@lucern/mcp 0.3.0-alpha.9 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -1
- package/dist/cli.js +11514 -4969
- package/dist/cli.js.map +1 -1
- package/dist/gateway.d.ts +30 -1
- package/dist/gateway.js +6047 -930
- package/dist/gateway.js.map +1 -1
- package/dist/hosted-route.js +7730 -1181
- package/dist/hosted-route.js.map +1 -1
- package/dist/index.js +13833 -7288
- package/dist/index.js.map +1 -1
- package/dist/runtime.js +3554 -328
- package/dist/runtime.js.map +1 -1
- package/package.json +8 -7
package/dist/runtime.js
CHANGED
|
@@ -232,6 +232,20 @@ var autoBranchingHandlers = {
|
|
|
232
232
|
}
|
|
233
233
|
};
|
|
234
234
|
|
|
235
|
+
// ../contracts/src/types/reasoning-method.ts
|
|
236
|
+
var REASONING_METHODS = [
|
|
237
|
+
"deductive",
|
|
238
|
+
"inductive",
|
|
239
|
+
"abductive",
|
|
240
|
+
"analogical",
|
|
241
|
+
"causal",
|
|
242
|
+
"correlational",
|
|
243
|
+
"testimonial",
|
|
244
|
+
"statistical",
|
|
245
|
+
"implicit",
|
|
246
|
+
"pattern_match"
|
|
247
|
+
];
|
|
248
|
+
|
|
235
249
|
// ../contracts/src/graph-intelligence.contract.ts
|
|
236
250
|
var GRAPH_INTELLIGENCE_MODE_TOOL_NAMES = {
|
|
237
251
|
core: [
|
|
@@ -941,7 +955,7 @@ defineTable({
|
|
|
941
955
|
});
|
|
942
956
|
defineTable({
|
|
943
957
|
name: "agents",
|
|
944
|
-
component: "
|
|
958
|
+
component: "control-plane",
|
|
945
959
|
category: "agent",
|
|
946
960
|
shape: z.object({
|
|
947
961
|
"slug": z.string(),
|
|
@@ -972,6 +986,8 @@ defineTable({
|
|
|
972
986
|
category: "tenant",
|
|
973
987
|
shape: z.object({
|
|
974
988
|
"tenantId": idOf("tenants"),
|
|
989
|
+
"workspaceId": idOf("workspaces").optional(),
|
|
990
|
+
"environment": z.enum(["dev", "staging", "prod"]).optional(),
|
|
975
991
|
"keyPrefix": z.enum(["luc", "stk"]),
|
|
976
992
|
"keyHash": z.string(),
|
|
977
993
|
"keyHint": z.string(),
|
|
@@ -999,7 +1015,7 @@ defineTable({
|
|
|
999
1015
|
shape: z.object({
|
|
1000
1016
|
"tenantId": idOf("tenants").optional(),
|
|
1001
1017
|
"apiKeyId": idOf("apiKeys").optional(),
|
|
1002
|
-
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "principal_created", "principal_updated", "principal_suspended", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
1018
|
+
"action": z.enum(["key_created", "key_revoked", "key_expired", "key_used", "tenant_secret_created", "tenant_secret_rotated", "tenant_secret_revoked", "tenant_slot_binding_upserted", "tenant_slot_binding_revoked", "proxy_token_minted", "proxy_token_lease_issued", "proxy_token_lease_renewed", "proxy_token_lease_revoked", "proxy_request_recorded", "tenant_created", "tenant_updated", "tenant_suspended", "tenant_archived", "tenant_reactivated", "tenant_clerk_organization_linked", "tenant_canonical_identity_repaired", "principal_created", "principal_updated", "principal_suspended", "principal_identity_alias_upserted", "principal_identity_alias_revoked", "membership_created", "membership_updated", "membership_revoked", "group_created", "group_updated", "group_deleted", "group_member_added", "group_member_removed", "workspace_created", "workspace_updated", "workspace_archived", "workspace_deployment_set", "workspace_deployment_removed", "deployment_host_registered", "deployment_host_revoked", "service_key_created", "service_key_rotated", "service_key_revoked", "service_key_used", "service_key_auth_failed", "session_created", "session_validated", "session_revoked", "session_cascade_revoked", "session_expired", "sandbox_created", "sandbox_secret_injected", "sandbox_execution_started", "sandbox_execution_completed", "sandbox_limit_violated", "policy_created", "policy_updated", "policy_enforced", "policy_archived", "permit_sync_enqueued", "permit_sync_succeeded", "permit_sync_failed", "permit_sync_skipped", "agent_registered", "agent_updated", "tool_registered", "tool_updated", "pack_entitled", "pack_installed", "pack_enabled", "pack_disabled", "pack_entitlement_revoked", "pack_upgraded", "pack_upgrade_committed", "pack_upgrade_rolled_back", "pack_group_assigned", "pack_group_unassigned", "methodology_pack_created", "methodology_pack_updated", "methodology_pack_assigned", "methodology_pack_removed", "pack_assigned_to_group", "pack_revoked_from_group", "pack_ontology_materialized", "pack_ontology_topic_bound", "cutover_flag_set", "cutover_flag_cleared"]),
|
|
1003
1019
|
"actorClerkId": z.string(),
|
|
1004
1020
|
"details": z.any().optional(),
|
|
1005
1021
|
"createdAt": z.number()
|
|
@@ -1223,6 +1239,35 @@ defineTable({
|
|
|
1223
1239
|
{ kind: "index", name: "by_source", columns: ["source"] }
|
|
1224
1240
|
]
|
|
1225
1241
|
});
|
|
1242
|
+
defineTable({
|
|
1243
|
+
name: "domainEvents",
|
|
1244
|
+
component: "kernel",
|
|
1245
|
+
category: "events",
|
|
1246
|
+
shape: z.object({
|
|
1247
|
+
"eventId": z.string(),
|
|
1248
|
+
"type": z.string(),
|
|
1249
|
+
"version": z.string(),
|
|
1250
|
+
"timestamp": z.number(),
|
|
1251
|
+
"tenantId": z.string().optional(),
|
|
1252
|
+
"workspaceId": z.string().optional(),
|
|
1253
|
+
"topicId": z.string(),
|
|
1254
|
+
"resourceId": z.string(),
|
|
1255
|
+
"resourceType": z.string(),
|
|
1256
|
+
"actorId": z.string(),
|
|
1257
|
+
"actorType": z.enum(["human", "agent", "service"]),
|
|
1258
|
+
"data": z.record(z.any()),
|
|
1259
|
+
"correlationId": z.string().optional(),
|
|
1260
|
+
"expiresAt": z.number()
|
|
1261
|
+
}),
|
|
1262
|
+
indices: [
|
|
1263
|
+
{ kind: "index", name: "by_eventId", columns: ["eventId"] },
|
|
1264
|
+
{ kind: "index", name: "by_topic_timestamp", columns: ["topicId", "timestamp"] },
|
|
1265
|
+
{ kind: "index", name: "by_tenant_workspace_timestamp", columns: ["tenantId", "workspaceId", "timestamp"] },
|
|
1266
|
+
{ kind: "index", name: "by_type_timestamp", columns: ["type", "timestamp"] },
|
|
1267
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId", "timestamp"] },
|
|
1268
|
+
{ kind: "index", name: "by_expiresAt", columns: ["expiresAt"] }
|
|
1269
|
+
]
|
|
1270
|
+
});
|
|
1226
1271
|
defineTable({
|
|
1227
1272
|
name: "beliefConfidence",
|
|
1228
1273
|
component: "kernel",
|
|
@@ -1878,29 +1923,37 @@ defineTable({
|
|
|
1878
1923
|
component: "mc",
|
|
1879
1924
|
category: "runtime",
|
|
1880
1925
|
shape: z.object({
|
|
1881
|
-
|
|
1882
|
-
|
|
1883
|
-
|
|
1884
|
-
|
|
1885
|
-
|
|
1886
|
-
|
|
1887
|
-
|
|
1888
|
-
|
|
1889
|
-
|
|
1890
|
-
|
|
1891
|
-
|
|
1892
|
-
|
|
1893
|
-
|
|
1926
|
+
shimId: z.string(),
|
|
1927
|
+
gateId: z.string(),
|
|
1928
|
+
removalDate: z.string(),
|
|
1929
|
+
removalPriority: z.enum(["P1", "P2", "P3"]),
|
|
1930
|
+
description: z.string(),
|
|
1931
|
+
owner: z.string(),
|
|
1932
|
+
createdAt: z.string(),
|
|
1933
|
+
status: z.enum(["active", "overdue", "removed"]),
|
|
1934
|
+
bridgeType: z.enum(["tool", "agent"]),
|
|
1935
|
+
bridgeTarget: z.object({
|
|
1936
|
+
type: z.enum(["tool", "agent"]),
|
|
1937
|
+
legacyPath: z.string(),
|
|
1938
|
+
harnessPath: z.string()
|
|
1894
1939
|
}),
|
|
1895
|
-
|
|
1896
|
-
|
|
1897
|
-
|
|
1898
|
-
|
|
1940
|
+
shimBehavior: z.enum([
|
|
1941
|
+
"passthrough_with_logging",
|
|
1942
|
+
"adapter",
|
|
1943
|
+
"feature_flag_gate"
|
|
1944
|
+
]),
|
|
1945
|
+
producesLedgerEntries: z.boolean(),
|
|
1946
|
+
lastAuditedAt: z.number(),
|
|
1947
|
+
metadata: z.record(z.any()).optional()
|
|
1899
1948
|
}),
|
|
1900
1949
|
indices: [
|
|
1901
1950
|
{ kind: "index", name: "by_shimId", columns: ["shimId"] },
|
|
1902
1951
|
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
1903
|
-
{
|
|
1952
|
+
{
|
|
1953
|
+
kind: "index",
|
|
1954
|
+
name: "by_bridgeType_status",
|
|
1955
|
+
columns: ["bridgeType", "status"]
|
|
1956
|
+
}
|
|
1904
1957
|
]
|
|
1905
1958
|
});
|
|
1906
1959
|
defineTable({
|
|
@@ -1908,12 +1961,23 @@ defineTable({
|
|
|
1908
1961
|
component: "mc",
|
|
1909
1962
|
category: "runtime",
|
|
1910
1963
|
shape: z.object({
|
|
1911
|
-
|
|
1912
|
-
|
|
1913
|
-
|
|
1914
|
-
|
|
1915
|
-
|
|
1916
|
-
|
|
1964
|
+
domain: z.enum([
|
|
1965
|
+
"graph",
|
|
1966
|
+
"schema",
|
|
1967
|
+
"identity",
|
|
1968
|
+
"policy",
|
|
1969
|
+
"audit",
|
|
1970
|
+
"admin",
|
|
1971
|
+
"agent",
|
|
1972
|
+
"tool",
|
|
1973
|
+
"prompt",
|
|
1974
|
+
"intelligence"
|
|
1975
|
+
]),
|
|
1976
|
+
state: z.enum(["legacy", "cutover", "disabled"]),
|
|
1977
|
+
metadata: z.record(z.any()).optional(),
|
|
1978
|
+
updatedBy: z.string(),
|
|
1979
|
+
createdAt: z.number(),
|
|
1980
|
+
updatedAt: z.number()
|
|
1917
1981
|
}),
|
|
1918
1982
|
indices: [
|
|
1919
1983
|
{ kind: "index", name: "by_domain", columns: ["domain"] },
|
|
@@ -1925,57 +1989,193 @@ defineTable({
|
|
|
1925
1989
|
component: "mc",
|
|
1926
1990
|
category: "runtime",
|
|
1927
1991
|
shape: z.object({
|
|
1928
|
-
|
|
1929
|
-
|
|
1930
|
-
|
|
1931
|
-
|
|
1932
|
-
|
|
1933
|
-
|
|
1934
|
-
|
|
1935
|
-
|
|
1936
|
-
|
|
1937
|
-
|
|
1938
|
-
|
|
1939
|
-
|
|
1940
|
-
|
|
1941
|
-
|
|
1942
|
-
|
|
1943
|
-
|
|
1944
|
-
|
|
1992
|
+
credentialRef: z.string(),
|
|
1993
|
+
tenantId: idOf("tenants"),
|
|
1994
|
+
workspaceId: idOf("workspaces").optional(),
|
|
1995
|
+
target: z.enum(["kernelDeployment", "appDeployment"]),
|
|
1996
|
+
environment: z.enum(["dev", "staging", "prod"]),
|
|
1997
|
+
encryptedDeployKey: z.string(),
|
|
1998
|
+
encryptionVersion: z.string(),
|
|
1999
|
+
keyFingerprint: z.string(),
|
|
2000
|
+
keyHint: z.string(),
|
|
2001
|
+
status: z.enum(["active", "revoked"]),
|
|
2002
|
+
rotatedFromCredentialRef: z.string().optional(),
|
|
2003
|
+
revokedAt: z.number().optional(),
|
|
2004
|
+
revokedBy: z.string().optional(),
|
|
2005
|
+
lastUsedAt: z.number().optional(),
|
|
2006
|
+
metadata: z.record(z.any()).optional(),
|
|
2007
|
+
createdBy: z.string(),
|
|
2008
|
+
createdAt: z.number(),
|
|
2009
|
+
updatedAt: z.number()
|
|
1945
2010
|
}),
|
|
1946
2011
|
indices: [
|
|
1947
2012
|
{ kind: "index", name: "by_credentialRef", columns: ["credentialRef"] },
|
|
1948
2013
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1949
|
-
{ kind: "index", name: "
|
|
1950
|
-
{
|
|
1951
|
-
|
|
2014
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
2015
|
+
{
|
|
2016
|
+
kind: "index",
|
|
2017
|
+
name: "by_tenant_target",
|
|
2018
|
+
columns: ["tenantId", "target"]
|
|
2019
|
+
},
|
|
2020
|
+
{
|
|
2021
|
+
kind: "index",
|
|
2022
|
+
name: "by_tenant_target_environment",
|
|
2023
|
+
columns: ["tenantId", "target", "environment"]
|
|
2024
|
+
},
|
|
2025
|
+
{
|
|
2026
|
+
kind: "index",
|
|
2027
|
+
name: "by_tenant_target_environment_status",
|
|
2028
|
+
columns: ["tenantId", "target", "environment", "status"]
|
|
2029
|
+
},
|
|
2030
|
+
{
|
|
2031
|
+
kind: "index",
|
|
2032
|
+
name: "by_tenant_workspace_target_environment_status",
|
|
2033
|
+
columns: ["tenantId", "workspaceId", "target", "environment", "status"]
|
|
2034
|
+
},
|
|
1952
2035
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1953
2036
|
]
|
|
1954
2037
|
});
|
|
2038
|
+
defineTable({
|
|
2039
|
+
name: "permitSyncStates",
|
|
2040
|
+
component: "mc",
|
|
2041
|
+
category: "runtime",
|
|
2042
|
+
shape: z.object({
|
|
2043
|
+
syncKey: z.string(),
|
|
2044
|
+
objectType: z.enum([
|
|
2045
|
+
"resource",
|
|
2046
|
+
"role",
|
|
2047
|
+
"resource_role",
|
|
2048
|
+
"resource_relation",
|
|
2049
|
+
"tenant",
|
|
2050
|
+
"workspace",
|
|
2051
|
+
"principal",
|
|
2052
|
+
"membership",
|
|
2053
|
+
"group",
|
|
2054
|
+
"resource_instance",
|
|
2055
|
+
"relationship_tuple",
|
|
2056
|
+
"role_assignment"
|
|
2057
|
+
]),
|
|
2058
|
+
objectId: z.string(),
|
|
2059
|
+
tenantId: idOf("tenants").optional(),
|
|
2060
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2061
|
+
principalId: z.string().optional(),
|
|
2062
|
+
permitTenantKey: z.string().optional(),
|
|
2063
|
+
permitResourceType: z.string().optional(),
|
|
2064
|
+
permitResourceKey: z.string().optional(),
|
|
2065
|
+
desiredPayload: z.record(z.any()),
|
|
2066
|
+
lastAppliedPayloadHash: z.string().optional(),
|
|
2067
|
+
status: z.enum(["pending", "synced", "error", "skipped"]),
|
|
2068
|
+
attemptCount: z.number(),
|
|
2069
|
+
lastError: z.string().optional(),
|
|
2070
|
+
nextAttemptAt: z.number().optional(),
|
|
2071
|
+
lastSyncedAt: z.number().optional(),
|
|
2072
|
+
createdBy: z.string(),
|
|
2073
|
+
updatedBy: z.string().optional(),
|
|
2074
|
+
createdAt: z.number(),
|
|
2075
|
+
updatedAt: z.number()
|
|
2076
|
+
}),
|
|
2077
|
+
indices: [
|
|
2078
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
2079
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
2080
|
+
{
|
|
2081
|
+
kind: "index",
|
|
2082
|
+
name: "by_tenant_status",
|
|
2083
|
+
columns: ["tenantId", "status"]
|
|
2084
|
+
},
|
|
2085
|
+
{
|
|
2086
|
+
kind: "index",
|
|
2087
|
+
name: "by_workspace_status",
|
|
2088
|
+
columns: ["workspaceId", "status"]
|
|
2089
|
+
},
|
|
2090
|
+
{
|
|
2091
|
+
kind: "index",
|
|
2092
|
+
name: "by_principal_status",
|
|
2093
|
+
columns: ["principalId", "status"]
|
|
2094
|
+
}
|
|
2095
|
+
]
|
|
2096
|
+
});
|
|
2097
|
+
defineTable({
|
|
2098
|
+
name: "secretSyncDriftReports",
|
|
2099
|
+
component: "mc",
|
|
2100
|
+
category: "runtime",
|
|
2101
|
+
shape: z.object({
|
|
2102
|
+
reportId: z.string(),
|
|
2103
|
+
source: z.enum(["infisical_manifest", "manual", "ci"]),
|
|
2104
|
+
generatedAt: z.number(),
|
|
2105
|
+
recordedAt: z.number(),
|
|
2106
|
+
recordedBy: z.string(),
|
|
2107
|
+
status: z.enum([
|
|
2108
|
+
"in_sync",
|
|
2109
|
+
"drift",
|
|
2110
|
+
"exception",
|
|
2111
|
+
"blocked",
|
|
2112
|
+
"not_observed"
|
|
2113
|
+
]),
|
|
2114
|
+
reportHash: z.string(),
|
|
2115
|
+
manifestHash: z.string().optional(),
|
|
2116
|
+
dryRunReceiptId: z.string().optional(),
|
|
2117
|
+
appliedReceiptId: z.string().optional(),
|
|
2118
|
+
summary: z.object({
|
|
2119
|
+
totalPipelines: z.number(),
|
|
2120
|
+
inSync: z.number(),
|
|
2121
|
+
drift: z.number(),
|
|
2122
|
+
exception: z.number(),
|
|
2123
|
+
blocked: z.number(),
|
|
2124
|
+
notObserved: z.number(),
|
|
2125
|
+
missingKeys: z.number(),
|
|
2126
|
+
valueDriftKeys: z.number(),
|
|
2127
|
+
extraKeys: z.number(),
|
|
2128
|
+
deniedConvexLeakage: z.number(),
|
|
2129
|
+
approvedExceptions: z.number()
|
|
2130
|
+
}),
|
|
2131
|
+
redactedReport: z.record(z.any()),
|
|
2132
|
+
metadata: z.record(z.any()).optional()
|
|
2133
|
+
}),
|
|
2134
|
+
indices: [
|
|
2135
|
+
{ kind: "index", name: "by_reportId", columns: ["reportId"] },
|
|
2136
|
+
{ kind: "index", name: "by_reportHash", columns: ["reportHash"] },
|
|
2137
|
+
{ kind: "index", name: "by_generatedAt", columns: ["generatedAt"] },
|
|
2138
|
+
{
|
|
2139
|
+
kind: "index",
|
|
2140
|
+
name: "by_status_generatedAt",
|
|
2141
|
+
columns: ["status", "generatedAt"]
|
|
2142
|
+
}
|
|
2143
|
+
]
|
|
2144
|
+
});
|
|
1955
2145
|
defineTable({
|
|
1956
2146
|
name: "controlPlaneTenantModelSlotBindings",
|
|
1957
2147
|
component: "mc",
|
|
1958
2148
|
category: "runtime",
|
|
1959
2149
|
shape: z.object({
|
|
1960
|
-
|
|
1961
|
-
|
|
1962
|
-
"
|
|
1963
|
-
|
|
1964
|
-
|
|
1965
|
-
|
|
1966
|
-
|
|
1967
|
-
|
|
1968
|
-
|
|
1969
|
-
|
|
1970
|
-
|
|
1971
|
-
|
|
1972
|
-
|
|
2150
|
+
bindingId: z.string(),
|
|
2151
|
+
tenantId: idOf("tenants"),
|
|
2152
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2153
|
+
environment: z.enum(["dev", "staging", "prod"]).optional(),
|
|
2154
|
+
providerId: z.string(),
|
|
2155
|
+
modelSlotId: z.string(),
|
|
2156
|
+
secretRef: z.string(),
|
|
2157
|
+
status: z.enum(["active", "revoked"]),
|
|
2158
|
+
passThroughOnly: z.boolean(),
|
|
2159
|
+
revokedAt: z.number().optional(),
|
|
2160
|
+
revokedBy: z.string().optional(),
|
|
2161
|
+
metadata: z.record(z.any()).optional(),
|
|
2162
|
+
createdBy: z.string(),
|
|
2163
|
+
createdAt: z.number(),
|
|
2164
|
+
updatedAt: z.number()
|
|
1973
2165
|
}),
|
|
1974
2166
|
indices: [
|
|
1975
2167
|
{ kind: "index", name: "by_bindingId", columns: ["bindingId"] },
|
|
1976
2168
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
1977
|
-
{
|
|
1978
|
-
|
|
2169
|
+
{
|
|
2170
|
+
kind: "index",
|
|
2171
|
+
name: "by_tenant_slot",
|
|
2172
|
+
columns: ["tenantId", "modelSlotId"]
|
|
2173
|
+
},
|
|
2174
|
+
{
|
|
2175
|
+
kind: "index",
|
|
2176
|
+
name: "by_tenant_provider_slot",
|
|
2177
|
+
columns: ["tenantId", "providerId", "modelSlotId"]
|
|
2178
|
+
},
|
|
1979
2179
|
{ kind: "index", name: "by_secretRef", columns: ["secretRef"] },
|
|
1980
2180
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
1981
2181
|
]
|
|
@@ -1985,29 +2185,42 @@ defineTable({
|
|
|
1985
2185
|
component: "mc",
|
|
1986
2186
|
category: "runtime",
|
|
1987
2187
|
shape: z.object({
|
|
1988
|
-
|
|
1989
|
-
|
|
1990
|
-
"
|
|
1991
|
-
|
|
1992
|
-
|
|
1993
|
-
|
|
1994
|
-
|
|
1995
|
-
|
|
1996
|
-
|
|
1997
|
-
|
|
1998
|
-
|
|
1999
|
-
|
|
2000
|
-
|
|
2001
|
-
|
|
2002
|
-
|
|
2003
|
-
|
|
2004
|
-
|
|
2188
|
+
secretRef: z.string(),
|
|
2189
|
+
tenantId: idOf("tenants"),
|
|
2190
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2191
|
+
environment: z.enum(["dev", "staging", "prod"]).optional(),
|
|
2192
|
+
providerId: z.string(),
|
|
2193
|
+
label: z.string().optional(),
|
|
2194
|
+
encryptedSecret: z.string().optional(),
|
|
2195
|
+
infisicalPath: z.string().optional(),
|
|
2196
|
+
infisicalSecretKey: z.string().optional(),
|
|
2197
|
+
infisicalProjectId: z.string().optional(),
|
|
2198
|
+
encryptionVersion: z.string(),
|
|
2199
|
+
secretFingerprint: z.string(),
|
|
2200
|
+
keyHint: z.string(),
|
|
2201
|
+
status: z.enum(["active", "revoked"]),
|
|
2202
|
+
rotatedFromSecretRef: z.string().optional(),
|
|
2203
|
+
revokedAt: z.number().optional(),
|
|
2204
|
+
revokedBy: z.string().optional(),
|
|
2205
|
+
lastUsedAt: z.number().optional(),
|
|
2206
|
+
metadata: z.record(z.any()).optional(),
|
|
2207
|
+
createdBy: z.string(),
|
|
2208
|
+
createdAt: z.number(),
|
|
2209
|
+
updatedAt: z.number()
|
|
2005
2210
|
}),
|
|
2006
2211
|
indices: [
|
|
2007
2212
|
{ kind: "index", name: "by_secretRef", columns: ["secretRef"] },
|
|
2008
2213
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
2009
|
-
{
|
|
2010
|
-
|
|
2214
|
+
{
|
|
2215
|
+
kind: "index",
|
|
2216
|
+
name: "by_tenant_provider",
|
|
2217
|
+
columns: ["tenantId", "providerId"]
|
|
2218
|
+
},
|
|
2219
|
+
{
|
|
2220
|
+
kind: "index",
|
|
2221
|
+
name: "by_tenant_provider_status",
|
|
2222
|
+
columns: ["tenantId", "providerId", "status"]
|
|
2223
|
+
},
|
|
2011
2224
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
2012
2225
|
]
|
|
2013
2226
|
});
|
|
@@ -2016,35 +2229,93 @@ defineTable({
|
|
|
2016
2229
|
component: "mc",
|
|
2017
2230
|
category: "runtime",
|
|
2018
2231
|
shape: z.object({
|
|
2019
|
-
|
|
2020
|
-
|
|
2021
|
-
|
|
2022
|
-
|
|
2023
|
-
|
|
2024
|
-
|
|
2025
|
-
|
|
2026
|
-
|
|
2027
|
-
|
|
2028
|
-
|
|
2029
|
-
|
|
2030
|
-
|
|
2031
|
-
|
|
2032
|
-
|
|
2033
|
-
|
|
2034
|
-
|
|
2035
|
-
|
|
2036
|
-
|
|
2037
|
-
|
|
2038
|
-
|
|
2039
|
-
|
|
2040
|
-
|
|
2232
|
+
usageId: z.string(),
|
|
2233
|
+
tenantId: idOf("tenants"),
|
|
2234
|
+
providerId: z.string(),
|
|
2235
|
+
modelSlotId: z.string(),
|
|
2236
|
+
secretRef: z.string(),
|
|
2237
|
+
proxyTokenId: z.string(),
|
|
2238
|
+
sessionId: z.string(),
|
|
2239
|
+
principalId: z.string(),
|
|
2240
|
+
workspaceId: z.string().optional(),
|
|
2241
|
+
modelId: z.string().optional(),
|
|
2242
|
+
requestPath: z.string(),
|
|
2243
|
+
status: z.enum(["success", "error"]),
|
|
2244
|
+
responseStatus: z.number().optional(),
|
|
2245
|
+
inputTokens: z.number().optional(),
|
|
2246
|
+
outputTokens: z.number().optional(),
|
|
2247
|
+
tokenCount: z.number().optional(),
|
|
2248
|
+
latencyMs: z.number(),
|
|
2249
|
+
estimatedCostUsd: z.number().optional(),
|
|
2250
|
+
failureCode: z.string().optional(),
|
|
2251
|
+
metadata: z.record(z.any()).optional(),
|
|
2252
|
+
createdAt: z.number(),
|
|
2253
|
+
updatedAt: z.number()
|
|
2041
2254
|
}),
|
|
2042
2255
|
indices: [
|
|
2043
2256
|
{ kind: "index", name: "by_usageId", columns: ["usageId"] },
|
|
2044
2257
|
{ kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
|
|
2045
|
-
{
|
|
2046
|
-
|
|
2047
|
-
|
|
2258
|
+
{
|
|
2259
|
+
kind: "index",
|
|
2260
|
+
name: "by_tenant_provider",
|
|
2261
|
+
columns: ["tenantId", "providerId", "createdAt"]
|
|
2262
|
+
},
|
|
2263
|
+
{
|
|
2264
|
+
kind: "index",
|
|
2265
|
+
name: "by_proxyTokenId",
|
|
2266
|
+
columns: ["proxyTokenId", "createdAt"]
|
|
2267
|
+
},
|
|
2268
|
+
{
|
|
2269
|
+
kind: "index",
|
|
2270
|
+
name: "by_sessionId",
|
|
2271
|
+
columns: ["sessionId", "createdAt"]
|
|
2272
|
+
}
|
|
2273
|
+
]
|
|
2274
|
+
});
|
|
2275
|
+
defineTable({
|
|
2276
|
+
name: "controlPlaneTenantProxyTokenLeases",
|
|
2277
|
+
component: "mc",
|
|
2278
|
+
category: "runtime",
|
|
2279
|
+
shape: z.object({
|
|
2280
|
+
leaseId: z.string(),
|
|
2281
|
+
proxyTokenId: z.string(),
|
|
2282
|
+
tenantId: idOf("tenants"),
|
|
2283
|
+
workspaceId: idOf("workspaces").optional(),
|
|
2284
|
+
environment: z.enum(["dev", "staging", "prod"]),
|
|
2285
|
+
providerId: z.string(),
|
|
2286
|
+
modelSlotId: z.string(),
|
|
2287
|
+
bindingId: z.string(),
|
|
2288
|
+
secretRef: z.string(),
|
|
2289
|
+
sessionId: z.string(),
|
|
2290
|
+
principalId: z.string(),
|
|
2291
|
+
agentSessionId: z.string().optional(),
|
|
2292
|
+
status: z.enum(["active", "revoked"]),
|
|
2293
|
+
expiresAt: z.number(),
|
|
2294
|
+
renewedAt: z.number().optional(),
|
|
2295
|
+
revokedAt: z.number().optional(),
|
|
2296
|
+
revokedBy: z.string().optional(),
|
|
2297
|
+
revokeReason: z.string().optional(),
|
|
2298
|
+
permitDecisionLogId: idOf("policyDecisionLogs").optional(),
|
|
2299
|
+
permitTraceId: z.string().optional(),
|
|
2300
|
+
metadata: z.record(z.any()).optional(),
|
|
2301
|
+
createdAt: z.number(),
|
|
2302
|
+
updatedAt: z.number()
|
|
2303
|
+
}),
|
|
2304
|
+
indices: [
|
|
2305
|
+
{ kind: "index", name: "by_leaseId", columns: ["leaseId"] },
|
|
2306
|
+
{ kind: "index", name: "by_proxyTokenId", columns: ["proxyTokenId"] },
|
|
2307
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId", "createdAt"] },
|
|
2308
|
+
{ kind: "index", name: "by_sessionId", columns: ["sessionId", "createdAt"] },
|
|
2309
|
+
{
|
|
2310
|
+
kind: "index",
|
|
2311
|
+
name: "by_principalId",
|
|
2312
|
+
columns: ["principalId", "createdAt"]
|
|
2313
|
+
},
|
|
2314
|
+
{
|
|
2315
|
+
kind: "index",
|
|
2316
|
+
name: "by_status_expiresAt",
|
|
2317
|
+
columns: ["status", "expiresAt"]
|
|
2318
|
+
}
|
|
2048
2319
|
]
|
|
2049
2320
|
});
|
|
2050
2321
|
defineTable({
|
|
@@ -2377,6 +2648,7 @@ defineTable({
|
|
|
2377
2648
|
"questionType": z.enum(["validation", "falsification", "assumption_probe", "prediction_test", "counterfactual", "discovery", "clarification", "comparison", "causal", "mechanism", "general"]).optional(),
|
|
2378
2649
|
"questionPriority": z.enum(["critical", "high", "medium", "low"]).optional(),
|
|
2379
2650
|
"answerQuality": z.enum(["definitive", "strong", "moderate", "weak", "speculative", "unanswered"]).optional(),
|
|
2651
|
+
"themeStatus": z.enum(["emerging", "active", "mature", "declining", "archived"]).optional(),
|
|
2380
2652
|
"themeConviction": z.enum(["high", "medium", "low", "negative"]).optional(),
|
|
2381
2653
|
"decisionType": z.enum(["invest", "pass", "follow_on", "exit", "deep_dive", "monitor", "deprioritize", "thesis_adopt", "thesis_revise", "thesis_abandon"]).optional(),
|
|
2382
2654
|
"decisionOutcome": z.enum(["pending", "successful", "unsuccessful", "mixed", "unknown"]).optional(),
|
|
@@ -2527,6 +2799,7 @@ defineTable({
|
|
|
2527
2799
|
indices: [
|
|
2528
2800
|
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
2529
2801
|
{ kind: "index", name: "by_principal_tenant", columns: ["principalId", "tenantId"] },
|
|
2802
|
+
{ kind: "index", name: "by_principal_tenant_workspace", columns: ["principalId", "tenantId", "workspaceId"] },
|
|
2530
2803
|
{ kind: "index", name: "by_workspace_principal", columns: ["workspaceId", "principalId"] },
|
|
2531
2804
|
{ kind: "index", name: "by_tenant_role", columns: ["tenantId", "role"] },
|
|
2532
2805
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
@@ -2558,6 +2831,36 @@ defineTable({
|
|
|
2558
2831
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
2559
2832
|
]
|
|
2560
2833
|
});
|
|
2834
|
+
defineTable({
|
|
2835
|
+
name: "principalIdentityAliases",
|
|
2836
|
+
component: "mc",
|
|
2837
|
+
category: "identity",
|
|
2838
|
+
shape: z.object({
|
|
2839
|
+
"principalId": z.string(),
|
|
2840
|
+
"principalRefId": idOf("principals").optional(),
|
|
2841
|
+
"provider": z.string(),
|
|
2842
|
+
"providerProjectId": z.string().optional(),
|
|
2843
|
+
"externalSubjectId": z.string(),
|
|
2844
|
+
"tenantId": idOf("tenants").optional(),
|
|
2845
|
+
"workspaceId": idOf("workspaces").optional(),
|
|
2846
|
+
"email": z.string().optional(),
|
|
2847
|
+
"status": z.enum(["active", "revoked"]),
|
|
2848
|
+
"metadata": z.record(z.any()).optional(),
|
|
2849
|
+
"createdBy": z.string(),
|
|
2850
|
+
"revokedAt": z.number().optional(),
|
|
2851
|
+
"revokedBy": z.string().optional(),
|
|
2852
|
+
"createdAt": z.number(),
|
|
2853
|
+
"updatedAt": z.number()
|
|
2854
|
+
}),
|
|
2855
|
+
indices: [
|
|
2856
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "externalSubjectId"] },
|
|
2857
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "externalSubjectId"] },
|
|
2858
|
+
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
2859
|
+
{ kind: "index", name: "by_principal_status", columns: ["principalId", "status"] },
|
|
2860
|
+
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "externalSubjectId"] },
|
|
2861
|
+
{ kind: "index", name: "by_workspace_provider_subject", columns: ["workspaceId", "provider", "externalSubjectId"] }
|
|
2862
|
+
]
|
|
2863
|
+
});
|
|
2561
2864
|
defineTable({
|
|
2562
2865
|
name: "rateLimitWindows",
|
|
2563
2866
|
component: "mc",
|
|
@@ -3147,7 +3450,7 @@ defineTable({
|
|
|
3147
3450
|
});
|
|
3148
3451
|
defineTable({
|
|
3149
3452
|
name: "mcpWritePolicy",
|
|
3150
|
-
component: "
|
|
3453
|
+
component: "control-plane",
|
|
3151
3454
|
category: "platform",
|
|
3152
3455
|
shape: z.object({
|
|
3153
3456
|
"topicId": z.string().optional(),
|
|
@@ -3170,7 +3473,7 @@ defineTable({
|
|
|
3170
3473
|
});
|
|
3171
3474
|
defineTable({
|
|
3172
3475
|
name: "platformAudienceGrants",
|
|
3173
|
-
component: "
|
|
3476
|
+
component: "control-plane",
|
|
3174
3477
|
category: "platform",
|
|
3175
3478
|
shape: z.object({
|
|
3176
3479
|
"tenantId": z.string(),
|
|
@@ -3196,7 +3499,7 @@ defineTable({
|
|
|
3196
3499
|
});
|
|
3197
3500
|
defineTable({
|
|
3198
3501
|
name: "platformAudiences",
|
|
3199
|
-
component: "
|
|
3502
|
+
component: "control-plane",
|
|
3200
3503
|
category: "platform",
|
|
3201
3504
|
shape: z.object({
|
|
3202
3505
|
"tenantId": z.string(),
|
|
@@ -3221,7 +3524,7 @@ defineTable({
|
|
|
3221
3524
|
});
|
|
3222
3525
|
defineTable({
|
|
3223
3526
|
name: "platformPolicyDecisionLogs",
|
|
3224
|
-
component: "
|
|
3527
|
+
component: "control-plane",
|
|
3225
3528
|
category: "platform",
|
|
3226
3529
|
shape: z.object({
|
|
3227
3530
|
"principalId": z.string(),
|
|
@@ -3257,7 +3560,7 @@ defineTable({
|
|
|
3257
3560
|
});
|
|
3258
3561
|
defineTable({
|
|
3259
3562
|
name: "tenantApiKeys",
|
|
3260
|
-
component: "
|
|
3563
|
+
component: "control-plane",
|
|
3261
3564
|
category: "platform",
|
|
3262
3565
|
shape: z.object({
|
|
3263
3566
|
"tenantId": z.string(),
|
|
@@ -3284,7 +3587,7 @@ defineTable({
|
|
|
3284
3587
|
});
|
|
3285
3588
|
defineTable({
|
|
3286
3589
|
name: "tenantConfig",
|
|
3287
|
-
component: "
|
|
3590
|
+
component: "control-plane",
|
|
3288
3591
|
category: "platform",
|
|
3289
3592
|
shape: z.object({
|
|
3290
3593
|
"tenantId": z.string(),
|
|
@@ -3303,7 +3606,7 @@ defineTable({
|
|
|
3303
3606
|
});
|
|
3304
3607
|
defineTable({
|
|
3305
3608
|
name: "tenantIntegrations",
|
|
3306
|
-
component: "
|
|
3609
|
+
component: "control-plane",
|
|
3307
3610
|
category: "platform",
|
|
3308
3611
|
shape: z.object({
|
|
3309
3612
|
"tenantId": z.string(),
|
|
@@ -3358,7 +3661,7 @@ defineTable({
|
|
|
3358
3661
|
});
|
|
3359
3662
|
defineTable({
|
|
3360
3663
|
name: "tenantModelSlotBindings",
|
|
3361
|
-
component: "
|
|
3664
|
+
component: "control-plane",
|
|
3362
3665
|
category: "platform",
|
|
3363
3666
|
shape: z.object({
|
|
3364
3667
|
"bindingId": z.string(),
|
|
@@ -3386,7 +3689,7 @@ defineTable({
|
|
|
3386
3689
|
});
|
|
3387
3690
|
defineTable({
|
|
3388
3691
|
name: "tenantPolicies",
|
|
3389
|
-
component: "
|
|
3692
|
+
component: "control-plane",
|
|
3390
3693
|
category: "platform",
|
|
3391
3694
|
shape: z.object({
|
|
3392
3695
|
"tenantId": z.string(),
|
|
@@ -3411,7 +3714,7 @@ defineTable({
|
|
|
3411
3714
|
});
|
|
3412
3715
|
defineTable({
|
|
3413
3716
|
name: "tenantProviderSecrets",
|
|
3414
|
-
component: "
|
|
3717
|
+
component: "control-plane",
|
|
3415
3718
|
category: "platform",
|
|
3416
3719
|
shape: z.object({
|
|
3417
3720
|
"secretRef": z.string(),
|
|
@@ -3442,7 +3745,7 @@ defineTable({
|
|
|
3442
3745
|
});
|
|
3443
3746
|
defineTable({
|
|
3444
3747
|
name: "tenantProxyGatewayUsage",
|
|
3445
|
-
component: "
|
|
3748
|
+
component: "control-plane",
|
|
3446
3749
|
category: "platform",
|
|
3447
3750
|
shape: z.object({
|
|
3448
3751
|
"usageId": z.string(),
|
|
@@ -3477,7 +3780,7 @@ defineTable({
|
|
|
3477
3780
|
});
|
|
3478
3781
|
defineTable({
|
|
3479
3782
|
name: "tenantProxyTokenMints",
|
|
3480
|
-
component: "
|
|
3783
|
+
component: "control-plane",
|
|
3481
3784
|
category: "platform",
|
|
3482
3785
|
shape: z.object({
|
|
3483
3786
|
"proxyTokenId": z.string(),
|
|
@@ -3500,7 +3803,7 @@ defineTable({
|
|
|
3500
3803
|
});
|
|
3501
3804
|
defineTable({
|
|
3502
3805
|
name: "tenantSandboxAuditEvents",
|
|
3503
|
-
component: "
|
|
3806
|
+
component: "control-plane",
|
|
3504
3807
|
category: "platform",
|
|
3505
3808
|
shape: z.object({
|
|
3506
3809
|
"eventId": z.string(),
|
|
@@ -3534,7 +3837,7 @@ defineTable({
|
|
|
3534
3837
|
});
|
|
3535
3838
|
defineTable({
|
|
3536
3839
|
name: "tenantSecrets",
|
|
3537
|
-
component: "
|
|
3840
|
+
component: "control-plane",
|
|
3538
3841
|
category: "platform",
|
|
3539
3842
|
shape: z.object({
|
|
3540
3843
|
"tenantId": z.string(),
|
|
@@ -3556,7 +3859,7 @@ defineTable({
|
|
|
3556
3859
|
});
|
|
3557
3860
|
defineTable({
|
|
3558
3861
|
name: "toolAcls",
|
|
3559
|
-
component: "
|
|
3862
|
+
component: "control-plane",
|
|
3560
3863
|
category: "platform",
|
|
3561
3864
|
shape: z.object({
|
|
3562
3865
|
"role": z.enum(["platform_admin", "tenant_admin", "workspace_admin", "editor", "viewer", "auditor", "service_agent"]),
|
|
@@ -3571,7 +3874,7 @@ defineTable({
|
|
|
3571
3874
|
});
|
|
3572
3875
|
defineTable({
|
|
3573
3876
|
name: "toolRegistry",
|
|
3574
|
-
component: "
|
|
3877
|
+
component: "control-plane",
|
|
3575
3878
|
category: "platform",
|
|
3576
3879
|
shape: z.object({
|
|
3577
3880
|
"toolName": z.string(),
|
|
@@ -3652,7 +3955,7 @@ defineTable({
|
|
|
3652
3955
|
});
|
|
3653
3956
|
defineTable({
|
|
3654
3957
|
name: "modelCallLogs",
|
|
3655
|
-
component: "
|
|
3958
|
+
component: "control-plane",
|
|
3656
3959
|
category: "model",
|
|
3657
3960
|
shape: z.object({
|
|
3658
3961
|
"slot": z.string(),
|
|
@@ -3678,7 +3981,7 @@ defineTable({
|
|
|
3678
3981
|
});
|
|
3679
3982
|
defineTable({
|
|
3680
3983
|
name: "modelFunctionSlots",
|
|
3681
|
-
component: "
|
|
3984
|
+
component: "control-plane",
|
|
3682
3985
|
category: "model",
|
|
3683
3986
|
shape: z.object({
|
|
3684
3987
|
"slot": z.string(),
|
|
@@ -3703,7 +4006,7 @@ defineTable({
|
|
|
3703
4006
|
});
|
|
3704
4007
|
defineTable({
|
|
3705
4008
|
name: "modelRegistry",
|
|
3706
|
-
component: "
|
|
4009
|
+
component: "control-plane",
|
|
3707
4010
|
category: "model",
|
|
3708
4011
|
shape: z.object({
|
|
3709
4012
|
"key": z.string(),
|
|
@@ -3730,7 +4033,7 @@ defineTable({
|
|
|
3730
4033
|
});
|
|
3731
4034
|
defineTable({
|
|
3732
4035
|
name: "modelSlotConfigs",
|
|
3733
|
-
component: "
|
|
4036
|
+
component: "control-plane",
|
|
3734
4037
|
category: "model",
|
|
3735
4038
|
shape: z.object({
|
|
3736
4039
|
"slot": z.string(),
|
|
@@ -4117,7 +4420,7 @@ defineTable({
|
|
|
4117
4420
|
"workspaceId": idOf("workspaces").optional(),
|
|
4118
4421
|
"resourceType": z.string(),
|
|
4119
4422
|
"resourceId": z.string(),
|
|
4120
|
-
"action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote"]),
|
|
4423
|
+
"action": z.enum(["read", "summarize", "export", "mutate", "admin", "comment", "escalate", "resolve", "vote", "route", "invoke", "manage", "deploy", "promote", "rollback", "audit", "read_ref", "fetch_value", "rotate", "administer", "mint", "delegate", "revoke"]),
|
|
4121
4424
|
"decision": z.enum(["allow", "deny"]),
|
|
4122
4425
|
"reasonCode": z.string(),
|
|
4123
4426
|
"policyVersion": z.string(),
|
|
@@ -4179,7 +4482,7 @@ defineTable({
|
|
|
4179
4482
|
});
|
|
4180
4483
|
defineTable({
|
|
4181
4484
|
name: "projectGrants",
|
|
4182
|
-
component: "
|
|
4485
|
+
component: "control-plane",
|
|
4183
4486
|
category: "project",
|
|
4184
4487
|
shape: z.object({
|
|
4185
4488
|
"projectId": z.string().optional(),
|
|
@@ -4211,90 +4514,734 @@ defineTable({
|
|
|
4211
4514
|
{ kind: "index", name: "by_topic_cluster_status", columns: ["topicId", "beliefClusterId", "status"] }
|
|
4212
4515
|
]
|
|
4213
4516
|
});
|
|
4517
|
+
var permitActorType = z.enum([
|
|
4518
|
+
"human",
|
|
4519
|
+
"agent",
|
|
4520
|
+
"service_principal",
|
|
4521
|
+
"external_stakeholder",
|
|
4522
|
+
"system"
|
|
4523
|
+
]);
|
|
4524
|
+
var permitMembershipStatus = z.enum([
|
|
4525
|
+
"active",
|
|
4526
|
+
"invited",
|
|
4527
|
+
"revoked",
|
|
4528
|
+
"suspended",
|
|
4529
|
+
"disabled"
|
|
4530
|
+
]);
|
|
4531
|
+
var permitDecision = z.enum(["allow", "deny"]);
|
|
4532
|
+
var permitAccessReviewStatus = z.enum([
|
|
4533
|
+
"open",
|
|
4534
|
+
"in_progress",
|
|
4535
|
+
"approved",
|
|
4536
|
+
"denied",
|
|
4537
|
+
"expired",
|
|
4538
|
+
"cancelled"
|
|
4539
|
+
]);
|
|
4540
|
+
var permitReviewScope = z.enum([
|
|
4541
|
+
"tenant",
|
|
4542
|
+
"workspace",
|
|
4543
|
+
"resource_instance",
|
|
4544
|
+
"group",
|
|
4545
|
+
"principal",
|
|
4546
|
+
"api_key",
|
|
4547
|
+
"admin_action"
|
|
4548
|
+
]);
|
|
4549
|
+
var permitRecordStatus = z.enum([
|
|
4550
|
+
"queued",
|
|
4551
|
+
"inflight",
|
|
4552
|
+
"completed",
|
|
4553
|
+
"failed",
|
|
4554
|
+
"skipped",
|
|
4555
|
+
"stale"
|
|
4556
|
+
]);
|
|
4557
|
+
var permitObjectType = z.enum([
|
|
4558
|
+
"resource",
|
|
4559
|
+
"role",
|
|
4560
|
+
"resource_role",
|
|
4561
|
+
"resource_relation",
|
|
4562
|
+
"tenant",
|
|
4563
|
+
"workspace",
|
|
4564
|
+
"principal",
|
|
4565
|
+
"membership",
|
|
4566
|
+
"group",
|
|
4567
|
+
"resource_instance",
|
|
4568
|
+
"relationship_tuple",
|
|
4569
|
+
"role_assignment",
|
|
4570
|
+
"attribute_binding",
|
|
4571
|
+
"policy_bundle"
|
|
4572
|
+
]);
|
|
4573
|
+
var permitOutboxOperation = z.enum([
|
|
4574
|
+
"upsert",
|
|
4575
|
+
"delete",
|
|
4576
|
+
"sync",
|
|
4577
|
+
"resync",
|
|
4578
|
+
"delete_sync",
|
|
4579
|
+
"noop"
|
|
4580
|
+
]);
|
|
4581
|
+
var permitPolicyBundleStatus = z.enum([
|
|
4582
|
+
"draft",
|
|
4583
|
+
"validated",
|
|
4584
|
+
"enforced",
|
|
4585
|
+
"archived"
|
|
4586
|
+
]);
|
|
4587
|
+
var permitSyncStatus = z.enum([
|
|
4588
|
+
"pending",
|
|
4589
|
+
"synced",
|
|
4590
|
+
"error",
|
|
4591
|
+
"skipped"
|
|
4592
|
+
]);
|
|
4593
|
+
var permitAccessReviewSubjectType = z.enum([
|
|
4594
|
+
"principal",
|
|
4595
|
+
"group",
|
|
4596
|
+
"role_assignment",
|
|
4597
|
+
"resource_instance"
|
|
4598
|
+
]);
|
|
4599
|
+
var permitAttributeType = z.enum([
|
|
4600
|
+
"string",
|
|
4601
|
+
"number",
|
|
4602
|
+
"bool",
|
|
4603
|
+
"json",
|
|
4604
|
+
"time"
|
|
4605
|
+
]);
|
|
4606
|
+
var permitAttributeOperator = z.enum([
|
|
4607
|
+
"eq",
|
|
4608
|
+
"neq",
|
|
4609
|
+
"in",
|
|
4610
|
+
"not_in",
|
|
4611
|
+
"gt",
|
|
4612
|
+
"gte",
|
|
4613
|
+
"lt",
|
|
4614
|
+
"lte",
|
|
4615
|
+
"contains",
|
|
4616
|
+
"not_contains",
|
|
4617
|
+
"matches"
|
|
4618
|
+
]);
|
|
4619
|
+
var permitRoleBindingTarget = z.enum([
|
|
4620
|
+
"principal",
|
|
4621
|
+
"group"
|
|
4622
|
+
]);
|
|
4214
4623
|
defineTable({
|
|
4215
|
-
name: "
|
|
4216
|
-
component: "
|
|
4217
|
-
category: "
|
|
4624
|
+
name: "permitPrincipals",
|
|
4625
|
+
component: "control-plane",
|
|
4626
|
+
category: "access-control",
|
|
4218
4627
|
shape: z.object({
|
|
4219
|
-
|
|
4220
|
-
|
|
4221
|
-
|
|
4222
|
-
|
|
4223
|
-
|
|
4224
|
-
|
|
4225
|
-
|
|
4226
|
-
|
|
4227
|
-
|
|
4228
|
-
|
|
4229
|
-
|
|
4628
|
+
principalId: z.string(),
|
|
4629
|
+
tenantId: z.string(),
|
|
4630
|
+
workspaceId: z.optional(z.string()),
|
|
4631
|
+
principalType: permitActorType,
|
|
4632
|
+
status: permitMembershipStatus,
|
|
4633
|
+
displayName: z.string().optional(),
|
|
4634
|
+
metadata: z.record(z.any()).optional(),
|
|
4635
|
+
createdBy: z.string(),
|
|
4636
|
+
createdAt: z.number(),
|
|
4637
|
+
updatedAt: z.number(),
|
|
4638
|
+
updatedBy: z.string().optional(),
|
|
4639
|
+
lastSeenAt: z.number().optional()
|
|
4230
4640
|
}),
|
|
4231
4641
|
indices: [
|
|
4232
|
-
{ kind: "index", name: "
|
|
4233
|
-
{ kind: "index", name: "
|
|
4234
|
-
{ kind: "index", name: "
|
|
4235
|
-
{ kind: "index", name: "
|
|
4642
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4643
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4644
|
+
{ kind: "index", name: "by_tenant_principalId", columns: ["tenantId", "principalId"] },
|
|
4645
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4646
|
+
{
|
|
4647
|
+
kind: "index",
|
|
4648
|
+
name: "by_tenant_principalType_status",
|
|
4649
|
+
columns: ["tenantId", "principalType", "status"]
|
|
4650
|
+
}
|
|
4236
4651
|
]
|
|
4237
4652
|
});
|
|
4238
4653
|
defineTable({
|
|
4239
|
-
name: "
|
|
4240
|
-
component: "
|
|
4241
|
-
category: "
|
|
4654
|
+
name: "permitPrincipalAliases",
|
|
4655
|
+
component: "control-plane",
|
|
4656
|
+
category: "access-control",
|
|
4242
4657
|
shape: z.object({
|
|
4243
|
-
|
|
4244
|
-
|
|
4245
|
-
|
|
4246
|
-
|
|
4247
|
-
|
|
4248
|
-
|
|
4249
|
-
|
|
4250
|
-
|
|
4251
|
-
|
|
4252
|
-
|
|
4253
|
-
|
|
4254
|
-
|
|
4255
|
-
|
|
4658
|
+
principalId: z.string(),
|
|
4659
|
+
tenantId: z.string(),
|
|
4660
|
+
workspaceId: z.optional(z.string()),
|
|
4661
|
+
provider: z.string(),
|
|
4662
|
+
providerSubjectId: z.string(),
|
|
4663
|
+
providerProjectId: z.string().optional(),
|
|
4664
|
+
alias: z.string(),
|
|
4665
|
+
aliasKind: z.string(),
|
|
4666
|
+
status: permitMembershipStatus,
|
|
4667
|
+
metadata: z.record(z.any()).optional(),
|
|
4668
|
+
createdBy: z.string(),
|
|
4669
|
+
createdAt: z.number(),
|
|
4670
|
+
updatedAt: z.number(),
|
|
4671
|
+
revokedBy: z.string().optional(),
|
|
4672
|
+
revokedAt: z.number().optional(),
|
|
4673
|
+
updatedBy: z.string().optional()
|
|
4256
4674
|
}),
|
|
4257
4675
|
indices: [
|
|
4258
|
-
{ kind: "index", name: "
|
|
4259
|
-
{ kind: "index", name: "
|
|
4260
|
-
{ kind: "index", name: "
|
|
4676
|
+
{ kind: "index", name: "by_principalId", columns: ["principalId"] },
|
|
4677
|
+
{ kind: "index", name: "by_provider_subject", columns: ["provider", "providerSubjectId"] },
|
|
4678
|
+
{ kind: "index", name: "by_provider_project_subject", columns: ["provider", "providerProjectId", "providerSubjectId"] },
|
|
4679
|
+
{ kind: "index", name: "by_tenant_provider_subject", columns: ["tenantId", "provider", "providerSubjectId"] },
|
|
4680
|
+
{ kind: "index", name: "by_tenant_provider_project_subject", columns: ["tenantId", "provider", "providerProjectId", "providerSubjectId"] },
|
|
4681
|
+
{
|
|
4682
|
+
kind: "index",
|
|
4683
|
+
name: "by_tenant_provider_alias",
|
|
4684
|
+
columns: ["tenantId", "provider", "alias"]
|
|
4685
|
+
},
|
|
4686
|
+
{ kind: "index", name: "by_tenant_alias", columns: ["tenantId", "alias"] },
|
|
4687
|
+
{
|
|
4688
|
+
kind: "index",
|
|
4689
|
+
name: "by_tenant_provider_status",
|
|
4690
|
+
columns: ["tenantId", "provider", "status"]
|
|
4691
|
+
}
|
|
4261
4692
|
]
|
|
4262
4693
|
});
|
|
4263
4694
|
defineTable({
|
|
4264
|
-
name: "
|
|
4265
|
-
component: "
|
|
4266
|
-
category: "
|
|
4695
|
+
name: "permitGroups",
|
|
4696
|
+
component: "control-plane",
|
|
4697
|
+
category: "access-control",
|
|
4267
4698
|
shape: z.object({
|
|
4268
|
-
|
|
4269
|
-
|
|
4270
|
-
|
|
4271
|
-
|
|
4272
|
-
|
|
4273
|
-
|
|
4274
|
-
|
|
4275
|
-
|
|
4276
|
-
|
|
4277
|
-
|
|
4278
|
-
|
|
4279
|
-
|
|
4280
|
-
|
|
4281
|
-
|
|
4282
|
-
|
|
4283
|
-
"
|
|
4284
|
-
"
|
|
4285
|
-
"
|
|
4286
|
-
"
|
|
4287
|
-
|
|
4288
|
-
|
|
4289
|
-
|
|
4290
|
-
|
|
4291
|
-
|
|
4292
|
-
|
|
4293
|
-
|
|
4294
|
-
|
|
4295
|
-
|
|
4296
|
-
|
|
4297
|
-
|
|
4699
|
+
tenantId: z.string(),
|
|
4700
|
+
workspaceId: z.optional(z.string()),
|
|
4701
|
+
groupId: z.string(),
|
|
4702
|
+
groupKey: z.string(),
|
|
4703
|
+
groupName: z.string(),
|
|
4704
|
+
groupType: z.enum(["tenant", "workspace", "external", "system", "dynamic"]),
|
|
4705
|
+
status: permitMembershipStatus,
|
|
4706
|
+
description: z.string().optional(),
|
|
4707
|
+
metadata: z.record(z.any()).optional(),
|
|
4708
|
+
createdBy: z.string(),
|
|
4709
|
+
createdAt: z.number(),
|
|
4710
|
+
updatedAt: z.number(),
|
|
4711
|
+
updatedBy: z.string().optional()
|
|
4712
|
+
}),
|
|
4713
|
+
indices: [
|
|
4714
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4715
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4716
|
+
{ kind: "index", name: "by_tenant_groupId", columns: ["tenantId", "groupId"] },
|
|
4717
|
+
{ kind: "index", name: "by_tenant_groupKey", columns: ["tenantId", "groupKey"] },
|
|
4718
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4719
|
+
]
|
|
4720
|
+
});
|
|
4721
|
+
defineTable({
|
|
4722
|
+
name: "permitGroupMemberships",
|
|
4723
|
+
component: "control-plane",
|
|
4724
|
+
category: "access-control",
|
|
4725
|
+
shape: z.object({
|
|
4726
|
+
tenantId: z.string(),
|
|
4727
|
+
workspaceId: z.optional(z.string()),
|
|
4728
|
+
groupId: z.string(),
|
|
4729
|
+
memberType: z.enum(["principal", "group"]),
|
|
4730
|
+
memberId: z.string(),
|
|
4731
|
+
principalId: z.string().optional(),
|
|
4732
|
+
childGroupId: z.string().optional(),
|
|
4733
|
+
status: permitMembershipStatus,
|
|
4734
|
+
addedBy: z.string().optional(),
|
|
4735
|
+
revokedBy: z.string().optional(),
|
|
4736
|
+
expiresAt: z.number().optional(),
|
|
4737
|
+
revocationReason: z.string().optional(),
|
|
4738
|
+
metadata: z.record(z.any()).optional(),
|
|
4739
|
+
createdAt: z.number(),
|
|
4740
|
+
updatedAt: z.number(),
|
|
4741
|
+
updatedBy: z.string().optional()
|
|
4742
|
+
}),
|
|
4743
|
+
indices: [
|
|
4744
|
+
{ kind: "index", name: "by_tenant_principal", columns: ["tenantId", "principalId"] },
|
|
4745
|
+
{ kind: "index", name: "by_tenant_member", columns: ["tenantId", "memberType", "memberId"] },
|
|
4746
|
+
{
|
|
4747
|
+
kind: "index",
|
|
4748
|
+
name: "by_tenant_member_group",
|
|
4749
|
+
columns: ["tenantId", "memberType", "memberId", "groupId"]
|
|
4750
|
+
},
|
|
4751
|
+
{ kind: "index", name: "by_tenant_group", columns: ["tenantId", "groupId"] },
|
|
4752
|
+
{ kind: "index", name: "by_member_group", columns: ["memberType", "memberId", "groupId"] },
|
|
4753
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
4754
|
+
{
|
|
4755
|
+
kind: "index",
|
|
4756
|
+
name: "by_workspace_principal",
|
|
4757
|
+
columns: ["workspaceId", "principalId"]
|
|
4758
|
+
}
|
|
4759
|
+
]
|
|
4760
|
+
});
|
|
4761
|
+
defineTable({
|
|
4762
|
+
name: "permitResourceInstances",
|
|
4763
|
+
component: "control-plane",
|
|
4764
|
+
category: "access-control",
|
|
4765
|
+
shape: z.object({
|
|
4766
|
+
tenantId: z.string(),
|
|
4767
|
+
workspaceId: z.optional(z.string()),
|
|
4768
|
+
resourceType: z.string(),
|
|
4769
|
+
resourceKey: z.string(),
|
|
4770
|
+
resourceId: z.string(),
|
|
4771
|
+
status: z.enum(["active", "deleted", "archived"]),
|
|
4772
|
+
attributes: z.record(z.any()).optional(),
|
|
4773
|
+
ownerPrincipalId: z.string().optional(),
|
|
4774
|
+
metadata: z.record(z.any()).optional(),
|
|
4775
|
+
createdBy: z.string(),
|
|
4776
|
+
updatedBy: z.string().optional(),
|
|
4777
|
+
createdAt: z.number(),
|
|
4778
|
+
updatedAt: z.number()
|
|
4779
|
+
}),
|
|
4780
|
+
indices: [
|
|
4781
|
+
{
|
|
4782
|
+
kind: "index",
|
|
4783
|
+
name: "by_tenant_resource_type",
|
|
4784
|
+
columns: ["tenantId", "resourceType"]
|
|
4785
|
+
},
|
|
4786
|
+
{
|
|
4787
|
+
kind: "index",
|
|
4788
|
+
name: "by_tenant_resource_key",
|
|
4789
|
+
columns: ["tenantId", "resourceType", "resourceKey"]
|
|
4790
|
+
},
|
|
4791
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4792
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4793
|
+
{
|
|
4794
|
+
kind: "index",
|
|
4795
|
+
name: "by_tenant_status",
|
|
4796
|
+
columns: ["tenantId", "status"]
|
|
4797
|
+
},
|
|
4798
|
+
{
|
|
4799
|
+
kind: "index",
|
|
4800
|
+
name: "by_ownerPrincipalId",
|
|
4801
|
+
columns: ["ownerPrincipalId"]
|
|
4802
|
+
}
|
|
4803
|
+
]
|
|
4804
|
+
});
|
|
4805
|
+
defineTable({
|
|
4806
|
+
name: "permitRoleAssignments",
|
|
4807
|
+
component: "control-plane",
|
|
4808
|
+
category: "access-control",
|
|
4809
|
+
shape: z.object({
|
|
4810
|
+
tenantId: z.string(),
|
|
4811
|
+
workspaceId: z.optional(z.string()),
|
|
4812
|
+
role: z.string(),
|
|
4813
|
+
targetType: permitRoleBindingTarget,
|
|
4814
|
+
targetId: z.string(),
|
|
4815
|
+
resourceType: z.string(),
|
|
4816
|
+
resourceKey: z.string(),
|
|
4817
|
+
resourceInstanceId: z.string().optional(),
|
|
4818
|
+
status: permitMembershipStatus,
|
|
4819
|
+
expiresAt: z.number().optional(),
|
|
4820
|
+
attributes: z.record(z.any()).optional(),
|
|
4821
|
+
grantedBy: z.string().optional(),
|
|
4822
|
+
updatedBy: z.string().optional(),
|
|
4823
|
+
revokedBy: z.string().optional(),
|
|
4824
|
+
createdAt: z.number(),
|
|
4825
|
+
updatedAt: z.number()
|
|
4826
|
+
}),
|
|
4827
|
+
indices: [
|
|
4828
|
+
{
|
|
4829
|
+
kind: "index",
|
|
4830
|
+
name: "by_tenant_target",
|
|
4831
|
+
columns: ["tenantId", "targetType", "targetId"]
|
|
4832
|
+
},
|
|
4833
|
+
{
|
|
4834
|
+
kind: "index",
|
|
4835
|
+
name: "by_tenant_resource",
|
|
4836
|
+
columns: ["tenantId", "resourceType", "resourceKey"]
|
|
4837
|
+
},
|
|
4838
|
+
{
|
|
4839
|
+
kind: "index",
|
|
4840
|
+
name: "by_tenant_role",
|
|
4841
|
+
columns: ["tenantId", "role", "status"]
|
|
4842
|
+
},
|
|
4843
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4844
|
+
{
|
|
4845
|
+
kind: "index",
|
|
4846
|
+
name: "by_workspace_resource",
|
|
4847
|
+
columns: ["workspaceId", "resourceType", "resourceKey"]
|
|
4848
|
+
}
|
|
4849
|
+
]
|
|
4850
|
+
});
|
|
4851
|
+
defineTable({
|
|
4852
|
+
name: "permitRelationshipTuples",
|
|
4853
|
+
component: "control-plane",
|
|
4854
|
+
category: "access-control",
|
|
4855
|
+
shape: z.object({
|
|
4856
|
+
tenantId: z.string(),
|
|
4857
|
+
workspaceId: z.optional(z.string()),
|
|
4858
|
+
relation: z.string(),
|
|
4859
|
+
subject: z.string(),
|
|
4860
|
+
object: z.string(),
|
|
4861
|
+
resourceType: z.string().optional(),
|
|
4862
|
+
resourceKey: z.string().optional(),
|
|
4863
|
+
status: permitRecordStatus,
|
|
4864
|
+
attributes: z.record(z.any()).optional(),
|
|
4865
|
+
createdBy: z.string(),
|
|
4866
|
+
createdAt: z.number(),
|
|
4867
|
+
updatedAt: z.number(),
|
|
4868
|
+
lastSeenAt: z.number().optional(),
|
|
4869
|
+
updatedBy: z.string().optional()
|
|
4870
|
+
}),
|
|
4871
|
+
indices: [
|
|
4872
|
+
{ kind: "index", name: "by_tenant_subject", columns: ["tenantId", "subject"] },
|
|
4873
|
+
{ kind: "index", name: "by_tenant_object", columns: ["tenantId", "object"] },
|
|
4874
|
+
{ kind: "index", name: "by_tenant_relation", columns: ["tenantId", "relation"] },
|
|
4875
|
+
{
|
|
4876
|
+
kind: "index",
|
|
4877
|
+
name: "by_tenant_relation_subject",
|
|
4878
|
+
columns: ["tenantId", "relation", "subject"]
|
|
4879
|
+
},
|
|
4880
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4881
|
+
]
|
|
4882
|
+
});
|
|
4883
|
+
defineTable({
|
|
4884
|
+
name: "permitAttributeBindings",
|
|
4885
|
+
component: "control-plane",
|
|
4886
|
+
category: "access-control",
|
|
4887
|
+
shape: z.object({
|
|
4888
|
+
tenantId: z.string(),
|
|
4889
|
+
workspaceId: z.optional(z.string()),
|
|
4890
|
+
targetType: permitRoleBindingTarget,
|
|
4891
|
+
targetId: z.string(),
|
|
4892
|
+
attributeName: z.string(),
|
|
4893
|
+
attributeType: permitAttributeType,
|
|
4894
|
+
attributeOperator: permitAttributeOperator,
|
|
4895
|
+
attributeValue: z.any(),
|
|
4896
|
+
status: permitRecordStatus,
|
|
4897
|
+
source: z.string().optional(),
|
|
4898
|
+
sourceRef: z.string().optional(),
|
|
4899
|
+
metadata: z.record(z.any()).optional(),
|
|
4900
|
+
createdAt: z.number(),
|
|
4901
|
+
updatedAt: z.number(),
|
|
4902
|
+
createdBy: z.string(),
|
|
4903
|
+
updatedBy: z.string().optional(),
|
|
4904
|
+
expiresAt: z.number().optional()
|
|
4905
|
+
}),
|
|
4906
|
+
indices: [
|
|
4907
|
+
{
|
|
4908
|
+
kind: "index",
|
|
4909
|
+
name: "by_tenant_target",
|
|
4910
|
+
columns: ["tenantId", "targetType", "targetId"]
|
|
4911
|
+
},
|
|
4912
|
+
{
|
|
4913
|
+
kind: "index",
|
|
4914
|
+
name: "by_tenant_target_attribute",
|
|
4915
|
+
columns: ["tenantId", "targetType", "targetId", "attributeName"]
|
|
4916
|
+
},
|
|
4917
|
+
{
|
|
4918
|
+
kind: "index",
|
|
4919
|
+
name: "by_tenant_name",
|
|
4920
|
+
columns: ["tenantId", "attributeName"]
|
|
4921
|
+
},
|
|
4922
|
+
{
|
|
4923
|
+
kind: "index",
|
|
4924
|
+
name: "by_tenant_status",
|
|
4925
|
+
columns: ["tenantId", "status"]
|
|
4926
|
+
}
|
|
4927
|
+
]
|
|
4928
|
+
});
|
|
4929
|
+
defineTable({
|
|
4930
|
+
name: "permitPolicyBundles",
|
|
4931
|
+
component: "control-plane",
|
|
4932
|
+
category: "access-control",
|
|
4933
|
+
shape: z.object({
|
|
4934
|
+
tenantId: z.string(),
|
|
4935
|
+
workspaceId: z.optional(z.string()),
|
|
4936
|
+
bundleKey: z.string(),
|
|
4937
|
+
version: z.number(),
|
|
4938
|
+
status: permitPolicyBundleStatus,
|
|
4939
|
+
policyHash: z.string().optional(),
|
|
4940
|
+
policyPayload: z.record(z.any()),
|
|
4941
|
+
metadata: z.record(z.any()).optional(),
|
|
4942
|
+
createdBy: z.string(),
|
|
4943
|
+
reviewedBy: z.string().optional(),
|
|
4944
|
+
createdAt: z.number(),
|
|
4945
|
+
updatedAt: z.number(),
|
|
4946
|
+
retiredAt: z.number().optional()
|
|
4947
|
+
}),
|
|
4948
|
+
indices: [
|
|
4949
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4950
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
4951
|
+
{
|
|
4952
|
+
kind: "index",
|
|
4953
|
+
name: "by_tenant_bundleKey",
|
|
4954
|
+
columns: ["tenantId", "bundleKey"]
|
|
4955
|
+
},
|
|
4956
|
+
{
|
|
4957
|
+
kind: "index",
|
|
4958
|
+
name: "by_tenant_bundle_version",
|
|
4959
|
+
columns: ["tenantId", "bundleKey", "version"]
|
|
4960
|
+
},
|
|
4961
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] }
|
|
4962
|
+
]
|
|
4963
|
+
});
|
|
4964
|
+
defineTable({
|
|
4965
|
+
name: "permitProjectionOutbox",
|
|
4966
|
+
component: "control-plane",
|
|
4967
|
+
category: "access-control",
|
|
4968
|
+
shape: z.object({
|
|
4969
|
+
syncKey: z.string(),
|
|
4970
|
+
objectType: permitObjectType,
|
|
4971
|
+
objectId: z.string(),
|
|
4972
|
+
operation: permitOutboxOperation,
|
|
4973
|
+
payload: z.record(z.any()),
|
|
4974
|
+
status: permitRecordStatus,
|
|
4975
|
+
attemptCount: z.number(),
|
|
4976
|
+
nextAttemptAt: z.number().optional(),
|
|
4977
|
+
lastError: z.string().optional(),
|
|
4978
|
+
tenantId: z.string().optional(),
|
|
4979
|
+
workspaceId: z.optional(z.string()),
|
|
4980
|
+
principalId: z.string().optional(),
|
|
4981
|
+
permitTenantKey: z.string().optional(),
|
|
4982
|
+
permitResourceType: z.string().optional(),
|
|
4983
|
+
permitResourceKey: z.string().optional(),
|
|
4984
|
+
createdAt: z.number(),
|
|
4985
|
+
updatedAt: z.number(),
|
|
4986
|
+
lastHandledAt: z.number().optional()
|
|
4987
|
+
}),
|
|
4988
|
+
indices: [
|
|
4989
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
4990
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
4991
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
4992
|
+
{
|
|
4993
|
+
kind: "index",
|
|
4994
|
+
name: "by_tenant_status",
|
|
4995
|
+
columns: ["tenantId", "status"]
|
|
4996
|
+
},
|
|
4997
|
+
{
|
|
4998
|
+
kind: "index",
|
|
4999
|
+
name: "by_objectType",
|
|
5000
|
+
columns: ["objectType", "status"]
|
|
5001
|
+
}
|
|
5002
|
+
]
|
|
5003
|
+
});
|
|
5004
|
+
defineTable({
|
|
5005
|
+
name: "tenantPermitSyncStates",
|
|
5006
|
+
component: "control-plane",
|
|
5007
|
+
category: "access-control",
|
|
5008
|
+
shape: z.object({
|
|
5009
|
+
syncKey: z.string(),
|
|
5010
|
+
objectType: permitObjectType,
|
|
5011
|
+
objectId: z.string(),
|
|
5012
|
+
tenantId: z.string().optional(),
|
|
5013
|
+
workspaceId: z.string().optional(),
|
|
5014
|
+
principalId: z.string().optional(),
|
|
5015
|
+
permitTenantKey: z.string().optional(),
|
|
5016
|
+
permitResourceType: z.string().optional(),
|
|
5017
|
+
permitResourceKey: z.string().optional(),
|
|
5018
|
+
desiredPayload: z.record(z.any()),
|
|
5019
|
+
lastAppliedPayloadHash: z.string().optional(),
|
|
5020
|
+
status: permitSyncStatus,
|
|
5021
|
+
attemptCount: z.number(),
|
|
5022
|
+
lastError: z.string().optional(),
|
|
5023
|
+
nextAttemptAt: z.number().optional(),
|
|
5024
|
+
lastSyncedAt: z.number().optional(),
|
|
5025
|
+
createdBy: z.string(),
|
|
5026
|
+
updatedBy: z.string().optional(),
|
|
5027
|
+
createdAt: z.number(),
|
|
5028
|
+
updatedAt: z.number()
|
|
5029
|
+
}),
|
|
5030
|
+
indices: [
|
|
5031
|
+
{ kind: "index", name: "by_syncKey", columns: ["syncKey"] },
|
|
5032
|
+
{ kind: "index", name: "by_status", columns: ["status"] },
|
|
5033
|
+
{
|
|
5034
|
+
kind: "index",
|
|
5035
|
+
name: "by_tenant_status",
|
|
5036
|
+
columns: ["tenantId", "status"]
|
|
5037
|
+
},
|
|
5038
|
+
{
|
|
5039
|
+
kind: "index",
|
|
5040
|
+
name: "by_workspace_status",
|
|
5041
|
+
columns: ["workspaceId", "status"]
|
|
5042
|
+
},
|
|
5043
|
+
{
|
|
5044
|
+
kind: "index",
|
|
5045
|
+
name: "by_principal_status",
|
|
5046
|
+
columns: ["principalId", "status"]
|
|
5047
|
+
}
|
|
5048
|
+
]
|
|
5049
|
+
});
|
|
5050
|
+
defineTable({
|
|
5051
|
+
name: "permitPolicyDecisionReceipts",
|
|
5052
|
+
component: "control-plane",
|
|
5053
|
+
category: "access-control",
|
|
5054
|
+
shape: z.object({
|
|
5055
|
+
tenantId: z.string().optional(),
|
|
5056
|
+
workspaceId: z.string().optional(),
|
|
5057
|
+
principalId: z.string(),
|
|
5058
|
+
subjectType: permitAccessReviewSubjectType.optional(),
|
|
5059
|
+
subjectId: z.string().optional(),
|
|
5060
|
+
resourceType: z.string(),
|
|
5061
|
+
resourceId: z.string(),
|
|
5062
|
+
action: z.string(),
|
|
5063
|
+
decision: permitDecision,
|
|
5064
|
+
reasonCode: z.string(),
|
|
5065
|
+
policyBundleId: z.string().optional(),
|
|
5066
|
+
policyVersion: z.string(),
|
|
5067
|
+
traceId: z.string().optional(),
|
|
5068
|
+
requestId: z.string().optional(),
|
|
5069
|
+
audienceMode: z.string().optional(),
|
|
5070
|
+
audienceKey: z.string().optional(),
|
|
5071
|
+
audienceClass: z.enum(["internal", "restricted_external", "public"]).optional(),
|
|
5072
|
+
metadata: z.record(z.any()).optional(),
|
|
5073
|
+
createdAt: z.number(),
|
|
5074
|
+
expiresAt: z.number().optional(),
|
|
5075
|
+
createdBy: z.string().optional()
|
|
5076
|
+
}),
|
|
5077
|
+
indices: [
|
|
5078
|
+
{ kind: "index", name: "by_principal_createdAt", columns: ["principalId", "createdAt"] },
|
|
5079
|
+
{ kind: "index", name: "by_tenant_createdAt", columns: ["tenantId", "createdAt"] },
|
|
5080
|
+
{ kind: "index", name: "by_resource", columns: ["resourceType", "resourceId"] },
|
|
5081
|
+
{ kind: "index", name: "by_decision_createdAt", columns: ["decision", "createdAt"] },
|
|
5082
|
+
{ kind: "index", name: "by_traceId", columns: ["traceId"] },
|
|
5083
|
+
{ kind: "index", name: "by_action", columns: ["action"] }
|
|
5084
|
+
]
|
|
5085
|
+
});
|
|
5086
|
+
defineTable({
|
|
5087
|
+
name: "permitAccessReviews",
|
|
5088
|
+
component: "control-plane",
|
|
5089
|
+
category: "access-control",
|
|
5090
|
+
shape: z.object({
|
|
5091
|
+
tenantId: z.string(),
|
|
5092
|
+
workspaceId: z.optional(z.string()),
|
|
5093
|
+
reviewKey: z.string(),
|
|
5094
|
+
scope: permitReviewScope,
|
|
5095
|
+
status: permitAccessReviewStatus,
|
|
5096
|
+
subjectType: permitAccessReviewSubjectType,
|
|
5097
|
+
subjectId: z.string(),
|
|
5098
|
+
resourceType: z.string().optional(),
|
|
5099
|
+
resourceKey: z.string().optional(),
|
|
5100
|
+
outcome: z.enum(["allow", "deny"]).optional(),
|
|
5101
|
+
requestedBy: z.string(),
|
|
5102
|
+
reviewedBy: z.string().optional(),
|
|
5103
|
+
requestedAt: z.number(),
|
|
5104
|
+
reviewedAt: z.number().optional(),
|
|
5105
|
+
dueAt: z.number().optional(),
|
|
5106
|
+
justification: z.string().optional(),
|
|
5107
|
+
rationale: z.string().optional(),
|
|
5108
|
+
policyBundleId: z.string().optional(),
|
|
5109
|
+
metadata: z.record(z.any()).optional(),
|
|
5110
|
+
createdAt: z.number(),
|
|
5111
|
+
updatedAt: z.number()
|
|
5112
|
+
}),
|
|
5113
|
+
indices: [
|
|
5114
|
+
{ kind: "index", name: "by_tenant_status", columns: ["tenantId", "status"] },
|
|
5115
|
+
{ kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
|
|
5116
|
+
{ kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
|
|
5117
|
+
{
|
|
5118
|
+
kind: "index",
|
|
5119
|
+
name: "by_tenant_subject",
|
|
5120
|
+
columns: ["tenantId", "subjectType", "subjectId"]
|
|
5121
|
+
},
|
|
5122
|
+
{ kind: "index", name: "by_outcome", columns: ["outcome"] },
|
|
5123
|
+
{
|
|
5124
|
+
kind: "index",
|
|
5125
|
+
name: "by_workspace_status",
|
|
5126
|
+
columns: ["workspaceId", "status"]
|
|
5127
|
+
}
|
|
5128
|
+
]
|
|
5129
|
+
});
|
|
5130
|
+
defineTable({
|
|
5131
|
+
name: "permitAccessReviewItems",
|
|
5132
|
+
component: "control-plane",
|
|
5133
|
+
category: "access-control",
|
|
5134
|
+
shape: z.object({
|
|
5135
|
+
reviewKey: z.string(),
|
|
5136
|
+
itemKey: z.string(),
|
|
5137
|
+
tenantId: z.string(),
|
|
5138
|
+
workspaceId: z.string().optional(),
|
|
5139
|
+
subjectType: permitAccessReviewSubjectType,
|
|
5140
|
+
subjectId: z.string(),
|
|
5141
|
+
resourceType: z.string().optional(),
|
|
5142
|
+
resourceKey: z.string().optional(),
|
|
5143
|
+
role: z.string().optional(),
|
|
5144
|
+
relation: z.string().optional(),
|
|
5145
|
+
status: z.enum(["open", "approved", "revoked", "changed", "deferred"]),
|
|
5146
|
+
reviewerId: z.string().optional(),
|
|
5147
|
+
decisionAt: z.number().optional(),
|
|
5148
|
+
rationale: z.string().optional(),
|
|
5149
|
+
metadata: z.record(z.any()).optional(),
|
|
5150
|
+
createdAt: z.number(),
|
|
5151
|
+
updatedAt: z.number()
|
|
5152
|
+
}),
|
|
5153
|
+
indices: [
|
|
5154
|
+
{ kind: "index", name: "by_reviewKey", columns: ["reviewKey"] },
|
|
5155
|
+
{ kind: "index", name: "by_tenant_reviewKey", columns: ["tenantId", "reviewKey"] },
|
|
5156
|
+
{ kind: "index", name: "by_tenant_itemKey", columns: ["tenantId", "itemKey"] },
|
|
5157
|
+
{ kind: "index", name: "by_subject", columns: ["subjectType", "subjectId"] },
|
|
5158
|
+
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
5159
|
+
]
|
|
5160
|
+
});
|
|
5161
|
+
defineTable({
|
|
5162
|
+
name: "reasoningPermissions",
|
|
5163
|
+
component: "control-plane",
|
|
5164
|
+
category: "epistemic",
|
|
5165
|
+
shape: z.object({
|
|
5166
|
+
"topicId": z.string().optional(),
|
|
5167
|
+
"principalId": z.string(),
|
|
5168
|
+
"nodeType": z.enum(["belief", "evidence", "action", "approval", "artifact"]),
|
|
5169
|
+
"action": z.enum(["view_conclusion", "view_evidence", "propose_action", "approve_action", "view_derived_artifact"]),
|
|
5170
|
+
"effect": z.enum(["allow", "deny"]),
|
|
5171
|
+
"policyReference": z.string().optional(),
|
|
5172
|
+
"rationale": z.string().optional(),
|
|
5173
|
+
"metadata": z.record(z.any()).optional(),
|
|
5174
|
+
"createdAt": z.number(),
|
|
5175
|
+
"createdBy": z.string(),
|
|
5176
|
+
"updatedAt": z.number()
|
|
5177
|
+
}),
|
|
5178
|
+
indices: [
|
|
5179
|
+
{ kind: "index", name: "by_topic_principal", columns: ["topicId", "principalId"] },
|
|
5180
|
+
{ kind: "index", name: "by_topic_principal_action", columns: ["topicId", "principalId", "action"] },
|
|
5181
|
+
{ kind: "index", name: "by_topic_principal_node_action", columns: ["topicId", "principalId", "nodeType", "action"] },
|
|
5182
|
+
{ kind: "index", name: "by_principal_action", columns: ["principalId", "action"] }
|
|
5183
|
+
]
|
|
5184
|
+
});
|
|
5185
|
+
defineTable({
|
|
5186
|
+
name: "schemaEnumConfig",
|
|
5187
|
+
component: "kernel",
|
|
5188
|
+
category: "config",
|
|
5189
|
+
shape: z.object({
|
|
5190
|
+
"tenantId": z.string().optional(),
|
|
5191
|
+
"category": z.string(),
|
|
5192
|
+
"value": z.string(),
|
|
5193
|
+
"label": z.string(),
|
|
5194
|
+
"description": z.string().optional(),
|
|
5195
|
+
"tier": z.enum(["platform", "tenant"]),
|
|
5196
|
+
"domainNamespace": z.string().optional(),
|
|
5197
|
+
"metadata": z.any().optional(),
|
|
5198
|
+
"isDefault": z.boolean().optional(),
|
|
5199
|
+
"sortOrder": z.number().optional(),
|
|
5200
|
+
"status": z.enum(["active", "deprecated"]),
|
|
5201
|
+
"createdAt": z.number(),
|
|
5202
|
+
"updatedAt": z.number()
|
|
5203
|
+
}),
|
|
5204
|
+
indices: [
|
|
5205
|
+
{ kind: "index", name: "by_category", columns: ["category"] },
|
|
5206
|
+
{ kind: "index", name: "by_tenant_category", columns: ["tenantId", "category"] },
|
|
5207
|
+
{ kind: "index", name: "by_category_value", columns: ["category", "value"] }
|
|
5208
|
+
]
|
|
5209
|
+
});
|
|
5210
|
+
defineTable({
|
|
5211
|
+
name: "tasks",
|
|
5212
|
+
component: "kernel",
|
|
5213
|
+
category: "task",
|
|
5214
|
+
shape: z.object({
|
|
5215
|
+
"topicId": z.string().optional(),
|
|
5216
|
+
"tenantId": z.string().optional(),
|
|
5217
|
+
"workspaceId": z.string().optional(),
|
|
5218
|
+
"title": z.string(),
|
|
5219
|
+
"description": z.string().optional(),
|
|
5220
|
+
"status": z.enum(["todo", "in_progress", "blocked", "done"]),
|
|
5221
|
+
"priority": z.enum(["urgent", "high", "medium", "low"]),
|
|
5222
|
+
"dueDate": z.number().optional(),
|
|
5223
|
+
"linkedWorktreeId": idOf("worktrees").optional(),
|
|
5224
|
+
"linkedBeliefId": z.string().optional(),
|
|
5225
|
+
"linkedQuestionId": z.string().optional(),
|
|
5226
|
+
"taskType": z.enum(["general", "find_evidence", "verify_claim", "research", "review", "interview", "analysis", "track_metrics"]).optional(),
|
|
5227
|
+
"assigneeId": z.string().optional(),
|
|
5228
|
+
"blockedReason": z.string().optional(),
|
|
5229
|
+
"blockedBy": z.array(idOf("tasks")).optional(),
|
|
5230
|
+
"blocks": z.array(idOf("tasks")).optional(),
|
|
5231
|
+
"sortOrder": z.number().optional(),
|
|
5232
|
+
"executionOrder": z.number().optional(),
|
|
5233
|
+
"subtasks": z.array(z.object({
|
|
5234
|
+
"id": z.string(),
|
|
5235
|
+
"title": z.string(),
|
|
5236
|
+
"completed": z.boolean(),
|
|
5237
|
+
"completedAt": z.number().optional()
|
|
5238
|
+
})).optional(),
|
|
5239
|
+
"comments": z.array(z.object({
|
|
5240
|
+
"id": z.string(),
|
|
5241
|
+
"userId": z.string(),
|
|
5242
|
+
"content": z.string(),
|
|
5243
|
+
"createdAt": z.number()
|
|
5244
|
+
})).optional(),
|
|
4298
5245
|
"attachments": z.array(z.object({
|
|
4299
5246
|
"id": z.string(),
|
|
4300
5247
|
"type": z.enum(["call_script", "email_template", "research_plan", "framework", "checklist", "note", "file", "transcript"]),
|
|
@@ -4448,6 +5395,7 @@ defineTable({
|
|
|
4448
5395
|
"updatedAt": z.number()
|
|
4449
5396
|
}),
|
|
4450
5397
|
indices: [
|
|
5398
|
+
{ kind: "index", name: "by_globalId", columns: ["globalId"] },
|
|
4451
5399
|
{ kind: "index", name: "by_parent", columns: ["parentTopicId"] },
|
|
4452
5400
|
{ kind: "index", name: "by_type", columns: ["type"] },
|
|
4453
5401
|
{ kind: "index", name: "by_graph_scope_project", columns: ["graphScopeProjectId"] },
|
|
@@ -4459,7 +5407,7 @@ defineTable({
|
|
|
4459
5407
|
});
|
|
4460
5408
|
defineTable({
|
|
4461
5409
|
name: "users",
|
|
4462
|
-
component: "
|
|
5410
|
+
component: "control-plane",
|
|
4463
5411
|
category: "user",
|
|
4464
5412
|
shape: z.object({
|
|
4465
5413
|
"clerkId": z.string(),
|
|
@@ -4573,7 +5521,6 @@ defineTable({
|
|
|
4573
5521
|
"deployments": z.record(z.object({
|
|
4574
5522
|
"url": z.string(),
|
|
4575
5523
|
"target": z.enum(["kernelDeployment", "appDeployment"]).optional(),
|
|
4576
|
-
"encryptedDeployKey": z.string().optional(),
|
|
4577
5524
|
"credentialRef": z.string().optional()
|
|
4578
5525
|
})).optional(),
|
|
4579
5526
|
"metadata": z.record(z.any()).optional(),
|
|
@@ -4588,6 +5535,39 @@ defineTable({
|
|
|
4588
5535
|
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
4589
5536
|
]
|
|
4590
5537
|
});
|
|
5538
|
+
defineTable({
|
|
5539
|
+
name: "deploymentHosts",
|
|
5540
|
+
component: "mc",
|
|
5541
|
+
category: "workspace",
|
|
5542
|
+
shape: z.object({
|
|
5543
|
+
"host": z.string(),
|
|
5544
|
+
"tenantId": idOf("tenants"),
|
|
5545
|
+
"workspaceId": idOf("workspaces"),
|
|
5546
|
+
"environment": z.enum(["dev", "staging", "prod"]),
|
|
5547
|
+
"target": z.enum(["kernelDeployment", "appDeployment"]),
|
|
5548
|
+
"deploymentUrl": z.string().optional(),
|
|
5549
|
+
"deploymentName": z.string().optional(),
|
|
5550
|
+
"vercelProjectName": z.string().optional(),
|
|
5551
|
+
"vercelProjectId": z.string().optional(),
|
|
5552
|
+
"vercelEnvironment": z.enum(["development", "preview", "staging", "production"]).optional(),
|
|
5553
|
+
"source": z.enum(["vercel_preview", "vercel_production", "vercel_custom_environment", "custom_domain", "manual"]),
|
|
5554
|
+
"status": z.enum(["active", "revoked"]),
|
|
5555
|
+
"metadata": z.record(z.any()).optional(),
|
|
5556
|
+
"createdBy": z.string(),
|
|
5557
|
+
"createdAt": z.number(),
|
|
5558
|
+
"updatedAt": z.number(),
|
|
5559
|
+
"revokedAt": z.number().optional(),
|
|
5560
|
+
"revokedBy": z.string().optional()
|
|
5561
|
+
}),
|
|
5562
|
+
indices: [
|
|
5563
|
+
{ kind: "index", name: "by_host", columns: ["host"] },
|
|
5564
|
+
{ kind: "index", name: "by_tenantId", columns: ["tenantId"] },
|
|
5565
|
+
{ kind: "index", name: "by_workspaceId", columns: ["workspaceId"] },
|
|
5566
|
+
{ kind: "index", name: "by_tenant_workspace_environment", columns: ["tenantId", "workspaceId", "environment"] },
|
|
5567
|
+
{ kind: "index", name: "by_workspace_status", columns: ["workspaceId", "status"] },
|
|
5568
|
+
{ kind: "index", name: "by_status", columns: ["status"] }
|
|
5569
|
+
]
|
|
5570
|
+
});
|
|
4591
5571
|
defineTable({
|
|
4592
5572
|
name: "worktreeBeliefCluster",
|
|
4593
5573
|
component: "kernel",
|
|
@@ -4895,8 +5875,8 @@ defineTable({
|
|
|
4895
5875
|
});
|
|
4896
5876
|
z.object({
|
|
4897
5877
|
manifestVersion: z.string(),
|
|
4898
|
-
componentName: z.enum(["kernel", "
|
|
4899
|
-
tier: z.enum(["K", "
|
|
5878
|
+
componentName: z.enum(["kernel", "control-plane"]),
|
|
5879
|
+
tier: z.enum(["K", "CP"]),
|
|
4900
5880
|
packageVersion: z.string(),
|
|
4901
5881
|
tables: z.array(
|
|
4902
5882
|
z.object({
|
|
@@ -5063,7 +6043,7 @@ var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
|
|
|
5063
6043
|
},
|
|
5064
6044
|
{
|
|
5065
6045
|
packageName: "@lucern/control-plane",
|
|
5066
|
-
role: "
|
|
6046
|
+
role: "component_runtime",
|
|
5067
6047
|
directTenantImport: false
|
|
5068
6048
|
},
|
|
5069
6049
|
{
|
|
@@ -5086,11 +6066,6 @@ var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
|
|
|
5086
6066
|
role: "host_addon_runtime",
|
|
5087
6067
|
directTenantImport: true
|
|
5088
6068
|
},
|
|
5089
|
-
{
|
|
5090
|
-
packageName: "@lucern/identity",
|
|
5091
|
-
role: "component_runtime",
|
|
5092
|
-
directTenantImport: false
|
|
5093
|
-
},
|
|
5094
6069
|
{
|
|
5095
6070
|
packageName: "@lucern/mcp",
|
|
5096
6071
|
role: "runtime_entrypoint",
|
|
@@ -5126,25 +6101,899 @@ var TENANT_CLIENT_INSTALLABLE_PACKAGES = [
|
|
|
5126
6101
|
role: "runtime_entrypoint",
|
|
5127
6102
|
directTenantImport: true
|
|
5128
6103
|
},
|
|
6104
|
+
{
|
|
6105
|
+
packageName: "@lucern/secrets",
|
|
6106
|
+
role: "sdk_dependency",
|
|
6107
|
+
directTenantImport: false
|
|
6108
|
+
},
|
|
5129
6109
|
{
|
|
5130
6110
|
packageName: "@lucern/server-core",
|
|
5131
6111
|
role: "platform_runtime",
|
|
5132
6112
|
directTenantImport: false
|
|
5133
6113
|
},
|
|
5134
6114
|
{
|
|
5135
|
-
packageName: "@lucern/testing",
|
|
5136
|
-
role: "test_support",
|
|
5137
|
-
directTenantImport: false
|
|
6115
|
+
packageName: "@lucern/testing",
|
|
6116
|
+
role: "test_support",
|
|
6117
|
+
directTenantImport: false
|
|
6118
|
+
},
|
|
6119
|
+
{
|
|
6120
|
+
packageName: "@lucern/types",
|
|
6121
|
+
role: "contract_entrypoint",
|
|
6122
|
+
directTenantImport: true
|
|
6123
|
+
}
|
|
6124
|
+
];
|
|
6125
|
+
TENANT_CLIENT_INSTALLABLE_PACKAGES.map(
|
|
6126
|
+
(entry) => entry.packageName
|
|
6127
|
+
);
|
|
6128
|
+
|
|
6129
|
+
// ../contracts/src/infisical-runtime.contract.ts
|
|
6130
|
+
var INFISICAL_TENANT_SOFTWARE_SYSTEMS = [
|
|
6131
|
+
{
|
|
6132
|
+
id: "stack-frontend",
|
|
6133
|
+
tenantKey: "stack",
|
|
6134
|
+
workspaceKey: "frontend",
|
|
6135
|
+
vercelProjectName: "ai-chatbot-diao",
|
|
6136
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
6137
|
+
vercelProjectId: "prj_PihFw8kohSSw14nZs9YQV3xVo517",
|
|
6138
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
6139
|
+
repository: {
|
|
6140
|
+
owner: "stack-vc",
|
|
6141
|
+
name: "front-end"
|
|
6142
|
+
},
|
|
6143
|
+
sharedSourcePath: "/tenants/stack",
|
|
6144
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6145
|
+
convex: {
|
|
6146
|
+
urlEnv: "CONVEX_FRONTEND_URL",
|
|
6147
|
+
deployKeyEnv: "CONVEX_FRONTEND_DEPLOY_KEY",
|
|
6148
|
+
preprodDeployment: "rugged-lobster-664",
|
|
6149
|
+
prodDeployment: "wonderful-toucan-0"
|
|
6150
|
+
}
|
|
6151
|
+
},
|
|
6152
|
+
{
|
|
6153
|
+
id: "stackos",
|
|
6154
|
+
tenantKey: "stack",
|
|
6155
|
+
workspaceKey: "stackos",
|
|
6156
|
+
vercelProjectName: "stackos",
|
|
6157
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
6158
|
+
vercelProjectId: "prj_rXLAL0Z6v9p1fasKbomby6GI7kau",
|
|
6159
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
6160
|
+
repository: {
|
|
6161
|
+
owner: "stack-vc",
|
|
6162
|
+
name: "stackos"
|
|
6163
|
+
},
|
|
6164
|
+
sharedSourcePath: "/tenants/stack",
|
|
6165
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6166
|
+
convex: {
|
|
6167
|
+
urlEnv: "CONVEX_STACKOS_URL",
|
|
6168
|
+
deployKeyEnv: "CONVEX_STACKOS_DEPLOY_KEY",
|
|
6169
|
+
preprodDeployment: "giant-mandrill-761",
|
|
6170
|
+
prodDeployment: "good-snake-515"
|
|
6171
|
+
}
|
|
6172
|
+
},
|
|
6173
|
+
{
|
|
6174
|
+
id: "stack-eng",
|
|
6175
|
+
tenantKey: "stack",
|
|
6176
|
+
workspaceKey: "engineering",
|
|
6177
|
+
vercelProjectName: "stackos-engineering-graph",
|
|
6178
|
+
vercelTeamId: "team_mZBKwvXSSu7qxrWdg2go29sK",
|
|
6179
|
+
vercelProjectId: "prj_zAU0Zn9GkbHjHI63dxW4vLpmoqTJ",
|
|
6180
|
+
vercelWriterTokenEnv: "STACK_VERCEL_TOKEN",
|
|
6181
|
+
repository: {
|
|
6182
|
+
owner: "stack-vc",
|
|
6183
|
+
name: "stackos-engineering-graph"
|
|
6184
|
+
},
|
|
6185
|
+
sharedSourcePath: "/tenants/stack/engineering",
|
|
6186
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6187
|
+
convex: {
|
|
6188
|
+
urlEnv: "CONVEX_STACK_ENG_URL",
|
|
6189
|
+
deployKeyEnv: "CONVEX_STACK_ENG_DEPLOY_KEY",
|
|
6190
|
+
preprodDeployment: "small-oyster-270",
|
|
6191
|
+
prodDeployment: "bold-cuttlefish-804"
|
|
6192
|
+
}
|
|
6193
|
+
},
|
|
6194
|
+
{
|
|
6195
|
+
id: "lucern-graph",
|
|
6196
|
+
tenantKey: "lucern",
|
|
6197
|
+
workspaceKey: "lucern",
|
|
6198
|
+
vercelProjectName: "lucern-graph",
|
|
6199
|
+
vercelTeamId: "team_vTHxxs8GAoAFUe6RWMlYt7fY",
|
|
6200
|
+
vercelProjectId: "prj_KJ8EKV8vGM5xURpqmwTwmECEGPgQ",
|
|
6201
|
+
vercelWriterTokenEnv: "LUCERN_VERCEL_TOKEN",
|
|
6202
|
+
repository: {
|
|
6203
|
+
owner: "LucernAI",
|
|
6204
|
+
name: "lucern-graph"
|
|
6205
|
+
},
|
|
6206
|
+
sharedSourcePath: "/tenants/lucern/shared",
|
|
6207
|
+
sharedVariablePolicy: "tenant_shared_all_systems",
|
|
6208
|
+
convex: {
|
|
6209
|
+
urlEnv: "CONVEX_LUCERN_URL",
|
|
6210
|
+
deployKeyEnv: "CONVEX_LUCERN_DEPLOY_KEY",
|
|
6211
|
+
preprodDeployment: "good-blackbird-774",
|
|
6212
|
+
prodDeployment: "precious-dog-365"
|
|
6213
|
+
}
|
|
6214
|
+
}
|
|
6215
|
+
];
|
|
6216
|
+
var TENANT_SHARED_SECRET_DEFINITION_TEMPLATES = [
|
|
6217
|
+
{
|
|
6218
|
+
idSuffix: "clerk.publishable",
|
|
6219
|
+
canonicalName: "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY",
|
|
6220
|
+
aliases: ["CLERK_PUBLISHABLE_KEY"],
|
|
6221
|
+
required: true,
|
|
6222
|
+
secret: false,
|
|
6223
|
+
public: true,
|
|
6224
|
+
description: "Tenant-owned Clerk browser key. For Stack this is the master clerk.stack.vc project shared by front-end, StackOS, and the engineering workspace."
|
|
6225
|
+
},
|
|
6226
|
+
{
|
|
6227
|
+
idSuffix: "clerk.secret",
|
|
6228
|
+
canonicalName: "CLERK_SECRET_KEY",
|
|
6229
|
+
required: true,
|
|
6230
|
+
secret: true,
|
|
6231
|
+
public: false,
|
|
6232
|
+
description: "Tenant-owned Clerk backend secret used only by that tenant's server runtimes."
|
|
6233
|
+
},
|
|
6234
|
+
{
|
|
6235
|
+
idSuffix: "clerk.project",
|
|
6236
|
+
canonicalName: "CLERK_PROJECT_ID",
|
|
6237
|
+
required: true,
|
|
6238
|
+
secret: false,
|
|
6239
|
+
public: false,
|
|
6240
|
+
description: "Tenant-owned Clerk project id used to resolve canonical Clerk aliases."
|
|
6241
|
+
},
|
|
6242
|
+
{
|
|
6243
|
+
idSuffix: "clerk.jwks",
|
|
6244
|
+
canonicalName: "CLERK_JWT_ISSUER_DOMAIN",
|
|
6245
|
+
aliases: ["CLERK_ISSUER_URL", "CLERK_JWKS_URL"],
|
|
6246
|
+
required: false,
|
|
6247
|
+
secret: false,
|
|
6248
|
+
public: false,
|
|
6249
|
+
description: "Tenant Clerk issuer/JWKS URL consumed by Convex auth.config.ts."
|
|
6250
|
+
},
|
|
6251
|
+
{
|
|
6252
|
+
idSuffix: "clerk.jwt-key",
|
|
6253
|
+
canonicalName: "CLERK_JWT_KEY",
|
|
6254
|
+
required: false,
|
|
6255
|
+
secret: true,
|
|
6256
|
+
public: false,
|
|
6257
|
+
description: "Tenant Clerk JWT public verification key used by bearer-token API routes."
|
|
6258
|
+
},
|
|
6259
|
+
{
|
|
6260
|
+
idSuffix: "clerk.authorized-parties",
|
|
6261
|
+
canonicalName: "CLERK_AUTHORIZED_PARTIES",
|
|
6262
|
+
aliases: ["CLERK_MOBILE_AUTHORIZED_PARTIES"],
|
|
6263
|
+
required: false,
|
|
6264
|
+
secret: false,
|
|
6265
|
+
public: false,
|
|
6266
|
+
description: "Comma-separated Clerk authorized parties for browser and mobile bearer-token validation."
|
|
6267
|
+
},
|
|
6268
|
+
{
|
|
6269
|
+
idSuffix: "clerk.sign-in-url",
|
|
6270
|
+
canonicalName: "NEXT_PUBLIC_CLERK_SIGN_IN_URL",
|
|
6271
|
+
required: false,
|
|
6272
|
+
secret: false,
|
|
6273
|
+
public: true,
|
|
6274
|
+
description: "Tenant Clerk sign-in route for custom app login surfaces."
|
|
6275
|
+
},
|
|
6276
|
+
{
|
|
6277
|
+
idSuffix: "clerk.sign-up-url",
|
|
6278
|
+
canonicalName: "NEXT_PUBLIC_CLERK_SIGN_UP_URL",
|
|
6279
|
+
required: false,
|
|
6280
|
+
secret: false,
|
|
6281
|
+
public: true,
|
|
6282
|
+
description: "Tenant Clerk sign-up route for custom app login surfaces."
|
|
6283
|
+
}
|
|
6284
|
+
];
|
|
6285
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap(
|
|
6286
|
+
(system) => TENANT_SHARED_SECRET_DEFINITION_TEMPLATES.map(
|
|
6287
|
+
(template) => ({
|
|
6288
|
+
id: `tenant.${system.id}.${template.idSuffix}`,
|
|
6289
|
+
canonicalName: template.canonicalName,
|
|
6290
|
+
aliases: "aliases" in template ? template.aliases : void 0,
|
|
6291
|
+
owner: "tenant",
|
|
6292
|
+
scope: "tenant",
|
|
6293
|
+
sourcePath: system.sharedSourcePath,
|
|
6294
|
+
environmentPolicy: "environment_specific",
|
|
6295
|
+
required: template.required,
|
|
6296
|
+
secret: template.secret,
|
|
6297
|
+
public: template.public,
|
|
6298
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6299
|
+
destinations: [
|
|
6300
|
+
{
|
|
6301
|
+
kind: "vercel",
|
|
6302
|
+
target: system.vercelProjectName,
|
|
6303
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6304
|
+
},
|
|
6305
|
+
{
|
|
6306
|
+
kind: "convex",
|
|
6307
|
+
target: `${system.convex.preprodDeployment}|${system.convex.prodDeployment}`,
|
|
6308
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6309
|
+
}
|
|
6310
|
+
],
|
|
6311
|
+
description: `${system.tenantKey}/${system.workspaceKey}: ${template.description}`
|
|
6312
|
+
})
|
|
6313
|
+
)
|
|
6314
|
+
);
|
|
6315
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.map(
|
|
6316
|
+
(system) => ({
|
|
6317
|
+
id: `tenant.${system.id}.install-lucern-npm`,
|
|
6318
|
+
canonicalName: "INSTALL_LUCERN_NPM",
|
|
6319
|
+
owner: "provider",
|
|
6320
|
+
scope: "global",
|
|
6321
|
+
sourcePath: "/tenants/shared",
|
|
6322
|
+
environmentPolicy: "same_all_environments",
|
|
6323
|
+
required: true,
|
|
6324
|
+
secret: true,
|
|
6325
|
+
public: false,
|
|
6326
|
+
consumers: ["tenant-vercel-app", "tenant-deploy-tooling"],
|
|
6327
|
+
destinations: [
|
|
6328
|
+
{
|
|
6329
|
+
kind: "vercel",
|
|
6330
|
+
target: system.vercelProjectName,
|
|
6331
|
+
environmentPolicy: "same_all_environments"
|
|
6332
|
+
},
|
|
6333
|
+
{
|
|
6334
|
+
kind: "github_actions",
|
|
6335
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6336
|
+
environmentPolicy: "same_all_environments"
|
|
6337
|
+
}
|
|
6338
|
+
],
|
|
6339
|
+
description: `${system.tenantKey}/${system.workspaceKey}: read-only npm install token for published @lucern/* packages.`
|
|
6340
|
+
})
|
|
6341
|
+
);
|
|
6342
|
+
var TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS = ["stack-frontend", "stackos"];
|
|
6343
|
+
var TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES = [
|
|
6344
|
+
{
|
|
6345
|
+
idSuffix: "ai.openai-api-key",
|
|
6346
|
+
canonicalName: "OPENAI_API_KEY",
|
|
6347
|
+
required: false,
|
|
6348
|
+
secret: true,
|
|
6349
|
+
public: false,
|
|
6350
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6351
|
+
description: "Tenant-owned OpenAI key for product runtime LLM calls."
|
|
6352
|
+
},
|
|
6353
|
+
{
|
|
6354
|
+
idSuffix: "ai.anthropic-api-key",
|
|
6355
|
+
canonicalName: "ANTHROPIC_API_KEY",
|
|
6356
|
+
required: false,
|
|
6357
|
+
secret: true,
|
|
6358
|
+
public: false,
|
|
6359
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6360
|
+
description: "Tenant-owned Anthropic key for product runtime LLM calls."
|
|
6361
|
+
},
|
|
6362
|
+
{
|
|
6363
|
+
idSuffix: "ai.gemini-api-key",
|
|
6364
|
+
canonicalName: "GEMINI_API_KEY",
|
|
6365
|
+
aliases: ["GOOGLE_AI_API_KEY", "GOOGLE_GENERATIVE_AI_API_KEY"],
|
|
6366
|
+
required: false,
|
|
6367
|
+
secret: true,
|
|
6368
|
+
public: false,
|
|
6369
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment", "tenant-ai-runtime"],
|
|
6370
|
+
description: "Tenant-owned Google/Gemini key for product runtime LLM calls."
|
|
6371
|
+
},
|
|
6372
|
+
{
|
|
6373
|
+
idSuffix: "langfuse.secret-key",
|
|
6374
|
+
canonicalName: "LANGFUSE_SECRET_KEY",
|
|
6375
|
+
required: false,
|
|
6376
|
+
secret: true,
|
|
6377
|
+
public: false,
|
|
6378
|
+
consumers: [
|
|
6379
|
+
"tenant-vercel-app",
|
|
6380
|
+
"tenant-convex-deployment",
|
|
6381
|
+
"tenant-observability"
|
|
6382
|
+
],
|
|
6383
|
+
description: "Tenant-owned Langfuse secret key for product AI tracing."
|
|
6384
|
+
},
|
|
6385
|
+
{
|
|
6386
|
+
idSuffix: "langfuse.public-key",
|
|
6387
|
+
canonicalName: "LANGFUSE_PUBLIC_KEY",
|
|
6388
|
+
required: false,
|
|
6389
|
+
secret: false,
|
|
6390
|
+
public: false,
|
|
6391
|
+
consumers: [
|
|
6392
|
+
"tenant-vercel-app",
|
|
6393
|
+
"tenant-convex-deployment",
|
|
6394
|
+
"tenant-observability"
|
|
6395
|
+
],
|
|
6396
|
+
description: "Tenant-owned Langfuse public key for product AI tracing."
|
|
6397
|
+
},
|
|
6398
|
+
{
|
|
6399
|
+
idSuffix: "langfuse.base-url",
|
|
6400
|
+
canonicalName: "LANGFUSE_BASE_URL",
|
|
6401
|
+
aliases: ["LANGFUSE_BASEURL", "LANGFUSE_HOST"],
|
|
6402
|
+
required: false,
|
|
6403
|
+
secret: false,
|
|
6404
|
+
public: false,
|
|
6405
|
+
consumers: [
|
|
6406
|
+
"tenant-vercel-app",
|
|
6407
|
+
"tenant-convex-deployment",
|
|
6408
|
+
"tenant-observability"
|
|
6409
|
+
],
|
|
6410
|
+
description: "Tenant-owned Langfuse API origin."
|
|
6411
|
+
},
|
|
6412
|
+
{
|
|
6413
|
+
idSuffix: "graph.neo4j-uri",
|
|
6414
|
+
canonicalName: "NEO4J_URI",
|
|
6415
|
+
required: false,
|
|
6416
|
+
secret: false,
|
|
6417
|
+
public: false,
|
|
6418
|
+
consumers: [
|
|
6419
|
+
"tenant-vercel-app",
|
|
6420
|
+
"tenant-convex-deployment",
|
|
6421
|
+
"tenant-graph-sync"
|
|
6422
|
+
],
|
|
6423
|
+
description: "Tenant-owned Neo4j URI for product graph-sync."
|
|
6424
|
+
},
|
|
6425
|
+
{
|
|
6426
|
+
idSuffix: "graph.neo4j-user",
|
|
6427
|
+
canonicalName: "NEO4J_USER",
|
|
6428
|
+
aliases: ["NEO4J_USERNAME"],
|
|
6429
|
+
required: false,
|
|
6430
|
+
secret: false,
|
|
6431
|
+
public: false,
|
|
6432
|
+
consumers: [
|
|
6433
|
+
"tenant-vercel-app",
|
|
6434
|
+
"tenant-convex-deployment",
|
|
6435
|
+
"tenant-graph-sync"
|
|
6436
|
+
],
|
|
6437
|
+
description: "Tenant-owned Neo4j user for product graph-sync."
|
|
6438
|
+
},
|
|
6439
|
+
{
|
|
6440
|
+
idSuffix: "graph.neo4j-password",
|
|
6441
|
+
canonicalName: "NEO4J_PASSWORD",
|
|
6442
|
+
required: false,
|
|
6443
|
+
secret: true,
|
|
6444
|
+
public: false,
|
|
6445
|
+
consumers: [
|
|
6446
|
+
"tenant-vercel-app",
|
|
6447
|
+
"tenant-convex-deployment",
|
|
6448
|
+
"tenant-graph-sync"
|
|
6449
|
+
],
|
|
6450
|
+
description: "Tenant-owned Neo4j password for product graph-sync."
|
|
6451
|
+
},
|
|
6452
|
+
{
|
|
6453
|
+
idSuffix: "graph.neo4j-sync-secret",
|
|
6454
|
+
canonicalName: "NEO4J_SYNC_SECRET",
|
|
6455
|
+
required: false,
|
|
6456
|
+
secret: true,
|
|
6457
|
+
public: false,
|
|
6458
|
+
consumers: [
|
|
6459
|
+
"tenant-vercel-app",
|
|
6460
|
+
"tenant-convex-deployment",
|
|
6461
|
+
"tenant-graph-sync"
|
|
6462
|
+
],
|
|
6463
|
+
description: "Tenant-owned shared secret for product Convex-to-HTTP graph-sync calls."
|
|
6464
|
+
},
|
|
6465
|
+
{
|
|
6466
|
+
idSuffix: "graph.neo4j-database",
|
|
6467
|
+
canonicalName: "NEO4J_DATABASE",
|
|
6468
|
+
required: false,
|
|
6469
|
+
secret: false,
|
|
6470
|
+
public: false,
|
|
6471
|
+
consumers: [
|
|
6472
|
+
"tenant-vercel-app",
|
|
6473
|
+
"tenant-convex-deployment",
|
|
6474
|
+
"tenant-graph-sync"
|
|
6475
|
+
],
|
|
6476
|
+
description: "Tenant-owned Neo4j database name for product graph-sync."
|
|
6477
|
+
},
|
|
6478
|
+
{
|
|
6479
|
+
idSuffix: "vector.pinecone-api-key",
|
|
6480
|
+
canonicalName: "PINECONE_API_KEY",
|
|
6481
|
+
required: false,
|
|
6482
|
+
secret: true,
|
|
6483
|
+
public: false,
|
|
6484
|
+
consumers: [
|
|
6485
|
+
"tenant-vercel-app",
|
|
6486
|
+
"tenant-convex-deployment",
|
|
6487
|
+
"tenant-vector-store"
|
|
6488
|
+
],
|
|
6489
|
+
description: "Tenant-owned Pinecone API key for product vector search."
|
|
6490
|
+
},
|
|
6491
|
+
{
|
|
6492
|
+
idSuffix: "vector.pinecone-index-name",
|
|
6493
|
+
canonicalName: "PINECONE_INDEX_NAME",
|
|
6494
|
+
aliases: ["PINECONE_INDEX"],
|
|
6495
|
+
required: false,
|
|
6496
|
+
secret: false,
|
|
6497
|
+
public: false,
|
|
6498
|
+
consumers: [
|
|
6499
|
+
"tenant-vercel-app",
|
|
6500
|
+
"tenant-convex-deployment",
|
|
6501
|
+
"tenant-vector-store"
|
|
6502
|
+
],
|
|
6503
|
+
description: "Tenant-owned Pinecone index name for product vector search."
|
|
6504
|
+
},
|
|
6505
|
+
{
|
|
6506
|
+
idSuffix: "vector.pinecone-host",
|
|
6507
|
+
canonicalName: "PINECONE_HOST",
|
|
6508
|
+
aliases: ["PINECONE_INDEX_HOST"],
|
|
6509
|
+
required: false,
|
|
6510
|
+
secret: false,
|
|
6511
|
+
public: false,
|
|
6512
|
+
consumers: [
|
|
6513
|
+
"tenant-vercel-app",
|
|
6514
|
+
"tenant-convex-deployment",
|
|
6515
|
+
"tenant-vector-store"
|
|
6516
|
+
],
|
|
6517
|
+
description: "Tenant-owned Pinecone host for product vector search."
|
|
6518
|
+
},
|
|
6519
|
+
{
|
|
6520
|
+
idSuffix: "vector.pinecone-namespace",
|
|
6521
|
+
canonicalName: "PINECONE_NAMESPACE",
|
|
6522
|
+
required: false,
|
|
6523
|
+
secret: false,
|
|
6524
|
+
public: false,
|
|
6525
|
+
consumers: [
|
|
6526
|
+
"tenant-vercel-app",
|
|
6527
|
+
"tenant-convex-deployment",
|
|
6528
|
+
"tenant-vector-store"
|
|
6529
|
+
],
|
|
6530
|
+
description: "Tenant-owned Pinecone namespace for product vector search isolation."
|
|
6531
|
+
},
|
|
6532
|
+
{
|
|
6533
|
+
idSuffix: "storage.aws-access-key-id",
|
|
6534
|
+
canonicalName: "AWS_ACCESS_KEY_ID",
|
|
6535
|
+
required: false,
|
|
6536
|
+
secret: true,
|
|
6537
|
+
public: false,
|
|
6538
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6539
|
+
description: "Tenant-owned AWS access key id for document/file ingestion."
|
|
6540
|
+
},
|
|
6541
|
+
{
|
|
6542
|
+
idSuffix: "storage.aws-secret-access-key",
|
|
6543
|
+
canonicalName: "AWS_SECRET_ACCESS_KEY",
|
|
6544
|
+
required: false,
|
|
6545
|
+
secret: true,
|
|
6546
|
+
public: false,
|
|
6547
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6548
|
+
description: "Tenant-owned AWS secret access key for document/file ingestion."
|
|
6549
|
+
},
|
|
6550
|
+
{
|
|
6551
|
+
idSuffix: "storage.aws-region",
|
|
6552
|
+
canonicalName: "AWS_REGION",
|
|
6553
|
+
required: false,
|
|
6554
|
+
secret: false,
|
|
6555
|
+
public: false,
|
|
6556
|
+
consumers: ["tenant-vercel-app", "tenant-convex-deployment"],
|
|
6557
|
+
description: "Tenant-owned AWS region for document/file ingestion."
|
|
6558
|
+
},
|
|
6559
|
+
{
|
|
6560
|
+
idSuffix: "observability.sentry-dsn",
|
|
6561
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_DSN",
|
|
6562
|
+
aliases: ["NEXT_PUBLIC_SENTRY_DSN_NEXTJS", "SENTRY_DSN"],
|
|
6563
|
+
required: false,
|
|
6564
|
+
secret: false,
|
|
6565
|
+
public: true,
|
|
6566
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6567
|
+
description: "Tenant-owned Sentry DSN for app telemetry."
|
|
6568
|
+
},
|
|
6569
|
+
{
|
|
6570
|
+
idSuffix: "observability.sentry-auth-token",
|
|
6571
|
+
canonicalName: "SENTRY_AUTH_TOKEN",
|
|
6572
|
+
required: false,
|
|
6573
|
+
secret: true,
|
|
6574
|
+
public: false,
|
|
6575
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6576
|
+
description: "Tenant-owned Sentry release token for app deployments."
|
|
6577
|
+
},
|
|
6578
|
+
{
|
|
6579
|
+
idSuffix: "observability.sentry-org",
|
|
6580
|
+
canonicalName: "SENTRY_ORG",
|
|
6581
|
+
aliases: ["SENTRY_ORG_SLUG"],
|
|
6582
|
+
required: false,
|
|
6583
|
+
secret: false,
|
|
6584
|
+
public: false,
|
|
6585
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6586
|
+
description: "Tenant-owned Sentry org slug for release uploads."
|
|
6587
|
+
},
|
|
6588
|
+
{
|
|
6589
|
+
idSuffix: "observability.sentry-project",
|
|
6590
|
+
canonicalName: "SENTRY_PROJECT",
|
|
6591
|
+
aliases: ["SENTRY_PROJECT_NEXTJS"],
|
|
6592
|
+
required: false,
|
|
6593
|
+
secret: false,
|
|
6594
|
+
public: false,
|
|
6595
|
+
consumers: ["tenant-deploy-tooling", "tenant-observability"],
|
|
6596
|
+
description: "Tenant-owned Sentry project slug for release uploads."
|
|
6597
|
+
},
|
|
6598
|
+
{
|
|
6599
|
+
idSuffix: "observability.sentry-environment",
|
|
6600
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_ENVIRONMENT",
|
|
6601
|
+
aliases: ["SENTRY_ENVIRONMENT"],
|
|
6602
|
+
required: false,
|
|
6603
|
+
secret: false,
|
|
6604
|
+
public: true,
|
|
6605
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6606
|
+
description: "Tenant-owned Sentry environment label."
|
|
6607
|
+
},
|
|
6608
|
+
{
|
|
6609
|
+
idSuffix: "observability.sentry-release",
|
|
6610
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_RELEASE",
|
|
6611
|
+
aliases: ["SENTRY_RELEASE"],
|
|
6612
|
+
required: false,
|
|
6613
|
+
secret: false,
|
|
6614
|
+
public: true,
|
|
6615
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6616
|
+
description: "Tenant-owned Sentry release label."
|
|
6617
|
+
},
|
|
6618
|
+
{
|
|
6619
|
+
idSuffix: "observability.sentry-client-options",
|
|
6620
|
+
canonicalName: "NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE",
|
|
6621
|
+
aliases: [
|
|
6622
|
+
"NEXT_PUBLIC_SENTRY_CAPTURE_CONSOLE_LEVELS",
|
|
6623
|
+
"NEXT_PUBLIC_SENTRY_CAPTURE_CONSOLE_LEVELS_NEXTJS",
|
|
6624
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_BREADCRUMB_LEVELS",
|
|
6625
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_BREADCRUMB_LEVELS_NEXTJS",
|
|
6626
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_LOG_LEVELS",
|
|
6627
|
+
"NEXT_PUBLIC_SENTRY_CONSOLE_LOG_LEVELS_NEXTJS",
|
|
6628
|
+
"NEXT_PUBLIC_SENTRY_ENABLE_LOGS",
|
|
6629
|
+
"NEXT_PUBLIC_SENTRY_REPLAYS_ON_ERROR_SAMPLE_RATE",
|
|
6630
|
+
"NEXT_PUBLIC_SENTRY_REPLAYS_SESSION_SAMPLE_RATE",
|
|
6631
|
+
"NEXT_PUBLIC_SENTRY_SEND_DEFAULT_PII",
|
|
6632
|
+
"NEXT_PUBLIC_SENTRY_TRACES_SAMPLE_RATE_NEXTJS"
|
|
6633
|
+
],
|
|
6634
|
+
required: false,
|
|
6635
|
+
secret: false,
|
|
6636
|
+
public: true,
|
|
6637
|
+
consumers: ["tenant-vercel-app", "tenant-observability"],
|
|
6638
|
+
description: "Tenant-owned public Sentry tuning values for Next.js client instrumentation."
|
|
6639
|
+
},
|
|
6640
|
+
{
|
|
6641
|
+
idSuffix: "observability.sentry-webhook-secret",
|
|
6642
|
+
canonicalName: "SENTRY_WEBHOOK_SECRET",
|
|
6643
|
+
required: false,
|
|
6644
|
+
secret: true,
|
|
6645
|
+
public: false,
|
|
6646
|
+
consumers: ["tenant-convex-deployment", "tenant-observability"],
|
|
6647
|
+
description: "Tenant-owned Sentry webhook verification secret."
|
|
6648
|
+
},
|
|
6649
|
+
{
|
|
6650
|
+
idSuffix: "lucern.gateway-api-key",
|
|
6651
|
+
canonicalName: "LUCERN_API_KEY",
|
|
6652
|
+
aliases: ["STACK_API_KEY"],
|
|
6653
|
+
required: false,
|
|
6654
|
+
secret: true,
|
|
6655
|
+
public: false,
|
|
6656
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6657
|
+
description: "Tenant-scoped Lucern/MC gateway API key for product front-door calls."
|
|
6658
|
+
},
|
|
6659
|
+
{
|
|
6660
|
+
idSuffix: "lucern.gateway-base-url",
|
|
6661
|
+
canonicalName: "LUCERN_BASE_URL",
|
|
6662
|
+
aliases: ["LUCERN_API_BASE_URL", "LUCERN_GATEWAY_BASE_URL"],
|
|
6663
|
+
required: false,
|
|
6664
|
+
secret: false,
|
|
6665
|
+
public: false,
|
|
6666
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6667
|
+
description: "Lucern/MC gateway base URL used by tenant product apps."
|
|
6668
|
+
},
|
|
6669
|
+
{
|
|
6670
|
+
idSuffix: "lucern.proxy-token-secret",
|
|
6671
|
+
canonicalName: "LUCERN_PROXY_TOKEN_SECRET",
|
|
6672
|
+
required: false,
|
|
6673
|
+
secret: true,
|
|
6674
|
+
public: false,
|
|
6675
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6676
|
+
description: "Tenant-owned secret for signing internal proxy/session tokens in product apps."
|
|
6677
|
+
},
|
|
6678
|
+
{
|
|
6679
|
+
idSuffix: "tenant.integrations.linear-api-key",
|
|
6680
|
+
canonicalName: "LINEAR_API_KEY",
|
|
6681
|
+
required: false,
|
|
6682
|
+
secret: true,
|
|
6683
|
+
public: false,
|
|
6684
|
+
consumers: ["tenant-vercel-app", "tenant-agent-runtime"],
|
|
6685
|
+
description: "Tenant-owned Linear API key for support/slash-command flows."
|
|
6686
|
+
},
|
|
6687
|
+
{
|
|
6688
|
+
idSuffix: "tenant.vercel.bypass-token",
|
|
6689
|
+
canonicalName: "VERCEL_AUTOMATION_BYPASS_SECRET",
|
|
6690
|
+
aliases: ["NEXT_PUBLIC_VERCEL_BYPASS_TOKEN"],
|
|
6691
|
+
required: false,
|
|
6692
|
+
secret: true,
|
|
6693
|
+
public: false,
|
|
6694
|
+
consumers: ["tenant-vercel-app", "tenant-deploy-tooling"],
|
|
6695
|
+
description: "Tenant-owned Vercel automation bypass token. Public alias is legacy and should be removed from app code."
|
|
6696
|
+
}
|
|
6697
|
+
];
|
|
6698
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.filter(
|
|
6699
|
+
(system) => TENANT_PRODUCT_SOFTWARE_SYSTEM_IDS.includes(system.id)
|
|
6700
|
+
).flatMap(
|
|
6701
|
+
(system) => TENANT_PRODUCT_RUNTIME_SECRET_DEFINITION_TEMPLATES.map(
|
|
6702
|
+
(template) => ({
|
|
6703
|
+
id: `tenant.${system.id}.${template.idSuffix}`,
|
|
6704
|
+
canonicalName: template.canonicalName,
|
|
6705
|
+
aliases: "aliases" in template ? template.aliases : void 0,
|
|
6706
|
+
owner: "tenant",
|
|
6707
|
+
scope: "tenant",
|
|
6708
|
+
sourcePath: system.sharedSourcePath,
|
|
6709
|
+
environmentPolicy: "environment_specific",
|
|
6710
|
+
required: template.required,
|
|
6711
|
+
secret: template.secret,
|
|
6712
|
+
public: template.public,
|
|
6713
|
+
consumers: template.consumers,
|
|
6714
|
+
destinations: [
|
|
6715
|
+
{
|
|
6716
|
+
kind: "vercel",
|
|
6717
|
+
target: system.vercelProjectName,
|
|
6718
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6719
|
+
},
|
|
6720
|
+
{
|
|
6721
|
+
kind: "convex",
|
|
6722
|
+
target: `${system.convex.preprodDeployment}|${system.convex.prodDeployment}`,
|
|
6723
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6724
|
+
},
|
|
6725
|
+
{
|
|
6726
|
+
kind: "github_actions",
|
|
6727
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6728
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6729
|
+
}
|
|
6730
|
+
],
|
|
6731
|
+
description: `${system.tenantKey}/${system.workspaceKey}: ${template.description}`
|
|
6732
|
+
})
|
|
6733
|
+
)
|
|
6734
|
+
);
|
|
6735
|
+
function tenantVercelConvexUrlWriteNames(system) {
|
|
6736
|
+
const names = [system.convex.urlEnv, "NEXT_PUBLIC_CONVEX_URL"];
|
|
6737
|
+
if (system.id === "stack-eng") {
|
|
6738
|
+
return [...names, "STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6739
|
+
}
|
|
6740
|
+
return names;
|
|
6741
|
+
}
|
|
6742
|
+
function tenantRepositoryConvexUrlWriteNames(system) {
|
|
6743
|
+
if (system.id === "stack-eng") {
|
|
6744
|
+
return [system.convex.urlEnv, "STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6745
|
+
}
|
|
6746
|
+
return [system.convex.urlEnv];
|
|
6747
|
+
}
|
|
6748
|
+
function tenantRepositoryConvexDeployKeyWriteNames(system) {
|
|
6749
|
+
if (system.id === "stack-eng") {
|
|
6750
|
+
return [system.convex.deployKeyEnv, "STACKOS_ENGINEERING_GRAPH_DEPLOY_KEY"];
|
|
6751
|
+
}
|
|
6752
|
+
return [system.convex.deployKeyEnv];
|
|
6753
|
+
}
|
|
6754
|
+
function tenantConvexUrlAliases(system) {
|
|
6755
|
+
if (system.id === "stack-frontend") {
|
|
6756
|
+
return [
|
|
6757
|
+
"CONVEX_PROD_URL",
|
|
6758
|
+
"CONVEX_STACK_V2_PROD_URL",
|
|
6759
|
+
"CONVEX_STACK_V2_STAGING_URL",
|
|
6760
|
+
"STACK_CONVEX_URL"
|
|
6761
|
+
];
|
|
6762
|
+
}
|
|
6763
|
+
if (system.id === "stackos") {
|
|
6764
|
+
return [
|
|
6765
|
+
"CONVEX_CLOUD_URL",
|
|
6766
|
+
"CONVEX_STACK_URL",
|
|
6767
|
+
"CONVEX_URL",
|
|
6768
|
+
"CONVEX_URL_DEVELOPMENT",
|
|
6769
|
+
"CONVEX_URL_PRODUCTION",
|
|
6770
|
+
"STACK_CONVEX_URL"
|
|
6771
|
+
];
|
|
6772
|
+
}
|
|
6773
|
+
if (system.id === "stack-eng") {
|
|
6774
|
+
return ["STACKOS_ENGINEERING_GRAPH_CONVEX_URL"];
|
|
6775
|
+
}
|
|
6776
|
+
if (system.id === "lucern-graph") {
|
|
6777
|
+
return [
|
|
6778
|
+
"CONVEX_GRAPH_URL",
|
|
6779
|
+
"LUCERN_PROD_URL",
|
|
6780
|
+
"NEXT_PUBLIC_LUCERN_GRAPH_URL"
|
|
6781
|
+
];
|
|
6782
|
+
}
|
|
6783
|
+
return void 0;
|
|
6784
|
+
}
|
|
6785
|
+
function tenantConvexDeployKeyAliases(system) {
|
|
6786
|
+
if (system.id === "stack-frontend") {
|
|
6787
|
+
return [
|
|
6788
|
+
"CONVEX_STACK_V2_PROD_DEPLOY_KEY",
|
|
6789
|
+
"CONVEX_STACK_V2_STAGING_DEPLOY_KEY",
|
|
6790
|
+
"STACK_DEPLOY_KEY"
|
|
6791
|
+
];
|
|
6792
|
+
}
|
|
6793
|
+
if (system.id === "stackos") {
|
|
6794
|
+
return [
|
|
6795
|
+
"CONVEX_DEPLOY_KEY",
|
|
6796
|
+
"CONVEX_DEV_DEPLOY_KEY",
|
|
6797
|
+
"CONVEX_PROD_DEPLOY_KEY",
|
|
6798
|
+
"CONVEX_STACK_DEPLOY_KEY",
|
|
6799
|
+
"STACK_DEPLOY_KEY"
|
|
6800
|
+
];
|
|
6801
|
+
}
|
|
6802
|
+
if (system.id === "stack-eng") {
|
|
6803
|
+
return ["CONVEX_DEPLOY_KEY", "STACKOS_ENGINEERING_GRAPH_DEPLOY_KEY"];
|
|
6804
|
+
}
|
|
6805
|
+
if (system.id === "lucern-graph") {
|
|
6806
|
+
return [
|
|
6807
|
+
"CONVEX_DEPLOY_KEY",
|
|
6808
|
+
"CONVEX_GRAPH_DEPLOY_KEY",
|
|
6809
|
+
"LUCERN_CONVEX_DEPLOY_KEY",
|
|
6810
|
+
"LUCERN_DEV_DEPLOY_KEY",
|
|
6811
|
+
"LUCERN_PROD_DEPLOY_KEY"
|
|
6812
|
+
];
|
|
6813
|
+
}
|
|
6814
|
+
return void 0;
|
|
6815
|
+
}
|
|
6816
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap(
|
|
6817
|
+
(system) => {
|
|
6818
|
+
if (system.id === "lucern-graph") {
|
|
6819
|
+
return [
|
|
6820
|
+
{
|
|
6821
|
+
id: "tenant.lucern-graph.public.tenant-id",
|
|
6822
|
+
canonicalName: "NEXT_PUBLIC_LUCERN_GRAPH_TENANT_ID",
|
|
6823
|
+
aliases: ["NEXT_PUBLIC_LUCERN_TENANT_ID"],
|
|
6824
|
+
owner: "tenant",
|
|
6825
|
+
scope: "workspace",
|
|
6826
|
+
sourcePath: system.sharedSourcePath,
|
|
6827
|
+
environmentPolicy: "environment_specific",
|
|
6828
|
+
required: false,
|
|
6829
|
+
secret: false,
|
|
6830
|
+
public: true,
|
|
6831
|
+
consumers: ["tenant-vercel-app"],
|
|
6832
|
+
destinations: [
|
|
6833
|
+
{
|
|
6834
|
+
kind: "vercel",
|
|
6835
|
+
target: system.vercelProjectName,
|
|
6836
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6837
|
+
}
|
|
6838
|
+
],
|
|
6839
|
+
description: "Lucern graph public tenant id used by the standalone graph explorer."
|
|
6840
|
+
},
|
|
6841
|
+
{
|
|
6842
|
+
id: "tenant.lucern-graph.public.tenant-label",
|
|
6843
|
+
canonicalName: "NEXT_PUBLIC_LUCERN_GRAPH_TENANT_LABEL",
|
|
6844
|
+
owner: "tenant",
|
|
6845
|
+
scope: "workspace",
|
|
6846
|
+
sourcePath: system.sharedSourcePath,
|
|
6847
|
+
environmentPolicy: "environment_specific",
|
|
6848
|
+
required: false,
|
|
6849
|
+
secret: false,
|
|
6850
|
+
public: true,
|
|
6851
|
+
consumers: ["tenant-vercel-app"],
|
|
6852
|
+
destinations: [
|
|
6853
|
+
{
|
|
6854
|
+
kind: "vercel",
|
|
6855
|
+
target: system.vercelProjectName,
|
|
6856
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6857
|
+
}
|
|
6858
|
+
],
|
|
6859
|
+
description: "Lucern graph public tenant label used by the standalone graph explorer."
|
|
6860
|
+
}
|
|
6861
|
+
];
|
|
6862
|
+
}
|
|
6863
|
+
if (system.id === "stack-eng") {
|
|
6864
|
+
return [
|
|
6865
|
+
{
|
|
6866
|
+
id: "tenant.stack-eng.public.tenant-id",
|
|
6867
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_TENANT_ID",
|
|
6868
|
+
owner: "tenant",
|
|
6869
|
+
scope: "workspace",
|
|
6870
|
+
sourcePath: system.sharedSourcePath,
|
|
6871
|
+
environmentPolicy: "environment_specific",
|
|
6872
|
+
required: false,
|
|
6873
|
+
secret: false,
|
|
6874
|
+
public: true,
|
|
6875
|
+
consumers: ["tenant-vercel-app"],
|
|
6876
|
+
destinations: [
|
|
6877
|
+
{
|
|
6878
|
+
kind: "vercel",
|
|
6879
|
+
target: system.vercelProjectName,
|
|
6880
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6881
|
+
}
|
|
6882
|
+
],
|
|
6883
|
+
description: "Stack engineering graph public tenant id used by the graph explorer."
|
|
6884
|
+
},
|
|
6885
|
+
{
|
|
6886
|
+
id: "tenant.stack-eng.public.tenant-label",
|
|
6887
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_TENANT_LABEL",
|
|
6888
|
+
owner: "tenant",
|
|
6889
|
+
scope: "workspace",
|
|
6890
|
+
sourcePath: system.sharedSourcePath,
|
|
6891
|
+
environmentPolicy: "environment_specific",
|
|
6892
|
+
required: false,
|
|
6893
|
+
secret: false,
|
|
6894
|
+
public: true,
|
|
6895
|
+
consumers: ["tenant-vercel-app"],
|
|
6896
|
+
destinations: [
|
|
6897
|
+
{
|
|
6898
|
+
kind: "vercel",
|
|
6899
|
+
target: system.vercelProjectName,
|
|
6900
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6901
|
+
}
|
|
6902
|
+
],
|
|
6903
|
+
description: "Stack engineering graph public tenant label used by the graph explorer."
|
|
6904
|
+
},
|
|
6905
|
+
{
|
|
6906
|
+
id: "tenant.stack-eng.public.environment",
|
|
6907
|
+
canonicalName: "NEXT_PUBLIC_STACKOS_ENGINEERING_GRAPH_ENV",
|
|
6908
|
+
owner: "tenant",
|
|
6909
|
+
scope: "workspace",
|
|
6910
|
+
sourcePath: system.sharedSourcePath,
|
|
6911
|
+
environmentPolicy: "environment_specific",
|
|
6912
|
+
required: false,
|
|
6913
|
+
secret: false,
|
|
6914
|
+
public: true,
|
|
6915
|
+
consumers: ["tenant-vercel-app"],
|
|
6916
|
+
destinations: [
|
|
6917
|
+
{
|
|
6918
|
+
kind: "vercel",
|
|
6919
|
+
target: system.vercelProjectName,
|
|
6920
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6921
|
+
}
|
|
6922
|
+
],
|
|
6923
|
+
description: "Stack engineering graph public environment label used by the graph explorer."
|
|
6924
|
+
}
|
|
6925
|
+
];
|
|
6926
|
+
}
|
|
6927
|
+
return [];
|
|
6928
|
+
}
|
|
6929
|
+
);
|
|
6930
|
+
INFISICAL_TENANT_SOFTWARE_SYSTEMS.flatMap((system) => [
|
|
6931
|
+
{
|
|
6932
|
+
id: `tenant.${system.id}.convex.url`,
|
|
6933
|
+
canonicalName: system.convex.urlEnv,
|
|
6934
|
+
aliases: tenantConvexUrlAliases(system),
|
|
6935
|
+
owner: "tenant",
|
|
6936
|
+
scope: "software_system",
|
|
6937
|
+
sourcePath: system.sharedSourcePath,
|
|
6938
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6939
|
+
required: true,
|
|
6940
|
+
secret: false,
|
|
6941
|
+
public: false,
|
|
6942
|
+
consumers: [
|
|
6943
|
+
"tenant-vercel-app",
|
|
6944
|
+
"tenant-agent-runtime",
|
|
6945
|
+
"mc-operator-tooling"
|
|
6946
|
+
],
|
|
6947
|
+
destinations: [
|
|
6948
|
+
{
|
|
6949
|
+
kind: "vercel",
|
|
6950
|
+
target: system.vercelProjectName,
|
|
6951
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6952
|
+
writeNames: tenantVercelConvexUrlWriteNames(system)
|
|
6953
|
+
},
|
|
6954
|
+
{
|
|
6955
|
+
kind: "github_actions",
|
|
6956
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6957
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6958
|
+
writeNames: tenantRepositoryConvexUrlWriteNames(system),
|
|
6959
|
+
notes: "Only if that repository deploy/test workflow owns this software system."
|
|
6960
|
+
}
|
|
6961
|
+
],
|
|
6962
|
+
description: `${system.tenantKey}/${system.workspaceKey} Convex URL. Pre-prod resolves to ${system.convex.preprodDeployment}; prod resolves to ${system.convex.prodDeployment}.`
|
|
5138
6963
|
},
|
|
5139
6964
|
{
|
|
5140
|
-
|
|
5141
|
-
|
|
5142
|
-
|
|
6965
|
+
id: `tenant.${system.id}.convex.deploy-key`,
|
|
6966
|
+
canonicalName: system.convex.deployKeyEnv,
|
|
6967
|
+
aliases: tenantConvexDeployKeyAliases(system),
|
|
6968
|
+
owner: "tenant",
|
|
6969
|
+
scope: "software_system",
|
|
6970
|
+
sourcePath: system.sharedSourcePath,
|
|
6971
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6972
|
+
required: true,
|
|
6973
|
+
secret: true,
|
|
6974
|
+
public: false,
|
|
6975
|
+
consumers: [
|
|
6976
|
+
"tenant-vercel-app",
|
|
6977
|
+
"tenant-agent-runtime",
|
|
6978
|
+
"mc-operator-tooling"
|
|
6979
|
+
],
|
|
6980
|
+
destinations: [
|
|
6981
|
+
{
|
|
6982
|
+
kind: "vercel",
|
|
6983
|
+
target: system.vercelProjectName,
|
|
6984
|
+
environmentPolicy: "preprod_staging_prod_prod"
|
|
6985
|
+
},
|
|
6986
|
+
{
|
|
6987
|
+
kind: "github_actions",
|
|
6988
|
+
target: `${system.repository.owner}/${system.repository.name}`,
|
|
6989
|
+
environmentPolicy: "preprod_staging_prod_prod",
|
|
6990
|
+
writeNames: tenantRepositoryConvexDeployKeyWriteNames(system),
|
|
6991
|
+
notes: "Only if that repository deploy/test workflow owns this software system."
|
|
6992
|
+
}
|
|
6993
|
+
],
|
|
6994
|
+
description: `${system.tenantKey}/${system.workspaceKey} Convex deploy/admin key. Never route to sibling workspaces.`
|
|
5143
6995
|
}
|
|
5144
|
-
];
|
|
5145
|
-
TENANT_CLIENT_INSTALLABLE_PACKAGES.map(
|
|
5146
|
-
(entry) => entry.packageName
|
|
5147
|
-
);
|
|
6996
|
+
]);
|
|
5148
6997
|
z.object({
|
|
5149
6998
|
manifestVersion: z.literal("1.0.0"),
|
|
5150
6999
|
rules: z.array(
|
|
@@ -5185,7 +7034,7 @@ var createEvidenceInputSchemaBase = z.object({
|
|
|
5185
7034
|
targetId: z.string().optional(),
|
|
5186
7035
|
targetNodeId: z.string().optional(),
|
|
5187
7036
|
linkedBeliefNodeId: z.string().optional(),
|
|
5188
|
-
evidenceRelation: z.enum(["supports", "contradicts"
|
|
7037
|
+
evidenceRelation: z.enum(["supports", "contradicts"]).optional(),
|
|
5189
7038
|
confidence: z.number().optional(),
|
|
5190
7039
|
weight: z.number().optional(),
|
|
5191
7040
|
reasoning: z.string().optional(),
|
|
@@ -5270,8 +7119,7 @@ var createEvidenceProjection = defineProjection({
|
|
|
5270
7119
|
evidenceRelation: v.optional(
|
|
5271
7120
|
v.union(
|
|
5272
7121
|
v.literal("supports"),
|
|
5273
|
-
v.literal("contradicts")
|
|
5274
|
-
v.literal("neutral")
|
|
7122
|
+
v.literal("contradicts")
|
|
5275
7123
|
)
|
|
5276
7124
|
),
|
|
5277
7125
|
confidence: v.optional(v.number()),
|
|
@@ -5296,7 +7144,7 @@ function compactRecord2(input) {
|
|
|
5296
7144
|
Object.entries(input).filter(([, value]) => value !== void 0)
|
|
5297
7145
|
);
|
|
5298
7146
|
}
|
|
5299
|
-
|
|
7147
|
+
defineProjection({
|
|
5300
7148
|
contractName: "list_beliefs",
|
|
5301
7149
|
inputSchema: listBeliefsInputSchema,
|
|
5302
7150
|
project: (input) => compactRecord2({
|
|
@@ -5320,12 +7168,17 @@ var listBeliefsProjection = defineProjection({
|
|
|
5320
7168
|
});
|
|
5321
7169
|
var taskStatusSchema = z.enum(["todo", "in_progress", "blocked", "done"]).optional().describe("Filter by task status");
|
|
5322
7170
|
var listTasksInputSchema = z.object({
|
|
5323
|
-
topicId: z.string().describe("Topic scope"),
|
|
7171
|
+
topicId: z.string().optional().describe("Topic scope"),
|
|
5324
7172
|
worktreeId: z.string().optional().describe("Alias for linkedWorktreeId"),
|
|
5325
7173
|
linkedWorktreeId: z.string().optional().describe("Filter to tasks linked to this worktree"),
|
|
5326
7174
|
status: taskStatusSchema,
|
|
5327
7175
|
limit: z.number().optional().describe("Maximum results")
|
|
5328
|
-
})
|
|
7176
|
+
}).refine(
|
|
7177
|
+
(input) => Boolean(input.topicId || input.worktreeId || input.linkedWorktreeId),
|
|
7178
|
+
{
|
|
7179
|
+
message: "topicId or worktreeId is required"
|
|
7180
|
+
}
|
|
7181
|
+
);
|
|
5329
7182
|
function compactRecord3(input) {
|
|
5330
7183
|
return Object.fromEntries(
|
|
5331
7184
|
Object.entries(input).filter(([, value]) => value !== void 0)
|
|
@@ -5342,7 +7195,7 @@ var listTasksProjection = defineProjection({
|
|
|
5342
7195
|
linkedWorktreeId: input.linkedWorktreeId ?? input.worktreeId
|
|
5343
7196
|
}),
|
|
5344
7197
|
convexArgsValidator: v.object({
|
|
5345
|
-
topicId: v.string(),
|
|
7198
|
+
topicId: v.optional(v.string()),
|
|
5346
7199
|
status: v.optional(
|
|
5347
7200
|
v.union(
|
|
5348
7201
|
v.literal("todo"),
|
|
@@ -6389,19 +8242,23 @@ var FIND_CONTRADICTIONS = {
|
|
|
6389
8242
|
};
|
|
6390
8243
|
var CREATE_EDGE = {
|
|
6391
8244
|
name: "create_edge",
|
|
6392
|
-
description: "Commit a typed relationship between two nodes in the reasoning graph. Like `git commit` \u2014 an atomic write that declares a dependency between nodes.
|
|
8245
|
+
description: "Commit a typed relationship between two nodes in the reasoning graph. Like `git commit` \u2014 an atomic write that declares a dependency between nodes. Accepts any public epistemic edge type between public graph node refs so agents can author the full spine.",
|
|
6393
8246
|
parameters: {
|
|
6394
|
-
|
|
6395
|
-
type: "
|
|
6396
|
-
description: "Source
|
|
8247
|
+
from: {
|
|
8248
|
+
type: "object",
|
|
8249
|
+
description: "Source graph ref, e.g. { kind: 'epistemic_node', nodeId: '...', nodeType: 'topic' }"
|
|
6397
8250
|
},
|
|
6398
|
-
|
|
6399
|
-
type: "
|
|
6400
|
-
description: "Target
|
|
8251
|
+
to: {
|
|
8252
|
+
type: "object",
|
|
8253
|
+
description: "Target graph ref, e.g. { kind: 'epistemic_node', nodeId: '...', nodeType: 'belief' }"
|
|
6401
8254
|
},
|
|
6402
8255
|
edgeType: {
|
|
6403
8256
|
type: "string",
|
|
6404
|
-
description: "Relationship type
|
|
8257
|
+
description: "Relationship type from the public epistemic edge enum."
|
|
8258
|
+
},
|
|
8259
|
+
globalId: {
|
|
8260
|
+
type: "string",
|
|
8261
|
+
description: "Optional idempotent edge global ID."
|
|
6405
8262
|
},
|
|
6406
8263
|
weight: {
|
|
6407
8264
|
type: "number",
|
|
@@ -6411,10 +8268,14 @@ var CREATE_EDGE = {
|
|
|
6411
8268
|
reasoningMethod: {
|
|
6412
8269
|
type: "string",
|
|
6413
8270
|
description: "How this was determined",
|
|
6414
|
-
enum: [
|
|
8271
|
+
enum: [...REASONING_METHODS]
|
|
8272
|
+
},
|
|
8273
|
+
metadata: {
|
|
8274
|
+
type: "object",
|
|
8275
|
+
description: "Optional edge metadata."
|
|
6415
8276
|
}
|
|
6416
8277
|
},
|
|
6417
|
-
required: ["
|
|
8278
|
+
required: ["from", "to", "edgeType"],
|
|
6418
8279
|
response: {
|
|
6419
8280
|
description: "The created edge",
|
|
6420
8281
|
fields: {
|
|
@@ -6428,6 +8289,240 @@ var CREATE_EDGE = {
|
|
|
6428
8289
|
ontologyPrimitive: "edge",
|
|
6429
8290
|
tier: "showcase"
|
|
6430
8291
|
};
|
|
8292
|
+
var UPDATE_EDGE = {
|
|
8293
|
+
name: "update_edge",
|
|
8294
|
+
description: "Amend metadata on an existing graph edge. Like `git commit --amend` \u2014 changes the edge annotation without recreating the relationship.",
|
|
8295
|
+
parameters: {
|
|
8296
|
+
edgeId: { type: "string", description: "Edge ID or global ID to update" },
|
|
8297
|
+
weight: { type: "number", description: "Updated edge weight" },
|
|
8298
|
+
confidence: { type: "number", description: "Updated confidence" },
|
|
8299
|
+
context: { type: "string", description: "Updated human-readable context" },
|
|
8300
|
+
derivationType: { type: "string", description: "Updated derivation type" },
|
|
8301
|
+
metadata: { type: "object", description: "Updated metadata" }
|
|
8302
|
+
},
|
|
8303
|
+
required: ["edgeId"],
|
|
8304
|
+
response: {
|
|
8305
|
+
description: "Edge update result",
|
|
8306
|
+
fields: { success: "boolean" }
|
|
8307
|
+
},
|
|
8308
|
+
ownerModule: "graph-primitives",
|
|
8309
|
+
ontologyPrimitive: "edge",
|
|
8310
|
+
tier: "workhorse"
|
|
8311
|
+
};
|
|
8312
|
+
var REMOVE_EDGE = {
|
|
8313
|
+
name: "remove_edge",
|
|
8314
|
+
description: "Remove one graph edge by ID. Like `git rm` \u2014 deletes a single explicit relationship from the spine.",
|
|
8315
|
+
parameters: {
|
|
8316
|
+
edgeId: { type: "string", description: "Edge ID or global ID to remove" }
|
|
8317
|
+
},
|
|
8318
|
+
required: ["edgeId"],
|
|
8319
|
+
response: {
|
|
8320
|
+
description: "Edge removal result",
|
|
8321
|
+
fields: { success: "boolean" }
|
|
8322
|
+
},
|
|
8323
|
+
ownerModule: "graph-primitives",
|
|
8324
|
+
ontologyPrimitive: "edge",
|
|
8325
|
+
tier: "workhorse"
|
|
8326
|
+
};
|
|
8327
|
+
var REMOVE_EDGES_BETWEEN = {
|
|
8328
|
+
name: "remove_edges_between",
|
|
8329
|
+
description: "Remove graph edges between two nodes. Like `git rm <pathspec>` \u2014 deletes relationships matching a source, target, and optional type.",
|
|
8330
|
+
parameters: {
|
|
8331
|
+
fromNodeId: { type: "string", description: "Source node ID or global ID" },
|
|
8332
|
+
toNodeId: { type: "string", description: "Target node ID or global ID" },
|
|
8333
|
+
edgeType: { type: "string", description: "Optional edge type filter" }
|
|
8334
|
+
},
|
|
8335
|
+
required: ["fromNodeId", "toNodeId"],
|
|
8336
|
+
response: {
|
|
8337
|
+
description: "Matched edge removal result",
|
|
8338
|
+
fields: { deleted: "number" }
|
|
8339
|
+
},
|
|
8340
|
+
ownerModule: "graph-primitives",
|
|
8341
|
+
ontologyPrimitive: "edge",
|
|
8342
|
+
tier: "workhorse"
|
|
8343
|
+
};
|
|
8344
|
+
var BATCH_CREATE_EDGES = {
|
|
8345
|
+
name: "batch_create_edges",
|
|
8346
|
+
description: "Commit multiple typed graph edges. Like `git commit` with many staged paths \u2014 writes a batch of explicit relationships atomically per edge.",
|
|
8347
|
+
parameters: {
|
|
8348
|
+
edges: {
|
|
8349
|
+
type: "array",
|
|
8350
|
+
description: "Edges to create, each with from, to, edgeType, and optional weight/confidence/context."
|
|
8351
|
+
},
|
|
8352
|
+
skipLayerValidation: {
|
|
8353
|
+
type: "boolean",
|
|
8354
|
+
description: "Skip kernel layer validation for trusted materialization flows."
|
|
8355
|
+
}
|
|
8356
|
+
},
|
|
8357
|
+
required: ["edges"],
|
|
8358
|
+
response: {
|
|
8359
|
+
description: "Batch edge creation result",
|
|
8360
|
+
fields: {
|
|
8361
|
+
created: "number",
|
|
8362
|
+
results: "array",
|
|
8363
|
+
errors: "array"
|
|
8364
|
+
}
|
|
8365
|
+
},
|
|
8366
|
+
ownerModule: "graph-primitives",
|
|
8367
|
+
ontologyPrimitive: "edge",
|
|
8368
|
+
tier: "workhorse"
|
|
8369
|
+
};
|
|
8370
|
+
var CREATE_EPISTEMIC_NODE = {
|
|
8371
|
+
name: "create_epistemic_node",
|
|
8372
|
+
description: "Commit a generic epistemic graph node. Like `git commit` \u2014 creates a canonical node in the public spine for topics, beliefs, evidence, questions, answers, sources, and entities.",
|
|
8373
|
+
parameters: {
|
|
8374
|
+
globalId: { type: "string", description: "Optional idempotent node global ID" },
|
|
8375
|
+
nodeType: { type: "string", description: "Public epistemic node type" },
|
|
8376
|
+
canonicalText: { type: "string", description: "Canonical node text" },
|
|
8377
|
+
text: { type: "string", description: "Alias for canonicalText" },
|
|
8378
|
+
contentHash: { type: "string", description: "Optional idempotency content hash" },
|
|
8379
|
+
sourceType: { type: "string", description: "Source type for provenance" },
|
|
8380
|
+
topicId: { type: "string", description: "Optional topic scope" },
|
|
8381
|
+
content: { type: "string", description: "Extended content" },
|
|
8382
|
+
title: { type: "string", description: "Display title" },
|
|
8383
|
+
metadata: { type: "object", description: "Optional node metadata" }
|
|
8384
|
+
},
|
|
8385
|
+
required: ["nodeType"],
|
|
8386
|
+
response: {
|
|
8387
|
+
description: "Created node result",
|
|
8388
|
+
fields: {
|
|
8389
|
+
nodeId: "string",
|
|
8390
|
+
nodeGlobalId: "string",
|
|
8391
|
+
isDuplicate: "boolean"
|
|
8392
|
+
}
|
|
8393
|
+
},
|
|
8394
|
+
ownerModule: "reasoning-kernel",
|
|
8395
|
+
ontologyPrimitive: "graph",
|
|
8396
|
+
tier: "showcase"
|
|
8397
|
+
};
|
|
8398
|
+
var GET_EPISTEMIC_NODE = {
|
|
8399
|
+
name: "get_epistemic_node",
|
|
8400
|
+
description: "Read one epistemic graph node. Like `git show` \u2014 resolves a canonical spine node by ID or global ID.",
|
|
8401
|
+
parameters: {
|
|
8402
|
+
nodeId: { type: "string", description: "Node ID or global ID" }
|
|
8403
|
+
},
|
|
8404
|
+
required: ["nodeId"],
|
|
8405
|
+
response: {
|
|
8406
|
+
description: "The resolved node",
|
|
8407
|
+
fields: { node: "object" }
|
|
8408
|
+
},
|
|
8409
|
+
ownerModule: "reasoning-kernel",
|
|
8410
|
+
ontologyPrimitive: "graph",
|
|
8411
|
+
tier: "workhorse"
|
|
8412
|
+
};
|
|
8413
|
+
var LIST_EPISTEMIC_NODES = {
|
|
8414
|
+
name: "list_epistemic_nodes",
|
|
8415
|
+
description: "List epistemic graph nodes. Like `git ls-tree` \u2014 lists canonical spine nodes by topic, type, status, or search query.",
|
|
8416
|
+
parameters: {
|
|
8417
|
+
topicId: { type: "string", description: "Optional topic scope" },
|
|
8418
|
+
nodeType: { type: "string", description: "Optional node type filter" },
|
|
8419
|
+
status: { type: "string", description: "Optional lifecycle status" },
|
|
8420
|
+
searchQuery: { type: "string", description: "Optional text search query" },
|
|
8421
|
+
limit: { type: "number", description: "Maximum nodes to return" }
|
|
8422
|
+
},
|
|
8423
|
+
required: [],
|
|
8424
|
+
response: {
|
|
8425
|
+
description: "Matching nodes",
|
|
8426
|
+
fields: { nodes: "array" }
|
|
8427
|
+
},
|
|
8428
|
+
ownerModule: "reasoning-kernel",
|
|
8429
|
+
ontologyPrimitive: "graph",
|
|
8430
|
+
tier: "workhorse"
|
|
8431
|
+
};
|
|
8432
|
+
var UPDATE_EPISTEMIC_NODE = {
|
|
8433
|
+
name: "update_epistemic_node",
|
|
8434
|
+
description: "Amend an epistemic graph node. Like `git commit --amend` \u2014 updates mutable node metadata, text, status, or verification fields.",
|
|
8435
|
+
parameters: {
|
|
8436
|
+
nodeId: { type: "string", description: "Node ID or global ID" },
|
|
8437
|
+
canonicalText: { type: "string", description: "Updated canonical text" },
|
|
8438
|
+
text: { type: "string", description: "Alias for canonicalText" },
|
|
8439
|
+
contentHash: { type: "string", description: "Updated content hash" },
|
|
8440
|
+
content: { type: "string", description: "Updated content" },
|
|
8441
|
+
title: { type: "string", description: "Updated display title" },
|
|
8442
|
+
metadata: { type: "object", description: "Updated metadata" },
|
|
8443
|
+
confidence: { type: "number", description: "Updated confidence" },
|
|
8444
|
+
verificationStatus: { type: "string", description: "Updated verification status" },
|
|
8445
|
+
status: { type: "string", description: "Updated lifecycle status" }
|
|
8446
|
+
},
|
|
8447
|
+
required: ["nodeId"],
|
|
8448
|
+
response: {
|
|
8449
|
+
description: "Node update result",
|
|
8450
|
+
fields: { success: "boolean" }
|
|
8451
|
+
},
|
|
8452
|
+
ownerModule: "reasoning-kernel",
|
|
8453
|
+
ontologyPrimitive: "graph",
|
|
8454
|
+
tier: "workhorse"
|
|
8455
|
+
};
|
|
8456
|
+
var ARCHIVE_EPISTEMIC_NODE = {
|
|
8457
|
+
name: "archive_epistemic_node",
|
|
8458
|
+
description: "Archive an epistemic graph node. Like `git rm --cached` \u2014 removes a node from active traversal without hard-deleting it.",
|
|
8459
|
+
parameters: {
|
|
8460
|
+
nodeId: { type: "string", description: "Node ID or global ID" }
|
|
8461
|
+
},
|
|
8462
|
+
required: ["nodeId"],
|
|
8463
|
+
response: {
|
|
8464
|
+
description: "Archive result",
|
|
8465
|
+
fields: { success: "boolean", effectiveStatus: "string" }
|
|
8466
|
+
},
|
|
8467
|
+
ownerModule: "reasoning-kernel",
|
|
8468
|
+
ontologyPrimitive: "graph",
|
|
8469
|
+
tier: "workhorse"
|
|
8470
|
+
};
|
|
8471
|
+
var VERIFY_EPISTEMIC_NODE = {
|
|
8472
|
+
name: "verify_epistemic_node",
|
|
8473
|
+
description: "Record verification state on an epistemic graph node. Like `git tag` \u2014 marks the node with a reviewed verification state.",
|
|
8474
|
+
parameters: {
|
|
8475
|
+
nodeId: { type: "string", description: "Node ID or global ID" },
|
|
8476
|
+
verificationStatus: { type: "string", description: "Verification status" },
|
|
8477
|
+
confidence: { type: "number", description: "Optional confidence update" }
|
|
8478
|
+
},
|
|
8479
|
+
required: ["nodeId", "verificationStatus"],
|
|
8480
|
+
response: {
|
|
8481
|
+
description: "Verification result",
|
|
8482
|
+
fields: { success: "boolean" }
|
|
8483
|
+
},
|
|
8484
|
+
ownerModule: "reasoning-kernel",
|
|
8485
|
+
ontologyPrimitive: "graph",
|
|
8486
|
+
tier: "workhorse"
|
|
8487
|
+
};
|
|
8488
|
+
var SUPERSEDE_EPISTEMIC_NODE = {
|
|
8489
|
+
name: "supersede_epistemic_node",
|
|
8490
|
+
description: "Supersede an epistemic graph node with a new version. Like `git commit --amend` on an immutable history branch \u2014 creates the replacement and marks the old node superseded.",
|
|
8491
|
+
parameters: {
|
|
8492
|
+
oldNodeId: { type: "string", description: "Node ID or global ID to supersede" },
|
|
8493
|
+
newGlobalId: { type: "string", description: "Optional replacement global ID" },
|
|
8494
|
+
newCanonicalText: { type: "string", description: "Replacement canonical text" },
|
|
8495
|
+
text: { type: "string", description: "Alias for newCanonicalText" },
|
|
8496
|
+
newContentHash: { type: "string", description: "Optional replacement content hash" },
|
|
8497
|
+
reason: { type: "string", description: "Reason for superseding" }
|
|
8498
|
+
},
|
|
8499
|
+
required: ["oldNodeId"],
|
|
8500
|
+
response: {
|
|
8501
|
+
description: "Supersede result",
|
|
8502
|
+
fields: { oldNodeId: "string", newNodeId: "string" }
|
|
8503
|
+
},
|
|
8504
|
+
ownerModule: "reasoning-kernel",
|
|
8505
|
+
ontologyPrimitive: "graph",
|
|
8506
|
+
tier: "workhorse"
|
|
8507
|
+
};
|
|
8508
|
+
var BATCH_CREATE_EPISTEMIC_NODES = {
|
|
8509
|
+
name: "batch_create_epistemic_nodes",
|
|
8510
|
+
description: "Commit multiple epistemic graph nodes. Like `git commit` with many staged files \u2014 writes a batch of canonical spine nodes.",
|
|
8511
|
+
parameters: {
|
|
8512
|
+
nodes: {
|
|
8513
|
+
type: "array",
|
|
8514
|
+
description: "Nodes to create with nodeType, canonicalText/text, and optional metadata."
|
|
8515
|
+
}
|
|
8516
|
+
},
|
|
8517
|
+
required: ["nodes"],
|
|
8518
|
+
response: {
|
|
8519
|
+
description: "Batch node creation result",
|
|
8520
|
+
fields: { created: "number", results: "array" }
|
|
8521
|
+
},
|
|
8522
|
+
ownerModule: "reasoning-kernel",
|
|
8523
|
+
ontologyPrimitive: "graph",
|
|
8524
|
+
tier: "workhorse"
|
|
8525
|
+
};
|
|
6431
8526
|
var RECORD_JUDGMENT = {
|
|
6432
8527
|
name: "record_judgment",
|
|
6433
8528
|
description: "Record a judgment \u2014 an irreversible commitment based on the current epistemic state. Like a `git tag` marking a release. A judgment synthesizes beliefs, evidence, and uncertainties into a determination. Once issued, a judgment is evaluated against the epistemic state that existed when it was made (knowledge horizon evaluation, Invariant #10).",
|
|
@@ -7627,8 +9722,8 @@ var IDENTITY_WHOAMI = {
|
|
|
7627
9722
|
response: {
|
|
7628
9723
|
description: "Canonical identity summary for the current session",
|
|
7629
9724
|
fields: {
|
|
7630
|
-
principalId: "string \u2014 canonical
|
|
7631
|
-
principalType: "string \u2014 human, service, or
|
|
9725
|
+
principalId: "string \u2014 canonical principal identifier; for humans this is the Clerk user_... ID",
|
|
9726
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
7632
9727
|
tenantId: "string | undefined \u2014 resolved tenant scope",
|
|
7633
9728
|
workspaceId: "string | undefined \u2014 resolved workspace scope",
|
|
7634
9729
|
scopes: "string[] | undefined \u2014 granted scopes for this session",
|
|
@@ -7639,6 +9734,49 @@ var IDENTITY_WHOAMI = {
|
|
|
7639
9734
|
ontologyPrimitive: "identity",
|
|
7640
9735
|
tier: "workhorse"
|
|
7641
9736
|
};
|
|
9737
|
+
var RESOLVE_INTERACTIVE_PRINCIPAL = {
|
|
9738
|
+
name: "resolve_interactive_principal",
|
|
9739
|
+
description: "Read the Permit-backed Lucern principal context for an authenticated Clerk user. Like `git config --get user.email` plus the repository ACL \u2014 resolves the Clerk subject into tenant/workspace authorization context.",
|
|
9740
|
+
parameters: {
|
|
9741
|
+
clerkId: {
|
|
9742
|
+
type: "string",
|
|
9743
|
+
description: "Authenticated Clerk subject (`sub`). Clerk proves identity only; it is not the authorization record."
|
|
9744
|
+
},
|
|
9745
|
+
tenantId: {
|
|
9746
|
+
type: "string",
|
|
9747
|
+
description: "Optional tenant scope. Omit only when the Clerk alias is globally unambiguous."
|
|
9748
|
+
},
|
|
9749
|
+
workspaceId: {
|
|
9750
|
+
type: "string",
|
|
9751
|
+
description: "Optional workspace scope. Required when the principal has access to multiple workspaces and no default can be inferred."
|
|
9752
|
+
},
|
|
9753
|
+
providerProjectId: {
|
|
9754
|
+
type: "string",
|
|
9755
|
+
description: "Optional Clerk project or provider instance id for tenants with multiple identity providers."
|
|
9756
|
+
}
|
|
9757
|
+
},
|
|
9758
|
+
required: ["clerkId"],
|
|
9759
|
+
response: {
|
|
9760
|
+
description: "Permit-backed Lucern principal context for tenant SDK bootstrap",
|
|
9761
|
+
fields: {
|
|
9762
|
+
principalId: "string \u2014 canonical Clerk user_... ID for human sessions",
|
|
9763
|
+
principalType: "string \u2014 human, service, agent, group, or external_viewer",
|
|
9764
|
+
clerkId: "string \u2014 authenticated Clerk subject alias",
|
|
9765
|
+
tenantId: "string \u2014 resolved tenant scope",
|
|
9766
|
+
workspaceId: "string | null \u2014 resolved workspace scope",
|
|
9767
|
+
roles: "string[] \u2014 effective Permit roles",
|
|
9768
|
+
scopes: "string[] \u2014 effective scopes derived from Permit/control-plane projection",
|
|
9769
|
+
groupIds: "string[] \u2014 active Permit group memberships",
|
|
9770
|
+
principalStatus: "string \u2014 active, invited, suspended, disabled, revoked, or missing",
|
|
9771
|
+
tenantStatus: "string \u2014 projected tenant resource status",
|
|
9772
|
+
workspaceStatus: "string \u2014 projected workspace resource status",
|
|
9773
|
+
permit: "object \u2014 Permit subject, tenant, and optional workspace tuple"
|
|
9774
|
+
}
|
|
9775
|
+
},
|
|
9776
|
+
ownerModule: "control-plane",
|
|
9777
|
+
ontologyPrimitive: "identity",
|
|
9778
|
+
tier: "workhorse"
|
|
9779
|
+
};
|
|
7642
9780
|
var COMPILE_CONTEXT = {
|
|
7643
9781
|
name: "compile_context",
|
|
7644
9782
|
description: "Compile a focused reasoning context. If topicId is omitted, Lucern resolves the best topic from the query. Like `git log --graph --decorate` for the reasoning substrate \u2014 returns the canonical Pillar 3 context pack through the public API shape.",
|
|
@@ -7900,6 +10038,10 @@ var CREATE_TASK = {
|
|
|
7900
10038
|
tags: {
|
|
7901
10039
|
type: "array",
|
|
7902
10040
|
description: "Free-form string tags"
|
|
10041
|
+
},
|
|
10042
|
+
metadata: {
|
|
10043
|
+
type: "object",
|
|
10044
|
+
description: "Structured task metadata for handoff context and routing hints"
|
|
7903
10045
|
}
|
|
7904
10046
|
},
|
|
7905
10047
|
required: ["title"],
|
|
@@ -7973,6 +10115,10 @@ var UPDATE_TASK = {
|
|
|
7973
10115
|
type: "string",
|
|
7974
10116
|
description: "Updated status",
|
|
7975
10117
|
enum: ["todo", "in_progress", "blocked", "done"]
|
|
10118
|
+
},
|
|
10119
|
+
metadata: {
|
|
10120
|
+
type: "object",
|
|
10121
|
+
description: "Structured task metadata to replace or refine"
|
|
7976
10122
|
}
|
|
7977
10123
|
},
|
|
7978
10124
|
required: ["taskId"],
|
|
@@ -8020,6 +10166,10 @@ var CREATE_TOPIC = {
|
|
|
8020
10166
|
name: "create_topic",
|
|
8021
10167
|
description: "Create a new topic container for scoping knowledge. Like `git init` \u2014 initializes a new repository for a knowledge domain. Topics are hierarchical: a deal topic can nest under a theme topic. Types: domain, theme, deal, strategy, constitution, project, portfolio.",
|
|
8022
10168
|
parameters: {
|
|
10169
|
+
globalId: {
|
|
10170
|
+
type: "string",
|
|
10171
|
+
description: "Optional idempotent topic global ID"
|
|
10172
|
+
},
|
|
8023
10173
|
name: { type: "string", description: "Topic name" },
|
|
8024
10174
|
type: {
|
|
8025
10175
|
type: "string",
|
|
@@ -8030,6 +10180,18 @@ var CREATE_TOPIC = {
|
|
|
8030
10180
|
type: "string",
|
|
8031
10181
|
description: "Optional parent topic for nesting"
|
|
8032
10182
|
},
|
|
10183
|
+
parentTopicGlobalId: {
|
|
10184
|
+
type: "string",
|
|
10185
|
+
description: "Optional parent topic global ID for nesting"
|
|
10186
|
+
},
|
|
10187
|
+
tenantId: { type: "string", description: "Optional tenant scope" },
|
|
10188
|
+
workspaceId: { type: "string", description: "Optional workspace scope" },
|
|
10189
|
+
visibility: {
|
|
10190
|
+
type: "string",
|
|
10191
|
+
description: "Topic visibility",
|
|
10192
|
+
enum: ["private", "team", "firm", "external", "public"]
|
|
10193
|
+
},
|
|
10194
|
+
metadata: { type: "object", description: "Optional topic metadata" },
|
|
8033
10195
|
createdBy: { type: "string", description: "Who created this topic" }
|
|
8034
10196
|
},
|
|
8035
10197
|
required: ["name", "type"],
|
|
@@ -8038,6 +10200,9 @@ var CREATE_TOPIC = {
|
|
|
8038
10200
|
fields: {
|
|
8039
10201
|
id: "string \u2014 topic ID",
|
|
8040
10202
|
globalId: "string \u2014 globally unique ID",
|
|
10203
|
+
topicGlobalId: "string \u2014 topic global ID",
|
|
10204
|
+
epistemicNodeId: "string \u2014 materialized topic node ID",
|
|
10205
|
+
epistemicNodeGlobalId: "string \u2014 materialized topic node global ID",
|
|
8041
10206
|
depth: "number \u2014 nesting depth"
|
|
8042
10207
|
}
|
|
8043
10208
|
},
|
|
@@ -8159,10 +10324,69 @@ var GET_TOPIC_TREE = {
|
|
|
8159
10324
|
description: "Maximum depth to traverse (default: 5)"
|
|
8160
10325
|
}
|
|
8161
10326
|
},
|
|
8162
|
-
required: ["rootId"],
|
|
10327
|
+
required: ["rootId"],
|
|
10328
|
+
response: {
|
|
10329
|
+
description: "Tree of topics with nesting",
|
|
10330
|
+
fields: { tree: "array \u2014 topics in BFS order with depth and path" }
|
|
10331
|
+
},
|
|
10332
|
+
ownerModule: "reasoning-kernel",
|
|
10333
|
+
ontologyPrimitive: "graph",
|
|
10334
|
+
tier: "workhorse"
|
|
10335
|
+
};
|
|
10336
|
+
var MATERIALIZE_TOPIC_GRAPH = {
|
|
10337
|
+
name: "materialize_topic_graph",
|
|
10338
|
+
description: "Backfill the topic graph spine. Like `git fsck --connectivity-only` with repair enabled \u2014 creates missing topic nodes and parent-child edges idempotently.",
|
|
10339
|
+
parameters: {
|
|
10340
|
+
rootTopicId: {
|
|
10341
|
+
type: "string",
|
|
10342
|
+
description: "Optional root topic for a bounded materialization pass"
|
|
10343
|
+
},
|
|
10344
|
+
dryRun: {
|
|
10345
|
+
type: "boolean",
|
|
10346
|
+
description: "When true, report missing rows without writing them"
|
|
10347
|
+
}
|
|
10348
|
+
},
|
|
10349
|
+
required: [],
|
|
10350
|
+
response: {
|
|
10351
|
+
description: "Topic graph materialization counts",
|
|
10352
|
+
fields: {
|
|
10353
|
+
topicsSeen: "number",
|
|
10354
|
+
nodesCreated: "number",
|
|
10355
|
+
nodesExisting: "number",
|
|
10356
|
+
edgesCreated: "number",
|
|
10357
|
+
edgesExisting: "number",
|
|
10358
|
+
errors: "array"
|
|
10359
|
+
}
|
|
10360
|
+
},
|
|
10361
|
+
ownerModule: "reasoning-kernel",
|
|
10362
|
+
ontologyPrimitive: "graph",
|
|
10363
|
+
tier: "workhorse"
|
|
10364
|
+
};
|
|
10365
|
+
var GET_TOPIC_GRAPH_SPINE = {
|
|
10366
|
+
name: "get_topic_graph_spine",
|
|
10367
|
+
description: "Verify the topic graph spine. Like `git fsck` \u2014 reads topics, materialized topic nodes, parent-child edges, and missing spine rows.",
|
|
10368
|
+
parameters: {
|
|
10369
|
+
rootTopicId: {
|
|
10370
|
+
type: "string",
|
|
10371
|
+
description: "Optional root topic for a bounded verifier pass"
|
|
10372
|
+
},
|
|
10373
|
+
includeTopicBeliefEdges: {
|
|
10374
|
+
type: "boolean",
|
|
10375
|
+
description: "Include topic -> belief edges in the verifier payload"
|
|
10376
|
+
}
|
|
10377
|
+
},
|
|
10378
|
+
required: [],
|
|
8163
10379
|
response: {
|
|
8164
|
-
description: "
|
|
8165
|
-
fields: {
|
|
10380
|
+
description: "Topic graph spine verification payload",
|
|
10381
|
+
fields: {
|
|
10382
|
+
ok: "boolean",
|
|
10383
|
+
counts: "object",
|
|
10384
|
+
topics: "array",
|
|
10385
|
+
topicNodes: "array",
|
|
10386
|
+
parentEdges: "array",
|
|
10387
|
+
missingTopicNodes: "array",
|
|
10388
|
+
missingParentEdges: "array"
|
|
10389
|
+
}
|
|
8166
10390
|
},
|
|
8167
10391
|
ownerModule: "reasoning-kernel",
|
|
8168
10392
|
ontologyPrimitive: "graph",
|
|
@@ -8363,7 +10587,7 @@ var MANAGE_WRITE_POLICY = {
|
|
|
8363
10587
|
},
|
|
8364
10588
|
role: {
|
|
8365
10589
|
type: "string",
|
|
8366
|
-
description: "Role to set policy for (required for 'set'). E.g. 'agent:internal'
|
|
10590
|
+
description: "Role to set policy for (required for 'set'). E.g. 'agent:internal' or a Permit role key such as 'workspace_admin'."
|
|
8367
10591
|
},
|
|
8368
10592
|
permission: {
|
|
8369
10593
|
type: "string",
|
|
@@ -9350,6 +11574,9 @@ var BEGIN_BUILD_SESSION = {
|
|
|
9350
11574
|
sessionMode: "string \u2014 async | interactive",
|
|
9351
11575
|
targetBeliefIds: "array \u2014 scoped belief IDs",
|
|
9352
11576
|
targetQuestionIds: "array \u2014 scoped question IDs",
|
|
11577
|
+
taskIds: "array \u2014 assigned task IDs for this worktree",
|
|
11578
|
+
incompleteTaskIds: "array \u2014 assigned task IDs that still require done/deferred/blocked proof",
|
|
11579
|
+
tasks: "array \u2014 assigned task packet with id, title, status, priority, links, and summaries",
|
|
9353
11580
|
topBeliefs: "array \u2014 highest-confidence scoped beliefs",
|
|
9354
11581
|
openQuestions: "array \u2014 open scoped questions",
|
|
9355
11582
|
resolvedDecisions: "array \u2014 answered questions summarized for the session",
|
|
@@ -9405,6 +11632,19 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9405
11632
|
bisect_confidence: BISECT_CONFIDENCE,
|
|
9406
11633
|
// Edges (commit)
|
|
9407
11634
|
create_edge: CREATE_EDGE,
|
|
11635
|
+
update_edge: UPDATE_EDGE,
|
|
11636
|
+
remove_edge: REMOVE_EDGE,
|
|
11637
|
+
remove_edges_between: REMOVE_EDGES_BETWEEN,
|
|
11638
|
+
batch_create_edges: BATCH_CREATE_EDGES,
|
|
11639
|
+
// Epistemic node spine (commit/amend/show)
|
|
11640
|
+
create_epistemic_node: CREATE_EPISTEMIC_NODE,
|
|
11641
|
+
get_epistemic_node: GET_EPISTEMIC_NODE,
|
|
11642
|
+
list_epistemic_nodes: LIST_EPISTEMIC_NODES,
|
|
11643
|
+
update_epistemic_node: UPDATE_EPISTEMIC_NODE,
|
|
11644
|
+
archive_epistemic_node: ARCHIVE_EPISTEMIC_NODE,
|
|
11645
|
+
verify_epistemic_node: VERIFY_EPISTEMIC_NODE,
|
|
11646
|
+
supersede_epistemic_node: SUPERSEDE_EPISTEMIC_NODE,
|
|
11647
|
+
batch_create_epistemic_nodes: BATCH_CREATE_EPISTEMIC_NODES,
|
|
9408
11648
|
// Judgments (tag)
|
|
9409
11649
|
record_judgment: RECORD_JUDGMENT,
|
|
9410
11650
|
// Graph intelligence (showcase)
|
|
@@ -9439,6 +11679,7 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9439
11679
|
update_worktree_targets: UPDATE_WORKTREE_TARGETS,
|
|
9440
11680
|
update_worktree_metadata: UPDATE_WORKTREE_METADATA,
|
|
9441
11681
|
identity_whoami: IDENTITY_WHOAMI,
|
|
11682
|
+
resolve_interactive_principal: RESOLVE_INTERACTIVE_PRINCIPAL,
|
|
9442
11683
|
compile_context: COMPILE_CONTEXT,
|
|
9443
11684
|
record_scope_learning: RECORD_SCOPE_LEARNING,
|
|
9444
11685
|
pipeline_snapshot: PIPELINE_SNAPSHOT,
|
|
@@ -9478,6 +11719,8 @@ var MCP_TOOL_CONTRACTS = {
|
|
|
9478
11719
|
get_topic: GET_TOPIC,
|
|
9479
11720
|
update_topic: UPDATE_TOPIC,
|
|
9480
11721
|
get_topic_tree: GET_TOPIC_TREE,
|
|
11722
|
+
materialize_topic_graph: MATERIALIZE_TOPIC_GRAPH,
|
|
11723
|
+
get_topic_graph_spine: GET_TOPIC_GRAPH_SPINE,
|
|
9481
11724
|
// Coding intelligence (code-grounded knowledge)
|
|
9482
11725
|
get_code_context: GET_CODE_CONTEXT,
|
|
9483
11726
|
get_change_history: GET_CHANGE_HISTORY,
|
|
@@ -9554,6 +11797,7 @@ function entries(names, surfaceClass, surfaceIntent, surfaces, rationale) {
|
|
|
9554
11797
|
var MCP_CORE_OPERATION_NAMES = [
|
|
9555
11798
|
"compile_context",
|
|
9556
11799
|
"identity_whoami",
|
|
11800
|
+
"resolve_interactive_principal",
|
|
9557
11801
|
"check_permission",
|
|
9558
11802
|
"filter_by_permission",
|
|
9559
11803
|
"create_belief",
|
|
@@ -9582,14 +11826,28 @@ var MCP_CORE_OPERATION_NAMES = [
|
|
|
9582
11826
|
"find_missing_questions",
|
|
9583
11827
|
"get_high_priority_questions",
|
|
9584
11828
|
"get_falsification_questions",
|
|
11829
|
+
"create_epistemic_node",
|
|
11830
|
+
"get_epistemic_node",
|
|
11831
|
+
"list_epistemic_nodes",
|
|
11832
|
+
"update_epistemic_node",
|
|
11833
|
+
"archive_epistemic_node",
|
|
11834
|
+
"verify_epistemic_node",
|
|
11835
|
+
"supersede_epistemic_node",
|
|
11836
|
+
"batch_create_epistemic_nodes",
|
|
9585
11837
|
"create_topic",
|
|
9586
11838
|
"get_topic",
|
|
9587
11839
|
"list_topics",
|
|
9588
11840
|
"update_topic",
|
|
9589
|
-
"get_topic_tree"
|
|
11841
|
+
"get_topic_tree",
|
|
11842
|
+
"materialize_topic_graph",
|
|
11843
|
+
"get_topic_graph_spine"
|
|
9590
11844
|
];
|
|
9591
11845
|
var MCP_ANALYSIS_PLATFORM_OPERATION_NAMES = [
|
|
9592
11846
|
"create_edge",
|
|
11847
|
+
"update_edge",
|
|
11848
|
+
"remove_edge",
|
|
11849
|
+
"remove_edges_between",
|
|
11850
|
+
"batch_create_edges",
|
|
9593
11851
|
"query_lineage",
|
|
9594
11852
|
"traverse_graph",
|
|
9595
11853
|
"get_graph_neighborhood",
|
|
@@ -9921,12 +12179,20 @@ function unwrapMcpParameterSchema(schema) {
|
|
|
9921
12179
|
current = current._def.schema;
|
|
9922
12180
|
continue;
|
|
9923
12181
|
default:
|
|
9924
|
-
return {
|
|
12182
|
+
return {
|
|
12183
|
+
schema: current,
|
|
12184
|
+
required,
|
|
12185
|
+
description: description ?? current.description
|
|
12186
|
+
};
|
|
9925
12187
|
}
|
|
9926
12188
|
}
|
|
9927
12189
|
}
|
|
9928
12190
|
function mcpParameterFromZod(fieldName, schema, contractName) {
|
|
9929
|
-
const {
|
|
12191
|
+
const {
|
|
12192
|
+
schema: unwrapped,
|
|
12193
|
+
required,
|
|
12194
|
+
description: schemaDescription
|
|
12195
|
+
} = unwrapMcpParameterSchema(schema);
|
|
9930
12196
|
const description = schemaDescription ?? unwrapped.description ?? fieldName;
|
|
9931
12197
|
switch (unwrapped._def.typeName) {
|
|
9932
12198
|
case z.ZodFirstPartyTypeKind.ZodString:
|
|
@@ -9971,10 +12237,12 @@ function mcpContractFromArgsSchema(base, args, contractName) {
|
|
|
9971
12237
|
const entries2 = Object.entries(getObjectShape(args)).sort(
|
|
9972
12238
|
([left], [right]) => left.localeCompare(right)
|
|
9973
12239
|
);
|
|
9974
|
-
const converted = entries2.map(
|
|
9975
|
-
fieldName,
|
|
9976
|
-
|
|
9977
|
-
|
|
12240
|
+
const converted = entries2.map(
|
|
12241
|
+
([fieldName, schema]) => [
|
|
12242
|
+
fieldName,
|
|
12243
|
+
mcpParameterFromZod(fieldName, schema, contractName)
|
|
12244
|
+
]
|
|
12245
|
+
);
|
|
9978
12246
|
return {
|
|
9979
12247
|
...base,
|
|
9980
12248
|
parameters: Object.fromEntries(
|
|
@@ -10083,9 +12351,16 @@ function surfaceContract(args) {
|
|
|
10083
12351
|
scopes: args.scopes ?? [
|
|
10084
12352
|
args.kind === "query" ? `${args.domain}.read` : `${args.domain}.write`
|
|
10085
12353
|
],
|
|
10086
|
-
allowedPrincipalTypes: [
|
|
12354
|
+
allowedPrincipalTypes: [
|
|
12355
|
+
"user",
|
|
12356
|
+
"service",
|
|
12357
|
+
"agent",
|
|
12358
|
+
"group",
|
|
12359
|
+
"external_viewer"
|
|
12360
|
+
]
|
|
10087
12361
|
},
|
|
10088
12362
|
convex: args.convex,
|
|
12363
|
+
gateway: args.gateway,
|
|
10089
12364
|
args: canonicalArgs,
|
|
10090
12365
|
returns: canonicalReturns,
|
|
10091
12366
|
input,
|
|
@@ -10224,8 +12499,6 @@ var contextContracts = [
|
|
|
10224
12499
|
args: observationContextArgs
|
|
10225
12500
|
})
|
|
10226
12501
|
];
|
|
10227
|
-
|
|
10228
|
-
// ../contracts/src/function-registry/identity.ts
|
|
10229
12502
|
var withPrincipal = (input, context) => ({
|
|
10230
12503
|
...input,
|
|
10231
12504
|
tenantId: input.tenantId ?? context.tenantId,
|
|
@@ -10244,11 +12517,30 @@ var identityContracts = [
|
|
|
10244
12517
|
sdkNamespace: "identity",
|
|
10245
12518
|
sdkMethod: "whoami",
|
|
10246
12519
|
summary: "Describe the current gateway principal.",
|
|
12520
|
+
gateway: {
|
|
12521
|
+
handler: "identity.whoami"
|
|
12522
|
+
}
|
|
12523
|
+
}),
|
|
12524
|
+
surfaceContract({
|
|
12525
|
+
name: "resolve_interactive_principal",
|
|
12526
|
+
kind: "query",
|
|
12527
|
+
domain: "controlPlane",
|
|
12528
|
+
surfaceClass: "platform_public",
|
|
12529
|
+
method: "POST",
|
|
12530
|
+
path: "/control-plane/identity/resolve-interactive-principal",
|
|
12531
|
+
sdkNamespace: "controlPlane.identity",
|
|
12532
|
+
sdkMethod: "resolveInteractivePrincipal",
|
|
12533
|
+
summary: "Resolve an authenticated Clerk user into a Permit-backed Lucern principal context.",
|
|
12534
|
+
args: z.object({
|
|
12535
|
+
clerkId: z.string().min(1),
|
|
12536
|
+
tenantId: z.string().min(1).optional(),
|
|
12537
|
+
workspaceId: z.string().min(1).optional(),
|
|
12538
|
+
providerProjectId: z.string().min(1).optional()
|
|
12539
|
+
}),
|
|
10247
12540
|
convex: {
|
|
10248
|
-
module: "
|
|
10249
|
-
functionName: "
|
|
10250
|
-
kind: "query"
|
|
10251
|
-
inputProjection: withPrincipal
|
|
12541
|
+
module: "platform",
|
|
12542
|
+
functionName: "resolveInteractivePrincipal",
|
|
12543
|
+
kind: "query"
|
|
10252
12544
|
}
|
|
10253
12545
|
}),
|
|
10254
12546
|
surfaceContract({
|
|
@@ -10330,15 +12622,6 @@ var beliefLookupInput = (input) => compactRecord4({
|
|
|
10330
12622
|
var beliefNodeInput = (input) => compactRecord4({
|
|
10331
12623
|
nodeId: input.nodeId ?? input.id ?? input.beliefId
|
|
10332
12624
|
});
|
|
10333
|
-
var beliefTopicInput = (input) => {
|
|
10334
|
-
const parsed = listBeliefsProjection.inputSchema.safeParse(input);
|
|
10335
|
-
if (!parsed.success) {
|
|
10336
|
-
throw new Error(
|
|
10337
|
-
`list_beliefs projection input rejected: ${parsed.error.message}`
|
|
10338
|
-
);
|
|
10339
|
-
}
|
|
10340
|
-
return compactRecord4(listBeliefsProjection.project(parsed.data));
|
|
10341
|
-
};
|
|
10342
12625
|
var createBeliefInput = (input, context) => {
|
|
10343
12626
|
return withUserId(
|
|
10344
12627
|
compactRecord4({
|
|
@@ -10427,11 +12710,8 @@ var beliefsContracts = [
|
|
|
10427
12710
|
sdkNamespace: "beliefs",
|
|
10428
12711
|
sdkMethod: "listBeliefs",
|
|
10429
12712
|
summary: "List beliefs for a topic.",
|
|
10430
|
-
|
|
10431
|
-
|
|
10432
|
-
functionName: "getByTopic",
|
|
10433
|
-
kind: "query",
|
|
10434
|
-
inputProjection: beliefTopicInput
|
|
12713
|
+
gateway: {
|
|
12714
|
+
handler: "beliefs.list"
|
|
10435
12715
|
},
|
|
10436
12716
|
args: listBeliefsInputSchema
|
|
10437
12717
|
}),
|
|
@@ -10572,7 +12852,7 @@ var beliefsContracts = [
|
|
|
10572
12852
|
})
|
|
10573
12853
|
];
|
|
10574
12854
|
var jsonRecordSchema4 = z.record(z.unknown());
|
|
10575
|
-
var evidenceRelationSchema = z.enum(["supports", "contradicts"
|
|
12855
|
+
var evidenceRelationSchema = z.enum(["supports", "contradicts"]);
|
|
10576
12856
|
var createEvidenceArgs = z.object({
|
|
10577
12857
|
topicId: z.string().optional().describe("Topic scope for the evidence."),
|
|
10578
12858
|
text: z.string().describe("Canonical evidence text."),
|
|
@@ -10616,12 +12896,6 @@ var evidenceIdInput = (input) => compactRecord4({
|
|
|
10616
12896
|
insightId: input.insightId,
|
|
10617
12897
|
nodeId: input.nodeId ?? input.id ?? input.evidenceId
|
|
10618
12898
|
});
|
|
10619
|
-
var evidenceTopicInput = (input) => compactRecord4({
|
|
10620
|
-
topicId: input.topicId,
|
|
10621
|
-
status: input.status,
|
|
10622
|
-
userId: input.userId,
|
|
10623
|
-
limit: input.limit
|
|
10624
|
-
});
|
|
10625
12899
|
var createEvidenceInput = (input, context) => {
|
|
10626
12900
|
const parsed = createEvidenceProjection.inputSchema.safeParse(input);
|
|
10627
12901
|
if (!parsed.success) {
|
|
@@ -10752,11 +13026,8 @@ var evidenceContracts = [
|
|
|
10752
13026
|
sdkNamespace: "evidence",
|
|
10753
13027
|
sdkMethod: "listEvidence",
|
|
10754
13028
|
summary: "List evidence for a topic.",
|
|
10755
|
-
|
|
10756
|
-
|
|
10757
|
-
functionName: "getByTopic",
|
|
10758
|
-
kind: "query",
|
|
10759
|
-
inputProjection: evidenceTopicInput
|
|
13029
|
+
gateway: {
|
|
13030
|
+
handler: "evidence.list"
|
|
10760
13031
|
}
|
|
10761
13032
|
}),
|
|
10762
13033
|
surfaceContract({
|
|
@@ -10991,11 +13262,8 @@ var questionsContracts = [
|
|
|
10991
13262
|
sdkNamespace: "questions",
|
|
10992
13263
|
sdkMethod: "listQuestions",
|
|
10993
13264
|
summary: "List questions for a topic.",
|
|
10994
|
-
|
|
10995
|
-
|
|
10996
|
-
functionName: "getByTopic",
|
|
10997
|
-
kind: "query",
|
|
10998
|
-
inputProjection: questionTopicInput
|
|
13265
|
+
gateway: {
|
|
13266
|
+
handler: "questions.list"
|
|
10999
13267
|
}
|
|
11000
13268
|
}),
|
|
11001
13269
|
surfaceContract({
|
|
@@ -11198,18 +13466,50 @@ var questionsContracts = [
|
|
|
11198
13466
|
args: falsificationQuestionsArgs
|
|
11199
13467
|
})
|
|
11200
13468
|
];
|
|
13469
|
+
var topicVisibilitySchema = z.enum([
|
|
13470
|
+
"private",
|
|
13471
|
+
"team",
|
|
13472
|
+
"firm",
|
|
13473
|
+
"external",
|
|
13474
|
+
"public"
|
|
13475
|
+
]);
|
|
13476
|
+
var topicStatusSchema = z.enum(["active", "archived", "watching"]);
|
|
13477
|
+
var createTopicArgs = z.object({
|
|
13478
|
+
globalId: z.string().optional().describe("Optional idempotent topic global ID."),
|
|
13479
|
+
name: z.string().describe("Topic name."),
|
|
13480
|
+
description: z.string().optional().describe("Topic description."),
|
|
13481
|
+
type: z.string().describe("Topic type."),
|
|
13482
|
+
parentTopicId: z.string().optional().describe("Optional parent topic ID."),
|
|
13483
|
+
parentTopicGlobalId: z.string().optional().describe("Optional parent topic global ID."),
|
|
13484
|
+
ontologyId: z.string().optional().describe("Ontology to bind."),
|
|
13485
|
+
tenantId: z.string().optional().describe("Optional tenant scope."),
|
|
13486
|
+
workspaceId: z.string().optional().describe("Optional workspace scope."),
|
|
13487
|
+
visibility: topicVisibilitySchema.optional().describe("Topic visibility."),
|
|
13488
|
+
metadata: z.record(z.unknown()).optional().describe("Topic metadata."),
|
|
13489
|
+
graphScopeProjectId: z.string().optional(),
|
|
13490
|
+
createdBy: z.string().optional()
|
|
13491
|
+
});
|
|
11201
13492
|
var updateTopicArgs = z.object({
|
|
11202
13493
|
id: z.string().describe("Topic ID."),
|
|
11203
13494
|
topicId: z.string().optional().describe("Topic ID alias."),
|
|
11204
13495
|
name: z.string().optional().describe("Topic name."),
|
|
11205
13496
|
description: z.string().optional().describe("Topic description."),
|
|
11206
13497
|
type: z.string().optional().describe("Topic type."),
|
|
11207
|
-
status:
|
|
11208
|
-
visibility:
|
|
13498
|
+
status: topicStatusSchema.optional().describe("Topic status."),
|
|
13499
|
+
visibility: topicVisibilitySchema.optional().describe("Topic visibility."),
|
|
11209
13500
|
ontologyId: z.string().optional().describe("Ontology to bind."),
|
|
11210
13501
|
clearOntologyId: z.boolean().optional().describe("Whether to clear the ontology binding."),
|
|
11211
13502
|
metadata: z.record(z.unknown()).optional().describe("Topic metadata.")
|
|
11212
13503
|
});
|
|
13504
|
+
var materializeTopicGraphArgs = z.object({
|
|
13505
|
+
rootTopicId: z.string().optional().describe("Optional root topic ID."),
|
|
13506
|
+
dryRun: z.boolean().optional().describe("Report missing rows without writing."),
|
|
13507
|
+
createdBy: z.string().optional()
|
|
13508
|
+
});
|
|
13509
|
+
var getTopicGraphSpineArgs = z.object({
|
|
13510
|
+
rootTopicId: z.string().optional().describe("Optional root topic ID."),
|
|
13511
|
+
includeTopicBeliefEdges: z.boolean().optional()
|
|
13512
|
+
});
|
|
11213
13513
|
var topicIdInput = (input) => compactRecord4({
|
|
11214
13514
|
id: input.id ?? input.topicId
|
|
11215
13515
|
});
|
|
@@ -11240,7 +13540,8 @@ var topicsContracts = [
|
|
|
11240
13540
|
functionName: "create",
|
|
11241
13541
|
kind: "mutation",
|
|
11242
13542
|
inputProjection: withCreatedBy
|
|
11243
|
-
}
|
|
13543
|
+
},
|
|
13544
|
+
args: createTopicArgs
|
|
11244
13545
|
}),
|
|
11245
13546
|
surfaceContract({
|
|
11246
13547
|
name: "get_topic",
|
|
@@ -11308,6 +13609,406 @@ var topicsContracts = [
|
|
|
11308
13609
|
functionName: "getTree",
|
|
11309
13610
|
kind: "query"
|
|
11310
13611
|
}
|
|
13612
|
+
}),
|
|
13613
|
+
surfaceContract({
|
|
13614
|
+
name: "materialize_topic_graph",
|
|
13615
|
+
kind: "mutation",
|
|
13616
|
+
domain: "topics",
|
|
13617
|
+
surfaceClass: "platform_public",
|
|
13618
|
+
path: "/topics/materialize-graph",
|
|
13619
|
+
sdkNamespace: "topics",
|
|
13620
|
+
sdkMethod: "materializeTopicGraph",
|
|
13621
|
+
summary: "Materialize topic nodes and parent-child graph edges.",
|
|
13622
|
+
convex: {
|
|
13623
|
+
module: "topics",
|
|
13624
|
+
functionName: "materializeTopicGraph",
|
|
13625
|
+
kind: "mutation",
|
|
13626
|
+
inputProjection: withCreatedBy
|
|
13627
|
+
},
|
|
13628
|
+
args: materializeTopicGraphArgs
|
|
13629
|
+
}),
|
|
13630
|
+
surfaceContract({
|
|
13631
|
+
name: "get_topic_graph_spine",
|
|
13632
|
+
kind: "query",
|
|
13633
|
+
domain: "topics",
|
|
13634
|
+
surfaceClass: "platform_public",
|
|
13635
|
+
method: "GET",
|
|
13636
|
+
path: "/topics/graph-spine",
|
|
13637
|
+
sdkNamespace: "topics",
|
|
13638
|
+
sdkMethod: "getTopicGraphSpine",
|
|
13639
|
+
summary: "Verify topic nodes and parent-child graph edges.",
|
|
13640
|
+
convex: {
|
|
13641
|
+
module: "topics",
|
|
13642
|
+
functionName: "getTopicGraphSpine",
|
|
13643
|
+
kind: "query"
|
|
13644
|
+
},
|
|
13645
|
+
args: getTopicGraphSpineArgs
|
|
13646
|
+
})
|
|
13647
|
+
];
|
|
13648
|
+
var sourceTypeSchema2 = z.enum([
|
|
13649
|
+
"human",
|
|
13650
|
+
"ai_extracted",
|
|
13651
|
+
"ai_generated",
|
|
13652
|
+
"imported",
|
|
13653
|
+
"system",
|
|
13654
|
+
"verified",
|
|
13655
|
+
"proprietary"
|
|
13656
|
+
]);
|
|
13657
|
+
var verificationStatusSchema = z.enum([
|
|
13658
|
+
"unverified",
|
|
13659
|
+
"human_verified",
|
|
13660
|
+
"ai_verified",
|
|
13661
|
+
"contradicted",
|
|
13662
|
+
"outdated"
|
|
13663
|
+
]);
|
|
13664
|
+
var nodeStatusSchema = z.enum([
|
|
13665
|
+
"active",
|
|
13666
|
+
"superseded",
|
|
13667
|
+
"archived",
|
|
13668
|
+
"deleted"
|
|
13669
|
+
]);
|
|
13670
|
+
var externalIdsArgs = z.object({
|
|
13671
|
+
crunchbase: z.string().optional(),
|
|
13672
|
+
linkedin: z.string().optional(),
|
|
13673
|
+
pitchbook: z.string().optional(),
|
|
13674
|
+
twitter: z.string().optional(),
|
|
13675
|
+
website: z.string().optional()
|
|
13676
|
+
}).optional();
|
|
13677
|
+
var createEpistemicNodeItemArgs = z.object({
|
|
13678
|
+
globalId: z.string().optional().describe("Optional idempotent node global ID."),
|
|
13679
|
+
nodeType: NODE_TYPE.describe("Public epistemic node type."),
|
|
13680
|
+
subtype: z.string().optional(),
|
|
13681
|
+
canonicalText: z.string().optional().describe("Canonical node text."),
|
|
13682
|
+
text: z.string().optional().describe("Alias for canonicalText."),
|
|
13683
|
+
contentHash: z.string().optional().describe("Optional idempotency content hash."),
|
|
13684
|
+
content: z.string().optional(),
|
|
13685
|
+
contentType: z.string().optional(),
|
|
13686
|
+
title: z.string().optional(),
|
|
13687
|
+
tags: z.array(z.string()).optional(),
|
|
13688
|
+
domain: z.string().optional(),
|
|
13689
|
+
metadata: z.record(z.unknown()).optional(),
|
|
13690
|
+
externalIds: externalIdsArgs,
|
|
13691
|
+
sourceType: sourceTypeSchema2.optional(),
|
|
13692
|
+
aiProvider: z.string().optional(),
|
|
13693
|
+
extractedFromNodeId: z.string().optional(),
|
|
13694
|
+
confidence: z.number().optional(),
|
|
13695
|
+
verificationStatus: verificationStatusSchema.optional(),
|
|
13696
|
+
topicId: z.string().optional(),
|
|
13697
|
+
projectId: z.string().optional(),
|
|
13698
|
+
createdBy: z.string().optional(),
|
|
13699
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13700
|
+
});
|
|
13701
|
+
var createEpistemicNodeArgs = createEpistemicNodeItemArgs;
|
|
13702
|
+
var batchCreateEpistemicNodesArgs = z.object({
|
|
13703
|
+
nodes: z.array(createEpistemicNodeItemArgs)
|
|
13704
|
+
});
|
|
13705
|
+
var getEpistemicNodeArgs = z.object({
|
|
13706
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13707
|
+
globalId: z.string().optional().describe("Node global ID alias.")
|
|
13708
|
+
});
|
|
13709
|
+
var listEpistemicNodesArgs = z.object({
|
|
13710
|
+
topicId: z.string().optional(),
|
|
13711
|
+
projectId: z.string().optional(),
|
|
13712
|
+
nodeType: NODE_TYPE.optional(),
|
|
13713
|
+
status: nodeStatusSchema.optional(),
|
|
13714
|
+
searchQuery: z.string().optional(),
|
|
13715
|
+
query: z.string().optional(),
|
|
13716
|
+
limit: z.number().optional()
|
|
13717
|
+
});
|
|
13718
|
+
var updateEpistemicNodeArgs = z.object({
|
|
13719
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13720
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13721
|
+
subtype: z.string().optional(),
|
|
13722
|
+
canonicalText: z.string().optional(),
|
|
13723
|
+
text: z.string().optional(),
|
|
13724
|
+
contentHash: z.string().optional(),
|
|
13725
|
+
content: z.string().optional(),
|
|
13726
|
+
contentType: z.string().optional(),
|
|
13727
|
+
title: z.string().optional(),
|
|
13728
|
+
tags: z.array(z.string()).optional(),
|
|
13729
|
+
domain: z.string().optional(),
|
|
13730
|
+
metadata: z.record(z.unknown()).optional(),
|
|
13731
|
+
externalIds: externalIdsArgs,
|
|
13732
|
+
confidence: z.number().optional(),
|
|
13733
|
+
verificationStatus: verificationStatusSchema.optional(),
|
|
13734
|
+
status: nodeStatusSchema.optional(),
|
|
13735
|
+
userId: z.string().optional(),
|
|
13736
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13737
|
+
});
|
|
13738
|
+
var archiveEpistemicNodeArgs = z.object({
|
|
13739
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13740
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13741
|
+
userId: z.string().optional(),
|
|
13742
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13743
|
+
});
|
|
13744
|
+
var verifyEpistemicNodeArgs = z.object({
|
|
13745
|
+
nodeId: z.string().describe("Node ID or global ID."),
|
|
13746
|
+
id: z.string().optional().describe("Node ID alias."),
|
|
13747
|
+
verificationStatus: verificationStatusSchema,
|
|
13748
|
+
confidence: z.number().optional(),
|
|
13749
|
+
userId: z.string().optional()
|
|
13750
|
+
});
|
|
13751
|
+
var supersedeEpistemicNodeArgs = z.object({
|
|
13752
|
+
oldNodeId: z.string().describe("Node ID or global ID to supersede."),
|
|
13753
|
+
nodeId: z.string().optional().describe("Old node ID alias."),
|
|
13754
|
+
newGlobalId: z.string().optional(),
|
|
13755
|
+
newCanonicalText: z.string().optional(),
|
|
13756
|
+
text: z.string().optional(),
|
|
13757
|
+
canonicalText: z.string().optional(),
|
|
13758
|
+
newContentHash: z.string().optional(),
|
|
13759
|
+
reason: z.string().optional(),
|
|
13760
|
+
createdBy: z.string().optional(),
|
|
13761
|
+
trustedBypassAccessCheck: z.boolean().optional()
|
|
13762
|
+
});
|
|
13763
|
+
function generatedGlobalId(prefix) {
|
|
13764
|
+
return `${prefix}:${crypto.randomUUID()}`;
|
|
13765
|
+
}
|
|
13766
|
+
function resolveCanonicalText(input) {
|
|
13767
|
+
const text = input.canonicalText ?? input.text ?? input.title ?? input.content;
|
|
13768
|
+
if (typeof text !== "string" || text.trim().length === 0) {
|
|
13769
|
+
throw new Error("canonicalText or text is required.");
|
|
13770
|
+
}
|
|
13771
|
+
return text;
|
|
13772
|
+
}
|
|
13773
|
+
function createNodeInput(input, context) {
|
|
13774
|
+
const canonicalText = resolveCanonicalText(input);
|
|
13775
|
+
const nodeType = String(input.nodeType);
|
|
13776
|
+
return withCreatedBy(
|
|
13777
|
+
compactRecord4({
|
|
13778
|
+
globalId: typeof input.globalId === "string" && input.globalId.trim() ? input.globalId : generatedGlobalId(nodeType),
|
|
13779
|
+
nodeType,
|
|
13780
|
+
subtype: input.subtype,
|
|
13781
|
+
canonicalText,
|
|
13782
|
+
contentHash: typeof input.contentHash === "string" && input.contentHash.trim() ? input.contentHash : `${nodeType}:${canonicalText}`,
|
|
13783
|
+
content: input.content,
|
|
13784
|
+
contentType: input.contentType,
|
|
13785
|
+
title: input.title,
|
|
13786
|
+
tags: input.tags,
|
|
13787
|
+
domain: input.domain,
|
|
13788
|
+
metadata: input.metadata,
|
|
13789
|
+
externalIds: input.externalIds,
|
|
13790
|
+
sourceType: typeof input.sourceType === "string" && input.sourceType.trim() ? input.sourceType : "human",
|
|
13791
|
+
aiProvider: input.aiProvider,
|
|
13792
|
+
extractedFromNodeId: input.extractedFromNodeId,
|
|
13793
|
+
confidence: input.confidence,
|
|
13794
|
+
verificationStatus: input.verificationStatus,
|
|
13795
|
+
topicId: input.topicId,
|
|
13796
|
+
projectId: input.projectId
|
|
13797
|
+
}),
|
|
13798
|
+
context
|
|
13799
|
+
);
|
|
13800
|
+
}
|
|
13801
|
+
var getNodeInput = (input) => compactRecord4({
|
|
13802
|
+
nodeId: input.nodeId ?? input.globalId
|
|
13803
|
+
});
|
|
13804
|
+
var listNodesInput = (input) => compactRecord4({
|
|
13805
|
+
topicId: input.topicId,
|
|
13806
|
+
projectId: input.projectId,
|
|
13807
|
+
nodeType: input.nodeType,
|
|
13808
|
+
status: input.status,
|
|
13809
|
+
searchQuery: input.searchQuery ?? input.query,
|
|
13810
|
+
limit: input.limit
|
|
13811
|
+
});
|
|
13812
|
+
var updateNodeInput = (input, context) => withUserId(
|
|
13813
|
+
compactRecord4({
|
|
13814
|
+
nodeId: input.nodeId ?? input.id,
|
|
13815
|
+
subtype: input.subtype,
|
|
13816
|
+
canonicalText: input.canonicalText ?? input.text,
|
|
13817
|
+
contentHash: input.contentHash,
|
|
13818
|
+
content: input.content,
|
|
13819
|
+
contentType: input.contentType,
|
|
13820
|
+
title: input.title,
|
|
13821
|
+
tags: input.tags,
|
|
13822
|
+
domain: input.domain,
|
|
13823
|
+
metadata: input.metadata,
|
|
13824
|
+
externalIds: input.externalIds,
|
|
13825
|
+
confidence: input.confidence,
|
|
13826
|
+
verificationStatus: input.verificationStatus,
|
|
13827
|
+
status: input.status,
|
|
13828
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13829
|
+
}),
|
|
13830
|
+
context
|
|
13831
|
+
);
|
|
13832
|
+
var archiveNodeInput = (input, context) => withUserId(
|
|
13833
|
+
compactRecord4({
|
|
13834
|
+
nodeId: input.nodeId ?? input.id,
|
|
13835
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13836
|
+
}),
|
|
13837
|
+
context
|
|
13838
|
+
);
|
|
13839
|
+
var verifyNodeInput = (input, context) => withUserId(
|
|
13840
|
+
compactRecord4({
|
|
13841
|
+
nodeId: input.nodeId ?? input.id,
|
|
13842
|
+
verificationStatus: input.verificationStatus,
|
|
13843
|
+
confidence: input.confidence
|
|
13844
|
+
}),
|
|
13845
|
+
context
|
|
13846
|
+
);
|
|
13847
|
+
var supersedeNodeInput = (input, context) => {
|
|
13848
|
+
const newCanonicalText = input.newCanonicalText ?? input.canonicalText ?? input.text;
|
|
13849
|
+
if (typeof newCanonicalText !== "string" || newCanonicalText.trim().length === 0) {
|
|
13850
|
+
throw new Error("newCanonicalText or text is required.");
|
|
13851
|
+
}
|
|
13852
|
+
return {
|
|
13853
|
+
oldNodeId: input.oldNodeId ?? input.nodeId,
|
|
13854
|
+
newGlobalId: typeof input.newGlobalId === "string" && input.newGlobalId.trim() ? input.newGlobalId : generatedGlobalId("node"),
|
|
13855
|
+
newCanonicalText,
|
|
13856
|
+
newContentHash: typeof input.newContentHash === "string" && input.newContentHash.trim() ? input.newContentHash : `superseded:${newCanonicalText}`,
|
|
13857
|
+
createdBy: typeof input.createdBy === "string" ? input.createdBy : authUserId(context),
|
|
13858
|
+
reason: input.reason,
|
|
13859
|
+
trustedBypassAccessCheck: input.trustedBypassAccessCheck
|
|
13860
|
+
};
|
|
13861
|
+
};
|
|
13862
|
+
var batchCreateNodesInput = (input, context) => {
|
|
13863
|
+
const nodes = Array.isArray(input.nodes) ? input.nodes : [];
|
|
13864
|
+
return {
|
|
13865
|
+
nodes: nodes.map(
|
|
13866
|
+
(node) => createNodeInput(
|
|
13867
|
+
node && typeof node === "object" ? node : {},
|
|
13868
|
+
context
|
|
13869
|
+
)
|
|
13870
|
+
)
|
|
13871
|
+
};
|
|
13872
|
+
};
|
|
13873
|
+
var nodesContracts = [
|
|
13874
|
+
surfaceContract({
|
|
13875
|
+
name: "create_epistemic_node",
|
|
13876
|
+
kind: "mutation",
|
|
13877
|
+
domain: "nodes",
|
|
13878
|
+
surfaceClass: "platform_public",
|
|
13879
|
+
path: "/nodes",
|
|
13880
|
+
sdkNamespace: "nodes",
|
|
13881
|
+
sdkMethod: "createEpistemicNode",
|
|
13882
|
+
summary: "Create a generic epistemic graph node.",
|
|
13883
|
+
convex: {
|
|
13884
|
+
module: "nodes",
|
|
13885
|
+
functionName: "create",
|
|
13886
|
+
kind: "mutation",
|
|
13887
|
+
inputProjection: createNodeInput
|
|
13888
|
+
},
|
|
13889
|
+
args: createEpistemicNodeArgs
|
|
13890
|
+
}),
|
|
13891
|
+
surfaceContract({
|
|
13892
|
+
name: "get_epistemic_node",
|
|
13893
|
+
kind: "query",
|
|
13894
|
+
domain: "nodes",
|
|
13895
|
+
surfaceClass: "platform_public",
|
|
13896
|
+
method: "GET",
|
|
13897
|
+
path: "/nodes/get",
|
|
13898
|
+
sdkNamespace: "nodes",
|
|
13899
|
+
sdkMethod: "getEpistemicNode",
|
|
13900
|
+
summary: "Get a generic epistemic graph node.",
|
|
13901
|
+
convex: {
|
|
13902
|
+
module: "nodes",
|
|
13903
|
+
functionName: "get",
|
|
13904
|
+
kind: "query",
|
|
13905
|
+
inputProjection: getNodeInput
|
|
13906
|
+
},
|
|
13907
|
+
args: getEpistemicNodeArgs
|
|
13908
|
+
}),
|
|
13909
|
+
surfaceContract({
|
|
13910
|
+
name: "list_epistemic_nodes",
|
|
13911
|
+
kind: "query",
|
|
13912
|
+
domain: "nodes",
|
|
13913
|
+
surfaceClass: "platform_public",
|
|
13914
|
+
method: "GET",
|
|
13915
|
+
path: "/nodes",
|
|
13916
|
+
sdkNamespace: "nodes",
|
|
13917
|
+
sdkMethod: "listEpistemicNodes",
|
|
13918
|
+
summary: "List generic epistemic graph nodes.",
|
|
13919
|
+
convex: {
|
|
13920
|
+
module: "nodes",
|
|
13921
|
+
functionName: "list",
|
|
13922
|
+
kind: "query",
|
|
13923
|
+
inputProjection: listNodesInput
|
|
13924
|
+
},
|
|
13925
|
+
args: listEpistemicNodesArgs
|
|
13926
|
+
}),
|
|
13927
|
+
surfaceContract({
|
|
13928
|
+
name: "update_epistemic_node",
|
|
13929
|
+
kind: "mutation",
|
|
13930
|
+
domain: "nodes",
|
|
13931
|
+
surfaceClass: "platform_public",
|
|
13932
|
+
method: "PATCH",
|
|
13933
|
+
path: "/nodes",
|
|
13934
|
+
sdkNamespace: "nodes",
|
|
13935
|
+
sdkMethod: "updateEpistemicNode",
|
|
13936
|
+
summary: "Update a generic epistemic graph node.",
|
|
13937
|
+
convex: {
|
|
13938
|
+
module: "nodes",
|
|
13939
|
+
functionName: "update",
|
|
13940
|
+
kind: "mutation",
|
|
13941
|
+
inputProjection: updateNodeInput
|
|
13942
|
+
},
|
|
13943
|
+
args: updateEpistemicNodeArgs
|
|
13944
|
+
}),
|
|
13945
|
+
surfaceContract({
|
|
13946
|
+
name: "archive_epistemic_node",
|
|
13947
|
+
kind: "mutation",
|
|
13948
|
+
domain: "nodes",
|
|
13949
|
+
surfaceClass: "platform_public",
|
|
13950
|
+
path: "/nodes/archive",
|
|
13951
|
+
sdkNamespace: "nodes",
|
|
13952
|
+
sdkMethod: "archiveEpistemicNode",
|
|
13953
|
+
summary: "Archive a generic epistemic graph node.",
|
|
13954
|
+
convex: {
|
|
13955
|
+
module: "nodes",
|
|
13956
|
+
functionName: "archive",
|
|
13957
|
+
kind: "mutation",
|
|
13958
|
+
inputProjection: archiveNodeInput
|
|
13959
|
+
},
|
|
13960
|
+
args: archiveEpistemicNodeArgs
|
|
13961
|
+
}),
|
|
13962
|
+
surfaceContract({
|
|
13963
|
+
name: "verify_epistemic_node",
|
|
13964
|
+
kind: "mutation",
|
|
13965
|
+
domain: "nodes",
|
|
13966
|
+
surfaceClass: "platform_public",
|
|
13967
|
+
path: "/nodes/verify",
|
|
13968
|
+
sdkNamespace: "nodes",
|
|
13969
|
+
sdkMethod: "verifyEpistemicNode",
|
|
13970
|
+
summary: "Verify a generic epistemic graph node.",
|
|
13971
|
+
convex: {
|
|
13972
|
+
module: "nodes",
|
|
13973
|
+
functionName: "verify",
|
|
13974
|
+
kind: "mutation",
|
|
13975
|
+
inputProjection: verifyNodeInput
|
|
13976
|
+
},
|
|
13977
|
+
args: verifyEpistemicNodeArgs
|
|
13978
|
+
}),
|
|
13979
|
+
surfaceContract({
|
|
13980
|
+
name: "supersede_epistemic_node",
|
|
13981
|
+
kind: "mutation",
|
|
13982
|
+
domain: "nodes",
|
|
13983
|
+
surfaceClass: "platform_public",
|
|
13984
|
+
path: "/nodes/supersede",
|
|
13985
|
+
sdkNamespace: "nodes",
|
|
13986
|
+
sdkMethod: "supersedeEpistemicNode",
|
|
13987
|
+
summary: "Supersede a generic epistemic graph node.",
|
|
13988
|
+
convex: {
|
|
13989
|
+
module: "nodes",
|
|
13990
|
+
functionName: "supersede",
|
|
13991
|
+
kind: "mutation",
|
|
13992
|
+
inputProjection: supersedeNodeInput
|
|
13993
|
+
},
|
|
13994
|
+
args: supersedeEpistemicNodeArgs
|
|
13995
|
+
}),
|
|
13996
|
+
surfaceContract({
|
|
13997
|
+
name: "batch_create_epistemic_nodes",
|
|
13998
|
+
kind: "mutation",
|
|
13999
|
+
domain: "nodes",
|
|
14000
|
+
surfaceClass: "platform_public",
|
|
14001
|
+
path: "/nodes/batch",
|
|
14002
|
+
sdkNamespace: "nodes",
|
|
14003
|
+
sdkMethod: "batchCreateEpistemicNodes",
|
|
14004
|
+
summary: "Batch create generic epistemic graph nodes.",
|
|
14005
|
+
convex: {
|
|
14006
|
+
module: "nodes",
|
|
14007
|
+
functionName: "batchCreate",
|
|
14008
|
+
kind: "mutation",
|
|
14009
|
+
inputProjection: batchCreateNodesInput
|
|
14010
|
+
},
|
|
14011
|
+
args: batchCreateEpistemicNodesArgs
|
|
11311
14012
|
})
|
|
11312
14013
|
];
|
|
11313
14014
|
var lensPerspectiveSchema = z.enum([
|
|
@@ -11667,6 +14368,19 @@ var worktreeEvidenceSignalInputSchema = z.object({
|
|
|
11667
14368
|
progress: z.string().optional().describe("Collection progress note for the signal."),
|
|
11668
14369
|
notes: z.string().optional().describe("Additional evidence collection notes.")
|
|
11669
14370
|
}).passthrough().describe("Evidence signal embedded in the worktree plan.");
|
|
14371
|
+
var worktreeDocCompanionTargetSchema = z.object({
|
|
14372
|
+
docPath: z.string().describe(
|
|
14373
|
+
"Repo-relative path to a documentation file the worktree promises to update."
|
|
14374
|
+
),
|
|
14375
|
+
sectionAnchor: z.string().optional().describe(
|
|
14376
|
+
"Markdown heading anchor (e.g. '## Function-surface manifest') that scopes the promised update."
|
|
14377
|
+
),
|
|
14378
|
+
reason: z.string().describe(
|
|
14379
|
+
"Why this doc section must be updated for the worktree to be complete."
|
|
14380
|
+
)
|
|
14381
|
+
}).passthrough().describe(
|
|
14382
|
+
"Intent-driven docs companion target. pr-gate-reviewer verifies that the PR actually touches each declared (docPath, sectionAnchor). Distinct from the touch-driven docs-loop. See docs/development/docs-sync-discipline.md Lock 3."
|
|
14383
|
+
);
|
|
11670
14384
|
var worktreeDecisionGateInputSchema = z.object({
|
|
11671
14385
|
goCriteria: z.array(z.string()).describe("Criteria that must hold for the worktree to proceed."),
|
|
11672
14386
|
noGoSignals: z.array(z.string()).describe("Signals that stop or redirect the worktree."),
|
|
@@ -11699,6 +14413,9 @@ var addWorktreeArgs = z.object({
|
|
|
11699
14413
|
keyQuestions: z.array(worktreeKeyQuestionInputSchema).optional().describe("Inline key questions captured as part of the worktree plan."),
|
|
11700
14414
|
evidenceSignals: z.array(worktreeEvidenceSignalInputSchema).optional().describe("Evidence signals the worktree needs to collect or validate."),
|
|
11701
14415
|
decisionGate: worktreeDecisionGateInputSchema.optional(),
|
|
14416
|
+
docCompanionTargets: z.array(worktreeDocCompanionTargetSchema).optional().describe(
|
|
14417
|
+
"Doc sections the worktree promises to update at PR time. Enforced by pr-gate-reviewer (Lock 3)."
|
|
14418
|
+
),
|
|
11702
14419
|
goCriteria: z.array(z.string()).optional().describe("Shorthand go criteria used to build decisionGate."),
|
|
11703
14420
|
noGoSignals: z.array(z.string()).optional().describe("Shorthand no-go signals used to build decisionGate."),
|
|
11704
14421
|
proofArtifacts: z.array(z.unknown()).optional().describe("Expected proof artifacts required to close the worktree."),
|
|
@@ -12062,7 +14779,21 @@ var createTaskArgs = z.object({
|
|
|
12062
14779
|
linkedQuestionId: z.string().optional().describe("Question this task addresses."),
|
|
12063
14780
|
assigneeId: z.string().optional().describe("Principal assigned to the task."),
|
|
12064
14781
|
dueDate: z.number().optional().describe("Due date as epoch milliseconds."),
|
|
12065
|
-
tags: z.array(z.string()).optional().describe("Free-form tags.")
|
|
14782
|
+
tags: z.array(z.string()).optional().describe("Free-form tags."),
|
|
14783
|
+
metadata: z.record(z.unknown()).optional().describe("Structured task metadata for handoff context and routing hints.")
|
|
14784
|
+
});
|
|
14785
|
+
var updateTaskArgs = z.object({
|
|
14786
|
+
taskId: z.string().describe("Task to update."),
|
|
14787
|
+
title: z.string().optional().describe("Updated task title."),
|
|
14788
|
+
description: z.string().optional().describe("Updated task description."),
|
|
14789
|
+
priority: taskPrioritySchema.optional().describe("Updated priority."),
|
|
14790
|
+
status: taskStatusSchema2.optional().describe("Updated status."),
|
|
14791
|
+
linkedWorktreeId: z.string().optional().describe("Worktree this task belongs to."),
|
|
14792
|
+
linkedBeliefId: z.string().optional().describe("Belief this task supports."),
|
|
14793
|
+
linkedQuestionId: z.string().optional().describe("Question this task addresses."),
|
|
14794
|
+
assigneeId: z.string().optional().describe("Principal assigned to the task."),
|
|
14795
|
+
blockedReason: z.string().optional().describe("Reason the task is blocked or deferred."),
|
|
14796
|
+
metadata: z.record(z.unknown()).optional().describe("Structured task metadata for handoff context and routing hints.")
|
|
12066
14797
|
});
|
|
12067
14798
|
var createTaskInput = (input) => compactRecord4({
|
|
12068
14799
|
title: input.title,
|
|
@@ -12076,7 +14807,8 @@ var createTaskInput = (input) => compactRecord4({
|
|
|
12076
14807
|
linkedQuestionId: input.linkedQuestionId,
|
|
12077
14808
|
assigneeId: input.assigneeId,
|
|
12078
14809
|
dueDate: input.dueDate,
|
|
12079
|
-
tags: input.tags
|
|
14810
|
+
tags: input.tags,
|
|
14811
|
+
metadata: input.metadata
|
|
12080
14812
|
});
|
|
12081
14813
|
var taskInput = (input) => compactRecord4({
|
|
12082
14814
|
...input,
|
|
@@ -12093,8 +14825,7 @@ var taskTopicInput = (input) => {
|
|
|
12093
14825
|
};
|
|
12094
14826
|
var completeTaskInput = (input) => compactRecord4({
|
|
12095
14827
|
taskId: input.taskId ?? input.id,
|
|
12096
|
-
outputSummary: input.outputSummary ?? input.summary
|
|
12097
|
-
userId: input.userId
|
|
14828
|
+
outputSummary: input.outputSummary ?? input.summary
|
|
12098
14829
|
});
|
|
12099
14830
|
var tasksContracts = [
|
|
12100
14831
|
surfaceContract({
|
|
@@ -12112,6 +14843,7 @@ var tasksContracts = [
|
|
|
12112
14843
|
kind: "mutation",
|
|
12113
14844
|
inputProjection: createTaskInput
|
|
12114
14845
|
},
|
|
14846
|
+
gateway: { handler: "tasks.create" },
|
|
12115
14847
|
args: createTaskArgs
|
|
12116
14848
|
}),
|
|
12117
14849
|
surfaceContract({
|
|
@@ -12130,6 +14862,7 @@ var tasksContracts = [
|
|
|
12130
14862
|
kind: "query",
|
|
12131
14863
|
inputProjection: taskTopicInput
|
|
12132
14864
|
},
|
|
14865
|
+
gateway: { handler: "tasks.list" },
|
|
12133
14866
|
args: listTasksInputSchema
|
|
12134
14867
|
}),
|
|
12135
14868
|
surfaceContract({
|
|
@@ -12147,7 +14880,9 @@ var tasksContracts = [
|
|
|
12147
14880
|
functionName: "update",
|
|
12148
14881
|
kind: "mutation",
|
|
12149
14882
|
inputProjection: taskInput
|
|
12150
|
-
}
|
|
14883
|
+
},
|
|
14884
|
+
gateway: { handler: "tasks.update" },
|
|
14885
|
+
args: updateTaskArgs
|
|
12151
14886
|
}),
|
|
12152
14887
|
surfaceContract({
|
|
12153
14888
|
name: "complete_task",
|
|
@@ -12163,12 +14898,14 @@ var tasksContracts = [
|
|
|
12163
14898
|
functionName: "complete",
|
|
12164
14899
|
kind: "mutation",
|
|
12165
14900
|
inputProjection: completeTaskInput
|
|
12166
|
-
}
|
|
14901
|
+
},
|
|
14902
|
+
gateway: { handler: "tasks.complete" }
|
|
12167
14903
|
})
|
|
12168
14904
|
];
|
|
12169
14905
|
var CREATE_EDGE_TYPES = edgePolicyManifest.policies.map(
|
|
12170
14906
|
(policy) => policy.edgeType
|
|
12171
14907
|
);
|
|
14908
|
+
var REASONING_METHOD_TYPES = [...REASONING_METHODS];
|
|
12172
14909
|
var createEdgeArgs = z.object({
|
|
12173
14910
|
from: GraphRefSchema,
|
|
12174
14911
|
to: GraphRefSchema,
|
|
@@ -12178,10 +14915,37 @@ var createEdgeArgs = z.object({
|
|
|
12178
14915
|
confidence: z.number().optional(),
|
|
12179
14916
|
context: z.string().optional(),
|
|
12180
14917
|
reasoning: z.string().optional(),
|
|
14918
|
+
reasoningMethod: z.enum(REASONING_METHOD_TYPES).optional(),
|
|
12181
14919
|
derivationType: z.string().optional(),
|
|
14920
|
+
metadata: z.record(z.unknown()).optional(),
|
|
12182
14921
|
topicId: z.string().optional(),
|
|
12183
14922
|
trustedBypassAccessCheck: z.boolean().optional()
|
|
12184
14923
|
});
|
|
14924
|
+
var updateEdgeArgs = z.object({
|
|
14925
|
+
edgeId: z.string().describe("Edge ID or global ID."),
|
|
14926
|
+
weight: z.number().optional(),
|
|
14927
|
+
confidence: z.number().optional(),
|
|
14928
|
+
context: z.string().optional(),
|
|
14929
|
+
reasoning: z.string().optional(),
|
|
14930
|
+
derivationType: z.string().optional(),
|
|
14931
|
+
metadata: z.record(z.unknown()).optional(),
|
|
14932
|
+
userId: z.string().optional()
|
|
14933
|
+
});
|
|
14934
|
+
var removeEdgeArgs = z.object({
|
|
14935
|
+
edgeId: z.string().describe("Edge ID or global ID."),
|
|
14936
|
+
userId: z.string().optional()
|
|
14937
|
+
});
|
|
14938
|
+
var removeEdgesBetweenArgs = z.object({
|
|
14939
|
+
from: GraphRefSchema.optional(),
|
|
14940
|
+
to: GraphRefSchema.optional(),
|
|
14941
|
+
fromNodeId: z.string().optional(),
|
|
14942
|
+
toNodeId: z.string().optional(),
|
|
14943
|
+
edgeType: z.enum(CREATE_EDGE_TYPES).optional()
|
|
14944
|
+
});
|
|
14945
|
+
var batchCreateEdgesArgs = z.object({
|
|
14946
|
+
edges: z.array(createEdgeArgs),
|
|
14947
|
+
skipLayerValidation: z.boolean().optional()
|
|
14948
|
+
});
|
|
12185
14949
|
var queryLineageArgs = z.object({
|
|
12186
14950
|
nodeId: z.string().describe("Starting node to trace from."),
|
|
12187
14951
|
startNode: z.string().optional().describe("Starting node alias accepted by traversal callers."),
|
|
@@ -12230,7 +14994,9 @@ var edgesContracts = [
|
|
|
12230
14994
|
weight: parsed.weight,
|
|
12231
14995
|
confidence: parsed.confidence,
|
|
12232
14996
|
context: parsed.context ?? parsed.reasoning,
|
|
14997
|
+
reasoningMethod: parsed.reasoningMethod,
|
|
12233
14998
|
derivationType: parsed.derivationType,
|
|
14999
|
+
metadata: parsed.metadata,
|
|
12234
15000
|
skipLayerValidation: true,
|
|
12235
15001
|
topicId: parsed.topicId,
|
|
12236
15002
|
trustedBypassAccessCheck: parsed.trustedBypassAccessCheck
|
|
@@ -12241,6 +15007,131 @@ var edgesContracts = [
|
|
|
12241
15007
|
},
|
|
12242
15008
|
args: createEdgeArgs
|
|
12243
15009
|
}),
|
|
15010
|
+
surfaceContract({
|
|
15011
|
+
name: "update_edge",
|
|
15012
|
+
kind: "mutation",
|
|
15013
|
+
domain: "edges",
|
|
15014
|
+
surfaceClass: "platform_public",
|
|
15015
|
+
method: "PATCH",
|
|
15016
|
+
path: "/edges",
|
|
15017
|
+
sdkNamespace: "edges",
|
|
15018
|
+
sdkMethod: "updateEdge",
|
|
15019
|
+
summary: "Update an epistemic edge.",
|
|
15020
|
+
convex: {
|
|
15021
|
+
module: "edges",
|
|
15022
|
+
functionName: "update",
|
|
15023
|
+
kind: "mutation",
|
|
15024
|
+
inputProjection: (input, context) => compactRecord4({
|
|
15025
|
+
edgeId: input.edgeId,
|
|
15026
|
+
weight: input.weight,
|
|
15027
|
+
confidence: input.confidence,
|
|
15028
|
+
context: input.context ?? input.reasoning,
|
|
15029
|
+
derivationType: input.derivationType,
|
|
15030
|
+
metadata: input.metadata,
|
|
15031
|
+
userId: input.userId ?? context.userId ?? context.principalId
|
|
15032
|
+
})
|
|
15033
|
+
},
|
|
15034
|
+
args: updateEdgeArgs
|
|
15035
|
+
}),
|
|
15036
|
+
surfaceContract({
|
|
15037
|
+
name: "remove_edge",
|
|
15038
|
+
kind: "mutation",
|
|
15039
|
+
domain: "edges",
|
|
15040
|
+
surfaceClass: "platform_public",
|
|
15041
|
+
method: "DELETE",
|
|
15042
|
+
path: "/edges",
|
|
15043
|
+
sdkNamespace: "edges",
|
|
15044
|
+
sdkMethod: "removeEdge",
|
|
15045
|
+
summary: "Remove an epistemic edge.",
|
|
15046
|
+
convex: {
|
|
15047
|
+
module: "edges",
|
|
15048
|
+
functionName: "remove",
|
|
15049
|
+
kind: "mutation",
|
|
15050
|
+
inputProjection: (input, context) => compactRecord4({
|
|
15051
|
+
edgeId: input.edgeId,
|
|
15052
|
+
userId: input.userId ?? context.userId ?? context.principalId
|
|
15053
|
+
})
|
|
15054
|
+
},
|
|
15055
|
+
args: removeEdgeArgs
|
|
15056
|
+
}),
|
|
15057
|
+
surfaceContract({
|
|
15058
|
+
name: "remove_edges_between",
|
|
15059
|
+
kind: "mutation",
|
|
15060
|
+
domain: "edges",
|
|
15061
|
+
surfaceClass: "platform_public",
|
|
15062
|
+
method: "DELETE",
|
|
15063
|
+
path: "/edges/between",
|
|
15064
|
+
sdkNamespace: "edges",
|
|
15065
|
+
sdkMethod: "removeEdgesBetween",
|
|
15066
|
+
summary: "Remove epistemic edges between two nodes.",
|
|
15067
|
+
convex: {
|
|
15068
|
+
module: "edges",
|
|
15069
|
+
functionName: "removeBetween",
|
|
15070
|
+
kind: "mutation",
|
|
15071
|
+
inputProjection: (input) => {
|
|
15072
|
+
const parsed = removeEdgesBetweenArgs.parse(input);
|
|
15073
|
+
const fromNodeId = parsed.from ? graphRefNodeId(parsed.from) : parsed.fromNodeId;
|
|
15074
|
+
const toNodeId = parsed.to ? graphRefNodeId(parsed.to) : parsed.toNodeId;
|
|
15075
|
+
if (!fromNodeId || !toNodeId) {
|
|
15076
|
+
throw new Error("from/to or fromNodeId/toNodeId are required.");
|
|
15077
|
+
}
|
|
15078
|
+
return compactRecord4({
|
|
15079
|
+
fromNodeId,
|
|
15080
|
+
toNodeId,
|
|
15081
|
+
edgeType: parsed.edgeType
|
|
15082
|
+
});
|
|
15083
|
+
}
|
|
15084
|
+
},
|
|
15085
|
+
args: removeEdgesBetweenArgs
|
|
15086
|
+
}),
|
|
15087
|
+
surfaceContract({
|
|
15088
|
+
name: "batch_create_edges",
|
|
15089
|
+
kind: "mutation",
|
|
15090
|
+
domain: "edges",
|
|
15091
|
+
surfaceClass: "platform_public",
|
|
15092
|
+
path: "/edges/batch",
|
|
15093
|
+
sdkNamespace: "edges",
|
|
15094
|
+
sdkMethod: "batchCreateEdges",
|
|
15095
|
+
summary: "Batch create epistemic edges.",
|
|
15096
|
+
convex: {
|
|
15097
|
+
module: "edges",
|
|
15098
|
+
functionName: "batchCreate",
|
|
15099
|
+
kind: "mutation",
|
|
15100
|
+
inputProjection: (input, context) => {
|
|
15101
|
+
const parsed = batchCreateEdgesArgs.parse(input);
|
|
15102
|
+
return {
|
|
15103
|
+
skipLayerValidation: parsed.skipLayerValidation ?? true,
|
|
15104
|
+
edges: parsed.edges.map((edge) => {
|
|
15105
|
+
assertEdgePolicyAllowed(
|
|
15106
|
+
edgePolicyManifest,
|
|
15107
|
+
edge.edgeType,
|
|
15108
|
+
edge.from,
|
|
15109
|
+
edge.to
|
|
15110
|
+
);
|
|
15111
|
+
const fromNodeId = graphRefNodeId(edge.from);
|
|
15112
|
+
const toNodeId = graphRefNodeId(edge.to);
|
|
15113
|
+
return withCreatedBy(
|
|
15114
|
+
compactRecord4({
|
|
15115
|
+
fromNodeId,
|
|
15116
|
+
toNodeId,
|
|
15117
|
+
edgeType: edge.edgeType,
|
|
15118
|
+
globalId: edge.globalId ?? `edge:${fromNodeId}:${toNodeId}:${edge.edgeType}`,
|
|
15119
|
+
weight: edge.weight,
|
|
15120
|
+
confidence: edge.confidence,
|
|
15121
|
+
context: edge.context ?? edge.reasoning,
|
|
15122
|
+
reasoningMethod: edge.reasoningMethod,
|
|
15123
|
+
derivationType: edge.derivationType,
|
|
15124
|
+
metadata: edge.metadata,
|
|
15125
|
+
topicId: edge.topicId
|
|
15126
|
+
}),
|
|
15127
|
+
context
|
|
15128
|
+
);
|
|
15129
|
+
})
|
|
15130
|
+
};
|
|
15131
|
+
}
|
|
15132
|
+
},
|
|
15133
|
+
args: batchCreateEdgesArgs
|
|
15134
|
+
}),
|
|
12244
15135
|
surfaceContract({
|
|
12245
15136
|
name: "query_lineage",
|
|
12246
15137
|
kind: "query",
|
|
@@ -12963,6 +15854,69 @@ var pipelineContracts = [
|
|
|
12963
15854
|
}
|
|
12964
15855
|
})
|
|
12965
15856
|
];
|
|
15857
|
+
function isRecord4(value) {
|
|
15858
|
+
return Boolean(value) && typeof value === "object" && !Array.isArray(value);
|
|
15859
|
+
}
|
|
15860
|
+
function stringValues(value) {
|
|
15861
|
+
if (typeof value === "string") {
|
|
15862
|
+
return [value];
|
|
15863
|
+
}
|
|
15864
|
+
if (Array.isArray(value)) {
|
|
15865
|
+
return value.flatMap((item) => stringValues(item));
|
|
15866
|
+
}
|
|
15867
|
+
return [];
|
|
15868
|
+
}
|
|
15869
|
+
function nestedEvidenceRows(value) {
|
|
15870
|
+
if (Array.isArray(value)) {
|
|
15871
|
+
return value.flatMap((item) => nestedEvidenceRows(item));
|
|
15872
|
+
}
|
|
15873
|
+
if (!isRecord4(value)) {
|
|
15874
|
+
return [];
|
|
15875
|
+
}
|
|
15876
|
+
const nestedKeys = ["evidence", "items", "nodes"];
|
|
15877
|
+
const nestedRows = nestedKeys.flatMap((key) => nestedEvidenceRows(value[key]));
|
|
15878
|
+
return nestedRows.length > 0 ? nestedRows : [value];
|
|
15879
|
+
}
|
|
15880
|
+
function isFailedAttemptRow(row) {
|
|
15881
|
+
const metadata = isRecord4(row.metadata) ? row.metadata : null;
|
|
15882
|
+
return metadata?.failedApproach === true || metadata?.isFailedAttempt === true;
|
|
15883
|
+
}
|
|
15884
|
+
function failureLogSearchFields(row) {
|
|
15885
|
+
const metadata = isRecord4(row.metadata) ? row.metadata : null;
|
|
15886
|
+
return [
|
|
15887
|
+
...stringValues(row.id),
|
|
15888
|
+
...stringValues(row._id),
|
|
15889
|
+
...stringValues(row.title),
|
|
15890
|
+
...stringValues(row.text),
|
|
15891
|
+
...stringValues(row.canonicalText),
|
|
15892
|
+
...stringValues(row.content),
|
|
15893
|
+
...stringValues(metadata?.codeAnchor),
|
|
15894
|
+
...stringValues(metadata?.codeAnchors),
|
|
15895
|
+
...stringValues(metadata?.anchor),
|
|
15896
|
+
...stringValues(metadata?.anchors),
|
|
15897
|
+
...stringValues(metadata?.filePath),
|
|
15898
|
+
...stringValues(metadata?.filePaths),
|
|
15899
|
+
...stringValues(metadata?.path),
|
|
15900
|
+
...stringValues(metadata?.paths),
|
|
15901
|
+
...stringValues(metadata?.sourceRef),
|
|
15902
|
+
...stringValues(metadata?.touchedPaths)
|
|
15903
|
+
];
|
|
15904
|
+
}
|
|
15905
|
+
function projectFailureLog(output, input) {
|
|
15906
|
+
const rawQuery = typeof input.query === "string" && input.query.trim().length > 0 ? input.query.trim() : void 0;
|
|
15907
|
+
const searchKey = rawQuery?.toLowerCase();
|
|
15908
|
+
const failures = nestedEvidenceRows(output).filter((row) => isFailedAttemptRow(row)).filter(
|
|
15909
|
+
(row) => !searchKey ? true : failureLogSearchFields(row).some(
|
|
15910
|
+
(field) => field.toLowerCase().includes(searchKey)
|
|
15911
|
+
)
|
|
15912
|
+
);
|
|
15913
|
+
return {
|
|
15914
|
+
query: rawQuery,
|
|
15915
|
+
failures,
|
|
15916
|
+
totalFound: failures.length,
|
|
15917
|
+
showing: failures.length
|
|
15918
|
+
};
|
|
15919
|
+
}
|
|
12966
15920
|
var recordScopeLearningArgs = z.object({
|
|
12967
15921
|
topicId: z.string().optional().describe("Topic scope ID"),
|
|
12968
15922
|
summary: z.string().describe("Atomic learning statement"),
|
|
@@ -13052,6 +16006,8 @@ var attemptInput = (input, context) => withUserId(
|
|
|
13052
16006
|
tags: ["code_attempt"],
|
|
13053
16007
|
metadata: compactRecord4({
|
|
13054
16008
|
...recordValue2(input.metadata),
|
|
16009
|
+
failedApproach: true,
|
|
16010
|
+
isFailedAttempt: true,
|
|
13055
16011
|
filePaths: input.filePaths,
|
|
13056
16012
|
filePath: input.filePath,
|
|
13057
16013
|
errorMessage: input.errorMessage,
|
|
@@ -13182,7 +16138,8 @@ var codingContracts = [
|
|
|
13182
16138
|
limit: input.limit,
|
|
13183
16139
|
status: input.status,
|
|
13184
16140
|
userId: input.userId
|
|
13185
|
-
})
|
|
16141
|
+
}),
|
|
16142
|
+
outputProjection: (output, input) => projectFailureLog(output, input)
|
|
13186
16143
|
}
|
|
13187
16144
|
})
|
|
13188
16145
|
];
|
|
@@ -13219,6 +16176,7 @@ var ALL_FUNCTION_CONTRACTS = [
|
|
|
13219
16176
|
...evidenceContracts,
|
|
13220
16177
|
...questionsContracts,
|
|
13221
16178
|
...topicsContracts,
|
|
16179
|
+
...nodesContracts,
|
|
13222
16180
|
...lensesContracts,
|
|
13223
16181
|
...ontologiesContracts,
|
|
13224
16182
|
...worktreesContracts,
|
|
@@ -13394,6 +16352,13 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13394
16352
|
copyMode: "none",
|
|
13395
16353
|
description: "Deliberation sessions are created by tenant workflows."
|
|
13396
16354
|
},
|
|
16355
|
+
{
|
|
16356
|
+
component: "kernel",
|
|
16357
|
+
table: "domainEvents",
|
|
16358
|
+
prepopulation: "runtime_log",
|
|
16359
|
+
copyMode: "none",
|
|
16360
|
+
description: "Domain event rows are append-only runtime audit/exhaust data."
|
|
16361
|
+
},
|
|
13397
16362
|
{
|
|
13398
16363
|
component: "kernel",
|
|
13399
16364
|
table: "epistemicAudit",
|
|
@@ -13643,14 +16608,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13643
16608
|
description: "Worktrees are tenant/runtime planning data."
|
|
13644
16609
|
},
|
|
13645
16610
|
{
|
|
13646
|
-
component: "
|
|
16611
|
+
component: "control-plane",
|
|
13647
16612
|
table: "agents",
|
|
13648
16613
|
prepopulation: "runtime_bootstrap",
|
|
13649
16614
|
copyMode: "none",
|
|
13650
16615
|
description: "Service agents are provisioned per tenant or service, not copied."
|
|
13651
16616
|
},
|
|
13652
16617
|
{
|
|
13653
|
-
component: "
|
|
16618
|
+
component: "control-plane",
|
|
13654
16619
|
table: "mcpWritePolicy",
|
|
13655
16620
|
prepopulation: "required_template",
|
|
13656
16621
|
copyMode: "template_global",
|
|
@@ -13659,14 +16624,14 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13659
16624
|
description: "Global write policy defaults govern service and interactive MCP writes."
|
|
13660
16625
|
},
|
|
13661
16626
|
{
|
|
13662
|
-
component: "
|
|
16627
|
+
component: "control-plane",
|
|
13663
16628
|
table: "modelCallLogs",
|
|
13664
16629
|
prepopulation: "runtime_log",
|
|
13665
16630
|
copyMode: "none",
|
|
13666
16631
|
description: "Model call logs are runtime telemetry."
|
|
13667
16632
|
},
|
|
13668
16633
|
{
|
|
13669
|
-
component: "
|
|
16634
|
+
component: "control-plane",
|
|
13670
16635
|
table: "modelFunctionSlots",
|
|
13671
16636
|
prepopulation: "required_template",
|
|
13672
16637
|
copyMode: "template_global",
|
|
@@ -13675,7 +16640,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13675
16640
|
description: "Function-to-model slots are required by model runtime resolution."
|
|
13676
16641
|
},
|
|
13677
16642
|
{
|
|
13678
|
-
component: "
|
|
16643
|
+
component: "control-plane",
|
|
13679
16644
|
table: "modelRegistry",
|
|
13680
16645
|
prepopulation: "required_template",
|
|
13681
16646
|
copyMode: "template_global",
|
|
@@ -13684,7 +16649,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13684
16649
|
description: "Model catalog defaults are required by model runtime clients."
|
|
13685
16650
|
},
|
|
13686
16651
|
{
|
|
13687
|
-
component: "
|
|
16652
|
+
component: "control-plane",
|
|
13688
16653
|
table: "modelSlotConfigs",
|
|
13689
16654
|
prepopulation: "required_template",
|
|
13690
16655
|
copyMode: "template_global",
|
|
@@ -13693,14 +16658,105 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13693
16658
|
description: "Slot-level defaults are required before tenant overrides exist."
|
|
13694
16659
|
},
|
|
13695
16660
|
{
|
|
13696
|
-
component: "
|
|
16661
|
+
component: "control-plane",
|
|
16662
|
+
table: "permitAccessReviewItems",
|
|
16663
|
+
prepopulation: "runtime_data",
|
|
16664
|
+
copyMode: "none",
|
|
16665
|
+
description: "Permit access-review item rows are tenant review data projected from Permit."
|
|
16666
|
+
},
|
|
16667
|
+
{
|
|
16668
|
+
component: "control-plane",
|
|
16669
|
+
table: "permitAccessReviews",
|
|
16670
|
+
prepopulation: "runtime_data",
|
|
16671
|
+
copyMode: "none",
|
|
16672
|
+
description: "Permit access-review campaigns are tenant review data projected from Permit."
|
|
16673
|
+
},
|
|
16674
|
+
{
|
|
16675
|
+
component: "control-plane",
|
|
16676
|
+
table: "permitAttributeBindings",
|
|
16677
|
+
prepopulation: "runtime_data",
|
|
16678
|
+
copyMode: "none",
|
|
16679
|
+
description: "Permit ABAC attribute bindings are tenant policy projection rows."
|
|
16680
|
+
},
|
|
16681
|
+
{
|
|
16682
|
+
component: "control-plane",
|
|
16683
|
+
table: "permitGroups",
|
|
16684
|
+
prepopulation: "runtime_data",
|
|
16685
|
+
copyMode: "none",
|
|
16686
|
+
description: "Permit groups are tenant-defined policy subjects, not template data."
|
|
16687
|
+
},
|
|
16688
|
+
{
|
|
16689
|
+
component: "control-plane",
|
|
16690
|
+
table: "permitGroupMemberships",
|
|
16691
|
+
prepopulation: "runtime_data",
|
|
16692
|
+
copyMode: "none",
|
|
16693
|
+
description: "Permit group memberships are tenant-specific policy projection rows."
|
|
16694
|
+
},
|
|
16695
|
+
{
|
|
16696
|
+
component: "control-plane",
|
|
16697
|
+
table: "permitPolicyBundles",
|
|
16698
|
+
prepopulation: "runtime_derived",
|
|
16699
|
+
copyMode: "none",
|
|
16700
|
+
description: "Permit policy bundles are derived from the Permit control plane."
|
|
16701
|
+
},
|
|
16702
|
+
{
|
|
16703
|
+
component: "control-plane",
|
|
16704
|
+
table: "permitPolicyDecisionReceipts",
|
|
16705
|
+
prepopulation: "runtime_log",
|
|
16706
|
+
copyMode: "none",
|
|
16707
|
+
description: "Permit decision receipts are runtime authorization audit logs."
|
|
16708
|
+
},
|
|
16709
|
+
{
|
|
16710
|
+
component: "control-plane",
|
|
16711
|
+
table: "permitPrincipalAliases",
|
|
16712
|
+
prepopulation: "runtime_data",
|
|
16713
|
+
copyMode: "none",
|
|
16714
|
+
description: "Permit principal aliases are tenant-specific identity projection rows."
|
|
16715
|
+
},
|
|
16716
|
+
{
|
|
16717
|
+
component: "control-plane",
|
|
16718
|
+
table: "permitPrincipals",
|
|
16719
|
+
prepopulation: "runtime_data",
|
|
16720
|
+
copyMode: "none",
|
|
16721
|
+
description: "Permit principals are projected from Clerk, Permit, and tenant onboarding flows."
|
|
16722
|
+
},
|
|
16723
|
+
{
|
|
16724
|
+
component: "control-plane",
|
|
16725
|
+
table: "permitProjectionOutbox",
|
|
16726
|
+
prepopulation: "runtime_queue",
|
|
16727
|
+
copyMode: "none",
|
|
16728
|
+
description: "Permit projection outbox rows are runtime sync queue data."
|
|
16729
|
+
},
|
|
16730
|
+
{
|
|
16731
|
+
component: "control-plane",
|
|
16732
|
+
table: "permitRelationshipTuples",
|
|
16733
|
+
prepopulation: "runtime_data",
|
|
16734
|
+
copyMode: "none",
|
|
16735
|
+
description: "Permit ReBAC relationship tuples are tenant policy projection rows."
|
|
16736
|
+
},
|
|
16737
|
+
{
|
|
16738
|
+
component: "control-plane",
|
|
16739
|
+
table: "permitResourceInstances",
|
|
16740
|
+
prepopulation: "runtime_data",
|
|
16741
|
+
copyMode: "none",
|
|
16742
|
+
description: "Permit resource instances are tenant/workspace graph and deployment projection rows."
|
|
16743
|
+
},
|
|
16744
|
+
{
|
|
16745
|
+
component: "control-plane",
|
|
16746
|
+
table: "permitRoleAssignments",
|
|
16747
|
+
prepopulation: "runtime_data",
|
|
16748
|
+
copyMode: "none",
|
|
16749
|
+
description: "Permit role assignments are tenant-specific policy projection rows."
|
|
16750
|
+
},
|
|
16751
|
+
{
|
|
16752
|
+
component: "control-plane",
|
|
13697
16753
|
table: "platformAudienceGrants",
|
|
13698
16754
|
prepopulation: "runtime_data",
|
|
13699
16755
|
copyMode: "none",
|
|
13700
16756
|
description: "Audience grants are principal/group-specific access rows."
|
|
13701
16757
|
},
|
|
13702
16758
|
{
|
|
13703
|
-
component: "
|
|
16759
|
+
component: "control-plane",
|
|
13704
16760
|
table: "platformAudiences",
|
|
13705
16761
|
prepopulation: "required_template",
|
|
13706
16762
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13709,35 +16765,35 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13709
16765
|
description: "Default tenant audience taxonomy rows are rewritten into each tenant."
|
|
13710
16766
|
},
|
|
13711
16767
|
{
|
|
13712
|
-
component: "
|
|
16768
|
+
component: "control-plane",
|
|
13713
16769
|
table: "platformPolicyDecisionLogs",
|
|
13714
16770
|
prepopulation: "runtime_log",
|
|
13715
16771
|
copyMode: "none",
|
|
13716
16772
|
description: "Policy decisions are runtime audit logs."
|
|
13717
16773
|
},
|
|
13718
16774
|
{
|
|
13719
|
-
component: "
|
|
16775
|
+
component: "control-plane",
|
|
13720
16776
|
table: "projectGrants",
|
|
13721
16777
|
prepopulation: "runtime_data",
|
|
13722
16778
|
copyMode: "none",
|
|
13723
16779
|
description: "Project/topic grants are principal or group-specific access rows."
|
|
13724
16780
|
},
|
|
13725
16781
|
{
|
|
13726
|
-
component: "
|
|
16782
|
+
component: "control-plane",
|
|
13727
16783
|
table: "reasoningPermissions",
|
|
13728
16784
|
prepopulation: "runtime_data",
|
|
13729
16785
|
copyMode: "none",
|
|
13730
16786
|
description: "Reasoning permissions are principal-specific policy rows."
|
|
13731
16787
|
},
|
|
13732
16788
|
{
|
|
13733
|
-
component: "
|
|
16789
|
+
component: "control-plane",
|
|
13734
16790
|
table: "tenantApiKeys",
|
|
13735
16791
|
prepopulation: "runtime_secret",
|
|
13736
16792
|
copyMode: "none",
|
|
13737
16793
|
description: "API keys are tenant credentials and must never be copied."
|
|
13738
16794
|
},
|
|
13739
16795
|
{
|
|
13740
|
-
component: "
|
|
16796
|
+
component: "control-plane",
|
|
13741
16797
|
table: "tenantConfig",
|
|
13742
16798
|
prepopulation: "required_template",
|
|
13743
16799
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13746,7 +16802,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13746
16802
|
description: "Tenant-local config defaults are rewritten during bootstrap."
|
|
13747
16803
|
},
|
|
13748
16804
|
{
|
|
13749
|
-
component: "
|
|
16805
|
+
component: "control-plane",
|
|
13750
16806
|
table: "tenantIntegrations",
|
|
13751
16807
|
prepopulation: "required_template",
|
|
13752
16808
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13755,14 +16811,21 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13755
16811
|
description: "Non-secret integration descriptors are rewritten into each tenant."
|
|
13756
16812
|
},
|
|
13757
16813
|
{
|
|
13758
|
-
component: "
|
|
16814
|
+
component: "control-plane",
|
|
13759
16815
|
table: "tenantModelSlotBindings",
|
|
13760
16816
|
prepopulation: "runtime_secret",
|
|
13761
16817
|
copyMode: "none",
|
|
13762
16818
|
description: "Tenant model slot bindings reference provider secrets and are runtime-only."
|
|
13763
16819
|
},
|
|
13764
16820
|
{
|
|
13765
|
-
component: "
|
|
16821
|
+
component: "control-plane",
|
|
16822
|
+
table: "tenantPermitSyncStates",
|
|
16823
|
+
prepopulation: "runtime_derived",
|
|
16824
|
+
copyMode: "none",
|
|
16825
|
+
description: "Tenant Permit sync state rows are runtime reconciliation state."
|
|
16826
|
+
},
|
|
16827
|
+
{
|
|
16828
|
+
component: "control-plane",
|
|
13766
16829
|
table: "tenantPolicies",
|
|
13767
16830
|
prepopulation: "required_template",
|
|
13768
16831
|
copyMode: "template_tenant_rewrite",
|
|
@@ -13771,42 +16834,42 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13771
16834
|
description: "Default tenant policy roles are rewritten during bootstrap."
|
|
13772
16835
|
},
|
|
13773
16836
|
{
|
|
13774
|
-
component: "
|
|
16837
|
+
component: "control-plane",
|
|
13775
16838
|
table: "tenantProviderSecrets",
|
|
13776
16839
|
prepopulation: "runtime_secret",
|
|
13777
16840
|
copyMode: "none",
|
|
13778
16841
|
description: "Provider secrets are credentials and must never be copied."
|
|
13779
16842
|
},
|
|
13780
16843
|
{
|
|
13781
|
-
component: "
|
|
16844
|
+
component: "control-plane",
|
|
13782
16845
|
table: "tenantProxyGatewayUsage",
|
|
13783
16846
|
prepopulation: "runtime_log",
|
|
13784
16847
|
copyMode: "none",
|
|
13785
16848
|
description: "Proxy gateway usage rows are runtime telemetry."
|
|
13786
16849
|
},
|
|
13787
16850
|
{
|
|
13788
|
-
component: "
|
|
16851
|
+
component: "control-plane",
|
|
13789
16852
|
table: "tenantProxyTokenMints",
|
|
13790
16853
|
prepopulation: "runtime_secret",
|
|
13791
16854
|
copyMode: "none",
|
|
13792
16855
|
description: "Proxy token mints are ephemeral secret-bearing runtime rows."
|
|
13793
16856
|
},
|
|
13794
16857
|
{
|
|
13795
|
-
component: "
|
|
16858
|
+
component: "control-plane",
|
|
13796
16859
|
table: "tenantSandboxAuditEvents",
|
|
13797
16860
|
prepopulation: "runtime_log",
|
|
13798
16861
|
copyMode: "none",
|
|
13799
16862
|
description: "Sandbox audit rows are runtime security logs."
|
|
13800
16863
|
},
|
|
13801
16864
|
{
|
|
13802
|
-
component: "
|
|
16865
|
+
component: "control-plane",
|
|
13803
16866
|
table: "tenantSecrets",
|
|
13804
16867
|
prepopulation: "runtime_secret",
|
|
13805
16868
|
copyMode: "none",
|
|
13806
16869
|
description: "Tenant secrets are credentials and must never be copied."
|
|
13807
16870
|
},
|
|
13808
16871
|
{
|
|
13809
|
-
component: "
|
|
16872
|
+
component: "control-plane",
|
|
13810
16873
|
table: "toolAcls",
|
|
13811
16874
|
prepopulation: "required_template",
|
|
13812
16875
|
copyMode: "template_global",
|
|
@@ -13815,7 +16878,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13815
16878
|
description: "Default role-to-tool grants are required for SDK/MCP tool access."
|
|
13816
16879
|
},
|
|
13817
16880
|
{
|
|
13818
|
-
component: "
|
|
16881
|
+
component: "control-plane",
|
|
13819
16882
|
table: "toolRegistry",
|
|
13820
16883
|
prepopulation: "required_template",
|
|
13821
16884
|
copyMode: "template_global",
|
|
@@ -13824,7 +16887,7 @@ var TENANT_BOOTSTRAP_TABLE_REQUIREMENTS = [
|
|
|
13824
16887
|
description: "Core tool catalog rows are required before pack or tenant tools exist."
|
|
13825
16888
|
},
|
|
13826
16889
|
{
|
|
13827
|
-
component: "
|
|
16890
|
+
component: "control-plane",
|
|
13828
16891
|
table: "users",
|
|
13829
16892
|
prepopulation: "runtime_bootstrap",
|
|
13830
16893
|
copyMode: "none",
|
|
@@ -14209,11 +17272,11 @@ function readString2(value) {
|
|
|
14209
17272
|
function readNullableNumber(value) {
|
|
14210
17273
|
return typeof value === "number" && Number.isFinite(value) ? value : null;
|
|
14211
17274
|
}
|
|
14212
|
-
function
|
|
17275
|
+
function isRecord5(value) {
|
|
14213
17276
|
return Boolean(value) && typeof value === "object" && !Array.isArray(value);
|
|
14214
17277
|
}
|
|
14215
17278
|
function refreshLucernContextFromBuildSession(payload, args) {
|
|
14216
|
-
if (!
|
|
17279
|
+
if (!isRecord5(payload)) {
|
|
14217
17280
|
return;
|
|
14218
17281
|
}
|
|
14219
17282
|
const topicId = readString2(payload.topicId);
|
|
@@ -14418,7 +17481,8 @@ var edgeHandlers = {
|
|
|
14418
17481
|
topicId: readString(args.topicId ?? args.projectId),
|
|
14419
17482
|
confidence: readNumber(args.confidence),
|
|
14420
17483
|
weight: readNumber(args.weight),
|
|
14421
|
-
context: readString(args.context) ?? readString(args.reasoning)
|
|
17484
|
+
context: readString(args.context) ?? readString(args.reasoning),
|
|
17485
|
+
reasoningMethod: readString(args.reasoningMethod)
|
|
14422
17486
|
})
|
|
14423
17487
|
);
|
|
14424
17488
|
},
|
|
@@ -14775,6 +17839,14 @@ var generatedFunctionSurfaceHandlers = {
|
|
|
14775
17839
|
)
|
|
14776
17840
|
);
|
|
14777
17841
|
},
|
|
17842
|
+
async archive_epistemic_node(args, ctx) {
|
|
17843
|
+
return formatSdkResult(
|
|
17844
|
+
await getSdkClient(ctx).raw.functionSurface.archiveEpistemicNode(
|
|
17845
|
+
stripInternalArgs(args),
|
|
17846
|
+
idempotencyKeyFrom(args)
|
|
17847
|
+
)
|
|
17848
|
+
);
|
|
17849
|
+
},
|
|
14778
17850
|
async archive_ontology(args, ctx) {
|
|
14779
17851
|
return formatSdkResult(
|
|
14780
17852
|
await getSdkClient(ctx).raw.functionSurface.archiveOntology(
|
|
@@ -14791,6 +17863,22 @@ var generatedFunctionSurfaceHandlers = {
|
|
|
14791
17863
|
)
|
|
14792
17864
|
);
|
|
14793
17865
|
},
|
|
17866
|
+
async batch_create_edges(args, ctx) {
|
|
17867
|
+
return formatSdkResult(
|
|
17868
|
+
await getSdkClient(ctx).raw.functionSurface.batchCreateEdges(
|
|
17869
|
+
stripInternalArgs(args),
|
|
17870
|
+
idempotencyKeyFrom(args)
|
|
17871
|
+
)
|
|
17872
|
+
);
|
|
17873
|
+
},
|
|
17874
|
+
async batch_create_epistemic_nodes(args, ctx) {
|
|
17875
|
+
return formatSdkResult(
|
|
17876
|
+
await getSdkClient(ctx).raw.functionSurface.batchCreateEpistemicNodes(
|
|
17877
|
+
stripInternalArgs(args),
|
|
17878
|
+
idempotencyKeyFrom(args)
|
|
17879
|
+
)
|
|
17880
|
+
);
|
|
17881
|
+
},
|
|
14794
17882
|
async begin_build_session(args, ctx) {
|
|
14795
17883
|
return formatSdkResult(
|
|
14796
17884
|
await getSdkClient(ctx).raw.functionSurface.beginBuildSession(
|
|
@@ -14879,6 +17967,14 @@ var generatedFunctionSurfaceHandlers = {
|
|
|
14879
17967
|
)
|
|
14880
17968
|
);
|
|
14881
17969
|
},
|
|
17970
|
+
async create_epistemic_node(args, ctx) {
|
|
17971
|
+
return formatSdkResult(
|
|
17972
|
+
await getSdkClient(ctx).raw.functionSurface.createEpistemicNode(
|
|
17973
|
+
stripInternalArgs(args),
|
|
17974
|
+
idempotencyKeyFrom(args)
|
|
17975
|
+
)
|
|
17976
|
+
);
|
|
17977
|
+
},
|
|
14882
17978
|
async create_evidence(args, ctx) {
|
|
14883
17979
|
return formatSdkResult(
|
|
14884
17980
|
await getSdkClient(ctx).raw.functionSurface.createEvidence(
|
|
@@ -15079,6 +18175,14 @@ var generatedFunctionSurfaceHandlers = {
|
|
|
15079
18175
|
)
|
|
15080
18176
|
);
|
|
15081
18177
|
},
|
|
18178
|
+
async get_epistemic_node(args, ctx) {
|
|
18179
|
+
return formatSdkResult(
|
|
18180
|
+
await getSdkClient(ctx).raw.functionSurface.getEpistemicNode(
|
|
18181
|
+
stripInternalArgs(args),
|
|
18182
|
+
idempotencyKeyFrom(args)
|
|
18183
|
+
)
|
|
18184
|
+
);
|
|
18185
|
+
},
|
|
15082
18186
|
async get_evidence(args, ctx) {
|
|
15083
18187
|
return formatSdkResult(
|
|
15084
18188
|
await getSdkClient(ctx).raw.functionSurface.getEvidence(
|
|
@@ -15183,6 +18287,14 @@ var generatedFunctionSurfaceHandlers = {
|
|
|
15183
18287
|
)
|
|
15184
18288
|
);
|
|
15185
18289
|
},
|
|
18290
|
+
async get_topic_graph_spine(args, ctx) {
|
|
18291
|
+
return formatSdkResult(
|
|
18292
|
+
await getSdkClient(ctx).raw.functionSurface.getTopicGraphSpine(
|
|
18293
|
+
stripInternalArgs(args),
|
|
18294
|
+
idempotencyKeyFrom(args)
|
|
18295
|
+
)
|
|
18296
|
+
);
|
|
18297
|
+
},
|
|
15186
18298
|
async get_topic_tree(args, ctx) {
|
|
15187
18299
|
return formatSdkResult(
|
|
15188
18300
|
await getSdkClient(ctx).raw.functionSurface.getTopicTree(
|
|
@@ -15263,6 +18375,14 @@ var generatedFunctionSurfaceHandlers = {
|
|
|
15263
18375
|
)
|
|
15264
18376
|
);
|
|
15265
18377
|
},
|
|
18378
|
+
async list_epistemic_nodes(args, ctx) {
|
|
18379
|
+
return formatSdkResult(
|
|
18380
|
+
await getSdkClient(ctx).raw.functionSurface.listEpistemicNodes(
|
|
18381
|
+
stripInternalArgs(args),
|
|
18382
|
+
idempotencyKeyFrom(args)
|
|
18383
|
+
)
|
|
18384
|
+
);
|
|
18385
|
+
},
|
|
15266
18386
|
async list_evidence(args, ctx) {
|
|
15267
18387
|
return formatSdkResult(
|
|
15268
18388
|
await getSdkClient(ctx).raw.functionSurface.listEvidence(
|
|
@@ -15343,6 +18463,14 @@ var generatedFunctionSurfaceHandlers = {
|
|
|
15343
18463
|
)
|
|
15344
18464
|
);
|
|
15345
18465
|
},
|
|
18466
|
+
async materialize_topic_graph(args, ctx) {
|
|
18467
|
+
return formatSdkResult(
|
|
18468
|
+
await getSdkClient(ctx).raw.functionSurface.materializeTopicGraph(
|
|
18469
|
+
stripInternalArgs(args),
|
|
18470
|
+
idempotencyKeyFrom(args)
|
|
18471
|
+
)
|
|
18472
|
+
);
|
|
18473
|
+
},
|
|
15346
18474
|
async merge(args, ctx) {
|
|
15347
18475
|
return formatSdkResult(
|
|
15348
18476
|
await getSdkClient(ctx).raw.functionSurface.merge(
|
|
@@ -15447,6 +18575,22 @@ var generatedFunctionSurfaceHandlers = {
|
|
|
15447
18575
|
)
|
|
15448
18576
|
);
|
|
15449
18577
|
},
|
|
18578
|
+
async remove_edge(args, ctx) {
|
|
18579
|
+
return formatSdkResult(
|
|
18580
|
+
await getSdkClient(ctx).raw.functionSurface.removeEdge(
|
|
18581
|
+
stripInternalArgs(args),
|
|
18582
|
+
idempotencyKeyFrom(args)
|
|
18583
|
+
)
|
|
18584
|
+
);
|
|
18585
|
+
},
|
|
18586
|
+
async remove_edges_between(args, ctx) {
|
|
18587
|
+
return formatSdkResult(
|
|
18588
|
+
await getSdkClient(ctx).raw.functionSurface.removeEdgesBetween(
|
|
18589
|
+
stripInternalArgs(args),
|
|
18590
|
+
idempotencyKeyFrom(args)
|
|
18591
|
+
)
|
|
18592
|
+
);
|
|
18593
|
+
},
|
|
15450
18594
|
async remove_lens_from_topic(args, ctx) {
|
|
15451
18595
|
return formatSdkResult(
|
|
15452
18596
|
await getSdkClient(ctx).raw.functionSurface.removeLensFromTopic(
|
|
@@ -15463,6 +18607,14 @@ var generatedFunctionSurfaceHandlers = {
|
|
|
15463
18607
|
)
|
|
15464
18608
|
);
|
|
15465
18609
|
},
|
|
18610
|
+
async resolve_interactive_principal(args, ctx) {
|
|
18611
|
+
return formatSdkResult(
|
|
18612
|
+
await getSdkClient(ctx).raw.functionSurface.resolveInteractivePrincipal(
|
|
18613
|
+
stripInternalArgs(args),
|
|
18614
|
+
idempotencyKeyFrom(args)
|
|
18615
|
+
)
|
|
18616
|
+
);
|
|
18617
|
+
},
|
|
15466
18618
|
async run_graph_intelligence_query(args, ctx) {
|
|
15467
18619
|
return formatSdkResult(
|
|
15468
18620
|
await getSdkClient(ctx).raw.functionSurface.runGraphIntelligenceQuery(
|
|
@@ -15503,6 +18655,14 @@ var generatedFunctionSurfaceHandlers = {
|
|
|
15503
18655
|
)
|
|
15504
18656
|
);
|
|
15505
18657
|
},
|
|
18658
|
+
async supersede_epistemic_node(args, ctx) {
|
|
18659
|
+
return formatSdkResult(
|
|
18660
|
+
await getSdkClient(ctx).raw.functionSurface.supersedeEpistemicNode(
|
|
18661
|
+
stripInternalArgs(args),
|
|
18662
|
+
idempotencyKeyFrom(args)
|
|
18663
|
+
)
|
|
18664
|
+
);
|
|
18665
|
+
},
|
|
15506
18666
|
async trace_entity_impact(args, ctx) {
|
|
15507
18667
|
return formatSdkResult(
|
|
15508
18668
|
await getSdkClient(ctx).raw.functionSurface.traceEntityImpact(
|
|
@@ -15527,6 +18687,22 @@ var generatedFunctionSurfaceHandlers = {
|
|
|
15527
18687
|
)
|
|
15528
18688
|
);
|
|
15529
18689
|
},
|
|
18690
|
+
async update_edge(args, ctx) {
|
|
18691
|
+
return formatSdkResult(
|
|
18692
|
+
await getSdkClient(ctx).raw.functionSurface.updateEdge(
|
|
18693
|
+
stripInternalArgs(args),
|
|
18694
|
+
idempotencyKeyFrom(args)
|
|
18695
|
+
)
|
|
18696
|
+
);
|
|
18697
|
+
},
|
|
18698
|
+
async update_epistemic_node(args, ctx) {
|
|
18699
|
+
return formatSdkResult(
|
|
18700
|
+
await getSdkClient(ctx).raw.functionSurface.updateEpistemicNode(
|
|
18701
|
+
stripInternalArgs(args),
|
|
18702
|
+
idempotencyKeyFrom(args)
|
|
18703
|
+
)
|
|
18704
|
+
);
|
|
18705
|
+
},
|
|
15530
18706
|
async update_ontology(args, ctx) {
|
|
15531
18707
|
return formatSdkResult(
|
|
15532
18708
|
await getSdkClient(ctx).raw.functionSurface.updateOntology(
|
|
@@ -15574,6 +18750,14 @@ var generatedFunctionSurfaceHandlers = {
|
|
|
15574
18750
|
idempotencyKeyFrom(args)
|
|
15575
18751
|
)
|
|
15576
18752
|
);
|
|
18753
|
+
},
|
|
18754
|
+
async verify_epistemic_node(args, ctx) {
|
|
18755
|
+
return formatSdkResult(
|
|
18756
|
+
await getSdkClient(ctx).raw.functionSurface.verifyEpistemicNode(
|
|
18757
|
+
stripInternalArgs(args),
|
|
18758
|
+
idempotencyKeyFrom(args)
|
|
18759
|
+
)
|
|
18760
|
+
);
|
|
15577
18761
|
}
|
|
15578
18762
|
};
|
|
15579
18763
|
|
|
@@ -15735,7 +18919,7 @@ function readStringArray2(value) {
|
|
|
15735
18919
|
}
|
|
15736
18920
|
return value.map((entry) => readString3(entry)).filter((entry) => Boolean(entry));
|
|
15737
18921
|
}
|
|
15738
|
-
function
|
|
18922
|
+
function isRecord6(value) {
|
|
15739
18923
|
return value !== null && typeof value === "object" && !Array.isArray(value);
|
|
15740
18924
|
}
|
|
15741
18925
|
function decodePrefixedIdOrNull(value) {
|
|
@@ -15750,7 +18934,7 @@ function decodePrefixedIdOrNull(value) {
|
|
|
15750
18934
|
};
|
|
15751
18935
|
}
|
|
15752
18936
|
function asRecord2(value) {
|
|
15753
|
-
return
|
|
18937
|
+
return isRecord6(value) ? value : {};
|
|
15754
18938
|
}
|
|
15755
18939
|
function normalizeTopicId(value) {
|
|
15756
18940
|
const normalized = readString3(value);
|
|
@@ -16023,7 +19207,7 @@ async function resolveBeliefTopicId(ctx, beliefId) {
|
|
|
16023
19207
|
if (!normalizedBeliefId) {
|
|
16024
19208
|
return void 0;
|
|
16025
19209
|
}
|
|
16026
|
-
return fetchRecordTopicId(ctx, api.
|
|
19210
|
+
return fetchRecordTopicId(ctx, api.beliefs.getById, {
|
|
16027
19211
|
beliefId: normalizedBeliefId,
|
|
16028
19212
|
nodeId: normalizedBeliefId
|
|
16029
19213
|
});
|
|
@@ -16885,7 +20069,7 @@ var researchVerificationHandlers = {
|
|
|
16885
20069
|
function cleanString(value) {
|
|
16886
20070
|
return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
|
|
16887
20071
|
}
|
|
16888
|
-
function
|
|
20072
|
+
function isRecord7(value) {
|
|
16889
20073
|
return value !== null && typeof value === "object" && !Array.isArray(value);
|
|
16890
20074
|
}
|
|
16891
20075
|
function prefixId(prefix, value) {
|
|
@@ -16941,7 +20125,7 @@ function toPublicCompiledContext(pack) {
|
|
|
16941
20125
|
scopedTopicIds: (pack.scopedTopicIds ?? []).map((id) => prefixId("top", id)),
|
|
16942
20126
|
generatedAt: pack.generatedAt,
|
|
16943
20127
|
ranking: pack.rankingProfile,
|
|
16944
|
-
summary:
|
|
20128
|
+
summary: isRecord7(pack.summary) ? pack.summary : {},
|
|
16945
20129
|
invariants: (pack.invariants ?? []).map((belief) => ({
|
|
16946
20130
|
beliefId: prefixId("bel", belief.nodeId),
|
|
16947
20131
|
text: belief.canonicalText,
|
|
@@ -17012,7 +20196,7 @@ function toPublicCompiledContext(pack) {
|
|
|
17012
20196
|
}))
|
|
17013
20197
|
} : {}
|
|
17014
20198
|
},
|
|
17015
|
-
diagnostics:
|
|
20199
|
+
diagnostics: isRecord7(pack.diagnostics) ? pack.diagnostics : {},
|
|
17016
20200
|
...pack.compilationMode ? { compilationMode: pack.compilationMode } : {},
|
|
17017
20201
|
...pack.failureContext ? {
|
|
17018
20202
|
failureContext: {
|
|
@@ -17520,6 +20704,21 @@ async function checkWritePolicy(toolName, topicId, authCtx) {
|
|
|
17520
20704
|
authCtx
|
|
17521
20705
|
});
|
|
17522
20706
|
if (!result) {
|
|
20707
|
+
if (authCtx.sessionType === "agent") {
|
|
20708
|
+
return {
|
|
20709
|
+
allowed: false,
|
|
20710
|
+
permission: "deny",
|
|
20711
|
+
toolCategory: null,
|
|
20712
|
+
policy: null,
|
|
20713
|
+
reason: "no_policy_response",
|
|
20714
|
+
explanation: {
|
|
20715
|
+
summary: "Denied because agent write-policy checks fail closed when no policy response is returned.",
|
|
20716
|
+
toolName,
|
|
20717
|
+
role: authCtx.role,
|
|
20718
|
+
topicId
|
|
20719
|
+
}
|
|
20720
|
+
};
|
|
20721
|
+
}
|
|
17523
20722
|
return {
|
|
17524
20723
|
allowed: true,
|
|
17525
20724
|
permission: "allow",
|
|
@@ -17553,6 +20752,33 @@ async function checkWritePolicy(toolName, topicId, authCtx) {
|
|
|
17553
20752
|
}
|
|
17554
20753
|
return result;
|
|
17555
20754
|
} catch (err) {
|
|
20755
|
+
if (authCtx.sessionType === "agent") {
|
|
20756
|
+
return {
|
|
20757
|
+
allowed: false,
|
|
20758
|
+
permission: "deny",
|
|
20759
|
+
toolCategory: null,
|
|
20760
|
+
policy: null,
|
|
20761
|
+
explanation: {
|
|
20762
|
+
summary: "Denied because agent write-policy checks fail closed on policy evaluation errors.",
|
|
20763
|
+
matchedReasonCode: "WRITE_POLICY_CHECK_ERROR",
|
|
20764
|
+
steps: [
|
|
20765
|
+
{
|
|
20766
|
+
stage: "policy_lookup",
|
|
20767
|
+
outcome: "failed",
|
|
20768
|
+
reasonCode: "WRITE_POLICY_CHECK_ERROR",
|
|
20769
|
+
detail: err instanceof Error ? err.message : "Unknown policy evaluation error."
|
|
20770
|
+
},
|
|
20771
|
+
{
|
|
20772
|
+
stage: "decision",
|
|
20773
|
+
outcome: "failed",
|
|
20774
|
+
reasonCode: "WRITE_POLICY_CHECK_ERROR",
|
|
20775
|
+
detail: "Agent sessions cannot convert a write-policy infrastructure error into an allow."
|
|
20776
|
+
}
|
|
20777
|
+
]
|
|
20778
|
+
},
|
|
20779
|
+
reason: "policy_check_error"
|
|
20780
|
+
};
|
|
20781
|
+
}
|
|
17556
20782
|
console.error(
|
|
17557
20783
|
`[write-policy] Policy check failed for ${toolName}: ${err instanceof Error ? err.message : err}. Allowing (fail-open).`
|
|
17558
20784
|
);
|