@lucern/graph-primitives 0.3.0-alpha.0 → 0.3.0-alpha.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/beliefDecay.js +37 -1104
- package/dist/beliefDecay.js.map +1 -1
- package/dist/beliefEvidenceLinks.js +53 -834
- package/dist/beliefEvidenceLinks.js.map +1 -1
- package/dist/confidencePropagationDispatch.d.ts +3 -3
- package/dist/confidencePropagationDispatch.js +30 -308
- package/dist/confidencePropagationDispatch.js.map +1 -1
- package/dist/contradictions.js +5 -797
- package/dist/contradictions.js.map +1 -1
- package/dist/edges/contradicts.js +1 -122
- package/dist/edges/contradicts.js.map +1 -1
- package/dist/edges/dependsOn.js +14 -172
- package/dist/edges/dependsOn.js.map +1 -1
- package/dist/edges/elaborates.js +1 -49
- package/dist/edges/elaborates.js.map +1 -1
- package/dist/edges/index.js +14 -277
- package/dist/edges/index.js.map +1 -1
- package/dist/edges/informs.js +1 -62
- package/dist/edges/informs.js.map +1 -1
- package/dist/edges/propagationTypes.d.ts +2 -2
- package/dist/edges/propagationTypes.js.map +1 -1
- package/dist/edges/refutes.js +1 -62
- package/dist/edges/refutes.js.map +1 -1
- package/dist/edges/supports.js +1 -122
- package/dist/edges/supports.js.map +1 -1
- package/dist/edges/utils.d.ts +6 -6
- package/dist/edges/utils.js +1 -130
- package/dist/edges/utils.js.map +1 -1
- package/dist/entityBridge.js +2 -17
- package/dist/entityBridge.js.map +1 -1
- package/dist/entityLifecycle.js +62 -848
- package/dist/entityLifecycle.js.map +1 -1
- package/dist/epistemicAnswers.js +6 -802
- package/dist/epistemicAnswers.js.map +1 -1
- package/dist/epistemicBeliefs.js +125 -1594
- package/dist/epistemicBeliefs.js.map +1 -1
- package/dist/epistemicContractHelpers.js +1 -318
- package/dist/epistemicContractHelpers.js.map +1 -1
- package/dist/epistemicContracts.js +129 -1874
- package/dist/epistemicContracts.js.map +1 -1
- package/dist/epistemicEdges.js +60 -863
- package/dist/epistemicEdges.js.map +1 -1
- package/dist/epistemicEvidence.js +69 -1041
- package/dist/epistemicEvidence.js.map +1 -1
- package/dist/epistemicLinking.js +2 -785
- package/dist/epistemicLinking.js.map +1 -1
- package/dist/epistemicNodes.js +9 -866
- package/dist/epistemicNodes.js.map +1 -1
- package/dist/epistemicQuestions.js +66 -1071
- package/dist/epistemicQuestions.js.map +1 -1
- package/dist/epistemicSources.js +23 -880
- package/dist/epistemicSources.js.map +1 -1
- package/dist/evaluators/index.js +129 -1874
- package/dist/evaluators/index.js.map +1 -1
- package/dist/index.js +182 -2744
- package/dist/index.js.map +1 -1
- package/dist/ontology-matching.js +1 -344
- package/dist/ontology-matching.js.map +1 -1
- package/dist/ontologyApproval.js +1 -13
- package/dist/ontologyApproval.js.map +1 -1
- package/dist/ontologyDefinitions.js +2 -17
- package/dist/ontologyDefinitions.js.map +1 -1
- package/dist/ontologyRegistry.js +2 -17
- package/dist/ontologyRegistry.js.map +1 -1
- package/dist/projectionReconciliation.js +2 -17
- package/dist/projectionReconciliation.js.map +1 -1
- package/dist/questionEvidenceLinks.js +60 -841
- package/dist/questionEvidenceLinks.js.map +1 -1
- package/dist/text-matching.js +1 -244
- package/dist/text-matching.js.map +1 -1
- package/dist/workflowBridge.d.ts +27 -0
- package/dist/workflowBridge.js +303 -0
- package/dist/workflowBridge.js.map +1 -0
- package/dist/workspaceIsolation.js +2 -52
- package/dist/workspaceIsolation.js.map +1 -1
- package/package.json +6 -5
|
@@ -1,934 +1,15 @@
|
|
|
1
1
|
import { v } from 'convex/values';
|
|
2
|
+
import { checkProjectAccess, checkScopeAccess } from '@lucern/access-control/access';
|
|
3
|
+
import { normalizeAudienceKey, canAudienceClassAccess, classFromAudienceKey } from '@lucern/access-control/audience';
|
|
4
|
+
import { listAudienceRegistryRows } from '@lucern/access-control/audienceRegistry';
|
|
5
|
+
import { getCurrentUserId } from '@lucern/access-control/auth';
|
|
6
|
+
import { permissiveReturn } from '@lucern/contracts/schema-helpers/validators';
|
|
2
7
|
import { componentsGeneric, mutationGeneric, anyApi, queryGeneric, internalQueryGeneric, internalMutationGeneric } from 'convex/server';
|
|
8
|
+
import { isNodeType, getLayerForNodeType } from '@lucern/contracts/schema-helpers/spine/tables/epistemicNodes';
|
|
3
9
|
|
|
4
10
|
// src/epistemicQuestions.ts
|
|
5
11
|
var api = anyApi;
|
|
6
12
|
componentsGeneric();
|
|
7
|
-
|
|
8
|
-
// ../access-control/src/topicProjectOverlay.ts
|
|
9
|
-
var LEGACY_SCOPE_FIELD = "graphScopeProjectId";
|
|
10
|
-
function readNonEmptyString(value) {
|
|
11
|
-
if (typeof value !== "string") {
|
|
12
|
-
return;
|
|
13
|
-
}
|
|
14
|
-
const normalized = value.trim();
|
|
15
|
-
return normalized.length > 0 ? normalized : void 0;
|
|
16
|
-
}
|
|
17
|
-
function readStringArray(value) {
|
|
18
|
-
if (!Array.isArray(value)) {
|
|
19
|
-
return [];
|
|
20
|
-
}
|
|
21
|
-
return value.map((entry) => readNonEmptyString(entry)).filter((entry) => Boolean(entry));
|
|
22
|
-
}
|
|
23
|
-
function readMetadata(topic) {
|
|
24
|
-
return topic.metadata && typeof topic.metadata === "object" ? topic.metadata : {};
|
|
25
|
-
}
|
|
26
|
-
function readLegacyProjectId(value) {
|
|
27
|
-
if (!value) {
|
|
28
|
-
return;
|
|
29
|
-
}
|
|
30
|
-
return readNonEmptyString(value[LEGACY_SCOPE_FIELD]);
|
|
31
|
-
}
|
|
32
|
-
function coerceVisibility(value) {
|
|
33
|
-
return value === "private" || value === "team" || value === "firm" || value === "external" || value === "public" ? value : void 0;
|
|
34
|
-
}
|
|
35
|
-
function coerceStatus(value) {
|
|
36
|
-
return value === "active" || value === "archived" || value === "watching" ? value : void 0;
|
|
37
|
-
}
|
|
38
|
-
function mapProjectType(topic, metadata) {
|
|
39
|
-
const explicit = readNonEmptyString(metadata.projectType);
|
|
40
|
-
if (explicit) {
|
|
41
|
-
return explicit;
|
|
42
|
-
}
|
|
43
|
-
if (topic.type === "theme") {
|
|
44
|
-
return "thematic";
|
|
45
|
-
}
|
|
46
|
-
return readNonEmptyString(topic.type) || "general";
|
|
47
|
-
}
|
|
48
|
-
function isProjectLikeTopic(topic) {
|
|
49
|
-
const metadata = readMetadata(topic);
|
|
50
|
-
return topic.type === "theme" || topic.type === "thematic" || topic.type === "deal" || topic.type === "monitoring" || readLegacyProjectId(topic) !== void 0 || readNonEmptyString(metadata.projectType) !== void 0;
|
|
51
|
-
}
|
|
52
|
-
async function resolveTopicDoc(ctx, scopeId) {
|
|
53
|
-
if (ctx?.db && typeof ctx.db.get === "function") {
|
|
54
|
-
try {
|
|
55
|
-
const directTopic = await ctx.db.get(scopeId);
|
|
56
|
-
if (directTopic) {
|
|
57
|
-
return directTopic;
|
|
58
|
-
}
|
|
59
|
-
} catch {
|
|
60
|
-
}
|
|
61
|
-
}
|
|
62
|
-
if (typeof ctx.runQuery !== "function") {
|
|
63
|
-
return null;
|
|
64
|
-
}
|
|
65
|
-
try {
|
|
66
|
-
const topic = await ctx.runQuery(api.topics.get, {
|
|
67
|
-
id: String(scopeId)
|
|
68
|
-
});
|
|
69
|
-
if (topic?.name !== void 0 && topic?.type !== void 0) {
|
|
70
|
-
return topic;
|
|
71
|
-
}
|
|
72
|
-
} catch {
|
|
73
|
-
}
|
|
74
|
-
try {
|
|
75
|
-
const topic = await ctx.runQuery(api.topics.getByLegacyScopeId, {
|
|
76
|
-
projectId: String(scopeId)
|
|
77
|
-
});
|
|
78
|
-
if (topic?.name !== void 0 && topic?.type !== void 0) {
|
|
79
|
-
return topic;
|
|
80
|
-
}
|
|
81
|
-
} catch {
|
|
82
|
-
}
|
|
83
|
-
return null;
|
|
84
|
-
}
|
|
85
|
-
function materializeTopicProjectOverlay(topic, idMode = "legacy") {
|
|
86
|
-
const metadata = readMetadata(topic);
|
|
87
|
-
const topicId = String(topic._id);
|
|
88
|
-
const legacyProjectId = readLegacyProjectId(topic) || readLegacyProjectId(metadata) || readNonEmptyString(metadata.legacyProjectId);
|
|
89
|
-
const storageProjectId = legacyProjectId || topicId;
|
|
90
|
-
const outwardId = idMode === "topic" ? topicId : storageProjectId;
|
|
91
|
-
const visibility = coerceVisibility(topic.visibility) || coerceVisibility(metadata.visibility) || "private";
|
|
92
|
-
const status = coerceStatus(topic.status) || coerceStatus(metadata.status) || "active";
|
|
93
|
-
const createdAt = typeof topic.createdAt === "number" ? topic.createdAt : typeof topic._creationTime === "number" ? topic._creationTime : 0;
|
|
94
|
-
const updatedAt = typeof topic.updatedAt === "number" ? topic.updatedAt : typeof metadata.updatedAt === "number" ? metadata.updatedAt : createdAt;
|
|
95
|
-
return {
|
|
96
|
-
...metadata,
|
|
97
|
-
_id: outwardId,
|
|
98
|
-
projectId: outwardId,
|
|
99
|
-
topicId,
|
|
100
|
-
storageProjectId,
|
|
101
|
-
legacyProjectId,
|
|
102
|
-
name: readNonEmptyString(topic.name) || "Untitled Theme",
|
|
103
|
-
type: mapProjectType(topic, metadata),
|
|
104
|
-
description: readNonEmptyString(topic.description),
|
|
105
|
-
ownerId: readNonEmptyString(metadata.ownerId) || readNonEmptyString(topic.createdBy) || "system",
|
|
106
|
-
sharedWith: readStringArray(metadata.sharedWith),
|
|
107
|
-
visibility,
|
|
108
|
-
tenantId: readNonEmptyString(topic.tenantId) || readNonEmptyString(metadata.tenantId),
|
|
109
|
-
workspaceId: readNonEmptyString(topic.workspaceId) || readNonEmptyString(metadata.workspaceId),
|
|
110
|
-
status,
|
|
111
|
-
tags: readStringArray(metadata.tags),
|
|
112
|
-
chatCount: typeof metadata.chatCount === "number" ? metadata.chatCount : 0,
|
|
113
|
-
artifactCount: typeof metadata.artifactCount === "number" ? metadata.artifactCount : 0,
|
|
114
|
-
lastActivityAt: typeof metadata.lastActivityAt === "number" ? metadata.lastActivityAt : updatedAt,
|
|
115
|
-
_creationTime: typeof topic._creationTime === "number" ? topic._creationTime : createdAt,
|
|
116
|
-
createdAt,
|
|
117
|
-
updatedAt
|
|
118
|
-
};
|
|
119
|
-
}
|
|
120
|
-
async function resolveTopicProjectOverlay(ctx, scopeId, options = {}) {
|
|
121
|
-
const topic = await resolveTopicDoc(ctx, scopeId);
|
|
122
|
-
if (!topic) {
|
|
123
|
-
return null;
|
|
124
|
-
}
|
|
125
|
-
if (options.projectLikeOnly !== false && !isProjectLikeTopic(topic)) {
|
|
126
|
-
return null;
|
|
127
|
-
}
|
|
128
|
-
return materializeTopicProjectOverlay(topic, options.idMode);
|
|
129
|
-
}
|
|
130
|
-
async function listTopicProjectOverlays(ctx, options = {}) {
|
|
131
|
-
let allTopics = [];
|
|
132
|
-
if (ctx?.db?.query && typeof ctx.db.query === "function") {
|
|
133
|
-
try {
|
|
134
|
-
allTopics = await ctx.db.query("topics").collect();
|
|
135
|
-
} catch {
|
|
136
|
-
allTopics = [];
|
|
137
|
-
}
|
|
138
|
-
}
|
|
139
|
-
if (allTopics.length === 0 && typeof ctx.runQuery === "function") {
|
|
140
|
-
allTopics = (await ctx.runQuery(api.topics.list, {}) ?? []) || [];
|
|
141
|
-
}
|
|
142
|
-
return allTopics.filter(
|
|
143
|
-
(topic) => options.projectLikeOnly === false || isProjectLikeTopic(topic)
|
|
144
|
-
).map((topic) => materializeTopicProjectOverlay(topic, options.idMode));
|
|
145
|
-
}
|
|
146
|
-
|
|
147
|
-
// ../access-control/src/projectGrantsBridge.ts
|
|
148
|
-
var PROJECT_GRANT_STATUSES = ["active", "revoked", "expired"];
|
|
149
|
-
function normalizeString(value) {
|
|
150
|
-
if (typeof value !== "string") {
|
|
151
|
-
return;
|
|
152
|
-
}
|
|
153
|
-
const trimmed = value.trim();
|
|
154
|
-
return trimmed.length > 0 ? trimmed : void 0;
|
|
155
|
-
}
|
|
156
|
-
async function resolveGrantScopeIds(ctx, args) {
|
|
157
|
-
const topicId = normalizeString(args.topicId);
|
|
158
|
-
const projectId = normalizeString(args.projectId);
|
|
159
|
-
for (const scopeId of [topicId, projectId]) {
|
|
160
|
-
if (!scopeId) {
|
|
161
|
-
continue;
|
|
162
|
-
}
|
|
163
|
-
try {
|
|
164
|
-
const overlay = await resolveTopicProjectOverlay(ctx, scopeId, {
|
|
165
|
-
idMode: "legacy",
|
|
166
|
-
projectLikeOnly: false
|
|
167
|
-
});
|
|
168
|
-
if (overlay) {
|
|
169
|
-
return {
|
|
170
|
-
topicId: normalizeString(overlay.topicId) ?? topicId,
|
|
171
|
-
projectId: normalizeString(overlay.projectId) ?? projectId ?? scopeId
|
|
172
|
-
};
|
|
173
|
-
}
|
|
174
|
-
} catch {
|
|
175
|
-
}
|
|
176
|
-
}
|
|
177
|
-
return { topicId, projectId };
|
|
178
|
-
}
|
|
179
|
-
async function normalizeProjectGrantRow(ctx, row) {
|
|
180
|
-
const scope = await resolveGrantScopeIds(ctx, {
|
|
181
|
-
topicId: row.topicId,
|
|
182
|
-
projectId: row.projectId
|
|
183
|
-
});
|
|
184
|
-
return {
|
|
185
|
-
...row,
|
|
186
|
-
...scope.topicId ? { topicId: scope.topicId } : {},
|
|
187
|
-
...scope.projectId ?? scope.topicId ? { projectId: scope.projectId ?? scope.topicId } : {}
|
|
188
|
-
};
|
|
189
|
-
}
|
|
190
|
-
async function normalizeProjectGrantRows(ctx, rows) {
|
|
191
|
-
return await Promise.all(rows.map((row) => normalizeProjectGrantRow(ctx, row)));
|
|
192
|
-
}
|
|
193
|
-
async function listProjectGrantsByPrincipal(ctx, principalId) {
|
|
194
|
-
const rows = await Promise.all(
|
|
195
|
-
PROJECT_GRANT_STATUSES.map(
|
|
196
|
-
(status) => ctx.db.query("projectGrants").withIndex(
|
|
197
|
-
"by_principal_status",
|
|
198
|
-
(q) => q.eq("principalId", principalId).eq("status", status)
|
|
199
|
-
).collect()
|
|
200
|
-
)
|
|
201
|
-
);
|
|
202
|
-
return await normalizeProjectGrantRows(ctx, rows.flat());
|
|
203
|
-
}
|
|
204
|
-
async function listProjectGrantsByGroup(ctx, groupId) {
|
|
205
|
-
const rows = await Promise.all(
|
|
206
|
-
PROJECT_GRANT_STATUSES.map(
|
|
207
|
-
(status) => ctx.db.query("projectGrants").withIndex(
|
|
208
|
-
"by_group_status",
|
|
209
|
-
(q) => q.eq("groupId", groupId).eq("status", status)
|
|
210
|
-
).collect()
|
|
211
|
-
)
|
|
212
|
-
);
|
|
213
|
-
return await normalizeProjectGrantRows(ctx, rows.flat());
|
|
214
|
-
}
|
|
215
|
-
function buildScopeMatchers(inputScopeId, resolved) {
|
|
216
|
-
return new Set(
|
|
217
|
-
[inputScopeId, resolved.topicId, resolved.projectId].map((value) => normalizeString(value)).filter((value) => Boolean(value))
|
|
218
|
-
);
|
|
219
|
-
}
|
|
220
|
-
function matchesResolvedScope(row, scopeIds) {
|
|
221
|
-
const rowTopicId = normalizeString(row.topicId);
|
|
222
|
-
const rowProjectId = normalizeString(row.projectId);
|
|
223
|
-
return rowTopicId !== void 0 && scopeIds.has(rowTopicId) || rowProjectId !== void 0 && scopeIds.has(rowProjectId);
|
|
224
|
-
}
|
|
225
|
-
async function bridgeListProjectGrantsByTopicAndPrincipal(ctx, topicId, principalId) {
|
|
226
|
-
const resolved = await resolveGrantScopeIds(ctx, { topicId });
|
|
227
|
-
const scopeIds = buildScopeMatchers(topicId, resolved);
|
|
228
|
-
const rows = await listProjectGrantsByPrincipal(ctx, principalId);
|
|
229
|
-
return rows.filter((row) => matchesResolvedScope(row, scopeIds));
|
|
230
|
-
}
|
|
231
|
-
async function bridgeListProjectGrantsByTopicAndGroup(ctx, topicId, groupId) {
|
|
232
|
-
const resolved = await resolveGrantScopeIds(ctx, { topicId });
|
|
233
|
-
const scopeIds = buildScopeMatchers(topicId, resolved);
|
|
234
|
-
const rows = await listProjectGrantsByGroup(ctx, groupId);
|
|
235
|
-
return rows.filter((row) => matchesResolvedScope(row, scopeIds));
|
|
236
|
-
}
|
|
237
|
-
async function bridgeListProjectGrantsByPrincipalStatus(ctx, principalId, status) {
|
|
238
|
-
const rows = await listProjectGrantsByPrincipal(ctx, principalId);
|
|
239
|
-
return rows.filter((row) => row.status === status);
|
|
240
|
-
}
|
|
241
|
-
async function bridgeListProjectGrantsByGroupStatus(ctx, groupId, status) {
|
|
242
|
-
const rows = await listProjectGrantsByGroup(ctx, groupId);
|
|
243
|
-
return rows.filter((row) => row.status === status);
|
|
244
|
-
}
|
|
245
|
-
async function bridgeInsertProjectGrant(ctx, value) {
|
|
246
|
-
const resolved = await resolveGrantScopeIds(ctx, value);
|
|
247
|
-
return await ctx.db.insert("projectGrants", {
|
|
248
|
-
...value,
|
|
249
|
-
...resolved.topicId ? { topicId: resolved.topicId } : {},
|
|
250
|
-
...resolved.projectId ?? resolved.topicId ? { projectId: resolved.projectId ?? resolved.topicId } : {}
|
|
251
|
-
});
|
|
252
|
-
}
|
|
253
|
-
|
|
254
|
-
// ../access-control/src/resolvers.ts
|
|
255
|
-
async function findUserByClerkId(ctx, clerkId) {
|
|
256
|
-
const normalizedClerkId = clerkId.trim();
|
|
257
|
-
if (!normalizedClerkId) {
|
|
258
|
-
return null;
|
|
259
|
-
}
|
|
260
|
-
if (typeof ctx.runQuery === "function") {
|
|
261
|
-
try {
|
|
262
|
-
const bridgedUser = await ctx.runQuery(api.users.getUserByClerkId, {
|
|
263
|
-
clerkId: normalizedClerkId
|
|
264
|
-
});
|
|
265
|
-
if (bridgedUser) {
|
|
266
|
-
return bridgedUser;
|
|
267
|
-
}
|
|
268
|
-
} catch {
|
|
269
|
-
}
|
|
270
|
-
}
|
|
271
|
-
try {
|
|
272
|
-
const users = await ctx.db.query("users").collect();
|
|
273
|
-
return users.find((user) => String(user.clerkId ?? "") === normalizedClerkId) ?? null;
|
|
274
|
-
} catch {
|
|
275
|
-
return null;
|
|
276
|
-
}
|
|
277
|
-
}
|
|
278
|
-
async function findUserByPrincipalId(ctx, principalId) {
|
|
279
|
-
const normalizedPrincipalId = principalId.trim();
|
|
280
|
-
if (!normalizedPrincipalId) {
|
|
281
|
-
return null;
|
|
282
|
-
}
|
|
283
|
-
try {
|
|
284
|
-
const users = await ctx.db.query("users").collect();
|
|
285
|
-
return users.find(
|
|
286
|
-
(user) => String(user.defaultPrincipalId ?? "") === normalizedPrincipalId
|
|
287
|
-
) ?? null;
|
|
288
|
-
} catch {
|
|
289
|
-
return null;
|
|
290
|
-
}
|
|
291
|
-
}
|
|
292
|
-
async function findAgentByPrincipalId(ctx, principalId) {
|
|
293
|
-
const normalizedPrincipalId = principalId.trim();
|
|
294
|
-
if (!normalizedPrincipalId) {
|
|
295
|
-
return null;
|
|
296
|
-
}
|
|
297
|
-
if (typeof ctx.runQuery === "function") {
|
|
298
|
-
try {
|
|
299
|
-
const bridgedAgent = await ctx.runQuery(
|
|
300
|
-
api.agents.getAgentByPrincipalId,
|
|
301
|
-
{
|
|
302
|
-
principalId: normalizedPrincipalId
|
|
303
|
-
}
|
|
304
|
-
);
|
|
305
|
-
if (bridgedAgent) {
|
|
306
|
-
return bridgedAgent;
|
|
307
|
-
}
|
|
308
|
-
} catch {
|
|
309
|
-
}
|
|
310
|
-
}
|
|
311
|
-
try {
|
|
312
|
-
const agents = await ctx.db.query("agents").collect();
|
|
313
|
-
return agents.find(
|
|
314
|
-
(agent) => String(agent.principalId ?? "") === normalizedPrincipalId
|
|
315
|
-
) ?? null;
|
|
316
|
-
} catch {
|
|
317
|
-
return null;
|
|
318
|
-
}
|
|
319
|
-
}
|
|
320
|
-
function defaultResolvers() {
|
|
321
|
-
return {
|
|
322
|
-
async getProject(ctx, topicId) {
|
|
323
|
-
return await resolveTopicProjectOverlay(ctx, topicId, {
|
|
324
|
-
idMode: "legacy",
|
|
325
|
-
projectLikeOnly: false
|
|
326
|
-
});
|
|
327
|
-
},
|
|
328
|
-
async listTopics(ctx) {
|
|
329
|
-
return await listTopicProjectOverlays(ctx, { idMode: "legacy" });
|
|
330
|
-
},
|
|
331
|
-
async listTopicsByOwner(ctx, ownerId) {
|
|
332
|
-
const topics = await listTopicProjectOverlays(ctx, { idMode: "legacy" });
|
|
333
|
-
return topics.filter((topic) => topic.ownerId === ownerId);
|
|
334
|
-
},
|
|
335
|
-
async listTopicsByVisibility(ctx, visibility) {
|
|
336
|
-
const topics = await listTopicProjectOverlays(ctx, { idMode: "legacy" });
|
|
337
|
-
return topics.filter((topic) => topic.visibility === visibility);
|
|
338
|
-
},
|
|
339
|
-
async listProjectGrantsByProjectAndPrincipal(ctx, topicId, principalId) {
|
|
340
|
-
return await bridgeListProjectGrantsByTopicAndPrincipal(
|
|
341
|
-
ctx,
|
|
342
|
-
topicId,
|
|
343
|
-
principalId
|
|
344
|
-
);
|
|
345
|
-
},
|
|
346
|
-
async listProjectGrantsByProjectAndGroup(ctx, topicId, groupId) {
|
|
347
|
-
return await bridgeListProjectGrantsByTopicAndGroup(ctx, topicId, groupId);
|
|
348
|
-
},
|
|
349
|
-
async listProjectGrantsByPrincipalStatus(ctx, principalId, status) {
|
|
350
|
-
return await bridgeListProjectGrantsByPrincipalStatus(
|
|
351
|
-
ctx,
|
|
352
|
-
principalId,
|
|
353
|
-
status
|
|
354
|
-
);
|
|
355
|
-
},
|
|
356
|
-
async listProjectGrantsByGroupStatus(ctx, groupId, status) {
|
|
357
|
-
return await bridgeListProjectGrantsByGroupStatus(ctx, groupId, status);
|
|
358
|
-
},
|
|
359
|
-
async insertProjectGrant(ctx, value) {
|
|
360
|
-
return await bridgeInsertProjectGrant(ctx, value);
|
|
361
|
-
},
|
|
362
|
-
async getAgentByPrincipalId(ctx, principalId) {
|
|
363
|
-
return await findAgentByPrincipalId(ctx, principalId);
|
|
364
|
-
},
|
|
365
|
-
async getUserByClerkId(ctx, clerkId) {
|
|
366
|
-
return await findUserByClerkId(ctx, clerkId);
|
|
367
|
-
},
|
|
368
|
-
async getUserByPrincipalId(ctx, principalId) {
|
|
369
|
-
return await findUserByPrincipalId(ctx, principalId);
|
|
370
|
-
}
|
|
371
|
-
};
|
|
372
|
-
}
|
|
373
|
-
var resolverOverrides = {};
|
|
374
|
-
function resolveAccessControlAppResolvers(_ctx) {
|
|
375
|
-
return {
|
|
376
|
-
...defaultResolvers(),
|
|
377
|
-
...resolverOverrides
|
|
378
|
-
};
|
|
379
|
-
}
|
|
380
|
-
|
|
381
|
-
// ../access-control/src/principalContext.ts
|
|
382
|
-
function requireCanonicalResolvedUser(user, clerkId) {
|
|
383
|
-
const resolved = user;
|
|
384
|
-
if (!resolved) {
|
|
385
|
-
throw new Error(
|
|
386
|
-
`[AccessControl] Canonical user identity required for ${clerkId}. Sync users.upsertUser before user-bound access checks.`
|
|
387
|
-
);
|
|
388
|
-
}
|
|
389
|
-
const { mcRole, defaultTenantId, defaultWorkspaceId, defaultPrincipalId } = resolved;
|
|
390
|
-
if (mcRole !== "platform_admin" && mcRole !== "tenant_admin" && mcRole !== "workspace_admin" && mcRole !== "editor" && mcRole !== "viewer" && mcRole !== "auditor" && mcRole !== "service_agent") {
|
|
391
|
-
throw new Error(
|
|
392
|
-
`[AccessControl] Canonical MC role required for ${clerkId}. Re-sync Master Control identity before user-bound access checks.`
|
|
393
|
-
);
|
|
394
|
-
}
|
|
395
|
-
if (typeof defaultTenantId !== "string" || defaultTenantId.trim().length === 0) {
|
|
396
|
-
throw new Error(
|
|
397
|
-
`[AccessControl] Canonical home tenant required for ${clerkId}. Re-sync Master Control identity before user-bound access checks.`
|
|
398
|
-
);
|
|
399
|
-
}
|
|
400
|
-
if (typeof defaultWorkspaceId !== "string" || defaultWorkspaceId.trim().length === 0) {
|
|
401
|
-
throw new Error(
|
|
402
|
-
`[AccessControl] Canonical home workspace required for ${clerkId}. Re-sync Master Control identity before user-bound access checks.`
|
|
403
|
-
);
|
|
404
|
-
}
|
|
405
|
-
if (typeof defaultPrincipalId !== "string" || defaultPrincipalId.trim().length === 0) {
|
|
406
|
-
throw new Error(
|
|
407
|
-
`[AccessControl] Canonical federated principal required for ${clerkId}. Re-sync Master Control identity before user-bound access checks.`
|
|
408
|
-
);
|
|
409
|
-
}
|
|
410
|
-
return {
|
|
411
|
-
mcRole,
|
|
412
|
-
defaultTenantId: defaultTenantId.trim(),
|
|
413
|
-
defaultWorkspaceId: defaultWorkspaceId.trim(),
|
|
414
|
-
defaultPrincipalId: defaultPrincipalId.trim()
|
|
415
|
-
};
|
|
416
|
-
}
|
|
417
|
-
function isPrincipalIdInput(value) {
|
|
418
|
-
return value.startsWith("user:") || value.startsWith("group:") || value.startsWith("service:") || value.startsWith("agent:") || value.startsWith("external_viewer:");
|
|
419
|
-
}
|
|
420
|
-
async function resolveCanonicalUserRecord(ctx, actorId) {
|
|
421
|
-
const normalizedActorId = actorId.trim();
|
|
422
|
-
const clerkId = isPrincipalIdInput(normalizedActorId) && normalizedActorId.startsWith("user:") ? normalizedActorId.slice("user:".length) : normalizedActorId;
|
|
423
|
-
const resolvers = resolveAccessControlAppResolvers();
|
|
424
|
-
const resolvedByClerkId = await resolvers.getUserByClerkId(ctx, clerkId);
|
|
425
|
-
if (resolvedByClerkId) {
|
|
426
|
-
return {
|
|
427
|
-
resolvedUser: resolvedByClerkId,
|
|
428
|
-
clerkId,
|
|
429
|
-
contextClerkId: clerkId
|
|
430
|
-
};
|
|
431
|
-
}
|
|
432
|
-
const resolvedByPrincipalId = await resolvers.getUserByPrincipalId(
|
|
433
|
-
ctx,
|
|
434
|
-
normalizedActorId
|
|
435
|
-
);
|
|
436
|
-
return {
|
|
437
|
-
resolvedUser: resolvedByPrincipalId ?? null,
|
|
438
|
-
clerkId,
|
|
439
|
-
contextClerkId: normalizedActorId.startsWith("user:") && clerkId.length > 0 ? clerkId : normalizedActorId
|
|
440
|
-
};
|
|
441
|
-
}
|
|
442
|
-
function uniqRoles(roles) {
|
|
443
|
-
const roleSet = /* @__PURE__ */ new Set();
|
|
444
|
-
for (const role of roles) {
|
|
445
|
-
if (role === "platform_admin" || role === "tenant_admin" || role === "workspace_admin" || role === "editor" || role === "viewer" || role === "auditor" || role === "service_agent") {
|
|
446
|
-
roleSet.add(role);
|
|
447
|
-
}
|
|
448
|
-
}
|
|
449
|
-
return [...roleSet];
|
|
450
|
-
}
|
|
451
|
-
function normalizeGroupIds(value) {
|
|
452
|
-
if (!Array.isArray(value)) {
|
|
453
|
-
return [];
|
|
454
|
-
}
|
|
455
|
-
return [...new Set(
|
|
456
|
-
value.filter((entry) => typeof entry === "string").map((entry) => entry.trim()).filter(Boolean)
|
|
457
|
-
)];
|
|
458
|
-
}
|
|
459
|
-
function requireServiceAgentUser(user, actorId) {
|
|
460
|
-
const canonicalUser = requireCanonicalResolvedUser(user, actorId);
|
|
461
|
-
if (canonicalUser.mcRole !== "service_agent") {
|
|
462
|
-
throw new Error(
|
|
463
|
-
`[AccessControl] Canonical service_agent identity required for ${actorId}. Sync users.upsertUser before agent-bound access checks.`
|
|
464
|
-
);
|
|
465
|
-
}
|
|
466
|
-
return canonicalUser;
|
|
467
|
-
}
|
|
468
|
-
function requireCanonicalResolvedAgent(agent, actorId) {
|
|
469
|
-
const resolved = agent;
|
|
470
|
-
if (!resolved) {
|
|
471
|
-
throw new Error(
|
|
472
|
-
`[AccessControl] Agent "${actorId}" not found in agents or users table.`
|
|
473
|
-
);
|
|
474
|
-
}
|
|
475
|
-
if (typeof resolved.principalId !== "string" || resolved.principalId.trim().length === 0) {
|
|
476
|
-
throw new Error(
|
|
477
|
-
`[AccessControl] Canonical agent principalId required for ${actorId}.`
|
|
478
|
-
);
|
|
479
|
-
}
|
|
480
|
-
if (typeof resolved.tenantId !== "string" || resolved.tenantId.trim().length === 0) {
|
|
481
|
-
throw new Error(
|
|
482
|
-
`[AccessControl] Canonical home tenant required for ${actorId}.`
|
|
483
|
-
);
|
|
484
|
-
}
|
|
485
|
-
if (typeof resolved.workspaceId !== "string" || resolved.workspaceId.trim().length === 0) {
|
|
486
|
-
throw new Error(
|
|
487
|
-
`[AccessControl] Canonical home workspace required for ${actorId}.`
|
|
488
|
-
);
|
|
489
|
-
}
|
|
490
|
-
return {
|
|
491
|
-
principalId: resolved.principalId.trim(),
|
|
492
|
-
tenantId: resolved.tenantId.trim(),
|
|
493
|
-
workspaceId: resolved.workspaceId.trim(),
|
|
494
|
-
roles: uniqRoles(Array.isArray(resolved.roles) ? resolved.roles : []) ?? ["service_agent"],
|
|
495
|
-
groupIds: normalizeGroupIds(resolved.groupIds)
|
|
496
|
-
};
|
|
497
|
-
}
|
|
498
|
-
async function resolvePrincipalContext(ctx, actorId) {
|
|
499
|
-
if (actorId.startsWith("agent:")) {
|
|
500
|
-
const resolvers = resolveAccessControlAppResolvers();
|
|
501
|
-
const resolvedAgent = await resolvers.getAgentByPrincipalId(ctx, actorId);
|
|
502
|
-
if (resolvedAgent) {
|
|
503
|
-
const agent = requireCanonicalResolvedAgent(
|
|
504
|
-
resolvedAgent,
|
|
505
|
-
actorId
|
|
506
|
-
);
|
|
507
|
-
return {
|
|
508
|
-
principalId: agent.principalId,
|
|
509
|
-
principalType: "service",
|
|
510
|
-
clerkId: actorId,
|
|
511
|
-
tenantId: agent.tenantId,
|
|
512
|
-
workspaceId: agent.workspaceId,
|
|
513
|
-
roles: agent.roles.length > 0 ? agent.roles : ["service_agent"],
|
|
514
|
-
groupIds: agent.groupIds,
|
|
515
|
-
isPlatformAdmin: false,
|
|
516
|
-
isTenantAdmin: false,
|
|
517
|
-
isWorkspaceAdmin: false,
|
|
518
|
-
isSystemFallback: false
|
|
519
|
-
};
|
|
520
|
-
}
|
|
521
|
-
const resolvedUser2 = await resolvers.getUserByClerkId(
|
|
522
|
-
ctx,
|
|
523
|
-
actorId
|
|
524
|
-
);
|
|
525
|
-
if (!resolvedUser2) {
|
|
526
|
-
throw new Error(
|
|
527
|
-
`[AccessControl] Agent "${actorId}" not found in agents or users table.`
|
|
528
|
-
);
|
|
529
|
-
}
|
|
530
|
-
const user2 = requireServiceAgentUser(
|
|
531
|
-
resolvedUser2,
|
|
532
|
-
actorId
|
|
533
|
-
);
|
|
534
|
-
console.warn(
|
|
535
|
-
`[AccessControl] Deprecated legacy service-agent fallback for ${actorId}; migrate this principal into identity.agents.`
|
|
536
|
-
);
|
|
537
|
-
return {
|
|
538
|
-
principalId: user2.defaultPrincipalId,
|
|
539
|
-
principalType: "service",
|
|
540
|
-
clerkId: actorId,
|
|
541
|
-
tenantId: user2.defaultTenantId,
|
|
542
|
-
workspaceId: user2.defaultWorkspaceId,
|
|
543
|
-
roles: ["service_agent"],
|
|
544
|
-
groupIds: normalizeGroupIds(resolvedUser2?.principalGroupIds),
|
|
545
|
-
isPlatformAdmin: false,
|
|
546
|
-
isTenantAdmin: false,
|
|
547
|
-
isWorkspaceAdmin: false,
|
|
548
|
-
isSystemFallback: false
|
|
549
|
-
};
|
|
550
|
-
}
|
|
551
|
-
const {
|
|
552
|
-
resolvedUser,
|
|
553
|
-
contextClerkId
|
|
554
|
-
} = await resolveCanonicalUserRecord(ctx, actorId);
|
|
555
|
-
const user = requireCanonicalResolvedUser(
|
|
556
|
-
resolvedUser,
|
|
557
|
-
contextClerkId
|
|
558
|
-
);
|
|
559
|
-
if (!user.defaultPrincipalId) {
|
|
560
|
-
throw new Error(
|
|
561
|
-
`[AccessControl] Canonical federated principal required for ${contextClerkId}. Re-sync Master Control identity before user-bound access checks.`
|
|
562
|
-
);
|
|
563
|
-
}
|
|
564
|
-
if (user.mcRole === "service_agent") {
|
|
565
|
-
return {
|
|
566
|
-
principalId: user.defaultPrincipalId,
|
|
567
|
-
principalType: "service",
|
|
568
|
-
clerkId: contextClerkId,
|
|
569
|
-
tenantId: user.defaultTenantId,
|
|
570
|
-
workspaceId: user.defaultWorkspaceId,
|
|
571
|
-
roles: ["service_agent"],
|
|
572
|
-
groupIds: normalizeGroupIds(resolvedUser?.principalGroupIds),
|
|
573
|
-
isPlatformAdmin: false,
|
|
574
|
-
isTenantAdmin: false,
|
|
575
|
-
isWorkspaceAdmin: false,
|
|
576
|
-
isSystemFallback: false
|
|
577
|
-
};
|
|
578
|
-
}
|
|
579
|
-
const principalId = user.defaultPrincipalId;
|
|
580
|
-
const effectiveRole = user.mcRole;
|
|
581
|
-
const roles = effectiveRole === "platform_admin" ? ["platform_admin", "tenant_admin"] : effectiveRole === "tenant_admin" ? ["tenant_admin"] : [effectiveRole];
|
|
582
|
-
const tenantId = user.defaultTenantId;
|
|
583
|
-
const workspaceId = user.defaultWorkspaceId;
|
|
584
|
-
const isPlatformAdmin = effectiveRole === "platform_admin";
|
|
585
|
-
return {
|
|
586
|
-
principalId,
|
|
587
|
-
principalType: "user",
|
|
588
|
-
clerkId: contextClerkId,
|
|
589
|
-
tenantId,
|
|
590
|
-
workspaceId,
|
|
591
|
-
roles: uniqRoles(roles),
|
|
592
|
-
groupIds: normalizeGroupIds(resolvedUser?.principalGroupIds),
|
|
593
|
-
isPlatformAdmin,
|
|
594
|
-
isTenantAdmin: isPlatformAdmin || effectiveRole === "tenant_admin",
|
|
595
|
-
isWorkspaceAdmin: isPlatformAdmin || effectiveRole === "tenant_admin" || effectiveRole === "workspace_admin",
|
|
596
|
-
isSystemFallback: false
|
|
597
|
-
};
|
|
598
|
-
}
|
|
599
|
-
|
|
600
|
-
// ../access-control/src/access.ts
|
|
601
|
-
function isTopicInPrincipalTenant(topic, principalTenantId) {
|
|
602
|
-
if (!topic.tenantId) {
|
|
603
|
-
return false;
|
|
604
|
-
}
|
|
605
|
-
if (!principalTenantId) {
|
|
606
|
-
return false;
|
|
607
|
-
}
|
|
608
|
-
return String(topic.tenantId) === String(principalTenantId);
|
|
609
|
-
}
|
|
610
|
-
function isTopicInPrincipalWorkspace(topic, principalWorkspaceId) {
|
|
611
|
-
if (!topic.workspaceId) {
|
|
612
|
-
return false;
|
|
613
|
-
}
|
|
614
|
-
if (!principalWorkspaceId) {
|
|
615
|
-
return false;
|
|
616
|
-
}
|
|
617
|
-
return String(topic.workspaceId) === String(principalWorkspaceId);
|
|
618
|
-
}
|
|
619
|
-
function isLegacyUnscopedTopic(topic) {
|
|
620
|
-
return !topic.tenantId || !topic.workspaceId;
|
|
621
|
-
}
|
|
622
|
-
function isGrantScopeAlignedToTopic(topic, grant) {
|
|
623
|
-
if (topic.tenantId && grant.tenantId && String(topic.tenantId) !== String(grant.tenantId)) {
|
|
624
|
-
return false;
|
|
625
|
-
}
|
|
626
|
-
if (topic.workspaceId && grant.workspaceId && String(topic.workspaceId) !== String(grant.workspaceId)) {
|
|
627
|
-
return false;
|
|
628
|
-
}
|
|
629
|
-
return true;
|
|
630
|
-
}
|
|
631
|
-
function isGrantSourceAllowedForVisibility(visibility, source) {
|
|
632
|
-
if (source !== "external_share") {
|
|
633
|
-
return true;
|
|
634
|
-
}
|
|
635
|
-
return visibility === "external" || visibility === "public";
|
|
636
|
-
}
|
|
637
|
-
function isGrantActive(grant) {
|
|
638
|
-
if (grant.status !== "active") {
|
|
639
|
-
return false;
|
|
640
|
-
}
|
|
641
|
-
if (grant.expiresAt !== void 0 && grant.expiresAt <= Date.now()) {
|
|
642
|
-
return false;
|
|
643
|
-
}
|
|
644
|
-
return true;
|
|
645
|
-
}
|
|
646
|
-
async function hasPrincipalGrant(ctx, args) {
|
|
647
|
-
const grants = await resolveAccessControlAppResolvers().listProjectGrantsByProjectAndPrincipal(
|
|
648
|
-
ctx,
|
|
649
|
-
args.topic._id,
|
|
650
|
-
args.principalId
|
|
651
|
-
);
|
|
652
|
-
if (grants.some(
|
|
653
|
-
(grant) => isGrantActive(grant) && isGrantScopeAlignedToTopic(args.topic, grant) && isGrantSourceAllowedForVisibility(
|
|
654
|
-
args.topic.visibility,
|
|
655
|
-
grant.source
|
|
656
|
-
) && (!args.principalIsExternal || args.topic.visibility === "public" || grant.source === "external_share")
|
|
657
|
-
)) {
|
|
658
|
-
return true;
|
|
659
|
-
}
|
|
660
|
-
return false;
|
|
661
|
-
}
|
|
662
|
-
async function hasGroupGrant(ctx, args) {
|
|
663
|
-
if (args.groupIds.length === 0) {
|
|
664
|
-
return false;
|
|
665
|
-
}
|
|
666
|
-
for (const groupId of args.groupIds) {
|
|
667
|
-
const grants = await resolveAccessControlAppResolvers().listProjectGrantsByProjectAndGroup(ctx, args.topic._id, groupId);
|
|
668
|
-
if (grants.some(
|
|
669
|
-
(grant) => isGrantActive(grant) && isGrantScopeAlignedToTopic(args.topic, grant) && isGrantSourceAllowedForVisibility(
|
|
670
|
-
args.topic.visibility,
|
|
671
|
-
grant.source
|
|
672
|
-
)
|
|
673
|
-
)) {
|
|
674
|
-
return true;
|
|
675
|
-
}
|
|
676
|
-
}
|
|
677
|
-
return false;
|
|
678
|
-
}
|
|
679
|
-
function isExternalPrincipal(_ctx, _args) {
|
|
680
|
-
return false;
|
|
681
|
-
}
|
|
682
|
-
async function evaluateTopicAccessDetailed(ctx, args) {
|
|
683
|
-
if (args.legacyUserId) {
|
|
684
|
-
return {
|
|
685
|
-
hasAccess: true,
|
|
686
|
-
isAdmin: false,
|
|
687
|
-
isOwner: false,
|
|
688
|
-
isShared: false,
|
|
689
|
-
hasGrant: true,
|
|
690
|
-
isFirmVisible: true,
|
|
691
|
-
isExternalVisible: false,
|
|
692
|
-
isPublicVisible: false,
|
|
693
|
-
isTenantScopeMatch: true,
|
|
694
|
-
isWorkspaceScopeMatch: true,
|
|
695
|
-
isPrincipalExternal: false
|
|
696
|
-
};
|
|
697
|
-
}
|
|
698
|
-
const topic = await resolveAccessControlAppResolvers().getProject(
|
|
699
|
-
ctx,
|
|
700
|
-
args.topicId
|
|
701
|
-
);
|
|
702
|
-
if (!topic) {
|
|
703
|
-
return {
|
|
704
|
-
hasAccess: false,
|
|
705
|
-
isAdmin: false,
|
|
706
|
-
isOwner: false,
|
|
707
|
-
isShared: false,
|
|
708
|
-
hasGrant: false,
|
|
709
|
-
isFirmVisible: false,
|
|
710
|
-
isExternalVisible: false,
|
|
711
|
-
isPublicVisible: false,
|
|
712
|
-
isTenantScopeMatch: false,
|
|
713
|
-
isWorkspaceScopeMatch: false,
|
|
714
|
-
isPrincipalExternal: false
|
|
715
|
-
};
|
|
716
|
-
}
|
|
717
|
-
const { principalContext, legacyUserId } = args;
|
|
718
|
-
const userIsAdmin = principalContext.isPlatformAdmin;
|
|
719
|
-
const isOwner = topic.ownerId === legacyUserId;
|
|
720
|
-
const isShared = (topic.sharedWith ?? []).includes(legacyUserId);
|
|
721
|
-
const principalIsExternal = await isExternalPrincipal(ctx, {
|
|
722
|
-
groupIds: principalContext.groupIds,
|
|
723
|
-
topicTenantId: topic.tenantId,
|
|
724
|
-
topicWorkspaceId: topic.workspaceId
|
|
725
|
-
});
|
|
726
|
-
const hasPrincipalGrantResult = await hasPrincipalGrant(ctx, {
|
|
727
|
-
topic,
|
|
728
|
-
principalId: principalContext.principalId,
|
|
729
|
-
principalIsExternal
|
|
730
|
-
});
|
|
731
|
-
const hasGroupGrantResult = await hasGroupGrant(ctx, {
|
|
732
|
-
topic,
|
|
733
|
-
groupIds: principalContext.groupIds
|
|
734
|
-
});
|
|
735
|
-
const hasGrant = isShared || hasPrincipalGrantResult || hasGroupGrantResult;
|
|
736
|
-
const legacyUnscoped = isLegacyUnscopedTopic(topic);
|
|
737
|
-
const tenantScopeMatch = isTopicInPrincipalTenant(
|
|
738
|
-
topic,
|
|
739
|
-
principalContext.tenantId
|
|
740
|
-
);
|
|
741
|
-
const workspaceScopeMatch = isTopicInPrincipalWorkspace(
|
|
742
|
-
topic,
|
|
743
|
-
principalContext.workspaceId
|
|
744
|
-
);
|
|
745
|
-
const isPublicVisible = topic.visibility === "public";
|
|
746
|
-
const isFirmVisible = topic.visibility === "firm" && !legacyUnscoped && tenantScopeMatch && workspaceScopeMatch && !principalIsExternal;
|
|
747
|
-
const hasScopedGrant = hasGrant && (legacyUnscoped || tenantScopeMatch && workspaceScopeMatch);
|
|
748
|
-
const isExternalVisible = topic.visibility === "external" && hasScopedGrant;
|
|
749
|
-
const hasAccess = userIsAdmin || isOwner || hasScopedGrant || isPublicVisible || isFirmVisible;
|
|
750
|
-
return {
|
|
751
|
-
hasAccess,
|
|
752
|
-
isAdmin: userIsAdmin,
|
|
753
|
-
isOwner,
|
|
754
|
-
isShared,
|
|
755
|
-
hasGrant,
|
|
756
|
-
isFirmVisible,
|
|
757
|
-
isExternalVisible,
|
|
758
|
-
isPublicVisible,
|
|
759
|
-
isTenantScopeMatch: tenantScopeMatch,
|
|
760
|
-
isWorkspaceScopeMatch: workspaceScopeMatch,
|
|
761
|
-
isPrincipalExternal: principalIsExternal
|
|
762
|
-
};
|
|
763
|
-
}
|
|
764
|
-
async function checkTopicAccessDetailed(ctx, topicId, userId) {
|
|
765
|
-
const principalContext = await resolvePrincipalContext(ctx, userId);
|
|
766
|
-
return evaluateTopicAccessDetailed(ctx, {
|
|
767
|
-
topicId,
|
|
768
|
-
legacyUserId: userId,
|
|
769
|
-
principalContext
|
|
770
|
-
});
|
|
771
|
-
}
|
|
772
|
-
async function checkTopicAccess(ctx, topicId, userId) {
|
|
773
|
-
const result = await checkTopicAccessDetailed(ctx, topicId, userId);
|
|
774
|
-
return result.hasAccess;
|
|
775
|
-
}
|
|
776
|
-
async function checkScopeAccess(ctx, scopeId, userId) {
|
|
777
|
-
try {
|
|
778
|
-
const topic = await ctx.db.get(scopeId);
|
|
779
|
-
if (topic && topic.name !== void 0 && topic.type !== void 0) {
|
|
780
|
-
return true;
|
|
781
|
-
}
|
|
782
|
-
} catch {
|
|
783
|
-
}
|
|
784
|
-
try {
|
|
785
|
-
return await checkTopicAccess(ctx, scopeId, userId);
|
|
786
|
-
} catch {
|
|
787
|
-
return false;
|
|
788
|
-
}
|
|
789
|
-
}
|
|
790
|
-
var checkProjectAccess = checkTopicAccess;
|
|
791
|
-
|
|
792
|
-
// ../access-control/src/audience.ts
|
|
793
|
-
var AUDIENCE_CLASS_RANK = {
|
|
794
|
-
public: 0,
|
|
795
|
-
restricted_external: 1,
|
|
796
|
-
internal: 2
|
|
797
|
-
};
|
|
798
|
-
function normalizeKey(key) {
|
|
799
|
-
return (key ?? "").trim().toLowerCase().replace(/[^a-z0-9:_-]+/g, "_").replace(/_+/g, "_").replace(/^_+|_+$/g, "");
|
|
800
|
-
}
|
|
801
|
-
function normalizeAudienceKey(key) {
|
|
802
|
-
return normalizeKey(key);
|
|
803
|
-
}
|
|
804
|
-
function classFromAudienceKey(audienceKey, fallback = "internal") {
|
|
805
|
-
const key = normalizeKey(audienceKey);
|
|
806
|
-
if (!key) {
|
|
807
|
-
return fallback;
|
|
808
|
-
}
|
|
809
|
-
if (key === "internal") {
|
|
810
|
-
return "internal";
|
|
811
|
-
}
|
|
812
|
-
if (key === "public") {
|
|
813
|
-
return "public";
|
|
814
|
-
}
|
|
815
|
-
if (key === "lp" || key === "external" || key === "client" || key === "partner" || key === "portfolio" || key === "network" || key === "restricted_external") {
|
|
816
|
-
return "restricted_external";
|
|
817
|
-
}
|
|
818
|
-
return fallback;
|
|
819
|
-
}
|
|
820
|
-
function canAudienceClassAccess(viewerClass, resourceClass) {
|
|
821
|
-
return AUDIENCE_CLASS_RANK[viewerClass] >= AUDIENCE_CLASS_RANK[resourceClass];
|
|
822
|
-
}
|
|
823
|
-
|
|
824
|
-
// ../access-control/src/audienceRegistry.ts
|
|
825
|
-
var DEFAULT_AUDIENCES = [
|
|
826
|
-
{
|
|
827
|
-
audienceKey: "internal",
|
|
828
|
-
audienceLabel: "Internal",
|
|
829
|
-
audienceClass: "internal"
|
|
830
|
-
},
|
|
831
|
-
{
|
|
832
|
-
audienceKey: "lp",
|
|
833
|
-
audienceLabel: "Limited Partners",
|
|
834
|
-
audienceClass: "restricted_external"
|
|
835
|
-
},
|
|
836
|
-
{
|
|
837
|
-
audienceKey: "public",
|
|
838
|
-
audienceLabel: "Public",
|
|
839
|
-
audienceClass: "public"
|
|
840
|
-
}
|
|
841
|
-
];
|
|
842
|
-
var AUDIENCE_CLASS_PRIORITY = {
|
|
843
|
-
internal: 0,
|
|
844
|
-
restricted_external: 1,
|
|
845
|
-
public: 2
|
|
846
|
-
};
|
|
847
|
-
function normalizeRegistryRow(row) {
|
|
848
|
-
return {
|
|
849
|
-
audienceKey: normalizeAudienceKey(row.audienceKey),
|
|
850
|
-
audienceLabel: row.audienceLabel,
|
|
851
|
-
audienceClass: row.audienceClass,
|
|
852
|
-
workspaceId: row.workspaceId
|
|
853
|
-
};
|
|
854
|
-
}
|
|
855
|
-
function dedupeRegistryRows(rows) {
|
|
856
|
-
const byKey = /* @__PURE__ */ new Map();
|
|
857
|
-
for (const row of rows) {
|
|
858
|
-
const key = normalizeAudienceKey(row.audienceKey);
|
|
859
|
-
if (!key) {
|
|
860
|
-
continue;
|
|
861
|
-
}
|
|
862
|
-
const existing = byKey.get(key);
|
|
863
|
-
const isWorkspaceScoped = row.workspaceId !== void 0;
|
|
864
|
-
const existingWorkspaceScoped = existing?.workspaceId !== void 0;
|
|
865
|
-
if (!existing || isWorkspaceScoped && !existingWorkspaceScoped) {
|
|
866
|
-
byKey.set(key, {
|
|
867
|
-
...row,
|
|
868
|
-
audienceKey: key
|
|
869
|
-
});
|
|
870
|
-
}
|
|
871
|
-
}
|
|
872
|
-
const normalized = [...byKey.values()];
|
|
873
|
-
normalized.sort((a, b) => {
|
|
874
|
-
const classDelta = AUDIENCE_CLASS_PRIORITY[a.audienceClass] - AUDIENCE_CLASS_PRIORITY[b.audienceClass];
|
|
875
|
-
if (classDelta !== 0) {
|
|
876
|
-
return classDelta;
|
|
877
|
-
}
|
|
878
|
-
return a.audienceKey.localeCompare(b.audienceKey);
|
|
879
|
-
});
|
|
880
|
-
return normalized;
|
|
881
|
-
}
|
|
882
|
-
async function queryRegistryRows(ctx, args) {
|
|
883
|
-
if (!args.tenantId) {
|
|
884
|
-
return [...DEFAULT_AUDIENCES];
|
|
885
|
-
}
|
|
886
|
-
const rows = await ctx.db.query("platformAudiences").withIndex("by_tenantId", (q) => q.eq("tenantId", args.tenantId)).collect();
|
|
887
|
-
const workspaceIdString = args.workspaceId ? String(args.workspaceId) : null;
|
|
888
|
-
const tenantScoped = rows.filter((row) => row.status === "active");
|
|
889
|
-
const applicable = tenantScoped.filter((row) => {
|
|
890
|
-
if (!row.workspaceId) {
|
|
891
|
-
return true;
|
|
892
|
-
}
|
|
893
|
-
if (!workspaceIdString) {
|
|
894
|
-
return false;
|
|
895
|
-
}
|
|
896
|
-
return String(row.workspaceId) === workspaceIdString;
|
|
897
|
-
});
|
|
898
|
-
return dedupeRegistryRows([
|
|
899
|
-
...DEFAULT_AUDIENCES,
|
|
900
|
-
...applicable.map(
|
|
901
|
-
(row) => normalizeRegistryRow({
|
|
902
|
-
audienceKey: row.audienceKey,
|
|
903
|
-
audienceLabel: row.audienceLabel,
|
|
904
|
-
audienceClass: row.audienceClass,
|
|
905
|
-
workspaceId: row.workspaceId
|
|
906
|
-
})
|
|
907
|
-
)
|
|
908
|
-
]);
|
|
909
|
-
}
|
|
910
|
-
async function listAudienceRegistryRows(ctx, args) {
|
|
911
|
-
return queryRegistryRows(ctx, args);
|
|
912
|
-
}
|
|
913
|
-
|
|
914
|
-
// ../access-control/src/auth.ts
|
|
915
|
-
async function getCurrentUserId(ctx) {
|
|
916
|
-
const identity = await ctx.auth.getUserIdentity();
|
|
917
|
-
return identity?.subject ?? null;
|
|
918
|
-
}
|
|
919
|
-
var permissiveReturn = v.optional(v.any());
|
|
920
|
-
var looseJsonObject = v.record(v.string(), v.any());
|
|
921
|
-
var looseJsonArray = v.array(v.any());
|
|
922
|
-
v.union(
|
|
923
|
-
v.string(),
|
|
924
|
-
v.number(),
|
|
925
|
-
v.boolean(),
|
|
926
|
-
v.null(),
|
|
927
|
-
looseJsonObject,
|
|
928
|
-
looseJsonArray
|
|
929
|
-
);
|
|
930
|
-
var api2 = anyApi;
|
|
931
|
-
componentsGeneric();
|
|
932
13
|
var internal = anyApi;
|
|
933
14
|
var internalMutation = internalMutationGeneric;
|
|
934
15
|
var internalQuery = internalQueryGeneric;
|
|
@@ -969,48 +50,48 @@ function generateGlobalId() {
|
|
|
969
50
|
}
|
|
970
51
|
|
|
971
52
|
// src/topicProjectOverlay.ts
|
|
972
|
-
var
|
|
973
|
-
function
|
|
53
|
+
var LEGACY_SCOPE_FIELD = "graphScopeProjectId";
|
|
54
|
+
function readNonEmptyString(value) {
|
|
974
55
|
if (typeof value !== "string") {
|
|
975
56
|
return;
|
|
976
57
|
}
|
|
977
58
|
const normalized = value.trim();
|
|
978
59
|
return normalized.length > 0 ? normalized : void 0;
|
|
979
60
|
}
|
|
980
|
-
function
|
|
61
|
+
function readStringArray(value) {
|
|
981
62
|
if (!Array.isArray(value)) {
|
|
982
63
|
return [];
|
|
983
64
|
}
|
|
984
|
-
return value.map((entry) =>
|
|
65
|
+
return value.map((entry) => readNonEmptyString(entry)).filter((entry) => Boolean(entry));
|
|
985
66
|
}
|
|
986
|
-
function
|
|
67
|
+
function readMetadata(topic) {
|
|
987
68
|
return topic.metadata && typeof topic.metadata === "object" ? topic.metadata : {};
|
|
988
69
|
}
|
|
989
|
-
function
|
|
70
|
+
function readLegacyProjectId(value) {
|
|
990
71
|
if (!value) {
|
|
991
72
|
return;
|
|
992
73
|
}
|
|
993
|
-
return
|
|
74
|
+
return readNonEmptyString(value[LEGACY_SCOPE_FIELD]);
|
|
994
75
|
}
|
|
995
|
-
function
|
|
76
|
+
function coerceVisibility(value) {
|
|
996
77
|
return value === "private" || value === "team" || value === "firm" || value === "external" || value === "public" ? value : void 0;
|
|
997
78
|
}
|
|
998
|
-
function
|
|
79
|
+
function coerceStatus(value) {
|
|
999
80
|
return value === "active" || value === "archived" || value === "watching" ? value : void 0;
|
|
1000
81
|
}
|
|
1001
|
-
function
|
|
1002
|
-
const explicit =
|
|
82
|
+
function mapProjectType(topic, metadata) {
|
|
83
|
+
const explicit = readNonEmptyString(metadata.projectType);
|
|
1003
84
|
if (explicit) {
|
|
1004
85
|
return explicit;
|
|
1005
86
|
}
|
|
1006
87
|
if (topic.type === "theme") {
|
|
1007
88
|
return "thematic";
|
|
1008
89
|
}
|
|
1009
|
-
return
|
|
90
|
+
return readNonEmptyString(topic.type) || "general";
|
|
1010
91
|
}
|
|
1011
|
-
function
|
|
1012
|
-
const metadata =
|
|
1013
|
-
return topic.type === "theme" || topic.type === "thematic" || topic.type === "deal" || topic.type === "monitoring" ||
|
|
92
|
+
function isProjectLikeTopic(topic) {
|
|
93
|
+
const metadata = readMetadata(topic);
|
|
94
|
+
return topic.type === "theme" || topic.type === "thematic" || topic.type === "deal" || topic.type === "monitoring" || readLegacyProjectId(topic) !== void 0 || readNonEmptyString(metadata.projectType) !== void 0;
|
|
1014
95
|
}
|
|
1015
96
|
function isMissingLucernChildComponentError(error) {
|
|
1016
97
|
const message = error instanceof Error ? error.message : String(error);
|
|
@@ -1018,7 +99,7 @@ function isMissingLucernChildComponentError(error) {
|
|
|
1018
99
|
'Child component ComponentName(Identifier("lucern")) not found'
|
|
1019
100
|
) || message.includes("Child component") && message.includes("lucern") && message.includes("not found");
|
|
1020
101
|
}
|
|
1021
|
-
async function
|
|
102
|
+
async function resolveTopicDoc(ctx, scopeId) {
|
|
1022
103
|
if (ctx?.db && typeof ctx.db.get === "function") {
|
|
1023
104
|
try {
|
|
1024
105
|
const directTopic = await ctx.db.get(scopeId);
|
|
@@ -1032,7 +113,7 @@ async function resolveTopicDoc2(ctx, scopeId) {
|
|
|
1032
113
|
return null;
|
|
1033
114
|
}
|
|
1034
115
|
try {
|
|
1035
|
-
const topic = await ctx.runQuery(
|
|
116
|
+
const topic = await ctx.runQuery(api.topics.get, {
|
|
1036
117
|
id: String(scopeId)
|
|
1037
118
|
});
|
|
1038
119
|
if (topic?.name !== void 0 && topic?.type !== void 0) {
|
|
@@ -1041,7 +122,7 @@ async function resolveTopicDoc2(ctx, scopeId) {
|
|
|
1041
122
|
} catch {
|
|
1042
123
|
}
|
|
1043
124
|
try {
|
|
1044
|
-
const topic = await ctx.runQuery(
|
|
125
|
+
const topic = await ctx.runQuery(api.topics.getByLegacyScopeId, {
|
|
1045
126
|
projectId: String(scopeId)
|
|
1046
127
|
});
|
|
1047
128
|
if (topic?.name !== void 0 && topic?.type !== void 0) {
|
|
@@ -1051,14 +132,14 @@ async function resolveTopicDoc2(ctx, scopeId) {
|
|
|
1051
132
|
}
|
|
1052
133
|
return null;
|
|
1053
134
|
}
|
|
1054
|
-
function
|
|
1055
|
-
const metadata =
|
|
135
|
+
function materializeTopicProjectOverlay(topic, idMode = "legacy") {
|
|
136
|
+
const metadata = readMetadata(topic);
|
|
1056
137
|
const topicId = String(topic._id);
|
|
1057
|
-
const legacyProjectId =
|
|
138
|
+
const legacyProjectId = readLegacyProjectId(topic) || readLegacyProjectId(metadata) || readNonEmptyString(metadata.legacyProjectId);
|
|
1058
139
|
const storageProjectId = legacyProjectId || topicId;
|
|
1059
140
|
const outwardId = idMode === "topic" ? topicId : storageProjectId;
|
|
1060
|
-
const visibility =
|
|
1061
|
-
const status =
|
|
141
|
+
const visibility = coerceVisibility(topic.visibility) || coerceVisibility(metadata.visibility) || "private";
|
|
142
|
+
const status = coerceStatus(topic.status) || coerceStatus(metadata.status) || "active";
|
|
1062
143
|
const createdAt = typeof topic.createdAt === "number" ? topic.createdAt : typeof topic._creationTime === "number" ? topic._creationTime : 0;
|
|
1063
144
|
const updatedAt = typeof topic.updatedAt === "number" ? topic.updatedAt : typeof metadata.updatedAt === "number" ? metadata.updatedAt : createdAt;
|
|
1064
145
|
return {
|
|
@@ -1068,16 +149,16 @@ function materializeTopicProjectOverlay2(topic, idMode = "legacy") {
|
|
|
1068
149
|
topicId,
|
|
1069
150
|
storageProjectId,
|
|
1070
151
|
legacyProjectId,
|
|
1071
|
-
name:
|
|
1072
|
-
type:
|
|
1073
|
-
description:
|
|
1074
|
-
ownerId:
|
|
1075
|
-
sharedWith:
|
|
152
|
+
name: readNonEmptyString(topic.name) || "Untitled Theme",
|
|
153
|
+
type: mapProjectType(topic, metadata),
|
|
154
|
+
description: readNonEmptyString(topic.description),
|
|
155
|
+
ownerId: readNonEmptyString(metadata.ownerId) || readNonEmptyString(topic.createdBy) || "system",
|
|
156
|
+
sharedWith: readStringArray(metadata.sharedWith),
|
|
1076
157
|
visibility,
|
|
1077
|
-
tenantId:
|
|
1078
|
-
workspaceId:
|
|
158
|
+
tenantId: readNonEmptyString(topic.tenantId) || readNonEmptyString(metadata.tenantId),
|
|
159
|
+
workspaceId: readNonEmptyString(topic.workspaceId) || readNonEmptyString(metadata.workspaceId),
|
|
1079
160
|
status,
|
|
1080
|
-
tags:
|
|
161
|
+
tags: readStringArray(metadata.tags),
|
|
1081
162
|
chatCount: typeof metadata.chatCount === "number" ? metadata.chatCount : 0,
|
|
1082
163
|
artifactCount: typeof metadata.artifactCount === "number" ? metadata.artifactCount : 0,
|
|
1083
164
|
lastActivityAt: typeof metadata.lastActivityAt === "number" ? metadata.lastActivityAt : updatedAt,
|
|
@@ -1086,17 +167,17 @@ function materializeTopicProjectOverlay2(topic, idMode = "legacy") {
|
|
|
1086
167
|
updatedAt
|
|
1087
168
|
};
|
|
1088
169
|
}
|
|
1089
|
-
async function
|
|
1090
|
-
const topic = await
|
|
170
|
+
async function resolveTopicProjectOverlay(ctx, scopeId, options = {}) {
|
|
171
|
+
const topic = await resolveTopicDoc(ctx, scopeId);
|
|
1091
172
|
if (!topic) {
|
|
1092
173
|
return null;
|
|
1093
174
|
}
|
|
1094
|
-
if (options.projectLikeOnly !== false && !
|
|
175
|
+
if (options.projectLikeOnly !== false && !isProjectLikeTopic(topic)) {
|
|
1095
176
|
return null;
|
|
1096
177
|
}
|
|
1097
|
-
return
|
|
178
|
+
return materializeTopicProjectOverlay(topic, options.idMode);
|
|
1098
179
|
}
|
|
1099
|
-
async function
|
|
180
|
+
async function listTopicProjectOverlays(ctx, options = {}) {
|
|
1100
181
|
let allTopics = [];
|
|
1101
182
|
if (ctx?.db?.query && typeof ctx.db.query === "function") {
|
|
1102
183
|
try {
|
|
@@ -1106,18 +187,18 @@ async function listTopicProjectOverlays2(ctx, options = {}) {
|
|
|
1106
187
|
}
|
|
1107
188
|
}
|
|
1108
189
|
if (allTopics.length === 0 && typeof ctx.runQuery === "function") {
|
|
1109
|
-
allTopics = (await ctx.runQuery(
|
|
190
|
+
allTopics = (await ctx.runQuery(api.topics.list, {}) ?? []) || [];
|
|
1110
191
|
}
|
|
1111
192
|
return allTopics.filter(
|
|
1112
|
-
(topic) => options.projectLikeOnly === false ||
|
|
1113
|
-
).map((topic) =>
|
|
193
|
+
(topic) => options.projectLikeOnly === false || isProjectLikeTopic(topic)
|
|
194
|
+
).map((topic) => materializeTopicProjectOverlay(topic, options.idMode));
|
|
1114
195
|
}
|
|
1115
196
|
async function patchTopicProjectOverlay(ctx, scopeId, value) {
|
|
1116
|
-
const topic = await
|
|
197
|
+
const topic = await resolveTopicDoc(ctx, scopeId);
|
|
1117
198
|
if (!topic) {
|
|
1118
199
|
return null;
|
|
1119
200
|
}
|
|
1120
|
-
const nextMetadata = { ...
|
|
201
|
+
const nextMetadata = { ...readMetadata(topic) };
|
|
1121
202
|
const patch = {};
|
|
1122
203
|
const topicUpdateArgs = {
|
|
1123
204
|
id: String(topic._id)
|
|
@@ -1142,7 +223,7 @@ async function patchTopicProjectOverlay(ctx, scopeId, value) {
|
|
|
1142
223
|
`patchTopicProjectOverlay cannot mutate ${key} via component-owned topics`
|
|
1143
224
|
);
|
|
1144
225
|
case "status": {
|
|
1145
|
-
const status =
|
|
226
|
+
const status = coerceStatus(rawValue);
|
|
1146
227
|
if (status) {
|
|
1147
228
|
patch.status = status;
|
|
1148
229
|
topicUpdateArgs.status = status;
|
|
@@ -1150,7 +231,7 @@ async function patchTopicProjectOverlay(ctx, scopeId, value) {
|
|
|
1150
231
|
break;
|
|
1151
232
|
}
|
|
1152
233
|
case "visibility": {
|
|
1153
|
-
const visibility =
|
|
234
|
+
const visibility = coerceVisibility(rawValue);
|
|
1154
235
|
if (visibility) {
|
|
1155
236
|
patch.visibility = visibility;
|
|
1156
237
|
topicUpdateArgs.visibility = visibility;
|
|
@@ -1158,7 +239,7 @@ async function patchTopicProjectOverlay(ctx, scopeId, value) {
|
|
|
1158
239
|
break;
|
|
1159
240
|
}
|
|
1160
241
|
case "type": {
|
|
1161
|
-
const projectType =
|
|
242
|
+
const projectType = readNonEmptyString(rawValue);
|
|
1162
243
|
if (projectType) {
|
|
1163
244
|
nextMetadata.projectType = projectType;
|
|
1164
245
|
} else {
|
|
@@ -1182,7 +263,7 @@ async function patchTopicProjectOverlay(ctx, scopeId, value) {
|
|
|
1182
263
|
topicUpdateArgs.metadata = nextMetadata;
|
|
1183
264
|
if (typeof ctx.runMutation === "function") {
|
|
1184
265
|
try {
|
|
1185
|
-
await ctx.runMutation(
|
|
266
|
+
await ctx.runMutation(api.topics.update, topicUpdateArgs);
|
|
1186
267
|
} catch (error) {
|
|
1187
268
|
if (!isMissingLucernChildComponentError(error) || !ctx?.db || typeof ctx.db.patch !== "function") {
|
|
1188
269
|
throw error;
|
|
@@ -1196,7 +277,7 @@ async function patchTopicProjectOverlay(ctx, scopeId, value) {
|
|
|
1196
277
|
"Cannot patch topic without component adapter (ctx.runMutation unavailable)"
|
|
1197
278
|
);
|
|
1198
279
|
}
|
|
1199
|
-
return
|
|
280
|
+
return materializeTopicProjectOverlay(
|
|
1200
281
|
{
|
|
1201
282
|
...topic,
|
|
1202
283
|
...patch,
|
|
@@ -1229,10 +310,10 @@ async function patchProjectWithTolerance(ctx, projectId, value) {
|
|
|
1229
310
|
});
|
|
1230
311
|
}
|
|
1231
312
|
}
|
|
1232
|
-
function
|
|
313
|
+
function defaultResolvers() {
|
|
1233
314
|
return {
|
|
1234
315
|
async getProject(ctx, projectId) {
|
|
1235
|
-
return await
|
|
316
|
+
return await resolveTopicProjectOverlay(ctx, projectId, {
|
|
1236
317
|
idMode: "legacy",
|
|
1237
318
|
projectLikeOnly: false
|
|
1238
319
|
});
|
|
@@ -1241,7 +322,7 @@ function defaultResolvers2() {
|
|
|
1241
322
|
await patchProjectWithTolerance(ctx, projectId, value);
|
|
1242
323
|
},
|
|
1243
324
|
async listTopics(ctx) {
|
|
1244
|
-
return await
|
|
325
|
+
return await listTopicProjectOverlays(ctx, {
|
|
1245
326
|
idMode: "legacy"
|
|
1246
327
|
});
|
|
1247
328
|
},
|
|
@@ -1250,24 +331,24 @@ function defaultResolvers2() {
|
|
|
1250
331
|
}
|
|
1251
332
|
};
|
|
1252
333
|
}
|
|
1253
|
-
var
|
|
334
|
+
var resolverOverrides = {};
|
|
1254
335
|
function resolveGraphPrimitivesAppResolvers(_ctx) {
|
|
1255
336
|
return {
|
|
1256
|
-
...
|
|
1257
|
-
...
|
|
337
|
+
...defaultResolvers(),
|
|
338
|
+
...resolverOverrides
|
|
1258
339
|
};
|
|
1259
340
|
}
|
|
1260
|
-
var
|
|
341
|
+
var LEGACY_SCOPE_FIELD2 = "graphScopeProjectId";
|
|
1261
342
|
function asMappedProjectId(topic) {
|
|
1262
343
|
if (!topic) {
|
|
1263
344
|
return;
|
|
1264
345
|
}
|
|
1265
|
-
const directLegacyProjectId = normalizeScopeValue(topic[
|
|
346
|
+
const directLegacyProjectId = normalizeScopeValue(topic[LEGACY_SCOPE_FIELD2]);
|
|
1266
347
|
if (directLegacyProjectId) {
|
|
1267
348
|
return directLegacyProjectId;
|
|
1268
349
|
}
|
|
1269
350
|
const metadata = topic.metadata || {};
|
|
1270
|
-
const candidate = metadata[
|
|
351
|
+
const candidate = metadata[LEGACY_SCOPE_FIELD2] || metadata.legacyProjectId || metadata.projectId || metadata.scopeProjectId;
|
|
1271
352
|
return candidate ? candidate : void 0;
|
|
1272
353
|
}
|
|
1273
354
|
function normalizeScopeValue(value) {
|
|
@@ -1296,7 +377,7 @@ async function findTopicsByScopeAlias(ctx, scopeId) {
|
|
|
1296
377
|
try {
|
|
1297
378
|
return await ctx.db.query("topics").withIndex(
|
|
1298
379
|
"by_graph_scope_project",
|
|
1299
|
-
(q) => q.eq(
|
|
380
|
+
(q) => q.eq(LEGACY_SCOPE_FIELD2, scopeId)
|
|
1300
381
|
).collect();
|
|
1301
382
|
} catch {
|
|
1302
383
|
const topics = await ctx.db.query("topics").collect();
|
|
@@ -1312,7 +393,7 @@ async function tryResolveHostTopicById(ctx, topicId) {
|
|
|
1312
393
|
return null;
|
|
1313
394
|
}
|
|
1314
395
|
try {
|
|
1315
|
-
return await ctx.runQuery(
|
|
396
|
+
return await ctx.runQuery(api.topics.get, {
|
|
1316
397
|
id: topicId
|
|
1317
398
|
}) ?? null;
|
|
1318
399
|
} catch {
|
|
@@ -1324,7 +405,7 @@ async function tryResolveHostTopicByLegacyScope(ctx, legacyScopeId) {
|
|
|
1324
405
|
return null;
|
|
1325
406
|
}
|
|
1326
407
|
try {
|
|
1327
|
-
return await ctx.runQuery(
|
|
408
|
+
return await ctx.runQuery(api.topics.getByLegacyScopeId, {
|
|
1328
409
|
projectId: legacyScopeId
|
|
1329
410
|
}) ?? null;
|
|
1330
411
|
} catch {
|
|
@@ -1443,61 +524,6 @@ var optionalScopeArgs = {
|
|
|
1443
524
|
projectId: v.optional(v.string()),
|
|
1444
525
|
topicId: v.optional(v.string())
|
|
1445
526
|
};
|
|
1446
|
-
|
|
1447
|
-
// ../../packages/contracts/src/schema-helpers/spine/tables/epistemicNodes.ts
|
|
1448
|
-
var NODE_TYPES = [
|
|
1449
|
-
"decision",
|
|
1450
|
-
"belief",
|
|
1451
|
-
"question",
|
|
1452
|
-
"theme",
|
|
1453
|
-
"deal",
|
|
1454
|
-
"topic",
|
|
1455
|
-
"claim",
|
|
1456
|
-
"evidence",
|
|
1457
|
-
"synthesis",
|
|
1458
|
-
"answer",
|
|
1459
|
-
"atomic_fact",
|
|
1460
|
-
"excerpt",
|
|
1461
|
-
"source",
|
|
1462
|
-
"company",
|
|
1463
|
-
"person",
|
|
1464
|
-
"investor",
|
|
1465
|
-
"function",
|
|
1466
|
-
"value_chain"
|
|
1467
|
-
];
|
|
1468
|
-
function isNodeType(value) {
|
|
1469
|
-
return NODE_TYPES.includes(value);
|
|
1470
|
-
}
|
|
1471
|
-
function getLayerForNodeType(type) {
|
|
1472
|
-
switch (type) {
|
|
1473
|
-
case "decision":
|
|
1474
|
-
return "L4";
|
|
1475
|
-
case "belief":
|
|
1476
|
-
case "question":
|
|
1477
|
-
case "theme":
|
|
1478
|
-
case "deal":
|
|
1479
|
-
return "L3";
|
|
1480
|
-
case "claim":
|
|
1481
|
-
case "evidence":
|
|
1482
|
-
case "synthesis":
|
|
1483
|
-
case "answer":
|
|
1484
|
-
return "L2";
|
|
1485
|
-
case "atomic_fact":
|
|
1486
|
-
case "excerpt":
|
|
1487
|
-
case "source":
|
|
1488
|
-
return "L1";
|
|
1489
|
-
case "topic":
|
|
1490
|
-
return "organizational";
|
|
1491
|
-
case "company":
|
|
1492
|
-
case "person":
|
|
1493
|
-
case "investor":
|
|
1494
|
-
case "function":
|
|
1495
|
-
case "value_chain":
|
|
1496
|
-
return "ontological";
|
|
1497
|
-
}
|
|
1498
|
-
}
|
|
1499
|
-
|
|
1500
|
-
// src/workspaceIsolation.ts
|
|
1501
527
|
function normalizeScopeValue2(value) {
|
|
1502
528
|
if (typeof value !== "string") {
|
|
1503
529
|
return;
|
|
@@ -1631,38 +657,7 @@ function assertTenantPackWorkspaceMutationAllowed(args) {
|
|
|
1631
657
|
});
|
|
1632
658
|
}
|
|
1633
659
|
|
|
1634
|
-
//
|
|
1635
|
-
function normalizeString2(value) {
|
|
1636
|
-
if (typeof value !== "string") {
|
|
1637
|
-
return void 0;
|
|
1638
|
-
}
|
|
1639
|
-
const trimmed = value.trim();
|
|
1640
|
-
return trimmed.length > 0 ? trimmed : void 0;
|
|
1641
|
-
}
|
|
1642
|
-
function requireScopeId(...ids) {
|
|
1643
|
-
for (const id of ids) {
|
|
1644
|
-
const normalized = normalizeString2(id);
|
|
1645
|
-
if (normalized) {
|
|
1646
|
-
return normalized;
|
|
1647
|
-
}
|
|
1648
|
-
}
|
|
1649
|
-
throw new Error("No scope identifier provided (topicId or projectId required)");
|
|
1650
|
-
}
|
|
1651
|
-
async function resolveTopicProjectScope2(ctx, args) {
|
|
1652
|
-
const resolved = await resolveTopicProjectScope(ctx, {
|
|
1653
|
-
topicId: normalizeString2(args.topicId),
|
|
1654
|
-
projectId: normalizeString2(args.projectId)
|
|
1655
|
-
});
|
|
1656
|
-
const topicId = normalizeString2(resolved.topicId);
|
|
1657
|
-
const projectId = requireScopeId(
|
|
1658
|
-
resolved.projectId,
|
|
1659
|
-
args.projectId,
|
|
1660
|
-
topicId
|
|
1661
|
-
);
|
|
1662
|
-
return { projectId, ...topicId ? { topicId } : {} };
|
|
1663
|
-
}
|
|
1664
|
-
|
|
1665
|
-
// ../worktrees/src/v1/engine/worktreeWorkflowBridge.ts
|
|
660
|
+
// src/workflowBridge.ts
|
|
1666
661
|
function isLegacySprintDoc(doc) {
|
|
1667
662
|
if (!doc || typeof doc !== "object") {
|
|
1668
663
|
return false;
|
|
@@ -1688,7 +683,7 @@ async function findPairedWorktreeForSprint(ctx, sprint) {
|
|
|
1688
683
|
let topicId = getStringField(sprint, "topicId");
|
|
1689
684
|
if (!topicId) {
|
|
1690
685
|
try {
|
|
1691
|
-
const scope = await
|
|
686
|
+
const scope = await resolveTopicProjectScope(ctx, {
|
|
1692
687
|
topicId: getStringField(sprint, "topicId"),
|
|
1693
688
|
projectId: getStringField(sprint, "projectId")
|
|
1694
689
|
});
|