@aria-cli/tools 1.0.18 → 1.0.31

package/dist/network-control-adapter.js

@@ -0,0 +1,73 @@
+import { SigningPublicKeySchema } from "./network-runtime/index.js";
+export function toNetworkPeerView(peer) {
+    const parsedSigningPublicKey = SigningPublicKeySchema.safeParse(peer.signingPublicKey?.trim());
+    if (!parsedSigningPublicKey.success ||
+        typeof peer.nodeId !== "string" ||
+        peer.nodeId.length === 0) {
+        return null;
+    }
+    const signingPublicKey = parsedSigningPublicKey.data;
+    return {
+        nodeId: peer.nodeId,
+        transportPublicKey: peer.publicKey,
+        displayNameSnapshot: peer.name,
+        endpointHost: peer.endpointHost,
+        endpointPort: peer.endpointPort,
+        controlEndpoint: peer.controlEndpoint ?? null,
+        signingPublicKey,
+        status: peer.status,
+        membershipStatus: peer.membershipStatus ?? peer.status,
+        routeOwnership: peer.routeOwnership,
+        routeOwnerNodeId: peer.routeOwnerNodeId ?? null,
+        sessionState: peer.sessionState,
+        deliveryReadiness: peer.deliveryReadiness,
+        lastHandshake: peer.lastHandshake,
+        createdAt: peer.createdAt,
+        endpointRevision: peer.endpointRevision ?? 0,
+        updatedAt: peer.updatedAt ?? peer.createdAt,
+    };
+}
+export function toNetworkStatusView(status) {
+    const parsedSigningPublicKey = SigningPublicKeySchema.safeParse(status.signingPublicKey?.trim());
+    const signingPublicKey = parsedSigningPublicKey.success
+        ? parsedSigningPublicKey.data
+        : null;
+    return {
+        configured: status.configured,
+        nodeId: status.nodeId,
+        principalFingerprint: status.principalFingerprint,
+        transportPublicKey: status.publicKey,
+        listenPort: status.listenPort,
+        externalEndpoint: status.externalEndpoint,
+        activePeers: status.activePeers,
+        totalPeers: status.totalPeers,
+        connectedPeers: status.connectedPeers,
+        handshakingPeers: status.handshakingPeers,
+        queueOnlyPeers: status.queueOnlyPeers,
+        supersededPeers: status.supersededPeers,
+        signingPublicKey,
+    };
+}
+export function toNetworkControlRef(networkManager) {
+    if (!networkManager) {
+        return undefined;
+    }
+    return {
+        invite(displayName, options) {
+            return networkManager.invite(displayName, options);
+        },
+        revokePeer(nodeId) {
+            return networkManager.revokePeer(nodeId);
+        },
+        listPeers() {
+            return networkManager.listPeers().flatMap((peer) => {
+                const projected = toNetworkPeerView(peer);
+                return projected ? [projected] : [];
+            });
+        },
+        status() {
+            return toNetworkStatusView(networkManager.status());
+        },
+    };
+}
+//# sourceMappingURL=network-control-adapter.js.map

package/dist/network-runtime/address-types.js

@@ -0,0 +1,166 @@
+import { z } from "zod";
+const NonEmptyStringSchema = z.string().trim().min(1);
+/**
+ * Stable durable identity for a node.
+ * Semantic rules are enforced by the runtime cutover plan; the contract layer
+ * starts by making the shape canonical everywhere.
+ */
+export const NodeIdSchema = NonEmptyStringSchema.brand();
+/** One boot of a given node runtime. */
+export const RuntimeIdSchema = NonEmptyStringSchema.brand();
+export const NodeMetadataSchema = z.object({
+    nodeId: NodeIdSchema,
+    createdAt: NonEmptyStringSchema,
+    schemaVersion: z.number().int().positive(),
+    migratedFromLegacy: z.boolean(),
+});
+/** Monotonic publication revision for externally visible runtime advertisements. */
+export const PublicationRevisionSchema = z.number().int().nonnegative();
+/** Monotonic endpoint revision for register/discovery refreshes. */
+export const EndpointRevisionSchema = z.number().int().nonnegative();
+/** Monotonic generation for peer-binding continuity transitions. */
+export const BindingGenerationSchema = z.number().int().nonnegative();
+/** Monotonic generation for revocation precedence and continuity conflict checks. */
+export const RevocationGenerationSchema = z.number().int().nonnegative();
+/** How a local operator confirmed a revocation decision. */
+export const RevocationOperatorConfirmationSchema = z.enum([
+    "local_operator_confirmed",
+    "remote_capability_authenticated",
+]);
+/** Structured local authority record for a peer revocation decision. */
+export const RevocationDecisionSchema = z.object({
+    localNodeId: NodeIdSchema,
+    targetNodeId: NodeIdSchema,
+    revocationGeneration: RevocationGenerationSchema,
+    operatorConfirmation: RevocationOperatorConfirmationSchema,
+});
+/** Monotonic owner generation for runtime ownership records. */
+export const OwnerGenerationSchema = z.number().int().positive();
+/** Monotonic revision for durable delivery lifecycle state transitions. */
+export const DeliveryLifecycleRevisionSchema = z.number().int().nonnegative();
+export const RuntimeOwnerRecordSchema = z
+    .object({
+    schemaVersion: z.number().int().positive(),
+    nodeId: NodeIdSchema,
+    ariaHome: NonEmptyStringSchema,
+    runtimePid: z.number().int().positive(),
+    runtimeId: RuntimeIdSchema,
+    displayNameSnapshot: NonEmptyStringSchema.optional(),
+    runtimeSocket: NonEmptyStringSchema,
+    startedAt: NonEmptyStringSchema,
+    lastHeartbeat: NonEmptyStringSchema,
+    ownerGeneration: OwnerGenerationSchema,
+})
+    .strict();
+/** One attached local client of the runtime. */
+export const ClientIdSchema = NonEmptyStringSchema.brand();
+/** Durable principal fingerprint (SHA-256 hex of signing public key DER). Signing-key evidence only. */
+export const PrincipalFingerprintSchema = NonEmptyStringSchema.brand();
+/** Transport public key / transport identity for a peer. */
+export const PeerTransportIdSchema = NonEmptyStringSchema.brand();
+/** TLS CA certificate fingerprint (SHA-256 hex of CA cert DER). Certificate-authority evidence only — distinct from signing-key evidence. */
+export const TlsCaFingerprintSchema = NonEmptyStringSchema.brand();
+/** Local-only loopback TLS SAN identity used for same-machine control attachment. */
+export const LoopbackTlsIdentitySchema = NonEmptyStringSchema.brand();
+/** Base64-encoded signing public key material crossing runtime/shared boundaries. */
+export const SigningPublicKeySchema = NonEmptyStringSchema.brand();
+/** Explicit network transport endpoint advertisement. */
+export const TransportEndpointAdvertisementSchema = z.object({
+    host: NonEmptyStringSchema,
+    port: z.number().int().min(1).max(65535),
+});
+/**
+ * Runtime-owned local inbox addressing.
+ * Same-machine clients are local attachments, not mesh peers.
+ */
+export const InboxAddressSchema = z.discriminatedUnion("kind", [
+    z.object({
+        kind: z.literal("node"),
+        nodeId: NodeIdSchema,
+    }),
+    z.object({
+        kind: z.literal("client"),
+        clientId: ClientIdSchema,
+    }),
+]);
+/**
+ * Public control-plane endpoint advertisement used by peers for pinned,
+ * mutating requests.
+ */
+export const ControlEndpointAdvertisementSchema = z.object({
+    host: NonEmptyStringSchema,
+    port: z.number().int().min(1).max(65535),
+    tlsCaFingerprint: TlsCaFingerprintSchema,
+    tlsServerIdentity: PrincipalFingerprintSchema,
+    protocolVersion: z.number().int().positive(),
+    endpointRevision: EndpointRevisionSchema.optional(),
+});
+/**
+ * Remote/public node advertisement. This deliberately excludes local-only
+ * runtime/session identity like RuntimeId.
+ */
+export const NodeAdvertisementSchema = z.object({
+    nodeId: NodeIdSchema,
+    principalFingerprint: PrincipalFingerprintSchema,
+    transportPublicKey: PeerTransportIdSchema,
+    publicationRevision: PublicationRevisionSchema.optional(),
+    controlEndpoint: ControlEndpointAdvertisementSchema.optional(),
+    displayNameSnapshot: NonEmptyStringSchema.optional(),
+});
+/**
+ * Local-only runtime registry summary. This is not a remote/public mesh
+ * contract and may include RuntimeId.
+ */
+export const LocalRuntimeSummarySchema = z.object({
+    nodeId: NodeIdSchema,
+    runtimeId: RuntimeIdSchema,
+    lastHeartbeat: NonEmptyStringSchema.optional(),
+    controlEndpoint: ControlEndpointAdvertisementSchema.optional(),
+    displayNameSnapshot: NonEmptyStringSchema.optional(),
+});
+// ── Durable Delivery Handle ────────────────────────────────────────
+/**
+ * Branded operation handle for durable delivery.
+ * Produced ONLY by `submitDurable()` — the caller never mints handles.
+ */
+export const DurableDeliveryHandleSchema = NonEmptyStringSchema.brand();
+/**
+ * Terminal status types for a durable delivery operation.
+ */
+export const DurableDeliveryResultSchema = z.discriminatedUnion("status", [
+    z.object({
+        status: z.literal("pending"),
+        queuedAt: z.string(),
+        nextAttemptAt: z.string().optional(),
+        attemptCount: z.number(),
+    }),
+    z.object({
+        status: z.literal("delivered"),
+        deliveredAt: z.string(),
+    }),
+    z.object({
+        status: z.literal("expired"),
+        reason: z.literal("ttl_exceeded"),
+        queuedAt: z.string(),
+        expiredAt: z.string(),
+    }),
+    z.object({
+        status: z.literal("rejected"),
+        reason: z.enum(["recipient_revoked", "recipient_unknown", "envelope_invalid"]),
+    }),
+]);
+/**
+ * Submit result — returned immediately from `submitDurable()`.
+ */
+export const DurableSubmitResultSchema = z.discriminatedUnion("status", [
+    z.object({
+        status: z.literal("accepted"),
+        operationId: DurableDeliveryHandleSchema,
+        queuedAt: z.string(),
+    }),
+    z.object({
+        status: z.literal("rejected"),
+        reason: z.enum(["recipient_revoked", "recipient_unknown", "envelope_invalid"]),
+    }),
+]);
+//# sourceMappingURL=address-types.js.map

package/dist/network-runtime/db-owner-fencing.js

@@ -0,0 +1,70 @@
+/**
+ * Shared database-level ownership fencing for runtime-owned durable stores.
+ *
+ * All stores backed by the same SQLite database share one `owner_epoch` table.
+ * The runtime claims the epoch once at startup. Each store's write methods
+ * call `assertDbOwnership()` before durable mutations.
+ *
+ * A zombie runtime whose generation is stale gets StaleOwnerError on
+ * its next write — no external kill needed.
+ */
+export class StaleOwnerError extends Error {
+    kind = "StaleOwnerError";
+    claimedGeneration;
+    currentGeneration;
+    constructor(claimed, current) {
+        super(`StaleOwnerError: runtime claims generation ${claimed} but store is at generation ${current}. ` +
+            `This runtime has been superseded and must shut down immediately.`);
+        this.name = "StaleOwnerError";
+        this.claimedGeneration = claimed;
+        this.currentGeneration = current;
+    }
+}
+/**
+ * Ensure the owner_epoch table exists in the given database.
+ * Safe to call multiple times (idempotent).
+ */
+export function ensureOwnerEpochTable(db) {
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS owner_epoch (
+      scope TEXT PRIMARY KEY DEFAULT 'runtime',
+      owner_generation INTEGER NOT NULL
+    )
+  `);
+}
+/**
+ * Atomically claim the owner epoch for this runtime.
+ * Throws StaleOwnerError if a newer generation already owns the database.
+ */
+export function claimDbOwnerEpoch(db, generation) {
+    ensureOwnerEpochTable(db);
+    const result = db
+        .prepare(`INSERT INTO owner_epoch (scope, owner_generation) VALUES ('runtime', ?)
+       ON CONFLICT(scope) DO UPDATE SET owner_generation = excluded.owner_generation
+       WHERE excluded.owner_generation > owner_epoch.owner_generation`)
+        .run(generation);
+    if (result.changes === 0) {
+        const row = db
+            .prepare("SELECT owner_generation FROM owner_epoch WHERE scope = 'runtime'")
+            .get();
+        const current = row?.owner_generation ?? 0;
+        if (current > generation) {
+            throw new StaleOwnerError(generation, current);
+        }
+    }
+}
+/**
+ * Assert the calling runtime is still the current owner of this database.
+ * Must be called inside the same SQLite transaction as the write.
+ * Throws StaleOwnerError if superseded.
+ */
+export function assertDbOwnership(db, generation) {
+    const row = db
+        .prepare("SELECT owner_generation FROM owner_epoch WHERE scope = 'runtime'")
+        .get();
+    const current = row?.owner_generation ?? 0;
+    if (current > generation) {
+        throw new StaleOwnerError(generation, current);
+    }
+}
+//# sourceMappingURL=db-owner-fencing.js.map

package/dist/network-runtime/delivery-receipts.js

@@ -0,0 +1,270 @@
+import { z } from "zod";
+export const RuntimeTransportSchema = z.enum(["in_process", "local_runtime", "tunnel", "relay"]);
+export const DeliveryStateSchema = z.enum([
+    "accepted",
+    "queued_for_route",
+    "dispatching",
+    "sent",
+    "acked",
+    "expired",
+    "failed",
+    "rejected",
+]);
+export const SessionStateSchema = z.enum([
+    "none",
+    "handshaking",
+    "connected",
+    "reconnecting",
+    "dead",
+]);
+export const DeliveryReadinessSchema = z.enum(["cannot_address", "can_queue_only", "can_send_now"]);
+export const QueuedReasonSchema = z.enum([
+    "route_not_established",
+    "awaiting_remote_ack",
+    "transport_unavailable",
+]);
+export const OutboxReceiptStatusSchema = z.enum([
+    "queued_for_route",
+    "dispatching",
+    "acked",
+    "expired",
+]);
+export const DeliveryReceiptInputSchema = z
+    .object({
+    transport: RuntimeTransportSchema,
+    delivered: z.boolean(),
+    queued: z.boolean(),
+    accepted: z.boolean().optional(),
+    deliveryState: DeliveryStateSchema.optional(),
+    sessionState: SessionStateSchema.optional(),
+    deliveryReadiness: DeliveryReadinessSchema.optional(),
+    queuedReason: QueuedReasonSchema.optional(),
+})
+    .strict();
+const DELIVERY_STATE_RESTRICTIVENESS = {
+    rejected: 0,
+    failed: 1,
+    expired: 2,
+    queued_for_route: 3,
+    dispatching: 4,
+    accepted: 5,
+    sent: 6,
+    acked: 7,
+};
+const SESSION_STATE_RESTRICTIVENESS = {
+    dead: 0,
+    none: 1,
+    handshaking: 2,
+    reconnecting: 3,
+    connected: 4,
+};
+const DELIVERY_READINESS_RESTRICTIVENESS = {
+    cannot_address: 0,
+    can_queue_only: 1,
+    can_send_now: 2,
+};
+function inferLegacyDeliveryState(input, accepted) {
+    if (!accepted) {
+        return input.deliveryState === "rejected" ? "rejected" : "failed";
+    }
+    if (input.delivered) {
+        return "acked";
+    }
+    if (input.queued) {
+        if (input.queuedReason === "awaiting_remote_ack" ||
+            input.deliveryState === "dispatching" ||
+            input.deliveryState === "sent") {
+            return "dispatching";
+        }
+        return "queued_for_route";
+    }
+    if (input.deliveryState === "expired") {
+        return "expired";
+    }
+    return "sent";
+}
+function normalizeExplicitDeliveryState(input) {
+    if (!input.deliveryState) {
+        return undefined;
+    }
+    if (input.deliveryState === "sent" &&
+        input.queued &&
+        input.queuedReason === "awaiting_remote_ack") {
+        return "dispatching";
+    }
+    return input.deliveryState;
+}
+function chooseMoreRestrictiveDeliveryState(left, right) {
+    return DELIVERY_STATE_RESTRICTIVENESS[left] <= DELIVERY_STATE_RESTRICTIVENESS[right]
+        ? left
+        : right;
+}
+function inferSessionStateFromDeliveryState(transport, deliveryState) {
+    if (transport === "local_runtime") {
+        return "none";
+    }
+    switch (deliveryState) {
+        case "queued_for_route":
+            return "handshaking";
+        case "dispatching":
+            return "connected";
+        case "failed":
+        case "rejected":
+        case "expired":
+            return "none";
+        case "acked":
+            return "connected";
+        case "accepted":
+        case "sent":
+            return "connected";
+        default:
+            return "none";
+    }
+}
+function chooseMoreRestrictiveSessionState(transport, explicit, inferred) {
+    if (transport === "local_runtime") {
+        return "none";
+    }
+    if (!explicit) {
+        return inferred;
+    }
+    return SESSION_STATE_RESTRICTIVENESS[explicit] <= SESSION_STATE_RESTRICTIVENESS[inferred]
+        ? explicit
+        : inferred;
+}
+function inferDeliveryReadinessFromState(transport, deliveryState, sessionState) {
+    if (deliveryState === "failed" || deliveryState === "rejected") {
+        return "cannot_address";
+    }
+    if (transport === "local_runtime" && deliveryState === "acked") {
+        return "can_queue_only";
+    }
+    if (deliveryState === "queued_for_route") {
+        return "can_queue_only";
+    }
+    if (deliveryState === "dispatching") {
+        return sessionState === "reconnecting" ? "can_queue_only" : "can_send_now";
+    }
+    if (deliveryState === "expired") {
+        return "cannot_address";
+    }
+    return sessionState === "connected" ? "can_send_now" : "can_queue_only";
+}
+function chooseMoreRestrictiveDeliveryReadiness(explicit, inferred) {
+    if (!explicit) {
+        return inferred;
+    }
+    return DELIVERY_READINESS_RESTRICTIVENESS[explicit] <=
+        DELIVERY_READINESS_RESTRICTIVENESS[inferred]
+        ? explicit
+        : inferred;
+}
+function deriveCanonicalAccepted(input, deliveryState) {
+    if (deliveryState === "rejected") {
+        return false;
+    }
+    return input.accepted ?? true;
+}
+function isQueuedDeliveryState(deliveryState) {
+    return deliveryState === "queued_for_route" || deliveryState === "dispatching";
+}
+function inferQueuedReason(input, deliveryState, queued) {
+    if (!queued) {
+        return undefined;
+    }
+    if (input.queuedReason) {
+        return input.queuedReason;
+    }
+    if (deliveryState === "dispatching") {
+        return "awaiting_remote_ack";
+    }
+    if (deliveryState === "queued_for_route") {
+        return "route_not_established";
+    }
+    return undefined;
+}
+export function canonicalizeDeliveryReceipt(input) {
+    const inferredDeliveryState = inferLegacyDeliveryState(input, input.accepted ?? true);
+    const explicitDeliveryState = normalizeExplicitDeliveryState(input);
+    const deliveryState = explicitDeliveryState
+        ? chooseMoreRestrictiveDeliveryState(explicitDeliveryState, inferredDeliveryState)
+        : inferredDeliveryState;
+    const accepted = deriveCanonicalAccepted(input, deliveryState);
+    const delivered = deliveryState === "acked";
+    const queued = isQueuedDeliveryState(deliveryState);
+    const inferredSessionState = inferSessionStateFromDeliveryState(input.transport, deliveryState);
+    const sessionState = chooseMoreRestrictiveSessionState(input.transport, input.sessionState, inferredSessionState);
+    const inferredDeliveryReadiness = inferDeliveryReadinessFromState(input.transport, deliveryState, sessionState);
+    const deliveryReadiness = chooseMoreRestrictiveDeliveryReadiness(input.deliveryReadiness, inferredDeliveryReadiness);
+    const queuedReason = inferQueuedReason(input, deliveryState, queued);
+    return {
+        transport: input.transport,
+        delivered,
+        queued,
+        accepted,
+        deliveryState,
+        sessionState,
+        deliveryReadiness,
+        ...(queuedReason ? { queuedReason } : {}),
+    };
+}
+export function createAckedDeliveryReceipt(input) {
+    return canonicalizeDeliveryReceipt({
+        transport: input.transport,
+        delivered: true,
+        queued: false,
+        accepted: true,
+        deliveryState: "acked",
+        ...(input.sessionState ? { sessionState: input.sessionState } : {}),
+        ...(input.deliveryReadiness ? { deliveryReadiness: input.deliveryReadiness } : {}),
+    });
+}
+export function createQueuedForRouteReceipt(input) {
+    return canonicalizeDeliveryReceipt({
+        transport: input.transport,
+        delivered: false,
+        queued: true,
+        accepted: true,
+        deliveryState: "queued_for_route",
+        queuedReason: "route_not_established",
+        ...(input.sessionState ? { sessionState: input.sessionState } : {}),
+        ...(input.deliveryReadiness ? { deliveryReadiness: input.deliveryReadiness } : {}),
+    });
+}
+export function createDispatchingDeliveryReceipt(input) {
+    return canonicalizeDeliveryReceipt({
+        transport: input.transport,
+        delivered: false,
+        queued: true,
+        accepted: true,
+        deliveryState: "dispatching",
+        queuedReason: "awaiting_remote_ack",
+        ...(input.sessionState ? { sessionState: input.sessionState } : {}),
+        ...(input.deliveryReadiness ? { deliveryReadiness: input.deliveryReadiness } : {}),
+    });
+}
+export function createSentDeliveryReceipt(input) {
+    return canonicalizeDeliveryReceipt({
+        transport: input.transport,
+        delivered: false,
+        queued: false,
+        accepted: true,
+        deliveryState: "sent",
+        ...(input.sessionState ? { sessionState: input.sessionState } : {}),
+        ...(input.deliveryReadiness ? { deliveryReadiness: input.deliveryReadiness } : {}),
+    });
+}
+export function canonicalizeOutboxReceiptStatus(status) {
+    switch (status) {
+        case "queued":
+        case "queued_for_route":
+            return "queued_for_route";
+        case "dispatching":
+        case "acked":
+        case "expired":
+            return status;
+        default:
+            throw new Error(`[delivery-receipts] Unsupported outbox status: ${status}`);
+    }
+}
+//# sourceMappingURL=delivery-receipts.js.map

package/dist/network-runtime/direct-endpoint-authority.js

@@ -0,0 +1,26 @@
+function normalizeHost(host) {
+    return host.trim().toLowerCase();
+}
+export function isLoopbackDirectEndpointHost(host) {
+    const normalized = normalizeHost(host);
+    return (normalized === "localhost" ||
+        normalized === "::1" ||
+        normalized === "[::1]" ||
+        normalized.endsWith(".localhost") ||
+        /^127\./.test(normalized));
+}
+export function canonicalizeAuthoritativeDirectEndpoint(input) {
+    const rawHost = input.endpointHost?.trim();
+    const port = input.endpointPort;
+    if (!rawHost || typeof port !== "number" || !Number.isFinite(port)) {
+        return {};
+    }
+    if (isLoopbackDirectEndpointHost(rawHost)) {
+        return {};
+    }
+    return {
+        endpointHost: rawHost,
+        endpointPort: port,
+    };
+}
+//# sourceMappingURL=direct-endpoint-authority.js.map

package/dist/network-runtime/index.js

@@ -1 +1,13 @@
-import{$,$a,A,Aa,Ab,B,Ba,Bb,C,Ca,Cb,D,Da,Db,E,Ea,Eb,F,Fa,Fb,G,Ga,Gb,H,Ha,Hb,I,Ia,Ib,J,Ja,Jb,K,Ka,Kb,L,La,Lb,M,Ma,Mb,N,Na,Nb,O,Oa,Ob,P,Pa,Pb,Q,Qa,Qb,R,Ra,Rb,S,Sa,Sb,T,Ta,Tb,U,Ua,V,Va,W,Wa,X,Xa,Y,Ya,Z,Za,_,_a,a,aa,ab,b,ba,bb,c,ca,cb,d,da,db,e,ea,eb,f,fa,fb,g,ga,gb,h,ha,hb,i,ia,ib,j,ja,jb,k,ka,kb,l,la,lb,m,ma,mb,n,na,nb,o,oa,ob,p,pa,pb,q,qa,qb,r,ra,rb,s,sa,sb,t,ta,tb,u,ua,ub,v,va,vb,w,wa,wb,x,xa,xb,y,ya,yb,z,za,zb}from"../index-e1r4t0h0.js";import"../index-a2fr1b3x.js";export{Ea as resolveTrustedRuntimeErrorMessage,Aa as isValidPeerTransportTransition,wa as isValidPeerStateCombination,za as isValidPeerIdentityTransition,R as isSupportedNetworkRuntimeProtocolVersion,Ob as isLoopbackDirectEndpointHost,Rb as ensureOwnerEpochTable,ya as derivePeerStateFromLegacyStatus,Fa as createTrustedRuntimeError,K as createSentDeliveryReceipt,I as createQueuedForRouteReceipt,J as createDispatchingDeliveryReceipt,H as createAckedDeliveryReceipt,Ba as comparePeerMutationPrecedence,Sb as claimDbOwnerEpoch,L as canonicalizeOutboxReceiptStatus,G as canonicalizeDeliveryReceipt,Pb as canonicalizeAuthoritativeDirectEndpoint,Jb as canRefreshEndpoint,Hb as canRecordPendingPair,Nb as canMutateTrustedState,Kb as canHeartbeat,Ib as canCommitVerifiedPair,Mb as canAttemptDurableDelivery,Lb as canAttemptBestEffortTransport,S as assertSupportedNetworkRuntimeProtocolVersion,Tb as assertDbOwnership,U as TransportInviteTokenSchema,s as TransportEndpointAdvertisementSchema,p as TlsCaFingerprintSchema,Qb as StaleOwnerError,r as SigningPublicKeySchema,ca as SignedContinuityBindSchema,C as SessionStateSchema,A as RuntimeTransportSchema,Ua as RuntimeStatusSchema,Ia as RuntimeRunEventSchema,$ as RuntimeRegisterRequestSchema,Ja as RuntimeQueuedReceiptSchema,l as RuntimeOwnerRecordSchema,Z as RuntimeNodeAdvertisementSchema,Y as RuntimeIngressEnvelopeSchema,b as RuntimeIdSchema,N as RuntimeEventSchema,M as RuntimeEventKindSchema,Ma as RuntimeEventCursorSchema,Da as RuntimeErrorDiagnosticSchema,_ as RuntimeDiscoveryAdvertisementSchema,Ka as RuntimeDeliveryReceiptSchema,Eb as RuntimeBootstrapTlsSchema,Bb as RuntimeBootstrapRevisionSchema,Gb as RuntimeBootstrapRecordSchema,Cb as RuntimeBootstrapPhaseSchema,Fb as RuntimeBootstrapIdentitySchema,Db as RuntimeBootstrapControlEndpointSchema,Ta as RuntimeAutonomousLoopStatusSchema,Sa as RuntimeAutonomousLoopSafetyPolicySummarySchema,Va as RuntimeAutonomousLoopCommandSchema,Ga as RunResultSchema,Ca as RunRequestSchema,lb as RevokePeerResponseSchema,kb as RevokePeerRequestSchema,h as RevocationOperatorConfirmationSchema,g as RevocationGenerationSchema,i as RevocationDecisionSchema,Ha as ResumeRunRequestSchema,nb as RepairPeerResponseSchema,mb as RepairPeerRequestSchema,qa as RelayPendingResponseSchema,pa as RelayPendingRequestSchema,na as RelayPendingQuerySchema,oa as RelayPendingQueryJsonSchema,E as QueuedReasonSchema,d as PublicationRevisionSchema,n as PrincipalFingerprintSchema,Pa as PersistedInboxEventSchema,Wa as PendingPairRequestViewSchema,Xa as PendingInviteViewSchema,Qa as PeerViewEventSchema,ta as PeerTransportStateSchema,o as PeerTransportIdSchema,xa as PeerStateSnapshotSchema,ua as PeerMutationKindSchema,sa as PeerIdentityStateSchema,ha as PairRequestRouteBodySchema,ia as PairRequestRouteBodyJsonSchema,Za as PairRequestResponseSchema,Ya as PairRequestDecisionSchema,la as PairRelayRouteBodySchema,ma as PairRelayRouteBodyJsonSchema,aa as PairProposalSchema,j as OwnerGenerationSchema,F as OutboxReceiptStatusSchema,La as OutboundMessageSchema,O as NodePrincipalBindingRefSchema,c as NodeMetadataSchema,a as NodeIdSchema,v as NodeAdvertisementSchema,Q as NetworkRuntimeProtocolVersionSchema,fa as NetworkRouteRevokeRequestSchema,ga as NetworkRouteRevokeRequestJsonSchema,Ra as NearbyPeerViewSchema,P as NETWORK_RUNTIME_PROTOCOL_VERSION,da as MutationOperationSchema,ea as MutationEnvelopeSchema,q as LoopbackTlsIdentitySchema,w as LocalRuntimeSummarySchema,yb as LocalControlSocketSuccessResponseSchema,Ab as LocalControlSocketResponseSchema,xb as LocalControlSocketRequestSchema,wb as LocalControlSocketMethodSchema,zb as LocalControlSocketErrorResponseSchema,vb as LocalControlSocketDetachClientResponseSchema,ub as LocalControlSocketDetachClientRequestSchema,tb as LocalControlSocketAttachClientResponseSchema,sb as LocalControlSocketAttachClientRequestSchema,ob as LocalControlClientKindSchema,va as LegacyPeerRuntimeShapeSchema,ra as LegacyPeerRegistryStatusSchema,W as JoinRouteBodySchema,X as JoinRouteBodyJsonSchema,V as JoinRequestSchema,bb as InvitePeerResultSchema,ab as InvitePeerRequestSchema,Oa as InboxListRequestSchema,Na as InboxCursorSchema,t as InboxAddressSchema,e as EndpointRevisionSchema,z as DurableSubmitResultSchema,y as DurableDeliveryResultSchema,x as DurableDeliveryHandleSchema,jb as DirectPairResponseSchema,hb as DirectPairRequestSchema,ib as DirectPairRequestJsonSchema,B as DeliveryStateSchema,D as DeliveryReadinessSchema,k as DeliveryLifecycleRevisionSchema,T as DeliveryAckSchema,$a as CreateInviteResponseSchema,_a as CreateInviteRequestSchema,u as ControlEndpointAdvertisementSchema,ba as ContinuityStatementSchema,m as ClientIdSchema,gb as CancelInviteResponseSchema,fb as CancelInviteRequestSchema,f as BindingGenerationSchema,pb as AttachedClientViewSchema,qb as AttachedClientLeaseGrantSchema,rb as AttachedClientAuthSchema,eb as AcceptInviteTokenResponseSchema,db as AcceptInviteTokenRequestSchema,cb as AcceptInviteResponseSchema,ja as AcceptInviteRequestSchema,ka as AcceptInviteRequestBodyJsonSchema};
+export { RuntimeTransportSchema, DeliveryStateSchema, SessionStateSchema, DeliveryReadinessSchema, QueuedReasonSchema, OutboxReceiptStatusSchema, canonicalizeDeliveryReceipt, canonicalizeOutboxReceiptStatus, createAckedDeliveryReceipt, createQueuedForRouteReceipt, createDispatchingDeliveryReceipt, createSentDeliveryReceipt, } from "./delivery-receipts.js";
+export { NodeIdSchema, NodeMetadataSchema, RuntimeIdSchema, PublicationRevisionSchema, EndpointRevisionSchema, BindingGenerationSchema, RevocationGenerationSchema, RevocationOperatorConfirmationSchema, RevocationDecisionSchema, OwnerGenerationSchema, DeliveryLifecycleRevisionSchema, DurableDeliveryHandleSchema, DurableDeliveryResultSchema, DurableSubmitResultSchema, ClientIdSchema, PrincipalFingerprintSchema, PeerTransportIdSchema, SigningPublicKeySchema, TlsCaFingerprintSchema, LoopbackTlsIdentitySchema, TransportEndpointAdvertisementSchema, InboxAddressSchema, ControlEndpointAdvertisementSchema, NodeAdvertisementSchema, LocalRuntimeSummarySchema, } from "./address-types.js";
+export { NodePrincipalBindingRefSchema } from "./peer-principal-ref.js";
+export { PairRequestRouteBodySchema, PairRequestRouteBodyJsonSchema, AcceptInviteRequestSchema, AcceptInviteRequestBodyJsonSchema, PairRelayRouteBodySchema, PairRelayRouteBodyJsonSchema, RelayPendingQuerySchema, RelayPendingQueryJsonSchema, RelayPendingRequestSchema, RelayPendingResponseSchema, } from "./pair-route-contract.js";
+export { RunRequestSchema, RunResultSchema, RuntimeErrorDiagnosticSchema, createTrustedRuntimeError, resolveTrustedRuntimeErrorMessage, ResumeRunRequestSchema, RuntimeRunEventSchema, RuntimeQueuedReceiptSchema, RuntimeDeliveryReceiptSchema, OutboundMessageSchema, RuntimeEventCursorSchema, InboxCursorSchema, InboxListRequestSchema, AttachedClientViewSchema, AttachedClientLeaseGrantSchema, AttachedClientAuthSchema, PersistedInboxEventSchema, PeerViewEventSchema, NearbyPeerViewSchema, RuntimeAutonomousLoopSafetyPolicySummarySchema, RuntimeAutonomousLoopStatusSchema, RuntimeAutonomousLoopCommandSchema, RuntimeStatusSchema, PendingPairRequestViewSchema, PendingInviteViewSchema, PairRequestDecisionSchema, PairRequestResponseSchema, CreateInviteRequestSchema, CreateInviteResponseSchema, InvitePeerRequestSchema, InvitePeerResultSchema, AcceptInviteResponseSchema, AcceptInviteTokenRequestSchema, AcceptInviteTokenResponseSchema, CancelInviteRequestSchema, CancelInviteResponseSchema, DirectPairRequestSchema, DirectPairRequestJsonSchema, DirectPairResponseSchema, RevokePeerRequestSchema, RevokePeerResponseSchema, RepairPeerRequestSchema, RepairPeerResponseSchema, LocalControlClientKindSchema, LocalControlSocketAttachClientRequestSchema, LocalControlSocketAttachClientResponseSchema, LocalControlSocketDetachClientRequestSchema, LocalControlSocketDetachClientResponseSchema, LocalControlSocketMethodSchema, LocalControlSocketRequestSchema, LocalControlSocketSuccessResponseSchema, LocalControlSocketErrorResponseSchema, LocalControlSocketResponseSchema, } from "./local-control-contract.js";
+export { RuntimeOwnerRecordSchema, RuntimeEventKindSchema, RuntimeEventSchema, } from "./node-store-contract.js";
+export { RuntimeBootstrapRevisionSchema, RuntimeBootstrapPhaseSchema, RuntimeBootstrapControlEndpointSchema, RuntimeBootstrapTlsSchema, RuntimeBootstrapIdentitySchema, RuntimeBootstrapRecordSchema, } from "./runtime-bootstrap-contract.js";
+export { NETWORK_RUNTIME_PROTOCOL_VERSION, NetworkRuntimeProtocolVersionSchema, DeliveryAckSchema, TransportInviteTokenSchema, JoinRequestSchema, JoinRouteBodySchema, JoinRouteBodyJsonSchema, RuntimeIngressEnvelopeSchema, RuntimeNodeAdvertisementSchema, RuntimeDiscoveryAdvertisementSchema, RuntimeRegisterRequestSchema, PairProposalSchema, ContinuityStatementSchema, SignedContinuityBindSchema, MutationOperationSchema, MutationEnvelopeSchema, NetworkRouteRevokeRequestSchema, NetworkRouteRevokeRequestJsonSchema, isSupportedNetworkRuntimeProtocolVersion, assertSupportedNetworkRuntimeProtocolVersion, } from "./protocol-schemas.js";
+export { LegacyPeerRegistryStatusSchema, PeerIdentityStateSchema, PeerTransportStateSchema, PeerMutationKindSchema, LegacyPeerRuntimeShapeSchema, PeerStateSnapshotSchema, derivePeerStateFromLegacyStatus, isValidPeerStateCombination, isValidPeerIdentityTransition, isValidPeerTransportTransition, comparePeerMutationPrecedence, } from "./peer-state-machine.js";
+export { canRecordPendingPair, canCommitVerifiedPair, canRefreshEndpoint, canHeartbeat, canAttemptBestEffortTransport, canAttemptDurableDelivery, canMutateTrustedState, } from "./peer-capabilities.js";
+export { canonicalizeAuthoritativeDirectEndpoint, isLoopbackDirectEndpointHost, } from "./direct-endpoint-authority.js";
+export { StaleOwnerError, ensureOwnerEpochTable, claimDbOwnerEpoch, assertDbOwnership, } from "./db-owner-fencing.js";
+//# sourceMappingURL=index.js.map