@lucern/events 0.3.0-alpha.8 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -2
- package/dist/index.js +3477 -403
- package/dist/index.js.map +1 -1
- package/dist/outbox.js +3477 -403
- package/dist/outbox.js.map +1 -1
- package/dist/types.js +3477 -403
- package/dist/types.js.map +1 -1
- package/dist/webhooks.js +3477 -403
- package/dist/webhooks.js.map +1 -1
- package/package.json +2 -2
package/dist/types.js
CHANGED
|
@@ -1,6 +1,20 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
2
|
import { v } from 'convex/values';
|
|
3
3
|
|
|
4
|
+
// ../contracts/src/types/reasoning-method.ts
|
|
5
|
+
var REASONING_METHODS = [
|
|
6
|
+
"deductive",
|
|
7
|
+
"inductive",
|
|
8
|
+
"abductive",
|
|
9
|
+
"analogical",
|
|
10
|
+
"causal",
|
|
11
|
+
"correlational",
|
|
12
|
+
"testimonial",
|
|
13
|
+
"statistical",
|
|
14
|
+
"implicit",
|
|
15
|
+
"pattern_match"
|
|
16
|
+
];
|
|
17
|
+
|
|
4
18
|
// ../contracts/src/graph-intelligence.contract.ts
|
|
5
19
|
var GRAPH_INTELLIGENCE_MODE_TOOL_NAMES = {
|
|
6
20
|
core: [
|
|
@@ -731,7 +745,7 @@ defineTable({
|
|
|
731
745
|
});
|
|
732
746
|
defineTable({
|
|
733
747
|
name: "agents",
|
|
734
|
-
component: "
|
|
748
|
+
component: "control-plane",
|
|
735
749
|
category: "agent",
|
|
736
750
|
shape: z.object({
|
|
737
751
|
"slug": z.string(),
|
|
@@ -762,6 +776,8 @@ defineTable({
|
|
|
762
776
|
category: "tenant",
|
|
763
777
|
shape: z.object({
|
|
764
778
|
"tenantId": idOf("tenants"),
|
|
779
|
+
"workspaceId": idOf("workspaces").optional(),
|
|
780
|
+
"environment": z.enum(["dev", "staging", "prod"]).optional(),
|
|
765
781
|
"keyPrefix": z.enum(["luc", "stk"]),
|
|
766
782
|
"keyHash": z.string(),
|
|
767
783
|
"keyHint": z.string(),
|
|
@@ -789,7 +805,7 @@ defineTable({
|
|
|
789
805
|
shape: z.object({
|
|
790
806
|
"tenantId": idOf("tenants").optional(),
|
|
791
807
|
"apiKeyId": idOf("apiKeys").optional(),
|
|
792
|
-
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
808
|
+
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "tenant_clerk_organization_linked", "tenant_canonical_identity_repaired", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
793
809
|
"actorClerkId": z.string(),
|
|
794
810
|
"details": z.any().optional(),
|
|
795
811
|
"createdAt": z.number()
|
|
@@ -1013,6 +1029,35 @@ defineTable({
|
|
|
1013
1029
|
{ kind: "index", name: "by_source", columns: ["source"] }
|
|
1014
1030
|
]
|
|
1015
1031
|
});
|
|
1032
|
+
defineTable({
|
|
1033
|
+
name: "domainEvents",
|
|
1034
|
+
component: "kernel",
|
|
1035
|
+
category: "events",
|
|
1036
|
+
shape: z.object({
|
|
1037
|
+
"eventId": z.string(),
|
|
1038
|
+
"type": z.string(),
|
|
1039
|
+
"version": z.string(),
|
|
1040
|
+
"timestamp": z.number(),
|
|
1041
|
+
"tenantId": z.string().optional(),
|
|
1042
|
+
"workspaceId": z.string().optional(),
|
|
1043
|
+
"topicId": z.string(),
|
|
1044
|
+
"resourceId": z.string(),
|
|
1045
|
+
"resourceType": z.string(),
|
|
1046
|
+
"actorId": z.string(),
|
|
1047
|
+
"actorType": z.enum(["human", "agent", "service"]),
|
|
1048
|
+
"data": z.record(z.any()),
|
|
1049
|
+
"correlationId": z.string().optional(),
|
|
1050
|
+
"expiresAt": z.number()
|
|
1051
|
+
}),
|
|
1052
|
+
indices: [
|
|
1053
|
+
{ kind: "index", name: "by_eventId", columns: ["eventId"] },
|
|
1054
|
+
{ kind: "index", name: "by_topic_timestamp", columns: ["topicId", "timestamp"] },
|
|
1055
|
+
{ kind: "index", name: "by_tenant_workspace_timestamp", columns: ["tenantId", "workspaceId", "timestamp"] },
|
|
1056
|
+
{ kind: "index", name: "by_type_timestamp", columns: ["type", "timestamp"] },
|
|
1057
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId", "timestamp"] },
|
|
1058
|
+
{ kind: "index", name: "by_expiresAt", columns: ["expiresAt"] }
|
|
1059
|
+
]
|
|
1060
|
+
});
|
|
1016
1061
|
defineTable({
|
|
1017
1062
|
name: "beliefConfidence",
|
|
1018
1063
|
component: "kernel",
|
|
@@ -1668,29 +1713,37 @@ defineTable({
|
|
|
1668
1713
|
component: "mc",
|
|
1669
1714
|
category: "runtime",
|
|
1670
1715
|
shape: z.object({
|
|
1671
|
-
|
|
1672
|
-
|
|
1673
|
-
|
|
1674
|
-
|
|
1675
|
-
|
|
1676
|
-
|
|
1677
|
-
|
|
1678
|
-
|
|
1679
|
-
|
|
1680
|
-
|
|
1681
|
-
|
|
1682
|
-
|
|
1683
|
-
|
|
1716
|
+
shimId: z.string(),
|
|
1717
|
+
gateId: z.string(),
|
|
1718
|
+
removalDate: z.string(),
|
|
1719
|
+
removalPriority: z.enum(["P1", "P2", "P3"]),
|
|
1720
|
+
description: z.string(),
|
|
1721
|
+
owner: z.string(),
|
|
1722
|
+
createdAt: z.string(),
|
|
1723
|
+
status: z.enum(["active", "overdue", "removed"]),
|
|
1724
|
+
bridgeType: z.enum(["tool", "agent"]),
|
|
1725
|
+
bridgeTarget: z.object({
|
|
1726
|
+
type: z.enum(["tool", "agent"]),
|
|
1727
|
+
legacyPath: z.string(),
|
|
1728
|
+
harnessPath: z.string()
|
|
1684
1729
|
}),
|
|
1685
|
-
|
|
1686
|
-
|
|
1687
|
-
|
|
1688
|
-
|
|
1730
|
+
shimBehavior: z.enum([
|
|
1731
|
+
"passthrough_with_logging",
|
|
1732
|
+
"adapter",
|
|
1733
|
+
"feature_flag_gate"
|
|
1734
|
+
]),
|
|
1735
|
+
producesLedgerEntries: z.boolean(),
|
|
1736
|
+
lastAuditedAt: z.number(),
|
|
1737
|
+
metadata: z.record(z.any()).optional()
|
|
1689
1738
|
}),
|
|
1690
1739
|
indices: [
|
|
1691
1740
|
{ kind: "index", name: "by_shimId", columns: ["shimId"] },
|
|
1692
1741
|
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
1693
|
-
{
|
|
1742
|
+
{
|
|
1743
|
+
kind: "index",
|
|
1744
|
+
name: "by_bridgeType_status",
|
|
1745
|
+
columns: ["bridgeType", "status"]
|
|
1746
|
+
}
|
|
1694
1747
|
]
|
|
1695
1748
|
});
|
|
1696
1749
|
defineTable({
|
|
@@ -1698,12 +1751,23 @@ defineTable({
|
|
|
1698
1751
|
component: "mc",
|
|
1699
1752
|
category: "runtime",
|
|
1700
1753
|
shape: z.object({
|
|
1701
|
-
|
|
1702
|
-
|
|
1703
|
-
|
|
1704
|
-
|
|
1705
|
-
|
|
1706
|
-
|
|
1754
|
+
domain: z.enum([
|
|
1755
|
+
"graph",
|
|
1756
|
+
"schema",
|
|
1757
|
+
"identity",
|
|
1758
|
+
"policy",
|
|
1759
|
+
"audit",
|
|
1760
|
+
"admin",
|
|
1761
|
+
"agent",
|
|
1762
|
+
"tool",
|
|
1763
|
+
"prompt",
|
|
1764
|
+
"intelligence"
|
|
1765
|
+
]),
|
|
1766
|
+
state: z.enum(["legacy", "cutover", "disabled"]),
|
|
1767
|
+
metadata: z.record(z.any()).optional(),
|
|
1768
|
+
updatedBy: z.string(),
|
|
1769
|
+
createdAt: z.number(),
|
|
1770
|
+
updatedAt: z.number()
|
|
1707
1771
|
}),
|
|
1708
1772
|
indices: [
|
|
1709
1773
|
{ kind: "index", name: "by_domain", columns: ["domain"] },
|
|
@@ -1715,57 +1779,193 @@ defineTable({
|
|
|
1715
1779
|
component: "mc",
|
|
1716
1780
|
category: "runtime",
|
|
1717
1781
|
shape: z.object({
|
|
1718
|
-
|
|
1719
|
-
|
|
1720
|
-
|
|
1721
|
-
|
|
1722
|
-
|
|
1723
|
-
|
|
1724
|
-
|
|
1725
|
-
|
|
1726
|
-
|
|
1727
|
-
|
|
1728
|
-
|
|
1729
|
-
|
|
1730
|
-
|
|
1731
|
-
|
|
1732
|
-
|
|
1733
|
-
|
|
1734
|
-
|
|
1782
|
+
credentialRef: z.string(),
|
|
1783
|
+
tenantId: idOf("tenants"),
|
|
1784
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1785
|
+
target: z.enum(["kernelDeployment", "appDeployment"]),
|
|
1786
|
+
environment: z.enum(["dev", "staging", "prod"]),
|
|
1787
|
+
encryptedDeployKey: z.string(),
|
|
1788
|
+
encryptionVersion: z.string(),
|
|
1789
|
+
keyFingerprint: z.string(),
|
|
1790
|
+
keyHint: z.string(),
|
|
1791
|
+
status: z.enum(["active", "revoked"]),
|
|
1792
|
+
rotatedFromCredentialRef: z.string().optional(),
|
|
1793
|
+
revokedAt: z.number().optional(),
|
|
1794
|
+
revokedBy: z.string().optional(),
|
|
1795
|
+
lastUsedAt: z.number().optional(),
|
|
1796
|
+
metadata: z.record(z.any()).optional(),
|
|
1797
|
+
createdBy: z.string(),
|
|
1798
|
+
createdAt: z.number(),
|
|
1799
|
+
updatedAt: z.number()
|
|
1735
1800
|
}),
|
|
1736
1801
|
indices: [
|
|
1737
1802
|
{ kind: "index", name: "by_credentialRef", columns: ["credentialRef"] },
|
|
1738
1803
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1739
|
-
{ kind: "index", name: "
|
|
1740
|
-
{
|
|
1741
|
-
|
|
1804
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
1805
|
+
{
|
|
1806
|
+
kind: "index",
|
|
1807
|
+
name: "by_tenant_target",
|
|
1808
|
+
columns: ["tenantId", "target"]
|
|
1809
|
+
},
|
|
1810
|
+
{
|
|
1811
|
+
kind: "index",
|
|
1812
|
+
name: "by_tenant_target_environment",
|
|
1813
|
+
columns: ["tenantId", "target", "environment"]
|
|
1814
|
+
},
|
|
1815
|
+
{
|
|
1816
|
+
kind: "index",
|
|
1817
|
+
name: "by_tenant_target_environment_status",
|
|
1818
|
+
columns: ["tenantId", "target", "environment", "status"]
|
|
1819
|
+
},
|
|
1820
|
+
{
|
|
1821
|
+
kind: "index",
|
|
1822
|
+
name: "by_tenant_workspace_target_environment_status",
|
|
1823
|
+
columns: ["tenantId", "workspaceId", "target", "environment", "status"]
|
|
1824
|
+
},
|
|
1742
1825
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1743
1826
|
]
|
|
1744
1827
|
});
|
|
1828
|
+
defineTable({
|
|
1829
|
+
name: "permitSyncStates",
|
|
1830
|
+
component: "mc",
|
|
1831
|
+
category: "runtime",
|
|
1832
|
+
shape: z.object({
|
|
1833
|
+
syncKey: z.string(),
|
|
1834
|
+
objectType: z.enum([
|
|
1835
|
+
"resource",
|
|
1836
|
+
"role",
|
|
1837
|
+
"resource_role",
|
|
1838
|
+
"resource_relation",
|
|
1839
|
+
"tenant",
|
|
1840
|
+
"workspace",
|
|
1841
|
+
"principal",
|
|
1842
|
+
"membership",
|
|
1843
|
+
"group",
|
|
1844
|
+
"resource_instance",
|
|
1845
|
+
"relationship_tuple",
|
|
1846
|
+
"role_assignment"
|
|
1847
|
+
]),
|
|
1848
|
+
objectId: z.string(),
|
|
1849
|
+
tenantId: idOf("tenants").optional(),
|
|
1850
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1851
|
+
principalId: z.string().optional(),
|
|
1852
|
+
permitTenantKey: z.string().optional(),
|
|
1853
|
+
permitResourceType: z.string().optional(),
|
|
1854
|
+
permitResourceKey: z.string().optional(),
|
|
1855
|
+
desiredPayload: z.record(z.any()),
|
|
1856
|
+
lastAppliedPayloadHash: z.string().optional(),
|
|
1857
|
+
status: z.enum(["pending", "synced", "error", "skipped"]),
|
|
1858
|
+
attemptCount: z.number(),
|
|
1859
|
+
lastError: z.string().optional(),
|
|
1860
|
+
nextAttemptAt: z.number().optional(),
|
|
1861
|
+
lastSyncedAt: z.number().optional(),
|
|
1862
|
+
createdBy: z.string(),
|
|
1863
|
+
updatedBy: z.string().optional(),
|
|
1864
|
+
createdAt: z.number(),
|
|
1865
|
+
updatedAt: z.number()
|
|
1866
|
+
}),
|
|
1867
|
+
indices: [
|
|
1868
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
1869
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
1870
|
+
{
|
|
1871
|
+
kind: "index",
|
|
1872
|
+
name: "by_tenant_status",
|
|
1873
|
+
columns: ["tenantId", "status"]
|
|
1874
|
+
},
|
|
1875
|
+
{
|
|
1876
|
+
kind: "index",
|
|
1877
|
+
name: "by_workspace_status",
|
|
1878
|
+
columns: ["workspaceId", "status"]
|
|
1879
|
+
},
|
|
1880
|
+
{
|
|
1881
|
+
kind: "index",
|
|
1882
|
+
name: "by_principal_status",
|
|
1883
|
+
columns: ["principalId", "status"]
|
|
1884
|
+
}
|
|
1885
|
+
]
|
|
1886
|
+
});
|
|
1887
|
+
defineTable({
|
|
1888
|
+
name: "secretSyncDriftReports",
|
|
1889
|
+
component: "mc",
|
|
1890
|
+
category: "runtime",
|
|
1891
|
+
shape: z.object({
|
|
1892
|
+
reportId: z.string(),
|
|
1893
|
+
source: z.enum(["infisical_manifest", "manual", "ci"]),
|
|
1894
|
+
generatedAt: z.number(),
|
|
1895
|
+
recordedAt: z.number(),
|
|
1896
|
+
recordedBy: z.string(),
|
|
1897
|
+
status: z.enum([
|
|
1898
|
+
"in_sync",
|
|
1899
|
+
"drift",
|
|
1900
|
+
"exception",
|
|
1901
|
+
"blocked",
|
|
1902
|
+
"not_observed"
|
|
1903
|
+
]),
|
|
1904
|
+
reportHash: z.string(),
|
|
1905
|
+
manifestHash: z.string().optional(),
|
|
1906
|
+
dryRunReceiptId: z.string().optional(),
|
|
1907
|
+
appliedReceiptId: z.string().optional(),
|
|
1908
|
+
summary: z.object({
|
|
1909
|
+
totalPipelines: z.number(),
|
|
1910
|
+
inSync: z.number(),
|
|
1911
|
+
drift: z.number(),
|
|
1912
|
+
exception: z.number(),
|
|
1913
|
+
blocked: z.number(),
|
|
1914
|
+
notObserved: z.number(),
|
|
1915
|
+
missingKeys: z.number(),
|
|
1916
|
+
valueDriftKeys: z.number(),
|
|
1917
|
+
extraKeys: z.number(),
|
|
1918
|
+
deniedConvexLeakage: z.number(),
|
|
1919
|
+
approvedExceptions: z.number()
|
|
1920
|
+
}),
|
|
1921
|
+
redactedReport: z.record(z.any()),
|
|
1922
|
+
metadata: z.record(z.any()).optional()
|
|
1923
|
+
}),
|
|
1924
|
+
indices: [
|
|
1925
|
+
{ kind: "index", name: "by_reportId", columns: ["reportId"] },
|
|
1926
|
+
{ kind: "index", name: "by_reportHash", columns: ["reportHash"] },
|
|
1927
|
+
{ kind: "index", name: "by_generatedAt", columns: ["generatedAt"] },
|
|
1928
|
+
{
|
|
1929
|
+
kind: "index",
|
|
1930
|
+
name: "by_status_generatedAt",
|
|
1931
|
+
columns: ["status", "generatedAt"]
|
|
1932
|
+
}
|
|
1933
|
+
]
|
|
1934
|
+
});
|
|
1745
1935
|
defineTable({
|
|
1746
1936
|
name: "controlPlaneTenantModelSlotBindings",
|
|
1747
1937
|
component: "mc",
|
|
1748
1938
|
category: "runtime",
|
|
1749
1939
|
shape: z.object({
|
|
1750
|
-
|
|
1751
|
-
|
|
1752
|
-
"
|
|
1753
|
-
|
|
1754
|
-
|
|
1755
|
-
|
|
1756
|
-
|
|
1757
|
-
|
|
1758
|
-
|
|
1759
|
-
|
|
1760
|
-
|
|
1761
|
-
|
|
1762
|
-
|
|
1940
|
+
bindingId: z.string(),
|
|
1941
|
+
tenantId: idOf("tenants"),
|
|
1942
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1943
|
+
environment: z.enum(["dev", "staging", "prod"]).optional(),
|
|
1944
|
+
providerId: z.string(),
|
|
1945
|
+
modelSlotId: z.string(),
|
|
1946
|
+
secretRef: z.string(),
|
|
1947
|
+
status: z.enum(["active", "revoked"]),
|
|
1948
|
+
passThroughOnly: z.boolean(),
|
|
1949
|
+
revokedAt: z.number().optional(),
|
|
1950
|
+
revokedBy: z.string().optional(),
|
|
1951
|
+
metadata: z.record(z.any()).optional(),
|
|
1952
|
+
createdBy: z.string(),
|
|
1953
|
+
createdAt: z.number(),
|
|
1954
|
+
updatedAt: z.number()
|
|
1763
1955
|
}),
|
|
1764
1956
|
indices: [
|
|
1765
1957
|
{ kind: "index", name: "by_bindingId", columns: ["bindingId"] },
|
|
1766
1958
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1767
|
-
{
|
|
1768
|
-
|
|
1959
|
+
{
|
|
1960
|
+
kind: "index",
|
|
1961
|
+
name: "by_tenant_slot",
|
|
1962
|
+
columns: ["tenantId", "modelSlotId"]
|
|
1963
|
+
},
|
|
1964
|
+
{
|
|
1965
|
+
kind: "index",
|
|
1966
|
+
name: "by_tenant_provider_slot",
|
|
1967
|
+
columns: ["tenantId", "providerId", "modelSlotId"]
|
|
1968
|
+
},
|
|
1769
1969
|
{ kind: "index", name: "by_secretRef", columns: ["secretRef"] },
|
|
1770
1970
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1771
1971
|
]
|
|
@@ -1775,29 +1975,42 @@ defineTable({
|
|
|
1775
1975
|
component: "mc",
|
|
1776
1976
|
category: "runtime",
|
|
1777
1977
|
shape: z.object({
|
|
1778
|
-
|
|
1779
|
-
|
|
1780
|
-
"
|
|
1781
|
-
|
|
1782
|
-
|
|
1783
|
-
|
|
1784
|
-
|
|
1785
|
-
|
|
1786
|
-
|
|
1787
|
-
|
|
1788
|
-
|
|
1789
|
-
|
|
1790
|
-
|
|
1791
|
-
|
|
1792
|
-
|
|
1793
|
-
|
|
1794
|
-
|
|
1978
|
+
secretRef: z.string(),
|
|
1979
|
+
tenantId: idOf("tenants"),
|
|
1980
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1981
|
+
environment: z.enum(["dev", "staging", "prod"]).optional(),
|
|
1982
|
+
providerId: z.string(),
|
|
1983
|
+
label: z.string().optional(),
|
|
1984
|
+
encryptedSecret: z.string().optional(),
|
|
1985
|
+
infisicalPath: z.string().optional(),
|
|
1986
|
+
infisicalSecretKey: z.string().optional(),
|
|
1987
|
+
infisicalProjectId: z.string().optional(),
|
|
1988
|
+
encryptionVersion: z.string(),
|
|
1989
|
+
secretFingerprint: z.string(),
|
|
1990
|
+
keyHint: z.string(),
|
|
1991
|
+
status: z.enum(["active", "revoked"]),
|
|
1992
|
+
rotatedFromSecretRef: z.string().optional(),
|
|
1993
|
+
revokedAt: z.number().optional(),
|
|
1994
|
+
revokedBy: z.string().optional(),
|
|
1995
|
+
lastUsedAt: z.number().optional(),
|
|
1996
|
+
metadata: z.record(z.any()).optional(),
|
|
1997
|
+
createdBy: z.string(),
|
|
1998
|
+
createdAt: z.number(),
|
|
1999
|
+
updatedAt: z.number()
|
|
1795
2000
|
}),
|
|
1796
2001
|
indices: [
|
|
1797
2002
|
{ kind: "index", name: "by_secretRef", columns: ["secretRef"] },
|
|
1798
2003
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1799
|
-
{
|
|
1800
|
-
|
|
2004
|
+
{
|
|
2005
|
+
kind: "index",
|
|
2006
|
+
name: "by_tenant_provider",
|
|
2007
|
+
columns: ["tenantId", "providerId"]
|
|
2008
|
+
},
|
|
2009
|
+
{
|
|
2010
|
+
kind: "index",
|
|
2011
|
+
name: "by_tenant_provider_status",
|
|
2012
|
+
columns: ["tenantId", "providerId", "status"]
|
|
2013
|
+
},
|
|
1801
2014
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1802
2015
|
]
|
|
1803
2016
|
});
|
|
@@ -1806,35 +2019,93 @@ defineTable({
|
|
|
1806
2019
|
component: "mc",
|
|
1807
2020
|
category: "runtime",
|
|
1808
2021
|
shape: z.object({
|
|
1809
|
-
|
|
1810
|
-
|
|
1811
|
-
|
|
1812
|
-
|
|
1813
|
-
|
|
1814
|
-
|
|
1815
|
-
|
|
1816
|
-
|
|
1817
|
-
|
|
1818
|
-
|
|
1819
|
-
|
|
1820
|
-
|
|
1821
|
-
|
|
1822
|
-
|
|
1823
|
-
|
|
1824
|
-
|
|
1825
|
-
|
|
1826
|
-
|
|
1827
|
-
|
|
1828
|
-
|
|
1829
|
-
|
|
1830
|
-
|
|
2022
|
+
usageId: z.string(),
|
|
2023
|
+
tenantId: idOf("tenants"),
|
|
2024
|
+
providerId: z.string(),
|
|
2025
|
+
modelSlotId: z.string(),
|
|
2026
|
+
secretRef: z.string(),
|
|
2027
|
+
proxyTokenId: z.string(),
|
|
2028
|
+
sessionId: z.string(),
|
|
2029
|
+
principalId: z.string(),
|
|
2030
|
+
workspaceId: z.string().optional(),
|
|
2031
|
+
modelId: z.string().optional(),
|
|
2032
|
+
requestPath: z.string(),
|
|
2033
|
+
status: z.enum(["success", "error"]),
|
|
2034
|
+
responseStatus: z.number().optional(),
|
|
2035
|
+
inputTokens: z.number().optional(),
|
|
2036
|
+
outputTokens: z.number().optional(),
|
|
2037
|
+
tokenCount: z.number().optional(),
|
|
2038
|
+
latencyMs: z.number(),
|
|
2039
|
+
estimatedCostUsd: z.number().optional(),
|
|
2040
|
+
failureCode: z.string().optional(),
|
|
2041
|
+
metadata: z.record(z.any()).optional(),
|
|
2042
|
+
createdAt: z.number(),
|
|
2043
|
+
updatedAt: z.number()
|
|
1831
2044
|
}),
|
|
1832
2045
|
indices: [
|
|
1833
2046
|
{ kind: "index", name: "by_usageId", columns: ["usageId"] },
|
|
1834
2047
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
|
|
1835
|
-
{
|
|
1836
|
-
|
|
1837
|
-
|
|
2048
|
+
{
|
|
2049
|
+
kind: "index",
|
|
2050
|
+
name: "by_tenant_provider",
|
|
2051
|
+
columns: ["tenantId", "providerId", "createdAt"]
|
|
2052
|
+
},
|
|
2053
|
+
{
|
|
2054
|
+
kind: "index",
|
|
2055
|
+
name: "by_proxyTokenId",
|
|
2056
|
+
columns: ["proxyTokenId", "createdAt"]
|
|
2057
|
+
},
|
|
2058
|
+
{
|
|
2059
|
+
kind: "index",
|
|
2060
|
+
name: "by_sessionId",
|
|
2061
|
+
columns: ["sessionId", "createdAt"]
|
|
2062
|
+
}
|
|
2063
|
+
]
|
|
2064
|
+
});
|
|
2065
|
+
defineTable({
|
|
2066
|
+
name: "controlPlaneTenantProxyTokenLeases",
|
|
2067
|
+
component: "mc",
|
|
2068
|
+
category: "runtime",
|
|
2069
|
+
shape: z.object({
|
|
2070
|
+
leaseId: z.string(),
|
|
2071
|
+
proxyTokenId: z.string(),
|
|
2072
|
+
tenantId: idOf("tenants"),
|
|
2073
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2074
|
+
environment: z.enum(["dev", "staging", "prod"]),
|
|
2075
|
+
providerId: z.string(),
|
|
2076
|
+
modelSlotId: z.string(),
|
|
2077
|
+
bindingId: z.string(),
|
|
2078
|
+
secretRef: z.string(),
|
|
2079
|
+
sessionId: z.string(),
|
|
2080
|
+
principalId: z.string(),
|
|
2081
|
+
agentSessionId: z.string().optional(),
|
|
2082
|
+
status: z.enum(["active", "revoked"]),
|
|
2083
|
+
expiresAt: z.number(),
|
|
2084
|
+
renewedAt: z.number().optional(),
|
|
2085
|
+
revokedAt: z.number().optional(),
|
|
2086
|
+
revokedBy: z.string().optional(),
|
|
2087
|
+
revokeReason: z.string().optional(),
|
|
2088
|
+
permitDecisionLogId: idOf("policyDecisionLogs").optional(),
|
|
2089
|
+
permitTraceId: z.string().optional(),
|
|
2090
|
+
metadata: z.record(z.any()).optional(),
|
|
2091
|
+
createdAt: z.number(),
|
|
2092
|
+
updatedAt: z.number()
|
|
2093
|
+
}),
|
|
2094
|
+
indices: [
|
|
2095
|
+
{ kind: "index", name: "by_leaseId", columns: ["leaseId"] },
|
|
2096
|
+
{ kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId"] },
|
|
2097
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
|
|
2098
|
+
{ kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] },
|
|
2099
|
+
{
|
|
2100
|
+
kind: "index",
|
|
2101
|
+
name: "by_principalId",
|
|
2102
|
+
columns: ["principalId", "createdAt"]
|
|
2103
|
+
},
|
|
2104
|
+
{
|
|
2105
|
+
kind: "index",
|
|
2106
|
+
name: "by_status_expiresAt",
|
|
2107
|
+
columns: ["status", "expiresAt"]
|
|
2108
|
+
}
|
|
1838
2109
|
]
|
|
1839
2110
|
});
|
|
1840
2111
|
defineTable({
|
|
@@ -2167,6 +2438,7 @@ defineTable({
|
|
|
2167
2438
|
"questionType": z.enum(["validation", "falsification", "assumption_probe", "prediction_test", "counterfactual", "discovery", "clarification", "comparison", "causal", "mechanism", "general"]).optional(),
|
|
2168
2439
|
"questionPriority": z.enum(["critical", "high", "medium", "low"]).optional(),
|
|
2169
2440
|
"answerQuality": z.enum(["definitive", "strong", "moderate", "weak", "speculative", "unanswered"]).optional(),
|
|
2441
|
+
"themeStatus": z.enum(["emerging", "active", "mature", "declining", "archived"]).optional(),
|
|
2170
2442
|
"themeConviction": z.enum(["high", "medium", "low", "negative"]).optional(),
|
|
2171
2443
|
"decisionType": z.enum(["invest", "pass", "follow_on", "exit", "deep_dive", "monitor", "deprioritize", "thesis_adopt", "thesis_revise", "thesis_abandon"]).optional(),
|
|
2172
2444
|
"decisionOutcome": z.enum(["pending", "successful", "unsuccessful", "mixed", "unknown"]).optional(),
|
|
@@ -2317,6 +2589,7 @@ defineTable({
|
|
|
2317
2589
|
indices: [
|
|
2318
2590
|
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
2319
2591
|
{ kind: "index", name: "by_principal_tenant", columns: ["principalId", "tenantId"] },
|
|
2592
|
+
{ kind: "index", name: "by_principal_tenant_workspace", columns: ["principalId", "tenantId", "workspaceId"] },
|
|
2320
2593
|
{ kind: "index", name: "by_workspace_principal", columns: ["workspaceId", "principalId"] },
|
|
2321
2594
|
{ kind: "index", name: "by_tenant_role", columns: ["tenantId", "role"] },
|
|
2322
2595
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
@@ -2348,6 +2621,36 @@ defineTable({
|
|
|
2348
2621
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
2349
2622
|
]
|
|
2350
2623
|
});
|
|
2624
|
+
defineTable({
|
|
2625
|
+
name: "principalIdentityAliases",
|
|
2626
|
+
component: "mc",
|
|
2627
|
+
category: "identity",
|
|
2628
|
+
shape: z.object({
|
|
2629
|
+
"principalId": z.string(),
|
|
2630
|
+
"principalRefId": idOf("principals").optional(),
|
|
2631
|
+
"provider": z.string(),
|
|
2632
|
+
"providerProjectId": z.string().optional(),
|
|
2633
|
+
"externalSubjectId": z.string(),
|
|
2634
|
+
"tenantId": idOf("tenants").optional(),
|
|
2635
|
+
"workspaceId": idOf("workspaces").optional(),
|
|
2636
|
+
"email": z.string().optional(),
|
|
2637
|
+
"status": z.enum(["active", "revoked"]),
|
|
2638
|
+
"metadata": z.record(z.any()).optional(),
|
|
2639
|
+
"createdBy": z.string(),
|
|
2640
|
+
"revokedAt": z.number().optional(),
|
|
2641
|
+
"revokedBy": z.string().optional(),
|
|
2642
|
+
"createdAt": z.number(),
|
|
2643
|
+
"updatedAt": z.number()
|
|
2644
|
+
}),
|
|
2645
|
+
indices: [
|
|
2646
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "externalSubjectId"] },
|
|
2647
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "externalSubjectId"] },
|
|
2648
|
+
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
2649
|
+
{ kind: "index", name: "by_principal_status", columns: ["principalId", "status"] },
|
|
2650
|
+
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "externalSubjectId"] },
|
|
2651
|
+
{ kind: "index", name: "by_workspace_provider_subject", columns: ["workspaceId", "provider", "externalSubjectId"] }
|
|
2652
|
+
]
|
|
2653
|
+
});
|
|
2351
2654
|
defineTable({
|
|
2352
2655
|
name: "rateLimitWindows",
|
|
2353
2656
|
component: "mc",
|
|
@@ -2937,7 +3240,7 @@ defineTable({
|
|
|
2937
3240
|
});
|
|
2938
3241
|
defineTable({
|
|
2939
3242
|
name: "mcpWritePolicy",
|
|
2940
|
-
component: "
|
|
3243
|
+
component: "control-plane",
|
|
2941
3244
|
category: "platform",
|
|
2942
3245
|
shape: z.object({
|
|
2943
3246
|
"topicId": z.string().optional(),
|
|
@@ -2960,7 +3263,7 @@ defineTable({
|
|
|
2960
3263
|
});
|
|
2961
3264
|
defineTable({
|
|
2962
3265
|
name: "platformAudienceGrants",
|
|
2963
|
-
component: "
|
|
3266
|
+
component: "control-plane",
|
|
2964
3267
|
category: "platform",
|
|
2965
3268
|
shape: z.object({
|
|
2966
3269
|
"tenantId": z.string(),
|
|
@@ -2986,7 +3289,7 @@ defineTable({
|
|
|
2986
3289
|
});
|
|
2987
3290
|
defineTable({
|
|
2988
3291
|
name: "platformAudiences",
|
|
2989
|
-
component: "
|
|
3292
|
+
component: "control-plane",
|
|
2990
3293
|
category: "platform",
|
|
2991
3294
|
shape: z.object({
|
|
2992
3295
|
"tenantId": z.string(),
|
|
@@ -3011,7 +3314,7 @@ defineTable({
|
|
|
3011
3314
|
});
|
|
3012
3315
|
defineTable({
|
|
3013
3316
|
name: "platformPolicyDecisionLogs",
|
|
3014
|
-
component: "
|
|
3317
|
+
component: "control-plane",
|
|
3015
3318
|
category: "platform",
|
|
3016
3319
|
shape: z.object({
|
|
3017
3320
|
"principalId": z.string(),
|
|
@@ -3047,7 +3350,7 @@ defineTable({
|
|
|
3047
3350
|
});
|
|
3048
3351
|
defineTable({
|
|
3049
3352
|
name: "tenantApiKeys",
|
|
3050
|
-
component: "
|
|
3353
|
+
component: "control-plane",
|
|
3051
3354
|
category: "platform",
|
|
3052
3355
|
shape: z.object({
|
|
3053
3356
|
"tenantId": z.string(),
|
|
@@ -3074,7 +3377,7 @@ defineTable({
|
|
|
3074
3377
|
});
|
|
3075
3378
|
defineTable({
|
|
3076
3379
|
name: "tenantConfig",
|
|
3077
|
-
component: "
|
|
3380
|
+
component: "control-plane",
|
|
3078
3381
|
category: "platform",
|
|
3079
3382
|
shape: z.object({
|
|
3080
3383
|
"tenantId": z.string(),
|
|
@@ -3093,7 +3396,7 @@ defineTable({
|
|
|
3093
3396
|
});
|
|
3094
3397
|
defineTable({
|
|
3095
3398
|
name: "tenantIntegrations",
|
|
3096
|
-
component: "
|
|
3399
|
+
component: "control-plane",
|
|
3097
3400
|
category: "platform",
|
|
3098
3401
|
shape: z.object({
|
|
3099
3402
|
"tenantId": z.string(),
|
|
@@ -3148,7 +3451,7 @@ defineTable({
|
|
|
3148
3451
|
});
|
|
3149
3452
|
defineTable({
|
|
3150
3453
|
name: "tenantModelSlotBindings",
|
|
3151
|
-
component: "
|
|
3454
|
+
component: "control-plane",
|
|
3152
3455
|
category: "platform",
|
|
3153
3456
|
shape: z.object({
|
|
3154
3457
|
"bindingId": z.string(),
|
|
@@ -3176,7 +3479,7 @@ defineTable({
|
|
|
3176
3479
|
});
|
|
3177
3480
|
defineTable({
|
|
3178
3481
|
name: "tenantPolicies",
|
|
3179
|
-
component: "
|
|
3482
|
+
component: "control-plane",
|
|
3180
3483
|
category: "platform",
|
|
3181
3484
|
shape: z.object({
|
|
3182
3485
|
"tenantId": z.string(),
|
|
@@ -3201,7 +3504,7 @@ defineTable({
|
|
|
3201
3504
|
});
|
|
3202
3505
|
defineTable({
|
|
3203
3506
|
name: "tenantProviderSecrets",
|
|
3204
|
-
component: "
|
|
3507
|
+
component: "control-plane",
|
|
3205
3508
|
category: "platform",
|
|
3206
3509
|
shape: z.object({
|
|
3207
3510
|
"secretRef": z.string(),
|
|
@@ -3232,7 +3535,7 @@ defineTable({
|
|
|
3232
3535
|
});
|
|
3233
3536
|
defineTable({
|
|
3234
3537
|
name: "tenantProxyGatewayUsage",
|
|
3235
|
-
component: "
|
|
3538
|
+
component: "control-plane",
|
|
3236
3539
|
category: "platform",
|
|
3237
3540
|
shape: z.object({
|
|
3238
3541
|
"usageId": z.string(),
|
|
@@ -3267,7 +3570,7 @@ defineTable({
|
|
|
3267
3570
|
});
|
|
3268
3571
|
defineTable({
|
|
3269
3572
|
name: "tenantProxyTokenMints",
|
|
3270
|
-
component: "
|
|
3573
|
+
component: "control-plane",
|
|
3271
3574
|
category: "platform",
|
|
3272
3575
|
shape: z.object({
|
|
3273
3576
|
"proxyTokenId": z.string(),
|
|
@@ -3290,7 +3593,7 @@ defineTable({
|
|
|
3290
3593
|
});
|
|
3291
3594
|
defineTable({
|
|
3292
3595
|
name: "tenantSandboxAuditEvents",
|
|
3293
|
-
component: "
|
|
3596
|
+
component: "control-plane",
|
|
3294
3597
|
category: "platform",
|
|
3295
3598
|
shape: z.object({
|
|
3296
3599
|
"eventId": z.string(),
|
|
@@ -3324,7 +3627,7 @@ defineTable({
|
|
|
3324
3627
|
});
|
|
3325
3628
|
defineTable({
|
|
3326
3629
|
name: "tenantSecrets",
|
|
3327
|
-
component: "
|
|
3630
|
+
component: "control-plane",
|
|
3328
3631
|
category: "platform",
|
|
3329
3632
|
shape: z.object({
|
|
3330
3633
|
"tenantId": z.string(),
|
|
@@ -3346,7 +3649,7 @@ defineTable({
|
|
|
3346
3649
|
});
|
|
3347
3650
|
defineTable({
|
|
3348
3651
|
name: "toolAcls",
|
|
3349
|
-
component: "
|
|
3652
|
+
component: "control-plane",
|
|
3350
3653
|
category: "platform",
|
|
3351
3654
|
shape: z.object({
|
|
3352
3655
|
"role": z.enum(["platform_admin", "tenant_admin", "workspace_admin", "editor", "viewer", "auditor", "service_agent"]),
|
|
@@ -3361,7 +3664,7 @@ defineTable({
|
|
|
3361
3664
|
});
|
|
3362
3665
|
defineTable({
|
|
3363
3666
|
name: "toolRegistry",
|
|
3364
|
-
component: "
|
|
3667
|
+
component: "control-plane",
|
|
3365
3668
|
category: "platform",
|
|
3366
3669
|
shape: z.object({
|
|
3367
3670
|
"toolName": z.string(),
|
|
@@ -3442,7 +3745,7 @@ defineTable({
|
|
|
3442
3745
|
});
|
|
3443
3746
|
defineTable({
|
|
3444
3747
|
name: "modelCallLogs",
|
|
3445
|
-
component: "
|
|
3748
|
+
component: "control-plane",
|
|
3446
3749
|
category: "model",
|
|
3447
3750
|
shape: z.object({
|
|
3448
3751
|
"slot": z.string(),
|
|
@@ -3468,7 +3771,7 @@ defineTable({
|
|
|
3468
3771
|
});
|
|
3469
3772
|
defineTable({
|
|
3470
3773
|
name: "modelFunctionSlots",
|
|
3471
|
-
component: "
|
|
3774
|
+
component: "control-plane",
|
|
3472
3775
|
category: "model",
|
|
3473
3776
|
shape: z.object({
|
|
3474
3777
|
"slot": z.string(),
|
|
@@ -3493,7 +3796,7 @@ defineTable({
|
|
|
3493
3796
|
});
|
|
3494
3797
|
defineTable({
|
|
3495
3798
|
name: "modelRegistry",
|
|
3496
|
-
component: "
|
|
3799
|
+
component: "control-plane",
|
|
3497
3800
|
category: "model",
|
|
3498
3801
|
shape: z.object({
|
|
3499
3802
|
"key": z.string(),
|
|
@@ -3520,7 +3823,7 @@ defineTable({
|
|
|
3520
3823
|
});
|
|
3521
3824
|
defineTable({
|
|
3522
3825
|
name: "modelSlotConfigs",
|
|
3523
|
-
component: "
|
|
3826
|
+
component: "control-plane",
|
|
3524
3827
|
category: "model",
|
|
3525
3828
|
shape: z.object({
|
|
3526
3829
|
"slot": z.string(),
|
|
@@ -3907,7 +4210,7 @@ defineTable({
|
|
|
3907
4210
|
"workspaceId": idOf("workspaces").optional(),
|
|
3908
4211
|
"resourceType": z.string(),
|
|
3909
4212
|
"resourceId": z.string(),
|
|
3910
|
-
"action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote"]),
|
|
4213
|
+
"action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote", "route", "invoke", "manage", "deploy", "promote", "rollback", "audit", "read_ref", "fetch_value", "rotate", "administer", "mint", "delegate", "revoke"]),
|
|
3911
4214
|
"decision": z.enum(["allow", "deny"]),
|
|
3912
4215
|
"reasonCode": z.string(),
|
|
3913
4216
|
"policyVersion": z.string(),
|
|
@@ -3969,7 +4272,7 @@ defineTable({
|
|
|
3969
4272
|
});
|
|
3970
4273
|
defineTable({
|
|
3971
4274
|
name: "projectGrants",
|
|
3972
|
-
component: "
|
|
4275
|
+
component: "control-plane",
|
|
3973
4276
|
category: "project",
|
|
3974
4277
|
shape: z.object({
|
|
3975
4278
|
"projectId": z.string().optional(),
|
|
@@ -4001,66 +4304,710 @@ defineTable({
|
|
|
4001
4304
|
{ kind: "index", name: "by_topic_cluster_status", columns: ["topicId", "beliefClusterId", "status"] }
|
|
4002
4305
|
]
|
|
4003
4306
|
});
|
|
4307
|
+
var permitActorType = z.enum([
|
|
4308
|
+
"human",
|
|
4309
|
+
"agent",
|
|
4310
|
+
"service_principal",
|
|
4311
|
+
"external_stakeholder",
|
|
4312
|
+
"system"
|
|
4313
|
+
]);
|
|
4314
|
+
var permitMembershipStatus = z.enum([
|
|
4315
|
+
"active",
|
|
4316
|
+
"invited",
|
|
4317
|
+
"revoked",
|
|
4318
|
+
"suspended",
|
|
4319
|
+
"disabled"
|
|
4320
|
+
]);
|
|
4321
|
+
var permitDecision = z.enum(["allow", "deny"]);
|
|
4322
|
+
var permitAccessReviewStatus = z.enum([
|
|
4323
|
+
"open",
|
|
4324
|
+
"in_progress",
|
|
4325
|
+
"approved",
|
|
4326
|
+
"denied",
|
|
4327
|
+
"expired",
|
|
4328
|
+
"cancelled"
|
|
4329
|
+
]);
|
|
4330
|
+
var permitReviewScope = z.enum([
|
|
4331
|
+
"tenant",
|
|
4332
|
+
"workspace",
|
|
4333
|
+
"resource_instance",
|
|
4334
|
+
"group",
|
|
4335
|
+
"principal",
|
|
4336
|
+
"api_key",
|
|
4337
|
+
"admin_action"
|
|
4338
|
+
]);
|
|
4339
|
+
var permitRecordStatus = z.enum([
|
|
4340
|
+
"queued",
|
|
4341
|
+
"inflight",
|
|
4342
|
+
"completed",
|
|
4343
|
+
"failed",
|
|
4344
|
+
"skipped",
|
|
4345
|
+
"stale"
|
|
4346
|
+
]);
|
|
4347
|
+
var permitObjectType = z.enum([
|
|
4348
|
+
"resource",
|
|
4349
|
+
"role",
|
|
4350
|
+
"resource_role",
|
|
4351
|
+
"resource_relation",
|
|
4352
|
+
"tenant",
|
|
4353
|
+
"workspace",
|
|
4354
|
+
"principal",
|
|
4355
|
+
"membership",
|
|
4356
|
+
"group",
|
|
4357
|
+
"resource_instance",
|
|
4358
|
+
"relationship_tuple",
|
|
4359
|
+
"role_assignment",
|
|
4360
|
+
"attribute_binding",
|
|
4361
|
+
"policy_bundle"
|
|
4362
|
+
]);
|
|
4363
|
+
var permitOutboxOperation = z.enum([
|
|
4364
|
+
"upsert",
|
|
4365
|
+
"delete",
|
|
4366
|
+
"sync",
|
|
4367
|
+
"resync",
|
|
4368
|
+
"delete_sync",
|
|
4369
|
+
"noop"
|
|
4370
|
+
]);
|
|
4371
|
+
var permitPolicyBundleStatus = z.enum([
|
|
4372
|
+
"draft",
|
|
4373
|
+
"validated",
|
|
4374
|
+
"enforced",
|
|
4375
|
+
"archived"
|
|
4376
|
+
]);
|
|
4377
|
+
var permitSyncStatus = z.enum([
|
|
4378
|
+
"pending",
|
|
4379
|
+
"synced",
|
|
4380
|
+
"error",
|
|
4381
|
+
"skipped"
|
|
4382
|
+
]);
|
|
4383
|
+
var permitAccessReviewSubjectType = z.enum([
|
|
4384
|
+
"principal",
|
|
4385
|
+
"group",
|
|
4386
|
+
"role_assignment",
|
|
4387
|
+
"resource_instance"
|
|
4388
|
+
]);
|
|
4389
|
+
var permitAttributeType = z.enum([
|
|
4390
|
+
"string",
|
|
4391
|
+
"number",
|
|
4392
|
+
"bool",
|
|
4393
|
+
"json",
|
|
4394
|
+
"time"
|
|
4395
|
+
]);
|
|
4396
|
+
var permitAttributeOperator = z.enum([
|
|
4397
|
+
"eq",
|
|
4398
|
+
"neq",
|
|
4399
|
+
"in",
|
|
4400
|
+
"not_in",
|
|
4401
|
+
"gt",
|
|
4402
|
+
"gte",
|
|
4403
|
+
"lt",
|
|
4404
|
+
"lte",
|
|
4405
|
+
"contains",
|
|
4406
|
+
"not_contains",
|
|
4407
|
+
"matches"
|
|
4408
|
+
]);
|
|
4409
|
+
var permitRoleBindingTarget = z.enum([
|
|
4410
|
+
"principal",
|
|
4411
|
+
"group"
|
|
4412
|
+
]);
|
|
4004
4413
|
defineTable({
|
|
4005
|
-
name: "
|
|
4006
|
-
component: "
|
|
4007
|
-
category: "
|
|
4414
|
+
name: "permitPrincipals",
|
|
4415
|
+
component: "control-plane",
|
|
4416
|
+
category: "access-control",
|
|
4008
4417
|
shape: z.object({
|
|
4009
|
-
|
|
4010
|
-
|
|
4011
|
-
|
|
4012
|
-
|
|
4013
|
-
|
|
4014
|
-
|
|
4015
|
-
|
|
4016
|
-
|
|
4017
|
-
|
|
4018
|
-
|
|
4019
|
-
|
|
4418
|
+
principalId: z.string(),
|
|
4419
|
+
tenantId: z.string(),
|
|
4420
|
+
workspaceId: z.optional(z.string()),
|
|
4421
|
+
principalType: permitActorType,
|
|
4422
|
+
status: permitMembershipStatus,
|
|
4423
|
+
displayName: z.string().optional(),
|
|
4424
|
+
metadata: z.record(z.any()).optional(),
|
|
4425
|
+
createdBy: z.string(),
|
|
4426
|
+
createdAt: z.number(),
|
|
4427
|
+
updatedAt: z.number(),
|
|
4428
|
+
updatedBy: z.string().optional(),
|
|
4429
|
+
lastSeenAt: z.number().optional()
|
|
4020
4430
|
}),
|
|
4021
4431
|
indices: [
|
|
4022
|
-
{ kind: "index", name: "
|
|
4023
|
-
{ kind: "index", name: "
|
|
4024
|
-
{ kind: "index", name: "
|
|
4025
|
-
{ kind: "index", name: "
|
|
4432
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4433
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4434
|
+
{ kind: "index", name: "by_tenant_principalId", columns: ["tenantId", "principalId"] },
|
|
4435
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4436
|
+
{
|
|
4437
|
+
kind: "index",
|
|
4438
|
+
name: "by_tenant_principalType_status",
|
|
4439
|
+
columns: ["tenantId", "principalType", "status"]
|
|
4440
|
+
}
|
|
4026
4441
|
]
|
|
4027
4442
|
});
|
|
4028
4443
|
defineTable({
|
|
4029
|
-
name: "
|
|
4030
|
-
component: "
|
|
4031
|
-
category: "
|
|
4444
|
+
name: "permitPrincipalAliases",
|
|
4445
|
+
component: "control-plane",
|
|
4446
|
+
category: "access-control",
|
|
4032
4447
|
shape: z.object({
|
|
4033
|
-
|
|
4034
|
-
|
|
4035
|
-
|
|
4036
|
-
|
|
4037
|
-
|
|
4038
|
-
|
|
4039
|
-
|
|
4040
|
-
|
|
4041
|
-
|
|
4042
|
-
|
|
4043
|
-
|
|
4044
|
-
|
|
4045
|
-
|
|
4448
|
+
principalId: z.string(),
|
|
4449
|
+
tenantId: z.string(),
|
|
4450
|
+
workspaceId: z.optional(z.string()),
|
|
4451
|
+
provider: z.string(),
|
|
4452
|
+
providerSubjectId: z.string(),
|
|
4453
|
+
providerProjectId: z.string().optional(),
|
|
4454
|
+
alias: z.string(),
|
|
4455
|
+
aliasKind: z.string(),
|
|
4456
|
+
status: permitMembershipStatus,
|
|
4457
|
+
metadata: z.record(z.any()).optional(),
|
|
4458
|
+
createdBy: z.string(),
|
|
4459
|
+
createdAt: z.number(),
|
|
4460
|
+
updatedAt: z.number(),
|
|
4461
|
+
revokedBy: z.string().optional(),
|
|
4462
|
+
revokedAt: z.number().optional(),
|
|
4463
|
+
updatedBy: z.string().optional()
|
|
4046
4464
|
}),
|
|
4047
4465
|
indices: [
|
|
4048
|
-
{ kind: "index", name: "
|
|
4049
|
-
{ kind: "index", name: "
|
|
4050
|
-
{ kind: "index", name: "
|
|
4466
|
+
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
4467
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "providerSubjectId"] },
|
|
4468
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "providerSubjectId"] },
|
|
4469
|
+
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
|
|
4470
|
+
{ kind: "index", name: "by_tenant_provider_project_subject", columns: ["tenantId", "provider", "providerProjectId", "providerSubjectId"] },
|
|
4471
|
+
{
|
|
4472
|
+
kind: "index",
|
|
4473
|
+
name: "by_tenant_provider_alias",
|
|
4474
|
+
columns: ["tenantId", "provider", "alias"]
|
|
4475
|
+
},
|
|
4476
|
+
{ kind: "index", name: "by_tenant_alias", columns: ["tenantId", "alias"] },
|
|
4477
|
+
{
|
|
4478
|
+
kind: "index",
|
|
4479
|
+
name: "by_tenant_provider_status",
|
|
4480
|
+
columns: ["tenantId", "provider", "status"]
|
|
4481
|
+
}
|
|
4051
4482
|
]
|
|
4052
4483
|
});
|
|
4053
4484
|
defineTable({
|
|
4054
|
-
name: "
|
|
4055
|
-
component: "
|
|
4056
|
-
category: "
|
|
4485
|
+
name: "permitGroups",
|
|
4486
|
+
component: "control-plane",
|
|
4487
|
+
category: "access-control",
|
|
4057
4488
|
shape: z.object({
|
|
4058
|
-
|
|
4059
|
-
|
|
4060
|
-
|
|
4061
|
-
|
|
4062
|
-
|
|
4063
|
-
|
|
4489
|
+
tenantId: z.string(),
|
|
4490
|
+
workspaceId: z.optional(z.string()),
|
|
4491
|
+
groupId: z.string(),
|
|
4492
|
+
groupKey: z.string(),
|
|
4493
|
+
groupName: z.string(),
|
|
4494
|
+
groupType: z.enum(["tenant", "workspace", "external", "system", "dynamic"]),
|
|
4495
|
+
status: permitMembershipStatus,
|
|
4496
|
+
description: z.string().optional(),
|
|
4497
|
+
metadata: z.record(z.any()).optional(),
|
|
4498
|
+
createdBy: z.string(),
|
|
4499
|
+
createdAt: z.number(),
|
|
4500
|
+
updatedAt: z.number(),
|
|
4501
|
+
updatedBy: z.string().optional()
|
|
4502
|
+
}),
|
|
4503
|
+
indices: [
|
|
4504
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4505
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4506
|
+
{ kind: "index", name: "by_tenant_groupId", columns: ["tenantId", "groupId"] },
|
|
4507
|
+
{ kind: "index", name: "by_tenant_groupKey", columns: ["tenantId", "groupKey"] },
|
|
4508
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4509
|
+
]
|
|
4510
|
+
});
|
|
4511
|
+
defineTable({
|
|
4512
|
+
name: "permitGroupMemberships",
|
|
4513
|
+
component: "control-plane",
|
|
4514
|
+
category: "access-control",
|
|
4515
|
+
shape: z.object({
|
|
4516
|
+
tenantId: z.string(),
|
|
4517
|
+
workspaceId: z.optional(z.string()),
|
|
4518
|
+
groupId: z.string(),
|
|
4519
|
+
memberType: z.enum(["principal", "group"]),
|
|
4520
|
+
memberId: z.string(),
|
|
4521
|
+
principalId: z.string().optional(),
|
|
4522
|
+
childGroupId: z.string().optional(),
|
|
4523
|
+
status: permitMembershipStatus,
|
|
4524
|
+
addedBy: z.string().optional(),
|
|
4525
|
+
revokedBy: z.string().optional(),
|
|
4526
|
+
expiresAt: z.number().optional(),
|
|
4527
|
+
revocationReason: z.string().optional(),
|
|
4528
|
+
metadata: z.record(z.any()).optional(),
|
|
4529
|
+
createdAt: z.number(),
|
|
4530
|
+
updatedAt: z.number(),
|
|
4531
|
+
updatedBy: z.string().optional()
|
|
4532
|
+
}),
|
|
4533
|
+
indices: [
|
|
4534
|
+
{ kind: "index", name: "by_tenant_principal", columns: ["tenantId", "principalId"] },
|
|
4535
|
+
{ kind: "index", name: "by_tenant_member", columns: ["tenantId", "memberType", "memberId"] },
|
|
4536
|
+
{
|
|
4537
|
+
kind: "index",
|
|
4538
|
+
name: "by_tenant_member_group",
|
|
4539
|
+
columns: ["tenantId", "memberType", "memberId", "groupId"]
|
|
4540
|
+
},
|
|
4541
|
+
{ kind: "index", name: "by_tenant_group", columns: ["tenantId", "groupId"] },
|
|
4542
|
+
{ kind: "index", name: "by_member_group", columns: ["memberType", "memberId", "groupId"] },
|
|
4543
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4544
|
+
{
|
|
4545
|
+
kind: "index",
|
|
4546
|
+
name: "by_workspace_principal",
|
|
4547
|
+
columns: ["workspaceId", "principalId"]
|
|
4548
|
+
}
|
|
4549
|
+
]
|
|
4550
|
+
});
|
|
4551
|
+
defineTable({
|
|
4552
|
+
name: "permitResourceInstances",
|
|
4553
|
+
component: "control-plane",
|
|
4554
|
+
category: "access-control",
|
|
4555
|
+
shape: z.object({
|
|
4556
|
+
tenantId: z.string(),
|
|
4557
|
+
workspaceId: z.optional(z.string()),
|
|
4558
|
+
resourceType: z.string(),
|
|
4559
|
+
resourceKey: z.string(),
|
|
4560
|
+
resourceId: z.string(),
|
|
4561
|
+
status: z.enum(["active", "deleted", "archived"]),
|
|
4562
|
+
attributes: z.record(z.any()).optional(),
|
|
4563
|
+
ownerPrincipalId: z.string().optional(),
|
|
4564
|
+
metadata: z.record(z.any()).optional(),
|
|
4565
|
+
createdBy: z.string(),
|
|
4566
|
+
updatedBy: z.string().optional(),
|
|
4567
|
+
createdAt: z.number(),
|
|
4568
|
+
updatedAt: z.number()
|
|
4569
|
+
}),
|
|
4570
|
+
indices: [
|
|
4571
|
+
{
|
|
4572
|
+
kind: "index",
|
|
4573
|
+
name: "by_tenant_resource_type",
|
|
4574
|
+
columns: ["tenantId", "resourceType"]
|
|
4575
|
+
},
|
|
4576
|
+
{
|
|
4577
|
+
kind: "index",
|
|
4578
|
+
name: "by_tenant_resource_key",
|
|
4579
|
+
columns: ["tenantId", "resourceType", "resourceKey"]
|
|
4580
|
+
},
|
|
4581
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4582
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4583
|
+
{
|
|
4584
|
+
kind: "index",
|
|
4585
|
+
name: "by_tenant_status",
|
|
4586
|
+
columns: ["tenantId", "status"]
|
|
4587
|
+
},
|
|
4588
|
+
{
|
|
4589
|
+
kind: "index",
|
|
4590
|
+
name: "by_ownerPrincipalId",
|
|
4591
|
+
columns: ["ownerPrincipalId"]
|
|
4592
|
+
}
|
|
4593
|
+
]
|
|
4594
|
+
});
|
|
4595
|
+
defineTable({
|
|
4596
|
+
name: "permitRoleAssignments",
|
|
4597
|
+
component: "control-plane",
|
|
4598
|
+
category: "access-control",
|
|
4599
|
+
shape: z.object({
|
|
4600
|
+
tenantId: z.string(),
|
|
4601
|
+
workspaceId: z.optional(z.string()),
|
|
4602
|
+
role: z.string(),
|
|
4603
|
+
targetType: permitRoleBindingTarget,
|
|
4604
|
+
targetId: z.string(),
|
|
4605
|
+
resourceType: z.string(),
|
|
4606
|
+
resourceKey: z.string(),
|
|
4607
|
+
resourceInstanceId: z.string().optional(),
|
|
4608
|
+
status: permitMembershipStatus,
|
|
4609
|
+
expiresAt: z.number().optional(),
|
|
4610
|
+
attributes: z.record(z.any()).optional(),
|
|
4611
|
+
grantedBy: z.string().optional(),
|
|
4612
|
+
updatedBy: z.string().optional(),
|
|
4613
|
+
revokedBy: z.string().optional(),
|
|
4614
|
+
createdAt: z.number(),
|
|
4615
|
+
updatedAt: z.number()
|
|
4616
|
+
}),
|
|
4617
|
+
indices: [
|
|
4618
|
+
{
|
|
4619
|
+
kind: "index",
|
|
4620
|
+
name: "by_tenant_target",
|
|
4621
|
+
columns: ["tenantId", "targetType", "targetId"]
|
|
4622
|
+
},
|
|
4623
|
+
{
|
|
4624
|
+
kind: "index",
|
|
4625
|
+
name: "by_tenant_resource",
|
|
4626
|
+
columns: ["tenantId", "resourceType", "resourceKey"]
|
|
4627
|
+
},
|
|
4628
|
+
{
|
|
4629
|
+
kind: "index",
|
|
4630
|
+
name: "by_tenant_role",
|
|
4631
|
+
columns: ["tenantId", "role", "status"]
|
|
4632
|
+
},
|
|
4633
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4634
|
+
{
|
|
4635
|
+
kind: "index",
|
|
4636
|
+
name: "by_workspace_resource",
|
|
4637
|
+
columns: ["workspaceId", "resourceType", "resourceKey"]
|
|
4638
|
+
}
|
|
4639
|
+
]
|
|
4640
|
+
});
|
|
4641
|
+
defineTable({
|
|
4642
|
+
name: "permitRelationshipTuples",
|
|
4643
|
+
component: "control-plane",
|
|
4644
|
+
category: "access-control",
|
|
4645
|
+
shape: z.object({
|
|
4646
|
+
tenantId: z.string(),
|
|
4647
|
+
workspaceId: z.optional(z.string()),
|
|
4648
|
+
relation: z.string(),
|
|
4649
|
+
subject: z.string(),
|
|
4650
|
+
object: z.string(),
|
|
4651
|
+
resourceType: z.string().optional(),
|
|
4652
|
+
resourceKey: z.string().optional(),
|
|
4653
|
+
status: permitRecordStatus,
|
|
4654
|
+
attributes: z.record(z.any()).optional(),
|
|
4655
|
+
createdBy: z.string(),
|
|
4656
|
+
createdAt: z.number(),
|
|
4657
|
+
updatedAt: z.number(),
|
|
4658
|
+
lastSeenAt: z.number().optional(),
|
|
4659
|
+
updatedBy: z.string().optional()
|
|
4660
|
+
}),
|
|
4661
|
+
indices: [
|
|
4662
|
+
{ kind: "index", name: "by_tenant_subject", columns: ["tenantId", "subject"] },
|
|
4663
|
+
{ kind: "index", name: "by_tenant_object", columns: ["tenantId", "object"] },
|
|
4664
|
+
{ kind: "index", name: "by_tenant_relation", columns: ["tenantId", "relation"] },
|
|
4665
|
+
{
|
|
4666
|
+
kind: "index",
|
|
4667
|
+
name: "by_tenant_relation_subject",
|
|
4668
|
+
columns: ["tenantId", "relation", "subject"]
|
|
4669
|
+
},
|
|
4670
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4671
|
+
]
|
|
4672
|
+
});
|
|
4673
|
+
defineTable({
|
|
4674
|
+
name: "permitAttributeBindings",
|
|
4675
|
+
component: "control-plane",
|
|
4676
|
+
category: "access-control",
|
|
4677
|
+
shape: z.object({
|
|
4678
|
+
tenantId: z.string(),
|
|
4679
|
+
workspaceId: z.optional(z.string()),
|
|
4680
|
+
targetType: permitRoleBindingTarget,
|
|
4681
|
+
targetId: z.string(),
|
|
4682
|
+
attributeName: z.string(),
|
|
4683
|
+
attributeType: permitAttributeType,
|
|
4684
|
+
attributeOperator: permitAttributeOperator,
|
|
4685
|
+
attributeValue: z.any(),
|
|
4686
|
+
status: permitRecordStatus,
|
|
4687
|
+
source: z.string().optional(),
|
|
4688
|
+
sourceRef: z.string().optional(),
|
|
4689
|
+
metadata: z.record(z.any()).optional(),
|
|
4690
|
+
createdAt: z.number(),
|
|
4691
|
+
updatedAt: z.number(),
|
|
4692
|
+
createdBy: z.string(),
|
|
4693
|
+
updatedBy: z.string().optional(),
|
|
4694
|
+
expiresAt: z.number().optional()
|
|
4695
|
+
}),
|
|
4696
|
+
indices: [
|
|
4697
|
+
{
|
|
4698
|
+
kind: "index",
|
|
4699
|
+
name: "by_tenant_target",
|
|
4700
|
+
columns: ["tenantId", "targetType", "targetId"]
|
|
4701
|
+
},
|
|
4702
|
+
{
|
|
4703
|
+
kind: "index",
|
|
4704
|
+
name: "by_tenant_target_attribute",
|
|
4705
|
+
columns: ["tenantId", "targetType", "targetId", "attributeName"]
|
|
4706
|
+
},
|
|
4707
|
+
{
|
|
4708
|
+
kind: "index",
|
|
4709
|
+
name: "by_tenant_name",
|
|
4710
|
+
columns: ["tenantId", "attributeName"]
|
|
4711
|
+
},
|
|
4712
|
+
{
|
|
4713
|
+
kind: "index",
|
|
4714
|
+
name: "by_tenant_status",
|
|
4715
|
+
columns: ["tenantId", "status"]
|
|
4716
|
+
}
|
|
4717
|
+
]
|
|
4718
|
+
});
|
|
4719
|
+
defineTable({
|
|
4720
|
+
name: "permitPolicyBundles",
|
|
4721
|
+
component: "control-plane",
|
|
4722
|
+
category: "access-control",
|
|
4723
|
+
shape: z.object({
|
|
4724
|
+
tenantId: z.string(),
|
|
4725
|
+
workspaceId: z.optional(z.string()),
|
|
4726
|
+
bundleKey: z.string(),
|
|
4727
|
+
version: z.number(),
|
|
4728
|
+
status: permitPolicyBundleStatus,
|
|
4729
|
+
policyHash: z.string().optional(),
|
|
4730
|
+
policyPayload: z.record(z.any()),
|
|
4731
|
+
metadata: z.record(z.any()).optional(),
|
|
4732
|
+
createdBy: z.string(),
|
|
4733
|
+
reviewedBy: z.string().optional(),
|
|
4734
|
+
createdAt: z.number(),
|
|
4735
|
+
updatedAt: z.number(),
|
|
4736
|
+
retiredAt: z.number().optional()
|
|
4737
|
+
}),
|
|
4738
|
+
indices: [
|
|
4739
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4740
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4741
|
+
{
|
|
4742
|
+
kind: "index",
|
|
4743
|
+
name: "by_tenant_bundleKey",
|
|
4744
|
+
columns: ["tenantId", "bundleKey"]
|
|
4745
|
+
},
|
|
4746
|
+
{
|
|
4747
|
+
kind: "index",
|
|
4748
|
+
name: "by_tenant_bundle_version",
|
|
4749
|
+
columns: ["tenantId", "bundleKey", "version"]
|
|
4750
|
+
},
|
|
4751
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4752
|
+
]
|
|
4753
|
+
});
|
|
4754
|
+
defineTable({
|
|
4755
|
+
name: "permitProjectionOutbox",
|
|
4756
|
+
component: "control-plane",
|
|
4757
|
+
category: "access-control",
|
|
4758
|
+
shape: z.object({
|
|
4759
|
+
syncKey: z.string(),
|
|
4760
|
+
objectType: permitObjectType,
|
|
4761
|
+
objectId: z.string(),
|
|
4762
|
+
operation: permitOutboxOperation,
|
|
4763
|
+
payload: z.record(z.any()),
|
|
4764
|
+
status: permitRecordStatus,
|
|
4765
|
+
attemptCount: z.number(),
|
|
4766
|
+
nextAttemptAt: z.number().optional(),
|
|
4767
|
+
lastError: z.string().optional(),
|
|
4768
|
+
tenantId: z.string().optional(),
|
|
4769
|
+
workspaceId: z.optional(z.string()),
|
|
4770
|
+
principalId: z.string().optional(),
|
|
4771
|
+
permitTenantKey: z.string().optional(),
|
|
4772
|
+
permitResourceType: z.string().optional(),
|
|
4773
|
+
permitResourceKey: z.string().optional(),
|
|
4774
|
+
createdAt: z.number(),
|
|
4775
|
+
updatedAt: z.number(),
|
|
4776
|
+
lastHandledAt: z.number().optional()
|
|
4777
|
+
}),
|
|
4778
|
+
indices: [
|
|
4779
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
4780
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4781
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4782
|
+
{
|
|
4783
|
+
kind: "index",
|
|
4784
|
+
name: "by_tenant_status",
|
|
4785
|
+
columns: ["tenantId", "status"]
|
|
4786
|
+
},
|
|
4787
|
+
{
|
|
4788
|
+
kind: "index",
|
|
4789
|
+
name: "by_objectType",
|
|
4790
|
+
columns: ["objectType", "status"]
|
|
4791
|
+
}
|
|
4792
|
+
]
|
|
4793
|
+
});
|
|
4794
|
+
defineTable({
|
|
4795
|
+
name: "tenantPermitSyncStates",
|
|
4796
|
+
component: "control-plane",
|
|
4797
|
+
category: "access-control",
|
|
4798
|
+
shape: z.object({
|
|
4799
|
+
syncKey: z.string(),
|
|
4800
|
+
objectType: permitObjectType,
|
|
4801
|
+
objectId: z.string(),
|
|
4802
|
+
tenantId: z.string().optional(),
|
|
4803
|
+
workspaceId: z.string().optional(),
|
|
4804
|
+
principalId: z.string().optional(),
|
|
4805
|
+
permitTenantKey: z.string().optional(),
|
|
4806
|
+
permitResourceType: z.string().optional(),
|
|
4807
|
+
permitResourceKey: z.string().optional(),
|
|
4808
|
+
desiredPayload: z.record(z.any()),
|
|
4809
|
+
lastAppliedPayloadHash: z.string().optional(),
|
|
4810
|
+
status: permitSyncStatus,
|
|
4811
|
+
attemptCount: z.number(),
|
|
4812
|
+
lastError: z.string().optional(),
|
|
4813
|
+
nextAttemptAt: z.number().optional(),
|
|
4814
|
+
lastSyncedAt: z.number().optional(),
|
|
4815
|
+
createdBy: z.string(),
|
|
4816
|
+
updatedBy: z.string().optional(),
|
|
4817
|
+
createdAt: z.number(),
|
|
4818
|
+
updatedAt: z.number()
|
|
4819
|
+
}),
|
|
4820
|
+
indices: [
|
|
4821
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
4822
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4823
|
+
{
|
|
4824
|
+
kind: "index",
|
|
4825
|
+
name: "by_tenant_status",
|
|
4826
|
+
columns: ["tenantId", "status"]
|
|
4827
|
+
},
|
|
4828
|
+
{
|
|
4829
|
+
kind: "index",
|
|
4830
|
+
name: "by_workspace_status",
|
|
4831
|
+
columns: ["workspaceId", "status"]
|
|
4832
|
+
},
|
|
4833
|
+
{
|
|
4834
|
+
kind: "index",
|
|
4835
|
+
name: "by_principal_status",
|
|
4836
|
+
columns: ["principalId", "status"]
|
|
4837
|
+
}
|
|
4838
|
+
]
|
|
4839
|
+
});
|
|
4840
|
+
defineTable({
|
|
4841
|
+
name: "permitPolicyDecisionReceipts",
|
|
4842
|
+
component: "control-plane",
|
|
4843
|
+
category: "access-control",
|
|
4844
|
+
shape: z.object({
|
|
4845
|
+
tenantId: z.string().optional(),
|
|
4846
|
+
workspaceId: z.string().optional(),
|
|
4847
|
+
principalId: z.string(),
|
|
4848
|
+
subjectType: permitAccessReviewSubjectType.optional(),
|
|
4849
|
+
subjectId: z.string().optional(),
|
|
4850
|
+
resourceType: z.string(),
|
|
4851
|
+
resourceId: z.string(),
|
|
4852
|
+
action: z.string(),
|
|
4853
|
+
decision: permitDecision,
|
|
4854
|
+
reasonCode: z.string(),
|
|
4855
|
+
policyBundleId: z.string().optional(),
|
|
4856
|
+
policyVersion: z.string(),
|
|
4857
|
+
traceId: z.string().optional(),
|
|
4858
|
+
requestId: z.string().optional(),
|
|
4859
|
+
audienceMode: z.string().optional(),
|
|
4860
|
+
audienceKey: z.string().optional(),
|
|
4861
|
+
audienceClass: z.enum(["internal", "restricted_external", "public"]).optional(),
|
|
4862
|
+
metadata: z.record(z.any()).optional(),
|
|
4863
|
+
createdAt: z.number(),
|
|
4864
|
+
expiresAt: z.number().optional(),
|
|
4865
|
+
createdBy: z.string().optional()
|
|
4866
|
+
}),
|
|
4867
|
+
indices: [
|
|
4868
|
+
{ kind: "index", name: "by_principal_createdAt", columns: ["principalId", "createdAt"] },
|
|
4869
|
+
{ kind: "index", name: "by_tenant_createdAt", columns: ["tenantId", "createdAt"] },
|
|
4870
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId"] },
|
|
4871
|
+
{ kind: "index", name: "by_decision_createdAt", columns: ["decision", "createdAt"] },
|
|
4872
|
+
{ kind: "index", name: "by_traceId", columns: ["traceId"] },
|
|
4873
|
+
{ kind: "index", name: "by_action", columns: ["action"] }
|
|
4874
|
+
]
|
|
4875
|
+
});
|
|
4876
|
+
defineTable({
|
|
4877
|
+
name: "permitAccessReviews",
|
|
4878
|
+
component: "control-plane",
|
|
4879
|
+
category: "access-control",
|
|
4880
|
+
shape: z.object({
|
|
4881
|
+
tenantId: z.string(),
|
|
4882
|
+
workspaceId: z.optional(z.string()),
|
|
4883
|
+
reviewKey: z.string(),
|
|
4884
|
+
scope: permitReviewScope,
|
|
4885
|
+
status: permitAccessReviewStatus,
|
|
4886
|
+
subjectType: permitAccessReviewSubjectType,
|
|
4887
|
+
subjectId: z.string(),
|
|
4888
|
+
resourceType: z.string().optional(),
|
|
4889
|
+
resourceKey: z.string().optional(),
|
|
4890
|
+
outcome: z.enum(["allow", "deny"]).optional(),
|
|
4891
|
+
requestedBy: z.string(),
|
|
4892
|
+
reviewedBy: z.string().optional(),
|
|
4893
|
+
requestedAt: z.number(),
|
|
4894
|
+
reviewedAt: z.number().optional(),
|
|
4895
|
+
dueAt: z.number().optional(),
|
|
4896
|
+
justification: z.string().optional(),
|
|
4897
|
+
rationale: z.string().optional(),
|
|
4898
|
+
policyBundleId: z.string().optional(),
|
|
4899
|
+
metadata: z.record(z.any()).optional(),
|
|
4900
|
+
createdAt: z.number(),
|
|
4901
|
+
updatedAt: z.number()
|
|
4902
|
+
}),
|
|
4903
|
+
indices: [
|
|
4904
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4905
|
+
{ kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
|
|
4906
|
+
{ kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
|
|
4907
|
+
{
|
|
4908
|
+
kind: "index",
|
|
4909
|
+
name: "by_tenant_subject",
|
|
4910
|
+
columns: ["tenantId", "subjectType", "subjectId"]
|
|
4911
|
+
},
|
|
4912
|
+
{ kind: "index", name: "by_outcome", columns: ["outcome"] },
|
|
4913
|
+
{
|
|
4914
|
+
kind: "index",
|
|
4915
|
+
name: "by_workspace_status",
|
|
4916
|
+
columns: ["workspaceId", "status"]
|
|
4917
|
+
}
|
|
4918
|
+
]
|
|
4919
|
+
});
|
|
4920
|
+
defineTable({
|
|
4921
|
+
name: "permitAccessReviewItems",
|
|
4922
|
+
component: "control-plane",
|
|
4923
|
+
category: "access-control",
|
|
4924
|
+
shape: z.object({
|
|
4925
|
+
reviewKey: z.string(),
|
|
4926
|
+
itemKey: z.string(),
|
|
4927
|
+
tenantId: z.string(),
|
|
4928
|
+
workspaceId: z.string().optional(),
|
|
4929
|
+
subjectType: permitAccessReviewSubjectType,
|
|
4930
|
+
subjectId: z.string(),
|
|
4931
|
+
resourceType: z.string().optional(),
|
|
4932
|
+
resourceKey: z.string().optional(),
|
|
4933
|
+
role: z.string().optional(),
|
|
4934
|
+
relation: z.string().optional(),
|
|
4935
|
+
status: z.enum(["open", "approved", "revoked", "changed", "deferred"]),
|
|
4936
|
+
reviewerId: z.string().optional(),
|
|
4937
|
+
decisionAt: z.number().optional(),
|
|
4938
|
+
rationale: z.string().optional(),
|
|
4939
|
+
metadata: z.record(z.any()).optional(),
|
|
4940
|
+
createdAt: z.number(),
|
|
4941
|
+
updatedAt: z.number()
|
|
4942
|
+
}),
|
|
4943
|
+
indices: [
|
|
4944
|
+
{ kind: "index", name: "by_reviewKey", columns: ["reviewKey"] },
|
|
4945
|
+
{ kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
|
|
4946
|
+
{ kind: "index", name: "by_tenant_itemKey", columns: ["tenantId", "itemKey"] },
|
|
4947
|
+
{ kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
|
|
4948
|
+
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
4949
|
+
]
|
|
4950
|
+
});
|
|
4951
|
+
defineTable({
|
|
4952
|
+
name: "reasoningPermissions",
|
|
4953
|
+
component: "control-plane",
|
|
4954
|
+
category: "epistemic",
|
|
4955
|
+
shape: z.object({
|
|
4956
|
+
"topicId": z.string().optional(),
|
|
4957
|
+
"principalId": z.string(),
|
|
4958
|
+
"nodeType": z.enum(["belief", "evidence", "action", "approval", "artifact"]),
|
|
4959
|
+
"action": z.enum(["view_conclusion", "view_evidence", "propose_action", "approve_action", "view_derived_artifact"]),
|
|
4960
|
+
"effect": z.enum(["allow", "deny"]),
|
|
4961
|
+
"policyReference": z.string().optional(),
|
|
4962
|
+
"rationale": z.string().optional(),
|
|
4963
|
+
"metadata": z.record(z.any()).optional(),
|
|
4964
|
+
"createdAt": z.number(),
|
|
4965
|
+
"createdBy": z.string(),
|
|
4966
|
+
"updatedAt": z.number()
|
|
4967
|
+
}),
|
|
4968
|
+
indices: [
|
|
4969
|
+
{ kind: "index", name: "by_topic_principal", columns: ["topicId", "principalId"] },
|
|
4970
|
+
{ kind: "index", name: "by_topic_principal_action", columns: ["topicId", "principalId", "action"] },
|
|
4971
|
+
{ kind: "index", name: "by_topic_principal_node_action", columns: ["topicId", "principalId", "nodeType", "action"] },
|
|
4972
|
+
{ kind: "index", name: "by_principal_action", columns: ["principalId", "action"] }
|
|
4973
|
+
]
|
|
4974
|
+
});
|
|
4975
|
+
defineTable({
|
|
4976
|
+
name: "schemaEnumConfig",
|
|
4977
|
+
component: "kernel",
|
|
4978
|
+
category: "config",
|
|
4979
|
+
shape: z.object({
|
|
4980
|
+
"tenantId": z.string().optional(),
|
|
4981
|
+
"category": z.string(),
|
|
4982
|
+
"value": z.string(),
|
|
4983
|
+
"label": z.string(),
|
|
4984
|
+
"description": z.string().optional(),
|
|
4985
|
+
"tier": z.enum(["platform", "tenant"]),
|
|
4986
|
+
"domainNamespace": z.string().optional(),
|
|
4987
|
+
"metadata": z.any().optional(),
|
|
4988
|
+
"isDefault": z.boolean().optional(),
|
|
4989
|
+
"sortOrder": z.number().optional(),
|
|
4990
|
+
"status": z.enum(["active", "deprecated"]),
|
|
4991
|
+
"createdAt": z.number(),
|
|
4992
|
+
"updatedAt": z.number()
|
|
4993
|
+
}),
|
|
4994
|
+
indices: [
|
|
4995
|
+
{ kind: "index", name: "by_category", columns: ["category"] },
|
|
4996
|
+
{ kind: "index", name: "by_tenant_category", columns: ["tenantId", "category"] },
|
|
4997
|
+
{ kind: "index", name: "by_category_value", columns: ["category", "value"] }
|
|
4998
|
+
]
|
|
4999
|
+
});
|
|
5000
|
+
defineTable({
|
|
5001
|
+
name: "tasks",
|
|
5002
|
+
component: "kernel",
|
|
5003
|
+
category: "task",
|
|
5004
|
+
shape: z.object({
|
|
5005
|
+
"topicId": z.string().optional(),
|
|
5006
|
+
"tenantId": z.string().optional(),
|
|
5007
|
+
"workspaceId": z.string().optional(),
|
|
5008
|
+
"title": z.string(),
|
|
5009
|
+
"description": z.string().optional(),
|
|
5010
|
+
"status": z.enum(["todo", "in_progress", "blocked", "done"]),
|
|
4064
5011
|
"priority": z.enum(["urgent", "high", "medium", "low"]),
|
|
4065
5012
|
"dueDate": z.number().optional(),
|
|
4066
5013
|
"linkedWorktreeId": idOf("worktrees").optional(),
|
|
@@ -4238,6 +5185,7 @@ defineTable({
|
|
|
4238
5185
|
"updatedAt": z.number()
|
|
4239
5186
|
}),
|
|
4240
5187
|
indices: [
|
|
5188
|
+
{ kind: "index", name: "by_globalId", columns: ["globalId"] },
|
|
4241
5189
|
{ kind: "index", name: "by_parent", columns: ["parentTopicId"] },
|
|
4242
5190
|
{ kind: "index", name: "by_type", columns: ["type"] },
|
|
4243
5191
|
{ kind: "index", name: "by_graph_scope_project", columns: ["graphScopeProjectId"] },
|
|
@@ -4249,7 +5197,7 @@ defineTable({
|
|
|
4249
5197
|
});
|
|
4250
5198
|
defineTable({
|
|
4251
5199
|
name: "users",
|
|
4252
|
-
component: "
|
|
5200
|
+
component: "control-plane",
|
|
4253
5201
|
category: "user",
|
|
4254
5202
|
shape: z.object({
|
|
4255
5203
|
"clerkId": z.string(),
|
|
@@ -4363,7 +5311,6 @@ defineTable({
|
|
|
4363
5311
|
"deployments": z.record(z.object({
|
|
4364
5312
|
"url": z.string(),
|
|
4365
5313
|
"target": z.enum(["kernelDeployment", "appDeployment"]).optional(),
|
|
4366
|
-
"encryptedDeployKey": z.string().optional(),
|
|
4367
5314
|
"credentialRef": z.string().optional()
|
|
4368
5315
|
})).optional(),
|
|
4369
5316
|
"metadata": z.record(z.any()).optional(),
|
|
@@ -4378,6 +5325,39 @@ defineTable({
|
|
|
4378
5325
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
4379
5326
|
]
|
|
4380
5327
|
});
|
|
5328
|
+
defineTable({
|
|
5329
|
+
name: "deploymentHosts",
|
|
5330
|
+
component: "mc",
|
|
5331
|
+
category: "workspace",
|
|
5332
|
+
shape: z.object({
|
|
5333
|
+
"host": z.string(),
|
|
5334
|
+
"tenantId": idOf("tenants"),
|
|
5335
|
+
"workspaceId": idOf("workspaces"),
|
|
5336
|
+
"environment": z.enum(["dev", "staging", "prod"]),
|
|
5337
|
+
"target": z.enum(["kernelDeployment", "appDeployment"]),
|
|
5338
|
+
"deploymentUrl": z.string().optional(),
|
|
5339
|
+
"deploymentName": z.string().optional(),
|
|
5340
|
+
"vercelProjectName": z.string().optional(),
|
|
5341
|
+
"vercelProjectId": z.string().optional(),
|
|
5342
|
+
"vercelEnvironment": z.enum(["development", "preview", "staging", "production"]).optional(),
|
|
5343
|
+
"source": z.enum(["vercel_preview", "vercel_production", "vercel_custom_environment", "custom_domain", "manual"]),
|
|
5344
|
+
"status": z.enum(["active", "revoked"]),
|
|
5345
|
+
"metadata": z.record(z.any()).optional(),
|
|
5346
|
+
"createdBy": z.string(),
|
|
5347
|
+
"createdAt": z.number(),
|
|
5348
|
+
"updatedAt": z.number(),
|
|
5349
|
+
"revokedAt": z.number().optional(),
|
|
5350
|
+
"revokedBy": z.string().optional()
|
|
5351
|
+
}),
|
|
5352
|
+
indices: [
|
|
5353
|
+
{ kind: "index", name: "by_host", columns: ["host"] },
|
|
5354
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
5355
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
5356
|
+
{ kind: "index", name: "by_tenant_workspace_environment", columns: ["tenantId", "workspaceId", "environment"] },
|
|
5357
|
+
{ kind: "index", name: "by_workspace_status", columns: ["workspaceId", "status"] },
|
|
5358
|
+
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
5359
|
+
]
|
|
5360
|
+
});
|
|
4381
5361
|
defineTable({
|
|
4382
5362
|
name: "worktreeBeliefCluster",
|
|
4383
5363
|
component: "kernel",
|
|
@@ -4685,8 +5665,8 @@ defineTable({
|
|
|
4685
5665
|
});
|
|
4686
5666
|
z.object({
|
|
4687
5667
|
manifestVersion: z.string(),
|
|
4688
|
-
componentName: z.enum(["kernel", "
|
|
4689
|
-
tier: z.enum(["K", "
|
|
5668
|
+
componentName: z.enum(["kernel", "control-plane"]),
|
|
5669
|
+
tier: z.enum(["K", "CP"]),
|
|
4690
5670
|
packageVersion: z.string(),
|
|
4691
5671
|
tables: z.array(
|
|
4692
5672
|
z.object({
|
|
@@ -4714,17 +5694,44 @@ z.object({
|
|
|
4714
5694
|
message: "SL invariant b+d+u=1 violated at API boundary"
|
|
4715
5695
|
}
|
|
4716
5696
|
);
|
|
4717
|
-
|
|
5697
|
+
|
|
5698
|
+
// ../contracts/src/schema-helpers/spine/tables/epistemicNodes.ts
|
|
5699
|
+
var NODE_TYPES = [
|
|
5700
|
+
"decision",
|
|
4718
5701
|
"belief",
|
|
4719
|
-
"evidence",
|
|
4720
5702
|
"question",
|
|
4721
|
-
"
|
|
5703
|
+
"theme",
|
|
5704
|
+
"deal",
|
|
4722
5705
|
"topic",
|
|
5706
|
+
"claim",
|
|
5707
|
+
"evidence",
|
|
5708
|
+
"synthesis",
|
|
5709
|
+
"answer",
|
|
5710
|
+
"atomic_fact",
|
|
5711
|
+
"excerpt",
|
|
5712
|
+
"source",
|
|
5713
|
+
"company",
|
|
5714
|
+
"person",
|
|
5715
|
+
"investor",
|
|
5716
|
+
"function",
|
|
5717
|
+
"value_chain"
|
|
5718
|
+
];
|
|
5719
|
+
new Set(NODE_TYPES);
|
|
5720
|
+
|
|
5721
|
+
// ../contracts/src/types/graph-ref.ts
|
|
5722
|
+
var GRAPH_REF_EXTRA_NODE_TYPES = [
|
|
4723
5723
|
"edge",
|
|
4724
5724
|
"ontology",
|
|
4725
5725
|
"lens",
|
|
4726
5726
|
"contradiction"
|
|
4727
|
-
]
|
|
5727
|
+
];
|
|
5728
|
+
var GRAPH_REF_NODE_TYPES = [
|
|
5729
|
+
...NODE_TYPES,
|
|
5730
|
+
...GRAPH_REF_EXTRA_NODE_TYPES
|
|
5731
|
+
];
|
|
5732
|
+
var EpistemicNodeTypeSchema = z.enum(
|
|
5733
|
+
GRAPH_REF_NODE_TYPES
|
|
5734
|
+
);
|
|
4728
5735
|
var GraphRefSchema = z.discriminatedUnion("kind", [
|
|
4729
5736
|
z.object({
|
|
4730
5737
|
kind: z.literal("epistemic_node"),
|
|
@@ -4772,33 +5779,14 @@ function assertEdgePolicyAllowed(manifest, edgeType, from, to) {
|
|
|
4772
5779
|
}
|
|
4773
5780
|
|
|
4774
5781
|
// ../contracts/src/manifests/edge-policy-manifest.data.ts
|
|
5782
|
+
var publicEpistemicNodeEdgePolicy = (edgeType) => ({
|
|
5783
|
+
edgeType,
|
|
5784
|
+
fromKinds: ["epistemic_node"],
|
|
5785
|
+
toKinds: ["epistemic_node"],
|
|
5786
|
+
description: "Canonical public create_edge policy for graph-node relationships. The policy layer gates edge-type membership, not endpoint semantics."
|
|
5787
|
+
});
|
|
4775
5788
|
var edgePolicyManifest = {
|
|
4776
|
-
policies:
|
|
4777
|
-
{
|
|
4778
|
-
edgeType: "evidence_derived_from_evidence",
|
|
4779
|
-
fromKinds: ["epistemic_node"],
|
|
4780
|
-
fromNodeTypes: ["evidence"],
|
|
4781
|
-
toKinds: ["epistemic_node"],
|
|
4782
|
-
toNodeTypes: ["evidence"],
|
|
4783
|
-
description: "Evidence E2 was synthesized from evidence E1 by a transformation. Provides chain-of-evidence lineage."
|
|
4784
|
-
},
|
|
4785
|
-
{
|
|
4786
|
-
edgeType: "evidence_supports_belief",
|
|
4787
|
-
fromKinds: ["epistemic_node"],
|
|
4788
|
-
fromNodeTypes: ["evidence"],
|
|
4789
|
-
toKinds: ["epistemic_node"],
|
|
4790
|
-
toNodeTypes: ["belief"],
|
|
4791
|
-
description: "Existing link_evidence_to_belief semantics promoted to the create_edge policy source."
|
|
4792
|
-
},
|
|
4793
|
-
{
|
|
4794
|
-
edgeType: "evidence_supports_question",
|
|
4795
|
-
fromKinds: ["epistemic_node"],
|
|
4796
|
-
fromNodeTypes: ["evidence"],
|
|
4797
|
-
toKinds: ["epistemic_node"],
|
|
4798
|
-
toNodeTypes: ["question"],
|
|
4799
|
-
description: "Existing link_evidence_to_question semantics promoted to the create_edge policy source."
|
|
4800
|
-
}
|
|
4801
|
-
]
|
|
5789
|
+
policies: EDGE_TYPE_VALUES.map(publicEpistemicNodeEdgePolicy)
|
|
4802
5790
|
};
|
|
4803
5791
|
|
|
4804
5792
|
// ../contracts/src/tenant-client.contract.ts
|
|
@@ -4845,7 +5833,7 @@ var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
|
|
|
4845
5833
|
},
|
|
4846
5834
|
{
|
|
4847
5835
|
packageName: "@lucern/control-plane",
|
|
4848
|
-
role: "
|
|
5836
|
+
role: "component_runtime",
|
|
4849
5837
|
directTenantImport: false
|
|
4850
5838
|
},
|
|
4851
5839
|
{
|
|
@@ -4854,79 +5842,948 @@ var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
|
|
|
4854
5842
|
directTenantImport: false
|
|
4855
5843
|
},
|
|
4856
5844
|
{
|
|
4857
|
-
packageName: "@lucern/events",
|
|
4858
|
-
role: "sdk_dependency",
|
|
4859
|
-
directTenantImport: false
|
|
5845
|
+
packageName: "@lucern/events",
|
|
5846
|
+
role: "sdk_dependency",
|
|
5847
|
+
directTenantImport: false
|
|
5848
|
+
},
|
|
5849
|
+
{
|
|
5850
|
+
packageName: "@lucern/graph-primitives",
|
|
5851
|
+
role: "sdk_dependency",
|
|
5852
|
+
directTenantImport: false
|
|
5853
|
+
},
|
|
5854
|
+
{
|
|
5855
|
+
packageName: "@lucern/graph-sync",
|
|
5856
|
+
role: "host_addon_runtime",
|
|
5857
|
+
directTenantImport: true
|
|
5858
|
+
},
|
|
5859
|
+
{
|
|
5860
|
+
packageName: "@lucern/mcp",
|
|
5861
|
+
role: "runtime_entrypoint",
|
|
5862
|
+
directTenantImport: true
|
|
5863
|
+
},
|
|
5864
|
+
{
|
|
5865
|
+
packageName: "@lucern/pack-host",
|
|
5866
|
+
role: "platform_runtime",
|
|
5867
|
+
directTenantImport: false
|
|
5868
|
+
},
|
|
5869
|
+
{
|
|
5870
|
+
packageName: "@lucern/pack-installer",
|
|
5871
|
+
role: "developer_tool",
|
|
5872
|
+
directTenantImport: false
|
|
5873
|
+
},
|
|
5874
|
+
{
|
|
5875
|
+
packageName: "@lucern/proof-compiler",
|
|
5876
|
+
role: "developer_tool",
|
|
5877
|
+
directTenantImport: false
|
|
5878
|
+
},
|
|
5879
|
+
{
|
|
5880
|
+
packageName: "@lucern/react",
|
|
5881
|
+
role: "runtime_entrypoint",
|
|
5882
|
+
directTenantImport: true
|
|
5883
|
+
},
|
|
5884
|
+
{
|
|
5885
|
+
packageName: "@lucern/reasoning-kernel",
|
|
5886
|
+
role: "component_runtime",
|
|
5887
|
+
directTenantImport: false
|
|
5888
|
+
},
|
|
5889
|
+
{
|
|
5890
|
+
packageName: "@lucern/sdk",
|
|
5891
|
+
role: "runtime_entrypoint",
|
|
5892
|
+
directTenantImport: true
|
|
5893
|
+
},
|
|
5894
|
+
{
|
|
5895
|
+
packageName: "@lucern/secrets",
|
|
5896
|
+
role: "sdk_dependency",
|
|
5897
|
+
directTenantImport: false
|
|
5898
|
+
},
|
|
5899
|
+
{
|
|
5900
|
+
packageName: "@lucern/server-core",
|
|
5901
|
+
role: "platform_runtime",
|
|
5902
|
+
directTenantImport: false
|
|
5903
|
+
},
|
|
5904
|
+
{
|
|
5905
|
+
packageName: "@lucern/testing",
|
|
5906
|
+
role: "test_support",
|
|
5907
|
+
directTenantImport: false
|
|
5908
|
+
},
|
|
5909
|
+
{
|
|
5910
|
+
packageName: "@lucern/types",
|
|
5911
|
+
role: "contract_entrypoint",
|
|
5912
|
+
directTenantImport: true
|
|
5913
|
+
}
|
|
5914
|
+
];
|
|
5915
|
+
TENANT_CLIENT_INSTALLABLE_PACKAGES.map(
|
|
5916
|
+
(entry) => entry.packageName
|
|
5917
|
+
);
|
|
5918
|
+
|
|
5919
|
+
// ../contracts/src/infisical-runtime.contract.ts
|
|
5920
|
+
var INFISICAL_TENANT_SOFTWARE_SYSTEMS = [
|
|
5921
|
+
{
|
|
5922
|
+
id: "stack-frontend",
|
|
5923
|
+
tenantKey: "stack",
|
|
5924
|
+
workspaceKey: "frontend",
|
|
5925
|
+
vercelProjectName: "ai-chatbot-diao",
|
|
5926
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
5927
|
+
vercelProjectId: "prj_PihFw8kohSSw14nZs9YQV3xVo517",
|
|
5928
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
5929
|
+
repository: {
|
|
5930
|
+
owner: "stack-vc",
|
|
5931
|
+
name: "front-end"
|
|
5932
|
+
},
|
|
5933
|
+
sharedSourcePath: "/tenants/stack",
|
|
5934
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
5935
|
+
convex: {
|
|
5936
|
+
urlEnv: "CONVEX_FRONTEND_URL",
|
|
5937
|
+
deployKeyEnv: "CONVEX_FRONTEND_DEPLOY_KEY",
|
|
5938
|
+
preprodDeployment: "rugged-lobster-664",
|
|
5939
|
+
prodDeployment: "wonderful-toucan-0"
|
|
5940
|
+
}
|
|
5941
|
+
},
|
|
5942
|
+
{
|
|
5943
|
+
id: "stackos",
|
|
5944
|
+
tenantKey: "stack",
|
|
5945
|
+
workspaceKey: "stackos",
|
|
5946
|
+
vercelProjectName: "stackos",
|
|
5947
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
5948
|
+
vercelProjectId: "prj_rXLAL0Z6v9p1fasKbomby6GI7kau",
|
|
5949
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
5950
|
+
repository: {
|
|
5951
|
+
owner: "stack-vc",
|
|
5952
|
+
name: "stackos"
|
|
5953
|
+
},
|
|
5954
|
+
sharedSourcePath: "/tenants/stack",
|
|
5955
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
5956
|
+
convex: {
|
|
5957
|
+
urlEnv: "CONVEX_STACKOS_URL",
|
|
5958
|
+
deployKeyEnv: "CONVEX_STACKOS_DEPLOY_KEY",
|
|
5959
|
+
preprodDeployment: "giant-mandrill-761",
|
|
5960
|
+
prodDeployment: "good-snake-515"
|
|
5961
|
+
}
|
|
5962
|
+
},
|
|
5963
|
+
{
|
|
5964
|
+
id: "stack-eng",
|
|
5965
|
+
tenantKey: "stack",
|
|
5966
|
+
workspaceKey: "engineering",
|
|
5967
|
+
vercelProjectName: "stackos-engineering-graph",
|
|
5968
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
5969
|
+
vercelProjectId: "prj_zAU0Zn9GkbHjHI63dxW4vLpmoqTJ",
|
|
5970
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
5971
|
+
repository: {
|
|
5972
|
+
owner: "stack-vc",
|
|
5973
|
+
name: "stackos-engineering-graph"
|
|
5974
|
+
},
|
|
5975
|
+
sharedSourcePath: "/tenants/stack/engineering",
|
|
5976
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
5977
|
+
convex: {
|
|
5978
|
+
urlEnv: "CONVEX_STACK_ENG_URL",
|
|
5979
|
+
deployKeyEnv: "CONVEX_STACK_ENG_DEPLOY_KEY",
|
|
5980
|
+
preprodDeployment: "small-oyster-270",
|
|
5981
|
+
prodDeployment: "bold-cuttlefish-804"
|
|
5982
|
+
}
|
|
5983
|
+
},
|
|
5984
|
+
{
|
|
5985
|
+
id: "lucern-graph",
|
|
5986
|
+
tenantKey: "lucern",
|
|
5987
|
+
workspaceKey: "lucern",
|
|
5988
|
+
vercelProjectName: "lucern-graph",
|
|
5989
|
+
vercelTeamId: "team_vTHxxs8GAoAFUe6RWMlYt7fY",
|
|
5990
|
+
vercelProjectId: "prj_KJ8EKV8vGM5xURpqmwTwmECEGPgQ",
|
|
5991
|
+
vercelWriterTokenEnv: "LUCERN_VERCEL_TOKEN",
|
|
5992
|
+
repository: {
|
|
5993
|
+
owner: "LucernAI",
|
|
5994
|
+
name: "lucern-graph"
|
|
5995
|
+
},
|
|
5996
|
+
sharedSourcePath: "/tenants/lucern/shared",
|
|
5997
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
5998
|
+
convex: {
|
|
5999
|
+
urlEnv: "CONVEX_LUCERN_URL",
|
|
6000
|
+
deployKeyEnv: "CONVEX_LUCERN_DEPLOY_KEY",
|
|
6001
|
+
preprodDeployment: "good-blackbird-774",
|
|
6002
|
+
prodDeployment: "precious-dog-365"
|
|
6003
|
+
}
|
|
6004
|
+
}
|
|
6005
|
+
];
|
|
6006
|
+
var TENANT_SHARED_SECRET_DEFINITION_TEMPLATES = [
|
|
6007
|
+
{
|
|
6008
|
+
idSuffix: "clerk.publishable",
|
|
6009
|
+
canonicalName: "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY",
|
|
6010
|
+
aliases: ["CLERK_PUBLISHABLE_KEY"],
|
|
6011
|
+
required: true,
|
|
6012
|
+
secret: false,
|
|
6013
|
+
public: true,
|
|
6014
|
+
description: "Tenant-owned Clerk browser key. For Stack this is the master clerk.stack.vc project shared by front-end, StackOS, and the engineering workspace."
|
|
6015
|
+
},
|
|
6016
|
+
{
|
|
6017
|
+
idSuffix: "clerk.secret",
|
|
6018
|
+
canonicalName: "CLERK_SECRET_KEY",
|
|
6019
|
+
required: true,
|
|
6020
|
+
secret: true,
|
|
6021
|
+
public: false,
|
|
6022
|
+
description: "Tenant-owned Clerk backend secret used only by that tenant's server runtimes."
|
|
6023
|
+
},
|
|
6024
|
+
{
|
|
6025
|
+
idSuffix: "clerk.project",
|
|
6026
|
+
canonicalName: "CLERK_PROJECT_ID",
|
|
6027
|
+
required: true,
|
|
6028
|
+
secret: false,
|
|
6029
|
+
public: false,
|
|
6030
|
+
description: "Tenant-owned Clerk project id used to resolve canonical Clerk aliases."
|
|
6031
|
+
},
|
|
6032
|
+
{
|
|
6033
|
+
idSuffix: "clerk.jwks",
|
|
6034
|
+
canonicalName: "CLERK_JWT_ISSUER_DOMAIN",
|
|
6035
|
+
aliases: ["CLERK_ISSUER_URL", "CLERK_JWKS_URL"],
|
|
6036
|
+
required: false,
|
|
6037
|
+
secret: false,
|
|
6038
|
+
public: false,
|
|
6039
|
+
description: "Tenant Clerk issuer/JWKS URL consumed by Convex auth.config.ts."
|
|
6040
|
+
},
|
|
6041
|
+
{
|
|
6042
|
+
idSuffix: "clerk.jwt-key",
|
|
6043
|
+
canonicalName: "CLERK_JWT_KEY",
|
|
6044
|
+
required: false,
|
|
6045
|
+
secret: true,
|
|
6046
|
+
public: false,
|
|
6047
|
+
description: "Tenant Clerk JWT public verification key used by bearer-token API routes."
|
|
6048
|
+
},
|
|
6049
|
+
{
|
|
6050
|
+
idSuffix: "clerk.authorized-parties",
|
|
6051
|
+
canonicalName: "CLERK_AUTHORIZED_PARTIES",
|
|
6052
|
+
aliases: ["CLERK_MOBILE_AUTHORIZED_PARTIES"],
|
|
6053
|
+
required: false,
|
|
6054
|
+
secret: false,
|
|
6055
|
+
public: false,
|
|
6056
|
+
description: "Comma-separated Clerk authorized parties for browser and mobile bearer-token validation."
|
|
6057
|
+
},
|
|
6058
|
+
{
|
|
6059
|
+
idSuffix: "clerk.sign-in-url",
|
|
6060
|
+
canonicalName: "NEXT_PUBLIC_CLERK_SIGN_IN_URL",
|
|
6061
|
+
required: false,
|
|
6062
|
+
secret: false,
|
|
6063
|
+
public: true,
|
|
6064
|
+
description: "Tenant Clerk sign-in route for custom app login surfaces."
|
|
6065
|
+
},
|
|
6066
|
+
{
|
|
6067
|
+
idSuffix: "clerk.sign-up-url",
|
|
6068
|
+
canonicalName: "NEXT_PUBLIC_CLERK_SIGN_UP_URL",
|
|
6069
|
+
required: false,
|
|
6070
|
+
secret: false,
|
|
6071
|
+
public: true,
|
|
6072
|
+
description: "Tenant Clerk sign-up route for custom app login surfaces."
|
|
6073
|
+
}
|
|
6074
|
+
];
|
|
6075
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap(
|
|
6076
|
+
(system) => TENANT_SHARED_SECRET_DEFINITION_TEMPLATES.map(
|
|
6077
|
+
(template) => ({
|
|
6078
|
+
id: `tenant.${system.id}.${template.idSuffix}`,
|
|
6079
|
+
canonicalName: template.canonicalName,
|
|
6080
|
+
aliases: "aliases" in template ? template.aliases : void 0,
|
|
6081
|
+
owner: "tenant",
|
|
6082
|
+
scope: "tenant",
|
|
6083
|
+
sourcePath: system.sharedSourcePath,
|
|
6084
|
+
environmentPolicy: "environment_specific",
|
|
6085
|
+
required: template.required,
|
|
6086
|
+
secret: template.secret,
|
|
6087
|
+
public: template.public,
|
|
6088
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6089
|
+
destinations: [
|
|
6090
|
+
{
|
|
6091
|
+
kind: "vercel",
|
|
6092
|
+
target: system.vercelProjectName,
|
|
6093
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6094
|
+
},
|
|
6095
|
+
{
|
|
6096
|
+
kind: "convex",
|
|
6097
|
+
target: `${system.convex.preprodDeployment}|${system.convex.prodDeployment}`,
|
|
6098
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6099
|
+
}
|
|
6100
|
+
],
|
|
6101
|
+
description: `${system.tenantKey}/${system.workspaceKey}: ${template.description}`
|
|
6102
|
+
})
|
|
6103
|
+
)
|
|
6104
|
+
);
|
|
6105
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.map(
|
|
6106
|
+
(system) => ({
|
|
6107
|
+
id: `tenant.${system.id}.install-lucern-npm`,
|
|
6108
|
+
canonicalName: "INSTALL_LUCERN_NPM",
|
|
6109
|
+
owner: "provider",
|
|
6110
|
+
scope: "global",
|
|
6111
|
+
sourcePath: "/tenants/shared",
|
|
6112
|
+
environmentPolicy: "same_all_environments",
|
|
6113
|
+
required: true,
|
|
6114
|
+
secret: true,
|
|
6115
|
+
public: false,
|
|
6116
|
+
consumers: ["tenant-vercel-app", "tenant-deploy-tooling"],
|
|
6117
|
+
destinations: [
|
|
6118
|
+
{
|
|
6119
|
+
kind: "vercel",
|
|
6120
|
+
target: system.vercelProjectName,
|
|
6121
|
+
environmentPolicy: "same_all_environments"
|
|
6122
|
+
},
|
|
6123
|
+
{
|
|
6124
|
+
kind: "github_actions",
|
|
6125
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6126
|
+
environmentPolicy: "same_all_environments"
|
|
6127
|
+
}
|
|
6128
|
+
],
|
|
6129
|
+
description: `${system.tenantKey}/${system.workspaceKey}: read-only npm install token for published @lucern/* packages.`
|
|
6130
|
+
})
|
|
6131
|
+
);
|
|
6132
|
+
var TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS = ["stack-frontend", "stackos"];
|
|
6133
|
+
var TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES = [
|
|
6134
|
+
{
|
|
6135
|
+
idSuffix: "ai.openai-api-key",
|
|
6136
|
+
canonicalName: "OPENAI_API_KEY",
|
|
6137
|
+
required: false,
|
|
6138
|
+
secret: true,
|
|
6139
|
+
public: false,
|
|
6140
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6141
|
+
description: "Tenant-owned OpenAI key for product runtime LLM calls."
|
|
6142
|
+
},
|
|
6143
|
+
{
|
|
6144
|
+
idSuffix: "ai.anthropic-api-key",
|
|
6145
|
+
canonicalName: "ANTHROPIC_API_KEY",
|
|
6146
|
+
required: false,
|
|
6147
|
+
secret: true,
|
|
6148
|
+
public: false,
|
|
6149
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6150
|
+
description: "Tenant-owned Anthropic key for product runtime LLM calls."
|
|
6151
|
+
},
|
|
6152
|
+
{
|
|
6153
|
+
idSuffix: "ai.gemini-api-key",
|
|
6154
|
+
canonicalName: "GEMINI_API_KEY",
|
|
6155
|
+
aliases: ["GOOGLE_AI_API_KEY", "GOOGLE_GENERATIVE_AI_API_KEY"],
|
|
6156
|
+
required: false,
|
|
6157
|
+
secret: true,
|
|
6158
|
+
public: false,
|
|
6159
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6160
|
+
description: "Tenant-owned Google/Gemini key for product runtime LLM calls."
|
|
6161
|
+
},
|
|
6162
|
+
{
|
|
6163
|
+
idSuffix: "langfuse.secret-key",
|
|
6164
|
+
canonicalName: "LANGFUSE_SECRET_KEY",
|
|
6165
|
+
required: false,
|
|
6166
|
+
secret: true,
|
|
6167
|
+
public: false,
|
|
6168
|
+
consumers: [
|
|
6169
|
+
"tenant-vercel-app",
|
|
6170
|
+
"tenant-convex-deployment",
|
|
6171
|
+
"tenant-observability"
|
|
6172
|
+
],
|
|
6173
|
+
description: "Tenant-owned Langfuse secret key for product AI tracing."
|
|
6174
|
+
},
|
|
6175
|
+
{
|
|
6176
|
+
idSuffix: "langfuse.public-key",
|
|
6177
|
+
canonicalName: "LANGFUSE_PUBLIC_KEY",
|
|
6178
|
+
required: false,
|
|
6179
|
+
secret: false,
|
|
6180
|
+
public: false,
|
|
6181
|
+
consumers: [
|
|
6182
|
+
"tenant-vercel-app",
|
|
6183
|
+
"tenant-convex-deployment",
|
|
6184
|
+
"tenant-observability"
|
|
6185
|
+
],
|
|
6186
|
+
description: "Tenant-owned Langfuse public key for product AI tracing."
|
|
6187
|
+
},
|
|
6188
|
+
{
|
|
6189
|
+
idSuffix: "langfuse.base-url",
|
|
6190
|
+
canonicalName: "LANGFUSE_BASE_URL",
|
|
6191
|
+
aliases: ["LANGFUSE_BASEURL", "LANGFUSE_HOST"],
|
|
6192
|
+
required: false,
|
|
6193
|
+
secret: false,
|
|
6194
|
+
public: false,
|
|
6195
|
+
consumers: [
|
|
6196
|
+
"tenant-vercel-app",
|
|
6197
|
+
"tenant-convex-deployment",
|
|
6198
|
+
"tenant-observability"
|
|
6199
|
+
],
|
|
6200
|
+
description: "Tenant-owned Langfuse API origin."
|
|
6201
|
+
},
|
|
6202
|
+
{
|
|
6203
|
+
idSuffix: "graph.neo4j-uri",
|
|
6204
|
+
canonicalName: "NEO4J_URI",
|
|
6205
|
+
required: false,
|
|
6206
|
+
secret: false,
|
|
6207
|
+
public: false,
|
|
6208
|
+
consumers: [
|
|
6209
|
+
"tenant-vercel-app",
|
|
6210
|
+
"tenant-convex-deployment",
|
|
6211
|
+
"tenant-graph-sync"
|
|
6212
|
+
],
|
|
6213
|
+
description: "Tenant-owned Neo4j URI for product graph-sync."
|
|
6214
|
+
},
|
|
6215
|
+
{
|
|
6216
|
+
idSuffix: "graph.neo4j-user",
|
|
6217
|
+
canonicalName: "NEO4J_USER",
|
|
6218
|
+
aliases: ["NEO4J_USERNAME"],
|
|
6219
|
+
required: false,
|
|
6220
|
+
secret: false,
|
|
6221
|
+
public: false,
|
|
6222
|
+
consumers: [
|
|
6223
|
+
"tenant-vercel-app",
|
|
6224
|
+
"tenant-convex-deployment",
|
|
6225
|
+
"tenant-graph-sync"
|
|
6226
|
+
],
|
|
6227
|
+
description: "Tenant-owned Neo4j user for product graph-sync."
|
|
6228
|
+
},
|
|
6229
|
+
{
|
|
6230
|
+
idSuffix: "graph.neo4j-password",
|
|
6231
|
+
canonicalName: "NEO4J_PASSWORD",
|
|
6232
|
+
required: false,
|
|
6233
|
+
secret: true,
|
|
6234
|
+
public: false,
|
|
6235
|
+
consumers: [
|
|
6236
|
+
"tenant-vercel-app",
|
|
6237
|
+
"tenant-convex-deployment",
|
|
6238
|
+
"tenant-graph-sync"
|
|
6239
|
+
],
|
|
6240
|
+
description: "Tenant-owned Neo4j password for product graph-sync."
|
|
6241
|
+
},
|
|
6242
|
+
{
|
|
6243
|
+
idSuffix: "graph.neo4j-sync-secret",
|
|
6244
|
+
canonicalName: "NEO4J_SYNC_SECRET",
|
|
6245
|
+
required: false,
|
|
6246
|
+
secret: true,
|
|
6247
|
+
public: false,
|
|
6248
|
+
consumers: [
|
|
6249
|
+
"tenant-vercel-app",
|
|
6250
|
+
"tenant-convex-deployment",
|
|
6251
|
+
"tenant-graph-sync"
|
|
6252
|
+
],
|
|
6253
|
+
description: "Tenant-owned shared secret for product Convex-to-HTTP graph-sync calls."
|
|
6254
|
+
},
|
|
6255
|
+
{
|
|
6256
|
+
idSuffix: "graph.neo4j-database",
|
|
6257
|
+
canonicalName: "NEO4J_DATABASE",
|
|
6258
|
+
required: false,
|
|
6259
|
+
secret: false,
|
|
6260
|
+
public: false,
|
|
6261
|
+
consumers: [
|
|
6262
|
+
"tenant-vercel-app",
|
|
6263
|
+
"tenant-convex-deployment",
|
|
6264
|
+
"tenant-graph-sync"
|
|
6265
|
+
],
|
|
6266
|
+
description: "Tenant-owned Neo4j database name for product graph-sync."
|
|
6267
|
+
},
|
|
6268
|
+
{
|
|
6269
|
+
idSuffix: "vector.pinecone-api-key",
|
|
6270
|
+
canonicalName: "PINECONE_API_KEY",
|
|
6271
|
+
required: false,
|
|
6272
|
+
secret: true,
|
|
6273
|
+
public: false,
|
|
6274
|
+
consumers: [
|
|
6275
|
+
"tenant-vercel-app",
|
|
6276
|
+
"tenant-convex-deployment",
|
|
6277
|
+
"tenant-vector-store"
|
|
6278
|
+
],
|
|
6279
|
+
description: "Tenant-owned Pinecone API key for product vector search."
|
|
6280
|
+
},
|
|
6281
|
+
{
|
|
6282
|
+
idSuffix: "vector.pinecone-index-name",
|
|
6283
|
+
canonicalName: "PINECONE_INDEX_NAME",
|
|
6284
|
+
aliases: ["PINECONE_INDEX"],
|
|
6285
|
+
required: false,
|
|
6286
|
+
secret: false,
|
|
6287
|
+
public: false,
|
|
6288
|
+
consumers: [
|
|
6289
|
+
"tenant-vercel-app",
|
|
6290
|
+
"tenant-convex-deployment",
|
|
6291
|
+
"tenant-vector-store"
|
|
6292
|
+
],
|
|
6293
|
+
description: "Tenant-owned Pinecone index name for product vector search."
|
|
6294
|
+
},
|
|
6295
|
+
{
|
|
6296
|
+
idSuffix: "vector.pinecone-host",
|
|
6297
|
+
canonicalName: "PINECONE_HOST",
|
|
6298
|
+
aliases: ["PINECONE_INDEX_HOST"],
|
|
6299
|
+
required: false,
|
|
6300
|
+
secret: false,
|
|
6301
|
+
public: false,
|
|
6302
|
+
consumers: [
|
|
6303
|
+
"tenant-vercel-app",
|
|
6304
|
+
"tenant-convex-deployment",
|
|
6305
|
+
"tenant-vector-store"
|
|
6306
|
+
],
|
|
6307
|
+
description: "Tenant-owned Pinecone host for product vector search."
|
|
6308
|
+
},
|
|
6309
|
+
{
|
|
6310
|
+
idSuffix: "vector.pinecone-namespace",
|
|
6311
|
+
canonicalName: "PINECONE_NAMESPACE",
|
|
6312
|
+
required: false,
|
|
6313
|
+
secret: false,
|
|
6314
|
+
public: false,
|
|
6315
|
+
consumers: [
|
|
6316
|
+
"tenant-vercel-app",
|
|
6317
|
+
"tenant-convex-deployment",
|
|
6318
|
+
"tenant-vector-store"
|
|
6319
|
+
],
|
|
6320
|
+
description: "Tenant-owned Pinecone namespace for product vector search isolation."
|
|
6321
|
+
},
|
|
6322
|
+
{
|
|
6323
|
+
idSuffix: "storage.aws-access-key-id",
|
|
6324
|
+
canonicalName: "AWS_ACCESS_KEY_ID",
|
|
6325
|
+
required: false,
|
|
6326
|
+
secret: true,
|
|
6327
|
+
public: false,
|
|
6328
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6329
|
+
description: "Tenant-owned AWS access key id for document/file ingestion."
|
|
6330
|
+
},
|
|
6331
|
+
{
|
|
6332
|
+
idSuffix: "storage.aws-secret-access-key",
|
|
6333
|
+
canonicalName: "AWS_SECRET_ACCESS_KEY",
|
|
6334
|
+
required: false,
|
|
6335
|
+
secret: true,
|
|
6336
|
+
public: false,
|
|
6337
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6338
|
+
description: "Tenant-owned AWS secret access key for document/file ingestion."
|
|
4860
6339
|
},
|
|
4861
6340
|
{
|
|
4862
|
-
|
|
4863
|
-
|
|
4864
|
-
|
|
6341
|
+
idSuffix: "storage.aws-region",
|
|
6342
|
+
canonicalName: "AWS_REGION",
|
|
6343
|
+
required: false,
|
|
6344
|
+
secret: false,
|
|
6345
|
+
public: false,
|
|
6346
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6347
|
+
description: "Tenant-owned AWS region for document/file ingestion."
|
|
4865
6348
|
},
|
|
4866
6349
|
{
|
|
4867
|
-
|
|
4868
|
-
|
|
4869
|
-
|
|
6350
|
+
idSuffix: "observability.sentry-dsn",
|
|
6351
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_DSN",
|
|
6352
|
+
aliases: ["NEXT_PUBLIC_SENTRY_DSN_NEXTJS", "SENTRY_DSN"],
|
|
6353
|
+
required: false,
|
|
6354
|
+
secret: false,
|
|
6355
|
+
public: true,
|
|
6356
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6357
|
+
description: "Tenant-owned Sentry DSN for app telemetry."
|
|
4870
6358
|
},
|
|
4871
6359
|
{
|
|
4872
|
-
|
|
4873
|
-
|
|
4874
|
-
|
|
6360
|
+
idSuffix: "observability.sentry-auth-token",
|
|
6361
|
+
canonicalName: "SENTRY_AUTH_TOKEN",
|
|
6362
|
+
required: false,
|
|
6363
|
+
secret: true,
|
|
6364
|
+
public: false,
|
|
6365
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6366
|
+
description: "Tenant-owned Sentry release token for app deployments."
|
|
4875
6367
|
},
|
|
4876
6368
|
{
|
|
4877
|
-
|
|
4878
|
-
|
|
4879
|
-
|
|
6369
|
+
idSuffix: "observability.sentry-org",
|
|
6370
|
+
canonicalName: "SENTRY_ORG",
|
|
6371
|
+
aliases: ["SENTRY_ORG_SLUG"],
|
|
6372
|
+
required: false,
|
|
6373
|
+
secret: false,
|
|
6374
|
+
public: false,
|
|
6375
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6376
|
+
description: "Tenant-owned Sentry org slug for release uploads."
|
|
4880
6377
|
},
|
|
4881
6378
|
{
|
|
4882
|
-
|
|
4883
|
-
|
|
4884
|
-
|
|
6379
|
+
idSuffix: "observability.sentry-project",
|
|
6380
|
+
canonicalName: "SENTRY_PROJECT",
|
|
6381
|
+
aliases: ["SENTRY_PROJECT_NEXTJS"],
|
|
6382
|
+
required: false,
|
|
6383
|
+
secret: false,
|
|
6384
|
+
public: false,
|
|
6385
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6386
|
+
description: "Tenant-owned Sentry project slug for release uploads."
|
|
4885
6387
|
},
|
|
4886
6388
|
{
|
|
4887
|
-
|
|
4888
|
-
|
|
4889
|
-
|
|
6389
|
+
idSuffix: "observability.sentry-environment",
|
|
6390
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_ENVIRONMENT",
|
|
6391
|
+
aliases: ["SENTRY_ENVIRONMENT"],
|
|
6392
|
+
required: false,
|
|
6393
|
+
secret: false,
|
|
6394
|
+
public: true,
|
|
6395
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6396
|
+
description: "Tenant-owned Sentry environment label."
|
|
4890
6397
|
},
|
|
4891
6398
|
{
|
|
4892
|
-
|
|
4893
|
-
|
|
4894
|
-
|
|
6399
|
+
idSuffix: "observability.sentry-release",
|
|
6400
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_RELEASE",
|
|
6401
|
+
aliases: ["SENTRY_RELEASE"],
|
|
6402
|
+
required: false,
|
|
6403
|
+
secret: false,
|
|
6404
|
+
public: true,
|
|
6405
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6406
|
+
description: "Tenant-owned Sentry release label."
|
|
4895
6407
|
},
|
|
4896
6408
|
{
|
|
4897
|
-
|
|
4898
|
-
|
|
4899
|
-
|
|
6409
|
+
idSuffix: "observability.sentry-client-options",
|
|
6410
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE",
|
|
6411
|
+
aliases: [
|
|
6412
|
+
"NEXT_PUBLIC_SENTRY_CAPTURE_CONSOLE_LEVELS",
|
|
6413
|
+
"NEXT_PUBLIC_SENTRY_CAPTURE_CONSOLE_LEVELS_NEXTJS",
|
|
6414
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_BREADCRUMB_LEVELS",
|
|
6415
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_BREADCRUMB_LEVELS_NEXTJS",
|
|
6416
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_LOG_LEVELS",
|
|
6417
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_LOG_LEVELS_NEXTJS",
|
|
6418
|
+
"NEXT_PUBLIC_SENTRY_ENABLE_LOGS",
|
|
6419
|
+
"NEXT_PUBLIC_SENTRY_REPLAYS_ON_ERROR_SAMPLE_RATE",
|
|
6420
|
+
"NEXT_PUBLIC_SENTRY_REPLAYS_SESSION_SAMPLE_RATE",
|
|
6421
|
+
"NEXT_PUBLIC_SENTRY_SEND_DEFAULT_PII",
|
|
6422
|
+
"NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE_NEXTJS"
|
|
6423
|
+
],
|
|
6424
|
+
required: false,
|
|
6425
|
+
secret: false,
|
|
6426
|
+
public: true,
|
|
6427
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6428
|
+
description: "Tenant-owned public Sentry tuning values for Next.js client instrumentation."
|
|
4900
6429
|
},
|
|
4901
6430
|
{
|
|
4902
|
-
|
|
4903
|
-
|
|
4904
|
-
|
|
6431
|
+
idSuffix: "observability.sentry-webhook-secret",
|
|
6432
|
+
canonicalName: "SENTRY_WEBHOOK_SECRET",
|
|
6433
|
+
required: false,
|
|
6434
|
+
secret: true,
|
|
6435
|
+
public: false,
|
|
6436
|
+
consumers: ["tenant-convex-deployment", "tenant-observability"],
|
|
6437
|
+
description: "Tenant-owned Sentry webhook verification secret."
|
|
4905
6438
|
},
|
|
4906
6439
|
{
|
|
4907
|
-
|
|
4908
|
-
|
|
4909
|
-
|
|
6440
|
+
idSuffix: "lucern.gateway-api-key",
|
|
6441
|
+
canonicalName: "LUCERN_API_KEY",
|
|
6442
|
+
aliases: ["STACK_API_KEY"],
|
|
6443
|
+
required: false,
|
|
6444
|
+
secret: true,
|
|
6445
|
+
public: false,
|
|
6446
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6447
|
+
description: "Tenant-scoped Lucern/MC gateway API key for product front-door calls."
|
|
4910
6448
|
},
|
|
4911
6449
|
{
|
|
4912
|
-
|
|
4913
|
-
|
|
4914
|
-
|
|
6450
|
+
idSuffix: "lucern.gateway-base-url",
|
|
6451
|
+
canonicalName: "LUCERN_BASE_URL",
|
|
6452
|
+
aliases: ["LUCERN_API_BASE_URL", "LUCERN_GATEWAY_BASE_URL"],
|
|
6453
|
+
required: false,
|
|
6454
|
+
secret: false,
|
|
6455
|
+
public: false,
|
|
6456
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6457
|
+
description: "Lucern/MC gateway base URL used by tenant product apps."
|
|
4915
6458
|
},
|
|
4916
6459
|
{
|
|
4917
|
-
|
|
4918
|
-
|
|
4919
|
-
|
|
6460
|
+
idSuffix: "lucern.proxy-token-secret",
|
|
6461
|
+
canonicalName: "LUCERN_PROXY_TOKEN_SECRET",
|
|
6462
|
+
required: false,
|
|
6463
|
+
secret: true,
|
|
6464
|
+
public: false,
|
|
6465
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6466
|
+
description: "Tenant-owned secret for signing internal proxy/session tokens in product apps."
|
|
4920
6467
|
},
|
|
4921
6468
|
{
|
|
4922
|
-
|
|
4923
|
-
|
|
4924
|
-
|
|
6469
|
+
idSuffix: "tenant.integrations.linear-api-key",
|
|
6470
|
+
canonicalName: "LINEAR_API_KEY",
|
|
6471
|
+
required: false,
|
|
6472
|
+
secret: true,
|
|
6473
|
+
public: false,
|
|
6474
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6475
|
+
description: "Tenant-owned Linear API key for support/slash-command flows."
|
|
6476
|
+
},
|
|
6477
|
+
{
|
|
6478
|
+
idSuffix: "tenant.vercel.bypass-token",
|
|
6479
|
+
canonicalName: "VERCEL_AUTOMATION_BYPASS_SECRET",
|
|
6480
|
+
aliases: ["NEXT_PUBLIC_VERCEL_BYPASS_TOKEN"],
|
|
6481
|
+
required: false,
|
|
6482
|
+
secret: true,
|
|
6483
|
+
public: false,
|
|
6484
|
+
consumers: ["tenant-vercel-app", "tenant-deploy-tooling"],
|
|
6485
|
+
description: "Tenant-owned Vercel automation bypass token. Public alias is legacy and should be removed from app code."
|
|
4925
6486
|
}
|
|
4926
6487
|
];
|
|
4927
|
-
|
|
4928
|
-
(
|
|
6488
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.filter(
|
|
6489
|
+
(system) => TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS.includes(system.id)
|
|
6490
|
+
).flatMap(
|
|
6491
|
+
(system) => TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES.map(
|
|
6492
|
+
(template) => ({
|
|
6493
|
+
id: `tenant.${system.id}.${template.idSuffix}`,
|
|
6494
|
+
canonicalName: template.canonicalName,
|
|
6495
|
+
aliases: "aliases" in template ? template.aliases : void 0,
|
|
6496
|
+
owner: "tenant",
|
|
6497
|
+
scope: "tenant",
|
|
6498
|
+
sourcePath: system.sharedSourcePath,
|
|
6499
|
+
environmentPolicy: "environment_specific",
|
|
6500
|
+
required: template.required,
|
|
6501
|
+
secret: template.secret,
|
|
6502
|
+
public: template.public,
|
|
6503
|
+
consumers: template.consumers,
|
|
6504
|
+
destinations: [
|
|
6505
|
+
{
|
|
6506
|
+
kind: "vercel",
|
|
6507
|
+
target: system.vercelProjectName,
|
|
6508
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6509
|
+
},
|
|
6510
|
+
{
|
|
6511
|
+
kind: "convex",
|
|
6512
|
+
target: `${system.convex.preprodDeployment}|${system.convex.prodDeployment}`,
|
|
6513
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6514
|
+
},
|
|
6515
|
+
{
|
|
6516
|
+
kind: "github_actions",
|
|
6517
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6518
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6519
|
+
}
|
|
6520
|
+
],
|
|
6521
|
+
description: `${system.tenantKey}/${system.workspaceKey}: ${template.description}`
|
|
6522
|
+
})
|
|
6523
|
+
)
|
|
6524
|
+
);
|
|
6525
|
+
function tenantVercelConvexUrlWriteNames(system) {
|
|
6526
|
+
const names = [system.convex.urlEnv, "NEXT_PUBLIC_CONVEX_URL"];
|
|
6527
|
+
if (system.id === "stack-eng") {
|
|
6528
|
+
return [...names, "STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6529
|
+
}
|
|
6530
|
+
return names;
|
|
6531
|
+
}
|
|
6532
|
+
function tenantRepositoryConvexUrlWriteNames(system) {
|
|
6533
|
+
if (system.id === "stack-eng") {
|
|
6534
|
+
return [system.convex.urlEnv, "STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6535
|
+
}
|
|
6536
|
+
return [system.convex.urlEnv];
|
|
6537
|
+
}
|
|
6538
|
+
function tenantRepositoryConvexDeployKeyWriteNames(system) {
|
|
6539
|
+
if (system.id === "stack-eng") {
|
|
6540
|
+
return [system.convex.deployKeyEnv, "STACKOS_ENGINEERING_GRAPH_DEPLOY_KEY"];
|
|
6541
|
+
}
|
|
6542
|
+
return [system.convex.deployKeyEnv];
|
|
6543
|
+
}
|
|
6544
|
+
function tenantConvexUrlAliases(system) {
|
|
6545
|
+
if (system.id === "stack-frontend") {
|
|
6546
|
+
return [
|
|
6547
|
+
"CONVEX_PROD_URL",
|
|
6548
|
+
"CONVEX_STACK_V2_PROD_URL",
|
|
6549
|
+
"CONVEX_STACK_V2_STAGING_URL",
|
|
6550
|
+
"STACK_CONVEX_URL"
|
|
6551
|
+
];
|
|
6552
|
+
}
|
|
6553
|
+
if (system.id === "stackos") {
|
|
6554
|
+
return [
|
|
6555
|
+
"CONVEX_CLOUD_URL",
|
|
6556
|
+
"CONVEX_STACK_URL",
|
|
6557
|
+
"CONVEX_URL",
|
|
6558
|
+
"CONVEX_URL_DEVELOPMENT",
|
|
6559
|
+
"CONVEX_URL_PRODUCTION",
|
|
6560
|
+
"STACK_CONVEX_URL"
|
|
6561
|
+
];
|
|
6562
|
+
}
|
|
6563
|
+
if (system.id === "stack-eng") {
|
|
6564
|
+
return ["STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6565
|
+
}
|
|
6566
|
+
if (system.id === "lucern-graph") {
|
|
6567
|
+
return [
|
|
6568
|
+
"CONVEX_GRAPH_URL",
|
|
6569
|
+
"LUCERN_PROD_URL",
|
|
6570
|
+
"NEXT_PUBLIC_LUCERN_GRAPH_URL"
|
|
6571
|
+
];
|
|
6572
|
+
}
|
|
6573
|
+
return void 0;
|
|
6574
|
+
}
|
|
6575
|
+
function tenantConvexDeployKeyAliases(system) {
|
|
6576
|
+
if (system.id === "stack-frontend") {
|
|
6577
|
+
return [
|
|
6578
|
+
"CONVEX_STACK_V2_PROD_DEPLOY_KEY",
|
|
6579
|
+
"CONVEX_STACK_V2_STAGING_DEPLOY_KEY",
|
|
6580
|
+
"STACK_DEPLOY_KEY"
|
|
6581
|
+
];
|
|
6582
|
+
}
|
|
6583
|
+
if (system.id === "stackos") {
|
|
6584
|
+
return [
|
|
6585
|
+
"CONVEX_DEPLOY_KEY",
|
|
6586
|
+
"CONVEX_DEV_DEPLOY_KEY",
|
|
6587
|
+
"CONVEX_PROD_DEPLOY_KEY",
|
|
6588
|
+
"CONVEX_STACK_DEPLOY_KEY",
|
|
6589
|
+
"STACK_DEPLOY_KEY"
|
|
6590
|
+
];
|
|
6591
|
+
}
|
|
6592
|
+
if (system.id === "stack-eng") {
|
|
6593
|
+
return ["CONVEX_DEPLOY_KEY", "STACKOS_ENGINEERING_GRAPH_DEPLOY_KEY"];
|
|
6594
|
+
}
|
|
6595
|
+
if (system.id === "lucern-graph") {
|
|
6596
|
+
return [
|
|
6597
|
+
"CONVEX_DEPLOY_KEY",
|
|
6598
|
+
"CONVEX_GRAPH_DEPLOY_KEY",
|
|
6599
|
+
"LUCERN_CONVEX_DEPLOY_KEY",
|
|
6600
|
+
"LUCERN_DEV_DEPLOY_KEY",
|
|
6601
|
+
"LUCERN_PROD_DEPLOY_KEY"
|
|
6602
|
+
];
|
|
6603
|
+
}
|
|
6604
|
+
return void 0;
|
|
6605
|
+
}
|
|
6606
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap(
|
|
6607
|
+
(system) => {
|
|
6608
|
+
if (system.id === "lucern-graph") {
|
|
6609
|
+
return [
|
|
6610
|
+
{
|
|
6611
|
+
id: "tenant.lucern-graph.public.tenant-id",
|
|
6612
|
+
canonicalName: "NEXT_PUBLIC_LUCERN_GRAPH_TENANT_ID",
|
|
6613
|
+
aliases: ["NEXT_PUBLIC_LUCERN_TENANT_ID"],
|
|
6614
|
+
owner: "tenant",
|
|
6615
|
+
scope: "workspace",
|
|
6616
|
+
sourcePath: system.sharedSourcePath,
|
|
6617
|
+
environmentPolicy: "environment_specific",
|
|
6618
|
+
required: false,
|
|
6619
|
+
secret: false,
|
|
6620
|
+
public: true,
|
|
6621
|
+
consumers: ["tenant-vercel-app"],
|
|
6622
|
+
destinations: [
|
|
6623
|
+
{
|
|
6624
|
+
kind: "vercel",
|
|
6625
|
+
target: system.vercelProjectName,
|
|
6626
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6627
|
+
}
|
|
6628
|
+
],
|
|
6629
|
+
description: "Lucern graph public tenant id used by the standalone graph explorer."
|
|
6630
|
+
},
|
|
6631
|
+
{
|
|
6632
|
+
id: "tenant.lucern-graph.public.tenant-label",
|
|
6633
|
+
canonicalName: "NEXT_PUBLIC_LUCERN_GRAPH_TENANT_LABEL",
|
|
6634
|
+
owner: "tenant",
|
|
6635
|
+
scope: "workspace",
|
|
6636
|
+
sourcePath: system.sharedSourcePath,
|
|
6637
|
+
environmentPolicy: "environment_specific",
|
|
6638
|
+
required: false,
|
|
6639
|
+
secret: false,
|
|
6640
|
+
public: true,
|
|
6641
|
+
consumers: ["tenant-vercel-app"],
|
|
6642
|
+
destinations: [
|
|
6643
|
+
{
|
|
6644
|
+
kind: "vercel",
|
|
6645
|
+
target: system.vercelProjectName,
|
|
6646
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6647
|
+
}
|
|
6648
|
+
],
|
|
6649
|
+
description: "Lucern graph public tenant label used by the standalone graph explorer."
|
|
6650
|
+
}
|
|
6651
|
+
];
|
|
6652
|
+
}
|
|
6653
|
+
if (system.id === "stack-eng") {
|
|
6654
|
+
return [
|
|
6655
|
+
{
|
|
6656
|
+
id: "tenant.stack-eng.public.tenant-id",
|
|
6657
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_TENANT_ID",
|
|
6658
|
+
owner: "tenant",
|
|
6659
|
+
scope: "workspace",
|
|
6660
|
+
sourcePath: system.sharedSourcePath,
|
|
6661
|
+
environmentPolicy: "environment_specific",
|
|
6662
|
+
required: false,
|
|
6663
|
+
secret: false,
|
|
6664
|
+
public: true,
|
|
6665
|
+
consumers: ["tenant-vercel-app"],
|
|
6666
|
+
destinations: [
|
|
6667
|
+
{
|
|
6668
|
+
kind: "vercel",
|
|
6669
|
+
target: system.vercelProjectName,
|
|
6670
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6671
|
+
}
|
|
6672
|
+
],
|
|
6673
|
+
description: "Stack engineering graph public tenant id used by the graph explorer."
|
|
6674
|
+
},
|
|
6675
|
+
{
|
|
6676
|
+
id: "tenant.stack-eng.public.tenant-label",
|
|
6677
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_TENANT_LABEL",
|
|
6678
|
+
owner: "tenant",
|
|
6679
|
+
scope: "workspace",
|
|
6680
|
+
sourcePath: system.sharedSourcePath,
|
|
6681
|
+
environmentPolicy: "environment_specific",
|
|
6682
|
+
required: false,
|
|
6683
|
+
secret: false,
|
|
6684
|
+
public: true,
|
|
6685
|
+
consumers: ["tenant-vercel-app"],
|
|
6686
|
+
destinations: [
|
|
6687
|
+
{
|
|
6688
|
+
kind: "vercel",
|
|
6689
|
+
target: system.vercelProjectName,
|
|
6690
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6691
|
+
}
|
|
6692
|
+
],
|
|
6693
|
+
description: "Stack engineering graph public tenant label used by the graph explorer."
|
|
6694
|
+
},
|
|
6695
|
+
{
|
|
6696
|
+
id: "tenant.stack-eng.public.environment",
|
|
6697
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_ENV",
|
|
6698
|
+
owner: "tenant",
|
|
6699
|
+
scope: "workspace",
|
|
6700
|
+
sourcePath: system.sharedSourcePath,
|
|
6701
|
+
environmentPolicy: "environment_specific",
|
|
6702
|
+
required: false,
|
|
6703
|
+
secret: false,
|
|
6704
|
+
public: true,
|
|
6705
|
+
consumers: ["tenant-vercel-app"],
|
|
6706
|
+
destinations: [
|
|
6707
|
+
{
|
|
6708
|
+
kind: "vercel",
|
|
6709
|
+
target: system.vercelProjectName,
|
|
6710
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6711
|
+
}
|
|
6712
|
+
],
|
|
6713
|
+
description: "Stack engineering graph public environment label used by the graph explorer."
|
|
6714
|
+
}
|
|
6715
|
+
];
|
|
6716
|
+
}
|
|
6717
|
+
return [];
|
|
6718
|
+
}
|
|
4929
6719
|
);
|
|
6720
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap((system) => [
|
|
6721
|
+
{
|
|
6722
|
+
id: `tenant.${system.id}.convex.url`,
|
|
6723
|
+
canonicalName: system.convex.urlEnv,
|
|
6724
|
+
aliases: tenantConvexUrlAliases(system),
|
|
6725
|
+
owner: "tenant",
|
|
6726
|
+
scope: "software_system",
|
|
6727
|
+
sourcePath: system.sharedSourcePath,
|
|
6728
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6729
|
+
required: true,
|
|
6730
|
+
secret: false,
|
|
6731
|
+
public: false,
|
|
6732
|
+
consumers: [
|
|
6733
|
+
"tenant-vercel-app",
|
|
6734
|
+
"tenant-agent-runtime",
|
|
6735
|
+
"mc-operator-tooling"
|
|
6736
|
+
],
|
|
6737
|
+
destinations: [
|
|
6738
|
+
{
|
|
6739
|
+
kind: "vercel",
|
|
6740
|
+
target: system.vercelProjectName,
|
|
6741
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6742
|
+
writeNames: tenantVercelConvexUrlWriteNames(system)
|
|
6743
|
+
},
|
|
6744
|
+
{
|
|
6745
|
+
kind: "github_actions",
|
|
6746
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6747
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6748
|
+
writeNames: tenantRepositoryConvexUrlWriteNames(system),
|
|
6749
|
+
notes: "Only if that repository deploy/test workflow owns this software system."
|
|
6750
|
+
}
|
|
6751
|
+
],
|
|
6752
|
+
description: `${system.tenantKey}/${system.workspaceKey} Convex URL. Pre-prod resolves to ${system.convex.preprodDeployment}; prod resolves to ${system.convex.prodDeployment}.`
|
|
6753
|
+
},
|
|
6754
|
+
{
|
|
6755
|
+
id: `tenant.${system.id}.convex.deploy-key`,
|
|
6756
|
+
canonicalName: system.convex.deployKeyEnv,
|
|
6757
|
+
aliases: tenantConvexDeployKeyAliases(system),
|
|
6758
|
+
owner: "tenant",
|
|
6759
|
+
scope: "software_system",
|
|
6760
|
+
sourcePath: system.sharedSourcePath,
|
|
6761
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6762
|
+
required: true,
|
|
6763
|
+
secret: true,
|
|
6764
|
+
public: false,
|
|
6765
|
+
consumers: [
|
|
6766
|
+
"tenant-vercel-app",
|
|
6767
|
+
"tenant-agent-runtime",
|
|
6768
|
+
"mc-operator-tooling"
|
|
6769
|
+
],
|
|
6770
|
+
destinations: [
|
|
6771
|
+
{
|
|
6772
|
+
kind: "vercel",
|
|
6773
|
+
target: system.vercelProjectName,
|
|
6774
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6775
|
+
},
|
|
6776
|
+
{
|
|
6777
|
+
kind: "github_actions",
|
|
6778
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6779
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6780
|
+
writeNames: tenantRepositoryConvexDeployKeyWriteNames(system),
|
|
6781
|
+
notes: "Only if that repository deploy/test workflow owns this software system."
|
|
6782
|
+
}
|
|
6783
|
+
],
|
|
6784
|
+
description: `${system.tenantKey}/${system.workspaceKey} Convex deploy/admin key. Never route to sibling workspaces.`
|
|
6785
|
+
}
|
|
6786
|
+
]);
|
|
4930
6787
|
z.object({
|
|
4931
6788
|
manifestVersion: z.literal("1.0.0"),
|
|
4932
6789
|
rules: z.array(
|
|
@@ -4967,7 +6824,7 @@ var createEvidenceInputSchemaBase = z.object({
|
|
|
4967
6824
|
targetId: z.string().optional(),
|
|
4968
6825
|
targetNodeId: z.string().optional(),
|
|
4969
6826
|
linkedBeliefNodeId: z.string().optional(),
|
|
4970
|
-
evidenceRelation: z.enum(["supports", "contradicts"
|
|
6827
|
+
evidenceRelation: z.enum(["supports", "contradicts"]).optional(),
|
|
4971
6828
|
confidence: z.number().optional(),
|
|
4972
6829
|
weight: z.number().optional(),
|
|
4973
6830
|
reasoning: z.string().optional(),
|
|
@@ -5052,8 +6909,7 @@ var createEvidenceProjection = defineProjection({
|
|
|
5052
6909
|
evidenceRelation: v.optional(
|
|
5053
6910
|
v.union(
|
|
5054
6911
|
v.literal("supports"),
|
|
5055
|
-
v.literal("contradicts")
|
|
5056
|
-
v.literal("neutral")
|
|
6912
|
+
v.literal("contradicts")
|
|
5057
6913
|
)
|
|
5058
6914
|
),
|
|
5059
6915
|
confidence: v.optional(v.number()),
|
|
@@ -5078,7 +6934,7 @@ function compactRecord2(input) {
|
|
|
5078
6934
|
Object.entries(input).filter(([, value]) => value !== void 0)
|
|
5079
6935
|
);
|
|
5080
6936
|
}
|
|
5081
|
-
|
|
6937
|
+
defineProjection({
|
|
5082
6938
|
contractName: "list_beliefs",
|
|
5083
6939
|
inputSchema: listBeliefsInputSchema,
|
|
5084
6940
|
project: (input) => compactRecord2({
|
|
@@ -5102,12 +6958,17 @@ var listBeliefsProjection = defineProjection({
|
|
|
5102
6958
|
});
|
|
5103
6959
|
var taskStatusSchema = z.enum(["todo", "in_progress", "blocked", "done"]).optional().describe("Filter by task status");
|
|
5104
6960
|
var listTasksInputSchema = z.object({
|
|
5105
|
-
topicId: z.string().describe("Topic scope"),
|
|
6961
|
+
topicId: z.string().optional().describe("Topic scope"),
|
|
5106
6962
|
worktreeId: z.string().optional().describe("Alias for linkedWorktreeId"),
|
|
5107
6963
|
linkedWorktreeId: z.string().optional().describe("Filter to tasks linked to this worktree"),
|
|
5108
6964
|
status: taskStatusSchema,
|
|
5109
6965
|
limit: z.number().optional().describe("Maximum results")
|
|
5110
|
-
})
|
|
6966
|
+
}).refine(
|
|
6967
|
+
(input) => Boolean(input.topicId || input.worktreeId || input.linkedWorktreeId),
|
|
6968
|
+
{
|
|
6969
|
+
message: "topicId or worktreeId is required"
|
|
6970
|
+
}
|
|
6971
|
+
);
|
|
5111
6972
|
function compactRecord3(input) {
|
|
5112
6973
|
return Object.fromEntries(
|
|
5113
6974
|
Object.entries(input).filter(([, value]) => value !== void 0)
|
|
@@ -5124,7 +6985,7 @@ var listTasksProjection = defineProjection({
|
|
|
5124
6985
|
linkedWorktreeId: input.linkedWorktreeId ?? input.worktreeId
|
|
5125
6986
|
}),
|
|
5126
6987
|
convexArgsValidator: v.object({
|
|
5127
|
-
topicId: v.string(),
|
|
6988
|
+
topicId: v.optional(v.string()),
|
|
5128
6989
|
status: v.optional(
|
|
5129
6990
|
v.union(
|
|
5130
6991
|
v.literal("todo"),
|
|
@@ -6102,19 +7963,23 @@ var FIND_CONTRADICTIONS = {
|
|
|
6102
7963
|
};
|
|
6103
7964
|
var CREATE_EDGE = {
|
|
6104
7965
|
name: "create_edge",
|
|
6105
|
-
description: "Commit a typed relationship between two nodes in the reasoning graph. Like `git commit` \u2014 an atomic write that declares a dependency between nodes.
|
|
7966
|
+
description: "Commit a typed relationship between two nodes in the reasoning graph. Like `git commit` \u2014 an atomic write that declares a dependency between nodes. Accepts any public epistemic edge type between public graph node refs so agents can author the full spine.",
|
|
6106
7967
|
parameters: {
|
|
6107
|
-
|
|
6108
|
-
type: "
|
|
6109
|
-
description: "Source
|
|
7968
|
+
from: {
|
|
7969
|
+
type: "object",
|
|
7970
|
+
description: "Source graph ref, e.g. { kind: 'epistemic_node', nodeId: '...', nodeType: 'topic' }"
|
|
6110
7971
|
},
|
|
6111
|
-
|
|
6112
|
-
type: "
|
|
6113
|
-
description: "Target
|
|
7972
|
+
to: {
|
|
7973
|
+
type: "object",
|
|
7974
|
+
description: "Target graph ref, e.g. { kind: 'epistemic_node', nodeId: '...', nodeType: 'belief' }"
|
|
6114
7975
|
},
|
|
6115
7976
|
edgeType: {
|
|
6116
7977
|
type: "string",
|
|
6117
|
-
description: "Relationship type
|
|
7978
|
+
description: "Relationship type from the public epistemic edge enum."
|
|
7979
|
+
},
|
|
7980
|
+
globalId: {
|
|
7981
|
+
type: "string",
|
|
7982
|
+
description: "Optional idempotent edge global ID."
|
|
6118
7983
|
},
|
|
6119
7984
|
weight: {
|
|
6120
7985
|
type: "number",
|
|
@@ -6124,10 +7989,14 @@ var CREATE_EDGE = {
|
|
|
6124
7989
|
reasoningMethod: {
|
|
6125
7990
|
type: "string",
|
|
6126
7991
|
description: "How this was determined",
|
|
6127
|
-
enum: [
|
|
7992
|
+
enum: [...REASONING_METHODS]
|
|
7993
|
+
},
|
|
7994
|
+
metadata: {
|
|
7995
|
+
type: "object",
|
|
7996
|
+
description: "Optional edge metadata."
|
|
6128
7997
|
}
|
|
6129
7998
|
},
|
|
6130
|
-
required: ["
|
|
7999
|
+
required: ["from", "to", "edgeType"],
|
|
6131
8000
|
response: {
|
|
6132
8001
|
description: "The created edge",
|
|
6133
8002
|
fields: {
|
|
@@ -6141,6 +8010,240 @@ var CREATE_EDGE = {
|
|
|
6141
8010
|
ontologyPrimitive: "edge",
|
|
6142
8011
|
tier: "showcase"
|
|
6143
8012
|
};
|
|
8013
|
+
var UPDATE_EDGE = {
|
|
8014
|
+
name: "update_edge",
|
|
8015
|
+
description: "Amend metadata on an existing graph edge. Like `git commit --amend` \u2014 changes the edge annotation without recreating the relationship.",
|
|
8016
|
+
parameters: {
|
|
8017
|
+
edgeId: { type: "string", description: "Edge ID or global ID to update" },
|
|
8018
|
+
weight: { type: "number", description: "Updated edge weight" },
|
|
8019
|
+
confidence: { type: "number", description: "Updated confidence" },
|
|
8020
|
+
context: { type: "string", description: "Updated human-readable context" },
|
|
8021
|
+
derivationType: { type: "string", description: "Updated derivation type" },
|
|
8022
|
+
metadata: { type: "object", description: "Updated metadata" }
|
|
8023
|
+
},
|
|
8024
|
+
required: ["edgeId"],
|
|
8025
|
+
response: {
|
|
8026
|
+
description: "Edge update result",
|
|
8027
|
+
fields: { success: "boolean" }
|
|
8028
|
+
},
|
|
8029
|
+
ownerModule: "graph-primitives",
|
|
8030
|
+
ontologyPrimitive: "edge",
|
|
8031
|
+
tier: "workhorse"
|
|
8032
|
+
};
|
|
8033
|
+
var REMOVE_EDGE = {
|
|
8034
|
+
name: "remove_edge",
|
|
8035
|
+
description: "Remove one graph edge by ID. Like `git rm` \u2014 deletes a single explicit relationship from the spine.",
|
|
8036
|
+
parameters: {
|
|
8037
|
+
edgeId: { type: "string", description: "Edge ID or global ID to remove" }
|
|
8038
|
+
},
|
|
8039
|
+
required: ["edgeId"],
|
|
8040
|
+
response: {
|
|
8041
|
+
description: "Edge removal result",
|
|
8042
|
+
fields: { success: "boolean" }
|
|
8043
|
+
},
|
|
8044
|
+
ownerModule: "graph-primitives",
|
|
8045
|
+
ontologyPrimitive: "edge",
|
|
8046
|
+
tier: "workhorse"
|
|
8047
|
+
};
|
|
8048
|
+
var REMOVE_EDGES_BETWEEN = {
|
|
8049
|
+
name: "remove_edges_between",
|
|
8050
|
+
description: "Remove graph edges between two nodes. Like `git rm <pathspec>` \u2014 deletes relationships matching a source, target, and optional type.",
|
|
8051
|
+
parameters: {
|
|
8052
|
+
fromNodeId: { type: "string", description: "Source node ID or global ID" },
|
|
8053
|
+
toNodeId: { type: "string", description: "Target node ID or global ID" },
|
|
8054
|
+
edgeType: { type: "string", description: "Optional edge type filter" }
|
|
8055
|
+
},
|
|
8056
|
+
required: ["fromNodeId", "toNodeId"],
|
|
8057
|
+
response: {
|
|
8058
|
+
description: "Matched edge removal result",
|
|
8059
|
+
fields: { deleted: "number" }
|
|
8060
|
+
},
|
|
8061
|
+
ownerModule: "graph-primitives",
|
|
8062
|
+
ontologyPrimitive: "edge",
|
|
8063
|
+
tier: "workhorse"
|
|
8064
|
+
};
|
|
8065
|
+
var BATCH_CREATE_EDGES = {
|
|
8066
|
+
name: "batch_create_edges",
|
|
8067
|
+
description: "Commit multiple typed graph edges. Like `git commit` with many staged paths \u2014 writes a batch of explicit relationships atomically per edge.",
|
|
8068
|
+
parameters: {
|
|
8069
|
+
edges: {
|
|
8070
|
+
type: "array",
|
|
8071
|
+
description: "Edges to create, each with from, to, edgeType, and optional weight/confidence/context."
|
|
8072
|
+
},
|
|
8073
|
+
skipLayerValidation: {
|
|
8074
|
+
type: "boolean",
|
|
8075
|
+
description: "Skip kernel layer validation for trusted materialization flows."
|
|
8076
|
+
}
|
|
8077
|
+
},
|
|
8078
|
+
required: ["edges"],
|
|
8079
|
+
response: {
|
|
8080
|
+
description: "Batch edge creation result",
|
|
8081
|
+
fields: {
|
|
8082
|
+
created: "number",
|
|
8083
|
+
results: "array",
|
|
8084
|
+
errors: "array"
|
|
8085
|
+
}
|
|
8086
|
+
},
|
|
8087
|
+
ownerModule: "graph-primitives",
|
|
8088
|
+
ontologyPrimitive: "edge",
|
|
8089
|
+
tier: "workhorse"
|
|
8090
|
+
};
|
|
8091
|
+
var CREATE_EPISTEMIC_NODE = {
|
|
8092
|
+
name: "create_epistemic_node",
|
|
8093
|
+
description: "Commit a generic epistemic graph node. Like `git commit` \u2014 creates a canonical node in the public spine for topics, beliefs, evidence, questions, answers, sources, and entities.",
|
|
8094
|
+
parameters: {
|
|
8095
|
+
globalId: { type: "string", description: "Optional idempotent node global ID" },
|
|
8096
|
+
nodeType: { type: "string", description: "Public epistemic node type" },
|
|
8097
|
+
canonicalText: { type: "string", description: "Canonical node text" },
|
|
8098
|
+
text: { type: "string", description: "Alias for canonicalText" },
|
|
8099
|
+
contentHash: { type: "string", description: "Optional idempotency content hash" },
|
|
8100
|
+
sourceType: { type: "string", description: "Source type for provenance" },
|
|
8101
|
+
topicId: { type: "string", description: "Optional topic scope" },
|
|
8102
|
+
content: { type: "string", description: "Extended content" },
|
|
8103
|
+
title: { type: "string", description: "Display title" },
|
|
8104
|
+
metadata: { type: "object", description: "Optional node metadata" }
|
|
8105
|
+
},
|
|
8106
|
+
required: ["nodeType"],
|
|
8107
|
+
response: {
|
|
8108
|
+
description: "Created node result",
|
|
8109
|
+
fields: {
|
|
8110
|
+
nodeId: "string",
|
|
8111
|
+
nodeGlobalId: "string",
|
|
8112
|
+
isDuplicate: "boolean"
|
|
8113
|
+
}
|
|
8114
|
+
},
|
|
8115
|
+
ownerModule: "reasoning-kernel",
|
|
8116
|
+
ontologyPrimitive: "graph",
|
|
8117
|
+
tier: "showcase"
|
|
8118
|
+
};
|
|
8119
|
+
var GET_EPISTEMIC_NODE = {
|
|
8120
|
+
name: "get_epistemic_node",
|
|
8121
|
+
description: "Read one epistemic graph node. Like `git show` \u2014 resolves a canonical spine node by ID or global ID.",
|
|
8122
|
+
parameters: {
|
|
8123
|
+
nodeId: { type: "string", description: "Node ID or global ID" }
|
|
8124
|
+
},
|
|
8125
|
+
required: ["nodeId"],
|
|
8126
|
+
response: {
|
|
8127
|
+
description: "The resolved node",
|
|
8128
|
+
fields: { node: "object" }
|
|
8129
|
+
},
|
|
8130
|
+
ownerModule: "reasoning-kernel",
|
|
8131
|
+
ontologyPrimitive: "graph",
|
|
8132
|
+
tier: "workhorse"
|
|
8133
|
+
};
|
|
8134
|
+
var LIST_EPISTEMIC_NODES = {
|
|
8135
|
+
name: "list_epistemic_nodes",
|
|
8136
|
+
description: "List epistemic graph nodes. Like `git ls-tree` \u2014 lists canonical spine nodes by topic, type, status, or search query.",
|
|
8137
|
+
parameters: {
|
|
8138
|
+
topicId: { type: "string", description: "Optional topic scope" },
|
|
8139
|
+
nodeType: { type: "string", description: "Optional node type filter" },
|
|
8140
|
+
status: { type: "string", description: "Optional lifecycle status" },
|
|
8141
|
+
searchQuery: { type: "string", description: "Optional text search query" },
|
|
8142
|
+
limit: { type: "number", description: "Maximum nodes to return" }
|
|
8143
|
+
},
|
|
8144
|
+
required: [],
|
|
8145
|
+
response: {
|
|
8146
|
+
description: "Matching nodes",
|
|
8147
|
+
fields: { nodes: "array" }
|
|
8148
|
+
},
|
|
8149
|
+
ownerModule: "reasoning-kernel",
|
|
8150
|
+
ontologyPrimitive: "graph",
|
|
8151
|
+
tier: "workhorse"
|
|
8152
|
+
};
|
|
8153
|
+
var UPDATE_EPISTEMIC_NODE = {
|
|
8154
|
+
name: "update_epistemic_node",
|
|
8155
|
+
description: "Amend an epistemic graph node. Like `git commit --amend` \u2014 updates mutable node metadata, text, status, or verification fields.",
|
|
8156
|
+
parameters: {
|
|
8157
|
+
nodeId: { type: "string", description: "Node ID or global ID" },
|
|
8158
|
+
canonicalText: { type: "string", description: "Updated canonical text" },
|
|
8159
|
+
text: { type: "string", description: "Alias for canonicalText" },
|
|
8160
|
+
contentHash: { type: "string", description: "Updated content hash" },
|
|
8161
|
+
content: { type: "string", description: "Updated content" },
|
|
8162
|
+
title: { type: "string", description: "Updated display title" },
|
|
8163
|
+
metadata: { type: "object", description: "Updated metadata" },
|
|
8164
|
+
confidence: { type: "number", description: "Updated confidence" },
|
|
8165
|
+
verificationStatus: { type: "string", description: "Updated verification status" },
|
|
8166
|
+
status: { type: "string", description: "Updated lifecycle status" }
|
|
8167
|
+
},
|
|
8168
|
+
required: ["nodeId"],
|
|
8169
|
+
response: {
|
|
8170
|
+
description: "Node update result",
|
|
8171
|
+
fields: { success: "boolean" }
|
|
8172
|
+
},
|
|
8173
|
+
ownerModule: "reasoning-kernel",
|
|
8174
|
+
ontologyPrimitive: "graph",
|
|
8175
|
+
tier: "workhorse"
|
|
8176
|
+
};
|
|
8177
|
+
var ARCHIVE_EPISTEMIC_NODE = {
|
|
8178
|
+
name: "archive_epistemic_node",
|
|
8179
|
+
description: "Archive an epistemic graph node. Like `git rm --cached` \u2014 removes a node from active traversal without hard-deleting it.",
|
|
8180
|
+
parameters: {
|
|
8181
|
+
nodeId: { type: "string", description: "Node ID or global ID" }
|
|
8182
|
+
},
|
|
8183
|
+
required: ["nodeId"],
|
|
8184
|
+
response: {
|
|
8185
|
+
description: "Archive result",
|
|
8186
|
+
fields: { success: "boolean", effectiveStatus: "string" }
|
|
8187
|
+
},
|
|
8188
|
+
ownerModule: "reasoning-kernel",
|
|
8189
|
+
ontologyPrimitive: "graph",
|
|
8190
|
+
tier: "workhorse"
|
|
8191
|
+
};
|
|
8192
|
+
var VERIFY_EPISTEMIC_NODE = {
|
|
8193
|
+
name: "verify_epistemic_node",
|
|
8194
|
+
description: "Record verification state on an epistemic graph node. Like `git tag` \u2014 marks the node with a reviewed verification state.",
|
|
8195
|
+
parameters: {
|
|
8196
|
+
nodeId: { type: "string", description: "Node ID or global ID" },
|
|
8197
|
+
verificationStatus: { type: "string", description: "Verification status" },
|
|
8198
|
+
confidence: { type: "number", description: "Optional confidence update" }
|
|
8199
|
+
},
|
|
8200
|
+
required: ["nodeId", "verificationStatus"],
|
|
8201
|
+
response: {
|
|
8202
|
+
description: "Verification result",
|
|
8203
|
+
fields: { success: "boolean" }
|
|
8204
|
+
},
|
|
8205
|
+
ownerModule: "reasoning-kernel",
|
|
8206
|
+
ontologyPrimitive: "graph",
|
|
8207
|
+
tier: "workhorse"
|
|
8208
|
+
};
|
|
8209
|
+
var SUPERSEDE_EPISTEMIC_NODE = {
|
|
8210
|
+
name: "supersede_epistemic_node",
|
|
8211
|
+
description: "Supersede an epistemic graph node with a new version. Like `git commit --amend` on an immutable history branch \u2014 creates the replacement and marks the old node superseded.",
|
|
8212
|
+
parameters: {
|
|
8213
|
+
oldNodeId: { type: "string", description: "Node ID or global ID to supersede" },
|
|
8214
|
+
newGlobalId: { type: "string", description: "Optional replacement global ID" },
|
|
8215
|
+
newCanonicalText: { type: "string", description: "Replacement canonical text" },
|
|
8216
|
+
text: { type: "string", description: "Alias for newCanonicalText" },
|
|
8217
|
+
newContentHash: { type: "string", description: "Optional replacement content hash" },
|
|
8218
|
+
reason: { type: "string", description: "Reason for superseding" }
|
|
8219
|
+
},
|
|
8220
|
+
required: ["oldNodeId"],
|
|
8221
|
+
response: {
|
|
8222
|
+
description: "Supersede result",
|
|
8223
|
+
fields: { oldNodeId: "string", newNodeId: "string" }
|
|
8224
|
+
},
|
|
8225
|
+
ownerModule: "reasoning-kernel",
|
|
8226
|
+
ontologyPrimitive: "graph",
|
|
8227
|
+
tier: "workhorse"
|
|
8228
|
+
};
|
|
8229
|
+
var BATCH_CREATE_EPISTEMIC_NODES = {
|
|
8230
|
+
name: "batch_create_epistemic_nodes",
|
|
8231
|
+
description: "Commit multiple epistemic graph nodes. Like `git commit` with many staged files \u2014 writes a batch of canonical spine nodes.",
|
|
8232
|
+
parameters: {
|
|
8233
|
+
nodes: {
|
|
8234
|
+
type: "array",
|
|
8235
|
+
description: "Nodes to create with nodeType, canonicalText/text, and optional metadata."
|
|
8236
|
+
}
|
|
8237
|
+
},
|
|
8238
|
+
required: ["nodes"],
|
|
8239
|
+
response: {
|
|
8240
|
+
description: "Batch node creation result",
|
|
8241
|
+
fields: { created: "number", results: "array" }
|
|
8242
|
+
},
|
|
8243
|
+
ownerModule: "reasoning-kernel",
|
|
8244
|
+
ontologyPrimitive: "graph",
|
|
8245
|
+
tier: "workhorse"
|
|
8246
|
+
};
|
|
6144
8247
|
var RECORD_JUDGMENT = {
|
|
6145
8248
|
name: "record_judgment",
|
|
6146
8249
|
description: "Record a judgment \u2014 an irreversible commitment based on the current epistemic state. Like a `git tag` marking a release. A judgment synthesizes beliefs, evidence, and uncertainties into a determination. Once issued, a judgment is evaluated against the epistemic state that existed when it was made (knowledge horizon evaluation, Invariant #10).",
|
|
@@ -7340,8 +9443,8 @@ var IDENTITY_WHOAMI = {
|
|
|
7340
9443
|
response: {
|
|
7341
9444
|
description: "Canonical identity summary for the current session",
|
|
7342
9445
|
fields: {
|
|
7343
|
-
principalId: "string \u2014 canonical
|
|
7344
|
-
principalType: "string \u2014 human, service, or
|
|
9446
|
+
principalId: "string \u2014 canonical principal identifier; for humans this is the Clerk user_... ID",
|
|
9447
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
7345
9448
|
tenantId: "string | undefined \u2014 resolved tenant scope",
|
|
7346
9449
|
workspaceId: "string | undefined \u2014 resolved workspace scope",
|
|
7347
9450
|
scopes: "string[] | undefined \u2014 granted scopes for this session",
|
|
@@ -7352,6 +9455,49 @@ var IDENTITY_WHOAMI = {
|
|
|
7352
9455
|
ontologyPrimitive: "identity",
|
|
7353
9456
|
tier: "workhorse"
|
|
7354
9457
|
};
|
|
9458
|
+
var RESOLVE_INTERACTIVE_PRINCIPAL = {
|
|
9459
|
+
name: "resolve_interactive_principal",
|
|
9460
|
+
description: "Read the Permit-backed Lucern principal context for an authenticated Clerk user. Like `git config --get user.email` plus the repository ACL \u2014 resolves the Clerk subject into tenant/workspace authorization context.",
|
|
9461
|
+
parameters: {
|
|
9462
|
+
clerkId: {
|
|
9463
|
+
type: "string",
|
|
9464
|
+
description: "Authenticated Clerk subject (`sub`). Clerk proves identity only; it is not the authorization record."
|
|
9465
|
+
},
|
|
9466
|
+
tenantId: {
|
|
9467
|
+
type: "string",
|
|
9468
|
+
description: "Optional tenant scope. Omit only when the Clerk alias is globally unambiguous."
|
|
9469
|
+
},
|
|
9470
|
+
workspaceId: {
|
|
9471
|
+
type: "string",
|
|
9472
|
+
description: "Optional workspace scope. Required when the principal has access to multiple workspaces and no default can be inferred."
|
|
9473
|
+
},
|
|
9474
|
+
providerProjectId: {
|
|
9475
|
+
type: "string",
|
|
9476
|
+
description: "Optional Clerk project or provider instance id for tenants with multiple identity providers."
|
|
9477
|
+
}
|
|
9478
|
+
},
|
|
9479
|
+
required: ["clerkId"],
|
|
9480
|
+
response: {
|
|
9481
|
+
description: "Permit-backed Lucern principal context for tenant SDK bootstrap",
|
|
9482
|
+
fields: {
|
|
9483
|
+
principalId: "string \u2014 canonical Clerk user_... ID for human sessions",
|
|
9484
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
9485
|
+
clerkId: "string \u2014 authenticated Clerk subject alias",
|
|
9486
|
+
tenantId: "string \u2014 resolved tenant scope",
|
|
9487
|
+
workspaceId: "string | null \u2014 resolved workspace scope",
|
|
9488
|
+
roles: "string[] \u2014 effective Permit roles",
|
|
9489
|
+
scopes: "string[] \u2014 effective scopes derived from Permit/control-plane projection",
|
|
9490
|
+
groupIds: "string[] \u2014 active Permit group memberships",
|
|
9491
|
+
principalStatus: "string \u2014 active, invited, suspended, disabled, revoked, or missing",
|
|
9492
|
+
tenantStatus: "string \u2014 projected tenant resource status",
|
|
9493
|
+
workspaceStatus: "string \u2014 projected workspace resource status",
|
|
9494
|
+
permit: "object \u2014 Permit subject, tenant, and optional workspace tuple"
|
|
9495
|
+
}
|
|
9496
|
+
},
|
|
9497
|
+
ownerModule: "control-plane",
|
|
9498
|
+
ontologyPrimitive: "identity",
|
|
9499
|
+
tier: "workhorse"
|
|
9500
|
+
};
|
|
7355
9501
|
var COMPILE_CONTEXT = {
|
|
7356
9502
|
name: "compile_context",
|
|
7357
9503
|
description: "Compile a focused reasoning context. If topicId is omitted, Lucern resolves the best topic from the query. Like `git log --graph --decorate` for the reasoning substrate \u2014 returns the canonical Pillar 3 context pack through the public API shape.",
|
|
@@ -7613,6 +9759,10 @@ var CREATE_TASK = {
|
|
|
7613
9759
|
tags: {
|
|
7614
9760
|
type: "array",
|
|
7615
9761
|
description: "Free-form string tags"
|
|
9762
|
+
},
|
|
9763
|
+
metadata: {
|
|
9764
|
+
type: "object",
|
|
9765
|
+
description: "Structured task metadata for handoff context and routing hints"
|
|
7616
9766
|
}
|
|
7617
9767
|
},
|
|
7618
9768
|
required: ["title"],
|
|
@@ -7686,6 +9836,10 @@ var UPDATE_TASK = {
|
|
|
7686
9836
|
type: "string",
|
|
7687
9837
|
description: "Updated status",
|
|
7688
9838
|
enum: ["todo", "in_progress", "blocked", "done"]
|
|
9839
|
+
},
|
|
9840
|
+
metadata: {
|
|
9841
|
+
type: "object",
|
|
9842
|
+
description: "Structured task metadata to replace or refine"
|
|
7689
9843
|
}
|
|
7690
9844
|
},
|
|
7691
9845
|
required: ["taskId"],
|
|
@@ -7733,6 +9887,10 @@ var CREATE_TOPIC = {
|
|
|
7733
9887
|
name: "create_topic",
|
|
7734
9888
|
description: "Create a new topic container for scoping knowledge. Like `git init` \u2014 initializes a new repository for a knowledge domain. Topics are hierarchical: a deal topic can nest under a theme topic. Types: domain, theme, deal, strategy, constitution, project, portfolio.",
|
|
7735
9889
|
parameters: {
|
|
9890
|
+
globalId: {
|
|
9891
|
+
type: "string",
|
|
9892
|
+
description: "Optional idempotent topic global ID"
|
|
9893
|
+
},
|
|
7736
9894
|
name: { type: "string", description: "Topic name" },
|
|
7737
9895
|
type: {
|
|
7738
9896
|
type: "string",
|
|
@@ -7743,6 +9901,18 @@ var CREATE_TOPIC = {
|
|
|
7743
9901
|
type: "string",
|
|
7744
9902
|
description: "Optional parent topic for nesting"
|
|
7745
9903
|
},
|
|
9904
|
+
parentTopicGlobalId: {
|
|
9905
|
+
type: "string",
|
|
9906
|
+
description: "Optional parent topic global ID for nesting"
|
|
9907
|
+
},
|
|
9908
|
+
tenantId: { type: "string", description: "Optional tenant scope" },
|
|
9909
|
+
workspaceId: { type: "string", description: "Optional workspace scope" },
|
|
9910
|
+
visibility: {
|
|
9911
|
+
type: "string",
|
|
9912
|
+
description: "Topic visibility",
|
|
9913
|
+
enum: ["private", "team", "firm", "external", "public"]
|
|
9914
|
+
},
|
|
9915
|
+
metadata: { type: "object", description: "Optional topic metadata" },
|
|
7746
9916
|
createdBy: { type: "string", description: "Who created this topic" }
|
|
7747
9917
|
},
|
|
7748
9918
|
required: ["name", "type"],
|
|
@@ -7751,6 +9921,9 @@ var CREATE_TOPIC = {
|
|
|
7751
9921
|
fields: {
|
|
7752
9922
|
id: "string \u2014 topic ID",
|
|
7753
9923
|
globalId: "string \u2014 globally unique ID",
|
|
9924
|
+
topicGlobalId: "string \u2014 topic global ID",
|
|
9925
|
+
epistemicNodeId: "string \u2014 materialized topic node ID",
|
|
9926
|
+
epistemicNodeGlobalId: "string \u2014 materialized topic node global ID",
|
|
7754
9927
|
depth: "number \u2014 nesting depth"
|
|
7755
9928
|
}
|
|
7756
9929
|
},
|
|
@@ -7881,6 +10054,65 @@ var GET_TOPIC_TREE = {
|
|
|
7881
10054
|
ontologyPrimitive: "graph",
|
|
7882
10055
|
tier: "workhorse"
|
|
7883
10056
|
};
|
|
10057
|
+
var MATERIALIZE_TOPIC_GRAPH = {
|
|
10058
|
+
name: "materialize_topic_graph",
|
|
10059
|
+
description: "Backfill the topic graph spine. Like `git fsck --connectivity-only` with repair enabled \u2014 creates missing topic nodes and parent-child edges idempotently.",
|
|
10060
|
+
parameters: {
|
|
10061
|
+
rootTopicId: {
|
|
10062
|
+
type: "string",
|
|
10063
|
+
description: "Optional root topic for a bounded materialization pass"
|
|
10064
|
+
},
|
|
10065
|
+
dryRun: {
|
|
10066
|
+
type: "boolean",
|
|
10067
|
+
description: "When true, report missing rows without writing them"
|
|
10068
|
+
}
|
|
10069
|
+
},
|
|
10070
|
+
required: [],
|
|
10071
|
+
response: {
|
|
10072
|
+
description: "Topic graph materialization counts",
|
|
10073
|
+
fields: {
|
|
10074
|
+
topicsSeen: "number",
|
|
10075
|
+
nodesCreated: "number",
|
|
10076
|
+
nodesExisting: "number",
|
|
10077
|
+
edgesCreated: "number",
|
|
10078
|
+
edgesExisting: "number",
|
|
10079
|
+
errors: "array"
|
|
10080
|
+
}
|
|
10081
|
+
},
|
|
10082
|
+
ownerModule: "reasoning-kernel",
|
|
10083
|
+
ontologyPrimitive: "graph",
|
|
10084
|
+
tier: "workhorse"
|
|
10085
|
+
};
|
|
10086
|
+
var GET_TOPIC_GRAPH_SPINE = {
|
|
10087
|
+
name: "get_topic_graph_spine",
|
|
10088
|
+
description: "Verify the topic graph spine. Like `git fsck` \u2014 reads topics, materialized topic nodes, parent-child edges, and missing spine rows.",
|
|
10089
|
+
parameters: {
|
|
10090
|
+
rootTopicId: {
|
|
10091
|
+
type: "string",
|
|
10092
|
+
description: "Optional root topic for a bounded verifier pass"
|
|
10093
|
+
},
|
|
10094
|
+
includeTopicBeliefEdges: {
|
|
10095
|
+
type: "boolean",
|
|
10096
|
+
description: "Include topic -> belief edges in the verifier payload"
|
|
10097
|
+
}
|
|
10098
|
+
},
|
|
10099
|
+
required: [],
|
|
10100
|
+
response: {
|
|
10101
|
+
description: "Topic graph spine verification payload",
|
|
10102
|
+
fields: {
|
|
10103
|
+
ok: "boolean",
|
|
10104
|
+
counts: "object",
|
|
10105
|
+
topics: "array",
|
|
10106
|
+
topicNodes: "array",
|
|
10107
|
+
parentEdges: "array",
|
|
10108
|
+
missingTopicNodes: "array",
|
|
10109
|
+
missingParentEdges: "array"
|
|
10110
|
+
}
|
|
10111
|
+
},
|
|
10112
|
+
ownerModule: "reasoning-kernel",
|
|
10113
|
+
ontologyPrimitive: "graph",
|
|
10114
|
+
tier: "workhorse"
|
|
10115
|
+
};
|
|
7884
10116
|
var GET_CODE_CONTEXT = {
|
|
7885
10117
|
name: "get_code_context",
|
|
7886
10118
|
description: "Returns code-grounded beliefs, contracts, migration states, and failed attempts anchored to a specific file or function path. Like `git log -- <path>` \u2014 filters the knowledge graph to nodes anchored to a file path via metadata.codeAnchors. Results are separated by coding belief type: decisions, contracts, migrations, patterns, deprecations, and failures.",
|
|
@@ -8076,7 +10308,7 @@ var MANAGE_WRITE_POLICY = {
|
|
|
8076
10308
|
},
|
|
8077
10309
|
role: {
|
|
8078
10310
|
type: "string",
|
|
8079
|
-
description: "Role to set policy for (required for 'set'). E.g. 'agent:internal'
|
|
10311
|
+
description: "Role to set policy for (required for 'set'). E.g. 'agent:internal' or a Permit role key such as 'workspace_admin'."
|
|
8080
10312
|
},
|
|
8081
10313
|
permission: {
|
|
8082
10314
|
type: "string",
|
|
@@ -9063,6 +11295,9 @@ var BEGIN_BUILD_SESSION = {
|
|
|
9063
11295
|
sessionMode: "string \u2014 async | interactive",
|
|
9064
11296
|
targetBeliefIds: "array \u2014 scoped belief IDs",
|
|
9065
11297
|
targetQuestionIds: "array \u2014 scoped question IDs",
|
|
11298
|
+
taskIds: "array \u2014 assigned task IDs for this worktree",
|
|
11299
|
+
incompleteTaskIds: "array \u2014 assigned task IDs that still require done/deferred/blocked proof",
|
|
11300
|
+
tasks: "array \u2014 assigned task packet with id, title, status, priority, links, and summaries",
|
|
9066
11301
|
topBeliefs: "array \u2014 highest-confidence scoped beliefs",
|
|
9067
11302
|
openQuestions: "array \u2014 open scoped questions",
|
|
9068
11303
|
resolvedDecisions: "array \u2014 answered questions summarized for the session",
|
|
@@ -9118,6 +11353,19 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9118
11353
|
bisect_confidence: BISECT_CONFIDENCE,
|
|
9119
11354
|
// Edges (commit)
|
|
9120
11355
|
create_edge: CREATE_EDGE,
|
|
11356
|
+
update_edge: UPDATE_EDGE,
|
|
11357
|
+
remove_edge: REMOVE_EDGE,
|
|
11358
|
+
remove_edges_between: REMOVE_EDGES_BETWEEN,
|
|
11359
|
+
batch_create_edges: BATCH_CREATE_EDGES,
|
|
11360
|
+
// Epistemic node spine (commit/amend/show)
|
|
11361
|
+
create_epistemic_node: CREATE_EPISTEMIC_NODE,
|
|
11362
|
+
get_epistemic_node: GET_EPISTEMIC_NODE,
|
|
11363
|
+
list_epistemic_nodes: LIST_EPISTEMIC_NODES,
|
|
11364
|
+
update_epistemic_node: UPDATE_EPISTEMIC_NODE,
|
|
11365
|
+
archive_epistemic_node: ARCHIVE_EPISTEMIC_NODE,
|
|
11366
|
+
verify_epistemic_node: VERIFY_EPISTEMIC_NODE,
|
|
11367
|
+
supersede_epistemic_node: SUPERSEDE_EPISTEMIC_NODE,
|
|
11368
|
+
batch_create_epistemic_nodes: BATCH_CREATE_EPISTEMIC_NODES,
|
|
9121
11369
|
// Judgments (tag)
|
|
9122
11370
|
record_judgment: RECORD_JUDGMENT,
|
|
9123
11371
|
// Graph intelligence (showcase)
|
|
@@ -9152,6 +11400,7 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9152
11400
|
update_worktree_targets: UPDATE_WORKTREE_TARGETS,
|
|
9153
11401
|
update_worktree_metadata: UPDATE_WORKTREE_METADATA,
|
|
9154
11402
|
identity_whoami: IDENTITY_WHOAMI,
|
|
11403
|
+
resolve_interactive_principal: RESOLVE_INTERACTIVE_PRINCIPAL,
|
|
9155
11404
|
compile_context: COMPILE_CONTEXT,
|
|
9156
11405
|
record_scope_learning: RECORD_SCOPE_LEARNING,
|
|
9157
11406
|
pipeline_snapshot: PIPELINE_SNAPSHOT,
|
|
@@ -9191,6 +11440,8 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9191
11440
|
get_topic: GET_TOPIC,
|
|
9192
11441
|
update_topic: UPDATE_TOPIC,
|
|
9193
11442
|
get_topic_tree: GET_TOPIC_TREE,
|
|
11443
|
+
materialize_topic_graph: MATERIALIZE_TOPIC_GRAPH,
|
|
11444
|
+
get_topic_graph_spine: GET_TOPIC_GRAPH_SPINE,
|
|
9194
11445
|
// Coding intelligence (code-grounded knowledge)
|
|
9195
11446
|
get_code_context: GET_CODE_CONTEXT,
|
|
9196
11447
|
get_change_history: GET_CHANGE_HISTORY,
|
|
@@ -9267,6 +11518,7 @@ function entries(names, surfaceClass, surfaceIntent, surfaces, rationale) {
|
|
|
9267
11518
|
var MCP_CORE_OPERATION_NAMES = [
|
|
9268
11519
|
"compile_context",
|
|
9269
11520
|
"identity_whoami",
|
|
11521
|
+
"resolve_interactive_principal",
|
|
9270
11522
|
"check_permission",
|
|
9271
11523
|
"filter_by_permission",
|
|
9272
11524
|
"create_belief",
|
|
@@ -9295,14 +11547,28 @@ var MCP_CORE_OPERATION_NAMES = [
|
|
|
9295
11547
|
"find_missing_questions",
|
|
9296
11548
|
"get_high_priority_questions",
|
|
9297
11549
|
"get_falsification_questions",
|
|
11550
|
+
"create_epistemic_node",
|
|
11551
|
+
"get_epistemic_node",
|
|
11552
|
+
"list_epistemic_nodes",
|
|
11553
|
+
"update_epistemic_node",
|
|
11554
|
+
"archive_epistemic_node",
|
|
11555
|
+
"verify_epistemic_node",
|
|
11556
|
+
"supersede_epistemic_node",
|
|
11557
|
+
"batch_create_epistemic_nodes",
|
|
9298
11558
|
"create_topic",
|
|
9299
11559
|
"get_topic",
|
|
9300
11560
|
"list_topics",
|
|
9301
11561
|
"update_topic",
|
|
9302
|
-
"get_topic_tree"
|
|
11562
|
+
"get_topic_tree",
|
|
11563
|
+
"materialize_topic_graph",
|
|
11564
|
+
"get_topic_graph_spine"
|
|
9303
11565
|
];
|
|
9304
11566
|
var MCP_ANALYSIS_PLATFORM_OPERATION_NAMES = [
|
|
9305
11567
|
"create_edge",
|
|
11568
|
+
"update_edge",
|
|
11569
|
+
"remove_edge",
|
|
11570
|
+
"remove_edges_between",
|
|
11571
|
+
"batch_create_edges",
|
|
9306
11572
|
"query_lineage",
|
|
9307
11573
|
"traverse_graph",
|
|
9308
11574
|
"get_graph_neighborhood",
|
|
@@ -9634,12 +11900,20 @@ function unwrapMcpParameterSchema(schema) {
|
|
|
9634
11900
|
current = current._def.schema;
|
|
9635
11901
|
continue;
|
|
9636
11902
|
default:
|
|
9637
|
-
return {
|
|
11903
|
+
return {
|
|
11904
|
+
schema: current,
|
|
11905
|
+
required,
|
|
11906
|
+
description: description ?? current.description
|
|
11907
|
+
};
|
|
9638
11908
|
}
|
|
9639
11909
|
}
|
|
9640
11910
|
}
|
|
9641
11911
|
function mcpParameterFromZod(fieldName, schema, contractName) {
|
|
9642
|
-
const {
|
|
11912
|
+
const {
|
|
11913
|
+
schema: unwrapped,
|
|
11914
|
+
required,
|
|
11915
|
+
description: schemaDescription
|
|
11916
|
+
} = unwrapMcpParameterSchema(schema);
|
|
9643
11917
|
const description = schemaDescription ?? unwrapped.description ?? fieldName;
|
|
9644
11918
|
switch (unwrapped._def.typeName) {
|
|
9645
11919
|
case z.ZodFirstPartyTypeKind.ZodString:
|
|
@@ -9684,10 +11958,12 @@ function mcpContractFromArgsSchema(base, args, contractName) {
|
|
|
9684
11958
|
const entries2 = Object.entries(getObjectShape(args)).sort(
|
|
9685
11959
|
([left], [right]) => left.localeCompare(right)
|
|
9686
11960
|
);
|
|
9687
|
-
const converted = entries2.map(
|
|
9688
|
-
fieldName,
|
|
9689
|
-
|
|
9690
|
-
|
|
11961
|
+
const converted = entries2.map(
|
|
11962
|
+
([fieldName, schema]) => [
|
|
11963
|
+
fieldName,
|
|
11964
|
+
mcpParameterFromZod(fieldName, schema, contractName)
|
|
11965
|
+
]
|
|
11966
|
+
);
|
|
9691
11967
|
return {
|
|
9692
11968
|
...base,
|
|
9693
11969
|
parameters: Object.fromEntries(
|
|
@@ -9796,9 +12072,16 @@ function surfaceContract(args) {
|
|
|
9796
12072
|
scopes: args.scopes ?? [
|
|
9797
12073
|
args.kind === "query" ? `${args.domain}.read` : `${args.domain}.write`
|
|
9798
12074
|
],
|
|
9799
|
-
allowedPrincipalTypes: [
|
|
12075
|
+
allowedPrincipalTypes: [
|
|
12076
|
+
"user",
|
|
12077
|
+
"service",
|
|
12078
|
+
"agent",
|
|
12079
|
+
"group",
|
|
12080
|
+
"external_viewer"
|
|
12081
|
+
]
|
|
9800
12082
|
},
|
|
9801
12083
|
convex: args.convex,
|
|
12084
|
+
gateway: args.gateway,
|
|
9802
12085
|
args: canonicalArgs,
|
|
9803
12086
|
returns: canonicalReturns,
|
|
9804
12087
|
input,
|
|
@@ -9937,8 +12220,6 @@ var contextContracts = [
|
|
|
9937
12220
|
args: observationContextArgs
|
|
9938
12221
|
})
|
|
9939
12222
|
];
|
|
9940
|
-
|
|
9941
|
-
// ../contracts/src/function-registry/identity.ts
|
|
9942
12223
|
var withPrincipal = (input, context) => ({
|
|
9943
12224
|
...input,
|
|
9944
12225
|
tenantId: input.tenantId ?? context.tenantId,
|
|
@@ -9957,11 +12238,30 @@ var identityContracts = [
|
|
|
9957
12238
|
sdkNamespace: "identity",
|
|
9958
12239
|
sdkMethod: "whoami",
|
|
9959
12240
|
summary: "Describe the current gateway principal.",
|
|
12241
|
+
gateway: {
|
|
12242
|
+
handler: "identity.whoami"
|
|
12243
|
+
}
|
|
12244
|
+
}),
|
|
12245
|
+
surfaceContract({
|
|
12246
|
+
name: "resolve_interactive_principal",
|
|
12247
|
+
kind: "query",
|
|
12248
|
+
domain: "controlPlane",
|
|
12249
|
+
surfaceClass: "platform_public",
|
|
12250
|
+
method: "POST",
|
|
12251
|
+
path: "/control-plane/identity/resolve-interactive-principal",
|
|
12252
|
+
sdkNamespace: "controlPlane.identity",
|
|
12253
|
+
sdkMethod: "resolveInteractivePrincipal",
|
|
12254
|
+
summary: "Resolve an authenticated Clerk user into a Permit-backed Lucern principal context.",
|
|
12255
|
+
args: z.object({
|
|
12256
|
+
clerkId: z.string().min(1),
|
|
12257
|
+
tenantId: z.string().min(1).optional(),
|
|
12258
|
+
workspaceId: z.string().min(1).optional(),
|
|
12259
|
+
providerProjectId: z.string().min(1).optional()
|
|
12260
|
+
}),
|
|
9960
12261
|
convex: {
|
|
9961
|
-
module: "
|
|
9962
|
-
functionName: "
|
|
9963
|
-
kind: "query"
|
|
9964
|
-
inputProjection: withPrincipal
|
|
12262
|
+
module: "platform",
|
|
12263
|
+
functionName: "resolveInteractivePrincipal",
|
|
12264
|
+
kind: "query"
|
|
9965
12265
|
}
|
|
9966
12266
|
}),
|
|
9967
12267
|
surfaceContract({
|
|
@@ -10043,15 +12343,6 @@ var beliefLookupInput = (input) => compactRecord4({
|
|
|
10043
12343
|
var beliefNodeInput = (input) => compactRecord4({
|
|
10044
12344
|
nodeId: input.nodeId ?? input.id ?? input.beliefId
|
|
10045
12345
|
});
|
|
10046
|
-
var beliefTopicInput = (input) => {
|
|
10047
|
-
const parsed = listBeliefsProjection.inputSchema.safeParse(input);
|
|
10048
|
-
if (!parsed.success) {
|
|
10049
|
-
throw new Error(
|
|
10050
|
-
`list_beliefs projection input rejected: ${parsed.error.message}`
|
|
10051
|
-
);
|
|
10052
|
-
}
|
|
10053
|
-
return compactRecord4(listBeliefsProjection.project(parsed.data));
|
|
10054
|
-
};
|
|
10055
12346
|
var createBeliefInput = (input, context) => {
|
|
10056
12347
|
return withUserId(
|
|
10057
12348
|
compactRecord4({
|
|
@@ -10140,11 +12431,8 @@ var beliefsContracts = [
|
|
|
10140
12431
|
sdkNamespace: "beliefs",
|
|
10141
12432
|
sdkMethod: "listBeliefs",
|
|
10142
12433
|
summary: "List beliefs for a topic.",
|
|
10143
|
-
|
|
10144
|
-
|
|
10145
|
-
functionName: "getByTopic",
|
|
10146
|
-
kind: "query",
|
|
10147
|
-
inputProjection: beliefTopicInput
|
|
12434
|
+
gateway: {
|
|
12435
|
+
handler: "beliefs.list"
|
|
10148
12436
|
},
|
|
10149
12437
|
args: listBeliefsInputSchema
|
|
10150
12438
|
}),
|
|
@@ -10285,7 +12573,7 @@ var beliefsContracts = [
|
|
|
10285
12573
|
})
|
|
10286
12574
|
];
|
|
10287
12575
|
var jsonRecordSchema4 = z.record(z.unknown());
|
|
10288
|
-
var evidenceRelationSchema = z.enum(["supports", "contradicts"
|
|
12576
|
+
var evidenceRelationSchema = z.enum(["supports", "contradicts"]);
|
|
10289
12577
|
var createEvidenceArgs = z.object({
|
|
10290
12578
|
topicId: z.string().optional().describe("Topic scope for the evidence."),
|
|
10291
12579
|
text: z.string().describe("Canonical evidence text."),
|
|
@@ -10329,12 +12617,6 @@ var evidenceIdInput = (input) => compactRecord4({
|
|
|
10329
12617
|
insightId: input.insightId,
|
|
10330
12618
|
nodeId: input.nodeId ?? input.id ?? input.evidenceId
|
|
10331
12619
|
});
|
|
10332
|
-
var evidenceTopicInput = (input) => compactRecord4({
|
|
10333
|
-
topicId: input.topicId,
|
|
10334
|
-
status: input.status,
|
|
10335
|
-
userId: input.userId,
|
|
10336
|
-
limit: input.limit
|
|
10337
|
-
});
|
|
10338
12620
|
var createEvidenceInput = (input, context) => {
|
|
10339
12621
|
const parsed = createEvidenceProjection.inputSchema.safeParse(input);
|
|
10340
12622
|
if (!parsed.success) {
|
|
@@ -10351,12 +12633,12 @@ var linkEvidenceToBeliefEdgeInput = (input, context) => withCreatedBy(
|
|
|
10351
12633
|
compactRecord4({
|
|
10352
12634
|
fromNodeId: input.insightId ?? input.evidenceNodeId ?? input.evidenceId,
|
|
10353
12635
|
toNodeId: input.beliefNodeId ?? input.beliefId ?? input.targetId,
|
|
10354
|
-
edgeType: "
|
|
12636
|
+
edgeType: "informs",
|
|
10355
12637
|
globalId: input.globalId ?? `edge:${String(
|
|
10356
12638
|
input.insightId ?? input.evidenceNodeId ?? input.evidenceId
|
|
10357
12639
|
)}:${String(
|
|
10358
12640
|
input.beliefNodeId ?? input.beliefId ?? input.targetId
|
|
10359
|
-
)}:
|
|
12641
|
+
)}:informs`,
|
|
10360
12642
|
weight: typeof input.weight === "number" ? input.weight : input.type === "contradicting" ? -1 : 1,
|
|
10361
12643
|
context: input.rationale ?? input.context,
|
|
10362
12644
|
skipLayerValidation: true,
|
|
@@ -10369,12 +12651,12 @@ var linkEvidenceToQuestionEdgeInput = (input, context) => withCreatedBy(
|
|
|
10369
12651
|
compactRecord4({
|
|
10370
12652
|
fromNodeId: input.insightId ?? input.evidenceNodeId ?? input.evidenceId,
|
|
10371
12653
|
toNodeId: input.questionId ?? input.questionNodeId ?? input.targetId,
|
|
10372
|
-
edgeType: "
|
|
12654
|
+
edgeType: "responds_to",
|
|
10373
12655
|
globalId: input.globalId ?? `edge:${String(
|
|
10374
12656
|
input.insightId ?? input.evidenceNodeId ?? input.evidenceId
|
|
10375
12657
|
)}:${String(
|
|
10376
12658
|
input.questionId ?? input.questionNodeId ?? input.targetId
|
|
10377
|
-
)}:
|
|
12659
|
+
)}:responds_to`,
|
|
10378
12660
|
weight: input.impactScore ?? input.weight,
|
|
10379
12661
|
context: input.rationale ?? input.context,
|
|
10380
12662
|
skipLayerValidation: true,
|
|
@@ -10465,11 +12747,8 @@ var evidenceContracts = [
|
|
|
10465
12747
|
sdkNamespace: "evidence",
|
|
10466
12748
|
sdkMethod: "listEvidence",
|
|
10467
12749
|
summary: "List evidence for a topic.",
|
|
10468
|
-
|
|
10469
|
-
|
|
10470
|
-
functionName: "getByTopic",
|
|
10471
|
-
kind: "query",
|
|
10472
|
-
inputProjection: evidenceTopicInput
|
|
12750
|
+
gateway: {
|
|
12751
|
+
handler: "evidence.list"
|
|
10473
12752
|
}
|
|
10474
12753
|
}),
|
|
10475
12754
|
surfaceContract({
|
|
@@ -10704,11 +12983,8 @@ var questionsContracts = [
|
|
|
10704
12983
|
sdkNamespace: "questions",
|
|
10705
12984
|
sdkMethod: "listQuestions",
|
|
10706
12985
|
summary: "List questions for a topic.",
|
|
10707
|
-
|
|
10708
|
-
|
|
10709
|
-
functionName: "getByTopic",
|
|
10710
|
-
kind: "query",
|
|
10711
|
-
inputProjection: questionTopicInput
|
|
12986
|
+
gateway: {
|
|
12987
|
+
handler: "questions.list"
|
|
10712
12988
|
}
|
|
10713
12989
|
}),
|
|
10714
12990
|
surfaceContract({
|
|
@@ -10911,18 +13187,50 @@ var questionsContracts = [
|
|
|
10911
13187
|
args: falsificationQuestionsArgs
|
|
10912
13188
|
})
|
|
10913
13189
|
];
|
|
13190
|
+
var topicVisibilitySchema = z.enum([
|
|
13191
|
+
"private",
|
|
13192
|
+
"team",
|
|
13193
|
+
"firm",
|
|
13194
|
+
"external",
|
|
13195
|
+
"public"
|
|
13196
|
+
]);
|
|
13197
|
+
var topicStatusSchema = z.enum(["active", "archived", "watching"]);
|
|
13198
|
+
var createTopicArgs = z.object({
|
|
13199
|
+
globalId: z.string().optional().describe("Optional idempotent topic global ID."),
|
|
13200
|
+
name: z.string().describe("Topic name."),
|
|
13201
|
+
description: z.string().optional().describe("Topic description."),
|
|
13202
|
+
type: z.string().describe("Topic type."),
|
|
13203
|
+
parentTopicId: z.string().optional().describe("Optional parent topic ID."),
|
|
13204
|
+
parentTopicGlobalId: z.string().optional().describe("Optional parent topic global ID."),
|
|
13205
|
+
ontologyId: z.string().optional().describe("Ontology to bind."),
|
|
13206
|
+
tenantId: z.string().optional().describe("Optional tenant scope."),
|
|
13207
|
+
workspaceId: z.string().optional().describe("Optional workspace scope."),
|
|
13208
|
+
visibility: topicVisibilitySchema.optional().describe("Topic visibility."),
|
|
13209
|
+
metadata: z.record(z.unknown()).optional().describe("Topic metadata."),
|
|
13210
|
+
graphScopeProjectId: z.string().optional(),
|
|
13211
|
+
createdBy: z.string().optional()
|
|
13212
|
+
});
|
|
10914
13213
|
var updateTopicArgs = z.object({
|
|
10915
13214
|
id: z.string().describe("Topic ID."),
|
|
10916
13215
|
topicId: z.string().optional().describe("Topic ID alias."),
|
|
10917
13216
|
name: z.string().optional().describe("Topic name."),
|
|
10918
13217
|
description: z.string().optional().describe("Topic description."),
|
|
10919
13218
|
type: z.string().optional().describe("Topic type."),
|
|
10920
|
-
status:
|
|
10921
|
-
visibility:
|
|
13219
|
+
status: topicStatusSchema.optional().describe("Topic status."),
|
|
13220
|
+
visibility: topicVisibilitySchema.optional().describe("Topic visibility."),
|
|
10922
13221
|
ontologyId: z.string().optional().describe("Ontology to bind."),
|
|
10923
13222
|
clearOntologyId: z.boolean().optional().describe("Whether to clear the ontology binding."),
|
|
10924
13223
|
metadata: z.record(z.unknown()).optional().describe("Topic metadata.")
|
|
10925
13224
|
});
|
|
13225
|
+
var materializeTopicGraphArgs = z.object({
|
|
13226
|
+
rootTopicId: z.string().optional().describe("Optional root topic ID."),
|
|
13227
|
+
dryRun: z.boolean().optional().describe("Report missing rows without writing."),
|
|
13228
|
+
createdBy: z.string().optional()
|
|
13229
|
+
});
|
|
13230
|
+
var getTopicGraphSpineArgs = z.object({
|
|
13231
|
+
rootTopicId: z.string().optional().describe("Optional root topic ID."),
|
|
13232
|
+
includeTopicBeliefEdges: z.boolean().optional()
|
|
13233
|
+
});
|
|
10926
13234
|
var topicIdInput = (input) => compactRecord4({
|
|
10927
13235
|
id: input.id ?? input.topicId
|
|
10928
13236
|
});
|
|
@@ -10940,87 +13248,488 @@ var updateTopicInput = (input) => compactRecord4({
|
|
|
10940
13248
|
});
|
|
10941
13249
|
var topicsContracts = [
|
|
10942
13250
|
surfaceContract({
|
|
10943
|
-
name: "create_topic",
|
|
13251
|
+
name: "create_topic",
|
|
13252
|
+
kind: "mutation",
|
|
13253
|
+
domain: "topics",
|
|
13254
|
+
surfaceClass: "platform_public",
|
|
13255
|
+
path: "/topics",
|
|
13256
|
+
sdkNamespace: "topics",
|
|
13257
|
+
sdkMethod: "createTopic",
|
|
13258
|
+
summary: "Create a topic.",
|
|
13259
|
+
convex: {
|
|
13260
|
+
module: "topics",
|
|
13261
|
+
functionName: "create",
|
|
13262
|
+
kind: "mutation",
|
|
13263
|
+
inputProjection: withCreatedBy
|
|
13264
|
+
},
|
|
13265
|
+
args: createTopicArgs
|
|
13266
|
+
}),
|
|
13267
|
+
surfaceContract({
|
|
13268
|
+
name: "get_topic",
|
|
13269
|
+
kind: "query",
|
|
13270
|
+
domain: "topics",
|
|
13271
|
+
surfaceClass: "platform_public",
|
|
13272
|
+
method: "GET",
|
|
13273
|
+
path: "/topics/get",
|
|
13274
|
+
sdkNamespace: "topics",
|
|
13275
|
+
sdkMethod: "getTopic",
|
|
13276
|
+
summary: "Get a topic.",
|
|
13277
|
+
convex: {
|
|
13278
|
+
module: "topics",
|
|
13279
|
+
functionName: "get",
|
|
13280
|
+
kind: "query",
|
|
13281
|
+
inputProjection: topicIdInput
|
|
13282
|
+
}
|
|
13283
|
+
}),
|
|
13284
|
+
surfaceContract({
|
|
13285
|
+
name: "list_topics",
|
|
13286
|
+
kind: "query",
|
|
13287
|
+
domain: "topics",
|
|
13288
|
+
surfaceClass: "platform_public",
|
|
13289
|
+
method: "GET",
|
|
13290
|
+
path: "/topics",
|
|
13291
|
+
sdkNamespace: "topics",
|
|
13292
|
+
sdkMethod: "listTopics",
|
|
13293
|
+
summary: "List topics.",
|
|
13294
|
+
convex: {
|
|
13295
|
+
module: "topics",
|
|
13296
|
+
functionName: "list",
|
|
13297
|
+
kind: "query"
|
|
13298
|
+
}
|
|
13299
|
+
}),
|
|
13300
|
+
surfaceContract({
|
|
13301
|
+
name: "update_topic",
|
|
13302
|
+
kind: "mutation",
|
|
13303
|
+
domain: "topics",
|
|
13304
|
+
surfaceClass: "platform_public",
|
|
13305
|
+
method: "PATCH",
|
|
13306
|
+
path: "/topics",
|
|
13307
|
+
sdkNamespace: "topics",
|
|
13308
|
+
sdkMethod: "updateTopic",
|
|
13309
|
+
summary: "Update a topic.",
|
|
13310
|
+
convex: {
|
|
13311
|
+
module: "topics",
|
|
13312
|
+
functionName: "update",
|
|
13313
|
+
kind: "mutation",
|
|
13314
|
+
inputProjection: updateTopicInput
|
|
13315
|
+
},
|
|
13316
|
+
args: updateTopicArgs
|
|
13317
|
+
}),
|
|
13318
|
+
surfaceContract({
|
|
13319
|
+
name: "get_topic_tree",
|
|
13320
|
+
kind: "query",
|
|
13321
|
+
domain: "topics",
|
|
13322
|
+
surfaceClass: "platform_public",
|
|
13323
|
+
method: "GET",
|
|
13324
|
+
path: "/topics/tree",
|
|
13325
|
+
sdkNamespace: "topics",
|
|
13326
|
+
sdkMethod: "getTopicTree",
|
|
13327
|
+
summary: "Get a topic tree.",
|
|
13328
|
+
convex: {
|
|
13329
|
+
module: "topics",
|
|
13330
|
+
functionName: "getTree",
|
|
13331
|
+
kind: "query"
|
|
13332
|
+
}
|
|
13333
|
+
}),
|
|
13334
|
+
surfaceContract({
|
|
13335
|
+
name: "materialize_topic_graph",
|
|
13336
|
+
kind: "mutation",
|
|
13337
|
+
domain: "topics",
|
|
13338
|
+
surfaceClass: "platform_public",
|
|
13339
|
+
path: "/topics/materialize-graph",
|
|
13340
|
+
sdkNamespace: "topics",
|
|
13341
|
+
sdkMethod: "materializeTopicGraph",
|
|
13342
|
+
summary: "Materialize topic nodes and parent-child graph edges.",
|
|
13343
|
+
convex: {
|
|
13344
|
+
module: "topics",
|
|
13345
|
+
functionName: "materializeTopicGraph",
|
|
13346
|
+
kind: "mutation",
|
|
13347
|
+
inputProjection: withCreatedBy
|
|
13348
|
+
},
|
|
13349
|
+
args: materializeTopicGraphArgs
|
|
13350
|
+
}),
|
|
13351
|
+
surfaceContract({
|
|
13352
|
+
name: "get_topic_graph_spine",
|
|
13353
|
+
kind: "query",
|
|
13354
|
+
domain: "topics",
|
|
13355
|
+
surfaceClass: "platform_public",
|
|
13356
|
+
method: "GET",
|
|
13357
|
+
path: "/topics/graph-spine",
|
|
13358
|
+
sdkNamespace: "topics",
|
|
13359
|
+
sdkMethod: "getTopicGraphSpine",
|
|
13360
|
+
summary: "Verify topic nodes and parent-child graph edges.",
|
|
13361
|
+
convex: {
|
|
13362
|
+
module: "topics",
|
|
13363
|
+
functionName: "getTopicGraphSpine",
|
|
13364
|
+
kind: "query"
|
|
13365
|
+
},
|
|
13366
|
+
args: getTopicGraphSpineArgs
|
|
13367
|
+
})
|
|
13368
|
+
];
|
|
13369
|
+
var sourceTypeSchema2 = z.enum([
|
|
13370
|
+
"human",
|
|
13371
|
+
"ai_extracted",
|
|
13372
|
+
"ai_generated",
|
|
13373
|
+
"imported",
|
|
13374
|
+
"system",
|
|
13375
|
+
"verified",
|
|
13376
|
+
"proprietary"
|
|
13377
|
+
]);
|
|
13378
|
+
var verificationStatusSchema = z.enum([
|
|
13379
|
+
"unverified",
|
|
13380
|
+
"human_verified",
|
|
13381
|
+
"ai_verified",
|
|
13382
|
+
"contradicted",
|
|
13383
|
+
"outdated"
|
|
13384
|
+
]);
|
|
13385
|
+
var nodeStatusSchema = z.enum([
|
|
13386
|
+
"active",
|
|
13387
|
+
"superseded",
|
|
13388
|
+
"archived",
|
|
13389
|
+
"deleted"
|
|
13390
|
+
]);
|
|
13391
|
+
var externalIdsArgs = z.object({
|
|
13392
|
+
crunchbase: z.string().optional(),
|
|
13393
|
+
linkedin: z.string().optional(),
|
|
13394
|
+
pitchbook: z.string().optional(),
|
|
13395
|
+
twitter: z.string().optional(),
|
|
13396
|
+
website: z.string().optional()
|
|
13397
|
+
}).optional();
|
|
13398
|
+
var createEpistemicNodeItemArgs = z.object({
|
|
13399
|
+
globalId: z.string().optional().describe("Optional idempotent node global ID."),
|
|
13400
|
+
nodeType: NODE_TYPE.describe("Public epistemic node type."),
|
|
13401
|
+
subtype: z.string().optional(),
|
|
13402
|
+
canonicalText: z.string().optional().describe("Canonical node text."),
|
|
13403
|
+
text: z.string().optional().describe("Alias for canonicalText."),
|
|
13404
|
+
contentHash: z.string().optional().describe("Optional idempotency content hash."),
|
|
13405
|
+
content: z.string().optional(),
|
|
13406
|
+
contentType: z.string().optional(),
|
|
13407
|
+
title: z.string().optional(),
|
|
13408
|
+
tags: z.array(z.string()).optional(),
|
|
13409
|
+
domain: z.string().optional(),
|
|
13410
|
+
metadata: z.record(z.unknown()).optional(),
|
|
13411
|
+
externalIds: externalIdsArgs,
|
|
13412
|
+
sourceType: sourceTypeSchema2.optional(),
|
|
13413
|
+
aiProvider: z.string().optional(),
|
|
13414
|
+
extractedFromNodeId: z.string().optional(),
|
|
13415
|
+
confidence: z.number().optional(),
|
|
13416
|
+
verificationStatus: verificationStatusSchema.optional(),
|
|
13417
|
+
topicId: z.string().optional(),
|
|
13418
|
+
projectId: z.string().optional(),
|
|
13419
|
+
createdBy: z.string().optional(),
|
|
13420
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13421
|
+
});
|
|
13422
|
+
var createEpistemicNodeArgs = createEpistemicNodeItemArgs;
|
|
13423
|
+
var batchCreateEpistemicNodesArgs = z.object({
|
|
13424
|
+
nodes: z.array(createEpistemicNodeItemArgs)
|
|
13425
|
+
});
|
|
13426
|
+
var getEpistemicNodeArgs = z.object({
|
|
13427
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13428
|
+
globalId: z.string().optional().describe("Node global ID alias.")
|
|
13429
|
+
});
|
|
13430
|
+
var listEpistemicNodesArgs = z.object({
|
|
13431
|
+
topicId: z.string().optional(),
|
|
13432
|
+
projectId: z.string().optional(),
|
|
13433
|
+
nodeType: NODE_TYPE.optional(),
|
|
13434
|
+
status: nodeStatusSchema.optional(),
|
|
13435
|
+
searchQuery: z.string().optional(),
|
|
13436
|
+
query: z.string().optional(),
|
|
13437
|
+
limit: z.number().optional()
|
|
13438
|
+
});
|
|
13439
|
+
var updateEpistemicNodeArgs = z.object({
|
|
13440
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13441
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13442
|
+
subtype: z.string().optional(),
|
|
13443
|
+
canonicalText: z.string().optional(),
|
|
13444
|
+
text: z.string().optional(),
|
|
13445
|
+
contentHash: z.string().optional(),
|
|
13446
|
+
content: z.string().optional(),
|
|
13447
|
+
contentType: z.string().optional(),
|
|
13448
|
+
title: z.string().optional(),
|
|
13449
|
+
tags: z.array(z.string()).optional(),
|
|
13450
|
+
domain: z.string().optional(),
|
|
13451
|
+
metadata: z.record(z.unknown()).optional(),
|
|
13452
|
+
externalIds: externalIdsArgs,
|
|
13453
|
+
confidence: z.number().optional(),
|
|
13454
|
+
verificationStatus: verificationStatusSchema.optional(),
|
|
13455
|
+
status: nodeStatusSchema.optional(),
|
|
13456
|
+
userId: z.string().optional(),
|
|
13457
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13458
|
+
});
|
|
13459
|
+
var archiveEpistemicNodeArgs = z.object({
|
|
13460
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13461
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13462
|
+
userId: z.string().optional(),
|
|
13463
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13464
|
+
});
|
|
13465
|
+
var verifyEpistemicNodeArgs = z.object({
|
|
13466
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13467
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13468
|
+
verificationStatus: verificationStatusSchema,
|
|
13469
|
+
confidence: z.number().optional(),
|
|
13470
|
+
userId: z.string().optional()
|
|
13471
|
+
});
|
|
13472
|
+
var supersedeEpistemicNodeArgs = z.object({
|
|
13473
|
+
oldNodeId: z.string().describe("Node ID or global ID to supersede."),
|
|
13474
|
+
nodeId: z.string().optional().describe("Old node ID alias."),
|
|
13475
|
+
newGlobalId: z.string().optional(),
|
|
13476
|
+
newCanonicalText: z.string().optional(),
|
|
13477
|
+
text: z.string().optional(),
|
|
13478
|
+
canonicalText: z.string().optional(),
|
|
13479
|
+
newContentHash: z.string().optional(),
|
|
13480
|
+
reason: z.string().optional(),
|
|
13481
|
+
createdBy: z.string().optional(),
|
|
13482
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13483
|
+
});
|
|
13484
|
+
function generatedGlobalId(prefix) {
|
|
13485
|
+
return `${prefix}:${crypto.randomUUID()}`;
|
|
13486
|
+
}
|
|
13487
|
+
function resolveCanonicalText(input) {
|
|
13488
|
+
const text = input.canonicalText ?? input.text ?? input.title ?? input.content;
|
|
13489
|
+
if (typeof text !== "string" || text.trim().length === 0) {
|
|
13490
|
+
throw new Error("canonicalText or text is required.");
|
|
13491
|
+
}
|
|
13492
|
+
return text;
|
|
13493
|
+
}
|
|
13494
|
+
function createNodeInput(input, context) {
|
|
13495
|
+
const canonicalText = resolveCanonicalText(input);
|
|
13496
|
+
const nodeType = String(input.nodeType);
|
|
13497
|
+
return withCreatedBy(
|
|
13498
|
+
compactRecord4({
|
|
13499
|
+
globalId: typeof input.globalId === "string" && input.globalId.trim() ? input.globalId : generatedGlobalId(nodeType),
|
|
13500
|
+
nodeType,
|
|
13501
|
+
subtype: input.subtype,
|
|
13502
|
+
canonicalText,
|
|
13503
|
+
contentHash: typeof input.contentHash === "string" && input.contentHash.trim() ? input.contentHash : `${nodeType}:${canonicalText}`,
|
|
13504
|
+
content: input.content,
|
|
13505
|
+
contentType: input.contentType,
|
|
13506
|
+
title: input.title,
|
|
13507
|
+
tags: input.tags,
|
|
13508
|
+
domain: input.domain,
|
|
13509
|
+
metadata: input.metadata,
|
|
13510
|
+
externalIds: input.externalIds,
|
|
13511
|
+
sourceType: typeof input.sourceType === "string" && input.sourceType.trim() ? input.sourceType : "human",
|
|
13512
|
+
aiProvider: input.aiProvider,
|
|
13513
|
+
extractedFromNodeId: input.extractedFromNodeId,
|
|
13514
|
+
confidence: input.confidence,
|
|
13515
|
+
verificationStatus: input.verificationStatus,
|
|
13516
|
+
topicId: input.topicId,
|
|
13517
|
+
projectId: input.projectId
|
|
13518
|
+
}),
|
|
13519
|
+
context
|
|
13520
|
+
);
|
|
13521
|
+
}
|
|
13522
|
+
var getNodeInput = (input) => compactRecord4({
|
|
13523
|
+
nodeId: input.nodeId ?? input.globalId
|
|
13524
|
+
});
|
|
13525
|
+
var listNodesInput = (input) => compactRecord4({
|
|
13526
|
+
topicId: input.topicId,
|
|
13527
|
+
projectId: input.projectId,
|
|
13528
|
+
nodeType: input.nodeType,
|
|
13529
|
+
status: input.status,
|
|
13530
|
+
searchQuery: input.searchQuery ?? input.query,
|
|
13531
|
+
limit: input.limit
|
|
13532
|
+
});
|
|
13533
|
+
var updateNodeInput = (input, context) => withUserId(
|
|
13534
|
+
compactRecord4({
|
|
13535
|
+
nodeId: input.nodeId ?? input.id,
|
|
13536
|
+
subtype: input.subtype,
|
|
13537
|
+
canonicalText: input.canonicalText ?? input.text,
|
|
13538
|
+
contentHash: input.contentHash,
|
|
13539
|
+
content: input.content,
|
|
13540
|
+
contentType: input.contentType,
|
|
13541
|
+
title: input.title,
|
|
13542
|
+
tags: input.tags,
|
|
13543
|
+
domain: input.domain,
|
|
13544
|
+
metadata: input.metadata,
|
|
13545
|
+
externalIds: input.externalIds,
|
|
13546
|
+
confidence: input.confidence,
|
|
13547
|
+
verificationStatus: input.verificationStatus,
|
|
13548
|
+
status: input.status,
|
|
13549
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13550
|
+
}),
|
|
13551
|
+
context
|
|
13552
|
+
);
|
|
13553
|
+
var archiveNodeInput = (input, context) => withUserId(
|
|
13554
|
+
compactRecord4({
|
|
13555
|
+
nodeId: input.nodeId ?? input.id,
|
|
13556
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13557
|
+
}),
|
|
13558
|
+
context
|
|
13559
|
+
);
|
|
13560
|
+
var verifyNodeInput = (input, context) => withUserId(
|
|
13561
|
+
compactRecord4({
|
|
13562
|
+
nodeId: input.nodeId ?? input.id,
|
|
13563
|
+
verificationStatus: input.verificationStatus,
|
|
13564
|
+
confidence: input.confidence
|
|
13565
|
+
}),
|
|
13566
|
+
context
|
|
13567
|
+
);
|
|
13568
|
+
var supersedeNodeInput = (input, context) => {
|
|
13569
|
+
const newCanonicalText = input.newCanonicalText ?? input.canonicalText ?? input.text;
|
|
13570
|
+
if (typeof newCanonicalText !== "string" || newCanonicalText.trim().length === 0) {
|
|
13571
|
+
throw new Error("newCanonicalText or text is required.");
|
|
13572
|
+
}
|
|
13573
|
+
return {
|
|
13574
|
+
oldNodeId: input.oldNodeId ?? input.nodeId,
|
|
13575
|
+
newGlobalId: typeof input.newGlobalId === "string" && input.newGlobalId.trim() ? input.newGlobalId : generatedGlobalId("node"),
|
|
13576
|
+
newCanonicalText,
|
|
13577
|
+
newContentHash: typeof input.newContentHash === "string" && input.newContentHash.trim() ? input.newContentHash : `superseded:${newCanonicalText}`,
|
|
13578
|
+
createdBy: typeof input.createdBy === "string" ? input.createdBy : authUserId(context),
|
|
13579
|
+
reason: input.reason,
|
|
13580
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13581
|
+
};
|
|
13582
|
+
};
|
|
13583
|
+
var batchCreateNodesInput = (input, context) => {
|
|
13584
|
+
const nodes = Array.isArray(input.nodes) ? input.nodes : [];
|
|
13585
|
+
return {
|
|
13586
|
+
nodes: nodes.map(
|
|
13587
|
+
(node) => createNodeInput(
|
|
13588
|
+
node && typeof node === "object" ? node : {},
|
|
13589
|
+
context
|
|
13590
|
+
)
|
|
13591
|
+
)
|
|
13592
|
+
};
|
|
13593
|
+
};
|
|
13594
|
+
var nodesContracts = [
|
|
13595
|
+
surfaceContract({
|
|
13596
|
+
name: "create_epistemic_node",
|
|
10944
13597
|
kind: "mutation",
|
|
10945
|
-
domain: "
|
|
13598
|
+
domain: "nodes",
|
|
10946
13599
|
surfaceClass: "platform_public",
|
|
10947
|
-
path: "/
|
|
10948
|
-
sdkNamespace: "
|
|
10949
|
-
sdkMethod: "
|
|
10950
|
-
summary: "Create a
|
|
13600
|
+
path: "/nodes",
|
|
13601
|
+
sdkNamespace: "nodes",
|
|
13602
|
+
sdkMethod: "createEpistemicNode",
|
|
13603
|
+
summary: "Create a generic epistemic graph node.",
|
|
10951
13604
|
convex: {
|
|
10952
|
-
module: "
|
|
13605
|
+
module: "nodes",
|
|
10953
13606
|
functionName: "create",
|
|
10954
13607
|
kind: "mutation",
|
|
10955
|
-
inputProjection:
|
|
10956
|
-
}
|
|
13608
|
+
inputProjection: createNodeInput
|
|
13609
|
+
},
|
|
13610
|
+
args: createEpistemicNodeArgs
|
|
10957
13611
|
}),
|
|
10958
13612
|
surfaceContract({
|
|
10959
|
-
name: "
|
|
13613
|
+
name: "get_epistemic_node",
|
|
10960
13614
|
kind: "query",
|
|
10961
|
-
domain: "
|
|
13615
|
+
domain: "nodes",
|
|
10962
13616
|
surfaceClass: "platform_public",
|
|
10963
13617
|
method: "GET",
|
|
10964
|
-
path: "/
|
|
10965
|
-
sdkNamespace: "
|
|
10966
|
-
sdkMethod: "
|
|
10967
|
-
summary: "Get a
|
|
13618
|
+
path: "/nodes/get",
|
|
13619
|
+
sdkNamespace: "nodes",
|
|
13620
|
+
sdkMethod: "getEpistemicNode",
|
|
13621
|
+
summary: "Get a generic epistemic graph node.",
|
|
10968
13622
|
convex: {
|
|
10969
|
-
module: "
|
|
13623
|
+
module: "nodes",
|
|
10970
13624
|
functionName: "get",
|
|
10971
13625
|
kind: "query",
|
|
10972
|
-
inputProjection:
|
|
10973
|
-
}
|
|
13626
|
+
inputProjection: getNodeInput
|
|
13627
|
+
},
|
|
13628
|
+
args: getEpistemicNodeArgs
|
|
10974
13629
|
}),
|
|
10975
13630
|
surfaceContract({
|
|
10976
|
-
name: "
|
|
13631
|
+
name: "list_epistemic_nodes",
|
|
10977
13632
|
kind: "query",
|
|
10978
|
-
domain: "
|
|
13633
|
+
domain: "nodes",
|
|
10979
13634
|
surfaceClass: "platform_public",
|
|
10980
13635
|
method: "GET",
|
|
10981
|
-
path: "/
|
|
10982
|
-
sdkNamespace: "
|
|
10983
|
-
sdkMethod: "
|
|
10984
|
-
summary: "List
|
|
13636
|
+
path: "/nodes",
|
|
13637
|
+
sdkNamespace: "nodes",
|
|
13638
|
+
sdkMethod: "listEpistemicNodes",
|
|
13639
|
+
summary: "List generic epistemic graph nodes.",
|
|
10985
13640
|
convex: {
|
|
10986
|
-
module: "
|
|
13641
|
+
module: "nodes",
|
|
10987
13642
|
functionName: "list",
|
|
10988
|
-
kind: "query"
|
|
10989
|
-
|
|
13643
|
+
kind: "query",
|
|
13644
|
+
inputProjection: listNodesInput
|
|
13645
|
+
},
|
|
13646
|
+
args: listEpistemicNodesArgs
|
|
10990
13647
|
}),
|
|
10991
13648
|
surfaceContract({
|
|
10992
|
-
name: "
|
|
13649
|
+
name: "update_epistemic_node",
|
|
10993
13650
|
kind: "mutation",
|
|
10994
|
-
domain: "
|
|
13651
|
+
domain: "nodes",
|
|
10995
13652
|
surfaceClass: "platform_public",
|
|
10996
13653
|
method: "PATCH",
|
|
10997
|
-
path: "/
|
|
10998
|
-
sdkNamespace: "
|
|
10999
|
-
sdkMethod: "
|
|
11000
|
-
summary: "Update a
|
|
13654
|
+
path: "/nodes",
|
|
13655
|
+
sdkNamespace: "nodes",
|
|
13656
|
+
sdkMethod: "updateEpistemicNode",
|
|
13657
|
+
summary: "Update a generic epistemic graph node.",
|
|
11001
13658
|
convex: {
|
|
11002
|
-
module: "
|
|
13659
|
+
module: "nodes",
|
|
11003
13660
|
functionName: "update",
|
|
11004
13661
|
kind: "mutation",
|
|
11005
|
-
inputProjection:
|
|
13662
|
+
inputProjection: updateNodeInput
|
|
11006
13663
|
},
|
|
11007
|
-
args:
|
|
13664
|
+
args: updateEpistemicNodeArgs
|
|
11008
13665
|
}),
|
|
11009
13666
|
surfaceContract({
|
|
11010
|
-
name: "
|
|
11011
|
-
kind: "
|
|
11012
|
-
domain: "
|
|
13667
|
+
name: "archive_epistemic_node",
|
|
13668
|
+
kind: "mutation",
|
|
13669
|
+
domain: "nodes",
|
|
11013
13670
|
surfaceClass: "platform_public",
|
|
11014
|
-
|
|
11015
|
-
|
|
11016
|
-
|
|
11017
|
-
|
|
11018
|
-
summary: "Get a topic tree.",
|
|
13671
|
+
path: "/nodes/archive",
|
|
13672
|
+
sdkNamespace: "nodes",
|
|
13673
|
+
sdkMethod: "archiveEpistemicNode",
|
|
13674
|
+
summary: "Archive a generic epistemic graph node.",
|
|
11019
13675
|
convex: {
|
|
11020
|
-
module: "
|
|
11021
|
-
functionName: "
|
|
11022
|
-
kind: "
|
|
11023
|
-
|
|
13676
|
+
module: "nodes",
|
|
13677
|
+
functionName: "archive",
|
|
13678
|
+
kind: "mutation",
|
|
13679
|
+
inputProjection: archiveNodeInput
|
|
13680
|
+
},
|
|
13681
|
+
args: archiveEpistemicNodeArgs
|
|
13682
|
+
}),
|
|
13683
|
+
surfaceContract({
|
|
13684
|
+
name: "verify_epistemic_node",
|
|
13685
|
+
kind: "mutation",
|
|
13686
|
+
domain: "nodes",
|
|
13687
|
+
surfaceClass: "platform_public",
|
|
13688
|
+
path: "/nodes/verify",
|
|
13689
|
+
sdkNamespace: "nodes",
|
|
13690
|
+
sdkMethod: "verifyEpistemicNode",
|
|
13691
|
+
summary: "Verify a generic epistemic graph node.",
|
|
13692
|
+
convex: {
|
|
13693
|
+
module: "nodes",
|
|
13694
|
+
functionName: "verify",
|
|
13695
|
+
kind: "mutation",
|
|
13696
|
+
inputProjection: verifyNodeInput
|
|
13697
|
+
},
|
|
13698
|
+
args: verifyEpistemicNodeArgs
|
|
13699
|
+
}),
|
|
13700
|
+
surfaceContract({
|
|
13701
|
+
name: "supersede_epistemic_node",
|
|
13702
|
+
kind: "mutation",
|
|
13703
|
+
domain: "nodes",
|
|
13704
|
+
surfaceClass: "platform_public",
|
|
13705
|
+
path: "/nodes/supersede",
|
|
13706
|
+
sdkNamespace: "nodes",
|
|
13707
|
+
sdkMethod: "supersedeEpistemicNode",
|
|
13708
|
+
summary: "Supersede a generic epistemic graph node.",
|
|
13709
|
+
convex: {
|
|
13710
|
+
module: "nodes",
|
|
13711
|
+
functionName: "supersede",
|
|
13712
|
+
kind: "mutation",
|
|
13713
|
+
inputProjection: supersedeNodeInput
|
|
13714
|
+
},
|
|
13715
|
+
args: supersedeEpistemicNodeArgs
|
|
13716
|
+
}),
|
|
13717
|
+
surfaceContract({
|
|
13718
|
+
name: "batch_create_epistemic_nodes",
|
|
13719
|
+
kind: "mutation",
|
|
13720
|
+
domain: "nodes",
|
|
13721
|
+
surfaceClass: "platform_public",
|
|
13722
|
+
path: "/nodes/batch",
|
|
13723
|
+
sdkNamespace: "nodes",
|
|
13724
|
+
sdkMethod: "batchCreateEpistemicNodes",
|
|
13725
|
+
summary: "Batch create generic epistemic graph nodes.",
|
|
13726
|
+
convex: {
|
|
13727
|
+
module: "nodes",
|
|
13728
|
+
functionName: "batchCreate",
|
|
13729
|
+
kind: "mutation",
|
|
13730
|
+
inputProjection: batchCreateNodesInput
|
|
13731
|
+
},
|
|
13732
|
+
args: batchCreateEpistemicNodesArgs
|
|
11024
13733
|
})
|
|
11025
13734
|
];
|
|
11026
13735
|
var lensPerspectiveSchema = z.enum([
|
|
@@ -11380,6 +14089,19 @@ var worktreeEvidenceSignalInputSchema = z.object({
|
|
|
11380
14089
|
progress: z.string().optional().describe("Collection progress note for the signal."),
|
|
11381
14090
|
notes: z.string().optional().describe("Additional evidence collection notes.")
|
|
11382
14091
|
}).passthrough().describe("Evidence signal embedded in the worktree plan.");
|
|
14092
|
+
var worktreeDocCompanionTargetSchema = z.object({
|
|
14093
|
+
docPath: z.string().describe(
|
|
14094
|
+
"Repo-relative path to a documentation file the worktree promises to update."
|
|
14095
|
+
),
|
|
14096
|
+
sectionAnchor: z.string().optional().describe(
|
|
14097
|
+
"Markdown heading anchor (e.g. '## Function-surface manifest') that scopes the promised update."
|
|
14098
|
+
),
|
|
14099
|
+
reason: z.string().describe(
|
|
14100
|
+
"Why this doc section must be updated for the worktree to be complete."
|
|
14101
|
+
)
|
|
14102
|
+
}).passthrough().describe(
|
|
14103
|
+
"Intent-driven docs companion target. pr-gate-reviewer verifies that the PR actually touches each declared (docPath, sectionAnchor). Distinct from the touch-driven docs-loop. See docs/development/docs-sync-discipline.md Lock 3."
|
|
14104
|
+
);
|
|
11383
14105
|
var worktreeDecisionGateInputSchema = z.object({
|
|
11384
14106
|
goCriteria: z.array(z.string()).describe("Criteria that must hold for the worktree to proceed."),
|
|
11385
14107
|
noGoSignals: z.array(z.string()).describe("Signals that stop or redirect the worktree."),
|
|
@@ -11412,6 +14134,9 @@ var addWorktreeArgs = z.object({
|
|
|
11412
14134
|
keyQuestions: z.array(worktreeKeyQuestionInputSchema).optional().describe("Inline key questions captured as part of the worktree plan."),
|
|
11413
14135
|
evidenceSignals: z.array(worktreeEvidenceSignalInputSchema).optional().describe("Evidence signals the worktree needs to collect or validate."),
|
|
11414
14136
|
decisionGate: worktreeDecisionGateInputSchema.optional(),
|
|
14137
|
+
docCompanionTargets: z.array(worktreeDocCompanionTargetSchema).optional().describe(
|
|
14138
|
+
"Doc sections the worktree promises to update at PR time. Enforced by pr-gate-reviewer (Lock 3)."
|
|
14139
|
+
),
|
|
11415
14140
|
goCriteria: z.array(z.string()).optional().describe("Shorthand go criteria used to build decisionGate."),
|
|
11416
14141
|
noGoSignals: z.array(z.string()).optional().describe("Shorthand no-go signals used to build decisionGate."),
|
|
11417
14142
|
proofArtifacts: z.array(z.unknown()).optional().describe("Expected proof artifacts required to close the worktree."),
|
|
@@ -11775,7 +14500,21 @@ var createTaskArgs = z.object({
|
|
|
11775
14500
|
linkedQuestionId: z.string().optional().describe("Question this task addresses."),
|
|
11776
14501
|
assigneeId: z.string().optional().describe("Principal assigned to the task."),
|
|
11777
14502
|
dueDate: z.number().optional().describe("Due date as epoch milliseconds."),
|
|
11778
|
-
tags: z.array(z.string()).optional().describe("Free-form tags.")
|
|
14503
|
+
tags: z.array(z.string()).optional().describe("Free-form tags."),
|
|
14504
|
+
metadata: z.record(z.unknown()).optional().describe("Structured task metadata for handoff context and routing hints.")
|
|
14505
|
+
});
|
|
14506
|
+
var updateTaskArgs = z.object({
|
|
14507
|
+
taskId: z.string().describe("Task to update."),
|
|
14508
|
+
title: z.string().optional().describe("Updated task title."),
|
|
14509
|
+
description: z.string().optional().describe("Updated task description."),
|
|
14510
|
+
priority: taskPrioritySchema.optional().describe("Updated priority."),
|
|
14511
|
+
status: taskStatusSchema2.optional().describe("Updated status."),
|
|
14512
|
+
linkedWorktreeId: z.string().optional().describe("Worktree this task belongs to."),
|
|
14513
|
+
linkedBeliefId: z.string().optional().describe("Belief this task supports."),
|
|
14514
|
+
linkedQuestionId: z.string().optional().describe("Question this task addresses."),
|
|
14515
|
+
assigneeId: z.string().optional().describe("Principal assigned to the task."),
|
|
14516
|
+
blockedReason: z.string().optional().describe("Reason the task is blocked or deferred."),
|
|
14517
|
+
metadata: z.record(z.unknown()).optional().describe("Structured task metadata for handoff context and routing hints.")
|
|
11779
14518
|
});
|
|
11780
14519
|
var createTaskInput = (input) => compactRecord4({
|
|
11781
14520
|
title: input.title,
|
|
@@ -11789,7 +14528,8 @@ var createTaskInput = (input) => compactRecord4({
|
|
|
11789
14528
|
linkedQuestionId: input.linkedQuestionId,
|
|
11790
14529
|
assigneeId: input.assigneeId,
|
|
11791
14530
|
dueDate: input.dueDate,
|
|
11792
|
-
tags: input.tags
|
|
14531
|
+
tags: input.tags,
|
|
14532
|
+
metadata: input.metadata
|
|
11793
14533
|
});
|
|
11794
14534
|
var taskInput = (input) => compactRecord4({
|
|
11795
14535
|
...input,
|
|
@@ -11806,8 +14546,7 @@ var taskTopicInput = (input) => {
|
|
|
11806
14546
|
};
|
|
11807
14547
|
var completeTaskInput = (input) => compactRecord4({
|
|
11808
14548
|
taskId: input.taskId ?? input.id,
|
|
11809
|
-
outputSummary: input.outputSummary ?? input.summary
|
|
11810
|
-
userId: input.userId
|
|
14549
|
+
outputSummary: input.outputSummary ?? input.summary
|
|
11811
14550
|
});
|
|
11812
14551
|
var tasksContracts = [
|
|
11813
14552
|
surfaceContract({
|
|
@@ -11825,6 +14564,7 @@ var tasksContracts = [
|
|
|
11825
14564
|
kind: "mutation",
|
|
11826
14565
|
inputProjection: createTaskInput
|
|
11827
14566
|
},
|
|
14567
|
+
gateway: { handler: "tasks.create" },
|
|
11828
14568
|
args: createTaskArgs
|
|
11829
14569
|
}),
|
|
11830
14570
|
surfaceContract({
|
|
@@ -11843,6 +14583,7 @@ var tasksContracts = [
|
|
|
11843
14583
|
kind: "query",
|
|
11844
14584
|
inputProjection: taskTopicInput
|
|
11845
14585
|
},
|
|
14586
|
+
gateway: { handler: "tasks.list" },
|
|
11846
14587
|
args: listTasksInputSchema
|
|
11847
14588
|
}),
|
|
11848
14589
|
surfaceContract({
|
|
@@ -11860,7 +14601,9 @@ var tasksContracts = [
|
|
|
11860
14601
|
functionName: "update",
|
|
11861
14602
|
kind: "mutation",
|
|
11862
14603
|
inputProjection: taskInput
|
|
11863
|
-
}
|
|
14604
|
+
},
|
|
14605
|
+
gateway: { handler: "tasks.update" },
|
|
14606
|
+
args: updateTaskArgs
|
|
11864
14607
|
}),
|
|
11865
14608
|
surfaceContract({
|
|
11866
14609
|
name: "complete_task",
|
|
@@ -11876,22 +14619,54 @@ var tasksContracts = [
|
|
|
11876
14619
|
functionName: "complete",
|
|
11877
14620
|
kind: "mutation",
|
|
11878
14621
|
inputProjection: completeTaskInput
|
|
11879
|
-
}
|
|
14622
|
+
},
|
|
14623
|
+
gateway: { handler: "tasks.complete" }
|
|
11880
14624
|
})
|
|
11881
14625
|
];
|
|
14626
|
+
var CREATE_EDGE_TYPES = edgePolicyManifest.policies.map(
|
|
14627
|
+
(policy) => policy.edgeType
|
|
14628
|
+
);
|
|
14629
|
+
var REASONING_METHOD_TYPES = [...REASONING_METHODS];
|
|
11882
14630
|
var createEdgeArgs = z.object({
|
|
11883
14631
|
from: GraphRefSchema,
|
|
11884
14632
|
to: GraphRefSchema,
|
|
11885
|
-
edgeType: z.
|
|
14633
|
+
edgeType: z.enum(CREATE_EDGE_TYPES),
|
|
11886
14634
|
globalId: z.string().optional(),
|
|
11887
14635
|
weight: z.number().optional(),
|
|
11888
14636
|
confidence: z.number().optional(),
|
|
11889
14637
|
context: z.string().optional(),
|
|
11890
14638
|
reasoning: z.string().optional(),
|
|
14639
|
+
reasoningMethod: z.enum(REASONING_METHOD_TYPES).optional(),
|
|
11891
14640
|
derivationType: z.string().optional(),
|
|
14641
|
+
metadata: z.record(z.unknown()).optional(),
|
|
11892
14642
|
topicId: z.string().optional(),
|
|
11893
14643
|
trustedBypassAccessCheck: z.boolean().optional()
|
|
11894
14644
|
});
|
|
14645
|
+
var updateEdgeArgs = z.object({
|
|
14646
|
+
edgeId: z.string().describe("Edge ID or global ID."),
|
|
14647
|
+
weight: z.number().optional(),
|
|
14648
|
+
confidence: z.number().optional(),
|
|
14649
|
+
context: z.string().optional(),
|
|
14650
|
+
reasoning: z.string().optional(),
|
|
14651
|
+
derivationType: z.string().optional(),
|
|
14652
|
+
metadata: z.record(z.unknown()).optional(),
|
|
14653
|
+
userId: z.string().optional()
|
|
14654
|
+
});
|
|
14655
|
+
var removeEdgeArgs = z.object({
|
|
14656
|
+
edgeId: z.string().describe("Edge ID or global ID."),
|
|
14657
|
+
userId: z.string().optional()
|
|
14658
|
+
});
|
|
14659
|
+
var removeEdgesBetweenArgs = z.object({
|
|
14660
|
+
from: GraphRefSchema.optional(),
|
|
14661
|
+
to: GraphRefSchema.optional(),
|
|
14662
|
+
fromNodeId: z.string().optional(),
|
|
14663
|
+
toNodeId: z.string().optional(),
|
|
14664
|
+
edgeType: z.enum(CREATE_EDGE_TYPES).optional()
|
|
14665
|
+
});
|
|
14666
|
+
var batchCreateEdgesArgs = z.object({
|
|
14667
|
+
edges: z.array(createEdgeArgs),
|
|
14668
|
+
skipLayerValidation: z.boolean().optional()
|
|
14669
|
+
});
|
|
11895
14670
|
var queryLineageArgs = z.object({
|
|
11896
14671
|
nodeId: z.string().describe("Starting node to trace from."),
|
|
11897
14672
|
startNode: z.string().optional().describe("Starting node alias accepted by traversal callers."),
|
|
@@ -11940,7 +14715,9 @@ var edgesContracts = [
|
|
|
11940
14715
|
weight: parsed.weight,
|
|
11941
14716
|
confidence: parsed.confidence,
|
|
11942
14717
|
context: parsed.context ?? parsed.reasoning,
|
|
14718
|
+
reasoningMethod: parsed.reasoningMethod,
|
|
11943
14719
|
derivationType: parsed.derivationType,
|
|
14720
|
+
metadata: parsed.metadata,
|
|
11944
14721
|
skipLayerValidation: true,
|
|
11945
14722
|
topicId: parsed.topicId,
|
|
11946
14723
|
trustedBypassAccessCheck: parsed.trustedBypassAccessCheck
|
|
@@ -11951,6 +14728,131 @@ var edgesContracts = [
|
|
|
11951
14728
|
},
|
|
11952
14729
|
args: createEdgeArgs
|
|
11953
14730
|
}),
|
|
14731
|
+
surfaceContract({
|
|
14732
|
+
name: "update_edge",
|
|
14733
|
+
kind: "mutation",
|
|
14734
|
+
domain: "edges",
|
|
14735
|
+
surfaceClass: "platform_public",
|
|
14736
|
+
method: "PATCH",
|
|
14737
|
+
path: "/edges",
|
|
14738
|
+
sdkNamespace: "edges",
|
|
14739
|
+
sdkMethod: "updateEdge",
|
|
14740
|
+
summary: "Update an epistemic edge.",
|
|
14741
|
+
convex: {
|
|
14742
|
+
module: "edges",
|
|
14743
|
+
functionName: "update",
|
|
14744
|
+
kind: "mutation",
|
|
14745
|
+
inputProjection: (input, context) => compactRecord4({
|
|
14746
|
+
edgeId: input.edgeId,
|
|
14747
|
+
weight: input.weight,
|
|
14748
|
+
confidence: input.confidence,
|
|
14749
|
+
context: input.context ?? input.reasoning,
|
|
14750
|
+
derivationType: input.derivationType,
|
|
14751
|
+
metadata: input.metadata,
|
|
14752
|
+
userId: input.userId ?? context.userId ?? context.principalId
|
|
14753
|
+
})
|
|
14754
|
+
},
|
|
14755
|
+
args: updateEdgeArgs
|
|
14756
|
+
}),
|
|
14757
|
+
surfaceContract({
|
|
14758
|
+
name: "remove_edge",
|
|
14759
|
+
kind: "mutation",
|
|
14760
|
+
domain: "edges",
|
|
14761
|
+
surfaceClass: "platform_public",
|
|
14762
|
+
method: "DELETE",
|
|
14763
|
+
path: "/edges",
|
|
14764
|
+
sdkNamespace: "edges",
|
|
14765
|
+
sdkMethod: "removeEdge",
|
|
14766
|
+
summary: "Remove an epistemic edge.",
|
|
14767
|
+
convex: {
|
|
14768
|
+
module: "edges",
|
|
14769
|
+
functionName: "remove",
|
|
14770
|
+
kind: "mutation",
|
|
14771
|
+
inputProjection: (input, context) => compactRecord4({
|
|
14772
|
+
edgeId: input.edgeId,
|
|
14773
|
+
userId: input.userId ?? context.userId ?? context.principalId
|
|
14774
|
+
})
|
|
14775
|
+
},
|
|
14776
|
+
args: removeEdgeArgs
|
|
14777
|
+
}),
|
|
14778
|
+
surfaceContract({
|
|
14779
|
+
name: "remove_edges_between",
|
|
14780
|
+
kind: "mutation",
|
|
14781
|
+
domain: "edges",
|
|
14782
|
+
surfaceClass: "platform_public",
|
|
14783
|
+
method: "DELETE",
|
|
14784
|
+
path: "/edges/between",
|
|
14785
|
+
sdkNamespace: "edges",
|
|
14786
|
+
sdkMethod: "removeEdgesBetween",
|
|
14787
|
+
summary: "Remove epistemic edges between two nodes.",
|
|
14788
|
+
convex: {
|
|
14789
|
+
module: "edges",
|
|
14790
|
+
functionName: "removeBetween",
|
|
14791
|
+
kind: "mutation",
|
|
14792
|
+
inputProjection: (input) => {
|
|
14793
|
+
const parsed = removeEdgesBetweenArgs.parse(input);
|
|
14794
|
+
const fromNodeId = parsed.from ? graphRefNodeId(parsed.from) : parsed.fromNodeId;
|
|
14795
|
+
const toNodeId = parsed.to ? graphRefNodeId(parsed.to) : parsed.toNodeId;
|
|
14796
|
+
if (!fromNodeId || !toNodeId) {
|
|
14797
|
+
throw new Error("from/to or fromNodeId/toNodeId are required.");
|
|
14798
|
+
}
|
|
14799
|
+
return compactRecord4({
|
|
14800
|
+
fromNodeId,
|
|
14801
|
+
toNodeId,
|
|
14802
|
+
edgeType: parsed.edgeType
|
|
14803
|
+
});
|
|
14804
|
+
}
|
|
14805
|
+
},
|
|
14806
|
+
args: removeEdgesBetweenArgs
|
|
14807
|
+
}),
|
|
14808
|
+
surfaceContract({
|
|
14809
|
+
name: "batch_create_edges",
|
|
14810
|
+
kind: "mutation",
|
|
14811
|
+
domain: "edges",
|
|
14812
|
+
surfaceClass: "platform_public",
|
|
14813
|
+
path: "/edges/batch",
|
|
14814
|
+
sdkNamespace: "edges",
|
|
14815
|
+
sdkMethod: "batchCreateEdges",
|
|
14816
|
+
summary: "Batch create epistemic edges.",
|
|
14817
|
+
convex: {
|
|
14818
|
+
module: "edges",
|
|
14819
|
+
functionName: "batchCreate",
|
|
14820
|
+
kind: "mutation",
|
|
14821
|
+
inputProjection: (input, context) => {
|
|
14822
|
+
const parsed = batchCreateEdgesArgs.parse(input);
|
|
14823
|
+
return {
|
|
14824
|
+
skipLayerValidation: parsed.skipLayerValidation ?? true,
|
|
14825
|
+
edges: parsed.edges.map((edge) => {
|
|
14826
|
+
assertEdgePolicyAllowed(
|
|
14827
|
+
edgePolicyManifest,
|
|
14828
|
+
edge.edgeType,
|
|
14829
|
+
edge.from,
|
|
14830
|
+
edge.to
|
|
14831
|
+
);
|
|
14832
|
+
const fromNodeId = graphRefNodeId(edge.from);
|
|
14833
|
+
const toNodeId = graphRefNodeId(edge.to);
|
|
14834
|
+
return withCreatedBy(
|
|
14835
|
+
compactRecord4({
|
|
14836
|
+
fromNodeId,
|
|
14837
|
+
toNodeId,
|
|
14838
|
+
edgeType: edge.edgeType,
|
|
14839
|
+
globalId: edge.globalId ?? `edge:${fromNodeId}:${toNodeId}:${edge.edgeType}`,
|
|
14840
|
+
weight: edge.weight,
|
|
14841
|
+
confidence: edge.confidence,
|
|
14842
|
+
context: edge.context ?? edge.reasoning,
|
|
14843
|
+
reasoningMethod: edge.reasoningMethod,
|
|
14844
|
+
derivationType: edge.derivationType,
|
|
14845
|
+
metadata: edge.metadata,
|
|
14846
|
+
topicId: edge.topicId
|
|
14847
|
+
}),
|
|
14848
|
+
context
|
|
14849
|
+
);
|
|
14850
|
+
})
|
|
14851
|
+
};
|
|
14852
|
+
}
|
|
14853
|
+
},
|
|
14854
|
+
args: batchCreateEdgesArgs
|
|
14855
|
+
}),
|
|
11954
14856
|
surfaceContract({
|
|
11955
14857
|
name: "query_lineage",
|
|
11956
14858
|
kind: "query",
|
|
@@ -12673,6 +15575,69 @@ var pipelineContracts = [
|
|
|
12673
15575
|
}
|
|
12674
15576
|
})
|
|
12675
15577
|
];
|
|
15578
|
+
function isRecord3(value) {
|
|
15579
|
+
return Boolean(value) && typeof value === "object" && !Array.isArray(value);
|
|
15580
|
+
}
|
|
15581
|
+
function stringValues(value) {
|
|
15582
|
+
if (typeof value === "string") {
|
|
15583
|
+
return [value];
|
|
15584
|
+
}
|
|
15585
|
+
if (Array.isArray(value)) {
|
|
15586
|
+
return value.flatMap((item) => stringValues(item));
|
|
15587
|
+
}
|
|
15588
|
+
return [];
|
|
15589
|
+
}
|
|
15590
|
+
function nestedEvidenceRows(value) {
|
|
15591
|
+
if (Array.isArray(value)) {
|
|
15592
|
+
return value.flatMap((item) => nestedEvidenceRows(item));
|
|
15593
|
+
}
|
|
15594
|
+
if (!isRecord3(value)) {
|
|
15595
|
+
return [];
|
|
15596
|
+
}
|
|
15597
|
+
const nestedKeys = ["evidence", "items", "nodes"];
|
|
15598
|
+
const nestedRows = nestedKeys.flatMap((key) => nestedEvidenceRows(value[key]));
|
|
15599
|
+
return nestedRows.length > 0 ? nestedRows : [value];
|
|
15600
|
+
}
|
|
15601
|
+
function isFailedAttemptRow(row) {
|
|
15602
|
+
const metadata = isRecord3(row.metadata) ? row.metadata : null;
|
|
15603
|
+
return metadata?.failedApproach === true || metadata?.isFailedAttempt === true;
|
|
15604
|
+
}
|
|
15605
|
+
function failureLogSearchFields(row) {
|
|
15606
|
+
const metadata = isRecord3(row.metadata) ? row.metadata : null;
|
|
15607
|
+
return [
|
|
15608
|
+
...stringValues(row.id),
|
|
15609
|
+
...stringValues(row._id),
|
|
15610
|
+
...stringValues(row.title),
|
|
15611
|
+
...stringValues(row.text),
|
|
15612
|
+
...stringValues(row.canonicalText),
|
|
15613
|
+
...stringValues(row.content),
|
|
15614
|
+
...stringValues(metadata?.codeAnchor),
|
|
15615
|
+
...stringValues(metadata?.codeAnchors),
|
|
15616
|
+
...stringValues(metadata?.anchor),
|
|
15617
|
+
...stringValues(metadata?.anchors),
|
|
15618
|
+
...stringValues(metadata?.filePath),
|
|
15619
|
+
...stringValues(metadata?.filePaths),
|
|
15620
|
+
...stringValues(metadata?.path),
|
|
15621
|
+
...stringValues(metadata?.paths),
|
|
15622
|
+
...stringValues(metadata?.sourceRef),
|
|
15623
|
+
...stringValues(metadata?.touchedPaths)
|
|
15624
|
+
];
|
|
15625
|
+
}
|
|
15626
|
+
function projectFailureLog(output, input) {
|
|
15627
|
+
const rawQuery = typeof input.query === "string" && input.query.trim().length > 0 ? input.query.trim() : void 0;
|
|
15628
|
+
const searchKey = rawQuery?.toLowerCase();
|
|
15629
|
+
const failures = nestedEvidenceRows(output).filter((row) => isFailedAttemptRow(row)).filter(
|
|
15630
|
+
(row) => !searchKey ? true : failureLogSearchFields(row).some(
|
|
15631
|
+
(field) => field.toLowerCase().includes(searchKey)
|
|
15632
|
+
)
|
|
15633
|
+
);
|
|
15634
|
+
return {
|
|
15635
|
+
query: rawQuery,
|
|
15636
|
+
failures,
|
|
15637
|
+
totalFound: failures.length,
|
|
15638
|
+
showing: failures.length
|
|
15639
|
+
};
|
|
15640
|
+
}
|
|
12676
15641
|
var recordScopeLearningArgs = z.object({
|
|
12677
15642
|
topicId: z.string().optional().describe("Topic scope ID"),
|
|
12678
15643
|
summary: z.string().describe("Atomic learning statement"),
|
|
@@ -12762,6 +15727,8 @@ var attemptInput = (input, context) => withUserId(
|
|
|
12762
15727
|
tags: ["code_attempt"],
|
|
12763
15728
|
metadata: compactRecord4({
|
|
12764
15729
|
...recordValue2(input.metadata),
|
|
15730
|
+
failedApproach: true,
|
|
15731
|
+
isFailedAttempt: true,
|
|
12765
15732
|
filePaths: input.filePaths,
|
|
12766
15733
|
filePath: input.filePath,
|
|
12767
15734
|
errorMessage: input.errorMessage,
|
|
@@ -12892,7 +15859,8 @@ var codingContracts = [
|
|
|
12892
15859
|
limit: input.limit,
|
|
12893
15860
|
status: input.status,
|
|
12894
15861
|
userId: input.userId
|
|
12895
|
-
})
|
|
15862
|
+
}),
|
|
15863
|
+
outputProjection: (output, input) => projectFailureLog(output, input)
|
|
12896
15864
|
}
|
|
12897
15865
|
})
|
|
12898
15866
|
];
|
|
@@ -12929,6 +15897,7 @@ var ALL_FUNCTION_CONTRACTS = [
|
|
|
12929
15897
|
...evidenceContracts,
|
|
12930
15898
|
...questionsContracts,
|
|
12931
15899
|
...topicsContracts,
|
|
15900
|
+
...nodesContracts,
|
|
12932
15901
|
...lensesContracts,
|
|
12933
15902
|
...ontologiesContracts,
|
|
12934
15903
|
...worktreesContracts,
|
|
@@ -13104,6 +16073,13 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13104
16073
|
copyMode: "none",
|
|
13105
16074
|
description: "Deliberation sessions are created by tenant workflows."
|
|
13106
16075
|
},
|
|
16076
|
+
{
|
|
16077
|
+
component: "kernel",
|
|
16078
|
+
table: "domainEvents",
|
|
16079
|
+
prepopulation: "runtime_log",
|
|
16080
|
+
copyMode: "none",
|
|
16081
|
+
description: "Domain event rows are append-only runtime audit/exhaust data."
|
|
16082
|
+
},
|
|
13107
16083
|
{
|
|
13108
16084
|
component: "kernel",
|
|
13109
16085
|
table: "epistemicAudit",
|
|
@@ -13353,14 +16329,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13353
16329
|
description: "Worktrees are tenant/runtime planning data."
|
|
13354
16330
|
},
|
|
13355
16331
|
{
|
|
13356
|
-
component: "
|
|
16332
|
+
component: "control-plane",
|
|
13357
16333
|
table: "agents",
|
|
13358
16334
|
prepopulation: "runtime_bootstrap",
|
|
13359
16335
|
copyMode: "none",
|
|
13360
16336
|
description: "Service agents are provisioned per tenant or service, not copied."
|
|
13361
16337
|
},
|
|
13362
16338
|
{
|
|
13363
|
-
component: "
|
|
16339
|
+
component: "control-plane",
|
|
13364
16340
|
table: "mcpWritePolicy",
|
|
13365
16341
|
prepopulation: "required_template",
|
|
13366
16342
|
copyMode: "template_global",
|
|
@@ -13369,14 +16345,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13369
16345
|
description: "Global write policy defaults govern service and interactive MCP writes."
|
|
13370
16346
|
},
|
|
13371
16347
|
{
|
|
13372
|
-
component: "
|
|
16348
|
+
component: "control-plane",
|
|
13373
16349
|
table: "modelCallLogs",
|
|
13374
16350
|
prepopulation: "runtime_log",
|
|
13375
16351
|
copyMode: "none",
|
|
13376
16352
|
description: "Model call logs are runtime telemetry."
|
|
13377
16353
|
},
|
|
13378
16354
|
{
|
|
13379
|
-
component: "
|
|
16355
|
+
component: "control-plane",
|
|
13380
16356
|
table: "modelFunctionSlots",
|
|
13381
16357
|
prepopulation: "required_template",
|
|
13382
16358
|
copyMode: "template_global",
|
|
@@ -13385,7 +16361,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13385
16361
|
description: "Function-to-model slots are required by model runtime resolution."
|
|
13386
16362
|
},
|
|
13387
16363
|
{
|
|
13388
|
-
component: "
|
|
16364
|
+
component: "control-plane",
|
|
13389
16365
|
table: "modelRegistry",
|
|
13390
16366
|
prepopulation: "required_template",
|
|
13391
16367
|
copyMode: "template_global",
|
|
@@ -13394,7 +16370,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13394
16370
|
description: "Model catalog defaults are required by model runtime clients."
|
|
13395
16371
|
},
|
|
13396
16372
|
{
|
|
13397
|
-
component: "
|
|
16373
|
+
component: "control-plane",
|
|
13398
16374
|
table: "modelSlotConfigs",
|
|
13399
16375
|
prepopulation: "required_template",
|
|
13400
16376
|
copyMode: "template_global",
|
|
@@ -13403,14 +16379,105 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13403
16379
|
description: "Slot-level defaults are required before tenant overrides exist."
|
|
13404
16380
|
},
|
|
13405
16381
|
{
|
|
13406
|
-
component: "
|
|
16382
|
+
component: "control-plane",
|
|
16383
|
+
table: "permitAccessReviewItems",
|
|
16384
|
+
prepopulation: "runtime_data",
|
|
16385
|
+
copyMode: "none",
|
|
16386
|
+
description: "Permit access-review item rows are tenant review data projected from Permit."
|
|
16387
|
+
},
|
|
16388
|
+
{
|
|
16389
|
+
component: "control-plane",
|
|
16390
|
+
table: "permitAccessReviews",
|
|
16391
|
+
prepopulation: "runtime_data",
|
|
16392
|
+
copyMode: "none",
|
|
16393
|
+
description: "Permit access-review campaigns are tenant review data projected from Permit."
|
|
16394
|
+
},
|
|
16395
|
+
{
|
|
16396
|
+
component: "control-plane",
|
|
16397
|
+
table: "permitAttributeBindings",
|
|
16398
|
+
prepopulation: "runtime_data",
|
|
16399
|
+
copyMode: "none",
|
|
16400
|
+
description: "Permit ABAC attribute bindings are tenant policy projection rows."
|
|
16401
|
+
},
|
|
16402
|
+
{
|
|
16403
|
+
component: "control-plane",
|
|
16404
|
+
table: "permitGroups",
|
|
16405
|
+
prepopulation: "runtime_data",
|
|
16406
|
+
copyMode: "none",
|
|
16407
|
+
description: "Permit groups are tenant-defined policy subjects, not template data."
|
|
16408
|
+
},
|
|
16409
|
+
{
|
|
16410
|
+
component: "control-plane",
|
|
16411
|
+
table: "permitGroupMemberships",
|
|
16412
|
+
prepopulation: "runtime_data",
|
|
16413
|
+
copyMode: "none",
|
|
16414
|
+
description: "Permit group memberships are tenant-specific policy projection rows."
|
|
16415
|
+
},
|
|
16416
|
+
{
|
|
16417
|
+
component: "control-plane",
|
|
16418
|
+
table: "permitPolicyBundles",
|
|
16419
|
+
prepopulation: "runtime_derived",
|
|
16420
|
+
copyMode: "none",
|
|
16421
|
+
description: "Permit policy bundles are derived from the Permit control plane."
|
|
16422
|
+
},
|
|
16423
|
+
{
|
|
16424
|
+
component: "control-plane",
|
|
16425
|
+
table: "permitPolicyDecisionReceipts",
|
|
16426
|
+
prepopulation: "runtime_log",
|
|
16427
|
+
copyMode: "none",
|
|
16428
|
+
description: "Permit decision receipts are runtime authorization audit logs."
|
|
16429
|
+
},
|
|
16430
|
+
{
|
|
16431
|
+
component: "control-plane",
|
|
16432
|
+
table: "permitPrincipalAliases",
|
|
16433
|
+
prepopulation: "runtime_data",
|
|
16434
|
+
copyMode: "none",
|
|
16435
|
+
description: "Permit principal aliases are tenant-specific identity projection rows."
|
|
16436
|
+
},
|
|
16437
|
+
{
|
|
16438
|
+
component: "control-plane",
|
|
16439
|
+
table: "permitPrincipals",
|
|
16440
|
+
prepopulation: "runtime_data",
|
|
16441
|
+
copyMode: "none",
|
|
16442
|
+
description: "Permit principals are projected from Clerk, Permit, and tenant onboarding flows."
|
|
16443
|
+
},
|
|
16444
|
+
{
|
|
16445
|
+
component: "control-plane",
|
|
16446
|
+
table: "permitProjectionOutbox",
|
|
16447
|
+
prepopulation: "runtime_queue",
|
|
16448
|
+
copyMode: "none",
|
|
16449
|
+
description: "Permit projection outbox rows are runtime sync queue data."
|
|
16450
|
+
},
|
|
16451
|
+
{
|
|
16452
|
+
component: "control-plane",
|
|
16453
|
+
table: "permitRelationshipTuples",
|
|
16454
|
+
prepopulation: "runtime_data",
|
|
16455
|
+
copyMode: "none",
|
|
16456
|
+
description: "Permit ReBAC relationship tuples are tenant policy projection rows."
|
|
16457
|
+
},
|
|
16458
|
+
{
|
|
16459
|
+
component: "control-plane",
|
|
16460
|
+
table: "permitResourceInstances",
|
|
16461
|
+
prepopulation: "runtime_data",
|
|
16462
|
+
copyMode: "none",
|
|
16463
|
+
description: "Permit resource instances are tenant/workspace graph and deployment projection rows."
|
|
16464
|
+
},
|
|
16465
|
+
{
|
|
16466
|
+
component: "control-plane",
|
|
16467
|
+
table: "permitRoleAssignments",
|
|
16468
|
+
prepopulation: "runtime_data",
|
|
16469
|
+
copyMode: "none",
|
|
16470
|
+
description: "Permit role assignments are tenant-specific policy projection rows."
|
|
16471
|
+
},
|
|
16472
|
+
{
|
|
16473
|
+
component: "control-plane",
|
|
13407
16474
|
table: "platformAudienceGrants",
|
|
13408
16475
|
prepopulation: "runtime_data",
|
|
13409
16476
|
copyMode: "none",
|
|
13410
16477
|
description: "Audience grants are principal/group-specific access rows."
|
|
13411
16478
|
},
|
|
13412
16479
|
{
|
|
13413
|
-
component: "
|
|
16480
|
+
component: "control-plane",
|
|
13414
16481
|
table: "platformAudiences",
|
|
13415
16482
|
prepopulation: "required_template",
|
|
13416
16483
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13419,35 +16486,35 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13419
16486
|
description: "Default tenant audience taxonomy rows are rewritten into each tenant."
|
|
13420
16487
|
},
|
|
13421
16488
|
{
|
|
13422
|
-
component: "
|
|
16489
|
+
component: "control-plane",
|
|
13423
16490
|
table: "platformPolicyDecisionLogs",
|
|
13424
16491
|
prepopulation: "runtime_log",
|
|
13425
16492
|
copyMode: "none",
|
|
13426
16493
|
description: "Policy decisions are runtime audit logs."
|
|
13427
16494
|
},
|
|
13428
16495
|
{
|
|
13429
|
-
component: "
|
|
16496
|
+
component: "control-plane",
|
|
13430
16497
|
table: "projectGrants",
|
|
13431
16498
|
prepopulation: "runtime_data",
|
|
13432
16499
|
copyMode: "none",
|
|
13433
16500
|
description: "Project/topic grants are principal or group-specific access rows."
|
|
13434
16501
|
},
|
|
13435
16502
|
{
|
|
13436
|
-
component: "
|
|
16503
|
+
component: "control-plane",
|
|
13437
16504
|
table: "reasoningPermissions",
|
|
13438
16505
|
prepopulation: "runtime_data",
|
|
13439
16506
|
copyMode: "none",
|
|
13440
16507
|
description: "Reasoning permissions are principal-specific policy rows."
|
|
13441
16508
|
},
|
|
13442
16509
|
{
|
|
13443
|
-
component: "
|
|
16510
|
+
component: "control-plane",
|
|
13444
16511
|
table: "tenantApiKeys",
|
|
13445
16512
|
prepopulation: "runtime_secret",
|
|
13446
16513
|
copyMode: "none",
|
|
13447
16514
|
description: "API keys are tenant credentials and must never be copied."
|
|
13448
16515
|
},
|
|
13449
16516
|
{
|
|
13450
|
-
component: "
|
|
16517
|
+
component: "control-plane",
|
|
13451
16518
|
table: "tenantConfig",
|
|
13452
16519
|
prepopulation: "required_template",
|
|
13453
16520
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13456,7 +16523,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13456
16523
|
description: "Tenant-local config defaults are rewritten during bootstrap."
|
|
13457
16524
|
},
|
|
13458
16525
|
{
|
|
13459
|
-
component: "
|
|
16526
|
+
component: "control-plane",
|
|
13460
16527
|
table: "tenantIntegrations",
|
|
13461
16528
|
prepopulation: "required_template",
|
|
13462
16529
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13465,14 +16532,21 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13465
16532
|
description: "Non-secret integration descriptors are rewritten into each tenant."
|
|
13466
16533
|
},
|
|
13467
16534
|
{
|
|
13468
|
-
component: "
|
|
16535
|
+
component: "control-plane",
|
|
13469
16536
|
table: "tenantModelSlotBindings",
|
|
13470
16537
|
prepopulation: "runtime_secret",
|
|
13471
16538
|
copyMode: "none",
|
|
13472
16539
|
description: "Tenant model slot bindings reference provider secrets and are runtime-only."
|
|
13473
16540
|
},
|
|
13474
16541
|
{
|
|
13475
|
-
component: "
|
|
16542
|
+
component: "control-plane",
|
|
16543
|
+
table: "tenantPermitSyncStates",
|
|
16544
|
+
prepopulation: "runtime_derived",
|
|
16545
|
+
copyMode: "none",
|
|
16546
|
+
description: "Tenant Permit sync state rows are runtime reconciliation state."
|
|
16547
|
+
},
|
|
16548
|
+
{
|
|
16549
|
+
component: "control-plane",
|
|
13476
16550
|
table: "tenantPolicies",
|
|
13477
16551
|
prepopulation: "required_template",
|
|
13478
16552
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13481,42 +16555,42 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13481
16555
|
description: "Default tenant policy roles are rewritten during bootstrap."
|
|
13482
16556
|
},
|
|
13483
16557
|
{
|
|
13484
|
-
component: "
|
|
16558
|
+
component: "control-plane",
|
|
13485
16559
|
table: "tenantProviderSecrets",
|
|
13486
16560
|
prepopulation: "runtime_secret",
|
|
13487
16561
|
copyMode: "none",
|
|
13488
16562
|
description: "Provider secrets are credentials and must never be copied."
|
|
13489
16563
|
},
|
|
13490
16564
|
{
|
|
13491
|
-
component: "
|
|
16565
|
+
component: "control-plane",
|
|
13492
16566
|
table: "tenantProxyGatewayUsage",
|
|
13493
16567
|
prepopulation: "runtime_log",
|
|
13494
16568
|
copyMode: "none",
|
|
13495
16569
|
description: "Proxy gateway usage rows are runtime telemetry."
|
|
13496
16570
|
},
|
|
13497
16571
|
{
|
|
13498
|
-
component: "
|
|
16572
|
+
component: "control-plane",
|
|
13499
16573
|
table: "tenantProxyTokenMints",
|
|
13500
16574
|
prepopulation: "runtime_secret",
|
|
13501
16575
|
copyMode: "none",
|
|
13502
16576
|
description: "Proxy token mints are ephemeral secret-bearing runtime rows."
|
|
13503
16577
|
},
|
|
13504
16578
|
{
|
|
13505
|
-
component: "
|
|
16579
|
+
component: "control-plane",
|
|
13506
16580
|
table: "tenantSandboxAuditEvents",
|
|
13507
16581
|
prepopulation: "runtime_log",
|
|
13508
16582
|
copyMode: "none",
|
|
13509
16583
|
description: "Sandbox audit rows are runtime security logs."
|
|
13510
16584
|
},
|
|
13511
16585
|
{
|
|
13512
|
-
component: "
|
|
16586
|
+
component: "control-plane",
|
|
13513
16587
|
table: "tenantSecrets",
|
|
13514
16588
|
prepopulation: "runtime_secret",
|
|
13515
16589
|
copyMode: "none",
|
|
13516
16590
|
description: "Tenant secrets are credentials and must never be copied."
|
|
13517
16591
|
},
|
|
13518
16592
|
{
|
|
13519
|
-
component: "
|
|
16593
|
+
component: "control-plane",
|
|
13520
16594
|
table: "toolAcls",
|
|
13521
16595
|
prepopulation: "required_template",
|
|
13522
16596
|
copyMode: "template_global",
|
|
@@ -13525,7 +16599,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13525
16599
|
description: "Default role-to-tool grants are required for SDK/MCP tool access."
|
|
13526
16600
|
},
|
|
13527
16601
|
{
|
|
13528
|
-
component: "
|
|
16602
|
+
component: "control-plane",
|
|
13529
16603
|
table: "toolRegistry",
|
|
13530
16604
|
prepopulation: "required_template",
|
|
13531
16605
|
copyMode: "template_global",
|
|
@@ -13534,7 +16608,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13534
16608
|
description: "Core tool catalog rows are required before pack or tenant tools exist."
|
|
13535
16609
|
},
|
|
13536
16610
|
{
|
|
13537
|
-
component: "
|
|
16611
|
+
component: "control-plane",
|
|
13538
16612
|
table: "users",
|
|
13539
16613
|
prepopulation: "runtime_bootstrap",
|
|
13540
16614
|
copyMode: "none",
|