textus 0.30.0 → 0.38.0

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: textus
 version: !ruby/object:Gem::Version
-  version: 0.30.0
+  version: 0.38.0
 platform: ruby
 authors:
 - Patrick
@@ -93,8 +93,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.13'
-description: Storage convention and JSON wire protocol for agent-readable project
-  memory.
+description: A coordination space for humans, AI, and automation. Durable, multi-writer
+  project memory where each actor writes into its own lane, proposals cross a review
+  queue, and every change is audited.
 email:
 - patrick204nqh@gmail.com
 executables:
@@ -119,10 +120,10 @@ files:
 - lib/textus/call.rb
 - lib/textus/cli.rb
 - lib/textus/cli/group.rb
+- lib/textus/cli/group/fetch.rb
 - lib/textus/cli/group/hook.rb
 - lib/textus/cli/group/key.rb
 - lib/textus/cli/group/mcp.rb
-- lib/textus/cli/group/refresh.rb
 - lib/textus/cli/group/rule.rb
 - lib/textus/cli/group/schema.rb
 - lib/textus/cli/group/zone.rb
@@ -135,6 +136,8 @@ files:
 - lib/textus/cli/verb/delete.rb
 - lib/textus/cli/verb/deps.rb
 - lib/textus/cli/verb/doctor.rb
+- lib/textus/cli/verb/fetch.rb
+- lib/textus/cli/verb/fetch_stale.rb
 - lib/textus/cli/verb/freshness.rb
 - lib/textus/cli/verb/get.rb
 - lib/textus/cli/verb/hook_run.rb
@@ -145,12 +148,11 @@ files:
 - lib/textus/cli/verb/mcp_serve.rb
 - lib/textus/cli/verb/migrate.rb
 - lib/textus/cli/verb/mv.rb
+- lib/textus/cli/verb/propose.rb
 - lib/textus/cli/verb/published.rb
 - lib/textus/cli/verb/pulse.rb
 - lib/textus/cli/verb/put.rb
 - lib/textus/cli/verb/rdeps.rb
-- lib/textus/cli/verb/refresh.rb
-- lib/textus/cli/verb/refresh_stale.rb
 - lib/textus/cli/verb/reject.rb
 - lib/textus/cli/verb/retain.rb
 - lib/textus/cli/verb/rule_explain.rb
@@ -164,17 +166,20 @@ files:
 - lib/textus/cli/verb/where.rb
 - lib/textus/cli/verb/zone_mv.rb
 - lib/textus/container.rb
+- lib/textus/contract.rb
+- lib/textus/cursor_store.rb
 - lib/textus/dispatcher.rb
 - lib/textus/doctor.rb
 - lib/textus/doctor/check.rb
 - lib/textus/doctor/check/audit_log.rb
+- lib/textus/doctor/check/fetch_locks.rb
 - lib/textus/doctor/check/handler_allowlist.rb
 - lib/textus/doctor/check/hooks.rb
 - lib/textus/doctor/check/illegal_keys.rb
 - lib/textus/doctor/check/intake_registration.rb
 - lib/textus/doctor/check/manifest_files.rb
+- lib/textus/doctor/check/proposal_targets.rb
 - lib/textus/doctor/check/protocol_version.rb
-- lib/textus/doctor/check/refresh_locks.rb
 - lib/textus/doctor/check/rule_ambiguity.rb
 - lib/textus/doctor/check/schema_parse_error.rb
 - lib/textus/doctor/check/schema_violations.rb
@@ -183,7 +188,6 @@ files:
 - lib/textus/doctor/check/templates.rb
 - lib/textus/doctor/check/unowned_schema_fields.rb
 - lib/textus/domain/action.rb
-- lib/textus/domain/authorizer.rb
 - lib/textus/domain/duration.rb
 - lib/textus/domain/freshness.rb
 - lib/textus/domain/freshness/evaluator.rb
@@ -191,13 +195,20 @@ files:
 - lib/textus/domain/freshness/verdict.rb
 - lib/textus/domain/outcome.rb
 - lib/textus/domain/permission.rb
+- lib/textus/domain/policy/base_guards.rb
+- lib/textus/domain/policy/evaluation.rb
+- lib/textus/domain/policy/fetch.rb
+- lib/textus/domain/policy/guard.rb
+- lib/textus/domain/policy/guard_factory.rb
 - lib/textus/domain/policy/handler_allowlist.rb
 - lib/textus/domain/policy/matcher.rb
-- lib/textus/domain/policy/predicates/accept_authority_signed.rb
+- lib/textus/domain/policy/predicates/author_held.rb
+- lib/textus/domain/policy/predicates/etag_match.rb
+- lib/textus/domain/policy/predicates/fresh_within.rb
+- lib/textus/domain/policy/predicates/registry.rb
 - lib/textus/domain/policy/predicates/schema_valid.rb
-- lib/textus/domain/policy/promote.rb
-- lib/textus/domain/policy/promotion.rb
-- lib/textus/domain/policy/refresh.rb
+- lib/textus/domain/policy/predicates/target_is_canon.rb
+- lib/textus/domain/policy/predicates/zone_writable_by.rb
 - lib/textus/domain/policy/retention.rb
 - lib/textus/domain/retention.rb
 - lib/textus/domain/sentinel.rb
@@ -227,6 +238,7 @@ files:
 - lib/textus/key/distance.rb
 - lib/textus/key/grammar.rb
 - lib/textus/key/path.rb
+- lib/textus/layout.rb
 - lib/textus/maintenance.rb
 - lib/textus/maintenance/key_delete_prefix.rb
 - lib/textus/maintenance/key_mv_prefix.rb
@@ -234,6 +246,7 @@ files:
 - lib/textus/maintenance/rule_lint.rb
 - lib/textus/maintenance/zone_mv.rb
 - lib/textus/manifest.rb
+- lib/textus/manifest/capabilities.rb
 - lib/textus/manifest/data.rb
 - lib/textus/manifest/entry.rb
 - lib/textus/manifest/entry/base.rb
@@ -250,10 +263,10 @@ files:
 - lib/textus/manifest/entry/validators/publish_each.rb
 - lib/textus/manifest/policy.rb
 - lib/textus/manifest/resolver.rb
-- lib/textus/manifest/role_kinds.rb
 - lib/textus/manifest/rules.rb
 - lib/textus/manifest/schema.rb
 - lib/textus/mcp.rb
+- lib/textus/mcp/catalog.rb
 - lib/textus/mcp/errors.rb
 - lib/textus/mcp/server.rb
 - lib/textus/mcp/session.rb
@@ -264,9 +277,9 @@ files:
 - lib/textus/ports/audit_subscriber.rb
 - lib/textus/ports/build_lock.rb
 - lib/textus/ports/clock.rb
+- lib/textus/ports/fetch/detached.rb
+- lib/textus/ports/fetch/lock.rb
 - lib/textus/ports/publisher.rb
-- lib/textus/ports/refresh/detached.rb
-- lib/textus/ports/refresh/lock.rb
 - lib/textus/ports/sentinel_store.rb
 - lib/textus/ports/storage/file_stat.rb
 - lib/textus/ports/storage/file_store.rb
@@ -278,13 +291,14 @@ files:
 - lib/textus/read/doctor.rb
 - lib/textus/read/freshness.rb
 - lib/textus/read/get.rb
-- lib/textus/read/get_or_refresh.rb
+- lib/textus/read/get_or_fetch.rb
 - lib/textus/read/list.rb
 - lib/textus/read/policy_explain.rb
 - lib/textus/read/published.rb
 - lib/textus/read/pulse.rb
 - lib/textus/read/rdeps.rb
 - lib/textus/read/retainable.rb
+- lib/textus/read/rules.rb
 - lib/textus/read/schema_envelope.rb
 - lib/textus/read/stale.rb
 - lib/textus/read/uid.rb
@@ -296,20 +310,21 @@ files:
 - lib/textus/schema.rb
 - lib/textus/schema/tools.rb
 - lib/textus/schemas.rb
+- lib/textus/session.rb
 - lib/textus/store.rb
 - lib/textus/uid.rb
 - lib/textus/version.rb
 - lib/textus/write/accept.rb
-- lib/textus/write/authority_gate.rb
 - lib/textus/write/delete.rb
+- lib/textus/write/fetch_all.rb
+- lib/textus/write/fetch_orchestrator.rb
+- lib/textus/write/fetch_worker.rb
 - lib/textus/write/intake_fetch.rb
 - lib/textus/write/materializer.rb
 - lib/textus/write/mv.rb
+- lib/textus/write/propose.rb
 - lib/textus/write/publish.rb
 - lib/textus/write/put.rb
-- lib/textus/write/refresh_all.rb
-- lib/textus/write/refresh_orchestrator.rb
-- lib/textus/write/refresh_worker.rb
 - lib/textus/write/reject.rb
 - lib/textus/write/retention_sweep.rb
 homepage: https://github.com/patrick204nqh/textus
@@ -338,5 +353,5 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 rubygems_version: 3.6.9
 specification_version: 4
-summary: Reference implementation of the textus/1 protocol.
+summary: Reference implementation of the textus/3 protocol.
 test_files: []

data/lib/textus/cli/verb/refresh.rb

@@ -1,14 +0,0 @@
-module Textus
-  class CLI
-    class Verb
-      class Refresh < Verb
-        option :as_flag, "--as=ROLE"
-
-        def call(store)
-          key = positional.shift or raise UsageError.new("refresh requires a key")
-          emit(session_for(store).refresh(key).to_h_for_wire)
-        end
-      end
-    end
-  end
-end

data/lib/textus/domain/authorizer.rb

@@ -1,37 +0,0 @@
-# frozen_string_literal: true
-
-module Textus
-  module Domain
-    # Authorization service. Single source of truth for "given a manifest
-    # entry and a role, may this caller read/write?". Lives in Domain
-    # alongside Permission.
-    class Authorizer
-      def initialize(manifest:)
-        @manifest = manifest
-      end
-
-      def can_write?(zone, role:)
-        @manifest.policy.permission_for(zone.to_s).allows_write?(role)
-      end
-
-      def can_read?(zone, role:)
-        @manifest.policy.permission_for(zone.to_s).allows_read?(role)
-      end
-
-      def authorize_write!(mentry, role:)
-        return if can_write?(mentry.zone, role: role)
-
-        writers = @manifest.policy.zone_writers(mentry.zone)
-        raise WriteForbidden.new(mentry.key, mentry.zone, writers: writers)
-      end
-
-      def authorize_read!(mentry, role:)
-        return if can_read?(mentry.zone, role: role)
-
-        readers = @manifest.policy.zone_readers[mentry.zone]
-        readers = nil if readers == :all
-        raise ReadForbidden.new(mentry.key, mentry.zone, readers: readers)
-      end
-    end
-  end
-end

data/lib/textus/domain/policy/predicates/accept_authority_signed.rb

@@ -1,33 +0,0 @@
-module Textus
-  module Domain
-    module Policy
-      module Predicates
-        # Promotion predicate: the role driving the promotion must have
-        # role_kind == :accept_authority in the active manifest.
-        #
-        # Accept/Reject already gate on this kind before reaching the
-        # promotion policy, so in the default control-flow this predicate
-        # trivially passes. It is kept so manifests can express the
-        # requirement explicitly in `rules[].promotion.requires`.
-        class AcceptAuthoritySigned
-          attr_reader :reason
-
-          def name
-            "accept_authority_signed"
-          end
-
-          def call(role:, manifest:, entry: nil) # rubocop:disable Lint/UnusedMethodArgument
-            role_str = role&.to_s
-            return true if role_str.nil? || role_str.empty?
-
-            kind = manifest.policy.role_kind(role_str)
-            return true if kind == :accept_authority
-
-            @reason = "role '#{role_str}' has kind '#{kind.inspect}', expected ':accept_authority'"
-            false
-          end
-        end
-      end
-    end
-  end
-end

data/lib/textus/domain/policy/promote.rb

@@ -1,26 +0,0 @@
-module Textus
-  module Domain
-    module Policy
-      class Promote
-        KNOWN = %i[schema_valid accept_authority_signed].freeze
-        attr_reader :requires
-
-        def initialize(requires:)
-          syms = Array(requires).map { |r| r.to_s.to_sym }
-          unknown = syms - KNOWN
-          unless unknown.empty?
-            raise Textus::UsageError.new(
-              "unknown promote requirement: #{unknown.first.inspect} (known: #{KNOWN.join(", ")})",
-            )
-          end
-
-          @requires = syms
-        end
-
-        def demands?(req)
-          @requires.include?(req)
-        end
-      end
-    end
-  end
-end

data/lib/textus/domain/policy/promotion.rb

@@ -1,57 +0,0 @@
-require_relative "predicates/schema_valid"
-require_relative "predicates/accept_authority_signed"
-
-module Textus
-  module Domain
-    module Policy
-      class Promotion
-        Result = Struct.new(:ok?, :reasons, keyword_init: true)
-
-        REGISTRY = {
-          "schema_valid" => -> { Predicates::SchemaValid.new },
-          "accept_authority_signed" => -> { Predicates::AcceptAuthoritySigned.new },
-        }.freeze
-
-        def self.from_names(names)
-          predicates = Array(names).map do |n|
-            ctor = REGISTRY[n.to_s] or raise Textus::UsageError.new(
-              "unknown promotion predicate: '#{n}' (known: #{REGISTRY.keys.join(", ")})",
-            )
-            ctor.call
-          end
-          new(predicates: predicates)
-        end
-
-        attr_reader :predicates
-
-        def initialize(predicates:)
-          @predicates = predicates
-        end
-
-        def predicate_names
-          @predicates.map(&:name)
-        end
-
-        def evaluate(entry:, schemas:, manifest:, role:)
-          reasons = []
-          @predicates.each do |pred|
-            ok = invoke(pred, entry: entry, schemas: schemas, manifest: manifest, role: role)
-            reasons << "#{pred.name}: #{pred.reason || "predicate failed"}" unless ok
-          end
-          Result.new(ok?: reasons.empty?, reasons: reasons)
-        end
-
-        private
-
-        def invoke(pred, entry:, schemas:, manifest:, role:)
-          case pred.name
-          when "accept_authority_signed"
-            pred.call(role: role, manifest: manifest, entry: entry)
-          else
-            pred.call(entry: entry, schemas: schemas, manifest: manifest)
-          end
-        end
-      end
-    end
-  end
-end

data/lib/textus/manifest/role_kinds.rb

@@ -1,21 +0,0 @@
-module Textus
-  class Manifest
-    module RoleKinds
-      DEFAULT_MAPPING = {
-        "human" => :accept_authority,
-        "agent" => :proposer,
-        "builder" => :generator,
-        "runner" => :runner,
-      }.freeze
-
-      # Returns { role_name => kind_symbol }. When `roles:` is declared we use
-      # exactly that; defaults are *not* layered in (declaring roles is an opt-in
-      # to a fully user-defined vocabulary).
-      def self.resolve(raw_roles)
-        return DEFAULT_MAPPING if raw_roles.nil?
-
-        raw_roles.to_h { |r| [r["name"], r["kind"].to_sym] }.freeze
-      end
-    end
-  end
-end

data/lib/textus/write/authority_gate.rb

@@ -1,24 +0,0 @@
-module Textus
-  module Write
-    # Shared gate for write verbs that require the caller to hold the
-    # manifest's accept_authority role. Provides one method, expressed
-    # as two early-returns rather than a ternary, so each failure mode
-    # reads on its own line.
-    module AuthorityGate
-      def assert_accept_authority!(verb)
-        return if @manifest.policy.role_kind(@call.role) == :accept_authority
-
-        authority = @manifest.policy.roles_with_kind(:accept_authority).first
-        if authority.nil?
-          raise ProposalError.new(
-            "no role with accept_authority kind is declared in this manifest; #{verb} is disabled",
-          )
-        end
-
-        raise ProposalError.new(
-          "only #{authority} role can #{verb} proposals; got '#{@call.role}'",
-        )
-      end
-    end
-  end
-end