@elevasis/core 0.20.0 → 0.22.0

package/src/integrations/credentials/schemas.ts

@@ -1,164 +1,200 @@
-import { z } from 'zod'
-
-/**
- * Credential field definition
- */
-export interface CredentialField {
-  key: string
-  label: string
-  type: 'password' | 'text'
-  required: boolean
-  placeholder?: string
-  description?: string
-}
-
-/**
- * Credential schema definition
- */
-export interface CredentialSchema {
-  type: string
-  label: string
-  description: string
-  fields?: CredentialField[]
-  docsUrl?: string
-  nameSuggestions: string[]
-  oauthProvider?: string // For OAuth types
-}
-
-/**
- * Zod schemas for runtime validation
- */
-const CredentialFieldSchema = z.object({
-  key: z.string(),
-  label: z.string(),
-  type: z.enum(['password', 'text']),
-  required: z.boolean(),
-  placeholder: z.string().optional(),
-  description: z.string().optional()
-})
-
-const CredentialSchemaZod = z.object({
-  type: z.string(),
-  label: z.string(),
-  description: z.string(),
-  fields: z.array(CredentialFieldSchema).optional(),
-  docsUrl: z.string().url().optional(),
-  nameSuggestions: z.array(z.string()),
-  oauthProvider: z.string().optional()
-})
-
-/**
- * Credential Schema Registry
- *
- * Add new integration = add schema object here (no modal changes needed)
- *
- * Schema types:
- * - oauth: OAuth-based authentication (handled via OAuth flow)
- * - single_field: Single API key field (generic)
- */
-export const CREDENTIAL_SCHEMAS: Record<string, CredentialSchema> = {
-  'google-sheets': {
-    type: 'oauth',
-    label: 'Google Sheets',
-    description: 'Google Sheets OAuth integration',
-    oauthProvider: 'google-sheets',
-    nameSuggestions: ['google-sheets-prod', 'google-sheets-dev', 'sheets-workspace']
-  },
-
-  dropbox: {
-    type: 'oauth',
-    label: 'Dropbox',
-    description: 'Dropbox OAuth integration',
-    oauthProvider: 'dropbox',
-    nameSuggestions: ['dropbox-prod', 'dropbox-dev', 'elevasis-dropbox']
-  },
-
-  oauth: {
-    type: 'oauth',
-    label: 'OAuth',
-    description: 'Generic OAuth credential',
-    nameSuggestions: []
-  },
-
-  'api-key': {
-    type: 'single_field',
-    label: 'API Key',
-    description: 'Single-field API key credential',
-    fields: [
-      {
-        key: 'apiKey',
-        label: 'API Key',
-        type: 'password',
-        required: true,
-        placeholder: 'Enter your API key',
-        description: 'API key for the service'
-      }
-    ],
-    nameSuggestions: ['service-prod', 'service-dev', 'api-key']
-  },
-
-  'webhook-secret': {
-    type: 'single_field',
-    label: 'Webhook Secret',
-    description: 'Webhook signing secret for signature validation',
-    fields: [
-      {
-        key: 'signingSecret',
-        label: 'Signing Secret',
-        type: 'password',
-        required: true,
-        placeholder: 'whsec_...',
-        description: 'Webhook signing secret from provider dashboard'
-      }
-    ],
-    nameSuggestions: ['my-org-cal-com-webhook', 'my-org-stripe-webhook', 'my-org-signature-api-webhook']
-  },
-
-  'api-key-secret': {
-    type: 'api-key-secret',
-    label: 'API Key + Secret',
-    description: 'API key and secret pair authentication',
-    fields: [
-      {
-        key: 'apiKey',
-        label: 'API Key',
-        type: 'password',
-        required: true
-      },
-      {
-        key: 'apiSecret',
-        label: 'API Secret',
-        type: 'password',
-        required: true
-      }
-    ],
-    nameSuggestions: []
-  }
-}
-
-/**
- * Get credential schema by type
- * @param type - Credential type identifier
- * @returns Validated credential schema
- * @throws ZodError if schema is malformed
- */
-export function getCredentialSchema(type: string): CredentialSchema {
-  const schema = CREDENTIAL_SCHEMAS[type] || CREDENTIAL_SCHEMAS['api-key']
-  return CredentialSchemaZod.parse(schema)
-}
-
-/**
- * List all available credential types (for frontend dropdown)
- * @returns Array of credential schemas
- */
-export function listCredentialSchemas(): CredentialSchema[] {
-  return Object.values(CREDENTIAL_SCHEMAS)
-}
-
-/**
- * Get all credential type identifiers
- * @returns Array of type strings
- */
-export function getCredentialTypes(): string[] {
-  return Object.keys(CREDENTIAL_SCHEMAS)
-}
+import { z } from 'zod'
+
+/**
+ * Credential field definition
+ */
+export interface CredentialField {
+  key: string
+  label: string
+  type: 'password' | 'text'
+  required: boolean
+  placeholder?: string
+  description?: string
+}
+
+/**
+ * Credential schema definition
+ */
+export interface CredentialSchema {
+  type: string
+  label: string
+  description: string
+  fields?: CredentialField[]
+  docsUrl?: string
+  nameSuggestions: string[]
+  oauthProvider?: string // For OAuth types
+}
+
+/**
+ * Zod schemas for runtime validation
+ */
+const CredentialFieldSchema = z.object({
+  key: z.string(),
+  label: z.string(),
+  type: z.enum(['password', 'text']),
+  required: z.boolean(),
+  placeholder: z.string().optional(),
+  description: z.string().optional()
+})
+
+const CredentialSchemaZod = z.object({
+  type: z.string(),
+  label: z.string(),
+  description: z.string(),
+  fields: z.array(CredentialFieldSchema).optional(),
+  docsUrl: z.string().url().optional(),
+  nameSuggestions: z.array(z.string()),
+  oauthProvider: z.string().optional()
+})
+
+/**
+ * Credential Schema Registry
+ *
+ * Add new integration = add schema object here (no modal changes needed)
+ *
+ * Schema types:
+ * - oauth: OAuth-based authentication (handled via OAuth flow)
+ * - single_field: Single API key field (generic)
+ */
+export const CREDENTIAL_SCHEMAS: Record<string, CredentialSchema> = {
+  'google-sheets': {
+    type: 'oauth',
+    label: 'Google Sheets',
+    description: 'Google Sheets OAuth integration',
+    oauthProvider: 'google-sheets',
+    nameSuggestions: ['google-sheets-prod', 'google-sheets-dev', 'sheets-workspace']
+  },
+
+  dropbox: {
+    type: 'oauth',
+    label: 'Dropbox',
+    description: 'Dropbox OAuth integration',
+    oauthProvider: 'dropbox',
+    nameSuggestions: ['dropbox-prod', 'dropbox-dev', 'elevasis-dropbox']
+  },
+
+  oauth: {
+    type: 'oauth',
+    label: 'OAuth',
+    description: 'Generic OAuth credential',
+    nameSuggestions: []
+  },
+
+  'api-key': {
+    type: 'single_field',
+    label: 'API Key',
+    description: 'Single-field API key credential',
+    fields: [
+      {
+        key: 'apiKey',
+        label: 'API Key',
+        type: 'password',
+        required: true,
+        placeholder: 'Enter your API key',
+        description: 'API key for the service'
+      }
+    ],
+    nameSuggestions: ['service-prod', 'service-dev', 'api-key']
+  },
+
+  'webhook-secret': {
+    type: 'single_field',
+    label: 'Webhook Secret',
+    description: 'Webhook signing secret for signature validation',
+    fields: [
+      {
+        key: 'signingSecret',
+        label: 'Signing Secret',
+        type: 'password',
+        required: true,
+        placeholder: 'whsec_...',
+        description: 'Webhook signing secret from provider dashboard'
+      }
+    ],
+    nameSuggestions: ['my-org-cal-com-webhook', 'my-org-stripe-webhook', 'my-org-signature-api-webhook']
+  },
+
+  'api-key-secret': {
+    type: 'api-key-secret',
+    label: 'API Key + Secret',
+    description: 'API key and secret pair authentication',
+    fields: [
+      {
+        key: 'apiKey',
+        label: 'API Key',
+        type: 'password',
+        required: true
+      },
+      {
+        key: 'apiSecret',
+        label: 'API Secret',
+        type: 'password',
+        required: true
+      }
+    ],
+    nameSuggestions: []
+  },
+
+  apify: {
+    type: 'single_field',
+    label: 'Apify',
+    description: 'Apify API token for running web-scraping actors (e.g. website crawl, Google Places scrape).',
+    fields: [
+      {
+        key: 'apiKey',
+        label: 'API Token',
+        type: 'password',
+        required: true,
+        placeholder: 'apify_api_...',
+        description: 'Personal API token from https://console.apify.com/account/integrations'
+      }
+    ],
+    docsUrl: 'https://docs.apify.com/platform/integrations/api',
+    nameSuggestions: ['elevasis-apify', 'apify-prod', 'apify-dev']
+  },
+
+  clickup: {
+    type: 'single_field',
+    label: 'ClickUp',
+    description: 'ClickUp personal API token for creating tasks in tenant-managed ClickUp workspaces.',
+    fields: [
+      {
+        key: 'apiToken',
+        label: 'API Token',
+        type: 'password',
+        required: true,
+        placeholder: 'pk_...',
+        description: 'Personal API token from ClickUp settings. Personal tokens start with pk_.'
+      }
+    ],
+    docsUrl: 'https://developer.clickup.com/docs/authentication',
+    nameSuggestions: ['clickup-demo', 'clickup-prod', 'clickup-dev']
+  }
+}
+
+/**
+ * Get credential schema by type
+ * @param type - Credential type identifier
+ * @returns Validated credential schema
+ * @throws ZodError if schema is malformed
+ */
+export function getCredentialSchema(type: string): CredentialSchema {
+  const schema = CREDENTIAL_SCHEMAS[type] || CREDENTIAL_SCHEMAS['api-key']
+  return CredentialSchemaZod.parse(schema)
+}
+
+/**
+ * List all available credential types (for frontend dropdown)
+ * @returns Array of credential schemas
+ */
+export function listCredentialSchemas(): CredentialSchema[] {
+  return Object.values(CREDENTIAL_SCHEMAS)
+}
+
+/**
+ * Get all credential type identifiers
+ * @returns Array of type strings
+ */
+export function getCredentialTypes(): string[] {
+  return Object.keys(CREDENTIAL_SCHEMAS)
+}

package/src/organization-model/README.md

@@ -47,10 +47,13 @@ Top-level fields:
 - `offerings`
 - `roles`
 - `goals`
+- `systems`
+- `resources`
 - `statuses`
 - `operations`
+- `knowledge`
 
-Resources bind to the graph from deployment metadata through `links` and `category`.
+Resource identity is authored in `resources.entries`. Runtime workflows, agents, and integrations import those descriptors, derive `resourceId` and kind from them, and attach executable behavior in operations code.
 
 ## Feature Set
 
@@ -77,6 +80,10 @@ Cross-collection links use kind-prefixed IDs:
 - `resource:lead-import`
 - `capability:operations.queue.review`
 
+## Resource Descriptors
+
+The OM Resources domain is governance-only. Descriptors declare canonical `id`, required `systemId`, governance `status`, and optional role ownership. `DeploymentSpec` remains the runtime/deploy assembly around those descriptors, not a second resource identity catalog.
+
 ## Resolution Semantics
 
 - `defineOrganizationModel()` is a typed helper.
@@ -92,11 +99,11 @@ Cross-collection links use kind-prefixed IDs:
 - Child feature IDs require ancestor feature nodes.
 - Container features omit `path`.
 - Leaf features provide `path`.
-- Resource links are validated against graph node IDs during registry registration.
+- Systems, resources, roles, knowledge nodes, and goals must resolve their declared cross-references.
 
 ## Practical Guidance
 
 - Use `resolveOrganizationModel()` when you need a runtime-safe model.
 - Use `defineOrganizationModel()` when authoring static overrides.
 - Keep feature IDs stable because shell routing, gating, breadcrumbs, and docs depend on them.
-- Put semantic resource relationships on resource metadata, not on feature nodes.
+- Put resource identity and governance in `resources.entries`; attach executable behavior in operations.

package/src/organization-model/__tests__/defaults.test.ts

@@ -14,6 +14,7 @@ import { DEFAULT_ORGANIZATION_MODEL_OPERATIONS } from '../domains/operations'
 import { OperationsDomainSchema } from '../domains/operations'
 import { DEFAULT_ORGANIZATION_MODEL_STATUSES } from '../domains/statuses'
 import { StatusesDomainSchema } from '../domains/statuses'
+import { DEFAULT_ORGANIZATION_MODEL_SYSTEMS, SystemsDomainSchema } from '../domains/systems'
 import { resolveOrganizationModel } from '../resolve'
 import { OrganizationModelSchema } from '../schema'
 
@@ -55,6 +56,11 @@ const domainCases = [
     name: 'DEFAULT_ORGANIZATION_MODEL_OPERATIONS',
     constant: DEFAULT_ORGANIZATION_MODEL_OPERATIONS,
     schema: OperationsDomainSchema
+  },
+  {
+    name: 'DEFAULT_ORGANIZATION_MODEL_SYSTEMS',
+    constant: DEFAULT_ORGANIZATION_MODEL_SYSTEMS,
+    schema: SystemsDomainSchema
   }
 ] as const
 

package/src/organization-model/__tests__/domains/resources.test.ts

@@ -0,0 +1,188 @@
+import { describe, expect, it } from 'vitest'
+import { bindResourceDescriptor } from '../../../platform/registry/types'
+import {
+  DEFAULT_ORGANIZATION_MODEL_RESOURCES,
+  ResourceEntrySchema,
+  ResourceKindSchema,
+  ResourcesDomainSchema,
+  defineResource,
+  defineResources
+} from '../../domains/resources'
+import { resolveOrganizationModel } from '../../resolve'
+
+const VALID_SYSTEM = {
+  id: 'sys.lead-gen',
+  title: 'Lead Generation Pipeline',
+  description: 'Coordinates prospecting, enrichment, qualification, and outreach preparation.',
+  kind: 'operational' as const,
+  status: 'active' as const
+}
+
+const VALID_ROLE = {
+  id: 'role.sales-ops',
+  title: 'Sales Ops'
+}
+
+const WORKFLOW_RESOURCE = {
+  id: 'LGN-01-company-scrape',
+  kind: 'workflow' as const,
+  systemId: 'sys.lead-gen',
+  ownerRoleId: 'role.sales-ops',
+  status: 'active' as const,
+  capabilityKey: 'lead-gen.company.scrape'
+}
+
+const AGENT_RESOURCE = {
+  id: 'command-center-assistant',
+  kind: 'agent' as const,
+  systemId: 'sys.lead-gen',
+  ownerRoleId: 'role.sales-ops',
+  status: 'active' as const,
+  agentKind: 'system' as const,
+  actsAsRoleId: 'role.sales-ops',
+  sessionCapable: true
+}
+
+const INTEGRATION_RESOURCE = {
+  id: 'attio-crm',
+  kind: 'integration' as const,
+  systemId: 'sys.lead-gen',
+  ownerRoleId: 'role.sales-ops',
+  status: 'active' as const,
+  provider: 'attio'
+}
+
+function resolveWithResources(resources: unknown[]) {
+  return resolveOrganizationModel({
+    roles: { roles: [VALID_ROLE] },
+    systems: { systems: [VALID_SYSTEM] },
+    resources: { entries: resources }
+  })
+}
+
+describe('ResourceEntrySchema', () => {
+  it('accepts workflow, agent, and integration descriptors with required systemId', () => {
+    expect(ResourceEntrySchema.safeParse(WORKFLOW_RESOURCE).success).toBe(true)
+    expect(ResourceEntrySchema.safeParse(AGENT_RESOURCE).success).toBe(true)
+    expect(ResourceEntrySchema.safeParse(INTEGRATION_RESOURCE).success).toBe(true)
+  })
+
+  it('rejects resources without a systemId', () => {
+    const { systemId: _systemId, ...resourceWithoutSystem } = WORKFLOW_RESOURCE
+
+    expect(ResourceEntrySchema.safeParse(resourceWithoutSystem).success).toBe(false)
+  })
+
+  it('rejects multi-system membership', () => {
+    expect(
+      ResourceEntrySchema.safeParse({
+        ...WORKFLOW_RESOURCE,
+        systemId: ['sys.lead-gen', 'sys.crm']
+      }).success
+    ).toBe(false)
+  })
+
+  it('rejects an agent kind outside the code-side mirror enum', () => {
+    expect(
+      ResourceEntrySchema.safeParse({
+        ...AGENT_RESOURCE,
+        agentKind: 'runner'
+      }).success
+    ).toBe(false)
+  })
+})
+
+describe('ResourcesDomainSchema', () => {
+  it('defaults resources to an empty array when omitted', () => {
+    const result = ResourcesDomainSchema.safeParse({})
+
+    expect(result.success).toBe(true)
+    if (result.success) {
+      expect(result.data).toEqual(DEFAULT_ORGANIZATION_MODEL_RESOURCES)
+    }
+  })
+
+  it.each(['workflow', 'agent', 'integration'] as const)('accepts kind "%s"', (kind) => {
+    expect(ResourceKindSchema.safeParse(kind).success).toBe(true)
+  })
+})
+
+describe('resolveOrganizationModel - resources domain integration', () => {
+  it('accepts valid resources with system and role references', () => {
+    const model = resolveWithResources([WORKFLOW_RESOURCE, AGENT_RESOURCE, INTEGRATION_RESOURCE])
+
+    expect(model.resources.entries).toHaveLength(3)
+  })
+
+  it('throws when resource IDs are duplicated', () => {
+    expect(() =>
+      resolveWithResources([
+        WORKFLOW_RESOURCE,
+        {
+          ...WORKFLOW_RESOURCE,
+          capabilityKey: 'lead-gen.company.scrape-duplicate'
+        }
+      ])
+    ).toThrow(/Resource id \\"LGN-01-company-scrape\\" must be unique/)
+  })
+
+  it('throws when systemId references an unknown system', () => {
+    expect(() =>
+      resolveWithResources([
+        {
+          ...WORKFLOW_RESOURCE,
+          systemId: 'sys.missing'
+        }
+      ])
+    ).toThrow(/unknown systemId \\"sys\.missing\\"/)
+  })
+
+  it('throws when ownerRoleId references an unknown role', () => {
+    expect(() =>
+      resolveWithResources([
+        {
+          ...WORKFLOW_RESOURCE,
+          ownerRoleId: 'role.missing'
+        }
+      ])
+    ).toThrow(/unknown ownerRoleId \\"role\.missing\\"/)
+  })
+
+  it('throws when agent actsAsRoleId references an unknown role', () => {
+    expect(() =>
+      resolveWithResources([
+        {
+          ...AGENT_RESOURCE,
+          actsAsRoleId: 'role.missing'
+        }
+      ])
+    ).toThrow(/unknown actsAsRoleId \\"role\.missing\\"/)
+  })
+})
+
+describe('descriptor helper contract', () => {
+  it('preserves typed descriptor exports through defineResource and defineResources', () => {
+    const workflow = defineResource(WORKFLOW_RESOURCE)
+    const resources = defineResources({
+      companyScrape: WORKFLOW_RESOURCE,
+      commandCenterAssistant: AGENT_RESOURCE
+    })
+
+    expect(workflow.id).toBe('LGN-01-company-scrape')
+    expect(resources.commandCenterAssistant.agentKind).toBe('system')
+  })
+
+  it('derives runtime resourceId and type from the descriptor', () => {
+    const bound = bindResourceDescriptor({
+      resource: WORKFLOW_RESOURCE,
+      name: 'Company Scrape',
+      description: 'Scrapes company data for lead generation.',
+      version: '1.0.0',
+      status: 'prod'
+    })
+
+    expect(bound.resourceId).toBe('LGN-01-company-scrape')
+    expect(bound.type).toBe('workflow')
+    expect(bound.resource).toBe(WORKFLOW_RESOURCE)
+  })
+})