npm - ponch-mcp-server - Versions diffs - 1.0.72 → 1.0.74 - Mend

ponch-mcp-server 1.0.72 → 1.0.74

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -3129,7 +3129,38 @@ var MartinContractSchema = import_zod28.z.object({
   extractChanges: ExtractChangesSchema.optional(),
   // Governance
   quotasConsumed: import_zod28.z.array(import_zod28.z.string()),
-  requiredRoles: import_zod28.z.array(import_zod28.z.string()).min(1),
+  // ── PermissionScope (HITO 6 A6) ────────────────────────────
+  // Cada contract declara EXPLÍCITAMENTE su scope de acceso.
+  // Sin paths legacy. Sin opcionales. Un solo modelo.
+  //
+  //   'module' — Tool de un módulo del negocio (marketing, compras, etc.)
+  //              Requiere permissionKey + permissionAction. El wrapper
+  //              consulta permisosPorModulo del rol del usuario.
+  //
+  //   'self'   — Tool sobre datos del propio usuario (memorias, rutinas
+  //              personales con Martin). El wrapper solo verifica que
+  //              el usuario esté logueado en el tenant. El helper
+  //              individual valida que el doc pertenezca al uid del
+  //              usuario (doc.uid === ctx.user.uid).
+  //
+  //   'saas'   — Tool del admin del SaaS (deleteTenant, suspendTenant).
+  //              Solo super_admin pasa. Validación tenant-ownership la
+  //              hace el helper internamente.
+  permissionScope: import_zod28.z.enum(["module", "self", "saas"]),
+  /**
+   * Key del módulo. Solo si scope === 'module'.
+   * Ejemplos: 'marketing', 'mural', 'analytics', 'compras'.
+   * Coincide con keys que el sistema ya usa en
+   * `configuracion/{tenantId}_roles.{roleId}.permisosPorModulo`.
+   */
+  permissionKey: import_zod28.z.string().min(1).optional(),
+  /**
+   * Nivel mínimo requerido. Solo si scope === 'module'.
+   * - 'ver'      → lectura
+   * - 'editar'   → mutación reversible
+   * - 'completo' → destructivos / publicación externa
+   */
+  permissionAction: import_zod28.z.enum(["ver", "editar", "completo"]).optional(),
   sideEffects: import_zod28.z.array(SideEffectEnum),
   // Disabled state declaration (HITO 6).
   // Si el helper PUEDE retornar { disabled: true, code }, el author
@@ -3174,6 +3205,37 @@ var MartinContractSchema = import_zod28.z.object({
       path: ["requiresConfirmation"]
     });
   }
+  if (contract.permissionScope === "module") {
+    if (!contract.permissionKey) {
+      ctx.addIssue({
+        code: "custom",
+        message: `Contract "${contract.name}" scope='module' requiere permissionKey.`,
+        path: ["permissionKey"]
+      });
+    }
+    if (!contract.permissionAction) {
+      ctx.addIssue({
+        code: "custom",
+        message: `Contract "${contract.name}" scope='module' requiere permissionAction.`,
+        path: ["permissionAction"]
+      });
+    }
+  } else {
+    if (contract.permissionKey) {
+      ctx.addIssue({
+        code: "custom",
+        message: `Contract "${contract.name}" scope='${contract.permissionScope}' no debe declarar permissionKey (solo aplica a scope='module').`,
+        path: ["permissionKey"]
+      });
+    }
+    if (contract.permissionAction) {
+      ctx.addIssue({
+        code: "custom",
+        message: `Contract "${contract.name}" scope='${contract.permissionScope}' no debe declarar permissionAction (solo aplica a scope='module').`,
+        path: ["permissionAction"]
+      });
+    }
+  }
 });
 var ParamsSchema = import_zod27.z.object({
   tenantId: import_zod27.z.string().min(1),
@@ -3224,7 +3286,9 @@ var rawContract = {
     after: output.ok ? { plan: input.plan } : null
   }),
   quotasConsumed: [],
-  requiredRoles: ["admin", "encargado"],
+  permissionScope: "module",
+  permissionKey: "marketing",
+  permissionAction: "editar",
   sideEffects: ["writes_firestore", "updates_brand_config"]
 };
 var planWriterSaveContract = MartinContractSchema.parse(
@@ -3798,7 +3862,9 @@ var rawContract2 = {
     } : null
   }),
   quotasConsumed: [],
-  requiredRoles: ["admin", "encargado"],
+  permissionScope: "module",
+  permissionKey: "marketing",
+  permissionAction: "editar",
   sideEffects: ["writes_firestore", "updates_calendar_slot"]
 };
 var calendarSlotUpdaterContract = MartinContractSchema.parse(
@@ -3856,7 +3922,9 @@ var rawContract3 = {
   // AUDITA SIEMPRE — regla A5. Lectura no muta, changes son null/null.
   auditAction: "marketing.calendario.leer",
   quotasConsumed: [],
-  requiredRoles: ["admin", "encargado", "empleado"],
+  permissionScope: "module",
+  permissionKey: "marketing",
+  permissionAction: "ver",
   sideEffects: ["reads_firestore"]
 };
 var getCalendarContract = MartinContractSchema.parse(
@@ -4191,7 +4259,9 @@ var rawContract4 = {
   auditAction: "marketing.brand_brief.preparar",
   // No extractTargetPath/extractChanges — no es writer.
   quotasConsumed: [],
-  requiredRoles: ["admin", "encargado"],
+  permissionScope: "module",
+  permissionKey: "marketing",
+  permissionAction: "ver",
   sideEffects: ["reads_firestore"]
 };
 var brandBriefBuilderContract = MartinContractSchema.parse(
@@ -6259,24 +6329,68 @@ function getWrapperMessage(key, locale) {
   }
   return msg;
 }
-function hasRequiredRole(userRol, required) {
-  if (required.includes("*")) return true;
-  return required.includes(userRol);
+var NIVELES_ORDER = ["ninguno", "ver", "editar", "completo"];
+function nivelAlcanza(nivel, accion) {
+  return NIVELES_ORDER.indexOf(nivel) >= NIVELES_ORDER.indexOf(accion);
 }
-function wrapWithContract(contract, helper) {
+function wrapWithContract(contract, helper, options = {}) {
   return async function wrappedTool(input, ctx) {
     const startMs = Date.now();
     const locale = ctx.user.idiomaPreferido;
-    if (!hasRequiredRole(ctx.user.rol, contract.requiredRoles)) {
+    let accesoOk = false;
+    let reqDesc = "";
+    switch (contract.permissionScope) {
+      case "module": {
+        if (!contract.permissionKey || !contract.permissionAction) {
+          throw new Error(
+            `Wrapper: contract "${contract.name}" scope='module' sin permissionKey/permissionAction. Schema debi\xF3 validar esto.`
+          );
+        }
+        if (!options.permissionResolver) {
+          throw new Error(
+            `Wrapper: contract "${contract.name}" scope='module' pero el caller no inyect\xF3 permissionResolver. Pasarlo en options.`
+          );
+        }
+        reqDesc = `module:${contract.permissionKey}:${contract.permissionAction}`;
+        if (ctx.user.rol === "super_admin") {
+          accesoOk = true;
+          break;
+        }
+        const nivel = await options.permissionResolver({
+          tenantId: ctx.tenantId,
+          userRol: ctx.user.rol,
+          modulo: contract.permissionKey
+        });
+        accesoOk = nivelAlcanza(nivel, contract.permissionAction);
+        break;
+      }
+      case "self": {
+        reqDesc = "self";
+        accesoOk = !!ctx.user.uid && ctx.user.uid !== "";
+        break;
+      }
+      case "saas": {
+        reqDesc = "saas";
+        accesoOk = ctx.user.rol === "super_admin";
+        break;
+      }
+      default: {
+        const _exhaustive = contract.permissionScope;
+        throw new Error(
+          `Wrapper: contract "${contract.name}" permissionScope inv\xE1lido: ${String(_exhaustive)}.`
+        );
+      }
+    }
+    if (!accesoOk) {
       await writeAuditLog({
         tenantId: ctx.tenantId,
         brandId: ctx.brandId ?? null,
         actor: { type: "martin", uid: ctx.user.uid, nombre: ctx.user.nombre },
         action: contract.auditAction,
-        motivo: `Acceso denegado \u2014 rol '${ctx.user.rol}' no autorizado`,
+        motivo: `Acceso denegado \u2014 rol '${ctx.user.rol}' sin permiso para ${reqDesc}`,
         conversacionId: ctx.conversacionId ?? null,
         status: "error",
-        errorMessage: `Required: ${contract.requiredRoles.join(",")}, got: ${ctx.user.rol}`,
+        errorMessage: `Required: ${reqDesc}, got rol: ${ctx.user.rol}`,
         durationMs: Date.now() - startMs
       });
       return {
@@ -6501,9 +6615,24 @@ async function dispatchWithContract(args) {
   const { contract, helper, callable, input, ctx } = args;
   if (getMode() === "admin") {
     const db = getAdminDb();
+    const permissionResolver = async (args2) => {
+      if (args2.userRol === "super_admin") return "completo";
+      const ref = db.collection("configuracion").doc(`${args2.tenantId}_roles`);
+      const snap = await ref.get();
+      if (!snap.exists) return "ninguno";
+      const rolesData = snap.data();
+      const rolData = rolesData[args2.userRol];
+      if (!rolData || rolData.activo === false) return "ninguno";
+      const nivel = rolData.permisosPorModulo?.[args2.modulo];
+      if (nivel === "completo" || nivel === "editar" || nivel === "ver" || nivel === "ninguno") {
+        return nivel;
+      }
+      return "ninguno";
+    };
     const wrapped = wrapWithContract(
       contract,
-      async (i) => helper({ ...i, db })
+      async (i) => helper({ ...i, db }),
+      { permissionResolver }
     );
     return wrapped(input, ctx);
   }