docs: replace TODO links

docs/contrib/protoc-gen-doc-mdx.tmpl

@@ -4,7 +4,7 @@ title: Protocol Buffers API
 
 <!-- This file is generated. Please edit the .proto files instead to update the documentation -->
 
-The API is divided into the [read API](/TODO) and [write API](/TODO).
+The API is divided into the [read APIs](../concepts/api-overview.mdx#read-apis) and [write APIs](../concepts/api-overview.mdx#write-apis).
 Each service is annotated with the API it belongs to.
 
 {{range .Files}}

docs/docs/concepts/namespaces.mdx

@@ -7,13 +7,14 @@ RelationTuplePrism()
 
 Ory Keto knows the concept of namespaces to organize
 [relation tuples](./relation-tuples.mdx). Namespaces have a configuration that
-defines the relations, and some other important values ([see reference](/TODO)).
-Unlike other applications, Ory Keto does **not** isolate namespaces. Especially,
-[subject sets](./subjects.mdx) can cross-reference from one namespace to
-another. The namespaces' purpose is to split up the data into coherent
-partitions, each with its corresponding configuration. Internally each namespace
-has its own table in the database to allow setting individual
-[storage specific options](/TODO).
+defines the relations, and some other important values
+([see reference](./reference/configuration.md)). Unlike other applications, Ory
+Keto does **not** isolate namespaces. Especially, [subject sets](./subjects.mdx)
+can cross-reference from one namespace to another. The namespaces' purpose is to
+split up the data into coherent partitions, each with its corresponding
+configuration. Internally each namespace has its own table in the database to
+allow setting individual
+[storage specific options](https://github.com/ory/keto/issues/303).
 
 ## Scoping of Objects
 
@@ -28,7 +29,7 @@ directories:foo#access@user1
 files:foo#access@user2
 ```
 
-both of the following [check](/TODO) requests
+both of the following [check](./api-overview.mdx#check-relation-tuples) requests
 
 ```keto-relation-tuples
 // Does user2 have access to the directory foo?
@@ -47,7 +48,7 @@ namespace to reference the same object.
 Because namespaces each come with an individual configuration that can even
 modify some storage specific options, it is required to manually review and run
 migrations on namespace configuration updates. Please refer to the
-[namespace migration CLI reference](/TODO) and
+[namespace migration CLI reference](../cli/keto-namespace-migrate.md) and
 [running in production guide](/TODO) to learn more about that process.
 
 ## Naming Conventions

docs/docs/concepts/relation-tuples.mdx

@@ -38,8 +38,8 @@ can be translated into the english sentence "Subject has relation on object".
 ## Effect of a Relation Tuple
 
 The effect of a relation tuple is the effect of its relation as defined in the
-[namespace configuration](/TODO). It can be one of union (boolean or),
-intersection (boolean and), or exclusion (boolean not).
+[namespace configuration](./namespaces.mdx). It can be one of union (boolean
+or), intersection (boolean and), or exclusion (boolean not).
 
 ## Basic Example
 

docs/docs/concepts/subjects.mdx

@@ -77,8 +77,8 @@ tcp/22#access@c5b6454f-f79c-4a6d-9e1b-b44e04b56009
 
 The application has to map each incoming request to a subject string
 representing the attributes of the request. Ory Keto will reply with a positive
-[check response](/TODO) depending on the string equality of the requested
-subject representing the attributes with the known relation tuples. Remember
-that Ory Keto does **not** know how to interpret any information stored in the
-relation tuples. Rather, the application has to preprocess and map the value to
-the corresponding UUID.
+[check response](./api-overview.mdx#check-relation-tuple) depending on the
+string equality of the requested subject representing the attributes with the
+known relation tuples. Remember that Ory Keto does **not** know how to interpret
+any information stored in the relation tuples. Rather, the application has to
+preprocess and map the value to the corresponding UUID.

docs/docs/examples/olymp-file-sharing.mdx

@@ -25,7 +25,7 @@ Now, the user identified by its unique username `demeter` wants to upload a file
 containing the most fertile grounds. The file gets assigned the UUID
 `ec788a82-a12e-45a4-b906-3e69f78c94e4`. The application adds the following
 [relation tuple](../concepts/relation-tuples.mdx) to Ory Keto through the
-[write API](/TODO):
+[write API](../concepts/api-overview.mdx#write-apis):
 
 ```keto-relation-tuples
 ec788a82-a12e-45a4-b906-3e69f78c94e4#owner@demeter
@@ -36,20 +36,22 @@ share the file with fertile grounds with `athena` so that they can both read it.
 Therefore, he opens the "Olymp Library" and is presented with a list of all
 files he owns. The application will internally request all
 [objects](../concepts/objects.mdx) (file IDs) with the owner `demeter` by using
-the [read API](/TODO). The response will contain the object
-`ec788a82-a12e-45a4-b906-3e69f78c94e4`, which the application maps to the file
-in question.
+the [list API](../concepts/api-overview.mdx#list-relation-tuples). The response
+will contain the object `ec788a82-a12e-45a4-b906-3e69f78c94e4`, which the
+application maps to the file in question.
 
 The user `demeter` will then ask the application to share the file with
 `athena`. The application will translate that request into a
-[write API request](/TODO) adding the following relation tuple to Ory Keto:
+[write API request](../concepts/api-overview.mdx#write-apis) adding the
+following relation tuple to Ory Keto:
 
 ```keto-relation-tuples
 ec788a82-a12e-45a4-b906-3e69f78c94e4#access@athena
 ```
 
 To confirm the successful operation, the application uses Ory Keto's
-[expand API](/TODO) to compile a list of everyone who can access the file:
+[expand API](../concepts/api-overview.mdx#expand-subject-sets) to compile a list
+of everyone who can access the file:
 
 ```keto-relation-tuples
 // The following subject set is expanded by Keto
@@ -68,6 +70,7 @@ which returns the expansion tree
 The "Olymp Library" can then display this information to `demeter`.
 
 When `athena` wants to get the file containing fertile grounds, the application
-uses the [check API](/TODO) to verify that `athena` has access to the file
-before it returns the file. This will allow `demeter` to revoke `athena`'s
-access at any point by deleting the corresponding relation tuple.
+uses the [check API](../concepts/api-overview.mdx#check-relation-tuple) to
+verify that `athena` has access to the file before it returns the file. This
+will allow `demeter` to revoke `athena`'s access at any point by deleting the
+corresponding relation tuple.

docs/docs/guides/simple-access-check-guide.mdx

@@ -7,8 +7,9 @@ import RelationTuplePrism from '@theme/RelationTuplePrism'
 import CodeTabs from '@theme/CodeTabs'
 RelationTuplePrism()
 
-This guide will explain how you can use Ory Keto's [check API](/TODO) to
-determine whether a [subject](../concepts/subjects.mdx) has a specific
+This guide will explain how you can use Ory Keto's
+[check API](../concepts/api-overview.mdx#check-relation-tuple) to determine
+whether a [subject](../concepts/subjects.mdx) has a specific
 [relation](../concepts/relation-tuples.mdx) on an
 [object](../concepts/objects.mdx). The result can be used for controlling access
 to specific resources.
@@ -46,11 +47,14 @@ API towards the user, while communicating with Keto through gRPC.
 
 As a first step, the application has to authenticate the user reliably to
 provide the subject to Keto. This can be achieved e.g. by using
-[Ory Kratos](/TODO) or any other authentication system.
+[Ory Kratos](https://www.ory.sh/kratos/docs/) or any other authentication
+system.
 
 The request (here `decypher` of the message `02y_15_4w350m3`) is then translated
-into a request to Ory Keto's [check API](/TODO). Basically, the application is
-asking Keto "Is john allowed to decypher the text 02y_15_4w350m3?"
+into a request to Ory Keto's
+[check API](../concepts/api-overview.mdx#check-relation-tuple). Basically, the
+application is asking Keto "Is john allowed to decypher the text
+02y_15_4w350m3?"
 
 This question is encoded as the following
 [relation tuple](../concepts/relation-tuples.mdx):
@@ -75,7 +79,7 @@ Intuitively, this means that `john` was allowed to `decypher` the message
 `02y_15_4w350m3` directly (imagine a "Share with `john`" input in a UI).
 
 Try this yourself by first adding the relation tuple using the
-[write API](/TODO):
+[write API](../concepts/api-overview.mdx#write-apis):
 
 <CodeTabs
   sampleId="simple-access-check-guide/00-write-direct-access"
@@ -135,4 +139,5 @@ problem still persists.
 ## Conclusion
 
 We learned how to integrate check requests and access control into an
-application using Ory Keto's [check API](/TODO).
+application using Ory Keto's
+[check API](../concepts/api-overview.mdx#check-relation-tuple).

docs/docs/quickstart.mdx

@@ -98,7 +98,8 @@ to see this in action.
 
 Now `cat lady` wants to change some view permissions of `/cats/1.mp4`. For this,
 the video service application has to show all users that are currently allowed
-to view the video. It uses Keto's [Expand API](/TODO) to get these data:
+to view the video. It uses Keto's
+[Expand API](./concepts/api-overview.mdx#expand-subject-set) to get these data:
 
 ```shell
 # Who is allowed to "view" the object "videos":"/cats/2.mp4"?

docs/docs/reference/proto-api.mdx

@@ -4,8 +4,9 @@ title: Protocol Buffers API
 
 <!-- This file is generated. Please edit the .proto files instead to update the documentation -->
 
-The API is divided into the [read API](/TODO) and [write API](/TODO). Each
-service is annotated with the API it belongs to.
+The API is divided into the [read APIs](../concepts/api-overview.mdx#read-apis)
+and [write APIs](../concepts/api-overview.mdx#write-apis). Each service is
+annotated with the API it belongs to.
 
 ## ory/keto/acl/v1alpha1/acl.proto
 
@@ -47,7 +48,7 @@ SubjectSet refers to all subjects who have the same `relation` on an `object`.
 The service that performs authorization checks based on the stored Access
 Control Lists.
 
-This service is part of the [read API](/TODO).
+This service is part of the [read APIs](../concepts/api-overview.mdx#read-apis).
 
 | Method Name | Request Type                                        | Response Type                                         | Description                      |
 | ----------- | --------------------------------------------------- | ----------------------------------------------------- | -------------------------------- |
@@ -83,7 +84,7 @@ The response for a CheckService.Check rpc.
 The service that performs subject set expansion based on the stored Access
 Control Lists.
 
-This service is part of the [read API](/TODO).
+This service is part of the [read APIs](../concepts/api-overview.mdx#read-apis).
 
 | Method Name | Request Type                                          | Response Type                                           | Description                                      |
 | ----------- | ----------------------------------------------------- | ------------------------------------------------------- | ------------------------------------------------ |
@@ -131,7 +132,7 @@ The response for a ExpandService.Expand RPC.
 
 The service to query relation tuples.
 
-This service is part of the [read API](/TODO).
+This service is part of the [read APIs](../concepts/api-overview.mdx#read-apis).
 
 | Method Name        | Request Type                                                                  | Response Type                                                                   | Description                |
 | ------------------ | ----------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | -------------------------- |
@@ -189,7 +190,8 @@ The response of a ReadService.ListRelationTuples RPC.
 
 The service returning the specific Ory Keto instance version.
 
-This service is part of the [read API](/TODO) and [write API](/TODO).
+This service is part of the [read APIs](../concepts/api-overview.mdx#read-apis)
+and [write APIs](../concepts/api-overview.mdx#write-apis).
 
 | Method Name | Request Type                                                  | Response Type                                                   | Description                                   |
 | ----------- | ------------------------------------------------------------- | --------------------------------------------------------------- | --------------------------------------------- |
@@ -213,7 +215,8 @@ Response of the VersionService.GetVersion RPC.
 
 The write service to create and delete Access Control Lists.
 
-This service is part of the [write API](/TODO).
+This service is part of the
+[write APIs](../concepts/api-overview.mdx#write-apis).
 
 | Method Name            | Request Type                                                                          | Response Type                                                                           | Description                                                 |
 | ---------------------- | ------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- | ----------------------------------------------------------- |

proto/ory/keto/acl/v1alpha1/check_service.proto

@@ -14,7 +14,7 @@ option php_namespace = "Ory\\Keto\\Acl\\V1alpha1";
 // The service that performs authorization checks
 // based on the stored Access Control Lists.
 //
-// This service is part of the [read API](/TODO).
+// This service is part of the [read APIs](../concepts/api-overview.mdx#read-apis).
 service CheckService {
   // Performs an authorization check.
   rpc Check(CheckRequest) returns (CheckResponse);

proto/ory/keto/acl/v1alpha1/check_service_grpc_pb.js

@@ -31,7 +31,7 @@ function deserialize_ory_keto_acl_v1alpha1_CheckResponse(buffer_arg) {
 // The service that performs authorization checks
 // based on the stored Access Control Lists.
 //
-// This service is part of the [read API](/TODO).
+// This service is part of the [read APIs](../concepts/api-overview.mdx#read-apis).
 var CheckServiceService = exports.CheckServiceService = {
   // Performs an authorization check.
 check: {

proto/ory/keto/acl/v1alpha1/expand_service.proto

@@ -14,7 +14,7 @@ option php_namespace = "Ory\\Keto\\Acl\\V1alpha1";
 // The service that performs subject set expansion
 // based on the stored Access Control Lists.
 //
-// This service is part of the [read API](/TODO).
+// This service is part of the [read APIs](../concepts/api-overview.mdx#read-apis).
 service ExpandService {
   // Expands the subject set into a tree of subjects.
   rpc Expand(ExpandRequest) returns (ExpandResponse);

proto/ory/keto/acl/v1alpha1/expand_service_grpc_pb.js

@@ -31,7 +31,7 @@ function deserialize_ory_keto_acl_v1alpha1_ExpandResponse(buffer_arg) {
 // The service that performs subject set expansion
 // based on the stored Access Control Lists.
 //
-// This service is part of the [read API](/TODO).
+// This service is part of the [read APIs](../concepts/api-overview.mdx#read-apis).
 var ExpandServiceService = exports.ExpandServiceService = {
   // Expands the subject set into a tree of subjects.
 expand: {

proto/ory/keto/acl/v1alpha1/read_service.proto

@@ -14,7 +14,7 @@ option php_namespace = "Ory\\Keto\\Acl\\V1alpha1";
 
 // The service to query relation tuples.
 //
-// This service is part of the [read API](/TODO).
+// This service is part of the [read APIs](../concepts/api-overview.mdx#read-apis).
 service ReadService {
   // Lists ACL relation tuples.
   rpc ListRelationTuples(ListRelationTuplesRequest) returns (ListRelationTuplesResponse);

proto/ory/keto/acl/v1alpha1/read_service_grpc_pb.js

@@ -31,7 +31,7 @@ function deserialize_ory_keto_acl_v1alpha1_ListRelationTuplesResponse(buffer_arg
 
 // The service to query relation tuples.
 //
-// This service is part of the [read API](/TODO).
+// This service is part of the [read APIs](../concepts/api-overview.mdx#read-apis).
 var ReadServiceService = exports.ReadServiceService = {
   // Lists ACL relation tuples.
 listRelationTuples: {

proto/ory/keto/acl/v1alpha1/version.proto

@@ -11,7 +11,7 @@ option php_namespace = "Ory\\Keto\\Acl\\V1alpha1";
 
 // The service returning the specific Ory Keto instance version.
 //
-// This service is part of the [read API](/TODO) and [write API](/TODO).
+// This service is part of the [read APIs](../concepts/api-overview.mdx#read-apis) and [write APIs](../concepts/api-overview.mdx#write-apis).
 service VersionService {
   // Returns the version of the Ory Keto instance.
   rpc GetVersion(GetVersionRequest) returns (GetVersionResponse);

proto/ory/keto/acl/v1alpha1/version_grpc_pb.js

@@ -29,7 +29,7 @@ function deserialize_ory_keto_acl_v1alpha1_GetVersionResponse(buffer_arg) {
 
 // The service returning the specific Ory Keto instance version.
 //
-// This service is part of the [read API](/TODO) and [write API](/TODO).
+// This service is part of the [read APIs](../concepts/api-overview.mdx#read-apis) and [write APIs](../concepts/api-overview.mdx#write-apis).
 var VersionServiceService = exports.VersionServiceService = {
   // Returns the version of the Ory Keto instance.
 getVersion: {

proto/ory/keto/acl/v1alpha1/write_service.proto

@@ -13,7 +13,7 @@ option php_namespace = "Ory\\Keto\\Acl\\V1alpha1";
 
 // The write service to create and delete Access Control Lists.
 //
-// This service is part of the [write API](/TODO).
+// This service is part of the [write APIs](../concepts/api-overview.mdx#write-apis).
 service WriteService {
   // Writes one or more relation tuples in a single transaction.
   rpc TransactRelationTuples(TransactRelationTuplesRequest) returns (TransactRelationTuplesResponse);

proto/ory/keto/acl/v1alpha1/write_service_grpc_pb.js

@@ -30,7 +30,7 @@ function deserialize_ory_keto_acl_v1alpha1_TransactRelationTuplesResponse(buffer
 
 // The write service to create and delete Access Control Lists.
 //
-// This service is part of the [write API](/TODO).
+// This service is part of the [write APIs](../concepts/api-overview.mdx#write-apis).
 var WriteServiceService = exports.WriteServiceService = {
   // Writes one or more relation tuples in a single transaction.
 transactRelationTuples: {