@lucern/events 0.3.0-alpha.9 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +14 -2
- package/dist/index.js +3456 -393
- package/dist/index.js.map +1 -1
- package/dist/outbox.js +3458 -395
- package/dist/outbox.js.map +1 -1
- package/dist/types.js +3458 -395
- package/dist/types.js.map +1 -1
- package/dist/webhooks.js +3456 -393
- package/dist/webhooks.js.map +1 -1
- package/package.json +2 -2
package/dist/outbox.js
CHANGED
|
@@ -1,6 +1,20 @@
|
|
|
1
1
|
import { z } from 'zod';
|
|
2
2
|
import { v } from 'convex/values';
|
|
3
3
|
|
|
4
|
+
// ../contracts/src/types/reasoning-method.ts
|
|
5
|
+
var REASONING_METHODS = [
|
|
6
|
+
"deductive",
|
|
7
|
+
"inductive",
|
|
8
|
+
"abductive",
|
|
9
|
+
"analogical",
|
|
10
|
+
"causal",
|
|
11
|
+
"correlational",
|
|
12
|
+
"testimonial",
|
|
13
|
+
"statistical",
|
|
14
|
+
"implicit",
|
|
15
|
+
"pattern_match"
|
|
16
|
+
];
|
|
17
|
+
|
|
4
18
|
// ../contracts/src/graph-intelligence.contract.ts
|
|
5
19
|
var GRAPH_INTELLIGENCE_MODE_TOOL_NAMES = {
|
|
6
20
|
core: [
|
|
@@ -783,7 +797,7 @@ defineTable({
|
|
|
783
797
|
});
|
|
784
798
|
defineTable({
|
|
785
799
|
name: "agents",
|
|
786
|
-
component: "
|
|
800
|
+
component: "control-plane",
|
|
787
801
|
category: "agent",
|
|
788
802
|
shape: z.object({
|
|
789
803
|
"slug": z.string(),
|
|
@@ -814,6 +828,8 @@ defineTable({
|
|
|
814
828
|
category: "tenant",
|
|
815
829
|
shape: z.object({
|
|
816
830
|
"tenantId": idOf("tenants"),
|
|
831
|
+
"workspaceId": idOf("workspaces").optional(),
|
|
832
|
+
"environment": z.enum(["dev", "staging", "prod"]).optional(),
|
|
817
833
|
"keyPrefix": z.enum(["luc", "stk"]),
|
|
818
834
|
"keyHash": z.string(),
|
|
819
835
|
"keyHint": z.string(),
|
|
@@ -841,7 +857,7 @@ defineTable({
|
|
|
841
857
|
shape: z.object({
|
|
842
858
|
"tenantId": idOf("tenants").optional(),
|
|
843
859
|
"apiKeyId": idOf("apiKeys").optional(),
|
|
844
|
-
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
860
|
+
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "tenant_clerk_organization_linked", "tenant_canonical_identity_repaired", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
845
861
|
"actorClerkId": z.string(),
|
|
846
862
|
"details": z.any().optional(),
|
|
847
863
|
"createdAt": z.number()
|
|
@@ -1065,6 +1081,35 @@ defineTable({
|
|
|
1065
1081
|
{ kind: "index", name: "by_source", columns: ["source"] }
|
|
1066
1082
|
]
|
|
1067
1083
|
});
|
|
1084
|
+
defineTable({
|
|
1085
|
+
name: "domainEvents",
|
|
1086
|
+
component: "kernel",
|
|
1087
|
+
category: "events",
|
|
1088
|
+
shape: z.object({
|
|
1089
|
+
"eventId": z.string(),
|
|
1090
|
+
"type": z.string(),
|
|
1091
|
+
"version": z.string(),
|
|
1092
|
+
"timestamp": z.number(),
|
|
1093
|
+
"tenantId": z.string().optional(),
|
|
1094
|
+
"workspaceId": z.string().optional(),
|
|
1095
|
+
"topicId": z.string(),
|
|
1096
|
+
"resourceId": z.string(),
|
|
1097
|
+
"resourceType": z.string(),
|
|
1098
|
+
"actorId": z.string(),
|
|
1099
|
+
"actorType": z.enum(["human", "agent", "service"]),
|
|
1100
|
+
"data": z.record(z.any()),
|
|
1101
|
+
"correlationId": z.string().optional(),
|
|
1102
|
+
"expiresAt": z.number()
|
|
1103
|
+
}),
|
|
1104
|
+
indices: [
|
|
1105
|
+
{ kind: "index", name: "by_eventId", columns: ["eventId"] },
|
|
1106
|
+
{ kind: "index", name: "by_topic_timestamp", columns: ["topicId", "timestamp"] },
|
|
1107
|
+
{ kind: "index", name: "by_tenant_workspace_timestamp", columns: ["tenantId", "workspaceId", "timestamp"] },
|
|
1108
|
+
{ kind: "index", name: "by_type_timestamp", columns: ["type", "timestamp"] },
|
|
1109
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId", "timestamp"] },
|
|
1110
|
+
{ kind: "index", name: "by_expiresAt", columns: ["expiresAt"] }
|
|
1111
|
+
]
|
|
1112
|
+
});
|
|
1068
1113
|
defineTable({
|
|
1069
1114
|
name: "beliefConfidence",
|
|
1070
1115
|
component: "kernel",
|
|
@@ -1720,29 +1765,37 @@ defineTable({
|
|
|
1720
1765
|
component: "mc",
|
|
1721
1766
|
category: "runtime",
|
|
1722
1767
|
shape: z.object({
|
|
1723
|
-
|
|
1724
|
-
|
|
1725
|
-
|
|
1726
|
-
|
|
1727
|
-
|
|
1728
|
-
|
|
1729
|
-
|
|
1730
|
-
|
|
1731
|
-
|
|
1732
|
-
|
|
1733
|
-
|
|
1734
|
-
|
|
1735
|
-
|
|
1768
|
+
shimId: z.string(),
|
|
1769
|
+
gateId: z.string(),
|
|
1770
|
+
removalDate: z.string(),
|
|
1771
|
+
removalPriority: z.enum(["P1", "P2", "P3"]),
|
|
1772
|
+
description: z.string(),
|
|
1773
|
+
owner: z.string(),
|
|
1774
|
+
createdAt: z.string(),
|
|
1775
|
+
status: z.enum(["active", "overdue", "removed"]),
|
|
1776
|
+
bridgeType: z.enum(["tool", "agent"]),
|
|
1777
|
+
bridgeTarget: z.object({
|
|
1778
|
+
type: z.enum(["tool", "agent"]),
|
|
1779
|
+
legacyPath: z.string(),
|
|
1780
|
+
harnessPath: z.string()
|
|
1736
1781
|
}),
|
|
1737
|
-
|
|
1738
|
-
|
|
1739
|
-
|
|
1740
|
-
|
|
1782
|
+
shimBehavior: z.enum([
|
|
1783
|
+
"passthrough_with_logging",
|
|
1784
|
+
"adapter",
|
|
1785
|
+
"feature_flag_gate"
|
|
1786
|
+
]),
|
|
1787
|
+
producesLedgerEntries: z.boolean(),
|
|
1788
|
+
lastAuditedAt: z.number(),
|
|
1789
|
+
metadata: z.record(z.any()).optional()
|
|
1741
1790
|
}),
|
|
1742
1791
|
indices: [
|
|
1743
1792
|
{ kind: "index", name: "by_shimId", columns: ["shimId"] },
|
|
1744
1793
|
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
1745
|
-
{
|
|
1794
|
+
{
|
|
1795
|
+
kind: "index",
|
|
1796
|
+
name: "by_bridgeType_status",
|
|
1797
|
+
columns: ["bridgeType", "status"]
|
|
1798
|
+
}
|
|
1746
1799
|
]
|
|
1747
1800
|
});
|
|
1748
1801
|
defineTable({
|
|
@@ -1750,12 +1803,23 @@ defineTable({
|
|
|
1750
1803
|
component: "mc",
|
|
1751
1804
|
category: "runtime",
|
|
1752
1805
|
shape: z.object({
|
|
1753
|
-
|
|
1754
|
-
|
|
1755
|
-
|
|
1756
|
-
|
|
1757
|
-
|
|
1758
|
-
|
|
1806
|
+
domain: z.enum([
|
|
1807
|
+
"graph",
|
|
1808
|
+
"schema",
|
|
1809
|
+
"identity",
|
|
1810
|
+
"policy",
|
|
1811
|
+
"audit",
|
|
1812
|
+
"admin",
|
|
1813
|
+
"agent",
|
|
1814
|
+
"tool",
|
|
1815
|
+
"prompt",
|
|
1816
|
+
"intelligence"
|
|
1817
|
+
]),
|
|
1818
|
+
state: z.enum(["legacy", "cutover", "disabled"]),
|
|
1819
|
+
metadata: z.record(z.any()).optional(),
|
|
1820
|
+
updatedBy: z.string(),
|
|
1821
|
+
createdAt: z.number(),
|
|
1822
|
+
updatedAt: z.number()
|
|
1759
1823
|
}),
|
|
1760
1824
|
indices: [
|
|
1761
1825
|
{ kind: "index", name: "by_domain", columns: ["domain"] },
|
|
@@ -1767,57 +1831,193 @@ defineTable({
|
|
|
1767
1831
|
component: "mc",
|
|
1768
1832
|
category: "runtime",
|
|
1769
1833
|
shape: z.object({
|
|
1770
|
-
|
|
1771
|
-
|
|
1772
|
-
|
|
1773
|
-
|
|
1774
|
-
|
|
1775
|
-
|
|
1776
|
-
|
|
1777
|
-
|
|
1778
|
-
|
|
1779
|
-
|
|
1780
|
-
|
|
1781
|
-
|
|
1782
|
-
|
|
1783
|
-
|
|
1784
|
-
|
|
1785
|
-
|
|
1786
|
-
|
|
1834
|
+
credentialRef: z.string(),
|
|
1835
|
+
tenantId: idOf("tenants"),
|
|
1836
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1837
|
+
target: z.enum(["kernelDeployment", "appDeployment"]),
|
|
1838
|
+
environment: z.enum(["dev", "staging", "prod"]),
|
|
1839
|
+
encryptedDeployKey: z.string(),
|
|
1840
|
+
encryptionVersion: z.string(),
|
|
1841
|
+
keyFingerprint: z.string(),
|
|
1842
|
+
keyHint: z.string(),
|
|
1843
|
+
status: z.enum(["active", "revoked"]),
|
|
1844
|
+
rotatedFromCredentialRef: z.string().optional(),
|
|
1845
|
+
revokedAt: z.number().optional(),
|
|
1846
|
+
revokedBy: z.string().optional(),
|
|
1847
|
+
lastUsedAt: z.number().optional(),
|
|
1848
|
+
metadata: z.record(z.any()).optional(),
|
|
1849
|
+
createdBy: z.string(),
|
|
1850
|
+
createdAt: z.number(),
|
|
1851
|
+
updatedAt: z.number()
|
|
1787
1852
|
}),
|
|
1788
1853
|
indices: [
|
|
1789
1854
|
{ kind: "index", name: "by_credentialRef", columns: ["credentialRef"] },
|
|
1790
1855
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1791
|
-
{ kind: "index", name: "
|
|
1792
|
-
{
|
|
1793
|
-
|
|
1856
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
1857
|
+
{
|
|
1858
|
+
kind: "index",
|
|
1859
|
+
name: "by_tenant_target",
|
|
1860
|
+
columns: ["tenantId", "target"]
|
|
1861
|
+
},
|
|
1862
|
+
{
|
|
1863
|
+
kind: "index",
|
|
1864
|
+
name: "by_tenant_target_environment",
|
|
1865
|
+
columns: ["tenantId", "target", "environment"]
|
|
1866
|
+
},
|
|
1867
|
+
{
|
|
1868
|
+
kind: "index",
|
|
1869
|
+
name: "by_tenant_target_environment_status",
|
|
1870
|
+
columns: ["tenantId", "target", "environment", "status"]
|
|
1871
|
+
},
|
|
1872
|
+
{
|
|
1873
|
+
kind: "index",
|
|
1874
|
+
name: "by_tenant_workspace_target_environment_status",
|
|
1875
|
+
columns: ["tenantId", "workspaceId", "target", "environment", "status"]
|
|
1876
|
+
},
|
|
1794
1877
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1795
1878
|
]
|
|
1796
1879
|
});
|
|
1880
|
+
defineTable({
|
|
1881
|
+
name: "permitSyncStates",
|
|
1882
|
+
component: "mc",
|
|
1883
|
+
category: "runtime",
|
|
1884
|
+
shape: z.object({
|
|
1885
|
+
syncKey: z.string(),
|
|
1886
|
+
objectType: z.enum([
|
|
1887
|
+
"resource",
|
|
1888
|
+
"role",
|
|
1889
|
+
"resource_role",
|
|
1890
|
+
"resource_relation",
|
|
1891
|
+
"tenant",
|
|
1892
|
+
"workspace",
|
|
1893
|
+
"principal",
|
|
1894
|
+
"membership",
|
|
1895
|
+
"group",
|
|
1896
|
+
"resource_instance",
|
|
1897
|
+
"relationship_tuple",
|
|
1898
|
+
"role_assignment"
|
|
1899
|
+
]),
|
|
1900
|
+
objectId: z.string(),
|
|
1901
|
+
tenantId: idOf("tenants").optional(),
|
|
1902
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1903
|
+
principalId: z.string().optional(),
|
|
1904
|
+
permitTenantKey: z.string().optional(),
|
|
1905
|
+
permitResourceType: z.string().optional(),
|
|
1906
|
+
permitResourceKey: z.string().optional(),
|
|
1907
|
+
desiredPayload: z.record(z.any()),
|
|
1908
|
+
lastAppliedPayloadHash: z.string().optional(),
|
|
1909
|
+
status: z.enum(["pending", "synced", "error", "skipped"]),
|
|
1910
|
+
attemptCount: z.number(),
|
|
1911
|
+
lastError: z.string().optional(),
|
|
1912
|
+
nextAttemptAt: z.number().optional(),
|
|
1913
|
+
lastSyncedAt: z.number().optional(),
|
|
1914
|
+
createdBy: z.string(),
|
|
1915
|
+
updatedBy: z.string().optional(),
|
|
1916
|
+
createdAt: z.number(),
|
|
1917
|
+
updatedAt: z.number()
|
|
1918
|
+
}),
|
|
1919
|
+
indices: [
|
|
1920
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
1921
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
1922
|
+
{
|
|
1923
|
+
kind: "index",
|
|
1924
|
+
name: "by_tenant_status",
|
|
1925
|
+
columns: ["tenantId", "status"]
|
|
1926
|
+
},
|
|
1927
|
+
{
|
|
1928
|
+
kind: "index",
|
|
1929
|
+
name: "by_workspace_status",
|
|
1930
|
+
columns: ["workspaceId", "status"]
|
|
1931
|
+
},
|
|
1932
|
+
{
|
|
1933
|
+
kind: "index",
|
|
1934
|
+
name: "by_principal_status",
|
|
1935
|
+
columns: ["principalId", "status"]
|
|
1936
|
+
}
|
|
1937
|
+
]
|
|
1938
|
+
});
|
|
1939
|
+
defineTable({
|
|
1940
|
+
name: "secretSyncDriftReports",
|
|
1941
|
+
component: "mc",
|
|
1942
|
+
category: "runtime",
|
|
1943
|
+
shape: z.object({
|
|
1944
|
+
reportId: z.string(),
|
|
1945
|
+
source: z.enum(["infisical_manifest", "manual", "ci"]),
|
|
1946
|
+
generatedAt: z.number(),
|
|
1947
|
+
recordedAt: z.number(),
|
|
1948
|
+
recordedBy: z.string(),
|
|
1949
|
+
status: z.enum([
|
|
1950
|
+
"in_sync",
|
|
1951
|
+
"drift",
|
|
1952
|
+
"exception",
|
|
1953
|
+
"blocked",
|
|
1954
|
+
"not_observed"
|
|
1955
|
+
]),
|
|
1956
|
+
reportHash: z.string(),
|
|
1957
|
+
manifestHash: z.string().optional(),
|
|
1958
|
+
dryRunReceiptId: z.string().optional(),
|
|
1959
|
+
appliedReceiptId: z.string().optional(),
|
|
1960
|
+
summary: z.object({
|
|
1961
|
+
totalPipelines: z.number(),
|
|
1962
|
+
inSync: z.number(),
|
|
1963
|
+
drift: z.number(),
|
|
1964
|
+
exception: z.number(),
|
|
1965
|
+
blocked: z.number(),
|
|
1966
|
+
notObserved: z.number(),
|
|
1967
|
+
missingKeys: z.number(),
|
|
1968
|
+
valueDriftKeys: z.number(),
|
|
1969
|
+
extraKeys: z.number(),
|
|
1970
|
+
deniedConvexLeakage: z.number(),
|
|
1971
|
+
approvedExceptions: z.number()
|
|
1972
|
+
}),
|
|
1973
|
+
redactedReport: z.record(z.any()),
|
|
1974
|
+
metadata: z.record(z.any()).optional()
|
|
1975
|
+
}),
|
|
1976
|
+
indices: [
|
|
1977
|
+
{ kind: "index", name: "by_reportId", columns: ["reportId"] },
|
|
1978
|
+
{ kind: "index", name: "by_reportHash", columns: ["reportHash"] },
|
|
1979
|
+
{ kind: "index", name: "by_generatedAt", columns: ["generatedAt"] },
|
|
1980
|
+
{
|
|
1981
|
+
kind: "index",
|
|
1982
|
+
name: "by_status_generatedAt",
|
|
1983
|
+
columns: ["status", "generatedAt"]
|
|
1984
|
+
}
|
|
1985
|
+
]
|
|
1986
|
+
});
|
|
1797
1987
|
defineTable({
|
|
1798
1988
|
name: "controlPlaneTenantModelSlotBindings",
|
|
1799
1989
|
component: "mc",
|
|
1800
1990
|
category: "runtime",
|
|
1801
1991
|
shape: z.object({
|
|
1802
|
-
|
|
1803
|
-
|
|
1804
|
-
"
|
|
1805
|
-
|
|
1806
|
-
|
|
1807
|
-
|
|
1808
|
-
|
|
1809
|
-
|
|
1810
|
-
|
|
1811
|
-
|
|
1812
|
-
|
|
1813
|
-
|
|
1814
|
-
|
|
1992
|
+
bindingId: z.string(),
|
|
1993
|
+
tenantId: idOf("tenants"),
|
|
1994
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1995
|
+
environment: z.enum(["dev", "staging", "prod"]).optional(),
|
|
1996
|
+
providerId: z.string(),
|
|
1997
|
+
modelSlotId: z.string(),
|
|
1998
|
+
secretRef: z.string(),
|
|
1999
|
+
status: z.enum(["active", "revoked"]),
|
|
2000
|
+
passThroughOnly: z.boolean(),
|
|
2001
|
+
revokedAt: z.number().optional(),
|
|
2002
|
+
revokedBy: z.string().optional(),
|
|
2003
|
+
metadata: z.record(z.any()).optional(),
|
|
2004
|
+
createdBy: z.string(),
|
|
2005
|
+
createdAt: z.number(),
|
|
2006
|
+
updatedAt: z.number()
|
|
1815
2007
|
}),
|
|
1816
2008
|
indices: [
|
|
1817
2009
|
{ kind: "index", name: "by_bindingId", columns: ["bindingId"] },
|
|
1818
2010
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1819
|
-
{
|
|
1820
|
-
|
|
2011
|
+
{
|
|
2012
|
+
kind: "index",
|
|
2013
|
+
name: "by_tenant_slot",
|
|
2014
|
+
columns: ["tenantId", "modelSlotId"]
|
|
2015
|
+
},
|
|
2016
|
+
{
|
|
2017
|
+
kind: "index",
|
|
2018
|
+
name: "by_tenant_provider_slot",
|
|
2019
|
+
columns: ["tenantId", "providerId", "modelSlotId"]
|
|
2020
|
+
},
|
|
1821
2021
|
{ kind: "index", name: "by_secretRef", columns: ["secretRef"] },
|
|
1822
2022
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1823
2023
|
]
|
|
@@ -1827,29 +2027,42 @@ defineTable({
|
|
|
1827
2027
|
component: "mc",
|
|
1828
2028
|
category: "runtime",
|
|
1829
2029
|
shape: z.object({
|
|
1830
|
-
|
|
1831
|
-
|
|
1832
|
-
"
|
|
1833
|
-
|
|
1834
|
-
|
|
1835
|
-
|
|
1836
|
-
|
|
1837
|
-
|
|
1838
|
-
|
|
1839
|
-
|
|
1840
|
-
|
|
1841
|
-
|
|
1842
|
-
|
|
1843
|
-
|
|
1844
|
-
|
|
1845
|
-
|
|
1846
|
-
|
|
2030
|
+
secretRef: z.string(),
|
|
2031
|
+
tenantId: idOf("tenants"),
|
|
2032
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2033
|
+
environment: z.enum(["dev", "staging", "prod"]).optional(),
|
|
2034
|
+
providerId: z.string(),
|
|
2035
|
+
label: z.string().optional(),
|
|
2036
|
+
encryptedSecret: z.string().optional(),
|
|
2037
|
+
infisicalPath: z.string().optional(),
|
|
2038
|
+
infisicalSecretKey: z.string().optional(),
|
|
2039
|
+
infisicalProjectId: z.string().optional(),
|
|
2040
|
+
encryptionVersion: z.string(),
|
|
2041
|
+
secretFingerprint: z.string(),
|
|
2042
|
+
keyHint: z.string(),
|
|
2043
|
+
status: z.enum(["active", "revoked"]),
|
|
2044
|
+
rotatedFromSecretRef: z.string().optional(),
|
|
2045
|
+
revokedAt: z.number().optional(),
|
|
2046
|
+
revokedBy: z.string().optional(),
|
|
2047
|
+
lastUsedAt: z.number().optional(),
|
|
2048
|
+
metadata: z.record(z.any()).optional(),
|
|
2049
|
+
createdBy: z.string(),
|
|
2050
|
+
createdAt: z.number(),
|
|
2051
|
+
updatedAt: z.number()
|
|
1847
2052
|
}),
|
|
1848
2053
|
indices: [
|
|
1849
2054
|
{ kind: "index", name: "by_secretRef", columns: ["secretRef"] },
|
|
1850
2055
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1851
|
-
{
|
|
1852
|
-
|
|
2056
|
+
{
|
|
2057
|
+
kind: "index",
|
|
2058
|
+
name: "by_tenant_provider",
|
|
2059
|
+
columns: ["tenantId", "providerId"]
|
|
2060
|
+
},
|
|
2061
|
+
{
|
|
2062
|
+
kind: "index",
|
|
2063
|
+
name: "by_tenant_provider_status",
|
|
2064
|
+
columns: ["tenantId", "providerId", "status"]
|
|
2065
|
+
},
|
|
1853
2066
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1854
2067
|
]
|
|
1855
2068
|
});
|
|
@@ -1858,35 +2071,93 @@ defineTable({
|
|
|
1858
2071
|
component: "mc",
|
|
1859
2072
|
category: "runtime",
|
|
1860
2073
|
shape: z.object({
|
|
1861
|
-
|
|
1862
|
-
|
|
1863
|
-
|
|
1864
|
-
|
|
1865
|
-
|
|
1866
|
-
|
|
1867
|
-
|
|
1868
|
-
|
|
1869
|
-
|
|
1870
|
-
|
|
1871
|
-
|
|
1872
|
-
|
|
1873
|
-
|
|
1874
|
-
|
|
1875
|
-
|
|
1876
|
-
|
|
1877
|
-
|
|
1878
|
-
|
|
1879
|
-
|
|
1880
|
-
|
|
1881
|
-
|
|
1882
|
-
|
|
2074
|
+
usageId: z.string(),
|
|
2075
|
+
tenantId: idOf("tenants"),
|
|
2076
|
+
providerId: z.string(),
|
|
2077
|
+
modelSlotId: z.string(),
|
|
2078
|
+
secretRef: z.string(),
|
|
2079
|
+
proxyTokenId: z.string(),
|
|
2080
|
+
sessionId: z.string(),
|
|
2081
|
+
principalId: z.string(),
|
|
2082
|
+
workspaceId: z.string().optional(),
|
|
2083
|
+
modelId: z.string().optional(),
|
|
2084
|
+
requestPath: z.string(),
|
|
2085
|
+
status: z.enum(["success", "error"]),
|
|
2086
|
+
responseStatus: z.number().optional(),
|
|
2087
|
+
inputTokens: z.number().optional(),
|
|
2088
|
+
outputTokens: z.number().optional(),
|
|
2089
|
+
tokenCount: z.number().optional(),
|
|
2090
|
+
latencyMs: z.number(),
|
|
2091
|
+
estimatedCostUsd: z.number().optional(),
|
|
2092
|
+
failureCode: z.string().optional(),
|
|
2093
|
+
metadata: z.record(z.any()).optional(),
|
|
2094
|
+
createdAt: z.number(),
|
|
2095
|
+
updatedAt: z.number()
|
|
1883
2096
|
}),
|
|
1884
2097
|
indices: [
|
|
1885
2098
|
{ kind: "index", name: "by_usageId", columns: ["usageId"] },
|
|
1886
2099
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
|
|
1887
|
-
{
|
|
1888
|
-
|
|
1889
|
-
|
|
2100
|
+
{
|
|
2101
|
+
kind: "index",
|
|
2102
|
+
name: "by_tenant_provider",
|
|
2103
|
+
columns: ["tenantId", "providerId", "createdAt"]
|
|
2104
|
+
},
|
|
2105
|
+
{
|
|
2106
|
+
kind: "index",
|
|
2107
|
+
name: "by_proxyTokenId",
|
|
2108
|
+
columns: ["proxyTokenId", "createdAt"]
|
|
2109
|
+
},
|
|
2110
|
+
{
|
|
2111
|
+
kind: "index",
|
|
2112
|
+
name: "by_sessionId",
|
|
2113
|
+
columns: ["sessionId", "createdAt"]
|
|
2114
|
+
}
|
|
2115
|
+
]
|
|
2116
|
+
});
|
|
2117
|
+
defineTable({
|
|
2118
|
+
name: "controlPlaneTenantProxyTokenLeases",
|
|
2119
|
+
component: "mc",
|
|
2120
|
+
category: "runtime",
|
|
2121
|
+
shape: z.object({
|
|
2122
|
+
leaseId: z.string(),
|
|
2123
|
+
proxyTokenId: z.string(),
|
|
2124
|
+
tenantId: idOf("tenants"),
|
|
2125
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2126
|
+
environment: z.enum(["dev", "staging", "prod"]),
|
|
2127
|
+
providerId: z.string(),
|
|
2128
|
+
modelSlotId: z.string(),
|
|
2129
|
+
bindingId: z.string(),
|
|
2130
|
+
secretRef: z.string(),
|
|
2131
|
+
sessionId: z.string(),
|
|
2132
|
+
principalId: z.string(),
|
|
2133
|
+
agentSessionId: z.string().optional(),
|
|
2134
|
+
status: z.enum(["active", "revoked"]),
|
|
2135
|
+
expiresAt: z.number(),
|
|
2136
|
+
renewedAt: z.number().optional(),
|
|
2137
|
+
revokedAt: z.number().optional(),
|
|
2138
|
+
revokedBy: z.string().optional(),
|
|
2139
|
+
revokeReason: z.string().optional(),
|
|
2140
|
+
permitDecisionLogId: idOf("policyDecisionLogs").optional(),
|
|
2141
|
+
permitTraceId: z.string().optional(),
|
|
2142
|
+
metadata: z.record(z.any()).optional(),
|
|
2143
|
+
createdAt: z.number(),
|
|
2144
|
+
updatedAt: z.number()
|
|
2145
|
+
}),
|
|
2146
|
+
indices: [
|
|
2147
|
+
{ kind: "index", name: "by_leaseId", columns: ["leaseId"] },
|
|
2148
|
+
{ kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId"] },
|
|
2149
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
|
|
2150
|
+
{ kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] },
|
|
2151
|
+
{
|
|
2152
|
+
kind: "index",
|
|
2153
|
+
name: "by_principalId",
|
|
2154
|
+
columns: ["principalId", "createdAt"]
|
|
2155
|
+
},
|
|
2156
|
+
{
|
|
2157
|
+
kind: "index",
|
|
2158
|
+
name: "by_status_expiresAt",
|
|
2159
|
+
columns: ["status", "expiresAt"]
|
|
2160
|
+
}
|
|
1890
2161
|
]
|
|
1891
2162
|
});
|
|
1892
2163
|
defineTable({
|
|
@@ -2219,6 +2490,7 @@ defineTable({
|
|
|
2219
2490
|
"questionType": z.enum(["validation", "falsification", "assumption_probe", "prediction_test", "counterfactual", "discovery", "clarification", "comparison", "causal", "mechanism", "general"]).optional(),
|
|
2220
2491
|
"questionPriority": z.enum(["critical", "high", "medium", "low"]).optional(),
|
|
2221
2492
|
"answerQuality": z.enum(["definitive", "strong", "moderate", "weak", "speculative", "unanswered"]).optional(),
|
|
2493
|
+
"themeStatus": z.enum(["emerging", "active", "mature", "declining", "archived"]).optional(),
|
|
2222
2494
|
"themeConviction": z.enum(["high", "medium", "low", "negative"]).optional(),
|
|
2223
2495
|
"decisionType": z.enum(["invest", "pass", "follow_on", "exit", "deep_dive", "monitor", "deprioritize", "thesis_adopt", "thesis_revise", "thesis_abandon"]).optional(),
|
|
2224
2496
|
"decisionOutcome": z.enum(["pending", "successful", "unsuccessful", "mixed", "unknown"]).optional(),
|
|
@@ -2369,6 +2641,7 @@ defineTable({
|
|
|
2369
2641
|
indices: [
|
|
2370
2642
|
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
2371
2643
|
{ kind: "index", name: "by_principal_tenant", columns: ["principalId", "tenantId"] },
|
|
2644
|
+
{ kind: "index", name: "by_principal_tenant_workspace", columns: ["principalId", "tenantId", "workspaceId"] },
|
|
2372
2645
|
{ kind: "index", name: "by_workspace_principal", columns: ["workspaceId", "principalId"] },
|
|
2373
2646
|
{ kind: "index", name: "by_tenant_role", columns: ["tenantId", "role"] },
|
|
2374
2647
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
@@ -2400,6 +2673,36 @@ defineTable({
|
|
|
2400
2673
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
2401
2674
|
]
|
|
2402
2675
|
});
|
|
2676
|
+
defineTable({
|
|
2677
|
+
name: "principalIdentityAliases",
|
|
2678
|
+
component: "mc",
|
|
2679
|
+
category: "identity",
|
|
2680
|
+
shape: z.object({
|
|
2681
|
+
"principalId": z.string(),
|
|
2682
|
+
"principalRefId": idOf("principals").optional(),
|
|
2683
|
+
"provider": z.string(),
|
|
2684
|
+
"providerProjectId": z.string().optional(),
|
|
2685
|
+
"externalSubjectId": z.string(),
|
|
2686
|
+
"tenantId": idOf("tenants").optional(),
|
|
2687
|
+
"workspaceId": idOf("workspaces").optional(),
|
|
2688
|
+
"email": z.string().optional(),
|
|
2689
|
+
"status": z.enum(["active", "revoked"]),
|
|
2690
|
+
"metadata": z.record(z.any()).optional(),
|
|
2691
|
+
"createdBy": z.string(),
|
|
2692
|
+
"revokedAt": z.number().optional(),
|
|
2693
|
+
"revokedBy": z.string().optional(),
|
|
2694
|
+
"createdAt": z.number(),
|
|
2695
|
+
"updatedAt": z.number()
|
|
2696
|
+
}),
|
|
2697
|
+
indices: [
|
|
2698
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "externalSubjectId"] },
|
|
2699
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "externalSubjectId"] },
|
|
2700
|
+
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
2701
|
+
{ kind: "index", name: "by_principal_status", columns: ["principalId", "status"] },
|
|
2702
|
+
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "externalSubjectId"] },
|
|
2703
|
+
{ kind: "index", name: "by_workspace_provider_subject", columns: ["workspaceId", "provider", "externalSubjectId"] }
|
|
2704
|
+
]
|
|
2705
|
+
});
|
|
2403
2706
|
defineTable({
|
|
2404
2707
|
name: "rateLimitWindows",
|
|
2405
2708
|
component: "mc",
|
|
@@ -2989,7 +3292,7 @@ defineTable({
|
|
|
2989
3292
|
});
|
|
2990
3293
|
defineTable({
|
|
2991
3294
|
name: "mcpWritePolicy",
|
|
2992
|
-
component: "
|
|
3295
|
+
component: "control-plane",
|
|
2993
3296
|
category: "platform",
|
|
2994
3297
|
shape: z.object({
|
|
2995
3298
|
"topicId": z.string().optional(),
|
|
@@ -3012,7 +3315,7 @@ defineTable({
|
|
|
3012
3315
|
});
|
|
3013
3316
|
defineTable({
|
|
3014
3317
|
name: "platformAudienceGrants",
|
|
3015
|
-
component: "
|
|
3318
|
+
component: "control-plane",
|
|
3016
3319
|
category: "platform",
|
|
3017
3320
|
shape: z.object({
|
|
3018
3321
|
"tenantId": z.string(),
|
|
@@ -3038,7 +3341,7 @@ defineTable({
|
|
|
3038
3341
|
});
|
|
3039
3342
|
defineTable({
|
|
3040
3343
|
name: "platformAudiences",
|
|
3041
|
-
component: "
|
|
3344
|
+
component: "control-plane",
|
|
3042
3345
|
category: "platform",
|
|
3043
3346
|
shape: z.object({
|
|
3044
3347
|
"tenantId": z.string(),
|
|
@@ -3063,7 +3366,7 @@ defineTable({
|
|
|
3063
3366
|
});
|
|
3064
3367
|
defineTable({
|
|
3065
3368
|
name: "platformPolicyDecisionLogs",
|
|
3066
|
-
component: "
|
|
3369
|
+
component: "control-plane",
|
|
3067
3370
|
category: "platform",
|
|
3068
3371
|
shape: z.object({
|
|
3069
3372
|
"principalId": z.string(),
|
|
@@ -3099,7 +3402,7 @@ defineTable({
|
|
|
3099
3402
|
});
|
|
3100
3403
|
defineTable({
|
|
3101
3404
|
name: "tenantApiKeys",
|
|
3102
|
-
component: "
|
|
3405
|
+
component: "control-plane",
|
|
3103
3406
|
category: "platform",
|
|
3104
3407
|
shape: z.object({
|
|
3105
3408
|
"tenantId": z.string(),
|
|
@@ -3126,7 +3429,7 @@ defineTable({
|
|
|
3126
3429
|
});
|
|
3127
3430
|
defineTable({
|
|
3128
3431
|
name: "tenantConfig",
|
|
3129
|
-
component: "
|
|
3432
|
+
component: "control-plane",
|
|
3130
3433
|
category: "platform",
|
|
3131
3434
|
shape: z.object({
|
|
3132
3435
|
"tenantId": z.string(),
|
|
@@ -3145,7 +3448,7 @@ defineTable({
|
|
|
3145
3448
|
});
|
|
3146
3449
|
defineTable({
|
|
3147
3450
|
name: "tenantIntegrations",
|
|
3148
|
-
component: "
|
|
3451
|
+
component: "control-plane",
|
|
3149
3452
|
category: "platform",
|
|
3150
3453
|
shape: z.object({
|
|
3151
3454
|
"tenantId": z.string(),
|
|
@@ -3200,7 +3503,7 @@ defineTable({
|
|
|
3200
3503
|
});
|
|
3201
3504
|
defineTable({
|
|
3202
3505
|
name: "tenantModelSlotBindings",
|
|
3203
|
-
component: "
|
|
3506
|
+
component: "control-plane",
|
|
3204
3507
|
category: "platform",
|
|
3205
3508
|
shape: z.object({
|
|
3206
3509
|
"bindingId": z.string(),
|
|
@@ -3228,7 +3531,7 @@ defineTable({
|
|
|
3228
3531
|
});
|
|
3229
3532
|
defineTable({
|
|
3230
3533
|
name: "tenantPolicies",
|
|
3231
|
-
component: "
|
|
3534
|
+
component: "control-plane",
|
|
3232
3535
|
category: "platform",
|
|
3233
3536
|
shape: z.object({
|
|
3234
3537
|
"tenantId": z.string(),
|
|
@@ -3253,7 +3556,7 @@ defineTable({
|
|
|
3253
3556
|
});
|
|
3254
3557
|
defineTable({
|
|
3255
3558
|
name: "tenantProviderSecrets",
|
|
3256
|
-
component: "
|
|
3559
|
+
component: "control-plane",
|
|
3257
3560
|
category: "platform",
|
|
3258
3561
|
shape: z.object({
|
|
3259
3562
|
"secretRef": z.string(),
|
|
@@ -3284,7 +3587,7 @@ defineTable({
|
|
|
3284
3587
|
});
|
|
3285
3588
|
defineTable({
|
|
3286
3589
|
name: "tenantProxyGatewayUsage",
|
|
3287
|
-
component: "
|
|
3590
|
+
component: "control-plane",
|
|
3288
3591
|
category: "platform",
|
|
3289
3592
|
shape: z.object({
|
|
3290
3593
|
"usageId": z.string(),
|
|
@@ -3319,7 +3622,7 @@ defineTable({
|
|
|
3319
3622
|
});
|
|
3320
3623
|
defineTable({
|
|
3321
3624
|
name: "tenantProxyTokenMints",
|
|
3322
|
-
component: "
|
|
3625
|
+
component: "control-plane",
|
|
3323
3626
|
category: "platform",
|
|
3324
3627
|
shape: z.object({
|
|
3325
3628
|
"proxyTokenId": z.string(),
|
|
@@ -3342,7 +3645,7 @@ defineTable({
|
|
|
3342
3645
|
});
|
|
3343
3646
|
defineTable({
|
|
3344
3647
|
name: "tenantSandboxAuditEvents",
|
|
3345
|
-
component: "
|
|
3648
|
+
component: "control-plane",
|
|
3346
3649
|
category: "platform",
|
|
3347
3650
|
shape: z.object({
|
|
3348
3651
|
"eventId": z.string(),
|
|
@@ -3376,7 +3679,7 @@ defineTable({
|
|
|
3376
3679
|
});
|
|
3377
3680
|
defineTable({
|
|
3378
3681
|
name: "tenantSecrets",
|
|
3379
|
-
component: "
|
|
3682
|
+
component: "control-plane",
|
|
3380
3683
|
category: "platform",
|
|
3381
3684
|
shape: z.object({
|
|
3382
3685
|
"tenantId": z.string(),
|
|
@@ -3398,7 +3701,7 @@ defineTable({
|
|
|
3398
3701
|
});
|
|
3399
3702
|
defineTable({
|
|
3400
3703
|
name: "toolAcls",
|
|
3401
|
-
component: "
|
|
3704
|
+
component: "control-plane",
|
|
3402
3705
|
category: "platform",
|
|
3403
3706
|
shape: z.object({
|
|
3404
3707
|
"role": z.enum(["platform_admin", "tenant_admin", "workspace_admin", "editor", "viewer", "auditor", "service_agent"]),
|
|
@@ -3413,7 +3716,7 @@ defineTable({
|
|
|
3413
3716
|
});
|
|
3414
3717
|
defineTable({
|
|
3415
3718
|
name: "toolRegistry",
|
|
3416
|
-
component: "
|
|
3719
|
+
component: "control-plane",
|
|
3417
3720
|
category: "platform",
|
|
3418
3721
|
shape: z.object({
|
|
3419
3722
|
"toolName": z.string(),
|
|
@@ -3494,7 +3797,7 @@ defineTable({
|
|
|
3494
3797
|
});
|
|
3495
3798
|
defineTable({
|
|
3496
3799
|
name: "modelCallLogs",
|
|
3497
|
-
component: "
|
|
3800
|
+
component: "control-plane",
|
|
3498
3801
|
category: "model",
|
|
3499
3802
|
shape: z.object({
|
|
3500
3803
|
"slot": z.string(),
|
|
@@ -3520,7 +3823,7 @@ defineTable({
|
|
|
3520
3823
|
});
|
|
3521
3824
|
defineTable({
|
|
3522
3825
|
name: "modelFunctionSlots",
|
|
3523
|
-
component: "
|
|
3826
|
+
component: "control-plane",
|
|
3524
3827
|
category: "model",
|
|
3525
3828
|
shape: z.object({
|
|
3526
3829
|
"slot": z.string(),
|
|
@@ -3545,7 +3848,7 @@ defineTable({
|
|
|
3545
3848
|
});
|
|
3546
3849
|
defineTable({
|
|
3547
3850
|
name: "modelRegistry",
|
|
3548
|
-
component: "
|
|
3851
|
+
component: "control-plane",
|
|
3549
3852
|
category: "model",
|
|
3550
3853
|
shape: z.object({
|
|
3551
3854
|
"key": z.string(),
|
|
@@ -3572,7 +3875,7 @@ defineTable({
|
|
|
3572
3875
|
});
|
|
3573
3876
|
defineTable({
|
|
3574
3877
|
name: "modelSlotConfigs",
|
|
3575
|
-
component: "
|
|
3878
|
+
component: "control-plane",
|
|
3576
3879
|
category: "model",
|
|
3577
3880
|
shape: z.object({
|
|
3578
3881
|
"slot": z.string(),
|
|
@@ -3959,7 +4262,7 @@ defineTable({
|
|
|
3959
4262
|
"workspaceId": idOf("workspaces").optional(),
|
|
3960
4263
|
"resourceType": z.string(),
|
|
3961
4264
|
"resourceId": z.string(),
|
|
3962
|
-
"action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote"]),
|
|
4265
|
+
"action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote", "route", "invoke", "manage", "deploy", "promote", "rollback", "audit", "read_ref", "fetch_value", "rotate", "administer", "mint", "delegate", "revoke"]),
|
|
3963
4266
|
"decision": z.enum(["allow", "deny"]),
|
|
3964
4267
|
"reasonCode": z.string(),
|
|
3965
4268
|
"policyVersion": z.string(),
|
|
@@ -4021,7 +4324,7 @@ defineTable({
|
|
|
4021
4324
|
});
|
|
4022
4325
|
defineTable({
|
|
4023
4326
|
name: "projectGrants",
|
|
4024
|
-
component: "
|
|
4327
|
+
component: "control-plane",
|
|
4025
4328
|
category: "project",
|
|
4026
4329
|
shape: z.object({
|
|
4027
4330
|
"projectId": z.string().optional(),
|
|
@@ -4053,91 +4356,735 @@ defineTable({
|
|
|
4053
4356
|
{ kind: "index", name: "by_topic_cluster_status", columns: ["topicId", "beliefClusterId", "status"] }
|
|
4054
4357
|
]
|
|
4055
4358
|
});
|
|
4359
|
+
var permitActorType = z.enum([
|
|
4360
|
+
"human",
|
|
4361
|
+
"agent",
|
|
4362
|
+
"service_principal",
|
|
4363
|
+
"external_stakeholder",
|
|
4364
|
+
"system"
|
|
4365
|
+
]);
|
|
4366
|
+
var permitMembershipStatus = z.enum([
|
|
4367
|
+
"active",
|
|
4368
|
+
"invited",
|
|
4369
|
+
"revoked",
|
|
4370
|
+
"suspended",
|
|
4371
|
+
"disabled"
|
|
4372
|
+
]);
|
|
4373
|
+
var permitDecision = z.enum(["allow", "deny"]);
|
|
4374
|
+
var permitAccessReviewStatus = z.enum([
|
|
4375
|
+
"open",
|
|
4376
|
+
"in_progress",
|
|
4377
|
+
"approved",
|
|
4378
|
+
"denied",
|
|
4379
|
+
"expired",
|
|
4380
|
+
"cancelled"
|
|
4381
|
+
]);
|
|
4382
|
+
var permitReviewScope = z.enum([
|
|
4383
|
+
"tenant",
|
|
4384
|
+
"workspace",
|
|
4385
|
+
"resource_instance",
|
|
4386
|
+
"group",
|
|
4387
|
+
"principal",
|
|
4388
|
+
"api_key",
|
|
4389
|
+
"admin_action"
|
|
4390
|
+
]);
|
|
4391
|
+
var permitRecordStatus = z.enum([
|
|
4392
|
+
"queued",
|
|
4393
|
+
"inflight",
|
|
4394
|
+
"completed",
|
|
4395
|
+
"failed",
|
|
4396
|
+
"skipped",
|
|
4397
|
+
"stale"
|
|
4398
|
+
]);
|
|
4399
|
+
var permitObjectType = z.enum([
|
|
4400
|
+
"resource",
|
|
4401
|
+
"role",
|
|
4402
|
+
"resource_role",
|
|
4403
|
+
"resource_relation",
|
|
4404
|
+
"tenant",
|
|
4405
|
+
"workspace",
|
|
4406
|
+
"principal",
|
|
4407
|
+
"membership",
|
|
4408
|
+
"group",
|
|
4409
|
+
"resource_instance",
|
|
4410
|
+
"relationship_tuple",
|
|
4411
|
+
"role_assignment",
|
|
4412
|
+
"attribute_binding",
|
|
4413
|
+
"policy_bundle"
|
|
4414
|
+
]);
|
|
4415
|
+
var permitOutboxOperation = z.enum([
|
|
4416
|
+
"upsert",
|
|
4417
|
+
"delete",
|
|
4418
|
+
"sync",
|
|
4419
|
+
"resync",
|
|
4420
|
+
"delete_sync",
|
|
4421
|
+
"noop"
|
|
4422
|
+
]);
|
|
4423
|
+
var permitPolicyBundleStatus = z.enum([
|
|
4424
|
+
"draft",
|
|
4425
|
+
"validated",
|
|
4426
|
+
"enforced",
|
|
4427
|
+
"archived"
|
|
4428
|
+
]);
|
|
4429
|
+
var permitSyncStatus = z.enum([
|
|
4430
|
+
"pending",
|
|
4431
|
+
"synced",
|
|
4432
|
+
"error",
|
|
4433
|
+
"skipped"
|
|
4434
|
+
]);
|
|
4435
|
+
var permitAccessReviewSubjectType = z.enum([
|
|
4436
|
+
"principal",
|
|
4437
|
+
"group",
|
|
4438
|
+
"role_assignment",
|
|
4439
|
+
"resource_instance"
|
|
4440
|
+
]);
|
|
4441
|
+
var permitAttributeType = z.enum([
|
|
4442
|
+
"string",
|
|
4443
|
+
"number",
|
|
4444
|
+
"bool",
|
|
4445
|
+
"json",
|
|
4446
|
+
"time"
|
|
4447
|
+
]);
|
|
4448
|
+
var permitAttributeOperator = z.enum([
|
|
4449
|
+
"eq",
|
|
4450
|
+
"neq",
|
|
4451
|
+
"in",
|
|
4452
|
+
"not_in",
|
|
4453
|
+
"gt",
|
|
4454
|
+
"gte",
|
|
4455
|
+
"lt",
|
|
4456
|
+
"lte",
|
|
4457
|
+
"contains",
|
|
4458
|
+
"not_contains",
|
|
4459
|
+
"matches"
|
|
4460
|
+
]);
|
|
4461
|
+
var permitRoleBindingTarget = z.enum([
|
|
4462
|
+
"principal",
|
|
4463
|
+
"group"
|
|
4464
|
+
]);
|
|
4056
4465
|
defineTable({
|
|
4057
|
-
name: "
|
|
4058
|
-
component: "
|
|
4059
|
-
category: "
|
|
4466
|
+
name: "permitPrincipals",
|
|
4467
|
+
component: "control-plane",
|
|
4468
|
+
category: "access-control",
|
|
4060
4469
|
shape: z.object({
|
|
4061
|
-
|
|
4062
|
-
|
|
4063
|
-
|
|
4064
|
-
|
|
4065
|
-
|
|
4066
|
-
|
|
4067
|
-
|
|
4068
|
-
|
|
4069
|
-
|
|
4070
|
-
|
|
4071
|
-
|
|
4470
|
+
principalId: z.string(),
|
|
4471
|
+
tenantId: z.string(),
|
|
4472
|
+
workspaceId: z.optional(z.string()),
|
|
4473
|
+
principalType: permitActorType,
|
|
4474
|
+
status: permitMembershipStatus,
|
|
4475
|
+
displayName: z.string().optional(),
|
|
4476
|
+
metadata: z.record(z.any()).optional(),
|
|
4477
|
+
createdBy: z.string(),
|
|
4478
|
+
createdAt: z.number(),
|
|
4479
|
+
updatedAt: z.number(),
|
|
4480
|
+
updatedBy: z.string().optional(),
|
|
4481
|
+
lastSeenAt: z.number().optional()
|
|
4072
4482
|
}),
|
|
4073
4483
|
indices: [
|
|
4074
|
-
{ kind: "index", name: "
|
|
4075
|
-
{ kind: "index", name: "
|
|
4076
|
-
{ kind: "index", name: "
|
|
4077
|
-
{ kind: "index", name: "
|
|
4484
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4485
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4486
|
+
{ kind: "index", name: "by_tenant_principalId", columns: ["tenantId", "principalId"] },
|
|
4487
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4488
|
+
{
|
|
4489
|
+
kind: "index",
|
|
4490
|
+
name: "by_tenant_principalType_status",
|
|
4491
|
+
columns: ["tenantId", "principalType", "status"]
|
|
4492
|
+
}
|
|
4078
4493
|
]
|
|
4079
4494
|
});
|
|
4080
4495
|
defineTable({
|
|
4081
|
-
name: "
|
|
4082
|
-
component: "
|
|
4083
|
-
category: "
|
|
4496
|
+
name: "permitPrincipalAliases",
|
|
4497
|
+
component: "control-plane",
|
|
4498
|
+
category: "access-control",
|
|
4084
4499
|
shape: z.object({
|
|
4085
|
-
|
|
4086
|
-
|
|
4087
|
-
|
|
4088
|
-
|
|
4089
|
-
|
|
4090
|
-
|
|
4091
|
-
|
|
4092
|
-
|
|
4093
|
-
|
|
4094
|
-
|
|
4095
|
-
|
|
4096
|
-
|
|
4097
|
-
|
|
4500
|
+
principalId: z.string(),
|
|
4501
|
+
tenantId: z.string(),
|
|
4502
|
+
workspaceId: z.optional(z.string()),
|
|
4503
|
+
provider: z.string(),
|
|
4504
|
+
providerSubjectId: z.string(),
|
|
4505
|
+
providerProjectId: z.string().optional(),
|
|
4506
|
+
alias: z.string(),
|
|
4507
|
+
aliasKind: z.string(),
|
|
4508
|
+
status: permitMembershipStatus,
|
|
4509
|
+
metadata: z.record(z.any()).optional(),
|
|
4510
|
+
createdBy: z.string(),
|
|
4511
|
+
createdAt: z.number(),
|
|
4512
|
+
updatedAt: z.number(),
|
|
4513
|
+
revokedBy: z.string().optional(),
|
|
4514
|
+
revokedAt: z.number().optional(),
|
|
4515
|
+
updatedBy: z.string().optional()
|
|
4098
4516
|
}),
|
|
4099
4517
|
indices: [
|
|
4100
|
-
{ kind: "index", name: "
|
|
4101
|
-
{ kind: "index", name: "
|
|
4102
|
-
{ kind: "index", name: "
|
|
4518
|
+
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
4519
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "providerSubjectId"] },
|
|
4520
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "providerSubjectId"] },
|
|
4521
|
+
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
|
|
4522
|
+
{ kind: "index", name: "by_tenant_provider_project_subject", columns: ["tenantId", "provider", "providerProjectId", "providerSubjectId"] },
|
|
4523
|
+
{
|
|
4524
|
+
kind: "index",
|
|
4525
|
+
name: "by_tenant_provider_alias",
|
|
4526
|
+
columns: ["tenantId", "provider", "alias"]
|
|
4527
|
+
},
|
|
4528
|
+
{ kind: "index", name: "by_tenant_alias", columns: ["tenantId", "alias"] },
|
|
4529
|
+
{
|
|
4530
|
+
kind: "index",
|
|
4531
|
+
name: "by_tenant_provider_status",
|
|
4532
|
+
columns: ["tenantId", "provider", "status"]
|
|
4533
|
+
}
|
|
4103
4534
|
]
|
|
4104
4535
|
});
|
|
4105
4536
|
defineTable({
|
|
4106
|
-
name: "
|
|
4107
|
-
component: "
|
|
4108
|
-
category: "
|
|
4537
|
+
name: "permitGroups",
|
|
4538
|
+
component: "control-plane",
|
|
4539
|
+
category: "access-control",
|
|
4109
4540
|
shape: z.object({
|
|
4110
|
-
|
|
4111
|
-
|
|
4112
|
-
|
|
4113
|
-
|
|
4114
|
-
|
|
4115
|
-
|
|
4116
|
-
|
|
4117
|
-
|
|
4118
|
-
|
|
4119
|
-
|
|
4120
|
-
|
|
4121
|
-
|
|
4122
|
-
|
|
4123
|
-
|
|
4124
|
-
|
|
4125
|
-
"
|
|
4126
|
-
"
|
|
4127
|
-
"
|
|
4128
|
-
"
|
|
4129
|
-
|
|
4130
|
-
|
|
4131
|
-
|
|
4132
|
-
|
|
4133
|
-
|
|
4134
|
-
|
|
4135
|
-
|
|
4136
|
-
|
|
4137
|
-
|
|
4138
|
-
|
|
4139
|
-
|
|
4140
|
-
|
|
4541
|
+
tenantId: z.string(),
|
|
4542
|
+
workspaceId: z.optional(z.string()),
|
|
4543
|
+
groupId: z.string(),
|
|
4544
|
+
groupKey: z.string(),
|
|
4545
|
+
groupName: z.string(),
|
|
4546
|
+
groupType: z.enum(["tenant", "workspace", "external", "system", "dynamic"]),
|
|
4547
|
+
status: permitMembershipStatus,
|
|
4548
|
+
description: z.string().optional(),
|
|
4549
|
+
metadata: z.record(z.any()).optional(),
|
|
4550
|
+
createdBy: z.string(),
|
|
4551
|
+
createdAt: z.number(),
|
|
4552
|
+
updatedAt: z.number(),
|
|
4553
|
+
updatedBy: z.string().optional()
|
|
4554
|
+
}),
|
|
4555
|
+
indices: [
|
|
4556
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4557
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4558
|
+
{ kind: "index", name: "by_tenant_groupId", columns: ["tenantId", "groupId"] },
|
|
4559
|
+
{ kind: "index", name: "by_tenant_groupKey", columns: ["tenantId", "groupKey"] },
|
|
4560
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4561
|
+
]
|
|
4562
|
+
});
|
|
4563
|
+
defineTable({
|
|
4564
|
+
name: "permitGroupMemberships",
|
|
4565
|
+
component: "control-plane",
|
|
4566
|
+
category: "access-control",
|
|
4567
|
+
shape: z.object({
|
|
4568
|
+
tenantId: z.string(),
|
|
4569
|
+
workspaceId: z.optional(z.string()),
|
|
4570
|
+
groupId: z.string(),
|
|
4571
|
+
memberType: z.enum(["principal", "group"]),
|
|
4572
|
+
memberId: z.string(),
|
|
4573
|
+
principalId: z.string().optional(),
|
|
4574
|
+
childGroupId: z.string().optional(),
|
|
4575
|
+
status: permitMembershipStatus,
|
|
4576
|
+
addedBy: z.string().optional(),
|
|
4577
|
+
revokedBy: z.string().optional(),
|
|
4578
|
+
expiresAt: z.number().optional(),
|
|
4579
|
+
revocationReason: z.string().optional(),
|
|
4580
|
+
metadata: z.record(z.any()).optional(),
|
|
4581
|
+
createdAt: z.number(),
|
|
4582
|
+
updatedAt: z.number(),
|
|
4583
|
+
updatedBy: z.string().optional()
|
|
4584
|
+
}),
|
|
4585
|
+
indices: [
|
|
4586
|
+
{ kind: "index", name: "by_tenant_principal", columns: ["tenantId", "principalId"] },
|
|
4587
|
+
{ kind: "index", name: "by_tenant_member", columns: ["tenantId", "memberType", "memberId"] },
|
|
4588
|
+
{
|
|
4589
|
+
kind: "index",
|
|
4590
|
+
name: "by_tenant_member_group",
|
|
4591
|
+
columns: ["tenantId", "memberType", "memberId", "groupId"]
|
|
4592
|
+
},
|
|
4593
|
+
{ kind: "index", name: "by_tenant_group", columns: ["tenantId", "groupId"] },
|
|
4594
|
+
{ kind: "index", name: "by_member_group", columns: ["memberType", "memberId", "groupId"] },
|
|
4595
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4596
|
+
{
|
|
4597
|
+
kind: "index",
|
|
4598
|
+
name: "by_workspace_principal",
|
|
4599
|
+
columns: ["workspaceId", "principalId"]
|
|
4600
|
+
}
|
|
4601
|
+
]
|
|
4602
|
+
});
|
|
4603
|
+
defineTable({
|
|
4604
|
+
name: "permitResourceInstances",
|
|
4605
|
+
component: "control-plane",
|
|
4606
|
+
category: "access-control",
|
|
4607
|
+
shape: z.object({
|
|
4608
|
+
tenantId: z.string(),
|
|
4609
|
+
workspaceId: z.optional(z.string()),
|
|
4610
|
+
resourceType: z.string(),
|
|
4611
|
+
resourceKey: z.string(),
|
|
4612
|
+
resourceId: z.string(),
|
|
4613
|
+
status: z.enum(["active", "deleted", "archived"]),
|
|
4614
|
+
attributes: z.record(z.any()).optional(),
|
|
4615
|
+
ownerPrincipalId: z.string().optional(),
|
|
4616
|
+
metadata: z.record(z.any()).optional(),
|
|
4617
|
+
createdBy: z.string(),
|
|
4618
|
+
updatedBy: z.string().optional(),
|
|
4619
|
+
createdAt: z.number(),
|
|
4620
|
+
updatedAt: z.number()
|
|
4621
|
+
}),
|
|
4622
|
+
indices: [
|
|
4623
|
+
{
|
|
4624
|
+
kind: "index",
|
|
4625
|
+
name: "by_tenant_resource_type",
|
|
4626
|
+
columns: ["tenantId", "resourceType"]
|
|
4627
|
+
},
|
|
4628
|
+
{
|
|
4629
|
+
kind: "index",
|
|
4630
|
+
name: "by_tenant_resource_key",
|
|
4631
|
+
columns: ["tenantId", "resourceType", "resourceKey"]
|
|
4632
|
+
},
|
|
4633
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4634
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4635
|
+
{
|
|
4636
|
+
kind: "index",
|
|
4637
|
+
name: "by_tenant_status",
|
|
4638
|
+
columns: ["tenantId", "status"]
|
|
4639
|
+
},
|
|
4640
|
+
{
|
|
4641
|
+
kind: "index",
|
|
4642
|
+
name: "by_ownerPrincipalId",
|
|
4643
|
+
columns: ["ownerPrincipalId"]
|
|
4644
|
+
}
|
|
4645
|
+
]
|
|
4646
|
+
});
|
|
4647
|
+
defineTable({
|
|
4648
|
+
name: "permitRoleAssignments",
|
|
4649
|
+
component: "control-plane",
|
|
4650
|
+
category: "access-control",
|
|
4651
|
+
shape: z.object({
|
|
4652
|
+
tenantId: z.string(),
|
|
4653
|
+
workspaceId: z.optional(z.string()),
|
|
4654
|
+
role: z.string(),
|
|
4655
|
+
targetType: permitRoleBindingTarget,
|
|
4656
|
+
targetId: z.string(),
|
|
4657
|
+
resourceType: z.string(),
|
|
4658
|
+
resourceKey: z.string(),
|
|
4659
|
+
resourceInstanceId: z.string().optional(),
|
|
4660
|
+
status: permitMembershipStatus,
|
|
4661
|
+
expiresAt: z.number().optional(),
|
|
4662
|
+
attributes: z.record(z.any()).optional(),
|
|
4663
|
+
grantedBy: z.string().optional(),
|
|
4664
|
+
updatedBy: z.string().optional(),
|
|
4665
|
+
revokedBy: z.string().optional(),
|
|
4666
|
+
createdAt: z.number(),
|
|
4667
|
+
updatedAt: z.number()
|
|
4668
|
+
}),
|
|
4669
|
+
indices: [
|
|
4670
|
+
{
|
|
4671
|
+
kind: "index",
|
|
4672
|
+
name: "by_tenant_target",
|
|
4673
|
+
columns: ["tenantId", "targetType", "targetId"]
|
|
4674
|
+
},
|
|
4675
|
+
{
|
|
4676
|
+
kind: "index",
|
|
4677
|
+
name: "by_tenant_resource",
|
|
4678
|
+
columns: ["tenantId", "resourceType", "resourceKey"]
|
|
4679
|
+
},
|
|
4680
|
+
{
|
|
4681
|
+
kind: "index",
|
|
4682
|
+
name: "by_tenant_role",
|
|
4683
|
+
columns: ["tenantId", "role", "status"]
|
|
4684
|
+
},
|
|
4685
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4686
|
+
{
|
|
4687
|
+
kind: "index",
|
|
4688
|
+
name: "by_workspace_resource",
|
|
4689
|
+
columns: ["workspaceId", "resourceType", "resourceKey"]
|
|
4690
|
+
}
|
|
4691
|
+
]
|
|
4692
|
+
});
|
|
4693
|
+
defineTable({
|
|
4694
|
+
name: "permitRelationshipTuples",
|
|
4695
|
+
component: "control-plane",
|
|
4696
|
+
category: "access-control",
|
|
4697
|
+
shape: z.object({
|
|
4698
|
+
tenantId: z.string(),
|
|
4699
|
+
workspaceId: z.optional(z.string()),
|
|
4700
|
+
relation: z.string(),
|
|
4701
|
+
subject: z.string(),
|
|
4702
|
+
object: z.string(),
|
|
4703
|
+
resourceType: z.string().optional(),
|
|
4704
|
+
resourceKey: z.string().optional(),
|
|
4705
|
+
status: permitRecordStatus,
|
|
4706
|
+
attributes: z.record(z.any()).optional(),
|
|
4707
|
+
createdBy: z.string(),
|
|
4708
|
+
createdAt: z.number(),
|
|
4709
|
+
updatedAt: z.number(),
|
|
4710
|
+
lastSeenAt: z.number().optional(),
|
|
4711
|
+
updatedBy: z.string().optional()
|
|
4712
|
+
}),
|
|
4713
|
+
indices: [
|
|
4714
|
+
{ kind: "index", name: "by_tenant_subject", columns: ["tenantId", "subject"] },
|
|
4715
|
+
{ kind: "index", name: "by_tenant_object", columns: ["tenantId", "object"] },
|
|
4716
|
+
{ kind: "index", name: "by_tenant_relation", columns: ["tenantId", "relation"] },
|
|
4717
|
+
{
|
|
4718
|
+
kind: "index",
|
|
4719
|
+
name: "by_tenant_relation_subject",
|
|
4720
|
+
columns: ["tenantId", "relation", "subject"]
|
|
4721
|
+
},
|
|
4722
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4723
|
+
]
|
|
4724
|
+
});
|
|
4725
|
+
defineTable({
|
|
4726
|
+
name: "permitAttributeBindings",
|
|
4727
|
+
component: "control-plane",
|
|
4728
|
+
category: "access-control",
|
|
4729
|
+
shape: z.object({
|
|
4730
|
+
tenantId: z.string(),
|
|
4731
|
+
workspaceId: z.optional(z.string()),
|
|
4732
|
+
targetType: permitRoleBindingTarget,
|
|
4733
|
+
targetId: z.string(),
|
|
4734
|
+
attributeName: z.string(),
|
|
4735
|
+
attributeType: permitAttributeType,
|
|
4736
|
+
attributeOperator: permitAttributeOperator,
|
|
4737
|
+
attributeValue: z.any(),
|
|
4738
|
+
status: permitRecordStatus,
|
|
4739
|
+
source: z.string().optional(),
|
|
4740
|
+
sourceRef: z.string().optional(),
|
|
4741
|
+
metadata: z.record(z.any()).optional(),
|
|
4742
|
+
createdAt: z.number(),
|
|
4743
|
+
updatedAt: z.number(),
|
|
4744
|
+
createdBy: z.string(),
|
|
4745
|
+
updatedBy: z.string().optional(),
|
|
4746
|
+
expiresAt: z.number().optional()
|
|
4747
|
+
}),
|
|
4748
|
+
indices: [
|
|
4749
|
+
{
|
|
4750
|
+
kind: "index",
|
|
4751
|
+
name: "by_tenant_target",
|
|
4752
|
+
columns: ["tenantId", "targetType", "targetId"]
|
|
4753
|
+
},
|
|
4754
|
+
{
|
|
4755
|
+
kind: "index",
|
|
4756
|
+
name: "by_tenant_target_attribute",
|
|
4757
|
+
columns: ["tenantId", "targetType", "targetId", "attributeName"]
|
|
4758
|
+
},
|
|
4759
|
+
{
|
|
4760
|
+
kind: "index",
|
|
4761
|
+
name: "by_tenant_name",
|
|
4762
|
+
columns: ["tenantId", "attributeName"]
|
|
4763
|
+
},
|
|
4764
|
+
{
|
|
4765
|
+
kind: "index",
|
|
4766
|
+
name: "by_tenant_status",
|
|
4767
|
+
columns: ["tenantId", "status"]
|
|
4768
|
+
}
|
|
4769
|
+
]
|
|
4770
|
+
});
|
|
4771
|
+
defineTable({
|
|
4772
|
+
name: "permitPolicyBundles",
|
|
4773
|
+
component: "control-plane",
|
|
4774
|
+
category: "access-control",
|
|
4775
|
+
shape: z.object({
|
|
4776
|
+
tenantId: z.string(),
|
|
4777
|
+
workspaceId: z.optional(z.string()),
|
|
4778
|
+
bundleKey: z.string(),
|
|
4779
|
+
version: z.number(),
|
|
4780
|
+
status: permitPolicyBundleStatus,
|
|
4781
|
+
policyHash: z.string().optional(),
|
|
4782
|
+
policyPayload: z.record(z.any()),
|
|
4783
|
+
metadata: z.record(z.any()).optional(),
|
|
4784
|
+
createdBy: z.string(),
|
|
4785
|
+
reviewedBy: z.string().optional(),
|
|
4786
|
+
createdAt: z.number(),
|
|
4787
|
+
updatedAt: z.number(),
|
|
4788
|
+
retiredAt: z.number().optional()
|
|
4789
|
+
}),
|
|
4790
|
+
indices: [
|
|
4791
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4792
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4793
|
+
{
|
|
4794
|
+
kind: "index",
|
|
4795
|
+
name: "by_tenant_bundleKey",
|
|
4796
|
+
columns: ["tenantId", "bundleKey"]
|
|
4797
|
+
},
|
|
4798
|
+
{
|
|
4799
|
+
kind: "index",
|
|
4800
|
+
name: "by_tenant_bundle_version",
|
|
4801
|
+
columns: ["tenantId", "bundleKey", "version"]
|
|
4802
|
+
},
|
|
4803
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4804
|
+
]
|
|
4805
|
+
});
|
|
4806
|
+
defineTable({
|
|
4807
|
+
name: "permitProjectionOutbox",
|
|
4808
|
+
component: "control-plane",
|
|
4809
|
+
category: "access-control",
|
|
4810
|
+
shape: z.object({
|
|
4811
|
+
syncKey: z.string(),
|
|
4812
|
+
objectType: permitObjectType,
|
|
4813
|
+
objectId: z.string(),
|
|
4814
|
+
operation: permitOutboxOperation,
|
|
4815
|
+
payload: z.record(z.any()),
|
|
4816
|
+
status: permitRecordStatus,
|
|
4817
|
+
attemptCount: z.number(),
|
|
4818
|
+
nextAttemptAt: z.number().optional(),
|
|
4819
|
+
lastError: z.string().optional(),
|
|
4820
|
+
tenantId: z.string().optional(),
|
|
4821
|
+
workspaceId: z.optional(z.string()),
|
|
4822
|
+
principalId: z.string().optional(),
|
|
4823
|
+
permitTenantKey: z.string().optional(),
|
|
4824
|
+
permitResourceType: z.string().optional(),
|
|
4825
|
+
permitResourceKey: z.string().optional(),
|
|
4826
|
+
createdAt: z.number(),
|
|
4827
|
+
updatedAt: z.number(),
|
|
4828
|
+
lastHandledAt: z.number().optional()
|
|
4829
|
+
}),
|
|
4830
|
+
indices: [
|
|
4831
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
4832
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4833
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4834
|
+
{
|
|
4835
|
+
kind: "index",
|
|
4836
|
+
name: "by_tenant_status",
|
|
4837
|
+
columns: ["tenantId", "status"]
|
|
4838
|
+
},
|
|
4839
|
+
{
|
|
4840
|
+
kind: "index",
|
|
4841
|
+
name: "by_objectType",
|
|
4842
|
+
columns: ["objectType", "status"]
|
|
4843
|
+
}
|
|
4844
|
+
]
|
|
4845
|
+
});
|
|
4846
|
+
defineTable({
|
|
4847
|
+
name: "tenantPermitSyncStates",
|
|
4848
|
+
component: "control-plane",
|
|
4849
|
+
category: "access-control",
|
|
4850
|
+
shape: z.object({
|
|
4851
|
+
syncKey: z.string(),
|
|
4852
|
+
objectType: permitObjectType,
|
|
4853
|
+
objectId: z.string(),
|
|
4854
|
+
tenantId: z.string().optional(),
|
|
4855
|
+
workspaceId: z.string().optional(),
|
|
4856
|
+
principalId: z.string().optional(),
|
|
4857
|
+
permitTenantKey: z.string().optional(),
|
|
4858
|
+
permitResourceType: z.string().optional(),
|
|
4859
|
+
permitResourceKey: z.string().optional(),
|
|
4860
|
+
desiredPayload: z.record(z.any()),
|
|
4861
|
+
lastAppliedPayloadHash: z.string().optional(),
|
|
4862
|
+
status: permitSyncStatus,
|
|
4863
|
+
attemptCount: z.number(),
|
|
4864
|
+
lastError: z.string().optional(),
|
|
4865
|
+
nextAttemptAt: z.number().optional(),
|
|
4866
|
+
lastSyncedAt: z.number().optional(),
|
|
4867
|
+
createdBy: z.string(),
|
|
4868
|
+
updatedBy: z.string().optional(),
|
|
4869
|
+
createdAt: z.number(),
|
|
4870
|
+
updatedAt: z.number()
|
|
4871
|
+
}),
|
|
4872
|
+
indices: [
|
|
4873
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
4874
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4875
|
+
{
|
|
4876
|
+
kind: "index",
|
|
4877
|
+
name: "by_tenant_status",
|
|
4878
|
+
columns: ["tenantId", "status"]
|
|
4879
|
+
},
|
|
4880
|
+
{
|
|
4881
|
+
kind: "index",
|
|
4882
|
+
name: "by_workspace_status",
|
|
4883
|
+
columns: ["workspaceId", "status"]
|
|
4884
|
+
},
|
|
4885
|
+
{
|
|
4886
|
+
kind: "index",
|
|
4887
|
+
name: "by_principal_status",
|
|
4888
|
+
columns: ["principalId", "status"]
|
|
4889
|
+
}
|
|
4890
|
+
]
|
|
4891
|
+
});
|
|
4892
|
+
defineTable({
|
|
4893
|
+
name: "permitPolicyDecisionReceipts",
|
|
4894
|
+
component: "control-plane",
|
|
4895
|
+
category: "access-control",
|
|
4896
|
+
shape: z.object({
|
|
4897
|
+
tenantId: z.string().optional(),
|
|
4898
|
+
workspaceId: z.string().optional(),
|
|
4899
|
+
principalId: z.string(),
|
|
4900
|
+
subjectType: permitAccessReviewSubjectType.optional(),
|
|
4901
|
+
subjectId: z.string().optional(),
|
|
4902
|
+
resourceType: z.string(),
|
|
4903
|
+
resourceId: z.string(),
|
|
4904
|
+
action: z.string(),
|
|
4905
|
+
decision: permitDecision,
|
|
4906
|
+
reasonCode: z.string(),
|
|
4907
|
+
policyBundleId: z.string().optional(),
|
|
4908
|
+
policyVersion: z.string(),
|
|
4909
|
+
traceId: z.string().optional(),
|
|
4910
|
+
requestId: z.string().optional(),
|
|
4911
|
+
audienceMode: z.string().optional(),
|
|
4912
|
+
audienceKey: z.string().optional(),
|
|
4913
|
+
audienceClass: z.enum(["internal", "restricted_external", "public"]).optional(),
|
|
4914
|
+
metadata: z.record(z.any()).optional(),
|
|
4915
|
+
createdAt: z.number(),
|
|
4916
|
+
expiresAt: z.number().optional(),
|
|
4917
|
+
createdBy: z.string().optional()
|
|
4918
|
+
}),
|
|
4919
|
+
indices: [
|
|
4920
|
+
{ kind: "index", name: "by_principal_createdAt", columns: ["principalId", "createdAt"] },
|
|
4921
|
+
{ kind: "index", name: "by_tenant_createdAt", columns: ["tenantId", "createdAt"] },
|
|
4922
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId"] },
|
|
4923
|
+
{ kind: "index", name: "by_decision_createdAt", columns: ["decision", "createdAt"] },
|
|
4924
|
+
{ kind: "index", name: "by_traceId", columns: ["traceId"] },
|
|
4925
|
+
{ kind: "index", name: "by_action", columns: ["action"] }
|
|
4926
|
+
]
|
|
4927
|
+
});
|
|
4928
|
+
defineTable({
|
|
4929
|
+
name: "permitAccessReviews",
|
|
4930
|
+
component: "control-plane",
|
|
4931
|
+
category: "access-control",
|
|
4932
|
+
shape: z.object({
|
|
4933
|
+
tenantId: z.string(),
|
|
4934
|
+
workspaceId: z.optional(z.string()),
|
|
4935
|
+
reviewKey: z.string(),
|
|
4936
|
+
scope: permitReviewScope,
|
|
4937
|
+
status: permitAccessReviewStatus,
|
|
4938
|
+
subjectType: permitAccessReviewSubjectType,
|
|
4939
|
+
subjectId: z.string(),
|
|
4940
|
+
resourceType: z.string().optional(),
|
|
4941
|
+
resourceKey: z.string().optional(),
|
|
4942
|
+
outcome: z.enum(["allow", "deny"]).optional(),
|
|
4943
|
+
requestedBy: z.string(),
|
|
4944
|
+
reviewedBy: z.string().optional(),
|
|
4945
|
+
requestedAt: z.number(),
|
|
4946
|
+
reviewedAt: z.number().optional(),
|
|
4947
|
+
dueAt: z.number().optional(),
|
|
4948
|
+
justification: z.string().optional(),
|
|
4949
|
+
rationale: z.string().optional(),
|
|
4950
|
+
policyBundleId: z.string().optional(),
|
|
4951
|
+
metadata: z.record(z.any()).optional(),
|
|
4952
|
+
createdAt: z.number(),
|
|
4953
|
+
updatedAt: z.number()
|
|
4954
|
+
}),
|
|
4955
|
+
indices: [
|
|
4956
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4957
|
+
{ kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
|
|
4958
|
+
{ kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
|
|
4959
|
+
{
|
|
4960
|
+
kind: "index",
|
|
4961
|
+
name: "by_tenant_subject",
|
|
4962
|
+
columns: ["tenantId", "subjectType", "subjectId"]
|
|
4963
|
+
},
|
|
4964
|
+
{ kind: "index", name: "by_outcome", columns: ["outcome"] },
|
|
4965
|
+
{
|
|
4966
|
+
kind: "index",
|
|
4967
|
+
name: "by_workspace_status",
|
|
4968
|
+
columns: ["workspaceId", "status"]
|
|
4969
|
+
}
|
|
4970
|
+
]
|
|
4971
|
+
});
|
|
4972
|
+
defineTable({
|
|
4973
|
+
name: "permitAccessReviewItems",
|
|
4974
|
+
component: "control-plane",
|
|
4975
|
+
category: "access-control",
|
|
4976
|
+
shape: z.object({
|
|
4977
|
+
reviewKey: z.string(),
|
|
4978
|
+
itemKey: z.string(),
|
|
4979
|
+
tenantId: z.string(),
|
|
4980
|
+
workspaceId: z.string().optional(),
|
|
4981
|
+
subjectType: permitAccessReviewSubjectType,
|
|
4982
|
+
subjectId: z.string(),
|
|
4983
|
+
resourceType: z.string().optional(),
|
|
4984
|
+
resourceKey: z.string().optional(),
|
|
4985
|
+
role: z.string().optional(),
|
|
4986
|
+
relation: z.string().optional(),
|
|
4987
|
+
status: z.enum(["open", "approved", "revoked", "changed", "deferred"]),
|
|
4988
|
+
reviewerId: z.string().optional(),
|
|
4989
|
+
decisionAt: z.number().optional(),
|
|
4990
|
+
rationale: z.string().optional(),
|
|
4991
|
+
metadata: z.record(z.any()).optional(),
|
|
4992
|
+
createdAt: z.number(),
|
|
4993
|
+
updatedAt: z.number()
|
|
4994
|
+
}),
|
|
4995
|
+
indices: [
|
|
4996
|
+
{ kind: "index", name: "by_reviewKey", columns: ["reviewKey"] },
|
|
4997
|
+
{ kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
|
|
4998
|
+
{ kind: "index", name: "by_tenant_itemKey", columns: ["tenantId", "itemKey"] },
|
|
4999
|
+
{ kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
|
|
5000
|
+
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
5001
|
+
]
|
|
5002
|
+
});
|
|
5003
|
+
defineTable({
|
|
5004
|
+
name: "reasoningPermissions",
|
|
5005
|
+
component: "control-plane",
|
|
5006
|
+
category: "epistemic",
|
|
5007
|
+
shape: z.object({
|
|
5008
|
+
"topicId": z.string().optional(),
|
|
5009
|
+
"principalId": z.string(),
|
|
5010
|
+
"nodeType": z.enum(["belief", "evidence", "action", "approval", "artifact"]),
|
|
5011
|
+
"action": z.enum(["view_conclusion", "view_evidence", "propose_action", "approve_action", "view_derived_artifact"]),
|
|
5012
|
+
"effect": z.enum(["allow", "deny"]),
|
|
5013
|
+
"policyReference": z.string().optional(),
|
|
5014
|
+
"rationale": z.string().optional(),
|
|
5015
|
+
"metadata": z.record(z.any()).optional(),
|
|
5016
|
+
"createdAt": z.number(),
|
|
5017
|
+
"createdBy": z.string(),
|
|
5018
|
+
"updatedAt": z.number()
|
|
5019
|
+
}),
|
|
5020
|
+
indices: [
|
|
5021
|
+
{ kind: "index", name: "by_topic_principal", columns: ["topicId", "principalId"] },
|
|
5022
|
+
{ kind: "index", name: "by_topic_principal_action", columns: ["topicId", "principalId", "action"] },
|
|
5023
|
+
{ kind: "index", name: "by_topic_principal_node_action", columns: ["topicId", "principalId", "nodeType", "action"] },
|
|
5024
|
+
{ kind: "index", name: "by_principal_action", columns: ["principalId", "action"] }
|
|
5025
|
+
]
|
|
5026
|
+
});
|
|
5027
|
+
defineTable({
|
|
5028
|
+
name: "schemaEnumConfig",
|
|
5029
|
+
component: "kernel",
|
|
5030
|
+
category: "config",
|
|
5031
|
+
shape: z.object({
|
|
5032
|
+
"tenantId": z.string().optional(),
|
|
5033
|
+
"category": z.string(),
|
|
5034
|
+
"value": z.string(),
|
|
5035
|
+
"label": z.string(),
|
|
5036
|
+
"description": z.string().optional(),
|
|
5037
|
+
"tier": z.enum(["platform", "tenant"]),
|
|
5038
|
+
"domainNamespace": z.string().optional(),
|
|
5039
|
+
"metadata": z.any().optional(),
|
|
5040
|
+
"isDefault": z.boolean().optional(),
|
|
5041
|
+
"sortOrder": z.number().optional(),
|
|
5042
|
+
"status": z.enum(["active", "deprecated"]),
|
|
5043
|
+
"createdAt": z.number(),
|
|
5044
|
+
"updatedAt": z.number()
|
|
5045
|
+
}),
|
|
5046
|
+
indices: [
|
|
5047
|
+
{ kind: "index", name: "by_category", columns: ["category"] },
|
|
5048
|
+
{ kind: "index", name: "by_tenant_category", columns: ["tenantId", "category"] },
|
|
5049
|
+
{ kind: "index", name: "by_category_value", columns: ["category", "value"] }
|
|
5050
|
+
]
|
|
5051
|
+
});
|
|
5052
|
+
defineTable({
|
|
5053
|
+
name: "tasks",
|
|
5054
|
+
component: "kernel",
|
|
5055
|
+
category: "task",
|
|
5056
|
+
shape: z.object({
|
|
5057
|
+
"topicId": z.string().optional(),
|
|
5058
|
+
"tenantId": z.string().optional(),
|
|
5059
|
+
"workspaceId": z.string().optional(),
|
|
5060
|
+
"title": z.string(),
|
|
5061
|
+
"description": z.string().optional(),
|
|
5062
|
+
"status": z.enum(["todo", "in_progress", "blocked", "done"]),
|
|
5063
|
+
"priority": z.enum(["urgent", "high", "medium", "low"]),
|
|
5064
|
+
"dueDate": z.number().optional(),
|
|
5065
|
+
"linkedWorktreeId": idOf("worktrees").optional(),
|
|
5066
|
+
"linkedBeliefId": z.string().optional(),
|
|
5067
|
+
"linkedQuestionId": z.string().optional(),
|
|
5068
|
+
"taskType": z.enum(["general", "find_evidence", "verify_claim", "research", "review", "interview", "analysis", "track_metrics"]).optional(),
|
|
5069
|
+
"assigneeId": z.string().optional(),
|
|
5070
|
+
"blockedReason": z.string().optional(),
|
|
5071
|
+
"blockedBy": z.array(idOf("tasks")).optional(),
|
|
5072
|
+
"blocks": z.array(idOf("tasks")).optional(),
|
|
5073
|
+
"sortOrder": z.number().optional(),
|
|
5074
|
+
"executionOrder": z.number().optional(),
|
|
5075
|
+
"subtasks": z.array(z.object({
|
|
5076
|
+
"id": z.string(),
|
|
5077
|
+
"title": z.string(),
|
|
5078
|
+
"completed": z.boolean(),
|
|
5079
|
+
"completedAt": z.number().optional()
|
|
5080
|
+
})).optional(),
|
|
5081
|
+
"comments": z.array(z.object({
|
|
5082
|
+
"id": z.string(),
|
|
5083
|
+
"userId": z.string(),
|
|
5084
|
+
"content": z.string(),
|
|
5085
|
+
"createdAt": z.number()
|
|
5086
|
+
})).optional(),
|
|
5087
|
+
"attachments": z.array(z.object({
|
|
4141
5088
|
"id": z.string(),
|
|
4142
5089
|
"type": z.enum(["call_script", "email_template", "research_plan", "framework", "checklist", "note", "file", "transcript"]),
|
|
4143
5090
|
"title": z.string(),
|
|
@@ -4290,6 +5237,7 @@ defineTable({
|
|
|
4290
5237
|
"updatedAt": z.number()
|
|
4291
5238
|
}),
|
|
4292
5239
|
indices: [
|
|
5240
|
+
{ kind: "index", name: "by_globalId", columns: ["globalId"] },
|
|
4293
5241
|
{ kind: "index", name: "by_parent", columns: ["parentTopicId"] },
|
|
4294
5242
|
{ kind: "index", name: "by_type", columns: ["type"] },
|
|
4295
5243
|
{ kind: "index", name: "by_graph_scope_project", columns: ["graphScopeProjectId"] },
|
|
@@ -4301,7 +5249,7 @@ defineTable({
|
|
|
4301
5249
|
});
|
|
4302
5250
|
defineTable({
|
|
4303
5251
|
name: "users",
|
|
4304
|
-
component: "
|
|
5252
|
+
component: "control-plane",
|
|
4305
5253
|
category: "user",
|
|
4306
5254
|
shape: z.object({
|
|
4307
5255
|
"clerkId": z.string(),
|
|
@@ -4415,7 +5363,6 @@ defineTable({
|
|
|
4415
5363
|
"deployments": z.record(z.object({
|
|
4416
5364
|
"url": z.string(),
|
|
4417
5365
|
"target": z.enum(["kernelDeployment", "appDeployment"]).optional(),
|
|
4418
|
-
"encryptedDeployKey": z.string().optional(),
|
|
4419
5366
|
"credentialRef": z.string().optional()
|
|
4420
5367
|
})).optional(),
|
|
4421
5368
|
"metadata": z.record(z.any()).optional(),
|
|
@@ -4430,6 +5377,39 @@ defineTable({
|
|
|
4430
5377
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
4431
5378
|
]
|
|
4432
5379
|
});
|
|
5380
|
+
defineTable({
|
|
5381
|
+
name: "deploymentHosts",
|
|
5382
|
+
component: "mc",
|
|
5383
|
+
category: "workspace",
|
|
5384
|
+
shape: z.object({
|
|
5385
|
+
"host": z.string(),
|
|
5386
|
+
"tenantId": idOf("tenants"),
|
|
5387
|
+
"workspaceId": idOf("workspaces"),
|
|
5388
|
+
"environment": z.enum(["dev", "staging", "prod"]),
|
|
5389
|
+
"target": z.enum(["kernelDeployment", "appDeployment"]),
|
|
5390
|
+
"deploymentUrl": z.string().optional(),
|
|
5391
|
+
"deploymentName": z.string().optional(),
|
|
5392
|
+
"vercelProjectName": z.string().optional(),
|
|
5393
|
+
"vercelProjectId": z.string().optional(),
|
|
5394
|
+
"vercelEnvironment": z.enum(["development", "preview", "staging", "production"]).optional(),
|
|
5395
|
+
"source": z.enum(["vercel_preview", "vercel_production", "vercel_custom_environment", "custom_domain", "manual"]),
|
|
5396
|
+
"status": z.enum(["active", "revoked"]),
|
|
5397
|
+
"metadata": z.record(z.any()).optional(),
|
|
5398
|
+
"createdBy": z.string(),
|
|
5399
|
+
"createdAt": z.number(),
|
|
5400
|
+
"updatedAt": z.number(),
|
|
5401
|
+
"revokedAt": z.number().optional(),
|
|
5402
|
+
"revokedBy": z.string().optional()
|
|
5403
|
+
}),
|
|
5404
|
+
indices: [
|
|
5405
|
+
{ kind: "index", name: "by_host", columns: ["host"] },
|
|
5406
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
5407
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
5408
|
+
{ kind: "index", name: "by_tenant_workspace_environment", columns: ["tenantId", "workspaceId", "environment"] },
|
|
5409
|
+
{ kind: "index", name: "by_workspace_status", columns: ["workspaceId", "status"] },
|
|
5410
|
+
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
5411
|
+
]
|
|
5412
|
+
});
|
|
4433
5413
|
defineTable({
|
|
4434
5414
|
name: "worktreeBeliefCluster",
|
|
4435
5415
|
component: "kernel",
|
|
@@ -4737,8 +5717,8 @@ defineTable({
|
|
|
4737
5717
|
});
|
|
4738
5718
|
z.object({
|
|
4739
5719
|
manifestVersion: z.string(),
|
|
4740
|
-
componentName: z.enum(["kernel", "
|
|
4741
|
-
tier: z.enum(["K", "
|
|
5720
|
+
componentName: z.enum(["kernel", "control-plane"]),
|
|
5721
|
+
tier: z.enum(["K", "CP"]),
|
|
4742
5722
|
packageVersion: z.string(),
|
|
4743
5723
|
tables: z.array(
|
|
4744
5724
|
z.object({
|
|
@@ -4905,88 +5885,957 @@ var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
|
|
|
4905
5885
|
},
|
|
4906
5886
|
{
|
|
4907
5887
|
packageName: "@lucern/control-plane",
|
|
5888
|
+
role: "component_runtime",
|
|
5889
|
+
directTenantImport: false
|
|
5890
|
+
},
|
|
5891
|
+
{
|
|
5892
|
+
packageName: "@lucern/developer-kit",
|
|
5893
|
+
role: "developer_tool",
|
|
5894
|
+
directTenantImport: false
|
|
5895
|
+
},
|
|
5896
|
+
{
|
|
5897
|
+
packageName: "@lucern/events",
|
|
5898
|
+
role: "sdk_dependency",
|
|
5899
|
+
directTenantImport: false
|
|
5900
|
+
},
|
|
5901
|
+
{
|
|
5902
|
+
packageName: "@lucern/graph-primitives",
|
|
5903
|
+
role: "sdk_dependency",
|
|
5904
|
+
directTenantImport: false
|
|
5905
|
+
},
|
|
5906
|
+
{
|
|
5907
|
+
packageName: "@lucern/graph-sync",
|
|
5908
|
+
role: "host_addon_runtime",
|
|
5909
|
+
directTenantImport: true
|
|
5910
|
+
},
|
|
5911
|
+
{
|
|
5912
|
+
packageName: "@lucern/mcp",
|
|
5913
|
+
role: "runtime_entrypoint",
|
|
5914
|
+
directTenantImport: true
|
|
5915
|
+
},
|
|
5916
|
+
{
|
|
5917
|
+
packageName: "@lucern/pack-host",
|
|
5918
|
+
role: "platform_runtime",
|
|
5919
|
+
directTenantImport: false
|
|
5920
|
+
},
|
|
5921
|
+
{
|
|
5922
|
+
packageName: "@lucern/pack-installer",
|
|
5923
|
+
role: "developer_tool",
|
|
5924
|
+
directTenantImport: false
|
|
5925
|
+
},
|
|
5926
|
+
{
|
|
5927
|
+
packageName: "@lucern/proof-compiler",
|
|
5928
|
+
role: "developer_tool",
|
|
5929
|
+
directTenantImport: false
|
|
5930
|
+
},
|
|
5931
|
+
{
|
|
5932
|
+
packageName: "@lucern/react",
|
|
5933
|
+
role: "runtime_entrypoint",
|
|
5934
|
+
directTenantImport: true
|
|
5935
|
+
},
|
|
5936
|
+
{
|
|
5937
|
+
packageName: "@lucern/reasoning-kernel",
|
|
5938
|
+
role: "component_runtime",
|
|
5939
|
+
directTenantImport: false
|
|
5940
|
+
},
|
|
5941
|
+
{
|
|
5942
|
+
packageName: "@lucern/sdk",
|
|
5943
|
+
role: "runtime_entrypoint",
|
|
5944
|
+
directTenantImport: true
|
|
5945
|
+
},
|
|
5946
|
+
{
|
|
5947
|
+
packageName: "@lucern/secrets",
|
|
5948
|
+
role: "sdk_dependency",
|
|
5949
|
+
directTenantImport: false
|
|
5950
|
+
},
|
|
5951
|
+
{
|
|
5952
|
+
packageName: "@lucern/server-core",
|
|
4908
5953
|
role: "platform_runtime",
|
|
4909
5954
|
directTenantImport: false
|
|
4910
5955
|
},
|
|
4911
5956
|
{
|
|
4912
|
-
packageName: "@lucern/
|
|
4913
|
-
role: "
|
|
4914
|
-
directTenantImport: false
|
|
5957
|
+
packageName: "@lucern/testing",
|
|
5958
|
+
role: "test_support",
|
|
5959
|
+
directTenantImport: false
|
|
5960
|
+
},
|
|
5961
|
+
{
|
|
5962
|
+
packageName: "@lucern/types",
|
|
5963
|
+
role: "contract_entrypoint",
|
|
5964
|
+
directTenantImport: true
|
|
5965
|
+
}
|
|
5966
|
+
];
|
|
5967
|
+
TENANT_CLIENT_INSTALLABLE_PACKAGES.map(
|
|
5968
|
+
(entry) => entry.packageName
|
|
5969
|
+
);
|
|
5970
|
+
|
|
5971
|
+
// ../contracts/src/infisical-runtime.contract.ts
|
|
5972
|
+
var INFISICAL_TENANT_SOFTWARE_SYSTEMS = [
|
|
5973
|
+
{
|
|
5974
|
+
id: "stack-frontend",
|
|
5975
|
+
tenantKey: "stack",
|
|
5976
|
+
workspaceKey: "frontend",
|
|
5977
|
+
vercelProjectName: "ai-chatbot-diao",
|
|
5978
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
5979
|
+
vercelProjectId: "prj_PihFw8kohSSw14nZs9YQV3xVo517",
|
|
5980
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
5981
|
+
repository: {
|
|
5982
|
+
owner: "stack-vc",
|
|
5983
|
+
name: "front-end"
|
|
5984
|
+
},
|
|
5985
|
+
sharedSourcePath: "/tenants/stack",
|
|
5986
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
5987
|
+
convex: {
|
|
5988
|
+
urlEnv: "CONVEX_FRONTEND_URL",
|
|
5989
|
+
deployKeyEnv: "CONVEX_FRONTEND_DEPLOY_KEY",
|
|
5990
|
+
preprodDeployment: "rugged-lobster-664",
|
|
5991
|
+
prodDeployment: "wonderful-toucan-0"
|
|
5992
|
+
}
|
|
5993
|
+
},
|
|
5994
|
+
{
|
|
5995
|
+
id: "stackos",
|
|
5996
|
+
tenantKey: "stack",
|
|
5997
|
+
workspaceKey: "stackos",
|
|
5998
|
+
vercelProjectName: "stackos",
|
|
5999
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
6000
|
+
vercelProjectId: "prj_rXLAL0Z6v9p1fasKbomby6GI7kau",
|
|
6001
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
6002
|
+
repository: {
|
|
6003
|
+
owner: "stack-vc",
|
|
6004
|
+
name: "stackos"
|
|
6005
|
+
},
|
|
6006
|
+
sharedSourcePath: "/tenants/stack",
|
|
6007
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6008
|
+
convex: {
|
|
6009
|
+
urlEnv: "CONVEX_STACKOS_URL",
|
|
6010
|
+
deployKeyEnv: "CONVEX_STACKOS_DEPLOY_KEY",
|
|
6011
|
+
preprodDeployment: "giant-mandrill-761",
|
|
6012
|
+
prodDeployment: "good-snake-515"
|
|
6013
|
+
}
|
|
6014
|
+
},
|
|
6015
|
+
{
|
|
6016
|
+
id: "stack-eng",
|
|
6017
|
+
tenantKey: "stack",
|
|
6018
|
+
workspaceKey: "engineering",
|
|
6019
|
+
vercelProjectName: "stackos-engineering-graph",
|
|
6020
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
6021
|
+
vercelProjectId: "prj_zAU0Zn9GkbHjHI63dxW4vLpmoqTJ",
|
|
6022
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
6023
|
+
repository: {
|
|
6024
|
+
owner: "stack-vc",
|
|
6025
|
+
name: "stackos-engineering-graph"
|
|
6026
|
+
},
|
|
6027
|
+
sharedSourcePath: "/tenants/stack/engineering",
|
|
6028
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6029
|
+
convex: {
|
|
6030
|
+
urlEnv: "CONVEX_STACK_ENG_URL",
|
|
6031
|
+
deployKeyEnv: "CONVEX_STACK_ENG_DEPLOY_KEY",
|
|
6032
|
+
preprodDeployment: "small-oyster-270",
|
|
6033
|
+
prodDeployment: "bold-cuttlefish-804"
|
|
6034
|
+
}
|
|
6035
|
+
},
|
|
6036
|
+
{
|
|
6037
|
+
id: "lucern-graph",
|
|
6038
|
+
tenantKey: "lucern",
|
|
6039
|
+
workspaceKey: "lucern",
|
|
6040
|
+
vercelProjectName: "lucern-graph",
|
|
6041
|
+
vercelTeamId: "team_vTHxxs8GAoAFUe6RWMlYt7fY",
|
|
6042
|
+
vercelProjectId: "prj_KJ8EKV8vGM5xURpqmwTwmECEGPgQ",
|
|
6043
|
+
vercelWriterTokenEnv: "LUCERN_VERCEL_TOKEN",
|
|
6044
|
+
repository: {
|
|
6045
|
+
owner: "LucernAI",
|
|
6046
|
+
name: "lucern-graph"
|
|
6047
|
+
},
|
|
6048
|
+
sharedSourcePath: "/tenants/lucern/shared",
|
|
6049
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6050
|
+
convex: {
|
|
6051
|
+
urlEnv: "CONVEX_LUCERN_URL",
|
|
6052
|
+
deployKeyEnv: "CONVEX_LUCERN_DEPLOY_KEY",
|
|
6053
|
+
preprodDeployment: "good-blackbird-774",
|
|
6054
|
+
prodDeployment: "precious-dog-365"
|
|
6055
|
+
}
|
|
6056
|
+
}
|
|
6057
|
+
];
|
|
6058
|
+
var TENANT_SHARED_SECRET_DEFINITION_TEMPLATES = [
|
|
6059
|
+
{
|
|
6060
|
+
idSuffix: "clerk.publishable",
|
|
6061
|
+
canonicalName: "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY",
|
|
6062
|
+
aliases: ["CLERK_PUBLISHABLE_KEY"],
|
|
6063
|
+
required: true,
|
|
6064
|
+
secret: false,
|
|
6065
|
+
public: true,
|
|
6066
|
+
description: "Tenant-owned Clerk browser key. For Stack this is the master clerk.stack.vc project shared by front-end, StackOS, and the engineering workspace."
|
|
6067
|
+
},
|
|
6068
|
+
{
|
|
6069
|
+
idSuffix: "clerk.secret",
|
|
6070
|
+
canonicalName: "CLERK_SECRET_KEY",
|
|
6071
|
+
required: true,
|
|
6072
|
+
secret: true,
|
|
6073
|
+
public: false,
|
|
6074
|
+
description: "Tenant-owned Clerk backend secret used only by that tenant's server runtimes."
|
|
6075
|
+
},
|
|
6076
|
+
{
|
|
6077
|
+
idSuffix: "clerk.project",
|
|
6078
|
+
canonicalName: "CLERK_PROJECT_ID",
|
|
6079
|
+
required: true,
|
|
6080
|
+
secret: false,
|
|
6081
|
+
public: false,
|
|
6082
|
+
description: "Tenant-owned Clerk project id used to resolve canonical Clerk aliases."
|
|
6083
|
+
},
|
|
6084
|
+
{
|
|
6085
|
+
idSuffix: "clerk.jwks",
|
|
6086
|
+
canonicalName: "CLERK_JWT_ISSUER_DOMAIN",
|
|
6087
|
+
aliases: ["CLERK_ISSUER_URL", "CLERK_JWKS_URL"],
|
|
6088
|
+
required: false,
|
|
6089
|
+
secret: false,
|
|
6090
|
+
public: false,
|
|
6091
|
+
description: "Tenant Clerk issuer/JWKS URL consumed by Convex auth.config.ts."
|
|
6092
|
+
},
|
|
6093
|
+
{
|
|
6094
|
+
idSuffix: "clerk.jwt-key",
|
|
6095
|
+
canonicalName: "CLERK_JWT_KEY",
|
|
6096
|
+
required: false,
|
|
6097
|
+
secret: true,
|
|
6098
|
+
public: false,
|
|
6099
|
+
description: "Tenant Clerk JWT public verification key used by bearer-token API routes."
|
|
6100
|
+
},
|
|
6101
|
+
{
|
|
6102
|
+
idSuffix: "clerk.authorized-parties",
|
|
6103
|
+
canonicalName: "CLERK_AUTHORIZED_PARTIES",
|
|
6104
|
+
aliases: ["CLERK_MOBILE_AUTHORIZED_PARTIES"],
|
|
6105
|
+
required: false,
|
|
6106
|
+
secret: false,
|
|
6107
|
+
public: false,
|
|
6108
|
+
description: "Comma-separated Clerk authorized parties for browser and mobile bearer-token validation."
|
|
6109
|
+
},
|
|
6110
|
+
{
|
|
6111
|
+
idSuffix: "clerk.sign-in-url",
|
|
6112
|
+
canonicalName: "NEXT_PUBLIC_CLERK_SIGN_IN_URL",
|
|
6113
|
+
required: false,
|
|
6114
|
+
secret: false,
|
|
6115
|
+
public: true,
|
|
6116
|
+
description: "Tenant Clerk sign-in route for custom app login surfaces."
|
|
6117
|
+
},
|
|
6118
|
+
{
|
|
6119
|
+
idSuffix: "clerk.sign-up-url",
|
|
6120
|
+
canonicalName: "NEXT_PUBLIC_CLERK_SIGN_UP_URL",
|
|
6121
|
+
required: false,
|
|
6122
|
+
secret: false,
|
|
6123
|
+
public: true,
|
|
6124
|
+
description: "Tenant Clerk sign-up route for custom app login surfaces."
|
|
6125
|
+
}
|
|
6126
|
+
];
|
|
6127
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap(
|
|
6128
|
+
(system) => TENANT_SHARED_SECRET_DEFINITION_TEMPLATES.map(
|
|
6129
|
+
(template) => ({
|
|
6130
|
+
id: `tenant.${system.id}.${template.idSuffix}`,
|
|
6131
|
+
canonicalName: template.canonicalName,
|
|
6132
|
+
aliases: "aliases" in template ? template.aliases : void 0,
|
|
6133
|
+
owner: "tenant",
|
|
6134
|
+
scope: "tenant",
|
|
6135
|
+
sourcePath: system.sharedSourcePath,
|
|
6136
|
+
environmentPolicy: "environment_specific",
|
|
6137
|
+
required: template.required,
|
|
6138
|
+
secret: template.secret,
|
|
6139
|
+
public: template.public,
|
|
6140
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6141
|
+
destinations: [
|
|
6142
|
+
{
|
|
6143
|
+
kind: "vercel",
|
|
6144
|
+
target: system.vercelProjectName,
|
|
6145
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6146
|
+
},
|
|
6147
|
+
{
|
|
6148
|
+
kind: "convex",
|
|
6149
|
+
target: `${system.convex.preprodDeployment}|${system.convex.prodDeployment}`,
|
|
6150
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6151
|
+
}
|
|
6152
|
+
],
|
|
6153
|
+
description: `${system.tenantKey}/${system.workspaceKey}: ${template.description}`
|
|
6154
|
+
})
|
|
6155
|
+
)
|
|
6156
|
+
);
|
|
6157
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.map(
|
|
6158
|
+
(system) => ({
|
|
6159
|
+
id: `tenant.${system.id}.install-lucern-npm`,
|
|
6160
|
+
canonicalName: "INSTALL_LUCERN_NPM",
|
|
6161
|
+
owner: "provider",
|
|
6162
|
+
scope: "global",
|
|
6163
|
+
sourcePath: "/tenants/shared",
|
|
6164
|
+
environmentPolicy: "same_all_environments",
|
|
6165
|
+
required: true,
|
|
6166
|
+
secret: true,
|
|
6167
|
+
public: false,
|
|
6168
|
+
consumers: ["tenant-vercel-app", "tenant-deploy-tooling"],
|
|
6169
|
+
destinations: [
|
|
6170
|
+
{
|
|
6171
|
+
kind: "vercel",
|
|
6172
|
+
target: system.vercelProjectName,
|
|
6173
|
+
environmentPolicy: "same_all_environments"
|
|
6174
|
+
},
|
|
6175
|
+
{
|
|
6176
|
+
kind: "github_actions",
|
|
6177
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6178
|
+
environmentPolicy: "same_all_environments"
|
|
6179
|
+
}
|
|
6180
|
+
],
|
|
6181
|
+
description: `${system.tenantKey}/${system.workspaceKey}: read-only npm install token for published @lucern/* packages.`
|
|
6182
|
+
})
|
|
6183
|
+
);
|
|
6184
|
+
var TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS = ["stack-frontend", "stackos"];
|
|
6185
|
+
var TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES = [
|
|
6186
|
+
{
|
|
6187
|
+
idSuffix: "ai.openai-api-key",
|
|
6188
|
+
canonicalName: "OPENAI_API_KEY",
|
|
6189
|
+
required: false,
|
|
6190
|
+
secret: true,
|
|
6191
|
+
public: false,
|
|
6192
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6193
|
+
description: "Tenant-owned OpenAI key for product runtime LLM calls."
|
|
6194
|
+
},
|
|
6195
|
+
{
|
|
6196
|
+
idSuffix: "ai.anthropic-api-key",
|
|
6197
|
+
canonicalName: "ANTHROPIC_API_KEY",
|
|
6198
|
+
required: false,
|
|
6199
|
+
secret: true,
|
|
6200
|
+
public: false,
|
|
6201
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6202
|
+
description: "Tenant-owned Anthropic key for product runtime LLM calls."
|
|
6203
|
+
},
|
|
6204
|
+
{
|
|
6205
|
+
idSuffix: "ai.gemini-api-key",
|
|
6206
|
+
canonicalName: "GEMINI_API_KEY",
|
|
6207
|
+
aliases: ["GOOGLE_AI_API_KEY", "GOOGLE_GENERATIVE_AI_API_KEY"],
|
|
6208
|
+
required: false,
|
|
6209
|
+
secret: true,
|
|
6210
|
+
public: false,
|
|
6211
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6212
|
+
description: "Tenant-owned Google/Gemini key for product runtime LLM calls."
|
|
6213
|
+
},
|
|
6214
|
+
{
|
|
6215
|
+
idSuffix: "langfuse.secret-key",
|
|
6216
|
+
canonicalName: "LANGFUSE_SECRET_KEY",
|
|
6217
|
+
required: false,
|
|
6218
|
+
secret: true,
|
|
6219
|
+
public: false,
|
|
6220
|
+
consumers: [
|
|
6221
|
+
"tenant-vercel-app",
|
|
6222
|
+
"tenant-convex-deployment",
|
|
6223
|
+
"tenant-observability"
|
|
6224
|
+
],
|
|
6225
|
+
description: "Tenant-owned Langfuse secret key for product AI tracing."
|
|
6226
|
+
},
|
|
6227
|
+
{
|
|
6228
|
+
idSuffix: "langfuse.public-key",
|
|
6229
|
+
canonicalName: "LANGFUSE_PUBLIC_KEY",
|
|
6230
|
+
required: false,
|
|
6231
|
+
secret: false,
|
|
6232
|
+
public: false,
|
|
6233
|
+
consumers: [
|
|
6234
|
+
"tenant-vercel-app",
|
|
6235
|
+
"tenant-convex-deployment",
|
|
6236
|
+
"tenant-observability"
|
|
6237
|
+
],
|
|
6238
|
+
description: "Tenant-owned Langfuse public key for product AI tracing."
|
|
6239
|
+
},
|
|
6240
|
+
{
|
|
6241
|
+
idSuffix: "langfuse.base-url",
|
|
6242
|
+
canonicalName: "LANGFUSE_BASE_URL",
|
|
6243
|
+
aliases: ["LANGFUSE_BASEURL", "LANGFUSE_HOST"],
|
|
6244
|
+
required: false,
|
|
6245
|
+
secret: false,
|
|
6246
|
+
public: false,
|
|
6247
|
+
consumers: [
|
|
6248
|
+
"tenant-vercel-app",
|
|
6249
|
+
"tenant-convex-deployment",
|
|
6250
|
+
"tenant-observability"
|
|
6251
|
+
],
|
|
6252
|
+
description: "Tenant-owned Langfuse API origin."
|
|
6253
|
+
},
|
|
6254
|
+
{
|
|
6255
|
+
idSuffix: "graph.neo4j-uri",
|
|
6256
|
+
canonicalName: "NEO4J_URI",
|
|
6257
|
+
required: false,
|
|
6258
|
+
secret: false,
|
|
6259
|
+
public: false,
|
|
6260
|
+
consumers: [
|
|
6261
|
+
"tenant-vercel-app",
|
|
6262
|
+
"tenant-convex-deployment",
|
|
6263
|
+
"tenant-graph-sync"
|
|
6264
|
+
],
|
|
6265
|
+
description: "Tenant-owned Neo4j URI for product graph-sync."
|
|
6266
|
+
},
|
|
6267
|
+
{
|
|
6268
|
+
idSuffix: "graph.neo4j-user",
|
|
6269
|
+
canonicalName: "NEO4J_USER",
|
|
6270
|
+
aliases: ["NEO4J_USERNAME"],
|
|
6271
|
+
required: false,
|
|
6272
|
+
secret: false,
|
|
6273
|
+
public: false,
|
|
6274
|
+
consumers: [
|
|
6275
|
+
"tenant-vercel-app",
|
|
6276
|
+
"tenant-convex-deployment",
|
|
6277
|
+
"tenant-graph-sync"
|
|
6278
|
+
],
|
|
6279
|
+
description: "Tenant-owned Neo4j user for product graph-sync."
|
|
6280
|
+
},
|
|
6281
|
+
{
|
|
6282
|
+
idSuffix: "graph.neo4j-password",
|
|
6283
|
+
canonicalName: "NEO4J_PASSWORD",
|
|
6284
|
+
required: false,
|
|
6285
|
+
secret: true,
|
|
6286
|
+
public: false,
|
|
6287
|
+
consumers: [
|
|
6288
|
+
"tenant-vercel-app",
|
|
6289
|
+
"tenant-convex-deployment",
|
|
6290
|
+
"tenant-graph-sync"
|
|
6291
|
+
],
|
|
6292
|
+
description: "Tenant-owned Neo4j password for product graph-sync."
|
|
6293
|
+
},
|
|
6294
|
+
{
|
|
6295
|
+
idSuffix: "graph.neo4j-sync-secret",
|
|
6296
|
+
canonicalName: "NEO4J_SYNC_SECRET",
|
|
6297
|
+
required: false,
|
|
6298
|
+
secret: true,
|
|
6299
|
+
public: false,
|
|
6300
|
+
consumers: [
|
|
6301
|
+
"tenant-vercel-app",
|
|
6302
|
+
"tenant-convex-deployment",
|
|
6303
|
+
"tenant-graph-sync"
|
|
6304
|
+
],
|
|
6305
|
+
description: "Tenant-owned shared secret for product Convex-to-HTTP graph-sync calls."
|
|
6306
|
+
},
|
|
6307
|
+
{
|
|
6308
|
+
idSuffix: "graph.neo4j-database",
|
|
6309
|
+
canonicalName: "NEO4J_DATABASE",
|
|
6310
|
+
required: false,
|
|
6311
|
+
secret: false,
|
|
6312
|
+
public: false,
|
|
6313
|
+
consumers: [
|
|
6314
|
+
"tenant-vercel-app",
|
|
6315
|
+
"tenant-convex-deployment",
|
|
6316
|
+
"tenant-graph-sync"
|
|
6317
|
+
],
|
|
6318
|
+
description: "Tenant-owned Neo4j database name for product graph-sync."
|
|
6319
|
+
},
|
|
6320
|
+
{
|
|
6321
|
+
idSuffix: "vector.pinecone-api-key",
|
|
6322
|
+
canonicalName: "PINECONE_API_KEY",
|
|
6323
|
+
required: false,
|
|
6324
|
+
secret: true,
|
|
6325
|
+
public: false,
|
|
6326
|
+
consumers: [
|
|
6327
|
+
"tenant-vercel-app",
|
|
6328
|
+
"tenant-convex-deployment",
|
|
6329
|
+
"tenant-vector-store"
|
|
6330
|
+
],
|
|
6331
|
+
description: "Tenant-owned Pinecone API key for product vector search."
|
|
6332
|
+
},
|
|
6333
|
+
{
|
|
6334
|
+
idSuffix: "vector.pinecone-index-name",
|
|
6335
|
+
canonicalName: "PINECONE_INDEX_NAME",
|
|
6336
|
+
aliases: ["PINECONE_INDEX"],
|
|
6337
|
+
required: false,
|
|
6338
|
+
secret: false,
|
|
6339
|
+
public: false,
|
|
6340
|
+
consumers: [
|
|
6341
|
+
"tenant-vercel-app",
|
|
6342
|
+
"tenant-convex-deployment",
|
|
6343
|
+
"tenant-vector-store"
|
|
6344
|
+
],
|
|
6345
|
+
description: "Tenant-owned Pinecone index name for product vector search."
|
|
6346
|
+
},
|
|
6347
|
+
{
|
|
6348
|
+
idSuffix: "vector.pinecone-host",
|
|
6349
|
+
canonicalName: "PINECONE_HOST",
|
|
6350
|
+
aliases: ["PINECONE_INDEX_HOST"],
|
|
6351
|
+
required: false,
|
|
6352
|
+
secret: false,
|
|
6353
|
+
public: false,
|
|
6354
|
+
consumers: [
|
|
6355
|
+
"tenant-vercel-app",
|
|
6356
|
+
"tenant-convex-deployment",
|
|
6357
|
+
"tenant-vector-store"
|
|
6358
|
+
],
|
|
6359
|
+
description: "Tenant-owned Pinecone host for product vector search."
|
|
6360
|
+
},
|
|
6361
|
+
{
|
|
6362
|
+
idSuffix: "vector.pinecone-namespace",
|
|
6363
|
+
canonicalName: "PINECONE_NAMESPACE",
|
|
6364
|
+
required: false,
|
|
6365
|
+
secret: false,
|
|
6366
|
+
public: false,
|
|
6367
|
+
consumers: [
|
|
6368
|
+
"tenant-vercel-app",
|
|
6369
|
+
"tenant-convex-deployment",
|
|
6370
|
+
"tenant-vector-store"
|
|
6371
|
+
],
|
|
6372
|
+
description: "Tenant-owned Pinecone namespace for product vector search isolation."
|
|
6373
|
+
},
|
|
6374
|
+
{
|
|
6375
|
+
idSuffix: "storage.aws-access-key-id",
|
|
6376
|
+
canonicalName: "AWS_ACCESS_KEY_ID",
|
|
6377
|
+
required: false,
|
|
6378
|
+
secret: true,
|
|
6379
|
+
public: false,
|
|
6380
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6381
|
+
description: "Tenant-owned AWS access key id for document/file ingestion."
|
|
6382
|
+
},
|
|
6383
|
+
{
|
|
6384
|
+
idSuffix: "storage.aws-secret-access-key",
|
|
6385
|
+
canonicalName: "AWS_SECRET_ACCESS_KEY",
|
|
6386
|
+
required: false,
|
|
6387
|
+
secret: true,
|
|
6388
|
+
public: false,
|
|
6389
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6390
|
+
description: "Tenant-owned AWS secret access key for document/file ingestion."
|
|
4915
6391
|
},
|
|
4916
6392
|
{
|
|
4917
|
-
|
|
4918
|
-
|
|
4919
|
-
|
|
6393
|
+
idSuffix: "storage.aws-region",
|
|
6394
|
+
canonicalName: "AWS_REGION",
|
|
6395
|
+
required: false,
|
|
6396
|
+
secret: false,
|
|
6397
|
+
public: false,
|
|
6398
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6399
|
+
description: "Tenant-owned AWS region for document/file ingestion."
|
|
4920
6400
|
},
|
|
4921
6401
|
{
|
|
4922
|
-
|
|
4923
|
-
|
|
4924
|
-
|
|
6402
|
+
idSuffix: "observability.sentry-dsn",
|
|
6403
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_DSN",
|
|
6404
|
+
aliases: ["NEXT_PUBLIC_SENTRY_DSN_NEXTJS", "SENTRY_DSN"],
|
|
6405
|
+
required: false,
|
|
6406
|
+
secret: false,
|
|
6407
|
+
public: true,
|
|
6408
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6409
|
+
description: "Tenant-owned Sentry DSN for app telemetry."
|
|
4925
6410
|
},
|
|
4926
6411
|
{
|
|
4927
|
-
|
|
4928
|
-
|
|
4929
|
-
|
|
6412
|
+
idSuffix: "observability.sentry-auth-token",
|
|
6413
|
+
canonicalName: "SENTRY_AUTH_TOKEN",
|
|
6414
|
+
required: false,
|
|
6415
|
+
secret: true,
|
|
6416
|
+
public: false,
|
|
6417
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6418
|
+
description: "Tenant-owned Sentry release token for app deployments."
|
|
4930
6419
|
},
|
|
4931
6420
|
{
|
|
4932
|
-
|
|
4933
|
-
|
|
4934
|
-
|
|
6421
|
+
idSuffix: "observability.sentry-org",
|
|
6422
|
+
canonicalName: "SENTRY_ORG",
|
|
6423
|
+
aliases: ["SENTRY_ORG_SLUG"],
|
|
6424
|
+
required: false,
|
|
6425
|
+
secret: false,
|
|
6426
|
+
public: false,
|
|
6427
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6428
|
+
description: "Tenant-owned Sentry org slug for release uploads."
|
|
4935
6429
|
},
|
|
4936
6430
|
{
|
|
4937
|
-
|
|
4938
|
-
|
|
4939
|
-
|
|
6431
|
+
idSuffix: "observability.sentry-project",
|
|
6432
|
+
canonicalName: "SENTRY_PROJECT",
|
|
6433
|
+
aliases: ["SENTRY_PROJECT_NEXTJS"],
|
|
6434
|
+
required: false,
|
|
6435
|
+
secret: false,
|
|
6436
|
+
public: false,
|
|
6437
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6438
|
+
description: "Tenant-owned Sentry project slug for release uploads."
|
|
4940
6439
|
},
|
|
4941
6440
|
{
|
|
4942
|
-
|
|
4943
|
-
|
|
4944
|
-
|
|
6441
|
+
idSuffix: "observability.sentry-environment",
|
|
6442
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_ENVIRONMENT",
|
|
6443
|
+
aliases: ["SENTRY_ENVIRONMENT"],
|
|
6444
|
+
required: false,
|
|
6445
|
+
secret: false,
|
|
6446
|
+
public: true,
|
|
6447
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6448
|
+
description: "Tenant-owned Sentry environment label."
|
|
4945
6449
|
},
|
|
4946
6450
|
{
|
|
4947
|
-
|
|
4948
|
-
|
|
4949
|
-
|
|
6451
|
+
idSuffix: "observability.sentry-release",
|
|
6452
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_RELEASE",
|
|
6453
|
+
aliases: ["SENTRY_RELEASE"],
|
|
6454
|
+
required: false,
|
|
6455
|
+
secret: false,
|
|
6456
|
+
public: true,
|
|
6457
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6458
|
+
description: "Tenant-owned Sentry release label."
|
|
4950
6459
|
},
|
|
4951
6460
|
{
|
|
4952
|
-
|
|
4953
|
-
|
|
4954
|
-
|
|
6461
|
+
idSuffix: "observability.sentry-client-options",
|
|
6462
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE",
|
|
6463
|
+
aliases: [
|
|
6464
|
+
"NEXT_PUBLIC_SENTRY_CAPTURE_CONSOLE_LEVELS",
|
|
6465
|
+
"NEXT_PUBLIC_SENTRY_CAPTURE_CONSOLE_LEVELS_NEXTJS",
|
|
6466
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_BREADCRUMB_LEVELS",
|
|
6467
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_BREADCRUMB_LEVELS_NEXTJS",
|
|
6468
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_LOG_LEVELS",
|
|
6469
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_LOG_LEVELS_NEXTJS",
|
|
6470
|
+
"NEXT_PUBLIC_SENTRY_ENABLE_LOGS",
|
|
6471
|
+
"NEXT_PUBLIC_SENTRY_REPLAYS_ON_ERROR_SAMPLE_RATE",
|
|
6472
|
+
"NEXT_PUBLIC_SENTRY_REPLAYS_SESSION_SAMPLE_RATE",
|
|
6473
|
+
"NEXT_PUBLIC_SENTRY_SEND_DEFAULT_PII",
|
|
6474
|
+
"NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE_NEXTJS"
|
|
6475
|
+
],
|
|
6476
|
+
required: false,
|
|
6477
|
+
secret: false,
|
|
6478
|
+
public: true,
|
|
6479
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6480
|
+
description: "Tenant-owned public Sentry tuning values for Next.js client instrumentation."
|
|
4955
6481
|
},
|
|
4956
6482
|
{
|
|
4957
|
-
|
|
4958
|
-
|
|
4959
|
-
|
|
6483
|
+
idSuffix: "observability.sentry-webhook-secret",
|
|
6484
|
+
canonicalName: "SENTRY_WEBHOOK_SECRET",
|
|
6485
|
+
required: false,
|
|
6486
|
+
secret: true,
|
|
6487
|
+
public: false,
|
|
6488
|
+
consumers: ["tenant-convex-deployment", "tenant-observability"],
|
|
6489
|
+
description: "Tenant-owned Sentry webhook verification secret."
|
|
4960
6490
|
},
|
|
4961
6491
|
{
|
|
4962
|
-
|
|
4963
|
-
|
|
4964
|
-
|
|
6492
|
+
idSuffix: "lucern.gateway-api-key",
|
|
6493
|
+
canonicalName: "LUCERN_API_KEY",
|
|
6494
|
+
aliases: ["STACK_API_KEY"],
|
|
6495
|
+
required: false,
|
|
6496
|
+
secret: true,
|
|
6497
|
+
public: false,
|
|
6498
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6499
|
+
description: "Tenant-scoped Lucern/MC gateway API key for product front-door calls."
|
|
4965
6500
|
},
|
|
4966
6501
|
{
|
|
4967
|
-
|
|
4968
|
-
|
|
4969
|
-
|
|
6502
|
+
idSuffix: "lucern.gateway-base-url",
|
|
6503
|
+
canonicalName: "LUCERN_BASE_URL",
|
|
6504
|
+
aliases: ["LUCERN_API_BASE_URL", "LUCERN_GATEWAY_BASE_URL"],
|
|
6505
|
+
required: false,
|
|
6506
|
+
secret: false,
|
|
6507
|
+
public: false,
|
|
6508
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6509
|
+
description: "Lucern/MC gateway base URL used by tenant product apps."
|
|
4970
6510
|
},
|
|
4971
6511
|
{
|
|
4972
|
-
|
|
4973
|
-
|
|
4974
|
-
|
|
6512
|
+
idSuffix: "lucern.proxy-token-secret",
|
|
6513
|
+
canonicalName: "LUCERN_PROXY_TOKEN_SECRET",
|
|
6514
|
+
required: false,
|
|
6515
|
+
secret: true,
|
|
6516
|
+
public: false,
|
|
6517
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6518
|
+
description: "Tenant-owned secret for signing internal proxy/session tokens in product apps."
|
|
4975
6519
|
},
|
|
4976
6520
|
{
|
|
4977
|
-
|
|
4978
|
-
|
|
4979
|
-
|
|
6521
|
+
idSuffix: "tenant.integrations.linear-api-key",
|
|
6522
|
+
canonicalName: "LINEAR_API_KEY",
|
|
6523
|
+
required: false,
|
|
6524
|
+
secret: true,
|
|
6525
|
+
public: false,
|
|
6526
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6527
|
+
description: "Tenant-owned Linear API key for support/slash-command flows."
|
|
4980
6528
|
},
|
|
4981
6529
|
{
|
|
4982
|
-
|
|
4983
|
-
|
|
4984
|
-
|
|
6530
|
+
idSuffix: "tenant.vercel.bypass-token",
|
|
6531
|
+
canonicalName: "VERCEL_AUTOMATION_BYPASS_SECRET",
|
|
6532
|
+
aliases: ["NEXT_PUBLIC_VERCEL_BYPASS_TOKEN"],
|
|
6533
|
+
required: false,
|
|
6534
|
+
secret: true,
|
|
6535
|
+
public: false,
|
|
6536
|
+
consumers: ["tenant-vercel-app", "tenant-deploy-tooling"],
|
|
6537
|
+
description: "Tenant-owned Vercel automation bypass token. Public alias is legacy and should be removed from app code."
|
|
4985
6538
|
}
|
|
4986
6539
|
];
|
|
4987
|
-
|
|
4988
|
-
(
|
|
6540
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.filter(
|
|
6541
|
+
(system) => TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS.includes(system.id)
|
|
6542
|
+
).flatMap(
|
|
6543
|
+
(system) => TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES.map(
|
|
6544
|
+
(template) => ({
|
|
6545
|
+
id: `tenant.${system.id}.${template.idSuffix}`,
|
|
6546
|
+
canonicalName: template.canonicalName,
|
|
6547
|
+
aliases: "aliases" in template ? template.aliases : void 0,
|
|
6548
|
+
owner: "tenant",
|
|
6549
|
+
scope: "tenant",
|
|
6550
|
+
sourcePath: system.sharedSourcePath,
|
|
6551
|
+
environmentPolicy: "environment_specific",
|
|
6552
|
+
required: template.required,
|
|
6553
|
+
secret: template.secret,
|
|
6554
|
+
public: template.public,
|
|
6555
|
+
consumers: template.consumers,
|
|
6556
|
+
destinations: [
|
|
6557
|
+
{
|
|
6558
|
+
kind: "vercel",
|
|
6559
|
+
target: system.vercelProjectName,
|
|
6560
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6561
|
+
},
|
|
6562
|
+
{
|
|
6563
|
+
kind: "convex",
|
|
6564
|
+
target: `${system.convex.preprodDeployment}|${system.convex.prodDeployment}`,
|
|
6565
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6566
|
+
},
|
|
6567
|
+
{
|
|
6568
|
+
kind: "github_actions",
|
|
6569
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6570
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6571
|
+
}
|
|
6572
|
+
],
|
|
6573
|
+
description: `${system.tenantKey}/${system.workspaceKey}: ${template.description}`
|
|
6574
|
+
})
|
|
6575
|
+
)
|
|
6576
|
+
);
|
|
6577
|
+
function tenantVercelConvexUrlWriteNames(system) {
|
|
6578
|
+
const names = [system.convex.urlEnv, "NEXT_PUBLIC_CONVEX_URL"];
|
|
6579
|
+
if (system.id === "stack-eng") {
|
|
6580
|
+
return [...names, "STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6581
|
+
}
|
|
6582
|
+
return names;
|
|
6583
|
+
}
|
|
6584
|
+
function tenantRepositoryConvexUrlWriteNames(system) {
|
|
6585
|
+
if (system.id === "stack-eng") {
|
|
6586
|
+
return [system.convex.urlEnv, "STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6587
|
+
}
|
|
6588
|
+
return [system.convex.urlEnv];
|
|
6589
|
+
}
|
|
6590
|
+
function tenantRepositoryConvexDeployKeyWriteNames(system) {
|
|
6591
|
+
if (system.id === "stack-eng") {
|
|
6592
|
+
return [system.convex.deployKeyEnv, "STACKOS_ENGINEERING_GRAPH_DEPLOY_KEY"];
|
|
6593
|
+
}
|
|
6594
|
+
return [system.convex.deployKeyEnv];
|
|
6595
|
+
}
|
|
6596
|
+
function tenantConvexUrlAliases(system) {
|
|
6597
|
+
if (system.id === "stack-frontend") {
|
|
6598
|
+
return [
|
|
6599
|
+
"CONVEX_PROD_URL",
|
|
6600
|
+
"CONVEX_STACK_V2_PROD_URL",
|
|
6601
|
+
"CONVEX_STACK_V2_STAGING_URL",
|
|
6602
|
+
"STACK_CONVEX_URL"
|
|
6603
|
+
];
|
|
6604
|
+
}
|
|
6605
|
+
if (system.id === "stackos") {
|
|
6606
|
+
return [
|
|
6607
|
+
"CONVEX_CLOUD_URL",
|
|
6608
|
+
"CONVEX_STACK_URL",
|
|
6609
|
+
"CONVEX_URL",
|
|
6610
|
+
"CONVEX_URL_DEVELOPMENT",
|
|
6611
|
+
"CONVEX_URL_PRODUCTION",
|
|
6612
|
+
"STACK_CONVEX_URL"
|
|
6613
|
+
];
|
|
6614
|
+
}
|
|
6615
|
+
if (system.id === "stack-eng") {
|
|
6616
|
+
return ["STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6617
|
+
}
|
|
6618
|
+
if (system.id === "lucern-graph") {
|
|
6619
|
+
return [
|
|
6620
|
+
"CONVEX_GRAPH_URL",
|
|
6621
|
+
"LUCERN_PROD_URL",
|
|
6622
|
+
"NEXT_PUBLIC_LUCERN_GRAPH_URL"
|
|
6623
|
+
];
|
|
6624
|
+
}
|
|
6625
|
+
return void 0;
|
|
6626
|
+
}
|
|
6627
|
+
function tenantConvexDeployKeyAliases(system) {
|
|
6628
|
+
if (system.id === "stack-frontend") {
|
|
6629
|
+
return [
|
|
6630
|
+
"CONVEX_STACK_V2_PROD_DEPLOY_KEY",
|
|
6631
|
+
"CONVEX_STACK_V2_STAGING_DEPLOY_KEY",
|
|
6632
|
+
"STACK_DEPLOY_KEY"
|
|
6633
|
+
];
|
|
6634
|
+
}
|
|
6635
|
+
if (system.id === "stackos") {
|
|
6636
|
+
return [
|
|
6637
|
+
"CONVEX_DEPLOY_KEY",
|
|
6638
|
+
"CONVEX_DEV_DEPLOY_KEY",
|
|
6639
|
+
"CONVEX_PROD_DEPLOY_KEY",
|
|
6640
|
+
"CONVEX_STACK_DEPLOY_KEY",
|
|
6641
|
+
"STACK_DEPLOY_KEY"
|
|
6642
|
+
];
|
|
6643
|
+
}
|
|
6644
|
+
if (system.id === "stack-eng") {
|
|
6645
|
+
return ["CONVEX_DEPLOY_KEY", "STACKOS_ENGINEERING_GRAPH_DEPLOY_KEY"];
|
|
6646
|
+
}
|
|
6647
|
+
if (system.id === "lucern-graph") {
|
|
6648
|
+
return [
|
|
6649
|
+
"CONVEX_DEPLOY_KEY",
|
|
6650
|
+
"CONVEX_GRAPH_DEPLOY_KEY",
|
|
6651
|
+
"LUCERN_CONVEX_DEPLOY_KEY",
|
|
6652
|
+
"LUCERN_DEV_DEPLOY_KEY",
|
|
6653
|
+
"LUCERN_PROD_DEPLOY_KEY"
|
|
6654
|
+
];
|
|
6655
|
+
}
|
|
6656
|
+
return void 0;
|
|
6657
|
+
}
|
|
6658
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap(
|
|
6659
|
+
(system) => {
|
|
6660
|
+
if (system.id === "lucern-graph") {
|
|
6661
|
+
return [
|
|
6662
|
+
{
|
|
6663
|
+
id: "tenant.lucern-graph.public.tenant-id",
|
|
6664
|
+
canonicalName: "NEXT_PUBLIC_LUCERN_GRAPH_TENANT_ID",
|
|
6665
|
+
aliases: ["NEXT_PUBLIC_LUCERN_TENANT_ID"],
|
|
6666
|
+
owner: "tenant",
|
|
6667
|
+
scope: "workspace",
|
|
6668
|
+
sourcePath: system.sharedSourcePath,
|
|
6669
|
+
environmentPolicy: "environment_specific",
|
|
6670
|
+
required: false,
|
|
6671
|
+
secret: false,
|
|
6672
|
+
public: true,
|
|
6673
|
+
consumers: ["tenant-vercel-app"],
|
|
6674
|
+
destinations: [
|
|
6675
|
+
{
|
|
6676
|
+
kind: "vercel",
|
|
6677
|
+
target: system.vercelProjectName,
|
|
6678
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6679
|
+
}
|
|
6680
|
+
],
|
|
6681
|
+
description: "Lucern graph public tenant id used by the standalone graph explorer."
|
|
6682
|
+
},
|
|
6683
|
+
{
|
|
6684
|
+
id: "tenant.lucern-graph.public.tenant-label",
|
|
6685
|
+
canonicalName: "NEXT_PUBLIC_LUCERN_GRAPH_TENANT_LABEL",
|
|
6686
|
+
owner: "tenant",
|
|
6687
|
+
scope: "workspace",
|
|
6688
|
+
sourcePath: system.sharedSourcePath,
|
|
6689
|
+
environmentPolicy: "environment_specific",
|
|
6690
|
+
required: false,
|
|
6691
|
+
secret: false,
|
|
6692
|
+
public: true,
|
|
6693
|
+
consumers: ["tenant-vercel-app"],
|
|
6694
|
+
destinations: [
|
|
6695
|
+
{
|
|
6696
|
+
kind: "vercel",
|
|
6697
|
+
target: system.vercelProjectName,
|
|
6698
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6699
|
+
}
|
|
6700
|
+
],
|
|
6701
|
+
description: "Lucern graph public tenant label used by the standalone graph explorer."
|
|
6702
|
+
}
|
|
6703
|
+
];
|
|
6704
|
+
}
|
|
6705
|
+
if (system.id === "stack-eng") {
|
|
6706
|
+
return [
|
|
6707
|
+
{
|
|
6708
|
+
id: "tenant.stack-eng.public.tenant-id",
|
|
6709
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_TENANT_ID",
|
|
6710
|
+
owner: "tenant",
|
|
6711
|
+
scope: "workspace",
|
|
6712
|
+
sourcePath: system.sharedSourcePath,
|
|
6713
|
+
environmentPolicy: "environment_specific",
|
|
6714
|
+
required: false,
|
|
6715
|
+
secret: false,
|
|
6716
|
+
public: true,
|
|
6717
|
+
consumers: ["tenant-vercel-app"],
|
|
6718
|
+
destinations: [
|
|
6719
|
+
{
|
|
6720
|
+
kind: "vercel",
|
|
6721
|
+
target: system.vercelProjectName,
|
|
6722
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6723
|
+
}
|
|
6724
|
+
],
|
|
6725
|
+
description: "Stack engineering graph public tenant id used by the graph explorer."
|
|
6726
|
+
},
|
|
6727
|
+
{
|
|
6728
|
+
id: "tenant.stack-eng.public.tenant-label",
|
|
6729
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_TENANT_LABEL",
|
|
6730
|
+
owner: "tenant",
|
|
6731
|
+
scope: "workspace",
|
|
6732
|
+
sourcePath: system.sharedSourcePath,
|
|
6733
|
+
environmentPolicy: "environment_specific",
|
|
6734
|
+
required: false,
|
|
6735
|
+
secret: false,
|
|
6736
|
+
public: true,
|
|
6737
|
+
consumers: ["tenant-vercel-app"],
|
|
6738
|
+
destinations: [
|
|
6739
|
+
{
|
|
6740
|
+
kind: "vercel",
|
|
6741
|
+
target: system.vercelProjectName,
|
|
6742
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6743
|
+
}
|
|
6744
|
+
],
|
|
6745
|
+
description: "Stack engineering graph public tenant label used by the graph explorer."
|
|
6746
|
+
},
|
|
6747
|
+
{
|
|
6748
|
+
id: "tenant.stack-eng.public.environment",
|
|
6749
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_ENV",
|
|
6750
|
+
owner: "tenant",
|
|
6751
|
+
scope: "workspace",
|
|
6752
|
+
sourcePath: system.sharedSourcePath,
|
|
6753
|
+
environmentPolicy: "environment_specific",
|
|
6754
|
+
required: false,
|
|
6755
|
+
secret: false,
|
|
6756
|
+
public: true,
|
|
6757
|
+
consumers: ["tenant-vercel-app"],
|
|
6758
|
+
destinations: [
|
|
6759
|
+
{
|
|
6760
|
+
kind: "vercel",
|
|
6761
|
+
target: system.vercelProjectName,
|
|
6762
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6763
|
+
}
|
|
6764
|
+
],
|
|
6765
|
+
description: "Stack engineering graph public environment label used by the graph explorer."
|
|
6766
|
+
}
|
|
6767
|
+
];
|
|
6768
|
+
}
|
|
6769
|
+
return [];
|
|
6770
|
+
}
|
|
4989
6771
|
);
|
|
6772
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap((system) => [
|
|
6773
|
+
{
|
|
6774
|
+
id: `tenant.${system.id}.convex.url`,
|
|
6775
|
+
canonicalName: system.convex.urlEnv,
|
|
6776
|
+
aliases: tenantConvexUrlAliases(system),
|
|
6777
|
+
owner: "tenant",
|
|
6778
|
+
scope: "software_system",
|
|
6779
|
+
sourcePath: system.sharedSourcePath,
|
|
6780
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6781
|
+
required: true,
|
|
6782
|
+
secret: false,
|
|
6783
|
+
public: false,
|
|
6784
|
+
consumers: [
|
|
6785
|
+
"tenant-vercel-app",
|
|
6786
|
+
"tenant-agent-runtime",
|
|
6787
|
+
"mc-operator-tooling"
|
|
6788
|
+
],
|
|
6789
|
+
destinations: [
|
|
6790
|
+
{
|
|
6791
|
+
kind: "vercel",
|
|
6792
|
+
target: system.vercelProjectName,
|
|
6793
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6794
|
+
writeNames: tenantVercelConvexUrlWriteNames(system)
|
|
6795
|
+
},
|
|
6796
|
+
{
|
|
6797
|
+
kind: "github_actions",
|
|
6798
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6799
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6800
|
+
writeNames: tenantRepositoryConvexUrlWriteNames(system),
|
|
6801
|
+
notes: "Only if that repository deploy/test workflow owns this software system."
|
|
6802
|
+
}
|
|
6803
|
+
],
|
|
6804
|
+
description: `${system.tenantKey}/${system.workspaceKey} Convex URL. Pre-prod resolves to ${system.convex.preprodDeployment}; prod resolves to ${system.convex.prodDeployment}.`
|
|
6805
|
+
},
|
|
6806
|
+
{
|
|
6807
|
+
id: `tenant.${system.id}.convex.deploy-key`,
|
|
6808
|
+
canonicalName: system.convex.deployKeyEnv,
|
|
6809
|
+
aliases: tenantConvexDeployKeyAliases(system),
|
|
6810
|
+
owner: "tenant",
|
|
6811
|
+
scope: "software_system",
|
|
6812
|
+
sourcePath: system.sharedSourcePath,
|
|
6813
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6814
|
+
required: true,
|
|
6815
|
+
secret: true,
|
|
6816
|
+
public: false,
|
|
6817
|
+
consumers: [
|
|
6818
|
+
"tenant-vercel-app",
|
|
6819
|
+
"tenant-agent-runtime",
|
|
6820
|
+
"mc-operator-tooling"
|
|
6821
|
+
],
|
|
6822
|
+
destinations: [
|
|
6823
|
+
{
|
|
6824
|
+
kind: "vercel",
|
|
6825
|
+
target: system.vercelProjectName,
|
|
6826
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6827
|
+
},
|
|
6828
|
+
{
|
|
6829
|
+
kind: "github_actions",
|
|
6830
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6831
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6832
|
+
writeNames: tenantRepositoryConvexDeployKeyWriteNames(system),
|
|
6833
|
+
notes: "Only if that repository deploy/test workflow owns this software system."
|
|
6834
|
+
}
|
|
6835
|
+
],
|
|
6836
|
+
description: `${system.tenantKey}/${system.workspaceKey} Convex deploy/admin key. Never route to sibling workspaces.`
|
|
6837
|
+
}
|
|
6838
|
+
]);
|
|
4990
6839
|
z.object({
|
|
4991
6840
|
manifestVersion: z.literal("1.0.0"),
|
|
4992
6841
|
rules: z.array(
|
|
@@ -5027,7 +6876,7 @@ var createEvidenceInputSchemaBase = z.object({
|
|
|
5027
6876
|
targetId: z.string().optional(),
|
|
5028
6877
|
targetNodeId: z.string().optional(),
|
|
5029
6878
|
linkedBeliefNodeId: z.string().optional(),
|
|
5030
|
-
evidenceRelation: z.enum(["supports", "contradicts"
|
|
6879
|
+
evidenceRelation: z.enum(["supports", "contradicts"]).optional(),
|
|
5031
6880
|
confidence: z.number().optional(),
|
|
5032
6881
|
weight: z.number().optional(),
|
|
5033
6882
|
reasoning: z.string().optional(),
|
|
@@ -5112,8 +6961,7 @@ var createEvidenceProjection = defineProjection({
|
|
|
5112
6961
|
evidenceRelation: v.optional(
|
|
5113
6962
|
v.union(
|
|
5114
6963
|
v.literal("supports"),
|
|
5115
|
-
v.literal("contradicts")
|
|
5116
|
-
v.literal("neutral")
|
|
6964
|
+
v.literal("contradicts")
|
|
5117
6965
|
)
|
|
5118
6966
|
),
|
|
5119
6967
|
confidence: v.optional(v.number()),
|
|
@@ -5138,7 +6986,7 @@ function compactRecord2(input) {
|
|
|
5138
6986
|
Object.entries(input).filter(([, value]) => value !== void 0)
|
|
5139
6987
|
);
|
|
5140
6988
|
}
|
|
5141
|
-
|
|
6989
|
+
defineProjection({
|
|
5142
6990
|
contractName: "list_beliefs",
|
|
5143
6991
|
inputSchema: listBeliefsInputSchema,
|
|
5144
6992
|
project: (input) => compactRecord2({
|
|
@@ -5162,12 +7010,17 @@ var listBeliefsProjection = defineProjection({
|
|
|
5162
7010
|
});
|
|
5163
7011
|
var taskStatusSchema = z.enum(["todo", "in_progress", "blocked", "done"]).optional().describe("Filter by task status");
|
|
5164
7012
|
var listTasksInputSchema = z.object({
|
|
5165
|
-
topicId: z.string().describe("Topic scope"),
|
|
7013
|
+
topicId: z.string().optional().describe("Topic scope"),
|
|
5166
7014
|
worktreeId: z.string().optional().describe("Alias for linkedWorktreeId"),
|
|
5167
7015
|
linkedWorktreeId: z.string().optional().describe("Filter to tasks linked to this worktree"),
|
|
5168
7016
|
status: taskStatusSchema,
|
|
5169
7017
|
limit: z.number().optional().describe("Maximum results")
|
|
5170
|
-
})
|
|
7018
|
+
}).refine(
|
|
7019
|
+
(input) => Boolean(input.topicId || input.worktreeId || input.linkedWorktreeId),
|
|
7020
|
+
{
|
|
7021
|
+
message: "topicId or worktreeId is required"
|
|
7022
|
+
}
|
|
7023
|
+
);
|
|
5171
7024
|
function compactRecord3(input) {
|
|
5172
7025
|
return Object.fromEntries(
|
|
5173
7026
|
Object.entries(input).filter(([, value]) => value !== void 0)
|
|
@@ -5184,7 +7037,7 @@ var listTasksProjection = defineProjection({
|
|
|
5184
7037
|
linkedWorktreeId: input.linkedWorktreeId ?? input.worktreeId
|
|
5185
7038
|
}),
|
|
5186
7039
|
convexArgsValidator: v.object({
|
|
5187
|
-
topicId: v.string(),
|
|
7040
|
+
topicId: v.optional(v.string()),
|
|
5188
7041
|
status: v.optional(
|
|
5189
7042
|
v.union(
|
|
5190
7043
|
v.literal("todo"),
|
|
@@ -6162,19 +8015,23 @@ var FIND_CONTRADICTIONS = {
|
|
|
6162
8015
|
};
|
|
6163
8016
|
var CREATE_EDGE = {
|
|
6164
8017
|
name: "create_edge",
|
|
6165
|
-
description: "Commit a typed relationship between two nodes in the reasoning graph. Like `git commit` \u2014 an atomic write that declares a dependency between nodes.
|
|
8018
|
+
description: "Commit a typed relationship between two nodes in the reasoning graph. Like `git commit` \u2014 an atomic write that declares a dependency between nodes. Accepts any public epistemic edge type between public graph node refs so agents can author the full spine.",
|
|
6166
8019
|
parameters: {
|
|
6167
|
-
|
|
6168
|
-
type: "
|
|
6169
|
-
description: "Source
|
|
8020
|
+
from: {
|
|
8021
|
+
type: "object",
|
|
8022
|
+
description: "Source graph ref, e.g. { kind: 'epistemic_node', nodeId: '...', nodeType: 'topic' }"
|
|
6170
8023
|
},
|
|
6171
|
-
|
|
6172
|
-
type: "
|
|
6173
|
-
description: "Target
|
|
8024
|
+
to: {
|
|
8025
|
+
type: "object",
|
|
8026
|
+
description: "Target graph ref, e.g. { kind: 'epistemic_node', nodeId: '...', nodeType: 'belief' }"
|
|
6174
8027
|
},
|
|
6175
8028
|
edgeType: {
|
|
6176
8029
|
type: "string",
|
|
6177
|
-
description: "Relationship type
|
|
8030
|
+
description: "Relationship type from the public epistemic edge enum."
|
|
8031
|
+
},
|
|
8032
|
+
globalId: {
|
|
8033
|
+
type: "string",
|
|
8034
|
+
description: "Optional idempotent edge global ID."
|
|
6178
8035
|
},
|
|
6179
8036
|
weight: {
|
|
6180
8037
|
type: "number",
|
|
@@ -6184,10 +8041,14 @@ var CREATE_EDGE = {
|
|
|
6184
8041
|
reasoningMethod: {
|
|
6185
8042
|
type: "string",
|
|
6186
8043
|
description: "How this was determined",
|
|
6187
|
-
enum: [
|
|
8044
|
+
enum: [...REASONING_METHODS]
|
|
8045
|
+
},
|
|
8046
|
+
metadata: {
|
|
8047
|
+
type: "object",
|
|
8048
|
+
description: "Optional edge metadata."
|
|
6188
8049
|
}
|
|
6189
8050
|
},
|
|
6190
|
-
required: ["
|
|
8051
|
+
required: ["from", "to", "edgeType"],
|
|
6191
8052
|
response: {
|
|
6192
8053
|
description: "The created edge",
|
|
6193
8054
|
fields: {
|
|
@@ -6201,6 +8062,240 @@ var CREATE_EDGE = {
|
|
|
6201
8062
|
ontologyPrimitive: "edge",
|
|
6202
8063
|
tier: "showcase"
|
|
6203
8064
|
};
|
|
8065
|
+
var UPDATE_EDGE = {
|
|
8066
|
+
name: "update_edge",
|
|
8067
|
+
description: "Amend metadata on an existing graph edge. Like `git commit --amend` \u2014 changes the edge annotation without recreating the relationship.",
|
|
8068
|
+
parameters: {
|
|
8069
|
+
edgeId: { type: "string", description: "Edge ID or global ID to update" },
|
|
8070
|
+
weight: { type: "number", description: "Updated edge weight" },
|
|
8071
|
+
confidence: { type: "number", description: "Updated confidence" },
|
|
8072
|
+
context: { type: "string", description: "Updated human-readable context" },
|
|
8073
|
+
derivationType: { type: "string", description: "Updated derivation type" },
|
|
8074
|
+
metadata: { type: "object", description: "Updated metadata" }
|
|
8075
|
+
},
|
|
8076
|
+
required: ["edgeId"],
|
|
8077
|
+
response: {
|
|
8078
|
+
description: "Edge update result",
|
|
8079
|
+
fields: { success: "boolean" }
|
|
8080
|
+
},
|
|
8081
|
+
ownerModule: "graph-primitives",
|
|
8082
|
+
ontologyPrimitive: "edge",
|
|
8083
|
+
tier: "workhorse"
|
|
8084
|
+
};
|
|
8085
|
+
var REMOVE_EDGE = {
|
|
8086
|
+
name: "remove_edge",
|
|
8087
|
+
description: "Remove one graph edge by ID. Like `git rm` \u2014 deletes a single explicit relationship from the spine.",
|
|
8088
|
+
parameters: {
|
|
8089
|
+
edgeId: { type: "string", description: "Edge ID or global ID to remove" }
|
|
8090
|
+
},
|
|
8091
|
+
required: ["edgeId"],
|
|
8092
|
+
response: {
|
|
8093
|
+
description: "Edge removal result",
|
|
8094
|
+
fields: { success: "boolean" }
|
|
8095
|
+
},
|
|
8096
|
+
ownerModule: "graph-primitives",
|
|
8097
|
+
ontologyPrimitive: "edge",
|
|
8098
|
+
tier: "workhorse"
|
|
8099
|
+
};
|
|
8100
|
+
var REMOVE_EDGES_BETWEEN = {
|
|
8101
|
+
name: "remove_edges_between",
|
|
8102
|
+
description: "Remove graph edges between two nodes. Like `git rm <pathspec>` \u2014 deletes relationships matching a source, target, and optional type.",
|
|
8103
|
+
parameters: {
|
|
8104
|
+
fromNodeId: { type: "string", description: "Source node ID or global ID" },
|
|
8105
|
+
toNodeId: { type: "string", description: "Target node ID or global ID" },
|
|
8106
|
+
edgeType: { type: "string", description: "Optional edge type filter" }
|
|
8107
|
+
},
|
|
8108
|
+
required: ["fromNodeId", "toNodeId"],
|
|
8109
|
+
response: {
|
|
8110
|
+
description: "Matched edge removal result",
|
|
8111
|
+
fields: { deleted: "number" }
|
|
8112
|
+
},
|
|
8113
|
+
ownerModule: "graph-primitives",
|
|
8114
|
+
ontologyPrimitive: "edge",
|
|
8115
|
+
tier: "workhorse"
|
|
8116
|
+
};
|
|
8117
|
+
var BATCH_CREATE_EDGES = {
|
|
8118
|
+
name: "batch_create_edges",
|
|
8119
|
+
description: "Commit multiple typed graph edges. Like `git commit` with many staged paths \u2014 writes a batch of explicit relationships atomically per edge.",
|
|
8120
|
+
parameters: {
|
|
8121
|
+
edges: {
|
|
8122
|
+
type: "array",
|
|
8123
|
+
description: "Edges to create, each with from, to, edgeType, and optional weight/confidence/context."
|
|
8124
|
+
},
|
|
8125
|
+
skipLayerValidation: {
|
|
8126
|
+
type: "boolean",
|
|
8127
|
+
description: "Skip kernel layer validation for trusted materialization flows."
|
|
8128
|
+
}
|
|
8129
|
+
},
|
|
8130
|
+
required: ["edges"],
|
|
8131
|
+
response: {
|
|
8132
|
+
description: "Batch edge creation result",
|
|
8133
|
+
fields: {
|
|
8134
|
+
created: "number",
|
|
8135
|
+
results: "array",
|
|
8136
|
+
errors: "array"
|
|
8137
|
+
}
|
|
8138
|
+
},
|
|
8139
|
+
ownerModule: "graph-primitives",
|
|
8140
|
+
ontologyPrimitive: "edge",
|
|
8141
|
+
tier: "workhorse"
|
|
8142
|
+
};
|
|
8143
|
+
var CREATE_EPISTEMIC_NODE = {
|
|
8144
|
+
name: "create_epistemic_node",
|
|
8145
|
+
description: "Commit a generic epistemic graph node. Like `git commit` \u2014 creates a canonical node in the public spine for topics, beliefs, evidence, questions, answers, sources, and entities.",
|
|
8146
|
+
parameters: {
|
|
8147
|
+
globalId: { type: "string", description: "Optional idempotent node global ID" },
|
|
8148
|
+
nodeType: { type: "string", description: "Public epistemic node type" },
|
|
8149
|
+
canonicalText: { type: "string", description: "Canonical node text" },
|
|
8150
|
+
text: { type: "string", description: "Alias for canonicalText" },
|
|
8151
|
+
contentHash: { type: "string", description: "Optional idempotency content hash" },
|
|
8152
|
+
sourceType: { type: "string", description: "Source type for provenance" },
|
|
8153
|
+
topicId: { type: "string", description: "Optional topic scope" },
|
|
8154
|
+
content: { type: "string", description: "Extended content" },
|
|
8155
|
+
title: { type: "string", description: "Display title" },
|
|
8156
|
+
metadata: { type: "object", description: "Optional node metadata" }
|
|
8157
|
+
},
|
|
8158
|
+
required: ["nodeType"],
|
|
8159
|
+
response: {
|
|
8160
|
+
description: "Created node result",
|
|
8161
|
+
fields: {
|
|
8162
|
+
nodeId: "string",
|
|
8163
|
+
nodeGlobalId: "string",
|
|
8164
|
+
isDuplicate: "boolean"
|
|
8165
|
+
}
|
|
8166
|
+
},
|
|
8167
|
+
ownerModule: "reasoning-kernel",
|
|
8168
|
+
ontologyPrimitive: "graph",
|
|
8169
|
+
tier: "showcase"
|
|
8170
|
+
};
|
|
8171
|
+
var GET_EPISTEMIC_NODE = {
|
|
8172
|
+
name: "get_epistemic_node",
|
|
8173
|
+
description: "Read one epistemic graph node. Like `git show` \u2014 resolves a canonical spine node by ID or global ID.",
|
|
8174
|
+
parameters: {
|
|
8175
|
+
nodeId: { type: "string", description: "Node ID or global ID" }
|
|
8176
|
+
},
|
|
8177
|
+
required: ["nodeId"],
|
|
8178
|
+
response: {
|
|
8179
|
+
description: "The resolved node",
|
|
8180
|
+
fields: { node: "object" }
|
|
8181
|
+
},
|
|
8182
|
+
ownerModule: "reasoning-kernel",
|
|
8183
|
+
ontologyPrimitive: "graph",
|
|
8184
|
+
tier: "workhorse"
|
|
8185
|
+
};
|
|
8186
|
+
var LIST_EPISTEMIC_NODES = {
|
|
8187
|
+
name: "list_epistemic_nodes",
|
|
8188
|
+
description: "List epistemic graph nodes. Like `git ls-tree` \u2014 lists canonical spine nodes by topic, type, status, or search query.",
|
|
8189
|
+
parameters: {
|
|
8190
|
+
topicId: { type: "string", description: "Optional topic scope" },
|
|
8191
|
+
nodeType: { type: "string", description: "Optional node type filter" },
|
|
8192
|
+
status: { type: "string", description: "Optional lifecycle status" },
|
|
8193
|
+
searchQuery: { type: "string", description: "Optional text search query" },
|
|
8194
|
+
limit: { type: "number", description: "Maximum nodes to return" }
|
|
8195
|
+
},
|
|
8196
|
+
required: [],
|
|
8197
|
+
response: {
|
|
8198
|
+
description: "Matching nodes",
|
|
8199
|
+
fields: { nodes: "array" }
|
|
8200
|
+
},
|
|
8201
|
+
ownerModule: "reasoning-kernel",
|
|
8202
|
+
ontologyPrimitive: "graph",
|
|
8203
|
+
tier: "workhorse"
|
|
8204
|
+
};
|
|
8205
|
+
var UPDATE_EPISTEMIC_NODE = {
|
|
8206
|
+
name: "update_epistemic_node",
|
|
8207
|
+
description: "Amend an epistemic graph node. Like `git commit --amend` \u2014 updates mutable node metadata, text, status, or verification fields.",
|
|
8208
|
+
parameters: {
|
|
8209
|
+
nodeId: { type: "string", description: "Node ID or global ID" },
|
|
8210
|
+
canonicalText: { type: "string", description: "Updated canonical text" },
|
|
8211
|
+
text: { type: "string", description: "Alias for canonicalText" },
|
|
8212
|
+
contentHash: { type: "string", description: "Updated content hash" },
|
|
8213
|
+
content: { type: "string", description: "Updated content" },
|
|
8214
|
+
title: { type: "string", description: "Updated display title" },
|
|
8215
|
+
metadata: { type: "object", description: "Updated metadata" },
|
|
8216
|
+
confidence: { type: "number", description: "Updated confidence" },
|
|
8217
|
+
verificationStatus: { type: "string", description: "Updated verification status" },
|
|
8218
|
+
status: { type: "string", description: "Updated lifecycle status" }
|
|
8219
|
+
},
|
|
8220
|
+
required: ["nodeId"],
|
|
8221
|
+
response: {
|
|
8222
|
+
description: "Node update result",
|
|
8223
|
+
fields: { success: "boolean" }
|
|
8224
|
+
},
|
|
8225
|
+
ownerModule: "reasoning-kernel",
|
|
8226
|
+
ontologyPrimitive: "graph",
|
|
8227
|
+
tier: "workhorse"
|
|
8228
|
+
};
|
|
8229
|
+
var ARCHIVE_EPISTEMIC_NODE = {
|
|
8230
|
+
name: "archive_epistemic_node",
|
|
8231
|
+
description: "Archive an epistemic graph node. Like `git rm --cached` \u2014 removes a node from active traversal without hard-deleting it.",
|
|
8232
|
+
parameters: {
|
|
8233
|
+
nodeId: { type: "string", description: "Node ID or global ID" }
|
|
8234
|
+
},
|
|
8235
|
+
required: ["nodeId"],
|
|
8236
|
+
response: {
|
|
8237
|
+
description: "Archive result",
|
|
8238
|
+
fields: { success: "boolean", effectiveStatus: "string" }
|
|
8239
|
+
},
|
|
8240
|
+
ownerModule: "reasoning-kernel",
|
|
8241
|
+
ontologyPrimitive: "graph",
|
|
8242
|
+
tier: "workhorse"
|
|
8243
|
+
};
|
|
8244
|
+
var VERIFY_EPISTEMIC_NODE = {
|
|
8245
|
+
name: "verify_epistemic_node",
|
|
8246
|
+
description: "Record verification state on an epistemic graph node. Like `git tag` \u2014 marks the node with a reviewed verification state.",
|
|
8247
|
+
parameters: {
|
|
8248
|
+
nodeId: { type: "string", description: "Node ID or global ID" },
|
|
8249
|
+
verificationStatus: { type: "string", description: "Verification status" },
|
|
8250
|
+
confidence: { type: "number", description: "Optional confidence update" }
|
|
8251
|
+
},
|
|
8252
|
+
required: ["nodeId", "verificationStatus"],
|
|
8253
|
+
response: {
|
|
8254
|
+
description: "Verification result",
|
|
8255
|
+
fields: { success: "boolean" }
|
|
8256
|
+
},
|
|
8257
|
+
ownerModule: "reasoning-kernel",
|
|
8258
|
+
ontologyPrimitive: "graph",
|
|
8259
|
+
tier: "workhorse"
|
|
8260
|
+
};
|
|
8261
|
+
var SUPERSEDE_EPISTEMIC_NODE = {
|
|
8262
|
+
name: "supersede_epistemic_node",
|
|
8263
|
+
description: "Supersede an epistemic graph node with a new version. Like `git commit --amend` on an immutable history branch \u2014 creates the replacement and marks the old node superseded.",
|
|
8264
|
+
parameters: {
|
|
8265
|
+
oldNodeId: { type: "string", description: "Node ID or global ID to supersede" },
|
|
8266
|
+
newGlobalId: { type: "string", description: "Optional replacement global ID" },
|
|
8267
|
+
newCanonicalText: { type: "string", description: "Replacement canonical text" },
|
|
8268
|
+
text: { type: "string", description: "Alias for newCanonicalText" },
|
|
8269
|
+
newContentHash: { type: "string", description: "Optional replacement content hash" },
|
|
8270
|
+
reason: { type: "string", description: "Reason for superseding" }
|
|
8271
|
+
},
|
|
8272
|
+
required: ["oldNodeId"],
|
|
8273
|
+
response: {
|
|
8274
|
+
description: "Supersede result",
|
|
8275
|
+
fields: { oldNodeId: "string", newNodeId: "string" }
|
|
8276
|
+
},
|
|
8277
|
+
ownerModule: "reasoning-kernel",
|
|
8278
|
+
ontologyPrimitive: "graph",
|
|
8279
|
+
tier: "workhorse"
|
|
8280
|
+
};
|
|
8281
|
+
var BATCH_CREATE_EPISTEMIC_NODES = {
|
|
8282
|
+
name: "batch_create_epistemic_nodes",
|
|
8283
|
+
description: "Commit multiple epistemic graph nodes. Like `git commit` with many staged files \u2014 writes a batch of canonical spine nodes.",
|
|
8284
|
+
parameters: {
|
|
8285
|
+
nodes: {
|
|
8286
|
+
type: "array",
|
|
8287
|
+
description: "Nodes to create with nodeType, canonicalText/text, and optional metadata."
|
|
8288
|
+
}
|
|
8289
|
+
},
|
|
8290
|
+
required: ["nodes"],
|
|
8291
|
+
response: {
|
|
8292
|
+
description: "Batch node creation result",
|
|
8293
|
+
fields: { created: "number", results: "array" }
|
|
8294
|
+
},
|
|
8295
|
+
ownerModule: "reasoning-kernel",
|
|
8296
|
+
ontologyPrimitive: "graph",
|
|
8297
|
+
tier: "workhorse"
|
|
8298
|
+
};
|
|
6204
8299
|
var RECORD_JUDGMENT = {
|
|
6205
8300
|
name: "record_judgment",
|
|
6206
8301
|
description: "Record a judgment \u2014 an irreversible commitment based on the current epistemic state. Like a `git tag` marking a release. A judgment synthesizes beliefs, evidence, and uncertainties into a determination. Once issued, a judgment is evaluated against the epistemic state that existed when it was made (knowledge horizon evaluation, Invariant #10).",
|
|
@@ -7400,8 +9495,8 @@ var IDENTITY_WHOAMI = {
|
|
|
7400
9495
|
response: {
|
|
7401
9496
|
description: "Canonical identity summary for the current session",
|
|
7402
9497
|
fields: {
|
|
7403
|
-
principalId: "string \u2014 canonical
|
|
7404
|
-
principalType: "string \u2014 human, service, or
|
|
9498
|
+
principalId: "string \u2014 canonical principal identifier; for humans this is the Clerk user_... ID",
|
|
9499
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
7405
9500
|
tenantId: "string | undefined \u2014 resolved tenant scope",
|
|
7406
9501
|
workspaceId: "string | undefined \u2014 resolved workspace scope",
|
|
7407
9502
|
scopes: "string[] | undefined \u2014 granted scopes for this session",
|
|
@@ -7412,6 +9507,49 @@ var IDENTITY_WHOAMI = {
|
|
|
7412
9507
|
ontologyPrimitive: "identity",
|
|
7413
9508
|
tier: "workhorse"
|
|
7414
9509
|
};
|
|
9510
|
+
var RESOLVE_INTERACTIVE_PRINCIPAL = {
|
|
9511
|
+
name: "resolve_interactive_principal",
|
|
9512
|
+
description: "Read the Permit-backed Lucern principal context for an authenticated Clerk user. Like `git config --get user.email` plus the repository ACL \u2014 resolves the Clerk subject into tenant/workspace authorization context.",
|
|
9513
|
+
parameters: {
|
|
9514
|
+
clerkId: {
|
|
9515
|
+
type: "string",
|
|
9516
|
+
description: "Authenticated Clerk subject (`sub`). Clerk proves identity only; it is not the authorization record."
|
|
9517
|
+
},
|
|
9518
|
+
tenantId: {
|
|
9519
|
+
type: "string",
|
|
9520
|
+
description: "Optional tenant scope. Omit only when the Clerk alias is globally unambiguous."
|
|
9521
|
+
},
|
|
9522
|
+
workspaceId: {
|
|
9523
|
+
type: "string",
|
|
9524
|
+
description: "Optional workspace scope. Required when the principal has access to multiple workspaces and no default can be inferred."
|
|
9525
|
+
},
|
|
9526
|
+
providerProjectId: {
|
|
9527
|
+
type: "string",
|
|
9528
|
+
description: "Optional Clerk project or provider instance id for tenants with multiple identity providers."
|
|
9529
|
+
}
|
|
9530
|
+
},
|
|
9531
|
+
required: ["clerkId"],
|
|
9532
|
+
response: {
|
|
9533
|
+
description: "Permit-backed Lucern principal context for tenant SDK bootstrap",
|
|
9534
|
+
fields: {
|
|
9535
|
+
principalId: "string \u2014 canonical Clerk user_... ID for human sessions",
|
|
9536
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
9537
|
+
clerkId: "string \u2014 authenticated Clerk subject alias",
|
|
9538
|
+
tenantId: "string \u2014 resolved tenant scope",
|
|
9539
|
+
workspaceId: "string | null \u2014 resolved workspace scope",
|
|
9540
|
+
roles: "string[] \u2014 effective Permit roles",
|
|
9541
|
+
scopes: "string[] \u2014 effective scopes derived from Permit/control-plane projection",
|
|
9542
|
+
groupIds: "string[] \u2014 active Permit group memberships",
|
|
9543
|
+
principalStatus: "string \u2014 active, invited, suspended, disabled, revoked, or missing",
|
|
9544
|
+
tenantStatus: "string \u2014 projected tenant resource status",
|
|
9545
|
+
workspaceStatus: "string \u2014 projected workspace resource status",
|
|
9546
|
+
permit: "object \u2014 Permit subject, tenant, and optional workspace tuple"
|
|
9547
|
+
}
|
|
9548
|
+
},
|
|
9549
|
+
ownerModule: "control-plane",
|
|
9550
|
+
ontologyPrimitive: "identity",
|
|
9551
|
+
tier: "workhorse"
|
|
9552
|
+
};
|
|
7415
9553
|
var COMPILE_CONTEXT = {
|
|
7416
9554
|
name: "compile_context",
|
|
7417
9555
|
description: "Compile a focused reasoning context. If topicId is omitted, Lucern resolves the best topic from the query. Like `git log --graph --decorate` for the reasoning substrate \u2014 returns the canonical Pillar 3 context pack through the public API shape.",
|
|
@@ -7673,6 +9811,10 @@ var CREATE_TASK = {
|
|
|
7673
9811
|
tags: {
|
|
7674
9812
|
type: "array",
|
|
7675
9813
|
description: "Free-form string tags"
|
|
9814
|
+
},
|
|
9815
|
+
metadata: {
|
|
9816
|
+
type: "object",
|
|
9817
|
+
description: "Structured task metadata for handoff context and routing hints"
|
|
7676
9818
|
}
|
|
7677
9819
|
},
|
|
7678
9820
|
required: ["title"],
|
|
@@ -7746,6 +9888,10 @@ var UPDATE_TASK = {
|
|
|
7746
9888
|
type: "string",
|
|
7747
9889
|
description: "Updated status",
|
|
7748
9890
|
enum: ["todo", "in_progress", "blocked", "done"]
|
|
9891
|
+
},
|
|
9892
|
+
metadata: {
|
|
9893
|
+
type: "object",
|
|
9894
|
+
description: "Structured task metadata to replace or refine"
|
|
7749
9895
|
}
|
|
7750
9896
|
},
|
|
7751
9897
|
required: ["taskId"],
|
|
@@ -7793,6 +9939,10 @@ var CREATE_TOPIC = {
|
|
|
7793
9939
|
name: "create_topic",
|
|
7794
9940
|
description: "Create a new topic container for scoping knowledge. Like `git init` \u2014 initializes a new repository for a knowledge domain. Topics are hierarchical: a deal topic can nest under a theme topic. Types: domain, theme, deal, strategy, constitution, project, portfolio.",
|
|
7795
9941
|
parameters: {
|
|
9942
|
+
globalId: {
|
|
9943
|
+
type: "string",
|
|
9944
|
+
description: "Optional idempotent topic global ID"
|
|
9945
|
+
},
|
|
7796
9946
|
name: { type: "string", description: "Topic name" },
|
|
7797
9947
|
type: {
|
|
7798
9948
|
type: "string",
|
|
@@ -7803,6 +9953,18 @@ var CREATE_TOPIC = {
|
|
|
7803
9953
|
type: "string",
|
|
7804
9954
|
description: "Optional parent topic for nesting"
|
|
7805
9955
|
},
|
|
9956
|
+
parentTopicGlobalId: {
|
|
9957
|
+
type: "string",
|
|
9958
|
+
description: "Optional parent topic global ID for nesting"
|
|
9959
|
+
},
|
|
9960
|
+
tenantId: { type: "string", description: "Optional tenant scope" },
|
|
9961
|
+
workspaceId: { type: "string", description: "Optional workspace scope" },
|
|
9962
|
+
visibility: {
|
|
9963
|
+
type: "string",
|
|
9964
|
+
description: "Topic visibility",
|
|
9965
|
+
enum: ["private", "team", "firm", "external", "public"]
|
|
9966
|
+
},
|
|
9967
|
+
metadata: { type: "object", description: "Optional topic metadata" },
|
|
7806
9968
|
createdBy: { type: "string", description: "Who created this topic" }
|
|
7807
9969
|
},
|
|
7808
9970
|
required: ["name", "type"],
|
|
@@ -7811,6 +9973,9 @@ var CREATE_TOPIC = {
|
|
|
7811
9973
|
fields: {
|
|
7812
9974
|
id: "string \u2014 topic ID",
|
|
7813
9975
|
globalId: "string \u2014 globally unique ID",
|
|
9976
|
+
topicGlobalId: "string \u2014 topic global ID",
|
|
9977
|
+
epistemicNodeId: "string \u2014 materialized topic node ID",
|
|
9978
|
+
epistemicNodeGlobalId: "string \u2014 materialized topic node global ID",
|
|
7814
9979
|
depth: "number \u2014 nesting depth"
|
|
7815
9980
|
}
|
|
7816
9981
|
},
|
|
@@ -7941,6 +10106,65 @@ var GET_TOPIC_TREE = {
|
|
|
7941
10106
|
ontologyPrimitive: "graph",
|
|
7942
10107
|
tier: "workhorse"
|
|
7943
10108
|
};
|
|
10109
|
+
var MATERIALIZE_TOPIC_GRAPH = {
|
|
10110
|
+
name: "materialize_topic_graph",
|
|
10111
|
+
description: "Backfill the topic graph spine. Like `git fsck --connectivity-only` with repair enabled \u2014 creates missing topic nodes and parent-child edges idempotently.",
|
|
10112
|
+
parameters: {
|
|
10113
|
+
rootTopicId: {
|
|
10114
|
+
type: "string",
|
|
10115
|
+
description: "Optional root topic for a bounded materialization pass"
|
|
10116
|
+
},
|
|
10117
|
+
dryRun: {
|
|
10118
|
+
type: "boolean",
|
|
10119
|
+
description: "When true, report missing rows without writing them"
|
|
10120
|
+
}
|
|
10121
|
+
},
|
|
10122
|
+
required: [],
|
|
10123
|
+
response: {
|
|
10124
|
+
description: "Topic graph materialization counts",
|
|
10125
|
+
fields: {
|
|
10126
|
+
topicsSeen: "number",
|
|
10127
|
+
nodesCreated: "number",
|
|
10128
|
+
nodesExisting: "number",
|
|
10129
|
+
edgesCreated: "number",
|
|
10130
|
+
edgesExisting: "number",
|
|
10131
|
+
errors: "array"
|
|
10132
|
+
}
|
|
10133
|
+
},
|
|
10134
|
+
ownerModule: "reasoning-kernel",
|
|
10135
|
+
ontologyPrimitive: "graph",
|
|
10136
|
+
tier: "workhorse"
|
|
10137
|
+
};
|
|
10138
|
+
var GET_TOPIC_GRAPH_SPINE = {
|
|
10139
|
+
name: "get_topic_graph_spine",
|
|
10140
|
+
description: "Verify the topic graph spine. Like `git fsck` \u2014 reads topics, materialized topic nodes, parent-child edges, and missing spine rows.",
|
|
10141
|
+
parameters: {
|
|
10142
|
+
rootTopicId: {
|
|
10143
|
+
type: "string",
|
|
10144
|
+
description: "Optional root topic for a bounded verifier pass"
|
|
10145
|
+
},
|
|
10146
|
+
includeTopicBeliefEdges: {
|
|
10147
|
+
type: "boolean",
|
|
10148
|
+
description: "Include topic -> belief edges in the verifier payload"
|
|
10149
|
+
}
|
|
10150
|
+
},
|
|
10151
|
+
required: [],
|
|
10152
|
+
response: {
|
|
10153
|
+
description: "Topic graph spine verification payload",
|
|
10154
|
+
fields: {
|
|
10155
|
+
ok: "boolean",
|
|
10156
|
+
counts: "object",
|
|
10157
|
+
topics: "array",
|
|
10158
|
+
topicNodes: "array",
|
|
10159
|
+
parentEdges: "array",
|
|
10160
|
+
missingTopicNodes: "array",
|
|
10161
|
+
missingParentEdges: "array"
|
|
10162
|
+
}
|
|
10163
|
+
},
|
|
10164
|
+
ownerModule: "reasoning-kernel",
|
|
10165
|
+
ontologyPrimitive: "graph",
|
|
10166
|
+
tier: "workhorse"
|
|
10167
|
+
};
|
|
7944
10168
|
var GET_CODE_CONTEXT = {
|
|
7945
10169
|
name: "get_code_context",
|
|
7946
10170
|
description: "Returns code-grounded beliefs, contracts, migration states, and failed attempts anchored to a specific file or function path. Like `git log -- <path>` \u2014 filters the knowledge graph to nodes anchored to a file path via metadata.codeAnchors. Results are separated by coding belief type: decisions, contracts, migrations, patterns, deprecations, and failures.",
|
|
@@ -8136,7 +10360,7 @@ var MANAGE_WRITE_POLICY = {
|
|
|
8136
10360
|
},
|
|
8137
10361
|
role: {
|
|
8138
10362
|
type: "string",
|
|
8139
|
-
description: "Role to set policy for (required for 'set'). E.g. 'agent:internal'
|
|
10363
|
+
description: "Role to set policy for (required for 'set'). E.g. 'agent:internal' or a Permit role key such as 'workspace_admin'."
|
|
8140
10364
|
},
|
|
8141
10365
|
permission: {
|
|
8142
10366
|
type: "string",
|
|
@@ -9123,6 +11347,9 @@ var BEGIN_BUILD_SESSION = {
|
|
|
9123
11347
|
sessionMode: "string \u2014 async | interactive",
|
|
9124
11348
|
targetBeliefIds: "array \u2014 scoped belief IDs",
|
|
9125
11349
|
targetQuestionIds: "array \u2014 scoped question IDs",
|
|
11350
|
+
taskIds: "array \u2014 assigned task IDs for this worktree",
|
|
11351
|
+
incompleteTaskIds: "array \u2014 assigned task IDs that still require done/deferred/blocked proof",
|
|
11352
|
+
tasks: "array \u2014 assigned task packet with id, title, status, priority, links, and summaries",
|
|
9126
11353
|
topBeliefs: "array \u2014 highest-confidence scoped beliefs",
|
|
9127
11354
|
openQuestions: "array \u2014 open scoped questions",
|
|
9128
11355
|
resolvedDecisions: "array \u2014 answered questions summarized for the session",
|
|
@@ -9178,6 +11405,19 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9178
11405
|
bisect_confidence: BISECT_CONFIDENCE,
|
|
9179
11406
|
// Edges (commit)
|
|
9180
11407
|
create_edge: CREATE_EDGE,
|
|
11408
|
+
update_edge: UPDATE_EDGE,
|
|
11409
|
+
remove_edge: REMOVE_EDGE,
|
|
11410
|
+
remove_edges_between: REMOVE_EDGES_BETWEEN,
|
|
11411
|
+
batch_create_edges: BATCH_CREATE_EDGES,
|
|
11412
|
+
// Epistemic node spine (commit/amend/show)
|
|
11413
|
+
create_epistemic_node: CREATE_EPISTEMIC_NODE,
|
|
11414
|
+
get_epistemic_node: GET_EPISTEMIC_NODE,
|
|
11415
|
+
list_epistemic_nodes: LIST_EPISTEMIC_NODES,
|
|
11416
|
+
update_epistemic_node: UPDATE_EPISTEMIC_NODE,
|
|
11417
|
+
archive_epistemic_node: ARCHIVE_EPISTEMIC_NODE,
|
|
11418
|
+
verify_epistemic_node: VERIFY_EPISTEMIC_NODE,
|
|
11419
|
+
supersede_epistemic_node: SUPERSEDE_EPISTEMIC_NODE,
|
|
11420
|
+
batch_create_epistemic_nodes: BATCH_CREATE_EPISTEMIC_NODES,
|
|
9181
11421
|
// Judgments (tag)
|
|
9182
11422
|
record_judgment: RECORD_JUDGMENT,
|
|
9183
11423
|
// Graph intelligence (showcase)
|
|
@@ -9212,6 +11452,7 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9212
11452
|
update_worktree_targets: UPDATE_WORKTREE_TARGETS,
|
|
9213
11453
|
update_worktree_metadata: UPDATE_WORKTREE_METADATA,
|
|
9214
11454
|
identity_whoami: IDENTITY_WHOAMI,
|
|
11455
|
+
resolve_interactive_principal: RESOLVE_INTERACTIVE_PRINCIPAL,
|
|
9215
11456
|
compile_context: COMPILE_CONTEXT,
|
|
9216
11457
|
record_scope_learning: RECORD_SCOPE_LEARNING,
|
|
9217
11458
|
pipeline_snapshot: PIPELINE_SNAPSHOT,
|
|
@@ -9251,6 +11492,8 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9251
11492
|
get_topic: GET_TOPIC,
|
|
9252
11493
|
update_topic: UPDATE_TOPIC,
|
|
9253
11494
|
get_topic_tree: GET_TOPIC_TREE,
|
|
11495
|
+
materialize_topic_graph: MATERIALIZE_TOPIC_GRAPH,
|
|
11496
|
+
get_topic_graph_spine: GET_TOPIC_GRAPH_SPINE,
|
|
9254
11497
|
// Coding intelligence (code-grounded knowledge)
|
|
9255
11498
|
get_code_context: GET_CODE_CONTEXT,
|
|
9256
11499
|
get_change_history: GET_CHANGE_HISTORY,
|
|
@@ -9327,6 +11570,7 @@ function entries(names, surfaceClass, surfaceIntent, surfaces, rationale) {
|
|
|
9327
11570
|
var MCP_CORE_OPERATION_NAMES = [
|
|
9328
11571
|
"compile_context",
|
|
9329
11572
|
"identity_whoami",
|
|
11573
|
+
"resolve_interactive_principal",
|
|
9330
11574
|
"check_permission",
|
|
9331
11575
|
"filter_by_permission",
|
|
9332
11576
|
"create_belief",
|
|
@@ -9355,14 +11599,28 @@ var MCP_CORE_OPERATION_NAMES = [
|
|
|
9355
11599
|
"find_missing_questions",
|
|
9356
11600
|
"get_high_priority_questions",
|
|
9357
11601
|
"get_falsification_questions",
|
|
11602
|
+
"create_epistemic_node",
|
|
11603
|
+
"get_epistemic_node",
|
|
11604
|
+
"list_epistemic_nodes",
|
|
11605
|
+
"update_epistemic_node",
|
|
11606
|
+
"archive_epistemic_node",
|
|
11607
|
+
"verify_epistemic_node",
|
|
11608
|
+
"supersede_epistemic_node",
|
|
11609
|
+
"batch_create_epistemic_nodes",
|
|
9358
11610
|
"create_topic",
|
|
9359
11611
|
"get_topic",
|
|
9360
11612
|
"list_topics",
|
|
9361
11613
|
"update_topic",
|
|
9362
|
-
"get_topic_tree"
|
|
11614
|
+
"get_topic_tree",
|
|
11615
|
+
"materialize_topic_graph",
|
|
11616
|
+
"get_topic_graph_spine"
|
|
9363
11617
|
];
|
|
9364
11618
|
var MCP_ANALYSIS_PLATFORM_OPERATION_NAMES = [
|
|
9365
11619
|
"create_edge",
|
|
11620
|
+
"update_edge",
|
|
11621
|
+
"remove_edge",
|
|
11622
|
+
"remove_edges_between",
|
|
11623
|
+
"batch_create_edges",
|
|
9366
11624
|
"query_lineage",
|
|
9367
11625
|
"traverse_graph",
|
|
9368
11626
|
"get_graph_neighborhood",
|
|
@@ -9694,12 +11952,20 @@ function unwrapMcpParameterSchema(schema) {
|
|
|
9694
11952
|
current = current._def.schema;
|
|
9695
11953
|
continue;
|
|
9696
11954
|
default:
|
|
9697
|
-
return {
|
|
11955
|
+
return {
|
|
11956
|
+
schema: current,
|
|
11957
|
+
required,
|
|
11958
|
+
description: description ?? current.description
|
|
11959
|
+
};
|
|
9698
11960
|
}
|
|
9699
11961
|
}
|
|
9700
11962
|
}
|
|
9701
11963
|
function mcpParameterFromZod(fieldName, schema, contractName) {
|
|
9702
|
-
const {
|
|
11964
|
+
const {
|
|
11965
|
+
schema: unwrapped,
|
|
11966
|
+
required,
|
|
11967
|
+
description: schemaDescription
|
|
11968
|
+
} = unwrapMcpParameterSchema(schema);
|
|
9703
11969
|
const description = schemaDescription ?? unwrapped.description ?? fieldName;
|
|
9704
11970
|
switch (unwrapped._def.typeName) {
|
|
9705
11971
|
case z.ZodFirstPartyTypeKind.ZodString:
|
|
@@ -9744,10 +12010,12 @@ function mcpContractFromArgsSchema(base, args, contractName) {
|
|
|
9744
12010
|
const entries2 = Object.entries(getObjectShape(args)).sort(
|
|
9745
12011
|
([left], [right]) => left.localeCompare(right)
|
|
9746
12012
|
);
|
|
9747
|
-
const converted = entries2.map(
|
|
9748
|
-
fieldName,
|
|
9749
|
-
|
|
9750
|
-
|
|
12013
|
+
const converted = entries2.map(
|
|
12014
|
+
([fieldName, schema]) => [
|
|
12015
|
+
fieldName,
|
|
12016
|
+
mcpParameterFromZod(fieldName, schema, contractName)
|
|
12017
|
+
]
|
|
12018
|
+
);
|
|
9751
12019
|
return {
|
|
9752
12020
|
...base,
|
|
9753
12021
|
parameters: Object.fromEntries(
|
|
@@ -9856,9 +12124,16 @@ function surfaceContract(args) {
|
|
|
9856
12124
|
scopes: args.scopes ?? [
|
|
9857
12125
|
args.kind === "query" ? `${args.domain}.read` : `${args.domain}.write`
|
|
9858
12126
|
],
|
|
9859
|
-
allowedPrincipalTypes: [
|
|
12127
|
+
allowedPrincipalTypes: [
|
|
12128
|
+
"user",
|
|
12129
|
+
"service",
|
|
12130
|
+
"agent",
|
|
12131
|
+
"group",
|
|
12132
|
+
"external_viewer"
|
|
12133
|
+
]
|
|
9860
12134
|
},
|
|
9861
12135
|
convex: args.convex,
|
|
12136
|
+
gateway: args.gateway,
|
|
9862
12137
|
args: canonicalArgs,
|
|
9863
12138
|
returns: canonicalReturns,
|
|
9864
12139
|
input,
|
|
@@ -9997,8 +12272,6 @@ var contextContracts = [
|
|
|
9997
12272
|
args: observationContextArgs
|
|
9998
12273
|
})
|
|
9999
12274
|
];
|
|
10000
|
-
|
|
10001
|
-
// ../contracts/src/function-registry/identity.ts
|
|
10002
12275
|
var withPrincipal = (input, context) => ({
|
|
10003
12276
|
...input,
|
|
10004
12277
|
tenantId: input.tenantId ?? context.tenantId,
|
|
@@ -10017,11 +12290,30 @@ var identityContracts = [
|
|
|
10017
12290
|
sdkNamespace: "identity",
|
|
10018
12291
|
sdkMethod: "whoami",
|
|
10019
12292
|
summary: "Describe the current gateway principal.",
|
|
12293
|
+
gateway: {
|
|
12294
|
+
handler: "identity.whoami"
|
|
12295
|
+
}
|
|
12296
|
+
}),
|
|
12297
|
+
surfaceContract({
|
|
12298
|
+
name: "resolve_interactive_principal",
|
|
12299
|
+
kind: "query",
|
|
12300
|
+
domain: "controlPlane",
|
|
12301
|
+
surfaceClass: "platform_public",
|
|
12302
|
+
method: "POST",
|
|
12303
|
+
path: "/control-plane/identity/resolve-interactive-principal",
|
|
12304
|
+
sdkNamespace: "controlPlane.identity",
|
|
12305
|
+
sdkMethod: "resolveInteractivePrincipal",
|
|
12306
|
+
summary: "Resolve an authenticated Clerk user into a Permit-backed Lucern principal context.",
|
|
12307
|
+
args: z.object({
|
|
12308
|
+
clerkId: z.string().min(1),
|
|
12309
|
+
tenantId: z.string().min(1).optional(),
|
|
12310
|
+
workspaceId: z.string().min(1).optional(),
|
|
12311
|
+
providerProjectId: z.string().min(1).optional()
|
|
12312
|
+
}),
|
|
10020
12313
|
convex: {
|
|
10021
|
-
module: "
|
|
10022
|
-
functionName: "
|
|
10023
|
-
kind: "query"
|
|
10024
|
-
inputProjection: withPrincipal
|
|
12314
|
+
module: "platform",
|
|
12315
|
+
functionName: "resolveInteractivePrincipal",
|
|
12316
|
+
kind: "query"
|
|
10025
12317
|
}
|
|
10026
12318
|
}),
|
|
10027
12319
|
surfaceContract({
|
|
@@ -10103,15 +12395,6 @@ var beliefLookupInput = (input) => compactRecord4({
|
|
|
10103
12395
|
var beliefNodeInput = (input) => compactRecord4({
|
|
10104
12396
|
nodeId: input.nodeId ?? input.id ?? input.beliefId
|
|
10105
12397
|
});
|
|
10106
|
-
var beliefTopicInput = (input) => {
|
|
10107
|
-
const parsed = listBeliefsProjection.inputSchema.safeParse(input);
|
|
10108
|
-
if (!parsed.success) {
|
|
10109
|
-
throw new Error(
|
|
10110
|
-
`list_beliefs projection input rejected: ${parsed.error.message}`
|
|
10111
|
-
);
|
|
10112
|
-
}
|
|
10113
|
-
return compactRecord4(listBeliefsProjection.project(parsed.data));
|
|
10114
|
-
};
|
|
10115
12398
|
var createBeliefInput = (input, context) => {
|
|
10116
12399
|
return withUserId(
|
|
10117
12400
|
compactRecord4({
|
|
@@ -10200,11 +12483,8 @@ var beliefsContracts = [
|
|
|
10200
12483
|
sdkNamespace: "beliefs",
|
|
10201
12484
|
sdkMethod: "listBeliefs",
|
|
10202
12485
|
summary: "List beliefs for a topic.",
|
|
10203
|
-
|
|
10204
|
-
|
|
10205
|
-
functionName: "getByTopic",
|
|
10206
|
-
kind: "query",
|
|
10207
|
-
inputProjection: beliefTopicInput
|
|
12486
|
+
gateway: {
|
|
12487
|
+
handler: "beliefs.list"
|
|
10208
12488
|
},
|
|
10209
12489
|
args: listBeliefsInputSchema
|
|
10210
12490
|
}),
|
|
@@ -10345,7 +12625,7 @@ var beliefsContracts = [
|
|
|
10345
12625
|
})
|
|
10346
12626
|
];
|
|
10347
12627
|
var jsonRecordSchema4 = z.record(z.unknown());
|
|
10348
|
-
var evidenceRelationSchema = z.enum(["supports", "contradicts"
|
|
12628
|
+
var evidenceRelationSchema = z.enum(["supports", "contradicts"]);
|
|
10349
12629
|
var createEvidenceArgs = z.object({
|
|
10350
12630
|
topicId: z.string().optional().describe("Topic scope for the evidence."),
|
|
10351
12631
|
text: z.string().describe("Canonical evidence text."),
|
|
@@ -10389,12 +12669,6 @@ var evidenceIdInput = (input) => compactRecord4({
|
|
|
10389
12669
|
insightId: input.insightId,
|
|
10390
12670
|
nodeId: input.nodeId ?? input.id ?? input.evidenceId
|
|
10391
12671
|
});
|
|
10392
|
-
var evidenceTopicInput = (input) => compactRecord4({
|
|
10393
|
-
topicId: input.topicId,
|
|
10394
|
-
status: input.status,
|
|
10395
|
-
userId: input.userId,
|
|
10396
|
-
limit: input.limit
|
|
10397
|
-
});
|
|
10398
12672
|
var createEvidenceInput = (input, context) => {
|
|
10399
12673
|
const parsed = createEvidenceProjection.inputSchema.safeParse(input);
|
|
10400
12674
|
if (!parsed.success) {
|
|
@@ -10525,11 +12799,8 @@ var evidenceContracts = [
|
|
|
10525
12799
|
sdkNamespace: "evidence",
|
|
10526
12800
|
sdkMethod: "listEvidence",
|
|
10527
12801
|
summary: "List evidence for a topic.",
|
|
10528
|
-
|
|
10529
|
-
|
|
10530
|
-
functionName: "getByTopic",
|
|
10531
|
-
kind: "query",
|
|
10532
|
-
inputProjection: evidenceTopicInput
|
|
12802
|
+
gateway: {
|
|
12803
|
+
handler: "evidence.list"
|
|
10533
12804
|
}
|
|
10534
12805
|
}),
|
|
10535
12806
|
surfaceContract({
|
|
@@ -10764,11 +13035,8 @@ var questionsContracts = [
|
|
|
10764
13035
|
sdkNamespace: "questions",
|
|
10765
13036
|
sdkMethod: "listQuestions",
|
|
10766
13037
|
summary: "List questions for a topic.",
|
|
10767
|
-
|
|
10768
|
-
|
|
10769
|
-
functionName: "getByTopic",
|
|
10770
|
-
kind: "query",
|
|
10771
|
-
inputProjection: questionTopicInput
|
|
13038
|
+
gateway: {
|
|
13039
|
+
handler: "questions.list"
|
|
10772
13040
|
}
|
|
10773
13041
|
}),
|
|
10774
13042
|
surfaceContract({
|
|
@@ -10971,18 +13239,50 @@ var questionsContracts = [
|
|
|
10971
13239
|
args: falsificationQuestionsArgs
|
|
10972
13240
|
})
|
|
10973
13241
|
];
|
|
13242
|
+
var topicVisibilitySchema = z.enum([
|
|
13243
|
+
"private",
|
|
13244
|
+
"team",
|
|
13245
|
+
"firm",
|
|
13246
|
+
"external",
|
|
13247
|
+
"public"
|
|
13248
|
+
]);
|
|
13249
|
+
var topicStatusSchema = z.enum(["active", "archived", "watching"]);
|
|
13250
|
+
var createTopicArgs = z.object({
|
|
13251
|
+
globalId: z.string().optional().describe("Optional idempotent topic global ID."),
|
|
13252
|
+
name: z.string().describe("Topic name."),
|
|
13253
|
+
description: z.string().optional().describe("Topic description."),
|
|
13254
|
+
type: z.string().describe("Topic type."),
|
|
13255
|
+
parentTopicId: z.string().optional().describe("Optional parent topic ID."),
|
|
13256
|
+
parentTopicGlobalId: z.string().optional().describe("Optional parent topic global ID."),
|
|
13257
|
+
ontologyId: z.string().optional().describe("Ontology to bind."),
|
|
13258
|
+
tenantId: z.string().optional().describe("Optional tenant scope."),
|
|
13259
|
+
workspaceId: z.string().optional().describe("Optional workspace scope."),
|
|
13260
|
+
visibility: topicVisibilitySchema.optional().describe("Topic visibility."),
|
|
13261
|
+
metadata: z.record(z.unknown()).optional().describe("Topic metadata."),
|
|
13262
|
+
graphScopeProjectId: z.string().optional(),
|
|
13263
|
+
createdBy: z.string().optional()
|
|
13264
|
+
});
|
|
10974
13265
|
var updateTopicArgs = z.object({
|
|
10975
13266
|
id: z.string().describe("Topic ID."),
|
|
10976
13267
|
topicId: z.string().optional().describe("Topic ID alias."),
|
|
10977
13268
|
name: z.string().optional().describe("Topic name."),
|
|
10978
13269
|
description: z.string().optional().describe("Topic description."),
|
|
10979
13270
|
type: z.string().optional().describe("Topic type."),
|
|
10980
|
-
status:
|
|
10981
|
-
visibility:
|
|
13271
|
+
status: topicStatusSchema.optional().describe("Topic status."),
|
|
13272
|
+
visibility: topicVisibilitySchema.optional().describe("Topic visibility."),
|
|
10982
13273
|
ontologyId: z.string().optional().describe("Ontology to bind."),
|
|
10983
13274
|
clearOntologyId: z.boolean().optional().describe("Whether to clear the ontology binding."),
|
|
10984
13275
|
metadata: z.record(z.unknown()).optional().describe("Topic metadata.")
|
|
10985
13276
|
});
|
|
13277
|
+
var materializeTopicGraphArgs = z.object({
|
|
13278
|
+
rootTopicId: z.string().optional().describe("Optional root topic ID."),
|
|
13279
|
+
dryRun: z.boolean().optional().describe("Report missing rows without writing."),
|
|
13280
|
+
createdBy: z.string().optional()
|
|
13281
|
+
});
|
|
13282
|
+
var getTopicGraphSpineArgs = z.object({
|
|
13283
|
+
rootTopicId: z.string().optional().describe("Optional root topic ID."),
|
|
13284
|
+
includeTopicBeliefEdges: z.boolean().optional()
|
|
13285
|
+
});
|
|
10986
13286
|
var topicIdInput = (input) => compactRecord4({
|
|
10987
13287
|
id: input.id ?? input.topicId
|
|
10988
13288
|
});
|
|
@@ -11000,87 +13300,488 @@ var updateTopicInput = (input) => compactRecord4({
|
|
|
11000
13300
|
});
|
|
11001
13301
|
var topicsContracts = [
|
|
11002
13302
|
surfaceContract({
|
|
11003
|
-
name: "create_topic",
|
|
13303
|
+
name: "create_topic",
|
|
13304
|
+
kind: "mutation",
|
|
13305
|
+
domain: "topics",
|
|
13306
|
+
surfaceClass: "platform_public",
|
|
13307
|
+
path: "/topics",
|
|
13308
|
+
sdkNamespace: "topics",
|
|
13309
|
+
sdkMethod: "createTopic",
|
|
13310
|
+
summary: "Create a topic.",
|
|
13311
|
+
convex: {
|
|
13312
|
+
module: "topics",
|
|
13313
|
+
functionName: "create",
|
|
13314
|
+
kind: "mutation",
|
|
13315
|
+
inputProjection: withCreatedBy
|
|
13316
|
+
},
|
|
13317
|
+
args: createTopicArgs
|
|
13318
|
+
}),
|
|
13319
|
+
surfaceContract({
|
|
13320
|
+
name: "get_topic",
|
|
13321
|
+
kind: "query",
|
|
13322
|
+
domain: "topics",
|
|
13323
|
+
surfaceClass: "platform_public",
|
|
13324
|
+
method: "GET",
|
|
13325
|
+
path: "/topics/get",
|
|
13326
|
+
sdkNamespace: "topics",
|
|
13327
|
+
sdkMethod: "getTopic",
|
|
13328
|
+
summary: "Get a topic.",
|
|
13329
|
+
convex: {
|
|
13330
|
+
module: "topics",
|
|
13331
|
+
functionName: "get",
|
|
13332
|
+
kind: "query",
|
|
13333
|
+
inputProjection: topicIdInput
|
|
13334
|
+
}
|
|
13335
|
+
}),
|
|
13336
|
+
surfaceContract({
|
|
13337
|
+
name: "list_topics",
|
|
13338
|
+
kind: "query",
|
|
13339
|
+
domain: "topics",
|
|
13340
|
+
surfaceClass: "platform_public",
|
|
13341
|
+
method: "GET",
|
|
13342
|
+
path: "/topics",
|
|
13343
|
+
sdkNamespace: "topics",
|
|
13344
|
+
sdkMethod: "listTopics",
|
|
13345
|
+
summary: "List topics.",
|
|
13346
|
+
convex: {
|
|
13347
|
+
module: "topics",
|
|
13348
|
+
functionName: "list",
|
|
13349
|
+
kind: "query"
|
|
13350
|
+
}
|
|
13351
|
+
}),
|
|
13352
|
+
surfaceContract({
|
|
13353
|
+
name: "update_topic",
|
|
13354
|
+
kind: "mutation",
|
|
13355
|
+
domain: "topics",
|
|
13356
|
+
surfaceClass: "platform_public",
|
|
13357
|
+
method: "PATCH",
|
|
13358
|
+
path: "/topics",
|
|
13359
|
+
sdkNamespace: "topics",
|
|
13360
|
+
sdkMethod: "updateTopic",
|
|
13361
|
+
summary: "Update a topic.",
|
|
13362
|
+
convex: {
|
|
13363
|
+
module: "topics",
|
|
13364
|
+
functionName: "update",
|
|
13365
|
+
kind: "mutation",
|
|
13366
|
+
inputProjection: updateTopicInput
|
|
13367
|
+
},
|
|
13368
|
+
args: updateTopicArgs
|
|
13369
|
+
}),
|
|
13370
|
+
surfaceContract({
|
|
13371
|
+
name: "get_topic_tree",
|
|
13372
|
+
kind: "query",
|
|
13373
|
+
domain: "topics",
|
|
13374
|
+
surfaceClass: "platform_public",
|
|
13375
|
+
method: "GET",
|
|
13376
|
+
path: "/topics/tree",
|
|
13377
|
+
sdkNamespace: "topics",
|
|
13378
|
+
sdkMethod: "getTopicTree",
|
|
13379
|
+
summary: "Get a topic tree.",
|
|
13380
|
+
convex: {
|
|
13381
|
+
module: "topics",
|
|
13382
|
+
functionName: "getTree",
|
|
13383
|
+
kind: "query"
|
|
13384
|
+
}
|
|
13385
|
+
}),
|
|
13386
|
+
surfaceContract({
|
|
13387
|
+
name: "materialize_topic_graph",
|
|
13388
|
+
kind: "mutation",
|
|
13389
|
+
domain: "topics",
|
|
13390
|
+
surfaceClass: "platform_public",
|
|
13391
|
+
path: "/topics/materialize-graph",
|
|
13392
|
+
sdkNamespace: "topics",
|
|
13393
|
+
sdkMethod: "materializeTopicGraph",
|
|
13394
|
+
summary: "Materialize topic nodes and parent-child graph edges.",
|
|
13395
|
+
convex: {
|
|
13396
|
+
module: "topics",
|
|
13397
|
+
functionName: "materializeTopicGraph",
|
|
13398
|
+
kind: "mutation",
|
|
13399
|
+
inputProjection: withCreatedBy
|
|
13400
|
+
},
|
|
13401
|
+
args: materializeTopicGraphArgs
|
|
13402
|
+
}),
|
|
13403
|
+
surfaceContract({
|
|
13404
|
+
name: "get_topic_graph_spine",
|
|
13405
|
+
kind: "query",
|
|
13406
|
+
domain: "topics",
|
|
13407
|
+
surfaceClass: "platform_public",
|
|
13408
|
+
method: "GET",
|
|
13409
|
+
path: "/topics/graph-spine",
|
|
13410
|
+
sdkNamespace: "topics",
|
|
13411
|
+
sdkMethod: "getTopicGraphSpine",
|
|
13412
|
+
summary: "Verify topic nodes and parent-child graph edges.",
|
|
13413
|
+
convex: {
|
|
13414
|
+
module: "topics",
|
|
13415
|
+
functionName: "getTopicGraphSpine",
|
|
13416
|
+
kind: "query"
|
|
13417
|
+
},
|
|
13418
|
+
args: getTopicGraphSpineArgs
|
|
13419
|
+
})
|
|
13420
|
+
];
|
|
13421
|
+
var sourceTypeSchema2 = z.enum([
|
|
13422
|
+
"human",
|
|
13423
|
+
"ai_extracted",
|
|
13424
|
+
"ai_generated",
|
|
13425
|
+
"imported",
|
|
13426
|
+
"system",
|
|
13427
|
+
"verified",
|
|
13428
|
+
"proprietary"
|
|
13429
|
+
]);
|
|
13430
|
+
var verificationStatusSchema = z.enum([
|
|
13431
|
+
"unverified",
|
|
13432
|
+
"human_verified",
|
|
13433
|
+
"ai_verified",
|
|
13434
|
+
"contradicted",
|
|
13435
|
+
"outdated"
|
|
13436
|
+
]);
|
|
13437
|
+
var nodeStatusSchema = z.enum([
|
|
13438
|
+
"active",
|
|
13439
|
+
"superseded",
|
|
13440
|
+
"archived",
|
|
13441
|
+
"deleted"
|
|
13442
|
+
]);
|
|
13443
|
+
var externalIdsArgs = z.object({
|
|
13444
|
+
crunchbase: z.string().optional(),
|
|
13445
|
+
linkedin: z.string().optional(),
|
|
13446
|
+
pitchbook: z.string().optional(),
|
|
13447
|
+
twitter: z.string().optional(),
|
|
13448
|
+
website: z.string().optional()
|
|
13449
|
+
}).optional();
|
|
13450
|
+
var createEpistemicNodeItemArgs = z.object({
|
|
13451
|
+
globalId: z.string().optional().describe("Optional idempotent node global ID."),
|
|
13452
|
+
nodeType: NODE_TYPE.describe("Public epistemic node type."),
|
|
13453
|
+
subtype: z.string().optional(),
|
|
13454
|
+
canonicalText: z.string().optional().describe("Canonical node text."),
|
|
13455
|
+
text: z.string().optional().describe("Alias for canonicalText."),
|
|
13456
|
+
contentHash: z.string().optional().describe("Optional idempotency content hash."),
|
|
13457
|
+
content: z.string().optional(),
|
|
13458
|
+
contentType: z.string().optional(),
|
|
13459
|
+
title: z.string().optional(),
|
|
13460
|
+
tags: z.array(z.string()).optional(),
|
|
13461
|
+
domain: z.string().optional(),
|
|
13462
|
+
metadata: z.record(z.unknown()).optional(),
|
|
13463
|
+
externalIds: externalIdsArgs,
|
|
13464
|
+
sourceType: sourceTypeSchema2.optional(),
|
|
13465
|
+
aiProvider: z.string().optional(),
|
|
13466
|
+
extractedFromNodeId: z.string().optional(),
|
|
13467
|
+
confidence: z.number().optional(),
|
|
13468
|
+
verificationStatus: verificationStatusSchema.optional(),
|
|
13469
|
+
topicId: z.string().optional(),
|
|
13470
|
+
projectId: z.string().optional(),
|
|
13471
|
+
createdBy: z.string().optional(),
|
|
13472
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13473
|
+
});
|
|
13474
|
+
var createEpistemicNodeArgs = createEpistemicNodeItemArgs;
|
|
13475
|
+
var batchCreateEpistemicNodesArgs = z.object({
|
|
13476
|
+
nodes: z.array(createEpistemicNodeItemArgs)
|
|
13477
|
+
});
|
|
13478
|
+
var getEpistemicNodeArgs = z.object({
|
|
13479
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13480
|
+
globalId: z.string().optional().describe("Node global ID alias.")
|
|
13481
|
+
});
|
|
13482
|
+
var listEpistemicNodesArgs = z.object({
|
|
13483
|
+
topicId: z.string().optional(),
|
|
13484
|
+
projectId: z.string().optional(),
|
|
13485
|
+
nodeType: NODE_TYPE.optional(),
|
|
13486
|
+
status: nodeStatusSchema.optional(),
|
|
13487
|
+
searchQuery: z.string().optional(),
|
|
13488
|
+
query: z.string().optional(),
|
|
13489
|
+
limit: z.number().optional()
|
|
13490
|
+
});
|
|
13491
|
+
var updateEpistemicNodeArgs = z.object({
|
|
13492
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13493
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13494
|
+
subtype: z.string().optional(),
|
|
13495
|
+
canonicalText: z.string().optional(),
|
|
13496
|
+
text: z.string().optional(),
|
|
13497
|
+
contentHash: z.string().optional(),
|
|
13498
|
+
content: z.string().optional(),
|
|
13499
|
+
contentType: z.string().optional(),
|
|
13500
|
+
title: z.string().optional(),
|
|
13501
|
+
tags: z.array(z.string()).optional(),
|
|
13502
|
+
domain: z.string().optional(),
|
|
13503
|
+
metadata: z.record(z.unknown()).optional(),
|
|
13504
|
+
externalIds: externalIdsArgs,
|
|
13505
|
+
confidence: z.number().optional(),
|
|
13506
|
+
verificationStatus: verificationStatusSchema.optional(),
|
|
13507
|
+
status: nodeStatusSchema.optional(),
|
|
13508
|
+
userId: z.string().optional(),
|
|
13509
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13510
|
+
});
|
|
13511
|
+
var archiveEpistemicNodeArgs = z.object({
|
|
13512
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13513
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13514
|
+
userId: z.string().optional(),
|
|
13515
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13516
|
+
});
|
|
13517
|
+
var verifyEpistemicNodeArgs = z.object({
|
|
13518
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13519
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13520
|
+
verificationStatus: verificationStatusSchema,
|
|
13521
|
+
confidence: z.number().optional(),
|
|
13522
|
+
userId: z.string().optional()
|
|
13523
|
+
});
|
|
13524
|
+
var supersedeEpistemicNodeArgs = z.object({
|
|
13525
|
+
oldNodeId: z.string().describe("Node ID or global ID to supersede."),
|
|
13526
|
+
nodeId: z.string().optional().describe("Old node ID alias."),
|
|
13527
|
+
newGlobalId: z.string().optional(),
|
|
13528
|
+
newCanonicalText: z.string().optional(),
|
|
13529
|
+
text: z.string().optional(),
|
|
13530
|
+
canonicalText: z.string().optional(),
|
|
13531
|
+
newContentHash: z.string().optional(),
|
|
13532
|
+
reason: z.string().optional(),
|
|
13533
|
+
createdBy: z.string().optional(),
|
|
13534
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13535
|
+
});
|
|
13536
|
+
function generatedGlobalId(prefix) {
|
|
13537
|
+
return `${prefix}:${crypto.randomUUID()}`;
|
|
13538
|
+
}
|
|
13539
|
+
function resolveCanonicalText(input) {
|
|
13540
|
+
const text = input.canonicalText ?? input.text ?? input.title ?? input.content;
|
|
13541
|
+
if (typeof text !== "string" || text.trim().length === 0) {
|
|
13542
|
+
throw new Error("canonicalText or text is required.");
|
|
13543
|
+
}
|
|
13544
|
+
return text;
|
|
13545
|
+
}
|
|
13546
|
+
function createNodeInput(input, context) {
|
|
13547
|
+
const canonicalText = resolveCanonicalText(input);
|
|
13548
|
+
const nodeType = String(input.nodeType);
|
|
13549
|
+
return withCreatedBy(
|
|
13550
|
+
compactRecord4({
|
|
13551
|
+
globalId: typeof input.globalId === "string" && input.globalId.trim() ? input.globalId : generatedGlobalId(nodeType),
|
|
13552
|
+
nodeType,
|
|
13553
|
+
subtype: input.subtype,
|
|
13554
|
+
canonicalText,
|
|
13555
|
+
contentHash: typeof input.contentHash === "string" && input.contentHash.trim() ? input.contentHash : `${nodeType}:${canonicalText}`,
|
|
13556
|
+
content: input.content,
|
|
13557
|
+
contentType: input.contentType,
|
|
13558
|
+
title: input.title,
|
|
13559
|
+
tags: input.tags,
|
|
13560
|
+
domain: input.domain,
|
|
13561
|
+
metadata: input.metadata,
|
|
13562
|
+
externalIds: input.externalIds,
|
|
13563
|
+
sourceType: typeof input.sourceType === "string" && input.sourceType.trim() ? input.sourceType : "human",
|
|
13564
|
+
aiProvider: input.aiProvider,
|
|
13565
|
+
extractedFromNodeId: input.extractedFromNodeId,
|
|
13566
|
+
confidence: input.confidence,
|
|
13567
|
+
verificationStatus: input.verificationStatus,
|
|
13568
|
+
topicId: input.topicId,
|
|
13569
|
+
projectId: input.projectId
|
|
13570
|
+
}),
|
|
13571
|
+
context
|
|
13572
|
+
);
|
|
13573
|
+
}
|
|
13574
|
+
var getNodeInput = (input) => compactRecord4({
|
|
13575
|
+
nodeId: input.nodeId ?? input.globalId
|
|
13576
|
+
});
|
|
13577
|
+
var listNodesInput = (input) => compactRecord4({
|
|
13578
|
+
topicId: input.topicId,
|
|
13579
|
+
projectId: input.projectId,
|
|
13580
|
+
nodeType: input.nodeType,
|
|
13581
|
+
status: input.status,
|
|
13582
|
+
searchQuery: input.searchQuery ?? input.query,
|
|
13583
|
+
limit: input.limit
|
|
13584
|
+
});
|
|
13585
|
+
var updateNodeInput = (input, context) => withUserId(
|
|
13586
|
+
compactRecord4({
|
|
13587
|
+
nodeId: input.nodeId ?? input.id,
|
|
13588
|
+
subtype: input.subtype,
|
|
13589
|
+
canonicalText: input.canonicalText ?? input.text,
|
|
13590
|
+
contentHash: input.contentHash,
|
|
13591
|
+
content: input.content,
|
|
13592
|
+
contentType: input.contentType,
|
|
13593
|
+
title: input.title,
|
|
13594
|
+
tags: input.tags,
|
|
13595
|
+
domain: input.domain,
|
|
13596
|
+
metadata: input.metadata,
|
|
13597
|
+
externalIds: input.externalIds,
|
|
13598
|
+
confidence: input.confidence,
|
|
13599
|
+
verificationStatus: input.verificationStatus,
|
|
13600
|
+
status: input.status,
|
|
13601
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13602
|
+
}),
|
|
13603
|
+
context
|
|
13604
|
+
);
|
|
13605
|
+
var archiveNodeInput = (input, context) => withUserId(
|
|
13606
|
+
compactRecord4({
|
|
13607
|
+
nodeId: input.nodeId ?? input.id,
|
|
13608
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13609
|
+
}),
|
|
13610
|
+
context
|
|
13611
|
+
);
|
|
13612
|
+
var verifyNodeInput = (input, context) => withUserId(
|
|
13613
|
+
compactRecord4({
|
|
13614
|
+
nodeId: input.nodeId ?? input.id,
|
|
13615
|
+
verificationStatus: input.verificationStatus,
|
|
13616
|
+
confidence: input.confidence
|
|
13617
|
+
}),
|
|
13618
|
+
context
|
|
13619
|
+
);
|
|
13620
|
+
var supersedeNodeInput = (input, context) => {
|
|
13621
|
+
const newCanonicalText = input.newCanonicalText ?? input.canonicalText ?? input.text;
|
|
13622
|
+
if (typeof newCanonicalText !== "string" || newCanonicalText.trim().length === 0) {
|
|
13623
|
+
throw new Error("newCanonicalText or text is required.");
|
|
13624
|
+
}
|
|
13625
|
+
return {
|
|
13626
|
+
oldNodeId: input.oldNodeId ?? input.nodeId,
|
|
13627
|
+
newGlobalId: typeof input.newGlobalId === "string" && input.newGlobalId.trim() ? input.newGlobalId : generatedGlobalId("node"),
|
|
13628
|
+
newCanonicalText,
|
|
13629
|
+
newContentHash: typeof input.newContentHash === "string" && input.newContentHash.trim() ? input.newContentHash : `superseded:${newCanonicalText}`,
|
|
13630
|
+
createdBy: typeof input.createdBy === "string" ? input.createdBy : authUserId(context),
|
|
13631
|
+
reason: input.reason,
|
|
13632
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13633
|
+
};
|
|
13634
|
+
};
|
|
13635
|
+
var batchCreateNodesInput = (input, context) => {
|
|
13636
|
+
const nodes = Array.isArray(input.nodes) ? input.nodes : [];
|
|
13637
|
+
return {
|
|
13638
|
+
nodes: nodes.map(
|
|
13639
|
+
(node) => createNodeInput(
|
|
13640
|
+
node && typeof node === "object" ? node : {},
|
|
13641
|
+
context
|
|
13642
|
+
)
|
|
13643
|
+
)
|
|
13644
|
+
};
|
|
13645
|
+
};
|
|
13646
|
+
var nodesContracts = [
|
|
13647
|
+
surfaceContract({
|
|
13648
|
+
name: "create_epistemic_node",
|
|
11004
13649
|
kind: "mutation",
|
|
11005
|
-
domain: "
|
|
13650
|
+
domain: "nodes",
|
|
11006
13651
|
surfaceClass: "platform_public",
|
|
11007
|
-
path: "/
|
|
11008
|
-
sdkNamespace: "
|
|
11009
|
-
sdkMethod: "
|
|
11010
|
-
summary: "Create a
|
|
13652
|
+
path: "/nodes",
|
|
13653
|
+
sdkNamespace: "nodes",
|
|
13654
|
+
sdkMethod: "createEpistemicNode",
|
|
13655
|
+
summary: "Create a generic epistemic graph node.",
|
|
11011
13656
|
convex: {
|
|
11012
|
-
module: "
|
|
13657
|
+
module: "nodes",
|
|
11013
13658
|
functionName: "create",
|
|
11014
13659
|
kind: "mutation",
|
|
11015
|
-
inputProjection:
|
|
11016
|
-
}
|
|
13660
|
+
inputProjection: createNodeInput
|
|
13661
|
+
},
|
|
13662
|
+
args: createEpistemicNodeArgs
|
|
11017
13663
|
}),
|
|
11018
13664
|
surfaceContract({
|
|
11019
|
-
name: "
|
|
13665
|
+
name: "get_epistemic_node",
|
|
11020
13666
|
kind: "query",
|
|
11021
|
-
domain: "
|
|
13667
|
+
domain: "nodes",
|
|
11022
13668
|
surfaceClass: "platform_public",
|
|
11023
13669
|
method: "GET",
|
|
11024
|
-
path: "/
|
|
11025
|
-
sdkNamespace: "
|
|
11026
|
-
sdkMethod: "
|
|
11027
|
-
summary: "Get a
|
|
13670
|
+
path: "/nodes/get",
|
|
13671
|
+
sdkNamespace: "nodes",
|
|
13672
|
+
sdkMethod: "getEpistemicNode",
|
|
13673
|
+
summary: "Get a generic epistemic graph node.",
|
|
11028
13674
|
convex: {
|
|
11029
|
-
module: "
|
|
13675
|
+
module: "nodes",
|
|
11030
13676
|
functionName: "get",
|
|
11031
13677
|
kind: "query",
|
|
11032
|
-
inputProjection:
|
|
11033
|
-
}
|
|
13678
|
+
inputProjection: getNodeInput
|
|
13679
|
+
},
|
|
13680
|
+
args: getEpistemicNodeArgs
|
|
11034
13681
|
}),
|
|
11035
13682
|
surfaceContract({
|
|
11036
|
-
name: "
|
|
13683
|
+
name: "list_epistemic_nodes",
|
|
11037
13684
|
kind: "query",
|
|
11038
|
-
domain: "
|
|
13685
|
+
domain: "nodes",
|
|
11039
13686
|
surfaceClass: "platform_public",
|
|
11040
13687
|
method: "GET",
|
|
11041
|
-
path: "/
|
|
11042
|
-
sdkNamespace: "
|
|
11043
|
-
sdkMethod: "
|
|
11044
|
-
summary: "List
|
|
13688
|
+
path: "/nodes",
|
|
13689
|
+
sdkNamespace: "nodes",
|
|
13690
|
+
sdkMethod: "listEpistemicNodes",
|
|
13691
|
+
summary: "List generic epistemic graph nodes.",
|
|
11045
13692
|
convex: {
|
|
11046
|
-
module: "
|
|
13693
|
+
module: "nodes",
|
|
11047
13694
|
functionName: "list",
|
|
11048
|
-
kind: "query"
|
|
11049
|
-
|
|
13695
|
+
kind: "query",
|
|
13696
|
+
inputProjection: listNodesInput
|
|
13697
|
+
},
|
|
13698
|
+
args: listEpistemicNodesArgs
|
|
11050
13699
|
}),
|
|
11051
13700
|
surfaceContract({
|
|
11052
|
-
name: "
|
|
13701
|
+
name: "update_epistemic_node",
|
|
11053
13702
|
kind: "mutation",
|
|
11054
|
-
domain: "
|
|
13703
|
+
domain: "nodes",
|
|
11055
13704
|
surfaceClass: "platform_public",
|
|
11056
13705
|
method: "PATCH",
|
|
11057
|
-
path: "/
|
|
11058
|
-
sdkNamespace: "
|
|
11059
|
-
sdkMethod: "
|
|
11060
|
-
summary: "Update a
|
|
13706
|
+
path: "/nodes",
|
|
13707
|
+
sdkNamespace: "nodes",
|
|
13708
|
+
sdkMethod: "updateEpistemicNode",
|
|
13709
|
+
summary: "Update a generic epistemic graph node.",
|
|
11061
13710
|
convex: {
|
|
11062
|
-
module: "
|
|
13711
|
+
module: "nodes",
|
|
11063
13712
|
functionName: "update",
|
|
11064
13713
|
kind: "mutation",
|
|
11065
|
-
inputProjection:
|
|
13714
|
+
inputProjection: updateNodeInput
|
|
11066
13715
|
},
|
|
11067
|
-
args:
|
|
13716
|
+
args: updateEpistemicNodeArgs
|
|
11068
13717
|
}),
|
|
11069
13718
|
surfaceContract({
|
|
11070
|
-
name: "
|
|
11071
|
-
kind: "
|
|
11072
|
-
domain: "
|
|
13719
|
+
name: "archive_epistemic_node",
|
|
13720
|
+
kind: "mutation",
|
|
13721
|
+
domain: "nodes",
|
|
11073
13722
|
surfaceClass: "platform_public",
|
|
11074
|
-
|
|
11075
|
-
|
|
11076
|
-
|
|
11077
|
-
|
|
11078
|
-
summary: "Get a topic tree.",
|
|
13723
|
+
path: "/nodes/archive",
|
|
13724
|
+
sdkNamespace: "nodes",
|
|
13725
|
+
sdkMethod: "archiveEpistemicNode",
|
|
13726
|
+
summary: "Archive a generic epistemic graph node.",
|
|
11079
13727
|
convex: {
|
|
11080
|
-
module: "
|
|
11081
|
-
functionName: "
|
|
11082
|
-
kind: "
|
|
11083
|
-
|
|
13728
|
+
module: "nodes",
|
|
13729
|
+
functionName: "archive",
|
|
13730
|
+
kind: "mutation",
|
|
13731
|
+
inputProjection: archiveNodeInput
|
|
13732
|
+
},
|
|
13733
|
+
args: archiveEpistemicNodeArgs
|
|
13734
|
+
}),
|
|
13735
|
+
surfaceContract({
|
|
13736
|
+
name: "verify_epistemic_node",
|
|
13737
|
+
kind: "mutation",
|
|
13738
|
+
domain: "nodes",
|
|
13739
|
+
surfaceClass: "platform_public",
|
|
13740
|
+
path: "/nodes/verify",
|
|
13741
|
+
sdkNamespace: "nodes",
|
|
13742
|
+
sdkMethod: "verifyEpistemicNode",
|
|
13743
|
+
summary: "Verify a generic epistemic graph node.",
|
|
13744
|
+
convex: {
|
|
13745
|
+
module: "nodes",
|
|
13746
|
+
functionName: "verify",
|
|
13747
|
+
kind: "mutation",
|
|
13748
|
+
inputProjection: verifyNodeInput
|
|
13749
|
+
},
|
|
13750
|
+
args: verifyEpistemicNodeArgs
|
|
13751
|
+
}),
|
|
13752
|
+
surfaceContract({
|
|
13753
|
+
name: "supersede_epistemic_node",
|
|
13754
|
+
kind: "mutation",
|
|
13755
|
+
domain: "nodes",
|
|
13756
|
+
surfaceClass: "platform_public",
|
|
13757
|
+
path: "/nodes/supersede",
|
|
13758
|
+
sdkNamespace: "nodes",
|
|
13759
|
+
sdkMethod: "supersedeEpistemicNode",
|
|
13760
|
+
summary: "Supersede a generic epistemic graph node.",
|
|
13761
|
+
convex: {
|
|
13762
|
+
module: "nodes",
|
|
13763
|
+
functionName: "supersede",
|
|
13764
|
+
kind: "mutation",
|
|
13765
|
+
inputProjection: supersedeNodeInput
|
|
13766
|
+
},
|
|
13767
|
+
args: supersedeEpistemicNodeArgs
|
|
13768
|
+
}),
|
|
13769
|
+
surfaceContract({
|
|
13770
|
+
name: "batch_create_epistemic_nodes",
|
|
13771
|
+
kind: "mutation",
|
|
13772
|
+
domain: "nodes",
|
|
13773
|
+
surfaceClass: "platform_public",
|
|
13774
|
+
path: "/nodes/batch",
|
|
13775
|
+
sdkNamespace: "nodes",
|
|
13776
|
+
sdkMethod: "batchCreateEpistemicNodes",
|
|
13777
|
+
summary: "Batch create generic epistemic graph nodes.",
|
|
13778
|
+
convex: {
|
|
13779
|
+
module: "nodes",
|
|
13780
|
+
functionName: "batchCreate",
|
|
13781
|
+
kind: "mutation",
|
|
13782
|
+
inputProjection: batchCreateNodesInput
|
|
13783
|
+
},
|
|
13784
|
+
args: batchCreateEpistemicNodesArgs
|
|
11084
13785
|
})
|
|
11085
13786
|
];
|
|
11086
13787
|
var lensPerspectiveSchema = z.enum([
|
|
@@ -11440,6 +14141,19 @@ var worktreeEvidenceSignalInputSchema = z.object({
|
|
|
11440
14141
|
progress: z.string().optional().describe("Collection progress note for the signal."),
|
|
11441
14142
|
notes: z.string().optional().describe("Additional evidence collection notes.")
|
|
11442
14143
|
}).passthrough().describe("Evidence signal embedded in the worktree plan.");
|
|
14144
|
+
var worktreeDocCompanionTargetSchema = z.object({
|
|
14145
|
+
docPath: z.string().describe(
|
|
14146
|
+
"Repo-relative path to a documentation file the worktree promises to update."
|
|
14147
|
+
),
|
|
14148
|
+
sectionAnchor: z.string().optional().describe(
|
|
14149
|
+
"Markdown heading anchor (e.g. '## Function-surface manifest') that scopes the promised update."
|
|
14150
|
+
),
|
|
14151
|
+
reason: z.string().describe(
|
|
14152
|
+
"Why this doc section must be updated for the worktree to be complete."
|
|
14153
|
+
)
|
|
14154
|
+
}).passthrough().describe(
|
|
14155
|
+
"Intent-driven docs companion target. pr-gate-reviewer verifies that the PR actually touches each declared (docPath, sectionAnchor). Distinct from the touch-driven docs-loop. See docs/development/docs-sync-discipline.md Lock 3."
|
|
14156
|
+
);
|
|
11443
14157
|
var worktreeDecisionGateInputSchema = z.object({
|
|
11444
14158
|
goCriteria: z.array(z.string()).describe("Criteria that must hold for the worktree to proceed."),
|
|
11445
14159
|
noGoSignals: z.array(z.string()).describe("Signals that stop or redirect the worktree."),
|
|
@@ -11472,6 +14186,9 @@ var addWorktreeArgs = z.object({
|
|
|
11472
14186
|
keyQuestions: z.array(worktreeKeyQuestionInputSchema).optional().describe("Inline key questions captured as part of the worktree plan."),
|
|
11473
14187
|
evidenceSignals: z.array(worktreeEvidenceSignalInputSchema).optional().describe("Evidence signals the worktree needs to collect or validate."),
|
|
11474
14188
|
decisionGate: worktreeDecisionGateInputSchema.optional(),
|
|
14189
|
+
docCompanionTargets: z.array(worktreeDocCompanionTargetSchema).optional().describe(
|
|
14190
|
+
"Doc sections the worktree promises to update at PR time. Enforced by pr-gate-reviewer (Lock 3)."
|
|
14191
|
+
),
|
|
11475
14192
|
goCriteria: z.array(z.string()).optional().describe("Shorthand go criteria used to build decisionGate."),
|
|
11476
14193
|
noGoSignals: z.array(z.string()).optional().describe("Shorthand no-go signals used to build decisionGate."),
|
|
11477
14194
|
proofArtifacts: z.array(z.unknown()).optional().describe("Expected proof artifacts required to close the worktree."),
|
|
@@ -11835,7 +14552,21 @@ var createTaskArgs = z.object({
|
|
|
11835
14552
|
linkedQuestionId: z.string().optional().describe("Question this task addresses."),
|
|
11836
14553
|
assigneeId: z.string().optional().describe("Principal assigned to the task."),
|
|
11837
14554
|
dueDate: z.number().optional().describe("Due date as epoch milliseconds."),
|
|
11838
|
-
tags: z.array(z.string()).optional().describe("Free-form tags.")
|
|
14555
|
+
tags: z.array(z.string()).optional().describe("Free-form tags."),
|
|
14556
|
+
metadata: z.record(z.unknown()).optional().describe("Structured task metadata for handoff context and routing hints.")
|
|
14557
|
+
});
|
|
14558
|
+
var updateTaskArgs = z.object({
|
|
14559
|
+
taskId: z.string().describe("Task to update."),
|
|
14560
|
+
title: z.string().optional().describe("Updated task title."),
|
|
14561
|
+
description: z.string().optional().describe("Updated task description."),
|
|
14562
|
+
priority: taskPrioritySchema.optional().describe("Updated priority."),
|
|
14563
|
+
status: taskStatusSchema2.optional().describe("Updated status."),
|
|
14564
|
+
linkedWorktreeId: z.string().optional().describe("Worktree this task belongs to."),
|
|
14565
|
+
linkedBeliefId: z.string().optional().describe("Belief this task supports."),
|
|
14566
|
+
linkedQuestionId: z.string().optional().describe("Question this task addresses."),
|
|
14567
|
+
assigneeId: z.string().optional().describe("Principal assigned to the task."),
|
|
14568
|
+
blockedReason: z.string().optional().describe("Reason the task is blocked or deferred."),
|
|
14569
|
+
metadata: z.record(z.unknown()).optional().describe("Structured task metadata for handoff context and routing hints.")
|
|
11839
14570
|
});
|
|
11840
14571
|
var createTaskInput = (input) => compactRecord4({
|
|
11841
14572
|
title: input.title,
|
|
@@ -11849,7 +14580,8 @@ var createTaskInput = (input) => compactRecord4({
|
|
|
11849
14580
|
linkedQuestionId: input.linkedQuestionId,
|
|
11850
14581
|
assigneeId: input.assigneeId,
|
|
11851
14582
|
dueDate: input.dueDate,
|
|
11852
|
-
tags: input.tags
|
|
14583
|
+
tags: input.tags,
|
|
14584
|
+
metadata: input.metadata
|
|
11853
14585
|
});
|
|
11854
14586
|
var taskInput = (input) => compactRecord4({
|
|
11855
14587
|
...input,
|
|
@@ -11866,8 +14598,7 @@ var taskTopicInput = (input) => {
|
|
|
11866
14598
|
};
|
|
11867
14599
|
var completeTaskInput = (input) => compactRecord4({
|
|
11868
14600
|
taskId: input.taskId ?? input.id,
|
|
11869
|
-
outputSummary: input.outputSummary ?? input.summary
|
|
11870
|
-
userId: input.userId
|
|
14601
|
+
outputSummary: input.outputSummary ?? input.summary
|
|
11871
14602
|
});
|
|
11872
14603
|
var tasksContracts = [
|
|
11873
14604
|
surfaceContract({
|
|
@@ -11885,6 +14616,7 @@ var tasksContracts = [
|
|
|
11885
14616
|
kind: "mutation",
|
|
11886
14617
|
inputProjection: createTaskInput
|
|
11887
14618
|
},
|
|
14619
|
+
gateway: { handler: "tasks.create" },
|
|
11888
14620
|
args: createTaskArgs
|
|
11889
14621
|
}),
|
|
11890
14622
|
surfaceContract({
|
|
@@ -11903,6 +14635,7 @@ var tasksContracts = [
|
|
|
11903
14635
|
kind: "query",
|
|
11904
14636
|
inputProjection: taskTopicInput
|
|
11905
14637
|
},
|
|
14638
|
+
gateway: { handler: "tasks.list" },
|
|
11906
14639
|
args: listTasksInputSchema
|
|
11907
14640
|
}),
|
|
11908
14641
|
surfaceContract({
|
|
@@ -11920,7 +14653,9 @@ var tasksContracts = [
|
|
|
11920
14653
|
functionName: "update",
|
|
11921
14654
|
kind: "mutation",
|
|
11922
14655
|
inputProjection: taskInput
|
|
11923
|
-
}
|
|
14656
|
+
},
|
|
14657
|
+
gateway: { handler: "tasks.update" },
|
|
14658
|
+
args: updateTaskArgs
|
|
11924
14659
|
}),
|
|
11925
14660
|
surfaceContract({
|
|
11926
14661
|
name: "complete_task",
|
|
@@ -11936,12 +14671,14 @@ var tasksContracts = [
|
|
|
11936
14671
|
functionName: "complete",
|
|
11937
14672
|
kind: "mutation",
|
|
11938
14673
|
inputProjection: completeTaskInput
|
|
11939
|
-
}
|
|
14674
|
+
},
|
|
14675
|
+
gateway: { handler: "tasks.complete" }
|
|
11940
14676
|
})
|
|
11941
14677
|
];
|
|
11942
14678
|
var CREATE_EDGE_TYPES = edgePolicyManifest.policies.map(
|
|
11943
14679
|
(policy) => policy.edgeType
|
|
11944
14680
|
);
|
|
14681
|
+
var REASONING_METHOD_TYPES = [...REASONING_METHODS];
|
|
11945
14682
|
var createEdgeArgs = z.object({
|
|
11946
14683
|
from: GraphRefSchema,
|
|
11947
14684
|
to: GraphRefSchema,
|
|
@@ -11951,10 +14688,37 @@ var createEdgeArgs = z.object({
|
|
|
11951
14688
|
confidence: z.number().optional(),
|
|
11952
14689
|
context: z.string().optional(),
|
|
11953
14690
|
reasoning: z.string().optional(),
|
|
14691
|
+
reasoningMethod: z.enum(REASONING_METHOD_TYPES).optional(),
|
|
11954
14692
|
derivationType: z.string().optional(),
|
|
14693
|
+
metadata: z.record(z.unknown()).optional(),
|
|
11955
14694
|
topicId: z.string().optional(),
|
|
11956
14695
|
trustedBypassAccessCheck: z.boolean().optional()
|
|
11957
14696
|
});
|
|
14697
|
+
var updateEdgeArgs = z.object({
|
|
14698
|
+
edgeId: z.string().describe("Edge ID or global ID."),
|
|
14699
|
+
weight: z.number().optional(),
|
|
14700
|
+
confidence: z.number().optional(),
|
|
14701
|
+
context: z.string().optional(),
|
|
14702
|
+
reasoning: z.string().optional(),
|
|
14703
|
+
derivationType: z.string().optional(),
|
|
14704
|
+
metadata: z.record(z.unknown()).optional(),
|
|
14705
|
+
userId: z.string().optional()
|
|
14706
|
+
});
|
|
14707
|
+
var removeEdgeArgs = z.object({
|
|
14708
|
+
edgeId: z.string().describe("Edge ID or global ID."),
|
|
14709
|
+
userId: z.string().optional()
|
|
14710
|
+
});
|
|
14711
|
+
var removeEdgesBetweenArgs = z.object({
|
|
14712
|
+
from: GraphRefSchema.optional(),
|
|
14713
|
+
to: GraphRefSchema.optional(),
|
|
14714
|
+
fromNodeId: z.string().optional(),
|
|
14715
|
+
toNodeId: z.string().optional(),
|
|
14716
|
+
edgeType: z.enum(CREATE_EDGE_TYPES).optional()
|
|
14717
|
+
});
|
|
14718
|
+
var batchCreateEdgesArgs = z.object({
|
|
14719
|
+
edges: z.array(createEdgeArgs),
|
|
14720
|
+
skipLayerValidation: z.boolean().optional()
|
|
14721
|
+
});
|
|
11958
14722
|
var queryLineageArgs = z.object({
|
|
11959
14723
|
nodeId: z.string().describe("Starting node to trace from."),
|
|
11960
14724
|
startNode: z.string().optional().describe("Starting node alias accepted by traversal callers."),
|
|
@@ -12003,7 +14767,9 @@ var edgesContracts = [
|
|
|
12003
14767
|
weight: parsed.weight,
|
|
12004
14768
|
confidence: parsed.confidence,
|
|
12005
14769
|
context: parsed.context ?? parsed.reasoning,
|
|
14770
|
+
reasoningMethod: parsed.reasoningMethod,
|
|
12006
14771
|
derivationType: parsed.derivationType,
|
|
14772
|
+
metadata: parsed.metadata,
|
|
12007
14773
|
skipLayerValidation: true,
|
|
12008
14774
|
topicId: parsed.topicId,
|
|
12009
14775
|
trustedBypassAccessCheck: parsed.trustedBypassAccessCheck
|
|
@@ -12014,6 +14780,131 @@ var edgesContracts = [
|
|
|
12014
14780
|
},
|
|
12015
14781
|
args: createEdgeArgs
|
|
12016
14782
|
}),
|
|
14783
|
+
surfaceContract({
|
|
14784
|
+
name: "update_edge",
|
|
14785
|
+
kind: "mutation",
|
|
14786
|
+
domain: "edges",
|
|
14787
|
+
surfaceClass: "platform_public",
|
|
14788
|
+
method: "PATCH",
|
|
14789
|
+
path: "/edges",
|
|
14790
|
+
sdkNamespace: "edges",
|
|
14791
|
+
sdkMethod: "updateEdge",
|
|
14792
|
+
summary: "Update an epistemic edge.",
|
|
14793
|
+
convex: {
|
|
14794
|
+
module: "edges",
|
|
14795
|
+
functionName: "update",
|
|
14796
|
+
kind: "mutation",
|
|
14797
|
+
inputProjection: (input, context) => compactRecord4({
|
|
14798
|
+
edgeId: input.edgeId,
|
|
14799
|
+
weight: input.weight,
|
|
14800
|
+
confidence: input.confidence,
|
|
14801
|
+
context: input.context ?? input.reasoning,
|
|
14802
|
+
derivationType: input.derivationType,
|
|
14803
|
+
metadata: input.metadata,
|
|
14804
|
+
userId: input.userId ?? context.userId ?? context.principalId
|
|
14805
|
+
})
|
|
14806
|
+
},
|
|
14807
|
+
args: updateEdgeArgs
|
|
14808
|
+
}),
|
|
14809
|
+
surfaceContract({
|
|
14810
|
+
name: "remove_edge",
|
|
14811
|
+
kind: "mutation",
|
|
14812
|
+
domain: "edges",
|
|
14813
|
+
surfaceClass: "platform_public",
|
|
14814
|
+
method: "DELETE",
|
|
14815
|
+
path: "/edges",
|
|
14816
|
+
sdkNamespace: "edges",
|
|
14817
|
+
sdkMethod: "removeEdge",
|
|
14818
|
+
summary: "Remove an epistemic edge.",
|
|
14819
|
+
convex: {
|
|
14820
|
+
module: "edges",
|
|
14821
|
+
functionName: "remove",
|
|
14822
|
+
kind: "mutation",
|
|
14823
|
+
inputProjection: (input, context) => compactRecord4({
|
|
14824
|
+
edgeId: input.edgeId,
|
|
14825
|
+
userId: input.userId ?? context.userId ?? context.principalId
|
|
14826
|
+
})
|
|
14827
|
+
},
|
|
14828
|
+
args: removeEdgeArgs
|
|
14829
|
+
}),
|
|
14830
|
+
surfaceContract({
|
|
14831
|
+
name: "remove_edges_between",
|
|
14832
|
+
kind: "mutation",
|
|
14833
|
+
domain: "edges",
|
|
14834
|
+
surfaceClass: "platform_public",
|
|
14835
|
+
method: "DELETE",
|
|
14836
|
+
path: "/edges/between",
|
|
14837
|
+
sdkNamespace: "edges",
|
|
14838
|
+
sdkMethod: "removeEdgesBetween",
|
|
14839
|
+
summary: "Remove epistemic edges between two nodes.",
|
|
14840
|
+
convex: {
|
|
14841
|
+
module: "edges",
|
|
14842
|
+
functionName: "removeBetween",
|
|
14843
|
+
kind: "mutation",
|
|
14844
|
+
inputProjection: (input) => {
|
|
14845
|
+
const parsed = removeEdgesBetweenArgs.parse(input);
|
|
14846
|
+
const fromNodeId = parsed.from ? graphRefNodeId(parsed.from) : parsed.fromNodeId;
|
|
14847
|
+
const toNodeId = parsed.to ? graphRefNodeId(parsed.to) : parsed.toNodeId;
|
|
14848
|
+
if (!fromNodeId || !toNodeId) {
|
|
14849
|
+
throw new Error("from/to or fromNodeId/toNodeId are required.");
|
|
14850
|
+
}
|
|
14851
|
+
return compactRecord4({
|
|
14852
|
+
fromNodeId,
|
|
14853
|
+
toNodeId,
|
|
14854
|
+
edgeType: parsed.edgeType
|
|
14855
|
+
});
|
|
14856
|
+
}
|
|
14857
|
+
},
|
|
14858
|
+
args: removeEdgesBetweenArgs
|
|
14859
|
+
}),
|
|
14860
|
+
surfaceContract({
|
|
14861
|
+
name: "batch_create_edges",
|
|
14862
|
+
kind: "mutation",
|
|
14863
|
+
domain: "edges",
|
|
14864
|
+
surfaceClass: "platform_public",
|
|
14865
|
+
path: "/edges/batch",
|
|
14866
|
+
sdkNamespace: "edges",
|
|
14867
|
+
sdkMethod: "batchCreateEdges",
|
|
14868
|
+
summary: "Batch create epistemic edges.",
|
|
14869
|
+
convex: {
|
|
14870
|
+
module: "edges",
|
|
14871
|
+
functionName: "batchCreate",
|
|
14872
|
+
kind: "mutation",
|
|
14873
|
+
inputProjection: (input, context) => {
|
|
14874
|
+
const parsed = batchCreateEdgesArgs.parse(input);
|
|
14875
|
+
return {
|
|
14876
|
+
skipLayerValidation: parsed.skipLayerValidation ?? true,
|
|
14877
|
+
edges: parsed.edges.map((edge) => {
|
|
14878
|
+
assertEdgePolicyAllowed(
|
|
14879
|
+
edgePolicyManifest,
|
|
14880
|
+
edge.edgeType,
|
|
14881
|
+
edge.from,
|
|
14882
|
+
edge.to
|
|
14883
|
+
);
|
|
14884
|
+
const fromNodeId = graphRefNodeId(edge.from);
|
|
14885
|
+
const toNodeId = graphRefNodeId(edge.to);
|
|
14886
|
+
return withCreatedBy(
|
|
14887
|
+
compactRecord4({
|
|
14888
|
+
fromNodeId,
|
|
14889
|
+
toNodeId,
|
|
14890
|
+
edgeType: edge.edgeType,
|
|
14891
|
+
globalId: edge.globalId ?? `edge:${fromNodeId}:${toNodeId}:${edge.edgeType}`,
|
|
14892
|
+
weight: edge.weight,
|
|
14893
|
+
confidence: edge.confidence,
|
|
14894
|
+
context: edge.context ?? edge.reasoning,
|
|
14895
|
+
reasoningMethod: edge.reasoningMethod,
|
|
14896
|
+
derivationType: edge.derivationType,
|
|
14897
|
+
metadata: edge.metadata,
|
|
14898
|
+
topicId: edge.topicId
|
|
14899
|
+
}),
|
|
14900
|
+
context
|
|
14901
|
+
);
|
|
14902
|
+
})
|
|
14903
|
+
};
|
|
14904
|
+
}
|
|
14905
|
+
},
|
|
14906
|
+
args: batchCreateEdgesArgs
|
|
14907
|
+
}),
|
|
12017
14908
|
surfaceContract({
|
|
12018
14909
|
name: "query_lineage",
|
|
12019
14910
|
kind: "query",
|
|
@@ -12736,6 +15627,69 @@ var pipelineContracts = [
|
|
|
12736
15627
|
}
|
|
12737
15628
|
})
|
|
12738
15629
|
];
|
|
15630
|
+
function isRecord3(value) {
|
|
15631
|
+
return Boolean(value) && typeof value === "object" && !Array.isArray(value);
|
|
15632
|
+
}
|
|
15633
|
+
function stringValues(value) {
|
|
15634
|
+
if (typeof value === "string") {
|
|
15635
|
+
return [value];
|
|
15636
|
+
}
|
|
15637
|
+
if (Array.isArray(value)) {
|
|
15638
|
+
return value.flatMap((item) => stringValues(item));
|
|
15639
|
+
}
|
|
15640
|
+
return [];
|
|
15641
|
+
}
|
|
15642
|
+
function nestedEvidenceRows(value) {
|
|
15643
|
+
if (Array.isArray(value)) {
|
|
15644
|
+
return value.flatMap((item) => nestedEvidenceRows(item));
|
|
15645
|
+
}
|
|
15646
|
+
if (!isRecord3(value)) {
|
|
15647
|
+
return [];
|
|
15648
|
+
}
|
|
15649
|
+
const nestedKeys = ["evidence", "items", "nodes"];
|
|
15650
|
+
const nestedRows = nestedKeys.flatMap((key) => nestedEvidenceRows(value[key]));
|
|
15651
|
+
return nestedRows.length > 0 ? nestedRows : [value];
|
|
15652
|
+
}
|
|
15653
|
+
function isFailedAttemptRow(row) {
|
|
15654
|
+
const metadata = isRecord3(row.metadata) ? row.metadata : null;
|
|
15655
|
+
return metadata?.failedApproach === true || metadata?.isFailedAttempt === true;
|
|
15656
|
+
}
|
|
15657
|
+
function failureLogSearchFields(row) {
|
|
15658
|
+
const metadata = isRecord3(row.metadata) ? row.metadata : null;
|
|
15659
|
+
return [
|
|
15660
|
+
...stringValues(row.id),
|
|
15661
|
+
...stringValues(row._id),
|
|
15662
|
+
...stringValues(row.title),
|
|
15663
|
+
...stringValues(row.text),
|
|
15664
|
+
...stringValues(row.canonicalText),
|
|
15665
|
+
...stringValues(row.content),
|
|
15666
|
+
...stringValues(metadata?.codeAnchor),
|
|
15667
|
+
...stringValues(metadata?.codeAnchors),
|
|
15668
|
+
...stringValues(metadata?.anchor),
|
|
15669
|
+
...stringValues(metadata?.anchors),
|
|
15670
|
+
...stringValues(metadata?.filePath),
|
|
15671
|
+
...stringValues(metadata?.filePaths),
|
|
15672
|
+
...stringValues(metadata?.path),
|
|
15673
|
+
...stringValues(metadata?.paths),
|
|
15674
|
+
...stringValues(metadata?.sourceRef),
|
|
15675
|
+
...stringValues(metadata?.touchedPaths)
|
|
15676
|
+
];
|
|
15677
|
+
}
|
|
15678
|
+
function projectFailureLog(output, input) {
|
|
15679
|
+
const rawQuery = typeof input.query === "string" && input.query.trim().length > 0 ? input.query.trim() : void 0;
|
|
15680
|
+
const searchKey = rawQuery?.toLowerCase();
|
|
15681
|
+
const failures = nestedEvidenceRows(output).filter((row) => isFailedAttemptRow(row)).filter(
|
|
15682
|
+
(row) => !searchKey ? true : failureLogSearchFields(row).some(
|
|
15683
|
+
(field) => field.toLowerCase().includes(searchKey)
|
|
15684
|
+
)
|
|
15685
|
+
);
|
|
15686
|
+
return {
|
|
15687
|
+
query: rawQuery,
|
|
15688
|
+
failures,
|
|
15689
|
+
totalFound: failures.length,
|
|
15690
|
+
showing: failures.length
|
|
15691
|
+
};
|
|
15692
|
+
}
|
|
12739
15693
|
var recordScopeLearningArgs = z.object({
|
|
12740
15694
|
topicId: z.string().optional().describe("Topic scope ID"),
|
|
12741
15695
|
summary: z.string().describe("Atomic learning statement"),
|
|
@@ -12825,6 +15779,8 @@ var attemptInput = (input, context) => withUserId(
|
|
|
12825
15779
|
tags: ["code_attempt"],
|
|
12826
15780
|
metadata: compactRecord4({
|
|
12827
15781
|
...recordValue2(input.metadata),
|
|
15782
|
+
failedApproach: true,
|
|
15783
|
+
isFailedAttempt: true,
|
|
12828
15784
|
filePaths: input.filePaths,
|
|
12829
15785
|
filePath: input.filePath,
|
|
12830
15786
|
errorMessage: input.errorMessage,
|
|
@@ -12955,7 +15911,8 @@ var codingContracts = [
|
|
|
12955
15911
|
limit: input.limit,
|
|
12956
15912
|
status: input.status,
|
|
12957
15913
|
userId: input.userId
|
|
12958
|
-
})
|
|
15914
|
+
}),
|
|
15915
|
+
outputProjection: (output, input) => projectFailureLog(output, input)
|
|
12959
15916
|
}
|
|
12960
15917
|
})
|
|
12961
15918
|
];
|
|
@@ -12992,6 +15949,7 @@ var ALL_FUNCTION_CONTRACTS = [
|
|
|
12992
15949
|
...evidenceContracts,
|
|
12993
15950
|
...questionsContracts,
|
|
12994
15951
|
...topicsContracts,
|
|
15952
|
+
...nodesContracts,
|
|
12995
15953
|
...lensesContracts,
|
|
12996
15954
|
...ontologiesContracts,
|
|
12997
15955
|
...worktreesContracts,
|
|
@@ -13167,6 +16125,13 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13167
16125
|
copyMode: "none",
|
|
13168
16126
|
description: "Deliberation sessions are created by tenant workflows."
|
|
13169
16127
|
},
|
|
16128
|
+
{
|
|
16129
|
+
component: "kernel",
|
|
16130
|
+
table: "domainEvents",
|
|
16131
|
+
prepopulation: "runtime_log",
|
|
16132
|
+
copyMode: "none",
|
|
16133
|
+
description: "Domain event rows are append-only runtime audit/exhaust data."
|
|
16134
|
+
},
|
|
13170
16135
|
{
|
|
13171
16136
|
component: "kernel",
|
|
13172
16137
|
table: "epistemicAudit",
|
|
@@ -13416,14 +16381,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13416
16381
|
description: "Worktrees are tenant/runtime planning data."
|
|
13417
16382
|
},
|
|
13418
16383
|
{
|
|
13419
|
-
component: "
|
|
16384
|
+
component: "control-plane",
|
|
13420
16385
|
table: "agents",
|
|
13421
16386
|
prepopulation: "runtime_bootstrap",
|
|
13422
16387
|
copyMode: "none",
|
|
13423
16388
|
description: "Service agents are provisioned per tenant or service, not copied."
|
|
13424
16389
|
},
|
|
13425
16390
|
{
|
|
13426
|
-
component: "
|
|
16391
|
+
component: "control-plane",
|
|
13427
16392
|
table: "mcpWritePolicy",
|
|
13428
16393
|
prepopulation: "required_template",
|
|
13429
16394
|
copyMode: "template_global",
|
|
@@ -13432,14 +16397,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13432
16397
|
description: "Global write policy defaults govern service and interactive MCP writes."
|
|
13433
16398
|
},
|
|
13434
16399
|
{
|
|
13435
|
-
component: "
|
|
16400
|
+
component: "control-plane",
|
|
13436
16401
|
table: "modelCallLogs",
|
|
13437
16402
|
prepopulation: "runtime_log",
|
|
13438
16403
|
copyMode: "none",
|
|
13439
16404
|
description: "Model call logs are runtime telemetry."
|
|
13440
16405
|
},
|
|
13441
16406
|
{
|
|
13442
|
-
component: "
|
|
16407
|
+
component: "control-plane",
|
|
13443
16408
|
table: "modelFunctionSlots",
|
|
13444
16409
|
prepopulation: "required_template",
|
|
13445
16410
|
copyMode: "template_global",
|
|
@@ -13448,7 +16413,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13448
16413
|
description: "Function-to-model slots are required by model runtime resolution."
|
|
13449
16414
|
},
|
|
13450
16415
|
{
|
|
13451
|
-
component: "
|
|
16416
|
+
component: "control-plane",
|
|
13452
16417
|
table: "modelRegistry",
|
|
13453
16418
|
prepopulation: "required_template",
|
|
13454
16419
|
copyMode: "template_global",
|
|
@@ -13457,7 +16422,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13457
16422
|
description: "Model catalog defaults are required by model runtime clients."
|
|
13458
16423
|
},
|
|
13459
16424
|
{
|
|
13460
|
-
component: "
|
|
16425
|
+
component: "control-plane",
|
|
13461
16426
|
table: "modelSlotConfigs",
|
|
13462
16427
|
prepopulation: "required_template",
|
|
13463
16428
|
copyMode: "template_global",
|
|
@@ -13466,14 +16431,105 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13466
16431
|
description: "Slot-level defaults are required before tenant overrides exist."
|
|
13467
16432
|
},
|
|
13468
16433
|
{
|
|
13469
|
-
component: "
|
|
16434
|
+
component: "control-plane",
|
|
16435
|
+
table: "permitAccessReviewItems",
|
|
16436
|
+
prepopulation: "runtime_data",
|
|
16437
|
+
copyMode: "none",
|
|
16438
|
+
description: "Permit access-review item rows are tenant review data projected from Permit."
|
|
16439
|
+
},
|
|
16440
|
+
{
|
|
16441
|
+
component: "control-plane",
|
|
16442
|
+
table: "permitAccessReviews",
|
|
16443
|
+
prepopulation: "runtime_data",
|
|
16444
|
+
copyMode: "none",
|
|
16445
|
+
description: "Permit access-review campaigns are tenant review data projected from Permit."
|
|
16446
|
+
},
|
|
16447
|
+
{
|
|
16448
|
+
component: "control-plane",
|
|
16449
|
+
table: "permitAttributeBindings",
|
|
16450
|
+
prepopulation: "runtime_data",
|
|
16451
|
+
copyMode: "none",
|
|
16452
|
+
description: "Permit ABAC attribute bindings are tenant policy projection rows."
|
|
16453
|
+
},
|
|
16454
|
+
{
|
|
16455
|
+
component: "control-plane",
|
|
16456
|
+
table: "permitGroups",
|
|
16457
|
+
prepopulation: "runtime_data",
|
|
16458
|
+
copyMode: "none",
|
|
16459
|
+
description: "Permit groups are tenant-defined policy subjects, not template data."
|
|
16460
|
+
},
|
|
16461
|
+
{
|
|
16462
|
+
component: "control-plane",
|
|
16463
|
+
table: "permitGroupMemberships",
|
|
16464
|
+
prepopulation: "runtime_data",
|
|
16465
|
+
copyMode: "none",
|
|
16466
|
+
description: "Permit group memberships are tenant-specific policy projection rows."
|
|
16467
|
+
},
|
|
16468
|
+
{
|
|
16469
|
+
component: "control-plane",
|
|
16470
|
+
table: "permitPolicyBundles",
|
|
16471
|
+
prepopulation: "runtime_derived",
|
|
16472
|
+
copyMode: "none",
|
|
16473
|
+
description: "Permit policy bundles are derived from the Permit control plane."
|
|
16474
|
+
},
|
|
16475
|
+
{
|
|
16476
|
+
component: "control-plane",
|
|
16477
|
+
table: "permitPolicyDecisionReceipts",
|
|
16478
|
+
prepopulation: "runtime_log",
|
|
16479
|
+
copyMode: "none",
|
|
16480
|
+
description: "Permit decision receipts are runtime authorization audit logs."
|
|
16481
|
+
},
|
|
16482
|
+
{
|
|
16483
|
+
component: "control-plane",
|
|
16484
|
+
table: "permitPrincipalAliases",
|
|
16485
|
+
prepopulation: "runtime_data",
|
|
16486
|
+
copyMode: "none",
|
|
16487
|
+
description: "Permit principal aliases are tenant-specific identity projection rows."
|
|
16488
|
+
},
|
|
16489
|
+
{
|
|
16490
|
+
component: "control-plane",
|
|
16491
|
+
table: "permitPrincipals",
|
|
16492
|
+
prepopulation: "runtime_data",
|
|
16493
|
+
copyMode: "none",
|
|
16494
|
+
description: "Permit principals are projected from Clerk, Permit, and tenant onboarding flows."
|
|
16495
|
+
},
|
|
16496
|
+
{
|
|
16497
|
+
component: "control-plane",
|
|
16498
|
+
table: "permitProjectionOutbox",
|
|
16499
|
+
prepopulation: "runtime_queue",
|
|
16500
|
+
copyMode: "none",
|
|
16501
|
+
description: "Permit projection outbox rows are runtime sync queue data."
|
|
16502
|
+
},
|
|
16503
|
+
{
|
|
16504
|
+
component: "control-plane",
|
|
16505
|
+
table: "permitRelationshipTuples",
|
|
16506
|
+
prepopulation: "runtime_data",
|
|
16507
|
+
copyMode: "none",
|
|
16508
|
+
description: "Permit ReBAC relationship tuples are tenant policy projection rows."
|
|
16509
|
+
},
|
|
16510
|
+
{
|
|
16511
|
+
component: "control-plane",
|
|
16512
|
+
table: "permitResourceInstances",
|
|
16513
|
+
prepopulation: "runtime_data",
|
|
16514
|
+
copyMode: "none",
|
|
16515
|
+
description: "Permit resource instances are tenant/workspace graph and deployment projection rows."
|
|
16516
|
+
},
|
|
16517
|
+
{
|
|
16518
|
+
component: "control-plane",
|
|
16519
|
+
table: "permitRoleAssignments",
|
|
16520
|
+
prepopulation: "runtime_data",
|
|
16521
|
+
copyMode: "none",
|
|
16522
|
+
description: "Permit role assignments are tenant-specific policy projection rows."
|
|
16523
|
+
},
|
|
16524
|
+
{
|
|
16525
|
+
component: "control-plane",
|
|
13470
16526
|
table: "platformAudienceGrants",
|
|
13471
16527
|
prepopulation: "runtime_data",
|
|
13472
16528
|
copyMode: "none",
|
|
13473
16529
|
description: "Audience grants are principal/group-specific access rows."
|
|
13474
16530
|
},
|
|
13475
16531
|
{
|
|
13476
|
-
component: "
|
|
16532
|
+
component: "control-plane",
|
|
13477
16533
|
table: "platformAudiences",
|
|
13478
16534
|
prepopulation: "required_template",
|
|
13479
16535
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13482,35 +16538,35 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13482
16538
|
description: "Default tenant audience taxonomy rows are rewritten into each tenant."
|
|
13483
16539
|
},
|
|
13484
16540
|
{
|
|
13485
|
-
component: "
|
|
16541
|
+
component: "control-plane",
|
|
13486
16542
|
table: "platformPolicyDecisionLogs",
|
|
13487
16543
|
prepopulation: "runtime_log",
|
|
13488
16544
|
copyMode: "none",
|
|
13489
16545
|
description: "Policy decisions are runtime audit logs."
|
|
13490
16546
|
},
|
|
13491
16547
|
{
|
|
13492
|
-
component: "
|
|
16548
|
+
component: "control-plane",
|
|
13493
16549
|
table: "projectGrants",
|
|
13494
16550
|
prepopulation: "runtime_data",
|
|
13495
16551
|
copyMode: "none",
|
|
13496
16552
|
description: "Project/topic grants are principal or group-specific access rows."
|
|
13497
16553
|
},
|
|
13498
16554
|
{
|
|
13499
|
-
component: "
|
|
16555
|
+
component: "control-plane",
|
|
13500
16556
|
table: "reasoningPermissions",
|
|
13501
16557
|
prepopulation: "runtime_data",
|
|
13502
16558
|
copyMode: "none",
|
|
13503
16559
|
description: "Reasoning permissions are principal-specific policy rows."
|
|
13504
16560
|
},
|
|
13505
16561
|
{
|
|
13506
|
-
component: "
|
|
16562
|
+
component: "control-plane",
|
|
13507
16563
|
table: "tenantApiKeys",
|
|
13508
16564
|
prepopulation: "runtime_secret",
|
|
13509
16565
|
copyMode: "none",
|
|
13510
16566
|
description: "API keys are tenant credentials and must never be copied."
|
|
13511
16567
|
},
|
|
13512
16568
|
{
|
|
13513
|
-
component: "
|
|
16569
|
+
component: "control-plane",
|
|
13514
16570
|
table: "tenantConfig",
|
|
13515
16571
|
prepopulation: "required_template",
|
|
13516
16572
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13519,7 +16575,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13519
16575
|
description: "Tenant-local config defaults are rewritten during bootstrap."
|
|
13520
16576
|
},
|
|
13521
16577
|
{
|
|
13522
|
-
component: "
|
|
16578
|
+
component: "control-plane",
|
|
13523
16579
|
table: "tenantIntegrations",
|
|
13524
16580
|
prepopulation: "required_template",
|
|
13525
16581
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13528,14 +16584,21 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13528
16584
|
description: "Non-secret integration descriptors are rewritten into each tenant."
|
|
13529
16585
|
},
|
|
13530
16586
|
{
|
|
13531
|
-
component: "
|
|
16587
|
+
component: "control-plane",
|
|
13532
16588
|
table: "tenantModelSlotBindings",
|
|
13533
16589
|
prepopulation: "runtime_secret",
|
|
13534
16590
|
copyMode: "none",
|
|
13535
16591
|
description: "Tenant model slot bindings reference provider secrets and are runtime-only."
|
|
13536
16592
|
},
|
|
13537
16593
|
{
|
|
13538
|
-
component: "
|
|
16594
|
+
component: "control-plane",
|
|
16595
|
+
table: "tenantPermitSyncStates",
|
|
16596
|
+
prepopulation: "runtime_derived",
|
|
16597
|
+
copyMode: "none",
|
|
16598
|
+
description: "Tenant Permit sync state rows are runtime reconciliation state."
|
|
16599
|
+
},
|
|
16600
|
+
{
|
|
16601
|
+
component: "control-plane",
|
|
13539
16602
|
table: "tenantPolicies",
|
|
13540
16603
|
prepopulation: "required_template",
|
|
13541
16604
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13544,42 +16607,42 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13544
16607
|
description: "Default tenant policy roles are rewritten during bootstrap."
|
|
13545
16608
|
},
|
|
13546
16609
|
{
|
|
13547
|
-
component: "
|
|
16610
|
+
component: "control-plane",
|
|
13548
16611
|
table: "tenantProviderSecrets",
|
|
13549
16612
|
prepopulation: "runtime_secret",
|
|
13550
16613
|
copyMode: "none",
|
|
13551
16614
|
description: "Provider secrets are credentials and must never be copied."
|
|
13552
16615
|
},
|
|
13553
16616
|
{
|
|
13554
|
-
component: "
|
|
16617
|
+
component: "control-plane",
|
|
13555
16618
|
table: "tenantProxyGatewayUsage",
|
|
13556
16619
|
prepopulation: "runtime_log",
|
|
13557
16620
|
copyMode: "none",
|
|
13558
16621
|
description: "Proxy gateway usage rows are runtime telemetry."
|
|
13559
16622
|
},
|
|
13560
16623
|
{
|
|
13561
|
-
component: "
|
|
16624
|
+
component: "control-plane",
|
|
13562
16625
|
table: "tenantProxyTokenMints",
|
|
13563
16626
|
prepopulation: "runtime_secret",
|
|
13564
16627
|
copyMode: "none",
|
|
13565
16628
|
description: "Proxy token mints are ephemeral secret-bearing runtime rows."
|
|
13566
16629
|
},
|
|
13567
16630
|
{
|
|
13568
|
-
component: "
|
|
16631
|
+
component: "control-plane",
|
|
13569
16632
|
table: "tenantSandboxAuditEvents",
|
|
13570
16633
|
prepopulation: "runtime_log",
|
|
13571
16634
|
copyMode: "none",
|
|
13572
16635
|
description: "Sandbox audit rows are runtime security logs."
|
|
13573
16636
|
},
|
|
13574
16637
|
{
|
|
13575
|
-
component: "
|
|
16638
|
+
component: "control-plane",
|
|
13576
16639
|
table: "tenantSecrets",
|
|
13577
16640
|
prepopulation: "runtime_secret",
|
|
13578
16641
|
copyMode: "none",
|
|
13579
16642
|
description: "Tenant secrets are credentials and must never be copied."
|
|
13580
16643
|
},
|
|
13581
16644
|
{
|
|
13582
|
-
component: "
|
|
16645
|
+
component: "control-plane",
|
|
13583
16646
|
table: "toolAcls",
|
|
13584
16647
|
prepopulation: "required_template",
|
|
13585
16648
|
copyMode: "template_global",
|
|
@@ -13588,7 +16651,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13588
16651
|
description: "Default role-to-tool grants are required for SDK/MCP tool access."
|
|
13589
16652
|
},
|
|
13590
16653
|
{
|
|
13591
|
-
component: "
|
|
16654
|
+
component: "control-plane",
|
|
13592
16655
|
table: "toolRegistry",
|
|
13593
16656
|
prepopulation: "required_template",
|
|
13594
16657
|
copyMode: "template_global",
|
|
@@ -13597,7 +16660,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13597
16660
|
description: "Core tool catalog rows are required before pack or tenant tools exist."
|
|
13598
16661
|
},
|
|
13599
16662
|
{
|
|
13600
|
-
component: "
|
|
16663
|
+
component: "control-plane",
|
|
13601
16664
|
table: "users",
|
|
13602
16665
|
prepopulation: "runtime_bootstrap",
|
|
13603
16666
|
copyMode: "none",
|