MILAB-5815: feat: proto update

[rfiskov]

Greptile Summary

This PR updates the Platform API proto definitions and the generated TypeScript client code, adding resource signatures (a "color" ownership/authenticity system), a new LockFieldValues RPC for optimistic field-reference locking, a SetDefaultColor transaction operation, AccessFlags on ResourceSchema, JWT role selection, and various field renames. The generated files (api.ts, api_types.ts, api.client.ts) are correctly regenerated to match the proto changes.\n\nKey concerns:\n- TypeScript compile errors in transaction.ts: The proto update promotes resourceSignature (and errorResourceSignature) to required, non-optional Uint8Array fields in ~11 request interfaces. The existing object literals in transaction.ts that construct these requests do not include those fields, producing TypeScript compilation errors across removeResource, resourceExists, getResourceData, lockInputs, lockOutputs, setResourceError, setFieldError, and all KV operations. Only the two explicit renames (id → resourceId, errResourceId → errorResourceId) were applied — the signature fields need to be addressed either by adding resourceSignature: new Uint8Array(0) everywhere or by making the generated fields optional (?).\n- Minor typo: "successfull" in the LockFieldValues.Create.Response comment should be "successful".

Confidence Score: 4/5

Not safe to merge until missing resourceSignature fields in transaction.ts are resolved — they will cause TypeScript build failures.

The proto design and generated TypeScript are internally consistent and well-structured. However, the required resourceSignature: Uint8Array field introduced by this PR is not supplied by ~11 existing object literal constructions in transaction.ts, which will break the TypeScript build. This is a blocking P1 issue.

lib/node/pl-client/src/core/transaction.ts requires updating all request object literals to supply the new required resourceSignature (and errorResourceSignature) fields.

Important Files Changed

Filename	Overview
lib/node/pl-client/proto/plapi/plapiproto/api.proto	Major proto update: adds LockFieldValues RPC, SetDefaultColor transaction op, resource_signature/color_proof bytes to request/response messages, normalizes lease HTTP endpoints, deprecates CacheAPI.DeleteExpiredRecords, adds JWT role enum and session_id, adds AccessFlags to ResourceSchema, and renames several fields.
lib/node/pl-client/proto/plapi/plapiproto/api_types.proto	Adds resource_signature field to Resource message (renaming id→resource_id), adds value_signature and error_signature to Field, adds resource_recovered notification event, and adds AccessFlags/free_inputs/free_outputs to ResourceSchema.
lib/node/pl-client/src/core/transaction.ts	Two field renames applied correctly, but the updated proto interfaces now require resourceSignature/errorResourceSignature fields in ~11 existing object literals that weren't touched — causing TypeScript compile errors throughout the file.
lib/node/pl-client/src/core/type_conversion.ts	Single correct fix: proto.id → proto.resourceId in protoToResource() to match the Resource.id field rename.
lib/node/pl-client/src/proto-grpc/github.com/milaboratory/pl/plapi/plapiproto/api.client.ts	Generated client updated to add lockFieldValues() method (methods[18]) and shift all subsequent method indices by one to account for the new RPC.
lib/node/pl-client/src/proto-grpc/github.com/milaboratory/pl/plapi/plapiproto/api.ts	Generated TypeScript types updated to match proto changes: new interfaces, field additions, deprecation markers, and binary read/write handlers.
lib/node/pl-client/src/proto-grpc/github.com/milaboratory/pl/plapi/plapiproto/api_types.ts	Generated TypeScript types updated: Resource.id→resourceId, new resourceSignature field, value_signature/error_signature on Field, resource_recovered notification flag, and new ResourceSchema.AccessFlags type.

Comments Outside Diff (1)

1. lib/node/pl-client/proto/plapi/plapiproto/api.proto, line 32 (link)

   Typo: "successfull" → "successful"

   The comment on the acquired field in LockFieldValues.Create.Response contains a double-l typo.

   Prompt To Fix With AI

   This is a comment left during a code review.
   Path: lib/node/pl-client/proto/plapi/plapiproto/api.proto
   Line: 32
   
   Comment:
   **Typo: "successfull" → "successful"**
   
   The comment on the `acquired` field in `LockFieldValues.Create.Response` contains a double-l typo.
   
   
   
   How can I resolve this? If you propose a fix, please make it concise.

Prompt To Fix All With AI

This is a comment left during a code review.
Path: lib/node/pl-client/src/core/transaction.ts
Line: 521

Comment:
**Missing required `resourceSignature` field — will break TypeScript compilation**

The proto update adds `resourceSignature: Uint8Array` as a required (non-optional) property to many `*_Request` interfaces, but the object literals created throughout `transaction.ts` do not supply this field. TypeScript will error because a required property is absent in a structural type check against `OneOfKind<ClientMessageRequest, Kind>`.

This specific line is one instance, but the same problem affects every existing call that constructs a request object for a message type that now requires `resourceSignature`. Affected calls include:

- `lib/node/pl-client/src/core/transaction.ts:521` — `resourceRemove: { resourceId: rId }` (missing `resourceSignature`)
- `lib/node/pl-client/src/core/transaction.ts:526` — `resourceExists: { resourceId: rId }` (missing `resourceSignature`)
- `lib/node/pl-client/src/core/transaction.ts:584` — `resourceGet: { resourceId: ..., loadFields: ... }` (missing `resourceSignature`)
- `lib/node/pl-client/src/core/transaction.ts:668` — `resourceLockInputs: { resourceId: ... }` (missing `resourceSignature`)
- `lib/node/pl-client/src/core/transaction.ts:680` — `resourceLockOutputs: { resourceId: ... }` (missing `resourceSignature`)
- `lib/node/pl-client/src/core/transaction.ts:692` — `resourceSetError: { resourceId: ..., errorResourceId: ... }` (missing `resourceSignature` and `errorResourceSignature`)
- `lib/node/pl-client/src/core/transaction.ts:746` — `fieldSetError: { field: ..., errorResourceId: ... }` (missing `errorResourceSignature`)
- `lib/node/pl-client/src/core/transaction.ts:817` — `resourceKeyValueSet: { resourceId: ..., key, value }` (missing `resourceSignature`)
- `lib/node/pl-client/src/core/transaction.ts:828` — `resourceKeyValueDelete: { resourceId: ..., key }` (missing `resourceSignature`)
- `lib/node/pl-client/src/core/transaction.ts:839` — `resourceKeyValueGet: { resourceId: ..., key }` (missing `resourceSignature`)
- `lib/node/pl-client/src/core/transaction.ts:867` — `resourceKeyValueGetIfExists: { resourceId: ..., key }` (missing `resourceSignature`)

If the signature fields are intentionally left empty for now (color system not yet integrated), the fix is to add `resourceSignature: new Uint8Array(0)` (or a shared constant) to each object literal, or to make `resourceSignature` optional (`?`) in the generated interfaces.

How can I resolve this? If you propose a fix, please make it concise.

---

This is a comment left during a code review.
Path: lib/node/pl-client/proto/plapi/plapiproto/api.proto
Line: 32

Comment:
**Typo: "successfull" → "successful"**

The comment on the `acquired` field in `LockFieldValues.Create.Response` contains a double-l typo.

```suggestion
        // Client MUST pay attention to this flag, as it shows if lock was successful.
```

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "MILAB-5815: feat: proto update" | Re-trigger Greptile}

[changeset-bot]

🦋 Changeset detected

Latest commit: 4fcafff

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 9 packages

Name	Type
@milaboratories/pl-client	Major
@milaboratories/pl-model-backend	Patch
@milaboratories/pl-errors	Patch
@milaboratories/pl-tree	Patch
@milaboratories/pl-drivers	Patch
@milaboratories/pl-middle-layer	Patch
@platforma-sdk/pl-cli	Patch
@platforma-sdk/test	Patch
@platforma-sdk/tengo-builder	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[notion-workspace]

[backend][SR:M3] Tx Authorization Layer (API level)

[gemini-code-assist]

Code Review

This pull request introduces significant updates to the platform API, primarily focusing on resource security and locking mechanisms. Key changes include the addition of resource_signature and color_proof fields across various resource and KV operations to enhance verification. A new LockFieldValues RPC has been implemented for optimistic locking of field references, and the Lease API endpoints have been updated. Additionally, ResourceSchema now supports granular AccessFlags for non-controller roles and automatic locking controls. The TypeScript client has been updated to reflect these proto changes, including field renames and regenerated gRPC code. Feedback was provided to correct a grammatical error in the documentation for the locking logic.

[codecov]

Codecov Report

❌ Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 54.20%. Comparing base (25bd611) to head (4fcafff).
⚠️ Report is 17 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
lib/node/pl-client/src/core/transaction.ts	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1531      +/-   ##
==========================================
- Coverage   54.55%   54.20%   -0.36%     
==========================================
  Files         250      254       +4     
  Lines       14467    14537      +70     
  Branches     2999     3013      +14     
==========================================
- Hits         7893     7880      -13     
- Misses       5572     5654      +82     
- Partials     1002     1003       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.