@vectros-ai/blueprints 0.6.2 → 0.6.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +16 -0
- package/README.md +10 -0
- package/dist/index.js +30 -16
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +30 -16
- package/dist/index.mjs.map +1 -1
- package/guides/agentic-sdlc.md +28 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,22 @@
|
|
|
3
3
|
All notable changes to `@vectros-ai/blueprints` are documented here.
|
|
4
4
|
This project adheres to [Semantic Versioning](https://semver.org).
|
|
5
5
|
|
|
6
|
+
## 0.6.3 — 2026-07-01
|
|
7
|
+
|
|
8
|
+
### Added
|
|
9
|
+
|
|
10
|
+
- **`agentic-sdlc` now declares an `editor` role for the human owner.** `bootstrap`
|
|
11
|
+
provisions a scoped key for your *agent*, but doesn't join *you* — so a blueprint's
|
|
12
|
+
context doesn't appear in the data-plane app until your own user is granted access
|
|
13
|
+
there. The blueprint now ships a reusable `editor` role at **parity with the service
|
|
14
|
+
key** (`records:r/c/u`, `search:r`, `schemas:r`, `inference:r`, `documents:r/c`,
|
|
15
|
+
`folders:r/c`; no delete, no control-plane), which `bootstrap` creates in the context.
|
|
16
|
+
Bind it to your user once to browse and curate the KB in the app:
|
|
17
|
+
`vectros access grant --principal usr_<your-user-id> --context agentic-sdlc --role editor`
|
|
18
|
+
(or via the admin app's Access → Contexts → Profiles). The guide and walkthrough
|
|
19
|
+
document the one-time join, and the package README now documents the top-level
|
|
20
|
+
`roles` format field (previously undocumented — no bundled blueprint used it).
|
|
21
|
+
|
|
6
22
|
## 0.6.2 — 2026-06-29
|
|
7
23
|
|
|
8
24
|
### Changed
|
package/README.md
CHANGED
|
@@ -115,6 +115,16 @@ The `accessProfile.dataScope` value lists accept a **`null` sentinel** — e.g.
|
|
|
115
115
|
(owner-less / shared) records. Omitting `null` restricts the key to the listed
|
|
116
116
|
owners only.
|
|
117
117
|
|
|
118
|
+
A blueprint may also declare top-level **`roles`** — a map of `roleId` → ordered
|
|
119
|
+
scope clauses (each an `allowedActions` list with an optional `dataScope`). Unlike
|
|
120
|
+
`accessProfile` (which scopes the service-principal key `bootstrap` mints), roles
|
|
121
|
+
are reusable, identity-agnostic rules you bind to a principal *after* bootstrap with
|
|
122
|
+
`vectros access grant --principal <p> --role <roleId>`. `bootstrap` provisions the
|
|
123
|
+
declared roles in the context but binds them to no one. The bundled `agentic-sdlc`
|
|
124
|
+
ships an `editor` role for this — join your own user to the context so you can
|
|
125
|
+
browse and curate the knowledge base in the app. Role clauses pass the same
|
|
126
|
+
data-plane scope gate as `accessProfile`.
|
|
127
|
+
|
|
118
128
|
All of the above are **optional and backward-compatible** — a blueprint that
|
|
119
129
|
omits them parses and provisions exactly as before.
|
|
120
130
|
|
package/dist/index.js
CHANGED
|
@@ -1065,6 +1065,18 @@ var codingAgentMemory = {
|
|
|
1065
1065
|
var coding_agent_memory_default = codingAgentMemory;
|
|
1066
1066
|
|
|
1067
1067
|
// src/blueprints/agentic-sdlc.ts
|
|
1068
|
+
var DATA_PLANE_ACTIONS = [
|
|
1069
|
+
"records:r",
|
|
1070
|
+
"records:c",
|
|
1071
|
+
"records:u",
|
|
1072
|
+
"search:r",
|
|
1073
|
+
"schemas:r",
|
|
1074
|
+
"inference:r",
|
|
1075
|
+
"documents:r",
|
|
1076
|
+
"documents:c",
|
|
1077
|
+
"folders:r",
|
|
1078
|
+
"folders:c"
|
|
1079
|
+
];
|
|
1068
1080
|
var agenticSdlc = {
|
|
1069
1081
|
name: "agentic-sdlc",
|
|
1070
1082
|
version: "1.0.0",
|
|
@@ -1718,23 +1730,25 @@ var agenticSdlc = {
|
|
|
1718
1730
|
]
|
|
1719
1731
|
}
|
|
1720
1732
|
],
|
|
1721
|
-
// Least-privilege, data-plane only.
|
|
1722
|
-
//
|
|
1723
|
-
//
|
|
1724
|
-
// via a status flip, so the trail of how the team's thinking evolved stays intact.
|
|
1733
|
+
// Least-privilege, data-plane only. The scope of the `ssk_*` key the bootstrap
|
|
1734
|
+
// mints for THIS blueprint's service principal (the MCP/API runtime). See
|
|
1735
|
+
// DATA_PLANE_ACTIONS above for the action set + rationale.
|
|
1725
1736
|
accessProfile: {
|
|
1726
|
-
allowedActions:
|
|
1727
|
-
|
|
1728
|
-
|
|
1729
|
-
|
|
1730
|
-
|
|
1731
|
-
|
|
1732
|
-
|
|
1733
|
-
|
|
1734
|
-
|
|
1735
|
-
|
|
1736
|
-
|
|
1737
|
-
|
|
1737
|
+
allowedActions: DATA_PLANE_ACTIONS
|
|
1738
|
+
},
|
|
1739
|
+
// A reusable `editor` role for the HUMAN owner — DISTINCT from `accessProfile`
|
|
1740
|
+
// (which scopes only the service-principal key). `bootstrap` provisions this
|
|
1741
|
+
// role in the context but binds it to no one; the owner joins themselves so the
|
|
1742
|
+
// data-plane app (app.vectros.ai) shows their KB — its switcher lists only
|
|
1743
|
+
// contexts the signed-in user holds an active access profile in, and bootstrap
|
|
1744
|
+
// grants the human none by default. Bind it after bootstrap with:
|
|
1745
|
+
// vectros access grant --principal usr_<your-user-id> --context agentic-sdlc --role editor
|
|
1746
|
+
// (or the admin app's Access > Contexts > agentic-sdlc > Profiles > Create).
|
|
1747
|
+
// Editor PARITY with the service key (same DATA_PLANE_ACTIONS) so a human
|
|
1748
|
+
// curator can browse AND write/correct the KB; still no :d and no control-plane
|
|
1749
|
+
// action, so the scope gate accepts it exactly like the accessProfile.
|
|
1750
|
+
roles: {
|
|
1751
|
+
editor: [{ allowedActions: DATA_PLANE_ACTIONS }]
|
|
1738
1752
|
},
|
|
1739
1753
|
servicePrincipal: {
|
|
1740
1754
|
externalId: "agentic-sdlc",
|