larvit/plainpages
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Comment/README cleanup (todo §4); tighten the kratos/keto client module-headers (drop forward-refs + caller-listings, keep rationale), retarget the stale safeUrl() ref in plugin-contract.md to §5/§7

Browse Source
This commit is contained in:
Lilleman auf Larv
2026-06-18 11:52:49 +02:00
parent caadaf5da3
commit d1fbf8fa1f
5 changed files with 13 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/keto-client.ts
View File

@@ -1,9 +1,8 @@
// Keto client (todo §4): typed `fetch` wrappers over Ory Keto's relation-tuple APIs —
// `check` a permission, `listRelations`/`expand` to inspect them (read API), and
// `writeTuple`/`deleteTuple` to grant/revoke them (write API). Built-in `fetch` only, no
// SDK dep (AGENTS.md); `fetchImpl`-injectable like the kratos clients. read/write split
// onto the two ports config.ts targets (ketoReadUrl 4466 / ketoWriteUrl 4467). The login
// role projection (§4) reads roles via this; guards' live `check` (§4) calls `check`.
// `check` a permission, `listRelations`/`expand` to inspect them (read API), `writeTuple`/
// `deleteTuple` to grant/revoke them (write API). Built-in `fetch` only, no SDK dep (AGENTS.md);
// `fetchImpl`-injectable like the kratos clients. Read/write split onto the two ports config.ts
// targets (ketoReadUrl 4466 / ketoWriteUrl 4467).
// A subject set: a relation on another object (e.g. Group:eng#members), resolved
// transitively. The other Keto subject form is a direct `subject_id` string.

9
src/kratos-admin.ts
View File

@@ -1,8 +1,7 @@
// Kratos admin-API client (todo §4): typed `fetch` wrappers over Ory Kratos' admin
// endpoints — identity CRUD and the surgical `metadata_public` update login completion
// projects Keto roles into (README). Built-in `fetch` only, no SDK dep (AGENTS.md);
// `fetchImpl`-injectable like kratos-public.ts. Reuses that module's `KratosError` so a
// caller can branch on `.status`. Admin endpoints listen on the internal-only admin port.
// Kratos admin-API client (todo §4): typed `fetch` wrappers over Ory Kratos' admin endpoints
// (internal-only admin port) — identity CRUD + the surgical `metadata_public` update login
// completion projects Keto roles into (README). Built-in `fetch` only, no SDK dep (AGENTS.md);
// `fetchImpl`-injectable, reuses kratos-public.ts's `KratosError` (branch on `.status`).
import { KratosError } from "./kratos-public.ts";
export interface Identity {

5
src/kratos-public.ts
View File

@@ -1,8 +1,7 @@
// Kratos public-API client (todo §4): typed `fetch` wrappers over Ory Kratos' public
// endpoints — self-service flow init/get/submit, browser logout, session `whoami`, and the
// session→JWT tokenizer (`whoami?tokenize_as`). Built-in `fetch` only, no SDK dep (AGENTS.md). The
// themed flow pages and login completion (§4) build on this; rendering flow `ui.nodes`
// and mapping field errors is the renderer's job (§4), so we keep those types loose.
// session→JWT tokenizer (`whoami?tokenize_as`). Built-in `fetch` only, no SDK dep (AGENTS.md).
// Flow `ui.nodes` types stay loose — rendering + field-error mapping is flow-view.ts's job.
export type FlowType = "login" | "recovery" | "registration" | "settings" | "verification";