdk": "^0.1.22",
+    "@palettelab/sdk": "^0.1.23",
     "react": "^19.0.0"
   }
 }

package/template-fallback/templates/next/package.json

@@ -3,7 +3,7 @@
   "version": "1.0.0",
   "private": true,
   "dependencies": {
-    "@palettelab/sdk": "^0.1.22",
+    "@palettelab/sdk": "^0.1.23",
     "react": "^19.0.0"
   },
   "devDependencies": {

package/template-fallback/templates/palette-app/package.json

@@ -3,7 +3,7 @@
   "version": "1.0.0",
   "private": true,
   "dependencies": {
-    "@palettelab/sdk": "^0.1.22",
+    "@palettelab/sdk": "^0.1.23",
     "react": "^19.0.0"
   },
   "devDependencies": {

package/template-fallback/templates/provider-app/package.json

@@ -2,7 +2,7 @@
   "private": true,
   "type": "module",
   "dependencies": {
-    "@palettelab/sdk": "^0.1.22",
+    "@palettelab/sdk": "^0.1.23",
     "react": "^19.0.0"
   }
 }