@company-semantics/contracts 27.3.0 → 27.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@company-semantics/contracts",
3
- "version": "27.3.0",
3
+ "version": "27.4.0",
4
4
  "private": false,
5
5
  "repository": {
6
6
  "type": "git",
@@ -1,3 +1,3 @@
1
1
  // AUTO-GENERATED — do not edit. Run pnpm generate:spec-hash to regenerate.
2
- export const SPEC_HASH = '409ce57139cd' as const;
3
- export const SPEC_HASH_FULL = '409ce57139cd78a8ec633efb516bc92ba81dd2cdaab0a4afe240d20c67bb6b1e' as const;
2
+ export const SPEC_HASH = '090fb75c09a2' as const;
3
+ export const SPEC_HASH_FULL = '090fb75c09a20a352791bd84163827b0b23d84b41b5f82c216eae20fa5a3909d' as const;
@@ -4440,6 +4440,13 @@ export interface components {
4440
4440
  memberCount: number;
4441
4441
  description?: string;
4442
4442
  orderKey?: string;
4443
+ /** @enum {string} */
4444
+ discoverabilityPolicy: "org" | "owners";
4445
+ /** @enum {string} */
4446
+ classification: "public" | "internal" | "confidential" | "highly_confidential";
4447
+ /** @enum {string} */
4448
+ accessState?: "full" | "redacted_admin" | "locked_requestable";
4449
+ canRequestAccess?: boolean;
4443
4450
  }[];
4444
4451
  nextCursor: string | null;
4445
4452
  hasMore: boolean;
@@ -4453,7 +4460,14 @@ export interface components {
4453
4460
  content: string;
4454
4461
  contentRedacted?: boolean;
4455
4462
  /** @enum {string} */
4463
+ accessState?: "full" | "redacted_admin" | "locked_requestable";
4464
+ canRequestAccess?: boolean;
4465
+ /** @enum {string} */
4456
4466
  visibility: "private" | "unit" | "org";
4467
+ /** @enum {string} */
4468
+ discoverabilityPolicy: "org" | "owners";
4469
+ /** @enum {string} */
4470
+ classification: "public" | "internal" | "confidential" | "highly_confidential";
4457
4471
  parentId: string | null;
4458
4472
  owningUnitId: string | null;
4459
4473
  owner: {
@@ -8467,13 +8481,6 @@ export interface operations {
8467
8481
  };
8468
8482
  content?: never;
8469
8483
  };
8470
- /** @description Requires org.view_company_md scope */
8471
- 403: {
8472
- headers: {
8473
- [name: string]: unknown;
8474
- };
8475
- content?: never;
8476
- };
8477
8484
  };
8478
8485
  };
8479
8486
  companyMdContextDocSuggestions: {
@@ -8503,13 +8510,6 @@ export interface operations {
8503
8510
  };
8504
8511
  content?: never;
8505
8512
  };
8506
- /** @description Requires org.view_company_md scope */
8507
- 403: {
8508
- headers: {
8509
- [name: string]: unknown;
8510
- };
8511
- content?: never;
8512
- };
8513
8513
  };
8514
8514
  };
8515
8515
  searchCompanyMd: {
@@ -59,6 +59,25 @@ const CompanyMdTreeNodeSchema = z.object({
59
59
  description: z.string().optional(),
60
60
  /** Fractional-index key for ordered entity wrappers (unit/context). */
61
61
  orderKey: z.string().optional(),
62
+ // Governance + discovery projections of the node (ADR-BE-348 / ADR-CTRL-194).
63
+ // Present on the TS `CompanyMdNodeIdentity` since the projection split but only
64
+ // now promoted into the published response schema. `discoverabilityPolicy`
65
+ // governs who knows the node exists; `classification` is the governance label
66
+ // (drives no permission).
67
+ discoverabilityPolicy: z.enum(["org", "owners"]),
68
+ classification: z.enum([
69
+ "public",
70
+ "internal",
71
+ "confidential",
72
+ "highly_confidential",
73
+ ]),
74
+ // Combined Authorization + Discovery read-state for the requesting actor
75
+ // (ADR-BE-348). Set on non-reader stubs the tree now surfaces; absent on
76
+ // full-read nodes (treat as `full`).
77
+ accessState: z
78
+ .enum(["full", "redacted_admin", "locked_requestable"])
79
+ .optional(),
80
+ canRequestAccess: z.boolean().optional(),
62
81
  });
63
82
 
64
83
  // ---------------------------------------------------------------------------
@@ -83,7 +102,26 @@ export const CompanyMdDocResponseSchema = z.object({
83
102
  * its body (ADR-BE-245). Omitted/`false` on the normal full-content path.
84
103
  */
85
104
  contentRedacted: z.boolean().optional(),
105
+ // Combined Authorization + Discovery read-state for the requesting actor
106
+ // (ADR-BE-348): `full` (reader), `redacted_admin` (inspectable metadata stub),
107
+ // `locked_requestable` (listed locked stub). Optional for back-compat with
108
+ // legacy paths that set only `contentRedacted`.
109
+ accessState: z
110
+ .enum(["full", "redacted_admin", "locked_requestable"])
111
+ .optional(),
112
+ /** Whether the requesting actor may request access (ADR-BE-348 / ADR-BE-338). */
113
+ canRequestAccess: z.boolean().optional(),
86
114
  visibility: z.enum(["private", "unit", "org"]),
115
+ // Governance + discovery projections (ADR-BE-348 / ADR-CTRL-194). Present on
116
+ // the TS contract since the projection split; now promoted into the published
117
+ // response schema so consumers receive them typed.
118
+ discoverabilityPolicy: z.enum(["org", "owners"]),
119
+ classification: z.enum([
120
+ "public",
121
+ "internal",
122
+ "confidential",
123
+ "highly_confidential",
124
+ ]),
87
125
  parentId: z.string().nullable(),
88
126
  owningUnitId: z.string().nullable(),
89
127
  owner: CompanyMdPersonSchema.nullable(),
@@ -39,9 +39,26 @@ export type CompanyMdDiscoverabilityPolicy = "org" | "owners";
39
39
 
40
40
  /**
41
41
  * Information classification for a Company.md node — *what the document is*, for
42
- * governance, NOT permissions (ADR-CTRL-194 / ADR-BE-338). Later drives export
43
- * watermarking, share-approval gates, retrieval rules, and audit verbosity
44
- * without changing who can read. Named now; enforcement behaviors deferred.
42
+ * governance, NOT permissions (ADR-CTRL-194 / ADR-BE-338 / ADR-BE-348). It is the
43
+ * input to the Governance projection and NEVER participates in authorization or
44
+ * discovery (ADR-BE-348 invariant 4).
45
+ *
46
+ * The value is now emitted on the published response schemas (tree + doc) so a
47
+ * consumer can read it. Enforcement behaviors remain deferred — each is named
48
+ * with the concrete trigger that promotes it from decorative to enforced:
49
+ *
50
+ * - **Export watermarking** — wire when a doc-export/download surface ships
51
+ * (`confidential`+ stamps the exporter identity + timestamp).
52
+ * - **Share-approval friction** — wire when external/cross-org sharing exists
53
+ * (`highly_confidential` requires a second approver before an ACL grant lands).
54
+ * - **Retrieval rules** — wire when agent browsing / RAG over knowledge nodes is
55
+ * on (`confidential`+ excluded from un-attributed retrieval contexts).
56
+ * - **Audit verbosity** — wire when the audit sink supports per-class verbosity
57
+ * (`highly_confidential` reads emit a full access record, not a sampled one).
58
+ *
59
+ * Until those surfaces exist there is nothing to gate, so classification is
60
+ * carried, not enforced — a deliberate "named now, enforced on trigger" deferral,
61
+ * not an omission.
45
62
  */
46
63
  export type CompanyMdClassification =
47
64
  | "public"
@@ -159,6 +176,26 @@ export interface CompanyMdTreeNode extends CompanyMdNodeIdentity {
159
176
  * unordered types.
160
177
  */
161
178
  readonly orderKey?: string;
179
+ /**
180
+ * Combined Authorization + Discovery read-state of this tree node for the
181
+ * requesting actor (ADR-BE-348). The tree now surfaces discoverable nodes a
182
+ * non-reader cannot read, as stubs:
183
+ * - `full`: actor holds a read grant — the normal, fully-navigable node.
184
+ * - `redacted_admin`: non-reader at Discovery `inspectable` (oversight/owner) —
185
+ * a metadata stub.
186
+ * - `locked_requestable`: non-reader at Discovery `listed` — a locked stub.
187
+ * Discovery `hidden` nodes are omitted from the tree entirely (no leak).
188
+ * Omitted on legacy/full-content nodes that predate the stub surface; treat an
189
+ * absent value as `full`.
190
+ */
191
+ readonly accessState?: "full" | "redacted_admin" | "locked_requestable";
192
+ /**
193
+ * Whether the requesting actor may request access to this node — the same
194
+ * resolver the read affordance uses (ADR-BE-348). Set on non-reader stubs so
195
+ * the tree can render a "Request access" affordance; absent/`false` on nodes
196
+ * the actor already reads.
197
+ */
198
+ readonly canRequestAccess?: boolean;
162
199
  }
163
200
 
164
201
  export interface CompanyMdDocCore extends CompanyMdNodeIdentity {