ontoref-derive: #[onto_mcp_tool] attribute macro registers MCP tool unit-structs in
the catalog at link time via inventory::submit!; annotated item is emitted unchanged,
ToolBase/AsyncTool impls stay on the struct. All 34 tools migrated from manual wiring
(net +5: ontoref_list_projects, ontoref_search, ontoref_describe,
ontoref_list_ontology_extensions, ontoref_get_ontology_extension).
validate modes (ADR-018): reads level_hierarchy from workflow.ncl and checks every
.ncl mode for level declared, strategy declared, delegate chain coherent, compose
extends valid. mode resolve <id> shows which hierarchy level handles a mode and why.
--self-test generates synthetic fixtures in a temp dir for CI smoke-testing.
validate run-cargo: two-step Cargo.toml resolution — workspace layout first
(crates/<check.crate>/Cargo.toml), single-crate fallback by package name or repo
basename. Lets the same ADR constraint shape apply to workspace and single-crate repos.
ontology/schemas/manifest.ncl: registry_topology_type contract — multi-registry
coordination, push targets, participant scopes, per-namespace capability.
reflection/requirements/base.ncl: oras ≥1.2.0, cosign ≥2.0.0, sops ≥3.9.0, age
≥1.1.0, restic declared as Hard/Soft requirements with version_min, check_cmd, and
install_hint (ADR-017 toolchain surface).
ADR-019: per-file recipient routing for tenant isolation without multi-vault. Schema
additions: sops.recipient_groups + sops.recipient_rules in ontoref-project.ncl.
secrets-bootstrap generates .sops.yaml from project.ncl in declarative mode. Three
new secrets-audit checks: recipient-routing-coherent, recipient-routing-coverage,
no-multi-vault. Adoption templates: single-team/, multi-tenant/, agent-first/.
Integration templates: domain-producer/, mode-producer/, mode-consumer/.
UI: project_picker surfaces registry badge (⟳ participant) and vault badge
(⛁ vault_id · N, green=declarative / amber=legacy) per project card. Expanded panel
adds collapsible Registry section with namespace, endpoint, and push/pull capability.
manage.html gains Runtime Services card — MCP and GraphQL toggleable without restart
via HTMX POST /ui/manage/services/{service}/toggle.
describe.nu: capabilities JSON includes registry_topology and vault_state per project.
sync.nu: drift check extended to detect //! absence on newly registered crates.
qa.ncl: six entries — credential-vault-best-practice (layered data-flow diagram),
credential-vault-templates (paths A/B/C), credential-vault-troubleshooting (15 named
errors), integration-what-and-why (ADR-042 OCI federation), integration-how-to-implement,
integration-troubleshooting.
on+re: core.ncl + manifest.ncl updated to reflect OCI, MCP, and mode-hierarchy nodes.
Deleted stale presentation assets (2026-02 slides + voice notes).
134 lines
5.4 KiB
Rust
134 lines
5.4 KiB
Rust
pub mod auth;
|
|
pub mod backlog_ncl;
|
|
pub mod drift_watcher;
|
|
pub mod handlers;
|
|
pub mod login;
|
|
pub mod ncl_write;
|
|
pub mod qa_ncl;
|
|
pub mod search_bookmarks_ncl;
|
|
pub mod watcher;
|
|
|
|
pub use drift_watcher::DriftWatcher;
|
|
pub use watcher::TemplateWatcher;
|
|
|
|
use crate::api::AppState;
|
|
|
|
pub fn router(state: AppState) -> axum::Router {
|
|
multi_router(state)
|
|
}
|
|
|
|
#[allow(dead_code)]
|
|
fn single_router(state: AppState) -> axum::Router {
|
|
use axum::routing::{get, post};
|
|
axum::Router::new()
|
|
.route("/", get(handlers::dashboard))
|
|
.route("/graph", get(handlers::graph))
|
|
.route("/sessions", get(handlers::sessions))
|
|
.route("/notifications", get(handlers::notifications_page))
|
|
.route("/modes", get(handlers::modes))
|
|
.route("/search", get(handlers::search_page))
|
|
.route("/assets/{*path}", get(handlers::serve_asset_single))
|
|
.route("/public/{*path}", get(handlers::serve_public_single))
|
|
.route("/backlog", get(handlers::backlog_page))
|
|
.route("/backlog/status", post(handlers::backlog_update_status))
|
|
.route("/backlog/add", post(handlers::backlog_add))
|
|
.route("/manage", get(handlers::manage_page))
|
|
.route("/manage/add", post(handlers::manage_add))
|
|
.route("/manage/remove", post(handlers::manage_remove))
|
|
.route("/actions", get(handlers::actions_page))
|
|
.route("/actions/run", post(handlers::actions_run))
|
|
.route("/qa", get(handlers::qa_page))
|
|
.route("/qa/delete", post(handlers::qa_delete))
|
|
.route("/qa/update", post(handlers::qa_update))
|
|
.route("/search/bookmark/add", post(handlers::search_bookmark_add))
|
|
.route(
|
|
"/search/bookmark/delete",
|
|
post(handlers::search_bookmark_delete),
|
|
)
|
|
.with_state(state)
|
|
}
|
|
|
|
fn multi_router(state: AppState) -> axum::Router {
|
|
use axum::routing::{get, post};
|
|
axum::Router::new()
|
|
// Project picker and management at root
|
|
.route("/", get(handlers::project_picker))
|
|
.route("/manage", get(handlers::manage_page_guarded))
|
|
.route("/manage/add", post(handlers::manage_add_guarded))
|
|
.route("/manage/remove", post(handlers::manage_remove_guarded))
|
|
.route(
|
|
"/manage/services/{service}/toggle",
|
|
post(handlers::service_toggle_ui),
|
|
)
|
|
.route(
|
|
"/manage/login",
|
|
get(login::manage_login_page).post(login::manage_login_submit),
|
|
)
|
|
.route("/manage/logout", get(handlers::manage_logout))
|
|
// Per-project routes — AuthUser extractor enforces auth per project
|
|
.route("/{slug}/", get(handlers::dashboard_mp))
|
|
.route("/{slug}/stats", get(handlers::dashboard_stats_mp))
|
|
.route("/{slug}/graph", get(handlers::graph_mp))
|
|
.route("/{slug}/sessions", get(handlers::sessions_mp))
|
|
.route("/{slug}/notifications", get(handlers::notifications_mp))
|
|
.route("/{slug}/modes", get(handlers::modes_mp))
|
|
.route("/{slug}/logout", get(login::logout))
|
|
.route("/{slug}/search", get(handlers::search_page_mp))
|
|
.route("/{slug}/assets/{*path}", get(handlers::serve_asset_mp))
|
|
.route("/{slug}/public/{*path}", get(handlers::serve_public_mp))
|
|
.route("/{slug}/backlog", get(handlers::backlog_page_mp))
|
|
.route(
|
|
"/{slug}/backlog/status",
|
|
post(handlers::backlog_update_status_mp),
|
|
)
|
|
.route("/{slug}/backlog/add", post(handlers::backlog_add_mp))
|
|
.route("/{slug}/backlog/edit", post(handlers::backlog_edit_mp))
|
|
.route("/{slug}/backlog/delete", post(handlers::backlog_delete_mp))
|
|
.route(
|
|
"/{slug}/backlog/propose-status",
|
|
post(handlers::backlog_propose_status_mp),
|
|
)
|
|
.route(
|
|
"/{slug}/notifications/{id}/action",
|
|
post(handlers::notification_action_mp),
|
|
)
|
|
.route(
|
|
"/{slug}/notifications/emit",
|
|
post(handlers::emit_notification_mp),
|
|
)
|
|
.route("/{slug}/compose", get(handlers::compose_page_mp))
|
|
.route(
|
|
"/{slug}/compose/form/{form_id}",
|
|
get(handlers::compose_form_schema_mp),
|
|
)
|
|
.route("/{slug}/compose/send", post(handlers::compose_send_mp))
|
|
.route("/{slug}/api", get(handlers::api_catalog_page_mp))
|
|
.route("/{slug}/config", get(handlers::config_page_mp))
|
|
.route("/{slug}/adrs", get(handlers::adrs_page_mp))
|
|
.route("/{slug}/personal", get(handlers::personal_page_mp))
|
|
.route("/{slug}/career", get(handlers::career_page_mp))
|
|
.route("/{slug}/provisioning", get(handlers::provisioning_page_mp))
|
|
.route(
|
|
"/{slug}/migrations/pending",
|
|
get(handlers::pending_migrations_fragment_mp),
|
|
)
|
|
.route("/{slug}/actions", get(handlers::actions_page_mp))
|
|
.route("/{slug}/actions/run", post(handlers::actions_run_mp))
|
|
.route("/{slug}/qa", get(handlers::qa_page_mp))
|
|
.route("/{slug}/qa/delete", post(handlers::qa_delete))
|
|
.route("/{slug}/qa/update", post(handlers::qa_update))
|
|
.route(
|
|
"/{slug}/search/bookmark/add",
|
|
post(handlers::search_bookmark_add),
|
|
)
|
|
.route(
|
|
"/{slug}/search/bookmark/delete",
|
|
post(handlers::search_bookmark_delete),
|
|
)
|
|
// Login is public — no AuthUser extractor
|
|
.route(
|
|
"/{slug}/login",
|
|
get(login::login_page).post(login::login_submit),
|
|
)
|
|
.with_state(state)
|
|
}
|