Family App Demo

Family Atlas

A browser workspace for the policy-heavy family_app.eon example: registration, family bootstrap, runtime grants, and shared household tools.

Built-in auth Create.require Hybrid runtime grants Relation-aware policies

Suggested flow

Register a guardian or caregiver account, then log in.
Create a family and add family members immediately.
Create a household inside the selected family.
Log in as admin to grant a runtime template like Caregiver@Family=42.
Use runtime assignments to widen access without changing static row policies.

Session

Current identity

No active session.

No family selected No household selected

Auth mode: No bearer token loaded
Portal: /api/auth/portal
Admin: /api/auth/admin

Session payload

No session loaded yet.

Activity

Timeline

Requests, selections, and policy hints will appear here.

Auth

Register and log in

Bootstrap reminder

vsr setup creates the admin account, base auth tables, and the family example migrations. The SPA works against the same generated API and uses bearer tokens returned by /api/auth/login.

This example keeps permissions in runtime authz tables rather than on the built-in user row. Family selection is local UI state, while elevated access comes from scoped runtime assignments.

Bootstrap

Family creation and selection

Visible families

Selection drives the member, household, and runtime panels.

Log in to load families.

People

Family members

Selected family User ID to add Display name Role label Mark as child

This uses FamilyMember.create.require against the posted family_id and the current owner.

Membership rows

Visibility changes with relation-aware row policies and family membership.

Select a family to load members.

Family-scoped

Households and shared spaces

Selected family Household slug Household label Timezone

Household creation is authorized by relation-aware membership checks on the posted family_id.

Household rows

Selection stays local to the SPA instead of mutating auth claims.

Select a family to load households.

Hybrid access

Shopping board

Selected household Item title Create as completed

ShoppingItem supports hybrid runtime create/read/update/delete when the selected family has a matching scoped grant.

Shopping items

Toggle and delete call the generated CRUD endpoints.

Select a family or household to load shopping items.

Schedule

Household calendar

Selected household Event title Starts at Ends at

CalendarEvent runtime grants widen read/update/delete. Create still follows the static family membership path.

Calendar events

Rendered from the nested household route.

Select a household to load events.

Admin

User directory and runtime targeting

Email filter

Admin users can list built-in accounts here.

Runtime authz

Assignments, audit trail, and evaluation

User ID Target kind Target name Scope Scope value Expires at (optional)

Current assignments

Revoke and renew are non-destructive.

Load a user to inspect runtime assignments.

Assignment events

Append-only history from the runtime authz tables.

History will appear after loading assignments.

User ID Resource Action Scope Scope value

No runtime evaluation yet.