trustgraph/trustgraph-base/trustgraph
cybermaggedon 09b8a1d347
feat: fine-grained capabilities and enterprise IAM schema extensions (#996)
Split coarse gateway capabilities into fine-grained variants to
support per-operation access control in the enterprise IAM regime.
Add additive schema fields for enterprise group and grant management.

Capability split (gateway registry):
- graph:read -> triples:read, sparql:read, graph-rag:read,
  graph-embeddings:read
- graph:write -> triples:write, graph-embeddings:write,
  entity-contexts:write
- documents:read -> documents:read, document-rag:read,
  document-embeddings:read, entity-contexts:read
- documents:write -> documents:write, document-embeddings:write
- rows:read -> rows:read, nlp-query:read, structured-query:read,
  row-embeddings:read

OSS role definitions expanded to include all new fine-grained
capability names — no behavioral change for OSS deployments.

Schema additions (IamRequest):
- group_id, member_type, member_id for group membership operations
- group (GroupInput), grant (GrantInput) for create/update payloads
- Decoder now handles capability, resource_json, parameters_json,
  authorise_checks (previously missing from translator)

Schema additions (IamResponse):
- group_json, groups_json, members_json, grants_json,
  effective_permissions_json for enterprise operation responses
- Encoder now emits authorise decision fields

Gateway registry:
- 16 enterprise IAM operations registered (create-group,
  add-group-member, add-user-grant, etc.) under iam:admin capability
2026-06-22 20:23:34 +01:00
..
api feat: complete knowledge core storage — named graphs, provenance, source material (#973) 2026-06-03 10:46:52 +01:00
base fix: wire replication params through YAML/params path for Cassandra and Qdrant (#976) 2026-06-04 12:36:36 +01:00
clients feat: workspace-based multi-tenancy, replacing user as tenancy axis (#840) 2026-04-21 23:23:01 +01:00
i18n Feat: TrustGraph i18n & Documentation Translation Updates (#781) 2026-04-14 12:08:32 +01:00
knowledge Subgraph provenance (#694) 2026-03-13 11:37:59 +00:00
messaging feat: fine-grained capabilities and enterprise IAM schema extensions (#996) 2026-06-22 20:23:34 +01:00
objects fix: resolve publisher resource leak and field parse validation (#886) 2026-05-11 15:06:54 +01:00
provenance fix: replace deprecated datetime.utcnow() with timezone-aware datetime.now(timezone.utc) (#816) 2026-04-16 10:16:11 +01:00
schema feat: fine-grained capabilities and enterprise IAM schema extensions (#996) 2026-06-22 20:23:34 +01:00
exceptions.py Librarian (#304) 2025-02-11 16:01:03 +00:00
log_level.py Pub/sub abstraction: decouple from Pulsar (#751) 2026-04-01 20:16:53 +01:00
rdf.py Remove schema:subjectOf edges from KG extraction (#695) 2026-03-13 12:11:21 +00:00