@company-semantics/contracts 0.23.1 → 0.25.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -2
- package/src/guards/config.ts +21 -0
- package/src/guards/index.ts +1 -0
- package/src/mcp/index.ts +4 -0
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@company-semantics/contracts",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.25.0",
|
|
4
4
|
"private": false,
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -55,7 +55,7 @@
|
|
|
55
55
|
"guard:version-tag:json": "npx tsx scripts/ci/version-tag-guard.ts --json",
|
|
56
56
|
"guard:test": "vitest run scripts/ci/__tests__",
|
|
57
57
|
"release": "npx tsx scripts/release.ts",
|
|
58
|
-
"prepublishOnly": "
|
|
58
|
+
"prepublishOnly": "echo 'ERROR: Publishing is CI-only via tag push. Use pnpm release instead.' && exit 1",
|
|
59
59
|
"test": "vitest run scripts/ci/__tests__"
|
|
60
60
|
},
|
|
61
61
|
"packageManager": "pnpm@10.25.0",
|
package/src/guards/config.ts
CHANGED
|
@@ -207,6 +207,18 @@ export interface VulnerabilitiesBaseline {
|
|
|
207
207
|
}>;
|
|
208
208
|
}
|
|
209
209
|
|
|
210
|
+
/**
|
|
211
|
+
* Contracts consumer guard configuration.
|
|
212
|
+
* Enforces: consumers never advance ahead of npm.
|
|
213
|
+
*
|
|
214
|
+
* Verifies that the @company-semantics/contracts version specified
|
|
215
|
+
* in package.json exists on npm before allowing consumer updates.
|
|
216
|
+
*/
|
|
217
|
+
export interface ContractsConsumerBaseline {
|
|
218
|
+
/** Path to package.json relative to repo root */
|
|
219
|
+
packageJsonPath: string;
|
|
220
|
+
}
|
|
221
|
+
|
|
210
222
|
/**
|
|
211
223
|
* Structural guard baselines.
|
|
212
224
|
* Product repos provide DATA only; CI orchestrator owns guard implementations.
|
|
@@ -226,6 +238,13 @@ export interface StructuralBaselines {
|
|
|
226
238
|
* CI injects checkVulnerabilities based on this config.
|
|
227
239
|
*/
|
|
228
240
|
vulnerabilities?: VulnerabilitiesBaseline;
|
|
241
|
+
|
|
242
|
+
/**
|
|
243
|
+
* Contracts consumer check configuration.
|
|
244
|
+
* CI injects checkContractsConsumer based on this config.
|
|
245
|
+
* Enforces: consumers never advance ahead of npm.
|
|
246
|
+
*/
|
|
247
|
+
contractsConsumer?: ContractsConsumerBaseline;
|
|
229
248
|
}
|
|
230
249
|
|
|
231
250
|
/**
|
|
@@ -373,6 +392,8 @@ export interface GuardCheckRegistry {
|
|
|
373
392
|
structural?: BoundGuardCheck[];
|
|
374
393
|
behavioral?: BoundGuardCheck[];
|
|
375
394
|
invariants?: BoundGuardCheck[];
|
|
395
|
+
/** Evolution guards: drift detection (advisory only) */
|
|
396
|
+
evolution?: BoundGuardCheck[];
|
|
376
397
|
/** Meta-guards: protect the guard system itself (coverage correctness) */
|
|
377
398
|
meta?: BoundGuardCheck[];
|
|
378
399
|
};
|
package/src/guards/index.ts
CHANGED
package/src/mcp/index.ts
CHANGED
|
@@ -4,6 +4,10 @@
|
|
|
4
4
|
* Types for tool discovery flow (read-only, UI-first).
|
|
5
5
|
* Same descriptor used for discovery and invocation, different fields matter.
|
|
6
6
|
*
|
|
7
|
+
* TWO SHAPES (same conceptual data, different layers):
|
|
8
|
+
* - ToolDiscoveryResponse: HTTP transport (GET /api/capabilities/tools response)
|
|
9
|
+
* - ToolListMessagePart: Chat protocol (atomic message part in conversation)
|
|
10
|
+
*
|
|
7
11
|
* INVARIANTS:
|
|
8
12
|
* - Discovery is descriptive (never executes)
|
|
9
13
|
* - Invocation is authoritative (runtime is executor)
|