mirror of
https://github.com/trustgraph-ai/trustgraph.git
synced 2026-04-30 19:06:21 +02:00
9fc1d4527b
Three threads, all reinforcing the contract's system-level vs.
workspace-association distinction.
WS Mux service routing
- tg-show-flows (and any workspace-level service over the WS) was
failing with "unknown service" because the post-refactor Mux
unconditionally looked up flow-service:<kind>. Now branches on
the envelope's flow field: with flow → flow-service:<kind>;
without flow → <kind>:<op> from the inner body; with bare op
lookup for service=iam. Resource and parameters come from the
matched op's own extractors — same path the HTTP endpoints take.
Optional workspace on system-level user/key ops
- list-users returns the deployment-wide list when no workspace is
supplied, filters when one is. get-user, update-user,
disable-user, enable-user, delete-user, reset-password,
create-api-key, list-api-keys, revoke-api-key all treat workspace
as an optional integrity check rather than a required argument.
- create-user keeps workspace required — there it's the new user's
home-workspace binding, a parameter rather than an address.
- API keys reclassified as SYSTEM-level resources. By the same
reasoning that makes users system-level, an API key is a
credential record on a deployment-wide registry; the workspace it
authenticates to is a property, not a containment.
Self-service surface
- whoami: returns the caller's own user record. AUTHENTICATED-only;
no users:read capability required. Foundation for UI affordances
that depend on the caller's permissions.
- bootstrap-status: POST /api/v1/auth/bootstrap-status, PUBLIC,
side-effect-free. Returns {bootstrap_available: bool} so a
first-run UI can decide whether to render setup without consuming
the bootstrap op.
- Gateway now injects actor=identity.handle on every authenticated
forward to iam-svc (IamEndpoint and WS Mux iam path), overwriting
any caller-supplied value. Underpins whoami, audit logging, and
future regime-side decisions that need actor identity.
- tg-whoami and tg-update-user CLIs.
Spec polish
- iam-contract.md: actor-injection rule documented; whoami /
bootstrap-status added to operations list; permission-scope
framing tightened (workspace scope is a property of the grant,
not the user or role).
- iam.md: self-service section; gateway flow gains the actor-
injection step; role section reframed so iam-svc constraints
don't leak into contract-level prose.
- iam-protocol.md: ops table updated for whoami, bootstrap-status,
optional-workspace pattern; bootstrap_available added to the
IamResponse listing.
|
||
|---|---|---|
| .. | ||
| tech-specs | ||
| api-gateway-changes-v1.8-to-v2.1.ar.md | ||
| api-gateway-changes-v1.8-to-v2.1.es.md | ||
| api-gateway-changes-v1.8-to-v2.1.he.md | ||
| api-gateway-changes-v1.8-to-v2.1.hi.md | ||
| api-gateway-changes-v1.8-to-v2.1.pt.md | ||
| api-gateway-changes-v1.8-to-v2.1.ru.md | ||
| api-gateway-changes-v1.8-to-v2.1.sw.md | ||
| api-gateway-changes-v1.8-to-v2.1.tr.md | ||
| api-gateway-changes-v1.8-to-v2.1.zh-cn.md | ||
| api.html | ||
| cli-changes-v1.8-to-v2.1.ar.md | ||
| cli-changes-v1.8-to-v2.1.es.md | ||
| cli-changes-v1.8-to-v2.1.he.md | ||
| cli-changes-v1.8-to-v2.1.hi.md | ||
| cli-changes-v1.8-to-v2.1.pt.md | ||
| cli-changes-v1.8-to-v2.1.ru.md | ||
| cli-changes-v1.8-to-v2.1.sw.md | ||
| cli-changes-v1.8-to-v2.1.tr.md | ||
| cli-changes-v1.8-to-v2.1.zh-cn.md | ||
| contributor-licence-agreement.ar.md | ||
| contributor-licence-agreement.es.md | ||
| contributor-licence-agreement.he.md | ||
| contributor-licence-agreement.hi.md | ||
| contributor-licence-agreement.md | ||
| contributor-licence-agreement.pt.md | ||
| contributor-licence-agreement.ru.md | ||
| contributor-licence-agreement.sw.md | ||
| contributor-licence-agreement.tr.md | ||
| contributor-licence-agreement.zh-cn.md | ||
| generate-api-docs.py | ||
| lang-index-ar.md | ||
| lang-index-es.md | ||
| lang-index-he.md | ||
| lang-index-hi.md | ||
| lang-index-pt.md | ||
| lang-index-ru.md | ||
| lang-index-sw.md | ||
| lang-index-tr.md | ||
| lang-index-zh-cn.md | ||
| python-api.ar.md | ||
| python-api.es.md | ||
| python-api.he.md | ||
| python-api.hi.md | ||
| python-api.md | ||
| python-api.pt.md | ||
| python-api.ru.md | ||
| python-api.sw.md | ||
| python-api.tr.md | ||
| python-api.zh-cn.md | ||
| README.api-docs.ar.md | ||
| README.api-docs.es.md | ||
| README.api-docs.he.md | ||
| README.api-docs.hi.md | ||
| README.api-docs.md | ||
| README.api-docs.pt.md | ||
| README.api-docs.ru.md | ||
| README.api-docs.sw.md | ||
| README.api-docs.tr.md | ||
| README.api-docs.zh-cn.md | ||
| README.ar.md | ||
| README.cats | ||
| README.challenger | ||
| README.es.md | ||
| README.he.md | ||
| README.hi.md | ||
| README.md | ||
| README.pt.md | ||
| README.ru.md | ||
| README.sw.md | ||
| README.tr.md | ||
| README.zh-cn.md | ||
| websocket.html | ||
| layout | title | nav_order |
|---|---|---|
| default | Home | 1 |
TrustGraph Documentation
Welcome to TrustGraph! For comprehensive documentation, please visit:
📖 https://docs.trustgraph.ai
The main documentation site includes:
- Overview - Introduction to TrustGraph concepts and architecture
- Guides - Step-by-step tutorials and how-to guides
- Deployment - Deployment options and configuration
- Reference - API specifications and CLI documentation
Getting Started
New to TrustGraph? Start with the Overview to understand the system.
Ready to deploy? Check out the Deployment Guide.
Integrating with code? See the API Reference for REST, WebSocket, and SDK documentation.