@hexis-ai/engram-server 0.12.0 → 0.14.0

package/dist/adapters/postgres.js

@@ -1,19 +1,6 @@
 import { runMigrations } from "../migrator";
-import { foldEvents } from "../storage";
-/**
- * 10-char alphanumeric id, e.g. `p_a8b3c2d4`. Cryptographic randomness via
- * the platform's getRandomValues; collision probability negligible for any
- * realistic person count.
- */
-function defaultPersonId() {
-    const ALPHA = "abcdefghijklmnopqrstuvwxyz0123456789";
-    const buf = new Uint8Array(8);
-    crypto.getRandomValues(buf);
-    let out = "p_";
-    for (const b of buf)
-        out += ALPHA[b % ALPHA.length];
-    return out;
-}
+import { foldEvents, newPersonId } from "../storage";
+import { isoString, pickPatch } from "./util";
 export class PostgresAdapter {
     workspaceId;
     sql;
@@ -21,7 +8,7 @@ export class PostgresAdapter {
     constructor(opts) {
         this.workspaceId = opts.workspaceId;
         this.sql = opts.sql;
-        this.newPersonId = opts.newPersonId ?? defaultPersonId;
+        this.newPersonId = opts.newPersonId ?? newPersonId;
     }
     /**
      * Apply all pending schema migrations. Safe to call repeatedly and
@@ -44,7 +31,8 @@ export class PostgresAdapter {
       INSERT INTO engram_sessions (
         workspace_id, id, title, channel, participants, viewable_by,
         created_at, updated_at, status, summary, model,
-        trigger_conversation_id, trigger_event_id
+        trigger_conversation_id, trigger_event_id,
+        trigger_purpose, trigger_resume_hint
       )
       VALUES (
         ${this.workspaceId},
@@ -59,7 +47,9 @@ export class PostgresAdapter {
         ${init.summary ?? null},
         ${init.model ?? null},
         ${init.trigger_conversation_id ?? null},
-        ${init.trigger_event_id ?? null}
+        ${init.trigger_event_id ?? null},
+        ${init.trigger_purpose ?? null},
+        ${init.trigger_resume_hint ?? null}
       )
       ON CONFLICT (workspace_id, id) DO NOTHING
     `;
@@ -110,7 +100,8 @@ export class PostgresAdapter {
         const rows = await this.sql `
       SELECT id, title, channel, participants, viewable_by, created_at,
              updated_at, status, summary, model,
-             trigger_conversation_id, trigger_event_id
+             trigger_conversation_id, trigger_event_id,
+             trigger_purpose, trigger_resume_hint
       FROM engram_sessions
       WHERE workspace_id = ${this.workspaceId} AND id = ${sessionId}
       LIMIT 1
@@ -125,29 +116,33 @@ export class PostgresAdapter {
         return foldEvents(toSessionRow(rows[0]), events.map((e) => e.payload), new Date());
     }
     async updateSession(sessionId, patch) {
-        // Translate JS undefined → "no change" via a per-column "provided"
-        // flag the SQL evaluates with CASE WHEN. null in patch becomes a
-        // real null in the DB (clear), value becomes a set.
-        const titleProvided = patch.title !== undefined;
-        const channelProvided = patch.channel !== undefined;
-        const statusProvided = patch.status !== undefined;
-        const summaryProvided = patch.summary !== undefined;
-        const modelProvided = patch.model !== undefined;
-        const tcIdProvided = patch.trigger_conversation_id !== undefined;
-        const teIdProvided = patch.trigger_event_id !== undefined;
+        // Per-column "provided" flags drive a CASE WHEN per field: undefined
+        // leaves the column alone, null clears, value sets. `status` defaults
+        // to "active" on clear to match the column default.
+        const title = pickPatch(patch, "title");
+        const channel = pickPatch(patch, "channel");
+        const status = pickPatch(patch, "status", "active");
+        const summary = pickPatch(patch, "summary");
+        const model = pickPatch(patch, "model");
+        const tcId = pickPatch(patch, "trigger_conversation_id");
+        const teId = pickPatch(patch, "trigger_event_id");
+        const tPurpose = pickPatch(patch, "trigger_purpose");
+        const tResume = pickPatch(patch, "trigger_resume_hint");
         const rows = await this.sql `
       UPDATE engram_sessions SET
-        title    = CASE WHEN ${titleProvided}    THEN ${patch.title ?? null}    ELSE title    END,
-        channel  = CASE WHEN ${channelProvided}  THEN ${patch.channel ?? null}  ELSE channel  END,
-        status   = CASE WHEN ${statusProvided}   THEN ${patch.status ?? "active"} ELSE status END,
-        summary  = CASE WHEN ${summaryProvided}  THEN ${patch.summary ?? null}  ELSE summary  END,
-        model    = CASE WHEN ${modelProvided}    THEN ${patch.model ?? null}    ELSE model    END,
-        trigger_conversation_id = CASE WHEN ${tcIdProvided}
-          THEN ${patch.trigger_conversation_id ?? null}
-          ELSE trigger_conversation_id END,
-        trigger_event_id = CASE WHEN ${teIdProvided}
-          THEN ${patch.trigger_event_id ?? null}
-          ELSE trigger_event_id END,
+        title    = CASE WHEN ${title.provided}   THEN ${title.value}   ELSE title   END,
+        channel  = CASE WHEN ${channel.provided} THEN ${channel.value} ELSE channel END,
+        status   = CASE WHEN ${status.provided}  THEN ${status.value}  ELSE status  END,
+        summary  = CASE WHEN ${summary.provided} THEN ${summary.value} ELSE summary END,
+        model    = CASE WHEN ${model.provided}   THEN ${model.value}   ELSE model   END,
+        trigger_conversation_id = CASE WHEN ${tcId.provided}
+          THEN ${tcId.value} ELSE trigger_conversation_id END,
+        trigger_event_id = CASE WHEN ${teId.provided}
+          THEN ${teId.value} ELSE trigger_event_id END,
+        trigger_purpose = CASE WHEN ${tPurpose.provided}
+          THEN ${tPurpose.value} ELSE trigger_purpose END,
+        trigger_resume_hint = CASE WHEN ${tResume.provided}
+          THEN ${tResume.value} ELSE trigger_resume_hint END,
         updated_at = now()
       WHERE workspace_id = ${this.workspaceId} AND id = ${sessionId}
       RETURNING id
@@ -246,17 +241,18 @@ export class PostgresAdapter {
         return toPersonInfo(rows[0]);
     }
     async updatePerson(id, patch) {
-        // Treat `null` as an explicit clear; `undefined` as no-op.
-        const nameProvided = patch.display_name !== undefined;
-        const roleProvided = patch.role !== undefined;
-        const teamProvided = patch.team !== undefined;
-        const sourceProvided = patch.source !== undefined;
+        // undefined = no-op, null = clear (source clears to "auto" to match
+        // the column default).
+        const name = pickPatch(patch, "display_name");
+        const role = pickPatch(patch, "role");
+        const team = pickPatch(patch, "team");
+        const source = pickPatch(patch, "source", "auto");
         const rows = await this.sql `
       UPDATE engram_persons SET
-        display_name = CASE WHEN ${nameProvided}   THEN ${patch.display_name ?? null} ELSE display_name END,
-        role         = CASE WHEN ${roleProvided}   THEN ${patch.role ?? null}         ELSE role         END,
-        team         = CASE WHEN ${teamProvided}   THEN ${patch.team ?? null}         ELSE team         END,
-        source       = CASE WHEN ${sourceProvided} THEN ${patch.source ?? "auto"}     ELSE source       END,
+        display_name = CASE WHEN ${name.provided}   THEN ${name.value}   ELSE display_name END,
+        role         = CASE WHEN ${role.provided}   THEN ${role.value}   ELSE role         END,
+        team         = CASE WHEN ${team.provided}   THEN ${team.value}   ELSE team         END,
+        source       = CASE WHEN ${source.provided} THEN ${source.value} ELSE source       END,
         updated_at   = now()
       WHERE workspace_id = ${this.workspaceId} AND id = ${id}
       RETURNING id, display_name, role, team, source, created_at, updated_at
@@ -326,15 +322,13 @@ export class PostgresAdapter {
     }
     // --- Aliases ------------------------------------------------------
     async upsertAlias(personId, input) {
-        // Pre-check rather than rely on the FK so unknown persons return
-        // `null` instead of throwing a constraint violation.
-        const personExists = await this.sql `
-      SELECT id FROM engram_persons
-      WHERE workspace_id = ${this.workspaceId} AND id = ${personId}
-      LIMIT 1
+        // Same race as upsertIdentity — alias telemetry can land before
+        // the matching person telemetry. Auto-create a stub person.
+        await this.sql `
+      INSERT INTO engram_persons (workspace_id, id)
+      VALUES (${this.workspaceId}, ${personId})
+      ON CONFLICT (workspace_id, id) DO NOTHING
     `;
-        if (personExists.length === 0)
-            return null;
         const increment = input.increment ?? true;
         // Branch on the upsert behaviour. `increment=true` bumps usage_count
         // and replaces caller/last_used; `increment=false` is idempotent —
@@ -390,15 +384,15 @@ export class PostgresAdapter {
     }
     // --- Identities ---------------------------------------------------
     async upsertIdentity(ref, input) {
-        // Pre-check rather than rely on the FK so unknown persons return
-        // `null` instead of throwing a constraint violation.
-        const personExists = await this.sql `
-      SELECT id FROM engram_persons
-      WHERE workspace_id = ${this.workspaceId} AND id = ${input.person_id}
-      LIMIT 1
+        // Auto-create a stub person if missing. The two telemetry calls
+        // (person + identity) leave monet fire-and-forget and race over
+        // the network, so it's normal for the identity PUT to land first.
+        // Empty stub gets enriched by the trailing person PUT.
+        await this.sql `
+      INSERT INTO engram_persons (workspace_id, id)
+      VALUES (${this.workspaceId}, ${input.person_id})
+      ON CONFLICT (workspace_id, id) DO NOTHING
     `;
-        if (personExists.length === 0)
-            return null;
         // unlinked_at semantics: undefined = leave alone, null = clear,
         // value = set. matches the patch contract for the other fields.
         const unlinkedProvided = input.unlinked_at !== undefined;
@@ -460,27 +454,25 @@ export class PostgresAdapter {
     }
 }
 function toPersonInfo(r) {
-    const toIso = (v) => (typeof v === "string" ? v : v.toISOString());
     return {
         id: r.id,
         display_name: r.display_name,
         role: r.role,
         team: r.team,
         source: r.source,
-        created_at: toIso(r.created_at),
-        updated_at: toIso(r.updated_at),
+        created_at: isoString(r.created_at),
+        updated_at: isoString(r.updated_at),
     };
 }
 function toSessionRow(r) {
-    const toIso = (v) => (typeof v === "string" ? v : v.toISOString());
     return {
         id: r.id,
         ...(r.title ? { title: r.title } : {}),
         ...(r.channel ? { channel: r.channel } : {}),
         participants: r.participants,
         viewable_by: r.viewable_by,
-        createdAt: toIso(r.created_at),
-        updatedAt: toIso(r.updated_at),
+        createdAt: isoString(r.created_at),
+        updatedAt: isoString(r.updated_at),
         ...(r.status === "active" || r.status === "idle" || r.status === "completed"
             ? { status: r.status }
             : {}),
@@ -492,27 +484,28 @@ function toSessionRow(r) {
         ...(r.trigger_event_id !== null
             ? { trigger_event_id: r.trigger_event_id }
             : {}),
+        ...(r.trigger_purpose !== null
+            ? { trigger_purpose: r.trigger_purpose }
+            : {}),
+        ...(r.trigger_resume_hint !== null
+            ? { trigger_resume_hint: r.trigger_resume_hint }
+            : {}),
     };
 }
 function toAliasInfo(r) {
-    const toIso = (v) => (typeof v === "string" ? v : v.toISOString());
     // last_used is a DATE column; postgres-js returns it as a Date at UTC
     // midnight. Render as plain YYYY-MM-DD to match the wire type.
-    const lastUsed = typeof r.last_used === "string"
-        ? r.last_used.slice(0, 10)
-        : r.last_used.toISOString().slice(0, 10);
     return {
         person_id: r.person_id,
         name: r.name,
         caller: r.caller,
         usage_count: r.usage_count,
-        last_used: lastUsed,
-        created_at: toIso(r.created_at),
-        updated_at: toIso(r.updated_at),
+        last_used: isoString(r.last_used).slice(0, 10),
+        created_at: isoString(r.created_at),
+        updated_at: isoString(r.updated_at),
     };
 }
 function toIdentityInfo(r) {
-    const toIso = (v) => (typeof v === "string" ? v : v.toISOString());
     // linked_at is now TIMESTAMPTZ (post-migration 0004). Emit full ISO.
     return {
         ref: r.ref,
@@ -523,9 +516,9 @@ function toIdentityInfo(r) {
         source: r.source,
         is_primary: r.is_primary,
         picture: r.picture,
-        linked_at: toIso(r.linked_at),
-        unlinked_at: r.unlinked_at === null ? null : toIso(r.unlinked_at),
-        created_at: toIso(r.created_at),
-        updated_at: toIso(r.updated_at),
+        linked_at: isoString(r.linked_at),
+        unlinked_at: r.unlinked_at === null ? null : isoString(r.unlinked_at),
+        created_at: isoString(r.created_at),
+        updated_at: isoString(r.updated_at),
     };
 }

package/dist/adapters/util.d.ts

@@ -0,0 +1,27 @@
+/** Postgres drivers return timestamp columns as either string or Date depending
+ *  on the type parser. Normalise to ISO-8601 string for the wire format. */
+export declare function isoString(v: string | Date): string;
+/**
+ * Apply a partial patch with the SDK's three-state semantics:
+ *   - `undefined` → keep `existing[key]`
+ *   - `null`      → clear (set to `clearTo`, default `null`)
+ *   - value       → set
+ *
+ * Used by the in-memory adapter to mirror the postgres adapter's
+ * per-column CASE WHEN behaviour without hand-writing the if/else
+ * tree for every field. Returns a new object — never mutates.
+ */
+export declare function applyPartial<E, P>(existing: E, patch: P, 
+/** Default value when a key is explicitly cleared (`null` in the patch). */
+clearTo?: Partial<{
+    [K in keyof P]: unknown;
+}>): E;
+/**
+ * Per-field patch helper for postgres CASE WHEN. Returns the
+ * `{provided, value}` tuple the SQL template uses; `clearTo` plugs in
+ * when the patch explicitly cleared the field with `null`.
+ */
+export declare function pickPatch<P, K extends keyof P>(patch: P, key: K, clearTo?: NonNullable<P[K]> | null): {
+    provided: boolean;
+    value: NonNullable<P[K]> | null;
+};

package/dist/adapters/util.js

@@ -0,0 +1,47 @@
+/** Postgres drivers return timestamp columns as either string or Date depending
+ *  on the type parser. Normalise to ISO-8601 string for the wire format. */
+export function isoString(v) {
+    return typeof v === "string" ? v : v.toISOString();
+}
+/**
+ * Apply a partial patch with the SDK's three-state semantics:
+ *   - `undefined` → keep `existing[key]`
+ *   - `null`      → clear (set to `clearTo`, default `null`)
+ *   - value       → set
+ *
+ * Used by the in-memory adapter to mirror the postgres adapter's
+ * per-column CASE WHEN behaviour without hand-writing the if/else
+ * tree for every field. Returns a new object — never mutates.
+ */
+export function applyPartial(existing, patch, 
+/** Default value when a key is explicitly cleared (`null` in the patch). */
+clearTo = {}) {
+    const next = { ...existing };
+    for (const key of Object.keys(patch)) {
+        const value = patch[key];
+        if (value === undefined)
+            continue;
+        if (value === null) {
+            const fallback = clearTo[key];
+            if (fallback === undefined)
+                delete next[key];
+            else
+                next[key] = fallback;
+        }
+        else {
+            next[key] = value;
+        }
+    }
+    return next;
+}
+/**
+ * Per-field patch helper for postgres CASE WHEN. Returns the
+ * `{provided, value}` tuple the SQL template uses; `clearTo` plugs in
+ * when the patch explicitly cleared the field with `null`.
+ */
+export function pickPatch(patch, key, clearTo = null) {
+    const provided = patch[key] !== undefined;
+    const raw = patch[key];
+    const value = raw == null ? clearTo : raw;
+    return { provided, value };
+}

package/dist/admin.js

@@ -1,6 +1,7 @@
 import { Hono } from "hono";
 import { isValidWorkspaceId } from "./key-store";
 import { createWorkspaceSchema, issueKeySchema, parseJsonBody } from "./schemas";
+import { addMember, createOrg, createWorkspaceUnderOrg, deleteOrg, getOrgOrThrow, OrgServiceError, removeMember, requireWorkspaceInOrg, revokeWorkspaceKey, } from "./services/orgs";
 /**
  * Build the admin sub-router. Mount under \`/admin/v1\`.
  *
@@ -119,117 +120,105 @@ export function createAdminRouter(opts) {
     const orgStore = opts.orgStore;
     if (!orgStore)
         return app;
-    app.post("/orgs", async (c) => {
+    const deps = { orgStore, keyStore: opts.keyStore };
+    app.post("/orgs", async (c) => runService(c, async () => {
         const body = (await c.req.json().catch(() => ({})));
-        try {
-            const org = await orgStore.createOrg({
-                ...(body.id !== undefined ? { id: body.id } : {}),
-                ...(body.name !== undefined ? { name: body.name } : {}),
-                ...(body.metadata !== undefined ? { metadata: body.metadata } : {}),
-            });
-            return c.json({ org });
-        }
-        catch (e) {
-            return c.json({ error: e.message }, 400);
-        }
-    });
+        const org = await createOrg(deps, body);
+        return c.json({ org });
+    }));
     app.get("/orgs", async (c) => {
         const orgs = await orgStore.listOrgs();
         return c.json({ orgs });
     });
-    app.get("/orgs/:id", async (c) => {
-        const org = await orgStore.getOrg(c.req.param("id"));
-        if (!org)
-            return c.json({ error: "org_not_found" }, 404);
+    app.get("/orgs/:id", async (c) => runService(c, async () => {
+        const org = await getOrgOrThrow(deps, c.req.param("id"));
         return c.json({ org });
-    });
-    app.delete("/orgs/:id", async (c) => {
-        const id = c.req.param("id");
-        const org = await orgStore.getOrg(id);
-        if (!org)
-            return c.json({ error: "org_not_found" }, 404);
-        await orgStore.deleteOrg(id);
+    }));
+    app.delete("/orgs/:id", async (c) => runService(c, async () => {
+        await deleteOrg(deps, c.req.param("id"));
         return c.body(null, 204);
-    });
+    }));
     // ----- org members ------------------------------------------
-    app.get("/orgs/:id/members", async (c) => {
+    app.get("/orgs/:id/members", async (c) => runService(c, async () => {
         const id = c.req.param("id");
-        const org = await orgStore.getOrg(id);
-        if (!org)
-            return c.json({ error: "org_not_found" }, 404);
+        await getOrgOrThrow(deps, id);
         return c.json({ members: await orgStore.listMembers(id) });
-    });
-    app.post("/orgs/:id/members", async (c) => {
+    }));
+    app.post("/orgs/:id/members", async (c) => runService(c, async () => {
         const orgId = c.req.param("id");
-        const org = await orgStore.getOrg(orgId);
-        if (!org)
-            return c.json({ error: "org_not_found" }, 404);
+        await getOrgOrThrow(deps, orgId);
         const body = (await c.req.json().catch(() => ({})));
-        let userId = body.userId;
-        if (!userId && body.email) {
-            const u = await orgStore.findUserByEmail(body.email);
-            if (!u)
-                return c.json({ error: "user_not_found" }, 404);
-            userId = u.id;
-        }
-        if (!userId)
-            return c.json({ error: "userId_or_email_required" }, 400);
-        const member = await orgStore.upsertMember({
-            orgId,
-            userId,
-            ...(body.role !== undefined ? { role: body.role } : {}),
-        });
+        const member = await addMember(deps, orgId, body);
         return c.json({ member });
-    });
-    app.delete("/orgs/:id/members/:userId", async (c) => {
+    }));
+    app.delete("/orgs/:id/members/:userId", async (c) => runService(c, async () => {
         const orgId = c.req.param("id");
-        const org = await orgStore.getOrg(orgId);
-        if (!org)
-            return c.json({ error: "org_not_found" }, 404);
-        await orgStore.removeMember(orgId, c.req.param("userId"));
+        await getOrgOrThrow(deps, orgId);
+        await removeMember(deps, orgId, c.req.param("userId"));
         return c.body(null, 204);
-    });
+    }));
     // ----- org workspaces ---------------------------------------
-    // Combines createWorkspace + setWorkspaceOrg + issueKey so a
-    // tenant can be stood up in one round-trip. Mirrors the legacy
-    // /workspaces POST shape but adds org scoping.
-    app.post("/orgs/:id/workspaces", async (c) => {
+    // Stands up a tenant. createWorkspaceUnderOrg writes the workspace
+    // + org binding in a single INSERT (atomic) and then issues the
+    // initial API key (separate insert; retry-safe via ON CONFLICT).
+    app.post("/orgs/:id/workspaces", async (c) => runService(c, async () => {
         const orgId = c.req.param("id");
-        const org = await orgStore.getOrg(orgId);
-        if (!org)
-            return c.json({ error: "org_not_found" }, 404);
+        await getOrgOrThrow(deps, orgId);
         const body = await parseJsonBody(c, createWorkspaceSchema);
         if (body instanceof Response)
             return body;
-        if (body.id !== undefined && !isValidWorkspaceId(body.id)) {
-            return c.json({ error: "invalid_workspace_id" }, 400);
-        }
-        try {
-            const ws = await opts.keyStore.createWorkspace({
-                ...(body.id !== undefined ? { id: body.id } : {}),
-                ...(body.name !== undefined ? { name: body.name } : {}),
-                ...(body.metadata !== undefined ? { metadata: body.metadata } : {}),
-            });
-            await orgStore.setWorkspaceOrg(ws.id, orgId);
-            if (body.issueKey === false) {
-                return c.json({ workspace: { ...ws, orgId } });
-            }
-            const key = await opts.keyStore.issueKey(ws.id, {
-                ...(body.keyName !== undefined ? { name: body.keyName } : {}),
-            });
-            return c.json({ workspace: { ...ws, orgId }, key });
-        }
-        catch (e) {
-            return c.json({ error: e.message }, 400);
-        }
-    });
-    app.get("/orgs/:id/workspaces", async (c) => {
+        return c.json(await createWorkspaceUnderOrg(deps, orgId, body));
+    }));
+    app.get("/orgs/:id/workspaces", async (c) => runService(c, async () => {
         const orgId = c.req.param("id");
-        const org = await orgStore.getOrg(orgId);
-        if (!org)
-            return c.json({ error: "org_not_found" }, 404);
+        await getOrgOrThrow(deps, orgId);
         const workspaces = await orgStore.listWorkspacesForOrg(orgId);
         return c.json({ workspaces });
-    });
+    }));
+    // ----- per-workspace api keys (scoped to an org) -----------
+    // Org-scoped equivalent of the legacy /admin/v1/workspaces/:id/keys
+    // routes. monet uses these for key rotation after the initial
+    // createWorkspaceUnderOrg + key issuance.
+    app.get("/orgs/:id/workspaces/:wsId/keys", async (c) => runService(c, async () => {
+        const orgId = c.req.param("id");
+        const wsId = c.req.param("wsId");
+        await getOrgOrThrow(deps, orgId);
+        await requireWorkspaceInOrg(deps, orgId, wsId);
+        return c.json({ keys: await opts.keyStore.listKeys(wsId) });
+    }));
+    app.post("/orgs/:id/workspaces/:wsId/keys", async (c) => runService(c, async () => {
+        const orgId = c.req.param("id");
+        const wsId = c.req.param("wsId");
+        await getOrgOrThrow(deps, orgId);
+        await requireWorkspaceInOrg(deps, orgId, wsId);
+        const raw = await c.req.json().catch(() => ({}));
+        const parsed = issueKeySchema.safeParse(raw);
+        if (!parsed.success) {
+            return c.json({ error: "invalid_body", issues: parsed.error.issues }, 400);
+        }
+        const key = await opts.keyStore.issueKey(wsId, {
+            ...(parsed.data.name !== undefined ? { name: parsed.data.name } : {}),
+        });
+        return c.json(key);
+    }));
+    app.delete("/orgs/:id/workspaces/:wsId/keys/:keyId", async (c) => runService(c, async () => {
+        const orgId = c.req.param("id");
+        const wsId = c.req.param("wsId");
+        await getOrgOrThrow(deps, orgId);
+        await requireWorkspaceInOrg(deps, orgId, wsId);
+        await revokeWorkspaceKey(deps, wsId, c.req.param("keyId"));
+        return c.body(null, 204);
+    }));
     return app;
 }
+/** Run a service call, mapping OrgServiceError to a JSON response. */
+async function runService(c, fn) {
+    try {
+        return await fn();
+    }
+    catch (e) {
+        if (e instanceof OrgServiceError)
+            return c.json({ error: e.code }, e.status);
+        throw e;
+    }
+}

package/dist/key-store.d.ts

@@ -29,13 +29,26 @@ export interface KeyResolution {
     keyId: string;
 }
 export interface KeyStore {
+    /**
+     * Persist a workspace row. `orgId`, when supplied, lands in the same
+     * INSERT so the workspace and its org binding are committed atomically
+     * (no orphaned workspace if a follow-up `setWorkspaceOrg` would have
+     * failed). Legacy callers without an org still work — `org_id` stays
+     * NULL.
+     */
     createWorkspace(input: {
         id?: string;
         name?: string;
         metadata?: Record<string, unknown>;
+        orgId?: string;
     }): Promise<Workspace>;
     getWorkspace(id: string): Promise<Workspace | null>;
     listWorkspaces(): Promise<Workspace[]>;
+    /** Patch a workspace's name (and/or metadata). Returns the updated row. */
+    updateWorkspace(id: string, patch: {
+        name?: string;
+        metadata?: Record<string, unknown>;
+    }): Promise<Workspace>;
     /** Hard delete: cascades to keys, sessions, and events for this workspace. */
     deleteWorkspace(id: string): Promise<void>;
     issueKey(workspaceId: string, opts?: {