@company-semantics/contracts 0.83.1 → 0.85.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/execution/kinds.ts +3 -0
- package/src/execution/registry.ts +63 -0
- package/src/guards/types.ts +4 -1
- package/src/index.ts +1 -0
- package/src/mcp/index.ts +23 -1
- package/src/message-parts/confirmation.ts +3 -0
package/package.json
CHANGED
package/src/execution/kinds.ts
CHANGED
|
@@ -118,6 +118,69 @@ export const EXECUTION_KINDS = {
|
|
|
118
118
|
templateId: 'slack.send',
|
|
119
119
|
},
|
|
120
120
|
},
|
|
121
|
+
'data.ingest': {
|
|
122
|
+
kind: 'data.ingest',
|
|
123
|
+
domain: 'data',
|
|
124
|
+
display: {
|
|
125
|
+
label: 'Import Channel',
|
|
126
|
+
pastTenseLabel: 'Channel imported',
|
|
127
|
+
icon: 'send',
|
|
128
|
+
},
|
|
129
|
+
governance: {
|
|
130
|
+
visibility: 'user',
|
|
131
|
+
requiresAdmin: false,
|
|
132
|
+
},
|
|
133
|
+
ui: {
|
|
134
|
+
showInAdmin: true,
|
|
135
|
+
showInTimeline: true,
|
|
136
|
+
confirmBeforeRun: true,
|
|
137
|
+
},
|
|
138
|
+
explanation: {
|
|
139
|
+
templateId: 'data-ingest',
|
|
140
|
+
},
|
|
141
|
+
},
|
|
142
|
+
'data.scope': {
|
|
143
|
+
kind: 'data.scope',
|
|
144
|
+
domain: 'data',
|
|
145
|
+
display: {
|
|
146
|
+
label: 'Update Channel Scope',
|
|
147
|
+
pastTenseLabel: 'Channel scope updated',
|
|
148
|
+
icon: 'pencil',
|
|
149
|
+
},
|
|
150
|
+
governance: {
|
|
151
|
+
visibility: 'admin',
|
|
152
|
+
requiresAdmin: true,
|
|
153
|
+
},
|
|
154
|
+
ui: {
|
|
155
|
+
showInAdmin: true,
|
|
156
|
+
showInTimeline: true,
|
|
157
|
+
confirmBeforeRun: true,
|
|
158
|
+
},
|
|
159
|
+
explanation: {
|
|
160
|
+
templateId: 'data-scope',
|
|
161
|
+
},
|
|
162
|
+
},
|
|
163
|
+
'system.cleanup': {
|
|
164
|
+
kind: 'system.cleanup',
|
|
165
|
+
domain: 'system',
|
|
166
|
+
display: {
|
|
167
|
+
label: 'Cleanup Connections',
|
|
168
|
+
pastTenseLabel: 'Connections cleaned up',
|
|
169
|
+
icon: 'unlink',
|
|
170
|
+
},
|
|
171
|
+
governance: {
|
|
172
|
+
visibility: 'admin',
|
|
173
|
+
requiresAdmin: true,
|
|
174
|
+
},
|
|
175
|
+
ui: {
|
|
176
|
+
showInAdmin: true,
|
|
177
|
+
showInTimeline: false,
|
|
178
|
+
confirmBeforeRun: true,
|
|
179
|
+
},
|
|
180
|
+
explanation: {
|
|
181
|
+
templateId: 'system-cleanup',
|
|
182
|
+
},
|
|
183
|
+
},
|
|
121
184
|
} as const satisfies Record<ExecutionKind, ExecutionKindDefinition>
|
|
122
185
|
|
|
123
186
|
// =============================================================================
|
package/src/guards/types.ts
CHANGED
|
@@ -170,8 +170,9 @@ export interface VulnerabilityConfig {
|
|
|
170
170
|
* - LM: Logging & Monitoring
|
|
171
171
|
* - SD: Secure SDLC
|
|
172
172
|
* - BR: Backup & Recovery
|
|
173
|
+
* - AI: Audit Integrity
|
|
173
174
|
*/
|
|
174
|
-
export type Soc2ControlArea = 'CM' | 'AC' | 'LM' | 'SD' | 'BR';
|
|
175
|
+
export type Soc2ControlArea = 'CM' | 'AC' | 'LM' | 'SD' | 'BR' | 'AI';
|
|
175
176
|
|
|
176
177
|
/**
|
|
177
178
|
* Control status semantics:
|
|
@@ -196,6 +197,7 @@ export const SOC2_CONTROL_NAMES: Record<Soc2ControlArea, string> = {
|
|
|
196
197
|
LM: 'Logging & Monitoring',
|
|
197
198
|
SD: 'Secure SDLC',
|
|
198
199
|
BR: 'Backup & Recovery',
|
|
200
|
+
AI: 'Audit Integrity',
|
|
199
201
|
} as const;
|
|
200
202
|
|
|
201
203
|
/**
|
|
@@ -208,6 +210,7 @@ export const REQUIRED_SOC2_CONTROLS: readonly Soc2ControlArea[] = [
|
|
|
208
210
|
'LM',
|
|
209
211
|
'SD',
|
|
210
212
|
'BR',
|
|
213
|
+
'AI',
|
|
211
214
|
] as const;
|
|
212
215
|
|
|
213
216
|
/**
|
package/src/index.ts
CHANGED
package/src/mcp/index.ts
CHANGED
|
@@ -42,11 +42,22 @@ export type ToolVisibility = 'user' | 'admin'
|
|
|
42
42
|
*/
|
|
43
43
|
export type ToolInvocationMode = 'manual' | 'assistant' | 'hybrid'
|
|
44
44
|
|
|
45
|
+
/**
|
|
46
|
+
* Tool effect classification.
|
|
47
|
+
* Effect classification is orthogonal to requiresConfirmation and requiresApproval.
|
|
48
|
+
* - effectClass: "Does this tool mutate state?"
|
|
49
|
+
* - requiresConfirmation: "Does the user need to approve before execution?"
|
|
50
|
+
* - requiresApproval: "Does this need cross-principal authorization?"
|
|
51
|
+
* An effectful tool may auto-execute (requiresConfirmation: false) for low-risk operations.
|
|
52
|
+
* An effectful tool may require approval without confirmation.
|
|
53
|
+
*/
|
|
54
|
+
export type ToolEffectClass = 'pure' | 'effectful'
|
|
55
|
+
|
|
45
56
|
/**
|
|
46
57
|
* Complete tool descriptor for discovery and invocation.
|
|
47
58
|
*
|
|
48
59
|
* Discovery uses: id, name, description, category
|
|
49
|
-
* Invocation uses: id, requiresConfirmation, invocationMode
|
|
60
|
+
* Invocation uses: id, requiresConfirmation, invocationMode, effectClass
|
|
50
61
|
*/
|
|
51
62
|
export interface MCPToolDescriptor {
|
|
52
63
|
/** Unique identifier (matches MCP tool name, e.g., 'cs_help') */
|
|
@@ -59,6 +70,17 @@ export interface MCPToolDescriptor {
|
|
|
59
70
|
category: ToolCategory
|
|
60
71
|
/** Whether user confirmation is required before execution */
|
|
61
72
|
requiresConfirmation: boolean
|
|
73
|
+
/**
|
|
74
|
+
* Whether this tool causes durable state change.
|
|
75
|
+
* Effectful = any tool that can cause durable state change (DB writes, external API calls, background job enqueue).
|
|
76
|
+
* Pure = read-only operations, URL generation, status queries.
|
|
77
|
+
*
|
|
78
|
+
* Orthogonal to requiresConfirmation — an effectful tool may auto-execute
|
|
79
|
+
* for low-risk operations, and a pure tool never needs confirmation.
|
|
80
|
+
* The bridge enforces: effectful tools must return previewResponse()
|
|
81
|
+
* with ExecutionIntent, never direct side effects.
|
|
82
|
+
*/
|
|
83
|
+
effectClass: ToolEffectClass
|
|
62
84
|
/** How the tool can be triggered */
|
|
63
85
|
invocationMode: ToolInvocationMode
|
|
64
86
|
/** Who can see this tool */
|
|
@@ -40,6 +40,9 @@ export const CONFIRMATION_LABELS: Record<ExecutionKind, string> = {
|
|
|
40
40
|
'integration.disconnect': 'Disconnect Integration',
|
|
41
41
|
'profile.update': 'Update Profile',
|
|
42
42
|
'slack.send': 'Send Slack Message',
|
|
43
|
+
'data.ingest': 'Import Channel',
|
|
44
|
+
'data.scope': 'Update Scope',
|
|
45
|
+
'system.cleanup': 'Cleanup Connections',
|
|
43
46
|
};
|
|
44
47
|
|
|
45
48
|
/**
|