feat(server): policy + context CRUD endpoints#129
Merged
Conversation
Pull the runtime's detection & redaction engine into nvisy-server as git dependencies tracking main. nvisy-engine keeps its default modality features (tabular/image/audio/document); disabling them selects an uncompilable feature combination. First step toward wiring policy/context config and a redaction worker. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the context-file model (encrypted NATS blob metadata: storage_key/mime_type/content_hash) with the structured engine Context: a `version` + `definition` JSONB holding a nvisy_schema Context. Add a parallel workspace_policies table for nvisy_schema Policy config. Both are the config the redaction engine consumes. Regenerates schema.rs. The Rust model/query/handler layers are updated in the following commits. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Rewrite WorkspaceContext to the structured shape (version + definition JSONB, dropping storage_key/mime_type/content_hash) and add the parallel WorkspacePolicy model + repository. The context repository was already column-agnostic, so only the model changed there. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the context-file uploader with structured, engine-backed context endpoints, and add parallel policy endpoints. Both carry a typed nvisy_schema definition (Context / Policy) validated at the API boundary and stored XChaCha20-Poly1305 encrypted (workspace-derived key) as BYTEA. - request/response types embed the schema types as typed OpenAPI fields - workspace-scoped CRUD: create, list, read, update, delete - new ViewPolicies / ManagePolicies permissions (Guest / Admin) - Page::try_from_cursor_page for fallible (decrypting) list mapping Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Adding nvisy-engine/nvisy-schema (and transitively elide) as git dependencies surfaces new deny findings: - sources: allow the nvisycom/runtime and nvisycom/elide git repos. - licenses: allow MPL-2.0 (cssparser/selectors/symphonia); scope an LGPL-3.0 exception to mp3lame-encoder/-sys only, mirroring elide's carve-out for the opt-in mp3 codec. - bans: allow-wildcard-paths for the versionless first-party git deps. - advisories: ignore two advisory-only unmaintained crates pulled in transitively by elide-codec (paste, ttf-parser). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The upstream elide update drops the MP3 (mp3lame, LGPL-3.0) codec and the ttf-parser text-rendering path, so those deny carve-outs are no longer needed: - remove the LGPL-3.0 exception (mp3lame gone from the tree) - drop the ttf-parser + paste unmaintained ignores (no longer pulled in) MPL-2.0 stays (symphonia/cssparser still present). The remaining ignores (proc-macro-error2 via validator; quick-xml via object_store) are our own crates.io deps with no released fix yet — the quick-xml bump is merged upstream (arrow-rs-object-store#785) but unreleased. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Pull the latest runtime: analyze_document now accepts a `contexts: &[Context]` argument (reserved API, consumption tracked in nvisycom/runtime#314), and the engine restructured its pipeline module (Document/AnalyzedDocument, anonymize_document). Our Context/Policy endpoints compile unchanged — the schema types are still re-exported via nvisy_schema::{context,policy}. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds workspace-scoped CRUD endpoints for the two config types the redaction engine consumes — Policy and Context — backed by the runtime's
nvisy-engine/nvisy-schema.What
nvisy-engine+nvisy-schema(git, trackingmain) intonvisy-server.nvisy_schemadefinition (Context/Policy) as a first-class OpenAPI field, validated at the API boundary.workspace_connections.ViewPolicies/ManagePoliciespermissions (Guest / Admin), mirroring contexts.Page::try_from_cursor_pagefor fallible list mapping (decryption can fail).Storage
workspace_contextsrestructured (droppedstorage_key/mime_type/content_hash, addedversion+ encrypteddefinition);workspace_policiesadded alongside. Migration rewritten in place (pre-release, DB reset).Layers
migration + schema.rs → models + repositories → request/response types → handlers + routes + permissions.
Verification
Full workspace green: check,
clippy -D warnings,fmt --check,doc -D warnings, and the full test suite (200+ tests, 0 failures). Consistent with the codebase's existing no-per-endpoint-integration-test convention; the risky new behavior (encrypt/decrypt round-trip) is covered by existing crypto unit tests.Depends on
Requires schemars 1.0 (#128, merged) so the schema types embed as typed OpenAPI fields.
🤖 Generated with Claude Code