@cotrrackpro-dev/authz
v0.1.25
Published
The shared command→permission contract and authorization error type for the CoTrackPro platform.
Downloads
1,200
Maintainers
Readme
@cotrackpro/authz
The shared command→permission contract and authorization error type for the
CoTrackPro platform. Deliberately tiny: it defines which permission each privileged
CLI/registry command requires and the error shape every surface throws when access is
denied — nothing more. Policy evaluation (does this user hold that permission?) is the
backend's job; community-tier → scope mapping lives in @cotrackpro/sdk/community.
Usage
import { COMMAND_PERMISSIONS, AuthzError, type CommandKey } from "@cotrackpro/authz";
const required = COMMAND_PERMISSIONS["packages:publish"]; // "org:packages:publish"
if (!userPermissions.includes(required)) {
throw new AuthzError("forbidden", `You need ${required}.`, {
requiredPermission: required,
org: activeOrg,
});
}AuthzError carries a code (unauthenticated | no_active_org | forbidden |
provider_error), the matching CLI exitCode, and optional requiredPermission/org
context — so every consumer reports denials the same way.
Part of the CoTrackPro CLI monorepo
(vendor/authz). MIT licensed.
