The last authz gap in the composed stack. #191's crud composer teaches ad-hoc role checks (canEdit: (user) => user?.role === 'admin'), which is fine for signed-in-vs-not. But the moment an app has named permissions or more than one role, the vike-data way is can(user, permission) / hasRole(user, role) from vike-rbac — and without a persona the agent hand-rolls a roles/permissions schema + checker, which is exactly the security-sensitive churn we compose to avoid. vike-rbac is also the guard subject vike-admin ("vike-auth resolves the user, vike-rbac enriches roles/permissions, the guard runs") and vike-actions (guard: (ctx) => can(ctx.user, 'posts.publish')) are built around.
Mechanism
Same lever as #187/#189/#192: a persona, no runtime change, the agent stays a black box. Add a vike-rbac-composer persona to vikeExtensionPersonas in ai-autopilot (between auth and crud, since crud/actions guards delegate to it).
What the persona teaches
- When: only for real roles/permissions. Signed-in-vs-not stays a plain
pageContext.user + canView check; reach for rbac when there are named permissions or multiple roles.
- Declare + extend:
definePermissions([{ name: 'widgets.edit', roles: ['admin'] }]), extends: ['import:vike-rbac/config:default'] (self-installs vike-auth), defaultRoles: ['member']. Do NOT model roles/permissions/role_user/permission_role yourself — vike-rbac owns them.
- One check everywhere:
can(user, permission) / hasRole(user, role) from vike-rbac. Resolution rides vike-auth (sync on pageContext.user), so the crud canView/canEdit, page guards, session scope, and vike-actions guards all delegate to the same can() instead of ad-hoc user.role === checks.
- Seed from the registry:
seedRbac() / assignRoles() from vike-rbac/seed (idempotent, derived from the composed permissions registry, no hand-written seed list).
- One line for guarded RPCs:
requirePermission('users.view') from vike-rbac/telefunc.
Scope
ai-autopilot: new vike-rbac-composer persona + wire into vikeExtensionPersonas; unit test asserts definePermissions / can( / seedRbac / no hand-rolled roles tables.
- API verified in the vike-data repo before writing snippets (done).
Acceptance
For a role-based app the agent composes vike-rbac (declared permissions, can() guards, seeded from the registry) instead of writing its own roles/permissions schema and checker.
Note: like the rest of the composed stack, vike-rbac is not published to npm yet, so this is in-workspace-only until the extensions ship (tracked separately). Part of #186.
The last authz gap in the composed stack. #191's crud composer teaches ad-hoc role checks (
canEdit: (user) => user?.role === 'admin'), which is fine for signed-in-vs-not. But the moment an app has named permissions or more than one role, the vike-data way iscan(user, permission)/hasRole(user, role)from vike-rbac — and without a persona the agent hand-rolls a roles/permissions schema + checker, which is exactly the security-sensitive churn we compose to avoid. vike-rbac is also the guard subject vike-admin ("vike-auth resolves the user, vike-rbac enriches roles/permissions, the guard runs") and vike-actions (guard: (ctx) => can(ctx.user, 'posts.publish')) are built around.Mechanism
Same lever as #187/#189/#192: a persona, no runtime change, the agent stays a black box. Add a
vike-rbac-composerpersona tovikeExtensionPersonasinai-autopilot(between auth and crud, since crud/actions guards delegate to it).What the persona teaches
pageContext.user+canViewcheck; reach for rbac when there are named permissions or multiple roles.definePermissions([{ name: 'widgets.edit', roles: ['admin'] }]),extends: ['import:vike-rbac/config:default'](self-installs vike-auth),defaultRoles: ['member']. Do NOT modelroles/permissions/role_user/permission_roleyourself — vike-rbac owns them.can(user, permission)/hasRole(user, role)fromvike-rbac. Resolution rides vike-auth (sync onpageContext.user), so the crudcanView/canEdit, page guards, sessionscope, and vike-actions guards all delegate to the samecan()instead of ad-hocuser.role ===checks.seedRbac()/assignRoles()fromvike-rbac/seed(idempotent, derived from the composedpermissionsregistry, no hand-written seed list).requirePermission('users.view')fromvike-rbac/telefunc.Scope
ai-autopilot: newvike-rbac-composerpersona + wire intovikeExtensionPersonas; unit test assertsdefinePermissions/can(/seedRbac/ no hand-rolled roles tables.Acceptance
For a role-based app the agent composes vike-rbac (declared permissions,
can()guards, seeded from the registry) instead of writing its own roles/permissions schema and checker.Note: like the rest of the composed stack, vike-rbac is not published to npm yet, so this is in-workspace-only until the extensions ship (tracked separately). Part of #186.