create-githat-app 1.8.9 → 1.8.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +2 -2
- package/package.json +1 -1
- package/templates/base/README.md.hbs +42 -0
package/dist/cli.js
CHANGED
|
@@ -21,7 +21,7 @@ var DEPS = {
|
|
|
21
21
|
next: "^16.0.0",
|
|
22
22
|
react: "^19.0.0",
|
|
23
23
|
"react-dom": "^19.0.0",
|
|
24
|
-
"@githat/nextjs": "^0.13.
|
|
24
|
+
"@githat/nextjs": "^0.13.7",
|
|
25
25
|
"@githat/ui": "^1.0.0"
|
|
26
26
|
},
|
|
27
27
|
devDependencies: {
|
|
@@ -36,7 +36,7 @@ var DEPS = {
|
|
|
36
36
|
react: "^19.0.0",
|
|
37
37
|
"react-dom": "^19.0.0",
|
|
38
38
|
"react-router-dom": "^7.0.0",
|
|
39
|
-
"@githat/nextjs": "^0.13.
|
|
39
|
+
"@githat/nextjs": "^0.13.7",
|
|
40
40
|
"@githat/ui": "^1.0.0"
|
|
41
41
|
},
|
|
42
42
|
devDependencies: {
|
package/package.json
CHANGED
|
@@ -239,6 +239,48 @@ Resource-level wildcards are supported: `audit.*` receives every audit event
|
|
|
239
239
|
for every user in your app. The connection auto-reconnects with exponential
|
|
240
240
|
back-off (1 s → 2 s → 4 s → 8 s → 30 s cap).
|
|
241
241
|
|
|
242
|
+
## Row-Level Security
|
|
243
|
+
|
|
244
|
+
GitHat RLS lets you define per-collection policies that gate which rows each user
|
|
245
|
+
can read or write — without writing any backend code. Policies are evaluated on
|
|
246
|
+
every `useData()` call and stored in the GitHat dashboard.
|
|
247
|
+
|
|
248
|
+
### Quick example
|
|
249
|
+
|
|
250
|
+
```tsx
|
|
251
|
+
import { useRLS } from '@githat/nextjs';
|
|
252
|
+
|
|
253
|
+
const { setPolicy, testPolicy } = useRLS();
|
|
254
|
+
|
|
255
|
+
// Ensure users can only read/write their own rows in "documents"
|
|
256
|
+
await setPolicy('documents', {
|
|
257
|
+
readPolicy: { type: 'fieldEquals', field: 'userId', context: 'callerUserId' },
|
|
258
|
+
writePolicy: { type: 'fieldEquals', field: 'userId', context: 'callerUserId' },
|
|
259
|
+
});
|
|
260
|
+
|
|
261
|
+
// Dry-run before shipping
|
|
262
|
+
const { allowed, reasons } = await testPolicy({
|
|
263
|
+
collection: 'documents',
|
|
264
|
+
row: { userId: 'user-abc', title: 'My doc' },
|
|
265
|
+
operation: 'read',
|
|
266
|
+
context: { userId: 'user-abc' },
|
|
267
|
+
});
|
|
268
|
+
// → { allowed: true, reasons: ['policy satisfied'] }
|
|
269
|
+
```
|
|
270
|
+
|
|
271
|
+
### Predicate types
|
|
272
|
+
|
|
273
|
+
| Type | Description |
|
|
274
|
+
|------|-------------|
|
|
275
|
+
| `public` | Matches everything — no restriction |
|
|
276
|
+
| `fieldEquals` | `row[field]` must equal `callerUserId` or `callerOrgId` |
|
|
277
|
+
| `fieldIn` | `row[field]` must be in caller's org list |
|
|
278
|
+
| `orgRoleAtLeast` | Caller must hold `owner`, `admin`, or `member` in the row's org |
|
|
279
|
+
| `and` / `or` / `not` | Compose any of the above |
|
|
280
|
+
|
|
281
|
+
Manage policies visually at **Dashboard → Row-Level Security** or via `useRLS()`.
|
|
282
|
+
If no policy is set, all authenticated users have access (backwards-compatible default).
|
|
283
|
+
|
|
242
284
|
## Learn More
|
|
243
285
|
|
|
244
286
|
- [GitHat Documentation](https://githat.io/docs)
|