mirror of
https://github.com/trustgraph-ai/trustgraph.git
synced 2026-07-01 09:29:38 +02:00
Split coarse gateway capabilities into fine-grained variants to support per-operation access control in the enterprise IAM regime. Add additive schema fields for enterprise group and grant management. Capability split (gateway registry): - graph:read -> triples:read, sparql:read, graph-rag:read, graph-embeddings:read - graph:write -> triples:write, graph-embeddings:write, entity-contexts:write - documents:read -> documents:read, document-rag:read, document-embeddings:read, entity-contexts:read - documents:write -> documents:write, document-embeddings:write - rows:read -> rows:read, nlp-query:read, structured-query:read, row-embeddings:read OSS role definitions expanded to include all new fine-grained capability names — no behavioral change for OSS deployments. Schema additions (IamRequest): - group_id, member_type, member_id for group membership operations - group (GroupInput), grant (GrantInput) for create/update payloads - Decoder now handles capability, resource_json, parameters_json, authorise_checks (previously missing from translator) Schema additions (IamResponse): - group_json, groups_json, members_json, grants_json, effective_permissions_json for enterprise operation responses - Encoder now emits authorise decision fields Gateway registry: - 16 enterprise IAM operations registered (create-group, add-group-member, add-user-grant, etc.) under iam:admin capability |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| agent.py | ||
| base.py | ||
| collection.py | ||
| config.py | ||
| diagnosis.py | ||
| document_loading.py | ||
| embeddings.py | ||
| embeddings_query.py | ||
| flow.py | ||
| iam.py | ||
| knowledge.py | ||
| library.py | ||
| metadata.py | ||
| nlp_query.py | ||
| primitives.py | ||
| prompt.py | ||
| retrieval.py | ||
| rows_query.py | ||
| sparql_query.py | ||
| structured_query.py | ||
| text_completion.py | ||
| tool.py | ||
| triples.py | ||