docs(core): state the write-bit recoverability trust model in the spec#78
Merged
Merged
Conversation
Finishes the remaining #59 work items now that #60 (undelete) and #61 (unified versioning) have landed: - Spec §Permissions gains "The write bit: a recoverability trust model" — the verb table (update/associate/dissociate/restoreVersion/soft-delete are all reversible via versioning or undelete; hard delete is never reachable) and the owner/creator-only list (hard delete, setPermissions), stating plainly why those two sit outside the coarse write bit instead of being unexplained special cases. - Layer 2 gains a note on why grants stay fine-grained per-verb while record-level write stays one coarse bit, and that associate/dissociate ride update-own/update-any rather than getting their own grant action. - Test: a write-holder's soft delete is undeletable by the owner — the specific cross-entity recoverability scenario #59's own test checklist called for once the undelete API existed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Finishes the remaining work items from #59, now that its two prerequisites — #60 (undelete API) and #61 (unified versioning rule) — have both landed.
#59's own carve-out (hard delete is owner-only) merged first in #75. The rest of its checklist was explicitly blocked on undelete and association versioning existing, so it was left for follow-up. With both now in place, this PR:
writebit: a recoverability trust model," stating the model plainly:update,associate/dissociate,restoreVersion, and softdeleteare all reversible (via versioning orundelete()); hard delete is never reachable through thewritebit.setPermissions()sit outside the coarse bit entirely, because they're either irreversible or privilege-bearing — the existingsetPermissionscarve-out stops being an unexplained special case and becomes the pattern's first stated instance.writestays one coarse bit, grants stay precise per verb — and thatassociate()/dissociate()rideupdate-own/update-anyrather than getting their own grant action.writestays one bit — but everything it permits must be recoverable, and irreversible verbs get carved out #59's own test checklist — a write-holder soft-deletes a record, and the owner can undelete it — now that the undelete API exists to make this checkable.Test plan
a write-holder soft-delete is undeletable by the owner — recoverability holdspnpm --filter @haverstack/core typecheck— cleanpnpm --filter @haverstack/core lint— cleanpnpm --filter @haverstack/core test— 224 tests passingprettier --checkon changed files — cleanRefs #59, #60, #61
Generated by Claude Code