@contractspec/bundle.library 3.4.3 → 3.5.2

package/dist/components/docs/safety/index.js

@@ -2,514 +2,514 @@
 // src/components/docs/safety/SafetyOverviewPage.tsx
 import Link from "@contractspec/lib.ui-link";
 import { ChevronRight } from "lucide-react";
-import { jsxDEV } from "react/jsx-dev-runtime";
+import { jsx, jsxs } from "react/jsx-runtime";
 function SafetyOverviewPage() {
-  return /* @__PURE__ */ jsxDEV("div", {
+  return /* @__PURE__ */ jsxs("div", {
     className: "space-y-8",
     children: [
-      /* @__PURE__ */ jsxDEV("div", {
+      /* @__PURE__ */ jsxs("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV("h1", {
+          /* @__PURE__ */ jsx("h1", {
             className: "text-4xl font-bold",
             children: "Safety Overview"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV("p", {
+          }),
+          /* @__PURE__ */ jsxs("p", {
             className: "text-muted-foreground",
             children: [
               "ContractSpec is designed with ",
-              /* @__PURE__ */ jsxDEV("strong", {
+              /* @__PURE__ */ jsx("strong", {
                 children: "safety by default"
-              }, undefined, false, undefined, this),
+              }),
               ". Every operation is governed by policies, every change is audited, and every deployment is reversible. This section covers the core safety mechanisms that protect your application and data."
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV("div", {
+      }),
+      /* @__PURE__ */ jsxs("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV("h2", {
+          /* @__PURE__ */ jsx("h2", {
             className: "text-2xl font-bold",
             children: "Core safety features"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV("div", {
+          }),
+          /* @__PURE__ */ jsxs("div", {
             className: "space-y-6",
             children: [
-              /* @__PURE__ */ jsxDEV("div", {
+              /* @__PURE__ */ jsxs("div", {
                 className: "space-y-2",
                 children: [
-                  /* @__PURE__ */ jsxDEV("h3", {
+                  /* @__PURE__ */ jsx("h3", {
                     className: "text-xl font-semibold",
-                    children: /* @__PURE__ */ jsxDEV(Link, {
+                    children: /* @__PURE__ */ jsx(Link, {
                       href: "/docs/safety/signing",
                       className: "text-violet-400 hover:text-violet-300",
                       children: "Spec Signing"
-                    }, undefined, false, undefined, this)
-                  }, undefined, false, undefined, this),
-                  /* @__PURE__ */ jsxDEV("p", {
+                    })
+                  }),
+                  /* @__PURE__ */ jsx("p", {
                     className: "text-muted-foreground",
                     children: "All specifications are cryptographically signed before deployment. This ensures that only authorized changes reach production and that specs cannot be tampered with in transit or at rest. Signatures are verified at runtime, and unsigned specs are rejected."
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV("div", {
+              }),
+              /* @__PURE__ */ jsxs("div", {
                 className: "space-y-2",
                 children: [
-                  /* @__PURE__ */ jsxDEV("h3", {
+                  /* @__PURE__ */ jsx("h3", {
                     className: "text-xl font-semibold",
-                    children: /* @__PURE__ */ jsxDEV(Link, {
+                    children: /* @__PURE__ */ jsx(Link, {
                       href: "/docs/safety/pdp",
                       className: "text-violet-400 hover:text-violet-300",
                       children: "Policy Decision Points (PDP)"
-                    }, undefined, false, undefined, this)
-                  }, undefined, false, undefined, this),
-                  /* @__PURE__ */ jsxDEV("p", {
+                    })
+                  }),
+                  /* @__PURE__ */ jsx("p", {
                     className: "text-muted-foreground",
                     children: "Every API call, UI render, and data access passes through a centralized Policy Decision Point. The PDP evaluates attribute-based access control (ABAC) rules and PII policies to determine whether the operation is allowed. This ensures consistent enforcement across your entire application."
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV("div", {
+              }),
+              /* @__PURE__ */ jsxs("div", {
                 className: "space-y-2",
                 children: [
-                  /* @__PURE__ */ jsxDEV("h3", {
+                  /* @__PURE__ */ jsx("h3", {
                     className: "text-xl font-semibold",
-                    children: /* @__PURE__ */ jsxDEV(Link, {
+                    children: /* @__PURE__ */ jsx(Link, {
                       href: "/docs/safety/auditing",
                       className: "text-violet-400 hover:text-violet-300",
                       children: "Audit Logs"
-                    }, undefined, false, undefined, this)
-                  }, undefined, false, undefined, this),
-                  /* @__PURE__ */ jsxDEV("p", {
+                    })
+                  }),
+                  /* @__PURE__ */ jsx("p", {
                     className: "text-muted-foreground",
                     children: "ContractSpec automatically records every operation in tamper-evident audit logs. These logs capture who did what, when, and why\u2014including policy decisions, data access, and administrative actions. Audit logs are essential for compliance, security investigations, and debugging."
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV("div", {
+              }),
+              /* @__PURE__ */ jsxs("div", {
                 className: "space-y-2",
                 children: [
-                  /* @__PURE__ */ jsxDEV("h3", {
+                  /* @__PURE__ */ jsx("h3", {
                     className: "text-xl font-semibold",
-                    children: /* @__PURE__ */ jsxDEV(Link, {
+                    children: /* @__PURE__ */ jsx(Link, {
                       href: "/docs/safety/migrations",
                       className: "text-violet-400 hover:text-violet-300",
                       children: "Migrations"
-                    }, undefined, false, undefined, this)
-                  }, undefined, false, undefined, this),
-                  /* @__PURE__ */ jsxDEV("p", {
+                    })
+                  }),
+                  /* @__PURE__ */ jsxs("p", {
                     className: "text-muted-foreground",
                     children: [
                       "Schema and data migrations are managed through",
                       " ",
-                      /* @__PURE__ */ jsxDEV("strong", {
+                      /* @__PURE__ */ jsx("strong", {
                         children: "MigrationSpecs"
-                      }, undefined, false, undefined, this),
+                      }),
                       ". Each migration is versioned, reversible, and tested before deployment. This allows you to evolve your application safely without downtime or data loss."
                     ]
-                  }, undefined, true, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV("div", {
+              }),
+              /* @__PURE__ */ jsxs("div", {
                 className: "space-y-2",
                 children: [
-                  /* @__PURE__ */ jsxDEV("h3", {
+                  /* @__PURE__ */ jsx("h3", {
                     className: "text-xl font-semibold",
                     children: "Dark Launch & Rollback"
-                  }, undefined, false, undefined, this),
-                  /* @__PURE__ */ jsxDEV("p", {
+                  }),
+                  /* @__PURE__ */ jsx("p", {
                     className: "text-muted-foreground",
                     children: 'New features can be deployed in "dark launch" mode, where they run in production but are not visible to users. This allows you to test performance and correctness with real traffic before enabling the feature. If issues arise, you can instantly roll back to the previous version without redeploying.'
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV("div", {
+              }),
+              /* @__PURE__ */ jsxs("div", {
                 className: "space-y-2",
                 children: [
-                  /* @__PURE__ */ jsxDEV("h3", {
+                  /* @__PURE__ */ jsx("h3", {
                     className: "text-xl font-semibold",
                     children: "Data Classification"
-                  }, undefined, false, undefined, this),
-                  /* @__PURE__ */ jsxDEV("p", {
+                  }),
+                  /* @__PURE__ */ jsx("p", {
                     className: "text-muted-foreground",
                     children: "Fields in your specs can be tagged with sensitivity levels (e.g., PII, PHI, confidential). The policy engine uses these tags to enforce access controls, redaction rules, and data retention policies automatically. This reduces the risk of accidental data leaks."
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV("div", {
+      }),
+      /* @__PURE__ */ jsxs("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV("h2", {
+          /* @__PURE__ */ jsx("h2", {
             className: "text-2xl font-bold",
             children: "Why safety matters"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV("p", {
+          }),
+          /* @__PURE__ */ jsx("p", {
             className: "text-muted-foreground",
             children: "Modern applications handle sensitive data and critical operations. A single bug or misconfiguration can lead to data breaches, compliance violations, or service outages. ContractSpec's safety features are not optional add-ons\u2014they are built into the core platform and enforced automatically."
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV("p", {
+          }),
+          /* @__PURE__ */ jsx("p", {
             className: "text-muted-foreground",
             children: "By making safety the default, ContractSpec allows you to move fast without breaking things. You can deploy new features confidently, knowing that policies are enforced, changes are audited, and rollbacks are always available."
-          }, undefined, false, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV("div", {
+      }),
+      /* @__PURE__ */ jsxs("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV("h2", {
+          /* @__PURE__ */ jsx("h2", {
             className: "text-2xl font-bold",
             children: "Next steps"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV("p", {
+          }),
+          /* @__PURE__ */ jsx("p", {
             className: "text-muted-foreground",
             children: "Explore each safety feature in detail using the links above, or continue with the advanced topics:"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV("div", {
+          }),
+          /* @__PURE__ */ jsxs("div", {
             className: "flex flex-wrap gap-4 pt-4",
             children: [
-              /* @__PURE__ */ jsxDEV(Link, {
+              /* @__PURE__ */ jsxs(Link, {
                 href: "/docs/safety/signing",
                 className: "btn-primary",
                 children: [
                   "Spec Signing ",
-                  /* @__PURE__ */ jsxDEV(ChevronRight, {
+                  /* @__PURE__ */ jsx(ChevronRight, {
                     size: 16,
                     className: "inline"
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV(Link, {
+              }),
+              /* @__PURE__ */ jsxs(Link, {
                 href: "/docs/safety/pdp",
                 className: "btn-ghost",
                 children: [
                   "Policy Decision Points ",
-                  /* @__PURE__ */ jsxDEV(ChevronRight, {
+                  /* @__PURE__ */ jsx(ChevronRight, {
                     size: 16,
                     className: "inline"
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV(Link, {
+              }),
+              /* @__PURE__ */ jsxs(Link, {
                 href: "/docs/safety/auditing",
                 className: "btn-ghost",
                 children: [
                   "Audit Logs ",
-                  /* @__PURE__ */ jsxDEV(ChevronRight, {
+                  /* @__PURE__ */ jsx(ChevronRight, {
                     size: 16,
                     className: "inline"
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV(Link, {
+              }),
+              /* @__PURE__ */ jsxs(Link, {
                 href: "/docs/safety/migrations",
                 className: "btn-ghost",
                 children: [
                   "Migrations ",
-                  /* @__PURE__ */ jsxDEV(ChevronRight, {
+                  /* @__PURE__ */ jsx(ChevronRight, {
                     size: 16,
                     className: "inline"
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV(Link, {
+              }),
+              /* @__PURE__ */ jsxs(Link, {
                 href: "/docs/safety/security-trust",
                 className: "btn-ghost",
                 children: [
                   "Security & Trust ",
-                  /* @__PURE__ */ jsxDEV(ChevronRight, {
+                  /* @__PURE__ */ jsx(ChevronRight, {
                     size: 16,
                     className: "inline"
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this)
+      })
     ]
-  }, undefined, true, undefined, this);
+  });
 }
 
 // src/components/docs/safety/SafetySigningPage.tsx
 import Link2 from "@contractspec/lib.ui-link";
 import { ChevronRight as ChevronRight2 } from "lucide-react";
-import { jsxDEV as jsxDEV2 } from "react/jsx-dev-runtime";
+import { jsx as jsx2, jsxs as jsxs2 } from "react/jsx-runtime";
 function SafetySigningPage() {
-  return /* @__PURE__ */ jsxDEV2("div", {
+  return /* @__PURE__ */ jsxs2("div", {
     className: "space-y-8",
     children: [
-      /* @__PURE__ */ jsxDEV2("div", {
+      /* @__PURE__ */ jsxs2("div", {
         className: "space-y-2",
         children: [
-          /* @__PURE__ */ jsxDEV2("h1", {
+          /* @__PURE__ */ jsx2("h1", {
             className: "text-4xl font-bold",
             children: "Spec Signing"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV2("p", {
+          }),
+          /* @__PURE__ */ jsx2("p", {
             className: "text-muted-foreground text-lg",
             children: "Signing ensures specs haven't been tampered with and provides an audit trail of all changes."
-          }, undefined, false, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV2("div", {
+      }),
+      /* @__PURE__ */ jsxs2("div", {
         className: "space-y-6",
         children: [
-          /* @__PURE__ */ jsxDEV2("div", {
+          /* @__PURE__ */ jsxs2("div", {
             className: "space-y-3",
             children: [
-              /* @__PURE__ */ jsxDEV2("h2", {
+              /* @__PURE__ */ jsx2("h2", {
                 className: "text-2xl font-bold",
                 children: "How it works"
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV2("p", {
+              }),
+              /* @__PURE__ */ jsx2("p", {
                 className: "text-muted-foreground",
                 children: "Every spec is cryptographically signed before deployment. The signature proves that the spec hasn't been modified since it was signed and creates a permanent record of who deployed it and when."
-              }, undefined, false, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this),
-          /* @__PURE__ */ jsxDEV2("div", {
+          }),
+          /* @__PURE__ */ jsxs2("div", {
             className: "space-y-3",
             children: [
-              /* @__PURE__ */ jsxDEV2("h2", {
+              /* @__PURE__ */ jsx2("h2", {
                 className: "text-2xl font-bold",
                 children: "Signing a spec"
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV2("div", {
+              }),
+              /* @__PURE__ */ jsx2("div", {
                 className: "bg-background/50 border-border text-muted-foreground overflow-x-auto rounded-lg border p-4 font-mono text-sm",
-                children: /* @__PURE__ */ jsxDEV2("pre", {
+                children: /* @__PURE__ */ jsx2("pre", {
                   children: `contractspec sign app.spec.ts --key ~/.contractspec/key.pem
 contractspec deploy --signed app.spec.ts.signed`
-                }, undefined, false, undefined, this)
-              }, undefined, false, undefined, this)
+                })
+              })
             ]
-          }, undefined, true, undefined, this),
-          /* @__PURE__ */ jsxDEV2("div", {
+          }),
+          /* @__PURE__ */ jsxs2("div", {
             className: "space-y-3",
             children: [
-              /* @__PURE__ */ jsxDEV2("h2", {
+              /* @__PURE__ */ jsx2("h2", {
                 className: "text-2xl font-bold",
                 children: "Verifying signatures"
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV2("div", {
+              }),
+              /* @__PURE__ */ jsx2("div", {
                 className: "bg-background/50 border-border text-muted-foreground overflow-x-auto rounded-lg border p-4 font-mono text-sm",
-                children: /* @__PURE__ */ jsxDEV2("pre", {
+                children: /* @__PURE__ */ jsx2("pre", {
                   children: `contractspec verify app.spec.ts.signed
 # Output: \u2713 Signature valid
 # Signed by: alice@example.com
 # Timestamp: 2024-11-08T10:30:00Z`
-                }, undefined, false, undefined, this)
-              }, undefined, false, undefined, this)
+                })
+              })
             ]
-          }, undefined, true, undefined, this),
-          /* @__PURE__ */ jsxDEV2("div", {
+          }),
+          /* @__PURE__ */ jsx2("div", {
             className: "flex items-center gap-4 pt-4",
-            children: /* @__PURE__ */ jsxDEV2(Link2, {
+            children: /* @__PURE__ */ jsxs2(Link2, {
               href: "/docs/safety/pdp",
               className: "btn-primary",
               children: [
                 "Next: Policy Decision Points ",
-                /* @__PURE__ */ jsxDEV2(ChevronRight2, {
+                /* @__PURE__ */ jsx2(ChevronRight2, {
                   size: 16
-                }, undefined, false, undefined, this)
+                })
               ]
-            }, undefined, true, undefined, this)
-          }, undefined, false, undefined, this)
+            })
+          })
         ]
-      }, undefined, true, undefined, this)
+      })
     ]
-  }, undefined, true, undefined, this);
+  });
 }
 
 // src/components/docs/safety/SafetyAuditingPage.tsx
 import Link3 from "@contractspec/lib.ui-link";
 import { ChevronRight as ChevronRight3 } from "lucide-react";
-import { jsxDEV as jsxDEV3 } from "react/jsx-dev-runtime";
+import { jsx as jsx3, jsxs as jsxs3 } from "react/jsx-runtime";
 function SafetyAuditingPage() {
-  return /* @__PURE__ */ jsxDEV3("div", {
+  return /* @__PURE__ */ jsxs3("div", {
     className: "space-y-8",
     children: [
-      /* @__PURE__ */ jsxDEV3("div", {
+      /* @__PURE__ */ jsxs3("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV3("h1", {
+          /* @__PURE__ */ jsx3("h1", {
             className: "text-4xl font-bold",
             children: "Audit Logs"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV3("p", {
+          }),
+          /* @__PURE__ */ jsxs3("p", {
             className: "text-muted-foreground",
             children: [
               "An ",
-              /* @__PURE__ */ jsxDEV3("strong", {
+              /* @__PURE__ */ jsx3("strong", {
                 children: "audit log"
-              }, undefined, false, undefined, this),
+              }),
               " (also called an audit trail) is a chronological record of system activities. According to",
               " ",
-              /* @__PURE__ */ jsxDEV3("a", {
+              /* @__PURE__ */ jsx3("a", {
                 href: "https://www.sumologic.com/glossary/audit-log/",
                 target: "_blank",
                 rel: "noopener noreferrer",
                 className: "text-violet-400 hover:text-violet-300",
                 children: "Sumo Logic"
-              }, undefined, false, undefined, this),
+              }),
               ', audit logs "provide a detailed record of events and changes within a system, enabling organizations to track user actions, system changes, and access to sensitive data."'
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV3("div", {
+      }),
+      /* @__PURE__ */ jsxs3("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV3("h2", {
+          /* @__PURE__ */ jsx3("h2", {
             className: "text-2xl font-bold",
             children: "Why audit logs matter"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV3("div", {
+          }),
+          /* @__PURE__ */ jsxs3("div", {
             className: "space-y-3",
             children: [
-              /* @__PURE__ */ jsxDEV3("div", {
+              /* @__PURE__ */ jsxs3("div", {
                 children: [
-                  /* @__PURE__ */ jsxDEV3("h3", {
+                  /* @__PURE__ */ jsx3("h3", {
                     className: "text-lg font-semibold",
                     children: "Accountability"
-                  }, undefined, false, undefined, this),
-                  /* @__PURE__ */ jsxDEV3("p", {
+                  }),
+                  /* @__PURE__ */ jsx3("p", {
                     className: "text-muted-foreground",
                     children: 'Audit logs answer the question "who did what, when?" This is essential for holding users and administrators accountable for their actions. If data is deleted or modified, the audit log shows exactly who made the change.'
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV3("div", {
+              }),
+              /* @__PURE__ */ jsxs3("div", {
                 children: [
-                  /* @__PURE__ */ jsxDEV3("h3", {
+                  /* @__PURE__ */ jsx3("h3", {
                     className: "text-lg font-semibold",
                     children: "Security"
-                  }, undefined, false, undefined, this),
-                  /* @__PURE__ */ jsxDEV3("p", {
+                  }),
+                  /* @__PURE__ */ jsx3("p", {
                     className: "text-muted-foreground",
                     children: "Audit logs help detect and investigate security incidents. For example, if an attacker gains unauthorized access, the logs reveal which resources they accessed and what actions they performed. This information is critical for incident response and forensics."
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV3("div", {
+              }),
+              /* @__PURE__ */ jsxs3("div", {
                 children: [
-                  /* @__PURE__ */ jsxDEV3("h3", {
+                  /* @__PURE__ */ jsx3("h3", {
                     className: "text-lg font-semibold",
                     children: "Compliance"
-                  }, undefined, false, undefined, this),
-                  /* @__PURE__ */ jsxDEV3("p", {
+                  }),
+                  /* @__PURE__ */ jsx3("p", {
                     className: "text-muted-foreground",
                     children: "Many regulations (GDPR, HIPAA, SOC 2, PCI DSS) require organizations to maintain audit logs. These logs must be tamper-evident, retained for a specified period, and available for inspection by auditors."
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV3("div", {
+              }),
+              /* @__PURE__ */ jsxs3("div", {
                 children: [
-                  /* @__PURE__ */ jsxDEV3("h3", {
+                  /* @__PURE__ */ jsx3("h3", {
                     className: "text-lg font-semibold",
                     children: "Debugging"
-                  }, undefined, false, undefined, this),
-                  /* @__PURE__ */ jsxDEV3("p", {
+                  }),
+                  /* @__PURE__ */ jsx3("p", {
                     className: "text-muted-foreground",
                     children: "When something goes wrong in production, audit logs provide a detailed timeline of events leading up to the failure. This makes it much easier to diagnose and fix issues."
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV3("div", {
+      }),
+      /* @__PURE__ */ jsxs3("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV3("h2", {
+          /* @__PURE__ */ jsx3("h2", {
             className: "text-2xl font-bold",
             children: "What ContractSpec logs"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV3("p", {
+          }),
+          /* @__PURE__ */ jsx3("p", {
             className: "text-muted-foreground",
             children: "ContractSpec automatically logs every significant operation, including:"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV3("ul", {
+          }),
+          /* @__PURE__ */ jsxs3("ul", {
             className: "text-muted-foreground list-inside list-disc space-y-2",
             children: [
-              /* @__PURE__ */ jsxDEV3("li", {
+              /* @__PURE__ */ jsxs3("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV3("strong", {
+                  /* @__PURE__ */ jsx3("strong", {
                     children: "API calls"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Every invocation of a capability, including inputs, outputs, and the user who made the call."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV3("li", {
+              }),
+              /* @__PURE__ */ jsxs3("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV3("strong", {
+                  /* @__PURE__ */ jsx3("strong", {
                     children: "Policy decisions"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Every decision made by the",
                   " ",
-                  /* @__PURE__ */ jsxDEV3(Link3, {
+                  /* @__PURE__ */ jsx3(Link3, {
                     href: "/docs/safety/pdp",
                     className: "text-violet-400 hover:text-violet-300",
                     children: "Policy Decision Point"
-                  }, undefined, false, undefined, this),
+                  }),
                   ", including the rule that matched and the reason for the decision."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV3("li", {
+              }),
+              /* @__PURE__ */ jsxs3("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV3("strong", {
+                  /* @__PURE__ */ jsx3("strong", {
                     children: "Data access"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Every query to a data view, including which fields were accessed and whether any were redacted."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV3("li", {
+              }),
+              /* @__PURE__ */ jsxs3("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV3("strong", {
+                  /* @__PURE__ */ jsx3("strong", {
                     children: "Workflow execution"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Every step in a workflow, including retries, compensations, and failures."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV3("li", {
+              }),
+              /* @__PURE__ */ jsxs3("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV3("strong", {
+                  /* @__PURE__ */ jsx3("strong", {
                     children: "Administrative actions"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Spec deployments, configuration changes, user role assignments, and other privileged operations."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV3("li", {
+              }),
+              /* @__PURE__ */ jsxs3("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV3("strong", {
+                  /* @__PURE__ */ jsx3("strong", {
                     children: "Authentication events"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Login attempts, password resets, and session expirations."
                 ]
-              }, undefined, true, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV3("div", {
+      }),
+      /* @__PURE__ */ jsxs3("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV3("h2", {
+          /* @__PURE__ */ jsx3("h2", {
             className: "text-2xl font-bold",
             children: "Audit log format"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV3("p", {
+          }),
+          /* @__PURE__ */ jsx3("p", {
             className: "text-muted-foreground",
             children: "Each audit log entry is a structured JSON object containing:"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV3("div", {
+          }),
+          /* @__PURE__ */ jsx3("div", {
             className: "bg-background/50 border-border text-muted-foreground overflow-x-auto rounded-lg border p-4 font-mono text-sm",
-            children: /* @__PURE__ */ jsxDEV3("pre", {
+            children: /* @__PURE__ */ jsx3("pre", {
               children: `{
   "timestamp": "2025-11-13T14:32:15.123Z",
   "eventId": "evt_abc123",
@@ -542,316 +542,316 @@ function SafetyAuditingPage() {
     "reason": "User has admin role"
   }
 }`
-            }, undefined, false, undefined, this)
-          }, undefined, false, undefined, this)
+            })
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV3("div", {
+      }),
+      /* @__PURE__ */ jsxs3("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV3("h2", {
+          /* @__PURE__ */ jsx3("h2", {
             className: "text-2xl font-bold",
             children: "Storage and retention"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV3("p", {
+          }),
+          /* @__PURE__ */ jsx3("p", {
             className: "text-muted-foreground",
             children: "Audit logs are stored in a tamper-evident append-only log. Once written, entries cannot be modified or deleted. This ensures the integrity of the audit trail."
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV3("p", {
+          }),
+          /* @__PURE__ */ jsx3("p", {
             className: "text-muted-foreground",
             children: "ContractSpec supports multiple storage backends:"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV3("ul", {
+          }),
+          /* @__PURE__ */ jsxs3("ul", {
             className: "text-muted-foreground list-inside list-disc space-y-2",
             children: [
-              /* @__PURE__ */ jsxDEV3("li", {
+              /* @__PURE__ */ jsxs3("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV3("strong", {
+                  /* @__PURE__ */ jsx3("strong", {
                     children: "Local file system"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 For development and testing."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV3("li", {
+              }),
+              /* @__PURE__ */ jsxs3("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV3("strong", {
+                  /* @__PURE__ */ jsx3("strong", {
                     children: "Cloud object storage"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 S3, GCS, or Azure Blob Storage for production."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV3("li", {
+              }),
+              /* @__PURE__ */ jsxs3("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV3("strong", {
+                  /* @__PURE__ */ jsx3("strong", {
                     children: "SIEM integration"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Forward logs to Splunk, Datadog, or other security information and event management systems."
                 ]
-              }, undefined, true, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this),
-          /* @__PURE__ */ jsxDEV3("p", {
+          }),
+          /* @__PURE__ */ jsx3("p", {
             className: "text-muted-foreground",
             children: "You can configure retention policies to automatically archive or delete old logs after a specified period (e.g., 7 years for GDPR compliance)."
-          }, undefined, false, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV3("div", {
+      }),
+      /* @__PURE__ */ jsxs3("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV3("h2", {
+          /* @__PURE__ */ jsx3("h2", {
             className: "text-2xl font-bold",
             children: "Querying audit logs"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV3("p", {
+          }),
+          /* @__PURE__ */ jsx3("p", {
             className: "text-muted-foreground",
             children: "ContractSpec provides a query API for searching audit logs. You can filter by:"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV3("ul", {
+          }),
+          /* @__PURE__ */ jsxs3("ul", {
             className: "text-muted-foreground list-inside list-disc space-y-2",
             children: [
-              /* @__PURE__ */ jsxDEV3("li", {
+              /* @__PURE__ */ jsx3("li", {
                 children: "Time range"
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV3("li", {
+              }),
+              /* @__PURE__ */ jsx3("li", {
                 children: "Event type"
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV3("li", {
+              }),
+              /* @__PURE__ */ jsx3("li", {
                 children: "Actor (user ID, role, IP address)"
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV3("li", {
+              }),
+              /* @__PURE__ */ jsx3("li", {
                 children: "Resource (capability, data view, workflow)"
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV3("li", {
+              }),
+              /* @__PURE__ */ jsx3("li", {
                 children: "Result (success, failure, denied)"
-              }, undefined, false, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this),
-          /* @__PURE__ */ jsxDEV3("p", {
+          }),
+          /* @__PURE__ */ jsx3("p", {
             className: "text-muted-foreground",
             children: 'Example query: "Show all failed login attempts from IP address 203.0.113.42 in the last 24 hours."'
-          }, undefined, false, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV3("div", {
+      }),
+      /* @__PURE__ */ jsxs3("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV3("h2", {
+          /* @__PURE__ */ jsx3("h2", {
             className: "text-2xl font-bold",
             children: "Best practices"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV3("ul", {
+          }),
+          /* @__PURE__ */ jsxs3("ul", {
             className: "text-muted-foreground list-inside list-disc space-y-2",
             children: [
-              /* @__PURE__ */ jsxDEV3("li", {
+              /* @__PURE__ */ jsxs3("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV3("strong", {
+                  /* @__PURE__ */ jsx3("strong", {
                     children: "Review logs regularly"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Set up alerts for suspicious activity (e.g., repeated failed login attempts, unauthorized access attempts)."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV3("li", {
+              }),
+              /* @__PURE__ */ jsxs3("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV3("strong", {
+                  /* @__PURE__ */ jsx3("strong", {
                     children: "Protect log access"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Only authorized personnel should be able to view audit logs. Use role-based access control to restrict access."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV3("li", {
+              }),
+              /* @__PURE__ */ jsxs3("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV3("strong", {
+                  /* @__PURE__ */ jsx3("strong", {
                     children: "Retain logs long enough"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Check your compliance requirements and configure retention policies accordingly."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV3("li", {
+              }),
+              /* @__PURE__ */ jsxs3("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV3("strong", {
+                  /* @__PURE__ */ jsx3("strong", {
                     children: "Test log integrity"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Periodically verify that logs have not been tampered with by checking cryptographic signatures."
                 ]
-              }, undefined, true, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV3("div", {
+      }),
+      /* @__PURE__ */ jsxs3("div", {
         className: "flex items-center gap-4 pt-4",
         children: [
-          /* @__PURE__ */ jsxDEV3(Link3, {
+          /* @__PURE__ */ jsx3(Link3, {
             href: "/docs/safety/pdp",
             className: "btn-ghost",
             children: "Previous: Policy Decision Points"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV3(Link3, {
+          }),
+          /* @__PURE__ */ jsxs3(Link3, {
             href: "/docs/safety/migrations",
             className: "btn-primary",
             children: [
               "Next: Migrations ",
-              /* @__PURE__ */ jsxDEV3(ChevronRight3, {
+              /* @__PURE__ */ jsx3(ChevronRight3, {
                 size: 16
-              }, undefined, false, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this)
+      })
     ]
-  }, undefined, true, undefined, this);
+  });
 }
 
 // src/components/docs/safety/SafetyMigrationsPage.tsx
 import Link4 from "@contractspec/lib.ui-link";
 import { ChevronRight as ChevronRight4 } from "lucide-react";
-import { jsxDEV as jsxDEV4 } from "react/jsx-dev-runtime";
+import { jsx as jsx4, jsxs as jsxs4 } from "react/jsx-runtime";
 function SafetyMigrationsPage() {
-  return /* @__PURE__ */ jsxDEV4("div", {
+  return /* @__PURE__ */ jsxs4("div", {
     className: "space-y-8",
     children: [
-      /* @__PURE__ */ jsxDEV4("div", {
+      /* @__PURE__ */ jsxs4("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV4("h1", {
+          /* @__PURE__ */ jsx4("h1", {
             className: "text-4xl font-bold",
             children: "Migrations"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV4("p", {
+          }),
+          /* @__PURE__ */ jsxs4("p", {
             className: "text-muted-foreground",
             children: [
               "A ",
-              /* @__PURE__ */ jsxDEV4("strong", {
+              /* @__PURE__ */ jsx4("strong", {
                 children: "schema migration"
-              }, undefined, false, undefined, this),
+              }),
               " (also called a database migration) is a set of incremental, reversible changes to a database schema. According to",
               " ",
-              /* @__PURE__ */ jsxDEV4("a", {
+              /* @__PURE__ */ jsx4("a", {
                 href: "https://en.wikipedia.org/wiki/Schema_migration",
                 target: "_blank",
                 rel: "noopener noreferrer",
                 className: "text-violet-400 hover:text-violet-300",
                 children: "Wikipedia"
-              }, undefined, false, undefined, this),
+              }),
               `, schema migrations "allow the database schema to evolve as the application's requirements change, while preserving existing data."`
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV4("div", {
+      }),
+      /* @__PURE__ */ jsxs4("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV4("h2", {
+          /* @__PURE__ */ jsx4("h2", {
             className: "text-2xl font-bold",
             children: "Why migrations matter"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV4("p", {
+          }),
+          /* @__PURE__ */ jsx4("p", {
             className: "text-muted-foreground",
             children: "As your application evolves, you'll need to change your data model\u2014adding new fields, renaming tables, changing data types, or restructuring relationships. Without a disciplined approach, these changes can lead to:"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV4("ul", {
+          }),
+          /* @__PURE__ */ jsxs4("ul", {
             className: "text-muted-foreground list-inside list-disc space-y-2",
             children: [
-              /* @__PURE__ */ jsxDEV4("li", {
+              /* @__PURE__ */ jsx4("li", {
                 children: "Data loss or corruption"
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsx4("li", {
                 children: "Downtime during deployments"
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsx4("li", {
                 children: "Inconsistencies between environments (dev, staging, production)"
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsx4("li", {
                 children: "Difficulty rolling back failed changes"
-              }, undefined, false, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this),
-          /* @__PURE__ */ jsxDEV4("p", {
+          }),
+          /* @__PURE__ */ jsx4("p", {
             className: "text-muted-foreground",
             children: "Migrations solve these problems by treating schema changes as versioned, tested, and reversible operations."
-          }, undefined, false, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV4("div", {
+      }),
+      /* @__PURE__ */ jsxs4("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV4("h2", {
+          /* @__PURE__ */ jsx4("h2", {
             className: "text-2xl font-bold",
             children: "How MigrationSpec works"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV4("p", {
+          }),
+          /* @__PURE__ */ jsxs4("p", {
             className: "text-muted-foreground",
             children: [
               "In ContractSpec, migrations are defined using",
               " ",
-              /* @__PURE__ */ jsxDEV4("strong", {
+              /* @__PURE__ */ jsx4("strong", {
                 children: "MigrationSpec"
-              }, undefined, false, undefined, this),
+              }),
               ". Each migration has:"
             ]
-          }, undefined, true, undefined, this),
-          /* @__PURE__ */ jsxDEV4("ul", {
+          }),
+          /* @__PURE__ */ jsxs4("ul", {
             className: "text-muted-foreground list-inside list-disc space-y-2",
             children: [
-              /* @__PURE__ */ jsxDEV4("li", {
+              /* @__PURE__ */ jsxs4("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV4("strong", {
+                  /* @__PURE__ */ jsx4("strong", {
                     children: "Version"
-                  }, undefined, false, undefined, this),
+                  }),
                   ' \u2013 A unique identifier (e.g., "2025-11-13-001") that determines the order of execution.'
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsxs4("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV4("strong", {
+                  /* @__PURE__ */ jsx4("strong", {
                     children: "Up function"
-                  }, undefined, false, undefined, this),
+                  }),
                   ` \u2013 The forward migration that applies the change (e.g., "add column 'email_verified'").`
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsxs4("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV4("strong", {
+                  /* @__PURE__ */ jsx4("strong", {
                     children: "Down function"
-                  }, undefined, false, undefined, this),
+                  }),
                   ` \u2013 The reverse migration that undoes the change (e.g., "drop column 'email_verified'").`
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsxs4("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV4("strong", {
+                  /* @__PURE__ */ jsx4("strong", {
                     children: "Dependencies"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Other migrations that must run before this one."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsxs4("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV4("strong", {
+                  /* @__PURE__ */ jsx4("strong", {
                     children: "Validation"
-                  }, undefined, false, undefined, this),
+                  }),
                   ' \u2013 Optional checks to ensure the migration succeeded (e.g., "verify all users have an email address").'
                 ]
-              }, undefined, true, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV4("div", {
+      }),
+      /* @__PURE__ */ jsxs4("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV4("h2", {
+          /* @__PURE__ */ jsx4("h2", {
             className: "text-2xl font-bold",
             children: "Example MigrationSpec"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV4("p", {
+          }),
+          /* @__PURE__ */ jsx4("p", {
             className: "text-muted-foreground",
             children: "Here's a migration that adds an email verification field to the users table:"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV4("div", {
+          }),
+          /* @__PURE__ */ jsx4("div", {
             className: "bg-background/50 border-border text-muted-foreground overflow-x-auto rounded-lg border p-4 font-mono text-sm",
-            children: /* @__PURE__ */ jsxDEV4("pre", {
+            children: /* @__PURE__ */ jsx4("pre", {
               children: `migrationId: add-email-verified
 version: 2025-11-13-001
 dependencies: []
@@ -876,397 +876,397 @@ validation:
       SELECT COUNT(*) FROM users
       WHERE email_verified IS NULL;
     expectZeroRows: true`
-            }, undefined, false, undefined, this)
-          }, undefined, false, undefined, this)
+            })
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV4("div", {
+      }),
+      /* @__PURE__ */ jsxs4("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV4("h2", {
+          /* @__PURE__ */ jsx4("h2", {
             className: "text-2xl font-bold",
             children: "Running migrations"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV4("p", {
+          }),
+          /* @__PURE__ */ jsx4("p", {
             className: "text-muted-foreground",
             children: "Migrations are applied automatically during deployment. The ContractSpec runtime:"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV4("ol", {
+          }),
+          /* @__PURE__ */ jsxs4("ol", {
             className: "text-muted-foreground list-inside list-decimal space-y-2",
             children: [
-              /* @__PURE__ */ jsxDEV4("li", {
+              /* @__PURE__ */ jsx4("li", {
                 children: "Checks which migrations have already been applied (stored in a migrations table)."
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsx4("li", {
                 children: "Identifies new migrations that need to run."
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsx4("li", {
                 children: "Executes them in order, respecting dependencies."
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsx4("li", {
                 children: "Runs validation checks to ensure success."
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsx4("li", {
                 children: "Records the migration as applied."
-              }, undefined, false, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this),
-          /* @__PURE__ */ jsxDEV4("p", {
+          }),
+          /* @__PURE__ */ jsx4("p", {
             className: "text-muted-foreground",
             children: "If a migration fails, the deployment is aborted, and the system remains in its previous state. You can then fix the migration and redeploy."
-          }, undefined, false, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV4("div", {
+      }),
+      /* @__PURE__ */ jsxs4("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV4("h2", {
+          /* @__PURE__ */ jsx4("h2", {
             className: "text-2xl font-bold",
             children: "Rolling back migrations"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV4("p", {
+          }),
+          /* @__PURE__ */ jsxs4("p", {
             className: "text-muted-foreground",
             children: [
               "If you need to roll back a deployment, ContractSpec automatically runs the ",
-              /* @__PURE__ */ jsxDEV4("strong", {
+              /* @__PURE__ */ jsx4("strong", {
                 children: "down"
-              }, undefined, false, undefined, this),
+              }),
               " functions of any migrations that were applied. This restores the database to its previous state."
             ]
-          }, undefined, true, undefined, this),
-          /* @__PURE__ */ jsxDEV4("p", {
+          }),
+          /* @__PURE__ */ jsx4("p", {
             className: "text-muted-foreground",
             children: "Note that rollbacks are not always possible\u2014for example, if you've deleted a column, you cannot recover the data unless you have a backup. For destructive changes, it's best to use a multi-step migration:"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV4("ol", {
+          }),
+          /* @__PURE__ */ jsxs4("ol", {
             className: "text-muted-foreground list-inside list-decimal space-y-2",
             children: [
-              /* @__PURE__ */ jsxDEV4("li", {
+              /* @__PURE__ */ jsx4("li", {
                 children: "Add the new column (reversible)."
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsx4("li", {
                 children: "Backfill data from the old column to the new column (reversible)."
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsx4("li", {
                 children: "Update application code to use the new column (reversible)."
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsx4("li", {
                 children: "Drop the old column (irreversible\u2014only do this after confirming the new column works)."
-              }, undefined, false, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV4("div", {
+      }),
+      /* @__PURE__ */ jsxs4("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV4("h2", {
+          /* @__PURE__ */ jsx4("h2", {
             className: "text-2xl font-bold",
             children: "Best practices"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV4("ul", {
+          }),
+          /* @__PURE__ */ jsxs4("ul", {
             className: "text-muted-foreground list-inside list-disc space-y-2",
             children: [
-              /* @__PURE__ */ jsxDEV4("li", {
+              /* @__PURE__ */ jsxs4("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV4("strong", {
+                  /* @__PURE__ */ jsx4("strong", {
                     children: "Test migrations locally"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Run them against a copy of production data to catch issues before deploying."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsxs4("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV4("strong", {
+                  /* @__PURE__ */ jsx4("strong", {
                     children: "Keep migrations small"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Each migration should do one thing. This makes them easier to understand and roll back."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsxs4("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV4("strong", {
+                  /* @__PURE__ */ jsx4("strong", {
                     children: "Write reversible migrations"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Always provide a down function, even if you don't plan to roll back."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsxs4("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV4("strong", {
+                  /* @__PURE__ */ jsx4("strong", {
                     children: "Use transactions"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Wrap migrations in database transactions so they either fully succeed or fully fail."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsxs4("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV4("strong", {
+                  /* @__PURE__ */ jsx4("strong", {
                     children: "Avoid destructive changes"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Prefer additive changes (adding columns) over destructive ones (dropping columns). If you must delete data, archive it first."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsxs4("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV4("strong", {
+                  /* @__PURE__ */ jsx4("strong", {
                     children: "Version your migrations"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Use timestamps or sequential numbers to ensure migrations run in the correct order."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsxs4("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV4("strong", {
+                  /* @__PURE__ */ jsx4("strong", {
                     children: "Document breaking changes"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 If a migration requires application code changes, note this in the migration description."
                 ]
-              }, undefined, true, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV4("div", {
+      }),
+      /* @__PURE__ */ jsxs4("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV4("h2", {
+          /* @__PURE__ */ jsx4("h2", {
             className: "text-2xl font-bold",
             children: "Zero-downtime migrations"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV4("p", {
+          }),
+          /* @__PURE__ */ jsx4("p", {
             className: "text-muted-foreground",
             children: "Some migrations can cause downtime if not handled carefully. For example, adding a NOT NULL column to a large table can lock the table for minutes. To avoid this, use a multi-step approach:"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV4("ol", {
+          }),
+          /* @__PURE__ */ jsxs4("ol", {
             className: "text-muted-foreground list-inside list-decimal space-y-2",
             children: [
-              /* @__PURE__ */ jsxDEV4("li", {
+              /* @__PURE__ */ jsx4("li", {
                 children: "Add the column as nullable."
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsx4("li", {
                 children: "Backfill the column in batches (without locking the table)."
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV4("li", {
+              }),
+              /* @__PURE__ */ jsx4("li", {
                 children: "Add the NOT NULL constraint once all rows are populated."
-              }, undefined, false, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this),
-          /* @__PURE__ */ jsxDEV4("p", {
+          }),
+          /* @__PURE__ */ jsx4("p", {
             className: "text-muted-foreground",
             children: "ContractSpec's migration system supports this pattern by allowing you to split a logical change into multiple versioned migrations."
-          }, undefined, false, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV4("div", {
+      }),
+      /* @__PURE__ */ jsxs4("div", {
         className: "flex items-center gap-4 pt-4",
         children: [
-          /* @__PURE__ */ jsxDEV4(Link4, {
+          /* @__PURE__ */ jsx4(Link4, {
             href: "/docs/safety/auditing",
             className: "btn-ghost",
             children: "Previous: Audit Logs"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV4(Link4, {
+          }),
+          /* @__PURE__ */ jsxs4(Link4, {
             href: "/docs/advanced/renderers",
             className: "btn-primary",
             children: [
               "Next: Advanced Topics ",
-              /* @__PURE__ */ jsxDEV4(ChevronRight4, {
+              /* @__PURE__ */ jsx4(ChevronRight4, {
                 size: 16
-              }, undefined, false, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this)
+      })
     ]
-  }, undefined, true, undefined, this);
+  });
 }
 
 // src/components/docs/safety/SafetyPDPPage.tsx
 import Link5 from "@contractspec/lib.ui-link";
 import { ChevronRight as ChevronRight5 } from "lucide-react";
-import { jsxDEV as jsxDEV5 } from "react/jsx-dev-runtime";
+import { jsx as jsx5, jsxs as jsxs5 } from "react/jsx-runtime";
 function SafetyPDPPage() {
-  return /* @__PURE__ */ jsxDEV5("div", {
+  return /* @__PURE__ */ jsxs5("div", {
     className: "space-y-8",
     children: [
-      /* @__PURE__ */ jsxDEV5("div", {
+      /* @__PURE__ */ jsxs5("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV5("h1", {
+          /* @__PURE__ */ jsx5("h1", {
             className: "text-4xl font-bold",
             children: "Policy Decision Points"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV5("p", {
+          }),
+          /* @__PURE__ */ jsxs5("p", {
             className: "text-muted-foreground",
             children: [
               "A ",
-              /* @__PURE__ */ jsxDEV5("strong", {
+              /* @__PURE__ */ jsx5("strong", {
                 children: "Policy Decision Point (PDP)"
-              }, undefined, false, undefined, this),
+              }),
               " is a centralized component that evaluates access control policies and makes authorization decisions. According to",
               " ",
-              /* @__PURE__ */ jsxDEV5("a", {
+              /* @__PURE__ */ jsx5("a", {
                 href: "https://www.strongdm.com/blog/policy-decision-point",
                 target: "_blank",
                 rel: "noopener noreferrer",
                 className: "text-violet-400 hover:text-violet-300",
                 children: "StrongDM"
-              }, undefined, false, undefined, this),
+              }),
               ', the PDP "receives requests for access to resources, evaluates them against policies, and returns a decision (permit or deny)."'
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV5("div", {
+      }),
+      /* @__PURE__ */ jsxs5("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV5("h2", {
+          /* @__PURE__ */ jsx5("h2", {
             className: "text-2xl font-bold",
             children: "How the PDP works in ContractSpec"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV5("p", {
+          }),
+          /* @__PURE__ */ jsx5("p", {
             className: "text-muted-foreground",
             children: "In ContractSpec, the PDP is invoked on every operation\u2014whether it's rendering a UI component, executing a capability, or querying a data view. The flow is:"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV5("ol", {
+          }),
+          /* @__PURE__ */ jsxs5("ol", {
             className: "text-muted-foreground list-inside list-decimal space-y-3",
             children: [
-              /* @__PURE__ */ jsxDEV5("li", {
+              /* @__PURE__ */ jsxs5("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV5("strong", {
+                  /* @__PURE__ */ jsx5("strong", {
                     children: "Request evaluation"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 The runtime sends a request to the PDP containing:",
-                  /* @__PURE__ */ jsxDEV5("ul", {
+                  /* @__PURE__ */ jsxs5("ul", {
                     className: "mt-2 ml-6 list-inside list-disc space-y-1",
                     children: [
-                      /* @__PURE__ */ jsxDEV5("li", {
+                      /* @__PURE__ */ jsx5("li", {
                         children: "The user's identity and attributes (roles, groups, location, etc.)"
-                      }, undefined, false, undefined, this),
-                      /* @__PURE__ */ jsxDEV5("li", {
+                      }),
+                      /* @__PURE__ */ jsx5("li", {
                         children: "The resource being accessed (capability, field, workflow step)"
-                      }, undefined, false, undefined, this),
-                      /* @__PURE__ */ jsxDEV5("li", {
+                      }),
+                      /* @__PURE__ */ jsx5("li", {
                         children: "The action being performed (read, write, execute)"
-                      }, undefined, false, undefined, this),
-                      /* @__PURE__ */ jsxDEV5("li", {
+                      }),
+                      /* @__PURE__ */ jsx5("li", {
                         children: "Contextual information (time of day, device type, IP address)"
-                      }, undefined, false, undefined, this)
+                      })
                     ]
-                  }, undefined, true, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV5("li", {
+              }),
+              /* @__PURE__ */ jsxs5("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV5("strong", {
+                  /* @__PURE__ */ jsx5("strong", {
                     children: "Policy evaluation"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 The PDP evaluates the request against all applicable ",
-                  /* @__PURE__ */ jsxDEV5("strong", {
+                  /* @__PURE__ */ jsx5("strong", {
                     children: "PolicySpecs"
-                  }, undefined, false, undefined, this),
+                  }),
                   ". These specs define rules using attribute-based access control (ABAC) and can reference:",
-                  /* @__PURE__ */ jsxDEV5("ul", {
+                  /* @__PURE__ */ jsxs5("ul", {
                     className: "mt-2 ml-6 list-inside list-disc space-y-1",
                     children: [
-                      /* @__PURE__ */ jsxDEV5("li", {
+                      /* @__PURE__ */ jsx5("li", {
                         children: `User attributes (e.g., "role == 'admin'")`
-                      }, undefined, false, undefined, this),
-                      /* @__PURE__ */ jsxDEV5("li", {
+                      }),
+                      /* @__PURE__ */ jsx5("li", {
                         children: `Resource attributes (e.g., "field.sensitivity == 'PII'")`
-                      }, undefined, false, undefined, this),
-                      /* @__PURE__ */ jsxDEV5("li", {
+                      }),
+                      /* @__PURE__ */ jsx5("li", {
                         children: 'Environmental attributes (e.g., "time.hour >= 9 AND time.hour < 17")'
-                      }, undefined, false, undefined, this)
+                      })
                     ]
-                  }, undefined, true, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV5("li", {
+              }),
+              /* @__PURE__ */ jsxs5("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV5("strong", {
+                  /* @__PURE__ */ jsx5("strong", {
                     children: "Decision return"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 The PDP returns one of:",
-                  /* @__PURE__ */ jsxDEV5("ul", {
+                  /* @__PURE__ */ jsxs5("ul", {
                     className: "mt-2 ml-6 list-inside list-disc space-y-1",
                     children: [
-                      /* @__PURE__ */ jsxDEV5("li", {
+                      /* @__PURE__ */ jsxs5("li", {
                         children: [
-                          /* @__PURE__ */ jsxDEV5("code", {
+                          /* @__PURE__ */ jsx5("code", {
                             className: "bg-background/50 rounded px-2 py-1",
                             children: "PERMIT"
-                          }, undefined, false, undefined, this),
+                          }),
                           " ",
                           "\u2013 The operation is allowed."
                         ]
-                      }, undefined, true, undefined, this),
-                      /* @__PURE__ */ jsxDEV5("li", {
+                      }),
+                      /* @__PURE__ */ jsxs5("li", {
                         children: [
-                          /* @__PURE__ */ jsxDEV5("code", {
+                          /* @__PURE__ */ jsx5("code", {
                             className: "bg-background/50 rounded px-2 py-1",
                             children: "DENY"
-                          }, undefined, false, undefined, this),
+                          }),
                           " ",
                           "\u2013 The operation is blocked."
                         ]
-                      }, undefined, true, undefined, this),
-                      /* @__PURE__ */ jsxDEV5("li", {
+                      }),
+                      /* @__PURE__ */ jsxs5("li", {
                         children: [
-                          /* @__PURE__ */ jsxDEV5("code", {
+                          /* @__PURE__ */ jsx5("code", {
                             className: "bg-background/50 rounded px-2 py-1",
                             children: "REDACT"
-                          }, undefined, false, undefined, this),
+                          }),
                           " ",
                           "\u2013 The operation is allowed, but sensitive fields are masked."
                         ]
-                      }, undefined, true, undefined, this)
+                      })
                     ]
-                  }, undefined, true, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV5("li", {
+              }),
+              /* @__PURE__ */ jsxs5("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV5("strong", {
+                  /* @__PURE__ */ jsx5("strong", {
                     children: "Enforcement"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 The runtime enforces the decision. If denied, the operation fails with a clear error message. If redacted, sensitive fields are replaced with placeholders."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV5("li", {
+              }),
+              /* @__PURE__ */ jsxs5("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV5("strong", {
+                  /* @__PURE__ */ jsx5("strong", {
                     children: "Auditing"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Every PDP decision is logged to the",
                   " ",
-                  /* @__PURE__ */ jsxDEV5(Link5, {
+                  /* @__PURE__ */ jsx5(Link5, {
                     href: "/docs/safety/auditing",
                     className: "text-violet-400 hover:text-violet-300",
                     children: "audit log"
-                  }, undefined, false, undefined, this),
+                  }),
                   ", including the request, decision, and reasoning."
                 ]
-              }, undefined, true, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV5("div", {
+      }),
+      /* @__PURE__ */ jsxs5("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV5("h2", {
+          /* @__PURE__ */ jsx5("h2", {
             className: "text-2xl font-bold",
             children: "Example PolicySpec"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV5("p", {
+          }),
+          /* @__PURE__ */ jsx5("p", {
             className: "text-muted-foreground",
             children: "Here's a simple policy that restricts access to PII fields:"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV5("div", {
+          }),
+          /* @__PURE__ */ jsx5("div", {
             className: "bg-background/50 border-border text-muted-foreground overflow-x-auto rounded-lg border p-4 font-mono text-sm",
-            children: /* @__PURE__ */ jsxDEV5("pre", {
+            children: /* @__PURE__ */ jsx5("pre", {
               children: `policyId: pii-access-control
 version: '1.0.0'.0.0
 rules:
@@ -1286,173 +1286,173 @@ rules:
     condition: |
       user.role NOT IN ['admin', 'support'] AND
       field.sensitivity == 'PII'`
-            }, undefined, false, undefined, this)
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV5("p", {
+            })
+          }),
+          /* @__PURE__ */ jsx5("p", {
             className: "text-muted-foreground",
             children: "With this policy, admins see all data, support staff see redacted PII, and other users cannot access PII at all."
-          }, undefined, false, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV5("div", {
+      }),
+      /* @__PURE__ */ jsxs5("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV5("h2", {
+          /* @__PURE__ */ jsx5("h2", {
             className: "text-2xl font-bold",
             children: "Benefits of centralized decision-making"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV5("ul", {
+          }),
+          /* @__PURE__ */ jsxs5("ul", {
             className: "text-muted-foreground list-inside list-disc space-y-2",
             children: [
-              /* @__PURE__ */ jsxDEV5("li", {
+              /* @__PURE__ */ jsxs5("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV5("strong", {
+                  /* @__PURE__ */ jsx5("strong", {
                     children: "Consistency"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Policies are enforced uniformly across all surfaces (API, UI, workflows)."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV5("li", {
+              }),
+              /* @__PURE__ */ jsxs5("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV5("strong", {
+                  /* @__PURE__ */ jsx5("strong", {
                     children: "Auditability"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Every decision is logged, making it easy to trace why access was granted or denied."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV5("li", {
+              }),
+              /* @__PURE__ */ jsxs5("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV5("strong", {
+                  /* @__PURE__ */ jsx5("strong", {
                     children: "Flexibility"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Policies can be updated without changing application code."
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV5("li", {
+              }),
+              /* @__PURE__ */ jsxs5("li", {
                 children: [
-                  /* @__PURE__ */ jsxDEV5("strong", {
+                  /* @__PURE__ */ jsx5("strong", {
                     children: "Security"
-                  }, undefined, false, undefined, this),
+                  }),
                   " \u2013 Reduces the risk of authorization bugs by removing ad-hoc checks scattered throughout the codebase."
                 ]
-              }, undefined, true, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV5("div", {
+      }),
+      /* @__PURE__ */ jsxs5("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV5("h2", {
+          /* @__PURE__ */ jsx5("h2", {
             className: "text-2xl font-bold",
             children: "Performance considerations"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV5("p", {
+          }),
+          /* @__PURE__ */ jsx5("p", {
             className: "text-muted-foreground",
             children: "Because the PDP is invoked on every operation, performance is critical. ContractSpec optimizes this by:"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV5("ul", {
+          }),
+          /* @__PURE__ */ jsxs5("ul", {
             className: "text-muted-foreground list-inside list-disc space-y-2",
             children: [
-              /* @__PURE__ */ jsxDEV5("li", {
+              /* @__PURE__ */ jsx5("li", {
                 children: "Caching policy decisions for identical requests"
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV5("li", {
+              }),
+              /* @__PURE__ */ jsx5("li", {
                 children: "Compiling policies into efficient bytecode"
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV5("li", {
+              }),
+              /* @__PURE__ */ jsx5("li", {
                 children: "Evaluating only the minimal set of rules needed for each request"
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV5("li", {
+              }),
+              /* @__PURE__ */ jsx5("li", {
                 children: "Running the PDP in-process to avoid network latency"
-              }, undefined, false, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this),
-          /* @__PURE__ */ jsxDEV5("p", {
+          }),
+          /* @__PURE__ */ jsx5("p", {
             className: "text-muted-foreground",
             children: "In practice, PDP overhead is typically less than 1ms per request."
-          }, undefined, false, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV5("div", {
+      }),
+      /* @__PURE__ */ jsxs5("div", {
         className: "flex items-center gap-4 pt-4",
         children: [
-          /* @__PURE__ */ jsxDEV5(Link5, {
+          /* @__PURE__ */ jsx5(Link5, {
             href: "/docs/safety/signing",
             className: "btn-ghost",
             children: "Previous: Spec Signing"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV5(Link5, {
+          }),
+          /* @__PURE__ */ jsxs5(Link5, {
             href: "/docs/safety/auditing",
             className: "btn-primary",
             children: [
               "Next: Audit Logs ",
-              /* @__PURE__ */ jsxDEV5(ChevronRight5, {
+              /* @__PURE__ */ jsx5(ChevronRight5, {
                 size: 16
-              }, undefined, false, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this)
+      })
     ]
-  }, undefined, true, undefined, this);
+  });
 }
 
 // src/components/docs/safety/SafetyTenantIsolationPage.tsx
-import { jsxDEV as jsxDEV6 } from "react/jsx-dev-runtime";
+import { jsx as jsx6, jsxs as jsxs6 } from "react/jsx-runtime";
 function SafetyTenantIsolationPage() {
-  return /* @__PURE__ */ jsxDEV6("div", {
+  return /* @__PURE__ */ jsxs6("div", {
     className: "space-y-8",
     children: [
-      /* @__PURE__ */ jsxDEV6("div", {
+      /* @__PURE__ */ jsxs6("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV6("h1", {
+          /* @__PURE__ */ jsx6("h1", {
             className: "text-4xl font-bold",
             children: "Tenant Isolation"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV6("p", {
+          }),
+          /* @__PURE__ */ jsx6("p", {
             className: "text-muted-foreground text-lg",
             children: 'Preventing cross-tenant data leaks is the #1 security priority for any SaaS. ContractSpec employs "Defense in Depth" to ensure safety.'
-          }, undefined, false, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV6("div", {
+      }),
+      /* @__PURE__ */ jsxs6("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV6("h2", {
+          /* @__PURE__ */ jsx6("h2", {
             className: "text-2xl font-bold",
             children: "Layer 1: RLS Middleware"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV6("p", {
+          }),
+          /* @__PURE__ */ jsxs6("p", {
             children: [
               "The primary defense is the Prisma middleware that rewrites queries to include ",
-              /* @__PURE__ */ jsxDEV6("code", {
+              /* @__PURE__ */ jsx6("code", {
                 children: "WHERE tenantId = ?"
-              }, undefined, false, undefined, this),
+              }),
               ". This protects against developer error (forgetting to filter)."
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV6("div", {
+      }),
+      /* @__PURE__ */ jsxs6("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV6("h2", {
+          /* @__PURE__ */ jsx6("h2", {
             className: "text-2xl font-bold",
             children: "Layer 2: Isolation Validator"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV6("p", {
+          }),
+          /* @__PURE__ */ jsxs6("p", {
             children: [
               "For high-security environments, you can use the",
               " ",
-              /* @__PURE__ */ jsxDEV6("code", {
+              /* @__PURE__ */ jsx6("code", {
                 children: "IsolationValidator"
-              }, undefined, false, undefined, this),
+              }),
               " in your test suite to verify that every query generated by your operations actually includes the tenant ID."
             ]
-          }, undefined, true, undefined, this),
-          /* @__PURE__ */ jsxDEV6("pre", {
+          }),
+          /* @__PURE__ */ jsx6("pre", {
             className: "bg-muted rounded-lg border p-4 text-sm",
             children: `import { IsolationValidator } from '@contractspec/lib.multi-tenancy/isolation';
 
@@ -1465,227 +1465,227 @@ test('findUser query is isolated', () => {
   );
   expect(isValid).toBe(true);
 });`
-          }, undefined, false, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV6("div", {
+      }),
+      /* @__PURE__ */ jsxs6("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV6("h2", {
+          /* @__PURE__ */ jsx6("h2", {
             className: "text-2xl font-bold",
             children: "Layer 3: Policy Engine"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV6("p", {
+          }),
+          /* @__PURE__ */ jsx6("p", {
             children: "The Policy Decision Point (PDP) verifies that the authenticated user actually belongs to the requested tenant before any operation logic runs."
-          }, undefined, false, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this)
+      })
     ]
-  }, undefined, true, undefined, this);
+  });
 }
 
 // src/components/docs/safety/SafetySecurityTrustPage.tsx
 import Link6 from "@contractspec/lib.ui-link";
 import { ChevronRight as ChevronRight6 } from "lucide-react";
-import { jsxDEV as jsxDEV7 } from "react/jsx-dev-runtime";
+import { jsx as jsx7, jsxs as jsxs7 } from "react/jsx-runtime";
 function SafetySecurityTrustPage() {
-  return /* @__PURE__ */ jsxDEV7("div", {
+  return /* @__PURE__ */ jsxs7("div", {
     className: "space-y-8",
     children: [
-      /* @__PURE__ */ jsxDEV7("div", {
+      /* @__PURE__ */ jsxs7("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV7("h1", {
+          /* @__PURE__ */ jsx7("h1", {
             className: "text-4xl font-bold",
             children: "Security & Trust"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV7("p", {
+          }),
+          /* @__PURE__ */ jsx7("p", {
             className: "text-muted-foreground",
             children: "ContractSpec focuses on deterministic, auditable software delivery. This page summarizes our security posture and trust commitments so teams can adopt with clarity."
-          }, undefined, false, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV7("div", {
+      }),
+      /* @__PURE__ */ jsxs7("div", {
         className: "card-subtle space-y-4 p-6",
         children: [
-          /* @__PURE__ */ jsxDEV7("h2", {
+          /* @__PURE__ */ jsx7("h2", {
             className: "text-2xl font-bold",
             children: "Security policy"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV7("p", {
+          }),
+          /* @__PURE__ */ jsx7("p", {
             className: "text-muted-foreground text-sm",
             children: "We publish a dedicated security policy that explains how to report vulnerabilities and how we respond."
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV7(Link6, {
+          }),
+          /* @__PURE__ */ jsxs7(Link6, {
             href: "/SECURITY.md",
             className: "btn-primary",
             children: [
               "Read the security policy ",
-              /* @__PURE__ */ jsxDEV7(ChevronRight6, {
+              /* @__PURE__ */ jsx7(ChevronRight6, {
                 size: 16
-              }, undefined, false, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV7("div", {
+      }),
+      /* @__PURE__ */ jsxs7("div", {
         className: "grid gap-4 md:grid-cols-2",
         children: [
-          /* @__PURE__ */ jsxDEV7("div", {
+          /* @__PURE__ */ jsxs7("div", {
             className: "card-subtle space-y-3 p-6",
             children: [
-              /* @__PURE__ */ jsxDEV7("h3", {
+              /* @__PURE__ */ jsx7("h3", {
                 className: "text-lg font-semibold",
                 children: "Release hygiene"
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV7("p", {
+              }),
+              /* @__PURE__ */ jsx7("p", {
                 className: "text-muted-foreground text-sm",
                 children: "We ship with deterministic CI, changesets, and contract validation so teams can trust every release."
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV7("ul", {
+              }),
+              /* @__PURE__ */ jsxs7("ul", {
                 className: "text-muted-foreground space-y-2 text-sm",
                 children: [
-                  /* @__PURE__ */ jsxDEV7("li", {
+                  /* @__PURE__ */ jsx7("li", {
                     children: "Changesets required for published packages."
-                  }, undefined, false, undefined, this),
-                  /* @__PURE__ */ jsxDEV7("li", {
+                  }),
+                  /* @__PURE__ */ jsx7("li", {
                     children: "CI gate for contract validation and drift detection."
-                  }, undefined, false, undefined, this),
-                  /* @__PURE__ */ jsxDEV7("li", {
+                  }),
+                  /* @__PURE__ */ jsx7("li", {
                     children: "Rollback-friendly release process."
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this),
-          /* @__PURE__ */ jsxDEV7("div", {
+          }),
+          /* @__PURE__ */ jsxs7("div", {
             className: "card-subtle space-y-3 p-6",
             children: [
-              /* @__PURE__ */ jsxDEV7("h3", {
+              /* @__PURE__ */ jsx7("h3", {
                 className: "text-lg font-semibold",
                 children: "Data handling"
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV7("p", {
+              }),
+              /* @__PURE__ */ jsx7("p", {
                 className: "text-muted-foreground text-sm",
                 children: "ContractSpec promotes strict data classification and policy-driven access. Specs can tag sensitive fields for enforcement."
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV7("ul", {
+              }),
+              /* @__PURE__ */ jsxs7("ul", {
                 className: "text-muted-foreground space-y-2 text-sm",
                 children: [
-                  /* @__PURE__ */ jsxDEV7("li", {
+                  /* @__PURE__ */ jsx7("li", {
                     children: "Schema-level sensitivity tags."
-                  }, undefined, false, undefined, this),
-                  /* @__PURE__ */ jsxDEV7("li", {
+                  }),
+                  /* @__PURE__ */ jsx7("li", {
                     children: "Policy Decision Point enforcement."
-                  }, undefined, false, undefined, this),
-                  /* @__PURE__ */ jsxDEV7("li", {
+                  }),
+                  /* @__PURE__ */ jsx7("li", {
                     children: "Audit logs for operational traceability."
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV7("div", {
+      }),
+      /* @__PURE__ */ jsxs7("div", {
         className: "grid gap-4 md:grid-cols-2",
         children: [
-          /* @__PURE__ */ jsxDEV7("div", {
+          /* @__PURE__ */ jsxs7("div", {
             className: "card-subtle space-y-3 p-6",
             children: [
-              /* @__PURE__ */ jsxDEV7("h3", {
+              /* @__PURE__ */ jsx7("h3", {
                 className: "text-lg font-semibold",
                 children: "Supply chain"
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV7("p", {
+              }),
+              /* @__PURE__ */ jsx7("p", {
                 className: "text-muted-foreground text-sm",
                 children: "We track dependency updates and keep the monorepo build reproducible."
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV7("ul", {
+              }),
+              /* @__PURE__ */ jsxs7("ul", {
                 className: "text-muted-foreground space-y-2 text-sm",
                 children: [
-                  /* @__PURE__ */ jsxDEV7("li", {
+                  /* @__PURE__ */ jsx7("li", {
                     children: "Dependabot + Renovate-style updates where available."
-                  }, undefined, false, undefined, this),
-                  /* @__PURE__ */ jsxDEV7("li", {
+                  }),
+                  /* @__PURE__ */ jsx7("li", {
                     children: "Signed release artifacts planned for Studio release cycles."
-                  }, undefined, false, undefined, this),
-                  /* @__PURE__ */ jsxDEV7("li", {
+                  }),
+                  /* @__PURE__ */ jsx7("li", {
                     children: "Transparent changelogs for every package."
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this),
-          /* @__PURE__ */ jsxDEV7("div", {
+          }),
+          /* @__PURE__ */ jsxs7("div", {
             className: "card-subtle space-y-3 p-6",
             children: [
-              /* @__PURE__ */ jsxDEV7("h3", {
+              /* @__PURE__ */ jsx7("h3", {
                 className: "text-lg font-semibold",
                 children: "Responsible disclosure"
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV7("p", {
+              }),
+              /* @__PURE__ */ jsx7("p", {
                 className: "text-muted-foreground text-sm",
                 children: "We respond quickly to security reports and coordinate fixes before public disclosure."
-              }, undefined, false, undefined, this),
-              /* @__PURE__ */ jsxDEV7("ul", {
+              }),
+              /* @__PURE__ */ jsxs7("ul", {
                 className: "text-muted-foreground space-y-2 text-sm",
                 children: [
-                  /* @__PURE__ */ jsxDEV7("li", {
+                  /* @__PURE__ */ jsx7("li", {
                     children: "Security response within 5 business days."
-                  }, undefined, false, undefined, this),
-                  /* @__PURE__ */ jsxDEV7("li", {
+                  }),
+                  /* @__PURE__ */ jsx7("li", {
                     children: "Private disclosure via security@contractspec.io."
-                  }, undefined, false, undefined, this),
-                  /* @__PURE__ */ jsxDEV7("li", {
+                  }),
+                  /* @__PURE__ */ jsx7("li", {
                     children: "Credit for researchers (with permission)."
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this),
-      /* @__PURE__ */ jsxDEV7("div", {
+      }),
+      /* @__PURE__ */ jsxs7("div", {
         className: "space-y-4",
         children: [
-          /* @__PURE__ */ jsxDEV7("h2", {
+          /* @__PURE__ */ jsx7("h2", {
             className: "text-2xl font-bold",
             children: "Next steps"
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV7("p", {
+          }),
+          /* @__PURE__ */ jsx7("p", {
             className: "text-muted-foreground",
             children: "Explore the broader safety controls or read the roadmap to see upcoming trust investments."
-          }, undefined, false, undefined, this),
-          /* @__PURE__ */ jsxDEV7("div", {
+          }),
+          /* @__PURE__ */ jsxs7("div", {
             className: "flex flex-wrap gap-4 pt-4",
             children: [
-              /* @__PURE__ */ jsxDEV7(Link6, {
+              /* @__PURE__ */ jsxs7(Link6, {
                 href: "/docs/safety",
                 className: "btn-ghost",
                 children: [
                   "Safety overview ",
-                  /* @__PURE__ */ jsxDEV7(ChevronRight6, {
+                  /* @__PURE__ */ jsx7(ChevronRight6, {
                     size: 16
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this),
-              /* @__PURE__ */ jsxDEV7(Link6, {
+              }),
+              /* @__PURE__ */ jsxs7(Link6, {
                 href: "/ROADMAP.md",
                 className: "btn-ghost",
                 children: [
                   "Roadmap ",
-                  /* @__PURE__ */ jsxDEV7(ChevronRight6, {
+                  /* @__PURE__ */ jsx7(ChevronRight6, {
                     size: 16
-                  }, undefined, false, undefined, this)
+                  })
                 ]
-              }, undefined, true, undefined, this)
+              })
             ]
-          }, undefined, true, undefined, this)
+          })
         ]
-      }, undefined, true, undefined, this)
+      })
     ]
-  }, undefined, true, undefined, this);
+  });
 }
 export {
   SafetyTenantIsolationPage,