document-ops

Shared-vault document operations

Documents inside a shared vault have the same shape as private-vault documents — DocumentInput, DocumentMetadata, Document — but live under user.sharedVault(id).document instead of user.document.

All operations require the vault to be unsealed and the caller to be a member of the target vault with an appropriate role.

Queries (read)

Available to any vault member (OWNER, MANAGER, EDITOR, VIEWER).

list

query($vaultId: ID!) {
  user {
    sharedVault(id: $vaultId) {
      document {
        list(where: { schemaRef: "https://schema.identa.io/core/PersonFullName.json" }) {
          id version name schemaRef audit { updatedAt }
        }
      }
    }
  }
}

get

query($vaultId: ID!, $docId: ID!) {
  user {
    sharedVault(id: $vaultId) {
      document {
        get(id: $docId) {
          metadata { id version name schemaRef }
          content  { data }
        }
      }
    }
  }
}

versions

query($vaultId: ID!, $docId: ID!) {
  user {
    sharedVault(id: $vaultId) {
      document {
        versions(id: $docId) {
          version audit { updatedAt updatedBy }
        }
      }
    }
  }
}

Mutations (write)

Requires OWNER, MANAGER, or EDITOR role. VIEWER cannot mutate.

create

mutation($vaultId: ID!, $input: DocumentInput!) {
  user {
    sharedVault(id: $vaultId) {
      document {
        create(input: $input) { id version }
      }
    }
  }
}

update

mutation($vaultId: ID!, $docId: ID!, $input: DocumentInput!) {
  user {
    sharedVault(id: $vaultId) {
      document {
        update(id: $docId, input: $input) { id version }
      }
    }
  }
}

delete

mutation($vaultId: ID!, $docId: ID!) {
  user {
    sharedVault(id: $vaultId) {
      document {
        delete(id: $docId)
      }
    }
  }
}

curl (list)

curl -X POST https://api.test.geena.eu/graphql \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "query($v: ID!) { user { sharedVault(id: $v) { document { list { id name } } } } }",
    "variables": { "v": "v1a2-..." }
  }'
Info

The shared-vault document API does not expose validate — use the private-vault user.document.validate to pre-check payloads; the schema registry is the same.