docs: remove backward compatibility framing from architecture specs

2026-05-28 16:18:54 +00:00
parent 5ce93b1357
commit 1e804b9174
5 changed files with 126 additions and 111 deletions
--- a/docs/architecture/encrypted-data.md
+++ b/docs/architecture/encrypted-data.md
@@ -49,48 +49,50 @@ Instead of a dedicated `client_secrets` table, encrypted data becomes a **node
 type** in a graph:

 ```ts
-import { BaseNodeAttributes, SchemaBuilder } from "@alkdev/storage";
+import { Metagraph } from "@alkdev/storage";
 import { Type } from "@alkdev/typebox";
 import { EncryptedDataSchema } from "@alkdev/storage";

-const SecretNodeType = Type.Intersect([
-  BaseNodeAttributes,
-  Type.Object({
-    key: Type.String({ minLength: 1, maxLength: 255 }),
-    encryptedData: EncryptedDataSchema,
-    expiresAt: Type.Optional(Type.String({ format: "date-time" })),
+const SecretGraph = Type.Module({
+  Config: Type.Object({
+    type: Type.Literal("undirected"),
+    multi: Type.Literal(false),
+    allowSelfLoops: Type.Literal(false),
  }),
-]);

-const schema = new SchemaBuilder()
-  .config({ type: "undirected", multi: false, allowSelfLoops: false })
-  .nodeType("secret", SecretNodeType)
-  .nodeType(
-    "client",
-    Type.Intersect([
-      BaseNodeAttributes,
-      Type.Object({
-        name: Type.String(),
-        type: Type.String(),
-        config: Type.Record(Type.String(), Type.Any()),
-        enabled: Type.Boolean({ default: true }),
-      }),
-    ]),
-  )
-  .edgeType(
-    "has_secret",
-    Type.Intersect([
-      BaseEdgeAttributes,
-      Type.Object({
-        secretKey: Type.String(),
-      }),
-    ]),
-    {
-      allowedSourceTypes: ["client"],
-      allowedTargetTypes: ["secret"],
-    },
-  )
-  .build();
+  SecretNode: Type.Composite([
+    Metagraph.Import("BaseNode"),
+    Type.Object({
+      key: Type.String({ minLength: 1, maxLength: 255 }),
+      encryptedData: EncryptedDataSchema,
+      expiresAt: Type.Optional(Type.String({ format: "date-time" })),
+    }),
+  ]),
+
+  ClientNode: Type.Composite([
+    Metagraph.Import("BaseNode"),
+    Type.Object({
+      name: Type.String(),
+      type: Type.String(),
+      config: Type.Record(Type.String(), Type.Unknown()),
+      enabled: Type.Boolean({ default: true }),
+    }),
+  ]),
+
+  HasSecretEdge: Type.Composite([
+    Metagraph.Import("BaseEdge"),
+    Type.Object({
+      type: Type.Literal("has_secret"),
+      secretKey: Type.String(),
+    }),
+  ]),
+
+  HasSecretEdgeConstraints: Type.Object({
+    edgeType: Type.Literal("has_secret"),
+    allowedSourceTypes: Type.Array(Type.String()),   // ["Client"]
+    allowedTargetTypes: Type.Array(Type.String()),   // ["Secret"]
+  }),
+});
 ```

 This represents the same relationship as `client_secrets.clientId` — but as a
@@ -336,10 +338,9 @@ db deps):

 ```
 src/graphs/
-├── types.ts          # existing: GraphConfig, NodeType, EdgeType, etc.
-├── schemaBuilder.ts  # existing: SchemaBuilder
-├── crypto.ts         # new: encrypt(), decrypt(), generateEncryptionKey(), EncryptedDataSchema
-└── mod.ts            # re-exports all of the above
+├── modules/metagraph.ts  # Metagraph Module (BaseNode, BaseEdge, Config)
+├── crypto.ts             # new: encrypt(), decrypt(), generateEncryptionKey(), EncryptedDataSchema
+└── mod.ts                # re-exports all of the above
 ```

 This keeps the encryption utility in the zero-dep export path (it only uses Web