mirror of
https://github.com/trustgraph-ai/trustgraph.git
synced 2026-07-03 06:51:00 +02:00
Split coarse gateway capabilities into fine-grained variants to support per-operation access control in the enterprise IAM regime. Add additive schema fields for enterprise group and grant management. Capability split (gateway registry): - graph:read -> triples:read, sparql:read, graph-rag:read, graph-embeddings:read - graph:write -> triples:write, graph-embeddings:write, entity-contexts:write - documents:read -> documents:read, document-rag:read, document-embeddings:read, entity-contexts:read - documents:write -> documents:write, document-embeddings:write - rows:read -> rows:read, nlp-query:read, structured-query:read, row-embeddings:read OSS role definitions expanded to include all new fine-grained capability names — no behavioral change for OSS deployments. Schema additions (IamRequest): - group_id, member_type, member_id for group membership operations - group (GroupInput), grant (GrantInput) for create/update payloads - Decoder now handles capability, resource_json, parameters_json, authorise_checks (previously missing from translator) Schema additions (IamResponse): - group_json, groups_json, members_json, grants_json, effective_permissions_json for enterprise operation responses - Encoder now emits authorise decision fields Gateway registry: - 16 enterprise IAM operations registered (create-group, add-group-member, add-user-grant, etc.) under iam:admin capability |
||
|---|---|---|
| .. | ||
| core | ||
| knowledge | ||
| services | ||
| __init__.py | ||
| README.flows | ||
pdf-
decoder
|
v
chunker
|
,------------------+----------- . . .
| |
v v
extract- extract-
relationships definitions
| | |
+----------------' |
| v
v
vectorize
triple-
store |
v
ge-write
Refactor:
[] Change vectorize
[] Re-route chunker to extract-*
[] Re-route vectorize to ge-write*
[] Re-route extract-definitions to ge-write*
[] Remove extract-relationships to ge-write routing