@elevasis/ui 2.48.0 → 2.50.0

package/dist/{knowledge-search-index-MHOBQTT3.js → knowledge-search-index-JOPRYZN6.js}

@@ -886,620 +886,659 @@ Launch Checklist
     id: "knowledge.client-cli-overview",
     title: "Client CLI Overview",
     summary: "Reference for the seven client:* SDK CLI commands -- list, get, status, resolve, create, update, and delete -- with drill-down recipes for navigating client lineage, org-wide rollups, and write operations.",
-    bodyText: `Overview\r
-\r
-The client: commands expose the clients hub through the SDK CLI. Use them to paginate clients, inspect individual client lineage, check org-wide status rollups, resolve a fuzzy name to a client ID, and mutate clients with create, update, and delete operations.\r
-\r
-All examples below use the canonical monorepo invocation pattern. Tenant projects inside their own operations/ directory drop the -C packages/elevasis-operations prefix and run pnpm exec elevasis-sdk <cmd> directly.\r
-\r
-client:list\r
-\r
-Lists clients for the authenticated organization with optional filtering and pagination.\r
-\r
-Purpose: Paginate all clients or narrow by status or search term to find the right client ID before drilling in with client:get.\r
-\r
-Monorepo invocation:\r
-\r
-bash\r
-pnpm -C packages/elevasis-operations exec elevasis-sdk client:list\r
-\r
-\r
-Tenant invocation (from inside operations/):\r
-\r
-bash\r
-pnpm exec elevasis-sdk client:list\r
-\r
-\r
-Key flags:\r
-\r
-- --status <value> -- filter by client status (e.g. active, inactive, prospect)\r
-- --search <term> -- full-text search against client name\r
-- --limit <n> -- maximum rows to return (default varies by server)\r
-- --offset <n> -- pagination offset\r
-- --pretty -- pretty-print JSON output\r
-\r
-Drill-down recipe:\r
-\r
-1. Run client:list --pretty to scan names and IDs.\r
-2. Use --search to narrow when the list is long.\r
-3. Copy the id from a row and pass it to client:get <id> for the full lineage payload (linked deal, primary company, primary contact, projects).\r
-\r
-client:get\r
-\r
-Fetches a single client record with its full lineage payload.\r
-\r
-Purpose: Inspect one client in detail -- its associated deal, primary company, primary contact, and linked projects. Use this to confirm linkage after wiring a project to a client via project:update --client.\r
-\r
-Monorepo invocation:\r
-\r
-bash\r
-pnpm -C packages/elevasis-operations exec elevasis-sdk client:get <clientId>\r
-\r
-\r
-Tenant invocation:\r
-\r
-bash\r
-pnpm exec elevasis-sdk client:get <clientId>\r
-\r
-\r
-Key flags:\r
-\r
-- --pretty -- pretty-print JSON output\r
-\r
-Drill-down recipe:\r
-\r
-1. Obtain <clientId> from client:list or client:resolve.\r
-2. Run client:get <clientId> --pretty.\r
-3. Check projects array to confirm which projects are linked.\r
-4. If projects is empty and a linkage was expected, run project:update <projectId> --client <clientId> to attach it.\r
-5. Re-run client:get to verify the lineage updated.\r
-\r
-client:status\r
-\r
-Returns an org-wide rollup of client counts grouped by status.\r
-\r
-Purpose: High-level health check -- how many clients are active, how many are in each pipeline stage -- without enumerating every record.\r
-\r
-Monorepo invocation:\r
-\r
-bash\r
-pnpm -C packages/elevasis-operations exec elevasis-sdk client:status\r
-\r
-\r
-Tenant invocation:\r
-\r
-bash\r
-pnpm exec elevasis-sdk client:status\r
-\r
-\r
-Key flags:\r
-\r
-- --pretty -- pretty-print JSON output\r
-\r
-Drill-down recipe:\r
-\r
-1. Run client:status --pretty to see counts per status bucket.\r
-2. If a bucket looks unexpectedly large or small, run client:list --status <value> to enumerate the records in that bucket.\r
-3. Use client:get <id> on specific records to investigate lineage gaps.\r
-\r
-client:resolve\r
-\r
-Fuzzy-resolves a client name to a client ID.\r
-\r
-Purpose: Convert a partial or approximate name to the canonical UUID before passing --client to project commands. Mirrors project:resolve in shape.\r
-\r
-Monorepo invocation:\r
-\r
-bash\r
-pnpm -C packages/elevasis-operations exec elevasis-sdk client:resolve "<query>"\r
-\r
-\r
-Tenant invocation:\r
-\r
-bash\r
-pnpm exec elevasis-sdk client:resolve "<query>"\r
-\r
-\r
-Key flags:\r
-\r
-None beyond the positional <query> argument. Output is the resolved client ID (or a ranked list if multiple matches exist).\r
-\r
-Drill-down recipe:\r
-\r
-1. Run client:resolve "partial name" -- the command returns the best-match client ID.\r
-2. Pass the returned ID to project:create --client <id>, project:update --client <id>, or project:list --client <id>.\r
-3. If multiple matches are returned, refine the query or use client:list --search "<term>" to inspect candidates before committing.\r
-\r
-client:create\r
-\r
-Creates a new client record for the authenticated organization.\r
-\r
-Purpose: Provision a client directly from the CLI -- useful for scripted onboarding or bulk imports where no source deal exists yet. The only required field is --name; all relationship IDs are optional and can be set later via client:update.\r
-\r
-Monorepo invocation:\r
-\r
-bash\r
-pnpm -C packages/elevasis-operations exec elevasis-sdk client:create --name "Acme Corp"\r
-\r
-\r
-Tenant invocation (from inside operations/):\r
-\r
-bash\r
-pnpm exec elevasis-sdk client:create --name "Acme Corp"\r
-\r
-\r
-Key flags:\r
-\r
-- --name <name> -- (required) client display name\r
-- --status <value> -- initial status: active | onboarding | paused | completed | churned\r
-- --source-deal-id <uuid> -- UUID of the originating deal\r
-- --primary-company-id <uuid> -- UUID of the primary company record\r
-- --primary-contact-id <uuid> -- UUID of the primary contact record\r
-- --metadata <json> -- arbitrary metadata as a JSON string (e.g. '{"tier":"enterprise"}')\r
-- --pretty -- render a human-readable summary instead of raw JSON\r
-\r
-Drill-down recipe:\r
-\r
-1. Run client:create --name "Acme Corp" --status onboarding --pretty to create and confirm the new record.\r
-2. Copy the ID from the pretty output (or id from raw JSON) for subsequent commands.\r
-3. Run client:get <id> --pretty to verify the full lineage payload was initialized correctly.\r
-4. If a source deal exists, pass --source-deal-id <uuid> at create time or backfill with client:update <id> --source-deal-id <uuid>.\r
-\r
-client:update\r
-\r
-Updates one or more fields on an existing client. Accepts a UUID or fuzzy name as the \\<id\\> argument.\r
-\r
-Purpose: Rename a client, change its status, swap or clear relationship IDs, or patch arbitrary metadata -- without leaving the CLI. The command enforces a client-side "at-least-one-field" guard and rejects mutually exclusive flag pairs before making any API call.\r
-\r
-Monorepo invocation:\r
-\r
-bash\r
-pnpm -C packages/elevasis-operations exec elevasis-sdk client:update <id> --status active\r
-\r
-\r
-Tenant invocation:\r
-\r
-bash\r
-pnpm exec elevasis-sdk client:update <id> --status active\r
-\r
-\r
-Key flags:\r
-\r
-- --name <name> -- new client display name\r
-- --status <value> -- new status: active | onboarding | paused | completed | churned\r
-- --source-deal-id <uuid> -- set or replace the source deal link\r
-- --clear-source-deal -- remove the source deal link (sets sourceDealId to null; mutually exclusive with --source-deal-id)\r
-- --primary-company-id <uuid> -- set or replace the primary company\r
-- --clear-primary-company -- remove the primary company link (mutually exclusive with --primary-company-id)\r
-- --primary-contact-id <uuid> -- set or replace the primary contact\r
-- --clear-primary-contact -- remove the primary contact link (mutually exclusive with --primary-contact-id)\r
-- --metadata <json> -- replace metadata with the provided JSON string\r
-- --pretty -- render a human-readable summary instead of raw JSON\r
-\r
-Drill-down recipe:\r
-\r
-1. Obtain \\<id\\> from client:list, client:resolve, or the output of client:create.\r
-2. Pass only the fields to change -- the command patches rather than replaces the record.\r
-3. To unlink a relationship (e.g. remove the source deal), use --clear-source-deal rather than omitting the flag; omitting leaves the existing value unchanged.\r
-4. After update, run client:get <id> --pretty to confirm all fields reflect the expected state.\r
-5. If the command exits with CONFLICTINGFLAGS on stderr, you passed both a set flag and its --clear- counterpart -- remove one and retry.\r
-\r
-client:delete\r
-\r
-Deletes a client record. Accepts a UUID or fuzzy name as the \\<id\\> argument.\r
-\r
-Purpose: Remove a client that was created in error or is no longer relevant. The API enforces a 409 Conflict when the client has linked rows (deals, projects, companies, contacts). The CLI surfaces the API error message verbatim so you know which links to resolve first.\r
-\r
-Monorepo invocation:\r
-\r
-bash\r
-pnpm -C packages/elevasis-operations exec elevasis-sdk client:delete <id>\r
-\r
-\r
-Tenant invocation:\r
-\r
-bash\r
-pnpm exec elevasis-sdk client:delete <id>\r
-\r
-\r
-Key flags:\r
-\r
-- --pretty -- render a human-readable confirmation instead of raw JSON\r
-- --api-url <url> -- override the API base URL (advanced; rarely needed)\r
-\r
-Drill-down recipe:\r
-\r
-1. Run client:get <id> --pretty to confirm which projects and deal links are attached before attempting deletion.\r
-2. Run client:delete <id> --pretty.\r
-3. If the API returns a 409, the error message lists the linked record counts (deals, projects, companies, contacts). Unlink or reassign those records first:\r
-   - Projects: project:update <projectId> --clear-client (or reassign with --client <otherId>)\r
-   - Deals: handled via the acquisition domain; no dedicated CLI command today\r
-4. Retry client:delete <id> --pretty once all links are resolved.\r
-5. Confirm deletion with client:list --search "<name>" -- the record should no longer appear.\r
-\r
-Typical Workflow\r
-\r
-A common session combining read and write commands:\r
-\r
-1. client:status --pretty -- check org-wide distribution.\r
-2. client:resolve "Acme" -- get the Acme client ID.\r
-3. client:get <id> --pretty -- confirm lineage (deal, company, contact, projects).\r
-4. project:update <projectId> --client <id> -- link a project if missing.\r
-5. client:get <id> --pretty -- verify the linkage appears in the projects array.\r
-6. client:create --name "New Corp" --status onboarding --pretty -- provision a new client.\r
-7. client:update <id> --status active --pretty -- transition a client to active.\r
+    bodyText: `Overview
+
+The client: commands expose the clients hub through the SDK CLI. Use them to paginate clients, inspect individual client lineage, check org-wide status rollups, resolve a fuzzy name to a client ID, and mutate clients with create, update, and delete operations.
+
+All examples below use the canonical monorepo invocation pattern. Tenant projects inside their own operations/ directory drop the -C packages/elevasis-operations prefix and run pnpm exec elevasis-sdk <cmd> directly.
+
+client:list
+
+Lists clients for the authenticated organization with optional filtering and pagination.
+
+Purpose: Paginate all clients or narrow by status or search term to find the right client ID before drilling in with client:get.
+
+Monorepo invocation:
+
+bash
+pnpm -C packages/elevasis-operations exec elevasis-sdk client:list
+
+Tenant invocation (from inside operations/):
+
+bash
+pnpm exec elevasis-sdk client:list
+
+Key flags:
+
+- --status <value> -- filter by client status (e.g. active, inactive, prospect)
+- --search <term> -- full-text search against client name
+- --limit <n> -- maximum rows to return (default varies by server)
+- --offset <n> -- pagination offset
+- --pretty -- pretty-print JSON output
+
+Drill-down recipe:
+
+1. Run client:list --pretty to scan names and IDs.
+2. Use --search to narrow when the list is long.
+3. Copy the id from a row and pass it to client:get <id> for the full lineage payload (linked deal, primary company, primary contact, projects).
+
+client:get
+
+Fetches a single client record with its full lineage payload.
+
+Purpose: Inspect one client in detail -- its associated deal, primary company, primary contact, and linked projects. Use this to confirm linkage after wiring a project to a client via project:update --client.
+
+Monorepo invocation:
+
+bash
+pnpm -C packages/elevasis-operations exec elevasis-sdk client:get <clientId>
+
+Tenant invocation:
+
+bash
+pnpm exec elevasis-sdk client:get <clientId>
+
+Key flags:
+
+- --pretty -- pretty-print JSON output
+
+Drill-down recipe:
+
+1. Obtain <clientId> from client:list or client:resolve.
+2. Run client:get <clientId> --pretty.
+3. Check projects array to confirm which projects are linked.
+4. If projects is empty and a linkage was expected, run project:update <projectId> --client <clientId> to attach it.
+5. Re-run client:get to verify the lineage updated.
+
+client:status
+
+Returns an org-wide rollup of client counts grouped by status.
+
+Purpose: High-level health check -- how many clients are active, how many are in each pipeline stage -- without enumerating every record.
+
+Monorepo invocation:
+
+bash
+pnpm -C packages/elevasis-operations exec elevasis-sdk client:status
+
+Tenant invocation:
+
+bash
+pnpm exec elevasis-sdk client:status
+
+Key flags:
+
+- --pretty -- pretty-print JSON output
+
+Drill-down recipe:
+
+1. Run client:status --pretty to see counts per status bucket.
+2. If a bucket looks unexpectedly large or small, run client:list --status <value> to enumerate the records in that bucket.
+3. Use client:get <id> on specific records to investigate lineage gaps.
+
+client:resolve
+
+Fuzzy-resolves a client name to a client ID.
+
+Purpose: Convert a partial or approximate name to the canonical UUID before passing --client to project commands. Mirrors project:resolve in shape.
+
+Monorepo invocation:
+
+bash
+pnpm -C packages/elevasis-operations exec elevasis-sdk client:resolve "<query>"
+
+Tenant invocation:
+
+bash
+pnpm exec elevasis-sdk client:resolve "<query>"
+
+Key flags:
+
+None beyond the positional <query> argument. Output is the resolved client ID (or a ranked list if multiple matches exist).
+
+Drill-down recipe:
+
+1. Run client:resolve "partial name" -- the command returns the best-match client ID.
+2. Pass the returned ID to project:create --client <id>, project:update --client <id>, or project:list --client <id>.
+3. If multiple matches are returned, refine the query or use client:list --search "<term>" to inspect candidates before committing.
+
+client:create
+
+Creates a new client record for the authenticated organization.
+
+Purpose: Provision a client directly from the CLI -- useful for scripted onboarding or bulk imports where no source deal exists yet. The only required field is --name; all relationship IDs are optional and can be set later via client:update.
+
+Monorepo invocation:
+
+bash
+pnpm -C packages/elevasis-operations exec elevasis-sdk client:create --name "Acme Corp"
+
+Tenant invocation (from inside operations/):
+
+bash
+pnpm exec elevasis-sdk client:create --name "Acme Corp"
+
+Key flags:
+
+- --name <name> -- (required) client display name
+- --status <value> -- initial status: active | onboarding | paused | completed | churned
+- --source-deal-id <uuid> -- UUID of the originating deal
+- --primary-company-id <uuid> -- UUID of the primary company record
+- --primary-contact-id <uuid> -- UUID of the primary contact record
+- --metadata <json> -- arbitrary metadata as a JSON string (e.g. '{"tier":"enterprise"}')
+- --pretty -- render a human-readable summary instead of raw JSON
+
+Drill-down recipe:
+
+1. Run client:create --name "Acme Corp" --status onboarding --pretty to create and confirm the new record.
+2. Copy the ID from the pretty output (or id from raw JSON) for subsequent commands.
+3. Run client:get <id> --pretty to verify the full lineage payload was initialized correctly.
+4. If a source deal exists, pass --source-deal-id <uuid> at create time or backfill with client:update <id> --source-deal-id <uuid>.
+
+client:update
+
+Updates one or more fields on an existing client. Accepts a UUID or fuzzy name as the \\<id\\> argument.
+
+Purpose: Rename a client, change its status, swap or clear relationship IDs, or patch arbitrary metadata -- without leaving the CLI. The command enforces a client-side "at-least-one-field" guard and rejects mutually exclusive flag pairs before making any API call.
+
+Monorepo invocation:
+
+bash
+pnpm -C packages/elevasis-operations exec elevasis-sdk client:update <id> --status active
+
+Tenant invocation:
+
+bash
+pnpm exec elevasis-sdk client:update <id> --status active
+
+Key flags:
+
+- --name <name> -- new client display name
+- --status <value> -- new status: active | onboarding | paused | completed | churned
+- --source-deal-id <uuid> -- set or replace the source deal link
+- --clear-source-deal -- remove the source deal link (sets sourceDealId to null; mutually exclusive with --source-deal-id)
+- --primary-company-id <uuid> -- set or replace the primary company
+- --clear-primary-company -- remove the primary company link (mutually exclusive with --primary-company-id)
+- --primary-contact-id <uuid> -- set or replace the primary contact
+- --clear-primary-contact -- remove the primary contact link (mutually exclusive with --primary-contact-id)
+- --metadata <json> -- replace metadata with the provided JSON string
+- --pretty -- render a human-readable summary instead of raw JSON
+
+Drill-down recipe:
+
+1. Obtain \\<id\\> from client:list, client:resolve, or the output of client:create.
+2. Pass only the fields to change -- the command patches rather than replaces the record.
+3. To unlink a relationship (e.g. remove the source deal), use --clear-source-deal rather than omitting the flag; omitting leaves the existing value unchanged.
+4. After update, run client:get <id> --pretty to confirm all fields reflect the expected state.
+5. If the command exits with CONFLICTINGFLAGS on stderr, you passed both a set flag and its --clear- counterpart -- remove one and retry.
+
+client:delete
+
+Deletes a client record. Accepts a UUID or fuzzy name as the \\<id\\> argument.
+
+Purpose: Remove a client that was created in error or is no longer relevant. The API enforces a 409 Conflict when the client has linked rows (deals, projects, companies, contacts). The CLI surfaces the API error message verbatim so you know which links to resolve first.
+
+Monorepo invocation:
+
+bash
+pnpm -C packages/elevasis-operations exec elevasis-sdk client:delete <id>
+
+Tenant invocation:
+
+bash
+pnpm exec elevasis-sdk client:delete <id>
+
+Key flags:
+
+- --pretty -- render a human-readable confirmation instead of raw JSON
+- --api-url <url> -- override the API base URL (advanced; rarely needed)
+
+Drill-down recipe:
+
+1. Run client:get <id> --pretty to confirm which projects and deal links are attached before attempting deletion.
+2. Run client:delete <id> --pretty.
+3. If the API returns a 409, the error message lists the linked record counts (deals, projects, companies, contacts). Unlink or reassign those records first:
+   - Projects: project:update <projectId> --clear-client (or reassign with --client <otherId>)
+   - Deals: handled via the acquisition domain; no dedicated CLI command today
+4. Retry client:delete <id> --pretty once all links are resolved.
+5. Confirm deletion with client:list --search "<name>" -- the record should no longer appear.
+
+Typical Workflow
+
+A common session combining read and write commands:
+
+1. client:status --pretty -- check org-wide distribution.
+2. client:resolve "Acme" -- get the Acme client ID.
+3. client:get <id> --pretty -- confirm lineage (deal, company, contact, projects).
+4. project:update <projectId> --client <id> -- link a project if missing.
+5. client:get <id> --pretty -- verify the linkage appears in the projects array.
+6. client:create --name "New Corp" --status onboarding --pretty -- provision a new client.
+7. client:update <id> --status active --pretty -- transition a client to active.
 8. client:delete <id> --pretty -- remove a client (API rejects with 409 if linked rows exist).`
   },
   {
     id: "knowledge.youtube-obs-recording-setup",
     title: "YouTube OBS Recording Setup",
     summary: "Canonical OBS Studio recording setup for Elevasis YouTube production, covering 1080p60 screen capture, safe recording format, NVENC quality settings, audio routing, face-camera scenes, and pre-recording checks.",
-    bodyText: `Overview\r
-\r
-Use this setup for Elevasis YouTube recordings that combine a short face-camera intro with Command Center or workflow screen capture. The target output is a clean 1080p60 source file that YouTube can re-encode without avoidable motion, audio, or color artifacts.\r
-\r
-Baseline configuration:\r
-\r
-text\r
-Video:   1920x1080, 60fps, NV12, Rec. 709 Partial\r
-Encode:  NVENC H.264, CQP 18, P5 preset, High profile\r
-Format:  MKV with automatic remux to MP4\r
-Audio:   48 kHz stereo, 320 kbps AAC, mixed plus mic-only tracks\r
-Camera:  Insta360 Link 2C at 1080p60 with circle mask\r
-Scenes:  Face + Screen on F5, Screen Only on F6\r
-\r
-\r
-Prefer 1080p60 over 4K30 for screen recordings. Smooth cursor motion, scrolling, typing, and app transitions matter more than pixel density, and most viewers watch at 1080p or below. 4K30 produces larger files, slower editing, and visibly choppier screen motion.\r
-\r
-Recording Output\r
-\r
-Record to MKV, not MP4. MKV writes continuously, so a crash usually leaves the file usable. MP4 writes its index at the end, so a crash can corrupt the recording.\r
-\r
-Enable automatic remux:\r
-\r
-text\r
-Settings > Advanced > Recording > Automatically remux to mp4\r
-\r
-\r
-After each recording, upload the remuxed MP4 and keep the MKV as the backup.\r
-\r
-Use the advanced recording output mode:\r
-\r
-text\r
-Settings > Output > Output Mode: Advanced\r
-Recording Tab:\r
-  Type:                  Standard\r
-  Recording Format:      mkv\r
-  Encoder:               NVIDIA NVENC H.264\r
-  Rate Control:          CQP\r
-  CQ Level:              18\r
-  Keyframe Interval:     2\r
-  Preset:                P5 (Slow)\r
-  Profile:               high\r
-  Look-ahead:            checked\r
-  Psycho Visual Tuning:  checked\r
-  Max B-frames:          2\r
-\r
-\r
-CQP 18 is the stable quality target for screen content. It is visually lossless for this use case and gives YouTube a high-quality source before its VP9 or AV1 re-encode.\r
-\r
-Fallback encoders:\r
-\r
-- AMD GPU: use AMD HW H.264 (AMF) with equivalent CQP settings.\r
-- No dedicated GPU: use x264, CRF 18, CPU preset slow, or medium if the CPU struggles.\r
-\r
-Set audio bitrates:\r
-\r
-text\r
-Output > Advanced > Audio:\r
-  Track 1: 320 kbps\r
-  Track 2: 320 kbps\r
-\r
-\r
-Video Settings\r
-\r
-Use a 1080p canvas and output:\r
-\r
-text\r
-Settings > Video:\r
-  Base (Canvas) Resolution:    1920x1080\r
-  Output (Scaled) Resolution:  1920x1080\r
-  Downscale Filter:            Lanczos (36 samples)\r
-  Common FPS Values:           60\r
-\r
-\r
-Use Rec. 709 limited-range color:\r
-\r
-text\r
-Settings > Advanced:\r
-  Color Format: NV12\r
-  Color Space:  709\r
-  Color Range:  Partial\r
-\r
-\r
-YouTube expects Rec. 709 limited range. Full range can produce washed-out or overly contrasty results after processing.\r
-\r
-For a 3440x1440 ultrawide monitor, crop the display capture to the center 16:9 region before it is downscaled:\r
-\r
-1. Add Display Capture for the primary monitor.\r
-2. Right-click the source and open Transform > Edit Transform.\r
-3. Set Crop Left to 440 and Crop Right to 440.\r
-4. Right-click the source again and select Transform > Fit to Screen.\r
-\r
-This crops the capture to the center 2560x1440 region. Keep recorded windows inside that center area. A Windows 11 FancyZones center 16:9 zone is useful for keeping Command Center, browser, and terminal windows inside the captured area.\r
-\r
-Use Window Capture only when the recording is limited to one browser window. Display Capture is better for tutorials that switch windows, show the taskbar, or tile terminal and browser views.\r
-\r
-Audio Settings\r
-\r
-Global audio settings:\r
-\r
-text\r
-Settings > Audio:\r
-  Sample Rate:           48 kHz\r
-  Channels:              Stereo\r
-  Desktop Audio:         Default\r
-  Mic/Auxiliary Audio:   Focusrite USB Audio (Scarlett 2i2)\r
-\r
-\r
-Set the Focusrite input in Windows before recording:\r
-\r
-1. Open Windows Sound Settings.\r
-2. Select the Focusrite USB Audio input.\r
-3. Set format to 48000 Hz, 24-bit.\r
-\r
-Physical Focusrite setup:\r
-\r
-- Turn 48V phantom power on for the Lewitt LCT 240 PRO condenser.\r
-- Start input gain at 12 o'clock and adjust so peaks land around -12 dB.\r
-- Keep Direct Monitor off to avoid double-monitoring.\r
-\r
-Apply OBS mic filters to the Mic/Aux source in this exact order:\r
-\r
-| Order | Filter            | Settings                                                                 |\r
-| ----- | ----------------- | ------------------------------------------------------------------------ |\r
-| 1     | Noise Suppression | RNNoise                                                                  |\r
-| 2     | Noise Gate        | Close -40 dB, Open -35 dB, Attack 10 ms, Hold 200 ms, Release 100 ms     |\r
-| 3     | Compressor        | Ratio 3:1, Threshold -18 dB, Attack 6 ms, Release 60 ms, Output Gain 6 dB |\r
-| 4     | Limiter           | Threshold -3 dB, Release 60 ms                                           |\r
-\r
-This order removes steady noise first, gates silence-period noise second, evens speech dynamics third, and catches peaks last. Do not add a Gain filter unless the signal is still too quiet after setting the Scarlett gain.\r
-\r
-Multi-Track Audio\r
-\r
-Record mixed audio and isolated mic audio:\r
-\r
-text\r
-Settings > Output > Advanced > Recording Tab:\r
-  Audio Track: check 1 and 2\r
-\r
-\r
-Route tracks in Audio Mixer > Advanced Audio Properties:\r
-\r
-| Source        | Track 1 | Track 2 |\r
-| ------------- | ------- | ------- |\r
-| Desktop Audio | checked | empty   |\r
-| Mic/Aux       | checked | checked |\r
-\r
-Track 1 is YouTube-ready mixed audio. Track 2 is mic-only audio for cleanup or editing.\r
-\r
-Scene Setup\r
-\r
-Create two scenes.\r
-\r
-Face + Screen\r
-\r
-Use this scene for the intro and occasional commentary call-ins.\r
-\r
-Sources from bottom to top:\r
-\r
-1. Display Capture named Screen.\r
-2. Video Capture Device named Facecam.\r
-3. Optional image source for a circle border or glow.\r
-\r
-Display Capture settings:\r
-\r
-text\r
-Source:          Display Capture\r
-Display:         Primary monitor\r
-Capture Method:  Windows 10 (1903 and later)\r
-Capture Cursor:  checked\r
-\r
-\r
-Apply the ultrawide crop to this source when recording from the 3440x1440 monitor.\r
-\r
-Facecam settings:\r
-\r
-text\r
-Device:        Insta360 Link 2C\r
-Resolution:    1920x1080\r
-FPS:           60\r
-Video Format:  MJPEG or default\r
-\r
-\r
-Create a 512x512 PNG with a white circle on a black background and store it permanently, for example:\r
-\r
-text\r
-E:\\OBS\\circle-mask.png\r
-\r
-\r
-Apply it to the Facecam source:\r
-\r
-text\r
-Filters > Image Mask/Blend:\r
-  Type: Alpha Mask (Colour Channel)\r
-  Path: E:\\OBS\\circle-mask.png\r
-\r
-\r
-Resize the facecam source to roughly 300-400 px diameter and place it in a lower corner.\r
-\r
-Screen Only\r
-\r
-Use this scene for the main tutorial content.\r
-\r
-Add the existing Screen source from the Face + Screen scene. Do not duplicate the display capture source.\r
-\r
-Hotkeys:\r
-\r
-text\r
-Settings > Hotkeys:\r
-  Switch to Scene "Face + Screen": F5\r
-  Switch to Scene "Screen Only":   F6\r
-  Start Recording:                 Ctrl+F9\r
-  Stop Recording:                  Ctrl+F10\r
-\r
-\r
-Avoid hotkeys that collide with the app being recorded. If using F5 inside a browser-heavy recording, choose a different key because F5 refreshes the page.\r
-\r
-Recording flow:\r
-\r
-1. Start on Face + Screen.\r
-2. Press Ctrl+F9.\r
-3. Record a 15-30 second face-camera intro.\r
-4. Press F6 for Screen Only.\r
-5. Record the screen walkthrough.\r
-6. Optionally press F5 to bring face-camera back for commentary.\r
-7. Press Ctrl+F10 to stop.\r
-\r
-For a fade, set Scene Transitions to Fade with a 300 ms duration.\r
-\r
-Windows 11 Checks\r
-\r
-Before a recording session:\r
-\r
-- Disable Xbox Game Bar.\r
-- Leave GPU scheduling enabled.\r
-- Run OBS as Administrator if frame drops or black-screen capture occur.\r
-- Set OBS process priority to Above Normal if the recording drops frames.\r
-- Use the High Performance power plan during recording.\r
-\r
-Upload Quality\r
-\r
-YouTube re-encodes every upload. The goal is to provide clean source material.\r
-\r
-- Do not upload at YouTube's minimum recommended bitrate.\r
-- Do not run the recording through HandBrake or another extra encode just to save space.\r
-- Upload the OBS-remuxed MP4 directly unless the video was edited.\r
-- If editing in DaVinci Resolve or Premiere, render H.264 at 50 Mbps CBR for 1080p60 or use the YouTube preset.\r
-\r
-The OBS output should match YouTube's expected upload shape: MP4 container, H.264 video, AAC-LC audio, 48 kHz stereo, Rec. 709 limited range.\r
-\r
-Pre-Recording Checklist\r
-\r
-- Scarlett 2i2 phantom power is on and voice peaks around -12 dB.\r
-- Correct OBS scene is selected, usually Face + Screen.\r
-- Insta360 Link Controller has AI tracking and HDR enabled when needed.\r
-- Door is closed, fan or AC is off, and the room is controlled.\r
-- OBS mic meter peaks in green or yellow, never red.\r
-- A 10-second test recording has been played back for audio, video quality, and facecam position.\r
+    bodyText: `Overview
+
+Use this setup for Elevasis YouTube recordings that combine a short face-camera intro with Command Center or workflow screen capture. The target output is a clean 1080p60 source file that YouTube can re-encode without avoidable motion, audio, or color artifacts.
+
+Baseline configuration:
+
+text
+Video:   1920x1080, 60fps, NV12, Rec. 709 Partial
+Encode:  NVENC H.264, CQP 18, P5 preset, High profile
+Format:  MKV with automatic remux to MP4
+Audio:   48 kHz stereo, 320 kbps AAC, mixed plus mic-only tracks
+Camera:  Insta360 Link 2C at 1080p60 with circle mask
+Scenes:  Face + Screen on F5, Screen Only on F6
+
+Prefer 1080p60 over 4K30 for screen recordings. Smooth cursor motion, scrolling, typing, and app transitions matter more than pixel density, and most viewers watch at 1080p or below. 4K30 produces larger files, slower editing, and visibly choppier screen motion.
+
+Recording Output
+
+Record to MKV, not MP4. MKV writes continuously, so a crash usually leaves the file usable. MP4 writes its index at the end, so a crash can corrupt the recording.
+
+Enable automatic remux:
+
+text
+Settings > Advanced > Recording > Automatically remux to mp4
+
+After each recording, upload the remuxed MP4 and keep the MKV as the backup.
+
+Use the advanced recording output mode:
+
+text
+Settings > Output > Output Mode: Advanced
+Recording Tab:
+  Type:                  Standard
+  Recording Format:      mkv
+  Encoder:               NVIDIA NVENC H.264
+  Rate Control:          CQP
+  CQ Level:              18
+  Keyframe Interval:     2
+  Preset:                P5 (Slow)
+  Profile:               high
+  Look-ahead:            checked
+  Psycho Visual Tuning:  checked
+  Max B-frames:          2
+
+CQP 18 is the stable quality target for screen content. It is visually lossless for this use case and gives YouTube a high-quality source before its VP9 or AV1 re-encode.
+
+Fallback encoders:
+
+- AMD GPU: use AMD HW H.264 (AMF) with equivalent CQP settings.
+- No dedicated GPU: use x264, CRF 18, CPU preset slow, or medium if the CPU struggles.
+
+Set audio bitrates:
+
+text
+Output > Advanced > Audio:
+  Track 1: 320 kbps
+  Track 2: 320 kbps
+
+Video Settings
+
+Use a 1080p canvas and output:
+
+text
+Settings > Video:
+  Base (Canvas) Resolution:    1920x1080
+  Output (Scaled) Resolution:  1920x1080
+  Downscale Filter:            Lanczos (36 samples)
+  Common FPS Values:           60
+
+Use Rec. 709 limited-range color:
+
+text
+Settings > Advanced:
+  Color Format: NV12
+  Color Space:  709
+  Color Range:  Partial
+
+YouTube expects Rec. 709 limited range. Full range can produce washed-out or overly contrasty results after processing.
+
+For a 3440x1440 ultrawide monitor, crop the display capture to the center 16:9 region before it is downscaled:
+
+1. Add Display Capture for the primary monitor.
+2. Right-click the source and open Transform > Edit Transform.
+3. Set Crop Left to 440 and Crop Right to 440.
+4. Right-click the source again and select Transform > Fit to Screen.
+
+This crops the capture to the center 2560x1440 region. Keep recorded windows inside that center area. A Windows 11 FancyZones center 16:9 zone is useful for keeping Command Center, browser, and terminal windows inside the captured area.
+
+Use Window Capture only when the recording is limited to one browser window. Display Capture is better for tutorials that switch windows, show the taskbar, or tile terminal and browser views.
+
+Audio Settings
+
+Global audio settings:
+
+text
+Settings > Audio:
+  Sample Rate:           48 kHz
+  Channels:              Stereo
+  Desktop Audio:         Default
+  Mic/Auxiliary Audio:   Focusrite USB Audio (Scarlett 2i2)
+
+Set the Focusrite input in Windows before recording:
+
+1. Open Windows Sound Settings.
+2. Select the Focusrite USB Audio input.
+3. Set format to 48000 Hz, 24-bit.
+
+Physical Focusrite setup:
+
+- Turn 48V phantom power on for the Lewitt LCT 240 PRO condenser.
+- Start input gain at 12 o'clock and adjust so peaks land around -12 dB.
+- Keep Direct Monitor off to avoid double-monitoring.
+
+Apply OBS mic filters to the Mic/Aux source in this exact order:
+
+| Order | Filter            | Settings                                                                 |
+| ----- | ----------------- | ------------------------------------------------------------------------ |
+| 1     | Noise Suppression | RNNoise                                                                  |
+| 2     | Noise Gate        | Close -40 dB, Open -35 dB, Attack 10 ms, Hold 200 ms, Release 100 ms     |
+| 3     | Compressor        | Ratio 3:1, Threshold -18 dB, Attack 6 ms, Release 60 ms, Output Gain 6 dB |
+| 4     | Limiter           | Threshold -3 dB, Release 60 ms                                           |
+
+This order removes steady noise first, gates silence-period noise second, evens speech dynamics third, and catches peaks last. Do not add a Gain filter unless the signal is still too quiet after setting the Scarlett gain.
+
+Multi-Track Audio
+
+Record mixed audio and isolated mic audio:
+
+text
+Settings > Output > Advanced > Recording Tab:
+  Audio Track: check 1 and 2
+
+Route tracks in Audio Mixer > Advanced Audio Properties:
+
+| Source        | Track 1 | Track 2 |
+| ------------- | ------- | ------- |
+| Desktop Audio | checked | empty   |
+| Mic/Aux       | checked | checked |
+
+Track 1 is YouTube-ready mixed audio. Track 2 is mic-only audio for cleanup or editing.
+
+Scene Setup
+
+Create two scenes.
+
+Face + Screen
+
+Use this scene for the intro and occasional commentary call-ins.
+
+Sources from bottom to top:
+
+1. Display Capture named Screen.
+2. Video Capture Device named Facecam.
+3. Optional image source for a circle border or glow.
+
+Display Capture settings:
+
+text
+Source:          Display Capture
+Display:         Primary monitor
+Capture Method:  Windows 10 (1903 and later)
+Capture Cursor:  checked
+
+Apply the ultrawide crop to this source when recording from the 3440x1440 monitor.
+
+Facecam settings:
+
+text
+Device:        Insta360 Link 2C
+Resolution:    1920x1080
+FPS:           60
+Video Format:  MJPEG or default
+
+Create a 512x512 PNG with a white circle on a black background and store it permanently, for example:
+
+text
+E:\\OBS\\circle-mask.png
+
+Apply it to the Facecam source:
+
+text
+Filters > Image Mask/Blend:
+  Type: Alpha Mask (Colour Channel)
+  Path: E:\\OBS\\circle-mask.png
+
+Resize the facecam source to roughly 300-400 px diameter and place it in a lower corner.
+
+Screen Only
+
+Use this scene for the main tutorial content.
+
+Add the existing Screen source from the Face + Screen scene. Do not duplicate the display capture source.
+
+Hotkeys:
+
+text
+Settings > Hotkeys:
+  Switch to Scene "Face + Screen": F5
+  Switch to Scene "Screen Only":   F6
+  Start Recording:                 Ctrl+F9
+  Stop Recording:                  Ctrl+F10
+
+Avoid hotkeys that collide with the app being recorded. If using F5 inside a browser-heavy recording, choose a different key because F5 refreshes the page.
+
+Recording flow:
+
+1. Start on Face + Screen.
+2. Press Ctrl+F9.
+3. Record a 15-30 second face-camera intro.
+4. Press F6 for Screen Only.
+5. Record the screen walkthrough.
+6. Optionally press F5 to bring face-camera back for commentary.
+7. Press Ctrl+F10 to stop.
+
+For a fade, set Scene Transitions to Fade with a 300 ms duration.
+
+Windows 11 Checks
+
+Before a recording session:
+
+- Disable Xbox Game Bar.
+- Leave GPU scheduling enabled.
+- Run OBS as Administrator if frame drops or black-screen capture occur.
+- Set OBS process priority to Above Normal if the recording drops frames.
+- Use the High Performance power plan during recording.
+
+Upload Quality
+
+YouTube re-encodes every upload. The goal is to provide clean source material.
+
+- Do not upload at YouTube's minimum recommended bitrate.
+- Do not run the recording through HandBrake or another extra encode just to save space.
+- Upload the OBS-remuxed MP4 directly unless the video was edited.
+- If editing in DaVinci Resolve or Premiere, render H.264 at 50 Mbps CBR for 1080p60 or use the YouTube preset.
+
+The OBS output should match YouTube's expected upload shape: MP4 container, H.264 video, AAC-LC audio, 48 kHz stereo, Rec. 709 limited range.
+
+Pre-Recording Checklist
+
+- Scarlett 2i2 phantom power is on and voice peaks around -12 dB.
+- Correct OBS scene is selected, usually Face + Screen.
+- Insta360 Link Controller has AI tracking and HDR enabled when needed.
+- Door is closed, fan or AC is off, and the room is controlled.
+- OBS mic meter peaks in green or yellow, never red.
+- A 10-second test recording has been played back for audio, video quality, and facecam position.
 - The 12-minute warm-up from knowledge.youtube-mental-prep is complete when recording on camera.`
   },
   {
     id: "knowledge.finance-operations-playbook",
     title: "Finance Operations Playbook",
     summary: "Operating playbook for Elevasis finance: Xero as the system of record, Stripe payment collection and payout reconciliation, invoicing and AR cadence, tax estimates, deductions, 1099s, and annual filing prep.",
-    bodyText: "Overview\r\n\r\nElevasis finance operations run through Xero, with Stripe handling payment collection. Xero is the single source of truth for financial records: business checking bank feeds, Stripe payouts, contractor payments, expenses, invoices, receivables, and year-end exports.\r\n\r\nThe finance loop has three connected parts:\r\n\r\n1. Invoicing captures client revenue through monthly retainers and Stripe Checkout.\r\n2. Accounting records and reconciles bank transactions, Stripe payouts, contractor payments, and operating expenses.\r\n3. Taxes use accurate Xero records for quarterly estimates, deductions, 1099s, and annual filing.\r\n\r\nAccounting and Reconciliation\r\n\r\nReconcile bank transactions in Xero weekly. Match each bank feed entry to its real-world source before month end.\r\n\r\n- Stripe payouts should match against Stripe bank feed activity.\r\n- Contractor payments should match checking account transfers.\r\n- Software subscriptions such as Railway, Vercel, Supabase, WorkOS, and OpenAI should be categorized as operating expenses.\r\n- Unmatched or ambiguous transactions should be flagged for manual review before monthly close.\r\n\r\nMaintain the core chart of accounts around revenue, cost of sales, operating expenses, and owner draws. Revenue includes client retainers and one-time project fees. Cost of sales covers contractor labor directly tied to client work. Operating expenses cover SaaS tools, hosting, banking fees, and professional services. Owner draws track business distributions.\r\n\r\nConfigure Xero with the connected business checking account, the default tax rate for the business jurisdiction, and the correct financial year end in organization settings.\r\n\r\nInvoicing and Accounts Receivable\r\n\r\nClient billing runs on a monthly retainer model. Create invoices in Xero at the start of each billing period, send them by Xero email or Stripe Checkout link, record payment after Stripe confirms checkout completion, and reconcile the Stripe payout in Xero.\r\n\r\nUse Xero repeating invoices for monthly retainers:\r\n\r\n- Frequency: monthly.\r\n- Start date: billing cycle start date.\r\n- Approval: automatic approval where the billing terms are stable.\r\n\r\nConfigure invoice reminders around the due date: a courtesy reminder 3 days before due date, an overdue notice 1 day after due date, and an escalation notice 7 days after due date.\r\n\r\nFor invoices more than 14 days overdue, contact the client directly through the active communication channel, pause active work pending payment confirmation, and resolve the balance before the next billing cycle.\r\n\r\nTaxes\r\n\r\nTax work depends on accurate Xero records throughout the year. As a pass-through entity, Elevasis business income flows to the owner personal return, so quarterly estimates reduce underpayment risk and year-end exports should be clean enough for a CPA or tax preparer.\r\n\r\nQuarterly estimated payment targets:\r\n\r\n- Q1: April 15.\r\n- Q2: June 15.\r\n- Q3: September 15.\r\n- Q4: January 15 of the following year.\r\n\r\nEstimate payments as roughly 25-30% of net profit for the quarter and pay via IRS Direct Pay or EFTPS.\r\n\r\nTrack deductible expenses in Xero during the year: SaaS subscriptions, contractor payments, home office expenses where applicable, professional development, courses, and business banking fees. Keep digital receipts organized by year in the business records folder.\r\n\r\nIssue 1099-NEC forms to US-based contractors paid more than $600 in a calendar year. Collect a W-9 before first payment, track annual contractor totals in Xero, file 1099-NEC forms by January 31 of the following year, and file the 1096 summary with the IRS when required.\r\n\r\nAt year end, export the Xero profit and loss statement and balance sheet. Provide them to the CPA or tax preparer with issued 1099s, bank statements for the business year, mileage logs if applicable, and home office documentation if applicable."
+    bodyText: "Overview\n\nElevasis finance operations run through Xero, with Stripe handling payment collection. Xero is the single source of truth for financial records: business checking bank feeds, Stripe payouts, contractor payments, expenses, invoices, receivables, and year-end exports.\n\nThe finance loop has three connected parts:\n\n1. Invoicing captures client revenue through monthly retainers and Stripe Checkout.\n2. Accounting records and reconciles bank transactions, Stripe payouts, contractor payments, and operating expenses.\n3. Taxes use accurate Xero records for quarterly estimates, deductions, 1099s, and annual filing.\n\nAccounting and Reconciliation\n\nReconcile bank transactions in Xero weekly. Match each bank feed entry to its real-world source before month end.\n\n- Stripe payouts should match against Stripe bank feed activity.\n- Contractor payments should match checking account transfers.\n- Software subscriptions such as Railway, Vercel, Supabase, WorkOS, and OpenAI should be categorized as operating expenses.\n- Unmatched or ambiguous transactions should be flagged for manual review before monthly close.\n\nMaintain the core chart of accounts around revenue, cost of sales, operating expenses, and owner draws. Revenue includes client retainers and one-time project fees. Cost of sales covers contractor labor directly tied to client work. Operating expenses cover SaaS tools, hosting, banking fees, and professional services. Owner draws track business distributions.\n\nConfigure Xero with the connected business checking account, the default tax rate for the business jurisdiction, and the correct financial year end in organization settings.\n\nInvoicing and Accounts Receivable\n\nClient billing runs on a monthly retainer model. Create invoices in Xero at the start of each billing period, send them by Xero email or Stripe Checkout link, record payment after Stripe confirms checkout completion, and reconcile the Stripe payout in Xero.\n\nUse Xero repeating invoices for monthly retainers:\n\n- Frequency: monthly.\n- Start date: billing cycle start date.\n- Approval: automatic approval where the billing terms are stable.\n\nConfigure invoice reminders around the due date: a courtesy reminder 3 days before due date, an overdue notice 1 day after due date, and an escalation notice 7 days after due date.\n\nFor invoices more than 14 days overdue, contact the client directly through the active communication channel, pause active work pending payment confirmation, and resolve the balance before the next billing cycle.\n\nTaxes\n\nTax work depends on accurate Xero records throughout the year. As a pass-through entity, Elevasis business income flows to the owner personal return, so quarterly estimates reduce underpayment risk and year-end exports should be clean enough for a CPA or tax preparer.\n\nQuarterly estimated payment targets:\n\n- Q1: April 15.\n- Q2: June 15.\n- Q3: September 15.\n- Q4: January 15 of the following year.\n\nEstimate payments as roughly 25-30% of net profit for the quarter and pay via IRS Direct Pay or EFTPS.\n\nTrack deductible expenses in Xero during the year: SaaS subscriptions, contractor payments, home office expenses where applicable, professional development, courses, and business banking fees. Keep digital receipts organized by year in the business records folder.\n\nIssue 1099-NEC forms to US-based contractors paid more than $600 in a calendar year. Collect a W-9 before first payment, track annual contractor totals in Xero, file 1099-NEC forms by January 31 of the following year, and file the 1096 summary with the IRS when required.\n\nAt year end, export the Xero profit and loss statement and balance sheet. Provide them to the CPA or tax preparer with issued 1099s, bank statements for the business year, mileage logs if applicable, and home office documentation if applicable."
   },
   {
     id: "knowledge.org-model-actions",
     title: "Organization Model Actions",
     summary: "Actions are the invokable semantic layer of the Organization Model -- they map to resources, affect entities, bind to knowledge, and expose four invocation types.",
-    bodyText: `Overview\r
-\r
-Actions are the invokable semantic layer of the Organization Model. They declare what an organization can do: what resources implement them, which entities they affect, and how they can be called.\r
-\r
-Actions are authored in the OM.actions domain map and projected as action graph nodes by buildOrganizationGraph(). Each action emits a contains edge from the organization root and optional mapsto, affects, and triggers edges based on its declared fields.\r
-\r
-Source schema: packages/core/src/organization-model/domains/actions.ts\r
-\r
-What Actions Are\r
-\r
-An action is a named, typed, invokable operation. It is not executable code -- it is a semantic declaration that says "this operation exists, it can be called this way, it affects these business objects, and it is implemented by this resource."\r
-\r
-Actions answer questions like:\r
-\r
-- What operations does the sales.lead-gen system expose?\r
-- Which workflow implements the lead-gen.company.qualify operation?\r
-- What entities does this action modify?\r
-- How can this action be invoked from the CLI, an API, or an MCP client?\r
-\r
-ActionInvocation Kinds\r
-\r
-Each action can declare one or more invocations. An invocation describes how the action is called.\r
-\r
-| Kind               | Fields                                                     | Description                               |\r
-| ------------------ | ---------------------------------------------------------- | ----------------------------------------- |\r
-| slash-command    | command (must start with /), optional toolFactory    | Called from the CLI or agent tool surface |\r
-| mcp-tool         | server, name                                           | Exposed as an MCP tool on a named server  |\r
-| api-endpoint     | method (GET/POST/PATCH/DELETE), path, optional schemas | Called via HTTP API endpoint              |\r
-| script-execution | resourceId                                               | Executed by running a script resource     |\r
-\r
-Multiple invocations on one action mean the same semantic operation is reachable through multiple surfaces.\r
-\r
-Scope\r
-\r
-Actions are either global or domain-scoped.\r
-\r
-- Global (scope: 'global'): available across all systems.\r
-- Domain-scoped (scope: { domain: '<modelId>' }): associated with a specific OM domain such as sales.\r
-\r
-Systems reference actions through ActionRef entries on system.actions[], with an intent of exposes (the system owns the action) or consumes (the system calls the action). This relationship emits a uses edge from the system to the action in the graph.\r
-\r
-Affects and Knowledge Bindings\r
-\r
-Actions can declare which entities they modify via the affects field (array of entity IDs). Each entry emits an affects edge from the action to the entity node.\r
-\r
-Actions can also declare knowledge bindings (array of knowledge node IDs) that reference relevant reference material. These bindings are not graph edges; they associate documentation with the action for surfacing in the Knowledge Base.\r
-\r
-Resource Mapping\r
-\r
-The optional resourceId field links an action to its implementation resource. Setting resourceId emits a mapsto edge from the action node to the resource node. If the resource does not yet exist in OM.resources, the graph builder creates a stub resource node from the ID.\r
-\r
-Lifecycle States\r
-\r
+    bodyText: `Overview
+
+Actions are the invokable semantic layer of the Organization Model. They declare what an organization can do: what resources implement them, which entities they affect, and how they can be called.
+
+Actions are authored in the OM.actions domain map and projected as action graph nodes by buildOrganizationGraph(). Each action emits a contains edge from the organization root and optional mapsto, affects, and triggers edges based on its declared fields.
+
+Source schema: packages/core/src/organization-model/domains/actions.ts
+
+What Actions Are
+
+An action is a named, typed, invokable operation. It is not executable code -- it is a semantic declaration that says "this operation exists, it can be called this way, it affects these business objects, and it is implemented by this resource."
+
+Actions answer questions like:
+
+- What operations does the sales.lead-gen system expose?
+- Which workflow implements the lead-gen.company.qualify operation?
+- What entities does this action modify?
+- How can this action be invoked from the CLI, an API, or an MCP client?
+
+ActionInvocation Kinds
+
+Each action can declare one or more invocations. An invocation describes how the action is called.
+
+| Kind               | Fields                                                     | Description                               |
+| ------------------ | ---------------------------------------------------------- | ----------------------------------------- |
+| slash-command    | command (must start with /), optional toolFactory    | Called from the CLI or agent tool surface |
+| mcp-tool         | server, name                                           | Exposed as an MCP tool on a named server  |
+| api-endpoint     | method (GET/POST/PATCH/DELETE), path, optional schemas | Called via HTTP API endpoint              |
+| script-execution | resourceId                                               | Executed by running a script resource     |
+
+Multiple invocations on one action mean the same semantic operation is reachable through multiple surfaces.
+
+Scope
+
+Actions are either global or domain-scoped.
+
+- Global (scope: 'global'): available across all systems.
+- Domain-scoped (scope: { domain: '<modelId>' }): associated with a specific OM domain such as sales.
+
+Systems reference actions through ActionRef entries on system.actions[], with an intent of exposes (the system owns the action) or consumes (the system calls the action). This relationship emits a uses edge from the system to the action in the graph.
+
+Affects and Knowledge Bindings
+
+Actions can declare which entities they modify via the affects field (array of entity IDs). Each entry emits an affects edge from the action to the entity node.
+
+Actions can also declare knowledge bindings (array of knowledge node IDs) that reference relevant reference material. These bindings are not graph edges; they associate documentation with the action for surfacing in the Knowledge Base.
+
+Resource Mapping
+
+The optional resourceId field links an action to its implementation resource. Setting resourceId emits a mapsto edge from the action node to the resource node. If the resource does not yet exist in OM.resources, the graph builder creates a stub resource node from the ID.
+
+Lifecycle States
+
 Actions follow a five-stage lifecycle: draft, beta, active, deprecated, archived. The default is active. Lifecycle state is authored on the action entry and is reflected in the graph node.`
   },
   {
     id: "knowledge.org-model-entities",
     title: "Organization Model Entities",
     summary: "Entities model business objects owned by systems -- with table metadata, state catalogs, and typed entity links.",
-    bodyText: "Overview\r\n\r\nEntities are the business objects of the Organization Model. Each entity is a named, typed object owned by a system -- it corresponds to a database table, optionally participates in a state catalog, and can declare typed relationships to other entities.\r\n\r\nEntities are authored in the OM.entities domain map and projected as entity graph nodes by buildOrganizationGraph(). Each entity emits a contains edge from its owning system node and optional links edges to related entities.\r\n\r\nSource schema: packages/core/src/organization-model/domains/entities.ts\r\n\r\nWhat Entities Are\r\n\r\nAn entity declaration answers questions like:\r\n\r\n- What business objects does the sales.crm system own?\r\n- Which database table backs the crm.deal entity?\r\n- What states can a leadgen.company pass through?\r\n- How are crm.deal and crm.contact related?\r\n\r\nEntities are not executable. They are semantic declarations that describe the shape of business data: who owns it, where it lives, what states it can be in, and how it connects to other objects.\r\n\r\nownedBySystemId\r\n\r\nEvery entity must declare ownedBySystemId -- the ID of the system responsible for it. The graph builder emits a contains edge from system:<ownedBySystemId> to the entity node. An entity can only be owned by one system.\r\n\r\nTable and Row Schema\r\n\r\nThe optional table field names the backing database table (e.g. crmdeals). The optional rowSchema field references a schema identifier that describes the row shape. These fields are informational references; they are not validated against the database at OM parse time.\r\n\r\nstateCatalogId\r\n\r\nThe optional stateCatalogId field links the entity to a state catalog. The graph builder uses this to project event nodes for each state transition:\r\n\r\n- For crm.pipeline, the builder walks pipeline catalog records via the pipeline migration helper.\n- For delivery.task, the builder walks project task status catalog records via the project-status helper.\n- For lead-gen.company and lead-gen.contact, the builder walks the lead-gen stage catalog.\r\n- General status catalogs live in System.ontology.catalogTypes; direct OM.statuses reads are legacy.\n\r\nEach matching status or stage generates an event node with an originatesfrom edge pointing back to the entity.\r\n\r\nTyped Entity Links\r\n\r\nThe links field declares typed relationships to other entities. Each link has:\r\n\r\n- toEntity -- the target entity ID.\r\n- kind -- one of belongs-to, has-many, has-one, or many-to-many.\r\n- via -- optional join key or junction table name.\r\n- label -- optional display label for the relationship.\r\n\r\nEach link emits a links edge from the entity node to the target entity node in the graph.\r\n\r\nExample Entity Shape\r\n\r\nA crm.deal entity owned by sales.crm, backed by the crmdeals table, in the crm.pipeline state catalog, with a has-many link to crm.contact via the dealcontacts junction:\r\n\r\n- id: crm.deal\r\n- ownedBySystemId: sales.crm\r\n- table: crmdeals\r\n- stateCatalogId: crm.pipeline\r\n- links: [{ toEntity: 'crm.contact', kind: 'has-many', via: 'dealcontacts' }]"
+    bodyText: "Overview\n\nEntities are the business objects of the Organization Model. Each entity is a named, typed object owned by a system -- it corresponds to a database table, optionally participates in a state catalog, and can declare typed relationships to other entities.\n\nEntities are authored in the OM.entities domain map and projected as entity graph nodes by buildOrganizationGraph(). Each entity emits a contains edge from its owning system node and optional links edges to related entities.\n\nSource schema: packages/core/src/organization-model/domains/entities.ts\n\nWhat Entities Are\n\nAn entity declaration answers questions like:\n\n- What business objects does the sales.crm system own?\n- Which database table backs the crm.deal entity?\n- What states can a leadgen.company pass through?\n- How are crm.deal and crm.contact related?\n\nEntities are not executable. They are semantic declarations that describe the shape of business data: who owns it, where it lives, what states it can be in, and how it connects to other objects.\n\nownedBySystemId\n\nEvery entity must declare ownedBySystemId -- the ID of the system responsible for it. The graph builder emits a contains edge from system:<ownedBySystemId> to the entity node. An entity can only be owned by one system.\n\nTable and Row Schema\n\nThe optional table field names the backing database table (e.g. crmdeals). The optional rowSchema field references a schema identifier that describes the row shape. These fields are informational references; they are not validated against the database at OM parse time.\n\nstateCatalogId\n\nThe optional stateCatalogId field links the entity to a state catalog. The graph builder uses this to project event nodes for each state transition:\n\n- For crm.pipeline, the builder walks pipeline catalog records via the pipeline migration helper.\n- For delivery.task, the builder walks project task status catalog records via the project-status helper.\n- For lead-gen.company and lead-gen.contact, the builder walks the lead-gen stage catalog.\n- General status catalogs live in System.ontology.catalogTypes; direct OM.statuses reads are legacy.\n\nEach matching status or stage generates an event node with an originatesfrom edge pointing back to the entity.\n\nTyped Entity Links\n\nThe links field declares typed relationships to other entities. Each link has:\n\n- toEntity -- the target entity ID.\n- kind -- one of belongs-to, has-many, has-one, or many-to-many.\n- via -- optional join key or junction table name.\n- label -- optional display label for the relationship.\n\nEach link emits a links edge from the entity node to the target entity node in the graph.\n\nExample Entity Shape\n\nA crm.deal entity owned by sales.crm, backed by the crmdeals table, in the crm.pipeline state catalog, with a has-many link to crm.contact via the dealcontacts junction:\n\n- id: crm.deal\n- ownedBySystemId: sales.crm\n- table: crmdeals\n- stateCatalogId: crm.pipeline\n- links: [{ toEntity: 'crm.contact', kind: 'has-many', via: 'dealcontacts' }]"
   },
   {
     id: "knowledge.org-model-events",
     title: "Organization Model Events",
     summary: "Events are projected signals -- the OM has no authored event domain. They emit from resources and originate from entity state catalogs.",
-    bodyText: "Overview\r\n\r\nEvents are projected graph nodes. The Organization Model has no OM.events domain map that authors edit directly. Instead, events are derived by buildOrganizationGraph() from two sources: EventEmissionDescriptor entries on workflow and agent resources, and state catalog entries on entities.\r\n\r\nEvery event node carries a unique ID formed as \\<ownerId\\>:\\<eventKey\\>, a human-readable label, and an edge that connects it back to the node that produced it.\r\n\r\nProjection logic: packages/core/src/organization-model/graph/build.ts\r\n\r\nAuthored vs. Projected\r\n\r\nThe distinction matters because it determines where you change event data.\r\n\r\nEvents are never edited in a standalone events file. To change an event you must change its source:\r\n\r\n- To change a resource-emitted event, update the emits array on the workflow or agent entry in OM.resources.\r\n- To change an entity state-transition event, update the entity's stateCatalogId or the underlying ontology status/stage catalog on the owning System.\n\r\nThe graph builder projects these into event graph nodes automatically on the next call to buildOrganizationGraph().\r\n\r\nEventEmissionDescriptor on Resources\r\n\r\nWorkflow and agent resource entries can declare an emits array. Each element is an EventEmissionDescriptor:\r\n\r\n| Field           | Type            | Description                                                   |\r\n| --------------- | --------------- | ------------------------------------------------------------- |\r\n| eventKey      | ModelIdSchema | Short key scoped to the owner resource (e.g. enrolled)      |\r\n| label         | string          | Human-readable label for the event                            |\r\n| payloadSchema | ModelIdSchema | Optional reference to a schema that describes the payload     |\r\n| lifecycle     | lifecycle enum  | Optional: draft, beta, active, deprecated, archived |\r\n\r\nThe graph builder constructs the full EventDescriptor by combining ownerId (the resource ID), ownerKind: 'resource', and the emission descriptor fields. The resulting event ID is \\<resourceId\\>:\\<eventKey\\>.\r\n\r\nAn emits edge is then projected from the resource node to the event node.\r\n\r\nOnly workflow and agent resource kinds support emits. integration and script resources do not.\r\n\r\noriginatesfrom Edges from Entity State Catalogs\r\n\r\nWhen an entity declares a stateCatalogId, the graph builder projects one event node per state transition available to that entity. These events use ownerKind: 'entity' and the resulting event ID is \\<entityId\\>:\\<eventKey\\>.\r\n\r\nA reversed originatesfrom edge is projected from the event node pointing back to the entity node. This edge direction is the opposite of emits: it signals that the event represents a state change that originates from the entity, not that the entity actively fires the event.\r\n\r\nThe builder resolves state catalogs as follows:\r\n\r\n- General status catalogs: status data lives in System.ontology.catalogTypes; direct OM.statuses reads are legacy.\n- crm.pipeline: walks pipeline catalog records via the pipeline migration helper.\n- delivery.task: walks project task status catalog records via the project-status helper.\n- lead-gen.company and lead-gen.contact: walks the LEADGENSTAGECATALOG constant, filtering by entity type.\r\n\r\ntriggers Edges to Policies\r\n\r\nWhen a policy declares trigger.kind: 'event', the graph builder looks up the projected event node by event ID and emits a triggers edge from the event node to the policy node. This edge is only emitted if the event node was already projected by the time the policy loop runs.\r\n\r\nPolicy triggers are the primary way events connect to downstream behavior. No triggers edge is emitted for events that no policy references.\r\n\r\nEventDescriptor Full Shape\r\n\r\nEventDescriptor is the resolved type used internally by the graph builder. It extends EventEmissionDescriptor with identity fields:\r\n\r\n| Field           | Type                       | Description                                           |\r\n| --------------- | -------------------------- | ----------------------------------------------------- |\r\n| id            | EventIdSchema            | Composite: \\<ownerId\\>:\\<eventKey\\>                 |\r\n| ownerId       | resource ID or model ID    | ID of the resource or entity that is the event source |\r\n| ownerKind     | 'resource' or 'entity' | Discriminates between the two projection paths        |\r\n| eventKey      | ModelIdSchema            | Short key, unique within the owner                    |\r\n| label         | string                     | Human-readable label                                  |\r\n| payloadSchema | ModelIdSchema (opt)      | Schema reference for payload shape                    |\r\n| lifecycle     | lifecycle enum (opt)       | Lifecycle state from the emission descriptor          |\r\n\r\nEventDescriptor is not stored in the graph node itself -- it is used transiently during graph construction to build the node and emit edges. The graph node stores id, kind: 'event', label, and sourceId.\r\n\r\nGraph Summary\r\n\r\n| Edge kind         | Direction                   | When emitted                                 |\r\n| ----------------- | --------------------------- | -------------------------------------------- |\r\n| emits           | resource node -> event node | Resource emits[] array is non-empty        |\r\n| originatesfrom | event node -> entity node   | Entity has a stateCatalogId                |\r\n| triggers        | event node -> policy node   | Policy trigger.kind === 'event' matches ID |"
+    bodyText: "Overview\n\nEvents are projected graph nodes. The Organization Model has no OM.events domain map that authors edit directly. Instead, events are derived by buildOrganizationGraph() from two sources: EventEmissionDescriptor entries on workflow and agent resources, and state catalog entries on entities.\n\nEvery event node carries a unique ID formed as \\<ownerId\\>:\\<eventKey\\>, a human-readable label, and an edge that connects it back to the node that produced it.\n\nProjection logic: packages/core/src/organization-model/graph/build.ts\n\nAuthored vs. Projected\n\nThe distinction matters because it determines where you change event data.\n\nEvents are never edited in a standalone events file. To change an event you must change its source:\n\n- To change a resource-emitted event, update the emits array on the workflow or agent entry in OM.resources.\n- To change an entity state-transition event, update the entity's stateCatalogId or the underlying ontology status/stage catalog on the owning System.\n\nThe graph builder projects these into event graph nodes automatically on the next call to buildOrganizationGraph().\n\nEventEmissionDescriptor on Resources\n\nWorkflow and agent resource entries can declare an emits array. Each element is an EventEmissionDescriptor:\n\n| Field           | Type            | Description                                                   |\n| --------------- | --------------- | ------------------------------------------------------------- |\n| eventKey      | ModelIdSchema | Short key scoped to the owner resource (e.g. enrolled)      |\n| label         | string          | Human-readable label for the event                            |\n| payloadSchema | ModelIdSchema | Optional reference to a schema that describes the payload     |\n| lifecycle     | lifecycle enum  | Optional: draft, beta, active, deprecated, archived |\n\nThe graph builder constructs the full EventDescriptor by combining ownerId (the resource ID), ownerKind: 'resource', and the emission descriptor fields. The resulting event ID is \\<resourceId\\>:\\<eventKey\\>.\n\nAn emits edge is then projected from the resource node to the event node.\n\nOnly workflow and agent resource kinds support emits. integration and script resources do not.\n\noriginatesfrom Edges from Entity State Catalogs\n\nWhen an entity declares a stateCatalogId, the graph builder projects one event node per state transition available to that entity. These events use ownerKind: 'entity' and the resulting event ID is \\<entityId\\>:\\<eventKey\\>.\n\nA reversed originatesfrom edge is projected from the event node pointing back to the entity node. This edge direction is the opposite of emits: it signals that the event represents a state change that originates from the entity, not that the entity actively fires the event.\n\nThe builder resolves state catalogs as follows:\n\n- General status catalogs: status data lives in System.ontology.catalogTypes; direct OM.statuses reads are legacy.\n- crm.pipeline: walks pipeline catalog records via the pipeline migration helper.\n- delivery.task: walks project task status catalog records via the project-status helper.\n- lead-gen.company and lead-gen.contact: walks the LEADGENSTAGECATALOG constant, filtering by entity type.\n\ntriggers Edges to Policies\n\nWhen a policy declares trigger.kind: 'event', the graph builder looks up the projected event node by event ID and emits a triggers edge from the event node to the policy node. This edge is only emitted if the event node was already projected by the time the policy loop runs.\n\nPolicy triggers are the primary way events connect to downstream behavior. No triggers edge is emitted for events that no policy references.\n\nEventDescriptor Full Shape\n\nEventDescriptor is the resolved type used internally by the graph builder. It extends EventEmissionDescriptor with identity fields:\n\n| Field           | Type                       | Description                                           |\n| --------------- | -------------------------- | ----------------------------------------------------- |\n| id            | EventIdSchema            | Composite: \\<ownerId\\>:\\<eventKey\\>                 |\n| ownerId       | resource ID or model ID    | ID of the resource or entity that is the event source |\n| ownerKind     | 'resource' or 'entity' | Discriminates between the two projection paths        |\n| eventKey      | ModelIdSchema            | Short key, unique within the owner                    |\n| label         | string                     | Human-readable label                                  |\n| payloadSchema | ModelIdSchema (opt)      | Schema reference for payload shape                    |\n| lifecycle     | lifecycle enum (opt)       | Lifecycle state from the emission descriptor          |\n\nEventDescriptor is not stored in the graph node itself -- it is used transiently during graph construction to build the node and emit edges. The graph node stores id, kind: 'event', label, and sourceId.\n\nGraph Summary\n\n| Edge kind         | Direction                   | When emitted                                 |\n| ----------------- | --------------------------- | -------------------------------------------- |\n| emits           | resource node -> event node | Resource emits[] array is non-empty        |\n| originatesfrom | event node -> entity node   | Entity has a stateCatalogId                |\n| triggers        | event node -> policy node   | Policy trigger.kind === 'event' matches ID |"
   },
   {
     id: "knowledge.org-model-graph-contract",
     title: "Organization Model Graph Contract",
     summary: "The canonical graph node and edge contract -- authored and projected node kinds, edge kinds, and the resource-type overlay derived from the Organization Model.",
-    bodyText: "Overview\r\n\r\nThe Organization Model graph contract defines the typed node and edge taxonomy emitted by buildOrganizationGraph(). Every surface that reads or visualizes the OM -- including Command View -- works against this contract.\r\n\r\nThe graph has two categories of nodes: authored nodes derived directly from OM domain maps, and projected nodes derived by the graph builder from authored content. Events and stages are projected; all other node kinds are authored.\r\n\r\nSource schema: packages/core/src/organization-model/graph/schema.ts\r\nProjection logic: packages/core/src/organization-model/graph/build.ts\r\n\r\nNode Kinds\r\n\r\nThe graph vocabulary includes authored semantic nodes and projected operational/navigation nodes.\r\n\r\n| Kind           | Authored / Projected | Source                                                  |\r\n| -------------- | -------------------- | ------------------------------------------------------- |\r\n| organization | Projected            | Root node; always present; id is organization-model   |\r\n| system       | Authored             | OM.systems domain map                                 |\r\n| role         | Authored             | OM.roles domain map                                   |\r\n| action       | Authored             | OM.actions domain map                                 |\r\n| entity       | Authored             | OM.entities domain map                                |\r\n| event        | Projected            | Derived from resource emits and entity state catalogs |\r\n| policy       | Authored             | OM.policies domain map                                |\r\n| stage        | Projected            | Derived from ontology-backed stage catalog helpers |\n| resource     | Authored             | OM.resources domain map                               |\r\n| knowledge    | Authored             | OM.knowledge id-keyed map                             |\r\n| customer-segment | Authored         | OM.customers domain map                               |\r\n| offering     | Authored             | OM.offerings domain map                               |\r\n| goal         | Authored             | OM.goals domain map                                   |\r\n| surface      | Projected            | Routeable leaves from OM.navigation.sidebar           |\r\n| navigation-group | Projected        | Groups from OM.navigation.sidebar                     |\r\n\r\nEdge Kinds\r\n\r\nTwelve edge kinds are valid in the graph.\r\n\r\n| Kind              | Direction                             | Meaning                                                       |\r\n| ----------------- | ------------------------------------- | ------------------------------------------------------------- |\r\n| contains        | parent -> child                       | Containment: organization to system, system to resource, etc. |\r\n| references      | source -> target                      | Cross-reference: role reports-to, agent invokes action        |\r\n| mapsto         | action -> resource                    | Action is implemented by a resource                           |\r\n| uses            | system -> action, stage -> action     | System or stage uses an action                                |\r\n| governs         | knowledge -> target, role -> system   | Knowledge node or role governs a target                       |\r\n| links           | entity -> entity                      | Typed entity relationship (belongs-to, has-many, etc.)        |\r\n| affects         | action -> entity                      | Action modifies or reads an entity                            |\r\n| emits           | resource -> event                     | Resource produces an observable event                         |\r\n| originatesfrom | event -> entity                       | Event originates from an entity state transition              |\r\n| triggers        | event -> policy, action -> policy     | Event or action invocation triggers a policy evaluation       |\r\n| appliesto      | policy -> system/action/resource/role | Policy governs the target                                     |\r\n| effects         | policy -> action/role                 | Policy effect invokes an action or notifies a role            |\r\n\r\nResource Type Overlay\r\n\r\nResource nodes carry an optional resourceType field that is a separate enum from kind. It is set by the graph builder from the OM resource kind field or from Command View data.\r\n\r\n| Value              | Description                       |\r\n| ------------------ | --------------------------------- |\r\n| workflow         | Deterministic automation pipeline |\r\n| agent            | LLM-driven reasoning resource     |\r\n| trigger          | Event-driven entry point          |\r\n| integration      | External service connector        |\r\n| external         | Third-party system reference      |\r\n| humancheckpoint | Human-in-the-loop review gate     |\r\n| script           | One-shot executable script        |\r\n\r\nAuthored vs. Projected Fields\r\n\r\nAuthored nodes\r\n\r\nSystem, role, action, entity, policy, resource, knowledge, customer-segment, offering, and goal nodes are authored in the OM domain maps. Ontology catalog nodes are authored inside System.ontology.catalogTypes and projected with ontology graph IDs. Their id, label, description, and domain-specific fields are set from OM source data.\n\r\nProjected nodes\r\n\r\n- Organization node: always present; id is always organization-model.\r\n- Event nodes: derived from two sources. Resource events come from resource.emits declarations on workflow and agent resources. Entity events come from the entity's stateCatalogId -- the builder walks compatible pipeline, project-status, or lead-gen stage helpers to generate one event node per transition.\r\n- Stage nodes: derived from ontology-backed prospecting and lead-gen stage helpers.\n- Surface and navigation-group nodes: derived from navigation.sidebar.\r\n\r\nProjected nodes are never authored directly. To add an event, declare emits on a resource or assign stateCatalogId to an entity.\r\n\r\nGraph Node Shape\r\n\r\nEach node has: id (graph-unique string), kind (one of the 10 kinds), label (display name), optional sourceId (OM domain ID), optional description, optional icon, optional enabled flag, and optional resourceType (resource nodes only).\r\n\r\nEach edge has: id (graph-unique string), kind (one of the 12 kinds), sourceId, targetId, optional label, and optional relationshipType (triggers, uses, or approval)."
+    bodyText: "Overview\n\nThe Organization Model graph contract defines the typed node and edge taxonomy emitted by buildOrganizationGraph(). Every surface that reads or visualizes the OM -- including Command View -- works against this contract.\n\nThe graph has two categories of nodes: authored nodes derived directly from OM domain maps, and projected nodes derived by the graph builder from authored content. Events and stages are projected; all other node kinds are authored.\n\nSource schema: packages/core/src/organization-model/graph/schema.ts\nProjection logic: packages/core/src/organization-model/graph/build.ts\n\nNode Kinds\n\nThe graph vocabulary includes authored semantic nodes and projected operational/navigation nodes.\n\n| Kind           | Authored / Projected | Source                                                  |\n| -------------- | -------------------- | ------------------------------------------------------- |\n| organization | Projected            | Root node; always present; id is organization-model   |\n| system       | Authored             | OM.systems domain map                                 |\n| role         | Authored             | OM.roles domain map                                   |\n| action       | Authored             | OM.actions domain map                                 |\n| entity       | Authored             | OM.entities domain map                                |\n| event        | Projected            | Derived from resource emits and entity state catalogs |\n| policy       | Authored             | OM.policies domain map                                |\n| stage        | Projected            | Derived from ontology-backed stage catalog helpers |\n| resource     | Authored             | OM.resources domain map                               |\n| knowledge    | Authored             | OM.knowledge id-keyed map                             |\n| customer-segment | Authored         | OM.customers domain map                               |\n| offering     | Authored             | OM.offerings domain map                               |\n| goal         | Authored             | OM.goals domain map                                   |\n| surface      | Projected            | Routeable leaves from OM.navigation.sidebar           |\n| navigation-group | Projected        | Groups from OM.navigation.sidebar                     |\n\nEdge Kinds\n\nTwelve edge kinds are valid in the graph.\n\n| Kind              | Direction                             | Meaning                                                       |\n| ----------------- | ------------------------------------- | ------------------------------------------------------------- |\n| contains        | parent -> child                       | Containment: organization to system, system to resource, etc. |\n| references      | source -> target                      | Cross-reference: role reports-to, agent invokes action        |\n| mapsto         | action -> resource                    | Action is implemented by a resource                           |\n| uses            | system -> action, stage -> action     | System or stage uses an action                                |\n| governs         | knowledge -> target, role -> system   | Knowledge node or role governs a target                       |\n| links           | entity -> entity                      | Typed entity relationship (belongs-to, has-many, etc.)        |\n| affects         | action -> entity                      | Action modifies or reads an entity                            |\n| emits           | resource -> event                     | Resource produces an observable event                         |\n| originatesfrom | event -> entity                       | Event originates from an entity state transition              |\n| triggers        | event -> policy, action -> policy     | Event or action invocation triggers a policy evaluation       |\n| appliesto      | policy -> system/action/resource/role | Policy governs the target                                     |\n| effects         | policy -> action/role                 | Policy effect invokes an action or notifies a role            |\n\nResource Type Overlay\n\nResource nodes carry an optional resourceType field that is a separate enum from kind. It is set by the graph builder from the OM resource kind field or from Command View data.\n\n| Value              | Description                       |\n| ------------------ | --------------------------------- |\n| workflow         | Deterministic automation pipeline |\n| agent            | LLM-driven reasoning resource     |\n| trigger          | Event-driven entry point          |\n| integration      | External service connector        |\n| external         | Third-party system reference      |\n| humancheckpoint | Human-in-the-loop review gate     |\n| script           | One-shot executable script        |\n\nAuthored vs. Projected Fields\n\nAuthored nodes\n\nSystem, role, action, entity, policy, resource, knowledge, customer-segment, offering, and goal nodes are authored in the OM domain maps. Ontology catalog nodes are authored inside System.ontology.catalogTypes and projected with ontology graph IDs. Their id, label, description, and domain-specific fields are set from OM source data.\n\nProjected nodes\n\n- Organization node: always present; id is always organization-model.\n- Event nodes: derived from two sources. Resource events come from resource.emits declarations on workflow and agent resources. Entity events come from the entity's stateCatalogId -- the builder walks compatible pipeline, project-status, or lead-gen stage helpers to generate one event node per transition.\n- Stage nodes: derived from ontology-backed prospecting and lead-gen stage helpers.\n- Surface and navigation-group nodes: derived from navigation.sidebar.\n\nProjected nodes are never authored directly. To add an event, declare emits on a resource or assign stateCatalogId to an entity.\n\nGraph Node Shape\n\nEach node has: id (graph-unique string), kind (one of the 10 kinds), label (display name), optional sourceId (OM domain ID), optional description, optional icon, optional enabled flag, and optional resourceType (resource nodes only).\n\nEach edge has: id (graph-unique string), kind (one of the 12 kinds), sourceId, targetId, optional label, and optional relationshipType (triggers, uses, or approval)."
   },
   {
     id: "knowledge.org-model-policies",
     title: "Organization Model Policies",
     summary: "Policies govern systems, actions, resources, and roles -- with discriminated triggers, predicates, and effects.",
-    bodyText: "Overview\r\n\r\nPolicies are cross-cutting governance rules in the Organization Model. They declare what should happen when a trigger fires, under what conditions, and with what effect. Policies are authored in the OM.policies domain map and projected as policy graph nodes by buildOrganizationGraph().\r\n\r\nEvery policy emits a contains edge from the organization root and appliesto edges to each system, action, resource, or role it governs. When the trigger is event-based or action-based, an additional triggers edge connects the source node to the policy.\r\n\r\nSource schema: packages/core/src/organization-model/domains/policies.ts\r\n\r\nPolicyTrigger\r\n\r\nThe trigger is a discriminated union on kind that defines what activates the policy.\r\n\r\n| Kind                | Required fields | Description                                               |\r\n| ------------------- | --------------- | --------------------------------------------------------- |\r\n| event             | eventId       | Fires when the referenced event is projected in the graph |\r\n| action-invocation | actionId      | Fires when the referenced action is invoked               |\r\n| schedule          | cron          | Fires on a cron schedule (max 120 chars)                  |\r\n| manual            | none            | Fires only when explicitly triggered by a user or process |\r\n\r\nFor event triggers, the graph builder looks up the projected event node by eventId and emits a triggers edge from that event node to the policy node. For action-invocation triggers, a triggers edge is emitted from the action node to the policy node. Schedule and manual triggers produce no additional graph edges.\r\n\r\nPolicyPredicate\r\n\r\nThe predicate is a discriminated union on kind that defines the condition under which the policy effect is applied.\r\n\r\n| Kind         | Required fields                 | Description                                                |\r\n| ------------ | ------------------------------- | ---------------------------------------------------------- |\r\n| always     | none                            | Condition is unconditionally true; effect always fires     |\r\n| expression | expression (string, max 2000) | Arbitrary expression evaluated at runtime                  |\r\n| threshold  | metric, operator, value   | Numeric threshold check: lt, lte, eq, gte, or gt |\r\n\r\nThe default predicate if not specified is { kind: 'always' }.\r\n\r\nPolicyEffect\r\n\r\nThe actions field holds an ordered array of effects (PolicyEffect[]). At least one effect is required. Effects are a discriminated union on kind.\r\n\r\n| Kind               | Required fields     | Description                                                 |\r\n| ------------------ | ------------------- | ----------------------------------------------------------- |\r\n| require-approval | roleId (optional) | Blocks execution until a human approves; routes to the role |\r\n| invoke-action    | actionId          | Invokes the referenced action as a consequence              |\r\n| notify-role      | roleId            | Sends a notification to the specified role                  |\r\n| block            | none                | Stops execution entirely; no approval path                  |\r\n\r\nFor invoke-action effects, the graph builder emits an effects edge from the policy node to the referenced action node. For notify-role and require-approval effects that include a roleId, an effects edge is emitted from the policy node to the role node.\r\n\r\nappliesTo\r\n\r\nThe appliesTo field declares which OM entities the policy governs. It contains four ID arrays, all defaulting to empty:\r\n\r\n| Field         | Target kind | Graph edge emitted                        |\r\n| ------------- | ----------- | ----------------------------------------- |\r\n| systemIds   | system    | appliesto from policy to system node   |\r\n| actionIds   | action    | appliesto from policy to action node   |\r\n| resourceIds | resource  | appliesto from policy to resource node |\r\n| roleIds     | role      | appliesto from policy to role node     |\r\n\r\nA policy can apply to any combination of these targets simultaneously. A policy with all four arrays empty is valid but produces no appliesto edges.\r\n\r\nLifecycle\r\n\r\nPolicies follow the same five-stage lifecycle as systems and actions: draft, beta, active, deprecated, archived. The default is active. Lifecycle is authored on the policy entry and is reflected in the graph node.\r\n\r\nThe order field controls domain-map iteration order. The convention is multiples of 10 (10, 20, 30, ...) to allow easy insertion between existing entries.\r\n\r\nGraph Summary\r\n\r\n| Edge kind    | Direction                                  | When emitted                                                                       |\r\n| ------------ | ------------------------------------------ | ---------------------------------------------------------------------------------- |\r\n| contains   | organization root -> policy node           | Always; every policy is contained by the organization root                         |\r\n| appliesto | policy node -> system/action/resource/role | For each non-empty appliesTo.Ids entry                                          |\r\n| triggers   | event or action node -> policy node        | When trigger.kind is event or action-invocation                              |\r\n| effects    | policy node -> action or role node         | For invoke-action, notify-role, and require-approval effects with a roleId |"
+    bodyText: "Overview\n\nPolicies are cross-cutting governance rules in the Organization Model. They declare what should happen when a trigger fires, under what conditions, and with what effect. Policies are authored in the OM.policies domain map and projected as policy graph nodes by buildOrganizationGraph().\n\nEvery policy emits a contains edge from the organization root and appliesto edges to each system, action, resource, or role it governs. When the trigger is event-based or action-based, an additional triggers edge connects the source node to the policy.\n\nSource schema: packages/core/src/organization-model/domains/policies.ts\n\nPolicyTrigger\n\nThe trigger is a discriminated union on kind that defines what activates the policy.\n\n| Kind                | Required fields | Description                                               |\n| ------------------- | --------------- | --------------------------------------------------------- |\n| event             | eventId       | Fires when the referenced event is projected in the graph |\n| action-invocation | actionId      | Fires when the referenced action is invoked               |\n| schedule          | cron          | Fires on a cron schedule (max 120 chars)                  |\n| manual            | none            | Fires only when explicitly triggered by a user or process |\n\nFor event triggers, the graph builder looks up the projected event node by eventId and emits a triggers edge from that event node to the policy node. For action-invocation triggers, a triggers edge is emitted from the action node to the policy node. Schedule and manual triggers produce no additional graph edges.\n\nPolicyPredicate\n\nThe predicate is a discriminated union on kind that defines the condition under which the policy effect is applied.\n\n| Kind         | Required fields                 | Description                                                |\n| ------------ | ------------------------------- | ---------------------------------------------------------- |\n| always     | none                            | Condition is unconditionally true; effect always fires     |\n| expression | expression (string, max 2000) | Arbitrary expression evaluated at runtime                  |\n| threshold  | metric, operator, value   | Numeric threshold check: lt, lte, eq, gte, or gt |\n\nThe default predicate if not specified is { kind: 'always' }.\n\nPolicyEffect\n\nThe actions field holds an ordered array of effects (PolicyEffect[]). At least one effect is required. Effects are a discriminated union on kind.\n\n| Kind               | Required fields     | Description                                                 |\n| ------------------ | ------------------- | ----------------------------------------------------------- |\n| require-approval | roleId (optional) | Blocks execution until a human approves; routes to the role |\n| invoke-action    | actionId          | Invokes the referenced action as a consequence              |\n| notify-role      | roleId            | Sends a notification to the specified role                  |\n| block            | none                | Stops execution entirely; no approval path                  |\n\nFor invoke-action effects, the graph builder emits an effects edge from the policy node to the referenced action node. For notify-role and require-approval effects that include a roleId, an effects edge is emitted from the policy node to the role node.\n\nappliesTo\n\nThe appliesTo field declares which OM entities the policy governs. It contains four ID arrays, all defaulting to empty:\n\n| Field         | Target kind | Graph edge emitted                        |\n| ------------- | ----------- | ----------------------------------------- |\n| systemIds   | system    | appliesto from policy to system node   |\n| actionIds   | action    | appliesto from policy to action node   |\n| resourceIds | resource  | appliesto from policy to resource node |\n| roleIds     | role      | appliesto from policy to role node     |\n\nA policy can apply to any combination of these targets simultaneously. A policy with all four arrays empty is valid but produces no appliesto edges.\n\nLifecycle\n\nPolicies follow the same five-stage lifecycle as systems and actions: draft, beta, active, deprecated, archived. The default is active. Lifecycle is authored on the policy entry and is reflected in the graph node.\n\nThe order field controls domain-map iteration order. The convention is multiples of 10 (10, 20, 30, ...) to allow easy insertion between existing entries.\n\nGraph Summary\n\n| Edge kind    | Direction                                  | When emitted                                                                       |\n| ------------ | ------------------------------------------ | ---------------------------------------------------------------------------------- |\n| contains   | organization root -> policy node           | Always; every policy is contained by the organization root                         |\n| appliesto | policy node -> system/action/resource/role | For each non-empty appliesTo.Ids entry                                          |\n| triggers   | event or action node -> policy node        | When trigger.kind is event or action-invocation                              |\n| effects    | policy node -> action or role node         | For invoke-action, notify-role, and require-approval effects with a roleId |"
   },
   {
     id: "knowledge.platform-command-view",
     title: "Platform Command View",
     summary: "Reference for Command View, the visual Organization Model graph surface that projects systems, resources, actions, entities, events, and policies into an explorable operational view.",
-    bodyText: "Overview\r\n\r\nCommand View is the visual surface for the Organization Model graph. It projects the OM -- systems, resources, actions, entities, events, and policies -- into an explorable graph using the same node and edge taxonomy emitted by buildOrganizationGraph().\r\n\r\nIt answers operational questions such as:\r\n\r\n- What systems own which resources?\r\n- What does this agent map to in the OM?\r\n- Which actions affect which entities?\r\n- If a resource goes offline, what policies or actions reference it?\r\n- What events originate from this entity or resource?\r\n\r\nAccess Command View through the Knowledge area at /knowledge/command-view.\r\n\r\nHow Command View Works\r\n\r\nCommand View is a projection of the Organization Model graph, not a separate deployment manifest.\r\n\r\nThe OM resources domain is the single source of resource identity. The actions domain is the invokable semantic layer. The systems domain is the backbone. Command View merges the graph emitted by buildOrganizationGraph() with optional live Command View data (deployed resource metadata) to render a unified operational picture.\r\n\r\nGraph projection pipeline:\r\n\r\n1. Organization Model is authored in packages/elevasis-core/src/organization-model/.\r\n2. buildOrganizationGraph() projects the OM into typed nodes and edges.\r\n3. Command View data (deployed resource metadata) is optionally merged as an overlay.\r\n4. The merged graph is serialized and cached.\r\n5. The frontend visualizes the cached graph.\r\n\r\nCommand View does not own resource identity. It reads what the OM declares.\r\n\r\nNode Kinds\r\n\r\nCommand View renders the same node kinds as the OM graph:\r\n\r\n| Kind           | Source         | Description                                                                |\r\n| -------------- | -------------- | -------------------------------------------------------------------------- |\r\n| organization | Root           | The organization-model root node                                           |\r\n| system       | OM.systems   | Bounded contexts with dotted IDs and parentSystemId hierarchy              |\r\n| role         | OM.roles     | Named roles with hierarchy and holder assignments                          |\r\n| action       | OM.actions   | Invokable operations with invocation type metadata                         |\r\n| entity       | OM.entities  | Business objects owned by systems                                          |\r\n| event        | Projected      | Derived from resource emits declarations and entity state catalogs       |\r\n| policy       | OM.policies  | Governance rules applied to systems, actions, resources, and roles         |\r\n| stage        | Projected      | Derived from prospecting stage catalogs                                    |\r\n| resource     | OM.resources | Workflows, agents, integrations, triggers, scripts, and external resources |\r\n| knowledge    | OM.knowledge | Knowledge nodes governed by systems                                        |\r\n\r\nThe resourceType overlay on resource nodes is a separate enum: workflow, agent, trigger, integration, external, humancheckpoint, script.\r\n\r\nEdge Kinds\r\n\r\n| Kind              | Meaning                                                                        |\r\n| ----------------- | ------------------------------------------------------------------------------ |\r\n| contains        | Parent-to-child containment (organization to system, system to resource, etc.) |\r\n| references      | Cross-reference between nodes (role reports-to, agent invokes action)          |\r\n| mapsto         | Action mapped to a resource implementation                                     |\r\n| uses            | System or stage uses an action                                                 |\r\n| governs         | Knowledge node or role governs a system or target                              |\r\n| links           | Entity links to another entity                                                 |\r\n| affects         | Action affects an entity                                                       |\r\n| emits           | Resource or entity emits an event                                              |\r\n| originatesfrom | Event originates from an entity                                                |\r\n| triggers        | Event or action triggers a policy                                              |\r\n| appliesto      | Policy applies to a system, action, resource, or role                          |\r\n| effects         | Policy effect invokes an action or notifies a role                             |\r\n\r\nVisualization Modes\r\n\r\nCommand View uses Cytoscape graph modes:\r\n\r\n- Map: preserves organization structure and honors hidden-resource visibility.\r\n- Trace: resolves directed paths and reveals resources for the active trace.\r\n- Impact: pivots around the selected node and reveals related resources for impact review.\r\n\r\nFilter panel:\r\n\r\n- Search across nodes, relationships, and IDs.\r\n- Filter by node kind, resource type, environment, topology presence, integrations, and resource facets.\r\n- Toggle resource visibility and diagnostic/testing resource visibility.\r\n- Show visible and hidden resource counts in the same control surface.\r\n\r\nHidden resource behavior:\r\n\r\n- Resource nodes are hidden by default so the organization structure remains readable.\r\n- Structural nodes remain visible as the navigation skeleton.\r\n- Selecting a visible node can reveal directly connected hidden resources.\r\n- Diagnostic and testing resources are hidden by default and can be revealed from the filter panel.\r\n\r\nExpand Around behavior:\r\n\r\n- Select a node, open Details, and use Expand Around to preview nearby graph context before revealing it.\r\n- Semantic presets cover coverage, operational dependencies, organization context, and impact paths.\r\n- System and entity nodes default to Coverage.\r\n- Resource nodes default to Operational Dependencies.\r\n- Preview counts show hidden resources before Apply reveals the graph patch.\r\n\r\nRead-only constraints:\r\n\r\n- No drag and drop.\r\n- No connection editing.\r\n- No graph mutation from the visualization layer.\r\n\r\nOrganization Model as the Source of Truth\r\n\r\nResource identity lives in OM.resources, not in a separate manifest. To add a resource to Command View:\r\n\r\n1. Add the resource to OM.resources in the organization model.\r\n2. Link it to a system via systemPath.\r\n3. Optionally link actions to the resource via action.resourceId.\r\n4. Deploy the organization model. Command View reflects the new resource automatically.\r\n\r\nThere is no separate DeploymentSpec.relationships declaration required for OM-declared resources. The graph builder derives containment and relationship edges directly from the OM contract.\r\n\r\nLive resource metadata (deployed name, description, runtime status) can be overlaid from Command View data when available, but the OM contract is primary.\r\n\r\nUsing Command View\r\n\r\nSystem Understanding\r\n\r\nUseful exploration questions:\r\n\r\n- What systems own which resources and entities?\r\n- What actions does this system expose, and what do they map to?\r\n- Which knowledge nodes govern this system?\r\n- What policies apply to this system?\r\n- What events originate from this entity?\r\n- What roles are responsible for this system?\r\n\r\nVisual patterns:\r\n\r\n- Hub nodes with many edges indicate central resources or pivotal systems.\r\n- Linear chains show sequential workflow pipelines.\r\n- Branching shows conditional routing or multiple action paths.\r\n- Isolated nodes may indicate unused or draft resources.\r\n\r\nManifest Debugging\r\n\r\nUse Command View to verify:\r\n\r\n1. Resources appear as nodes under the correct system.\r\n2. Actions map to the expected resources.\r\n3. Entities link to the correct systems and each other.\r\n4. Policies apply to the correct systems, actions, or resources.\r\n5. Events appear for resources with emits declarations.\r\n6. Orphaned resources are intentional.\r\n\r\nCommon issues:\r\n\r\n- Resource declared in OM but assigned to the wrong systemPath.\r\n- Action resourceId points to a resource ID that does not exist.\r\n- Entity ownedBySystemId references an unknown system.\r\n- Policy appliesTo references a system, action, or resource that was removed.\r\n\r\nTroubleshooting\r\n\r\nEmpty Graph\r\n\r\nLikely causes:\r\n\r\n- Organization has no systems or resources defined.\r\n- Search, node kind, or resource type filters hide all graph elements.\r\n- Command View resources are hidden and no structural nodes match current filters.\r\n\r\nCheck:\r\n\r\n1. OM systems and resources domains have entries.\r\n2. Filter panel visibility and filter state.\r\n3. API response for the /api/command-view endpoint.\r\n\r\nFix:\r\n\r\n- Add systems and resources to the organization model.\r\n- Reveal resources or reset graph filters.\r\n\r\nMissing Nodes\r\n\r\nLikely causes:\r\n\r\n- Resource, action, or entity is defined in OM but omitted from the relevant domain map.\r\n- Node is hidden by visibility controls.\r\n- Status, resource type, or topology filters exclude the node.\r\n\r\nCheck:\r\n\r\n1. OM domain map includes the ID as a key and as id in the entry.\r\n2. Filter panel visibility and filter state.\r\n3. Node lifecycle or enabled field.\r\n\r\nFix by adding the entry to the correct domain map or revealing hidden nodes.\r\n\r\nMissing Edges\r\n\r\nLikely causes:\r\n\r\n- Action resourceId does not match any OM resource ID.\r\n- Entity ownedBySystemId references an unknown system.\r\n- Policy appliesTo references IDs that do not exist.\r\n- Knowledge node link uses a nodeId that has no matching OM node.\r\n\r\nCheck:\r\n\r\n1. Cross-reference IDs across OM domains.\r\n2. Run pnpm --filter @repo/core check-types to surface Zod validation errors.\r\n\r\nFix the OM entry to reference the correct ID.\r\n\r\nBest Practices\r\n\r\nKeep the OM up to date as systems and resources evolve:\r\n\r\n1. Add new resources to OM.resources with the correct systemPath.\r\n2. Map actions to resources via action.resourceId when the action calls a specific resource.\r\n3. Update entity.ownedBySystemId when entities move between systems.\r\n4. Update policy.appliesTo when systems, actions, or resources are renamed or removed.\r\n5. Declare resource.emits for workflows and agents that produce observable events.\r\n\r\nUse the OM graph as the authoritative reference for Command View structure. The graph builder derives the visualization from the OM contract -- do not expect Command View to show connections that are not declared in the OM.\r\n\r\nRelated References\r\n\r\n- /knowledge read knowledge.org-model-reference\r\n- /knowledge read knowledge.platform-composition-patterns\r\n- /knowledge read knowledge.platform-integration-patterns"
+    bodyText: "Overview\n\nCommand View is the visual surface for the Organization Model graph. It projects the OM -- systems, resources, actions, entities, events, and policies -- into an explorable graph using the same node and edge taxonomy emitted by buildOrganizationGraph().\n\nIt answers operational questions such as:\n\n- What systems own which resources?\n- What does this agent map to in the OM?\n- Which actions affect which entities?\n- If a resource goes offline, what policies or actions reference it?\n- What events originate from this entity or resource?\n\nAccess Command View through the Knowledge area at /knowledge/command-view.\n\nHow Command View Works\n\nCommand View is a projection of the Organization Model graph, not a separate deployment manifest.\n\nThe OM resources domain is the single source of resource identity. The actions domain is the invokable semantic layer. The systems domain is the backbone. Command View merges the graph emitted by buildOrganizationGraph() with optional live Command View data (deployed resource metadata) to render a unified operational picture.\n\nGraph projection pipeline:\n\n1. Organization Model is authored in packages/elevasis-core/src/organization-model/.\n2. buildOrganizationGraph() projects the OM into typed nodes and edges.\n3. Command View data (deployed resource metadata) is optionally merged as an overlay.\n4. The merged graph is serialized and cached.\n5. The frontend visualizes the cached graph.\n\nCommand View does not own resource identity. It reads what the OM declares.\n\nNode Kinds\n\nCommand View renders the same node kinds as the OM graph:\n\n| Kind           | Source         | Description                                                                |\n| -------------- | -------------- | -------------------------------------------------------------------------- |\n| organization | Root           | The organization-model root node                                           |\n| system       | OM.systems   | Bounded contexts with dotted IDs and parentSystemId hierarchy              |\n| role         | OM.roles     | Named roles with hierarchy and holder assignments                          |\n| action       | OM.actions   | Invokable operations with invocation type metadata                         |\n| entity       | OM.entities  | Business objects owned by systems                                          |\n| event        | Projected      | Derived from resource emits declarations and entity state catalogs       |\n| policy       | OM.policies  | Governance rules applied to systems, actions, resources, and roles         |\n| stage        | Projected      | Derived from prospecting stage catalogs                                    |\n| resource     | OM.resources | Workflows, agents, integrations, triggers, scripts, and external resources |\n| knowledge    | OM.knowledge | Knowledge nodes governed by systems                                        |\n\nThe resourceType overlay on resource nodes is a separate enum: workflow, agent, trigger, integration, external, humancheckpoint, script.\n\nEdge Kinds\n\n| Kind              | Meaning                                                                        |\n| ----------------- | ------------------------------------------------------------------------------ |\n| contains        | Parent-to-child containment (organization to system, system to resource, etc.) |\n| references      | Cross-reference between nodes (role reports-to, agent invokes action)          |\n| mapsto         | Action mapped to a resource implementation                                     |\n| uses            | System or stage uses an action                                                 |\n| governs         | Knowledge node or role governs a system or target                              |\n| links           | Entity links to another entity                                                 |\n| affects         | Action affects an entity                                                       |\n| emits           | Resource or entity emits an event                                              |\n| originatesfrom | Event originates from an entity                                                |\n| triggers        | Event or action triggers a policy                                              |\n| appliesto      | Policy applies to a system, action, resource, or role                          |\n| effects         | Policy effect invokes an action or notifies a role                             |\n\nVisualization Modes\n\nCommand View uses Cytoscape graph modes:\n\n- Map: preserves organization structure and honors hidden-resource visibility.\n- Trace: resolves directed paths and reveals resources for the active trace.\n- Impact: pivots around the selected node and reveals related resources for impact review.\n\nFilter panel:\n\n- Search across nodes, relationships, and IDs.\n- Filter by node kind, resource type, environment, topology presence, integrations, and resource facets.\n- Toggle resource visibility and diagnostic/testing resource visibility.\n- Show visible and hidden resource counts in the same control surface.\n\nHidden resource behavior:\n\n- Resource nodes are hidden by default so the organization structure remains readable.\n- Structural nodes remain visible as the navigation skeleton.\n- Selecting a visible node can reveal directly connected hidden resources.\n- Diagnostic and testing resources are hidden by default and can be revealed from the filter panel.\n\nExpand Around behavior:\n\n- Select a node, open Details, and use Expand Around to preview nearby graph context before revealing it.\n- Semantic presets cover coverage, operational dependencies, organization context, and impact paths.\n- System and entity nodes default to Coverage.\n- Resource nodes default to Operational Dependencies.\n- Preview counts show hidden resources before Apply reveals the graph patch.\n\nRead-only constraints:\n\n- No drag and drop.\n- No connection editing.\n- No graph mutation from the visualization layer.\n\nOrganization Model as the Source of Truth\n\nResource identity lives in OM.resources, not in a separate manifest. To add a resource to Command View:\n\n1. Add the resource to OM.resources in the organization model.\n2. Link it to a system via systemPath.\n3. Optionally link actions to the resource via action.resourceId.\n4. Deploy the organization model. Command View reflects the new resource automatically.\n\nThere is no separate DeploymentSpec.relationships declaration required for OM-declared resources. The graph builder derives containment and relationship edges directly from the OM contract.\n\nLive resource metadata (deployed name, description, runtime status) can be overlaid from Command View data when available, but the OM contract is primary.\n\nUsing Command View\n\nSystem Understanding\n\nUseful exploration questions:\n\n- What systems own which resources and entities?\n- What actions does this system expose, and what do they map to?\n- Which knowledge nodes govern this system?\n- What policies apply to this system?\n- What events originate from this entity?\n- What roles are responsible for this system?\n\nVisual patterns:\n\n- Hub nodes with many edges indicate central resources or pivotal systems.\n- Linear chains show sequential workflow pipelines.\n- Branching shows conditional routing or multiple action paths.\n- Isolated nodes may indicate unused or draft resources.\n\nManifest Debugging\n\nUse Command View to verify:\n\n1. Resources appear as nodes under the correct system.\n2. Actions map to the expected resources.\n3. Entities link to the correct systems and each other.\n4. Policies apply to the correct systems, actions, or resources.\n5. Events appear for resources with emits declarations.\n6. Orphaned resources are intentional.\n\nCommon issues:\n\n- Resource declared in OM but assigned to the wrong systemPath.\n- Action resourceId points to a resource ID that does not exist.\n- Entity ownedBySystemId references an unknown system.\n- Policy appliesTo references a system, action, or resource that was removed.\n\nTroubleshooting\n\nEmpty Graph\n\nLikely causes:\n\n- Organization has no systems or resources defined.\n- Search, node kind, or resource type filters hide all graph elements.\n- Command View resources are hidden and no structural nodes match current filters.\n\nCheck:\n\n1. OM systems and resources domains have entries.\n2. Filter panel visibility and filter state.\n3. API response for the /api/command-view endpoint.\n\nFix:\n\n- Add systems and resources to the organization model.\n- Reveal resources or reset graph filters.\n\nMissing Nodes\n\nLikely causes:\n\n- Resource, action, or entity is defined in OM but omitted from the relevant domain map.\n- Node is hidden by visibility controls.\n- Status, resource type, or topology filters exclude the node.\n\nCheck:\n\n1. OM domain map includes the ID as a key and as id in the entry.\n2. Filter panel visibility and filter state.\n3. Node lifecycle or enabled field.\n\nFix by adding the entry to the correct domain map or revealing hidden nodes.\n\nMissing Edges\n\nLikely causes:\n\n- Action resourceId does not match any OM resource ID.\n- Entity ownedBySystemId references an unknown system.\n- Policy appliesTo references IDs that do not exist.\n- Knowledge node link uses a nodeId that has no matching OM node.\n\nCheck:\n\n1. Cross-reference IDs across OM domains.\n2. Run pnpm --filter @repo/core check-types to surface Zod validation errors.\n\nFix the OM entry to reference the correct ID.\n\nBest Practices\n\nKeep the OM up to date as systems and resources evolve:\n\n1. Add new resources to OM.resources with the correct systemPath.\n2. Map actions to resources via action.resourceId when the action calls a specific resource.\n3. Update entity.ownedBySystemId when entities move between systems.\n4. Update policy.appliesTo when systems, actions, or resources are renamed or removed.\n5. Declare resource.emits for workflows and agents that produce observable events.\n\nUse the OM graph as the authoritative reference for Command View structure. The graph builder derives the visualization from the OM contract -- do not expect Command View to show connections that are not declared in the OM.\n\nRelated References\n\n- /knowledge read knowledge.org-model-reference\n- /knowledge read knowledge.platform-composition-patterns\n- /knowledge read knowledge.platform-integration-patterns"
   },
   {
     id: "knowledge.platform-composition-patterns",
     title: "Platform Composition Patterns",
     summary: "Reference for composing agents, workflows, integrations, tools, observability, scaling, error handling, and security into complete Elevasis automation systems.",
-    bodyText: "Overview\r\n\r\nUse this reference to choose how Elevasis resources compose into complete systems. The core decision is whether reasoning, deterministic orchestration, or a hybrid of both should own the business flow.\r\n\r\nThree primary patterns exist:\r\n\r\n- Agent-centric: an agent is the primary orchestrator, and workflows or integrations are tools.\r\n- Workflow-centric: a workflow is the deterministic pipeline, and agents appear only as processing steps.\r\n- Hybrid: agents decide what should happen, and workflows execute reliable sequences.\r\n\r\nSystem Architecture Patterns\r\n\r\nAgent-Centric Systems\r\n\r\nPattern: Agent is the primary orchestrator; workflows and integrations are tools.\r\n\r\ntext\r\nTrigger to Agent\r\n           |- Tool: Integration A\r\n           |- Tool: Integration B\r\n           |- Tool: Workflow 1 via resource invocation\r\n           - Tool: Workflow 2 via resource invocation\r\n\r\n\r\nUse this pattern for ambiguous goals, dynamic decision-making, multi-turn conversations, and business logic that requires judgment.\r\n\r\nStrengths:\r\n\r\n- Flexible and adaptive.\r\n- Handles ambiguity well.\r\n- Can delegate to specialist resources.\r\n- Supports natural language interaction.\r\n\r\nWeaknesses:\r\n\r\n- Token cost per execution.\r\n- Non-deterministic LLM variance.\r\n- Requires strong observability for debugging.\r\n- Usually slower than deterministic workflows.\r\n\r\nWorkflow-Centric Systems\r\n\r\nPattern: Workflow is the pipeline; agents are processing steps.\r\n\r\ntext\r\nTrigger to Workflow\r\n           |- Step 1: Integration A reads data\r\n           |- Step 2: Agent processes or reasons\r\n           |- Step 3: Integration B writes result\r\n           - Step 4: Conditional routing\r\n\r\n\r\nUse this pattern for predictable sequences, data transformation pipelines, integration orchestration, and fixed business logic.\r\n\r\nStrengths:\r\n\r\n- Deterministic and reliable.\r\n- Fast execution.\r\n- Easy to debug step-by-step.\r\n- No token cost unless an agent step is included.\r\n\r\nWeaknesses:\r\n\r\n- Rigid, because steps are predefined.\r\n- Does not handle ambiguity well.\r\n- Requires code changes for logic updates.\r\n\r\nHybrid Systems\r\n\r\nPattern: Agents decide, workflows execute. This is the recommended default for complex automation.\r\n\r\ntext\r\nTrigger to Agent decides what to do\r\n           |- Invokes: Workflow A\r\n           |- Invokes: Workflow B\r\n           - Uses: Integration C directly\r\n\r\nWorkflow A:\r\n  |- Integration D reads\r\n  |- Agent processes a specific subtask\r\n  - Integration E writes\r\n\r\n\r\nUse this pattern when the system needs variable paths, reasoning, reliability, and a mix of predictable and unpredictable steps.\r\n\r\nStrengths:\r\n\r\n- Flexible where needed and reliable where possible.\r\n- Cost-efficient because workflows do not use tokens by default.\r\n- Good observability across agent reasoning and workflow steps.\r\n\r\nResource Composition Patterns\r\n\r\nAgent + Tools\r\n\r\nUse direct integration access for simple or frequent operations.\r\n\r\nTool categories:\r\n\r\n- Base tools: always available, high-frequency operations such as read queries or cached data access. Example: attiogetrecord.\r\n- Knowledge Map tools: lazy-loaded, low-frequency operations such as write operations or domain-specific capabilities. Examples: attiocreatecontact, dropboxuploadfile.\r\n- Resource invocation tools: delegate to workflows for deterministic sequences or call specialist agents.\r\n\r\nTool creation example:\r\n\r\ntypescript\r\nconst tool = createAttioCreateRecordTool('elevasis-attio')\r\n\r\n\r\nCredential names resolve to organization-scoped storage. RLS policies enforce organization isolation, credentials are encrypted at rest, and OAuth tokens can refresh automatically.\r\n\r\nAgent + Workflow\r\n\r\nUse an agent for reasoning and a workflow for deterministic execution.\r\n\r\ntext\r\nTrigger to Agent reasoning\r\n          |- Direct tool: read integration\r\n          |- Invoke tool: Workflow A\r\n          - Invoke tool: Workflow B\r\n\r\n\r\nExecution flow:\r\n\r\n1. Agent analyzes the request.\r\n2. Agent invokes a workflow through a tool call.\r\n3. Workflow executes deterministic steps without token cost.\r\n4. Agent explains the result to the user.\r\n\r\nUse this pattern when the system needs both reasoning and reliability, has multiple execution paths, or should minimize token use by moving predictable work into workflows.\r\n\r\nWorkflow + Integration\r\n\r\nUse a workflow to orchestrate deterministic integration sequences.\r\n\r\ntext\r\nTrigger to Workflow\r\n          |- Step 1: Integration A reads\r\n          |- Step 2: Transform pure function\r\n          |- Step 3: Integration B writes\r\n          - Step 4: Notify\r\n\r\n\r\nUse this pattern for predictable step sequences, data transformation pipelines, integration orchestration, and cost-sensitive work that does not need LLM reasoning.\r\n\r\nPattern Selection Guide\r\n\r\n| Requirement | Pattern | Example |\r\n| --- | --- | --- |\r\n| Ambiguous goals | Agent-centric | Business orchestration with variable outcomes |\r\n| Predictable sequence | Workflow-centric | Shopify to CRM sync |\r\n| Hybrid needs | Agent + workflow | Support router where agent decides and workflow executes |\r\n| \\>10 tools | Knowledge Map | Agent with many domain capabilities |\r\n| High-frequency reads | Base tools | Attio read operations |\r\n| Low-frequency writes | Lazy-loaded tools | CRM updates or page creation |\r\n| External services | Integration tools | Attio, Gmail, Google Sheets |\r\n| Deterministic pipelines | Workflow + integration | Data transformation |\r\n\r\nComplexity guidelines:\r\n\r\n- Simple, 1-2 resources: agent with base tools, or workflow with 1-2 integrations.\r\n- Medium, 3-5 resources: agent plus Knowledge Map with 2-3 nodes, or workflow plus an agent step.\r\n- Complex, 6+ resources: agent plus Knowledge Map plus memory preload, or multi-integration workflows.\r\n\r\nCross-Cutting Concerns\r\n\r\nObservability\r\n\r\nTrack these surfaces:\r\n\r\n- Agent iterations, including reasoning and actions.\r\n- Workflow steps, including inputs and outputs.\r\n- Tool calls, including integration requests and responses.\r\n- Errors and retries.\r\n- Token usage and cost.\r\n\r\nPrimary tools:\r\n\r\n- Execution Logs for SSE-based debugging.\r\n- Activity Log for the real-time stream.\r\n- Execution Health for cost tracking and ROI review.\r\n- Command View for system architecture and dependency review.\r\n\r\nCost Tracking\r\n\r\nAgent cost comes from per-iteration token usage, model pricing, and tool execution cost. Workflow cost is usually zero token cost plus any external integration API fees.\r\n\r\nOptimization rules:\r\n\r\n- Use workflows for predictable tasks.\r\n- Lazy-load tools for 80-95% token savings.\r\n- Cache frequently accessed stable data.\r\n- Choose the appropriate model per task.\r\n\r\nScaling Strategies\r\n\r\nHorizontal scaling:\r\n\r\n- Keep agent execution stateless.\r\n- Store sessions in the database.\r\n- Let a load balancer distribute requests.\r\n\r\nVertical optimization:\r\n\r\n- Preload memory to reduce iteration count.\r\n- Lazy-load tools to reduce token usage.\r\n- Batch tool operations where possible.\r\n- Use parallel integration calls when the steps are independent.\r\n\r\nError Handling\r\n\r\nAgent error handling:\r\n\r\n- Tool errors are returned to the agent so it can reason about recovery.\r\n- Iteration limits prevent infinite loops.\r\n- Timeout protection constrains long-running tools and executions.\r\n- Graceful degradation explains what failed.\r\n\r\nWorkflow error handling:\r\n\r\n- Step retry logic uses exponential backoff, commonly 1, 4, and 9 minutes.\r\n- Conditional routing can send failures to an alternative step.\r\n- Manual intervention can route work to a human checkpoint.\r\n- Idempotent steps should be safe to retry.\r\n\r\nExample:\r\n\r\ntypescript\r\n{\r\n  id: 'sync-to-crm',\r\n  handler: async ({ input, context }) => {\r\n    try {\r\n      return await crmClient.createContact(input)\r\n    } catch (error) {\r\n      if (error.code === 'DUPLICATE') {\r\n        return crmClient.updateContact(input)\r\n      }\r\n\r\n      throw error\r\n    }\r\n  },\r\n  next: { type: 'linear', target: 'send-notification' }\r\n}\r\n\r\n\r\nSecurity\r\n\r\nCredential management:\r\n\r\n- Store credentials in the credentials table.\r\n- Encrypt values at rest.\r\n- Scope records by organization with RLS policies.\r\n- Refresh OAuth tokens automatically where supported.\r\n- Never store API keys in code.\r\n\r\nMulti-tenancy isolation layers:\r\n\r\n1. Database RLS on tenant-scoped tables.\r\n2. API middleware that requires organization context.\r\n3. Resource registry lookups scoped to the organization.\r\n4. Command View filtered by organization.\r\n\r\nBest Practices\r\n\r\n1. Start with a single agent or workflow, then add complexity only when needed.\r\n2. Build the working version before optimizing for caching or lazy loading.\r\n3. Put domain logic in agents and execution flow in workflows.\r\n4. Lazy-load large or low-frequency tool groups.\r\n5. Cache stable data, not fast-changing operational state.\r\n\r\nCommon mistakes:\r\n\r\n- Creating a Knowledge Map for fewer than five tools.\r\n- Using a workflow for one integration call when an agent tool would be simpler.\r\n- Loading more than ten tools as base tools.\r\n- Putting domain logic into workflows where it becomes hard to test and adapt.\r\n- Mixing unrelated concerns in one knowledge node.\r\n\r\nRelated References\r\n\r\n- /knowledge read knowledge.platform-integration-patterns\r\n- /knowledge read knowledge.platform-command-view"
+    bodyText: "Overview\n\nUse this reference to choose how Elevasis resources compose into complete systems. The core decision is whether reasoning, deterministic orchestration, or a hybrid of both should own the business flow.\n\nThree primary patterns exist:\n\n- Agent-centric: an agent is the primary orchestrator, and workflows or integrations are tools.\n- Workflow-centric: a workflow is the deterministic pipeline, and agents appear only as processing steps.\n- Hybrid: agents decide what should happen, and workflows execute reliable sequences.\n\nSystem Architecture Patterns\n\nAgent-Centric Systems\n\nPattern: Agent is the primary orchestrator; workflows and integrations are tools.\n\ntext\nTrigger to Agent\n           |- Tool: Integration A\n           |- Tool: Integration B\n           |- Tool: Workflow 1 via resource invocation\n           - Tool: Workflow 2 via resource invocation\n\nUse this pattern for ambiguous goals, dynamic decision-making, multi-turn conversations, and business logic that requires judgment.\n\nStrengths:\n\n- Flexible and adaptive.\n- Handles ambiguity well.\n- Can delegate to specialist resources.\n- Supports natural language interaction.\n\nWeaknesses:\n\n- Token cost per execution.\n- Non-deterministic LLM variance.\n- Requires strong observability for debugging.\n- Usually slower than deterministic workflows.\n\nWorkflow-Centric Systems\n\nPattern: Workflow is the pipeline; agents are processing steps.\n\ntext\nTrigger to Workflow\n           |- Step 1: Integration A reads data\n           |- Step 2: Agent processes or reasons\n           |- Step 3: Integration B writes result\n           - Step 4: Conditional routing\n\nUse this pattern for predictable sequences, data transformation pipelines, integration orchestration, and fixed business logic.\n\nStrengths:\n\n- Deterministic and reliable.\n- Fast execution.\n- Easy to debug step-by-step.\n- No token cost unless an agent step is included.\n\nWeaknesses:\n\n- Rigid, because steps are predefined.\n- Does not handle ambiguity well.\n- Requires code changes for logic updates.\n\nHybrid Systems\n\nPattern: Agents decide, workflows execute. This is the recommended default for complex automation.\n\ntext\nTrigger to Agent decides what to do\n           |- Invokes: Workflow A\n           |- Invokes: Workflow B\n           - Uses: Integration C directly\n\nWorkflow A:\n  |- Integration D reads\n  |- Agent processes a specific subtask\n  - Integration E writes\n\nUse this pattern when the system needs variable paths, reasoning, reliability, and a mix of predictable and unpredictable steps.\n\nStrengths:\n\n- Flexible where needed and reliable where possible.\n- Cost-efficient because workflows do not use tokens by default.\n- Good observability across agent reasoning and workflow steps.\n\nResource Composition Patterns\n\nAgent + Tools\n\nUse direct integration access for simple or frequent operations.\n\nTool categories:\n\n- Base tools: always available, high-frequency operations such as read queries or cached data access. Example: attiogetrecord.\n- Knowledge Map tools: lazy-loaded, low-frequency operations such as write operations or domain-specific capabilities. Examples: attiocreatecontact, dropboxuploadfile.\n- Resource invocation tools: delegate to workflows for deterministic sequences or call specialist agents.\n\nTool creation example:\n\ntypescript\nconst tool = createAttioCreateRecordTool('elevasis-attio')\n\nCredential names resolve to organization-scoped storage. RLS policies enforce organization isolation, credentials are encrypted at rest, and OAuth tokens can refresh automatically.\n\nAgent + Workflow\n\nUse an agent for reasoning and a workflow for deterministic execution.\n\ntext\nTrigger to Agent reasoning\n          |- Direct tool: read integration\n          |- Invoke tool: Workflow A\n          - Invoke tool: Workflow B\n\nExecution flow:\n\n1. Agent analyzes the request.\n2. Agent invokes a workflow through a tool call.\n3. Workflow executes deterministic steps without token cost.\n4. Agent explains the result to the user.\n\nUse this pattern when the system needs both reasoning and reliability, has multiple execution paths, or should minimize token use by moving predictable work into workflows.\n\nWorkflow + Integration\n\nUse a workflow to orchestrate deterministic integration sequences.\n\ntext\nTrigger to Workflow\n          |- Step 1: Integration A reads\n          |- Step 2: Transform pure function\n          |- Step 3: Integration B writes\n          - Step 4: Notify\n\nUse this pattern for predictable step sequences, data transformation pipelines, integration orchestration, and cost-sensitive work that does not need LLM reasoning.\n\nPattern Selection Guide\n\n| Requirement | Pattern | Example |\n| --- | --- | --- |\n| Ambiguous goals | Agent-centric | Business orchestration with variable outcomes |\n| Predictable sequence | Workflow-centric | Shopify to CRM sync |\n| Hybrid needs | Agent + workflow | Support router where agent decides and workflow executes |\n| \\>10 tools | Knowledge Map | Agent with many domain capabilities |\n| High-frequency reads | Base tools | Attio read operations |\n| Low-frequency writes | Lazy-loaded tools | CRM updates or page creation |\n| External services | Integration tools | Attio, Gmail, Google Sheets |\n| Deterministic pipelines | Workflow + integration | Data transformation |\n\nComplexity guidelines:\n\n- Simple, 1-2 resources: agent with base tools, or workflow with 1-2 integrations.\n- Medium, 3-5 resources: agent plus Knowledge Map with 2-3 nodes, or workflow plus an agent step.\n- Complex, 6+ resources: agent plus Knowledge Map plus memory preload, or multi-integration workflows.\n\nCross-Cutting Concerns\n\nObservability\n\nTrack these surfaces:\n\n- Agent iterations, including reasoning and actions.\n- Workflow steps, including inputs and outputs.\n- Tool calls, including integration requests and responses.\n- Errors and retries.\n- Token usage and cost.\n\nPrimary tools:\n\n- Execution Logs for SSE-based debugging.\n- Activity Log for the real-time stream.\n- Execution Health for cost tracking and ROI review.\n- Command View for system architecture and dependency review.\n\nCost Tracking\n\nAgent cost comes from per-iteration token usage, model pricing, and tool execution cost. Workflow cost is usually zero token cost plus any external integration API fees.\n\nOptimization rules:\n\n- Use workflows for predictable tasks.\n- Lazy-load tools for 80-95% token savings.\n- Cache frequently accessed stable data.\n- Choose the appropriate model per task.\n\nScaling Strategies\n\nHorizontal scaling:\n\n- Keep agent execution stateless.\n- Store sessions in the database.\n- Let a load balancer distribute requests.\n\nVertical optimization:\n\n- Preload memory to reduce iteration count.\n- Lazy-load tools to reduce token usage.\n- Batch tool operations where possible.\n- Use parallel integration calls when the steps are independent.\n\nError Handling\n\nAgent error handling:\n\n- Tool errors are returned to the agent so it can reason about recovery.\n- Iteration limits prevent infinite loops.\n- Timeout protection constrains long-running tools and executions.\n- Graceful degradation explains what failed.\n\nWorkflow error handling:\n\n- Step retry logic uses exponential backoff, commonly 1, 4, and 9 minutes.\n- Conditional routing can send failures to an alternative step.\n- Manual intervention can route work to a human checkpoint.\n- Idempotent steps should be safe to retry.\n\nExample:\n\ntypescript\n{\n  id: 'sync-to-crm',\n  handler: async ({ input, context }) => {\n    try {\n      return await crmClient.createContact(input)\n    } catch (error) {\n      if (error.code === 'DUPLICATE') {\n        return crmClient.updateContact(input)\n      }\n\n      throw error\n    }\n  },\n  next: { type: 'linear', target: 'send-notification' }\n}\n\nSecurity\n\nCredential management:\n\n- Store credentials in the credentials table.\n- Encrypt values at rest.\n- Scope records by organization with RLS policies.\n- Refresh OAuth tokens automatically where supported.\n- Never store API keys in code.\n\nMulti-tenancy isolation layers:\n\n1. Database RLS on tenant-scoped tables.\n2. API middleware that requires organization context.\n3. Resource registry lookups scoped to the organization.\n4. Command View filtered by organization.\n\nBest Practices\n\n1. Start with a single agent or workflow, then add complexity only when needed.\n2. Build the working version before optimizing for caching or lazy loading.\n3. Put domain logic in agents and execution flow in workflows.\n4. Lazy-load large or low-frequency tool groups.\n5. Cache stable data, not fast-changing operational state.\n\nCommon mistakes:\n\n- Creating a Knowledge Map for fewer than five tools.\n- Using a workflow for one integration call when an agent tool would be simpler.\n- Loading more than ten tools as base tools.\n- Putting domain logic into workflows where it becomes hard to test and adapt.\n- Mixing unrelated concerns in one knowledge node.\n\nRelated References\n\n- /knowledge read knowledge.platform-integration-patterns\n- /knowledge read knowledge.platform-command-view"
   },
   {
     id: "knowledge.platform-integration-patterns",
     title: "Platform Integration Patterns",
     summary: "Reference for connecting Elevasis agents and workflows to external services through adapters, OAuth, API keys, tenant-isolated credentials, retries, and tests.",
-    bodyText: "Overview\r\n\r\nIntegration patterns define how Elevasis agents and workflows connect to external services such as Gmail, Attio, Google Sheets, and custom APIs. The platform uses a standardized adapter pattern with OAuth 2.0 and API key authentication backed by tenant-isolated credentials.\r\n\r\nCore patterns:\r\n\r\n- Direct integration, where a resource uses integration tools directly.\r\n- Integration workflow, where a workflow coordinates multiple integrations.\r\n- Shared integration, where multiple resources use the same credential set.\r\n- Multi-account integration, where the same provider has separate credentials for different contexts.\r\n\r\nDirect Integration Pattern\r\n\r\nPattern: Resource uses an integration tool.\r\n\r\nUse direct integration tools when an agent or workflow performs frequent operations against a provider.\r\n\r\nCharacteristics:\r\n\r\n- Tools are always available to the resource.\r\n- There is no additional navigation overhead.\r\n- The pattern is optimized for frequent read-heavy operations.\r\n\r\nTool factory location:\r\n\r\ntext\r\npackages/core/src/execution/engine/tools/integration/server/adapters/{provider}/{provider}-tools.ts\r\n\r\n\r\nTool factories use createIntegrationTool() with a credentialName parameter. Example: createAttioCreateRecordTool(credentialName).\r\n\r\nIntegration Workflow Pattern\r\n\r\nPattern: Agent invokes a workflow, and the workflow uses integrations.\r\n\r\nUse an integration workflow for complex multi-step operations that need deterministic orchestration.\r\n\r\nExample lead capture flow:\r\n\r\n1. Webhook trigger receives the event.\r\n2. Workflow creates an Attio contact.\r\n3. Workflow sends a Gmail notification.\r\n4. Workflow returns confirmation.\r\n\r\nCharacteristics:\r\n\r\n- Deterministic execution order.\r\n- Step-level error handling and retry.\r\n- Multiple integrations coordinated in one place.\r\n- Built-in audit trail through workflow execution.\r\n\r\nShared Integration Pattern\r\n\r\nPattern: Multiple resources share the same integration.\r\n\r\nUse shared integrations for organization-wide providers that should use one credential set.\r\n\r\nExample:\r\n\r\ntext\r\npackages/elevasis-operations/src/index.ts\r\n\r\n\r\nCharacteristics:\r\n\r\n- One credential per integration.\r\n- Centralized credential management.\r\n- Shared across agents and workflows.\r\n\r\nMulti-Account Pattern\r\n\r\nPattern: Same provider, different credentials.\r\n\r\nUse this pattern for department-specific provider instances or separate dev/prod environments.\r\n\r\nExample:\r\n\r\ntypescript\r\nconst salesTool = createAttioCreateRecordTool('attio-sales')\r\nconst supportTool = createAttioCreateRecordTool('attio-support')\r\n\r\n\r\nDisambiguate multi-account tools with explicit tool names:\r\n\r\ntypescript\r\nconst tool = createAttioToolNamed(\r\n  'attiosalescreaterecord',\r\n  'attio-sales',\r\n  'createRecord'\r\n)\r\n\r\n\r\nAuthentication Patterns\r\n\r\nOAuth 2.0 vs API Key\r\n\r\n| Aspect | OAuth 2.0 | API key |\r\n| --- | --- | --- |\r\n| Auth flow | Browser redirect plus token exchange | Direct API key |\r\n| Setup complexity | High: client ID, secret, redirect URL | Low: single API key |\r\n| Token refresh | Automatic refresh token rotation | Manual key rotation |\r\n| Scope control | Granular permission scopes | Full access or none |\r\n| User context | Per-user authorization | Service-level access |\r\n| Revocation | User can revoke anytime | Manual key deletion |\r\n\r\nOAuth 2.0 Pattern\r\n\r\nProviders include Gmail and Google Sheets.\r\n\r\nCredential format:\r\n\r\ntypescript\r\ninterface OAuthToken {\r\n  provider: string\r\n  accessToken: string\r\n  refreshToken: string\r\n  expiresAt: string\r\n  tokenType: 'Bearer'\r\n  scope?: string\r\n}\r\n\r\n\r\nexpiresAt is an ISO 8601 timestamp. The platform handles token refresh when supported by the provider and credential implementation.\r\n\r\nAPI Key Pattern\r\n\r\nProviders include Attio and custom APIs.\r\n\r\nCredential format:\r\n\r\ntypescript\r\ninterface APIKeyCredentials {\r\n  apiKey: string\r\n}\r\n\r\n\r\nProvider-specific validation belongs in the adapter. For Attio, see:\r\n\r\ntext\r\npackages/core/src/execution/engine/tools/integration/server/adapters/attio/attio-adapter.ts\r\n\r\n\r\nCredential Management\r\n\r\nCredentials are stored in the credentials table.\r\n\r\nKey columns:\r\n\r\n- organizationid for tenant isolation.\r\n- name, such as elevasis-attio.\r\n- provider, such as gmail or attio.\r\n- encryptedvalue containing encrypted JSON.\r\n\r\nSecurity rules:\r\n\r\n- RLS policies enforce tenant isolation.\r\n- Values are encrypted at rest.\r\n- Credentials do not cross organization boundaries.\r\n\r\nBest practices:\r\n\r\n- Store credentials encrypted in the database.\r\n- Use tenant-isolated credential names.\r\n- Validate credentials before API calls.\r\n- Rotate API keys regularly.\r\n- Use least-privilege OAuth scopes.\r\n\r\nDo not:\r\n\r\n- Hardcode credentials in code.\r\n- Share credentials across organizations.\r\n- Log credential values.\r\n- Store provider API keys in environment variables for tenant integrations.\r\n- Reuse the same credential name for dev and prod.\r\n\r\nCredential resolution flow:\r\n\r\n1. Tool requests a credential by name.\r\n2. Platform queries credentials with the current organizationid.\r\n3. Platform decrypts the credential.\r\n4. Adapter validates the credential against the provider schema.\r\n5. Tool passes the credential to the provider adapter.\r\n6. Usage is logged without credential values.\r\n\r\nImplementation reference:\r\n\r\ntext\r\npackages/core/src/execution/engine/tools/integration/tool.ts\r\n\r\n\r\nError Handling Patterns\r\n\r\nAdapters should convert provider errors into platform tooling errors.\r\n\r\nCommon error categories:\r\n\r\n- credentialsinvalid for invalid or missing credentials.\r\n- apierror for provider API errors.\r\n- networkerror for network or timeout failures.\r\n- validationerror for invalid parameters.\r\n- methodnotfound for unknown adapter methods.\r\n\r\nRetry strategy:\r\n\r\n- Network errors: retry with exponential backoff, commonly 1, 2, and 4 seconds.\r\n- Auth errors: fail immediately because the credential needs attention.\r\n- Validation errors: fail immediately because the input needs correction.\r\n- Rate limits: retry after reset when the provider exposes a reset time.\r\n- Workflow-level retries: commonly 3 attempts with 1, 4, and 9 minute delays.\r\n\r\nAdapter Development\r\n\r\nAdapter class location:\r\n\r\ntext\r\npackages/core/src/execution/engine/tools/integration/server/adapters/{provider}/{provider}-adapter.ts\r\n\r\n\r\nAdapter classes implement BaseIntegrationAdapter and contain call() and validateCredentials() methods.\r\n\r\nTool factory location:\r\n\r\ntext\r\npackages/core/src/execution/engine/tools/integration/server/adapters/{provider}/{provider}-tools.ts\r\n\r\n\r\nTool factories export create{Provider}{Operation}Tool(credentialName) functions.\r\n\r\nTests belong under:\r\n\r\ntext\r\npackages/core/src/execution/engine/tools/integration/server/adapters/{provider}/tests/\r\n\r\n\r\nRegistration happens in:\r\n\r\ntext\r\npackages/core/src/execution/engine/tools/integration/server/index.ts\r\n\r\n\r\nTesting Strategies\r\n\r\nUnit testing:\r\n\r\n- Mock external APIs.\r\n- Cover credential validation.\r\n- Cover API call construction.\r\n- Cover response parsing.\r\n- Cover error handling.\r\n\r\nIntegration testing:\r\n\r\n- Use real API calls only with test accounts or test workspaces.\r\n- Clean up test data after tests.\r\n- Run in CI only when secret credentials are available.\r\n- Keep provider behavior mocked in unit tests.\r\n\r\nAgent testing:\r\n\r\n- Test agents using integration tools at the resource boundary.\r\n- Tenant project agent tests normally live under external/{org}/src/agents/{agent}/tests/.\r\n\r\nRelated References\r\n\r\n- /knowledge read knowledge.platform-composition-patterns\r\n- /knowledge read knowledge.platform-command-view\r\n- /knowledge read knowledge.platform-systems-overview"
+    bodyText: "Overview\n\nIntegration patterns define how Elevasis agents and workflows connect to external services such as Gmail, Attio, Google Sheets, and custom APIs. The platform uses a standardized adapter pattern with OAuth 2.0 and API key authentication backed by tenant-isolated credentials.\n\nCore patterns:\n\n- Direct integration, where a resource uses integration tools directly.\n- Integration workflow, where a workflow coordinates multiple integrations.\n- Shared integration, where multiple resources use the same credential set.\n- Multi-account integration, where the same provider has separate credentials for different contexts.\n\nDirect Integration Pattern\n\nPattern: Resource uses an integration tool.\n\nUse direct integration tools when an agent or workflow performs frequent operations against a provider.\n\nCharacteristics:\n\n- Tools are always available to the resource.\n- There is no additional navigation overhead.\n- The pattern is optimized for frequent read-heavy operations.\n\nTool factory location:\n\ntext\npackages/core/src/execution/engine/tools/integration/server/adapters/{provider}/{provider}-tools.ts\n\nTool factories use createIntegrationTool() with a credentialName parameter. Example: createAttioCreateRecordTool(credentialName).\n\nIntegration Workflow Pattern\n\nPattern: Agent invokes a workflow, and the workflow uses integrations.\n\nUse an integration workflow for complex multi-step operations that need deterministic orchestration.\n\nExample lead capture flow:\n\n1. Webhook trigger receives the event.\n2. Workflow creates an Attio contact.\n3. Workflow sends a Gmail notification.\n4. Workflow returns confirmation.\n\nCharacteristics:\n\n- Deterministic execution order.\n- Step-level error handling and retry.\n- Multiple integrations coordinated in one place.\n- Built-in audit trail through workflow execution.\n\nShared Integration Pattern\n\nPattern: Multiple resources share the same integration.\n\nUse shared integrations for organization-wide providers that should use one credential set.\n\nExample:\n\ntext\npackages/elevasis-operations/src/index.ts\n\nCharacteristics:\n\n- One credential per integration.\n- Centralized credential management.\n- Shared across agents and workflows.\n\nMulti-Account Pattern\n\nPattern: Same provider, different credentials.\n\nUse this pattern for department-specific provider instances or separate dev/prod environments.\n\nExample:\n\ntypescript\nconst salesTool = createAttioCreateRecordTool('attio-sales')\nconst supportTool = createAttioCreateRecordTool('attio-support')\n\nDisambiguate multi-account tools with explicit tool names:\n\ntypescript\nconst tool = createAttioToolNamed(\n  'attiosalescreaterecord',\n  'attio-sales',\n  'createRecord'\n)\n\nAuthentication Patterns\n\nOAuth 2.0 vs API Key\n\n| Aspect | OAuth 2.0 | API key |\n| --- | --- | --- |\n| Auth flow | Browser redirect plus token exchange | Direct API key |\n| Setup complexity | High: client ID, secret, redirect URL | Low: single API key |\n| Token refresh | Automatic refresh token rotation | Manual key rotation |\n| Scope control | Granular permission scopes | Full access or none |\n| User context | Per-user authorization | Service-level access |\n| Revocation | User can revoke anytime | Manual key deletion |\n\nOAuth 2.0 Pattern\n\nProviders include Gmail and Google Sheets.\n\nCredential format:\n\ntypescript\ninterface OAuthToken {\n  provider: string\n  accessToken: string\n  refreshToken: string\n  expiresAt: string\n  tokenType: 'Bearer'\n  scope?: string\n}\n\nexpiresAt is an ISO 8601 timestamp. The platform handles token refresh when supported by the provider and credential implementation.\n\nAPI Key Pattern\n\nProviders include Attio and custom APIs.\n\nCredential format:\n\ntypescript\ninterface APIKeyCredentials {\n  apiKey: string\n}\n\nProvider-specific validation belongs in the adapter. For Attio, see:\n\ntext\npackages/core/src/execution/engine/tools/integration/server/adapters/attio/attio-adapter.ts\n\nCredential Management\n\nCredentials are stored in the credentials table.\n\nKey columns:\n\n- organizationid for tenant isolation.\n- name, such as elevasis-attio.\n- provider, such as gmail or attio.\n- encryptedvalue containing encrypted JSON.\n\nSecurity rules:\n\n- RLS policies enforce tenant isolation.\n- Values are encrypted at rest.\n- Credentials do not cross organization boundaries.\n\nBest practices:\n\n- Store credentials encrypted in the database.\n- Use tenant-isolated credential names.\n- Validate credentials before API calls.\n- Rotate API keys regularly.\n- Use least-privilege OAuth scopes.\n\nDo not:\n\n- Hardcode credentials in code.\n- Share credentials across organizations.\n- Log credential values.\n- Store provider API keys in environment variables for tenant integrations.\n- Reuse the same credential name for dev and prod.\n\nCredential resolution flow:\n\n1. Tool requests a credential by name.\n2. Platform queries credentials with the current organizationid.\n3. Platform decrypts the credential.\n4. Adapter validates the credential against the provider schema.\n5. Tool passes the credential to the provider adapter.\n6. Usage is logged without credential values.\n\nImplementation reference:\n\ntext\npackages/core/src/execution/engine/tools/integration/tool.ts\n\nError Handling Patterns\n\nAdapters should convert provider errors into platform tooling errors.\n\nCommon error categories:\n\n- credentialsinvalid for invalid or missing credentials.\n- apierror for provider API errors.\n- networkerror for network or timeout failures.\n- validationerror for invalid parameters.\n- methodnotfound for unknown adapter methods.\n\nRetry strategy:\n\n- Network errors: retry with exponential backoff, commonly 1, 2, and 4 seconds.\n- Auth errors: fail immediately because the credential needs attention.\n- Validation errors: fail immediately because the input needs correction.\n- Rate limits: retry after reset when the provider exposes a reset time.\n- Workflow-level retries: commonly 3 attempts with 1, 4, and 9 minute delays.\n\nAdapter Development\n\nAdapter class location:\n\ntext\npackages/core/src/execution/engine/tools/integration/server/adapters/{provider}/{provider}-adapter.ts\n\nAdapter classes implement BaseIntegrationAdapter and contain call() and validateCredentials() methods.\n\nTool factory location:\n\ntext\npackages/core/src/execution/engine/tools/integration/server/adapters/{provider}/{provider}-tools.ts\n\nTool factories export create{Provider}{Operation}Tool(credentialName) functions.\n\nTests belong under:\n\ntext\npackages/core/src/execution/engine/tools/integration/server/adapters/{provider}/tests/\n\nRegistration happens in:\n\ntext\npackages/core/src/execution/engine/tools/integration/server/index.ts\n\nTesting Strategies\n\nUnit testing:\n\n- Mock external APIs.\n- Cover credential validation.\n- Cover API call construction.\n- Cover response parsing.\n- Cover error handling.\n\nIntegration testing:\n\n- Use real API calls only with test accounts or test workspaces.\n- Clean up test data after tests.\n- Run in CI only when secret credentials are available.\n- Keep provider behavior mocked in unit tests.\n\nAgent testing:\n\n- Test agents using integration tools at the resource boundary.\n- Tenant project agent tests normally live under external/{org}/src/agents/{agent}/tests/.\n\nRelated References\n\n- /knowledge read knowledge.platform-composition-patterns\n- /knowledge read knowledge.platform-command-view\n- /knowledge read knowledge.platform-systems-overview"
+  },
+  {
+    id: "knowledge.system-building",
+    title: "System Building Guidance",
+    summary: "Reference for authoring a complete Organization Model System end to end -- shell, ontology, resources, topology, knowledge nodes, UI manifest, and apiInterface readiness. Points to the intent-to-abstraction map, the ordered build runbook, and the permanent guide.",
+    bodyText: `Overview
+
+Use this reference when building a new System or extending an existing one inside the Organization Model. The intent-to-abstraction map, the ordered build runbook, and the permanent guide together form the complete guidance chain.
+
+The Organization Model is the single join point across runtime resources, UI manifests, topology wiring, and agent knowledge. System authoring starts here -- not in deployment files, UI registries, or hand-written constants.
+
+Entry Points
+
+Three entry points exist depending on context:
+
+- Intent-triggered (primary): describe what the system should do in free text. The /om skill's prompt-signals route build intent to the runbook automatically -- no subcommand required.
+- Manual trigger (secondary): invoke /om build directly to walk the sequenced runbook.
+- Copy-address: use /om read-folder group:systems in the Knowledge Tree to browse all System nodes and their governing knowledge.
+
+Intent to Abstraction Map
+
+The intent-to-abstraction rule lives at .claude/rules/system-building.md. It auto-injects when editing any OM domain file and maps each user intent phrase to the exact System slot it fills, the canonical authoring file, and the define helper to call.
+
+Representative mappings:
+
+- "react to incoming email" -- trigger (webhook) + topology.triggers edge + handler workflow
+- "store deal data" -- system.ontology object with scope: { system: '<id>' }
+- "expose to other systems" -- system.apiInterface marker + scoped topology grant
+- "show in the dashboard" -- system.ui.surfaces + SystemModule keyed to systemId
+- "track with a status" -- system.ontology catalog + usesCatalogs resource binding
+
+See .claude/rules/system-building.md for the full 13-row table covering all System slots.
+
+Ordered Build Runbook
+
+The sequenced build journey (once available at /om build) walks:
+
+1. Define the System shell (defineSystem in the tenant OM)
+2. Author system.ontology (objects, links, actions, catalogs, events, interfaces, value types, properties, groups, endpoints)
+3. Author resources + ontology bindings (systemPath, reads/writes/actions/usesCatalogs/emits)
+4. Wire topology (triggers/uses/approval) and cross-system grants
+5. Author knowledge nodes (governs: system:<id> via links frontmatter)
+6. Register the UI manifest (SystemModule keyed to systemId)
+7. Mark system.apiInterface when the system is ready for cross-system use
+8. Run pnpm exec elevasis om:doctor to verify coherence
+
+Permanent Guide
+
+The full narrative guide with worked cross-system patterns, OM Spine producer/consumer examples, and apiInterface readiness troubleshooting lives at:
+
+apps/docs/content/docs/technical/development/guides/building-systems/index.mdx
+
+Read it for step-by-step authoring instructions, code examples, and common mistake patterns.
+
+Key Source Files
+
+- packages/elevasis-core/src/organization-model/systems.ts -- SystemEntry master abstraction; every buildable slot lives here
+- packages/core/src/organization-model/ontology.ts -- ontology ID scheme (system.path:kind/local-id)
+- packages/core/src/organization-model/helpers.ts -- getSystem / getResourcesForSystem / listAllSystems
+- packages/core/src/organization-model/domains/resources.ts -- ResourceEntry, systemPath, ontology bindings
+- packages/core/src/organization-model/domains/topology.ts -- triggers/uses/approval wiring + system interface grants
+
+Related References
+
+- /om read knowledge.platform-composition-patterns
+- /om read knowledge.org-model-graph-contract`
   }
 ];