@stackwright-pro/launch-stackwright-pro 0.4.0-alpha.93 → 0.4.0-alpha.94

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackwright-pro/launch-stackwright-pro",
-  "version": "0.4.0-alpha.93",
+  "version": "0.4.0-alpha.94",
   "description": "Launch a new Stackwright Pro project with OpenAPI integration, auth, and the otter raft",
   "license": "SEE LICENSE IN LICENSE",
   "publishConfig": {
@@ -32,11 +32,11 @@
     "commander": "^15.0.0",
     "fs-extra": "^11.3.5",
     "js-yaml": "^4.2.0",
-    "@stackwright-pro/auth-nextjs": "0.2.0-alpha.13",
     "@stackwright-pro/auth": "0.2.0-alpha.11",
+    "@stackwright-pro/auth-nextjs": "0.2.0-alpha.13",
+    "@stackwright-pro/mcp": "0.2.0-alpha.59",
     "@stackwright-pro/openapi": "0.3.0-alpha.23",
     "@stackwright-pro/otters": "1.0.0-alpha.43",
-    "@stackwright-pro/mcp": "0.2.0-alpha.58",
     "@stackwright-pro/scaffold-hooks": "1.0.0-alpha.15"
   },
   "devDependencies": {

package/templates/pro/prebuild.js

@@ -75,17 +75,64 @@ async function main() {
     unknownContentTypes: 'warn', // log warnings for unknown types instead of failing build
   });
 
-  // Extract auth config and write as JSON for client-side use
-  if (fullConfig.auth) {
+  // Extract auth config and write as JSON for client-side use.
+  // The auth otter writes to config/auth.yml (standalone RBAC config), while
+  // stackwright.yml may only have an empty `auth: {}` placeholder. Bridge
+  // both sources: prefer stackwright.yml if it has roles, otherwise merge
+  // from config/auth.yml so the client-side AuthProvider gets real RBAC data.
+  const authConfig = fullConfig.auth || {};
+  const authConfigPath = path.join(projectRoot, 'config', 'auth.yml');
+
+  if (
+    Object.keys(authConfig).length <= 0 ||
+    (!authConfig.roles && !authConfig.rbac)
+  ) {
+    // stackwright.yml auth: is empty or has no role data — try config/auth.yml
+    if (fs.existsSync(authConfigPath)) {
+      try {
+        const authYaml = fs.readFileSync(authConfigPath, 'utf-8');
+        const parsed = yaml.load(authYaml, { schema: yaml.CORE_SCHEMA });
+        if (parsed && typeof parsed === 'object') {
+          // Map config/auth.yml fields to the client-side schema
+          const rbac = parsed.rbac || {};
+          const roles = (rbac.roles || []).map((roleName) =>
+            typeof roleName === 'string'
+              ? { name: roleName, permissions: [] }
+              : roleName
+          );
+
+          const protectedRoutes = (parsed.protectedRoutes || []).map((route) =>
+            typeof route === 'string'
+              ? { path: route, roles: roles.map((r) => r.name) }
+              : route
+          );
+
+          Object.assign(authConfig, {
+            roles,
+            protected_routes: protectedRoutes,
+            public_routes: parsed.publicRoutes || ['/'],
+            method: parsed.method || 'none',
+            audit: parsed.audit || {},
+          });
+
+          console.log('  ℹ Bridged auth config from config/auth.yml → src/auth-config.json');
+        }
+      } catch (e) {
+        console.warn('   Could not parse config/auth.yml:', e.message);
+      }
+    }
+  }
+
+  if (Object.keys(authConfig).length > 0) {
     const srcDir = path.join(projectRoot, 'src');
     if (!fs.existsSync(srcDir)) {
       fs.mkdirSync(srcDir, { recursive: true });
     }
     fs.writeFileSync(
       path.join(srcDir, 'auth-config.json'),
-      JSON.stringify(fullConfig.auth, null, 2)
+      JSON.stringify(authConfig, null, 2)
     );
-    console.log('✓ Generated src/auth-config.json');
+    console.log(' Generated src/auth-config.json');
   }
 
   // Restore original stackwright.yml if we modified it during theme merge