@lucern/events 0.3.0-alpha.8 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -2
- package/dist/index.js +3477 -403
- package/dist/index.js.map +1 -1
- package/dist/outbox.js +3477 -403
- package/dist/outbox.js.map +1 -1
- package/dist/types.js +3477 -403
- package/dist/types.js.map +1 -1
- package/dist/webhooks.js +3477 -403
- package/dist/webhooks.js.map +1 -1
- package/package.json +2 -2
package/dist/outbox.js
CHANGED
|
@@ -1,6 +1,20 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
2
|
import { v } from 'convex/values';
|
|
3
3
|
|
|
4
|
+
// ../contracts/src/types/reasoning-method.ts
|
|
5
|
+
var REASONING_METHODS = [
|
|
6
|
+
"deductive",
|
|
7
|
+
"inductive",
|
|
8
|
+
"abductive",
|
|
9
|
+
"analogical",
|
|
10
|
+
"causal",
|
|
11
|
+
"correlational",
|
|
12
|
+
"testimonial",
|
|
13
|
+
"statistical",
|
|
14
|
+
"implicit",
|
|
15
|
+
"pattern_match"
|
|
16
|
+
];
|
|
17
|
+
|
|
4
18
|
// ../contracts/src/graph-intelligence.contract.ts
|
|
5
19
|
var GRAPH_INTELLIGENCE_MODE_TOOL_NAMES = {
|
|
6
20
|
core: [
|
|
@@ -783,7 +797,7 @@ defineTable({
|
|
|
783
797
|
});
|
|
784
798
|
defineTable({
|
|
785
799
|
name: "agents",
|
|
786
|
-
component: "
|
|
800
|
+
component: "control-plane",
|
|
787
801
|
category: "agent",
|
|
788
802
|
shape: z.object({
|
|
789
803
|
"slug": z.string(),
|
|
@@ -814,6 +828,8 @@ defineTable({
|
|
|
814
828
|
category: "tenant",
|
|
815
829
|
shape: z.object({
|
|
816
830
|
"tenantId": idOf("tenants"),
|
|
831
|
+
"workspaceId": idOf("workspaces").optional(),
|
|
832
|
+
"environment": z.enum(["dev", "staging", "prod"]).optional(),
|
|
817
833
|
"keyPrefix": z.enum(["luc", "stk"]),
|
|
818
834
|
"keyHash": z.string(),
|
|
819
835
|
"keyHint": z.string(),
|
|
@@ -841,7 +857,7 @@ defineTable({
|
|
|
841
857
|
shape: z.object({
|
|
842
858
|
"tenantId": idOf("tenants").optional(),
|
|
843
859
|
"apiKeyId": idOf("apiKeys").optional(),
|
|
844
|
-
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
860
|
+
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "tenant_clerk_organization_linked", "tenant_canonical_identity_repaired", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
845
861
|
"actorClerkId": z.string(),
|
|
846
862
|
"details": z.any().optional(),
|
|
847
863
|
"createdAt": z.number()
|
|
@@ -1065,6 +1081,35 @@ defineTable({
|
|
|
1065
1081
|
{ kind: "index", name: "by_source", columns: ["source"] }
|
|
1066
1082
|
]
|
|
1067
1083
|
});
|
|
1084
|
+
defineTable({
|
|
1085
|
+
name: "domainEvents",
|
|
1086
|
+
component: "kernel",
|
|
1087
|
+
category: "events",
|
|
1088
|
+
shape: z.object({
|
|
1089
|
+
"eventId": z.string(),
|
|
1090
|
+
"type": z.string(),
|
|
1091
|
+
"version": z.string(),
|
|
1092
|
+
"timestamp": z.number(),
|
|
1093
|
+
"tenantId": z.string().optional(),
|
|
1094
|
+
"workspaceId": z.string().optional(),
|
|
1095
|
+
"topicId": z.string(),
|
|
1096
|
+
"resourceId": z.string(),
|
|
1097
|
+
"resourceType": z.string(),
|
|
1098
|
+
"actorId": z.string(),
|
|
1099
|
+
"actorType": z.enum(["human", "agent", "service"]),
|
|
1100
|
+
"data": z.record(z.any()),
|
|
1101
|
+
"correlationId": z.string().optional(),
|
|
1102
|
+
"expiresAt": z.number()
|
|
1103
|
+
}),
|
|
1104
|
+
indices: [
|
|
1105
|
+
{ kind: "index", name: "by_eventId", columns: ["eventId"] },
|
|
1106
|
+
{ kind: "index", name: "by_topic_timestamp", columns: ["topicId", "timestamp"] },
|
|
1107
|
+
{ kind: "index", name: "by_tenant_workspace_timestamp", columns: ["tenantId", "workspaceId", "timestamp"] },
|
|
1108
|
+
{ kind: "index", name: "by_type_timestamp", columns: ["type", "timestamp"] },
|
|
1109
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId", "timestamp"] },
|
|
1110
|
+
{ kind: "index", name: "by_expiresAt", columns: ["expiresAt"] }
|
|
1111
|
+
]
|
|
1112
|
+
});
|
|
1068
1113
|
defineTable({
|
|
1069
1114
|
name: "beliefConfidence",
|
|
1070
1115
|
component: "kernel",
|
|
@@ -1720,29 +1765,37 @@ defineTable({
|
|
|
1720
1765
|
component: "mc",
|
|
1721
1766
|
category: "runtime",
|
|
1722
1767
|
shape: z.object({
|
|
1723
|
-
|
|
1724
|
-
|
|
1725
|
-
|
|
1726
|
-
|
|
1727
|
-
|
|
1728
|
-
|
|
1729
|
-
|
|
1730
|
-
|
|
1731
|
-
|
|
1732
|
-
|
|
1733
|
-
|
|
1734
|
-
|
|
1735
|
-
|
|
1768
|
+
shimId: z.string(),
|
|
1769
|
+
gateId: z.string(),
|
|
1770
|
+
removalDate: z.string(),
|
|
1771
|
+
removalPriority: z.enum(["P1", "P2", "P3"]),
|
|
1772
|
+
description: z.string(),
|
|
1773
|
+
owner: z.string(),
|
|
1774
|
+
createdAt: z.string(),
|
|
1775
|
+
status: z.enum(["active", "overdue", "removed"]),
|
|
1776
|
+
bridgeType: z.enum(["tool", "agent"]),
|
|
1777
|
+
bridgeTarget: z.object({
|
|
1778
|
+
type: z.enum(["tool", "agent"]),
|
|
1779
|
+
legacyPath: z.string(),
|
|
1780
|
+
harnessPath: z.string()
|
|
1736
1781
|
}),
|
|
1737
|
-
|
|
1738
|
-
|
|
1739
|
-
|
|
1740
|
-
|
|
1782
|
+
shimBehavior: z.enum([
|
|
1783
|
+
"passthrough_with_logging",
|
|
1784
|
+
"adapter",
|
|
1785
|
+
"feature_flag_gate"
|
|
1786
|
+
]),
|
|
1787
|
+
producesLedgerEntries: z.boolean(),
|
|
1788
|
+
lastAuditedAt: z.number(),
|
|
1789
|
+
metadata: z.record(z.any()).optional()
|
|
1741
1790
|
}),
|
|
1742
1791
|
indices: [
|
|
1743
1792
|
{ kind: "index", name: "by_shimId", columns: ["shimId"] },
|
|
1744
1793
|
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
1745
|
-
{
|
|
1794
|
+
{
|
|
1795
|
+
kind: "index",
|
|
1796
|
+
name: "by_bridgeType_status",
|
|
1797
|
+
columns: ["bridgeType", "status"]
|
|
1798
|
+
}
|
|
1746
1799
|
]
|
|
1747
1800
|
});
|
|
1748
1801
|
defineTable({
|
|
@@ -1750,12 +1803,23 @@ defineTable({
|
|
|
1750
1803
|
component: "mc",
|
|
1751
1804
|
category: "runtime",
|
|
1752
1805
|
shape: z.object({
|
|
1753
|
-
|
|
1754
|
-
|
|
1755
|
-
|
|
1756
|
-
|
|
1757
|
-
|
|
1758
|
-
|
|
1806
|
+
domain: z.enum([
|
|
1807
|
+
"graph",
|
|
1808
|
+
"schema",
|
|
1809
|
+
"identity",
|
|
1810
|
+
"policy",
|
|
1811
|
+
"audit",
|
|
1812
|
+
"admin",
|
|
1813
|
+
"agent",
|
|
1814
|
+
"tool",
|
|
1815
|
+
"prompt",
|
|
1816
|
+
"intelligence"
|
|
1817
|
+
]),
|
|
1818
|
+
state: z.enum(["legacy", "cutover", "disabled"]),
|
|
1819
|
+
metadata: z.record(z.any()).optional(),
|
|
1820
|
+
updatedBy: z.string(),
|
|
1821
|
+
createdAt: z.number(),
|
|
1822
|
+
updatedAt: z.number()
|
|
1759
1823
|
}),
|
|
1760
1824
|
indices: [
|
|
1761
1825
|
{ kind: "index", name: "by_domain", columns: ["domain"] },
|
|
@@ -1767,57 +1831,193 @@ defineTable({
|
|
|
1767
1831
|
component: "mc",
|
|
1768
1832
|
category: "runtime",
|
|
1769
1833
|
shape: z.object({
|
|
1770
|
-
|
|
1771
|
-
|
|
1772
|
-
|
|
1773
|
-
|
|
1774
|
-
|
|
1775
|
-
|
|
1776
|
-
|
|
1777
|
-
|
|
1778
|
-
|
|
1779
|
-
|
|
1780
|
-
|
|
1781
|
-
|
|
1782
|
-
|
|
1783
|
-
|
|
1784
|
-
|
|
1785
|
-
|
|
1786
|
-
|
|
1834
|
+
credentialRef: z.string(),
|
|
1835
|
+
tenantId: idOf("tenants"),
|
|
1836
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1837
|
+
target: z.enum(["kernelDeployment", "appDeployment"]),
|
|
1838
|
+
environment: z.enum(["dev", "staging", "prod"]),
|
|
1839
|
+
encryptedDeployKey: z.string(),
|
|
1840
|
+
encryptionVersion: z.string(),
|
|
1841
|
+
keyFingerprint: z.string(),
|
|
1842
|
+
keyHint: z.string(),
|
|
1843
|
+
status: z.enum(["active", "revoked"]),
|
|
1844
|
+
rotatedFromCredentialRef: z.string().optional(),
|
|
1845
|
+
revokedAt: z.number().optional(),
|
|
1846
|
+
revokedBy: z.string().optional(),
|
|
1847
|
+
lastUsedAt: z.number().optional(),
|
|
1848
|
+
metadata: z.record(z.any()).optional(),
|
|
1849
|
+
createdBy: z.string(),
|
|
1850
|
+
createdAt: z.number(),
|
|
1851
|
+
updatedAt: z.number()
|
|
1787
1852
|
}),
|
|
1788
1853
|
indices: [
|
|
1789
1854
|
{ kind: "index", name: "by_credentialRef", columns: ["credentialRef"] },
|
|
1790
1855
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1791
|
-
{ kind: "index", name: "
|
|
1792
|
-
{
|
|
1793
|
-
|
|
1856
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
1857
|
+
{
|
|
1858
|
+
kind: "index",
|
|
1859
|
+
name: "by_tenant_target",
|
|
1860
|
+
columns: ["tenantId", "target"]
|
|
1861
|
+
},
|
|
1862
|
+
{
|
|
1863
|
+
kind: "index",
|
|
1864
|
+
name: "by_tenant_target_environment",
|
|
1865
|
+
columns: ["tenantId", "target", "environment"]
|
|
1866
|
+
},
|
|
1867
|
+
{
|
|
1868
|
+
kind: "index",
|
|
1869
|
+
name: "by_tenant_target_environment_status",
|
|
1870
|
+
columns: ["tenantId", "target", "environment", "status"]
|
|
1871
|
+
},
|
|
1872
|
+
{
|
|
1873
|
+
kind: "index",
|
|
1874
|
+
name: "by_tenant_workspace_target_environment_status",
|
|
1875
|
+
columns: ["tenantId", "workspaceId", "target", "environment", "status"]
|
|
1876
|
+
},
|
|
1794
1877
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1795
1878
|
]
|
|
1796
1879
|
});
|
|
1880
|
+
defineTable({
|
|
1881
|
+
name: "permitSyncStates",
|
|
1882
|
+
component: "mc",
|
|
1883
|
+
category: "runtime",
|
|
1884
|
+
shape: z.object({
|
|
1885
|
+
syncKey: z.string(),
|
|
1886
|
+
objectType: z.enum([
|
|
1887
|
+
"resource",
|
|
1888
|
+
"role",
|
|
1889
|
+
"resource_role",
|
|
1890
|
+
"resource_relation",
|
|
1891
|
+
"tenant",
|
|
1892
|
+
"workspace",
|
|
1893
|
+
"principal",
|
|
1894
|
+
"membership",
|
|
1895
|
+
"group",
|
|
1896
|
+
"resource_instance",
|
|
1897
|
+
"relationship_tuple",
|
|
1898
|
+
"role_assignment"
|
|
1899
|
+
]),
|
|
1900
|
+
objectId: z.string(),
|
|
1901
|
+
tenantId: idOf("tenants").optional(),
|
|
1902
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1903
|
+
principalId: z.string().optional(),
|
|
1904
|
+
permitTenantKey: z.string().optional(),
|
|
1905
|
+
permitResourceType: z.string().optional(),
|
|
1906
|
+
permitResourceKey: z.string().optional(),
|
|
1907
|
+
desiredPayload: z.record(z.any()),
|
|
1908
|
+
lastAppliedPayloadHash: z.string().optional(),
|
|
1909
|
+
status: z.enum(["pending", "synced", "error", "skipped"]),
|
|
1910
|
+
attemptCount: z.number(),
|
|
1911
|
+
lastError: z.string().optional(),
|
|
1912
|
+
nextAttemptAt: z.number().optional(),
|
|
1913
|
+
lastSyncedAt: z.number().optional(),
|
|
1914
|
+
createdBy: z.string(),
|
|
1915
|
+
updatedBy: z.string().optional(),
|
|
1916
|
+
createdAt: z.number(),
|
|
1917
|
+
updatedAt: z.number()
|
|
1918
|
+
}),
|
|
1919
|
+
indices: [
|
|
1920
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
1921
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
1922
|
+
{
|
|
1923
|
+
kind: "index",
|
|
1924
|
+
name: "by_tenant_status",
|
|
1925
|
+
columns: ["tenantId", "status"]
|
|
1926
|
+
},
|
|
1927
|
+
{
|
|
1928
|
+
kind: "index",
|
|
1929
|
+
name: "by_workspace_status",
|
|
1930
|
+
columns: ["workspaceId", "status"]
|
|
1931
|
+
},
|
|
1932
|
+
{
|
|
1933
|
+
kind: "index",
|
|
1934
|
+
name: "by_principal_status",
|
|
1935
|
+
columns: ["principalId", "status"]
|
|
1936
|
+
}
|
|
1937
|
+
]
|
|
1938
|
+
});
|
|
1939
|
+
defineTable({
|
|
1940
|
+
name: "secretSyncDriftReports",
|
|
1941
|
+
component: "mc",
|
|
1942
|
+
category: "runtime",
|
|
1943
|
+
shape: z.object({
|
|
1944
|
+
reportId: z.string(),
|
|
1945
|
+
source: z.enum(["infisical_manifest", "manual", "ci"]),
|
|
1946
|
+
generatedAt: z.number(),
|
|
1947
|
+
recordedAt: z.number(),
|
|
1948
|
+
recordedBy: z.string(),
|
|
1949
|
+
status: z.enum([
|
|
1950
|
+
"in_sync",
|
|
1951
|
+
"drift",
|
|
1952
|
+
"exception",
|
|
1953
|
+
"blocked",
|
|
1954
|
+
"not_observed"
|
|
1955
|
+
]),
|
|
1956
|
+
reportHash: z.string(),
|
|
1957
|
+
manifestHash: z.string().optional(),
|
|
1958
|
+
dryRunReceiptId: z.string().optional(),
|
|
1959
|
+
appliedReceiptId: z.string().optional(),
|
|
1960
|
+
summary: z.object({
|
|
1961
|
+
totalPipelines: z.number(),
|
|
1962
|
+
inSync: z.number(),
|
|
1963
|
+
drift: z.number(),
|
|
1964
|
+
exception: z.number(),
|
|
1965
|
+
blocked: z.number(),
|
|
1966
|
+
notObserved: z.number(),
|
|
1967
|
+
missingKeys: z.number(),
|
|
1968
|
+
valueDriftKeys: z.number(),
|
|
1969
|
+
extraKeys: z.number(),
|
|
1970
|
+
deniedConvexLeakage: z.number(),
|
|
1971
|
+
approvedExceptions: z.number()
|
|
1972
|
+
}),
|
|
1973
|
+
redactedReport: z.record(z.any()),
|
|
1974
|
+
metadata: z.record(z.any()).optional()
|
|
1975
|
+
}),
|
|
1976
|
+
indices: [
|
|
1977
|
+
{ kind: "index", name: "by_reportId", columns: ["reportId"] },
|
|
1978
|
+
{ kind: "index", name: "by_reportHash", columns: ["reportHash"] },
|
|
1979
|
+
{ kind: "index", name: "by_generatedAt", columns: ["generatedAt"] },
|
|
1980
|
+
{
|
|
1981
|
+
kind: "index",
|
|
1982
|
+
name: "by_status_generatedAt",
|
|
1983
|
+
columns: ["status", "generatedAt"]
|
|
1984
|
+
}
|
|
1985
|
+
]
|
|
1986
|
+
});
|
|
1797
1987
|
defineTable({
|
|
1798
1988
|
name: "controlPlaneTenantModelSlotBindings",
|
|
1799
1989
|
component: "mc",
|
|
1800
1990
|
category: "runtime",
|
|
1801
1991
|
shape: z.object({
|
|
1802
|
-
|
|
1803
|
-
|
|
1804
|
-
"
|
|
1805
|
-
|
|
1806
|
-
|
|
1807
|
-
|
|
1808
|
-
|
|
1809
|
-
|
|
1810
|
-
|
|
1811
|
-
|
|
1812
|
-
|
|
1813
|
-
|
|
1814
|
-
|
|
1992
|
+
bindingId: z.string(),
|
|
1993
|
+
tenantId: idOf("tenants"),
|
|
1994
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1995
|
+
environment: z.enum(["dev", "staging", "prod"]).optional(),
|
|
1996
|
+
providerId: z.string(),
|
|
1997
|
+
modelSlotId: z.string(),
|
|
1998
|
+
secretRef: z.string(),
|
|
1999
|
+
status: z.enum(["active", "revoked"]),
|
|
2000
|
+
passThroughOnly: z.boolean(),
|
|
2001
|
+
revokedAt: z.number().optional(),
|
|
2002
|
+
revokedBy: z.string().optional(),
|
|
2003
|
+
metadata: z.record(z.any()).optional(),
|
|
2004
|
+
createdBy: z.string(),
|
|
2005
|
+
createdAt: z.number(),
|
|
2006
|
+
updatedAt: z.number()
|
|
1815
2007
|
}),
|
|
1816
2008
|
indices: [
|
|
1817
2009
|
{ kind: "index", name: "by_bindingId", columns: ["bindingId"] },
|
|
1818
2010
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1819
|
-
{
|
|
1820
|
-
|
|
2011
|
+
{
|
|
2012
|
+
kind: "index",
|
|
2013
|
+
name: "by_tenant_slot",
|
|
2014
|
+
columns: ["tenantId", "modelSlotId"]
|
|
2015
|
+
},
|
|
2016
|
+
{
|
|
2017
|
+
kind: "index",
|
|
2018
|
+
name: "by_tenant_provider_slot",
|
|
2019
|
+
columns: ["tenantId", "providerId", "modelSlotId"]
|
|
2020
|
+
},
|
|
1821
2021
|
{ kind: "index", name: "by_secretRef", columns: ["secretRef"] },
|
|
1822
2022
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1823
2023
|
]
|
|
@@ -1827,29 +2027,42 @@ defineTable({
|
|
|
1827
2027
|
component: "mc",
|
|
1828
2028
|
category: "runtime",
|
|
1829
2029
|
shape: z.object({
|
|
1830
|
-
|
|
1831
|
-
|
|
1832
|
-
"
|
|
1833
|
-
|
|
1834
|
-
|
|
1835
|
-
|
|
1836
|
-
|
|
1837
|
-
|
|
1838
|
-
|
|
1839
|
-
|
|
1840
|
-
|
|
1841
|
-
|
|
1842
|
-
|
|
1843
|
-
|
|
1844
|
-
|
|
1845
|
-
|
|
1846
|
-
|
|
2030
|
+
secretRef: z.string(),
|
|
2031
|
+
tenantId: idOf("tenants"),
|
|
2032
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2033
|
+
environment: z.enum(["dev", "staging", "prod"]).optional(),
|
|
2034
|
+
providerId: z.string(),
|
|
2035
|
+
label: z.string().optional(),
|
|
2036
|
+
encryptedSecret: z.string().optional(),
|
|
2037
|
+
infisicalPath: z.string().optional(),
|
|
2038
|
+
infisicalSecretKey: z.string().optional(),
|
|
2039
|
+
infisicalProjectId: z.string().optional(),
|
|
2040
|
+
encryptionVersion: z.string(),
|
|
2041
|
+
secretFingerprint: z.string(),
|
|
2042
|
+
keyHint: z.string(),
|
|
2043
|
+
status: z.enum(["active", "revoked"]),
|
|
2044
|
+
rotatedFromSecretRef: z.string().optional(),
|
|
2045
|
+
revokedAt: z.number().optional(),
|
|
2046
|
+
revokedBy: z.string().optional(),
|
|
2047
|
+
lastUsedAt: z.number().optional(),
|
|
2048
|
+
metadata: z.record(z.any()).optional(),
|
|
2049
|
+
createdBy: z.string(),
|
|
2050
|
+
createdAt: z.number(),
|
|
2051
|
+
updatedAt: z.number()
|
|
1847
2052
|
}),
|
|
1848
2053
|
indices: [
|
|
1849
2054
|
{ kind: "index", name: "by_secretRef", columns: ["secretRef"] },
|
|
1850
2055
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1851
|
-
{
|
|
1852
|
-
|
|
2056
|
+
{
|
|
2057
|
+
kind: "index",
|
|
2058
|
+
name: "by_tenant_provider",
|
|
2059
|
+
columns: ["tenantId", "providerId"]
|
|
2060
|
+
},
|
|
2061
|
+
{
|
|
2062
|
+
kind: "index",
|
|
2063
|
+
name: "by_tenant_provider_status",
|
|
2064
|
+
columns: ["tenantId", "providerId", "status"]
|
|
2065
|
+
},
|
|
1853
2066
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1854
2067
|
]
|
|
1855
2068
|
});
|
|
@@ -1858,35 +2071,93 @@ defineTable({
|
|
|
1858
2071
|
component: "mc",
|
|
1859
2072
|
category: "runtime",
|
|
1860
2073
|
shape: z.object({
|
|
1861
|
-
|
|
1862
|
-
|
|
1863
|
-
|
|
1864
|
-
|
|
1865
|
-
|
|
1866
|
-
|
|
1867
|
-
|
|
1868
|
-
|
|
1869
|
-
|
|
1870
|
-
|
|
1871
|
-
|
|
1872
|
-
|
|
1873
|
-
|
|
1874
|
-
|
|
1875
|
-
|
|
1876
|
-
|
|
1877
|
-
|
|
1878
|
-
|
|
1879
|
-
|
|
1880
|
-
|
|
1881
|
-
|
|
1882
|
-
|
|
2074
|
+
usageId: z.string(),
|
|
2075
|
+
tenantId: idOf("tenants"),
|
|
2076
|
+
providerId: z.string(),
|
|
2077
|
+
modelSlotId: z.string(),
|
|
2078
|
+
secretRef: z.string(),
|
|
2079
|
+
proxyTokenId: z.string(),
|
|
2080
|
+
sessionId: z.string(),
|
|
2081
|
+
principalId: z.string(),
|
|
2082
|
+
workspaceId: z.string().optional(),
|
|
2083
|
+
modelId: z.string().optional(),
|
|
2084
|
+
requestPath: z.string(),
|
|
2085
|
+
status: z.enum(["success", "error"]),
|
|
2086
|
+
responseStatus: z.number().optional(),
|
|
2087
|
+
inputTokens: z.number().optional(),
|
|
2088
|
+
outputTokens: z.number().optional(),
|
|
2089
|
+
tokenCount: z.number().optional(),
|
|
2090
|
+
latencyMs: z.number(),
|
|
2091
|
+
estimatedCostUsd: z.number().optional(),
|
|
2092
|
+
failureCode: z.string().optional(),
|
|
2093
|
+
metadata: z.record(z.any()).optional(),
|
|
2094
|
+
createdAt: z.number(),
|
|
2095
|
+
updatedAt: z.number()
|
|
1883
2096
|
}),
|
|
1884
2097
|
indices: [
|
|
1885
2098
|
{ kind: "index", name: "by_usageId", columns: ["usageId"] },
|
|
1886
2099
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
|
|
1887
|
-
{
|
|
1888
|
-
|
|
1889
|
-
|
|
2100
|
+
{
|
|
2101
|
+
kind: "index",
|
|
2102
|
+
name: "by_tenant_provider",
|
|
2103
|
+
columns: ["tenantId", "providerId", "createdAt"]
|
|
2104
|
+
},
|
|
2105
|
+
{
|
|
2106
|
+
kind: "index",
|
|
2107
|
+
name: "by_proxyTokenId",
|
|
2108
|
+
columns: ["proxyTokenId", "createdAt"]
|
|
2109
|
+
},
|
|
2110
|
+
{
|
|
2111
|
+
kind: "index",
|
|
2112
|
+
name: "by_sessionId",
|
|
2113
|
+
columns: ["sessionId", "createdAt"]
|
|
2114
|
+
}
|
|
2115
|
+
]
|
|
2116
|
+
});
|
|
2117
|
+
defineTable({
|
|
2118
|
+
name: "controlPlaneTenantProxyTokenLeases",
|
|
2119
|
+
component: "mc",
|
|
2120
|
+
category: "runtime",
|
|
2121
|
+
shape: z.object({
|
|
2122
|
+
leaseId: z.string(),
|
|
2123
|
+
proxyTokenId: z.string(),
|
|
2124
|
+
tenantId: idOf("tenants"),
|
|
2125
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2126
|
+
environment: z.enum(["dev", "staging", "prod"]),
|
|
2127
|
+
providerId: z.string(),
|
|
2128
|
+
modelSlotId: z.string(),
|
|
2129
|
+
bindingId: z.string(),
|
|
2130
|
+
secretRef: z.string(),
|
|
2131
|
+
sessionId: z.string(),
|
|
2132
|
+
principalId: z.string(),
|
|
2133
|
+
agentSessionId: z.string().optional(),
|
|
2134
|
+
status: z.enum(["active", "revoked"]),
|
|
2135
|
+
expiresAt: z.number(),
|
|
2136
|
+
renewedAt: z.number().optional(),
|
|
2137
|
+
revokedAt: z.number().optional(),
|
|
2138
|
+
revokedBy: z.string().optional(),
|
|
2139
|
+
revokeReason: z.string().optional(),
|
|
2140
|
+
permitDecisionLogId: idOf("policyDecisionLogs").optional(),
|
|
2141
|
+
permitTraceId: z.string().optional(),
|
|
2142
|
+
metadata: z.record(z.any()).optional(),
|
|
2143
|
+
createdAt: z.number(),
|
|
2144
|
+
updatedAt: z.number()
|
|
2145
|
+
}),
|
|
2146
|
+
indices: [
|
|
2147
|
+
{ kind: "index", name: "by_leaseId", columns: ["leaseId"] },
|
|
2148
|
+
{ kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId"] },
|
|
2149
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
|
|
2150
|
+
{ kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] },
|
|
2151
|
+
{
|
|
2152
|
+
kind: "index",
|
|
2153
|
+
name: "by_principalId",
|
|
2154
|
+
columns: ["principalId", "createdAt"]
|
|
2155
|
+
},
|
|
2156
|
+
{
|
|
2157
|
+
kind: "index",
|
|
2158
|
+
name: "by_status_expiresAt",
|
|
2159
|
+
columns: ["status", "expiresAt"]
|
|
2160
|
+
}
|
|
1890
2161
|
]
|
|
1891
2162
|
});
|
|
1892
2163
|
defineTable({
|
|
@@ -2219,6 +2490,7 @@ defineTable({
|
|
|
2219
2490
|
"questionType": z.enum(["validation", "falsification", "assumption_probe", "prediction_test", "counterfactual", "discovery", "clarification", "comparison", "causal", "mechanism", "general"]).optional(),
|
|
2220
2491
|
"questionPriority": z.enum(["critical", "high", "medium", "low"]).optional(),
|
|
2221
2492
|
"answerQuality": z.enum(["definitive", "strong", "moderate", "weak", "speculative", "unanswered"]).optional(),
|
|
2493
|
+
"themeStatus": z.enum(["emerging", "active", "mature", "declining", "archived"]).optional(),
|
|
2222
2494
|
"themeConviction": z.enum(["high", "medium", "low", "negative"]).optional(),
|
|
2223
2495
|
"decisionType": z.enum(["invest", "pass", "follow_on", "exit", "deep_dive", "monitor", "deprioritize", "thesis_adopt", "thesis_revise", "thesis_abandon"]).optional(),
|
|
2224
2496
|
"decisionOutcome": z.enum(["pending", "successful", "unsuccessful", "mixed", "unknown"]).optional(),
|
|
@@ -2369,6 +2641,7 @@ defineTable({
|
|
|
2369
2641
|
indices: [
|
|
2370
2642
|
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
2371
2643
|
{ kind: "index", name: "by_principal_tenant", columns: ["principalId", "tenantId"] },
|
|
2644
|
+
{ kind: "index", name: "by_principal_tenant_workspace", columns: ["principalId", "tenantId", "workspaceId"] },
|
|
2372
2645
|
{ kind: "index", name: "by_workspace_principal", columns: ["workspaceId", "principalId"] },
|
|
2373
2646
|
{ kind: "index", name: "by_tenant_role", columns: ["tenantId", "role"] },
|
|
2374
2647
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
@@ -2400,6 +2673,36 @@ defineTable({
|
|
|
2400
2673
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
2401
2674
|
]
|
|
2402
2675
|
});
|
|
2676
|
+
defineTable({
|
|
2677
|
+
name: "principalIdentityAliases",
|
|
2678
|
+
component: "mc",
|
|
2679
|
+
category: "identity",
|
|
2680
|
+
shape: z.object({
|
|
2681
|
+
"principalId": z.string(),
|
|
2682
|
+
"principalRefId": idOf("principals").optional(),
|
|
2683
|
+
"provider": z.string(),
|
|
2684
|
+
"providerProjectId": z.string().optional(),
|
|
2685
|
+
"externalSubjectId": z.string(),
|
|
2686
|
+
"tenantId": idOf("tenants").optional(),
|
|
2687
|
+
"workspaceId": idOf("workspaces").optional(),
|
|
2688
|
+
"email": z.string().optional(),
|
|
2689
|
+
"status": z.enum(["active", "revoked"]),
|
|
2690
|
+
"metadata": z.record(z.any()).optional(),
|
|
2691
|
+
"createdBy": z.string(),
|
|
2692
|
+
"revokedAt": z.number().optional(),
|
|
2693
|
+
"revokedBy": z.string().optional(),
|
|
2694
|
+
"createdAt": z.number(),
|
|
2695
|
+
"updatedAt": z.number()
|
|
2696
|
+
}),
|
|
2697
|
+
indices: [
|
|
2698
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "externalSubjectId"] },
|
|
2699
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "externalSubjectId"] },
|
|
2700
|
+
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
2701
|
+
{ kind: "index", name: "by_principal_status", columns: ["principalId", "status"] },
|
|
2702
|
+
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "externalSubjectId"] },
|
|
2703
|
+
{ kind: "index", name: "by_workspace_provider_subject", columns: ["workspaceId", "provider", "externalSubjectId"] }
|
|
2704
|
+
]
|
|
2705
|
+
});
|
|
2403
2706
|
defineTable({
|
|
2404
2707
|
name: "rateLimitWindows",
|
|
2405
2708
|
component: "mc",
|
|
@@ -2989,7 +3292,7 @@ defineTable({
|
|
|
2989
3292
|
});
|
|
2990
3293
|
defineTable({
|
|
2991
3294
|
name: "mcpWritePolicy",
|
|
2992
|
-
component: "
|
|
3295
|
+
component: "control-plane",
|
|
2993
3296
|
category: "platform",
|
|
2994
3297
|
shape: z.object({
|
|
2995
3298
|
"topicId": z.string().optional(),
|
|
@@ -3012,7 +3315,7 @@ defineTable({
|
|
|
3012
3315
|
});
|
|
3013
3316
|
defineTable({
|
|
3014
3317
|
name: "platformAudienceGrants",
|
|
3015
|
-
component: "
|
|
3318
|
+
component: "control-plane",
|
|
3016
3319
|
category: "platform",
|
|
3017
3320
|
shape: z.object({
|
|
3018
3321
|
"tenantId": z.string(),
|
|
@@ -3038,7 +3341,7 @@ defineTable({
|
|
|
3038
3341
|
});
|
|
3039
3342
|
defineTable({
|
|
3040
3343
|
name: "platformAudiences",
|
|
3041
|
-
component: "
|
|
3344
|
+
component: "control-plane",
|
|
3042
3345
|
category: "platform",
|
|
3043
3346
|
shape: z.object({
|
|
3044
3347
|
"tenantId": z.string(),
|
|
@@ -3063,7 +3366,7 @@ defineTable({
|
|
|
3063
3366
|
});
|
|
3064
3367
|
defineTable({
|
|
3065
3368
|
name: "platformPolicyDecisionLogs",
|
|
3066
|
-
component: "
|
|
3369
|
+
component: "control-plane",
|
|
3067
3370
|
category: "platform",
|
|
3068
3371
|
shape: z.object({
|
|
3069
3372
|
"principalId": z.string(),
|
|
@@ -3099,7 +3402,7 @@ defineTable({
|
|
|
3099
3402
|
});
|
|
3100
3403
|
defineTable({
|
|
3101
3404
|
name: "tenantApiKeys",
|
|
3102
|
-
component: "
|
|
3405
|
+
component: "control-plane",
|
|
3103
3406
|
category: "platform",
|
|
3104
3407
|
shape: z.object({
|
|
3105
3408
|
"tenantId": z.string(),
|
|
@@ -3126,7 +3429,7 @@ defineTable({
|
|
|
3126
3429
|
});
|
|
3127
3430
|
defineTable({
|
|
3128
3431
|
name: "tenantConfig",
|
|
3129
|
-
component: "
|
|
3432
|
+
component: "control-plane",
|
|
3130
3433
|
category: "platform",
|
|
3131
3434
|
shape: z.object({
|
|
3132
3435
|
"tenantId": z.string(),
|
|
@@ -3145,7 +3448,7 @@ defineTable({
|
|
|
3145
3448
|
});
|
|
3146
3449
|
defineTable({
|
|
3147
3450
|
name: "tenantIntegrations",
|
|
3148
|
-
component: "
|
|
3451
|
+
component: "control-plane",
|
|
3149
3452
|
category: "platform",
|
|
3150
3453
|
shape: z.object({
|
|
3151
3454
|
"tenantId": z.string(),
|
|
@@ -3200,7 +3503,7 @@ defineTable({
|
|
|
3200
3503
|
});
|
|
3201
3504
|
defineTable({
|
|
3202
3505
|
name: "tenantModelSlotBindings",
|
|
3203
|
-
component: "
|
|
3506
|
+
component: "control-plane",
|
|
3204
3507
|
category: "platform",
|
|
3205
3508
|
shape: z.object({
|
|
3206
3509
|
"bindingId": z.string(),
|
|
@@ -3228,7 +3531,7 @@ defineTable({
|
|
|
3228
3531
|
});
|
|
3229
3532
|
defineTable({
|
|
3230
3533
|
name: "tenantPolicies",
|
|
3231
|
-
component: "
|
|
3534
|
+
component: "control-plane",
|
|
3232
3535
|
category: "platform",
|
|
3233
3536
|
shape: z.object({
|
|
3234
3537
|
"tenantId": z.string(),
|
|
@@ -3253,7 +3556,7 @@ defineTable({
|
|
|
3253
3556
|
});
|
|
3254
3557
|
defineTable({
|
|
3255
3558
|
name: "tenantProviderSecrets",
|
|
3256
|
-
component: "
|
|
3559
|
+
component: "control-plane",
|
|
3257
3560
|
category: "platform",
|
|
3258
3561
|
shape: z.object({
|
|
3259
3562
|
"secretRef": z.string(),
|
|
@@ -3284,7 +3587,7 @@ defineTable({
|
|
|
3284
3587
|
});
|
|
3285
3588
|
defineTable({
|
|
3286
3589
|
name: "tenantProxyGatewayUsage",
|
|
3287
|
-
component: "
|
|
3590
|
+
component: "control-plane",
|
|
3288
3591
|
category: "platform",
|
|
3289
3592
|
shape: z.object({
|
|
3290
3593
|
"usageId": z.string(),
|
|
@@ -3319,7 +3622,7 @@ defineTable({
|
|
|
3319
3622
|
});
|
|
3320
3623
|
defineTable({
|
|
3321
3624
|
name: "tenantProxyTokenMints",
|
|
3322
|
-
component: "
|
|
3625
|
+
component: "control-plane",
|
|
3323
3626
|
category: "platform",
|
|
3324
3627
|
shape: z.object({
|
|
3325
3628
|
"proxyTokenId": z.string(),
|
|
@@ -3342,7 +3645,7 @@ defineTable({
|
|
|
3342
3645
|
});
|
|
3343
3646
|
defineTable({
|
|
3344
3647
|
name: "tenantSandboxAuditEvents",
|
|
3345
|
-
component: "
|
|
3648
|
+
component: "control-plane",
|
|
3346
3649
|
category: "platform",
|
|
3347
3650
|
shape: z.object({
|
|
3348
3651
|
"eventId": z.string(),
|
|
@@ -3376,7 +3679,7 @@ defineTable({
|
|
|
3376
3679
|
});
|
|
3377
3680
|
defineTable({
|
|
3378
3681
|
name: "tenantSecrets",
|
|
3379
|
-
component: "
|
|
3682
|
+
component: "control-plane",
|
|
3380
3683
|
category: "platform",
|
|
3381
3684
|
shape: z.object({
|
|
3382
3685
|
"tenantId": z.string(),
|
|
@@ -3398,7 +3701,7 @@ defineTable({
|
|
|
3398
3701
|
});
|
|
3399
3702
|
defineTable({
|
|
3400
3703
|
name: "toolAcls",
|
|
3401
|
-
component: "
|
|
3704
|
+
component: "control-plane",
|
|
3402
3705
|
category: "platform",
|
|
3403
3706
|
shape: z.object({
|
|
3404
3707
|
"role": z.enum(["platform_admin", "tenant_admin", "workspace_admin", "editor", "viewer", "auditor", "service_agent"]),
|
|
@@ -3413,7 +3716,7 @@ defineTable({
|
|
|
3413
3716
|
});
|
|
3414
3717
|
defineTable({
|
|
3415
3718
|
name: "toolRegistry",
|
|
3416
|
-
component: "
|
|
3719
|
+
component: "control-plane",
|
|
3417
3720
|
category: "platform",
|
|
3418
3721
|
shape: z.object({
|
|
3419
3722
|
"toolName": z.string(),
|
|
@@ -3494,7 +3797,7 @@ defineTable({
|
|
|
3494
3797
|
});
|
|
3495
3798
|
defineTable({
|
|
3496
3799
|
name: "modelCallLogs",
|
|
3497
|
-
component: "
|
|
3800
|
+
component: "control-plane",
|
|
3498
3801
|
category: "model",
|
|
3499
3802
|
shape: z.object({
|
|
3500
3803
|
"slot": z.string(),
|
|
@@ -3520,7 +3823,7 @@ defineTable({
|
|
|
3520
3823
|
});
|
|
3521
3824
|
defineTable({
|
|
3522
3825
|
name: "modelFunctionSlots",
|
|
3523
|
-
component: "
|
|
3826
|
+
component: "control-plane",
|
|
3524
3827
|
category: "model",
|
|
3525
3828
|
shape: z.object({
|
|
3526
3829
|
"slot": z.string(),
|
|
@@ -3545,7 +3848,7 @@ defineTable({
|
|
|
3545
3848
|
});
|
|
3546
3849
|
defineTable({
|
|
3547
3850
|
name: "modelRegistry",
|
|
3548
|
-
component: "
|
|
3851
|
+
component: "control-plane",
|
|
3549
3852
|
category: "model",
|
|
3550
3853
|
shape: z.object({
|
|
3551
3854
|
"key": z.string(),
|
|
@@ -3572,7 +3875,7 @@ defineTable({
|
|
|
3572
3875
|
});
|
|
3573
3876
|
defineTable({
|
|
3574
3877
|
name: "modelSlotConfigs",
|
|
3575
|
-
component: "
|
|
3878
|
+
component: "control-plane",
|
|
3576
3879
|
category: "model",
|
|
3577
3880
|
shape: z.object({
|
|
3578
3881
|
"slot": z.string(),
|
|
@@ -3959,7 +4262,7 @@ defineTable({
|
|
|
3959
4262
|
"workspaceId": idOf("workspaces").optional(),
|
|
3960
4263
|
"resourceType": z.string(),
|
|
3961
4264
|
"resourceId": z.string(),
|
|
3962
|
-
"action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote"]),
|
|
4265
|
+
"action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote", "route", "invoke", "manage", "deploy", "promote", "rollback", "audit", "read_ref", "fetch_value", "rotate", "administer", "mint", "delegate", "revoke"]),
|
|
3963
4266
|
"decision": z.enum(["allow", "deny"]),
|
|
3964
4267
|
"reasonCode": z.string(),
|
|
3965
4268
|
"policyVersion": z.string(),
|
|
@@ -4021,7 +4324,7 @@ defineTable({
|
|
|
4021
4324
|
});
|
|
4022
4325
|
defineTable({
|
|
4023
4326
|
name: "projectGrants",
|
|
4024
|
-
component: "
|
|
4327
|
+
component: "control-plane",
|
|
4025
4328
|
category: "project",
|
|
4026
4329
|
shape: z.object({
|
|
4027
4330
|
"projectId": z.string().optional(),
|
|
@@ -4053,66 +4356,710 @@ defineTable({
|
|
|
4053
4356
|
{ kind: "index", name: "by_topic_cluster_status", columns: ["topicId", "beliefClusterId", "status"] }
|
|
4054
4357
|
]
|
|
4055
4358
|
});
|
|
4359
|
+
var permitActorType = z.enum([
|
|
4360
|
+
"human",
|
|
4361
|
+
"agent",
|
|
4362
|
+
"service_principal",
|
|
4363
|
+
"external_stakeholder",
|
|
4364
|
+
"system"
|
|
4365
|
+
]);
|
|
4366
|
+
var permitMembershipStatus = z.enum([
|
|
4367
|
+
"active",
|
|
4368
|
+
"invited",
|
|
4369
|
+
"revoked",
|
|
4370
|
+
"suspended",
|
|
4371
|
+
"disabled"
|
|
4372
|
+
]);
|
|
4373
|
+
var permitDecision = z.enum(["allow", "deny"]);
|
|
4374
|
+
var permitAccessReviewStatus = z.enum([
|
|
4375
|
+
"open",
|
|
4376
|
+
"in_progress",
|
|
4377
|
+
"approved",
|
|
4378
|
+
"denied",
|
|
4379
|
+
"expired",
|
|
4380
|
+
"cancelled"
|
|
4381
|
+
]);
|
|
4382
|
+
var permitReviewScope = z.enum([
|
|
4383
|
+
"tenant",
|
|
4384
|
+
"workspace",
|
|
4385
|
+
"resource_instance",
|
|
4386
|
+
"group",
|
|
4387
|
+
"principal",
|
|
4388
|
+
"api_key",
|
|
4389
|
+
"admin_action"
|
|
4390
|
+
]);
|
|
4391
|
+
var permitRecordStatus = z.enum([
|
|
4392
|
+
"queued",
|
|
4393
|
+
"inflight",
|
|
4394
|
+
"completed",
|
|
4395
|
+
"failed",
|
|
4396
|
+
"skipped",
|
|
4397
|
+
"stale"
|
|
4398
|
+
]);
|
|
4399
|
+
var permitObjectType = z.enum([
|
|
4400
|
+
"resource",
|
|
4401
|
+
"role",
|
|
4402
|
+
"resource_role",
|
|
4403
|
+
"resource_relation",
|
|
4404
|
+
"tenant",
|
|
4405
|
+
"workspace",
|
|
4406
|
+
"principal",
|
|
4407
|
+
"membership",
|
|
4408
|
+
"group",
|
|
4409
|
+
"resource_instance",
|
|
4410
|
+
"relationship_tuple",
|
|
4411
|
+
"role_assignment",
|
|
4412
|
+
"attribute_binding",
|
|
4413
|
+
"policy_bundle"
|
|
4414
|
+
]);
|
|
4415
|
+
var permitOutboxOperation = z.enum([
|
|
4416
|
+
"upsert",
|
|
4417
|
+
"delete",
|
|
4418
|
+
"sync",
|
|
4419
|
+
"resync",
|
|
4420
|
+
"delete_sync",
|
|
4421
|
+
"noop"
|
|
4422
|
+
]);
|
|
4423
|
+
var permitPolicyBundleStatus = z.enum([
|
|
4424
|
+
"draft",
|
|
4425
|
+
"validated",
|
|
4426
|
+
"enforced",
|
|
4427
|
+
"archived"
|
|
4428
|
+
]);
|
|
4429
|
+
var permitSyncStatus = z.enum([
|
|
4430
|
+
"pending",
|
|
4431
|
+
"synced",
|
|
4432
|
+
"error",
|
|
4433
|
+
"skipped"
|
|
4434
|
+
]);
|
|
4435
|
+
var permitAccessReviewSubjectType = z.enum([
|
|
4436
|
+
"principal",
|
|
4437
|
+
"group",
|
|
4438
|
+
"role_assignment",
|
|
4439
|
+
"resource_instance"
|
|
4440
|
+
]);
|
|
4441
|
+
var permitAttributeType = z.enum([
|
|
4442
|
+
"string",
|
|
4443
|
+
"number",
|
|
4444
|
+
"bool",
|
|
4445
|
+
"json",
|
|
4446
|
+
"time"
|
|
4447
|
+
]);
|
|
4448
|
+
var permitAttributeOperator = z.enum([
|
|
4449
|
+
"eq",
|
|
4450
|
+
"neq",
|
|
4451
|
+
"in",
|
|
4452
|
+
"not_in",
|
|
4453
|
+
"gt",
|
|
4454
|
+
"gte",
|
|
4455
|
+
"lt",
|
|
4456
|
+
"lte",
|
|
4457
|
+
"contains",
|
|
4458
|
+
"not_contains",
|
|
4459
|
+
"matches"
|
|
4460
|
+
]);
|
|
4461
|
+
var permitRoleBindingTarget = z.enum([
|
|
4462
|
+
"principal",
|
|
4463
|
+
"group"
|
|
4464
|
+
]);
|
|
4056
4465
|
defineTable({
|
|
4057
|
-
name: "
|
|
4058
|
-
component: "
|
|
4059
|
-
category: "
|
|
4466
|
+
name: "permitPrincipals",
|
|
4467
|
+
component: "control-plane",
|
|
4468
|
+
category: "access-control",
|
|
4060
4469
|
shape: z.object({
|
|
4061
|
-
|
|
4062
|
-
|
|
4063
|
-
|
|
4064
|
-
|
|
4065
|
-
|
|
4066
|
-
|
|
4067
|
-
|
|
4068
|
-
|
|
4069
|
-
|
|
4070
|
-
|
|
4071
|
-
|
|
4470
|
+
principalId: z.string(),
|
|
4471
|
+
tenantId: z.string(),
|
|
4472
|
+
workspaceId: z.optional(z.string()),
|
|
4473
|
+
principalType: permitActorType,
|
|
4474
|
+
status: permitMembershipStatus,
|
|
4475
|
+
displayName: z.string().optional(),
|
|
4476
|
+
metadata: z.record(z.any()).optional(),
|
|
4477
|
+
createdBy: z.string(),
|
|
4478
|
+
createdAt: z.number(),
|
|
4479
|
+
updatedAt: z.number(),
|
|
4480
|
+
updatedBy: z.string().optional(),
|
|
4481
|
+
lastSeenAt: z.number().optional()
|
|
4072
4482
|
}),
|
|
4073
4483
|
indices: [
|
|
4074
|
-
{ kind: "index", name: "
|
|
4075
|
-
{ kind: "index", name: "
|
|
4076
|
-
{ kind: "index", name: "
|
|
4077
|
-
{ kind: "index", name: "
|
|
4484
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4485
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4486
|
+
{ kind: "index", name: "by_tenant_principalId", columns: ["tenantId", "principalId"] },
|
|
4487
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4488
|
+
{
|
|
4489
|
+
kind: "index",
|
|
4490
|
+
name: "by_tenant_principalType_status",
|
|
4491
|
+
columns: ["tenantId", "principalType", "status"]
|
|
4492
|
+
}
|
|
4078
4493
|
]
|
|
4079
4494
|
});
|
|
4080
4495
|
defineTable({
|
|
4081
|
-
name: "
|
|
4082
|
-
component: "
|
|
4083
|
-
category: "
|
|
4496
|
+
name: "permitPrincipalAliases",
|
|
4497
|
+
component: "control-plane",
|
|
4498
|
+
category: "access-control",
|
|
4084
4499
|
shape: z.object({
|
|
4085
|
-
|
|
4086
|
-
|
|
4087
|
-
|
|
4088
|
-
|
|
4089
|
-
|
|
4090
|
-
|
|
4091
|
-
|
|
4092
|
-
|
|
4093
|
-
|
|
4094
|
-
|
|
4095
|
-
|
|
4096
|
-
|
|
4097
|
-
|
|
4500
|
+
principalId: z.string(),
|
|
4501
|
+
tenantId: z.string(),
|
|
4502
|
+
workspaceId: z.optional(z.string()),
|
|
4503
|
+
provider: z.string(),
|
|
4504
|
+
providerSubjectId: z.string(),
|
|
4505
|
+
providerProjectId: z.string().optional(),
|
|
4506
|
+
alias: z.string(),
|
|
4507
|
+
aliasKind: z.string(),
|
|
4508
|
+
status: permitMembershipStatus,
|
|
4509
|
+
metadata: z.record(z.any()).optional(),
|
|
4510
|
+
createdBy: z.string(),
|
|
4511
|
+
createdAt: z.number(),
|
|
4512
|
+
updatedAt: z.number(),
|
|
4513
|
+
revokedBy: z.string().optional(),
|
|
4514
|
+
revokedAt: z.number().optional(),
|
|
4515
|
+
updatedBy: z.string().optional()
|
|
4098
4516
|
}),
|
|
4099
4517
|
indices: [
|
|
4100
|
-
{ kind: "index", name: "
|
|
4101
|
-
{ kind: "index", name: "
|
|
4102
|
-
{ kind: "index", name: "
|
|
4518
|
+
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
4519
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "providerSubjectId"] },
|
|
4520
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "providerSubjectId"] },
|
|
4521
|
+
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
|
|
4522
|
+
{ kind: "index", name: "by_tenant_provider_project_subject", columns: ["tenantId", "provider", "providerProjectId", "providerSubjectId"] },
|
|
4523
|
+
{
|
|
4524
|
+
kind: "index",
|
|
4525
|
+
name: "by_tenant_provider_alias",
|
|
4526
|
+
columns: ["tenantId", "provider", "alias"]
|
|
4527
|
+
},
|
|
4528
|
+
{ kind: "index", name: "by_tenant_alias", columns: ["tenantId", "alias"] },
|
|
4529
|
+
{
|
|
4530
|
+
kind: "index",
|
|
4531
|
+
name: "by_tenant_provider_status",
|
|
4532
|
+
columns: ["tenantId", "provider", "status"]
|
|
4533
|
+
}
|
|
4103
4534
|
]
|
|
4104
4535
|
});
|
|
4105
4536
|
defineTable({
|
|
4106
|
-
name: "
|
|
4107
|
-
component: "
|
|
4108
|
-
category: "
|
|
4537
|
+
name: "permitGroups",
|
|
4538
|
+
component: "control-plane",
|
|
4539
|
+
category: "access-control",
|
|
4109
4540
|
shape: z.object({
|
|
4110
|
-
|
|
4111
|
-
|
|
4112
|
-
|
|
4113
|
-
|
|
4114
|
-
|
|
4115
|
-
|
|
4541
|
+
tenantId: z.string(),
|
|
4542
|
+
workspaceId: z.optional(z.string()),
|
|
4543
|
+
groupId: z.string(),
|
|
4544
|
+
groupKey: z.string(),
|
|
4545
|
+
groupName: z.string(),
|
|
4546
|
+
groupType: z.enum(["tenant", "workspace", "external", "system", "dynamic"]),
|
|
4547
|
+
status: permitMembershipStatus,
|
|
4548
|
+
description: z.string().optional(),
|
|
4549
|
+
metadata: z.record(z.any()).optional(),
|
|
4550
|
+
createdBy: z.string(),
|
|
4551
|
+
createdAt: z.number(),
|
|
4552
|
+
updatedAt: z.number(),
|
|
4553
|
+
updatedBy: z.string().optional()
|
|
4554
|
+
}),
|
|
4555
|
+
indices: [
|
|
4556
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4557
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4558
|
+
{ kind: "index", name: "by_tenant_groupId", columns: ["tenantId", "groupId"] },
|
|
4559
|
+
{ kind: "index", name: "by_tenant_groupKey", columns: ["tenantId", "groupKey"] },
|
|
4560
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4561
|
+
]
|
|
4562
|
+
});
|
|
4563
|
+
defineTable({
|
|
4564
|
+
name: "permitGroupMemberships",
|
|
4565
|
+
component: "control-plane",
|
|
4566
|
+
category: "access-control",
|
|
4567
|
+
shape: z.object({
|
|
4568
|
+
tenantId: z.string(),
|
|
4569
|
+
workspaceId: z.optional(z.string()),
|
|
4570
|
+
groupId: z.string(),
|
|
4571
|
+
memberType: z.enum(["principal", "group"]),
|
|
4572
|
+
memberId: z.string(),
|
|
4573
|
+
principalId: z.string().optional(),
|
|
4574
|
+
childGroupId: z.string().optional(),
|
|
4575
|
+
status: permitMembershipStatus,
|
|
4576
|
+
addedBy: z.string().optional(),
|
|
4577
|
+
revokedBy: z.string().optional(),
|
|
4578
|
+
expiresAt: z.number().optional(),
|
|
4579
|
+
revocationReason: z.string().optional(),
|
|
4580
|
+
metadata: z.record(z.any()).optional(),
|
|
4581
|
+
createdAt: z.number(),
|
|
4582
|
+
updatedAt: z.number(),
|
|
4583
|
+
updatedBy: z.string().optional()
|
|
4584
|
+
}),
|
|
4585
|
+
indices: [
|
|
4586
|
+
{ kind: "index", name: "by_tenant_principal", columns: ["tenantId", "principalId"] },
|
|
4587
|
+
{ kind: "index", name: "by_tenant_member", columns: ["tenantId", "memberType", "memberId"] },
|
|
4588
|
+
{
|
|
4589
|
+
kind: "index",
|
|
4590
|
+
name: "by_tenant_member_group",
|
|
4591
|
+
columns: ["tenantId", "memberType", "memberId", "groupId"]
|
|
4592
|
+
},
|
|
4593
|
+
{ kind: "index", name: "by_tenant_group", columns: ["tenantId", "groupId"] },
|
|
4594
|
+
{ kind: "index", name: "by_member_group", columns: ["memberType", "memberId", "groupId"] },
|
|
4595
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4596
|
+
{
|
|
4597
|
+
kind: "index",
|
|
4598
|
+
name: "by_workspace_principal",
|
|
4599
|
+
columns: ["workspaceId", "principalId"]
|
|
4600
|
+
}
|
|
4601
|
+
]
|
|
4602
|
+
});
|
|
4603
|
+
defineTable({
|
|
4604
|
+
name: "permitResourceInstances",
|
|
4605
|
+
component: "control-plane",
|
|
4606
|
+
category: "access-control",
|
|
4607
|
+
shape: z.object({
|
|
4608
|
+
tenantId: z.string(),
|
|
4609
|
+
workspaceId: z.optional(z.string()),
|
|
4610
|
+
resourceType: z.string(),
|
|
4611
|
+
resourceKey: z.string(),
|
|
4612
|
+
resourceId: z.string(),
|
|
4613
|
+
status: z.enum(["active", "deleted", "archived"]),
|
|
4614
|
+
attributes: z.record(z.any()).optional(),
|
|
4615
|
+
ownerPrincipalId: z.string().optional(),
|
|
4616
|
+
metadata: z.record(z.any()).optional(),
|
|
4617
|
+
createdBy: z.string(),
|
|
4618
|
+
updatedBy: z.string().optional(),
|
|
4619
|
+
createdAt: z.number(),
|
|
4620
|
+
updatedAt: z.number()
|
|
4621
|
+
}),
|
|
4622
|
+
indices: [
|
|
4623
|
+
{
|
|
4624
|
+
kind: "index",
|
|
4625
|
+
name: "by_tenant_resource_type",
|
|
4626
|
+
columns: ["tenantId", "resourceType"]
|
|
4627
|
+
},
|
|
4628
|
+
{
|
|
4629
|
+
kind: "index",
|
|
4630
|
+
name: "by_tenant_resource_key",
|
|
4631
|
+
columns: ["tenantId", "resourceType", "resourceKey"]
|
|
4632
|
+
},
|
|
4633
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4634
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4635
|
+
{
|
|
4636
|
+
kind: "index",
|
|
4637
|
+
name: "by_tenant_status",
|
|
4638
|
+
columns: ["tenantId", "status"]
|
|
4639
|
+
},
|
|
4640
|
+
{
|
|
4641
|
+
kind: "index",
|
|
4642
|
+
name: "by_ownerPrincipalId",
|
|
4643
|
+
columns: ["ownerPrincipalId"]
|
|
4644
|
+
}
|
|
4645
|
+
]
|
|
4646
|
+
});
|
|
4647
|
+
defineTable({
|
|
4648
|
+
name: "permitRoleAssignments",
|
|
4649
|
+
component: "control-plane",
|
|
4650
|
+
category: "access-control",
|
|
4651
|
+
shape: z.object({
|
|
4652
|
+
tenantId: z.string(),
|
|
4653
|
+
workspaceId: z.optional(z.string()),
|
|
4654
|
+
role: z.string(),
|
|
4655
|
+
targetType: permitRoleBindingTarget,
|
|
4656
|
+
targetId: z.string(),
|
|
4657
|
+
resourceType: z.string(),
|
|
4658
|
+
resourceKey: z.string(),
|
|
4659
|
+
resourceInstanceId: z.string().optional(),
|
|
4660
|
+
status: permitMembershipStatus,
|
|
4661
|
+
expiresAt: z.number().optional(),
|
|
4662
|
+
attributes: z.record(z.any()).optional(),
|
|
4663
|
+
grantedBy: z.string().optional(),
|
|
4664
|
+
updatedBy: z.string().optional(),
|
|
4665
|
+
revokedBy: z.string().optional(),
|
|
4666
|
+
createdAt: z.number(),
|
|
4667
|
+
updatedAt: z.number()
|
|
4668
|
+
}),
|
|
4669
|
+
indices: [
|
|
4670
|
+
{
|
|
4671
|
+
kind: "index",
|
|
4672
|
+
name: "by_tenant_target",
|
|
4673
|
+
columns: ["tenantId", "targetType", "targetId"]
|
|
4674
|
+
},
|
|
4675
|
+
{
|
|
4676
|
+
kind: "index",
|
|
4677
|
+
name: "by_tenant_resource",
|
|
4678
|
+
columns: ["tenantId", "resourceType", "resourceKey"]
|
|
4679
|
+
},
|
|
4680
|
+
{
|
|
4681
|
+
kind: "index",
|
|
4682
|
+
name: "by_tenant_role",
|
|
4683
|
+
columns: ["tenantId", "role", "status"]
|
|
4684
|
+
},
|
|
4685
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4686
|
+
{
|
|
4687
|
+
kind: "index",
|
|
4688
|
+
name: "by_workspace_resource",
|
|
4689
|
+
columns: ["workspaceId", "resourceType", "resourceKey"]
|
|
4690
|
+
}
|
|
4691
|
+
]
|
|
4692
|
+
});
|
|
4693
|
+
defineTable({
|
|
4694
|
+
name: "permitRelationshipTuples",
|
|
4695
|
+
component: "control-plane",
|
|
4696
|
+
category: "access-control",
|
|
4697
|
+
shape: z.object({
|
|
4698
|
+
tenantId: z.string(),
|
|
4699
|
+
workspaceId: z.optional(z.string()),
|
|
4700
|
+
relation: z.string(),
|
|
4701
|
+
subject: z.string(),
|
|
4702
|
+
object: z.string(),
|
|
4703
|
+
resourceType: z.string().optional(),
|
|
4704
|
+
resourceKey: z.string().optional(),
|
|
4705
|
+
status: permitRecordStatus,
|
|
4706
|
+
attributes: z.record(z.any()).optional(),
|
|
4707
|
+
createdBy: z.string(),
|
|
4708
|
+
createdAt: z.number(),
|
|
4709
|
+
updatedAt: z.number(),
|
|
4710
|
+
lastSeenAt: z.number().optional(),
|
|
4711
|
+
updatedBy: z.string().optional()
|
|
4712
|
+
}),
|
|
4713
|
+
indices: [
|
|
4714
|
+
{ kind: "index", name: "by_tenant_subject", columns: ["tenantId", "subject"] },
|
|
4715
|
+
{ kind: "index", name: "by_tenant_object", columns: ["tenantId", "object"] },
|
|
4716
|
+
{ kind: "index", name: "by_tenant_relation", columns: ["tenantId", "relation"] },
|
|
4717
|
+
{
|
|
4718
|
+
kind: "index",
|
|
4719
|
+
name: "by_tenant_relation_subject",
|
|
4720
|
+
columns: ["tenantId", "relation", "subject"]
|
|
4721
|
+
},
|
|
4722
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4723
|
+
]
|
|
4724
|
+
});
|
|
4725
|
+
defineTable({
|
|
4726
|
+
name: "permitAttributeBindings",
|
|
4727
|
+
component: "control-plane",
|
|
4728
|
+
category: "access-control",
|
|
4729
|
+
shape: z.object({
|
|
4730
|
+
tenantId: z.string(),
|
|
4731
|
+
workspaceId: z.optional(z.string()),
|
|
4732
|
+
targetType: permitRoleBindingTarget,
|
|
4733
|
+
targetId: z.string(),
|
|
4734
|
+
attributeName: z.string(),
|
|
4735
|
+
attributeType: permitAttributeType,
|
|
4736
|
+
attributeOperator: permitAttributeOperator,
|
|
4737
|
+
attributeValue: z.any(),
|
|
4738
|
+
status: permitRecordStatus,
|
|
4739
|
+
source: z.string().optional(),
|
|
4740
|
+
sourceRef: z.string().optional(),
|
|
4741
|
+
metadata: z.record(z.any()).optional(),
|
|
4742
|
+
createdAt: z.number(),
|
|
4743
|
+
updatedAt: z.number(),
|
|
4744
|
+
createdBy: z.string(),
|
|
4745
|
+
updatedBy: z.string().optional(),
|
|
4746
|
+
expiresAt: z.number().optional()
|
|
4747
|
+
}),
|
|
4748
|
+
indices: [
|
|
4749
|
+
{
|
|
4750
|
+
kind: "index",
|
|
4751
|
+
name: "by_tenant_target",
|
|
4752
|
+
columns: ["tenantId", "targetType", "targetId"]
|
|
4753
|
+
},
|
|
4754
|
+
{
|
|
4755
|
+
kind: "index",
|
|
4756
|
+
name: "by_tenant_target_attribute",
|
|
4757
|
+
columns: ["tenantId", "targetType", "targetId", "attributeName"]
|
|
4758
|
+
},
|
|
4759
|
+
{
|
|
4760
|
+
kind: "index",
|
|
4761
|
+
name: "by_tenant_name",
|
|
4762
|
+
columns: ["tenantId", "attributeName"]
|
|
4763
|
+
},
|
|
4764
|
+
{
|
|
4765
|
+
kind: "index",
|
|
4766
|
+
name: "by_tenant_status",
|
|
4767
|
+
columns: ["tenantId", "status"]
|
|
4768
|
+
}
|
|
4769
|
+
]
|
|
4770
|
+
});
|
|
4771
|
+
defineTable({
|
|
4772
|
+
name: "permitPolicyBundles",
|
|
4773
|
+
component: "control-plane",
|
|
4774
|
+
category: "access-control",
|
|
4775
|
+
shape: z.object({
|
|
4776
|
+
tenantId: z.string(),
|
|
4777
|
+
workspaceId: z.optional(z.string()),
|
|
4778
|
+
bundleKey: z.string(),
|
|
4779
|
+
version: z.number(),
|
|
4780
|
+
status: permitPolicyBundleStatus,
|
|
4781
|
+
policyHash: z.string().optional(),
|
|
4782
|
+
policyPayload: z.record(z.any()),
|
|
4783
|
+
metadata: z.record(z.any()).optional(),
|
|
4784
|
+
createdBy: z.string(),
|
|
4785
|
+
reviewedBy: z.string().optional(),
|
|
4786
|
+
createdAt: z.number(),
|
|
4787
|
+
updatedAt: z.number(),
|
|
4788
|
+
retiredAt: z.number().optional()
|
|
4789
|
+
}),
|
|
4790
|
+
indices: [
|
|
4791
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4792
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4793
|
+
{
|
|
4794
|
+
kind: "index",
|
|
4795
|
+
name: "by_tenant_bundleKey",
|
|
4796
|
+
columns: ["tenantId", "bundleKey"]
|
|
4797
|
+
},
|
|
4798
|
+
{
|
|
4799
|
+
kind: "index",
|
|
4800
|
+
name: "by_tenant_bundle_version",
|
|
4801
|
+
columns: ["tenantId", "bundleKey", "version"]
|
|
4802
|
+
},
|
|
4803
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4804
|
+
]
|
|
4805
|
+
});
|
|
4806
|
+
defineTable({
|
|
4807
|
+
name: "permitProjectionOutbox",
|
|
4808
|
+
component: "control-plane",
|
|
4809
|
+
category: "access-control",
|
|
4810
|
+
shape: z.object({
|
|
4811
|
+
syncKey: z.string(),
|
|
4812
|
+
objectType: permitObjectType,
|
|
4813
|
+
objectId: z.string(),
|
|
4814
|
+
operation: permitOutboxOperation,
|
|
4815
|
+
payload: z.record(z.any()),
|
|
4816
|
+
status: permitRecordStatus,
|
|
4817
|
+
attemptCount: z.number(),
|
|
4818
|
+
nextAttemptAt: z.number().optional(),
|
|
4819
|
+
lastError: z.string().optional(),
|
|
4820
|
+
tenantId: z.string().optional(),
|
|
4821
|
+
workspaceId: z.optional(z.string()),
|
|
4822
|
+
principalId: z.string().optional(),
|
|
4823
|
+
permitTenantKey: z.string().optional(),
|
|
4824
|
+
permitResourceType: z.string().optional(),
|
|
4825
|
+
permitResourceKey: z.string().optional(),
|
|
4826
|
+
createdAt: z.number(),
|
|
4827
|
+
updatedAt: z.number(),
|
|
4828
|
+
lastHandledAt: z.number().optional()
|
|
4829
|
+
}),
|
|
4830
|
+
indices: [
|
|
4831
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
4832
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4833
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4834
|
+
{
|
|
4835
|
+
kind: "index",
|
|
4836
|
+
name: "by_tenant_status",
|
|
4837
|
+
columns: ["tenantId", "status"]
|
|
4838
|
+
},
|
|
4839
|
+
{
|
|
4840
|
+
kind: "index",
|
|
4841
|
+
name: "by_objectType",
|
|
4842
|
+
columns: ["objectType", "status"]
|
|
4843
|
+
}
|
|
4844
|
+
]
|
|
4845
|
+
});
|
|
4846
|
+
defineTable({
|
|
4847
|
+
name: "tenantPermitSyncStates",
|
|
4848
|
+
component: "control-plane",
|
|
4849
|
+
category: "access-control",
|
|
4850
|
+
shape: z.object({
|
|
4851
|
+
syncKey: z.string(),
|
|
4852
|
+
objectType: permitObjectType,
|
|
4853
|
+
objectId: z.string(),
|
|
4854
|
+
tenantId: z.string().optional(),
|
|
4855
|
+
workspaceId: z.string().optional(),
|
|
4856
|
+
principalId: z.string().optional(),
|
|
4857
|
+
permitTenantKey: z.string().optional(),
|
|
4858
|
+
permitResourceType: z.string().optional(),
|
|
4859
|
+
permitResourceKey: z.string().optional(),
|
|
4860
|
+
desiredPayload: z.record(z.any()),
|
|
4861
|
+
lastAppliedPayloadHash: z.string().optional(),
|
|
4862
|
+
status: permitSyncStatus,
|
|
4863
|
+
attemptCount: z.number(),
|
|
4864
|
+
lastError: z.string().optional(),
|
|
4865
|
+
nextAttemptAt: z.number().optional(),
|
|
4866
|
+
lastSyncedAt: z.number().optional(),
|
|
4867
|
+
createdBy: z.string(),
|
|
4868
|
+
updatedBy: z.string().optional(),
|
|
4869
|
+
createdAt: z.number(),
|
|
4870
|
+
updatedAt: z.number()
|
|
4871
|
+
}),
|
|
4872
|
+
indices: [
|
|
4873
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
4874
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4875
|
+
{
|
|
4876
|
+
kind: "index",
|
|
4877
|
+
name: "by_tenant_status",
|
|
4878
|
+
columns: ["tenantId", "status"]
|
|
4879
|
+
},
|
|
4880
|
+
{
|
|
4881
|
+
kind: "index",
|
|
4882
|
+
name: "by_workspace_status",
|
|
4883
|
+
columns: ["workspaceId", "status"]
|
|
4884
|
+
},
|
|
4885
|
+
{
|
|
4886
|
+
kind: "index",
|
|
4887
|
+
name: "by_principal_status",
|
|
4888
|
+
columns: ["principalId", "status"]
|
|
4889
|
+
}
|
|
4890
|
+
]
|
|
4891
|
+
});
|
|
4892
|
+
defineTable({
|
|
4893
|
+
name: "permitPolicyDecisionReceipts",
|
|
4894
|
+
component: "control-plane",
|
|
4895
|
+
category: "access-control",
|
|
4896
|
+
shape: z.object({
|
|
4897
|
+
tenantId: z.string().optional(),
|
|
4898
|
+
workspaceId: z.string().optional(),
|
|
4899
|
+
principalId: z.string(),
|
|
4900
|
+
subjectType: permitAccessReviewSubjectType.optional(),
|
|
4901
|
+
subjectId: z.string().optional(),
|
|
4902
|
+
resourceType: z.string(),
|
|
4903
|
+
resourceId: z.string(),
|
|
4904
|
+
action: z.string(),
|
|
4905
|
+
decision: permitDecision,
|
|
4906
|
+
reasonCode: z.string(),
|
|
4907
|
+
policyBundleId: z.string().optional(),
|
|
4908
|
+
policyVersion: z.string(),
|
|
4909
|
+
traceId: z.string().optional(),
|
|
4910
|
+
requestId: z.string().optional(),
|
|
4911
|
+
audienceMode: z.string().optional(),
|
|
4912
|
+
audienceKey: z.string().optional(),
|
|
4913
|
+
audienceClass: z.enum(["internal", "restricted_external", "public"]).optional(),
|
|
4914
|
+
metadata: z.record(z.any()).optional(),
|
|
4915
|
+
createdAt: z.number(),
|
|
4916
|
+
expiresAt: z.number().optional(),
|
|
4917
|
+
createdBy: z.string().optional()
|
|
4918
|
+
}),
|
|
4919
|
+
indices: [
|
|
4920
|
+
{ kind: "index", name: "by_principal_createdAt", columns: ["principalId", "createdAt"] },
|
|
4921
|
+
{ kind: "index", name: "by_tenant_createdAt", columns: ["tenantId", "createdAt"] },
|
|
4922
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId"] },
|
|
4923
|
+
{ kind: "index", name: "by_decision_createdAt", columns: ["decision", "createdAt"] },
|
|
4924
|
+
{ kind: "index", name: "by_traceId", columns: ["traceId"] },
|
|
4925
|
+
{ kind: "index", name: "by_action", columns: ["action"] }
|
|
4926
|
+
]
|
|
4927
|
+
});
|
|
4928
|
+
defineTable({
|
|
4929
|
+
name: "permitAccessReviews",
|
|
4930
|
+
component: "control-plane",
|
|
4931
|
+
category: "access-control",
|
|
4932
|
+
shape: z.object({
|
|
4933
|
+
tenantId: z.string(),
|
|
4934
|
+
workspaceId: z.optional(z.string()),
|
|
4935
|
+
reviewKey: z.string(),
|
|
4936
|
+
scope: permitReviewScope,
|
|
4937
|
+
status: permitAccessReviewStatus,
|
|
4938
|
+
subjectType: permitAccessReviewSubjectType,
|
|
4939
|
+
subjectId: z.string(),
|
|
4940
|
+
resourceType: z.string().optional(),
|
|
4941
|
+
resourceKey: z.string().optional(),
|
|
4942
|
+
outcome: z.enum(["allow", "deny"]).optional(),
|
|
4943
|
+
requestedBy: z.string(),
|
|
4944
|
+
reviewedBy: z.string().optional(),
|
|
4945
|
+
requestedAt: z.number(),
|
|
4946
|
+
reviewedAt: z.number().optional(),
|
|
4947
|
+
dueAt: z.number().optional(),
|
|
4948
|
+
justification: z.string().optional(),
|
|
4949
|
+
rationale: z.string().optional(),
|
|
4950
|
+
policyBundleId: z.string().optional(),
|
|
4951
|
+
metadata: z.record(z.any()).optional(),
|
|
4952
|
+
createdAt: z.number(),
|
|
4953
|
+
updatedAt: z.number()
|
|
4954
|
+
}),
|
|
4955
|
+
indices: [
|
|
4956
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4957
|
+
{ kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
|
|
4958
|
+
{ kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
|
|
4959
|
+
{
|
|
4960
|
+
kind: "index",
|
|
4961
|
+
name: "by_tenant_subject",
|
|
4962
|
+
columns: ["tenantId", "subjectType", "subjectId"]
|
|
4963
|
+
},
|
|
4964
|
+
{ kind: "index", name: "by_outcome", columns: ["outcome"] },
|
|
4965
|
+
{
|
|
4966
|
+
kind: "index",
|
|
4967
|
+
name: "by_workspace_status",
|
|
4968
|
+
columns: ["workspaceId", "status"]
|
|
4969
|
+
}
|
|
4970
|
+
]
|
|
4971
|
+
});
|
|
4972
|
+
defineTable({
|
|
4973
|
+
name: "permitAccessReviewItems",
|
|
4974
|
+
component: "control-plane",
|
|
4975
|
+
category: "access-control",
|
|
4976
|
+
shape: z.object({
|
|
4977
|
+
reviewKey: z.string(),
|
|
4978
|
+
itemKey: z.string(),
|
|
4979
|
+
tenantId: z.string(),
|
|
4980
|
+
workspaceId: z.string().optional(),
|
|
4981
|
+
subjectType: permitAccessReviewSubjectType,
|
|
4982
|
+
subjectId: z.string(),
|
|
4983
|
+
resourceType: z.string().optional(),
|
|
4984
|
+
resourceKey: z.string().optional(),
|
|
4985
|
+
role: z.string().optional(),
|
|
4986
|
+
relation: z.string().optional(),
|
|
4987
|
+
status: z.enum(["open", "approved", "revoked", "changed", "deferred"]),
|
|
4988
|
+
reviewerId: z.string().optional(),
|
|
4989
|
+
decisionAt: z.number().optional(),
|
|
4990
|
+
rationale: z.string().optional(),
|
|
4991
|
+
metadata: z.record(z.any()).optional(),
|
|
4992
|
+
createdAt: z.number(),
|
|
4993
|
+
updatedAt: z.number()
|
|
4994
|
+
}),
|
|
4995
|
+
indices: [
|
|
4996
|
+
{ kind: "index", name: "by_reviewKey", columns: ["reviewKey"] },
|
|
4997
|
+
{ kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
|
|
4998
|
+
{ kind: "index", name: "by_tenant_itemKey", columns: ["tenantId", "itemKey"] },
|
|
4999
|
+
{ kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
|
|
5000
|
+
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
5001
|
+
]
|
|
5002
|
+
});
|
|
5003
|
+
defineTable({
|
|
5004
|
+
name: "reasoningPermissions",
|
|
5005
|
+
component: "control-plane",
|
|
5006
|
+
category: "epistemic",
|
|
5007
|
+
shape: z.object({
|
|
5008
|
+
"topicId": z.string().optional(),
|
|
5009
|
+
"principalId": z.string(),
|
|
5010
|
+
"nodeType": z.enum(["belief", "evidence", "action", "approval", "artifact"]),
|
|
5011
|
+
"action": z.enum(["view_conclusion", "view_evidence", "propose_action", "approve_action", "view_derived_artifact"]),
|
|
5012
|
+
"effect": z.enum(["allow", "deny"]),
|
|
5013
|
+
"policyReference": z.string().optional(),
|
|
5014
|
+
"rationale": z.string().optional(),
|
|
5015
|
+
"metadata": z.record(z.any()).optional(),
|
|
5016
|
+
"createdAt": z.number(),
|
|
5017
|
+
"createdBy": z.string(),
|
|
5018
|
+
"updatedAt": z.number()
|
|
5019
|
+
}),
|
|
5020
|
+
indices: [
|
|
5021
|
+
{ kind: "index", name: "by_topic_principal", columns: ["topicId", "principalId"] },
|
|
5022
|
+
{ kind: "index", name: "by_topic_principal_action", columns: ["topicId", "principalId", "action"] },
|
|
5023
|
+
{ kind: "index", name: "by_topic_principal_node_action", columns: ["topicId", "principalId", "nodeType", "action"] },
|
|
5024
|
+
{ kind: "index", name: "by_principal_action", columns: ["principalId", "action"] }
|
|
5025
|
+
]
|
|
5026
|
+
});
|
|
5027
|
+
defineTable({
|
|
5028
|
+
name: "schemaEnumConfig",
|
|
5029
|
+
component: "kernel",
|
|
5030
|
+
category: "config",
|
|
5031
|
+
shape: z.object({
|
|
5032
|
+
"tenantId": z.string().optional(),
|
|
5033
|
+
"category": z.string(),
|
|
5034
|
+
"value": z.string(),
|
|
5035
|
+
"label": z.string(),
|
|
5036
|
+
"description": z.string().optional(),
|
|
5037
|
+
"tier": z.enum(["platform", "tenant"]),
|
|
5038
|
+
"domainNamespace": z.string().optional(),
|
|
5039
|
+
"metadata": z.any().optional(),
|
|
5040
|
+
"isDefault": z.boolean().optional(),
|
|
5041
|
+
"sortOrder": z.number().optional(),
|
|
5042
|
+
"status": z.enum(["active", "deprecated"]),
|
|
5043
|
+
"createdAt": z.number(),
|
|
5044
|
+
"updatedAt": z.number()
|
|
5045
|
+
}),
|
|
5046
|
+
indices: [
|
|
5047
|
+
{ kind: "index", name: "by_category", columns: ["category"] },
|
|
5048
|
+
{ kind: "index", name: "by_tenant_category", columns: ["tenantId", "category"] },
|
|
5049
|
+
{ kind: "index", name: "by_category_value", columns: ["category", "value"] }
|
|
5050
|
+
]
|
|
5051
|
+
});
|
|
5052
|
+
defineTable({
|
|
5053
|
+
name: "tasks",
|
|
5054
|
+
component: "kernel",
|
|
5055
|
+
category: "task",
|
|
5056
|
+
shape: z.object({
|
|
5057
|
+
"topicId": z.string().optional(),
|
|
5058
|
+
"tenantId": z.string().optional(),
|
|
5059
|
+
"workspaceId": z.string().optional(),
|
|
5060
|
+
"title": z.string(),
|
|
5061
|
+
"description": z.string().optional(),
|
|
5062
|
+
"status": z.enum(["todo", "in_progress", "blocked", "done"]),
|
|
4116
5063
|
"priority": z.enum(["urgent", "high", "medium", "low"]),
|
|
4117
5064
|
"dueDate": z.number().optional(),
|
|
4118
5065
|
"linkedWorktreeId": idOf("worktrees").optional(),
|
|
@@ -4290,6 +5237,7 @@ defineTable({
|
|
|
4290
5237
|
"updatedAt": z.number()
|
|
4291
5238
|
}),
|
|
4292
5239
|
indices: [
|
|
5240
|
+
{ kind: "index", name: "by_globalId", columns: ["globalId"] },
|
|
4293
5241
|
{ kind: "index", name: "by_parent", columns: ["parentTopicId"] },
|
|
4294
5242
|
{ kind: "index", name: "by_type", columns: ["type"] },
|
|
4295
5243
|
{ kind: "index", name: "by_graph_scope_project", columns: ["graphScopeProjectId"] },
|
|
@@ -4301,7 +5249,7 @@ defineTable({
|
|
|
4301
5249
|
});
|
|
4302
5250
|
defineTable({
|
|
4303
5251
|
name: "users",
|
|
4304
|
-
component: "
|
|
5252
|
+
component: "control-plane",
|
|
4305
5253
|
category: "user",
|
|
4306
5254
|
shape: z.object({
|
|
4307
5255
|
"clerkId": z.string(),
|
|
@@ -4415,7 +5363,6 @@ defineTable({
|
|
|
4415
5363
|
"deployments": z.record(z.object({
|
|
4416
5364
|
"url": z.string(),
|
|
4417
5365
|
"target": z.enum(["kernelDeployment", "appDeployment"]).optional(),
|
|
4418
|
-
"encryptedDeployKey": z.string().optional(),
|
|
4419
5366
|
"credentialRef": z.string().optional()
|
|
4420
5367
|
})).optional(),
|
|
4421
5368
|
"metadata": z.record(z.any()).optional(),
|
|
@@ -4430,6 +5377,39 @@ defineTable({
|
|
|
4430
5377
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
4431
5378
|
]
|
|
4432
5379
|
});
|
|
5380
|
+
defineTable({
|
|
5381
|
+
name: "deploymentHosts",
|
|
5382
|
+
component: "mc",
|
|
5383
|
+
category: "workspace",
|
|
5384
|
+
shape: z.object({
|
|
5385
|
+
"host": z.string(),
|
|
5386
|
+
"tenantId": idOf("tenants"),
|
|
5387
|
+
"workspaceId": idOf("workspaces"),
|
|
5388
|
+
"environment": z.enum(["dev", "staging", "prod"]),
|
|
5389
|
+
"target": z.enum(["kernelDeployment", "appDeployment"]),
|
|
5390
|
+
"deploymentUrl": z.string().optional(),
|
|
5391
|
+
"deploymentName": z.string().optional(),
|
|
5392
|
+
"vercelProjectName": z.string().optional(),
|
|
5393
|
+
"vercelProjectId": z.string().optional(),
|
|
5394
|
+
"vercelEnvironment": z.enum(["development", "preview", "staging", "production"]).optional(),
|
|
5395
|
+
"source": z.enum(["vercel_preview", "vercel_production", "vercel_custom_environment", "custom_domain", "manual"]),
|
|
5396
|
+
"status": z.enum(["active", "revoked"]),
|
|
5397
|
+
"metadata": z.record(z.any()).optional(),
|
|
5398
|
+
"createdBy": z.string(),
|
|
5399
|
+
"createdAt": z.number(),
|
|
5400
|
+
"updatedAt": z.number(),
|
|
5401
|
+
"revokedAt": z.number().optional(),
|
|
5402
|
+
"revokedBy": z.string().optional()
|
|
5403
|
+
}),
|
|
5404
|
+
indices: [
|
|
5405
|
+
{ kind: "index", name: "by_host", columns: ["host"] },
|
|
5406
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
5407
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
5408
|
+
{ kind: "index", name: "by_tenant_workspace_environment", columns: ["tenantId", "workspaceId", "environment"] },
|
|
5409
|
+
{ kind: "index", name: "by_workspace_status", columns: ["workspaceId", "status"] },
|
|
5410
|
+
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
5411
|
+
]
|
|
5412
|
+
});
|
|
4433
5413
|
defineTable({
|
|
4434
5414
|
name: "worktreeBeliefCluster",
|
|
4435
5415
|
component: "kernel",
|
|
@@ -4737,8 +5717,8 @@ defineTable({
|
|
|
4737
5717
|
});
|
|
4738
5718
|
z.object({
|
|
4739
5719
|
manifestVersion: z.string(),
|
|
4740
|
-
componentName: z.enum(["kernel", "
|
|
4741
|
-
tier: z.enum(["K", "
|
|
5720
|
+
componentName: z.enum(["kernel", "control-plane"]),
|
|
5721
|
+
tier: z.enum(["K", "CP"]),
|
|
4742
5722
|
packageVersion: z.string(),
|
|
4743
5723
|
tables: z.array(
|
|
4744
5724
|
z.object({
|
|
@@ -4766,17 +5746,44 @@ z.object({
|
|
|
4766
5746
|
message: "SL invariant b+d+u=1 violated at API boundary"
|
|
4767
5747
|
}
|
|
4768
5748
|
);
|
|
4769
|
-
|
|
5749
|
+
|
|
5750
|
+
// ../contracts/src/schema-helpers/spine/tables/epistemicNodes.ts
|
|
5751
|
+
var NODE_TYPES = [
|
|
5752
|
+
"decision",
|
|
4770
5753
|
"belief",
|
|
4771
|
-
"evidence",
|
|
4772
5754
|
"question",
|
|
4773
|
-
"
|
|
5755
|
+
"theme",
|
|
5756
|
+
"deal",
|
|
4774
5757
|
"topic",
|
|
5758
|
+
"claim",
|
|
5759
|
+
"evidence",
|
|
5760
|
+
"synthesis",
|
|
5761
|
+
"answer",
|
|
5762
|
+
"atomic_fact",
|
|
5763
|
+
"excerpt",
|
|
5764
|
+
"source",
|
|
5765
|
+
"company",
|
|
5766
|
+
"person",
|
|
5767
|
+
"investor",
|
|
5768
|
+
"function",
|
|
5769
|
+
"value_chain"
|
|
5770
|
+
];
|
|
5771
|
+
new Set(NODE_TYPES);
|
|
5772
|
+
|
|
5773
|
+
// ../contracts/src/types/graph-ref.ts
|
|
5774
|
+
var GRAPH_REF_EXTRA_NODE_TYPES = [
|
|
4775
5775
|
"edge",
|
|
4776
5776
|
"ontology",
|
|
4777
5777
|
"lens",
|
|
4778
5778
|
"contradiction"
|
|
4779
|
-
]
|
|
5779
|
+
];
|
|
5780
|
+
var GRAPH_REF_NODE_TYPES = [
|
|
5781
|
+
...NODE_TYPES,
|
|
5782
|
+
...GRAPH_REF_EXTRA_NODE_TYPES
|
|
5783
|
+
];
|
|
5784
|
+
var EpistemicNodeTypeSchema = z.enum(
|
|
5785
|
+
GRAPH_REF_NODE_TYPES
|
|
5786
|
+
);
|
|
4780
5787
|
var GraphRefSchema = z.discriminatedUnion("kind", [
|
|
4781
5788
|
z.object({
|
|
4782
5789
|
kind: z.literal("epistemic_node"),
|
|
@@ -4824,33 +5831,14 @@ function assertEdgePolicyAllowed(manifest, edgeType, from, to) {
|
|
|
4824
5831
|
}
|
|
4825
5832
|
|
|
4826
5833
|
// ../contracts/src/manifests/edge-policy-manifest.data.ts
|
|
5834
|
+
var publicEpistemicNodeEdgePolicy = (edgeType) => ({
|
|
5835
|
+
edgeType,
|
|
5836
|
+
fromKinds: ["epistemic_node"],
|
|
5837
|
+
toKinds: ["epistemic_node"],
|
|
5838
|
+
description: "Canonical public create_edge policy for graph-node relationships. The policy layer gates edge-type membership, not endpoint semantics."
|
|
5839
|
+
});
|
|
4827
5840
|
var edgePolicyManifest = {
|
|
4828
|
-
policies:
|
|
4829
|
-
{
|
|
4830
|
-
edgeType: "evidence_derived_from_evidence",
|
|
4831
|
-
fromKinds: ["epistemic_node"],
|
|
4832
|
-
fromNodeTypes: ["evidence"],
|
|
4833
|
-
toKinds: ["epistemic_node"],
|
|
4834
|
-
toNodeTypes: ["evidence"],
|
|
4835
|
-
description: "Evidence E2 was synthesized from evidence E1 by a transformation. Provides chain-of-evidence lineage."
|
|
4836
|
-
},
|
|
4837
|
-
{
|
|
4838
|
-
edgeType: "evidence_supports_belief",
|
|
4839
|
-
fromKinds: ["epistemic_node"],
|
|
4840
|
-
fromNodeTypes: ["evidence"],
|
|
4841
|
-
toKinds: ["epistemic_node"],
|
|
4842
|
-
toNodeTypes: ["belief"],
|
|
4843
|
-
description: "Existing link_evidence_to_belief semantics promoted to the create_edge policy source."
|
|
4844
|
-
},
|
|
4845
|
-
{
|
|
4846
|
-
edgeType: "evidence_supports_question",
|
|
4847
|
-
fromKinds: ["epistemic_node"],
|
|
4848
|
-
fromNodeTypes: ["evidence"],
|
|
4849
|
-
toKinds: ["epistemic_node"],
|
|
4850
|
-
toNodeTypes: ["question"],
|
|
4851
|
-
description: "Existing link_evidence_to_question semantics promoted to the create_edge policy source."
|
|
4852
|
-
}
|
|
4853
|
-
]
|
|
5841
|
+
policies: EDGE_TYPE_VALUES.map(publicEpistemicNodeEdgePolicy)
|
|
4854
5842
|
};
|
|
4855
5843
|
|
|
4856
5844
|
// ../contracts/src/tenant-client.contract.ts
|
|
@@ -4897,7 +5885,7 @@ var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
|
|
|
4897
5885
|
},
|
|
4898
5886
|
{
|
|
4899
5887
|
packageName: "@lucern/control-plane",
|
|
4900
|
-
role: "
|
|
5888
|
+
role: "component_runtime",
|
|
4901
5889
|
directTenantImport: false
|
|
4902
5890
|
},
|
|
4903
5891
|
{
|
|
@@ -4906,79 +5894,948 @@ var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
|
|
|
4906
5894
|
directTenantImport: false
|
|
4907
5895
|
},
|
|
4908
5896
|
{
|
|
4909
|
-
packageName: "@lucern/events",
|
|
4910
|
-
role: "sdk_dependency",
|
|
4911
|
-
directTenantImport: false
|
|
5897
|
+
packageName: "@lucern/events",
|
|
5898
|
+
role: "sdk_dependency",
|
|
5899
|
+
directTenantImport: false
|
|
5900
|
+
},
|
|
5901
|
+
{
|
|
5902
|
+
packageName: "@lucern/graph-primitives",
|
|
5903
|
+
role: "sdk_dependency",
|
|
5904
|
+
directTenantImport: false
|
|
5905
|
+
},
|
|
5906
|
+
{
|
|
5907
|
+
packageName: "@lucern/graph-sync",
|
|
5908
|
+
role: "host_addon_runtime",
|
|
5909
|
+
directTenantImport: true
|
|
5910
|
+
},
|
|
5911
|
+
{
|
|
5912
|
+
packageName: "@lucern/mcp",
|
|
5913
|
+
role: "runtime_entrypoint",
|
|
5914
|
+
directTenantImport: true
|
|
5915
|
+
},
|
|
5916
|
+
{
|
|
5917
|
+
packageName: "@lucern/pack-host",
|
|
5918
|
+
role: "platform_runtime",
|
|
5919
|
+
directTenantImport: false
|
|
5920
|
+
},
|
|
5921
|
+
{
|
|
5922
|
+
packageName: "@lucern/pack-installer",
|
|
5923
|
+
role: "developer_tool",
|
|
5924
|
+
directTenantImport: false
|
|
5925
|
+
},
|
|
5926
|
+
{
|
|
5927
|
+
packageName: "@lucern/proof-compiler",
|
|
5928
|
+
role: "developer_tool",
|
|
5929
|
+
directTenantImport: false
|
|
5930
|
+
},
|
|
5931
|
+
{
|
|
5932
|
+
packageName: "@lucern/react",
|
|
5933
|
+
role: "runtime_entrypoint",
|
|
5934
|
+
directTenantImport: true
|
|
5935
|
+
},
|
|
5936
|
+
{
|
|
5937
|
+
packageName: "@lucern/reasoning-kernel",
|
|
5938
|
+
role: "component_runtime",
|
|
5939
|
+
directTenantImport: false
|
|
5940
|
+
},
|
|
5941
|
+
{
|
|
5942
|
+
packageName: "@lucern/sdk",
|
|
5943
|
+
role: "runtime_entrypoint",
|
|
5944
|
+
directTenantImport: true
|
|
5945
|
+
},
|
|
5946
|
+
{
|
|
5947
|
+
packageName: "@lucern/secrets",
|
|
5948
|
+
role: "sdk_dependency",
|
|
5949
|
+
directTenantImport: false
|
|
5950
|
+
},
|
|
5951
|
+
{
|
|
5952
|
+
packageName: "@lucern/server-core",
|
|
5953
|
+
role: "platform_runtime",
|
|
5954
|
+
directTenantImport: false
|
|
5955
|
+
},
|
|
5956
|
+
{
|
|
5957
|
+
packageName: "@lucern/testing",
|
|
5958
|
+
role: "test_support",
|
|
5959
|
+
directTenantImport: false
|
|
5960
|
+
},
|
|
5961
|
+
{
|
|
5962
|
+
packageName: "@lucern/types",
|
|
5963
|
+
role: "contract_entrypoint",
|
|
5964
|
+
directTenantImport: true
|
|
5965
|
+
}
|
|
5966
|
+
];
|
|
5967
|
+
TENANT_CLIENT_INSTALLABLE_PACKAGES.map(
|
|
5968
|
+
(entry) => entry.packageName
|
|
5969
|
+
);
|
|
5970
|
+
|
|
5971
|
+
// ../contracts/src/infisical-runtime.contract.ts
|
|
5972
|
+
var INFISICAL_TENANT_SOFTWARE_SYSTEMS = [
|
|
5973
|
+
{
|
|
5974
|
+
id: "stack-frontend",
|
|
5975
|
+
tenantKey: "stack",
|
|
5976
|
+
workspaceKey: "frontend",
|
|
5977
|
+
vercelProjectName: "ai-chatbot-diao",
|
|
5978
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
5979
|
+
vercelProjectId: "prj_PihFw8kohSSw14nZs9YQV3xVo517",
|
|
5980
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
5981
|
+
repository: {
|
|
5982
|
+
owner: "stack-vc",
|
|
5983
|
+
name: "front-end"
|
|
5984
|
+
},
|
|
5985
|
+
sharedSourcePath: "/tenants/stack",
|
|
5986
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
5987
|
+
convex: {
|
|
5988
|
+
urlEnv: "CONVEX_FRONTEND_URL",
|
|
5989
|
+
deployKeyEnv: "CONVEX_FRONTEND_DEPLOY_KEY",
|
|
5990
|
+
preprodDeployment: "rugged-lobster-664",
|
|
5991
|
+
prodDeployment: "wonderful-toucan-0"
|
|
5992
|
+
}
|
|
5993
|
+
},
|
|
5994
|
+
{
|
|
5995
|
+
id: "stackos",
|
|
5996
|
+
tenantKey: "stack",
|
|
5997
|
+
workspaceKey: "stackos",
|
|
5998
|
+
vercelProjectName: "stackos",
|
|
5999
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
6000
|
+
vercelProjectId: "prj_rXLAL0Z6v9p1fasKbomby6GI7kau",
|
|
6001
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
6002
|
+
repository: {
|
|
6003
|
+
owner: "stack-vc",
|
|
6004
|
+
name: "stackos"
|
|
6005
|
+
},
|
|
6006
|
+
sharedSourcePath: "/tenants/stack",
|
|
6007
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6008
|
+
convex: {
|
|
6009
|
+
urlEnv: "CONVEX_STACKOS_URL",
|
|
6010
|
+
deployKeyEnv: "CONVEX_STACKOS_DEPLOY_KEY",
|
|
6011
|
+
preprodDeployment: "giant-mandrill-761",
|
|
6012
|
+
prodDeployment: "good-snake-515"
|
|
6013
|
+
}
|
|
6014
|
+
},
|
|
6015
|
+
{
|
|
6016
|
+
id: "stack-eng",
|
|
6017
|
+
tenantKey: "stack",
|
|
6018
|
+
workspaceKey: "engineering",
|
|
6019
|
+
vercelProjectName: "stackos-engineering-graph",
|
|
6020
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
6021
|
+
vercelProjectId: "prj_zAU0Zn9GkbHjHI63dxW4vLpmoqTJ",
|
|
6022
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
6023
|
+
repository: {
|
|
6024
|
+
owner: "stack-vc",
|
|
6025
|
+
name: "stackos-engineering-graph"
|
|
6026
|
+
},
|
|
6027
|
+
sharedSourcePath: "/tenants/stack/engineering",
|
|
6028
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6029
|
+
convex: {
|
|
6030
|
+
urlEnv: "CONVEX_STACK_ENG_URL",
|
|
6031
|
+
deployKeyEnv: "CONVEX_STACK_ENG_DEPLOY_KEY",
|
|
6032
|
+
preprodDeployment: "small-oyster-270",
|
|
6033
|
+
prodDeployment: "bold-cuttlefish-804"
|
|
6034
|
+
}
|
|
6035
|
+
},
|
|
6036
|
+
{
|
|
6037
|
+
id: "lucern-graph",
|
|
6038
|
+
tenantKey: "lucern",
|
|
6039
|
+
workspaceKey: "lucern",
|
|
6040
|
+
vercelProjectName: "lucern-graph",
|
|
6041
|
+
vercelTeamId: "team_vTHxxs8GAoAFUe6RWMlYt7fY",
|
|
6042
|
+
vercelProjectId: "prj_KJ8EKV8vGM5xURpqmwTwmECEGPgQ",
|
|
6043
|
+
vercelWriterTokenEnv: "LUCERN_VERCEL_TOKEN",
|
|
6044
|
+
repository: {
|
|
6045
|
+
owner: "LucernAI",
|
|
6046
|
+
name: "lucern-graph"
|
|
6047
|
+
},
|
|
6048
|
+
sharedSourcePath: "/tenants/lucern/shared",
|
|
6049
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6050
|
+
convex: {
|
|
6051
|
+
urlEnv: "CONVEX_LUCERN_URL",
|
|
6052
|
+
deployKeyEnv: "CONVEX_LUCERN_DEPLOY_KEY",
|
|
6053
|
+
preprodDeployment: "good-blackbird-774",
|
|
6054
|
+
prodDeployment: "precious-dog-365"
|
|
6055
|
+
}
|
|
6056
|
+
}
|
|
6057
|
+
];
|
|
6058
|
+
var TENANT_SHARED_SECRET_DEFINITION_TEMPLATES = [
|
|
6059
|
+
{
|
|
6060
|
+
idSuffix: "clerk.publishable",
|
|
6061
|
+
canonicalName: "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY",
|
|
6062
|
+
aliases: ["CLERK_PUBLISHABLE_KEY"],
|
|
6063
|
+
required: true,
|
|
6064
|
+
secret: false,
|
|
6065
|
+
public: true,
|
|
6066
|
+
description: "Tenant-owned Clerk browser key. For Stack this is the master clerk.stack.vc project shared by front-end, StackOS, and the engineering workspace."
|
|
6067
|
+
},
|
|
6068
|
+
{
|
|
6069
|
+
idSuffix: "clerk.secret",
|
|
6070
|
+
canonicalName: "CLERK_SECRET_KEY",
|
|
6071
|
+
required: true,
|
|
6072
|
+
secret: true,
|
|
6073
|
+
public: false,
|
|
6074
|
+
description: "Tenant-owned Clerk backend secret used only by that tenant's server runtimes."
|
|
6075
|
+
},
|
|
6076
|
+
{
|
|
6077
|
+
idSuffix: "clerk.project",
|
|
6078
|
+
canonicalName: "CLERK_PROJECT_ID",
|
|
6079
|
+
required: true,
|
|
6080
|
+
secret: false,
|
|
6081
|
+
public: false,
|
|
6082
|
+
description: "Tenant-owned Clerk project id used to resolve canonical Clerk aliases."
|
|
6083
|
+
},
|
|
6084
|
+
{
|
|
6085
|
+
idSuffix: "clerk.jwks",
|
|
6086
|
+
canonicalName: "CLERK_JWT_ISSUER_DOMAIN",
|
|
6087
|
+
aliases: ["CLERK_ISSUER_URL", "CLERK_JWKS_URL"],
|
|
6088
|
+
required: false,
|
|
6089
|
+
secret: false,
|
|
6090
|
+
public: false,
|
|
6091
|
+
description: "Tenant Clerk issuer/JWKS URL consumed by Convex auth.config.ts."
|
|
6092
|
+
},
|
|
6093
|
+
{
|
|
6094
|
+
idSuffix: "clerk.jwt-key",
|
|
6095
|
+
canonicalName: "CLERK_JWT_KEY",
|
|
6096
|
+
required: false,
|
|
6097
|
+
secret: true,
|
|
6098
|
+
public: false,
|
|
6099
|
+
description: "Tenant Clerk JWT public verification key used by bearer-token API routes."
|
|
6100
|
+
},
|
|
6101
|
+
{
|
|
6102
|
+
idSuffix: "clerk.authorized-parties",
|
|
6103
|
+
canonicalName: "CLERK_AUTHORIZED_PARTIES",
|
|
6104
|
+
aliases: ["CLERK_MOBILE_AUTHORIZED_PARTIES"],
|
|
6105
|
+
required: false,
|
|
6106
|
+
secret: false,
|
|
6107
|
+
public: false,
|
|
6108
|
+
description: "Comma-separated Clerk authorized parties for browser and mobile bearer-token validation."
|
|
6109
|
+
},
|
|
6110
|
+
{
|
|
6111
|
+
idSuffix: "clerk.sign-in-url",
|
|
6112
|
+
canonicalName: "NEXT_PUBLIC_CLERK_SIGN_IN_URL",
|
|
6113
|
+
required: false,
|
|
6114
|
+
secret: false,
|
|
6115
|
+
public: true,
|
|
6116
|
+
description: "Tenant Clerk sign-in route for custom app login surfaces."
|
|
6117
|
+
},
|
|
6118
|
+
{
|
|
6119
|
+
idSuffix: "clerk.sign-up-url",
|
|
6120
|
+
canonicalName: "NEXT_PUBLIC_CLERK_SIGN_UP_URL",
|
|
6121
|
+
required: false,
|
|
6122
|
+
secret: false,
|
|
6123
|
+
public: true,
|
|
6124
|
+
description: "Tenant Clerk sign-up route for custom app login surfaces."
|
|
6125
|
+
}
|
|
6126
|
+
];
|
|
6127
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap(
|
|
6128
|
+
(system) => TENANT_SHARED_SECRET_DEFINITION_TEMPLATES.map(
|
|
6129
|
+
(template) => ({
|
|
6130
|
+
id: `tenant.${system.id}.${template.idSuffix}`,
|
|
6131
|
+
canonicalName: template.canonicalName,
|
|
6132
|
+
aliases: "aliases" in template ? template.aliases : void 0,
|
|
6133
|
+
owner: "tenant",
|
|
6134
|
+
scope: "tenant",
|
|
6135
|
+
sourcePath: system.sharedSourcePath,
|
|
6136
|
+
environmentPolicy: "environment_specific",
|
|
6137
|
+
required: template.required,
|
|
6138
|
+
secret: template.secret,
|
|
6139
|
+
public: template.public,
|
|
6140
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6141
|
+
destinations: [
|
|
6142
|
+
{
|
|
6143
|
+
kind: "vercel",
|
|
6144
|
+
target: system.vercelProjectName,
|
|
6145
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6146
|
+
},
|
|
6147
|
+
{
|
|
6148
|
+
kind: "convex",
|
|
6149
|
+
target: `${system.convex.preprodDeployment}|${system.convex.prodDeployment}`,
|
|
6150
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6151
|
+
}
|
|
6152
|
+
],
|
|
6153
|
+
description: `${system.tenantKey}/${system.workspaceKey}: ${template.description}`
|
|
6154
|
+
})
|
|
6155
|
+
)
|
|
6156
|
+
);
|
|
6157
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.map(
|
|
6158
|
+
(system) => ({
|
|
6159
|
+
id: `tenant.${system.id}.install-lucern-npm`,
|
|
6160
|
+
canonicalName: "INSTALL_LUCERN_NPM",
|
|
6161
|
+
owner: "provider",
|
|
6162
|
+
scope: "global",
|
|
6163
|
+
sourcePath: "/tenants/shared",
|
|
6164
|
+
environmentPolicy: "same_all_environments",
|
|
6165
|
+
required: true,
|
|
6166
|
+
secret: true,
|
|
6167
|
+
public: false,
|
|
6168
|
+
consumers: ["tenant-vercel-app", "tenant-deploy-tooling"],
|
|
6169
|
+
destinations: [
|
|
6170
|
+
{
|
|
6171
|
+
kind: "vercel",
|
|
6172
|
+
target: system.vercelProjectName,
|
|
6173
|
+
environmentPolicy: "same_all_environments"
|
|
6174
|
+
},
|
|
6175
|
+
{
|
|
6176
|
+
kind: "github_actions",
|
|
6177
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6178
|
+
environmentPolicy: "same_all_environments"
|
|
6179
|
+
}
|
|
6180
|
+
],
|
|
6181
|
+
description: `${system.tenantKey}/${system.workspaceKey}: read-only npm install token for published @lucern/* packages.`
|
|
6182
|
+
})
|
|
6183
|
+
);
|
|
6184
|
+
var TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS = ["stack-frontend", "stackos"];
|
|
6185
|
+
var TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES = [
|
|
6186
|
+
{
|
|
6187
|
+
idSuffix: "ai.openai-api-key",
|
|
6188
|
+
canonicalName: "OPENAI_API_KEY",
|
|
6189
|
+
required: false,
|
|
6190
|
+
secret: true,
|
|
6191
|
+
public: false,
|
|
6192
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6193
|
+
description: "Tenant-owned OpenAI key for product runtime LLM calls."
|
|
6194
|
+
},
|
|
6195
|
+
{
|
|
6196
|
+
idSuffix: "ai.anthropic-api-key",
|
|
6197
|
+
canonicalName: "ANTHROPIC_API_KEY",
|
|
6198
|
+
required: false,
|
|
6199
|
+
secret: true,
|
|
6200
|
+
public: false,
|
|
6201
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6202
|
+
description: "Tenant-owned Anthropic key for product runtime LLM calls."
|
|
6203
|
+
},
|
|
6204
|
+
{
|
|
6205
|
+
idSuffix: "ai.gemini-api-key",
|
|
6206
|
+
canonicalName: "GEMINI_API_KEY",
|
|
6207
|
+
aliases: ["GOOGLE_AI_API_KEY", "GOOGLE_GENERATIVE_AI_API_KEY"],
|
|
6208
|
+
required: false,
|
|
6209
|
+
secret: true,
|
|
6210
|
+
public: false,
|
|
6211
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6212
|
+
description: "Tenant-owned Google/Gemini key for product runtime LLM calls."
|
|
6213
|
+
},
|
|
6214
|
+
{
|
|
6215
|
+
idSuffix: "langfuse.secret-key",
|
|
6216
|
+
canonicalName: "LANGFUSE_SECRET_KEY",
|
|
6217
|
+
required: false,
|
|
6218
|
+
secret: true,
|
|
6219
|
+
public: false,
|
|
6220
|
+
consumers: [
|
|
6221
|
+
"tenant-vercel-app",
|
|
6222
|
+
"tenant-convex-deployment",
|
|
6223
|
+
"tenant-observability"
|
|
6224
|
+
],
|
|
6225
|
+
description: "Tenant-owned Langfuse secret key for product AI tracing."
|
|
6226
|
+
},
|
|
6227
|
+
{
|
|
6228
|
+
idSuffix: "langfuse.public-key",
|
|
6229
|
+
canonicalName: "LANGFUSE_PUBLIC_KEY",
|
|
6230
|
+
required: false,
|
|
6231
|
+
secret: false,
|
|
6232
|
+
public: false,
|
|
6233
|
+
consumers: [
|
|
6234
|
+
"tenant-vercel-app",
|
|
6235
|
+
"tenant-convex-deployment",
|
|
6236
|
+
"tenant-observability"
|
|
6237
|
+
],
|
|
6238
|
+
description: "Tenant-owned Langfuse public key for product AI tracing."
|
|
6239
|
+
},
|
|
6240
|
+
{
|
|
6241
|
+
idSuffix: "langfuse.base-url",
|
|
6242
|
+
canonicalName: "LANGFUSE_BASE_URL",
|
|
6243
|
+
aliases: ["LANGFUSE_BASEURL", "LANGFUSE_HOST"],
|
|
6244
|
+
required: false,
|
|
6245
|
+
secret: false,
|
|
6246
|
+
public: false,
|
|
6247
|
+
consumers: [
|
|
6248
|
+
"tenant-vercel-app",
|
|
6249
|
+
"tenant-convex-deployment",
|
|
6250
|
+
"tenant-observability"
|
|
6251
|
+
],
|
|
6252
|
+
description: "Tenant-owned Langfuse API origin."
|
|
6253
|
+
},
|
|
6254
|
+
{
|
|
6255
|
+
idSuffix: "graph.neo4j-uri",
|
|
6256
|
+
canonicalName: "NEO4J_URI",
|
|
6257
|
+
required: false,
|
|
6258
|
+
secret: false,
|
|
6259
|
+
public: false,
|
|
6260
|
+
consumers: [
|
|
6261
|
+
"tenant-vercel-app",
|
|
6262
|
+
"tenant-convex-deployment",
|
|
6263
|
+
"tenant-graph-sync"
|
|
6264
|
+
],
|
|
6265
|
+
description: "Tenant-owned Neo4j URI for product graph-sync."
|
|
6266
|
+
},
|
|
6267
|
+
{
|
|
6268
|
+
idSuffix: "graph.neo4j-user",
|
|
6269
|
+
canonicalName: "NEO4J_USER",
|
|
6270
|
+
aliases: ["NEO4J_USERNAME"],
|
|
6271
|
+
required: false,
|
|
6272
|
+
secret: false,
|
|
6273
|
+
public: false,
|
|
6274
|
+
consumers: [
|
|
6275
|
+
"tenant-vercel-app",
|
|
6276
|
+
"tenant-convex-deployment",
|
|
6277
|
+
"tenant-graph-sync"
|
|
6278
|
+
],
|
|
6279
|
+
description: "Tenant-owned Neo4j user for product graph-sync."
|
|
6280
|
+
},
|
|
6281
|
+
{
|
|
6282
|
+
idSuffix: "graph.neo4j-password",
|
|
6283
|
+
canonicalName: "NEO4J_PASSWORD",
|
|
6284
|
+
required: false,
|
|
6285
|
+
secret: true,
|
|
6286
|
+
public: false,
|
|
6287
|
+
consumers: [
|
|
6288
|
+
"tenant-vercel-app",
|
|
6289
|
+
"tenant-convex-deployment",
|
|
6290
|
+
"tenant-graph-sync"
|
|
6291
|
+
],
|
|
6292
|
+
description: "Tenant-owned Neo4j password for product graph-sync."
|
|
6293
|
+
},
|
|
6294
|
+
{
|
|
6295
|
+
idSuffix: "graph.neo4j-sync-secret",
|
|
6296
|
+
canonicalName: "NEO4J_SYNC_SECRET",
|
|
6297
|
+
required: false,
|
|
6298
|
+
secret: true,
|
|
6299
|
+
public: false,
|
|
6300
|
+
consumers: [
|
|
6301
|
+
"tenant-vercel-app",
|
|
6302
|
+
"tenant-convex-deployment",
|
|
6303
|
+
"tenant-graph-sync"
|
|
6304
|
+
],
|
|
6305
|
+
description: "Tenant-owned shared secret for product Convex-to-HTTP graph-sync calls."
|
|
6306
|
+
},
|
|
6307
|
+
{
|
|
6308
|
+
idSuffix: "graph.neo4j-database",
|
|
6309
|
+
canonicalName: "NEO4J_DATABASE",
|
|
6310
|
+
required: false,
|
|
6311
|
+
secret: false,
|
|
6312
|
+
public: false,
|
|
6313
|
+
consumers: [
|
|
6314
|
+
"tenant-vercel-app",
|
|
6315
|
+
"tenant-convex-deployment",
|
|
6316
|
+
"tenant-graph-sync"
|
|
6317
|
+
],
|
|
6318
|
+
description: "Tenant-owned Neo4j database name for product graph-sync."
|
|
6319
|
+
},
|
|
6320
|
+
{
|
|
6321
|
+
idSuffix: "vector.pinecone-api-key",
|
|
6322
|
+
canonicalName: "PINECONE_API_KEY",
|
|
6323
|
+
required: false,
|
|
6324
|
+
secret: true,
|
|
6325
|
+
public: false,
|
|
6326
|
+
consumers: [
|
|
6327
|
+
"tenant-vercel-app",
|
|
6328
|
+
"tenant-convex-deployment",
|
|
6329
|
+
"tenant-vector-store"
|
|
6330
|
+
],
|
|
6331
|
+
description: "Tenant-owned Pinecone API key for product vector search."
|
|
6332
|
+
},
|
|
6333
|
+
{
|
|
6334
|
+
idSuffix: "vector.pinecone-index-name",
|
|
6335
|
+
canonicalName: "PINECONE_INDEX_NAME",
|
|
6336
|
+
aliases: ["PINECONE_INDEX"],
|
|
6337
|
+
required: false,
|
|
6338
|
+
secret: false,
|
|
6339
|
+
public: false,
|
|
6340
|
+
consumers: [
|
|
6341
|
+
"tenant-vercel-app",
|
|
6342
|
+
"tenant-convex-deployment",
|
|
6343
|
+
"tenant-vector-store"
|
|
6344
|
+
],
|
|
6345
|
+
description: "Tenant-owned Pinecone index name for product vector search."
|
|
6346
|
+
},
|
|
6347
|
+
{
|
|
6348
|
+
idSuffix: "vector.pinecone-host",
|
|
6349
|
+
canonicalName: "PINECONE_HOST",
|
|
6350
|
+
aliases: ["PINECONE_INDEX_HOST"],
|
|
6351
|
+
required: false,
|
|
6352
|
+
secret: false,
|
|
6353
|
+
public: false,
|
|
6354
|
+
consumers: [
|
|
6355
|
+
"tenant-vercel-app",
|
|
6356
|
+
"tenant-convex-deployment",
|
|
6357
|
+
"tenant-vector-store"
|
|
6358
|
+
],
|
|
6359
|
+
description: "Tenant-owned Pinecone host for product vector search."
|
|
6360
|
+
},
|
|
6361
|
+
{
|
|
6362
|
+
idSuffix: "vector.pinecone-namespace",
|
|
6363
|
+
canonicalName: "PINECONE_NAMESPACE",
|
|
6364
|
+
required: false,
|
|
6365
|
+
secret: false,
|
|
6366
|
+
public: false,
|
|
6367
|
+
consumers: [
|
|
6368
|
+
"tenant-vercel-app",
|
|
6369
|
+
"tenant-convex-deployment",
|
|
6370
|
+
"tenant-vector-store"
|
|
6371
|
+
],
|
|
6372
|
+
description: "Tenant-owned Pinecone namespace for product vector search isolation."
|
|
6373
|
+
},
|
|
6374
|
+
{
|
|
6375
|
+
idSuffix: "storage.aws-access-key-id",
|
|
6376
|
+
canonicalName: "AWS_ACCESS_KEY_ID",
|
|
6377
|
+
required: false,
|
|
6378
|
+
secret: true,
|
|
6379
|
+
public: false,
|
|
6380
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6381
|
+
description: "Tenant-owned AWS access key id for document/file ingestion."
|
|
6382
|
+
},
|
|
6383
|
+
{
|
|
6384
|
+
idSuffix: "storage.aws-secret-access-key",
|
|
6385
|
+
canonicalName: "AWS_SECRET_ACCESS_KEY",
|
|
6386
|
+
required: false,
|
|
6387
|
+
secret: true,
|
|
6388
|
+
public: false,
|
|
6389
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6390
|
+
description: "Tenant-owned AWS secret access key for document/file ingestion."
|
|
4912
6391
|
},
|
|
4913
6392
|
{
|
|
4914
|
-
|
|
4915
|
-
|
|
4916
|
-
|
|
6393
|
+
idSuffix: "storage.aws-region",
|
|
6394
|
+
canonicalName: "AWS_REGION",
|
|
6395
|
+
required: false,
|
|
6396
|
+
secret: false,
|
|
6397
|
+
public: false,
|
|
6398
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6399
|
+
description: "Tenant-owned AWS region for document/file ingestion."
|
|
4917
6400
|
},
|
|
4918
6401
|
{
|
|
4919
|
-
|
|
4920
|
-
|
|
4921
|
-
|
|
6402
|
+
idSuffix: "observability.sentry-dsn",
|
|
6403
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_DSN",
|
|
6404
|
+
aliases: ["NEXT_PUBLIC_SENTRY_DSN_NEXTJS", "SENTRY_DSN"],
|
|
6405
|
+
required: false,
|
|
6406
|
+
secret: false,
|
|
6407
|
+
public: true,
|
|
6408
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6409
|
+
description: "Tenant-owned Sentry DSN for app telemetry."
|
|
4922
6410
|
},
|
|
4923
6411
|
{
|
|
4924
|
-
|
|
4925
|
-
|
|
4926
|
-
|
|
6412
|
+
idSuffix: "observability.sentry-auth-token",
|
|
6413
|
+
canonicalName: "SENTRY_AUTH_TOKEN",
|
|
6414
|
+
required: false,
|
|
6415
|
+
secret: true,
|
|
6416
|
+
public: false,
|
|
6417
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6418
|
+
description: "Tenant-owned Sentry release token for app deployments."
|
|
4927
6419
|
},
|
|
4928
6420
|
{
|
|
4929
|
-
|
|
4930
|
-
|
|
4931
|
-
|
|
6421
|
+
idSuffix: "observability.sentry-org",
|
|
6422
|
+
canonicalName: "SENTRY_ORG",
|
|
6423
|
+
aliases: ["SENTRY_ORG_SLUG"],
|
|
6424
|
+
required: false,
|
|
6425
|
+
secret: false,
|
|
6426
|
+
public: false,
|
|
6427
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6428
|
+
description: "Tenant-owned Sentry org slug for release uploads."
|
|
4932
6429
|
},
|
|
4933
6430
|
{
|
|
4934
|
-
|
|
4935
|
-
|
|
4936
|
-
|
|
6431
|
+
idSuffix: "observability.sentry-project",
|
|
6432
|
+
canonicalName: "SENTRY_PROJECT",
|
|
6433
|
+
aliases: ["SENTRY_PROJECT_NEXTJS"],
|
|
6434
|
+
required: false,
|
|
6435
|
+
secret: false,
|
|
6436
|
+
public: false,
|
|
6437
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6438
|
+
description: "Tenant-owned Sentry project slug for release uploads."
|
|
4937
6439
|
},
|
|
4938
6440
|
{
|
|
4939
|
-
|
|
4940
|
-
|
|
4941
|
-
|
|
6441
|
+
idSuffix: "observability.sentry-environment",
|
|
6442
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_ENVIRONMENT",
|
|
6443
|
+
aliases: ["SENTRY_ENVIRONMENT"],
|
|
6444
|
+
required: false,
|
|
6445
|
+
secret: false,
|
|
6446
|
+
public: true,
|
|
6447
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6448
|
+
description: "Tenant-owned Sentry environment label."
|
|
4942
6449
|
},
|
|
4943
6450
|
{
|
|
4944
|
-
|
|
4945
|
-
|
|
4946
|
-
|
|
6451
|
+
idSuffix: "observability.sentry-release",
|
|
6452
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_RELEASE",
|
|
6453
|
+
aliases: ["SENTRY_RELEASE"],
|
|
6454
|
+
required: false,
|
|
6455
|
+
secret: false,
|
|
6456
|
+
public: true,
|
|
6457
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6458
|
+
description: "Tenant-owned Sentry release label."
|
|
4947
6459
|
},
|
|
4948
6460
|
{
|
|
4949
|
-
|
|
4950
|
-
|
|
4951
|
-
|
|
6461
|
+
idSuffix: "observability.sentry-client-options",
|
|
6462
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE",
|
|
6463
|
+
aliases: [
|
|
6464
|
+
"NEXT_PUBLIC_SENTRY_CAPTURE_CONSOLE_LEVELS",
|
|
6465
|
+
"NEXT_PUBLIC_SENTRY_CAPTURE_CONSOLE_LEVELS_NEXTJS",
|
|
6466
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_BREADCRUMB_LEVELS",
|
|
6467
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_BREADCRUMB_LEVELS_NEXTJS",
|
|
6468
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_LOG_LEVELS",
|
|
6469
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_LOG_LEVELS_NEXTJS",
|
|
6470
|
+
"NEXT_PUBLIC_SENTRY_ENABLE_LOGS",
|
|
6471
|
+
"NEXT_PUBLIC_SENTRY_REPLAYS_ON_ERROR_SAMPLE_RATE",
|
|
6472
|
+
"NEXT_PUBLIC_SENTRY_REPLAYS_SESSION_SAMPLE_RATE",
|
|
6473
|
+
"NEXT_PUBLIC_SENTRY_SEND_DEFAULT_PII",
|
|
6474
|
+
"NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE_NEXTJS"
|
|
6475
|
+
],
|
|
6476
|
+
required: false,
|
|
6477
|
+
secret: false,
|
|
6478
|
+
public: true,
|
|
6479
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6480
|
+
description: "Tenant-owned public Sentry tuning values for Next.js client instrumentation."
|
|
4952
6481
|
},
|
|
4953
6482
|
{
|
|
4954
|
-
|
|
4955
|
-
|
|
4956
|
-
|
|
6483
|
+
idSuffix: "observability.sentry-webhook-secret",
|
|
6484
|
+
canonicalName: "SENTRY_WEBHOOK_SECRET",
|
|
6485
|
+
required: false,
|
|
6486
|
+
secret: true,
|
|
6487
|
+
public: false,
|
|
6488
|
+
consumers: ["tenant-convex-deployment", "tenant-observability"],
|
|
6489
|
+
description: "Tenant-owned Sentry webhook verification secret."
|
|
4957
6490
|
},
|
|
4958
6491
|
{
|
|
4959
|
-
|
|
4960
|
-
|
|
4961
|
-
|
|
6492
|
+
idSuffix: "lucern.gateway-api-key",
|
|
6493
|
+
canonicalName: "LUCERN_API_KEY",
|
|
6494
|
+
aliases: ["STACK_API_KEY"],
|
|
6495
|
+
required: false,
|
|
6496
|
+
secret: true,
|
|
6497
|
+
public: false,
|
|
6498
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6499
|
+
description: "Tenant-scoped Lucern/MC gateway API key for product front-door calls."
|
|
4962
6500
|
},
|
|
4963
6501
|
{
|
|
4964
|
-
|
|
4965
|
-
|
|
4966
|
-
|
|
6502
|
+
idSuffix: "lucern.gateway-base-url",
|
|
6503
|
+
canonicalName: "LUCERN_BASE_URL",
|
|
6504
|
+
aliases: ["LUCERN_API_BASE_URL", "LUCERN_GATEWAY_BASE_URL"],
|
|
6505
|
+
required: false,
|
|
6506
|
+
secret: false,
|
|
6507
|
+
public: false,
|
|
6508
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6509
|
+
description: "Lucern/MC gateway base URL used by tenant product apps."
|
|
4967
6510
|
},
|
|
4968
6511
|
{
|
|
4969
|
-
|
|
4970
|
-
|
|
4971
|
-
|
|
6512
|
+
idSuffix: "lucern.proxy-token-secret",
|
|
6513
|
+
canonicalName: "LUCERN_PROXY_TOKEN_SECRET",
|
|
6514
|
+
required: false,
|
|
6515
|
+
secret: true,
|
|
6516
|
+
public: false,
|
|
6517
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6518
|
+
description: "Tenant-owned secret for signing internal proxy/session tokens in product apps."
|
|
4972
6519
|
},
|
|
4973
6520
|
{
|
|
4974
|
-
|
|
4975
|
-
|
|
4976
|
-
|
|
6521
|
+
idSuffix: "tenant.integrations.linear-api-key",
|
|
6522
|
+
canonicalName: "LINEAR_API_KEY",
|
|
6523
|
+
required: false,
|
|
6524
|
+
secret: true,
|
|
6525
|
+
public: false,
|
|
6526
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6527
|
+
description: "Tenant-owned Linear API key for support/slash-command flows."
|
|
6528
|
+
},
|
|
6529
|
+
{
|
|
6530
|
+
idSuffix: "tenant.vercel.bypass-token",
|
|
6531
|
+
canonicalName: "VERCEL_AUTOMATION_BYPASS_SECRET",
|
|
6532
|
+
aliases: ["NEXT_PUBLIC_VERCEL_BYPASS_TOKEN"],
|
|
6533
|
+
required: false,
|
|
6534
|
+
secret: true,
|
|
6535
|
+
public: false,
|
|
6536
|
+
consumers: ["tenant-vercel-app", "tenant-deploy-tooling"],
|
|
6537
|
+
description: "Tenant-owned Vercel automation bypass token. Public alias is legacy and should be removed from app code."
|
|
4977
6538
|
}
|
|
4978
6539
|
];
|
|
4979
|
-
|
|
4980
|
-
(
|
|
6540
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.filter(
|
|
6541
|
+
(system) => TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS.includes(system.id)
|
|
6542
|
+
).flatMap(
|
|
6543
|
+
(system) => TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES.map(
|
|
6544
|
+
(template) => ({
|
|
6545
|
+
id: `tenant.${system.id}.${template.idSuffix}`,
|
|
6546
|
+
canonicalName: template.canonicalName,
|
|
6547
|
+
aliases: "aliases" in template ? template.aliases : void 0,
|
|
6548
|
+
owner: "tenant",
|
|
6549
|
+
scope: "tenant",
|
|
6550
|
+
sourcePath: system.sharedSourcePath,
|
|
6551
|
+
environmentPolicy: "environment_specific",
|
|
6552
|
+
required: template.required,
|
|
6553
|
+
secret: template.secret,
|
|
6554
|
+
public: template.public,
|
|
6555
|
+
consumers: template.consumers,
|
|
6556
|
+
destinations: [
|
|
6557
|
+
{
|
|
6558
|
+
kind: "vercel",
|
|
6559
|
+
target: system.vercelProjectName,
|
|
6560
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6561
|
+
},
|
|
6562
|
+
{
|
|
6563
|
+
kind: "convex",
|
|
6564
|
+
target: `${system.convex.preprodDeployment}|${system.convex.prodDeployment}`,
|
|
6565
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6566
|
+
},
|
|
6567
|
+
{
|
|
6568
|
+
kind: "github_actions",
|
|
6569
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6570
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6571
|
+
}
|
|
6572
|
+
],
|
|
6573
|
+
description: `${system.tenantKey}/${system.workspaceKey}: ${template.description}`
|
|
6574
|
+
})
|
|
6575
|
+
)
|
|
6576
|
+
);
|
|
6577
|
+
function tenantVercelConvexUrlWriteNames(system) {
|
|
6578
|
+
const names = [system.convex.urlEnv, "NEXT_PUBLIC_CONVEX_URL"];
|
|
6579
|
+
if (system.id === "stack-eng") {
|
|
6580
|
+
return [...names, "STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6581
|
+
}
|
|
6582
|
+
return names;
|
|
6583
|
+
}
|
|
6584
|
+
function tenantRepositoryConvexUrlWriteNames(system) {
|
|
6585
|
+
if (system.id === "stack-eng") {
|
|
6586
|
+
return [system.convex.urlEnv, "STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6587
|
+
}
|
|
6588
|
+
return [system.convex.urlEnv];
|
|
6589
|
+
}
|
|
6590
|
+
function tenantRepositoryConvexDeployKeyWriteNames(system) {
|
|
6591
|
+
if (system.id === "stack-eng") {
|
|
6592
|
+
return [system.convex.deployKeyEnv, "STACKOS_ENGINEERING_GRAPH_DEPLOY_KEY"];
|
|
6593
|
+
}
|
|
6594
|
+
return [system.convex.deployKeyEnv];
|
|
6595
|
+
}
|
|
6596
|
+
function tenantConvexUrlAliases(system) {
|
|
6597
|
+
if (system.id === "stack-frontend") {
|
|
6598
|
+
return [
|
|
6599
|
+
"CONVEX_PROD_URL",
|
|
6600
|
+
"CONVEX_STACK_V2_PROD_URL",
|
|
6601
|
+
"CONVEX_STACK_V2_STAGING_URL",
|
|
6602
|
+
"STACK_CONVEX_URL"
|
|
6603
|
+
];
|
|
6604
|
+
}
|
|
6605
|
+
if (system.id === "stackos") {
|
|
6606
|
+
return [
|
|
6607
|
+
"CONVEX_CLOUD_URL",
|
|
6608
|
+
"CONVEX_STACK_URL",
|
|
6609
|
+
"CONVEX_URL",
|
|
6610
|
+
"CONVEX_URL_DEVELOPMENT",
|
|
6611
|
+
"CONVEX_URL_PRODUCTION",
|
|
6612
|
+
"STACK_CONVEX_URL"
|
|
6613
|
+
];
|
|
6614
|
+
}
|
|
6615
|
+
if (system.id === "stack-eng") {
|
|
6616
|
+
return ["STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6617
|
+
}
|
|
6618
|
+
if (system.id === "lucern-graph") {
|
|
6619
|
+
return [
|
|
6620
|
+
"CONVEX_GRAPH_URL",
|
|
6621
|
+
"LUCERN_PROD_URL",
|
|
6622
|
+
"NEXT_PUBLIC_LUCERN_GRAPH_URL"
|
|
6623
|
+
];
|
|
6624
|
+
}
|
|
6625
|
+
return void 0;
|
|
6626
|
+
}
|
|
6627
|
+
function tenantConvexDeployKeyAliases(system) {
|
|
6628
|
+
if (system.id === "stack-frontend") {
|
|
6629
|
+
return [
|
|
6630
|
+
"CONVEX_STACK_V2_PROD_DEPLOY_KEY",
|
|
6631
|
+
"CONVEX_STACK_V2_STAGING_DEPLOY_KEY",
|
|
6632
|
+
"STACK_DEPLOY_KEY"
|
|
6633
|
+
];
|
|
6634
|
+
}
|
|
6635
|
+
if (system.id === "stackos") {
|
|
6636
|
+
return [
|
|
6637
|
+
"CONVEX_DEPLOY_KEY",
|
|
6638
|
+
"CONVEX_DEV_DEPLOY_KEY",
|
|
6639
|
+
"CONVEX_PROD_DEPLOY_KEY",
|
|
6640
|
+
"CONVEX_STACK_DEPLOY_KEY",
|
|
6641
|
+
"STACK_DEPLOY_KEY"
|
|
6642
|
+
];
|
|
6643
|
+
}
|
|
6644
|
+
if (system.id === "stack-eng") {
|
|
6645
|
+
return ["CONVEX_DEPLOY_KEY", "STACKOS_ENGINEERING_GRAPH_DEPLOY_KEY"];
|
|
6646
|
+
}
|
|
6647
|
+
if (system.id === "lucern-graph") {
|
|
6648
|
+
return [
|
|
6649
|
+
"CONVEX_DEPLOY_KEY",
|
|
6650
|
+
"CONVEX_GRAPH_DEPLOY_KEY",
|
|
6651
|
+
"LUCERN_CONVEX_DEPLOY_KEY",
|
|
6652
|
+
"LUCERN_DEV_DEPLOY_KEY",
|
|
6653
|
+
"LUCERN_PROD_DEPLOY_KEY"
|
|
6654
|
+
];
|
|
6655
|
+
}
|
|
6656
|
+
return void 0;
|
|
6657
|
+
}
|
|
6658
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap(
|
|
6659
|
+
(system) => {
|
|
6660
|
+
if (system.id === "lucern-graph") {
|
|
6661
|
+
return [
|
|
6662
|
+
{
|
|
6663
|
+
id: "tenant.lucern-graph.public.tenant-id",
|
|
6664
|
+
canonicalName: "NEXT_PUBLIC_LUCERN_GRAPH_TENANT_ID",
|
|
6665
|
+
aliases: ["NEXT_PUBLIC_LUCERN_TENANT_ID"],
|
|
6666
|
+
owner: "tenant",
|
|
6667
|
+
scope: "workspace",
|
|
6668
|
+
sourcePath: system.sharedSourcePath,
|
|
6669
|
+
environmentPolicy: "environment_specific",
|
|
6670
|
+
required: false,
|
|
6671
|
+
secret: false,
|
|
6672
|
+
public: true,
|
|
6673
|
+
consumers: ["tenant-vercel-app"],
|
|
6674
|
+
destinations: [
|
|
6675
|
+
{
|
|
6676
|
+
kind: "vercel",
|
|
6677
|
+
target: system.vercelProjectName,
|
|
6678
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6679
|
+
}
|
|
6680
|
+
],
|
|
6681
|
+
description: "Lucern graph public tenant id used by the standalone graph explorer."
|
|
6682
|
+
},
|
|
6683
|
+
{
|
|
6684
|
+
id: "tenant.lucern-graph.public.tenant-label",
|
|
6685
|
+
canonicalName: "NEXT_PUBLIC_LUCERN_GRAPH_TENANT_LABEL",
|
|
6686
|
+
owner: "tenant",
|
|
6687
|
+
scope: "workspace",
|
|
6688
|
+
sourcePath: system.sharedSourcePath,
|
|
6689
|
+
environmentPolicy: "environment_specific",
|
|
6690
|
+
required: false,
|
|
6691
|
+
secret: false,
|
|
6692
|
+
public: true,
|
|
6693
|
+
consumers: ["tenant-vercel-app"],
|
|
6694
|
+
destinations: [
|
|
6695
|
+
{
|
|
6696
|
+
kind: "vercel",
|
|
6697
|
+
target: system.vercelProjectName,
|
|
6698
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6699
|
+
}
|
|
6700
|
+
],
|
|
6701
|
+
description: "Lucern graph public tenant label used by the standalone graph explorer."
|
|
6702
|
+
}
|
|
6703
|
+
];
|
|
6704
|
+
}
|
|
6705
|
+
if (system.id === "stack-eng") {
|
|
6706
|
+
return [
|
|
6707
|
+
{
|
|
6708
|
+
id: "tenant.stack-eng.public.tenant-id",
|
|
6709
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_TENANT_ID",
|
|
6710
|
+
owner: "tenant",
|
|
6711
|
+
scope: "workspace",
|
|
6712
|
+
sourcePath: system.sharedSourcePath,
|
|
6713
|
+
environmentPolicy: "environment_specific",
|
|
6714
|
+
required: false,
|
|
6715
|
+
secret: false,
|
|
6716
|
+
public: true,
|
|
6717
|
+
consumers: ["tenant-vercel-app"],
|
|
6718
|
+
destinations: [
|
|
6719
|
+
{
|
|
6720
|
+
kind: "vercel",
|
|
6721
|
+
target: system.vercelProjectName,
|
|
6722
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6723
|
+
}
|
|
6724
|
+
],
|
|
6725
|
+
description: "Stack engineering graph public tenant id used by the graph explorer."
|
|
6726
|
+
},
|
|
6727
|
+
{
|
|
6728
|
+
id: "tenant.stack-eng.public.tenant-label",
|
|
6729
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_TENANT_LABEL",
|
|
6730
|
+
owner: "tenant",
|
|
6731
|
+
scope: "workspace",
|
|
6732
|
+
sourcePath: system.sharedSourcePath,
|
|
6733
|
+
environmentPolicy: "environment_specific",
|
|
6734
|
+
required: false,
|
|
6735
|
+
secret: false,
|
|
6736
|
+
public: true,
|
|
6737
|
+
consumers: ["tenant-vercel-app"],
|
|
6738
|
+
destinations: [
|
|
6739
|
+
{
|
|
6740
|
+
kind: "vercel",
|
|
6741
|
+
target: system.vercelProjectName,
|
|
6742
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6743
|
+
}
|
|
6744
|
+
],
|
|
6745
|
+
description: "Stack engineering graph public tenant label used by the graph explorer."
|
|
6746
|
+
},
|
|
6747
|
+
{
|
|
6748
|
+
id: "tenant.stack-eng.public.environment",
|
|
6749
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_ENV",
|
|
6750
|
+
owner: "tenant",
|
|
6751
|
+
scope: "workspace",
|
|
6752
|
+
sourcePath: system.sharedSourcePath,
|
|
6753
|
+
environmentPolicy: "environment_specific",
|
|
6754
|
+
required: false,
|
|
6755
|
+
secret: false,
|
|
6756
|
+
public: true,
|
|
6757
|
+
consumers: ["tenant-vercel-app"],
|
|
6758
|
+
destinations: [
|
|
6759
|
+
{
|
|
6760
|
+
kind: "vercel",
|
|
6761
|
+
target: system.vercelProjectName,
|
|
6762
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6763
|
+
}
|
|
6764
|
+
],
|
|
6765
|
+
description: "Stack engineering graph public environment label used by the graph explorer."
|
|
6766
|
+
}
|
|
6767
|
+
];
|
|
6768
|
+
}
|
|
6769
|
+
return [];
|
|
6770
|
+
}
|
|
4981
6771
|
);
|
|
6772
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap((system) => [
|
|
6773
|
+
{
|
|
6774
|
+
id: `tenant.${system.id}.convex.url`,
|
|
6775
|
+
canonicalName: system.convex.urlEnv,
|
|
6776
|
+
aliases: tenantConvexUrlAliases(system),
|
|
6777
|
+
owner: "tenant",
|
|
6778
|
+
scope: "software_system",
|
|
6779
|
+
sourcePath: system.sharedSourcePath,
|
|
6780
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6781
|
+
required: true,
|
|
6782
|
+
secret: false,
|
|
6783
|
+
public: false,
|
|
6784
|
+
consumers: [
|
|
6785
|
+
"tenant-vercel-app",
|
|
6786
|
+
"tenant-agent-runtime",
|
|
6787
|
+
"mc-operator-tooling"
|
|
6788
|
+
],
|
|
6789
|
+
destinations: [
|
|
6790
|
+
{
|
|
6791
|
+
kind: "vercel",
|
|
6792
|
+
target: system.vercelProjectName,
|
|
6793
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6794
|
+
writeNames: tenantVercelConvexUrlWriteNames(system)
|
|
6795
|
+
},
|
|
6796
|
+
{
|
|
6797
|
+
kind: "github_actions",
|
|
6798
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6799
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6800
|
+
writeNames: tenantRepositoryConvexUrlWriteNames(system),
|
|
6801
|
+
notes: "Only if that repository deploy/test workflow owns this software system."
|
|
6802
|
+
}
|
|
6803
|
+
],
|
|
6804
|
+
description: `${system.tenantKey}/${system.workspaceKey} Convex URL. Pre-prod resolves to ${system.convex.preprodDeployment}; prod resolves to ${system.convex.prodDeployment}.`
|
|
6805
|
+
},
|
|
6806
|
+
{
|
|
6807
|
+
id: `tenant.${system.id}.convex.deploy-key`,
|
|
6808
|
+
canonicalName: system.convex.deployKeyEnv,
|
|
6809
|
+
aliases: tenantConvexDeployKeyAliases(system),
|
|
6810
|
+
owner: "tenant",
|
|
6811
|
+
scope: "software_system",
|
|
6812
|
+
sourcePath: system.sharedSourcePath,
|
|
6813
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6814
|
+
required: true,
|
|
6815
|
+
secret: true,
|
|
6816
|
+
public: false,
|
|
6817
|
+
consumers: [
|
|
6818
|
+
"tenant-vercel-app",
|
|
6819
|
+
"tenant-agent-runtime",
|
|
6820
|
+
"mc-operator-tooling"
|
|
6821
|
+
],
|
|
6822
|
+
destinations: [
|
|
6823
|
+
{
|
|
6824
|
+
kind: "vercel",
|
|
6825
|
+
target: system.vercelProjectName,
|
|
6826
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6827
|
+
},
|
|
6828
|
+
{
|
|
6829
|
+
kind: "github_actions",
|
|
6830
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6831
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6832
|
+
writeNames: tenantRepositoryConvexDeployKeyWriteNames(system),
|
|
6833
|
+
notes: "Only if that repository deploy/test workflow owns this software system."
|
|
6834
|
+
}
|
|
6835
|
+
],
|
|
6836
|
+
description: `${system.tenantKey}/${system.workspaceKey} Convex deploy/admin key. Never route to sibling workspaces.`
|
|
6837
|
+
}
|
|
6838
|
+
]);
|
|
4982
6839
|
z.object({
|
|
4983
6840
|
manifestVersion: z.literal("1.0.0"),
|
|
4984
6841
|
rules: z.array(
|
|
@@ -5019,7 +6876,7 @@ var createEvidenceInputSchemaBase = z.object({
|
|
|
5019
6876
|
targetId: z.string().optional(),
|
|
5020
6877
|
targetNodeId: z.string().optional(),
|
|
5021
6878
|
linkedBeliefNodeId: z.string().optional(),
|
|
5022
|
-
evidenceRelation: z.enum(["supports", "contradicts"
|
|
6879
|
+
evidenceRelation: z.enum(["supports", "contradicts"]).optional(),
|
|
5023
6880
|
confidence: z.number().optional(),
|
|
5024
6881
|
weight: z.number().optional(),
|
|
5025
6882
|
reasoning: z.string().optional(),
|
|
@@ -5104,8 +6961,7 @@ var createEvidenceProjection = defineProjection({
|
|
|
5104
6961
|
evidenceRelation: v.optional(
|
|
5105
6962
|
v.union(
|
|
5106
6963
|
v.literal("supports"),
|
|
5107
|
-
v.literal("contradicts")
|
|
5108
|
-
v.literal("neutral")
|
|
6964
|
+
v.literal("contradicts")
|
|
5109
6965
|
)
|
|
5110
6966
|
),
|
|
5111
6967
|
confidence: v.optional(v.number()),
|
|
@@ -5130,7 +6986,7 @@ function compactRecord2(input) {
|
|
|
5130
6986
|
Object.entries(input).filter(([, value]) => value !== void 0)
|
|
5131
6987
|
);
|
|
5132
6988
|
}
|
|
5133
|
-
|
|
6989
|
+
defineProjection({
|
|
5134
6990
|
contractName: "list_beliefs",
|
|
5135
6991
|
inputSchema: listBeliefsInputSchema,
|
|
5136
6992
|
project: (input) => compactRecord2({
|
|
@@ -5154,12 +7010,17 @@ var listBeliefsProjection = defineProjection({
|
|
|
5154
7010
|
});
|
|
5155
7011
|
var taskStatusSchema = z.enum(["todo", "in_progress", "blocked", "done"]).optional().describe("Filter by task status");
|
|
5156
7012
|
var listTasksInputSchema = z.object({
|
|
5157
|
-
topicId: z.string().describe("Topic scope"),
|
|
7013
|
+
topicId: z.string().optional().describe("Topic scope"),
|
|
5158
7014
|
worktreeId: z.string().optional().describe("Alias for linkedWorktreeId"),
|
|
5159
7015
|
linkedWorktreeId: z.string().optional().describe("Filter to tasks linked to this worktree"),
|
|
5160
7016
|
status: taskStatusSchema,
|
|
5161
7017
|
limit: z.number().optional().describe("Maximum results")
|
|
5162
|
-
})
|
|
7018
|
+
}).refine(
|
|
7019
|
+
(input) => Boolean(input.topicId || input.worktreeId || input.linkedWorktreeId),
|
|
7020
|
+
{
|
|
7021
|
+
message: "topicId or worktreeId is required"
|
|
7022
|
+
}
|
|
7023
|
+
);
|
|
5163
7024
|
function compactRecord3(input) {
|
|
5164
7025
|
return Object.fromEntries(
|
|
5165
7026
|
Object.entries(input).filter(([, value]) => value !== void 0)
|
|
@@ -5176,7 +7037,7 @@ var listTasksProjection = defineProjection({
|
|
|
5176
7037
|
linkedWorktreeId: input.linkedWorktreeId ?? input.worktreeId
|
|
5177
7038
|
}),
|
|
5178
7039
|
convexArgsValidator: v.object({
|
|
5179
|
-
topicId: v.string(),
|
|
7040
|
+
topicId: v.optional(v.string()),
|
|
5180
7041
|
status: v.optional(
|
|
5181
7042
|
v.union(
|
|
5182
7043
|
v.literal("todo"),
|
|
@@ -6154,19 +8015,23 @@ var FIND_CONTRADICTIONS = {
|
|
|
6154
8015
|
};
|
|
6155
8016
|
var CREATE_EDGE = {
|
|
6156
8017
|
name: "create_edge",
|
|
6157
|
-
description: "Commit a typed relationship between two nodes in the reasoning graph. Like `git commit` \u2014 an atomic write that declares a dependency between nodes.
|
|
8018
|
+
description: "Commit a typed relationship between two nodes in the reasoning graph. Like `git commit` \u2014 an atomic write that declares a dependency between nodes. Accepts any public epistemic edge type between public graph node refs so agents can author the full spine.",
|
|
6158
8019
|
parameters: {
|
|
6159
|
-
|
|
6160
|
-
type: "
|
|
6161
|
-
description: "Source
|
|
8020
|
+
from: {
|
|
8021
|
+
type: "object",
|
|
8022
|
+
description: "Source graph ref, e.g. { kind: 'epistemic_node', nodeId: '...', nodeType: 'topic' }"
|
|
6162
8023
|
},
|
|
6163
|
-
|
|
6164
|
-
type: "
|
|
6165
|
-
description: "Target
|
|
8024
|
+
to: {
|
|
8025
|
+
type: "object",
|
|
8026
|
+
description: "Target graph ref, e.g. { kind: 'epistemic_node', nodeId: '...', nodeType: 'belief' }"
|
|
6166
8027
|
},
|
|
6167
8028
|
edgeType: {
|
|
6168
8029
|
type: "string",
|
|
6169
|
-
description: "Relationship type
|
|
8030
|
+
description: "Relationship type from the public epistemic edge enum."
|
|
8031
|
+
},
|
|
8032
|
+
globalId: {
|
|
8033
|
+
type: "string",
|
|
8034
|
+
description: "Optional idempotent edge global ID."
|
|
6170
8035
|
},
|
|
6171
8036
|
weight: {
|
|
6172
8037
|
type: "number",
|
|
@@ -6176,10 +8041,14 @@ var CREATE_EDGE = {
|
|
|
6176
8041
|
reasoningMethod: {
|
|
6177
8042
|
type: "string",
|
|
6178
8043
|
description: "How this was determined",
|
|
6179
|
-
enum: [
|
|
8044
|
+
enum: [...REASONING_METHODS]
|
|
8045
|
+
},
|
|
8046
|
+
metadata: {
|
|
8047
|
+
type: "object",
|
|
8048
|
+
description: "Optional edge metadata."
|
|
6180
8049
|
}
|
|
6181
8050
|
},
|
|
6182
|
-
required: ["
|
|
8051
|
+
required: ["from", "to", "edgeType"],
|
|
6183
8052
|
response: {
|
|
6184
8053
|
description: "The created edge",
|
|
6185
8054
|
fields: {
|
|
@@ -6193,6 +8062,240 @@ var CREATE_EDGE = {
|
|
|
6193
8062
|
ontologyPrimitive: "edge",
|
|
6194
8063
|
tier: "showcase"
|
|
6195
8064
|
};
|
|
8065
|
+
var UPDATE_EDGE = {
|
|
8066
|
+
name: "update_edge",
|
|
8067
|
+
description: "Amend metadata on an existing graph edge. Like `git commit --amend` \u2014 changes the edge annotation without recreating the relationship.",
|
|
8068
|
+
parameters: {
|
|
8069
|
+
edgeId: { type: "string", description: "Edge ID or global ID to update" },
|
|
8070
|
+
weight: { type: "number", description: "Updated edge weight" },
|
|
8071
|
+
confidence: { type: "number", description: "Updated confidence" },
|
|
8072
|
+
context: { type: "string", description: "Updated human-readable context" },
|
|
8073
|
+
derivationType: { type: "string", description: "Updated derivation type" },
|
|
8074
|
+
metadata: { type: "object", description: "Updated metadata" }
|
|
8075
|
+
},
|
|
8076
|
+
required: ["edgeId"],
|
|
8077
|
+
response: {
|
|
8078
|
+
description: "Edge update result",
|
|
8079
|
+
fields: { success: "boolean" }
|
|
8080
|
+
},
|
|
8081
|
+
ownerModule: "graph-primitives",
|
|
8082
|
+
ontologyPrimitive: "edge",
|
|
8083
|
+
tier: "workhorse"
|
|
8084
|
+
};
|
|
8085
|
+
var REMOVE_EDGE = {
|
|
8086
|
+
name: "remove_edge",
|
|
8087
|
+
description: "Remove one graph edge by ID. Like `git rm` \u2014 deletes a single explicit relationship from the spine.",
|
|
8088
|
+
parameters: {
|
|
8089
|
+
edgeId: { type: "string", description: "Edge ID or global ID to remove" }
|
|
8090
|
+
},
|
|
8091
|
+
required: ["edgeId"],
|
|
8092
|
+
response: {
|
|
8093
|
+
description: "Edge removal result",
|
|
8094
|
+
fields: { success: "boolean" }
|
|
8095
|
+
},
|
|
8096
|
+
ownerModule: "graph-primitives",
|
|
8097
|
+
ontologyPrimitive: "edge",
|
|
8098
|
+
tier: "workhorse"
|
|
8099
|
+
};
|
|
8100
|
+
var REMOVE_EDGES_BETWEEN = {
|
|
8101
|
+
name: "remove_edges_between",
|
|
8102
|
+
description: "Remove graph edges between two nodes. Like `git rm <pathspec>` \u2014 deletes relationships matching a source, target, and optional type.",
|
|
8103
|
+
parameters: {
|
|
8104
|
+
fromNodeId: { type: "string", description: "Source node ID or global ID" },
|
|
8105
|
+
toNodeId: { type: "string", description: "Target node ID or global ID" },
|
|
8106
|
+
edgeType: { type: "string", description: "Optional edge type filter" }
|
|
8107
|
+
},
|
|
8108
|
+
required: ["fromNodeId", "toNodeId"],
|
|
8109
|
+
response: {
|
|
8110
|
+
description: "Matched edge removal result",
|
|
8111
|
+
fields: { deleted: "number" }
|
|
8112
|
+
},
|
|
8113
|
+
ownerModule: "graph-primitives",
|
|
8114
|
+
ontologyPrimitive: "edge",
|
|
8115
|
+
tier: "workhorse"
|
|
8116
|
+
};
|
|
8117
|
+
var BATCH_CREATE_EDGES = {
|
|
8118
|
+
name: "batch_create_edges",
|
|
8119
|
+
description: "Commit multiple typed graph edges. Like `git commit` with many staged paths \u2014 writes a batch of explicit relationships atomically per edge.",
|
|
8120
|
+
parameters: {
|
|
8121
|
+
edges: {
|
|
8122
|
+
type: "array",
|
|
8123
|
+
description: "Edges to create, each with from, to, edgeType, and optional weight/confidence/context."
|
|
8124
|
+
},
|
|
8125
|
+
skipLayerValidation: {
|
|
8126
|
+
type: "boolean",
|
|
8127
|
+
description: "Skip kernel layer validation for trusted materialization flows."
|
|
8128
|
+
}
|
|
8129
|
+
},
|
|
8130
|
+
required: ["edges"],
|
|
8131
|
+
response: {
|
|
8132
|
+
description: "Batch edge creation result",
|
|
8133
|
+
fields: {
|
|
8134
|
+
created: "number",
|
|
8135
|
+
results: "array",
|
|
8136
|
+
errors: "array"
|
|
8137
|
+
}
|
|
8138
|
+
},
|
|
8139
|
+
ownerModule: "graph-primitives",
|
|
8140
|
+
ontologyPrimitive: "edge",
|
|
8141
|
+
tier: "workhorse"
|
|
8142
|
+
};
|
|
8143
|
+
var CREATE_EPISTEMIC_NODE = {
|
|
8144
|
+
name: "create_epistemic_node",
|
|
8145
|
+
description: "Commit a generic epistemic graph node. Like `git commit` \u2014 creates a canonical node in the public spine for topics, beliefs, evidence, questions, answers, sources, and entities.",
|
|
8146
|
+
parameters: {
|
|
8147
|
+
globalId: { type: "string", description: "Optional idempotent node global ID" },
|
|
8148
|
+
nodeType: { type: "string", description: "Public epistemic node type" },
|
|
8149
|
+
canonicalText: { type: "string", description: "Canonical node text" },
|
|
8150
|
+
text: { type: "string", description: "Alias for canonicalText" },
|
|
8151
|
+
contentHash: { type: "string", description: "Optional idempotency content hash" },
|
|
8152
|
+
sourceType: { type: "string", description: "Source type for provenance" },
|
|
8153
|
+
topicId: { type: "string", description: "Optional topic scope" },
|
|
8154
|
+
content: { type: "string", description: "Extended content" },
|
|
8155
|
+
title: { type: "string", description: "Display title" },
|
|
8156
|
+
metadata: { type: "object", description: "Optional node metadata" }
|
|
8157
|
+
},
|
|
8158
|
+
required: ["nodeType"],
|
|
8159
|
+
response: {
|
|
8160
|
+
description: "Created node result",
|
|
8161
|
+
fields: {
|
|
8162
|
+
nodeId: "string",
|
|
8163
|
+
nodeGlobalId: "string",
|
|
8164
|
+
isDuplicate: "boolean"
|
|
8165
|
+
}
|
|
8166
|
+
},
|
|
8167
|
+
ownerModule: "reasoning-kernel",
|
|
8168
|
+
ontologyPrimitive: "graph",
|
|
8169
|
+
tier: "showcase"
|
|
8170
|
+
};
|
|
8171
|
+
var GET_EPISTEMIC_NODE = {
|
|
8172
|
+
name: "get_epistemic_node",
|
|
8173
|
+
description: "Read one epistemic graph node. Like `git show` \u2014 resolves a canonical spine node by ID or global ID.",
|
|
8174
|
+
parameters: {
|
|
8175
|
+
nodeId: { type: "string", description: "Node ID or global ID" }
|
|
8176
|
+
},
|
|
8177
|
+
required: ["nodeId"],
|
|
8178
|
+
response: {
|
|
8179
|
+
description: "The resolved node",
|
|
8180
|
+
fields: { node: "object" }
|
|
8181
|
+
},
|
|
8182
|
+
ownerModule: "reasoning-kernel",
|
|
8183
|
+
ontologyPrimitive: "graph",
|
|
8184
|
+
tier: "workhorse"
|
|
8185
|
+
};
|
|
8186
|
+
var LIST_EPISTEMIC_NODES = {
|
|
8187
|
+
name: "list_epistemic_nodes",
|
|
8188
|
+
description: "List epistemic graph nodes. Like `git ls-tree` \u2014 lists canonical spine nodes by topic, type, status, or search query.",
|
|
8189
|
+
parameters: {
|
|
8190
|
+
topicId: { type: "string", description: "Optional topic scope" },
|
|
8191
|
+
nodeType: { type: "string", description: "Optional node type filter" },
|
|
8192
|
+
status: { type: "string", description: "Optional lifecycle status" },
|
|
8193
|
+
searchQuery: { type: "string", description: "Optional text search query" },
|
|
8194
|
+
limit: { type: "number", description: "Maximum nodes to return" }
|
|
8195
|
+
},
|
|
8196
|
+
required: [],
|
|
8197
|
+
response: {
|
|
8198
|
+
description: "Matching nodes",
|
|
8199
|
+
fields: { nodes: "array" }
|
|
8200
|
+
},
|
|
8201
|
+
ownerModule: "reasoning-kernel",
|
|
8202
|
+
ontologyPrimitive: "graph",
|
|
8203
|
+
tier: "workhorse"
|
|
8204
|
+
};
|
|
8205
|
+
var UPDATE_EPISTEMIC_NODE = {
|
|
8206
|
+
name: "update_epistemic_node",
|
|
8207
|
+
description: "Amend an epistemic graph node. Like `git commit --amend` \u2014 updates mutable node metadata, text, status, or verification fields.",
|
|
8208
|
+
parameters: {
|
|
8209
|
+
nodeId: { type: "string", description: "Node ID or global ID" },
|
|
8210
|
+
canonicalText: { type: "string", description: "Updated canonical text" },
|
|
8211
|
+
text: { type: "string", description: "Alias for canonicalText" },
|
|
8212
|
+
contentHash: { type: "string", description: "Updated content hash" },
|
|
8213
|
+
content: { type: "string", description: "Updated content" },
|
|
8214
|
+
title: { type: "string", description: "Updated display title" },
|
|
8215
|
+
metadata: { type: "object", description: "Updated metadata" },
|
|
8216
|
+
confidence: { type: "number", description: "Updated confidence" },
|
|
8217
|
+
verificationStatus: { type: "string", description: "Updated verification status" },
|
|
8218
|
+
status: { type: "string", description: "Updated lifecycle status" }
|
|
8219
|
+
},
|
|
8220
|
+
required: ["nodeId"],
|
|
8221
|
+
response: {
|
|
8222
|
+
description: "Node update result",
|
|
8223
|
+
fields: { success: "boolean" }
|
|
8224
|
+
},
|
|
8225
|
+
ownerModule: "reasoning-kernel",
|
|
8226
|
+
ontologyPrimitive: "graph",
|
|
8227
|
+
tier: "workhorse"
|
|
8228
|
+
};
|
|
8229
|
+
var ARCHIVE_EPISTEMIC_NODE = {
|
|
8230
|
+
name: "archive_epistemic_node",
|
|
8231
|
+
description: "Archive an epistemic graph node. Like `git rm --cached` \u2014 removes a node from active traversal without hard-deleting it.",
|
|
8232
|
+
parameters: {
|
|
8233
|
+
nodeId: { type: "string", description: "Node ID or global ID" }
|
|
8234
|
+
},
|
|
8235
|
+
required: ["nodeId"],
|
|
8236
|
+
response: {
|
|
8237
|
+
description: "Archive result",
|
|
8238
|
+
fields: { success: "boolean", effectiveStatus: "string" }
|
|
8239
|
+
},
|
|
8240
|
+
ownerModule: "reasoning-kernel",
|
|
8241
|
+
ontologyPrimitive: "graph",
|
|
8242
|
+
tier: "workhorse"
|
|
8243
|
+
};
|
|
8244
|
+
var VERIFY_EPISTEMIC_NODE = {
|
|
8245
|
+
name: "verify_epistemic_node",
|
|
8246
|
+
description: "Record verification state on an epistemic graph node. Like `git tag` \u2014 marks the node with a reviewed verification state.",
|
|
8247
|
+
parameters: {
|
|
8248
|
+
nodeId: { type: "string", description: "Node ID or global ID" },
|
|
8249
|
+
verificationStatus: { type: "string", description: "Verification status" },
|
|
8250
|
+
confidence: { type: "number", description: "Optional confidence update" }
|
|
8251
|
+
},
|
|
8252
|
+
required: ["nodeId", "verificationStatus"],
|
|
8253
|
+
response: {
|
|
8254
|
+
description: "Verification result",
|
|
8255
|
+
fields: { success: "boolean" }
|
|
8256
|
+
},
|
|
8257
|
+
ownerModule: "reasoning-kernel",
|
|
8258
|
+
ontologyPrimitive: "graph",
|
|
8259
|
+
tier: "workhorse"
|
|
8260
|
+
};
|
|
8261
|
+
var SUPERSEDE_EPISTEMIC_NODE = {
|
|
8262
|
+
name: "supersede_epistemic_node",
|
|
8263
|
+
description: "Supersede an epistemic graph node with a new version. Like `git commit --amend` on an immutable history branch \u2014 creates the replacement and marks the old node superseded.",
|
|
8264
|
+
parameters: {
|
|
8265
|
+
oldNodeId: { type: "string", description: "Node ID or global ID to supersede" },
|
|
8266
|
+
newGlobalId: { type: "string", description: "Optional replacement global ID" },
|
|
8267
|
+
newCanonicalText: { type: "string", description: "Replacement canonical text" },
|
|
8268
|
+
text: { type: "string", description: "Alias for newCanonicalText" },
|
|
8269
|
+
newContentHash: { type: "string", description: "Optional replacement content hash" },
|
|
8270
|
+
reason: { type: "string", description: "Reason for superseding" }
|
|
8271
|
+
},
|
|
8272
|
+
required: ["oldNodeId"],
|
|
8273
|
+
response: {
|
|
8274
|
+
description: "Supersede result",
|
|
8275
|
+
fields: { oldNodeId: "string", newNodeId: "string" }
|
|
8276
|
+
},
|
|
8277
|
+
ownerModule: "reasoning-kernel",
|
|
8278
|
+
ontologyPrimitive: "graph",
|
|
8279
|
+
tier: "workhorse"
|
|
8280
|
+
};
|
|
8281
|
+
var BATCH_CREATE_EPISTEMIC_NODES = {
|
|
8282
|
+
name: "batch_create_epistemic_nodes",
|
|
8283
|
+
description: "Commit multiple epistemic graph nodes. Like `git commit` with many staged files \u2014 writes a batch of canonical spine nodes.",
|
|
8284
|
+
parameters: {
|
|
8285
|
+
nodes: {
|
|
8286
|
+
type: "array",
|
|
8287
|
+
description: "Nodes to create with nodeType, canonicalText/text, and optional metadata."
|
|
8288
|
+
}
|
|
8289
|
+
},
|
|
8290
|
+
required: ["nodes"],
|
|
8291
|
+
response: {
|
|
8292
|
+
description: "Batch node creation result",
|
|
8293
|
+
fields: { created: "number", results: "array" }
|
|
8294
|
+
},
|
|
8295
|
+
ownerModule: "reasoning-kernel",
|
|
8296
|
+
ontologyPrimitive: "graph",
|
|
8297
|
+
tier: "workhorse"
|
|
8298
|
+
};
|
|
6196
8299
|
var RECORD_JUDGMENT = {
|
|
6197
8300
|
name: "record_judgment",
|
|
6198
8301
|
description: "Record a judgment \u2014 an irreversible commitment based on the current epistemic state. Like a `git tag` marking a release. A judgment synthesizes beliefs, evidence, and uncertainties into a determination. Once issued, a judgment is evaluated against the epistemic state that existed when it was made (knowledge horizon evaluation, Invariant #10).",
|
|
@@ -7392,8 +9495,8 @@ var IDENTITY_WHOAMI = {
|
|
|
7392
9495
|
response: {
|
|
7393
9496
|
description: "Canonical identity summary for the current session",
|
|
7394
9497
|
fields: {
|
|
7395
|
-
principalId: "string \u2014 canonical
|
|
7396
|
-
principalType: "string \u2014 human, service, or
|
|
9498
|
+
principalId: "string \u2014 canonical principal identifier; for humans this is the Clerk user_... ID",
|
|
9499
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
7397
9500
|
tenantId: "string | undefined \u2014 resolved tenant scope",
|
|
7398
9501
|
workspaceId: "string | undefined \u2014 resolved workspace scope",
|
|
7399
9502
|
scopes: "string[] | undefined \u2014 granted scopes for this session",
|
|
@@ -7404,6 +9507,49 @@ var IDENTITY_WHOAMI = {
|
|
|
7404
9507
|
ontologyPrimitive: "identity",
|
|
7405
9508
|
tier: "workhorse"
|
|
7406
9509
|
};
|
|
9510
|
+
var RESOLVE_INTERACTIVE_PRINCIPAL = {
|
|
9511
|
+
name: "resolve_interactive_principal",
|
|
9512
|
+
description: "Read the Permit-backed Lucern principal context for an authenticated Clerk user. Like `git config --get user.email` plus the repository ACL \u2014 resolves the Clerk subject into tenant/workspace authorization context.",
|
|
9513
|
+
parameters: {
|
|
9514
|
+
clerkId: {
|
|
9515
|
+
type: "string",
|
|
9516
|
+
description: "Authenticated Clerk subject (`sub`). Clerk proves identity only; it is not the authorization record."
|
|
9517
|
+
},
|
|
9518
|
+
tenantId: {
|
|
9519
|
+
type: "string",
|
|
9520
|
+
description: "Optional tenant scope. Omit only when the Clerk alias is globally unambiguous."
|
|
9521
|
+
},
|
|
9522
|
+
workspaceId: {
|
|
9523
|
+
type: "string",
|
|
9524
|
+
description: "Optional workspace scope. Required when the principal has access to multiple workspaces and no default can be inferred."
|
|
9525
|
+
},
|
|
9526
|
+
providerProjectId: {
|
|
9527
|
+
type: "string",
|
|
9528
|
+
description: "Optional Clerk project or provider instance id for tenants with multiple identity providers."
|
|
9529
|
+
}
|
|
9530
|
+
},
|
|
9531
|
+
required: ["clerkId"],
|
|
9532
|
+
response: {
|
|
9533
|
+
description: "Permit-backed Lucern principal context for tenant SDK bootstrap",
|
|
9534
|
+
fields: {
|
|
9535
|
+
principalId: "string \u2014 canonical Clerk user_... ID for human sessions",
|
|
9536
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
9537
|
+
clerkId: "string \u2014 authenticated Clerk subject alias",
|
|
9538
|
+
tenantId: "string \u2014 resolved tenant scope",
|
|
9539
|
+
workspaceId: "string | null \u2014 resolved workspace scope",
|
|
9540
|
+
roles: "string[] \u2014 effective Permit roles",
|
|
9541
|
+
scopes: "string[] \u2014 effective scopes derived from Permit/control-plane projection",
|
|
9542
|
+
groupIds: "string[] \u2014 active Permit group memberships",
|
|
9543
|
+
principalStatus: "string \u2014 active, invited, suspended, disabled, revoked, or missing",
|
|
9544
|
+
tenantStatus: "string \u2014 projected tenant resource status",
|
|
9545
|
+
workspaceStatus: "string \u2014 projected workspace resource status",
|
|
9546
|
+
permit: "object \u2014 Permit subject, tenant, and optional workspace tuple"
|
|
9547
|
+
}
|
|
9548
|
+
},
|
|
9549
|
+
ownerModule: "control-plane",
|
|
9550
|
+
ontologyPrimitive: "identity",
|
|
9551
|
+
tier: "workhorse"
|
|
9552
|
+
};
|
|
7407
9553
|
var COMPILE_CONTEXT = {
|
|
7408
9554
|
name: "compile_context",
|
|
7409
9555
|
description: "Compile a focused reasoning context. If topicId is omitted, Lucern resolves the best topic from the query. Like `git log --graph --decorate` for the reasoning substrate \u2014 returns the canonical Pillar 3 context pack through the public API shape.",
|
|
@@ -7665,6 +9811,10 @@ var CREATE_TASK = {
|
|
|
7665
9811
|
tags: {
|
|
7666
9812
|
type: "array",
|
|
7667
9813
|
description: "Free-form string tags"
|
|
9814
|
+
},
|
|
9815
|
+
metadata: {
|
|
9816
|
+
type: "object",
|
|
9817
|
+
description: "Structured task metadata for handoff context and routing hints"
|
|
7668
9818
|
}
|
|
7669
9819
|
},
|
|
7670
9820
|
required: ["title"],
|
|
@@ -7738,6 +9888,10 @@ var UPDATE_TASK = {
|
|
|
7738
9888
|
type: "string",
|
|
7739
9889
|
description: "Updated status",
|
|
7740
9890
|
enum: ["todo", "in_progress", "blocked", "done"]
|
|
9891
|
+
},
|
|
9892
|
+
metadata: {
|
|
9893
|
+
type: "object",
|
|
9894
|
+
description: "Structured task metadata to replace or refine"
|
|
7741
9895
|
}
|
|
7742
9896
|
},
|
|
7743
9897
|
required: ["taskId"],
|
|
@@ -7785,6 +9939,10 @@ var CREATE_TOPIC = {
|
|
|
7785
9939
|
name: "create_topic",
|
|
7786
9940
|
description: "Create a new topic container for scoping knowledge. Like `git init` \u2014 initializes a new repository for a knowledge domain. Topics are hierarchical: a deal topic can nest under a theme topic. Types: domain, theme, deal, strategy, constitution, project, portfolio.",
|
|
7787
9941
|
parameters: {
|
|
9942
|
+
globalId: {
|
|
9943
|
+
type: "string",
|
|
9944
|
+
description: "Optional idempotent topic global ID"
|
|
9945
|
+
},
|
|
7788
9946
|
name: { type: "string", description: "Topic name" },
|
|
7789
9947
|
type: {
|
|
7790
9948
|
type: "string",
|
|
@@ -7795,6 +9953,18 @@ var CREATE_TOPIC = {
|
|
|
7795
9953
|
type: "string",
|
|
7796
9954
|
description: "Optional parent topic for nesting"
|
|
7797
9955
|
},
|
|
9956
|
+
parentTopicGlobalId: {
|
|
9957
|
+
type: "string",
|
|
9958
|
+
description: "Optional parent topic global ID for nesting"
|
|
9959
|
+
},
|
|
9960
|
+
tenantId: { type: "string", description: "Optional tenant scope" },
|
|
9961
|
+
workspaceId: { type: "string", description: "Optional workspace scope" },
|
|
9962
|
+
visibility: {
|
|
9963
|
+
type: "string",
|
|
9964
|
+
description: "Topic visibility",
|
|
9965
|
+
enum: ["private", "team", "firm", "external", "public"]
|
|
9966
|
+
},
|
|
9967
|
+
metadata: { type: "object", description: "Optional topic metadata" },
|
|
7798
9968
|
createdBy: { type: "string", description: "Who created this topic" }
|
|
7799
9969
|
},
|
|
7800
9970
|
required: ["name", "type"],
|
|
@@ -7803,6 +9973,9 @@ var CREATE_TOPIC = {
|
|
|
7803
9973
|
fields: {
|
|
7804
9974
|
id: "string \u2014 topic ID",
|
|
7805
9975
|
globalId: "string \u2014 globally unique ID",
|
|
9976
|
+
topicGlobalId: "string \u2014 topic global ID",
|
|
9977
|
+
epistemicNodeId: "string \u2014 materialized topic node ID",
|
|
9978
|
+
epistemicNodeGlobalId: "string \u2014 materialized topic node global ID",
|
|
7806
9979
|
depth: "number \u2014 nesting depth"
|
|
7807
9980
|
}
|
|
7808
9981
|
},
|
|
@@ -7933,6 +10106,65 @@ var GET_TOPIC_TREE = {
|
|
|
7933
10106
|
ontologyPrimitive: "graph",
|
|
7934
10107
|
tier: "workhorse"
|
|
7935
10108
|
};
|
|
10109
|
+
var MATERIALIZE_TOPIC_GRAPH = {
|
|
10110
|
+
name: "materialize_topic_graph",
|
|
10111
|
+
description: "Backfill the topic graph spine. Like `git fsck --connectivity-only` with repair enabled \u2014 creates missing topic nodes and parent-child edges idempotently.",
|
|
10112
|
+
parameters: {
|
|
10113
|
+
rootTopicId: {
|
|
10114
|
+
type: "string",
|
|
10115
|
+
description: "Optional root topic for a bounded materialization pass"
|
|
10116
|
+
},
|
|
10117
|
+
dryRun: {
|
|
10118
|
+
type: "boolean",
|
|
10119
|
+
description: "When true, report missing rows without writing them"
|
|
10120
|
+
}
|
|
10121
|
+
},
|
|
10122
|
+
required: [],
|
|
10123
|
+
response: {
|
|
10124
|
+
description: "Topic graph materialization counts",
|
|
10125
|
+
fields: {
|
|
10126
|
+
topicsSeen: "number",
|
|
10127
|
+
nodesCreated: "number",
|
|
10128
|
+
nodesExisting: "number",
|
|
10129
|
+
edgesCreated: "number",
|
|
10130
|
+
edgesExisting: "number",
|
|
10131
|
+
errors: "array"
|
|
10132
|
+
}
|
|
10133
|
+
},
|
|
10134
|
+
ownerModule: "reasoning-kernel",
|
|
10135
|
+
ontologyPrimitive: "graph",
|
|
10136
|
+
tier: "workhorse"
|
|
10137
|
+
};
|
|
10138
|
+
var GET_TOPIC_GRAPH_SPINE = {
|
|
10139
|
+
name: "get_topic_graph_spine",
|
|
10140
|
+
description: "Verify the topic graph spine. Like `git fsck` \u2014 reads topics, materialized topic nodes, parent-child edges, and missing spine rows.",
|
|
10141
|
+
parameters: {
|
|
10142
|
+
rootTopicId: {
|
|
10143
|
+
type: "string",
|
|
10144
|
+
description: "Optional root topic for a bounded verifier pass"
|
|
10145
|
+
},
|
|
10146
|
+
includeTopicBeliefEdges: {
|
|
10147
|
+
type: "boolean",
|
|
10148
|
+
description: "Include topic -> belief edges in the verifier payload"
|
|
10149
|
+
}
|
|
10150
|
+
},
|
|
10151
|
+
required: [],
|
|
10152
|
+
response: {
|
|
10153
|
+
description: "Topic graph spine verification payload",
|
|
10154
|
+
fields: {
|
|
10155
|
+
ok: "boolean",
|
|
10156
|
+
counts: "object",
|
|
10157
|
+
topics: "array",
|
|
10158
|
+
topicNodes: "array",
|
|
10159
|
+
parentEdges: "array",
|
|
10160
|
+
missingTopicNodes: "array",
|
|
10161
|
+
missingParentEdges: "array"
|
|
10162
|
+
}
|
|
10163
|
+
},
|
|
10164
|
+
ownerModule: "reasoning-kernel",
|
|
10165
|
+
ontologyPrimitive: "graph",
|
|
10166
|
+
tier: "workhorse"
|
|
10167
|
+
};
|
|
7936
10168
|
var GET_CODE_CONTEXT = {
|
|
7937
10169
|
name: "get_code_context",
|
|
7938
10170
|
description: "Returns code-grounded beliefs, contracts, migration states, and failed attempts anchored to a specific file or function path. Like `git log -- <path>` \u2014 filters the knowledge graph to nodes anchored to a file path via metadata.codeAnchors. Results are separated by coding belief type: decisions, contracts, migrations, patterns, deprecations, and failures.",
|
|
@@ -8128,7 +10360,7 @@ var MANAGE_WRITE_POLICY = {
|
|
|
8128
10360
|
},
|
|
8129
10361
|
role: {
|
|
8130
10362
|
type: "string",
|
|
8131
|
-
description: "Role to set policy for (required for 'set'). E.g. 'agent:internal'
|
|
10363
|
+
description: "Role to set policy for (required for 'set'). E.g. 'agent:internal' or a Permit role key such as 'workspace_admin'."
|
|
8132
10364
|
},
|
|
8133
10365
|
permission: {
|
|
8134
10366
|
type: "string",
|
|
@@ -9115,6 +11347,9 @@ var BEGIN_BUILD_SESSION = {
|
|
|
9115
11347
|
sessionMode: "string \u2014 async | interactive",
|
|
9116
11348
|
targetBeliefIds: "array \u2014 scoped belief IDs",
|
|
9117
11349
|
targetQuestionIds: "array \u2014 scoped question IDs",
|
|
11350
|
+
taskIds: "array \u2014 assigned task IDs for this worktree",
|
|
11351
|
+
incompleteTaskIds: "array \u2014 assigned task IDs that still require done/deferred/blocked proof",
|
|
11352
|
+
tasks: "array \u2014 assigned task packet with id, title, status, priority, links, and summaries",
|
|
9118
11353
|
topBeliefs: "array \u2014 highest-confidence scoped beliefs",
|
|
9119
11354
|
openQuestions: "array \u2014 open scoped questions",
|
|
9120
11355
|
resolvedDecisions: "array \u2014 answered questions summarized for the session",
|
|
@@ -9170,6 +11405,19 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9170
11405
|
bisect_confidence: BISECT_CONFIDENCE,
|
|
9171
11406
|
// Edges (commit)
|
|
9172
11407
|
create_edge: CREATE_EDGE,
|
|
11408
|
+
update_edge: UPDATE_EDGE,
|
|
11409
|
+
remove_edge: REMOVE_EDGE,
|
|
11410
|
+
remove_edges_between: REMOVE_EDGES_BETWEEN,
|
|
11411
|
+
batch_create_edges: BATCH_CREATE_EDGES,
|
|
11412
|
+
// Epistemic node spine (commit/amend/show)
|
|
11413
|
+
create_epistemic_node: CREATE_EPISTEMIC_NODE,
|
|
11414
|
+
get_epistemic_node: GET_EPISTEMIC_NODE,
|
|
11415
|
+
list_epistemic_nodes: LIST_EPISTEMIC_NODES,
|
|
11416
|
+
update_epistemic_node: UPDATE_EPISTEMIC_NODE,
|
|
11417
|
+
archive_epistemic_node: ARCHIVE_EPISTEMIC_NODE,
|
|
11418
|
+
verify_epistemic_node: VERIFY_EPISTEMIC_NODE,
|
|
11419
|
+
supersede_epistemic_node: SUPERSEDE_EPISTEMIC_NODE,
|
|
11420
|
+
batch_create_epistemic_nodes: BATCH_CREATE_EPISTEMIC_NODES,
|
|
9173
11421
|
// Judgments (tag)
|
|
9174
11422
|
record_judgment: RECORD_JUDGMENT,
|
|
9175
11423
|
// Graph intelligence (showcase)
|
|
@@ -9204,6 +11452,7 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9204
11452
|
update_worktree_targets: UPDATE_WORKTREE_TARGETS,
|
|
9205
11453
|
update_worktree_metadata: UPDATE_WORKTREE_METADATA,
|
|
9206
11454
|
identity_whoami: IDENTITY_WHOAMI,
|
|
11455
|
+
resolve_interactive_principal: RESOLVE_INTERACTIVE_PRINCIPAL,
|
|
9207
11456
|
compile_context: COMPILE_CONTEXT,
|
|
9208
11457
|
record_scope_learning: RECORD_SCOPE_LEARNING,
|
|
9209
11458
|
pipeline_snapshot: PIPELINE_SNAPSHOT,
|
|
@@ -9243,6 +11492,8 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9243
11492
|
get_topic: GET_TOPIC,
|
|
9244
11493
|
update_topic: UPDATE_TOPIC,
|
|
9245
11494
|
get_topic_tree: GET_TOPIC_TREE,
|
|
11495
|
+
materialize_topic_graph: MATERIALIZE_TOPIC_GRAPH,
|
|
11496
|
+
get_topic_graph_spine: GET_TOPIC_GRAPH_SPINE,
|
|
9246
11497
|
// Coding intelligence (code-grounded knowledge)
|
|
9247
11498
|
get_code_context: GET_CODE_CONTEXT,
|
|
9248
11499
|
get_change_history: GET_CHANGE_HISTORY,
|
|
@@ -9319,6 +11570,7 @@ function entries(names, surfaceClass, surfaceIntent, surfaces, rationale) {
|
|
|
9319
11570
|
var MCP_CORE_OPERATION_NAMES = [
|
|
9320
11571
|
"compile_context",
|
|
9321
11572
|
"identity_whoami",
|
|
11573
|
+
"resolve_interactive_principal",
|
|
9322
11574
|
"check_permission",
|
|
9323
11575
|
"filter_by_permission",
|
|
9324
11576
|
"create_belief",
|
|
@@ -9347,14 +11599,28 @@ var MCP_CORE_OPERATION_NAMES = [
|
|
|
9347
11599
|
"find_missing_questions",
|
|
9348
11600
|
"get_high_priority_questions",
|
|
9349
11601
|
"get_falsification_questions",
|
|
11602
|
+
"create_epistemic_node",
|
|
11603
|
+
"get_epistemic_node",
|
|
11604
|
+
"list_epistemic_nodes",
|
|
11605
|
+
"update_epistemic_node",
|
|
11606
|
+
"archive_epistemic_node",
|
|
11607
|
+
"verify_epistemic_node",
|
|
11608
|
+
"supersede_epistemic_node",
|
|
11609
|
+
"batch_create_epistemic_nodes",
|
|
9350
11610
|
"create_topic",
|
|
9351
11611
|
"get_topic",
|
|
9352
11612
|
"list_topics",
|
|
9353
11613
|
"update_topic",
|
|
9354
|
-
"get_topic_tree"
|
|
11614
|
+
"get_topic_tree",
|
|
11615
|
+
"materialize_topic_graph",
|
|
11616
|
+
"get_topic_graph_spine"
|
|
9355
11617
|
];
|
|
9356
11618
|
var MCP_ANALYSIS_PLATFORM_OPERATION_NAMES = [
|
|
9357
11619
|
"create_edge",
|
|
11620
|
+
"update_edge",
|
|
11621
|
+
"remove_edge",
|
|
11622
|
+
"remove_edges_between",
|
|
11623
|
+
"batch_create_edges",
|
|
9358
11624
|
"query_lineage",
|
|
9359
11625
|
"traverse_graph",
|
|
9360
11626
|
"get_graph_neighborhood",
|
|
@@ -9686,12 +11952,20 @@ function unwrapMcpParameterSchema(schema) {
|
|
|
9686
11952
|
current = current._def.schema;
|
|
9687
11953
|
continue;
|
|
9688
11954
|
default:
|
|
9689
|
-
return {
|
|
11955
|
+
return {
|
|
11956
|
+
schema: current,
|
|
11957
|
+
required,
|
|
11958
|
+
description: description ?? current.description
|
|
11959
|
+
};
|
|
9690
11960
|
}
|
|
9691
11961
|
}
|
|
9692
11962
|
}
|
|
9693
11963
|
function mcpParameterFromZod(fieldName, schema, contractName) {
|
|
9694
|
-
const {
|
|
11964
|
+
const {
|
|
11965
|
+
schema: unwrapped,
|
|
11966
|
+
required,
|
|
11967
|
+
description: schemaDescription
|
|
11968
|
+
} = unwrapMcpParameterSchema(schema);
|
|
9695
11969
|
const description = schemaDescription ?? unwrapped.description ?? fieldName;
|
|
9696
11970
|
switch (unwrapped._def.typeName) {
|
|
9697
11971
|
case z.ZodFirstPartyTypeKind.ZodString:
|
|
@@ -9736,10 +12010,12 @@ function mcpContractFromArgsSchema(base, args, contractName) {
|
|
|
9736
12010
|
const entries2 = Object.entries(getObjectShape(args)).sort(
|
|
9737
12011
|
([left], [right]) => left.localeCompare(right)
|
|
9738
12012
|
);
|
|
9739
|
-
const converted = entries2.map(
|
|
9740
|
-
fieldName,
|
|
9741
|
-
|
|
9742
|
-
|
|
12013
|
+
const converted = entries2.map(
|
|
12014
|
+
([fieldName, schema]) => [
|
|
12015
|
+
fieldName,
|
|
12016
|
+
mcpParameterFromZod(fieldName, schema, contractName)
|
|
12017
|
+
]
|
|
12018
|
+
);
|
|
9743
12019
|
return {
|
|
9744
12020
|
...base,
|
|
9745
12021
|
parameters: Object.fromEntries(
|
|
@@ -9848,9 +12124,16 @@ function surfaceContract(args) {
|
|
|
9848
12124
|
scopes: args.scopes ?? [
|
|
9849
12125
|
args.kind === "query" ? `${args.domain}.read` : `${args.domain}.write`
|
|
9850
12126
|
],
|
|
9851
|
-
allowedPrincipalTypes: [
|
|
12127
|
+
allowedPrincipalTypes: [
|
|
12128
|
+
"user",
|
|
12129
|
+
"service",
|
|
12130
|
+
"agent",
|
|
12131
|
+
"group",
|
|
12132
|
+
"external_viewer"
|
|
12133
|
+
]
|
|
9852
12134
|
},
|
|
9853
12135
|
convex: args.convex,
|
|
12136
|
+
gateway: args.gateway,
|
|
9854
12137
|
args: canonicalArgs,
|
|
9855
12138
|
returns: canonicalReturns,
|
|
9856
12139
|
input,
|
|
@@ -9989,8 +12272,6 @@ var contextContracts = [
|
|
|
9989
12272
|
args: observationContextArgs
|
|
9990
12273
|
})
|
|
9991
12274
|
];
|
|
9992
|
-
|
|
9993
|
-
// ../contracts/src/function-registry/identity.ts
|
|
9994
12275
|
var withPrincipal = (input, context) => ({
|
|
9995
12276
|
...input,
|
|
9996
12277
|
tenantId: input.tenantId ?? context.tenantId,
|
|
@@ -10009,11 +12290,30 @@ var identityContracts = [
|
|
|
10009
12290
|
sdkNamespace: "identity",
|
|
10010
12291
|
sdkMethod: "whoami",
|
|
10011
12292
|
summary: "Describe the current gateway principal.",
|
|
12293
|
+
gateway: {
|
|
12294
|
+
handler: "identity.whoami"
|
|
12295
|
+
}
|
|
12296
|
+
}),
|
|
12297
|
+
surfaceContract({
|
|
12298
|
+
name: "resolve_interactive_principal",
|
|
12299
|
+
kind: "query",
|
|
12300
|
+
domain: "controlPlane",
|
|
12301
|
+
surfaceClass: "platform_public",
|
|
12302
|
+
method: "POST",
|
|
12303
|
+
path: "/control-plane/identity/resolve-interactive-principal",
|
|
12304
|
+
sdkNamespace: "controlPlane.identity",
|
|
12305
|
+
sdkMethod: "resolveInteractivePrincipal",
|
|
12306
|
+
summary: "Resolve an authenticated Clerk user into a Permit-backed Lucern principal context.",
|
|
12307
|
+
args: z.object({
|
|
12308
|
+
clerkId: z.string().min(1),
|
|
12309
|
+
tenantId: z.string().min(1).optional(),
|
|
12310
|
+
workspaceId: z.string().min(1).optional(),
|
|
12311
|
+
providerProjectId: z.string().min(1).optional()
|
|
12312
|
+
}),
|
|
10012
12313
|
convex: {
|
|
10013
|
-
module: "
|
|
10014
|
-
functionName: "
|
|
10015
|
-
kind: "query"
|
|
10016
|
-
inputProjection: withPrincipal
|
|
12314
|
+
module: "platform",
|
|
12315
|
+
functionName: "resolveInteractivePrincipal",
|
|
12316
|
+
kind: "query"
|
|
10017
12317
|
}
|
|
10018
12318
|
}),
|
|
10019
12319
|
surfaceContract({
|
|
@@ -10095,15 +12395,6 @@ var beliefLookupInput = (input) => compactRecord4({
|
|
|
10095
12395
|
var beliefNodeInput = (input) => compactRecord4({
|
|
10096
12396
|
nodeId: input.nodeId ?? input.id ?? input.beliefId
|
|
10097
12397
|
});
|
|
10098
|
-
var beliefTopicInput = (input) => {
|
|
10099
|
-
const parsed = listBeliefsProjection.inputSchema.safeParse(input);
|
|
10100
|
-
if (!parsed.success) {
|
|
10101
|
-
throw new Error(
|
|
10102
|
-
`list_beliefs projection input rejected: ${parsed.error.message}`
|
|
10103
|
-
);
|
|
10104
|
-
}
|
|
10105
|
-
return compactRecord4(listBeliefsProjection.project(parsed.data));
|
|
10106
|
-
};
|
|
10107
12398
|
var createBeliefInput = (input, context) => {
|
|
10108
12399
|
return withUserId(
|
|
10109
12400
|
compactRecord4({
|
|
@@ -10192,11 +12483,8 @@ var beliefsContracts = [
|
|
|
10192
12483
|
sdkNamespace: "beliefs",
|
|
10193
12484
|
sdkMethod: "listBeliefs",
|
|
10194
12485
|
summary: "List beliefs for a topic.",
|
|
10195
|
-
|
|
10196
|
-
|
|
10197
|
-
functionName: "getByTopic",
|
|
10198
|
-
kind: "query",
|
|
10199
|
-
inputProjection: beliefTopicInput
|
|
12486
|
+
gateway: {
|
|
12487
|
+
handler: "beliefs.list"
|
|
10200
12488
|
},
|
|
10201
12489
|
args: listBeliefsInputSchema
|
|
10202
12490
|
}),
|
|
@@ -10337,7 +12625,7 @@ var beliefsContracts = [
|
|
|
10337
12625
|
})
|
|
10338
12626
|
];
|
|
10339
12627
|
var jsonRecordSchema4 = z.record(z.unknown());
|
|
10340
|
-
var evidenceRelationSchema = z.enum(["supports", "contradicts"
|
|
12628
|
+
var evidenceRelationSchema = z.enum(["supports", "contradicts"]);
|
|
10341
12629
|
var createEvidenceArgs = z.object({
|
|
10342
12630
|
topicId: z.string().optional().describe("Topic scope for the evidence."),
|
|
10343
12631
|
text: z.string().describe("Canonical evidence text."),
|
|
@@ -10381,12 +12669,6 @@ var evidenceIdInput = (input) => compactRecord4({
|
|
|
10381
12669
|
insightId: input.insightId,
|
|
10382
12670
|
nodeId: input.nodeId ?? input.id ?? input.evidenceId
|
|
10383
12671
|
});
|
|
10384
|
-
var evidenceTopicInput = (input) => compactRecord4({
|
|
10385
|
-
topicId: input.topicId,
|
|
10386
|
-
status: input.status,
|
|
10387
|
-
userId: input.userId,
|
|
10388
|
-
limit: input.limit
|
|
10389
|
-
});
|
|
10390
12672
|
var createEvidenceInput = (input, context) => {
|
|
10391
12673
|
const parsed = createEvidenceProjection.inputSchema.safeParse(input);
|
|
10392
12674
|
if (!parsed.success) {
|
|
@@ -10403,12 +12685,12 @@ var linkEvidenceToBeliefEdgeInput = (input, context) => withCreatedBy(
|
|
|
10403
12685
|
compactRecord4({
|
|
10404
12686
|
fromNodeId: input.insightId ?? input.evidenceNodeId ?? input.evidenceId,
|
|
10405
12687
|
toNodeId: input.beliefNodeId ?? input.beliefId ?? input.targetId,
|
|
10406
|
-
edgeType: "
|
|
12688
|
+
edgeType: "informs",
|
|
10407
12689
|
globalId: input.globalId ?? `edge:${String(
|
|
10408
12690
|
input.insightId ?? input.evidenceNodeId ?? input.evidenceId
|
|
10409
12691
|
)}:${String(
|
|
10410
12692
|
input.beliefNodeId ?? input.beliefId ?? input.targetId
|
|
10411
|
-
)}:
|
|
12693
|
+
)}:informs`,
|
|
10412
12694
|
weight: typeof input.weight === "number" ? input.weight : input.type === "contradicting" ? -1 : 1,
|
|
10413
12695
|
context: input.rationale ?? input.context,
|
|
10414
12696
|
skipLayerValidation: true,
|
|
@@ -10421,12 +12703,12 @@ var linkEvidenceToQuestionEdgeInput = (input, context) => withCreatedBy(
|
|
|
10421
12703
|
compactRecord4({
|
|
10422
12704
|
fromNodeId: input.insightId ?? input.evidenceNodeId ?? input.evidenceId,
|
|
10423
12705
|
toNodeId: input.questionId ?? input.questionNodeId ?? input.targetId,
|
|
10424
|
-
edgeType: "
|
|
12706
|
+
edgeType: "responds_to",
|
|
10425
12707
|
globalId: input.globalId ?? `edge:${String(
|
|
10426
12708
|
input.insightId ?? input.evidenceNodeId ?? input.evidenceId
|
|
10427
12709
|
)}:${String(
|
|
10428
12710
|
input.questionId ?? input.questionNodeId ?? input.targetId
|
|
10429
|
-
)}:
|
|
12711
|
+
)}:responds_to`,
|
|
10430
12712
|
weight: input.impactScore ?? input.weight,
|
|
10431
12713
|
context: input.rationale ?? input.context,
|
|
10432
12714
|
skipLayerValidation: true,
|
|
@@ -10517,11 +12799,8 @@ var evidenceContracts = [
|
|
|
10517
12799
|
sdkNamespace: "evidence",
|
|
10518
12800
|
sdkMethod: "listEvidence",
|
|
10519
12801
|
summary: "List evidence for a topic.",
|
|
10520
|
-
|
|
10521
|
-
|
|
10522
|
-
functionName: "getByTopic",
|
|
10523
|
-
kind: "query",
|
|
10524
|
-
inputProjection: evidenceTopicInput
|
|
12802
|
+
gateway: {
|
|
12803
|
+
handler: "evidence.list"
|
|
10525
12804
|
}
|
|
10526
12805
|
}),
|
|
10527
12806
|
surfaceContract({
|
|
@@ -10756,11 +13035,8 @@ var questionsContracts = [
|
|
|
10756
13035
|
sdkNamespace: "questions",
|
|
10757
13036
|
sdkMethod: "listQuestions",
|
|
10758
13037
|
summary: "List questions for a topic.",
|
|
10759
|
-
|
|
10760
|
-
|
|
10761
|
-
functionName: "getByTopic",
|
|
10762
|
-
kind: "query",
|
|
10763
|
-
inputProjection: questionTopicInput
|
|
13038
|
+
gateway: {
|
|
13039
|
+
handler: "questions.list"
|
|
10764
13040
|
}
|
|
10765
13041
|
}),
|
|
10766
13042
|
surfaceContract({
|
|
@@ -10963,18 +13239,50 @@ var questionsContracts = [
|
|
|
10963
13239
|
args: falsificationQuestionsArgs
|
|
10964
13240
|
})
|
|
10965
13241
|
];
|
|
13242
|
+
var topicVisibilitySchema = z.enum([
|
|
13243
|
+
"private",
|
|
13244
|
+
"team",
|
|
13245
|
+
"firm",
|
|
13246
|
+
"external",
|
|
13247
|
+
"public"
|
|
13248
|
+
]);
|
|
13249
|
+
var topicStatusSchema = z.enum(["active", "archived", "watching"]);
|
|
13250
|
+
var createTopicArgs = z.object({
|
|
13251
|
+
globalId: z.string().optional().describe("Optional idempotent topic global ID."),
|
|
13252
|
+
name: z.string().describe("Topic name."),
|
|
13253
|
+
description: z.string().optional().describe("Topic description."),
|
|
13254
|
+
type: z.string().describe("Topic type."),
|
|
13255
|
+
parentTopicId: z.string().optional().describe("Optional parent topic ID."),
|
|
13256
|
+
parentTopicGlobalId: z.string().optional().describe("Optional parent topic global ID."),
|
|
13257
|
+
ontologyId: z.string().optional().describe("Ontology to bind."),
|
|
13258
|
+
tenantId: z.string().optional().describe("Optional tenant scope."),
|
|
13259
|
+
workspaceId: z.string().optional().describe("Optional workspace scope."),
|
|
13260
|
+
visibility: topicVisibilitySchema.optional().describe("Topic visibility."),
|
|
13261
|
+
metadata: z.record(z.unknown()).optional().describe("Topic metadata."),
|
|
13262
|
+
graphScopeProjectId: z.string().optional(),
|
|
13263
|
+
createdBy: z.string().optional()
|
|
13264
|
+
});
|
|
10966
13265
|
var updateTopicArgs = z.object({
|
|
10967
13266
|
id: z.string().describe("Topic ID."),
|
|
10968
13267
|
topicId: z.string().optional().describe("Topic ID alias."),
|
|
10969
13268
|
name: z.string().optional().describe("Topic name."),
|
|
10970
13269
|
description: z.string().optional().describe("Topic description."),
|
|
10971
13270
|
type: z.string().optional().describe("Topic type."),
|
|
10972
|
-
status:
|
|
10973
|
-
visibility:
|
|
13271
|
+
status: topicStatusSchema.optional().describe("Topic status."),
|
|
13272
|
+
visibility: topicVisibilitySchema.optional().describe("Topic visibility."),
|
|
10974
13273
|
ontologyId: z.string().optional().describe("Ontology to bind."),
|
|
10975
13274
|
clearOntologyId: z.boolean().optional().describe("Whether to clear the ontology binding."),
|
|
10976
13275
|
metadata: z.record(z.unknown()).optional().describe("Topic metadata.")
|
|
10977
13276
|
});
|
|
13277
|
+
var materializeTopicGraphArgs = z.object({
|
|
13278
|
+
rootTopicId: z.string().optional().describe("Optional root topic ID."),
|
|
13279
|
+
dryRun: z.boolean().optional().describe("Report missing rows without writing."),
|
|
13280
|
+
createdBy: z.string().optional()
|
|
13281
|
+
});
|
|
13282
|
+
var getTopicGraphSpineArgs = z.object({
|
|
13283
|
+
rootTopicId: z.string().optional().describe("Optional root topic ID."),
|
|
13284
|
+
includeTopicBeliefEdges: z.boolean().optional()
|
|
13285
|
+
});
|
|
10978
13286
|
var topicIdInput = (input) => compactRecord4({
|
|
10979
13287
|
id: input.id ?? input.topicId
|
|
10980
13288
|
});
|
|
@@ -10992,87 +13300,488 @@ var updateTopicInput = (input) => compactRecord4({
|
|
|
10992
13300
|
});
|
|
10993
13301
|
var topicsContracts = [
|
|
10994
13302
|
surfaceContract({
|
|
10995
|
-
name: "create_topic",
|
|
13303
|
+
name: "create_topic",
|
|
13304
|
+
kind: "mutation",
|
|
13305
|
+
domain: "topics",
|
|
13306
|
+
surfaceClass: "platform_public",
|
|
13307
|
+
path: "/topics",
|
|
13308
|
+
sdkNamespace: "topics",
|
|
13309
|
+
sdkMethod: "createTopic",
|
|
13310
|
+
summary: "Create a topic.",
|
|
13311
|
+
convex: {
|
|
13312
|
+
module: "topics",
|
|
13313
|
+
functionName: "create",
|
|
13314
|
+
kind: "mutation",
|
|
13315
|
+
inputProjection: withCreatedBy
|
|
13316
|
+
},
|
|
13317
|
+
args: createTopicArgs
|
|
13318
|
+
}),
|
|
13319
|
+
surfaceContract({
|
|
13320
|
+
name: "get_topic",
|
|
13321
|
+
kind: "query",
|
|
13322
|
+
domain: "topics",
|
|
13323
|
+
surfaceClass: "platform_public",
|
|
13324
|
+
method: "GET",
|
|
13325
|
+
path: "/topics/get",
|
|
13326
|
+
sdkNamespace: "topics",
|
|
13327
|
+
sdkMethod: "getTopic",
|
|
13328
|
+
summary: "Get a topic.",
|
|
13329
|
+
convex: {
|
|
13330
|
+
module: "topics",
|
|
13331
|
+
functionName: "get",
|
|
13332
|
+
kind: "query",
|
|
13333
|
+
inputProjection: topicIdInput
|
|
13334
|
+
}
|
|
13335
|
+
}),
|
|
13336
|
+
surfaceContract({
|
|
13337
|
+
name: "list_topics",
|
|
13338
|
+
kind: "query",
|
|
13339
|
+
domain: "topics",
|
|
13340
|
+
surfaceClass: "platform_public",
|
|
13341
|
+
method: "GET",
|
|
13342
|
+
path: "/topics",
|
|
13343
|
+
sdkNamespace: "topics",
|
|
13344
|
+
sdkMethod: "listTopics",
|
|
13345
|
+
summary: "List topics.",
|
|
13346
|
+
convex: {
|
|
13347
|
+
module: "topics",
|
|
13348
|
+
functionName: "list",
|
|
13349
|
+
kind: "query"
|
|
13350
|
+
}
|
|
13351
|
+
}),
|
|
13352
|
+
surfaceContract({
|
|
13353
|
+
name: "update_topic",
|
|
13354
|
+
kind: "mutation",
|
|
13355
|
+
domain: "topics",
|
|
13356
|
+
surfaceClass: "platform_public",
|
|
13357
|
+
method: "PATCH",
|
|
13358
|
+
path: "/topics",
|
|
13359
|
+
sdkNamespace: "topics",
|
|
13360
|
+
sdkMethod: "updateTopic",
|
|
13361
|
+
summary: "Update a topic.",
|
|
13362
|
+
convex: {
|
|
13363
|
+
module: "topics",
|
|
13364
|
+
functionName: "update",
|
|
13365
|
+
kind: "mutation",
|
|
13366
|
+
inputProjection: updateTopicInput
|
|
13367
|
+
},
|
|
13368
|
+
args: updateTopicArgs
|
|
13369
|
+
}),
|
|
13370
|
+
surfaceContract({
|
|
13371
|
+
name: "get_topic_tree",
|
|
13372
|
+
kind: "query",
|
|
13373
|
+
domain: "topics",
|
|
13374
|
+
surfaceClass: "platform_public",
|
|
13375
|
+
method: "GET",
|
|
13376
|
+
path: "/topics/tree",
|
|
13377
|
+
sdkNamespace: "topics",
|
|
13378
|
+
sdkMethod: "getTopicTree",
|
|
13379
|
+
summary: "Get a topic tree.",
|
|
13380
|
+
convex: {
|
|
13381
|
+
module: "topics",
|
|
13382
|
+
functionName: "getTree",
|
|
13383
|
+
kind: "query"
|
|
13384
|
+
}
|
|
13385
|
+
}),
|
|
13386
|
+
surfaceContract({
|
|
13387
|
+
name: "materialize_topic_graph",
|
|
13388
|
+
kind: "mutation",
|
|
13389
|
+
domain: "topics",
|
|
13390
|
+
surfaceClass: "platform_public",
|
|
13391
|
+
path: "/topics/materialize-graph",
|
|
13392
|
+
sdkNamespace: "topics",
|
|
13393
|
+
sdkMethod: "materializeTopicGraph",
|
|
13394
|
+
summary: "Materialize topic nodes and parent-child graph edges.",
|
|
13395
|
+
convex: {
|
|
13396
|
+
module: "topics",
|
|
13397
|
+
functionName: "materializeTopicGraph",
|
|
13398
|
+
kind: "mutation",
|
|
13399
|
+
inputProjection: withCreatedBy
|
|
13400
|
+
},
|
|
13401
|
+
args: materializeTopicGraphArgs
|
|
13402
|
+
}),
|
|
13403
|
+
surfaceContract({
|
|
13404
|
+
name: "get_topic_graph_spine",
|
|
13405
|
+
kind: "query",
|
|
13406
|
+
domain: "topics",
|
|
13407
|
+
surfaceClass: "platform_public",
|
|
13408
|
+
method: "GET",
|
|
13409
|
+
path: "/topics/graph-spine",
|
|
13410
|
+
sdkNamespace: "topics",
|
|
13411
|
+
sdkMethod: "getTopicGraphSpine",
|
|
13412
|
+
summary: "Verify topic nodes and parent-child graph edges.",
|
|
13413
|
+
convex: {
|
|
13414
|
+
module: "topics",
|
|
13415
|
+
functionName: "getTopicGraphSpine",
|
|
13416
|
+
kind: "query"
|
|
13417
|
+
},
|
|
13418
|
+
args: getTopicGraphSpineArgs
|
|
13419
|
+
})
|
|
13420
|
+
];
|
|
13421
|
+
var sourceTypeSchema2 = z.enum([
|
|
13422
|
+
"human",
|
|
13423
|
+
"ai_extracted",
|
|
13424
|
+
"ai_generated",
|
|
13425
|
+
"imported",
|
|
13426
|
+
"system",
|
|
13427
|
+
"verified",
|
|
13428
|
+
"proprietary"
|
|
13429
|
+
]);
|
|
13430
|
+
var verificationStatusSchema = z.enum([
|
|
13431
|
+
"unverified",
|
|
13432
|
+
"human_verified",
|
|
13433
|
+
"ai_verified",
|
|
13434
|
+
"contradicted",
|
|
13435
|
+
"outdated"
|
|
13436
|
+
]);
|
|
13437
|
+
var nodeStatusSchema = z.enum([
|
|
13438
|
+
"active",
|
|
13439
|
+
"superseded",
|
|
13440
|
+
"archived",
|
|
13441
|
+
"deleted"
|
|
13442
|
+
]);
|
|
13443
|
+
var externalIdsArgs = z.object({
|
|
13444
|
+
crunchbase: z.string().optional(),
|
|
13445
|
+
linkedin: z.string().optional(),
|
|
13446
|
+
pitchbook: z.string().optional(),
|
|
13447
|
+
twitter: z.string().optional(),
|
|
13448
|
+
website: z.string().optional()
|
|
13449
|
+
}).optional();
|
|
13450
|
+
var createEpistemicNodeItemArgs = z.object({
|
|
13451
|
+
globalId: z.string().optional().describe("Optional idempotent node global ID."),
|
|
13452
|
+
nodeType: NODE_TYPE.describe("Public epistemic node type."),
|
|
13453
|
+
subtype: z.string().optional(),
|
|
13454
|
+
canonicalText: z.string().optional().describe("Canonical node text."),
|
|
13455
|
+
text: z.string().optional().describe("Alias for canonicalText."),
|
|
13456
|
+
contentHash: z.string().optional().describe("Optional idempotency content hash."),
|
|
13457
|
+
content: z.string().optional(),
|
|
13458
|
+
contentType: z.string().optional(),
|
|
13459
|
+
title: z.string().optional(),
|
|
13460
|
+
tags: z.array(z.string()).optional(),
|
|
13461
|
+
domain: z.string().optional(),
|
|
13462
|
+
metadata: z.record(z.unknown()).optional(),
|
|
13463
|
+
externalIds: externalIdsArgs,
|
|
13464
|
+
sourceType: sourceTypeSchema2.optional(),
|
|
13465
|
+
aiProvider: z.string().optional(),
|
|
13466
|
+
extractedFromNodeId: z.string().optional(),
|
|
13467
|
+
confidence: z.number().optional(),
|
|
13468
|
+
verificationStatus: verificationStatusSchema.optional(),
|
|
13469
|
+
topicId: z.string().optional(),
|
|
13470
|
+
projectId: z.string().optional(),
|
|
13471
|
+
createdBy: z.string().optional(),
|
|
13472
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13473
|
+
});
|
|
13474
|
+
var createEpistemicNodeArgs = createEpistemicNodeItemArgs;
|
|
13475
|
+
var batchCreateEpistemicNodesArgs = z.object({
|
|
13476
|
+
nodes: z.array(createEpistemicNodeItemArgs)
|
|
13477
|
+
});
|
|
13478
|
+
var getEpistemicNodeArgs = z.object({
|
|
13479
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13480
|
+
globalId: z.string().optional().describe("Node global ID alias.")
|
|
13481
|
+
});
|
|
13482
|
+
var listEpistemicNodesArgs = z.object({
|
|
13483
|
+
topicId: z.string().optional(),
|
|
13484
|
+
projectId: z.string().optional(),
|
|
13485
|
+
nodeType: NODE_TYPE.optional(),
|
|
13486
|
+
status: nodeStatusSchema.optional(),
|
|
13487
|
+
searchQuery: z.string().optional(),
|
|
13488
|
+
query: z.string().optional(),
|
|
13489
|
+
limit: z.number().optional()
|
|
13490
|
+
});
|
|
13491
|
+
var updateEpistemicNodeArgs = z.object({
|
|
13492
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13493
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13494
|
+
subtype: z.string().optional(),
|
|
13495
|
+
canonicalText: z.string().optional(),
|
|
13496
|
+
text: z.string().optional(),
|
|
13497
|
+
contentHash: z.string().optional(),
|
|
13498
|
+
content: z.string().optional(),
|
|
13499
|
+
contentType: z.string().optional(),
|
|
13500
|
+
title: z.string().optional(),
|
|
13501
|
+
tags: z.array(z.string()).optional(),
|
|
13502
|
+
domain: z.string().optional(),
|
|
13503
|
+
metadata: z.record(z.unknown()).optional(),
|
|
13504
|
+
externalIds: externalIdsArgs,
|
|
13505
|
+
confidence: z.number().optional(),
|
|
13506
|
+
verificationStatus: verificationStatusSchema.optional(),
|
|
13507
|
+
status: nodeStatusSchema.optional(),
|
|
13508
|
+
userId: z.string().optional(),
|
|
13509
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13510
|
+
});
|
|
13511
|
+
var archiveEpistemicNodeArgs = z.object({
|
|
13512
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13513
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13514
|
+
userId: z.string().optional(),
|
|
13515
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13516
|
+
});
|
|
13517
|
+
var verifyEpistemicNodeArgs = z.object({
|
|
13518
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13519
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13520
|
+
verificationStatus: verificationStatusSchema,
|
|
13521
|
+
confidence: z.number().optional(),
|
|
13522
|
+
userId: z.string().optional()
|
|
13523
|
+
});
|
|
13524
|
+
var supersedeEpistemicNodeArgs = z.object({
|
|
13525
|
+
oldNodeId: z.string().describe("Node ID or global ID to supersede."),
|
|
13526
|
+
nodeId: z.string().optional().describe("Old node ID alias."),
|
|
13527
|
+
newGlobalId: z.string().optional(),
|
|
13528
|
+
newCanonicalText: z.string().optional(),
|
|
13529
|
+
text: z.string().optional(),
|
|
13530
|
+
canonicalText: z.string().optional(),
|
|
13531
|
+
newContentHash: z.string().optional(),
|
|
13532
|
+
reason: z.string().optional(),
|
|
13533
|
+
createdBy: z.string().optional(),
|
|
13534
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13535
|
+
});
|
|
13536
|
+
function generatedGlobalId(prefix) {
|
|
13537
|
+
return `${prefix}:${crypto.randomUUID()}`;
|
|
13538
|
+
}
|
|
13539
|
+
function resolveCanonicalText(input) {
|
|
13540
|
+
const text = input.canonicalText ?? input.text ?? input.title ?? input.content;
|
|
13541
|
+
if (typeof text !== "string" || text.trim().length === 0) {
|
|
13542
|
+
throw new Error("canonicalText or text is required.");
|
|
13543
|
+
}
|
|
13544
|
+
return text;
|
|
13545
|
+
}
|
|
13546
|
+
function createNodeInput(input, context) {
|
|
13547
|
+
const canonicalText = resolveCanonicalText(input);
|
|
13548
|
+
const nodeType = String(input.nodeType);
|
|
13549
|
+
return withCreatedBy(
|
|
13550
|
+
compactRecord4({
|
|
13551
|
+
globalId: typeof input.globalId === "string" && input.globalId.trim() ? input.globalId : generatedGlobalId(nodeType),
|
|
13552
|
+
nodeType,
|
|
13553
|
+
subtype: input.subtype,
|
|
13554
|
+
canonicalText,
|
|
13555
|
+
contentHash: typeof input.contentHash === "string" && input.contentHash.trim() ? input.contentHash : `${nodeType}:${canonicalText}`,
|
|
13556
|
+
content: input.content,
|
|
13557
|
+
contentType: input.contentType,
|
|
13558
|
+
title: input.title,
|
|
13559
|
+
tags: input.tags,
|
|
13560
|
+
domain: input.domain,
|
|
13561
|
+
metadata: input.metadata,
|
|
13562
|
+
externalIds: input.externalIds,
|
|
13563
|
+
sourceType: typeof input.sourceType === "string" && input.sourceType.trim() ? input.sourceType : "human",
|
|
13564
|
+
aiProvider: input.aiProvider,
|
|
13565
|
+
extractedFromNodeId: input.extractedFromNodeId,
|
|
13566
|
+
confidence: input.confidence,
|
|
13567
|
+
verificationStatus: input.verificationStatus,
|
|
13568
|
+
topicId: input.topicId,
|
|
13569
|
+
projectId: input.projectId
|
|
13570
|
+
}),
|
|
13571
|
+
context
|
|
13572
|
+
);
|
|
13573
|
+
}
|
|
13574
|
+
var getNodeInput = (input) => compactRecord4({
|
|
13575
|
+
nodeId: input.nodeId ?? input.globalId
|
|
13576
|
+
});
|
|
13577
|
+
var listNodesInput = (input) => compactRecord4({
|
|
13578
|
+
topicId: input.topicId,
|
|
13579
|
+
projectId: input.projectId,
|
|
13580
|
+
nodeType: input.nodeType,
|
|
13581
|
+
status: input.status,
|
|
13582
|
+
searchQuery: input.searchQuery ?? input.query,
|
|
13583
|
+
limit: input.limit
|
|
13584
|
+
});
|
|
13585
|
+
var updateNodeInput = (input, context) => withUserId(
|
|
13586
|
+
compactRecord4({
|
|
13587
|
+
nodeId: input.nodeId ?? input.id,
|
|
13588
|
+
subtype: input.subtype,
|
|
13589
|
+
canonicalText: input.canonicalText ?? input.text,
|
|
13590
|
+
contentHash: input.contentHash,
|
|
13591
|
+
content: input.content,
|
|
13592
|
+
contentType: input.contentType,
|
|
13593
|
+
title: input.title,
|
|
13594
|
+
tags: input.tags,
|
|
13595
|
+
domain: input.domain,
|
|
13596
|
+
metadata: input.metadata,
|
|
13597
|
+
externalIds: input.externalIds,
|
|
13598
|
+
confidence: input.confidence,
|
|
13599
|
+
verificationStatus: input.verificationStatus,
|
|
13600
|
+
status: input.status,
|
|
13601
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13602
|
+
}),
|
|
13603
|
+
context
|
|
13604
|
+
);
|
|
13605
|
+
var archiveNodeInput = (input, context) => withUserId(
|
|
13606
|
+
compactRecord4({
|
|
13607
|
+
nodeId: input.nodeId ?? input.id,
|
|
13608
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13609
|
+
}),
|
|
13610
|
+
context
|
|
13611
|
+
);
|
|
13612
|
+
var verifyNodeInput = (input, context) => withUserId(
|
|
13613
|
+
compactRecord4({
|
|
13614
|
+
nodeId: input.nodeId ?? input.id,
|
|
13615
|
+
verificationStatus: input.verificationStatus,
|
|
13616
|
+
confidence: input.confidence
|
|
13617
|
+
}),
|
|
13618
|
+
context
|
|
13619
|
+
);
|
|
13620
|
+
var supersedeNodeInput = (input, context) => {
|
|
13621
|
+
const newCanonicalText = input.newCanonicalText ?? input.canonicalText ?? input.text;
|
|
13622
|
+
if (typeof newCanonicalText !== "string" || newCanonicalText.trim().length === 0) {
|
|
13623
|
+
throw new Error("newCanonicalText or text is required.");
|
|
13624
|
+
}
|
|
13625
|
+
return {
|
|
13626
|
+
oldNodeId: input.oldNodeId ?? input.nodeId,
|
|
13627
|
+
newGlobalId: typeof input.newGlobalId === "string" && input.newGlobalId.trim() ? input.newGlobalId : generatedGlobalId("node"),
|
|
13628
|
+
newCanonicalText,
|
|
13629
|
+
newContentHash: typeof input.newContentHash === "string" && input.newContentHash.trim() ? input.newContentHash : `superseded:${newCanonicalText}`,
|
|
13630
|
+
createdBy: typeof input.createdBy === "string" ? input.createdBy : authUserId(context),
|
|
13631
|
+
reason: input.reason,
|
|
13632
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13633
|
+
};
|
|
13634
|
+
};
|
|
13635
|
+
var batchCreateNodesInput = (input, context) => {
|
|
13636
|
+
const nodes = Array.isArray(input.nodes) ? input.nodes : [];
|
|
13637
|
+
return {
|
|
13638
|
+
nodes: nodes.map(
|
|
13639
|
+
(node) => createNodeInput(
|
|
13640
|
+
node && typeof node === "object" ? node : {},
|
|
13641
|
+
context
|
|
13642
|
+
)
|
|
13643
|
+
)
|
|
13644
|
+
};
|
|
13645
|
+
};
|
|
13646
|
+
var nodesContracts = [
|
|
13647
|
+
surfaceContract({
|
|
13648
|
+
name: "create_epistemic_node",
|
|
10996
13649
|
kind: "mutation",
|
|
10997
|
-
domain: "
|
|
13650
|
+
domain: "nodes",
|
|
10998
13651
|
surfaceClass: "platform_public",
|
|
10999
|
-
path: "/
|
|
11000
|
-
sdkNamespace: "
|
|
11001
|
-
sdkMethod: "
|
|
11002
|
-
summary: "Create a
|
|
13652
|
+
path: "/nodes",
|
|
13653
|
+
sdkNamespace: "nodes",
|
|
13654
|
+
sdkMethod: "createEpistemicNode",
|
|
13655
|
+
summary: "Create a generic epistemic graph node.",
|
|
11003
13656
|
convex: {
|
|
11004
|
-
module: "
|
|
13657
|
+
module: "nodes",
|
|
11005
13658
|
functionName: "create",
|
|
11006
13659
|
kind: "mutation",
|
|
11007
|
-
inputProjection:
|
|
11008
|
-
}
|
|
13660
|
+
inputProjection: createNodeInput
|
|
13661
|
+
},
|
|
13662
|
+
args: createEpistemicNodeArgs
|
|
11009
13663
|
}),
|
|
11010
13664
|
surfaceContract({
|
|
11011
|
-
name: "
|
|
13665
|
+
name: "get_epistemic_node",
|
|
11012
13666
|
kind: "query",
|
|
11013
|
-
domain: "
|
|
13667
|
+
domain: "nodes",
|
|
11014
13668
|
surfaceClass: "platform_public",
|
|
11015
13669
|
method: "GET",
|
|
11016
|
-
path: "/
|
|
11017
|
-
sdkNamespace: "
|
|
11018
|
-
sdkMethod: "
|
|
11019
|
-
summary: "Get a
|
|
13670
|
+
path: "/nodes/get",
|
|
13671
|
+
sdkNamespace: "nodes",
|
|
13672
|
+
sdkMethod: "getEpistemicNode",
|
|
13673
|
+
summary: "Get a generic epistemic graph node.",
|
|
11020
13674
|
convex: {
|
|
11021
|
-
module: "
|
|
13675
|
+
module: "nodes",
|
|
11022
13676
|
functionName: "get",
|
|
11023
13677
|
kind: "query",
|
|
11024
|
-
inputProjection:
|
|
11025
|
-
}
|
|
13678
|
+
inputProjection: getNodeInput
|
|
13679
|
+
},
|
|
13680
|
+
args: getEpistemicNodeArgs
|
|
11026
13681
|
}),
|
|
11027
13682
|
surfaceContract({
|
|
11028
|
-
name: "
|
|
13683
|
+
name: "list_epistemic_nodes",
|
|
11029
13684
|
kind: "query",
|
|
11030
|
-
domain: "
|
|
13685
|
+
domain: "nodes",
|
|
11031
13686
|
surfaceClass: "platform_public",
|
|
11032
13687
|
method: "GET",
|
|
11033
|
-
path: "/
|
|
11034
|
-
sdkNamespace: "
|
|
11035
|
-
sdkMethod: "
|
|
11036
|
-
summary: "List
|
|
13688
|
+
path: "/nodes",
|
|
13689
|
+
sdkNamespace: "nodes",
|
|
13690
|
+
sdkMethod: "listEpistemicNodes",
|
|
13691
|
+
summary: "List generic epistemic graph nodes.",
|
|
11037
13692
|
convex: {
|
|
11038
|
-
module: "
|
|
13693
|
+
module: "nodes",
|
|
11039
13694
|
functionName: "list",
|
|
11040
|
-
kind: "query"
|
|
11041
|
-
|
|
13695
|
+
kind: "query",
|
|
13696
|
+
inputProjection: listNodesInput
|
|
13697
|
+
},
|
|
13698
|
+
args: listEpistemicNodesArgs
|
|
11042
13699
|
}),
|
|
11043
13700
|
surfaceContract({
|
|
11044
|
-
name: "
|
|
13701
|
+
name: "update_epistemic_node",
|
|
11045
13702
|
kind: "mutation",
|
|
11046
|
-
domain: "
|
|
13703
|
+
domain: "nodes",
|
|
11047
13704
|
surfaceClass: "platform_public",
|
|
11048
13705
|
method: "PATCH",
|
|
11049
|
-
path: "/
|
|
11050
|
-
sdkNamespace: "
|
|
11051
|
-
sdkMethod: "
|
|
11052
|
-
summary: "Update a
|
|
13706
|
+
path: "/nodes",
|
|
13707
|
+
sdkNamespace: "nodes",
|
|
13708
|
+
sdkMethod: "updateEpistemicNode",
|
|
13709
|
+
summary: "Update a generic epistemic graph node.",
|
|
11053
13710
|
convex: {
|
|
11054
|
-
module: "
|
|
13711
|
+
module: "nodes",
|
|
11055
13712
|
functionName: "update",
|
|
11056
13713
|
kind: "mutation",
|
|
11057
|
-
inputProjection:
|
|
13714
|
+
inputProjection: updateNodeInput
|
|
11058
13715
|
},
|
|
11059
|
-
args:
|
|
13716
|
+
args: updateEpistemicNodeArgs
|
|
11060
13717
|
}),
|
|
11061
13718
|
surfaceContract({
|
|
11062
|
-
name: "
|
|
11063
|
-
kind: "
|
|
11064
|
-
domain: "
|
|
13719
|
+
name: "archive_epistemic_node",
|
|
13720
|
+
kind: "mutation",
|
|
13721
|
+
domain: "nodes",
|
|
11065
13722
|
surfaceClass: "platform_public",
|
|
11066
|
-
|
|
11067
|
-
|
|
11068
|
-
|
|
11069
|
-
|
|
11070
|
-
summary: "Get a topic tree.",
|
|
13723
|
+
path: "/nodes/archive",
|
|
13724
|
+
sdkNamespace: "nodes",
|
|
13725
|
+
sdkMethod: "archiveEpistemicNode",
|
|
13726
|
+
summary: "Archive a generic epistemic graph node.",
|
|
11071
13727
|
convex: {
|
|
11072
|
-
module: "
|
|
11073
|
-
functionName: "
|
|
11074
|
-
kind: "
|
|
11075
|
-
|
|
13728
|
+
module: "nodes",
|
|
13729
|
+
functionName: "archive",
|
|
13730
|
+
kind: "mutation",
|
|
13731
|
+
inputProjection: archiveNodeInput
|
|
13732
|
+
},
|
|
13733
|
+
args: archiveEpistemicNodeArgs
|
|
13734
|
+
}),
|
|
13735
|
+
surfaceContract({
|
|
13736
|
+
name: "verify_epistemic_node",
|
|
13737
|
+
kind: "mutation",
|
|
13738
|
+
domain: "nodes",
|
|
13739
|
+
surfaceClass: "platform_public",
|
|
13740
|
+
path: "/nodes/verify",
|
|
13741
|
+
sdkNamespace: "nodes",
|
|
13742
|
+
sdkMethod: "verifyEpistemicNode",
|
|
13743
|
+
summary: "Verify a generic epistemic graph node.",
|
|
13744
|
+
convex: {
|
|
13745
|
+
module: "nodes",
|
|
13746
|
+
functionName: "verify",
|
|
13747
|
+
kind: "mutation",
|
|
13748
|
+
inputProjection: verifyNodeInput
|
|
13749
|
+
},
|
|
13750
|
+
args: verifyEpistemicNodeArgs
|
|
13751
|
+
}),
|
|
13752
|
+
surfaceContract({
|
|
13753
|
+
name: "supersede_epistemic_node",
|
|
13754
|
+
kind: "mutation",
|
|
13755
|
+
domain: "nodes",
|
|
13756
|
+
surfaceClass: "platform_public",
|
|
13757
|
+
path: "/nodes/supersede",
|
|
13758
|
+
sdkNamespace: "nodes",
|
|
13759
|
+
sdkMethod: "supersedeEpistemicNode",
|
|
13760
|
+
summary: "Supersede a generic epistemic graph node.",
|
|
13761
|
+
convex: {
|
|
13762
|
+
module: "nodes",
|
|
13763
|
+
functionName: "supersede",
|
|
13764
|
+
kind: "mutation",
|
|
13765
|
+
inputProjection: supersedeNodeInput
|
|
13766
|
+
},
|
|
13767
|
+
args: supersedeEpistemicNodeArgs
|
|
13768
|
+
}),
|
|
13769
|
+
surfaceContract({
|
|
13770
|
+
name: "batch_create_epistemic_nodes",
|
|
13771
|
+
kind: "mutation",
|
|
13772
|
+
domain: "nodes",
|
|
13773
|
+
surfaceClass: "platform_public",
|
|
13774
|
+
path: "/nodes/batch",
|
|
13775
|
+
sdkNamespace: "nodes",
|
|
13776
|
+
sdkMethod: "batchCreateEpistemicNodes",
|
|
13777
|
+
summary: "Batch create generic epistemic graph nodes.",
|
|
13778
|
+
convex: {
|
|
13779
|
+
module: "nodes",
|
|
13780
|
+
functionName: "batchCreate",
|
|
13781
|
+
kind: "mutation",
|
|
13782
|
+
inputProjection: batchCreateNodesInput
|
|
13783
|
+
},
|
|
13784
|
+
args: batchCreateEpistemicNodesArgs
|
|
11076
13785
|
})
|
|
11077
13786
|
];
|
|
11078
13787
|
var lensPerspectiveSchema = z.enum([
|
|
@@ -11432,6 +14141,19 @@ var worktreeEvidenceSignalInputSchema = z.object({
|
|
|
11432
14141
|
progress: z.string().optional().describe("Collection progress note for the signal."),
|
|
11433
14142
|
notes: z.string().optional().describe("Additional evidence collection notes.")
|
|
11434
14143
|
}).passthrough().describe("Evidence signal embedded in the worktree plan.");
|
|
14144
|
+
var worktreeDocCompanionTargetSchema = z.object({
|
|
14145
|
+
docPath: z.string().describe(
|
|
14146
|
+
"Repo-relative path to a documentation file the worktree promises to update."
|
|
14147
|
+
),
|
|
14148
|
+
sectionAnchor: z.string().optional().describe(
|
|
14149
|
+
"Markdown heading anchor (e.g. '## Function-surface manifest') that scopes the promised update."
|
|
14150
|
+
),
|
|
14151
|
+
reason: z.string().describe(
|
|
14152
|
+
"Why this doc section must be updated for the worktree to be complete."
|
|
14153
|
+
)
|
|
14154
|
+
}).passthrough().describe(
|
|
14155
|
+
"Intent-driven docs companion target. pr-gate-reviewer verifies that the PR actually touches each declared (docPath, sectionAnchor). Distinct from the touch-driven docs-loop. See docs/development/docs-sync-discipline.md Lock 3."
|
|
14156
|
+
);
|
|
11435
14157
|
var worktreeDecisionGateInputSchema = z.object({
|
|
11436
14158
|
goCriteria: z.array(z.string()).describe("Criteria that must hold for the worktree to proceed."),
|
|
11437
14159
|
noGoSignals: z.array(z.string()).describe("Signals that stop or redirect the worktree."),
|
|
@@ -11464,6 +14186,9 @@ var addWorktreeArgs = z.object({
|
|
|
11464
14186
|
keyQuestions: z.array(worktreeKeyQuestionInputSchema).optional().describe("Inline key questions captured as part of the worktree plan."),
|
|
11465
14187
|
evidenceSignals: z.array(worktreeEvidenceSignalInputSchema).optional().describe("Evidence signals the worktree needs to collect or validate."),
|
|
11466
14188
|
decisionGate: worktreeDecisionGateInputSchema.optional(),
|
|
14189
|
+
docCompanionTargets: z.array(worktreeDocCompanionTargetSchema).optional().describe(
|
|
14190
|
+
"Doc sections the worktree promises to update at PR time. Enforced by pr-gate-reviewer (Lock 3)."
|
|
14191
|
+
),
|
|
11467
14192
|
goCriteria: z.array(z.string()).optional().describe("Shorthand go criteria used to build decisionGate."),
|
|
11468
14193
|
noGoSignals: z.array(z.string()).optional().describe("Shorthand no-go signals used to build decisionGate."),
|
|
11469
14194
|
proofArtifacts: z.array(z.unknown()).optional().describe("Expected proof artifacts required to close the worktree."),
|
|
@@ -11827,7 +14552,21 @@ var createTaskArgs = z.object({
|
|
|
11827
14552
|
linkedQuestionId: z.string().optional().describe("Question this task addresses."),
|
|
11828
14553
|
assigneeId: z.string().optional().describe("Principal assigned to the task."),
|
|
11829
14554
|
dueDate: z.number().optional().describe("Due date as epoch milliseconds."),
|
|
11830
|
-
tags: z.array(z.string()).optional().describe("Free-form tags.")
|
|
14555
|
+
tags: z.array(z.string()).optional().describe("Free-form tags."),
|
|
14556
|
+
metadata: z.record(z.unknown()).optional().describe("Structured task metadata for handoff context and routing hints.")
|
|
14557
|
+
});
|
|
14558
|
+
var updateTaskArgs = z.object({
|
|
14559
|
+
taskId: z.string().describe("Task to update."),
|
|
14560
|
+
title: z.string().optional().describe("Updated task title."),
|
|
14561
|
+
description: z.string().optional().describe("Updated task description."),
|
|
14562
|
+
priority: taskPrioritySchema.optional().describe("Updated priority."),
|
|
14563
|
+
status: taskStatusSchema2.optional().describe("Updated status."),
|
|
14564
|
+
linkedWorktreeId: z.string().optional().describe("Worktree this task belongs to."),
|
|
14565
|
+
linkedBeliefId: z.string().optional().describe("Belief this task supports."),
|
|
14566
|
+
linkedQuestionId: z.string().optional().describe("Question this task addresses."),
|
|
14567
|
+
assigneeId: z.string().optional().describe("Principal assigned to the task."),
|
|
14568
|
+
blockedReason: z.string().optional().describe("Reason the task is blocked or deferred."),
|
|
14569
|
+
metadata: z.record(z.unknown()).optional().describe("Structured task metadata for handoff context and routing hints.")
|
|
11831
14570
|
});
|
|
11832
14571
|
var createTaskInput = (input) => compactRecord4({
|
|
11833
14572
|
title: input.title,
|
|
@@ -11841,7 +14580,8 @@ var createTaskInput = (input) => compactRecord4({
|
|
|
11841
14580
|
linkedQuestionId: input.linkedQuestionId,
|
|
11842
14581
|
assigneeId: input.assigneeId,
|
|
11843
14582
|
dueDate: input.dueDate,
|
|
11844
|
-
tags: input.tags
|
|
14583
|
+
tags: input.tags,
|
|
14584
|
+
metadata: input.metadata
|
|
11845
14585
|
});
|
|
11846
14586
|
var taskInput = (input) => compactRecord4({
|
|
11847
14587
|
...input,
|
|
@@ -11858,8 +14598,7 @@ var taskTopicInput = (input) => {
|
|
|
11858
14598
|
};
|
|
11859
14599
|
var completeTaskInput = (input) => compactRecord4({
|
|
11860
14600
|
taskId: input.taskId ?? input.id,
|
|
11861
|
-
outputSummary: input.outputSummary ?? input.summary
|
|
11862
|
-
userId: input.userId
|
|
14601
|
+
outputSummary: input.outputSummary ?? input.summary
|
|
11863
14602
|
});
|
|
11864
14603
|
var tasksContracts = [
|
|
11865
14604
|
surfaceContract({
|
|
@@ -11877,6 +14616,7 @@ var tasksContracts = [
|
|
|
11877
14616
|
kind: "mutation",
|
|
11878
14617
|
inputProjection: createTaskInput
|
|
11879
14618
|
},
|
|
14619
|
+
gateway: { handler: "tasks.create" },
|
|
11880
14620
|
args: createTaskArgs
|
|
11881
14621
|
}),
|
|
11882
14622
|
surfaceContract({
|
|
@@ -11895,6 +14635,7 @@ var tasksContracts = [
|
|
|
11895
14635
|
kind: "query",
|
|
11896
14636
|
inputProjection: taskTopicInput
|
|
11897
14637
|
},
|
|
14638
|
+
gateway: { handler: "tasks.list" },
|
|
11898
14639
|
args: listTasksInputSchema
|
|
11899
14640
|
}),
|
|
11900
14641
|
surfaceContract({
|
|
@@ -11912,7 +14653,9 @@ var tasksContracts = [
|
|
|
11912
14653
|
functionName: "update",
|
|
11913
14654
|
kind: "mutation",
|
|
11914
14655
|
inputProjection: taskInput
|
|
11915
|
-
}
|
|
14656
|
+
},
|
|
14657
|
+
gateway: { handler: "tasks.update" },
|
|
14658
|
+
args: updateTaskArgs
|
|
11916
14659
|
}),
|
|
11917
14660
|
surfaceContract({
|
|
11918
14661
|
name: "complete_task",
|
|
@@ -11928,22 +14671,54 @@ var tasksContracts = [
|
|
|
11928
14671
|
functionName: "complete",
|
|
11929
14672
|
kind: "mutation",
|
|
11930
14673
|
inputProjection: completeTaskInput
|
|
11931
|
-
}
|
|
14674
|
+
},
|
|
14675
|
+
gateway: { handler: "tasks.complete" }
|
|
11932
14676
|
})
|
|
11933
14677
|
];
|
|
14678
|
+
var CREATE_EDGE_TYPES = edgePolicyManifest.policies.map(
|
|
14679
|
+
(policy) => policy.edgeType
|
|
14680
|
+
);
|
|
14681
|
+
var REASONING_METHOD_TYPES = [...REASONING_METHODS];
|
|
11934
14682
|
var createEdgeArgs = z.object({
|
|
11935
14683
|
from: GraphRefSchema,
|
|
11936
14684
|
to: GraphRefSchema,
|
|
11937
|
-
edgeType: z.
|
|
14685
|
+
edgeType: z.enum(CREATE_EDGE_TYPES),
|
|
11938
14686
|
globalId: z.string().optional(),
|
|
11939
14687
|
weight: z.number().optional(),
|
|
11940
14688
|
confidence: z.number().optional(),
|
|
11941
14689
|
context: z.string().optional(),
|
|
11942
14690
|
reasoning: z.string().optional(),
|
|
14691
|
+
reasoningMethod: z.enum(REASONING_METHOD_TYPES).optional(),
|
|
11943
14692
|
derivationType: z.string().optional(),
|
|
14693
|
+
metadata: z.record(z.unknown()).optional(),
|
|
11944
14694
|
topicId: z.string().optional(),
|
|
11945
14695
|
trustedBypassAccessCheck: z.boolean().optional()
|
|
11946
14696
|
});
|
|
14697
|
+
var updateEdgeArgs = z.object({
|
|
14698
|
+
edgeId: z.string().describe("Edge ID or global ID."),
|
|
14699
|
+
weight: z.number().optional(),
|
|
14700
|
+
confidence: z.number().optional(),
|
|
14701
|
+
context: z.string().optional(),
|
|
14702
|
+
reasoning: z.string().optional(),
|
|
14703
|
+
derivationType: z.string().optional(),
|
|
14704
|
+
metadata: z.record(z.unknown()).optional(),
|
|
14705
|
+
userId: z.string().optional()
|
|
14706
|
+
});
|
|
14707
|
+
var removeEdgeArgs = z.object({
|
|
14708
|
+
edgeId: z.string().describe("Edge ID or global ID."),
|
|
14709
|
+
userId: z.string().optional()
|
|
14710
|
+
});
|
|
14711
|
+
var removeEdgesBetweenArgs = z.object({
|
|
14712
|
+
from: GraphRefSchema.optional(),
|
|
14713
|
+
to: GraphRefSchema.optional(),
|
|
14714
|
+
fromNodeId: z.string().optional(),
|
|
14715
|
+
toNodeId: z.string().optional(),
|
|
14716
|
+
edgeType: z.enum(CREATE_EDGE_TYPES).optional()
|
|
14717
|
+
});
|
|
14718
|
+
var batchCreateEdgesArgs = z.object({
|
|
14719
|
+
edges: z.array(createEdgeArgs),
|
|
14720
|
+
skipLayerValidation: z.boolean().optional()
|
|
14721
|
+
});
|
|
11947
14722
|
var queryLineageArgs = z.object({
|
|
11948
14723
|
nodeId: z.string().describe("Starting node to trace from."),
|
|
11949
14724
|
startNode: z.string().optional().describe("Starting node alias accepted by traversal callers."),
|
|
@@ -11992,7 +14767,9 @@ var edgesContracts = [
|
|
|
11992
14767
|
weight: parsed.weight,
|
|
11993
14768
|
confidence: parsed.confidence,
|
|
11994
14769
|
context: parsed.context ?? parsed.reasoning,
|
|
14770
|
+
reasoningMethod: parsed.reasoningMethod,
|
|
11995
14771
|
derivationType: parsed.derivationType,
|
|
14772
|
+
metadata: parsed.metadata,
|
|
11996
14773
|
skipLayerValidation: true,
|
|
11997
14774
|
topicId: parsed.topicId,
|
|
11998
14775
|
trustedBypassAccessCheck: parsed.trustedBypassAccessCheck
|
|
@@ -12003,6 +14780,131 @@ var edgesContracts = [
|
|
|
12003
14780
|
},
|
|
12004
14781
|
args: createEdgeArgs
|
|
12005
14782
|
}),
|
|
14783
|
+
surfaceContract({
|
|
14784
|
+
name: "update_edge",
|
|
14785
|
+
kind: "mutation",
|
|
14786
|
+
domain: "edges",
|
|
14787
|
+
surfaceClass: "platform_public",
|
|
14788
|
+
method: "PATCH",
|
|
14789
|
+
path: "/edges",
|
|
14790
|
+
sdkNamespace: "edges",
|
|
14791
|
+
sdkMethod: "updateEdge",
|
|
14792
|
+
summary: "Update an epistemic edge.",
|
|
14793
|
+
convex: {
|
|
14794
|
+
module: "edges",
|
|
14795
|
+
functionName: "update",
|
|
14796
|
+
kind: "mutation",
|
|
14797
|
+
inputProjection: (input, context) => compactRecord4({
|
|
14798
|
+
edgeId: input.edgeId,
|
|
14799
|
+
weight: input.weight,
|
|
14800
|
+
confidence: input.confidence,
|
|
14801
|
+
context: input.context ?? input.reasoning,
|
|
14802
|
+
derivationType: input.derivationType,
|
|
14803
|
+
metadata: input.metadata,
|
|
14804
|
+
userId: input.userId ?? context.userId ?? context.principalId
|
|
14805
|
+
})
|
|
14806
|
+
},
|
|
14807
|
+
args: updateEdgeArgs
|
|
14808
|
+
}),
|
|
14809
|
+
surfaceContract({
|
|
14810
|
+
name: "remove_edge",
|
|
14811
|
+
kind: "mutation",
|
|
14812
|
+
domain: "edges",
|
|
14813
|
+
surfaceClass: "platform_public",
|
|
14814
|
+
method: "DELETE",
|
|
14815
|
+
path: "/edges",
|
|
14816
|
+
sdkNamespace: "edges",
|
|
14817
|
+
sdkMethod: "removeEdge",
|
|
14818
|
+
summary: "Remove an epistemic edge.",
|
|
14819
|
+
convex: {
|
|
14820
|
+
module: "edges",
|
|
14821
|
+
functionName: "remove",
|
|
14822
|
+
kind: "mutation",
|
|
14823
|
+
inputProjection: (input, context) => compactRecord4({
|
|
14824
|
+
edgeId: input.edgeId,
|
|
14825
|
+
userId: input.userId ?? context.userId ?? context.principalId
|
|
14826
|
+
})
|
|
14827
|
+
},
|
|
14828
|
+
args: removeEdgeArgs
|
|
14829
|
+
}),
|
|
14830
|
+
surfaceContract({
|
|
14831
|
+
name: "remove_edges_between",
|
|
14832
|
+
kind: "mutation",
|
|
14833
|
+
domain: "edges",
|
|
14834
|
+
surfaceClass: "platform_public",
|
|
14835
|
+
method: "DELETE",
|
|
14836
|
+
path: "/edges/between",
|
|
14837
|
+
sdkNamespace: "edges",
|
|
14838
|
+
sdkMethod: "removeEdgesBetween",
|
|
14839
|
+
summary: "Remove epistemic edges between two nodes.",
|
|
14840
|
+
convex: {
|
|
14841
|
+
module: "edges",
|
|
14842
|
+
functionName: "removeBetween",
|
|
14843
|
+
kind: "mutation",
|
|
14844
|
+
inputProjection: (input) => {
|
|
14845
|
+
const parsed = removeEdgesBetweenArgs.parse(input);
|
|
14846
|
+
const fromNodeId = parsed.from ? graphRefNodeId(parsed.from) : parsed.fromNodeId;
|
|
14847
|
+
const toNodeId = parsed.to ? graphRefNodeId(parsed.to) : parsed.toNodeId;
|
|
14848
|
+
if (!fromNodeId || !toNodeId) {
|
|
14849
|
+
throw new Error("from/to or fromNodeId/toNodeId are required.");
|
|
14850
|
+
}
|
|
14851
|
+
return compactRecord4({
|
|
14852
|
+
fromNodeId,
|
|
14853
|
+
toNodeId,
|
|
14854
|
+
edgeType: parsed.edgeType
|
|
14855
|
+
});
|
|
14856
|
+
}
|
|
14857
|
+
},
|
|
14858
|
+
args: removeEdgesBetweenArgs
|
|
14859
|
+
}),
|
|
14860
|
+
surfaceContract({
|
|
14861
|
+
name: "batch_create_edges",
|
|
14862
|
+
kind: "mutation",
|
|
14863
|
+
domain: "edges",
|
|
14864
|
+
surfaceClass: "platform_public",
|
|
14865
|
+
path: "/edges/batch",
|
|
14866
|
+
sdkNamespace: "edges",
|
|
14867
|
+
sdkMethod: "batchCreateEdges",
|
|
14868
|
+
summary: "Batch create epistemic edges.",
|
|
14869
|
+
convex: {
|
|
14870
|
+
module: "edges",
|
|
14871
|
+
functionName: "batchCreate",
|
|
14872
|
+
kind: "mutation",
|
|
14873
|
+
inputProjection: (input, context) => {
|
|
14874
|
+
const parsed = batchCreateEdgesArgs.parse(input);
|
|
14875
|
+
return {
|
|
14876
|
+
skipLayerValidation: parsed.skipLayerValidation ?? true,
|
|
14877
|
+
edges: parsed.edges.map((edge) => {
|
|
14878
|
+
assertEdgePolicyAllowed(
|
|
14879
|
+
edgePolicyManifest,
|
|
14880
|
+
edge.edgeType,
|
|
14881
|
+
edge.from,
|
|
14882
|
+
edge.to
|
|
14883
|
+
);
|
|
14884
|
+
const fromNodeId = graphRefNodeId(edge.from);
|
|
14885
|
+
const toNodeId = graphRefNodeId(edge.to);
|
|
14886
|
+
return withCreatedBy(
|
|
14887
|
+
compactRecord4({
|
|
14888
|
+
fromNodeId,
|
|
14889
|
+
toNodeId,
|
|
14890
|
+
edgeType: edge.edgeType,
|
|
14891
|
+
globalId: edge.globalId ?? `edge:${fromNodeId}:${toNodeId}:${edge.edgeType}`,
|
|
14892
|
+
weight: edge.weight,
|
|
14893
|
+
confidence: edge.confidence,
|
|
14894
|
+
context: edge.context ?? edge.reasoning,
|
|
14895
|
+
reasoningMethod: edge.reasoningMethod,
|
|
14896
|
+
derivationType: edge.derivationType,
|
|
14897
|
+
metadata: edge.metadata,
|
|
14898
|
+
topicId: edge.topicId
|
|
14899
|
+
}),
|
|
14900
|
+
context
|
|
14901
|
+
);
|
|
14902
|
+
})
|
|
14903
|
+
};
|
|
14904
|
+
}
|
|
14905
|
+
},
|
|
14906
|
+
args: batchCreateEdgesArgs
|
|
14907
|
+
}),
|
|
12006
14908
|
surfaceContract({
|
|
12007
14909
|
name: "query_lineage",
|
|
12008
14910
|
kind: "query",
|
|
@@ -12725,6 +15627,69 @@ var pipelineContracts = [
|
|
|
12725
15627
|
}
|
|
12726
15628
|
})
|
|
12727
15629
|
];
|
|
15630
|
+
function isRecord3(value) {
|
|
15631
|
+
return Boolean(value) && typeof value === "object" && !Array.isArray(value);
|
|
15632
|
+
}
|
|
15633
|
+
function stringValues(value) {
|
|
15634
|
+
if (typeof value === "string") {
|
|
15635
|
+
return [value];
|
|
15636
|
+
}
|
|
15637
|
+
if (Array.isArray(value)) {
|
|
15638
|
+
return value.flatMap((item) => stringValues(item));
|
|
15639
|
+
}
|
|
15640
|
+
return [];
|
|
15641
|
+
}
|
|
15642
|
+
function nestedEvidenceRows(value) {
|
|
15643
|
+
if (Array.isArray(value)) {
|
|
15644
|
+
return value.flatMap((item) => nestedEvidenceRows(item));
|
|
15645
|
+
}
|
|
15646
|
+
if (!isRecord3(value)) {
|
|
15647
|
+
return [];
|
|
15648
|
+
}
|
|
15649
|
+
const nestedKeys = ["evidence", "items", "nodes"];
|
|
15650
|
+
const nestedRows = nestedKeys.flatMap((key) => nestedEvidenceRows(value[key]));
|
|
15651
|
+
return nestedRows.length > 0 ? nestedRows : [value];
|
|
15652
|
+
}
|
|
15653
|
+
function isFailedAttemptRow(row) {
|
|
15654
|
+
const metadata = isRecord3(row.metadata) ? row.metadata : null;
|
|
15655
|
+
return metadata?.failedApproach === true || metadata?.isFailedAttempt === true;
|
|
15656
|
+
}
|
|
15657
|
+
function failureLogSearchFields(row) {
|
|
15658
|
+
const metadata = isRecord3(row.metadata) ? row.metadata : null;
|
|
15659
|
+
return [
|
|
15660
|
+
...stringValues(row.id),
|
|
15661
|
+
...stringValues(row._id),
|
|
15662
|
+
...stringValues(row.title),
|
|
15663
|
+
...stringValues(row.text),
|
|
15664
|
+
...stringValues(row.canonicalText),
|
|
15665
|
+
...stringValues(row.content),
|
|
15666
|
+
...stringValues(metadata?.codeAnchor),
|
|
15667
|
+
...stringValues(metadata?.codeAnchors),
|
|
15668
|
+
...stringValues(metadata?.anchor),
|
|
15669
|
+
...stringValues(metadata?.anchors),
|
|
15670
|
+
...stringValues(metadata?.filePath),
|
|
15671
|
+
...stringValues(metadata?.filePaths),
|
|
15672
|
+
...stringValues(metadata?.path),
|
|
15673
|
+
...stringValues(metadata?.paths),
|
|
15674
|
+
...stringValues(metadata?.sourceRef),
|
|
15675
|
+
...stringValues(metadata?.touchedPaths)
|
|
15676
|
+
];
|
|
15677
|
+
}
|
|
15678
|
+
function projectFailureLog(output, input) {
|
|
15679
|
+
const rawQuery = typeof input.query === "string" && input.query.trim().length > 0 ? input.query.trim() : void 0;
|
|
15680
|
+
const searchKey = rawQuery?.toLowerCase();
|
|
15681
|
+
const failures = nestedEvidenceRows(output).filter((row) => isFailedAttemptRow(row)).filter(
|
|
15682
|
+
(row) => !searchKey ? true : failureLogSearchFields(row).some(
|
|
15683
|
+
(field) => field.toLowerCase().includes(searchKey)
|
|
15684
|
+
)
|
|
15685
|
+
);
|
|
15686
|
+
return {
|
|
15687
|
+
query: rawQuery,
|
|
15688
|
+
failures,
|
|
15689
|
+
totalFound: failures.length,
|
|
15690
|
+
showing: failures.length
|
|
15691
|
+
};
|
|
15692
|
+
}
|
|
12728
15693
|
var recordScopeLearningArgs = z.object({
|
|
12729
15694
|
topicId: z.string().optional().describe("Topic scope ID"),
|
|
12730
15695
|
summary: z.string().describe("Atomic learning statement"),
|
|
@@ -12814,6 +15779,8 @@ var attemptInput = (input, context) => withUserId(
|
|
|
12814
15779
|
tags: ["code_attempt"],
|
|
12815
15780
|
metadata: compactRecord4({
|
|
12816
15781
|
...recordValue2(input.metadata),
|
|
15782
|
+
failedApproach: true,
|
|
15783
|
+
isFailedAttempt: true,
|
|
12817
15784
|
filePaths: input.filePaths,
|
|
12818
15785
|
filePath: input.filePath,
|
|
12819
15786
|
errorMessage: input.errorMessage,
|
|
@@ -12944,7 +15911,8 @@ var codingContracts = [
|
|
|
12944
15911
|
limit: input.limit,
|
|
12945
15912
|
status: input.status,
|
|
12946
15913
|
userId: input.userId
|
|
12947
|
-
})
|
|
15914
|
+
}),
|
|
15915
|
+
outputProjection: (output, input) => projectFailureLog(output, input)
|
|
12948
15916
|
}
|
|
12949
15917
|
})
|
|
12950
15918
|
];
|
|
@@ -12981,6 +15949,7 @@ var ALL_FUNCTION_CONTRACTS = [
|
|
|
12981
15949
|
...evidenceContracts,
|
|
12982
15950
|
...questionsContracts,
|
|
12983
15951
|
...topicsContracts,
|
|
15952
|
+
...nodesContracts,
|
|
12984
15953
|
...lensesContracts,
|
|
12985
15954
|
...ontologiesContracts,
|
|
12986
15955
|
...worktreesContracts,
|
|
@@ -13156,6 +16125,13 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13156
16125
|
copyMode: "none",
|
|
13157
16126
|
description: "Deliberation sessions are created by tenant workflows."
|
|
13158
16127
|
},
|
|
16128
|
+
{
|
|
16129
|
+
component: "kernel",
|
|
16130
|
+
table: "domainEvents",
|
|
16131
|
+
prepopulation: "runtime_log",
|
|
16132
|
+
copyMode: "none",
|
|
16133
|
+
description: "Domain event rows are append-only runtime audit/exhaust data."
|
|
16134
|
+
},
|
|
13159
16135
|
{
|
|
13160
16136
|
component: "kernel",
|
|
13161
16137
|
table: "epistemicAudit",
|
|
@@ -13405,14 +16381,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13405
16381
|
description: "Worktrees are tenant/runtime planning data."
|
|
13406
16382
|
},
|
|
13407
16383
|
{
|
|
13408
|
-
component: "
|
|
16384
|
+
component: "control-plane",
|
|
13409
16385
|
table: "agents",
|
|
13410
16386
|
prepopulation: "runtime_bootstrap",
|
|
13411
16387
|
copyMode: "none",
|
|
13412
16388
|
description: "Service agents are provisioned per tenant or service, not copied."
|
|
13413
16389
|
},
|
|
13414
16390
|
{
|
|
13415
|
-
component: "
|
|
16391
|
+
component: "control-plane",
|
|
13416
16392
|
table: "mcpWritePolicy",
|
|
13417
16393
|
prepopulation: "required_template",
|
|
13418
16394
|
copyMode: "template_global",
|
|
@@ -13421,14 +16397,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13421
16397
|
description: "Global write policy defaults govern service and interactive MCP writes."
|
|
13422
16398
|
},
|
|
13423
16399
|
{
|
|
13424
|
-
component: "
|
|
16400
|
+
component: "control-plane",
|
|
13425
16401
|
table: "modelCallLogs",
|
|
13426
16402
|
prepopulation: "runtime_log",
|
|
13427
16403
|
copyMode: "none",
|
|
13428
16404
|
description: "Model call logs are runtime telemetry."
|
|
13429
16405
|
},
|
|
13430
16406
|
{
|
|
13431
|
-
component: "
|
|
16407
|
+
component: "control-plane",
|
|
13432
16408
|
table: "modelFunctionSlots",
|
|
13433
16409
|
prepopulation: "required_template",
|
|
13434
16410
|
copyMode: "template_global",
|
|
@@ -13437,7 +16413,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13437
16413
|
description: "Function-to-model slots are required by model runtime resolution."
|
|
13438
16414
|
},
|
|
13439
16415
|
{
|
|
13440
|
-
component: "
|
|
16416
|
+
component: "control-plane",
|
|
13441
16417
|
table: "modelRegistry",
|
|
13442
16418
|
prepopulation: "required_template",
|
|
13443
16419
|
copyMode: "template_global",
|
|
@@ -13446,7 +16422,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13446
16422
|
description: "Model catalog defaults are required by model runtime clients."
|
|
13447
16423
|
},
|
|
13448
16424
|
{
|
|
13449
|
-
component: "
|
|
16425
|
+
component: "control-plane",
|
|
13450
16426
|
table: "modelSlotConfigs",
|
|
13451
16427
|
prepopulation: "required_template",
|
|
13452
16428
|
copyMode: "template_global",
|
|
@@ -13455,14 +16431,105 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13455
16431
|
description: "Slot-level defaults are required before tenant overrides exist."
|
|
13456
16432
|
},
|
|
13457
16433
|
{
|
|
13458
|
-
component: "
|
|
16434
|
+
component: "control-plane",
|
|
16435
|
+
table: "permitAccessReviewItems",
|
|
16436
|
+
prepopulation: "runtime_data",
|
|
16437
|
+
copyMode: "none",
|
|
16438
|
+
description: "Permit access-review item rows are tenant review data projected from Permit."
|
|
16439
|
+
},
|
|
16440
|
+
{
|
|
16441
|
+
component: "control-plane",
|
|
16442
|
+
table: "permitAccessReviews",
|
|
16443
|
+
prepopulation: "runtime_data",
|
|
16444
|
+
copyMode: "none",
|
|
16445
|
+
description: "Permit access-review campaigns are tenant review data projected from Permit."
|
|
16446
|
+
},
|
|
16447
|
+
{
|
|
16448
|
+
component: "control-plane",
|
|
16449
|
+
table: "permitAttributeBindings",
|
|
16450
|
+
prepopulation: "runtime_data",
|
|
16451
|
+
copyMode: "none",
|
|
16452
|
+
description: "Permit ABAC attribute bindings are tenant policy projection rows."
|
|
16453
|
+
},
|
|
16454
|
+
{
|
|
16455
|
+
component: "control-plane",
|
|
16456
|
+
table: "permitGroups",
|
|
16457
|
+
prepopulation: "runtime_data",
|
|
16458
|
+
copyMode: "none",
|
|
16459
|
+
description: "Permit groups are tenant-defined policy subjects, not template data."
|
|
16460
|
+
},
|
|
16461
|
+
{
|
|
16462
|
+
component: "control-plane",
|
|
16463
|
+
table: "permitGroupMemberships",
|
|
16464
|
+
prepopulation: "runtime_data",
|
|
16465
|
+
copyMode: "none",
|
|
16466
|
+
description: "Permit group memberships are tenant-specific policy projection rows."
|
|
16467
|
+
},
|
|
16468
|
+
{
|
|
16469
|
+
component: "control-plane",
|
|
16470
|
+
table: "permitPolicyBundles",
|
|
16471
|
+
prepopulation: "runtime_derived",
|
|
16472
|
+
copyMode: "none",
|
|
16473
|
+
description: "Permit policy bundles are derived from the Permit control plane."
|
|
16474
|
+
},
|
|
16475
|
+
{
|
|
16476
|
+
component: "control-plane",
|
|
16477
|
+
table: "permitPolicyDecisionReceipts",
|
|
16478
|
+
prepopulation: "runtime_log",
|
|
16479
|
+
copyMode: "none",
|
|
16480
|
+
description: "Permit decision receipts are runtime authorization audit logs."
|
|
16481
|
+
},
|
|
16482
|
+
{
|
|
16483
|
+
component: "control-plane",
|
|
16484
|
+
table: "permitPrincipalAliases",
|
|
16485
|
+
prepopulation: "runtime_data",
|
|
16486
|
+
copyMode: "none",
|
|
16487
|
+
description: "Permit principal aliases are tenant-specific identity projection rows."
|
|
16488
|
+
},
|
|
16489
|
+
{
|
|
16490
|
+
component: "control-plane",
|
|
16491
|
+
table: "permitPrincipals",
|
|
16492
|
+
prepopulation: "runtime_data",
|
|
16493
|
+
copyMode: "none",
|
|
16494
|
+
description: "Permit principals are projected from Clerk, Permit, and tenant onboarding flows."
|
|
16495
|
+
},
|
|
16496
|
+
{
|
|
16497
|
+
component: "control-plane",
|
|
16498
|
+
table: "permitProjectionOutbox",
|
|
16499
|
+
prepopulation: "runtime_queue",
|
|
16500
|
+
copyMode: "none",
|
|
16501
|
+
description: "Permit projection outbox rows are runtime sync queue data."
|
|
16502
|
+
},
|
|
16503
|
+
{
|
|
16504
|
+
component: "control-plane",
|
|
16505
|
+
table: "permitRelationshipTuples",
|
|
16506
|
+
prepopulation: "runtime_data",
|
|
16507
|
+
copyMode: "none",
|
|
16508
|
+
description: "Permit ReBAC relationship tuples are tenant policy projection rows."
|
|
16509
|
+
},
|
|
16510
|
+
{
|
|
16511
|
+
component: "control-plane",
|
|
16512
|
+
table: "permitResourceInstances",
|
|
16513
|
+
prepopulation: "runtime_data",
|
|
16514
|
+
copyMode: "none",
|
|
16515
|
+
description: "Permit resource instances are tenant/workspace graph and deployment projection rows."
|
|
16516
|
+
},
|
|
16517
|
+
{
|
|
16518
|
+
component: "control-plane",
|
|
16519
|
+
table: "permitRoleAssignments",
|
|
16520
|
+
prepopulation: "runtime_data",
|
|
16521
|
+
copyMode: "none",
|
|
16522
|
+
description: "Permit role assignments are tenant-specific policy projection rows."
|
|
16523
|
+
},
|
|
16524
|
+
{
|
|
16525
|
+
component: "control-plane",
|
|
13459
16526
|
table: "platformAudienceGrants",
|
|
13460
16527
|
prepopulation: "runtime_data",
|
|
13461
16528
|
copyMode: "none",
|
|
13462
16529
|
description: "Audience grants are principal/group-specific access rows."
|
|
13463
16530
|
},
|
|
13464
16531
|
{
|
|
13465
|
-
component: "
|
|
16532
|
+
component: "control-plane",
|
|
13466
16533
|
table: "platformAudiences",
|
|
13467
16534
|
prepopulation: "required_template",
|
|
13468
16535
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13471,35 +16538,35 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13471
16538
|
description: "Default tenant audience taxonomy rows are rewritten into each tenant."
|
|
13472
16539
|
},
|
|
13473
16540
|
{
|
|
13474
|
-
component: "
|
|
16541
|
+
component: "control-plane",
|
|
13475
16542
|
table: "platformPolicyDecisionLogs",
|
|
13476
16543
|
prepopulation: "runtime_log",
|
|
13477
16544
|
copyMode: "none",
|
|
13478
16545
|
description: "Policy decisions are runtime audit logs."
|
|
13479
16546
|
},
|
|
13480
16547
|
{
|
|
13481
|
-
component: "
|
|
16548
|
+
component: "control-plane",
|
|
13482
16549
|
table: "projectGrants",
|
|
13483
16550
|
prepopulation: "runtime_data",
|
|
13484
16551
|
copyMode: "none",
|
|
13485
16552
|
description: "Project/topic grants are principal or group-specific access rows."
|
|
13486
16553
|
},
|
|
13487
16554
|
{
|
|
13488
|
-
component: "
|
|
16555
|
+
component: "control-plane",
|
|
13489
16556
|
table: "reasoningPermissions",
|
|
13490
16557
|
prepopulation: "runtime_data",
|
|
13491
16558
|
copyMode: "none",
|
|
13492
16559
|
description: "Reasoning permissions are principal-specific policy rows."
|
|
13493
16560
|
},
|
|
13494
16561
|
{
|
|
13495
|
-
component: "
|
|
16562
|
+
component: "control-plane",
|
|
13496
16563
|
table: "tenantApiKeys",
|
|
13497
16564
|
prepopulation: "runtime_secret",
|
|
13498
16565
|
copyMode: "none",
|
|
13499
16566
|
description: "API keys are tenant credentials and must never be copied."
|
|
13500
16567
|
},
|
|
13501
16568
|
{
|
|
13502
|
-
component: "
|
|
16569
|
+
component: "control-plane",
|
|
13503
16570
|
table: "tenantConfig",
|
|
13504
16571
|
prepopulation: "required_template",
|
|
13505
16572
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13508,7 +16575,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13508
16575
|
description: "Tenant-local config defaults are rewritten during bootstrap."
|
|
13509
16576
|
},
|
|
13510
16577
|
{
|
|
13511
|
-
component: "
|
|
16578
|
+
component: "control-plane",
|
|
13512
16579
|
table: "tenantIntegrations",
|
|
13513
16580
|
prepopulation: "required_template",
|
|
13514
16581
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13517,14 +16584,21 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13517
16584
|
description: "Non-secret integration descriptors are rewritten into each tenant."
|
|
13518
16585
|
},
|
|
13519
16586
|
{
|
|
13520
|
-
component: "
|
|
16587
|
+
component: "control-plane",
|
|
13521
16588
|
table: "tenantModelSlotBindings",
|
|
13522
16589
|
prepopulation: "runtime_secret",
|
|
13523
16590
|
copyMode: "none",
|
|
13524
16591
|
description: "Tenant model slot bindings reference provider secrets and are runtime-only."
|
|
13525
16592
|
},
|
|
13526
16593
|
{
|
|
13527
|
-
component: "
|
|
16594
|
+
component: "control-plane",
|
|
16595
|
+
table: "tenantPermitSyncStates",
|
|
16596
|
+
prepopulation: "runtime_derived",
|
|
16597
|
+
copyMode: "none",
|
|
16598
|
+
description: "Tenant Permit sync state rows are runtime reconciliation state."
|
|
16599
|
+
},
|
|
16600
|
+
{
|
|
16601
|
+
component: "control-plane",
|
|
13528
16602
|
table: "tenantPolicies",
|
|
13529
16603
|
prepopulation: "required_template",
|
|
13530
16604
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13533,42 +16607,42 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13533
16607
|
description: "Default tenant policy roles are rewritten during bootstrap."
|
|
13534
16608
|
},
|
|
13535
16609
|
{
|
|
13536
|
-
component: "
|
|
16610
|
+
component: "control-plane",
|
|
13537
16611
|
table: "tenantProviderSecrets",
|
|
13538
16612
|
prepopulation: "runtime_secret",
|
|
13539
16613
|
copyMode: "none",
|
|
13540
16614
|
description: "Provider secrets are credentials and must never be copied."
|
|
13541
16615
|
},
|
|
13542
16616
|
{
|
|
13543
|
-
component: "
|
|
16617
|
+
component: "control-plane",
|
|
13544
16618
|
table: "tenantProxyGatewayUsage",
|
|
13545
16619
|
prepopulation: "runtime_log",
|
|
13546
16620
|
copyMode: "none",
|
|
13547
16621
|
description: "Proxy gateway usage rows are runtime telemetry."
|
|
13548
16622
|
},
|
|
13549
16623
|
{
|
|
13550
|
-
component: "
|
|
16624
|
+
component: "control-plane",
|
|
13551
16625
|
table: "tenantProxyTokenMints",
|
|
13552
16626
|
prepopulation: "runtime_secret",
|
|
13553
16627
|
copyMode: "none",
|
|
13554
16628
|
description: "Proxy token mints are ephemeral secret-bearing runtime rows."
|
|
13555
16629
|
},
|
|
13556
16630
|
{
|
|
13557
|
-
component: "
|
|
16631
|
+
component: "control-plane",
|
|
13558
16632
|
table: "tenantSandboxAuditEvents",
|
|
13559
16633
|
prepopulation: "runtime_log",
|
|
13560
16634
|
copyMode: "none",
|
|
13561
16635
|
description: "Sandbox audit rows are runtime security logs."
|
|
13562
16636
|
},
|
|
13563
16637
|
{
|
|
13564
|
-
component: "
|
|
16638
|
+
component: "control-plane",
|
|
13565
16639
|
table: "tenantSecrets",
|
|
13566
16640
|
prepopulation: "runtime_secret",
|
|
13567
16641
|
copyMode: "none",
|
|
13568
16642
|
description: "Tenant secrets are credentials and must never be copied."
|
|
13569
16643
|
},
|
|
13570
16644
|
{
|
|
13571
|
-
component: "
|
|
16645
|
+
component: "control-plane",
|
|
13572
16646
|
table: "toolAcls",
|
|
13573
16647
|
prepopulation: "required_template",
|
|
13574
16648
|
copyMode: "template_global",
|
|
@@ -13577,7 +16651,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13577
16651
|
description: "Default role-to-tool grants are required for SDK/MCP tool access."
|
|
13578
16652
|
},
|
|
13579
16653
|
{
|
|
13580
|
-
component: "
|
|
16654
|
+
component: "control-plane",
|
|
13581
16655
|
table: "toolRegistry",
|
|
13582
16656
|
prepopulation: "required_template",
|
|
13583
16657
|
copyMode: "template_global",
|
|
@@ -13586,7 +16660,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13586
16660
|
description: "Core tool catalog rows are required before pack or tenant tools exist."
|
|
13587
16661
|
},
|
|
13588
16662
|
{
|
|
13589
|
-
component: "
|
|
16663
|
+
component: "control-plane",
|
|
13590
16664
|
table: "users",
|
|
13591
16665
|
prepopulation: "runtime_bootstrap",
|
|
13592
16666
|
copyMode: "none",
|