@lucern/graph-primitives 0.3.0-alpha.0 → 0.3.0-alpha.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/beliefDecay.js +37 -1104
- package/dist/beliefDecay.js.map +1 -1
- package/dist/beliefEvidenceLinks.js +53 -834
- package/dist/beliefEvidenceLinks.js.map +1 -1
- package/dist/confidencePropagationDispatch.d.ts +3 -3
- package/dist/confidencePropagationDispatch.js +30 -308
- package/dist/confidencePropagationDispatch.js.map +1 -1
- package/dist/contradictions.js +5 -797
- package/dist/contradictions.js.map +1 -1
- package/dist/edges/contradicts.js +1 -122
- package/dist/edges/contradicts.js.map +1 -1
- package/dist/edges/dependsOn.js +14 -172
- package/dist/edges/dependsOn.js.map +1 -1
- package/dist/edges/elaborates.js +1 -49
- package/dist/edges/elaborates.js.map +1 -1
- package/dist/edges/index.js +14 -277
- package/dist/edges/index.js.map +1 -1
- package/dist/edges/informs.js +1 -62
- package/dist/edges/informs.js.map +1 -1
- package/dist/edges/propagationTypes.d.ts +2 -2
- package/dist/edges/propagationTypes.js.map +1 -1
- package/dist/edges/refutes.js +1 -62
- package/dist/edges/refutes.js.map +1 -1
- package/dist/edges/supports.js +1 -122
- package/dist/edges/supports.js.map +1 -1
- package/dist/edges/utils.d.ts +6 -6
- package/dist/edges/utils.js +1 -130
- package/dist/edges/utils.js.map +1 -1
- package/dist/entityBridge.js +2 -17
- package/dist/entityBridge.js.map +1 -1
- package/dist/entityLifecycle.js +62 -848
- package/dist/entityLifecycle.js.map +1 -1
- package/dist/epistemicAnswers.js +6 -802
- package/dist/epistemicAnswers.js.map +1 -1
- package/dist/epistemicBeliefs.js +125 -1594
- package/dist/epistemicBeliefs.js.map +1 -1
- package/dist/epistemicContractHelpers.js +1 -318
- package/dist/epistemicContractHelpers.js.map +1 -1
- package/dist/epistemicContracts.js +129 -1874
- package/dist/epistemicContracts.js.map +1 -1
- package/dist/epistemicEdges.js +60 -863
- package/dist/epistemicEdges.js.map +1 -1
- package/dist/epistemicEvidence.js +69 -1041
- package/dist/epistemicEvidence.js.map +1 -1
- package/dist/epistemicLinking.js +2 -785
- package/dist/epistemicLinking.js.map +1 -1
- package/dist/epistemicNodes.js +9 -866
- package/dist/epistemicNodes.js.map +1 -1
- package/dist/epistemicQuestions.js +66 -1071
- package/dist/epistemicQuestions.js.map +1 -1
- package/dist/epistemicSources.js +23 -880
- package/dist/epistemicSources.js.map +1 -1
- package/dist/evaluators/index.js +129 -1874
- package/dist/evaluators/index.js.map +1 -1
- package/dist/index.js +182 -2744
- package/dist/index.js.map +1 -1
- package/dist/ontology-matching.js +1 -344
- package/dist/ontology-matching.js.map +1 -1
- package/dist/ontologyApproval.js +1 -13
- package/dist/ontologyApproval.js.map +1 -1
- package/dist/ontologyDefinitions.js +2 -17
- package/dist/ontologyDefinitions.js.map +1 -1
- package/dist/ontologyRegistry.js +2 -17
- package/dist/ontologyRegistry.js.map +1 -1
- package/dist/projectionReconciliation.js +2 -17
- package/dist/projectionReconciliation.js.map +1 -1
- package/dist/questionEvidenceLinks.js +60 -841
- package/dist/questionEvidenceLinks.js.map +1 -1
- package/dist/text-matching.js +1 -244
- package/dist/text-matching.js.map +1 -1
- package/dist/workflowBridge.d.ts +27 -0
- package/dist/workflowBridge.js +303 -0
- package/dist/workflowBridge.js.map +1 -0
- package/dist/workspaceIsolation.js +2 -52
- package/dist/workspaceIsolation.js.map +1 -1
- package/package.json +6 -5
|
@@ -1,937 +1,14 @@
|
|
|
1
1
|
import { v } from 'convex/values';
|
|
2
|
+
import { requireProjectAccess, checkScopeAccess, checkProjectAccess } from '@lucern/access-control/access';
|
|
3
|
+
import { canAudienceClassAccess, normalizeAudienceKey, classFromAudienceKey } from '@lucern/access-control/audience';
|
|
4
|
+
import { listAudienceRegistryRows } from '@lucern/access-control/audienceRegistry';
|
|
5
|
+
import { permissiveReturn } from '@lucern/contracts/schema-helpers/validators';
|
|
2
6
|
import { componentsGeneric, mutationGeneric, anyApi, queryGeneric, internalQueryGeneric, internalMutationGeneric } from 'convex/server';
|
|
7
|
+
import { isNodeType, getLayerForNodeType } from '@lucern/contracts/schema-helpers/spine/tables/epistemicNodes';
|
|
3
8
|
|
|
4
9
|
// src/epistemicEvidence.ts
|
|
5
10
|
var api = anyApi;
|
|
6
11
|
componentsGeneric();
|
|
7
|
-
|
|
8
|
-
// ../access-control/src/topicProjectOverlay.ts
|
|
9
|
-
var LEGACY_SCOPE_FIELD = "graphScopeProjectId";
|
|
10
|
-
function readNonEmptyString(value) {
|
|
11
|
-
if (typeof value !== "string") {
|
|
12
|
-
return;
|
|
13
|
-
}
|
|
14
|
-
const normalized = value.trim();
|
|
15
|
-
return normalized.length > 0 ? normalized : void 0;
|
|
16
|
-
}
|
|
17
|
-
function readStringArray(value) {
|
|
18
|
-
if (!Array.isArray(value)) {
|
|
19
|
-
return [];
|
|
20
|
-
}
|
|
21
|
-
return value.map((entry) => readNonEmptyString(entry)).filter((entry) => Boolean(entry));
|
|
22
|
-
}
|
|
23
|
-
function readMetadata(topic) {
|
|
24
|
-
return topic.metadata && typeof topic.metadata === "object" ? topic.metadata : {};
|
|
25
|
-
}
|
|
26
|
-
function readLegacyProjectId(value) {
|
|
27
|
-
if (!value) {
|
|
28
|
-
return;
|
|
29
|
-
}
|
|
30
|
-
return readNonEmptyString(value[LEGACY_SCOPE_FIELD]);
|
|
31
|
-
}
|
|
32
|
-
function coerceVisibility(value) {
|
|
33
|
-
return value === "private" || value === "team" || value === "firm" || value === "external" || value === "public" ? value : void 0;
|
|
34
|
-
}
|
|
35
|
-
function coerceStatus(value) {
|
|
36
|
-
return value === "active" || value === "archived" || value === "watching" ? value : void 0;
|
|
37
|
-
}
|
|
38
|
-
function mapProjectType(topic, metadata) {
|
|
39
|
-
const explicit = readNonEmptyString(metadata.projectType);
|
|
40
|
-
if (explicit) {
|
|
41
|
-
return explicit;
|
|
42
|
-
}
|
|
43
|
-
if (topic.type === "theme") {
|
|
44
|
-
return "thematic";
|
|
45
|
-
}
|
|
46
|
-
return readNonEmptyString(topic.type) || "general";
|
|
47
|
-
}
|
|
48
|
-
function isProjectLikeTopic(topic) {
|
|
49
|
-
const metadata = readMetadata(topic);
|
|
50
|
-
return topic.type === "theme" || topic.type === "thematic" || topic.type === "deal" || topic.type === "monitoring" || readLegacyProjectId(topic) !== void 0 || readNonEmptyString(metadata.projectType) !== void 0;
|
|
51
|
-
}
|
|
52
|
-
async function resolveTopicDoc(ctx, scopeId) {
|
|
53
|
-
if (ctx?.db && typeof ctx.db.get === "function") {
|
|
54
|
-
try {
|
|
55
|
-
const directTopic = await ctx.db.get(scopeId);
|
|
56
|
-
if (directTopic) {
|
|
57
|
-
return directTopic;
|
|
58
|
-
}
|
|
59
|
-
} catch {
|
|
60
|
-
}
|
|
61
|
-
}
|
|
62
|
-
if (typeof ctx.runQuery !== "function") {
|
|
63
|
-
return null;
|
|
64
|
-
}
|
|
65
|
-
try {
|
|
66
|
-
const topic = await ctx.runQuery(api.topics.get, {
|
|
67
|
-
id: String(scopeId)
|
|
68
|
-
});
|
|
69
|
-
if (topic?.name !== void 0 && topic?.type !== void 0) {
|
|
70
|
-
return topic;
|
|
71
|
-
}
|
|
72
|
-
} catch {
|
|
73
|
-
}
|
|
74
|
-
try {
|
|
75
|
-
const topic = await ctx.runQuery(api.topics.getByLegacyScopeId, {
|
|
76
|
-
projectId: String(scopeId)
|
|
77
|
-
});
|
|
78
|
-
if (topic?.name !== void 0 && topic?.type !== void 0) {
|
|
79
|
-
return topic;
|
|
80
|
-
}
|
|
81
|
-
} catch {
|
|
82
|
-
}
|
|
83
|
-
return null;
|
|
84
|
-
}
|
|
85
|
-
function materializeTopicProjectOverlay(topic, idMode = "legacy") {
|
|
86
|
-
const metadata = readMetadata(topic);
|
|
87
|
-
const topicId = String(topic._id);
|
|
88
|
-
const legacyProjectId = readLegacyProjectId(topic) || readLegacyProjectId(metadata) || readNonEmptyString(metadata.legacyProjectId);
|
|
89
|
-
const storageProjectId = legacyProjectId || topicId;
|
|
90
|
-
const outwardId = idMode === "topic" ? topicId : storageProjectId;
|
|
91
|
-
const visibility = coerceVisibility(topic.visibility) || coerceVisibility(metadata.visibility) || "private";
|
|
92
|
-
const status = coerceStatus(topic.status) || coerceStatus(metadata.status) || "active";
|
|
93
|
-
const createdAt = typeof topic.createdAt === "number" ? topic.createdAt : typeof topic._creationTime === "number" ? topic._creationTime : 0;
|
|
94
|
-
const updatedAt = typeof topic.updatedAt === "number" ? topic.updatedAt : typeof metadata.updatedAt === "number" ? metadata.updatedAt : createdAt;
|
|
95
|
-
return {
|
|
96
|
-
...metadata,
|
|
97
|
-
_id: outwardId,
|
|
98
|
-
projectId: outwardId,
|
|
99
|
-
topicId,
|
|
100
|
-
storageProjectId,
|
|
101
|
-
legacyProjectId,
|
|
102
|
-
name: readNonEmptyString(topic.name) || "Untitled Theme",
|
|
103
|
-
type: mapProjectType(topic, metadata),
|
|
104
|
-
description: readNonEmptyString(topic.description),
|
|
105
|
-
ownerId: readNonEmptyString(metadata.ownerId) || readNonEmptyString(topic.createdBy) || "system",
|
|
106
|
-
sharedWith: readStringArray(metadata.sharedWith),
|
|
107
|
-
visibility,
|
|
108
|
-
tenantId: readNonEmptyString(topic.tenantId) || readNonEmptyString(metadata.tenantId),
|
|
109
|
-
workspaceId: readNonEmptyString(topic.workspaceId) || readNonEmptyString(metadata.workspaceId),
|
|
110
|
-
status,
|
|
111
|
-
tags: readStringArray(metadata.tags),
|
|
112
|
-
chatCount: typeof metadata.chatCount === "number" ? metadata.chatCount : 0,
|
|
113
|
-
artifactCount: typeof metadata.artifactCount === "number" ? metadata.artifactCount : 0,
|
|
114
|
-
lastActivityAt: typeof metadata.lastActivityAt === "number" ? metadata.lastActivityAt : updatedAt,
|
|
115
|
-
_creationTime: typeof topic._creationTime === "number" ? topic._creationTime : createdAt,
|
|
116
|
-
createdAt,
|
|
117
|
-
updatedAt
|
|
118
|
-
};
|
|
119
|
-
}
|
|
120
|
-
async function resolveTopicProjectOverlay(ctx, scopeId, options = {}) {
|
|
121
|
-
const topic = await resolveTopicDoc(ctx, scopeId);
|
|
122
|
-
if (!topic) {
|
|
123
|
-
return null;
|
|
124
|
-
}
|
|
125
|
-
if (options.projectLikeOnly !== false && !isProjectLikeTopic(topic)) {
|
|
126
|
-
return null;
|
|
127
|
-
}
|
|
128
|
-
return materializeTopicProjectOverlay(topic, options.idMode);
|
|
129
|
-
}
|
|
130
|
-
async function listTopicProjectOverlays(ctx, options = {}) {
|
|
131
|
-
let allTopics = [];
|
|
132
|
-
if (ctx?.db?.query && typeof ctx.db.query === "function") {
|
|
133
|
-
try {
|
|
134
|
-
allTopics = await ctx.db.query("topics").collect();
|
|
135
|
-
} catch {
|
|
136
|
-
allTopics = [];
|
|
137
|
-
}
|
|
138
|
-
}
|
|
139
|
-
if (allTopics.length === 0 && typeof ctx.runQuery === "function") {
|
|
140
|
-
allTopics = (await ctx.runQuery(api.topics.list, {}) ?? []) || [];
|
|
141
|
-
}
|
|
142
|
-
return allTopics.filter(
|
|
143
|
-
(topic) => options.projectLikeOnly === false || isProjectLikeTopic(topic)
|
|
144
|
-
).map((topic) => materializeTopicProjectOverlay(topic, options.idMode));
|
|
145
|
-
}
|
|
146
|
-
|
|
147
|
-
// ../access-control/src/projectGrantsBridge.ts
|
|
148
|
-
var PROJECT_GRANT_STATUSES = ["active", "revoked", "expired"];
|
|
149
|
-
function normalizeString(value) {
|
|
150
|
-
if (typeof value !== "string") {
|
|
151
|
-
return;
|
|
152
|
-
}
|
|
153
|
-
const trimmed = value.trim();
|
|
154
|
-
return trimmed.length > 0 ? trimmed : void 0;
|
|
155
|
-
}
|
|
156
|
-
async function resolveGrantScopeIds(ctx, args) {
|
|
157
|
-
const topicId = normalizeString(args.topicId);
|
|
158
|
-
const projectId = normalizeString(args.projectId);
|
|
159
|
-
for (const scopeId of [topicId, projectId]) {
|
|
160
|
-
if (!scopeId) {
|
|
161
|
-
continue;
|
|
162
|
-
}
|
|
163
|
-
try {
|
|
164
|
-
const overlay = await resolveTopicProjectOverlay(ctx, scopeId, {
|
|
165
|
-
idMode: "legacy",
|
|
166
|
-
projectLikeOnly: false
|
|
167
|
-
});
|
|
168
|
-
if (overlay) {
|
|
169
|
-
return {
|
|
170
|
-
topicId: normalizeString(overlay.topicId) ?? topicId,
|
|
171
|
-
projectId: normalizeString(overlay.projectId) ?? projectId ?? scopeId
|
|
172
|
-
};
|
|
173
|
-
}
|
|
174
|
-
} catch {
|
|
175
|
-
}
|
|
176
|
-
}
|
|
177
|
-
return { topicId, projectId };
|
|
178
|
-
}
|
|
179
|
-
async function normalizeProjectGrantRow(ctx, row) {
|
|
180
|
-
const scope = await resolveGrantScopeIds(ctx, {
|
|
181
|
-
topicId: row.topicId,
|
|
182
|
-
projectId: row.projectId
|
|
183
|
-
});
|
|
184
|
-
return {
|
|
185
|
-
...row,
|
|
186
|
-
...scope.topicId ? { topicId: scope.topicId } : {},
|
|
187
|
-
...scope.projectId ?? scope.topicId ? { projectId: scope.projectId ?? scope.topicId } : {}
|
|
188
|
-
};
|
|
189
|
-
}
|
|
190
|
-
async function normalizeProjectGrantRows(ctx, rows) {
|
|
191
|
-
return await Promise.all(rows.map((row) => normalizeProjectGrantRow(ctx, row)));
|
|
192
|
-
}
|
|
193
|
-
async function listProjectGrantsByPrincipal(ctx, principalId) {
|
|
194
|
-
const rows = await Promise.all(
|
|
195
|
-
PROJECT_GRANT_STATUSES.map(
|
|
196
|
-
(status) => ctx.db.query("projectGrants").withIndex(
|
|
197
|
-
"by_principal_status",
|
|
198
|
-
(q) => q.eq("principalId", principalId).eq("status", status)
|
|
199
|
-
).collect()
|
|
200
|
-
)
|
|
201
|
-
);
|
|
202
|
-
return await normalizeProjectGrantRows(ctx, rows.flat());
|
|
203
|
-
}
|
|
204
|
-
async function listProjectGrantsByGroup(ctx, groupId) {
|
|
205
|
-
const rows = await Promise.all(
|
|
206
|
-
PROJECT_GRANT_STATUSES.map(
|
|
207
|
-
(status) => ctx.db.query("projectGrants").withIndex(
|
|
208
|
-
"by_group_status",
|
|
209
|
-
(q) => q.eq("groupId", groupId).eq("status", status)
|
|
210
|
-
).collect()
|
|
211
|
-
)
|
|
212
|
-
);
|
|
213
|
-
return await normalizeProjectGrantRows(ctx, rows.flat());
|
|
214
|
-
}
|
|
215
|
-
function buildScopeMatchers(inputScopeId, resolved) {
|
|
216
|
-
return new Set(
|
|
217
|
-
[inputScopeId, resolved.topicId, resolved.projectId].map((value) => normalizeString(value)).filter((value) => Boolean(value))
|
|
218
|
-
);
|
|
219
|
-
}
|
|
220
|
-
function matchesResolvedScope(row, scopeIds) {
|
|
221
|
-
const rowTopicId = normalizeString(row.topicId);
|
|
222
|
-
const rowProjectId = normalizeString(row.projectId);
|
|
223
|
-
return rowTopicId !== void 0 && scopeIds.has(rowTopicId) || rowProjectId !== void 0 && scopeIds.has(rowProjectId);
|
|
224
|
-
}
|
|
225
|
-
async function bridgeListProjectGrantsByTopicAndPrincipal(ctx, topicId, principalId) {
|
|
226
|
-
const resolved = await resolveGrantScopeIds(ctx, { topicId });
|
|
227
|
-
const scopeIds = buildScopeMatchers(topicId, resolved);
|
|
228
|
-
const rows = await listProjectGrantsByPrincipal(ctx, principalId);
|
|
229
|
-
return rows.filter((row) => matchesResolvedScope(row, scopeIds));
|
|
230
|
-
}
|
|
231
|
-
async function bridgeListProjectGrantsByTopicAndGroup(ctx, topicId, groupId) {
|
|
232
|
-
const resolved = await resolveGrantScopeIds(ctx, { topicId });
|
|
233
|
-
const scopeIds = buildScopeMatchers(topicId, resolved);
|
|
234
|
-
const rows = await listProjectGrantsByGroup(ctx, groupId);
|
|
235
|
-
return rows.filter((row) => matchesResolvedScope(row, scopeIds));
|
|
236
|
-
}
|
|
237
|
-
async function bridgeListProjectGrantsByPrincipalStatus(ctx, principalId, status) {
|
|
238
|
-
const rows = await listProjectGrantsByPrincipal(ctx, principalId);
|
|
239
|
-
return rows.filter((row) => row.status === status);
|
|
240
|
-
}
|
|
241
|
-
async function bridgeListProjectGrantsByGroupStatus(ctx, groupId, status) {
|
|
242
|
-
const rows = await listProjectGrantsByGroup(ctx, groupId);
|
|
243
|
-
return rows.filter((row) => row.status === status);
|
|
244
|
-
}
|
|
245
|
-
async function bridgeInsertProjectGrant(ctx, value) {
|
|
246
|
-
const resolved = await resolveGrantScopeIds(ctx, value);
|
|
247
|
-
return await ctx.db.insert("projectGrants", {
|
|
248
|
-
...value,
|
|
249
|
-
...resolved.topicId ? { topicId: resolved.topicId } : {},
|
|
250
|
-
...resolved.projectId ?? resolved.topicId ? { projectId: resolved.projectId ?? resolved.topicId } : {}
|
|
251
|
-
});
|
|
252
|
-
}
|
|
253
|
-
|
|
254
|
-
// ../access-control/src/resolvers.ts
|
|
255
|
-
async function findUserByClerkId(ctx, clerkId) {
|
|
256
|
-
const normalizedClerkId = clerkId.trim();
|
|
257
|
-
if (!normalizedClerkId) {
|
|
258
|
-
return null;
|
|
259
|
-
}
|
|
260
|
-
if (typeof ctx.runQuery === "function") {
|
|
261
|
-
try {
|
|
262
|
-
const bridgedUser = await ctx.runQuery(api.users.getUserByClerkId, {
|
|
263
|
-
clerkId: normalizedClerkId
|
|
264
|
-
});
|
|
265
|
-
if (bridgedUser) {
|
|
266
|
-
return bridgedUser;
|
|
267
|
-
}
|
|
268
|
-
} catch {
|
|
269
|
-
}
|
|
270
|
-
}
|
|
271
|
-
try {
|
|
272
|
-
const users = await ctx.db.query("users").collect();
|
|
273
|
-
return users.find((user) => String(user.clerkId ?? "") === normalizedClerkId) ?? null;
|
|
274
|
-
} catch {
|
|
275
|
-
return null;
|
|
276
|
-
}
|
|
277
|
-
}
|
|
278
|
-
async function findUserByPrincipalId(ctx, principalId) {
|
|
279
|
-
const normalizedPrincipalId = principalId.trim();
|
|
280
|
-
if (!normalizedPrincipalId) {
|
|
281
|
-
return null;
|
|
282
|
-
}
|
|
283
|
-
try {
|
|
284
|
-
const users = await ctx.db.query("users").collect();
|
|
285
|
-
return users.find(
|
|
286
|
-
(user) => String(user.defaultPrincipalId ?? "") === normalizedPrincipalId
|
|
287
|
-
) ?? null;
|
|
288
|
-
} catch {
|
|
289
|
-
return null;
|
|
290
|
-
}
|
|
291
|
-
}
|
|
292
|
-
async function findAgentByPrincipalId(ctx, principalId) {
|
|
293
|
-
const normalizedPrincipalId = principalId.trim();
|
|
294
|
-
if (!normalizedPrincipalId) {
|
|
295
|
-
return null;
|
|
296
|
-
}
|
|
297
|
-
if (typeof ctx.runQuery === "function") {
|
|
298
|
-
try {
|
|
299
|
-
const bridgedAgent = await ctx.runQuery(
|
|
300
|
-
api.agents.getAgentByPrincipalId,
|
|
301
|
-
{
|
|
302
|
-
principalId: normalizedPrincipalId
|
|
303
|
-
}
|
|
304
|
-
);
|
|
305
|
-
if (bridgedAgent) {
|
|
306
|
-
return bridgedAgent;
|
|
307
|
-
}
|
|
308
|
-
} catch {
|
|
309
|
-
}
|
|
310
|
-
}
|
|
311
|
-
try {
|
|
312
|
-
const agents = await ctx.db.query("agents").collect();
|
|
313
|
-
return agents.find(
|
|
314
|
-
(agent) => String(agent.principalId ?? "") === normalizedPrincipalId
|
|
315
|
-
) ?? null;
|
|
316
|
-
} catch {
|
|
317
|
-
return null;
|
|
318
|
-
}
|
|
319
|
-
}
|
|
320
|
-
function defaultResolvers() {
|
|
321
|
-
return {
|
|
322
|
-
async getProject(ctx, topicId) {
|
|
323
|
-
return await resolveTopicProjectOverlay(ctx, topicId, {
|
|
324
|
-
idMode: "legacy",
|
|
325
|
-
projectLikeOnly: false
|
|
326
|
-
});
|
|
327
|
-
},
|
|
328
|
-
async listTopics(ctx) {
|
|
329
|
-
return await listTopicProjectOverlays(ctx, { idMode: "legacy" });
|
|
330
|
-
},
|
|
331
|
-
async listTopicsByOwner(ctx, ownerId) {
|
|
332
|
-
const topics = await listTopicProjectOverlays(ctx, { idMode: "legacy" });
|
|
333
|
-
return topics.filter((topic) => topic.ownerId === ownerId);
|
|
334
|
-
},
|
|
335
|
-
async listTopicsByVisibility(ctx, visibility) {
|
|
336
|
-
const topics = await listTopicProjectOverlays(ctx, { idMode: "legacy" });
|
|
337
|
-
return topics.filter((topic) => topic.visibility === visibility);
|
|
338
|
-
},
|
|
339
|
-
async listProjectGrantsByProjectAndPrincipal(ctx, topicId, principalId) {
|
|
340
|
-
return await bridgeListProjectGrantsByTopicAndPrincipal(
|
|
341
|
-
ctx,
|
|
342
|
-
topicId,
|
|
343
|
-
principalId
|
|
344
|
-
);
|
|
345
|
-
},
|
|
346
|
-
async listProjectGrantsByProjectAndGroup(ctx, topicId, groupId) {
|
|
347
|
-
return await bridgeListProjectGrantsByTopicAndGroup(ctx, topicId, groupId);
|
|
348
|
-
},
|
|
349
|
-
async listProjectGrantsByPrincipalStatus(ctx, principalId, status) {
|
|
350
|
-
return await bridgeListProjectGrantsByPrincipalStatus(
|
|
351
|
-
ctx,
|
|
352
|
-
principalId,
|
|
353
|
-
status
|
|
354
|
-
);
|
|
355
|
-
},
|
|
356
|
-
async listProjectGrantsByGroupStatus(ctx, groupId, status) {
|
|
357
|
-
return await bridgeListProjectGrantsByGroupStatus(ctx, groupId, status);
|
|
358
|
-
},
|
|
359
|
-
async insertProjectGrant(ctx, value) {
|
|
360
|
-
return await bridgeInsertProjectGrant(ctx, value);
|
|
361
|
-
},
|
|
362
|
-
async getAgentByPrincipalId(ctx, principalId) {
|
|
363
|
-
return await findAgentByPrincipalId(ctx, principalId);
|
|
364
|
-
},
|
|
365
|
-
async getUserByClerkId(ctx, clerkId) {
|
|
366
|
-
return await findUserByClerkId(ctx, clerkId);
|
|
367
|
-
},
|
|
368
|
-
async getUserByPrincipalId(ctx, principalId) {
|
|
369
|
-
return await findUserByPrincipalId(ctx, principalId);
|
|
370
|
-
}
|
|
371
|
-
};
|
|
372
|
-
}
|
|
373
|
-
var resolverOverrides = {};
|
|
374
|
-
function resolveAccessControlAppResolvers(_ctx) {
|
|
375
|
-
return {
|
|
376
|
-
...defaultResolvers(),
|
|
377
|
-
...resolverOverrides
|
|
378
|
-
};
|
|
379
|
-
}
|
|
380
|
-
|
|
381
|
-
// ../access-control/src/principalContext.ts
|
|
382
|
-
function requireCanonicalResolvedUser(user, clerkId) {
|
|
383
|
-
const resolved = user;
|
|
384
|
-
if (!resolved) {
|
|
385
|
-
throw new Error(
|
|
386
|
-
`[AccessControl] Canonical user identity required for ${clerkId}. Sync users.upsertUser before user-bound access checks.`
|
|
387
|
-
);
|
|
388
|
-
}
|
|
389
|
-
const { mcRole, defaultTenantId, defaultWorkspaceId, defaultPrincipalId } = resolved;
|
|
390
|
-
if (mcRole !== "platform_admin" && mcRole !== "tenant_admin" && mcRole !== "workspace_admin" && mcRole !== "editor" && mcRole !== "viewer" && mcRole !== "auditor" && mcRole !== "service_agent") {
|
|
391
|
-
throw new Error(
|
|
392
|
-
`[AccessControl] Canonical MC role required for ${clerkId}. Re-sync Master Control identity before user-bound access checks.`
|
|
393
|
-
);
|
|
394
|
-
}
|
|
395
|
-
if (typeof defaultTenantId !== "string" || defaultTenantId.trim().length === 0) {
|
|
396
|
-
throw new Error(
|
|
397
|
-
`[AccessControl] Canonical home tenant required for ${clerkId}. Re-sync Master Control identity before user-bound access checks.`
|
|
398
|
-
);
|
|
399
|
-
}
|
|
400
|
-
if (typeof defaultWorkspaceId !== "string" || defaultWorkspaceId.trim().length === 0) {
|
|
401
|
-
throw new Error(
|
|
402
|
-
`[AccessControl] Canonical home workspace required for ${clerkId}. Re-sync Master Control identity before user-bound access checks.`
|
|
403
|
-
);
|
|
404
|
-
}
|
|
405
|
-
if (typeof defaultPrincipalId !== "string" || defaultPrincipalId.trim().length === 0) {
|
|
406
|
-
throw new Error(
|
|
407
|
-
`[AccessControl] Canonical federated principal required for ${clerkId}. Re-sync Master Control identity before user-bound access checks.`
|
|
408
|
-
);
|
|
409
|
-
}
|
|
410
|
-
return {
|
|
411
|
-
mcRole,
|
|
412
|
-
defaultTenantId: defaultTenantId.trim(),
|
|
413
|
-
defaultWorkspaceId: defaultWorkspaceId.trim(),
|
|
414
|
-
defaultPrincipalId: defaultPrincipalId.trim()
|
|
415
|
-
};
|
|
416
|
-
}
|
|
417
|
-
function isPrincipalIdInput(value) {
|
|
418
|
-
return value.startsWith("user:") || value.startsWith("group:") || value.startsWith("service:") || value.startsWith("agent:") || value.startsWith("external_viewer:");
|
|
419
|
-
}
|
|
420
|
-
async function resolveCanonicalUserRecord(ctx, actorId) {
|
|
421
|
-
const normalizedActorId = actorId.trim();
|
|
422
|
-
const clerkId = isPrincipalIdInput(normalizedActorId) && normalizedActorId.startsWith("user:") ? normalizedActorId.slice("user:".length) : normalizedActorId;
|
|
423
|
-
const resolvers = resolveAccessControlAppResolvers();
|
|
424
|
-
const resolvedByClerkId = await resolvers.getUserByClerkId(ctx, clerkId);
|
|
425
|
-
if (resolvedByClerkId) {
|
|
426
|
-
return {
|
|
427
|
-
resolvedUser: resolvedByClerkId,
|
|
428
|
-
clerkId,
|
|
429
|
-
contextClerkId: clerkId
|
|
430
|
-
};
|
|
431
|
-
}
|
|
432
|
-
const resolvedByPrincipalId = await resolvers.getUserByPrincipalId(
|
|
433
|
-
ctx,
|
|
434
|
-
normalizedActorId
|
|
435
|
-
);
|
|
436
|
-
return {
|
|
437
|
-
resolvedUser: resolvedByPrincipalId ?? null,
|
|
438
|
-
clerkId,
|
|
439
|
-
contextClerkId: normalizedActorId.startsWith("user:") && clerkId.length > 0 ? clerkId : normalizedActorId
|
|
440
|
-
};
|
|
441
|
-
}
|
|
442
|
-
function uniqRoles(roles) {
|
|
443
|
-
const roleSet = /* @__PURE__ */ new Set();
|
|
444
|
-
for (const role of roles) {
|
|
445
|
-
if (role === "platform_admin" || role === "tenant_admin" || role === "workspace_admin" || role === "editor" || role === "viewer" || role === "auditor" || role === "service_agent") {
|
|
446
|
-
roleSet.add(role);
|
|
447
|
-
}
|
|
448
|
-
}
|
|
449
|
-
return [...roleSet];
|
|
450
|
-
}
|
|
451
|
-
function normalizeGroupIds(value) {
|
|
452
|
-
if (!Array.isArray(value)) {
|
|
453
|
-
return [];
|
|
454
|
-
}
|
|
455
|
-
return [...new Set(
|
|
456
|
-
value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
|
|
457
|
-
)];
|
|
458
|
-
}
|
|
459
|
-
function requireServiceAgentUser(user, actorId) {
|
|
460
|
-
const canonicalUser = requireCanonicalResolvedUser(user, actorId);
|
|
461
|
-
if (canonicalUser.mcRole !== "service_agent") {
|
|
462
|
-
throw new Error(
|
|
463
|
-
`[AccessControl] Canonical service_agent identity required for ${actorId}. Sync users.upsertUser before agent-bound access checks.`
|
|
464
|
-
);
|
|
465
|
-
}
|
|
466
|
-
return canonicalUser;
|
|
467
|
-
}
|
|
468
|
-
function requireCanonicalResolvedAgent(agent, actorId) {
|
|
469
|
-
const resolved = agent;
|
|
470
|
-
if (!resolved) {
|
|
471
|
-
throw new Error(
|
|
472
|
-
`[AccessControl] Agent "${actorId}" not found in agents or users table.`
|
|
473
|
-
);
|
|
474
|
-
}
|
|
475
|
-
if (typeof resolved.principalId !== "string" || resolved.principalId.trim().length === 0) {
|
|
476
|
-
throw new Error(
|
|
477
|
-
`[AccessControl] Canonical agent principalId required for ${actorId}.`
|
|
478
|
-
);
|
|
479
|
-
}
|
|
480
|
-
if (typeof resolved.tenantId !== "string" || resolved.tenantId.trim().length === 0) {
|
|
481
|
-
throw new Error(
|
|
482
|
-
`[AccessControl] Canonical home tenant required for ${actorId}.`
|
|
483
|
-
);
|
|
484
|
-
}
|
|
485
|
-
if (typeof resolved.workspaceId !== "string" || resolved.workspaceId.trim().length === 0) {
|
|
486
|
-
throw new Error(
|
|
487
|
-
`[AccessControl] Canonical home workspace required for ${actorId}.`
|
|
488
|
-
);
|
|
489
|
-
}
|
|
490
|
-
return {
|
|
491
|
-
principalId: resolved.principalId.trim(),
|
|
492
|
-
tenantId: resolved.tenantId.trim(),
|
|
493
|
-
workspaceId: resolved.workspaceId.trim(),
|
|
494
|
-
roles: uniqRoles(Array.isArray(resolved.roles) ? resolved.roles : []) ?? ["service_agent"],
|
|
495
|
-
groupIds: normalizeGroupIds(resolved.groupIds)
|
|
496
|
-
};
|
|
497
|
-
}
|
|
498
|
-
async function resolvePrincipalContext(ctx, actorId) {
|
|
499
|
-
if (actorId.startsWith("agent:")) {
|
|
500
|
-
const resolvers = resolveAccessControlAppResolvers();
|
|
501
|
-
const resolvedAgent = await resolvers.getAgentByPrincipalId(ctx, actorId);
|
|
502
|
-
if (resolvedAgent) {
|
|
503
|
-
const agent = requireCanonicalResolvedAgent(
|
|
504
|
-
resolvedAgent,
|
|
505
|
-
actorId
|
|
506
|
-
);
|
|
507
|
-
return {
|
|
508
|
-
principalId: agent.principalId,
|
|
509
|
-
principalType: "service",
|
|
510
|
-
clerkId: actorId,
|
|
511
|
-
tenantId: agent.tenantId,
|
|
512
|
-
workspaceId: agent.workspaceId,
|
|
513
|
-
roles: agent.roles.length > 0 ? agent.roles : ["service_agent"],
|
|
514
|
-
groupIds: agent.groupIds,
|
|
515
|
-
isPlatformAdmin: false,
|
|
516
|
-
isTenantAdmin: false,
|
|
517
|
-
isWorkspaceAdmin: false,
|
|
518
|
-
isSystemFallback: false
|
|
519
|
-
};
|
|
520
|
-
}
|
|
521
|
-
const resolvedUser2 = await resolvers.getUserByClerkId(
|
|
522
|
-
ctx,
|
|
523
|
-
actorId
|
|
524
|
-
);
|
|
525
|
-
if (!resolvedUser2) {
|
|
526
|
-
throw new Error(
|
|
527
|
-
`[AccessControl] Agent "${actorId}" not found in agents or users table.`
|
|
528
|
-
);
|
|
529
|
-
}
|
|
530
|
-
const user2 = requireServiceAgentUser(
|
|
531
|
-
resolvedUser2,
|
|
532
|
-
actorId
|
|
533
|
-
);
|
|
534
|
-
console.warn(
|
|
535
|
-
`[AccessControl] Deprecated legacy service-agent fallback for ${actorId}; migrate this principal into identity.agents.`
|
|
536
|
-
);
|
|
537
|
-
return {
|
|
538
|
-
principalId: user2.defaultPrincipalId,
|
|
539
|
-
principalType: "service",
|
|
540
|
-
clerkId: actorId,
|
|
541
|
-
tenantId: user2.defaultTenantId,
|
|
542
|
-
workspaceId: user2.defaultWorkspaceId,
|
|
543
|
-
roles: ["service_agent"],
|
|
544
|
-
groupIds: normalizeGroupIds(resolvedUser2?.principalGroupIds),
|
|
545
|
-
isPlatformAdmin: false,
|
|
546
|
-
isTenantAdmin: false,
|
|
547
|
-
isWorkspaceAdmin: false,
|
|
548
|
-
isSystemFallback: false
|
|
549
|
-
};
|
|
550
|
-
}
|
|
551
|
-
const {
|
|
552
|
-
resolvedUser,
|
|
553
|
-
contextClerkId
|
|
554
|
-
} = await resolveCanonicalUserRecord(ctx, actorId);
|
|
555
|
-
const user = requireCanonicalResolvedUser(
|
|
556
|
-
resolvedUser,
|
|
557
|
-
contextClerkId
|
|
558
|
-
);
|
|
559
|
-
if (!user.defaultPrincipalId) {
|
|
560
|
-
throw new Error(
|
|
561
|
-
`[AccessControl] Canonical federated principal required for ${contextClerkId}. Re-sync Master Control identity before user-bound access checks.`
|
|
562
|
-
);
|
|
563
|
-
}
|
|
564
|
-
if (user.mcRole === "service_agent") {
|
|
565
|
-
return {
|
|
566
|
-
principalId: user.defaultPrincipalId,
|
|
567
|
-
principalType: "service",
|
|
568
|
-
clerkId: contextClerkId,
|
|
569
|
-
tenantId: user.defaultTenantId,
|
|
570
|
-
workspaceId: user.defaultWorkspaceId,
|
|
571
|
-
roles: ["service_agent"],
|
|
572
|
-
groupIds: normalizeGroupIds(resolvedUser?.principalGroupIds),
|
|
573
|
-
isPlatformAdmin: false,
|
|
574
|
-
isTenantAdmin: false,
|
|
575
|
-
isWorkspaceAdmin: false,
|
|
576
|
-
isSystemFallback: false
|
|
577
|
-
};
|
|
578
|
-
}
|
|
579
|
-
const principalId = user.defaultPrincipalId;
|
|
580
|
-
const effectiveRole = user.mcRole;
|
|
581
|
-
const roles = effectiveRole === "platform_admin" ? ["platform_admin", "tenant_admin"] : effectiveRole === "tenant_admin" ? ["tenant_admin"] : [effectiveRole];
|
|
582
|
-
const tenantId = user.defaultTenantId;
|
|
583
|
-
const workspaceId = user.defaultWorkspaceId;
|
|
584
|
-
const isPlatformAdmin = effectiveRole === "platform_admin";
|
|
585
|
-
return {
|
|
586
|
-
principalId,
|
|
587
|
-
principalType: "user",
|
|
588
|
-
clerkId: contextClerkId,
|
|
589
|
-
tenantId,
|
|
590
|
-
workspaceId,
|
|
591
|
-
roles: uniqRoles(roles),
|
|
592
|
-
groupIds: normalizeGroupIds(resolvedUser?.principalGroupIds),
|
|
593
|
-
isPlatformAdmin,
|
|
594
|
-
isTenantAdmin: isPlatformAdmin || effectiveRole === "tenant_admin",
|
|
595
|
-
isWorkspaceAdmin: isPlatformAdmin || effectiveRole === "tenant_admin" || effectiveRole === "workspace_admin",
|
|
596
|
-
isSystemFallback: false
|
|
597
|
-
};
|
|
598
|
-
}
|
|
599
|
-
|
|
600
|
-
// ../access-control/src/access.ts
|
|
601
|
-
function isTopicInPrincipalTenant(topic, principalTenantId) {
|
|
602
|
-
if (!topic.tenantId) {
|
|
603
|
-
return false;
|
|
604
|
-
}
|
|
605
|
-
if (!principalTenantId) {
|
|
606
|
-
return false;
|
|
607
|
-
}
|
|
608
|
-
return String(topic.tenantId) === String(principalTenantId);
|
|
609
|
-
}
|
|
610
|
-
function isTopicInPrincipalWorkspace(topic, principalWorkspaceId) {
|
|
611
|
-
if (!topic.workspaceId) {
|
|
612
|
-
return false;
|
|
613
|
-
}
|
|
614
|
-
if (!principalWorkspaceId) {
|
|
615
|
-
return false;
|
|
616
|
-
}
|
|
617
|
-
return String(topic.workspaceId) === String(principalWorkspaceId);
|
|
618
|
-
}
|
|
619
|
-
function isLegacyUnscopedTopic(topic) {
|
|
620
|
-
return !topic.tenantId || !topic.workspaceId;
|
|
621
|
-
}
|
|
622
|
-
function isGrantScopeAlignedToTopic(topic, grant) {
|
|
623
|
-
if (topic.tenantId && grant.tenantId && String(topic.tenantId) !== String(grant.tenantId)) {
|
|
624
|
-
return false;
|
|
625
|
-
}
|
|
626
|
-
if (topic.workspaceId && grant.workspaceId && String(topic.workspaceId) !== String(grant.workspaceId)) {
|
|
627
|
-
return false;
|
|
628
|
-
}
|
|
629
|
-
return true;
|
|
630
|
-
}
|
|
631
|
-
function isGrantSourceAllowedForVisibility(visibility, source) {
|
|
632
|
-
if (source !== "external_share") {
|
|
633
|
-
return true;
|
|
634
|
-
}
|
|
635
|
-
return visibility === "external" || visibility === "public";
|
|
636
|
-
}
|
|
637
|
-
function isGrantActive(grant) {
|
|
638
|
-
if (grant.status !== "active") {
|
|
639
|
-
return false;
|
|
640
|
-
}
|
|
641
|
-
if (grant.expiresAt !== void 0 && grant.expiresAt <= Date.now()) {
|
|
642
|
-
return false;
|
|
643
|
-
}
|
|
644
|
-
return true;
|
|
645
|
-
}
|
|
646
|
-
async function hasPrincipalGrant(ctx, args) {
|
|
647
|
-
const grants = await resolveAccessControlAppResolvers().listProjectGrantsByProjectAndPrincipal(
|
|
648
|
-
ctx,
|
|
649
|
-
args.topic._id,
|
|
650
|
-
args.principalId
|
|
651
|
-
);
|
|
652
|
-
if (grants.some(
|
|
653
|
-
(grant) => isGrantActive(grant) && isGrantScopeAlignedToTopic(args.topic, grant) && isGrantSourceAllowedForVisibility(
|
|
654
|
-
args.topic.visibility,
|
|
655
|
-
grant.source
|
|
656
|
-
) && (!args.principalIsExternal || args.topic.visibility === "public" || grant.source === "external_share")
|
|
657
|
-
)) {
|
|
658
|
-
return true;
|
|
659
|
-
}
|
|
660
|
-
return false;
|
|
661
|
-
}
|
|
662
|
-
async function hasGroupGrant(ctx, args) {
|
|
663
|
-
if (args.groupIds.length === 0) {
|
|
664
|
-
return false;
|
|
665
|
-
}
|
|
666
|
-
for (const groupId of args.groupIds) {
|
|
667
|
-
const grants = await resolveAccessControlAppResolvers().listProjectGrantsByProjectAndGroup(ctx, args.topic._id, groupId);
|
|
668
|
-
if (grants.some(
|
|
669
|
-
(grant) => isGrantActive(grant) && isGrantScopeAlignedToTopic(args.topic, grant) && isGrantSourceAllowedForVisibility(
|
|
670
|
-
args.topic.visibility,
|
|
671
|
-
grant.source
|
|
672
|
-
)
|
|
673
|
-
)) {
|
|
674
|
-
return true;
|
|
675
|
-
}
|
|
676
|
-
}
|
|
677
|
-
return false;
|
|
678
|
-
}
|
|
679
|
-
function isExternalPrincipal(_ctx, _args) {
|
|
680
|
-
return false;
|
|
681
|
-
}
|
|
682
|
-
async function evaluateTopicAccessDetailed(ctx, args) {
|
|
683
|
-
if (args.legacyUserId) {
|
|
684
|
-
return {
|
|
685
|
-
hasAccess: true,
|
|
686
|
-
isAdmin: false,
|
|
687
|
-
isOwner: false,
|
|
688
|
-
isShared: false,
|
|
689
|
-
hasGrant: true,
|
|
690
|
-
isFirmVisible: true,
|
|
691
|
-
isExternalVisible: false,
|
|
692
|
-
isPublicVisible: false,
|
|
693
|
-
isTenantScopeMatch: true,
|
|
694
|
-
isWorkspaceScopeMatch: true,
|
|
695
|
-
isPrincipalExternal: false
|
|
696
|
-
};
|
|
697
|
-
}
|
|
698
|
-
const topic = await resolveAccessControlAppResolvers().getProject(
|
|
699
|
-
ctx,
|
|
700
|
-
args.topicId
|
|
701
|
-
);
|
|
702
|
-
if (!topic) {
|
|
703
|
-
return {
|
|
704
|
-
hasAccess: false,
|
|
705
|
-
isAdmin: false,
|
|
706
|
-
isOwner: false,
|
|
707
|
-
isShared: false,
|
|
708
|
-
hasGrant: false,
|
|
709
|
-
isFirmVisible: false,
|
|
710
|
-
isExternalVisible: false,
|
|
711
|
-
isPublicVisible: false,
|
|
712
|
-
isTenantScopeMatch: false,
|
|
713
|
-
isWorkspaceScopeMatch: false,
|
|
714
|
-
isPrincipalExternal: false
|
|
715
|
-
};
|
|
716
|
-
}
|
|
717
|
-
const { principalContext, legacyUserId } = args;
|
|
718
|
-
const userIsAdmin = principalContext.isPlatformAdmin;
|
|
719
|
-
const isOwner = topic.ownerId === legacyUserId;
|
|
720
|
-
const isShared = (topic.sharedWith ?? []).includes(legacyUserId);
|
|
721
|
-
const principalIsExternal = await isExternalPrincipal(ctx, {
|
|
722
|
-
groupIds: principalContext.groupIds,
|
|
723
|
-
topicTenantId: topic.tenantId,
|
|
724
|
-
topicWorkspaceId: topic.workspaceId
|
|
725
|
-
});
|
|
726
|
-
const hasPrincipalGrantResult = await hasPrincipalGrant(ctx, {
|
|
727
|
-
topic,
|
|
728
|
-
principalId: principalContext.principalId,
|
|
729
|
-
principalIsExternal
|
|
730
|
-
});
|
|
731
|
-
const hasGroupGrantResult = await hasGroupGrant(ctx, {
|
|
732
|
-
topic,
|
|
733
|
-
groupIds: principalContext.groupIds
|
|
734
|
-
});
|
|
735
|
-
const hasGrant = isShared || hasPrincipalGrantResult || hasGroupGrantResult;
|
|
736
|
-
const legacyUnscoped = isLegacyUnscopedTopic(topic);
|
|
737
|
-
const tenantScopeMatch = isTopicInPrincipalTenant(
|
|
738
|
-
topic,
|
|
739
|
-
principalContext.tenantId
|
|
740
|
-
);
|
|
741
|
-
const workspaceScopeMatch = isTopicInPrincipalWorkspace(
|
|
742
|
-
topic,
|
|
743
|
-
principalContext.workspaceId
|
|
744
|
-
);
|
|
745
|
-
const isPublicVisible = topic.visibility === "public";
|
|
746
|
-
const isFirmVisible = topic.visibility === "firm" && !legacyUnscoped && tenantScopeMatch && workspaceScopeMatch && !principalIsExternal;
|
|
747
|
-
const hasScopedGrant = hasGrant && (legacyUnscoped || tenantScopeMatch && workspaceScopeMatch);
|
|
748
|
-
const isExternalVisible = topic.visibility === "external" && hasScopedGrant;
|
|
749
|
-
const hasAccess = userIsAdmin || isOwner || hasScopedGrant || isPublicVisible || isFirmVisible;
|
|
750
|
-
return {
|
|
751
|
-
hasAccess,
|
|
752
|
-
isAdmin: userIsAdmin,
|
|
753
|
-
isOwner,
|
|
754
|
-
isShared,
|
|
755
|
-
hasGrant,
|
|
756
|
-
isFirmVisible,
|
|
757
|
-
isExternalVisible,
|
|
758
|
-
isPublicVisible,
|
|
759
|
-
isTenantScopeMatch: tenantScopeMatch,
|
|
760
|
-
isWorkspaceScopeMatch: workspaceScopeMatch,
|
|
761
|
-
isPrincipalExternal: principalIsExternal
|
|
762
|
-
};
|
|
763
|
-
}
|
|
764
|
-
async function checkTopicAccessDetailed(ctx, topicId, userId) {
|
|
765
|
-
const principalContext = await resolvePrincipalContext(ctx, userId);
|
|
766
|
-
return evaluateTopicAccessDetailed(ctx, {
|
|
767
|
-
topicId,
|
|
768
|
-
legacyUserId: userId,
|
|
769
|
-
principalContext
|
|
770
|
-
});
|
|
771
|
-
}
|
|
772
|
-
async function checkTopicAccess(ctx, topicId, userId) {
|
|
773
|
-
const result = await checkTopicAccessDetailed(ctx, topicId, userId);
|
|
774
|
-
return result.hasAccess;
|
|
775
|
-
}
|
|
776
|
-
async function checkScopeAccess(ctx, scopeId, userId) {
|
|
777
|
-
try {
|
|
778
|
-
const topic = await ctx.db.get(scopeId);
|
|
779
|
-
if (topic && topic.name !== void 0 && topic.type !== void 0) {
|
|
780
|
-
return true;
|
|
781
|
-
}
|
|
782
|
-
} catch {
|
|
783
|
-
}
|
|
784
|
-
try {
|
|
785
|
-
return await checkTopicAccess(ctx, scopeId, userId);
|
|
786
|
-
} catch {
|
|
787
|
-
return false;
|
|
788
|
-
}
|
|
789
|
-
}
|
|
790
|
-
async function requireTopicAccess(ctx, topicId, userId) {
|
|
791
|
-
const hasAccess = await checkTopicAccess(ctx, topicId, userId);
|
|
792
|
-
if (!hasAccess) {
|
|
793
|
-
throw new Error(
|
|
794
|
-
"Access denied: You don't have permission to access this topic"
|
|
795
|
-
);
|
|
796
|
-
}
|
|
797
|
-
}
|
|
798
|
-
var checkProjectAccess = checkTopicAccess;
|
|
799
|
-
var requireProjectAccess = requireTopicAccess;
|
|
800
|
-
|
|
801
|
-
// ../access-control/src/audience.ts
|
|
802
|
-
var AUDIENCE_CLASS_RANK = {
|
|
803
|
-
public: 0,
|
|
804
|
-
restricted_external: 1,
|
|
805
|
-
internal: 2
|
|
806
|
-
};
|
|
807
|
-
function normalizeKey(key) {
|
|
808
|
-
return (key ?? "").trim().toLowerCase().replace(/[^a-z0-9:_-]+/g, "_").replace(/_+/g, "_").replace(/^_+|_+$/g, "");
|
|
809
|
-
}
|
|
810
|
-
function normalizeAudienceKey(key) {
|
|
811
|
-
return normalizeKey(key);
|
|
812
|
-
}
|
|
813
|
-
function classFromAudienceKey(audienceKey, fallback = "internal") {
|
|
814
|
-
const key = normalizeKey(audienceKey);
|
|
815
|
-
if (!key) {
|
|
816
|
-
return fallback;
|
|
817
|
-
}
|
|
818
|
-
if (key === "internal") {
|
|
819
|
-
return "internal";
|
|
820
|
-
}
|
|
821
|
-
if (key === "public") {
|
|
822
|
-
return "public";
|
|
823
|
-
}
|
|
824
|
-
if (key === "lp" || key === "external" || key === "client" || key === "partner" || key === "portfolio" || key === "network" || key === "restricted_external") {
|
|
825
|
-
return "restricted_external";
|
|
826
|
-
}
|
|
827
|
-
return fallback;
|
|
828
|
-
}
|
|
829
|
-
function canAudienceClassAccess(viewerClass, resourceClass) {
|
|
830
|
-
return AUDIENCE_CLASS_RANK[viewerClass] >= AUDIENCE_CLASS_RANK[resourceClass];
|
|
831
|
-
}
|
|
832
|
-
|
|
833
|
-
// ../access-control/src/audienceRegistry.ts
|
|
834
|
-
var DEFAULT_AUDIENCES = [
|
|
835
|
-
{
|
|
836
|
-
audienceKey: "internal",
|
|
837
|
-
audienceLabel: "Internal",
|
|
838
|
-
audienceClass: "internal"
|
|
839
|
-
},
|
|
840
|
-
{
|
|
841
|
-
audienceKey: "lp",
|
|
842
|
-
audienceLabel: "Limited Partners",
|
|
843
|
-
audienceClass: "restricted_external"
|
|
844
|
-
},
|
|
845
|
-
{
|
|
846
|
-
audienceKey: "public",
|
|
847
|
-
audienceLabel: "Public",
|
|
848
|
-
audienceClass: "public"
|
|
849
|
-
}
|
|
850
|
-
];
|
|
851
|
-
var AUDIENCE_CLASS_PRIORITY = {
|
|
852
|
-
internal: 0,
|
|
853
|
-
restricted_external: 1,
|
|
854
|
-
public: 2
|
|
855
|
-
};
|
|
856
|
-
function normalizeRegistryRow(row) {
|
|
857
|
-
return {
|
|
858
|
-
audienceKey: normalizeAudienceKey(row.audienceKey),
|
|
859
|
-
audienceLabel: row.audienceLabel,
|
|
860
|
-
audienceClass: row.audienceClass,
|
|
861
|
-
workspaceId: row.workspaceId
|
|
862
|
-
};
|
|
863
|
-
}
|
|
864
|
-
function dedupeRegistryRows(rows) {
|
|
865
|
-
const byKey = /* @__PURE__ */ new Map();
|
|
866
|
-
for (const row of rows) {
|
|
867
|
-
const key = normalizeAudienceKey(row.audienceKey);
|
|
868
|
-
if (!key) {
|
|
869
|
-
continue;
|
|
870
|
-
}
|
|
871
|
-
const existing = byKey.get(key);
|
|
872
|
-
const isWorkspaceScoped = row.workspaceId !== void 0;
|
|
873
|
-
const existingWorkspaceScoped = existing?.workspaceId !== void 0;
|
|
874
|
-
if (!existing || isWorkspaceScoped && !existingWorkspaceScoped) {
|
|
875
|
-
byKey.set(key, {
|
|
876
|
-
...row,
|
|
877
|
-
audienceKey: key
|
|
878
|
-
});
|
|
879
|
-
}
|
|
880
|
-
}
|
|
881
|
-
const normalized = [...byKey.values()];
|
|
882
|
-
normalized.sort((a, b) => {
|
|
883
|
-
const classDelta = AUDIENCE_CLASS_PRIORITY[a.audienceClass] - AUDIENCE_CLASS_PRIORITY[b.audienceClass];
|
|
884
|
-
if (classDelta !== 0) {
|
|
885
|
-
return classDelta;
|
|
886
|
-
}
|
|
887
|
-
return a.audienceKey.localeCompare(b.audienceKey);
|
|
888
|
-
});
|
|
889
|
-
return normalized;
|
|
890
|
-
}
|
|
891
|
-
async function queryRegistryRows(ctx, args) {
|
|
892
|
-
if (!args.tenantId) {
|
|
893
|
-
return [...DEFAULT_AUDIENCES];
|
|
894
|
-
}
|
|
895
|
-
const rows = await ctx.db.query("platformAudiences").withIndex("by_tenantId", (q) => q.eq("tenantId", args.tenantId)).collect();
|
|
896
|
-
const workspaceIdString = args.workspaceId ? String(args.workspaceId) : null;
|
|
897
|
-
const tenantScoped = rows.filter((row) => row.status === "active");
|
|
898
|
-
const applicable = tenantScoped.filter((row) => {
|
|
899
|
-
if (!row.workspaceId) {
|
|
900
|
-
return true;
|
|
901
|
-
}
|
|
902
|
-
if (!workspaceIdString) {
|
|
903
|
-
return false;
|
|
904
|
-
}
|
|
905
|
-
return String(row.workspaceId) === workspaceIdString;
|
|
906
|
-
});
|
|
907
|
-
return dedupeRegistryRows([
|
|
908
|
-
...DEFAULT_AUDIENCES,
|
|
909
|
-
...applicable.map(
|
|
910
|
-
(row) => normalizeRegistryRow({
|
|
911
|
-
audienceKey: row.audienceKey,
|
|
912
|
-
audienceLabel: row.audienceLabel,
|
|
913
|
-
audienceClass: row.audienceClass,
|
|
914
|
-
workspaceId: row.workspaceId
|
|
915
|
-
})
|
|
916
|
-
)
|
|
917
|
-
]);
|
|
918
|
-
}
|
|
919
|
-
async function listAudienceRegistryRows(ctx, args) {
|
|
920
|
-
return queryRegistryRows(ctx, args);
|
|
921
|
-
}
|
|
922
|
-
var permissiveReturn = v.optional(v.any());
|
|
923
|
-
var looseJsonObject = v.record(v.string(), v.any());
|
|
924
|
-
var looseJsonArray = v.array(v.any());
|
|
925
|
-
v.union(
|
|
926
|
-
v.string(),
|
|
927
|
-
v.number(),
|
|
928
|
-
v.boolean(),
|
|
929
|
-
v.null(),
|
|
930
|
-
looseJsonObject,
|
|
931
|
-
looseJsonArray
|
|
932
|
-
);
|
|
933
|
-
var api2 = anyApi;
|
|
934
|
-
componentsGeneric();
|
|
935
12
|
var internal = anyApi;
|
|
936
13
|
var internalMutation = internalMutationGeneric;
|
|
937
14
|
var internalQuery = internalQueryGeneric;
|
|
@@ -972,48 +49,48 @@ function generateGlobalId() {
|
|
|
972
49
|
}
|
|
973
50
|
|
|
974
51
|
// src/topicProjectOverlay.ts
|
|
975
|
-
var
|
|
976
|
-
function
|
|
52
|
+
var LEGACY_SCOPE_FIELD = "graphScopeProjectId";
|
|
53
|
+
function readNonEmptyString(value) {
|
|
977
54
|
if (typeof value !== "string") {
|
|
978
55
|
return;
|
|
979
56
|
}
|
|
980
57
|
const normalized = value.trim();
|
|
981
58
|
return normalized.length > 0 ? normalized : void 0;
|
|
982
59
|
}
|
|
983
|
-
function
|
|
60
|
+
function readStringArray(value) {
|
|
984
61
|
if (!Array.isArray(value)) {
|
|
985
62
|
return [];
|
|
986
63
|
}
|
|
987
|
-
return value.map((entry) =>
|
|
64
|
+
return value.map((entry) => readNonEmptyString(entry)).filter((entry) => Boolean(entry));
|
|
988
65
|
}
|
|
989
|
-
function
|
|
66
|
+
function readMetadata(topic) {
|
|
990
67
|
return topic.metadata && typeof topic.metadata === "object" ? topic.metadata : {};
|
|
991
68
|
}
|
|
992
|
-
function
|
|
69
|
+
function readLegacyProjectId(value) {
|
|
993
70
|
if (!value) {
|
|
994
71
|
return;
|
|
995
72
|
}
|
|
996
|
-
return
|
|
73
|
+
return readNonEmptyString(value[LEGACY_SCOPE_FIELD]);
|
|
997
74
|
}
|
|
998
|
-
function
|
|
75
|
+
function coerceVisibility(value) {
|
|
999
76
|
return value === "private" || value === "team" || value === "firm" || value === "external" || value === "public" ? value : void 0;
|
|
1000
77
|
}
|
|
1001
|
-
function
|
|
78
|
+
function coerceStatus(value) {
|
|
1002
79
|
return value === "active" || value === "archived" || value === "watching" ? value : void 0;
|
|
1003
80
|
}
|
|
1004
|
-
function
|
|
1005
|
-
const explicit =
|
|
81
|
+
function mapProjectType(topic, metadata) {
|
|
82
|
+
const explicit = readNonEmptyString(metadata.projectType);
|
|
1006
83
|
if (explicit) {
|
|
1007
84
|
return explicit;
|
|
1008
85
|
}
|
|
1009
86
|
if (topic.type === "theme") {
|
|
1010
87
|
return "thematic";
|
|
1011
88
|
}
|
|
1012
|
-
return
|
|
89
|
+
return readNonEmptyString(topic.type) || "general";
|
|
1013
90
|
}
|
|
1014
|
-
function
|
|
1015
|
-
const metadata =
|
|
1016
|
-
return topic.type === "theme" || topic.type === "thematic" || topic.type === "deal" || topic.type === "monitoring" ||
|
|
91
|
+
function isProjectLikeTopic(topic) {
|
|
92
|
+
const metadata = readMetadata(topic);
|
|
93
|
+
return topic.type === "theme" || topic.type === "thematic" || topic.type === "deal" || topic.type === "monitoring" || readLegacyProjectId(topic) !== void 0 || readNonEmptyString(metadata.projectType) !== void 0;
|
|
1017
94
|
}
|
|
1018
95
|
function isMissingLucernChildComponentError(error) {
|
|
1019
96
|
const message = error instanceof Error ? error.message : String(error);
|
|
@@ -1021,7 +98,7 @@ function isMissingLucernChildComponentError(error) {
|
|
|
1021
98
|
'Child component ComponentName(Identifier("lucern")) not found'
|
|
1022
99
|
) || message.includes("Child component") && message.includes("lucern") && message.includes("not found");
|
|
1023
100
|
}
|
|
1024
|
-
async function
|
|
101
|
+
async function resolveTopicDoc(ctx, scopeId) {
|
|
1025
102
|
if (ctx?.db && typeof ctx.db.get === "function") {
|
|
1026
103
|
try {
|
|
1027
104
|
const directTopic = await ctx.db.get(scopeId);
|
|
@@ -1035,7 +112,7 @@ async function resolveTopicDoc2(ctx, scopeId) {
|
|
|
1035
112
|
return null;
|
|
1036
113
|
}
|
|
1037
114
|
try {
|
|
1038
|
-
const topic = await ctx.runQuery(
|
|
115
|
+
const topic = await ctx.runQuery(api.topics.get, {
|
|
1039
116
|
id: String(scopeId)
|
|
1040
117
|
});
|
|
1041
118
|
if (topic?.name !== void 0 && topic?.type !== void 0) {
|
|
@@ -1044,7 +121,7 @@ async function resolveTopicDoc2(ctx, scopeId) {
|
|
|
1044
121
|
} catch {
|
|
1045
122
|
}
|
|
1046
123
|
try {
|
|
1047
|
-
const topic = await ctx.runQuery(
|
|
124
|
+
const topic = await ctx.runQuery(api.topics.getByLegacyScopeId, {
|
|
1048
125
|
projectId: String(scopeId)
|
|
1049
126
|
});
|
|
1050
127
|
if (topic?.name !== void 0 && topic?.type !== void 0) {
|
|
@@ -1054,14 +131,14 @@ async function resolveTopicDoc2(ctx, scopeId) {
|
|
|
1054
131
|
}
|
|
1055
132
|
return null;
|
|
1056
133
|
}
|
|
1057
|
-
function
|
|
1058
|
-
const metadata =
|
|
134
|
+
function materializeTopicProjectOverlay(topic, idMode = "legacy") {
|
|
135
|
+
const metadata = readMetadata(topic);
|
|
1059
136
|
const topicId = String(topic._id);
|
|
1060
|
-
const legacyProjectId =
|
|
137
|
+
const legacyProjectId = readLegacyProjectId(topic) || readLegacyProjectId(metadata) || readNonEmptyString(metadata.legacyProjectId);
|
|
1061
138
|
const storageProjectId = legacyProjectId || topicId;
|
|
1062
139
|
const outwardId = idMode === "topic" ? topicId : storageProjectId;
|
|
1063
|
-
const visibility =
|
|
1064
|
-
const status =
|
|
140
|
+
const visibility = coerceVisibility(topic.visibility) || coerceVisibility(metadata.visibility) || "private";
|
|
141
|
+
const status = coerceStatus(topic.status) || coerceStatus(metadata.status) || "active";
|
|
1065
142
|
const createdAt = typeof topic.createdAt === "number" ? topic.createdAt : typeof topic._creationTime === "number" ? topic._creationTime : 0;
|
|
1066
143
|
const updatedAt = typeof topic.updatedAt === "number" ? topic.updatedAt : typeof metadata.updatedAt === "number" ? metadata.updatedAt : createdAt;
|
|
1067
144
|
return {
|
|
@@ -1071,16 +148,16 @@ function materializeTopicProjectOverlay2(topic, idMode = "legacy") {
|
|
|
1071
148
|
topicId,
|
|
1072
149
|
storageProjectId,
|
|
1073
150
|
legacyProjectId,
|
|
1074
|
-
name:
|
|
1075
|
-
type:
|
|
1076
|
-
description:
|
|
1077
|
-
ownerId:
|
|
1078
|
-
sharedWith:
|
|
151
|
+
name: readNonEmptyString(topic.name) || "Untitled Theme",
|
|
152
|
+
type: mapProjectType(topic, metadata),
|
|
153
|
+
description: readNonEmptyString(topic.description),
|
|
154
|
+
ownerId: readNonEmptyString(metadata.ownerId) || readNonEmptyString(topic.createdBy) || "system",
|
|
155
|
+
sharedWith: readStringArray(metadata.sharedWith),
|
|
1079
156
|
visibility,
|
|
1080
|
-
tenantId:
|
|
1081
|
-
workspaceId:
|
|
157
|
+
tenantId: readNonEmptyString(topic.tenantId) || readNonEmptyString(metadata.tenantId),
|
|
158
|
+
workspaceId: readNonEmptyString(topic.workspaceId) || readNonEmptyString(metadata.workspaceId),
|
|
1082
159
|
status,
|
|
1083
|
-
tags:
|
|
160
|
+
tags: readStringArray(metadata.tags),
|
|
1084
161
|
chatCount: typeof metadata.chatCount === "number" ? metadata.chatCount : 0,
|
|
1085
162
|
artifactCount: typeof metadata.artifactCount === "number" ? metadata.artifactCount : 0,
|
|
1086
163
|
lastActivityAt: typeof metadata.lastActivityAt === "number" ? metadata.lastActivityAt : updatedAt,
|
|
@@ -1089,17 +166,17 @@ function materializeTopicProjectOverlay2(topic, idMode = "legacy") {
|
|
|
1089
166
|
updatedAt
|
|
1090
167
|
};
|
|
1091
168
|
}
|
|
1092
|
-
async function
|
|
1093
|
-
const topic = await
|
|
169
|
+
async function resolveTopicProjectOverlay(ctx, scopeId, options = {}) {
|
|
170
|
+
const topic = await resolveTopicDoc(ctx, scopeId);
|
|
1094
171
|
if (!topic) {
|
|
1095
172
|
return null;
|
|
1096
173
|
}
|
|
1097
|
-
if (options.projectLikeOnly !== false && !
|
|
174
|
+
if (options.projectLikeOnly !== false && !isProjectLikeTopic(topic)) {
|
|
1098
175
|
return null;
|
|
1099
176
|
}
|
|
1100
|
-
return
|
|
177
|
+
return materializeTopicProjectOverlay(topic, options.idMode);
|
|
1101
178
|
}
|
|
1102
|
-
async function
|
|
179
|
+
async function listTopicProjectOverlays(ctx, options = {}) {
|
|
1103
180
|
let allTopics = [];
|
|
1104
181
|
if (ctx?.db?.query && typeof ctx.db.query === "function") {
|
|
1105
182
|
try {
|
|
@@ -1109,18 +186,18 @@ async function listTopicProjectOverlays2(ctx, options = {}) {
|
|
|
1109
186
|
}
|
|
1110
187
|
}
|
|
1111
188
|
if (allTopics.length === 0 && typeof ctx.runQuery === "function") {
|
|
1112
|
-
allTopics = (await ctx.runQuery(
|
|
189
|
+
allTopics = (await ctx.runQuery(api.topics.list, {}) ?? []) || [];
|
|
1113
190
|
}
|
|
1114
191
|
return allTopics.filter(
|
|
1115
|
-
(topic) => options.projectLikeOnly === false ||
|
|
1116
|
-
).map((topic) =>
|
|
192
|
+
(topic) => options.projectLikeOnly === false || isProjectLikeTopic(topic)
|
|
193
|
+
).map((topic) => materializeTopicProjectOverlay(topic, options.idMode));
|
|
1117
194
|
}
|
|
1118
195
|
async function patchTopicProjectOverlay(ctx, scopeId, value) {
|
|
1119
|
-
const topic = await
|
|
196
|
+
const topic = await resolveTopicDoc(ctx, scopeId);
|
|
1120
197
|
if (!topic) {
|
|
1121
198
|
return null;
|
|
1122
199
|
}
|
|
1123
|
-
const nextMetadata = { ...
|
|
200
|
+
const nextMetadata = { ...readMetadata(topic) };
|
|
1124
201
|
const patch = {};
|
|
1125
202
|
const topicUpdateArgs = {
|
|
1126
203
|
id: String(topic._id)
|
|
@@ -1145,7 +222,7 @@ async function patchTopicProjectOverlay(ctx, scopeId, value) {
|
|
|
1145
222
|
`patchTopicProjectOverlay cannot mutate ${key} via component-owned topics`
|
|
1146
223
|
);
|
|
1147
224
|
case "status": {
|
|
1148
|
-
const status =
|
|
225
|
+
const status = coerceStatus(rawValue);
|
|
1149
226
|
if (status) {
|
|
1150
227
|
patch.status = status;
|
|
1151
228
|
topicUpdateArgs.status = status;
|
|
@@ -1153,7 +230,7 @@ async function patchTopicProjectOverlay(ctx, scopeId, value) {
|
|
|
1153
230
|
break;
|
|
1154
231
|
}
|
|
1155
232
|
case "visibility": {
|
|
1156
|
-
const visibility =
|
|
233
|
+
const visibility = coerceVisibility(rawValue);
|
|
1157
234
|
if (visibility) {
|
|
1158
235
|
patch.visibility = visibility;
|
|
1159
236
|
topicUpdateArgs.visibility = visibility;
|
|
@@ -1161,7 +238,7 @@ async function patchTopicProjectOverlay(ctx, scopeId, value) {
|
|
|
1161
238
|
break;
|
|
1162
239
|
}
|
|
1163
240
|
case "type": {
|
|
1164
|
-
const projectType =
|
|
241
|
+
const projectType = readNonEmptyString(rawValue);
|
|
1165
242
|
if (projectType) {
|
|
1166
243
|
nextMetadata.projectType = projectType;
|
|
1167
244
|
} else {
|
|
@@ -1185,7 +262,7 @@ async function patchTopicProjectOverlay(ctx, scopeId, value) {
|
|
|
1185
262
|
topicUpdateArgs.metadata = nextMetadata;
|
|
1186
263
|
if (typeof ctx.runMutation === "function") {
|
|
1187
264
|
try {
|
|
1188
|
-
await ctx.runMutation(
|
|
265
|
+
await ctx.runMutation(api.topics.update, topicUpdateArgs);
|
|
1189
266
|
} catch (error) {
|
|
1190
267
|
if (!isMissingLucernChildComponentError(error) || !ctx?.db || typeof ctx.db.patch !== "function") {
|
|
1191
268
|
throw error;
|
|
@@ -1199,7 +276,7 @@ async function patchTopicProjectOverlay(ctx, scopeId, value) {
|
|
|
1199
276
|
"Cannot patch topic without component adapter (ctx.runMutation unavailable)"
|
|
1200
277
|
);
|
|
1201
278
|
}
|
|
1202
|
-
return
|
|
279
|
+
return materializeTopicProjectOverlay(
|
|
1203
280
|
{
|
|
1204
281
|
...topic,
|
|
1205
282
|
...patch,
|
|
@@ -1232,10 +309,10 @@ async function patchProjectWithTolerance(ctx, projectId, value) {
|
|
|
1232
309
|
});
|
|
1233
310
|
}
|
|
1234
311
|
}
|
|
1235
|
-
function
|
|
312
|
+
function defaultResolvers() {
|
|
1236
313
|
return {
|
|
1237
314
|
async getProject(ctx, projectId) {
|
|
1238
|
-
return await
|
|
315
|
+
return await resolveTopicProjectOverlay(ctx, projectId, {
|
|
1239
316
|
idMode: "legacy",
|
|
1240
317
|
projectLikeOnly: false
|
|
1241
318
|
});
|
|
@@ -1244,7 +321,7 @@ function defaultResolvers2() {
|
|
|
1244
321
|
await patchProjectWithTolerance(ctx, projectId, value);
|
|
1245
322
|
},
|
|
1246
323
|
async listTopics(ctx) {
|
|
1247
|
-
return await
|
|
324
|
+
return await listTopicProjectOverlays(ctx, {
|
|
1248
325
|
idMode: "legacy"
|
|
1249
326
|
});
|
|
1250
327
|
},
|
|
@@ -1253,24 +330,24 @@ function defaultResolvers2() {
|
|
|
1253
330
|
}
|
|
1254
331
|
};
|
|
1255
332
|
}
|
|
1256
|
-
var
|
|
333
|
+
var resolverOverrides = {};
|
|
1257
334
|
function resolveGraphPrimitivesAppResolvers(_ctx) {
|
|
1258
335
|
return {
|
|
1259
|
-
...
|
|
1260
|
-
...
|
|
336
|
+
...defaultResolvers(),
|
|
337
|
+
...resolverOverrides
|
|
1261
338
|
};
|
|
1262
339
|
}
|
|
1263
|
-
var
|
|
340
|
+
var LEGACY_SCOPE_FIELD2 = "graphScopeProjectId";
|
|
1264
341
|
function asMappedProjectId(topic) {
|
|
1265
342
|
if (!topic) {
|
|
1266
343
|
return;
|
|
1267
344
|
}
|
|
1268
|
-
const directLegacyProjectId = normalizeScopeValue(topic[
|
|
345
|
+
const directLegacyProjectId = normalizeScopeValue(topic[LEGACY_SCOPE_FIELD2]);
|
|
1269
346
|
if (directLegacyProjectId) {
|
|
1270
347
|
return directLegacyProjectId;
|
|
1271
348
|
}
|
|
1272
349
|
const metadata = topic.metadata || {};
|
|
1273
|
-
const candidate = metadata[
|
|
350
|
+
const candidate = metadata[LEGACY_SCOPE_FIELD2] || metadata.legacyProjectId || metadata.projectId || metadata.scopeProjectId;
|
|
1274
351
|
return candidate ? candidate : void 0;
|
|
1275
352
|
}
|
|
1276
353
|
function normalizeScopeValue(value) {
|
|
@@ -1299,7 +376,7 @@ async function findTopicsByScopeAlias(ctx, scopeId) {
|
|
|
1299
376
|
try {
|
|
1300
377
|
return await ctx.db.query("topics").withIndex(
|
|
1301
378
|
"by_graph_scope_project",
|
|
1302
|
-
(q) => q.eq(
|
|
379
|
+
(q) => q.eq(LEGACY_SCOPE_FIELD2, scopeId)
|
|
1303
380
|
).collect();
|
|
1304
381
|
} catch {
|
|
1305
382
|
const topics = await ctx.db.query("topics").collect();
|
|
@@ -1315,7 +392,7 @@ async function tryResolveHostTopicById(ctx, topicId) {
|
|
|
1315
392
|
return null;
|
|
1316
393
|
}
|
|
1317
394
|
try {
|
|
1318
|
-
return await ctx.runQuery(
|
|
395
|
+
return await ctx.runQuery(api.topics.get, {
|
|
1319
396
|
id: topicId
|
|
1320
397
|
}) ?? null;
|
|
1321
398
|
} catch {
|
|
@@ -1327,7 +404,7 @@ async function tryResolveHostTopicByLegacyScope(ctx, legacyScopeId) {
|
|
|
1327
404
|
return null;
|
|
1328
405
|
}
|
|
1329
406
|
try {
|
|
1330
|
-
return await ctx.runQuery(
|
|
407
|
+
return await ctx.runQuery(api.topics.getByLegacyScopeId, {
|
|
1331
408
|
projectId: legacyScopeId
|
|
1332
409
|
}) ?? null;
|
|
1333
410
|
} catch {
|
|
@@ -1446,61 +523,6 @@ var optionalScopeArgs = {
|
|
|
1446
523
|
projectId: v.optional(v.string()),
|
|
1447
524
|
topicId: v.optional(v.string())
|
|
1448
525
|
};
|
|
1449
|
-
|
|
1450
|
-
// ../../packages/contracts/src/schema-helpers/spine/tables/epistemicNodes.ts
|
|
1451
|
-
var NODE_TYPES = [
|
|
1452
|
-
"decision",
|
|
1453
|
-
"belief",
|
|
1454
|
-
"question",
|
|
1455
|
-
"theme",
|
|
1456
|
-
"deal",
|
|
1457
|
-
"topic",
|
|
1458
|
-
"claim",
|
|
1459
|
-
"evidence",
|
|
1460
|
-
"synthesis",
|
|
1461
|
-
"answer",
|
|
1462
|
-
"atomic_fact",
|
|
1463
|
-
"excerpt",
|
|
1464
|
-
"source",
|
|
1465
|
-
"company",
|
|
1466
|
-
"person",
|
|
1467
|
-
"investor",
|
|
1468
|
-
"function",
|
|
1469
|
-
"value_chain"
|
|
1470
|
-
];
|
|
1471
|
-
function isNodeType(value) {
|
|
1472
|
-
return NODE_TYPES.includes(value);
|
|
1473
|
-
}
|
|
1474
|
-
function getLayerForNodeType(type) {
|
|
1475
|
-
switch (type) {
|
|
1476
|
-
case "decision":
|
|
1477
|
-
return "L4";
|
|
1478
|
-
case "belief":
|
|
1479
|
-
case "question":
|
|
1480
|
-
case "theme":
|
|
1481
|
-
case "deal":
|
|
1482
|
-
return "L3";
|
|
1483
|
-
case "claim":
|
|
1484
|
-
case "evidence":
|
|
1485
|
-
case "synthesis":
|
|
1486
|
-
case "answer":
|
|
1487
|
-
return "L2";
|
|
1488
|
-
case "atomic_fact":
|
|
1489
|
-
case "excerpt":
|
|
1490
|
-
case "source":
|
|
1491
|
-
return "L1";
|
|
1492
|
-
case "topic":
|
|
1493
|
-
return "organizational";
|
|
1494
|
-
case "company":
|
|
1495
|
-
case "person":
|
|
1496
|
-
case "investor":
|
|
1497
|
-
case "function":
|
|
1498
|
-
case "value_chain":
|
|
1499
|
-
return "ontological";
|
|
1500
|
-
}
|
|
1501
|
-
}
|
|
1502
|
-
|
|
1503
|
-
// src/workspaceIsolation.ts
|
|
1504
526
|
function normalizeScopeValue2(value) {
|
|
1505
527
|
if (typeof value !== "string") {
|
|
1506
528
|
return;
|
|
@@ -1767,6 +789,7 @@ var create = mutation({
|
|
|
1767
789
|
sourceUrl: v.optional(v.string()),
|
|
1768
790
|
sourceQuestionId: v.optional(v.string()),
|
|
1769
791
|
userId: v.string(),
|
|
792
|
+
rationale: v.string(),
|
|
1770
793
|
// Classification fields (from AI tools)
|
|
1771
794
|
methodology: v.optional(v.string()),
|
|
1772
795
|
informationAsymmetry: v.optional(v.string()),
|
|
@@ -1824,6 +847,7 @@ var create = mutation({
|
|
|
1824
847
|
externalSourceType: args.externalSourceType,
|
|
1825
848
|
sourceUrl: args.sourceUrl,
|
|
1826
849
|
sourceQuestionId: args.sourceQuestionId,
|
|
850
|
+
rationale: args.rationale,
|
|
1827
851
|
linkedBeliefNodeId: args.linkedBeliefNodeId,
|
|
1828
852
|
evidenceRelation: args.evidenceRelation,
|
|
1829
853
|
confidence: args.confidence,
|
|
@@ -1877,6 +901,7 @@ var create = mutation({
|
|
|
1877
901
|
changedBy: args.userId,
|
|
1878
902
|
isAgent: false,
|
|
1879
903
|
projectId: scope.projectId,
|
|
904
|
+
rationale: args.rationale,
|
|
1880
905
|
newState: {
|
|
1881
906
|
text: args.text.slice(0, 200),
|
|
1882
907
|
kind,
|
|
@@ -2283,6 +1308,7 @@ var internalCreate = internalMutation({
|
|
|
2283
1308
|
sourceUrl: v.optional(v.string()),
|
|
2284
1309
|
sourceQuestionId: v.optional(v.string()),
|
|
2285
1310
|
userId: v.string(),
|
|
1311
|
+
rationale: v.string(),
|
|
2286
1312
|
linkedBeliefNodeId: v.optional(v.id("epistemicNodes")),
|
|
2287
1313
|
evidenceRelation: v.optional(v.string()),
|
|
2288
1314
|
confidence: v.optional(v.number()),
|
|
@@ -2346,6 +1372,7 @@ var internalCreate = internalMutation({
|
|
|
2346
1372
|
externalSourceType: args.externalSourceType,
|
|
2347
1373
|
sourceUrl: args.sourceUrl,
|
|
2348
1374
|
sourceQuestionId: args.sourceQuestionId,
|
|
1375
|
+
rationale: args.rationale,
|
|
2349
1376
|
linkedBeliefNodeId: args.linkedBeliefNodeId,
|
|
2350
1377
|
evidenceRelation: args.evidenceRelation,
|
|
2351
1378
|
confidence: args.confidence,
|
|
@@ -2360,6 +1387,7 @@ var internalCreate = internalMutation({
|
|
|
2360
1387
|
changedBy: args.userId,
|
|
2361
1388
|
isAgent: false,
|
|
2362
1389
|
projectId: scope.projectId,
|
|
1390
|
+
rationale: args.rationale,
|
|
2363
1391
|
newState: {
|
|
2364
1392
|
text: args.text.slice(0, 200),
|
|
2365
1393
|
kind,
|