ontoref/.ontoref/roles.ncl

# Actor session roles — typed contract for role definitions used by the
# ontoref daemon actor registry.
#
# The `role` field in ActorSession is validated against this file when present.
# A role defines which UI capabilities are granted and what UI defaults apply.
#
# Load example:
#   nickel export --format json .ontoref/roles.ncl

let permission_type = [|
  'read_backlog,
  'write_backlog,
  'read_adrs,
  'write_adrs,
  'run_modes,
  'emit_notifications,
  'manage_projects,
  'manage_sessions,
|] in

let nav_mode_type = [| 'icons, 'icons_text, 'text |] in

let theme_type = [| 'dark, 'light, 'system |] in

let role_def_type = {
  id          | String,
  label       | String,
  description | String | default = "",
  permissions | Array permission_type,
  ui_defaults | {
    theme    | theme_type    | default = 'system,
    nav_mode | nav_mode_type | default = 'icons_text,
  } | default = {},
} in

{
  roles | Array role_def_type = [
    {
      id          = "admin",
      label       = "Admin",
      description = "Full access — manage projects, sessions, ADRs, backlog, and emit notifications.",
      permissions = [
        'read_backlog,
        'write_backlog,
        'read_adrs,
        'write_adrs,
        'run_modes,
        'emit_notifications,
        'manage_projects,
        'manage_sessions,
      ],
      ui_defaults = { theme = 'dark, nav_mode = 'icons_text },
    },
    {
      id          = "developer",
      label       = "Developer",
      description = "Standard development access — read/write backlog and ADRs, run modes.",
      permissions = [
        'read_backlog,
        'write_backlog,
        'read_adrs,
        'write_adrs,
        'run_modes,
        'emit_notifications,
      ],
      ui_defaults = { theme = 'system, nav_mode = 'icons_text },
    },
    {
      id          = "viewer",
      label       = "Viewer",
      description = "Read-only access — view backlog, ADRs, notifications.",
      permissions = [
        'read_backlog,
        'read_adrs,
      ],
      ui_defaults = { theme = 'system, nav_mode = 'icons },
    },
    {
      id          = "agent",
      label       = "Agent",
      description = "Automated agent — run modes, read/write backlog, emit notifications.",
      permissions = [
        'read_backlog,
        'write_backlog,
        'read_adrs,
        'run_modes,
        'emit_notifications,
      ],
      ui_defaults = { theme = 'dark, nav_mode = 'icons },
    },
    {
      id          = "ci",
      label       = "CI",
      description = "Continuous integration actor — read backlog and ADRs, run modes.",
      permissions = [
        'read_backlog,
        'read_adrs,
        'run_modes,
      ],
      ui_defaults = { theme = 'dark, nav_mode = 'icons },
    },
  ],
}
chore: add ontology and reflection 2026-03-13 00:21:04 +00:00			`# Actor session roles — typed contract for role definitions used by the`
			`# ontoref daemon actor registry.`
			`#`
			# The `role` field in ActorSession is validated against this file when present.
			`# A role defines which UI capabilities are granted and what UI defaults apply.`
			`#`
			`# Load example:`
			`# nickel export --format json .ontoref/roles.ncl`

			`let permission_type = [\|`
			`'read_backlog,`
			`'write_backlog,`
			`'read_adrs,`
			`'write_adrs,`
			`'run_modes,`
			`'emit_notifications,`
			`'manage_projects,`
			`'manage_sessions,`
			`\|] in`

			`let nav_mode_type = [\| 'icons, 'icons_text, 'text \|] in`

			`let theme_type = [\| 'dark, 'light, 'system \|] in`

			`let role_def_type = {`
			`id \| String,`
			`label \| String,`
			`description \| String \| default = "",`
			`permissions \| Array permission_type,`
			`ui_defaults \| {`
			`theme \| theme_type \| default = 'system,`
			`nav_mode \| nav_mode_type \| default = 'icons_text,`
			`} \| default = {},`
			`} in`

			`{`
			`roles \| Array role_def_type = [`
			`{`
			`id = "admin",`
			`label = "Admin",`
			`description = "Full access — manage projects, sessions, ADRs, backlog, and emit notifications.",`
			`permissions = [`
			`'read_backlog,`
			`'write_backlog,`
			`'read_adrs,`
			`'write_adrs,`
			`'run_modes,`
			`'emit_notifications,`
			`'manage_projects,`
			`'manage_sessions,`
			`],`
			`ui_defaults = { theme = 'dark, nav_mode = 'icons_text },`
			`},`
			`{`
			`id = "developer",`
			`label = "Developer",`
			`description = "Standard development access — read/write backlog and ADRs, run modes.",`
			`permissions = [`
			`'read_backlog,`
			`'write_backlog,`
			`'read_adrs,`
			`'write_adrs,`
			`'run_modes,`
			`'emit_notifications,`
			`],`
			`ui_defaults = { theme = 'system, nav_mode = 'icons_text },`
			`},`
			`{`
			`id = "viewer",`
			`label = "Viewer",`
			`description = "Read-only access — view backlog, ADRs, notifications.",`
			`permissions = [`
			`'read_backlog,`
			`'read_adrs,`
			`],`
			`ui_defaults = { theme = 'system, nav_mode = 'icons },`
			`},`
			`{`
			`id = "agent",`
			`label = "Agent",`
			`description = "Automated agent — run modes, read/write backlog, emit notifications.",`
			`permissions = [`
			`'read_backlog,`
			`'write_backlog,`
			`'read_adrs,`
			`'run_modes,`
			`'emit_notifications,`
			`],`
			`ui_defaults = { theme = 'dark, nav_mode = 'icons },`
			`},`
			`{`
			`id = "ci",`
			`label = "CI",`
			`description = "Continuous integration actor — read backlog and ADRs, run modes.",`
			`permissions = [`
			`'read_backlog,`
			`'read_adrs,`
			`'run_modes,`
			`],`
			`ui_defaults = { theme = 'dark, nav_mode = 'icons },`
			`},`
			`],`
			`}`