@pylonsync/sdk 0.3.29 → 0.3.30

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "0.3.29",
+  "version": "0.3.30",
   "type": "module",
   "main": "src/index.ts",
   "types": "src/index.ts",

package/src/index.ts

@@ -510,6 +510,18 @@ export type AuthConfig = {
     expose?: string[];
     /** Additional fields stripped (combined with default `passwordHash` + `_*`). */
     hide?: string[];
+    /**
+     * Field on the User row that, when truthy, lifts the session's
+     * `auth.is_admin = true`. Examples: `"isAdmin"` (bool column),
+     * `"role"` (string equal to "admin"), `"roles"` (array containing
+     * "admin"). Default unset — only `PYLON_ADMIN_TOKEN` grants admin.
+     *
+     * Set this when you want platform admins to sign in with their
+     * regular account (Studio gates on `is_admin`, dashboards can
+     * branch on it, etc.). The env-token path keeps working as the
+     * bootstrap / CI escape hatch.
+     */
+    adminField?: string;
   };
   session?: {
     /** New session lifetime in seconds. Default 30 days. */
@@ -532,6 +544,7 @@ export type ManifestAuthConfig = {
     entity: string;
     expose: string[];
     hide: string[];
+    admin_field?: string;
   };
   session: {
     expires_in: number;
@@ -557,6 +570,7 @@ export function auth(cfg: AuthConfig = {}): ManifestAuthConfig {
       entity: cfg.user?.entity ?? "User",
       expose: cfg.user?.expose ?? [],
       hide: cfg.user?.hide ?? [],
+      ...(cfg.user?.adminField ? { admin_field: cfg.user.adminField } : {}),
     },
     session: {
       expires_in: cfg.session?.expiresIn ?? 30 * 24 * 60 * 60,