@lucern/events 0.3.0-alpha.8 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -2
- package/dist/index.js +3477 -403
- package/dist/index.js.map +1 -1
- package/dist/outbox.js +3477 -403
- package/dist/outbox.js.map +1 -1
- package/dist/types.js +3477 -403
- package/dist/types.js.map +1 -1
- package/dist/webhooks.js +3477 -403
- package/dist/webhooks.js.map +1 -1
- package/package.json +2 -2
package/dist/webhooks.js
CHANGED
|
@@ -1,6 +1,20 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
2
|
import { v } from 'convex/values';
|
|
3
3
|
|
|
4
|
+
// ../contracts/src/types/reasoning-method.ts
|
|
5
|
+
var REASONING_METHODS = [
|
|
6
|
+
"deductive",
|
|
7
|
+
"inductive",
|
|
8
|
+
"abductive",
|
|
9
|
+
"analogical",
|
|
10
|
+
"causal",
|
|
11
|
+
"correlational",
|
|
12
|
+
"testimonial",
|
|
13
|
+
"statistical",
|
|
14
|
+
"implicit",
|
|
15
|
+
"pattern_match"
|
|
16
|
+
];
|
|
17
|
+
|
|
4
18
|
// ../contracts/src/graph-intelligence.contract.ts
|
|
5
19
|
var GRAPH_INTELLIGENCE_MODE_TOOL_NAMES = {
|
|
6
20
|
core: [
|
|
@@ -692,7 +706,7 @@ defineTable({
|
|
|
692
706
|
});
|
|
693
707
|
defineTable({
|
|
694
708
|
name: "agents",
|
|
695
|
-
component: "
|
|
709
|
+
component: "control-plane",
|
|
696
710
|
category: "agent",
|
|
697
711
|
shape: z.object({
|
|
698
712
|
"slug": z.string(),
|
|
@@ -723,6 +737,8 @@ defineTable({
|
|
|
723
737
|
category: "tenant",
|
|
724
738
|
shape: z.object({
|
|
725
739
|
"tenantId": idOf("tenants"),
|
|
740
|
+
"workspaceId": idOf("workspaces").optional(),
|
|
741
|
+
"environment": z.enum(["dev", "staging", "prod"]).optional(),
|
|
726
742
|
"keyPrefix": z.enum(["luc", "stk"]),
|
|
727
743
|
"keyHash": z.string(),
|
|
728
744
|
"keyHint": z.string(),
|
|
@@ -750,7 +766,7 @@ defineTable({
|
|
|
750
766
|
shape: z.object({
|
|
751
767
|
"tenantId": idOf("tenants").optional(),
|
|
752
768
|
"apiKeyId": idOf("apiKeys").optional(),
|
|
753
|
-
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
769
|
+
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "tenant_clerk_organization_linked", "tenant_canonical_identity_repaired", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
754
770
|
"actorClerkId": z.string(),
|
|
755
771
|
"details": z.any().optional(),
|
|
756
772
|
"createdAt": z.number()
|
|
@@ -974,6 +990,35 @@ defineTable({
|
|
|
974
990
|
{ kind: "index", name: "by_source", columns: ["source"] }
|
|
975
991
|
]
|
|
976
992
|
});
|
|
993
|
+
defineTable({
|
|
994
|
+
name: "domainEvents",
|
|
995
|
+
component: "kernel",
|
|
996
|
+
category: "events",
|
|
997
|
+
shape: z.object({
|
|
998
|
+
"eventId": z.string(),
|
|
999
|
+
"type": z.string(),
|
|
1000
|
+
"version": z.string(),
|
|
1001
|
+
"timestamp": z.number(),
|
|
1002
|
+
"tenantId": z.string().optional(),
|
|
1003
|
+
"workspaceId": z.string().optional(),
|
|
1004
|
+
"topicId": z.string(),
|
|
1005
|
+
"resourceId": z.string(),
|
|
1006
|
+
"resourceType": z.string(),
|
|
1007
|
+
"actorId": z.string(),
|
|
1008
|
+
"actorType": z.enum(["human", "agent", "service"]),
|
|
1009
|
+
"data": z.record(z.any()),
|
|
1010
|
+
"correlationId": z.string().optional(),
|
|
1011
|
+
"expiresAt": z.number()
|
|
1012
|
+
}),
|
|
1013
|
+
indices: [
|
|
1014
|
+
{ kind: "index", name: "by_eventId", columns: ["eventId"] },
|
|
1015
|
+
{ kind: "index", name: "by_topic_timestamp", columns: ["topicId", "timestamp"] },
|
|
1016
|
+
{ kind: "index", name: "by_tenant_workspace_timestamp", columns: ["tenantId", "workspaceId", "timestamp"] },
|
|
1017
|
+
{ kind: "index", name: "by_type_timestamp", columns: ["type", "timestamp"] },
|
|
1018
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId", "timestamp"] },
|
|
1019
|
+
{ kind: "index", name: "by_expiresAt", columns: ["expiresAt"] }
|
|
1020
|
+
]
|
|
1021
|
+
});
|
|
977
1022
|
defineTable({
|
|
978
1023
|
name: "beliefConfidence",
|
|
979
1024
|
component: "kernel",
|
|
@@ -1629,29 +1674,37 @@ defineTable({
|
|
|
1629
1674
|
component: "mc",
|
|
1630
1675
|
category: "runtime",
|
|
1631
1676
|
shape: z.object({
|
|
1632
|
-
|
|
1633
|
-
|
|
1634
|
-
|
|
1635
|
-
|
|
1636
|
-
|
|
1637
|
-
|
|
1638
|
-
|
|
1639
|
-
|
|
1640
|
-
|
|
1641
|
-
|
|
1642
|
-
|
|
1643
|
-
|
|
1644
|
-
|
|
1677
|
+
shimId: z.string(),
|
|
1678
|
+
gateId: z.string(),
|
|
1679
|
+
removalDate: z.string(),
|
|
1680
|
+
removalPriority: z.enum(["P1", "P2", "P3"]),
|
|
1681
|
+
description: z.string(),
|
|
1682
|
+
owner: z.string(),
|
|
1683
|
+
createdAt: z.string(),
|
|
1684
|
+
status: z.enum(["active", "overdue", "removed"]),
|
|
1685
|
+
bridgeType: z.enum(["tool", "agent"]),
|
|
1686
|
+
bridgeTarget: z.object({
|
|
1687
|
+
type: z.enum(["tool", "agent"]),
|
|
1688
|
+
legacyPath: z.string(),
|
|
1689
|
+
harnessPath: z.string()
|
|
1645
1690
|
}),
|
|
1646
|
-
|
|
1647
|
-
|
|
1648
|
-
|
|
1649
|
-
|
|
1691
|
+
shimBehavior: z.enum([
|
|
1692
|
+
"passthrough_with_logging",
|
|
1693
|
+
"adapter",
|
|
1694
|
+
"feature_flag_gate"
|
|
1695
|
+
]),
|
|
1696
|
+
producesLedgerEntries: z.boolean(),
|
|
1697
|
+
lastAuditedAt: z.number(),
|
|
1698
|
+
metadata: z.record(z.any()).optional()
|
|
1650
1699
|
}),
|
|
1651
1700
|
indices: [
|
|
1652
1701
|
{ kind: "index", name: "by_shimId", columns: ["shimId"] },
|
|
1653
1702
|
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
1654
|
-
{
|
|
1703
|
+
{
|
|
1704
|
+
kind: "index",
|
|
1705
|
+
name: "by_bridgeType_status",
|
|
1706
|
+
columns: ["bridgeType", "status"]
|
|
1707
|
+
}
|
|
1655
1708
|
]
|
|
1656
1709
|
});
|
|
1657
1710
|
defineTable({
|
|
@@ -1659,12 +1712,23 @@ defineTable({
|
|
|
1659
1712
|
component: "mc",
|
|
1660
1713
|
category: "runtime",
|
|
1661
1714
|
shape: z.object({
|
|
1662
|
-
|
|
1663
|
-
|
|
1664
|
-
|
|
1665
|
-
|
|
1666
|
-
|
|
1667
|
-
|
|
1715
|
+
domain: z.enum([
|
|
1716
|
+
"graph",
|
|
1717
|
+
"schema",
|
|
1718
|
+
"identity",
|
|
1719
|
+
"policy",
|
|
1720
|
+
"audit",
|
|
1721
|
+
"admin",
|
|
1722
|
+
"agent",
|
|
1723
|
+
"tool",
|
|
1724
|
+
"prompt",
|
|
1725
|
+
"intelligence"
|
|
1726
|
+
]),
|
|
1727
|
+
state: z.enum(["legacy", "cutover", "disabled"]),
|
|
1728
|
+
metadata: z.record(z.any()).optional(),
|
|
1729
|
+
updatedBy: z.string(),
|
|
1730
|
+
createdAt: z.number(),
|
|
1731
|
+
updatedAt: z.number()
|
|
1668
1732
|
}),
|
|
1669
1733
|
indices: [
|
|
1670
1734
|
{ kind: "index", name: "by_domain", columns: ["domain"] },
|
|
@@ -1676,57 +1740,193 @@ defineTable({
|
|
|
1676
1740
|
component: "mc",
|
|
1677
1741
|
category: "runtime",
|
|
1678
1742
|
shape: z.object({
|
|
1679
|
-
|
|
1680
|
-
|
|
1681
|
-
|
|
1682
|
-
|
|
1683
|
-
|
|
1684
|
-
|
|
1685
|
-
|
|
1686
|
-
|
|
1687
|
-
|
|
1688
|
-
|
|
1689
|
-
|
|
1690
|
-
|
|
1691
|
-
|
|
1692
|
-
|
|
1693
|
-
|
|
1694
|
-
|
|
1695
|
-
|
|
1743
|
+
credentialRef: z.string(),
|
|
1744
|
+
tenantId: idOf("tenants"),
|
|
1745
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1746
|
+
target: z.enum(["kernelDeployment", "appDeployment"]),
|
|
1747
|
+
environment: z.enum(["dev", "staging", "prod"]),
|
|
1748
|
+
encryptedDeployKey: z.string(),
|
|
1749
|
+
encryptionVersion: z.string(),
|
|
1750
|
+
keyFingerprint: z.string(),
|
|
1751
|
+
keyHint: z.string(),
|
|
1752
|
+
status: z.enum(["active", "revoked"]),
|
|
1753
|
+
rotatedFromCredentialRef: z.string().optional(),
|
|
1754
|
+
revokedAt: z.number().optional(),
|
|
1755
|
+
revokedBy: z.string().optional(),
|
|
1756
|
+
lastUsedAt: z.number().optional(),
|
|
1757
|
+
metadata: z.record(z.any()).optional(),
|
|
1758
|
+
createdBy: z.string(),
|
|
1759
|
+
createdAt: z.number(),
|
|
1760
|
+
updatedAt: z.number()
|
|
1696
1761
|
}),
|
|
1697
1762
|
indices: [
|
|
1698
1763
|
{ kind: "index", name: "by_credentialRef", columns: ["credentialRef"] },
|
|
1699
1764
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1700
|
-
{ kind: "index", name: "
|
|
1701
|
-
{
|
|
1702
|
-
|
|
1765
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
1766
|
+
{
|
|
1767
|
+
kind: "index",
|
|
1768
|
+
name: "by_tenant_target",
|
|
1769
|
+
columns: ["tenantId", "target"]
|
|
1770
|
+
},
|
|
1771
|
+
{
|
|
1772
|
+
kind: "index",
|
|
1773
|
+
name: "by_tenant_target_environment",
|
|
1774
|
+
columns: ["tenantId", "target", "environment"]
|
|
1775
|
+
},
|
|
1776
|
+
{
|
|
1777
|
+
kind: "index",
|
|
1778
|
+
name: "by_tenant_target_environment_status",
|
|
1779
|
+
columns: ["tenantId", "target", "environment", "status"]
|
|
1780
|
+
},
|
|
1781
|
+
{
|
|
1782
|
+
kind: "index",
|
|
1783
|
+
name: "by_tenant_workspace_target_environment_status",
|
|
1784
|
+
columns: ["tenantId", "workspaceId", "target", "environment", "status"]
|
|
1785
|
+
},
|
|
1703
1786
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1704
1787
|
]
|
|
1705
1788
|
});
|
|
1789
|
+
defineTable({
|
|
1790
|
+
name: "permitSyncStates",
|
|
1791
|
+
component: "mc",
|
|
1792
|
+
category: "runtime",
|
|
1793
|
+
shape: z.object({
|
|
1794
|
+
syncKey: z.string(),
|
|
1795
|
+
objectType: z.enum([
|
|
1796
|
+
"resource",
|
|
1797
|
+
"role",
|
|
1798
|
+
"resource_role",
|
|
1799
|
+
"resource_relation",
|
|
1800
|
+
"tenant",
|
|
1801
|
+
"workspace",
|
|
1802
|
+
"principal",
|
|
1803
|
+
"membership",
|
|
1804
|
+
"group",
|
|
1805
|
+
"resource_instance",
|
|
1806
|
+
"relationship_tuple",
|
|
1807
|
+
"role_assignment"
|
|
1808
|
+
]),
|
|
1809
|
+
objectId: z.string(),
|
|
1810
|
+
tenantId: idOf("tenants").optional(),
|
|
1811
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1812
|
+
principalId: z.string().optional(),
|
|
1813
|
+
permitTenantKey: z.string().optional(),
|
|
1814
|
+
permitResourceType: z.string().optional(),
|
|
1815
|
+
permitResourceKey: z.string().optional(),
|
|
1816
|
+
desiredPayload: z.record(z.any()),
|
|
1817
|
+
lastAppliedPayloadHash: z.string().optional(),
|
|
1818
|
+
status: z.enum(["pending", "synced", "error", "skipped"]),
|
|
1819
|
+
attemptCount: z.number(),
|
|
1820
|
+
lastError: z.string().optional(),
|
|
1821
|
+
nextAttemptAt: z.number().optional(),
|
|
1822
|
+
lastSyncedAt: z.number().optional(),
|
|
1823
|
+
createdBy: z.string(),
|
|
1824
|
+
updatedBy: z.string().optional(),
|
|
1825
|
+
createdAt: z.number(),
|
|
1826
|
+
updatedAt: z.number()
|
|
1827
|
+
}),
|
|
1828
|
+
indices: [
|
|
1829
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
1830
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
1831
|
+
{
|
|
1832
|
+
kind: "index",
|
|
1833
|
+
name: "by_tenant_status",
|
|
1834
|
+
columns: ["tenantId", "status"]
|
|
1835
|
+
},
|
|
1836
|
+
{
|
|
1837
|
+
kind: "index",
|
|
1838
|
+
name: "by_workspace_status",
|
|
1839
|
+
columns: ["workspaceId", "status"]
|
|
1840
|
+
},
|
|
1841
|
+
{
|
|
1842
|
+
kind: "index",
|
|
1843
|
+
name: "by_principal_status",
|
|
1844
|
+
columns: ["principalId", "status"]
|
|
1845
|
+
}
|
|
1846
|
+
]
|
|
1847
|
+
});
|
|
1848
|
+
defineTable({
|
|
1849
|
+
name: "secretSyncDriftReports",
|
|
1850
|
+
component: "mc",
|
|
1851
|
+
category: "runtime",
|
|
1852
|
+
shape: z.object({
|
|
1853
|
+
reportId: z.string(),
|
|
1854
|
+
source: z.enum(["infisical_manifest", "manual", "ci"]),
|
|
1855
|
+
generatedAt: z.number(),
|
|
1856
|
+
recordedAt: z.number(),
|
|
1857
|
+
recordedBy: z.string(),
|
|
1858
|
+
status: z.enum([
|
|
1859
|
+
"in_sync",
|
|
1860
|
+
"drift",
|
|
1861
|
+
"exception",
|
|
1862
|
+
"blocked",
|
|
1863
|
+
"not_observed"
|
|
1864
|
+
]),
|
|
1865
|
+
reportHash: z.string(),
|
|
1866
|
+
manifestHash: z.string().optional(),
|
|
1867
|
+
dryRunReceiptId: z.string().optional(),
|
|
1868
|
+
appliedReceiptId: z.string().optional(),
|
|
1869
|
+
summary: z.object({
|
|
1870
|
+
totalPipelines: z.number(),
|
|
1871
|
+
inSync: z.number(),
|
|
1872
|
+
drift: z.number(),
|
|
1873
|
+
exception: z.number(),
|
|
1874
|
+
blocked: z.number(),
|
|
1875
|
+
notObserved: z.number(),
|
|
1876
|
+
missingKeys: z.number(),
|
|
1877
|
+
valueDriftKeys: z.number(),
|
|
1878
|
+
extraKeys: z.number(),
|
|
1879
|
+
deniedConvexLeakage: z.number(),
|
|
1880
|
+
approvedExceptions: z.number()
|
|
1881
|
+
}),
|
|
1882
|
+
redactedReport: z.record(z.any()),
|
|
1883
|
+
metadata: z.record(z.any()).optional()
|
|
1884
|
+
}),
|
|
1885
|
+
indices: [
|
|
1886
|
+
{ kind: "index", name: "by_reportId", columns: ["reportId"] },
|
|
1887
|
+
{ kind: "index", name: "by_reportHash", columns: ["reportHash"] },
|
|
1888
|
+
{ kind: "index", name: "by_generatedAt", columns: ["generatedAt"] },
|
|
1889
|
+
{
|
|
1890
|
+
kind: "index",
|
|
1891
|
+
name: "by_status_generatedAt",
|
|
1892
|
+
columns: ["status", "generatedAt"]
|
|
1893
|
+
}
|
|
1894
|
+
]
|
|
1895
|
+
});
|
|
1706
1896
|
defineTable({
|
|
1707
1897
|
name: "controlPlaneTenantModelSlotBindings",
|
|
1708
1898
|
component: "mc",
|
|
1709
1899
|
category: "runtime",
|
|
1710
1900
|
shape: z.object({
|
|
1711
|
-
|
|
1712
|
-
|
|
1713
|
-
"
|
|
1714
|
-
|
|
1715
|
-
|
|
1716
|
-
|
|
1717
|
-
|
|
1718
|
-
|
|
1719
|
-
|
|
1720
|
-
|
|
1721
|
-
|
|
1722
|
-
|
|
1723
|
-
|
|
1901
|
+
bindingId: z.string(),
|
|
1902
|
+
tenantId: idOf("tenants"),
|
|
1903
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1904
|
+
environment: z.enum(["dev", "staging", "prod"]).optional(),
|
|
1905
|
+
providerId: z.string(),
|
|
1906
|
+
modelSlotId: z.string(),
|
|
1907
|
+
secretRef: z.string(),
|
|
1908
|
+
status: z.enum(["active", "revoked"]),
|
|
1909
|
+
passThroughOnly: z.boolean(),
|
|
1910
|
+
revokedAt: z.number().optional(),
|
|
1911
|
+
revokedBy: z.string().optional(),
|
|
1912
|
+
metadata: z.record(z.any()).optional(),
|
|
1913
|
+
createdBy: z.string(),
|
|
1914
|
+
createdAt: z.number(),
|
|
1915
|
+
updatedAt: z.number()
|
|
1724
1916
|
}),
|
|
1725
1917
|
indices: [
|
|
1726
1918
|
{ kind: "index", name: "by_bindingId", columns: ["bindingId"] },
|
|
1727
1919
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1728
|
-
{
|
|
1729
|
-
|
|
1920
|
+
{
|
|
1921
|
+
kind: "index",
|
|
1922
|
+
name: "by_tenant_slot",
|
|
1923
|
+
columns: ["tenantId", "modelSlotId"]
|
|
1924
|
+
},
|
|
1925
|
+
{
|
|
1926
|
+
kind: "index",
|
|
1927
|
+
name: "by_tenant_provider_slot",
|
|
1928
|
+
columns: ["tenantId", "providerId", "modelSlotId"]
|
|
1929
|
+
},
|
|
1730
1930
|
{ kind: "index", name: "by_secretRef", columns: ["secretRef"] },
|
|
1731
1931
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1732
1932
|
]
|
|
@@ -1736,29 +1936,42 @@ defineTable({
|
|
|
1736
1936
|
component: "mc",
|
|
1737
1937
|
category: "runtime",
|
|
1738
1938
|
shape: z.object({
|
|
1739
|
-
|
|
1740
|
-
|
|
1741
|
-
"
|
|
1742
|
-
|
|
1743
|
-
|
|
1744
|
-
|
|
1745
|
-
|
|
1746
|
-
|
|
1747
|
-
|
|
1748
|
-
|
|
1749
|
-
|
|
1750
|
-
|
|
1751
|
-
|
|
1752
|
-
|
|
1753
|
-
|
|
1754
|
-
|
|
1755
|
-
|
|
1939
|
+
secretRef: z.string(),
|
|
1940
|
+
tenantId: idOf("tenants"),
|
|
1941
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1942
|
+
environment: z.enum(["dev", "staging", "prod"]).optional(),
|
|
1943
|
+
providerId: z.string(),
|
|
1944
|
+
label: z.string().optional(),
|
|
1945
|
+
encryptedSecret: z.string().optional(),
|
|
1946
|
+
infisicalPath: z.string().optional(),
|
|
1947
|
+
infisicalSecretKey: z.string().optional(),
|
|
1948
|
+
infisicalProjectId: z.string().optional(),
|
|
1949
|
+
encryptionVersion: z.string(),
|
|
1950
|
+
secretFingerprint: z.string(),
|
|
1951
|
+
keyHint: z.string(),
|
|
1952
|
+
status: z.enum(["active", "revoked"]),
|
|
1953
|
+
rotatedFromSecretRef: z.string().optional(),
|
|
1954
|
+
revokedAt: z.number().optional(),
|
|
1955
|
+
revokedBy: z.string().optional(),
|
|
1956
|
+
lastUsedAt: z.number().optional(),
|
|
1957
|
+
metadata: z.record(z.any()).optional(),
|
|
1958
|
+
createdBy: z.string(),
|
|
1959
|
+
createdAt: z.number(),
|
|
1960
|
+
updatedAt: z.number()
|
|
1756
1961
|
}),
|
|
1757
1962
|
indices: [
|
|
1758
1963
|
{ kind: "index", name: "by_secretRef", columns: ["secretRef"] },
|
|
1759
1964
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1760
|
-
{
|
|
1761
|
-
|
|
1965
|
+
{
|
|
1966
|
+
kind: "index",
|
|
1967
|
+
name: "by_tenant_provider",
|
|
1968
|
+
columns: ["tenantId", "providerId"]
|
|
1969
|
+
},
|
|
1970
|
+
{
|
|
1971
|
+
kind: "index",
|
|
1972
|
+
name: "by_tenant_provider_status",
|
|
1973
|
+
columns: ["tenantId", "providerId", "status"]
|
|
1974
|
+
},
|
|
1762
1975
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1763
1976
|
]
|
|
1764
1977
|
});
|
|
@@ -1767,35 +1980,93 @@ defineTable({
|
|
|
1767
1980
|
component: "mc",
|
|
1768
1981
|
category: "runtime",
|
|
1769
1982
|
shape: z.object({
|
|
1770
|
-
|
|
1771
|
-
|
|
1772
|
-
|
|
1773
|
-
|
|
1774
|
-
|
|
1775
|
-
|
|
1776
|
-
|
|
1777
|
-
|
|
1778
|
-
|
|
1779
|
-
|
|
1780
|
-
|
|
1781
|
-
|
|
1782
|
-
|
|
1783
|
-
|
|
1784
|
-
|
|
1785
|
-
|
|
1786
|
-
|
|
1787
|
-
|
|
1788
|
-
|
|
1789
|
-
|
|
1790
|
-
|
|
1791
|
-
|
|
1983
|
+
usageId: z.string(),
|
|
1984
|
+
tenantId: idOf("tenants"),
|
|
1985
|
+
providerId: z.string(),
|
|
1986
|
+
modelSlotId: z.string(),
|
|
1987
|
+
secretRef: z.string(),
|
|
1988
|
+
proxyTokenId: z.string(),
|
|
1989
|
+
sessionId: z.string(),
|
|
1990
|
+
principalId: z.string(),
|
|
1991
|
+
workspaceId: z.string().optional(),
|
|
1992
|
+
modelId: z.string().optional(),
|
|
1993
|
+
requestPath: z.string(),
|
|
1994
|
+
status: z.enum(["success", "error"]),
|
|
1995
|
+
responseStatus: z.number().optional(),
|
|
1996
|
+
inputTokens: z.number().optional(),
|
|
1997
|
+
outputTokens: z.number().optional(),
|
|
1998
|
+
tokenCount: z.number().optional(),
|
|
1999
|
+
latencyMs: z.number(),
|
|
2000
|
+
estimatedCostUsd: z.number().optional(),
|
|
2001
|
+
failureCode: z.string().optional(),
|
|
2002
|
+
metadata: z.record(z.any()).optional(),
|
|
2003
|
+
createdAt: z.number(),
|
|
2004
|
+
updatedAt: z.number()
|
|
1792
2005
|
}),
|
|
1793
2006
|
indices: [
|
|
1794
2007
|
{ kind: "index", name: "by_usageId", columns: ["usageId"] },
|
|
1795
2008
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
|
|
1796
|
-
{
|
|
1797
|
-
|
|
1798
|
-
|
|
2009
|
+
{
|
|
2010
|
+
kind: "index",
|
|
2011
|
+
name: "by_tenant_provider",
|
|
2012
|
+
columns: ["tenantId", "providerId", "createdAt"]
|
|
2013
|
+
},
|
|
2014
|
+
{
|
|
2015
|
+
kind: "index",
|
|
2016
|
+
name: "by_proxyTokenId",
|
|
2017
|
+
columns: ["proxyTokenId", "createdAt"]
|
|
2018
|
+
},
|
|
2019
|
+
{
|
|
2020
|
+
kind: "index",
|
|
2021
|
+
name: "by_sessionId",
|
|
2022
|
+
columns: ["sessionId", "createdAt"]
|
|
2023
|
+
}
|
|
2024
|
+
]
|
|
2025
|
+
});
|
|
2026
|
+
defineTable({
|
|
2027
|
+
name: "controlPlaneTenantProxyTokenLeases",
|
|
2028
|
+
component: "mc",
|
|
2029
|
+
category: "runtime",
|
|
2030
|
+
shape: z.object({
|
|
2031
|
+
leaseId: z.string(),
|
|
2032
|
+
proxyTokenId: z.string(),
|
|
2033
|
+
tenantId: idOf("tenants"),
|
|
2034
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2035
|
+
environment: z.enum(["dev", "staging", "prod"]),
|
|
2036
|
+
providerId: z.string(),
|
|
2037
|
+
modelSlotId: z.string(),
|
|
2038
|
+
bindingId: z.string(),
|
|
2039
|
+
secretRef: z.string(),
|
|
2040
|
+
sessionId: z.string(),
|
|
2041
|
+
principalId: z.string(),
|
|
2042
|
+
agentSessionId: z.string().optional(),
|
|
2043
|
+
status: z.enum(["active", "revoked"]),
|
|
2044
|
+
expiresAt: z.number(),
|
|
2045
|
+
renewedAt: z.number().optional(),
|
|
2046
|
+
revokedAt: z.number().optional(),
|
|
2047
|
+
revokedBy: z.string().optional(),
|
|
2048
|
+
revokeReason: z.string().optional(),
|
|
2049
|
+
permitDecisionLogId: idOf("policyDecisionLogs").optional(),
|
|
2050
|
+
permitTraceId: z.string().optional(),
|
|
2051
|
+
metadata: z.record(z.any()).optional(),
|
|
2052
|
+
createdAt: z.number(),
|
|
2053
|
+
updatedAt: z.number()
|
|
2054
|
+
}),
|
|
2055
|
+
indices: [
|
|
2056
|
+
{ kind: "index", name: "by_leaseId", columns: ["leaseId"] },
|
|
2057
|
+
{ kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId"] },
|
|
2058
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
|
|
2059
|
+
{ kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] },
|
|
2060
|
+
{
|
|
2061
|
+
kind: "index",
|
|
2062
|
+
name: "by_principalId",
|
|
2063
|
+
columns: ["principalId", "createdAt"]
|
|
2064
|
+
},
|
|
2065
|
+
{
|
|
2066
|
+
kind: "index",
|
|
2067
|
+
name: "by_status_expiresAt",
|
|
2068
|
+
columns: ["status", "expiresAt"]
|
|
2069
|
+
}
|
|
1799
2070
|
]
|
|
1800
2071
|
});
|
|
1801
2072
|
defineTable({
|
|
@@ -2128,6 +2399,7 @@ defineTable({
|
|
|
2128
2399
|
"questionType": z.enum(["validation", "falsification", "assumption_probe", "prediction_test", "counterfactual", "discovery", "clarification", "comparison", "causal", "mechanism", "general"]).optional(),
|
|
2129
2400
|
"questionPriority": z.enum(["critical", "high", "medium", "low"]).optional(),
|
|
2130
2401
|
"answerQuality": z.enum(["definitive", "strong", "moderate", "weak", "speculative", "unanswered"]).optional(),
|
|
2402
|
+
"themeStatus": z.enum(["emerging", "active", "mature", "declining", "archived"]).optional(),
|
|
2131
2403
|
"themeConviction": z.enum(["high", "medium", "low", "negative"]).optional(),
|
|
2132
2404
|
"decisionType": z.enum(["invest", "pass", "follow_on", "exit", "deep_dive", "monitor", "deprioritize", "thesis_adopt", "thesis_revise", "thesis_abandon"]).optional(),
|
|
2133
2405
|
"decisionOutcome": z.enum(["pending", "successful", "unsuccessful", "mixed", "unknown"]).optional(),
|
|
@@ -2278,6 +2550,7 @@ defineTable({
|
|
|
2278
2550
|
indices: [
|
|
2279
2551
|
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
2280
2552
|
{ kind: "index", name: "by_principal_tenant", columns: ["principalId", "tenantId"] },
|
|
2553
|
+
{ kind: "index", name: "by_principal_tenant_workspace", columns: ["principalId", "tenantId", "workspaceId"] },
|
|
2281
2554
|
{ kind: "index", name: "by_workspace_principal", columns: ["workspaceId", "principalId"] },
|
|
2282
2555
|
{ kind: "index", name: "by_tenant_role", columns: ["tenantId", "role"] },
|
|
2283
2556
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
@@ -2309,6 +2582,36 @@ defineTable({
|
|
|
2309
2582
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
2310
2583
|
]
|
|
2311
2584
|
});
|
|
2585
|
+
defineTable({
|
|
2586
|
+
name: "principalIdentityAliases",
|
|
2587
|
+
component: "mc",
|
|
2588
|
+
category: "identity",
|
|
2589
|
+
shape: z.object({
|
|
2590
|
+
"principalId": z.string(),
|
|
2591
|
+
"principalRefId": idOf("principals").optional(),
|
|
2592
|
+
"provider": z.string(),
|
|
2593
|
+
"providerProjectId": z.string().optional(),
|
|
2594
|
+
"externalSubjectId": z.string(),
|
|
2595
|
+
"tenantId": idOf("tenants").optional(),
|
|
2596
|
+
"workspaceId": idOf("workspaces").optional(),
|
|
2597
|
+
"email": z.string().optional(),
|
|
2598
|
+
"status": z.enum(["active", "revoked"]),
|
|
2599
|
+
"metadata": z.record(z.any()).optional(),
|
|
2600
|
+
"createdBy": z.string(),
|
|
2601
|
+
"revokedAt": z.number().optional(),
|
|
2602
|
+
"revokedBy": z.string().optional(),
|
|
2603
|
+
"createdAt": z.number(),
|
|
2604
|
+
"updatedAt": z.number()
|
|
2605
|
+
}),
|
|
2606
|
+
indices: [
|
|
2607
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "externalSubjectId"] },
|
|
2608
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "externalSubjectId"] },
|
|
2609
|
+
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
2610
|
+
{ kind: "index", name: "by_principal_status", columns: ["principalId", "status"] },
|
|
2611
|
+
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "externalSubjectId"] },
|
|
2612
|
+
{ kind: "index", name: "by_workspace_provider_subject", columns: ["workspaceId", "provider", "externalSubjectId"] }
|
|
2613
|
+
]
|
|
2614
|
+
});
|
|
2312
2615
|
defineTable({
|
|
2313
2616
|
name: "rateLimitWindows",
|
|
2314
2617
|
component: "mc",
|
|
@@ -2898,7 +3201,7 @@ defineTable({
|
|
|
2898
3201
|
});
|
|
2899
3202
|
defineTable({
|
|
2900
3203
|
name: "mcpWritePolicy",
|
|
2901
|
-
component: "
|
|
3204
|
+
component: "control-plane",
|
|
2902
3205
|
category: "platform",
|
|
2903
3206
|
shape: z.object({
|
|
2904
3207
|
"topicId": z.string().optional(),
|
|
@@ -2921,7 +3224,7 @@ defineTable({
|
|
|
2921
3224
|
});
|
|
2922
3225
|
defineTable({
|
|
2923
3226
|
name: "platformAudienceGrants",
|
|
2924
|
-
component: "
|
|
3227
|
+
component: "control-plane",
|
|
2925
3228
|
category: "platform",
|
|
2926
3229
|
shape: z.object({
|
|
2927
3230
|
"tenantId": z.string(),
|
|
@@ -2947,7 +3250,7 @@ defineTable({
|
|
|
2947
3250
|
});
|
|
2948
3251
|
defineTable({
|
|
2949
3252
|
name: "platformAudiences",
|
|
2950
|
-
component: "
|
|
3253
|
+
component: "control-plane",
|
|
2951
3254
|
category: "platform",
|
|
2952
3255
|
shape: z.object({
|
|
2953
3256
|
"tenantId": z.string(),
|
|
@@ -2972,7 +3275,7 @@ defineTable({
|
|
|
2972
3275
|
});
|
|
2973
3276
|
defineTable({
|
|
2974
3277
|
name: "platformPolicyDecisionLogs",
|
|
2975
|
-
component: "
|
|
3278
|
+
component: "control-plane",
|
|
2976
3279
|
category: "platform",
|
|
2977
3280
|
shape: z.object({
|
|
2978
3281
|
"principalId": z.string(),
|
|
@@ -3008,7 +3311,7 @@ defineTable({
|
|
|
3008
3311
|
});
|
|
3009
3312
|
defineTable({
|
|
3010
3313
|
name: "tenantApiKeys",
|
|
3011
|
-
component: "
|
|
3314
|
+
component: "control-plane",
|
|
3012
3315
|
category: "platform",
|
|
3013
3316
|
shape: z.object({
|
|
3014
3317
|
"tenantId": z.string(),
|
|
@@ -3035,7 +3338,7 @@ defineTable({
|
|
|
3035
3338
|
});
|
|
3036
3339
|
defineTable({
|
|
3037
3340
|
name: "tenantConfig",
|
|
3038
|
-
component: "
|
|
3341
|
+
component: "control-plane",
|
|
3039
3342
|
category: "platform",
|
|
3040
3343
|
shape: z.object({
|
|
3041
3344
|
"tenantId": z.string(),
|
|
@@ -3054,7 +3357,7 @@ defineTable({
|
|
|
3054
3357
|
});
|
|
3055
3358
|
defineTable({
|
|
3056
3359
|
name: "tenantIntegrations",
|
|
3057
|
-
component: "
|
|
3360
|
+
component: "control-plane",
|
|
3058
3361
|
category: "platform",
|
|
3059
3362
|
shape: z.object({
|
|
3060
3363
|
"tenantId": z.string(),
|
|
@@ -3109,7 +3412,7 @@ defineTable({
|
|
|
3109
3412
|
});
|
|
3110
3413
|
defineTable({
|
|
3111
3414
|
name: "tenantModelSlotBindings",
|
|
3112
|
-
component: "
|
|
3415
|
+
component: "control-plane",
|
|
3113
3416
|
category: "platform",
|
|
3114
3417
|
shape: z.object({
|
|
3115
3418
|
"bindingId": z.string(),
|
|
@@ -3137,7 +3440,7 @@ defineTable({
|
|
|
3137
3440
|
});
|
|
3138
3441
|
defineTable({
|
|
3139
3442
|
name: "tenantPolicies",
|
|
3140
|
-
component: "
|
|
3443
|
+
component: "control-plane",
|
|
3141
3444
|
category: "platform",
|
|
3142
3445
|
shape: z.object({
|
|
3143
3446
|
"tenantId": z.string(),
|
|
@@ -3162,7 +3465,7 @@ defineTable({
|
|
|
3162
3465
|
});
|
|
3163
3466
|
defineTable({
|
|
3164
3467
|
name: "tenantProviderSecrets",
|
|
3165
|
-
component: "
|
|
3468
|
+
component: "control-plane",
|
|
3166
3469
|
category: "platform",
|
|
3167
3470
|
shape: z.object({
|
|
3168
3471
|
"secretRef": z.string(),
|
|
@@ -3193,7 +3496,7 @@ defineTable({
|
|
|
3193
3496
|
});
|
|
3194
3497
|
defineTable({
|
|
3195
3498
|
name: "tenantProxyGatewayUsage",
|
|
3196
|
-
component: "
|
|
3499
|
+
component: "control-plane",
|
|
3197
3500
|
category: "platform",
|
|
3198
3501
|
shape: z.object({
|
|
3199
3502
|
"usageId": z.string(),
|
|
@@ -3228,7 +3531,7 @@ defineTable({
|
|
|
3228
3531
|
});
|
|
3229
3532
|
defineTable({
|
|
3230
3533
|
name: "tenantProxyTokenMints",
|
|
3231
|
-
component: "
|
|
3534
|
+
component: "control-plane",
|
|
3232
3535
|
category: "platform",
|
|
3233
3536
|
shape: z.object({
|
|
3234
3537
|
"proxyTokenId": z.string(),
|
|
@@ -3251,7 +3554,7 @@ defineTable({
|
|
|
3251
3554
|
});
|
|
3252
3555
|
defineTable({
|
|
3253
3556
|
name: "tenantSandboxAuditEvents",
|
|
3254
|
-
component: "
|
|
3557
|
+
component: "control-plane",
|
|
3255
3558
|
category: "platform",
|
|
3256
3559
|
shape: z.object({
|
|
3257
3560
|
"eventId": z.string(),
|
|
@@ -3285,7 +3588,7 @@ defineTable({
|
|
|
3285
3588
|
});
|
|
3286
3589
|
defineTable({
|
|
3287
3590
|
name: "tenantSecrets",
|
|
3288
|
-
component: "
|
|
3591
|
+
component: "control-plane",
|
|
3289
3592
|
category: "platform",
|
|
3290
3593
|
shape: z.object({
|
|
3291
3594
|
"tenantId": z.string(),
|
|
@@ -3307,7 +3610,7 @@ defineTable({
|
|
|
3307
3610
|
});
|
|
3308
3611
|
defineTable({
|
|
3309
3612
|
name: "toolAcls",
|
|
3310
|
-
component: "
|
|
3613
|
+
component: "control-plane",
|
|
3311
3614
|
category: "platform",
|
|
3312
3615
|
shape: z.object({
|
|
3313
3616
|
"role": z.enum(["platform_admin", "tenant_admin", "workspace_admin", "editor", "viewer", "auditor", "service_agent"]),
|
|
@@ -3322,7 +3625,7 @@ defineTable({
|
|
|
3322
3625
|
});
|
|
3323
3626
|
defineTable({
|
|
3324
3627
|
name: "toolRegistry",
|
|
3325
|
-
component: "
|
|
3628
|
+
component: "control-plane",
|
|
3326
3629
|
category: "platform",
|
|
3327
3630
|
shape: z.object({
|
|
3328
3631
|
"toolName": z.string(),
|
|
@@ -3403,7 +3706,7 @@ defineTable({
|
|
|
3403
3706
|
});
|
|
3404
3707
|
defineTable({
|
|
3405
3708
|
name: "modelCallLogs",
|
|
3406
|
-
component: "
|
|
3709
|
+
component: "control-plane",
|
|
3407
3710
|
category: "model",
|
|
3408
3711
|
shape: z.object({
|
|
3409
3712
|
"slot": z.string(),
|
|
@@ -3429,7 +3732,7 @@ defineTable({
|
|
|
3429
3732
|
});
|
|
3430
3733
|
defineTable({
|
|
3431
3734
|
name: "modelFunctionSlots",
|
|
3432
|
-
component: "
|
|
3735
|
+
component: "control-plane",
|
|
3433
3736
|
category: "model",
|
|
3434
3737
|
shape: z.object({
|
|
3435
3738
|
"slot": z.string(),
|
|
@@ -3454,7 +3757,7 @@ defineTable({
|
|
|
3454
3757
|
});
|
|
3455
3758
|
defineTable({
|
|
3456
3759
|
name: "modelRegistry",
|
|
3457
|
-
component: "
|
|
3760
|
+
component: "control-plane",
|
|
3458
3761
|
category: "model",
|
|
3459
3762
|
shape: z.object({
|
|
3460
3763
|
"key": z.string(),
|
|
@@ -3481,7 +3784,7 @@ defineTable({
|
|
|
3481
3784
|
});
|
|
3482
3785
|
defineTable({
|
|
3483
3786
|
name: "modelSlotConfigs",
|
|
3484
|
-
component: "
|
|
3787
|
+
component: "control-plane",
|
|
3485
3788
|
category: "model",
|
|
3486
3789
|
shape: z.object({
|
|
3487
3790
|
"slot": z.string(),
|
|
@@ -3868,7 +4171,7 @@ defineTable({
|
|
|
3868
4171
|
"workspaceId": idOf("workspaces").optional(),
|
|
3869
4172
|
"resourceType": z.string(),
|
|
3870
4173
|
"resourceId": z.string(),
|
|
3871
|
-
"action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote"]),
|
|
4174
|
+
"action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote", "route", "invoke", "manage", "deploy", "promote", "rollback", "audit", "read_ref", "fetch_value", "rotate", "administer", "mint", "delegate", "revoke"]),
|
|
3872
4175
|
"decision": z.enum(["allow", "deny"]),
|
|
3873
4176
|
"reasonCode": z.string(),
|
|
3874
4177
|
"policyVersion": z.string(),
|
|
@@ -3930,7 +4233,7 @@ defineTable({
|
|
|
3930
4233
|
});
|
|
3931
4234
|
defineTable({
|
|
3932
4235
|
name: "projectGrants",
|
|
3933
|
-
component: "
|
|
4236
|
+
component: "control-plane",
|
|
3934
4237
|
category: "project",
|
|
3935
4238
|
shape: z.object({
|
|
3936
4239
|
"projectId": z.string().optional(),
|
|
@@ -3962,66 +4265,710 @@ defineTable({
|
|
|
3962
4265
|
{ kind: "index", name: "by_topic_cluster_status", columns: ["topicId", "beliefClusterId", "status"] }
|
|
3963
4266
|
]
|
|
3964
4267
|
});
|
|
4268
|
+
var permitActorType = z.enum([
|
|
4269
|
+
"human",
|
|
4270
|
+
"agent",
|
|
4271
|
+
"service_principal",
|
|
4272
|
+
"external_stakeholder",
|
|
4273
|
+
"system"
|
|
4274
|
+
]);
|
|
4275
|
+
var permitMembershipStatus = z.enum([
|
|
4276
|
+
"active",
|
|
4277
|
+
"invited",
|
|
4278
|
+
"revoked",
|
|
4279
|
+
"suspended",
|
|
4280
|
+
"disabled"
|
|
4281
|
+
]);
|
|
4282
|
+
var permitDecision = z.enum(["allow", "deny"]);
|
|
4283
|
+
var permitAccessReviewStatus = z.enum([
|
|
4284
|
+
"open",
|
|
4285
|
+
"in_progress",
|
|
4286
|
+
"approved",
|
|
4287
|
+
"denied",
|
|
4288
|
+
"expired",
|
|
4289
|
+
"cancelled"
|
|
4290
|
+
]);
|
|
4291
|
+
var permitReviewScope = z.enum([
|
|
4292
|
+
"tenant",
|
|
4293
|
+
"workspace",
|
|
4294
|
+
"resource_instance",
|
|
4295
|
+
"group",
|
|
4296
|
+
"principal",
|
|
4297
|
+
"api_key",
|
|
4298
|
+
"admin_action"
|
|
4299
|
+
]);
|
|
4300
|
+
var permitRecordStatus = z.enum([
|
|
4301
|
+
"queued",
|
|
4302
|
+
"inflight",
|
|
4303
|
+
"completed",
|
|
4304
|
+
"failed",
|
|
4305
|
+
"skipped",
|
|
4306
|
+
"stale"
|
|
4307
|
+
]);
|
|
4308
|
+
var permitObjectType = z.enum([
|
|
4309
|
+
"resource",
|
|
4310
|
+
"role",
|
|
4311
|
+
"resource_role",
|
|
4312
|
+
"resource_relation",
|
|
4313
|
+
"tenant",
|
|
4314
|
+
"workspace",
|
|
4315
|
+
"principal",
|
|
4316
|
+
"membership",
|
|
4317
|
+
"group",
|
|
4318
|
+
"resource_instance",
|
|
4319
|
+
"relationship_tuple",
|
|
4320
|
+
"role_assignment",
|
|
4321
|
+
"attribute_binding",
|
|
4322
|
+
"policy_bundle"
|
|
4323
|
+
]);
|
|
4324
|
+
var permitOutboxOperation = z.enum([
|
|
4325
|
+
"upsert",
|
|
4326
|
+
"delete",
|
|
4327
|
+
"sync",
|
|
4328
|
+
"resync",
|
|
4329
|
+
"delete_sync",
|
|
4330
|
+
"noop"
|
|
4331
|
+
]);
|
|
4332
|
+
var permitPolicyBundleStatus = z.enum([
|
|
4333
|
+
"draft",
|
|
4334
|
+
"validated",
|
|
4335
|
+
"enforced",
|
|
4336
|
+
"archived"
|
|
4337
|
+
]);
|
|
4338
|
+
var permitSyncStatus = z.enum([
|
|
4339
|
+
"pending",
|
|
4340
|
+
"synced",
|
|
4341
|
+
"error",
|
|
4342
|
+
"skipped"
|
|
4343
|
+
]);
|
|
4344
|
+
var permitAccessReviewSubjectType = z.enum([
|
|
4345
|
+
"principal",
|
|
4346
|
+
"group",
|
|
4347
|
+
"role_assignment",
|
|
4348
|
+
"resource_instance"
|
|
4349
|
+
]);
|
|
4350
|
+
var permitAttributeType = z.enum([
|
|
4351
|
+
"string",
|
|
4352
|
+
"number",
|
|
4353
|
+
"bool",
|
|
4354
|
+
"json",
|
|
4355
|
+
"time"
|
|
4356
|
+
]);
|
|
4357
|
+
var permitAttributeOperator = z.enum([
|
|
4358
|
+
"eq",
|
|
4359
|
+
"neq",
|
|
4360
|
+
"in",
|
|
4361
|
+
"not_in",
|
|
4362
|
+
"gt",
|
|
4363
|
+
"gte",
|
|
4364
|
+
"lt",
|
|
4365
|
+
"lte",
|
|
4366
|
+
"contains",
|
|
4367
|
+
"not_contains",
|
|
4368
|
+
"matches"
|
|
4369
|
+
]);
|
|
4370
|
+
var permitRoleBindingTarget = z.enum([
|
|
4371
|
+
"principal",
|
|
4372
|
+
"group"
|
|
4373
|
+
]);
|
|
3965
4374
|
defineTable({
|
|
3966
|
-
name: "
|
|
3967
|
-
component: "
|
|
3968
|
-
category: "
|
|
4375
|
+
name: "permitPrincipals",
|
|
4376
|
+
component: "control-plane",
|
|
4377
|
+
category: "access-control",
|
|
3969
4378
|
shape: z.object({
|
|
3970
|
-
|
|
3971
|
-
|
|
3972
|
-
|
|
3973
|
-
|
|
3974
|
-
|
|
3975
|
-
|
|
3976
|
-
|
|
3977
|
-
|
|
3978
|
-
|
|
3979
|
-
|
|
3980
|
-
|
|
4379
|
+
principalId: z.string(),
|
|
4380
|
+
tenantId: z.string(),
|
|
4381
|
+
workspaceId: z.optional(z.string()),
|
|
4382
|
+
principalType: permitActorType,
|
|
4383
|
+
status: permitMembershipStatus,
|
|
4384
|
+
displayName: z.string().optional(),
|
|
4385
|
+
metadata: z.record(z.any()).optional(),
|
|
4386
|
+
createdBy: z.string(),
|
|
4387
|
+
createdAt: z.number(),
|
|
4388
|
+
updatedAt: z.number(),
|
|
4389
|
+
updatedBy: z.string().optional(),
|
|
4390
|
+
lastSeenAt: z.number().optional()
|
|
3981
4391
|
}),
|
|
3982
4392
|
indices: [
|
|
3983
|
-
{ kind: "index", name: "
|
|
3984
|
-
{ kind: "index", name: "
|
|
3985
|
-
{ kind: "index", name: "
|
|
3986
|
-
{ kind: "index", name: "
|
|
4393
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4394
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4395
|
+
{ kind: "index", name: "by_tenant_principalId", columns: ["tenantId", "principalId"] },
|
|
4396
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4397
|
+
{
|
|
4398
|
+
kind: "index",
|
|
4399
|
+
name: "by_tenant_principalType_status",
|
|
4400
|
+
columns: ["tenantId", "principalType", "status"]
|
|
4401
|
+
}
|
|
3987
4402
|
]
|
|
3988
4403
|
});
|
|
3989
4404
|
defineTable({
|
|
3990
|
-
name: "
|
|
3991
|
-
component: "
|
|
3992
|
-
category: "
|
|
4405
|
+
name: "permitPrincipalAliases",
|
|
4406
|
+
component: "control-plane",
|
|
4407
|
+
category: "access-control",
|
|
3993
4408
|
shape: z.object({
|
|
3994
|
-
|
|
3995
|
-
|
|
3996
|
-
|
|
3997
|
-
|
|
3998
|
-
|
|
3999
|
-
|
|
4000
|
-
|
|
4001
|
-
|
|
4002
|
-
|
|
4003
|
-
|
|
4004
|
-
|
|
4005
|
-
|
|
4006
|
-
|
|
4409
|
+
principalId: z.string(),
|
|
4410
|
+
tenantId: z.string(),
|
|
4411
|
+
workspaceId: z.optional(z.string()),
|
|
4412
|
+
provider: z.string(),
|
|
4413
|
+
providerSubjectId: z.string(),
|
|
4414
|
+
providerProjectId: z.string().optional(),
|
|
4415
|
+
alias: z.string(),
|
|
4416
|
+
aliasKind: z.string(),
|
|
4417
|
+
status: permitMembershipStatus,
|
|
4418
|
+
metadata: z.record(z.any()).optional(),
|
|
4419
|
+
createdBy: z.string(),
|
|
4420
|
+
createdAt: z.number(),
|
|
4421
|
+
updatedAt: z.number(),
|
|
4422
|
+
revokedBy: z.string().optional(),
|
|
4423
|
+
revokedAt: z.number().optional(),
|
|
4424
|
+
updatedBy: z.string().optional()
|
|
4007
4425
|
}),
|
|
4008
4426
|
indices: [
|
|
4009
|
-
{ kind: "index", name: "
|
|
4010
|
-
{ kind: "index", name: "
|
|
4011
|
-
{ kind: "index", name: "
|
|
4427
|
+
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
4428
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "providerSubjectId"] },
|
|
4429
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "providerSubjectId"] },
|
|
4430
|
+
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
|
|
4431
|
+
{ kind: "index", name: "by_tenant_provider_project_subject", columns: ["tenantId", "provider", "providerProjectId", "providerSubjectId"] },
|
|
4432
|
+
{
|
|
4433
|
+
kind: "index",
|
|
4434
|
+
name: "by_tenant_provider_alias",
|
|
4435
|
+
columns: ["tenantId", "provider", "alias"]
|
|
4436
|
+
},
|
|
4437
|
+
{ kind: "index", name: "by_tenant_alias", columns: ["tenantId", "alias"] },
|
|
4438
|
+
{
|
|
4439
|
+
kind: "index",
|
|
4440
|
+
name: "by_tenant_provider_status",
|
|
4441
|
+
columns: ["tenantId", "provider", "status"]
|
|
4442
|
+
}
|
|
4012
4443
|
]
|
|
4013
4444
|
});
|
|
4014
4445
|
defineTable({
|
|
4015
|
-
name: "
|
|
4016
|
-
component: "
|
|
4017
|
-
category: "
|
|
4446
|
+
name: "permitGroups",
|
|
4447
|
+
component: "control-plane",
|
|
4448
|
+
category: "access-control",
|
|
4018
4449
|
shape: z.object({
|
|
4019
|
-
|
|
4020
|
-
|
|
4021
|
-
|
|
4022
|
-
|
|
4023
|
-
|
|
4024
|
-
|
|
4450
|
+
tenantId: z.string(),
|
|
4451
|
+
workspaceId: z.optional(z.string()),
|
|
4452
|
+
groupId: z.string(),
|
|
4453
|
+
groupKey: z.string(),
|
|
4454
|
+
groupName: z.string(),
|
|
4455
|
+
groupType: z.enum(["tenant", "workspace", "external", "system", "dynamic"]),
|
|
4456
|
+
status: permitMembershipStatus,
|
|
4457
|
+
description: z.string().optional(),
|
|
4458
|
+
metadata: z.record(z.any()).optional(),
|
|
4459
|
+
createdBy: z.string(),
|
|
4460
|
+
createdAt: z.number(),
|
|
4461
|
+
updatedAt: z.number(),
|
|
4462
|
+
updatedBy: z.string().optional()
|
|
4463
|
+
}),
|
|
4464
|
+
indices: [
|
|
4465
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4466
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4467
|
+
{ kind: "index", name: "by_tenant_groupId", columns: ["tenantId", "groupId"] },
|
|
4468
|
+
{ kind: "index", name: "by_tenant_groupKey", columns: ["tenantId", "groupKey"] },
|
|
4469
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4470
|
+
]
|
|
4471
|
+
});
|
|
4472
|
+
defineTable({
|
|
4473
|
+
name: "permitGroupMemberships",
|
|
4474
|
+
component: "control-plane",
|
|
4475
|
+
category: "access-control",
|
|
4476
|
+
shape: z.object({
|
|
4477
|
+
tenantId: z.string(),
|
|
4478
|
+
workspaceId: z.optional(z.string()),
|
|
4479
|
+
groupId: z.string(),
|
|
4480
|
+
memberType: z.enum(["principal", "group"]),
|
|
4481
|
+
memberId: z.string(),
|
|
4482
|
+
principalId: z.string().optional(),
|
|
4483
|
+
childGroupId: z.string().optional(),
|
|
4484
|
+
status: permitMembershipStatus,
|
|
4485
|
+
addedBy: z.string().optional(),
|
|
4486
|
+
revokedBy: z.string().optional(),
|
|
4487
|
+
expiresAt: z.number().optional(),
|
|
4488
|
+
revocationReason: z.string().optional(),
|
|
4489
|
+
metadata: z.record(z.any()).optional(),
|
|
4490
|
+
createdAt: z.number(),
|
|
4491
|
+
updatedAt: z.number(),
|
|
4492
|
+
updatedBy: z.string().optional()
|
|
4493
|
+
}),
|
|
4494
|
+
indices: [
|
|
4495
|
+
{ kind: "index", name: "by_tenant_principal", columns: ["tenantId", "principalId"] },
|
|
4496
|
+
{ kind: "index", name: "by_tenant_member", columns: ["tenantId", "memberType", "memberId"] },
|
|
4497
|
+
{
|
|
4498
|
+
kind: "index",
|
|
4499
|
+
name: "by_tenant_member_group",
|
|
4500
|
+
columns: ["tenantId", "memberType", "memberId", "groupId"]
|
|
4501
|
+
},
|
|
4502
|
+
{ kind: "index", name: "by_tenant_group", columns: ["tenantId", "groupId"] },
|
|
4503
|
+
{ kind: "index", name: "by_member_group", columns: ["memberType", "memberId", "groupId"] },
|
|
4504
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4505
|
+
{
|
|
4506
|
+
kind: "index",
|
|
4507
|
+
name: "by_workspace_principal",
|
|
4508
|
+
columns: ["workspaceId", "principalId"]
|
|
4509
|
+
}
|
|
4510
|
+
]
|
|
4511
|
+
});
|
|
4512
|
+
defineTable({
|
|
4513
|
+
name: "permitResourceInstances",
|
|
4514
|
+
component: "control-plane",
|
|
4515
|
+
category: "access-control",
|
|
4516
|
+
shape: z.object({
|
|
4517
|
+
tenantId: z.string(),
|
|
4518
|
+
workspaceId: z.optional(z.string()),
|
|
4519
|
+
resourceType: z.string(),
|
|
4520
|
+
resourceKey: z.string(),
|
|
4521
|
+
resourceId: z.string(),
|
|
4522
|
+
status: z.enum(["active", "deleted", "archived"]),
|
|
4523
|
+
attributes: z.record(z.any()).optional(),
|
|
4524
|
+
ownerPrincipalId: z.string().optional(),
|
|
4525
|
+
metadata: z.record(z.any()).optional(),
|
|
4526
|
+
createdBy: z.string(),
|
|
4527
|
+
updatedBy: z.string().optional(),
|
|
4528
|
+
createdAt: z.number(),
|
|
4529
|
+
updatedAt: z.number()
|
|
4530
|
+
}),
|
|
4531
|
+
indices: [
|
|
4532
|
+
{
|
|
4533
|
+
kind: "index",
|
|
4534
|
+
name: "by_tenant_resource_type",
|
|
4535
|
+
columns: ["tenantId", "resourceType"]
|
|
4536
|
+
},
|
|
4537
|
+
{
|
|
4538
|
+
kind: "index",
|
|
4539
|
+
name: "by_tenant_resource_key",
|
|
4540
|
+
columns: ["tenantId", "resourceType", "resourceKey"]
|
|
4541
|
+
},
|
|
4542
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4543
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4544
|
+
{
|
|
4545
|
+
kind: "index",
|
|
4546
|
+
name: "by_tenant_status",
|
|
4547
|
+
columns: ["tenantId", "status"]
|
|
4548
|
+
},
|
|
4549
|
+
{
|
|
4550
|
+
kind: "index",
|
|
4551
|
+
name: "by_ownerPrincipalId",
|
|
4552
|
+
columns: ["ownerPrincipalId"]
|
|
4553
|
+
}
|
|
4554
|
+
]
|
|
4555
|
+
});
|
|
4556
|
+
defineTable({
|
|
4557
|
+
name: "permitRoleAssignments",
|
|
4558
|
+
component: "control-plane",
|
|
4559
|
+
category: "access-control",
|
|
4560
|
+
shape: z.object({
|
|
4561
|
+
tenantId: z.string(),
|
|
4562
|
+
workspaceId: z.optional(z.string()),
|
|
4563
|
+
role: z.string(),
|
|
4564
|
+
targetType: permitRoleBindingTarget,
|
|
4565
|
+
targetId: z.string(),
|
|
4566
|
+
resourceType: z.string(),
|
|
4567
|
+
resourceKey: z.string(),
|
|
4568
|
+
resourceInstanceId: z.string().optional(),
|
|
4569
|
+
status: permitMembershipStatus,
|
|
4570
|
+
expiresAt: z.number().optional(),
|
|
4571
|
+
attributes: z.record(z.any()).optional(),
|
|
4572
|
+
grantedBy: z.string().optional(),
|
|
4573
|
+
updatedBy: z.string().optional(),
|
|
4574
|
+
revokedBy: z.string().optional(),
|
|
4575
|
+
createdAt: z.number(),
|
|
4576
|
+
updatedAt: z.number()
|
|
4577
|
+
}),
|
|
4578
|
+
indices: [
|
|
4579
|
+
{
|
|
4580
|
+
kind: "index",
|
|
4581
|
+
name: "by_tenant_target",
|
|
4582
|
+
columns: ["tenantId", "targetType", "targetId"]
|
|
4583
|
+
},
|
|
4584
|
+
{
|
|
4585
|
+
kind: "index",
|
|
4586
|
+
name: "by_tenant_resource",
|
|
4587
|
+
columns: ["tenantId", "resourceType", "resourceKey"]
|
|
4588
|
+
},
|
|
4589
|
+
{
|
|
4590
|
+
kind: "index",
|
|
4591
|
+
name: "by_tenant_role",
|
|
4592
|
+
columns: ["tenantId", "role", "status"]
|
|
4593
|
+
},
|
|
4594
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4595
|
+
{
|
|
4596
|
+
kind: "index",
|
|
4597
|
+
name: "by_workspace_resource",
|
|
4598
|
+
columns: ["workspaceId", "resourceType", "resourceKey"]
|
|
4599
|
+
}
|
|
4600
|
+
]
|
|
4601
|
+
});
|
|
4602
|
+
defineTable({
|
|
4603
|
+
name: "permitRelationshipTuples",
|
|
4604
|
+
component: "control-plane",
|
|
4605
|
+
category: "access-control",
|
|
4606
|
+
shape: z.object({
|
|
4607
|
+
tenantId: z.string(),
|
|
4608
|
+
workspaceId: z.optional(z.string()),
|
|
4609
|
+
relation: z.string(),
|
|
4610
|
+
subject: z.string(),
|
|
4611
|
+
object: z.string(),
|
|
4612
|
+
resourceType: z.string().optional(),
|
|
4613
|
+
resourceKey: z.string().optional(),
|
|
4614
|
+
status: permitRecordStatus,
|
|
4615
|
+
attributes: z.record(z.any()).optional(),
|
|
4616
|
+
createdBy: z.string(),
|
|
4617
|
+
createdAt: z.number(),
|
|
4618
|
+
updatedAt: z.number(),
|
|
4619
|
+
lastSeenAt: z.number().optional(),
|
|
4620
|
+
updatedBy: z.string().optional()
|
|
4621
|
+
}),
|
|
4622
|
+
indices: [
|
|
4623
|
+
{ kind: "index", name: "by_tenant_subject", columns: ["tenantId", "subject"] },
|
|
4624
|
+
{ kind: "index", name: "by_tenant_object", columns: ["tenantId", "object"] },
|
|
4625
|
+
{ kind: "index", name: "by_tenant_relation", columns: ["tenantId", "relation"] },
|
|
4626
|
+
{
|
|
4627
|
+
kind: "index",
|
|
4628
|
+
name: "by_tenant_relation_subject",
|
|
4629
|
+
columns: ["tenantId", "relation", "subject"]
|
|
4630
|
+
},
|
|
4631
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4632
|
+
]
|
|
4633
|
+
});
|
|
4634
|
+
defineTable({
|
|
4635
|
+
name: "permitAttributeBindings",
|
|
4636
|
+
component: "control-plane",
|
|
4637
|
+
category: "access-control",
|
|
4638
|
+
shape: z.object({
|
|
4639
|
+
tenantId: z.string(),
|
|
4640
|
+
workspaceId: z.optional(z.string()),
|
|
4641
|
+
targetType: permitRoleBindingTarget,
|
|
4642
|
+
targetId: z.string(),
|
|
4643
|
+
attributeName: z.string(),
|
|
4644
|
+
attributeType: permitAttributeType,
|
|
4645
|
+
attributeOperator: permitAttributeOperator,
|
|
4646
|
+
attributeValue: z.any(),
|
|
4647
|
+
status: permitRecordStatus,
|
|
4648
|
+
source: z.string().optional(),
|
|
4649
|
+
sourceRef: z.string().optional(),
|
|
4650
|
+
metadata: z.record(z.any()).optional(),
|
|
4651
|
+
createdAt: z.number(),
|
|
4652
|
+
updatedAt: z.number(),
|
|
4653
|
+
createdBy: z.string(),
|
|
4654
|
+
updatedBy: z.string().optional(),
|
|
4655
|
+
expiresAt: z.number().optional()
|
|
4656
|
+
}),
|
|
4657
|
+
indices: [
|
|
4658
|
+
{
|
|
4659
|
+
kind: "index",
|
|
4660
|
+
name: "by_tenant_target",
|
|
4661
|
+
columns: ["tenantId", "targetType", "targetId"]
|
|
4662
|
+
},
|
|
4663
|
+
{
|
|
4664
|
+
kind: "index",
|
|
4665
|
+
name: "by_tenant_target_attribute",
|
|
4666
|
+
columns: ["tenantId", "targetType", "targetId", "attributeName"]
|
|
4667
|
+
},
|
|
4668
|
+
{
|
|
4669
|
+
kind: "index",
|
|
4670
|
+
name: "by_tenant_name",
|
|
4671
|
+
columns: ["tenantId", "attributeName"]
|
|
4672
|
+
},
|
|
4673
|
+
{
|
|
4674
|
+
kind: "index",
|
|
4675
|
+
name: "by_tenant_status",
|
|
4676
|
+
columns: ["tenantId", "status"]
|
|
4677
|
+
}
|
|
4678
|
+
]
|
|
4679
|
+
});
|
|
4680
|
+
defineTable({
|
|
4681
|
+
name: "permitPolicyBundles",
|
|
4682
|
+
component: "control-plane",
|
|
4683
|
+
category: "access-control",
|
|
4684
|
+
shape: z.object({
|
|
4685
|
+
tenantId: z.string(),
|
|
4686
|
+
workspaceId: z.optional(z.string()),
|
|
4687
|
+
bundleKey: z.string(),
|
|
4688
|
+
version: z.number(),
|
|
4689
|
+
status: permitPolicyBundleStatus,
|
|
4690
|
+
policyHash: z.string().optional(),
|
|
4691
|
+
policyPayload: z.record(z.any()),
|
|
4692
|
+
metadata: z.record(z.any()).optional(),
|
|
4693
|
+
createdBy: z.string(),
|
|
4694
|
+
reviewedBy: z.string().optional(),
|
|
4695
|
+
createdAt: z.number(),
|
|
4696
|
+
updatedAt: z.number(),
|
|
4697
|
+
retiredAt: z.number().optional()
|
|
4698
|
+
}),
|
|
4699
|
+
indices: [
|
|
4700
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4701
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4702
|
+
{
|
|
4703
|
+
kind: "index",
|
|
4704
|
+
name: "by_tenant_bundleKey",
|
|
4705
|
+
columns: ["tenantId", "bundleKey"]
|
|
4706
|
+
},
|
|
4707
|
+
{
|
|
4708
|
+
kind: "index",
|
|
4709
|
+
name: "by_tenant_bundle_version",
|
|
4710
|
+
columns: ["tenantId", "bundleKey", "version"]
|
|
4711
|
+
},
|
|
4712
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4713
|
+
]
|
|
4714
|
+
});
|
|
4715
|
+
defineTable({
|
|
4716
|
+
name: "permitProjectionOutbox",
|
|
4717
|
+
component: "control-plane",
|
|
4718
|
+
category: "access-control",
|
|
4719
|
+
shape: z.object({
|
|
4720
|
+
syncKey: z.string(),
|
|
4721
|
+
objectType: permitObjectType,
|
|
4722
|
+
objectId: z.string(),
|
|
4723
|
+
operation: permitOutboxOperation,
|
|
4724
|
+
payload: z.record(z.any()),
|
|
4725
|
+
status: permitRecordStatus,
|
|
4726
|
+
attemptCount: z.number(),
|
|
4727
|
+
nextAttemptAt: z.number().optional(),
|
|
4728
|
+
lastError: z.string().optional(),
|
|
4729
|
+
tenantId: z.string().optional(),
|
|
4730
|
+
workspaceId: z.optional(z.string()),
|
|
4731
|
+
principalId: z.string().optional(),
|
|
4732
|
+
permitTenantKey: z.string().optional(),
|
|
4733
|
+
permitResourceType: z.string().optional(),
|
|
4734
|
+
permitResourceKey: z.string().optional(),
|
|
4735
|
+
createdAt: z.number(),
|
|
4736
|
+
updatedAt: z.number(),
|
|
4737
|
+
lastHandledAt: z.number().optional()
|
|
4738
|
+
}),
|
|
4739
|
+
indices: [
|
|
4740
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
4741
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4742
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4743
|
+
{
|
|
4744
|
+
kind: "index",
|
|
4745
|
+
name: "by_tenant_status",
|
|
4746
|
+
columns: ["tenantId", "status"]
|
|
4747
|
+
},
|
|
4748
|
+
{
|
|
4749
|
+
kind: "index",
|
|
4750
|
+
name: "by_objectType",
|
|
4751
|
+
columns: ["objectType", "status"]
|
|
4752
|
+
}
|
|
4753
|
+
]
|
|
4754
|
+
});
|
|
4755
|
+
defineTable({
|
|
4756
|
+
name: "tenantPermitSyncStates",
|
|
4757
|
+
component: "control-plane",
|
|
4758
|
+
category: "access-control",
|
|
4759
|
+
shape: z.object({
|
|
4760
|
+
syncKey: z.string(),
|
|
4761
|
+
objectType: permitObjectType,
|
|
4762
|
+
objectId: z.string(),
|
|
4763
|
+
tenantId: z.string().optional(),
|
|
4764
|
+
workspaceId: z.string().optional(),
|
|
4765
|
+
principalId: z.string().optional(),
|
|
4766
|
+
permitTenantKey: z.string().optional(),
|
|
4767
|
+
permitResourceType: z.string().optional(),
|
|
4768
|
+
permitResourceKey: z.string().optional(),
|
|
4769
|
+
desiredPayload: z.record(z.any()),
|
|
4770
|
+
lastAppliedPayloadHash: z.string().optional(),
|
|
4771
|
+
status: permitSyncStatus,
|
|
4772
|
+
attemptCount: z.number(),
|
|
4773
|
+
lastError: z.string().optional(),
|
|
4774
|
+
nextAttemptAt: z.number().optional(),
|
|
4775
|
+
lastSyncedAt: z.number().optional(),
|
|
4776
|
+
createdBy: z.string(),
|
|
4777
|
+
updatedBy: z.string().optional(),
|
|
4778
|
+
createdAt: z.number(),
|
|
4779
|
+
updatedAt: z.number()
|
|
4780
|
+
}),
|
|
4781
|
+
indices: [
|
|
4782
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
4783
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4784
|
+
{
|
|
4785
|
+
kind: "index",
|
|
4786
|
+
name: "by_tenant_status",
|
|
4787
|
+
columns: ["tenantId", "status"]
|
|
4788
|
+
},
|
|
4789
|
+
{
|
|
4790
|
+
kind: "index",
|
|
4791
|
+
name: "by_workspace_status",
|
|
4792
|
+
columns: ["workspaceId", "status"]
|
|
4793
|
+
},
|
|
4794
|
+
{
|
|
4795
|
+
kind: "index",
|
|
4796
|
+
name: "by_principal_status",
|
|
4797
|
+
columns: ["principalId", "status"]
|
|
4798
|
+
}
|
|
4799
|
+
]
|
|
4800
|
+
});
|
|
4801
|
+
defineTable({
|
|
4802
|
+
name: "permitPolicyDecisionReceipts",
|
|
4803
|
+
component: "control-plane",
|
|
4804
|
+
category: "access-control",
|
|
4805
|
+
shape: z.object({
|
|
4806
|
+
tenantId: z.string().optional(),
|
|
4807
|
+
workspaceId: z.string().optional(),
|
|
4808
|
+
principalId: z.string(),
|
|
4809
|
+
subjectType: permitAccessReviewSubjectType.optional(),
|
|
4810
|
+
subjectId: z.string().optional(),
|
|
4811
|
+
resourceType: z.string(),
|
|
4812
|
+
resourceId: z.string(),
|
|
4813
|
+
action: z.string(),
|
|
4814
|
+
decision: permitDecision,
|
|
4815
|
+
reasonCode: z.string(),
|
|
4816
|
+
policyBundleId: z.string().optional(),
|
|
4817
|
+
policyVersion: z.string(),
|
|
4818
|
+
traceId: z.string().optional(),
|
|
4819
|
+
requestId: z.string().optional(),
|
|
4820
|
+
audienceMode: z.string().optional(),
|
|
4821
|
+
audienceKey: z.string().optional(),
|
|
4822
|
+
audienceClass: z.enum(["internal", "restricted_external", "public"]).optional(),
|
|
4823
|
+
metadata: z.record(z.any()).optional(),
|
|
4824
|
+
createdAt: z.number(),
|
|
4825
|
+
expiresAt: z.number().optional(),
|
|
4826
|
+
createdBy: z.string().optional()
|
|
4827
|
+
}),
|
|
4828
|
+
indices: [
|
|
4829
|
+
{ kind: "index", name: "by_principal_createdAt", columns: ["principalId", "createdAt"] },
|
|
4830
|
+
{ kind: "index", name: "by_tenant_createdAt", columns: ["tenantId", "createdAt"] },
|
|
4831
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId"] },
|
|
4832
|
+
{ kind: "index", name: "by_decision_createdAt", columns: ["decision", "createdAt"] },
|
|
4833
|
+
{ kind: "index", name: "by_traceId", columns: ["traceId"] },
|
|
4834
|
+
{ kind: "index", name: "by_action", columns: ["action"] }
|
|
4835
|
+
]
|
|
4836
|
+
});
|
|
4837
|
+
defineTable({
|
|
4838
|
+
name: "permitAccessReviews",
|
|
4839
|
+
component: "control-plane",
|
|
4840
|
+
category: "access-control",
|
|
4841
|
+
shape: z.object({
|
|
4842
|
+
tenantId: z.string(),
|
|
4843
|
+
workspaceId: z.optional(z.string()),
|
|
4844
|
+
reviewKey: z.string(),
|
|
4845
|
+
scope: permitReviewScope,
|
|
4846
|
+
status: permitAccessReviewStatus,
|
|
4847
|
+
subjectType: permitAccessReviewSubjectType,
|
|
4848
|
+
subjectId: z.string(),
|
|
4849
|
+
resourceType: z.string().optional(),
|
|
4850
|
+
resourceKey: z.string().optional(),
|
|
4851
|
+
outcome: z.enum(["allow", "deny"]).optional(),
|
|
4852
|
+
requestedBy: z.string(),
|
|
4853
|
+
reviewedBy: z.string().optional(),
|
|
4854
|
+
requestedAt: z.number(),
|
|
4855
|
+
reviewedAt: z.number().optional(),
|
|
4856
|
+
dueAt: z.number().optional(),
|
|
4857
|
+
justification: z.string().optional(),
|
|
4858
|
+
rationale: z.string().optional(),
|
|
4859
|
+
policyBundleId: z.string().optional(),
|
|
4860
|
+
metadata: z.record(z.any()).optional(),
|
|
4861
|
+
createdAt: z.number(),
|
|
4862
|
+
updatedAt: z.number()
|
|
4863
|
+
}),
|
|
4864
|
+
indices: [
|
|
4865
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4866
|
+
{ kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
|
|
4867
|
+
{ kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
|
|
4868
|
+
{
|
|
4869
|
+
kind: "index",
|
|
4870
|
+
name: "by_tenant_subject",
|
|
4871
|
+
columns: ["tenantId", "subjectType", "subjectId"]
|
|
4872
|
+
},
|
|
4873
|
+
{ kind: "index", name: "by_outcome", columns: ["outcome"] },
|
|
4874
|
+
{
|
|
4875
|
+
kind: "index",
|
|
4876
|
+
name: "by_workspace_status",
|
|
4877
|
+
columns: ["workspaceId", "status"]
|
|
4878
|
+
}
|
|
4879
|
+
]
|
|
4880
|
+
});
|
|
4881
|
+
defineTable({
|
|
4882
|
+
name: "permitAccessReviewItems",
|
|
4883
|
+
component: "control-plane",
|
|
4884
|
+
category: "access-control",
|
|
4885
|
+
shape: z.object({
|
|
4886
|
+
reviewKey: z.string(),
|
|
4887
|
+
itemKey: z.string(),
|
|
4888
|
+
tenantId: z.string(),
|
|
4889
|
+
workspaceId: z.string().optional(),
|
|
4890
|
+
subjectType: permitAccessReviewSubjectType,
|
|
4891
|
+
subjectId: z.string(),
|
|
4892
|
+
resourceType: z.string().optional(),
|
|
4893
|
+
resourceKey: z.string().optional(),
|
|
4894
|
+
role: z.string().optional(),
|
|
4895
|
+
relation: z.string().optional(),
|
|
4896
|
+
status: z.enum(["open", "approved", "revoked", "changed", "deferred"]),
|
|
4897
|
+
reviewerId: z.string().optional(),
|
|
4898
|
+
decisionAt: z.number().optional(),
|
|
4899
|
+
rationale: z.string().optional(),
|
|
4900
|
+
metadata: z.record(z.any()).optional(),
|
|
4901
|
+
createdAt: z.number(),
|
|
4902
|
+
updatedAt: z.number()
|
|
4903
|
+
}),
|
|
4904
|
+
indices: [
|
|
4905
|
+
{ kind: "index", name: "by_reviewKey", columns: ["reviewKey"] },
|
|
4906
|
+
{ kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
|
|
4907
|
+
{ kind: "index", name: "by_tenant_itemKey", columns: ["tenantId", "itemKey"] },
|
|
4908
|
+
{ kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
|
|
4909
|
+
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
4910
|
+
]
|
|
4911
|
+
});
|
|
4912
|
+
defineTable({
|
|
4913
|
+
name: "reasoningPermissions",
|
|
4914
|
+
component: "control-plane",
|
|
4915
|
+
category: "epistemic",
|
|
4916
|
+
shape: z.object({
|
|
4917
|
+
"topicId": z.string().optional(),
|
|
4918
|
+
"principalId": z.string(),
|
|
4919
|
+
"nodeType": z.enum(["belief", "evidence", "action", "approval", "artifact"]),
|
|
4920
|
+
"action": z.enum(["view_conclusion", "view_evidence", "propose_action", "approve_action", "view_derived_artifact"]),
|
|
4921
|
+
"effect": z.enum(["allow", "deny"]),
|
|
4922
|
+
"policyReference": z.string().optional(),
|
|
4923
|
+
"rationale": z.string().optional(),
|
|
4924
|
+
"metadata": z.record(z.any()).optional(),
|
|
4925
|
+
"createdAt": z.number(),
|
|
4926
|
+
"createdBy": z.string(),
|
|
4927
|
+
"updatedAt": z.number()
|
|
4928
|
+
}),
|
|
4929
|
+
indices: [
|
|
4930
|
+
{ kind: "index", name: "by_topic_principal", columns: ["topicId", "principalId"] },
|
|
4931
|
+
{ kind: "index", name: "by_topic_principal_action", columns: ["topicId", "principalId", "action"] },
|
|
4932
|
+
{ kind: "index", name: "by_topic_principal_node_action", columns: ["topicId", "principalId", "nodeType", "action"] },
|
|
4933
|
+
{ kind: "index", name: "by_principal_action", columns: ["principalId", "action"] }
|
|
4934
|
+
]
|
|
4935
|
+
});
|
|
4936
|
+
defineTable({
|
|
4937
|
+
name: "schemaEnumConfig",
|
|
4938
|
+
component: "kernel",
|
|
4939
|
+
category: "config",
|
|
4940
|
+
shape: z.object({
|
|
4941
|
+
"tenantId": z.string().optional(),
|
|
4942
|
+
"category": z.string(),
|
|
4943
|
+
"value": z.string(),
|
|
4944
|
+
"label": z.string(),
|
|
4945
|
+
"description": z.string().optional(),
|
|
4946
|
+
"tier": z.enum(["platform", "tenant"]),
|
|
4947
|
+
"domainNamespace": z.string().optional(),
|
|
4948
|
+
"metadata": z.any().optional(),
|
|
4949
|
+
"isDefault": z.boolean().optional(),
|
|
4950
|
+
"sortOrder": z.number().optional(),
|
|
4951
|
+
"status": z.enum(["active", "deprecated"]),
|
|
4952
|
+
"createdAt": z.number(),
|
|
4953
|
+
"updatedAt": z.number()
|
|
4954
|
+
}),
|
|
4955
|
+
indices: [
|
|
4956
|
+
{ kind: "index", name: "by_category", columns: ["category"] },
|
|
4957
|
+
{ kind: "index", name: "by_tenant_category", columns: ["tenantId", "category"] },
|
|
4958
|
+
{ kind: "index", name: "by_category_value", columns: ["category", "value"] }
|
|
4959
|
+
]
|
|
4960
|
+
});
|
|
4961
|
+
defineTable({
|
|
4962
|
+
name: "tasks",
|
|
4963
|
+
component: "kernel",
|
|
4964
|
+
category: "task",
|
|
4965
|
+
shape: z.object({
|
|
4966
|
+
"topicId": z.string().optional(),
|
|
4967
|
+
"tenantId": z.string().optional(),
|
|
4968
|
+
"workspaceId": z.string().optional(),
|
|
4969
|
+
"title": z.string(),
|
|
4970
|
+
"description": z.string().optional(),
|
|
4971
|
+
"status": z.enum(["todo", "in_progress", "blocked", "done"]),
|
|
4025
4972
|
"priority": z.enum(["urgent", "high", "medium", "low"]),
|
|
4026
4973
|
"dueDate": z.number().optional(),
|
|
4027
4974
|
"linkedWorktreeId": idOf("worktrees").optional(),
|
|
@@ -4199,6 +5146,7 @@ defineTable({
|
|
|
4199
5146
|
"updatedAt": z.number()
|
|
4200
5147
|
}),
|
|
4201
5148
|
indices: [
|
|
5149
|
+
{ kind: "index", name: "by_globalId", columns: ["globalId"] },
|
|
4202
5150
|
{ kind: "index", name: "by_parent", columns: ["parentTopicId"] },
|
|
4203
5151
|
{ kind: "index", name: "by_type", columns: ["type"] },
|
|
4204
5152
|
{ kind: "index", name: "by_graph_scope_project", columns: ["graphScopeProjectId"] },
|
|
@@ -4210,7 +5158,7 @@ defineTable({
|
|
|
4210
5158
|
});
|
|
4211
5159
|
defineTable({
|
|
4212
5160
|
name: "users",
|
|
4213
|
-
component: "
|
|
5161
|
+
component: "control-plane",
|
|
4214
5162
|
category: "user",
|
|
4215
5163
|
shape: z.object({
|
|
4216
5164
|
"clerkId": z.string(),
|
|
@@ -4324,7 +5272,6 @@ defineTable({
|
|
|
4324
5272
|
"deployments": z.record(z.object({
|
|
4325
5273
|
"url": z.string(),
|
|
4326
5274
|
"target": z.enum(["kernelDeployment", "appDeployment"]).optional(),
|
|
4327
|
-
"encryptedDeployKey": z.string().optional(),
|
|
4328
5275
|
"credentialRef": z.string().optional()
|
|
4329
5276
|
})).optional(),
|
|
4330
5277
|
"metadata": z.record(z.any()).optional(),
|
|
@@ -4339,6 +5286,39 @@ defineTable({
|
|
|
4339
5286
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
4340
5287
|
]
|
|
4341
5288
|
});
|
|
5289
|
+
defineTable({
|
|
5290
|
+
name: "deploymentHosts",
|
|
5291
|
+
component: "mc",
|
|
5292
|
+
category: "workspace",
|
|
5293
|
+
shape: z.object({
|
|
5294
|
+
"host": z.string(),
|
|
5295
|
+
"tenantId": idOf("tenants"),
|
|
5296
|
+
"workspaceId": idOf("workspaces"),
|
|
5297
|
+
"environment": z.enum(["dev", "staging", "prod"]),
|
|
5298
|
+
"target": z.enum(["kernelDeployment", "appDeployment"]),
|
|
5299
|
+
"deploymentUrl": z.string().optional(),
|
|
5300
|
+
"deploymentName": z.string().optional(),
|
|
5301
|
+
"vercelProjectName": z.string().optional(),
|
|
5302
|
+
"vercelProjectId": z.string().optional(),
|
|
5303
|
+
"vercelEnvironment": z.enum(["development", "preview", "staging", "production"]).optional(),
|
|
5304
|
+
"source": z.enum(["vercel_preview", "vercel_production", "vercel_custom_environment", "custom_domain", "manual"]),
|
|
5305
|
+
"status": z.enum(["active", "revoked"]),
|
|
5306
|
+
"metadata": z.record(z.any()).optional(),
|
|
5307
|
+
"createdBy": z.string(),
|
|
5308
|
+
"createdAt": z.number(),
|
|
5309
|
+
"updatedAt": z.number(),
|
|
5310
|
+
"revokedAt": z.number().optional(),
|
|
5311
|
+
"revokedBy": z.string().optional()
|
|
5312
|
+
}),
|
|
5313
|
+
indices: [
|
|
5314
|
+
{ kind: "index", name: "by_host", columns: ["host"] },
|
|
5315
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
5316
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
5317
|
+
{ kind: "index", name: "by_tenant_workspace_environment", columns: ["tenantId", "workspaceId", "environment"] },
|
|
5318
|
+
{ kind: "index", name: "by_workspace_status", columns: ["workspaceId", "status"] },
|
|
5319
|
+
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
5320
|
+
]
|
|
5321
|
+
});
|
|
4342
5322
|
defineTable({
|
|
4343
5323
|
name: "worktreeBeliefCluster",
|
|
4344
5324
|
component: "kernel",
|
|
@@ -4646,8 +5626,8 @@ defineTable({
|
|
|
4646
5626
|
});
|
|
4647
5627
|
z.object({
|
|
4648
5628
|
manifestVersion: z.string(),
|
|
4649
|
-
componentName: z.enum(["kernel", "
|
|
4650
|
-
tier: z.enum(["K", "
|
|
5629
|
+
componentName: z.enum(["kernel", "control-plane"]),
|
|
5630
|
+
tier: z.enum(["K", "CP"]),
|
|
4651
5631
|
packageVersion: z.string(),
|
|
4652
5632
|
tables: z.array(
|
|
4653
5633
|
z.object({
|
|
@@ -4675,17 +5655,44 @@ z.object({
|
|
|
4675
5655
|
message: "SL invariant b+d+u=1 violated at API boundary"
|
|
4676
5656
|
}
|
|
4677
5657
|
);
|
|
4678
|
-
|
|
5658
|
+
|
|
5659
|
+
// ../contracts/src/schema-helpers/spine/tables/epistemicNodes.ts
|
|
5660
|
+
var NODE_TYPES = [
|
|
5661
|
+
"decision",
|
|
4679
5662
|
"belief",
|
|
4680
|
-
"evidence",
|
|
4681
5663
|
"question",
|
|
4682
|
-
"
|
|
5664
|
+
"theme",
|
|
5665
|
+
"deal",
|
|
4683
5666
|
"topic",
|
|
5667
|
+
"claim",
|
|
5668
|
+
"evidence",
|
|
5669
|
+
"synthesis",
|
|
5670
|
+
"answer",
|
|
5671
|
+
"atomic_fact",
|
|
5672
|
+
"excerpt",
|
|
5673
|
+
"source",
|
|
5674
|
+
"company",
|
|
5675
|
+
"person",
|
|
5676
|
+
"investor",
|
|
5677
|
+
"function",
|
|
5678
|
+
"value_chain"
|
|
5679
|
+
];
|
|
5680
|
+
new Set(NODE_TYPES);
|
|
5681
|
+
|
|
5682
|
+
// ../contracts/src/types/graph-ref.ts
|
|
5683
|
+
var GRAPH_REF_EXTRA_NODE_TYPES = [
|
|
4684
5684
|
"edge",
|
|
4685
5685
|
"ontology",
|
|
4686
5686
|
"lens",
|
|
4687
5687
|
"contradiction"
|
|
4688
|
-
]
|
|
5688
|
+
];
|
|
5689
|
+
var GRAPH_REF_NODE_TYPES = [
|
|
5690
|
+
...NODE_TYPES,
|
|
5691
|
+
...GRAPH_REF_EXTRA_NODE_TYPES
|
|
5692
|
+
];
|
|
5693
|
+
var EpistemicNodeTypeSchema = z.enum(
|
|
5694
|
+
GRAPH_REF_NODE_TYPES
|
|
5695
|
+
);
|
|
4689
5696
|
var GraphRefSchema = z.discriminatedUnion("kind", [
|
|
4690
5697
|
z.object({
|
|
4691
5698
|
kind: z.literal("epistemic_node"),
|
|
@@ -4733,33 +5740,14 @@ function assertEdgePolicyAllowed(manifest, edgeType, from, to) {
|
|
|
4733
5740
|
}
|
|
4734
5741
|
|
|
4735
5742
|
// ../contracts/src/manifests/edge-policy-manifest.data.ts
|
|
5743
|
+
var publicEpistemicNodeEdgePolicy = (edgeType) => ({
|
|
5744
|
+
edgeType,
|
|
5745
|
+
fromKinds: ["epistemic_node"],
|
|
5746
|
+
toKinds: ["epistemic_node"],
|
|
5747
|
+
description: "Canonical public create_edge policy for graph-node relationships. The policy layer gates edge-type membership, not endpoint semantics."
|
|
5748
|
+
});
|
|
4736
5749
|
var edgePolicyManifest = {
|
|
4737
|
-
policies:
|
|
4738
|
-
{
|
|
4739
|
-
edgeType: "evidence_derived_from_evidence",
|
|
4740
|
-
fromKinds: ["epistemic_node"],
|
|
4741
|
-
fromNodeTypes: ["evidence"],
|
|
4742
|
-
toKinds: ["epistemic_node"],
|
|
4743
|
-
toNodeTypes: ["evidence"],
|
|
4744
|
-
description: "Evidence E2 was synthesized from evidence E1 by a transformation. Provides chain-of-evidence lineage."
|
|
4745
|
-
},
|
|
4746
|
-
{
|
|
4747
|
-
edgeType: "evidence_supports_belief",
|
|
4748
|
-
fromKinds: ["epistemic_node"],
|
|
4749
|
-
fromNodeTypes: ["evidence"],
|
|
4750
|
-
toKinds: ["epistemic_node"],
|
|
4751
|
-
toNodeTypes: ["belief"],
|
|
4752
|
-
description: "Existing link_evidence_to_belief semantics promoted to the create_edge policy source."
|
|
4753
|
-
},
|
|
4754
|
-
{
|
|
4755
|
-
edgeType: "evidence_supports_question",
|
|
4756
|
-
fromKinds: ["epistemic_node"],
|
|
4757
|
-
fromNodeTypes: ["evidence"],
|
|
4758
|
-
toKinds: ["epistemic_node"],
|
|
4759
|
-
toNodeTypes: ["question"],
|
|
4760
|
-
description: "Existing link_evidence_to_question semantics promoted to the create_edge policy source."
|
|
4761
|
-
}
|
|
4762
|
-
]
|
|
5750
|
+
policies: EDGE_TYPE_VALUES.map(publicEpistemicNodeEdgePolicy)
|
|
4763
5751
|
};
|
|
4764
5752
|
|
|
4765
5753
|
// ../contracts/src/tenant-client.contract.ts
|
|
@@ -4806,7 +5794,7 @@ var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
|
|
|
4806
5794
|
},
|
|
4807
5795
|
{
|
|
4808
5796
|
packageName: "@lucern/control-plane",
|
|
4809
|
-
role: "
|
|
5797
|
+
role: "component_runtime",
|
|
4810
5798
|
directTenantImport: false
|
|
4811
5799
|
},
|
|
4812
5800
|
{
|
|
@@ -4815,79 +5803,948 @@ var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
|
|
|
4815
5803
|
directTenantImport: false
|
|
4816
5804
|
},
|
|
4817
5805
|
{
|
|
4818
|
-
packageName: "@lucern/events",
|
|
4819
|
-
role: "sdk_dependency",
|
|
4820
|
-
directTenantImport: false
|
|
5806
|
+
packageName: "@lucern/events",
|
|
5807
|
+
role: "sdk_dependency",
|
|
5808
|
+
directTenantImport: false
|
|
5809
|
+
},
|
|
5810
|
+
{
|
|
5811
|
+
packageName: "@lucern/graph-primitives",
|
|
5812
|
+
role: "sdk_dependency",
|
|
5813
|
+
directTenantImport: false
|
|
5814
|
+
},
|
|
5815
|
+
{
|
|
5816
|
+
packageName: "@lucern/graph-sync",
|
|
5817
|
+
role: "host_addon_runtime",
|
|
5818
|
+
directTenantImport: true
|
|
5819
|
+
},
|
|
5820
|
+
{
|
|
5821
|
+
packageName: "@lucern/mcp",
|
|
5822
|
+
role: "runtime_entrypoint",
|
|
5823
|
+
directTenantImport: true
|
|
5824
|
+
},
|
|
5825
|
+
{
|
|
5826
|
+
packageName: "@lucern/pack-host",
|
|
5827
|
+
role: "platform_runtime",
|
|
5828
|
+
directTenantImport: false
|
|
5829
|
+
},
|
|
5830
|
+
{
|
|
5831
|
+
packageName: "@lucern/pack-installer",
|
|
5832
|
+
role: "developer_tool",
|
|
5833
|
+
directTenantImport: false
|
|
5834
|
+
},
|
|
5835
|
+
{
|
|
5836
|
+
packageName: "@lucern/proof-compiler",
|
|
5837
|
+
role: "developer_tool",
|
|
5838
|
+
directTenantImport: false
|
|
5839
|
+
},
|
|
5840
|
+
{
|
|
5841
|
+
packageName: "@lucern/react",
|
|
5842
|
+
role: "runtime_entrypoint",
|
|
5843
|
+
directTenantImport: true
|
|
5844
|
+
},
|
|
5845
|
+
{
|
|
5846
|
+
packageName: "@lucern/reasoning-kernel",
|
|
5847
|
+
role: "component_runtime",
|
|
5848
|
+
directTenantImport: false
|
|
5849
|
+
},
|
|
5850
|
+
{
|
|
5851
|
+
packageName: "@lucern/sdk",
|
|
5852
|
+
role: "runtime_entrypoint",
|
|
5853
|
+
directTenantImport: true
|
|
5854
|
+
},
|
|
5855
|
+
{
|
|
5856
|
+
packageName: "@lucern/secrets",
|
|
5857
|
+
role: "sdk_dependency",
|
|
5858
|
+
directTenantImport: false
|
|
5859
|
+
},
|
|
5860
|
+
{
|
|
5861
|
+
packageName: "@lucern/server-core",
|
|
5862
|
+
role: "platform_runtime",
|
|
5863
|
+
directTenantImport: false
|
|
5864
|
+
},
|
|
5865
|
+
{
|
|
5866
|
+
packageName: "@lucern/testing",
|
|
5867
|
+
role: "test_support",
|
|
5868
|
+
directTenantImport: false
|
|
5869
|
+
},
|
|
5870
|
+
{
|
|
5871
|
+
packageName: "@lucern/types",
|
|
5872
|
+
role: "contract_entrypoint",
|
|
5873
|
+
directTenantImport: true
|
|
5874
|
+
}
|
|
5875
|
+
];
|
|
5876
|
+
TENANT_CLIENT_INSTALLABLE_PACKAGES.map(
|
|
5877
|
+
(entry) => entry.packageName
|
|
5878
|
+
);
|
|
5879
|
+
|
|
5880
|
+
// ../contracts/src/infisical-runtime.contract.ts
|
|
5881
|
+
var INFISICAL_TENANT_SOFTWARE_SYSTEMS = [
|
|
5882
|
+
{
|
|
5883
|
+
id: "stack-frontend",
|
|
5884
|
+
tenantKey: "stack",
|
|
5885
|
+
workspaceKey: "frontend",
|
|
5886
|
+
vercelProjectName: "ai-chatbot-diao",
|
|
5887
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
5888
|
+
vercelProjectId: "prj_PihFw8kohSSw14nZs9YQV3xVo517",
|
|
5889
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
5890
|
+
repository: {
|
|
5891
|
+
owner: "stack-vc",
|
|
5892
|
+
name: "front-end"
|
|
5893
|
+
},
|
|
5894
|
+
sharedSourcePath: "/tenants/stack",
|
|
5895
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
5896
|
+
convex: {
|
|
5897
|
+
urlEnv: "CONVEX_FRONTEND_URL",
|
|
5898
|
+
deployKeyEnv: "CONVEX_FRONTEND_DEPLOY_KEY",
|
|
5899
|
+
preprodDeployment: "rugged-lobster-664",
|
|
5900
|
+
prodDeployment: "wonderful-toucan-0"
|
|
5901
|
+
}
|
|
5902
|
+
},
|
|
5903
|
+
{
|
|
5904
|
+
id: "stackos",
|
|
5905
|
+
tenantKey: "stack",
|
|
5906
|
+
workspaceKey: "stackos",
|
|
5907
|
+
vercelProjectName: "stackos",
|
|
5908
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
5909
|
+
vercelProjectId: "prj_rXLAL0Z6v9p1fasKbomby6GI7kau",
|
|
5910
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
5911
|
+
repository: {
|
|
5912
|
+
owner: "stack-vc",
|
|
5913
|
+
name: "stackos"
|
|
5914
|
+
},
|
|
5915
|
+
sharedSourcePath: "/tenants/stack",
|
|
5916
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
5917
|
+
convex: {
|
|
5918
|
+
urlEnv: "CONVEX_STACKOS_URL",
|
|
5919
|
+
deployKeyEnv: "CONVEX_STACKOS_DEPLOY_KEY",
|
|
5920
|
+
preprodDeployment: "giant-mandrill-761",
|
|
5921
|
+
prodDeployment: "good-snake-515"
|
|
5922
|
+
}
|
|
5923
|
+
},
|
|
5924
|
+
{
|
|
5925
|
+
id: "stack-eng",
|
|
5926
|
+
tenantKey: "stack",
|
|
5927
|
+
workspaceKey: "engineering",
|
|
5928
|
+
vercelProjectName: "stackos-engineering-graph",
|
|
5929
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
5930
|
+
vercelProjectId: "prj_zAU0Zn9GkbHjHI63dxW4vLpmoqTJ",
|
|
5931
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
5932
|
+
repository: {
|
|
5933
|
+
owner: "stack-vc",
|
|
5934
|
+
name: "stackos-engineering-graph"
|
|
5935
|
+
},
|
|
5936
|
+
sharedSourcePath: "/tenants/stack/engineering",
|
|
5937
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
5938
|
+
convex: {
|
|
5939
|
+
urlEnv: "CONVEX_STACK_ENG_URL",
|
|
5940
|
+
deployKeyEnv: "CONVEX_STACK_ENG_DEPLOY_KEY",
|
|
5941
|
+
preprodDeployment: "small-oyster-270",
|
|
5942
|
+
prodDeployment: "bold-cuttlefish-804"
|
|
5943
|
+
}
|
|
5944
|
+
},
|
|
5945
|
+
{
|
|
5946
|
+
id: "lucern-graph",
|
|
5947
|
+
tenantKey: "lucern",
|
|
5948
|
+
workspaceKey: "lucern",
|
|
5949
|
+
vercelProjectName: "lucern-graph",
|
|
5950
|
+
vercelTeamId: "team_vTHxxs8GAoAFUe6RWMlYt7fY",
|
|
5951
|
+
vercelProjectId: "prj_KJ8EKV8vGM5xURpqmwTwmECEGPgQ",
|
|
5952
|
+
vercelWriterTokenEnv: "LUCERN_VERCEL_TOKEN",
|
|
5953
|
+
repository: {
|
|
5954
|
+
owner: "LucernAI",
|
|
5955
|
+
name: "lucern-graph"
|
|
5956
|
+
},
|
|
5957
|
+
sharedSourcePath: "/tenants/lucern/shared",
|
|
5958
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
5959
|
+
convex: {
|
|
5960
|
+
urlEnv: "CONVEX_LUCERN_URL",
|
|
5961
|
+
deployKeyEnv: "CONVEX_LUCERN_DEPLOY_KEY",
|
|
5962
|
+
preprodDeployment: "good-blackbird-774",
|
|
5963
|
+
prodDeployment: "precious-dog-365"
|
|
5964
|
+
}
|
|
5965
|
+
}
|
|
5966
|
+
];
|
|
5967
|
+
var TENANT_SHARED_SECRET_DEFINITION_TEMPLATES = [
|
|
5968
|
+
{
|
|
5969
|
+
idSuffix: "clerk.publishable",
|
|
5970
|
+
canonicalName: "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY",
|
|
5971
|
+
aliases: ["CLERK_PUBLISHABLE_KEY"],
|
|
5972
|
+
required: true,
|
|
5973
|
+
secret: false,
|
|
5974
|
+
public: true,
|
|
5975
|
+
description: "Tenant-owned Clerk browser key. For Stack this is the master clerk.stack.vc project shared by front-end, StackOS, and the engineering workspace."
|
|
5976
|
+
},
|
|
5977
|
+
{
|
|
5978
|
+
idSuffix: "clerk.secret",
|
|
5979
|
+
canonicalName: "CLERK_SECRET_KEY",
|
|
5980
|
+
required: true,
|
|
5981
|
+
secret: true,
|
|
5982
|
+
public: false,
|
|
5983
|
+
description: "Tenant-owned Clerk backend secret used only by that tenant's server runtimes."
|
|
5984
|
+
},
|
|
5985
|
+
{
|
|
5986
|
+
idSuffix: "clerk.project",
|
|
5987
|
+
canonicalName: "CLERK_PROJECT_ID",
|
|
5988
|
+
required: true,
|
|
5989
|
+
secret: false,
|
|
5990
|
+
public: false,
|
|
5991
|
+
description: "Tenant-owned Clerk project id used to resolve canonical Clerk aliases."
|
|
5992
|
+
},
|
|
5993
|
+
{
|
|
5994
|
+
idSuffix: "clerk.jwks",
|
|
5995
|
+
canonicalName: "CLERK_JWT_ISSUER_DOMAIN",
|
|
5996
|
+
aliases: ["CLERK_ISSUER_URL", "CLERK_JWKS_URL"],
|
|
5997
|
+
required: false,
|
|
5998
|
+
secret: false,
|
|
5999
|
+
public: false,
|
|
6000
|
+
description: "Tenant Clerk issuer/JWKS URL consumed by Convex auth.config.ts."
|
|
6001
|
+
},
|
|
6002
|
+
{
|
|
6003
|
+
idSuffix: "clerk.jwt-key",
|
|
6004
|
+
canonicalName: "CLERK_JWT_KEY",
|
|
6005
|
+
required: false,
|
|
6006
|
+
secret: true,
|
|
6007
|
+
public: false,
|
|
6008
|
+
description: "Tenant Clerk JWT public verification key used by bearer-token API routes."
|
|
6009
|
+
},
|
|
6010
|
+
{
|
|
6011
|
+
idSuffix: "clerk.authorized-parties",
|
|
6012
|
+
canonicalName: "CLERK_AUTHORIZED_PARTIES",
|
|
6013
|
+
aliases: ["CLERK_MOBILE_AUTHORIZED_PARTIES"],
|
|
6014
|
+
required: false,
|
|
6015
|
+
secret: false,
|
|
6016
|
+
public: false,
|
|
6017
|
+
description: "Comma-separated Clerk authorized parties for browser and mobile bearer-token validation."
|
|
6018
|
+
},
|
|
6019
|
+
{
|
|
6020
|
+
idSuffix: "clerk.sign-in-url",
|
|
6021
|
+
canonicalName: "NEXT_PUBLIC_CLERK_SIGN_IN_URL",
|
|
6022
|
+
required: false,
|
|
6023
|
+
secret: false,
|
|
6024
|
+
public: true,
|
|
6025
|
+
description: "Tenant Clerk sign-in route for custom app login surfaces."
|
|
6026
|
+
},
|
|
6027
|
+
{
|
|
6028
|
+
idSuffix: "clerk.sign-up-url",
|
|
6029
|
+
canonicalName: "NEXT_PUBLIC_CLERK_SIGN_UP_URL",
|
|
6030
|
+
required: false,
|
|
6031
|
+
secret: false,
|
|
6032
|
+
public: true,
|
|
6033
|
+
description: "Tenant Clerk sign-up route for custom app login surfaces."
|
|
6034
|
+
}
|
|
6035
|
+
];
|
|
6036
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap(
|
|
6037
|
+
(system) => TENANT_SHARED_SECRET_DEFINITION_TEMPLATES.map(
|
|
6038
|
+
(template) => ({
|
|
6039
|
+
id: `tenant.${system.id}.${template.idSuffix}`,
|
|
6040
|
+
canonicalName: template.canonicalName,
|
|
6041
|
+
aliases: "aliases" in template ? template.aliases : void 0,
|
|
6042
|
+
owner: "tenant",
|
|
6043
|
+
scope: "tenant",
|
|
6044
|
+
sourcePath: system.sharedSourcePath,
|
|
6045
|
+
environmentPolicy: "environment_specific",
|
|
6046
|
+
required: template.required,
|
|
6047
|
+
secret: template.secret,
|
|
6048
|
+
public: template.public,
|
|
6049
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6050
|
+
destinations: [
|
|
6051
|
+
{
|
|
6052
|
+
kind: "vercel",
|
|
6053
|
+
target: system.vercelProjectName,
|
|
6054
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6055
|
+
},
|
|
6056
|
+
{
|
|
6057
|
+
kind: "convex",
|
|
6058
|
+
target: `${system.convex.preprodDeployment}|${system.convex.prodDeployment}`,
|
|
6059
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6060
|
+
}
|
|
6061
|
+
],
|
|
6062
|
+
description: `${system.tenantKey}/${system.workspaceKey}: ${template.description}`
|
|
6063
|
+
})
|
|
6064
|
+
)
|
|
6065
|
+
);
|
|
6066
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.map(
|
|
6067
|
+
(system) => ({
|
|
6068
|
+
id: `tenant.${system.id}.install-lucern-npm`,
|
|
6069
|
+
canonicalName: "INSTALL_LUCERN_NPM",
|
|
6070
|
+
owner: "provider",
|
|
6071
|
+
scope: "global",
|
|
6072
|
+
sourcePath: "/tenants/shared",
|
|
6073
|
+
environmentPolicy: "same_all_environments",
|
|
6074
|
+
required: true,
|
|
6075
|
+
secret: true,
|
|
6076
|
+
public: false,
|
|
6077
|
+
consumers: ["tenant-vercel-app", "tenant-deploy-tooling"],
|
|
6078
|
+
destinations: [
|
|
6079
|
+
{
|
|
6080
|
+
kind: "vercel",
|
|
6081
|
+
target: system.vercelProjectName,
|
|
6082
|
+
environmentPolicy: "same_all_environments"
|
|
6083
|
+
},
|
|
6084
|
+
{
|
|
6085
|
+
kind: "github_actions",
|
|
6086
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6087
|
+
environmentPolicy: "same_all_environments"
|
|
6088
|
+
}
|
|
6089
|
+
],
|
|
6090
|
+
description: `${system.tenantKey}/${system.workspaceKey}: read-only npm install token for published @lucern/* packages.`
|
|
6091
|
+
})
|
|
6092
|
+
);
|
|
6093
|
+
var TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS = ["stack-frontend", "stackos"];
|
|
6094
|
+
var TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES = [
|
|
6095
|
+
{
|
|
6096
|
+
idSuffix: "ai.openai-api-key",
|
|
6097
|
+
canonicalName: "OPENAI_API_KEY",
|
|
6098
|
+
required: false,
|
|
6099
|
+
secret: true,
|
|
6100
|
+
public: false,
|
|
6101
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6102
|
+
description: "Tenant-owned OpenAI key for product runtime LLM calls."
|
|
6103
|
+
},
|
|
6104
|
+
{
|
|
6105
|
+
idSuffix: "ai.anthropic-api-key",
|
|
6106
|
+
canonicalName: "ANTHROPIC_API_KEY",
|
|
6107
|
+
required: false,
|
|
6108
|
+
secret: true,
|
|
6109
|
+
public: false,
|
|
6110
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6111
|
+
description: "Tenant-owned Anthropic key for product runtime LLM calls."
|
|
6112
|
+
},
|
|
6113
|
+
{
|
|
6114
|
+
idSuffix: "ai.gemini-api-key",
|
|
6115
|
+
canonicalName: "GEMINI_API_KEY",
|
|
6116
|
+
aliases: ["GOOGLE_AI_API_KEY", "GOOGLE_GENERATIVE_AI_API_KEY"],
|
|
6117
|
+
required: false,
|
|
6118
|
+
secret: true,
|
|
6119
|
+
public: false,
|
|
6120
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6121
|
+
description: "Tenant-owned Google/Gemini key for product runtime LLM calls."
|
|
6122
|
+
},
|
|
6123
|
+
{
|
|
6124
|
+
idSuffix: "langfuse.secret-key",
|
|
6125
|
+
canonicalName: "LANGFUSE_SECRET_KEY",
|
|
6126
|
+
required: false,
|
|
6127
|
+
secret: true,
|
|
6128
|
+
public: false,
|
|
6129
|
+
consumers: [
|
|
6130
|
+
"tenant-vercel-app",
|
|
6131
|
+
"tenant-convex-deployment",
|
|
6132
|
+
"tenant-observability"
|
|
6133
|
+
],
|
|
6134
|
+
description: "Tenant-owned Langfuse secret key for product AI tracing."
|
|
6135
|
+
},
|
|
6136
|
+
{
|
|
6137
|
+
idSuffix: "langfuse.public-key",
|
|
6138
|
+
canonicalName: "LANGFUSE_PUBLIC_KEY",
|
|
6139
|
+
required: false,
|
|
6140
|
+
secret: false,
|
|
6141
|
+
public: false,
|
|
6142
|
+
consumers: [
|
|
6143
|
+
"tenant-vercel-app",
|
|
6144
|
+
"tenant-convex-deployment",
|
|
6145
|
+
"tenant-observability"
|
|
6146
|
+
],
|
|
6147
|
+
description: "Tenant-owned Langfuse public key for product AI tracing."
|
|
6148
|
+
},
|
|
6149
|
+
{
|
|
6150
|
+
idSuffix: "langfuse.base-url",
|
|
6151
|
+
canonicalName: "LANGFUSE_BASE_URL",
|
|
6152
|
+
aliases: ["LANGFUSE_BASEURL", "LANGFUSE_HOST"],
|
|
6153
|
+
required: false,
|
|
6154
|
+
secret: false,
|
|
6155
|
+
public: false,
|
|
6156
|
+
consumers: [
|
|
6157
|
+
"tenant-vercel-app",
|
|
6158
|
+
"tenant-convex-deployment",
|
|
6159
|
+
"tenant-observability"
|
|
6160
|
+
],
|
|
6161
|
+
description: "Tenant-owned Langfuse API origin."
|
|
6162
|
+
},
|
|
6163
|
+
{
|
|
6164
|
+
idSuffix: "graph.neo4j-uri",
|
|
6165
|
+
canonicalName: "NEO4J_URI",
|
|
6166
|
+
required: false,
|
|
6167
|
+
secret: false,
|
|
6168
|
+
public: false,
|
|
6169
|
+
consumers: [
|
|
6170
|
+
"tenant-vercel-app",
|
|
6171
|
+
"tenant-convex-deployment",
|
|
6172
|
+
"tenant-graph-sync"
|
|
6173
|
+
],
|
|
6174
|
+
description: "Tenant-owned Neo4j URI for product graph-sync."
|
|
6175
|
+
},
|
|
6176
|
+
{
|
|
6177
|
+
idSuffix: "graph.neo4j-user",
|
|
6178
|
+
canonicalName: "NEO4J_USER",
|
|
6179
|
+
aliases: ["NEO4J_USERNAME"],
|
|
6180
|
+
required: false,
|
|
6181
|
+
secret: false,
|
|
6182
|
+
public: false,
|
|
6183
|
+
consumers: [
|
|
6184
|
+
"tenant-vercel-app",
|
|
6185
|
+
"tenant-convex-deployment",
|
|
6186
|
+
"tenant-graph-sync"
|
|
6187
|
+
],
|
|
6188
|
+
description: "Tenant-owned Neo4j user for product graph-sync."
|
|
6189
|
+
},
|
|
6190
|
+
{
|
|
6191
|
+
idSuffix: "graph.neo4j-password",
|
|
6192
|
+
canonicalName: "NEO4J_PASSWORD",
|
|
6193
|
+
required: false,
|
|
6194
|
+
secret: true,
|
|
6195
|
+
public: false,
|
|
6196
|
+
consumers: [
|
|
6197
|
+
"tenant-vercel-app",
|
|
6198
|
+
"tenant-convex-deployment",
|
|
6199
|
+
"tenant-graph-sync"
|
|
6200
|
+
],
|
|
6201
|
+
description: "Tenant-owned Neo4j password for product graph-sync."
|
|
6202
|
+
},
|
|
6203
|
+
{
|
|
6204
|
+
idSuffix: "graph.neo4j-sync-secret",
|
|
6205
|
+
canonicalName: "NEO4J_SYNC_SECRET",
|
|
6206
|
+
required: false,
|
|
6207
|
+
secret: true,
|
|
6208
|
+
public: false,
|
|
6209
|
+
consumers: [
|
|
6210
|
+
"tenant-vercel-app",
|
|
6211
|
+
"tenant-convex-deployment",
|
|
6212
|
+
"tenant-graph-sync"
|
|
6213
|
+
],
|
|
6214
|
+
description: "Tenant-owned shared secret for product Convex-to-HTTP graph-sync calls."
|
|
6215
|
+
},
|
|
6216
|
+
{
|
|
6217
|
+
idSuffix: "graph.neo4j-database",
|
|
6218
|
+
canonicalName: "NEO4J_DATABASE",
|
|
6219
|
+
required: false,
|
|
6220
|
+
secret: false,
|
|
6221
|
+
public: false,
|
|
6222
|
+
consumers: [
|
|
6223
|
+
"tenant-vercel-app",
|
|
6224
|
+
"tenant-convex-deployment",
|
|
6225
|
+
"tenant-graph-sync"
|
|
6226
|
+
],
|
|
6227
|
+
description: "Tenant-owned Neo4j database name for product graph-sync."
|
|
6228
|
+
},
|
|
6229
|
+
{
|
|
6230
|
+
idSuffix: "vector.pinecone-api-key",
|
|
6231
|
+
canonicalName: "PINECONE_API_KEY",
|
|
6232
|
+
required: false,
|
|
6233
|
+
secret: true,
|
|
6234
|
+
public: false,
|
|
6235
|
+
consumers: [
|
|
6236
|
+
"tenant-vercel-app",
|
|
6237
|
+
"tenant-convex-deployment",
|
|
6238
|
+
"tenant-vector-store"
|
|
6239
|
+
],
|
|
6240
|
+
description: "Tenant-owned Pinecone API key for product vector search."
|
|
6241
|
+
},
|
|
6242
|
+
{
|
|
6243
|
+
idSuffix: "vector.pinecone-index-name",
|
|
6244
|
+
canonicalName: "PINECONE_INDEX_NAME",
|
|
6245
|
+
aliases: ["PINECONE_INDEX"],
|
|
6246
|
+
required: false,
|
|
6247
|
+
secret: false,
|
|
6248
|
+
public: false,
|
|
6249
|
+
consumers: [
|
|
6250
|
+
"tenant-vercel-app",
|
|
6251
|
+
"tenant-convex-deployment",
|
|
6252
|
+
"tenant-vector-store"
|
|
6253
|
+
],
|
|
6254
|
+
description: "Tenant-owned Pinecone index name for product vector search."
|
|
6255
|
+
},
|
|
6256
|
+
{
|
|
6257
|
+
idSuffix: "vector.pinecone-host",
|
|
6258
|
+
canonicalName: "PINECONE_HOST",
|
|
6259
|
+
aliases: ["PINECONE_INDEX_HOST"],
|
|
6260
|
+
required: false,
|
|
6261
|
+
secret: false,
|
|
6262
|
+
public: false,
|
|
6263
|
+
consumers: [
|
|
6264
|
+
"tenant-vercel-app",
|
|
6265
|
+
"tenant-convex-deployment",
|
|
6266
|
+
"tenant-vector-store"
|
|
6267
|
+
],
|
|
6268
|
+
description: "Tenant-owned Pinecone host for product vector search."
|
|
6269
|
+
},
|
|
6270
|
+
{
|
|
6271
|
+
idSuffix: "vector.pinecone-namespace",
|
|
6272
|
+
canonicalName: "PINECONE_NAMESPACE",
|
|
6273
|
+
required: false,
|
|
6274
|
+
secret: false,
|
|
6275
|
+
public: false,
|
|
6276
|
+
consumers: [
|
|
6277
|
+
"tenant-vercel-app",
|
|
6278
|
+
"tenant-convex-deployment",
|
|
6279
|
+
"tenant-vector-store"
|
|
6280
|
+
],
|
|
6281
|
+
description: "Tenant-owned Pinecone namespace for product vector search isolation."
|
|
6282
|
+
},
|
|
6283
|
+
{
|
|
6284
|
+
idSuffix: "storage.aws-access-key-id",
|
|
6285
|
+
canonicalName: "AWS_ACCESS_KEY_ID",
|
|
6286
|
+
required: false,
|
|
6287
|
+
secret: true,
|
|
6288
|
+
public: false,
|
|
6289
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6290
|
+
description: "Tenant-owned AWS access key id for document/file ingestion."
|
|
6291
|
+
},
|
|
6292
|
+
{
|
|
6293
|
+
idSuffix: "storage.aws-secret-access-key",
|
|
6294
|
+
canonicalName: "AWS_SECRET_ACCESS_KEY",
|
|
6295
|
+
required: false,
|
|
6296
|
+
secret: true,
|
|
6297
|
+
public: false,
|
|
6298
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6299
|
+
description: "Tenant-owned AWS secret access key for document/file ingestion."
|
|
6300
|
+
},
|
|
6301
|
+
{
|
|
6302
|
+
idSuffix: "storage.aws-region",
|
|
6303
|
+
canonicalName: "AWS_REGION",
|
|
6304
|
+
required: false,
|
|
6305
|
+
secret: false,
|
|
6306
|
+
public: false,
|
|
6307
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6308
|
+
description: "Tenant-owned AWS region for document/file ingestion."
|
|
4821
6309
|
},
|
|
4822
6310
|
{
|
|
4823
|
-
|
|
4824
|
-
|
|
4825
|
-
|
|
6311
|
+
idSuffix: "observability.sentry-dsn",
|
|
6312
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_DSN",
|
|
6313
|
+
aliases: ["NEXT_PUBLIC_SENTRY_DSN_NEXTJS", "SENTRY_DSN"],
|
|
6314
|
+
required: false,
|
|
6315
|
+
secret: false,
|
|
6316
|
+
public: true,
|
|
6317
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6318
|
+
description: "Tenant-owned Sentry DSN for app telemetry."
|
|
4826
6319
|
},
|
|
4827
6320
|
{
|
|
4828
|
-
|
|
4829
|
-
|
|
4830
|
-
|
|
6321
|
+
idSuffix: "observability.sentry-auth-token",
|
|
6322
|
+
canonicalName: "SENTRY_AUTH_TOKEN",
|
|
6323
|
+
required: false,
|
|
6324
|
+
secret: true,
|
|
6325
|
+
public: false,
|
|
6326
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6327
|
+
description: "Tenant-owned Sentry release token for app deployments."
|
|
4831
6328
|
},
|
|
4832
6329
|
{
|
|
4833
|
-
|
|
4834
|
-
|
|
4835
|
-
|
|
6330
|
+
idSuffix: "observability.sentry-org",
|
|
6331
|
+
canonicalName: "SENTRY_ORG",
|
|
6332
|
+
aliases: ["SENTRY_ORG_SLUG"],
|
|
6333
|
+
required: false,
|
|
6334
|
+
secret: false,
|
|
6335
|
+
public: false,
|
|
6336
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6337
|
+
description: "Tenant-owned Sentry org slug for release uploads."
|
|
4836
6338
|
},
|
|
4837
6339
|
{
|
|
4838
|
-
|
|
4839
|
-
|
|
4840
|
-
|
|
6340
|
+
idSuffix: "observability.sentry-project",
|
|
6341
|
+
canonicalName: "SENTRY_PROJECT",
|
|
6342
|
+
aliases: ["SENTRY_PROJECT_NEXTJS"],
|
|
6343
|
+
required: false,
|
|
6344
|
+
secret: false,
|
|
6345
|
+
public: false,
|
|
6346
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6347
|
+
description: "Tenant-owned Sentry project slug for release uploads."
|
|
4841
6348
|
},
|
|
4842
6349
|
{
|
|
4843
|
-
|
|
4844
|
-
|
|
4845
|
-
|
|
6350
|
+
idSuffix: "observability.sentry-environment",
|
|
6351
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_ENVIRONMENT",
|
|
6352
|
+
aliases: ["SENTRY_ENVIRONMENT"],
|
|
6353
|
+
required: false,
|
|
6354
|
+
secret: false,
|
|
6355
|
+
public: true,
|
|
6356
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6357
|
+
description: "Tenant-owned Sentry environment label."
|
|
4846
6358
|
},
|
|
4847
6359
|
{
|
|
4848
|
-
|
|
4849
|
-
|
|
4850
|
-
|
|
6360
|
+
idSuffix: "observability.sentry-release",
|
|
6361
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_RELEASE",
|
|
6362
|
+
aliases: ["SENTRY_RELEASE"],
|
|
6363
|
+
required: false,
|
|
6364
|
+
secret: false,
|
|
6365
|
+
public: true,
|
|
6366
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6367
|
+
description: "Tenant-owned Sentry release label."
|
|
4851
6368
|
},
|
|
4852
6369
|
{
|
|
4853
|
-
|
|
4854
|
-
|
|
4855
|
-
|
|
6370
|
+
idSuffix: "observability.sentry-client-options",
|
|
6371
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE",
|
|
6372
|
+
aliases: [
|
|
6373
|
+
"NEXT_PUBLIC_SENTRY_CAPTURE_CONSOLE_LEVELS",
|
|
6374
|
+
"NEXT_PUBLIC_SENTRY_CAPTURE_CONSOLE_LEVELS_NEXTJS",
|
|
6375
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_BREADCRUMB_LEVELS",
|
|
6376
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_BREADCRUMB_LEVELS_NEXTJS",
|
|
6377
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_LOG_LEVELS",
|
|
6378
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_LOG_LEVELS_NEXTJS",
|
|
6379
|
+
"NEXT_PUBLIC_SENTRY_ENABLE_LOGS",
|
|
6380
|
+
"NEXT_PUBLIC_SENTRY_REPLAYS_ON_ERROR_SAMPLE_RATE",
|
|
6381
|
+
"NEXT_PUBLIC_SENTRY_REPLAYS_SESSION_SAMPLE_RATE",
|
|
6382
|
+
"NEXT_PUBLIC_SENTRY_SEND_DEFAULT_PII",
|
|
6383
|
+
"NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE_NEXTJS"
|
|
6384
|
+
],
|
|
6385
|
+
required: false,
|
|
6386
|
+
secret: false,
|
|
6387
|
+
public: true,
|
|
6388
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6389
|
+
description: "Tenant-owned public Sentry tuning values for Next.js client instrumentation."
|
|
4856
6390
|
},
|
|
4857
6391
|
{
|
|
4858
|
-
|
|
4859
|
-
|
|
4860
|
-
|
|
6392
|
+
idSuffix: "observability.sentry-webhook-secret",
|
|
6393
|
+
canonicalName: "SENTRY_WEBHOOK_SECRET",
|
|
6394
|
+
required: false,
|
|
6395
|
+
secret: true,
|
|
6396
|
+
public: false,
|
|
6397
|
+
consumers: ["tenant-convex-deployment", "tenant-observability"],
|
|
6398
|
+
description: "Tenant-owned Sentry webhook verification secret."
|
|
4861
6399
|
},
|
|
4862
6400
|
{
|
|
4863
|
-
|
|
4864
|
-
|
|
4865
|
-
|
|
6401
|
+
idSuffix: "lucern.gateway-api-key",
|
|
6402
|
+
canonicalName: "LUCERN_API_KEY",
|
|
6403
|
+
aliases: ["STACK_API_KEY"],
|
|
6404
|
+
required: false,
|
|
6405
|
+
secret: true,
|
|
6406
|
+
public: false,
|
|
6407
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6408
|
+
description: "Tenant-scoped Lucern/MC gateway API key for product front-door calls."
|
|
4866
6409
|
},
|
|
4867
6410
|
{
|
|
4868
|
-
|
|
4869
|
-
|
|
4870
|
-
|
|
6411
|
+
idSuffix: "lucern.gateway-base-url",
|
|
6412
|
+
canonicalName: "LUCERN_BASE_URL",
|
|
6413
|
+
aliases: ["LUCERN_API_BASE_URL", "LUCERN_GATEWAY_BASE_URL"],
|
|
6414
|
+
required: false,
|
|
6415
|
+
secret: false,
|
|
6416
|
+
public: false,
|
|
6417
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6418
|
+
description: "Lucern/MC gateway base URL used by tenant product apps."
|
|
4871
6419
|
},
|
|
4872
6420
|
{
|
|
4873
|
-
|
|
4874
|
-
|
|
4875
|
-
|
|
6421
|
+
idSuffix: "lucern.proxy-token-secret",
|
|
6422
|
+
canonicalName: "LUCERN_PROXY_TOKEN_SECRET",
|
|
6423
|
+
required: false,
|
|
6424
|
+
secret: true,
|
|
6425
|
+
public: false,
|
|
6426
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6427
|
+
description: "Tenant-owned secret for signing internal proxy/session tokens in product apps."
|
|
4876
6428
|
},
|
|
4877
6429
|
{
|
|
4878
|
-
|
|
4879
|
-
|
|
4880
|
-
|
|
6430
|
+
idSuffix: "tenant.integrations.linear-api-key",
|
|
6431
|
+
canonicalName: "LINEAR_API_KEY",
|
|
6432
|
+
required: false,
|
|
6433
|
+
secret: true,
|
|
6434
|
+
public: false,
|
|
6435
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6436
|
+
description: "Tenant-owned Linear API key for support/slash-command flows."
|
|
4881
6437
|
},
|
|
4882
6438
|
{
|
|
4883
|
-
|
|
4884
|
-
|
|
4885
|
-
|
|
6439
|
+
idSuffix: "tenant.vercel.bypass-token",
|
|
6440
|
+
canonicalName: "VERCEL_AUTOMATION_BYPASS_SECRET",
|
|
6441
|
+
aliases: ["NEXT_PUBLIC_VERCEL_BYPASS_TOKEN"],
|
|
6442
|
+
required: false,
|
|
6443
|
+
secret: true,
|
|
6444
|
+
public: false,
|
|
6445
|
+
consumers: ["tenant-vercel-app", "tenant-deploy-tooling"],
|
|
6446
|
+
description: "Tenant-owned Vercel automation bypass token. Public alias is legacy and should be removed from app code."
|
|
4886
6447
|
}
|
|
4887
6448
|
];
|
|
4888
|
-
|
|
4889
|
-
(
|
|
6449
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.filter(
|
|
6450
|
+
(system) => TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS.includes(system.id)
|
|
6451
|
+
).flatMap(
|
|
6452
|
+
(system) => TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES.map(
|
|
6453
|
+
(template) => ({
|
|
6454
|
+
id: `tenant.${system.id}.${template.idSuffix}`,
|
|
6455
|
+
canonicalName: template.canonicalName,
|
|
6456
|
+
aliases: "aliases" in template ? template.aliases : void 0,
|
|
6457
|
+
owner: "tenant",
|
|
6458
|
+
scope: "tenant",
|
|
6459
|
+
sourcePath: system.sharedSourcePath,
|
|
6460
|
+
environmentPolicy: "environment_specific",
|
|
6461
|
+
required: template.required,
|
|
6462
|
+
secret: template.secret,
|
|
6463
|
+
public: template.public,
|
|
6464
|
+
consumers: template.consumers,
|
|
6465
|
+
destinations: [
|
|
6466
|
+
{
|
|
6467
|
+
kind: "vercel",
|
|
6468
|
+
target: system.vercelProjectName,
|
|
6469
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6470
|
+
},
|
|
6471
|
+
{
|
|
6472
|
+
kind: "convex",
|
|
6473
|
+
target: `${system.convex.preprodDeployment}|${system.convex.prodDeployment}`,
|
|
6474
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6475
|
+
},
|
|
6476
|
+
{
|
|
6477
|
+
kind: "github_actions",
|
|
6478
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6479
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6480
|
+
}
|
|
6481
|
+
],
|
|
6482
|
+
description: `${system.tenantKey}/${system.workspaceKey}: ${template.description}`
|
|
6483
|
+
})
|
|
6484
|
+
)
|
|
6485
|
+
);
|
|
6486
|
+
function tenantVercelConvexUrlWriteNames(system) {
|
|
6487
|
+
const names = [system.convex.urlEnv, "NEXT_PUBLIC_CONVEX_URL"];
|
|
6488
|
+
if (system.id === "stack-eng") {
|
|
6489
|
+
return [...names, "STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6490
|
+
}
|
|
6491
|
+
return names;
|
|
6492
|
+
}
|
|
6493
|
+
function tenantRepositoryConvexUrlWriteNames(system) {
|
|
6494
|
+
if (system.id === "stack-eng") {
|
|
6495
|
+
return [system.convex.urlEnv, "STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6496
|
+
}
|
|
6497
|
+
return [system.convex.urlEnv];
|
|
6498
|
+
}
|
|
6499
|
+
function tenantRepositoryConvexDeployKeyWriteNames(system) {
|
|
6500
|
+
if (system.id === "stack-eng") {
|
|
6501
|
+
return [system.convex.deployKeyEnv, "STACKOS_ENGINEERING_GRAPH_DEPLOY_KEY"];
|
|
6502
|
+
}
|
|
6503
|
+
return [system.convex.deployKeyEnv];
|
|
6504
|
+
}
|
|
6505
|
+
function tenantConvexUrlAliases(system) {
|
|
6506
|
+
if (system.id === "stack-frontend") {
|
|
6507
|
+
return [
|
|
6508
|
+
"CONVEX_PROD_URL",
|
|
6509
|
+
"CONVEX_STACK_V2_PROD_URL",
|
|
6510
|
+
"CONVEX_STACK_V2_STAGING_URL",
|
|
6511
|
+
"STACK_CONVEX_URL"
|
|
6512
|
+
];
|
|
6513
|
+
}
|
|
6514
|
+
if (system.id === "stackos") {
|
|
6515
|
+
return [
|
|
6516
|
+
"CONVEX_CLOUD_URL",
|
|
6517
|
+
"CONVEX_STACK_URL",
|
|
6518
|
+
"CONVEX_URL",
|
|
6519
|
+
"CONVEX_URL_DEVELOPMENT",
|
|
6520
|
+
"CONVEX_URL_PRODUCTION",
|
|
6521
|
+
"STACK_CONVEX_URL"
|
|
6522
|
+
];
|
|
6523
|
+
}
|
|
6524
|
+
if (system.id === "stack-eng") {
|
|
6525
|
+
return ["STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6526
|
+
}
|
|
6527
|
+
if (system.id === "lucern-graph") {
|
|
6528
|
+
return [
|
|
6529
|
+
"CONVEX_GRAPH_URL",
|
|
6530
|
+
"LUCERN_PROD_URL",
|
|
6531
|
+
"NEXT_PUBLIC_LUCERN_GRAPH_URL"
|
|
6532
|
+
];
|
|
6533
|
+
}
|
|
6534
|
+
return void 0;
|
|
6535
|
+
}
|
|
6536
|
+
function tenantConvexDeployKeyAliases(system) {
|
|
6537
|
+
if (system.id === "stack-frontend") {
|
|
6538
|
+
return [
|
|
6539
|
+
"CONVEX_STACK_V2_PROD_DEPLOY_KEY",
|
|
6540
|
+
"CONVEX_STACK_V2_STAGING_DEPLOY_KEY",
|
|
6541
|
+
"STACK_DEPLOY_KEY"
|
|
6542
|
+
];
|
|
6543
|
+
}
|
|
6544
|
+
if (system.id === "stackos") {
|
|
6545
|
+
return [
|
|
6546
|
+
"CONVEX_DEPLOY_KEY",
|
|
6547
|
+
"CONVEX_DEV_DEPLOY_KEY",
|
|
6548
|
+
"CONVEX_PROD_DEPLOY_KEY",
|
|
6549
|
+
"CONVEX_STACK_DEPLOY_KEY",
|
|
6550
|
+
"STACK_DEPLOY_KEY"
|
|
6551
|
+
];
|
|
6552
|
+
}
|
|
6553
|
+
if (system.id === "stack-eng") {
|
|
6554
|
+
return ["CONVEX_DEPLOY_KEY", "STACKOS_ENGINEERING_GRAPH_DEPLOY_KEY"];
|
|
6555
|
+
}
|
|
6556
|
+
if (system.id === "lucern-graph") {
|
|
6557
|
+
return [
|
|
6558
|
+
"CONVEX_DEPLOY_KEY",
|
|
6559
|
+
"CONVEX_GRAPH_DEPLOY_KEY",
|
|
6560
|
+
"LUCERN_CONVEX_DEPLOY_KEY",
|
|
6561
|
+
"LUCERN_DEV_DEPLOY_KEY",
|
|
6562
|
+
"LUCERN_PROD_DEPLOY_KEY"
|
|
6563
|
+
];
|
|
6564
|
+
}
|
|
6565
|
+
return void 0;
|
|
6566
|
+
}
|
|
6567
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap(
|
|
6568
|
+
(system) => {
|
|
6569
|
+
if (system.id === "lucern-graph") {
|
|
6570
|
+
return [
|
|
6571
|
+
{
|
|
6572
|
+
id: "tenant.lucern-graph.public.tenant-id",
|
|
6573
|
+
canonicalName: "NEXT_PUBLIC_LUCERN_GRAPH_TENANT_ID",
|
|
6574
|
+
aliases: ["NEXT_PUBLIC_LUCERN_TENANT_ID"],
|
|
6575
|
+
owner: "tenant",
|
|
6576
|
+
scope: "workspace",
|
|
6577
|
+
sourcePath: system.sharedSourcePath,
|
|
6578
|
+
environmentPolicy: "environment_specific",
|
|
6579
|
+
required: false,
|
|
6580
|
+
secret: false,
|
|
6581
|
+
public: true,
|
|
6582
|
+
consumers: ["tenant-vercel-app"],
|
|
6583
|
+
destinations: [
|
|
6584
|
+
{
|
|
6585
|
+
kind: "vercel",
|
|
6586
|
+
target: system.vercelProjectName,
|
|
6587
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6588
|
+
}
|
|
6589
|
+
],
|
|
6590
|
+
description: "Lucern graph public tenant id used by the standalone graph explorer."
|
|
6591
|
+
},
|
|
6592
|
+
{
|
|
6593
|
+
id: "tenant.lucern-graph.public.tenant-label",
|
|
6594
|
+
canonicalName: "NEXT_PUBLIC_LUCERN_GRAPH_TENANT_LABEL",
|
|
6595
|
+
owner: "tenant",
|
|
6596
|
+
scope: "workspace",
|
|
6597
|
+
sourcePath: system.sharedSourcePath,
|
|
6598
|
+
environmentPolicy: "environment_specific",
|
|
6599
|
+
required: false,
|
|
6600
|
+
secret: false,
|
|
6601
|
+
public: true,
|
|
6602
|
+
consumers: ["tenant-vercel-app"],
|
|
6603
|
+
destinations: [
|
|
6604
|
+
{
|
|
6605
|
+
kind: "vercel",
|
|
6606
|
+
target: system.vercelProjectName,
|
|
6607
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6608
|
+
}
|
|
6609
|
+
],
|
|
6610
|
+
description: "Lucern graph public tenant label used by the standalone graph explorer."
|
|
6611
|
+
}
|
|
6612
|
+
];
|
|
6613
|
+
}
|
|
6614
|
+
if (system.id === "stack-eng") {
|
|
6615
|
+
return [
|
|
6616
|
+
{
|
|
6617
|
+
id: "tenant.stack-eng.public.tenant-id",
|
|
6618
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_TENANT_ID",
|
|
6619
|
+
owner: "tenant",
|
|
6620
|
+
scope: "workspace",
|
|
6621
|
+
sourcePath: system.sharedSourcePath,
|
|
6622
|
+
environmentPolicy: "environment_specific",
|
|
6623
|
+
required: false,
|
|
6624
|
+
secret: false,
|
|
6625
|
+
public: true,
|
|
6626
|
+
consumers: ["tenant-vercel-app"],
|
|
6627
|
+
destinations: [
|
|
6628
|
+
{
|
|
6629
|
+
kind: "vercel",
|
|
6630
|
+
target: system.vercelProjectName,
|
|
6631
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6632
|
+
}
|
|
6633
|
+
],
|
|
6634
|
+
description: "Stack engineering graph public tenant id used by the graph explorer."
|
|
6635
|
+
},
|
|
6636
|
+
{
|
|
6637
|
+
id: "tenant.stack-eng.public.tenant-label",
|
|
6638
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_TENANT_LABEL",
|
|
6639
|
+
owner: "tenant",
|
|
6640
|
+
scope: "workspace",
|
|
6641
|
+
sourcePath: system.sharedSourcePath,
|
|
6642
|
+
environmentPolicy: "environment_specific",
|
|
6643
|
+
required: false,
|
|
6644
|
+
secret: false,
|
|
6645
|
+
public: true,
|
|
6646
|
+
consumers: ["tenant-vercel-app"],
|
|
6647
|
+
destinations: [
|
|
6648
|
+
{
|
|
6649
|
+
kind: "vercel",
|
|
6650
|
+
target: system.vercelProjectName,
|
|
6651
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6652
|
+
}
|
|
6653
|
+
],
|
|
6654
|
+
description: "Stack engineering graph public tenant label used by the graph explorer."
|
|
6655
|
+
},
|
|
6656
|
+
{
|
|
6657
|
+
id: "tenant.stack-eng.public.environment",
|
|
6658
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_ENV",
|
|
6659
|
+
owner: "tenant",
|
|
6660
|
+
scope: "workspace",
|
|
6661
|
+
sourcePath: system.sharedSourcePath,
|
|
6662
|
+
environmentPolicy: "environment_specific",
|
|
6663
|
+
required: false,
|
|
6664
|
+
secret: false,
|
|
6665
|
+
public: true,
|
|
6666
|
+
consumers: ["tenant-vercel-app"],
|
|
6667
|
+
destinations: [
|
|
6668
|
+
{
|
|
6669
|
+
kind: "vercel",
|
|
6670
|
+
target: system.vercelProjectName,
|
|
6671
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6672
|
+
}
|
|
6673
|
+
],
|
|
6674
|
+
description: "Stack engineering graph public environment label used by the graph explorer."
|
|
6675
|
+
}
|
|
6676
|
+
];
|
|
6677
|
+
}
|
|
6678
|
+
return [];
|
|
6679
|
+
}
|
|
4890
6680
|
);
|
|
6681
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap((system) => [
|
|
6682
|
+
{
|
|
6683
|
+
id: `tenant.${system.id}.convex.url`,
|
|
6684
|
+
canonicalName: system.convex.urlEnv,
|
|
6685
|
+
aliases: tenantConvexUrlAliases(system),
|
|
6686
|
+
owner: "tenant",
|
|
6687
|
+
scope: "software_system",
|
|
6688
|
+
sourcePath: system.sharedSourcePath,
|
|
6689
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6690
|
+
required: true,
|
|
6691
|
+
secret: false,
|
|
6692
|
+
public: false,
|
|
6693
|
+
consumers: [
|
|
6694
|
+
"tenant-vercel-app",
|
|
6695
|
+
"tenant-agent-runtime",
|
|
6696
|
+
"mc-operator-tooling"
|
|
6697
|
+
],
|
|
6698
|
+
destinations: [
|
|
6699
|
+
{
|
|
6700
|
+
kind: "vercel",
|
|
6701
|
+
target: system.vercelProjectName,
|
|
6702
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6703
|
+
writeNames: tenantVercelConvexUrlWriteNames(system)
|
|
6704
|
+
},
|
|
6705
|
+
{
|
|
6706
|
+
kind: "github_actions",
|
|
6707
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6708
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6709
|
+
writeNames: tenantRepositoryConvexUrlWriteNames(system),
|
|
6710
|
+
notes: "Only if that repository deploy/test workflow owns this software system."
|
|
6711
|
+
}
|
|
6712
|
+
],
|
|
6713
|
+
description: `${system.tenantKey}/${system.workspaceKey} Convex URL. Pre-prod resolves to ${system.convex.preprodDeployment}; prod resolves to ${system.convex.prodDeployment}.`
|
|
6714
|
+
},
|
|
6715
|
+
{
|
|
6716
|
+
id: `tenant.${system.id}.convex.deploy-key`,
|
|
6717
|
+
canonicalName: system.convex.deployKeyEnv,
|
|
6718
|
+
aliases: tenantConvexDeployKeyAliases(system),
|
|
6719
|
+
owner: "tenant",
|
|
6720
|
+
scope: "software_system",
|
|
6721
|
+
sourcePath: system.sharedSourcePath,
|
|
6722
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6723
|
+
required: true,
|
|
6724
|
+
secret: true,
|
|
6725
|
+
public: false,
|
|
6726
|
+
consumers: [
|
|
6727
|
+
"tenant-vercel-app",
|
|
6728
|
+
"tenant-agent-runtime",
|
|
6729
|
+
"mc-operator-tooling"
|
|
6730
|
+
],
|
|
6731
|
+
destinations: [
|
|
6732
|
+
{
|
|
6733
|
+
kind: "vercel",
|
|
6734
|
+
target: system.vercelProjectName,
|
|
6735
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6736
|
+
},
|
|
6737
|
+
{
|
|
6738
|
+
kind: "github_actions",
|
|
6739
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6740
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6741
|
+
writeNames: tenantRepositoryConvexDeployKeyWriteNames(system),
|
|
6742
|
+
notes: "Only if that repository deploy/test workflow owns this software system."
|
|
6743
|
+
}
|
|
6744
|
+
],
|
|
6745
|
+
description: `${system.tenantKey}/${system.workspaceKey} Convex deploy/admin key. Never route to sibling workspaces.`
|
|
6746
|
+
}
|
|
6747
|
+
]);
|
|
4891
6748
|
z.object({
|
|
4892
6749
|
manifestVersion: z.literal("1.0.0"),
|
|
4893
6750
|
rules: z.array(
|
|
@@ -4928,7 +6785,7 @@ var createEvidenceInputSchemaBase = z.object({
|
|
|
4928
6785
|
targetId: z.string().optional(),
|
|
4929
6786
|
targetNodeId: z.string().optional(),
|
|
4930
6787
|
linkedBeliefNodeId: z.string().optional(),
|
|
4931
|
-
evidenceRelation: z.enum(["supports", "contradicts"
|
|
6788
|
+
evidenceRelation: z.enum(["supports", "contradicts"]).optional(),
|
|
4932
6789
|
confidence: z.number().optional(),
|
|
4933
6790
|
weight: z.number().optional(),
|
|
4934
6791
|
reasoning: z.string().optional(),
|
|
@@ -5013,8 +6870,7 @@ var createEvidenceProjection = defineProjection({
|
|
|
5013
6870
|
evidenceRelation: v.optional(
|
|
5014
6871
|
v.union(
|
|
5015
6872
|
v.literal("supports"),
|
|
5016
|
-
v.literal("contradicts")
|
|
5017
|
-
v.literal("neutral")
|
|
6873
|
+
v.literal("contradicts")
|
|
5018
6874
|
)
|
|
5019
6875
|
),
|
|
5020
6876
|
confidence: v.optional(v.number()),
|
|
@@ -5039,7 +6895,7 @@ function compactRecord2(input) {
|
|
|
5039
6895
|
Object.entries(input).filter(([, value]) => value !== void 0)
|
|
5040
6896
|
);
|
|
5041
6897
|
}
|
|
5042
|
-
|
|
6898
|
+
defineProjection({
|
|
5043
6899
|
contractName: "list_beliefs",
|
|
5044
6900
|
inputSchema: listBeliefsInputSchema,
|
|
5045
6901
|
project: (input) => compactRecord2({
|
|
@@ -5063,12 +6919,17 @@ var listBeliefsProjection = defineProjection({
|
|
|
5063
6919
|
});
|
|
5064
6920
|
var taskStatusSchema = z.enum(["todo", "in_progress", "blocked", "done"]).optional().describe("Filter by task status");
|
|
5065
6921
|
var listTasksInputSchema = z.object({
|
|
5066
|
-
topicId: z.string().describe("Topic scope"),
|
|
6922
|
+
topicId: z.string().optional().describe("Topic scope"),
|
|
5067
6923
|
worktreeId: z.string().optional().describe("Alias for linkedWorktreeId"),
|
|
5068
6924
|
linkedWorktreeId: z.string().optional().describe("Filter to tasks linked to this worktree"),
|
|
5069
6925
|
status: taskStatusSchema,
|
|
5070
6926
|
limit: z.number().optional().describe("Maximum results")
|
|
5071
|
-
})
|
|
6927
|
+
}).refine(
|
|
6928
|
+
(input) => Boolean(input.topicId || input.worktreeId || input.linkedWorktreeId),
|
|
6929
|
+
{
|
|
6930
|
+
message: "topicId or worktreeId is required"
|
|
6931
|
+
}
|
|
6932
|
+
);
|
|
5072
6933
|
function compactRecord3(input) {
|
|
5073
6934
|
return Object.fromEntries(
|
|
5074
6935
|
Object.entries(input).filter(([, value]) => value !== void 0)
|
|
@@ -5085,7 +6946,7 @@ var listTasksProjection = defineProjection({
|
|
|
5085
6946
|
linkedWorktreeId: input.linkedWorktreeId ?? input.worktreeId
|
|
5086
6947
|
}),
|
|
5087
6948
|
convexArgsValidator: v.object({
|
|
5088
|
-
topicId: v.string(),
|
|
6949
|
+
topicId: v.optional(v.string()),
|
|
5089
6950
|
status: v.optional(
|
|
5090
6951
|
v.union(
|
|
5091
6952
|
v.literal("todo"),
|
|
@@ -6063,19 +7924,23 @@ var FIND_CONTRADICTIONS = {
|
|
|
6063
7924
|
};
|
|
6064
7925
|
var CREATE_EDGE = {
|
|
6065
7926
|
name: "create_edge",
|
|
6066
|
-
description: "Commit a typed relationship between two nodes in the reasoning graph. Like `git commit` \u2014 an atomic write that declares a dependency between nodes.
|
|
7927
|
+
description: "Commit a typed relationship between two nodes in the reasoning graph. Like `git commit` \u2014 an atomic write that declares a dependency between nodes. Accepts any public epistemic edge type between public graph node refs so agents can author the full spine.",
|
|
6067
7928
|
parameters: {
|
|
6068
|
-
|
|
6069
|
-
type: "
|
|
6070
|
-
description: "Source
|
|
7929
|
+
from: {
|
|
7930
|
+
type: "object",
|
|
7931
|
+
description: "Source graph ref, e.g. { kind: 'epistemic_node', nodeId: '...', nodeType: 'topic' }"
|
|
6071
7932
|
},
|
|
6072
|
-
|
|
6073
|
-
type: "
|
|
6074
|
-
description: "Target
|
|
7933
|
+
to: {
|
|
7934
|
+
type: "object",
|
|
7935
|
+
description: "Target graph ref, e.g. { kind: 'epistemic_node', nodeId: '...', nodeType: 'belief' }"
|
|
6075
7936
|
},
|
|
6076
7937
|
edgeType: {
|
|
6077
7938
|
type: "string",
|
|
6078
|
-
description: "Relationship type
|
|
7939
|
+
description: "Relationship type from the public epistemic edge enum."
|
|
7940
|
+
},
|
|
7941
|
+
globalId: {
|
|
7942
|
+
type: "string",
|
|
7943
|
+
description: "Optional idempotent edge global ID."
|
|
6079
7944
|
},
|
|
6080
7945
|
weight: {
|
|
6081
7946
|
type: "number",
|
|
@@ -6085,10 +7950,14 @@ var CREATE_EDGE = {
|
|
|
6085
7950
|
reasoningMethod: {
|
|
6086
7951
|
type: "string",
|
|
6087
7952
|
description: "How this was determined",
|
|
6088
|
-
enum: [
|
|
7953
|
+
enum: [...REASONING_METHODS]
|
|
7954
|
+
},
|
|
7955
|
+
metadata: {
|
|
7956
|
+
type: "object",
|
|
7957
|
+
description: "Optional edge metadata."
|
|
6089
7958
|
}
|
|
6090
7959
|
},
|
|
6091
|
-
required: ["
|
|
7960
|
+
required: ["from", "to", "edgeType"],
|
|
6092
7961
|
response: {
|
|
6093
7962
|
description: "The created edge",
|
|
6094
7963
|
fields: {
|
|
@@ -6102,6 +7971,240 @@ var CREATE_EDGE = {
|
|
|
6102
7971
|
ontologyPrimitive: "edge",
|
|
6103
7972
|
tier: "showcase"
|
|
6104
7973
|
};
|
|
7974
|
+
var UPDATE_EDGE = {
|
|
7975
|
+
name: "update_edge",
|
|
7976
|
+
description: "Amend metadata on an existing graph edge. Like `git commit --amend` \u2014 changes the edge annotation without recreating the relationship.",
|
|
7977
|
+
parameters: {
|
|
7978
|
+
edgeId: { type: "string", description: "Edge ID or global ID to update" },
|
|
7979
|
+
weight: { type: "number", description: "Updated edge weight" },
|
|
7980
|
+
confidence: { type: "number", description: "Updated confidence" },
|
|
7981
|
+
context: { type: "string", description: "Updated human-readable context" },
|
|
7982
|
+
derivationType: { type: "string", description: "Updated derivation type" },
|
|
7983
|
+
metadata: { type: "object", description: "Updated metadata" }
|
|
7984
|
+
},
|
|
7985
|
+
required: ["edgeId"],
|
|
7986
|
+
response: {
|
|
7987
|
+
description: "Edge update result",
|
|
7988
|
+
fields: { success: "boolean" }
|
|
7989
|
+
},
|
|
7990
|
+
ownerModule: "graph-primitives",
|
|
7991
|
+
ontologyPrimitive: "edge",
|
|
7992
|
+
tier: "workhorse"
|
|
7993
|
+
};
|
|
7994
|
+
var REMOVE_EDGE = {
|
|
7995
|
+
name: "remove_edge",
|
|
7996
|
+
description: "Remove one graph edge by ID. Like `git rm` \u2014 deletes a single explicit relationship from the spine.",
|
|
7997
|
+
parameters: {
|
|
7998
|
+
edgeId: { type: "string", description: "Edge ID or global ID to remove" }
|
|
7999
|
+
},
|
|
8000
|
+
required: ["edgeId"],
|
|
8001
|
+
response: {
|
|
8002
|
+
description: "Edge removal result",
|
|
8003
|
+
fields: { success: "boolean" }
|
|
8004
|
+
},
|
|
8005
|
+
ownerModule: "graph-primitives",
|
|
8006
|
+
ontologyPrimitive: "edge",
|
|
8007
|
+
tier: "workhorse"
|
|
8008
|
+
};
|
|
8009
|
+
var REMOVE_EDGES_BETWEEN = {
|
|
8010
|
+
name: "remove_edges_between",
|
|
8011
|
+
description: "Remove graph edges between two nodes. Like `git rm <pathspec>` \u2014 deletes relationships matching a source, target, and optional type.",
|
|
8012
|
+
parameters: {
|
|
8013
|
+
fromNodeId: { type: "string", description: "Source node ID or global ID" },
|
|
8014
|
+
toNodeId: { type: "string", description: "Target node ID or global ID" },
|
|
8015
|
+
edgeType: { type: "string", description: "Optional edge type filter" }
|
|
8016
|
+
},
|
|
8017
|
+
required: ["fromNodeId", "toNodeId"],
|
|
8018
|
+
response: {
|
|
8019
|
+
description: "Matched edge removal result",
|
|
8020
|
+
fields: { deleted: "number" }
|
|
8021
|
+
},
|
|
8022
|
+
ownerModule: "graph-primitives",
|
|
8023
|
+
ontologyPrimitive: "edge",
|
|
8024
|
+
tier: "workhorse"
|
|
8025
|
+
};
|
|
8026
|
+
var BATCH_CREATE_EDGES = {
|
|
8027
|
+
name: "batch_create_edges",
|
|
8028
|
+
description: "Commit multiple typed graph edges. Like `git commit` with many staged paths \u2014 writes a batch of explicit relationships atomically per edge.",
|
|
8029
|
+
parameters: {
|
|
8030
|
+
edges: {
|
|
8031
|
+
type: "array",
|
|
8032
|
+
description: "Edges to create, each with from, to, edgeType, and optional weight/confidence/context."
|
|
8033
|
+
},
|
|
8034
|
+
skipLayerValidation: {
|
|
8035
|
+
type: "boolean",
|
|
8036
|
+
description: "Skip kernel layer validation for trusted materialization flows."
|
|
8037
|
+
}
|
|
8038
|
+
},
|
|
8039
|
+
required: ["edges"],
|
|
8040
|
+
response: {
|
|
8041
|
+
description: "Batch edge creation result",
|
|
8042
|
+
fields: {
|
|
8043
|
+
created: "number",
|
|
8044
|
+
results: "array",
|
|
8045
|
+
errors: "array"
|
|
8046
|
+
}
|
|
8047
|
+
},
|
|
8048
|
+
ownerModule: "graph-primitives",
|
|
8049
|
+
ontologyPrimitive: "edge",
|
|
8050
|
+
tier: "workhorse"
|
|
8051
|
+
};
|
|
8052
|
+
var CREATE_EPISTEMIC_NODE = {
|
|
8053
|
+
name: "create_epistemic_node",
|
|
8054
|
+
description: "Commit a generic epistemic graph node. Like `git commit` \u2014 creates a canonical node in the public spine for topics, beliefs, evidence, questions, answers, sources, and entities.",
|
|
8055
|
+
parameters: {
|
|
8056
|
+
globalId: { type: "string", description: "Optional idempotent node global ID" },
|
|
8057
|
+
nodeType: { type: "string", description: "Public epistemic node type" },
|
|
8058
|
+
canonicalText: { type: "string", description: "Canonical node text" },
|
|
8059
|
+
text: { type: "string", description: "Alias for canonicalText" },
|
|
8060
|
+
contentHash: { type: "string", description: "Optional idempotency content hash" },
|
|
8061
|
+
sourceType: { type: "string", description: "Source type for provenance" },
|
|
8062
|
+
topicId: { type: "string", description: "Optional topic scope" },
|
|
8063
|
+
content: { type: "string", description: "Extended content" },
|
|
8064
|
+
title: { type: "string", description: "Display title" },
|
|
8065
|
+
metadata: { type: "object", description: "Optional node metadata" }
|
|
8066
|
+
},
|
|
8067
|
+
required: ["nodeType"],
|
|
8068
|
+
response: {
|
|
8069
|
+
description: "Created node result",
|
|
8070
|
+
fields: {
|
|
8071
|
+
nodeId: "string",
|
|
8072
|
+
nodeGlobalId: "string",
|
|
8073
|
+
isDuplicate: "boolean"
|
|
8074
|
+
}
|
|
8075
|
+
},
|
|
8076
|
+
ownerModule: "reasoning-kernel",
|
|
8077
|
+
ontologyPrimitive: "graph",
|
|
8078
|
+
tier: "showcase"
|
|
8079
|
+
};
|
|
8080
|
+
var GET_EPISTEMIC_NODE = {
|
|
8081
|
+
name: "get_epistemic_node",
|
|
8082
|
+
description: "Read one epistemic graph node. Like `git show` \u2014 resolves a canonical spine node by ID or global ID.",
|
|
8083
|
+
parameters: {
|
|
8084
|
+
nodeId: { type: "string", description: "Node ID or global ID" }
|
|
8085
|
+
},
|
|
8086
|
+
required: ["nodeId"],
|
|
8087
|
+
response: {
|
|
8088
|
+
description: "The resolved node",
|
|
8089
|
+
fields: { node: "object" }
|
|
8090
|
+
},
|
|
8091
|
+
ownerModule: "reasoning-kernel",
|
|
8092
|
+
ontologyPrimitive: "graph",
|
|
8093
|
+
tier: "workhorse"
|
|
8094
|
+
};
|
|
8095
|
+
var LIST_EPISTEMIC_NODES = {
|
|
8096
|
+
name: "list_epistemic_nodes",
|
|
8097
|
+
description: "List epistemic graph nodes. Like `git ls-tree` \u2014 lists canonical spine nodes by topic, type, status, or search query.",
|
|
8098
|
+
parameters: {
|
|
8099
|
+
topicId: { type: "string", description: "Optional topic scope" },
|
|
8100
|
+
nodeType: { type: "string", description: "Optional node type filter" },
|
|
8101
|
+
status: { type: "string", description: "Optional lifecycle status" },
|
|
8102
|
+
searchQuery: { type: "string", description: "Optional text search query" },
|
|
8103
|
+
limit: { type: "number", description: "Maximum nodes to return" }
|
|
8104
|
+
},
|
|
8105
|
+
required: [],
|
|
8106
|
+
response: {
|
|
8107
|
+
description: "Matching nodes",
|
|
8108
|
+
fields: { nodes: "array" }
|
|
8109
|
+
},
|
|
8110
|
+
ownerModule: "reasoning-kernel",
|
|
8111
|
+
ontologyPrimitive: "graph",
|
|
8112
|
+
tier: "workhorse"
|
|
8113
|
+
};
|
|
8114
|
+
var UPDATE_EPISTEMIC_NODE = {
|
|
8115
|
+
name: "update_epistemic_node",
|
|
8116
|
+
description: "Amend an epistemic graph node. Like `git commit --amend` \u2014 updates mutable node metadata, text, status, or verification fields.",
|
|
8117
|
+
parameters: {
|
|
8118
|
+
nodeId: { type: "string", description: "Node ID or global ID" },
|
|
8119
|
+
canonicalText: { type: "string", description: "Updated canonical text" },
|
|
8120
|
+
text: { type: "string", description: "Alias for canonicalText" },
|
|
8121
|
+
contentHash: { type: "string", description: "Updated content hash" },
|
|
8122
|
+
content: { type: "string", description: "Updated content" },
|
|
8123
|
+
title: { type: "string", description: "Updated display title" },
|
|
8124
|
+
metadata: { type: "object", description: "Updated metadata" },
|
|
8125
|
+
confidence: { type: "number", description: "Updated confidence" },
|
|
8126
|
+
verificationStatus: { type: "string", description: "Updated verification status" },
|
|
8127
|
+
status: { type: "string", description: "Updated lifecycle status" }
|
|
8128
|
+
},
|
|
8129
|
+
required: ["nodeId"],
|
|
8130
|
+
response: {
|
|
8131
|
+
description: "Node update result",
|
|
8132
|
+
fields: { success: "boolean" }
|
|
8133
|
+
},
|
|
8134
|
+
ownerModule: "reasoning-kernel",
|
|
8135
|
+
ontologyPrimitive: "graph",
|
|
8136
|
+
tier: "workhorse"
|
|
8137
|
+
};
|
|
8138
|
+
var ARCHIVE_EPISTEMIC_NODE = {
|
|
8139
|
+
name: "archive_epistemic_node",
|
|
8140
|
+
description: "Archive an epistemic graph node. Like `git rm --cached` \u2014 removes a node from active traversal without hard-deleting it.",
|
|
8141
|
+
parameters: {
|
|
8142
|
+
nodeId: { type: "string", description: "Node ID or global ID" }
|
|
8143
|
+
},
|
|
8144
|
+
required: ["nodeId"],
|
|
8145
|
+
response: {
|
|
8146
|
+
description: "Archive result",
|
|
8147
|
+
fields: { success: "boolean", effectiveStatus: "string" }
|
|
8148
|
+
},
|
|
8149
|
+
ownerModule: "reasoning-kernel",
|
|
8150
|
+
ontologyPrimitive: "graph",
|
|
8151
|
+
tier: "workhorse"
|
|
8152
|
+
};
|
|
8153
|
+
var VERIFY_EPISTEMIC_NODE = {
|
|
8154
|
+
name: "verify_epistemic_node",
|
|
8155
|
+
description: "Record verification state on an epistemic graph node. Like `git tag` \u2014 marks the node with a reviewed verification state.",
|
|
8156
|
+
parameters: {
|
|
8157
|
+
nodeId: { type: "string", description: "Node ID or global ID" },
|
|
8158
|
+
verificationStatus: { type: "string", description: "Verification status" },
|
|
8159
|
+
confidence: { type: "number", description: "Optional confidence update" }
|
|
8160
|
+
},
|
|
8161
|
+
required: ["nodeId", "verificationStatus"],
|
|
8162
|
+
response: {
|
|
8163
|
+
description: "Verification result",
|
|
8164
|
+
fields: { success: "boolean" }
|
|
8165
|
+
},
|
|
8166
|
+
ownerModule: "reasoning-kernel",
|
|
8167
|
+
ontologyPrimitive: "graph",
|
|
8168
|
+
tier: "workhorse"
|
|
8169
|
+
};
|
|
8170
|
+
var SUPERSEDE_EPISTEMIC_NODE = {
|
|
8171
|
+
name: "supersede_epistemic_node",
|
|
8172
|
+
description: "Supersede an epistemic graph node with a new version. Like `git commit --amend` on an immutable history branch \u2014 creates the replacement and marks the old node superseded.",
|
|
8173
|
+
parameters: {
|
|
8174
|
+
oldNodeId: { type: "string", description: "Node ID or global ID to supersede" },
|
|
8175
|
+
newGlobalId: { type: "string", description: "Optional replacement global ID" },
|
|
8176
|
+
newCanonicalText: { type: "string", description: "Replacement canonical text" },
|
|
8177
|
+
text: { type: "string", description: "Alias for newCanonicalText" },
|
|
8178
|
+
newContentHash: { type: "string", description: "Optional replacement content hash" },
|
|
8179
|
+
reason: { type: "string", description: "Reason for superseding" }
|
|
8180
|
+
},
|
|
8181
|
+
required: ["oldNodeId"],
|
|
8182
|
+
response: {
|
|
8183
|
+
description: "Supersede result",
|
|
8184
|
+
fields: { oldNodeId: "string", newNodeId: "string" }
|
|
8185
|
+
},
|
|
8186
|
+
ownerModule: "reasoning-kernel",
|
|
8187
|
+
ontologyPrimitive: "graph",
|
|
8188
|
+
tier: "workhorse"
|
|
8189
|
+
};
|
|
8190
|
+
var BATCH_CREATE_EPISTEMIC_NODES = {
|
|
8191
|
+
name: "batch_create_epistemic_nodes",
|
|
8192
|
+
description: "Commit multiple epistemic graph nodes. Like `git commit` with many staged files \u2014 writes a batch of canonical spine nodes.",
|
|
8193
|
+
parameters: {
|
|
8194
|
+
nodes: {
|
|
8195
|
+
type: "array",
|
|
8196
|
+
description: "Nodes to create with nodeType, canonicalText/text, and optional metadata."
|
|
8197
|
+
}
|
|
8198
|
+
},
|
|
8199
|
+
required: ["nodes"],
|
|
8200
|
+
response: {
|
|
8201
|
+
description: "Batch node creation result",
|
|
8202
|
+
fields: { created: "number", results: "array" }
|
|
8203
|
+
},
|
|
8204
|
+
ownerModule: "reasoning-kernel",
|
|
8205
|
+
ontologyPrimitive: "graph",
|
|
8206
|
+
tier: "workhorse"
|
|
8207
|
+
};
|
|
6105
8208
|
var RECORD_JUDGMENT = {
|
|
6106
8209
|
name: "record_judgment",
|
|
6107
8210
|
description: "Record a judgment \u2014 an irreversible commitment based on the current epistemic state. Like a `git tag` marking a release. A judgment synthesizes beliefs, evidence, and uncertainties into a determination. Once issued, a judgment is evaluated against the epistemic state that existed when it was made (knowledge horizon evaluation, Invariant #10).",
|
|
@@ -7301,8 +9404,8 @@ var IDENTITY_WHOAMI = {
|
|
|
7301
9404
|
response: {
|
|
7302
9405
|
description: "Canonical identity summary for the current session",
|
|
7303
9406
|
fields: {
|
|
7304
|
-
principalId: "string \u2014 canonical
|
|
7305
|
-
principalType: "string \u2014 human, service, or
|
|
9407
|
+
principalId: "string \u2014 canonical principal identifier; for humans this is the Clerk user_... ID",
|
|
9408
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
7306
9409
|
tenantId: "string | undefined \u2014 resolved tenant scope",
|
|
7307
9410
|
workspaceId: "string | undefined \u2014 resolved workspace scope",
|
|
7308
9411
|
scopes: "string[] | undefined \u2014 granted scopes for this session",
|
|
@@ -7313,6 +9416,49 @@ var IDENTITY_WHOAMI = {
|
|
|
7313
9416
|
ontologyPrimitive: "identity",
|
|
7314
9417
|
tier: "workhorse"
|
|
7315
9418
|
};
|
|
9419
|
+
var RESOLVE_INTERACTIVE_PRINCIPAL = {
|
|
9420
|
+
name: "resolve_interactive_principal",
|
|
9421
|
+
description: "Read the Permit-backed Lucern principal context for an authenticated Clerk user. Like `git config --get user.email` plus the repository ACL \u2014 resolves the Clerk subject into tenant/workspace authorization context.",
|
|
9422
|
+
parameters: {
|
|
9423
|
+
clerkId: {
|
|
9424
|
+
type: "string",
|
|
9425
|
+
description: "Authenticated Clerk subject (`sub`). Clerk proves identity only; it is not the authorization record."
|
|
9426
|
+
},
|
|
9427
|
+
tenantId: {
|
|
9428
|
+
type: "string",
|
|
9429
|
+
description: "Optional tenant scope. Omit only when the Clerk alias is globally unambiguous."
|
|
9430
|
+
},
|
|
9431
|
+
workspaceId: {
|
|
9432
|
+
type: "string",
|
|
9433
|
+
description: "Optional workspace scope. Required when the principal has access to multiple workspaces and no default can be inferred."
|
|
9434
|
+
},
|
|
9435
|
+
providerProjectId: {
|
|
9436
|
+
type: "string",
|
|
9437
|
+
description: "Optional Clerk project or provider instance id for tenants with multiple identity providers."
|
|
9438
|
+
}
|
|
9439
|
+
},
|
|
9440
|
+
required: ["clerkId"],
|
|
9441
|
+
response: {
|
|
9442
|
+
description: "Permit-backed Lucern principal context for tenant SDK bootstrap",
|
|
9443
|
+
fields: {
|
|
9444
|
+
principalId: "string \u2014 canonical Clerk user_... ID for human sessions",
|
|
9445
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
9446
|
+
clerkId: "string \u2014 authenticated Clerk subject alias",
|
|
9447
|
+
tenantId: "string \u2014 resolved tenant scope",
|
|
9448
|
+
workspaceId: "string | null \u2014 resolved workspace scope",
|
|
9449
|
+
roles: "string[] \u2014 effective Permit roles",
|
|
9450
|
+
scopes: "string[] \u2014 effective scopes derived from Permit/control-plane projection",
|
|
9451
|
+
groupIds: "string[] \u2014 active Permit group memberships",
|
|
9452
|
+
principalStatus: "string \u2014 active, invited, suspended, disabled, revoked, or missing",
|
|
9453
|
+
tenantStatus: "string \u2014 projected tenant resource status",
|
|
9454
|
+
workspaceStatus: "string \u2014 projected workspace resource status",
|
|
9455
|
+
permit: "object \u2014 Permit subject, tenant, and optional workspace tuple"
|
|
9456
|
+
}
|
|
9457
|
+
},
|
|
9458
|
+
ownerModule: "control-plane",
|
|
9459
|
+
ontologyPrimitive: "identity",
|
|
9460
|
+
tier: "workhorse"
|
|
9461
|
+
};
|
|
7316
9462
|
var COMPILE_CONTEXT = {
|
|
7317
9463
|
name: "compile_context",
|
|
7318
9464
|
description: "Compile a focused reasoning context. If topicId is omitted, Lucern resolves the best topic from the query. Like `git log --graph --decorate` for the reasoning substrate \u2014 returns the canonical Pillar 3 context pack through the public API shape.",
|
|
@@ -7574,6 +9720,10 @@ var CREATE_TASK = {
|
|
|
7574
9720
|
tags: {
|
|
7575
9721
|
type: "array",
|
|
7576
9722
|
description: "Free-form string tags"
|
|
9723
|
+
},
|
|
9724
|
+
metadata: {
|
|
9725
|
+
type: "object",
|
|
9726
|
+
description: "Structured task metadata for handoff context and routing hints"
|
|
7577
9727
|
}
|
|
7578
9728
|
},
|
|
7579
9729
|
required: ["title"],
|
|
@@ -7647,6 +9797,10 @@ var UPDATE_TASK = {
|
|
|
7647
9797
|
type: "string",
|
|
7648
9798
|
description: "Updated status",
|
|
7649
9799
|
enum: ["todo", "in_progress", "blocked", "done"]
|
|
9800
|
+
},
|
|
9801
|
+
metadata: {
|
|
9802
|
+
type: "object",
|
|
9803
|
+
description: "Structured task metadata to replace or refine"
|
|
7650
9804
|
}
|
|
7651
9805
|
},
|
|
7652
9806
|
required: ["taskId"],
|
|
@@ -7694,6 +9848,10 @@ var CREATE_TOPIC = {
|
|
|
7694
9848
|
name: "create_topic",
|
|
7695
9849
|
description: "Create a new topic container for scoping knowledge. Like `git init` \u2014 initializes a new repository for a knowledge domain. Topics are hierarchical: a deal topic can nest under a theme topic. Types: domain, theme, deal, strategy, constitution, project, portfolio.",
|
|
7696
9850
|
parameters: {
|
|
9851
|
+
globalId: {
|
|
9852
|
+
type: "string",
|
|
9853
|
+
description: "Optional idempotent topic global ID"
|
|
9854
|
+
},
|
|
7697
9855
|
name: { type: "string", description: "Topic name" },
|
|
7698
9856
|
type: {
|
|
7699
9857
|
type: "string",
|
|
@@ -7704,6 +9862,18 @@ var CREATE_TOPIC = {
|
|
|
7704
9862
|
type: "string",
|
|
7705
9863
|
description: "Optional parent topic for nesting"
|
|
7706
9864
|
},
|
|
9865
|
+
parentTopicGlobalId: {
|
|
9866
|
+
type: "string",
|
|
9867
|
+
description: "Optional parent topic global ID for nesting"
|
|
9868
|
+
},
|
|
9869
|
+
tenantId: { type: "string", description: "Optional tenant scope" },
|
|
9870
|
+
workspaceId: { type: "string", description: "Optional workspace scope" },
|
|
9871
|
+
visibility: {
|
|
9872
|
+
type: "string",
|
|
9873
|
+
description: "Topic visibility",
|
|
9874
|
+
enum: ["private", "team", "firm", "external", "public"]
|
|
9875
|
+
},
|
|
9876
|
+
metadata: { type: "object", description: "Optional topic metadata" },
|
|
7707
9877
|
createdBy: { type: "string", description: "Who created this topic" }
|
|
7708
9878
|
},
|
|
7709
9879
|
required: ["name", "type"],
|
|
@@ -7712,6 +9882,9 @@ var CREATE_TOPIC = {
|
|
|
7712
9882
|
fields: {
|
|
7713
9883
|
id: "string \u2014 topic ID",
|
|
7714
9884
|
globalId: "string \u2014 globally unique ID",
|
|
9885
|
+
topicGlobalId: "string \u2014 topic global ID",
|
|
9886
|
+
epistemicNodeId: "string \u2014 materialized topic node ID",
|
|
9887
|
+
epistemicNodeGlobalId: "string \u2014 materialized topic node global ID",
|
|
7715
9888
|
depth: "number \u2014 nesting depth"
|
|
7716
9889
|
}
|
|
7717
9890
|
},
|
|
@@ -7842,6 +10015,65 @@ var GET_TOPIC_TREE = {
|
|
|
7842
10015
|
ontologyPrimitive: "graph",
|
|
7843
10016
|
tier: "workhorse"
|
|
7844
10017
|
};
|
|
10018
|
+
var MATERIALIZE_TOPIC_GRAPH = {
|
|
10019
|
+
name: "materialize_topic_graph",
|
|
10020
|
+
description: "Backfill the topic graph spine. Like `git fsck --connectivity-only` with repair enabled \u2014 creates missing topic nodes and parent-child edges idempotently.",
|
|
10021
|
+
parameters: {
|
|
10022
|
+
rootTopicId: {
|
|
10023
|
+
type: "string",
|
|
10024
|
+
description: "Optional root topic for a bounded materialization pass"
|
|
10025
|
+
},
|
|
10026
|
+
dryRun: {
|
|
10027
|
+
type: "boolean",
|
|
10028
|
+
description: "When true, report missing rows without writing them"
|
|
10029
|
+
}
|
|
10030
|
+
},
|
|
10031
|
+
required: [],
|
|
10032
|
+
response: {
|
|
10033
|
+
description: "Topic graph materialization counts",
|
|
10034
|
+
fields: {
|
|
10035
|
+
topicsSeen: "number",
|
|
10036
|
+
nodesCreated: "number",
|
|
10037
|
+
nodesExisting: "number",
|
|
10038
|
+
edgesCreated: "number",
|
|
10039
|
+
edgesExisting: "number",
|
|
10040
|
+
errors: "array"
|
|
10041
|
+
}
|
|
10042
|
+
},
|
|
10043
|
+
ownerModule: "reasoning-kernel",
|
|
10044
|
+
ontologyPrimitive: "graph",
|
|
10045
|
+
tier: "workhorse"
|
|
10046
|
+
};
|
|
10047
|
+
var GET_TOPIC_GRAPH_SPINE = {
|
|
10048
|
+
name: "get_topic_graph_spine",
|
|
10049
|
+
description: "Verify the topic graph spine. Like `git fsck` \u2014 reads topics, materialized topic nodes, parent-child edges, and missing spine rows.",
|
|
10050
|
+
parameters: {
|
|
10051
|
+
rootTopicId: {
|
|
10052
|
+
type: "string",
|
|
10053
|
+
description: "Optional root topic for a bounded verifier pass"
|
|
10054
|
+
},
|
|
10055
|
+
includeTopicBeliefEdges: {
|
|
10056
|
+
type: "boolean",
|
|
10057
|
+
description: "Include topic -> belief edges in the verifier payload"
|
|
10058
|
+
}
|
|
10059
|
+
},
|
|
10060
|
+
required: [],
|
|
10061
|
+
response: {
|
|
10062
|
+
description: "Topic graph spine verification payload",
|
|
10063
|
+
fields: {
|
|
10064
|
+
ok: "boolean",
|
|
10065
|
+
counts: "object",
|
|
10066
|
+
topics: "array",
|
|
10067
|
+
topicNodes: "array",
|
|
10068
|
+
parentEdges: "array",
|
|
10069
|
+
missingTopicNodes: "array",
|
|
10070
|
+
missingParentEdges: "array"
|
|
10071
|
+
}
|
|
10072
|
+
},
|
|
10073
|
+
ownerModule: "reasoning-kernel",
|
|
10074
|
+
ontologyPrimitive: "graph",
|
|
10075
|
+
tier: "workhorse"
|
|
10076
|
+
};
|
|
7845
10077
|
var GET_CODE_CONTEXT = {
|
|
7846
10078
|
name: "get_code_context",
|
|
7847
10079
|
description: "Returns code-grounded beliefs, contracts, migration states, and failed attempts anchored to a specific file or function path. Like `git log -- <path>` \u2014 filters the knowledge graph to nodes anchored to a file path via metadata.codeAnchors. Results are separated by coding belief type: decisions, contracts, migrations, patterns, deprecations, and failures.",
|
|
@@ -8037,7 +10269,7 @@ var MANAGE_WRITE_POLICY = {
|
|
|
8037
10269
|
},
|
|
8038
10270
|
role: {
|
|
8039
10271
|
type: "string",
|
|
8040
|
-
description: "Role to set policy for (required for 'set'). E.g. 'agent:internal'
|
|
10272
|
+
description: "Role to set policy for (required for 'set'). E.g. 'agent:internal' or a Permit role key such as 'workspace_admin'."
|
|
8041
10273
|
},
|
|
8042
10274
|
permission: {
|
|
8043
10275
|
type: "string",
|
|
@@ -9024,6 +11256,9 @@ var BEGIN_BUILD_SESSION = {
|
|
|
9024
11256
|
sessionMode: "string \u2014 async | interactive",
|
|
9025
11257
|
targetBeliefIds: "array \u2014 scoped belief IDs",
|
|
9026
11258
|
targetQuestionIds: "array \u2014 scoped question IDs",
|
|
11259
|
+
taskIds: "array \u2014 assigned task IDs for this worktree",
|
|
11260
|
+
incompleteTaskIds: "array \u2014 assigned task IDs that still require done/deferred/blocked proof",
|
|
11261
|
+
tasks: "array \u2014 assigned task packet with id, title, status, priority, links, and summaries",
|
|
9027
11262
|
topBeliefs: "array \u2014 highest-confidence scoped beliefs",
|
|
9028
11263
|
openQuestions: "array \u2014 open scoped questions",
|
|
9029
11264
|
resolvedDecisions: "array \u2014 answered questions summarized for the session",
|
|
@@ -9079,6 +11314,19 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9079
11314
|
bisect_confidence: BISECT_CONFIDENCE,
|
|
9080
11315
|
// Edges (commit)
|
|
9081
11316
|
create_edge: CREATE_EDGE,
|
|
11317
|
+
update_edge: UPDATE_EDGE,
|
|
11318
|
+
remove_edge: REMOVE_EDGE,
|
|
11319
|
+
remove_edges_between: REMOVE_EDGES_BETWEEN,
|
|
11320
|
+
batch_create_edges: BATCH_CREATE_EDGES,
|
|
11321
|
+
// Epistemic node spine (commit/amend/show)
|
|
11322
|
+
create_epistemic_node: CREATE_EPISTEMIC_NODE,
|
|
11323
|
+
get_epistemic_node: GET_EPISTEMIC_NODE,
|
|
11324
|
+
list_epistemic_nodes: LIST_EPISTEMIC_NODES,
|
|
11325
|
+
update_epistemic_node: UPDATE_EPISTEMIC_NODE,
|
|
11326
|
+
archive_epistemic_node: ARCHIVE_EPISTEMIC_NODE,
|
|
11327
|
+
verify_epistemic_node: VERIFY_EPISTEMIC_NODE,
|
|
11328
|
+
supersede_epistemic_node: SUPERSEDE_EPISTEMIC_NODE,
|
|
11329
|
+
batch_create_epistemic_nodes: BATCH_CREATE_EPISTEMIC_NODES,
|
|
9082
11330
|
// Judgments (tag)
|
|
9083
11331
|
record_judgment: RECORD_JUDGMENT,
|
|
9084
11332
|
// Graph intelligence (showcase)
|
|
@@ -9113,6 +11361,7 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9113
11361
|
update_worktree_targets: UPDATE_WORKTREE_TARGETS,
|
|
9114
11362
|
update_worktree_metadata: UPDATE_WORKTREE_METADATA,
|
|
9115
11363
|
identity_whoami: IDENTITY_WHOAMI,
|
|
11364
|
+
resolve_interactive_principal: RESOLVE_INTERACTIVE_PRINCIPAL,
|
|
9116
11365
|
compile_context: COMPILE_CONTEXT,
|
|
9117
11366
|
record_scope_learning: RECORD_SCOPE_LEARNING,
|
|
9118
11367
|
pipeline_snapshot: PIPELINE_SNAPSHOT,
|
|
@@ -9152,6 +11401,8 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9152
11401
|
get_topic: GET_TOPIC,
|
|
9153
11402
|
update_topic: UPDATE_TOPIC,
|
|
9154
11403
|
get_topic_tree: GET_TOPIC_TREE,
|
|
11404
|
+
materialize_topic_graph: MATERIALIZE_TOPIC_GRAPH,
|
|
11405
|
+
get_topic_graph_spine: GET_TOPIC_GRAPH_SPINE,
|
|
9155
11406
|
// Coding intelligence (code-grounded knowledge)
|
|
9156
11407
|
get_code_context: GET_CODE_CONTEXT,
|
|
9157
11408
|
get_change_history: GET_CHANGE_HISTORY,
|
|
@@ -9228,6 +11479,7 @@ function entries(names, surfaceClass, surfaceIntent, surfaces, rationale) {
|
|
|
9228
11479
|
var MCP_CORE_OPERATION_NAMES = [
|
|
9229
11480
|
"compile_context",
|
|
9230
11481
|
"identity_whoami",
|
|
11482
|
+
"resolve_interactive_principal",
|
|
9231
11483
|
"check_permission",
|
|
9232
11484
|
"filter_by_permission",
|
|
9233
11485
|
"create_belief",
|
|
@@ -9256,14 +11508,28 @@ var MCP_CORE_OPERATION_NAMES = [
|
|
|
9256
11508
|
"find_missing_questions",
|
|
9257
11509
|
"get_high_priority_questions",
|
|
9258
11510
|
"get_falsification_questions",
|
|
11511
|
+
"create_epistemic_node",
|
|
11512
|
+
"get_epistemic_node",
|
|
11513
|
+
"list_epistemic_nodes",
|
|
11514
|
+
"update_epistemic_node",
|
|
11515
|
+
"archive_epistemic_node",
|
|
11516
|
+
"verify_epistemic_node",
|
|
11517
|
+
"supersede_epistemic_node",
|
|
11518
|
+
"batch_create_epistemic_nodes",
|
|
9259
11519
|
"create_topic",
|
|
9260
11520
|
"get_topic",
|
|
9261
11521
|
"list_topics",
|
|
9262
11522
|
"update_topic",
|
|
9263
|
-
"get_topic_tree"
|
|
11523
|
+
"get_topic_tree",
|
|
11524
|
+
"materialize_topic_graph",
|
|
11525
|
+
"get_topic_graph_spine"
|
|
9264
11526
|
];
|
|
9265
11527
|
var MCP_ANALYSIS_PLATFORM_OPERATION_NAMES = [
|
|
9266
11528
|
"create_edge",
|
|
11529
|
+
"update_edge",
|
|
11530
|
+
"remove_edge",
|
|
11531
|
+
"remove_edges_between",
|
|
11532
|
+
"batch_create_edges",
|
|
9267
11533
|
"query_lineage",
|
|
9268
11534
|
"traverse_graph",
|
|
9269
11535
|
"get_graph_neighborhood",
|
|
@@ -9595,12 +11861,20 @@ function unwrapMcpParameterSchema(schema) {
|
|
|
9595
11861
|
current = current._def.schema;
|
|
9596
11862
|
continue;
|
|
9597
11863
|
default:
|
|
9598
|
-
return {
|
|
11864
|
+
return {
|
|
11865
|
+
schema: current,
|
|
11866
|
+
required,
|
|
11867
|
+
description: description ?? current.description
|
|
11868
|
+
};
|
|
9599
11869
|
}
|
|
9600
11870
|
}
|
|
9601
11871
|
}
|
|
9602
11872
|
function mcpParameterFromZod(fieldName, schema, contractName) {
|
|
9603
|
-
const {
|
|
11873
|
+
const {
|
|
11874
|
+
schema: unwrapped,
|
|
11875
|
+
required,
|
|
11876
|
+
description: schemaDescription
|
|
11877
|
+
} = unwrapMcpParameterSchema(schema);
|
|
9604
11878
|
const description = schemaDescription ?? unwrapped.description ?? fieldName;
|
|
9605
11879
|
switch (unwrapped._def.typeName) {
|
|
9606
11880
|
case z.ZodFirstPartyTypeKind.ZodString:
|
|
@@ -9645,10 +11919,12 @@ function mcpContractFromArgsSchema(base, args, contractName) {
|
|
|
9645
11919
|
const entries2 = Object.entries(getObjectShape(args)).sort(
|
|
9646
11920
|
([left], [right]) => left.localeCompare(right)
|
|
9647
11921
|
);
|
|
9648
|
-
const converted = entries2.map(
|
|
9649
|
-
fieldName,
|
|
9650
|
-
|
|
9651
|
-
|
|
11922
|
+
const converted = entries2.map(
|
|
11923
|
+
([fieldName, schema]) => [
|
|
11924
|
+
fieldName,
|
|
11925
|
+
mcpParameterFromZod(fieldName, schema, contractName)
|
|
11926
|
+
]
|
|
11927
|
+
);
|
|
9652
11928
|
return {
|
|
9653
11929
|
...base,
|
|
9654
11930
|
parameters: Object.fromEntries(
|
|
@@ -9757,9 +12033,16 @@ function surfaceContract(args) {
|
|
|
9757
12033
|
scopes: args.scopes ?? [
|
|
9758
12034
|
args.kind === "query" ? `${args.domain}.read` : `${args.domain}.write`
|
|
9759
12035
|
],
|
|
9760
|
-
allowedPrincipalTypes: [
|
|
12036
|
+
allowedPrincipalTypes: [
|
|
12037
|
+
"user",
|
|
12038
|
+
"service",
|
|
12039
|
+
"agent",
|
|
12040
|
+
"group",
|
|
12041
|
+
"external_viewer"
|
|
12042
|
+
]
|
|
9761
12043
|
},
|
|
9762
12044
|
convex: args.convex,
|
|
12045
|
+
gateway: args.gateway,
|
|
9763
12046
|
args: canonicalArgs,
|
|
9764
12047
|
returns: canonicalReturns,
|
|
9765
12048
|
input,
|
|
@@ -9898,8 +12181,6 @@ var contextContracts = [
|
|
|
9898
12181
|
args: observationContextArgs
|
|
9899
12182
|
})
|
|
9900
12183
|
];
|
|
9901
|
-
|
|
9902
|
-
// ../contracts/src/function-registry/identity.ts
|
|
9903
12184
|
var withPrincipal = (input, context) => ({
|
|
9904
12185
|
...input,
|
|
9905
12186
|
tenantId: input.tenantId ?? context.tenantId,
|
|
@@ -9918,11 +12199,30 @@ var identityContracts = [
|
|
|
9918
12199
|
sdkNamespace: "identity",
|
|
9919
12200
|
sdkMethod: "whoami",
|
|
9920
12201
|
summary: "Describe the current gateway principal.",
|
|
12202
|
+
gateway: {
|
|
12203
|
+
handler: "identity.whoami"
|
|
12204
|
+
}
|
|
12205
|
+
}),
|
|
12206
|
+
surfaceContract({
|
|
12207
|
+
name: "resolve_interactive_principal",
|
|
12208
|
+
kind: "query",
|
|
12209
|
+
domain: "controlPlane",
|
|
12210
|
+
surfaceClass: "platform_public",
|
|
12211
|
+
method: "POST",
|
|
12212
|
+
path: "/control-plane/identity/resolve-interactive-principal",
|
|
12213
|
+
sdkNamespace: "controlPlane.identity",
|
|
12214
|
+
sdkMethod: "resolveInteractivePrincipal",
|
|
12215
|
+
summary: "Resolve an authenticated Clerk user into a Permit-backed Lucern principal context.",
|
|
12216
|
+
args: z.object({
|
|
12217
|
+
clerkId: z.string().min(1),
|
|
12218
|
+
tenantId: z.string().min(1).optional(),
|
|
12219
|
+
workspaceId: z.string().min(1).optional(),
|
|
12220
|
+
providerProjectId: z.string().min(1).optional()
|
|
12221
|
+
}),
|
|
9921
12222
|
convex: {
|
|
9922
|
-
module: "
|
|
9923
|
-
functionName: "
|
|
9924
|
-
kind: "query"
|
|
9925
|
-
inputProjection: withPrincipal
|
|
12223
|
+
module: "platform",
|
|
12224
|
+
functionName: "resolveInteractivePrincipal",
|
|
12225
|
+
kind: "query"
|
|
9926
12226
|
}
|
|
9927
12227
|
}),
|
|
9928
12228
|
surfaceContract({
|
|
@@ -10004,15 +12304,6 @@ var beliefLookupInput = (input) => compactRecord4({
|
|
|
10004
12304
|
var beliefNodeInput = (input) => compactRecord4({
|
|
10005
12305
|
nodeId: input.nodeId ?? input.id ?? input.beliefId
|
|
10006
12306
|
});
|
|
10007
|
-
var beliefTopicInput = (input) => {
|
|
10008
|
-
const parsed = listBeliefsProjection.inputSchema.safeParse(input);
|
|
10009
|
-
if (!parsed.success) {
|
|
10010
|
-
throw new Error(
|
|
10011
|
-
`list_beliefs projection input rejected: ${parsed.error.message}`
|
|
10012
|
-
);
|
|
10013
|
-
}
|
|
10014
|
-
return compactRecord4(listBeliefsProjection.project(parsed.data));
|
|
10015
|
-
};
|
|
10016
12307
|
var createBeliefInput = (input, context) => {
|
|
10017
12308
|
return withUserId(
|
|
10018
12309
|
compactRecord4({
|
|
@@ -10101,11 +12392,8 @@ var beliefsContracts = [
|
|
|
10101
12392
|
sdkNamespace: "beliefs",
|
|
10102
12393
|
sdkMethod: "listBeliefs",
|
|
10103
12394
|
summary: "List beliefs for a topic.",
|
|
10104
|
-
|
|
10105
|
-
|
|
10106
|
-
functionName: "getByTopic",
|
|
10107
|
-
kind: "query",
|
|
10108
|
-
inputProjection: beliefTopicInput
|
|
12395
|
+
gateway: {
|
|
12396
|
+
handler: "beliefs.list"
|
|
10109
12397
|
},
|
|
10110
12398
|
args: listBeliefsInputSchema
|
|
10111
12399
|
}),
|
|
@@ -10246,7 +12534,7 @@ var beliefsContracts = [
|
|
|
10246
12534
|
})
|
|
10247
12535
|
];
|
|
10248
12536
|
var jsonRecordSchema4 = z.record(z.unknown());
|
|
10249
|
-
var evidenceRelationSchema = z.enum(["supports", "contradicts"
|
|
12537
|
+
var evidenceRelationSchema = z.enum(["supports", "contradicts"]);
|
|
10250
12538
|
var createEvidenceArgs = z.object({
|
|
10251
12539
|
topicId: z.string().optional().describe("Topic scope for the evidence."),
|
|
10252
12540
|
text: z.string().describe("Canonical evidence text."),
|
|
@@ -10290,12 +12578,6 @@ var evidenceIdInput = (input) => compactRecord4({
|
|
|
10290
12578
|
insightId: input.insightId,
|
|
10291
12579
|
nodeId: input.nodeId ?? input.id ?? input.evidenceId
|
|
10292
12580
|
});
|
|
10293
|
-
var evidenceTopicInput = (input) => compactRecord4({
|
|
10294
|
-
topicId: input.topicId,
|
|
10295
|
-
status: input.status,
|
|
10296
|
-
userId: input.userId,
|
|
10297
|
-
limit: input.limit
|
|
10298
|
-
});
|
|
10299
12581
|
var createEvidenceInput = (input, context) => {
|
|
10300
12582
|
const parsed = createEvidenceProjection.inputSchema.safeParse(input);
|
|
10301
12583
|
if (!parsed.success) {
|
|
@@ -10312,12 +12594,12 @@ var linkEvidenceToBeliefEdgeInput = (input, context) => withCreatedBy(
|
|
|
10312
12594
|
compactRecord4({
|
|
10313
12595
|
fromNodeId: input.insightId ?? input.evidenceNodeId ?? input.evidenceId,
|
|
10314
12596
|
toNodeId: input.beliefNodeId ?? input.beliefId ?? input.targetId,
|
|
10315
|
-
edgeType: "
|
|
12597
|
+
edgeType: "informs",
|
|
10316
12598
|
globalId: input.globalId ?? `edge:${String(
|
|
10317
12599
|
input.insightId ?? input.evidenceNodeId ?? input.evidenceId
|
|
10318
12600
|
)}:${String(
|
|
10319
12601
|
input.beliefNodeId ?? input.beliefId ?? input.targetId
|
|
10320
|
-
)}:
|
|
12602
|
+
)}:informs`,
|
|
10321
12603
|
weight: typeof input.weight === "number" ? input.weight : input.type === "contradicting" ? -1 : 1,
|
|
10322
12604
|
context: input.rationale ?? input.context,
|
|
10323
12605
|
skipLayerValidation: true,
|
|
@@ -10330,12 +12612,12 @@ var linkEvidenceToQuestionEdgeInput = (input, context) => withCreatedBy(
|
|
|
10330
12612
|
compactRecord4({
|
|
10331
12613
|
fromNodeId: input.insightId ?? input.evidenceNodeId ?? input.evidenceId,
|
|
10332
12614
|
toNodeId: input.questionId ?? input.questionNodeId ?? input.targetId,
|
|
10333
|
-
edgeType: "
|
|
12615
|
+
edgeType: "responds_to",
|
|
10334
12616
|
globalId: input.globalId ?? `edge:${String(
|
|
10335
12617
|
input.insightId ?? input.evidenceNodeId ?? input.evidenceId
|
|
10336
12618
|
)}:${String(
|
|
10337
12619
|
input.questionId ?? input.questionNodeId ?? input.targetId
|
|
10338
|
-
)}:
|
|
12620
|
+
)}:responds_to`,
|
|
10339
12621
|
weight: input.impactScore ?? input.weight,
|
|
10340
12622
|
context: input.rationale ?? input.context,
|
|
10341
12623
|
skipLayerValidation: true,
|
|
@@ -10426,11 +12708,8 @@ var evidenceContracts = [
|
|
|
10426
12708
|
sdkNamespace: "evidence",
|
|
10427
12709
|
sdkMethod: "listEvidence",
|
|
10428
12710
|
summary: "List evidence for a topic.",
|
|
10429
|
-
|
|
10430
|
-
|
|
10431
|
-
functionName: "getByTopic",
|
|
10432
|
-
kind: "query",
|
|
10433
|
-
inputProjection: evidenceTopicInput
|
|
12711
|
+
gateway: {
|
|
12712
|
+
handler: "evidence.list"
|
|
10434
12713
|
}
|
|
10435
12714
|
}),
|
|
10436
12715
|
surfaceContract({
|
|
@@ -10665,11 +12944,8 @@ var questionsContracts = [
|
|
|
10665
12944
|
sdkNamespace: "questions",
|
|
10666
12945
|
sdkMethod: "listQuestions",
|
|
10667
12946
|
summary: "List questions for a topic.",
|
|
10668
|
-
|
|
10669
|
-
|
|
10670
|
-
functionName: "getByTopic",
|
|
10671
|
-
kind: "query",
|
|
10672
|
-
inputProjection: questionTopicInput
|
|
12947
|
+
gateway: {
|
|
12948
|
+
handler: "questions.list"
|
|
10673
12949
|
}
|
|
10674
12950
|
}),
|
|
10675
12951
|
surfaceContract({
|
|
@@ -10872,18 +13148,50 @@ var questionsContracts = [
|
|
|
10872
13148
|
args: falsificationQuestionsArgs
|
|
10873
13149
|
})
|
|
10874
13150
|
];
|
|
13151
|
+
var topicVisibilitySchema = z.enum([
|
|
13152
|
+
"private",
|
|
13153
|
+
"team",
|
|
13154
|
+
"firm",
|
|
13155
|
+
"external",
|
|
13156
|
+
"public"
|
|
13157
|
+
]);
|
|
13158
|
+
var topicStatusSchema = z.enum(["active", "archived", "watching"]);
|
|
13159
|
+
var createTopicArgs = z.object({
|
|
13160
|
+
globalId: z.string().optional().describe("Optional idempotent topic global ID."),
|
|
13161
|
+
name: z.string().describe("Topic name."),
|
|
13162
|
+
description: z.string().optional().describe("Topic description."),
|
|
13163
|
+
type: z.string().describe("Topic type."),
|
|
13164
|
+
parentTopicId: z.string().optional().describe("Optional parent topic ID."),
|
|
13165
|
+
parentTopicGlobalId: z.string().optional().describe("Optional parent topic global ID."),
|
|
13166
|
+
ontologyId: z.string().optional().describe("Ontology to bind."),
|
|
13167
|
+
tenantId: z.string().optional().describe("Optional tenant scope."),
|
|
13168
|
+
workspaceId: z.string().optional().describe("Optional workspace scope."),
|
|
13169
|
+
visibility: topicVisibilitySchema.optional().describe("Topic visibility."),
|
|
13170
|
+
metadata: z.record(z.unknown()).optional().describe("Topic metadata."),
|
|
13171
|
+
graphScopeProjectId: z.string().optional(),
|
|
13172
|
+
createdBy: z.string().optional()
|
|
13173
|
+
});
|
|
10875
13174
|
var updateTopicArgs = z.object({
|
|
10876
13175
|
id: z.string().describe("Topic ID."),
|
|
10877
13176
|
topicId: z.string().optional().describe("Topic ID alias."),
|
|
10878
13177
|
name: z.string().optional().describe("Topic name."),
|
|
10879
13178
|
description: z.string().optional().describe("Topic description."),
|
|
10880
13179
|
type: z.string().optional().describe("Topic type."),
|
|
10881
|
-
status:
|
|
10882
|
-
visibility:
|
|
13180
|
+
status: topicStatusSchema.optional().describe("Topic status."),
|
|
13181
|
+
visibility: topicVisibilitySchema.optional().describe("Topic visibility."),
|
|
10883
13182
|
ontologyId: z.string().optional().describe("Ontology to bind."),
|
|
10884
13183
|
clearOntologyId: z.boolean().optional().describe("Whether to clear the ontology binding."),
|
|
10885
13184
|
metadata: z.record(z.unknown()).optional().describe("Topic metadata.")
|
|
10886
13185
|
});
|
|
13186
|
+
var materializeTopicGraphArgs = z.object({
|
|
13187
|
+
rootTopicId: z.string().optional().describe("Optional root topic ID."),
|
|
13188
|
+
dryRun: z.boolean().optional().describe("Report missing rows without writing."),
|
|
13189
|
+
createdBy: z.string().optional()
|
|
13190
|
+
});
|
|
13191
|
+
var getTopicGraphSpineArgs = z.object({
|
|
13192
|
+
rootTopicId: z.string().optional().describe("Optional root topic ID."),
|
|
13193
|
+
includeTopicBeliefEdges: z.boolean().optional()
|
|
13194
|
+
});
|
|
10887
13195
|
var topicIdInput = (input) => compactRecord4({
|
|
10888
13196
|
id: input.id ?? input.topicId
|
|
10889
13197
|
});
|
|
@@ -10901,87 +13209,488 @@ var updateTopicInput = (input) => compactRecord4({
|
|
|
10901
13209
|
});
|
|
10902
13210
|
var topicsContracts = [
|
|
10903
13211
|
surfaceContract({
|
|
10904
|
-
name: "create_topic",
|
|
13212
|
+
name: "create_topic",
|
|
13213
|
+
kind: "mutation",
|
|
13214
|
+
domain: "topics",
|
|
13215
|
+
surfaceClass: "platform_public",
|
|
13216
|
+
path: "/topics",
|
|
13217
|
+
sdkNamespace: "topics",
|
|
13218
|
+
sdkMethod: "createTopic",
|
|
13219
|
+
summary: "Create a topic.",
|
|
13220
|
+
convex: {
|
|
13221
|
+
module: "topics",
|
|
13222
|
+
functionName: "create",
|
|
13223
|
+
kind: "mutation",
|
|
13224
|
+
inputProjection: withCreatedBy
|
|
13225
|
+
},
|
|
13226
|
+
args: createTopicArgs
|
|
13227
|
+
}),
|
|
13228
|
+
surfaceContract({
|
|
13229
|
+
name: "get_topic",
|
|
13230
|
+
kind: "query",
|
|
13231
|
+
domain: "topics",
|
|
13232
|
+
surfaceClass: "platform_public",
|
|
13233
|
+
method: "GET",
|
|
13234
|
+
path: "/topics/get",
|
|
13235
|
+
sdkNamespace: "topics",
|
|
13236
|
+
sdkMethod: "getTopic",
|
|
13237
|
+
summary: "Get a topic.",
|
|
13238
|
+
convex: {
|
|
13239
|
+
module: "topics",
|
|
13240
|
+
functionName: "get",
|
|
13241
|
+
kind: "query",
|
|
13242
|
+
inputProjection: topicIdInput
|
|
13243
|
+
}
|
|
13244
|
+
}),
|
|
13245
|
+
surfaceContract({
|
|
13246
|
+
name: "list_topics",
|
|
13247
|
+
kind: "query",
|
|
13248
|
+
domain: "topics",
|
|
13249
|
+
surfaceClass: "platform_public",
|
|
13250
|
+
method: "GET",
|
|
13251
|
+
path: "/topics",
|
|
13252
|
+
sdkNamespace: "topics",
|
|
13253
|
+
sdkMethod: "listTopics",
|
|
13254
|
+
summary: "List topics.",
|
|
13255
|
+
convex: {
|
|
13256
|
+
module: "topics",
|
|
13257
|
+
functionName: "list",
|
|
13258
|
+
kind: "query"
|
|
13259
|
+
}
|
|
13260
|
+
}),
|
|
13261
|
+
surfaceContract({
|
|
13262
|
+
name: "update_topic",
|
|
13263
|
+
kind: "mutation",
|
|
13264
|
+
domain: "topics",
|
|
13265
|
+
surfaceClass: "platform_public",
|
|
13266
|
+
method: "PATCH",
|
|
13267
|
+
path: "/topics",
|
|
13268
|
+
sdkNamespace: "topics",
|
|
13269
|
+
sdkMethod: "updateTopic",
|
|
13270
|
+
summary: "Update a topic.",
|
|
13271
|
+
convex: {
|
|
13272
|
+
module: "topics",
|
|
13273
|
+
functionName: "update",
|
|
13274
|
+
kind: "mutation",
|
|
13275
|
+
inputProjection: updateTopicInput
|
|
13276
|
+
},
|
|
13277
|
+
args: updateTopicArgs
|
|
13278
|
+
}),
|
|
13279
|
+
surfaceContract({
|
|
13280
|
+
name: "get_topic_tree",
|
|
13281
|
+
kind: "query",
|
|
13282
|
+
domain: "topics",
|
|
13283
|
+
surfaceClass: "platform_public",
|
|
13284
|
+
method: "GET",
|
|
13285
|
+
path: "/topics/tree",
|
|
13286
|
+
sdkNamespace: "topics",
|
|
13287
|
+
sdkMethod: "getTopicTree",
|
|
13288
|
+
summary: "Get a topic tree.",
|
|
13289
|
+
convex: {
|
|
13290
|
+
module: "topics",
|
|
13291
|
+
functionName: "getTree",
|
|
13292
|
+
kind: "query"
|
|
13293
|
+
}
|
|
13294
|
+
}),
|
|
13295
|
+
surfaceContract({
|
|
13296
|
+
name: "materialize_topic_graph",
|
|
13297
|
+
kind: "mutation",
|
|
13298
|
+
domain: "topics",
|
|
13299
|
+
surfaceClass: "platform_public",
|
|
13300
|
+
path: "/topics/materialize-graph",
|
|
13301
|
+
sdkNamespace: "topics",
|
|
13302
|
+
sdkMethod: "materializeTopicGraph",
|
|
13303
|
+
summary: "Materialize topic nodes and parent-child graph edges.",
|
|
13304
|
+
convex: {
|
|
13305
|
+
module: "topics",
|
|
13306
|
+
functionName: "materializeTopicGraph",
|
|
13307
|
+
kind: "mutation",
|
|
13308
|
+
inputProjection: withCreatedBy
|
|
13309
|
+
},
|
|
13310
|
+
args: materializeTopicGraphArgs
|
|
13311
|
+
}),
|
|
13312
|
+
surfaceContract({
|
|
13313
|
+
name: "get_topic_graph_spine",
|
|
13314
|
+
kind: "query",
|
|
13315
|
+
domain: "topics",
|
|
13316
|
+
surfaceClass: "platform_public",
|
|
13317
|
+
method: "GET",
|
|
13318
|
+
path: "/topics/graph-spine",
|
|
13319
|
+
sdkNamespace: "topics",
|
|
13320
|
+
sdkMethod: "getTopicGraphSpine",
|
|
13321
|
+
summary: "Verify topic nodes and parent-child graph edges.",
|
|
13322
|
+
convex: {
|
|
13323
|
+
module: "topics",
|
|
13324
|
+
functionName: "getTopicGraphSpine",
|
|
13325
|
+
kind: "query"
|
|
13326
|
+
},
|
|
13327
|
+
args: getTopicGraphSpineArgs
|
|
13328
|
+
})
|
|
13329
|
+
];
|
|
13330
|
+
var sourceTypeSchema2 = z.enum([
|
|
13331
|
+
"human",
|
|
13332
|
+
"ai_extracted",
|
|
13333
|
+
"ai_generated",
|
|
13334
|
+
"imported",
|
|
13335
|
+
"system",
|
|
13336
|
+
"verified",
|
|
13337
|
+
"proprietary"
|
|
13338
|
+
]);
|
|
13339
|
+
var verificationStatusSchema = z.enum([
|
|
13340
|
+
"unverified",
|
|
13341
|
+
"human_verified",
|
|
13342
|
+
"ai_verified",
|
|
13343
|
+
"contradicted",
|
|
13344
|
+
"outdated"
|
|
13345
|
+
]);
|
|
13346
|
+
var nodeStatusSchema = z.enum([
|
|
13347
|
+
"active",
|
|
13348
|
+
"superseded",
|
|
13349
|
+
"archived",
|
|
13350
|
+
"deleted"
|
|
13351
|
+
]);
|
|
13352
|
+
var externalIdsArgs = z.object({
|
|
13353
|
+
crunchbase: z.string().optional(),
|
|
13354
|
+
linkedin: z.string().optional(),
|
|
13355
|
+
pitchbook: z.string().optional(),
|
|
13356
|
+
twitter: z.string().optional(),
|
|
13357
|
+
website: z.string().optional()
|
|
13358
|
+
}).optional();
|
|
13359
|
+
var createEpistemicNodeItemArgs = z.object({
|
|
13360
|
+
globalId: z.string().optional().describe("Optional idempotent node global ID."),
|
|
13361
|
+
nodeType: NODE_TYPE.describe("Public epistemic node type."),
|
|
13362
|
+
subtype: z.string().optional(),
|
|
13363
|
+
canonicalText: z.string().optional().describe("Canonical node text."),
|
|
13364
|
+
text: z.string().optional().describe("Alias for canonicalText."),
|
|
13365
|
+
contentHash: z.string().optional().describe("Optional idempotency content hash."),
|
|
13366
|
+
content: z.string().optional(),
|
|
13367
|
+
contentType: z.string().optional(),
|
|
13368
|
+
title: z.string().optional(),
|
|
13369
|
+
tags: z.array(z.string()).optional(),
|
|
13370
|
+
domain: z.string().optional(),
|
|
13371
|
+
metadata: z.record(z.unknown()).optional(),
|
|
13372
|
+
externalIds: externalIdsArgs,
|
|
13373
|
+
sourceType: sourceTypeSchema2.optional(),
|
|
13374
|
+
aiProvider: z.string().optional(),
|
|
13375
|
+
extractedFromNodeId: z.string().optional(),
|
|
13376
|
+
confidence: z.number().optional(),
|
|
13377
|
+
verificationStatus: verificationStatusSchema.optional(),
|
|
13378
|
+
topicId: z.string().optional(),
|
|
13379
|
+
projectId: z.string().optional(),
|
|
13380
|
+
createdBy: z.string().optional(),
|
|
13381
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13382
|
+
});
|
|
13383
|
+
var createEpistemicNodeArgs = createEpistemicNodeItemArgs;
|
|
13384
|
+
var batchCreateEpistemicNodesArgs = z.object({
|
|
13385
|
+
nodes: z.array(createEpistemicNodeItemArgs)
|
|
13386
|
+
});
|
|
13387
|
+
var getEpistemicNodeArgs = z.object({
|
|
13388
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13389
|
+
globalId: z.string().optional().describe("Node global ID alias.")
|
|
13390
|
+
});
|
|
13391
|
+
var listEpistemicNodesArgs = z.object({
|
|
13392
|
+
topicId: z.string().optional(),
|
|
13393
|
+
projectId: z.string().optional(),
|
|
13394
|
+
nodeType: NODE_TYPE.optional(),
|
|
13395
|
+
status: nodeStatusSchema.optional(),
|
|
13396
|
+
searchQuery: z.string().optional(),
|
|
13397
|
+
query: z.string().optional(),
|
|
13398
|
+
limit: z.number().optional()
|
|
13399
|
+
});
|
|
13400
|
+
var updateEpistemicNodeArgs = z.object({
|
|
13401
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13402
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13403
|
+
subtype: z.string().optional(),
|
|
13404
|
+
canonicalText: z.string().optional(),
|
|
13405
|
+
text: z.string().optional(),
|
|
13406
|
+
contentHash: z.string().optional(),
|
|
13407
|
+
content: z.string().optional(),
|
|
13408
|
+
contentType: z.string().optional(),
|
|
13409
|
+
title: z.string().optional(),
|
|
13410
|
+
tags: z.array(z.string()).optional(),
|
|
13411
|
+
domain: z.string().optional(),
|
|
13412
|
+
metadata: z.record(z.unknown()).optional(),
|
|
13413
|
+
externalIds: externalIdsArgs,
|
|
13414
|
+
confidence: z.number().optional(),
|
|
13415
|
+
verificationStatus: verificationStatusSchema.optional(),
|
|
13416
|
+
status: nodeStatusSchema.optional(),
|
|
13417
|
+
userId: z.string().optional(),
|
|
13418
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13419
|
+
});
|
|
13420
|
+
var archiveEpistemicNodeArgs = z.object({
|
|
13421
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13422
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13423
|
+
userId: z.string().optional(),
|
|
13424
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13425
|
+
});
|
|
13426
|
+
var verifyEpistemicNodeArgs = z.object({
|
|
13427
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13428
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13429
|
+
verificationStatus: verificationStatusSchema,
|
|
13430
|
+
confidence: z.number().optional(),
|
|
13431
|
+
userId: z.string().optional()
|
|
13432
|
+
});
|
|
13433
|
+
var supersedeEpistemicNodeArgs = z.object({
|
|
13434
|
+
oldNodeId: z.string().describe("Node ID or global ID to supersede."),
|
|
13435
|
+
nodeId: z.string().optional().describe("Old node ID alias."),
|
|
13436
|
+
newGlobalId: z.string().optional(),
|
|
13437
|
+
newCanonicalText: z.string().optional(),
|
|
13438
|
+
text: z.string().optional(),
|
|
13439
|
+
canonicalText: z.string().optional(),
|
|
13440
|
+
newContentHash: z.string().optional(),
|
|
13441
|
+
reason: z.string().optional(),
|
|
13442
|
+
createdBy: z.string().optional(),
|
|
13443
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13444
|
+
});
|
|
13445
|
+
function generatedGlobalId(prefix) {
|
|
13446
|
+
return `${prefix}:${crypto.randomUUID()}`;
|
|
13447
|
+
}
|
|
13448
|
+
function resolveCanonicalText(input) {
|
|
13449
|
+
const text = input.canonicalText ?? input.text ?? input.title ?? input.content;
|
|
13450
|
+
if (typeof text !== "string" || text.trim().length === 0) {
|
|
13451
|
+
throw new Error("canonicalText or text is required.");
|
|
13452
|
+
}
|
|
13453
|
+
return text;
|
|
13454
|
+
}
|
|
13455
|
+
function createNodeInput(input, context) {
|
|
13456
|
+
const canonicalText = resolveCanonicalText(input);
|
|
13457
|
+
const nodeType = String(input.nodeType);
|
|
13458
|
+
return withCreatedBy(
|
|
13459
|
+
compactRecord4({
|
|
13460
|
+
globalId: typeof input.globalId === "string" && input.globalId.trim() ? input.globalId : generatedGlobalId(nodeType),
|
|
13461
|
+
nodeType,
|
|
13462
|
+
subtype: input.subtype,
|
|
13463
|
+
canonicalText,
|
|
13464
|
+
contentHash: typeof input.contentHash === "string" && input.contentHash.trim() ? input.contentHash : `${nodeType}:${canonicalText}`,
|
|
13465
|
+
content: input.content,
|
|
13466
|
+
contentType: input.contentType,
|
|
13467
|
+
title: input.title,
|
|
13468
|
+
tags: input.tags,
|
|
13469
|
+
domain: input.domain,
|
|
13470
|
+
metadata: input.metadata,
|
|
13471
|
+
externalIds: input.externalIds,
|
|
13472
|
+
sourceType: typeof input.sourceType === "string" && input.sourceType.trim() ? input.sourceType : "human",
|
|
13473
|
+
aiProvider: input.aiProvider,
|
|
13474
|
+
extractedFromNodeId: input.extractedFromNodeId,
|
|
13475
|
+
confidence: input.confidence,
|
|
13476
|
+
verificationStatus: input.verificationStatus,
|
|
13477
|
+
topicId: input.topicId,
|
|
13478
|
+
projectId: input.projectId
|
|
13479
|
+
}),
|
|
13480
|
+
context
|
|
13481
|
+
);
|
|
13482
|
+
}
|
|
13483
|
+
var getNodeInput = (input) => compactRecord4({
|
|
13484
|
+
nodeId: input.nodeId ?? input.globalId
|
|
13485
|
+
});
|
|
13486
|
+
var listNodesInput = (input) => compactRecord4({
|
|
13487
|
+
topicId: input.topicId,
|
|
13488
|
+
projectId: input.projectId,
|
|
13489
|
+
nodeType: input.nodeType,
|
|
13490
|
+
status: input.status,
|
|
13491
|
+
searchQuery: input.searchQuery ?? input.query,
|
|
13492
|
+
limit: input.limit
|
|
13493
|
+
});
|
|
13494
|
+
var updateNodeInput = (input, context) => withUserId(
|
|
13495
|
+
compactRecord4({
|
|
13496
|
+
nodeId: input.nodeId ?? input.id,
|
|
13497
|
+
subtype: input.subtype,
|
|
13498
|
+
canonicalText: input.canonicalText ?? input.text,
|
|
13499
|
+
contentHash: input.contentHash,
|
|
13500
|
+
content: input.content,
|
|
13501
|
+
contentType: input.contentType,
|
|
13502
|
+
title: input.title,
|
|
13503
|
+
tags: input.tags,
|
|
13504
|
+
domain: input.domain,
|
|
13505
|
+
metadata: input.metadata,
|
|
13506
|
+
externalIds: input.externalIds,
|
|
13507
|
+
confidence: input.confidence,
|
|
13508
|
+
verificationStatus: input.verificationStatus,
|
|
13509
|
+
status: input.status,
|
|
13510
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13511
|
+
}),
|
|
13512
|
+
context
|
|
13513
|
+
);
|
|
13514
|
+
var archiveNodeInput = (input, context) => withUserId(
|
|
13515
|
+
compactRecord4({
|
|
13516
|
+
nodeId: input.nodeId ?? input.id,
|
|
13517
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13518
|
+
}),
|
|
13519
|
+
context
|
|
13520
|
+
);
|
|
13521
|
+
var verifyNodeInput = (input, context) => withUserId(
|
|
13522
|
+
compactRecord4({
|
|
13523
|
+
nodeId: input.nodeId ?? input.id,
|
|
13524
|
+
verificationStatus: input.verificationStatus,
|
|
13525
|
+
confidence: input.confidence
|
|
13526
|
+
}),
|
|
13527
|
+
context
|
|
13528
|
+
);
|
|
13529
|
+
var supersedeNodeInput = (input, context) => {
|
|
13530
|
+
const newCanonicalText = input.newCanonicalText ?? input.canonicalText ?? input.text;
|
|
13531
|
+
if (typeof newCanonicalText !== "string" || newCanonicalText.trim().length === 0) {
|
|
13532
|
+
throw new Error("newCanonicalText or text is required.");
|
|
13533
|
+
}
|
|
13534
|
+
return {
|
|
13535
|
+
oldNodeId: input.oldNodeId ?? input.nodeId,
|
|
13536
|
+
newGlobalId: typeof input.newGlobalId === "string" && input.newGlobalId.trim() ? input.newGlobalId : generatedGlobalId("node"),
|
|
13537
|
+
newCanonicalText,
|
|
13538
|
+
newContentHash: typeof input.newContentHash === "string" && input.newContentHash.trim() ? input.newContentHash : `superseded:${newCanonicalText}`,
|
|
13539
|
+
createdBy: typeof input.createdBy === "string" ? input.createdBy : authUserId(context),
|
|
13540
|
+
reason: input.reason,
|
|
13541
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13542
|
+
};
|
|
13543
|
+
};
|
|
13544
|
+
var batchCreateNodesInput = (input, context) => {
|
|
13545
|
+
const nodes = Array.isArray(input.nodes) ? input.nodes : [];
|
|
13546
|
+
return {
|
|
13547
|
+
nodes: nodes.map(
|
|
13548
|
+
(node) => createNodeInput(
|
|
13549
|
+
node && typeof node === "object" ? node : {},
|
|
13550
|
+
context
|
|
13551
|
+
)
|
|
13552
|
+
)
|
|
13553
|
+
};
|
|
13554
|
+
};
|
|
13555
|
+
var nodesContracts = [
|
|
13556
|
+
surfaceContract({
|
|
13557
|
+
name: "create_epistemic_node",
|
|
10905
13558
|
kind: "mutation",
|
|
10906
|
-
domain: "
|
|
13559
|
+
domain: "nodes",
|
|
10907
13560
|
surfaceClass: "platform_public",
|
|
10908
|
-
path: "/
|
|
10909
|
-
sdkNamespace: "
|
|
10910
|
-
sdkMethod: "
|
|
10911
|
-
summary: "Create a
|
|
13561
|
+
path: "/nodes",
|
|
13562
|
+
sdkNamespace: "nodes",
|
|
13563
|
+
sdkMethod: "createEpistemicNode",
|
|
13564
|
+
summary: "Create a generic epistemic graph node.",
|
|
10912
13565
|
convex: {
|
|
10913
|
-
module: "
|
|
13566
|
+
module: "nodes",
|
|
10914
13567
|
functionName: "create",
|
|
10915
13568
|
kind: "mutation",
|
|
10916
|
-
inputProjection:
|
|
10917
|
-
}
|
|
13569
|
+
inputProjection: createNodeInput
|
|
13570
|
+
},
|
|
13571
|
+
args: createEpistemicNodeArgs
|
|
10918
13572
|
}),
|
|
10919
13573
|
surfaceContract({
|
|
10920
|
-
name: "
|
|
13574
|
+
name: "get_epistemic_node",
|
|
10921
13575
|
kind: "query",
|
|
10922
|
-
domain: "
|
|
13576
|
+
domain: "nodes",
|
|
10923
13577
|
surfaceClass: "platform_public",
|
|
10924
13578
|
method: "GET",
|
|
10925
|
-
path: "/
|
|
10926
|
-
sdkNamespace: "
|
|
10927
|
-
sdkMethod: "
|
|
10928
|
-
summary: "Get a
|
|
13579
|
+
path: "/nodes/get",
|
|
13580
|
+
sdkNamespace: "nodes",
|
|
13581
|
+
sdkMethod: "getEpistemicNode",
|
|
13582
|
+
summary: "Get a generic epistemic graph node.",
|
|
10929
13583
|
convex: {
|
|
10930
|
-
module: "
|
|
13584
|
+
module: "nodes",
|
|
10931
13585
|
functionName: "get",
|
|
10932
13586
|
kind: "query",
|
|
10933
|
-
inputProjection:
|
|
10934
|
-
}
|
|
13587
|
+
inputProjection: getNodeInput
|
|
13588
|
+
},
|
|
13589
|
+
args: getEpistemicNodeArgs
|
|
10935
13590
|
}),
|
|
10936
13591
|
surfaceContract({
|
|
10937
|
-
name: "
|
|
13592
|
+
name: "list_epistemic_nodes",
|
|
10938
13593
|
kind: "query",
|
|
10939
|
-
domain: "
|
|
13594
|
+
domain: "nodes",
|
|
10940
13595
|
surfaceClass: "platform_public",
|
|
10941
13596
|
method: "GET",
|
|
10942
|
-
path: "/
|
|
10943
|
-
sdkNamespace: "
|
|
10944
|
-
sdkMethod: "
|
|
10945
|
-
summary: "List
|
|
13597
|
+
path: "/nodes",
|
|
13598
|
+
sdkNamespace: "nodes",
|
|
13599
|
+
sdkMethod: "listEpistemicNodes",
|
|
13600
|
+
summary: "List generic epistemic graph nodes.",
|
|
10946
13601
|
convex: {
|
|
10947
|
-
module: "
|
|
13602
|
+
module: "nodes",
|
|
10948
13603
|
functionName: "list",
|
|
10949
|
-
kind: "query"
|
|
10950
|
-
|
|
13604
|
+
kind: "query",
|
|
13605
|
+
inputProjection: listNodesInput
|
|
13606
|
+
},
|
|
13607
|
+
args: listEpistemicNodesArgs
|
|
10951
13608
|
}),
|
|
10952
13609
|
surfaceContract({
|
|
10953
|
-
name: "
|
|
13610
|
+
name: "update_epistemic_node",
|
|
10954
13611
|
kind: "mutation",
|
|
10955
|
-
domain: "
|
|
13612
|
+
domain: "nodes",
|
|
10956
13613
|
surfaceClass: "platform_public",
|
|
10957
13614
|
method: "PATCH",
|
|
10958
|
-
path: "/
|
|
10959
|
-
sdkNamespace: "
|
|
10960
|
-
sdkMethod: "
|
|
10961
|
-
summary: "Update a
|
|
13615
|
+
path: "/nodes",
|
|
13616
|
+
sdkNamespace: "nodes",
|
|
13617
|
+
sdkMethod: "updateEpistemicNode",
|
|
13618
|
+
summary: "Update a generic epistemic graph node.",
|
|
10962
13619
|
convex: {
|
|
10963
|
-
module: "
|
|
13620
|
+
module: "nodes",
|
|
10964
13621
|
functionName: "update",
|
|
10965
13622
|
kind: "mutation",
|
|
10966
|
-
inputProjection:
|
|
13623
|
+
inputProjection: updateNodeInput
|
|
10967
13624
|
},
|
|
10968
|
-
args:
|
|
13625
|
+
args: updateEpistemicNodeArgs
|
|
10969
13626
|
}),
|
|
10970
13627
|
surfaceContract({
|
|
10971
|
-
name: "
|
|
10972
|
-
kind: "
|
|
10973
|
-
domain: "
|
|
13628
|
+
name: "archive_epistemic_node",
|
|
13629
|
+
kind: "mutation",
|
|
13630
|
+
domain: "nodes",
|
|
10974
13631
|
surfaceClass: "platform_public",
|
|
10975
|
-
|
|
10976
|
-
|
|
10977
|
-
|
|
10978
|
-
|
|
10979
|
-
summary: "Get a topic tree.",
|
|
13632
|
+
path: "/nodes/archive",
|
|
13633
|
+
sdkNamespace: "nodes",
|
|
13634
|
+
sdkMethod: "archiveEpistemicNode",
|
|
13635
|
+
summary: "Archive a generic epistemic graph node.",
|
|
10980
13636
|
convex: {
|
|
10981
|
-
module: "
|
|
10982
|
-
functionName: "
|
|
10983
|
-
kind: "
|
|
10984
|
-
|
|
13637
|
+
module: "nodes",
|
|
13638
|
+
functionName: "archive",
|
|
13639
|
+
kind: "mutation",
|
|
13640
|
+
inputProjection: archiveNodeInput
|
|
13641
|
+
},
|
|
13642
|
+
args: archiveEpistemicNodeArgs
|
|
13643
|
+
}),
|
|
13644
|
+
surfaceContract({
|
|
13645
|
+
name: "verify_epistemic_node",
|
|
13646
|
+
kind: "mutation",
|
|
13647
|
+
domain: "nodes",
|
|
13648
|
+
surfaceClass: "platform_public",
|
|
13649
|
+
path: "/nodes/verify",
|
|
13650
|
+
sdkNamespace: "nodes",
|
|
13651
|
+
sdkMethod: "verifyEpistemicNode",
|
|
13652
|
+
summary: "Verify a generic epistemic graph node.",
|
|
13653
|
+
convex: {
|
|
13654
|
+
module: "nodes",
|
|
13655
|
+
functionName: "verify",
|
|
13656
|
+
kind: "mutation",
|
|
13657
|
+
inputProjection: verifyNodeInput
|
|
13658
|
+
},
|
|
13659
|
+
args: verifyEpistemicNodeArgs
|
|
13660
|
+
}),
|
|
13661
|
+
surfaceContract({
|
|
13662
|
+
name: "supersede_epistemic_node",
|
|
13663
|
+
kind: "mutation",
|
|
13664
|
+
domain: "nodes",
|
|
13665
|
+
surfaceClass: "platform_public",
|
|
13666
|
+
path: "/nodes/supersede",
|
|
13667
|
+
sdkNamespace: "nodes",
|
|
13668
|
+
sdkMethod: "supersedeEpistemicNode",
|
|
13669
|
+
summary: "Supersede a generic epistemic graph node.",
|
|
13670
|
+
convex: {
|
|
13671
|
+
module: "nodes",
|
|
13672
|
+
functionName: "supersede",
|
|
13673
|
+
kind: "mutation",
|
|
13674
|
+
inputProjection: supersedeNodeInput
|
|
13675
|
+
},
|
|
13676
|
+
args: supersedeEpistemicNodeArgs
|
|
13677
|
+
}),
|
|
13678
|
+
surfaceContract({
|
|
13679
|
+
name: "batch_create_epistemic_nodes",
|
|
13680
|
+
kind: "mutation",
|
|
13681
|
+
domain: "nodes",
|
|
13682
|
+
surfaceClass: "platform_public",
|
|
13683
|
+
path: "/nodes/batch",
|
|
13684
|
+
sdkNamespace: "nodes",
|
|
13685
|
+
sdkMethod: "batchCreateEpistemicNodes",
|
|
13686
|
+
summary: "Batch create generic epistemic graph nodes.",
|
|
13687
|
+
convex: {
|
|
13688
|
+
module: "nodes",
|
|
13689
|
+
functionName: "batchCreate",
|
|
13690
|
+
kind: "mutation",
|
|
13691
|
+
inputProjection: batchCreateNodesInput
|
|
13692
|
+
},
|
|
13693
|
+
args: batchCreateEpistemicNodesArgs
|
|
10985
13694
|
})
|
|
10986
13695
|
];
|
|
10987
13696
|
var lensPerspectiveSchema = z.enum([
|
|
@@ -11341,6 +14050,19 @@ var worktreeEvidenceSignalInputSchema = z.object({
|
|
|
11341
14050
|
progress: z.string().optional().describe("Collection progress note for the signal."),
|
|
11342
14051
|
notes: z.string().optional().describe("Additional evidence collection notes.")
|
|
11343
14052
|
}).passthrough().describe("Evidence signal embedded in the worktree plan.");
|
|
14053
|
+
var worktreeDocCompanionTargetSchema = z.object({
|
|
14054
|
+
docPath: z.string().describe(
|
|
14055
|
+
"Repo-relative path to a documentation file the worktree promises to update."
|
|
14056
|
+
),
|
|
14057
|
+
sectionAnchor: z.string().optional().describe(
|
|
14058
|
+
"Markdown heading anchor (e.g. '## Function-surface manifest') that scopes the promised update."
|
|
14059
|
+
),
|
|
14060
|
+
reason: z.string().describe(
|
|
14061
|
+
"Why this doc section must be updated for the worktree to be complete."
|
|
14062
|
+
)
|
|
14063
|
+
}).passthrough().describe(
|
|
14064
|
+
"Intent-driven docs companion target. pr-gate-reviewer verifies that the PR actually touches each declared (docPath, sectionAnchor). Distinct from the touch-driven docs-loop. See docs/development/docs-sync-discipline.md Lock 3."
|
|
14065
|
+
);
|
|
11344
14066
|
var worktreeDecisionGateInputSchema = z.object({
|
|
11345
14067
|
goCriteria: z.array(z.string()).describe("Criteria that must hold for the worktree to proceed."),
|
|
11346
14068
|
noGoSignals: z.array(z.string()).describe("Signals that stop or redirect the worktree."),
|
|
@@ -11373,6 +14095,9 @@ var addWorktreeArgs = z.object({
|
|
|
11373
14095
|
keyQuestions: z.array(worktreeKeyQuestionInputSchema).optional().describe("Inline key questions captured as part of the worktree plan."),
|
|
11374
14096
|
evidenceSignals: z.array(worktreeEvidenceSignalInputSchema).optional().describe("Evidence signals the worktree needs to collect or validate."),
|
|
11375
14097
|
decisionGate: worktreeDecisionGateInputSchema.optional(),
|
|
14098
|
+
docCompanionTargets: z.array(worktreeDocCompanionTargetSchema).optional().describe(
|
|
14099
|
+
"Doc sections the worktree promises to update at PR time. Enforced by pr-gate-reviewer (Lock 3)."
|
|
14100
|
+
),
|
|
11376
14101
|
goCriteria: z.array(z.string()).optional().describe("Shorthand go criteria used to build decisionGate."),
|
|
11377
14102
|
noGoSignals: z.array(z.string()).optional().describe("Shorthand no-go signals used to build decisionGate."),
|
|
11378
14103
|
proofArtifacts: z.array(z.unknown()).optional().describe("Expected proof artifacts required to close the worktree."),
|
|
@@ -11736,7 +14461,21 @@ var createTaskArgs = z.object({
|
|
|
11736
14461
|
linkedQuestionId: z.string().optional().describe("Question this task addresses."),
|
|
11737
14462
|
assigneeId: z.string().optional().describe("Principal assigned to the task."),
|
|
11738
14463
|
dueDate: z.number().optional().describe("Due date as epoch milliseconds."),
|
|
11739
|
-
tags: z.array(z.string()).optional().describe("Free-form tags.")
|
|
14464
|
+
tags: z.array(z.string()).optional().describe("Free-form tags."),
|
|
14465
|
+
metadata: z.record(z.unknown()).optional().describe("Structured task metadata for handoff context and routing hints.")
|
|
14466
|
+
});
|
|
14467
|
+
var updateTaskArgs = z.object({
|
|
14468
|
+
taskId: z.string().describe("Task to update."),
|
|
14469
|
+
title: z.string().optional().describe("Updated task title."),
|
|
14470
|
+
description: z.string().optional().describe("Updated task description."),
|
|
14471
|
+
priority: taskPrioritySchema.optional().describe("Updated priority."),
|
|
14472
|
+
status: taskStatusSchema2.optional().describe("Updated status."),
|
|
14473
|
+
linkedWorktreeId: z.string().optional().describe("Worktree this task belongs to."),
|
|
14474
|
+
linkedBeliefId: z.string().optional().describe("Belief this task supports."),
|
|
14475
|
+
linkedQuestionId: z.string().optional().describe("Question this task addresses."),
|
|
14476
|
+
assigneeId: z.string().optional().describe("Principal assigned to the task."),
|
|
14477
|
+
blockedReason: z.string().optional().describe("Reason the task is blocked or deferred."),
|
|
14478
|
+
metadata: z.record(z.unknown()).optional().describe("Structured task metadata for handoff context and routing hints.")
|
|
11740
14479
|
});
|
|
11741
14480
|
var createTaskInput = (input) => compactRecord4({
|
|
11742
14481
|
title: input.title,
|
|
@@ -11750,7 +14489,8 @@ var createTaskInput = (input) => compactRecord4({
|
|
|
11750
14489
|
linkedQuestionId: input.linkedQuestionId,
|
|
11751
14490
|
assigneeId: input.assigneeId,
|
|
11752
14491
|
dueDate: input.dueDate,
|
|
11753
|
-
tags: input.tags
|
|
14492
|
+
tags: input.tags,
|
|
14493
|
+
metadata: input.metadata
|
|
11754
14494
|
});
|
|
11755
14495
|
var taskInput = (input) => compactRecord4({
|
|
11756
14496
|
...input,
|
|
@@ -11767,8 +14507,7 @@ var taskTopicInput = (input) => {
|
|
|
11767
14507
|
};
|
|
11768
14508
|
var completeTaskInput = (input) => compactRecord4({
|
|
11769
14509
|
taskId: input.taskId ?? input.id,
|
|
11770
|
-
outputSummary: input.outputSummary ?? input.summary
|
|
11771
|
-
userId: input.userId
|
|
14510
|
+
outputSummary: input.outputSummary ?? input.summary
|
|
11772
14511
|
});
|
|
11773
14512
|
var tasksContracts = [
|
|
11774
14513
|
surfaceContract({
|
|
@@ -11786,6 +14525,7 @@ var tasksContracts = [
|
|
|
11786
14525
|
kind: "mutation",
|
|
11787
14526
|
inputProjection: createTaskInput
|
|
11788
14527
|
},
|
|
14528
|
+
gateway: { handler: "tasks.create" },
|
|
11789
14529
|
args: createTaskArgs
|
|
11790
14530
|
}),
|
|
11791
14531
|
surfaceContract({
|
|
@@ -11804,6 +14544,7 @@ var tasksContracts = [
|
|
|
11804
14544
|
kind: "query",
|
|
11805
14545
|
inputProjection: taskTopicInput
|
|
11806
14546
|
},
|
|
14547
|
+
gateway: { handler: "tasks.list" },
|
|
11807
14548
|
args: listTasksInputSchema
|
|
11808
14549
|
}),
|
|
11809
14550
|
surfaceContract({
|
|
@@ -11821,7 +14562,9 @@ var tasksContracts = [
|
|
|
11821
14562
|
functionName: "update",
|
|
11822
14563
|
kind: "mutation",
|
|
11823
14564
|
inputProjection: taskInput
|
|
11824
|
-
}
|
|
14565
|
+
},
|
|
14566
|
+
gateway: { handler: "tasks.update" },
|
|
14567
|
+
args: updateTaskArgs
|
|
11825
14568
|
}),
|
|
11826
14569
|
surfaceContract({
|
|
11827
14570
|
name: "complete_task",
|
|
@@ -11837,22 +14580,54 @@ var tasksContracts = [
|
|
|
11837
14580
|
functionName: "complete",
|
|
11838
14581
|
kind: "mutation",
|
|
11839
14582
|
inputProjection: completeTaskInput
|
|
11840
|
-
}
|
|
14583
|
+
},
|
|
14584
|
+
gateway: { handler: "tasks.complete" }
|
|
11841
14585
|
})
|
|
11842
14586
|
];
|
|
14587
|
+
var CREATE_EDGE_TYPES = edgePolicyManifest.policies.map(
|
|
14588
|
+
(policy) => policy.edgeType
|
|
14589
|
+
);
|
|
14590
|
+
var REASONING_METHOD_TYPES = [...REASONING_METHODS];
|
|
11843
14591
|
var createEdgeArgs = z.object({
|
|
11844
14592
|
from: GraphRefSchema,
|
|
11845
14593
|
to: GraphRefSchema,
|
|
11846
|
-
edgeType: z.
|
|
14594
|
+
edgeType: z.enum(CREATE_EDGE_TYPES),
|
|
11847
14595
|
globalId: z.string().optional(),
|
|
11848
14596
|
weight: z.number().optional(),
|
|
11849
14597
|
confidence: z.number().optional(),
|
|
11850
14598
|
context: z.string().optional(),
|
|
11851
14599
|
reasoning: z.string().optional(),
|
|
14600
|
+
reasoningMethod: z.enum(REASONING_METHOD_TYPES).optional(),
|
|
11852
14601
|
derivationType: z.string().optional(),
|
|
14602
|
+
metadata: z.record(z.unknown()).optional(),
|
|
11853
14603
|
topicId: z.string().optional(),
|
|
11854
14604
|
trustedBypassAccessCheck: z.boolean().optional()
|
|
11855
14605
|
});
|
|
14606
|
+
var updateEdgeArgs = z.object({
|
|
14607
|
+
edgeId: z.string().describe("Edge ID or global ID."),
|
|
14608
|
+
weight: z.number().optional(),
|
|
14609
|
+
confidence: z.number().optional(),
|
|
14610
|
+
context: z.string().optional(),
|
|
14611
|
+
reasoning: z.string().optional(),
|
|
14612
|
+
derivationType: z.string().optional(),
|
|
14613
|
+
metadata: z.record(z.unknown()).optional(),
|
|
14614
|
+
userId: z.string().optional()
|
|
14615
|
+
});
|
|
14616
|
+
var removeEdgeArgs = z.object({
|
|
14617
|
+
edgeId: z.string().describe("Edge ID or global ID."),
|
|
14618
|
+
userId: z.string().optional()
|
|
14619
|
+
});
|
|
14620
|
+
var removeEdgesBetweenArgs = z.object({
|
|
14621
|
+
from: GraphRefSchema.optional(),
|
|
14622
|
+
to: GraphRefSchema.optional(),
|
|
14623
|
+
fromNodeId: z.string().optional(),
|
|
14624
|
+
toNodeId: z.string().optional(),
|
|
14625
|
+
edgeType: z.enum(CREATE_EDGE_TYPES).optional()
|
|
14626
|
+
});
|
|
14627
|
+
var batchCreateEdgesArgs = z.object({
|
|
14628
|
+
edges: z.array(createEdgeArgs),
|
|
14629
|
+
skipLayerValidation: z.boolean().optional()
|
|
14630
|
+
});
|
|
11856
14631
|
var queryLineageArgs = z.object({
|
|
11857
14632
|
nodeId: z.string().describe("Starting node to trace from."),
|
|
11858
14633
|
startNode: z.string().optional().describe("Starting node alias accepted by traversal callers."),
|
|
@@ -11901,7 +14676,9 @@ var edgesContracts = [
|
|
|
11901
14676
|
weight: parsed.weight,
|
|
11902
14677
|
confidence: parsed.confidence,
|
|
11903
14678
|
context: parsed.context ?? parsed.reasoning,
|
|
14679
|
+
reasoningMethod: parsed.reasoningMethod,
|
|
11904
14680
|
derivationType: parsed.derivationType,
|
|
14681
|
+
metadata: parsed.metadata,
|
|
11905
14682
|
skipLayerValidation: true,
|
|
11906
14683
|
topicId: parsed.topicId,
|
|
11907
14684
|
trustedBypassAccessCheck: parsed.trustedBypassAccessCheck
|
|
@@ -11912,6 +14689,131 @@ var edgesContracts = [
|
|
|
11912
14689
|
},
|
|
11913
14690
|
args: createEdgeArgs
|
|
11914
14691
|
}),
|
|
14692
|
+
surfaceContract({
|
|
14693
|
+
name: "update_edge",
|
|
14694
|
+
kind: "mutation",
|
|
14695
|
+
domain: "edges",
|
|
14696
|
+
surfaceClass: "platform_public",
|
|
14697
|
+
method: "PATCH",
|
|
14698
|
+
path: "/edges",
|
|
14699
|
+
sdkNamespace: "edges",
|
|
14700
|
+
sdkMethod: "updateEdge",
|
|
14701
|
+
summary: "Update an epistemic edge.",
|
|
14702
|
+
convex: {
|
|
14703
|
+
module: "edges",
|
|
14704
|
+
functionName: "update",
|
|
14705
|
+
kind: "mutation",
|
|
14706
|
+
inputProjection: (input, context) => compactRecord4({
|
|
14707
|
+
edgeId: input.edgeId,
|
|
14708
|
+
weight: input.weight,
|
|
14709
|
+
confidence: input.confidence,
|
|
14710
|
+
context: input.context ?? input.reasoning,
|
|
14711
|
+
derivationType: input.derivationType,
|
|
14712
|
+
metadata: input.metadata,
|
|
14713
|
+
userId: input.userId ?? context.userId ?? context.principalId
|
|
14714
|
+
})
|
|
14715
|
+
},
|
|
14716
|
+
args: updateEdgeArgs
|
|
14717
|
+
}),
|
|
14718
|
+
surfaceContract({
|
|
14719
|
+
name: "remove_edge",
|
|
14720
|
+
kind: "mutation",
|
|
14721
|
+
domain: "edges",
|
|
14722
|
+
surfaceClass: "platform_public",
|
|
14723
|
+
method: "DELETE",
|
|
14724
|
+
path: "/edges",
|
|
14725
|
+
sdkNamespace: "edges",
|
|
14726
|
+
sdkMethod: "removeEdge",
|
|
14727
|
+
summary: "Remove an epistemic edge.",
|
|
14728
|
+
convex: {
|
|
14729
|
+
module: "edges",
|
|
14730
|
+
functionName: "remove",
|
|
14731
|
+
kind: "mutation",
|
|
14732
|
+
inputProjection: (input, context) => compactRecord4({
|
|
14733
|
+
edgeId: input.edgeId,
|
|
14734
|
+
userId: input.userId ?? context.userId ?? context.principalId
|
|
14735
|
+
})
|
|
14736
|
+
},
|
|
14737
|
+
args: removeEdgeArgs
|
|
14738
|
+
}),
|
|
14739
|
+
surfaceContract({
|
|
14740
|
+
name: "remove_edges_between",
|
|
14741
|
+
kind: "mutation",
|
|
14742
|
+
domain: "edges",
|
|
14743
|
+
surfaceClass: "platform_public",
|
|
14744
|
+
method: "DELETE",
|
|
14745
|
+
path: "/edges/between",
|
|
14746
|
+
sdkNamespace: "edges",
|
|
14747
|
+
sdkMethod: "removeEdgesBetween",
|
|
14748
|
+
summary: "Remove epistemic edges between two nodes.",
|
|
14749
|
+
convex: {
|
|
14750
|
+
module: "edges",
|
|
14751
|
+
functionName: "removeBetween",
|
|
14752
|
+
kind: "mutation",
|
|
14753
|
+
inputProjection: (input) => {
|
|
14754
|
+
const parsed = removeEdgesBetweenArgs.parse(input);
|
|
14755
|
+
const fromNodeId = parsed.from ? graphRefNodeId(parsed.from) : parsed.fromNodeId;
|
|
14756
|
+
const toNodeId = parsed.to ? graphRefNodeId(parsed.to) : parsed.toNodeId;
|
|
14757
|
+
if (!fromNodeId || !toNodeId) {
|
|
14758
|
+
throw new Error("from/to or fromNodeId/toNodeId are required.");
|
|
14759
|
+
}
|
|
14760
|
+
return compactRecord4({
|
|
14761
|
+
fromNodeId,
|
|
14762
|
+
toNodeId,
|
|
14763
|
+
edgeType: parsed.edgeType
|
|
14764
|
+
});
|
|
14765
|
+
}
|
|
14766
|
+
},
|
|
14767
|
+
args: removeEdgesBetweenArgs
|
|
14768
|
+
}),
|
|
14769
|
+
surfaceContract({
|
|
14770
|
+
name: "batch_create_edges",
|
|
14771
|
+
kind: "mutation",
|
|
14772
|
+
domain: "edges",
|
|
14773
|
+
surfaceClass: "platform_public",
|
|
14774
|
+
path: "/edges/batch",
|
|
14775
|
+
sdkNamespace: "edges",
|
|
14776
|
+
sdkMethod: "batchCreateEdges",
|
|
14777
|
+
summary: "Batch create epistemic edges.",
|
|
14778
|
+
convex: {
|
|
14779
|
+
module: "edges",
|
|
14780
|
+
functionName: "batchCreate",
|
|
14781
|
+
kind: "mutation",
|
|
14782
|
+
inputProjection: (input, context) => {
|
|
14783
|
+
const parsed = batchCreateEdgesArgs.parse(input);
|
|
14784
|
+
return {
|
|
14785
|
+
skipLayerValidation: parsed.skipLayerValidation ?? true,
|
|
14786
|
+
edges: parsed.edges.map((edge) => {
|
|
14787
|
+
assertEdgePolicyAllowed(
|
|
14788
|
+
edgePolicyManifest,
|
|
14789
|
+
edge.edgeType,
|
|
14790
|
+
edge.from,
|
|
14791
|
+
edge.to
|
|
14792
|
+
);
|
|
14793
|
+
const fromNodeId = graphRefNodeId(edge.from);
|
|
14794
|
+
const toNodeId = graphRefNodeId(edge.to);
|
|
14795
|
+
return withCreatedBy(
|
|
14796
|
+
compactRecord4({
|
|
14797
|
+
fromNodeId,
|
|
14798
|
+
toNodeId,
|
|
14799
|
+
edgeType: edge.edgeType,
|
|
14800
|
+
globalId: edge.globalId ?? `edge:${fromNodeId}:${toNodeId}:${edge.edgeType}`,
|
|
14801
|
+
weight: edge.weight,
|
|
14802
|
+
confidence: edge.confidence,
|
|
14803
|
+
context: edge.context ?? edge.reasoning,
|
|
14804
|
+
reasoningMethod: edge.reasoningMethod,
|
|
14805
|
+
derivationType: edge.derivationType,
|
|
14806
|
+
metadata: edge.metadata,
|
|
14807
|
+
topicId: edge.topicId
|
|
14808
|
+
}),
|
|
14809
|
+
context
|
|
14810
|
+
);
|
|
14811
|
+
})
|
|
14812
|
+
};
|
|
14813
|
+
}
|
|
14814
|
+
},
|
|
14815
|
+
args: batchCreateEdgesArgs
|
|
14816
|
+
}),
|
|
11915
14817
|
surfaceContract({
|
|
11916
14818
|
name: "query_lineage",
|
|
11917
14819
|
kind: "query",
|
|
@@ -12634,6 +15536,69 @@ var pipelineContracts = [
|
|
|
12634
15536
|
}
|
|
12635
15537
|
})
|
|
12636
15538
|
];
|
|
15539
|
+
function isRecord3(value) {
|
|
15540
|
+
return Boolean(value) && typeof value === "object" && !Array.isArray(value);
|
|
15541
|
+
}
|
|
15542
|
+
function stringValues(value) {
|
|
15543
|
+
if (typeof value === "string") {
|
|
15544
|
+
return [value];
|
|
15545
|
+
}
|
|
15546
|
+
if (Array.isArray(value)) {
|
|
15547
|
+
return value.flatMap((item) => stringValues(item));
|
|
15548
|
+
}
|
|
15549
|
+
return [];
|
|
15550
|
+
}
|
|
15551
|
+
function nestedEvidenceRows(value) {
|
|
15552
|
+
if (Array.isArray(value)) {
|
|
15553
|
+
return value.flatMap((item) => nestedEvidenceRows(item));
|
|
15554
|
+
}
|
|
15555
|
+
if (!isRecord3(value)) {
|
|
15556
|
+
return [];
|
|
15557
|
+
}
|
|
15558
|
+
const nestedKeys = ["evidence", "items", "nodes"];
|
|
15559
|
+
const nestedRows = nestedKeys.flatMap((key) => nestedEvidenceRows(value[key]));
|
|
15560
|
+
return nestedRows.length > 0 ? nestedRows : [value];
|
|
15561
|
+
}
|
|
15562
|
+
function isFailedAttemptRow(row) {
|
|
15563
|
+
const metadata = isRecord3(row.metadata) ? row.metadata : null;
|
|
15564
|
+
return metadata?.failedApproach === true || metadata?.isFailedAttempt === true;
|
|
15565
|
+
}
|
|
15566
|
+
function failureLogSearchFields(row) {
|
|
15567
|
+
const metadata = isRecord3(row.metadata) ? row.metadata : null;
|
|
15568
|
+
return [
|
|
15569
|
+
...stringValues(row.id),
|
|
15570
|
+
...stringValues(row._id),
|
|
15571
|
+
...stringValues(row.title),
|
|
15572
|
+
...stringValues(row.text),
|
|
15573
|
+
...stringValues(row.canonicalText),
|
|
15574
|
+
...stringValues(row.content),
|
|
15575
|
+
...stringValues(metadata?.codeAnchor),
|
|
15576
|
+
...stringValues(metadata?.codeAnchors),
|
|
15577
|
+
...stringValues(metadata?.anchor),
|
|
15578
|
+
...stringValues(metadata?.anchors),
|
|
15579
|
+
...stringValues(metadata?.filePath),
|
|
15580
|
+
...stringValues(metadata?.filePaths),
|
|
15581
|
+
...stringValues(metadata?.path),
|
|
15582
|
+
...stringValues(metadata?.paths),
|
|
15583
|
+
...stringValues(metadata?.sourceRef),
|
|
15584
|
+
...stringValues(metadata?.touchedPaths)
|
|
15585
|
+
];
|
|
15586
|
+
}
|
|
15587
|
+
function projectFailureLog(output, input) {
|
|
15588
|
+
const rawQuery = typeof input.query === "string" && input.query.trim().length > 0 ? input.query.trim() : void 0;
|
|
15589
|
+
const searchKey = rawQuery?.toLowerCase();
|
|
15590
|
+
const failures = nestedEvidenceRows(output).filter((row) => isFailedAttemptRow(row)).filter(
|
|
15591
|
+
(row) => !searchKey ? true : failureLogSearchFields(row).some(
|
|
15592
|
+
(field) => field.toLowerCase().includes(searchKey)
|
|
15593
|
+
)
|
|
15594
|
+
);
|
|
15595
|
+
return {
|
|
15596
|
+
query: rawQuery,
|
|
15597
|
+
failures,
|
|
15598
|
+
totalFound: failures.length,
|
|
15599
|
+
showing: failures.length
|
|
15600
|
+
};
|
|
15601
|
+
}
|
|
12637
15602
|
var recordScopeLearningArgs = z.object({
|
|
12638
15603
|
topicId: z.string().optional().describe("Topic scope ID"),
|
|
12639
15604
|
summary: z.string().describe("Atomic learning statement"),
|
|
@@ -12723,6 +15688,8 @@ var attemptInput = (input, context) => withUserId(
|
|
|
12723
15688
|
tags: ["code_attempt"],
|
|
12724
15689
|
metadata: compactRecord4({
|
|
12725
15690
|
...recordValue2(input.metadata),
|
|
15691
|
+
failedApproach: true,
|
|
15692
|
+
isFailedAttempt: true,
|
|
12726
15693
|
filePaths: input.filePaths,
|
|
12727
15694
|
filePath: input.filePath,
|
|
12728
15695
|
errorMessage: input.errorMessage,
|
|
@@ -12853,7 +15820,8 @@ var codingContracts = [
|
|
|
12853
15820
|
limit: input.limit,
|
|
12854
15821
|
status: input.status,
|
|
12855
15822
|
userId: input.userId
|
|
12856
|
-
})
|
|
15823
|
+
}),
|
|
15824
|
+
outputProjection: (output, input) => projectFailureLog(output, input)
|
|
12857
15825
|
}
|
|
12858
15826
|
})
|
|
12859
15827
|
];
|
|
@@ -12890,6 +15858,7 @@ var ALL_FUNCTION_CONTRACTS = [
|
|
|
12890
15858
|
...evidenceContracts,
|
|
12891
15859
|
...questionsContracts,
|
|
12892
15860
|
...topicsContracts,
|
|
15861
|
+
...nodesContracts,
|
|
12893
15862
|
...lensesContracts,
|
|
12894
15863
|
...ontologiesContracts,
|
|
12895
15864
|
...worktreesContracts,
|
|
@@ -13065,6 +16034,13 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13065
16034
|
copyMode: "none",
|
|
13066
16035
|
description: "Deliberation sessions are created by tenant workflows."
|
|
13067
16036
|
},
|
|
16037
|
+
{
|
|
16038
|
+
component: "kernel",
|
|
16039
|
+
table: "domainEvents",
|
|
16040
|
+
prepopulation: "runtime_log",
|
|
16041
|
+
copyMode: "none",
|
|
16042
|
+
description: "Domain event rows are append-only runtime audit/exhaust data."
|
|
16043
|
+
},
|
|
13068
16044
|
{
|
|
13069
16045
|
component: "kernel",
|
|
13070
16046
|
table: "epistemicAudit",
|
|
@@ -13314,14 +16290,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13314
16290
|
description: "Worktrees are tenant/runtime planning data."
|
|
13315
16291
|
},
|
|
13316
16292
|
{
|
|
13317
|
-
component: "
|
|
16293
|
+
component: "control-plane",
|
|
13318
16294
|
table: "agents",
|
|
13319
16295
|
prepopulation: "runtime_bootstrap",
|
|
13320
16296
|
copyMode: "none",
|
|
13321
16297
|
description: "Service agents are provisioned per tenant or service, not copied."
|
|
13322
16298
|
},
|
|
13323
16299
|
{
|
|
13324
|
-
component: "
|
|
16300
|
+
component: "control-plane",
|
|
13325
16301
|
table: "mcpWritePolicy",
|
|
13326
16302
|
prepopulation: "required_template",
|
|
13327
16303
|
copyMode: "template_global",
|
|
@@ -13330,14 +16306,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13330
16306
|
description: "Global write policy defaults govern service and interactive MCP writes."
|
|
13331
16307
|
},
|
|
13332
16308
|
{
|
|
13333
|
-
component: "
|
|
16309
|
+
component: "control-plane",
|
|
13334
16310
|
table: "modelCallLogs",
|
|
13335
16311
|
prepopulation: "runtime_log",
|
|
13336
16312
|
copyMode: "none",
|
|
13337
16313
|
description: "Model call logs are runtime telemetry."
|
|
13338
16314
|
},
|
|
13339
16315
|
{
|
|
13340
|
-
component: "
|
|
16316
|
+
component: "control-plane",
|
|
13341
16317
|
table: "modelFunctionSlots",
|
|
13342
16318
|
prepopulation: "required_template",
|
|
13343
16319
|
copyMode: "template_global",
|
|
@@ -13346,7 +16322,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13346
16322
|
description: "Function-to-model slots are required by model runtime resolution."
|
|
13347
16323
|
},
|
|
13348
16324
|
{
|
|
13349
|
-
component: "
|
|
16325
|
+
component: "control-plane",
|
|
13350
16326
|
table: "modelRegistry",
|
|
13351
16327
|
prepopulation: "required_template",
|
|
13352
16328
|
copyMode: "template_global",
|
|
@@ -13355,7 +16331,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13355
16331
|
description: "Model catalog defaults are required by model runtime clients."
|
|
13356
16332
|
},
|
|
13357
16333
|
{
|
|
13358
|
-
component: "
|
|
16334
|
+
component: "control-plane",
|
|
13359
16335
|
table: "modelSlotConfigs",
|
|
13360
16336
|
prepopulation: "required_template",
|
|
13361
16337
|
copyMode: "template_global",
|
|
@@ -13364,14 +16340,105 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13364
16340
|
description: "Slot-level defaults are required before tenant overrides exist."
|
|
13365
16341
|
},
|
|
13366
16342
|
{
|
|
13367
|
-
component: "
|
|
16343
|
+
component: "control-plane",
|
|
16344
|
+
table: "permitAccessReviewItems",
|
|
16345
|
+
prepopulation: "runtime_data",
|
|
16346
|
+
copyMode: "none",
|
|
16347
|
+
description: "Permit access-review item rows are tenant review data projected from Permit."
|
|
16348
|
+
},
|
|
16349
|
+
{
|
|
16350
|
+
component: "control-plane",
|
|
16351
|
+
table: "permitAccessReviews",
|
|
16352
|
+
prepopulation: "runtime_data",
|
|
16353
|
+
copyMode: "none",
|
|
16354
|
+
description: "Permit access-review campaigns are tenant review data projected from Permit."
|
|
16355
|
+
},
|
|
16356
|
+
{
|
|
16357
|
+
component: "control-plane",
|
|
16358
|
+
table: "permitAttributeBindings",
|
|
16359
|
+
prepopulation: "runtime_data",
|
|
16360
|
+
copyMode: "none",
|
|
16361
|
+
description: "Permit ABAC attribute bindings are tenant policy projection rows."
|
|
16362
|
+
},
|
|
16363
|
+
{
|
|
16364
|
+
component: "control-plane",
|
|
16365
|
+
table: "permitGroups",
|
|
16366
|
+
prepopulation: "runtime_data",
|
|
16367
|
+
copyMode: "none",
|
|
16368
|
+
description: "Permit groups are tenant-defined policy subjects, not template data."
|
|
16369
|
+
},
|
|
16370
|
+
{
|
|
16371
|
+
component: "control-plane",
|
|
16372
|
+
table: "permitGroupMemberships",
|
|
16373
|
+
prepopulation: "runtime_data",
|
|
16374
|
+
copyMode: "none",
|
|
16375
|
+
description: "Permit group memberships are tenant-specific policy projection rows."
|
|
16376
|
+
},
|
|
16377
|
+
{
|
|
16378
|
+
component: "control-plane",
|
|
16379
|
+
table: "permitPolicyBundles",
|
|
16380
|
+
prepopulation: "runtime_derived",
|
|
16381
|
+
copyMode: "none",
|
|
16382
|
+
description: "Permit policy bundles are derived from the Permit control plane."
|
|
16383
|
+
},
|
|
16384
|
+
{
|
|
16385
|
+
component: "control-plane",
|
|
16386
|
+
table: "permitPolicyDecisionReceipts",
|
|
16387
|
+
prepopulation: "runtime_log",
|
|
16388
|
+
copyMode: "none",
|
|
16389
|
+
description: "Permit decision receipts are runtime authorization audit logs."
|
|
16390
|
+
},
|
|
16391
|
+
{
|
|
16392
|
+
component: "control-plane",
|
|
16393
|
+
table: "permitPrincipalAliases",
|
|
16394
|
+
prepopulation: "runtime_data",
|
|
16395
|
+
copyMode: "none",
|
|
16396
|
+
description: "Permit principal aliases are tenant-specific identity projection rows."
|
|
16397
|
+
},
|
|
16398
|
+
{
|
|
16399
|
+
component: "control-plane",
|
|
16400
|
+
table: "permitPrincipals",
|
|
16401
|
+
prepopulation: "runtime_data",
|
|
16402
|
+
copyMode: "none",
|
|
16403
|
+
description: "Permit principals are projected from Clerk, Permit, and tenant onboarding flows."
|
|
16404
|
+
},
|
|
16405
|
+
{
|
|
16406
|
+
component: "control-plane",
|
|
16407
|
+
table: "permitProjectionOutbox",
|
|
16408
|
+
prepopulation: "runtime_queue",
|
|
16409
|
+
copyMode: "none",
|
|
16410
|
+
description: "Permit projection outbox rows are runtime sync queue data."
|
|
16411
|
+
},
|
|
16412
|
+
{
|
|
16413
|
+
component: "control-plane",
|
|
16414
|
+
table: "permitRelationshipTuples",
|
|
16415
|
+
prepopulation: "runtime_data",
|
|
16416
|
+
copyMode: "none",
|
|
16417
|
+
description: "Permit ReBAC relationship tuples are tenant policy projection rows."
|
|
16418
|
+
},
|
|
16419
|
+
{
|
|
16420
|
+
component: "control-plane",
|
|
16421
|
+
table: "permitResourceInstances",
|
|
16422
|
+
prepopulation: "runtime_data",
|
|
16423
|
+
copyMode: "none",
|
|
16424
|
+
description: "Permit resource instances are tenant/workspace graph and deployment projection rows."
|
|
16425
|
+
},
|
|
16426
|
+
{
|
|
16427
|
+
component: "control-plane",
|
|
16428
|
+
table: "permitRoleAssignments",
|
|
16429
|
+
prepopulation: "runtime_data",
|
|
16430
|
+
copyMode: "none",
|
|
16431
|
+
description: "Permit role assignments are tenant-specific policy projection rows."
|
|
16432
|
+
},
|
|
16433
|
+
{
|
|
16434
|
+
component: "control-plane",
|
|
13368
16435
|
table: "platformAudienceGrants",
|
|
13369
16436
|
prepopulation: "runtime_data",
|
|
13370
16437
|
copyMode: "none",
|
|
13371
16438
|
description: "Audience grants are principal/group-specific access rows."
|
|
13372
16439
|
},
|
|
13373
16440
|
{
|
|
13374
|
-
component: "
|
|
16441
|
+
component: "control-plane",
|
|
13375
16442
|
table: "platformAudiences",
|
|
13376
16443
|
prepopulation: "required_template",
|
|
13377
16444
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13380,35 +16447,35 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13380
16447
|
description: "Default tenant audience taxonomy rows are rewritten into each tenant."
|
|
13381
16448
|
},
|
|
13382
16449
|
{
|
|
13383
|
-
component: "
|
|
16450
|
+
component: "control-plane",
|
|
13384
16451
|
table: "platformPolicyDecisionLogs",
|
|
13385
16452
|
prepopulation: "runtime_log",
|
|
13386
16453
|
copyMode: "none",
|
|
13387
16454
|
description: "Policy decisions are runtime audit logs."
|
|
13388
16455
|
},
|
|
13389
16456
|
{
|
|
13390
|
-
component: "
|
|
16457
|
+
component: "control-plane",
|
|
13391
16458
|
table: "projectGrants",
|
|
13392
16459
|
prepopulation: "runtime_data",
|
|
13393
16460
|
copyMode: "none",
|
|
13394
16461
|
description: "Project/topic grants are principal or group-specific access rows."
|
|
13395
16462
|
},
|
|
13396
16463
|
{
|
|
13397
|
-
component: "
|
|
16464
|
+
component: "control-plane",
|
|
13398
16465
|
table: "reasoningPermissions",
|
|
13399
16466
|
prepopulation: "runtime_data",
|
|
13400
16467
|
copyMode: "none",
|
|
13401
16468
|
description: "Reasoning permissions are principal-specific policy rows."
|
|
13402
16469
|
},
|
|
13403
16470
|
{
|
|
13404
|
-
component: "
|
|
16471
|
+
component: "control-plane",
|
|
13405
16472
|
table: "tenantApiKeys",
|
|
13406
16473
|
prepopulation: "runtime_secret",
|
|
13407
16474
|
copyMode: "none",
|
|
13408
16475
|
description: "API keys are tenant credentials and must never be copied."
|
|
13409
16476
|
},
|
|
13410
16477
|
{
|
|
13411
|
-
component: "
|
|
16478
|
+
component: "control-plane",
|
|
13412
16479
|
table: "tenantConfig",
|
|
13413
16480
|
prepopulation: "required_template",
|
|
13414
16481
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13417,7 +16484,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13417
16484
|
description: "Tenant-local config defaults are rewritten during bootstrap."
|
|
13418
16485
|
},
|
|
13419
16486
|
{
|
|
13420
|
-
component: "
|
|
16487
|
+
component: "control-plane",
|
|
13421
16488
|
table: "tenantIntegrations",
|
|
13422
16489
|
prepopulation: "required_template",
|
|
13423
16490
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13426,14 +16493,21 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13426
16493
|
description: "Non-secret integration descriptors are rewritten into each tenant."
|
|
13427
16494
|
},
|
|
13428
16495
|
{
|
|
13429
|
-
component: "
|
|
16496
|
+
component: "control-plane",
|
|
13430
16497
|
table: "tenantModelSlotBindings",
|
|
13431
16498
|
prepopulation: "runtime_secret",
|
|
13432
16499
|
copyMode: "none",
|
|
13433
16500
|
description: "Tenant model slot bindings reference provider secrets and are runtime-only."
|
|
13434
16501
|
},
|
|
13435
16502
|
{
|
|
13436
|
-
component: "
|
|
16503
|
+
component: "control-plane",
|
|
16504
|
+
table: "tenantPermitSyncStates",
|
|
16505
|
+
prepopulation: "runtime_derived",
|
|
16506
|
+
copyMode: "none",
|
|
16507
|
+
description: "Tenant Permit sync state rows are runtime reconciliation state."
|
|
16508
|
+
},
|
|
16509
|
+
{
|
|
16510
|
+
component: "control-plane",
|
|
13437
16511
|
table: "tenantPolicies",
|
|
13438
16512
|
prepopulation: "required_template",
|
|
13439
16513
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13442,42 +16516,42 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13442
16516
|
description: "Default tenant policy roles are rewritten during bootstrap."
|
|
13443
16517
|
},
|
|
13444
16518
|
{
|
|
13445
|
-
component: "
|
|
16519
|
+
component: "control-plane",
|
|
13446
16520
|
table: "tenantProviderSecrets",
|
|
13447
16521
|
prepopulation: "runtime_secret",
|
|
13448
16522
|
copyMode: "none",
|
|
13449
16523
|
description: "Provider secrets are credentials and must never be copied."
|
|
13450
16524
|
},
|
|
13451
16525
|
{
|
|
13452
|
-
component: "
|
|
16526
|
+
component: "control-plane",
|
|
13453
16527
|
table: "tenantProxyGatewayUsage",
|
|
13454
16528
|
prepopulation: "runtime_log",
|
|
13455
16529
|
copyMode: "none",
|
|
13456
16530
|
description: "Proxy gateway usage rows are runtime telemetry."
|
|
13457
16531
|
},
|
|
13458
16532
|
{
|
|
13459
|
-
component: "
|
|
16533
|
+
component: "control-plane",
|
|
13460
16534
|
table: "tenantProxyTokenMints",
|
|
13461
16535
|
prepopulation: "runtime_secret",
|
|
13462
16536
|
copyMode: "none",
|
|
13463
16537
|
description: "Proxy token mints are ephemeral secret-bearing runtime rows."
|
|
13464
16538
|
},
|
|
13465
16539
|
{
|
|
13466
|
-
component: "
|
|
16540
|
+
component: "control-plane",
|
|
13467
16541
|
table: "tenantSandboxAuditEvents",
|
|
13468
16542
|
prepopulation: "runtime_log",
|
|
13469
16543
|
copyMode: "none",
|
|
13470
16544
|
description: "Sandbox audit rows are runtime security logs."
|
|
13471
16545
|
},
|
|
13472
16546
|
{
|
|
13473
|
-
component: "
|
|
16547
|
+
component: "control-plane",
|
|
13474
16548
|
table: "tenantSecrets",
|
|
13475
16549
|
prepopulation: "runtime_secret",
|
|
13476
16550
|
copyMode: "none",
|
|
13477
16551
|
description: "Tenant secrets are credentials and must never be copied."
|
|
13478
16552
|
},
|
|
13479
16553
|
{
|
|
13480
|
-
component: "
|
|
16554
|
+
component: "control-plane",
|
|
13481
16555
|
table: "toolAcls",
|
|
13482
16556
|
prepopulation: "required_template",
|
|
13483
16557
|
copyMode: "template_global",
|
|
@@ -13486,7 +16560,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13486
16560
|
description: "Default role-to-tool grants are required for SDK/MCP tool access."
|
|
13487
16561
|
},
|
|
13488
16562
|
{
|
|
13489
|
-
component: "
|
|
16563
|
+
component: "control-plane",
|
|
13490
16564
|
table: "toolRegistry",
|
|
13491
16565
|
prepopulation: "required_template",
|
|
13492
16566
|
copyMode: "template_global",
|
|
@@ -13495,7 +16569,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13495
16569
|
description: "Core tool catalog rows are required before pack or tenant tools exist."
|
|
13496
16570
|
},
|
|
13497
16571
|
{
|
|
13498
|
-
component: "
|
|
16572
|
+
component: "control-plane",
|
|
13499
16573
|
table: "users",
|
|
13500
16574
|
prepopulation: "runtime_bootstrap",
|
|
13501
16575
|
copyMode: "none",
|