@company-semantics/contracts 27.3.0 → 27.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/api/generated-spec-hash.ts +2 -2
- package/src/api/generated.ts +14 -14
- package/src/content/schemas.ts +38 -0
- package/src/org/company-md.ts +40 -3
package/package.json
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
// AUTO-GENERATED — do not edit. Run pnpm generate:spec-hash to regenerate.
|
|
2
|
-
export const SPEC_HASH = '
|
|
3
|
-
export const SPEC_HASH_FULL = '
|
|
2
|
+
export const SPEC_HASH = '090fb75c09a2' as const;
|
|
3
|
+
export const SPEC_HASH_FULL = '090fb75c09a20a352791bd84163827b0b23d84b41b5f82c216eae20fa5a3909d' as const;
|
package/src/api/generated.ts
CHANGED
|
@@ -4440,6 +4440,13 @@ export interface components {
|
|
|
4440
4440
|
memberCount: number;
|
|
4441
4441
|
description?: string;
|
|
4442
4442
|
orderKey?: string;
|
|
4443
|
+
/** @enum {string} */
|
|
4444
|
+
discoverabilityPolicy: "org" | "owners";
|
|
4445
|
+
/** @enum {string} */
|
|
4446
|
+
classification: "public" | "internal" | "confidential" | "highly_confidential";
|
|
4447
|
+
/** @enum {string} */
|
|
4448
|
+
accessState?: "full" | "redacted_admin" | "locked_requestable";
|
|
4449
|
+
canRequestAccess?: boolean;
|
|
4443
4450
|
}[];
|
|
4444
4451
|
nextCursor: string | null;
|
|
4445
4452
|
hasMore: boolean;
|
|
@@ -4453,7 +4460,14 @@ export interface components {
|
|
|
4453
4460
|
content: string;
|
|
4454
4461
|
contentRedacted?: boolean;
|
|
4455
4462
|
/** @enum {string} */
|
|
4463
|
+
accessState?: "full" | "redacted_admin" | "locked_requestable";
|
|
4464
|
+
canRequestAccess?: boolean;
|
|
4465
|
+
/** @enum {string} */
|
|
4456
4466
|
visibility: "private" | "unit" | "org";
|
|
4467
|
+
/** @enum {string} */
|
|
4468
|
+
discoverabilityPolicy: "org" | "owners";
|
|
4469
|
+
/** @enum {string} */
|
|
4470
|
+
classification: "public" | "internal" | "confidential" | "highly_confidential";
|
|
4457
4471
|
parentId: string | null;
|
|
4458
4472
|
owningUnitId: string | null;
|
|
4459
4473
|
owner: {
|
|
@@ -8467,13 +8481,6 @@ export interface operations {
|
|
|
8467
8481
|
};
|
|
8468
8482
|
content?: never;
|
|
8469
8483
|
};
|
|
8470
|
-
/** @description Requires org.view_company_md scope */
|
|
8471
|
-
403: {
|
|
8472
|
-
headers: {
|
|
8473
|
-
[name: string]: unknown;
|
|
8474
|
-
};
|
|
8475
|
-
content?: never;
|
|
8476
|
-
};
|
|
8477
8484
|
};
|
|
8478
8485
|
};
|
|
8479
8486
|
companyMdContextDocSuggestions: {
|
|
@@ -8503,13 +8510,6 @@ export interface operations {
|
|
|
8503
8510
|
};
|
|
8504
8511
|
content?: never;
|
|
8505
8512
|
};
|
|
8506
|
-
/** @description Requires org.view_company_md scope */
|
|
8507
|
-
403: {
|
|
8508
|
-
headers: {
|
|
8509
|
-
[name: string]: unknown;
|
|
8510
|
-
};
|
|
8511
|
-
content?: never;
|
|
8512
|
-
};
|
|
8513
8513
|
};
|
|
8514
8514
|
};
|
|
8515
8515
|
searchCompanyMd: {
|
package/src/content/schemas.ts
CHANGED
|
@@ -59,6 +59,25 @@ const CompanyMdTreeNodeSchema = z.object({
|
|
|
59
59
|
description: z.string().optional(),
|
|
60
60
|
/** Fractional-index key for ordered entity wrappers (unit/context). */
|
|
61
61
|
orderKey: z.string().optional(),
|
|
62
|
+
// Governance + discovery projections of the node (ADR-BE-348 / ADR-CTRL-194).
|
|
63
|
+
// Present on the TS `CompanyMdNodeIdentity` since the projection split but only
|
|
64
|
+
// now promoted into the published response schema. `discoverabilityPolicy`
|
|
65
|
+
// governs who knows the node exists; `classification` is the governance label
|
|
66
|
+
// (drives no permission).
|
|
67
|
+
discoverabilityPolicy: z.enum(["org", "owners"]),
|
|
68
|
+
classification: z.enum([
|
|
69
|
+
"public",
|
|
70
|
+
"internal",
|
|
71
|
+
"confidential",
|
|
72
|
+
"highly_confidential",
|
|
73
|
+
]),
|
|
74
|
+
// Combined Authorization + Discovery read-state for the requesting actor
|
|
75
|
+
// (ADR-BE-348). Set on non-reader stubs the tree now surfaces; absent on
|
|
76
|
+
// full-read nodes (treat as `full`).
|
|
77
|
+
accessState: z
|
|
78
|
+
.enum(["full", "redacted_admin", "locked_requestable"])
|
|
79
|
+
.optional(),
|
|
80
|
+
canRequestAccess: z.boolean().optional(),
|
|
62
81
|
});
|
|
63
82
|
|
|
64
83
|
// ---------------------------------------------------------------------------
|
|
@@ -83,7 +102,26 @@ export const CompanyMdDocResponseSchema = z.object({
|
|
|
83
102
|
* its body (ADR-BE-245). Omitted/`false` on the normal full-content path.
|
|
84
103
|
*/
|
|
85
104
|
contentRedacted: z.boolean().optional(),
|
|
105
|
+
// Combined Authorization + Discovery read-state for the requesting actor
|
|
106
|
+
// (ADR-BE-348): `full` (reader), `redacted_admin` (inspectable metadata stub),
|
|
107
|
+
// `locked_requestable` (listed locked stub). Optional for back-compat with
|
|
108
|
+
// legacy paths that set only `contentRedacted`.
|
|
109
|
+
accessState: z
|
|
110
|
+
.enum(["full", "redacted_admin", "locked_requestable"])
|
|
111
|
+
.optional(),
|
|
112
|
+
/** Whether the requesting actor may request access (ADR-BE-348 / ADR-BE-338). */
|
|
113
|
+
canRequestAccess: z.boolean().optional(),
|
|
86
114
|
visibility: z.enum(["private", "unit", "org"]),
|
|
115
|
+
// Governance + discovery projections (ADR-BE-348 / ADR-CTRL-194). Present on
|
|
116
|
+
// the TS contract since the projection split; now promoted into the published
|
|
117
|
+
// response schema so consumers receive them typed.
|
|
118
|
+
discoverabilityPolicy: z.enum(["org", "owners"]),
|
|
119
|
+
classification: z.enum([
|
|
120
|
+
"public",
|
|
121
|
+
"internal",
|
|
122
|
+
"confidential",
|
|
123
|
+
"highly_confidential",
|
|
124
|
+
]),
|
|
87
125
|
parentId: z.string().nullable(),
|
|
88
126
|
owningUnitId: z.string().nullable(),
|
|
89
127
|
owner: CompanyMdPersonSchema.nullable(),
|
package/src/org/company-md.ts
CHANGED
|
@@ -39,9 +39,26 @@ export type CompanyMdDiscoverabilityPolicy = "org" | "owners";
|
|
|
39
39
|
|
|
40
40
|
/**
|
|
41
41
|
* Information classification for a Company.md node — *what the document is*, for
|
|
42
|
-
* governance, NOT permissions (ADR-CTRL-194 / ADR-BE-338).
|
|
43
|
-
*
|
|
44
|
-
*
|
|
42
|
+
* governance, NOT permissions (ADR-CTRL-194 / ADR-BE-338 / ADR-BE-348). It is the
|
|
43
|
+
* input to the Governance projection and NEVER participates in authorization or
|
|
44
|
+
* discovery (ADR-BE-348 invariant 4).
|
|
45
|
+
*
|
|
46
|
+
* The value is now emitted on the published response schemas (tree + doc) so a
|
|
47
|
+
* consumer can read it. Enforcement behaviors remain deferred — each is named
|
|
48
|
+
* with the concrete trigger that promotes it from decorative to enforced:
|
|
49
|
+
*
|
|
50
|
+
* - **Export watermarking** — wire when a doc-export/download surface ships
|
|
51
|
+
* (`confidential`+ stamps the exporter identity + timestamp).
|
|
52
|
+
* - **Share-approval friction** — wire when external/cross-org sharing exists
|
|
53
|
+
* (`highly_confidential` requires a second approver before an ACL grant lands).
|
|
54
|
+
* - **Retrieval rules** — wire when agent browsing / RAG over knowledge nodes is
|
|
55
|
+
* on (`confidential`+ excluded from un-attributed retrieval contexts).
|
|
56
|
+
* - **Audit verbosity** — wire when the audit sink supports per-class verbosity
|
|
57
|
+
* (`highly_confidential` reads emit a full access record, not a sampled one).
|
|
58
|
+
*
|
|
59
|
+
* Until those surfaces exist there is nothing to gate, so classification is
|
|
60
|
+
* carried, not enforced — a deliberate "named now, enforced on trigger" deferral,
|
|
61
|
+
* not an omission.
|
|
45
62
|
*/
|
|
46
63
|
export type CompanyMdClassification =
|
|
47
64
|
| "public"
|
|
@@ -159,6 +176,26 @@ export interface CompanyMdTreeNode extends CompanyMdNodeIdentity {
|
|
|
159
176
|
* unordered types.
|
|
160
177
|
*/
|
|
161
178
|
readonly orderKey?: string;
|
|
179
|
+
/**
|
|
180
|
+
* Combined Authorization + Discovery read-state of this tree node for the
|
|
181
|
+
* requesting actor (ADR-BE-348). The tree now surfaces discoverable nodes a
|
|
182
|
+
* non-reader cannot read, as stubs:
|
|
183
|
+
* - `full`: actor holds a read grant — the normal, fully-navigable node.
|
|
184
|
+
* - `redacted_admin`: non-reader at Discovery `inspectable` (oversight/owner) —
|
|
185
|
+
* a metadata stub.
|
|
186
|
+
* - `locked_requestable`: non-reader at Discovery `listed` — a locked stub.
|
|
187
|
+
* Discovery `hidden` nodes are omitted from the tree entirely (no leak).
|
|
188
|
+
* Omitted on legacy/full-content nodes that predate the stub surface; treat an
|
|
189
|
+
* absent value as `full`.
|
|
190
|
+
*/
|
|
191
|
+
readonly accessState?: "full" | "redacted_admin" | "locked_requestable";
|
|
192
|
+
/**
|
|
193
|
+
* Whether the requesting actor may request access to this node — the same
|
|
194
|
+
* resolver the read affordance uses (ADR-BE-348). Set on non-reader stubs so
|
|
195
|
+
* the tree can render a "Request access" affordance; absent/`false` on nodes
|
|
196
|
+
* the actor already reads.
|
|
197
|
+
*/
|
|
198
|
+
readonly canRequestAccess?: boolean;
|
|
162
199
|
}
|
|
163
200
|
|
|
164
201
|
export interface CompanyMdDocCore extends CompanyMdNodeIdentity {
|