@vectros-ai/blueprints 0.6.2 → 0.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -3,6 +3,53 @@
3
3
  All notable changes to `@vectros-ai/blueprints` are documented here.
4
4
  This project adheres to [Semantic Versioning](https://semver.org).
5
5
 
6
+ ## 0.6.4 — 2026-07-03
7
+
8
+ ### Added
9
+
10
+ - **`agentic-sdlc` `editor` role now carries full data-plane delete** (blueprint `1.1.0 → 1.2.0`).
11
+ The human owner's `editor` role gains `records:d` / `documents:d` / `folders:d` on top of the
12
+ shared data-plane actions — so a person granted `editor` can hard-delete data-plane content
13
+ (curation cleanup), while the agent's service key stays delete-free and curates by soft-retract
14
+ (archive) instead. Deleting only *your own* data via a scoped credential is a separate, later
15
+ capability; today `editor` is context-wide.
16
+ - **Guide + agent prompt now include KB query-mechanics guidance.** Reach for `record_query`
17
+ before `hybrid_search` for an enumerable ask (exact + compact); query compactly by default
18
+ (`limit: 3` + `uniqueDocuments: true`, since hits carry passages); how to scope by type per
19
+ tool (`hybrid_search` uses `typeName`, which narrows documents and records alike;
20
+ `record_query` uses `type`); and the `textMode: PHRASE` keyword-leg trap on long natural-language queries
21
+ (a `textScore` of 0 on every hit means the keyword leg contributed nothing — use a short
22
+ phrase or `textMode: "OR"`).
23
+ - **`agentic-sdlc` records now carry a `sourceRef` field** (blueprint `1.0.0 → 1.1.0`).
24
+ The four record types (`control`, `convention`, `gotcha`, `term`) gain a `sourceRef` string —
25
+ the repo path of the source file each record was distilled from — as an equality
26
+ lookup. It is the record analog of the provenance a document keeps: because many
27
+ records are extracted from one file, a record can't embed an in-file back-reference,
28
+ so it names its source instead. A change to a source file then finds exactly its
29
+ records (`record_query` by `sourceRef`) to re-extract, keeping the knowledge base in
30
+ sync with the repository without a separate index to maintain. Additive and
31
+ backward-compatible; existing records simply have no `sourceRef` until re-extracted.
32
+ - **Guide + agent prompt now document the repo↔KB sync pattern in full** — the two
33
+ self-describing markers (`vectros-kb-id` for a file that *is* a KB document,
34
+ `vectros-kb-records` for a file that *feeds* records) plus `sourceRef`, so a consumer
35
+ can keep a mirrored repo and its KB in sync with no side index.
36
+
37
+ ## 0.6.3 — 2026-07-01
38
+
39
+ ### Added
40
+
41
+ - **`agentic-sdlc` now declares an `editor` role for the human owner.** `bootstrap`
42
+ provisions a scoped key for your *agent*, but doesn't join *you* — so a blueprint's
43
+ context doesn't appear in the data-plane app until your own user is granted access
44
+ there. The blueprint now ships a reusable `editor` role at **parity with the service
45
+ key** (`records:r/c/u`, `search:r`, `schemas:r`, `inference:r`, `documents:r/c`,
46
+ `folders:r/c`; no delete, no control-plane), which `bootstrap` creates in the context.
47
+ Bind it to your user once to browse and curate the KB in the app:
48
+ `vectros access grant --principal usr_<your-user-id> --context agentic-sdlc --role editor`
49
+ (or via the admin app's Access → Contexts → Profiles). The guide and walkthrough
50
+ document the one-time join, and the package README now documents the top-level
51
+ `roles` format field (previously undocumented — no bundled blueprint used it).
52
+
6
53
  ## 0.6.2 — 2026-06-29
7
54
 
8
55
  ### Changed
package/README.md CHANGED
@@ -115,6 +115,16 @@ The `accessProfile.dataScope` value lists accept a **`null` sentinel** — e.g.
115
115
  (owner-less / shared) records. Omitting `null` restricts the key to the listed
116
116
  owners only.
117
117
 
118
+ A blueprint may also declare top-level **`roles`** — a map of `roleId` → ordered
119
+ scope clauses (each an `allowedActions` list with an optional `dataScope`). Unlike
120
+ `accessProfile` (which scopes the service-principal key `bootstrap` mints), roles
121
+ are reusable, identity-agnostic rules you bind to a principal *after* bootstrap with
122
+ `vectros access grant --principal <p> --role <roleId>`. `bootstrap` provisions the
123
+ declared roles in the context but binds them to no one. The bundled `agentic-sdlc`
124
+ ships an `editor` role for this — join your own user to the context so you can
125
+ browse and curate the knowledge base in the app. Role clauses pass the same
126
+ data-plane scope gate as `accessProfile`.
127
+
118
128
  All of the above are **optional and backward-compatible** — a blueprint that
119
129
  omits them parses and provisions exactly as before.
120
130
 
package/dist/index.js CHANGED
@@ -1065,9 +1065,22 @@ var codingAgentMemory = {
1065
1065
  var coding_agent_memory_default = codingAgentMemory;
1066
1066
 
1067
1067
  // src/blueprints/agentic-sdlc.ts
1068
+ var DATA_PLANE_ACTIONS = [
1069
+ "records:r",
1070
+ "records:c",
1071
+ "records:u",
1072
+ "search:r",
1073
+ "schemas:r",
1074
+ "inference:r",
1075
+ "documents:r",
1076
+ "documents:c",
1077
+ "folders:r",
1078
+ "folders:c"
1079
+ ];
1080
+ var EDITOR_ACTIONS = [...DATA_PLANE_ACTIONS, "records:d", "documents:d", "folders:d"];
1068
1081
  var agenticSdlc = {
1069
1082
  name: "agentic-sdlc",
1070
- version: "1.0.0",
1083
+ version: "1.2.0",
1071
1084
  description: "A whole-SDLC system of record for an AI development team \u2014 decisions, designs, references, runbooks, post-mortems (as documents) plus controls, conventions, gotchas, and a glossary (as records), cross-linked and recalled by meaning.",
1072
1085
  contextId: "agentic-sdlc",
1073
1086
  contextName: "Agentic SDLC Knowledge Base",
@@ -1502,6 +1515,19 @@ var agenticSdlc = {
1502
1515
  fieldType: "date",
1503
1516
  description: "ISO-8601 last-reviewed date. Range-queryable.",
1504
1517
  renderHints: { label: "Reviewed on", widget: "date", order: 12 }
1518
+ },
1519
+ {
1520
+ // Provenance for sync: the source file this record was distilled from. A
1521
+ // record can't carry an in-file marker the way a document can (many records
1522
+ // come from one file), so it names its source instead — a change to that file
1523
+ // finds (equality lookup) and re-extracts exactly its records. Equality, not
1524
+ // range: file-level is the sync unit (re-extraction reprocesses the whole file),
1525
+ // and the schema keeps its single range lookup for the date row.
1526
+ fieldId: "sourceRef",
1527
+ fieldType: "string",
1528
+ filterable: true,
1529
+ description: "The source file (repo path) this record was extracted from \u2014 its provenance; a change to that file re-extracts its records. The specific section is encoded in the record externalId.",
1530
+ renderHints: { label: "Source ref", widget: "text", order: 13 }
1505
1531
  }
1506
1532
  ],
1507
1533
  lookupFields: [
@@ -1511,7 +1537,8 @@ var agenticSdlc = {
1511
1537
  "area",
1512
1538
  "verifiedBy",
1513
1539
  "relatedDecision",
1514
- { fieldName: "reviewedOn", rangeEnabled: true }
1540
+ { fieldName: "reviewedOn", rangeEnabled: true },
1541
+ "sourceRef"
1515
1542
  ]
1516
1543
  },
1517
1544
  {
@@ -1588,9 +1615,23 @@ var agenticSdlc = {
1588
1615
  fieldType: "date",
1589
1616
  description: "ISO-8601 \u2014 when last revised. Range-queryable.",
1590
1617
  renderHints: { label: "Updated on", widget: "date", order: 9 }
1618
+ },
1619
+ {
1620
+ // Provenance for sync — see the note on `control.sourceRef`.
1621
+ fieldId: "sourceRef",
1622
+ fieldType: "string",
1623
+ filterable: true,
1624
+ description: "The source file (repo path) this record was extracted from \u2014 its provenance; a change to that file re-extracts its records. The specific section is encoded in the record externalId.",
1625
+ renderHints: { label: "Source ref", widget: "text", order: 10 }
1591
1626
  }
1592
1627
  ],
1593
- lookupFields: ["area", "status", "establishedBy", { fieldName: "updatedOn", rangeEnabled: true }]
1628
+ lookupFields: [
1629
+ "area",
1630
+ "status",
1631
+ "establishedBy",
1632
+ { fieldName: "updatedOn", rangeEnabled: true },
1633
+ "sourceRef"
1634
+ ]
1594
1635
  },
1595
1636
  {
1596
1637
  // A GOTCHA / sharp edge: a symptom, its cause, and the fix. A tight typed
@@ -1644,9 +1685,22 @@ var agenticSdlc = {
1644
1685
  fieldType: "date",
1645
1686
  description: "ISO-8601 \u2014 when first hit. Range-queryable.",
1646
1687
  renderHints: { label: "Discovered on", widget: "date", order: 7 }
1688
+ },
1689
+ {
1690
+ // Provenance for sync — see the note on `control.sourceRef`.
1691
+ fieldId: "sourceRef",
1692
+ fieldType: "string",
1693
+ filterable: true,
1694
+ description: "The source file (repo path) this record was extracted from \u2014 its provenance; a change to that file re-extracts its records. The specific section is encoded in the record externalId.",
1695
+ renderHints: { label: "Source ref", widget: "text", order: 8 }
1647
1696
  }
1648
1697
  ],
1649
- lookupFields: ["area", "status", { fieldName: "discoveredOn", rangeEnabled: true }]
1698
+ lookupFields: [
1699
+ "area",
1700
+ "status",
1701
+ { fieldName: "discoveredOn", rangeEnabled: true },
1702
+ "sourceRef"
1703
+ ]
1650
1704
  },
1651
1705
  {
1652
1706
  // A glossary TERM — a definition keyed by the term itself. Structure-dominant:
@@ -1706,6 +1760,14 @@ var agenticSdlc = {
1706
1760
  fieldType: "date",
1707
1761
  description: "ISO-8601 \u2014 when last revised. Range-queryable.",
1708
1762
  renderHints: { label: "Updated on", widget: "date", order: 7 }
1763
+ },
1764
+ {
1765
+ // Provenance for sync — see the note on `control.sourceRef`.
1766
+ fieldId: "sourceRef",
1767
+ fieldType: "string",
1768
+ filterable: true,
1769
+ description: "The source file (repo path) this record was extracted from \u2014 its provenance; a change to that file re-extracts its records. The specific section is encoded in the record externalId.",
1770
+ renderHints: { label: "Source ref", widget: "text", order: 8 }
1709
1771
  }
1710
1772
  ],
1711
1773
  // `term` is a UNIQUE equality lookup — exact "define X" + a one-per-term
@@ -1714,27 +1776,32 @@ var agenticSdlc = {
1714
1776
  { fieldName: "term", unique: true },
1715
1777
  "area",
1716
1778
  "relatedDecision",
1717
- { fieldName: "updatedOn", rangeEnabled: true }
1779
+ { fieldName: "updatedOn", rangeEnabled: true },
1780
+ "sourceRef"
1718
1781
  ]
1719
1782
  }
1720
1783
  ],
1721
- // Least-privilege, data-plane only. r/c/u records + search + schema discovery +
1722
- // inference:r (grounded recall over the document bodies) + document/folder r/c
1723
- // (the content artifacts are documents). NO :d — knowledge is superseded/retired
1724
- // via a status flip, so the trail of how the team's thinking evolved stays intact.
1784
+ // Least-privilege, data-plane only. The scope of the `ssk_*` key the bootstrap
1785
+ // mints for THIS blueprint's service principal (the MCP/API runtime). See
1786
+ // DATA_PLANE_ACTIONS above for the action set + rationale.
1725
1787
  accessProfile: {
1726
- allowedActions: [
1727
- "records:r",
1728
- "records:c",
1729
- "records:u",
1730
- "search:r",
1731
- "schemas:r",
1732
- "inference:r",
1733
- "documents:r",
1734
- "documents:c",
1735
- "folders:r",
1736
- "folders:c"
1737
- ]
1788
+ allowedActions: DATA_PLANE_ACTIONS
1789
+ },
1790
+ // A reusable `editor` role for the HUMAN owner — DISTINCT from `accessProfile`
1791
+ // (which scopes only the service-principal key). `bootstrap` provisions this
1792
+ // role in the context but binds it to no one; the owner joins themselves so the
1793
+ // data-plane app (app.vectros.ai) shows their KB — its switcher lists only
1794
+ // contexts the signed-in user holds an active access profile in, and bootstrap
1795
+ // grants the human none by default. Bind it after bootstrap with:
1796
+ // vectros access grant --principal usr_<your-user-id> --context agentic-sdlc --role editor
1797
+ // (or the admin app's Access > Contexts > agentic-sdlc > Profiles > Create).
1798
+ // The editor gets the full data plane so a human curator can browse, write/correct,
1799
+ // AND hard-delete the KB (EDITOR_ACTIONS = the service key's set + delete). The
1800
+ // service key deliberately lacks delete and archives instead; the trusted human
1801
+ // owner may permanently remove genuine strays. Still no control-plane action, so
1802
+ // the scope gate accepts it as a data-plane-only role.
1803
+ roles: {
1804
+ editor: [{ allowedActions: EDITOR_ACTIONS }]
1738
1805
  },
1739
1806
  servicePrincipal: {
1740
1807
  externalId: "agentic-sdlc",