ltcai 1.0.1 → 1.2.0

package/README.md

@@ -36,6 +36,40 @@ Automatic knowledge graph
 Graph-aware chat, snapshots, memory, agents, workflows, skills, and timeline
 ```
 
+### New in 1.2.0: Server App Modularization
+
+- **server_app.py modularized** — Workspace/Organization and health/engine
+  endpoints extracted into dedicated routers (`latticeai/api/*`) backed by a
+  service layer (`latticeai/services/*`); `server_app` is now app assembly +
+  router include (~6,585 → ~5,948 lines)
+- **Routers / services split** — `create_workspace_router`,
+  `create_health_router`, `WorkspaceService`, `ModelService`, `ChatService`
+- **Workspace API service layer** — scope resolution and role/permission checks
+  centralized in `WorkspaceService`
+- **Workspace / org guardrails** — non-members can't read/write org data,
+  viewers can't write, owners/admins manage members; no-auth local owner
+  fallback preserved
+- **Health / model / chat modularization** — `/health`, `/mode`,
+  `/runtime_features`, `/engines` via the health router; chat trace recording
+  via the chat service (streaming behavior unchanged)
+- **Compatibility preserved** — `server:app` import path, all API routes, CLI,
+  Knowledge Graph / Admin / Security routers, and VS Code integration unchanged
+
+### New in 1.1.0: Organization Workspace Foundation
+
+- **Organization Workspace** alongside Personal Workspace — create shared org
+  workspaces, list/switch between them, and archive (non-destructively)
+- **Workspace roles & permissions** — `owner`, `admin`, `member`, `viewer`
+  mapped to read / write / manage-members / manage-workspace
+- **Workspace-scoped data** — snapshots, memory, agent runs, workflows, traces,
+  and timeline carry a `workspace_id`; reads scope via the `X-Workspace-Id` header
+- **CI / release hardening** — Node.js 24 ready workflow, version-scoped
+  artifact upload (never `dist/*`), and a release artifact validator
+- **Enterprise extension foundation (open-core)** — a stable seam for a future
+  Enterprise plugin; Community ships everything it has today, unrestricted
+  (see [docs/ENTERPRISE.md](docs/ENTERPRISE.md) and
+  [docs/EDITION_STRATEGY.md](docs/EDITION_STRATEGY.md))
+
 ### New in 1.0.0: AI Workspace OS
 
 - Workspace OS command center at `/workspace`

package/docs/CHANGELOG.md

@@ -1,5 +1,104 @@
 # Changelog
 
+## [1.2.0] - 2026-05-31
+
+> Server app modularization (routers + service layer) and workspace/org guardrail hardening.
+
+### Changed
+
+- **server_app.py modularization (phase 2)** — reduced
+  `latticeai/server_app.py` from ~6,585 to ~5,948 lines by extracting the
+  Workspace OS / Organization API and the health/engine-summary endpoints into
+  dedicated routers backed by a new service layer. `server_app` now focuses on
+  app assembly, lifespan, middleware, and router include. The historical
+  `server:app` import path, all API paths, and request/response shapes are
+  unchanged.
+- **Workspace/Organization guardrails strengthened** — workspace-scoped reads
+  and writes now go through `WorkspaceService`, which gates explicitly-named
+  workspaces: non-members cannot read or write organization data, viewers
+  cannot write, members can write, and only owners/admins manage members. The
+  no-auth local-owner fallback for ownerless org workspaces is preserved, but a
+  *named* stranger never bypasses membership. `set_active_workspace` continues
+  to enforce membership.
+
+### Added
+
+- **New API routers** — `latticeai/api/workspace.py`
+  (`create_workspace_router`) and `latticeai/api/health.py`
+  (`create_health_router`), mirroring the existing auth/admin router-factory
+  convention (no import cycle: routers receive dependencies, never import the
+  app).
+- **New service layer** — `latticeai/services/workspace_service.py`
+  (`WorkspaceService`: scope resolution + permission guardrails),
+  `latticeai/services/model_service.py` (`ModelService`: health/engine summary
+  payloads), and `latticeai/services/chat_service.py` (`ChatService`: history +
+  answer-trace seam; the streaming chat path is unchanged and now records traces
+  through this façade).
+- **Shared-global areas made explicit** — the local knowledge graph and
+  installed skills remain machine-global shared state (not partitioned per
+  workspace); this is now surfaced in `WorkspaceService.SHARED_GLOBAL_AREAS`,
+  the `/workspace/os` summary (`shared_global_areas`), and code comments.
+- **Startup/modularization tests** — `tests/unit/test_server_app_modularization.py`
+  (import path, router registration, key route presence, no import cycle) and
+  `tests/unit/test_workspace_service.py` (read/write/member guardrails).
+
+### Notes
+
+- Release metadata aligned to `1.2.0`; `APP_VERSION` continues to derive from
+  `WORKSPACE_OS_VERSION` and `/health` reports `1.2.0`.
+- CI release hardening from 1.0.1/1.1.0 is retained (VSIX compile guard, Node.js
+  24, version-scoped artifact validation — no `dist/*` glob).
+
+## [1.1.0] - 2026-05-31
+
+> Organization Workspace foundation, open-core Enterprise seam, and CI/release hardening.
+
+### Added
+
+- **Organization Workspace foundation** — Workspace OS now distinguishes
+  `personal` and `organization` workspace types. A full workspace model
+  (`workspace_id`, `name`, `type`, `owner_user_id`, `members`, `roles`,
+  `settings`, `created_at`, `updated_at`, `status`) is stored in the existing
+  local-first JSON store.
+- **Organization Workspace API** — create org workspace, list workspaces, get
+  workspace, update, archive (soft, non-destructive), add/remove member, update
+  member role, get workspace summary, activate workspace, and an edition info
+  endpoint, exposed under `/workspace/orgs/*`, `/workspace/registry`,
+  `/workspace/activate`, and `/workspace/editions`.
+- **Workspace roles and permissions** — `owner`, `admin`, `member`, `viewer`
+  mapped to `read` / `write` / `manage_members` / `manage_workspace`. Owners and
+  admins manage settings and members; members use the workspace; viewers are
+  read-only. Personal workspaces always grant their local user owner rights.
+- **Workspace-scoped data** — Snapshots, Memories, Agent runs, Workflows, answer
+  Traces, and Timeline events now carry a `workspace_id`. Reads accept an
+  optional `X-Workspace-Id` header / `workspace_id` query to scope results.
+- **Enterprise extension seam (open-core)** — new `latticeai/core/enterprise.py`
+  defines an `Edition` enum (`community`/`enterprise`), an
+  `EnterpriseCapability` enum, and a runtime `CapabilityRegistry` that a future,
+  separately-distributed Enterprise plugin can attach a provider to. The
+  Community build ships **zero** enabled Enterprise capabilities and restricts no
+  Community feature. Documented in `docs/ENTERPRISE.md` and
+  `docs/EDITION_STRATEGY.md`.
+- **Release artifact validator** — `scripts/validate_release_artifacts.py`
+  verifies that exactly the expected `whl`/`tar.gz`/`vsix`/`tgz` exist for a
+  single version, that internal versions match, that the VSIX contains
+  `extension/out/extension.js`, and warns when `dist/` mixes other versions.
+- **Workspace OS UI** — Personal/Organization workspace switcher, current
+  workspace indicator, and a minimal organization create / member / role panel
+  wired into the existing Workspace OS command center.
+
+### Changed
+
+- **CI / release hardening** — `release.yml` opts into Node.js 24
+  (`FORCE_JAVASCRIPT_ACTIONS_TO_NODE24`) and bumps `actions/checkout@v5`,
+  `actions/setup-node@v5`, `actions/setup-python@v6`. Artifact upload and
+  `twine check` are now scoped to the tagged version only — never a `dist/*`
+  glob — and the build runs the release artifact validator before upload.
+- Existing 1.0.x Workspace OS state is migrated non-destructively to the v1.1
+  workspace model on load; legacy records map to the Personal workspace.
+- Release metadata aligned to `1.1.0` across Python, npm, VS Code extension,
+  FastAPI app metadata, and `/health`.
+
 ## [1.0.1] - 2026-05-31
 
 > CI packaging fix for the VS Code extension build.

package/docs/EDITION_STRATEGY.md

@@ -0,0 +1,56 @@
+# Lattice AI — Edition Strategy (Open Core)
+
+This document records the principles behind the Community / Enterprise split so
+the boundary stays predictable for contributors and users.
+
+## Editions
+
+- **Community** — this repository, MIT licensed. Local-first AI Workspace OS:
+  local LLMs, knowledge graph, Personal **and** Organization workspaces,
+  role-based membership, snapshots, memory, agents, workflows, skills, and the
+  auditable timeline. Community is a complete product.
+- **Enterprise** — a separately-distributed plugin adding organization-scale
+  governance, identity, compliance, and deployment capabilities. Distributed and
+  licensed separately. See [ENTERPRISE.md](ENTERPRISE.md).
+
+## Principles
+
+1. **Community is never crippled.** No existing Community feature is removed,
+   throttled, or gated to push Enterprise. The capability seam only answers "is
+   this *Enterprise* capability available?" — `False` in the open build — and
+   never disables a Community code path.
+2. **Open-core boundary is a runtime seam, not a fork.** Enterprise attaches via
+   `capability_registry.register_provider(...)`
+   (`latticeai/core/enterprise.py`). The Community repository contains no
+   Enterprise implementation and imports no Enterprise code.
+3. **Capabilities are declared, not hidden.** `EnterpriseCapability` enumerates
+   reserved capabilities so the contract is visible and stable, even though
+   Community implements none of them.
+4. **Local-first stays the default.** Enterprise adds options (tenant isolation,
+   air-gapped deployment, SIEM export); it does not move the default experience
+   off the user's machine.
+5. **Graceful by default.** A misbehaving or absent provider must never break a
+   Community request; the registry falls back to the Community provider.
+
+## What lives where
+
+| Concern | Community (this repo) | Enterprise (separate) |
+|--------|------------------------|------------------------|
+| Personal & Organization workspaces | ✅ | — |
+| Base roles (owner/admin/member/viewer) | ✅ | — |
+| Snapshots / memory / agents / workflows / skills | ✅ | — |
+| Audit timeline (local) | ✅ | — |
+| Capability seam & enum | ✅ (declares) | ✅ (implements) |
+| SSO/SCIM/IdP provisioning | seam only | ✅ |
+| Tenant isolation, compliance retention, eDiscovery | seam only | ✅ |
+| SIEM export, DLP, admin policy packs | seam only | ✅ |
+| Private VPC / air-gapped deployment | seam only | ✅ |
+
+## Detecting edition at runtime
+
+- `GET /workspace/editions` → edition + per-capability matrix.
+- `GET /workspace/os` → `edition` block in the Workspace OS summary.
+- `latticeai.core.enterprise.detect_edition()` for in-process checks.
+
+In the Community build all of the above report `community` with every Enterprise
+capability `false`.

package/docs/ENTERPRISE.md

@@ -0,0 +1,78 @@
+# Lattice AI — Enterprise Edition
+
+> **Status:** Foundation / extension seam only. The open-source Community
+> edition in this repository ships **none** of the capabilities below enabled,
+> and contains **no** Enterprise implementation. This document describes the
+> boundary and the roadmap, not shipped code.
+
+Lattice AI follows an **open-core** model:
+
+- **Community** (this repository, MIT) is fully functional on its own: local
+  LLMs, knowledge graph, Personal and Organization workspaces, roles, snapshots,
+  memory, agents, workflows, skills, and the auditable timeline.
+- **Enterprise** is a separately-distributed plugin that attaches advanced,
+  organization-scale governance and deployment capabilities through a stable
+  runtime seam. It is never bundled into the Community build.
+
+See [EDITION_STRATEGY.md](EDITION_STRATEGY.md) for the principles that keep this
+boundary honest (Community is never crippled to upsell Enterprise).
+
+## The extension seam
+
+The seam lives in [`latticeai/core/enterprise.py`](../latticeai/core/enterprise.py):
+
+- `Edition` — `community` (default) or `enterprise`.
+- `EnterpriseCapability` — the enum of reserved capabilities (below).
+- `CapabilityProvider` — the protocol an Enterprise plugin implements.
+- `capability_registry` — a process-wide registry. An Enterprise plugin calls
+  `capability_registry.register_provider(...)` at startup. Until then, the
+  default `CommunityCapabilityProvider` answers every capability query with
+  "Community / disabled".
+
+Community code consults the seam at extension points via
+`is_capability_enabled(EnterpriseCapability.X)`. In the Community build this is
+always `False`, so the Community code path is taken and nothing is gated off.
+
+The live edition + capability matrix is exposed at `GET /workspace/editions`
+and surfaced in the Workspace OS summary (`GET /workspace/os` → `edition`).
+
+## Enterprise capability roadmap
+
+These are declared in `EnterpriseCapability` so the seam is stable and
+discoverable. None are implemented in Community.
+
+| Capability | Enum | Summary |
+|-----------|------|---------|
+| Advanced SSO | `SSO_ADVANCED` | Enforced SSO, session policy, SAML/OIDC federation |
+| IdP provisioning | `IDP_PROVISIONING` | Entra ID / Okta user & group provisioning |
+| SCIM | `SCIM` | SCIM 2.0 user/group lifecycle sync |
+| Advanced RBAC/ABAC | `RBAC_ABAC_ADVANCED` | Custom roles, attribute-based policy beyond the 4 base roles |
+| Tenant isolation | `TENANT_ISOLATION` | Hard multi-tenant data isolation |
+| Compliance retention | `COMPLIANCE_RETENTION` | Legal-hold, retention windows, immutable audit |
+| SIEM export | `SIEM_EXPORT` | Streaming audit/event export to Splunk/Sentinel/etc. |
+| Private VPC | `PRIVATE_VPC` | Private-network / customer-VPC deployment controls |
+| Air-gapped deployment | `AIR_GAPPED_DEPLOYMENT` | Fully offline install & update channel |
+| DLP policy | `DLP_POLICY` | Data-loss-prevention scanning & enforcement |
+| eDiscovery | `EDISCOVERY` | Search, hold, and export for legal discovery |
+| Admin policy packs | `ADMIN_POLICY_PACKS` | Centrally-managed org policy bundles |
+
+## How an Enterprise plugin attaches (illustrative)
+
+```python
+from latticeai.core.enterprise import (
+    Edition, EnterpriseCapability, capability_registry,
+)
+
+class EnterpriseProvider:
+    def edition(self) -> Edition:
+        return Edition.ENTERPRISE
+
+    def is_enabled(self, capability: EnterpriseCapability) -> bool:
+        return capability in MY_LICENSED_CAPABILITIES
+
+# Enterprise package startup:
+capability_registry.register_provider(EnterpriseProvider())
+```
+
+No Enterprise code or credentials live in this repository; the Community build
+imports none of the above.

package/latticeai/__init__.py

@@ -1,3 +1,3 @@
 """Lattice AI - modular server package."""
 
-__version__ = "1.0.1"
+__version__ = "1.2.0"

package/latticeai/api/health.py

@@ -0,0 +1,45 @@
+"""Health / status / engine-summary router.
+
+Extracted from ``server_app.py`` in v1.2.0. Paths unchanged: ``/health``,
+``/mode``, ``/runtime_features``, ``/engines`` (GET). Heavier engine *mutation*
+endpoints (install / verify-cloud / pull-model) stay in server_app for now.
+"""
+
+from __future__ import annotations
+
+import asyncio
+from typing import Any, Callable, List, Optional
+
+from fastapi import APIRouter, Request
+
+
+def create_health_router(
+    *,
+    model_service,
+    engine_status: Callable[[], List[dict]],
+    get_current_user: Callable[[Request], Optional[str]],
+    require_auth: bool,
+    app_version: str,
+    app_mode: str,
+) -> APIRouter:
+    router = APIRouter()
+    svc = model_service
+
+    @router.get("/health")
+    async def health(request: Request):
+        base = svc.health_base(version=app_version, mode=app_mode)
+        if not get_current_user(request) and require_auth:
+            return base
+        engines = await asyncio.to_thread(engine_status)
+        return svc.health_full(base, engines)
+
+    @router.get("/mode")
+    @router.get("/runtime_features")
+    async def mode():
+        return svc.runtime()
+
+    @router.get("/engines")
+    async def engines():
+        return svc.engines_payload(await asyncio.to_thread(engine_status))
+
+    return router