feat: add entity_type field to all 5 authz policy types#984
Merged
pyramation merged 1 commit intomainfrom Apr 16, 2026
Merged
Conversation
Add entity_type string property to AuthzMembership, AuthzEntityMembership, AuthzRelatedEntityMembership, AuthzPeerOwnership, and AuthzRelatedPeerOwnership. This allows policy definitions to use entity_type: 'channel' instead of membership_type: 3. The RLS parser resolves the prefix to the correct membership_type integer via memberships_module lookup. For AuthzMembership, required fields updated: either membership_type or entity_type must be provided (validated server-side in parse.sql). Companion to constructive-db PR #816.
Contributor
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a new
entity_typestring property to theparameter_schemaof all 5 authz node type definitions in the node-type-registry:AuthzMembershipAuthzEntityMembershipAuthzRelatedEntityMembershipAuthzPeerOwnershipAuthzRelatedPeerOwnershipThis lets policy definitions use
entity_type: 'channel'(the entity prefix string) instead ofmembership_type: 3(a hardcoded integer that depends on provisioning order). The RLS parser resolves the prefix to the correctmembership_typeinteger viamemberships_modulelookup at parse time.For
AuthzMembership, therequiredarray is changed from["membership_type"]to[]— eithermembership_typeorentity_typemust be provided, but this is now validated server-side inparse.sqlrather than by the JSON schema.Companion to constructive-db PR #816 which implements the actual
parse_policy_sprt_entity_type()resolution function.Review & Testing Checklist for Human
required: []on AuthzMembership — Previouslymembership_typewas required by the schema. Now neither field is required at the schema level; validation is deferred to the server (parse.sqlchecksIF membership_type IS NULL AND entity_type IS NULL). Verify no client-side code relies on this schema validation to catch missing fields before they reach the server.entity_typein a policy node, otherwise the RLS parser won't recognize the field. Confirm the deployment sequence.pnpm generate:types), regenerated output may need updating in a follow-up. Check whether the seed SQL in constructive-db also needs regeneration to reflect these schema changes.Notes
AuthzEntityMembership,AuthzRelatedEntityMembership,AuthzPeerOwnership,AuthzRelatedPeerOwnership) already hadmembership_typeas optional in theirrequiredarrays, so addingentity_typethere is purely additive with no validation behavior change.Link to Devin session: https://app.devin.ai/sessions/61be2d8e471048e294178e4a95d7e9dc
Requested by: @pyramation