@lucern/events 0.3.0-alpha.8 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -2
- package/dist/index.js +3477 -403
- package/dist/index.js.map +1 -1
- package/dist/outbox.js +3477 -403
- package/dist/outbox.js.map +1 -1
- package/dist/types.js +3477 -403
- package/dist/types.js.map +1 -1
- package/dist/webhooks.js +3477 -403
- package/dist/webhooks.js.map +1 -1
- package/package.json +2 -2
package/dist/index.js
CHANGED
|
@@ -26,6 +26,20 @@ function matchesAnyEventPattern(eventType, patterns) {
|
|
|
26
26
|
return patterns.some((pattern) => matchesEventPattern(eventType, pattern));
|
|
27
27
|
}
|
|
28
28
|
|
|
29
|
+
// ../contracts/src/types/reasoning-method.ts
|
|
30
|
+
var REASONING_METHODS = [
|
|
31
|
+
"deductive",
|
|
32
|
+
"inductive",
|
|
33
|
+
"abductive",
|
|
34
|
+
"analogical",
|
|
35
|
+
"causal",
|
|
36
|
+
"correlational",
|
|
37
|
+
"testimonial",
|
|
38
|
+
"statistical",
|
|
39
|
+
"implicit",
|
|
40
|
+
"pattern_match"
|
|
41
|
+
];
|
|
42
|
+
|
|
29
43
|
// ../contracts/src/graph-intelligence.contract.ts
|
|
30
44
|
var GRAPH_INTELLIGENCE_MODE_TOOL_NAMES = {
|
|
31
45
|
core: [
|
|
@@ -847,7 +861,7 @@ defineTable({
|
|
|
847
861
|
});
|
|
848
862
|
defineTable({
|
|
849
863
|
name: "agents",
|
|
850
|
-
component: "
|
|
864
|
+
component: "control-plane",
|
|
851
865
|
category: "agent",
|
|
852
866
|
shape: z.object({
|
|
853
867
|
"slug": z.string(),
|
|
@@ -878,6 +892,8 @@ defineTable({
|
|
|
878
892
|
category: "tenant",
|
|
879
893
|
shape: z.object({
|
|
880
894
|
"tenantId": idOf("tenants"),
|
|
895
|
+
"workspaceId": idOf("workspaces").optional(),
|
|
896
|
+
"environment": z.enum(["dev", "staging", "prod"]).optional(),
|
|
881
897
|
"keyPrefix": z.enum(["luc", "stk"]),
|
|
882
898
|
"keyHash": z.string(),
|
|
883
899
|
"keyHint": z.string(),
|
|
@@ -905,7 +921,7 @@ defineTable({
|
|
|
905
921
|
shape: z.object({
|
|
906
922
|
"tenantId": idOf("tenants").optional(),
|
|
907
923
|
"apiKeyId": idOf("apiKeys").optional(),
|
|
908
|
-
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
924
|
+
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "tenant_clerk_organization_linked", "tenant_canonical_identity_repaired", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
909
925
|
"actorClerkId": z.string(),
|
|
910
926
|
"details": z.any().optional(),
|
|
911
927
|
"createdAt": z.number()
|
|
@@ -1129,6 +1145,35 @@ defineTable({
|
|
|
1129
1145
|
{ kind: "index", name: "by_source", columns: ["source"] }
|
|
1130
1146
|
]
|
|
1131
1147
|
});
|
|
1148
|
+
defineTable({
|
|
1149
|
+
name: "domainEvents",
|
|
1150
|
+
component: "kernel",
|
|
1151
|
+
category: "events",
|
|
1152
|
+
shape: z.object({
|
|
1153
|
+
"eventId": z.string(),
|
|
1154
|
+
"type": z.string(),
|
|
1155
|
+
"version": z.string(),
|
|
1156
|
+
"timestamp": z.number(),
|
|
1157
|
+
"tenantId": z.string().optional(),
|
|
1158
|
+
"workspaceId": z.string().optional(),
|
|
1159
|
+
"topicId": z.string(),
|
|
1160
|
+
"resourceId": z.string(),
|
|
1161
|
+
"resourceType": z.string(),
|
|
1162
|
+
"actorId": z.string(),
|
|
1163
|
+
"actorType": z.enum(["human", "agent", "service"]),
|
|
1164
|
+
"data": z.record(z.any()),
|
|
1165
|
+
"correlationId": z.string().optional(),
|
|
1166
|
+
"expiresAt": z.number()
|
|
1167
|
+
}),
|
|
1168
|
+
indices: [
|
|
1169
|
+
{ kind: "index", name: "by_eventId", columns: ["eventId"] },
|
|
1170
|
+
{ kind: "index", name: "by_topic_timestamp", columns: ["topicId", "timestamp"] },
|
|
1171
|
+
{ kind: "index", name: "by_tenant_workspace_timestamp", columns: ["tenantId", "workspaceId", "timestamp"] },
|
|
1172
|
+
{ kind: "index", name: "by_type_timestamp", columns: ["type", "timestamp"] },
|
|
1173
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId", "timestamp"] },
|
|
1174
|
+
{ kind: "index", name: "by_expiresAt", columns: ["expiresAt"] }
|
|
1175
|
+
]
|
|
1176
|
+
});
|
|
1132
1177
|
defineTable({
|
|
1133
1178
|
name: "beliefConfidence",
|
|
1134
1179
|
component: "kernel",
|
|
@@ -1784,29 +1829,37 @@ defineTable({
|
|
|
1784
1829
|
component: "mc",
|
|
1785
1830
|
category: "runtime",
|
|
1786
1831
|
shape: z.object({
|
|
1787
|
-
|
|
1788
|
-
|
|
1789
|
-
|
|
1790
|
-
|
|
1791
|
-
|
|
1792
|
-
|
|
1793
|
-
|
|
1794
|
-
|
|
1795
|
-
|
|
1796
|
-
|
|
1797
|
-
|
|
1798
|
-
|
|
1799
|
-
|
|
1832
|
+
shimId: z.string(),
|
|
1833
|
+
gateId: z.string(),
|
|
1834
|
+
removalDate: z.string(),
|
|
1835
|
+
removalPriority: z.enum(["P1", "P2", "P3"]),
|
|
1836
|
+
description: z.string(),
|
|
1837
|
+
owner: z.string(),
|
|
1838
|
+
createdAt: z.string(),
|
|
1839
|
+
status: z.enum(["active", "overdue", "removed"]),
|
|
1840
|
+
bridgeType: z.enum(["tool", "agent"]),
|
|
1841
|
+
bridgeTarget: z.object({
|
|
1842
|
+
type: z.enum(["tool", "agent"]),
|
|
1843
|
+
legacyPath: z.string(),
|
|
1844
|
+
harnessPath: z.string()
|
|
1800
1845
|
}),
|
|
1801
|
-
|
|
1802
|
-
|
|
1803
|
-
|
|
1804
|
-
|
|
1846
|
+
shimBehavior: z.enum([
|
|
1847
|
+
"passthrough_with_logging",
|
|
1848
|
+
"adapter",
|
|
1849
|
+
"feature_flag_gate"
|
|
1850
|
+
]),
|
|
1851
|
+
producesLedgerEntries: z.boolean(),
|
|
1852
|
+
lastAuditedAt: z.number(),
|
|
1853
|
+
metadata: z.record(z.any()).optional()
|
|
1805
1854
|
}),
|
|
1806
1855
|
indices: [
|
|
1807
1856
|
{ kind: "index", name: "by_shimId", columns: ["shimId"] },
|
|
1808
1857
|
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
1809
|
-
{
|
|
1858
|
+
{
|
|
1859
|
+
kind: "index",
|
|
1860
|
+
name: "by_bridgeType_status",
|
|
1861
|
+
columns: ["bridgeType", "status"]
|
|
1862
|
+
}
|
|
1810
1863
|
]
|
|
1811
1864
|
});
|
|
1812
1865
|
defineTable({
|
|
@@ -1814,12 +1867,23 @@ defineTable({
|
|
|
1814
1867
|
component: "mc",
|
|
1815
1868
|
category: "runtime",
|
|
1816
1869
|
shape: z.object({
|
|
1817
|
-
|
|
1818
|
-
|
|
1819
|
-
|
|
1820
|
-
|
|
1821
|
-
|
|
1822
|
-
|
|
1870
|
+
domain: z.enum([
|
|
1871
|
+
"graph",
|
|
1872
|
+
"schema",
|
|
1873
|
+
"identity",
|
|
1874
|
+
"policy",
|
|
1875
|
+
"audit",
|
|
1876
|
+
"admin",
|
|
1877
|
+
"agent",
|
|
1878
|
+
"tool",
|
|
1879
|
+
"prompt",
|
|
1880
|
+
"intelligence"
|
|
1881
|
+
]),
|
|
1882
|
+
state: z.enum(["legacy", "cutover", "disabled"]),
|
|
1883
|
+
metadata: z.record(z.any()).optional(),
|
|
1884
|
+
updatedBy: z.string(),
|
|
1885
|
+
createdAt: z.number(),
|
|
1886
|
+
updatedAt: z.number()
|
|
1823
1887
|
}),
|
|
1824
1888
|
indices: [
|
|
1825
1889
|
{ kind: "index", name: "by_domain", columns: ["domain"] },
|
|
@@ -1831,57 +1895,193 @@ defineTable({
|
|
|
1831
1895
|
component: "mc",
|
|
1832
1896
|
category: "runtime",
|
|
1833
1897
|
shape: z.object({
|
|
1834
|
-
|
|
1835
|
-
|
|
1836
|
-
|
|
1837
|
-
|
|
1838
|
-
|
|
1839
|
-
|
|
1840
|
-
|
|
1841
|
-
|
|
1842
|
-
|
|
1843
|
-
|
|
1844
|
-
|
|
1845
|
-
|
|
1846
|
-
|
|
1847
|
-
|
|
1848
|
-
|
|
1849
|
-
|
|
1850
|
-
|
|
1898
|
+
credentialRef: z.string(),
|
|
1899
|
+
tenantId: idOf("tenants"),
|
|
1900
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1901
|
+
target: z.enum(["kernelDeployment", "appDeployment"]),
|
|
1902
|
+
environment: z.enum(["dev", "staging", "prod"]),
|
|
1903
|
+
encryptedDeployKey: z.string(),
|
|
1904
|
+
encryptionVersion: z.string(),
|
|
1905
|
+
keyFingerprint: z.string(),
|
|
1906
|
+
keyHint: z.string(),
|
|
1907
|
+
status: z.enum(["active", "revoked"]),
|
|
1908
|
+
rotatedFromCredentialRef: z.string().optional(),
|
|
1909
|
+
revokedAt: z.number().optional(),
|
|
1910
|
+
revokedBy: z.string().optional(),
|
|
1911
|
+
lastUsedAt: z.number().optional(),
|
|
1912
|
+
metadata: z.record(z.any()).optional(),
|
|
1913
|
+
createdBy: z.string(),
|
|
1914
|
+
createdAt: z.number(),
|
|
1915
|
+
updatedAt: z.number()
|
|
1851
1916
|
}),
|
|
1852
1917
|
indices: [
|
|
1853
1918
|
{ kind: "index", name: "by_credentialRef", columns: ["credentialRef"] },
|
|
1854
1919
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1855
|
-
{ kind: "index", name: "
|
|
1856
|
-
{
|
|
1857
|
-
|
|
1920
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
1921
|
+
{
|
|
1922
|
+
kind: "index",
|
|
1923
|
+
name: "by_tenant_target",
|
|
1924
|
+
columns: ["tenantId", "target"]
|
|
1925
|
+
},
|
|
1926
|
+
{
|
|
1927
|
+
kind: "index",
|
|
1928
|
+
name: "by_tenant_target_environment",
|
|
1929
|
+
columns: ["tenantId", "target", "environment"]
|
|
1930
|
+
},
|
|
1931
|
+
{
|
|
1932
|
+
kind: "index",
|
|
1933
|
+
name: "by_tenant_target_environment_status",
|
|
1934
|
+
columns: ["tenantId", "target", "environment", "status"]
|
|
1935
|
+
},
|
|
1936
|
+
{
|
|
1937
|
+
kind: "index",
|
|
1938
|
+
name: "by_tenant_workspace_target_environment_status",
|
|
1939
|
+
columns: ["tenantId", "workspaceId", "target", "environment", "status"]
|
|
1940
|
+
},
|
|
1858
1941
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1859
1942
|
]
|
|
1860
1943
|
});
|
|
1944
|
+
defineTable({
|
|
1945
|
+
name: "permitSyncStates",
|
|
1946
|
+
component: "mc",
|
|
1947
|
+
category: "runtime",
|
|
1948
|
+
shape: z.object({
|
|
1949
|
+
syncKey: z.string(),
|
|
1950
|
+
objectType: z.enum([
|
|
1951
|
+
"resource",
|
|
1952
|
+
"role",
|
|
1953
|
+
"resource_role",
|
|
1954
|
+
"resource_relation",
|
|
1955
|
+
"tenant",
|
|
1956
|
+
"workspace",
|
|
1957
|
+
"principal",
|
|
1958
|
+
"membership",
|
|
1959
|
+
"group",
|
|
1960
|
+
"resource_instance",
|
|
1961
|
+
"relationship_tuple",
|
|
1962
|
+
"role_assignment"
|
|
1963
|
+
]),
|
|
1964
|
+
objectId: z.string(),
|
|
1965
|
+
tenantId: idOf("tenants").optional(),
|
|
1966
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1967
|
+
principalId: z.string().optional(),
|
|
1968
|
+
permitTenantKey: z.string().optional(),
|
|
1969
|
+
permitResourceType: z.string().optional(),
|
|
1970
|
+
permitResourceKey: z.string().optional(),
|
|
1971
|
+
desiredPayload: z.record(z.any()),
|
|
1972
|
+
lastAppliedPayloadHash: z.string().optional(),
|
|
1973
|
+
status: z.enum(["pending", "synced", "error", "skipped"]),
|
|
1974
|
+
attemptCount: z.number(),
|
|
1975
|
+
lastError: z.string().optional(),
|
|
1976
|
+
nextAttemptAt: z.number().optional(),
|
|
1977
|
+
lastSyncedAt: z.number().optional(),
|
|
1978
|
+
createdBy: z.string(),
|
|
1979
|
+
updatedBy: z.string().optional(),
|
|
1980
|
+
createdAt: z.number(),
|
|
1981
|
+
updatedAt: z.number()
|
|
1982
|
+
}),
|
|
1983
|
+
indices: [
|
|
1984
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
1985
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
1986
|
+
{
|
|
1987
|
+
kind: "index",
|
|
1988
|
+
name: "by_tenant_status",
|
|
1989
|
+
columns: ["tenantId", "status"]
|
|
1990
|
+
},
|
|
1991
|
+
{
|
|
1992
|
+
kind: "index",
|
|
1993
|
+
name: "by_workspace_status",
|
|
1994
|
+
columns: ["workspaceId", "status"]
|
|
1995
|
+
},
|
|
1996
|
+
{
|
|
1997
|
+
kind: "index",
|
|
1998
|
+
name: "by_principal_status",
|
|
1999
|
+
columns: ["principalId", "status"]
|
|
2000
|
+
}
|
|
2001
|
+
]
|
|
2002
|
+
});
|
|
2003
|
+
defineTable({
|
|
2004
|
+
name: "secretSyncDriftReports",
|
|
2005
|
+
component: "mc",
|
|
2006
|
+
category: "runtime",
|
|
2007
|
+
shape: z.object({
|
|
2008
|
+
reportId: z.string(),
|
|
2009
|
+
source: z.enum(["infisical_manifest", "manual", "ci"]),
|
|
2010
|
+
generatedAt: z.number(),
|
|
2011
|
+
recordedAt: z.number(),
|
|
2012
|
+
recordedBy: z.string(),
|
|
2013
|
+
status: z.enum([
|
|
2014
|
+
"in_sync",
|
|
2015
|
+
"drift",
|
|
2016
|
+
"exception",
|
|
2017
|
+
"blocked",
|
|
2018
|
+
"not_observed"
|
|
2019
|
+
]),
|
|
2020
|
+
reportHash: z.string(),
|
|
2021
|
+
manifestHash: z.string().optional(),
|
|
2022
|
+
dryRunReceiptId: z.string().optional(),
|
|
2023
|
+
appliedReceiptId: z.string().optional(),
|
|
2024
|
+
summary: z.object({
|
|
2025
|
+
totalPipelines: z.number(),
|
|
2026
|
+
inSync: z.number(),
|
|
2027
|
+
drift: z.number(),
|
|
2028
|
+
exception: z.number(),
|
|
2029
|
+
blocked: z.number(),
|
|
2030
|
+
notObserved: z.number(),
|
|
2031
|
+
missingKeys: z.number(),
|
|
2032
|
+
valueDriftKeys: z.number(),
|
|
2033
|
+
extraKeys: z.number(),
|
|
2034
|
+
deniedConvexLeakage: z.number(),
|
|
2035
|
+
approvedExceptions: z.number()
|
|
2036
|
+
}),
|
|
2037
|
+
redactedReport: z.record(z.any()),
|
|
2038
|
+
metadata: z.record(z.any()).optional()
|
|
2039
|
+
}),
|
|
2040
|
+
indices: [
|
|
2041
|
+
{ kind: "index", name: "by_reportId", columns: ["reportId"] },
|
|
2042
|
+
{ kind: "index", name: "by_reportHash", columns: ["reportHash"] },
|
|
2043
|
+
{ kind: "index", name: "by_generatedAt", columns: ["generatedAt"] },
|
|
2044
|
+
{
|
|
2045
|
+
kind: "index",
|
|
2046
|
+
name: "by_status_generatedAt",
|
|
2047
|
+
columns: ["status", "generatedAt"]
|
|
2048
|
+
}
|
|
2049
|
+
]
|
|
2050
|
+
});
|
|
1861
2051
|
defineTable({
|
|
1862
2052
|
name: "controlPlaneTenantModelSlotBindings",
|
|
1863
2053
|
component: "mc",
|
|
1864
2054
|
category: "runtime",
|
|
1865
2055
|
shape: z.object({
|
|
1866
|
-
|
|
1867
|
-
|
|
1868
|
-
"
|
|
1869
|
-
|
|
1870
|
-
|
|
1871
|
-
|
|
1872
|
-
|
|
1873
|
-
|
|
1874
|
-
|
|
1875
|
-
|
|
1876
|
-
|
|
1877
|
-
|
|
1878
|
-
|
|
2056
|
+
bindingId: z.string(),
|
|
2057
|
+
tenantId: idOf("tenants"),
|
|
2058
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2059
|
+
environment: z.enum(["dev", "staging", "prod"]).optional(),
|
|
2060
|
+
providerId: z.string(),
|
|
2061
|
+
modelSlotId: z.string(),
|
|
2062
|
+
secretRef: z.string(),
|
|
2063
|
+
status: z.enum(["active", "revoked"]),
|
|
2064
|
+
passThroughOnly: z.boolean(),
|
|
2065
|
+
revokedAt: z.number().optional(),
|
|
2066
|
+
revokedBy: z.string().optional(),
|
|
2067
|
+
metadata: z.record(z.any()).optional(),
|
|
2068
|
+
createdBy: z.string(),
|
|
2069
|
+
createdAt: z.number(),
|
|
2070
|
+
updatedAt: z.number()
|
|
1879
2071
|
}),
|
|
1880
2072
|
indices: [
|
|
1881
2073
|
{ kind: "index", name: "by_bindingId", columns: ["bindingId"] },
|
|
1882
2074
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1883
|
-
{
|
|
1884
|
-
|
|
2075
|
+
{
|
|
2076
|
+
kind: "index",
|
|
2077
|
+
name: "by_tenant_slot",
|
|
2078
|
+
columns: ["tenantId", "modelSlotId"]
|
|
2079
|
+
},
|
|
2080
|
+
{
|
|
2081
|
+
kind: "index",
|
|
2082
|
+
name: "by_tenant_provider_slot",
|
|
2083
|
+
columns: ["tenantId", "providerId", "modelSlotId"]
|
|
2084
|
+
},
|
|
1885
2085
|
{ kind: "index", name: "by_secretRef", columns: ["secretRef"] },
|
|
1886
2086
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1887
2087
|
]
|
|
@@ -1891,29 +2091,42 @@ defineTable({
|
|
|
1891
2091
|
component: "mc",
|
|
1892
2092
|
category: "runtime",
|
|
1893
2093
|
shape: z.object({
|
|
1894
|
-
|
|
1895
|
-
|
|
1896
|
-
"
|
|
1897
|
-
|
|
1898
|
-
|
|
1899
|
-
|
|
1900
|
-
|
|
1901
|
-
|
|
1902
|
-
|
|
1903
|
-
|
|
1904
|
-
|
|
1905
|
-
|
|
1906
|
-
|
|
1907
|
-
|
|
1908
|
-
|
|
1909
|
-
|
|
1910
|
-
|
|
2094
|
+
secretRef: z.string(),
|
|
2095
|
+
tenantId: idOf("tenants"),
|
|
2096
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2097
|
+
environment: z.enum(["dev", "staging", "prod"]).optional(),
|
|
2098
|
+
providerId: z.string(),
|
|
2099
|
+
label: z.string().optional(),
|
|
2100
|
+
encryptedSecret: z.string().optional(),
|
|
2101
|
+
infisicalPath: z.string().optional(),
|
|
2102
|
+
infisicalSecretKey: z.string().optional(),
|
|
2103
|
+
infisicalProjectId: z.string().optional(),
|
|
2104
|
+
encryptionVersion: z.string(),
|
|
2105
|
+
secretFingerprint: z.string(),
|
|
2106
|
+
keyHint: z.string(),
|
|
2107
|
+
status: z.enum(["active", "revoked"]),
|
|
2108
|
+
rotatedFromSecretRef: z.string().optional(),
|
|
2109
|
+
revokedAt: z.number().optional(),
|
|
2110
|
+
revokedBy: z.string().optional(),
|
|
2111
|
+
lastUsedAt: z.number().optional(),
|
|
2112
|
+
metadata: z.record(z.any()).optional(),
|
|
2113
|
+
createdBy: z.string(),
|
|
2114
|
+
createdAt: z.number(),
|
|
2115
|
+
updatedAt: z.number()
|
|
1911
2116
|
}),
|
|
1912
2117
|
indices: [
|
|
1913
2118
|
{ kind: "index", name: "by_secretRef", columns: ["secretRef"] },
|
|
1914
2119
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1915
|
-
{
|
|
1916
|
-
|
|
2120
|
+
{
|
|
2121
|
+
kind: "index",
|
|
2122
|
+
name: "by_tenant_provider",
|
|
2123
|
+
columns: ["tenantId", "providerId"]
|
|
2124
|
+
},
|
|
2125
|
+
{
|
|
2126
|
+
kind: "index",
|
|
2127
|
+
name: "by_tenant_provider_status",
|
|
2128
|
+
columns: ["tenantId", "providerId", "status"]
|
|
2129
|
+
},
|
|
1917
2130
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1918
2131
|
]
|
|
1919
2132
|
});
|
|
@@ -1922,35 +2135,93 @@ defineTable({
|
|
|
1922
2135
|
component: "mc",
|
|
1923
2136
|
category: "runtime",
|
|
1924
2137
|
shape: z.object({
|
|
1925
|
-
|
|
1926
|
-
|
|
1927
|
-
|
|
1928
|
-
|
|
1929
|
-
|
|
1930
|
-
|
|
1931
|
-
|
|
1932
|
-
|
|
1933
|
-
|
|
1934
|
-
|
|
1935
|
-
|
|
1936
|
-
|
|
1937
|
-
|
|
1938
|
-
|
|
1939
|
-
|
|
1940
|
-
|
|
1941
|
-
|
|
1942
|
-
|
|
1943
|
-
|
|
1944
|
-
|
|
1945
|
-
|
|
1946
|
-
|
|
2138
|
+
usageId: z.string(),
|
|
2139
|
+
tenantId: idOf("tenants"),
|
|
2140
|
+
providerId: z.string(),
|
|
2141
|
+
modelSlotId: z.string(),
|
|
2142
|
+
secretRef: z.string(),
|
|
2143
|
+
proxyTokenId: z.string(),
|
|
2144
|
+
sessionId: z.string(),
|
|
2145
|
+
principalId: z.string(),
|
|
2146
|
+
workspaceId: z.string().optional(),
|
|
2147
|
+
modelId: z.string().optional(),
|
|
2148
|
+
requestPath: z.string(),
|
|
2149
|
+
status: z.enum(["success", "error"]),
|
|
2150
|
+
responseStatus: z.number().optional(),
|
|
2151
|
+
inputTokens: z.number().optional(),
|
|
2152
|
+
outputTokens: z.number().optional(),
|
|
2153
|
+
tokenCount: z.number().optional(),
|
|
2154
|
+
latencyMs: z.number(),
|
|
2155
|
+
estimatedCostUsd: z.number().optional(),
|
|
2156
|
+
failureCode: z.string().optional(),
|
|
2157
|
+
metadata: z.record(z.any()).optional(),
|
|
2158
|
+
createdAt: z.number(),
|
|
2159
|
+
updatedAt: z.number()
|
|
1947
2160
|
}),
|
|
1948
2161
|
indices: [
|
|
1949
2162
|
{ kind: "index", name: "by_usageId", columns: ["usageId"] },
|
|
1950
2163
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
|
|
1951
|
-
{
|
|
1952
|
-
|
|
1953
|
-
|
|
2164
|
+
{
|
|
2165
|
+
kind: "index",
|
|
2166
|
+
name: "by_tenant_provider",
|
|
2167
|
+
columns: ["tenantId", "providerId", "createdAt"]
|
|
2168
|
+
},
|
|
2169
|
+
{
|
|
2170
|
+
kind: "index",
|
|
2171
|
+
name: "by_proxyTokenId",
|
|
2172
|
+
columns: ["proxyTokenId", "createdAt"]
|
|
2173
|
+
},
|
|
2174
|
+
{
|
|
2175
|
+
kind: "index",
|
|
2176
|
+
name: "by_sessionId",
|
|
2177
|
+
columns: ["sessionId", "createdAt"]
|
|
2178
|
+
}
|
|
2179
|
+
]
|
|
2180
|
+
});
|
|
2181
|
+
defineTable({
|
|
2182
|
+
name: "controlPlaneTenantProxyTokenLeases",
|
|
2183
|
+
component: "mc",
|
|
2184
|
+
category: "runtime",
|
|
2185
|
+
shape: z.object({
|
|
2186
|
+
leaseId: z.string(),
|
|
2187
|
+
proxyTokenId: z.string(),
|
|
2188
|
+
tenantId: idOf("tenants"),
|
|
2189
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2190
|
+
environment: z.enum(["dev", "staging", "prod"]),
|
|
2191
|
+
providerId: z.string(),
|
|
2192
|
+
modelSlotId: z.string(),
|
|
2193
|
+
bindingId: z.string(),
|
|
2194
|
+
secretRef: z.string(),
|
|
2195
|
+
sessionId: z.string(),
|
|
2196
|
+
principalId: z.string(),
|
|
2197
|
+
agentSessionId: z.string().optional(),
|
|
2198
|
+
status: z.enum(["active", "revoked"]),
|
|
2199
|
+
expiresAt: z.number(),
|
|
2200
|
+
renewedAt: z.number().optional(),
|
|
2201
|
+
revokedAt: z.number().optional(),
|
|
2202
|
+
revokedBy: z.string().optional(),
|
|
2203
|
+
revokeReason: z.string().optional(),
|
|
2204
|
+
permitDecisionLogId: idOf("policyDecisionLogs").optional(),
|
|
2205
|
+
permitTraceId: z.string().optional(),
|
|
2206
|
+
metadata: z.record(z.any()).optional(),
|
|
2207
|
+
createdAt: z.number(),
|
|
2208
|
+
updatedAt: z.number()
|
|
2209
|
+
}),
|
|
2210
|
+
indices: [
|
|
2211
|
+
{ kind: "index", name: "by_leaseId", columns: ["leaseId"] },
|
|
2212
|
+
{ kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId"] },
|
|
2213
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
|
|
2214
|
+
{ kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] },
|
|
2215
|
+
{
|
|
2216
|
+
kind: "index",
|
|
2217
|
+
name: "by_principalId",
|
|
2218
|
+
columns: ["principalId", "createdAt"]
|
|
2219
|
+
},
|
|
2220
|
+
{
|
|
2221
|
+
kind: "index",
|
|
2222
|
+
name: "by_status_expiresAt",
|
|
2223
|
+
columns: ["status", "expiresAt"]
|
|
2224
|
+
}
|
|
1954
2225
|
]
|
|
1955
2226
|
});
|
|
1956
2227
|
defineTable({
|
|
@@ -2283,6 +2554,7 @@ defineTable({
|
|
|
2283
2554
|
"questionType": z.enum(["validation", "falsification", "assumption_probe", "prediction_test", "counterfactual", "discovery", "clarification", "comparison", "causal", "mechanism", "general"]).optional(),
|
|
2284
2555
|
"questionPriority": z.enum(["critical", "high", "medium", "low"]).optional(),
|
|
2285
2556
|
"answerQuality": z.enum(["definitive", "strong", "moderate", "weak", "speculative", "unanswered"]).optional(),
|
|
2557
|
+
"themeStatus": z.enum(["emerging", "active", "mature", "declining", "archived"]).optional(),
|
|
2286
2558
|
"themeConviction": z.enum(["high", "medium", "low", "negative"]).optional(),
|
|
2287
2559
|
"decisionType": z.enum(["invest", "pass", "follow_on", "exit", "deep_dive", "monitor", "deprioritize", "thesis_adopt", "thesis_revise", "thesis_abandon"]).optional(),
|
|
2288
2560
|
"decisionOutcome": z.enum(["pending", "successful", "unsuccessful", "mixed", "unknown"]).optional(),
|
|
@@ -2433,6 +2705,7 @@ defineTable({
|
|
|
2433
2705
|
indices: [
|
|
2434
2706
|
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
2435
2707
|
{ kind: "index", name: "by_principal_tenant", columns: ["principalId", "tenantId"] },
|
|
2708
|
+
{ kind: "index", name: "by_principal_tenant_workspace", columns: ["principalId", "tenantId", "workspaceId"] },
|
|
2436
2709
|
{ kind: "index", name: "by_workspace_principal", columns: ["workspaceId", "principalId"] },
|
|
2437
2710
|
{ kind: "index", name: "by_tenant_role", columns: ["tenantId", "role"] },
|
|
2438
2711
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
@@ -2464,6 +2737,36 @@ defineTable({
|
|
|
2464
2737
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
2465
2738
|
]
|
|
2466
2739
|
});
|
|
2740
|
+
defineTable({
|
|
2741
|
+
name: "principalIdentityAliases",
|
|
2742
|
+
component: "mc",
|
|
2743
|
+
category: "identity",
|
|
2744
|
+
shape: z.object({
|
|
2745
|
+
"principalId": z.string(),
|
|
2746
|
+
"principalRefId": idOf("principals").optional(),
|
|
2747
|
+
"provider": z.string(),
|
|
2748
|
+
"providerProjectId": z.string().optional(),
|
|
2749
|
+
"externalSubjectId": z.string(),
|
|
2750
|
+
"tenantId": idOf("tenants").optional(),
|
|
2751
|
+
"workspaceId": idOf("workspaces").optional(),
|
|
2752
|
+
"email": z.string().optional(),
|
|
2753
|
+
"status": z.enum(["active", "revoked"]),
|
|
2754
|
+
"metadata": z.record(z.any()).optional(),
|
|
2755
|
+
"createdBy": z.string(),
|
|
2756
|
+
"revokedAt": z.number().optional(),
|
|
2757
|
+
"revokedBy": z.string().optional(),
|
|
2758
|
+
"createdAt": z.number(),
|
|
2759
|
+
"updatedAt": z.number()
|
|
2760
|
+
}),
|
|
2761
|
+
indices: [
|
|
2762
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "externalSubjectId"] },
|
|
2763
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "externalSubjectId"] },
|
|
2764
|
+
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
2765
|
+
{ kind: "index", name: "by_principal_status", columns: ["principalId", "status"] },
|
|
2766
|
+
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "externalSubjectId"] },
|
|
2767
|
+
{ kind: "index", name: "by_workspace_provider_subject", columns: ["workspaceId", "provider", "externalSubjectId"] }
|
|
2768
|
+
]
|
|
2769
|
+
});
|
|
2467
2770
|
defineTable({
|
|
2468
2771
|
name: "rateLimitWindows",
|
|
2469
2772
|
component: "mc",
|
|
@@ -3053,7 +3356,7 @@ defineTable({
|
|
|
3053
3356
|
});
|
|
3054
3357
|
defineTable({
|
|
3055
3358
|
name: "mcpWritePolicy",
|
|
3056
|
-
component: "
|
|
3359
|
+
component: "control-plane",
|
|
3057
3360
|
category: "platform",
|
|
3058
3361
|
shape: z.object({
|
|
3059
3362
|
"topicId": z.string().optional(),
|
|
@@ -3076,7 +3379,7 @@ defineTable({
|
|
|
3076
3379
|
});
|
|
3077
3380
|
defineTable({
|
|
3078
3381
|
name: "platformAudienceGrants",
|
|
3079
|
-
component: "
|
|
3382
|
+
component: "control-plane",
|
|
3080
3383
|
category: "platform",
|
|
3081
3384
|
shape: z.object({
|
|
3082
3385
|
"tenantId": z.string(),
|
|
@@ -3102,7 +3405,7 @@ defineTable({
|
|
|
3102
3405
|
});
|
|
3103
3406
|
defineTable({
|
|
3104
3407
|
name: "platformAudiences",
|
|
3105
|
-
component: "
|
|
3408
|
+
component: "control-plane",
|
|
3106
3409
|
category: "platform",
|
|
3107
3410
|
shape: z.object({
|
|
3108
3411
|
"tenantId": z.string(),
|
|
@@ -3127,7 +3430,7 @@ defineTable({
|
|
|
3127
3430
|
});
|
|
3128
3431
|
defineTable({
|
|
3129
3432
|
name: "platformPolicyDecisionLogs",
|
|
3130
|
-
component: "
|
|
3433
|
+
component: "control-plane",
|
|
3131
3434
|
category: "platform",
|
|
3132
3435
|
shape: z.object({
|
|
3133
3436
|
"principalId": z.string(),
|
|
@@ -3163,7 +3466,7 @@ defineTable({
|
|
|
3163
3466
|
});
|
|
3164
3467
|
defineTable({
|
|
3165
3468
|
name: "tenantApiKeys",
|
|
3166
|
-
component: "
|
|
3469
|
+
component: "control-plane",
|
|
3167
3470
|
category: "platform",
|
|
3168
3471
|
shape: z.object({
|
|
3169
3472
|
"tenantId": z.string(),
|
|
@@ -3190,7 +3493,7 @@ defineTable({
|
|
|
3190
3493
|
});
|
|
3191
3494
|
defineTable({
|
|
3192
3495
|
name: "tenantConfig",
|
|
3193
|
-
component: "
|
|
3496
|
+
component: "control-plane",
|
|
3194
3497
|
category: "platform",
|
|
3195
3498
|
shape: z.object({
|
|
3196
3499
|
"tenantId": z.string(),
|
|
@@ -3209,7 +3512,7 @@ defineTable({
|
|
|
3209
3512
|
});
|
|
3210
3513
|
defineTable({
|
|
3211
3514
|
name: "tenantIntegrations",
|
|
3212
|
-
component: "
|
|
3515
|
+
component: "control-plane",
|
|
3213
3516
|
category: "platform",
|
|
3214
3517
|
shape: z.object({
|
|
3215
3518
|
"tenantId": z.string(),
|
|
@@ -3264,7 +3567,7 @@ defineTable({
|
|
|
3264
3567
|
});
|
|
3265
3568
|
defineTable({
|
|
3266
3569
|
name: "tenantModelSlotBindings",
|
|
3267
|
-
component: "
|
|
3570
|
+
component: "control-plane",
|
|
3268
3571
|
category: "platform",
|
|
3269
3572
|
shape: z.object({
|
|
3270
3573
|
"bindingId": z.string(),
|
|
@@ -3292,7 +3595,7 @@ defineTable({
|
|
|
3292
3595
|
});
|
|
3293
3596
|
defineTable({
|
|
3294
3597
|
name: "tenantPolicies",
|
|
3295
|
-
component: "
|
|
3598
|
+
component: "control-plane",
|
|
3296
3599
|
category: "platform",
|
|
3297
3600
|
shape: z.object({
|
|
3298
3601
|
"tenantId": z.string(),
|
|
@@ -3317,7 +3620,7 @@ defineTable({
|
|
|
3317
3620
|
});
|
|
3318
3621
|
defineTable({
|
|
3319
3622
|
name: "tenantProviderSecrets",
|
|
3320
|
-
component: "
|
|
3623
|
+
component: "control-plane",
|
|
3321
3624
|
category: "platform",
|
|
3322
3625
|
shape: z.object({
|
|
3323
3626
|
"secretRef": z.string(),
|
|
@@ -3348,7 +3651,7 @@ defineTable({
|
|
|
3348
3651
|
});
|
|
3349
3652
|
defineTable({
|
|
3350
3653
|
name: "tenantProxyGatewayUsage",
|
|
3351
|
-
component: "
|
|
3654
|
+
component: "control-plane",
|
|
3352
3655
|
category: "platform",
|
|
3353
3656
|
shape: z.object({
|
|
3354
3657
|
"usageId": z.string(),
|
|
@@ -3383,7 +3686,7 @@ defineTable({
|
|
|
3383
3686
|
});
|
|
3384
3687
|
defineTable({
|
|
3385
3688
|
name: "tenantProxyTokenMints",
|
|
3386
|
-
component: "
|
|
3689
|
+
component: "control-plane",
|
|
3387
3690
|
category: "platform",
|
|
3388
3691
|
shape: z.object({
|
|
3389
3692
|
"proxyTokenId": z.string(),
|
|
@@ -3406,7 +3709,7 @@ defineTable({
|
|
|
3406
3709
|
});
|
|
3407
3710
|
defineTable({
|
|
3408
3711
|
name: "tenantSandboxAuditEvents",
|
|
3409
|
-
component: "
|
|
3712
|
+
component: "control-plane",
|
|
3410
3713
|
category: "platform",
|
|
3411
3714
|
shape: z.object({
|
|
3412
3715
|
"eventId": z.string(),
|
|
@@ -3440,7 +3743,7 @@ defineTable({
|
|
|
3440
3743
|
});
|
|
3441
3744
|
defineTable({
|
|
3442
3745
|
name: "tenantSecrets",
|
|
3443
|
-
component: "
|
|
3746
|
+
component: "control-plane",
|
|
3444
3747
|
category: "platform",
|
|
3445
3748
|
shape: z.object({
|
|
3446
3749
|
"tenantId": z.string(),
|
|
@@ -3462,7 +3765,7 @@ defineTable({
|
|
|
3462
3765
|
});
|
|
3463
3766
|
defineTable({
|
|
3464
3767
|
name: "toolAcls",
|
|
3465
|
-
component: "
|
|
3768
|
+
component: "control-plane",
|
|
3466
3769
|
category: "platform",
|
|
3467
3770
|
shape: z.object({
|
|
3468
3771
|
"role": z.enum(["platform_admin", "tenant_admin", "workspace_admin", "editor", "viewer", "auditor", "service_agent"]),
|
|
@@ -3477,7 +3780,7 @@ defineTable({
|
|
|
3477
3780
|
});
|
|
3478
3781
|
defineTable({
|
|
3479
3782
|
name: "toolRegistry",
|
|
3480
|
-
component: "
|
|
3783
|
+
component: "control-plane",
|
|
3481
3784
|
category: "platform",
|
|
3482
3785
|
shape: z.object({
|
|
3483
3786
|
"toolName": z.string(),
|
|
@@ -3558,7 +3861,7 @@ defineTable({
|
|
|
3558
3861
|
});
|
|
3559
3862
|
defineTable({
|
|
3560
3863
|
name: "modelCallLogs",
|
|
3561
|
-
component: "
|
|
3864
|
+
component: "control-plane",
|
|
3562
3865
|
category: "model",
|
|
3563
3866
|
shape: z.object({
|
|
3564
3867
|
"slot": z.string(),
|
|
@@ -3584,7 +3887,7 @@ defineTable({
|
|
|
3584
3887
|
});
|
|
3585
3888
|
defineTable({
|
|
3586
3889
|
name: "modelFunctionSlots",
|
|
3587
|
-
component: "
|
|
3890
|
+
component: "control-plane",
|
|
3588
3891
|
category: "model",
|
|
3589
3892
|
shape: z.object({
|
|
3590
3893
|
"slot": z.string(),
|
|
@@ -3609,7 +3912,7 @@ defineTable({
|
|
|
3609
3912
|
});
|
|
3610
3913
|
defineTable({
|
|
3611
3914
|
name: "modelRegistry",
|
|
3612
|
-
component: "
|
|
3915
|
+
component: "control-plane",
|
|
3613
3916
|
category: "model",
|
|
3614
3917
|
shape: z.object({
|
|
3615
3918
|
"key": z.string(),
|
|
@@ -3636,7 +3939,7 @@ defineTable({
|
|
|
3636
3939
|
});
|
|
3637
3940
|
defineTable({
|
|
3638
3941
|
name: "modelSlotConfigs",
|
|
3639
|
-
component: "
|
|
3942
|
+
component: "control-plane",
|
|
3640
3943
|
category: "model",
|
|
3641
3944
|
shape: z.object({
|
|
3642
3945
|
"slot": z.string(),
|
|
@@ -4023,7 +4326,7 @@ defineTable({
|
|
|
4023
4326
|
"workspaceId": idOf("workspaces").optional(),
|
|
4024
4327
|
"resourceType": z.string(),
|
|
4025
4328
|
"resourceId": z.string(),
|
|
4026
|
-
"action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote"]),
|
|
4329
|
+
"action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote", "route", "invoke", "manage", "deploy", "promote", "rollback", "audit", "read_ref", "fetch_value", "rotate", "administer", "mint", "delegate", "revoke"]),
|
|
4027
4330
|
"decision": z.enum(["allow", "deny"]),
|
|
4028
4331
|
"reasonCode": z.string(),
|
|
4029
4332
|
"policyVersion": z.string(),
|
|
@@ -4085,7 +4388,7 @@ defineTable({
|
|
|
4085
4388
|
});
|
|
4086
4389
|
defineTable({
|
|
4087
4390
|
name: "projectGrants",
|
|
4088
|
-
component: "
|
|
4391
|
+
component: "control-plane",
|
|
4089
4392
|
category: "project",
|
|
4090
4393
|
shape: z.object({
|
|
4091
4394
|
"projectId": z.string().optional(),
|
|
@@ -4117,66 +4420,710 @@ defineTable({
|
|
|
4117
4420
|
{ kind: "index", name: "by_topic_cluster_status", columns: ["topicId", "beliefClusterId", "status"] }
|
|
4118
4421
|
]
|
|
4119
4422
|
});
|
|
4423
|
+
var permitActorType = z.enum([
|
|
4424
|
+
"human",
|
|
4425
|
+
"agent",
|
|
4426
|
+
"service_principal",
|
|
4427
|
+
"external_stakeholder",
|
|
4428
|
+
"system"
|
|
4429
|
+
]);
|
|
4430
|
+
var permitMembershipStatus = z.enum([
|
|
4431
|
+
"active",
|
|
4432
|
+
"invited",
|
|
4433
|
+
"revoked",
|
|
4434
|
+
"suspended",
|
|
4435
|
+
"disabled"
|
|
4436
|
+
]);
|
|
4437
|
+
var permitDecision = z.enum(["allow", "deny"]);
|
|
4438
|
+
var permitAccessReviewStatus = z.enum([
|
|
4439
|
+
"open",
|
|
4440
|
+
"in_progress",
|
|
4441
|
+
"approved",
|
|
4442
|
+
"denied",
|
|
4443
|
+
"expired",
|
|
4444
|
+
"cancelled"
|
|
4445
|
+
]);
|
|
4446
|
+
var permitReviewScope = z.enum([
|
|
4447
|
+
"tenant",
|
|
4448
|
+
"workspace",
|
|
4449
|
+
"resource_instance",
|
|
4450
|
+
"group",
|
|
4451
|
+
"principal",
|
|
4452
|
+
"api_key",
|
|
4453
|
+
"admin_action"
|
|
4454
|
+
]);
|
|
4455
|
+
var permitRecordStatus = z.enum([
|
|
4456
|
+
"queued",
|
|
4457
|
+
"inflight",
|
|
4458
|
+
"completed",
|
|
4459
|
+
"failed",
|
|
4460
|
+
"skipped",
|
|
4461
|
+
"stale"
|
|
4462
|
+
]);
|
|
4463
|
+
var permitObjectType = z.enum([
|
|
4464
|
+
"resource",
|
|
4465
|
+
"role",
|
|
4466
|
+
"resource_role",
|
|
4467
|
+
"resource_relation",
|
|
4468
|
+
"tenant",
|
|
4469
|
+
"workspace",
|
|
4470
|
+
"principal",
|
|
4471
|
+
"membership",
|
|
4472
|
+
"group",
|
|
4473
|
+
"resource_instance",
|
|
4474
|
+
"relationship_tuple",
|
|
4475
|
+
"role_assignment",
|
|
4476
|
+
"attribute_binding",
|
|
4477
|
+
"policy_bundle"
|
|
4478
|
+
]);
|
|
4479
|
+
var permitOutboxOperation = z.enum([
|
|
4480
|
+
"upsert",
|
|
4481
|
+
"delete",
|
|
4482
|
+
"sync",
|
|
4483
|
+
"resync",
|
|
4484
|
+
"delete_sync",
|
|
4485
|
+
"noop"
|
|
4486
|
+
]);
|
|
4487
|
+
var permitPolicyBundleStatus = z.enum([
|
|
4488
|
+
"draft",
|
|
4489
|
+
"validated",
|
|
4490
|
+
"enforced",
|
|
4491
|
+
"archived"
|
|
4492
|
+
]);
|
|
4493
|
+
var permitSyncStatus = z.enum([
|
|
4494
|
+
"pending",
|
|
4495
|
+
"synced",
|
|
4496
|
+
"error",
|
|
4497
|
+
"skipped"
|
|
4498
|
+
]);
|
|
4499
|
+
var permitAccessReviewSubjectType = z.enum([
|
|
4500
|
+
"principal",
|
|
4501
|
+
"group",
|
|
4502
|
+
"role_assignment",
|
|
4503
|
+
"resource_instance"
|
|
4504
|
+
]);
|
|
4505
|
+
var permitAttributeType = z.enum([
|
|
4506
|
+
"string",
|
|
4507
|
+
"number",
|
|
4508
|
+
"bool",
|
|
4509
|
+
"json",
|
|
4510
|
+
"time"
|
|
4511
|
+
]);
|
|
4512
|
+
var permitAttributeOperator = z.enum([
|
|
4513
|
+
"eq",
|
|
4514
|
+
"neq",
|
|
4515
|
+
"in",
|
|
4516
|
+
"not_in",
|
|
4517
|
+
"gt",
|
|
4518
|
+
"gte",
|
|
4519
|
+
"lt",
|
|
4520
|
+
"lte",
|
|
4521
|
+
"contains",
|
|
4522
|
+
"not_contains",
|
|
4523
|
+
"matches"
|
|
4524
|
+
]);
|
|
4525
|
+
var permitRoleBindingTarget = z.enum([
|
|
4526
|
+
"principal",
|
|
4527
|
+
"group"
|
|
4528
|
+
]);
|
|
4120
4529
|
defineTable({
|
|
4121
|
-
name: "
|
|
4122
|
-
component: "
|
|
4123
|
-
category: "
|
|
4530
|
+
name: "permitPrincipals",
|
|
4531
|
+
component: "control-plane",
|
|
4532
|
+
category: "access-control",
|
|
4124
4533
|
shape: z.object({
|
|
4125
|
-
|
|
4126
|
-
|
|
4127
|
-
|
|
4128
|
-
|
|
4129
|
-
|
|
4130
|
-
|
|
4131
|
-
|
|
4132
|
-
|
|
4133
|
-
|
|
4134
|
-
|
|
4135
|
-
|
|
4534
|
+
principalId: z.string(),
|
|
4535
|
+
tenantId: z.string(),
|
|
4536
|
+
workspaceId: z.optional(z.string()),
|
|
4537
|
+
principalType: permitActorType,
|
|
4538
|
+
status: permitMembershipStatus,
|
|
4539
|
+
displayName: z.string().optional(),
|
|
4540
|
+
metadata: z.record(z.any()).optional(),
|
|
4541
|
+
createdBy: z.string(),
|
|
4542
|
+
createdAt: z.number(),
|
|
4543
|
+
updatedAt: z.number(),
|
|
4544
|
+
updatedBy: z.string().optional(),
|
|
4545
|
+
lastSeenAt: z.number().optional()
|
|
4136
4546
|
}),
|
|
4137
4547
|
indices: [
|
|
4138
|
-
{ kind: "index", name: "
|
|
4139
|
-
{ kind: "index", name: "
|
|
4140
|
-
{ kind: "index", name: "
|
|
4141
|
-
{ kind: "index", name: "
|
|
4548
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4549
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4550
|
+
{ kind: "index", name: "by_tenant_principalId", columns: ["tenantId", "principalId"] },
|
|
4551
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4552
|
+
{
|
|
4553
|
+
kind: "index",
|
|
4554
|
+
name: "by_tenant_principalType_status",
|
|
4555
|
+
columns: ["tenantId", "principalType", "status"]
|
|
4556
|
+
}
|
|
4142
4557
|
]
|
|
4143
4558
|
});
|
|
4144
4559
|
defineTable({
|
|
4145
|
-
name: "
|
|
4146
|
-
component: "
|
|
4147
|
-
category: "
|
|
4560
|
+
name: "permitPrincipalAliases",
|
|
4561
|
+
component: "control-plane",
|
|
4562
|
+
category: "access-control",
|
|
4148
4563
|
shape: z.object({
|
|
4149
|
-
|
|
4150
|
-
|
|
4151
|
-
|
|
4152
|
-
|
|
4153
|
-
|
|
4154
|
-
|
|
4155
|
-
|
|
4156
|
-
|
|
4157
|
-
|
|
4158
|
-
|
|
4159
|
-
|
|
4160
|
-
|
|
4161
|
-
|
|
4564
|
+
principalId: z.string(),
|
|
4565
|
+
tenantId: z.string(),
|
|
4566
|
+
workspaceId: z.optional(z.string()),
|
|
4567
|
+
provider: z.string(),
|
|
4568
|
+
providerSubjectId: z.string(),
|
|
4569
|
+
providerProjectId: z.string().optional(),
|
|
4570
|
+
alias: z.string(),
|
|
4571
|
+
aliasKind: z.string(),
|
|
4572
|
+
status: permitMembershipStatus,
|
|
4573
|
+
metadata: z.record(z.any()).optional(),
|
|
4574
|
+
createdBy: z.string(),
|
|
4575
|
+
createdAt: z.number(),
|
|
4576
|
+
updatedAt: z.number(),
|
|
4577
|
+
revokedBy: z.string().optional(),
|
|
4578
|
+
revokedAt: z.number().optional(),
|
|
4579
|
+
updatedBy: z.string().optional()
|
|
4162
4580
|
}),
|
|
4163
4581
|
indices: [
|
|
4164
|
-
{ kind: "index", name: "
|
|
4165
|
-
{ kind: "index", name: "
|
|
4166
|
-
{ kind: "index", name: "
|
|
4582
|
+
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
4583
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "providerSubjectId"] },
|
|
4584
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "providerSubjectId"] },
|
|
4585
|
+
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
|
|
4586
|
+
{ kind: "index", name: "by_tenant_provider_project_subject", columns: ["tenantId", "provider", "providerProjectId", "providerSubjectId"] },
|
|
4587
|
+
{
|
|
4588
|
+
kind: "index",
|
|
4589
|
+
name: "by_tenant_provider_alias",
|
|
4590
|
+
columns: ["tenantId", "provider", "alias"]
|
|
4591
|
+
},
|
|
4592
|
+
{ kind: "index", name: "by_tenant_alias", columns: ["tenantId", "alias"] },
|
|
4593
|
+
{
|
|
4594
|
+
kind: "index",
|
|
4595
|
+
name: "by_tenant_provider_status",
|
|
4596
|
+
columns: ["tenantId", "provider", "status"]
|
|
4597
|
+
}
|
|
4167
4598
|
]
|
|
4168
4599
|
});
|
|
4169
4600
|
defineTable({
|
|
4170
|
-
name: "
|
|
4171
|
-
component: "
|
|
4172
|
-
category: "
|
|
4601
|
+
name: "permitGroups",
|
|
4602
|
+
component: "control-plane",
|
|
4603
|
+
category: "access-control",
|
|
4173
4604
|
shape: z.object({
|
|
4174
|
-
|
|
4175
|
-
|
|
4176
|
-
|
|
4177
|
-
|
|
4178
|
-
|
|
4179
|
-
|
|
4605
|
+
tenantId: z.string(),
|
|
4606
|
+
workspaceId: z.optional(z.string()),
|
|
4607
|
+
groupId: z.string(),
|
|
4608
|
+
groupKey: z.string(),
|
|
4609
|
+
groupName: z.string(),
|
|
4610
|
+
groupType: z.enum(["tenant", "workspace", "external", "system", "dynamic"]),
|
|
4611
|
+
status: permitMembershipStatus,
|
|
4612
|
+
description: z.string().optional(),
|
|
4613
|
+
metadata: z.record(z.any()).optional(),
|
|
4614
|
+
createdBy: z.string(),
|
|
4615
|
+
createdAt: z.number(),
|
|
4616
|
+
updatedAt: z.number(),
|
|
4617
|
+
updatedBy: z.string().optional()
|
|
4618
|
+
}),
|
|
4619
|
+
indices: [
|
|
4620
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4621
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4622
|
+
{ kind: "index", name: "by_tenant_groupId", columns: ["tenantId", "groupId"] },
|
|
4623
|
+
{ kind: "index", name: "by_tenant_groupKey", columns: ["tenantId", "groupKey"] },
|
|
4624
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4625
|
+
]
|
|
4626
|
+
});
|
|
4627
|
+
defineTable({
|
|
4628
|
+
name: "permitGroupMemberships",
|
|
4629
|
+
component: "control-plane",
|
|
4630
|
+
category: "access-control",
|
|
4631
|
+
shape: z.object({
|
|
4632
|
+
tenantId: z.string(),
|
|
4633
|
+
workspaceId: z.optional(z.string()),
|
|
4634
|
+
groupId: z.string(),
|
|
4635
|
+
memberType: z.enum(["principal", "group"]),
|
|
4636
|
+
memberId: z.string(),
|
|
4637
|
+
principalId: z.string().optional(),
|
|
4638
|
+
childGroupId: z.string().optional(),
|
|
4639
|
+
status: permitMembershipStatus,
|
|
4640
|
+
addedBy: z.string().optional(),
|
|
4641
|
+
revokedBy: z.string().optional(),
|
|
4642
|
+
expiresAt: z.number().optional(),
|
|
4643
|
+
revocationReason: z.string().optional(),
|
|
4644
|
+
metadata: z.record(z.any()).optional(),
|
|
4645
|
+
createdAt: z.number(),
|
|
4646
|
+
updatedAt: z.number(),
|
|
4647
|
+
updatedBy: z.string().optional()
|
|
4648
|
+
}),
|
|
4649
|
+
indices: [
|
|
4650
|
+
{ kind: "index", name: "by_tenant_principal", columns: ["tenantId", "principalId"] },
|
|
4651
|
+
{ kind: "index", name: "by_tenant_member", columns: ["tenantId", "memberType", "memberId"] },
|
|
4652
|
+
{
|
|
4653
|
+
kind: "index",
|
|
4654
|
+
name: "by_tenant_member_group",
|
|
4655
|
+
columns: ["tenantId", "memberType", "memberId", "groupId"]
|
|
4656
|
+
},
|
|
4657
|
+
{ kind: "index", name: "by_tenant_group", columns: ["tenantId", "groupId"] },
|
|
4658
|
+
{ kind: "index", name: "by_member_group", columns: ["memberType", "memberId", "groupId"] },
|
|
4659
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4660
|
+
{
|
|
4661
|
+
kind: "index",
|
|
4662
|
+
name: "by_workspace_principal",
|
|
4663
|
+
columns: ["workspaceId", "principalId"]
|
|
4664
|
+
}
|
|
4665
|
+
]
|
|
4666
|
+
});
|
|
4667
|
+
defineTable({
|
|
4668
|
+
name: "permitResourceInstances",
|
|
4669
|
+
component: "control-plane",
|
|
4670
|
+
category: "access-control",
|
|
4671
|
+
shape: z.object({
|
|
4672
|
+
tenantId: z.string(),
|
|
4673
|
+
workspaceId: z.optional(z.string()),
|
|
4674
|
+
resourceType: z.string(),
|
|
4675
|
+
resourceKey: z.string(),
|
|
4676
|
+
resourceId: z.string(),
|
|
4677
|
+
status: z.enum(["active", "deleted", "archived"]),
|
|
4678
|
+
attributes: z.record(z.any()).optional(),
|
|
4679
|
+
ownerPrincipalId: z.string().optional(),
|
|
4680
|
+
metadata: z.record(z.any()).optional(),
|
|
4681
|
+
createdBy: z.string(),
|
|
4682
|
+
updatedBy: z.string().optional(),
|
|
4683
|
+
createdAt: z.number(),
|
|
4684
|
+
updatedAt: z.number()
|
|
4685
|
+
}),
|
|
4686
|
+
indices: [
|
|
4687
|
+
{
|
|
4688
|
+
kind: "index",
|
|
4689
|
+
name: "by_tenant_resource_type",
|
|
4690
|
+
columns: ["tenantId", "resourceType"]
|
|
4691
|
+
},
|
|
4692
|
+
{
|
|
4693
|
+
kind: "index",
|
|
4694
|
+
name: "by_tenant_resource_key",
|
|
4695
|
+
columns: ["tenantId", "resourceType", "resourceKey"]
|
|
4696
|
+
},
|
|
4697
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4698
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4699
|
+
{
|
|
4700
|
+
kind: "index",
|
|
4701
|
+
name: "by_tenant_status",
|
|
4702
|
+
columns: ["tenantId", "status"]
|
|
4703
|
+
},
|
|
4704
|
+
{
|
|
4705
|
+
kind: "index",
|
|
4706
|
+
name: "by_ownerPrincipalId",
|
|
4707
|
+
columns: ["ownerPrincipalId"]
|
|
4708
|
+
}
|
|
4709
|
+
]
|
|
4710
|
+
});
|
|
4711
|
+
defineTable({
|
|
4712
|
+
name: "permitRoleAssignments",
|
|
4713
|
+
component: "control-plane",
|
|
4714
|
+
category: "access-control",
|
|
4715
|
+
shape: z.object({
|
|
4716
|
+
tenantId: z.string(),
|
|
4717
|
+
workspaceId: z.optional(z.string()),
|
|
4718
|
+
role: z.string(),
|
|
4719
|
+
targetType: permitRoleBindingTarget,
|
|
4720
|
+
targetId: z.string(),
|
|
4721
|
+
resourceType: z.string(),
|
|
4722
|
+
resourceKey: z.string(),
|
|
4723
|
+
resourceInstanceId: z.string().optional(),
|
|
4724
|
+
status: permitMembershipStatus,
|
|
4725
|
+
expiresAt: z.number().optional(),
|
|
4726
|
+
attributes: z.record(z.any()).optional(),
|
|
4727
|
+
grantedBy: z.string().optional(),
|
|
4728
|
+
updatedBy: z.string().optional(),
|
|
4729
|
+
revokedBy: z.string().optional(),
|
|
4730
|
+
createdAt: z.number(),
|
|
4731
|
+
updatedAt: z.number()
|
|
4732
|
+
}),
|
|
4733
|
+
indices: [
|
|
4734
|
+
{
|
|
4735
|
+
kind: "index",
|
|
4736
|
+
name: "by_tenant_target",
|
|
4737
|
+
columns: ["tenantId", "targetType", "targetId"]
|
|
4738
|
+
},
|
|
4739
|
+
{
|
|
4740
|
+
kind: "index",
|
|
4741
|
+
name: "by_tenant_resource",
|
|
4742
|
+
columns: ["tenantId", "resourceType", "resourceKey"]
|
|
4743
|
+
},
|
|
4744
|
+
{
|
|
4745
|
+
kind: "index",
|
|
4746
|
+
name: "by_tenant_role",
|
|
4747
|
+
columns: ["tenantId", "role", "status"]
|
|
4748
|
+
},
|
|
4749
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4750
|
+
{
|
|
4751
|
+
kind: "index",
|
|
4752
|
+
name: "by_workspace_resource",
|
|
4753
|
+
columns: ["workspaceId", "resourceType", "resourceKey"]
|
|
4754
|
+
}
|
|
4755
|
+
]
|
|
4756
|
+
});
|
|
4757
|
+
defineTable({
|
|
4758
|
+
name: "permitRelationshipTuples",
|
|
4759
|
+
component: "control-plane",
|
|
4760
|
+
category: "access-control",
|
|
4761
|
+
shape: z.object({
|
|
4762
|
+
tenantId: z.string(),
|
|
4763
|
+
workspaceId: z.optional(z.string()),
|
|
4764
|
+
relation: z.string(),
|
|
4765
|
+
subject: z.string(),
|
|
4766
|
+
object: z.string(),
|
|
4767
|
+
resourceType: z.string().optional(),
|
|
4768
|
+
resourceKey: z.string().optional(),
|
|
4769
|
+
status: permitRecordStatus,
|
|
4770
|
+
attributes: z.record(z.any()).optional(),
|
|
4771
|
+
createdBy: z.string(),
|
|
4772
|
+
createdAt: z.number(),
|
|
4773
|
+
updatedAt: z.number(),
|
|
4774
|
+
lastSeenAt: z.number().optional(),
|
|
4775
|
+
updatedBy: z.string().optional()
|
|
4776
|
+
}),
|
|
4777
|
+
indices: [
|
|
4778
|
+
{ kind: "index", name: "by_tenant_subject", columns: ["tenantId", "subject"] },
|
|
4779
|
+
{ kind: "index", name: "by_tenant_object", columns: ["tenantId", "object"] },
|
|
4780
|
+
{ kind: "index", name: "by_tenant_relation", columns: ["tenantId", "relation"] },
|
|
4781
|
+
{
|
|
4782
|
+
kind: "index",
|
|
4783
|
+
name: "by_tenant_relation_subject",
|
|
4784
|
+
columns: ["tenantId", "relation", "subject"]
|
|
4785
|
+
},
|
|
4786
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4787
|
+
]
|
|
4788
|
+
});
|
|
4789
|
+
defineTable({
|
|
4790
|
+
name: "permitAttributeBindings",
|
|
4791
|
+
component: "control-plane",
|
|
4792
|
+
category: "access-control",
|
|
4793
|
+
shape: z.object({
|
|
4794
|
+
tenantId: z.string(),
|
|
4795
|
+
workspaceId: z.optional(z.string()),
|
|
4796
|
+
targetType: permitRoleBindingTarget,
|
|
4797
|
+
targetId: z.string(),
|
|
4798
|
+
attributeName: z.string(),
|
|
4799
|
+
attributeType: permitAttributeType,
|
|
4800
|
+
attributeOperator: permitAttributeOperator,
|
|
4801
|
+
attributeValue: z.any(),
|
|
4802
|
+
status: permitRecordStatus,
|
|
4803
|
+
source: z.string().optional(),
|
|
4804
|
+
sourceRef: z.string().optional(),
|
|
4805
|
+
metadata: z.record(z.any()).optional(),
|
|
4806
|
+
createdAt: z.number(),
|
|
4807
|
+
updatedAt: z.number(),
|
|
4808
|
+
createdBy: z.string(),
|
|
4809
|
+
updatedBy: z.string().optional(),
|
|
4810
|
+
expiresAt: z.number().optional()
|
|
4811
|
+
}),
|
|
4812
|
+
indices: [
|
|
4813
|
+
{
|
|
4814
|
+
kind: "index",
|
|
4815
|
+
name: "by_tenant_target",
|
|
4816
|
+
columns: ["tenantId", "targetType", "targetId"]
|
|
4817
|
+
},
|
|
4818
|
+
{
|
|
4819
|
+
kind: "index",
|
|
4820
|
+
name: "by_tenant_target_attribute",
|
|
4821
|
+
columns: ["tenantId", "targetType", "targetId", "attributeName"]
|
|
4822
|
+
},
|
|
4823
|
+
{
|
|
4824
|
+
kind: "index",
|
|
4825
|
+
name: "by_tenant_name",
|
|
4826
|
+
columns: ["tenantId", "attributeName"]
|
|
4827
|
+
},
|
|
4828
|
+
{
|
|
4829
|
+
kind: "index",
|
|
4830
|
+
name: "by_tenant_status",
|
|
4831
|
+
columns: ["tenantId", "status"]
|
|
4832
|
+
}
|
|
4833
|
+
]
|
|
4834
|
+
});
|
|
4835
|
+
defineTable({
|
|
4836
|
+
name: "permitPolicyBundles",
|
|
4837
|
+
component: "control-plane",
|
|
4838
|
+
category: "access-control",
|
|
4839
|
+
shape: z.object({
|
|
4840
|
+
tenantId: z.string(),
|
|
4841
|
+
workspaceId: z.optional(z.string()),
|
|
4842
|
+
bundleKey: z.string(),
|
|
4843
|
+
version: z.number(),
|
|
4844
|
+
status: permitPolicyBundleStatus,
|
|
4845
|
+
policyHash: z.string().optional(),
|
|
4846
|
+
policyPayload: z.record(z.any()),
|
|
4847
|
+
metadata: z.record(z.any()).optional(),
|
|
4848
|
+
createdBy: z.string(),
|
|
4849
|
+
reviewedBy: z.string().optional(),
|
|
4850
|
+
createdAt: z.number(),
|
|
4851
|
+
updatedAt: z.number(),
|
|
4852
|
+
retiredAt: z.number().optional()
|
|
4853
|
+
}),
|
|
4854
|
+
indices: [
|
|
4855
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4856
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4857
|
+
{
|
|
4858
|
+
kind: "index",
|
|
4859
|
+
name: "by_tenant_bundleKey",
|
|
4860
|
+
columns: ["tenantId", "bundleKey"]
|
|
4861
|
+
},
|
|
4862
|
+
{
|
|
4863
|
+
kind: "index",
|
|
4864
|
+
name: "by_tenant_bundle_version",
|
|
4865
|
+
columns: ["tenantId", "bundleKey", "version"]
|
|
4866
|
+
},
|
|
4867
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4868
|
+
]
|
|
4869
|
+
});
|
|
4870
|
+
defineTable({
|
|
4871
|
+
name: "permitProjectionOutbox",
|
|
4872
|
+
component: "control-plane",
|
|
4873
|
+
category: "access-control",
|
|
4874
|
+
shape: z.object({
|
|
4875
|
+
syncKey: z.string(),
|
|
4876
|
+
objectType: permitObjectType,
|
|
4877
|
+
objectId: z.string(),
|
|
4878
|
+
operation: permitOutboxOperation,
|
|
4879
|
+
payload: z.record(z.any()),
|
|
4880
|
+
status: permitRecordStatus,
|
|
4881
|
+
attemptCount: z.number(),
|
|
4882
|
+
nextAttemptAt: z.number().optional(),
|
|
4883
|
+
lastError: z.string().optional(),
|
|
4884
|
+
tenantId: z.string().optional(),
|
|
4885
|
+
workspaceId: z.optional(z.string()),
|
|
4886
|
+
principalId: z.string().optional(),
|
|
4887
|
+
permitTenantKey: z.string().optional(),
|
|
4888
|
+
permitResourceType: z.string().optional(),
|
|
4889
|
+
permitResourceKey: z.string().optional(),
|
|
4890
|
+
createdAt: z.number(),
|
|
4891
|
+
updatedAt: z.number(),
|
|
4892
|
+
lastHandledAt: z.number().optional()
|
|
4893
|
+
}),
|
|
4894
|
+
indices: [
|
|
4895
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
4896
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4897
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4898
|
+
{
|
|
4899
|
+
kind: "index",
|
|
4900
|
+
name: "by_tenant_status",
|
|
4901
|
+
columns: ["tenantId", "status"]
|
|
4902
|
+
},
|
|
4903
|
+
{
|
|
4904
|
+
kind: "index",
|
|
4905
|
+
name: "by_objectType",
|
|
4906
|
+
columns: ["objectType", "status"]
|
|
4907
|
+
}
|
|
4908
|
+
]
|
|
4909
|
+
});
|
|
4910
|
+
defineTable({
|
|
4911
|
+
name: "tenantPermitSyncStates",
|
|
4912
|
+
component: "control-plane",
|
|
4913
|
+
category: "access-control",
|
|
4914
|
+
shape: z.object({
|
|
4915
|
+
syncKey: z.string(),
|
|
4916
|
+
objectType: permitObjectType,
|
|
4917
|
+
objectId: z.string(),
|
|
4918
|
+
tenantId: z.string().optional(),
|
|
4919
|
+
workspaceId: z.string().optional(),
|
|
4920
|
+
principalId: z.string().optional(),
|
|
4921
|
+
permitTenantKey: z.string().optional(),
|
|
4922
|
+
permitResourceType: z.string().optional(),
|
|
4923
|
+
permitResourceKey: z.string().optional(),
|
|
4924
|
+
desiredPayload: z.record(z.any()),
|
|
4925
|
+
lastAppliedPayloadHash: z.string().optional(),
|
|
4926
|
+
status: permitSyncStatus,
|
|
4927
|
+
attemptCount: z.number(),
|
|
4928
|
+
lastError: z.string().optional(),
|
|
4929
|
+
nextAttemptAt: z.number().optional(),
|
|
4930
|
+
lastSyncedAt: z.number().optional(),
|
|
4931
|
+
createdBy: z.string(),
|
|
4932
|
+
updatedBy: z.string().optional(),
|
|
4933
|
+
createdAt: z.number(),
|
|
4934
|
+
updatedAt: z.number()
|
|
4935
|
+
}),
|
|
4936
|
+
indices: [
|
|
4937
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
4938
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4939
|
+
{
|
|
4940
|
+
kind: "index",
|
|
4941
|
+
name: "by_tenant_status",
|
|
4942
|
+
columns: ["tenantId", "status"]
|
|
4943
|
+
},
|
|
4944
|
+
{
|
|
4945
|
+
kind: "index",
|
|
4946
|
+
name: "by_workspace_status",
|
|
4947
|
+
columns: ["workspaceId", "status"]
|
|
4948
|
+
},
|
|
4949
|
+
{
|
|
4950
|
+
kind: "index",
|
|
4951
|
+
name: "by_principal_status",
|
|
4952
|
+
columns: ["principalId", "status"]
|
|
4953
|
+
}
|
|
4954
|
+
]
|
|
4955
|
+
});
|
|
4956
|
+
defineTable({
|
|
4957
|
+
name: "permitPolicyDecisionReceipts",
|
|
4958
|
+
component: "control-plane",
|
|
4959
|
+
category: "access-control",
|
|
4960
|
+
shape: z.object({
|
|
4961
|
+
tenantId: z.string().optional(),
|
|
4962
|
+
workspaceId: z.string().optional(),
|
|
4963
|
+
principalId: z.string(),
|
|
4964
|
+
subjectType: permitAccessReviewSubjectType.optional(),
|
|
4965
|
+
subjectId: z.string().optional(),
|
|
4966
|
+
resourceType: z.string(),
|
|
4967
|
+
resourceId: z.string(),
|
|
4968
|
+
action: z.string(),
|
|
4969
|
+
decision: permitDecision,
|
|
4970
|
+
reasonCode: z.string(),
|
|
4971
|
+
policyBundleId: z.string().optional(),
|
|
4972
|
+
policyVersion: z.string(),
|
|
4973
|
+
traceId: z.string().optional(),
|
|
4974
|
+
requestId: z.string().optional(),
|
|
4975
|
+
audienceMode: z.string().optional(),
|
|
4976
|
+
audienceKey: z.string().optional(),
|
|
4977
|
+
audienceClass: z.enum(["internal", "restricted_external", "public"]).optional(),
|
|
4978
|
+
metadata: z.record(z.any()).optional(),
|
|
4979
|
+
createdAt: z.number(),
|
|
4980
|
+
expiresAt: z.number().optional(),
|
|
4981
|
+
createdBy: z.string().optional()
|
|
4982
|
+
}),
|
|
4983
|
+
indices: [
|
|
4984
|
+
{ kind: "index", name: "by_principal_createdAt", columns: ["principalId", "createdAt"] },
|
|
4985
|
+
{ kind: "index", name: "by_tenant_createdAt", columns: ["tenantId", "createdAt"] },
|
|
4986
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId"] },
|
|
4987
|
+
{ kind: "index", name: "by_decision_createdAt", columns: ["decision", "createdAt"] },
|
|
4988
|
+
{ kind: "index", name: "by_traceId", columns: ["traceId"] },
|
|
4989
|
+
{ kind: "index", name: "by_action", columns: ["action"] }
|
|
4990
|
+
]
|
|
4991
|
+
});
|
|
4992
|
+
defineTable({
|
|
4993
|
+
name: "permitAccessReviews",
|
|
4994
|
+
component: "control-plane",
|
|
4995
|
+
category: "access-control",
|
|
4996
|
+
shape: z.object({
|
|
4997
|
+
tenantId: z.string(),
|
|
4998
|
+
workspaceId: z.optional(z.string()),
|
|
4999
|
+
reviewKey: z.string(),
|
|
5000
|
+
scope: permitReviewScope,
|
|
5001
|
+
status: permitAccessReviewStatus,
|
|
5002
|
+
subjectType: permitAccessReviewSubjectType,
|
|
5003
|
+
subjectId: z.string(),
|
|
5004
|
+
resourceType: z.string().optional(),
|
|
5005
|
+
resourceKey: z.string().optional(),
|
|
5006
|
+
outcome: z.enum(["allow", "deny"]).optional(),
|
|
5007
|
+
requestedBy: z.string(),
|
|
5008
|
+
reviewedBy: z.string().optional(),
|
|
5009
|
+
requestedAt: z.number(),
|
|
5010
|
+
reviewedAt: z.number().optional(),
|
|
5011
|
+
dueAt: z.number().optional(),
|
|
5012
|
+
justification: z.string().optional(),
|
|
5013
|
+
rationale: z.string().optional(),
|
|
5014
|
+
policyBundleId: z.string().optional(),
|
|
5015
|
+
metadata: z.record(z.any()).optional(),
|
|
5016
|
+
createdAt: z.number(),
|
|
5017
|
+
updatedAt: z.number()
|
|
5018
|
+
}),
|
|
5019
|
+
indices: [
|
|
5020
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
5021
|
+
{ kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
|
|
5022
|
+
{ kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
|
|
5023
|
+
{
|
|
5024
|
+
kind: "index",
|
|
5025
|
+
name: "by_tenant_subject",
|
|
5026
|
+
columns: ["tenantId", "subjectType", "subjectId"]
|
|
5027
|
+
},
|
|
5028
|
+
{ kind: "index", name: "by_outcome", columns: ["outcome"] },
|
|
5029
|
+
{
|
|
5030
|
+
kind: "index",
|
|
5031
|
+
name: "by_workspace_status",
|
|
5032
|
+
columns: ["workspaceId", "status"]
|
|
5033
|
+
}
|
|
5034
|
+
]
|
|
5035
|
+
});
|
|
5036
|
+
defineTable({
|
|
5037
|
+
name: "permitAccessReviewItems",
|
|
5038
|
+
component: "control-plane",
|
|
5039
|
+
category: "access-control",
|
|
5040
|
+
shape: z.object({
|
|
5041
|
+
reviewKey: z.string(),
|
|
5042
|
+
itemKey: z.string(),
|
|
5043
|
+
tenantId: z.string(),
|
|
5044
|
+
workspaceId: z.string().optional(),
|
|
5045
|
+
subjectType: permitAccessReviewSubjectType,
|
|
5046
|
+
subjectId: z.string(),
|
|
5047
|
+
resourceType: z.string().optional(),
|
|
5048
|
+
resourceKey: z.string().optional(),
|
|
5049
|
+
role: z.string().optional(),
|
|
5050
|
+
relation: z.string().optional(),
|
|
5051
|
+
status: z.enum(["open", "approved", "revoked", "changed", "deferred"]),
|
|
5052
|
+
reviewerId: z.string().optional(),
|
|
5053
|
+
decisionAt: z.number().optional(),
|
|
5054
|
+
rationale: z.string().optional(),
|
|
5055
|
+
metadata: z.record(z.any()).optional(),
|
|
5056
|
+
createdAt: z.number(),
|
|
5057
|
+
updatedAt: z.number()
|
|
5058
|
+
}),
|
|
5059
|
+
indices: [
|
|
5060
|
+
{ kind: "index", name: "by_reviewKey", columns: ["reviewKey"] },
|
|
5061
|
+
{ kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
|
|
5062
|
+
{ kind: "index", name: "by_tenant_itemKey", columns: ["tenantId", "itemKey"] },
|
|
5063
|
+
{ kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
|
|
5064
|
+
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
5065
|
+
]
|
|
5066
|
+
});
|
|
5067
|
+
defineTable({
|
|
5068
|
+
name: "reasoningPermissions",
|
|
5069
|
+
component: "control-plane",
|
|
5070
|
+
category: "epistemic",
|
|
5071
|
+
shape: z.object({
|
|
5072
|
+
"topicId": z.string().optional(),
|
|
5073
|
+
"principalId": z.string(),
|
|
5074
|
+
"nodeType": z.enum(["belief", "evidence", "action", "approval", "artifact"]),
|
|
5075
|
+
"action": z.enum(["view_conclusion", "view_evidence", "propose_action", "approve_action", "view_derived_artifact"]),
|
|
5076
|
+
"effect": z.enum(["allow", "deny"]),
|
|
5077
|
+
"policyReference": z.string().optional(),
|
|
5078
|
+
"rationale": z.string().optional(),
|
|
5079
|
+
"metadata": z.record(z.any()).optional(),
|
|
5080
|
+
"createdAt": z.number(),
|
|
5081
|
+
"createdBy": z.string(),
|
|
5082
|
+
"updatedAt": z.number()
|
|
5083
|
+
}),
|
|
5084
|
+
indices: [
|
|
5085
|
+
{ kind: "index", name: "by_topic_principal", columns: ["topicId", "principalId"] },
|
|
5086
|
+
{ kind: "index", name: "by_topic_principal_action", columns: ["topicId", "principalId", "action"] },
|
|
5087
|
+
{ kind: "index", name: "by_topic_principal_node_action", columns: ["topicId", "principalId", "nodeType", "action"] },
|
|
5088
|
+
{ kind: "index", name: "by_principal_action", columns: ["principalId", "action"] }
|
|
5089
|
+
]
|
|
5090
|
+
});
|
|
5091
|
+
defineTable({
|
|
5092
|
+
name: "schemaEnumConfig",
|
|
5093
|
+
component: "kernel",
|
|
5094
|
+
category: "config",
|
|
5095
|
+
shape: z.object({
|
|
5096
|
+
"tenantId": z.string().optional(),
|
|
5097
|
+
"category": z.string(),
|
|
5098
|
+
"value": z.string(),
|
|
5099
|
+
"label": z.string(),
|
|
5100
|
+
"description": z.string().optional(),
|
|
5101
|
+
"tier": z.enum(["platform", "tenant"]),
|
|
5102
|
+
"domainNamespace": z.string().optional(),
|
|
5103
|
+
"metadata": z.any().optional(),
|
|
5104
|
+
"isDefault": z.boolean().optional(),
|
|
5105
|
+
"sortOrder": z.number().optional(),
|
|
5106
|
+
"status": z.enum(["active", "deprecated"]),
|
|
5107
|
+
"createdAt": z.number(),
|
|
5108
|
+
"updatedAt": z.number()
|
|
5109
|
+
}),
|
|
5110
|
+
indices: [
|
|
5111
|
+
{ kind: "index", name: "by_category", columns: ["category"] },
|
|
5112
|
+
{ kind: "index", name: "by_tenant_category", columns: ["tenantId", "category"] },
|
|
5113
|
+
{ kind: "index", name: "by_category_value", columns: ["category", "value"] }
|
|
5114
|
+
]
|
|
5115
|
+
});
|
|
5116
|
+
defineTable({
|
|
5117
|
+
name: "tasks",
|
|
5118
|
+
component: "kernel",
|
|
5119
|
+
category: "task",
|
|
5120
|
+
shape: z.object({
|
|
5121
|
+
"topicId": z.string().optional(),
|
|
5122
|
+
"tenantId": z.string().optional(),
|
|
5123
|
+
"workspaceId": z.string().optional(),
|
|
5124
|
+
"title": z.string(),
|
|
5125
|
+
"description": z.string().optional(),
|
|
5126
|
+
"status": z.enum(["todo", "in_progress", "blocked", "done"]),
|
|
4180
5127
|
"priority": z.enum(["urgent", "high", "medium", "low"]),
|
|
4181
5128
|
"dueDate": z.number().optional(),
|
|
4182
5129
|
"linkedWorktreeId": idOf("worktrees").optional(),
|
|
@@ -4354,6 +5301,7 @@ defineTable({
|
|
|
4354
5301
|
"updatedAt": z.number()
|
|
4355
5302
|
}),
|
|
4356
5303
|
indices: [
|
|
5304
|
+
{ kind: "index", name: "by_globalId", columns: ["globalId"] },
|
|
4357
5305
|
{ kind: "index", name: "by_parent", columns: ["parentTopicId"] },
|
|
4358
5306
|
{ kind: "index", name: "by_type", columns: ["type"] },
|
|
4359
5307
|
{ kind: "index", name: "by_graph_scope_project", columns: ["graphScopeProjectId"] },
|
|
@@ -4365,7 +5313,7 @@ defineTable({
|
|
|
4365
5313
|
});
|
|
4366
5314
|
defineTable({
|
|
4367
5315
|
name: "users",
|
|
4368
|
-
component: "
|
|
5316
|
+
component: "control-plane",
|
|
4369
5317
|
category: "user",
|
|
4370
5318
|
shape: z.object({
|
|
4371
5319
|
"clerkId": z.string(),
|
|
@@ -4479,7 +5427,6 @@ defineTable({
|
|
|
4479
5427
|
"deployments": z.record(z.object({
|
|
4480
5428
|
"url": z.string(),
|
|
4481
5429
|
"target": z.enum(["kernelDeployment", "appDeployment"]).optional(),
|
|
4482
|
-
"encryptedDeployKey": z.string().optional(),
|
|
4483
5430
|
"credentialRef": z.string().optional()
|
|
4484
5431
|
})).optional(),
|
|
4485
5432
|
"metadata": z.record(z.any()).optional(),
|
|
@@ -4494,6 +5441,39 @@ defineTable({
|
|
|
4494
5441
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
4495
5442
|
]
|
|
4496
5443
|
});
|
|
5444
|
+
defineTable({
|
|
5445
|
+
name: "deploymentHosts",
|
|
5446
|
+
component: "mc",
|
|
5447
|
+
category: "workspace",
|
|
5448
|
+
shape: z.object({
|
|
5449
|
+
"host": z.string(),
|
|
5450
|
+
"tenantId": idOf("tenants"),
|
|
5451
|
+
"workspaceId": idOf("workspaces"),
|
|
5452
|
+
"environment": z.enum(["dev", "staging", "prod"]),
|
|
5453
|
+
"target": z.enum(["kernelDeployment", "appDeployment"]),
|
|
5454
|
+
"deploymentUrl": z.string().optional(),
|
|
5455
|
+
"deploymentName": z.string().optional(),
|
|
5456
|
+
"vercelProjectName": z.string().optional(),
|
|
5457
|
+
"vercelProjectId": z.string().optional(),
|
|
5458
|
+
"vercelEnvironment": z.enum(["development", "preview", "staging", "production"]).optional(),
|
|
5459
|
+
"source": z.enum(["vercel_preview", "vercel_production", "vercel_custom_environment", "custom_domain", "manual"]),
|
|
5460
|
+
"status": z.enum(["active", "revoked"]),
|
|
5461
|
+
"metadata": z.record(z.any()).optional(),
|
|
5462
|
+
"createdBy": z.string(),
|
|
5463
|
+
"createdAt": z.number(),
|
|
5464
|
+
"updatedAt": z.number(),
|
|
5465
|
+
"revokedAt": z.number().optional(),
|
|
5466
|
+
"revokedBy": z.string().optional()
|
|
5467
|
+
}),
|
|
5468
|
+
indices: [
|
|
5469
|
+
{ kind: "index", name: "by_host", columns: ["host"] },
|
|
5470
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
5471
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
5472
|
+
{ kind: "index", name: "by_tenant_workspace_environment", columns: ["tenantId", "workspaceId", "environment"] },
|
|
5473
|
+
{ kind: "index", name: "by_workspace_status", columns: ["workspaceId", "status"] },
|
|
5474
|
+
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
5475
|
+
]
|
|
5476
|
+
});
|
|
4497
5477
|
defineTable({
|
|
4498
5478
|
name: "worktreeBeliefCluster",
|
|
4499
5479
|
component: "kernel",
|
|
@@ -4801,8 +5781,8 @@ defineTable({
|
|
|
4801
5781
|
});
|
|
4802
5782
|
z.object({
|
|
4803
5783
|
manifestVersion: z.string(),
|
|
4804
|
-
componentName: z.enum(["kernel", "
|
|
4805
|
-
tier: z.enum(["K", "
|
|
5784
|
+
componentName: z.enum(["kernel", "control-plane"]),
|
|
5785
|
+
tier: z.enum(["K", "CP"]),
|
|
4806
5786
|
packageVersion: z.string(),
|
|
4807
5787
|
tables: z.array(
|
|
4808
5788
|
z.object({
|
|
@@ -4830,17 +5810,44 @@ z.object({
|
|
|
4830
5810
|
message: "SL invariant b+d+u=1 violated at API boundary"
|
|
4831
5811
|
}
|
|
4832
5812
|
);
|
|
4833
|
-
|
|
5813
|
+
|
|
5814
|
+
// ../contracts/src/schema-helpers/spine/tables/epistemicNodes.ts
|
|
5815
|
+
var NODE_TYPES = [
|
|
5816
|
+
"decision",
|
|
4834
5817
|
"belief",
|
|
4835
|
-
"evidence",
|
|
4836
5818
|
"question",
|
|
4837
|
-
"
|
|
5819
|
+
"theme",
|
|
5820
|
+
"deal",
|
|
4838
5821
|
"topic",
|
|
5822
|
+
"claim",
|
|
5823
|
+
"evidence",
|
|
5824
|
+
"synthesis",
|
|
5825
|
+
"answer",
|
|
5826
|
+
"atomic_fact",
|
|
5827
|
+
"excerpt",
|
|
5828
|
+
"source",
|
|
5829
|
+
"company",
|
|
5830
|
+
"person",
|
|
5831
|
+
"investor",
|
|
5832
|
+
"function",
|
|
5833
|
+
"value_chain"
|
|
5834
|
+
];
|
|
5835
|
+
new Set(NODE_TYPES);
|
|
5836
|
+
|
|
5837
|
+
// ../contracts/src/types/graph-ref.ts
|
|
5838
|
+
var GRAPH_REF_EXTRA_NODE_TYPES = [
|
|
4839
5839
|
"edge",
|
|
4840
5840
|
"ontology",
|
|
4841
5841
|
"lens",
|
|
4842
5842
|
"contradiction"
|
|
4843
|
-
]
|
|
5843
|
+
];
|
|
5844
|
+
var GRAPH_REF_NODE_TYPES = [
|
|
5845
|
+
...NODE_TYPES,
|
|
5846
|
+
...GRAPH_REF_EXTRA_NODE_TYPES
|
|
5847
|
+
];
|
|
5848
|
+
var EpistemicNodeTypeSchema = z.enum(
|
|
5849
|
+
GRAPH_REF_NODE_TYPES
|
|
5850
|
+
);
|
|
4844
5851
|
var GraphRefSchema = z.discriminatedUnion("kind", [
|
|
4845
5852
|
z.object({
|
|
4846
5853
|
kind: z.literal("epistemic_node"),
|
|
@@ -4888,33 +5895,14 @@ function assertEdgePolicyAllowed(manifest, edgeType, from, to) {
|
|
|
4888
5895
|
}
|
|
4889
5896
|
|
|
4890
5897
|
// ../contracts/src/manifests/edge-policy-manifest.data.ts
|
|
5898
|
+
var publicEpistemicNodeEdgePolicy = (edgeType) => ({
|
|
5899
|
+
edgeType,
|
|
5900
|
+
fromKinds: ["epistemic_node"],
|
|
5901
|
+
toKinds: ["epistemic_node"],
|
|
5902
|
+
description: "Canonical public create_edge policy for graph-node relationships. The policy layer gates edge-type membership, not endpoint semantics."
|
|
5903
|
+
});
|
|
4891
5904
|
var edgePolicyManifest = {
|
|
4892
|
-
policies:
|
|
4893
|
-
{
|
|
4894
|
-
edgeType: "evidence_derived_from_evidence",
|
|
4895
|
-
fromKinds: ["epistemic_node"],
|
|
4896
|
-
fromNodeTypes: ["evidence"],
|
|
4897
|
-
toKinds: ["epistemic_node"],
|
|
4898
|
-
toNodeTypes: ["evidence"],
|
|
4899
|
-
description: "Evidence E2 was synthesized from evidence E1 by a transformation. Provides chain-of-evidence lineage."
|
|
4900
|
-
},
|
|
4901
|
-
{
|
|
4902
|
-
edgeType: "evidence_supports_belief",
|
|
4903
|
-
fromKinds: ["epistemic_node"],
|
|
4904
|
-
fromNodeTypes: ["evidence"],
|
|
4905
|
-
toKinds: ["epistemic_node"],
|
|
4906
|
-
toNodeTypes: ["belief"],
|
|
4907
|
-
description: "Existing link_evidence_to_belief semantics promoted to the create_edge policy source."
|
|
4908
|
-
},
|
|
4909
|
-
{
|
|
4910
|
-
edgeType: "evidence_supports_question",
|
|
4911
|
-
fromKinds: ["epistemic_node"],
|
|
4912
|
-
fromNodeTypes: ["evidence"],
|
|
4913
|
-
toKinds: ["epistemic_node"],
|
|
4914
|
-
toNodeTypes: ["question"],
|
|
4915
|
-
description: "Existing link_evidence_to_question semantics promoted to the create_edge policy source."
|
|
4916
|
-
}
|
|
4917
|
-
]
|
|
5905
|
+
policies: EDGE_TYPE_VALUES.map(publicEpistemicNodeEdgePolicy)
|
|
4918
5906
|
};
|
|
4919
5907
|
|
|
4920
5908
|
// ../contracts/src/tenant-client.contract.ts
|
|
@@ -4961,7 +5949,7 @@ var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
|
|
|
4961
5949
|
},
|
|
4962
5950
|
{
|
|
4963
5951
|
packageName: "@lucern/control-plane",
|
|
4964
|
-
role: "
|
|
5952
|
+
role: "component_runtime",
|
|
4965
5953
|
directTenantImport: false
|
|
4966
5954
|
},
|
|
4967
5955
|
{
|
|
@@ -4970,79 +5958,948 @@ var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
|
|
|
4970
5958
|
directTenantImport: false
|
|
4971
5959
|
},
|
|
4972
5960
|
{
|
|
4973
|
-
packageName: "@lucern/events",
|
|
4974
|
-
role: "sdk_dependency",
|
|
4975
|
-
directTenantImport: false
|
|
5961
|
+
packageName: "@lucern/events",
|
|
5962
|
+
role: "sdk_dependency",
|
|
5963
|
+
directTenantImport: false
|
|
5964
|
+
},
|
|
5965
|
+
{
|
|
5966
|
+
packageName: "@lucern/graph-primitives",
|
|
5967
|
+
role: "sdk_dependency",
|
|
5968
|
+
directTenantImport: false
|
|
5969
|
+
},
|
|
5970
|
+
{
|
|
5971
|
+
packageName: "@lucern/graph-sync",
|
|
5972
|
+
role: "host_addon_runtime",
|
|
5973
|
+
directTenantImport: true
|
|
5974
|
+
},
|
|
5975
|
+
{
|
|
5976
|
+
packageName: "@lucern/mcp",
|
|
5977
|
+
role: "runtime_entrypoint",
|
|
5978
|
+
directTenantImport: true
|
|
5979
|
+
},
|
|
5980
|
+
{
|
|
5981
|
+
packageName: "@lucern/pack-host",
|
|
5982
|
+
role: "platform_runtime",
|
|
5983
|
+
directTenantImport: false
|
|
5984
|
+
},
|
|
5985
|
+
{
|
|
5986
|
+
packageName: "@lucern/pack-installer",
|
|
5987
|
+
role: "developer_tool",
|
|
5988
|
+
directTenantImport: false
|
|
5989
|
+
},
|
|
5990
|
+
{
|
|
5991
|
+
packageName: "@lucern/proof-compiler",
|
|
5992
|
+
role: "developer_tool",
|
|
5993
|
+
directTenantImport: false
|
|
5994
|
+
},
|
|
5995
|
+
{
|
|
5996
|
+
packageName: "@lucern/react",
|
|
5997
|
+
role: "runtime_entrypoint",
|
|
5998
|
+
directTenantImport: true
|
|
5999
|
+
},
|
|
6000
|
+
{
|
|
6001
|
+
packageName: "@lucern/reasoning-kernel",
|
|
6002
|
+
role: "component_runtime",
|
|
6003
|
+
directTenantImport: false
|
|
6004
|
+
},
|
|
6005
|
+
{
|
|
6006
|
+
packageName: "@lucern/sdk",
|
|
6007
|
+
role: "runtime_entrypoint",
|
|
6008
|
+
directTenantImport: true
|
|
6009
|
+
},
|
|
6010
|
+
{
|
|
6011
|
+
packageName: "@lucern/secrets",
|
|
6012
|
+
role: "sdk_dependency",
|
|
6013
|
+
directTenantImport: false
|
|
6014
|
+
},
|
|
6015
|
+
{
|
|
6016
|
+
packageName: "@lucern/server-core",
|
|
6017
|
+
role: "platform_runtime",
|
|
6018
|
+
directTenantImport: false
|
|
6019
|
+
},
|
|
6020
|
+
{
|
|
6021
|
+
packageName: "@lucern/testing",
|
|
6022
|
+
role: "test_support",
|
|
6023
|
+
directTenantImport: false
|
|
6024
|
+
},
|
|
6025
|
+
{
|
|
6026
|
+
packageName: "@lucern/types",
|
|
6027
|
+
role: "contract_entrypoint",
|
|
6028
|
+
directTenantImport: true
|
|
6029
|
+
}
|
|
6030
|
+
];
|
|
6031
|
+
TENANT_CLIENT_INSTALLABLE_PACKAGES.map(
|
|
6032
|
+
(entry) => entry.packageName
|
|
6033
|
+
);
|
|
6034
|
+
|
|
6035
|
+
// ../contracts/src/infisical-runtime.contract.ts
|
|
6036
|
+
var INFISICAL_TENANT_SOFTWARE_SYSTEMS = [
|
|
6037
|
+
{
|
|
6038
|
+
id: "stack-frontend",
|
|
6039
|
+
tenantKey: "stack",
|
|
6040
|
+
workspaceKey: "frontend",
|
|
6041
|
+
vercelProjectName: "ai-chatbot-diao",
|
|
6042
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
6043
|
+
vercelProjectId: "prj_PihFw8kohSSw14nZs9YQV3xVo517",
|
|
6044
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
6045
|
+
repository: {
|
|
6046
|
+
owner: "stack-vc",
|
|
6047
|
+
name: "front-end"
|
|
6048
|
+
},
|
|
6049
|
+
sharedSourcePath: "/tenants/stack",
|
|
6050
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6051
|
+
convex: {
|
|
6052
|
+
urlEnv: "CONVEX_FRONTEND_URL",
|
|
6053
|
+
deployKeyEnv: "CONVEX_FRONTEND_DEPLOY_KEY",
|
|
6054
|
+
preprodDeployment: "rugged-lobster-664",
|
|
6055
|
+
prodDeployment: "wonderful-toucan-0"
|
|
6056
|
+
}
|
|
6057
|
+
},
|
|
6058
|
+
{
|
|
6059
|
+
id: "stackos",
|
|
6060
|
+
tenantKey: "stack",
|
|
6061
|
+
workspaceKey: "stackos",
|
|
6062
|
+
vercelProjectName: "stackos",
|
|
6063
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
6064
|
+
vercelProjectId: "prj_rXLAL0Z6v9p1fasKbomby6GI7kau",
|
|
6065
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
6066
|
+
repository: {
|
|
6067
|
+
owner: "stack-vc",
|
|
6068
|
+
name: "stackos"
|
|
6069
|
+
},
|
|
6070
|
+
sharedSourcePath: "/tenants/stack",
|
|
6071
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6072
|
+
convex: {
|
|
6073
|
+
urlEnv: "CONVEX_STACKOS_URL",
|
|
6074
|
+
deployKeyEnv: "CONVEX_STACKOS_DEPLOY_KEY",
|
|
6075
|
+
preprodDeployment: "giant-mandrill-761",
|
|
6076
|
+
prodDeployment: "good-snake-515"
|
|
6077
|
+
}
|
|
6078
|
+
},
|
|
6079
|
+
{
|
|
6080
|
+
id: "stack-eng",
|
|
6081
|
+
tenantKey: "stack",
|
|
6082
|
+
workspaceKey: "engineering",
|
|
6083
|
+
vercelProjectName: "stackos-engineering-graph",
|
|
6084
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
6085
|
+
vercelProjectId: "prj_zAU0Zn9GkbHjHI63dxW4vLpmoqTJ",
|
|
6086
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
6087
|
+
repository: {
|
|
6088
|
+
owner: "stack-vc",
|
|
6089
|
+
name: "stackos-engineering-graph"
|
|
6090
|
+
},
|
|
6091
|
+
sharedSourcePath: "/tenants/stack/engineering",
|
|
6092
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6093
|
+
convex: {
|
|
6094
|
+
urlEnv: "CONVEX_STACK_ENG_URL",
|
|
6095
|
+
deployKeyEnv: "CONVEX_STACK_ENG_DEPLOY_KEY",
|
|
6096
|
+
preprodDeployment: "small-oyster-270",
|
|
6097
|
+
prodDeployment: "bold-cuttlefish-804"
|
|
6098
|
+
}
|
|
6099
|
+
},
|
|
6100
|
+
{
|
|
6101
|
+
id: "lucern-graph",
|
|
6102
|
+
tenantKey: "lucern",
|
|
6103
|
+
workspaceKey: "lucern",
|
|
6104
|
+
vercelProjectName: "lucern-graph",
|
|
6105
|
+
vercelTeamId: "team_vTHxxs8GAoAFUe6RWMlYt7fY",
|
|
6106
|
+
vercelProjectId: "prj_KJ8EKV8vGM5xURpqmwTwmECEGPgQ",
|
|
6107
|
+
vercelWriterTokenEnv: "LUCERN_VERCEL_TOKEN",
|
|
6108
|
+
repository: {
|
|
6109
|
+
owner: "LucernAI",
|
|
6110
|
+
name: "lucern-graph"
|
|
6111
|
+
},
|
|
6112
|
+
sharedSourcePath: "/tenants/lucern/shared",
|
|
6113
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6114
|
+
convex: {
|
|
6115
|
+
urlEnv: "CONVEX_LUCERN_URL",
|
|
6116
|
+
deployKeyEnv: "CONVEX_LUCERN_DEPLOY_KEY",
|
|
6117
|
+
preprodDeployment: "good-blackbird-774",
|
|
6118
|
+
prodDeployment: "precious-dog-365"
|
|
6119
|
+
}
|
|
6120
|
+
}
|
|
6121
|
+
];
|
|
6122
|
+
var TENANT_SHARED_SECRET_DEFINITION_TEMPLATES = [
|
|
6123
|
+
{
|
|
6124
|
+
idSuffix: "clerk.publishable",
|
|
6125
|
+
canonicalName: "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY",
|
|
6126
|
+
aliases: ["CLERK_PUBLISHABLE_KEY"],
|
|
6127
|
+
required: true,
|
|
6128
|
+
secret: false,
|
|
6129
|
+
public: true,
|
|
6130
|
+
description: "Tenant-owned Clerk browser key. For Stack this is the master clerk.stack.vc project shared by front-end, StackOS, and the engineering workspace."
|
|
6131
|
+
},
|
|
6132
|
+
{
|
|
6133
|
+
idSuffix: "clerk.secret",
|
|
6134
|
+
canonicalName: "CLERK_SECRET_KEY",
|
|
6135
|
+
required: true,
|
|
6136
|
+
secret: true,
|
|
6137
|
+
public: false,
|
|
6138
|
+
description: "Tenant-owned Clerk backend secret used only by that tenant's server runtimes."
|
|
6139
|
+
},
|
|
6140
|
+
{
|
|
6141
|
+
idSuffix: "clerk.project",
|
|
6142
|
+
canonicalName: "CLERK_PROJECT_ID",
|
|
6143
|
+
required: true,
|
|
6144
|
+
secret: false,
|
|
6145
|
+
public: false,
|
|
6146
|
+
description: "Tenant-owned Clerk project id used to resolve canonical Clerk aliases."
|
|
6147
|
+
},
|
|
6148
|
+
{
|
|
6149
|
+
idSuffix: "clerk.jwks",
|
|
6150
|
+
canonicalName: "CLERK_JWT_ISSUER_DOMAIN",
|
|
6151
|
+
aliases: ["CLERK_ISSUER_URL", "CLERK_JWKS_URL"],
|
|
6152
|
+
required: false,
|
|
6153
|
+
secret: false,
|
|
6154
|
+
public: false,
|
|
6155
|
+
description: "Tenant Clerk issuer/JWKS URL consumed by Convex auth.config.ts."
|
|
6156
|
+
},
|
|
6157
|
+
{
|
|
6158
|
+
idSuffix: "clerk.jwt-key",
|
|
6159
|
+
canonicalName: "CLERK_JWT_KEY",
|
|
6160
|
+
required: false,
|
|
6161
|
+
secret: true,
|
|
6162
|
+
public: false,
|
|
6163
|
+
description: "Tenant Clerk JWT public verification key used by bearer-token API routes."
|
|
6164
|
+
},
|
|
6165
|
+
{
|
|
6166
|
+
idSuffix: "clerk.authorized-parties",
|
|
6167
|
+
canonicalName: "CLERK_AUTHORIZED_PARTIES",
|
|
6168
|
+
aliases: ["CLERK_MOBILE_AUTHORIZED_PARTIES"],
|
|
6169
|
+
required: false,
|
|
6170
|
+
secret: false,
|
|
6171
|
+
public: false,
|
|
6172
|
+
description: "Comma-separated Clerk authorized parties for browser and mobile bearer-token validation."
|
|
6173
|
+
},
|
|
6174
|
+
{
|
|
6175
|
+
idSuffix: "clerk.sign-in-url",
|
|
6176
|
+
canonicalName: "NEXT_PUBLIC_CLERK_SIGN_IN_URL",
|
|
6177
|
+
required: false,
|
|
6178
|
+
secret: false,
|
|
6179
|
+
public: true,
|
|
6180
|
+
description: "Tenant Clerk sign-in route for custom app login surfaces."
|
|
6181
|
+
},
|
|
6182
|
+
{
|
|
6183
|
+
idSuffix: "clerk.sign-up-url",
|
|
6184
|
+
canonicalName: "NEXT_PUBLIC_CLERK_SIGN_UP_URL",
|
|
6185
|
+
required: false,
|
|
6186
|
+
secret: false,
|
|
6187
|
+
public: true,
|
|
6188
|
+
description: "Tenant Clerk sign-up route for custom app login surfaces."
|
|
6189
|
+
}
|
|
6190
|
+
];
|
|
6191
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap(
|
|
6192
|
+
(system) => TENANT_SHARED_SECRET_DEFINITION_TEMPLATES.map(
|
|
6193
|
+
(template) => ({
|
|
6194
|
+
id: `tenant.${system.id}.${template.idSuffix}`,
|
|
6195
|
+
canonicalName: template.canonicalName,
|
|
6196
|
+
aliases: "aliases" in template ? template.aliases : void 0,
|
|
6197
|
+
owner: "tenant",
|
|
6198
|
+
scope: "tenant",
|
|
6199
|
+
sourcePath: system.sharedSourcePath,
|
|
6200
|
+
environmentPolicy: "environment_specific",
|
|
6201
|
+
required: template.required,
|
|
6202
|
+
secret: template.secret,
|
|
6203
|
+
public: template.public,
|
|
6204
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6205
|
+
destinations: [
|
|
6206
|
+
{
|
|
6207
|
+
kind: "vercel",
|
|
6208
|
+
target: system.vercelProjectName,
|
|
6209
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6210
|
+
},
|
|
6211
|
+
{
|
|
6212
|
+
kind: "convex",
|
|
6213
|
+
target: `${system.convex.preprodDeployment}|${system.convex.prodDeployment}`,
|
|
6214
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6215
|
+
}
|
|
6216
|
+
],
|
|
6217
|
+
description: `${system.tenantKey}/${system.workspaceKey}: ${template.description}`
|
|
6218
|
+
})
|
|
6219
|
+
)
|
|
6220
|
+
);
|
|
6221
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.map(
|
|
6222
|
+
(system) => ({
|
|
6223
|
+
id: `tenant.${system.id}.install-lucern-npm`,
|
|
6224
|
+
canonicalName: "INSTALL_LUCERN_NPM",
|
|
6225
|
+
owner: "provider",
|
|
6226
|
+
scope: "global",
|
|
6227
|
+
sourcePath: "/tenants/shared",
|
|
6228
|
+
environmentPolicy: "same_all_environments",
|
|
6229
|
+
required: true,
|
|
6230
|
+
secret: true,
|
|
6231
|
+
public: false,
|
|
6232
|
+
consumers: ["tenant-vercel-app", "tenant-deploy-tooling"],
|
|
6233
|
+
destinations: [
|
|
6234
|
+
{
|
|
6235
|
+
kind: "vercel",
|
|
6236
|
+
target: system.vercelProjectName,
|
|
6237
|
+
environmentPolicy: "same_all_environments"
|
|
6238
|
+
},
|
|
6239
|
+
{
|
|
6240
|
+
kind: "github_actions",
|
|
6241
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6242
|
+
environmentPolicy: "same_all_environments"
|
|
6243
|
+
}
|
|
6244
|
+
],
|
|
6245
|
+
description: `${system.tenantKey}/${system.workspaceKey}: read-only npm install token for published @lucern/* packages.`
|
|
6246
|
+
})
|
|
6247
|
+
);
|
|
6248
|
+
var TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS = ["stack-frontend", "stackos"];
|
|
6249
|
+
var TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES = [
|
|
6250
|
+
{
|
|
6251
|
+
idSuffix: "ai.openai-api-key",
|
|
6252
|
+
canonicalName: "OPENAI_API_KEY",
|
|
6253
|
+
required: false,
|
|
6254
|
+
secret: true,
|
|
6255
|
+
public: false,
|
|
6256
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6257
|
+
description: "Tenant-owned OpenAI key for product runtime LLM calls."
|
|
6258
|
+
},
|
|
6259
|
+
{
|
|
6260
|
+
idSuffix: "ai.anthropic-api-key",
|
|
6261
|
+
canonicalName: "ANTHROPIC_API_KEY",
|
|
6262
|
+
required: false,
|
|
6263
|
+
secret: true,
|
|
6264
|
+
public: false,
|
|
6265
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6266
|
+
description: "Tenant-owned Anthropic key for product runtime LLM calls."
|
|
6267
|
+
},
|
|
6268
|
+
{
|
|
6269
|
+
idSuffix: "ai.gemini-api-key",
|
|
6270
|
+
canonicalName: "GEMINI_API_KEY",
|
|
6271
|
+
aliases: ["GOOGLE_AI_API_KEY", "GOOGLE_GENERATIVE_AI_API_KEY"],
|
|
6272
|
+
required: false,
|
|
6273
|
+
secret: true,
|
|
6274
|
+
public: false,
|
|
6275
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6276
|
+
description: "Tenant-owned Google/Gemini key for product runtime LLM calls."
|
|
6277
|
+
},
|
|
6278
|
+
{
|
|
6279
|
+
idSuffix: "langfuse.secret-key",
|
|
6280
|
+
canonicalName: "LANGFUSE_SECRET_KEY",
|
|
6281
|
+
required: false,
|
|
6282
|
+
secret: true,
|
|
6283
|
+
public: false,
|
|
6284
|
+
consumers: [
|
|
6285
|
+
"tenant-vercel-app",
|
|
6286
|
+
"tenant-convex-deployment",
|
|
6287
|
+
"tenant-observability"
|
|
6288
|
+
],
|
|
6289
|
+
description: "Tenant-owned Langfuse secret key for product AI tracing."
|
|
6290
|
+
},
|
|
6291
|
+
{
|
|
6292
|
+
idSuffix: "langfuse.public-key",
|
|
6293
|
+
canonicalName: "LANGFUSE_PUBLIC_KEY",
|
|
6294
|
+
required: false,
|
|
6295
|
+
secret: false,
|
|
6296
|
+
public: false,
|
|
6297
|
+
consumers: [
|
|
6298
|
+
"tenant-vercel-app",
|
|
6299
|
+
"tenant-convex-deployment",
|
|
6300
|
+
"tenant-observability"
|
|
6301
|
+
],
|
|
6302
|
+
description: "Tenant-owned Langfuse public key for product AI tracing."
|
|
6303
|
+
},
|
|
6304
|
+
{
|
|
6305
|
+
idSuffix: "langfuse.base-url",
|
|
6306
|
+
canonicalName: "LANGFUSE_BASE_URL",
|
|
6307
|
+
aliases: ["LANGFUSE_BASEURL", "LANGFUSE_HOST"],
|
|
6308
|
+
required: false,
|
|
6309
|
+
secret: false,
|
|
6310
|
+
public: false,
|
|
6311
|
+
consumers: [
|
|
6312
|
+
"tenant-vercel-app",
|
|
6313
|
+
"tenant-convex-deployment",
|
|
6314
|
+
"tenant-observability"
|
|
6315
|
+
],
|
|
6316
|
+
description: "Tenant-owned Langfuse API origin."
|
|
6317
|
+
},
|
|
6318
|
+
{
|
|
6319
|
+
idSuffix: "graph.neo4j-uri",
|
|
6320
|
+
canonicalName: "NEO4J_URI",
|
|
6321
|
+
required: false,
|
|
6322
|
+
secret: false,
|
|
6323
|
+
public: false,
|
|
6324
|
+
consumers: [
|
|
6325
|
+
"tenant-vercel-app",
|
|
6326
|
+
"tenant-convex-deployment",
|
|
6327
|
+
"tenant-graph-sync"
|
|
6328
|
+
],
|
|
6329
|
+
description: "Tenant-owned Neo4j URI for product graph-sync."
|
|
6330
|
+
},
|
|
6331
|
+
{
|
|
6332
|
+
idSuffix: "graph.neo4j-user",
|
|
6333
|
+
canonicalName: "NEO4J_USER",
|
|
6334
|
+
aliases: ["NEO4J_USERNAME"],
|
|
6335
|
+
required: false,
|
|
6336
|
+
secret: false,
|
|
6337
|
+
public: false,
|
|
6338
|
+
consumers: [
|
|
6339
|
+
"tenant-vercel-app",
|
|
6340
|
+
"tenant-convex-deployment",
|
|
6341
|
+
"tenant-graph-sync"
|
|
6342
|
+
],
|
|
6343
|
+
description: "Tenant-owned Neo4j user for product graph-sync."
|
|
6344
|
+
},
|
|
6345
|
+
{
|
|
6346
|
+
idSuffix: "graph.neo4j-password",
|
|
6347
|
+
canonicalName: "NEO4J_PASSWORD",
|
|
6348
|
+
required: false,
|
|
6349
|
+
secret: true,
|
|
6350
|
+
public: false,
|
|
6351
|
+
consumers: [
|
|
6352
|
+
"tenant-vercel-app",
|
|
6353
|
+
"tenant-convex-deployment",
|
|
6354
|
+
"tenant-graph-sync"
|
|
6355
|
+
],
|
|
6356
|
+
description: "Tenant-owned Neo4j password for product graph-sync."
|
|
6357
|
+
},
|
|
6358
|
+
{
|
|
6359
|
+
idSuffix: "graph.neo4j-sync-secret",
|
|
6360
|
+
canonicalName: "NEO4J_SYNC_SECRET",
|
|
6361
|
+
required: false,
|
|
6362
|
+
secret: true,
|
|
6363
|
+
public: false,
|
|
6364
|
+
consumers: [
|
|
6365
|
+
"tenant-vercel-app",
|
|
6366
|
+
"tenant-convex-deployment",
|
|
6367
|
+
"tenant-graph-sync"
|
|
6368
|
+
],
|
|
6369
|
+
description: "Tenant-owned shared secret for product Convex-to-HTTP graph-sync calls."
|
|
6370
|
+
},
|
|
6371
|
+
{
|
|
6372
|
+
idSuffix: "graph.neo4j-database",
|
|
6373
|
+
canonicalName: "NEO4J_DATABASE",
|
|
6374
|
+
required: false,
|
|
6375
|
+
secret: false,
|
|
6376
|
+
public: false,
|
|
6377
|
+
consumers: [
|
|
6378
|
+
"tenant-vercel-app",
|
|
6379
|
+
"tenant-convex-deployment",
|
|
6380
|
+
"tenant-graph-sync"
|
|
6381
|
+
],
|
|
6382
|
+
description: "Tenant-owned Neo4j database name for product graph-sync."
|
|
6383
|
+
},
|
|
6384
|
+
{
|
|
6385
|
+
idSuffix: "vector.pinecone-api-key",
|
|
6386
|
+
canonicalName: "PINECONE_API_KEY",
|
|
6387
|
+
required: false,
|
|
6388
|
+
secret: true,
|
|
6389
|
+
public: false,
|
|
6390
|
+
consumers: [
|
|
6391
|
+
"tenant-vercel-app",
|
|
6392
|
+
"tenant-convex-deployment",
|
|
6393
|
+
"tenant-vector-store"
|
|
6394
|
+
],
|
|
6395
|
+
description: "Tenant-owned Pinecone API key for product vector search."
|
|
6396
|
+
},
|
|
6397
|
+
{
|
|
6398
|
+
idSuffix: "vector.pinecone-index-name",
|
|
6399
|
+
canonicalName: "PINECONE_INDEX_NAME",
|
|
6400
|
+
aliases: ["PINECONE_INDEX"],
|
|
6401
|
+
required: false,
|
|
6402
|
+
secret: false,
|
|
6403
|
+
public: false,
|
|
6404
|
+
consumers: [
|
|
6405
|
+
"tenant-vercel-app",
|
|
6406
|
+
"tenant-convex-deployment",
|
|
6407
|
+
"tenant-vector-store"
|
|
6408
|
+
],
|
|
6409
|
+
description: "Tenant-owned Pinecone index name for product vector search."
|
|
6410
|
+
},
|
|
6411
|
+
{
|
|
6412
|
+
idSuffix: "vector.pinecone-host",
|
|
6413
|
+
canonicalName: "PINECONE_HOST",
|
|
6414
|
+
aliases: ["PINECONE_INDEX_HOST"],
|
|
6415
|
+
required: false,
|
|
6416
|
+
secret: false,
|
|
6417
|
+
public: false,
|
|
6418
|
+
consumers: [
|
|
6419
|
+
"tenant-vercel-app",
|
|
6420
|
+
"tenant-convex-deployment",
|
|
6421
|
+
"tenant-vector-store"
|
|
6422
|
+
],
|
|
6423
|
+
description: "Tenant-owned Pinecone host for product vector search."
|
|
6424
|
+
},
|
|
6425
|
+
{
|
|
6426
|
+
idSuffix: "vector.pinecone-namespace",
|
|
6427
|
+
canonicalName: "PINECONE_NAMESPACE",
|
|
6428
|
+
required: false,
|
|
6429
|
+
secret: false,
|
|
6430
|
+
public: false,
|
|
6431
|
+
consumers: [
|
|
6432
|
+
"tenant-vercel-app",
|
|
6433
|
+
"tenant-convex-deployment",
|
|
6434
|
+
"tenant-vector-store"
|
|
6435
|
+
],
|
|
6436
|
+
description: "Tenant-owned Pinecone namespace for product vector search isolation."
|
|
6437
|
+
},
|
|
6438
|
+
{
|
|
6439
|
+
idSuffix: "storage.aws-access-key-id",
|
|
6440
|
+
canonicalName: "AWS_ACCESS_KEY_ID",
|
|
6441
|
+
required: false,
|
|
6442
|
+
secret: true,
|
|
6443
|
+
public: false,
|
|
6444
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6445
|
+
description: "Tenant-owned AWS access key id for document/file ingestion."
|
|
6446
|
+
},
|
|
6447
|
+
{
|
|
6448
|
+
idSuffix: "storage.aws-secret-access-key",
|
|
6449
|
+
canonicalName: "AWS_SECRET_ACCESS_KEY",
|
|
6450
|
+
required: false,
|
|
6451
|
+
secret: true,
|
|
6452
|
+
public: false,
|
|
6453
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6454
|
+
description: "Tenant-owned AWS secret access key for document/file ingestion."
|
|
6455
|
+
},
|
|
6456
|
+
{
|
|
6457
|
+
idSuffix: "storage.aws-region",
|
|
6458
|
+
canonicalName: "AWS_REGION",
|
|
6459
|
+
required: false,
|
|
6460
|
+
secret: false,
|
|
6461
|
+
public: false,
|
|
6462
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6463
|
+
description: "Tenant-owned AWS region for document/file ingestion."
|
|
4976
6464
|
},
|
|
4977
6465
|
{
|
|
4978
|
-
|
|
4979
|
-
|
|
4980
|
-
|
|
6466
|
+
idSuffix: "observability.sentry-dsn",
|
|
6467
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_DSN",
|
|
6468
|
+
aliases: ["NEXT_PUBLIC_SENTRY_DSN_NEXTJS", "SENTRY_DSN"],
|
|
6469
|
+
required: false,
|
|
6470
|
+
secret: false,
|
|
6471
|
+
public: true,
|
|
6472
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6473
|
+
description: "Tenant-owned Sentry DSN for app telemetry."
|
|
4981
6474
|
},
|
|
4982
6475
|
{
|
|
4983
|
-
|
|
4984
|
-
|
|
4985
|
-
|
|
6476
|
+
idSuffix: "observability.sentry-auth-token",
|
|
6477
|
+
canonicalName: "SENTRY_AUTH_TOKEN",
|
|
6478
|
+
required: false,
|
|
6479
|
+
secret: true,
|
|
6480
|
+
public: false,
|
|
6481
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6482
|
+
description: "Tenant-owned Sentry release token for app deployments."
|
|
4986
6483
|
},
|
|
4987
6484
|
{
|
|
4988
|
-
|
|
4989
|
-
|
|
4990
|
-
|
|
6485
|
+
idSuffix: "observability.sentry-org",
|
|
6486
|
+
canonicalName: "SENTRY_ORG",
|
|
6487
|
+
aliases: ["SENTRY_ORG_SLUG"],
|
|
6488
|
+
required: false,
|
|
6489
|
+
secret: false,
|
|
6490
|
+
public: false,
|
|
6491
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6492
|
+
description: "Tenant-owned Sentry org slug for release uploads."
|
|
4991
6493
|
},
|
|
4992
6494
|
{
|
|
4993
|
-
|
|
4994
|
-
|
|
4995
|
-
|
|
6495
|
+
idSuffix: "observability.sentry-project",
|
|
6496
|
+
canonicalName: "SENTRY_PROJECT",
|
|
6497
|
+
aliases: ["SENTRY_PROJECT_NEXTJS"],
|
|
6498
|
+
required: false,
|
|
6499
|
+
secret: false,
|
|
6500
|
+
public: false,
|
|
6501
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6502
|
+
description: "Tenant-owned Sentry project slug for release uploads."
|
|
4996
6503
|
},
|
|
4997
6504
|
{
|
|
4998
|
-
|
|
4999
|
-
|
|
5000
|
-
|
|
6505
|
+
idSuffix: "observability.sentry-environment",
|
|
6506
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_ENVIRONMENT",
|
|
6507
|
+
aliases: ["SENTRY_ENVIRONMENT"],
|
|
6508
|
+
required: false,
|
|
6509
|
+
secret: false,
|
|
6510
|
+
public: true,
|
|
6511
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6512
|
+
description: "Tenant-owned Sentry environment label."
|
|
5001
6513
|
},
|
|
5002
6514
|
{
|
|
5003
|
-
|
|
5004
|
-
|
|
5005
|
-
|
|
6515
|
+
idSuffix: "observability.sentry-release",
|
|
6516
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_RELEASE",
|
|
6517
|
+
aliases: ["SENTRY_RELEASE"],
|
|
6518
|
+
required: false,
|
|
6519
|
+
secret: false,
|
|
6520
|
+
public: true,
|
|
6521
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6522
|
+
description: "Tenant-owned Sentry release label."
|
|
5006
6523
|
},
|
|
5007
6524
|
{
|
|
5008
|
-
|
|
5009
|
-
|
|
5010
|
-
|
|
6525
|
+
idSuffix: "observability.sentry-client-options",
|
|
6526
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE",
|
|
6527
|
+
aliases: [
|
|
6528
|
+
"NEXT_PUBLIC_SENTRY_CAPTURE_CONSOLE_LEVELS",
|
|
6529
|
+
"NEXT_PUBLIC_SENTRY_CAPTURE_CONSOLE_LEVELS_NEXTJS",
|
|
6530
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_BREADCRUMB_LEVELS",
|
|
6531
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_BREADCRUMB_LEVELS_NEXTJS",
|
|
6532
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_LOG_LEVELS",
|
|
6533
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_LOG_LEVELS_NEXTJS",
|
|
6534
|
+
"NEXT_PUBLIC_SENTRY_ENABLE_LOGS",
|
|
6535
|
+
"NEXT_PUBLIC_SENTRY_REPLAYS_ON_ERROR_SAMPLE_RATE",
|
|
6536
|
+
"NEXT_PUBLIC_SENTRY_REPLAYS_SESSION_SAMPLE_RATE",
|
|
6537
|
+
"NEXT_PUBLIC_SENTRY_SEND_DEFAULT_PII",
|
|
6538
|
+
"NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE_NEXTJS"
|
|
6539
|
+
],
|
|
6540
|
+
required: false,
|
|
6541
|
+
secret: false,
|
|
6542
|
+
public: true,
|
|
6543
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6544
|
+
description: "Tenant-owned public Sentry tuning values for Next.js client instrumentation."
|
|
5011
6545
|
},
|
|
5012
6546
|
{
|
|
5013
|
-
|
|
5014
|
-
|
|
5015
|
-
|
|
6547
|
+
idSuffix: "observability.sentry-webhook-secret",
|
|
6548
|
+
canonicalName: "SENTRY_WEBHOOK_SECRET",
|
|
6549
|
+
required: false,
|
|
6550
|
+
secret: true,
|
|
6551
|
+
public: false,
|
|
6552
|
+
consumers: ["tenant-convex-deployment", "tenant-observability"],
|
|
6553
|
+
description: "Tenant-owned Sentry webhook verification secret."
|
|
5016
6554
|
},
|
|
5017
6555
|
{
|
|
5018
|
-
|
|
5019
|
-
|
|
5020
|
-
|
|
6556
|
+
idSuffix: "lucern.gateway-api-key",
|
|
6557
|
+
canonicalName: "LUCERN_API_KEY",
|
|
6558
|
+
aliases: ["STACK_API_KEY"],
|
|
6559
|
+
required: false,
|
|
6560
|
+
secret: true,
|
|
6561
|
+
public: false,
|
|
6562
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6563
|
+
description: "Tenant-scoped Lucern/MC gateway API key for product front-door calls."
|
|
5021
6564
|
},
|
|
5022
6565
|
{
|
|
5023
|
-
|
|
5024
|
-
|
|
5025
|
-
|
|
6566
|
+
idSuffix: "lucern.gateway-base-url",
|
|
6567
|
+
canonicalName: "LUCERN_BASE_URL",
|
|
6568
|
+
aliases: ["LUCERN_API_BASE_URL", "LUCERN_GATEWAY_BASE_URL"],
|
|
6569
|
+
required: false,
|
|
6570
|
+
secret: false,
|
|
6571
|
+
public: false,
|
|
6572
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6573
|
+
description: "Lucern/MC gateway base URL used by tenant product apps."
|
|
5026
6574
|
},
|
|
5027
6575
|
{
|
|
5028
|
-
|
|
5029
|
-
|
|
5030
|
-
|
|
6576
|
+
idSuffix: "lucern.proxy-token-secret",
|
|
6577
|
+
canonicalName: "LUCERN_PROXY_TOKEN_SECRET",
|
|
6578
|
+
required: false,
|
|
6579
|
+
secret: true,
|
|
6580
|
+
public: false,
|
|
6581
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6582
|
+
description: "Tenant-owned secret for signing internal proxy/session tokens in product apps."
|
|
5031
6583
|
},
|
|
5032
6584
|
{
|
|
5033
|
-
|
|
5034
|
-
|
|
5035
|
-
|
|
6585
|
+
idSuffix: "tenant.integrations.linear-api-key",
|
|
6586
|
+
canonicalName: "LINEAR_API_KEY",
|
|
6587
|
+
required: false,
|
|
6588
|
+
secret: true,
|
|
6589
|
+
public: false,
|
|
6590
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6591
|
+
description: "Tenant-owned Linear API key for support/slash-command flows."
|
|
5036
6592
|
},
|
|
5037
6593
|
{
|
|
5038
|
-
|
|
5039
|
-
|
|
5040
|
-
|
|
6594
|
+
idSuffix: "tenant.vercel.bypass-token",
|
|
6595
|
+
canonicalName: "VERCEL_AUTOMATION_BYPASS_SECRET",
|
|
6596
|
+
aliases: ["NEXT_PUBLIC_VERCEL_BYPASS_TOKEN"],
|
|
6597
|
+
required: false,
|
|
6598
|
+
secret: true,
|
|
6599
|
+
public: false,
|
|
6600
|
+
consumers: ["tenant-vercel-app", "tenant-deploy-tooling"],
|
|
6601
|
+
description: "Tenant-owned Vercel automation bypass token. Public alias is legacy and should be removed from app code."
|
|
5041
6602
|
}
|
|
5042
6603
|
];
|
|
5043
|
-
|
|
5044
|
-
(
|
|
6604
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.filter(
|
|
6605
|
+
(system) => TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS.includes(system.id)
|
|
6606
|
+
).flatMap(
|
|
6607
|
+
(system) => TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES.map(
|
|
6608
|
+
(template) => ({
|
|
6609
|
+
id: `tenant.${system.id}.${template.idSuffix}`,
|
|
6610
|
+
canonicalName: template.canonicalName,
|
|
6611
|
+
aliases: "aliases" in template ? template.aliases : void 0,
|
|
6612
|
+
owner: "tenant",
|
|
6613
|
+
scope: "tenant",
|
|
6614
|
+
sourcePath: system.sharedSourcePath,
|
|
6615
|
+
environmentPolicy: "environment_specific",
|
|
6616
|
+
required: template.required,
|
|
6617
|
+
secret: template.secret,
|
|
6618
|
+
public: template.public,
|
|
6619
|
+
consumers: template.consumers,
|
|
6620
|
+
destinations: [
|
|
6621
|
+
{
|
|
6622
|
+
kind: "vercel",
|
|
6623
|
+
target: system.vercelProjectName,
|
|
6624
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6625
|
+
},
|
|
6626
|
+
{
|
|
6627
|
+
kind: "convex",
|
|
6628
|
+
target: `${system.convex.preprodDeployment}|${system.convex.prodDeployment}`,
|
|
6629
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6630
|
+
},
|
|
6631
|
+
{
|
|
6632
|
+
kind: "github_actions",
|
|
6633
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6634
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6635
|
+
}
|
|
6636
|
+
],
|
|
6637
|
+
description: `${system.tenantKey}/${system.workspaceKey}: ${template.description}`
|
|
6638
|
+
})
|
|
6639
|
+
)
|
|
6640
|
+
);
|
|
6641
|
+
function tenantVercelConvexUrlWriteNames(system) {
|
|
6642
|
+
const names = [system.convex.urlEnv, "NEXT_PUBLIC_CONVEX_URL"];
|
|
6643
|
+
if (system.id === "stack-eng") {
|
|
6644
|
+
return [...names, "STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6645
|
+
}
|
|
6646
|
+
return names;
|
|
6647
|
+
}
|
|
6648
|
+
function tenantRepositoryConvexUrlWriteNames(system) {
|
|
6649
|
+
if (system.id === "stack-eng") {
|
|
6650
|
+
return [system.convex.urlEnv, "STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6651
|
+
}
|
|
6652
|
+
return [system.convex.urlEnv];
|
|
6653
|
+
}
|
|
6654
|
+
function tenantRepositoryConvexDeployKeyWriteNames(system) {
|
|
6655
|
+
if (system.id === "stack-eng") {
|
|
6656
|
+
return [system.convex.deployKeyEnv, "STACKOS_ENGINEERING_GRAPH_DEPLOY_KEY"];
|
|
6657
|
+
}
|
|
6658
|
+
return [system.convex.deployKeyEnv];
|
|
6659
|
+
}
|
|
6660
|
+
function tenantConvexUrlAliases(system) {
|
|
6661
|
+
if (system.id === "stack-frontend") {
|
|
6662
|
+
return [
|
|
6663
|
+
"CONVEX_PROD_URL",
|
|
6664
|
+
"CONVEX_STACK_V2_PROD_URL",
|
|
6665
|
+
"CONVEX_STACK_V2_STAGING_URL",
|
|
6666
|
+
"STACK_CONVEX_URL"
|
|
6667
|
+
];
|
|
6668
|
+
}
|
|
6669
|
+
if (system.id === "stackos") {
|
|
6670
|
+
return [
|
|
6671
|
+
"CONVEX_CLOUD_URL",
|
|
6672
|
+
"CONVEX_STACK_URL",
|
|
6673
|
+
"CONVEX_URL",
|
|
6674
|
+
"CONVEX_URL_DEVELOPMENT",
|
|
6675
|
+
"CONVEX_URL_PRODUCTION",
|
|
6676
|
+
"STACK_CONVEX_URL"
|
|
6677
|
+
];
|
|
6678
|
+
}
|
|
6679
|
+
if (system.id === "stack-eng") {
|
|
6680
|
+
return ["STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6681
|
+
}
|
|
6682
|
+
if (system.id === "lucern-graph") {
|
|
6683
|
+
return [
|
|
6684
|
+
"CONVEX_GRAPH_URL",
|
|
6685
|
+
"LUCERN_PROD_URL",
|
|
6686
|
+
"NEXT_PUBLIC_LUCERN_GRAPH_URL"
|
|
6687
|
+
];
|
|
6688
|
+
}
|
|
6689
|
+
return void 0;
|
|
6690
|
+
}
|
|
6691
|
+
function tenantConvexDeployKeyAliases(system) {
|
|
6692
|
+
if (system.id === "stack-frontend") {
|
|
6693
|
+
return [
|
|
6694
|
+
"CONVEX_STACK_V2_PROD_DEPLOY_KEY",
|
|
6695
|
+
"CONVEX_STACK_V2_STAGING_DEPLOY_KEY",
|
|
6696
|
+
"STACK_DEPLOY_KEY"
|
|
6697
|
+
];
|
|
6698
|
+
}
|
|
6699
|
+
if (system.id === "stackos") {
|
|
6700
|
+
return [
|
|
6701
|
+
"CONVEX_DEPLOY_KEY",
|
|
6702
|
+
"CONVEX_DEV_DEPLOY_KEY",
|
|
6703
|
+
"CONVEX_PROD_DEPLOY_KEY",
|
|
6704
|
+
"CONVEX_STACK_DEPLOY_KEY",
|
|
6705
|
+
"STACK_DEPLOY_KEY"
|
|
6706
|
+
];
|
|
6707
|
+
}
|
|
6708
|
+
if (system.id === "stack-eng") {
|
|
6709
|
+
return ["CONVEX_DEPLOY_KEY", "STACKOS_ENGINEERING_GRAPH_DEPLOY_KEY"];
|
|
6710
|
+
}
|
|
6711
|
+
if (system.id === "lucern-graph") {
|
|
6712
|
+
return [
|
|
6713
|
+
"CONVEX_DEPLOY_KEY",
|
|
6714
|
+
"CONVEX_GRAPH_DEPLOY_KEY",
|
|
6715
|
+
"LUCERN_CONVEX_DEPLOY_KEY",
|
|
6716
|
+
"LUCERN_DEV_DEPLOY_KEY",
|
|
6717
|
+
"LUCERN_PROD_DEPLOY_KEY"
|
|
6718
|
+
];
|
|
6719
|
+
}
|
|
6720
|
+
return void 0;
|
|
6721
|
+
}
|
|
6722
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap(
|
|
6723
|
+
(system) => {
|
|
6724
|
+
if (system.id === "lucern-graph") {
|
|
6725
|
+
return [
|
|
6726
|
+
{
|
|
6727
|
+
id: "tenant.lucern-graph.public.tenant-id",
|
|
6728
|
+
canonicalName: "NEXT_PUBLIC_LUCERN_GRAPH_TENANT_ID",
|
|
6729
|
+
aliases: ["NEXT_PUBLIC_LUCERN_TENANT_ID"],
|
|
6730
|
+
owner: "tenant",
|
|
6731
|
+
scope: "workspace",
|
|
6732
|
+
sourcePath: system.sharedSourcePath,
|
|
6733
|
+
environmentPolicy: "environment_specific",
|
|
6734
|
+
required: false,
|
|
6735
|
+
secret: false,
|
|
6736
|
+
public: true,
|
|
6737
|
+
consumers: ["tenant-vercel-app"],
|
|
6738
|
+
destinations: [
|
|
6739
|
+
{
|
|
6740
|
+
kind: "vercel",
|
|
6741
|
+
target: system.vercelProjectName,
|
|
6742
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6743
|
+
}
|
|
6744
|
+
],
|
|
6745
|
+
description: "Lucern graph public tenant id used by the standalone graph explorer."
|
|
6746
|
+
},
|
|
6747
|
+
{
|
|
6748
|
+
id: "tenant.lucern-graph.public.tenant-label",
|
|
6749
|
+
canonicalName: "NEXT_PUBLIC_LUCERN_GRAPH_TENANT_LABEL",
|
|
6750
|
+
owner: "tenant",
|
|
6751
|
+
scope: "workspace",
|
|
6752
|
+
sourcePath: system.sharedSourcePath,
|
|
6753
|
+
environmentPolicy: "environment_specific",
|
|
6754
|
+
required: false,
|
|
6755
|
+
secret: false,
|
|
6756
|
+
public: true,
|
|
6757
|
+
consumers: ["tenant-vercel-app"],
|
|
6758
|
+
destinations: [
|
|
6759
|
+
{
|
|
6760
|
+
kind: "vercel",
|
|
6761
|
+
target: system.vercelProjectName,
|
|
6762
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6763
|
+
}
|
|
6764
|
+
],
|
|
6765
|
+
description: "Lucern graph public tenant label used by the standalone graph explorer."
|
|
6766
|
+
}
|
|
6767
|
+
];
|
|
6768
|
+
}
|
|
6769
|
+
if (system.id === "stack-eng") {
|
|
6770
|
+
return [
|
|
6771
|
+
{
|
|
6772
|
+
id: "tenant.stack-eng.public.tenant-id",
|
|
6773
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_TENANT_ID",
|
|
6774
|
+
owner: "tenant",
|
|
6775
|
+
scope: "workspace",
|
|
6776
|
+
sourcePath: system.sharedSourcePath,
|
|
6777
|
+
environmentPolicy: "environment_specific",
|
|
6778
|
+
required: false,
|
|
6779
|
+
secret: false,
|
|
6780
|
+
public: true,
|
|
6781
|
+
consumers: ["tenant-vercel-app"],
|
|
6782
|
+
destinations: [
|
|
6783
|
+
{
|
|
6784
|
+
kind: "vercel",
|
|
6785
|
+
target: system.vercelProjectName,
|
|
6786
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6787
|
+
}
|
|
6788
|
+
],
|
|
6789
|
+
description: "Stack engineering graph public tenant id used by the graph explorer."
|
|
6790
|
+
},
|
|
6791
|
+
{
|
|
6792
|
+
id: "tenant.stack-eng.public.tenant-label",
|
|
6793
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_TENANT_LABEL",
|
|
6794
|
+
owner: "tenant",
|
|
6795
|
+
scope: "workspace",
|
|
6796
|
+
sourcePath: system.sharedSourcePath,
|
|
6797
|
+
environmentPolicy: "environment_specific",
|
|
6798
|
+
required: false,
|
|
6799
|
+
secret: false,
|
|
6800
|
+
public: true,
|
|
6801
|
+
consumers: ["tenant-vercel-app"],
|
|
6802
|
+
destinations: [
|
|
6803
|
+
{
|
|
6804
|
+
kind: "vercel",
|
|
6805
|
+
target: system.vercelProjectName,
|
|
6806
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6807
|
+
}
|
|
6808
|
+
],
|
|
6809
|
+
description: "Stack engineering graph public tenant label used by the graph explorer."
|
|
6810
|
+
},
|
|
6811
|
+
{
|
|
6812
|
+
id: "tenant.stack-eng.public.environment",
|
|
6813
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_ENV",
|
|
6814
|
+
owner: "tenant",
|
|
6815
|
+
scope: "workspace",
|
|
6816
|
+
sourcePath: system.sharedSourcePath,
|
|
6817
|
+
environmentPolicy: "environment_specific",
|
|
6818
|
+
required: false,
|
|
6819
|
+
secret: false,
|
|
6820
|
+
public: true,
|
|
6821
|
+
consumers: ["tenant-vercel-app"],
|
|
6822
|
+
destinations: [
|
|
6823
|
+
{
|
|
6824
|
+
kind: "vercel",
|
|
6825
|
+
target: system.vercelProjectName,
|
|
6826
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6827
|
+
}
|
|
6828
|
+
],
|
|
6829
|
+
description: "Stack engineering graph public environment label used by the graph explorer."
|
|
6830
|
+
}
|
|
6831
|
+
];
|
|
6832
|
+
}
|
|
6833
|
+
return [];
|
|
6834
|
+
}
|
|
5045
6835
|
);
|
|
6836
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap((system) => [
|
|
6837
|
+
{
|
|
6838
|
+
id: `tenant.${system.id}.convex.url`,
|
|
6839
|
+
canonicalName: system.convex.urlEnv,
|
|
6840
|
+
aliases: tenantConvexUrlAliases(system),
|
|
6841
|
+
owner: "tenant",
|
|
6842
|
+
scope: "software_system",
|
|
6843
|
+
sourcePath: system.sharedSourcePath,
|
|
6844
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6845
|
+
required: true,
|
|
6846
|
+
secret: false,
|
|
6847
|
+
public: false,
|
|
6848
|
+
consumers: [
|
|
6849
|
+
"tenant-vercel-app",
|
|
6850
|
+
"tenant-agent-runtime",
|
|
6851
|
+
"mc-operator-tooling"
|
|
6852
|
+
],
|
|
6853
|
+
destinations: [
|
|
6854
|
+
{
|
|
6855
|
+
kind: "vercel",
|
|
6856
|
+
target: system.vercelProjectName,
|
|
6857
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6858
|
+
writeNames: tenantVercelConvexUrlWriteNames(system)
|
|
6859
|
+
},
|
|
6860
|
+
{
|
|
6861
|
+
kind: "github_actions",
|
|
6862
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6863
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6864
|
+
writeNames: tenantRepositoryConvexUrlWriteNames(system),
|
|
6865
|
+
notes: "Only if that repository deploy/test workflow owns this software system."
|
|
6866
|
+
}
|
|
6867
|
+
],
|
|
6868
|
+
description: `${system.tenantKey}/${system.workspaceKey} Convex URL. Pre-prod resolves to ${system.convex.preprodDeployment}; prod resolves to ${system.convex.prodDeployment}.`
|
|
6869
|
+
},
|
|
6870
|
+
{
|
|
6871
|
+
id: `tenant.${system.id}.convex.deploy-key`,
|
|
6872
|
+
canonicalName: system.convex.deployKeyEnv,
|
|
6873
|
+
aliases: tenantConvexDeployKeyAliases(system),
|
|
6874
|
+
owner: "tenant",
|
|
6875
|
+
scope: "software_system",
|
|
6876
|
+
sourcePath: system.sharedSourcePath,
|
|
6877
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6878
|
+
required: true,
|
|
6879
|
+
secret: true,
|
|
6880
|
+
public: false,
|
|
6881
|
+
consumers: [
|
|
6882
|
+
"tenant-vercel-app",
|
|
6883
|
+
"tenant-agent-runtime",
|
|
6884
|
+
"mc-operator-tooling"
|
|
6885
|
+
],
|
|
6886
|
+
destinations: [
|
|
6887
|
+
{
|
|
6888
|
+
kind: "vercel",
|
|
6889
|
+
target: system.vercelProjectName,
|
|
6890
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6891
|
+
},
|
|
6892
|
+
{
|
|
6893
|
+
kind: "github_actions",
|
|
6894
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6895
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6896
|
+
writeNames: tenantRepositoryConvexDeployKeyWriteNames(system),
|
|
6897
|
+
notes: "Only if that repository deploy/test workflow owns this software system."
|
|
6898
|
+
}
|
|
6899
|
+
],
|
|
6900
|
+
description: `${system.tenantKey}/${system.workspaceKey} Convex deploy/admin key. Never route to sibling workspaces.`
|
|
6901
|
+
}
|
|
6902
|
+
]);
|
|
5046
6903
|
z.object({
|
|
5047
6904
|
manifestVersion: z.literal("1.0.0"),
|
|
5048
6905
|
rules: z.array(
|
|
@@ -5083,7 +6940,7 @@ var createEvidenceInputSchemaBase = z.object({
|
|
|
5083
6940
|
targetId: z.string().optional(),
|
|
5084
6941
|
targetNodeId: z.string().optional(),
|
|
5085
6942
|
linkedBeliefNodeId: z.string().optional(),
|
|
5086
|
-
evidenceRelation: z.enum(["supports", "contradicts"
|
|
6943
|
+
evidenceRelation: z.enum(["supports", "contradicts"]).optional(),
|
|
5087
6944
|
confidence: z.number().optional(),
|
|
5088
6945
|
weight: z.number().optional(),
|
|
5089
6946
|
reasoning: z.string().optional(),
|
|
@@ -5168,8 +7025,7 @@ var createEvidenceProjection = defineProjection({
|
|
|
5168
7025
|
evidenceRelation: v.optional(
|
|
5169
7026
|
v.union(
|
|
5170
7027
|
v.literal("supports"),
|
|
5171
|
-
v.literal("contradicts")
|
|
5172
|
-
v.literal("neutral")
|
|
7028
|
+
v.literal("contradicts")
|
|
5173
7029
|
)
|
|
5174
7030
|
),
|
|
5175
7031
|
confidence: v.optional(v.number()),
|
|
@@ -5194,7 +7050,7 @@ function compactRecord2(input) {
|
|
|
5194
7050
|
Object.entries(input).filter(([, value]) => value !== void 0)
|
|
5195
7051
|
);
|
|
5196
7052
|
}
|
|
5197
|
-
|
|
7053
|
+
defineProjection({
|
|
5198
7054
|
contractName: "list_beliefs",
|
|
5199
7055
|
inputSchema: listBeliefsInputSchema,
|
|
5200
7056
|
project: (input) => compactRecord2({
|
|
@@ -5218,12 +7074,17 @@ var listBeliefsProjection = defineProjection({
|
|
|
5218
7074
|
});
|
|
5219
7075
|
var taskStatusSchema = z.enum(["todo", "in_progress", "blocked", "done"]).optional().describe("Filter by task status");
|
|
5220
7076
|
var listTasksInputSchema = z.object({
|
|
5221
|
-
topicId: z.string().describe("Topic scope"),
|
|
7077
|
+
topicId: z.string().optional().describe("Topic scope"),
|
|
5222
7078
|
worktreeId: z.string().optional().describe("Alias for linkedWorktreeId"),
|
|
5223
7079
|
linkedWorktreeId: z.string().optional().describe("Filter to tasks linked to this worktree"),
|
|
5224
7080
|
status: taskStatusSchema,
|
|
5225
7081
|
limit: z.number().optional().describe("Maximum results")
|
|
5226
|
-
})
|
|
7082
|
+
}).refine(
|
|
7083
|
+
(input) => Boolean(input.topicId || input.worktreeId || input.linkedWorktreeId),
|
|
7084
|
+
{
|
|
7085
|
+
message: "topicId or worktreeId is required"
|
|
7086
|
+
}
|
|
7087
|
+
);
|
|
5227
7088
|
function compactRecord3(input) {
|
|
5228
7089
|
return Object.fromEntries(
|
|
5229
7090
|
Object.entries(input).filter(([, value]) => value !== void 0)
|
|
@@ -5240,7 +7101,7 @@ var listTasksProjection = defineProjection({
|
|
|
5240
7101
|
linkedWorktreeId: input.linkedWorktreeId ?? input.worktreeId
|
|
5241
7102
|
}),
|
|
5242
7103
|
convexArgsValidator: v.object({
|
|
5243
|
-
topicId: v.string(),
|
|
7104
|
+
topicId: v.optional(v.string()),
|
|
5244
7105
|
status: v.optional(
|
|
5245
7106
|
v.union(
|
|
5246
7107
|
v.literal("todo"),
|
|
@@ -6218,19 +8079,23 @@ var FIND_CONTRADICTIONS = {
|
|
|
6218
8079
|
};
|
|
6219
8080
|
var CREATE_EDGE = {
|
|
6220
8081
|
name: "create_edge",
|
|
6221
|
-
description: "Commit a typed relationship between two nodes in the reasoning graph. Like `git commit` \u2014 an atomic write that declares a dependency between nodes.
|
|
8082
|
+
description: "Commit a typed relationship between two nodes in the reasoning graph. Like `git commit` \u2014 an atomic write that declares a dependency between nodes. Accepts any public epistemic edge type between public graph node refs so agents can author the full spine.",
|
|
6222
8083
|
parameters: {
|
|
6223
|
-
|
|
6224
|
-
type: "
|
|
6225
|
-
description: "Source
|
|
8084
|
+
from: {
|
|
8085
|
+
type: "object",
|
|
8086
|
+
description: "Source graph ref, e.g. { kind: 'epistemic_node', nodeId: '...', nodeType: 'topic' }"
|
|
6226
8087
|
},
|
|
6227
|
-
|
|
6228
|
-
type: "
|
|
6229
|
-
description: "Target
|
|
8088
|
+
to: {
|
|
8089
|
+
type: "object",
|
|
8090
|
+
description: "Target graph ref, e.g. { kind: 'epistemic_node', nodeId: '...', nodeType: 'belief' }"
|
|
6230
8091
|
},
|
|
6231
8092
|
edgeType: {
|
|
6232
8093
|
type: "string",
|
|
6233
|
-
description: "Relationship type
|
|
8094
|
+
description: "Relationship type from the public epistemic edge enum."
|
|
8095
|
+
},
|
|
8096
|
+
globalId: {
|
|
8097
|
+
type: "string",
|
|
8098
|
+
description: "Optional idempotent edge global ID."
|
|
6234
8099
|
},
|
|
6235
8100
|
weight: {
|
|
6236
8101
|
type: "number",
|
|
@@ -6240,10 +8105,14 @@ var CREATE_EDGE = {
|
|
|
6240
8105
|
reasoningMethod: {
|
|
6241
8106
|
type: "string",
|
|
6242
8107
|
description: "How this was determined",
|
|
6243
|
-
enum: [
|
|
8108
|
+
enum: [...REASONING_METHODS]
|
|
8109
|
+
},
|
|
8110
|
+
metadata: {
|
|
8111
|
+
type: "object",
|
|
8112
|
+
description: "Optional edge metadata."
|
|
6244
8113
|
}
|
|
6245
8114
|
},
|
|
6246
|
-
required: ["
|
|
8115
|
+
required: ["from", "to", "edgeType"],
|
|
6247
8116
|
response: {
|
|
6248
8117
|
description: "The created edge",
|
|
6249
8118
|
fields: {
|
|
@@ -6257,6 +8126,240 @@ var CREATE_EDGE = {
|
|
|
6257
8126
|
ontologyPrimitive: "edge",
|
|
6258
8127
|
tier: "showcase"
|
|
6259
8128
|
};
|
|
8129
|
+
var UPDATE_EDGE = {
|
|
8130
|
+
name: "update_edge",
|
|
8131
|
+
description: "Amend metadata on an existing graph edge. Like `git commit --amend` \u2014 changes the edge annotation without recreating the relationship.",
|
|
8132
|
+
parameters: {
|
|
8133
|
+
edgeId: { type: "string", description: "Edge ID or global ID to update" },
|
|
8134
|
+
weight: { type: "number", description: "Updated edge weight" },
|
|
8135
|
+
confidence: { type: "number", description: "Updated confidence" },
|
|
8136
|
+
context: { type: "string", description: "Updated human-readable context" },
|
|
8137
|
+
derivationType: { type: "string", description: "Updated derivation type" },
|
|
8138
|
+
metadata: { type: "object", description: "Updated metadata" }
|
|
8139
|
+
},
|
|
8140
|
+
required: ["edgeId"],
|
|
8141
|
+
response: {
|
|
8142
|
+
description: "Edge update result",
|
|
8143
|
+
fields: { success: "boolean" }
|
|
8144
|
+
},
|
|
8145
|
+
ownerModule: "graph-primitives",
|
|
8146
|
+
ontologyPrimitive: "edge",
|
|
8147
|
+
tier: "workhorse"
|
|
8148
|
+
};
|
|
8149
|
+
var REMOVE_EDGE = {
|
|
8150
|
+
name: "remove_edge",
|
|
8151
|
+
description: "Remove one graph edge by ID. Like `git rm` \u2014 deletes a single explicit relationship from the spine.",
|
|
8152
|
+
parameters: {
|
|
8153
|
+
edgeId: { type: "string", description: "Edge ID or global ID to remove" }
|
|
8154
|
+
},
|
|
8155
|
+
required: ["edgeId"],
|
|
8156
|
+
response: {
|
|
8157
|
+
description: "Edge removal result",
|
|
8158
|
+
fields: { success: "boolean" }
|
|
8159
|
+
},
|
|
8160
|
+
ownerModule: "graph-primitives",
|
|
8161
|
+
ontologyPrimitive: "edge",
|
|
8162
|
+
tier: "workhorse"
|
|
8163
|
+
};
|
|
8164
|
+
var REMOVE_EDGES_BETWEEN = {
|
|
8165
|
+
name: "remove_edges_between",
|
|
8166
|
+
description: "Remove graph edges between two nodes. Like `git rm <pathspec>` \u2014 deletes relationships matching a source, target, and optional type.",
|
|
8167
|
+
parameters: {
|
|
8168
|
+
fromNodeId: { type: "string", description: "Source node ID or global ID" },
|
|
8169
|
+
toNodeId: { type: "string", description: "Target node ID or global ID" },
|
|
8170
|
+
edgeType: { type: "string", description: "Optional edge type filter" }
|
|
8171
|
+
},
|
|
8172
|
+
required: ["fromNodeId", "toNodeId"],
|
|
8173
|
+
response: {
|
|
8174
|
+
description: "Matched edge removal result",
|
|
8175
|
+
fields: { deleted: "number" }
|
|
8176
|
+
},
|
|
8177
|
+
ownerModule: "graph-primitives",
|
|
8178
|
+
ontologyPrimitive: "edge",
|
|
8179
|
+
tier: "workhorse"
|
|
8180
|
+
};
|
|
8181
|
+
var BATCH_CREATE_EDGES = {
|
|
8182
|
+
name: "batch_create_edges",
|
|
8183
|
+
description: "Commit multiple typed graph edges. Like `git commit` with many staged paths \u2014 writes a batch of explicit relationships atomically per edge.",
|
|
8184
|
+
parameters: {
|
|
8185
|
+
edges: {
|
|
8186
|
+
type: "array",
|
|
8187
|
+
description: "Edges to create, each with from, to, edgeType, and optional weight/confidence/context."
|
|
8188
|
+
},
|
|
8189
|
+
skipLayerValidation: {
|
|
8190
|
+
type: "boolean",
|
|
8191
|
+
description: "Skip kernel layer validation for trusted materialization flows."
|
|
8192
|
+
}
|
|
8193
|
+
},
|
|
8194
|
+
required: ["edges"],
|
|
8195
|
+
response: {
|
|
8196
|
+
description: "Batch edge creation result",
|
|
8197
|
+
fields: {
|
|
8198
|
+
created: "number",
|
|
8199
|
+
results: "array",
|
|
8200
|
+
errors: "array"
|
|
8201
|
+
}
|
|
8202
|
+
},
|
|
8203
|
+
ownerModule: "graph-primitives",
|
|
8204
|
+
ontologyPrimitive: "edge",
|
|
8205
|
+
tier: "workhorse"
|
|
8206
|
+
};
|
|
8207
|
+
var CREATE_EPISTEMIC_NODE = {
|
|
8208
|
+
name: "create_epistemic_node",
|
|
8209
|
+
description: "Commit a generic epistemic graph node. Like `git commit` \u2014 creates a canonical node in the public spine for topics, beliefs, evidence, questions, answers, sources, and entities.",
|
|
8210
|
+
parameters: {
|
|
8211
|
+
globalId: { type: "string", description: "Optional idempotent node global ID" },
|
|
8212
|
+
nodeType: { type: "string", description: "Public epistemic node type" },
|
|
8213
|
+
canonicalText: { type: "string", description: "Canonical node text" },
|
|
8214
|
+
text: { type: "string", description: "Alias for canonicalText" },
|
|
8215
|
+
contentHash: { type: "string", description: "Optional idempotency content hash" },
|
|
8216
|
+
sourceType: { type: "string", description: "Source type for provenance" },
|
|
8217
|
+
topicId: { type: "string", description: "Optional topic scope" },
|
|
8218
|
+
content: { type: "string", description: "Extended content" },
|
|
8219
|
+
title: { type: "string", description: "Display title" },
|
|
8220
|
+
metadata: { type: "object", description: "Optional node metadata" }
|
|
8221
|
+
},
|
|
8222
|
+
required: ["nodeType"],
|
|
8223
|
+
response: {
|
|
8224
|
+
description: "Created node result",
|
|
8225
|
+
fields: {
|
|
8226
|
+
nodeId: "string",
|
|
8227
|
+
nodeGlobalId: "string",
|
|
8228
|
+
isDuplicate: "boolean"
|
|
8229
|
+
}
|
|
8230
|
+
},
|
|
8231
|
+
ownerModule: "reasoning-kernel",
|
|
8232
|
+
ontologyPrimitive: "graph",
|
|
8233
|
+
tier: "showcase"
|
|
8234
|
+
};
|
|
8235
|
+
var GET_EPISTEMIC_NODE = {
|
|
8236
|
+
name: "get_epistemic_node",
|
|
8237
|
+
description: "Read one epistemic graph node. Like `git show` \u2014 resolves a canonical spine node by ID or global ID.",
|
|
8238
|
+
parameters: {
|
|
8239
|
+
nodeId: { type: "string", description: "Node ID or global ID" }
|
|
8240
|
+
},
|
|
8241
|
+
required: ["nodeId"],
|
|
8242
|
+
response: {
|
|
8243
|
+
description: "The resolved node",
|
|
8244
|
+
fields: { node: "object" }
|
|
8245
|
+
},
|
|
8246
|
+
ownerModule: "reasoning-kernel",
|
|
8247
|
+
ontologyPrimitive: "graph",
|
|
8248
|
+
tier: "workhorse"
|
|
8249
|
+
};
|
|
8250
|
+
var LIST_EPISTEMIC_NODES = {
|
|
8251
|
+
name: "list_epistemic_nodes",
|
|
8252
|
+
description: "List epistemic graph nodes. Like `git ls-tree` \u2014 lists canonical spine nodes by topic, type, status, or search query.",
|
|
8253
|
+
parameters: {
|
|
8254
|
+
topicId: { type: "string", description: "Optional topic scope" },
|
|
8255
|
+
nodeType: { type: "string", description: "Optional node type filter" },
|
|
8256
|
+
status: { type: "string", description: "Optional lifecycle status" },
|
|
8257
|
+
searchQuery: { type: "string", description: "Optional text search query" },
|
|
8258
|
+
limit: { type: "number", description: "Maximum nodes to return" }
|
|
8259
|
+
},
|
|
8260
|
+
required: [],
|
|
8261
|
+
response: {
|
|
8262
|
+
description: "Matching nodes",
|
|
8263
|
+
fields: { nodes: "array" }
|
|
8264
|
+
},
|
|
8265
|
+
ownerModule: "reasoning-kernel",
|
|
8266
|
+
ontologyPrimitive: "graph",
|
|
8267
|
+
tier: "workhorse"
|
|
8268
|
+
};
|
|
8269
|
+
var UPDATE_EPISTEMIC_NODE = {
|
|
8270
|
+
name: "update_epistemic_node",
|
|
8271
|
+
description: "Amend an epistemic graph node. Like `git commit --amend` \u2014 updates mutable node metadata, text, status, or verification fields.",
|
|
8272
|
+
parameters: {
|
|
8273
|
+
nodeId: { type: "string", description: "Node ID or global ID" },
|
|
8274
|
+
canonicalText: { type: "string", description: "Updated canonical text" },
|
|
8275
|
+
text: { type: "string", description: "Alias for canonicalText" },
|
|
8276
|
+
contentHash: { type: "string", description: "Updated content hash" },
|
|
8277
|
+
content: { type: "string", description: "Updated content" },
|
|
8278
|
+
title: { type: "string", description: "Updated display title" },
|
|
8279
|
+
metadata: { type: "object", description: "Updated metadata" },
|
|
8280
|
+
confidence: { type: "number", description: "Updated confidence" },
|
|
8281
|
+
verificationStatus: { type: "string", description: "Updated verification status" },
|
|
8282
|
+
status: { type: "string", description: "Updated lifecycle status" }
|
|
8283
|
+
},
|
|
8284
|
+
required: ["nodeId"],
|
|
8285
|
+
response: {
|
|
8286
|
+
description: "Node update result",
|
|
8287
|
+
fields: { success: "boolean" }
|
|
8288
|
+
},
|
|
8289
|
+
ownerModule: "reasoning-kernel",
|
|
8290
|
+
ontologyPrimitive: "graph",
|
|
8291
|
+
tier: "workhorse"
|
|
8292
|
+
};
|
|
8293
|
+
var ARCHIVE_EPISTEMIC_NODE = {
|
|
8294
|
+
name: "archive_epistemic_node",
|
|
8295
|
+
description: "Archive an epistemic graph node. Like `git rm --cached` \u2014 removes a node from active traversal without hard-deleting it.",
|
|
8296
|
+
parameters: {
|
|
8297
|
+
nodeId: { type: "string", description: "Node ID or global ID" }
|
|
8298
|
+
},
|
|
8299
|
+
required: ["nodeId"],
|
|
8300
|
+
response: {
|
|
8301
|
+
description: "Archive result",
|
|
8302
|
+
fields: { success: "boolean", effectiveStatus: "string" }
|
|
8303
|
+
},
|
|
8304
|
+
ownerModule: "reasoning-kernel",
|
|
8305
|
+
ontologyPrimitive: "graph",
|
|
8306
|
+
tier: "workhorse"
|
|
8307
|
+
};
|
|
8308
|
+
var VERIFY_EPISTEMIC_NODE = {
|
|
8309
|
+
name: "verify_epistemic_node",
|
|
8310
|
+
description: "Record verification state on an epistemic graph node. Like `git tag` \u2014 marks the node with a reviewed verification state.",
|
|
8311
|
+
parameters: {
|
|
8312
|
+
nodeId: { type: "string", description: "Node ID or global ID" },
|
|
8313
|
+
verificationStatus: { type: "string", description: "Verification status" },
|
|
8314
|
+
confidence: { type: "number", description: "Optional confidence update" }
|
|
8315
|
+
},
|
|
8316
|
+
required: ["nodeId", "verificationStatus"],
|
|
8317
|
+
response: {
|
|
8318
|
+
description: "Verification result",
|
|
8319
|
+
fields: { success: "boolean" }
|
|
8320
|
+
},
|
|
8321
|
+
ownerModule: "reasoning-kernel",
|
|
8322
|
+
ontologyPrimitive: "graph",
|
|
8323
|
+
tier: "workhorse"
|
|
8324
|
+
};
|
|
8325
|
+
var SUPERSEDE_EPISTEMIC_NODE = {
|
|
8326
|
+
name: "supersede_epistemic_node",
|
|
8327
|
+
description: "Supersede an epistemic graph node with a new version. Like `git commit --amend` on an immutable history branch \u2014 creates the replacement and marks the old node superseded.",
|
|
8328
|
+
parameters: {
|
|
8329
|
+
oldNodeId: { type: "string", description: "Node ID or global ID to supersede" },
|
|
8330
|
+
newGlobalId: { type: "string", description: "Optional replacement global ID" },
|
|
8331
|
+
newCanonicalText: { type: "string", description: "Replacement canonical text" },
|
|
8332
|
+
text: { type: "string", description: "Alias for newCanonicalText" },
|
|
8333
|
+
newContentHash: { type: "string", description: "Optional replacement content hash" },
|
|
8334
|
+
reason: { type: "string", description: "Reason for superseding" }
|
|
8335
|
+
},
|
|
8336
|
+
required: ["oldNodeId"],
|
|
8337
|
+
response: {
|
|
8338
|
+
description: "Supersede result",
|
|
8339
|
+
fields: { oldNodeId: "string", newNodeId: "string" }
|
|
8340
|
+
},
|
|
8341
|
+
ownerModule: "reasoning-kernel",
|
|
8342
|
+
ontologyPrimitive: "graph",
|
|
8343
|
+
tier: "workhorse"
|
|
8344
|
+
};
|
|
8345
|
+
var BATCH_CREATE_EPISTEMIC_NODES = {
|
|
8346
|
+
name: "batch_create_epistemic_nodes",
|
|
8347
|
+
description: "Commit multiple epistemic graph nodes. Like `git commit` with many staged files \u2014 writes a batch of canonical spine nodes.",
|
|
8348
|
+
parameters: {
|
|
8349
|
+
nodes: {
|
|
8350
|
+
type: "array",
|
|
8351
|
+
description: "Nodes to create with nodeType, canonicalText/text, and optional metadata."
|
|
8352
|
+
}
|
|
8353
|
+
},
|
|
8354
|
+
required: ["nodes"],
|
|
8355
|
+
response: {
|
|
8356
|
+
description: "Batch node creation result",
|
|
8357
|
+
fields: { created: "number", results: "array" }
|
|
8358
|
+
},
|
|
8359
|
+
ownerModule: "reasoning-kernel",
|
|
8360
|
+
ontologyPrimitive: "graph",
|
|
8361
|
+
tier: "workhorse"
|
|
8362
|
+
};
|
|
6260
8363
|
var RECORD_JUDGMENT = {
|
|
6261
8364
|
name: "record_judgment",
|
|
6262
8365
|
description: "Record a judgment \u2014 an irreversible commitment based on the current epistemic state. Like a `git tag` marking a release. A judgment synthesizes beliefs, evidence, and uncertainties into a determination. Once issued, a judgment is evaluated against the epistemic state that existed when it was made (knowledge horizon evaluation, Invariant #10).",
|
|
@@ -7456,8 +9559,8 @@ var IDENTITY_WHOAMI = {
|
|
|
7456
9559
|
response: {
|
|
7457
9560
|
description: "Canonical identity summary for the current session",
|
|
7458
9561
|
fields: {
|
|
7459
|
-
principalId: "string \u2014 canonical
|
|
7460
|
-
principalType: "string \u2014 human, service, or
|
|
9562
|
+
principalId: "string \u2014 canonical principal identifier; for humans this is the Clerk user_... ID",
|
|
9563
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
7461
9564
|
tenantId: "string | undefined \u2014 resolved tenant scope",
|
|
7462
9565
|
workspaceId: "string | undefined \u2014 resolved workspace scope",
|
|
7463
9566
|
scopes: "string[] | undefined \u2014 granted scopes for this session",
|
|
@@ -7468,6 +9571,49 @@ var IDENTITY_WHOAMI = {
|
|
|
7468
9571
|
ontologyPrimitive: "identity",
|
|
7469
9572
|
tier: "workhorse"
|
|
7470
9573
|
};
|
|
9574
|
+
var RESOLVE_INTERACTIVE_PRINCIPAL = {
|
|
9575
|
+
name: "resolve_interactive_principal",
|
|
9576
|
+
description: "Read the Permit-backed Lucern principal context for an authenticated Clerk user. Like `git config --get user.email` plus the repository ACL \u2014 resolves the Clerk subject into tenant/workspace authorization context.",
|
|
9577
|
+
parameters: {
|
|
9578
|
+
clerkId: {
|
|
9579
|
+
type: "string",
|
|
9580
|
+
description: "Authenticated Clerk subject (`sub`). Clerk proves identity only; it is not the authorization record."
|
|
9581
|
+
},
|
|
9582
|
+
tenantId: {
|
|
9583
|
+
type: "string",
|
|
9584
|
+
description: "Optional tenant scope. Omit only when the Clerk alias is globally unambiguous."
|
|
9585
|
+
},
|
|
9586
|
+
workspaceId: {
|
|
9587
|
+
type: "string",
|
|
9588
|
+
description: "Optional workspace scope. Required when the principal has access to multiple workspaces and no default can be inferred."
|
|
9589
|
+
},
|
|
9590
|
+
providerProjectId: {
|
|
9591
|
+
type: "string",
|
|
9592
|
+
description: "Optional Clerk project or provider instance id for tenants with multiple identity providers."
|
|
9593
|
+
}
|
|
9594
|
+
},
|
|
9595
|
+
required: ["clerkId"],
|
|
9596
|
+
response: {
|
|
9597
|
+
description: "Permit-backed Lucern principal context for tenant SDK bootstrap",
|
|
9598
|
+
fields: {
|
|
9599
|
+
principalId: "string \u2014 canonical Clerk user_... ID for human sessions",
|
|
9600
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
9601
|
+
clerkId: "string \u2014 authenticated Clerk subject alias",
|
|
9602
|
+
tenantId: "string \u2014 resolved tenant scope",
|
|
9603
|
+
workspaceId: "string | null \u2014 resolved workspace scope",
|
|
9604
|
+
roles: "string[] \u2014 effective Permit roles",
|
|
9605
|
+
scopes: "string[] \u2014 effective scopes derived from Permit/control-plane projection",
|
|
9606
|
+
groupIds: "string[] \u2014 active Permit group memberships",
|
|
9607
|
+
principalStatus: "string \u2014 active, invited, suspended, disabled, revoked, or missing",
|
|
9608
|
+
tenantStatus: "string \u2014 projected tenant resource status",
|
|
9609
|
+
workspaceStatus: "string \u2014 projected workspace resource status",
|
|
9610
|
+
permit: "object \u2014 Permit subject, tenant, and optional workspace tuple"
|
|
9611
|
+
}
|
|
9612
|
+
},
|
|
9613
|
+
ownerModule: "control-plane",
|
|
9614
|
+
ontologyPrimitive: "identity",
|
|
9615
|
+
tier: "workhorse"
|
|
9616
|
+
};
|
|
7471
9617
|
var COMPILE_CONTEXT = {
|
|
7472
9618
|
name: "compile_context",
|
|
7473
9619
|
description: "Compile a focused reasoning context. If topicId is omitted, Lucern resolves the best topic from the query. Like `git log --graph --decorate` for the reasoning substrate \u2014 returns the canonical Pillar 3 context pack through the public API shape.",
|
|
@@ -7729,6 +9875,10 @@ var CREATE_TASK = {
|
|
|
7729
9875
|
tags: {
|
|
7730
9876
|
type: "array",
|
|
7731
9877
|
description: "Free-form string tags"
|
|
9878
|
+
},
|
|
9879
|
+
metadata: {
|
|
9880
|
+
type: "object",
|
|
9881
|
+
description: "Structured task metadata for handoff context and routing hints"
|
|
7732
9882
|
}
|
|
7733
9883
|
},
|
|
7734
9884
|
required: ["title"],
|
|
@@ -7802,6 +9952,10 @@ var UPDATE_TASK = {
|
|
|
7802
9952
|
type: "string",
|
|
7803
9953
|
description: "Updated status",
|
|
7804
9954
|
enum: ["todo", "in_progress", "blocked", "done"]
|
|
9955
|
+
},
|
|
9956
|
+
metadata: {
|
|
9957
|
+
type: "object",
|
|
9958
|
+
description: "Structured task metadata to replace or refine"
|
|
7805
9959
|
}
|
|
7806
9960
|
},
|
|
7807
9961
|
required: ["taskId"],
|
|
@@ -7849,6 +10003,10 @@ var CREATE_TOPIC = {
|
|
|
7849
10003
|
name: "create_topic",
|
|
7850
10004
|
description: "Create a new topic container for scoping knowledge. Like `git init` \u2014 initializes a new repository for a knowledge domain. Topics are hierarchical: a deal topic can nest under a theme topic. Types: domain, theme, deal, strategy, constitution, project, portfolio.",
|
|
7851
10005
|
parameters: {
|
|
10006
|
+
globalId: {
|
|
10007
|
+
type: "string",
|
|
10008
|
+
description: "Optional idempotent topic global ID"
|
|
10009
|
+
},
|
|
7852
10010
|
name: { type: "string", description: "Topic name" },
|
|
7853
10011
|
type: {
|
|
7854
10012
|
type: "string",
|
|
@@ -7859,6 +10017,18 @@ var CREATE_TOPIC = {
|
|
|
7859
10017
|
type: "string",
|
|
7860
10018
|
description: "Optional parent topic for nesting"
|
|
7861
10019
|
},
|
|
10020
|
+
parentTopicGlobalId: {
|
|
10021
|
+
type: "string",
|
|
10022
|
+
description: "Optional parent topic global ID for nesting"
|
|
10023
|
+
},
|
|
10024
|
+
tenantId: { type: "string", description: "Optional tenant scope" },
|
|
10025
|
+
workspaceId: { type: "string", description: "Optional workspace scope" },
|
|
10026
|
+
visibility: {
|
|
10027
|
+
type: "string",
|
|
10028
|
+
description: "Topic visibility",
|
|
10029
|
+
enum: ["private", "team", "firm", "external", "public"]
|
|
10030
|
+
},
|
|
10031
|
+
metadata: { type: "object", description: "Optional topic metadata" },
|
|
7862
10032
|
createdBy: { type: "string", description: "Who created this topic" }
|
|
7863
10033
|
},
|
|
7864
10034
|
required: ["name", "type"],
|
|
@@ -7867,6 +10037,9 @@ var CREATE_TOPIC = {
|
|
|
7867
10037
|
fields: {
|
|
7868
10038
|
id: "string \u2014 topic ID",
|
|
7869
10039
|
globalId: "string \u2014 globally unique ID",
|
|
10040
|
+
topicGlobalId: "string \u2014 topic global ID",
|
|
10041
|
+
epistemicNodeId: "string \u2014 materialized topic node ID",
|
|
10042
|
+
epistemicNodeGlobalId: "string \u2014 materialized topic node global ID",
|
|
7870
10043
|
depth: "number \u2014 nesting depth"
|
|
7871
10044
|
}
|
|
7872
10045
|
},
|
|
@@ -7997,6 +10170,65 @@ var GET_TOPIC_TREE = {
|
|
|
7997
10170
|
ontologyPrimitive: "graph",
|
|
7998
10171
|
tier: "workhorse"
|
|
7999
10172
|
};
|
|
10173
|
+
var MATERIALIZE_TOPIC_GRAPH = {
|
|
10174
|
+
name: "materialize_topic_graph",
|
|
10175
|
+
description: "Backfill the topic graph spine. Like `git fsck --connectivity-only` with repair enabled \u2014 creates missing topic nodes and parent-child edges idempotently.",
|
|
10176
|
+
parameters: {
|
|
10177
|
+
rootTopicId: {
|
|
10178
|
+
type: "string",
|
|
10179
|
+
description: "Optional root topic for a bounded materialization pass"
|
|
10180
|
+
},
|
|
10181
|
+
dryRun: {
|
|
10182
|
+
type: "boolean",
|
|
10183
|
+
description: "When true, report missing rows without writing them"
|
|
10184
|
+
}
|
|
10185
|
+
},
|
|
10186
|
+
required: [],
|
|
10187
|
+
response: {
|
|
10188
|
+
description: "Topic graph materialization counts",
|
|
10189
|
+
fields: {
|
|
10190
|
+
topicsSeen: "number",
|
|
10191
|
+
nodesCreated: "number",
|
|
10192
|
+
nodesExisting: "number",
|
|
10193
|
+
edgesCreated: "number",
|
|
10194
|
+
edgesExisting: "number",
|
|
10195
|
+
errors: "array"
|
|
10196
|
+
}
|
|
10197
|
+
},
|
|
10198
|
+
ownerModule: "reasoning-kernel",
|
|
10199
|
+
ontologyPrimitive: "graph",
|
|
10200
|
+
tier: "workhorse"
|
|
10201
|
+
};
|
|
10202
|
+
var GET_TOPIC_GRAPH_SPINE = {
|
|
10203
|
+
name: "get_topic_graph_spine",
|
|
10204
|
+
description: "Verify the topic graph spine. Like `git fsck` \u2014 reads topics, materialized topic nodes, parent-child edges, and missing spine rows.",
|
|
10205
|
+
parameters: {
|
|
10206
|
+
rootTopicId: {
|
|
10207
|
+
type: "string",
|
|
10208
|
+
description: "Optional root topic for a bounded verifier pass"
|
|
10209
|
+
},
|
|
10210
|
+
includeTopicBeliefEdges: {
|
|
10211
|
+
type: "boolean",
|
|
10212
|
+
description: "Include topic -> belief edges in the verifier payload"
|
|
10213
|
+
}
|
|
10214
|
+
},
|
|
10215
|
+
required: [],
|
|
10216
|
+
response: {
|
|
10217
|
+
description: "Topic graph spine verification payload",
|
|
10218
|
+
fields: {
|
|
10219
|
+
ok: "boolean",
|
|
10220
|
+
counts: "object",
|
|
10221
|
+
topics: "array",
|
|
10222
|
+
topicNodes: "array",
|
|
10223
|
+
parentEdges: "array",
|
|
10224
|
+
missingTopicNodes: "array",
|
|
10225
|
+
missingParentEdges: "array"
|
|
10226
|
+
}
|
|
10227
|
+
},
|
|
10228
|
+
ownerModule: "reasoning-kernel",
|
|
10229
|
+
ontologyPrimitive: "graph",
|
|
10230
|
+
tier: "workhorse"
|
|
10231
|
+
};
|
|
8000
10232
|
var GET_CODE_CONTEXT = {
|
|
8001
10233
|
name: "get_code_context",
|
|
8002
10234
|
description: "Returns code-grounded beliefs, contracts, migration states, and failed attempts anchored to a specific file or function path. Like `git log -- <path>` \u2014 filters the knowledge graph to nodes anchored to a file path via metadata.codeAnchors. Results are separated by coding belief type: decisions, contracts, migrations, patterns, deprecations, and failures.",
|
|
@@ -8192,7 +10424,7 @@ var MANAGE_WRITE_POLICY = {
|
|
|
8192
10424
|
},
|
|
8193
10425
|
role: {
|
|
8194
10426
|
type: "string",
|
|
8195
|
-
description: "Role to set policy for (required for 'set'). E.g. 'agent:internal'
|
|
10427
|
+
description: "Role to set policy for (required for 'set'). E.g. 'agent:internal' or a Permit role key such as 'workspace_admin'."
|
|
8196
10428
|
},
|
|
8197
10429
|
permission: {
|
|
8198
10430
|
type: "string",
|
|
@@ -9179,6 +11411,9 @@ var BEGIN_BUILD_SESSION = {
|
|
|
9179
11411
|
sessionMode: "string \u2014 async | interactive",
|
|
9180
11412
|
targetBeliefIds: "array \u2014 scoped belief IDs",
|
|
9181
11413
|
targetQuestionIds: "array \u2014 scoped question IDs",
|
|
11414
|
+
taskIds: "array \u2014 assigned task IDs for this worktree",
|
|
11415
|
+
incompleteTaskIds: "array \u2014 assigned task IDs that still require done/deferred/blocked proof",
|
|
11416
|
+
tasks: "array \u2014 assigned task packet with id, title, status, priority, links, and summaries",
|
|
9182
11417
|
topBeliefs: "array \u2014 highest-confidence scoped beliefs",
|
|
9183
11418
|
openQuestions: "array \u2014 open scoped questions",
|
|
9184
11419
|
resolvedDecisions: "array \u2014 answered questions summarized for the session",
|
|
@@ -9234,6 +11469,19 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9234
11469
|
bisect_confidence: BISECT_CONFIDENCE,
|
|
9235
11470
|
// Edges (commit)
|
|
9236
11471
|
create_edge: CREATE_EDGE,
|
|
11472
|
+
update_edge: UPDATE_EDGE,
|
|
11473
|
+
remove_edge: REMOVE_EDGE,
|
|
11474
|
+
remove_edges_between: REMOVE_EDGES_BETWEEN,
|
|
11475
|
+
batch_create_edges: BATCH_CREATE_EDGES,
|
|
11476
|
+
// Epistemic node spine (commit/amend/show)
|
|
11477
|
+
create_epistemic_node: CREATE_EPISTEMIC_NODE,
|
|
11478
|
+
get_epistemic_node: GET_EPISTEMIC_NODE,
|
|
11479
|
+
list_epistemic_nodes: LIST_EPISTEMIC_NODES,
|
|
11480
|
+
update_epistemic_node: UPDATE_EPISTEMIC_NODE,
|
|
11481
|
+
archive_epistemic_node: ARCHIVE_EPISTEMIC_NODE,
|
|
11482
|
+
verify_epistemic_node: VERIFY_EPISTEMIC_NODE,
|
|
11483
|
+
supersede_epistemic_node: SUPERSEDE_EPISTEMIC_NODE,
|
|
11484
|
+
batch_create_epistemic_nodes: BATCH_CREATE_EPISTEMIC_NODES,
|
|
9237
11485
|
// Judgments (tag)
|
|
9238
11486
|
record_judgment: RECORD_JUDGMENT,
|
|
9239
11487
|
// Graph intelligence (showcase)
|
|
@@ -9268,6 +11516,7 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9268
11516
|
update_worktree_targets: UPDATE_WORKTREE_TARGETS,
|
|
9269
11517
|
update_worktree_metadata: UPDATE_WORKTREE_METADATA,
|
|
9270
11518
|
identity_whoami: IDENTITY_WHOAMI,
|
|
11519
|
+
resolve_interactive_principal: RESOLVE_INTERACTIVE_PRINCIPAL,
|
|
9271
11520
|
compile_context: COMPILE_CONTEXT,
|
|
9272
11521
|
record_scope_learning: RECORD_SCOPE_LEARNING,
|
|
9273
11522
|
pipeline_snapshot: PIPELINE_SNAPSHOT,
|
|
@@ -9307,6 +11556,8 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9307
11556
|
get_topic: GET_TOPIC,
|
|
9308
11557
|
update_topic: UPDATE_TOPIC,
|
|
9309
11558
|
get_topic_tree: GET_TOPIC_TREE,
|
|
11559
|
+
materialize_topic_graph: MATERIALIZE_TOPIC_GRAPH,
|
|
11560
|
+
get_topic_graph_spine: GET_TOPIC_GRAPH_SPINE,
|
|
9310
11561
|
// Coding intelligence (code-grounded knowledge)
|
|
9311
11562
|
get_code_context: GET_CODE_CONTEXT,
|
|
9312
11563
|
get_change_history: GET_CHANGE_HISTORY,
|
|
@@ -9383,6 +11634,7 @@ function entries(names, surfaceClass, surfaceIntent, surfaces, rationale) {
|
|
|
9383
11634
|
var MCP_CORE_OPERATION_NAMES = [
|
|
9384
11635
|
"compile_context",
|
|
9385
11636
|
"identity_whoami",
|
|
11637
|
+
"resolve_interactive_principal",
|
|
9386
11638
|
"check_permission",
|
|
9387
11639
|
"filter_by_permission",
|
|
9388
11640
|
"create_belief",
|
|
@@ -9411,14 +11663,28 @@ var MCP_CORE_OPERATION_NAMES = [
|
|
|
9411
11663
|
"find_missing_questions",
|
|
9412
11664
|
"get_high_priority_questions",
|
|
9413
11665
|
"get_falsification_questions",
|
|
11666
|
+
"create_epistemic_node",
|
|
11667
|
+
"get_epistemic_node",
|
|
11668
|
+
"list_epistemic_nodes",
|
|
11669
|
+
"update_epistemic_node",
|
|
11670
|
+
"archive_epistemic_node",
|
|
11671
|
+
"verify_epistemic_node",
|
|
11672
|
+
"supersede_epistemic_node",
|
|
11673
|
+
"batch_create_epistemic_nodes",
|
|
9414
11674
|
"create_topic",
|
|
9415
11675
|
"get_topic",
|
|
9416
11676
|
"list_topics",
|
|
9417
11677
|
"update_topic",
|
|
9418
|
-
"get_topic_tree"
|
|
11678
|
+
"get_topic_tree",
|
|
11679
|
+
"materialize_topic_graph",
|
|
11680
|
+
"get_topic_graph_spine"
|
|
9419
11681
|
];
|
|
9420
11682
|
var MCP_ANALYSIS_PLATFORM_OPERATION_NAMES = [
|
|
9421
11683
|
"create_edge",
|
|
11684
|
+
"update_edge",
|
|
11685
|
+
"remove_edge",
|
|
11686
|
+
"remove_edges_between",
|
|
11687
|
+
"batch_create_edges",
|
|
9422
11688
|
"query_lineage",
|
|
9423
11689
|
"traverse_graph",
|
|
9424
11690
|
"get_graph_neighborhood",
|
|
@@ -9750,12 +12016,20 @@ function unwrapMcpParameterSchema(schema) {
|
|
|
9750
12016
|
current = current._def.schema;
|
|
9751
12017
|
continue;
|
|
9752
12018
|
default:
|
|
9753
|
-
return {
|
|
12019
|
+
return {
|
|
12020
|
+
schema: current,
|
|
12021
|
+
required,
|
|
12022
|
+
description: description ?? current.description
|
|
12023
|
+
};
|
|
9754
12024
|
}
|
|
9755
12025
|
}
|
|
9756
12026
|
}
|
|
9757
12027
|
function mcpParameterFromZod(fieldName, schema, contractName) {
|
|
9758
|
-
const {
|
|
12028
|
+
const {
|
|
12029
|
+
schema: unwrapped,
|
|
12030
|
+
required,
|
|
12031
|
+
description: schemaDescription
|
|
12032
|
+
} = unwrapMcpParameterSchema(schema);
|
|
9759
12033
|
const description = schemaDescription ?? unwrapped.description ?? fieldName;
|
|
9760
12034
|
switch (unwrapped._def.typeName) {
|
|
9761
12035
|
case z.ZodFirstPartyTypeKind.ZodString:
|
|
@@ -9800,10 +12074,12 @@ function mcpContractFromArgsSchema(base, args, contractName) {
|
|
|
9800
12074
|
const entries2 = Object.entries(getObjectShape(args)).sort(
|
|
9801
12075
|
([left], [right]) => left.localeCompare(right)
|
|
9802
12076
|
);
|
|
9803
|
-
const converted = entries2.map(
|
|
9804
|
-
fieldName,
|
|
9805
|
-
|
|
9806
|
-
|
|
12077
|
+
const converted = entries2.map(
|
|
12078
|
+
([fieldName, schema]) => [
|
|
12079
|
+
fieldName,
|
|
12080
|
+
mcpParameterFromZod(fieldName, schema, contractName)
|
|
12081
|
+
]
|
|
12082
|
+
);
|
|
9807
12083
|
return {
|
|
9808
12084
|
...base,
|
|
9809
12085
|
parameters: Object.fromEntries(
|
|
@@ -9912,9 +12188,16 @@ function surfaceContract(args) {
|
|
|
9912
12188
|
scopes: args.scopes ?? [
|
|
9913
12189
|
args.kind === "query" ? `${args.domain}.read` : `${args.domain}.write`
|
|
9914
12190
|
],
|
|
9915
|
-
allowedPrincipalTypes: [
|
|
12191
|
+
allowedPrincipalTypes: [
|
|
12192
|
+
"user",
|
|
12193
|
+
"service",
|
|
12194
|
+
"agent",
|
|
12195
|
+
"group",
|
|
12196
|
+
"external_viewer"
|
|
12197
|
+
]
|
|
9916
12198
|
},
|
|
9917
12199
|
convex: args.convex,
|
|
12200
|
+
gateway: args.gateway,
|
|
9918
12201
|
args: canonicalArgs,
|
|
9919
12202
|
returns: canonicalReturns,
|
|
9920
12203
|
input,
|
|
@@ -10053,8 +12336,6 @@ var contextContracts = [
|
|
|
10053
12336
|
args: observationContextArgs
|
|
10054
12337
|
})
|
|
10055
12338
|
];
|
|
10056
|
-
|
|
10057
|
-
// ../contracts/src/function-registry/identity.ts
|
|
10058
12339
|
var withPrincipal = (input, context) => ({
|
|
10059
12340
|
...input,
|
|
10060
12341
|
tenantId: input.tenantId ?? context.tenantId,
|
|
@@ -10073,11 +12354,30 @@ var identityContracts = [
|
|
|
10073
12354
|
sdkNamespace: "identity",
|
|
10074
12355
|
sdkMethod: "whoami",
|
|
10075
12356
|
summary: "Describe the current gateway principal.",
|
|
12357
|
+
gateway: {
|
|
12358
|
+
handler: "identity.whoami"
|
|
12359
|
+
}
|
|
12360
|
+
}),
|
|
12361
|
+
surfaceContract({
|
|
12362
|
+
name: "resolve_interactive_principal",
|
|
12363
|
+
kind: "query",
|
|
12364
|
+
domain: "controlPlane",
|
|
12365
|
+
surfaceClass: "platform_public",
|
|
12366
|
+
method: "POST",
|
|
12367
|
+
path: "/control-plane/identity/resolve-interactive-principal",
|
|
12368
|
+
sdkNamespace: "controlPlane.identity",
|
|
12369
|
+
sdkMethod: "resolveInteractivePrincipal",
|
|
12370
|
+
summary: "Resolve an authenticated Clerk user into a Permit-backed Lucern principal context.",
|
|
12371
|
+
args: z.object({
|
|
12372
|
+
clerkId: z.string().min(1),
|
|
12373
|
+
tenantId: z.string().min(1).optional(),
|
|
12374
|
+
workspaceId: z.string().min(1).optional(),
|
|
12375
|
+
providerProjectId: z.string().min(1).optional()
|
|
12376
|
+
}),
|
|
10076
12377
|
convex: {
|
|
10077
|
-
module: "
|
|
10078
|
-
functionName: "
|
|
10079
|
-
kind: "query"
|
|
10080
|
-
inputProjection: withPrincipal
|
|
12378
|
+
module: "platform",
|
|
12379
|
+
functionName: "resolveInteractivePrincipal",
|
|
12380
|
+
kind: "query"
|
|
10081
12381
|
}
|
|
10082
12382
|
}),
|
|
10083
12383
|
surfaceContract({
|
|
@@ -10159,15 +12459,6 @@ var beliefLookupInput = (input) => compactRecord4({
|
|
|
10159
12459
|
var beliefNodeInput = (input) => compactRecord4({
|
|
10160
12460
|
nodeId: input.nodeId ?? input.id ?? input.beliefId
|
|
10161
12461
|
});
|
|
10162
|
-
var beliefTopicInput = (input) => {
|
|
10163
|
-
const parsed = listBeliefsProjection.inputSchema.safeParse(input);
|
|
10164
|
-
if (!parsed.success) {
|
|
10165
|
-
throw new Error(
|
|
10166
|
-
`list_beliefs projection input rejected: ${parsed.error.message}`
|
|
10167
|
-
);
|
|
10168
|
-
}
|
|
10169
|
-
return compactRecord4(listBeliefsProjection.project(parsed.data));
|
|
10170
|
-
};
|
|
10171
12462
|
var createBeliefInput = (input, context) => {
|
|
10172
12463
|
return withUserId(
|
|
10173
12464
|
compactRecord4({
|
|
@@ -10256,11 +12547,8 @@ var beliefsContracts = [
|
|
|
10256
12547
|
sdkNamespace: "beliefs",
|
|
10257
12548
|
sdkMethod: "listBeliefs",
|
|
10258
12549
|
summary: "List beliefs for a topic.",
|
|
10259
|
-
|
|
10260
|
-
|
|
10261
|
-
functionName: "getByTopic",
|
|
10262
|
-
kind: "query",
|
|
10263
|
-
inputProjection: beliefTopicInput
|
|
12550
|
+
gateway: {
|
|
12551
|
+
handler: "beliefs.list"
|
|
10264
12552
|
},
|
|
10265
12553
|
args: listBeliefsInputSchema
|
|
10266
12554
|
}),
|
|
@@ -10401,7 +12689,7 @@ var beliefsContracts = [
|
|
|
10401
12689
|
})
|
|
10402
12690
|
];
|
|
10403
12691
|
var jsonRecordSchema4 = z.record(z.unknown());
|
|
10404
|
-
var evidenceRelationSchema = z.enum(["supports", "contradicts"
|
|
12692
|
+
var evidenceRelationSchema = z.enum(["supports", "contradicts"]);
|
|
10405
12693
|
var createEvidenceArgs = z.object({
|
|
10406
12694
|
topicId: z.string().optional().describe("Topic scope for the evidence."),
|
|
10407
12695
|
text: z.string().describe("Canonical evidence text."),
|
|
@@ -10445,12 +12733,6 @@ var evidenceIdInput = (input) => compactRecord4({
|
|
|
10445
12733
|
insightId: input.insightId,
|
|
10446
12734
|
nodeId: input.nodeId ?? input.id ?? input.evidenceId
|
|
10447
12735
|
});
|
|
10448
|
-
var evidenceTopicInput = (input) => compactRecord4({
|
|
10449
|
-
topicId: input.topicId,
|
|
10450
|
-
status: input.status,
|
|
10451
|
-
userId: input.userId,
|
|
10452
|
-
limit: input.limit
|
|
10453
|
-
});
|
|
10454
12736
|
var createEvidenceInput = (input, context) => {
|
|
10455
12737
|
const parsed = createEvidenceProjection.inputSchema.safeParse(input);
|
|
10456
12738
|
if (!parsed.success) {
|
|
@@ -10467,12 +12749,12 @@ var linkEvidenceToBeliefEdgeInput = (input, context) => withCreatedBy(
|
|
|
10467
12749
|
compactRecord4({
|
|
10468
12750
|
fromNodeId: input.insightId ?? input.evidenceNodeId ?? input.evidenceId,
|
|
10469
12751
|
toNodeId: input.beliefNodeId ?? input.beliefId ?? input.targetId,
|
|
10470
|
-
edgeType: "
|
|
12752
|
+
edgeType: "informs",
|
|
10471
12753
|
globalId: input.globalId ?? `edge:${String(
|
|
10472
12754
|
input.insightId ?? input.evidenceNodeId ?? input.evidenceId
|
|
10473
12755
|
)}:${String(
|
|
10474
12756
|
input.beliefNodeId ?? input.beliefId ?? input.targetId
|
|
10475
|
-
)}:
|
|
12757
|
+
)}:informs`,
|
|
10476
12758
|
weight: typeof input.weight === "number" ? input.weight : input.type === "contradicting" ? -1 : 1,
|
|
10477
12759
|
context: input.rationale ?? input.context,
|
|
10478
12760
|
skipLayerValidation: true,
|
|
@@ -10485,12 +12767,12 @@ var linkEvidenceToQuestionEdgeInput = (input, context) => withCreatedBy(
|
|
|
10485
12767
|
compactRecord4({
|
|
10486
12768
|
fromNodeId: input.insightId ?? input.evidenceNodeId ?? input.evidenceId,
|
|
10487
12769
|
toNodeId: input.questionId ?? input.questionNodeId ?? input.targetId,
|
|
10488
|
-
edgeType: "
|
|
12770
|
+
edgeType: "responds_to",
|
|
10489
12771
|
globalId: input.globalId ?? `edge:${String(
|
|
10490
12772
|
input.insightId ?? input.evidenceNodeId ?? input.evidenceId
|
|
10491
12773
|
)}:${String(
|
|
10492
12774
|
input.questionId ?? input.questionNodeId ?? input.targetId
|
|
10493
|
-
)}:
|
|
12775
|
+
)}:responds_to`,
|
|
10494
12776
|
weight: input.impactScore ?? input.weight,
|
|
10495
12777
|
context: input.rationale ?? input.context,
|
|
10496
12778
|
skipLayerValidation: true,
|
|
@@ -10581,11 +12863,8 @@ var evidenceContracts = [
|
|
|
10581
12863
|
sdkNamespace: "evidence",
|
|
10582
12864
|
sdkMethod: "listEvidence",
|
|
10583
12865
|
summary: "List evidence for a topic.",
|
|
10584
|
-
|
|
10585
|
-
|
|
10586
|
-
functionName: "getByTopic",
|
|
10587
|
-
kind: "query",
|
|
10588
|
-
inputProjection: evidenceTopicInput
|
|
12866
|
+
gateway: {
|
|
12867
|
+
handler: "evidence.list"
|
|
10589
12868
|
}
|
|
10590
12869
|
}),
|
|
10591
12870
|
surfaceContract({
|
|
@@ -10820,11 +13099,8 @@ var questionsContracts = [
|
|
|
10820
13099
|
sdkNamespace: "questions",
|
|
10821
13100
|
sdkMethod: "listQuestions",
|
|
10822
13101
|
summary: "List questions for a topic.",
|
|
10823
|
-
|
|
10824
|
-
|
|
10825
|
-
functionName: "getByTopic",
|
|
10826
|
-
kind: "query",
|
|
10827
|
-
inputProjection: questionTopicInput
|
|
13102
|
+
gateway: {
|
|
13103
|
+
handler: "questions.list"
|
|
10828
13104
|
}
|
|
10829
13105
|
}),
|
|
10830
13106
|
surfaceContract({
|
|
@@ -11027,18 +13303,50 @@ var questionsContracts = [
|
|
|
11027
13303
|
args: falsificationQuestionsArgs
|
|
11028
13304
|
})
|
|
11029
13305
|
];
|
|
13306
|
+
var topicVisibilitySchema = z.enum([
|
|
13307
|
+
"private",
|
|
13308
|
+
"team",
|
|
13309
|
+
"firm",
|
|
13310
|
+
"external",
|
|
13311
|
+
"public"
|
|
13312
|
+
]);
|
|
13313
|
+
var topicStatusSchema = z.enum(["active", "archived", "watching"]);
|
|
13314
|
+
var createTopicArgs = z.object({
|
|
13315
|
+
globalId: z.string().optional().describe("Optional idempotent topic global ID."),
|
|
13316
|
+
name: z.string().describe("Topic name."),
|
|
13317
|
+
description: z.string().optional().describe("Topic description."),
|
|
13318
|
+
type: z.string().describe("Topic type."),
|
|
13319
|
+
parentTopicId: z.string().optional().describe("Optional parent topic ID."),
|
|
13320
|
+
parentTopicGlobalId: z.string().optional().describe("Optional parent topic global ID."),
|
|
13321
|
+
ontologyId: z.string().optional().describe("Ontology to bind."),
|
|
13322
|
+
tenantId: z.string().optional().describe("Optional tenant scope."),
|
|
13323
|
+
workspaceId: z.string().optional().describe("Optional workspace scope."),
|
|
13324
|
+
visibility: topicVisibilitySchema.optional().describe("Topic visibility."),
|
|
13325
|
+
metadata: z.record(z.unknown()).optional().describe("Topic metadata."),
|
|
13326
|
+
graphScopeProjectId: z.string().optional(),
|
|
13327
|
+
createdBy: z.string().optional()
|
|
13328
|
+
});
|
|
11030
13329
|
var updateTopicArgs = z.object({
|
|
11031
13330
|
id: z.string().describe("Topic ID."),
|
|
11032
13331
|
topicId: z.string().optional().describe("Topic ID alias."),
|
|
11033
13332
|
name: z.string().optional().describe("Topic name."),
|
|
11034
13333
|
description: z.string().optional().describe("Topic description."),
|
|
11035
13334
|
type: z.string().optional().describe("Topic type."),
|
|
11036
|
-
status:
|
|
11037
|
-
visibility:
|
|
13335
|
+
status: topicStatusSchema.optional().describe("Topic status."),
|
|
13336
|
+
visibility: topicVisibilitySchema.optional().describe("Topic visibility."),
|
|
11038
13337
|
ontologyId: z.string().optional().describe("Ontology to bind."),
|
|
11039
13338
|
clearOntologyId: z.boolean().optional().describe("Whether to clear the ontology binding."),
|
|
11040
13339
|
metadata: z.record(z.unknown()).optional().describe("Topic metadata.")
|
|
11041
13340
|
});
|
|
13341
|
+
var materializeTopicGraphArgs = z.object({
|
|
13342
|
+
rootTopicId: z.string().optional().describe("Optional root topic ID."),
|
|
13343
|
+
dryRun: z.boolean().optional().describe("Report missing rows without writing."),
|
|
13344
|
+
createdBy: z.string().optional()
|
|
13345
|
+
});
|
|
13346
|
+
var getTopicGraphSpineArgs = z.object({
|
|
13347
|
+
rootTopicId: z.string().optional().describe("Optional root topic ID."),
|
|
13348
|
+
includeTopicBeliefEdges: z.boolean().optional()
|
|
13349
|
+
});
|
|
11042
13350
|
var topicIdInput = (input) => compactRecord4({
|
|
11043
13351
|
id: input.id ?? input.topicId
|
|
11044
13352
|
});
|
|
@@ -11056,87 +13364,488 @@ var updateTopicInput = (input) => compactRecord4({
|
|
|
11056
13364
|
});
|
|
11057
13365
|
var topicsContracts = [
|
|
11058
13366
|
surfaceContract({
|
|
11059
|
-
name: "create_topic",
|
|
13367
|
+
name: "create_topic",
|
|
13368
|
+
kind: "mutation",
|
|
13369
|
+
domain: "topics",
|
|
13370
|
+
surfaceClass: "platform_public",
|
|
13371
|
+
path: "/topics",
|
|
13372
|
+
sdkNamespace: "topics",
|
|
13373
|
+
sdkMethod: "createTopic",
|
|
13374
|
+
summary: "Create a topic.",
|
|
13375
|
+
convex: {
|
|
13376
|
+
module: "topics",
|
|
13377
|
+
functionName: "create",
|
|
13378
|
+
kind: "mutation",
|
|
13379
|
+
inputProjection: withCreatedBy
|
|
13380
|
+
},
|
|
13381
|
+
args: createTopicArgs
|
|
13382
|
+
}),
|
|
13383
|
+
surfaceContract({
|
|
13384
|
+
name: "get_topic",
|
|
13385
|
+
kind: "query",
|
|
13386
|
+
domain: "topics",
|
|
13387
|
+
surfaceClass: "platform_public",
|
|
13388
|
+
method: "GET",
|
|
13389
|
+
path: "/topics/get",
|
|
13390
|
+
sdkNamespace: "topics",
|
|
13391
|
+
sdkMethod: "getTopic",
|
|
13392
|
+
summary: "Get a topic.",
|
|
13393
|
+
convex: {
|
|
13394
|
+
module: "topics",
|
|
13395
|
+
functionName: "get",
|
|
13396
|
+
kind: "query",
|
|
13397
|
+
inputProjection: topicIdInput
|
|
13398
|
+
}
|
|
13399
|
+
}),
|
|
13400
|
+
surfaceContract({
|
|
13401
|
+
name: "list_topics",
|
|
13402
|
+
kind: "query",
|
|
13403
|
+
domain: "topics",
|
|
13404
|
+
surfaceClass: "platform_public",
|
|
13405
|
+
method: "GET",
|
|
13406
|
+
path: "/topics",
|
|
13407
|
+
sdkNamespace: "topics",
|
|
13408
|
+
sdkMethod: "listTopics",
|
|
13409
|
+
summary: "List topics.",
|
|
13410
|
+
convex: {
|
|
13411
|
+
module: "topics",
|
|
13412
|
+
functionName: "list",
|
|
13413
|
+
kind: "query"
|
|
13414
|
+
}
|
|
13415
|
+
}),
|
|
13416
|
+
surfaceContract({
|
|
13417
|
+
name: "update_topic",
|
|
13418
|
+
kind: "mutation",
|
|
13419
|
+
domain: "topics",
|
|
13420
|
+
surfaceClass: "platform_public",
|
|
13421
|
+
method: "PATCH",
|
|
13422
|
+
path: "/topics",
|
|
13423
|
+
sdkNamespace: "topics",
|
|
13424
|
+
sdkMethod: "updateTopic",
|
|
13425
|
+
summary: "Update a topic.",
|
|
13426
|
+
convex: {
|
|
13427
|
+
module: "topics",
|
|
13428
|
+
functionName: "update",
|
|
13429
|
+
kind: "mutation",
|
|
13430
|
+
inputProjection: updateTopicInput
|
|
13431
|
+
},
|
|
13432
|
+
args: updateTopicArgs
|
|
13433
|
+
}),
|
|
13434
|
+
surfaceContract({
|
|
13435
|
+
name: "get_topic_tree",
|
|
13436
|
+
kind: "query",
|
|
13437
|
+
domain: "topics",
|
|
13438
|
+
surfaceClass: "platform_public",
|
|
13439
|
+
method: "GET",
|
|
13440
|
+
path: "/topics/tree",
|
|
13441
|
+
sdkNamespace: "topics",
|
|
13442
|
+
sdkMethod: "getTopicTree",
|
|
13443
|
+
summary: "Get a topic tree.",
|
|
13444
|
+
convex: {
|
|
13445
|
+
module: "topics",
|
|
13446
|
+
functionName: "getTree",
|
|
13447
|
+
kind: "query"
|
|
13448
|
+
}
|
|
13449
|
+
}),
|
|
13450
|
+
surfaceContract({
|
|
13451
|
+
name: "materialize_topic_graph",
|
|
13452
|
+
kind: "mutation",
|
|
13453
|
+
domain: "topics",
|
|
13454
|
+
surfaceClass: "platform_public",
|
|
13455
|
+
path: "/topics/materialize-graph",
|
|
13456
|
+
sdkNamespace: "topics",
|
|
13457
|
+
sdkMethod: "materializeTopicGraph",
|
|
13458
|
+
summary: "Materialize topic nodes and parent-child graph edges.",
|
|
13459
|
+
convex: {
|
|
13460
|
+
module: "topics",
|
|
13461
|
+
functionName: "materializeTopicGraph",
|
|
13462
|
+
kind: "mutation",
|
|
13463
|
+
inputProjection: withCreatedBy
|
|
13464
|
+
},
|
|
13465
|
+
args: materializeTopicGraphArgs
|
|
13466
|
+
}),
|
|
13467
|
+
surfaceContract({
|
|
13468
|
+
name: "get_topic_graph_spine",
|
|
13469
|
+
kind: "query",
|
|
13470
|
+
domain: "topics",
|
|
13471
|
+
surfaceClass: "platform_public",
|
|
13472
|
+
method: "GET",
|
|
13473
|
+
path: "/topics/graph-spine",
|
|
13474
|
+
sdkNamespace: "topics",
|
|
13475
|
+
sdkMethod: "getTopicGraphSpine",
|
|
13476
|
+
summary: "Verify topic nodes and parent-child graph edges.",
|
|
13477
|
+
convex: {
|
|
13478
|
+
module: "topics",
|
|
13479
|
+
functionName: "getTopicGraphSpine",
|
|
13480
|
+
kind: "query"
|
|
13481
|
+
},
|
|
13482
|
+
args: getTopicGraphSpineArgs
|
|
13483
|
+
})
|
|
13484
|
+
];
|
|
13485
|
+
var sourceTypeSchema2 = z.enum([
|
|
13486
|
+
"human",
|
|
13487
|
+
"ai_extracted",
|
|
13488
|
+
"ai_generated",
|
|
13489
|
+
"imported",
|
|
13490
|
+
"system",
|
|
13491
|
+
"verified",
|
|
13492
|
+
"proprietary"
|
|
13493
|
+
]);
|
|
13494
|
+
var verificationStatusSchema = z.enum([
|
|
13495
|
+
"unverified",
|
|
13496
|
+
"human_verified",
|
|
13497
|
+
"ai_verified",
|
|
13498
|
+
"contradicted",
|
|
13499
|
+
"outdated"
|
|
13500
|
+
]);
|
|
13501
|
+
var nodeStatusSchema = z.enum([
|
|
13502
|
+
"active",
|
|
13503
|
+
"superseded",
|
|
13504
|
+
"archived",
|
|
13505
|
+
"deleted"
|
|
13506
|
+
]);
|
|
13507
|
+
var externalIdsArgs = z.object({
|
|
13508
|
+
crunchbase: z.string().optional(),
|
|
13509
|
+
linkedin: z.string().optional(),
|
|
13510
|
+
pitchbook: z.string().optional(),
|
|
13511
|
+
twitter: z.string().optional(),
|
|
13512
|
+
website: z.string().optional()
|
|
13513
|
+
}).optional();
|
|
13514
|
+
var createEpistemicNodeItemArgs = z.object({
|
|
13515
|
+
globalId: z.string().optional().describe("Optional idempotent node global ID."),
|
|
13516
|
+
nodeType: NODE_TYPE.describe("Public epistemic node type."),
|
|
13517
|
+
subtype: z.string().optional(),
|
|
13518
|
+
canonicalText: z.string().optional().describe("Canonical node text."),
|
|
13519
|
+
text: z.string().optional().describe("Alias for canonicalText."),
|
|
13520
|
+
contentHash: z.string().optional().describe("Optional idempotency content hash."),
|
|
13521
|
+
content: z.string().optional(),
|
|
13522
|
+
contentType: z.string().optional(),
|
|
13523
|
+
title: z.string().optional(),
|
|
13524
|
+
tags: z.array(z.string()).optional(),
|
|
13525
|
+
domain: z.string().optional(),
|
|
13526
|
+
metadata: z.record(z.unknown()).optional(),
|
|
13527
|
+
externalIds: externalIdsArgs,
|
|
13528
|
+
sourceType: sourceTypeSchema2.optional(),
|
|
13529
|
+
aiProvider: z.string().optional(),
|
|
13530
|
+
extractedFromNodeId: z.string().optional(),
|
|
13531
|
+
confidence: z.number().optional(),
|
|
13532
|
+
verificationStatus: verificationStatusSchema.optional(),
|
|
13533
|
+
topicId: z.string().optional(),
|
|
13534
|
+
projectId: z.string().optional(),
|
|
13535
|
+
createdBy: z.string().optional(),
|
|
13536
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13537
|
+
});
|
|
13538
|
+
var createEpistemicNodeArgs = createEpistemicNodeItemArgs;
|
|
13539
|
+
var batchCreateEpistemicNodesArgs = z.object({
|
|
13540
|
+
nodes: z.array(createEpistemicNodeItemArgs)
|
|
13541
|
+
});
|
|
13542
|
+
var getEpistemicNodeArgs = z.object({
|
|
13543
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13544
|
+
globalId: z.string().optional().describe("Node global ID alias.")
|
|
13545
|
+
});
|
|
13546
|
+
var listEpistemicNodesArgs = z.object({
|
|
13547
|
+
topicId: z.string().optional(),
|
|
13548
|
+
projectId: z.string().optional(),
|
|
13549
|
+
nodeType: NODE_TYPE.optional(),
|
|
13550
|
+
status: nodeStatusSchema.optional(),
|
|
13551
|
+
searchQuery: z.string().optional(),
|
|
13552
|
+
query: z.string().optional(),
|
|
13553
|
+
limit: z.number().optional()
|
|
13554
|
+
});
|
|
13555
|
+
var updateEpistemicNodeArgs = z.object({
|
|
13556
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13557
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13558
|
+
subtype: z.string().optional(),
|
|
13559
|
+
canonicalText: z.string().optional(),
|
|
13560
|
+
text: z.string().optional(),
|
|
13561
|
+
contentHash: z.string().optional(),
|
|
13562
|
+
content: z.string().optional(),
|
|
13563
|
+
contentType: z.string().optional(),
|
|
13564
|
+
title: z.string().optional(),
|
|
13565
|
+
tags: z.array(z.string()).optional(),
|
|
13566
|
+
domain: z.string().optional(),
|
|
13567
|
+
metadata: z.record(z.unknown()).optional(),
|
|
13568
|
+
externalIds: externalIdsArgs,
|
|
13569
|
+
confidence: z.number().optional(),
|
|
13570
|
+
verificationStatus: verificationStatusSchema.optional(),
|
|
13571
|
+
status: nodeStatusSchema.optional(),
|
|
13572
|
+
userId: z.string().optional(),
|
|
13573
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13574
|
+
});
|
|
13575
|
+
var archiveEpistemicNodeArgs = z.object({
|
|
13576
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13577
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13578
|
+
userId: z.string().optional(),
|
|
13579
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13580
|
+
});
|
|
13581
|
+
var verifyEpistemicNodeArgs = z.object({
|
|
13582
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13583
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13584
|
+
verificationStatus: verificationStatusSchema,
|
|
13585
|
+
confidence: z.number().optional(),
|
|
13586
|
+
userId: z.string().optional()
|
|
13587
|
+
});
|
|
13588
|
+
var supersedeEpistemicNodeArgs = z.object({
|
|
13589
|
+
oldNodeId: z.string().describe("Node ID or global ID to supersede."),
|
|
13590
|
+
nodeId: z.string().optional().describe("Old node ID alias."),
|
|
13591
|
+
newGlobalId: z.string().optional(),
|
|
13592
|
+
newCanonicalText: z.string().optional(),
|
|
13593
|
+
text: z.string().optional(),
|
|
13594
|
+
canonicalText: z.string().optional(),
|
|
13595
|
+
newContentHash: z.string().optional(),
|
|
13596
|
+
reason: z.string().optional(),
|
|
13597
|
+
createdBy: z.string().optional(),
|
|
13598
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13599
|
+
});
|
|
13600
|
+
function generatedGlobalId(prefix) {
|
|
13601
|
+
return `${prefix}:${crypto.randomUUID()}`;
|
|
13602
|
+
}
|
|
13603
|
+
function resolveCanonicalText(input) {
|
|
13604
|
+
const text = input.canonicalText ?? input.text ?? input.title ?? input.content;
|
|
13605
|
+
if (typeof text !== "string" || text.trim().length === 0) {
|
|
13606
|
+
throw new Error("canonicalText or text is required.");
|
|
13607
|
+
}
|
|
13608
|
+
return text;
|
|
13609
|
+
}
|
|
13610
|
+
function createNodeInput(input, context) {
|
|
13611
|
+
const canonicalText = resolveCanonicalText(input);
|
|
13612
|
+
const nodeType = String(input.nodeType);
|
|
13613
|
+
return withCreatedBy(
|
|
13614
|
+
compactRecord4({
|
|
13615
|
+
globalId: typeof input.globalId === "string" && input.globalId.trim() ? input.globalId : generatedGlobalId(nodeType),
|
|
13616
|
+
nodeType,
|
|
13617
|
+
subtype: input.subtype,
|
|
13618
|
+
canonicalText,
|
|
13619
|
+
contentHash: typeof input.contentHash === "string" && input.contentHash.trim() ? input.contentHash : `${nodeType}:${canonicalText}`,
|
|
13620
|
+
content: input.content,
|
|
13621
|
+
contentType: input.contentType,
|
|
13622
|
+
title: input.title,
|
|
13623
|
+
tags: input.tags,
|
|
13624
|
+
domain: input.domain,
|
|
13625
|
+
metadata: input.metadata,
|
|
13626
|
+
externalIds: input.externalIds,
|
|
13627
|
+
sourceType: typeof input.sourceType === "string" && input.sourceType.trim() ? input.sourceType : "human",
|
|
13628
|
+
aiProvider: input.aiProvider,
|
|
13629
|
+
extractedFromNodeId: input.extractedFromNodeId,
|
|
13630
|
+
confidence: input.confidence,
|
|
13631
|
+
verificationStatus: input.verificationStatus,
|
|
13632
|
+
topicId: input.topicId,
|
|
13633
|
+
projectId: input.projectId
|
|
13634
|
+
}),
|
|
13635
|
+
context
|
|
13636
|
+
);
|
|
13637
|
+
}
|
|
13638
|
+
var getNodeInput = (input) => compactRecord4({
|
|
13639
|
+
nodeId: input.nodeId ?? input.globalId
|
|
13640
|
+
});
|
|
13641
|
+
var listNodesInput = (input) => compactRecord4({
|
|
13642
|
+
topicId: input.topicId,
|
|
13643
|
+
projectId: input.projectId,
|
|
13644
|
+
nodeType: input.nodeType,
|
|
13645
|
+
status: input.status,
|
|
13646
|
+
searchQuery: input.searchQuery ?? input.query,
|
|
13647
|
+
limit: input.limit
|
|
13648
|
+
});
|
|
13649
|
+
var updateNodeInput = (input, context) => withUserId(
|
|
13650
|
+
compactRecord4({
|
|
13651
|
+
nodeId: input.nodeId ?? input.id,
|
|
13652
|
+
subtype: input.subtype,
|
|
13653
|
+
canonicalText: input.canonicalText ?? input.text,
|
|
13654
|
+
contentHash: input.contentHash,
|
|
13655
|
+
content: input.content,
|
|
13656
|
+
contentType: input.contentType,
|
|
13657
|
+
title: input.title,
|
|
13658
|
+
tags: input.tags,
|
|
13659
|
+
domain: input.domain,
|
|
13660
|
+
metadata: input.metadata,
|
|
13661
|
+
externalIds: input.externalIds,
|
|
13662
|
+
confidence: input.confidence,
|
|
13663
|
+
verificationStatus: input.verificationStatus,
|
|
13664
|
+
status: input.status,
|
|
13665
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13666
|
+
}),
|
|
13667
|
+
context
|
|
13668
|
+
);
|
|
13669
|
+
var archiveNodeInput = (input, context) => withUserId(
|
|
13670
|
+
compactRecord4({
|
|
13671
|
+
nodeId: input.nodeId ?? input.id,
|
|
13672
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13673
|
+
}),
|
|
13674
|
+
context
|
|
13675
|
+
);
|
|
13676
|
+
var verifyNodeInput = (input, context) => withUserId(
|
|
13677
|
+
compactRecord4({
|
|
13678
|
+
nodeId: input.nodeId ?? input.id,
|
|
13679
|
+
verificationStatus: input.verificationStatus,
|
|
13680
|
+
confidence: input.confidence
|
|
13681
|
+
}),
|
|
13682
|
+
context
|
|
13683
|
+
);
|
|
13684
|
+
var supersedeNodeInput = (input, context) => {
|
|
13685
|
+
const newCanonicalText = input.newCanonicalText ?? input.canonicalText ?? input.text;
|
|
13686
|
+
if (typeof newCanonicalText !== "string" || newCanonicalText.trim().length === 0) {
|
|
13687
|
+
throw new Error("newCanonicalText or text is required.");
|
|
13688
|
+
}
|
|
13689
|
+
return {
|
|
13690
|
+
oldNodeId: input.oldNodeId ?? input.nodeId,
|
|
13691
|
+
newGlobalId: typeof input.newGlobalId === "string" && input.newGlobalId.trim() ? input.newGlobalId : generatedGlobalId("node"),
|
|
13692
|
+
newCanonicalText,
|
|
13693
|
+
newContentHash: typeof input.newContentHash === "string" && input.newContentHash.trim() ? input.newContentHash : `superseded:${newCanonicalText}`,
|
|
13694
|
+
createdBy: typeof input.createdBy === "string" ? input.createdBy : authUserId(context),
|
|
13695
|
+
reason: input.reason,
|
|
13696
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13697
|
+
};
|
|
13698
|
+
};
|
|
13699
|
+
var batchCreateNodesInput = (input, context) => {
|
|
13700
|
+
const nodes = Array.isArray(input.nodes) ? input.nodes : [];
|
|
13701
|
+
return {
|
|
13702
|
+
nodes: nodes.map(
|
|
13703
|
+
(node) => createNodeInput(
|
|
13704
|
+
node && typeof node === "object" ? node : {},
|
|
13705
|
+
context
|
|
13706
|
+
)
|
|
13707
|
+
)
|
|
13708
|
+
};
|
|
13709
|
+
};
|
|
13710
|
+
var nodesContracts = [
|
|
13711
|
+
surfaceContract({
|
|
13712
|
+
name: "create_epistemic_node",
|
|
11060
13713
|
kind: "mutation",
|
|
11061
|
-
domain: "
|
|
13714
|
+
domain: "nodes",
|
|
11062
13715
|
surfaceClass: "platform_public",
|
|
11063
|
-
path: "/
|
|
11064
|
-
sdkNamespace: "
|
|
11065
|
-
sdkMethod: "
|
|
11066
|
-
summary: "Create a
|
|
13716
|
+
path: "/nodes",
|
|
13717
|
+
sdkNamespace: "nodes",
|
|
13718
|
+
sdkMethod: "createEpistemicNode",
|
|
13719
|
+
summary: "Create a generic epistemic graph node.",
|
|
11067
13720
|
convex: {
|
|
11068
|
-
module: "
|
|
13721
|
+
module: "nodes",
|
|
11069
13722
|
functionName: "create",
|
|
11070
13723
|
kind: "mutation",
|
|
11071
|
-
inputProjection:
|
|
11072
|
-
}
|
|
13724
|
+
inputProjection: createNodeInput
|
|
13725
|
+
},
|
|
13726
|
+
args: createEpistemicNodeArgs
|
|
11073
13727
|
}),
|
|
11074
13728
|
surfaceContract({
|
|
11075
|
-
name: "
|
|
13729
|
+
name: "get_epistemic_node",
|
|
11076
13730
|
kind: "query",
|
|
11077
|
-
domain: "
|
|
13731
|
+
domain: "nodes",
|
|
11078
13732
|
surfaceClass: "platform_public",
|
|
11079
13733
|
method: "GET",
|
|
11080
|
-
path: "/
|
|
11081
|
-
sdkNamespace: "
|
|
11082
|
-
sdkMethod: "
|
|
11083
|
-
summary: "Get a
|
|
13734
|
+
path: "/nodes/get",
|
|
13735
|
+
sdkNamespace: "nodes",
|
|
13736
|
+
sdkMethod: "getEpistemicNode",
|
|
13737
|
+
summary: "Get a generic epistemic graph node.",
|
|
11084
13738
|
convex: {
|
|
11085
|
-
module: "
|
|
13739
|
+
module: "nodes",
|
|
11086
13740
|
functionName: "get",
|
|
11087
13741
|
kind: "query",
|
|
11088
|
-
inputProjection:
|
|
11089
|
-
}
|
|
13742
|
+
inputProjection: getNodeInput
|
|
13743
|
+
},
|
|
13744
|
+
args: getEpistemicNodeArgs
|
|
11090
13745
|
}),
|
|
11091
13746
|
surfaceContract({
|
|
11092
|
-
name: "
|
|
13747
|
+
name: "list_epistemic_nodes",
|
|
11093
13748
|
kind: "query",
|
|
11094
|
-
domain: "
|
|
13749
|
+
domain: "nodes",
|
|
11095
13750
|
surfaceClass: "platform_public",
|
|
11096
13751
|
method: "GET",
|
|
11097
|
-
path: "/
|
|
11098
|
-
sdkNamespace: "
|
|
11099
|
-
sdkMethod: "
|
|
11100
|
-
summary: "List
|
|
13752
|
+
path: "/nodes",
|
|
13753
|
+
sdkNamespace: "nodes",
|
|
13754
|
+
sdkMethod: "listEpistemicNodes",
|
|
13755
|
+
summary: "List generic epistemic graph nodes.",
|
|
11101
13756
|
convex: {
|
|
11102
|
-
module: "
|
|
13757
|
+
module: "nodes",
|
|
11103
13758
|
functionName: "list",
|
|
11104
|
-
kind: "query"
|
|
11105
|
-
|
|
13759
|
+
kind: "query",
|
|
13760
|
+
inputProjection: listNodesInput
|
|
13761
|
+
},
|
|
13762
|
+
args: listEpistemicNodesArgs
|
|
11106
13763
|
}),
|
|
11107
13764
|
surfaceContract({
|
|
11108
|
-
name: "
|
|
13765
|
+
name: "update_epistemic_node",
|
|
11109
13766
|
kind: "mutation",
|
|
11110
|
-
domain: "
|
|
13767
|
+
domain: "nodes",
|
|
11111
13768
|
surfaceClass: "platform_public",
|
|
11112
13769
|
method: "PATCH",
|
|
11113
|
-
path: "/
|
|
11114
|
-
sdkNamespace: "
|
|
11115
|
-
sdkMethod: "
|
|
11116
|
-
summary: "Update a
|
|
13770
|
+
path: "/nodes",
|
|
13771
|
+
sdkNamespace: "nodes",
|
|
13772
|
+
sdkMethod: "updateEpistemicNode",
|
|
13773
|
+
summary: "Update a generic epistemic graph node.",
|
|
11117
13774
|
convex: {
|
|
11118
|
-
module: "
|
|
13775
|
+
module: "nodes",
|
|
11119
13776
|
functionName: "update",
|
|
11120
13777
|
kind: "mutation",
|
|
11121
|
-
inputProjection:
|
|
13778
|
+
inputProjection: updateNodeInput
|
|
11122
13779
|
},
|
|
11123
|
-
args:
|
|
13780
|
+
args: updateEpistemicNodeArgs
|
|
11124
13781
|
}),
|
|
11125
13782
|
surfaceContract({
|
|
11126
|
-
name: "
|
|
11127
|
-
kind: "
|
|
11128
|
-
domain: "
|
|
13783
|
+
name: "archive_epistemic_node",
|
|
13784
|
+
kind: "mutation",
|
|
13785
|
+
domain: "nodes",
|
|
11129
13786
|
surfaceClass: "platform_public",
|
|
11130
|
-
|
|
11131
|
-
|
|
11132
|
-
|
|
11133
|
-
|
|
11134
|
-
summary: "Get a topic tree.",
|
|
13787
|
+
path: "/nodes/archive",
|
|
13788
|
+
sdkNamespace: "nodes",
|
|
13789
|
+
sdkMethod: "archiveEpistemicNode",
|
|
13790
|
+
summary: "Archive a generic epistemic graph node.",
|
|
11135
13791
|
convex: {
|
|
11136
|
-
module: "
|
|
11137
|
-
functionName: "
|
|
11138
|
-
kind: "
|
|
11139
|
-
|
|
13792
|
+
module: "nodes",
|
|
13793
|
+
functionName: "archive",
|
|
13794
|
+
kind: "mutation",
|
|
13795
|
+
inputProjection: archiveNodeInput
|
|
13796
|
+
},
|
|
13797
|
+
args: archiveEpistemicNodeArgs
|
|
13798
|
+
}),
|
|
13799
|
+
surfaceContract({
|
|
13800
|
+
name: "verify_epistemic_node",
|
|
13801
|
+
kind: "mutation",
|
|
13802
|
+
domain: "nodes",
|
|
13803
|
+
surfaceClass: "platform_public",
|
|
13804
|
+
path: "/nodes/verify",
|
|
13805
|
+
sdkNamespace: "nodes",
|
|
13806
|
+
sdkMethod: "verifyEpistemicNode",
|
|
13807
|
+
summary: "Verify a generic epistemic graph node.",
|
|
13808
|
+
convex: {
|
|
13809
|
+
module: "nodes",
|
|
13810
|
+
functionName: "verify",
|
|
13811
|
+
kind: "mutation",
|
|
13812
|
+
inputProjection: verifyNodeInput
|
|
13813
|
+
},
|
|
13814
|
+
args: verifyEpistemicNodeArgs
|
|
13815
|
+
}),
|
|
13816
|
+
surfaceContract({
|
|
13817
|
+
name: "supersede_epistemic_node",
|
|
13818
|
+
kind: "mutation",
|
|
13819
|
+
domain: "nodes",
|
|
13820
|
+
surfaceClass: "platform_public",
|
|
13821
|
+
path: "/nodes/supersede",
|
|
13822
|
+
sdkNamespace: "nodes",
|
|
13823
|
+
sdkMethod: "supersedeEpistemicNode",
|
|
13824
|
+
summary: "Supersede a generic epistemic graph node.",
|
|
13825
|
+
convex: {
|
|
13826
|
+
module: "nodes",
|
|
13827
|
+
functionName: "supersede",
|
|
13828
|
+
kind: "mutation",
|
|
13829
|
+
inputProjection: supersedeNodeInput
|
|
13830
|
+
},
|
|
13831
|
+
args: supersedeEpistemicNodeArgs
|
|
13832
|
+
}),
|
|
13833
|
+
surfaceContract({
|
|
13834
|
+
name: "batch_create_epistemic_nodes",
|
|
13835
|
+
kind: "mutation",
|
|
13836
|
+
domain: "nodes",
|
|
13837
|
+
surfaceClass: "platform_public",
|
|
13838
|
+
path: "/nodes/batch",
|
|
13839
|
+
sdkNamespace: "nodes",
|
|
13840
|
+
sdkMethod: "batchCreateEpistemicNodes",
|
|
13841
|
+
summary: "Batch create generic epistemic graph nodes.",
|
|
13842
|
+
convex: {
|
|
13843
|
+
module: "nodes",
|
|
13844
|
+
functionName: "batchCreate",
|
|
13845
|
+
kind: "mutation",
|
|
13846
|
+
inputProjection: batchCreateNodesInput
|
|
13847
|
+
},
|
|
13848
|
+
args: batchCreateEpistemicNodesArgs
|
|
11140
13849
|
})
|
|
11141
13850
|
];
|
|
11142
13851
|
var lensPerspectiveSchema = z.enum([
|
|
@@ -11496,6 +14205,19 @@ var worktreeEvidenceSignalInputSchema = z.object({
|
|
|
11496
14205
|
progress: z.string().optional().describe("Collection progress note for the signal."),
|
|
11497
14206
|
notes: z.string().optional().describe("Additional evidence collection notes.")
|
|
11498
14207
|
}).passthrough().describe("Evidence signal embedded in the worktree plan.");
|
|
14208
|
+
var worktreeDocCompanionTargetSchema = z.object({
|
|
14209
|
+
docPath: z.string().describe(
|
|
14210
|
+
"Repo-relative path to a documentation file the worktree promises to update."
|
|
14211
|
+
),
|
|
14212
|
+
sectionAnchor: z.string().optional().describe(
|
|
14213
|
+
"Markdown heading anchor (e.g. '## Function-surface manifest') that scopes the promised update."
|
|
14214
|
+
),
|
|
14215
|
+
reason: z.string().describe(
|
|
14216
|
+
"Why this doc section must be updated for the worktree to be complete."
|
|
14217
|
+
)
|
|
14218
|
+
}).passthrough().describe(
|
|
14219
|
+
"Intent-driven docs companion target. pr-gate-reviewer verifies that the PR actually touches each declared (docPath, sectionAnchor). Distinct from the touch-driven docs-loop. See docs/development/docs-sync-discipline.md Lock 3."
|
|
14220
|
+
);
|
|
11499
14221
|
var worktreeDecisionGateInputSchema = z.object({
|
|
11500
14222
|
goCriteria: z.array(z.string()).describe("Criteria that must hold for the worktree to proceed."),
|
|
11501
14223
|
noGoSignals: z.array(z.string()).describe("Signals that stop or redirect the worktree."),
|
|
@@ -11528,6 +14250,9 @@ var addWorktreeArgs = z.object({
|
|
|
11528
14250
|
keyQuestions: z.array(worktreeKeyQuestionInputSchema).optional().describe("Inline key questions captured as part of the worktree plan."),
|
|
11529
14251
|
evidenceSignals: z.array(worktreeEvidenceSignalInputSchema).optional().describe("Evidence signals the worktree needs to collect or validate."),
|
|
11530
14252
|
decisionGate: worktreeDecisionGateInputSchema.optional(),
|
|
14253
|
+
docCompanionTargets: z.array(worktreeDocCompanionTargetSchema).optional().describe(
|
|
14254
|
+
"Doc sections the worktree promises to update at PR time. Enforced by pr-gate-reviewer (Lock 3)."
|
|
14255
|
+
),
|
|
11531
14256
|
goCriteria: z.array(z.string()).optional().describe("Shorthand go criteria used to build decisionGate."),
|
|
11532
14257
|
noGoSignals: z.array(z.string()).optional().describe("Shorthand no-go signals used to build decisionGate."),
|
|
11533
14258
|
proofArtifacts: z.array(z.unknown()).optional().describe("Expected proof artifacts required to close the worktree."),
|
|
@@ -11891,7 +14616,21 @@ var createTaskArgs = z.object({
|
|
|
11891
14616
|
linkedQuestionId: z.string().optional().describe("Question this task addresses."),
|
|
11892
14617
|
assigneeId: z.string().optional().describe("Principal assigned to the task."),
|
|
11893
14618
|
dueDate: z.number().optional().describe("Due date as epoch milliseconds."),
|
|
11894
|
-
tags: z.array(z.string()).optional().describe("Free-form tags.")
|
|
14619
|
+
tags: z.array(z.string()).optional().describe("Free-form tags."),
|
|
14620
|
+
metadata: z.record(z.unknown()).optional().describe("Structured task metadata for handoff context and routing hints.")
|
|
14621
|
+
});
|
|
14622
|
+
var updateTaskArgs = z.object({
|
|
14623
|
+
taskId: z.string().describe("Task to update."),
|
|
14624
|
+
title: z.string().optional().describe("Updated task title."),
|
|
14625
|
+
description: z.string().optional().describe("Updated task description."),
|
|
14626
|
+
priority: taskPrioritySchema.optional().describe("Updated priority."),
|
|
14627
|
+
status: taskStatusSchema2.optional().describe("Updated status."),
|
|
14628
|
+
linkedWorktreeId: z.string().optional().describe("Worktree this task belongs to."),
|
|
14629
|
+
linkedBeliefId: z.string().optional().describe("Belief this task supports."),
|
|
14630
|
+
linkedQuestionId: z.string().optional().describe("Question this task addresses."),
|
|
14631
|
+
assigneeId: z.string().optional().describe("Principal assigned to the task."),
|
|
14632
|
+
blockedReason: z.string().optional().describe("Reason the task is blocked or deferred."),
|
|
14633
|
+
metadata: z.record(z.unknown()).optional().describe("Structured task metadata for handoff context and routing hints.")
|
|
11895
14634
|
});
|
|
11896
14635
|
var createTaskInput = (input) => compactRecord4({
|
|
11897
14636
|
title: input.title,
|
|
@@ -11905,7 +14644,8 @@ var createTaskInput = (input) => compactRecord4({
|
|
|
11905
14644
|
linkedQuestionId: input.linkedQuestionId,
|
|
11906
14645
|
assigneeId: input.assigneeId,
|
|
11907
14646
|
dueDate: input.dueDate,
|
|
11908
|
-
tags: input.tags
|
|
14647
|
+
tags: input.tags,
|
|
14648
|
+
metadata: input.metadata
|
|
11909
14649
|
});
|
|
11910
14650
|
var taskInput = (input) => compactRecord4({
|
|
11911
14651
|
...input,
|
|
@@ -11922,8 +14662,7 @@ var taskTopicInput = (input) => {
|
|
|
11922
14662
|
};
|
|
11923
14663
|
var completeTaskInput = (input) => compactRecord4({
|
|
11924
14664
|
taskId: input.taskId ?? input.id,
|
|
11925
|
-
outputSummary: input.outputSummary ?? input.summary
|
|
11926
|
-
userId: input.userId
|
|
14665
|
+
outputSummary: input.outputSummary ?? input.summary
|
|
11927
14666
|
});
|
|
11928
14667
|
var tasksContracts = [
|
|
11929
14668
|
surfaceContract({
|
|
@@ -11941,6 +14680,7 @@ var tasksContracts = [
|
|
|
11941
14680
|
kind: "mutation",
|
|
11942
14681
|
inputProjection: createTaskInput
|
|
11943
14682
|
},
|
|
14683
|
+
gateway: { handler: "tasks.create" },
|
|
11944
14684
|
args: createTaskArgs
|
|
11945
14685
|
}),
|
|
11946
14686
|
surfaceContract({
|
|
@@ -11959,6 +14699,7 @@ var tasksContracts = [
|
|
|
11959
14699
|
kind: "query",
|
|
11960
14700
|
inputProjection: taskTopicInput
|
|
11961
14701
|
},
|
|
14702
|
+
gateway: { handler: "tasks.list" },
|
|
11962
14703
|
args: listTasksInputSchema
|
|
11963
14704
|
}),
|
|
11964
14705
|
surfaceContract({
|
|
@@ -11976,7 +14717,9 @@ var tasksContracts = [
|
|
|
11976
14717
|
functionName: "update",
|
|
11977
14718
|
kind: "mutation",
|
|
11978
14719
|
inputProjection: taskInput
|
|
11979
|
-
}
|
|
14720
|
+
},
|
|
14721
|
+
gateway: { handler: "tasks.update" },
|
|
14722
|
+
args: updateTaskArgs
|
|
11980
14723
|
}),
|
|
11981
14724
|
surfaceContract({
|
|
11982
14725
|
name: "complete_task",
|
|
@@ -11992,22 +14735,54 @@ var tasksContracts = [
|
|
|
11992
14735
|
functionName: "complete",
|
|
11993
14736
|
kind: "mutation",
|
|
11994
14737
|
inputProjection: completeTaskInput
|
|
11995
|
-
}
|
|
14738
|
+
},
|
|
14739
|
+
gateway: { handler: "tasks.complete" }
|
|
11996
14740
|
})
|
|
11997
14741
|
];
|
|
14742
|
+
var CREATE_EDGE_TYPES = edgePolicyManifest.policies.map(
|
|
14743
|
+
(policy) => policy.edgeType
|
|
14744
|
+
);
|
|
14745
|
+
var REASONING_METHOD_TYPES = [...REASONING_METHODS];
|
|
11998
14746
|
var createEdgeArgs = z.object({
|
|
11999
14747
|
from: GraphRefSchema,
|
|
12000
14748
|
to: GraphRefSchema,
|
|
12001
|
-
edgeType: z.
|
|
14749
|
+
edgeType: z.enum(CREATE_EDGE_TYPES),
|
|
12002
14750
|
globalId: z.string().optional(),
|
|
12003
14751
|
weight: z.number().optional(),
|
|
12004
14752
|
confidence: z.number().optional(),
|
|
12005
14753
|
context: z.string().optional(),
|
|
12006
14754
|
reasoning: z.string().optional(),
|
|
14755
|
+
reasoningMethod: z.enum(REASONING_METHOD_TYPES).optional(),
|
|
12007
14756
|
derivationType: z.string().optional(),
|
|
14757
|
+
metadata: z.record(z.unknown()).optional(),
|
|
12008
14758
|
topicId: z.string().optional(),
|
|
12009
14759
|
trustedBypassAccessCheck: z.boolean().optional()
|
|
12010
14760
|
});
|
|
14761
|
+
var updateEdgeArgs = z.object({
|
|
14762
|
+
edgeId: z.string().describe("Edge ID or global ID."),
|
|
14763
|
+
weight: z.number().optional(),
|
|
14764
|
+
confidence: z.number().optional(),
|
|
14765
|
+
context: z.string().optional(),
|
|
14766
|
+
reasoning: z.string().optional(),
|
|
14767
|
+
derivationType: z.string().optional(),
|
|
14768
|
+
metadata: z.record(z.unknown()).optional(),
|
|
14769
|
+
userId: z.string().optional()
|
|
14770
|
+
});
|
|
14771
|
+
var removeEdgeArgs = z.object({
|
|
14772
|
+
edgeId: z.string().describe("Edge ID or global ID."),
|
|
14773
|
+
userId: z.string().optional()
|
|
14774
|
+
});
|
|
14775
|
+
var removeEdgesBetweenArgs = z.object({
|
|
14776
|
+
from: GraphRefSchema.optional(),
|
|
14777
|
+
to: GraphRefSchema.optional(),
|
|
14778
|
+
fromNodeId: z.string().optional(),
|
|
14779
|
+
toNodeId: z.string().optional(),
|
|
14780
|
+
edgeType: z.enum(CREATE_EDGE_TYPES).optional()
|
|
14781
|
+
});
|
|
14782
|
+
var batchCreateEdgesArgs = z.object({
|
|
14783
|
+
edges: z.array(createEdgeArgs),
|
|
14784
|
+
skipLayerValidation: z.boolean().optional()
|
|
14785
|
+
});
|
|
12011
14786
|
var queryLineageArgs = z.object({
|
|
12012
14787
|
nodeId: z.string().describe("Starting node to trace from."),
|
|
12013
14788
|
startNode: z.string().optional().describe("Starting node alias accepted by traversal callers."),
|
|
@@ -12056,7 +14831,9 @@ var edgesContracts = [
|
|
|
12056
14831
|
weight: parsed.weight,
|
|
12057
14832
|
confidence: parsed.confidence,
|
|
12058
14833
|
context: parsed.context ?? parsed.reasoning,
|
|
14834
|
+
reasoningMethod: parsed.reasoningMethod,
|
|
12059
14835
|
derivationType: parsed.derivationType,
|
|
14836
|
+
metadata: parsed.metadata,
|
|
12060
14837
|
skipLayerValidation: true,
|
|
12061
14838
|
topicId: parsed.topicId,
|
|
12062
14839
|
trustedBypassAccessCheck: parsed.trustedBypassAccessCheck
|
|
@@ -12067,6 +14844,131 @@ var edgesContracts = [
|
|
|
12067
14844
|
},
|
|
12068
14845
|
args: createEdgeArgs
|
|
12069
14846
|
}),
|
|
14847
|
+
surfaceContract({
|
|
14848
|
+
name: "update_edge",
|
|
14849
|
+
kind: "mutation",
|
|
14850
|
+
domain: "edges",
|
|
14851
|
+
surfaceClass: "platform_public",
|
|
14852
|
+
method: "PATCH",
|
|
14853
|
+
path: "/edges",
|
|
14854
|
+
sdkNamespace: "edges",
|
|
14855
|
+
sdkMethod: "updateEdge",
|
|
14856
|
+
summary: "Update an epistemic edge.",
|
|
14857
|
+
convex: {
|
|
14858
|
+
module: "edges",
|
|
14859
|
+
functionName: "update",
|
|
14860
|
+
kind: "mutation",
|
|
14861
|
+
inputProjection: (input, context) => compactRecord4({
|
|
14862
|
+
edgeId: input.edgeId,
|
|
14863
|
+
weight: input.weight,
|
|
14864
|
+
confidence: input.confidence,
|
|
14865
|
+
context: input.context ?? input.reasoning,
|
|
14866
|
+
derivationType: input.derivationType,
|
|
14867
|
+
metadata: input.metadata,
|
|
14868
|
+
userId: input.userId ?? context.userId ?? context.principalId
|
|
14869
|
+
})
|
|
14870
|
+
},
|
|
14871
|
+
args: updateEdgeArgs
|
|
14872
|
+
}),
|
|
14873
|
+
surfaceContract({
|
|
14874
|
+
name: "remove_edge",
|
|
14875
|
+
kind: "mutation",
|
|
14876
|
+
domain: "edges",
|
|
14877
|
+
surfaceClass: "platform_public",
|
|
14878
|
+
method: "DELETE",
|
|
14879
|
+
path: "/edges",
|
|
14880
|
+
sdkNamespace: "edges",
|
|
14881
|
+
sdkMethod: "removeEdge",
|
|
14882
|
+
summary: "Remove an epistemic edge.",
|
|
14883
|
+
convex: {
|
|
14884
|
+
module: "edges",
|
|
14885
|
+
functionName: "remove",
|
|
14886
|
+
kind: "mutation",
|
|
14887
|
+
inputProjection: (input, context) => compactRecord4({
|
|
14888
|
+
edgeId: input.edgeId,
|
|
14889
|
+
userId: input.userId ?? context.userId ?? context.principalId
|
|
14890
|
+
})
|
|
14891
|
+
},
|
|
14892
|
+
args: removeEdgeArgs
|
|
14893
|
+
}),
|
|
14894
|
+
surfaceContract({
|
|
14895
|
+
name: "remove_edges_between",
|
|
14896
|
+
kind: "mutation",
|
|
14897
|
+
domain: "edges",
|
|
14898
|
+
surfaceClass: "platform_public",
|
|
14899
|
+
method: "DELETE",
|
|
14900
|
+
path: "/edges/between",
|
|
14901
|
+
sdkNamespace: "edges",
|
|
14902
|
+
sdkMethod: "removeEdgesBetween",
|
|
14903
|
+
summary: "Remove epistemic edges between two nodes.",
|
|
14904
|
+
convex: {
|
|
14905
|
+
module: "edges",
|
|
14906
|
+
functionName: "removeBetween",
|
|
14907
|
+
kind: "mutation",
|
|
14908
|
+
inputProjection: (input) => {
|
|
14909
|
+
const parsed = removeEdgesBetweenArgs.parse(input);
|
|
14910
|
+
const fromNodeId = parsed.from ? graphRefNodeId(parsed.from) : parsed.fromNodeId;
|
|
14911
|
+
const toNodeId = parsed.to ? graphRefNodeId(parsed.to) : parsed.toNodeId;
|
|
14912
|
+
if (!fromNodeId || !toNodeId) {
|
|
14913
|
+
throw new Error("from/to or fromNodeId/toNodeId are required.");
|
|
14914
|
+
}
|
|
14915
|
+
return compactRecord4({
|
|
14916
|
+
fromNodeId,
|
|
14917
|
+
toNodeId,
|
|
14918
|
+
edgeType: parsed.edgeType
|
|
14919
|
+
});
|
|
14920
|
+
}
|
|
14921
|
+
},
|
|
14922
|
+
args: removeEdgesBetweenArgs
|
|
14923
|
+
}),
|
|
14924
|
+
surfaceContract({
|
|
14925
|
+
name: "batch_create_edges",
|
|
14926
|
+
kind: "mutation",
|
|
14927
|
+
domain: "edges",
|
|
14928
|
+
surfaceClass: "platform_public",
|
|
14929
|
+
path: "/edges/batch",
|
|
14930
|
+
sdkNamespace: "edges",
|
|
14931
|
+
sdkMethod: "batchCreateEdges",
|
|
14932
|
+
summary: "Batch create epistemic edges.",
|
|
14933
|
+
convex: {
|
|
14934
|
+
module: "edges",
|
|
14935
|
+
functionName: "batchCreate",
|
|
14936
|
+
kind: "mutation",
|
|
14937
|
+
inputProjection: (input, context) => {
|
|
14938
|
+
const parsed = batchCreateEdgesArgs.parse(input);
|
|
14939
|
+
return {
|
|
14940
|
+
skipLayerValidation: parsed.skipLayerValidation ?? true,
|
|
14941
|
+
edges: parsed.edges.map((edge) => {
|
|
14942
|
+
assertEdgePolicyAllowed(
|
|
14943
|
+
edgePolicyManifest,
|
|
14944
|
+
edge.edgeType,
|
|
14945
|
+
edge.from,
|
|
14946
|
+
edge.to
|
|
14947
|
+
);
|
|
14948
|
+
const fromNodeId = graphRefNodeId(edge.from);
|
|
14949
|
+
const toNodeId = graphRefNodeId(edge.to);
|
|
14950
|
+
return withCreatedBy(
|
|
14951
|
+
compactRecord4({
|
|
14952
|
+
fromNodeId,
|
|
14953
|
+
toNodeId,
|
|
14954
|
+
edgeType: edge.edgeType,
|
|
14955
|
+
globalId: edge.globalId ?? `edge:${fromNodeId}:${toNodeId}:${edge.edgeType}`,
|
|
14956
|
+
weight: edge.weight,
|
|
14957
|
+
confidence: edge.confidence,
|
|
14958
|
+
context: edge.context ?? edge.reasoning,
|
|
14959
|
+
reasoningMethod: edge.reasoningMethod,
|
|
14960
|
+
derivationType: edge.derivationType,
|
|
14961
|
+
metadata: edge.metadata,
|
|
14962
|
+
topicId: edge.topicId
|
|
14963
|
+
}),
|
|
14964
|
+
context
|
|
14965
|
+
);
|
|
14966
|
+
})
|
|
14967
|
+
};
|
|
14968
|
+
}
|
|
14969
|
+
},
|
|
14970
|
+
args: batchCreateEdgesArgs
|
|
14971
|
+
}),
|
|
12070
14972
|
surfaceContract({
|
|
12071
14973
|
name: "query_lineage",
|
|
12072
14974
|
kind: "query",
|
|
@@ -12789,6 +15691,69 @@ var pipelineContracts = [
|
|
|
12789
15691
|
}
|
|
12790
15692
|
})
|
|
12791
15693
|
];
|
|
15694
|
+
function isRecord3(value) {
|
|
15695
|
+
return Boolean(value) && typeof value === "object" && !Array.isArray(value);
|
|
15696
|
+
}
|
|
15697
|
+
function stringValues(value) {
|
|
15698
|
+
if (typeof value === "string") {
|
|
15699
|
+
return [value];
|
|
15700
|
+
}
|
|
15701
|
+
if (Array.isArray(value)) {
|
|
15702
|
+
return value.flatMap((item) => stringValues(item));
|
|
15703
|
+
}
|
|
15704
|
+
return [];
|
|
15705
|
+
}
|
|
15706
|
+
function nestedEvidenceRows(value) {
|
|
15707
|
+
if (Array.isArray(value)) {
|
|
15708
|
+
return value.flatMap((item) => nestedEvidenceRows(item));
|
|
15709
|
+
}
|
|
15710
|
+
if (!isRecord3(value)) {
|
|
15711
|
+
return [];
|
|
15712
|
+
}
|
|
15713
|
+
const nestedKeys = ["evidence", "items", "nodes"];
|
|
15714
|
+
const nestedRows = nestedKeys.flatMap((key) => nestedEvidenceRows(value[key]));
|
|
15715
|
+
return nestedRows.length > 0 ? nestedRows : [value];
|
|
15716
|
+
}
|
|
15717
|
+
function isFailedAttemptRow(row) {
|
|
15718
|
+
const metadata = isRecord3(row.metadata) ? row.metadata : null;
|
|
15719
|
+
return metadata?.failedApproach === true || metadata?.isFailedAttempt === true;
|
|
15720
|
+
}
|
|
15721
|
+
function failureLogSearchFields(row) {
|
|
15722
|
+
const metadata = isRecord3(row.metadata) ? row.metadata : null;
|
|
15723
|
+
return [
|
|
15724
|
+
...stringValues(row.id),
|
|
15725
|
+
...stringValues(row._id),
|
|
15726
|
+
...stringValues(row.title),
|
|
15727
|
+
...stringValues(row.text),
|
|
15728
|
+
...stringValues(row.canonicalText),
|
|
15729
|
+
...stringValues(row.content),
|
|
15730
|
+
...stringValues(metadata?.codeAnchor),
|
|
15731
|
+
...stringValues(metadata?.codeAnchors),
|
|
15732
|
+
...stringValues(metadata?.anchor),
|
|
15733
|
+
...stringValues(metadata?.anchors),
|
|
15734
|
+
...stringValues(metadata?.filePath),
|
|
15735
|
+
...stringValues(metadata?.filePaths),
|
|
15736
|
+
...stringValues(metadata?.path),
|
|
15737
|
+
...stringValues(metadata?.paths),
|
|
15738
|
+
...stringValues(metadata?.sourceRef),
|
|
15739
|
+
...stringValues(metadata?.touchedPaths)
|
|
15740
|
+
];
|
|
15741
|
+
}
|
|
15742
|
+
function projectFailureLog(output, input) {
|
|
15743
|
+
const rawQuery = typeof input.query === "string" && input.query.trim().length > 0 ? input.query.trim() : void 0;
|
|
15744
|
+
const searchKey = rawQuery?.toLowerCase();
|
|
15745
|
+
const failures = nestedEvidenceRows(output).filter((row) => isFailedAttemptRow(row)).filter(
|
|
15746
|
+
(row) => !searchKey ? true : failureLogSearchFields(row).some(
|
|
15747
|
+
(field) => field.toLowerCase().includes(searchKey)
|
|
15748
|
+
)
|
|
15749
|
+
);
|
|
15750
|
+
return {
|
|
15751
|
+
query: rawQuery,
|
|
15752
|
+
failures,
|
|
15753
|
+
totalFound: failures.length,
|
|
15754
|
+
showing: failures.length
|
|
15755
|
+
};
|
|
15756
|
+
}
|
|
12792
15757
|
var recordScopeLearningArgs = z.object({
|
|
12793
15758
|
topicId: z.string().optional().describe("Topic scope ID"),
|
|
12794
15759
|
summary: z.string().describe("Atomic learning statement"),
|
|
@@ -12878,6 +15843,8 @@ var attemptInput = (input, context) => withUserId(
|
|
|
12878
15843
|
tags: ["code_attempt"],
|
|
12879
15844
|
metadata: compactRecord4({
|
|
12880
15845
|
...recordValue2(input.metadata),
|
|
15846
|
+
failedApproach: true,
|
|
15847
|
+
isFailedAttempt: true,
|
|
12881
15848
|
filePaths: input.filePaths,
|
|
12882
15849
|
filePath: input.filePath,
|
|
12883
15850
|
errorMessage: input.errorMessage,
|
|
@@ -13008,7 +15975,8 @@ var codingContracts = [
|
|
|
13008
15975
|
limit: input.limit,
|
|
13009
15976
|
status: input.status,
|
|
13010
15977
|
userId: input.userId
|
|
13011
|
-
})
|
|
15978
|
+
}),
|
|
15979
|
+
outputProjection: (output, input) => projectFailureLog(output, input)
|
|
13012
15980
|
}
|
|
13013
15981
|
})
|
|
13014
15982
|
];
|
|
@@ -13045,6 +16013,7 @@ var ALL_FUNCTION_CONTRACTS = [
|
|
|
13045
16013
|
...evidenceContracts,
|
|
13046
16014
|
...questionsContracts,
|
|
13047
16015
|
...topicsContracts,
|
|
16016
|
+
...nodesContracts,
|
|
13048
16017
|
...lensesContracts,
|
|
13049
16018
|
...ontologiesContracts,
|
|
13050
16019
|
...worktreesContracts,
|
|
@@ -13220,6 +16189,13 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13220
16189
|
copyMode: "none",
|
|
13221
16190
|
description: "Deliberation sessions are created by tenant workflows."
|
|
13222
16191
|
},
|
|
16192
|
+
{
|
|
16193
|
+
component: "kernel",
|
|
16194
|
+
table: "domainEvents",
|
|
16195
|
+
prepopulation: "runtime_log",
|
|
16196
|
+
copyMode: "none",
|
|
16197
|
+
description: "Domain event rows are append-only runtime audit/exhaust data."
|
|
16198
|
+
},
|
|
13223
16199
|
{
|
|
13224
16200
|
component: "kernel",
|
|
13225
16201
|
table: "epistemicAudit",
|
|
@@ -13469,14 +16445,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13469
16445
|
description: "Worktrees are tenant/runtime planning data."
|
|
13470
16446
|
},
|
|
13471
16447
|
{
|
|
13472
|
-
component: "
|
|
16448
|
+
component: "control-plane",
|
|
13473
16449
|
table: "agents",
|
|
13474
16450
|
prepopulation: "runtime_bootstrap",
|
|
13475
16451
|
copyMode: "none",
|
|
13476
16452
|
description: "Service agents are provisioned per tenant or service, not copied."
|
|
13477
16453
|
},
|
|
13478
16454
|
{
|
|
13479
|
-
component: "
|
|
16455
|
+
component: "control-plane",
|
|
13480
16456
|
table: "mcpWritePolicy",
|
|
13481
16457
|
prepopulation: "required_template",
|
|
13482
16458
|
copyMode: "template_global",
|
|
@@ -13485,14 +16461,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13485
16461
|
description: "Global write policy defaults govern service and interactive MCP writes."
|
|
13486
16462
|
},
|
|
13487
16463
|
{
|
|
13488
|
-
component: "
|
|
16464
|
+
component: "control-plane",
|
|
13489
16465
|
table: "modelCallLogs",
|
|
13490
16466
|
prepopulation: "runtime_log",
|
|
13491
16467
|
copyMode: "none",
|
|
13492
16468
|
description: "Model call logs are runtime telemetry."
|
|
13493
16469
|
},
|
|
13494
16470
|
{
|
|
13495
|
-
component: "
|
|
16471
|
+
component: "control-plane",
|
|
13496
16472
|
table: "modelFunctionSlots",
|
|
13497
16473
|
prepopulation: "required_template",
|
|
13498
16474
|
copyMode: "template_global",
|
|
@@ -13501,7 +16477,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13501
16477
|
description: "Function-to-model slots are required by model runtime resolution."
|
|
13502
16478
|
},
|
|
13503
16479
|
{
|
|
13504
|
-
component: "
|
|
16480
|
+
component: "control-plane",
|
|
13505
16481
|
table: "modelRegistry",
|
|
13506
16482
|
prepopulation: "required_template",
|
|
13507
16483
|
copyMode: "template_global",
|
|
@@ -13510,7 +16486,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13510
16486
|
description: "Model catalog defaults are required by model runtime clients."
|
|
13511
16487
|
},
|
|
13512
16488
|
{
|
|
13513
|
-
component: "
|
|
16489
|
+
component: "control-plane",
|
|
13514
16490
|
table: "modelSlotConfigs",
|
|
13515
16491
|
prepopulation: "required_template",
|
|
13516
16492
|
copyMode: "template_global",
|
|
@@ -13519,14 +16495,105 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13519
16495
|
description: "Slot-level defaults are required before tenant overrides exist."
|
|
13520
16496
|
},
|
|
13521
16497
|
{
|
|
13522
|
-
component: "
|
|
16498
|
+
component: "control-plane",
|
|
16499
|
+
table: "permitAccessReviewItems",
|
|
16500
|
+
prepopulation: "runtime_data",
|
|
16501
|
+
copyMode: "none",
|
|
16502
|
+
description: "Permit access-review item rows are tenant review data projected from Permit."
|
|
16503
|
+
},
|
|
16504
|
+
{
|
|
16505
|
+
component: "control-plane",
|
|
16506
|
+
table: "permitAccessReviews",
|
|
16507
|
+
prepopulation: "runtime_data",
|
|
16508
|
+
copyMode: "none",
|
|
16509
|
+
description: "Permit access-review campaigns are tenant review data projected from Permit."
|
|
16510
|
+
},
|
|
16511
|
+
{
|
|
16512
|
+
component: "control-plane",
|
|
16513
|
+
table: "permitAttributeBindings",
|
|
16514
|
+
prepopulation: "runtime_data",
|
|
16515
|
+
copyMode: "none",
|
|
16516
|
+
description: "Permit ABAC attribute bindings are tenant policy projection rows."
|
|
16517
|
+
},
|
|
16518
|
+
{
|
|
16519
|
+
component: "control-plane",
|
|
16520
|
+
table: "permitGroups",
|
|
16521
|
+
prepopulation: "runtime_data",
|
|
16522
|
+
copyMode: "none",
|
|
16523
|
+
description: "Permit groups are tenant-defined policy subjects, not template data."
|
|
16524
|
+
},
|
|
16525
|
+
{
|
|
16526
|
+
component: "control-plane",
|
|
16527
|
+
table: "permitGroupMemberships",
|
|
16528
|
+
prepopulation: "runtime_data",
|
|
16529
|
+
copyMode: "none",
|
|
16530
|
+
description: "Permit group memberships are tenant-specific policy projection rows."
|
|
16531
|
+
},
|
|
16532
|
+
{
|
|
16533
|
+
component: "control-plane",
|
|
16534
|
+
table: "permitPolicyBundles",
|
|
16535
|
+
prepopulation: "runtime_derived",
|
|
16536
|
+
copyMode: "none",
|
|
16537
|
+
description: "Permit policy bundles are derived from the Permit control plane."
|
|
16538
|
+
},
|
|
16539
|
+
{
|
|
16540
|
+
component: "control-plane",
|
|
16541
|
+
table: "permitPolicyDecisionReceipts",
|
|
16542
|
+
prepopulation: "runtime_log",
|
|
16543
|
+
copyMode: "none",
|
|
16544
|
+
description: "Permit decision receipts are runtime authorization audit logs."
|
|
16545
|
+
},
|
|
16546
|
+
{
|
|
16547
|
+
component: "control-plane",
|
|
16548
|
+
table: "permitPrincipalAliases",
|
|
16549
|
+
prepopulation: "runtime_data",
|
|
16550
|
+
copyMode: "none",
|
|
16551
|
+
description: "Permit principal aliases are tenant-specific identity projection rows."
|
|
16552
|
+
},
|
|
16553
|
+
{
|
|
16554
|
+
component: "control-plane",
|
|
16555
|
+
table: "permitPrincipals",
|
|
16556
|
+
prepopulation: "runtime_data",
|
|
16557
|
+
copyMode: "none",
|
|
16558
|
+
description: "Permit principals are projected from Clerk, Permit, and tenant onboarding flows."
|
|
16559
|
+
},
|
|
16560
|
+
{
|
|
16561
|
+
component: "control-plane",
|
|
16562
|
+
table: "permitProjectionOutbox",
|
|
16563
|
+
prepopulation: "runtime_queue",
|
|
16564
|
+
copyMode: "none",
|
|
16565
|
+
description: "Permit projection outbox rows are runtime sync queue data."
|
|
16566
|
+
},
|
|
16567
|
+
{
|
|
16568
|
+
component: "control-plane",
|
|
16569
|
+
table: "permitRelationshipTuples",
|
|
16570
|
+
prepopulation: "runtime_data",
|
|
16571
|
+
copyMode: "none",
|
|
16572
|
+
description: "Permit ReBAC relationship tuples are tenant policy projection rows."
|
|
16573
|
+
},
|
|
16574
|
+
{
|
|
16575
|
+
component: "control-plane",
|
|
16576
|
+
table: "permitResourceInstances",
|
|
16577
|
+
prepopulation: "runtime_data",
|
|
16578
|
+
copyMode: "none",
|
|
16579
|
+
description: "Permit resource instances are tenant/workspace graph and deployment projection rows."
|
|
16580
|
+
},
|
|
16581
|
+
{
|
|
16582
|
+
component: "control-plane",
|
|
16583
|
+
table: "permitRoleAssignments",
|
|
16584
|
+
prepopulation: "runtime_data",
|
|
16585
|
+
copyMode: "none",
|
|
16586
|
+
description: "Permit role assignments are tenant-specific policy projection rows."
|
|
16587
|
+
},
|
|
16588
|
+
{
|
|
16589
|
+
component: "control-plane",
|
|
13523
16590
|
table: "platformAudienceGrants",
|
|
13524
16591
|
prepopulation: "runtime_data",
|
|
13525
16592
|
copyMode: "none",
|
|
13526
16593
|
description: "Audience grants are principal/group-specific access rows."
|
|
13527
16594
|
},
|
|
13528
16595
|
{
|
|
13529
|
-
component: "
|
|
16596
|
+
component: "control-plane",
|
|
13530
16597
|
table: "platformAudiences",
|
|
13531
16598
|
prepopulation: "required_template",
|
|
13532
16599
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13535,35 +16602,35 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13535
16602
|
description: "Default tenant audience taxonomy rows are rewritten into each tenant."
|
|
13536
16603
|
},
|
|
13537
16604
|
{
|
|
13538
|
-
component: "
|
|
16605
|
+
component: "control-plane",
|
|
13539
16606
|
table: "platformPolicyDecisionLogs",
|
|
13540
16607
|
prepopulation: "runtime_log",
|
|
13541
16608
|
copyMode: "none",
|
|
13542
16609
|
description: "Policy decisions are runtime audit logs."
|
|
13543
16610
|
},
|
|
13544
16611
|
{
|
|
13545
|
-
component: "
|
|
16612
|
+
component: "control-plane",
|
|
13546
16613
|
table: "projectGrants",
|
|
13547
16614
|
prepopulation: "runtime_data",
|
|
13548
16615
|
copyMode: "none",
|
|
13549
16616
|
description: "Project/topic grants are principal or group-specific access rows."
|
|
13550
16617
|
},
|
|
13551
16618
|
{
|
|
13552
|
-
component: "
|
|
16619
|
+
component: "control-plane",
|
|
13553
16620
|
table: "reasoningPermissions",
|
|
13554
16621
|
prepopulation: "runtime_data",
|
|
13555
16622
|
copyMode: "none",
|
|
13556
16623
|
description: "Reasoning permissions are principal-specific policy rows."
|
|
13557
16624
|
},
|
|
13558
16625
|
{
|
|
13559
|
-
component: "
|
|
16626
|
+
component: "control-plane",
|
|
13560
16627
|
table: "tenantApiKeys",
|
|
13561
16628
|
prepopulation: "runtime_secret",
|
|
13562
16629
|
copyMode: "none",
|
|
13563
16630
|
description: "API keys are tenant credentials and must never be copied."
|
|
13564
16631
|
},
|
|
13565
16632
|
{
|
|
13566
|
-
component: "
|
|
16633
|
+
component: "control-plane",
|
|
13567
16634
|
table: "tenantConfig",
|
|
13568
16635
|
prepopulation: "required_template",
|
|
13569
16636
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13572,7 +16639,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13572
16639
|
description: "Tenant-local config defaults are rewritten during bootstrap."
|
|
13573
16640
|
},
|
|
13574
16641
|
{
|
|
13575
|
-
component: "
|
|
16642
|
+
component: "control-plane",
|
|
13576
16643
|
table: "tenantIntegrations",
|
|
13577
16644
|
prepopulation: "required_template",
|
|
13578
16645
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13581,14 +16648,21 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13581
16648
|
description: "Non-secret integration descriptors are rewritten into each tenant."
|
|
13582
16649
|
},
|
|
13583
16650
|
{
|
|
13584
|
-
component: "
|
|
16651
|
+
component: "control-plane",
|
|
13585
16652
|
table: "tenantModelSlotBindings",
|
|
13586
16653
|
prepopulation: "runtime_secret",
|
|
13587
16654
|
copyMode: "none",
|
|
13588
16655
|
description: "Tenant model slot bindings reference provider secrets and are runtime-only."
|
|
13589
16656
|
},
|
|
13590
16657
|
{
|
|
13591
|
-
component: "
|
|
16658
|
+
component: "control-plane",
|
|
16659
|
+
table: "tenantPermitSyncStates",
|
|
16660
|
+
prepopulation: "runtime_derived",
|
|
16661
|
+
copyMode: "none",
|
|
16662
|
+
description: "Tenant Permit sync state rows are runtime reconciliation state."
|
|
16663
|
+
},
|
|
16664
|
+
{
|
|
16665
|
+
component: "control-plane",
|
|
13592
16666
|
table: "tenantPolicies",
|
|
13593
16667
|
prepopulation: "required_template",
|
|
13594
16668
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13597,42 +16671,42 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13597
16671
|
description: "Default tenant policy roles are rewritten during bootstrap."
|
|
13598
16672
|
},
|
|
13599
16673
|
{
|
|
13600
|
-
component: "
|
|
16674
|
+
component: "control-plane",
|
|
13601
16675
|
table: "tenantProviderSecrets",
|
|
13602
16676
|
prepopulation: "runtime_secret",
|
|
13603
16677
|
copyMode: "none",
|
|
13604
16678
|
description: "Provider secrets are credentials and must never be copied."
|
|
13605
16679
|
},
|
|
13606
16680
|
{
|
|
13607
|
-
component: "
|
|
16681
|
+
component: "control-plane",
|
|
13608
16682
|
table: "tenantProxyGatewayUsage",
|
|
13609
16683
|
prepopulation: "runtime_log",
|
|
13610
16684
|
copyMode: "none",
|
|
13611
16685
|
description: "Proxy gateway usage rows are runtime telemetry."
|
|
13612
16686
|
},
|
|
13613
16687
|
{
|
|
13614
|
-
component: "
|
|
16688
|
+
component: "control-plane",
|
|
13615
16689
|
table: "tenantProxyTokenMints",
|
|
13616
16690
|
prepopulation: "runtime_secret",
|
|
13617
16691
|
copyMode: "none",
|
|
13618
16692
|
description: "Proxy token mints are ephemeral secret-bearing runtime rows."
|
|
13619
16693
|
},
|
|
13620
16694
|
{
|
|
13621
|
-
component: "
|
|
16695
|
+
component: "control-plane",
|
|
13622
16696
|
table: "tenantSandboxAuditEvents",
|
|
13623
16697
|
prepopulation: "runtime_log",
|
|
13624
16698
|
copyMode: "none",
|
|
13625
16699
|
description: "Sandbox audit rows are runtime security logs."
|
|
13626
16700
|
},
|
|
13627
16701
|
{
|
|
13628
|
-
component: "
|
|
16702
|
+
component: "control-plane",
|
|
13629
16703
|
table: "tenantSecrets",
|
|
13630
16704
|
prepopulation: "runtime_secret",
|
|
13631
16705
|
copyMode: "none",
|
|
13632
16706
|
description: "Tenant secrets are credentials and must never be copied."
|
|
13633
16707
|
},
|
|
13634
16708
|
{
|
|
13635
|
-
component: "
|
|
16709
|
+
component: "control-plane",
|
|
13636
16710
|
table: "toolAcls",
|
|
13637
16711
|
prepopulation: "required_template",
|
|
13638
16712
|
copyMode: "template_global",
|
|
@@ -13641,7 +16715,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13641
16715
|
description: "Default role-to-tool grants are required for SDK/MCP tool access."
|
|
13642
16716
|
},
|
|
13643
16717
|
{
|
|
13644
|
-
component: "
|
|
16718
|
+
component: "control-plane",
|
|
13645
16719
|
table: "toolRegistry",
|
|
13646
16720
|
prepopulation: "required_template",
|
|
13647
16721
|
copyMode: "template_global",
|
|
@@ -13650,7 +16724,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13650
16724
|
description: "Core tool catalog rows are required before pack or tenant tools exist."
|
|
13651
16725
|
},
|
|
13652
16726
|
{
|
|
13653
|
-
component: "
|
|
16727
|
+
component: "control-plane",
|
|
13654
16728
|
table: "users",
|
|
13655
16729
|
prepopulation: "runtime_bootstrap",
|
|
13656
16730
|
copyMode: "none",
|