hashintel
diff --git a/‎apps/hash-ai-worker-ts/src/activities/flow-activities/shared/infer-summaries-then-claims-from-text/get-entity-summaries-from-text.ts‎
Lines changed: 2 additions & 2 deletions b/‎apps/hash-ai-worker-ts/src/activities/flow-activities/shared/infer-summaries-then-claims-from-text/get-entity-summaries-from-text.ts‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎apps/hash-ai-worker-ts/src/activities/shared/get-llm-response.ts‎
Lines changed: 17 additions & 31 deletions b/‎apps/hash-ai-worker-ts/src/activities/shared/get-llm-response.ts‎
Lines changed: 17 additions & 31 deletions
diff --git a/‎apps/hash-api/src/graph/knowledge/system-types/linear-integration-entity.ts‎
Lines changed: 26 additions & 36 deletions b/‎apps/hash-api/src/graph/knowledge/system-types/linear-integration-entity.ts‎
Lines changed: 26 additions & 36 deletions
diff --git a/‎apps/hash-api/src/graph/knowledge/system-types/user-secret.ts‎
Lines changed: 29 additions & 27 deletions b/‎apps/hash-api/src/graph/knowledge/system-types/user-secret.ts‎
Lines changed: 29 additions & 27 deletions
diff --git a/‎apps/hash-api/src/graphql/resolvers/knowledge/user/submit-early-access-form.ts‎
Lines changed: 14 additions & 23 deletions b/‎apps/hash-api/src/graphql/resolvers/knowledge/user/submit-early-access-form.ts‎
Lines changed: 14 additions & 23 deletions
@@ -257,9 +257,9 @@ export const getEntitySummariesFromText = async (params: {
     };
 
     for (const { name, summary, type } of toolCallEntitySummaries) {
-      const entityUuid = generateUuid();
+      const entityUuid = generateUuid() as EntityUuid;
 
-      const entityId = entityIdFromComponents(webId, entityUuid as EntityUuid);
+      const entityId = entityIdFromComponents(webId, entityUuid);
 
       const isKnownType = dereferencedEntityTypes.some(
         (dereferencedEntityType) => dereferencedEntityType.$id === type,
 
@@ -10,7 +10,6 @@ import { getInstanceAdminsTeam } from "@local/hash-backend-utils/hash-instance";
 import { createUsageRecord } from "@local/hash-backend-utils/service-usage";
 import type { GraphApi } from "@local/hash-graph-client";
 import { HashEntity } from "@local/hash-graph-sdk/entity";
-import { createPolicy } from "@local/hash-graph-sdk/policy";
 import type { FlowUsageRecordCustomMetadata } from "@local/hash-isomorphic-utils/flows/types";
 import { generateUuid } from "@local/hash-isomorphic-utils/generate-uuid";
 import { systemLinkEntityTypes } from "@local/hash-isomorphic-utils/ontology-type-ids";
@@ -207,6 +206,19 @@ export const getLlmResponse = async <T extends LlmParams>(
         } satisfies OriginProvenance,
       };
 
+      const viewPrincipals: PrincipalConstraint[] = [
+        {
+          type: "actor",
+          actorType: "user",
+          id: userAccountId,
+        },
+        {
+          type: "actor",
+          actorType: "ai",
+          id: aiAssistantAccountId,
+        },
+      ];
+
       const errors = await Promise.all(
         incurredInEntities.map(async ({ entityId }) => {
           try {
@@ -251,40 +263,14 @@ export const getLlmResponse = async <T extends LlmParams>(
                     },
                   },
                 ],
-              },
-            );
-
-            const viewPrincipals: PrincipalConstraint[] = [
-              {
-                type: "actor",
-                actorType: "user",
-                id: userAccountId,
-              },
-              {
-                type: "actor",
-                actorType: "ai",
-                id: aiAssistantAccountId,
-              },
-            ];
-
-            // TODO: allow creating policies alongside entity creation
-            //   see https://linear.app/hash/issue/H-4622/allow-creating-policies-alongside-entity-creation
-            for (const principal of viewPrincipals) {
-              await createPolicy(
-                graphApiClient,
-                { actorId: aiAssistantAccountId },
-                {
+                policies: viewPrincipals.map((principal) => ({
                   name: `usage-record-view-entity-${incurredInEntityUuid}`,
                   effect: "permit",
                   actions: ["viewEntity"],
                   principal,
-                  resource: {
-                    type: "entity",
-                    id: incurredInEntityUuid,
-                  },
-                },
-              );
-            }
+                })),
+              },
+            );
 
             return [];
           } catch (error) {
 
@@ -8,6 +8,7 @@ import type {
   BaseUrl,
   Entity,
   EntityId,
+  EntityUuid,
   MachineId,
 } from "@blockprotocol/type-system";
 import {
@@ -17,7 +18,7 @@ import {
 import { EntityTypeMismatchError } from "@local/hash-backend-utils/error";
 import type { EntityRelationAndSubjectBranded } from "@local/hash-graph-sdk/authorization";
 import type { HashEntity } from "@local/hash-graph-sdk/entity";
-import { createPolicy } from "@local/hash-graph-sdk/policy";
+import { generateUuid } from "@local/hash-isomorphic-utils/generate-uuid";
 import {
   currentTimeInstantTemporalAxes,
   generateVersionedUrlMatchingFilter,
@@ -391,42 +392,31 @@ export const linkIntegrationToWeb: ImpureGraphFunction<
       linearIntegrationEntityId,
     );
 
-    const linkEntity = await createLinkEntity<SyncLinearDataWith>(
-      context,
-      authentication,
-      {
-        webId: linearIntegrationWebId,
-        properties,
-        linkData: {
-          leftEntityId: linearIntegrationEntityId,
-          rightEntityId: webEntityId,
-        },
-        entityTypeIds: [
-          systemLinkEntityTypes.syncLinearDataWith.linkEntityTypeId,
-        ],
-        relationships: linearIntegrationRelationships,
-      },
-    );
-
-    const linkEntityUuid = extractEntityUuidFromEntityId(
-      linkEntity.metadata.recordId.entityId,
-    );
-
-    // TODO: allow creating policies alongside entity creation
-    //   see https://linear.app/hash/issue/H-4622/allow-creating-policies-alongside-entity-creation
-    await createPolicy(context.graphApi, authentication, {
-      name: `linear-integration-bot-view-link-entity-${linkEntityUuid}`,
-      principal: {
-        type: "actor",
-        actorType: "machine",
-        id: linearBotMachineId,
-      },
-      effect: "permit",
-      actions: ["viewEntity"],
-      resource: {
-        type: "entity",
-        id: linkEntityUuid,
+    const linkEntityUuid = generateUuid() as EntityUuid;
+    await createLinkEntity<SyncLinearDataWith>(context, authentication, {
+      webId: linearIntegrationWebId,
+      entityUuid: linkEntityUuid,
+      properties,
+      linkData: {
+        leftEntityId: linearIntegrationEntityId,
+        rightEntityId: webEntityId,
       },
+      entityTypeIds: [
+        systemLinkEntityTypes.syncLinearDataWith.linkEntityTypeId,
+      ],
+      relationships: linearIntegrationRelationships,
+      policies: [
+        {
+          name: `linear-integration-bot-view-link-entity-${linkEntityUuid}`,
+          principal: {
+            type: "actor",
+            actorType: "machine",
+            id: linearBotMachineId,
+          },
+          effect: "permit",
+          actions: ["viewEntity"],
+        },
+      ],
     });
   }
 };
@@ -14,7 +14,6 @@ import type {
 import { createUserSecretPath } from "@local/hash-backend-utils/vault";
 import type { GraphApi } from "@local/hash-graph-client";
 import type { EntityRelationAndSubjectBranded } from "@local/hash-graph-sdk/authorization";
-import { createPolicy } from "@local/hash-graph-sdk/policy";
 import { generateUuid } from "@local/hash-isomorphic-utils/generate-uuid";
 import {
   systemEntityTypes,
@@ -182,6 +181,19 @@ export const createUserSecret = async <
     );
   }
 
+  const viewPrincipals: PrincipalConstraint[] = [
+    {
+      type: "actor",
+      actorType: "user",
+      id: userAccountId,
+    },
+    {
+      type: "actor",
+      actorType: "machine",
+      id: managingBotAccountId,
+    },
+  ];
+
   const userSecretEntityUuid = generateUuid() as EntityUuid;
   const usesUserSecretEntityUuid = generateUuid() as EntityUuid;
 
@@ -194,6 +206,16 @@ export const createUserSecret = async <
       entityUuid: userSecretEntityUuid,
       properties: secretMetadata,
       relationships: botEditorUserViewerOnly,
+      policies: viewPrincipals.map((principal) => ({
+        name: `user-secret-view-entity-${userSecretEntityUuid}`,
+        principal,
+        effect: "permit",
+        actions: ["viewEntity"],
+        resource: {
+          type: "entity",
+          id: userSecretEntityUuid,
+        },
+      })),
     },
   );
 
@@ -211,38 +233,18 @@ export const createUserSecret = async <
       },
       entityTypeIds: [systemLinkEntityTypes.usesUserSecret.linkEntityTypeId],
       relationships: botEditorUserViewerOnly,
-    },
-  );
-
-  const viewPrincipals: PrincipalConstraint[] = [
-    {
-      type: "actor",
-      actorType: "user",
-      id: userAccountId,
-    },
-    {
-      type: "actor",
-      actorType: "machine",
-      id: managingBotAccountId,
-    },
-  ];
-
-  // TODO: allow creating policies alongside entity creation
-  //   see https://linear.app/hash/issue/H-4622/allow-creating-policies-alongside-entity-creation
-  for (const entityUuid of [userSecretEntityUuid, usesUserSecretEntityUuid]) {
-    for (const principal of viewPrincipals) {
-      await createPolicy(graphApi, authentication, {
-        name: `user-secret-view-entity-${entityUuid}`,
+      policies: viewPrincipals.map((principal) => ({
+        name: `user-secret-view-entity-${usesUserSecretEntityUuid}`,
         principal,
         effect: "permit",
         actions: ["viewEntity"],
         resource: {
           type: "entity",
-          id: entityUuid,
+          id: usesUserSecretEntityUuid,
         },
-      });
-    }
-  }
+      })),
+    },
+  );
 
   return userSecretEntity.metadata.recordId.entityId;
 };
@@ -1,9 +1,5 @@
-import {
-  extractEntityUuidFromEntityId,
-  type WebId,
-} from "@blockprotocol/type-system";
+import type { WebId } from "@blockprotocol/type-system";
 import { getInstanceAdminsTeam } from "@local/hash-backend-utils/hash-instance";
-import { createPolicy } from "@local/hash-graph-sdk/policy";
 import { systemEntityTypes } from "@local/hash-isomorphic-utils/ontology-type-ids";
 import { simplifyProperties } from "@local/hash-isomorphic-utils/simplify-properties";
 import type { ProspectiveUser } from "@local/hash-isomorphic-utils/system-types/prospectiveuser";
@@ -35,7 +31,7 @@ export const submitEarlyAccessFormResolver: ResolverFn<
     authentication,
   );
 
-  const entity = await createEntity<ProspectiveUser>(
+  await createEntity<ProspectiveUser>(
     context,
     /** The user does not yet have permissions to create entities, so we do it with the HASH system account instead */
     authentication,
@@ -134,26 +130,21 @@ export const submitEarlyAccessFormResolver: ResolverFn<
           },
         },
       ],
+      policies: [
+        {
+          name: "prospective-user-view-entity",
+          principal: {
+            type: "actor",
+            actorType: "user",
+            id: user.accountId,
+          },
+          effect: "permit",
+          actions: ["viewEntity"],
+        },
+      ],
     },
   );
 
-  // TODO: allow creating policies alongside entity creation
-  //   see https://linear.app/hash/issue/H-4622/allow-creating-policies-alongside-entity-creation
-  await createPolicy(context.graphApi, authentication, {
-    name: "prospective-user-view-entity",
-    principal: {
-      type: "actor",
-      actorType: "user",
-      id: user.accountId,
-    },
-    effect: "permit",
-    actions: ["viewEntity"],
-    resource: {
-      type: "entity",
-      id: extractEntityUuidFromEntityId(entity.entityId),
-    },
-  });
-
   if (process.env.ACCESS_FORM_SLACK_WEBHOOK_URL) {
     const simpleProperties = simplifyProperties(properties);
     const slackMessage = {