emdash-cms/emdash @emdash-cms/cloudflare@0.9.0

on GitHub

Minor Changes

• #816 d4be24f Thanks @ask-bonk! - Unifies plugin capability names under a single <resource>[.<sub-resource>]:<verb>[:<qualifier>] formula so capabilities read like RBAC permissions, separates hook-registration permissions from data-access ones for clearer audits, and replaces the overloaded :any qualifier with the more conspicuous :unrestricted. Old names are still accepted with @deprecated warnings; emdash plugin bundle and emdash plugin validate warn for each deprecated name and emdash plugin publish refuses manifests that still use them.

  The Cloudflare sandbox bridge and HTTP fetch helper now enforce canonical names (content:read, content:write, media:read, media:write, users:read, network:request, network:request:unrestricted). Manifests that still declare legacy names continue to work — the runner normalizes capabilities before passing them into the bridge, so installed plugins with read:content resolve to content:read and reach the same code path.

  Old	New
  read:content	content:read
  write:content	content:write
  read:media	media:read
  write:media	media:write
  read:users	users:read
  network:fetch	network:request
  network:fetch:any	network:request:unrestricted
  email:provide	hooks.email-transport:register
  email:intercept	hooks.email-events:register
  page:inject	hooks.page-fragments:register

  Existing installs keep working — manifests are normalized at every external boundary and diffCapabilities normalizes both sides so version upgrades that only rename do not trigger a "capability changed" prompt. Deprecated names will be removed in the next minor.

Patch Changes

• Updated dependencies [e2b3c6c, 9dfc65c, e0dc6fb, c22fb3a, 6a4e9b8, 0ee372a, 22a16ee, 1e2b024, 81662e9, 2f22f57, ef3f076, a9c29ea, e7df21f, d5f7c48, 8ae227c, e2d5d16, 0d98c62, 64bf5b9, e81aa0f, 0041d76, cee403d, a8bac5d, 5b6f059, a86ff80, d4be24f, eb6dbd0]:
  • emdash@0.9.0