trustgraph/trustgraph-base/trustgraph/schema
cybermaggedon 09b8a1d347
feat: fine-grained capabilities and enterprise IAM schema extensions (#996)
Split coarse gateway capabilities into fine-grained variants to
support per-operation access control in the enterprise IAM regime.
Add additive schema fields for enterprise group and grant management.

Capability split (gateway registry):
- graph:read -> triples:read, sparql:read, graph-rag:read,
  graph-embeddings:read
- graph:write -> triples:write, graph-embeddings:write,
  entity-contexts:write
- documents:read -> documents:read, document-rag:read,
  document-embeddings:read, entity-contexts:read
- documents:write -> documents:write, document-embeddings:write
- rows:read -> rows:read, nlp-query:read, structured-query:read,
  row-embeddings:read

OSS role definitions expanded to include all new fine-grained
capability names — no behavioral change for OSS deployments.

Schema additions (IamRequest):
- group_id, member_type, member_id for group membership operations
- group (GroupInput), grant (GrantInput) for create/update payloads
- Decoder now handles capability, resource_json, parameters_json,
  authorise_checks (previously missing from translator)

Schema additions (IamResponse):
- group_json, groups_json, members_json, grants_json,
  effective_permissions_json for enterprise operation responses
- Encoder now emits authorise decision fields

Gateway registry:
- 16 enterprise IAM operations registered (create-group,
  add-group-member, add-user-grant, etc.) under iam:admin capability
2026-06-22 20:23:34 +01:00
..
core Per-workspace queue routing for workspace-scoped services (#862) 2026-05-04 10:30:03 +01:00
knowledge feat: complete knowledge core storage — named graphs, provenance, source material (#973) 2026-06-03 10:46:52 +01:00
services feat: fine-grained capabilities and enterprise IAM schema extensions (#996) 2026-06-22 20:23:34 +01:00
__init__.py Schema structure refactor (#451) 2025-08-04 21:42:57 +01:00
README.flows Schema structure refactor (#451) 2025-08-04 21:42:57 +01:00

                                  pdf-
                                decoder

                                   |
                                   v

                                chunker

                                   |
                ,------------------+----------- . . .
                |                  |
                v                  v

             extract-           extract-
           relationships      definitions

                |                |   |
                +----------------'   |
                |                    v
                v
                                 vectorize
             triple-
              store                  |
                                     v

                                  ge-write

Refactor:

[] Change vectorize
[] Re-route chunker to extract-*
[] Re-route vectorize to ge-write*
[] Re-route extract-definitions to ge-write*
[] Remove extract-relationships to ge-write routing