Skip to content

feat: register AuthzNotReadOnly policy type in node-type-registry#986

Merged
pyramation merged 1 commit intomainfrom
devin/1776374311-authz-not-read-only
Apr 16, 2026
Merged

feat: register AuthzNotReadOnly policy type in node-type-registry#986
pyramation merged 1 commit intomainfrom
devin/1776374311-authz-not-read-only

Conversation

@pyramation
Copy link
Copy Markdown
Contributor

@pyramation pyramation commented Apr 16, 2026

Summary

Registers the new AuthzNotReadOnly policy type in the node-type-registry, matching the SQL-level implementation merged in constructive-db#814.

Hand-written changes (2 files):

  • New authz-not-read-only.ts definition with entity_field (required) and membership_type (optional) parameters
  • Export added to authz/index.ts

Auto-generated (1 file):

  • blueprint-types.generated.ts regenerated via pnpm generate:types — adds AuthzNotReadOnlyParams interface, and includes "AuthzNotReadOnly" in the BlueprintPolicy.$type union, BlueprintNodeShorthand, and BlueprintNodeObject discriminated union.

Note: The regenerated file also picks up entity_type field additions to several existing Authz interfaces and an optionality change to AuthzMembershipParams.membership_type. These come from upstream source definition changes already on main — the generated file was stale. This PR's regeneration brings it current.

Review & Testing Checklist for Human

  • Verify generated diff is expected — The blueprint-types.generated.ts diff includes changes beyond AuthzNotReadOnly (new entity_type fields on AuthzMembershipParams, AuthzEntityMembershipParams, AuthzRelatedEntityMembershipParams, AuthzPeerOwnershipParams, AuthzRelatedPeerOwnershipParams, and membership_type becoming optional on AuthzMembershipParams). Confirm these match the current source definitions on main and are not regressions.
  • Verify parameter_schema matches SQL handler — The definition requires entity_field and optionally accepts membership_type. Confirm this matches the AuthzNotReadOnly handler registered in rls_parser.parse() and ast_helpers.build_policy_ast() in constructive-db.

Notes

  • This is a type-registry-only change. No runtime behavior changes — the SQL-level policy builder, RLS parser registration, and auto-injection logic all live in constructive-db and were merged separately.
  • membership_type description says "Must be >= 2" but this is documentation only — no JSON Schema minimum constraint. The SQL layer enforces this via the Step 7b injection logic (only fires for membership_type >= 2).

Link to Devin session: https://app.devin.ai/sessions/5b846ad23d754cbe903fa86b27c109b4
Requested by: @pyramation

@pyramation
feat: register AuthzNotReadOnly policy type in node-type-registry
4b7ef34 
Adds the AuthzNotReadOnly policy type definition to the node-type-registry,
matching the SQL-level implementation merged in constructive-db PR #814.

- New authz-not-read-only.ts definition with entity_field + membership_type params
- Exported from authz/index.ts
- Regenerated blueprint-types.generated.ts (AuthzNotReadOnlyParams interface,
  BlueprintPolicy.$type union, BlueprintNodeObject union, BlueprintNodeShorthand)
@devin-ai-integration
Copy link
Copy Markdown
Contributor

devin-ai-integration Bot commented Apr 16, 2026

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@pyramation pyramation merged commit 69dc74b into main Apr 16, 2026
49 checks passed
@pyramation pyramation deleted the devin/1776374311-authz-not-read-only branch April 16, 2026 21:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@pyramation pyramation

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pyramation