@elevasis/core 0.28.0 → 0.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. package/dist/auth/index.d.ts +5289 -0
  2. package/dist/auth/index.js +595 -0
  3. package/dist/index.d.ts +11 -11
  4. package/dist/knowledge/index.d.ts +1 -1
  5. package/dist/organization-model/index.d.ts +11 -11
  6. package/dist/test-utils/index.d.ts +24 -1
  7. package/package.json +7 -3
  8. package/src/__tests__/publish.test.ts +8 -7
  9. package/src/auth/__tests__/access-key-coverage.test.ts +42 -0
  10. package/src/auth/__tests__/access-key-scan.ts +117 -0
  11. package/src/auth/__tests__/access-keys.test.ts +81 -0
  12. package/src/auth/__tests__/access-model.test.ts +257 -0
  13. package/src/auth/__tests__/access-test-fixtures.ts +50 -0
  14. package/src/auth/__tests__/key-catalog-drift.test.ts +33 -0
  15. package/src/auth/__tests__/platform-admin-bypass-parity.test.ts +67 -0
  16. package/src/auth/access-keys.ts +173 -0
  17. package/src/auth/access-model.ts +185 -0
  18. package/src/auth/index.ts +6 -2
  19. package/src/auth/multi-tenancy/memberships/membership.ts +2 -4
  20. package/src/auth/multi-tenancy/permissions.ts +1 -1
  21. package/src/auth/multi-tenancy/types.ts +3 -12
  22. package/src/business/acquisition/api-schemas.test.ts +59 -8
  23. package/src/business/acquisition/api-schemas.ts +10 -5
  24. package/src/business/acquisition/build-templates.test.ts +187 -240
  25. package/src/business/acquisition/build-templates.ts +87 -98
  26. package/src/business/acquisition/types.ts +390 -389
  27. package/src/execution/engine/index.ts +6 -4
  28. package/src/execution/engine/tools/lead-service-types.ts +63 -34
  29. package/src/execution/engine/tools/platform/acquisition/types.ts +7 -8
  30. package/src/execution/engine/tools/registry.ts +6 -4
  31. package/src/execution/engine/tools/tool-maps.ts +23 -1
  32. package/src/organization-model/domains/prospecting.ts +2 -327
  33. package/src/organization-model/migration-helpers.ts +16 -12
  34. package/src/reference/_generated/contracts.md +352 -328
  35. package/src/reference/glossary.md +8 -6
  36. package/src/supabase/database.types.ts +13 -0
package/src/reference/glossary.md CHANGED
@@ -7,7 +7,9 @@ description: Terminology disambiguation for Organization OS concepts used in the
7
7
 
8
8
  ## Terms
9
9
 
10
- **AdminGuard** -- route-level admin wrapper from `@elevasis/ui/features/auth`. Must nest inside `ProtectedRoute`.
10
+ **AccessGuard** -- route-level and section-level access wrapper from `@elevasis/ui/auth`. It consumes the unified Access Model and gates on an `accessKey`.
11
+
12
+ **AccessKeys** -- exported access-key constants from `@elevasis/core/auth` / `@repo/core/auth` for platform-admin, diagnostic, and permission-backed gates.
11
13
 
12
14
  **Contract** -- the publishable boundary a consumer depends on: Zod schemas, TypeScript types, provider props, resource definitions, or workflow I/O schemas.
13
15
 
@@ -15,7 +17,7 @@ description: Terminology disambiguation for Organization OS concepts used in the
15
17
 
16
18
  **Feature** -- legacy or UI-package wording for a platform capability area. In the current Organization Model, use **System** for semantic ownership and **navigation surface** for shell placement. Keep "feature" only when referring to existing UI package folders, exported manifest names, or legacy compatibility recipes.
17
19
 
18
- **SystemGuard** -- route-level System gate from `@elevasis/ui/features/auth`.
20
+ **SystemGuard** -- retired route-level System gate. Use **AccessGuard** with a System path or `AccessKeys` constant.
19
21
 
20
22
  **SystemModule** -- manifest contract a shell module provides to `ElevasisSystemsProvider`. Key fields are `key`, optional `systemId`, optional `routePrefixes`, optional `capabilityIds`, optional `icon`, optional `sidebar`, and optional `sidebarWidth`. Graph bridge metadata is compatibility-only; new semantic bindings belong in the Organization Model System, ontology, navigation, and Resource descriptors.
21
23
 
@@ -29,13 +31,13 @@ description: Terminology disambiguation for Organization OS concepts used in the
29
31
 
30
32
  **Manifest** -- a runtime declaration for a feature or resource collection.
31
33
 
32
- **MembershipFeatureConfig** -- legacy per-member feature override config. Current System visibility should be authored through Organization Model System lifecycle/access metadata and resolved through provider compatibility layers for older consumers.
34
+ **MembershipFeatureConfig** -- retired per-member feature override config. The migration is complete: access is resolved through the unified Access Model using Organization Model System lifecycle, role permissions, diagnostic allowlists, membership scope, and platform-admin bypass.
33
35
 
34
36
  **OrganizationModel** -- top-level semantic contract for an organization. Current primary fields include `version`, `domainMetadata`, `branding`, `navigation`, `ontology`, `systems`, `resources`, `topology`, `identity`, `customers`, `offerings`, `roles`, `goals`, `policies`, `statuses`, and `knowledge`. Legacy domain keys such as `sales`, `prospecting`, `projects`, `actions`, and `entities` remain compatibility inputs while projects migrate to System-owned ontology/config/resource contracts.
35
37
 
36
38
  **OrganizationModelSystemEntry** -- System node in `OrganizationModel.systems`. Primary authoring fields include `id`, `label`, `description`, `parentSystemId`, `systems`, `lifecycle`, `ui`, `requiresAdmin`, `devOnly`, `responsibleRoleId`, `governedByKnowledge`, `drivesGoals`, `actions`, `policies`, `ontology`, `config`, and `order`. `subsystems` and `content` are retained compatibility inputs for older projects and should not be used for new recursive Systems, schemas, catalogs, or config.
37
39
 
38
- **Provider / ElevasisSystemsProvider** -- runtime that registers System modules, resolves System access against the org model, projects sidebar navigation, and exposes shell helpers through `useElevasisSystems()`.
40
+ **Provider / ElevasisSystemsProvider** -- runtime that registers System modules, resolves System lifecycle against the org model, projects sidebar navigation, and exposes shell helpers through `useElevasisSystems()`.
39
41
 
40
42
  **Resource** -- governance-only descriptor in `OrganizationModel.resources` for a workflow, agent, integration, or script. Runtime code derives `resourceId` and kind from the descriptor, then attaches executable behavior in operations.
41
43
 
@@ -62,13 +64,13 @@ description: Terminology disambiguation for Organization OS concepts used in the
62
64
  - `OrganizationModel`, `OrganizationModelSystemEntry`
63
65
  - `SystemEntry`, `ResourceEntry`
64
66
  - `resolveOrganizationModel`, `defineOrganizationModel`, `DEFAULT_ORGANIZATION_MODEL`
65
- - `MembershipFeatureConfig`
67
+ - `AccessKeys`, `checkAccess`, `createAccessModel`
66
68
  - `DeploymentSpec`, `ResourceLink`, `ResourceCategory`
67
69
 
68
70
  **`@elevasis/ui`**
69
71
 
70
72
  - `SystemModule`
71
- - `SystemGuard`, `AdminGuard`, `ProtectedRoute`
73
+ - `AccessGuard`, `ProtectedRoute`
72
74
  - `ElevasisSystemsProvider`, `ElevasisCoreProvider`, `useElevasisSystems`
73
75
 
74
76
  **External project source**
package/src/supabase/database.types.ts CHANGED
@@ -2787,6 +2787,7 @@ export type Database = {
2787
2787
  title: string | null
2788
2788
  updated_at: string
2789
2789
  user_id: string
2790
+ visibility: string
2790
2791
  }
2791
2792
  Insert: {
2792
2793
  content: string
@@ -2801,6 +2802,7 @@ export type Database = {
2801
2802
  title?: string | null
2802
2803
  updated_at?: string
2803
2804
  user_id: string
2805
+ visibility?: string
2804
2806
  }
2805
2807
  Update: {
2806
2808
  content?: string
@@ -2815,6 +2817,7 @@ export type Database = {
2815
2817
  title?: string | null
2816
2818
  updated_at?: string
2817
2819
  user_id?: string
2820
+ visibility?: string
2818
2821
  }
2819
2822
  Relationships: [
2820
2823
  {
@@ -2962,6 +2965,10 @@ export type Database = {
2962
2965
  Returns: boolean
2963
2966
  }
2964
2967
  current_user_is_platform_admin: { Args: never; Returns: boolean }
2968
+ current_user_shares_org_with: {
2969
+ Args: { other_user_id: string }
2970
+ Returns: boolean
2971
+ }
2965
2972
  current_user_supabase_id: { Args: never; Returns: string }
2966
2973
  detect_stalled_executions: { Args: never; Returns: undefined }
2967
2974
  execute_session_turn: {
@@ -2982,6 +2989,12 @@ export type Database = {
2982
2989
  get_platform_credential_kek: { Args: never; Returns: string }
2983
2990
  get_storage_org_id: { Args: { file_path: string }; Returns: string }
2984
2991
  get_workos_user_id: { Args: never; Returns: string }
2992
+ has_org_access:
2993
+ | {
2994
+ Args: { action?: string; org_id: string; system_path: string }
2995
+ Returns: boolean
2996
+ }
2997
+ | { Args: { action?: string; system_path: string }; Returns: boolean }
2985
2998
  has_org_permission: {
2986
2999
  Args: { org_id: string; perm_key: string }
2987
3000
  Returns: boolean