graphjin 3.18.31 → 3.18.32

package/README.md

@@ -668,16 +668,26 @@ Also works with AWS Aurora/RDS, Google Cloud SQL, and YugabyteDB. Snowflake supp
 
 **Query allow-lists** - In production, only saved queries can run. AI models call `execute_saved_query` with pre-approved queries. No arbitrary SQL injection possible.
 
-**Role-based access** - Different roles see different data:
+**Source-mode access** - New multi-user deployments should use `sources:` with request-wide `identity` and source-level access defaults. GraphJin compiles those defaults into the existing qcode/SQL enforcement path, so account filters and trusted mutation presets are enforced by the generated database query.
+
 ```yaml
-roles:
-  user:
-    tables:
-      - name: orders
-        query:
-          filters: ["{ user_id: { eq: $user_id } }"]
+identity:
+  user_id_claim: sub
+  role_claims: [role, roles]
+  namespace_claim: account_id
+
+sources:
+  - name: app
+    kind: database
+    access:
+      read: account
+      write: blocked
+      delete: blocked
+      namespace_column: account_id
 ```
 
+See [SECURITY.md](SECURITY.md) for the security model and [Source Mode Migration](docs/SOURCE-MODE-MIGRATION.md) for legacy `roles[].tables` migration steps. In source mode, user-written `roles[].tables` rules are rejected intentionally.
+
 **JWT authentication** - Supports Auth0, Firebase, JWKS endpoints.
 
 **Response caching** - Redis with in-memory fallback. Automatic cache invalidation on mutations. **Stale-while-revalidate** support: serve cached responses immediately while a background worker refreshes the entry — concurrent refreshes for the same key are deduplicated via singleflight, and the worker pool is bounded so a thundering herd can't spawn unbounded goroutines.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "graphjin",
-  "version": "3.18.31",
+  "version": "3.18.32",
   "description": "GraphJin CLI - Build APIs in 5 minutes with GraphQL",
   "bin": {
     "graphjin": "bin/graphjin.js"