release v1.0.0-alpha.26

.changeset/config.json

@@ -1,11 +1,11 @@
 {
-  "$schema": "https://unpkg.com/@changesets/config@2.2.0/schema.json",
-  "changelog": "@changesets/cli/changelog",
-  "commit": false,
-  "fixed": [],
-  "linked": [],
-  "access": "restricted",
-  "baseBranch": "main",
-  "updateInternalDependencies": "patch",
-  "ignore": []
+    "$schema": "https://unpkg.com/@changesets/config@2.2.0/schema.json",
+    "changelog": "@changesets/cli/changelog",
+    "commit": false,
+    "fixed": [],
+    "linked": [],
+    "access": "restricted",
+    "baseBranch": "main",
+    "updateInternalDependencies": "patch",
+    "ignore": []
 }

.github/ISSUE_TEMPLATE/bug_report.md

@@ -4,17 +4,17 @@ about: Create a report to help us improve
 title: ''
 labels: ''
 assignees: ''
-
 ---
 
 **Describe the bug**
 A clear and concise description of what the bug is.
 
 **To Reproduce**
 Steps to reproduce the behavior:
-1. 
-2. 
-3. 
+
+1.
+2.
+3.
 
 **Expected behavior**
 A clear and concise description of what you expected to happen.
@@ -23,10 +23,11 @@ A clear and concise description of what you expected to happen.
 If applicable, add screenshots to help explain your problem.
 
 **Environment (please complete the following information):**
- - OS: [e.g. Mac OS 13.0]
- - Node version: [e.g. 16.15.0]
- - NPM version: [e.g. 8.19.2]
- - Database type: [e.g. Postgresql]
+
+-   OS: [e.g. Mac OS 13.0]
+-   Node version: [e.g. 16.15.0]
+-   NPM version: [e.g. 8.19.2]
+-   Database type: [e.g. Postgresql]
 
 **Additional context**
 Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -4,7 +4,6 @@ about: Suggest an idea for this project
 title: ''
 labels: ''
 assignees: ''
-
 ---
 
 **Is your feature request related to a problem? Please describe.**

.github/workflows/build-test.yml

@@ -9,9 +9,9 @@ env:
 
 on:
     push:
-        branches: ['dev', 'main']
+        branches: ['dev', 'main', 'canary']
     pull_request:
-        branches: ['dev', 'main']
+        branches: ['dev', 'main', 'canary']
 
 jobs:
     build:
@@ -34,5 +34,12 @@ jobs:
                   node-version: ${{ matrix.node-version }}
                   cache: 'pnpm'
             - run: pnpm install --frozen-lockfile
-            - run: pnpm run build
+            - run: |
+                if [[ $GITHUB_REF == 'refs/heads/canary' ]]; then
+                    DEFAULT_NPM_TAG=canary pnpm run build
+                else
+                    DEFAULT_NPM_TAG=latest pnpm run build
+                fi
+            # install again for internal dependencies
+            - run: pnpm install --frozen-lockfile
             - run: pnpm run test

.gitignore

@@ -4,3 +4,4 @@ dist
 .DS_Store
 .vscode/settings.json
 .env.local
+.npmcache

.prettierignore

@@ -0,0 +1,17 @@
+.git
+node_modules
+dist
+generated
+.vercel
+.next
+
+package.json
+package-lock.json
+pnpm-*.yaml
+
+test-run
+coverage
+.vscode
+
+samples/todo/lib/hooks
+samples/todo/server/routers/generated

.prettierrc

@@ -0,0 +1,6 @@
+{
+    "tabWidth": 4,
+    "useTabs": false,
+    "printWidth": 120,
+    "singleQuote": true
+}

.vscode/extensions.json

@@ -3,5 +3,5 @@
     // Extension identifier format: ${publisher}.${name}. Example: vscode.csharp
 
     // List of extensions which should be recommended for users of this workspace.
-    "recommendations": ["langium.langium-vscode"]
+    "recommendations": ["langium.langium-vscode", "firsttris.vscode-jest-runner"]
 }

.vscode/launch.json

@@ -7,15 +7,17 @@
     "configurations": [
         {
             "name": "Generate for Todo Sample",
-            "program": "${workspaceFolder}/packages/schema/bin/cli",
+            "program": "${workspaceFolder}/packages/schema/dist/bin/cli",
             "cwd": "${workspaceFolder}/samples/todo/",
             "args": [
-                "generate",
-                "${workspaceFolder}/samples/todo/schema.zmodel"
+                "generate"
             ],
             "request": "launch",
             "skipFiles": ["<node_internals>/**"],
-            "type": "node"
+            "type": "node",
+            "env": {
+                "NODE_PATH": "${workspaceFolder}/samples/todo/node_modules"
+            }
         },
         {
             "name": "Attach",
@@ -40,6 +42,13 @@
             "skipFiles": ["<node_internals>/**"],
             "sourceMaps": true,
             "outFiles": ["${workspaceFolder}/bundle/**/*.js"]
+        },
+        {
+            "name": "Todo sample: debug server-side",
+            "type": "node-terminal",
+            "request": "launch",
+            "command": "pnpm dev",
+            "cwd": "${workspaceFolder}/samples/todo/"
         }
     ]
 }

CODE_OF_CONDUCT.md

@@ -17,24 +17,24 @@ diverse, inclusive, and healthy community.
 Examples of behavior that contributes to a positive environment for our
 community include:
 
-* Demonstrating empathy and kindness toward other people
-* Being respectful of differing opinions, viewpoints, and experiences
-* Giving and gracefully accepting constructive feedback
-* Accepting responsibility and apologizing to those affected by our mistakes,
-  and learning from the experience
-* Focusing on what is best not just for us as individuals, but for the
-  overall community
+-   Demonstrating empathy and kindness toward other people
+-   Being respectful of differing opinions, viewpoints, and experiences
+-   Giving and gracefully accepting constructive feedback
+-   Accepting responsibility and apologizing to those affected by our mistakes,
+    and learning from the experience
+-   Focusing on what is best not just for us as individuals, but for the
+    overall community
 
 Examples of unacceptable behavior include:
 
-* The use of sexualized language or imagery, and sexual attention or
-  advances of any kind
-* Trolling, insulting or derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or email
-  address, without their explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
-  professional setting
+-   The use of sexualized language or imagery, and sexual attention or
+    advances of any kind
+-   Trolling, insulting or derogatory comments, and personal or political attacks
+-   Public or private harassment
+-   Publishing others' private information, such as a physical or email
+    address, without their explicit permission
+-   Other conduct which could reasonably be considered inappropriate in a
+    professional setting
 
 ## Enforcement Responsibilities
 
@@ -106,7 +106,7 @@ Violating these terms may lead to a permanent ban.
 ### 4. Permanent Ban
 
 **Community Impact**: Demonstrating a pattern of violation of community
-standards, including sustained inappropriate behavior,  harassment of an
+standards, including sustained inappropriate behavior, harassment of an
 individual, or aggression toward or disparagement of classes of individuals.
 
 **Consequence**: A permanent ban from any sort of public interaction within

README.md

@@ -1,5 +1,5 @@
 <div align="center">
-    <img src="https://user-images.githubusercontent.com/104139426/204459273-35c65630-9faf-42bb-bd2c-07c1580a0772.png" style="max-width: 512px; width: 100%; height: auto; margin-bottom: 1rem;"
+    <img src="https://user-images.githubusercontent.com/104139426/214809937-4ed30485-a683-4fea-b737-928c48e86fd7.png" style="max-width: 512px; width: 100%; height: auto; margin-bottom: 1rem;"
     >
     <div></div>
     <a href="https://www.npmjs.com/package/zenstack">
@@ -19,29 +19,99 @@
 
 ## What it is
 
-ZenStack is a toolkit for building secure CRUD apps with Next.js + Typescript. It lets you define data models, relations and access policies all in one place, and generates database schema, backend CRUD services and frontend React hooks for you automatically.
+ZenStack is a toolkit that simplifies the development of a web app's backend. It supercharges [Prisma ORM](https://prisma.io) with a powerful access control layer and unleashes its full potential for web development.
 
 Our goal is to let you save time writing boilerplate code and focus on building real features!
 
+## How it works
+
+ZenStack extended Prisma schema language for supporting custom attributes and functions and, based on that, implemented a flexible access control layer around Prisma.
+
+```prisma
+// schema.zmodel
+
+model Post {
+    id String @id
+    title String
+    published Boolean @default(false)
+    author User @relation(fields: [authorId], references: [id])
+    authorId String
+
+    // 🔐 allow logged-in users to read published posts
+    @@allow('read', auth() != null && published)
+
+    // 🔐 allow full CRUD by author
+    @@allow('all', author == auth())
+}
+```
+
+At runtime, transparent proxies are created around Prisma clients for intercepting queries and mutations to enforce access policies. Moreover, framework integration packages help you wrap an access-control-enabled Prisma client into backend APIs that can be safely called from the frontend.
+
+```ts
+// Next.js example: pages/api/model/[...path].ts
+
+import { requestHandler } from '@zenstackhq/next';
+import { withPolicy } from '@zenstackhq/runtime';
+import { getSessionUser } from '@lib/auth';
+import { prisma } from '@lib/db';
+
+export default requestHandler({
+    getPrisma: (req, res) => withPolicy(prisma, { user: getSessionUser(req, res) }),
+});
+```
+
+Plugins can generate strong-typed client libraries that talk to the APIs:
+
+```tsx
+// React example: components/MyPosts.tsx
+
+import { usePost } from '@lib/hooks';
+
+const MyPosts = () => {
+    // Post CRUD hooks
+    const { findMany } = usePost();
+
+    // list all posts that're visible to the current user, together with their authors
+    const { data: posts } = findMany({
+        include: { author: true },
+        orderBy: { createdAt: 'desc' },
+    });
+
+    return (
+        <ul>
+            {posts?.map((post) => (
+                <li key={post.id}>
+                    {post.title} by {post.author.name}
+                </li>
+            ))}
+        </ul>
+    );
+};
+```
+
 ## Links
 
--   [Documentation](https://zenstack.dev)
+-   [Home](https://zenstack.dev)
+-   [Documentation](https://zenstack.dev/docs)
 -   [Community chat](https://go.zenstack.dev/chat)
 -   [Twitter](https://twitter.com/zenstackhq)
 -   [Blog](https://dev.to/zenstack)
 
 ## Features
 
--   Intuitive data & authorization modeling language
--   Generating RESTful CRUD services and React hooks
+-   Access control and data validation rules right inside your Prisma schema
+-   Auto-generated RESTful API and client library
 -   End-to-end type safety
--   Support for all major relational databases
--   Integration with authentication libraries (like [NextAuth](https://next-auth.js.org/) and [iron-session](https://www.npmjs.com/package/iron-session))
--   [VSCode extension](https://marketplace.visualstudio.com/items?itemName=zenstack.zenstack) for model authoring
+-   Extensible: custom attributes, functions, and a plugin system
+-   Framework agnostic
+-   Uncompromised performance
 
 ## Examples
 
-Check out the [Collaborative Todo App](https://zenstack-todo.vercel.app/) for a running example. You can find the source code [here](https://github.com/zenstackhq/zenstack/tree/main/samples/todo).
+Check out the [Collaborative Todo App](https://zenstack-todo.vercel.app/) for a running example. You can find the source code below:
+
+-   [Next.js + React hooks implementation](https://github.com/zenstackhq/sample-todo-nextjs)
+-   [Next.js + tRPC implementation](https://github.com/zenstackhq/sample-todo-trpc)
 
 ## Community
 

SECURITY.md

@@ -4,7 +4,7 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
-| >=0.4.0   | :white_check_mark: |
+| >=0.4.0 | :white_check_mark: |
 
 ## Reporting a Vulnerability