@cloc/provider-ai-sdk 0.1.0

package/dist/request.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"request.js","sourceRoot":"","sources":["../src/request.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAWH,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AA8E9C,SAAS,SAAS,CAAC,IAAc;IAC/B,OAAO,CAAC,IAAI,EAAE,eAAe,IAAI,EAAE,CAAyB,CAAC;AAC/D,CAAC;AAED,iGAAiG;AACjG,SAAS,UAAU,CAAC,CAAS;IAC3B,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IAChD,MAAM,SAAS,GAAG,CAAC,CAAC,SAAwC,CAAC;IAC7D,OAAO,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;AAC5E,CAAC;AAED,MAAM,eAAe,GAAoB,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;AAEvD,4EAA4E;AAC5E,MAAM,YAAY,GAAG,CAAU,CAAC;AAEhC;;;;GAIG;AACH,SAAS,aAAa,CAAC,IAAa;IAClC,OAAO,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC;AACvC,CAAC;AAED,uGAAuG;AACvG,SAAS,kBAAkB,CAAC,CAA8B;IACxD,IAAI,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IACzB,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC;AACtD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,WAAW,CACzB,CAAS,EACT,CAAsB,EACtB,MAAe;IAEf,MAAM,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;IAC3B,MAAM,UAAU,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;IACjC,MAAM,YAAY,GAAG,KAAK,CAAC,YAA4D,CAAC;IACxF,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CACb,uJAAuJ,CACxJ,CAAC;IACJ,CAAC;IACD,MAAM,SAAS,GACb,kBAAkB,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,kBAAkB,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,eAAe,CAAC;IACrG,OAAO;QACL,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,SAAS;QACT,YAAY;QACZ,KAAK,EAAE,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;QACpD,IAAI,EAAE,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC;QAC/B,GAAG,CAAC,CAAC,EAAE,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrD,GAAG,CAAC,CAAC,EAAE,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAClD,GAAG,CAAC,CAAC,EAAE,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjE,GAAG,CAAC,CAAC,EAAE,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACxD,MAAM;QACN,GAAG,CAAC,KAAK,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5D,GAAG,CAAC,CAAC,EAAE,eAAe,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACnF,gGAAgG;QAChG,GAAG,CAAC,CAAC,EAAE,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACxD,GAAG,CAAC,CAAC,EAAE,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACxD,GAAG,CAAC,CAAC,EAAE,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5D,GAAG,CAAC,CAAC,EAAE,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9D,GAAG,CAAC,KAAK,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC/E,CAAC;AACJ,CAAC;AAED,oGAAoG;AACpG,MAAM,UAAU,eAAe,CAAC,IAAe;IAC7C,OAAO,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;AAC7E,CAAC"}

package/dist/safety.d.ts

@@ -0,0 +1,54 @@
+/**
+ * @cloc/provider-ai-sdk · safety.ts — data-not-instructions + provenance pass-through
+ * (FR-015, NFR-003, Constitution Principle 5).
+ *
+ * Grounded facts and EVERY tool result are DATA, never instructions: they are framed as inert
+ * data blocks in the prompt and never alter the loop's control flow. An injected string like
+ * "ignore previous instructions and …" arriving through grounding or a tool result is rendered
+ * as quoted data, not executed. Provenance attached to each fact is carried THROUGH to the
+ * Output so nothing ungrounded is ever asserted as fact (NFR-003).
+ */
+/** Provenance for one grounded fact — where the asserted value came from (NFR-003). */
+export interface Provenance {
+    /** e.g. "jobs.md", a DataSource id, a tool name. */
+    source: string;
+    /** Data version / blob ref for replay (§10 keys). */
+    ref?: string;
+}
+/** One grounded fact: an opaque value plus its provenance. */
+export interface GroundedFact {
+    value: unknown;
+    provenance: Provenance;
+}
+/** The grounded context handed to a turn — DATA, never instructions (FR-015). */
+export interface GroundedContext {
+    facts: ReadonlyArray<GroundedFact>;
+}
+/**
+ * Frame grounded facts as an inert, clearly-delimited DATA block for the model prompt. The
+ * delimiters + the explicit "treat as data" instruction are the control boundary: content
+ * inside is never interpreted as instructions (FR-015, Principle 5). Values are JSON-encoded so
+ * embedded prose cannot break out of the block.
+ *
+ * Hardening: the `source`/`ref` provenance annotations are model-influenced strings (they may flow
+ * from a connected source name), so the few characters that could forge a fact delimiter or line
+ * break (`[ ] \n \r \\`) are neutralized before interpolation — a `source` like `x] do this [` can
+ * no longer break out of its `[fact … source=…]` envelope (defense-in-depth, Principle 5). For a
+ * normal identifier like `jobs.md` this is a NO-OP, so existing output is unchanged.
+ */
+export declare function frameGroundingAsData(ctx: GroundedContext): string;
+/**
+ * Frame a tool RESULT as data before it re-enters the loop (FR-003 feedback path). Same rule:
+ * the result is observed as data, it does not steer control flow (FR-015).
+ *
+ * Hardening: the tool NAME rides in an XML attribute, so it is attribute-escaped — a crafted name
+ * like `x"><instruction>` can no longer break out of the `tool="…"` attribute or close the tag
+ * early. The result value is JSON-encoded (angle brackets survive only as quoted JSON; Principle 5).
+ */
+export declare function frameToolResultAsData(tool: string, result: unknown): string;
+/**
+ * The collected provenance to attach to the Output, deduplicated by source+ref so the Output
+ * carries the lineage of every grounded fact it drew on (NFR-003, data-model §3).
+ */
+export declare function collectProvenance(ctx: GroundedContext): Provenance[];
+//# sourceMappingURL=safety.d.ts.map

package/dist/safety.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"safety.d.ts","sourceRoot":"","sources":["../src/safety.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,uFAAuF;AACvF,MAAM,WAAW,UAAU;IACzB,oDAAoD;IACpD,MAAM,EAAE,MAAM,CAAC;IACf,qDAAqD;IACrD,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,8DAA8D;AAC9D,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,OAAO,CAAC;IACf,UAAU,EAAE,UAAU,CAAC;CACxB;AAED,iFAAiF;AACjF,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,aAAa,CAAC,YAAY,CAAC,CAAC;CACpC;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,eAAe,GAAG,MAAM,CAgBjE;AAED;;;;;;;GAOG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,MAAM,CAE3E;AAsBD;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,eAAe,GAAG,UAAU,EAAE,CAUpE"}

package/dist/safety.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"safety.js","sourceRoot":"","sources":["../src/safety.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAqBH;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,oBAAoB,CAAC,GAAoB;IACvD,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACtC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACnC,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAClC,MAAM,GAAG,GAAG,CAAC,CAAC,UAAU,CAAC,GAAG;YAC1B,CAAC,CAAC,GAAG,oBAAoB,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,oBAAoB,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE;YAC1F,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAC9C,OAAO,WAAW,CAAC,GAAG,CAAC,aAAa,GAAG,KAAK,OAAO,EAAE,CAAC;IACxD,CAAC,CAAC,CAAC;IACH,OAAO;QACL,iBAAiB;QACjB,2EAA2E;QAC3E,sFAAsF;QACtF,GAAG,KAAK;QACR,kBAAkB;KACnB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAY,EAAE,MAAe;IACjE,OAAO,sBAAsB,UAAU,CAAC,IAAI,CAAC,KAAK,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC;AACrF,CAAC;AAED,6FAA6F;AAC7F,SAAS,UAAU,CAAC,KAAa;IAC/B,OAAO,KAAK;SACT,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AAC7B,CAAC;AAED;;;;GAIG;AACH,SAAS,oBAAoB,CAAC,KAAa;IACzC,OAAO,KAAK,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE,CACzC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CACnD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAoB;IACpD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,EAAE,CAAC;QAC/D,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACd,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,UAAU,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;IACxH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,+FAA+F;AAC/F,SAAS,QAAQ,CAAC,KAAc;IAC9B,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IACvC,CAAC;AACH,CAAC"}

package/dist/secrets.d.ts

@@ -0,0 +1,51 @@
+/**
+ * @cloc/provider-ai-sdk · secrets.ts — the secrets-by-name boundary (FR-009, NFR-005, §73.2).
+ *
+ * The gateway credential is referenced BY NAME (`config.secretRef`) and resolved LAZILY through
+ * an injected secrets-provider handle — never read from `cloc.yml` / `AgentConfig`. The adapter
+ * declares a LEAST-PRIVILEGE `needs` descriptor (the gateway network host + the named secret);
+ * the kernel grants only those (Constitution Principle 9).
+ *
+ * This module owns no secrets-provider implementation — that is a host integration (env/vault/
+ * KMS). It mirrors the kernel's `SecretHandle` shape structurally so the kernel-supplied handle
+ * satisfies it without a runtime import of @cloc/kernel.
+ */
+import type { AgentConfig } from "./config.js";
+/** The gateway host the adapter talks to (the only network egress it `needs`). */
+export declare const GATEWAY_HOST = "ai-gateway.vercel.sh";
+/**
+ * A live, by-name handle to ONE secret. Structurally identical to @cloc/kernel's `SecretHandle`
+ * — the kernel passes its handle straight in. Resolution is lazy; the value never touches config.
+ */
+export interface SecretHandle {
+    readonly name: string;
+    resolve(): Promise<string | undefined>;
+}
+/**
+ * The least-privilege resource needs this plugin declares (FR-009, NFR-005). The kernel reads
+ * this off the manifest and grants exactly: egress to the gateway host + the one named secret.
+ */
+export interface AgentNeeds {
+    /** Network hosts the adapter may reach — hosted-first, gateway only. */
+    net: readonly string[];
+    /** Secret NAMES the adapter may resolve — exactly the configured `secretRef`. */
+    secrets: readonly string[];
+}
+/** Build the least-privilege `needs` descriptor for a given config (gateway host + secretRef). */
+export declare function needsFor(config: AgentConfig): AgentNeeds;
+/**
+ * Resolve the gateway credential BY NAME through the injected handle. Returns `undefined` when
+ * the handle denies it (undeclared / not present) — callers MUST treat a missing credential as a
+ * boot/config error, never fabricate one. The value is read here and nowhere else (FR-009).
+ *
+ * An empty / whitespace-only resolution is treated as ABSENT (returns `undefined`): a blank env var
+ * is a misconfiguration, not a usable key — surfacing it as `undefined` lets the gateway fall back
+ * to ambient/OIDC resolution rather than sending an empty Bearer token (defense-in-depth, NFR-005).
+ */
+export declare function resolveGatewayKey(handle: SecretHandle): Promise<string | undefined>;
+/**
+ * Guard: assert no secret VALUE leaked into the config surface. `parseAgentConfig` already
+ * rejects an inlined value in `secretRef`; this is a belt-and-braces check usable at boot.
+ */
+export declare function assertNoInlineSecret(config: AgentConfig): void;
+//# sourceMappingURL=secrets.d.ts.map

package/dist/secrets.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../src/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE/C,kFAAkF;AAClF,eAAO,MAAM,YAAY,yBAAyB,CAAC;AAEnD;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;CACxC;AAED;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB,wEAAwE;IACxE,GAAG,EAAE,SAAS,MAAM,EAAE,CAAC;IACvB,iFAAiF;IACjF,OAAO,EAAE,SAAS,MAAM,EAAE,CAAC;CAC5B;AAED,kGAAkG;AAClG,wBAAgB,QAAQ,CAAC,MAAM,EAAE,WAAW,GAAG,UAAU,CAExD;AAED;;;;;;;;GAQG;AACH,wBAAsB,iBAAiB,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAKzF;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI,CAO9D"}

package/dist/secrets.js

@@ -0,0 +1,47 @@
+/**
+ * @cloc/provider-ai-sdk · secrets.ts — the secrets-by-name boundary (FR-009, NFR-005, §73.2).
+ *
+ * The gateway credential is referenced BY NAME (`config.secretRef`) and resolved LAZILY through
+ * an injected secrets-provider handle — never read from `cloc.yml` / `AgentConfig`. The adapter
+ * declares a LEAST-PRIVILEGE `needs` descriptor (the gateway network host + the named secret);
+ * the kernel grants only those (Constitution Principle 9).
+ *
+ * This module owns no secrets-provider implementation — that is a host integration (env/vault/
+ * KMS). It mirrors the kernel's `SecretHandle` shape structurally so the kernel-supplied handle
+ * satisfies it without a runtime import of @cloc/kernel.
+ */
+/** The gateway host the adapter talks to (the only network egress it `needs`). */
+export const GATEWAY_HOST = "ai-gateway.vercel.sh";
+/** Build the least-privilege `needs` descriptor for a given config (gateway host + secretRef). */
+export function needsFor(config) {
+    return { net: [GATEWAY_HOST], secrets: [config.secretRef] };
+}
+/**
+ * Resolve the gateway credential BY NAME through the injected handle. Returns `undefined` when
+ * the handle denies it (undeclared / not present) — callers MUST treat a missing credential as a
+ * boot/config error, never fabricate one. The value is read here and nowhere else (FR-009).
+ *
+ * An empty / whitespace-only resolution is treated as ABSENT (returns `undefined`): a blank env var
+ * is a misconfiguration, not a usable key — surfacing it as `undefined` lets the gateway fall back
+ * to ambient/OIDC resolution rather than sending an empty Bearer token (defense-in-depth, NFR-005).
+ */
+export async function resolveGatewayKey(handle) {
+    const value = await handle.resolve();
+    if (value === undefined || value === null)
+        return undefined;
+    const trimmed = String(value).trim();
+    return trimmed.length > 0 ? trimmed : undefined;
+}
+/**
+ * Guard: assert no secret VALUE leaked into the config surface. `parseAgentConfig` already
+ * rejects an inlined value in `secretRef`; this is a belt-and-braces check usable at boot.
+ */
+export function assertNoInlineSecret(config) {
+    // `secretRef` is the ONLY credential field; it is a name (enforced in config.ts). There is no
+    // field on AgentConfig that carries a value, so a leaked value is structurally impossible here.
+    // Kept as an explicit invariant the conformance suite can assert against (data-model §5 rule).
+    if (config.secretRef.length === 0) {
+        throw new Error("agent.secretRef is required (the gateway credential NAME) — FR-009");
+    }
+}
+//# sourceMappingURL=secrets.js.map

package/dist/secrets.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../src/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,kFAAkF;AAClF,MAAM,CAAC,MAAM,YAAY,GAAG,sBAAsB,CAAC;AAsBnD,kGAAkG;AAClG,MAAM,UAAU,QAAQ,CAAC,MAAmB;IAC1C,OAAO,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,EAAE,OAAO,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,MAAoB;IAC1D,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC;IACrC,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,SAAS,CAAC;IAC5D,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;AAClD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAmB;IACtD,8FAA8F;IAC9F,gGAAgG;IAChG,+FAA+F;IAC/F,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IACxF,CAAC;AACH,CAAC"}

package/dist/skills-loader.d.ts

@@ -0,0 +1,76 @@
+/**
+ * @cloc/provider-ai-sdk · skills-loader.ts — the three-level progressive-disclosure loader for
+ * `SKILL.md` skills the render Agent activates (027-agentic-primitives §16b.1; FR-004, FR-005,
+ * FR-006, FR-014, NFR-008).
+ *
+ * Skills load by Discovery → Activation → Execution:
+ *   - level 1 (Discovery):  ONLY `manifest.name` + `manifest.description` enter the render prompt;
+ *   - level 2 (Activation): the full SKILL.md Markdown body loads ONLY when a request matches;
+ *   - level 3 (Execution):  bundled scripts/references/templates are read or run ON DEMAND — the
+ *                           script's SOURCE is NEVER loaded into the model context, and executing a
+ *                           bundled script clears the §58 policy gate FIRST (FR-014).
+ *
+ * The SKILL.md *recipe* (front-matter + body + references) is a committed FACT under `.cloc/skills/`
+ * (§13.1, §45); any CODE a skill bakes is cached OUTSIDE the repo and never committed (FR-006). This
+ * loader exposes the recipe and routes bake/exec through a repo-EXTERNAL path, never writing code
+ * back into the data repo (Principle 1).
+ *
+ * Vendor edge: NONE. This module turns the core's vendor-free `SkillRef` shapes (@cloc/core) into
+ * the level-1 prompt fragment + the gated activation/execution helpers the loop uses; the model SDK
+ * is touched only in tool-loop.ts.
+ */
+import type { SkillRef, SkillBody, SkillManifest, BundledResource, PolicyGateHook } from "./tokens.js";
+/** The level-1 metadata that is the ONLY skill surface entering the render prompt by default. */
+export interface SkillMetadataLine {
+    readonly id: string;
+    readonly name: string;
+    readonly description: string;
+}
+/**
+ * Render the level-1 (Discovery) skill metadata for the prompt — `name` + `description` ONLY, never
+ * the body or bundled bytes (§16b.1, FR-005). This is the "just enough for the model to know when
+ * each skill should be used" fragment; it keeps the prompt small (the ~84% token reduction §16b.2).
+ */
+export declare function skillMetadata(skills: ReadonlyArray<SkillRef>): SkillMetadataLine[];
+/**
+ * Frame the level-1 skill metadata as an inert prompt block. ONLY name+description appear — the
+ * body and bundled files are absent until activation/execution (FR-005, NFR-002). Returns "" when
+ * no skills are enabled so a baseline render adds nothing to the prompt (FR-002, acceptance #1).
+ */
+export declare function frameSkillsForPrompt(skills: ReadonlyArray<SkillRef>): string;
+/** A degrade outcome — a gate denial that proceeds without the capability, attributably (FR-021). */
+export interface SkillGateDenied {
+    readonly ok: false;
+    readonly reason: string;
+}
+/** Activation succeeded — the level-2 body is now available (the loop may feed it in). */
+export interface SkillActivated {
+    readonly ok: true;
+    readonly id: string;
+    readonly manifest: SkillManifest;
+    readonly body: SkillBody;
+}
+export type ActivateResult = SkillActivated | SkillGateDenied;
+/**
+ * Level-2 ACTIVATION: load the full `SKILL.md` body for a matched skill, AFTER clearing the §58
+ * gate (`kind: 'skill', level: 2`). A denial DEGRADES — it returns `{ ok: false, reason }` so the
+ * render proceeds without the skill rather than crashing or bypassing the gate (FR-014, FR-021).
+ */
+export declare function activateSkill(skill: SkillRef, gate: PolicyGateHook): Promise<ActivateResult>;
+/** Execution succeeded — the bundled resource's bytes (NOT its source-in-context) are available. */
+export interface BundledOpened {
+    readonly ok: true;
+    readonly path: string;
+    readonly kind: BundledResource["kind"];
+    readonly bytes: Uint8Array;
+}
+export type OpenBundledResult = BundledOpened | SkillGateDenied;
+/**
+ * Level-3 EXECUTION: read or run a bundled resource ON DEMAND, AFTER clearing the §58 gate
+ * (`kind: 'skill', level: 3`). The script's SOURCE is never loaded into the model context — the
+ * runner calls `resource.open()` only after the gate clears, holding bundled-script execution to
+ * the SAME banned-pattern/allowlist/budget gate as generated code (§58, §16b.1, FR-014). A denial
+ * DEGRADES (FR-021).
+ */
+export declare function openBundled(skillId: string, resource: BundledResource, gate: PolicyGateHook): Promise<OpenBundledResult>;
+//# sourceMappingURL=skills-loader.d.ts.map

package/dist/skills-loader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skills-loader.d.ts","sourceRoot":"","sources":["../src/skills-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,EACV,QAAQ,EACR,SAAS,EACT,aAAa,EACb,eAAe,EACf,cAAc,EAEf,MAAM,aAAa,CAAC;AAErB,iGAAiG;AACjG,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,aAAa,CAAC,QAAQ,CAAC,GAAG,iBAAiB,EAAE,CAMlF;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,aAAa,CAAC,QAAQ,CAAC,GAAG,MAAM,CAe5E;AAWD,qGAAqG;AACrG,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,EAAE,KAAK,CAAC;IACnB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED,0FAA0F;AAC1F,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC;IAClB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC;IACjC,QAAQ,CAAC,IAAI,EAAE,SAAS,CAAC;CAC1B;AAED,MAAM,MAAM,cAAc,GAAG,cAAc,GAAG,eAAe,CAAC;AAE9D;;;;GAIG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,QAAQ,EACf,IAAI,EAAE,cAAc,GACnB,OAAO,CAAC,cAAc,CAAC,CAOzB;AAED,oGAAoG;AACpG,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC;IAClB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC;IACvC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;CAC5B;AAED,MAAM,MAAM,iBAAiB,GAAG,aAAa,GAAG,eAAe,CAAC;AAEhE;;;;;;GAMG;AACH,wBAAsB,WAAW,CAC/B,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,eAAe,EACzB,IAAI,EAAE,cAAc,GACnB,OAAO,CAAC,iBAAiB,CAAC,CAW5B"}

package/dist/skills-loader.js

@@ -0,0 +1,99 @@
+/**
+ * @cloc/provider-ai-sdk · skills-loader.ts — the three-level progressive-disclosure loader for
+ * `SKILL.md` skills the render Agent activates (027-agentic-primitives §16b.1; FR-004, FR-005,
+ * FR-006, FR-014, NFR-008).
+ *
+ * Skills load by Discovery → Activation → Execution:
+ *   - level 1 (Discovery):  ONLY `manifest.name` + `manifest.description` enter the render prompt;
+ *   - level 2 (Activation): the full SKILL.md Markdown body loads ONLY when a request matches;
+ *   - level 3 (Execution):  bundled scripts/references/templates are read or run ON DEMAND — the
+ *                           script's SOURCE is NEVER loaded into the model context, and executing a
+ *                           bundled script clears the §58 policy gate FIRST (FR-014).
+ *
+ * The SKILL.md *recipe* (front-matter + body + references) is a committed FACT under `.cloc/skills/`
+ * (§13.1, §45); any CODE a skill bakes is cached OUTSIDE the repo and never committed (FR-006). This
+ * loader exposes the recipe and routes bake/exec through a repo-EXTERNAL path, never writing code
+ * back into the data repo (Principle 1).
+ *
+ * Vendor edge: NONE. This module turns the core's vendor-free `SkillRef` shapes (@cloc/core) into
+ * the level-1 prompt fragment + the gated activation/execution helpers the loop uses; the model SDK
+ * is touched only in tool-loop.ts.
+ */
+/**
+ * Render the level-1 (Discovery) skill metadata for the prompt — `name` + `description` ONLY, never
+ * the body or bundled bytes (§16b.1, FR-005). This is the "just enough for the model to know when
+ * each skill should be used" fragment; it keeps the prompt small (the ~84% token reduction §16b.2).
+ */
+export function skillMetadata(skills) {
+    return skills.map((s) => ({
+        id: s.id,
+        name: s.manifest.name,
+        description: s.manifest.description,
+    }));
+}
+/**
+ * Frame the level-1 skill metadata as an inert prompt block. ONLY name+description appear — the
+ * body and bundled files are absent until activation/execution (FR-005, NFR-002). Returns "" when
+ * no skills are enabled so a baseline render adds nothing to the prompt (FR-002, acceptance #1).
+ */
+export function frameSkillsForPrompt(skills) {
+    if (skills.length === 0)
+        return "";
+    const lines = skillMetadata(skills).map(
+    // `id`/`name`/`description` come from a SKILL.md manifest (model-influenced bytes), so any line
+    // break or `[ ]` is neutralized — a crafted description can't forge a new `[skill …]` envelope
+    // or inject a directive line into the prompt block (defense-in-depth, §16b.1; mirrors safety.ts).
+    (m) => `  [skill ${neutralize(m.id)}] ${neutralize(m.name)}: ${neutralize(m.description)}`);
+    return [
+        "<available-skills>",
+        "These SKILLs may help. Only their name+description are shown; request a skill by name to load",
+        "its full instructions (this is progressive disclosure — the body is NOT loaded yet).",
+        ...lines,
+        "</available-skills>",
+    ].join("\n");
+}
+/**
+ * Neutralize the characters in a skill-metadata field that could forge a `[skill …]` envelope or a
+ * line break (`[`, `]`, `\n`, `\r`, `\\`) when interpolated into the prompt block. A backslash-escape
+ * keeps the value human-readable; NO-OP for normal names/descriptions (mirrors safety.ts framing).
+ */
+function neutralize(value) {
+    return value.replace(/[\\[\]\r\n]/g, (c) => (c === "\n" ? "\\n" : c === "\r" ? "\\r" : `\\${c}`));
+}
+/**
+ * Level-2 ACTIVATION: load the full `SKILL.md` body for a matched skill, AFTER clearing the §58
+ * gate (`kind: 'skill', level: 2`). A denial DEGRADES — it returns `{ ok: false, reason }` so the
+ * render proceeds without the skill rather than crashing or bypassing the gate (FR-014, FR-021).
+ */
+export async function activateSkill(skill, gate) {
+    const decision = await gate.check({ kind: "skill", skill: skill.id, level: 2 });
+    if (!decision.allow) {
+        return { ok: false, reason: gateReason(decision, `skill "${skill.id}" activation denied`) };
+    }
+    const body = await skill.loadBody();
+    return { ok: true, id: skill.id, manifest: skill.manifest, body };
+}
+/**
+ * Level-3 EXECUTION: read or run a bundled resource ON DEMAND, AFTER clearing the §58 gate
+ * (`kind: 'skill', level: 3`). The script's SOURCE is never loaded into the model context — the
+ * runner calls `resource.open()` only after the gate clears, holding bundled-script execution to
+ * the SAME banned-pattern/allowlist/budget gate as generated code (§58, §16b.1, FR-014). A denial
+ * DEGRADES (FR-021).
+ */
+export async function openBundled(skillId, resource, gate) {
+    const decision = await gate.check({ kind: "skill", skill: skillId, level: 3 });
+    if (!decision.allow) {
+        return {
+            ok: false,
+            reason: gateReason(decision, `skill "${skillId}" bundled "${resource.path}" execution denied`),
+        };
+    }
+    // The gate cleared: only NOW is the resource read/executed (its source never entered context).
+    const bytes = await resource.open();
+    return { ok: true, path: resource.path, kind: resource.kind, bytes };
+}
+/** A truthy, attributable reason for a degrade (FR-021, NFR-004). */
+function gateReason(decision, fallback) {
+    return decision.reason && decision.reason.length > 0 ? decision.reason : fallback;
+}
+//# sourceMappingURL=skills-loader.js.map

package/dist/skills-loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"skills-loader.js","sourceRoot":"","sources":["../src/skills-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAkBH;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,MAA+B;IAC3D,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACxB,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI;QACrB,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW;KACpC,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAA+B;IAClE,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACnC,MAAM,KAAK,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG;IACrC,gGAAgG;IAChG,+FAA+F;IAC/F,kGAAkG;IAClG,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,CAC3F,CAAC;IACF,OAAO;QACL,oBAAoB;QACpB,+FAA+F;QAC/F,sFAAsF;QACtF,GAAG,KAAK;QACR,qBAAqB;KACtB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,SAAS,UAAU,CAAC,KAAa;IAC/B,OAAO,KAAK,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;AACpG,CAAC;AAkBD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAe,EACf,IAAoB;IAEpB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;IAChF,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACpB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,QAAQ,EAAE,UAAU,KAAK,CAAC,EAAE,qBAAqB,CAAC,EAAE,CAAC;IAC9F,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE,CAAC;IACpC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,CAAC,EAAE,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC;AACpE,CAAC;AAYD;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,OAAe,EACf,QAAyB,EACzB,IAAoB;IAEpB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;IAC/E,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACpB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,UAAU,CAAC,QAAQ,EAAE,UAAU,OAAO,cAAc,QAAQ,CAAC,IAAI,oBAAoB,CAAC;SAC/F,CAAC;IACJ,CAAC;IACD,+FAA+F;IAC/F,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACpC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC;AACvE,CAAC;AAED,qEAAqE;AACrE,SAAS,UAAU,CAAC,QAAsB,EAAE,QAAgB;IAC1D,OAAO,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC;AACpF,CAAC"}

package/dist/stream.d.ts

@@ -0,0 +1,58 @@
+/**
+ * @cloc/provider-ai-sdk · stream.ts — the partial-object stream adapter (FR-011, NFR-007, §60).
+ *
+ * Synthesized regions stream in as the model produces them so the projector renders KNOWN FIELDS
+ * of a half-arrived plan without blocking (low TTFB, §60). This maps the AI SDK v6 partial-object
+ * stream → the adapter's {@link StreamChunk} (and the core's `Delta`): `partial-object` deltas,
+ * interleaved `tool-call`/`tool-result` loop events, ending in a terminal `final` validated Output
+ * — or an `error`. On error/exhaustion ANY already-streamed partial is INVALIDATED: the stream
+ * ends WITHOUT a `final` the runtime could mistake for completion (edge case, data-model §4).
+ *
+ * AI SDK v6 surface (verified, not stale memory): `streamText({ ..., output: Output.object(...) })`
+ * exposes `result.experimental_partialOutputStream` (async-iterable partial objects) and
+ * `result.fullStream` (tool-call/tool-result/finish parts). `result.experimental_output` resolves
+ * the final typed object. We do not assume property names beyond these v6 docs shapes.
+ */
+import type { Delta, Output, StandardSchema } from "./tokens.js";
+import type { StructuredOutput } from "./output.js";
+import type { LoopEvent } from "./tool-loop.js";
+/** Adapter stream chunk (contracts/agent-provider.ts StreamChunk). `TPlan` is the kit plan type. */
+export type StreamChunk<TPlan = unknown> = {
+    kind: "partial-object";
+    value: Partial<TPlan>;
+} | {
+    kind: "tool-call";
+    tool: string;
+    args: unknown;
+} | {
+    kind: "tool-result";
+    tool: string;
+    result: unknown;
+} | {
+    kind: "final";
+    output: StructuredOutput<TPlan>;
+} | {
+    kind: "error";
+    error: {
+        code: string;
+        message: string;
+        fatal: boolean;
+    };
+};
+/** Map a loop event to its stream chunk. */
+export declare function loopEventToChunk<TPlan>(event: LoopEvent): StreamChunk<TPlan>;
+/** Wrap a half-arrived plan snapshot as a `partial-object` chunk (parse-and-heal input, §60). */
+export declare function partialChunk<TPlan>(value: Partial<TPlan>): StreamChunk<TPlan>;
+/**
+ * Lower an adapter {@link StreamChunk} to the core's vendor-free `Delta` (the surface
+ * `AgentProvider.stream` actually yields). `partial-object` and the loop events become a
+ * `{ kind: "partial", patch }`; the terminal validated Output becomes `{ kind: "final", output }`.
+ * On `error` we DO NOT emit a `final` — the agent throws/rejects the iterator instead so the
+ * runtime never mistakes a failed stream for completion (output.ts §3 rule; core Delta contract).
+ *
+ * `schema` brands the final payload's `Output` (the core requires the validated schema on it).
+ */
+export declare function chunkToDelta<TPlan>(chunk: StreamChunk<TPlan>, schema: StandardSchema<unknown>): Delta | undefined;
+/** Brand a validated {@link StructuredOutput} as the core's `Output` (a typed UI plan, never markup). */
+export declare function toCoreOutput<TPlan>(output: StructuredOutput<TPlan>, schema: StandardSchema<unknown>): Output;
+//# sourceMappingURL=stream.d.ts.map

package/dist/stream.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stream.d.ts","sourceRoot":"","sources":["../src/stream.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AACjE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAEhD,oGAAoG;AACpG,MAAM,MAAM,WAAW,CAAC,KAAK,GAAG,OAAO,IACnC;IAAE,IAAI,EAAE,gBAAgB,CAAC;IAAC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,CAAA;CAAE,GACjD;IAAE,IAAI,EAAE,WAAW,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,OAAO,CAAA;CAAE,GAClD;IAAE,IAAI,EAAE,aAAa,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,OAAO,CAAA;CAAE,GACtD;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAA;CAAE,GAClD;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,OAAO,CAAA;KAAE,CAAA;CAAE,CAAC;AAEhF,4CAA4C;AAC5C,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,CAI5E;AAED,iGAAiG;AACjG,wBAAgB,YAAY,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,CAE7E;AAED;;;;;;;;GAQG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAChC,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,EACzB,MAAM,EAAE,cAAc,CAAC,OAAO,CAAC,GAC9B,KAAK,GAAG,SAAS,CAcnB;AAED,yGAAyG;AACzG,wBAAgB,YAAY,CAAC,KAAK,EAChC,MAAM,EAAE,gBAAgB,CAAC,KAAK,CAAC,EAC/B,MAAM,EAAE,cAAc,CAAC,OAAO,CAAC,GAC9B,MAAM,CAMR"}

package/dist/stream.js

@@ -0,0 +1,59 @@
+/**
+ * @cloc/provider-ai-sdk · stream.ts — the partial-object stream adapter (FR-011, NFR-007, §60).
+ *
+ * Synthesized regions stream in as the model produces them so the projector renders KNOWN FIELDS
+ * of a half-arrived plan without blocking (low TTFB, §60). This maps the AI SDK v6 partial-object
+ * stream → the adapter's {@link StreamChunk} (and the core's `Delta`): `partial-object` deltas,
+ * interleaved `tool-call`/`tool-result` loop events, ending in a terminal `final` validated Output
+ * — or an `error`. On error/exhaustion ANY already-streamed partial is INVALIDATED: the stream
+ * ends WITHOUT a `final` the runtime could mistake for completion (edge case, data-model §4).
+ *
+ * AI SDK v6 surface (verified, not stale memory): `streamText({ ..., output: Output.object(...) })`
+ * exposes `result.experimental_partialOutputStream` (async-iterable partial objects) and
+ * `result.fullStream` (tool-call/tool-result/finish parts). `result.experimental_output` resolves
+ * the final typed object. We do not assume property names beyond these v6 docs shapes.
+ */
+import { partial as coreDelta, final as coreFinal, makeOutput } from "@cloc/core";
+/** Map a loop event to its stream chunk. */
+export function loopEventToChunk(event) {
+    return event.kind === "tool-call"
+        ? { kind: "tool-call", tool: event.tool, args: event.args }
+        : { kind: "tool-result", tool: event.tool, result: event.result };
+}
+/** Wrap a half-arrived plan snapshot as a `partial-object` chunk (parse-and-heal input, §60). */
+export function partialChunk(value) {
+    return { kind: "partial-object", value };
+}
+/**
+ * Lower an adapter {@link StreamChunk} to the core's vendor-free `Delta` (the surface
+ * `AgentProvider.stream` actually yields). `partial-object` and the loop events become a
+ * `{ kind: "partial", patch }`; the terminal validated Output becomes `{ kind: "final", output }`.
+ * On `error` we DO NOT emit a `final` — the agent throws/rejects the iterator instead so the
+ * runtime never mistakes a failed stream for completion (output.ts §3 rule; core Delta contract).
+ *
+ * `schema` brands the final payload's `Output` (the core requires the validated schema on it).
+ */
+export function chunkToDelta(chunk, schema) {
+    switch (chunk.kind) {
+        case "partial-object":
+            return coreDelta({ partialPlan: chunk.value });
+        case "tool-call":
+            return coreDelta({ toolCall: { tool: chunk.tool, args: chunk.args } });
+        case "tool-result":
+            return coreDelta({ toolResult: { tool: chunk.tool, result: chunk.result } });
+        case "final":
+            return coreFinal(toCoreOutput(chunk.output, schema));
+        case "error":
+            // The agent surfaces errors by rejecting the iterator (never a fabricated `final`).
+            return undefined;
+    }
+}
+/** Brand a validated {@link StructuredOutput} as the core's `Output` (a typed UI plan, never markup). */
+export function toCoreOutput(output, schema) {
+    return makeOutput({
+        // The kit plan IS the UI-plan / IR node tree the RenderEngine later lowers (output.ts §3).
+        plan: output.plan,
+        schema,
+    });
+}
+//# sourceMappingURL=stream.js.map

package/dist/stream.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stream.js","sourceRoot":"","sources":["../src/stream.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,OAAO,IAAI,SAAS,EAAE,KAAK,IAAI,SAAS,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAalF,4CAA4C;AAC5C,MAAM,UAAU,gBAAgB,CAAQ,KAAgB;IACtD,OAAO,KAAK,CAAC,IAAI,KAAK,WAAW;QAC/B,CAAC,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE;QAC3D,CAAC,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;AACtE,CAAC;AAED,iGAAiG;AACjG,MAAM,UAAU,YAAY,CAAQ,KAAqB;IACvD,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;AAC3C,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,YAAY,CAC1B,KAAyB,EACzB,MAA+B;IAE/B,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,gBAAgB;YACnB,OAAO,SAAS,CAAC,EAAE,WAAW,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;QACjD,KAAK,WAAW;YACd,OAAO,SAAS,CAAC,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACzE,KAAK,aAAa;YAChB,OAAO,SAAS,CAAC,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC/E,KAAK,OAAO;YACV,OAAO,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;QACvD,KAAK,OAAO;YACV,oFAAoF;YACpF,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED,yGAAyG;AACzG,MAAM,UAAU,YAAY,CAC1B,MAA+B,EAC/B,MAA+B;IAE/B,OAAO,UAAU,CAAC;QAChB,2FAA2F;QAC3F,IAAI,EAAE,MAAM,CAAC,IAAa;QAC1B,MAAM;KACP,CAAC,CAAC;AACL,CAAC"}

package/dist/tokens.d.ts

@@ -0,0 +1,17 @@
+/**
+ * @cloc/provider-ai-sdk · tokens.ts — re-export the AgentProvider ref this adapter answers,
+ * and pull in the vendor-free contract TYPES from @cloc/core (FR-002, data-model §1).
+ *
+ * This is the ONLY seam the adapter binds: `AgentProviderRef` selects exactly one
+ * AgentProvider per environment (§32 / §75.3). Downstream modules type-check against the
+ * core contract — never against an AI SDK / AI Gateway type — so no vendor type leaks across
+ * the public signature (FR-002, Constitution Principle 8).
+ *
+ * NOTE: the model is a swappable FIELD (`GenOpts.model: ModelRef`), never part of this
+ * contract; the token/package/capability names carry no "model" (FR-014).
+ */
+export { AgentProviderRef } from "@cloc/core";
+export type { AgentProvider, GenOpts, Prompt, StructuredPrompt, Output, OutputPayload, Delta, PlanNode, ModelRef, StandardSchema, StandardSchemaV1, ProviderRef, } from "@cloc/core";
+export type { SkillRef, SkillManifest, SkillBody, BundledResource, DisclosureLevel, MemoryStore, MemoryBackend, MemoryOp, ToolDef, ToolSet as CoreToolSet, ToolSource, ToolLoop, LoopOpts, StopCondition, StepContext, StepDirective, PrepareStep, PolicyGateHook, PrimitiveAccess, GateDecision, } from "@cloc/core";
+export { isStopTool, validateSkillManifest, isValidSkillName, isValidSkillDescription, stepCountIs as coreStepCountIs, hasToolCall as coreHasToolCall, isLoopFinished as coreIsLoopFinished, defaultStopCondition, DEFAULT_STEP_COUNT, MEMORY_ROLE, ALLOW_ALL_GATE, } from "@cloc/core";
+//# sourceMappingURL=tokens.d.ts.map

package/dist/tokens.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokens.d.ts","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAG9C,YAAY,EACV,aAAa,EACb,OAAO,EACP,MAAM,EACN,gBAAgB,EAChB,MAAM,EACN,aAAa,EACb,KAAK,EACL,QAAQ,EACR,QAAQ,EACR,cAAc,EACd,gBAAgB,EAChB,WAAW,GACZ,MAAM,YAAY,CAAC;AAUpB,YAAY,EAEV,QAAQ,EACR,aAAa,EACb,SAAS,EACT,eAAe,EACf,eAAe,EAEf,WAAW,EACX,aAAa,EACb,QAAQ,EAER,OAAO,EACP,OAAO,IAAI,WAAW,EACtB,UAAU,EAEV,QAAQ,EACR,QAAQ,EACR,aAAa,EACb,WAAW,EACX,aAAa,EACb,WAAW,EAEX,cAAc,EACd,eAAe,EACf,YAAY,GACb,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,UAAU,EACV,qBAAqB,EACrB,gBAAgB,EAChB,uBAAuB,EACvB,WAAW,IAAI,eAAe,EAC9B,WAAW,IAAI,eAAe,EAC9B,cAAc,IAAI,kBAAkB,EACpC,oBAAoB,EACpB,kBAAkB,EAClB,WAAW,EACX,cAAc,GACf,MAAM,YAAY,CAAC"}

package/dist/tokens.js

@@ -0,0 +1,17 @@
+/**
+ * @cloc/provider-ai-sdk · tokens.ts — re-export the AgentProvider ref this adapter answers,
+ * and pull in the vendor-free contract TYPES from @cloc/core (FR-002, data-model §1).
+ *
+ * This is the ONLY seam the adapter binds: `AgentProviderRef` selects exactly one
+ * AgentProvider per environment (§32 / §75.3). Downstream modules type-check against the
+ * core contract — never against an AI SDK / AI Gateway type — so no vendor type leaks across
+ * the public signature (FR-002, Constitution Principle 8).
+ *
+ * NOTE: the model is a swappable FIELD (`GenOpts.model: ModelRef`), never part of this
+ * contract; the token/package/capability names carry no "model" (FR-014).
+ */
+// The token (value) the kernel resolves this plugin against. EXACTLY ONE wins (§32).
+export { AgentProviderRef } from "@cloc/core";
+// Agentic runtime helpers (pure, vendor-free) the runner reuses from the core contract.
+export { isStopTool, validateSkillManifest, isValidSkillName, isValidSkillDescription, stepCountIs as coreStepCountIs, hasToolCall as coreHasToolCall, isLoopFinished as coreIsLoopFinished, defaultStopCondition, DEFAULT_STEP_COUNT, MEMORY_ROLE, ALLOW_ALL_GATE, } from "@cloc/core";
+//# sourceMappingURL=tokens.js.map

package/dist/tokens.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokens.js","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,qFAAqF;AACrF,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAsD9C,wFAAwF;AACxF,OAAO,EACL,UAAU,EACV,qBAAqB,EACrB,gBAAgB,EAChB,uBAAuB,EACvB,WAAW,IAAI,eAAe,EAC9B,WAAW,IAAI,eAAe,EAC9B,cAAc,IAAI,kBAAkB,EACpC,oBAAoB,EACpB,kBAAkB,EAClB,WAAW,EACX,cAAc,GACf,MAAM,YAAY,CAAC"}