Skip to content

feat(server): policy + context CRUD endpoints#129

Merged
martsokha merged 7 commits into
mainfrom
feat/policy-context-endpoints
Jul 5, 2026
Merged

feat(server): policy + context CRUD endpoints#129
martsokha merged 7 commits into
mainfrom
feat/policy-context-endpoints

Conversation

@martsokha

Copy link
Copy Markdown
Member

Adds workspace-scoped CRUD endpoints for the two config types the redaction engine consumes — Policy and Context — backed by the runtime's nvisy-engine / nvisy-schema.

What

  • Engine dependency: pulls nvisy-engine + nvisy-schema (git, tracking main) into nvisy-server.
  • Contexts: replaces the old context-file uploader (opaque encrypted blob in NATS) with structured, engine-backed contexts. The old multipart/NATS path is gone.
  • Policies: new, parallel feature — no prior analog.
  • Both endpoints carry a typed nvisy_schema definition (Context / Policy) as a first-class OpenAPI field, validated at the API boundary.
  • Encrypted at rest: the definition is stored XChaCha20-Poly1305 encrypted with the workspace-derived key (BYTEA column), decrypted on read — same scheme as workspace_connections.
  • New ViewPolicies / ManagePolicies permissions (Guest / Admin), mirroring contexts.
  • Page::try_from_cursor_page for fallible list mapping (decryption can fail).

Storage

workspace_contexts restructured (dropped storage_key/mime_type/content_hash, added version + encrypted definition); workspace_policies added alongside. Migration rewritten in place (pre-release, DB reset).

Layers

migration + schema.rs → models + repositories → request/response types → handlers + routes + permissions.

Verification

Full workspace green: check, clippy -D warnings, fmt --check, doc -D warnings, and the full test suite (200+ tests, 0 failures). Consistent with the codebase's existing no-per-endpoint-integration-test convention; the risky new behavior (encrypt/decrypt round-trip) is covered by existing crypto unit tests.

Depends on

Requires schemars 1.0 (#128, merged) so the schema types embed as typed OpenAPI fields.

🤖 Generated with Claude Code

martsokha and others added 4 commits July 3, 2026 06:11
Pull the runtime's detection & redaction engine into nvisy-server as
git dependencies tracking main. nvisy-engine keeps its default modality
features (tabular/image/audio/document); disabling them selects an
uncompilable feature combination.

First step toward wiring policy/context config and a redaction worker.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Replace the context-file model (encrypted NATS blob metadata:
storage_key/mime_type/content_hash) with the structured engine Context:
a `version` + `definition` JSONB holding a nvisy_schema Context. Add a
parallel workspace_policies table for nvisy_schema Policy config.

Both are the config the redaction engine consumes. Regenerates schema.rs.
The Rust model/query/handler layers are updated in the following commits.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Rewrite WorkspaceContext to the structured shape (version + definition
JSONB, dropping storage_key/mime_type/content_hash) and add the parallel
WorkspacePolicy model + repository. The context repository was already
column-agnostic, so only the model changed there.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Replace the context-file uploader with structured, engine-backed context
endpoints, and add parallel policy endpoints. Both carry a typed
nvisy_schema definition (Context / Policy) validated at the API boundary
and stored XChaCha20-Poly1305 encrypted (workspace-derived key) as BYTEA.

- request/response types embed the schema types as typed OpenAPI fields
- workspace-scoped CRUD: create, list, read, update, delete
- new ViewPolicies / ManagePolicies permissions (Guest / Admin)
- Page::try_from_cursor_page for fallible (decrypting) list mapping

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
@martsokha martsokha added feat request for or implementation of a new feature server API handlers, middleware, auth postgres ORM, models, queries, migrations core shared foundation types and traits labels Jul 3, 2026
martsokha and others added 3 commits July 3, 2026 22:24
Adding nvisy-engine/nvisy-schema (and transitively elide) as git
dependencies surfaces new deny findings:

- sources: allow the nvisycom/runtime and nvisycom/elide git repos.
- licenses: allow MPL-2.0 (cssparser/selectors/symphonia); scope an
  LGPL-3.0 exception to mp3lame-encoder/-sys only, mirroring elide's
  carve-out for the opt-in mp3 codec.
- bans: allow-wildcard-paths for the versionless first-party git deps.
- advisories: ignore two advisory-only unmaintained crates pulled in
  transitively by elide-codec (paste, ttf-parser).

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
The upstream elide update drops the MP3 (mp3lame, LGPL-3.0) codec and the
ttf-parser text-rendering path, so those deny carve-outs are no longer
needed:

- remove the LGPL-3.0 exception (mp3lame gone from the tree)
- drop the ttf-parser + paste unmaintained ignores (no longer pulled in)

MPL-2.0 stays (symphonia/cssparser still present). The remaining ignores
(proc-macro-error2 via validator; quick-xml via object_store) are our own
crates.io deps with no released fix yet — the quick-xml bump is merged
upstream (arrow-rs-object-store#785) but unreleased.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Pull the latest runtime: analyze_document now accepts a `contexts:
&[Context]` argument (reserved API, consumption tracked in
nvisycom/runtime#314), and the engine restructured its pipeline module
(Document/AnalyzedDocument, anonymize_document). Our Context/Policy
endpoints compile unchanged — the schema types are still re-exported via
nvisy_schema::{context,policy}.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
@martsokha martsokha self-assigned this Jul 5, 2026
@martsokha martsokha merged commit 1f350e5 into main Jul 5, 2026
5 checks passed
@martsokha martsokha deleted the feat/policy-context-endpoints branch July 5, 2026 20:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

core shared foundation types and traits feat request for or implementation of a new feature postgres ORM, models, queries, migrations server API handlers, middleware, auth

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant