import { SDK } from '@meetkai/mka1'
const mka1 = new SDK({ bearerAuth: 'Bearer YOUR_API_KEY' })
// Step 1 — Alice creates a conversation (she becomes the owner)
const conv = await mka1.llm.conversations.create(
{ metadata: { project: 'acme' } },
{ headers: { 'X-On-Behalf-Of': 'user_alice' } }
)
const resourceId = conv.id
// Step 2 — Alice grants reader access to Bob
await mka1.permissions.llm.grant(
{
resourceType: 'conversation',
resourceId,
userId: 'user_bob',
role: 'reader',
},
{ headers: { 'X-On-Behalf-Of': 'user_alice' } }
)
// Step 3 — Check Bob's permissions
// Bob has reader access → allowed
const bobReader = await mka1.permissions.llm.check(
{
resourceType: 'conversation',
resourceId,
role: 'reader',
},
{ headers: { 'X-On-Behalf-Of': 'user_bob' } }
)
console.log('Bob reader:', bobReader.allowed) // true
// Bob does NOT have writer access → denied
const bobWriter = await mka1.permissions.llm.check(
{
resourceType: 'conversation',
resourceId,
role: 'writer',
},
{ headers: { 'X-On-Behalf-Of': 'user_bob' } }
)
console.log('Bob writer:', bobWriter.allowed) // false
// Step 4 — Bob tries to grant (fails with 403)
try {
await mka1.permissions.llm.grant(
{
resourceType: 'conversation',
resourceId,
userId: 'user_charlie',
role: 'reader',
},
{ headers: { 'X-On-Behalf-Of': 'user_bob' } }
)
} catch (err) {
console.log('Bob grant rejected:', err.statusCode) // 403
}
// Step 5 — Alice revokes Bob's access
await mka1.permissions.llm.revoke(
{
resourceType: 'conversation',
resourceId,
userId: 'user_bob',
role: 'reader',
},
{ headers: { 'X-On-Behalf-Of': 'user_alice' } }
)
// Step 6 — Verify Bob is now denied
const bobAfterRevoke = await mka1.permissions.llm.check(
{
resourceType: 'conversation',
resourceId,
role: 'reader',
},
{ headers: { 'X-On-Behalf-Of': 'user_bob' } }
)
console.log('Bob after revoke:', bobAfterRevoke.allowed) // false