docs(user): coherence cleanup aligned with 0.7.1#293
Merged
Conversation
… config-only `cluster apply` creates graphs, applies schema updates (soft drops), writes stored-query/policy catalog resources, and executes approved graph deletes in one ordered run. Both the user docs and the shipped CLI help text still described it as a "Stage 3A" config-only (query/policy) subset that defers graph/schema changes "to a later stage" — wrong since the graph/schema executor landed. - docs/user/cli/reference.md: rewrite the cluster paragraph to describe apply's actual converge behavior; keep deferred for the genuinely-unsupported case (standalone schema deletes); drop the stale "Stage 3A" / "reserved for later stages" framing. - crates/omnigraph-cli/src/cli.rs: fix the `cluster apply` help text to match. Part of the docs/user coherence cleanup (docs/dev/docs-issues.md, P1). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01FQ1Hf4eXLsJmeLUkTYBEw7
server.md documented a per-query expose knob ("`mcp.expose` defaults to true;
set `mcp: { expose: false }` to hide from the catalog") that does not exist in
the only deployment mode. Cluster-only serving lists every stored query: the
cluster registry has no expose field (`QueryConfig { file }`) and the boot
bridge hardcodes `expose: true` for all cluster queries
(omnigraph-server settings), and there is no GQ-level expose annotation. This
contradicted clusters/config.md, which already states the correct behavior.
Replace the knob bullet with the cluster truth (every applied query is listed;
per-query exposure may become a Cedar-policy decision later) and drop the
"`mcp.expose` stored queries" phrasing from the catalog description, the
endpoint table, and the intro. The `mcp_expose` JSON catalog field is unchanged
(still emitted, always true in cluster mode).
Part of the docs/user coherence cleanup (docs/dev/docs-issues.md, P1).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01FQ1Hf4eXLsJmeLUkTYBEw7
schema/index.md claimed `allow_data_loss` is "honored uniformly across transports" and listed HTTP `POST /schema/apply` among them. But that route is 409-disabled for cluster-backed serving (already documented in server.md), and cluster-managed graphs evolve only through `cluster apply` with soft drops — there is no cluster HTTP data-loss path. Scope the data-loss flag to the direct/embedded path (`schema apply --store`, SDK), and add a paragraph: cluster-managed graphs use `cluster apply` (soft drops only); HTTP `POST /schema/apply` is 409 for cluster serving; direct apply against a cluster-managed path is refused. Cross-refs server + cluster docs. Part of the docs/user coherence cleanup (docs/dev/docs-issues.md, P2). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01FQ1Hf4eXLsJmeLUkTYBEw7
The endpoint table already listed both `/load` (canonical) and `/ingest` (deprecated alias) at 32 MB, but the admission-control, body-limit, rate-limit, and manifest-conflict prose named only `/ingest` — and the constants page called the limit "Ingest body limit". Add `/load` alongside (or ahead of) `/ingest` everywhere, and rename the constant to "Load (bulk-write) body limit" noting the `/ingest` alias shares it. Part of the docs/user coherence cleanup (docs/dev/docs-issues.md, P2). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01FQ1Hf4eXLsJmeLUkTYBEw7
The "Bearer token resolution (CLI)" section still listed removed omnigraph.yaml keys (`graphs.<name>.bearer_token_env`, `auth.env_file`) — config surfaces that no longer exist and that implied plaintext tokens in config. Replace it with a pointer to the keyed-credential model documented above (`OMNIGRAPH_TOKEN_<NAME>` → `~/.omnigraph/credentials` → `OMNIGRAPH_BEARER_TOKEN`). Also fix the `version` row: the CLI prints 0.7.x, not 0.3.x. Part of the docs/user coherence cleanup (docs/dev/docs-issues.md, P2 + smaller). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01FQ1Hf4eXLsJmeLUkTYBEw7
- server.md: add a one-line note that the per-graph subsections name routes in
shorthand (`GET /queries`, `POST /query`, `POST /mutate`,
`POST /queries/{name}`) but every one is served under `/graphs/{id}/…` — the
endpoint table is already fully-qualified.
- clusters/config.md: redefine the `deferred` plan disposition as an unsupported
change (e.g. a standalone schema delete) instead of "graph/schema change,
later phase" (graph creates and schema updates apply now); drop the "Stage 2C"
label from the lock-recovery note.
- search/indexes.md: `ingest --mode merge` → canonical `load --mode merge`.
Part of the docs/user coherence cleanup (docs/dev/docs-issues.md, P2 + smaller).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01FQ1Hf4eXLsJmeLUkTYBEw7
… resolved Convert the scratch review notes into a tracked living ledger and link it from the dev index. All ten findings from the 2026-06-20 docs/user sweep are validated and fixed in this branch (P1 cluster-apply semantics + stored-query exposure; P2 schema-apply paths, /load canonical, bearer-token keys, route shorthand; plus version/ingest/deferred/stage crumbs). The verification grep checklist is retained for future audits. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01FQ1Hf4eXLsJmeLUkTYBEw7
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| | Pri | Finding | Resolution | | ||
| |---|---|---| | ||
| | P1 | `cluster apply` documented as catalog-only / "Stage 3A" with graph+schema deferred — in both `cli/reference.md` and the shipped CLI help (`cli.rs`) | Rewrote both to describe the real converge behavior (creates graphs, applies schema with soft drops, writes catalog, executes approved deletes in one ordered run); `deferred` now means the genuinely-unsupported case (standalone schema delete). | | ||
| | P1 | Stored-query exposure had two contracts: `server.md` documented a per-query `mcp:{expose:false}` knob; cluster docs said all queries are listed | Confirmed in code: cluster registry has no expose field (`QueryConfig`), boot bridge hardcodes `expose: true` (`omnigraph-server` settings), no GQ-level annotation. Removed the knob from `server.md`; documented "every applied query is listed; per-query exposure may become a Cedar-policy decision later". | |
There was a problem hiding this comment.
omnigraph-cookbooks best-practices still references removed bearer_token_env chain
omnigraph-cookbooks/docs/best-practices.md:372 describes client-side auth as "token resolves via OMNIGRAPH_TOKEN_<NAME> → the credentials file → the legacy bearer_token_env chain." The bearer_token_env key is one of the removed omnigraph.yaml keys documented as "no longer exist" in this very PR. If the ledger's purpose is to be a living coherence checklist, the cookbook drift is worth tracking here (or opening a follow-up in the cookbooks repo) so the removal of that chain is fully reflected across the docs ecosystem.
…vior Greptile P1 on #293: the prose fix in server.md left the OpenAPI surface stale. The utoipa annotations (handlers.rs, omnigraph-api-types QueriesCatalogOutput) still described the catalog as "the `mcp.expose == true` subset", and those drive the checked-in openapi.json — so SDK consumers read a contract the cluster-only server does not honor (it lists every stored query). Update the three Rust doc-comment/annotation strings to "every stored query" and regenerate openapi.json (OMNIGRAPH_UPDATE_OPENAPI=1; drift test green) in the same change, per AGENTS.md rule 4. Ledger updated: this finding resolved, plus the cross-repo drift it surfaced (omnigraph-ts generated spec/types and omnigraph-cookbooks best-practices bearer_token_env) tracked as open follow-ups. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01FQ1Hf4eXLsJmeLUkTYBEw7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes stale/contradictory claims in
docs/user/(and one shipped CLI helpstring) surfaced by a static review and recorded in the new tracked ledger
docs/dev/docs-issues.md. Every finding was validated against currentcode/behavior, not just cross-doc consistency — all 6 priority findings + 4
smaller crumbs reproduced. Docs-only except one user-facing CLI help-text fix.
Commits are split P1 first, then P2 + crumbs, then the ledger:
cluster applysemantics (P1)cli/reference.mdand the CLI help (cli.rs) called apply a "Stage 3A" config-only (query/policy) subset that defers graph/schema "to a later stage". Apply actually creates graphs, applies schema (soft drops), writes catalog, and executes approved deletes in one ordered run (verified:diff.rsGraphCreate/SchemaApply, Stage-4 executors + tests). Rewrote both;deferrednow = the genuinely-unsupported case (standalone schema delete).server.mddocumented a per-querymcp:{expose:false}knob that doesn't exist in cluster-only serving (registry has no expose field; boot bridge hardcodesexpose:true; no GQ annotation). Now documents "every applied query is listed".schema/index.mdclaimedallow_data_losshonored "uniformly across transports" incl. HTTP. Scoped to direct/embedded; noted cluster apply = soft drops only and the HTTP route is 409-disabled for cluster serving./loadcanonical (P2)/loadto admission/body-limit/rate-limit/manifest-conflict prose (named/ingestonly); renamed the "Ingest body limit" constant.omnigraph.yamlkeys (graphs.<name>.bearer_token_env,auth.env_file) → pointer to the keyed-credential model;version0.3.x → 0.7.x./graphs/{id}/…shorthand;deferreddisposition wording; droppedStage 2C/Stage 1labels;ingest --mode merge→load --mode merge.docs/dev/docs-issues.mdas a living coherence ledger, linked from the dev index; mark the sweep resolved; record one open follow-up (stale "config-only apply" rustdoc comments inomnigraph-cluster/src— internal, separate change).0.7.1 alignment
No user doc warns against camelCase field names (would be stale post-#283); no
residual
0.3.x/0.6.xstrings;queries list@description/@instruction(#280) already documented.
Verification
"no longer exist" / disclaimed-shorthand matches remain).
scripts/check-agents-md.sh→ OK (61 links, 58 docs).cargo test -p omnigraph-cligreen (no test asserted the old help string);CLI builds and
cluster apply --helpshows the corrected text.Out of scope: the user's unrelated
loader/mod.rsWIP (left untouched), and theinternal cluster-crate comment cleanup (tracked in the ledger).
🤖 Generated with Claude Code
Greptile Summary
This PR fixes stale and contradictory claims across
docs/user/(and one shipped CLI help string) validated against 0.7.1 code behavior, then tracks all findings in a newdocs/dev/docs-issues.mdcoherence ledger. The most impactful corrections are thecluster applysemantics rewrite (from "catalog-only / Stage 3A" to the real converge run) and the removal of the nonexistentmcp:{expose:false}per-query knob.cluster applyhelp text and reference docs rewritten to reflect the actual ordered run: graph creates → schema soft-drops → catalog writes → approved deletes, withdeferrednow meaning the genuinely-unsupported case (standalone schema delete).mcp.exposecontract removed fromserver.md,handlers.rs,lib.rs, andopenapi.json; theQueriesCatalogOutputdescription and the 200-response description are updated — however the OpenAPIsummaryfield (derived fromhandlers.rs:1035's first doc-comment line) still reads "exposed stored queries" and needs a one-word fix.omnigraph-tsstale spec,omnigraph-cookbooksbearer_token_envreference) is acknowledged in the ledger as tracked open items.Confidence Score: 4/5
Mostly safe docs-only cleanup; one residual inconsistency in the OpenAPI surface needs a one-line fix before the contract is fully coherent.
The PR's central goal is eliminating the stale
mcp.exposecontract from the OpenAPI surface. It updated thedescription, response description, and component description — but left the first doc-comment line onserver_list_queriesunchanged ("List the graph's exposed stored queries"), which utoipa uses as the OpenAPIsummaryfield. That summary appears verbatim inopenapi.jsonline 1008 and will be the first thing any SDK generator or API browser displays. The rest of the doc changes are accurate and well-verified.crates/omnigraph-server/src/handlers.rsline 1035 and the correspondingopenapi.jsonline 1008 — the OpenAPI summary still says "exposed stored queries."Important Files Changed
QueriesCatalogOutputupdated from "the mcp.expose subset" to "every stored query" — consistent with the rest of the PR.cluster applyrewritten to accurately describe the full converge run (graph creates, schema soft-drops, catalog writes, approved deletes).cluster applyprose from "catalog-only / Stage 3A" to the correct converge semantics; removed stale stage labels and deprecated bearer-token keys.mcp:{expose:false}knob; added the/loadalias and route-shorthand note; all endpoint table entries updated.allow_data_lossto the direct/embedded path; added a clear callout that cluster-managed graphs use soft-drops only and HTTPPOST /schema/applyis 409-disabled.Flowchart
%%{init: {'theme': 'neutral'}}%% flowchart TD A["GET /graphs/{id}/queries"] --> B["authorize_request\n(bearer + read on main)"] B -->|authorized| C["registry.iter()\n.filter(q.expose)\n.map(query_catalog_entry)"] B -->|denied| D["401 / 403"] C --> E{"registry present?"} E -->|yes| F["QueriesCatalogOutput\n(every query — expose hardcoded true\nin cluster boot bridge)"] E -->|no| G["QueriesCatalogOutput\n(empty vec)"] F --> H["200 JSON response"] G --> H style F fill:#d4edda style D fill:#f8d7da%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%% flowchart TD A["GET /graphs/{id}/queries"] --> B["authorize_request\n(bearer + read on main)"] B -->|authorized| C["registry.iter()\n.filter(q.expose)\n.map(query_catalog_entry)"] B -->|denied| D["401 / 403"] C --> E{"registry present?"} E -->|yes| F["QueriesCatalogOutput\n(every query — expose hardcoded true\nin cluster boot bridge)"] E -->|no| G["QueriesCatalogOutput\n(empty vec)"] F --> H["200 JSON response"] G --> H style F fill:#d4edda style D fill:#f8d7daReviews (2): Last reviewed commit: "docs(api): align GET /queries OpenAPI co..." | Re-trigger Greptile