Audit & Actor Tracking
Every write in OmniGraph records who made it. The actor id is persisted on the
Every write in OmniGraph records who made it. The actor id is persisted on the graph commit, so the commit history is an audit trail of which actor changed the graph and when.
Where the actor comes from
The actor is resolved differently depending on the front end, but it always lands on the commit:
-
HTTP server — the actor is resolved server-side from the bearer token. A client cannot set its own actor id; it is derived from the authenticated token. See policy for how tokens map to actors.
-
CLI / embedded — the actor is self-declared through one resolution chain:
--as <actor>on the command,- then
operator.actorin~/.omnigraph/config.yaml(see the CLI reference), - otherwise none.
This difference is intentional: storage credentials imply a self-declared actor, while a server resolves the actor from a token it trusts.
Reading the audit trail
Actor ids are stored on each commit in the commit graph. List commits to see who made each change:
omnigraph commit list graph.omniSystem-initiated writes use reserved actor ids — for example, automatic recovery
of an interrupted write records omnigraph:recovery, so operator changes and
machine repairs are distinguishable in the history:
omnigraph commit list --filter actor=omnigraph:recovery graph.omniWhat is tracked
Every successful publish — load, change, branch merge, and schema apply — appends a commit carrying the resolving actor. Because publishes are atomic, the actor on a commit is exactly the actor responsible for that whole change.
HTTP Server (`omnigraph-server`)
Axum 0.8 + tokio + utoipa-generated OpenAPI. Cluster-only boot: the server always boots from a cluster (--cluster <dir | s3://…>) and serves N graphs (N ≥ 1)...
Errors and Result Serialization
Compiler-side CompilerError covers parse / catalog / type / storage / plan / execution / arrow / lance / IO / manifest / unique-constraint, each with structu...