v0.2.2

Removed

• GitLab mirror references in the README. The project now lives solely on
  GitHub (the GitLab repository has been archived).

Full changelog: v0.2.1...v0.2.2

v0.2.1

Changed

• Documentation cleanup: tidied prose and grammar across the README and
  documentation, and rewrote the policy-rule examples around a realistic
  article domain. No changes to the published code.
• Modernized the MongoDB and PostgreSQL example apps to current dependency
  majors (mongoose 8, sequelize 6 / pg 8, @faker-js/faker) and made their CI
  jobs gating.

Full changelog: v0.2.0...v0.2.1

v0.2.0

Added

• CHANGELOG.md following Keep a Changelog + Semantic Versioning.
• GitHub Actions CI (.github/workflows/ci.yml): lints and tests the library
  across a Node version matrix, and runs the MongoDB and PostgreSQL example
  test suites against service containers.
• scripts/release.mjs and a release script that cuts a GitHub release for
  the version in package.json (publish-first), with notes pulled from this
  changelog and the built lib/ attached as lib.zip.
• Pull request template (.github/PULL_REQUEST_TEMPLATE.md).
• Explicit types and files fields in package.json so the published
  package ships only lib/ and index.js.
• The library CI matrix now also runs on Node 24, and an engines field
  declares the supported floor (node >= 18).
• $not and $nor logical operators in policy rules, and implicit AND across
  the multiple keys of a policy object.
• validatePermissions() and getAllPermissionsFor() now accept the system
  permissions as a plain array of permission strings, in addition to the
  permissions map.
• $grant and $deny entity policy rules, evaluated before the action policy.
  $grant authorizes any defined action when it passes (e.g. admin access);
  $deny denies any action when it passes and takes precedence over both
  $grant and the per-action policy (e.g. suspended users). Authorization is
  NOT $deny AND ($grant OR action).
• Published, hand-maintenance-free TypeScript types covering the public API and
  the policy DSL (Rule, Policy, Policies, Permission, Permissions,
  PermissionsMap, SystemPermissions, Callback).

Changed

• The library is now written in TypeScript and built with tsc. The shipped
  declaration (lib/index.d.ts) is generated from the source instead of being
  hand-maintained, and Babel has been removed from the toolchain. The published
  JavaScript and the package's runtime behavior are unchanged.
• Policy rule evaluation is now delegated to the
  logical-compiler library.
  Promise-returning callbacks are now supported at any nesting depth, including
  inside $and/$or/$not/$nor — previously a promise callback nested in an
  operator threw Unexpected nested promise callback. A callback resolving to a
  non-boolean value now throws a LogicalCompilerError (was a generic [rbactl]
  error). authorize() still returns a boolean for fully synchronous policies
  and a Promise<boolean> when any rule is asynchronous.
• Reworked the MongoDB and PostgreSQL example test suites: database
  connections are created and closed separately, a global setup clears the
  database before runs, and shared test utilities are grouped on their own.

Fixed

• A policy object with multiple keys is now AND-ed together instead of silently
  evaluating only the first key.

Full changelog: v0.1.0...v0.2.0

Initial release

(chore): rename library to rbactl

- rename all occurences of rbactrl to rbactl