Source Mode
Use source-local configuration, capabilities, and reloads for agentic deployments.
Sources as the unit of ownership
Source mode replaces one monolithic database assumption with named sources. A source can represent a database, filesystem, code index, OpenAPI surface, or GraphJin system surface.
sources:
- name: app
kind: database
type: postgres
capabilities:
data.read: true
data.write: true
- name: docs
kind: file
capabilities:
files.list: true
files.read: trueCapabilities are centralized in the source capability registry and should not be invented ad hoc by catalog, security, MCP, or config code.
TestSourceCardsUseCapabilityRegistry
core/internal/catalog/build_test.go:84TestSecurityNanoRowsSourceCapabilities
serv/control_plane_graphql_test.go:1447Access defaults
identity:
namespace_claim: account_id
user_id_claim: sub
sources:
- name: app
kind: database
type: postgres
access:
read: account
write: blocked
delete: blocked
namespace_column: account_id
missing_namespace_column: blockThe generated filters use trusted identity values from the request context. Client variables named account_id or user_id are not trusted for generated source-mode checks.
Agentic environment
GO_ENV=agentic requires agentic.yml. Agentic configs can inherit production settings and then enable model-facing discovery surfaces deliberately.
inherits: prod
mode: agenticTestReadInConfigAgenticCanInheritProd
serv/serv_test.go:56Source-scoped reloads
Config updates that touch only one source can use a source-scoped reload path. GraphJin stages the config, validates the runtime, swaps the changed source, and preserves unrelated sources when the transaction succeeds.
TestHandleUpdateCurrentConfig_SourcePatchUsesSourceScopedReload
serv/mcp_config_transaction_test.go:598TestGraphQLConfigUpdateSourcesPatchPreservesSourcesAndRecordsCatalogEvent
serv/control_plane_graphql_test.go:1827