daarion-admin/microdao-daarion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9b89ace2fcd8c78f7a2da25204b15353693ed6af
microdao-daarion/site/cursor/DOCX_UPDATE_INSTRUCTIONS/index.html
Apple ef3473db21 snapshot: NODE1 production state 2026-02-09 
Complete snapshot of /opt/microdao-daarion/ from NODE1 (144.76.224.179).
This represents the actual running production code that has diverged
significantly from the previous main branch.

Key changes from old main:
- Gateway (http_api.py): expanded from ~40KB to 164KB with full agent support
- Router: new /v1/agents/{id}/infer endpoint with vision + DeepSeek routing
- Behavior Policy: SOWA v2.2 (3-level: FULL/ACK/SILENT)
- Agent Registry: config/agent_registry.yml as single source of truth
- 13 agents configured (was 3)
- Memory service integration
- CrewAI teams and roles

Excluded from snapshot: venv/, .env, data/, backups, .tgz archives

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-09 08:46:46 -08:00

951 lines
42 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link rel="canonical" href="https://IvanTytar.github.io/microdao-daarion/cursor/DOCX_UPDATE_INSTRUCTIONS/">
<link rel="icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.18">
<title>Інструкції для оновлення .docx документів - DAARION Documentation</title>
<link rel="stylesheet" href="../../assets/stylesheets/main.66ac8b77.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#docx" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header md-header--shadow" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../.." title="DAARION Documentation" class="md-header__button md-logo" aria-label="DAARION Documentation" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg>
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
DAARION Documentation
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Інструкції для оновлення .docx документів
</span>
</div>
</div>
</div>
<script>var media,input,key,value,palette=__md_get("__palette");if(palette&&palette.color){"(prefers-color-scheme)"===palette.color.media&&(media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']"),palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent"));for([key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../.." title="DAARION Documentation" class="md-nav__button md-logo" aria-label="DAARION Documentation" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg>
</a>
DAARION Documentation
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../public/" class="md-nav__link">
<span class="md-ellipsis">
Home
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../public/getting-started/" class="md-nav__link">
<span class="md-ellipsis">
Getting Started
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../public/architecture-overview/" class="md-nav__link">
<span class="md-ellipsis">
Architecture
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../public/daiS_daos_overview/" class="md-nav__link">
<span class="md-ellipsis">
DAIS & DAOS
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" >
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="">
<span class="md-ellipsis">
Internal
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
Internal
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_1" >
<label class="md-nav__link" for="__nav_5_1" id="__nav_5_1_label" tabindex="0">
<span class="md-ellipsis">
Infra
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_1">
<span class="md-nav__icon md-icon"></span>
Infra
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../internal/infra/INFRA_AUTOMATION_PACK_V1/" class="md-nav__link">
<span class="md-ellipsis">
Infra Automation Pack v1
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../internal/infra/monitoring_overview/" class="md-nav__link">
<span class="md-ellipsis">
Monitoring Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../internal/infra/nodes_registry_v0/" class="md-nav__link">
<span class="md-ellipsis">
Nodes Registry v0
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_2" >
<label class="md-nav__link" for="__nav_5_2" id="__nav_5_2_label" tabindex="0">
<span class="md-ellipsis">
Specs
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_2">
<span class="md-nav__icon md-icon"></span>
Specs
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../internal/specs/matrix_presence_aggregator/" class="md-nav__link">
<span class="md-ellipsis">
Matrix Presence Aggregator
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../internal/specs/city_map_spec/" class="md-nav__link">
<span class="md-ellipsis">
City Map Spec
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../internal/specs/node_join_protocol_draft/" class="md-nav__link">
<span class="md-ellipsis">
Node Join Protocol (Draft)
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#1-microdao-data-model-event-catalogdocx" class="md-nav__link">
<span class="md-ellipsis">
1. microdao — Data Model &amp; Event Catalog.docx
</span>
</a>
<nav class="md-nav" aria-label="1. microdao — Data Model & Event Catalog.docx">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#1-access-keys" class="md-nav__link">
<span class="md-ellipsis">
Крок 1: Додати новий розділ для таблиць access keys
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#2-event-catalog" class="md-nav__link">
<span class="md-ellipsis">
Крок 2: Додати події в Event Catalog
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#2-microdao-rbac-entitlements-mvpdocx" class="md-nav__link">
<span class="md-ellipsis">
2. microdao — RBAC і Entitlements (MVP).docx
</span>
</a>
<nav class="md-nav" aria-label="2. microdao — RBAC і Entitlements (MVP).docx">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#1" class="md-nav__link">
<span class="md-ellipsis">
Крок 1: Оновити формулу доступу
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#2-entitlements-bundles" class="md-nav__link">
<span class="md-ellipsis">
Крок 2: Додати мапінг Entitlements → bundles
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#3-microdao-security-architecture-threat-model-mvpdocx" class="md-nav__link">
<span class="md-ellipsis">
3. microdao — Security Architecture &amp; Threat Model (MVP).docx
</span>
</a>
<nav class="md-nav" aria-label="3. microdao — Security Architecture & Threat Model (MVP).docx">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#1-access-keys-policy-service" class="md-nav__link">
<span class="md-ellipsis">
Крок 1: Додати підрозділ про Access Keys &amp; Policy Service
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#2-access-keys" class="md-nav__link">
<span class="md-ellipsis">
Крок 2: Додати підрозділ про зберігання access keys
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#3" class="md-nav__link">
<span class="md-ellipsis">
Крок 3: Додати абзац про агентний шар
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#4-walletstaking" class="md-nav__link">
<span class="md-ellipsis">
Крок 4: Додати абзац про Wallet/Staking
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#4" class="md-nav__link">
<span class="md-ellipsis">
4. Перевірка
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#5-markdown" class="md-nav__link">
<span class="md-ellipsis">
5. Посилання на Markdown документи
</span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1 id="docx">Інструкції для оновлення .docx документів<a class="headerlink" href="#docx" title="Permanent link">&para;</a></h1>
<p>Цей документ містить інструкції для механічного оновлення Word документів (<code>.docx</code>), які не можна редагувати автоматично.</p>
<hr />
<h2 id="1-microdao-data-model-event-catalogdocx">1. <code>microdao — Data Model &amp; Event Catalog.docx</code><a class="headerlink" href="#1-microdao-data-model-event-catalogdocx" title="Permanent link">&para;</a></h2>
<h3 id="1-access-keys">Крок 1: Додати новий розділ для таблиць access keys<a class="headerlink" href="#1-access-keys" title="Permanent link">&para;</a></h3>
<p><strong>Де:</strong> Після <code>Heading 3 "3.9 Integrations / Webhooks / Audit"</code></p>
<p><strong>Що додати:</strong></p>
<div class="codehilite"><pre><span></span><code>Heading 3: 3.10 Access Keys &amp; Capability Bundles
</code></pre></div>
<p><strong>SQL схема:</strong></p>
<div class="codehilite"><pre><span></span><code><span class="k">create</span><span class="w"> </span><span class="k">table</span><span class="w"> </span><span class="n">access_keys</span><span class="w"> </span><span class="p">(</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="nb">text</span><span class="w"> </span><span class="k">primary</span><span class="w"> </span><span class="k">key</span><span class="p">,</span><span class="w"> </span><span class="c1">-- ak_...</span>
<span class="w"> </span><span class="n">subject_kind</span><span class="w"> </span><span class="nb">text</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="k">null</span><span class="p">,</span><span class="w"> </span><span class="c1">-- &#39;user&#39; | &#39;agent&#39; | &#39;integration&#39; | &#39;embassy&#39;</span>
<span class="w"> </span><span class="n">subject_id</span><span class="w"> </span><span class="nb">text</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="k">null</span><span class="p">,</span><span class="w"> </span><span class="c1">-- u_/ag_/...</span>
<span class="w"> </span><span class="n">team_id</span><span class="w"> </span><span class="nb">text</span><span class="w"> </span><span class="k">null</span><span class="p">,</span><span class="w"> </span><span class="c1">-- t_..., якщо scoped до команди</span>
<span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="nb">text</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="k">null</span><span class="p">,</span>
<span class="w"> </span><span class="n">status</span><span class="w"> </span><span class="nb">text</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="k">null</span><span class="w"> </span><span class="k">check</span><span class="w"> </span><span class="p">(</span><span class="n">status</span><span class="w"> </span><span class="k">in</span><span class="w"> </span><span class="p">(</span><span class="s1">&#39;active&#39;</span><span class="p">,</span><span class="s1">&#39;revoked&#39;</span><span class="p">,</span><span class="s1">&#39;expired&#39;</span><span class="p">)),</span>
<span class="w"> </span><span class="n">created_at</span><span class="w"> </span><span class="n">timestamptz</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="k">null</span><span class="w"> </span><span class="k">default</span><span class="w"> </span><span class="n">now</span><span class="p">(),</span>
<span class="w"> </span><span class="n">expires_at</span><span class="w"> </span><span class="n">timestamptz</span><span class="w"> </span><span class="k">null</span><span class="p">,</span>
<span class="w"> </span><span class="n">last_used_at</span><span class="w"> </span><span class="n">timestamptz</span><span class="w"> </span><span class="k">null</span>
<span class="p">);</span>
<span class="k">create</span><span class="w"> </span><span class="k">table</span><span class="w"> </span><span class="n">capabilities</span><span class="w"> </span><span class="p">(</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="nb">text</span><span class="w"> </span><span class="k">primary</span><span class="w"> </span><span class="k">key</span><span class="p">,</span><span class="w"> </span><span class="c1">-- cap_...</span>
<span class="w"> </span><span class="n">code</span><span class="w"> </span><span class="nb">text</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="k">null</span><span class="w"> </span><span class="k">unique</span><span class="p">,</span><span class="w"> </span><span class="c1">-- chat.message.send, wallet.stake.ringk, ...</span>
<span class="w"> </span><span class="n">description</span><span class="w"> </span><span class="nb">text</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="k">null</span>
<span class="p">);</span>
<span class="k">create</span><span class="w"> </span><span class="k">table</span><span class="w"> </span><span class="n">access_key_caps</span><span class="w"> </span><span class="p">(</span>
<span class="w"> </span><span class="n">key_id</span><span class="w"> </span><span class="nb">text</span><span class="w"> </span><span class="k">references</span><span class="w"> </span><span class="n">access_keys</span><span class="p">(</span><span class="n">id</span><span class="p">)</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="k">delete</span><span class="w"> </span><span class="k">cascade</span><span class="p">,</span>
<span class="w"> </span><span class="n">cap_id</span><span class="w"> </span><span class="nb">text</span><span class="w"> </span><span class="k">references</span><span class="w"> </span><span class="n">capabilities</span><span class="p">(</span><span class="n">id</span><span class="p">)</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="k">delete</span><span class="w"> </span><span class="k">cascade</span><span class="p">,</span>
<span class="w"> </span><span class="k">primary</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="p">(</span><span class="n">key_id</span><span class="p">,</span><span class="w"> </span><span class="n">cap_id</span><span class="p">)</span>
<span class="p">);</span>
<span class="k">create</span><span class="w"> </span><span class="k">table</span><span class="w"> </span><span class="n">bundles</span><span class="w"> </span><span class="p">(</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="nb">text</span><span class="w"> </span><span class="k">primary</span><span class="w"> </span><span class="k">key</span><span class="p">,</span><span class="w"> </span><span class="c1">-- bundle_...</span>
<span class="w"> </span><span class="n">name</span><span class="w"> </span><span class="nb">text</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="k">null</span><span class="w"> </span><span class="k">unique</span><span class="p">,</span><span class="w"> </span><span class="c1">-- role.Member / plan.Premium / agent.default</span>
<span class="w"> </span><span class="n">created_at</span><span class="w"> </span><span class="n">timestamptz</span><span class="w"> </span><span class="k">not</span><span class="w"> </span><span class="k">null</span><span class="w"> </span><span class="k">default</span><span class="w"> </span><span class="n">now</span><span class="p">()</span>
<span class="p">);</span>
<span class="k">create</span><span class="w"> </span><span class="k">table</span><span class="w"> </span><span class="n">bundle_caps</span><span class="w"> </span><span class="p">(</span>
<span class="w"> </span><span class="n">bundle_id</span><span class="w"> </span><span class="nb">text</span><span class="w"> </span><span class="k">references</span><span class="w"> </span><span class="n">bundles</span><span class="p">(</span><span class="n">id</span><span class="p">)</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="k">delete</span><span class="w"> </span><span class="k">cascade</span><span class="p">,</span>
<span class="w"> </span><span class="n">cap_id</span><span class="w"> </span><span class="nb">text</span><span class="w"> </span><span class="k">references</span><span class="w"> </span><span class="n">capabilities</span><span class="p">(</span><span class="n">id</span><span class="p">)</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="k">delete</span><span class="w"> </span><span class="k">cascade</span><span class="p">,</span>
<span class="w"> </span><span class="k">primary</span><span class="w"> </span><span class="k">key</span><span class="w"> </span><span class="p">(</span><span class="n">bundle_id</span><span class="p">,</span><span class="w"> </span><span class="n">cap_id</span><span class="p">)</span>
<span class="p">);</span>
</code></pre></div>
<hr />
<h3 id="2-event-catalog">Крок 2: Додати події в Event Catalog<a class="headerlink" href="#2-event-catalog" title="Permanent link">&para;</a></h3>
<p><strong>Де:</strong> У розділі <code>6.3 Події (JSON, скорочено)</code></p>
<p><strong>1. У список <code>topic</code> додати:</strong></p>
<ul>
<li><code>access_key.created</code></li>
<li><code>access_key.revoked</code></li>
<li><code>access_key.used</code></li>
</ul>
<p><strong>2. Нижче, де йдуть payload-схеми, додати JSON-схеми:</strong></p>
<p><strong>access_key.created:</strong></p>
<div class="codehilite"><pre><span></span><code><span class="c1">// envelope.topic = &quot;access_key.created&quot;</span>
<span class="s">&quot;access_key_created&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s">&quot;type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;object&quot;</span><span class="p">,</span>
<span class="w"> </span><span class="s">&quot;properties&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s">&quot;key_id&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s">&quot;type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;string&quot;</span><span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s">&quot;subject_kind&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s">&quot;type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;string&quot;</span><span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s">&quot;subject_id&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s">&quot;type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;string&quot;</span><span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s">&quot;team_id&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s">&quot;type&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s">&quot;string&quot;</span><span class="p">,</span><span class="s">&quot;null&quot;</span><span class="p">]</span><span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s">&quot;required&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s">&quot;key_id&quot;</span><span class="p">,</span><span class="s">&quot;subject_kind&quot;</span><span class="p">,</span><span class="s">&quot;subject_id&quot;</span><span class="p">]</span>
<span class="p">}</span>
</code></pre></div>
<p><strong>access_key.revoked:</strong></p>
<div class="codehilite"><pre><span></span><code><span class="c1">// envelope.topic = &quot;access_key.revoked&quot;</span>
<span class="s">&quot;access_key_revoked&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s">&quot;type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;object&quot;</span><span class="p">,</span>
<span class="w"> </span><span class="s">&quot;properties&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s">&quot;key_id&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s">&quot;type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;string&quot;</span><span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s">&quot;revoked_by&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s">&quot;type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;string&quot;</span><span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s">&quot;revoked_at&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s">&quot;type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;string&quot;</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;format&quot;</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;date-time&quot;</span><span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s">&quot;required&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s">&quot;key_id&quot;</span><span class="p">,</span><span class="s">&quot;revoked_by&quot;</span><span class="p">,</span><span class="s">&quot;revoked_at&quot;</span><span class="p">]</span>
<span class="p">}</span>
</code></pre></div>
<p><strong>access_key.used:</strong></p>
<div class="codehilite"><pre><span></span><code><span class="c1">// envelope.topic = &quot;access_key.used&quot;</span>
<span class="s">&quot;access_key_used&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s">&quot;type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;object&quot;</span><span class="p">,</span>
<span class="w"> </span><span class="s">&quot;properties&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s">&quot;key_id&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s">&quot;type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;string&quot;</span><span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s">&quot;subject_id&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s">&quot;type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;string&quot;</span><span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s">&quot;action&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s">&quot;type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;string&quot;</span><span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s">&quot;resource_kind&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s">&quot;type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;string&quot;</span><span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s">&quot;ts&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s">&quot;type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;string&quot;</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;format&quot;</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;date-time&quot;</span><span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s">&quot;required&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s">&quot;key_id&quot;</span><span class="p">,</span><span class="s">&quot;subject_id&quot;</span><span class="p">,</span><span class="s">&quot;action&quot;</span><span class="p">,</span><span class="s">&quot;resource_kind&quot;</span><span class="p">,</span><span class="s">&quot;ts&quot;</span><span class="p">]</span>
<span class="p">}</span>
</code></pre></div>
<hr />
<h2 id="2-microdao-rbac-entitlements-mvpdocx">2. <code>microdao — RBAC і Entitlements (MVP).docx</code><a class="headerlink" href="#2-microdao-rbac-entitlements-mvpdocx" title="Permanent link">&para;</a></h2>
<h3 id="1">Крок 1: Оновити формулу доступу<a class="headerlink" href="#1" title="Permanent link">&para;</a></h3>
<p><strong>Де:</strong> У розділі <code>2) Модель доступу</code></p>
<p><strong>Знайти:</strong> Нинішню формулу <code>allow = ...</code></p>
<p><strong>Замінити на:</strong></p>
<div class="codehilite"><pre><span></span><code>allow =
RBAC(role, action, resource)
∧ Entitlement(plan, RINGK_staked)
∧ Capability(key, action, resource)
∧ ACL(resource)
∧ Mode(public|confidential)
</code></pre></div>
<p><strong>Додати після формули:</strong></p>
<blockquote>
<p><code>Capability(key, …)</code> береться з bundles <code>bundle.role.*</code> + <code>bundle.plan.*</code> (детальніше див. <code>24_access_keys_capabilities_system.md</code>).</p>
</blockquote>
<hr />
<h3 id="2-entitlements-bundles">Крок 2: Додати мапінг Entitlements → bundles<a class="headerlink" href="#2-entitlements-bundles" title="Permanent link">&para;</a></h3>
<p><strong>Де:</strong> У розділі <code>6) Entitlements від RINGK (стейк)</code>, в кінці розділу</p>
<p><strong>Додати:</strong></p>
<blockquote>
<p><strong>Мапінг Entitlements → capability-bundles</strong></p>
<ul>
<li>плани <code>Freemium/Casual/Premium/Platformium</code> відповідають <code>bundle.plan.*</code>;</li>
<li>множники від стейку RINGK впливають на квоти для capabilities (<code>chat.message.send</code>, <code>agent.run.invoke</code>, <code>router.invoke</code>, <code>wallet.payout.claim</code>).</li>
</ul>
</blockquote>
<hr />
<h2 id="3-microdao-security-architecture-threat-model-mvpdocx">3. <code>microdao — Security Architecture &amp; Threat Model (MVP).docx</code><a class="headerlink" href="#3-microdao-security-architecture-threat-model-mvpdocx" title="Permanent link">&para;</a></h2>
<h3 id="1-access-keys-policy-service">Крок 1: Додати підрозділ про Access Keys &amp; Policy Service<a class="headerlink" href="#1-access-keys-policy-service" title="Permanent link">&para;</a></h3>
<p><strong>Де:</strong> У розділі <code>5. Авторизація</code>, після першого підрозділу (5.1/5.2)</p>
<p><strong>Додати:</strong></p>
<div class="codehilite"><pre><span></span><code>Heading 3: 5.x Access Keys &amp; Policy Service (PDP/PEP)
</code></pre></div>
<p><strong>Текст:</strong></p>
<ul>
<li>Access keys перевіряються через PDP (Policy Decision Point / Policy Service)</li>
<li>PEP (Policy Enforcement Point) живе в API Gateway та сервісах</li>
<li>Використовується capability-token (JWT/opaque), який несе:</li>
<li><code>sub</code> (user/agent/integration ID)</li>
<li><code>team_id</code></li>
<li>стиснений список <code>caps</code> (capabilities)</li>
</ul>
<hr />
<h3 id="2-access-keys">Крок 2: Додати підрозділ про зберігання access keys<a class="headerlink" href="#2-access-keys" title="Permanent link">&para;</a></h3>
<p><strong>Де:</strong> У розділі <code>8. Зберігання та доступ</code></p>
<p><strong>Додати:</strong></p>
<div class="codehilite"><pre><span></span><code>Heading 3: 8.x Зберігання access keys
</code></pre></div>
<p><strong>Текст:</strong></p>
<ul>
<li>Метадані зберігаються в таблиці <code>access_keys</code> (див. Data Model)</li>
<li>Секрети (<code>secret</code>) зашифровані через KMS/HSM</li>
<li>One-time reveal: після створення ключ не показується повторно</li>
<li>Ротація: обов'язковий <code>expires_at</code>, періодична ротація ключів</li>
</ul>
<hr />
<h3 id="3">Крок 3: Додати абзац про агентний шар<a class="headerlink" href="#3" title="Permanent link">&para;</a></h3>
<p><strong>Де:</strong> У розділі <code>11. Агентний шар</code></p>
<p><strong>Додати:</strong></p>
<blockquote>
<p>Всі приватні агенти працюють виключно через Agent Access Keys з мінімальними capabilities. Для <code>mode='confidential'</code> агенти не отримують plaintext-повідомлень, тільки summary/embeddings (узгоджено з E2EE моделлю).</p>
</blockquote>
<hr />
<h3 id="4-walletstaking">Крок 4: Додати абзац про Wallet/Staking<a class="headerlink" href="#4-walletstaking" title="Permanent link">&para;</a></h3>
<p><strong>Де:</strong> У розділі <code>12. Wallet/Staking/Токени</code></p>
<p><strong>Додати:</strong></p>
<blockquote>
<p>Всі операції гаманця (<code>wallet.balance.view</code>, <code>wallet.stake.ringk</code>, <code>wallet.payout.claim</code>) завжди проходять через capability-check для ключа (user/agent). Перевірка виконується через PDP перед виконанням операції.</p>
</blockquote>
<hr />
<h2 id="4">4. Перевірка<a class="headerlink" href="#4" title="Permanent link">&para;</a></h2>
<p>Після оновлення всіх <code>.docx</code> файлів перевір:</p>
<ul>
<li>У Data Model додано розділ 3.10 з таблицями access keys</li>
<li>У Event Catalog додано 3 нові topics та їх JSON-схеми</li>
<li>У RBAC оновлено формулу доступу та додано мапінг Entitlements → bundles</li>
<li>У Security Architecture додано 4 нові розділи/абзаци про Access Keys</li>
</ul>
<hr />
<h2 id="5-markdown">5. Посилання на Markdown документи<a class="headerlink" href="#5-markdown" title="Permanent link">&para;</a></h2>
<p>Всі деталі вже є в Markdown документах:</p>
<ul>
<li><code>24_access_keys_capabilities_system.md</code> — повна специфікація</li>
<li><code>DAARION_city_platforms_catalog.md</code> — мапінг платформ</li>
<li><code>28_flows_wallet_embassy_energy_union.md</code> — sequence-діаграми</li>
</ul>
<hr />
<p><strong>Версія:</strong> 1.0<br />
<strong>Останнє оновлення:</strong> 2024-11-14</p>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../..", "features": ["navigation.sections", "navigation.instant", "content.code.copy"], "search": "../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../../assets/javascripts/bundle.3220b9d7.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink