@vibes.diy/prompts 2.4.9 → 2.4.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/llms/fireproof.md +4 -4
  2. package/package.json +3 -3
package/llms/fireproof.md CHANGED
@@ -275,7 +275,7 @@ Each capability (`read`, `write`, `delete`) is independent. Omitting one falls b
275
275
 
276
276
  ## Access Function (`/access.js`)
277
277
 
278
- The `acl` option above is a coarse per-database gate. Access functions are a finer gate: functions the server runs on every write (including deletes) before storing the document. They validate writes, route documents to channels, and declare grants that control who can read what. Only create an `/access.js` file when the user asks for per-document routing, channel-based isolation, or document-level write validation.
278
+ Access functions are **the room** they govern what members can do with data once inside the app. The per-vibe membership system is **the door** — it decides who can see the app at all. Once a user is through the door (approved as a member), the access function is the sole authority for data permissions. Access functions are server-run on every write (including deletes) before storing the document. They validate writes, route documents to channels, and declare grants that control who can read what. Only create an `/access.js` file when the user asks for per-document routing, channel-based isolation, or document-level write validation.
279
279
 
280
280
  Access functions live in `/access.js`, a separate file in the vibe's filesystem alongside `/App.jsx`. Each **named export** maps to a database name — `export function chat(...)` gates `useFireproof("chat")`. An `export default` function acts as a catch-all: it gates any database that doesn't have its own named export. Named exports always take precedence over the default.
281
281
 
@@ -333,7 +333,7 @@ type AccessDescriptor = {
333
333
  grant?: {
334
334
  users?: Record<userHandle, string[]>; // direct user → channel grants (reduced by union)
335
335
  roles?: Record<roleName, string[]>; // role → channel grants (reduced by union)
336
- public?: string[]; // public read — no auth required
336
+ public?: string[]; // member-public read — any member, no channel grant needed
337
337
  };
338
338
  expiry?: string | number | null; // ISO date or unix seconds
339
339
  allowAnonymous?: boolean; // opt-in for null-user writes
@@ -348,7 +348,7 @@ type AccessDescriptor = {
348
348
 
349
349
  **Grant resolution order:** The server resolves per-user channel access in two passes — first expand `grant.roles` through `members`, then union with `grant.users` direct grants.
350
350
 
351
- **`allowAnonymous` prevents a footgun.** If `user` is `null` and the function returns without throwing, the runtime checks `allowAnonymous`. If absent or `false`, the write is rejected. This prevents a function that never inspects `user` from silently opening anonymous writes. When `user` is not null, `allowAnonymous` has no effect. `grant.public` grants public _read_; anonymous _write_ requires `allowAnonymous: true` separately.
351
+ **`allowAnonymous` prevents a footgun.** If `user` is `null` and the function returns without throwing, the runtime checks `allowAnonymous`. If absent or `false`, the write is rejected. This prevents a function that never inspects `user` from silently opening anonymous writes. When `user` is not null, `allowAnonymous` has no effect. `grant.public` makes channels readable by any member (anyone through the door) without a specific channel grant — whether non-members can also read depends on the app-level public toggle. Anonymous _write_ requires `allowAnonymous: true` separately.
352
352
 
353
353
  **Access functions are server-enforced policy code.** Checks should be deterministic over `(doc, oldDoc, user, ctx)` and deny with `throw { forbidden: "reason" }` when violated.
354
354
 
@@ -431,7 +431,7 @@ Key patterns:
431
431
 
432
432
  - `allowAnonymous: true` on survey-response lets unauthenticated visitors submit
433
433
  - Requiring `doc._id` to be falsy prevents clients from choosing or overwriting response IDs
434
- - `grant.public` on final-results makes them readable without authentication
434
+ - `grant.public` on final-results makes them readable by any member without a specific channel grant
435
435
  - The **singleton grant doc** pattern (survey-config) wires role-to-channel access in one place
436
436
 
437
437
  ### Multiple databases in one file
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vibes.diy/prompts",
3
- "version": "2.4.9",
3
+ "version": "2.4.11",
4
4
  "type": "module",
5
5
  "main": "./index.js",
6
6
  "description": "",
@@ -30,8 +30,8 @@
30
30
  "@fireproof/core-types-base": "~0.24.19",
31
31
  "@fireproof/core-types-protocols-cloud": "~0.24.19",
32
32
  "@fireproof/use-fireproof": "~0.24.19",
33
- "@vibes.diy/call-ai-v2": "^2.4.9",
34
- "@vibes.diy/use-vibes-types": "^2.4.9",
33
+ "@vibes.diy/call-ai-v2": "^2.4.11",
34
+ "@vibes.diy/use-vibes-types": "^2.4.11",
35
35
  "arktype": "~2.2.0",
36
36
  "json-schema-faker": "~0.6.1"
37
37
  },