Documentation
¶
Overview ¶
Package team adds person-scoped, local-first access control on top of the audit operator. A committed team file lists members and their roles; viewers are blocked from operations that change a database, while admins/editors may proceed. There is no server — the team file lives in the project (or ~/.litescope) and is enforced by the same write entry points as the policy.
Index ¶
Constants ¶
const DefaultFile = "litescope.team.yaml"
DefaultFile is the conventional per-project team filename.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Config ¶
type Config struct {
Team string `yaml:"team"`
Members []Member `yaml:"members"`
// Strict blocks any operator who is not listed as a member. When false
// (default), unknown operators are allowed — the team file only constrains
// the people it names.
Strict bool `yaml:"strict"`
// contains filtered or unexported fields
}
Config is a parsed team file.
func Load ¶
Load resolves a team config from, in order: $LITESCOPE_TEAM, ./litescope.team.yaml, ~/.litescope/team.yaml. A missing file is not an error — it returns an empty (allow-all) config.
func (*Config) CanWrite ¶
CanWrite reports whether operator may perform a mutating operation, with a human-readable reason when they may not. A nil/empty config allows everyone.