@lucern/graph-primitives 0.1.0-alpha.4 → 0.3.0-alpha.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/beliefDecay.js +229 -1115
- package/dist/beliefDecay.js.map +1 -1
- package/dist/beliefEvidenceLinks.js +53 -834
- package/dist/beliefEvidenceLinks.js.map +1 -1
- package/dist/confidencePropagationDispatch.d.ts +3 -3
- package/dist/confidencePropagationDispatch.js +30 -308
- package/dist/confidencePropagationDispatch.js.map +1 -1
- package/dist/contradictions.js +5 -797
- package/dist/contradictions.js.map +1 -1
- package/dist/edges/contradicts.js +1 -122
- package/dist/edges/contradicts.js.map +1 -1
- package/dist/edges/dependsOn.js +14 -172
- package/dist/edges/dependsOn.js.map +1 -1
- package/dist/edges/elaborates.js +1 -49
- package/dist/edges/elaborates.js.map +1 -1
- package/dist/edges/index.js +14 -277
- package/dist/edges/index.js.map +1 -1
- package/dist/edges/informs.js +1 -62
- package/dist/edges/informs.js.map +1 -1
- package/dist/edges/propagationTypes.d.ts +2 -2
- package/dist/edges/propagationTypes.js.map +1 -1
- package/dist/edges/refutes.js +1 -62
- package/dist/edges/refutes.js.map +1 -1
- package/dist/edges/supports.js +1 -122
- package/dist/edges/supports.js.map +1 -1
- package/dist/edges/utils.d.ts +6 -6
- package/dist/edges/utils.js +1 -130
- package/dist/edges/utils.js.map +1 -1
- package/dist/entityBridge.js +2 -17
- package/dist/entityBridge.js.map +1 -1
- package/dist/entityLifecycle.js +62 -848
- package/dist/entityLifecycle.js.map +1 -1
- package/dist/epistemicAnswers.js +27 -838
- package/dist/epistemicAnswers.js.map +1 -1
- package/dist/epistemicBeliefs.js +186 -2214
- package/dist/epistemicBeliefs.js.map +1 -1
- package/dist/epistemicContractHelpers.js +1 -318
- package/dist/epistemicContractHelpers.js.map +1 -1
- package/dist/epistemicContracts.js +163 -2467
- package/dist/epistemicContracts.js.map +1 -1
- package/dist/epistemicEdges.js +60 -863
- package/dist/epistemicEdges.js.map +1 -1
- package/dist/epistemicEvidence.js +116 -1647
- package/dist/epistemicEvidence.js.map +1 -1
- package/dist/epistemicHelpers.js +3 -2
- package/dist/epistemicHelpers.js.map +1 -1
- package/dist/epistemicLinking.js +2 -785
- package/dist/epistemicLinking.js.map +1 -1
- package/dist/epistemicNodes.js +34 -1427
- package/dist/epistemicNodes.js.map +1 -1
- package/dist/epistemicQuestions.js +88 -1637
- package/dist/epistemicQuestions.js.map +1 -1
- package/dist/epistemicSources.js +28 -1421
- package/dist/epistemicSources.js.map +1 -1
- package/dist/evaluators/index.js +163 -2467
- package/dist/evaluators/index.js.map +1 -1
- package/dist/index.js +486 -3649
- package/dist/index.js.map +1 -1
- package/dist/ontology-matching.js +1 -344
- package/dist/ontology-matching.js.map +1 -1
- package/dist/ontologyApproval.js +1 -13
- package/dist/ontologyApproval.js.map +1 -1
- package/dist/ontologyDefinitions.js +2 -17
- package/dist/ontologyDefinitions.js.map +1 -1
- package/dist/ontologyRegistry.js +2 -17
- package/dist/ontologyRegistry.js.map +1 -1
- package/dist/projectionReconciliation.js +2 -17
- package/dist/projectionReconciliation.js.map +1 -1
- package/dist/questionEvidenceLinks.js +242 -837
- package/dist/questionEvidenceLinks.js.map +1 -1
- package/dist/text-matching.js +1 -244
- package/dist/text-matching.js.map +1 -1
- package/dist/workflowBridge.d.ts +27 -0
- package/dist/workflowBridge.js +303 -0
- package/dist/workflowBridge.js.map +1 -0
- package/dist/workspaceIsolation.js +8 -609
- package/dist/workspaceIsolation.js.map +1 -1
- package/package.json +6 -6
package/dist/epistemicSources.js
CHANGED
|
@@ -1,814 +1,12 @@
|
|
|
1
1
|
import { v } from 'convex/values';
|
|
2
|
-
import {
|
|
2
|
+
import { checkScopeAccess, requireProjectAccess } from '@lucern/access-control/access';
|
|
3
|
+
import { permissiveReturn } from '@lucern/contracts/schema-helpers/validators';
|
|
4
|
+
import { componentsGeneric, mutationGeneric, anyApi, queryGeneric } from 'convex/server';
|
|
5
|
+
import { isNodeType, getLayerForNodeType } from '@lucern/contracts/schema-helpers/spine/tables/epistemicNodes';
|
|
3
6
|
|
|
4
7
|
// src/epistemicSources.ts
|
|
5
8
|
var api = anyApi;
|
|
6
9
|
componentsGeneric();
|
|
7
|
-
|
|
8
|
-
// ../access-control/src/topicProjectOverlay.ts
|
|
9
|
-
var LEGACY_SCOPE_FIELD = "graphScopeProjectId";
|
|
10
|
-
function readNonEmptyString(value) {
|
|
11
|
-
if (typeof value !== "string") {
|
|
12
|
-
return;
|
|
13
|
-
}
|
|
14
|
-
const normalized = value.trim();
|
|
15
|
-
return normalized.length > 0 ? normalized : void 0;
|
|
16
|
-
}
|
|
17
|
-
function readStringArray(value) {
|
|
18
|
-
if (!Array.isArray(value)) {
|
|
19
|
-
return [];
|
|
20
|
-
}
|
|
21
|
-
return value.map((entry) => readNonEmptyString(entry)).filter((entry) => Boolean(entry));
|
|
22
|
-
}
|
|
23
|
-
function readMetadata(topic) {
|
|
24
|
-
return topic.metadata && typeof topic.metadata === "object" ? topic.metadata : {};
|
|
25
|
-
}
|
|
26
|
-
function readLegacyProjectId(value) {
|
|
27
|
-
if (!value) {
|
|
28
|
-
return;
|
|
29
|
-
}
|
|
30
|
-
return readNonEmptyString(value[LEGACY_SCOPE_FIELD]);
|
|
31
|
-
}
|
|
32
|
-
function coerceVisibility(value) {
|
|
33
|
-
return value === "private" || value === "team" || value === "firm" || value === "external" || value === "public" ? value : void 0;
|
|
34
|
-
}
|
|
35
|
-
function coerceStatus(value) {
|
|
36
|
-
return value === "active" || value === "archived" || value === "watching" ? value : void 0;
|
|
37
|
-
}
|
|
38
|
-
function mapProjectType(topic, metadata) {
|
|
39
|
-
const explicit = readNonEmptyString(metadata.projectType);
|
|
40
|
-
if (explicit) {
|
|
41
|
-
return explicit;
|
|
42
|
-
}
|
|
43
|
-
if (topic.type === "theme") {
|
|
44
|
-
return "thematic";
|
|
45
|
-
}
|
|
46
|
-
return readNonEmptyString(topic.type) || "general";
|
|
47
|
-
}
|
|
48
|
-
function isProjectLikeTopic(topic) {
|
|
49
|
-
const metadata = readMetadata(topic);
|
|
50
|
-
return topic.type === "theme" || topic.type === "thematic" || topic.type === "deal" || topic.type === "monitoring" || readLegacyProjectId(topic) !== void 0 || readNonEmptyString(metadata.projectType) !== void 0;
|
|
51
|
-
}
|
|
52
|
-
async function resolveTopicDoc(ctx, scopeId) {
|
|
53
|
-
if (ctx?.db && typeof ctx.db.get === "function") {
|
|
54
|
-
try {
|
|
55
|
-
const directTopic = await ctx.db.get(scopeId);
|
|
56
|
-
if (directTopic) {
|
|
57
|
-
return directTopic;
|
|
58
|
-
}
|
|
59
|
-
} catch {
|
|
60
|
-
}
|
|
61
|
-
}
|
|
62
|
-
if (typeof ctx.runQuery !== "function") {
|
|
63
|
-
return null;
|
|
64
|
-
}
|
|
65
|
-
try {
|
|
66
|
-
const topic = await ctx.runQuery(api.topics.get, {
|
|
67
|
-
id: String(scopeId)
|
|
68
|
-
});
|
|
69
|
-
if (topic?.name !== void 0 && topic?.type !== void 0) {
|
|
70
|
-
return topic;
|
|
71
|
-
}
|
|
72
|
-
} catch {
|
|
73
|
-
}
|
|
74
|
-
try {
|
|
75
|
-
const topic = await ctx.runQuery(api.topics.getByLegacyScopeId, {
|
|
76
|
-
projectId: String(scopeId)
|
|
77
|
-
});
|
|
78
|
-
if (topic?.name !== void 0 && topic?.type !== void 0) {
|
|
79
|
-
return topic;
|
|
80
|
-
}
|
|
81
|
-
} catch {
|
|
82
|
-
}
|
|
83
|
-
return null;
|
|
84
|
-
}
|
|
85
|
-
function materializeTopicProjectOverlay(topic, idMode = "legacy") {
|
|
86
|
-
const metadata = readMetadata(topic);
|
|
87
|
-
const topicId = String(topic._id);
|
|
88
|
-
const legacyProjectId = readLegacyProjectId(topic) || readLegacyProjectId(metadata) || readNonEmptyString(metadata.legacyProjectId);
|
|
89
|
-
const storageProjectId = legacyProjectId || topicId;
|
|
90
|
-
const outwardId = idMode === "topic" ? topicId : storageProjectId;
|
|
91
|
-
const visibility = coerceVisibility(topic.visibility) || coerceVisibility(metadata.visibility) || "private";
|
|
92
|
-
const status = coerceStatus(topic.status) || coerceStatus(metadata.status) || "active";
|
|
93
|
-
const createdAt = typeof topic.createdAt === "number" ? topic.createdAt : typeof topic._creationTime === "number" ? topic._creationTime : 0;
|
|
94
|
-
const updatedAt = typeof topic.updatedAt === "number" ? topic.updatedAt : typeof metadata.updatedAt === "number" ? metadata.updatedAt : createdAt;
|
|
95
|
-
return {
|
|
96
|
-
...metadata,
|
|
97
|
-
_id: outwardId,
|
|
98
|
-
projectId: outwardId,
|
|
99
|
-
topicId,
|
|
100
|
-
storageProjectId,
|
|
101
|
-
legacyProjectId,
|
|
102
|
-
name: readNonEmptyString(topic.name) || "Untitled Theme",
|
|
103
|
-
type: mapProjectType(topic, metadata),
|
|
104
|
-
description: readNonEmptyString(topic.description),
|
|
105
|
-
ownerId: readNonEmptyString(metadata.ownerId) || readNonEmptyString(topic.createdBy) || "system",
|
|
106
|
-
sharedWith: readStringArray(metadata.sharedWith),
|
|
107
|
-
visibility,
|
|
108
|
-
tenantId: readNonEmptyString(topic.tenantId) || readNonEmptyString(metadata.tenantId),
|
|
109
|
-
workspaceId: readNonEmptyString(topic.workspaceId) || readNonEmptyString(metadata.workspaceId),
|
|
110
|
-
status,
|
|
111
|
-
tags: readStringArray(metadata.tags),
|
|
112
|
-
chatCount: typeof metadata.chatCount === "number" ? metadata.chatCount : 0,
|
|
113
|
-
artifactCount: typeof metadata.artifactCount === "number" ? metadata.artifactCount : 0,
|
|
114
|
-
lastActivityAt: typeof metadata.lastActivityAt === "number" ? metadata.lastActivityAt : updatedAt,
|
|
115
|
-
_creationTime: typeof topic._creationTime === "number" ? topic._creationTime : createdAt,
|
|
116
|
-
createdAt,
|
|
117
|
-
updatedAt
|
|
118
|
-
};
|
|
119
|
-
}
|
|
120
|
-
async function resolveTopicProjectOverlay(ctx, scopeId, options = {}) {
|
|
121
|
-
const topic = await resolveTopicDoc(ctx, scopeId);
|
|
122
|
-
if (!topic) {
|
|
123
|
-
return null;
|
|
124
|
-
}
|
|
125
|
-
if (options.projectLikeOnly !== false && !isProjectLikeTopic(topic)) {
|
|
126
|
-
return null;
|
|
127
|
-
}
|
|
128
|
-
return materializeTopicProjectOverlay(topic, options.idMode);
|
|
129
|
-
}
|
|
130
|
-
async function listTopicProjectOverlays(ctx, options = {}) {
|
|
131
|
-
let allTopics = [];
|
|
132
|
-
if (ctx?.db?.query && typeof ctx.db.query === "function") {
|
|
133
|
-
try {
|
|
134
|
-
allTopics = await ctx.db.query("topics").collect();
|
|
135
|
-
} catch {
|
|
136
|
-
allTopics = [];
|
|
137
|
-
}
|
|
138
|
-
}
|
|
139
|
-
if (allTopics.length === 0 && typeof ctx.runQuery === "function") {
|
|
140
|
-
allTopics = (await ctx.runQuery(api.topics.list, {}) ?? []) || [];
|
|
141
|
-
}
|
|
142
|
-
return allTopics.filter(
|
|
143
|
-
(topic) => options.projectLikeOnly === false || isProjectLikeTopic(topic)
|
|
144
|
-
).map((topic) => materializeTopicProjectOverlay(topic, options.idMode));
|
|
145
|
-
}
|
|
146
|
-
|
|
147
|
-
// ../access-control/src/projectGrantsBridge.ts
|
|
148
|
-
var PROJECT_GRANT_STATUSES = ["active", "revoked", "expired"];
|
|
149
|
-
function normalizeString(value) {
|
|
150
|
-
if (typeof value !== "string") {
|
|
151
|
-
return;
|
|
152
|
-
}
|
|
153
|
-
const trimmed = value.trim();
|
|
154
|
-
return trimmed.length > 0 ? trimmed : void 0;
|
|
155
|
-
}
|
|
156
|
-
async function resolveGrantScopeIds(ctx, args) {
|
|
157
|
-
const topicId = normalizeString(args.topicId);
|
|
158
|
-
const projectId = normalizeString(args.projectId);
|
|
159
|
-
for (const scopeId of [topicId, projectId]) {
|
|
160
|
-
if (!scopeId) {
|
|
161
|
-
continue;
|
|
162
|
-
}
|
|
163
|
-
try {
|
|
164
|
-
const overlay = await resolveTopicProjectOverlay(ctx, scopeId, {
|
|
165
|
-
idMode: "legacy",
|
|
166
|
-
projectLikeOnly: false
|
|
167
|
-
});
|
|
168
|
-
if (overlay) {
|
|
169
|
-
return {
|
|
170
|
-
topicId: normalizeString(overlay.topicId) ?? topicId,
|
|
171
|
-
projectId: normalizeString(overlay.projectId) ?? projectId ?? scopeId
|
|
172
|
-
};
|
|
173
|
-
}
|
|
174
|
-
} catch {
|
|
175
|
-
}
|
|
176
|
-
}
|
|
177
|
-
return { topicId, projectId };
|
|
178
|
-
}
|
|
179
|
-
async function normalizeProjectGrantRow(ctx, row) {
|
|
180
|
-
const scope = await resolveGrantScopeIds(ctx, {
|
|
181
|
-
topicId: row.topicId,
|
|
182
|
-
projectId: row.projectId
|
|
183
|
-
});
|
|
184
|
-
return {
|
|
185
|
-
...row,
|
|
186
|
-
...scope.topicId ? { topicId: scope.topicId } : {},
|
|
187
|
-
...scope.projectId ?? scope.topicId ? { projectId: scope.projectId ?? scope.topicId } : {}
|
|
188
|
-
};
|
|
189
|
-
}
|
|
190
|
-
async function normalizeProjectGrantRows(ctx, rows) {
|
|
191
|
-
return await Promise.all(rows.map((row) => normalizeProjectGrantRow(ctx, row)));
|
|
192
|
-
}
|
|
193
|
-
async function listProjectGrantsByPrincipal(ctx, principalId) {
|
|
194
|
-
const rows = await Promise.all(
|
|
195
|
-
PROJECT_GRANT_STATUSES.map(
|
|
196
|
-
(status) => ctx.db.query("projectGrants").withIndex(
|
|
197
|
-
"by_principal_status",
|
|
198
|
-
(q) => q.eq("principalId", principalId).eq("status", status)
|
|
199
|
-
).collect()
|
|
200
|
-
)
|
|
201
|
-
);
|
|
202
|
-
return await normalizeProjectGrantRows(ctx, rows.flat());
|
|
203
|
-
}
|
|
204
|
-
async function listProjectGrantsByGroup(ctx, groupId) {
|
|
205
|
-
const rows = await Promise.all(
|
|
206
|
-
PROJECT_GRANT_STATUSES.map(
|
|
207
|
-
(status) => ctx.db.query("projectGrants").withIndex(
|
|
208
|
-
"by_group_status",
|
|
209
|
-
(q) => q.eq("groupId", groupId).eq("status", status)
|
|
210
|
-
).collect()
|
|
211
|
-
)
|
|
212
|
-
);
|
|
213
|
-
return await normalizeProjectGrantRows(ctx, rows.flat());
|
|
214
|
-
}
|
|
215
|
-
function buildScopeMatchers(inputScopeId, resolved) {
|
|
216
|
-
return new Set(
|
|
217
|
-
[inputScopeId, resolved.topicId, resolved.projectId].map((value) => normalizeString(value)).filter((value) => Boolean(value))
|
|
218
|
-
);
|
|
219
|
-
}
|
|
220
|
-
function matchesResolvedScope(row, scopeIds) {
|
|
221
|
-
const rowTopicId = normalizeString(row.topicId);
|
|
222
|
-
const rowProjectId = normalizeString(row.projectId);
|
|
223
|
-
return rowTopicId !== void 0 && scopeIds.has(rowTopicId) || rowProjectId !== void 0 && scopeIds.has(rowProjectId);
|
|
224
|
-
}
|
|
225
|
-
async function bridgeListProjectGrantsByTopicAndPrincipal(ctx, topicId, principalId) {
|
|
226
|
-
const resolved = await resolveGrantScopeIds(ctx, { topicId });
|
|
227
|
-
const scopeIds = buildScopeMatchers(topicId, resolved);
|
|
228
|
-
const rows = await listProjectGrantsByPrincipal(ctx, principalId);
|
|
229
|
-
return rows.filter((row) => matchesResolvedScope(row, scopeIds));
|
|
230
|
-
}
|
|
231
|
-
async function bridgeListProjectGrantsByTopicAndGroup(ctx, topicId, groupId) {
|
|
232
|
-
const resolved = await resolveGrantScopeIds(ctx, { topicId });
|
|
233
|
-
const scopeIds = buildScopeMatchers(topicId, resolved);
|
|
234
|
-
const rows = await listProjectGrantsByGroup(ctx, groupId);
|
|
235
|
-
return rows.filter((row) => matchesResolvedScope(row, scopeIds));
|
|
236
|
-
}
|
|
237
|
-
async function bridgeListProjectGrantsByPrincipalStatus(ctx, principalId, status) {
|
|
238
|
-
const rows = await listProjectGrantsByPrincipal(ctx, principalId);
|
|
239
|
-
return rows.filter((row) => row.status === status);
|
|
240
|
-
}
|
|
241
|
-
async function bridgeListProjectGrantsByGroupStatus(ctx, groupId, status) {
|
|
242
|
-
const rows = await listProjectGrantsByGroup(ctx, groupId);
|
|
243
|
-
return rows.filter((row) => row.status === status);
|
|
244
|
-
}
|
|
245
|
-
async function bridgeInsertProjectGrant(ctx, value) {
|
|
246
|
-
const resolved = await resolveGrantScopeIds(ctx, value);
|
|
247
|
-
return await ctx.db.insert("projectGrants", {
|
|
248
|
-
...value,
|
|
249
|
-
...resolved.topicId ? { topicId: resolved.topicId } : {},
|
|
250
|
-
...resolved.projectId ?? resolved.topicId ? { projectId: resolved.projectId ?? resolved.topicId } : {}
|
|
251
|
-
});
|
|
252
|
-
}
|
|
253
|
-
|
|
254
|
-
// ../access-control/src/resolvers.ts
|
|
255
|
-
async function findUserByClerkId(ctx, clerkId) {
|
|
256
|
-
const normalizedClerkId = clerkId.trim();
|
|
257
|
-
if (!normalizedClerkId) {
|
|
258
|
-
return null;
|
|
259
|
-
}
|
|
260
|
-
if (typeof ctx.runQuery === "function") {
|
|
261
|
-
try {
|
|
262
|
-
const bridgedUser = await ctx.runQuery(api.users.getUserByClerkId, {
|
|
263
|
-
clerkId: normalizedClerkId
|
|
264
|
-
});
|
|
265
|
-
if (bridgedUser) {
|
|
266
|
-
return bridgedUser;
|
|
267
|
-
}
|
|
268
|
-
} catch {
|
|
269
|
-
}
|
|
270
|
-
}
|
|
271
|
-
try {
|
|
272
|
-
const users = await ctx.db.query("users").collect();
|
|
273
|
-
return users.find((user) => String(user.clerkId ?? "") === normalizedClerkId) ?? null;
|
|
274
|
-
} catch {
|
|
275
|
-
return null;
|
|
276
|
-
}
|
|
277
|
-
}
|
|
278
|
-
async function findUserByPrincipalId(ctx, principalId) {
|
|
279
|
-
const normalizedPrincipalId = principalId.trim();
|
|
280
|
-
if (!normalizedPrincipalId) {
|
|
281
|
-
return null;
|
|
282
|
-
}
|
|
283
|
-
try {
|
|
284
|
-
const users = await ctx.db.query("users").collect();
|
|
285
|
-
return users.find(
|
|
286
|
-
(user) => String(user.defaultPrincipalId ?? "") === normalizedPrincipalId
|
|
287
|
-
) ?? null;
|
|
288
|
-
} catch {
|
|
289
|
-
return null;
|
|
290
|
-
}
|
|
291
|
-
}
|
|
292
|
-
async function findAgentByPrincipalId(ctx, principalId) {
|
|
293
|
-
const normalizedPrincipalId = principalId.trim();
|
|
294
|
-
if (!normalizedPrincipalId) {
|
|
295
|
-
return null;
|
|
296
|
-
}
|
|
297
|
-
if (typeof ctx.runQuery === "function") {
|
|
298
|
-
try {
|
|
299
|
-
const bridgedAgent = await ctx.runQuery(
|
|
300
|
-
api.agents.getAgentByPrincipalId,
|
|
301
|
-
{
|
|
302
|
-
principalId: normalizedPrincipalId
|
|
303
|
-
}
|
|
304
|
-
);
|
|
305
|
-
if (bridgedAgent) {
|
|
306
|
-
return bridgedAgent;
|
|
307
|
-
}
|
|
308
|
-
} catch {
|
|
309
|
-
}
|
|
310
|
-
}
|
|
311
|
-
try {
|
|
312
|
-
const agents = await ctx.db.query("agents").collect();
|
|
313
|
-
return agents.find(
|
|
314
|
-
(agent) => String(agent.principalId ?? "") === normalizedPrincipalId
|
|
315
|
-
) ?? null;
|
|
316
|
-
} catch {
|
|
317
|
-
return null;
|
|
318
|
-
}
|
|
319
|
-
}
|
|
320
|
-
function defaultResolvers() {
|
|
321
|
-
return {
|
|
322
|
-
async getProject(ctx, topicId) {
|
|
323
|
-
return await resolveTopicProjectOverlay(ctx, topicId, {
|
|
324
|
-
idMode: "legacy",
|
|
325
|
-
projectLikeOnly: false
|
|
326
|
-
});
|
|
327
|
-
},
|
|
328
|
-
async listTopics(ctx) {
|
|
329
|
-
return await listTopicProjectOverlays(ctx, { idMode: "legacy" });
|
|
330
|
-
},
|
|
331
|
-
async listTopicsByOwner(ctx, ownerId) {
|
|
332
|
-
const topics = await listTopicProjectOverlays(ctx, { idMode: "legacy" });
|
|
333
|
-
return topics.filter((topic) => topic.ownerId === ownerId);
|
|
334
|
-
},
|
|
335
|
-
async listTopicsByVisibility(ctx, visibility) {
|
|
336
|
-
const topics = await listTopicProjectOverlays(ctx, { idMode: "legacy" });
|
|
337
|
-
return topics.filter((topic) => topic.visibility === visibility);
|
|
338
|
-
},
|
|
339
|
-
async listProjectGrantsByProjectAndPrincipal(ctx, topicId, principalId) {
|
|
340
|
-
return await bridgeListProjectGrantsByTopicAndPrincipal(
|
|
341
|
-
ctx,
|
|
342
|
-
topicId,
|
|
343
|
-
principalId
|
|
344
|
-
);
|
|
345
|
-
},
|
|
346
|
-
async listProjectGrantsByProjectAndGroup(ctx, topicId, groupId) {
|
|
347
|
-
return await bridgeListProjectGrantsByTopicAndGroup(ctx, topicId, groupId);
|
|
348
|
-
},
|
|
349
|
-
async listProjectGrantsByPrincipalStatus(ctx, principalId, status) {
|
|
350
|
-
return await bridgeListProjectGrantsByPrincipalStatus(
|
|
351
|
-
ctx,
|
|
352
|
-
principalId,
|
|
353
|
-
status
|
|
354
|
-
);
|
|
355
|
-
},
|
|
356
|
-
async listProjectGrantsByGroupStatus(ctx, groupId, status) {
|
|
357
|
-
return await bridgeListProjectGrantsByGroupStatus(ctx, groupId, status);
|
|
358
|
-
},
|
|
359
|
-
async insertProjectGrant(ctx, value) {
|
|
360
|
-
return await bridgeInsertProjectGrant(ctx, value);
|
|
361
|
-
},
|
|
362
|
-
async getAgentByPrincipalId(ctx, principalId) {
|
|
363
|
-
return await findAgentByPrincipalId(ctx, principalId);
|
|
364
|
-
},
|
|
365
|
-
async getUserByClerkId(ctx, clerkId) {
|
|
366
|
-
return await findUserByClerkId(ctx, clerkId);
|
|
367
|
-
},
|
|
368
|
-
async getUserByPrincipalId(ctx, principalId) {
|
|
369
|
-
return await findUserByPrincipalId(ctx, principalId);
|
|
370
|
-
}
|
|
371
|
-
};
|
|
372
|
-
}
|
|
373
|
-
var resolverOverrides = {};
|
|
374
|
-
function resolveAccessControlAppResolvers(_ctx) {
|
|
375
|
-
return {
|
|
376
|
-
...defaultResolvers(),
|
|
377
|
-
...resolverOverrides
|
|
378
|
-
};
|
|
379
|
-
}
|
|
380
|
-
|
|
381
|
-
// ../access-control/src/principalContext.ts
|
|
382
|
-
function requireCanonicalResolvedUser(user, clerkId) {
|
|
383
|
-
const resolved = user;
|
|
384
|
-
if (!resolved) {
|
|
385
|
-
throw new Error(
|
|
386
|
-
`[AccessControl] Canonical user identity required for ${clerkId}. Sync users.upsertUser before user-bound access checks.`
|
|
387
|
-
);
|
|
388
|
-
}
|
|
389
|
-
const { mcRole, defaultTenantId, defaultWorkspaceId, defaultPrincipalId } = resolved;
|
|
390
|
-
if (mcRole !== "platform_admin" && mcRole !== "tenant_admin" && mcRole !== "workspace_admin" && mcRole !== "editor" && mcRole !== "viewer" && mcRole !== "auditor" && mcRole !== "service_agent") {
|
|
391
|
-
throw new Error(
|
|
392
|
-
`[AccessControl] Canonical MC role required for ${clerkId}. Re-sync Master Control identity before user-bound access checks.`
|
|
393
|
-
);
|
|
394
|
-
}
|
|
395
|
-
if (typeof defaultTenantId !== "string" || defaultTenantId.trim().length === 0) {
|
|
396
|
-
throw new Error(
|
|
397
|
-
`[AccessControl] Canonical home tenant required for ${clerkId}. Re-sync Master Control identity before user-bound access checks.`
|
|
398
|
-
);
|
|
399
|
-
}
|
|
400
|
-
if (typeof defaultWorkspaceId !== "string" || defaultWorkspaceId.trim().length === 0) {
|
|
401
|
-
throw new Error(
|
|
402
|
-
`[AccessControl] Canonical home workspace required for ${clerkId}. Re-sync Master Control identity before user-bound access checks.`
|
|
403
|
-
);
|
|
404
|
-
}
|
|
405
|
-
if (typeof defaultPrincipalId !== "string" || defaultPrincipalId.trim().length === 0) {
|
|
406
|
-
throw new Error(
|
|
407
|
-
`[AccessControl] Canonical federated principal required for ${clerkId}. Re-sync Master Control identity before user-bound access checks.`
|
|
408
|
-
);
|
|
409
|
-
}
|
|
410
|
-
return {
|
|
411
|
-
mcRole,
|
|
412
|
-
defaultTenantId: defaultTenantId.trim(),
|
|
413
|
-
defaultWorkspaceId: defaultWorkspaceId.trim(),
|
|
414
|
-
defaultPrincipalId: defaultPrincipalId.trim()
|
|
415
|
-
};
|
|
416
|
-
}
|
|
417
|
-
function isPrincipalIdInput(value) {
|
|
418
|
-
return value.startsWith("user:") || value.startsWith("group:") || value.startsWith("service:") || value.startsWith("agent:") || value.startsWith("external_viewer:");
|
|
419
|
-
}
|
|
420
|
-
async function resolveCanonicalUserRecord(ctx, actorId) {
|
|
421
|
-
const normalizedActorId = actorId.trim();
|
|
422
|
-
const clerkId = isPrincipalIdInput(normalizedActorId) && normalizedActorId.startsWith("user:") ? normalizedActorId.slice("user:".length) : normalizedActorId;
|
|
423
|
-
const resolvers = resolveAccessControlAppResolvers();
|
|
424
|
-
const resolvedByClerkId = await resolvers.getUserByClerkId(ctx, clerkId);
|
|
425
|
-
if (resolvedByClerkId) {
|
|
426
|
-
return {
|
|
427
|
-
resolvedUser: resolvedByClerkId,
|
|
428
|
-
clerkId,
|
|
429
|
-
contextClerkId: clerkId
|
|
430
|
-
};
|
|
431
|
-
}
|
|
432
|
-
const resolvedByPrincipalId = await resolvers.getUserByPrincipalId(
|
|
433
|
-
ctx,
|
|
434
|
-
normalizedActorId
|
|
435
|
-
);
|
|
436
|
-
return {
|
|
437
|
-
resolvedUser: resolvedByPrincipalId ?? null,
|
|
438
|
-
clerkId,
|
|
439
|
-
contextClerkId: normalizedActorId.startsWith("user:") && clerkId.length > 0 ? clerkId : normalizedActorId
|
|
440
|
-
};
|
|
441
|
-
}
|
|
442
|
-
function uniqRoles(roles) {
|
|
443
|
-
const roleSet = /* @__PURE__ */ new Set();
|
|
444
|
-
for (const role of roles) {
|
|
445
|
-
if (role === "platform_admin" || role === "tenant_admin" || role === "workspace_admin" || role === "editor" || role === "viewer" || role === "auditor" || role === "service_agent") {
|
|
446
|
-
roleSet.add(role);
|
|
447
|
-
}
|
|
448
|
-
}
|
|
449
|
-
return [...roleSet];
|
|
450
|
-
}
|
|
451
|
-
function normalizeGroupIds(value) {
|
|
452
|
-
if (!Array.isArray(value)) {
|
|
453
|
-
return [];
|
|
454
|
-
}
|
|
455
|
-
return [...new Set(
|
|
456
|
-
value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
|
|
457
|
-
)];
|
|
458
|
-
}
|
|
459
|
-
function requireServiceAgentUser(user, actorId) {
|
|
460
|
-
const canonicalUser = requireCanonicalResolvedUser(user, actorId);
|
|
461
|
-
if (canonicalUser.mcRole !== "service_agent") {
|
|
462
|
-
throw new Error(
|
|
463
|
-
`[AccessControl] Canonical service_agent identity required for ${actorId}. Sync users.upsertUser before agent-bound access checks.`
|
|
464
|
-
);
|
|
465
|
-
}
|
|
466
|
-
return canonicalUser;
|
|
467
|
-
}
|
|
468
|
-
function requireCanonicalResolvedAgent(agent, actorId) {
|
|
469
|
-
const resolved = agent;
|
|
470
|
-
if (!resolved) {
|
|
471
|
-
throw new Error(
|
|
472
|
-
`[AccessControl] Agent "${actorId}" not found in agents or users table.`
|
|
473
|
-
);
|
|
474
|
-
}
|
|
475
|
-
if (typeof resolved.principalId !== "string" || resolved.principalId.trim().length === 0) {
|
|
476
|
-
throw new Error(
|
|
477
|
-
`[AccessControl] Canonical agent principalId required for ${actorId}.`
|
|
478
|
-
);
|
|
479
|
-
}
|
|
480
|
-
if (typeof resolved.tenantId !== "string" || resolved.tenantId.trim().length === 0) {
|
|
481
|
-
throw new Error(
|
|
482
|
-
`[AccessControl] Canonical home tenant required for ${actorId}.`
|
|
483
|
-
);
|
|
484
|
-
}
|
|
485
|
-
if (typeof resolved.workspaceId !== "string" || resolved.workspaceId.trim().length === 0) {
|
|
486
|
-
throw new Error(
|
|
487
|
-
`[AccessControl] Canonical home workspace required for ${actorId}.`
|
|
488
|
-
);
|
|
489
|
-
}
|
|
490
|
-
return {
|
|
491
|
-
principalId: resolved.principalId.trim(),
|
|
492
|
-
tenantId: resolved.tenantId.trim(),
|
|
493
|
-
workspaceId: resolved.workspaceId.trim(),
|
|
494
|
-
roles: uniqRoles(Array.isArray(resolved.roles) ? resolved.roles : []) ?? ["service_agent"],
|
|
495
|
-
groupIds: normalizeGroupIds(resolved.groupIds)
|
|
496
|
-
};
|
|
497
|
-
}
|
|
498
|
-
async function resolvePrincipalContext(ctx, actorId) {
|
|
499
|
-
if (actorId.startsWith("agent:")) {
|
|
500
|
-
const resolvers = resolveAccessControlAppResolvers();
|
|
501
|
-
const resolvedAgent = await resolvers.getAgentByPrincipalId(ctx, actorId);
|
|
502
|
-
if (resolvedAgent) {
|
|
503
|
-
const agent = requireCanonicalResolvedAgent(
|
|
504
|
-
resolvedAgent,
|
|
505
|
-
actorId
|
|
506
|
-
);
|
|
507
|
-
return {
|
|
508
|
-
principalId: agent.principalId,
|
|
509
|
-
principalType: "service",
|
|
510
|
-
clerkId: actorId,
|
|
511
|
-
tenantId: agent.tenantId,
|
|
512
|
-
workspaceId: agent.workspaceId,
|
|
513
|
-
roles: agent.roles.length > 0 ? agent.roles : ["service_agent"],
|
|
514
|
-
groupIds: agent.groupIds,
|
|
515
|
-
isPlatformAdmin: false,
|
|
516
|
-
isTenantAdmin: false,
|
|
517
|
-
isWorkspaceAdmin: false,
|
|
518
|
-
isSystemFallback: false
|
|
519
|
-
};
|
|
520
|
-
}
|
|
521
|
-
const resolvedUser2 = await resolvers.getUserByClerkId(
|
|
522
|
-
ctx,
|
|
523
|
-
actorId
|
|
524
|
-
);
|
|
525
|
-
if (!resolvedUser2) {
|
|
526
|
-
throw new Error(
|
|
527
|
-
`[AccessControl] Agent "${actorId}" not found in agents or users table.`
|
|
528
|
-
);
|
|
529
|
-
}
|
|
530
|
-
const user2 = requireServiceAgentUser(
|
|
531
|
-
resolvedUser2,
|
|
532
|
-
actorId
|
|
533
|
-
);
|
|
534
|
-
console.warn(
|
|
535
|
-
`[AccessControl] Deprecated legacy service-agent fallback for ${actorId}; migrate this principal into identity.agents.`
|
|
536
|
-
);
|
|
537
|
-
return {
|
|
538
|
-
principalId: user2.defaultPrincipalId,
|
|
539
|
-
principalType: "service",
|
|
540
|
-
clerkId: actorId,
|
|
541
|
-
tenantId: user2.defaultTenantId,
|
|
542
|
-
workspaceId: user2.defaultWorkspaceId,
|
|
543
|
-
roles: ["service_agent"],
|
|
544
|
-
groupIds: normalizeGroupIds(resolvedUser2?.principalGroupIds),
|
|
545
|
-
isPlatformAdmin: false,
|
|
546
|
-
isTenantAdmin: false,
|
|
547
|
-
isWorkspaceAdmin: false,
|
|
548
|
-
isSystemFallback: false
|
|
549
|
-
};
|
|
550
|
-
}
|
|
551
|
-
const {
|
|
552
|
-
resolvedUser,
|
|
553
|
-
contextClerkId
|
|
554
|
-
} = await resolveCanonicalUserRecord(ctx, actorId);
|
|
555
|
-
const user = requireCanonicalResolvedUser(
|
|
556
|
-
resolvedUser,
|
|
557
|
-
contextClerkId
|
|
558
|
-
);
|
|
559
|
-
if (!user.defaultPrincipalId) {
|
|
560
|
-
throw new Error(
|
|
561
|
-
`[AccessControl] Canonical federated principal required for ${contextClerkId}. Re-sync Master Control identity before user-bound access checks.`
|
|
562
|
-
);
|
|
563
|
-
}
|
|
564
|
-
if (user.mcRole === "service_agent") {
|
|
565
|
-
return {
|
|
566
|
-
principalId: user.defaultPrincipalId,
|
|
567
|
-
principalType: "service",
|
|
568
|
-
clerkId: contextClerkId,
|
|
569
|
-
tenantId: user.defaultTenantId,
|
|
570
|
-
workspaceId: user.defaultWorkspaceId,
|
|
571
|
-
roles: ["service_agent"],
|
|
572
|
-
groupIds: normalizeGroupIds(resolvedUser?.principalGroupIds),
|
|
573
|
-
isPlatformAdmin: false,
|
|
574
|
-
isTenantAdmin: false,
|
|
575
|
-
isWorkspaceAdmin: false,
|
|
576
|
-
isSystemFallback: false
|
|
577
|
-
};
|
|
578
|
-
}
|
|
579
|
-
const principalId = user.defaultPrincipalId;
|
|
580
|
-
const effectiveRole = user.mcRole;
|
|
581
|
-
const roles = effectiveRole === "platform_admin" ? ["platform_admin", "tenant_admin"] : effectiveRole === "tenant_admin" ? ["tenant_admin"] : [effectiveRole];
|
|
582
|
-
const tenantId = user.defaultTenantId;
|
|
583
|
-
const workspaceId = user.defaultWorkspaceId;
|
|
584
|
-
const isPlatformAdmin = effectiveRole === "platform_admin";
|
|
585
|
-
return {
|
|
586
|
-
principalId,
|
|
587
|
-
principalType: "user",
|
|
588
|
-
clerkId: contextClerkId,
|
|
589
|
-
tenantId,
|
|
590
|
-
workspaceId,
|
|
591
|
-
roles: uniqRoles(roles),
|
|
592
|
-
groupIds: normalizeGroupIds(resolvedUser?.principalGroupIds),
|
|
593
|
-
isPlatformAdmin,
|
|
594
|
-
isTenantAdmin: isPlatformAdmin || effectiveRole === "tenant_admin",
|
|
595
|
-
isWorkspaceAdmin: isPlatformAdmin || effectiveRole === "tenant_admin" || effectiveRole === "workspace_admin",
|
|
596
|
-
isSystemFallback: false
|
|
597
|
-
};
|
|
598
|
-
}
|
|
599
|
-
|
|
600
|
-
// ../access-control/src/access.ts
|
|
601
|
-
function isTopicInPrincipalTenant(topic, principalTenantId) {
|
|
602
|
-
if (!topic.tenantId) {
|
|
603
|
-
return false;
|
|
604
|
-
}
|
|
605
|
-
if (!principalTenantId) {
|
|
606
|
-
return false;
|
|
607
|
-
}
|
|
608
|
-
return String(topic.tenantId) === String(principalTenantId);
|
|
609
|
-
}
|
|
610
|
-
function isTopicInPrincipalWorkspace(topic, principalWorkspaceId) {
|
|
611
|
-
if (!topic.workspaceId) {
|
|
612
|
-
return false;
|
|
613
|
-
}
|
|
614
|
-
if (!principalWorkspaceId) {
|
|
615
|
-
return false;
|
|
616
|
-
}
|
|
617
|
-
return String(topic.workspaceId) === String(principalWorkspaceId);
|
|
618
|
-
}
|
|
619
|
-
function isLegacyUnscopedTopic(topic) {
|
|
620
|
-
return !topic.tenantId || !topic.workspaceId;
|
|
621
|
-
}
|
|
622
|
-
function isGrantScopeAlignedToTopic(topic, grant) {
|
|
623
|
-
if (topic.tenantId && grant.tenantId && String(topic.tenantId) !== String(grant.tenantId)) {
|
|
624
|
-
return false;
|
|
625
|
-
}
|
|
626
|
-
if (topic.workspaceId && grant.workspaceId && String(topic.workspaceId) !== String(grant.workspaceId)) {
|
|
627
|
-
return false;
|
|
628
|
-
}
|
|
629
|
-
return true;
|
|
630
|
-
}
|
|
631
|
-
function isGrantSourceAllowedForVisibility(visibility, source) {
|
|
632
|
-
if (source !== "external_share") {
|
|
633
|
-
return true;
|
|
634
|
-
}
|
|
635
|
-
return visibility === "external" || visibility === "public";
|
|
636
|
-
}
|
|
637
|
-
function isGrantActive(grant) {
|
|
638
|
-
if (grant.status !== "active") {
|
|
639
|
-
return false;
|
|
640
|
-
}
|
|
641
|
-
if (grant.expiresAt !== void 0 && grant.expiresAt <= Date.now()) {
|
|
642
|
-
return false;
|
|
643
|
-
}
|
|
644
|
-
return true;
|
|
645
|
-
}
|
|
646
|
-
async function hasPrincipalGrant(ctx, args) {
|
|
647
|
-
const grants = await resolveAccessControlAppResolvers().listProjectGrantsByProjectAndPrincipal(
|
|
648
|
-
ctx,
|
|
649
|
-
args.topic._id,
|
|
650
|
-
args.principalId
|
|
651
|
-
);
|
|
652
|
-
if (grants.some(
|
|
653
|
-
(grant) => isGrantActive(grant) && isGrantScopeAlignedToTopic(args.topic, grant) && isGrantSourceAllowedForVisibility(
|
|
654
|
-
args.topic.visibility,
|
|
655
|
-
grant.source
|
|
656
|
-
) && (!args.principalIsExternal || args.topic.visibility === "public" || grant.source === "external_share")
|
|
657
|
-
)) {
|
|
658
|
-
return true;
|
|
659
|
-
}
|
|
660
|
-
return false;
|
|
661
|
-
}
|
|
662
|
-
async function hasGroupGrant(ctx, args) {
|
|
663
|
-
if (args.groupIds.length === 0) {
|
|
664
|
-
return false;
|
|
665
|
-
}
|
|
666
|
-
for (const groupId of args.groupIds) {
|
|
667
|
-
const grants = await resolveAccessControlAppResolvers().listProjectGrantsByProjectAndGroup(ctx, args.topic._id, groupId);
|
|
668
|
-
if (grants.some(
|
|
669
|
-
(grant) => isGrantActive(grant) && isGrantScopeAlignedToTopic(args.topic, grant) && isGrantSourceAllowedForVisibility(
|
|
670
|
-
args.topic.visibility,
|
|
671
|
-
grant.source
|
|
672
|
-
)
|
|
673
|
-
)) {
|
|
674
|
-
return true;
|
|
675
|
-
}
|
|
676
|
-
}
|
|
677
|
-
return false;
|
|
678
|
-
}
|
|
679
|
-
function isExternalPrincipal(_ctx, _args) {
|
|
680
|
-
return false;
|
|
681
|
-
}
|
|
682
|
-
async function evaluateTopicAccessDetailed(ctx, args) {
|
|
683
|
-
if (args.legacyUserId) {
|
|
684
|
-
return {
|
|
685
|
-
hasAccess: true,
|
|
686
|
-
isAdmin: false,
|
|
687
|
-
isOwner: false,
|
|
688
|
-
isShared: false,
|
|
689
|
-
hasGrant: true,
|
|
690
|
-
isFirmVisible: true,
|
|
691
|
-
isExternalVisible: false,
|
|
692
|
-
isPublicVisible: false,
|
|
693
|
-
isTenantScopeMatch: true,
|
|
694
|
-
isWorkspaceScopeMatch: true,
|
|
695
|
-
isPrincipalExternal: false
|
|
696
|
-
};
|
|
697
|
-
}
|
|
698
|
-
const topic = await resolveAccessControlAppResolvers().getProject(
|
|
699
|
-
ctx,
|
|
700
|
-
args.topicId
|
|
701
|
-
);
|
|
702
|
-
if (!topic) {
|
|
703
|
-
return {
|
|
704
|
-
hasAccess: false,
|
|
705
|
-
isAdmin: false,
|
|
706
|
-
isOwner: false,
|
|
707
|
-
isShared: false,
|
|
708
|
-
hasGrant: false,
|
|
709
|
-
isFirmVisible: false,
|
|
710
|
-
isExternalVisible: false,
|
|
711
|
-
isPublicVisible: false,
|
|
712
|
-
isTenantScopeMatch: false,
|
|
713
|
-
isWorkspaceScopeMatch: false,
|
|
714
|
-
isPrincipalExternal: false
|
|
715
|
-
};
|
|
716
|
-
}
|
|
717
|
-
const { principalContext, legacyUserId } = args;
|
|
718
|
-
const userIsAdmin = principalContext.isPlatformAdmin;
|
|
719
|
-
const isOwner = topic.ownerId === legacyUserId;
|
|
720
|
-
const isShared = (topic.sharedWith ?? []).includes(legacyUserId);
|
|
721
|
-
const principalIsExternal = await isExternalPrincipal(ctx, {
|
|
722
|
-
groupIds: principalContext.groupIds,
|
|
723
|
-
topicTenantId: topic.tenantId,
|
|
724
|
-
topicWorkspaceId: topic.workspaceId
|
|
725
|
-
});
|
|
726
|
-
const hasPrincipalGrantResult = await hasPrincipalGrant(ctx, {
|
|
727
|
-
topic,
|
|
728
|
-
principalId: principalContext.principalId,
|
|
729
|
-
principalIsExternal
|
|
730
|
-
});
|
|
731
|
-
const hasGroupGrantResult = await hasGroupGrant(ctx, {
|
|
732
|
-
topic,
|
|
733
|
-
groupIds: principalContext.groupIds
|
|
734
|
-
});
|
|
735
|
-
const hasGrant = isShared || hasPrincipalGrantResult || hasGroupGrantResult;
|
|
736
|
-
const legacyUnscoped = isLegacyUnscopedTopic(topic);
|
|
737
|
-
const tenantScopeMatch = isTopicInPrincipalTenant(
|
|
738
|
-
topic,
|
|
739
|
-
principalContext.tenantId
|
|
740
|
-
);
|
|
741
|
-
const workspaceScopeMatch = isTopicInPrincipalWorkspace(
|
|
742
|
-
topic,
|
|
743
|
-
principalContext.workspaceId
|
|
744
|
-
);
|
|
745
|
-
const isPublicVisible = topic.visibility === "public";
|
|
746
|
-
const isFirmVisible = topic.visibility === "firm" && !legacyUnscoped && tenantScopeMatch && workspaceScopeMatch && !principalIsExternal;
|
|
747
|
-
const hasScopedGrant = hasGrant && (legacyUnscoped || tenantScopeMatch && workspaceScopeMatch);
|
|
748
|
-
const isExternalVisible = topic.visibility === "external" && hasScopedGrant;
|
|
749
|
-
const hasAccess = userIsAdmin || isOwner || hasScopedGrant || isPublicVisible || isFirmVisible;
|
|
750
|
-
return {
|
|
751
|
-
hasAccess,
|
|
752
|
-
isAdmin: userIsAdmin,
|
|
753
|
-
isOwner,
|
|
754
|
-
isShared,
|
|
755
|
-
hasGrant,
|
|
756
|
-
isFirmVisible,
|
|
757
|
-
isExternalVisible,
|
|
758
|
-
isPublicVisible,
|
|
759
|
-
isTenantScopeMatch: tenantScopeMatch,
|
|
760
|
-
isWorkspaceScopeMatch: workspaceScopeMatch,
|
|
761
|
-
isPrincipalExternal: principalIsExternal
|
|
762
|
-
};
|
|
763
|
-
}
|
|
764
|
-
async function checkTopicAccessDetailed(ctx, topicId, userId) {
|
|
765
|
-
const principalContext = await resolvePrincipalContext(ctx, userId);
|
|
766
|
-
return evaluateTopicAccessDetailed(ctx, {
|
|
767
|
-
topicId,
|
|
768
|
-
legacyUserId: userId,
|
|
769
|
-
principalContext
|
|
770
|
-
});
|
|
771
|
-
}
|
|
772
|
-
async function checkTopicAccess(ctx, topicId, userId) {
|
|
773
|
-
const result = await checkTopicAccessDetailed(ctx, topicId, userId);
|
|
774
|
-
return result.hasAccess;
|
|
775
|
-
}
|
|
776
|
-
async function checkScopeAccess(ctx, scopeId, userId) {
|
|
777
|
-
try {
|
|
778
|
-
const topic = await ctx.db.get(scopeId);
|
|
779
|
-
if (topic && topic.name !== void 0 && topic.type !== void 0) {
|
|
780
|
-
return true;
|
|
781
|
-
}
|
|
782
|
-
} catch {
|
|
783
|
-
}
|
|
784
|
-
try {
|
|
785
|
-
return await checkTopicAccess(ctx, scopeId, userId);
|
|
786
|
-
} catch {
|
|
787
|
-
return false;
|
|
788
|
-
}
|
|
789
|
-
}
|
|
790
|
-
async function requireTopicAccess(ctx, topicId, userId) {
|
|
791
|
-
const hasAccess = await checkTopicAccess(ctx, topicId, userId);
|
|
792
|
-
if (!hasAccess) {
|
|
793
|
-
throw new Error(
|
|
794
|
-
"Access denied: You don't have permission to access this topic"
|
|
795
|
-
);
|
|
796
|
-
}
|
|
797
|
-
}
|
|
798
|
-
var requireProjectAccess = requireTopicAccess;
|
|
799
|
-
var permissiveReturn = v.optional(v.any());
|
|
800
|
-
var looseJsonObject = v.record(v.string(), v.any());
|
|
801
|
-
var looseJsonArray = v.array(v.any());
|
|
802
|
-
v.union(
|
|
803
|
-
v.string(),
|
|
804
|
-
v.number(),
|
|
805
|
-
v.boolean(),
|
|
806
|
-
v.null(),
|
|
807
|
-
looseJsonObject,
|
|
808
|
-
looseJsonArray
|
|
809
|
-
);
|
|
810
|
-
var api2 = anyApi;
|
|
811
|
-
componentsGeneric();
|
|
812
10
|
var internal = anyApi;
|
|
813
11
|
var mutation = mutationGeneric;
|
|
814
12
|
var query = queryGeneric;
|
|
@@ -845,17 +43,17 @@ function generateGlobalId() {
|
|
|
845
43
|
);
|
|
846
44
|
return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20)}`;
|
|
847
45
|
}
|
|
848
|
-
var
|
|
46
|
+
var LEGACY_SCOPE_FIELD = "graphScopeProjectId";
|
|
849
47
|
function asMappedProjectId(topic) {
|
|
850
48
|
if (!topic) {
|
|
851
49
|
return;
|
|
852
50
|
}
|
|
853
|
-
const directLegacyProjectId = normalizeScopeValue(topic[
|
|
51
|
+
const directLegacyProjectId = normalizeScopeValue(topic[LEGACY_SCOPE_FIELD]);
|
|
854
52
|
if (directLegacyProjectId) {
|
|
855
53
|
return directLegacyProjectId;
|
|
856
54
|
}
|
|
857
55
|
const metadata = topic.metadata || {};
|
|
858
|
-
const candidate = metadata[
|
|
56
|
+
const candidate = metadata[LEGACY_SCOPE_FIELD] || metadata.legacyProjectId || metadata.projectId || metadata.scopeProjectId;
|
|
859
57
|
return candidate ? candidate : void 0;
|
|
860
58
|
}
|
|
861
59
|
function normalizeScopeValue(value) {
|
|
@@ -884,7 +82,7 @@ async function findTopicsByScopeAlias(ctx, scopeId) {
|
|
|
884
82
|
try {
|
|
885
83
|
return await ctx.db.query("topics").withIndex(
|
|
886
84
|
"by_graph_scope_project",
|
|
887
|
-
(q) => q.eq(
|
|
85
|
+
(q) => q.eq(LEGACY_SCOPE_FIELD, scopeId)
|
|
888
86
|
).collect();
|
|
889
87
|
} catch {
|
|
890
88
|
const topics = await ctx.db.query("topics").collect();
|
|
@@ -900,7 +98,7 @@ async function tryResolveHostTopicById(ctx, topicId) {
|
|
|
900
98
|
return null;
|
|
901
99
|
}
|
|
902
100
|
try {
|
|
903
|
-
return await ctx.runQuery(
|
|
101
|
+
return await ctx.runQuery(api.topics.get, {
|
|
904
102
|
id: topicId
|
|
905
103
|
}) ?? null;
|
|
906
104
|
} catch {
|
|
@@ -912,7 +110,7 @@ async function tryResolveHostTopicByLegacyScope(ctx, legacyScopeId) {
|
|
|
912
110
|
return null;
|
|
913
111
|
}
|
|
914
112
|
try {
|
|
915
|
-
return await ctx.runQuery(
|
|
113
|
+
return await ctx.runQuery(api.topics.getByLegacyScopeId, {
|
|
916
114
|
projectId: legacyScopeId
|
|
917
115
|
}) ?? null;
|
|
918
116
|
} catch {
|
|
@@ -1031,597 +229,6 @@ async function resolveTopicProjectScope(ctx, args) {
|
|
|
1031
229
|
projectId: v.optional(v.string()),
|
|
1032
230
|
topicId: v.optional(v.string())
|
|
1033
231
|
});
|
|
1034
|
-
v.number();
|
|
1035
|
-
v.union(
|
|
1036
|
-
v.literal("very_high"),
|
|
1037
|
-
// 0.9+
|
|
1038
|
-
v.literal("high"),
|
|
1039
|
-
// 0.7-0.9
|
|
1040
|
-
v.literal("medium"),
|
|
1041
|
-
// 0.4-0.7
|
|
1042
|
-
v.literal("low"),
|
|
1043
|
-
// 0.2-0.4
|
|
1044
|
-
v.literal("very_low")
|
|
1045
|
-
// 0-0.2
|
|
1046
|
-
);
|
|
1047
|
-
v.union(
|
|
1048
|
-
v.literal(1),
|
|
1049
|
-
// Critical
|
|
1050
|
-
v.literal(2),
|
|
1051
|
-
// High
|
|
1052
|
-
v.literal(3),
|
|
1053
|
-
// Medium
|
|
1054
|
-
v.literal(4),
|
|
1055
|
-
// Low
|
|
1056
|
-
v.literal(5)
|
|
1057
|
-
// Backlog
|
|
1058
|
-
);
|
|
1059
|
-
v.union(
|
|
1060
|
-
v.literal("critical"),
|
|
1061
|
-
v.literal("high"),
|
|
1062
|
-
v.literal("medium"),
|
|
1063
|
-
v.literal("low"),
|
|
1064
|
-
v.literal("backlog")
|
|
1065
|
-
);
|
|
1066
|
-
v.union(
|
|
1067
|
-
v.literal("active"),
|
|
1068
|
-
v.literal("paused"),
|
|
1069
|
-
v.literal("completed"),
|
|
1070
|
-
v.literal("archived")
|
|
1071
|
-
);
|
|
1072
|
-
v.union(
|
|
1073
|
-
v.literal("pending"),
|
|
1074
|
-
v.literal("processing"),
|
|
1075
|
-
v.literal("completed"),
|
|
1076
|
-
v.literal("failed")
|
|
1077
|
-
);
|
|
1078
|
-
v.object({
|
|
1079
|
-
crunchbaseId: v.optional(v.string()),
|
|
1080
|
-
linkedinUrl: v.optional(v.string()),
|
|
1081
|
-
pitchbookId: v.optional(v.string()),
|
|
1082
|
-
twitterUrl: v.optional(v.string()),
|
|
1083
|
-
domain: v.optional(v.string())
|
|
1084
|
-
});
|
|
1085
|
-
var sourceType = v.union(
|
|
1086
|
-
v.literal("proprietary"),
|
|
1087
|
-
// Internal Stack research
|
|
1088
|
-
v.literal("primary"),
|
|
1089
|
-
// Direct interviews, calls
|
|
1090
|
-
v.literal("secondary"),
|
|
1091
|
-
// Published sources
|
|
1092
|
-
v.literal("ai_generated"),
|
|
1093
|
-
// AI-synthesized
|
|
1094
|
-
v.literal("user_input"),
|
|
1095
|
-
// Manual user entry
|
|
1096
|
-
v.literal("inferred")
|
|
1097
|
-
// System inference
|
|
1098
|
-
);
|
|
1099
|
-
v.object({
|
|
1100
|
-
sourceType: v.optional(sourceType),
|
|
1101
|
-
sourceId: v.optional(v.string()),
|
|
1102
|
-
// Reference to source entity
|
|
1103
|
-
sourceUrl: v.optional(v.string()),
|
|
1104
|
-
sourceDate: v.optional(v.number()),
|
|
1105
|
-
sourceName: v.optional(v.string())
|
|
1106
|
-
});
|
|
1107
|
-
v.object({
|
|
1108
|
-
cursor: v.optional(v.string()),
|
|
1109
|
-
limit: v.optional(v.number())
|
|
1110
|
-
});
|
|
1111
|
-
v.object({
|
|
1112
|
-
hasMore: v.boolean(),
|
|
1113
|
-
nextCursor: v.optional(v.string()),
|
|
1114
|
-
totalCount: v.optional(v.number())
|
|
1115
|
-
});
|
|
1116
|
-
var richTextContent = v.object({
|
|
1117
|
-
type: v.literal("doc"),
|
|
1118
|
-
content: looseJsonArray
|
|
1119
|
-
});
|
|
1120
|
-
v.union(v.string(), richTextContent);
|
|
1121
|
-
v.object({
|
|
1122
|
-
promptTokens: v.optional(v.number()),
|
|
1123
|
-
completionTokens: v.optional(v.number()),
|
|
1124
|
-
totalTokens: v.optional(v.number())
|
|
1125
|
-
});
|
|
1126
|
-
v.object({
|
|
1127
|
-
fileName: v.optional(v.string()),
|
|
1128
|
-
fileSize: v.optional(v.number()),
|
|
1129
|
-
mimeType: v.optional(v.string()),
|
|
1130
|
-
storageId: v.optional(v.id("_storage")),
|
|
1131
|
-
externalUrl: v.optional(v.string())
|
|
1132
|
-
});
|
|
1133
|
-
|
|
1134
|
-
// ../schema-management/src/spine/tables/epistemicNodes.ts
|
|
1135
|
-
var nodeType = v.union(
|
|
1136
|
-
// --- L4: Audit Targets (decisions, outcomes) ---
|
|
1137
|
-
v.literal("decision"),
|
|
1138
|
-
// Investment decision with knowledge horizon snapshot
|
|
1139
|
-
// --- L3: Traversal Anchors (epistemic structure) ---
|
|
1140
|
-
v.literal("belief"),
|
|
1141
|
-
// Structured conviction (immutable formulation)
|
|
1142
|
-
v.literal("question"),
|
|
1143
|
-
// Unit of uncertainty
|
|
1144
|
-
v.literal("theme"),
|
|
1145
|
-
// Investment thesis / conviction cluster
|
|
1146
|
-
v.literal("deal"),
|
|
1147
|
-
// Investment evaluation process
|
|
1148
|
-
v.literal("topic"),
|
|
1149
|
-
// Hierarchical knowledge container
|
|
1150
|
-
// --- L2: Compression Boundary (minimum reasoning unit) ---
|
|
1151
|
-
v.literal("claim"),
|
|
1152
|
-
// Atomic assertion that can be true/false
|
|
1153
|
-
v.literal("evidence"),
|
|
1154
|
-
// Interpreted signal linked to beliefs
|
|
1155
|
-
v.literal("synthesis"),
|
|
1156
|
-
// Primers, deep research
|
|
1157
|
-
v.literal("answer"),
|
|
1158
|
-
// Immutable answer snapshot for a question
|
|
1159
|
-
// --- L1: Terminal Leaves (non-traversable, grounding) ---
|
|
1160
|
-
v.literal("atomic_fact"),
|
|
1161
|
-
// Raw fact from source (not interpreted)
|
|
1162
|
-
v.literal("excerpt"),
|
|
1163
|
-
// Direct quote from source document
|
|
1164
|
-
v.literal("source"),
|
|
1165
|
-
// News, documents, transcripts
|
|
1166
|
-
// --- Ontological Entities (things in the world) ---
|
|
1167
|
-
v.literal("company"),
|
|
1168
|
-
// Organization (subtype: private, corporate, portfolio)
|
|
1169
|
-
v.literal("person"),
|
|
1170
|
-
// Individual (founder, expert, LP, contact)
|
|
1171
|
-
v.literal("investor"),
|
|
1172
|
-
// Investment entity (subtype: vc, lp, cvc, pe, family_office, angel)
|
|
1173
|
-
v.literal("function"),
|
|
1174
|
-
// What a company does (from classifier)
|
|
1175
|
-
v.literal("value_chain")
|
|
1176
|
-
// Market structure / value flow
|
|
1177
|
-
);
|
|
1178
|
-
var epistemicLayer = v.union(
|
|
1179
|
-
v.literal("L4"),
|
|
1180
|
-
// Decisions, outcomes - audit targets
|
|
1181
|
-
v.literal("L3"),
|
|
1182
|
-
// Beliefs, questions, themes - traversal anchors
|
|
1183
|
-
v.literal("L2"),
|
|
1184
|
-
// Claims, evidence, synthesis - compression boundary
|
|
1185
|
-
v.literal("L1"),
|
|
1186
|
-
// Atomic facts, excerpts, sources - terminal leaves
|
|
1187
|
-
v.literal("ontological"),
|
|
1188
|
-
// Companies, people, etc - not epistemic
|
|
1189
|
-
v.literal("organizational")
|
|
1190
|
-
// Topics, lenses, worktrees — structural containers
|
|
1191
|
-
);
|
|
1192
|
-
var nodeStatus = v.union(
|
|
1193
|
-
v.literal("active"),
|
|
1194
|
-
v.literal("superseded"),
|
|
1195
|
-
// Replaced by newer version
|
|
1196
|
-
v.literal("archived"),
|
|
1197
|
-
v.literal("deleted")
|
|
1198
|
-
);
|
|
1199
|
-
var sourceType2 = v.union(
|
|
1200
|
-
v.literal("human"),
|
|
1201
|
-
// User created directly
|
|
1202
|
-
v.literal("ai_extracted"),
|
|
1203
|
-
// LLM extracted from a source
|
|
1204
|
-
v.literal("ai_generated"),
|
|
1205
|
-
// LLM synthesized/created
|
|
1206
|
-
v.literal("imported"),
|
|
1207
|
-
// External system import
|
|
1208
|
-
v.literal("system"),
|
|
1209
|
-
// System-generated (migrations, classifiers)
|
|
1210
|
-
v.literal("verified"),
|
|
1211
|
-
// Human-verified source
|
|
1212
|
-
v.literal("proprietary")
|
|
1213
|
-
// Proprietary/internal data
|
|
1214
|
-
);
|
|
1215
|
-
var verificationStatus = v.union(
|
|
1216
|
-
v.literal("unverified"),
|
|
1217
|
-
v.literal("human_verified"),
|
|
1218
|
-
v.literal("ai_verified"),
|
|
1219
|
-
v.literal("contradicted"),
|
|
1220
|
-
v.literal("outdated")
|
|
1221
|
-
);
|
|
1222
|
-
var syncStatus = v.union(
|
|
1223
|
-
v.literal("synced"),
|
|
1224
|
-
// Node and edges fully synced to Neo4j
|
|
1225
|
-
v.literal("pending_edges"),
|
|
1226
|
-
// Node created, edges being created
|
|
1227
|
-
v.literal("edge_creation_failed")
|
|
1228
|
-
// Edge creation failed, needs retry
|
|
1229
|
-
);
|
|
1230
|
-
var audienceLabel = v.string();
|
|
1231
|
-
var sensitivityTier = v.union(
|
|
1232
|
-
v.literal("low"),
|
|
1233
|
-
v.literal("medium"),
|
|
1234
|
-
v.literal("high"),
|
|
1235
|
-
v.literal("restricted")
|
|
1236
|
-
);
|
|
1237
|
-
var exportClass = v.union(
|
|
1238
|
-
v.literal("internal_only"),
|
|
1239
|
-
v.literal("client_safe"),
|
|
1240
|
-
v.literal("public_safe"),
|
|
1241
|
-
v.literal("restricted")
|
|
1242
|
-
);
|
|
1243
|
-
var anonymizationClass = v.union(
|
|
1244
|
-
v.literal("none"),
|
|
1245
|
-
v.literal("standard"),
|
|
1246
|
-
v.literal("strict")
|
|
1247
|
-
);
|
|
1248
|
-
var epistemicStatus = v.union(
|
|
1249
|
-
v.literal("hypothesis"),
|
|
1250
|
-
// Initial conjecture, low evidence
|
|
1251
|
-
v.literal("emerging"),
|
|
1252
|
-
// Building evidence, gaining traction
|
|
1253
|
-
v.literal("established"),
|
|
1254
|
-
// Well-evidenced, core to thesis
|
|
1255
|
-
v.literal("challenged"),
|
|
1256
|
-
// Contradicting evidence appeared
|
|
1257
|
-
v.literal("assumption"),
|
|
1258
|
-
// Taken as given, not actively tested
|
|
1259
|
-
v.literal("deprecated")
|
|
1260
|
-
// Superseded or abandoned
|
|
1261
|
-
);
|
|
1262
|
-
var beliefStatus = v.union(
|
|
1263
|
-
v.literal("assumption"),
|
|
1264
|
-
v.literal("hypothesis"),
|
|
1265
|
-
v.literal("belief"),
|
|
1266
|
-
v.literal("fact")
|
|
1267
|
-
);
|
|
1268
|
-
var reversibility = v.union(
|
|
1269
|
-
v.literal("irreversible"),
|
|
1270
|
-
// One-way door decision
|
|
1271
|
-
v.literal("hard_to_reverse"),
|
|
1272
|
-
// Significant cost to undo
|
|
1273
|
-
v.literal("reversible"),
|
|
1274
|
-
// Can change course with moderate effort
|
|
1275
|
-
v.literal("trivial")
|
|
1276
|
-
// Easy to adjust
|
|
1277
|
-
);
|
|
1278
|
-
var predictionOutcome = v.union(
|
|
1279
|
-
v.literal("pending"),
|
|
1280
|
-
v.literal("confirmed"),
|
|
1281
|
-
v.literal("disconfirmed"),
|
|
1282
|
-
v.literal("partial"),
|
|
1283
|
-
v.literal("expired")
|
|
1284
|
-
);
|
|
1285
|
-
var predictionMeta = v.object({
|
|
1286
|
-
isPrediction: v.boolean(),
|
|
1287
|
-
registeredAt: v.number(),
|
|
1288
|
-
// When prediction was made
|
|
1289
|
-
expectedBy: v.optional(v.number()),
|
|
1290
|
-
// When we expect resolution
|
|
1291
|
-
outcome: v.optional(predictionOutcome),
|
|
1292
|
-
outcomeRecordedAt: v.optional(v.number()),
|
|
1293
|
-
outcomeEvidenceId: v.optional(v.string()),
|
|
1294
|
-
// globalId of confirming evidence
|
|
1295
|
-
confidenceAtPrediction: v.optional(v.number()),
|
|
1296
|
-
// 0-1
|
|
1297
|
-
actualVsPredicted: v.optional(v.string())
|
|
1298
|
-
// Notes on how outcome compared
|
|
1299
|
-
});
|
|
1300
|
-
var methodology = v.union(
|
|
1301
|
-
// Primary Research (high value)
|
|
1302
|
-
v.literal("primary_research"),
|
|
1303
|
-
// Direct investigation
|
|
1304
|
-
v.literal("expert_interview"),
|
|
1305
|
-
// Expert call/interview
|
|
1306
|
-
v.literal("customer_interview"),
|
|
1307
|
-
// Customer research
|
|
1308
|
-
v.literal("field_observation"),
|
|
1309
|
-
// On-site observation
|
|
1310
|
-
v.literal("proprietary_data"),
|
|
1311
|
-
// Internal data analysis
|
|
1312
|
-
// Secondary Research
|
|
1313
|
-
v.literal("desk_research"),
|
|
1314
|
-
// Public sources
|
|
1315
|
-
v.literal("regulatory_filing"),
|
|
1316
|
-
// SEC, regulatory docs
|
|
1317
|
-
v.literal("news_article"),
|
|
1318
|
-
// News/press
|
|
1319
|
-
v.literal("academic_paper"),
|
|
1320
|
-
// Academic research
|
|
1321
|
-
// AI-Assisted
|
|
1322
|
-
v.literal("ai_synthesis"),
|
|
1323
|
-
// AI-generated synthesis
|
|
1324
|
-
v.literal("ai_extraction")
|
|
1325
|
-
// AI-extracted from source
|
|
1326
|
-
);
|
|
1327
|
-
var informationAsymmetry = v.union(
|
|
1328
|
-
v.literal("proprietary"),
|
|
1329
|
-
// Only we have this
|
|
1330
|
-
v.literal("early"),
|
|
1331
|
-
// We're early but others will get it
|
|
1332
|
-
v.literal("common")
|
|
1333
|
-
// Everyone has access
|
|
1334
|
-
);
|
|
1335
|
-
var temporalNature = v.union(
|
|
1336
|
-
v.literal("factual"),
|
|
1337
|
-
// Resolved outcome. Grounded in reality.
|
|
1338
|
-
v.literal("forecast"),
|
|
1339
|
-
// Prediction. Will resolve. Discounted weight.
|
|
1340
|
-
v.literal("unknown")
|
|
1341
|
-
// Not yet classified.
|
|
1342
|
-
);
|
|
1343
|
-
var questionType = v.union(
|
|
1344
|
-
v.literal("validation"),
|
|
1345
|
-
// Does evidence support this belief?
|
|
1346
|
-
v.literal("falsification"),
|
|
1347
|
-
// What would prove this belief wrong?
|
|
1348
|
-
v.literal("assumption_probe"),
|
|
1349
|
-
// Is this unstated assumption true?
|
|
1350
|
-
v.literal("prediction_test"),
|
|
1351
|
-
// Will this predicted outcome occur?
|
|
1352
|
-
v.literal("counterfactual"),
|
|
1353
|
-
// What would we expect if X were false?
|
|
1354
|
-
v.literal("discovery"),
|
|
1355
|
-
// What don't we know yet?
|
|
1356
|
-
v.literal("clarification"),
|
|
1357
|
-
// What does X actually mean?
|
|
1358
|
-
v.literal("comparison"),
|
|
1359
|
-
// How does X compare to Y?
|
|
1360
|
-
v.literal("causal"),
|
|
1361
|
-
// What caused X?
|
|
1362
|
-
v.literal("mechanism"),
|
|
1363
|
-
// How does X work?
|
|
1364
|
-
v.literal("general")
|
|
1365
|
-
// Unclassified
|
|
1366
|
-
);
|
|
1367
|
-
var questionPriority = v.union(
|
|
1368
|
-
v.literal("critical"),
|
|
1369
|
-
// Blocks decision-making
|
|
1370
|
-
v.literal("high"),
|
|
1371
|
-
// Important for thesis
|
|
1372
|
-
v.literal("medium"),
|
|
1373
|
-
// Would be nice to know
|
|
1374
|
-
v.literal("low")
|
|
1375
|
-
// Background/curiosity
|
|
1376
|
-
);
|
|
1377
|
-
var answerQuality = v.union(
|
|
1378
|
-
v.literal("definitive"),
|
|
1379
|
-
// Clear, well-supported
|
|
1380
|
-
v.literal("strong"),
|
|
1381
|
-
// Good evidence, high confidence
|
|
1382
|
-
v.literal("moderate"),
|
|
1383
|
-
// Some evidence
|
|
1384
|
-
v.literal("weak"),
|
|
1385
|
-
// Limited evidence
|
|
1386
|
-
v.literal("speculative"),
|
|
1387
|
-
// Mostly conjecture
|
|
1388
|
-
v.literal("unanswered")
|
|
1389
|
-
// No answer yet
|
|
1390
|
-
);
|
|
1391
|
-
var consensusView = v.union(
|
|
1392
|
-
v.literal("aligned"),
|
|
1393
|
-
// We agree with market consensus
|
|
1394
|
-
v.literal("ahead_of"),
|
|
1395
|
-
// We see this before consensus does
|
|
1396
|
-
v.literal("contrarian"),
|
|
1397
|
-
// We actively disagree with consensus
|
|
1398
|
-
v.literal("orthogonal"),
|
|
1399
|
-
// We're looking at something consensus isn't discussing
|
|
1400
|
-
v.literal("unknown")
|
|
1401
|
-
// We don't know what consensus thinks
|
|
1402
|
-
);
|
|
1403
|
-
var themeConviction = v.union(
|
|
1404
|
-
v.literal("high"),
|
|
1405
|
-
// Strong conviction, actively deploying
|
|
1406
|
-
v.literal("medium"),
|
|
1407
|
-
// Building conviction
|
|
1408
|
-
v.literal("low"),
|
|
1409
|
-
// Exploring, not convicted
|
|
1410
|
-
v.literal("negative")
|
|
1411
|
-
// Actively avoiding
|
|
1412
|
-
);
|
|
1413
|
-
var decisionType = v.union(
|
|
1414
|
-
v.literal("invest"),
|
|
1415
|
-
v.literal("pass"),
|
|
1416
|
-
v.literal("follow_on"),
|
|
1417
|
-
v.literal("exit"),
|
|
1418
|
-
v.literal("deep_dive"),
|
|
1419
|
-
v.literal("monitor"),
|
|
1420
|
-
v.literal("deprioritize"),
|
|
1421
|
-
v.literal("thesis_adopt"),
|
|
1422
|
-
v.literal("thesis_revise"),
|
|
1423
|
-
v.literal("thesis_abandon")
|
|
1424
|
-
);
|
|
1425
|
-
var decisionOutcome = v.union(
|
|
1426
|
-
v.literal("pending"),
|
|
1427
|
-
v.literal("successful"),
|
|
1428
|
-
v.literal("unsuccessful"),
|
|
1429
|
-
v.literal("mixed"),
|
|
1430
|
-
v.literal("unknown")
|
|
1431
|
-
);
|
|
1432
|
-
var externalIds2 = v.object({
|
|
1433
|
-
crunchbase: v.optional(v.string()),
|
|
1434
|
-
linkedin: v.optional(v.string()),
|
|
1435
|
-
pitchbook: v.optional(v.string()),
|
|
1436
|
-
twitter: v.optional(v.string()),
|
|
1437
|
-
website: v.optional(v.string())
|
|
1438
|
-
});
|
|
1439
|
-
defineTable({
|
|
1440
|
-
// === IDENTITY ===
|
|
1441
|
-
globalId: v.string(),
|
|
1442
|
-
// UUID - survives migration to Neo4j
|
|
1443
|
-
// === TYPE ===
|
|
1444
|
-
nodeType,
|
|
1445
|
-
// === EPISTEMIC LAYER ===
|
|
1446
|
-
epistemicLayer: v.optional(epistemicLayer),
|
|
1447
|
-
// === SUBTYPE (for typed entities) ===
|
|
1448
|
-
subtype: v.optional(v.string()),
|
|
1449
|
-
// company: private|corporate|portfolio, investor: vc|lp|cvc|pe|family_office|angel
|
|
1450
|
-
// === CONTENT ===
|
|
1451
|
-
canonicalText: v.string(),
|
|
1452
|
-
// The core content (belief statement, company name, etc.)
|
|
1453
|
-
contentHash: v.string(),
|
|
1454
|
-
// SHA256(nodeType + canonicalText) for deduplication
|
|
1455
|
-
// Extended content (for sources/syntheses)
|
|
1456
|
-
content: v.optional(v.string()),
|
|
1457
|
-
// Full text for documents/articles
|
|
1458
|
-
contentType: v.optional(v.string()),
|
|
1459
|
-
// "markdown", "html", "pdf", "text"
|
|
1460
|
-
// === METADATA ===
|
|
1461
|
-
title: v.optional(v.string()),
|
|
1462
|
-
// Display title
|
|
1463
|
-
tags: v.optional(v.array(v.string())),
|
|
1464
|
-
domain: v.optional(v.string()),
|
|
1465
|
-
// For companies: website domain
|
|
1466
|
-
// Type-specific metadata (flexible object - LEGACY)
|
|
1467
|
-
// New code should use the typed fields below when available
|
|
1468
|
-
metadata: v.optional(looseJsonObject),
|
|
1469
|
-
// === POLICY / ENTITLEMENT ===
|
|
1470
|
-
tenantId: v.optional(v.string()),
|
|
1471
|
-
workspaceId: v.optional(v.string()),
|
|
1472
|
-
ownerPrincipalId: v.optional(v.string()),
|
|
1473
|
-
audienceLabel: v.optional(audienceLabel),
|
|
1474
|
-
policyTags: v.optional(v.array(v.string())),
|
|
1475
|
-
sensitivityTier: v.optional(sensitivityTier),
|
|
1476
|
-
exportClass: v.optional(exportClass),
|
|
1477
|
-
anonymizationClass: v.optional(anonymizationClass),
|
|
1478
|
-
// === PUBLICATION (visibility-based, not copy-based) ===
|
|
1479
|
-
// Publication expands who can see a workspace-local node — the node stays
|
|
1480
|
-
// in its workspace, like a microservice exposing part of its API surface.
|
|
1481
|
-
// Rules-based: pack/tenant-level publicationRules auto-evaluate on
|
|
1482
|
-
// confidence changes and node creation. No manual click-by-click.
|
|
1483
|
-
publicationStatus: v.optional(
|
|
1484
|
-
v.union(
|
|
1485
|
-
v.literal("unpublished"),
|
|
1486
|
-
// Default: workspace-local only
|
|
1487
|
-
v.literal("published"),
|
|
1488
|
-
// Visible at tenant scope (rules matched)
|
|
1489
|
-
v.literal("suppressed")
|
|
1490
|
-
// Manually blocked even if rules match
|
|
1491
|
-
)
|
|
1492
|
-
),
|
|
1493
|
-
publishedAt: v.optional(v.number()),
|
|
1494
|
-
// When publication status last changed to published
|
|
1495
|
-
publishedBy: v.optional(v.string()),
|
|
1496
|
-
// userId or "system:publication_rules" for auto-publish
|
|
1497
|
-
// === TYPED METADATA FIELDS ===
|
|
1498
|
-
// --- Belief ---
|
|
1499
|
-
// Belief type — validated against schemaEnumConfig category "belief_type"
|
|
1500
|
-
// Platform core: hypothesis, belief, principle, invariant, assumption,
|
|
1501
|
-
// tenet, prior, preference, goal, forecast
|
|
1502
|
-
beliefType: v.optional(v.string()),
|
|
1503
|
-
beliefStatus: v.optional(beliefStatus),
|
|
1504
|
-
epistemicStatus: v.optional(epistemicStatus),
|
|
1505
|
-
reversibility: v.optional(reversibility),
|
|
1506
|
-
predictionMeta: v.optional(predictionMeta),
|
|
1507
|
-
// Consensus tracking (for non-consensus detection)
|
|
1508
|
-
consensusView: v.optional(consensusView),
|
|
1509
|
-
consensusConfidence: v.optional(v.number()),
|
|
1510
|
-
// 0-1: What we think consensus confidence is
|
|
1511
|
-
consensusSource: v.optional(v.string()),
|
|
1512
|
-
// Where we got the consensus view (twitter, reports, etc.)
|
|
1513
|
-
// --- Evidence ---
|
|
1514
|
-
methodology: v.optional(methodology),
|
|
1515
|
-
informationAsymmetry: v.optional(informationAsymmetry),
|
|
1516
|
-
temporalNature: v.optional(temporalNature),
|
|
1517
|
-
// --- Question ---
|
|
1518
|
-
questionType: v.optional(questionType),
|
|
1519
|
-
questionPriority: v.optional(questionPriority),
|
|
1520
|
-
answerQuality: v.optional(answerQuality),
|
|
1521
|
-
// --- Theme ---
|
|
1522
|
-
themeConviction: v.optional(themeConviction),
|
|
1523
|
-
// Market timing (for "early on theme" detection)
|
|
1524
|
-
marketAwarenessDate: v.optional(v.number()),
|
|
1525
|
-
// When this theme became broadly discussed
|
|
1526
|
-
marketAwarenessSource: v.optional(v.string()),
|
|
1527
|
-
// How we know (first major report, twitter volume spike, etc.)
|
|
1528
|
-
earlySignalIds: v.optional(v.array(v.string())),
|
|
1529
|
-
// globalIds of evidence we had before market awareness
|
|
1530
|
-
// --- Decision ---
|
|
1531
|
-
decisionType: v.optional(decisionType),
|
|
1532
|
-
decisionOutcome: v.optional(decisionOutcome),
|
|
1533
|
-
// === EXTERNAL IDS (for ontological entities) ===
|
|
1534
|
-
externalIds: v.optional(externalIds2),
|
|
1535
|
-
// === PROVENANCE ===
|
|
1536
|
-
sourceType: sourceType2,
|
|
1537
|
-
aiProvider: v.optional(v.string()),
|
|
1538
|
-
// "claude", "gemini", "gpt-4", etc.
|
|
1539
|
-
extractedFromNodeId: v.optional(v.id("epistemicNodes")),
|
|
1540
|
-
// Quick reference to source
|
|
1541
|
-
// === EXTRACTION CONTEXT ===
|
|
1542
|
-
extractionModel: v.optional(v.string()),
|
|
1543
|
-
// "claude-sonnet-4-20250514"
|
|
1544
|
-
extractionPromptName: v.optional(v.string()),
|
|
1545
|
-
// "lucern/extract-evidence"
|
|
1546
|
-
extractionPromptVersion: v.optional(v.number()),
|
|
1547
|
-
extractionTemperature: v.optional(v.number()),
|
|
1548
|
-
extractionLangfuseTraceId: v.optional(v.string()),
|
|
1549
|
-
// === GROUNDING VERIFICATION ===
|
|
1550
|
-
groundingVerified: v.optional(v.boolean()),
|
|
1551
|
-
groundingConfidence: v.optional(v.number()),
|
|
1552
|
-
// 0-1 match quality
|
|
1553
|
-
groundingMatchedText: v.optional(v.string()),
|
|
1554
|
-
// Actual text from source
|
|
1555
|
-
groundingStartOffset: v.optional(v.number()),
|
|
1556
|
-
groundingEndOffset: v.optional(v.number()),
|
|
1557
|
-
groundingRejectionReason: v.optional(v.string()),
|
|
1558
|
-
// === CONFIDENCE & VERIFICATION ===
|
|
1559
|
-
confidence: v.optional(v.number()),
|
|
1560
|
-
// 0-1 projected probability P(x) = b + a*u
|
|
1561
|
-
verificationStatus: v.optional(verificationStatus),
|
|
1562
|
-
// === SL OPINION (Subjective Logic — Kernel v2) ===
|
|
1563
|
-
// Replaces scalar confidence with rich epistemic state.
|
|
1564
|
-
// b + d + u = 1. P(x) = b + a*u is stored in `confidence` for backward compat.
|
|
1565
|
-
opinion_b: v.optional(v.number()),
|
|
1566
|
-
// Belief: evidence FOR (0-1)
|
|
1567
|
-
opinion_d: v.optional(v.number()),
|
|
1568
|
-
// Disbelief: evidence AGAINST (0-1)
|
|
1569
|
-
opinion_u: v.optional(v.number()),
|
|
1570
|
-
// Uncertainty: absence of evidence (0-1)
|
|
1571
|
-
opinion_a: v.optional(v.number()),
|
|
1572
|
-
// Base rate / prior probability (0-1)
|
|
1573
|
-
tupleContradicted: v.optional(v.boolean()),
|
|
1574
|
-
// Single-belief tuple-space contradiction flag
|
|
1575
|
-
// === LIFECYCLE ===
|
|
1576
|
-
status: nodeStatus,
|
|
1577
|
-
supersededBy: v.optional(v.id("epistemicNodes")),
|
|
1578
|
-
// === OWNERSHIP ===
|
|
1579
|
-
topicId: v.optional(v.string()),
|
|
1580
|
-
// Canonical scope container (topic-first model)
|
|
1581
|
-
projectId: v.optional(v.string()),
|
|
1582
|
-
// DEPRECATED: Use belongs_to edges
|
|
1583
|
-
createdBy: v.string(),
|
|
1584
|
-
// Clerk user ID
|
|
1585
|
-
createdAt: v.number(),
|
|
1586
|
-
updatedAt: v.number(),
|
|
1587
|
-
// === NEO4J SYNC STATUS ===
|
|
1588
|
-
syncStatus: v.optional(syncStatus),
|
|
1589
|
-
syncError: v.optional(v.string())
|
|
1590
|
-
// Error message if sync failed
|
|
1591
|
-
}).index("by_globalId", ["globalId"]).index("by_contentHash", ["contentHash"]).index("by_nodeType", ["nodeType"]).index("by_subtype", ["nodeType", "subtype"]).index("by_domain", ["domain"]).index("by_project", ["projectId"]).index("by_project_type", ["projectId", "nodeType"]).index("by_topic", ["topicId"]).index("by_topic_type", ["topicId", "nodeType"]).index("by_tenantId", ["tenantId"]).index("by_workspaceId", ["workspaceId"]).index("by_tenant_workspace", ["tenantId", "workspaceId"]).index("by_audienceLabel", ["audienceLabel"]).index("by_sensitivityTier", ["sensitivityTier"]).index("by_exportClass", ["exportClass"]).index("by_status", ["status"]).index("by_sourceType", ["sourceType"]).index("by_verification", ["verificationStatus"]).index("by_layer", ["epistemicLayer"]).index("by_layer_type", ["epistemicLayer", "nodeType"]).index("by_syncStatus", ["syncStatus"]).index("by_publicationStatus", ["publicationStatus"]).index("by_tenant_publicationStatus", ["tenantId", "publicationStatus"]).index("by_belief_status", ["nodeType", "beliefStatus"]).index("by_epistemic_status", ["nodeType", "epistemicStatus"]).index("by_temporal_nature", ["nodeType", "temporalNature"]).index("by_methodology", ["nodeType", "methodology"]).index("by_reversibility", ["nodeType", "reversibility"]).index("by_questionType", ["nodeType", "questionType"]).index("by_questionPriority", ["nodeType", "questionPriority"]).searchIndex("search_canonicalText", {
|
|
1592
|
-
searchField: "canonicalText",
|
|
1593
|
-
filterFields: ["nodeType", "projectId", "topicId", "status"]
|
|
1594
|
-
});
|
|
1595
|
-
function getLayerForNodeType(type) {
|
|
1596
|
-
switch (type) {
|
|
1597
|
-
case "decision":
|
|
1598
|
-
return "L4";
|
|
1599
|
-
case "belief":
|
|
1600
|
-
case "question":
|
|
1601
|
-
case "theme":
|
|
1602
|
-
case "deal":
|
|
1603
|
-
return "L3";
|
|
1604
|
-
case "claim":
|
|
1605
|
-
case "evidence":
|
|
1606
|
-
case "synthesis":
|
|
1607
|
-
case "answer":
|
|
1608
|
-
return "L2";
|
|
1609
|
-
case "atomic_fact":
|
|
1610
|
-
case "excerpt":
|
|
1611
|
-
case "source":
|
|
1612
|
-
return "L1";
|
|
1613
|
-
case "topic":
|
|
1614
|
-
return "organizational";
|
|
1615
|
-
case "company":
|
|
1616
|
-
case "person":
|
|
1617
|
-
case "investor":
|
|
1618
|
-
case "function":
|
|
1619
|
-
case "value_chain":
|
|
1620
|
-
return "ontological";
|
|
1621
|
-
}
|
|
1622
|
-
}
|
|
1623
|
-
|
|
1624
|
-
// src/workspaceIsolation.ts
|
|
1625
232
|
function normalizeScopeValue2(value) {
|
|
1626
233
|
if (typeof value !== "string") {
|
|
1627
234
|
return;
|
|
@@ -1639,7 +246,7 @@ function throwWorkspaceIsolationError(args) {
|
|
|
1639
246
|
throw error;
|
|
1640
247
|
}
|
|
1641
248
|
function assertWorkspaceScopedEpistemicNodeScope(args) {
|
|
1642
|
-
const layer = getLayerForNodeType(args.nodeType);
|
|
249
|
+
const layer = isNodeType(args.nodeType) ? getLayerForNodeType(args.nodeType) : void 0;
|
|
1643
250
|
if (layer === "ontological") {
|
|
1644
251
|
return;
|
|
1645
252
|
}
|
|
@@ -1670,7 +277,7 @@ function throwStructuredSourceError(args) {
|
|
|
1670
277
|
error.details = args.details;
|
|
1671
278
|
throw error;
|
|
1672
279
|
}
|
|
1673
|
-
function
|
|
280
|
+
function normalizeString(value) {
|
|
1674
281
|
if (typeof value !== "string") {
|
|
1675
282
|
return void 0;
|
|
1676
283
|
}
|
|
@@ -1689,16 +296,16 @@ function normalizeMetadata(metadata) {
|
|
|
1689
296
|
return rest;
|
|
1690
297
|
}
|
|
1691
298
|
function generateSourceContentHash(identity) {
|
|
1692
|
-
const
|
|
299
|
+
const content = `source:${identity.trim().toLowerCase()}`;
|
|
1693
300
|
let hash = 5381;
|
|
1694
|
-
for (let index = 0; index <
|
|
1695
|
-
hash = (hash << 5) + hash +
|
|
301
|
+
for (let index = 0; index < content.length; index += 1) {
|
|
302
|
+
hash = (hash << 5) + hash + content.charCodeAt(index);
|
|
1696
303
|
hash &= hash;
|
|
1697
304
|
}
|
|
1698
305
|
return Math.abs(hash).toString(16).padStart(8, "0");
|
|
1699
306
|
}
|
|
1700
307
|
function normalizeSourceUrl(url) {
|
|
1701
|
-
const trimmed =
|
|
308
|
+
const trimmed = normalizeString(url);
|
|
1702
309
|
if (!trimmed) {
|
|
1703
310
|
throwStructuredSourceError({
|
|
1704
311
|
message: "Source URL is required.",
|
|
@@ -1741,10 +348,10 @@ async function findSourceByIdentity(ctx, args) {
|
|
|
1741
348
|
let shaMatch = null;
|
|
1742
349
|
for (const node of sourceNodes) {
|
|
1743
350
|
const metadata = asRecord(node.metadata);
|
|
1744
|
-
if (args.normalizedUrl &&
|
|
351
|
+
if (args.normalizedUrl && normalizeString(metadata.url) === args.normalizedUrl && !urlMatch) {
|
|
1745
352
|
urlMatch = node;
|
|
1746
353
|
}
|
|
1747
|
-
if (args.sha &&
|
|
354
|
+
if (args.sha && normalizeString(metadata.contentSha) === args.sha && !shaMatch) {
|
|
1748
355
|
shaMatch = node;
|
|
1749
356
|
}
|
|
1750
357
|
if (urlMatch && (!args.sha || shaMatch)) {
|
|
@@ -1790,10 +397,10 @@ function buildSourceMetadata(args) {
|
|
|
1790
397
|
}
|
|
1791
398
|
function sourceEmbeddingText(args) {
|
|
1792
399
|
const lines = [
|
|
1793
|
-
|
|
1794
|
-
|
|
400
|
+
normalizeString(args.title),
|
|
401
|
+
normalizeString(args.url),
|
|
1795
402
|
args.kind,
|
|
1796
|
-
|
|
403
|
+
normalizeString(args.metadata.sourceDescription)
|
|
1797
404
|
].filter((value) => Boolean(value));
|
|
1798
405
|
return lines.join("\n");
|
|
1799
406
|
}
|
|
@@ -1810,8 +417,8 @@ var upsertSource = mutation({
|
|
|
1810
417
|
},
|
|
1811
418
|
returns: permissiveReturn,
|
|
1812
419
|
handler: async (ctx, args) => {
|
|
1813
|
-
const normalizedUrl =
|
|
1814
|
-
const sha =
|
|
420
|
+
const normalizedUrl = normalizeString(args.url) ? normalizeSourceUrl(args.url) : void 0;
|
|
421
|
+
const sha = normalizeString(args.sha);
|
|
1815
422
|
if (!normalizedUrl && !sha) {
|
|
1816
423
|
throwStructuredSourceError({
|
|
1817
424
|
message: "Source identity requires a URL or content SHA.",
|
|
@@ -1836,7 +443,7 @@ var upsertSource = mutation({
|
|
|
1836
443
|
});
|
|
1837
444
|
}
|
|
1838
445
|
const existingMetadata = asRecord(existing.metadata);
|
|
1839
|
-
const existingSha =
|
|
446
|
+
const existingSha = normalizeString(existingMetadata.contentSha);
|
|
1840
447
|
if (sha && existingSha && existingSha !== sha) {
|
|
1841
448
|
throwStructuredSourceError({
|
|
1842
449
|
message: "Same URL cannot be reused with a different content hash.",
|
|
@@ -1862,7 +469,7 @@ var upsertSource = mutation({
|
|
|
1862
469
|
metadata: nextMetadata2,
|
|
1863
470
|
updatedAt: now
|
|
1864
471
|
};
|
|
1865
|
-
const title2 =
|
|
472
|
+
const title2 = normalizeString(args.title);
|
|
1866
473
|
if (title2) {
|
|
1867
474
|
patch.title = title2;
|
|
1868
475
|
patch.canonicalText = title2;
|
|
@@ -1891,7 +498,7 @@ var upsertSource = mutation({
|
|
|
1891
498
|
});
|
|
1892
499
|
return await ctx.db.get(existing._id) ?? existing;
|
|
1893
500
|
}
|
|
1894
|
-
if (!
|
|
501
|
+
if (!normalizeString(args.topicId)) {
|
|
1895
502
|
throwStructuredSourceError({
|
|
1896
503
|
message: "topicId is required when creating a new source.",
|
|
1897
504
|
status: 400,
|
|
@@ -1912,7 +519,7 @@ var upsertSource = mutation({
|
|
|
1912
519
|
await requireProjectAccess(ctx, scope.projectId, args.userId);
|
|
1913
520
|
}
|
|
1914
521
|
const globalId = generateGlobalId();
|
|
1915
|
-
const title =
|
|
522
|
+
const title = normalizeString(args.title);
|
|
1916
523
|
const nextMetadata = buildSourceMetadata({
|
|
1917
524
|
normalizedUrl,
|
|
1918
525
|
sha,
|
|
@@ -2011,7 +618,7 @@ var findBySha = query({
|
|
|
2011
618
|
},
|
|
2012
619
|
returns: permissiveReturn,
|
|
2013
620
|
handler: async (ctx, args) => {
|
|
2014
|
-
const sha =
|
|
621
|
+
const sha = normalizeString(args.sha);
|
|
2015
622
|
if (!sha) {
|
|
2016
623
|
return null;
|
|
2017
624
|
}
|