Skip to content

feat(server): add Engine RPC user, grant, role methods#12

Merged
jgpruitt merged 1 commit into
mainfrom
feature/server-engine-rbac
Apr 7, 2026
Merged

feat(server): add Engine RPC user, grant, role methods#12
jgpruitt merged 1 commit into
mainfrom
feature/server-engine-rbac

Conversation

@jgpruitt

@jgpruitt jgpruitt commented Apr 7, 2026

Copy link
Copy Markdown
Collaborator

Summary

Implements RBAC (Role-Based Access Control) methods for the Engine RPC endpoint (/api/v1/engine/rpc).

Methods Added

User Methods

Method Description
user.create Create a new user
user.get Get user by ID
user.getByName Get user by name
user.list List users (optionally filter by canLogin)
user.rename Rename a user
user.delete Delete a user

Grant Methods (Tree-based Access Control)

Method Description
grant.create Grant tree access to a user
grant.list List grants (optionally filter by user)
grant.get Get a specific grant
grant.revoke Revoke tree access
grant.check Check if user has access to a tree path for an action

Role Methods (Role Membership)

Method Description
role.create Create a role (user with canLogin=false)
role.addMember Add a member to a role (with cycle detection)
role.removeMember Remove a member from a role
role.listMembers List members of a role
role.listForUser List roles a user belongs to

New Files

  • rpc/engine/user.ts - User method handlers
  • rpc/engine/grant.ts - Grant method handlers
  • rpc/engine/role.ts - Role method handlers

Changes

  • rpc/engine/schemas.ts - Added schemas for all new methods
  • rpc/engine/schemas.test.ts - Added 25 new schema tests
  • rpc/engine/index.ts - Merged new method registries

Testing

  • 148 tests passing (25 new schema tests)
  • All checks pass (format, lint, typecheck)

Part of

Server implementation chunk 4/9

@jgpruitt
feat(server): add Engine RPC user, grant, role methods
5e109d8 
Implements RBAC methods for the Engine RPC endpoint:

User methods:
- user.create, user.get, user.getByName, user.list, user.rename, user.delete

Grant methods (tree-based access control):
- grant.create, grant.list, grant.get, grant.revoke, grant.check

Role methods (role membership):
- role.create, role.addMember, role.removeMember, role.listMembers, role.listForUser

Adds 25 new schema tests (148 total tests passing).
@jgpruitt jgpruitt merged commit dd4bf09 into main Apr 7, 2026
3 checks passed
@jgpruitt jgpruitt deleted the feature/server-engine-rbac branch April 7, 2026 20:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jgpruitt