run402 1.35.4 → 1.36.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/deploy.mjs +17 -6
- package/lib/projects.mjs +6 -2
- package/package.json +1 -1
package/lib/deploy.mjs
CHANGED
|
@@ -94,8 +94,9 @@ Manifest format (JSON):
|
|
|
94
94
|
"migrations": "CREATE TABLE items (...)",
|
|
95
95
|
"migrations_file": "setup.sql",
|
|
96
96
|
"rls": {
|
|
97
|
-
"template": "
|
|
98
|
-
"tables": [{ "table": "items" }]
|
|
97
|
+
"template": "public_read_write_UNRESTRICTED",
|
|
98
|
+
"tables": [{ "table": "items" }],
|
|
99
|
+
"i_understand_this_is_unrestricted": true
|
|
99
100
|
},
|
|
100
101
|
"secrets": [{ "key": "OPENAI_API_KEY", "value": "sk-..." }],
|
|
101
102
|
"functions": [{
|
|
@@ -128,10 +129,20 @@ Manifest format (JSON):
|
|
|
128
129
|
Paths are resolved relative to the manifest file's directory.
|
|
129
130
|
Binary files (images, fonts, etc.) are auto-detected and base64-encoded.
|
|
130
131
|
|
|
131
|
-
RLS templates:
|
|
132
|
-
user_owns_rows
|
|
133
|
-
|
|
134
|
-
|
|
132
|
+
RLS templates (prefer user_owns_rows for anything user-scoped):
|
|
133
|
+
user_owns_rows users see only their own rows (requires
|
|
134
|
+
owner_column per table; uuid columns get
|
|
135
|
+
index-friendly policies automatically)
|
|
136
|
+
public_read_authenticated_write anyone reads; any authenticated user can
|
|
137
|
+
INSERT/UPDATE/DELETE any row (not just
|
|
138
|
+
their own). For collaborative content
|
|
139
|
+
like shared boards or announcements.
|
|
140
|
+
public_read_write_UNRESTRICTED ⚠ fully open — anon_key can read AND
|
|
141
|
+
write any row. Only for intentionally
|
|
142
|
+
public tables (guestbooks, waitlists,
|
|
143
|
+
feedback forms). REQUIRES the manifest's
|
|
144
|
+
rls block to include
|
|
145
|
+
"i_understand_this_is_unrestricted": true.
|
|
135
146
|
|
|
136
147
|
⚠️ Without RLS, tables are read-only via anon_key. If your app writes
|
|
137
148
|
data from the browser, you almost certainly need an rls block.
|
package/lib/projects.mjs
CHANGED
|
@@ -36,7 +36,7 @@ Examples:
|
|
|
36
36
|
run402 projects rest abc123 users "limit=10&select=id,name"
|
|
37
37
|
run402 projects usage abc123
|
|
38
38
|
run402 projects schema abc123
|
|
39
|
-
run402 projects rls abc123
|
|
39
|
+
run402 projects rls abc123 public_read_authenticated_write '[{"table":"posts"}]'
|
|
40
40
|
run402 projects keys abc123
|
|
41
41
|
run402 projects delete abc123
|
|
42
42
|
|
|
@@ -45,7 +45,11 @@ Notes:
|
|
|
45
45
|
- Most commands that take <id> default to the active project if omitted
|
|
46
46
|
- 'rest' uses PostgREST query syntax (table name + optional query string)
|
|
47
47
|
- 'provision' requires a funded allowance — payment is automatic via x402
|
|
48
|
-
- RLS templates
|
|
48
|
+
- RLS templates (prefer user_owns_rows for user-scoped data):
|
|
49
|
+
user_owns_rows users access only their own rows (requires owner_column)
|
|
50
|
+
public_read_authenticated_write anyone reads; any authenticated user writes any row
|
|
51
|
+
public_read_write_UNRESTRICTED fully open (anon_key writes); use 'run402 deploy' with a manifest
|
|
52
|
+
that includes "i_understand_this_is_unrestricted": true
|
|
49
53
|
`;
|
|
50
54
|
|
|
51
55
|
async function quote() {
|
package/package.json
CHANGED