Edition Feature Matrix

SkillMeat offers two editions optimized for different deployment scenarios: Local for personal use and single-user deployments, and Enterprise for multi-tenant installations. This comprehensive reference document explains the differences, feature availability, and configuration options for each edition.

Quick Reference: Which Edition Do I Need?

Scenario	Edition	Why
Personal artifact collection, local development	Local	Zero-config auth, SQLite, filesystem-native
Single-user production deployment	Local	Simpler operations, no external database
Multiple users, teams, organizational deployment	Enterprise	Multi-tenant support via role-based access control (RBAC)
Strict data isolation requirements	Enterprise	Tenant-scoped row-level security (RLS) on all tables
High-volume artifact management	Enterprise	PostgreSQL scalability and full-text search

---

Edition Overview

Local Edition

The Local edition is optimized for personal use, local development, and single-user deployments. It uses SQLite for data storage and the filesystem as the primary source of truth for artifacts.

Configuration: - Set SKILLMEAT_EDITION=local (default) - No additional environment variables required - SQLite database created automatically in user's collection directory

Authentication: - Defaults to LocalAuthProvider (zero-config) - Every request receives local_admin identity with full permissions - Optional: Enable basic local auth for credential enforcement

Enterprise Edition

The Enterprise edition supports multi-tenant deployments with PostgreSQL, enabling multiple organizations or teams to use the same deployment while maintaining strict data isolation.

Configuration: - Set SKILLMEAT_EDITION=enterprise - Requires DATABASE_URL pointing to PostgreSQL instance - Supports both LocalAuthProvider and Clerk for authentication

Authentication: - LocalAuthProvider: Basic credential-based auth - Clerk: JWT-based SSO integration for enterprise deployments - Enterprise PAT: Separate bootstrap auth for service clients

---

Edition Comparison

Aspect	Local	Enterprise
Database	SQLite	PostgreSQL
Multi-tenant support	No	Yes (row-level security)
Primary source of truth	Filesystem	Database cache
Default authentication	LocalAuthProvider (zero-config)	LocalAuthProvider or Clerk
Primary key type	Integer	UUID
ORM style	SQLAlchemy 1.x query()	SQLAlchemy 2.x select()
Artifact storage	Filesystem (CollectionManager)	Database + optional filesystem sync
Export capability	Full TOML/JSON export	Database-backed, limited export
Rate limiting	Optional	Supported
Full-text search	Not supported	Supported (PostgreSQL tsvector)

---

Feature Availability Matrix

This table shows which features are available in each edition and which require feature flags to enable.

Feature	Local	Enterprise	Feature Flag	Notes
Core Artifact Management
Collection CRUD	Yes	Yes	—	Different repository implementations per edition
Artifact creation	Yes	Yes	—
Artifact uploads	Yes	No	—	Filesystem writes only in Local
Artifact deletion	Yes	No	—	Filesystem deletion only in Local
File content CRUD	Yes	Yes	—	Local uses filesystem; Enterprise uses CAS blob storage
Artifact metadata editing	Yes	Yes	—
Artifact versioning	Yes	Yes	—
Version History
Version history timeline	Yes	Yes	version_history_ui_enabled (enabled)	Chronological view of all versions
Version diff (any two versions)	Yes	Yes	version_history_ui_enabled (enabled)	Compare arbitrary version pairs
Restore by hash	Yes	Yes	version_history_ui_enabled (enabled)	Restore artifact to any prior version
Per-user version scoping	No	Yes	—	Enterprise-only: filter by user
Per-team version scoping	No	Yes	—	Enterprise-only: filter by team
Promotion workflow (user→team→enterprise)	No	Yes	—	Enterprise-only: approval chain
Divergence monitoring	No	Yes	—	Enterprise-only: detect source conflicts
Admin force-sync	No	Yes	—	Enterprise-only: override conflicts
Bulk admin version actions	No	Yes	—	Enterprise-only: batch restore/purge
Discovery & Population
Auto-discovery	Yes	Yes	enable_auto_discovery (enabled)	Scans filesystem or DB for artifacts
Auto-population (GitHub metadata)	Yes	Yes	enable_auto_population (enabled)	Fetches metadata from GitHub
Composite Artifacts
Composite artifact detection	Yes	Yes	composite_artifacts_enabled (enabled)	Recognizes multi-file artifact patterns
Composite artifact CRUD	Yes	Yes	composite_artifacts_enabled (enabled)
Deployment & Projects
Projects	Yes	Yes	—	.claude/ directories in Local; DB scoped in Enterprise
Deployment profiles	Yes	Yes	—
Deployment sets	Yes	Yes	deployment_sets_enabled (enabled)
Git Connections
Git connection CRUD	Yes	Yes	—	Create, edit, delete repository connections
Multi-project linking	Yes	Yes	—	Link one connection to multiple projects
Git Sources tab on projects	Yes	Yes	—	View and manage linked connections per project
Connection filtering (project, unlinked)	Yes	Yes	—	Filter connections list by project or unlinked status
Team-scoped connection filtering	No	Yes	—	Filter connections by team
Layered token management	No	Yes	—	Per-connection, per-developer, and org-level tokens
Token Management panel	No	Yes	—	Enterprise UI for managing credential hierarchy
Scan configuration	Yes	Yes	—	Branch override and artifact type filters
Organization
Tags	Yes	Yes	—
Groups	Yes	Yes	—
Content Organization
Context entities	Yes	Yes	—
Context modules	Yes	Yes	—
Project templates	Yes	Yes	—
Publishing & Marketplace
Marketplace publishing	Yes	Yes	—
Marketplace consumption	Yes	Yes	—
Source exclusions	Yes	Yes	—	Marketplace filtering
Advanced Features
Bundle authoring	Yes	Yes	bundle_authoring_enabled (enabled)	Bundle entity CRUD
Memory & context system	Yes	Yes	memory_context_enabled (enabled)	Captures learnings and decisions
Workflow engine	Yes	Yes	workflow_engine_enabled (enabled)	SWDL parsing and execution
Workflow-artifact sync	Yes	Yes	workflow_artifact_sync_enabled (enabled)	Keeps workflows in sync with artifacts
MCP & Sync
MCP management	Yes	No	—	Filesystem-only MCP operations
Sync management	Yes	No	—	SyncManager not available in Enterprise
Sync status & diffing	Yes	Yes	—	Different implementation per edition
Analytics & Observability
SAM telemetry ingestion	Yes*	Yes*	sam_telemetry_ingestion_enabled (disabled)	*Requires PostgreSQL telemetry models; off by default
Backstage analytics widgets	Yes*	Yes*	—	*Depends on telemetry data availability
Planned Features
SkillBOM generation	No	No	skillbom_enabled (disabled)	Phase 5
Modular content architecture	No	No	modular_content_architecture (disabled)	Phase 5
IDP bundle resolution	No	No	idp_bundle_resolution_enabled (disabled)	Planned
IDP drift detection	No	No	idp_drift_detection_enabled (disabled)	Planned
IDP content drift tracking	No	No	idp_content_drift_enabled (disabled)	Planned
Memory auto-extraction	No	No	memory_auto_extract (disabled)	Planned
Enterprise-only Features
Full-text search	No	Yes	—	PostgreSQL tsvector indexes
Row-level security (RLS)	No	Yes	—	Multi-tenant isolation
Advanced RBAC	No	Yes*	—	*Planned enhancement

---

Feature Flag Reference

All feature flags are controlled via environment variables or the configuration file. The following table documents all available flags.

Flag	Default	Environment Variable	Description
edition	local	SKILLMEAT_EDITION	Deployment edition: local or enterprise
auth_enabled	false	SKILLMEAT_AUTH_ENABLED	Enforce authentication on all endpoints
auth_provider	local	SKILLMEAT_AUTH_PROVIDER	Auth provider: local (credentials) or clerk (JWT)
enable_auto_discovery	true	SKILLMEAT_ENABLE_AUTO_DISCOVERY	Automatically discover artifacts on startup
enable_auto_population	true	SKILLMEAT_ENABLE_AUTO_POPULATION	Fetch GitHub metadata automatically
composite_artifacts_enabled	true	SKILLMEAT_COMPOSITE_ARTIFACTS_ENABLED	Enable composite artifact detection
deployment_sets_enabled	true	SKILLMEAT_DEPLOYMENT_SETS_ENABLED	Enable deployment set management
memory_context_enabled	true	SKILLMEAT_MEMORY_CONTEXT_ENABLED	Enable memory and context system
workflow_engine_enabled	true	SKILLMEAT_WORKFLOW_ENGINE_ENABLED	Enable workflow execution engine
workflow_artifact_sync_enabled	true	SKILLMEAT_WORKFLOW_ARTIFACT_SYNC_ENABLED	Keep workflows in sync with artifacts
bundle_authoring_enabled	true	SKILLMEAT_BUNDLE_AUTHORING_ENABLED	Enable bundle entity creation and editing
version_history_ui_enabled	true	SKILLMEAT_VERSION_HISTORY_UI_ENABLED	Enable version history UI and restore operations
sam_telemetry_ingestion_enabled	false	SKILLMEAT_SAM_TELEMETRY_INGESTION_ENABLED	Enable SAM telemetry data ingestion
skillbom_enabled	false	SKILLMEAT_SKILLBOM_ENABLED	Enable SkillBOM generation (Phase 5)
modular_content_architecture	false	SKILLMEAT_MODULAR_CONTENT_ARCHITECTURE	Enable modular content (Phase 5)
memory_auto_extract	false	SKILLMEAT_MEMORY_AUTO_EXTRACT	Automatically extract memories from artifacts
idp_bundle_resolution_enabled	false	SKILLMEAT_IDP_BUNDLE_RESOLUTION_ENABLED	Enable IDP bundle resolution
idp_drift_detection_enabled	false	SKILLMEAT_IDP_DRIFT_DETECTION_ENABLED	Enable IDP drift detection
idp_content_drift_enabled	false	SKILLMEAT_IDP_CONTENT_DRIFT_ENABLED	Enable IDP content drift tracking
rate_limit_enabled	false	SKILLMEAT_RATE_LIMIT_ENABLED	Enable API rate limiting

Setting Feature Flags

Environment variables (recommended for deployment):

export SKILLMEAT_EDITION=enterprise
export SKILLMEAT_AUTH_ENABLED=true
export SKILLMEAT_AUTH_PROVIDER=clerk
export SKILLMEAT_SAM_TELEMETRY_INGESTION_ENABLED=true

Configuration file (~/.skillmeat/settings.toml):

[skillmeat]
edition = "enterprise"
auth_enabled = true
auth_provider = "clerk"
version_history_ui_enabled = true
sam_telemetry_ingestion_enabled = true
enable_auto_discovery = true
enable_auto_population = true

---

Repository Implementations

The SkillMeat dependency injection system selects the appropriate repository implementation based on the configured edition. This ensures data access patterns are optimized for each backend.

Architecture Pattern

The factory functions in skillmeat/api/dependencies.py select implementations at runtime:

# Pseudo-code example
def get_artifact_repository(settings: APISettings):
    if settings.edition == "local":
        return LocalArtifactRepository()
    else:
        return EnterpriseArtifactRepository(db_session)

Repository Interface → Implementation Mapping

Interface	Local Implementation	Enterprise Implementation	Purpose
IArtifactRepository	LocalArtifactRepository	EnterpriseArtifactRepository	Artifact CRUD
ICollectionRepository	LocalCollectionRepository	EnterpriseCollectionRepository	Collection management
IProjectRepository	LocalProjectRepository	EnterpriseProjectRepository	Project scoping
IDeploymentRepository	LocalDeploymentRepository	EnterpriseDeploymentRepository	Deployment tracking
ITagRepository	LocalTagRepository	EnterpriseTagRepository	Tag management
ISettingsRepository	LocalSettingsRepository	EnterpriseSettingsRepository	Settings persistence
IGroupRepository	LocalGroupRepository	EnterpriseGroupRepository	Group organization
IContextEntityRepository	LocalContextEntityRepository	EnterpriseContextEntityRepository	Context entity storage
IMarketplaceSourceRepository	LocalMarketplaceSourceRepository	EnterpriseMarketplaceSourceRepository	Marketplace sources
IProjectTemplateRepository	LocalProjectTemplateRepository	EnterpriseProjectTemplateRepository	Template management
IBundleRepository	LocalBundleRepository	Database-backed	Bundle storage
IMembershipRepository	LocalMembershipRepository	Database-backed	User membership
IArtifactActivityRepository	LocalArtifactActivityRepository	EnterpriseArtifactActivityRepository	Activity logging
IDbArtifactHistoryRepository	DbArtifactHistoryRepository	EnterpriseArtifactHistoryStub	Version history
IDbCollectionArtifactRepository	DbCollectionArtifactRepository	EnterpriseDbCollectionArtifactRepository	Collection artifacts
IDbUserCollectionRepository	DbUserCollectionRepository	EnterpriseUserCollectionAdapter	User collections

Key Pattern: Local implementations read/write the filesystem and SQLite; Enterprise implementations work exclusively with PostgreSQL and row-level security enforcement.

---

Database Schema & Migrations

Local Edition Schema

Migration file: 001_consolidated_schema.py

A single consolidated migration creates all tables for the Local edition in SQLite:

• Collections (TOML manifest)
• Artifacts (filesystem metadata)
• Projects (local .claude/ directories)
• Tags, groups, activities
• Settings and configuration
• Bundles, memberships, context entities
• Deployments and project templates

Key characteristics: - Single migration for all shared functionality - Integer primary keys - SQLite-compatible types (no JSONB, UUID) - No tenant isolation columns

Enterprise Edition Schema

Migration track: Sequential ent_001 through ent_009 (PostgreSQL only)

Migration	Purpose	Tables Created
ent_001	Core enterprise schema	Users, organizations, tenants, policies
ent_002	Tenant isolation	Adds tenant_id to all resource tables, RLS policies
ent_003	Auth identity	Identity providers, OIDC configuration
ent_004	Clerk integration	Clerk sync tables, webhook handlers
ent_005	RBAC	Roles, permissions, role assignments
ent_006	Auth audit	Login history, token revocation, audit logs
ent_007	Owner polymorphism	Owner-type column (user/group/service), UUID PKs
ent_008	Enterprise parity	Replicates Local tables with UUID PKs and JSONB support
ent_009	Telemetry	ExecutionOutcome, ProjectAgenticMetrics, rollup tables

Shared Feature Migrations

Migrations for features available in both editions are applied to both Local and Enterprise:

• Workflows (mig_001_workflows.py): SWDL parsing, execution engine
• Bundles (mig_002_bundles.py): Bundle entity structure (applied after edition-specific setup)
• Attestation (mig_003_attestation.py): Code signing and verification
• Drift detection (mig_004_drift.py): IDP drift tracking (planned)
• Scaffolding (mig_005_scaffold.py): Project templates and bootstrap
• Additional features as they ship

PostgreSQL-Specific Migrations

Migration file: pg_001_fulltext_search.py

Creates full-text search infrastructure (Enterprise PostgreSQL only):

• tsvector columns on searchable tables
• GIN indexes for fast full-text queries
• Search rank functions and utilities
• Not applied to Local (SQLite has limited FTS support)

---

Authentication Modes

SkillMeat supports three authentication approaches, with defaults and feature support varying by edition.

Mode	Config	Default	Best For
Zero-Auth	auth_enabled=false	✓ Local	Personal use, development
Local Auth	auth_enabled=true, auth_provider=local	Enterprise (optional)	Basic credential enforcement
Clerk JWT	auth_enabled=true, auth_provider=clerk	Enterprise option	SSO, production multi-user

Zero-Auth (Default)

All API requests succeed without credentials. Every user automatically receives the local_admin identity with full system permissions.

Use when: - Building artifact collections locally - Testing features without authentication overhead - Single-developer deployments

Configuration:

# Default behavior — no additional configuration needed
export SKILLMEAT_AUTH_ENABLED=false

Local Authentication

Basic credential-based authentication. Users provide username/password for API access.

Use when: - Need basic auth enforcement - Deploying to small teams (2-5 users) - Don't require SSO integration

Configuration:

export SKILLMEAT_AUTH_ENABLED=true
export SKILLMEAT_AUTH_PROVIDER=local

Clerk JWT Authentication

Enterprise-grade SSO integration via Clerk. Users authenticate through your organization's identity provider.

Use when: - Deploying at organization/team scale - Requiring SAML/OIDC integration - Multi-tenant deployments (Enterprise edition)

Configuration:

export SKILLMEAT_AUTH_ENABLED=true
export SKILLMEAT_AUTH_PROVIDER=clerk
export CLERK_API_KEY=sk_...
export CLERK_WEBHOOK_SECRET=whsec_...

Enterprise PAT (Service Clients)

Separate bootstrap authentication for non-user service clients (CI/CD, monitoring).

Use when: - Authenticating automated systems - Service-to-service communication - Machine accounts need stable credentials

Configuration:

export SKILLMEAT_ENTERPRISE_PAT_SECRET=long-random-string

---

Primary Key Strategies

Local Edition: Integer PKs

All Local tables use integer auto-increment primary keys:

CREATE TABLE artifacts (
  id INTEGER PRIMARY KEY AUTOINCREMENT,
  name TEXT NOT NULL,
  ...
);

Advantages: - Simpler to debug and reason about - Smaller index sizes - Better for SQLite performance

Limitations: - Not globally unique across multiple deployments - Can't be used for cross-deployment sync

Enterprise Edition: UUID PKs

All Enterprise tables use UUID (PostgreSQL UUID type) primary keys:

CREATE TABLE artifacts (
  id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
  name TEXT NOT NULL,
  tenant_id UUID NOT NULL,
  ...
);

Advantages: - Globally unique across all deployments - Safe for distributed systems and replication - Better for multi-tenant isolation

Implications: - All Enterprise implementations must use UUID types - Larger index sizes (acceptable trade-off for PostgreSQL) - Compatible with replication and backup strategies

---

ORM Query Style

Local Edition: SQLAlchemy 1.x Query API

Local implementations use the traditional SQLAlchemy 1.x session.query() style:

# Local: SQLAlchemy 1.x query() style
artifacts = session.query(Artifact).filter(
    Artifact.project_id == project_id
).all()

Why: Simpler mental model, less verbose, well-understood patterns.

Enterprise Edition: SQLAlchemy 2.x Select API

Enterprise implementations use the modern SQLAlchemy 2.x select() style with explicit column selection:

# Enterprise: SQLAlchemy 2.x select() style
stmt = select(Artifact).where(
    Artifact.project_id == project_id,
    Artifact.tenant_id == tenant_id
)
artifacts = session.execute(stmt).scalars().all()

Why: Better support for complex queries, explicit tenant filtering, modern async support, clearer intent.

Note: This is an intentional divergence — not a technical limitation. Both styles work in both databases; the choice reflects deployment patterns and team familiarity.

---

Data Storage Patterns

Local Edition: Filesystem-Centric

In Local mode, the filesystem is the primary source of truth:

• Artifacts: Stored as files/directories under ~/.skillmeat/artifacts/
• Collections: TOML manifest at ~/.skillmeat/manifest.toml
• Projects: Local .claude/ directories tracked by filesystem
• SQLite cache: Derived from filesystem, refreshed on startup or via sync commands

Flow: 1. CLI/API writes to filesystem 2. Cache is refreshed synchronously 3. Web UI reads from cache

Enterprise Edition: Database-Centric

In Enterprise mode, PostgreSQL is the primary source of truth:

• Artifacts: Stored as records in artifacts table with tenant_id isolation
• Collections: Stored as records with full audit trails
• Projects: Records with scope references (no local filesystem)
• Filesystem: Optional sync point, not source of truth

Flow: 1. API writes to database 2. Web UI reads from database 3. Optional: Sync to local projects as needed

---

Migration & Upgrade Paths

Upgrading Local to Enterprise

SkillMeat provides migration utilities to convert from Local to Enterprise:

1. Export artifacts and metadata from Local SQLite
2. Transform into Enterprise PostgreSQL schema (UUID PKs, tenant_id)
3. Import into new Enterprise PostgreSQL instance
4. Verify data integrity and accessibility

Process is documented in: docs/user/migration/local-to-enterprise.md

Feature Flag Rollout

When enabling new features (especially experimental ones), use feature flags to control availability:

1. Default disabled for new features
2. Opt-in per deployment via environment variables
3. Monitoring before broad enablement
4. Deprecation path for old approaches

Example:

# Enable Phase 5 experimental features on test deployment only
export SKILLMEAT_MODULAR_CONTENT_ARCHITECTURE=true
export SKILLMEAT_SKILLBOM_ENABLED=true

---

API Router Support by Edition

This section documents endpoint availability and edition support across the API routers. Unless otherwise specified, endpoints in both editions work with identical semantics and return the same response formats.

Note: Enterprise edition support for most routers was significantly expanded in v2.1 (Phases 1–5). Endpoints marked with ⏳ are deferred to v2.2 pending design decisions or blocking architectural work (e.g., federation design for context sync).

Artifact Management Routers

Router/Endpoint	Local	Enterprise	Authentication	Notes
Versions & History
GET /versions	Yes	Yes	Optional	List artifact versions with pagination
POST /versions/{version_id}/restore	Yes	Yes	Required	Restore artifact to specific version
Bundles
POST /bundles	Yes	Yes	Required	Create named bundle of artifacts
PUT /bundles/{bundle_id}	Yes	Yes	Required	Update bundle metadata
DELETE /bundles/{bundle_id}	Yes	Yes	Required	Delete bundle
GET /bundles/{bundle_id}/export	Yes	Yes	Optional	Export bundle in multiple formats
POST /bundles/import	Yes	No	Required	ZIP bundle import — local only. Enterprise: use snapshot restore or artifact copy (/api/v1/enterprise-collections/{id}/restore). Returns 404 not_applicable_in_edition in enterprise.
POST /bundles/preview	Yes	No	Optional	ZIP bundle preview — local only. Enterprise: use snapshot restore. Returns 404 not_applicable_in_edition in enterprise.
POST /bundles/export	Yes	No	Required	ZIP bundle export — local only (reads local CollectionManager). Enterprise: use artifact copy endpoints. Returns 404 not_applicable_in_edition in enterprise.
Memory Items
GET /memory-items	Yes	Yes	Optional	List memory items with pagination
GET /memory-items/{item_id}	Yes	Yes	Optional	Get memory item details
POST /memory-items	Yes	Yes	Required	Create memory item
PUT /memory-items/{item_id}	Yes	Yes	Required	Update memory item
DELETE /memory-items/{item_id}	Yes	Yes	Required	Delete memory item
GET /memory-items/search	Yes	Yes	Optional	Search memory items
Settings
GET /settings/user	Yes	Yes	Optional	Get user preferences
PUT /settings/user	Yes	Yes	Required	Update user preferences
GET /settings/notifications	Yes	Yes	Optional	List notification preferences
PUT /settings/notifications	Yes	Yes	Required	Update notification settings
DELETE /settings/notifications/{notif_id}	Yes	Yes	Required	Delete notification preference
User Collections
POST /user-collections	Yes	Yes	Required	Create user-scoped collection
GET /user-collections	Yes	Yes	Optional	List user's collections
GET /user-collections/{collection_id}	Yes	Yes	Optional	Get collection with metadata
PUT /user-collections/{collection_id}	Yes	Yes	Required	Update collection properties
DELETE /user-collections/{collection_id}	Yes	Yes	Required	Delete collection (soft)
GET /user-collections/{collection_id}/artifacts	Yes	Yes	Optional	List collection members
POST /user-collections/{collection_id}/artifacts	Yes	Yes	Required	Add artifact to collection
DELETE /user-collections/{collection_id}/artifacts/{artifact_id}	Yes	Yes	Required	Remove artifact from collection
POST /user-collections/{collection_id}/refresh	Yes	Yes	Required	Refresh collection metadata
Artifact Links
POST /artifacts/{artifact_id}/linked-artifacts	Yes	Yes	Required	Create link to another artifact
GET /artifacts/{artifact_id}/linked-artifacts	Yes	Yes	Optional	List linked artifacts
DELETE /artifacts/{artifact_id}/linked-artifacts/{target_id}	Yes	Yes	Required	Remove artifact link
GET /artifacts/{artifact_id}/unlinked-references	Yes	Yes	Optional	Find references without links
Artifact Legacy
GET /artifacts	Yes	Yes	Optional	List artifacts (legacy subset)
GET /artifacts/{artifact_id}	Yes	Yes	Optional	Get artifact details (legacy)

Project & Template Management Routers

Router/Endpoint	Local	Enterprise	Authentication	Notes
Scaffold Templates
GET /scaffold-templates	Yes	Yes	Optional	List available project templates
GET /scaffold-templates/{id}	Yes	Yes	Optional	Get template details
POST /scaffold-templates	Yes	Yes	Required	Create custom template
DELETE /scaffold-templates/{id}	Yes	Yes	Required	Delete template
Bill of Materials
GET /bom/snapshot	Yes	Yes	Optional	Get current artifact BoM snapshot
GET /bom/export-formats	Yes	Yes	Optional	List available export formats
POST /bom/export	Yes	Yes	Optional	Export BoM in specified format
POST /bom/regenerate	Yes	Yes	Required	Regenerate BoM snapshot
GET /bom/status	Yes	Yes	Optional	Get BoM generation status
Cache Management
POST /cache/refresh	Yes	Yes	Required	Refresh artifact cache (scope: all, project, artifact)
POST /cache/invalidate	Yes	Yes	Required	Invalidate cache (scope: all, project, artifact, tier)
GET /cache/status	Yes	Yes	Optional	Get cache status and metrics
Context Sync			⏳
GET /context-sync/status	Yes	⏳ Deferred to v2.2	Optional	Get sync status and conflicts
POST /context-sync/pack	Yes	⏳ Deferred to v2.2	Required	Create context pack
POST /context-sync/pull	Yes	⏳ Deferred to v2.2	Required	Pull context pack from source

Marketplace & Source Management Routers

Router/Endpoint	Local	Enterprise	Authentication	Notes
Marketplace Sources
POST /marketplace-sources	Yes	Yes	Required	Create GitHub repository source
GET /marketplace-sources	Yes	Yes	Optional	List sources with pagination
GET /marketplace-sources/{id}	Yes	Yes	Optional	Get source details
PATCH /marketplace-sources/{id}	Yes	Yes	Required	Update source metadata
DELETE /marketplace-sources/{id}	Yes	Yes	Required	Delete source
POST /marketplace-sources/{id}/rescan	Yes	Yes	Required	Trigger source rescan
GET /marketplace-sources/{id}/artifacts	Yes	Yes	Optional	List discovered artifacts
PATCH /marketplace-sources/{id}/artifacts/{entry_id}	Yes	Yes	Required	Update artifact name
POST /marketplace-sources/{id}/import	Yes	Yes	Required	Import artifacts to collection
PATCH /marketplace-sources/{id}/artifacts/{entry_id}/exclude	Yes	Yes	Required	Mark artifact as excluded
DELETE /marketplace-sources/{id}/artifacts/{entry_id}/exclude	Yes	Yes	Required	Restore excluded artifact
GET /marketplace-sources/{id}/auto-tags	Yes	Yes	Optional	Get auto-tags from GitHub topics
PATCH /marketplace-sources/{id}/auto-tags	Yes	Yes	Required	Approve/reject auto-tags
POST /marketplace-sources/{id}/refresh-auto-tags	Yes	Yes	Required	Refresh auto-tags from GitHub

Enterprise-Only Routers

Enterprise edition adds specialized routers for multi-tenant and governance capabilities:

Router/Endpoint	Support	Authentication	Notes
Enterprise Artifacts
POST /enterprise/artifacts	Enterprise	Required	Create tenant-scoped artifact
GET /enterprise/artifacts	Enterprise	Optional	List artifacts (tenant-isolated)
GET /enterprise/artifacts/{artifact_id}	Enterprise	Optional	Get artifact with RLS enforcement
PATCH /enterprise/artifacts/{artifact_id}	Enterprise	Required	Update artifact (tenant scoped)
DELETE /enterprise/artifacts/{artifact_id}	Enterprise	Required	Delete artifact (soft, tenant scoped)
POST /enterprise/artifacts/{artifact_id}/cascade-rollout	Enterprise	Required	Publish artifact to users
Enterprise Collections
GET /enterprise/collections	Enterprise	Optional	List global collections
POST /enterprise/collections	Enterprise	Required	Create global collection
POST /enterprise/collections/{id}/bind	Enterprise	Required	Bind user or team to collection
DELETE /enterprise/collections/{id}/bindings/{binding_id}	Enterprise	Required	Unbind user or team
DVCS Governance
POST /governance/hard-update	Both*	Required	Override normal update checks (requires dvcs_signature_verification=true)
GET /governance/compliance-status	Both*	Optional	Get compliance status (requires dvcs_signature_verification=true)
POST /governance/sign-version	Both*	Required	Sign specific artifact version (requires dvcs_signature_verification=true)
POST /governance/create-gitops-pr	Both*	Required	Create GitOps PR for hard updates (requires dvcs_signature_verification=true)
POST /governance/trigger-cascade-update	Both*	Required	Trigger upstream cascade with GitOps (requires dvcs_signature_verification=true)

*Enterprise-primary feature requiring system administrator role, but available in Local edition when dvcs_signature_verification=true

Authentication & Authorization

All endpoints in the routers listed above follow this pattern:

Requirement	Behavior	When to Use
Required	Endpoint requires bearer token or API key	Write operations (POST/PUT/PATCH/DELETE), sensitive reads
Optional	Endpoint works with or without authentication	List/get operations for public or user-owned resources
Admin-only	Endpoint restricted to system administrators	Enterprise-exclusive operations, governance features

For authentication configuration, see the Authentication Setup Guide.

Feature Flag Dependencies

Some routers have feature flag gates:

Router	Feature Flag	Default	Control
Deployment Sets	deployment_sets_enabled	true	Enable/disable deployment set endpoints
Marketplace Sources	enable_auto_discovery	true	Auto-discovery of marketplace sources
DVCS Governance	dvcs_signature_verification	true	Enable cryptographic governance

---

Summary: Edition Decision Matrix

Use this matrix to quickly determine which edition and configuration is right for your deployment:

Requirement	Local	Enterprise
Personal/single-user	✓	—
Local development	✓	—
Multiple users/teams	—	✓
Organizational RBAC	—	✓
Multi-tenant SaaS	—	✓
Zero-config setup	✓	—
External database required	—	✓
High availability/replication	—	✓
Full-text search	—	✓
Filesystem-native workflow	✓	—

---

Next Steps

• Getting started with Local: See Server Setup Guide
• Configuring Enterprise: See Authentication Setup Guide
• Deploying with feature flags: See Platform Defaults
• Migrating from Local to Enterprise: See Migration guides (coming soon)