@lucern/graph-primitives 0.1.0-alpha.4 → 0.3.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (78) hide show
  1. package/dist/beliefDecay.js +229 -1115
  2. package/dist/beliefDecay.js.map +1 -1
  3. package/dist/beliefEvidenceLinks.js +53 -834
  4. package/dist/beliefEvidenceLinks.js.map +1 -1
  5. package/dist/confidencePropagationDispatch.d.ts +3 -3
  6. package/dist/confidencePropagationDispatch.js +30 -308
  7. package/dist/confidencePropagationDispatch.js.map +1 -1
  8. package/dist/contradictions.js +5 -797
  9. package/dist/contradictions.js.map +1 -1
  10. package/dist/edges/contradicts.js +1 -122
  11. package/dist/edges/contradicts.js.map +1 -1
  12. package/dist/edges/dependsOn.js +14 -172
  13. package/dist/edges/dependsOn.js.map +1 -1
  14. package/dist/edges/elaborates.js +1 -49
  15. package/dist/edges/elaborates.js.map +1 -1
  16. package/dist/edges/index.js +14 -277
  17. package/dist/edges/index.js.map +1 -1
  18. package/dist/edges/informs.js +1 -62
  19. package/dist/edges/informs.js.map +1 -1
  20. package/dist/edges/propagationTypes.d.ts +2 -2
  21. package/dist/edges/propagationTypes.js.map +1 -1
  22. package/dist/edges/refutes.js +1 -62
  23. package/dist/edges/refutes.js.map +1 -1
  24. package/dist/edges/supports.js +1 -122
  25. package/dist/edges/supports.js.map +1 -1
  26. package/dist/edges/utils.d.ts +6 -6
  27. package/dist/edges/utils.js +1 -130
  28. package/dist/edges/utils.js.map +1 -1
  29. package/dist/entityBridge.js +2 -17
  30. package/dist/entityBridge.js.map +1 -1
  31. package/dist/entityLifecycle.js +62 -848
  32. package/dist/entityLifecycle.js.map +1 -1
  33. package/dist/epistemicAnswers.js +27 -838
  34. package/dist/epistemicAnswers.js.map +1 -1
  35. package/dist/epistemicBeliefs.js +186 -2214
  36. package/dist/epistemicBeliefs.js.map +1 -1
  37. package/dist/epistemicContractHelpers.js +1 -318
  38. package/dist/epistemicContractHelpers.js.map +1 -1
  39. package/dist/epistemicContracts.js +163 -2467
  40. package/dist/epistemicContracts.js.map +1 -1
  41. package/dist/epistemicEdges.js +60 -863
  42. package/dist/epistemicEdges.js.map +1 -1
  43. package/dist/epistemicEvidence.js +116 -1647
  44. package/dist/epistemicEvidence.js.map +1 -1
  45. package/dist/epistemicHelpers.js +3 -2
  46. package/dist/epistemicHelpers.js.map +1 -1
  47. package/dist/epistemicLinking.js +2 -785
  48. package/dist/epistemicLinking.js.map +1 -1
  49. package/dist/epistemicNodes.js +34 -1427
  50. package/dist/epistemicNodes.js.map +1 -1
  51. package/dist/epistemicQuestions.js +88 -1637
  52. package/dist/epistemicQuestions.js.map +1 -1
  53. package/dist/epistemicSources.js +28 -1421
  54. package/dist/epistemicSources.js.map +1 -1
  55. package/dist/evaluators/index.js +163 -2467
  56. package/dist/evaluators/index.js.map +1 -1
  57. package/dist/index.js +486 -3649
  58. package/dist/index.js.map +1 -1
  59. package/dist/ontology-matching.js +1 -344
  60. package/dist/ontology-matching.js.map +1 -1
  61. package/dist/ontologyApproval.js +1 -13
  62. package/dist/ontologyApproval.js.map +1 -1
  63. package/dist/ontologyDefinitions.js +2 -17
  64. package/dist/ontologyDefinitions.js.map +1 -1
  65. package/dist/ontologyRegistry.js +2 -17
  66. package/dist/ontologyRegistry.js.map +1 -1
  67. package/dist/projectionReconciliation.js +2 -17
  68. package/dist/projectionReconciliation.js.map +1 -1
  69. package/dist/questionEvidenceLinks.js +242 -837
  70. package/dist/questionEvidenceLinks.js.map +1 -1
  71. package/dist/text-matching.js +1 -244
  72. package/dist/text-matching.js.map +1 -1
  73. package/dist/workflowBridge.d.ts +27 -0
  74. package/dist/workflowBridge.js +303 -0
  75. package/dist/workflowBridge.js.map +1 -0
  76. package/dist/workspaceIsolation.js +8 -609
  77. package/dist/workspaceIsolation.js.map +1 -1
  78. package/package.json +6 -6
@@ -1,814 +1,12 @@
1
1
  import { v } from 'convex/values';
2
- import { componentsGeneric, defineTable, mutationGeneric, anyApi, queryGeneric } from 'convex/server';
2
+ import { checkScopeAccess, requireProjectAccess } from '@lucern/access-control/access';
3
+ import { permissiveReturn } from '@lucern/contracts/schema-helpers/validators';
4
+ import { componentsGeneric, mutationGeneric, anyApi, queryGeneric } from 'convex/server';
5
+ import { isNodeType, getLayerForNodeType } from '@lucern/contracts/schema-helpers/spine/tables/epistemicNodes';
3
6
 
4
7
  // src/epistemicSources.ts
5
8
  var api = anyApi;
6
9
  componentsGeneric();
7
-
8
- // ../access-control/src/topicProjectOverlay.ts
9
- var LEGACY_SCOPE_FIELD = "graphScopeProjectId";
10
- function readNonEmptyString(value) {
11
- if (typeof value !== "string") {
12
- return;
13
- }
14
- const normalized = value.trim();
15
- return normalized.length > 0 ? normalized : void 0;
16
- }
17
- function readStringArray(value) {
18
- if (!Array.isArray(value)) {
19
- return [];
20
- }
21
- return value.map((entry) => readNonEmptyString(entry)).filter((entry) => Boolean(entry));
22
- }
23
- function readMetadata(topic) {
24
- return topic.metadata && typeof topic.metadata === "object" ? topic.metadata : {};
25
- }
26
- function readLegacyProjectId(value) {
27
- if (!value) {
28
- return;
29
- }
30
- return readNonEmptyString(value[LEGACY_SCOPE_FIELD]);
31
- }
32
- function coerceVisibility(value) {
33
- return value === "private" || value === "team" || value === "firm" || value === "external" || value === "public" ? value : void 0;
34
- }
35
- function coerceStatus(value) {
36
- return value === "active" || value === "archived" || value === "watching" ? value : void 0;
37
- }
38
- function mapProjectType(topic, metadata) {
39
- const explicit = readNonEmptyString(metadata.projectType);
40
- if (explicit) {
41
- return explicit;
42
- }
43
- if (topic.type === "theme") {
44
- return "thematic";
45
- }
46
- return readNonEmptyString(topic.type) || "general";
47
- }
48
- function isProjectLikeTopic(topic) {
49
- const metadata = readMetadata(topic);
50
- return topic.type === "theme" || topic.type === "thematic" || topic.type === "deal" || topic.type === "monitoring" || readLegacyProjectId(topic) !== void 0 || readNonEmptyString(metadata.projectType) !== void 0;
51
- }
52
- async function resolveTopicDoc(ctx, scopeId) {
53
- if (ctx?.db && typeof ctx.db.get === "function") {
54
- try {
55
- const directTopic = await ctx.db.get(scopeId);
56
- if (directTopic) {
57
- return directTopic;
58
- }
59
- } catch {
60
- }
61
- }
62
- if (typeof ctx.runQuery !== "function") {
63
- return null;
64
- }
65
- try {
66
- const topic = await ctx.runQuery(api.topics.get, {
67
- id: String(scopeId)
68
- });
69
- if (topic?.name !== void 0 && topic?.type !== void 0) {
70
- return topic;
71
- }
72
- } catch {
73
- }
74
- try {
75
- const topic = await ctx.runQuery(api.topics.getByLegacyScopeId, {
76
- projectId: String(scopeId)
77
- });
78
- if (topic?.name !== void 0 && topic?.type !== void 0) {
79
- return topic;
80
- }
81
- } catch {
82
- }
83
- return null;
84
- }
85
- function materializeTopicProjectOverlay(topic, idMode = "legacy") {
86
- const metadata = readMetadata(topic);
87
- const topicId = String(topic._id);
88
- const legacyProjectId = readLegacyProjectId(topic) || readLegacyProjectId(metadata) || readNonEmptyString(metadata.legacyProjectId);
89
- const storageProjectId = legacyProjectId || topicId;
90
- const outwardId = idMode === "topic" ? topicId : storageProjectId;
91
- const visibility = coerceVisibility(topic.visibility) || coerceVisibility(metadata.visibility) || "private";
92
- const status = coerceStatus(topic.status) || coerceStatus(metadata.status) || "active";
93
- const createdAt = typeof topic.createdAt === "number" ? topic.createdAt : typeof topic._creationTime === "number" ? topic._creationTime : 0;
94
- const updatedAt = typeof topic.updatedAt === "number" ? topic.updatedAt : typeof metadata.updatedAt === "number" ? metadata.updatedAt : createdAt;
95
- return {
96
- ...metadata,
97
- _id: outwardId,
98
- projectId: outwardId,
99
- topicId,
100
- storageProjectId,
101
- legacyProjectId,
102
- name: readNonEmptyString(topic.name) || "Untitled Theme",
103
- type: mapProjectType(topic, metadata),
104
- description: readNonEmptyString(topic.description),
105
- ownerId: readNonEmptyString(metadata.ownerId) || readNonEmptyString(topic.createdBy) || "system",
106
- sharedWith: readStringArray(metadata.sharedWith),
107
- visibility,
108
- tenantId: readNonEmptyString(topic.tenantId) || readNonEmptyString(metadata.tenantId),
109
- workspaceId: readNonEmptyString(topic.workspaceId) || readNonEmptyString(metadata.workspaceId),
110
- status,
111
- tags: readStringArray(metadata.tags),
112
- chatCount: typeof metadata.chatCount === "number" ? metadata.chatCount : 0,
113
- artifactCount: typeof metadata.artifactCount === "number" ? metadata.artifactCount : 0,
114
- lastActivityAt: typeof metadata.lastActivityAt === "number" ? metadata.lastActivityAt : updatedAt,
115
- _creationTime: typeof topic._creationTime === "number" ? topic._creationTime : createdAt,
116
- createdAt,
117
- updatedAt
118
- };
119
- }
120
- async function resolveTopicProjectOverlay(ctx, scopeId, options = {}) {
121
- const topic = await resolveTopicDoc(ctx, scopeId);
122
- if (!topic) {
123
- return null;
124
- }
125
- if (options.projectLikeOnly !== false && !isProjectLikeTopic(topic)) {
126
- return null;
127
- }
128
- return materializeTopicProjectOverlay(topic, options.idMode);
129
- }
130
- async function listTopicProjectOverlays(ctx, options = {}) {
131
- let allTopics = [];
132
- if (ctx?.db?.query && typeof ctx.db.query === "function") {
133
- try {
134
- allTopics = await ctx.db.query("topics").collect();
135
- } catch {
136
- allTopics = [];
137
- }
138
- }
139
- if (allTopics.length === 0 && typeof ctx.runQuery === "function") {
140
- allTopics = (await ctx.runQuery(api.topics.list, {}) ?? []) || [];
141
- }
142
- return allTopics.filter(
143
- (topic) => options.projectLikeOnly === false || isProjectLikeTopic(topic)
144
- ).map((topic) => materializeTopicProjectOverlay(topic, options.idMode));
145
- }
146
-
147
- // ../access-control/src/projectGrantsBridge.ts
148
- var PROJECT_GRANT_STATUSES = ["active", "revoked", "expired"];
149
- function normalizeString(value) {
150
- if (typeof value !== "string") {
151
- return;
152
- }
153
- const trimmed = value.trim();
154
- return trimmed.length > 0 ? trimmed : void 0;
155
- }
156
- async function resolveGrantScopeIds(ctx, args) {
157
- const topicId = normalizeString(args.topicId);
158
- const projectId = normalizeString(args.projectId);
159
- for (const scopeId of [topicId, projectId]) {
160
- if (!scopeId) {
161
- continue;
162
- }
163
- try {
164
- const overlay = await resolveTopicProjectOverlay(ctx, scopeId, {
165
- idMode: "legacy",
166
- projectLikeOnly: false
167
- });
168
- if (overlay) {
169
- return {
170
- topicId: normalizeString(overlay.topicId) ?? topicId,
171
- projectId: normalizeString(overlay.projectId) ?? projectId ?? scopeId
172
- };
173
- }
174
- } catch {
175
- }
176
- }
177
- return { topicId, projectId };
178
- }
179
- async function normalizeProjectGrantRow(ctx, row) {
180
- const scope = await resolveGrantScopeIds(ctx, {
181
- topicId: row.topicId,
182
- projectId: row.projectId
183
- });
184
- return {
185
- ...row,
186
- ...scope.topicId ? { topicId: scope.topicId } : {},
187
- ...scope.projectId ?? scope.topicId ? { projectId: scope.projectId ?? scope.topicId } : {}
188
- };
189
- }
190
- async function normalizeProjectGrantRows(ctx, rows) {
191
- return await Promise.all(rows.map((row) => normalizeProjectGrantRow(ctx, row)));
192
- }
193
- async function listProjectGrantsByPrincipal(ctx, principalId) {
194
- const rows = await Promise.all(
195
- PROJECT_GRANT_STATUSES.map(
196
- (status) => ctx.db.query("projectGrants").withIndex(
197
- "by_principal_status",
198
- (q) => q.eq("principalId", principalId).eq("status", status)
199
- ).collect()
200
- )
201
- );
202
- return await normalizeProjectGrantRows(ctx, rows.flat());
203
- }
204
- async function listProjectGrantsByGroup(ctx, groupId) {
205
- const rows = await Promise.all(
206
- PROJECT_GRANT_STATUSES.map(
207
- (status) => ctx.db.query("projectGrants").withIndex(
208
- "by_group_status",
209
- (q) => q.eq("groupId", groupId).eq("status", status)
210
- ).collect()
211
- )
212
- );
213
- return await normalizeProjectGrantRows(ctx, rows.flat());
214
- }
215
- function buildScopeMatchers(inputScopeId, resolved) {
216
- return new Set(
217
- [inputScopeId, resolved.topicId, resolved.projectId].map((value) => normalizeString(value)).filter((value) => Boolean(value))
218
- );
219
- }
220
- function matchesResolvedScope(row, scopeIds) {
221
- const rowTopicId = normalizeString(row.topicId);
222
- const rowProjectId = normalizeString(row.projectId);
223
- return rowTopicId !== void 0 && scopeIds.has(rowTopicId) || rowProjectId !== void 0 && scopeIds.has(rowProjectId);
224
- }
225
- async function bridgeListProjectGrantsByTopicAndPrincipal(ctx, topicId, principalId) {
226
- const resolved = await resolveGrantScopeIds(ctx, { topicId });
227
- const scopeIds = buildScopeMatchers(topicId, resolved);
228
- const rows = await listProjectGrantsByPrincipal(ctx, principalId);
229
- return rows.filter((row) => matchesResolvedScope(row, scopeIds));
230
- }
231
- async function bridgeListProjectGrantsByTopicAndGroup(ctx, topicId, groupId) {
232
- const resolved = await resolveGrantScopeIds(ctx, { topicId });
233
- const scopeIds = buildScopeMatchers(topicId, resolved);
234
- const rows = await listProjectGrantsByGroup(ctx, groupId);
235
- return rows.filter((row) => matchesResolvedScope(row, scopeIds));
236
- }
237
- async function bridgeListProjectGrantsByPrincipalStatus(ctx, principalId, status) {
238
- const rows = await listProjectGrantsByPrincipal(ctx, principalId);
239
- return rows.filter((row) => row.status === status);
240
- }
241
- async function bridgeListProjectGrantsByGroupStatus(ctx, groupId, status) {
242
- const rows = await listProjectGrantsByGroup(ctx, groupId);
243
- return rows.filter((row) => row.status === status);
244
- }
245
- async function bridgeInsertProjectGrant(ctx, value) {
246
- const resolved = await resolveGrantScopeIds(ctx, value);
247
- return await ctx.db.insert("projectGrants", {
248
- ...value,
249
- ...resolved.topicId ? { topicId: resolved.topicId } : {},
250
- ...resolved.projectId ?? resolved.topicId ? { projectId: resolved.projectId ?? resolved.topicId } : {}
251
- });
252
- }
253
-
254
- // ../access-control/src/resolvers.ts
255
- async function findUserByClerkId(ctx, clerkId) {
256
- const normalizedClerkId = clerkId.trim();
257
- if (!normalizedClerkId) {
258
- return null;
259
- }
260
- if (typeof ctx.runQuery === "function") {
261
- try {
262
- const bridgedUser = await ctx.runQuery(api.users.getUserByClerkId, {
263
- clerkId: normalizedClerkId
264
- });
265
- if (bridgedUser) {
266
- return bridgedUser;
267
- }
268
- } catch {
269
- }
270
- }
271
- try {
272
- const users = await ctx.db.query("users").collect();
273
- return users.find((user) => String(user.clerkId ?? "") === normalizedClerkId) ?? null;
274
- } catch {
275
- return null;
276
- }
277
- }
278
- async function findUserByPrincipalId(ctx, principalId) {
279
- const normalizedPrincipalId = principalId.trim();
280
- if (!normalizedPrincipalId) {
281
- return null;
282
- }
283
- try {
284
- const users = await ctx.db.query("users").collect();
285
- return users.find(
286
- (user) => String(user.defaultPrincipalId ?? "") === normalizedPrincipalId
287
- ) ?? null;
288
- } catch {
289
- return null;
290
- }
291
- }
292
- async function findAgentByPrincipalId(ctx, principalId) {
293
- const normalizedPrincipalId = principalId.trim();
294
- if (!normalizedPrincipalId) {
295
- return null;
296
- }
297
- if (typeof ctx.runQuery === "function") {
298
- try {
299
- const bridgedAgent = await ctx.runQuery(
300
- api.agents.getAgentByPrincipalId,
301
- {
302
- principalId: normalizedPrincipalId
303
- }
304
- );
305
- if (bridgedAgent) {
306
- return bridgedAgent;
307
- }
308
- } catch {
309
- }
310
- }
311
- try {
312
- const agents = await ctx.db.query("agents").collect();
313
- return agents.find(
314
- (agent) => String(agent.principalId ?? "") === normalizedPrincipalId
315
- ) ?? null;
316
- } catch {
317
- return null;
318
- }
319
- }
320
- function defaultResolvers() {
321
- return {
322
- async getProject(ctx, topicId) {
323
- return await resolveTopicProjectOverlay(ctx, topicId, {
324
- idMode: "legacy",
325
- projectLikeOnly: false
326
- });
327
- },
328
- async listTopics(ctx) {
329
- return await listTopicProjectOverlays(ctx, { idMode: "legacy" });
330
- },
331
- async listTopicsByOwner(ctx, ownerId) {
332
- const topics = await listTopicProjectOverlays(ctx, { idMode: "legacy" });
333
- return topics.filter((topic) => topic.ownerId === ownerId);
334
- },
335
- async listTopicsByVisibility(ctx, visibility) {
336
- const topics = await listTopicProjectOverlays(ctx, { idMode: "legacy" });
337
- return topics.filter((topic) => topic.visibility === visibility);
338
- },
339
- async listProjectGrantsByProjectAndPrincipal(ctx, topicId, principalId) {
340
- return await bridgeListProjectGrantsByTopicAndPrincipal(
341
- ctx,
342
- topicId,
343
- principalId
344
- );
345
- },
346
- async listProjectGrantsByProjectAndGroup(ctx, topicId, groupId) {
347
- return await bridgeListProjectGrantsByTopicAndGroup(ctx, topicId, groupId);
348
- },
349
- async listProjectGrantsByPrincipalStatus(ctx, principalId, status) {
350
- return await bridgeListProjectGrantsByPrincipalStatus(
351
- ctx,
352
- principalId,
353
- status
354
- );
355
- },
356
- async listProjectGrantsByGroupStatus(ctx, groupId, status) {
357
- return await bridgeListProjectGrantsByGroupStatus(ctx, groupId, status);
358
- },
359
- async insertProjectGrant(ctx, value) {
360
- return await bridgeInsertProjectGrant(ctx, value);
361
- },
362
- async getAgentByPrincipalId(ctx, principalId) {
363
- return await findAgentByPrincipalId(ctx, principalId);
364
- },
365
- async getUserByClerkId(ctx, clerkId) {
366
- return await findUserByClerkId(ctx, clerkId);
367
- },
368
- async getUserByPrincipalId(ctx, principalId) {
369
- return await findUserByPrincipalId(ctx, principalId);
370
- }
371
- };
372
- }
373
- var resolverOverrides = {};
374
- function resolveAccessControlAppResolvers(_ctx) {
375
- return {
376
- ...defaultResolvers(),
377
- ...resolverOverrides
378
- };
379
- }
380
-
381
- // ../access-control/src/principalContext.ts
382
- function requireCanonicalResolvedUser(user, clerkId) {
383
- const resolved = user;
384
- if (!resolved) {
385
- throw new Error(
386
- `[AccessControl] Canonical user identity required for ${clerkId}. Sync users.upsertUser before user-bound access checks.`
387
- );
388
- }
389
- const { mcRole, defaultTenantId, defaultWorkspaceId, defaultPrincipalId } = resolved;
390
- if (mcRole !== "platform_admin" && mcRole !== "tenant_admin" && mcRole !== "workspace_admin" && mcRole !== "editor" && mcRole !== "viewer" && mcRole !== "auditor" && mcRole !== "service_agent") {
391
- throw new Error(
392
- `[AccessControl] Canonical MC role required for ${clerkId}. Re-sync Master Control identity before user-bound access checks.`
393
- );
394
- }
395
- if (typeof defaultTenantId !== "string" || defaultTenantId.trim().length === 0) {
396
- throw new Error(
397
- `[AccessControl] Canonical home tenant required for ${clerkId}. Re-sync Master Control identity before user-bound access checks.`
398
- );
399
- }
400
- if (typeof defaultWorkspaceId !== "string" || defaultWorkspaceId.trim().length === 0) {
401
- throw new Error(
402
- `[AccessControl] Canonical home workspace required for ${clerkId}. Re-sync Master Control identity before user-bound access checks.`
403
- );
404
- }
405
- if (typeof defaultPrincipalId !== "string" || defaultPrincipalId.trim().length === 0) {
406
- throw new Error(
407
- `[AccessControl] Canonical federated principal required for ${clerkId}. Re-sync Master Control identity before user-bound access checks.`
408
- );
409
- }
410
- return {
411
- mcRole,
412
- defaultTenantId: defaultTenantId.trim(),
413
- defaultWorkspaceId: defaultWorkspaceId.trim(),
414
- defaultPrincipalId: defaultPrincipalId.trim()
415
- };
416
- }
417
- function isPrincipalIdInput(value) {
418
- return value.startsWith("user:") || value.startsWith("group:") || value.startsWith("service:") || value.startsWith("agent:") || value.startsWith("external_viewer:");
419
- }
420
- async function resolveCanonicalUserRecord(ctx, actorId) {
421
- const normalizedActorId = actorId.trim();
422
- const clerkId = isPrincipalIdInput(normalizedActorId) && normalizedActorId.startsWith("user:") ? normalizedActorId.slice("user:".length) : normalizedActorId;
423
- const resolvers = resolveAccessControlAppResolvers();
424
- const resolvedByClerkId = await resolvers.getUserByClerkId(ctx, clerkId);
425
- if (resolvedByClerkId) {
426
- return {
427
- resolvedUser: resolvedByClerkId,
428
- clerkId,
429
- contextClerkId: clerkId
430
- };
431
- }
432
- const resolvedByPrincipalId = await resolvers.getUserByPrincipalId(
433
- ctx,
434
- normalizedActorId
435
- );
436
- return {
437
- resolvedUser: resolvedByPrincipalId ?? null,
438
- clerkId,
439
- contextClerkId: normalizedActorId.startsWith("user:") && clerkId.length > 0 ? clerkId : normalizedActorId
440
- };
441
- }
442
- function uniqRoles(roles) {
443
- const roleSet = /* @__PURE__ */ new Set();
444
- for (const role of roles) {
445
- if (role === "platform_admin" || role === "tenant_admin" || role === "workspace_admin" || role === "editor" || role === "viewer" || role === "auditor" || role === "service_agent") {
446
- roleSet.add(role);
447
- }
448
- }
449
- return [...roleSet];
450
- }
451
- function normalizeGroupIds(value) {
452
- if (!Array.isArray(value)) {
453
- return [];
454
- }
455
- return [...new Set(
456
- value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
457
- )];
458
- }
459
- function requireServiceAgentUser(user, actorId) {
460
- const canonicalUser = requireCanonicalResolvedUser(user, actorId);
461
- if (canonicalUser.mcRole !== "service_agent") {
462
- throw new Error(
463
- `[AccessControl] Canonical service_agent identity required for ${actorId}. Sync users.upsertUser before agent-bound access checks.`
464
- );
465
- }
466
- return canonicalUser;
467
- }
468
- function requireCanonicalResolvedAgent(agent, actorId) {
469
- const resolved = agent;
470
- if (!resolved) {
471
- throw new Error(
472
- `[AccessControl] Agent "${actorId}" not found in agents or users table.`
473
- );
474
- }
475
- if (typeof resolved.principalId !== "string" || resolved.principalId.trim().length === 0) {
476
- throw new Error(
477
- `[AccessControl] Canonical agent principalId required for ${actorId}.`
478
- );
479
- }
480
- if (typeof resolved.tenantId !== "string" || resolved.tenantId.trim().length === 0) {
481
- throw new Error(
482
- `[AccessControl] Canonical home tenant required for ${actorId}.`
483
- );
484
- }
485
- if (typeof resolved.workspaceId !== "string" || resolved.workspaceId.trim().length === 0) {
486
- throw new Error(
487
- `[AccessControl] Canonical home workspace required for ${actorId}.`
488
- );
489
- }
490
- return {
491
- principalId: resolved.principalId.trim(),
492
- tenantId: resolved.tenantId.trim(),
493
- workspaceId: resolved.workspaceId.trim(),
494
- roles: uniqRoles(Array.isArray(resolved.roles) ? resolved.roles : []) ?? ["service_agent"],
495
- groupIds: normalizeGroupIds(resolved.groupIds)
496
- };
497
- }
498
- async function resolvePrincipalContext(ctx, actorId) {
499
- if (actorId.startsWith("agent:")) {
500
- const resolvers = resolveAccessControlAppResolvers();
501
- const resolvedAgent = await resolvers.getAgentByPrincipalId(ctx, actorId);
502
- if (resolvedAgent) {
503
- const agent = requireCanonicalResolvedAgent(
504
- resolvedAgent,
505
- actorId
506
- );
507
- return {
508
- principalId: agent.principalId,
509
- principalType: "service",
510
- clerkId: actorId,
511
- tenantId: agent.tenantId,
512
- workspaceId: agent.workspaceId,
513
- roles: agent.roles.length > 0 ? agent.roles : ["service_agent"],
514
- groupIds: agent.groupIds,
515
- isPlatformAdmin: false,
516
- isTenantAdmin: false,
517
- isWorkspaceAdmin: false,
518
- isSystemFallback: false
519
- };
520
- }
521
- const resolvedUser2 = await resolvers.getUserByClerkId(
522
- ctx,
523
- actorId
524
- );
525
- if (!resolvedUser2) {
526
- throw new Error(
527
- `[AccessControl] Agent "${actorId}" not found in agents or users table.`
528
- );
529
- }
530
- const user2 = requireServiceAgentUser(
531
- resolvedUser2,
532
- actorId
533
- );
534
- console.warn(
535
- `[AccessControl] Deprecated legacy service-agent fallback for ${actorId}; migrate this principal into identity.agents.`
536
- );
537
- return {
538
- principalId: user2.defaultPrincipalId,
539
- principalType: "service",
540
- clerkId: actorId,
541
- tenantId: user2.defaultTenantId,
542
- workspaceId: user2.defaultWorkspaceId,
543
- roles: ["service_agent"],
544
- groupIds: normalizeGroupIds(resolvedUser2?.principalGroupIds),
545
- isPlatformAdmin: false,
546
- isTenantAdmin: false,
547
- isWorkspaceAdmin: false,
548
- isSystemFallback: false
549
- };
550
- }
551
- const {
552
- resolvedUser,
553
- contextClerkId
554
- } = await resolveCanonicalUserRecord(ctx, actorId);
555
- const user = requireCanonicalResolvedUser(
556
- resolvedUser,
557
- contextClerkId
558
- );
559
- if (!user.defaultPrincipalId) {
560
- throw new Error(
561
- `[AccessControl] Canonical federated principal required for ${contextClerkId}. Re-sync Master Control identity before user-bound access checks.`
562
- );
563
- }
564
- if (user.mcRole === "service_agent") {
565
- return {
566
- principalId: user.defaultPrincipalId,
567
- principalType: "service",
568
- clerkId: contextClerkId,
569
- tenantId: user.defaultTenantId,
570
- workspaceId: user.defaultWorkspaceId,
571
- roles: ["service_agent"],
572
- groupIds: normalizeGroupIds(resolvedUser?.principalGroupIds),
573
- isPlatformAdmin: false,
574
- isTenantAdmin: false,
575
- isWorkspaceAdmin: false,
576
- isSystemFallback: false
577
- };
578
- }
579
- const principalId = user.defaultPrincipalId;
580
- const effectiveRole = user.mcRole;
581
- const roles = effectiveRole === "platform_admin" ? ["platform_admin", "tenant_admin"] : effectiveRole === "tenant_admin" ? ["tenant_admin"] : [effectiveRole];
582
- const tenantId = user.defaultTenantId;
583
- const workspaceId = user.defaultWorkspaceId;
584
- const isPlatformAdmin = effectiveRole === "platform_admin";
585
- return {
586
- principalId,
587
- principalType: "user",
588
- clerkId: contextClerkId,
589
- tenantId,
590
- workspaceId,
591
- roles: uniqRoles(roles),
592
- groupIds: normalizeGroupIds(resolvedUser?.principalGroupIds),
593
- isPlatformAdmin,
594
- isTenantAdmin: isPlatformAdmin || effectiveRole === "tenant_admin",
595
- isWorkspaceAdmin: isPlatformAdmin || effectiveRole === "tenant_admin" || effectiveRole === "workspace_admin",
596
- isSystemFallback: false
597
- };
598
- }
599
-
600
- // ../access-control/src/access.ts
601
- function isTopicInPrincipalTenant(topic, principalTenantId) {
602
- if (!topic.tenantId) {
603
- return false;
604
- }
605
- if (!principalTenantId) {
606
- return false;
607
- }
608
- return String(topic.tenantId) === String(principalTenantId);
609
- }
610
- function isTopicInPrincipalWorkspace(topic, principalWorkspaceId) {
611
- if (!topic.workspaceId) {
612
- return false;
613
- }
614
- if (!principalWorkspaceId) {
615
- return false;
616
- }
617
- return String(topic.workspaceId) === String(principalWorkspaceId);
618
- }
619
- function isLegacyUnscopedTopic(topic) {
620
- return !topic.tenantId || !topic.workspaceId;
621
- }
622
- function isGrantScopeAlignedToTopic(topic, grant) {
623
- if (topic.tenantId && grant.tenantId && String(topic.tenantId) !== String(grant.tenantId)) {
624
- return false;
625
- }
626
- if (topic.workspaceId && grant.workspaceId && String(topic.workspaceId) !== String(grant.workspaceId)) {
627
- return false;
628
- }
629
- return true;
630
- }
631
- function isGrantSourceAllowedForVisibility(visibility, source) {
632
- if (source !== "external_share") {
633
- return true;
634
- }
635
- return visibility === "external" || visibility === "public";
636
- }
637
- function isGrantActive(grant) {
638
- if (grant.status !== "active") {
639
- return false;
640
- }
641
- if (grant.expiresAt !== void 0 && grant.expiresAt <= Date.now()) {
642
- return false;
643
- }
644
- return true;
645
- }
646
- async function hasPrincipalGrant(ctx, args) {
647
- const grants = await resolveAccessControlAppResolvers().listProjectGrantsByProjectAndPrincipal(
648
- ctx,
649
- args.topic._id,
650
- args.principalId
651
- );
652
- if (grants.some(
653
- (grant) => isGrantActive(grant) && isGrantScopeAlignedToTopic(args.topic, grant) && isGrantSourceAllowedForVisibility(
654
- args.topic.visibility,
655
- grant.source
656
- ) && (!args.principalIsExternal || args.topic.visibility === "public" || grant.source === "external_share")
657
- )) {
658
- return true;
659
- }
660
- return false;
661
- }
662
- async function hasGroupGrant(ctx, args) {
663
- if (args.groupIds.length === 0) {
664
- return false;
665
- }
666
- for (const groupId of args.groupIds) {
667
- const grants = await resolveAccessControlAppResolvers().listProjectGrantsByProjectAndGroup(ctx, args.topic._id, groupId);
668
- if (grants.some(
669
- (grant) => isGrantActive(grant) && isGrantScopeAlignedToTopic(args.topic, grant) && isGrantSourceAllowedForVisibility(
670
- args.topic.visibility,
671
- grant.source
672
- )
673
- )) {
674
- return true;
675
- }
676
- }
677
- return false;
678
- }
679
- function isExternalPrincipal(_ctx, _args) {
680
- return false;
681
- }
682
- async function evaluateTopicAccessDetailed(ctx, args) {
683
- if (args.legacyUserId) {
684
- return {
685
- hasAccess: true,
686
- isAdmin: false,
687
- isOwner: false,
688
- isShared: false,
689
- hasGrant: true,
690
- isFirmVisible: true,
691
- isExternalVisible: false,
692
- isPublicVisible: false,
693
- isTenantScopeMatch: true,
694
- isWorkspaceScopeMatch: true,
695
- isPrincipalExternal: false
696
- };
697
- }
698
- const topic = await resolveAccessControlAppResolvers().getProject(
699
- ctx,
700
- args.topicId
701
- );
702
- if (!topic) {
703
- return {
704
- hasAccess: false,
705
- isAdmin: false,
706
- isOwner: false,
707
- isShared: false,
708
- hasGrant: false,
709
- isFirmVisible: false,
710
- isExternalVisible: false,
711
- isPublicVisible: false,
712
- isTenantScopeMatch: false,
713
- isWorkspaceScopeMatch: false,
714
- isPrincipalExternal: false
715
- };
716
- }
717
- const { principalContext, legacyUserId } = args;
718
- const userIsAdmin = principalContext.isPlatformAdmin;
719
- const isOwner = topic.ownerId === legacyUserId;
720
- const isShared = (topic.sharedWith ?? []).includes(legacyUserId);
721
- const principalIsExternal = await isExternalPrincipal(ctx, {
722
- groupIds: principalContext.groupIds,
723
- topicTenantId: topic.tenantId,
724
- topicWorkspaceId: topic.workspaceId
725
- });
726
- const hasPrincipalGrantResult = await hasPrincipalGrant(ctx, {
727
- topic,
728
- principalId: principalContext.principalId,
729
- principalIsExternal
730
- });
731
- const hasGroupGrantResult = await hasGroupGrant(ctx, {
732
- topic,
733
- groupIds: principalContext.groupIds
734
- });
735
- const hasGrant = isShared || hasPrincipalGrantResult || hasGroupGrantResult;
736
- const legacyUnscoped = isLegacyUnscopedTopic(topic);
737
- const tenantScopeMatch = isTopicInPrincipalTenant(
738
- topic,
739
- principalContext.tenantId
740
- );
741
- const workspaceScopeMatch = isTopicInPrincipalWorkspace(
742
- topic,
743
- principalContext.workspaceId
744
- );
745
- const isPublicVisible = topic.visibility === "public";
746
- const isFirmVisible = topic.visibility === "firm" && !legacyUnscoped && tenantScopeMatch && workspaceScopeMatch && !principalIsExternal;
747
- const hasScopedGrant = hasGrant && (legacyUnscoped || tenantScopeMatch && workspaceScopeMatch);
748
- const isExternalVisible = topic.visibility === "external" && hasScopedGrant;
749
- const hasAccess = userIsAdmin || isOwner || hasScopedGrant || isPublicVisible || isFirmVisible;
750
- return {
751
- hasAccess,
752
- isAdmin: userIsAdmin,
753
- isOwner,
754
- isShared,
755
- hasGrant,
756
- isFirmVisible,
757
- isExternalVisible,
758
- isPublicVisible,
759
- isTenantScopeMatch: tenantScopeMatch,
760
- isWorkspaceScopeMatch: workspaceScopeMatch,
761
- isPrincipalExternal: principalIsExternal
762
- };
763
- }
764
- async function checkTopicAccessDetailed(ctx, topicId, userId) {
765
- const principalContext = await resolvePrincipalContext(ctx, userId);
766
- return evaluateTopicAccessDetailed(ctx, {
767
- topicId,
768
- legacyUserId: userId,
769
- principalContext
770
- });
771
- }
772
- async function checkTopicAccess(ctx, topicId, userId) {
773
- const result = await checkTopicAccessDetailed(ctx, topicId, userId);
774
- return result.hasAccess;
775
- }
776
- async function checkScopeAccess(ctx, scopeId, userId) {
777
- try {
778
- const topic = await ctx.db.get(scopeId);
779
- if (topic && topic.name !== void 0 && topic.type !== void 0) {
780
- return true;
781
- }
782
- } catch {
783
- }
784
- try {
785
- return await checkTopicAccess(ctx, scopeId, userId);
786
- } catch {
787
- return false;
788
- }
789
- }
790
- async function requireTopicAccess(ctx, topicId, userId) {
791
- const hasAccess = await checkTopicAccess(ctx, topicId, userId);
792
- if (!hasAccess) {
793
- throw new Error(
794
- "Access denied: You don't have permission to access this topic"
795
- );
796
- }
797
- }
798
- var requireProjectAccess = requireTopicAccess;
799
- var permissiveReturn = v.optional(v.any());
800
- var looseJsonObject = v.record(v.string(), v.any());
801
- var looseJsonArray = v.array(v.any());
802
- v.union(
803
- v.string(),
804
- v.number(),
805
- v.boolean(),
806
- v.null(),
807
- looseJsonObject,
808
- looseJsonArray
809
- );
810
- var api2 = anyApi;
811
- componentsGeneric();
812
10
  var internal = anyApi;
813
11
  var mutation = mutationGeneric;
814
12
  var query = queryGeneric;
@@ -845,17 +43,17 @@ function generateGlobalId() {
845
43
  );
846
44
  return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20)}`;
847
45
  }
848
- var LEGACY_SCOPE_FIELD2 = "graphScopeProjectId";
46
+ var LEGACY_SCOPE_FIELD = "graphScopeProjectId";
849
47
  function asMappedProjectId(topic) {
850
48
  if (!topic) {
851
49
  return;
852
50
  }
853
- const directLegacyProjectId = normalizeScopeValue(topic[LEGACY_SCOPE_FIELD2]);
51
+ const directLegacyProjectId = normalizeScopeValue(topic[LEGACY_SCOPE_FIELD]);
854
52
  if (directLegacyProjectId) {
855
53
  return directLegacyProjectId;
856
54
  }
857
55
  const metadata = topic.metadata || {};
858
- const candidate = metadata[LEGACY_SCOPE_FIELD2] || metadata.legacyProjectId || metadata.projectId || metadata.scopeProjectId;
56
+ const candidate = metadata[LEGACY_SCOPE_FIELD] || metadata.legacyProjectId || metadata.projectId || metadata.scopeProjectId;
859
57
  return candidate ? candidate : void 0;
860
58
  }
861
59
  function normalizeScopeValue(value) {
@@ -884,7 +82,7 @@ async function findTopicsByScopeAlias(ctx, scopeId) {
884
82
  try {
885
83
  return await ctx.db.query("topics").withIndex(
886
84
  "by_graph_scope_project",
887
- (q) => q.eq(LEGACY_SCOPE_FIELD2, scopeId)
85
+ (q) => q.eq(LEGACY_SCOPE_FIELD, scopeId)
888
86
  ).collect();
889
87
  } catch {
890
88
  const topics = await ctx.db.query("topics").collect();
@@ -900,7 +98,7 @@ async function tryResolveHostTopicById(ctx, topicId) {
900
98
  return null;
901
99
  }
902
100
  try {
903
- return await ctx.runQuery(api2.topics.get, {
101
+ return await ctx.runQuery(api.topics.get, {
904
102
  id: topicId
905
103
  }) ?? null;
906
104
  } catch {
@@ -912,7 +110,7 @@ async function tryResolveHostTopicByLegacyScope(ctx, legacyScopeId) {
912
110
  return null;
913
111
  }
914
112
  try {
915
- return await ctx.runQuery(api2.topics.getByLegacyScopeId, {
113
+ return await ctx.runQuery(api.topics.getByLegacyScopeId, {
916
114
  projectId: legacyScopeId
917
115
  }) ?? null;
918
116
  } catch {
@@ -1031,597 +229,6 @@ async function resolveTopicProjectScope(ctx, args) {
1031
229
  projectId: v.optional(v.string()),
1032
230
  topicId: v.optional(v.string())
1033
231
  });
1034
- v.number();
1035
- v.union(
1036
- v.literal("very_high"),
1037
- // 0.9+
1038
- v.literal("high"),
1039
- // 0.7-0.9
1040
- v.literal("medium"),
1041
- // 0.4-0.7
1042
- v.literal("low"),
1043
- // 0.2-0.4
1044
- v.literal("very_low")
1045
- // 0-0.2
1046
- );
1047
- v.union(
1048
- v.literal(1),
1049
- // Critical
1050
- v.literal(2),
1051
- // High
1052
- v.literal(3),
1053
- // Medium
1054
- v.literal(4),
1055
- // Low
1056
- v.literal(5)
1057
- // Backlog
1058
- );
1059
- v.union(
1060
- v.literal("critical"),
1061
- v.literal("high"),
1062
- v.literal("medium"),
1063
- v.literal("low"),
1064
- v.literal("backlog")
1065
- );
1066
- v.union(
1067
- v.literal("active"),
1068
- v.literal("paused"),
1069
- v.literal("completed"),
1070
- v.literal("archived")
1071
- );
1072
- v.union(
1073
- v.literal("pending"),
1074
- v.literal("processing"),
1075
- v.literal("completed"),
1076
- v.literal("failed")
1077
- );
1078
- v.object({
1079
- crunchbaseId: v.optional(v.string()),
1080
- linkedinUrl: v.optional(v.string()),
1081
- pitchbookId: v.optional(v.string()),
1082
- twitterUrl: v.optional(v.string()),
1083
- domain: v.optional(v.string())
1084
- });
1085
- var sourceType = v.union(
1086
- v.literal("proprietary"),
1087
- // Internal Stack research
1088
- v.literal("primary"),
1089
- // Direct interviews, calls
1090
- v.literal("secondary"),
1091
- // Published sources
1092
- v.literal("ai_generated"),
1093
- // AI-synthesized
1094
- v.literal("user_input"),
1095
- // Manual user entry
1096
- v.literal("inferred")
1097
- // System inference
1098
- );
1099
- v.object({
1100
- sourceType: v.optional(sourceType),
1101
- sourceId: v.optional(v.string()),
1102
- // Reference to source entity
1103
- sourceUrl: v.optional(v.string()),
1104
- sourceDate: v.optional(v.number()),
1105
- sourceName: v.optional(v.string())
1106
- });
1107
- v.object({
1108
- cursor: v.optional(v.string()),
1109
- limit: v.optional(v.number())
1110
- });
1111
- v.object({
1112
- hasMore: v.boolean(),
1113
- nextCursor: v.optional(v.string()),
1114
- totalCount: v.optional(v.number())
1115
- });
1116
- var richTextContent = v.object({
1117
- type: v.literal("doc"),
1118
- content: looseJsonArray
1119
- });
1120
- v.union(v.string(), richTextContent);
1121
- v.object({
1122
- promptTokens: v.optional(v.number()),
1123
- completionTokens: v.optional(v.number()),
1124
- totalTokens: v.optional(v.number())
1125
- });
1126
- v.object({
1127
- fileName: v.optional(v.string()),
1128
- fileSize: v.optional(v.number()),
1129
- mimeType: v.optional(v.string()),
1130
- storageId: v.optional(v.id("_storage")),
1131
- externalUrl: v.optional(v.string())
1132
- });
1133
-
1134
- // ../schema-management/src/spine/tables/epistemicNodes.ts
1135
- var nodeType = v.union(
1136
- // --- L4: Audit Targets (decisions, outcomes) ---
1137
- v.literal("decision"),
1138
- // Investment decision with knowledge horizon snapshot
1139
- // --- L3: Traversal Anchors (epistemic structure) ---
1140
- v.literal("belief"),
1141
- // Structured conviction (immutable formulation)
1142
- v.literal("question"),
1143
- // Unit of uncertainty
1144
- v.literal("theme"),
1145
- // Investment thesis / conviction cluster
1146
- v.literal("deal"),
1147
- // Investment evaluation process
1148
- v.literal("topic"),
1149
- // Hierarchical knowledge container
1150
- // --- L2: Compression Boundary (minimum reasoning unit) ---
1151
- v.literal("claim"),
1152
- // Atomic assertion that can be true/false
1153
- v.literal("evidence"),
1154
- // Interpreted signal linked to beliefs
1155
- v.literal("synthesis"),
1156
- // Primers, deep research
1157
- v.literal("answer"),
1158
- // Immutable answer snapshot for a question
1159
- // --- L1: Terminal Leaves (non-traversable, grounding) ---
1160
- v.literal("atomic_fact"),
1161
- // Raw fact from source (not interpreted)
1162
- v.literal("excerpt"),
1163
- // Direct quote from source document
1164
- v.literal("source"),
1165
- // News, documents, transcripts
1166
- // --- Ontological Entities (things in the world) ---
1167
- v.literal("company"),
1168
- // Organization (subtype: private, corporate, portfolio)
1169
- v.literal("person"),
1170
- // Individual (founder, expert, LP, contact)
1171
- v.literal("investor"),
1172
- // Investment entity (subtype: vc, lp, cvc, pe, family_office, angel)
1173
- v.literal("function"),
1174
- // What a company does (from classifier)
1175
- v.literal("value_chain")
1176
- // Market structure / value flow
1177
- );
1178
- var epistemicLayer = v.union(
1179
- v.literal("L4"),
1180
- // Decisions, outcomes - audit targets
1181
- v.literal("L3"),
1182
- // Beliefs, questions, themes - traversal anchors
1183
- v.literal("L2"),
1184
- // Claims, evidence, synthesis - compression boundary
1185
- v.literal("L1"),
1186
- // Atomic facts, excerpts, sources - terminal leaves
1187
- v.literal("ontological"),
1188
- // Companies, people, etc - not epistemic
1189
- v.literal("organizational")
1190
- // Topics, lenses, worktrees — structural containers
1191
- );
1192
- var nodeStatus = v.union(
1193
- v.literal("active"),
1194
- v.literal("superseded"),
1195
- // Replaced by newer version
1196
- v.literal("archived"),
1197
- v.literal("deleted")
1198
- );
1199
- var sourceType2 = v.union(
1200
- v.literal("human"),
1201
- // User created directly
1202
- v.literal("ai_extracted"),
1203
- // LLM extracted from a source
1204
- v.literal("ai_generated"),
1205
- // LLM synthesized/created
1206
- v.literal("imported"),
1207
- // External system import
1208
- v.literal("system"),
1209
- // System-generated (migrations, classifiers)
1210
- v.literal("verified"),
1211
- // Human-verified source
1212
- v.literal("proprietary")
1213
- // Proprietary/internal data
1214
- );
1215
- var verificationStatus = v.union(
1216
- v.literal("unverified"),
1217
- v.literal("human_verified"),
1218
- v.literal("ai_verified"),
1219
- v.literal("contradicted"),
1220
- v.literal("outdated")
1221
- );
1222
- var syncStatus = v.union(
1223
- v.literal("synced"),
1224
- // Node and edges fully synced to Neo4j
1225
- v.literal("pending_edges"),
1226
- // Node created, edges being created
1227
- v.literal("edge_creation_failed")
1228
- // Edge creation failed, needs retry
1229
- );
1230
- var audienceLabel = v.string();
1231
- var sensitivityTier = v.union(
1232
- v.literal("low"),
1233
- v.literal("medium"),
1234
- v.literal("high"),
1235
- v.literal("restricted")
1236
- );
1237
- var exportClass = v.union(
1238
- v.literal("internal_only"),
1239
- v.literal("client_safe"),
1240
- v.literal("public_safe"),
1241
- v.literal("restricted")
1242
- );
1243
- var anonymizationClass = v.union(
1244
- v.literal("none"),
1245
- v.literal("standard"),
1246
- v.literal("strict")
1247
- );
1248
- var epistemicStatus = v.union(
1249
- v.literal("hypothesis"),
1250
- // Initial conjecture, low evidence
1251
- v.literal("emerging"),
1252
- // Building evidence, gaining traction
1253
- v.literal("established"),
1254
- // Well-evidenced, core to thesis
1255
- v.literal("challenged"),
1256
- // Contradicting evidence appeared
1257
- v.literal("assumption"),
1258
- // Taken as given, not actively tested
1259
- v.literal("deprecated")
1260
- // Superseded or abandoned
1261
- );
1262
- var beliefStatus = v.union(
1263
- v.literal("assumption"),
1264
- v.literal("hypothesis"),
1265
- v.literal("belief"),
1266
- v.literal("fact")
1267
- );
1268
- var reversibility = v.union(
1269
- v.literal("irreversible"),
1270
- // One-way door decision
1271
- v.literal("hard_to_reverse"),
1272
- // Significant cost to undo
1273
- v.literal("reversible"),
1274
- // Can change course with moderate effort
1275
- v.literal("trivial")
1276
- // Easy to adjust
1277
- );
1278
- var predictionOutcome = v.union(
1279
- v.literal("pending"),
1280
- v.literal("confirmed"),
1281
- v.literal("disconfirmed"),
1282
- v.literal("partial"),
1283
- v.literal("expired")
1284
- );
1285
- var predictionMeta = v.object({
1286
- isPrediction: v.boolean(),
1287
- registeredAt: v.number(),
1288
- // When prediction was made
1289
- expectedBy: v.optional(v.number()),
1290
- // When we expect resolution
1291
- outcome: v.optional(predictionOutcome),
1292
- outcomeRecordedAt: v.optional(v.number()),
1293
- outcomeEvidenceId: v.optional(v.string()),
1294
- // globalId of confirming evidence
1295
- confidenceAtPrediction: v.optional(v.number()),
1296
- // 0-1
1297
- actualVsPredicted: v.optional(v.string())
1298
- // Notes on how outcome compared
1299
- });
1300
- var methodology = v.union(
1301
- // Primary Research (high value)
1302
- v.literal("primary_research"),
1303
- // Direct investigation
1304
- v.literal("expert_interview"),
1305
- // Expert call/interview
1306
- v.literal("customer_interview"),
1307
- // Customer research
1308
- v.literal("field_observation"),
1309
- // On-site observation
1310
- v.literal("proprietary_data"),
1311
- // Internal data analysis
1312
- // Secondary Research
1313
- v.literal("desk_research"),
1314
- // Public sources
1315
- v.literal("regulatory_filing"),
1316
- // SEC, regulatory docs
1317
- v.literal("news_article"),
1318
- // News/press
1319
- v.literal("academic_paper"),
1320
- // Academic research
1321
- // AI-Assisted
1322
- v.literal("ai_synthesis"),
1323
- // AI-generated synthesis
1324
- v.literal("ai_extraction")
1325
- // AI-extracted from source
1326
- );
1327
- var informationAsymmetry = v.union(
1328
- v.literal("proprietary"),
1329
- // Only we have this
1330
- v.literal("early"),
1331
- // We're early but others will get it
1332
- v.literal("common")
1333
- // Everyone has access
1334
- );
1335
- var temporalNature = v.union(
1336
- v.literal("factual"),
1337
- // Resolved outcome. Grounded in reality.
1338
- v.literal("forecast"),
1339
- // Prediction. Will resolve. Discounted weight.
1340
- v.literal("unknown")
1341
- // Not yet classified.
1342
- );
1343
- var questionType = v.union(
1344
- v.literal("validation"),
1345
- // Does evidence support this belief?
1346
- v.literal("falsification"),
1347
- // What would prove this belief wrong?
1348
- v.literal("assumption_probe"),
1349
- // Is this unstated assumption true?
1350
- v.literal("prediction_test"),
1351
- // Will this predicted outcome occur?
1352
- v.literal("counterfactual"),
1353
- // What would we expect if X were false?
1354
- v.literal("discovery"),
1355
- // What don't we know yet?
1356
- v.literal("clarification"),
1357
- // What does X actually mean?
1358
- v.literal("comparison"),
1359
- // How does X compare to Y?
1360
- v.literal("causal"),
1361
- // What caused X?
1362
- v.literal("mechanism"),
1363
- // How does X work?
1364
- v.literal("general")
1365
- // Unclassified
1366
- );
1367
- var questionPriority = v.union(
1368
- v.literal("critical"),
1369
- // Blocks decision-making
1370
- v.literal("high"),
1371
- // Important for thesis
1372
- v.literal("medium"),
1373
- // Would be nice to know
1374
- v.literal("low")
1375
- // Background/curiosity
1376
- );
1377
- var answerQuality = v.union(
1378
- v.literal("definitive"),
1379
- // Clear, well-supported
1380
- v.literal("strong"),
1381
- // Good evidence, high confidence
1382
- v.literal("moderate"),
1383
- // Some evidence
1384
- v.literal("weak"),
1385
- // Limited evidence
1386
- v.literal("speculative"),
1387
- // Mostly conjecture
1388
- v.literal("unanswered")
1389
- // No answer yet
1390
- );
1391
- var consensusView = v.union(
1392
- v.literal("aligned"),
1393
- // We agree with market consensus
1394
- v.literal("ahead_of"),
1395
- // We see this before consensus does
1396
- v.literal("contrarian"),
1397
- // We actively disagree with consensus
1398
- v.literal("orthogonal"),
1399
- // We're looking at something consensus isn't discussing
1400
- v.literal("unknown")
1401
- // We don't know what consensus thinks
1402
- );
1403
- var themeConviction = v.union(
1404
- v.literal("high"),
1405
- // Strong conviction, actively deploying
1406
- v.literal("medium"),
1407
- // Building conviction
1408
- v.literal("low"),
1409
- // Exploring, not convicted
1410
- v.literal("negative")
1411
- // Actively avoiding
1412
- );
1413
- var decisionType = v.union(
1414
- v.literal("invest"),
1415
- v.literal("pass"),
1416
- v.literal("follow_on"),
1417
- v.literal("exit"),
1418
- v.literal("deep_dive"),
1419
- v.literal("monitor"),
1420
- v.literal("deprioritize"),
1421
- v.literal("thesis_adopt"),
1422
- v.literal("thesis_revise"),
1423
- v.literal("thesis_abandon")
1424
- );
1425
- var decisionOutcome = v.union(
1426
- v.literal("pending"),
1427
- v.literal("successful"),
1428
- v.literal("unsuccessful"),
1429
- v.literal("mixed"),
1430
- v.literal("unknown")
1431
- );
1432
- var externalIds2 = v.object({
1433
- crunchbase: v.optional(v.string()),
1434
- linkedin: v.optional(v.string()),
1435
- pitchbook: v.optional(v.string()),
1436
- twitter: v.optional(v.string()),
1437
- website: v.optional(v.string())
1438
- });
1439
- defineTable({
1440
- // === IDENTITY ===
1441
- globalId: v.string(),
1442
- // UUID - survives migration to Neo4j
1443
- // === TYPE ===
1444
- nodeType,
1445
- // === EPISTEMIC LAYER ===
1446
- epistemicLayer: v.optional(epistemicLayer),
1447
- // === SUBTYPE (for typed entities) ===
1448
- subtype: v.optional(v.string()),
1449
- // company: private|corporate|portfolio, investor: vc|lp|cvc|pe|family_office|angel
1450
- // === CONTENT ===
1451
- canonicalText: v.string(),
1452
- // The core content (belief statement, company name, etc.)
1453
- contentHash: v.string(),
1454
- // SHA256(nodeType + canonicalText) for deduplication
1455
- // Extended content (for sources/syntheses)
1456
- content: v.optional(v.string()),
1457
- // Full text for documents/articles
1458
- contentType: v.optional(v.string()),
1459
- // "markdown", "html", "pdf", "text"
1460
- // === METADATA ===
1461
- title: v.optional(v.string()),
1462
- // Display title
1463
- tags: v.optional(v.array(v.string())),
1464
- domain: v.optional(v.string()),
1465
- // For companies: website domain
1466
- // Type-specific metadata (flexible object - LEGACY)
1467
- // New code should use the typed fields below when available
1468
- metadata: v.optional(looseJsonObject),
1469
- // === POLICY / ENTITLEMENT ===
1470
- tenantId: v.optional(v.string()),
1471
- workspaceId: v.optional(v.string()),
1472
- ownerPrincipalId: v.optional(v.string()),
1473
- audienceLabel: v.optional(audienceLabel),
1474
- policyTags: v.optional(v.array(v.string())),
1475
- sensitivityTier: v.optional(sensitivityTier),
1476
- exportClass: v.optional(exportClass),
1477
- anonymizationClass: v.optional(anonymizationClass),
1478
- // === PUBLICATION (visibility-based, not copy-based) ===
1479
- // Publication expands who can see a workspace-local node — the node stays
1480
- // in its workspace, like a microservice exposing part of its API surface.
1481
- // Rules-based: pack/tenant-level publicationRules auto-evaluate on
1482
- // confidence changes and node creation. No manual click-by-click.
1483
- publicationStatus: v.optional(
1484
- v.union(
1485
- v.literal("unpublished"),
1486
- // Default: workspace-local only
1487
- v.literal("published"),
1488
- // Visible at tenant scope (rules matched)
1489
- v.literal("suppressed")
1490
- // Manually blocked even if rules match
1491
- )
1492
- ),
1493
- publishedAt: v.optional(v.number()),
1494
- // When publication status last changed to published
1495
- publishedBy: v.optional(v.string()),
1496
- // userId or "system:publication_rules" for auto-publish
1497
- // === TYPED METADATA FIELDS ===
1498
- // --- Belief ---
1499
- // Belief type — validated against schemaEnumConfig category "belief_type"
1500
- // Platform core: hypothesis, belief, principle, invariant, assumption,
1501
- // tenet, prior, preference, goal, forecast
1502
- beliefType: v.optional(v.string()),
1503
- beliefStatus: v.optional(beliefStatus),
1504
- epistemicStatus: v.optional(epistemicStatus),
1505
- reversibility: v.optional(reversibility),
1506
- predictionMeta: v.optional(predictionMeta),
1507
- // Consensus tracking (for non-consensus detection)
1508
- consensusView: v.optional(consensusView),
1509
- consensusConfidence: v.optional(v.number()),
1510
- // 0-1: What we think consensus confidence is
1511
- consensusSource: v.optional(v.string()),
1512
- // Where we got the consensus view (twitter, reports, etc.)
1513
- // --- Evidence ---
1514
- methodology: v.optional(methodology),
1515
- informationAsymmetry: v.optional(informationAsymmetry),
1516
- temporalNature: v.optional(temporalNature),
1517
- // --- Question ---
1518
- questionType: v.optional(questionType),
1519
- questionPriority: v.optional(questionPriority),
1520
- answerQuality: v.optional(answerQuality),
1521
- // --- Theme ---
1522
- themeConviction: v.optional(themeConviction),
1523
- // Market timing (for "early on theme" detection)
1524
- marketAwarenessDate: v.optional(v.number()),
1525
- // When this theme became broadly discussed
1526
- marketAwarenessSource: v.optional(v.string()),
1527
- // How we know (first major report, twitter volume spike, etc.)
1528
- earlySignalIds: v.optional(v.array(v.string())),
1529
- // globalIds of evidence we had before market awareness
1530
- // --- Decision ---
1531
- decisionType: v.optional(decisionType),
1532
- decisionOutcome: v.optional(decisionOutcome),
1533
- // === EXTERNAL IDS (for ontological entities) ===
1534
- externalIds: v.optional(externalIds2),
1535
- // === PROVENANCE ===
1536
- sourceType: sourceType2,
1537
- aiProvider: v.optional(v.string()),
1538
- // "claude", "gemini", "gpt-4", etc.
1539
- extractedFromNodeId: v.optional(v.id("epistemicNodes")),
1540
- // Quick reference to source
1541
- // === EXTRACTION CONTEXT ===
1542
- extractionModel: v.optional(v.string()),
1543
- // "claude-sonnet-4-20250514"
1544
- extractionPromptName: v.optional(v.string()),
1545
- // "lucern/extract-evidence"
1546
- extractionPromptVersion: v.optional(v.number()),
1547
- extractionTemperature: v.optional(v.number()),
1548
- extractionLangfuseTraceId: v.optional(v.string()),
1549
- // === GROUNDING VERIFICATION ===
1550
- groundingVerified: v.optional(v.boolean()),
1551
- groundingConfidence: v.optional(v.number()),
1552
- // 0-1 match quality
1553
- groundingMatchedText: v.optional(v.string()),
1554
- // Actual text from source
1555
- groundingStartOffset: v.optional(v.number()),
1556
- groundingEndOffset: v.optional(v.number()),
1557
- groundingRejectionReason: v.optional(v.string()),
1558
- // === CONFIDENCE & VERIFICATION ===
1559
- confidence: v.optional(v.number()),
1560
- // 0-1 projected probability P(x) = b + a*u
1561
- verificationStatus: v.optional(verificationStatus),
1562
- // === SL OPINION (Subjective Logic — Kernel v2) ===
1563
- // Replaces scalar confidence with rich epistemic state.
1564
- // b + d + u = 1. P(x) = b + a*u is stored in `confidence` for backward compat.
1565
- opinion_b: v.optional(v.number()),
1566
- // Belief: evidence FOR (0-1)
1567
- opinion_d: v.optional(v.number()),
1568
- // Disbelief: evidence AGAINST (0-1)
1569
- opinion_u: v.optional(v.number()),
1570
- // Uncertainty: absence of evidence (0-1)
1571
- opinion_a: v.optional(v.number()),
1572
- // Base rate / prior probability (0-1)
1573
- tupleContradicted: v.optional(v.boolean()),
1574
- // Single-belief tuple-space contradiction flag
1575
- // === LIFECYCLE ===
1576
- status: nodeStatus,
1577
- supersededBy: v.optional(v.id("epistemicNodes")),
1578
- // === OWNERSHIP ===
1579
- topicId: v.optional(v.string()),
1580
- // Canonical scope container (topic-first model)
1581
- projectId: v.optional(v.string()),
1582
- // DEPRECATED: Use belongs_to edges
1583
- createdBy: v.string(),
1584
- // Clerk user ID
1585
- createdAt: v.number(),
1586
- updatedAt: v.number(),
1587
- // === NEO4J SYNC STATUS ===
1588
- syncStatus: v.optional(syncStatus),
1589
- syncError: v.optional(v.string())
1590
- // Error message if sync failed
1591
- }).index("by_globalId", ["globalId"]).index("by_contentHash", ["contentHash"]).index("by_nodeType", ["nodeType"]).index("by_subtype", ["nodeType", "subtype"]).index("by_domain", ["domain"]).index("by_project", ["projectId"]).index("by_project_type", ["projectId", "nodeType"]).index("by_topic", ["topicId"]).index("by_topic_type", ["topicId", "nodeType"]).index("by_tenantId", ["tenantId"]).index("by_workspaceId", ["workspaceId"]).index("by_tenant_workspace", ["tenantId", "workspaceId"]).index("by_audienceLabel", ["audienceLabel"]).index("by_sensitivityTier", ["sensitivityTier"]).index("by_exportClass", ["exportClass"]).index("by_status", ["status"]).index("by_sourceType", ["sourceType"]).index("by_verification", ["verificationStatus"]).index("by_layer", ["epistemicLayer"]).index("by_layer_type", ["epistemicLayer", "nodeType"]).index("by_syncStatus", ["syncStatus"]).index("by_publicationStatus", ["publicationStatus"]).index("by_tenant_publicationStatus", ["tenantId", "publicationStatus"]).index("by_belief_status", ["nodeType", "beliefStatus"]).index("by_epistemic_status", ["nodeType", "epistemicStatus"]).index("by_temporal_nature", ["nodeType", "temporalNature"]).index("by_methodology", ["nodeType", "methodology"]).index("by_reversibility", ["nodeType", "reversibility"]).index("by_questionType", ["nodeType", "questionType"]).index("by_questionPriority", ["nodeType", "questionPriority"]).searchIndex("search_canonicalText", {
1592
- searchField: "canonicalText",
1593
- filterFields: ["nodeType", "projectId", "topicId", "status"]
1594
- });
1595
- function getLayerForNodeType(type) {
1596
- switch (type) {
1597
- case "decision":
1598
- return "L4";
1599
- case "belief":
1600
- case "question":
1601
- case "theme":
1602
- case "deal":
1603
- return "L3";
1604
- case "claim":
1605
- case "evidence":
1606
- case "synthesis":
1607
- case "answer":
1608
- return "L2";
1609
- case "atomic_fact":
1610
- case "excerpt":
1611
- case "source":
1612
- return "L1";
1613
- case "topic":
1614
- return "organizational";
1615
- case "company":
1616
- case "person":
1617
- case "investor":
1618
- case "function":
1619
- case "value_chain":
1620
- return "ontological";
1621
- }
1622
- }
1623
-
1624
- // src/workspaceIsolation.ts
1625
232
  function normalizeScopeValue2(value) {
1626
233
  if (typeof value !== "string") {
1627
234
  return;
@@ -1639,7 +246,7 @@ function throwWorkspaceIsolationError(args) {
1639
246
  throw error;
1640
247
  }
1641
248
  function assertWorkspaceScopedEpistemicNodeScope(args) {
1642
- const layer = getLayerForNodeType(args.nodeType);
249
+ const layer = isNodeType(args.nodeType) ? getLayerForNodeType(args.nodeType) : void 0;
1643
250
  if (layer === "ontological") {
1644
251
  return;
1645
252
  }
@@ -1670,7 +277,7 @@ function throwStructuredSourceError(args) {
1670
277
  error.details = args.details;
1671
278
  throw error;
1672
279
  }
1673
- function normalizeString2(value) {
280
+ function normalizeString(value) {
1674
281
  if (typeof value !== "string") {
1675
282
  return void 0;
1676
283
  }
@@ -1689,16 +296,16 @@ function normalizeMetadata(metadata) {
1689
296
  return rest;
1690
297
  }
1691
298
  function generateSourceContentHash(identity) {
1692
- const content2 = `source:${identity.trim().toLowerCase()}`;
299
+ const content = `source:${identity.trim().toLowerCase()}`;
1693
300
  let hash = 5381;
1694
- for (let index = 0; index < content2.length; index += 1) {
1695
- hash = (hash << 5) + hash + content2.charCodeAt(index);
301
+ for (let index = 0; index < content.length; index += 1) {
302
+ hash = (hash << 5) + hash + content.charCodeAt(index);
1696
303
  hash &= hash;
1697
304
  }
1698
305
  return Math.abs(hash).toString(16).padStart(8, "0");
1699
306
  }
1700
307
  function normalizeSourceUrl(url) {
1701
- const trimmed = normalizeString2(url);
308
+ const trimmed = normalizeString(url);
1702
309
  if (!trimmed) {
1703
310
  throwStructuredSourceError({
1704
311
  message: "Source URL is required.",
@@ -1741,10 +348,10 @@ async function findSourceByIdentity(ctx, args) {
1741
348
  let shaMatch = null;
1742
349
  for (const node of sourceNodes) {
1743
350
  const metadata = asRecord(node.metadata);
1744
- if (args.normalizedUrl && normalizeString2(metadata.url) === args.normalizedUrl && !urlMatch) {
351
+ if (args.normalizedUrl && normalizeString(metadata.url) === args.normalizedUrl && !urlMatch) {
1745
352
  urlMatch = node;
1746
353
  }
1747
- if (args.sha && normalizeString2(metadata.contentSha) === args.sha && !shaMatch) {
354
+ if (args.sha && normalizeString(metadata.contentSha) === args.sha && !shaMatch) {
1748
355
  shaMatch = node;
1749
356
  }
1750
357
  if (urlMatch && (!args.sha || shaMatch)) {
@@ -1790,10 +397,10 @@ function buildSourceMetadata(args) {
1790
397
  }
1791
398
  function sourceEmbeddingText(args) {
1792
399
  const lines = [
1793
- normalizeString2(args.title),
1794
- normalizeString2(args.url),
400
+ normalizeString(args.title),
401
+ normalizeString(args.url),
1795
402
  args.kind,
1796
- normalizeString2(args.metadata.sourceDescription)
403
+ normalizeString(args.metadata.sourceDescription)
1797
404
  ].filter((value) => Boolean(value));
1798
405
  return lines.join("\n");
1799
406
  }
@@ -1810,8 +417,8 @@ var upsertSource = mutation({
1810
417
  },
1811
418
  returns: permissiveReturn,
1812
419
  handler: async (ctx, args) => {
1813
- const normalizedUrl = normalizeString2(args.url) ? normalizeSourceUrl(args.url) : void 0;
1814
- const sha = normalizeString2(args.sha);
420
+ const normalizedUrl = normalizeString(args.url) ? normalizeSourceUrl(args.url) : void 0;
421
+ const sha = normalizeString(args.sha);
1815
422
  if (!normalizedUrl && !sha) {
1816
423
  throwStructuredSourceError({
1817
424
  message: "Source identity requires a URL or content SHA.",
@@ -1836,7 +443,7 @@ var upsertSource = mutation({
1836
443
  });
1837
444
  }
1838
445
  const existingMetadata = asRecord(existing.metadata);
1839
- const existingSha = normalizeString2(existingMetadata.contentSha);
446
+ const existingSha = normalizeString(existingMetadata.contentSha);
1840
447
  if (sha && existingSha && existingSha !== sha) {
1841
448
  throwStructuredSourceError({
1842
449
  message: "Same URL cannot be reused with a different content hash.",
@@ -1862,7 +469,7 @@ var upsertSource = mutation({
1862
469
  metadata: nextMetadata2,
1863
470
  updatedAt: now
1864
471
  };
1865
- const title2 = normalizeString2(args.title);
472
+ const title2 = normalizeString(args.title);
1866
473
  if (title2) {
1867
474
  patch.title = title2;
1868
475
  patch.canonicalText = title2;
@@ -1891,7 +498,7 @@ var upsertSource = mutation({
1891
498
  });
1892
499
  return await ctx.db.get(existing._id) ?? existing;
1893
500
  }
1894
- if (!normalizeString2(args.topicId)) {
501
+ if (!normalizeString(args.topicId)) {
1895
502
  throwStructuredSourceError({
1896
503
  message: "topicId is required when creating a new source.",
1897
504
  status: 400,
@@ -1912,7 +519,7 @@ var upsertSource = mutation({
1912
519
  await requireProjectAccess(ctx, scope.projectId, args.userId);
1913
520
  }
1914
521
  const globalId = generateGlobalId();
1915
- const title = normalizeString2(args.title);
522
+ const title = normalizeString(args.title);
1916
523
  const nextMetadata = buildSourceMetadata({
1917
524
  normalizedUrl,
1918
525
  sha,
@@ -2011,7 +618,7 @@ var findBySha = query({
2011
618
  },
2012
619
  returns: permissiveReturn,
2013
620
  handler: async (ctx, args) => {
2014
- const sha = normalizeString2(args.sha);
621
+ const sha = normalizeString(args.sha);
2015
622
  if (!sha) {
2016
623
  return null;
2017
624
  }