omnigraph

mirror of https://github.com/ModernRelay/omnigraph.git synced 2026-06-09 01:35:18 +02:00

Andrew Altshuler da42beec41 policy: chassis fan-out — _as variants on the remaining 6 writers (MR-722) (#103 ) PR #102 wired apply_schema_as. This PR completes the chassis-side coverage so every public mutating engine entry point hits the same Omnigraph::enforce(action, scope, actor) gate regardless of transport: - mutate_as → enforce(Change, Branch(branch), actor) - load_as → enforce(Change, Branch(branch), actor) - ingest_as → enforce(Change, Branch(branch), actor); also threads actor through the implicit branch_create_from_as so fresh-branch ingest correctly hits BranchCreate too - branch_create_as → enforce(BranchCreate, TargetBranch(name), actor) - branch_create_from_as → enforce(BranchCreate, BranchTransition { source, target }, actor) - branch_delete_as → enforce(BranchDelete, TargetBranch(name), actor) - branch_merge_as → enforce(BranchMerge, BranchTransition { source, target }, actor) Three new _as variants for branch ops (create, create_from, delete) that had no actor surface before; existing actor-less variants delegate with actor=None so the no-policy path is a strict no-op. HTTP handlers updated to thread the resolved actor into the new _as variants for branch_create and branch_delete (was previously dropped). 14 new SDK chassis tests (one allow + one deny pair per wired writer); the existing 4 apply_schema_as tests stay. All 18 pass. docs/user/policy.md updated to describe engine-wide enforcement and the coarse-vs-fine layer split (engine = action gate, query layer per-row = MR-725 future). AGENTS.md capability matrix updated to match. Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>		2026-05-18 03:38:18 +03:00
..
audit.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00
branches-commits.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00
changes.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00
cli-reference.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00
cli.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00
constants.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00
deployment.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00
embeddings.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00
errors.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00
index.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00
indexes.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00
install.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00
maintenance.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00
policy.md	policy: chassis fan-out — _as variants on the remaining 6 writers (MR-722) (#103 )	2026-05-18 03:38:18 +03:00
query-language.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00
schema-language.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00
schema-lint.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00
server.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00
storage.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00
transactions.md	docs: split user and developer docs (#93 )	2026-05-15 03:45:22 +03:00