chore: update to core v0.5.0 and remove now-redundant workarounds#25
Merged
Conversation
Bump @haverstack/core and @haverstack/adapter-sqlite to ^0.5.0. Remove dead null guards in auth middleware: Stack.create() now throws if entity_id is absent, so ownerEntityId is always a string by the time the server starts. requireOwner() parameter type tightened to string. Relax PUT /records/:id/permissions from requireOwner to requireAuth: core v0.5.0 enforces creator-or-owner access in ScopedStack.setPermissions(), making the server-side owner-only restriction more restrictive than intended. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01E2tdGyLhqTN2baMpaWDet3
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01E2tdGyLhqTN2baMpaWDet3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
@haverstack/coreand@haverstack/adapter-sqliteto^0.5.0auth.ts:Stack.create()now throws ifentity_idis absent, soownerEntityIdis always astringby the time the server starts.requireOwner()parameter type tightened tostringaccordingly.PUT /records/:id/permissionsfromrequireOwnertorequireAuth: core v0.5.0 enforces creator-or-owner access insideScopedStack.setPermissions(), making the previous server-side owner-only restriction more restrictive than intended. Record creators can now manage their own record's permissions as core intended.🤖 Generated with Claude Code
https://claude.ai/code/session_01E2tdGyLhqTN2baMpaWDet3
Generated by Claude Code