ltcai 1.0.1 → 1.1.0

package/README.md

@@ -36,6 +36,21 @@ Automatic knowledge graph
 Graph-aware chat, snapshots, memory, agents, workflows, skills, and timeline
 ```
 
+### New in 1.1.0: Organization Workspace Foundation
+
+- **Organization Workspace** alongside Personal Workspace — create shared org
+  workspaces, list/switch between them, and archive (non-destructively)
+- **Workspace roles & permissions** — `owner`, `admin`, `member`, `viewer`
+  mapped to read / write / manage-members / manage-workspace
+- **Workspace-scoped data** — snapshots, memory, agent runs, workflows, traces,
+  and timeline carry a `workspace_id`; reads scope via the `X-Workspace-Id` header
+- **CI / release hardening** — Node.js 24 ready workflow, version-scoped
+  artifact upload (never `dist/*`), and a release artifact validator
+- **Enterprise extension foundation (open-core)** — a stable seam for a future
+  Enterprise plugin; Community ships everything it has today, unrestricted
+  (see [docs/ENTERPRISE.md](docs/ENTERPRISE.md) and
+  [docs/EDITION_STRATEGY.md](docs/EDITION_STRATEGY.md))
+
 ### New in 1.0.0: AI Workspace OS
 
 - Workspace OS command center at `/workspace`

package/docs/CHANGELOG.md

@@ -1,5 +1,55 @@
 # Changelog
 
+## [1.1.0] - 2026-05-31
+
+> Organization Workspace foundation, open-core Enterprise seam, and CI/release hardening.
+
+### Added
+
+- **Organization Workspace foundation** — Workspace OS now distinguishes
+  `personal` and `organization` workspace types. A full workspace model
+  (`workspace_id`, `name`, `type`, `owner_user_id`, `members`, `roles`,
+  `settings`, `created_at`, `updated_at`, `status`) is stored in the existing
+  local-first JSON store.
+- **Organization Workspace API** — create org workspace, list workspaces, get
+  workspace, update, archive (soft, non-destructive), add/remove member, update
+  member role, get workspace summary, activate workspace, and an edition info
+  endpoint, exposed under `/workspace/orgs/*`, `/workspace/registry`,
+  `/workspace/activate`, and `/workspace/editions`.
+- **Workspace roles and permissions** — `owner`, `admin`, `member`, `viewer`
+  mapped to `read` / `write` / `manage_members` / `manage_workspace`. Owners and
+  admins manage settings and members; members use the workspace; viewers are
+  read-only. Personal workspaces always grant their local user owner rights.
+- **Workspace-scoped data** — Snapshots, Memories, Agent runs, Workflows, answer
+  Traces, and Timeline events now carry a `workspace_id`. Reads accept an
+  optional `X-Workspace-Id` header / `workspace_id` query to scope results.
+- **Enterprise extension seam (open-core)** — new `latticeai/core/enterprise.py`
+  defines an `Edition` enum (`community`/`enterprise`), an
+  `EnterpriseCapability` enum, and a runtime `CapabilityRegistry` that a future,
+  separately-distributed Enterprise plugin can attach a provider to. The
+  Community build ships **zero** enabled Enterprise capabilities and restricts no
+  Community feature. Documented in `docs/ENTERPRISE.md` and
+  `docs/EDITION_STRATEGY.md`.
+- **Release artifact validator** — `scripts/validate_release_artifacts.py`
+  verifies that exactly the expected `whl`/`tar.gz`/`vsix`/`tgz` exist for a
+  single version, that internal versions match, that the VSIX contains
+  `extension/out/extension.js`, and warns when `dist/` mixes other versions.
+- **Workspace OS UI** — Personal/Organization workspace switcher, current
+  workspace indicator, and a minimal organization create / member / role panel
+  wired into the existing Workspace OS command center.
+
+### Changed
+
+- **CI / release hardening** — `release.yml` opts into Node.js 24
+  (`FORCE_JAVASCRIPT_ACTIONS_TO_NODE24`) and bumps `actions/checkout@v5`,
+  `actions/setup-node@v5`, `actions/setup-python@v6`. Artifact upload and
+  `twine check` are now scoped to the tagged version only — never a `dist/*`
+  glob — and the build runs the release artifact validator before upload.
+- Existing 1.0.x Workspace OS state is migrated non-destructively to the v1.1
+  workspace model on load; legacy records map to the Personal workspace.
+- Release metadata aligned to `1.1.0` across Python, npm, VS Code extension,
+  FastAPI app metadata, and `/health`.
+
 ## [1.0.1] - 2026-05-31
 
 > CI packaging fix for the VS Code extension build.

package/docs/EDITION_STRATEGY.md

@@ -0,0 +1,56 @@
+# Lattice AI — Edition Strategy (Open Core)
+
+This document records the principles behind the Community / Enterprise split so
+the boundary stays predictable for contributors and users.
+
+## Editions
+
+- **Community** — this repository, MIT licensed. Local-first AI Workspace OS:
+  local LLMs, knowledge graph, Personal **and** Organization workspaces,
+  role-based membership, snapshots, memory, agents, workflows, skills, and the
+  auditable timeline. Community is a complete product.
+- **Enterprise** — a separately-distributed plugin adding organization-scale
+  governance, identity, compliance, and deployment capabilities. Distributed and
+  licensed separately. See [ENTERPRISE.md](ENTERPRISE.md).
+
+## Principles
+
+1. **Community is never crippled.** No existing Community feature is removed,
+   throttled, or gated to push Enterprise. The capability seam only answers "is
+   this *Enterprise* capability available?" — `False` in the open build — and
+   never disables a Community code path.
+2. **Open-core boundary is a runtime seam, not a fork.** Enterprise attaches via
+   `capability_registry.register_provider(...)`
+   (`latticeai/core/enterprise.py`). The Community repository contains no
+   Enterprise implementation and imports no Enterprise code.
+3. **Capabilities are declared, not hidden.** `EnterpriseCapability` enumerates
+   reserved capabilities so the contract is visible and stable, even though
+   Community implements none of them.
+4. **Local-first stays the default.** Enterprise adds options (tenant isolation,
+   air-gapped deployment, SIEM export); it does not move the default experience
+   off the user's machine.
+5. **Graceful by default.** A misbehaving or absent provider must never break a
+   Community request; the registry falls back to the Community provider.
+
+## What lives where
+
+| Concern | Community (this repo) | Enterprise (separate) |
+|--------|------------------------|------------------------|
+| Personal & Organization workspaces | ✅ | — |
+| Base roles (owner/admin/member/viewer) | ✅ | — |
+| Snapshots / memory / agents / workflows / skills | ✅ | — |
+| Audit timeline (local) | ✅ | — |
+| Capability seam & enum | ✅ (declares) | ✅ (implements) |
+| SSO/SCIM/IdP provisioning | seam only | ✅ |
+| Tenant isolation, compliance retention, eDiscovery | seam only | ✅ |
+| SIEM export, DLP, admin policy packs | seam only | ✅ |
+| Private VPC / air-gapped deployment | seam only | ✅ |
+
+## Detecting edition at runtime
+
+- `GET /workspace/editions` → edition + per-capability matrix.
+- `GET /workspace/os` → `edition` block in the Workspace OS summary.
+- `latticeai.core.enterprise.detect_edition()` for in-process checks.
+
+In the Community build all of the above report `community` with every Enterprise
+capability `false`.

package/docs/ENTERPRISE.md

@@ -0,0 +1,78 @@
+# Lattice AI — Enterprise Edition
+
+> **Status:** Foundation / extension seam only. The open-source Community
+> edition in this repository ships **none** of the capabilities below enabled,
+> and contains **no** Enterprise implementation. This document describes the
+> boundary and the roadmap, not shipped code.
+
+Lattice AI follows an **open-core** model:
+
+- **Community** (this repository, MIT) is fully functional on its own: local
+  LLMs, knowledge graph, Personal and Organization workspaces, roles, snapshots,
+  memory, agents, workflows, skills, and the auditable timeline.
+- **Enterprise** is a separately-distributed plugin that attaches advanced,
+  organization-scale governance and deployment capabilities through a stable
+  runtime seam. It is never bundled into the Community build.
+
+See [EDITION_STRATEGY.md](EDITION_STRATEGY.md) for the principles that keep this
+boundary honest (Community is never crippled to upsell Enterprise).
+
+## The extension seam
+
+The seam lives in [`latticeai/core/enterprise.py`](../latticeai/core/enterprise.py):
+
+- `Edition` — `community` (default) or `enterprise`.
+- `EnterpriseCapability` — the enum of reserved capabilities (below).
+- `CapabilityProvider` — the protocol an Enterprise plugin implements.
+- `capability_registry` — a process-wide registry. An Enterprise plugin calls
+  `capability_registry.register_provider(...)` at startup. Until then, the
+  default `CommunityCapabilityProvider` answers every capability query with
+  "Community / disabled".
+
+Community code consults the seam at extension points via
+`is_capability_enabled(EnterpriseCapability.X)`. In the Community build this is
+always `False`, so the Community code path is taken and nothing is gated off.
+
+The live edition + capability matrix is exposed at `GET /workspace/editions`
+and surfaced in the Workspace OS summary (`GET /workspace/os` → `edition`).
+
+## Enterprise capability roadmap
+
+These are declared in `EnterpriseCapability` so the seam is stable and
+discoverable. None are implemented in Community.
+
+| Capability | Enum | Summary |
+|-----------|------|---------|
+| Advanced SSO | `SSO_ADVANCED` | Enforced SSO, session policy, SAML/OIDC federation |
+| IdP provisioning | `IDP_PROVISIONING` | Entra ID / Okta user & group provisioning |
+| SCIM | `SCIM` | SCIM 2.0 user/group lifecycle sync |
+| Advanced RBAC/ABAC | `RBAC_ABAC_ADVANCED` | Custom roles, attribute-based policy beyond the 4 base roles |
+| Tenant isolation | `TENANT_ISOLATION` | Hard multi-tenant data isolation |
+| Compliance retention | `COMPLIANCE_RETENTION` | Legal-hold, retention windows, immutable audit |
+| SIEM export | `SIEM_EXPORT` | Streaming audit/event export to Splunk/Sentinel/etc. |
+| Private VPC | `PRIVATE_VPC` | Private-network / customer-VPC deployment controls |
+| Air-gapped deployment | `AIR_GAPPED_DEPLOYMENT` | Fully offline install & update channel |
+| DLP policy | `DLP_POLICY` | Data-loss-prevention scanning & enforcement |
+| eDiscovery | `EDISCOVERY` | Search, hold, and export for legal discovery |
+| Admin policy packs | `ADMIN_POLICY_PACKS` | Centrally-managed org policy bundles |
+
+## How an Enterprise plugin attaches (illustrative)
+
+```python
+from latticeai.core.enterprise import (
+    Edition, EnterpriseCapability, capability_registry,
+)
+
+class EnterpriseProvider:
+    def edition(self) -> Edition:
+        return Edition.ENTERPRISE
+
+    def is_enabled(self, capability: EnterpriseCapability) -> bool:
+        return capability in MY_LICENSED_CAPABILITIES
+
+# Enterprise package startup:
+capability_registry.register_provider(EnterpriseProvider())
+```
+
+No Enterprise code or credentials live in this repository; the Community build
+imports none of the above.

package/latticeai/__init__.py

@@ -1,3 +1,3 @@
 """Lattice AI - modular server package."""
 
-__version__ = "1.0.1"
+__version__ = "1.1.0"

package/latticeai/core/enterprise.py

@@ -0,0 +1,152 @@
+"""Enterprise extension seam (open-core boundary).
+
+LatticeAI Community is fully functional on its own. This module defines the
+*seam* where a future, separately-distributed Enterprise plugin can attach
+advanced capabilities (SSO provisioning, SCIM, tenant isolation, compliance
+retention, SIEM export, and so on) **without** any of that code living in the
+public Community repository.
+
+Design rules enforced here:
+
+* Community is the default :class:`Edition`. Every :class:`EnterpriseCapability`
+  is **disabled** unless an Enterprise provider is explicitly registered.
+* Nothing in this module restricts or gates a Community feature. It only answers
+  "is this *Enterprise* capability available?" — which is ``False`` in the open
+  build.
+* Enterprise behaviour is supplied at runtime through
+  :class:`CapabilityProvider` implementations registered on the shared
+  :data:`capability_registry`. The public code never imports Enterprise code.
+"""
+
+from __future__ import annotations
+
+import os
+from enum import Enum
+from typing import Dict, List, Optional, Protocol, runtime_checkable
+
+
+class Edition(str, Enum):
+    """Distribution edition. Community is the open-source default."""
+
+    COMMUNITY = "community"
+    ENTERPRISE = "enterprise"
+
+
+class EnterpriseCapability(str, Enum):
+    """Capabilities reserved for the Enterprise edition.
+
+    These are documented in ``docs/ENTERPRISE.md``. They are intentionally
+    declared (so the seam is stable and discoverable) but never implemented in
+    the Community build.
+    """
+
+    SSO_ADVANCED = "sso_advanced"
+    IDP_PROVISIONING = "idp_provisioning"  # Entra ID / Okta provisioning
+    SCIM = "scim"
+    RBAC_ABAC_ADVANCED = "rbac_abac_advanced"
+    TENANT_ISOLATION = "tenant_isolation"
+    COMPLIANCE_RETENTION = "compliance_retention"
+    SIEM_EXPORT = "siem_export"
+    PRIVATE_VPC = "private_vpc"
+    AIR_GAPPED_DEPLOYMENT = "air_gapped_deployment"
+    DLP_POLICY = "dlp_policy"
+    EDISCOVERY = "ediscovery"
+    ADMIN_POLICY_PACKS = "admin_policy_packs"
+
+
+@runtime_checkable
+class CapabilityProvider(Protocol):
+    """Contract an Enterprise plugin implements to light up capabilities.
+
+    A provider is registered at runtime via
+    :meth:`CapabilityRegistry.register_provider`. The Community build ships no
+    provider, so :meth:`is_enabled` is effectively ``False`` everywhere.
+    """
+
+    def edition(self) -> Edition:
+        ...
+
+    def is_enabled(self, capability: EnterpriseCapability) -> bool:
+        ...
+
+
+class CommunityCapabilityProvider:
+    """Default provider: Community edition, no Enterprise capabilities."""
+
+    def edition(self) -> Edition:
+        return Edition.COMMUNITY
+
+    def is_enabled(self, capability: EnterpriseCapability) -> bool:  # noqa: ARG002
+        return False
+
+
+class CapabilityRegistry:
+    """Runtime seam that an Enterprise plugin can attach a provider to.
+
+    The registry holds at most one active provider. Until an Enterprise build
+    registers one, the :class:`CommunityCapabilityProvider` answers every query
+    with "Community / disabled".
+    """
+
+    def __init__(self) -> None:
+        self._provider: CapabilityProvider = CommunityCapabilityProvider()
+
+    def register_provider(self, provider: CapabilityProvider) -> None:
+        if not isinstance(provider, CapabilityProvider):
+            raise TypeError("provider must implement the CapabilityProvider protocol")
+        self._provider = provider
+
+    def reset(self) -> None:
+        """Restore the Community default provider (used by tests)."""
+        self._provider = CommunityCapabilityProvider()
+
+    def edition(self) -> Edition:
+        return self._provider.edition()
+
+    def is_capability_enabled(self, capability: EnterpriseCapability) -> bool:
+        try:
+            return bool(self._provider.is_enabled(capability))
+        except Exception:
+            # A misbehaving plugin must never break a Community request.
+            return False
+
+    def available_capabilities(self) -> List[EnterpriseCapability]:
+        return [cap for cap in EnterpriseCapability if self.is_capability_enabled(cap)]
+
+    def describe(self) -> Dict[str, object]:
+        """Edition + capability matrix for ``/workspace/editions`` and admin UI."""
+        return {
+            "edition": self.edition().value,
+            "is_enterprise": self.edition() is Edition.ENTERPRISE,
+            "capabilities": {
+                cap.value: self.is_capability_enabled(cap) for cap in EnterpriseCapability
+            },
+            "community_notice": (
+                "All listed capabilities are Enterprise-only extension points. "
+                "The open-source Community edition ships none of them enabled; "
+                "see docs/ENTERPRISE.md and docs/EDITION_STRATEGY.md."
+            ),
+        }
+
+
+# Shared singleton seam. Enterprise plugins import this and call
+# ``capability_registry.register_provider(...)`` during their own startup.
+capability_registry = CapabilityRegistry()
+
+
+def detect_edition() -> Edition:
+    """Best-effort edition detection.
+
+    Honours an explicit ``LATTICE_EDITION=enterprise`` opt-in for environments
+    that have separately installed an Enterprise provider, but otherwise the
+    registry's active provider is the source of truth.
+    """
+    env = os.environ.get("LATTICE_EDITION", "").strip().lower()
+    if env == Edition.ENTERPRISE.value and capability_registry.edition() is Edition.ENTERPRISE:
+        return Edition.ENTERPRISE
+    return capability_registry.edition()
+
+
+def is_capability_enabled(capability: EnterpriseCapability) -> bool:
+    """Module-level convenience used by Community code at extension points."""
+    return capability_registry.is_capability_enabled(capability)